diff --git a/cyberops/mikey-trojan-threat-report.json b/cyberops/mikey-trojan-threat-report.json
new file mode 100644
index 0000000..555896f
--- /dev/null
+++ b/cyberops/mikey-trojan-threat-report.json
@@ -0,0 +1,20715 @@
+{
+    "Win.Dropper.Barys-7914367-0": {
+        "bis": [
+            {
+                "bi": "memory-execute-readwrite",
+                "hashes": [
+                    "5a34ed1857244c8c1db24c33d99280de595c31716c5c2650fb89a02d0e007632",
+                    "c4365f20a5262b717f141f6e4af4958d9cd979b3ab4758d5a58fe899ea892c11",
+                    "8dc69ab4615fb72cab03f7d490b47306a2372c3d72276daf0ef612499ea6343e",
+                    "2259bc8ed872c70e64ee804e160494f9acb12417dbf39f4a8bb5352e3b73ff13",
+                    "d41efc56e54ea0cc084306de7ac3e59c6c1083f750fc0889ce2ff4f8256d3686",
+                    "8d4f1f8ec2f80e3933d413dc09f465c89cbdd9a2b9202780bac38ff2c58e13e5",
+                    "8f52892f0c32bac7f505ed309c10b31b1b73465c14b03e1ac88bf02d8aab2e8c",
+                    "ea876d3f251fd879bd4faef4c8129ab9ecfb4c896c5aac8061a831fdd088a7fc",
+                    "6bbc68bb4c39f1e5879e30480115e961dc820aa418a6ee2ac96f5f1f6d0d603f",
+                    "70da214ecceaad1c065f11fbd9e998d8a44289388cbb01f6aba8c12d768dcc9a",
+                    "40e890d1e2c5341100cd769f5beb28b9ed2521dcce0142f20857e21460965b67",
+                    "9e4b64ec986be184f84bc69074e6bc420cef02528eaca2cbd6eeaa6ea024d7a8",
+                    "f4d7d34a60e168bfcf7acc2d1e5e1384610df60d2677017dd26356f7baca8466",
+                    "55bac2e92e272bb455f85f8f60be34bfed008c356a16ba3a2bc114ce965f28b1",
+                    "9cf889bb69ad79c0412ee0094b92a9b53d6ab77cc9d8242fd30b6e50f63be8d2",
+                    "2af96cfcadd6f35896178900875a7eec7e9c06a33c36b4d12024db11af26106b",
+                    "3f2528f499f50cb6bad87bdb60a582bfcb64683545c743ccb40830915bd23c47",
+                    "ae131fd38c89b6548c95a647250c2448610d2b546547e8d1fbb4e02e8ae3cfab",
+                    "fc1384c6fd798650826a73ec659919fb1f90d3ff2ff9749ac2ac1bf075fa6fa0"
+                ],
+                "mitre_attack_tags": [
+                    "TA0005",
+                    "TA0004",
+                    "T1055",
+                    "T1181"
+                ]
+            },
+            {
+                "bi": "antivirus-service-flagged-artifact",
+                "hashes": [
+                    "5a34ed1857244c8c1db24c33d99280de595c31716c5c2650fb89a02d0e007632",
+                    "c4365f20a5262b717f141f6e4af4958d9cd979b3ab4758d5a58fe899ea892c11",
+                    "8dc69ab4615fb72cab03f7d490b47306a2372c3d72276daf0ef612499ea6343e",
+                    "2259bc8ed872c70e64ee804e160494f9acb12417dbf39f4a8bb5352e3b73ff13",
+                    "d41efc56e54ea0cc084306de7ac3e59c6c1083f750fc0889ce2ff4f8256d3686",
+                    "8d4f1f8ec2f80e3933d413dc09f465c89cbdd9a2b9202780bac38ff2c58e13e5",
+                    "8f52892f0c32bac7f505ed309c10b31b1b73465c14b03e1ac88bf02d8aab2e8c",
+                    "ea876d3f251fd879bd4faef4c8129ab9ecfb4c896c5aac8061a831fdd088a7fc",
+                    "6bbc68bb4c39f1e5879e30480115e961dc820aa418a6ee2ac96f5f1f6d0d603f",
+                    "70da214ecceaad1c065f11fbd9e998d8a44289388cbb01f6aba8c12d768dcc9a",
+                    "40e890d1e2c5341100cd769f5beb28b9ed2521dcce0142f20857e21460965b67",
+                    "9e4b64ec986be184f84bc69074e6bc420cef02528eaca2cbd6eeaa6ea024d7a8",
+                    "f4d7d34a60e168bfcf7acc2d1e5e1384610df60d2677017dd26356f7baca8466",
+                    "55bac2e92e272bb455f85f8f60be34bfed008c356a16ba3a2bc114ce965f28b1",
+                    "9cf889bb69ad79c0412ee0094b92a9b53d6ab77cc9d8242fd30b6e50f63be8d2",
+                    "2af96cfcadd6f35896178900875a7eec7e9c06a33c36b4d12024db11af26106b",
+                    "3f2528f499f50cb6bad87bdb60a582bfcb64683545c743ccb40830915bd23c47",
+                    "ae131fd38c89b6548c95a647250c2448610d2b546547e8d1fbb4e02e8ae3cfab",
+                    "fc1384c6fd798650826a73ec659919fb1f90d3ff2ff9749ac2ac1bf075fa6fa0"
+                ],
+                "mitre_attack_tags": []
+            },
+            {
+                "bi": "pe-invalid-checksum",
+                "hashes": [
+                    "5a34ed1857244c8c1db24c33d99280de595c31716c5c2650fb89a02d0e007632",
+                    "c4365f20a5262b717f141f6e4af4958d9cd979b3ab4758d5a58fe899ea892c11",
+                    "8dc69ab4615fb72cab03f7d490b47306a2372c3d72276daf0ef612499ea6343e",
+                    "2259bc8ed872c70e64ee804e160494f9acb12417dbf39f4a8bb5352e3b73ff13",
+                    "d41efc56e54ea0cc084306de7ac3e59c6c1083f750fc0889ce2ff4f8256d3686",
+                    "8d4f1f8ec2f80e3933d413dc09f465c89cbdd9a2b9202780bac38ff2c58e13e5",
+                    "8f52892f0c32bac7f505ed309c10b31b1b73465c14b03e1ac88bf02d8aab2e8c",
+                    "ea876d3f251fd879bd4faef4c8129ab9ecfb4c896c5aac8061a831fdd088a7fc",
+                    "6bbc68bb4c39f1e5879e30480115e961dc820aa418a6ee2ac96f5f1f6d0d603f",
+                    "70da214ecceaad1c065f11fbd9e998d8a44289388cbb01f6aba8c12d768dcc9a",
+                    "40e890d1e2c5341100cd769f5beb28b9ed2521dcce0142f20857e21460965b67",
+                    "9e4b64ec986be184f84bc69074e6bc420cef02528eaca2cbd6eeaa6ea024d7a8",
+                    "f4d7d34a60e168bfcf7acc2d1e5e1384610df60d2677017dd26356f7baca8466",
+                    "55bac2e92e272bb455f85f8f60be34bfed008c356a16ba3a2bc114ce965f28b1",
+                    "9cf889bb69ad79c0412ee0094b92a9b53d6ab77cc9d8242fd30b6e50f63be8d2",
+                    "2af96cfcadd6f35896178900875a7eec7e9c06a33c36b4d12024db11af26106b",
+                    "3f2528f499f50cb6bad87bdb60a582bfcb64683545c743ccb40830915bd23c47",
+                    "ae131fd38c89b6548c95a647250c2448610d2b546547e8d1fbb4e02e8ae3cfab",
+                    "fc1384c6fd798650826a73ec659919fb1f90d3ff2ff9749ac2ac1bf075fa6fa0"
+                ],
+                "mitre_attack_tags": []
+            },
+            {
+                "bi": "cta-static-analyzer-malicious",
+                "hashes": [
+                    "5a34ed1857244c8c1db24c33d99280de595c31716c5c2650fb89a02d0e007632",
+                    "c4365f20a5262b717f141f6e4af4958d9cd979b3ab4758d5a58fe899ea892c11",
+                    "8dc69ab4615fb72cab03f7d490b47306a2372c3d72276daf0ef612499ea6343e",
+                    "2259bc8ed872c70e64ee804e160494f9acb12417dbf39f4a8bb5352e3b73ff13",
+                    "d41efc56e54ea0cc084306de7ac3e59c6c1083f750fc0889ce2ff4f8256d3686",
+                    "8d4f1f8ec2f80e3933d413dc09f465c89cbdd9a2b9202780bac38ff2c58e13e5",
+                    "8f52892f0c32bac7f505ed309c10b31b1b73465c14b03e1ac88bf02d8aab2e8c",
+                    "ea876d3f251fd879bd4faef4c8129ab9ecfb4c896c5aac8061a831fdd088a7fc",
+                    "6bbc68bb4c39f1e5879e30480115e961dc820aa418a6ee2ac96f5f1f6d0d603f",
+                    "70da214ecceaad1c065f11fbd9e998d8a44289388cbb01f6aba8c12d768dcc9a",
+                    "40e890d1e2c5341100cd769f5beb28b9ed2521dcce0142f20857e21460965b67",
+                    "9e4b64ec986be184f84bc69074e6bc420cef02528eaca2cbd6eeaa6ea024d7a8",
+                    "f4d7d34a60e168bfcf7acc2d1e5e1384610df60d2677017dd26356f7baca8466",
+                    "55bac2e92e272bb455f85f8f60be34bfed008c356a16ba3a2bc114ce965f28b1",
+                    "9cf889bb69ad79c0412ee0094b92a9b53d6ab77cc9d8242fd30b6e50f63be8d2",
+                    "2af96cfcadd6f35896178900875a7eec7e9c06a33c36b4d12024db11af26106b",
+                    "3f2528f499f50cb6bad87bdb60a582bfcb64683545c743ccb40830915bd23c47",
+                    "ae131fd38c89b6548c95a647250c2448610d2b546547e8d1fbb4e02e8ae3cfab",
+                    "fc1384c6fd798650826a73ec659919fb1f90d3ff2ff9749ac2ac1bf075fa6fa0"
+                ],
+                "mitre_attack_tags": []
+            },
+            {
+                "bi": "artifact-flagged-anomaly",
+                "hashes": [
+                    "5a34ed1857244c8c1db24c33d99280de595c31716c5c2650fb89a02d0e007632",
+                    "c4365f20a5262b717f141f6e4af4958d9cd979b3ab4758d5a58fe899ea892c11",
+                    "8dc69ab4615fb72cab03f7d490b47306a2372c3d72276daf0ef612499ea6343e",
+                    "2259bc8ed872c70e64ee804e160494f9acb12417dbf39f4a8bb5352e3b73ff13",
+                    "d41efc56e54ea0cc084306de7ac3e59c6c1083f750fc0889ce2ff4f8256d3686",
+                    "8d4f1f8ec2f80e3933d413dc09f465c89cbdd9a2b9202780bac38ff2c58e13e5",
+                    "8f52892f0c32bac7f505ed309c10b31b1b73465c14b03e1ac88bf02d8aab2e8c",
+                    "ea876d3f251fd879bd4faef4c8129ab9ecfb4c896c5aac8061a831fdd088a7fc",
+                    "6bbc68bb4c39f1e5879e30480115e961dc820aa418a6ee2ac96f5f1f6d0d603f",
+                    "70da214ecceaad1c065f11fbd9e998d8a44289388cbb01f6aba8c12d768dcc9a",
+                    "40e890d1e2c5341100cd769f5beb28b9ed2521dcce0142f20857e21460965b67",
+                    "9e4b64ec986be184f84bc69074e6bc420cef02528eaca2cbd6eeaa6ea024d7a8",
+                    "f4d7d34a60e168bfcf7acc2d1e5e1384610df60d2677017dd26356f7baca8466",
+                    "55bac2e92e272bb455f85f8f60be34bfed008c356a16ba3a2bc114ce965f28b1",
+                    "9cf889bb69ad79c0412ee0094b92a9b53d6ab77cc9d8242fd30b6e50f63be8d2",
+                    "2af96cfcadd6f35896178900875a7eec7e9c06a33c36b4d12024db11af26106b",
+                    "3f2528f499f50cb6bad87bdb60a582bfcb64683545c743ccb40830915bd23c47",
+                    "ae131fd38c89b6548c95a647250c2448610d2b546547e8d1fbb4e02e8ae3cfab",
+                    "fc1384c6fd798650826a73ec659919fb1f90d3ff2ff9749ac2ac1bf075fa6fa0"
+                ],
+                "mitre_attack_tags": [
+                    "TA0005",
+                    "T1027"
+                ]
+            },
+            {
+                "bi": "pe-resource-lang-spanish",
+                "hashes": [
+                    "5a34ed1857244c8c1db24c33d99280de595c31716c5c2650fb89a02d0e007632",
+                    "c4365f20a5262b717f141f6e4af4958d9cd979b3ab4758d5a58fe899ea892c11",
+                    "8dc69ab4615fb72cab03f7d490b47306a2372c3d72276daf0ef612499ea6343e",
+                    "2259bc8ed872c70e64ee804e160494f9acb12417dbf39f4a8bb5352e3b73ff13",
+                    "d41efc56e54ea0cc084306de7ac3e59c6c1083f750fc0889ce2ff4f8256d3686",
+                    "8d4f1f8ec2f80e3933d413dc09f465c89cbdd9a2b9202780bac38ff2c58e13e5",
+                    "8f52892f0c32bac7f505ed309c10b31b1b73465c14b03e1ac88bf02d8aab2e8c",
+                    "ea876d3f251fd879bd4faef4c8129ab9ecfb4c896c5aac8061a831fdd088a7fc",
+                    "6bbc68bb4c39f1e5879e30480115e961dc820aa418a6ee2ac96f5f1f6d0d603f",
+                    "70da214ecceaad1c065f11fbd9e998d8a44289388cbb01f6aba8c12d768dcc9a",
+                    "40e890d1e2c5341100cd769f5beb28b9ed2521dcce0142f20857e21460965b67",
+                    "9e4b64ec986be184f84bc69074e6bc420cef02528eaca2cbd6eeaa6ea024d7a8",
+                    "f4d7d34a60e168bfcf7acc2d1e5e1384610df60d2677017dd26356f7baca8466",
+                    "55bac2e92e272bb455f85f8f60be34bfed008c356a16ba3a2bc114ce965f28b1",
+                    "9cf889bb69ad79c0412ee0094b92a9b53d6ab77cc9d8242fd30b6e50f63be8d2",
+                    "2af96cfcadd6f35896178900875a7eec7e9c06a33c36b4d12024db11af26106b",
+                    "3f2528f499f50cb6bad87bdb60a582bfcb64683545c743ccb40830915bd23c47",
+                    "ae131fd38c89b6548c95a647250c2448610d2b546547e8d1fbb4e02e8ae3cfab",
+                    "fc1384c6fd798650826a73ec659919fb1f90d3ff2ff9749ac2ac1bf075fa6fa0"
+                ],
+                "mitre_attack_tags": []
+            },
+            {
+                "bi": "excessive-foreign-memory-modification",
+                "hashes": [
+                    "5a34ed1857244c8c1db24c33d99280de595c31716c5c2650fb89a02d0e007632",
+                    "c4365f20a5262b717f141f6e4af4958d9cd979b3ab4758d5a58fe899ea892c11",
+                    "8dc69ab4615fb72cab03f7d490b47306a2372c3d72276daf0ef612499ea6343e",
+                    "d41efc56e54ea0cc084306de7ac3e59c6c1083f750fc0889ce2ff4f8256d3686",
+                    "8d4f1f8ec2f80e3933d413dc09f465c89cbdd9a2b9202780bac38ff2c58e13e5",
+                    "8f52892f0c32bac7f505ed309c10b31b1b73465c14b03e1ac88bf02d8aab2e8c",
+                    "ea876d3f251fd879bd4faef4c8129ab9ecfb4c896c5aac8061a831fdd088a7fc",
+                    "6bbc68bb4c39f1e5879e30480115e961dc820aa418a6ee2ac96f5f1f6d0d603f",
+                    "70da214ecceaad1c065f11fbd9e998d8a44289388cbb01f6aba8c12d768dcc9a",
+                    "40e890d1e2c5341100cd769f5beb28b9ed2521dcce0142f20857e21460965b67",
+                    "9e4b64ec986be184f84bc69074e6bc420cef02528eaca2cbd6eeaa6ea024d7a8",
+                    "f4d7d34a60e168bfcf7acc2d1e5e1384610df60d2677017dd26356f7baca8466",
+                    "55bac2e92e272bb455f85f8f60be34bfed008c356a16ba3a2bc114ce965f28b1",
+                    "2af96cfcadd6f35896178900875a7eec7e9c06a33c36b4d12024db11af26106b",
+                    "3f2528f499f50cb6bad87bdb60a582bfcb64683545c743ccb40830915bd23c47",
+                    "fc1384c6fd798650826a73ec659919fb1f90d3ff2ff9749ac2ac1bf075fa6fa0"
+                ],
+                "mitre_attack_tags": [
+                    "TA0005",
+                    "T1055"
+                ]
+            },
+            {
+                "bi": "sample-launched-copy-of-self",
+                "hashes": [
+                    "5a34ed1857244c8c1db24c33d99280de595c31716c5c2650fb89a02d0e007632",
+                    "c4365f20a5262b717f141f6e4af4958d9cd979b3ab4758d5a58fe899ea892c11",
+                    "8dc69ab4615fb72cab03f7d490b47306a2372c3d72276daf0ef612499ea6343e",
+                    "d41efc56e54ea0cc084306de7ac3e59c6c1083f750fc0889ce2ff4f8256d3686",
+                    "8d4f1f8ec2f80e3933d413dc09f465c89cbdd9a2b9202780bac38ff2c58e13e5",
+                    "8f52892f0c32bac7f505ed309c10b31b1b73465c14b03e1ac88bf02d8aab2e8c",
+                    "ea876d3f251fd879bd4faef4c8129ab9ecfb4c896c5aac8061a831fdd088a7fc",
+                    "6bbc68bb4c39f1e5879e30480115e961dc820aa418a6ee2ac96f5f1f6d0d603f",
+                    "70da214ecceaad1c065f11fbd9e998d8a44289388cbb01f6aba8c12d768dcc9a",
+                    "40e890d1e2c5341100cd769f5beb28b9ed2521dcce0142f20857e21460965b67",
+                    "9e4b64ec986be184f84bc69074e6bc420cef02528eaca2cbd6eeaa6ea024d7a8",
+                    "f4d7d34a60e168bfcf7acc2d1e5e1384610df60d2677017dd26356f7baca8466",
+                    "55bac2e92e272bb455f85f8f60be34bfed008c356a16ba3a2bc114ce965f28b1",
+                    "2af96cfcadd6f35896178900875a7eec7e9c06a33c36b4d12024db11af26106b",
+                    "3f2528f499f50cb6bad87bdb60a582bfcb64683545c743ccb40830915bd23c47"
+                ],
+                "mitre_attack_tags": [
+                    "TA0005",
+                    "T1202"
+                ]
+            },
+            {
+                "bi": "modified-file-in-user-dir",
+                "hashes": [
+                    "5a34ed1857244c8c1db24c33d99280de595c31716c5c2650fb89a02d0e007632",
+                    "8dc69ab4615fb72cab03f7d490b47306a2372c3d72276daf0ef612499ea6343e",
+                    "2259bc8ed872c70e64ee804e160494f9acb12417dbf39f4a8bb5352e3b73ff13",
+                    "8f52892f0c32bac7f505ed309c10b31b1b73465c14b03e1ac88bf02d8aab2e8c",
+                    "70da214ecceaad1c065f11fbd9e998d8a44289388cbb01f6aba8c12d768dcc9a",
+                    "9e4b64ec986be184f84bc69074e6bc420cef02528eaca2cbd6eeaa6ea024d7a8",
+                    "55bac2e92e272bb455f85f8f60be34bfed008c356a16ba3a2bc114ce965f28b1",
+                    "ae131fd38c89b6548c95a647250c2448610d2b546547e8d1fbb4e02e8ae3cfab",
+                    "fc1384c6fd798650826a73ec659919fb1f90d3ff2ff9749ac2ac1bf075fa6fa0"
+                ],
+                "mitre_attack_tags": []
+            },
+            {
+                "bi": "malware-darkcomet-mutex-detected",
+                "hashes": [
+                    "5a34ed1857244c8c1db24c33d99280de595c31716c5c2650fb89a02d0e007632",
+                    "c4365f20a5262b717f141f6e4af4958d9cd979b3ab4758d5a58fe899ea892c11",
+                    "ea876d3f251fd879bd4faef4c8129ab9ecfb4c896c5aac8061a831fdd088a7fc",
+                    "40e890d1e2c5341100cd769f5beb28b9ed2521dcce0142f20857e21460965b67",
+                    "f4d7d34a60e168bfcf7acc2d1e5e1384610df60d2677017dd26356f7baca8466",
+                    "3f2528f499f50cb6bad87bdb60a582bfcb64683545c743ccb40830915bd23c47"
+                ],
+                "mitre_attack_tags": []
+            },
+            {
+                "bi": "modified-executable",
+                "hashes": [
+                    "5a34ed1857244c8c1db24c33d99280de595c31716c5c2650fb89a02d0e007632",
+                    "70da214ecceaad1c065f11fbd9e998d8a44289388cbb01f6aba8c12d768dcc9a",
+                    "9e4b64ec986be184f84bc69074e6bc420cef02528eaca2cbd6eeaa6ea024d7a8",
+                    "55bac2e92e272bb455f85f8f60be34bfed008c356a16ba3a2bc114ce965f28b1",
+                    "fc1384c6fd798650826a73ec659919fb1f90d3ff2ff9749ac2ac1bf075fa6fa0"
+                ],
+                "mitre_attack_tags": []
+            },
+            {
+                "bi": "process-requested-softice",
+                "hashes": [
+                    "c4365f20a5262b717f141f6e4af4958d9cd979b3ab4758d5a58fe899ea892c11",
+                    "ea876d3f251fd879bd4faef4c8129ab9ecfb4c896c5aac8061a831fdd088a7fc",
+                    "40e890d1e2c5341100cd769f5beb28b9ed2521dcce0142f20857e21460965b67",
+                    "f4d7d34a60e168bfcf7acc2d1e5e1384610df60d2677017dd26356f7baca8466",
+                    "3f2528f499f50cb6bad87bdb60a582bfcb64683545c743ccb40830915bd23c47"
+                ],
+                "mitre_attack_tags": [
+                    "TA0007",
+                    "T1497"
+                ]
+            },
+            {
+                "bi": "network-fast-flux-nameserver",
+                "hashes": [
+                    "5a34ed1857244c8c1db24c33d99280de595c31716c5c2650fb89a02d0e007632",
+                    "8f52892f0c32bac7f505ed309c10b31b1b73465c14b03e1ac88bf02d8aab2e8c",
+                    "55bac2e92e272bb455f85f8f60be34bfed008c356a16ba3a2bc114ce965f28b1",
+                    "fc1384c6fd798650826a73ec659919fb1f90d3ff2ff9749ac2ac1bf075fa6fa0"
+                ],
+                "mitre_attack_tags": []
+            },
+            {
+                "bi": "windows-crash-tool-execution-detected",
+                "hashes": [
+                    "5a34ed1857244c8c1db24c33d99280de595c31716c5c2650fb89a02d0e007632",
+                    "2259bc8ed872c70e64ee804e160494f9acb12417dbf39f4a8bb5352e3b73ff13",
+                    "9e4b64ec986be184f84bc69074e6bc420cef02528eaca2cbd6eeaa6ea024d7a8",
+                    "ae131fd38c89b6548c95a647250c2448610d2b546547e8d1fbb4e02e8ae3cfab"
+                ],
+                "mitre_attack_tags": []
+            },
+            {
+                "bi": "crash-dump-file-created",
+                "hashes": [
+                    "5a34ed1857244c8c1db24c33d99280de595c31716c5c2650fb89a02d0e007632",
+                    "2259bc8ed872c70e64ee804e160494f9acb12417dbf39f4a8bb5352e3b73ff13",
+                    "9e4b64ec986be184f84bc69074e6bc420cef02528eaca2cbd6eeaa6ea024d7a8",
+                    "ae131fd38c89b6548c95a647250c2448610d2b546547e8d1fbb4e02e8ae3cfab"
+                ],
+                "mitre_attack_tags": []
+            },
+            {
+                "bi": "fault-report-file-created",
+                "hashes": [
+                    "5a34ed1857244c8c1db24c33d99280de595c31716c5c2650fb89a02d0e007632",
+                    "2259bc8ed872c70e64ee804e160494f9acb12417dbf39f4a8bb5352e3b73ff13",
+                    "9e4b64ec986be184f84bc69074e6bc420cef02528eaca2cbd6eeaa6ea024d7a8",
+                    "ae131fd38c89b6548c95a647250c2448610d2b546547e8d1fbb4e02e8ae3cfab"
+                ],
+                "mitre_attack_tags": []
+            },
+            {
+                "bi": "network-dns-safe-categories",
+                "hashes": [
+                    "5a34ed1857244c8c1db24c33d99280de595c31716c5c2650fb89a02d0e007632",
+                    "8f52892f0c32bac7f505ed309c10b31b1b73465c14b03e1ac88bf02d8aab2e8c",
+                    "55bac2e92e272bb455f85f8f60be34bfed008c356a16ba3a2bc114ce965f28b1",
+                    "fc1384c6fd798650826a73ec659919fb1f90d3ff2ff9749ac2ac1bf075fa6fa0"
+                ],
+                "mitre_attack_tags": []
+            },
+            {
+                "bi": "process-hollowing-detected",
+                "hashes": [
+                    "d41efc56e54ea0cc084306de7ac3e59c6c1083f750fc0889ce2ff4f8256d3686",
+                    "8d4f1f8ec2f80e3933d413dc09f465c89cbdd9a2b9202780bac38ff2c58e13e5",
+                    "6bbc68bb4c39f1e5879e30480115e961dc820aa418a6ee2ac96f5f1f6d0d603f",
+                    "40e890d1e2c5341100cd769f5beb28b9ed2521dcce0142f20857e21460965b67"
+                ],
+                "mitre_attack_tags": [
+                    "TA0005",
+                    "T1093"
+                ]
+            },
+            {
+                "bi": "registry-autorun-key-modified",
+                "hashes": [
+                    "5a34ed1857244c8c1db24c33d99280de595c31716c5c2650fb89a02d0e007632",
+                    "55bac2e92e272bb455f85f8f60be34bfed008c356a16ba3a2bc114ce965f28b1",
+                    "fc1384c6fd798650826a73ec659919fb1f90d3ff2ff9749ac2ac1bf075fa6fa0"
+                ],
+                "mitre_attack_tags": [
+                    "TA0003",
+                    "T1060"
+                ]
+            },
+            {
+                "bi": "modified-file-in-system-dir",
+                "hashes": [
+                    "5a34ed1857244c8c1db24c33d99280de595c31716c5c2650fb89a02d0e007632",
+                    "70da214ecceaad1c065f11fbd9e998d8a44289388cbb01f6aba8c12d768dcc9a",
+                    "55bac2e92e272bb455f85f8f60be34bfed008c356a16ba3a2bc114ce965f28b1"
+                ],
+                "mitre_attack_tags": []
+            },
+            {
+                "bi": "registry-activesetup-key-modified",
+                "hashes": [
+                    "5a34ed1857244c8c1db24c33d99280de595c31716c5c2650fb89a02d0e007632",
+                    "55bac2e92e272bb455f85f8f60be34bfed008c356a16ba3a2bc114ce965f28b1",
+                    "fc1384c6fd798650826a73ec659919fb1f90d3ff2ff9749ac2ac1bf075fa6fa0"
+                ],
+                "mitre_attack_tags": [
+                    "TA0003",
+                    "T1060"
+                ]
+            },
+            {
+                "bi": "feed-domain-antivirus-service",
+                "hashes": [
+                    "8dc69ab4615fb72cab03f7d490b47306a2372c3d72276daf0ef612499ea6343e",
+                    "d41efc56e54ea0cc084306de7ac3e59c6c1083f750fc0889ce2ff4f8256d3686",
+                    "fc1384c6fd798650826a73ec659919fb1f90d3ff2ff9749ac2ac1bf075fa6fa0"
+                ],
+                "mitre_attack_tags": []
+            },
+            {
+                "bi": "process-svchost-suspicious-launch",
+                "hashes": [
+                    "8d4f1f8ec2f80e3933d413dc09f465c89cbdd9a2b9202780bac38ff2c58e13e5",
+                    "6bbc68bb4c39f1e5879e30480115e961dc820aa418a6ee2ac96f5f1f6d0d603f",
+                    "fc1384c6fd798650826a73ec659919fb1f90d3ff2ff9749ac2ac1bf075fa6fa0"
+                ],
+                "mitre_attack_tags": [
+                    "TA0005"
+                ]
+            },
+            {
+                "bi": "malware-compound-cta-activity",
+                "hashes": [
+                    "8d4f1f8ec2f80e3933d413dc09f465c89cbdd9a2b9202780bac38ff2c58e13e5",
+                    "6bbc68bb4c39f1e5879e30480115e961dc820aa418a6ee2ac96f5f1f6d0d603f",
+                    "fc1384c6fd798650826a73ec659919fb1f90d3ff2ff9749ac2ac1bf075fa6fa0"
+                ],
+                "mitre_attack_tags": []
+            },
+            {
+                "bi": "created-executable-in-user-dir",
+                "hashes": [
+                    "70da214ecceaad1c065f11fbd9e998d8a44289388cbb01f6aba8c12d768dcc9a",
+                    "9e4b64ec986be184f84bc69074e6bc420cef02528eaca2cbd6eeaa6ea024d7a8",
+                    "fc1384c6fd798650826a73ec659919fb1f90d3ff2ff9749ac2ac1bf075fa6fa0"
+                ],
+                "mitre_attack_tags": []
+            },
+            {
+                "bi": "network-dns-category-dynamic",
+                "hashes": [
+                    "5a34ed1857244c8c1db24c33d99280de595c31716c5c2650fb89a02d0e007632",
+                    "55bac2e92e272bb455f85f8f60be34bfed008c356a16ba3a2bc114ce965f28b1"
+                ],
+                "mitre_attack_tags": []
+            },
+            {
+                "bi": "deleted-submitted-file",
+                "hashes": [
+                    "5a34ed1857244c8c1db24c33d99280de595c31716c5c2650fb89a02d0e007632",
+                    "fc1384c6fd798650826a73ec659919fb1f90d3ff2ff9749ac2ac1bf075fa6fa0"
+                ],
+                "mitre_attack_tags": [
+                    "TA0005",
+                    "T1107"
+                ]
+            },
+            {
+                "bi": "registry-autorun-key-system-dir",
+                "hashes": [
+                    "5a34ed1857244c8c1db24c33d99280de595c31716c5c2650fb89a02d0e007632",
+                    "55bac2e92e272bb455f85f8f60be34bfed008c356a16ba3a2bc114ce965f28b1"
+                ],
+                "mitre_attack_tags": [
+                    "TA0003",
+                    "T1060"
+                ]
+            },
+            {
+                "bi": "process-explorer-suspicious-launch",
+                "hashes": [
+                    "5a34ed1857244c8c1db24c33d99280de595c31716c5c2650fb89a02d0e007632",
+                    "fc1384c6fd798650826a73ec659919fb1f90d3ff2ff9749ac2ac1bf075fa6fa0"
+                ],
+                "mitre_attack_tags": [
+                    "TA0005",
+                    "T1055"
+                ]
+            },
+            {
+                "bi": "dns-query-nxdomain",
+                "hashes": [
+                    "d41efc56e54ea0cc084306de7ac3e59c6c1083f750fc0889ce2ff4f8256d3686",
+                    "fc1384c6fd798650826a73ec659919fb1f90d3ff2ff9749ac2ac1bf075fa6fa0"
+                ],
+                "mitre_attack_tags": []
+            },
+            {
+                "bi": "malware-trojan-xtreme-rat-registry-key",
+                "hashes": [
+                    "8d4f1f8ec2f80e3933d413dc09f465c89cbdd9a2b9202780bac38ff2c58e13e5",
+                    "6bbc68bb4c39f1e5879e30480115e961dc820aa418a6ee2ac96f5f1f6d0d603f"
+                ],
+                "mitre_attack_tags": []
+            },
+            {
+                "bi": "antivirus-flagged-artifact",
+                "hashes": [
+                    "8f52892f0c32bac7f505ed309c10b31b1b73465c14b03e1ac88bf02d8aab2e8c",
+                    "70da214ecceaad1c065f11fbd9e998d8a44289388cbb01f6aba8c12d768dcc9a"
+                ],
+                "mitre_attack_tags": []
+            },
+            {
+                "bi": "dns-dynamic-domain",
+                "hashes": [
+                    "8f52892f0c32bac7f505ed309c10b31b1b73465c14b03e1ac88bf02d8aab2e8c",
+                    "fc1384c6fd798650826a73ec659919fb1f90d3ff2ff9749ac2ac1bf075fa6fa0"
+                ],
+                "mitre_attack_tags": [
+                    "TA0011",
+                    "TA0005"
+                ]
+            },
+            {
+                "bi": "malware-known-trojan-av",
+                "hashes": [
+                    "8f52892f0c32bac7f505ed309c10b31b1b73465c14b03e1ac88bf02d8aab2e8c",
+                    "70da214ecceaad1c065f11fbd9e998d8a44289388cbb01f6aba8c12d768dcc9a"
+                ],
+                "mitre_attack_tags": []
+            },
+            {
+                "bi": "disables-security-center-notifications",
+                "hashes": [
+                    "8f52892f0c32bac7f505ed309c10b31b1b73465c14b03e1ac88bf02d8aab2e8c",
+                    "70da214ecceaad1c065f11fbd9e998d8a44289388cbb01f6aba8c12d768dcc9a"
+                ],
+                "mitre_attack_tags": [
+                    "TA0005",
+                    "T1089"
+                ]
+            },
+            {
+                "bi": "potential-registry-persistence",
+                "hashes": [
+                    "55bac2e92e272bb455f85f8f60be34bfed008c356a16ba3a2bc114ce965f28b1",
+                    "fc1384c6fd798650826a73ec659919fb1f90d3ff2ff9749ac2ac1bf075fa6fa0"
+                ],
+                "mitre_attack_tags": []
+            },
+            {
+                "bi": "process-with-multiple-children",
+                "hashes": [
+                    "55bac2e92e272bb455f85f8f60be34bfed008c356a16ba3a2bc114ce965f28b1",
+                    "fc1384c6fd798650826a73ec659919fb1f90d3ff2ff9749ac2ac1bf075fa6fa0"
+                ],
+                "mitre_attack_tags": [
+                    "TA0005"
+                ]
+            },
+            {
+                "bi": "malware-xtreme-rat-default-mutex-detected",
+                "hashes": [
+                    "55bac2e92e272bb455f85f8f60be34bfed008c356a16ba3a2bc114ce965f28b1",
+                    "fc1384c6fd798650826a73ec659919fb1f90d3ff2ff9749ac2ac1bf075fa6fa0"
+                ],
+                "mitre_attack_tags": []
+            },
+            {
+                "bi": "artifact-flagged-obfuscation",
+                "hashes": [
+                    "8dc69ab4615fb72cab03f7d490b47306a2372c3d72276daf0ef612499ea6343e"
+                ],
+                "mitre_attack_tags": [
+                    "TA0005",
+                    "T1027"
+                ]
+            },
+            {
+                "bi": "process-long-cmdline",
+                "hashes": [
+                    "8dc69ab4615fb72cab03f7d490b47306a2372c3d72276daf0ef612499ea6343e"
+                ],
+                "mitre_attack_tags": [
+                    "TA0005",
+                    "T1027"
+                ]
+            },
+            {
+                "bi": "network-fast-flux-domain",
+                "hashes": [
+                    "8dc69ab4615fb72cab03f7d490b47306a2372c3d72276daf0ef612499ea6343e"
+                ],
+                "mitre_attack_tags": []
+            },
+            {
+                "bi": "network-communications-http-get",
+                "hashes": [
+                    "8dc69ab4615fb72cab03f7d490b47306a2372c3d72276daf0ef612499ea6343e"
+                ],
+                "mitre_attack_tags": [
+                    "TA0011",
+                    "TA0010",
+                    "T1105",
+                    "T1043"
+                ]
+            },
+            {
+                "bi": "network-snort-protocol",
+                "hashes": [
+                    "8dc69ab4615fb72cab03f7d490b47306a2372c3d72276daf0ef612499ea6343e"
+                ],
+                "mitre_attack_tags": []
+            },
+            {
+                "bi": "dns-excessive-domain-queries",
+                "hashes": [
+                    "8dc69ab4615fb72cab03f7d490b47306a2372c3d72276daf0ef612499ea6343e"
+                ],
+                "mitre_attack_tags": [
+                    "TA0011",
+                    "T1008"
+                ]
+            },
+            {
+                "bi": "network-only-safe-domains-contacted",
+                "hashes": [
+                    "8dc69ab4615fb72cab03f7d490b47306a2372c3d72276daf0ef612499ea6343e"
+                ],
+                "mitre_attack_tags": []
+            },
+            {
+                "bi": "network-file-downloaded-to-disk",
+                "hashes": [
+                    "8dc69ab4615fb72cab03f7d490b47306a2372c3d72276daf0ef612499ea6343e"
+                ],
+                "mitre_attack_tags": []
+            },
+            {
+                "bi": "http-response-redirect",
+                "hashes": [
+                    "8dc69ab4615fb72cab03f7d490b47306a2372c3d72276daf0ef612499ea6343e"
+                ],
+                "mitre_attack_tags": []
+            },
+            {
+                "bi": "url-not-found",
+                "hashes": [
+                    "8dc69ab4615fb72cab03f7d490b47306a2372c3d72276daf0ef612499ea6343e"
+                ],
+                "mitre_attack_tags": []
+            },
+            {
+                "bi": "script-contains-url",
+                "hashes": [
+                    "8dc69ab4615fb72cab03f7d490b47306a2372c3d72276daf0ef612499ea6343e"
+                ],
+                "mitre_attack_tags": []
+            },
+            {
+                "bi": "js-uses-fromcharcode",
+                "hashes": [
+                    "8dc69ab4615fb72cab03f7d490b47306a2372c3d72276daf0ef612499ea6343e"
+                ],
+                "mitre_attack_tags": [
+                    "TA0005",
+                    "T1027"
+                ]
+            },
+            {
+                "bi": "js-calls-activex-object",
+                "hashes": [
+                    "8dc69ab4615fb72cab03f7d490b47306a2372c3d72276daf0ef612499ea6343e"
+                ],
+                "mitre_attack_tags": [
+                    "TA0005",
+                    "T1202"
+                ]
+            },
+            {
+                "bi": "js-uses-eval",
+                "hashes": [
+                    "8dc69ab4615fb72cab03f7d490b47306a2372c3d72276daf0ef612499ea6343e"
+                ],
+                "mitre_attack_tags": [
+                    "TA0005",
+                    "T1027"
+                ]
+            },
+            {
+                "bi": "js-contains-massive-strings",
+                "hashes": [
+                    "8dc69ab4615fb72cab03f7d490b47306a2372c3d72276daf0ef612499ea6343e"
+                ],
+                "mitre_attack_tags": [
+                    "TA0005",
+                    "T1027"
+                ]
+            },
+            {
+                "bi": "js-uses-encrypt-decrypt",
+                "hashes": [
+                    "8dc69ab4615fb72cab03f7d490b47306a2372c3d72276daf0ef612499ea6343e"
+                ],
+                "mitre_attack_tags": [
+                    "TA0005",
+                    "T1027"
+                ]
+            },
+            {
+                "bi": "html-small-file-redirect",
+                "hashes": [
+                    "8dc69ab4615fb72cab03f7d490b47306a2372c3d72276daf0ef612499ea6343e"
+                ],
+                "mitre_attack_tags": []
+            },
+            {
+                "bi": "pe-packed-upx",
+                "hashes": [
+                    "8f52892f0c32bac7f505ed309c10b31b1b73465c14b03e1ac88bf02d8aab2e8c"
+                ],
+                "mitre_attack_tags": [
+                    "TA0005",
+                    "T1027"
+                ]
+            },
+            {
+                "bi": "registry-service-autostart-disabled",
+                "hashes": [
+                    "8f52892f0c32bac7f505ed309c10b31b1b73465c14b03e1ac88bf02d8aab2e8c"
+                ],
+                "mitre_attack_tags": [
+                    "TA0003",
+                    "T1112",
+                    "T1489",
+                    "T1058"
+                ]
+            },
+            {
+                "bi": "artifact-memory-vm-detect",
+                "hashes": [
+                    "8f52892f0c32bac7f505ed309c10b31b1b73465c14b03e1ac88bf02d8aab2e8c"
+                ],
+                "mitre_attack_tags": [
+                    "TA0005",
+                    "T1497"
+                ]
+            },
+            {
+                "bi": "decoy-wpfv",
+                "hashes": [
+                    "8f52892f0c32bac7f505ed309c10b31b1b73465c14b03e1ac88bf02d8aab2e8c"
+                ],
+                "mitre_attack_tags": [
+                    "TA0001",
+                    "T1193"
+                ]
+            },
+            {
+                "bi": "windows-util-attrib-hide",
+                "hashes": [
+                    "8f52892f0c32bac7f505ed309c10b31b1b73465c14b03e1ac88bf02d8aab2e8c"
+                ],
+                "mitre_attack_tags": [
+                    "TA0005",
+                    "T1158"
+                ]
+            },
+            {
+                "bi": "malware-darkcomet-detected",
+                "hashes": [
+                    "8f52892f0c32bac7f505ed309c10b31b1b73465c14b03e1ac88bf02d8aab2e8c"
+                ],
+                "mitre_attack_tags": []
+            },
+            {
+                "bi": "malware-darkcomet-registry-detected",
+                "hashes": [
+                    "8f52892f0c32bac7f505ed309c10b31b1b73465c14b03e1ac88bf02d8aab2e8c"
+                ],
+                "mitre_attack_tags": []
+            },
+            {
+                "bi": "file-attribute-modification",
+                "hashes": [
+                    "8f52892f0c32bac7f505ed309c10b31b1b73465c14b03e1ac88bf02d8aab2e8c"
+                ],
+                "mitre_attack_tags": [
+                    "TA0005",
+                    "T1096"
+                ]
+            },
+            {
+                "bi": "pe-encrypted-section",
+                "hashes": [
+                    "70da214ecceaad1c065f11fbd9e998d8a44289388cbb01f6aba8c12d768dcc9a"
+                ],
+                "mitre_attack_tags": [
+                    "TA0005",
+                    "T1027"
+                ]
+            },
+            {
+                "bi": "pe-section-execute-writable",
+                "hashes": [
+                    "70da214ecceaad1c065f11fbd9e998d8a44289388cbb01f6aba8c12d768dcc9a"
+                ],
+                "mitre_attack_tags": [
+                    "TA0005",
+                    "T1027"
+                ]
+            },
+            {
+                "bi": "file-ini-read",
+                "hashes": [
+                    "70da214ecceaad1c065f11fbd9e998d8a44289388cbb01f6aba8c12d768dcc9a"
+                ],
+                "mitre_attack_tags": []
+            },
+            {
+                "bi": "registry-hide-files",
+                "hashes": [
+                    "70da214ecceaad1c065f11fbd9e998d8a44289388cbb01f6aba8c12d768dcc9a"
+                ],
+                "mitre_attack_tags": [
+                    "TA0005",
+                    "T1158"
+                ]
+            },
+            {
+                "bi": "registry-disablesuac",
+                "hashes": [
+                    "70da214ecceaad1c065f11fbd9e998d8a44289388cbb01f6aba8c12d768dcc9a"
+                ],
+                "mitre_attack_tags": [
+                    "TA0005",
+                    "TA0002",
+                    "TA0004",
+                    "T1088",
+                    "T1089"
+                ]
+            },
+            {
+                "bi": "usb-drive-autoplay-modification",
+                "hashes": [
+                    "70da214ecceaad1c065f11fbd9e998d8a44289388cbb01f6aba8c12d768dcc9a"
+                ],
+                "mitre_attack_tags": [
+                    "TA0008",
+                    "TA0001",
+                    "T1091"
+                ]
+            },
+            {
+                "bi": "modified-file-on-usb",
+                "hashes": [
+                    "70da214ecceaad1c065f11fbd9e998d8a44289388cbb01f6aba8c12d768dcc9a"
+                ],
+                "mitre_attack_tags": [
+                    "TA0011",
+                    "T1092"
+                ]
+            },
+            {
+                "bi": "created-executable-on-usb",
+                "hashes": [
+                    "70da214ecceaad1c065f11fbd9e998d8a44289388cbb01f6aba8c12d768dcc9a"
+                ],
+                "mitre_attack_tags": [
+                    "TA0008",
+                    "TA0003",
+                    "T1091"
+                ]
+            },
+            {
+                "bi": "antivirus-flagged-artifact-cta",
+                "hashes": [
+                    "70da214ecceaad1c065f11fbd9e998d8a44289388cbb01f6aba8c12d768dcc9a"
+                ],
+                "mitre_attack_tags": []
+            },
+            {
+                "bi": "file-ini-modified",
+                "hashes": [
+                    "70da214ecceaad1c065f11fbd9e998d8a44289388cbb01f6aba8c12d768dcc9a"
+                ],
+                "mitre_attack_tags": [
+                    "TA0003"
+                ]
+            },
+            {
+                "bi": "pe-dos-header-initialsp",
+                "hashes": [
+                    "70da214ecceaad1c065f11fbd9e998d8a44289388cbb01f6aba8c12d768dcc9a"
+                ],
+                "mitre_attack_tags": [
+                    "TA0005",
+                    "T1027"
+                ]
+            },
+            {
+                "bi": "pe-dos-header-initialip",
+                "hashes": [
+                    "70da214ecceaad1c065f11fbd9e998d8a44289388cbb01f6aba8c12d768dcc9a"
+                ],
+                "mitre_attack_tags": [
+                    "TA0005",
+                    "T1027"
+                ]
+            },
+            {
+                "bi": "pe-dos-header-initialcs",
+                "hashes": [
+                    "70da214ecceaad1c065f11fbd9e998d8a44289388cbb01f6aba8c12d768dcc9a"
+                ],
+                "mitre_attack_tags": [
+                    "TA0005",
+                    "T1027"
+                ]
+            },
+            {
+                "bi": "artifact-pe-header-overlap",
+                "hashes": [
+                    "70da214ecceaad1c065f11fbd9e998d8a44289388cbb01f6aba8c12d768dcc9a"
+                ],
+                "mitre_attack_tags": [
+                    "TA0005",
+                    "T1027"
+                ]
+            },
+            {
+                "bi": "pe-dos-header-checksum",
+                "hashes": [
+                    "70da214ecceaad1c065f11fbd9e998d8a44289388cbb01f6aba8c12d768dcc9a"
+                ],
+                "mitre_attack_tags": []
+            },
+            {
+                "bi": "excessive-logical-drive-enumeration",
+                "hashes": [
+                    "70da214ecceaad1c065f11fbd9e998d8a44289388cbb01f6aba8c12d768dcc9a"
+                ],
+                "mitre_attack_tags": [
+                    "TA0007",
+                    "T1120",
+                    "T1025"
+                ]
+            },
+            {
+                "bi": "pe-header-numofsymbols",
+                "hashes": [
+                    "70da214ecceaad1c065f11fbd9e998d8a44289388cbb01f6aba8c12d768dcc9a"
+                ],
+                "mitre_attack_tags": [
+                    "TA0005",
+                    "T1027"
+                ]
+            },
+            {
+                "bi": "process-requested-file-external-drive",
+                "hashes": [
+                    "70da214ecceaad1c065f11fbd9e998d8a44289388cbb01f6aba8c12d768dcc9a"
+                ],
+                "mitre_attack_tags": [
+                    "TA0009",
+                    "T1025"
+                ]
+            },
+            {
+                "bi": "registry-firewall-exceptions-enabled",
+                "hashes": [
+                    "70da214ecceaad1c065f11fbd9e998d8a44289388cbb01f6aba8c12d768dcc9a"
+                ],
+                "mitre_attack_tags": [
+                    "TA0005",
+                    "T1089"
+                ]
+            },
+            {
+                "bi": "disables-windows-firewall",
+                "hashes": [
+                    "70da214ecceaad1c065f11fbd9e998d8a44289388cbb01f6aba8c12d768dcc9a"
+                ],
+                "mitre_attack_tags": [
+                    "TA0005",
+                    "T1089"
+                ]
+            },
+            {
+                "bi": "malware-sality-mutex",
+                "hashes": [
+                    "70da214ecceaad1c065f11fbd9e998d8a44289388cbb01f6aba8c12d768dcc9a"
+                ],
+                "mitre_attack_tags": []
+            },
+            {
+                "bi": "registry-firewall-notifications-disabled",
+                "hashes": [
+                    "70da214ecceaad1c065f11fbd9e998d8a44289388cbb01f6aba8c12d768dcc9a"
+                ],
+                "mitre_attack_tags": [
+                    "TA0005",
+                    "T1089"
+                ]
+            },
+            {
+                "bi": "registry-ie-work-offline-settings-modified",
+                "hashes": [
+                    "70da214ecceaad1c065f11fbd9e998d8a44289388cbb01f6aba8c12d768dcc9a"
+                ],
+                "mitre_attack_tags": [
+                    "TA0040",
+                    "T1498"
+                ]
+            },
+            {
+                "bi": "system-startup-file-modification",
+                "hashes": [
+                    "70da214ecceaad1c065f11fbd9e998d8a44289388cbb01f6aba8c12d768dcc9a"
+                ],
+                "mitre_attack_tags": [
+                    "TA0003",
+                    "T1060"
+                ]
+            },
+            {
+                "bi": "artifact-windows-component-suspicious-creation",
+                "hashes": [
+                    "9e4b64ec986be184f84bc69074e6bc420cef02528eaca2cbd6eeaa6ea024d7a8"
+                ],
+                "mitre_attack_tags": [
+                    "TA0005",
+                    "T1036"
+                ]
+            },
+            {
+                "bi": "imports-IsDebuggerPresent",
+                "hashes": [
+                    "55bac2e92e272bb455f85f8f60be34bfed008c356a16ba3a2bc114ce965f28b1"
+                ],
+                "mitre_attack_tags": []
+            },
+            {
+                "bi": "pe-certificate",
+                "hashes": [
+                    "55bac2e92e272bb455f85f8f60be34bfed008c356a16ba3a2bc114ce965f28b1"
+                ],
+                "mitre_attack_tags": []
+            },
+            {
+                "bi": "malware-svchost-misspell",
+                "hashes": [
+                    "55bac2e92e272bb455f85f8f60be34bfed008c356a16ba3a2bc114ce965f28b1"
+                ],
+                "mitre_attack_tags": []
+            },
+            {
+                "bi": "malware-misspell-binary",
+                "hashes": [
+                    "55bac2e92e272bb455f85f8f60be34bfed008c356a16ba3a2bc114ce965f28b1"
+                ],
+                "mitre_attack_tags": []
+            },
+            {
+                "bi": "malware-ufr-mutex-detected",
+                "hashes": [
+                    "2af96cfcadd6f35896178900875a7eec7e9c06a33c36b4d12024db11af26106b"
+                ],
+                "mitre_attack_tags": []
+            },
+            {
+                "bi": "feed-domain-rat",
+                "hashes": [
+                    "fc1384c6fd798650826a73ec659919fb1f90d3ff2ff9749ac2ac1bf075fa6fa0"
+                ],
+                "mitre_attack_tags": []
+            },
+            {
+                "bi": "registry-autorun-key-data-dir",
+                "hashes": [
+                    "fc1384c6fd798650826a73ec659919fb1f90d3ff2ff9749ac2ac1bf075fa6fa0"
+                ],
+                "mitre_attack_tags": [
+                    "TA0003",
+                    "T1060"
+                ]
+            },
+            {
+                "bi": "startup-folder-modification",
+                "hashes": [
+                    "fc1384c6fd798650826a73ec659919fb1f90d3ff2ff9749ac2ac1bf075fa6fa0"
+                ],
+                "mitre_attack_tags": [
+                    "TA0003",
+                    "T1060"
+                ]
+            },
+            {
+                "bi": "startup-folder-lnk-file",
+                "hashes": [
+                    "fc1384c6fd798650826a73ec659919fb1f90d3ff2ff9749ac2ac1bf075fa6fa0"
+                ],
+                "mitre_attack_tags": [
+                    "TA0003",
+                    "T1060"
+                ]
+            }
+        ],
+        "category": "Dropper",
+        "coverage": {
+            "AMP": true,
+            "CWS": true,
+            "Cloudlock": false,
+            "Email Security": true,
+            "Network Security": false,
+            "Threat Grid": true,
+            "Umbrella": false,
+            "WSA": false
+        },
+        "description": "This is a trojan and downloader that allows malicious actors to upload files to a victim's computer.",
+        "hashes": [
+            "2259bc8ed872c70e64ee804e160494f9acb12417dbf39f4a8bb5352e3b73ff13",
+            "2af96cfcadd6f35896178900875a7eec7e9c06a33c36b4d12024db11af26106b",
+            "3f2528f499f50cb6bad87bdb60a582bfcb64683545c743ccb40830915bd23c47",
+            "40e890d1e2c5341100cd769f5beb28b9ed2521dcce0142f20857e21460965b67",
+            "55bac2e92e272bb455f85f8f60be34bfed008c356a16ba3a2bc114ce965f28b1",
+            "5a34ed1857244c8c1db24c33d99280de595c31716c5c2650fb89a02d0e007632",
+            "6bbc68bb4c39f1e5879e30480115e961dc820aa418a6ee2ac96f5f1f6d0d603f",
+            "70da214ecceaad1c065f11fbd9e998d8a44289388cbb01f6aba8c12d768dcc9a",
+            "8d4f1f8ec2f80e3933d413dc09f465c89cbdd9a2b9202780bac38ff2c58e13e5",
+            "8dc69ab4615fb72cab03f7d490b47306a2372c3d72276daf0ef612499ea6343e",
+            "8f52892f0c32bac7f505ed309c10b31b1b73465c14b03e1ac88bf02d8aab2e8c",
+            "9cf889bb69ad79c0412ee0094b92a9b53d6ab77cc9d8242fd30b6e50f63be8d2",
+            "9e4b64ec986be184f84bc69074e6bc420cef02528eaca2cbd6eeaa6ea024d7a8",
+            "ae131fd38c89b6548c95a647250c2448610d2b546547e8d1fbb4e02e8ae3cfab",
+            "c4365f20a5262b717f141f6e4af4958d9cd979b3ab4758d5a58fe899ea892c11",
+            "d41efc56e54ea0cc084306de7ac3e59c6c1083f750fc0889ce2ff4f8256d3686",
+            "ea876d3f251fd879bd4faef4c8129ab9ecfb4c896c5aac8061a831fdd088a7fc",
+            "f4d7d34a60e168bfcf7acc2d1e5e1384610df60d2677017dd26356f7baca8466",
+            "fc1384c6fd798650826a73ec659919fb1f90d3ff2ff9749ac2ac1bf075fa6fa0"
+        ],
+        "iocs": {
+            "domain": [
+                {
+                    "hashes": [
+                        "8dc69ab4615fb72cab03f7d490b47306a2372c3d72276daf0ef612499ea6343e"
+                    ],
+                    "host": "schema[.]org"
+                },
+                {
+                    "hashes": [
+                        "8dc69ab4615fb72cab03f7d490b47306a2372c3d72276daf0ef612499ea6343e"
+                    ],
+                    "host": "www[.]google-analytics[.]com"
+                },
+                {
+                    "hashes": [
+                        "8dc69ab4615fb72cab03f7d490b47306a2372c3d72276daf0ef612499ea6343e"
+                    ],
+                    "host": "stats[.]g[.]doubleclick[.]net"
+                },
+                {
+                    "hashes": [
+                        "8dc69ab4615fb72cab03f7d490b47306a2372c3d72276daf0ef612499ea6343e"
+                    ],
+                    "host": "github[.]com"
+                },
+                {
+                    "hashes": [
+                        "8dc69ab4615fb72cab03f7d490b47306a2372c3d72276daf0ef612499ea6343e"
+                    ],
+                    "host": "avatars1[.]githubusercontent[.]com"
+                },
+                {
+                    "hashes": [
+                        "8dc69ab4615fb72cab03f7d490b47306a2372c3d72276daf0ef612499ea6343e"
+                    ],
+                    "host": "az725175[.]vo[.]msecnd[.]net"
+                },
+                {
+                    "hashes": [
+                        "8dc69ab4615fb72cab03f7d490b47306a2372c3d72276daf0ef612499ea6343e"
+                    ],
+                    "host": "aka[.]ms"
+                },
+                {
+                    "hashes": [
+                        "8dc69ab4615fb72cab03f7d490b47306a2372c3d72276daf0ef612499ea6343e"
+                    ],
+                    "host": "avatars3[.]githubusercontent[.]com"
+                },
+                {
+                    "hashes": [
+                        "8dc69ab4615fb72cab03f7d490b47306a2372c3d72276daf0ef612499ea6343e"
+                    ],
+                    "host": "developercommunity[.]visualstudio[.]com"
+                },
+                {
+                    "hashes": [
+                        "d41efc56e54ea0cc084306de7ac3e59c6c1083f750fc0889ce2ff4f8256d3686"
+                    ],
+                    "host": "horses[.]ru-loading[.]ru"
+                },
+                {
+                    "hashes": [
+                        "8dc69ab4615fb72cab03f7d490b47306a2372c3d72276daf0ef612499ea6343e"
+                    ],
+                    "host": "cdn[.]speedcurve[.]com"
+                },
+                {
+                    "hashes": [
+                        "8dc69ab4615fb72cab03f7d490b47306a2372c3d72276daf0ef612499ea6343e"
+                    ],
+                    "host": "w[.]usabilla[.]com"
+                },
+                {
+                    "hashes": [
+                        "5a34ed1857244c8c1db24c33d99280de595c31716c5c2650fb89a02d0e007632"
+                    ],
+                    "host": "panicofas[.]no-ip[.]org"
+                },
+                {
+                    "hashes": [
+                        "8f52892f0c32bac7f505ed309c10b31b1b73465c14b03e1ac88bf02d8aab2e8c"
+                    ],
+                    "host": "matheustkt[.]no-ip[.]biz"
+                },
+                {
+                    "hashes": [
+                        "55bac2e92e272bb455f85f8f60be34bfed008c356a16ba3a2bc114ce965f28b1"
+                    ],
+                    "host": "laotra[.]no-ip[.]info"
+                },
+                {
+                    "hashes": [
+                        "fc1384c6fd798650826a73ec659919fb1f90d3ff2ff9749ac2ac1bf075fa6fa0"
+                    ],
+                    "host": "fedoshka[.]no-ip[.]biz"
+                },
+                {
+                    "hashes": [
+                        "fc1384c6fd798650826a73ec659919fb1f90d3ff2ff9749ac2ac1bf075fa6fa0"
+                    ],
+                    "host": "fedosh[.]np-ip[.]biz"
+                }
+            ],
+            "file": [
+                {
+                    "hashes": [
+                        "55bac2e92e272bb455f85f8f60be34bfed008c356a16ba3a2bc114ce965f28b1",
+                        "6bbc68bb4c39f1e5879e30480115e961dc820aa418a6ee2ac96f5f1f6d0d603f",
+                        "8d4f1f8ec2f80e3933d413dc09f465c89cbdd9a2b9202780bac38ff2c58e13e5"
+                    ],
+                    "path": "%TEMP%\\x.html"
+                },
+                {
+                    "hashes": [
+                        "70da214ecceaad1c065f11fbd9e998d8a44289388cbb01f6aba8c12d768dcc9a"
+                    ],
+                    "path": "%SystemRoot%\\system.ini"
+                },
+                {
+                    "hashes": [
+                        "8f52892f0c32bac7f505ed309c10b31b1b73465c14b03e1ac88bf02d8aab2e8c"
+                    ],
+                    "path": "%APPDATA%\\dclogs"
+                },
+                {
+                    "hashes": [
+                        "5a34ed1857244c8c1db24c33d99280de595c31716c5c2650fb89a02d0e007632"
+                    ],
+                    "path": "%TEMP%\\XX--XX--XX.txt"
+                },
+                {
+                    "hashes": [
+                        "5a34ed1857244c8c1db24c33d99280de595c31716c5c2650fb89a02d0e007632"
+                    ],
+                    "path": "%TEMP%\\UuU.uUu"
+                },
+                {
+                    "hashes": [
+                        "5a34ed1857244c8c1db24c33d99280de595c31716c5c2650fb89a02d0e007632"
+                    ],
+                    "path": "%TEMP%\\XxX.xXx"
+                },
+                {
+                    "hashes": [
+                        "5a34ed1857244c8c1db24c33d99280de595c31716c5c2650fb89a02d0e007632"
+                    ],
+                    "path": "%APPDATA%\\logs.dat"
+                },
+                {
+                    "hashes": [
+                        "70da214ecceaad1c065f11fbd9e998d8a44289388cbb01f6aba8c12d768dcc9a"
+                    ],
+                    "path": "E:\\autorun.inf"
+                },
+                {
+                    "hashes": [
+                        "55bac2e92e272bb455f85f8f60be34bfed008c356a16ba3a2bc114ce965f28b1"
+                    ],
+                    "path": "%SystemRoot%\\InstallDir"
+                },
+                {
+                    "hashes": [
+                        "5a34ed1857244c8c1db24c33d99280de595c31716c5c2650fb89a02d0e007632"
+                    ],
+                    "path": "%SystemRoot%\\Microsoft"
+                },
+                {
+                    "hashes": [
+                        "fc1384c6fd798650826a73ec659919fb1f90d3ff2ff9749ac2ac1bf075fa6fa0"
+                    ],
+                    "path": "%APPDATA%\\InstallDir"
+                },
+                {
+                    "hashes": [
+                        "5a34ed1857244c8c1db24c33d99280de595c31716c5c2650fb89a02d0e007632"
+                    ],
+                    "path": "%SystemRoot%\\Microsoft\\server.exe"
+                },
+                {
+                    "hashes": [
+                        "fc1384c6fd798650826a73ec659919fb1f90d3ff2ff9749ac2ac1bf075fa6fa0"
+                    ],
+                    "path": "%APPDATA%\\InstallDir\\Server.exe"
+                },
+                {
+                    "hashes": [
+                        "9e4b64ec986be184f84bc69074e6bc420cef02528eaca2cbd6eeaa6ea024d7a8"
+                    ],
+                    "path": "%LOCALAPPDATA%\\Microsoft\\svchost.exe"
+                },
+                {
+                    "hashes": [
+                        "9e4b64ec986be184f84bc69074e6bc420cef02528eaca2cbd6eeaa6ea024d7a8"
+                    ],
+                    "path": "\\TEMP\\svchost.exe"
+                },
+                {
+                    "hashes": [
+                        "2af96cfcadd6f35896178900875a7eec7e9c06a33c36b4d12024db11af26106b"
+                    ],
+                    "path": "\\TEMP\\ufr_reports"
+                },
+                {
+                    "hashes": [
+                        "70da214ecceaad1c065f11fbd9e998d8a44289388cbb01f6aba8c12d768dcc9a"
+                    ],
+                    "path": "\\autorun.inf"
+                },
+                {
+                    "hashes": [
+                        "fc1384c6fd798650826a73ec659919fb1f90d3ff2ff9749ac2ac1bf075fa6fa0"
+                    ],
+                    "path": "%ProgramData%\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\Microsoft.lnk"
+                },
+                {
+                    "hashes": [
+                        "5a34ed1857244c8c1db24c33d99280de595c31716c5c2650fb89a02d0e007632"
+                    ],
+                    "path": "\\TEMP\\server.exe"
+                },
+                {
+                    "hashes": [
+                        "8f52892f0c32bac7f505ed309c10b31b1b73465c14b03e1ac88bf02d8aab2e8c"
+                    ],
+                    "path": "%TEMP%\\~PIB27.tmp"
+                },
+                {
+                    "hashes": [
+                        "8f52892f0c32bac7f505ed309c10b31b1b73465c14b03e1ac88bf02d8aab2e8c"
+                    ],
+                    "path": "%TEMP%\\~PIBD3.tmp"
+                },
+                {
+                    "hashes": [
+                        "8f52892f0c32bac7f505ed309c10b31b1b73465c14b03e1ac88bf02d8aab2e8c"
+                    ],
+                    "path": "%TEMP%\\PIC_1187696292_8.JPG"
+                },
+                {
+                    "hashes": [
+                        "70da214ecceaad1c065f11fbd9e998d8a44289388cbb01f6aba8c12d768dcc9a"
+                    ],
+                    "path": "E:\\wtjnrl.exe"
+                },
+                {
+                    "hashes": [
+                        "70da214ecceaad1c065f11fbd9e998d8a44289388cbb01f6aba8c12d768dcc9a"
+                    ],
+                    "path": "%TEMP%\\winetaly.exe"
+                },
+                {
+                    "hashes": [
+                        "70da214ecceaad1c065f11fbd9e998d8a44289388cbb01f6aba8c12d768dcc9a"
+                    ],
+                    "path": "\\tsrirn.exe"
+                },
+                {
+                    "hashes": [
+                        "70da214ecceaad1c065f11fbd9e998d8a44289388cbb01f6aba8c12d768dcc9a"
+                    ],
+                    "path": "\\wtjnrl.exe"
+                },
+                {
+                    "hashes": [
+                        "55bac2e92e272bb455f85f8f60be34bfed008c356a16ba3a2bc114ce965f28b1"
+                    ],
+                    "path": "%APPDATA%\\Microsoft\\Windows\\XKJSP2eg.cfg"
+                },
+                {
+                    "hashes": [
+                        "55bac2e92e272bb455f85f8f60be34bfed008c356a16ba3a2bc114ce965f28b1"
+                    ],
+                    "path": "%SystemRoot%\\InstallDir\\svhost.exe"
+                },
+                {
+                    "hashes": [
+                        "fc1384c6fd798650826a73ec659919fb1f90d3ff2ff9749ac2ac1bf075fa6fa0"
+                    ],
+                    "path": "%APPDATA%\\Microsoft\\Windows\\AjnwBYm.dat"
+                },
+                {
+                    "hashes": [
+                        "55bac2e92e272bb455f85f8f60be34bfed008c356a16ba3a2bc114ce965f28b1"
+                    ],
+                    "path": "%APPDATA%\\Microsoft\\Windows\\XKJSP2eg.dat"
+                },
+                {
+                    "hashes": [
+                        "fc1384c6fd798650826a73ec659919fb1f90d3ff2ff9749ac2ac1bf075fa6fa0"
+                    ],
+                    "path": "%APPDATA%\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\Inicio.exe"
+                },
+                {
+                    "hashes": [
+                        "fc1384c6fd798650826a73ec659919fb1f90d3ff2ff9749ac2ac1bf075fa6fa0"
+                    ],
+                    "path": "%APPDATA%\\Microsoft\\Windows\\AjnwBYm.cfg"
+                }
+            ],
+            "ip": [
+                {
+                    "hashes": [
+                        "8dc69ab4615fb72cab03f7d490b47306a2372c3d72276daf0ef612499ea6343e"
+                    ],
+                    "ip": "13[.]107[.]21[.]200"
+                },
+                {
+                    "hashes": [
+                        "8dc69ab4615fb72cab03f7d490b47306a2372c3d72276daf0ef612499ea6343e"
+                    ],
+                    "ip": "204[.]79[.]197[.]200"
+                },
+                {
+                    "hashes": [
+                        "8dc69ab4615fb72cab03f7d490b47306a2372c3d72276daf0ef612499ea6343e"
+                    ],
+                    "ip": "151[.]101[.]194[.]217"
+                },
+                {
+                    "hashes": [
+                        "8dc69ab4615fb72cab03f7d490b47306a2372c3d72276daf0ef612499ea6343e"
+                    ],
+                    "ip": "152[.]199[.]4[.]33"
+                },
+                {
+                    "hashes": [
+                        "8dc69ab4615fb72cab03f7d490b47306a2372c3d72276daf0ef612499ea6343e"
+                    ],
+                    "ip": "65[.]55[.]44[.]109"
+                },
+                {
+                    "hashes": [
+                        "8dc69ab4615fb72cab03f7d490b47306a2372c3d72276daf0ef612499ea6343e"
+                    ],
+                    "ip": "20[.]36[.]253[.]92"
+                },
+                {
+                    "hashes": [
+                        "8dc69ab4615fb72cab03f7d490b47306a2372c3d72276daf0ef612499ea6343e"
+                    ],
+                    "ip": "151[.]101[.]128[.]133"
+                },
+                {
+                    "hashes": [
+                        "8dc69ab4615fb72cab03f7d490b47306a2372c3d72276daf0ef612499ea6343e"
+                    ],
+                    "ip": "151[.]101[.]192[.]133"
+                },
+                {
+                    "hashes": [
+                        "8dc69ab4615fb72cab03f7d490b47306a2372c3d72276daf0ef612499ea6343e"
+                    ],
+                    "ip": "23[.]6[.]69[.]99"
+                },
+                {
+                    "hashes": [
+                        "8dc69ab4615fb72cab03f7d490b47306a2372c3d72276daf0ef612499ea6343e"
+                    ],
+                    "ip": "172[.]217[.]5[.]238"
+                },
+                {
+                    "hashes": [
+                        "8dc69ab4615fb72cab03f7d490b47306a2372c3d72276daf0ef612499ea6343e"
+                    ],
+                    "ip": "34[.]232[.]187[.]93"
+                },
+                {
+                    "hashes": [
+                        "8dc69ab4615fb72cab03f7d490b47306a2372c3d72276daf0ef612499ea6343e"
+                    ],
+                    "ip": "140[.]82[.]112[.]3"
+                },
+                {
+                    "hashes": [
+                        "8dc69ab4615fb72cab03f7d490b47306a2372c3d72276daf0ef612499ea6343e"
+                    ],
+                    "ip": "172[.]253[.]63[.]156"
+                },
+                {
+                    "hashes": [
+                        "2af96cfcadd6f35896178900875a7eec7e9c06a33c36b4d12024db11af26106b"
+                    ],
+                    "ip": "31[.]170[.]160[.]103"
+                },
+                {
+                    "hashes": [
+                        "8dc69ab4615fb72cab03f7d490b47306a2372c3d72276daf0ef612499ea6343e"
+                    ],
+                    "ip": "104[.]108[.]100[.]37"
+                }
+            ],
+            "mutex": [
+                {
+                    "hashes": [
+                        "3f2528f499f50cb6bad87bdb60a582bfcb64683545c743ccb40830915bd23c47",
+                        "40e890d1e2c5341100cd769f5beb28b9ed2521dcce0142f20857e21460965b67",
+                        "5a34ed1857244c8c1db24c33d99280de595c31716c5c2650fb89a02d0e007632",
+                        "c4365f20a5262b717f141f6e4af4958d9cd979b3ab4758d5a58fe899ea892c11",
+                        "ea876d3f251fd879bd4faef4c8129ab9ecfb4c896c5aac8061a831fdd088a7fc",
+                        "f4d7d34a60e168bfcf7acc2d1e5e1384610df60d2677017dd26356f7baca8466"
+                    ],
+                    "name": "_x_X_BLOCKMOUSE_X_x_"
+                },
+                {
+                    "hashes": [
+                        "3f2528f499f50cb6bad87bdb60a582bfcb64683545c743ccb40830915bd23c47",
+                        "40e890d1e2c5341100cd769f5beb28b9ed2521dcce0142f20857e21460965b67",
+                        "5a34ed1857244c8c1db24c33d99280de595c31716c5c2650fb89a02d0e007632",
+                        "c4365f20a5262b717f141f6e4af4958d9cd979b3ab4758d5a58fe899ea892c11",
+                        "ea876d3f251fd879bd4faef4c8129ab9ecfb4c896c5aac8061a831fdd088a7fc",
+                        "f4d7d34a60e168bfcf7acc2d1e5e1384610df60d2677017dd26356f7baca8466"
+                    ],
+                    "name": "_x_X_PASSWORDLIST_X_x_"
+                },
+                {
+                    "hashes": [
+                        "3f2528f499f50cb6bad87bdb60a582bfcb64683545c743ccb40830915bd23c47",
+                        "40e890d1e2c5341100cd769f5beb28b9ed2521dcce0142f20857e21460965b67",
+                        "5a34ed1857244c8c1db24c33d99280de595c31716c5c2650fb89a02d0e007632",
+                        "c4365f20a5262b717f141f6e4af4958d9cd979b3ab4758d5a58fe899ea892c11",
+                        "ea876d3f251fd879bd4faef4c8129ab9ecfb4c896c5aac8061a831fdd088a7fc",
+                        "f4d7d34a60e168bfcf7acc2d1e5e1384610df60d2677017dd26356f7baca8466"
+                    ],
+                    "name": "_x_X_UPDATE_X_x_"
+                },
+                {
+                    "hashes": [
+                        "55bac2e92e272bb455f85f8f60be34bfed008c356a16ba3a2bc114ce965f28b1",
+                        "6bbc68bb4c39f1e5879e30480115e961dc820aa418a6ee2ac96f5f1f6d0d603f",
+                        "70da214ecceaad1c065f11fbd9e998d8a44289388cbb01f6aba8c12d768dcc9a",
+                        "8d4f1f8ec2f80e3933d413dc09f465c89cbdd9a2b9202780bac38ff2c58e13e5",
+                        "fc1384c6fd798650826a73ec659919fb1f90d3ff2ff9749ac2ac1bf075fa6fa0"
+                    ],
+                    "name": "<random, matching [a-zA-Z0-9]{5,9}>"
+                },
+                {
+                    "hashes": [
+                        "55bac2e92e272bb455f85f8f60be34bfed008c356a16ba3a2bc114ce965f28b1",
+                        "fc1384c6fd798650826a73ec659919fb1f90d3ff2ff9749ac2ac1bf075fa6fa0"
+                    ],
+                    "name": "XTREMEUPDATE"
+                },
+                {
+                    "hashes": [
+                        "2af96cfcadd6f35896178900875a7eec7e9c06a33c36b4d12024db11af26106b"
+                    ],
+                    "name": "UFR3"
+                },
+                {
+                    "hashes": [
+                        "8f52892f0c32bac7f505ed309c10b31b1b73465c14b03e1ac88bf02d8aab2e8c"
+                    ],
+                    "name": "DCPERSFWBP"
+                },
+                {
+                    "hashes": [
+                        "5a34ed1857244c8c1db24c33d99280de595c31716c5c2650fb89a02d0e007632"
+                    ],
+                    "name": "***MUTEX***"
+                },
+                {
+                    "hashes": [
+                        "5a34ed1857244c8c1db24c33d99280de595c31716c5c2650fb89a02d0e007632"
+                    ],
+                    "name": "***MUTEX***_PERSIST"
+                },
+                {
+                    "hashes": [
+                        "5a34ed1857244c8c1db24c33d99280de595c31716c5c2650fb89a02d0e007632"
+                    ],
+                    "name": "***MUTEX***_SAIR"
+                },
+                {
+                    "hashes": [
+                        "8dc69ab4615fb72cab03f7d490b47306a2372c3d72276daf0ef612499ea6343e"
+                    ],
+                    "name": "Local\\https://docs.microsoft.com/"
+                },
+                {
+                    "hashes": [
+                        "70da214ecceaad1c065f11fbd9e998d8a44289388cbb01f6aba8c12d768dcc9a"
+                    ],
+                    "name": "<process name>.exeM_<pid>_"
+                },
+                {
+                    "hashes": [
+                        "5a34ed1857244c8c1db24c33d99280de595c31716c5c2650fb89a02d0e007632"
+                    ],
+                    "name": "Global\\7f980f81-a05d-11ea-a007-00501e3ae7b5"
+                },
+                {
+                    "hashes": [
+                        "6bbc68bb4c39f1e5879e30480115e961dc820aa418a6ee2ac96f5f1f6d0d603f"
+                    ],
+                    "name": "VuTPb9wJrPERSIST"
+                },
+                {
+                    "hashes": [
+                        "ae131fd38c89b6548c95a647250c2448610d2b546547e8d1fbb4e02e8ae3cfab"
+                    ],
+                    "name": "Global\\75044201-a0cb-11ea-a007-00501e3ae7b5"
+                },
+                {
+                    "hashes": [
+                        "2259bc8ed872c70e64ee804e160494f9acb12417dbf39f4a8bb5352e3b73ff13"
+                    ],
+                    "name": "Global\\74e73481-a0cb-11ea-a007-00501e3ae7b5"
+                },
+                {
+                    "hashes": [
+                        "9e4b64ec986be184f84bc69074e6bc420cef02528eaca2cbd6eeaa6ea024d7a8"
+                    ],
+                    "name": "Global\\79274761-a0cb-11ea-a007-00501e3ae7b5"
+                },
+                {
+                    "hashes": [
+                        "8d4f1f8ec2f80e3933d413dc09f465c89cbdd9a2b9202780bac38ff2c58e13e5"
+                    ],
+                    "name": "TcCqgkPERSIST"
+                },
+                {
+                    "hashes": [
+                        "8f52892f0c32bac7f505ed309c10b31b1b73465c14b03e1ac88bf02d8aab2e8c"
+                    ],
+                    "name": "SDASDDSASD"
+                },
+                {
+                    "hashes": [
+                        "70da214ecceaad1c065f11fbd9e998d8a44289388cbb01f6aba8c12d768dcc9a"
+                    ],
+                    "name": "70da214ecceaad1c065f11fbd9e998d8a44289388cbb01f6aba8c12d768dcc9M_372_"
+                },
+                {
+                    "hashes": [
+                        "fc1384c6fd798650826a73ec659919fb1f90d3ff2ff9749ac2ac1bf075fa6fa0"
+                    ],
+                    "name": "AjnwBYmPERSIST"
+                },
+                {
+                    "hashes": [
+                        "fc1384c6fd798650826a73ec659919fb1f90d3ff2ff9749ac2ac1bf075fa6fa0"
+                    ],
+                    "name": "AjnwBYmEXIT"
+                }
+            ],
+            "registry": [
+                {
+                    "hashes": [
+                        "55bac2e92e272bb455f85f8f60be34bfed008c356a16ba3a2bc114ce965f28b1",
+                        "fc1384c6fd798650826a73ec659919fb1f90d3ff2ff9749ac2ac1bf075fa6fa0"
+                    ],
+                    "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN",
+                    "value_name": "HKLM"
+                },
+                {
+                    "hashes": [
+                        "55bac2e92e272bb455f85f8f60be34bfed008c356a16ba3a2bc114ce965f28b1",
+                        "fc1384c6fd798650826a73ec659919fb1f90d3ff2ff9749ac2ac1bf075fa6fa0"
+                    ],
+                    "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN",
+                    "value_name": "HKCU"
+                },
+                {
+                    "hashes": [
+                        "6bbc68bb4c39f1e5879e30480115e961dc820aa418a6ee2ac96f5f1f6d0d603f",
+                        "8d4f1f8ec2f80e3933d413dc09f465c89cbdd9a2b9202780bac38ff2c58e13e5"
+                    ],
+                    "key": "<HKCU>\\SOFTWARE\\XTREMERAT",
+                    "value_name": null
+                },
+                {
+                    "hashes": [
+                        "fc1384c6fd798650826a73ec659919fb1f90d3ff2ff9749ac2ac1bf075fa6fa0"
+                    ],
+                    "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\ACTIVE SETUP\\INSTALLED COMPONENTS\\{5460C4DF-B266-909E-CB58-E32B79832EB2}",
+                    "value_name": "StubPath"
+                },
+                {
+                    "hashes": [
+                        "70da214ecceaad1c065f11fbd9e998d8a44289388cbb01f6aba8c12d768dcc9a"
+                    ],
+                    "key": "<HKCU>\\SOFTWARE\\AASPPAPMMXKVS",
+                    "value_name": "A1_951"
+                },
+                {
+                    "hashes": [
+                        "70da214ecceaad1c065f11fbd9e998d8a44289388cbb01f6aba8c12d768dcc9a"
+                    ],
+                    "key": "<HKCU>\\SOFTWARE\\AASPPAPMMXKVS",
+                    "value_name": "A2_951"
+                },
+                {
+                    "hashes": [
+                        "70da214ecceaad1c065f11fbd9e998d8a44289388cbb01f6aba8c12d768dcc9a"
+                    ],
+                    "key": "<HKCU>\\SOFTWARE\\AASPPAPMMXKVS",
+                    "value_name": "A1_952"
+                },
+                {
+                    "hashes": [
+                        "70da214ecceaad1c065f11fbd9e998d8a44289388cbb01f6aba8c12d768dcc9a"
+                    ],
+                    "key": "<HKCU>\\SOFTWARE\\AASPPAPMMXKVS",
+                    "value_name": "A2_952"
+                },
+                {
+                    "hashes": [
+                        "70da214ecceaad1c065f11fbd9e998d8a44289388cbb01f6aba8c12d768dcc9a"
+                    ],
+                    "key": "<HKCU>\\SOFTWARE\\AASPPAPMMXKVS",
+                    "value_name": "A1_953"
+                },
+                {
+                    "hashes": [
+                        "70da214ecceaad1c065f11fbd9e998d8a44289388cbb01f6aba8c12d768dcc9a"
+                    ],
+                    "key": "<HKCU>\\SOFTWARE\\AASPPAPMMXKVS",
+                    "value_name": "A2_953"
+                },
+                {
+                    "hashes": [
+                        "70da214ecceaad1c065f11fbd9e998d8a44289388cbb01f6aba8c12d768dcc9a"
+                    ],
+                    "key": "<HKCU>\\SOFTWARE\\AASPPAPMMXKVS",
+                    "value_name": "A1_954"
+                },
+                {
+                    "hashes": [
+                        "70da214ecceaad1c065f11fbd9e998d8a44289388cbb01f6aba8c12d768dcc9a"
+                    ],
+                    "key": "<HKCU>\\SOFTWARE\\AASPPAPMMXKVS",
+                    "value_name": "A1_955"
+                },
+                {
+                    "hashes": [
+                        "70da214ecceaad1c065f11fbd9e998d8a44289388cbb01f6aba8c12d768dcc9a"
+                    ],
+                    "key": "<HKCU>\\SOFTWARE\\AASPPAPMMXKVS",
+                    "value_name": "A2_955"
+                },
+                {
+                    "hashes": [
+                        "70da214ecceaad1c065f11fbd9e998d8a44289388cbb01f6aba8c12d768dcc9a"
+                    ],
+                    "key": "<HKCU>\\SOFTWARE\\AASPPAPMMXKVS",
+                    "value_name": "A1_956"
+                },
+                {
+                    "hashes": [
+                        "70da214ecceaad1c065f11fbd9e998d8a44289388cbb01f6aba8c12d768dcc9a"
+                    ],
+                    "key": "<HKCU>\\SOFTWARE\\AASPPAPMMXKVS",
+                    "value_name": "A1_957"
+                },
+                {
+                    "hashes": [
+                        "70da214ecceaad1c065f11fbd9e998d8a44289388cbb01f6aba8c12d768dcc9a"
+                    ],
+                    "key": "<HKCU>\\SOFTWARE\\AASPPAPMMXKVS",
+                    "value_name": "A2_957"
+                },
+                {
+                    "hashes": [
+                        "70da214ecceaad1c065f11fbd9e998d8a44289388cbb01f6aba8c12d768dcc9a"
+                    ],
+                    "key": "<HKCU>\\SOFTWARE\\AASPPAPMMXKVS",
+                    "value_name": "A1_958"
+                },
+                {
+                    "hashes": [
+                        "70da214ecceaad1c065f11fbd9e998d8a44289388cbb01f6aba8c12d768dcc9a"
+                    ],
+                    "key": "<HKCU>\\SOFTWARE\\AASPPAPMMXKVS",
+                    "value_name": "A1_959"
+                },
+                {
+                    "hashes": [
+                        "70da214ecceaad1c065f11fbd9e998d8a44289388cbb01f6aba8c12d768dcc9a"
+                    ],
+                    "key": "<HKCU>\\SOFTWARE\\AASPPAPMMXKVS",
+                    "value_name": "A1_960"
+                },
+                {
+                    "hashes": [
+                        "70da214ecceaad1c065f11fbd9e998d8a44289388cbb01f6aba8c12d768dcc9a"
+                    ],
+                    "key": "<HKCU>\\SOFTWARE\\AASPPAPMMXKVS",
+                    "value_name": "A2_960"
+                },
+                {
+                    "hashes": [
+                        "70da214ecceaad1c065f11fbd9e998d8a44289388cbb01f6aba8c12d768dcc9a"
+                    ],
+                    "key": "<HKCU>\\SOFTWARE\\AASPPAPMMXKVS",
+                    "value_name": "A1_961"
+                },
+                {
+                    "hashes": [
+                        "70da214ecceaad1c065f11fbd9e998d8a44289388cbb01f6aba8c12d768dcc9a"
+                    ],
+                    "key": "<HKCU>\\SOFTWARE\\AASPPAPMMXKVS",
+                    "value_name": "A1_962"
+                },
+                {
+                    "hashes": [
+                        "70da214ecceaad1c065f11fbd9e998d8a44289388cbb01f6aba8c12d768dcc9a"
+                    ],
+                    "key": "<HKCU>\\SOFTWARE\\AASPPAPMMXKVS",
+                    "value_name": "A1_963"
+                },
+                {
+                    "hashes": [
+                        "70da214ecceaad1c065f11fbd9e998d8a44289388cbb01f6aba8c12d768dcc9a"
+                    ],
+                    "key": "<HKCU>\\SOFTWARE\\AASPPAPMMXKVS",
+                    "value_name": "A1_964"
+                },
+                {
+                    "hashes": [
+                        "70da214ecceaad1c065f11fbd9e998d8a44289388cbb01f6aba8c12d768dcc9a"
+                    ],
+                    "key": "<HKCU>\\SOFTWARE\\AASPPAPMMXKVS",
+                    "value_name": "A2_964"
+                },
+                {
+                    "hashes": [
+                        "70da214ecceaad1c065f11fbd9e998d8a44289388cbb01f6aba8c12d768dcc9a"
+                    ],
+                    "key": "<HKCU>\\SOFTWARE\\AASPPAPMMXKVS",
+                    "value_name": "A1_965"
+                },
+                {
+                    "hashes": [
+                        "70da214ecceaad1c065f11fbd9e998d8a44289388cbb01f6aba8c12d768dcc9a"
+                    ],
+                    "key": "<HKCU>\\SOFTWARE\\AASPPAPMMXKVS",
+                    "value_name": "A1_966"
+                },
+                {
+                    "hashes": [
+                        "70da214ecceaad1c065f11fbd9e998d8a44289388cbb01f6aba8c12d768dcc9a"
+                    ],
+                    "key": "<HKCU>\\SOFTWARE\\AASPPAPMMXKVS",
+                    "value_name": "A1_967"
+                },
+                {
+                    "hashes": [
+                        "70da214ecceaad1c065f11fbd9e998d8a44289388cbb01f6aba8c12d768dcc9a"
+                    ],
+                    "key": "<HKCU>\\SOFTWARE\\AASPPAPMMXKVS",
+                    "value_name": "A1_968"
+                },
+                {
+                    "hashes": [
+                        "70da214ecceaad1c065f11fbd9e998d8a44289388cbb01f6aba8c12d768dcc9a"
+                    ],
+                    "key": "<HKCU>\\SOFTWARE\\AASPPAPMMXKVS",
+                    "value_name": "A1_969"
+                },
+                {
+                    "hashes": [
+                        "70da214ecceaad1c065f11fbd9e998d8a44289388cbb01f6aba8c12d768dcc9a"
+                    ],
+                    "key": "<HKCU>\\SOFTWARE\\AASPPAPMMXKVS",
+                    "value_name": "A2_969"
+                },
+                {
+                    "hashes": [
+                        "70da214ecceaad1c065f11fbd9e998d8a44289388cbb01f6aba8c12d768dcc9a"
+                    ],
+                    "key": "<HKCU>\\SOFTWARE\\AASPPAPMMXKVS",
+                    "value_name": "A1_970"
+                },
+                {
+                    "hashes": [
+                        "70da214ecceaad1c065f11fbd9e998d8a44289388cbb01f6aba8c12d768dcc9a"
+                    ],
+                    "key": "<HKCU>\\SOFTWARE\\AASPPAPMMXKVS",
+                    "value_name": "A1_971"
+                },
+                {
+                    "hashes": [
+                        "70da214ecceaad1c065f11fbd9e998d8a44289388cbb01f6aba8c12d768dcc9a"
+                    ],
+                    "key": "<HKCU>\\SOFTWARE\\AASPPAPMMXKVS",
+                    "value_name": "A1_972"
+                },
+                {
+                    "hashes": [
+                        "70da214ecceaad1c065f11fbd9e998d8a44289388cbb01f6aba8c12d768dcc9a"
+                    ],
+                    "key": "<HKCU>\\SOFTWARE\\AASPPAPMMXKVS",
+                    "value_name": "A2_972"
+                },
+                {
+                    "hashes": [
+                        "70da214ecceaad1c065f11fbd9e998d8a44289388cbb01f6aba8c12d768dcc9a"
+                    ],
+                    "key": "<HKCU>\\SOFTWARE\\AASPPAPMMXKVS",
+                    "value_name": "A1_973"
+                },
+                {
+                    "hashes": [
+                        "70da214ecceaad1c065f11fbd9e998d8a44289388cbb01f6aba8c12d768dcc9a"
+                    ],
+                    "key": "<HKCU>\\SOFTWARE\\AASPPAPMMXKVS",
+                    "value_name": "A2_973"
+                },
+                {
+                    "hashes": [
+                        "70da214ecceaad1c065f11fbd9e998d8a44289388cbb01f6aba8c12d768dcc9a"
+                    ],
+                    "key": "<HKCU>\\SOFTWARE\\AASPPAPMMXKVS",
+                    "value_name": "A1_974"
+                },
+                {
+                    "hashes": [
+                        "70da214ecceaad1c065f11fbd9e998d8a44289388cbb01f6aba8c12d768dcc9a"
+                    ],
+                    "key": "<HKCU>\\SOFTWARE\\AASPPAPMMXKVS",
+                    "value_name": "A2_974"
+                },
+                {
+                    "hashes": [
+                        "70da214ecceaad1c065f11fbd9e998d8a44289388cbb01f6aba8c12d768dcc9a"
+                    ],
+                    "key": "<HKCU>\\SOFTWARE\\AASPPAPMMXKVS",
+                    "value_name": "A1_975"
+                },
+                {
+                    "hashes": [
+                        "70da214ecceaad1c065f11fbd9e998d8a44289388cbb01f6aba8c12d768dcc9a"
+                    ],
+                    "key": "<HKCU>\\SOFTWARE\\AASPPAPMMXKVS",
+                    "value_name": "A1_976"
+                },
+                {
+                    "hashes": [
+                        "70da214ecceaad1c065f11fbd9e998d8a44289388cbb01f6aba8c12d768dcc9a"
+                    ],
+                    "key": "<HKCU>\\SOFTWARE\\AASPPAPMMXKVS",
+                    "value_name": "A2_976"
+                },
+                {
+                    "hashes": [
+                        "70da214ecceaad1c065f11fbd9e998d8a44289388cbb01f6aba8c12d768dcc9a"
+                    ],
+                    "key": "<HKCU>\\SOFTWARE\\AASPPAPMMXKVS",
+                    "value_name": "A1_977"
+                },
+                {
+                    "hashes": [
+                        "70da214ecceaad1c065f11fbd9e998d8a44289388cbb01f6aba8c12d768dcc9a"
+                    ],
+                    "key": "<HKCU>\\SOFTWARE\\AASPPAPMMXKVS",
+                    "value_name": "A2_977"
+                },
+                {
+                    "hashes": [
+                        "70da214ecceaad1c065f11fbd9e998d8a44289388cbb01f6aba8c12d768dcc9a"
+                    ],
+                    "key": "<HKCU>\\SOFTWARE\\AASPPAPMMXKVS",
+                    "value_name": "A1_978"
+                },
+                {
+                    "hashes": [
+                        "70da214ecceaad1c065f11fbd9e998d8a44289388cbb01f6aba8c12d768dcc9a"
+                    ],
+                    "key": "<HKCU>\\SOFTWARE\\AASPPAPMMXKVS",
+                    "value_name": "A1_979"
+                },
+                {
+                    "hashes": [
+                        "70da214ecceaad1c065f11fbd9e998d8a44289388cbb01f6aba8c12d768dcc9a"
+                    ],
+                    "key": "<HKCU>\\SOFTWARE\\AASPPAPMMXKVS",
+                    "value_name": "A1_980"
+                },
+                {
+                    "hashes": [
+                        "70da214ecceaad1c065f11fbd9e998d8a44289388cbb01f6aba8c12d768dcc9a"
+                    ],
+                    "key": "<HKCU>\\SOFTWARE\\AASPPAPMMXKVS",
+                    "value_name": "A2_980"
+                },
+                {
+                    "hashes": [
+                        "70da214ecceaad1c065f11fbd9e998d8a44289388cbb01f6aba8c12d768dcc9a"
+                    ],
+                    "key": "<HKCU>\\SOFTWARE\\AASPPAPMMXKVS",
+                    "value_name": "A1_981"
+                },
+                {
+                    "hashes": [
+                        "70da214ecceaad1c065f11fbd9e998d8a44289388cbb01f6aba8c12d768dcc9a"
+                    ],
+                    "key": "<HKCU>\\SOFTWARE\\AASPPAPMMXKVS",
+                    "value_name": "A1_982"
+                }
+            ]
+        },
+        "reports_count": 19
+    },
+    "Win.Dropper.DarkComet-7945051-0": {
+        "bis": [
+            {
+                "bi": "memory-execute-readwrite",
+                "hashes": [
+                    "ad9b169e3ec2bca38608c3a2a260a5c8fd7d425922c1be0480632b1853e8b800",
+                    "f23c4432eb6761d5742ca93ac63e32f554b2f609089cce6c7b128560cad7864c",
+                    "833d572bc5d010513b2db0ddf8585146717626ca0b1ed31afcf2c060a85532fc",
+                    "cdf04a526edb74c65e0bad7231b1f7aa7b387db4b4d16dbed7ea5d7ce03b3c74",
+                    "9588eea7a663c0b1afa4019215e3720191ca182b8ab3267600d3c0015b8b6f90",
+                    "834ec1bfba399fed36481af92248915e4a4f9137a3ad3d2236b9932cbf7f142b",
+                    "8512563d18fbbb08c0f925f52b57284e755f64aa11b8298ae25083b73826f98c",
+                    "58d4c099e50e96300e2041940d65fbcb8e85978a83ad7cf7457972aeb9f006ba",
+                    "c671c6ba02521a078cffc1509fd3f5864791ad7c38a89b626cd2fc9159bd3de5",
+                    "73e47ae090f62b5723ccc7a1b452e8c8b305f22734f7efac6402c9edbd49bc5c",
+                    "152d31444542e5096b757127ed11c3aa8aa75869c7bed47c110251d6e4dc73de",
+                    "e76428349eaa3c7ff8417a3b892cd015a0c07a7971b4e422e21751b4f762ed79",
+                    "5d0671d8aa8a4c3eaeca7d73c197f20fa5e3698f97d9f99abf50b4e43ab1d113",
+                    "08039ef764c01600b0b21b33fb9c45031fecacfbc62ac1400a2604783c513e4d",
+                    "b1bd6d9e01e6a377172d207b9c1f0ea2a22dd5cb8d1eb453c6753d8d4d1a2879",
+                    "d8650cb35c1ae0a368ceb7254f17b62f5e05abf8e4ce7fe3a0d8c39574532d95",
+                    "57f94f852f1a625bebfe96a57be5c6cbcb17016f786ebe1991265c442dc42103",
+                    "f98a7257bc518d66a99b78f55fbde062882e70024240e2136ef3d9ae4d85f911",
+                    "bcb654091e412f70fd2fee09794a727f4309f613eb2f03c224a559c1c338115c",
+                    "3b765b6d85b21b8304c2287d2ede993082455f64d904529dd8eb03482b5cf3b3",
+                    "edf0c17aed631d1cd31e43c1be2291b74129f2b71be868156866a31fcac6cb05",
+                    "3ee0145434048bb9dbff5a92a2083b3baae1c539a459668e34316bb75ad318de",
+                    "6557faee4a706e851f0aa28785e38dc56bfd422c4d8864c754c884163ab8ab3d",
+                    "4ce17adddc15f920b90d1f6920fb398b3a3a229d8888c454cab78263e0e95801",
+                    "31535bfd8856f9497076a79fc6bac118901275a4928e9c31bfd42641aa624a98",
+                    "70ba4783c12ca57a129c5f3ab9d85ee34f5dc753952d15b49f5c54c6f067909e",
+                    "5e59a550cc3f18a66b663286b2ad08a5612fdd34e8e1667f5229c05e3053d48d",
+                    "0e473f4bdc3a37ef888a4f44616e0c09c38b8d7fcdb617736aa8f294dd99e920",
+                    "63935268c3fd6806fc5de779b5f72358721f7dd537de53f019f3baa1cbdb3451",
+                    "0f6a595d6bfd0dc514dbde0b8be7cdb2aa1dba94a103f1c79205f0bcf9856e7f",
+                    "50e76d4936b183bf0c03761a38bf0d74e037ce72b59df8a28764b7f446675f51",
+                    "2be6e59520303b18c3c4524be67c74f8cadfe80101440fcd61d5da6a9648b48f",
+                    "1be1d57117ab25b16d4d17176062dc0cb469e25dcf2ec8c751c2104365697ae6",
+                    "18bc76cc05f305549fbee7757c01f897110effac971738af751815589036d5dc",
+                    "411f03cb9f75856e767ff1b2c3d03464026f32943e4a193d65f8997e6bf7f0cd",
+                    "8167bea409789e03d3483aa7497762f2c3f33ed25122fcd8b7e7b45cb9b3e919",
+                    "1899e0b8e3b986a5de287ba23c6e81b287078d7d17eecf30eb10b8013633f709"
+                ],
+                "mitre_attack_tags": [
+                    "TA0005",
+                    "TA0004",
+                    "T1055",
+                    "T1181"
+                ]
+            },
+            {
+                "bi": "antivirus-service-flagged-artifact",
+                "hashes": [
+                    "ad9b169e3ec2bca38608c3a2a260a5c8fd7d425922c1be0480632b1853e8b800",
+                    "f23c4432eb6761d5742ca93ac63e32f554b2f609089cce6c7b128560cad7864c",
+                    "833d572bc5d010513b2db0ddf8585146717626ca0b1ed31afcf2c060a85532fc",
+                    "cdf04a526edb74c65e0bad7231b1f7aa7b387db4b4d16dbed7ea5d7ce03b3c74",
+                    "9588eea7a663c0b1afa4019215e3720191ca182b8ab3267600d3c0015b8b6f90",
+                    "834ec1bfba399fed36481af92248915e4a4f9137a3ad3d2236b9932cbf7f142b",
+                    "8512563d18fbbb08c0f925f52b57284e755f64aa11b8298ae25083b73826f98c",
+                    "58d4c099e50e96300e2041940d65fbcb8e85978a83ad7cf7457972aeb9f006ba",
+                    "c671c6ba02521a078cffc1509fd3f5864791ad7c38a89b626cd2fc9159bd3de5",
+                    "73e47ae090f62b5723ccc7a1b452e8c8b305f22734f7efac6402c9edbd49bc5c",
+                    "152d31444542e5096b757127ed11c3aa8aa75869c7bed47c110251d6e4dc73de",
+                    "e76428349eaa3c7ff8417a3b892cd015a0c07a7971b4e422e21751b4f762ed79",
+                    "5d0671d8aa8a4c3eaeca7d73c197f20fa5e3698f97d9f99abf50b4e43ab1d113",
+                    "08039ef764c01600b0b21b33fb9c45031fecacfbc62ac1400a2604783c513e4d",
+                    "b1bd6d9e01e6a377172d207b9c1f0ea2a22dd5cb8d1eb453c6753d8d4d1a2879",
+                    "d8650cb35c1ae0a368ceb7254f17b62f5e05abf8e4ce7fe3a0d8c39574532d95",
+                    "57f94f852f1a625bebfe96a57be5c6cbcb17016f786ebe1991265c442dc42103",
+                    "f98a7257bc518d66a99b78f55fbde062882e70024240e2136ef3d9ae4d85f911",
+                    "bcb654091e412f70fd2fee09794a727f4309f613eb2f03c224a559c1c338115c",
+                    "3b765b6d85b21b8304c2287d2ede993082455f64d904529dd8eb03482b5cf3b3",
+                    "edf0c17aed631d1cd31e43c1be2291b74129f2b71be868156866a31fcac6cb05",
+                    "3ee0145434048bb9dbff5a92a2083b3baae1c539a459668e34316bb75ad318de",
+                    "6557faee4a706e851f0aa28785e38dc56bfd422c4d8864c754c884163ab8ab3d",
+                    "4ce17adddc15f920b90d1f6920fb398b3a3a229d8888c454cab78263e0e95801",
+                    "31535bfd8856f9497076a79fc6bac118901275a4928e9c31bfd42641aa624a98",
+                    "70ba4783c12ca57a129c5f3ab9d85ee34f5dc753952d15b49f5c54c6f067909e",
+                    "5e59a550cc3f18a66b663286b2ad08a5612fdd34e8e1667f5229c05e3053d48d",
+                    "0e473f4bdc3a37ef888a4f44616e0c09c38b8d7fcdb617736aa8f294dd99e920",
+                    "63935268c3fd6806fc5de779b5f72358721f7dd537de53f019f3baa1cbdb3451",
+                    "0f6a595d6bfd0dc514dbde0b8be7cdb2aa1dba94a103f1c79205f0bcf9856e7f",
+                    "50e76d4936b183bf0c03761a38bf0d74e037ce72b59df8a28764b7f446675f51",
+                    "2be6e59520303b18c3c4524be67c74f8cadfe80101440fcd61d5da6a9648b48f",
+                    "1be1d57117ab25b16d4d17176062dc0cb469e25dcf2ec8c751c2104365697ae6",
+                    "18bc76cc05f305549fbee7757c01f897110effac971738af751815589036d5dc",
+                    "411f03cb9f75856e767ff1b2c3d03464026f32943e4a193d65f8997e6bf7f0cd",
+                    "8167bea409789e03d3483aa7497762f2c3f33ed25122fcd8b7e7b45cb9b3e919",
+                    "1899e0b8e3b986a5de287ba23c6e81b287078d7d17eecf30eb10b8013633f709"
+                ],
+                "mitre_attack_tags": []
+            },
+            {
+                "bi": "cta-static-analyzer-malicious",
+                "hashes": [
+                    "ad9b169e3ec2bca38608c3a2a260a5c8fd7d425922c1be0480632b1853e8b800",
+                    "f23c4432eb6761d5742ca93ac63e32f554b2f609089cce6c7b128560cad7864c",
+                    "833d572bc5d010513b2db0ddf8585146717626ca0b1ed31afcf2c060a85532fc",
+                    "cdf04a526edb74c65e0bad7231b1f7aa7b387db4b4d16dbed7ea5d7ce03b3c74",
+                    "9588eea7a663c0b1afa4019215e3720191ca182b8ab3267600d3c0015b8b6f90",
+                    "834ec1bfba399fed36481af92248915e4a4f9137a3ad3d2236b9932cbf7f142b",
+                    "8512563d18fbbb08c0f925f52b57284e755f64aa11b8298ae25083b73826f98c",
+                    "58d4c099e50e96300e2041940d65fbcb8e85978a83ad7cf7457972aeb9f006ba",
+                    "c671c6ba02521a078cffc1509fd3f5864791ad7c38a89b626cd2fc9159bd3de5",
+                    "73e47ae090f62b5723ccc7a1b452e8c8b305f22734f7efac6402c9edbd49bc5c",
+                    "152d31444542e5096b757127ed11c3aa8aa75869c7bed47c110251d6e4dc73de",
+                    "e76428349eaa3c7ff8417a3b892cd015a0c07a7971b4e422e21751b4f762ed79",
+                    "5d0671d8aa8a4c3eaeca7d73c197f20fa5e3698f97d9f99abf50b4e43ab1d113",
+                    "08039ef764c01600b0b21b33fb9c45031fecacfbc62ac1400a2604783c513e4d",
+                    "b1bd6d9e01e6a377172d207b9c1f0ea2a22dd5cb8d1eb453c6753d8d4d1a2879",
+                    "d8650cb35c1ae0a368ceb7254f17b62f5e05abf8e4ce7fe3a0d8c39574532d95",
+                    "57f94f852f1a625bebfe96a57be5c6cbcb17016f786ebe1991265c442dc42103",
+                    "f98a7257bc518d66a99b78f55fbde062882e70024240e2136ef3d9ae4d85f911",
+                    "bcb654091e412f70fd2fee09794a727f4309f613eb2f03c224a559c1c338115c",
+                    "3b765b6d85b21b8304c2287d2ede993082455f64d904529dd8eb03482b5cf3b3",
+                    "edf0c17aed631d1cd31e43c1be2291b74129f2b71be868156866a31fcac6cb05",
+                    "3ee0145434048bb9dbff5a92a2083b3baae1c539a459668e34316bb75ad318de",
+                    "6557faee4a706e851f0aa28785e38dc56bfd422c4d8864c754c884163ab8ab3d",
+                    "4ce17adddc15f920b90d1f6920fb398b3a3a229d8888c454cab78263e0e95801",
+                    "31535bfd8856f9497076a79fc6bac118901275a4928e9c31bfd42641aa624a98",
+                    "70ba4783c12ca57a129c5f3ab9d85ee34f5dc753952d15b49f5c54c6f067909e",
+                    "5e59a550cc3f18a66b663286b2ad08a5612fdd34e8e1667f5229c05e3053d48d",
+                    "0e473f4bdc3a37ef888a4f44616e0c09c38b8d7fcdb617736aa8f294dd99e920",
+                    "63935268c3fd6806fc5de779b5f72358721f7dd537de53f019f3baa1cbdb3451",
+                    "0f6a595d6bfd0dc514dbde0b8be7cdb2aa1dba94a103f1c79205f0bcf9856e7f",
+                    "50e76d4936b183bf0c03761a38bf0d74e037ce72b59df8a28764b7f446675f51",
+                    "2be6e59520303b18c3c4524be67c74f8cadfe80101440fcd61d5da6a9648b48f",
+                    "1be1d57117ab25b16d4d17176062dc0cb469e25dcf2ec8c751c2104365697ae6",
+                    "18bc76cc05f305549fbee7757c01f897110effac971738af751815589036d5dc",
+                    "411f03cb9f75856e767ff1b2c3d03464026f32943e4a193d65f8997e6bf7f0cd",
+                    "8167bea409789e03d3483aa7497762f2c3f33ed25122fcd8b7e7b45cb9b3e919",
+                    "1899e0b8e3b986a5de287ba23c6e81b287078d7d17eecf30eb10b8013633f709"
+                ],
+                "mitre_attack_tags": []
+            },
+            {
+                "bi": "pe-dos-header-paragraphs",
+                "hashes": [
+                    "ad9b169e3ec2bca38608c3a2a260a5c8fd7d425922c1be0480632b1853e8b800",
+                    "f23c4432eb6761d5742ca93ac63e32f554b2f609089cce6c7b128560cad7864c",
+                    "833d572bc5d010513b2db0ddf8585146717626ca0b1ed31afcf2c060a85532fc",
+                    "cdf04a526edb74c65e0bad7231b1f7aa7b387db4b4d16dbed7ea5d7ce03b3c74",
+                    "9588eea7a663c0b1afa4019215e3720191ca182b8ab3267600d3c0015b8b6f90",
+                    "834ec1bfba399fed36481af92248915e4a4f9137a3ad3d2236b9932cbf7f142b",
+                    "8512563d18fbbb08c0f925f52b57284e755f64aa11b8298ae25083b73826f98c",
+                    "58d4c099e50e96300e2041940d65fbcb8e85978a83ad7cf7457972aeb9f006ba",
+                    "c671c6ba02521a078cffc1509fd3f5864791ad7c38a89b626cd2fc9159bd3de5",
+                    "73e47ae090f62b5723ccc7a1b452e8c8b305f22734f7efac6402c9edbd49bc5c",
+                    "152d31444542e5096b757127ed11c3aa8aa75869c7bed47c110251d6e4dc73de",
+                    "e76428349eaa3c7ff8417a3b892cd015a0c07a7971b4e422e21751b4f762ed79",
+                    "5d0671d8aa8a4c3eaeca7d73c197f20fa5e3698f97d9f99abf50b4e43ab1d113",
+                    "08039ef764c01600b0b21b33fb9c45031fecacfbc62ac1400a2604783c513e4d",
+                    "b1bd6d9e01e6a377172d207b9c1f0ea2a22dd5cb8d1eb453c6753d8d4d1a2879",
+                    "d8650cb35c1ae0a368ceb7254f17b62f5e05abf8e4ce7fe3a0d8c39574532d95",
+                    "57f94f852f1a625bebfe96a57be5c6cbcb17016f786ebe1991265c442dc42103",
+                    "f98a7257bc518d66a99b78f55fbde062882e70024240e2136ef3d9ae4d85f911",
+                    "bcb654091e412f70fd2fee09794a727f4309f613eb2f03c224a559c1c338115c",
+                    "3b765b6d85b21b8304c2287d2ede993082455f64d904529dd8eb03482b5cf3b3",
+                    "edf0c17aed631d1cd31e43c1be2291b74129f2b71be868156866a31fcac6cb05",
+                    "3ee0145434048bb9dbff5a92a2083b3baae1c539a459668e34316bb75ad318de",
+                    "6557faee4a706e851f0aa28785e38dc56bfd422c4d8864c754c884163ab8ab3d",
+                    "4ce17adddc15f920b90d1f6920fb398b3a3a229d8888c454cab78263e0e95801",
+                    "31535bfd8856f9497076a79fc6bac118901275a4928e9c31bfd42641aa624a98",
+                    "70ba4783c12ca57a129c5f3ab9d85ee34f5dc753952d15b49f5c54c6f067909e",
+                    "5e59a550cc3f18a66b663286b2ad08a5612fdd34e8e1667f5229c05e3053d48d",
+                    "0e473f4bdc3a37ef888a4f44616e0c09c38b8d7fcdb617736aa8f294dd99e920",
+                    "63935268c3fd6806fc5de779b5f72358721f7dd537de53f019f3baa1cbdb3451",
+                    "0f6a595d6bfd0dc514dbde0b8be7cdb2aa1dba94a103f1c79205f0bcf9856e7f",
+                    "50e76d4936b183bf0c03761a38bf0d74e037ce72b59df8a28764b7f446675f51",
+                    "2be6e59520303b18c3c4524be67c74f8cadfe80101440fcd61d5da6a9648b48f",
+                    "1be1d57117ab25b16d4d17176062dc0cb469e25dcf2ec8c751c2104365697ae6",
+                    "18bc76cc05f305549fbee7757c01f897110effac971738af751815589036d5dc",
+                    "411f03cb9f75856e767ff1b2c3d03464026f32943e4a193d65f8997e6bf7f0cd",
+                    "8167bea409789e03d3483aa7497762f2c3f33ed25122fcd8b7e7b45cb9b3e919",
+                    "1899e0b8e3b986a5de287ba23c6e81b287078d7d17eecf30eb10b8013633f709"
+                ],
+                "mitre_attack_tags": [
+                    "TA0005",
+                    "T1027"
+                ]
+            },
+            {
+                "bi": "pe-section-shared",
+                "hashes": [
+                    "ad9b169e3ec2bca38608c3a2a260a5c8fd7d425922c1be0480632b1853e8b800",
+                    "f23c4432eb6761d5742ca93ac63e32f554b2f609089cce6c7b128560cad7864c",
+                    "833d572bc5d010513b2db0ddf8585146717626ca0b1ed31afcf2c060a85532fc",
+                    "cdf04a526edb74c65e0bad7231b1f7aa7b387db4b4d16dbed7ea5d7ce03b3c74",
+                    "9588eea7a663c0b1afa4019215e3720191ca182b8ab3267600d3c0015b8b6f90",
+                    "834ec1bfba399fed36481af92248915e4a4f9137a3ad3d2236b9932cbf7f142b",
+                    "8512563d18fbbb08c0f925f52b57284e755f64aa11b8298ae25083b73826f98c",
+                    "58d4c099e50e96300e2041940d65fbcb8e85978a83ad7cf7457972aeb9f006ba",
+                    "c671c6ba02521a078cffc1509fd3f5864791ad7c38a89b626cd2fc9159bd3de5",
+                    "73e47ae090f62b5723ccc7a1b452e8c8b305f22734f7efac6402c9edbd49bc5c",
+                    "152d31444542e5096b757127ed11c3aa8aa75869c7bed47c110251d6e4dc73de",
+                    "e76428349eaa3c7ff8417a3b892cd015a0c07a7971b4e422e21751b4f762ed79",
+                    "5d0671d8aa8a4c3eaeca7d73c197f20fa5e3698f97d9f99abf50b4e43ab1d113",
+                    "08039ef764c01600b0b21b33fb9c45031fecacfbc62ac1400a2604783c513e4d",
+                    "b1bd6d9e01e6a377172d207b9c1f0ea2a22dd5cb8d1eb453c6753d8d4d1a2879",
+                    "d8650cb35c1ae0a368ceb7254f17b62f5e05abf8e4ce7fe3a0d8c39574532d95",
+                    "57f94f852f1a625bebfe96a57be5c6cbcb17016f786ebe1991265c442dc42103",
+                    "f98a7257bc518d66a99b78f55fbde062882e70024240e2136ef3d9ae4d85f911",
+                    "bcb654091e412f70fd2fee09794a727f4309f613eb2f03c224a559c1c338115c",
+                    "3b765b6d85b21b8304c2287d2ede993082455f64d904529dd8eb03482b5cf3b3",
+                    "edf0c17aed631d1cd31e43c1be2291b74129f2b71be868156866a31fcac6cb05",
+                    "3ee0145434048bb9dbff5a92a2083b3baae1c539a459668e34316bb75ad318de",
+                    "6557faee4a706e851f0aa28785e38dc56bfd422c4d8864c754c884163ab8ab3d",
+                    "4ce17adddc15f920b90d1f6920fb398b3a3a229d8888c454cab78263e0e95801",
+                    "31535bfd8856f9497076a79fc6bac118901275a4928e9c31bfd42641aa624a98",
+                    "70ba4783c12ca57a129c5f3ab9d85ee34f5dc753952d15b49f5c54c6f067909e",
+                    "5e59a550cc3f18a66b663286b2ad08a5612fdd34e8e1667f5229c05e3053d48d",
+                    "0e473f4bdc3a37ef888a4f44616e0c09c38b8d7fcdb617736aa8f294dd99e920",
+                    "63935268c3fd6806fc5de779b5f72358721f7dd537de53f019f3baa1cbdb3451",
+                    "0f6a595d6bfd0dc514dbde0b8be7cdb2aa1dba94a103f1c79205f0bcf9856e7f",
+                    "50e76d4936b183bf0c03761a38bf0d74e037ce72b59df8a28764b7f446675f51",
+                    "2be6e59520303b18c3c4524be67c74f8cadfe80101440fcd61d5da6a9648b48f",
+                    "1be1d57117ab25b16d4d17176062dc0cb469e25dcf2ec8c751c2104365697ae6",
+                    "18bc76cc05f305549fbee7757c01f897110effac971738af751815589036d5dc",
+                    "411f03cb9f75856e767ff1b2c3d03464026f32943e4a193d65f8997e6bf7f0cd",
+                    "8167bea409789e03d3483aa7497762f2c3f33ed25122fcd8b7e7b45cb9b3e919",
+                    "1899e0b8e3b986a5de287ba23c6e81b287078d7d17eecf30eb10b8013633f709"
+                ],
+                "mitre_attack_tags": [
+                    "TA0005",
+                    "T1027"
+                ]
+            },
+            {
+                "bi": "excessive-foreign-memory-modification",
+                "hashes": [
+                    "ad9b169e3ec2bca38608c3a2a260a5c8fd7d425922c1be0480632b1853e8b800",
+                    "f23c4432eb6761d5742ca93ac63e32f554b2f609089cce6c7b128560cad7864c",
+                    "833d572bc5d010513b2db0ddf8585146717626ca0b1ed31afcf2c060a85532fc",
+                    "cdf04a526edb74c65e0bad7231b1f7aa7b387db4b4d16dbed7ea5d7ce03b3c74",
+                    "9588eea7a663c0b1afa4019215e3720191ca182b8ab3267600d3c0015b8b6f90",
+                    "834ec1bfba399fed36481af92248915e4a4f9137a3ad3d2236b9932cbf7f142b",
+                    "8512563d18fbbb08c0f925f52b57284e755f64aa11b8298ae25083b73826f98c",
+                    "58d4c099e50e96300e2041940d65fbcb8e85978a83ad7cf7457972aeb9f006ba",
+                    "c671c6ba02521a078cffc1509fd3f5864791ad7c38a89b626cd2fc9159bd3de5",
+                    "73e47ae090f62b5723ccc7a1b452e8c8b305f22734f7efac6402c9edbd49bc5c",
+                    "152d31444542e5096b757127ed11c3aa8aa75869c7bed47c110251d6e4dc73de",
+                    "e76428349eaa3c7ff8417a3b892cd015a0c07a7971b4e422e21751b4f762ed79",
+                    "5d0671d8aa8a4c3eaeca7d73c197f20fa5e3698f97d9f99abf50b4e43ab1d113",
+                    "08039ef764c01600b0b21b33fb9c45031fecacfbc62ac1400a2604783c513e4d",
+                    "b1bd6d9e01e6a377172d207b9c1f0ea2a22dd5cb8d1eb453c6753d8d4d1a2879",
+                    "d8650cb35c1ae0a368ceb7254f17b62f5e05abf8e4ce7fe3a0d8c39574532d95",
+                    "57f94f852f1a625bebfe96a57be5c6cbcb17016f786ebe1991265c442dc42103",
+                    "f98a7257bc518d66a99b78f55fbde062882e70024240e2136ef3d9ae4d85f911",
+                    "bcb654091e412f70fd2fee09794a727f4309f613eb2f03c224a559c1c338115c",
+                    "3b765b6d85b21b8304c2287d2ede993082455f64d904529dd8eb03482b5cf3b3",
+                    "edf0c17aed631d1cd31e43c1be2291b74129f2b71be868156866a31fcac6cb05",
+                    "6557faee4a706e851f0aa28785e38dc56bfd422c4d8864c754c884163ab8ab3d",
+                    "4ce17adddc15f920b90d1f6920fb398b3a3a229d8888c454cab78263e0e95801",
+                    "31535bfd8856f9497076a79fc6bac118901275a4928e9c31bfd42641aa624a98",
+                    "70ba4783c12ca57a129c5f3ab9d85ee34f5dc753952d15b49f5c54c6f067909e",
+                    "5e59a550cc3f18a66b663286b2ad08a5612fdd34e8e1667f5229c05e3053d48d",
+                    "0e473f4bdc3a37ef888a4f44616e0c09c38b8d7fcdb617736aa8f294dd99e920",
+                    "63935268c3fd6806fc5de779b5f72358721f7dd537de53f019f3baa1cbdb3451",
+                    "0f6a595d6bfd0dc514dbde0b8be7cdb2aa1dba94a103f1c79205f0bcf9856e7f",
+                    "50e76d4936b183bf0c03761a38bf0d74e037ce72b59df8a28764b7f446675f51",
+                    "2be6e59520303b18c3c4524be67c74f8cadfe80101440fcd61d5da6a9648b48f",
+                    "1be1d57117ab25b16d4d17176062dc0cb469e25dcf2ec8c751c2104365697ae6",
+                    "18bc76cc05f305549fbee7757c01f897110effac971738af751815589036d5dc",
+                    "411f03cb9f75856e767ff1b2c3d03464026f32943e4a193d65f8997e6bf7f0cd",
+                    "8167bea409789e03d3483aa7497762f2c3f33ed25122fcd8b7e7b45cb9b3e919",
+                    "1899e0b8e3b986a5de287ba23c6e81b287078d7d17eecf30eb10b8013633f709"
+                ],
+                "mitre_attack_tags": [
+                    "TA0005",
+                    "T1055"
+                ]
+            },
+            {
+                "bi": "pe-invalid-checksum",
+                "hashes": [
+                    "ad9b169e3ec2bca38608c3a2a260a5c8fd7d425922c1be0480632b1853e8b800",
+                    "f23c4432eb6761d5742ca93ac63e32f554b2f609089cce6c7b128560cad7864c",
+                    "833d572bc5d010513b2db0ddf8585146717626ca0b1ed31afcf2c060a85532fc",
+                    "cdf04a526edb74c65e0bad7231b1f7aa7b387db4b4d16dbed7ea5d7ce03b3c74",
+                    "9588eea7a663c0b1afa4019215e3720191ca182b8ab3267600d3c0015b8b6f90",
+                    "834ec1bfba399fed36481af92248915e4a4f9137a3ad3d2236b9932cbf7f142b",
+                    "8512563d18fbbb08c0f925f52b57284e755f64aa11b8298ae25083b73826f98c",
+                    "58d4c099e50e96300e2041940d65fbcb8e85978a83ad7cf7457972aeb9f006ba",
+                    "c671c6ba02521a078cffc1509fd3f5864791ad7c38a89b626cd2fc9159bd3de5",
+                    "73e47ae090f62b5723ccc7a1b452e8c8b305f22734f7efac6402c9edbd49bc5c",
+                    "152d31444542e5096b757127ed11c3aa8aa75869c7bed47c110251d6e4dc73de",
+                    "e76428349eaa3c7ff8417a3b892cd015a0c07a7971b4e422e21751b4f762ed79",
+                    "5d0671d8aa8a4c3eaeca7d73c197f20fa5e3698f97d9f99abf50b4e43ab1d113",
+                    "08039ef764c01600b0b21b33fb9c45031fecacfbc62ac1400a2604783c513e4d",
+                    "b1bd6d9e01e6a377172d207b9c1f0ea2a22dd5cb8d1eb453c6753d8d4d1a2879",
+                    "d8650cb35c1ae0a368ceb7254f17b62f5e05abf8e4ce7fe3a0d8c39574532d95",
+                    "57f94f852f1a625bebfe96a57be5c6cbcb17016f786ebe1991265c442dc42103",
+                    "f98a7257bc518d66a99b78f55fbde062882e70024240e2136ef3d9ae4d85f911",
+                    "bcb654091e412f70fd2fee09794a727f4309f613eb2f03c224a559c1c338115c",
+                    "3b765b6d85b21b8304c2287d2ede993082455f64d904529dd8eb03482b5cf3b3",
+                    "edf0c17aed631d1cd31e43c1be2291b74129f2b71be868156866a31fcac6cb05",
+                    "3ee0145434048bb9dbff5a92a2083b3baae1c539a459668e34316bb75ad318de",
+                    "6557faee4a706e851f0aa28785e38dc56bfd422c4d8864c754c884163ab8ab3d",
+                    "4ce17adddc15f920b90d1f6920fb398b3a3a229d8888c454cab78263e0e95801",
+                    "31535bfd8856f9497076a79fc6bac118901275a4928e9c31bfd42641aa624a98",
+                    "70ba4783c12ca57a129c5f3ab9d85ee34f5dc753952d15b49f5c54c6f067909e",
+                    "5e59a550cc3f18a66b663286b2ad08a5612fdd34e8e1667f5229c05e3053d48d",
+                    "0e473f4bdc3a37ef888a4f44616e0c09c38b8d7fcdb617736aa8f294dd99e920",
+                    "63935268c3fd6806fc5de779b5f72358721f7dd537de53f019f3baa1cbdb3451",
+                    "0f6a595d6bfd0dc514dbde0b8be7cdb2aa1dba94a103f1c79205f0bcf9856e7f",
+                    "50e76d4936b183bf0c03761a38bf0d74e037ce72b59df8a28764b7f446675f51",
+                    "2be6e59520303b18c3c4524be67c74f8cadfe80101440fcd61d5da6a9648b48f",
+                    "1be1d57117ab25b16d4d17176062dc0cb469e25dcf2ec8c751c2104365697ae6",
+                    "411f03cb9f75856e767ff1b2c3d03464026f32943e4a193d65f8997e6bf7f0cd",
+                    "1899e0b8e3b986a5de287ba23c6e81b287078d7d17eecf30eb10b8013633f709"
+                ],
+                "mitre_attack_tags": []
+            },
+            {
+                "bi": "sample-launched-copy-of-self",
+                "hashes": [
+                    "ad9b169e3ec2bca38608c3a2a260a5c8fd7d425922c1be0480632b1853e8b800",
+                    "f23c4432eb6761d5742ca93ac63e32f554b2f609089cce6c7b128560cad7864c",
+                    "833d572bc5d010513b2db0ddf8585146717626ca0b1ed31afcf2c060a85532fc",
+                    "cdf04a526edb74c65e0bad7231b1f7aa7b387db4b4d16dbed7ea5d7ce03b3c74",
+                    "9588eea7a663c0b1afa4019215e3720191ca182b8ab3267600d3c0015b8b6f90",
+                    "834ec1bfba399fed36481af92248915e4a4f9137a3ad3d2236b9932cbf7f142b",
+                    "8512563d18fbbb08c0f925f52b57284e755f64aa11b8298ae25083b73826f98c",
+                    "58d4c099e50e96300e2041940d65fbcb8e85978a83ad7cf7457972aeb9f006ba",
+                    "c671c6ba02521a078cffc1509fd3f5864791ad7c38a89b626cd2fc9159bd3de5",
+                    "73e47ae090f62b5723ccc7a1b452e8c8b305f22734f7efac6402c9edbd49bc5c",
+                    "e76428349eaa3c7ff8417a3b892cd015a0c07a7971b4e422e21751b4f762ed79",
+                    "5d0671d8aa8a4c3eaeca7d73c197f20fa5e3698f97d9f99abf50b4e43ab1d113",
+                    "08039ef764c01600b0b21b33fb9c45031fecacfbc62ac1400a2604783c513e4d",
+                    "b1bd6d9e01e6a377172d207b9c1f0ea2a22dd5cb8d1eb453c6753d8d4d1a2879",
+                    "d8650cb35c1ae0a368ceb7254f17b62f5e05abf8e4ce7fe3a0d8c39574532d95",
+                    "57f94f852f1a625bebfe96a57be5c6cbcb17016f786ebe1991265c442dc42103",
+                    "f98a7257bc518d66a99b78f55fbde062882e70024240e2136ef3d9ae4d85f911",
+                    "bcb654091e412f70fd2fee09794a727f4309f613eb2f03c224a559c1c338115c",
+                    "3b765b6d85b21b8304c2287d2ede993082455f64d904529dd8eb03482b5cf3b3",
+                    "edf0c17aed631d1cd31e43c1be2291b74129f2b71be868156866a31fcac6cb05",
+                    "6557faee4a706e851f0aa28785e38dc56bfd422c4d8864c754c884163ab8ab3d",
+                    "4ce17adddc15f920b90d1f6920fb398b3a3a229d8888c454cab78263e0e95801",
+                    "31535bfd8856f9497076a79fc6bac118901275a4928e9c31bfd42641aa624a98",
+                    "70ba4783c12ca57a129c5f3ab9d85ee34f5dc753952d15b49f5c54c6f067909e",
+                    "5e59a550cc3f18a66b663286b2ad08a5612fdd34e8e1667f5229c05e3053d48d",
+                    "0e473f4bdc3a37ef888a4f44616e0c09c38b8d7fcdb617736aa8f294dd99e920",
+                    "63935268c3fd6806fc5de779b5f72358721f7dd537de53f019f3baa1cbdb3451",
+                    "0f6a595d6bfd0dc514dbde0b8be7cdb2aa1dba94a103f1c79205f0bcf9856e7f",
+                    "50e76d4936b183bf0c03761a38bf0d74e037ce72b59df8a28764b7f446675f51",
+                    "2be6e59520303b18c3c4524be67c74f8cadfe80101440fcd61d5da6a9648b48f",
+                    "1be1d57117ab25b16d4d17176062dc0cb469e25dcf2ec8c751c2104365697ae6",
+                    "18bc76cc05f305549fbee7757c01f897110effac971738af751815589036d5dc",
+                    "411f03cb9f75856e767ff1b2c3d03464026f32943e4a193d65f8997e6bf7f0cd",
+                    "8167bea409789e03d3483aa7497762f2c3f33ed25122fcd8b7e7b45cb9b3e919",
+                    "1899e0b8e3b986a5de287ba23c6e81b287078d7d17eecf30eb10b8013633f709"
+                ],
+                "mitre_attack_tags": [
+                    "TA0005",
+                    "T1202"
+                ]
+            },
+            {
+                "bi": "artifact-flagged-anomaly",
+                "hashes": [
+                    "ad9b169e3ec2bca38608c3a2a260a5c8fd7d425922c1be0480632b1853e8b800",
+                    "f23c4432eb6761d5742ca93ac63e32f554b2f609089cce6c7b128560cad7864c",
+                    "833d572bc5d010513b2db0ddf8585146717626ca0b1ed31afcf2c060a85532fc",
+                    "cdf04a526edb74c65e0bad7231b1f7aa7b387db4b4d16dbed7ea5d7ce03b3c74",
+                    "9588eea7a663c0b1afa4019215e3720191ca182b8ab3267600d3c0015b8b6f90",
+                    "834ec1bfba399fed36481af92248915e4a4f9137a3ad3d2236b9932cbf7f142b",
+                    "8512563d18fbbb08c0f925f52b57284e755f64aa11b8298ae25083b73826f98c",
+                    "58d4c099e50e96300e2041940d65fbcb8e85978a83ad7cf7457972aeb9f006ba",
+                    "c671c6ba02521a078cffc1509fd3f5864791ad7c38a89b626cd2fc9159bd3de5",
+                    "73e47ae090f62b5723ccc7a1b452e8c8b305f22734f7efac6402c9edbd49bc5c",
+                    "152d31444542e5096b757127ed11c3aa8aa75869c7bed47c110251d6e4dc73de",
+                    "e76428349eaa3c7ff8417a3b892cd015a0c07a7971b4e422e21751b4f762ed79",
+                    "5d0671d8aa8a4c3eaeca7d73c197f20fa5e3698f97d9f99abf50b4e43ab1d113",
+                    "08039ef764c01600b0b21b33fb9c45031fecacfbc62ac1400a2604783c513e4d",
+                    "b1bd6d9e01e6a377172d207b9c1f0ea2a22dd5cb8d1eb453c6753d8d4d1a2879",
+                    "d8650cb35c1ae0a368ceb7254f17b62f5e05abf8e4ce7fe3a0d8c39574532d95",
+                    "57f94f852f1a625bebfe96a57be5c6cbcb17016f786ebe1991265c442dc42103",
+                    "f98a7257bc518d66a99b78f55fbde062882e70024240e2136ef3d9ae4d85f911",
+                    "bcb654091e412f70fd2fee09794a727f4309f613eb2f03c224a559c1c338115c",
+                    "3b765b6d85b21b8304c2287d2ede993082455f64d904529dd8eb03482b5cf3b3",
+                    "edf0c17aed631d1cd31e43c1be2291b74129f2b71be868156866a31fcac6cb05",
+                    "3ee0145434048bb9dbff5a92a2083b3baae1c539a459668e34316bb75ad318de",
+                    "4ce17adddc15f920b90d1f6920fb398b3a3a229d8888c454cab78263e0e95801",
+                    "31535bfd8856f9497076a79fc6bac118901275a4928e9c31bfd42641aa624a98",
+                    "70ba4783c12ca57a129c5f3ab9d85ee34f5dc753952d15b49f5c54c6f067909e",
+                    "5e59a550cc3f18a66b663286b2ad08a5612fdd34e8e1667f5229c05e3053d48d",
+                    "0e473f4bdc3a37ef888a4f44616e0c09c38b8d7fcdb617736aa8f294dd99e920",
+                    "63935268c3fd6806fc5de779b5f72358721f7dd537de53f019f3baa1cbdb3451",
+                    "50e76d4936b183bf0c03761a38bf0d74e037ce72b59df8a28764b7f446675f51",
+                    "2be6e59520303b18c3c4524be67c74f8cadfe80101440fcd61d5da6a9648b48f",
+                    "1be1d57117ab25b16d4d17176062dc0cb469e25dcf2ec8c751c2104365697ae6",
+                    "411f03cb9f75856e767ff1b2c3d03464026f32943e4a193d65f8997e6bf7f0cd",
+                    "8167bea409789e03d3483aa7497762f2c3f33ed25122fcd8b7e7b45cb9b3e919"
+                ],
+                "mitre_attack_tags": [
+                    "TA0005",
+                    "T1027"
+                ]
+            },
+            {
+                "bi": "malware-darkcomet-mutex-detected",
+                "hashes": [
+                    "ad9b169e3ec2bca38608c3a2a260a5c8fd7d425922c1be0480632b1853e8b800",
+                    "f23c4432eb6761d5742ca93ac63e32f554b2f609089cce6c7b128560cad7864c",
+                    "833d572bc5d010513b2db0ddf8585146717626ca0b1ed31afcf2c060a85532fc",
+                    "cdf04a526edb74c65e0bad7231b1f7aa7b387db4b4d16dbed7ea5d7ce03b3c74",
+                    "9588eea7a663c0b1afa4019215e3720191ca182b8ab3267600d3c0015b8b6f90",
+                    "834ec1bfba399fed36481af92248915e4a4f9137a3ad3d2236b9932cbf7f142b",
+                    "8512563d18fbbb08c0f925f52b57284e755f64aa11b8298ae25083b73826f98c",
+                    "58d4c099e50e96300e2041940d65fbcb8e85978a83ad7cf7457972aeb9f006ba",
+                    "c671c6ba02521a078cffc1509fd3f5864791ad7c38a89b626cd2fc9159bd3de5",
+                    "73e47ae090f62b5723ccc7a1b452e8c8b305f22734f7efac6402c9edbd49bc5c",
+                    "152d31444542e5096b757127ed11c3aa8aa75869c7bed47c110251d6e4dc73de",
+                    "e76428349eaa3c7ff8417a3b892cd015a0c07a7971b4e422e21751b4f762ed79",
+                    "5d0671d8aa8a4c3eaeca7d73c197f20fa5e3698f97d9f99abf50b4e43ab1d113",
+                    "08039ef764c01600b0b21b33fb9c45031fecacfbc62ac1400a2604783c513e4d",
+                    "b1bd6d9e01e6a377172d207b9c1f0ea2a22dd5cb8d1eb453c6753d8d4d1a2879",
+                    "d8650cb35c1ae0a368ceb7254f17b62f5e05abf8e4ce7fe3a0d8c39574532d95",
+                    "57f94f852f1a625bebfe96a57be5c6cbcb17016f786ebe1991265c442dc42103",
+                    "f98a7257bc518d66a99b78f55fbde062882e70024240e2136ef3d9ae4d85f911",
+                    "bcb654091e412f70fd2fee09794a727f4309f613eb2f03c224a559c1c338115c",
+                    "3b765b6d85b21b8304c2287d2ede993082455f64d904529dd8eb03482b5cf3b3",
+                    "edf0c17aed631d1cd31e43c1be2291b74129f2b71be868156866a31fcac6cb05",
+                    "4ce17adddc15f920b90d1f6920fb398b3a3a229d8888c454cab78263e0e95801",
+                    "5e59a550cc3f18a66b663286b2ad08a5612fdd34e8e1667f5229c05e3053d48d",
+                    "63935268c3fd6806fc5de779b5f72358721f7dd537de53f019f3baa1cbdb3451",
+                    "2be6e59520303b18c3c4524be67c74f8cadfe80101440fcd61d5da6a9648b48f",
+                    "1be1d57117ab25b16d4d17176062dc0cb469e25dcf2ec8c751c2104365697ae6",
+                    "18bc76cc05f305549fbee7757c01f897110effac971738af751815589036d5dc",
+                    "411f03cb9f75856e767ff1b2c3d03464026f32943e4a193d65f8997e6bf7f0cd",
+                    "8167bea409789e03d3483aa7497762f2c3f33ed25122fcd8b7e7b45cb9b3e919"
+                ],
+                "mitre_attack_tags": []
+            },
+            {
+                "bi": "modified-executable",
+                "hashes": [
+                    "f23c4432eb6761d5742ca93ac63e32f554b2f609089cce6c7b128560cad7864c",
+                    "834ec1bfba399fed36481af92248915e4a4f9137a3ad3d2236b9932cbf7f142b",
+                    "152d31444542e5096b757127ed11c3aa8aa75869c7bed47c110251d6e4dc73de",
+                    "e76428349eaa3c7ff8417a3b892cd015a0c07a7971b4e422e21751b4f762ed79",
+                    "5d0671d8aa8a4c3eaeca7d73c197f20fa5e3698f97d9f99abf50b4e43ab1d113",
+                    "08039ef764c01600b0b21b33fb9c45031fecacfbc62ac1400a2604783c513e4d",
+                    "b1bd6d9e01e6a377172d207b9c1f0ea2a22dd5cb8d1eb453c6753d8d4d1a2879",
+                    "d8650cb35c1ae0a368ceb7254f17b62f5e05abf8e4ce7fe3a0d8c39574532d95",
+                    "57f94f852f1a625bebfe96a57be5c6cbcb17016f786ebe1991265c442dc42103",
+                    "f98a7257bc518d66a99b78f55fbde062882e70024240e2136ef3d9ae4d85f911",
+                    "bcb654091e412f70fd2fee09794a727f4309f613eb2f03c224a559c1c338115c",
+                    "edf0c17aed631d1cd31e43c1be2291b74129f2b71be868156866a31fcac6cb05",
+                    "6557faee4a706e851f0aa28785e38dc56bfd422c4d8864c754c884163ab8ab3d",
+                    "31535bfd8856f9497076a79fc6bac118901275a4928e9c31bfd42641aa624a98",
+                    "70ba4783c12ca57a129c5f3ab9d85ee34f5dc753952d15b49f5c54c6f067909e",
+                    "0e473f4bdc3a37ef888a4f44616e0c09c38b8d7fcdb617736aa8f294dd99e920",
+                    "0f6a595d6bfd0dc514dbde0b8be7cdb2aa1dba94a103f1c79205f0bcf9856e7f",
+                    "50e76d4936b183bf0c03761a38bf0d74e037ce72b59df8a28764b7f446675f51",
+                    "1be1d57117ab25b16d4d17176062dc0cb469e25dcf2ec8c751c2104365697ae6"
+                ],
+                "mitre_attack_tags": []
+            },
+            {
+                "bi": "registry-autorun-key-modified",
+                "hashes": [
+                    "f23c4432eb6761d5742ca93ac63e32f554b2f609089cce6c7b128560cad7864c",
+                    "834ec1bfba399fed36481af92248915e4a4f9137a3ad3d2236b9932cbf7f142b",
+                    "152d31444542e5096b757127ed11c3aa8aa75869c7bed47c110251d6e4dc73de",
+                    "e76428349eaa3c7ff8417a3b892cd015a0c07a7971b4e422e21751b4f762ed79",
+                    "5d0671d8aa8a4c3eaeca7d73c197f20fa5e3698f97d9f99abf50b4e43ab1d113",
+                    "08039ef764c01600b0b21b33fb9c45031fecacfbc62ac1400a2604783c513e4d",
+                    "b1bd6d9e01e6a377172d207b9c1f0ea2a22dd5cb8d1eb453c6753d8d4d1a2879",
+                    "d8650cb35c1ae0a368ceb7254f17b62f5e05abf8e4ce7fe3a0d8c39574532d95",
+                    "57f94f852f1a625bebfe96a57be5c6cbcb17016f786ebe1991265c442dc42103",
+                    "f98a7257bc518d66a99b78f55fbde062882e70024240e2136ef3d9ae4d85f911",
+                    "bcb654091e412f70fd2fee09794a727f4309f613eb2f03c224a559c1c338115c",
+                    "edf0c17aed631d1cd31e43c1be2291b74129f2b71be868156866a31fcac6cb05",
+                    "6557faee4a706e851f0aa28785e38dc56bfd422c4d8864c754c884163ab8ab3d",
+                    "31535bfd8856f9497076a79fc6bac118901275a4928e9c31bfd42641aa624a98",
+                    "70ba4783c12ca57a129c5f3ab9d85ee34f5dc753952d15b49f5c54c6f067909e",
+                    "0e473f4bdc3a37ef888a4f44616e0c09c38b8d7fcdb617736aa8f294dd99e920",
+                    "0f6a595d6bfd0dc514dbde0b8be7cdb2aa1dba94a103f1c79205f0bcf9856e7f",
+                    "50e76d4936b183bf0c03761a38bf0d74e037ce72b59df8a28764b7f446675f51",
+                    "1be1d57117ab25b16d4d17176062dc0cb469e25dcf2ec8c751c2104365697ae6"
+                ],
+                "mitre_attack_tags": [
+                    "TA0003",
+                    "T1060"
+                ]
+            },
+            {
+                "bi": "process-hollowing-detected",
+                "hashes": [
+                    "ad9b169e3ec2bca38608c3a2a260a5c8fd7d425922c1be0480632b1853e8b800",
+                    "f23c4432eb6761d5742ca93ac63e32f554b2f609089cce6c7b128560cad7864c",
+                    "833d572bc5d010513b2db0ddf8585146717626ca0b1ed31afcf2c060a85532fc",
+                    "cdf04a526edb74c65e0bad7231b1f7aa7b387db4b4d16dbed7ea5d7ce03b3c74",
+                    "8512563d18fbbb08c0f925f52b57284e755f64aa11b8298ae25083b73826f98c",
+                    "58d4c099e50e96300e2041940d65fbcb8e85978a83ad7cf7457972aeb9f006ba",
+                    "73e47ae090f62b5723ccc7a1b452e8c8b305f22734f7efac6402c9edbd49bc5c",
+                    "152d31444542e5096b757127ed11c3aa8aa75869c7bed47c110251d6e4dc73de",
+                    "e76428349eaa3c7ff8417a3b892cd015a0c07a7971b4e422e21751b4f762ed79",
+                    "08039ef764c01600b0b21b33fb9c45031fecacfbc62ac1400a2604783c513e4d",
+                    "b1bd6d9e01e6a377172d207b9c1f0ea2a22dd5cb8d1eb453c6753d8d4d1a2879",
+                    "57f94f852f1a625bebfe96a57be5c6cbcb17016f786ebe1991265c442dc42103",
+                    "bcb654091e412f70fd2fee09794a727f4309f613eb2f03c224a559c1c338115c",
+                    "6557faee4a706e851f0aa28785e38dc56bfd422c4d8864c754c884163ab8ab3d",
+                    "31535bfd8856f9497076a79fc6bac118901275a4928e9c31bfd42641aa624a98",
+                    "0e473f4bdc3a37ef888a4f44616e0c09c38b8d7fcdb617736aa8f294dd99e920",
+                    "63935268c3fd6806fc5de779b5f72358721f7dd537de53f019f3baa1cbdb3451",
+                    "2be6e59520303b18c3c4524be67c74f8cadfe80101440fcd61d5da6a9648b48f"
+                ],
+                "mitre_attack_tags": [
+                    "TA0005",
+                    "T1093"
+                ]
+            },
+            {
+                "bi": "modified-file-in-user-dir",
+                "hashes": [
+                    "f23c4432eb6761d5742ca93ac63e32f554b2f609089cce6c7b128560cad7864c",
+                    "834ec1bfba399fed36481af92248915e4a4f9137a3ad3d2236b9932cbf7f142b",
+                    "152d31444542e5096b757127ed11c3aa8aa75869c7bed47c110251d6e4dc73de",
+                    "e76428349eaa3c7ff8417a3b892cd015a0c07a7971b4e422e21751b4f762ed79",
+                    "08039ef764c01600b0b21b33fb9c45031fecacfbc62ac1400a2604783c513e4d",
+                    "b1bd6d9e01e6a377172d207b9c1f0ea2a22dd5cb8d1eb453c6753d8d4d1a2879",
+                    "d8650cb35c1ae0a368ceb7254f17b62f5e05abf8e4ce7fe3a0d8c39574532d95",
+                    "57f94f852f1a625bebfe96a57be5c6cbcb17016f786ebe1991265c442dc42103",
+                    "f98a7257bc518d66a99b78f55fbde062882e70024240e2136ef3d9ae4d85f911",
+                    "bcb654091e412f70fd2fee09794a727f4309f613eb2f03c224a559c1c338115c",
+                    "6557faee4a706e851f0aa28785e38dc56bfd422c4d8864c754c884163ab8ab3d",
+                    "31535bfd8856f9497076a79fc6bac118901275a4928e9c31bfd42641aa624a98",
+                    "70ba4783c12ca57a129c5f3ab9d85ee34f5dc753952d15b49f5c54c6f067909e",
+                    "0e473f4bdc3a37ef888a4f44616e0c09c38b8d7fcdb617736aa8f294dd99e920",
+                    "50e76d4936b183bf0c03761a38bf0d74e037ce72b59df8a28764b7f446675f51",
+                    "1be1d57117ab25b16d4d17176062dc0cb469e25dcf2ec8c751c2104365697ae6",
+                    "1899e0b8e3b986a5de287ba23c6e81b287078d7d17eecf30eb10b8013633f709"
+                ],
+                "mitre_attack_tags": []
+            },
+            {
+                "bi": "process-requested-softice",
+                "hashes": [
+                    "ad9b169e3ec2bca38608c3a2a260a5c8fd7d425922c1be0480632b1853e8b800",
+                    "833d572bc5d010513b2db0ddf8585146717626ca0b1ed31afcf2c060a85532fc",
+                    "cdf04a526edb74c65e0bad7231b1f7aa7b387db4b4d16dbed7ea5d7ce03b3c74",
+                    "9588eea7a663c0b1afa4019215e3720191ca182b8ab3267600d3c0015b8b6f90",
+                    "8512563d18fbbb08c0f925f52b57284e755f64aa11b8298ae25083b73826f98c",
+                    "58d4c099e50e96300e2041940d65fbcb8e85978a83ad7cf7457972aeb9f006ba",
+                    "c671c6ba02521a078cffc1509fd3f5864791ad7c38a89b626cd2fc9159bd3de5",
+                    "73e47ae090f62b5723ccc7a1b452e8c8b305f22734f7efac6402c9edbd49bc5c",
+                    "4ce17adddc15f920b90d1f6920fb398b3a3a229d8888c454cab78263e0e95801",
+                    "5e59a550cc3f18a66b663286b2ad08a5612fdd34e8e1667f5229c05e3053d48d",
+                    "63935268c3fd6806fc5de779b5f72358721f7dd537de53f019f3baa1cbdb3451",
+                    "2be6e59520303b18c3c4524be67c74f8cadfe80101440fcd61d5da6a9648b48f",
+                    "18bc76cc05f305549fbee7757c01f897110effac971738af751815589036d5dc",
+                    "411f03cb9f75856e767ff1b2c3d03464026f32943e4a193d65f8997e6bf7f0cd",
+                    "8167bea409789e03d3483aa7497762f2c3f33ed25122fcd8b7e7b45cb9b3e919"
+                ],
+                "mitre_attack_tags": [
+                    "TA0007",
+                    "T1497"
+                ]
+            },
+            {
+                "bi": "antivirus-flagged-artifact",
+                "hashes": [
+                    "152d31444542e5096b757127ed11c3aa8aa75869c7bed47c110251d6e4dc73de",
+                    "5d0671d8aa8a4c3eaeca7d73c197f20fa5e3698f97d9f99abf50b4e43ab1d113",
+                    "08039ef764c01600b0b21b33fb9c45031fecacfbc62ac1400a2604783c513e4d",
+                    "b1bd6d9e01e6a377172d207b9c1f0ea2a22dd5cb8d1eb453c6753d8d4d1a2879",
+                    "d8650cb35c1ae0a368ceb7254f17b62f5e05abf8e4ce7fe3a0d8c39574532d95",
+                    "57f94f852f1a625bebfe96a57be5c6cbcb17016f786ebe1991265c442dc42103",
+                    "f98a7257bc518d66a99b78f55fbde062882e70024240e2136ef3d9ae4d85f911",
+                    "bcb654091e412f70fd2fee09794a727f4309f613eb2f03c224a559c1c338115c",
+                    "3b765b6d85b21b8304c2287d2ede993082455f64d904529dd8eb03482b5cf3b3",
+                    "edf0c17aed631d1cd31e43c1be2291b74129f2b71be868156866a31fcac6cb05",
+                    "31535bfd8856f9497076a79fc6bac118901275a4928e9c31bfd42641aa624a98",
+                    "70ba4783c12ca57a129c5f3ab9d85ee34f5dc753952d15b49f5c54c6f067909e",
+                    "0e473f4bdc3a37ef888a4f44616e0c09c38b8d7fcdb617736aa8f294dd99e920",
+                    "50e76d4936b183bf0c03761a38bf0d74e037ce72b59df8a28764b7f446675f51"
+                ],
+                "mitre_attack_tags": []
+            },
+            {
+                "bi": "created-executable-in-user-dir",
+                "hashes": [
+                    "152d31444542e5096b757127ed11c3aa8aa75869c7bed47c110251d6e4dc73de",
+                    "e76428349eaa3c7ff8417a3b892cd015a0c07a7971b4e422e21751b4f762ed79",
+                    "08039ef764c01600b0b21b33fb9c45031fecacfbc62ac1400a2604783c513e4d",
+                    "b1bd6d9e01e6a377172d207b9c1f0ea2a22dd5cb8d1eb453c6753d8d4d1a2879",
+                    "d8650cb35c1ae0a368ceb7254f17b62f5e05abf8e4ce7fe3a0d8c39574532d95",
+                    "57f94f852f1a625bebfe96a57be5c6cbcb17016f786ebe1991265c442dc42103",
+                    "f98a7257bc518d66a99b78f55fbde062882e70024240e2136ef3d9ae4d85f911",
+                    "bcb654091e412f70fd2fee09794a727f4309f613eb2f03c224a559c1c338115c",
+                    "6557faee4a706e851f0aa28785e38dc56bfd422c4d8864c754c884163ab8ab3d",
+                    "31535bfd8856f9497076a79fc6bac118901275a4928e9c31bfd42641aa624a98",
+                    "70ba4783c12ca57a129c5f3ab9d85ee34f5dc753952d15b49f5c54c6f067909e",
+                    "0e473f4bdc3a37ef888a4f44616e0c09c38b8d7fcdb617736aa8f294dd99e920",
+                    "50e76d4936b183bf0c03761a38bf0d74e037ce72b59df8a28764b7f446675f51",
+                    "1be1d57117ab25b16d4d17176062dc0cb469e25dcf2ec8c751c2104365697ae6"
+                ],
+                "mitre_attack_tags": []
+            },
+            {
+                "bi": "malware-known-trojan-av",
+                "hashes": [
+                    "152d31444542e5096b757127ed11c3aa8aa75869c7bed47c110251d6e4dc73de",
+                    "5d0671d8aa8a4c3eaeca7d73c197f20fa5e3698f97d9f99abf50b4e43ab1d113",
+                    "08039ef764c01600b0b21b33fb9c45031fecacfbc62ac1400a2604783c513e4d",
+                    "b1bd6d9e01e6a377172d207b9c1f0ea2a22dd5cb8d1eb453c6753d8d4d1a2879",
+                    "d8650cb35c1ae0a368ceb7254f17b62f5e05abf8e4ce7fe3a0d8c39574532d95",
+                    "57f94f852f1a625bebfe96a57be5c6cbcb17016f786ebe1991265c442dc42103",
+                    "f98a7257bc518d66a99b78f55fbde062882e70024240e2136ef3d9ae4d85f911",
+                    "bcb654091e412f70fd2fee09794a727f4309f613eb2f03c224a559c1c338115c",
+                    "3b765b6d85b21b8304c2287d2ede993082455f64d904529dd8eb03482b5cf3b3",
+                    "edf0c17aed631d1cd31e43c1be2291b74129f2b71be868156866a31fcac6cb05",
+                    "31535bfd8856f9497076a79fc6bac118901275a4928e9c31bfd42641aa624a98",
+                    "70ba4783c12ca57a129c5f3ab9d85ee34f5dc753952d15b49f5c54c6f067909e",
+                    "0e473f4bdc3a37ef888a4f44616e0c09c38b8d7fcdb617736aa8f294dd99e920",
+                    "50e76d4936b183bf0c03761a38bf0d74e037ce72b59df8a28764b7f446675f51"
+                ],
+                "mitre_attack_tags": []
+            },
+            {
+                "bi": "network-dns-category-dynamic",
+                "hashes": [
+                    "834ec1bfba399fed36481af92248915e4a4f9137a3ad3d2236b9932cbf7f142b",
+                    "152d31444542e5096b757127ed11c3aa8aa75869c7bed47c110251d6e4dc73de",
+                    "5d0671d8aa8a4c3eaeca7d73c197f20fa5e3698f97d9f99abf50b4e43ab1d113",
+                    "b1bd6d9e01e6a377172d207b9c1f0ea2a22dd5cb8d1eb453c6753d8d4d1a2879",
+                    "d8650cb35c1ae0a368ceb7254f17b62f5e05abf8e4ce7fe3a0d8c39574532d95",
+                    "6557faee4a706e851f0aa28785e38dc56bfd422c4d8864c754c884163ab8ab3d",
+                    "31535bfd8856f9497076a79fc6bac118901275a4928e9c31bfd42641aa624a98",
+                    "70ba4783c12ca57a129c5f3ab9d85ee34f5dc753952d15b49f5c54c6f067909e",
+                    "0e473f4bdc3a37ef888a4f44616e0c09c38b8d7fcdb617736aa8f294dd99e920",
+                    "0f6a595d6bfd0dc514dbde0b8be7cdb2aa1dba94a103f1c79205f0bcf9856e7f",
+                    "1be1d57117ab25b16d4d17176062dc0cb469e25dcf2ec8c751c2104365697ae6"
+                ],
+                "mitre_attack_tags": []
+            },
+            {
+                "bi": "malware-darkcomet-registry-detected",
+                "hashes": [
+                    "152d31444542e5096b757127ed11c3aa8aa75869c7bed47c110251d6e4dc73de",
+                    "e76428349eaa3c7ff8417a3b892cd015a0c07a7971b4e422e21751b4f762ed79",
+                    "5d0671d8aa8a4c3eaeca7d73c197f20fa5e3698f97d9f99abf50b4e43ab1d113",
+                    "08039ef764c01600b0b21b33fb9c45031fecacfbc62ac1400a2604783c513e4d",
+                    "b1bd6d9e01e6a377172d207b9c1f0ea2a22dd5cb8d1eb453c6753d8d4d1a2879",
+                    "d8650cb35c1ae0a368ceb7254f17b62f5e05abf8e4ce7fe3a0d8c39574532d95",
+                    "57f94f852f1a625bebfe96a57be5c6cbcb17016f786ebe1991265c442dc42103",
+                    "f98a7257bc518d66a99b78f55fbde062882e70024240e2136ef3d9ae4d85f911",
+                    "bcb654091e412f70fd2fee09794a727f4309f613eb2f03c224a559c1c338115c",
+                    "3b765b6d85b21b8304c2287d2ede993082455f64d904529dd8eb03482b5cf3b3",
+                    "edf0c17aed631d1cd31e43c1be2291b74129f2b71be868156866a31fcac6cb05"
+                ],
+                "mitre_attack_tags": []
+            },
+            {
+                "bi": "network-dns-safe-categories",
+                "hashes": [
+                    "f23c4432eb6761d5742ca93ac63e32f554b2f609089cce6c7b128560cad7864c",
+                    "5d0671d8aa8a4c3eaeca7d73c197f20fa5e3698f97d9f99abf50b4e43ab1d113",
+                    "08039ef764c01600b0b21b33fb9c45031fecacfbc62ac1400a2604783c513e4d",
+                    "57f94f852f1a625bebfe96a57be5c6cbcb17016f786ebe1991265c442dc42103",
+                    "bcb654091e412f70fd2fee09794a727f4309f613eb2f03c224a559c1c338115c",
+                    "31535bfd8856f9497076a79fc6bac118901275a4928e9c31bfd42641aa624a98",
+                    "70ba4783c12ca57a129c5f3ab9d85ee34f5dc753952d15b49f5c54c6f067909e",
+                    "0e473f4bdc3a37ef888a4f44616e0c09c38b8d7fcdb617736aa8f294dd99e920",
+                    "0f6a595d6bfd0dc514dbde0b8be7cdb2aa1dba94a103f1c79205f0bcf9856e7f",
+                    "1be1d57117ab25b16d4d17176062dc0cb469e25dcf2ec8c751c2104365697ae6"
+                ],
+                "mitre_attack_tags": []
+            },
+            {
+                "bi": "hook-installed",
+                "hashes": [
+                    "152d31444542e5096b757127ed11c3aa8aa75869c7bed47c110251d6e4dc73de",
+                    "5d0671d8aa8a4c3eaeca7d73c197f20fa5e3698f97d9f99abf50b4e43ab1d113",
+                    "08039ef764c01600b0b21b33fb9c45031fecacfbc62ac1400a2604783c513e4d",
+                    "b1bd6d9e01e6a377172d207b9c1f0ea2a22dd5cb8d1eb453c6753d8d4d1a2879",
+                    "d8650cb35c1ae0a368ceb7254f17b62f5e05abf8e4ce7fe3a0d8c39574532d95",
+                    "57f94f852f1a625bebfe96a57be5c6cbcb17016f786ebe1991265c442dc42103",
+                    "f98a7257bc518d66a99b78f55fbde062882e70024240e2136ef3d9ae4d85f911",
+                    "bcb654091e412f70fd2fee09794a727f4309f613eb2f03c224a559c1c338115c",
+                    "3b765b6d85b21b8304c2287d2ede993082455f64d904529dd8eb03482b5cf3b3",
+                    "edf0c17aed631d1cd31e43c1be2291b74129f2b71be868156866a31fcac6cb05"
+                ],
+                "mitre_attack_tags": [
+                    "TA0006",
+                    "TA0003",
+                    "TA0004",
+                    "T1056",
+                    "T1179"
+                ]
+            },
+            {
+                "bi": "artifact-memory-vm-detect",
+                "hashes": [
+                    "152d31444542e5096b757127ed11c3aa8aa75869c7bed47c110251d6e4dc73de",
+                    "5d0671d8aa8a4c3eaeca7d73c197f20fa5e3698f97d9f99abf50b4e43ab1d113",
+                    "08039ef764c01600b0b21b33fb9c45031fecacfbc62ac1400a2604783c513e4d",
+                    "b1bd6d9e01e6a377172d207b9c1f0ea2a22dd5cb8d1eb453c6753d8d4d1a2879",
+                    "d8650cb35c1ae0a368ceb7254f17b62f5e05abf8e4ce7fe3a0d8c39574532d95",
+                    "57f94f852f1a625bebfe96a57be5c6cbcb17016f786ebe1991265c442dc42103",
+                    "f98a7257bc518d66a99b78f55fbde062882e70024240e2136ef3d9ae4d85f911",
+                    "bcb654091e412f70fd2fee09794a727f4309f613eb2f03c224a559c1c338115c",
+                    "3b765b6d85b21b8304c2287d2ede993082455f64d904529dd8eb03482b5cf3b3",
+                    "edf0c17aed631d1cd31e43c1be2291b74129f2b71be868156866a31fcac6cb05"
+                ],
+                "mitre_attack_tags": [
+                    "TA0005",
+                    "T1497"
+                ]
+            },
+            {
+                "bi": "registry-winlogon-key-modified-nt",
+                "hashes": [
+                    "152d31444542e5096b757127ed11c3aa8aa75869c7bed47c110251d6e4dc73de",
+                    "e76428349eaa3c7ff8417a3b892cd015a0c07a7971b4e422e21751b4f762ed79",
+                    "5d0671d8aa8a4c3eaeca7d73c197f20fa5e3698f97d9f99abf50b4e43ab1d113",
+                    "08039ef764c01600b0b21b33fb9c45031fecacfbc62ac1400a2604783c513e4d",
+                    "b1bd6d9e01e6a377172d207b9c1f0ea2a22dd5cb8d1eb453c6753d8d4d1a2879",
+                    "d8650cb35c1ae0a368ceb7254f17b62f5e05abf8e4ce7fe3a0d8c39574532d95",
+                    "57f94f852f1a625bebfe96a57be5c6cbcb17016f786ebe1991265c442dc42103",
+                    "f98a7257bc518d66a99b78f55fbde062882e70024240e2136ef3d9ae4d85f911",
+                    "bcb654091e412f70fd2fee09794a727f4309f613eb2f03c224a559c1c338115c",
+                    "edf0c17aed631d1cd31e43c1be2291b74129f2b71be868156866a31fcac6cb05"
+                ],
+                "mitre_attack_tags": [
+                    "TA0003",
+                    "T1112"
+                ]
+            },
+            {
+                "bi": "malware-darkcomet-detected",
+                "hashes": [
+                    "152d31444542e5096b757127ed11c3aa8aa75869c7bed47c110251d6e4dc73de",
+                    "5d0671d8aa8a4c3eaeca7d73c197f20fa5e3698f97d9f99abf50b4e43ab1d113",
+                    "08039ef764c01600b0b21b33fb9c45031fecacfbc62ac1400a2604783c513e4d",
+                    "b1bd6d9e01e6a377172d207b9c1f0ea2a22dd5cb8d1eb453c6753d8d4d1a2879",
+                    "d8650cb35c1ae0a368ceb7254f17b62f5e05abf8e4ce7fe3a0d8c39574532d95",
+                    "57f94f852f1a625bebfe96a57be5c6cbcb17016f786ebe1991265c442dc42103",
+                    "f98a7257bc518d66a99b78f55fbde062882e70024240e2136ef3d9ae4d85f911",
+                    "bcb654091e412f70fd2fee09794a727f4309f613eb2f03c224a559c1c338115c",
+                    "3b765b6d85b21b8304c2287d2ede993082455f64d904529dd8eb03482b5cf3b3",
+                    "edf0c17aed631d1cd31e43c1be2291b74129f2b71be868156866a31fcac6cb05"
+                ],
+                "mitre_attack_tags": []
+            },
+            {
+                "bi": "network-fast-flux-nameserver",
+                "hashes": [
+                    "f23c4432eb6761d5742ca93ac63e32f554b2f609089cce6c7b128560cad7864c",
+                    "08039ef764c01600b0b21b33fb9c45031fecacfbc62ac1400a2604783c513e4d",
+                    "57f94f852f1a625bebfe96a57be5c6cbcb17016f786ebe1991265c442dc42103",
+                    "bcb654091e412f70fd2fee09794a727f4309f613eb2f03c224a559c1c338115c",
+                    "31535bfd8856f9497076a79fc6bac118901275a4928e9c31bfd42641aa624a98",
+                    "70ba4783c12ca57a129c5f3ab9d85ee34f5dc753952d15b49f5c54c6f067909e",
+                    "0e473f4bdc3a37ef888a4f44616e0c09c38b8d7fcdb617736aa8f294dd99e920",
+                    "0f6a595d6bfd0dc514dbde0b8be7cdb2aa1dba94a103f1c79205f0bcf9856e7f",
+                    "1be1d57117ab25b16d4d17176062dc0cb469e25dcf2ec8c751c2104365697ae6"
+                ],
+                "mitre_attack_tags": []
+            },
+            {
+                "bi": "modified-file-in-system-dir",
+                "hashes": [
+                    "f23c4432eb6761d5742ca93ac63e32f554b2f609089cce6c7b128560cad7864c",
+                    "834ec1bfba399fed36481af92248915e4a4f9137a3ad3d2236b9932cbf7f142b",
+                    "5d0671d8aa8a4c3eaeca7d73c197f20fa5e3698f97d9f99abf50b4e43ab1d113",
+                    "edf0c17aed631d1cd31e43c1be2291b74129f2b71be868156866a31fcac6cb05",
+                    "0f6a595d6bfd0dc514dbde0b8be7cdb2aa1dba94a103f1c79205f0bcf9856e7f",
+                    "50e76d4936b183bf0c03761a38bf0d74e037ce72b59df8a28764b7f446675f51",
+                    "1be1d57117ab25b16d4d17176062dc0cb469e25dcf2ec8c751c2104365697ae6"
+                ],
+                "mitre_attack_tags": []
+            },
+            {
+                "bi": "windows-util-attrib-hide",
+                "hashes": [
+                    "152d31444542e5096b757127ed11c3aa8aa75869c7bed47c110251d6e4dc73de",
+                    "e76428349eaa3c7ff8417a3b892cd015a0c07a7971b4e422e21751b4f762ed79",
+                    "08039ef764c01600b0b21b33fb9c45031fecacfbc62ac1400a2604783c513e4d",
+                    "57f94f852f1a625bebfe96a57be5c6cbcb17016f786ebe1991265c442dc42103",
+                    "bcb654091e412f70fd2fee09794a727f4309f613eb2f03c224a559c1c338115c"
+                ],
+                "mitre_attack_tags": [
+                    "TA0005",
+                    "T1158"
+                ]
+            },
+            {
+                "bi": "file-attribute-modification",
+                "hashes": [
+                    "152d31444542e5096b757127ed11c3aa8aa75869c7bed47c110251d6e4dc73de",
+                    "e76428349eaa3c7ff8417a3b892cd015a0c07a7971b4e422e21751b4f762ed79",
+                    "08039ef764c01600b0b21b33fb9c45031fecacfbc62ac1400a2604783c513e4d",
+                    "57f94f852f1a625bebfe96a57be5c6cbcb17016f786ebe1991265c442dc42103",
+                    "bcb654091e412f70fd2fee09794a727f4309f613eb2f03c224a559c1c338115c"
+                ],
+                "mitre_attack_tags": [
+                    "TA0005",
+                    "T1096"
+                ]
+            },
+            {
+                "bi": "registry-autorun-key-data-dir",
+                "hashes": [
+                    "d8650cb35c1ae0a368ceb7254f17b62f5e05abf8e4ce7fe3a0d8c39574532d95",
+                    "6557faee4a706e851f0aa28785e38dc56bfd422c4d8864c754c884163ab8ab3d",
+                    "31535bfd8856f9497076a79fc6bac118901275a4928e9c31bfd42641aa624a98",
+                    "70ba4783c12ca57a129c5f3ab9d85ee34f5dc753952d15b49f5c54c6f067909e",
+                    "0e473f4bdc3a37ef888a4f44616e0c09c38b8d7fcdb617736aa8f294dd99e920"
+                ],
+                "mitre_attack_tags": [
+                    "TA0003",
+                    "T1060"
+                ]
+            },
+            {
+                "bi": "unsigned-roaming-execution",
+                "hashes": [
+                    "d8650cb35c1ae0a368ceb7254f17b62f5e05abf8e4ce7fe3a0d8c39574532d95",
+                    "6557faee4a706e851f0aa28785e38dc56bfd422c4d8864c754c884163ab8ab3d",
+                    "31535bfd8856f9497076a79fc6bac118901275a4928e9c31bfd42641aa624a98",
+                    "70ba4783c12ca57a129c5f3ab9d85ee34f5dc753952d15b49f5c54c6f067909e",
+                    "0e473f4bdc3a37ef888a4f44616e0c09c38b8d7fcdb617736aa8f294dd99e920"
+                ],
+                "mitre_attack_tags": [
+                    "TA0005"
+                ]
+            },
+            {
+                "bi": "dns-dynamic-domain",
+                "hashes": [
+                    "f23c4432eb6761d5742ca93ac63e32f554b2f609089cce6c7b128560cad7864c",
+                    "08039ef764c01600b0b21b33fb9c45031fecacfbc62ac1400a2604783c513e4d",
+                    "57f94f852f1a625bebfe96a57be5c6cbcb17016f786ebe1991265c442dc42103",
+                    "bcb654091e412f70fd2fee09794a727f4309f613eb2f03c224a559c1c338115c"
+                ],
+                "mitre_attack_tags": [
+                    "TA0011",
+                    "TA0005"
+                ]
+            },
+            {
+                "bi": "registry-activesetup-key-modified",
+                "hashes": [
+                    "f23c4432eb6761d5742ca93ac63e32f554b2f609089cce6c7b128560cad7864c",
+                    "834ec1bfba399fed36481af92248915e4a4f9137a3ad3d2236b9932cbf7f142b",
+                    "0f6a595d6bfd0dc514dbde0b8be7cdb2aa1dba94a103f1c79205f0bcf9856e7f",
+                    "1be1d57117ab25b16d4d17176062dc0cb469e25dcf2ec8c751c2104365697ae6"
+                ],
+                "mitre_attack_tags": [
+                    "TA0003",
+                    "T1060"
+                ]
+            },
+            {
+                "bi": "feed-domain-antivirus-service",
+                "hashes": [
+                    "834ec1bfba399fed36481af92248915e4a4f9137a3ad3d2236b9932cbf7f142b",
+                    "d8650cb35c1ae0a368ceb7254f17b62f5e05abf8e4ce7fe3a0d8c39574532d95",
+                    "6557faee4a706e851f0aa28785e38dc56bfd422c4d8864c754c884163ab8ab3d",
+                    "1899e0b8e3b986a5de287ba23c6e81b287078d7d17eecf30eb10b8013633f709"
+                ],
+                "mitre_attack_tags": []
+            },
+            {
+                "bi": "registry-service-autostart-disabled",
+                "hashes": [
+                    "152d31444542e5096b757127ed11c3aa8aa75869c7bed47c110251d6e4dc73de",
+                    "e76428349eaa3c7ff8417a3b892cd015a0c07a7971b4e422e21751b4f762ed79",
+                    "d8650cb35c1ae0a368ceb7254f17b62f5e05abf8e4ce7fe3a0d8c39574532d95",
+                    "edf0c17aed631d1cd31e43c1be2291b74129f2b71be868156866a31fcac6cb05"
+                ],
+                "mitre_attack_tags": [
+                    "TA0003",
+                    "T1112",
+                    "T1489",
+                    "T1058"
+                ]
+            },
+            {
+                "bi": "pe-packed-upx",
+                "hashes": [
+                    "6557faee4a706e851f0aa28785e38dc56bfd422c4d8864c754c884163ab8ab3d",
+                    "31535bfd8856f9497076a79fc6bac118901275a4928e9c31bfd42641aa624a98",
+                    "70ba4783c12ca57a129c5f3ab9d85ee34f5dc753952d15b49f5c54c6f067909e",
+                    "0e473f4bdc3a37ef888a4f44616e0c09c38b8d7fcdb617736aa8f294dd99e920"
+                ],
+                "mitre_attack_tags": [
+                    "TA0005",
+                    "T1027"
+                ]
+            },
+            {
+                "bi": "modified-file-on-usb",
+                "hashes": [
+                    "31535bfd8856f9497076a79fc6bac118901275a4928e9c31bfd42641aa624a98",
+                    "70ba4783c12ca57a129c5f3ab9d85ee34f5dc753952d15b49f5c54c6f067909e",
+                    "0e473f4bdc3a37ef888a4f44616e0c09c38b8d7fcdb617736aa8f294dd99e920",
+                    "50e76d4936b183bf0c03761a38bf0d74e037ce72b59df8a28764b7f446675f51"
+                ],
+                "mitre_attack_tags": [
+                    "TA0011",
+                    "T1092"
+                ]
+            },
+            {
+                "bi": "process-explorer-suspicious-launch",
+                "hashes": [
+                    "f23c4432eb6761d5742ca93ac63e32f554b2f609089cce6c7b128560cad7864c",
+                    "834ec1bfba399fed36481af92248915e4a4f9137a3ad3d2236b9932cbf7f142b",
+                    "1be1d57117ab25b16d4d17176062dc0cb469e25dcf2ec8c751c2104365697ae6"
+                ],
+                "mitre_attack_tags": [
+                    "TA0005",
+                    "T1055"
+                ]
+            },
+            {
+                "bi": "dns-query-nxdomain",
+                "hashes": [
+                    "834ec1bfba399fed36481af92248915e4a4f9137a3ad3d2236b9932cbf7f142b",
+                    "d8650cb35c1ae0a368ceb7254f17b62f5e05abf8e4ce7fe3a0d8c39574532d95",
+                    "6557faee4a706e851f0aa28785e38dc56bfd422c4d8864c754c884163ab8ab3d"
+                ],
+                "mitre_attack_tags": []
+            },
+            {
+                "bi": "registry-autorun-key-temp-dir",
+                "hashes": [
+                    "152d31444542e5096b757127ed11c3aa8aa75869c7bed47c110251d6e4dc73de",
+                    "b1bd6d9e01e6a377172d207b9c1f0ea2a22dd5cb8d1eb453c6753d8d4d1a2879",
+                    "50e76d4936b183bf0c03761a38bf0d74e037ce72b59df8a28764b7f446675f51"
+                ],
+                "mitre_attack_tags": [
+                    "TA0003",
+                    "T1060"
+                ]
+            },
+            {
+                "bi": "pe-encrypted-section",
+                "hashes": [
+                    "31535bfd8856f9497076a79fc6bac118901275a4928e9c31bfd42641aa624a98",
+                    "70ba4783c12ca57a129c5f3ab9d85ee34f5dc753952d15b49f5c54c6f067909e",
+                    "0e473f4bdc3a37ef888a4f44616e0c09c38b8d7fcdb617736aa8f294dd99e920"
+                ],
+                "mitre_attack_tags": [
+                    "TA0005",
+                    "T1027"
+                ]
+            },
+            {
+                "bi": "pe-filename-mismatch",
+                "hashes": [
+                    "31535bfd8856f9497076a79fc6bac118901275a4928e9c31bfd42641aa624a98",
+                    "70ba4783c12ca57a129c5f3ab9d85ee34f5dc753952d15b49f5c54c6f067909e",
+                    "0e473f4bdc3a37ef888a4f44616e0c09c38b8d7fcdb617736aa8f294dd99e920"
+                ],
+                "mitre_attack_tags": []
+            },
+            {
+                "bi": "pe-section-execute-writable",
+                "hashes": [
+                    "31535bfd8856f9497076a79fc6bac118901275a4928e9c31bfd42641aa624a98",
+                    "70ba4783c12ca57a129c5f3ab9d85ee34f5dc753952d15b49f5c54c6f067909e",
+                    "0e473f4bdc3a37ef888a4f44616e0c09c38b8d7fcdb617736aa8f294dd99e920"
+                ],
+                "mitre_attack_tags": [
+                    "TA0005",
+                    "T1027"
+                ]
+            },
+            {
+                "bi": "file-ini-read",
+                "hashes": [
+                    "31535bfd8856f9497076a79fc6bac118901275a4928e9c31bfd42641aa624a98",
+                    "70ba4783c12ca57a129c5f3ab9d85ee34f5dc753952d15b49f5c54c6f067909e",
+                    "0e473f4bdc3a37ef888a4f44616e0c09c38b8d7fcdb617736aa8f294dd99e920"
+                ],
+                "mitre_attack_tags": []
+            },
+            {
+                "bi": "pe-uses-visual-basic",
+                "hashes": [
+                    "31535bfd8856f9497076a79fc6bac118901275a4928e9c31bfd42641aa624a98",
+                    "70ba4783c12ca57a129c5f3ab9d85ee34f5dc753952d15b49f5c54c6f067909e",
+                    "0e473f4bdc3a37ef888a4f44616e0c09c38b8d7fcdb617736aa8f294dd99e920"
+                ],
+                "mitre_attack_tags": []
+            },
+            {
+                "bi": "firefox-password-manager-local-database-access",
+                "hashes": [
+                    "31535bfd8856f9497076a79fc6bac118901275a4928e9c31bfd42641aa624a98",
+                    "70ba4783c12ca57a129c5f3ab9d85ee34f5dc753952d15b49f5c54c6f067909e",
+                    "0e473f4bdc3a37ef888a4f44616e0c09c38b8d7fcdb617736aa8f294dd99e920"
+                ],
+                "mitre_attack_tags": [
+                    "TA0006",
+                    "T1003"
+                ]
+            },
+            {
+                "bi": "enumeration-browser-information",
+                "hashes": [
+                    "31535bfd8856f9497076a79fc6bac118901275a4928e9c31bfd42641aa624a98",
+                    "70ba4783c12ca57a129c5f3ab9d85ee34f5dc753952d15b49f5c54c6f067909e",
+                    "0e473f4bdc3a37ef888a4f44616e0c09c38b8d7fcdb617736aa8f294dd99e920"
+                ],
+                "mitre_attack_tags": [
+                    "TA0007",
+                    "TA0006",
+                    "T1003",
+                    "T1217"
+                ]
+            },
+            {
+                "bi": "files-deleted-used-batch",
+                "hashes": [
+                    "31535bfd8856f9497076a79fc6bac118901275a4928e9c31bfd42641aa624a98",
+                    "70ba4783c12ca57a129c5f3ab9d85ee34f5dc753952d15b49f5c54c6f067909e",
+                    "0e473f4bdc3a37ef888a4f44616e0c09c38b8d7fcdb617736aa8f294dd99e920"
+                ],
+                "mitre_attack_tags": [
+                    "TA0005",
+                    "T1107"
+                ]
+            },
+            {
+                "bi": "cmd-exe-file-execution",
+                "hashes": [
+                    "31535bfd8856f9497076a79fc6bac118901275a4928e9c31bfd42641aa624a98",
+                    "70ba4783c12ca57a129c5f3ab9d85ee34f5dc753952d15b49f5c54c6f067909e",
+                    "0e473f4bdc3a37ef888a4f44616e0c09c38b8d7fcdb617736aa8f294dd99e920"
+                ],
+                "mitre_attack_tags": [
+                    "TA0002",
+                    "T1059"
+                ]
+            },
+            {
+                "bi": "process-check-opera-appdata-folder",
+                "hashes": [
+                    "31535bfd8856f9497076a79fc6bac118901275a4928e9c31bfd42641aa624a98",
+                    "70ba4783c12ca57a129c5f3ab9d85ee34f5dc753952d15b49f5c54c6f067909e",
+                    "0e473f4bdc3a37ef888a4f44616e0c09c38b8d7fcdb617736aa8f294dd99e920"
+                ],
+                "mitre_attack_tags": [
+                    "TA0007",
+                    "T1083"
+                ]
+            },
+            {
+                "bi": "usb-drive-autoplay-modification",
+                "hashes": [
+                    "31535bfd8856f9497076a79fc6bac118901275a4928e9c31bfd42641aa624a98",
+                    "70ba4783c12ca57a129c5f3ab9d85ee34f5dc753952d15b49f5c54c6f067909e",
+                    "0e473f4bdc3a37ef888a4f44616e0c09c38b8d7fcdb617736aa8f294dd99e920"
+                ],
+                "mitre_attack_tags": [
+                    "TA0008",
+                    "TA0001",
+                    "T1091"
+                ]
+            },
+            {
+                "bi": "created-executable-on-usb",
+                "hashes": [
+                    "31535bfd8856f9497076a79fc6bac118901275a4928e9c31bfd42641aa624a98",
+                    "70ba4783c12ca57a129c5f3ab9d85ee34f5dc753952d15b49f5c54c6f067909e",
+                    "0e473f4bdc3a37ef888a4f44616e0c09c38b8d7fcdb617736aa8f294dd99e920"
+                ],
+                "mitre_attack_tags": [
+                    "TA0008",
+                    "TA0003",
+                    "T1091"
+                ]
+            },
+            {
+                "bi": "antivirus-flagged-artifact-cta",
+                "hashes": [
+                    "31535bfd8856f9497076a79fc6bac118901275a4928e9c31bfd42641aa624a98",
+                    "70ba4783c12ca57a129c5f3ab9d85ee34f5dc753952d15b49f5c54c6f067909e",
+                    "0e473f4bdc3a37ef888a4f44616e0c09c38b8d7fcdb617736aa8f294dd99e920"
+                ],
+                "mitre_attack_tags": []
+            },
+            {
+                "bi": "file-ini-modified",
+                "hashes": [
+                    "31535bfd8856f9497076a79fc6bac118901275a4928e9c31bfd42641aa624a98",
+                    "70ba4783c12ca57a129c5f3ab9d85ee34f5dc753952d15b49f5c54c6f067909e",
+                    "0e473f4bdc3a37ef888a4f44616e0c09c38b8d7fcdb617736aa8f294dd99e920"
+                ],
+                "mitre_attack_tags": [
+                    "TA0003"
+                ]
+            },
+            {
+                "bi": "pe-vb-imports-toolhelp",
+                "hashes": [
+                    "31535bfd8856f9497076a79fc6bac118901275a4928e9c31bfd42641aa624a98",
+                    "70ba4783c12ca57a129c5f3ab9d85ee34f5dc753952d15b49f5c54c6f067909e",
+                    "0e473f4bdc3a37ef888a4f44616e0c09c38b8d7fcdb617736aa8f294dd99e920"
+                ],
+                "mitre_attack_tags": [
+                    "TA0007",
+                    "T1057"
+                ]
+            },
+            {
+                "bi": "feed-domain-rat",
+                "hashes": [
+                    "834ec1bfba399fed36481af92248915e4a4f9137a3ad3d2236b9932cbf7f142b",
+                    "d8650cb35c1ae0a368ceb7254f17b62f5e05abf8e4ce7fe3a0d8c39574532d95"
+                ],
+                "mitre_attack_tags": []
+            },
+            {
+                "bi": "disables-windows-firewall",
+                "hashes": [
+                    "152d31444542e5096b757127ed11c3aa8aa75869c7bed47c110251d6e4dc73de",
+                    "e76428349eaa3c7ff8417a3b892cd015a0c07a7971b4e422e21751b4f762ed79"
+                ],
+                "mitre_attack_tags": [
+                    "TA0005",
+                    "T1089"
+                ]
+            },
+            {
+                "bi": "registry-editor-disabled",
+                "hashes": [
+                    "152d31444542e5096b757127ed11c3aa8aa75869c7bed47c110251d6e4dc73de",
+                    "e76428349eaa3c7ff8417a3b892cd015a0c07a7971b4e422e21751b4f762ed79"
+                ],
+                "mitre_attack_tags": [
+                    "TA0040",
+                    "T1490"
+                ]
+            },
+            {
+                "bi": "disables-security-center-notifications",
+                "hashes": [
+                    "152d31444542e5096b757127ed11c3aa8aa75869c7bed47c110251d6e4dc73de",
+                    "e76428349eaa3c7ff8417a3b892cd015a0c07a7971b4e422e21751b4f762ed79"
+                ],
+                "mitre_attack_tags": [
+                    "TA0005",
+                    "T1089"
+                ]
+            },
+            {
+                "bi": "malware-cybergate-rat",
+                "hashes": [
+                    "f23c4432eb6761d5742ca93ac63e32f554b2f609089cce6c7b128560cad7864c"
+                ],
+                "mitre_attack_tags": []
+            },
+            {
+                "bi": "deleted-submitted-file",
+                "hashes": [
+                    "152d31444542e5096b757127ed11c3aa8aa75869c7bed47c110251d6e4dc73de"
+                ],
+                "mitre_attack_tags": [
+                    "TA0005",
+                    "T1107"
+                ]
+            },
+            {
+                "bi": "process-uses-localhost-traffic",
+                "hashes": [
+                    "e76428349eaa3c7ff8417a3b892cd015a0c07a7971b4e422e21751b4f762ed79"
+                ],
+                "mitre_attack_tags": [
+                    "TA0005"
+                ]
+            },
+            {
+                "bi": "process-ping",
+                "hashes": [
+                    "e76428349eaa3c7ff8417a3b892cd015a0c07a7971b4e422e21751b4f762ed79"
+                ],
+                "mitre_attack_tags": [
+                    "TA0011",
+                    "TA0007",
+                    "T1049"
+                ]
+            },
+            {
+                "bi": "process-ping-localhost",
+                "hashes": [
+                    "e76428349eaa3c7ff8417a3b892cd015a0c07a7971b4e422e21751b4f762ed79"
+                ],
+                "mitre_attack_tags": [
+                    "TA0011",
+                    "TA0007",
+                    "T1016"
+                ]
+            },
+            {
+                "bi": "cmd-exe-file-deletion",
+                "hashes": [
+                    "e76428349eaa3c7ff8417a3b892cd015a0c07a7971b4e422e21751b4f762ed79"
+                ],
+                "mitre_attack_tags": [
+                    "TA0005",
+                    "T1107"
+                ]
+            },
+            {
+                "bi": "network-opendns-malicious",
+                "hashes": [
+                    "b1bd6d9e01e6a377172d207b9c1f0ea2a22dd5cb8d1eb453c6753d8d4d1a2879"
+                ],
+                "mitre_attack_tags": []
+            },
+            {
+                "bi": "netbios-query",
+                "hashes": [
+                    "b1bd6d9e01e6a377172d207b9c1f0ea2a22dd5cb8d1eb453c6753d8d4d1a2879"
+                ],
+                "mitre_attack_tags": []
+            },
+            {
+                "bi": "sample-launched-copy-domain-flagged",
+                "hashes": [
+                    "b1bd6d9e01e6a377172d207b9c1f0ea2a22dd5cb8d1eb453c6753d8d4d1a2879"
+                ],
+                "mitre_attack_tags": [
+                    "TA0005",
+                    "T1102"
+                ]
+            },
+            {
+                "bi": "artifact-windows-component-suspicious-creation",
+                "hashes": [
+                    "b1bd6d9e01e6a377172d207b9c1f0ea2a22dd5cb8d1eb453c6753d8d4d1a2879"
+                ],
+                "mitre_attack_tags": [
+                    "TA0005",
+                    "T1036"
+                ]
+            },
+            {
+                "bi": "malware-misspell-binary",
+                "hashes": [
+                    "6557faee4a706e851f0aa28785e38dc56bfd422c4d8864c754c884163ab8ab3d"
+                ],
+                "mitre_attack_tags": []
+            },
+            {
+                "bi": "process-svchost-suspicious-launch",
+                "hashes": [
+                    "0f6a595d6bfd0dc514dbde0b8be7cdb2aa1dba94a103f1c79205f0bcf9856e7f"
+                ],
+                "mitre_attack_tags": [
+                    "TA0005"
+                ]
+            },
+            {
+                "bi": "potential-registry-persistence",
+                "hashes": [
+                    "0f6a595d6bfd0dc514dbde0b8be7cdb2aa1dba94a103f1c79205f0bcf9856e7f"
+                ],
+                "mitre_attack_tags": []
+            },
+            {
+                "bi": "malware-compound-cta-activity",
+                "hashes": [
+                    "0f6a595d6bfd0dc514dbde0b8be7cdb2aa1dba94a103f1c79205f0bcf9856e7f"
+                ],
+                "mitre_attack_tags": []
+            },
+            {
+                "bi": "malware-trojan-xtreme-rat-registry-key",
+                "hashes": [
+                    "0f6a595d6bfd0dc514dbde0b8be7cdb2aa1dba94a103f1c79205f0bcf9856e7f"
+                ],
+                "mitre_attack_tags": []
+            },
+            {
+                "bi": "modified-file-in-program-dir",
+                "hashes": [
+                    "50e76d4936b183bf0c03761a38bf0d74e037ce72b59df8a28764b7f446675f51"
+                ],
+                "mitre_attack_tags": []
+            },
+            {
+                "bi": "document-decoy-dropped",
+                "hashes": [
+                    "50e76d4936b183bf0c03761a38bf0d74e037ce72b59df8a28764b7f446675f51"
+                ],
+                "mitre_attack_tags": []
+            },
+            {
+                "bi": "startup-folder-modification",
+                "hashes": [
+                    "50e76d4936b183bf0c03761a38bf0d74e037ce72b59df8a28764b7f446675f51"
+                ],
+                "mitre_attack_tags": [
+                    "TA0003",
+                    "T1060"
+                ]
+            },
+            {
+                "bi": "excessive-file-modifications",
+                "hashes": [
+                    "50e76d4936b183bf0c03761a38bf0d74e037ce72b59df8a28764b7f446675f51"
+                ],
+                "mitre_attack_tags": []
+            },
+            {
+                "bi": "process-check-browser-mail-client-files",
+                "hashes": [
+                    "50e76d4936b183bf0c03761a38bf0d74e037ce72b59df8a28764b7f446675f51"
+                ],
+                "mitre_attack_tags": [
+                    "TA0007"
+                ]
+            },
+            {
+                "bi": "malware-generic-ransomware-entropy",
+                "hashes": [
+                    "50e76d4936b183bf0c03761a38bf0d74e037ce72b59df8a28764b7f446675f51"
+                ],
+                "mitre_attack_tags": []
+            },
+            {
+                "bi": "registry-shell-default-file-handler-created",
+                "hashes": [
+                    "50e76d4936b183bf0c03761a38bf0d74e037ce72b59df8a28764b7f446675f51"
+                ],
+                "mitre_attack_tags": [
+                    "TA0003",
+                    "T1112"
+                ]
+            },
+            {
+                "bi": "file-handler-registration",
+                "hashes": [
+                    "50e76d4936b183bf0c03761a38bf0d74e037ce72b59df8a28764b7f446675f51"
+                ],
+                "mitre_attack_tags": [
+                    "TA0003",
+                    "T1042"
+                ]
+            },
+            {
+                "bi": "recycler-file-creation",
+                "hashes": [
+                    "50e76d4936b183bf0c03761a38bf0d74e037ce72b59df8a28764b7f446675f51"
+                ],
+                "mitre_attack_tags": [
+                    "TA0005",
+                    "T1027"
+                ]
+            },
+            {
+                "bi": "malware-generic-ransomware",
+                "hashes": [
+                    "50e76d4936b183bf0c03761a38bf0d74e037ce72b59df8a28764b7f446675f51"
+                ],
+                "mitre_attack_tags": []
+            },
+            {
+                "bi": "possible-privilege-escalation-detected",
+                "hashes": [
+                    "50e76d4936b183bf0c03761a38bf0d74e037ce72b59df8a28764b7f446675f51"
+                ],
+                "mitre_attack_tags": [
+                    "TA0004",
+                    "T1068"
+                ]
+            },
+            {
+                "bi": "process-read-ie-cookies",
+                "hashes": [
+                    "50e76d4936b183bf0c03761a38bf0d74e037ce72b59df8a28764b7f446675f51"
+                ],
+                "mitre_attack_tags": [
+                    "TA0009",
+                    "T1005",
+                    "T1119"
+                ]
+            },
+            {
+                "bi": "process-deletes-many-files",
+                "hashes": [
+                    "50e76d4936b183bf0c03761a38bf0d74e037ce72b59df8a28764b7f446675f51"
+                ],
+                "mitre_attack_tags": []
+            },
+            {
+                "bi": "pe-uses-dot-net",
+                "hashes": [
+                    "1be1d57117ab25b16d4d17176062dc0cb469e25dcf2ec8c751c2104365697ae6"
+                ],
+                "mitre_attack_tags": []
+            },
+            {
+                "bi": "registry-autorun-key-system-dir",
+                "hashes": [
+                    "1be1d57117ab25b16d4d17176062dc0cb469e25dcf2ec8c751c2104365697ae6"
+                ],
+                "mitre_attack_tags": [
+                    "TA0003",
+                    "T1060"
+                ]
+            },
+            {
+                "bi": "artifact-flagged-obfuscation",
+                "hashes": [
+                    "1899e0b8e3b986a5de287ba23c6e81b287078d7d17eecf30eb10b8013633f709"
+                ],
+                "mitre_attack_tags": [
+                    "TA0005",
+                    "T1027"
+                ]
+            },
+            {
+                "bi": "process-long-cmdline",
+                "hashes": [
+                    "1899e0b8e3b986a5de287ba23c6e81b287078d7d17eecf30eb10b8013633f709"
+                ],
+                "mitre_attack_tags": [
+                    "TA0005",
+                    "T1027"
+                ]
+            },
+            {
+                "bi": "network-fast-flux-domain",
+                "hashes": [
+                    "1899e0b8e3b986a5de287ba23c6e81b287078d7d17eecf30eb10b8013633f709"
+                ],
+                "mitre_attack_tags": []
+            },
+            {
+                "bi": "network-communications-http-get",
+                "hashes": [
+                    "1899e0b8e3b986a5de287ba23c6e81b287078d7d17eecf30eb10b8013633f709"
+                ],
+                "mitre_attack_tags": [
+                    "TA0011",
+                    "TA0010",
+                    "T1105",
+                    "T1043"
+                ]
+            },
+            {
+                "bi": "network-snort-protocol",
+                "hashes": [
+                    "1899e0b8e3b986a5de287ba23c6e81b287078d7d17eecf30eb10b8013633f709"
+                ],
+                "mitre_attack_tags": []
+            },
+            {
+                "bi": "dns-excessive-domain-queries",
+                "hashes": [
+                    "1899e0b8e3b986a5de287ba23c6e81b287078d7d17eecf30eb10b8013633f709"
+                ],
+                "mitre_attack_tags": [
+                    "TA0011",
+                    "T1008"
+                ]
+            },
+            {
+                "bi": "network-only-safe-domains-contacted",
+                "hashes": [
+                    "1899e0b8e3b986a5de287ba23c6e81b287078d7d17eecf30eb10b8013633f709"
+                ],
+                "mitre_attack_tags": []
+            },
+            {
+                "bi": "network-file-downloaded-to-disk",
+                "hashes": [
+                    "1899e0b8e3b986a5de287ba23c6e81b287078d7d17eecf30eb10b8013633f709"
+                ],
+                "mitre_attack_tags": []
+            },
+            {
+                "bi": "http-response-redirect",
+                "hashes": [
+                    "1899e0b8e3b986a5de287ba23c6e81b287078d7d17eecf30eb10b8013633f709"
+                ],
+                "mitre_attack_tags": []
+            },
+            {
+                "bi": "url-not-found",
+                "hashes": [
+                    "1899e0b8e3b986a5de287ba23c6e81b287078d7d17eecf30eb10b8013633f709"
+                ],
+                "mitre_attack_tags": []
+            },
+            {
+                "bi": "script-contains-url",
+                "hashes": [
+                    "1899e0b8e3b986a5de287ba23c6e81b287078d7d17eecf30eb10b8013633f709"
+                ],
+                "mitre_attack_tags": []
+            },
+            {
+                "bi": "js-uses-fromcharcode",
+                "hashes": [
+                    "1899e0b8e3b986a5de287ba23c6e81b287078d7d17eecf30eb10b8013633f709"
+                ],
+                "mitre_attack_tags": [
+                    "TA0005",
+                    "T1027"
+                ]
+            },
+            {
+                "bi": "js-calls-activex-object",
+                "hashes": [
+                    "1899e0b8e3b986a5de287ba23c6e81b287078d7d17eecf30eb10b8013633f709"
+                ],
+                "mitre_attack_tags": [
+                    "TA0005",
+                    "T1202"
+                ]
+            },
+            {
+                "bi": "js-uses-eval",
+                "hashes": [
+                    "1899e0b8e3b986a5de287ba23c6e81b287078d7d17eecf30eb10b8013633f709"
+                ],
+                "mitre_attack_tags": [
+                    "TA0005",
+                    "T1027"
+                ]
+            },
+            {
+                "bi": "js-contains-massive-strings",
+                "hashes": [
+                    "1899e0b8e3b986a5de287ba23c6e81b287078d7d17eecf30eb10b8013633f709"
+                ],
+                "mitre_attack_tags": [
+                    "TA0005",
+                    "T1027"
+                ]
+            },
+            {
+                "bi": "js-uses-encrypt-decrypt",
+                "hashes": [
+                    "1899e0b8e3b986a5de287ba23c6e81b287078d7d17eecf30eb10b8013633f709"
+                ],
+                "mitre_attack_tags": [
+                    "TA0005",
+                    "T1027"
+                ]
+            },
+            {
+                "bi": "html-small-file-redirect",
+                "hashes": [
+                    "1899e0b8e3b986a5de287ba23c6e81b287078d7d17eecf30eb10b8013633f709"
+                ],
+                "mitre_attack_tags": []
+            }
+        ],
+        "category": "Dropper",
+        "coverage": {
+            "AMP": true,
+            "CWS": true,
+            "Cloudlock": false,
+            "Email Security": true,
+            "Network Security": true,
+            "Threat Grid": true,
+            "Umbrella": true,
+            "WSA": true
+        },
+        "description": "DarkComet and related variants are a family of remote access trojans designed to provide an attacker with control over an infected system. Capabilities of this malware include the ability to download files from a user's machine, mechanisms for persistence and hiding, and the ability to send back usernames and passwords from the infected system.",
+        "hashes": [
+            "08039ef764c01600b0b21b33fb9c45031fecacfbc62ac1400a2604783c513e4d",
+            "0e473f4bdc3a37ef888a4f44616e0c09c38b8d7fcdb617736aa8f294dd99e920",
+            "0f6a595d6bfd0dc514dbde0b8be7cdb2aa1dba94a103f1c79205f0bcf9856e7f",
+            "152d31444542e5096b757127ed11c3aa8aa75869c7bed47c110251d6e4dc73de",
+            "1899e0b8e3b986a5de287ba23c6e81b287078d7d17eecf30eb10b8013633f709",
+            "18bc76cc05f305549fbee7757c01f897110effac971738af751815589036d5dc",
+            "1be1d57117ab25b16d4d17176062dc0cb469e25dcf2ec8c751c2104365697ae6",
+            "2be6e59520303b18c3c4524be67c74f8cadfe80101440fcd61d5da6a9648b48f",
+            "31535bfd8856f9497076a79fc6bac118901275a4928e9c31bfd42641aa624a98",
+            "3b765b6d85b21b8304c2287d2ede993082455f64d904529dd8eb03482b5cf3b3",
+            "3ee0145434048bb9dbff5a92a2083b3baae1c539a459668e34316bb75ad318de",
+            "411f03cb9f75856e767ff1b2c3d03464026f32943e4a193d65f8997e6bf7f0cd",
+            "4ce17adddc15f920b90d1f6920fb398b3a3a229d8888c454cab78263e0e95801",
+            "50e76d4936b183bf0c03761a38bf0d74e037ce72b59df8a28764b7f446675f51",
+            "57f94f852f1a625bebfe96a57be5c6cbcb17016f786ebe1991265c442dc42103",
+            "58d4c099e50e96300e2041940d65fbcb8e85978a83ad7cf7457972aeb9f006ba",
+            "5d0671d8aa8a4c3eaeca7d73c197f20fa5e3698f97d9f99abf50b4e43ab1d113",
+            "5e59a550cc3f18a66b663286b2ad08a5612fdd34e8e1667f5229c05e3053d48d",
+            "63935268c3fd6806fc5de779b5f72358721f7dd537de53f019f3baa1cbdb3451",
+            "6557faee4a706e851f0aa28785e38dc56bfd422c4d8864c754c884163ab8ab3d",
+            "70ba4783c12ca57a129c5f3ab9d85ee34f5dc753952d15b49f5c54c6f067909e",
+            "73e47ae090f62b5723ccc7a1b452e8c8b305f22734f7efac6402c9edbd49bc5c",
+            "8167bea409789e03d3483aa7497762f2c3f33ed25122fcd8b7e7b45cb9b3e919",
+            "833d572bc5d010513b2db0ddf8585146717626ca0b1ed31afcf2c060a85532fc",
+            "834ec1bfba399fed36481af92248915e4a4f9137a3ad3d2236b9932cbf7f142b",
+            "8512563d18fbbb08c0f925f52b57284e755f64aa11b8298ae25083b73826f98c",
+            "8a66db1a43f67412d02ea59872444b44edc3e9747ca0d244bc81680a9741256d",
+            "92e9d2dd4ddf6ffb2b760ef22715f8558737a3c9cfaec0177f5d71f7cf2bc8d5",
+            "9588eea7a663c0b1afa4019215e3720191ca182b8ab3267600d3c0015b8b6f90",
+            "992086a58afc0645e976496d672e66679c272167fc6d20ea9f3aae2bd0f42d13",
+            "994b44cf7e2467dbd95eb3c8df6f2699ab4442364917d7c641fbfa90a26a2390",
+            "a07ebce0c65b9da908a7eca884a952a2f1b171b07ae6c34df0a167b24791fb0d",
+            "a277114e0bb75f388acd5a7ef297b7da8920dfe72af8e8e2fc0080dd4cf74344",
+            "a6abfe821f4a0da6ff97c094bb92a88318c84b7ab8738795706d220b3f1b785b",
+            "ad9b169e3ec2bca38608c3a2a260a5c8fd7d425922c1be0480632b1853e8b800",
+            "af7ce9fd8dd8a70b798fa437b31aa50b12223891b4058952fadbf9c82f79736a",
+            "b1bd6d9e01e6a377172d207b9c1f0ea2a22dd5cb8d1eb453c6753d8d4d1a2879",
+            "b3976652a188a7c71e0e59507532b9ff25100a953cf6b465a0f09b7d2016b5f2",
+            "bcb654091e412f70fd2fee09794a727f4309f613eb2f03c224a559c1c338115c",
+            "be6356e2c499f57df5e5c39f53a0ea8592a07a68188af9d4ae32ae8e10ab67db",
+            "bfd75a8d3c77ab2552cf051f8f722221ec1c4a453e0fa01944dd2c9d9e4d0cb9",
+            "c671c6ba02521a078cffc1509fd3f5864791ad7c38a89b626cd2fc9159bd3de5",
+            "cdf04a526edb74c65e0bad7231b1f7aa7b387db4b4d16dbed7ea5d7ce03b3c74",
+            "cf93e6e677dc2ab70926372c1716a2413129eae190f771d8232ee88694a824ea",
+            "d5d10cde8b33c413a0394f65e177fda049d3b73d583aa05334466ee20f9a2edb",
+            "d6e93570f074ca1182478f151b393c9d9f8bd3aa91ca7097891ab671a8ce30e1",
+            "d8650cb35c1ae0a368ceb7254f17b62f5e05abf8e4ce7fe3a0d8c39574532d95",
+            "da515b01e95f27c67c01f71005bf42713ced58cbf6f2b5f53c36e465fad3a95e",
+            "e76428349eaa3c7ff8417a3b892cd015a0c07a7971b4e422e21751b4f762ed79",
+            "e7c319c4410bb1057e40a92abe4c0d15e8f9b6d297a85ad658461d851741b39e",
+            "e7ce36bfe35203e67072cb86e1a9cb4848f837bccc2318de3b27586fef4364c0",
+            "eb3b2de42768e4129acce3cedff0de9d663a77f77b3c68af682e5f5f94b0b86a",
+            "edf0c17aed631d1cd31e43c1be2291b74129f2b71be868156866a31fcac6cb05",
+            "f1e64796cd9af7b18727e7784485626f9a4fa87aab61ecd509417b8c36345766",
+            "f23c4432eb6761d5742ca93ac63e32f554b2f609089cce6c7b128560cad7864c",
+            "f7f74b86ed08220d18429df10ec7e25fbe97bca9af5183bdcfc802e550d37f58",
+            "f94a76f81541afdfd26ec9ba1ceee6e650c8aed7a47579d4bad6fce9608da50c",
+            "f98a7257bc518d66a99b78f55fbde062882e70024240e2136ef3d9ae4d85f911",
+            "fbc3997fdc75603a092d22c21b718cd1b8ef1d0944d5fdc97b62fe19a6ac296e"
+        ],
+        "iocs": {
+            "domain": [
+                {
+                    "hashes": [
+                        "0e473f4bdc3a37ef888a4f44616e0c09c38b8d7fcdb617736aa8f294dd99e920",
+                        "31535bfd8856f9497076a79fc6bac118901275a4928e9c31bfd42641aa624a98",
+                        "70ba4783c12ca57a129c5f3ab9d85ee34f5dc753952d15b49f5c54c6f067909e"
+                    ],
+                    "host": "mantwhouse[.]no-ip[.]info"
+                },
+                {
+                    "hashes": [
+                        "0e473f4bdc3a37ef888a4f44616e0c09c38b8d7fcdb617736aa8f294dd99e920",
+                        "31535bfd8856f9497076a79fc6bac118901275a4928e9c31bfd42641aa624a98",
+                        "70ba4783c12ca57a129c5f3ab9d85ee34f5dc753952d15b49f5c54c6f067909e"
+                    ],
+                    "host": "www[.]000webhost[.]com"
+                },
+                {
+                    "hashes": [
+                        "08039ef764c01600b0b21b33fb9c45031fecacfbc62ac1400a2604783c513e4d",
+                        "57f94f852f1a625bebfe96a57be5c6cbcb17016f786ebe1991265c442dc42103",
+                        "bcb654091e412f70fd2fee09794a727f4309f613eb2f03c224a559c1c338115c"
+                    ],
+                    "host": "caglar0201[.]no-ip[.]biz"
+                },
+                {
+                    "hashes": [
+                        "0e473f4bdc3a37ef888a4f44616e0c09c38b8d7fcdb617736aa8f294dd99e920",
+                        "70ba4783c12ca57a129c5f3ab9d85ee34f5dc753952d15b49f5c54c6f067909e"
+                    ],
+                    "host": "private55[.]uphero[.]com"
+                },
+                {
+                    "hashes": [
+                        "1899e0b8e3b986a5de287ba23c6e81b287078d7d17eecf30eb10b8013633f709"
+                    ],
+                    "host": "schema[.]org"
+                },
+                {
+                    "hashes": [
+                        "1899e0b8e3b986a5de287ba23c6e81b287078d7d17eecf30eb10b8013633f709"
+                    ],
+                    "host": "www[.]google-analytics[.]com"
+                },
+                {
+                    "hashes": [
+                        "1899e0b8e3b986a5de287ba23c6e81b287078d7d17eecf30eb10b8013633f709"
+                    ],
+                    "host": "stats[.]g[.]doubleclick[.]net"
+                },
+                {
+                    "hashes": [
+                        "1899e0b8e3b986a5de287ba23c6e81b287078d7d17eecf30eb10b8013633f709"
+                    ],
+                    "host": "github[.]com"
+                },
+                {
+                    "hashes": [
+                        "1899e0b8e3b986a5de287ba23c6e81b287078d7d17eecf30eb10b8013633f709"
+                    ],
+                    "host": "avatars1[.]githubusercontent[.]com"
+                },
+                {
+                    "hashes": [
+                        "1899e0b8e3b986a5de287ba23c6e81b287078d7d17eecf30eb10b8013633f709"
+                    ],
+                    "host": "az725175[.]vo[.]msecnd[.]net"
+                },
+                {
+                    "hashes": [
+                        "1899e0b8e3b986a5de287ba23c6e81b287078d7d17eecf30eb10b8013633f709"
+                    ],
+                    "host": "aka[.]ms"
+                },
+                {
+                    "hashes": [
+                        "1899e0b8e3b986a5de287ba23c6e81b287078d7d17eecf30eb10b8013633f709"
+                    ],
+                    "host": "avatars3[.]githubusercontent[.]com"
+                },
+                {
+                    "hashes": [
+                        "1899e0b8e3b986a5de287ba23c6e81b287078d7d17eecf30eb10b8013633f709"
+                    ],
+                    "host": "developercommunity[.]visualstudio[.]com"
+                },
+                {
+                    "hashes": [
+                        "6557faee4a706e851f0aa28785e38dc56bfd422c4d8864c754c884163ab8ab3d"
+                    ],
+                    "host": "9000x[.]ignorelist[.]com"
+                },
+                {
+                    "hashes": [
+                        "1899e0b8e3b986a5de287ba23c6e81b287078d7d17eecf30eb10b8013633f709"
+                    ],
+                    "host": "cdn[.]speedcurve[.]com"
+                },
+                {
+                    "hashes": [
+                        "1899e0b8e3b986a5de287ba23c6e81b287078d7d17eecf30eb10b8013633f709"
+                    ],
+                    "host": "w[.]usabilla[.]com"
+                },
+                {
+                    "hashes": [
+                        "152d31444542e5096b757127ed11c3aa8aa75869c7bed47c110251d6e4dc73de"
+                    ],
+                    "host": "gloryday777[.]ddns[.]net"
+                },
+                {
+                    "hashes": [
+                        "5d0671d8aa8a4c3eaeca7d73c197f20fa5e3698f97d9f99abf50b4e43ab1d113"
+                    ],
+                    "host": "leontopodium[.]noip[.]me"
+                },
+                {
+                    "hashes": [
+                        "834ec1bfba399fed36481af92248915e4a4f9137a3ad3d2236b9932cbf7f142b"
+                    ],
+                    "host": "gelegele[.]ddns[.]net"
+                },
+                {
+                    "hashes": [
+                        "d8650cb35c1ae0a368ceb7254f17b62f5e05abf8e4ce7fe3a0d8c39574532d95"
+                    ],
+                    "host": "hackermtsystem[.]ddns[.]net"
+                },
+                {
+                    "hashes": [
+                        "b1bd6d9e01e6a377172d207b9c1f0ea2a22dd5cb8d1eb453c6753d8d4d1a2879"
+                    ],
+                    "host": "exad[.]noip[.]me"
+                },
+                {
+                    "hashes": [
+                        "f23c4432eb6761d5742ca93ac63e32f554b2f609089cce6c7b128560cad7864c"
+                    ],
+                    "host": "parfumnext[.]zapto[.]org"
+                },
+                {
+                    "hashes": [
+                        "f23c4432eb6761d5742ca93ac63e32f554b2f609089cce6c7b128560cad7864c"
+                    ],
+                    "host": "parfumlex[.]zapto[.]org"
+                },
+                {
+                    "hashes": [
+                        "f23c4432eb6761d5742ca93ac63e32f554b2f609089cce6c7b128560cad7864c"
+                    ],
+                    "host": "parfumsex[.]zapto[.]org"
+                },
+                {
+                    "hashes": [
+                        "f23c4432eb6761d5742ca93ac63e32f554b2f609089cce6c7b128560cad7864c"
+                    ],
+                    "host": "parfumerus[.]no-ip[.]biz"
+                },
+                {
+                    "hashes": [
+                        "f23c4432eb6761d5742ca93ac63e32f554b2f609089cce6c7b128560cad7864c"
+                    ],
+                    "host": "parfumlove[.]zapto[.]org"
+                },
+                {
+                    "hashes": [
+                        "0f6a595d6bfd0dc514dbde0b8be7cdb2aa1dba94a103f1c79205f0bcf9856e7f"
+                    ],
+                    "host": "joker2134[.]no-ip[.]org"
+                },
+                {
+                    "hashes": [
+                        "1be1d57117ab25b16d4d17176062dc0cb469e25dcf2ec8c751c2104365697ae6"
+                    ],
+                    "host": "foragidos[.]no-ip[.]org"
+                },
+                {
+                    "hashes": [
+                        "31535bfd8856f9497076a79fc6bac118901275a4928e9c31bfd42641aa624a98"
+                    ],
+                    "host": "manu777[.]net76[.]net"
+                }
+            ],
+            "file": [
+                {
+                    "hashes": [
+                        "08039ef764c01600b0b21b33fb9c45031fecacfbc62ac1400a2604783c513e4d",
+                        "152d31444542e5096b757127ed11c3aa8aa75869c7bed47c110251d6e4dc73de",
+                        "3b765b6d85b21b8304c2287d2ede993082455f64d904529dd8eb03482b5cf3b3",
+                        "57f94f852f1a625bebfe96a57be5c6cbcb17016f786ebe1991265c442dc42103",
+                        "5d0671d8aa8a4c3eaeca7d73c197f20fa5e3698f97d9f99abf50b4e43ab1d113",
+                        "b1bd6d9e01e6a377172d207b9c1f0ea2a22dd5cb8d1eb453c6753d8d4d1a2879",
+                        "bcb654091e412f70fd2fee09794a727f4309f613eb2f03c224a559c1c338115c",
+                        "d8650cb35c1ae0a368ceb7254f17b62f5e05abf8e4ce7fe3a0d8c39574532d95",
+                        "edf0c17aed631d1cd31e43c1be2291b74129f2b71be868156866a31fcac6cb05",
+                        "f98a7257bc518d66a99b78f55fbde062882e70024240e2136ef3d9ae4d85f911"
+                    ],
+                    "path": "%APPDATA%\\dclogs"
+                },
+                {
+                    "hashes": [
+                        "08039ef764c01600b0b21b33fb9c45031fecacfbc62ac1400a2604783c513e4d",
+                        "57f94f852f1a625bebfe96a57be5c6cbcb17016f786ebe1991265c442dc42103",
+                        "bcb654091e412f70fd2fee09794a727f4309f613eb2f03c224a559c1c338115c",
+                        "e76428349eaa3c7ff8417a3b892cd015a0c07a7971b4e422e21751b4f762ed79"
+                    ],
+                    "path": "%HOMEPATH%\\Documents\\MSDCSC"
+                },
+                {
+                    "hashes": [
+                        "08039ef764c01600b0b21b33fb9c45031fecacfbc62ac1400a2604783c513e4d",
+                        "57f94f852f1a625bebfe96a57be5c6cbcb17016f786ebe1991265c442dc42103",
+                        "bcb654091e412f70fd2fee09794a727f4309f613eb2f03c224a559c1c338115c",
+                        "e76428349eaa3c7ff8417a3b892cd015a0c07a7971b4e422e21751b4f762ed79"
+                    ],
+                    "path": "%HOMEPATH%\\Documents\\MSDCSC\\msdcsc.exe"
+                },
+                {
+                    "hashes": [
+                        "08039ef764c01600b0b21b33fb9c45031fecacfbc62ac1400a2604783c513e4d",
+                        "18bc76cc05f305549fbee7757c01f897110effac971738af751815589036d5dc",
+                        "2be6e59520303b18c3c4524be67c74f8cadfe80101440fcd61d5da6a9648b48f",
+                        "8167bea409789e03d3483aa7497762f2c3f33ed25122fcd8b7e7b45cb9b3e919"
+                    ],
+                    "path": "%APPDATA%\\Microsoft\\Crypto\\RSA\\S-1-5-21-2580483871-590521980-3826313501-500\\8984ef1fcc24342f5531acc4001616a5_d19ab989-a35f-4710-83df-7b2db7efe7c5"
+                },
+                {
+                    "hashes": [
+                        "08039ef764c01600b0b21b33fb9c45031fecacfbc62ac1400a2604783c513e4d",
+                        "18bc76cc05f305549fbee7757c01f897110effac971738af751815589036d5dc",
+                        "2be6e59520303b18c3c4524be67c74f8cadfe80101440fcd61d5da6a9648b48f",
+                        "8167bea409789e03d3483aa7497762f2c3f33ed25122fcd8b7e7b45cb9b3e919"
+                    ],
+                    "path": "%APPDATA%\\Microsoft\\Crypto\\RSA\\S-1-5-21-1258710499-2222286471-4214075941-500\\8984ef1fcc24342f5531acc4001616a5_8f793a96-da80-4751-83f9-b23d8b735fb1"
+                },
+                {
+                    "hashes": [
+                        "0e473f4bdc3a37ef888a4f44616e0c09c38b8d7fcdb617736aa8f294dd99e920",
+                        "31535bfd8856f9497076a79fc6bac118901275a4928e9c31bfd42641aa624a98",
+                        "70ba4783c12ca57a129c5f3ab9d85ee34f5dc753952d15b49f5c54c6f067909e"
+                    ],
+                    "path": "\\autorun.inf"
+                },
+                {
+                    "hashes": [
+                        "0e473f4bdc3a37ef888a4f44616e0c09c38b8d7fcdb617736aa8f294dd99e920",
+                        "31535bfd8856f9497076a79fc6bac118901275a4928e9c31bfd42641aa624a98",
+                        "70ba4783c12ca57a129c5f3ab9d85ee34f5dc753952d15b49f5c54c6f067909e"
+                    ],
+                    "path": "\\Adobe Photoshop CS6 Keygen.exe"
+                },
+                {
+                    "hashes": [
+                        "0e473f4bdc3a37ef888a4f44616e0c09c38b8d7fcdb617736aa8f294dd99e920",
+                        "31535bfd8856f9497076a79fc6bac118901275a4928e9c31bfd42641aa624a98",
+                        "70ba4783c12ca57a129c5f3ab9d85ee34f5dc753952d15b49f5c54c6f067909e"
+                    ],
+                    "path": "\\1.exe"
+                },
+                {
+                    "hashes": [
+                        "0e473f4bdc3a37ef888a4f44616e0c09c38b8d7fcdb617736aa8f294dd99e920",
+                        "31535bfd8856f9497076a79fc6bac118901275a4928e9c31bfd42641aa624a98",
+                        "70ba4783c12ca57a129c5f3ab9d85ee34f5dc753952d15b49f5c54c6f067909e"
+                    ],
+                    "path": "E:\\autorun.inf"
+                },
+                {
+                    "hashes": [
+                        "0e473f4bdc3a37ef888a4f44616e0c09c38b8d7fcdb617736aa8f294dd99e920",
+                        "31535bfd8856f9497076a79fc6bac118901275a4928e9c31bfd42641aa624a98",
+                        "70ba4783c12ca57a129c5f3ab9d85ee34f5dc753952d15b49f5c54c6f067909e"
+                    ],
+                    "path": "\\TEMP\\1.exe"
+                },
+                {
+                    "hashes": [
+                        "0e473f4bdc3a37ef888a4f44616e0c09c38b8d7fcdb617736aa8f294dd99e920",
+                        "31535bfd8856f9497076a79fc6bac118901275a4928e9c31bfd42641aa624a98",
+                        "70ba4783c12ca57a129c5f3ab9d85ee34f5dc753952d15b49f5c54c6f067909e"
+                    ],
+                    "path": "E:\\Adobe Photoshop CS6 Keygen.exe"
+                },
+                {
+                    "hashes": [
+                        "0e473f4bdc3a37ef888a4f44616e0c09c38b8d7fcdb617736aa8f294dd99e920",
+                        "31535bfd8856f9497076a79fc6bac118901275a4928e9c31bfd42641aa624a98",
+                        "70ba4783c12ca57a129c5f3ab9d85ee34f5dc753952d15b49f5c54c6f067909e"
+                    ],
+                    "path": "%TEMP%\\gfdgfd.Exe"
+                },
+                {
+                    "hashes": [
+                        "0e473f4bdc3a37ef888a4f44616e0c09c38b8d7fcdb617736aa8f294dd99e920",
+                        "31535bfd8856f9497076a79fc6bac118901275a4928e9c31bfd42641aa624a98",
+                        "70ba4783c12ca57a129c5f3ab9d85ee34f5dc753952d15b49f5c54c6f067909e"
+                    ],
+                    "path": "%APPDATA%\\{0664ECA6-B456-E195-1216-E87E3554727E}"
+                },
+                {
+                    "hashes": [
+                        "0e473f4bdc3a37ef888a4f44616e0c09c38b8d7fcdb617736aa8f294dd99e920",
+                        "31535bfd8856f9497076a79fc6bac118901275a4928e9c31bfd42641aa624a98",
+                        "70ba4783c12ca57a129c5f3ab9d85ee34f5dc753952d15b49f5c54c6f067909e"
+                    ],
+                    "path": "%APPDATA%\\{0664ECA6-B456-E195-1216-E87E3554727E}\\dll.exe"
+                },
+                {
+                    "hashes": [
+                        "0e473f4bdc3a37ef888a4f44616e0c09c38b8d7fcdb617736aa8f294dd99e920",
+                        "31535bfd8856f9497076a79fc6bac118901275a4928e9c31bfd42641aa624a98",
+                        "70ba4783c12ca57a129c5f3ab9d85ee34f5dc753952d15b49f5c54c6f067909e"
+                    ],
+                    "path": "\\x.bat"
+                },
+                {
+                    "hashes": [
+                        "1be1d57117ab25b16d4d17176062dc0cb469e25dcf2ec8c751c2104365697ae6",
+                        "834ec1bfba399fed36481af92248915e4a4f9137a3ad3d2236b9932cbf7f142b"
+                    ],
+                    "path": "%TEMP%\\XX--XX--XX.txt"
+                },
+                {
+                    "hashes": [
+                        "1be1d57117ab25b16d4d17176062dc0cb469e25dcf2ec8c751c2104365697ae6",
+                        "834ec1bfba399fed36481af92248915e4a4f9137a3ad3d2236b9932cbf7f142b"
+                    ],
+                    "path": "%TEMP%\\UuU.uUu"
+                },
+                {
+                    "hashes": [
+                        "1be1d57117ab25b16d4d17176062dc0cb469e25dcf2ec8c751c2104365697ae6",
+                        "834ec1bfba399fed36481af92248915e4a4f9137a3ad3d2236b9932cbf7f142b"
+                    ],
+                    "path": "%TEMP%\\XxX.xXx"
+                },
+                {
+                    "hashes": [
+                        "1be1d57117ab25b16d4d17176062dc0cb469e25dcf2ec8c751c2104365697ae6",
+                        "834ec1bfba399fed36481af92248915e4a4f9137a3ad3d2236b9932cbf7f142b"
+                    ],
+                    "path": "%APPDATA%\\logs.dat"
+                },
+                {
+                    "hashes": [
+                        "50e76d4936b183bf0c03761a38bf0d74e037ce72b59df8a28764b7f446675f51"
+                    ],
+                    "path": "%HOMEPATH%\\                      .txt"
+                },
+                {
+                    "hashes": [
+                        "50e76d4936b183bf0c03761a38bf0d74e037ce72b59df8a28764b7f446675f51"
+                    ],
+                    "path": "%HOMEPATH%\\Local Settings\\                      .txt"
+                },
+                {
+                    "hashes": [
+                        "50e76d4936b183bf0c03761a38bf0d74e037ce72b59df8a28764b7f446675f51"
+                    ],
+                    "path": "%HOMEPATH%\\Local Settings\\Application Data\\Microsoft\\Windows Media\\9.0\\                      .txt"
+                },
+                {
+                    "hashes": [
+                        "50e76d4936b183bf0c03761a38bf0d74e037ce72b59df8a28764b7f446675f51"
+                    ],
+                    "path": "%HOMEPATH%\\Local Settings\\Application Data\\Microsoft\\Windows\\                      .txt"
+                },
+                {
+                    "hashes": [
+                        "f23c4432eb6761d5742ca93ac63e32f554b2f609089cce6c7b128560cad7864c"
+                    ],
+                    "path": "%TEMP%\\Administrator7"
+                },
+                {
+                    "hashes": [
+                        "f23c4432eb6761d5742ca93ac63e32f554b2f609089cce6c7b128560cad7864c"
+                    ],
+                    "path": "%TEMP%\\Administrator8"
+                },
+                {
+                    "hashes": [
+                        "f23c4432eb6761d5742ca93ac63e32f554b2f609089cce6c7b128560cad7864c"
+                    ],
+                    "path": "%TEMP%\\Administrator2.txt"
+                },
+                {
+                    "hashes": [
+                        "1be1d57117ab25b16d4d17176062dc0cb469e25dcf2ec8c751c2104365697ae6"
+                    ],
+                    "path": "%SystemRoot%\\Microsoft\\svchost.exe"
+                },
+                {
+                    "hashes": [
+                        "f23c4432eb6761d5742ca93ac63e32f554b2f609089cce6c7b128560cad7864c"
+                    ],
+                    "path": "%APPDATA%\\Administratorlog.dat"
+                },
+                {
+                    "hashes": [
+                        "152d31444542e5096b757127ed11c3aa8aa75869c7bed47c110251d6e4dc73de"
+                    ],
+                    "path": "%TEMP%\\MSDCSC\\msdcsc.exe"
+                },
+                {
+                    "hashes": [
+                        "50e76d4936b183bf0c03761a38bf0d74e037ce72b59df8a28764b7f446675f51"
+                    ],
+                    "path": "\\$Recycle.Bin\\<user SID>\\$<random, matching '[A-Z0-9]{7}'>.txt"
+                },
+                {
+                    "hashes": [
+                        "1be1d57117ab25b16d4d17176062dc0cb469e25dcf2ec8c751c2104365697ae6"
+                    ],
+                    "path": "%TEMP%\\Trade Hacker.exe"
+                },
+                {
+                    "hashes": [
+                        "50e76d4936b183bf0c03761a38bf0d74e037ce72b59df8a28764b7f446675f51"
+                    ],
+                    "path": "\\$Recycle.Bin\\S-1-5-21-2580483871-590521980-3826313501-500\\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt"
+                },
+                {
+                    "hashes": [
+                        "50e76d4936b183bf0c03761a38bf0d74e037ce72b59df8a28764b7f446675f51"
+                    ],
+                    "path": "%ProgramFiles(x86)%\\Java\\jre8\\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt"
+                },
+                {
+                    "hashes": [
+                        "50e76d4936b183bf0c03761a38bf0d74e037ce72b59df8a28764b7f446675f51"
+                    ],
+                    "path": "%ProgramFiles(x86)%\\MSBuild\\Microsoft\\Windows Workflow Foundation\\v3.0\\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt"
+                },
+                {
+                    "hashes": [
+                        "50e76d4936b183bf0c03761a38bf0d74e037ce72b59df8a28764b7f446675f51"
+                    ],
+                    "path": "%ProgramFiles(x86)%\\MSBuild\\Microsoft\\Windows Workflow Foundation\\v3.5\\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt"
+                },
+                {
+                    "hashes": [
+                        "50e76d4936b183bf0c03761a38bf0d74e037ce72b59df8a28764b7f446675f51"
+                    ],
+                    "path": "%ProgramFiles(x86)%\\MSBuild\\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt"
+                },
+                {
+                    "hashes": [
+                        "50e76d4936b183bf0c03761a38bf0d74e037ce72b59df8a28764b7f446675f51"
+                    ],
+                    "path": "%ProgramFiles(x86)%\\Microsoft Analysis Services\\AS OLEDB\\10\\Cartridges\\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt"
+                },
+                {
+                    "hashes": [
+                        "50e76d4936b183bf0c03761a38bf0d74e037ce72b59df8a28764b7f446675f51"
+                    ],
+                    "path": "%ProgramFiles(x86)%\\Microsoft Analysis Services\\AS OLEDB\\10\\Resources\\1033\\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt"
+                },
+                {
+                    "hashes": [
+                        "50e76d4936b183bf0c03761a38bf0d74e037ce72b59df8a28764b7f446675f51"
+                    ],
+                    "path": "%ProgramFiles(x86)%\\Microsoft Analysis Services\\AS OLEDB\\10\\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt"
+                },
+                {
+                    "hashes": [
+                        "50e76d4936b183bf0c03761a38bf0d74e037ce72b59df8a28764b7f446675f51"
+                    ],
+                    "path": "%ProgramFiles(x86)%\\Microsoft Office\\CLIPART\\PUB60COR\\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt"
+                },
+                {
+                    "hashes": [
+                        "50e76d4936b183bf0c03761a38bf0d74e037ce72b59df8a28764b7f446675f51"
+                    ],
+                    "path": "%ProgramFiles(x86)%\\Microsoft Office\\CLIPART\\Publisher\\Backgrounds\\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt"
+                },
+                {
+                    "hashes": [
+                        "50e76d4936b183bf0c03761a38bf0d74e037ce72b59df8a28764b7f446675f51"
+                    ],
+                    "path": "%ProgramFiles(x86)%\\Microsoft Office\\Document Themes 14\\Theme Colors\\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt"
+                },
+                {
+                    "hashes": [
+                        "50e76d4936b183bf0c03761a38bf0d74e037ce72b59df8a28764b7f446675f51"
+                    ],
+                    "path": "%ProgramFiles(x86)%\\Microsoft Office\\Document Themes 14\\Theme Effects\\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt"
+                },
+                {
+                    "hashes": [
+                        "50e76d4936b183bf0c03761a38bf0d74e037ce72b59df8a28764b7f446675f51"
+                    ],
+                    "path": "%ProgramFiles(x86)%\\Microsoft Office\\Document Themes 14\\Theme Fonts\\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt"
+                },
+                {
+                    "hashes": [
+                        "50e76d4936b183bf0c03761a38bf0d74e037ce72b59df8a28764b7f446675f51"
+                    ],
+                    "path": "%ProgramFiles(x86)%\\Microsoft Office\\Document Themes 14\\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt"
+                },
+                {
+                    "hashes": [
+                        "50e76d4936b183bf0c03761a38bf0d74e037ce72b59df8a28764b7f446675f51"
+                    ],
+                    "path": "%ProgramFiles(x86)%\\Microsoft Office\\MEDIA\\CAGCAT10\\1033\\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt"
+                },
+                {
+                    "hashes": [
+                        "50e76d4936b183bf0c03761a38bf0d74e037ce72b59df8a28764b7f446675f51"
+                    ],
+                    "path": "%ProgramFiles(x86)%\\Microsoft Office\\MEDIA\\CAGCAT10\\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt"
+                },
+                {
+                    "hashes": [
+                        "50e76d4936b183bf0c03761a38bf0d74e037ce72b59df8a28764b7f446675f51"
+                    ],
+                    "path": "%ProgramFiles(x86)%\\Microsoft Office\\MEDIA\\OFFICE14\\1033\\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt"
+                },
+                {
+                    "hashes": [
+                        "50e76d4936b183bf0c03761a38bf0d74e037ce72b59df8a28764b7f446675f51"
+                    ],
+                    "path": "%ProgramFiles(x86)%\\Microsoft Office\\MEDIA\\OFFICE14\\AUTOSHAP\\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt"
+                },
+                {
+                    "hashes": [
+                        "6557faee4a706e851f0aa28785e38dc56bfd422c4d8864c754c884163ab8ab3d"
+                    ],
+                    "path": "%APPDATA%\\wuaclt.exe"
+                }
+            ],
+            "ip": [
+                {
+                    "hashes": [
+                        "0e473f4bdc3a37ef888a4f44616e0c09c38b8d7fcdb617736aa8f294dd99e920",
+                        "31535bfd8856f9497076a79fc6bac118901275a4928e9c31bfd42641aa624a98",
+                        "70ba4783c12ca57a129c5f3ab9d85ee34f5dc753952d15b49f5c54c6f067909e"
+                    ],
+                    "ip": "153[.]92[.]0[.]100"
+                },
+                {
+                    "hashes": [
+                        "0e473f4bdc3a37ef888a4f44616e0c09c38b8d7fcdb617736aa8f294dd99e920",
+                        "31535bfd8856f9497076a79fc6bac118901275a4928e9c31bfd42641aa624a98",
+                        "70ba4783c12ca57a129c5f3ab9d85ee34f5dc753952d15b49f5c54c6f067909e"
+                    ],
+                    "ip": "104[.]20[.]67[.]46"
+                },
+                {
+                    "hashes": [
+                        "1899e0b8e3b986a5de287ba23c6e81b287078d7d17eecf30eb10b8013633f709"
+                    ],
+                    "ip": "204[.]79[.]197[.]200"
+                },
+                {
+                    "hashes": [
+                        "1899e0b8e3b986a5de287ba23c6e81b287078d7d17eecf30eb10b8013633f709"
+                    ],
+                    "ip": "151[.]101[.]194[.]217"
+                },
+                {
+                    "hashes": [
+                        "1899e0b8e3b986a5de287ba23c6e81b287078d7d17eecf30eb10b8013633f709"
+                    ],
+                    "ip": "152[.]199[.]4[.]33"
+                },
+                {
+                    "hashes": [
+                        "1899e0b8e3b986a5de287ba23c6e81b287078d7d17eecf30eb10b8013633f709"
+                    ],
+                    "ip": "65[.]55[.]44[.]109"
+                },
+                {
+                    "hashes": [
+                        "1899e0b8e3b986a5de287ba23c6e81b287078d7d17eecf30eb10b8013633f709"
+                    ],
+                    "ip": "20[.]36[.]253[.]92"
+                },
+                {
+                    "hashes": [
+                        "1899e0b8e3b986a5de287ba23c6e81b287078d7d17eecf30eb10b8013633f709"
+                    ],
+                    "ip": "151[.]101[.]128[.]133"
+                },
+                {
+                    "hashes": [
+                        "1899e0b8e3b986a5de287ba23c6e81b287078d7d17eecf30eb10b8013633f709"
+                    ],
+                    "ip": "23[.]218[.]140[.]208"
+                },
+                {
+                    "hashes": [
+                        "1899e0b8e3b986a5de287ba23c6e81b287078d7d17eecf30eb10b8013633f709"
+                    ],
+                    "ip": "140[.]82[.]114[.]3"
+                },
+                {
+                    "hashes": [
+                        "1899e0b8e3b986a5de287ba23c6e81b287078d7d17eecf30eb10b8013633f709"
+                    ],
+                    "ip": "23[.]6[.]69[.]99"
+                },
+                {
+                    "hashes": [
+                        "1899e0b8e3b986a5de287ba23c6e81b287078d7d17eecf30eb10b8013633f709"
+                    ],
+                    "ip": "172[.]217[.]5[.]238"
+                },
+                {
+                    "hashes": [
+                        "1899e0b8e3b986a5de287ba23c6e81b287078d7d17eecf30eb10b8013633f709"
+                    ],
+                    "ip": "52[.]201[.]110[.]209"
+                },
+                {
+                    "hashes": [
+                        "1899e0b8e3b986a5de287ba23c6e81b287078d7d17eecf30eb10b8013633f709"
+                    ],
+                    "ip": "172[.]253[.]63[.]155"
+                }
+            ],
+            "mutex": [
+                {
+                    "hashes": [
+                        "18bc76cc05f305549fbee7757c01f897110effac971738af751815589036d5dc",
+                        "1be1d57117ab25b16d4d17176062dc0cb469e25dcf2ec8c751c2104365697ae6",
+                        "4ce17adddc15f920b90d1f6920fb398b3a3a229d8888c454cab78263e0e95801",
+                        "58d4c099e50e96300e2041940d65fbcb8e85978a83ad7cf7457972aeb9f006ba",
+                        "73e47ae090f62b5723ccc7a1b452e8c8b305f22734f7efac6402c9edbd49bc5c",
+                        "8167bea409789e03d3483aa7497762f2c3f33ed25122fcd8b7e7b45cb9b3e919",
+                        "833d572bc5d010513b2db0ddf8585146717626ca0b1ed31afcf2c060a85532fc",
+                        "834ec1bfba399fed36481af92248915e4a4f9137a3ad3d2236b9932cbf7f142b",
+                        "8512563d18fbbb08c0f925f52b57284e755f64aa11b8298ae25083b73826f98c",
+                        "ad9b169e3ec2bca38608c3a2a260a5c8fd7d425922c1be0480632b1853e8b800",
+                        "cdf04a526edb74c65e0bad7231b1f7aa7b387db4b4d16dbed7ea5d7ce03b3c74"
+                    ],
+                    "name": "_x_X_BLOCKMOUSE_X_x_"
+                },
+                {
+                    "hashes": [
+                        "18bc76cc05f305549fbee7757c01f897110effac971738af751815589036d5dc",
+                        "1be1d57117ab25b16d4d17176062dc0cb469e25dcf2ec8c751c2104365697ae6",
+                        "4ce17adddc15f920b90d1f6920fb398b3a3a229d8888c454cab78263e0e95801",
+                        "58d4c099e50e96300e2041940d65fbcb8e85978a83ad7cf7457972aeb9f006ba",
+                        "73e47ae090f62b5723ccc7a1b452e8c8b305f22734f7efac6402c9edbd49bc5c",
+                        "8167bea409789e03d3483aa7497762f2c3f33ed25122fcd8b7e7b45cb9b3e919",
+                        "833d572bc5d010513b2db0ddf8585146717626ca0b1ed31afcf2c060a85532fc",
+                        "834ec1bfba399fed36481af92248915e4a4f9137a3ad3d2236b9932cbf7f142b",
+                        "8512563d18fbbb08c0f925f52b57284e755f64aa11b8298ae25083b73826f98c",
+                        "ad9b169e3ec2bca38608c3a2a260a5c8fd7d425922c1be0480632b1853e8b800",
+                        "cdf04a526edb74c65e0bad7231b1f7aa7b387db4b4d16dbed7ea5d7ce03b3c74"
+                    ],
+                    "name": "_x_X_PASSWORDLIST_X_x_"
+                },
+                {
+                    "hashes": [
+                        "18bc76cc05f305549fbee7757c01f897110effac971738af751815589036d5dc",
+                        "1be1d57117ab25b16d4d17176062dc0cb469e25dcf2ec8c751c2104365697ae6",
+                        "4ce17adddc15f920b90d1f6920fb398b3a3a229d8888c454cab78263e0e95801",
+                        "58d4c099e50e96300e2041940d65fbcb8e85978a83ad7cf7457972aeb9f006ba",
+                        "73e47ae090f62b5723ccc7a1b452e8c8b305f22734f7efac6402c9edbd49bc5c",
+                        "8167bea409789e03d3483aa7497762f2c3f33ed25122fcd8b7e7b45cb9b3e919",
+                        "833d572bc5d010513b2db0ddf8585146717626ca0b1ed31afcf2c060a85532fc",
+                        "834ec1bfba399fed36481af92248915e4a4f9137a3ad3d2236b9932cbf7f142b",
+                        "8512563d18fbbb08c0f925f52b57284e755f64aa11b8298ae25083b73826f98c",
+                        "ad9b169e3ec2bca38608c3a2a260a5c8fd7d425922c1be0480632b1853e8b800",
+                        "cdf04a526edb74c65e0bad7231b1f7aa7b387db4b4d16dbed7ea5d7ce03b3c74"
+                    ],
+                    "name": "_x_X_UPDATE_X_x_"
+                },
+                {
+                    "hashes": [
+                        "08039ef764c01600b0b21b33fb9c45031fecacfbc62ac1400a2604783c513e4d",
+                        "152d31444542e5096b757127ed11c3aa8aa75869c7bed47c110251d6e4dc73de",
+                        "3b765b6d85b21b8304c2287d2ede993082455f64d904529dd8eb03482b5cf3b3",
+                        "57f94f852f1a625bebfe96a57be5c6cbcb17016f786ebe1991265c442dc42103",
+                        "5d0671d8aa8a4c3eaeca7d73c197f20fa5e3698f97d9f99abf50b4e43ab1d113",
+                        "bcb654091e412f70fd2fee09794a727f4309f613eb2f03c224a559c1c338115c",
+                        "d8650cb35c1ae0a368ceb7254f17b62f5e05abf8e4ce7fe3a0d8c39574532d95",
+                        "e76428349eaa3c7ff8417a3b892cd015a0c07a7971b4e422e21751b4f762ed79",
+                        "edf0c17aed631d1cd31e43c1be2291b74129f2b71be868156866a31fcac6cb05",
+                        "f98a7257bc518d66a99b78f55fbde062882e70024240e2136ef3d9ae4d85f911"
+                    ],
+                    "name": "DC_MUTEX-<random, matching [A-Z0-9]{7}>"
+                },
+                {
+                    "hashes": [
+                        "2be6e59520303b18c3c4524be67c74f8cadfe80101440fcd61d5da6a9648b48f",
+                        "411f03cb9f75856e767ff1b2c3d03464026f32943e4a193d65f8997e6bf7f0cd",
+                        "5e59a550cc3f18a66b663286b2ad08a5612fdd34e8e1667f5229c05e3053d48d",
+                        "63935268c3fd6806fc5de779b5f72358721f7dd537de53f019f3baa1cbdb3451",
+                        "9588eea7a663c0b1afa4019215e3720191ca182b8ab3267600d3c0015b8b6f90",
+                        "c671c6ba02521a078cffc1509fd3f5864791ad7c38a89b626cd2fc9159bd3de5",
+                        "f23c4432eb6761d5742ca93ac63e32f554b2f609089cce6c7b128560cad7864c"
+                    ],
+                    "name": "Administrator5"
+                },
+                {
+                    "hashes": [
+                        "2be6e59520303b18c3c4524be67c74f8cadfe80101440fcd61d5da6a9648b48f",
+                        "411f03cb9f75856e767ff1b2c3d03464026f32943e4a193d65f8997e6bf7f0cd",
+                        "63935268c3fd6806fc5de779b5f72358721f7dd537de53f019f3baa1cbdb3451",
+                        "9588eea7a663c0b1afa4019215e3720191ca182b8ab3267600d3c0015b8b6f90",
+                        "c671c6ba02521a078cffc1509fd3f5864791ad7c38a89b626cd2fc9159bd3de5",
+                        "f23c4432eb6761d5742ca93ac63e32f554b2f609089cce6c7b128560cad7864c"
+                    ],
+                    "name": "Administrator1"
+                },
+                {
+                    "hashes": [
+                        "2be6e59520303b18c3c4524be67c74f8cadfe80101440fcd61d5da6a9648b48f",
+                        "411f03cb9f75856e767ff1b2c3d03464026f32943e4a193d65f8997e6bf7f0cd",
+                        "63935268c3fd6806fc5de779b5f72358721f7dd537de53f019f3baa1cbdb3451",
+                        "9588eea7a663c0b1afa4019215e3720191ca182b8ab3267600d3c0015b8b6f90",
+                        "c671c6ba02521a078cffc1509fd3f5864791ad7c38a89b626cd2fc9159bd3de5",
+                        "f23c4432eb6761d5742ca93ac63e32f554b2f609089cce6c7b128560cad7864c"
+                    ],
+                    "name": "Administrator4"
+                },
+                {
+                    "hashes": [
+                        "08039ef764c01600b0b21b33fb9c45031fecacfbc62ac1400a2604783c513e4d",
+                        "152d31444542e5096b757127ed11c3aa8aa75869c7bed47c110251d6e4dc73de",
+                        "3b765b6d85b21b8304c2287d2ede993082455f64d904529dd8eb03482b5cf3b3",
+                        "57f94f852f1a625bebfe96a57be5c6cbcb17016f786ebe1991265c442dc42103",
+                        "5d0671d8aa8a4c3eaeca7d73c197f20fa5e3698f97d9f99abf50b4e43ab1d113",
+                        "bcb654091e412f70fd2fee09794a727f4309f613eb2f03c224a559c1c338115c"
+                    ],
+                    "name": "DCPERSFWBP"
+                },
+                {
+                    "hashes": [
+                        "1899e0b8e3b986a5de287ba23c6e81b287078d7d17eecf30eb10b8013633f709"
+                    ],
+                    "name": "Local\\https://docs.microsoft.com/"
+                },
+                {
+                    "hashes": [
+                        "6557faee4a706e851f0aa28785e38dc56bfd422c4d8864c754c884163ab8ab3d"
+                    ],
+                    "name": "IPKPMTX"
+                },
+                {
+                    "hashes": [
+                        "1be1d57117ab25b16d4d17176062dc0cb469e25dcf2ec8c751c2104365697ae6"
+                    ],
+                    "name": "Microsoft"
+                },
+                {
+                    "hashes": [
+                        "834ec1bfba399fed36481af92248915e4a4f9137a3ad3d2236b9932cbf7f142b"
+                    ],
+                    "name": "LFO701A1756D"
+                },
+                {
+                    "hashes": [
+                        "834ec1bfba399fed36481af92248915e4a4f9137a3ad3d2236b9932cbf7f142b"
+                    ],
+                    "name": "LFO701A1756D_PERSIST"
+                },
+                {
+                    "hashes": [
+                        "834ec1bfba399fed36481af92248915e4a4f9137a3ad3d2236b9932cbf7f142b"
+                    ],
+                    "name": "LFO701A1756D_SAIR"
+                },
+                {
+                    "hashes": [
+                        "b1bd6d9e01e6a377172d207b9c1f0ea2a22dd5cb8d1eb453c6753d8d4d1a2879"
+                    ],
+                    "name": "DCMIN_MUTEX-GPLB87U"
+                },
+                {
+                    "hashes": [
+                        "f23c4432eb6761d5742ca93ac63e32f554b2f609089cce6c7b128560cad7864c"
+                    ],
+                    "name": "DF6Y34V6PC32TK"
+                },
+                {
+                    "hashes": [
+                        "f23c4432eb6761d5742ca93ac63e32f554b2f609089cce6c7b128560cad7864c"
+                    ],
+                    "name": "DF6Y34V6PC32TK_PERSIST"
+                },
+                {
+                    "hashes": [
+                        "f23c4432eb6761d5742ca93ac63e32f554b2f609089cce6c7b128560cad7864c"
+                    ],
+                    "name": "DF6Y34V6PC32TK_SAIR"
+                },
+                {
+                    "hashes": [
+                        "0f6a595d6bfd0dc514dbde0b8be7cdb2aa1dba94a103f1c79205f0bcf9856e7f"
+                    ],
+                    "name": "pZx1Bf"
+                },
+                {
+                    "hashes": [
+                        "0f6a595d6bfd0dc514dbde0b8be7cdb2aa1dba94a103f1c79205f0bcf9856e7f"
+                    ],
+                    "name": "pZx1BfPERSIST"
+                },
+                {
+                    "hashes": [
+                        "0f6a595d6bfd0dc514dbde0b8be7cdb2aa1dba94a103f1c79205f0bcf9856e7f"
+                    ],
+                    "name": "pZx1BfEXIT"
+                },
+                {
+                    "hashes": [
+                        "1be1d57117ab25b16d4d17176062dc0cb469e25dcf2ec8c751c2104365697ae6"
+                    ],
+                    "name": "Microsoft_PERSIST"
+                },
+                {
+                    "hashes": [
+                        "1be1d57117ab25b16d4d17176062dc0cb469e25dcf2ec8c751c2104365697ae6"
+                    ],
+                    "name": "Microsoft_SAIR"
+                },
+                {
+                    "hashes": [
+                        "6557faee4a706e851f0aa28785e38dc56bfd422c4d8864c754c884163ab8ab3d"
+                    ],
+                    "name": "x1x2x3x4"
+                }
+            ],
+            "registry": [
+                {
+                    "hashes": [
+                        "08039ef764c01600b0b21b33fb9c45031fecacfbc62ac1400a2604783c513e4d",
+                        "152d31444542e5096b757127ed11c3aa8aa75869c7bed47c110251d6e4dc73de",
+                        "3b765b6d85b21b8304c2287d2ede993082455f64d904529dd8eb03482b5cf3b3",
+                        "57f94f852f1a625bebfe96a57be5c6cbcb17016f786ebe1991265c442dc42103",
+                        "5d0671d8aa8a4c3eaeca7d73c197f20fa5e3698f97d9f99abf50b4e43ab1d113",
+                        "b1bd6d9e01e6a377172d207b9c1f0ea2a22dd5cb8d1eb453c6753d8d4d1a2879",
+                        "bcb654091e412f70fd2fee09794a727f4309f613eb2f03c224a559c1c338115c",
+                        "d8650cb35c1ae0a368ceb7254f17b62f5e05abf8e4ce7fe3a0d8c39574532d95",
+                        "e76428349eaa3c7ff8417a3b892cd015a0c07a7971b4e422e21751b4f762ed79",
+                        "edf0c17aed631d1cd31e43c1be2291b74129f2b71be868156866a31fcac6cb05",
+                        "f98a7257bc518d66a99b78f55fbde062882e70024240e2136ef3d9ae4d85f911"
+                    ],
+                    "key": "<HKCU>\\SOFTWARE\\DC3_FEXEC",
+                    "value_name": null
+                },
+                {
+                    "hashes": [
+                        "08039ef764c01600b0b21b33fb9c45031fecacfbc62ac1400a2604783c513e4d",
+                        "152d31444542e5096b757127ed11c3aa8aa75869c7bed47c110251d6e4dc73de",
+                        "57f94f852f1a625bebfe96a57be5c6cbcb17016f786ebe1991265c442dc42103",
+                        "5d0671d8aa8a4c3eaeca7d73c197f20fa5e3698f97d9f99abf50b4e43ab1d113",
+                        "b1bd6d9e01e6a377172d207b9c1f0ea2a22dd5cb8d1eb453c6753d8d4d1a2879",
+                        "bcb654091e412f70fd2fee09794a727f4309f613eb2f03c224a559c1c338115c",
+                        "d8650cb35c1ae0a368ceb7254f17b62f5e05abf8e4ce7fe3a0d8c39574532d95",
+                        "e76428349eaa3c7ff8417a3b892cd015a0c07a7971b4e422e21751b4f762ed79",
+                        "edf0c17aed631d1cd31e43c1be2291b74129f2b71be868156866a31fcac6cb05",
+                        "f98a7257bc518d66a99b78f55fbde062882e70024240e2136ef3d9ae4d85f911"
+                    ],
+                    "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINLOGON",
+                    "value_name": "UserInit"
+                },
+                {
+                    "hashes": [
+                        "152d31444542e5096b757127ed11c3aa8aa75869c7bed47c110251d6e4dc73de",
+                        "d8650cb35c1ae0a368ceb7254f17b62f5e05abf8e4ce7fe3a0d8c39574532d95",
+                        "e76428349eaa3c7ff8417a3b892cd015a0c07a7971b4e422e21751b4f762ed79",
+                        "edf0c17aed631d1cd31e43c1be2291b74129f2b71be868156866a31fcac6cb05"
+                    ],
+                    "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\WSCSVC",
+                    "value_name": "Start"
+                },
+                {
+                    "hashes": [
+                        "08039ef764c01600b0b21b33fb9c45031fecacfbc62ac1400a2604783c513e4d",
+                        "57f94f852f1a625bebfe96a57be5c6cbcb17016f786ebe1991265c442dc42103",
+                        "bcb654091e412f70fd2fee09794a727f4309f613eb2f03c224a559c1c338115c",
+                        "e76428349eaa3c7ff8417a3b892cd015a0c07a7971b4e422e21751b4f762ed79"
+                    ],
+                    "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN",
+                    "value_name": "MicroUpdate"
+                },
+                {
+                    "hashes": [
+                        "0e473f4bdc3a37ef888a4f44616e0c09c38b8d7fcdb617736aa8f294dd99e920",
+                        "31535bfd8856f9497076a79fc6bac118901275a4928e9c31bfd42641aa624a98",
+                        "70ba4783c12ca57a129c5f3ab9d85ee34f5dc753952d15b49f5c54c6f067909e"
+                    ],
+                    "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN",
+                    "value_name": "dll"
+                },
+                {
+                    "hashes": [
+                        "152d31444542e5096b757127ed11c3aa8aa75869c7bed47c110251d6e4dc73de",
+                        "e76428349eaa3c7ff8417a3b892cd015a0c07a7971b4e422e21751b4f762ed79"
+                    ],
+                    "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\SHAREDACCESS\\PARAMETERS\\FIREWALLPOLICY\\STANDARDPROFILE",
+                    "value_name": "EnableFirewall"
+                },
+                {
+                    "hashes": [
+                        "152d31444542e5096b757127ed11c3aa8aa75869c7bed47c110251d6e4dc73de",
+                        "e76428349eaa3c7ff8417a3b892cd015a0c07a7971b4e422e21751b4f762ed79"
+                    ],
+                    "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\SHAREDACCESS\\PARAMETERS\\FIREWALLPOLICY\\STANDARDPROFILE",
+                    "value_name": "DisableNotifications"
+                },
+                {
+                    "hashes": [
+                        "152d31444542e5096b757127ed11c3aa8aa75869c7bed47c110251d6e4dc73de",
+                        "e76428349eaa3c7ff8417a3b892cd015a0c07a7971b4e422e21751b4f762ed79"
+                    ],
+                    "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\POLICIES\\SYSTEM",
+                    "value_name": "EnableLUA"
+                },
+                {
+                    "hashes": [
+                        "152d31444542e5096b757127ed11c3aa8aa75869c7bed47c110251d6e4dc73de",
+                        "e76428349eaa3c7ff8417a3b892cd015a0c07a7971b4e422e21751b4f762ed79"
+                    ],
+                    "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\SECURITY CENTER",
+                    "value_name": "AntiVirusDisableNotify"
+                },
+                {
+                    "hashes": [
+                        "152d31444542e5096b757127ed11c3aa8aa75869c7bed47c110251d6e4dc73de",
+                        "e76428349eaa3c7ff8417a3b892cd015a0c07a7971b4e422e21751b4f762ed79"
+                    ],
+                    "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\SECURITY CENTER",
+                    "value_name": "UpdatesDisableNotify"
+                },
+                {
+                    "hashes": [
+                        "152d31444542e5096b757127ed11c3aa8aa75869c7bed47c110251d6e4dc73de",
+                        "e76428349eaa3c7ff8417a3b892cd015a0c07a7971b4e422e21751b4f762ed79"
+                    ],
+                    "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\POLICIES\\CURRENTVERSION\\EXPLORERN",
+                    "value_name": "NoControlPanel"
+                },
+                {
+                    "hashes": [
+                        "152d31444542e5096b757127ed11c3aa8aa75869c7bed47c110251d6e4dc73de",
+                        "e76428349eaa3c7ff8417a3b892cd015a0c07a7971b4e422e21751b4f762ed79"
+                    ],
+                    "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\POLICIES\\SYSTEM",
+                    "value_name": "DisableRegistryTools"
+                },
+                {
+                    "hashes": [
+                        "0f6a595d6bfd0dc514dbde0b8be7cdb2aa1dba94a103f1c79205f0bcf9856e7f",
+                        "f23c4432eb6761d5742ca93ac63e32f554b2f609089cce6c7b128560cad7864c"
+                    ],
+                    "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN",
+                    "value_name": "HKLM"
+                },
+                {
+                    "hashes": [
+                        "0f6a595d6bfd0dc514dbde0b8be7cdb2aa1dba94a103f1c79205f0bcf9856e7f",
+                        "f23c4432eb6761d5742ca93ac63e32f554b2f609089cce6c7b128560cad7864c"
+                    ],
+                    "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN",
+                    "value_name": "HKCU"
+                },
+                {
+                    "hashes": [
+                        "152d31444542e5096b757127ed11c3aa8aa75869c7bed47c110251d6e4dc73de",
+                        "e76428349eaa3c7ff8417a3b892cd015a0c07a7971b4e422e21751b4f762ed79"
+                    ],
+                    "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\POLICIES\\SYSTEM",
+                    "value_name": null
+                },
+                {
+                    "hashes": [
+                        "1be1d57117ab25b16d4d17176062dc0cb469e25dcf2ec8c751c2104365697ae6",
+                        "f23c4432eb6761d5742ca93ac63e32f554b2f609089cce6c7b128560cad7864c"
+                    ],
+                    "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\POLICIES\\EXPLORER\\RUN",
+                    "value_name": null
+                },
+                {
+                    "hashes": [
+                        "1be1d57117ab25b16d4d17176062dc0cb469e25dcf2ec8c751c2104365697ae6",
+                        "f23c4432eb6761d5742ca93ac63e32f554b2f609089cce6c7b128560cad7864c"
+                    ],
+                    "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\POLICIES\\EXPLORER\\RUN",
+                    "value_name": null
+                },
+                {
+                    "hashes": [
+                        "152d31444542e5096b757127ed11c3aa8aa75869c7bed47c110251d6e4dc73de",
+                        "e76428349eaa3c7ff8417a3b892cd015a0c07a7971b4e422e21751b4f762ed79"
+                    ],
+                    "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\POLICIES\\CURRENTVERSION",
+                    "value_name": null
+                },
+                {
+                    "hashes": [
+                        "152d31444542e5096b757127ed11c3aa8aa75869c7bed47c110251d6e4dc73de",
+                        "e76428349eaa3c7ff8417a3b892cd015a0c07a7971b4e422e21751b4f762ed79"
+                    ],
+                    "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\POLICIES\\CURRENTVERSION\\EXPLORERN",
+                    "value_name": null
+                },
+                {
+                    "hashes": [
+                        "d8650cb35c1ae0a368ceb7254f17b62f5e05abf8e4ce7fe3a0d8c39574532d95",
+                        "edf0c17aed631d1cd31e43c1be2291b74129f2b71be868156866a31fcac6cb05"
+                    ],
+                    "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN",
+                    "value_name": "Microsoft"
+                },
+                {
+                    "hashes": [
+                        "152d31444542e5096b757127ed11c3aa8aa75869c7bed47c110251d6e4dc73de"
+                    ],
+                    "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN",
+                    "value_name": "msdcsc"
+                },
+                {
+                    "hashes": [
+                        "b1bd6d9e01e6a377172d207b9c1f0ea2a22dd5cb8d1eb453c6753d8d4d1a2879"
+                    ],
+                    "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN",
+                    "value_name": "))))))))))))))))))))))))"
+                },
+                {
+                    "hashes": [
+                        "f23c4432eb6761d5742ca93ac63e32f554b2f609089cce6c7b128560cad7864c"
+                    ],
+                    "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\ACTIVE SETUP\\INSTALLED COMPONENTS\\{51P2C78S-7FGB-24RE-T153-QSOS5248SH3A}",
+                    "value_name": null
+                },
+                {
+                    "hashes": [
+                        "f23c4432eb6761d5742ca93ac63e32f554b2f609089cce6c7b128560cad7864c"
+                    ],
+                    "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\ACTIVE SETUP\\INSTALLED COMPONENTS\\{51P2C78S-7FGB-24RE-T153-QSOS5248SH3A}",
+                    "value_name": "StubPath"
+                },
+                {
+                    "hashes": [
+                        "f23c4432eb6761d5742ca93ac63e32f554b2f609089cce6c7b128560cad7864c"
+                    ],
+                    "key": "<HKCU>\\SOFTWARE\\REMOTE",
+                    "value_name": "FirstExecution"
+                },
+                {
+                    "hashes": [
+                        "f98a7257bc518d66a99b78f55fbde062882e70024240e2136ef3d9ae4d85f911"
+                    ],
+                    "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN",
+                    "value_name": "winlogon.exe"
+                },
+                {
+                    "hashes": [
+                        "0f6a595d6bfd0dc514dbde0b8be7cdb2aa1dba94a103f1c79205f0bcf9856e7f"
+                    ],
+                    "key": "<HKCU>\\SOFTWARE\\PZX1BF",
+                    "value_name": null
+                },
+                {
+                    "hashes": [
+                        "0f6a595d6bfd0dc514dbde0b8be7cdb2aa1dba94a103f1c79205f0bcf9856e7f"
+                    ],
+                    "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\ACTIVE SETUP\\INSTALLED COMPONENTS\\{LCYKLPC8-3GPM-5T71-2B35-MD1K274642KG}",
+                    "value_name": null
+                },
+                {
+                    "hashes": [
+                        "0f6a595d6bfd0dc514dbde0b8be7cdb2aa1dba94a103f1c79205f0bcf9856e7f"
+                    ],
+                    "key": "<HKCU>\\SOFTWARE\\XTREMERAT",
+                    "value_name": "Mutex"
+                },
+                {
+                    "hashes": [
+                        "0f6a595d6bfd0dc514dbde0b8be7cdb2aa1dba94a103f1c79205f0bcf9856e7f"
+                    ],
+                    "key": "<HKCU>\\SOFTWARE\\PZX1BF",
+                    "value_name": "ServerStarted"
+                },
+                {
+                    "hashes": [
+                        "0f6a595d6bfd0dc514dbde0b8be7cdb2aa1dba94a103f1c79205f0bcf9856e7f"
+                    ],
+                    "key": "<HKCU>\\SOFTWARE\\PZX1BF",
+                    "value_name": "ServerName"
+                },
+                {
+                    "hashes": [
+                        "0f6a595d6bfd0dc514dbde0b8be7cdb2aa1dba94a103f1c79205f0bcf9856e7f"
+                    ],
+                    "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\ACTIVE SETUP\\INSTALLED COMPONENTS\\{LCYKLPC8-3GPM-5T71-2B35-MD1K274642KG}",
+                    "value_name": "StubPath"
+                },
+                {
+                    "hashes": [
+                        "1be1d57117ab25b16d4d17176062dc0cb469e25dcf2ec8c751c2104365697ae6"
+                    ],
+                    "key": "<HKCU>\\SOFTWARE\\TRADE HACK",
+                    "value_name": null
+                },
+                {
+                    "hashes": [
+                        "1be1d57117ab25b16d4d17176062dc0cb469e25dcf2ec8c751c2104365697ae6"
+                    ],
+                    "key": "<HKCU>\\SOFTWARE\\TRADE HACK",
+                    "value_name": "FirstExecution"
+                },
+                {
+                    "hashes": [
+                        "1be1d57117ab25b16d4d17176062dc0cb469e25dcf2ec8c751c2104365697ae6"
+                    ],
+                    "key": "<HKCU>\\SOFTWARE\\TRADE HACK",
+                    "value_name": "NewIdentification"
+                },
+                {
+                    "hashes": [
+                        "1be1d57117ab25b16d4d17176062dc0cb469e25dcf2ec8c751c2104365697ae6"
+                    ],
+                    "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\ACTIVE SETUP\\INSTALLED COMPONENTS\\{35U3X061-1S3N-6815-2665-WR6131KBIU55}",
+                    "value_name": null
+                },
+                {
+                    "hashes": [
+                        "1be1d57117ab25b16d4d17176062dc0cb469e25dcf2ec8c751c2104365697ae6"
+                    ],
+                    "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN",
+                    "value_name": "Win32"
+                },
+                {
+                    "hashes": [
+                        "1be1d57117ab25b16d4d17176062dc0cb469e25dcf2ec8c751c2104365697ae6"
+                    ],
+                    "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\ACTIVE SETUP\\INSTALLED COMPONENTS\\{35U3X061-1S3N-6815-2665-WR6131KBIU55}",
+                    "value_name": "StubPath"
+                },
+                {
+                    "hashes": [
+                        "6557faee4a706e851f0aa28785e38dc56bfd422c4d8864c754c884163ab8ab3d"
+                    ],
+                    "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN",
+                    "value_name": "Windows Update"
+                },
+                {
+                    "hashes": [
+                        "50e76d4936b183bf0c03761a38bf0d74e037ce72b59df8a28764b7f446675f51"
+                    ],
+                    "key": "<HKLM>\\SOFTWARE\\CLASSES\\.725863",
+                    "value_name": null
+                },
+                {
+                    "hashes": [
+                        "50e76d4936b183bf0c03761a38bf0d74e037ce72b59df8a28764b7f446675f51"
+                    ],
+                    "key": "<HKLM>\\SOFTWARE\\CLASSES\\SOHSGQBZPYWWZAD",
+                    "value_name": null
+                },
+                {
+                    "hashes": [
+                        "50e76d4936b183bf0c03761a38bf0d74e037ce72b59df8a28764b7f446675f51"
+                    ],
+                    "key": "<HKLM>\\SOFTWARE\\CLASSES\\SOHSGQBZPYWWZAD\\DEFAULTICON",
+                    "value_name": null
+                },
+                {
+                    "hashes": [
+                        "50e76d4936b183bf0c03761a38bf0d74e037ce72b59df8a28764b7f446675f51"
+                    ],
+                    "key": "<HKLM>\\SOFTWARE\\CLASSES\\SOHSGQBZPYWWZAD\\SHELL",
+                    "value_name": null
+                },
+                {
+                    "hashes": [
+                        "50e76d4936b183bf0c03761a38bf0d74e037ce72b59df8a28764b7f446675f51"
+                    ],
+                    "key": "<HKLM>\\SOFTWARE\\CLASSES\\SOHSGQBZPYWWZAD\\SHELL\\OPEN",
+                    "value_name": null
+                },
+                {
+                    "hashes": [
+                        "50e76d4936b183bf0c03761a38bf0d74e037ce72b59df8a28764b7f446675f51"
+                    ],
+                    "key": "<HKLM>\\SOFTWARE\\CLASSES\\SOHSGQBZPYWWZAD\\SHELL\\OPEN\\COMMAND",
+                    "value_name": null
+                },
+                {
+                    "hashes": [
+                        "50e76d4936b183bf0c03761a38bf0d74e037ce72b59df8a28764b7f446675f51"
+                    ],
+                    "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN",
+                    "value_name": "Alcmeter"
+                },
+                {
+                    "hashes": [
+                        "50e76d4936b183bf0c03761a38bf0d74e037ce72b59df8a28764b7f446675f51"
+                    ],
+                    "key": "<HKLM>\\SOFTWARE\\CLASSES\\.725863",
+                    "value_name": ""
+                },
+                {
+                    "hashes": [
+                        "50e76d4936b183bf0c03761a38bf0d74e037ce72b59df8a28764b7f446675f51"
+                    ],
+                    "key": "<HKLM>\\SOFTWARE\\CLASSES\\SOHSGQBZPYWWZAD",
+                    "value_name": ""
+                },
+                {
+                    "hashes": [
+                        "50e76d4936b183bf0c03761a38bf0d74e037ce72b59df8a28764b7f446675f51"
+                    ],
+                    "key": "<HKLM>\\SOFTWARE\\CLASSES\\SOHSGQBZPYWWZAD\\DEFAULTICON",
+                    "value_name": ""
+                },
+                {
+                    "hashes": [
+                        "50e76d4936b183bf0c03761a38bf0d74e037ce72b59df8a28764b7f446675f51"
+                    ],
+                    "key": "<HKLM>\\SOFTWARE\\CLASSES\\SOHSGQBZPYWWZAD\\SHELL\\OPEN\\COMMAND",
+                    "value_name": ""
+                }
+            ]
+        },
+        "reports_count": 37
+    },
+    "Win.Dropper.Emotet-7916286-0": {
+        "bis": [
+            {
+                "bi": "pe-encrypted-section",
+                "hashes": [
+                    "c2532fa62e30b21e80d77b50ebcdcd6448d8f3bd093f7c0a7f364f6929a4413e",
+                    "49203fc60b2d9ad0f244637732cf598a3748063610779ad17f1ca06a36e98067",
+                    "a5ad31517a1d5c47b07a969adf0cac3ca36fcf75f8294f381d1c55ee816ae751",
+                    "3661ff97330d218f720d5ef2b7e7228ffe8e00bae17b323cea9cbf372f53a610",
+                    "1439554c970367a8a5537acf228ecf9c034e22349abec790610f110777c31049",
+                    "12dd0d6980466a1352a129d9a9cb46dc2292293c9a52bf4cdcd1e800f3496f58",
+                    "92a70b066baf52ef85155b4c14ea46f276af53175c456762febb79afb261c84c",
+                    "826c8af37ff6d02f1fc29f98edf9acf77473310e68d5318263cafb60e849d871",
+                    "2f8904658ab8fbde508f5e322c44bc8d19cb82a1c09384295747dc75f5d43a18",
+                    "3773a60b1c652c920e002f0e5d2271340e4c4c01343ff4ea45766656d3ee02dc",
+                    "dea443fd9b9c480d9a80b9db9785b61d66a516f365424ba4c0748e23d0a4463d",
+                    "d66ddfe71ab137d862f94882475f5eff7a7844a2180e55c02fab658a29986dc9",
+                    "ef812b01fbe9906f65f861b047ed8abee42a7954115129f25ced15dcde1dde20",
+                    "d20704d6e80e7a3041ce040c0917e301a5364fe3dd0aee1293494d598eff5243",
+                    "4725101e4d4fd71e1950adabfd95b74bfbd5d1fbabbe6504b4468ed48d24e9b9",
+                    "8f7f1306ecd94e8512016a109c884d49698afeba77a1076f690445b07c8fdd7e",
+                    "9957bc67cc01d0d36f50b15c01e9ae7b739d6decf8ec37384cd974f4a1bd323c",
+                    "8caae9d2da14a76eb8dc9cb76ed0072a0d376c69b5907202c4c6000645d0981a",
+                    "901867cb3a008060c8404b54688d04dd04e2706664515cc687933ee62c4ef432",
+                    "82c313e9c00cf9f07bf1a6a1235938d0cf3a0ac678183fe9968f8062de880275",
+                    "88768a6e480806fcc06e46b2622d8d3b15df310c340506d8163753b2daf78776",
+                    "1ff65a7530d7a95b3477f6845eae29f2b49d195878542a598c543141c1ba46b1",
+                    "3e1b43c44cb94417a4c4005456515882731d2000ff6b5eaf62b3e8665bc862cf",
+                    "0dd76654dc339f05497023f255e7100de1dc3bf4d134ccb078b32f617df6caa7",
+                    "1e731e9409ae23c92129740ee934826b68f20154d52b92e1cebf84710ee91323",
+                    "eded5f8342ae9b92e073647988c1f0de3e65a5d64dcebda41b8cdc0cbb4c3534",
+                    "cd9f151945acfeecb5bd0add9965c689724e37f4f0cb75e957e622291f7d8825"
+                ],
+                "mitre_attack_tags": [
+                    "TA0005",
+                    "T1027"
+                ]
+            },
+            {
+                "bi": "memory-execute-readwrite",
+                "hashes": [
+                    "c2532fa62e30b21e80d77b50ebcdcd6448d8f3bd093f7c0a7f364f6929a4413e",
+                    "49203fc60b2d9ad0f244637732cf598a3748063610779ad17f1ca06a36e98067",
+                    "a5ad31517a1d5c47b07a969adf0cac3ca36fcf75f8294f381d1c55ee816ae751",
+                    "3661ff97330d218f720d5ef2b7e7228ffe8e00bae17b323cea9cbf372f53a610",
+                    "1439554c970367a8a5537acf228ecf9c034e22349abec790610f110777c31049",
+                    "12dd0d6980466a1352a129d9a9cb46dc2292293c9a52bf4cdcd1e800f3496f58",
+                    "92a70b066baf52ef85155b4c14ea46f276af53175c456762febb79afb261c84c",
+                    "826c8af37ff6d02f1fc29f98edf9acf77473310e68d5318263cafb60e849d871",
+                    "2f8904658ab8fbde508f5e322c44bc8d19cb82a1c09384295747dc75f5d43a18",
+                    "3773a60b1c652c920e002f0e5d2271340e4c4c01343ff4ea45766656d3ee02dc",
+                    "dea443fd9b9c480d9a80b9db9785b61d66a516f365424ba4c0748e23d0a4463d",
+                    "d66ddfe71ab137d862f94882475f5eff7a7844a2180e55c02fab658a29986dc9",
+                    "ef812b01fbe9906f65f861b047ed8abee42a7954115129f25ced15dcde1dde20",
+                    "d20704d6e80e7a3041ce040c0917e301a5364fe3dd0aee1293494d598eff5243",
+                    "4725101e4d4fd71e1950adabfd95b74bfbd5d1fbabbe6504b4468ed48d24e9b9",
+                    "8f7f1306ecd94e8512016a109c884d49698afeba77a1076f690445b07c8fdd7e",
+                    "9957bc67cc01d0d36f50b15c01e9ae7b739d6decf8ec37384cd974f4a1bd323c",
+                    "8caae9d2da14a76eb8dc9cb76ed0072a0d376c69b5907202c4c6000645d0981a",
+                    "901867cb3a008060c8404b54688d04dd04e2706664515cc687933ee62c4ef432",
+                    "82c313e9c00cf9f07bf1a6a1235938d0cf3a0ac678183fe9968f8062de880275",
+                    "88768a6e480806fcc06e46b2622d8d3b15df310c340506d8163753b2daf78776",
+                    "1ff65a7530d7a95b3477f6845eae29f2b49d195878542a598c543141c1ba46b1",
+                    "3e1b43c44cb94417a4c4005456515882731d2000ff6b5eaf62b3e8665bc862cf",
+                    "0dd76654dc339f05497023f255e7100de1dc3bf4d134ccb078b32f617df6caa7",
+                    "1e731e9409ae23c92129740ee934826b68f20154d52b92e1cebf84710ee91323",
+                    "eded5f8342ae9b92e073647988c1f0de3e65a5d64dcebda41b8cdc0cbb4c3534",
+                    "cd9f151945acfeecb5bd0add9965c689724e37f4f0cb75e957e622291f7d8825"
+                ],
+                "mitre_attack_tags": [
+                    "TA0005",
+                    "TA0004",
+                    "T1055",
+                    "T1181"
+                ]
+            },
+            {
+                "bi": "antivirus-service-flagged-artifact",
+                "hashes": [
+                    "c2532fa62e30b21e80d77b50ebcdcd6448d8f3bd093f7c0a7f364f6929a4413e",
+                    "49203fc60b2d9ad0f244637732cf598a3748063610779ad17f1ca06a36e98067",
+                    "a5ad31517a1d5c47b07a969adf0cac3ca36fcf75f8294f381d1c55ee816ae751",
+                    "3661ff97330d218f720d5ef2b7e7228ffe8e00bae17b323cea9cbf372f53a610",
+                    "1439554c970367a8a5537acf228ecf9c034e22349abec790610f110777c31049",
+                    "12dd0d6980466a1352a129d9a9cb46dc2292293c9a52bf4cdcd1e800f3496f58",
+                    "92a70b066baf52ef85155b4c14ea46f276af53175c456762febb79afb261c84c",
+                    "826c8af37ff6d02f1fc29f98edf9acf77473310e68d5318263cafb60e849d871",
+                    "2f8904658ab8fbde508f5e322c44bc8d19cb82a1c09384295747dc75f5d43a18",
+                    "3773a60b1c652c920e002f0e5d2271340e4c4c01343ff4ea45766656d3ee02dc",
+                    "dea443fd9b9c480d9a80b9db9785b61d66a516f365424ba4c0748e23d0a4463d",
+                    "d66ddfe71ab137d862f94882475f5eff7a7844a2180e55c02fab658a29986dc9",
+                    "ef812b01fbe9906f65f861b047ed8abee42a7954115129f25ced15dcde1dde20",
+                    "d20704d6e80e7a3041ce040c0917e301a5364fe3dd0aee1293494d598eff5243",
+                    "4725101e4d4fd71e1950adabfd95b74bfbd5d1fbabbe6504b4468ed48d24e9b9",
+                    "8f7f1306ecd94e8512016a109c884d49698afeba77a1076f690445b07c8fdd7e",
+                    "9957bc67cc01d0d36f50b15c01e9ae7b739d6decf8ec37384cd974f4a1bd323c",
+                    "8caae9d2da14a76eb8dc9cb76ed0072a0d376c69b5907202c4c6000645d0981a",
+                    "901867cb3a008060c8404b54688d04dd04e2706664515cc687933ee62c4ef432",
+                    "82c313e9c00cf9f07bf1a6a1235938d0cf3a0ac678183fe9968f8062de880275",
+                    "88768a6e480806fcc06e46b2622d8d3b15df310c340506d8163753b2daf78776",
+                    "1ff65a7530d7a95b3477f6845eae29f2b49d195878542a598c543141c1ba46b1",
+                    "3e1b43c44cb94417a4c4005456515882731d2000ff6b5eaf62b3e8665bc862cf",
+                    "0dd76654dc339f05497023f255e7100de1dc3bf4d134ccb078b32f617df6caa7",
+                    "1e731e9409ae23c92129740ee934826b68f20154d52b92e1cebf84710ee91323",
+                    "eded5f8342ae9b92e073647988c1f0de3e65a5d64dcebda41b8cdc0cbb4c3534",
+                    "cd9f151945acfeecb5bd0add9965c689724e37f4f0cb75e957e622291f7d8825"
+                ],
+                "mitre_attack_tags": []
+            },
+            {
+                "bi": "network-snort-policy",
+                "hashes": [
+                    "c2532fa62e30b21e80d77b50ebcdcd6448d8f3bd093f7c0a7f364f6929a4413e",
+                    "49203fc60b2d9ad0f244637732cf598a3748063610779ad17f1ca06a36e98067",
+                    "a5ad31517a1d5c47b07a969adf0cac3ca36fcf75f8294f381d1c55ee816ae751",
+                    "3661ff97330d218f720d5ef2b7e7228ffe8e00bae17b323cea9cbf372f53a610",
+                    "1439554c970367a8a5537acf228ecf9c034e22349abec790610f110777c31049",
+                    "12dd0d6980466a1352a129d9a9cb46dc2292293c9a52bf4cdcd1e800f3496f58",
+                    "92a70b066baf52ef85155b4c14ea46f276af53175c456762febb79afb261c84c",
+                    "826c8af37ff6d02f1fc29f98edf9acf77473310e68d5318263cafb60e849d871",
+                    "2f8904658ab8fbde508f5e322c44bc8d19cb82a1c09384295747dc75f5d43a18",
+                    "3773a60b1c652c920e002f0e5d2271340e4c4c01343ff4ea45766656d3ee02dc",
+                    "dea443fd9b9c480d9a80b9db9785b61d66a516f365424ba4c0748e23d0a4463d",
+                    "d66ddfe71ab137d862f94882475f5eff7a7844a2180e55c02fab658a29986dc9",
+                    "ef812b01fbe9906f65f861b047ed8abee42a7954115129f25ced15dcde1dde20",
+                    "d20704d6e80e7a3041ce040c0917e301a5364fe3dd0aee1293494d598eff5243",
+                    "4725101e4d4fd71e1950adabfd95b74bfbd5d1fbabbe6504b4468ed48d24e9b9",
+                    "8f7f1306ecd94e8512016a109c884d49698afeba77a1076f690445b07c8fdd7e",
+                    "9957bc67cc01d0d36f50b15c01e9ae7b739d6decf8ec37384cd974f4a1bd323c",
+                    "8caae9d2da14a76eb8dc9cb76ed0072a0d376c69b5907202c4c6000645d0981a",
+                    "901867cb3a008060c8404b54688d04dd04e2706664515cc687933ee62c4ef432",
+                    "82c313e9c00cf9f07bf1a6a1235938d0cf3a0ac678183fe9968f8062de880275",
+                    "88768a6e480806fcc06e46b2622d8d3b15df310c340506d8163753b2daf78776",
+                    "1ff65a7530d7a95b3477f6845eae29f2b49d195878542a598c543141c1ba46b1",
+                    "3e1b43c44cb94417a4c4005456515882731d2000ff6b5eaf62b3e8665bc862cf",
+                    "0dd76654dc339f05497023f255e7100de1dc3bf4d134ccb078b32f617df6caa7",
+                    "1e731e9409ae23c92129740ee934826b68f20154d52b92e1cebf84710ee91323",
+                    "eded5f8342ae9b92e073647988c1f0de3e65a5d64dcebda41b8cdc0cbb4c3534",
+                    "cd9f151945acfeecb5bd0add9965c689724e37f4f0cb75e957e622291f7d8825"
+                ],
+                "mitre_attack_tags": []
+            },
+            {
+                "bi": "nginx-webserver-detected",
+                "hashes": [
+                    "c2532fa62e30b21e80d77b50ebcdcd6448d8f3bd093f7c0a7f364f6929a4413e",
+                    "49203fc60b2d9ad0f244637732cf598a3748063610779ad17f1ca06a36e98067",
+                    "a5ad31517a1d5c47b07a969adf0cac3ca36fcf75f8294f381d1c55ee816ae751",
+                    "3661ff97330d218f720d5ef2b7e7228ffe8e00bae17b323cea9cbf372f53a610",
+                    "1439554c970367a8a5537acf228ecf9c034e22349abec790610f110777c31049",
+                    "12dd0d6980466a1352a129d9a9cb46dc2292293c9a52bf4cdcd1e800f3496f58",
+                    "92a70b066baf52ef85155b4c14ea46f276af53175c456762febb79afb261c84c",
+                    "826c8af37ff6d02f1fc29f98edf9acf77473310e68d5318263cafb60e849d871",
+                    "2f8904658ab8fbde508f5e322c44bc8d19cb82a1c09384295747dc75f5d43a18",
+                    "3773a60b1c652c920e002f0e5d2271340e4c4c01343ff4ea45766656d3ee02dc",
+                    "dea443fd9b9c480d9a80b9db9785b61d66a516f365424ba4c0748e23d0a4463d",
+                    "d66ddfe71ab137d862f94882475f5eff7a7844a2180e55c02fab658a29986dc9",
+                    "ef812b01fbe9906f65f861b047ed8abee42a7954115129f25ced15dcde1dde20",
+                    "d20704d6e80e7a3041ce040c0917e301a5364fe3dd0aee1293494d598eff5243",
+                    "4725101e4d4fd71e1950adabfd95b74bfbd5d1fbabbe6504b4468ed48d24e9b9",
+                    "8f7f1306ecd94e8512016a109c884d49698afeba77a1076f690445b07c8fdd7e",
+                    "9957bc67cc01d0d36f50b15c01e9ae7b739d6decf8ec37384cd974f4a1bd323c",
+                    "8caae9d2da14a76eb8dc9cb76ed0072a0d376c69b5907202c4c6000645d0981a",
+                    "901867cb3a008060c8404b54688d04dd04e2706664515cc687933ee62c4ef432",
+                    "82c313e9c00cf9f07bf1a6a1235938d0cf3a0ac678183fe9968f8062de880275",
+                    "88768a6e480806fcc06e46b2622d8d3b15df310c340506d8163753b2daf78776",
+                    "1ff65a7530d7a95b3477f6845eae29f2b49d195878542a598c543141c1ba46b1",
+                    "3e1b43c44cb94417a4c4005456515882731d2000ff6b5eaf62b3e8665bc862cf",
+                    "0dd76654dc339f05497023f255e7100de1dc3bf4d134ccb078b32f617df6caa7",
+                    "1e731e9409ae23c92129740ee934826b68f20154d52b92e1cebf84710ee91323",
+                    "eded5f8342ae9b92e073647988c1f0de3e65a5d64dcebda41b8cdc0cbb4c3534",
+                    "cd9f151945acfeecb5bd0add9965c689724e37f4f0cb75e957e622291f7d8825"
+                ],
+                "mitre_attack_tags": []
+            },
+            {
+                "bi": "network-http-numeric-ip",
+                "hashes": [
+                    "c2532fa62e30b21e80d77b50ebcdcd6448d8f3bd093f7c0a7f364f6929a4413e",
+                    "49203fc60b2d9ad0f244637732cf598a3748063610779ad17f1ca06a36e98067",
+                    "a5ad31517a1d5c47b07a969adf0cac3ca36fcf75f8294f381d1c55ee816ae751",
+                    "3661ff97330d218f720d5ef2b7e7228ffe8e00bae17b323cea9cbf372f53a610",
+                    "1439554c970367a8a5537acf228ecf9c034e22349abec790610f110777c31049",
+                    "12dd0d6980466a1352a129d9a9cb46dc2292293c9a52bf4cdcd1e800f3496f58",
+                    "92a70b066baf52ef85155b4c14ea46f276af53175c456762febb79afb261c84c",
+                    "826c8af37ff6d02f1fc29f98edf9acf77473310e68d5318263cafb60e849d871",
+                    "2f8904658ab8fbde508f5e322c44bc8d19cb82a1c09384295747dc75f5d43a18",
+                    "3773a60b1c652c920e002f0e5d2271340e4c4c01343ff4ea45766656d3ee02dc",
+                    "dea443fd9b9c480d9a80b9db9785b61d66a516f365424ba4c0748e23d0a4463d",
+                    "d66ddfe71ab137d862f94882475f5eff7a7844a2180e55c02fab658a29986dc9",
+                    "ef812b01fbe9906f65f861b047ed8abee42a7954115129f25ced15dcde1dde20",
+                    "d20704d6e80e7a3041ce040c0917e301a5364fe3dd0aee1293494d598eff5243",
+                    "4725101e4d4fd71e1950adabfd95b74bfbd5d1fbabbe6504b4468ed48d24e9b9",
+                    "8f7f1306ecd94e8512016a109c884d49698afeba77a1076f690445b07c8fdd7e",
+                    "9957bc67cc01d0d36f50b15c01e9ae7b739d6decf8ec37384cd974f4a1bd323c",
+                    "8caae9d2da14a76eb8dc9cb76ed0072a0d376c69b5907202c4c6000645d0981a",
+                    "901867cb3a008060c8404b54688d04dd04e2706664515cc687933ee62c4ef432",
+                    "82c313e9c00cf9f07bf1a6a1235938d0cf3a0ac678183fe9968f8062de880275",
+                    "88768a6e480806fcc06e46b2622d8d3b15df310c340506d8163753b2daf78776",
+                    "1ff65a7530d7a95b3477f6845eae29f2b49d195878542a598c543141c1ba46b1",
+                    "3e1b43c44cb94417a4c4005456515882731d2000ff6b5eaf62b3e8665bc862cf",
+                    "0dd76654dc339f05497023f255e7100de1dc3bf4d134ccb078b32f617df6caa7",
+                    "1e731e9409ae23c92129740ee934826b68f20154d52b92e1cebf84710ee91323",
+                    "eded5f8342ae9b92e073647988c1f0de3e65a5d64dcebda41b8cdc0cbb4c3534",
+                    "cd9f151945acfeecb5bd0add9965c689724e37f4f0cb75e957e622291f7d8825"
+                ],
+                "mitre_attack_tags": [
+                    "TA0011",
+                    "TA0005",
+                    "T1071"
+                ]
+            },
+            {
+                "bi": "network-communications-http-post",
+                "hashes": [
+                    "c2532fa62e30b21e80d77b50ebcdcd6448d8f3bd093f7c0a7f364f6929a4413e",
+                    "49203fc60b2d9ad0f244637732cf598a3748063610779ad17f1ca06a36e98067",
+                    "a5ad31517a1d5c47b07a969adf0cac3ca36fcf75f8294f381d1c55ee816ae751",
+                    "3661ff97330d218f720d5ef2b7e7228ffe8e00bae17b323cea9cbf372f53a610",
+                    "1439554c970367a8a5537acf228ecf9c034e22349abec790610f110777c31049",
+                    "12dd0d6980466a1352a129d9a9cb46dc2292293c9a52bf4cdcd1e800f3496f58",
+                    "92a70b066baf52ef85155b4c14ea46f276af53175c456762febb79afb261c84c",
+                    "826c8af37ff6d02f1fc29f98edf9acf77473310e68d5318263cafb60e849d871",
+                    "2f8904658ab8fbde508f5e322c44bc8d19cb82a1c09384295747dc75f5d43a18",
+                    "3773a60b1c652c920e002f0e5d2271340e4c4c01343ff4ea45766656d3ee02dc",
+                    "dea443fd9b9c480d9a80b9db9785b61d66a516f365424ba4c0748e23d0a4463d",
+                    "d66ddfe71ab137d862f94882475f5eff7a7844a2180e55c02fab658a29986dc9",
+                    "ef812b01fbe9906f65f861b047ed8abee42a7954115129f25ced15dcde1dde20",
+                    "d20704d6e80e7a3041ce040c0917e301a5364fe3dd0aee1293494d598eff5243",
+                    "4725101e4d4fd71e1950adabfd95b74bfbd5d1fbabbe6504b4468ed48d24e9b9",
+                    "8f7f1306ecd94e8512016a109c884d49698afeba77a1076f690445b07c8fdd7e",
+                    "9957bc67cc01d0d36f50b15c01e9ae7b739d6decf8ec37384cd974f4a1bd323c",
+                    "8caae9d2da14a76eb8dc9cb76ed0072a0d376c69b5907202c4c6000645d0981a",
+                    "901867cb3a008060c8404b54688d04dd04e2706664515cc687933ee62c4ef432",
+                    "82c313e9c00cf9f07bf1a6a1235938d0cf3a0ac678183fe9968f8062de880275",
+                    "88768a6e480806fcc06e46b2622d8d3b15df310c340506d8163753b2daf78776",
+                    "1ff65a7530d7a95b3477f6845eae29f2b49d195878542a598c543141c1ba46b1",
+                    "3e1b43c44cb94417a4c4005456515882731d2000ff6b5eaf62b3e8665bc862cf",
+                    "0dd76654dc339f05497023f255e7100de1dc3bf4d134ccb078b32f617df6caa7",
+                    "1e731e9409ae23c92129740ee934826b68f20154d52b92e1cebf84710ee91323",
+                    "eded5f8342ae9b92e073647988c1f0de3e65a5d64dcebda41b8cdc0cbb4c3534",
+                    "cd9f151945acfeecb5bd0add9965c689724e37f4f0cb75e957e622291f7d8825"
+                ],
+                "mitre_attack_tags": [
+                    "TA0011",
+                    "TA0010",
+                    "T1048"
+                ]
+            },
+            {
+                "bi": "hook-installed",
+                "hashes": [
+                    "c2532fa62e30b21e80d77b50ebcdcd6448d8f3bd093f7c0a7f364f6929a4413e",
+                    "49203fc60b2d9ad0f244637732cf598a3748063610779ad17f1ca06a36e98067",
+                    "a5ad31517a1d5c47b07a969adf0cac3ca36fcf75f8294f381d1c55ee816ae751",
+                    "3661ff97330d218f720d5ef2b7e7228ffe8e00bae17b323cea9cbf372f53a610",
+                    "1439554c970367a8a5537acf228ecf9c034e22349abec790610f110777c31049",
+                    "12dd0d6980466a1352a129d9a9cb46dc2292293c9a52bf4cdcd1e800f3496f58",
+                    "92a70b066baf52ef85155b4c14ea46f276af53175c456762febb79afb261c84c",
+                    "826c8af37ff6d02f1fc29f98edf9acf77473310e68d5318263cafb60e849d871",
+                    "2f8904658ab8fbde508f5e322c44bc8d19cb82a1c09384295747dc75f5d43a18",
+                    "3773a60b1c652c920e002f0e5d2271340e4c4c01343ff4ea45766656d3ee02dc",
+                    "dea443fd9b9c480d9a80b9db9785b61d66a516f365424ba4c0748e23d0a4463d",
+                    "d66ddfe71ab137d862f94882475f5eff7a7844a2180e55c02fab658a29986dc9",
+                    "ef812b01fbe9906f65f861b047ed8abee42a7954115129f25ced15dcde1dde20",
+                    "d20704d6e80e7a3041ce040c0917e301a5364fe3dd0aee1293494d598eff5243",
+                    "4725101e4d4fd71e1950adabfd95b74bfbd5d1fbabbe6504b4468ed48d24e9b9",
+                    "8f7f1306ecd94e8512016a109c884d49698afeba77a1076f690445b07c8fdd7e",
+                    "9957bc67cc01d0d36f50b15c01e9ae7b739d6decf8ec37384cd974f4a1bd323c",
+                    "8caae9d2da14a76eb8dc9cb76ed0072a0d376c69b5907202c4c6000645d0981a",
+                    "901867cb3a008060c8404b54688d04dd04e2706664515cc687933ee62c4ef432",
+                    "82c313e9c00cf9f07bf1a6a1235938d0cf3a0ac678183fe9968f8062de880275",
+                    "88768a6e480806fcc06e46b2622d8d3b15df310c340506d8163753b2daf78776",
+                    "1ff65a7530d7a95b3477f6845eae29f2b49d195878542a598c543141c1ba46b1",
+                    "3e1b43c44cb94417a4c4005456515882731d2000ff6b5eaf62b3e8665bc862cf",
+                    "0dd76654dc339f05497023f255e7100de1dc3bf4d134ccb078b32f617df6caa7",
+                    "1e731e9409ae23c92129740ee934826b68f20154d52b92e1cebf84710ee91323",
+                    "eded5f8342ae9b92e073647988c1f0de3e65a5d64dcebda41b8cdc0cbb4c3534",
+                    "cd9f151945acfeecb5bd0add9965c689724e37f4f0cb75e957e622291f7d8825"
+                ],
+                "mitre_attack_tags": [
+                    "TA0006",
+                    "TA0003",
+                    "TA0004",
+                    "T1056",
+                    "T1179"
+                ]
+            },
+            {
+                "bi": "pe-uses-armadillo",
+                "hashes": [
+                    "c2532fa62e30b21e80d77b50ebcdcd6448d8f3bd093f7c0a7f364f6929a4413e",
+                    "49203fc60b2d9ad0f244637732cf598a3748063610779ad17f1ca06a36e98067",
+                    "a5ad31517a1d5c47b07a969adf0cac3ca36fcf75f8294f381d1c55ee816ae751",
+                    "3661ff97330d218f720d5ef2b7e7228ffe8e00bae17b323cea9cbf372f53a610",
+                    "1439554c970367a8a5537acf228ecf9c034e22349abec790610f110777c31049",
+                    "12dd0d6980466a1352a129d9a9cb46dc2292293c9a52bf4cdcd1e800f3496f58",
+                    "92a70b066baf52ef85155b4c14ea46f276af53175c456762febb79afb261c84c",
+                    "826c8af37ff6d02f1fc29f98edf9acf77473310e68d5318263cafb60e849d871",
+                    "2f8904658ab8fbde508f5e322c44bc8d19cb82a1c09384295747dc75f5d43a18",
+                    "3773a60b1c652c920e002f0e5d2271340e4c4c01343ff4ea45766656d3ee02dc",
+                    "dea443fd9b9c480d9a80b9db9785b61d66a516f365424ba4c0748e23d0a4463d",
+                    "d66ddfe71ab137d862f94882475f5eff7a7844a2180e55c02fab658a29986dc9",
+                    "ef812b01fbe9906f65f861b047ed8abee42a7954115129f25ced15dcde1dde20",
+                    "d20704d6e80e7a3041ce040c0917e301a5364fe3dd0aee1293494d598eff5243",
+                    "4725101e4d4fd71e1950adabfd95b74bfbd5d1fbabbe6504b4468ed48d24e9b9",
+                    "8f7f1306ecd94e8512016a109c884d49698afeba77a1076f690445b07c8fdd7e",
+                    "9957bc67cc01d0d36f50b15c01e9ae7b739d6decf8ec37384cd974f4a1bd323c",
+                    "8caae9d2da14a76eb8dc9cb76ed0072a0d376c69b5907202c4c6000645d0981a",
+                    "901867cb3a008060c8404b54688d04dd04e2706664515cc687933ee62c4ef432",
+                    "82c313e9c00cf9f07bf1a6a1235938d0cf3a0ac678183fe9968f8062de880275",
+                    "88768a6e480806fcc06e46b2622d8d3b15df310c340506d8163753b2daf78776",
+                    "1ff65a7530d7a95b3477f6845eae29f2b49d195878542a598c543141c1ba46b1",
+                    "3e1b43c44cb94417a4c4005456515882731d2000ff6b5eaf62b3e8665bc862cf",
+                    "0dd76654dc339f05497023f255e7100de1dc3bf4d134ccb078b32f617df6caa7",
+                    "1e731e9409ae23c92129740ee934826b68f20154d52b92e1cebf84710ee91323",
+                    "eded5f8342ae9b92e073647988c1f0de3e65a5d64dcebda41b8cdc0cbb4c3534",
+                    "cd9f151945acfeecb5bd0add9965c689724e37f4f0cb75e957e622291f7d8825"
+                ],
+                "mitre_attack_tags": [
+                    "TA0005",
+                    "T1027"
+                ]
+            },
+            {
+                "bi": "deleted-submitted-file",
+                "hashes": [
+                    "c2532fa62e30b21e80d77b50ebcdcd6448d8f3bd093f7c0a7f364f6929a4413e",
+                    "49203fc60b2d9ad0f244637732cf598a3748063610779ad17f1ca06a36e98067",
+                    "a5ad31517a1d5c47b07a969adf0cac3ca36fcf75f8294f381d1c55ee816ae751",
+                    "3661ff97330d218f720d5ef2b7e7228ffe8e00bae17b323cea9cbf372f53a610",
+                    "1439554c970367a8a5537acf228ecf9c034e22349abec790610f110777c31049",
+                    "12dd0d6980466a1352a129d9a9cb46dc2292293c9a52bf4cdcd1e800f3496f58",
+                    "92a70b066baf52ef85155b4c14ea46f276af53175c456762febb79afb261c84c",
+                    "826c8af37ff6d02f1fc29f98edf9acf77473310e68d5318263cafb60e849d871",
+                    "2f8904658ab8fbde508f5e322c44bc8d19cb82a1c09384295747dc75f5d43a18",
+                    "3773a60b1c652c920e002f0e5d2271340e4c4c01343ff4ea45766656d3ee02dc",
+                    "dea443fd9b9c480d9a80b9db9785b61d66a516f365424ba4c0748e23d0a4463d",
+                    "d66ddfe71ab137d862f94882475f5eff7a7844a2180e55c02fab658a29986dc9",
+                    "ef812b01fbe9906f65f861b047ed8abee42a7954115129f25ced15dcde1dde20",
+                    "d20704d6e80e7a3041ce040c0917e301a5364fe3dd0aee1293494d598eff5243",
+                    "4725101e4d4fd71e1950adabfd95b74bfbd5d1fbabbe6504b4468ed48d24e9b9",
+                    "8f7f1306ecd94e8512016a109c884d49698afeba77a1076f690445b07c8fdd7e",
+                    "9957bc67cc01d0d36f50b15c01e9ae7b739d6decf8ec37384cd974f4a1bd323c",
+                    "8caae9d2da14a76eb8dc9cb76ed0072a0d376c69b5907202c4c6000645d0981a",
+                    "901867cb3a008060c8404b54688d04dd04e2706664515cc687933ee62c4ef432",
+                    "82c313e9c00cf9f07bf1a6a1235938d0cf3a0ac678183fe9968f8062de880275",
+                    "88768a6e480806fcc06e46b2622d8d3b15df310c340506d8163753b2daf78776",
+                    "1ff65a7530d7a95b3477f6845eae29f2b49d195878542a598c543141c1ba46b1",
+                    "3e1b43c44cb94417a4c4005456515882731d2000ff6b5eaf62b3e8665bc862cf",
+                    "0dd76654dc339f05497023f255e7100de1dc3bf4d134ccb078b32f617df6caa7",
+                    "1e731e9409ae23c92129740ee934826b68f20154d52b92e1cebf84710ee91323",
+                    "eded5f8342ae9b92e073647988c1f0de3e65a5d64dcebda41b8cdc0cbb4c3534",
+                    "cd9f151945acfeecb5bd0add9965c689724e37f4f0cb75e957e622291f7d8825"
+                ],
+                "mitre_attack_tags": [
+                    "TA0005",
+                    "T1107"
+                ]
+            },
+            {
+                "bi": "currentcontrolset-service-added",
+                "hashes": [
+                    "c2532fa62e30b21e80d77b50ebcdcd6448d8f3bd093f7c0a7f364f6929a4413e",
+                    "49203fc60b2d9ad0f244637732cf598a3748063610779ad17f1ca06a36e98067",
+                    "a5ad31517a1d5c47b07a969adf0cac3ca36fcf75f8294f381d1c55ee816ae751",
+                    "3661ff97330d218f720d5ef2b7e7228ffe8e00bae17b323cea9cbf372f53a610",
+                    "1439554c970367a8a5537acf228ecf9c034e22349abec790610f110777c31049",
+                    "12dd0d6980466a1352a129d9a9cb46dc2292293c9a52bf4cdcd1e800f3496f58",
+                    "92a70b066baf52ef85155b4c14ea46f276af53175c456762febb79afb261c84c",
+                    "826c8af37ff6d02f1fc29f98edf9acf77473310e68d5318263cafb60e849d871",
+                    "2f8904658ab8fbde508f5e322c44bc8d19cb82a1c09384295747dc75f5d43a18",
+                    "dea443fd9b9c480d9a80b9db9785b61d66a516f365424ba4c0748e23d0a4463d",
+                    "d66ddfe71ab137d862f94882475f5eff7a7844a2180e55c02fab658a29986dc9",
+                    "ef812b01fbe9906f65f861b047ed8abee42a7954115129f25ced15dcde1dde20",
+                    "d20704d6e80e7a3041ce040c0917e301a5364fe3dd0aee1293494d598eff5243",
+                    "4725101e4d4fd71e1950adabfd95b74bfbd5d1fbabbe6504b4468ed48d24e9b9",
+                    "8f7f1306ecd94e8512016a109c884d49698afeba77a1076f690445b07c8fdd7e",
+                    "9957bc67cc01d0d36f50b15c01e9ae7b739d6decf8ec37384cd974f4a1bd323c",
+                    "8caae9d2da14a76eb8dc9cb76ed0072a0d376c69b5907202c4c6000645d0981a",
+                    "901867cb3a008060c8404b54688d04dd04e2706664515cc687933ee62c4ef432",
+                    "82c313e9c00cf9f07bf1a6a1235938d0cf3a0ac678183fe9968f8062de880275",
+                    "88768a6e480806fcc06e46b2622d8d3b15df310c340506d8163753b2daf78776",
+                    "1ff65a7530d7a95b3477f6845eae29f2b49d195878542a598c543141c1ba46b1",
+                    "3e1b43c44cb94417a4c4005456515882731d2000ff6b5eaf62b3e8665bc862cf",
+                    "0dd76654dc339f05497023f255e7100de1dc3bf4d134ccb078b32f617df6caa7",
+                    "1e731e9409ae23c92129740ee934826b68f20154d52b92e1cebf84710ee91323",
+                    "eded5f8342ae9b92e073647988c1f0de3e65a5d64dcebda41b8cdc0cbb4c3534",
+                    "cd9f151945acfeecb5bd0add9965c689724e37f4f0cb75e957e622291f7d8825"
+                ],
+                "mitre_attack_tags": [
+                    "TA0002",
+                    "TA0003",
+                    "T1035",
+                    "T1060"
+                ]
+            },
+            {
+                "bi": "registry-service-with-autostart-created",
+                "hashes": [
+                    "c2532fa62e30b21e80d77b50ebcdcd6448d8f3bd093f7c0a7f364f6929a4413e",
+                    "49203fc60b2d9ad0f244637732cf598a3748063610779ad17f1ca06a36e98067",
+                    "a5ad31517a1d5c47b07a969adf0cac3ca36fcf75f8294f381d1c55ee816ae751",
+                    "3661ff97330d218f720d5ef2b7e7228ffe8e00bae17b323cea9cbf372f53a610",
+                    "1439554c970367a8a5537acf228ecf9c034e22349abec790610f110777c31049",
+                    "12dd0d6980466a1352a129d9a9cb46dc2292293c9a52bf4cdcd1e800f3496f58",
+                    "92a70b066baf52ef85155b4c14ea46f276af53175c456762febb79afb261c84c",
+                    "826c8af37ff6d02f1fc29f98edf9acf77473310e68d5318263cafb60e849d871",
+                    "2f8904658ab8fbde508f5e322c44bc8d19cb82a1c09384295747dc75f5d43a18",
+                    "dea443fd9b9c480d9a80b9db9785b61d66a516f365424ba4c0748e23d0a4463d",
+                    "d66ddfe71ab137d862f94882475f5eff7a7844a2180e55c02fab658a29986dc9",
+                    "ef812b01fbe9906f65f861b047ed8abee42a7954115129f25ced15dcde1dde20",
+                    "d20704d6e80e7a3041ce040c0917e301a5364fe3dd0aee1293494d598eff5243",
+                    "4725101e4d4fd71e1950adabfd95b74bfbd5d1fbabbe6504b4468ed48d24e9b9",
+                    "8f7f1306ecd94e8512016a109c884d49698afeba77a1076f690445b07c8fdd7e",
+                    "9957bc67cc01d0d36f50b15c01e9ae7b739d6decf8ec37384cd974f4a1bd323c",
+                    "901867cb3a008060c8404b54688d04dd04e2706664515cc687933ee62c4ef432",
+                    "82c313e9c00cf9f07bf1a6a1235938d0cf3a0ac678183fe9968f8062de880275",
+                    "88768a6e480806fcc06e46b2622d8d3b15df310c340506d8163753b2daf78776",
+                    "1ff65a7530d7a95b3477f6845eae29f2b49d195878542a598c543141c1ba46b1",
+                    "3e1b43c44cb94417a4c4005456515882731d2000ff6b5eaf62b3e8665bc862cf",
+                    "0dd76654dc339f05497023f255e7100de1dc3bf4d134ccb078b32f617df6caa7",
+                    "1e731e9409ae23c92129740ee934826b68f20154d52b92e1cebf84710ee91323",
+                    "eded5f8342ae9b92e073647988c1f0de3e65a5d64dcebda41b8cdc0cbb4c3534",
+                    "cd9f151945acfeecb5bd0add9965c689724e37f4f0cb75e957e622291f7d8825"
+                ],
+                "mitre_attack_tags": [
+                    "TA0003",
+                    "T1112",
+                    "T1058"
+                ]
+            },
+            {
+                "bi": "sample-launched-copy-of-self",
+                "hashes": [
+                    "c2532fa62e30b21e80d77b50ebcdcd6448d8f3bd093f7c0a7f364f6929a4413e",
+                    "1439554c970367a8a5537acf228ecf9c034e22349abec790610f110777c31049",
+                    "826c8af37ff6d02f1fc29f98edf9acf77473310e68d5318263cafb60e849d871",
+                    "2f8904658ab8fbde508f5e322c44bc8d19cb82a1c09384295747dc75f5d43a18",
+                    "3773a60b1c652c920e002f0e5d2271340e4c4c01343ff4ea45766656d3ee02dc",
+                    "dea443fd9b9c480d9a80b9db9785b61d66a516f365424ba4c0748e23d0a4463d",
+                    "d66ddfe71ab137d862f94882475f5eff7a7844a2180e55c02fab658a29986dc9",
+                    "ef812b01fbe9906f65f861b047ed8abee42a7954115129f25ced15dcde1dde20",
+                    "d20704d6e80e7a3041ce040c0917e301a5364fe3dd0aee1293494d598eff5243",
+                    "4725101e4d4fd71e1950adabfd95b74bfbd5d1fbabbe6504b4468ed48d24e9b9",
+                    "8f7f1306ecd94e8512016a109c884d49698afeba77a1076f690445b07c8fdd7e",
+                    "9957bc67cc01d0d36f50b15c01e9ae7b739d6decf8ec37384cd974f4a1bd323c",
+                    "8caae9d2da14a76eb8dc9cb76ed0072a0d376c69b5907202c4c6000645d0981a",
+                    "901867cb3a008060c8404b54688d04dd04e2706664515cc687933ee62c4ef432",
+                    "82c313e9c00cf9f07bf1a6a1235938d0cf3a0ac678183fe9968f8062de880275",
+                    "88768a6e480806fcc06e46b2622d8d3b15df310c340506d8163753b2daf78776",
+                    "1ff65a7530d7a95b3477f6845eae29f2b49d195878542a598c543141c1ba46b1",
+                    "3e1b43c44cb94417a4c4005456515882731d2000ff6b5eaf62b3e8665bc862cf",
+                    "0dd76654dc339f05497023f255e7100de1dc3bf4d134ccb078b32f617df6caa7",
+                    "1e731e9409ae23c92129740ee934826b68f20154d52b92e1cebf84710ee91323",
+                    "eded5f8342ae9b92e073647988c1f0de3e65a5d64dcebda41b8cdc0cbb4c3534",
+                    "cd9f151945acfeecb5bd0add9965c689724e37f4f0cb75e957e622291f7d8825"
+                ],
+                "mitre_attack_tags": [
+                    "TA0005",
+                    "T1202"
+                ]
+            },
+            {
+                "bi": "deleted-executable-in-system-dir",
+                "hashes": [
+                    "2f8904658ab8fbde508f5e322c44bc8d19cb82a1c09384295747dc75f5d43a18",
+                    "3773a60b1c652c920e002f0e5d2271340e4c4c01343ff4ea45766656d3ee02dc",
+                    "dea443fd9b9c480d9a80b9db9785b61d66a516f365424ba4c0748e23d0a4463d",
+                    "d66ddfe71ab137d862f94882475f5eff7a7844a2180e55c02fab658a29986dc9",
+                    "ef812b01fbe9906f65f861b047ed8abee42a7954115129f25ced15dcde1dde20",
+                    "d20704d6e80e7a3041ce040c0917e301a5364fe3dd0aee1293494d598eff5243",
+                    "4725101e4d4fd71e1950adabfd95b74bfbd5d1fbabbe6504b4468ed48d24e9b9",
+                    "8f7f1306ecd94e8512016a109c884d49698afeba77a1076f690445b07c8fdd7e",
+                    "9957bc67cc01d0d36f50b15c01e9ae7b739d6decf8ec37384cd974f4a1bd323c",
+                    "8caae9d2da14a76eb8dc9cb76ed0072a0d376c69b5907202c4c6000645d0981a",
+                    "901867cb3a008060c8404b54688d04dd04e2706664515cc687933ee62c4ef432",
+                    "82c313e9c00cf9f07bf1a6a1235938d0cf3a0ac678183fe9968f8062de880275",
+                    "88768a6e480806fcc06e46b2622d8d3b15df310c340506d8163753b2daf78776",
+                    "1ff65a7530d7a95b3477f6845eae29f2b49d195878542a598c543141c1ba46b1",
+                    "3e1b43c44cb94417a4c4005456515882731d2000ff6b5eaf62b3e8665bc862cf",
+                    "0dd76654dc339f05497023f255e7100de1dc3bf4d134ccb078b32f617df6caa7",
+                    "1e731e9409ae23c92129740ee934826b68f20154d52b92e1cebf84710ee91323",
+                    "eded5f8342ae9b92e073647988c1f0de3e65a5d64dcebda41b8cdc0cbb4c3534",
+                    "cd9f151945acfeecb5bd0add9965c689724e37f4f0cb75e957e622291f7d8825"
+                ],
+                "mitre_attack_tags": []
+            },
+            {
+                "bi": "antivirus-flagged-artifact",
+                "hashes": [
+                    "49203fc60b2d9ad0f244637732cf598a3748063610779ad17f1ca06a36e98067",
+                    "a5ad31517a1d5c47b07a969adf0cac3ca36fcf75f8294f381d1c55ee816ae751",
+                    "3661ff97330d218f720d5ef2b7e7228ffe8e00bae17b323cea9cbf372f53a610",
+                    "12dd0d6980466a1352a129d9a9cb46dc2292293c9a52bf4cdcd1e800f3496f58",
+                    "2f8904658ab8fbde508f5e322c44bc8d19cb82a1c09384295747dc75f5d43a18",
+                    "3773a60b1c652c920e002f0e5d2271340e4c4c01343ff4ea45766656d3ee02dc",
+                    "d66ddfe71ab137d862f94882475f5eff7a7844a2180e55c02fab658a29986dc9",
+                    "d20704d6e80e7a3041ce040c0917e301a5364fe3dd0aee1293494d598eff5243",
+                    "4725101e4d4fd71e1950adabfd95b74bfbd5d1fbabbe6504b4468ed48d24e9b9",
+                    "9957bc67cc01d0d36f50b15c01e9ae7b739d6decf8ec37384cd974f4a1bd323c",
+                    "8caae9d2da14a76eb8dc9cb76ed0072a0d376c69b5907202c4c6000645d0981a",
+                    "901867cb3a008060c8404b54688d04dd04e2706664515cc687933ee62c4ef432",
+                    "1ff65a7530d7a95b3477f6845eae29f2b49d195878542a598c543141c1ba46b1",
+                    "3e1b43c44cb94417a4c4005456515882731d2000ff6b5eaf62b3e8665bc862cf",
+                    "0dd76654dc339f05497023f255e7100de1dc3bf4d134ccb078b32f617df6caa7",
+                    "eded5f8342ae9b92e073647988c1f0de3e65a5d64dcebda41b8cdc0cbb4c3534"
+                ],
+                "mitre_attack_tags": []
+            },
+            {
+                "bi": "malware-emotet-mutex",
+                "hashes": [
+                    "c2532fa62e30b21e80d77b50ebcdcd6448d8f3bd093f7c0a7f364f6929a4413e",
+                    "49203fc60b2d9ad0f244637732cf598a3748063610779ad17f1ca06a36e98067",
+                    "a5ad31517a1d5c47b07a969adf0cac3ca36fcf75f8294f381d1c55ee816ae751",
+                    "3661ff97330d218f720d5ef2b7e7228ffe8e00bae17b323cea9cbf372f53a610",
+                    "1439554c970367a8a5537acf228ecf9c034e22349abec790610f110777c31049",
+                    "12dd0d6980466a1352a129d9a9cb46dc2292293c9a52bf4cdcd1e800f3496f58",
+                    "92a70b066baf52ef85155b4c14ea46f276af53175c456762febb79afb261c84c",
+                    "826c8af37ff6d02f1fc29f98edf9acf77473310e68d5318263cafb60e849d871"
+                ],
+                "mitre_attack_tags": []
+            },
+            {
+                "bi": "modified-executable",
+                "hashes": [
+                    "49203fc60b2d9ad0f244637732cf598a3748063610779ad17f1ca06a36e98067",
+                    "a5ad31517a1d5c47b07a969adf0cac3ca36fcf75f8294f381d1c55ee816ae751",
+                    "3661ff97330d218f720d5ef2b7e7228ffe8e00bae17b323cea9cbf372f53a610",
+                    "12dd0d6980466a1352a129d9a9cb46dc2292293c9a52bf4cdcd1e800f3496f58",
+                    "92a70b066baf52ef85155b4c14ea46f276af53175c456762febb79afb261c84c"
+                ],
+                "mitre_attack_tags": []
+            },
+            {
+                "bi": "network-snort-server",
+                "hashes": [
+                    "49203fc60b2d9ad0f244637732cf598a3748063610779ad17f1ca06a36e98067",
+                    "a5ad31517a1d5c47b07a969adf0cac3ca36fcf75f8294f381d1c55ee816ae751",
+                    "3661ff97330d218f720d5ef2b7e7228ffe8e00bae17b323cea9cbf372f53a610",
+                    "12dd0d6980466a1352a129d9a9cb46dc2292293c9a52bf4cdcd1e800f3496f58",
+                    "92a70b066baf52ef85155b4c14ea46f276af53175c456762febb79afb261c84c"
+                ],
+                "mitre_attack_tags": []
+            },
+            {
+                "bi": "imports-IsDebuggerPresent",
+                "hashes": [
+                    "49203fc60b2d9ad0f244637732cf598a3748063610779ad17f1ca06a36e98067",
+                    "a5ad31517a1d5c47b07a969adf0cac3ca36fcf75f8294f381d1c55ee816ae751",
+                    "3661ff97330d218f720d5ef2b7e7228ffe8e00bae17b323cea9cbf372f53a610",
+                    "12dd0d6980466a1352a129d9a9cb46dc2292293c9a52bf4cdcd1e800f3496f58",
+                    "92a70b066baf52ef85155b4c14ea46f276af53175c456762febb79afb261c84c"
+                ],
+                "mitre_attack_tags": []
+            },
+            {
+                "bi": "network-file-uploaded",
+                "hashes": [
+                    "49203fc60b2d9ad0f244637732cf598a3748063610779ad17f1ca06a36e98067",
+                    "3661ff97330d218f720d5ef2b7e7228ffe8e00bae17b323cea9cbf372f53a610",
+                    "12dd0d6980466a1352a129d9a9cb46dc2292293c9a52bf4cdcd1e800f3496f58",
+                    "92a70b066baf52ef85155b4c14ea46f276af53175c456762febb79afb261c84c"
+                ],
+                "mitre_attack_tags": [
+                    "TA0010",
+                    "T1011"
+                ]
+            },
+            {
+                "bi": "registry-service-type-modified",
+                "hashes": [
+                    "8caae9d2da14a76eb8dc9cb76ed0072a0d376c69b5907202c4c6000645d0981a"
+                ],
+                "mitre_attack_tags": [
+                    "TA0003",
+                    "T1112",
+                    "T1058"
+                ]
+            },
+            {
+                "bi": "process-ping",
+                "hashes": [
+                    "3e1b43c44cb94417a4c4005456515882731d2000ff6b5eaf62b3e8665bc862cf"
+                ],
+                "mitre_attack_tags": [
+                    "TA0011",
+                    "TA0007",
+                    "T1049"
+                ]
+            }
+        ],
+        "category": "Dropper",
+        "coverage": {
+            "AMP": true,
+            "CWS": true,
+            "Cloudlock": false,
+            "Email Security": true,
+            "Network Security": true,
+            "Threat Grid": true,
+            "Umbrella": false,
+            "WSA": true
+        },
+        "description": "Emotet is one of the most widely distributed and active malware families today. It is a highly modular threat that can deliver a wide variety of payloads. Emotet is commonly delivered via Microsoft Office documents with macros, sent as attachments on malicious emails.",
+        "hashes": [
+            "0dd76654dc339f05497023f255e7100de1dc3bf4d134ccb078b32f617df6caa7",
+            "12dd0d6980466a1352a129d9a9cb46dc2292293c9a52bf4cdcd1e800f3496f58",
+            "1439554c970367a8a5537acf228ecf9c034e22349abec790610f110777c31049",
+            "1e731e9409ae23c92129740ee934826b68f20154d52b92e1cebf84710ee91323",
+            "1ff65a7530d7a95b3477f6845eae29f2b49d195878542a598c543141c1ba46b1",
+            "2f8904658ab8fbde508f5e322c44bc8d19cb82a1c09384295747dc75f5d43a18",
+            "3661ff97330d218f720d5ef2b7e7228ffe8e00bae17b323cea9cbf372f53a610",
+            "3773a60b1c652c920e002f0e5d2271340e4c4c01343ff4ea45766656d3ee02dc",
+            "3e1b43c44cb94417a4c4005456515882731d2000ff6b5eaf62b3e8665bc862cf",
+            "4725101e4d4fd71e1950adabfd95b74bfbd5d1fbabbe6504b4468ed48d24e9b9",
+            "49203fc60b2d9ad0f244637732cf598a3748063610779ad17f1ca06a36e98067",
+            "826c8af37ff6d02f1fc29f98edf9acf77473310e68d5318263cafb60e849d871",
+            "82c313e9c00cf9f07bf1a6a1235938d0cf3a0ac678183fe9968f8062de880275",
+            "88768a6e480806fcc06e46b2622d8d3b15df310c340506d8163753b2daf78776",
+            "8caae9d2da14a76eb8dc9cb76ed0072a0d376c69b5907202c4c6000645d0981a",
+            "8f7f1306ecd94e8512016a109c884d49698afeba77a1076f690445b07c8fdd7e",
+            "901867cb3a008060c8404b54688d04dd04e2706664515cc687933ee62c4ef432",
+            "92a70b066baf52ef85155b4c14ea46f276af53175c456762febb79afb261c84c",
+            "9957bc67cc01d0d36f50b15c01e9ae7b739d6decf8ec37384cd974f4a1bd323c",
+            "a5ad31517a1d5c47b07a969adf0cac3ca36fcf75f8294f381d1c55ee816ae751",
+            "c2532fa62e30b21e80d77b50ebcdcd6448d8f3bd093f7c0a7f364f6929a4413e",
+            "cd9f151945acfeecb5bd0add9965c689724e37f4f0cb75e957e622291f7d8825",
+            "d20704d6e80e7a3041ce040c0917e301a5364fe3dd0aee1293494d598eff5243",
+            "d66ddfe71ab137d862f94882475f5eff7a7844a2180e55c02fab658a29986dc9",
+            "dea443fd9b9c480d9a80b9db9785b61d66a516f365424ba4c0748e23d0a4463d",
+            "eded5f8342ae9b92e073647988c1f0de3e65a5d64dcebda41b8cdc0cbb4c3534",
+            "ef812b01fbe9906f65f861b047ed8abee42a7954115129f25ced15dcde1dde20"
+        ],
+        "iocs": {
+            "domain": [],
+            "file": [
+                {
+                    "hashes": [
+                        "1e731e9409ae23c92129740ee934826b68f20154d52b92e1cebf84710ee91323",
+                        "2f8904658ab8fbde508f5e322c44bc8d19cb82a1c09384295747dc75f5d43a18",
+                        "3e1b43c44cb94417a4c4005456515882731d2000ff6b5eaf62b3e8665bc862cf",
+                        "88768a6e480806fcc06e46b2622d8d3b15df310c340506d8163753b2daf78776",
+                        "a5ad31517a1d5c47b07a969adf0cac3ca36fcf75f8294f381d1c55ee816ae751",
+                        "cd9f151945acfeecb5bd0add9965c689724e37f4f0cb75e957e622291f7d8825",
+                        "d66ddfe71ab137d862f94882475f5eff7a7844a2180e55c02fab658a29986dc9"
+                    ],
+                    "path": "%SystemRoot%\\SysWOW64\\<random, matching '[a-z]{8}'>"
+                },
+                {
+                    "hashes": [
+                        "8f7f1306ecd94e8512016a109c884d49698afeba77a1076f690445b07c8fdd7e"
+                    ],
+                    "path": "%SystemRoot%\\SysWOW64\\KBDROST"
+                },
+                {
+                    "hashes": [
+                        "826c8af37ff6d02f1fc29f98edf9acf77473310e68d5318263cafb60e849d871"
+                    ],
+                    "path": "%SystemRoot%\\SysWOW64\\xwizard"
+                },
+                {
+                    "hashes": [
+                        "dea443fd9b9c480d9a80b9db9785b61d66a516f365424ba4c0748e23d0a4463d"
+                    ],
+                    "path": "%SystemRoot%\\SysWOW64\\browcli"
+                },
+                {
+                    "hashes": [
+                        "0dd76654dc339f05497023f255e7100de1dc3bf4d134ccb078b32f617df6caa7"
+                    ],
+                    "path": "%SystemRoot%\\SysWOW64\\api-ms-win-core-namedpipe-l1-1-0"
+                },
+                {
+                    "hashes": [
+                        "ef812b01fbe9906f65f861b047ed8abee42a7954115129f25ced15dcde1dde20"
+                    ],
+                    "path": "%SystemRoot%\\SysWOW64\\devenum"
+                },
+                {
+                    "hashes": [
+                        "9957bc67cc01d0d36f50b15c01e9ae7b739d6decf8ec37384cd974f4a1bd323c"
+                    ],
+                    "path": "%SystemRoot%\\SysWOW64\\PortableDeviceConnectApi"
+                },
+                {
+                    "hashes": [
+                        "3773a60b1c652c920e002f0e5d2271340e4c4c01343ff4ea45766656d3ee02dc"
+                    ],
+                    "path": "%SystemRoot%\\SysWOW64\\dxgi"
+                },
+                {
+                    "hashes": [
+                        "c2532fa62e30b21e80d77b50ebcdcd6448d8f3bd093f7c0a7f364f6929a4413e"
+                    ],
+                    "path": "%SystemRoot%\\SysWOW64\\C_ISCII"
+                },
+                {
+                    "hashes": [
+                        "1439554c970367a8a5537acf228ecf9c034e22349abec790610f110777c31049"
+                    ],
+                    "path": "%SystemRoot%\\SysWOW64\\duser"
+                },
+                {
+                    "hashes": [
+                        "1ff65a7530d7a95b3477f6845eae29f2b49d195878542a598c543141c1ba46b1"
+                    ],
+                    "path": "%SystemRoot%\\SysWOW64\\dot3cfg"
+                },
+                {
+                    "hashes": [
+                        "82c313e9c00cf9f07bf1a6a1235938d0cf3a0ac678183fe9968f8062de880275"
+                    ],
+                    "path": "%SystemRoot%\\SysWOW64\\acppage"
+                },
+                {
+                    "hashes": [
+                        "4725101e4d4fd71e1950adabfd95b74bfbd5d1fbabbe6504b4468ed48d24e9b9"
+                    ],
+                    "path": "%SystemRoot%\\SysWOW64\\dwmcore"
+                },
+                {
+                    "hashes": [
+                        "92a70b066baf52ef85155b4c14ea46f276af53175c456762febb79afb261c84c"
+                    ],
+                    "path": "%SystemRoot%\\SysWOW64\\appmgr"
+                },
+                {
+                    "hashes": [
+                        "3661ff97330d218f720d5ef2b7e7228ffe8e00bae17b323cea9cbf372f53a610"
+                    ],
+                    "path": "%SystemRoot%\\SysWOW64\\NlsLexicons0045"
+                },
+                {
+                    "hashes": [
+                        "901867cb3a008060c8404b54688d04dd04e2706664515cc687933ee62c4ef432"
+                    ],
+                    "path": "%SystemRoot%\\SysWOW64\\dimsjob"
+                },
+                {
+                    "hashes": [
+                        "8caae9d2da14a76eb8dc9cb76ed0072a0d376c69b5907202c4c6000645d0981a"
+                    ],
+                    "path": "%SystemRoot%\\SysWOW64\\efsui"
+                },
+                {
+                    "hashes": [
+                        "49203fc60b2d9ad0f244637732cf598a3748063610779ad17f1ca06a36e98067"
+                    ],
+                    "path": "%SystemRoot%\\SysWOW64\\KBDTUF"
+                },
+                {
+                    "hashes": [
+                        "a5ad31517a1d5c47b07a969adf0cac3ca36fcf75f8294f381d1c55ee816ae751"
+                    ],
+                    "path": "%ProgramData%\\EFVejogcgdIyPmUHf.exe"
+                },
+                {
+                    "hashes": [
+                        "12dd0d6980466a1352a129d9a9cb46dc2292293c9a52bf4cdcd1e800f3496f58"
+                    ],
+                    "path": "%SystemRoot%\\SysWOW64\\kbdax2"
+                },
+                {
+                    "hashes": [
+                        "92a70b066baf52ef85155b4c14ea46f276af53175c456762febb79afb261c84c"
+                    ],
+                    "path": "%ProgramData%\\BaEROcraiYwPKk.exe"
+                },
+                {
+                    "hashes": [
+                        "3661ff97330d218f720d5ef2b7e7228ffe8e00bae17b323cea9cbf372f53a610"
+                    ],
+                    "path": "%ProgramData%\\HsGuvFk.exe"
+                },
+                {
+                    "hashes": [
+                        "49203fc60b2d9ad0f244637732cf598a3748063610779ad17f1ca06a36e98067"
+                    ],
+                    "path": "%ProgramData%\\LXZvgNjvQFfpF.exe"
+                },
+                {
+                    "hashes": [
+                        "12dd0d6980466a1352a129d9a9cb46dc2292293c9a52bf4cdcd1e800f3496f58"
+                    ],
+                    "path": "%ProgramData%\\vSqVr.exe"
+                },
+                {
+                    "hashes": [
+                        "d20704d6e80e7a3041ce040c0917e301a5364fe3dd0aee1293494d598eff5243"
+                    ],
+                    "path": "%SystemRoot%\\SysWOW64\\RPCNDFP"
+                }
+            ],
+            "ip": [
+                {
+                    "hashes": [
+                        "0dd76654dc339f05497023f255e7100de1dc3bf4d134ccb078b32f617df6caa7",
+                        "1e731e9409ae23c92129740ee934826b68f20154d52b92e1cebf84710ee91323",
+                        "1ff65a7530d7a95b3477f6845eae29f2b49d195878542a598c543141c1ba46b1",
+                        "2f8904658ab8fbde508f5e322c44bc8d19cb82a1c09384295747dc75f5d43a18",
+                        "3773a60b1c652c920e002f0e5d2271340e4c4c01343ff4ea45766656d3ee02dc",
+                        "3e1b43c44cb94417a4c4005456515882731d2000ff6b5eaf62b3e8665bc862cf",
+                        "4725101e4d4fd71e1950adabfd95b74bfbd5d1fbabbe6504b4468ed48d24e9b9",
+                        "82c313e9c00cf9f07bf1a6a1235938d0cf3a0ac678183fe9968f8062de880275",
+                        "88768a6e480806fcc06e46b2622d8d3b15df310c340506d8163753b2daf78776",
+                        "8caae9d2da14a76eb8dc9cb76ed0072a0d376c69b5907202c4c6000645d0981a",
+                        "8f7f1306ecd94e8512016a109c884d49698afeba77a1076f690445b07c8fdd7e",
+                        "901867cb3a008060c8404b54688d04dd04e2706664515cc687933ee62c4ef432",
+                        "9957bc67cc01d0d36f50b15c01e9ae7b739d6decf8ec37384cd974f4a1bd323c",
+                        "cd9f151945acfeecb5bd0add9965c689724e37f4f0cb75e957e622291f7d8825",
+                        "d20704d6e80e7a3041ce040c0917e301a5364fe3dd0aee1293494d598eff5243",
+                        "d66ddfe71ab137d862f94882475f5eff7a7844a2180e55c02fab658a29986dc9",
+                        "dea443fd9b9c480d9a80b9db9785b61d66a516f365424ba4c0748e23d0a4463d",
+                        "eded5f8342ae9b92e073647988c1f0de3e65a5d64dcebda41b8cdc0cbb4c3534",
+                        "ef812b01fbe9906f65f861b047ed8abee42a7954115129f25ced15dcde1dde20"
+                    ],
+                    "ip": "84[.]21[.]179[.]51"
+                },
+                {
+                    "hashes": [
+                        "12dd0d6980466a1352a129d9a9cb46dc2292293c9a52bf4cdcd1e800f3496f58",
+                        "1439554c970367a8a5537acf228ecf9c034e22349abec790610f110777c31049",
+                        "3661ff97330d218f720d5ef2b7e7228ffe8e00bae17b323cea9cbf372f53a610",
+                        "49203fc60b2d9ad0f244637732cf598a3748063610779ad17f1ca06a36e98067",
+                        "826c8af37ff6d02f1fc29f98edf9acf77473310e68d5318263cafb60e849d871",
+                        "a5ad31517a1d5c47b07a969adf0cac3ca36fcf75f8294f381d1c55ee816ae751",
+                        "c2532fa62e30b21e80d77b50ebcdcd6448d8f3bd093f7c0a7f364f6929a4413e"
+                    ],
+                    "ip": "200[.]119[.]11[.]118"
+                },
+                {
+                    "hashes": [
+                        "12dd0d6980466a1352a129d9a9cb46dc2292293c9a52bf4cdcd1e800f3496f58",
+                        "1439554c970367a8a5537acf228ecf9c034e22349abec790610f110777c31049",
+                        "3661ff97330d218f720d5ef2b7e7228ffe8e00bae17b323cea9cbf372f53a610",
+                        "49203fc60b2d9ad0f244637732cf598a3748063610779ad17f1ca06a36e98067",
+                        "826c8af37ff6d02f1fc29f98edf9acf77473310e68d5318263cafb60e849d871",
+                        "a5ad31517a1d5c47b07a969adf0cac3ca36fcf75f8294f381d1c55ee816ae751",
+                        "c2532fa62e30b21e80d77b50ebcdcd6448d8f3bd093f7c0a7f364f6929a4413e"
+                    ],
+                    "ip": "190[.]229[.]148[.]144"
+                },
+                {
+                    "hashes": [
+                        "12dd0d6980466a1352a129d9a9cb46dc2292293c9a52bf4cdcd1e800f3496f58",
+                        "1439554c970367a8a5537acf228ecf9c034e22349abec790610f110777c31049",
+                        "3661ff97330d218f720d5ef2b7e7228ffe8e00bae17b323cea9cbf372f53a610",
+                        "49203fc60b2d9ad0f244637732cf598a3748063610779ad17f1ca06a36e98067",
+                        "826c8af37ff6d02f1fc29f98edf9acf77473310e68d5318263cafb60e849d871",
+                        "a5ad31517a1d5c47b07a969adf0cac3ca36fcf75f8294f381d1c55ee816ae751",
+                        "c2532fa62e30b21e80d77b50ebcdcd6448d8f3bd093f7c0a7f364f6929a4413e"
+                    ],
+                    "ip": "103[.]83[.]81[.]141"
+                },
+                {
+                    "hashes": [
+                        "12dd0d6980466a1352a129d9a9cb46dc2292293c9a52bf4cdcd1e800f3496f58",
+                        "3661ff97330d218f720d5ef2b7e7228ffe8e00bae17b323cea9cbf372f53a610",
+                        "49203fc60b2d9ad0f244637732cf598a3748063610779ad17f1ca06a36e98067",
+                        "92a70b066baf52ef85155b4c14ea46f276af53175c456762febb79afb261c84c"
+                    ],
+                    "ip": "239[.]255[.]255[.]250"
+                },
+                {
+                    "hashes": [
+                        "12dd0d6980466a1352a129d9a9cb46dc2292293c9a52bf4cdcd1e800f3496f58",
+                        "3661ff97330d218f720d5ef2b7e7228ffe8e00bae17b323cea9cbf372f53a610",
+                        "49203fc60b2d9ad0f244637732cf598a3748063610779ad17f1ca06a36e98067",
+                        "a5ad31517a1d5c47b07a969adf0cac3ca36fcf75f8294f381d1c55ee816ae751"
+                    ],
+                    "ip": "190[.]147[.]137[.]153"
+                },
+                {
+                    "hashes": [
+                        "12dd0d6980466a1352a129d9a9cb46dc2292293c9a52bf4cdcd1e800f3496f58",
+                        "3661ff97330d218f720d5ef2b7e7228ffe8e00bae17b323cea9cbf372f53a610",
+                        "49203fc60b2d9ad0f244637732cf598a3748063610779ad17f1ca06a36e98067"
+                    ],
+                    "ip": "51[.]159[.]23[.]217"
+                },
+                {
+                    "hashes": [
+                        "92a70b066baf52ef85155b4c14ea46f276af53175c456762febb79afb261c84c"
+                    ],
+                    "ip": "104[.]236[.]52[.]89"
+                },
+                {
+                    "hashes": [
+                        "92a70b066baf52ef85155b4c14ea46f276af53175c456762febb79afb261c84c"
+                    ],
+                    "ip": "188[.]251[.]213[.]180"
+                },
+                {
+                    "hashes": [
+                        "92a70b066baf52ef85155b4c14ea46f276af53175c456762febb79afb261c84c"
+                    ],
+                    "ip": "181[.]92[.]244[.]156"
+                }
+            ],
+            "mutex": [
+                {
+                    "hashes": [
+                        "12dd0d6980466a1352a129d9a9cb46dc2292293c9a52bf4cdcd1e800f3496f58",
+                        "1439554c970367a8a5537acf228ecf9c034e22349abec790610f110777c31049",
+                        "3661ff97330d218f720d5ef2b7e7228ffe8e00bae17b323cea9cbf372f53a610",
+                        "49203fc60b2d9ad0f244637732cf598a3748063610779ad17f1ca06a36e98067",
+                        "826c8af37ff6d02f1fc29f98edf9acf77473310e68d5318263cafb60e849d871",
+                        "92a70b066baf52ef85155b4c14ea46f276af53175c456762febb79afb261c84c",
+                        "a5ad31517a1d5c47b07a969adf0cac3ca36fcf75f8294f381d1c55ee816ae751",
+                        "c2532fa62e30b21e80d77b50ebcdcd6448d8f3bd093f7c0a7f364f6929a4413e"
+                    ],
+                    "name": "Global\\I98B68E3C"
+                },
+                {
+                    "hashes": [
+                        "12dd0d6980466a1352a129d9a9cb46dc2292293c9a52bf4cdcd1e800f3496f58",
+                        "1439554c970367a8a5537acf228ecf9c034e22349abec790610f110777c31049",
+                        "3661ff97330d218f720d5ef2b7e7228ffe8e00bae17b323cea9cbf372f53a610",
+                        "49203fc60b2d9ad0f244637732cf598a3748063610779ad17f1ca06a36e98067",
+                        "826c8af37ff6d02f1fc29f98edf9acf77473310e68d5318263cafb60e849d871",
+                        "92a70b066baf52ef85155b4c14ea46f276af53175c456762febb79afb261c84c",
+                        "a5ad31517a1d5c47b07a969adf0cac3ca36fcf75f8294f381d1c55ee816ae751",
+                        "c2532fa62e30b21e80d77b50ebcdcd6448d8f3bd093f7c0a7f364f6929a4413e"
+                    ],
+                    "name": "Global\\M98B68E3C"
+                },
+                {
+                    "hashes": [
+                        "12dd0d6980466a1352a129d9a9cb46dc2292293c9a52bf4cdcd1e800f3496f58",
+                        "3661ff97330d218f720d5ef2b7e7228ffe8e00bae17b323cea9cbf372f53a610",
+                        "49203fc60b2d9ad0f244637732cf598a3748063610779ad17f1ca06a36e98067",
+                        "92a70b066baf52ef85155b4c14ea46f276af53175c456762febb79afb261c84c"
+                    ],
+                    "name": "Global\\Nx534F51BC"
+                }
+            ],
+            "registry": [
+                {
+                    "hashes": [
+                        "82c313e9c00cf9f07bf1a6a1235938d0cf3a0ac678183fe9968f8062de880275",
+                        "8caae9d2da14a76eb8dc9cb76ed0072a0d376c69b5907202c4c6000645d0981a",
+                        "9957bc67cc01d0d36f50b15c01e9ae7b739d6decf8ec37384cd974f4a1bd323c",
+                        "a5ad31517a1d5c47b07a969adf0cac3ca36fcf75f8294f381d1c55ee816ae751",
+                        "cd9f151945acfeecb5bd0add9965c689724e37f4f0cb75e957e622291f7d8825",
+                        "ef812b01fbe9906f65f861b047ed8abee42a7954115129f25ced15dcde1dde20"
+                    ],
+                    "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\<random, matching '[A-Z0-9]{8}'>",
+                    "value_name": "Type"
+                },
+                {
+                    "hashes": [
+                        "82c313e9c00cf9f07bf1a6a1235938d0cf3a0ac678183fe9968f8062de880275",
+                        "8caae9d2da14a76eb8dc9cb76ed0072a0d376c69b5907202c4c6000645d0981a",
+                        "9957bc67cc01d0d36f50b15c01e9ae7b739d6decf8ec37384cd974f4a1bd323c",
+                        "a5ad31517a1d5c47b07a969adf0cac3ca36fcf75f8294f381d1c55ee816ae751",
+                        "cd9f151945acfeecb5bd0add9965c689724e37f4f0cb75e957e622291f7d8825",
+                        "ef812b01fbe9906f65f861b047ed8abee42a7954115129f25ced15dcde1dde20"
+                    ],
+                    "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\<random, matching '[A-Z0-9]{8}'>",
+                    "value_name": "Start"
+                },
+                {
+                    "hashes": [
+                        "82c313e9c00cf9f07bf1a6a1235938d0cf3a0ac678183fe9968f8062de880275",
+                        "8caae9d2da14a76eb8dc9cb76ed0072a0d376c69b5907202c4c6000645d0981a",
+                        "9957bc67cc01d0d36f50b15c01e9ae7b739d6decf8ec37384cd974f4a1bd323c",
+                        "a5ad31517a1d5c47b07a969adf0cac3ca36fcf75f8294f381d1c55ee816ae751",
+                        "cd9f151945acfeecb5bd0add9965c689724e37f4f0cb75e957e622291f7d8825",
+                        "ef812b01fbe9906f65f861b047ed8abee42a7954115129f25ced15dcde1dde20"
+                    ],
+                    "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\<random, matching '[A-Z0-9]{8}'>",
+                    "value_name": "ErrorControl"
+                },
+                {
+                    "hashes": [
+                        "82c313e9c00cf9f07bf1a6a1235938d0cf3a0ac678183fe9968f8062de880275",
+                        "8caae9d2da14a76eb8dc9cb76ed0072a0d376c69b5907202c4c6000645d0981a",
+                        "9957bc67cc01d0d36f50b15c01e9ae7b739d6decf8ec37384cd974f4a1bd323c",
+                        "a5ad31517a1d5c47b07a969adf0cac3ca36fcf75f8294f381d1c55ee816ae751",
+                        "cd9f151945acfeecb5bd0add9965c689724e37f4f0cb75e957e622291f7d8825",
+                        "ef812b01fbe9906f65f861b047ed8abee42a7954115129f25ced15dcde1dde20"
+                    ],
+                    "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\<random, matching '[A-Z0-9]{8}'>",
+                    "value_name": "ImagePath"
+                },
+                {
+                    "hashes": [
+                        "82c313e9c00cf9f07bf1a6a1235938d0cf3a0ac678183fe9968f8062de880275",
+                        "8caae9d2da14a76eb8dc9cb76ed0072a0d376c69b5907202c4c6000645d0981a",
+                        "9957bc67cc01d0d36f50b15c01e9ae7b739d6decf8ec37384cd974f4a1bd323c",
+                        "a5ad31517a1d5c47b07a969adf0cac3ca36fcf75f8294f381d1c55ee816ae751",
+                        "cd9f151945acfeecb5bd0add9965c689724e37f4f0cb75e957e622291f7d8825",
+                        "ef812b01fbe9906f65f861b047ed8abee42a7954115129f25ced15dcde1dde20"
+                    ],
+                    "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\<random, matching '[A-Z0-9]{8}'>",
+                    "value_name": "DisplayName"
+                },
+                {
+                    "hashes": [
+                        "82c313e9c00cf9f07bf1a6a1235938d0cf3a0ac678183fe9968f8062de880275",
+                        "8caae9d2da14a76eb8dc9cb76ed0072a0d376c69b5907202c4c6000645d0981a",
+                        "9957bc67cc01d0d36f50b15c01e9ae7b739d6decf8ec37384cd974f4a1bd323c",
+                        "a5ad31517a1d5c47b07a969adf0cac3ca36fcf75f8294f381d1c55ee816ae751",
+                        "cd9f151945acfeecb5bd0add9965c689724e37f4f0cb75e957e622291f7d8825",
+                        "ef812b01fbe9906f65f861b047ed8abee42a7954115129f25ced15dcde1dde20"
+                    ],
+                    "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\<random, matching '[A-Z0-9]{8}'>",
+                    "value_name": "WOW64"
+                },
+                {
+                    "hashes": [
+                        "82c313e9c00cf9f07bf1a6a1235938d0cf3a0ac678183fe9968f8062de880275",
+                        "8caae9d2da14a76eb8dc9cb76ed0072a0d376c69b5907202c4c6000645d0981a",
+                        "9957bc67cc01d0d36f50b15c01e9ae7b739d6decf8ec37384cd974f4a1bd323c",
+                        "a5ad31517a1d5c47b07a969adf0cac3ca36fcf75f8294f381d1c55ee816ae751",
+                        "cd9f151945acfeecb5bd0add9965c689724e37f4f0cb75e957e622291f7d8825",
+                        "ef812b01fbe9906f65f861b047ed8abee42a7954115129f25ced15dcde1dde20"
+                    ],
+                    "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\<random, matching '[A-Z0-9]{8}'>",
+                    "value_name": "ObjectName"
+                },
+                {
+                    "hashes": [
+                        "82c313e9c00cf9f07bf1a6a1235938d0cf3a0ac678183fe9968f8062de880275",
+                        "8caae9d2da14a76eb8dc9cb76ed0072a0d376c69b5907202c4c6000645d0981a",
+                        "9957bc67cc01d0d36f50b15c01e9ae7b739d6decf8ec37384cd974f4a1bd323c",
+                        "a5ad31517a1d5c47b07a969adf0cac3ca36fcf75f8294f381d1c55ee816ae751",
+                        "cd9f151945acfeecb5bd0add9965c689724e37f4f0cb75e957e622291f7d8825",
+                        "ef812b01fbe9906f65f861b047ed8abee42a7954115129f25ced15dcde1dde20"
+                    ],
+                    "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\<random, matching '[A-Z0-9]{8}'>",
+                    "value_name": "Description"
+                },
+                {
+                    "hashes": [
+                        "82c313e9c00cf9f07bf1a6a1235938d0cf3a0ac678183fe9968f8062de880275",
+                        "9957bc67cc01d0d36f50b15c01e9ae7b739d6decf8ec37384cd974f4a1bd323c",
+                        "a5ad31517a1d5c47b07a969adf0cac3ca36fcf75f8294f381d1c55ee816ae751",
+                        "cd9f151945acfeecb5bd0add9965c689724e37f4f0cb75e957e622291f7d8825",
+                        "ef812b01fbe9906f65f861b047ed8abee42a7954115129f25ced15dcde1dde20"
+                    ],
+                    "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\<random, matching '[A-Z0-9]{8}'>",
+                    "value_name": null
+                },
+                {
+                    "hashes": [
+                        "0dd76654dc339f05497023f255e7100de1dc3bf4d134ccb078b32f617df6caa7"
+                    ],
+                    "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\NLSDATA0007",
+                    "value_name": "Start"
+                },
+                {
+                    "hashes": [
+                        "0dd76654dc339f05497023f255e7100de1dc3bf4d134ccb078b32f617df6caa7"
+                    ],
+                    "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\NLSDATA0007",
+                    "value_name": "ErrorControl"
+                },
+                {
+                    "hashes": [
+                        "0dd76654dc339f05497023f255e7100de1dc3bf4d134ccb078b32f617df6caa7"
+                    ],
+                    "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\NLSDATA0007",
+                    "value_name": "ImagePath"
+                },
+                {
+                    "hashes": [
+                        "3661ff97330d218f720d5ef2b7e7228ffe8e00bae17b323cea9cbf372f53a610"
+                    ],
+                    "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\NLSLEXICONS0045",
+                    "value_name": null
+                },
+                {
+                    "hashes": [
+                        "0dd76654dc339f05497023f255e7100de1dc3bf4d134ccb078b32f617df6caa7"
+                    ],
+                    "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\NLSDATA0007",
+                    "value_name": "DisplayName"
+                },
+                {
+                    "hashes": [
+                        "3661ff97330d218f720d5ef2b7e7228ffe8e00bae17b323cea9cbf372f53a610"
+                    ],
+                    "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\NLSLEXICONS0045",
+                    "value_name": "Type"
+                },
+                {
+                    "hashes": [
+                        "0dd76654dc339f05497023f255e7100de1dc3bf4d134ccb078b32f617df6caa7"
+                    ],
+                    "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\NLSDATA0007",
+                    "value_name": "WOW64"
+                },
+                {
+                    "hashes": [
+                        "3661ff97330d218f720d5ef2b7e7228ffe8e00bae17b323cea9cbf372f53a610"
+                    ],
+                    "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\NLSLEXICONS0045",
+                    "value_name": "Start"
+                },
+                {
+                    "hashes": [
+                        "0dd76654dc339f05497023f255e7100de1dc3bf4d134ccb078b32f617df6caa7"
+                    ],
+                    "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\NLSDATA0007",
+                    "value_name": "ObjectName"
+                },
+                {
+                    "hashes": [
+                        "3661ff97330d218f720d5ef2b7e7228ffe8e00bae17b323cea9cbf372f53a610"
+                    ],
+                    "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\NLSLEXICONS0045",
+                    "value_name": "ErrorControl"
+                },
+                {
+                    "hashes": [
+                        "0dd76654dc339f05497023f255e7100de1dc3bf4d134ccb078b32f617df6caa7"
+                    ],
+                    "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\NLSDATA0007",
+                    "value_name": "Description"
+                },
+                {
+                    "hashes": [
+                        "3661ff97330d218f720d5ef2b7e7228ffe8e00bae17b323cea9cbf372f53a610"
+                    ],
+                    "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\NLSLEXICONS0045",
+                    "value_name": "ImagePath"
+                },
+                {
+                    "hashes": [
+                        "49203fc60b2d9ad0f244637732cf598a3748063610779ad17f1ca06a36e98067"
+                    ],
+                    "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\KBDTUF",
+                    "value_name": null
+                },
+                {
+                    "hashes": [
+                        "3661ff97330d218f720d5ef2b7e7228ffe8e00bae17b323cea9cbf372f53a610"
+                    ],
+                    "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\NLSLEXICONS0045",
+                    "value_name": "DisplayName"
+                },
+                {
+                    "hashes": [
+                        "49203fc60b2d9ad0f244637732cf598a3748063610779ad17f1ca06a36e98067"
+                    ],
+                    "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\KBDTUF",
+                    "value_name": "Type"
+                },
+                {
+                    "hashes": [
+                        "3661ff97330d218f720d5ef2b7e7228ffe8e00bae17b323cea9cbf372f53a610"
+                    ],
+                    "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\NLSLEXICONS0045",
+                    "value_name": "WOW64"
+                },
+                {
+                    "hashes": [
+                        "49203fc60b2d9ad0f244637732cf598a3748063610779ad17f1ca06a36e98067"
+                    ],
+                    "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\KBDTUF",
+                    "value_name": "Start"
+                },
+                {
+                    "hashes": [
+                        "92a70b066baf52ef85155b4c14ea46f276af53175c456762febb79afb261c84c"
+                    ],
+                    "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\APPMGR",
+                    "value_name": "Description"
+                },
+                {
+                    "hashes": [
+                        "3661ff97330d218f720d5ef2b7e7228ffe8e00bae17b323cea9cbf372f53a610"
+                    ],
+                    "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\NLSLEXICONS0045",
+                    "value_name": "ObjectName"
+                },
+                {
+                    "hashes": [
+                        "49203fc60b2d9ad0f244637732cf598a3748063610779ad17f1ca06a36e98067"
+                    ],
+                    "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\KBDTUF",
+                    "value_name": "ErrorControl"
+                },
+                {
+                    "hashes": [
+                        "3661ff97330d218f720d5ef2b7e7228ffe8e00bae17b323cea9cbf372f53a610"
+                    ],
+                    "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\NLSLEXICONS0045",
+                    "value_name": "Description"
+                },
+                {
+                    "hashes": [
+                        "49203fc60b2d9ad0f244637732cf598a3748063610779ad17f1ca06a36e98067"
+                    ],
+                    "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\KBDTUF",
+                    "value_name": "ImagePath"
+                },
+                {
+                    "hashes": [
+                        "49203fc60b2d9ad0f244637732cf598a3748063610779ad17f1ca06a36e98067"
+                    ],
+                    "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\KBDTUF",
+                    "value_name": "DisplayName"
+                },
+                {
+                    "hashes": [
+                        "49203fc60b2d9ad0f244637732cf598a3748063610779ad17f1ca06a36e98067"
+                    ],
+                    "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\KBDTUF",
+                    "value_name": "WOW64"
+                },
+                {
+                    "hashes": [
+                        "49203fc60b2d9ad0f244637732cf598a3748063610779ad17f1ca06a36e98067"
+                    ],
+                    "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\KBDTUF",
+                    "value_name": "ObjectName"
+                },
+                {
+                    "hashes": [
+                        "49203fc60b2d9ad0f244637732cf598a3748063610779ad17f1ca06a36e98067"
+                    ],
+                    "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\KBDTUF",
+                    "value_name": "Description"
+                },
+                {
+                    "hashes": [
+                        "12dd0d6980466a1352a129d9a9cb46dc2292293c9a52bf4cdcd1e800f3496f58"
+                    ],
+                    "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\KBDAX2",
+                    "value_name": null
+                },
+                {
+                    "hashes": [
+                        "12dd0d6980466a1352a129d9a9cb46dc2292293c9a52bf4cdcd1e800f3496f58"
+                    ],
+                    "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\KBDAX2",
+                    "value_name": "Type"
+                },
+                {
+                    "hashes": [
+                        "12dd0d6980466a1352a129d9a9cb46dc2292293c9a52bf4cdcd1e800f3496f58"
+                    ],
+                    "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\KBDAX2",
+                    "value_name": "Start"
+                },
+                {
+                    "hashes": [
+                        "12dd0d6980466a1352a129d9a9cb46dc2292293c9a52bf4cdcd1e800f3496f58"
+                    ],
+                    "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\KBDAX2",
+                    "value_name": "ErrorControl"
+                },
+                {
+                    "hashes": [
+                        "12dd0d6980466a1352a129d9a9cb46dc2292293c9a52bf4cdcd1e800f3496f58"
+                    ],
+                    "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\KBDAX2",
+                    "value_name": "ImagePath"
+                },
+                {
+                    "hashes": [
+                        "12dd0d6980466a1352a129d9a9cb46dc2292293c9a52bf4cdcd1e800f3496f58"
+                    ],
+                    "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\KBDAX2",
+                    "value_name": "DisplayName"
+                },
+                {
+                    "hashes": [
+                        "12dd0d6980466a1352a129d9a9cb46dc2292293c9a52bf4cdcd1e800f3496f58"
+                    ],
+                    "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\KBDAX2",
+                    "value_name": "WOW64"
+                },
+                {
+                    "hashes": [
+                        "12dd0d6980466a1352a129d9a9cb46dc2292293c9a52bf4cdcd1e800f3496f58"
+                    ],
+                    "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\KBDAX2",
+                    "value_name": "ObjectName"
+                },
+                {
+                    "hashes": [
+                        "12dd0d6980466a1352a129d9a9cb46dc2292293c9a52bf4cdcd1e800f3496f58"
+                    ],
+                    "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\KBDAX2",
+                    "value_name": "Description"
+                },
+                {
+                    "hashes": [
+                        "901867cb3a008060c8404b54688d04dd04e2706664515cc687933ee62c4ef432"
+                    ],
+                    "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\OLE32",
+                    "value_name": "ImagePath"
+                },
+                {
+                    "hashes": [
+                        "901867cb3a008060c8404b54688d04dd04e2706664515cc687933ee62c4ef432"
+                    ],
+                    "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\OLE32",
+                    "value_name": "Description"
+                },
+                {
+                    "hashes": [
+                        "d66ddfe71ab137d862f94882475f5eff7a7844a2180e55c02fab658a29986dc9"
+                    ],
+                    "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\LOCATIONAPI",
+                    "value_name": "ImagePath"
+                },
+                {
+                    "hashes": [
+                        "d66ddfe71ab137d862f94882475f5eff7a7844a2180e55c02fab658a29986dc9"
+                    ],
+                    "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\LOCATIONAPI",
+                    "value_name": "Description"
+                },
+                {
+                    "hashes": [
+                        "d20704d6e80e7a3041ce040c0917e301a5364fe3dd0aee1293494d598eff5243"
+                    ],
+                    "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\MFMJPEGDEC",
+                    "value_name": "ImagePath"
+                },
+                {
+                    "hashes": [
+                        "d20704d6e80e7a3041ce040c0917e301a5364fe3dd0aee1293494d598eff5243"
+                    ],
+                    "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\MFMJPEGDEC",
+                    "value_name": "Description"
+                }
+            ]
+        },
+        "reports_count": 27
+    },
+    "Win.Dropper.Kuluoz-7929761-0": {
+        "bis": [
+            {
+                "bi": "memory-execute-readwrite",
+                "hashes": [
+                    "3cb111e6d531ae041de2efeac8587374f59526fa719460ad55faaacfb4936d99",
+                    "712ecbe881c06855b483f0bbeaf7ea17db994363503a54b99cc416116ada4dba",
+                    "56099780e1a7c1df6f8fe7b01f107b46bbe66025d492dfc7e72482dfc735113a",
+                    "0c47e6afcb8c3354a181e8bda0512ca65d7a5b5c0541da879994c787ab4530e1",
+                    "f3d49f47a5ef0861e8c98df6432ab96e4694f406bc892b80f4215d4db54c1a75",
+                    "d833f6e5ff1156e9c836dbc2e00f5d4431bc450a6dc36e4ebfab34a32e3741c0",
+                    "239051885f686e935ca2242165dc592c8e266e5eb72576c80d92a71fb558e83f",
+                    "35d8e52e6d05dadf52f441971bb246d7d15e5a49f33626c91078dd1177d767b5",
+                    "1fbd62875d486e68e80118228cdb356e243f00b0060f7dca195dd734778afa82",
+                    "3b41e6fb3c8ece6117e852bdcdba6b3ef494e7eb502787ac12045fabc3ec5609",
+                    "ca59f8e92dfefba36f5d601ffae6bb4ce3b5f05d1ff6c91d72461f475755d12e",
+                    "b889023e1c702a202486aae5d5ba7b4c22d8a497812420316db62bb485853c78",
+                    "f80065b055f780c8edb11b1871e74970c6abd0b5963966d470d09c060503a843",
+                    "04f0e9827c423864e2f267f2fcfa8d31dbdfbe0d7b92d34f118d8e77b9597528",
+                    "858716274ebe0e1eaffbe79fe3ea0764b2ee48409d42669e5c8e61c3c9831ff9",
+                    "470fc19b55ecb8f7830c57763c22086d45e4bdbccbb410827da20f178d082eb1",
+                    "7069134c0a0b1055a8bf49d54812015b4c4eaf24d638be77ca9c2b53389dffeb",
+                    "3929cfbc0cb9cbe8be50104418169111b8ffdfdc58cf628560c61ea98adc7446",
+                    "6bf293de0f7a6a267278de0d1d9d5b814f24853a0c2c1e5b4ea0406c0762f6f9",
+                    "072276d94f0ff3f700574cc3b84cbc65d41b0eaff2e83a5653edf6ff7fd2e0ba",
+                    "3cb808292a7a81b6ff25d497f25acad1e554d14806492bfefa1c1c7f204d405a",
+                    "7ca67b54493ec1fbf018e6f8da87d6d261ec7fdb9a17cf8327e28ce8c0ab97f4",
+                    "b3c3df072ff1aec9fff5f1b51bc8dcdcb656eeddceeb3c7643ed13d1d6760b4e",
+                    "e344a020eb2b9e8f7849e6190250d881ce7ed68e89b447d47afba5fc34206895",
+                    "ef4ac67eb5d531a8b4a5a54b69e5afcd6a9dc30cfbda86fe571fc0e04af41e1b",
+                    "b3db6584b32bda2b9bb77255ddcd4014e5dfcc1c4d2251d0677033d3a15cfa80",
+                    "e7788132c06de65d834b5639a40606942ef6394b21350ae2fab19254f8f1bc75",
+                    "b6c5eebc72f7f175a7510d760e5aeffbfb77fa7d18cd707c57b47282cefb1b21",
+                    "91c7ff92f3938267720a28e9c995125500aeb78e82714220688d3da95612c15a",
+                    "9b5919486261f6182fca2fe05a6027ffecb0b21f85f8182ad0323983c3e64784",
+                    "16a1a073d93a8d56001a694d04fed70b17019eb244670390c0946104656528f6",
+                    "e2682e27b3ad24b9dadf235adc1e1484fcc1f3ad4127494ae291f729178899dd",
+                    "10ea6c280c20d3567453bda8c2af4794b867ad43d3e9c6e06fea328e8b1d4f5a",
+                    "e9c00348e18aeb045f8e646f38b83c40b78bca943bfa5edba40ecb9e1794c5c3",
+                    "9c4408d9e0a07492ab2995e82e7b9200d78f0243a8f39b6f13adcfde3547611e",
+                    "5cda9d95afad5d7cc4584f8788ff30a2270020b6d4c874589dc4715f5fb166cc",
+                    "bcae3849ba57e0a0fed0f91d6f690361a98e1c5560c2f3144c6746d583cf5381",
+                    "af730f5170933c122bb4e9b8c50c596d150b45d670baba9ab4655e343c835e3d",
+                    "82fafc3ad44adb44bb8f4cc0205915a89b3dee6bfc1c84e4dc6a8b4c9c429e07",
+                    "ba7c302411d29424ac426051a867f8386f6e03abf7b83d385e3f028388dee559",
+                    "9f4c5694e674c829e242955febef9efb130ee87d8bb0caed1961a9cc39cf21ad",
+                    "674937c7fea9937d3157090a4358a53d21b45cf0bbe67b76e5d1adcda87df931",
+                    "48fb31e3268057b2985bfe5455f5fe672169bc27c35b463266bac746af9e31e8",
+                    "f5b90919a1c59edf4148d0d42ac361c8d439b4926956ec5ddc25c9eabb3abc21",
+                    "cf6d5a0dde7159109750880e5ae5595923b0e502e178326344c0bb49a141b5f3",
+                    "91d31331456072dc5dd1c7f8e1a5de4f0c2e22e888a02006e267f76d919ad387",
+                    "b58b29b29b08569ac1e4dc89a41d765a9746a7fd13deebb76d6799e119a7dc81",
+                    "5244ea22ca67d2b4dacfcb7625f4658a4c92a9b5c90eeace1427e71582321e1a",
+                    "e3ec3a1999c935c8dfb4922ed30353be3758696a4d7a336925f3f8b90315cd90",
+                    "e2827ceb2ca75fd7d6d81b031ff89f67ef273b25ad26afcf7218bee92edeba51",
+                    "a498beaab56b3c14562091c0ec732c4c5daeaf13754e9ec6e9b17f8292c9deb0",
+                    "4a86cbb357806bb557b9ef262e458fe051d14a4507f0cd23924b379e0e4f6b48",
+                    "db92a789081585aa07f255036b5a862cf6d0ceb8a8aee45d93aa882db61d35f0",
+                    "c828b4b562816f3a34ccbee1b804665f1aac2f8f487c39e5cecb751541b66713",
+                    "52091dc21ec158cf6d1a3593beb7043d9b95831cb7524b7f537ba13361fe24d5",
+                    "71cbea725d64eb8055a0fb931b75cd3e917adb363af7ebdf12d22d0c149ecc1d",
+                    "69fb5ba180985ff11e747db0bd46b177d9551503da46638ff5586ff90f7a6baf",
+                    "89e73508b4da44c1b92b3c883f7ea4cacc9a689f14b42c6856b946f19b36ee3d",
+                    "9144fa8590d0bfd6b8d2aadcc182e26918c3d530e9cfac5df9ed9c74b49f3622",
+                    "8332cad289db9b2a133817901291d639742a6d17ee7d44694111655941ec2c1d",
+                    "a210d0c79b879908b6b281722caf724f8e02b800ca7cffed17285574b1e73d4a",
+                    "f75e8e0e0c7855400696c4dc9541bcd75a24f27676e9e4acf4146f434166a4b9",
+                    "9bd458840202ac6a3e775d0b5bb14da65560c615a2a7ba6cc01f7b8a7fb75f8c",
+                    "3c84e14224e65aa3a067c7b392e98037fc3672afc21fa02ef3ad3417e58c8e0f",
+                    "8904f02c9115f5ea25a3815595be1ac6d642c646786d053ceec0d17606677c17",
+                    "7440194e0b5ae29993d2f8571c8f7a83c029eeecf251a5e991fcd35e12108f61",
+                    "077d53918dccaae2871aa7b501da372a6673e15b4a4447051852d4e01f581a03",
+                    "5b5a3363903ac2fd810e4e1877ad59ebab5563e2740e4d970bc0c8ba4a471b08",
+                    "f106305a63851987e0f48556e1a61c2fa6035c3b569005761fa2ba0aa3a7c085",
+                    "9c7646c2bc1fbbee103868c7a13b9dd2c1cb29b62950fbf5acc67404b38da9ef",
+                    "575e01491c4d5a08c2a6e60747fc87824397884a187d335f399057f50ba421f5",
+                    "880275a257523f16fb83b540e5e1f4489d751c6684cb6f10a605f76f70b08d3a",
+                    "cca39eebc73390fc408f0070fd31a4fec405b4466c248adc5413bbc4b5b0308c",
+                    "1a2e5b01d2f1150064e73fedcf18de3a90f3950ae6c0a55697b2a87d723bffe2",
+                    "3e05620847484822b3a23a1250863b550732547923e88e14e64b8084bc24c0c6",
+                    "6197022f055da5446b9e6e937373805a3d497fdd4159827e23fc3cff6d26a51b",
+                    "2f8594a39a654c99514983d6dbf367258de39be75294668ac80c2f9b248fd9aa",
+                    "5ac7670fa52909cabebac7345330da2c85311efd3dbe89dd57bcc952c75b58fb",
+                    "572bab030a2a464bf15793e5dd3e2d84b8360e3bb07be0e8d2708e3025b6a2a3",
+                    "51d4c615066be53e24d1c2dc70bd9f5513f15ec615ec6b550945a5650d09035e",
+                    "9bbc0fe8ddcd656cab2b39f146ea8e57cb2496b8777266a528d7af3d5d3ef799",
+                    "9f7eabb50fcd7618c280d5639d6465fa87c3c2580495953f556d57da7242f515",
+                    "112078a290c017e9c56a38a18d57e3507567836c7ecd55a29d43d06d8c4b2e87",
+                    "43fadbcf6b371f33f758f939b8ea7b524ade6a7753b41d7a5b3dad524add560f",
+                    "375d5f6b94dbc0b1bd46e46aae64b6cee43c2459af4a8c51e3bbe36b885cf216",
+                    "659b77581f815a025f1826468979f5fce066e7f2bc91393ee74bd71fbb62cf14",
+                    "dbdb416f2be2761c4acd105b87255e2e7feea28fcb6d77224b5e436eb5e0c492",
+                    "8558d6b9eade8d8efc56573f591d28bd15c09935e955448dae984dbc028ae5d3",
+                    "c03e016df0ddc6fd937a52f97d3cc08b945046481578dfc2489e7208196cb468",
+                    "9772b6f8e9a3a4e3112ca3e5284bb1ee177bbb13fbb724a6e5c9f72801f2a5a6",
+                    "65a2af1decd8c0a9209ce09d7eeb2088ae2007272e3a0ef6cfa90480d0871dba",
+                    "1eac32099ccff0b55a138676e3ac291cb81c0cd2a573d6b5a013acbe5dc83536",
+                    "7815afe50beb666d59454975871bc89711d3be94367a2dc1aeef4d1490e027a8",
+                    "e5b34c78da584739945094d2543da674102a6e32f5d0c3e81923ce7a701ed824",
+                    "f47dd464b5285b40dc39e07e414a6737d0f6289337c7618270fd3a4f53745081",
+                    "1e8935e3c76df325b00eeb5e525ae4329de3ae64c991b9957327411740537b3c",
+                    "a1ff028ab0f1c0abdd2650837afdbc1f28dad905cccb802b7af72e439c6acba4",
+                    "1953ca3ec2aa45a27077b21f7e464f497abfb4f1ae6a75eb62824e414db4c88b",
+                    "3977126c1a8ead71c700e64414dd4a97f1396fa97f6513650f0ae008f66e072f",
+                    "be9755d7de1d78bd2c8bb957c80f199baf9630948b5e9e17eb54fd04a3646290",
+                    "db7e61f78c1334471f801f40e9f1c7b67a2a150b7bb1ea29b716debfc87e0d87",
+                    "3a906ac6fc9c764876f897e70242d3614f988d629d68c35a0b13d1969ceba44a",
+                    "a0afe1c788bc4f1902f409b5c475b2da63166d33794d19ce76fe450c8c3cf0f3",
+                    "f31698233389934cd18eaaed0d7fbafbe3cbe8738d1c493b492a26aa73a9c597",
+                    "e7723943562ecd4c1394fefcd7d0321cd50e26c10d15a8136b3d524d6ee8a33e"
+                ],
+                "mitre_attack_tags": [
+                    "TA0005",
+                    "TA0004",
+                    "T1055",
+                    "T1181"
+                ]
+            },
+            {
+                "bi": "modified-executable",
+                "hashes": [
+                    "3cb111e6d531ae041de2efeac8587374f59526fa719460ad55faaacfb4936d99",
+                    "712ecbe881c06855b483f0bbeaf7ea17db994363503a54b99cc416116ada4dba",
+                    "56099780e1a7c1df6f8fe7b01f107b46bbe66025d492dfc7e72482dfc735113a",
+                    "0c47e6afcb8c3354a181e8bda0512ca65d7a5b5c0541da879994c787ab4530e1",
+                    "f3d49f47a5ef0861e8c98df6432ab96e4694f406bc892b80f4215d4db54c1a75",
+                    "d833f6e5ff1156e9c836dbc2e00f5d4431bc450a6dc36e4ebfab34a32e3741c0",
+                    "239051885f686e935ca2242165dc592c8e266e5eb72576c80d92a71fb558e83f",
+                    "35d8e52e6d05dadf52f441971bb246d7d15e5a49f33626c91078dd1177d767b5",
+                    "1fbd62875d486e68e80118228cdb356e243f00b0060f7dca195dd734778afa82",
+                    "3b41e6fb3c8ece6117e852bdcdba6b3ef494e7eb502787ac12045fabc3ec5609",
+                    "ca59f8e92dfefba36f5d601ffae6bb4ce3b5f05d1ff6c91d72461f475755d12e",
+                    "b889023e1c702a202486aae5d5ba7b4c22d8a497812420316db62bb485853c78",
+                    "f80065b055f780c8edb11b1871e74970c6abd0b5963966d470d09c060503a843",
+                    "04f0e9827c423864e2f267f2fcfa8d31dbdfbe0d7b92d34f118d8e77b9597528",
+                    "858716274ebe0e1eaffbe79fe3ea0764b2ee48409d42669e5c8e61c3c9831ff9",
+                    "470fc19b55ecb8f7830c57763c22086d45e4bdbccbb410827da20f178d082eb1",
+                    "7069134c0a0b1055a8bf49d54812015b4c4eaf24d638be77ca9c2b53389dffeb",
+                    "3929cfbc0cb9cbe8be50104418169111b8ffdfdc58cf628560c61ea98adc7446",
+                    "6bf293de0f7a6a267278de0d1d9d5b814f24853a0c2c1e5b4ea0406c0762f6f9",
+                    "072276d94f0ff3f700574cc3b84cbc65d41b0eaff2e83a5653edf6ff7fd2e0ba",
+                    "3cb808292a7a81b6ff25d497f25acad1e554d14806492bfefa1c1c7f204d405a",
+                    "7ca67b54493ec1fbf018e6f8da87d6d261ec7fdb9a17cf8327e28ce8c0ab97f4",
+                    "b3c3df072ff1aec9fff5f1b51bc8dcdcb656eeddceeb3c7643ed13d1d6760b4e",
+                    "e344a020eb2b9e8f7849e6190250d881ce7ed68e89b447d47afba5fc34206895",
+                    "ef4ac67eb5d531a8b4a5a54b69e5afcd6a9dc30cfbda86fe571fc0e04af41e1b",
+                    "b3db6584b32bda2b9bb77255ddcd4014e5dfcc1c4d2251d0677033d3a15cfa80",
+                    "e7788132c06de65d834b5639a40606942ef6394b21350ae2fab19254f8f1bc75",
+                    "b6c5eebc72f7f175a7510d760e5aeffbfb77fa7d18cd707c57b47282cefb1b21",
+                    "91c7ff92f3938267720a28e9c995125500aeb78e82714220688d3da95612c15a",
+                    "9b5919486261f6182fca2fe05a6027ffecb0b21f85f8182ad0323983c3e64784",
+                    "16a1a073d93a8d56001a694d04fed70b17019eb244670390c0946104656528f6",
+                    "e2682e27b3ad24b9dadf235adc1e1484fcc1f3ad4127494ae291f729178899dd",
+                    "10ea6c280c20d3567453bda8c2af4794b867ad43d3e9c6e06fea328e8b1d4f5a",
+                    "e9c00348e18aeb045f8e646f38b83c40b78bca943bfa5edba40ecb9e1794c5c3",
+                    "9c4408d9e0a07492ab2995e82e7b9200d78f0243a8f39b6f13adcfde3547611e",
+                    "5cda9d95afad5d7cc4584f8788ff30a2270020b6d4c874589dc4715f5fb166cc",
+                    "bcae3849ba57e0a0fed0f91d6f690361a98e1c5560c2f3144c6746d583cf5381",
+                    "af730f5170933c122bb4e9b8c50c596d150b45d670baba9ab4655e343c835e3d",
+                    "82fafc3ad44adb44bb8f4cc0205915a89b3dee6bfc1c84e4dc6a8b4c9c429e07",
+                    "ba7c302411d29424ac426051a867f8386f6e03abf7b83d385e3f028388dee559",
+                    "9f4c5694e674c829e242955febef9efb130ee87d8bb0caed1961a9cc39cf21ad",
+                    "674937c7fea9937d3157090a4358a53d21b45cf0bbe67b76e5d1adcda87df931",
+                    "48fb31e3268057b2985bfe5455f5fe672169bc27c35b463266bac746af9e31e8",
+                    "f5b90919a1c59edf4148d0d42ac361c8d439b4926956ec5ddc25c9eabb3abc21",
+                    "cf6d5a0dde7159109750880e5ae5595923b0e502e178326344c0bb49a141b5f3",
+                    "91d31331456072dc5dd1c7f8e1a5de4f0c2e22e888a02006e267f76d919ad387",
+                    "b58b29b29b08569ac1e4dc89a41d765a9746a7fd13deebb76d6799e119a7dc81",
+                    "5244ea22ca67d2b4dacfcb7625f4658a4c92a9b5c90eeace1427e71582321e1a",
+                    "e3ec3a1999c935c8dfb4922ed30353be3758696a4d7a336925f3f8b90315cd90",
+                    "e2827ceb2ca75fd7d6d81b031ff89f67ef273b25ad26afcf7218bee92edeba51",
+                    "a498beaab56b3c14562091c0ec732c4c5daeaf13754e9ec6e9b17f8292c9deb0",
+                    "4a86cbb357806bb557b9ef262e458fe051d14a4507f0cd23924b379e0e4f6b48",
+                    "db92a789081585aa07f255036b5a862cf6d0ceb8a8aee45d93aa882db61d35f0",
+                    "c828b4b562816f3a34ccbee1b804665f1aac2f8f487c39e5cecb751541b66713",
+                    "52091dc21ec158cf6d1a3593beb7043d9b95831cb7524b7f537ba13361fe24d5",
+                    "71cbea725d64eb8055a0fb931b75cd3e917adb363af7ebdf12d22d0c149ecc1d",
+                    "69fb5ba180985ff11e747db0bd46b177d9551503da46638ff5586ff90f7a6baf",
+                    "89e73508b4da44c1b92b3c883f7ea4cacc9a689f14b42c6856b946f19b36ee3d",
+                    "9144fa8590d0bfd6b8d2aadcc182e26918c3d530e9cfac5df9ed9c74b49f3622",
+                    "8332cad289db9b2a133817901291d639742a6d17ee7d44694111655941ec2c1d",
+                    "a210d0c79b879908b6b281722caf724f8e02b800ca7cffed17285574b1e73d4a",
+                    "f75e8e0e0c7855400696c4dc9541bcd75a24f27676e9e4acf4146f434166a4b9",
+                    "9bd458840202ac6a3e775d0b5bb14da65560c615a2a7ba6cc01f7b8a7fb75f8c",
+                    "3c84e14224e65aa3a067c7b392e98037fc3672afc21fa02ef3ad3417e58c8e0f",
+                    "8904f02c9115f5ea25a3815595be1ac6d642c646786d053ceec0d17606677c17",
+                    "7440194e0b5ae29993d2f8571c8f7a83c029eeecf251a5e991fcd35e12108f61",
+                    "077d53918dccaae2871aa7b501da372a6673e15b4a4447051852d4e01f581a03",
+                    "5b5a3363903ac2fd810e4e1877ad59ebab5563e2740e4d970bc0c8ba4a471b08",
+                    "f106305a63851987e0f48556e1a61c2fa6035c3b569005761fa2ba0aa3a7c085",
+                    "9c7646c2bc1fbbee103868c7a13b9dd2c1cb29b62950fbf5acc67404b38da9ef",
+                    "575e01491c4d5a08c2a6e60747fc87824397884a187d335f399057f50ba421f5",
+                    "880275a257523f16fb83b540e5e1f4489d751c6684cb6f10a605f76f70b08d3a",
+                    "cca39eebc73390fc408f0070fd31a4fec405b4466c248adc5413bbc4b5b0308c",
+                    "1a2e5b01d2f1150064e73fedcf18de3a90f3950ae6c0a55697b2a87d723bffe2",
+                    "3e05620847484822b3a23a1250863b550732547923e88e14e64b8084bc24c0c6",
+                    "6197022f055da5446b9e6e937373805a3d497fdd4159827e23fc3cff6d26a51b",
+                    "2f8594a39a654c99514983d6dbf367258de39be75294668ac80c2f9b248fd9aa",
+                    "5ac7670fa52909cabebac7345330da2c85311efd3dbe89dd57bcc952c75b58fb",
+                    "572bab030a2a464bf15793e5dd3e2d84b8360e3bb07be0e8d2708e3025b6a2a3",
+                    "51d4c615066be53e24d1c2dc70bd9f5513f15ec615ec6b550945a5650d09035e",
+                    "9bbc0fe8ddcd656cab2b39f146ea8e57cb2496b8777266a528d7af3d5d3ef799",
+                    "9f7eabb50fcd7618c280d5639d6465fa87c3c2580495953f556d57da7242f515",
+                    "112078a290c017e9c56a38a18d57e3507567836c7ecd55a29d43d06d8c4b2e87",
+                    "43fadbcf6b371f33f758f939b8ea7b524ade6a7753b41d7a5b3dad524add560f",
+                    "375d5f6b94dbc0b1bd46e46aae64b6cee43c2459af4a8c51e3bbe36b885cf216",
+                    "659b77581f815a025f1826468979f5fce066e7f2bc91393ee74bd71fbb62cf14",
+                    "dbdb416f2be2761c4acd105b87255e2e7feea28fcb6d77224b5e436eb5e0c492",
+                    "8558d6b9eade8d8efc56573f591d28bd15c09935e955448dae984dbc028ae5d3",
+                    "c03e016df0ddc6fd937a52f97d3cc08b945046481578dfc2489e7208196cb468",
+                    "9772b6f8e9a3a4e3112ca3e5284bb1ee177bbb13fbb724a6e5c9f72801f2a5a6",
+                    "65a2af1decd8c0a9209ce09d7eeb2088ae2007272e3a0ef6cfa90480d0871dba",
+                    "1eac32099ccff0b55a138676e3ac291cb81c0cd2a573d6b5a013acbe5dc83536",
+                    "7815afe50beb666d59454975871bc89711d3be94367a2dc1aeef4d1490e027a8",
+                    "e5b34c78da584739945094d2543da674102a6e32f5d0c3e81923ce7a701ed824",
+                    "f47dd464b5285b40dc39e07e414a6737d0f6289337c7618270fd3a4f53745081",
+                    "1e8935e3c76df325b00eeb5e525ae4329de3ae64c991b9957327411740537b3c",
+                    "a1ff028ab0f1c0abdd2650837afdbc1f28dad905cccb802b7af72e439c6acba4",
+                    "1953ca3ec2aa45a27077b21f7e464f497abfb4f1ae6a75eb62824e414db4c88b",
+                    "3977126c1a8ead71c700e64414dd4a97f1396fa97f6513650f0ae008f66e072f",
+                    "be9755d7de1d78bd2c8bb957c80f199baf9630948b5e9e17eb54fd04a3646290",
+                    "db7e61f78c1334471f801f40e9f1c7b67a2a150b7bb1ea29b716debfc87e0d87",
+                    "3a906ac6fc9c764876f897e70242d3614f988d629d68c35a0b13d1969ceba44a",
+                    "a0afe1c788bc4f1902f409b5c475b2da63166d33794d19ce76fe450c8c3cf0f3",
+                    "f31698233389934cd18eaaed0d7fbafbe3cbe8738d1c493b492a26aa73a9c597",
+                    "e7723943562ecd4c1394fefcd7d0321cd50e26c10d15a8136b3d524d6ee8a33e"
+                ],
+                "mitre_attack_tags": []
+            },
+            {
+                "bi": "created-executable-in-user-dir",
+                "hashes": [
+                    "3cb111e6d531ae041de2efeac8587374f59526fa719460ad55faaacfb4936d99",
+                    "712ecbe881c06855b483f0bbeaf7ea17db994363503a54b99cc416116ada4dba",
+                    "56099780e1a7c1df6f8fe7b01f107b46bbe66025d492dfc7e72482dfc735113a",
+                    "0c47e6afcb8c3354a181e8bda0512ca65d7a5b5c0541da879994c787ab4530e1",
+                    "f3d49f47a5ef0861e8c98df6432ab96e4694f406bc892b80f4215d4db54c1a75",
+                    "d833f6e5ff1156e9c836dbc2e00f5d4431bc450a6dc36e4ebfab34a32e3741c0",
+                    "239051885f686e935ca2242165dc592c8e266e5eb72576c80d92a71fb558e83f",
+                    "35d8e52e6d05dadf52f441971bb246d7d15e5a49f33626c91078dd1177d767b5",
+                    "1fbd62875d486e68e80118228cdb356e243f00b0060f7dca195dd734778afa82",
+                    "3b41e6fb3c8ece6117e852bdcdba6b3ef494e7eb502787ac12045fabc3ec5609",
+                    "ca59f8e92dfefba36f5d601ffae6bb4ce3b5f05d1ff6c91d72461f475755d12e",
+                    "b889023e1c702a202486aae5d5ba7b4c22d8a497812420316db62bb485853c78",
+                    "f80065b055f780c8edb11b1871e74970c6abd0b5963966d470d09c060503a843",
+                    "04f0e9827c423864e2f267f2fcfa8d31dbdfbe0d7b92d34f118d8e77b9597528",
+                    "858716274ebe0e1eaffbe79fe3ea0764b2ee48409d42669e5c8e61c3c9831ff9",
+                    "470fc19b55ecb8f7830c57763c22086d45e4bdbccbb410827da20f178d082eb1",
+                    "7069134c0a0b1055a8bf49d54812015b4c4eaf24d638be77ca9c2b53389dffeb",
+                    "3929cfbc0cb9cbe8be50104418169111b8ffdfdc58cf628560c61ea98adc7446",
+                    "6bf293de0f7a6a267278de0d1d9d5b814f24853a0c2c1e5b4ea0406c0762f6f9",
+                    "072276d94f0ff3f700574cc3b84cbc65d41b0eaff2e83a5653edf6ff7fd2e0ba",
+                    "3cb808292a7a81b6ff25d497f25acad1e554d14806492bfefa1c1c7f204d405a",
+                    "7ca67b54493ec1fbf018e6f8da87d6d261ec7fdb9a17cf8327e28ce8c0ab97f4",
+                    "b3c3df072ff1aec9fff5f1b51bc8dcdcb656eeddceeb3c7643ed13d1d6760b4e",
+                    "e344a020eb2b9e8f7849e6190250d881ce7ed68e89b447d47afba5fc34206895",
+                    "ef4ac67eb5d531a8b4a5a54b69e5afcd6a9dc30cfbda86fe571fc0e04af41e1b",
+                    "b3db6584b32bda2b9bb77255ddcd4014e5dfcc1c4d2251d0677033d3a15cfa80",
+                    "e7788132c06de65d834b5639a40606942ef6394b21350ae2fab19254f8f1bc75",
+                    "b6c5eebc72f7f175a7510d760e5aeffbfb77fa7d18cd707c57b47282cefb1b21",
+                    "91c7ff92f3938267720a28e9c995125500aeb78e82714220688d3da95612c15a",
+                    "9b5919486261f6182fca2fe05a6027ffecb0b21f85f8182ad0323983c3e64784",
+                    "16a1a073d93a8d56001a694d04fed70b17019eb244670390c0946104656528f6",
+                    "e2682e27b3ad24b9dadf235adc1e1484fcc1f3ad4127494ae291f729178899dd",
+                    "10ea6c280c20d3567453bda8c2af4794b867ad43d3e9c6e06fea328e8b1d4f5a",
+                    "e9c00348e18aeb045f8e646f38b83c40b78bca943bfa5edba40ecb9e1794c5c3",
+                    "9c4408d9e0a07492ab2995e82e7b9200d78f0243a8f39b6f13adcfde3547611e",
+                    "5cda9d95afad5d7cc4584f8788ff30a2270020b6d4c874589dc4715f5fb166cc",
+                    "bcae3849ba57e0a0fed0f91d6f690361a98e1c5560c2f3144c6746d583cf5381",
+                    "af730f5170933c122bb4e9b8c50c596d150b45d670baba9ab4655e343c835e3d",
+                    "82fafc3ad44adb44bb8f4cc0205915a89b3dee6bfc1c84e4dc6a8b4c9c429e07",
+                    "ba7c302411d29424ac426051a867f8386f6e03abf7b83d385e3f028388dee559",
+                    "9f4c5694e674c829e242955febef9efb130ee87d8bb0caed1961a9cc39cf21ad",
+                    "674937c7fea9937d3157090a4358a53d21b45cf0bbe67b76e5d1adcda87df931",
+                    "48fb31e3268057b2985bfe5455f5fe672169bc27c35b463266bac746af9e31e8",
+                    "f5b90919a1c59edf4148d0d42ac361c8d439b4926956ec5ddc25c9eabb3abc21",
+                    "cf6d5a0dde7159109750880e5ae5595923b0e502e178326344c0bb49a141b5f3",
+                    "91d31331456072dc5dd1c7f8e1a5de4f0c2e22e888a02006e267f76d919ad387",
+                    "b58b29b29b08569ac1e4dc89a41d765a9746a7fd13deebb76d6799e119a7dc81",
+                    "5244ea22ca67d2b4dacfcb7625f4658a4c92a9b5c90eeace1427e71582321e1a",
+                    "e3ec3a1999c935c8dfb4922ed30353be3758696a4d7a336925f3f8b90315cd90",
+                    "e2827ceb2ca75fd7d6d81b031ff89f67ef273b25ad26afcf7218bee92edeba51",
+                    "a498beaab56b3c14562091c0ec732c4c5daeaf13754e9ec6e9b17f8292c9deb0",
+                    "4a86cbb357806bb557b9ef262e458fe051d14a4507f0cd23924b379e0e4f6b48",
+                    "db92a789081585aa07f255036b5a862cf6d0ceb8a8aee45d93aa882db61d35f0",
+                    "c828b4b562816f3a34ccbee1b804665f1aac2f8f487c39e5cecb751541b66713",
+                    "52091dc21ec158cf6d1a3593beb7043d9b95831cb7524b7f537ba13361fe24d5",
+                    "71cbea725d64eb8055a0fb931b75cd3e917adb363af7ebdf12d22d0c149ecc1d",
+                    "69fb5ba180985ff11e747db0bd46b177d9551503da46638ff5586ff90f7a6baf",
+                    "89e73508b4da44c1b92b3c883f7ea4cacc9a689f14b42c6856b946f19b36ee3d",
+                    "9144fa8590d0bfd6b8d2aadcc182e26918c3d530e9cfac5df9ed9c74b49f3622",
+                    "8332cad289db9b2a133817901291d639742a6d17ee7d44694111655941ec2c1d",
+                    "a210d0c79b879908b6b281722caf724f8e02b800ca7cffed17285574b1e73d4a",
+                    "f75e8e0e0c7855400696c4dc9541bcd75a24f27676e9e4acf4146f434166a4b9",
+                    "9bd458840202ac6a3e775d0b5bb14da65560c615a2a7ba6cc01f7b8a7fb75f8c",
+                    "3c84e14224e65aa3a067c7b392e98037fc3672afc21fa02ef3ad3417e58c8e0f",
+                    "8904f02c9115f5ea25a3815595be1ac6d642c646786d053ceec0d17606677c17",
+                    "7440194e0b5ae29993d2f8571c8f7a83c029eeecf251a5e991fcd35e12108f61",
+                    "077d53918dccaae2871aa7b501da372a6673e15b4a4447051852d4e01f581a03",
+                    "5b5a3363903ac2fd810e4e1877ad59ebab5563e2740e4d970bc0c8ba4a471b08",
+                    "f106305a63851987e0f48556e1a61c2fa6035c3b569005761fa2ba0aa3a7c085",
+                    "9c7646c2bc1fbbee103868c7a13b9dd2c1cb29b62950fbf5acc67404b38da9ef",
+                    "575e01491c4d5a08c2a6e60747fc87824397884a187d335f399057f50ba421f5",
+                    "880275a257523f16fb83b540e5e1f4489d751c6684cb6f10a605f76f70b08d3a",
+                    "cca39eebc73390fc408f0070fd31a4fec405b4466c248adc5413bbc4b5b0308c",
+                    "1a2e5b01d2f1150064e73fedcf18de3a90f3950ae6c0a55697b2a87d723bffe2",
+                    "3e05620847484822b3a23a1250863b550732547923e88e14e64b8084bc24c0c6",
+                    "6197022f055da5446b9e6e937373805a3d497fdd4159827e23fc3cff6d26a51b",
+                    "2f8594a39a654c99514983d6dbf367258de39be75294668ac80c2f9b248fd9aa",
+                    "5ac7670fa52909cabebac7345330da2c85311efd3dbe89dd57bcc952c75b58fb",
+                    "572bab030a2a464bf15793e5dd3e2d84b8360e3bb07be0e8d2708e3025b6a2a3",
+                    "51d4c615066be53e24d1c2dc70bd9f5513f15ec615ec6b550945a5650d09035e",
+                    "9bbc0fe8ddcd656cab2b39f146ea8e57cb2496b8777266a528d7af3d5d3ef799",
+                    "9f7eabb50fcd7618c280d5639d6465fa87c3c2580495953f556d57da7242f515",
+                    "112078a290c017e9c56a38a18d57e3507567836c7ecd55a29d43d06d8c4b2e87",
+                    "43fadbcf6b371f33f758f939b8ea7b524ade6a7753b41d7a5b3dad524add560f",
+                    "375d5f6b94dbc0b1bd46e46aae64b6cee43c2459af4a8c51e3bbe36b885cf216",
+                    "659b77581f815a025f1826468979f5fce066e7f2bc91393ee74bd71fbb62cf14",
+                    "dbdb416f2be2761c4acd105b87255e2e7feea28fcb6d77224b5e436eb5e0c492",
+                    "8558d6b9eade8d8efc56573f591d28bd15c09935e955448dae984dbc028ae5d3",
+                    "c03e016df0ddc6fd937a52f97d3cc08b945046481578dfc2489e7208196cb468",
+                    "9772b6f8e9a3a4e3112ca3e5284bb1ee177bbb13fbb724a6e5c9f72801f2a5a6",
+                    "65a2af1decd8c0a9209ce09d7eeb2088ae2007272e3a0ef6cfa90480d0871dba",
+                    "1eac32099ccff0b55a138676e3ac291cb81c0cd2a573d6b5a013acbe5dc83536",
+                    "7815afe50beb666d59454975871bc89711d3be94367a2dc1aeef4d1490e027a8",
+                    "e5b34c78da584739945094d2543da674102a6e32f5d0c3e81923ce7a701ed824",
+                    "f47dd464b5285b40dc39e07e414a6737d0f6289337c7618270fd3a4f53745081",
+                    "1e8935e3c76df325b00eeb5e525ae4329de3ae64c991b9957327411740537b3c",
+                    "a1ff028ab0f1c0abdd2650837afdbc1f28dad905cccb802b7af72e439c6acba4",
+                    "1953ca3ec2aa45a27077b21f7e464f497abfb4f1ae6a75eb62824e414db4c88b",
+                    "3977126c1a8ead71c700e64414dd4a97f1396fa97f6513650f0ae008f66e072f",
+                    "be9755d7de1d78bd2c8bb957c80f199baf9630948b5e9e17eb54fd04a3646290",
+                    "db7e61f78c1334471f801f40e9f1c7b67a2a150b7bb1ea29b716debfc87e0d87",
+                    "3a906ac6fc9c764876f897e70242d3614f988d629d68c35a0b13d1969ceba44a",
+                    "a0afe1c788bc4f1902f409b5c475b2da63166d33794d19ce76fe450c8c3cf0f3",
+                    "f31698233389934cd18eaaed0d7fbafbe3cbe8738d1c493b492a26aa73a9c597",
+                    "e7723943562ecd4c1394fefcd7d0321cd50e26c10d15a8136b3d524d6ee8a33e"
+                ],
+                "mitre_attack_tags": []
+            },
+            {
+                "bi": "antivirus-service-flagged-artifact",
+                "hashes": [
+                    "3cb111e6d531ae041de2efeac8587374f59526fa719460ad55faaacfb4936d99",
+                    "712ecbe881c06855b483f0bbeaf7ea17db994363503a54b99cc416116ada4dba",
+                    "56099780e1a7c1df6f8fe7b01f107b46bbe66025d492dfc7e72482dfc735113a",
+                    "0c47e6afcb8c3354a181e8bda0512ca65d7a5b5c0541da879994c787ab4530e1",
+                    "f3d49f47a5ef0861e8c98df6432ab96e4694f406bc892b80f4215d4db54c1a75",
+                    "d833f6e5ff1156e9c836dbc2e00f5d4431bc450a6dc36e4ebfab34a32e3741c0",
+                    "239051885f686e935ca2242165dc592c8e266e5eb72576c80d92a71fb558e83f",
+                    "35d8e52e6d05dadf52f441971bb246d7d15e5a49f33626c91078dd1177d767b5",
+                    "1fbd62875d486e68e80118228cdb356e243f00b0060f7dca195dd734778afa82",
+                    "3b41e6fb3c8ece6117e852bdcdba6b3ef494e7eb502787ac12045fabc3ec5609",
+                    "ca59f8e92dfefba36f5d601ffae6bb4ce3b5f05d1ff6c91d72461f475755d12e",
+                    "b889023e1c702a202486aae5d5ba7b4c22d8a497812420316db62bb485853c78",
+                    "f80065b055f780c8edb11b1871e74970c6abd0b5963966d470d09c060503a843",
+                    "04f0e9827c423864e2f267f2fcfa8d31dbdfbe0d7b92d34f118d8e77b9597528",
+                    "858716274ebe0e1eaffbe79fe3ea0764b2ee48409d42669e5c8e61c3c9831ff9",
+                    "470fc19b55ecb8f7830c57763c22086d45e4bdbccbb410827da20f178d082eb1",
+                    "7069134c0a0b1055a8bf49d54812015b4c4eaf24d638be77ca9c2b53389dffeb",
+                    "3929cfbc0cb9cbe8be50104418169111b8ffdfdc58cf628560c61ea98adc7446",
+                    "6bf293de0f7a6a267278de0d1d9d5b814f24853a0c2c1e5b4ea0406c0762f6f9",
+                    "072276d94f0ff3f700574cc3b84cbc65d41b0eaff2e83a5653edf6ff7fd2e0ba",
+                    "3cb808292a7a81b6ff25d497f25acad1e554d14806492bfefa1c1c7f204d405a",
+                    "7ca67b54493ec1fbf018e6f8da87d6d261ec7fdb9a17cf8327e28ce8c0ab97f4",
+                    "b3c3df072ff1aec9fff5f1b51bc8dcdcb656eeddceeb3c7643ed13d1d6760b4e",
+                    "e344a020eb2b9e8f7849e6190250d881ce7ed68e89b447d47afba5fc34206895",
+                    "ef4ac67eb5d531a8b4a5a54b69e5afcd6a9dc30cfbda86fe571fc0e04af41e1b",
+                    "b3db6584b32bda2b9bb77255ddcd4014e5dfcc1c4d2251d0677033d3a15cfa80",
+                    "e7788132c06de65d834b5639a40606942ef6394b21350ae2fab19254f8f1bc75",
+                    "b6c5eebc72f7f175a7510d760e5aeffbfb77fa7d18cd707c57b47282cefb1b21",
+                    "91c7ff92f3938267720a28e9c995125500aeb78e82714220688d3da95612c15a",
+                    "9b5919486261f6182fca2fe05a6027ffecb0b21f85f8182ad0323983c3e64784",
+                    "16a1a073d93a8d56001a694d04fed70b17019eb244670390c0946104656528f6",
+                    "e2682e27b3ad24b9dadf235adc1e1484fcc1f3ad4127494ae291f729178899dd",
+                    "10ea6c280c20d3567453bda8c2af4794b867ad43d3e9c6e06fea328e8b1d4f5a",
+                    "e9c00348e18aeb045f8e646f38b83c40b78bca943bfa5edba40ecb9e1794c5c3",
+                    "9c4408d9e0a07492ab2995e82e7b9200d78f0243a8f39b6f13adcfde3547611e",
+                    "5cda9d95afad5d7cc4584f8788ff30a2270020b6d4c874589dc4715f5fb166cc",
+                    "bcae3849ba57e0a0fed0f91d6f690361a98e1c5560c2f3144c6746d583cf5381",
+                    "af730f5170933c122bb4e9b8c50c596d150b45d670baba9ab4655e343c835e3d",
+                    "82fafc3ad44adb44bb8f4cc0205915a89b3dee6bfc1c84e4dc6a8b4c9c429e07",
+                    "ba7c302411d29424ac426051a867f8386f6e03abf7b83d385e3f028388dee559",
+                    "9f4c5694e674c829e242955febef9efb130ee87d8bb0caed1961a9cc39cf21ad",
+                    "674937c7fea9937d3157090a4358a53d21b45cf0bbe67b76e5d1adcda87df931",
+                    "48fb31e3268057b2985bfe5455f5fe672169bc27c35b463266bac746af9e31e8",
+                    "f5b90919a1c59edf4148d0d42ac361c8d439b4926956ec5ddc25c9eabb3abc21",
+                    "cf6d5a0dde7159109750880e5ae5595923b0e502e178326344c0bb49a141b5f3",
+                    "91d31331456072dc5dd1c7f8e1a5de4f0c2e22e888a02006e267f76d919ad387",
+                    "b58b29b29b08569ac1e4dc89a41d765a9746a7fd13deebb76d6799e119a7dc81",
+                    "5244ea22ca67d2b4dacfcb7625f4658a4c92a9b5c90eeace1427e71582321e1a",
+                    "e3ec3a1999c935c8dfb4922ed30353be3758696a4d7a336925f3f8b90315cd90",
+                    "e2827ceb2ca75fd7d6d81b031ff89f67ef273b25ad26afcf7218bee92edeba51",
+                    "a498beaab56b3c14562091c0ec732c4c5daeaf13754e9ec6e9b17f8292c9deb0",
+                    "4a86cbb357806bb557b9ef262e458fe051d14a4507f0cd23924b379e0e4f6b48",
+                    "db92a789081585aa07f255036b5a862cf6d0ceb8a8aee45d93aa882db61d35f0",
+                    "c828b4b562816f3a34ccbee1b804665f1aac2f8f487c39e5cecb751541b66713",
+                    "52091dc21ec158cf6d1a3593beb7043d9b95831cb7524b7f537ba13361fe24d5",
+                    "71cbea725d64eb8055a0fb931b75cd3e917adb363af7ebdf12d22d0c149ecc1d",
+                    "69fb5ba180985ff11e747db0bd46b177d9551503da46638ff5586ff90f7a6baf",
+                    "89e73508b4da44c1b92b3c883f7ea4cacc9a689f14b42c6856b946f19b36ee3d",
+                    "9144fa8590d0bfd6b8d2aadcc182e26918c3d530e9cfac5df9ed9c74b49f3622",
+                    "8332cad289db9b2a133817901291d639742a6d17ee7d44694111655941ec2c1d",
+                    "a210d0c79b879908b6b281722caf724f8e02b800ca7cffed17285574b1e73d4a",
+                    "f75e8e0e0c7855400696c4dc9541bcd75a24f27676e9e4acf4146f434166a4b9",
+                    "9bd458840202ac6a3e775d0b5bb14da65560c615a2a7ba6cc01f7b8a7fb75f8c",
+                    "3c84e14224e65aa3a067c7b392e98037fc3672afc21fa02ef3ad3417e58c8e0f",
+                    "8904f02c9115f5ea25a3815595be1ac6d642c646786d053ceec0d17606677c17",
+                    "7440194e0b5ae29993d2f8571c8f7a83c029eeecf251a5e991fcd35e12108f61",
+                    "077d53918dccaae2871aa7b501da372a6673e15b4a4447051852d4e01f581a03",
+                    "5b5a3363903ac2fd810e4e1877ad59ebab5563e2740e4d970bc0c8ba4a471b08",
+                    "f106305a63851987e0f48556e1a61c2fa6035c3b569005761fa2ba0aa3a7c085",
+                    "9c7646c2bc1fbbee103868c7a13b9dd2c1cb29b62950fbf5acc67404b38da9ef",
+                    "575e01491c4d5a08c2a6e60747fc87824397884a187d335f399057f50ba421f5",
+                    "880275a257523f16fb83b540e5e1f4489d751c6684cb6f10a605f76f70b08d3a",
+                    "cca39eebc73390fc408f0070fd31a4fec405b4466c248adc5413bbc4b5b0308c",
+                    "1a2e5b01d2f1150064e73fedcf18de3a90f3950ae6c0a55697b2a87d723bffe2",
+                    "3e05620847484822b3a23a1250863b550732547923e88e14e64b8084bc24c0c6",
+                    "6197022f055da5446b9e6e937373805a3d497fdd4159827e23fc3cff6d26a51b",
+                    "2f8594a39a654c99514983d6dbf367258de39be75294668ac80c2f9b248fd9aa",
+                    "5ac7670fa52909cabebac7345330da2c85311efd3dbe89dd57bcc952c75b58fb",
+                    "572bab030a2a464bf15793e5dd3e2d84b8360e3bb07be0e8d2708e3025b6a2a3",
+                    "51d4c615066be53e24d1c2dc70bd9f5513f15ec615ec6b550945a5650d09035e",
+                    "9bbc0fe8ddcd656cab2b39f146ea8e57cb2496b8777266a528d7af3d5d3ef799",
+                    "9f7eabb50fcd7618c280d5639d6465fa87c3c2580495953f556d57da7242f515",
+                    "112078a290c017e9c56a38a18d57e3507567836c7ecd55a29d43d06d8c4b2e87",
+                    "43fadbcf6b371f33f758f939b8ea7b524ade6a7753b41d7a5b3dad524add560f",
+                    "375d5f6b94dbc0b1bd46e46aae64b6cee43c2459af4a8c51e3bbe36b885cf216",
+                    "659b77581f815a025f1826468979f5fce066e7f2bc91393ee74bd71fbb62cf14",
+                    "dbdb416f2be2761c4acd105b87255e2e7feea28fcb6d77224b5e436eb5e0c492",
+                    "8558d6b9eade8d8efc56573f591d28bd15c09935e955448dae984dbc028ae5d3",
+                    "c03e016df0ddc6fd937a52f97d3cc08b945046481578dfc2489e7208196cb468",
+                    "9772b6f8e9a3a4e3112ca3e5284bb1ee177bbb13fbb724a6e5c9f72801f2a5a6",
+                    "65a2af1decd8c0a9209ce09d7eeb2088ae2007272e3a0ef6cfa90480d0871dba",
+                    "1eac32099ccff0b55a138676e3ac291cb81c0cd2a573d6b5a013acbe5dc83536",
+                    "7815afe50beb666d59454975871bc89711d3be94367a2dc1aeef4d1490e027a8",
+                    "e5b34c78da584739945094d2543da674102a6e32f5d0c3e81923ce7a701ed824",
+                    "f47dd464b5285b40dc39e07e414a6737d0f6289337c7618270fd3a4f53745081",
+                    "1e8935e3c76df325b00eeb5e525ae4329de3ae64c991b9957327411740537b3c",
+                    "a1ff028ab0f1c0abdd2650837afdbc1f28dad905cccb802b7af72e439c6acba4",
+                    "1953ca3ec2aa45a27077b21f7e464f497abfb4f1ae6a75eb62824e414db4c88b",
+                    "3977126c1a8ead71c700e64414dd4a97f1396fa97f6513650f0ae008f66e072f",
+                    "be9755d7de1d78bd2c8bb957c80f199baf9630948b5e9e17eb54fd04a3646290",
+                    "db7e61f78c1334471f801f40e9f1c7b67a2a150b7bb1ea29b716debfc87e0d87",
+                    "3a906ac6fc9c764876f897e70242d3614f988d629d68c35a0b13d1969ceba44a",
+                    "a0afe1c788bc4f1902f409b5c475b2da63166d33794d19ce76fe450c8c3cf0f3",
+                    "f31698233389934cd18eaaed0d7fbafbe3cbe8738d1c493b492a26aa73a9c597",
+                    "e7723943562ecd4c1394fefcd7d0321cd50e26c10d15a8136b3d524d6ee8a33e"
+                ],
+                "mitre_attack_tags": []
+            },
+            {
+                "bi": "modified-file-in-user-dir",
+                "hashes": [
+                    "3cb111e6d531ae041de2efeac8587374f59526fa719460ad55faaacfb4936d99",
+                    "712ecbe881c06855b483f0bbeaf7ea17db994363503a54b99cc416116ada4dba",
+                    "56099780e1a7c1df6f8fe7b01f107b46bbe66025d492dfc7e72482dfc735113a",
+                    "0c47e6afcb8c3354a181e8bda0512ca65d7a5b5c0541da879994c787ab4530e1",
+                    "f3d49f47a5ef0861e8c98df6432ab96e4694f406bc892b80f4215d4db54c1a75",
+                    "d833f6e5ff1156e9c836dbc2e00f5d4431bc450a6dc36e4ebfab34a32e3741c0",
+                    "239051885f686e935ca2242165dc592c8e266e5eb72576c80d92a71fb558e83f",
+                    "35d8e52e6d05dadf52f441971bb246d7d15e5a49f33626c91078dd1177d767b5",
+                    "1fbd62875d486e68e80118228cdb356e243f00b0060f7dca195dd734778afa82",
+                    "3b41e6fb3c8ece6117e852bdcdba6b3ef494e7eb502787ac12045fabc3ec5609",
+                    "ca59f8e92dfefba36f5d601ffae6bb4ce3b5f05d1ff6c91d72461f475755d12e",
+                    "b889023e1c702a202486aae5d5ba7b4c22d8a497812420316db62bb485853c78",
+                    "f80065b055f780c8edb11b1871e74970c6abd0b5963966d470d09c060503a843",
+                    "04f0e9827c423864e2f267f2fcfa8d31dbdfbe0d7b92d34f118d8e77b9597528",
+                    "858716274ebe0e1eaffbe79fe3ea0764b2ee48409d42669e5c8e61c3c9831ff9",
+                    "470fc19b55ecb8f7830c57763c22086d45e4bdbccbb410827da20f178d082eb1",
+                    "7069134c0a0b1055a8bf49d54812015b4c4eaf24d638be77ca9c2b53389dffeb",
+                    "3929cfbc0cb9cbe8be50104418169111b8ffdfdc58cf628560c61ea98adc7446",
+                    "6bf293de0f7a6a267278de0d1d9d5b814f24853a0c2c1e5b4ea0406c0762f6f9",
+                    "072276d94f0ff3f700574cc3b84cbc65d41b0eaff2e83a5653edf6ff7fd2e0ba",
+                    "3cb808292a7a81b6ff25d497f25acad1e554d14806492bfefa1c1c7f204d405a",
+                    "7ca67b54493ec1fbf018e6f8da87d6d261ec7fdb9a17cf8327e28ce8c0ab97f4",
+                    "b3c3df072ff1aec9fff5f1b51bc8dcdcb656eeddceeb3c7643ed13d1d6760b4e",
+                    "e344a020eb2b9e8f7849e6190250d881ce7ed68e89b447d47afba5fc34206895",
+                    "ef4ac67eb5d531a8b4a5a54b69e5afcd6a9dc30cfbda86fe571fc0e04af41e1b",
+                    "b3db6584b32bda2b9bb77255ddcd4014e5dfcc1c4d2251d0677033d3a15cfa80",
+                    "e7788132c06de65d834b5639a40606942ef6394b21350ae2fab19254f8f1bc75",
+                    "b6c5eebc72f7f175a7510d760e5aeffbfb77fa7d18cd707c57b47282cefb1b21",
+                    "91c7ff92f3938267720a28e9c995125500aeb78e82714220688d3da95612c15a",
+                    "9b5919486261f6182fca2fe05a6027ffecb0b21f85f8182ad0323983c3e64784",
+                    "16a1a073d93a8d56001a694d04fed70b17019eb244670390c0946104656528f6",
+                    "e2682e27b3ad24b9dadf235adc1e1484fcc1f3ad4127494ae291f729178899dd",
+                    "10ea6c280c20d3567453bda8c2af4794b867ad43d3e9c6e06fea328e8b1d4f5a",
+                    "e9c00348e18aeb045f8e646f38b83c40b78bca943bfa5edba40ecb9e1794c5c3",
+                    "9c4408d9e0a07492ab2995e82e7b9200d78f0243a8f39b6f13adcfde3547611e",
+                    "5cda9d95afad5d7cc4584f8788ff30a2270020b6d4c874589dc4715f5fb166cc",
+                    "bcae3849ba57e0a0fed0f91d6f690361a98e1c5560c2f3144c6746d583cf5381",
+                    "af730f5170933c122bb4e9b8c50c596d150b45d670baba9ab4655e343c835e3d",
+                    "82fafc3ad44adb44bb8f4cc0205915a89b3dee6bfc1c84e4dc6a8b4c9c429e07",
+                    "ba7c302411d29424ac426051a867f8386f6e03abf7b83d385e3f028388dee559",
+                    "9f4c5694e674c829e242955febef9efb130ee87d8bb0caed1961a9cc39cf21ad",
+                    "674937c7fea9937d3157090a4358a53d21b45cf0bbe67b76e5d1adcda87df931",
+                    "48fb31e3268057b2985bfe5455f5fe672169bc27c35b463266bac746af9e31e8",
+                    "f5b90919a1c59edf4148d0d42ac361c8d439b4926956ec5ddc25c9eabb3abc21",
+                    "cf6d5a0dde7159109750880e5ae5595923b0e502e178326344c0bb49a141b5f3",
+                    "91d31331456072dc5dd1c7f8e1a5de4f0c2e22e888a02006e267f76d919ad387",
+                    "b58b29b29b08569ac1e4dc89a41d765a9746a7fd13deebb76d6799e119a7dc81",
+                    "5244ea22ca67d2b4dacfcb7625f4658a4c92a9b5c90eeace1427e71582321e1a",
+                    "e3ec3a1999c935c8dfb4922ed30353be3758696a4d7a336925f3f8b90315cd90",
+                    "e2827ceb2ca75fd7d6d81b031ff89f67ef273b25ad26afcf7218bee92edeba51",
+                    "a498beaab56b3c14562091c0ec732c4c5daeaf13754e9ec6e9b17f8292c9deb0",
+                    "4a86cbb357806bb557b9ef262e458fe051d14a4507f0cd23924b379e0e4f6b48",
+                    "db92a789081585aa07f255036b5a862cf6d0ceb8a8aee45d93aa882db61d35f0",
+                    "c828b4b562816f3a34ccbee1b804665f1aac2f8f487c39e5cecb751541b66713",
+                    "52091dc21ec158cf6d1a3593beb7043d9b95831cb7524b7f537ba13361fe24d5",
+                    "71cbea725d64eb8055a0fb931b75cd3e917adb363af7ebdf12d22d0c149ecc1d",
+                    "69fb5ba180985ff11e747db0bd46b177d9551503da46638ff5586ff90f7a6baf",
+                    "89e73508b4da44c1b92b3c883f7ea4cacc9a689f14b42c6856b946f19b36ee3d",
+                    "9144fa8590d0bfd6b8d2aadcc182e26918c3d530e9cfac5df9ed9c74b49f3622",
+                    "8332cad289db9b2a133817901291d639742a6d17ee7d44694111655941ec2c1d",
+                    "a210d0c79b879908b6b281722caf724f8e02b800ca7cffed17285574b1e73d4a",
+                    "f75e8e0e0c7855400696c4dc9541bcd75a24f27676e9e4acf4146f434166a4b9",
+                    "9bd458840202ac6a3e775d0b5bb14da65560c615a2a7ba6cc01f7b8a7fb75f8c",
+                    "3c84e14224e65aa3a067c7b392e98037fc3672afc21fa02ef3ad3417e58c8e0f",
+                    "8904f02c9115f5ea25a3815595be1ac6d642c646786d053ceec0d17606677c17",
+                    "7440194e0b5ae29993d2f8571c8f7a83c029eeecf251a5e991fcd35e12108f61",
+                    "077d53918dccaae2871aa7b501da372a6673e15b4a4447051852d4e01f581a03",
+                    "5b5a3363903ac2fd810e4e1877ad59ebab5563e2740e4d970bc0c8ba4a471b08",
+                    "f106305a63851987e0f48556e1a61c2fa6035c3b569005761fa2ba0aa3a7c085",
+                    "9c7646c2bc1fbbee103868c7a13b9dd2c1cb29b62950fbf5acc67404b38da9ef",
+                    "575e01491c4d5a08c2a6e60747fc87824397884a187d335f399057f50ba421f5",
+                    "880275a257523f16fb83b540e5e1f4489d751c6684cb6f10a605f76f70b08d3a",
+                    "cca39eebc73390fc408f0070fd31a4fec405b4466c248adc5413bbc4b5b0308c",
+                    "1a2e5b01d2f1150064e73fedcf18de3a90f3950ae6c0a55697b2a87d723bffe2",
+                    "3e05620847484822b3a23a1250863b550732547923e88e14e64b8084bc24c0c6",
+                    "6197022f055da5446b9e6e937373805a3d497fdd4159827e23fc3cff6d26a51b",
+                    "2f8594a39a654c99514983d6dbf367258de39be75294668ac80c2f9b248fd9aa",
+                    "5ac7670fa52909cabebac7345330da2c85311efd3dbe89dd57bcc952c75b58fb",
+                    "572bab030a2a464bf15793e5dd3e2d84b8360e3bb07be0e8d2708e3025b6a2a3",
+                    "51d4c615066be53e24d1c2dc70bd9f5513f15ec615ec6b550945a5650d09035e",
+                    "9bbc0fe8ddcd656cab2b39f146ea8e57cb2496b8777266a528d7af3d5d3ef799",
+                    "9f7eabb50fcd7618c280d5639d6465fa87c3c2580495953f556d57da7242f515",
+                    "112078a290c017e9c56a38a18d57e3507567836c7ecd55a29d43d06d8c4b2e87",
+                    "43fadbcf6b371f33f758f939b8ea7b524ade6a7753b41d7a5b3dad524add560f",
+                    "375d5f6b94dbc0b1bd46e46aae64b6cee43c2459af4a8c51e3bbe36b885cf216",
+                    "659b77581f815a025f1826468979f5fce066e7f2bc91393ee74bd71fbb62cf14",
+                    "dbdb416f2be2761c4acd105b87255e2e7feea28fcb6d77224b5e436eb5e0c492",
+                    "8558d6b9eade8d8efc56573f591d28bd15c09935e955448dae984dbc028ae5d3",
+                    "c03e016df0ddc6fd937a52f97d3cc08b945046481578dfc2489e7208196cb468",
+                    "9772b6f8e9a3a4e3112ca3e5284bb1ee177bbb13fbb724a6e5c9f72801f2a5a6",
+                    "65a2af1decd8c0a9209ce09d7eeb2088ae2007272e3a0ef6cfa90480d0871dba",
+                    "1eac32099ccff0b55a138676e3ac291cb81c0cd2a573d6b5a013acbe5dc83536",
+                    "7815afe50beb666d59454975871bc89711d3be94367a2dc1aeef4d1490e027a8",
+                    "e5b34c78da584739945094d2543da674102a6e32f5d0c3e81923ce7a701ed824",
+                    "f47dd464b5285b40dc39e07e414a6737d0f6289337c7618270fd3a4f53745081",
+                    "1e8935e3c76df325b00eeb5e525ae4329de3ae64c991b9957327411740537b3c",
+                    "a1ff028ab0f1c0abdd2650837afdbc1f28dad905cccb802b7af72e439c6acba4",
+                    "1953ca3ec2aa45a27077b21f7e464f497abfb4f1ae6a75eb62824e414db4c88b",
+                    "3977126c1a8ead71c700e64414dd4a97f1396fa97f6513650f0ae008f66e072f",
+                    "be9755d7de1d78bd2c8bb957c80f199baf9630948b5e9e17eb54fd04a3646290",
+                    "db7e61f78c1334471f801f40e9f1c7b67a2a150b7bb1ea29b716debfc87e0d87",
+                    "3a906ac6fc9c764876f897e70242d3614f988d629d68c35a0b13d1969ceba44a",
+                    "a0afe1c788bc4f1902f409b5c475b2da63166d33794d19ce76fe450c8c3cf0f3",
+                    "f31698233389934cd18eaaed0d7fbafbe3cbe8738d1c493b492a26aa73a9c597",
+                    "e7723943562ecd4c1394fefcd7d0321cd50e26c10d15a8136b3d524d6ee8a33e"
+                ],
+                "mitre_attack_tags": []
+            },
+            {
+                "bi": "pe-invalid-checksum",
+                "hashes": [
+                    "3cb111e6d531ae041de2efeac8587374f59526fa719460ad55faaacfb4936d99",
+                    "712ecbe881c06855b483f0bbeaf7ea17db994363503a54b99cc416116ada4dba",
+                    "56099780e1a7c1df6f8fe7b01f107b46bbe66025d492dfc7e72482dfc735113a",
+                    "0c47e6afcb8c3354a181e8bda0512ca65d7a5b5c0541da879994c787ab4530e1",
+                    "f3d49f47a5ef0861e8c98df6432ab96e4694f406bc892b80f4215d4db54c1a75",
+                    "d833f6e5ff1156e9c836dbc2e00f5d4431bc450a6dc36e4ebfab34a32e3741c0",
+                    "239051885f686e935ca2242165dc592c8e266e5eb72576c80d92a71fb558e83f",
+                    "35d8e52e6d05dadf52f441971bb246d7d15e5a49f33626c91078dd1177d767b5",
+                    "1fbd62875d486e68e80118228cdb356e243f00b0060f7dca195dd734778afa82",
+                    "3b41e6fb3c8ece6117e852bdcdba6b3ef494e7eb502787ac12045fabc3ec5609",
+                    "ca59f8e92dfefba36f5d601ffae6bb4ce3b5f05d1ff6c91d72461f475755d12e",
+                    "b889023e1c702a202486aae5d5ba7b4c22d8a497812420316db62bb485853c78",
+                    "f80065b055f780c8edb11b1871e74970c6abd0b5963966d470d09c060503a843",
+                    "04f0e9827c423864e2f267f2fcfa8d31dbdfbe0d7b92d34f118d8e77b9597528",
+                    "858716274ebe0e1eaffbe79fe3ea0764b2ee48409d42669e5c8e61c3c9831ff9",
+                    "470fc19b55ecb8f7830c57763c22086d45e4bdbccbb410827da20f178d082eb1",
+                    "7069134c0a0b1055a8bf49d54812015b4c4eaf24d638be77ca9c2b53389dffeb",
+                    "3929cfbc0cb9cbe8be50104418169111b8ffdfdc58cf628560c61ea98adc7446",
+                    "6bf293de0f7a6a267278de0d1d9d5b814f24853a0c2c1e5b4ea0406c0762f6f9",
+                    "072276d94f0ff3f700574cc3b84cbc65d41b0eaff2e83a5653edf6ff7fd2e0ba",
+                    "3cb808292a7a81b6ff25d497f25acad1e554d14806492bfefa1c1c7f204d405a",
+                    "7ca67b54493ec1fbf018e6f8da87d6d261ec7fdb9a17cf8327e28ce8c0ab97f4",
+                    "b3c3df072ff1aec9fff5f1b51bc8dcdcb656eeddceeb3c7643ed13d1d6760b4e",
+                    "e344a020eb2b9e8f7849e6190250d881ce7ed68e89b447d47afba5fc34206895",
+                    "ef4ac67eb5d531a8b4a5a54b69e5afcd6a9dc30cfbda86fe571fc0e04af41e1b",
+                    "b3db6584b32bda2b9bb77255ddcd4014e5dfcc1c4d2251d0677033d3a15cfa80",
+                    "e7788132c06de65d834b5639a40606942ef6394b21350ae2fab19254f8f1bc75",
+                    "b6c5eebc72f7f175a7510d760e5aeffbfb77fa7d18cd707c57b47282cefb1b21",
+                    "91c7ff92f3938267720a28e9c995125500aeb78e82714220688d3da95612c15a",
+                    "9b5919486261f6182fca2fe05a6027ffecb0b21f85f8182ad0323983c3e64784",
+                    "16a1a073d93a8d56001a694d04fed70b17019eb244670390c0946104656528f6",
+                    "e2682e27b3ad24b9dadf235adc1e1484fcc1f3ad4127494ae291f729178899dd",
+                    "10ea6c280c20d3567453bda8c2af4794b867ad43d3e9c6e06fea328e8b1d4f5a",
+                    "e9c00348e18aeb045f8e646f38b83c40b78bca943bfa5edba40ecb9e1794c5c3",
+                    "9c4408d9e0a07492ab2995e82e7b9200d78f0243a8f39b6f13adcfde3547611e",
+                    "5cda9d95afad5d7cc4584f8788ff30a2270020b6d4c874589dc4715f5fb166cc",
+                    "bcae3849ba57e0a0fed0f91d6f690361a98e1c5560c2f3144c6746d583cf5381",
+                    "af730f5170933c122bb4e9b8c50c596d150b45d670baba9ab4655e343c835e3d",
+                    "82fafc3ad44adb44bb8f4cc0205915a89b3dee6bfc1c84e4dc6a8b4c9c429e07",
+                    "ba7c302411d29424ac426051a867f8386f6e03abf7b83d385e3f028388dee559",
+                    "9f4c5694e674c829e242955febef9efb130ee87d8bb0caed1961a9cc39cf21ad",
+                    "674937c7fea9937d3157090a4358a53d21b45cf0bbe67b76e5d1adcda87df931",
+                    "48fb31e3268057b2985bfe5455f5fe672169bc27c35b463266bac746af9e31e8",
+                    "f5b90919a1c59edf4148d0d42ac361c8d439b4926956ec5ddc25c9eabb3abc21",
+                    "cf6d5a0dde7159109750880e5ae5595923b0e502e178326344c0bb49a141b5f3",
+                    "91d31331456072dc5dd1c7f8e1a5de4f0c2e22e888a02006e267f76d919ad387",
+                    "b58b29b29b08569ac1e4dc89a41d765a9746a7fd13deebb76d6799e119a7dc81",
+                    "5244ea22ca67d2b4dacfcb7625f4658a4c92a9b5c90eeace1427e71582321e1a",
+                    "e3ec3a1999c935c8dfb4922ed30353be3758696a4d7a336925f3f8b90315cd90",
+                    "e2827ceb2ca75fd7d6d81b031ff89f67ef273b25ad26afcf7218bee92edeba51",
+                    "a498beaab56b3c14562091c0ec732c4c5daeaf13754e9ec6e9b17f8292c9deb0",
+                    "4a86cbb357806bb557b9ef262e458fe051d14a4507f0cd23924b379e0e4f6b48",
+                    "db92a789081585aa07f255036b5a862cf6d0ceb8a8aee45d93aa882db61d35f0",
+                    "c828b4b562816f3a34ccbee1b804665f1aac2f8f487c39e5cecb751541b66713",
+                    "52091dc21ec158cf6d1a3593beb7043d9b95831cb7524b7f537ba13361fe24d5",
+                    "71cbea725d64eb8055a0fb931b75cd3e917adb363af7ebdf12d22d0c149ecc1d",
+                    "69fb5ba180985ff11e747db0bd46b177d9551503da46638ff5586ff90f7a6baf",
+                    "89e73508b4da44c1b92b3c883f7ea4cacc9a689f14b42c6856b946f19b36ee3d",
+                    "9144fa8590d0bfd6b8d2aadcc182e26918c3d530e9cfac5df9ed9c74b49f3622",
+                    "8332cad289db9b2a133817901291d639742a6d17ee7d44694111655941ec2c1d",
+                    "a210d0c79b879908b6b281722caf724f8e02b800ca7cffed17285574b1e73d4a",
+                    "f75e8e0e0c7855400696c4dc9541bcd75a24f27676e9e4acf4146f434166a4b9",
+                    "9bd458840202ac6a3e775d0b5bb14da65560c615a2a7ba6cc01f7b8a7fb75f8c",
+                    "3c84e14224e65aa3a067c7b392e98037fc3672afc21fa02ef3ad3417e58c8e0f",
+                    "8904f02c9115f5ea25a3815595be1ac6d642c646786d053ceec0d17606677c17",
+                    "7440194e0b5ae29993d2f8571c8f7a83c029eeecf251a5e991fcd35e12108f61",
+                    "077d53918dccaae2871aa7b501da372a6673e15b4a4447051852d4e01f581a03",
+                    "5b5a3363903ac2fd810e4e1877ad59ebab5563e2740e4d970bc0c8ba4a471b08",
+                    "f106305a63851987e0f48556e1a61c2fa6035c3b569005761fa2ba0aa3a7c085",
+                    "9c7646c2bc1fbbee103868c7a13b9dd2c1cb29b62950fbf5acc67404b38da9ef",
+                    "575e01491c4d5a08c2a6e60747fc87824397884a187d335f399057f50ba421f5",
+                    "880275a257523f16fb83b540e5e1f4489d751c6684cb6f10a605f76f70b08d3a",
+                    "cca39eebc73390fc408f0070fd31a4fec405b4466c248adc5413bbc4b5b0308c",
+                    "1a2e5b01d2f1150064e73fedcf18de3a90f3950ae6c0a55697b2a87d723bffe2",
+                    "3e05620847484822b3a23a1250863b550732547923e88e14e64b8084bc24c0c6",
+                    "6197022f055da5446b9e6e937373805a3d497fdd4159827e23fc3cff6d26a51b",
+                    "2f8594a39a654c99514983d6dbf367258de39be75294668ac80c2f9b248fd9aa",
+                    "5ac7670fa52909cabebac7345330da2c85311efd3dbe89dd57bcc952c75b58fb",
+                    "572bab030a2a464bf15793e5dd3e2d84b8360e3bb07be0e8d2708e3025b6a2a3",
+                    "51d4c615066be53e24d1c2dc70bd9f5513f15ec615ec6b550945a5650d09035e",
+                    "9bbc0fe8ddcd656cab2b39f146ea8e57cb2496b8777266a528d7af3d5d3ef799",
+                    "9f7eabb50fcd7618c280d5639d6465fa87c3c2580495953f556d57da7242f515",
+                    "112078a290c017e9c56a38a18d57e3507567836c7ecd55a29d43d06d8c4b2e87",
+                    "43fadbcf6b371f33f758f939b8ea7b524ade6a7753b41d7a5b3dad524add560f",
+                    "375d5f6b94dbc0b1bd46e46aae64b6cee43c2459af4a8c51e3bbe36b885cf216",
+                    "659b77581f815a025f1826468979f5fce066e7f2bc91393ee74bd71fbb62cf14",
+                    "dbdb416f2be2761c4acd105b87255e2e7feea28fcb6d77224b5e436eb5e0c492",
+                    "8558d6b9eade8d8efc56573f591d28bd15c09935e955448dae984dbc028ae5d3",
+                    "c03e016df0ddc6fd937a52f97d3cc08b945046481578dfc2489e7208196cb468",
+                    "9772b6f8e9a3a4e3112ca3e5284bb1ee177bbb13fbb724a6e5c9f72801f2a5a6",
+                    "65a2af1decd8c0a9209ce09d7eeb2088ae2007272e3a0ef6cfa90480d0871dba",
+                    "1eac32099ccff0b55a138676e3ac291cb81c0cd2a573d6b5a013acbe5dc83536",
+                    "7815afe50beb666d59454975871bc89711d3be94367a2dc1aeef4d1490e027a8",
+                    "e5b34c78da584739945094d2543da674102a6e32f5d0c3e81923ce7a701ed824",
+                    "f47dd464b5285b40dc39e07e414a6737d0f6289337c7618270fd3a4f53745081",
+                    "1e8935e3c76df325b00eeb5e525ae4329de3ae64c991b9957327411740537b3c",
+                    "a1ff028ab0f1c0abdd2650837afdbc1f28dad905cccb802b7af72e439c6acba4",
+                    "1953ca3ec2aa45a27077b21f7e464f497abfb4f1ae6a75eb62824e414db4c88b",
+                    "3977126c1a8ead71c700e64414dd4a97f1396fa97f6513650f0ae008f66e072f",
+                    "be9755d7de1d78bd2c8bb957c80f199baf9630948b5e9e17eb54fd04a3646290",
+                    "db7e61f78c1334471f801f40e9f1c7b67a2a150b7bb1ea29b716debfc87e0d87",
+                    "3a906ac6fc9c764876f897e70242d3614f988d629d68c35a0b13d1969ceba44a",
+                    "a0afe1c788bc4f1902f409b5c475b2da63166d33794d19ce76fe450c8c3cf0f3",
+                    "f31698233389934cd18eaaed0d7fbafbe3cbe8738d1c493b492a26aa73a9c597",
+                    "e7723943562ecd4c1394fefcd7d0321cd50e26c10d15a8136b3d524d6ee8a33e"
+                ],
+                "mitre_attack_tags": []
+            },
+            {
+                "bi": "cta-static-analyzer-malicious",
+                "hashes": [
+                    "3cb111e6d531ae041de2efeac8587374f59526fa719460ad55faaacfb4936d99",
+                    "712ecbe881c06855b483f0bbeaf7ea17db994363503a54b99cc416116ada4dba",
+                    "56099780e1a7c1df6f8fe7b01f107b46bbe66025d492dfc7e72482dfc735113a",
+                    "0c47e6afcb8c3354a181e8bda0512ca65d7a5b5c0541da879994c787ab4530e1",
+                    "f3d49f47a5ef0861e8c98df6432ab96e4694f406bc892b80f4215d4db54c1a75",
+                    "d833f6e5ff1156e9c836dbc2e00f5d4431bc450a6dc36e4ebfab34a32e3741c0",
+                    "239051885f686e935ca2242165dc592c8e266e5eb72576c80d92a71fb558e83f",
+                    "35d8e52e6d05dadf52f441971bb246d7d15e5a49f33626c91078dd1177d767b5",
+                    "1fbd62875d486e68e80118228cdb356e243f00b0060f7dca195dd734778afa82",
+                    "3b41e6fb3c8ece6117e852bdcdba6b3ef494e7eb502787ac12045fabc3ec5609",
+                    "ca59f8e92dfefba36f5d601ffae6bb4ce3b5f05d1ff6c91d72461f475755d12e",
+                    "b889023e1c702a202486aae5d5ba7b4c22d8a497812420316db62bb485853c78",
+                    "f80065b055f780c8edb11b1871e74970c6abd0b5963966d470d09c060503a843",
+                    "04f0e9827c423864e2f267f2fcfa8d31dbdfbe0d7b92d34f118d8e77b9597528",
+                    "858716274ebe0e1eaffbe79fe3ea0764b2ee48409d42669e5c8e61c3c9831ff9",
+                    "470fc19b55ecb8f7830c57763c22086d45e4bdbccbb410827da20f178d082eb1",
+                    "7069134c0a0b1055a8bf49d54812015b4c4eaf24d638be77ca9c2b53389dffeb",
+                    "3929cfbc0cb9cbe8be50104418169111b8ffdfdc58cf628560c61ea98adc7446",
+                    "6bf293de0f7a6a267278de0d1d9d5b814f24853a0c2c1e5b4ea0406c0762f6f9",
+                    "072276d94f0ff3f700574cc3b84cbc65d41b0eaff2e83a5653edf6ff7fd2e0ba",
+                    "3cb808292a7a81b6ff25d497f25acad1e554d14806492bfefa1c1c7f204d405a",
+                    "7ca67b54493ec1fbf018e6f8da87d6d261ec7fdb9a17cf8327e28ce8c0ab97f4",
+                    "b3c3df072ff1aec9fff5f1b51bc8dcdcb656eeddceeb3c7643ed13d1d6760b4e",
+                    "e344a020eb2b9e8f7849e6190250d881ce7ed68e89b447d47afba5fc34206895",
+                    "ef4ac67eb5d531a8b4a5a54b69e5afcd6a9dc30cfbda86fe571fc0e04af41e1b",
+                    "b3db6584b32bda2b9bb77255ddcd4014e5dfcc1c4d2251d0677033d3a15cfa80",
+                    "e7788132c06de65d834b5639a40606942ef6394b21350ae2fab19254f8f1bc75",
+                    "b6c5eebc72f7f175a7510d760e5aeffbfb77fa7d18cd707c57b47282cefb1b21",
+                    "91c7ff92f3938267720a28e9c995125500aeb78e82714220688d3da95612c15a",
+                    "9b5919486261f6182fca2fe05a6027ffecb0b21f85f8182ad0323983c3e64784",
+                    "16a1a073d93a8d56001a694d04fed70b17019eb244670390c0946104656528f6",
+                    "e2682e27b3ad24b9dadf235adc1e1484fcc1f3ad4127494ae291f729178899dd",
+                    "10ea6c280c20d3567453bda8c2af4794b867ad43d3e9c6e06fea328e8b1d4f5a",
+                    "e9c00348e18aeb045f8e646f38b83c40b78bca943bfa5edba40ecb9e1794c5c3",
+                    "9c4408d9e0a07492ab2995e82e7b9200d78f0243a8f39b6f13adcfde3547611e",
+                    "5cda9d95afad5d7cc4584f8788ff30a2270020b6d4c874589dc4715f5fb166cc",
+                    "bcae3849ba57e0a0fed0f91d6f690361a98e1c5560c2f3144c6746d583cf5381",
+                    "af730f5170933c122bb4e9b8c50c596d150b45d670baba9ab4655e343c835e3d",
+                    "82fafc3ad44adb44bb8f4cc0205915a89b3dee6bfc1c84e4dc6a8b4c9c429e07",
+                    "ba7c302411d29424ac426051a867f8386f6e03abf7b83d385e3f028388dee559",
+                    "9f4c5694e674c829e242955febef9efb130ee87d8bb0caed1961a9cc39cf21ad",
+                    "674937c7fea9937d3157090a4358a53d21b45cf0bbe67b76e5d1adcda87df931",
+                    "48fb31e3268057b2985bfe5455f5fe672169bc27c35b463266bac746af9e31e8",
+                    "f5b90919a1c59edf4148d0d42ac361c8d439b4926956ec5ddc25c9eabb3abc21",
+                    "cf6d5a0dde7159109750880e5ae5595923b0e502e178326344c0bb49a141b5f3",
+                    "91d31331456072dc5dd1c7f8e1a5de4f0c2e22e888a02006e267f76d919ad387",
+                    "b58b29b29b08569ac1e4dc89a41d765a9746a7fd13deebb76d6799e119a7dc81",
+                    "5244ea22ca67d2b4dacfcb7625f4658a4c92a9b5c90eeace1427e71582321e1a",
+                    "e3ec3a1999c935c8dfb4922ed30353be3758696a4d7a336925f3f8b90315cd90",
+                    "e2827ceb2ca75fd7d6d81b031ff89f67ef273b25ad26afcf7218bee92edeba51",
+                    "a498beaab56b3c14562091c0ec732c4c5daeaf13754e9ec6e9b17f8292c9deb0",
+                    "4a86cbb357806bb557b9ef262e458fe051d14a4507f0cd23924b379e0e4f6b48",
+                    "db92a789081585aa07f255036b5a862cf6d0ceb8a8aee45d93aa882db61d35f0",
+                    "c828b4b562816f3a34ccbee1b804665f1aac2f8f487c39e5cecb751541b66713",
+                    "52091dc21ec158cf6d1a3593beb7043d9b95831cb7524b7f537ba13361fe24d5",
+                    "71cbea725d64eb8055a0fb931b75cd3e917adb363af7ebdf12d22d0c149ecc1d",
+                    "69fb5ba180985ff11e747db0bd46b177d9551503da46638ff5586ff90f7a6baf",
+                    "89e73508b4da44c1b92b3c883f7ea4cacc9a689f14b42c6856b946f19b36ee3d",
+                    "9144fa8590d0bfd6b8d2aadcc182e26918c3d530e9cfac5df9ed9c74b49f3622",
+                    "8332cad289db9b2a133817901291d639742a6d17ee7d44694111655941ec2c1d",
+                    "a210d0c79b879908b6b281722caf724f8e02b800ca7cffed17285574b1e73d4a",
+                    "f75e8e0e0c7855400696c4dc9541bcd75a24f27676e9e4acf4146f434166a4b9",
+                    "9bd458840202ac6a3e775d0b5bb14da65560c615a2a7ba6cc01f7b8a7fb75f8c",
+                    "3c84e14224e65aa3a067c7b392e98037fc3672afc21fa02ef3ad3417e58c8e0f",
+                    "8904f02c9115f5ea25a3815595be1ac6d642c646786d053ceec0d17606677c17",
+                    "7440194e0b5ae29993d2f8571c8f7a83c029eeecf251a5e991fcd35e12108f61",
+                    "077d53918dccaae2871aa7b501da372a6673e15b4a4447051852d4e01f581a03",
+                    "5b5a3363903ac2fd810e4e1877ad59ebab5563e2740e4d970bc0c8ba4a471b08",
+                    "f106305a63851987e0f48556e1a61c2fa6035c3b569005761fa2ba0aa3a7c085",
+                    "9c7646c2bc1fbbee103868c7a13b9dd2c1cb29b62950fbf5acc67404b38da9ef",
+                    "575e01491c4d5a08c2a6e60747fc87824397884a187d335f399057f50ba421f5",
+                    "880275a257523f16fb83b540e5e1f4489d751c6684cb6f10a605f76f70b08d3a",
+                    "cca39eebc73390fc408f0070fd31a4fec405b4466c248adc5413bbc4b5b0308c",
+                    "1a2e5b01d2f1150064e73fedcf18de3a90f3950ae6c0a55697b2a87d723bffe2",
+                    "3e05620847484822b3a23a1250863b550732547923e88e14e64b8084bc24c0c6",
+                    "6197022f055da5446b9e6e937373805a3d497fdd4159827e23fc3cff6d26a51b",
+                    "2f8594a39a654c99514983d6dbf367258de39be75294668ac80c2f9b248fd9aa",
+                    "5ac7670fa52909cabebac7345330da2c85311efd3dbe89dd57bcc952c75b58fb",
+                    "572bab030a2a464bf15793e5dd3e2d84b8360e3bb07be0e8d2708e3025b6a2a3",
+                    "51d4c615066be53e24d1c2dc70bd9f5513f15ec615ec6b550945a5650d09035e",
+                    "9bbc0fe8ddcd656cab2b39f146ea8e57cb2496b8777266a528d7af3d5d3ef799",
+                    "9f7eabb50fcd7618c280d5639d6465fa87c3c2580495953f556d57da7242f515",
+                    "112078a290c017e9c56a38a18d57e3507567836c7ecd55a29d43d06d8c4b2e87",
+                    "43fadbcf6b371f33f758f939b8ea7b524ade6a7753b41d7a5b3dad524add560f",
+                    "375d5f6b94dbc0b1bd46e46aae64b6cee43c2459af4a8c51e3bbe36b885cf216",
+                    "659b77581f815a025f1826468979f5fce066e7f2bc91393ee74bd71fbb62cf14",
+                    "dbdb416f2be2761c4acd105b87255e2e7feea28fcb6d77224b5e436eb5e0c492",
+                    "8558d6b9eade8d8efc56573f591d28bd15c09935e955448dae984dbc028ae5d3",
+                    "c03e016df0ddc6fd937a52f97d3cc08b945046481578dfc2489e7208196cb468",
+                    "9772b6f8e9a3a4e3112ca3e5284bb1ee177bbb13fbb724a6e5c9f72801f2a5a6",
+                    "65a2af1decd8c0a9209ce09d7eeb2088ae2007272e3a0ef6cfa90480d0871dba",
+                    "1eac32099ccff0b55a138676e3ac291cb81c0cd2a573d6b5a013acbe5dc83536",
+                    "7815afe50beb666d59454975871bc89711d3be94367a2dc1aeef4d1490e027a8",
+                    "e5b34c78da584739945094d2543da674102a6e32f5d0c3e81923ce7a701ed824",
+                    "f47dd464b5285b40dc39e07e414a6737d0f6289337c7618270fd3a4f53745081",
+                    "1e8935e3c76df325b00eeb5e525ae4329de3ae64c991b9957327411740537b3c",
+                    "a1ff028ab0f1c0abdd2650837afdbc1f28dad905cccb802b7af72e439c6acba4",
+                    "1953ca3ec2aa45a27077b21f7e464f497abfb4f1ae6a75eb62824e414db4c88b",
+                    "3977126c1a8ead71c700e64414dd4a97f1396fa97f6513650f0ae008f66e072f",
+                    "be9755d7de1d78bd2c8bb957c80f199baf9630948b5e9e17eb54fd04a3646290",
+                    "db7e61f78c1334471f801f40e9f1c7b67a2a150b7bb1ea29b716debfc87e0d87",
+                    "3a906ac6fc9c764876f897e70242d3614f988d629d68c35a0b13d1969ceba44a",
+                    "a0afe1c788bc4f1902f409b5c475b2da63166d33794d19ce76fe450c8c3cf0f3",
+                    "f31698233389934cd18eaaed0d7fbafbe3cbe8738d1c493b492a26aa73a9c597",
+                    "e7723943562ecd4c1394fefcd7d0321cd50e26c10d15a8136b3d524d6ee8a33e"
+                ],
+                "mitre_attack_tags": []
+            },
+            {
+                "bi": "process-svchost-suspicious-launch",
+                "hashes": [
+                    "3cb111e6d531ae041de2efeac8587374f59526fa719460ad55faaacfb4936d99",
+                    "712ecbe881c06855b483f0bbeaf7ea17db994363503a54b99cc416116ada4dba",
+                    "56099780e1a7c1df6f8fe7b01f107b46bbe66025d492dfc7e72482dfc735113a",
+                    "0c47e6afcb8c3354a181e8bda0512ca65d7a5b5c0541da879994c787ab4530e1",
+                    "f3d49f47a5ef0861e8c98df6432ab96e4694f406bc892b80f4215d4db54c1a75",
+                    "d833f6e5ff1156e9c836dbc2e00f5d4431bc450a6dc36e4ebfab34a32e3741c0",
+                    "239051885f686e935ca2242165dc592c8e266e5eb72576c80d92a71fb558e83f",
+                    "35d8e52e6d05dadf52f441971bb246d7d15e5a49f33626c91078dd1177d767b5",
+                    "1fbd62875d486e68e80118228cdb356e243f00b0060f7dca195dd734778afa82",
+                    "3b41e6fb3c8ece6117e852bdcdba6b3ef494e7eb502787ac12045fabc3ec5609",
+                    "ca59f8e92dfefba36f5d601ffae6bb4ce3b5f05d1ff6c91d72461f475755d12e",
+                    "b889023e1c702a202486aae5d5ba7b4c22d8a497812420316db62bb485853c78",
+                    "f80065b055f780c8edb11b1871e74970c6abd0b5963966d470d09c060503a843",
+                    "04f0e9827c423864e2f267f2fcfa8d31dbdfbe0d7b92d34f118d8e77b9597528",
+                    "858716274ebe0e1eaffbe79fe3ea0764b2ee48409d42669e5c8e61c3c9831ff9",
+                    "470fc19b55ecb8f7830c57763c22086d45e4bdbccbb410827da20f178d082eb1",
+                    "7069134c0a0b1055a8bf49d54812015b4c4eaf24d638be77ca9c2b53389dffeb",
+                    "3929cfbc0cb9cbe8be50104418169111b8ffdfdc58cf628560c61ea98adc7446",
+                    "6bf293de0f7a6a267278de0d1d9d5b814f24853a0c2c1e5b4ea0406c0762f6f9",
+                    "072276d94f0ff3f700574cc3b84cbc65d41b0eaff2e83a5653edf6ff7fd2e0ba",
+                    "3cb808292a7a81b6ff25d497f25acad1e554d14806492bfefa1c1c7f204d405a",
+                    "7ca67b54493ec1fbf018e6f8da87d6d261ec7fdb9a17cf8327e28ce8c0ab97f4",
+                    "b3c3df072ff1aec9fff5f1b51bc8dcdcb656eeddceeb3c7643ed13d1d6760b4e",
+                    "e344a020eb2b9e8f7849e6190250d881ce7ed68e89b447d47afba5fc34206895",
+                    "ef4ac67eb5d531a8b4a5a54b69e5afcd6a9dc30cfbda86fe571fc0e04af41e1b",
+                    "b3db6584b32bda2b9bb77255ddcd4014e5dfcc1c4d2251d0677033d3a15cfa80",
+                    "e7788132c06de65d834b5639a40606942ef6394b21350ae2fab19254f8f1bc75",
+                    "b6c5eebc72f7f175a7510d760e5aeffbfb77fa7d18cd707c57b47282cefb1b21",
+                    "91c7ff92f3938267720a28e9c995125500aeb78e82714220688d3da95612c15a",
+                    "9b5919486261f6182fca2fe05a6027ffecb0b21f85f8182ad0323983c3e64784",
+                    "16a1a073d93a8d56001a694d04fed70b17019eb244670390c0946104656528f6",
+                    "e2682e27b3ad24b9dadf235adc1e1484fcc1f3ad4127494ae291f729178899dd",
+                    "10ea6c280c20d3567453bda8c2af4794b867ad43d3e9c6e06fea328e8b1d4f5a",
+                    "e9c00348e18aeb045f8e646f38b83c40b78bca943bfa5edba40ecb9e1794c5c3",
+                    "9c4408d9e0a07492ab2995e82e7b9200d78f0243a8f39b6f13adcfde3547611e",
+                    "5cda9d95afad5d7cc4584f8788ff30a2270020b6d4c874589dc4715f5fb166cc",
+                    "bcae3849ba57e0a0fed0f91d6f690361a98e1c5560c2f3144c6746d583cf5381",
+                    "af730f5170933c122bb4e9b8c50c596d150b45d670baba9ab4655e343c835e3d",
+                    "82fafc3ad44adb44bb8f4cc0205915a89b3dee6bfc1c84e4dc6a8b4c9c429e07",
+                    "ba7c302411d29424ac426051a867f8386f6e03abf7b83d385e3f028388dee559",
+                    "9f4c5694e674c829e242955febef9efb130ee87d8bb0caed1961a9cc39cf21ad",
+                    "674937c7fea9937d3157090a4358a53d21b45cf0bbe67b76e5d1adcda87df931",
+                    "48fb31e3268057b2985bfe5455f5fe672169bc27c35b463266bac746af9e31e8",
+                    "f5b90919a1c59edf4148d0d42ac361c8d439b4926956ec5ddc25c9eabb3abc21",
+                    "cf6d5a0dde7159109750880e5ae5595923b0e502e178326344c0bb49a141b5f3",
+                    "91d31331456072dc5dd1c7f8e1a5de4f0c2e22e888a02006e267f76d919ad387",
+                    "b58b29b29b08569ac1e4dc89a41d765a9746a7fd13deebb76d6799e119a7dc81",
+                    "5244ea22ca67d2b4dacfcb7625f4658a4c92a9b5c90eeace1427e71582321e1a",
+                    "e3ec3a1999c935c8dfb4922ed30353be3758696a4d7a336925f3f8b90315cd90",
+                    "e2827ceb2ca75fd7d6d81b031ff89f67ef273b25ad26afcf7218bee92edeba51",
+                    "a498beaab56b3c14562091c0ec732c4c5daeaf13754e9ec6e9b17f8292c9deb0",
+                    "4a86cbb357806bb557b9ef262e458fe051d14a4507f0cd23924b379e0e4f6b48",
+                    "db92a789081585aa07f255036b5a862cf6d0ceb8a8aee45d93aa882db61d35f0",
+                    "c828b4b562816f3a34ccbee1b804665f1aac2f8f487c39e5cecb751541b66713",
+                    "52091dc21ec158cf6d1a3593beb7043d9b95831cb7524b7f537ba13361fe24d5",
+                    "71cbea725d64eb8055a0fb931b75cd3e917adb363af7ebdf12d22d0c149ecc1d",
+                    "69fb5ba180985ff11e747db0bd46b177d9551503da46638ff5586ff90f7a6baf",
+                    "89e73508b4da44c1b92b3c883f7ea4cacc9a689f14b42c6856b946f19b36ee3d",
+                    "9144fa8590d0bfd6b8d2aadcc182e26918c3d530e9cfac5df9ed9c74b49f3622",
+                    "8332cad289db9b2a133817901291d639742a6d17ee7d44694111655941ec2c1d",
+                    "a210d0c79b879908b6b281722caf724f8e02b800ca7cffed17285574b1e73d4a",
+                    "f75e8e0e0c7855400696c4dc9541bcd75a24f27676e9e4acf4146f434166a4b9",
+                    "9bd458840202ac6a3e775d0b5bb14da65560c615a2a7ba6cc01f7b8a7fb75f8c",
+                    "3c84e14224e65aa3a067c7b392e98037fc3672afc21fa02ef3ad3417e58c8e0f",
+                    "8904f02c9115f5ea25a3815595be1ac6d642c646786d053ceec0d17606677c17",
+                    "7440194e0b5ae29993d2f8571c8f7a83c029eeecf251a5e991fcd35e12108f61",
+                    "077d53918dccaae2871aa7b501da372a6673e15b4a4447051852d4e01f581a03",
+                    "5b5a3363903ac2fd810e4e1877ad59ebab5563e2740e4d970bc0c8ba4a471b08",
+                    "f106305a63851987e0f48556e1a61c2fa6035c3b569005761fa2ba0aa3a7c085",
+                    "9c7646c2bc1fbbee103868c7a13b9dd2c1cb29b62950fbf5acc67404b38da9ef",
+                    "575e01491c4d5a08c2a6e60747fc87824397884a187d335f399057f50ba421f5",
+                    "880275a257523f16fb83b540e5e1f4489d751c6684cb6f10a605f76f70b08d3a",
+                    "cca39eebc73390fc408f0070fd31a4fec405b4466c248adc5413bbc4b5b0308c",
+                    "1a2e5b01d2f1150064e73fedcf18de3a90f3950ae6c0a55697b2a87d723bffe2",
+                    "3e05620847484822b3a23a1250863b550732547923e88e14e64b8084bc24c0c6",
+                    "6197022f055da5446b9e6e937373805a3d497fdd4159827e23fc3cff6d26a51b",
+                    "2f8594a39a654c99514983d6dbf367258de39be75294668ac80c2f9b248fd9aa",
+                    "5ac7670fa52909cabebac7345330da2c85311efd3dbe89dd57bcc952c75b58fb",
+                    "572bab030a2a464bf15793e5dd3e2d84b8360e3bb07be0e8d2708e3025b6a2a3",
+                    "51d4c615066be53e24d1c2dc70bd9f5513f15ec615ec6b550945a5650d09035e",
+                    "9bbc0fe8ddcd656cab2b39f146ea8e57cb2496b8777266a528d7af3d5d3ef799",
+                    "9f7eabb50fcd7618c280d5639d6465fa87c3c2580495953f556d57da7242f515",
+                    "112078a290c017e9c56a38a18d57e3507567836c7ecd55a29d43d06d8c4b2e87",
+                    "43fadbcf6b371f33f758f939b8ea7b524ade6a7753b41d7a5b3dad524add560f",
+                    "375d5f6b94dbc0b1bd46e46aae64b6cee43c2459af4a8c51e3bbe36b885cf216",
+                    "659b77581f815a025f1826468979f5fce066e7f2bc91393ee74bd71fbb62cf14",
+                    "dbdb416f2be2761c4acd105b87255e2e7feea28fcb6d77224b5e436eb5e0c492",
+                    "8558d6b9eade8d8efc56573f591d28bd15c09935e955448dae984dbc028ae5d3",
+                    "c03e016df0ddc6fd937a52f97d3cc08b945046481578dfc2489e7208196cb468",
+                    "9772b6f8e9a3a4e3112ca3e5284bb1ee177bbb13fbb724a6e5c9f72801f2a5a6",
+                    "65a2af1decd8c0a9209ce09d7eeb2088ae2007272e3a0ef6cfa90480d0871dba",
+                    "1eac32099ccff0b55a138676e3ac291cb81c0cd2a573d6b5a013acbe5dc83536",
+                    "7815afe50beb666d59454975871bc89711d3be94367a2dc1aeef4d1490e027a8",
+                    "e5b34c78da584739945094d2543da674102a6e32f5d0c3e81923ce7a701ed824",
+                    "f47dd464b5285b40dc39e07e414a6737d0f6289337c7618270fd3a4f53745081",
+                    "1e8935e3c76df325b00eeb5e525ae4329de3ae64c991b9957327411740537b3c",
+                    "a1ff028ab0f1c0abdd2650837afdbc1f28dad905cccb802b7af72e439c6acba4",
+                    "1953ca3ec2aa45a27077b21f7e464f497abfb4f1ae6a75eb62824e414db4c88b",
+                    "3977126c1a8ead71c700e64414dd4a97f1396fa97f6513650f0ae008f66e072f",
+                    "be9755d7de1d78bd2c8bb957c80f199baf9630948b5e9e17eb54fd04a3646290",
+                    "db7e61f78c1334471f801f40e9f1c7b67a2a150b7bb1ea29b716debfc87e0d87",
+                    "3a906ac6fc9c764876f897e70242d3614f988d629d68c35a0b13d1969ceba44a",
+                    "a0afe1c788bc4f1902f409b5c475b2da63166d33794d19ce76fe450c8c3cf0f3",
+                    "f31698233389934cd18eaaed0d7fbafbe3cbe8738d1c493b492a26aa73a9c597",
+                    "e7723943562ecd4c1394fefcd7d0321cd50e26c10d15a8136b3d524d6ee8a33e"
+                ],
+                "mitre_attack_tags": [
+                    "TA0005"
+                ]
+            },
+            {
+                "bi": "registry-autorun-key-data-dir",
+                "hashes": [
+                    "3cb111e6d531ae041de2efeac8587374f59526fa719460ad55faaacfb4936d99",
+                    "712ecbe881c06855b483f0bbeaf7ea17db994363503a54b99cc416116ada4dba",
+                    "56099780e1a7c1df6f8fe7b01f107b46bbe66025d492dfc7e72482dfc735113a",
+                    "0c47e6afcb8c3354a181e8bda0512ca65d7a5b5c0541da879994c787ab4530e1",
+                    "f3d49f47a5ef0861e8c98df6432ab96e4694f406bc892b80f4215d4db54c1a75",
+                    "d833f6e5ff1156e9c836dbc2e00f5d4431bc450a6dc36e4ebfab34a32e3741c0",
+                    "239051885f686e935ca2242165dc592c8e266e5eb72576c80d92a71fb558e83f",
+                    "35d8e52e6d05dadf52f441971bb246d7d15e5a49f33626c91078dd1177d767b5",
+                    "1fbd62875d486e68e80118228cdb356e243f00b0060f7dca195dd734778afa82",
+                    "3b41e6fb3c8ece6117e852bdcdba6b3ef494e7eb502787ac12045fabc3ec5609",
+                    "ca59f8e92dfefba36f5d601ffae6bb4ce3b5f05d1ff6c91d72461f475755d12e",
+                    "b889023e1c702a202486aae5d5ba7b4c22d8a497812420316db62bb485853c78",
+                    "f80065b055f780c8edb11b1871e74970c6abd0b5963966d470d09c060503a843",
+                    "04f0e9827c423864e2f267f2fcfa8d31dbdfbe0d7b92d34f118d8e77b9597528",
+                    "858716274ebe0e1eaffbe79fe3ea0764b2ee48409d42669e5c8e61c3c9831ff9",
+                    "470fc19b55ecb8f7830c57763c22086d45e4bdbccbb410827da20f178d082eb1",
+                    "7069134c0a0b1055a8bf49d54812015b4c4eaf24d638be77ca9c2b53389dffeb",
+                    "3929cfbc0cb9cbe8be50104418169111b8ffdfdc58cf628560c61ea98adc7446",
+                    "6bf293de0f7a6a267278de0d1d9d5b814f24853a0c2c1e5b4ea0406c0762f6f9",
+                    "072276d94f0ff3f700574cc3b84cbc65d41b0eaff2e83a5653edf6ff7fd2e0ba",
+                    "3cb808292a7a81b6ff25d497f25acad1e554d14806492bfefa1c1c7f204d405a",
+                    "7ca67b54493ec1fbf018e6f8da87d6d261ec7fdb9a17cf8327e28ce8c0ab97f4",
+                    "b3c3df072ff1aec9fff5f1b51bc8dcdcb656eeddceeb3c7643ed13d1d6760b4e",
+                    "e344a020eb2b9e8f7849e6190250d881ce7ed68e89b447d47afba5fc34206895",
+                    "ef4ac67eb5d531a8b4a5a54b69e5afcd6a9dc30cfbda86fe571fc0e04af41e1b",
+                    "b3db6584b32bda2b9bb77255ddcd4014e5dfcc1c4d2251d0677033d3a15cfa80",
+                    "e7788132c06de65d834b5639a40606942ef6394b21350ae2fab19254f8f1bc75",
+                    "b6c5eebc72f7f175a7510d760e5aeffbfb77fa7d18cd707c57b47282cefb1b21",
+                    "91c7ff92f3938267720a28e9c995125500aeb78e82714220688d3da95612c15a",
+                    "9b5919486261f6182fca2fe05a6027ffecb0b21f85f8182ad0323983c3e64784",
+                    "16a1a073d93a8d56001a694d04fed70b17019eb244670390c0946104656528f6",
+                    "e2682e27b3ad24b9dadf235adc1e1484fcc1f3ad4127494ae291f729178899dd",
+                    "10ea6c280c20d3567453bda8c2af4794b867ad43d3e9c6e06fea328e8b1d4f5a",
+                    "e9c00348e18aeb045f8e646f38b83c40b78bca943bfa5edba40ecb9e1794c5c3",
+                    "9c4408d9e0a07492ab2995e82e7b9200d78f0243a8f39b6f13adcfde3547611e",
+                    "5cda9d95afad5d7cc4584f8788ff30a2270020b6d4c874589dc4715f5fb166cc",
+                    "bcae3849ba57e0a0fed0f91d6f690361a98e1c5560c2f3144c6746d583cf5381",
+                    "af730f5170933c122bb4e9b8c50c596d150b45d670baba9ab4655e343c835e3d",
+                    "82fafc3ad44adb44bb8f4cc0205915a89b3dee6bfc1c84e4dc6a8b4c9c429e07",
+                    "ba7c302411d29424ac426051a867f8386f6e03abf7b83d385e3f028388dee559",
+                    "9f4c5694e674c829e242955febef9efb130ee87d8bb0caed1961a9cc39cf21ad",
+                    "674937c7fea9937d3157090a4358a53d21b45cf0bbe67b76e5d1adcda87df931",
+                    "48fb31e3268057b2985bfe5455f5fe672169bc27c35b463266bac746af9e31e8",
+                    "f5b90919a1c59edf4148d0d42ac361c8d439b4926956ec5ddc25c9eabb3abc21",
+                    "cf6d5a0dde7159109750880e5ae5595923b0e502e178326344c0bb49a141b5f3",
+                    "91d31331456072dc5dd1c7f8e1a5de4f0c2e22e888a02006e267f76d919ad387",
+                    "b58b29b29b08569ac1e4dc89a41d765a9746a7fd13deebb76d6799e119a7dc81",
+                    "5244ea22ca67d2b4dacfcb7625f4658a4c92a9b5c90eeace1427e71582321e1a",
+                    "e3ec3a1999c935c8dfb4922ed30353be3758696a4d7a336925f3f8b90315cd90",
+                    "e2827ceb2ca75fd7d6d81b031ff89f67ef273b25ad26afcf7218bee92edeba51",
+                    "a498beaab56b3c14562091c0ec732c4c5daeaf13754e9ec6e9b17f8292c9deb0",
+                    "4a86cbb357806bb557b9ef262e458fe051d14a4507f0cd23924b379e0e4f6b48",
+                    "db92a789081585aa07f255036b5a862cf6d0ceb8a8aee45d93aa882db61d35f0",
+                    "c828b4b562816f3a34ccbee1b804665f1aac2f8f487c39e5cecb751541b66713",
+                    "52091dc21ec158cf6d1a3593beb7043d9b95831cb7524b7f537ba13361fe24d5",
+                    "71cbea725d64eb8055a0fb931b75cd3e917adb363af7ebdf12d22d0c149ecc1d",
+                    "69fb5ba180985ff11e747db0bd46b177d9551503da46638ff5586ff90f7a6baf",
+                    "89e73508b4da44c1b92b3c883f7ea4cacc9a689f14b42c6856b946f19b36ee3d",
+                    "9144fa8590d0bfd6b8d2aadcc182e26918c3d530e9cfac5df9ed9c74b49f3622",
+                    "8332cad289db9b2a133817901291d639742a6d17ee7d44694111655941ec2c1d",
+                    "a210d0c79b879908b6b281722caf724f8e02b800ca7cffed17285574b1e73d4a",
+                    "f75e8e0e0c7855400696c4dc9541bcd75a24f27676e9e4acf4146f434166a4b9",
+                    "9bd458840202ac6a3e775d0b5bb14da65560c615a2a7ba6cc01f7b8a7fb75f8c",
+                    "3c84e14224e65aa3a067c7b392e98037fc3672afc21fa02ef3ad3417e58c8e0f",
+                    "8904f02c9115f5ea25a3815595be1ac6d642c646786d053ceec0d17606677c17",
+                    "7440194e0b5ae29993d2f8571c8f7a83c029eeecf251a5e991fcd35e12108f61",
+                    "077d53918dccaae2871aa7b501da372a6673e15b4a4447051852d4e01f581a03",
+                    "5b5a3363903ac2fd810e4e1877ad59ebab5563e2740e4d970bc0c8ba4a471b08",
+                    "f106305a63851987e0f48556e1a61c2fa6035c3b569005761fa2ba0aa3a7c085",
+                    "9c7646c2bc1fbbee103868c7a13b9dd2c1cb29b62950fbf5acc67404b38da9ef",
+                    "575e01491c4d5a08c2a6e60747fc87824397884a187d335f399057f50ba421f5",
+                    "880275a257523f16fb83b540e5e1f4489d751c6684cb6f10a605f76f70b08d3a",
+                    "cca39eebc73390fc408f0070fd31a4fec405b4466c248adc5413bbc4b5b0308c",
+                    "1a2e5b01d2f1150064e73fedcf18de3a90f3950ae6c0a55697b2a87d723bffe2",
+                    "3e05620847484822b3a23a1250863b550732547923e88e14e64b8084bc24c0c6",
+                    "6197022f055da5446b9e6e937373805a3d497fdd4159827e23fc3cff6d26a51b",
+                    "2f8594a39a654c99514983d6dbf367258de39be75294668ac80c2f9b248fd9aa",
+                    "5ac7670fa52909cabebac7345330da2c85311efd3dbe89dd57bcc952c75b58fb",
+                    "572bab030a2a464bf15793e5dd3e2d84b8360e3bb07be0e8d2708e3025b6a2a3",
+                    "51d4c615066be53e24d1c2dc70bd9f5513f15ec615ec6b550945a5650d09035e",
+                    "9bbc0fe8ddcd656cab2b39f146ea8e57cb2496b8777266a528d7af3d5d3ef799",
+                    "9f7eabb50fcd7618c280d5639d6465fa87c3c2580495953f556d57da7242f515",
+                    "112078a290c017e9c56a38a18d57e3507567836c7ecd55a29d43d06d8c4b2e87",
+                    "43fadbcf6b371f33f758f939b8ea7b524ade6a7753b41d7a5b3dad524add560f",
+                    "375d5f6b94dbc0b1bd46e46aae64b6cee43c2459af4a8c51e3bbe36b885cf216",
+                    "659b77581f815a025f1826468979f5fce066e7f2bc91393ee74bd71fbb62cf14",
+                    "dbdb416f2be2761c4acd105b87255e2e7feea28fcb6d77224b5e436eb5e0c492",
+                    "8558d6b9eade8d8efc56573f591d28bd15c09935e955448dae984dbc028ae5d3",
+                    "c03e016df0ddc6fd937a52f97d3cc08b945046481578dfc2489e7208196cb468",
+                    "9772b6f8e9a3a4e3112ca3e5284bb1ee177bbb13fbb724a6e5c9f72801f2a5a6",
+                    "65a2af1decd8c0a9209ce09d7eeb2088ae2007272e3a0ef6cfa90480d0871dba",
+                    "1eac32099ccff0b55a138676e3ac291cb81c0cd2a573d6b5a013acbe5dc83536",
+                    "7815afe50beb666d59454975871bc89711d3be94367a2dc1aeef4d1490e027a8",
+                    "e5b34c78da584739945094d2543da674102a6e32f5d0c3e81923ce7a701ed824",
+                    "f47dd464b5285b40dc39e07e414a6737d0f6289337c7618270fd3a4f53745081",
+                    "1e8935e3c76df325b00eeb5e525ae4329de3ae64c991b9957327411740537b3c",
+                    "a1ff028ab0f1c0abdd2650837afdbc1f28dad905cccb802b7af72e439c6acba4",
+                    "1953ca3ec2aa45a27077b21f7e464f497abfb4f1ae6a75eb62824e414db4c88b",
+                    "3977126c1a8ead71c700e64414dd4a97f1396fa97f6513650f0ae008f66e072f",
+                    "be9755d7de1d78bd2c8bb957c80f199baf9630948b5e9e17eb54fd04a3646290",
+                    "db7e61f78c1334471f801f40e9f1c7b67a2a150b7bb1ea29b716debfc87e0d87",
+                    "3a906ac6fc9c764876f897e70242d3614f988d629d68c35a0b13d1969ceba44a",
+                    "a0afe1c788bc4f1902f409b5c475b2da63166d33794d19ce76fe450c8c3cf0f3",
+                    "f31698233389934cd18eaaed0d7fbafbe3cbe8738d1c493b492a26aa73a9c597",
+                    "e7723943562ecd4c1394fefcd7d0321cd50e26c10d15a8136b3d524d6ee8a33e"
+                ],
+                "mitre_attack_tags": [
+                    "TA0003",
+                    "T1060"
+                ]
+            },
+            {
+                "bi": "registry-autorun-key-modified",
+                "hashes": [
+                    "3cb111e6d531ae041de2efeac8587374f59526fa719460ad55faaacfb4936d99",
+                    "712ecbe881c06855b483f0bbeaf7ea17db994363503a54b99cc416116ada4dba",
+                    "56099780e1a7c1df6f8fe7b01f107b46bbe66025d492dfc7e72482dfc735113a",
+                    "0c47e6afcb8c3354a181e8bda0512ca65d7a5b5c0541da879994c787ab4530e1",
+                    "f3d49f47a5ef0861e8c98df6432ab96e4694f406bc892b80f4215d4db54c1a75",
+                    "d833f6e5ff1156e9c836dbc2e00f5d4431bc450a6dc36e4ebfab34a32e3741c0",
+                    "239051885f686e935ca2242165dc592c8e266e5eb72576c80d92a71fb558e83f",
+                    "35d8e52e6d05dadf52f441971bb246d7d15e5a49f33626c91078dd1177d767b5",
+                    "1fbd62875d486e68e80118228cdb356e243f00b0060f7dca195dd734778afa82",
+                    "3b41e6fb3c8ece6117e852bdcdba6b3ef494e7eb502787ac12045fabc3ec5609",
+                    "ca59f8e92dfefba36f5d601ffae6bb4ce3b5f05d1ff6c91d72461f475755d12e",
+                    "b889023e1c702a202486aae5d5ba7b4c22d8a497812420316db62bb485853c78",
+                    "f80065b055f780c8edb11b1871e74970c6abd0b5963966d470d09c060503a843",
+                    "04f0e9827c423864e2f267f2fcfa8d31dbdfbe0d7b92d34f118d8e77b9597528",
+                    "858716274ebe0e1eaffbe79fe3ea0764b2ee48409d42669e5c8e61c3c9831ff9",
+                    "470fc19b55ecb8f7830c57763c22086d45e4bdbccbb410827da20f178d082eb1",
+                    "7069134c0a0b1055a8bf49d54812015b4c4eaf24d638be77ca9c2b53389dffeb",
+                    "3929cfbc0cb9cbe8be50104418169111b8ffdfdc58cf628560c61ea98adc7446",
+                    "6bf293de0f7a6a267278de0d1d9d5b814f24853a0c2c1e5b4ea0406c0762f6f9",
+                    "072276d94f0ff3f700574cc3b84cbc65d41b0eaff2e83a5653edf6ff7fd2e0ba",
+                    "3cb808292a7a81b6ff25d497f25acad1e554d14806492bfefa1c1c7f204d405a",
+                    "7ca67b54493ec1fbf018e6f8da87d6d261ec7fdb9a17cf8327e28ce8c0ab97f4",
+                    "b3c3df072ff1aec9fff5f1b51bc8dcdcb656eeddceeb3c7643ed13d1d6760b4e",
+                    "e344a020eb2b9e8f7849e6190250d881ce7ed68e89b447d47afba5fc34206895",
+                    "ef4ac67eb5d531a8b4a5a54b69e5afcd6a9dc30cfbda86fe571fc0e04af41e1b",
+                    "b3db6584b32bda2b9bb77255ddcd4014e5dfcc1c4d2251d0677033d3a15cfa80",
+                    "e7788132c06de65d834b5639a40606942ef6394b21350ae2fab19254f8f1bc75",
+                    "b6c5eebc72f7f175a7510d760e5aeffbfb77fa7d18cd707c57b47282cefb1b21",
+                    "91c7ff92f3938267720a28e9c995125500aeb78e82714220688d3da95612c15a",
+                    "9b5919486261f6182fca2fe05a6027ffecb0b21f85f8182ad0323983c3e64784",
+                    "16a1a073d93a8d56001a694d04fed70b17019eb244670390c0946104656528f6",
+                    "e2682e27b3ad24b9dadf235adc1e1484fcc1f3ad4127494ae291f729178899dd",
+                    "10ea6c280c20d3567453bda8c2af4794b867ad43d3e9c6e06fea328e8b1d4f5a",
+                    "e9c00348e18aeb045f8e646f38b83c40b78bca943bfa5edba40ecb9e1794c5c3",
+                    "9c4408d9e0a07492ab2995e82e7b9200d78f0243a8f39b6f13adcfde3547611e",
+                    "5cda9d95afad5d7cc4584f8788ff30a2270020b6d4c874589dc4715f5fb166cc",
+                    "bcae3849ba57e0a0fed0f91d6f690361a98e1c5560c2f3144c6746d583cf5381",
+                    "af730f5170933c122bb4e9b8c50c596d150b45d670baba9ab4655e343c835e3d",
+                    "82fafc3ad44adb44bb8f4cc0205915a89b3dee6bfc1c84e4dc6a8b4c9c429e07",
+                    "ba7c302411d29424ac426051a867f8386f6e03abf7b83d385e3f028388dee559",
+                    "9f4c5694e674c829e242955febef9efb130ee87d8bb0caed1961a9cc39cf21ad",
+                    "674937c7fea9937d3157090a4358a53d21b45cf0bbe67b76e5d1adcda87df931",
+                    "48fb31e3268057b2985bfe5455f5fe672169bc27c35b463266bac746af9e31e8",
+                    "f5b90919a1c59edf4148d0d42ac361c8d439b4926956ec5ddc25c9eabb3abc21",
+                    "cf6d5a0dde7159109750880e5ae5595923b0e502e178326344c0bb49a141b5f3",
+                    "91d31331456072dc5dd1c7f8e1a5de4f0c2e22e888a02006e267f76d919ad387",
+                    "b58b29b29b08569ac1e4dc89a41d765a9746a7fd13deebb76d6799e119a7dc81",
+                    "5244ea22ca67d2b4dacfcb7625f4658a4c92a9b5c90eeace1427e71582321e1a",
+                    "e3ec3a1999c935c8dfb4922ed30353be3758696a4d7a336925f3f8b90315cd90",
+                    "e2827ceb2ca75fd7d6d81b031ff89f67ef273b25ad26afcf7218bee92edeba51",
+                    "a498beaab56b3c14562091c0ec732c4c5daeaf13754e9ec6e9b17f8292c9deb0",
+                    "4a86cbb357806bb557b9ef262e458fe051d14a4507f0cd23924b379e0e4f6b48",
+                    "db92a789081585aa07f255036b5a862cf6d0ceb8a8aee45d93aa882db61d35f0",
+                    "c828b4b562816f3a34ccbee1b804665f1aac2f8f487c39e5cecb751541b66713",
+                    "52091dc21ec158cf6d1a3593beb7043d9b95831cb7524b7f537ba13361fe24d5",
+                    "71cbea725d64eb8055a0fb931b75cd3e917adb363af7ebdf12d22d0c149ecc1d",
+                    "69fb5ba180985ff11e747db0bd46b177d9551503da46638ff5586ff90f7a6baf",
+                    "89e73508b4da44c1b92b3c883f7ea4cacc9a689f14b42c6856b946f19b36ee3d",
+                    "9144fa8590d0bfd6b8d2aadcc182e26918c3d530e9cfac5df9ed9c74b49f3622",
+                    "8332cad289db9b2a133817901291d639742a6d17ee7d44694111655941ec2c1d",
+                    "a210d0c79b879908b6b281722caf724f8e02b800ca7cffed17285574b1e73d4a",
+                    "f75e8e0e0c7855400696c4dc9541bcd75a24f27676e9e4acf4146f434166a4b9",
+                    "9bd458840202ac6a3e775d0b5bb14da65560c615a2a7ba6cc01f7b8a7fb75f8c",
+                    "3c84e14224e65aa3a067c7b392e98037fc3672afc21fa02ef3ad3417e58c8e0f",
+                    "8904f02c9115f5ea25a3815595be1ac6d642c646786d053ceec0d17606677c17",
+                    "7440194e0b5ae29993d2f8571c8f7a83c029eeecf251a5e991fcd35e12108f61",
+                    "077d53918dccaae2871aa7b501da372a6673e15b4a4447051852d4e01f581a03",
+                    "5b5a3363903ac2fd810e4e1877ad59ebab5563e2740e4d970bc0c8ba4a471b08",
+                    "f106305a63851987e0f48556e1a61c2fa6035c3b569005761fa2ba0aa3a7c085",
+                    "9c7646c2bc1fbbee103868c7a13b9dd2c1cb29b62950fbf5acc67404b38da9ef",
+                    "575e01491c4d5a08c2a6e60747fc87824397884a187d335f399057f50ba421f5",
+                    "880275a257523f16fb83b540e5e1f4489d751c6684cb6f10a605f76f70b08d3a",
+                    "cca39eebc73390fc408f0070fd31a4fec405b4466c248adc5413bbc4b5b0308c",
+                    "1a2e5b01d2f1150064e73fedcf18de3a90f3950ae6c0a55697b2a87d723bffe2",
+                    "3e05620847484822b3a23a1250863b550732547923e88e14e64b8084bc24c0c6",
+                    "6197022f055da5446b9e6e937373805a3d497fdd4159827e23fc3cff6d26a51b",
+                    "2f8594a39a654c99514983d6dbf367258de39be75294668ac80c2f9b248fd9aa",
+                    "5ac7670fa52909cabebac7345330da2c85311efd3dbe89dd57bcc952c75b58fb",
+                    "572bab030a2a464bf15793e5dd3e2d84b8360e3bb07be0e8d2708e3025b6a2a3",
+                    "51d4c615066be53e24d1c2dc70bd9f5513f15ec615ec6b550945a5650d09035e",
+                    "9bbc0fe8ddcd656cab2b39f146ea8e57cb2496b8777266a528d7af3d5d3ef799",
+                    "9f7eabb50fcd7618c280d5639d6465fa87c3c2580495953f556d57da7242f515",
+                    "112078a290c017e9c56a38a18d57e3507567836c7ecd55a29d43d06d8c4b2e87",
+                    "43fadbcf6b371f33f758f939b8ea7b524ade6a7753b41d7a5b3dad524add560f",
+                    "375d5f6b94dbc0b1bd46e46aae64b6cee43c2459af4a8c51e3bbe36b885cf216",
+                    "659b77581f815a025f1826468979f5fce066e7f2bc91393ee74bd71fbb62cf14",
+                    "dbdb416f2be2761c4acd105b87255e2e7feea28fcb6d77224b5e436eb5e0c492",
+                    "8558d6b9eade8d8efc56573f591d28bd15c09935e955448dae984dbc028ae5d3",
+                    "c03e016df0ddc6fd937a52f97d3cc08b945046481578dfc2489e7208196cb468",
+                    "9772b6f8e9a3a4e3112ca3e5284bb1ee177bbb13fbb724a6e5c9f72801f2a5a6",
+                    "65a2af1decd8c0a9209ce09d7eeb2088ae2007272e3a0ef6cfa90480d0871dba",
+                    "1eac32099ccff0b55a138676e3ac291cb81c0cd2a573d6b5a013acbe5dc83536",
+                    "7815afe50beb666d59454975871bc89711d3be94367a2dc1aeef4d1490e027a8",
+                    "e5b34c78da584739945094d2543da674102a6e32f5d0c3e81923ce7a701ed824",
+                    "f47dd464b5285b40dc39e07e414a6737d0f6289337c7618270fd3a4f53745081",
+                    "1e8935e3c76df325b00eeb5e525ae4329de3ae64c991b9957327411740537b3c",
+                    "a1ff028ab0f1c0abdd2650837afdbc1f28dad905cccb802b7af72e439c6acba4",
+                    "1953ca3ec2aa45a27077b21f7e464f497abfb4f1ae6a75eb62824e414db4c88b",
+                    "3977126c1a8ead71c700e64414dd4a97f1396fa97f6513650f0ae008f66e072f",
+                    "be9755d7de1d78bd2c8bb957c80f199baf9630948b5e9e17eb54fd04a3646290",
+                    "db7e61f78c1334471f801f40e9f1c7b67a2a150b7bb1ea29b716debfc87e0d87",
+                    "3a906ac6fc9c764876f897e70242d3614f988d629d68c35a0b13d1969ceba44a",
+                    "a0afe1c788bc4f1902f409b5c475b2da63166d33794d19ce76fe450c8c3cf0f3",
+                    "f31698233389934cd18eaaed0d7fbafbe3cbe8738d1c493b492a26aa73a9c597",
+                    "e7723943562ecd4c1394fefcd7d0321cd50e26c10d15a8136b3d524d6ee8a33e"
+                ],
+                "mitre_attack_tags": [
+                    "TA0003",
+                    "T1060"
+                ]
+            },
+            {
+                "bi": "imports-IsDebuggerPresent",
+                "hashes": [
+                    "3cb111e6d531ae041de2efeac8587374f59526fa719460ad55faaacfb4936d99",
+                    "712ecbe881c06855b483f0bbeaf7ea17db994363503a54b99cc416116ada4dba",
+                    "56099780e1a7c1df6f8fe7b01f107b46bbe66025d492dfc7e72482dfc735113a",
+                    "0c47e6afcb8c3354a181e8bda0512ca65d7a5b5c0541da879994c787ab4530e1",
+                    "f3d49f47a5ef0861e8c98df6432ab96e4694f406bc892b80f4215d4db54c1a75",
+                    "d833f6e5ff1156e9c836dbc2e00f5d4431bc450a6dc36e4ebfab34a32e3741c0",
+                    "239051885f686e935ca2242165dc592c8e266e5eb72576c80d92a71fb558e83f",
+                    "35d8e52e6d05dadf52f441971bb246d7d15e5a49f33626c91078dd1177d767b5",
+                    "1fbd62875d486e68e80118228cdb356e243f00b0060f7dca195dd734778afa82",
+                    "3b41e6fb3c8ece6117e852bdcdba6b3ef494e7eb502787ac12045fabc3ec5609",
+                    "ca59f8e92dfefba36f5d601ffae6bb4ce3b5f05d1ff6c91d72461f475755d12e",
+                    "b889023e1c702a202486aae5d5ba7b4c22d8a497812420316db62bb485853c78",
+                    "f80065b055f780c8edb11b1871e74970c6abd0b5963966d470d09c060503a843",
+                    "04f0e9827c423864e2f267f2fcfa8d31dbdfbe0d7b92d34f118d8e77b9597528",
+                    "858716274ebe0e1eaffbe79fe3ea0764b2ee48409d42669e5c8e61c3c9831ff9",
+                    "470fc19b55ecb8f7830c57763c22086d45e4bdbccbb410827da20f178d082eb1",
+                    "7069134c0a0b1055a8bf49d54812015b4c4eaf24d638be77ca9c2b53389dffeb",
+                    "3929cfbc0cb9cbe8be50104418169111b8ffdfdc58cf628560c61ea98adc7446",
+                    "6bf293de0f7a6a267278de0d1d9d5b814f24853a0c2c1e5b4ea0406c0762f6f9",
+                    "072276d94f0ff3f700574cc3b84cbc65d41b0eaff2e83a5653edf6ff7fd2e0ba",
+                    "3cb808292a7a81b6ff25d497f25acad1e554d14806492bfefa1c1c7f204d405a",
+                    "7ca67b54493ec1fbf018e6f8da87d6d261ec7fdb9a17cf8327e28ce8c0ab97f4",
+                    "b3c3df072ff1aec9fff5f1b51bc8dcdcb656eeddceeb3c7643ed13d1d6760b4e",
+                    "e344a020eb2b9e8f7849e6190250d881ce7ed68e89b447d47afba5fc34206895",
+                    "ef4ac67eb5d531a8b4a5a54b69e5afcd6a9dc30cfbda86fe571fc0e04af41e1b",
+                    "b3db6584b32bda2b9bb77255ddcd4014e5dfcc1c4d2251d0677033d3a15cfa80",
+                    "e7788132c06de65d834b5639a40606942ef6394b21350ae2fab19254f8f1bc75",
+                    "b6c5eebc72f7f175a7510d760e5aeffbfb77fa7d18cd707c57b47282cefb1b21",
+                    "91c7ff92f3938267720a28e9c995125500aeb78e82714220688d3da95612c15a",
+                    "9b5919486261f6182fca2fe05a6027ffecb0b21f85f8182ad0323983c3e64784",
+                    "16a1a073d93a8d56001a694d04fed70b17019eb244670390c0946104656528f6",
+                    "e2682e27b3ad24b9dadf235adc1e1484fcc1f3ad4127494ae291f729178899dd",
+                    "10ea6c280c20d3567453bda8c2af4794b867ad43d3e9c6e06fea328e8b1d4f5a",
+                    "e9c00348e18aeb045f8e646f38b83c40b78bca943bfa5edba40ecb9e1794c5c3",
+                    "9c4408d9e0a07492ab2995e82e7b9200d78f0243a8f39b6f13adcfde3547611e",
+                    "5cda9d95afad5d7cc4584f8788ff30a2270020b6d4c874589dc4715f5fb166cc",
+                    "bcae3849ba57e0a0fed0f91d6f690361a98e1c5560c2f3144c6746d583cf5381",
+                    "af730f5170933c122bb4e9b8c50c596d150b45d670baba9ab4655e343c835e3d",
+                    "82fafc3ad44adb44bb8f4cc0205915a89b3dee6bfc1c84e4dc6a8b4c9c429e07",
+                    "ba7c302411d29424ac426051a867f8386f6e03abf7b83d385e3f028388dee559",
+                    "9f4c5694e674c829e242955febef9efb130ee87d8bb0caed1961a9cc39cf21ad",
+                    "674937c7fea9937d3157090a4358a53d21b45cf0bbe67b76e5d1adcda87df931",
+                    "48fb31e3268057b2985bfe5455f5fe672169bc27c35b463266bac746af9e31e8",
+                    "f5b90919a1c59edf4148d0d42ac361c8d439b4926956ec5ddc25c9eabb3abc21",
+                    "cf6d5a0dde7159109750880e5ae5595923b0e502e178326344c0bb49a141b5f3",
+                    "91d31331456072dc5dd1c7f8e1a5de4f0c2e22e888a02006e267f76d919ad387",
+                    "b58b29b29b08569ac1e4dc89a41d765a9746a7fd13deebb76d6799e119a7dc81",
+                    "5244ea22ca67d2b4dacfcb7625f4658a4c92a9b5c90eeace1427e71582321e1a",
+                    "e3ec3a1999c935c8dfb4922ed30353be3758696a4d7a336925f3f8b90315cd90",
+                    "e2827ceb2ca75fd7d6d81b031ff89f67ef273b25ad26afcf7218bee92edeba51",
+                    "a498beaab56b3c14562091c0ec732c4c5daeaf13754e9ec6e9b17f8292c9deb0",
+                    "4a86cbb357806bb557b9ef262e458fe051d14a4507f0cd23924b379e0e4f6b48",
+                    "db92a789081585aa07f255036b5a862cf6d0ceb8a8aee45d93aa882db61d35f0",
+                    "c828b4b562816f3a34ccbee1b804665f1aac2f8f487c39e5cecb751541b66713",
+                    "52091dc21ec158cf6d1a3593beb7043d9b95831cb7524b7f537ba13361fe24d5",
+                    "71cbea725d64eb8055a0fb931b75cd3e917adb363af7ebdf12d22d0c149ecc1d",
+                    "69fb5ba180985ff11e747db0bd46b177d9551503da46638ff5586ff90f7a6baf",
+                    "89e73508b4da44c1b92b3c883f7ea4cacc9a689f14b42c6856b946f19b36ee3d",
+                    "9144fa8590d0bfd6b8d2aadcc182e26918c3d530e9cfac5df9ed9c74b49f3622",
+                    "8332cad289db9b2a133817901291d639742a6d17ee7d44694111655941ec2c1d",
+                    "a210d0c79b879908b6b281722caf724f8e02b800ca7cffed17285574b1e73d4a",
+                    "f75e8e0e0c7855400696c4dc9541bcd75a24f27676e9e4acf4146f434166a4b9",
+                    "9bd458840202ac6a3e775d0b5bb14da65560c615a2a7ba6cc01f7b8a7fb75f8c",
+                    "3c84e14224e65aa3a067c7b392e98037fc3672afc21fa02ef3ad3417e58c8e0f",
+                    "8904f02c9115f5ea25a3815595be1ac6d642c646786d053ceec0d17606677c17",
+                    "7440194e0b5ae29993d2f8571c8f7a83c029eeecf251a5e991fcd35e12108f61",
+                    "077d53918dccaae2871aa7b501da372a6673e15b4a4447051852d4e01f581a03",
+                    "5b5a3363903ac2fd810e4e1877ad59ebab5563e2740e4d970bc0c8ba4a471b08",
+                    "f106305a63851987e0f48556e1a61c2fa6035c3b569005761fa2ba0aa3a7c085",
+                    "9c7646c2bc1fbbee103868c7a13b9dd2c1cb29b62950fbf5acc67404b38da9ef",
+                    "575e01491c4d5a08c2a6e60747fc87824397884a187d335f399057f50ba421f5",
+                    "880275a257523f16fb83b540e5e1f4489d751c6684cb6f10a605f76f70b08d3a",
+                    "cca39eebc73390fc408f0070fd31a4fec405b4466c248adc5413bbc4b5b0308c",
+                    "1a2e5b01d2f1150064e73fedcf18de3a90f3950ae6c0a55697b2a87d723bffe2",
+                    "3e05620847484822b3a23a1250863b550732547923e88e14e64b8084bc24c0c6",
+                    "6197022f055da5446b9e6e937373805a3d497fdd4159827e23fc3cff6d26a51b",
+                    "2f8594a39a654c99514983d6dbf367258de39be75294668ac80c2f9b248fd9aa",
+                    "5ac7670fa52909cabebac7345330da2c85311efd3dbe89dd57bcc952c75b58fb",
+                    "572bab030a2a464bf15793e5dd3e2d84b8360e3bb07be0e8d2708e3025b6a2a3",
+                    "51d4c615066be53e24d1c2dc70bd9f5513f15ec615ec6b550945a5650d09035e",
+                    "9bbc0fe8ddcd656cab2b39f146ea8e57cb2496b8777266a528d7af3d5d3ef799",
+                    "9f7eabb50fcd7618c280d5639d6465fa87c3c2580495953f556d57da7242f515",
+                    "112078a290c017e9c56a38a18d57e3507567836c7ecd55a29d43d06d8c4b2e87",
+                    "43fadbcf6b371f33f758f939b8ea7b524ade6a7753b41d7a5b3dad524add560f",
+                    "375d5f6b94dbc0b1bd46e46aae64b6cee43c2459af4a8c51e3bbe36b885cf216",
+                    "659b77581f815a025f1826468979f5fce066e7f2bc91393ee74bd71fbb62cf14",
+                    "dbdb416f2be2761c4acd105b87255e2e7feea28fcb6d77224b5e436eb5e0c492",
+                    "8558d6b9eade8d8efc56573f591d28bd15c09935e955448dae984dbc028ae5d3",
+                    "c03e016df0ddc6fd937a52f97d3cc08b945046481578dfc2489e7208196cb468",
+                    "9772b6f8e9a3a4e3112ca3e5284bb1ee177bbb13fbb724a6e5c9f72801f2a5a6",
+                    "65a2af1decd8c0a9209ce09d7eeb2088ae2007272e3a0ef6cfa90480d0871dba",
+                    "1eac32099ccff0b55a138676e3ac291cb81c0cd2a573d6b5a013acbe5dc83536",
+                    "7815afe50beb666d59454975871bc89711d3be94367a2dc1aeef4d1490e027a8",
+                    "e5b34c78da584739945094d2543da674102a6e32f5d0c3e81923ce7a701ed824",
+                    "f47dd464b5285b40dc39e07e414a6737d0f6289337c7618270fd3a4f53745081",
+                    "1e8935e3c76df325b00eeb5e525ae4329de3ae64c991b9957327411740537b3c",
+                    "a1ff028ab0f1c0abdd2650837afdbc1f28dad905cccb802b7af72e439c6acba4",
+                    "1953ca3ec2aa45a27077b21f7e464f497abfb4f1ae6a75eb62824e414db4c88b",
+                    "3977126c1a8ead71c700e64414dd4a97f1396fa97f6513650f0ae008f66e072f",
+                    "be9755d7de1d78bd2c8bb957c80f199baf9630948b5e9e17eb54fd04a3646290",
+                    "db7e61f78c1334471f801f40e9f1c7b67a2a150b7bb1ea29b716debfc87e0d87",
+                    "3a906ac6fc9c764876f897e70242d3614f988d629d68c35a0b13d1969ceba44a",
+                    "a0afe1c788bc4f1902f409b5c475b2da63166d33794d19ce76fe450c8c3cf0f3",
+                    "f31698233389934cd18eaaed0d7fbafbe3cbe8738d1c493b492a26aa73a9c597",
+                    "e7723943562ecd4c1394fefcd7d0321cd50e26c10d15a8136b3d524d6ee8a33e"
+                ],
+                "mitre_attack_tags": []
+            },
+            {
+                "bi": "malware-compound-cta-activity",
+                "hashes": [
+                    "3cb111e6d531ae041de2efeac8587374f59526fa719460ad55faaacfb4936d99",
+                    "712ecbe881c06855b483f0bbeaf7ea17db994363503a54b99cc416116ada4dba",
+                    "56099780e1a7c1df6f8fe7b01f107b46bbe66025d492dfc7e72482dfc735113a",
+                    "0c47e6afcb8c3354a181e8bda0512ca65d7a5b5c0541da879994c787ab4530e1",
+                    "f3d49f47a5ef0861e8c98df6432ab96e4694f406bc892b80f4215d4db54c1a75",
+                    "d833f6e5ff1156e9c836dbc2e00f5d4431bc450a6dc36e4ebfab34a32e3741c0",
+                    "239051885f686e935ca2242165dc592c8e266e5eb72576c80d92a71fb558e83f",
+                    "35d8e52e6d05dadf52f441971bb246d7d15e5a49f33626c91078dd1177d767b5",
+                    "1fbd62875d486e68e80118228cdb356e243f00b0060f7dca195dd734778afa82",
+                    "3b41e6fb3c8ece6117e852bdcdba6b3ef494e7eb502787ac12045fabc3ec5609",
+                    "ca59f8e92dfefba36f5d601ffae6bb4ce3b5f05d1ff6c91d72461f475755d12e",
+                    "b889023e1c702a202486aae5d5ba7b4c22d8a497812420316db62bb485853c78",
+                    "f80065b055f780c8edb11b1871e74970c6abd0b5963966d470d09c060503a843",
+                    "04f0e9827c423864e2f267f2fcfa8d31dbdfbe0d7b92d34f118d8e77b9597528",
+                    "858716274ebe0e1eaffbe79fe3ea0764b2ee48409d42669e5c8e61c3c9831ff9",
+                    "470fc19b55ecb8f7830c57763c22086d45e4bdbccbb410827da20f178d082eb1",
+                    "7069134c0a0b1055a8bf49d54812015b4c4eaf24d638be77ca9c2b53389dffeb",
+                    "3929cfbc0cb9cbe8be50104418169111b8ffdfdc58cf628560c61ea98adc7446",
+                    "6bf293de0f7a6a267278de0d1d9d5b814f24853a0c2c1e5b4ea0406c0762f6f9",
+                    "072276d94f0ff3f700574cc3b84cbc65d41b0eaff2e83a5653edf6ff7fd2e0ba",
+                    "3cb808292a7a81b6ff25d497f25acad1e554d14806492bfefa1c1c7f204d405a",
+                    "7ca67b54493ec1fbf018e6f8da87d6d261ec7fdb9a17cf8327e28ce8c0ab97f4",
+                    "b3c3df072ff1aec9fff5f1b51bc8dcdcb656eeddceeb3c7643ed13d1d6760b4e",
+                    "e344a020eb2b9e8f7849e6190250d881ce7ed68e89b447d47afba5fc34206895",
+                    "ef4ac67eb5d531a8b4a5a54b69e5afcd6a9dc30cfbda86fe571fc0e04af41e1b",
+                    "b3db6584b32bda2b9bb77255ddcd4014e5dfcc1c4d2251d0677033d3a15cfa80",
+                    "e7788132c06de65d834b5639a40606942ef6394b21350ae2fab19254f8f1bc75",
+                    "b6c5eebc72f7f175a7510d760e5aeffbfb77fa7d18cd707c57b47282cefb1b21",
+                    "91c7ff92f3938267720a28e9c995125500aeb78e82714220688d3da95612c15a",
+                    "9b5919486261f6182fca2fe05a6027ffecb0b21f85f8182ad0323983c3e64784",
+                    "16a1a073d93a8d56001a694d04fed70b17019eb244670390c0946104656528f6",
+                    "e2682e27b3ad24b9dadf235adc1e1484fcc1f3ad4127494ae291f729178899dd",
+                    "10ea6c280c20d3567453bda8c2af4794b867ad43d3e9c6e06fea328e8b1d4f5a",
+                    "e9c00348e18aeb045f8e646f38b83c40b78bca943bfa5edba40ecb9e1794c5c3",
+                    "9c4408d9e0a07492ab2995e82e7b9200d78f0243a8f39b6f13adcfde3547611e",
+                    "5cda9d95afad5d7cc4584f8788ff30a2270020b6d4c874589dc4715f5fb166cc",
+                    "bcae3849ba57e0a0fed0f91d6f690361a98e1c5560c2f3144c6746d583cf5381",
+                    "af730f5170933c122bb4e9b8c50c596d150b45d670baba9ab4655e343c835e3d",
+                    "82fafc3ad44adb44bb8f4cc0205915a89b3dee6bfc1c84e4dc6a8b4c9c429e07",
+                    "ba7c302411d29424ac426051a867f8386f6e03abf7b83d385e3f028388dee559",
+                    "9f4c5694e674c829e242955febef9efb130ee87d8bb0caed1961a9cc39cf21ad",
+                    "674937c7fea9937d3157090a4358a53d21b45cf0bbe67b76e5d1adcda87df931",
+                    "48fb31e3268057b2985bfe5455f5fe672169bc27c35b463266bac746af9e31e8",
+                    "f5b90919a1c59edf4148d0d42ac361c8d439b4926956ec5ddc25c9eabb3abc21",
+                    "cf6d5a0dde7159109750880e5ae5595923b0e502e178326344c0bb49a141b5f3",
+                    "91d31331456072dc5dd1c7f8e1a5de4f0c2e22e888a02006e267f76d919ad387",
+                    "b58b29b29b08569ac1e4dc89a41d765a9746a7fd13deebb76d6799e119a7dc81",
+                    "5244ea22ca67d2b4dacfcb7625f4658a4c92a9b5c90eeace1427e71582321e1a",
+                    "e3ec3a1999c935c8dfb4922ed30353be3758696a4d7a336925f3f8b90315cd90",
+                    "e2827ceb2ca75fd7d6d81b031ff89f67ef273b25ad26afcf7218bee92edeba51",
+                    "a498beaab56b3c14562091c0ec732c4c5daeaf13754e9ec6e9b17f8292c9deb0",
+                    "4a86cbb357806bb557b9ef262e458fe051d14a4507f0cd23924b379e0e4f6b48",
+                    "db92a789081585aa07f255036b5a862cf6d0ceb8a8aee45d93aa882db61d35f0",
+                    "c828b4b562816f3a34ccbee1b804665f1aac2f8f487c39e5cecb751541b66713",
+                    "52091dc21ec158cf6d1a3593beb7043d9b95831cb7524b7f537ba13361fe24d5",
+                    "71cbea725d64eb8055a0fb931b75cd3e917adb363af7ebdf12d22d0c149ecc1d",
+                    "69fb5ba180985ff11e747db0bd46b177d9551503da46638ff5586ff90f7a6baf",
+                    "89e73508b4da44c1b92b3c883f7ea4cacc9a689f14b42c6856b946f19b36ee3d",
+                    "9144fa8590d0bfd6b8d2aadcc182e26918c3d530e9cfac5df9ed9c74b49f3622",
+                    "8332cad289db9b2a133817901291d639742a6d17ee7d44694111655941ec2c1d",
+                    "a210d0c79b879908b6b281722caf724f8e02b800ca7cffed17285574b1e73d4a",
+                    "f75e8e0e0c7855400696c4dc9541bcd75a24f27676e9e4acf4146f434166a4b9",
+                    "9bd458840202ac6a3e775d0b5bb14da65560c615a2a7ba6cc01f7b8a7fb75f8c",
+                    "3c84e14224e65aa3a067c7b392e98037fc3672afc21fa02ef3ad3417e58c8e0f",
+                    "8904f02c9115f5ea25a3815595be1ac6d642c646786d053ceec0d17606677c17",
+                    "7440194e0b5ae29993d2f8571c8f7a83c029eeecf251a5e991fcd35e12108f61",
+                    "077d53918dccaae2871aa7b501da372a6673e15b4a4447051852d4e01f581a03",
+                    "5b5a3363903ac2fd810e4e1877ad59ebab5563e2740e4d970bc0c8ba4a471b08",
+                    "f106305a63851987e0f48556e1a61c2fa6035c3b569005761fa2ba0aa3a7c085",
+                    "9c7646c2bc1fbbee103868c7a13b9dd2c1cb29b62950fbf5acc67404b38da9ef",
+                    "575e01491c4d5a08c2a6e60747fc87824397884a187d335f399057f50ba421f5",
+                    "880275a257523f16fb83b540e5e1f4489d751c6684cb6f10a605f76f70b08d3a",
+                    "cca39eebc73390fc408f0070fd31a4fec405b4466c248adc5413bbc4b5b0308c",
+                    "1a2e5b01d2f1150064e73fedcf18de3a90f3950ae6c0a55697b2a87d723bffe2",
+                    "3e05620847484822b3a23a1250863b550732547923e88e14e64b8084bc24c0c6",
+                    "6197022f055da5446b9e6e937373805a3d497fdd4159827e23fc3cff6d26a51b",
+                    "2f8594a39a654c99514983d6dbf367258de39be75294668ac80c2f9b248fd9aa",
+                    "5ac7670fa52909cabebac7345330da2c85311efd3dbe89dd57bcc952c75b58fb",
+                    "572bab030a2a464bf15793e5dd3e2d84b8360e3bb07be0e8d2708e3025b6a2a3",
+                    "51d4c615066be53e24d1c2dc70bd9f5513f15ec615ec6b550945a5650d09035e",
+                    "9bbc0fe8ddcd656cab2b39f146ea8e57cb2496b8777266a528d7af3d5d3ef799",
+                    "9f7eabb50fcd7618c280d5639d6465fa87c3c2580495953f556d57da7242f515",
+                    "112078a290c017e9c56a38a18d57e3507567836c7ecd55a29d43d06d8c4b2e87",
+                    "43fadbcf6b371f33f758f939b8ea7b524ade6a7753b41d7a5b3dad524add560f",
+                    "375d5f6b94dbc0b1bd46e46aae64b6cee43c2459af4a8c51e3bbe36b885cf216",
+                    "659b77581f815a025f1826468979f5fce066e7f2bc91393ee74bd71fbb62cf14",
+                    "dbdb416f2be2761c4acd105b87255e2e7feea28fcb6d77224b5e436eb5e0c492",
+                    "8558d6b9eade8d8efc56573f591d28bd15c09935e955448dae984dbc028ae5d3",
+                    "c03e016df0ddc6fd937a52f97d3cc08b945046481578dfc2489e7208196cb468",
+                    "9772b6f8e9a3a4e3112ca3e5284bb1ee177bbb13fbb724a6e5c9f72801f2a5a6",
+                    "65a2af1decd8c0a9209ce09d7eeb2088ae2007272e3a0ef6cfa90480d0871dba",
+                    "1eac32099ccff0b55a138676e3ac291cb81c0cd2a573d6b5a013acbe5dc83536",
+                    "7815afe50beb666d59454975871bc89711d3be94367a2dc1aeef4d1490e027a8",
+                    "e5b34c78da584739945094d2543da674102a6e32f5d0c3e81923ce7a701ed824",
+                    "f47dd464b5285b40dc39e07e414a6737d0f6289337c7618270fd3a4f53745081",
+                    "1e8935e3c76df325b00eeb5e525ae4329de3ae64c991b9957327411740537b3c",
+                    "a1ff028ab0f1c0abdd2650837afdbc1f28dad905cccb802b7af72e439c6acba4",
+                    "1953ca3ec2aa45a27077b21f7e464f497abfb4f1ae6a75eb62824e414db4c88b",
+                    "3977126c1a8ead71c700e64414dd4a97f1396fa97f6513650f0ae008f66e072f",
+                    "be9755d7de1d78bd2c8bb957c80f199baf9630948b5e9e17eb54fd04a3646290",
+                    "db7e61f78c1334471f801f40e9f1c7b67a2a150b7bb1ea29b716debfc87e0d87",
+                    "3a906ac6fc9c764876f897e70242d3614f988d629d68c35a0b13d1969ceba44a",
+                    "a0afe1c788bc4f1902f409b5c475b2da63166d33794d19ce76fe450c8c3cf0f3",
+                    "f31698233389934cd18eaaed0d7fbafbe3cbe8738d1c493b492a26aa73a9c597",
+                    "e7723943562ecd4c1394fefcd7d0321cd50e26c10d15a8136b3d524d6ee8a33e"
+                ],
+                "mitre_attack_tags": []
+            },
+            {
+                "bi": "malware-kuluoz-mutex",
+                "hashes": [
+                    "3cb111e6d531ae041de2efeac8587374f59526fa719460ad55faaacfb4936d99",
+                    "712ecbe881c06855b483f0bbeaf7ea17db994363503a54b99cc416116ada4dba",
+                    "56099780e1a7c1df6f8fe7b01f107b46bbe66025d492dfc7e72482dfc735113a",
+                    "0c47e6afcb8c3354a181e8bda0512ca65d7a5b5c0541da879994c787ab4530e1",
+                    "f3d49f47a5ef0861e8c98df6432ab96e4694f406bc892b80f4215d4db54c1a75",
+                    "d833f6e5ff1156e9c836dbc2e00f5d4431bc450a6dc36e4ebfab34a32e3741c0",
+                    "239051885f686e935ca2242165dc592c8e266e5eb72576c80d92a71fb558e83f",
+                    "35d8e52e6d05dadf52f441971bb246d7d15e5a49f33626c91078dd1177d767b5",
+                    "1fbd62875d486e68e80118228cdb356e243f00b0060f7dca195dd734778afa82",
+                    "3b41e6fb3c8ece6117e852bdcdba6b3ef494e7eb502787ac12045fabc3ec5609",
+                    "ca59f8e92dfefba36f5d601ffae6bb4ce3b5f05d1ff6c91d72461f475755d12e",
+                    "b889023e1c702a202486aae5d5ba7b4c22d8a497812420316db62bb485853c78",
+                    "f80065b055f780c8edb11b1871e74970c6abd0b5963966d470d09c060503a843",
+                    "04f0e9827c423864e2f267f2fcfa8d31dbdfbe0d7b92d34f118d8e77b9597528",
+                    "858716274ebe0e1eaffbe79fe3ea0764b2ee48409d42669e5c8e61c3c9831ff9",
+                    "470fc19b55ecb8f7830c57763c22086d45e4bdbccbb410827da20f178d082eb1",
+                    "7069134c0a0b1055a8bf49d54812015b4c4eaf24d638be77ca9c2b53389dffeb",
+                    "3929cfbc0cb9cbe8be50104418169111b8ffdfdc58cf628560c61ea98adc7446",
+                    "6bf293de0f7a6a267278de0d1d9d5b814f24853a0c2c1e5b4ea0406c0762f6f9",
+                    "072276d94f0ff3f700574cc3b84cbc65d41b0eaff2e83a5653edf6ff7fd2e0ba",
+                    "3cb808292a7a81b6ff25d497f25acad1e554d14806492bfefa1c1c7f204d405a",
+                    "7ca67b54493ec1fbf018e6f8da87d6d261ec7fdb9a17cf8327e28ce8c0ab97f4",
+                    "b3c3df072ff1aec9fff5f1b51bc8dcdcb656eeddceeb3c7643ed13d1d6760b4e",
+                    "e344a020eb2b9e8f7849e6190250d881ce7ed68e89b447d47afba5fc34206895",
+                    "ef4ac67eb5d531a8b4a5a54b69e5afcd6a9dc30cfbda86fe571fc0e04af41e1b",
+                    "b3db6584b32bda2b9bb77255ddcd4014e5dfcc1c4d2251d0677033d3a15cfa80",
+                    "e7788132c06de65d834b5639a40606942ef6394b21350ae2fab19254f8f1bc75",
+                    "b6c5eebc72f7f175a7510d760e5aeffbfb77fa7d18cd707c57b47282cefb1b21",
+                    "91c7ff92f3938267720a28e9c995125500aeb78e82714220688d3da95612c15a",
+                    "9b5919486261f6182fca2fe05a6027ffecb0b21f85f8182ad0323983c3e64784",
+                    "16a1a073d93a8d56001a694d04fed70b17019eb244670390c0946104656528f6",
+                    "e2682e27b3ad24b9dadf235adc1e1484fcc1f3ad4127494ae291f729178899dd",
+                    "10ea6c280c20d3567453bda8c2af4794b867ad43d3e9c6e06fea328e8b1d4f5a",
+                    "e9c00348e18aeb045f8e646f38b83c40b78bca943bfa5edba40ecb9e1794c5c3",
+                    "9c4408d9e0a07492ab2995e82e7b9200d78f0243a8f39b6f13adcfde3547611e",
+                    "5cda9d95afad5d7cc4584f8788ff30a2270020b6d4c874589dc4715f5fb166cc",
+                    "bcae3849ba57e0a0fed0f91d6f690361a98e1c5560c2f3144c6746d583cf5381",
+                    "af730f5170933c122bb4e9b8c50c596d150b45d670baba9ab4655e343c835e3d",
+                    "82fafc3ad44adb44bb8f4cc0205915a89b3dee6bfc1c84e4dc6a8b4c9c429e07",
+                    "ba7c302411d29424ac426051a867f8386f6e03abf7b83d385e3f028388dee559",
+                    "9f4c5694e674c829e242955febef9efb130ee87d8bb0caed1961a9cc39cf21ad",
+                    "674937c7fea9937d3157090a4358a53d21b45cf0bbe67b76e5d1adcda87df931",
+                    "48fb31e3268057b2985bfe5455f5fe672169bc27c35b463266bac746af9e31e8",
+                    "f5b90919a1c59edf4148d0d42ac361c8d439b4926956ec5ddc25c9eabb3abc21",
+                    "cf6d5a0dde7159109750880e5ae5595923b0e502e178326344c0bb49a141b5f3",
+                    "91d31331456072dc5dd1c7f8e1a5de4f0c2e22e888a02006e267f76d919ad387",
+                    "b58b29b29b08569ac1e4dc89a41d765a9746a7fd13deebb76d6799e119a7dc81",
+                    "5244ea22ca67d2b4dacfcb7625f4658a4c92a9b5c90eeace1427e71582321e1a",
+                    "e3ec3a1999c935c8dfb4922ed30353be3758696a4d7a336925f3f8b90315cd90",
+                    "e2827ceb2ca75fd7d6d81b031ff89f67ef273b25ad26afcf7218bee92edeba51",
+                    "a498beaab56b3c14562091c0ec732c4c5daeaf13754e9ec6e9b17f8292c9deb0",
+                    "4a86cbb357806bb557b9ef262e458fe051d14a4507f0cd23924b379e0e4f6b48",
+                    "db92a789081585aa07f255036b5a862cf6d0ceb8a8aee45d93aa882db61d35f0",
+                    "c828b4b562816f3a34ccbee1b804665f1aac2f8f487c39e5cecb751541b66713",
+                    "52091dc21ec158cf6d1a3593beb7043d9b95831cb7524b7f537ba13361fe24d5",
+                    "71cbea725d64eb8055a0fb931b75cd3e917adb363af7ebdf12d22d0c149ecc1d",
+                    "69fb5ba180985ff11e747db0bd46b177d9551503da46638ff5586ff90f7a6baf",
+                    "89e73508b4da44c1b92b3c883f7ea4cacc9a689f14b42c6856b946f19b36ee3d",
+                    "9144fa8590d0bfd6b8d2aadcc182e26918c3d530e9cfac5df9ed9c74b49f3622",
+                    "8332cad289db9b2a133817901291d639742a6d17ee7d44694111655941ec2c1d",
+                    "a210d0c79b879908b6b281722caf724f8e02b800ca7cffed17285574b1e73d4a",
+                    "f75e8e0e0c7855400696c4dc9541bcd75a24f27676e9e4acf4146f434166a4b9",
+                    "9bd458840202ac6a3e775d0b5bb14da65560c615a2a7ba6cc01f7b8a7fb75f8c",
+                    "3c84e14224e65aa3a067c7b392e98037fc3672afc21fa02ef3ad3417e58c8e0f",
+                    "8904f02c9115f5ea25a3815595be1ac6d642c646786d053ceec0d17606677c17",
+                    "7440194e0b5ae29993d2f8571c8f7a83c029eeecf251a5e991fcd35e12108f61",
+                    "077d53918dccaae2871aa7b501da372a6673e15b4a4447051852d4e01f581a03",
+                    "5b5a3363903ac2fd810e4e1877ad59ebab5563e2740e4d970bc0c8ba4a471b08",
+                    "f106305a63851987e0f48556e1a61c2fa6035c3b569005761fa2ba0aa3a7c085",
+                    "9c7646c2bc1fbbee103868c7a13b9dd2c1cb29b62950fbf5acc67404b38da9ef",
+                    "575e01491c4d5a08c2a6e60747fc87824397884a187d335f399057f50ba421f5",
+                    "880275a257523f16fb83b540e5e1f4489d751c6684cb6f10a605f76f70b08d3a",
+                    "cca39eebc73390fc408f0070fd31a4fec405b4466c248adc5413bbc4b5b0308c",
+                    "1a2e5b01d2f1150064e73fedcf18de3a90f3950ae6c0a55697b2a87d723bffe2",
+                    "3e05620847484822b3a23a1250863b550732547923e88e14e64b8084bc24c0c6",
+                    "6197022f055da5446b9e6e937373805a3d497fdd4159827e23fc3cff6d26a51b",
+                    "2f8594a39a654c99514983d6dbf367258de39be75294668ac80c2f9b248fd9aa",
+                    "5ac7670fa52909cabebac7345330da2c85311efd3dbe89dd57bcc952c75b58fb",
+                    "572bab030a2a464bf15793e5dd3e2d84b8360e3bb07be0e8d2708e3025b6a2a3",
+                    "51d4c615066be53e24d1c2dc70bd9f5513f15ec615ec6b550945a5650d09035e",
+                    "9bbc0fe8ddcd656cab2b39f146ea8e57cb2496b8777266a528d7af3d5d3ef799",
+                    "9f7eabb50fcd7618c280d5639d6465fa87c3c2580495953f556d57da7242f515",
+                    "112078a290c017e9c56a38a18d57e3507567836c7ecd55a29d43d06d8c4b2e87",
+                    "43fadbcf6b371f33f758f939b8ea7b524ade6a7753b41d7a5b3dad524add560f",
+                    "375d5f6b94dbc0b1bd46e46aae64b6cee43c2459af4a8c51e3bbe36b885cf216",
+                    "659b77581f815a025f1826468979f5fce066e7f2bc91393ee74bd71fbb62cf14",
+                    "dbdb416f2be2761c4acd105b87255e2e7feea28fcb6d77224b5e436eb5e0c492",
+                    "8558d6b9eade8d8efc56573f591d28bd15c09935e955448dae984dbc028ae5d3",
+                    "c03e016df0ddc6fd937a52f97d3cc08b945046481578dfc2489e7208196cb468",
+                    "9772b6f8e9a3a4e3112ca3e5284bb1ee177bbb13fbb724a6e5c9f72801f2a5a6",
+                    "65a2af1decd8c0a9209ce09d7eeb2088ae2007272e3a0ef6cfa90480d0871dba",
+                    "1eac32099ccff0b55a138676e3ac291cb81c0cd2a573d6b5a013acbe5dc83536",
+                    "7815afe50beb666d59454975871bc89711d3be94367a2dc1aeef4d1490e027a8",
+                    "e5b34c78da584739945094d2543da674102a6e32f5d0c3e81923ce7a701ed824",
+                    "f47dd464b5285b40dc39e07e414a6737d0f6289337c7618270fd3a4f53745081",
+                    "1e8935e3c76df325b00eeb5e525ae4329de3ae64c991b9957327411740537b3c",
+                    "a1ff028ab0f1c0abdd2650837afdbc1f28dad905cccb802b7af72e439c6acba4",
+                    "1953ca3ec2aa45a27077b21f7e464f497abfb4f1ae6a75eb62824e414db4c88b",
+                    "3977126c1a8ead71c700e64414dd4a97f1396fa97f6513650f0ae008f66e072f",
+                    "be9755d7de1d78bd2c8bb957c80f199baf9630948b5e9e17eb54fd04a3646290",
+                    "db7e61f78c1334471f801f40e9f1c7b67a2a150b7bb1ea29b716debfc87e0d87",
+                    "3a906ac6fc9c764876f897e70242d3614f988d629d68c35a0b13d1969ceba44a",
+                    "a0afe1c788bc4f1902f409b5c475b2da63166d33794d19ce76fe450c8c3cf0f3",
+                    "f31698233389934cd18eaaed0d7fbafbe3cbe8738d1c493b492a26aa73a9c597",
+                    "e7723943562ecd4c1394fefcd7d0321cd50e26c10d15a8136b3d524d6ee8a33e"
+                ],
+                "mitre_attack_tags": []
+            }
+        ],
+        "category": "Dropper",
+        "coverage": {
+            "AMP": true,
+            "CWS": true,
+            "Cloudlock": false,
+            "Email Security": true,
+            "Network Security": false,
+            "Threat Grid": true,
+            "Umbrella": false,
+            "WSA": false
+        },
+        "description": "Kuluoz, sometimes known as \"Asprox,\" is a modular remote access trojan that is also known to download and execute follow-on malware, such as fake antivirus software. Kuluoz is often delivered via spam emails pretending to be shipment delivery notifications or flight booking confirmations.",
+        "hashes": [
+            "04f0e9827c423864e2f267f2fcfa8d31dbdfbe0d7b92d34f118d8e77b9597528",
+            "072276d94f0ff3f700574cc3b84cbc65d41b0eaff2e83a5653edf6ff7fd2e0ba",
+            "077d53918dccaae2871aa7b501da372a6673e15b4a4447051852d4e01f581a03",
+            "0c47e6afcb8c3354a181e8bda0512ca65d7a5b5c0541da879994c787ab4530e1",
+            "10ea6c280c20d3567453bda8c2af4794b867ad43d3e9c6e06fea328e8b1d4f5a",
+            "112078a290c017e9c56a38a18d57e3507567836c7ecd55a29d43d06d8c4b2e87",
+            "16a1a073d93a8d56001a694d04fed70b17019eb244670390c0946104656528f6",
+            "1953ca3ec2aa45a27077b21f7e464f497abfb4f1ae6a75eb62824e414db4c88b",
+            "1a2e5b01d2f1150064e73fedcf18de3a90f3950ae6c0a55697b2a87d723bffe2",
+            "1e8935e3c76df325b00eeb5e525ae4329de3ae64c991b9957327411740537b3c",
+            "1eac32099ccff0b55a138676e3ac291cb81c0cd2a573d6b5a013acbe5dc83536",
+            "1fbd62875d486e68e80118228cdb356e243f00b0060f7dca195dd734778afa82",
+            "239051885f686e935ca2242165dc592c8e266e5eb72576c80d92a71fb558e83f",
+            "2f8594a39a654c99514983d6dbf367258de39be75294668ac80c2f9b248fd9aa",
+            "35d8e52e6d05dadf52f441971bb246d7d15e5a49f33626c91078dd1177d767b5",
+            "375d5f6b94dbc0b1bd46e46aae64b6cee43c2459af4a8c51e3bbe36b885cf216",
+            "3929cfbc0cb9cbe8be50104418169111b8ffdfdc58cf628560c61ea98adc7446",
+            "3977126c1a8ead71c700e64414dd4a97f1396fa97f6513650f0ae008f66e072f",
+            "3a906ac6fc9c764876f897e70242d3614f988d629d68c35a0b13d1969ceba44a",
+            "3b41e6fb3c8ece6117e852bdcdba6b3ef494e7eb502787ac12045fabc3ec5609",
+            "3c84e14224e65aa3a067c7b392e98037fc3672afc21fa02ef3ad3417e58c8e0f",
+            "3cb111e6d531ae041de2efeac8587374f59526fa719460ad55faaacfb4936d99",
+            "3cb808292a7a81b6ff25d497f25acad1e554d14806492bfefa1c1c7f204d405a",
+            "3e05620847484822b3a23a1250863b550732547923e88e14e64b8084bc24c0c6",
+            "43fadbcf6b371f33f758f939b8ea7b524ade6a7753b41d7a5b3dad524add560f",
+            "470fc19b55ecb8f7830c57763c22086d45e4bdbccbb410827da20f178d082eb1",
+            "48fb31e3268057b2985bfe5455f5fe672169bc27c35b463266bac746af9e31e8",
+            "4a86cbb357806bb557b9ef262e458fe051d14a4507f0cd23924b379e0e4f6b48",
+            "51d4c615066be53e24d1c2dc70bd9f5513f15ec615ec6b550945a5650d09035e",
+            "52091dc21ec158cf6d1a3593beb7043d9b95831cb7524b7f537ba13361fe24d5",
+            "5244ea22ca67d2b4dacfcb7625f4658a4c92a9b5c90eeace1427e71582321e1a",
+            "56099780e1a7c1df6f8fe7b01f107b46bbe66025d492dfc7e72482dfc735113a",
+            "572bab030a2a464bf15793e5dd3e2d84b8360e3bb07be0e8d2708e3025b6a2a3",
+            "575e01491c4d5a08c2a6e60747fc87824397884a187d335f399057f50ba421f5",
+            "5ac7670fa52909cabebac7345330da2c85311efd3dbe89dd57bcc952c75b58fb",
+            "5b5a3363903ac2fd810e4e1877ad59ebab5563e2740e4d970bc0c8ba4a471b08",
+            "5cda9d95afad5d7cc4584f8788ff30a2270020b6d4c874589dc4715f5fb166cc",
+            "6197022f055da5446b9e6e937373805a3d497fdd4159827e23fc3cff6d26a51b",
+            "659b77581f815a025f1826468979f5fce066e7f2bc91393ee74bd71fbb62cf14",
+            "65a2af1decd8c0a9209ce09d7eeb2088ae2007272e3a0ef6cfa90480d0871dba",
+            "674937c7fea9937d3157090a4358a53d21b45cf0bbe67b76e5d1adcda87df931",
+            "69fb5ba180985ff11e747db0bd46b177d9551503da46638ff5586ff90f7a6baf",
+            "6bf293de0f7a6a267278de0d1d9d5b814f24853a0c2c1e5b4ea0406c0762f6f9",
+            "7069134c0a0b1055a8bf49d54812015b4c4eaf24d638be77ca9c2b53389dffeb",
+            "712ecbe881c06855b483f0bbeaf7ea17db994363503a54b99cc416116ada4dba",
+            "71cbea725d64eb8055a0fb931b75cd3e917adb363af7ebdf12d22d0c149ecc1d",
+            "7440194e0b5ae29993d2f8571c8f7a83c029eeecf251a5e991fcd35e12108f61",
+            "7815afe50beb666d59454975871bc89711d3be94367a2dc1aeef4d1490e027a8",
+            "7ca67b54493ec1fbf018e6f8da87d6d261ec7fdb9a17cf8327e28ce8c0ab97f4",
+            "82fafc3ad44adb44bb8f4cc0205915a89b3dee6bfc1c84e4dc6a8b4c9c429e07",
+            "8332cad289db9b2a133817901291d639742a6d17ee7d44694111655941ec2c1d",
+            "8558d6b9eade8d8efc56573f591d28bd15c09935e955448dae984dbc028ae5d3",
+            "858716274ebe0e1eaffbe79fe3ea0764b2ee48409d42669e5c8e61c3c9831ff9",
+            "880275a257523f16fb83b540e5e1f4489d751c6684cb6f10a605f76f70b08d3a",
+            "8904f02c9115f5ea25a3815595be1ac6d642c646786d053ceec0d17606677c17",
+            "89e73508b4da44c1b92b3c883f7ea4cacc9a689f14b42c6856b946f19b36ee3d",
+            "9144fa8590d0bfd6b8d2aadcc182e26918c3d530e9cfac5df9ed9c74b49f3622",
+            "91c7ff92f3938267720a28e9c995125500aeb78e82714220688d3da95612c15a",
+            "91d31331456072dc5dd1c7f8e1a5de4f0c2e22e888a02006e267f76d919ad387",
+            "9772b6f8e9a3a4e3112ca3e5284bb1ee177bbb13fbb724a6e5c9f72801f2a5a6",
+            "9b5919486261f6182fca2fe05a6027ffecb0b21f85f8182ad0323983c3e64784",
+            "9bbc0fe8ddcd656cab2b39f146ea8e57cb2496b8777266a528d7af3d5d3ef799",
+            "9bd458840202ac6a3e775d0b5bb14da65560c615a2a7ba6cc01f7b8a7fb75f8c",
+            "9c4408d9e0a07492ab2995e82e7b9200d78f0243a8f39b6f13adcfde3547611e",
+            "9c7646c2bc1fbbee103868c7a13b9dd2c1cb29b62950fbf5acc67404b38da9ef",
+            "9f4c5694e674c829e242955febef9efb130ee87d8bb0caed1961a9cc39cf21ad",
+            "9f7eabb50fcd7618c280d5639d6465fa87c3c2580495953f556d57da7242f515",
+            "a0afe1c788bc4f1902f409b5c475b2da63166d33794d19ce76fe450c8c3cf0f3",
+            "a1ff028ab0f1c0abdd2650837afdbc1f28dad905cccb802b7af72e439c6acba4",
+            "a210d0c79b879908b6b281722caf724f8e02b800ca7cffed17285574b1e73d4a",
+            "a498beaab56b3c14562091c0ec732c4c5daeaf13754e9ec6e9b17f8292c9deb0",
+            "af730f5170933c122bb4e9b8c50c596d150b45d670baba9ab4655e343c835e3d",
+            "b3c3df072ff1aec9fff5f1b51bc8dcdcb656eeddceeb3c7643ed13d1d6760b4e",
+            "b3db6584b32bda2b9bb77255ddcd4014e5dfcc1c4d2251d0677033d3a15cfa80",
+            "b58b29b29b08569ac1e4dc89a41d765a9746a7fd13deebb76d6799e119a7dc81",
+            "b6c5eebc72f7f175a7510d760e5aeffbfb77fa7d18cd707c57b47282cefb1b21",
+            "b889023e1c702a202486aae5d5ba7b4c22d8a497812420316db62bb485853c78",
+            "ba7c302411d29424ac426051a867f8386f6e03abf7b83d385e3f028388dee559",
+            "bcae3849ba57e0a0fed0f91d6f690361a98e1c5560c2f3144c6746d583cf5381",
+            "be9755d7de1d78bd2c8bb957c80f199baf9630948b5e9e17eb54fd04a3646290",
+            "c03e016df0ddc6fd937a52f97d3cc08b945046481578dfc2489e7208196cb468",
+            "c828b4b562816f3a34ccbee1b804665f1aac2f8f487c39e5cecb751541b66713",
+            "ca59f8e92dfefba36f5d601ffae6bb4ce3b5f05d1ff6c91d72461f475755d12e",
+            "cca39eebc73390fc408f0070fd31a4fec405b4466c248adc5413bbc4b5b0308c",
+            "cf6d5a0dde7159109750880e5ae5595923b0e502e178326344c0bb49a141b5f3",
+            "d833f6e5ff1156e9c836dbc2e00f5d4431bc450a6dc36e4ebfab34a32e3741c0",
+            "db7e61f78c1334471f801f40e9f1c7b67a2a150b7bb1ea29b716debfc87e0d87",
+            "db92a789081585aa07f255036b5a862cf6d0ceb8a8aee45d93aa882db61d35f0",
+            "dbdb416f2be2761c4acd105b87255e2e7feea28fcb6d77224b5e436eb5e0c492",
+            "e2682e27b3ad24b9dadf235adc1e1484fcc1f3ad4127494ae291f729178899dd",
+            "e2827ceb2ca75fd7d6d81b031ff89f67ef273b25ad26afcf7218bee92edeba51",
+            "e344a020eb2b9e8f7849e6190250d881ce7ed68e89b447d47afba5fc34206895",
+            "e3ec3a1999c935c8dfb4922ed30353be3758696a4d7a336925f3f8b90315cd90",
+            "e5b34c78da584739945094d2543da674102a6e32f5d0c3e81923ce7a701ed824",
+            "e7723943562ecd4c1394fefcd7d0321cd50e26c10d15a8136b3d524d6ee8a33e",
+            "e7788132c06de65d834b5639a40606942ef6394b21350ae2fab19254f8f1bc75",
+            "e9c00348e18aeb045f8e646f38b83c40b78bca943bfa5edba40ecb9e1794c5c3",
+            "ef4ac67eb5d531a8b4a5a54b69e5afcd6a9dc30cfbda86fe571fc0e04af41e1b",
+            "f106305a63851987e0f48556e1a61c2fa6035c3b569005761fa2ba0aa3a7c085",
+            "f31698233389934cd18eaaed0d7fbafbe3cbe8738d1c493b492a26aa73a9c597",
+            "f3d49f47a5ef0861e8c98df6432ab96e4694f406bc892b80f4215d4db54c1a75",
+            "f47dd464b5285b40dc39e07e414a6737d0f6289337c7618270fd3a4f53745081",
+            "f5b90919a1c59edf4148d0d42ac361c8d439b4926956ec5ddc25c9eabb3abc21",
+            "f75e8e0e0c7855400696c4dc9541bcd75a24f27676e9e4acf4146f434166a4b9",
+            "f80065b055f780c8edb11b1871e74970c6abd0b5963966d470d09c060503a843"
+        ],
+        "iocs": {
+            "domain": [],
+            "file": [
+                {
+                    "hashes": [
+                        "04f0e9827c423864e2f267f2fcfa8d31dbdfbe0d7b92d34f118d8e77b9597528",
+                        "072276d94f0ff3f700574cc3b84cbc65d41b0eaff2e83a5653edf6ff7fd2e0ba",
+                        "077d53918dccaae2871aa7b501da372a6673e15b4a4447051852d4e01f581a03",
+                        "0c47e6afcb8c3354a181e8bda0512ca65d7a5b5c0541da879994c787ab4530e1",
+                        "10ea6c280c20d3567453bda8c2af4794b867ad43d3e9c6e06fea328e8b1d4f5a",
+                        "112078a290c017e9c56a38a18d57e3507567836c7ecd55a29d43d06d8c4b2e87",
+                        "16a1a073d93a8d56001a694d04fed70b17019eb244670390c0946104656528f6",
+                        "1953ca3ec2aa45a27077b21f7e464f497abfb4f1ae6a75eb62824e414db4c88b",
+                        "1a2e5b01d2f1150064e73fedcf18de3a90f3950ae6c0a55697b2a87d723bffe2",
+                        "1e8935e3c76df325b00eeb5e525ae4329de3ae64c991b9957327411740537b3c",
+                        "1eac32099ccff0b55a138676e3ac291cb81c0cd2a573d6b5a013acbe5dc83536",
+                        "1fbd62875d486e68e80118228cdb356e243f00b0060f7dca195dd734778afa82",
+                        "239051885f686e935ca2242165dc592c8e266e5eb72576c80d92a71fb558e83f",
+                        "2f8594a39a654c99514983d6dbf367258de39be75294668ac80c2f9b248fd9aa",
+                        "35d8e52e6d05dadf52f441971bb246d7d15e5a49f33626c91078dd1177d767b5",
+                        "375d5f6b94dbc0b1bd46e46aae64b6cee43c2459af4a8c51e3bbe36b885cf216",
+                        "3929cfbc0cb9cbe8be50104418169111b8ffdfdc58cf628560c61ea98adc7446",
+                        "3977126c1a8ead71c700e64414dd4a97f1396fa97f6513650f0ae008f66e072f",
+                        "3a906ac6fc9c764876f897e70242d3614f988d629d68c35a0b13d1969ceba44a",
+                        "3b41e6fb3c8ece6117e852bdcdba6b3ef494e7eb502787ac12045fabc3ec5609",
+                        "3c84e14224e65aa3a067c7b392e98037fc3672afc21fa02ef3ad3417e58c8e0f",
+                        "3cb111e6d531ae041de2efeac8587374f59526fa719460ad55faaacfb4936d99",
+                        "3cb808292a7a81b6ff25d497f25acad1e554d14806492bfefa1c1c7f204d405a",
+                        "3e05620847484822b3a23a1250863b550732547923e88e14e64b8084bc24c0c6",
+                        "43fadbcf6b371f33f758f939b8ea7b524ade6a7753b41d7a5b3dad524add560f",
+                        "470fc19b55ecb8f7830c57763c22086d45e4bdbccbb410827da20f178d082eb1",
+                        "48fb31e3268057b2985bfe5455f5fe672169bc27c35b463266bac746af9e31e8",
+                        "4a86cbb357806bb557b9ef262e458fe051d14a4507f0cd23924b379e0e4f6b48",
+                        "51d4c615066be53e24d1c2dc70bd9f5513f15ec615ec6b550945a5650d09035e",
+                        "52091dc21ec158cf6d1a3593beb7043d9b95831cb7524b7f537ba13361fe24d5",
+                        "5244ea22ca67d2b4dacfcb7625f4658a4c92a9b5c90eeace1427e71582321e1a",
+                        "56099780e1a7c1df6f8fe7b01f107b46bbe66025d492dfc7e72482dfc735113a",
+                        "572bab030a2a464bf15793e5dd3e2d84b8360e3bb07be0e8d2708e3025b6a2a3",
+                        "575e01491c4d5a08c2a6e60747fc87824397884a187d335f399057f50ba421f5",
+                        "5ac7670fa52909cabebac7345330da2c85311efd3dbe89dd57bcc952c75b58fb",
+                        "5b5a3363903ac2fd810e4e1877ad59ebab5563e2740e4d970bc0c8ba4a471b08",
+                        "5cda9d95afad5d7cc4584f8788ff30a2270020b6d4c874589dc4715f5fb166cc",
+                        "6197022f055da5446b9e6e937373805a3d497fdd4159827e23fc3cff6d26a51b",
+                        "659b77581f815a025f1826468979f5fce066e7f2bc91393ee74bd71fbb62cf14",
+                        "65a2af1decd8c0a9209ce09d7eeb2088ae2007272e3a0ef6cfa90480d0871dba",
+                        "674937c7fea9937d3157090a4358a53d21b45cf0bbe67b76e5d1adcda87df931",
+                        "69fb5ba180985ff11e747db0bd46b177d9551503da46638ff5586ff90f7a6baf",
+                        "6bf293de0f7a6a267278de0d1d9d5b814f24853a0c2c1e5b4ea0406c0762f6f9",
+                        "7069134c0a0b1055a8bf49d54812015b4c4eaf24d638be77ca9c2b53389dffeb",
+                        "712ecbe881c06855b483f0bbeaf7ea17db994363503a54b99cc416116ada4dba",
+                        "71cbea725d64eb8055a0fb931b75cd3e917adb363af7ebdf12d22d0c149ecc1d",
+                        "7440194e0b5ae29993d2f8571c8f7a83c029eeecf251a5e991fcd35e12108f61",
+                        "7815afe50beb666d59454975871bc89711d3be94367a2dc1aeef4d1490e027a8",
+                        "7ca67b54493ec1fbf018e6f8da87d6d261ec7fdb9a17cf8327e28ce8c0ab97f4",
+                        "82fafc3ad44adb44bb8f4cc0205915a89b3dee6bfc1c84e4dc6a8b4c9c429e07",
+                        "8332cad289db9b2a133817901291d639742a6d17ee7d44694111655941ec2c1d",
+                        "8558d6b9eade8d8efc56573f591d28bd15c09935e955448dae984dbc028ae5d3",
+                        "858716274ebe0e1eaffbe79fe3ea0764b2ee48409d42669e5c8e61c3c9831ff9",
+                        "880275a257523f16fb83b540e5e1f4489d751c6684cb6f10a605f76f70b08d3a",
+                        "8904f02c9115f5ea25a3815595be1ac6d642c646786d053ceec0d17606677c17",
+                        "89e73508b4da44c1b92b3c883f7ea4cacc9a689f14b42c6856b946f19b36ee3d",
+                        "9144fa8590d0bfd6b8d2aadcc182e26918c3d530e9cfac5df9ed9c74b49f3622",
+                        "91c7ff92f3938267720a28e9c995125500aeb78e82714220688d3da95612c15a",
+                        "91d31331456072dc5dd1c7f8e1a5de4f0c2e22e888a02006e267f76d919ad387",
+                        "9772b6f8e9a3a4e3112ca3e5284bb1ee177bbb13fbb724a6e5c9f72801f2a5a6",
+                        "9b5919486261f6182fca2fe05a6027ffecb0b21f85f8182ad0323983c3e64784",
+                        "9bbc0fe8ddcd656cab2b39f146ea8e57cb2496b8777266a528d7af3d5d3ef799",
+                        "9bd458840202ac6a3e775d0b5bb14da65560c615a2a7ba6cc01f7b8a7fb75f8c",
+                        "9c4408d9e0a07492ab2995e82e7b9200d78f0243a8f39b6f13adcfde3547611e",
+                        "9c7646c2bc1fbbee103868c7a13b9dd2c1cb29b62950fbf5acc67404b38da9ef",
+                        "9f4c5694e674c829e242955febef9efb130ee87d8bb0caed1961a9cc39cf21ad",
+                        "9f7eabb50fcd7618c280d5639d6465fa87c3c2580495953f556d57da7242f515",
+                        "a0afe1c788bc4f1902f409b5c475b2da63166d33794d19ce76fe450c8c3cf0f3",
+                        "a1ff028ab0f1c0abdd2650837afdbc1f28dad905cccb802b7af72e439c6acba4",
+                        "a210d0c79b879908b6b281722caf724f8e02b800ca7cffed17285574b1e73d4a",
+                        "a498beaab56b3c14562091c0ec732c4c5daeaf13754e9ec6e9b17f8292c9deb0",
+                        "af730f5170933c122bb4e9b8c50c596d150b45d670baba9ab4655e343c835e3d",
+                        "b3c3df072ff1aec9fff5f1b51bc8dcdcb656eeddceeb3c7643ed13d1d6760b4e",
+                        "b3db6584b32bda2b9bb77255ddcd4014e5dfcc1c4d2251d0677033d3a15cfa80",
+                        "b58b29b29b08569ac1e4dc89a41d765a9746a7fd13deebb76d6799e119a7dc81",
+                        "b6c5eebc72f7f175a7510d760e5aeffbfb77fa7d18cd707c57b47282cefb1b21",
+                        "b889023e1c702a202486aae5d5ba7b4c22d8a497812420316db62bb485853c78",
+                        "ba7c302411d29424ac426051a867f8386f6e03abf7b83d385e3f028388dee559",
+                        "bcae3849ba57e0a0fed0f91d6f690361a98e1c5560c2f3144c6746d583cf5381",
+                        "be9755d7de1d78bd2c8bb957c80f199baf9630948b5e9e17eb54fd04a3646290",
+                        "c03e016df0ddc6fd937a52f97d3cc08b945046481578dfc2489e7208196cb468",
+                        "c828b4b562816f3a34ccbee1b804665f1aac2f8f487c39e5cecb751541b66713",
+                        "ca59f8e92dfefba36f5d601ffae6bb4ce3b5f05d1ff6c91d72461f475755d12e",
+                        "cca39eebc73390fc408f0070fd31a4fec405b4466c248adc5413bbc4b5b0308c",
+                        "cf6d5a0dde7159109750880e5ae5595923b0e502e178326344c0bb49a141b5f3",
+                        "d833f6e5ff1156e9c836dbc2e00f5d4431bc450a6dc36e4ebfab34a32e3741c0",
+                        "db7e61f78c1334471f801f40e9f1c7b67a2a150b7bb1ea29b716debfc87e0d87",
+                        "db92a789081585aa07f255036b5a862cf6d0ceb8a8aee45d93aa882db61d35f0",
+                        "dbdb416f2be2761c4acd105b87255e2e7feea28fcb6d77224b5e436eb5e0c492",
+                        "e2682e27b3ad24b9dadf235adc1e1484fcc1f3ad4127494ae291f729178899dd",
+                        "e2827ceb2ca75fd7d6d81b031ff89f67ef273b25ad26afcf7218bee92edeba51",
+                        "e344a020eb2b9e8f7849e6190250d881ce7ed68e89b447d47afba5fc34206895",
+                        "e3ec3a1999c935c8dfb4922ed30353be3758696a4d7a336925f3f8b90315cd90",
+                        "e5b34c78da584739945094d2543da674102a6e32f5d0c3e81923ce7a701ed824",
+                        "e7723943562ecd4c1394fefcd7d0321cd50e26c10d15a8136b3d524d6ee8a33e",
+                        "e7788132c06de65d834b5639a40606942ef6394b21350ae2fab19254f8f1bc75",
+                        "e9c00348e18aeb045f8e646f38b83c40b78bca943bfa5edba40ecb9e1794c5c3",
+                        "ef4ac67eb5d531a8b4a5a54b69e5afcd6a9dc30cfbda86fe571fc0e04af41e1b",
+                        "f106305a63851987e0f48556e1a61c2fa6035c3b569005761fa2ba0aa3a7c085",
+                        "f31698233389934cd18eaaed0d7fbafbe3cbe8738d1c493b492a26aa73a9c597",
+                        "f3d49f47a5ef0861e8c98df6432ab96e4694f406bc892b80f4215d4db54c1a75",
+                        "f47dd464b5285b40dc39e07e414a6737d0f6289337c7618270fd3a4f53745081",
+                        "f5b90919a1c59edf4148d0d42ac361c8d439b4926956ec5ddc25c9eabb3abc21",
+                        "f75e8e0e0c7855400696c4dc9541bcd75a24f27676e9e4acf4146f434166a4b9",
+                        "f80065b055f780c8edb11b1871e74970c6abd0b5963966d470d09c060503a843"
+                    ],
+                    "path": "%LOCALAPPDATA%\\<random, matching '[a-z]{8}'>.exe"
+                },
+                {
+                    "hashes": [
+                        "2f8594a39a654c99514983d6dbf367258de39be75294668ac80c2f9b248fd9aa"
+                    ],
+                    "path": "%HOMEPATH%\\Local Settings\\Application Data\\hmrpjdnd.exe"
+                },
+                {
+                    "hashes": [
+                        "1fbd62875d486e68e80118228cdb356e243f00b0060f7dca195dd734778afa82"
+                    ],
+                    "path": "%HOMEPATH%\\Local Settings\\Application Data\\rbgruqii.exe"
+                },
+                {
+                    "hashes": [
+                        "3c84e14224e65aa3a067c7b392e98037fc3672afc21fa02ef3ad3417e58c8e0f"
+                    ],
+                    "path": "%HOMEPATH%\\Local Settings\\Application Data\\mrcxfbbl.exe"
+                },
+                {
+                    "hashes": [
+                        "1a2e5b01d2f1150064e73fedcf18de3a90f3950ae6c0a55697b2a87d723bffe2"
+                    ],
+                    "path": "%HOMEPATH%\\Local Settings\\Application Data\\laafhqtr.exe"
+                },
+                {
+                    "hashes": [
+                        "3cb111e6d531ae041de2efeac8587374f59526fa719460ad55faaacfb4936d99"
+                    ],
+                    "path": "%HOMEPATH%\\Local Settings\\Application Data\\xfcgdhod.exe"
+                },
+                {
+                    "hashes": [
+                        "3cb808292a7a81b6ff25d497f25acad1e554d14806492bfefa1c1c7f204d405a"
+                    ],
+                    "path": "%HOMEPATH%\\Local Settings\\Application Data\\eqfsdpli.exe"
+                },
+                {
+                    "hashes": [
+                        "04f0e9827c423864e2f267f2fcfa8d31dbdfbe0d7b92d34f118d8e77b9597528"
+                    ],
+                    "path": "%HOMEPATH%\\Local Settings\\Application Data\\lfmigull.exe"
+                },
+                {
+                    "hashes": [
+                        "077d53918dccaae2871aa7b501da372a6673e15b4a4447051852d4e01f581a03"
+                    ],
+                    "path": "%HOMEPATH%\\Local Settings\\Application Data\\mepsiutc.exe"
+                },
+                {
+                    "hashes": [
+                        "3929cfbc0cb9cbe8be50104418169111b8ffdfdc58cf628560c61ea98adc7446"
+                    ],
+                    "path": "%HOMEPATH%\\Local Settings\\Application Data\\evvlnbmm.exe"
+                },
+                {
+                    "hashes": [
+                        "35d8e52e6d05dadf52f441971bb246d7d15e5a49f33626c91078dd1177d767b5"
+                    ],
+                    "path": "%HOMEPATH%\\Local Settings\\Application Data\\dtrpdkof.exe"
+                },
+                {
+                    "hashes": [
+                        "3b41e6fb3c8ece6117e852bdcdba6b3ef494e7eb502787ac12045fabc3ec5609"
+                    ],
+                    "path": "%HOMEPATH%\\Local Settings\\Application Data\\xvtoeinf.exe"
+                },
+                {
+                    "hashes": [
+                        "10ea6c280c20d3567453bda8c2af4794b867ad43d3e9c6e06fea328e8b1d4f5a"
+                    ],
+                    "path": "%HOMEPATH%\\Local Settings\\Application Data\\deumjros.exe"
+                },
+                {
+                    "hashes": [
+                        "239051885f686e935ca2242165dc592c8e266e5eb72576c80d92a71fb558e83f"
+                    ],
+                    "path": "%HOMEPATH%\\Local Settings\\Application Data\\ptlclwer.exe"
+                },
+                {
+                    "hashes": [
+                        "3977126c1a8ead71c700e64414dd4a97f1396fa97f6513650f0ae008f66e072f"
+                    ],
+                    "path": "%HOMEPATH%\\Local Settings\\Application Data\\pfcekooh.exe"
+                },
+                {
+                    "hashes": [
+                        "375d5f6b94dbc0b1bd46e46aae64b6cee43c2459af4a8c51e3bbe36b885cf216"
+                    ],
+                    "path": "%HOMEPATH%\\Local Settings\\Application Data\\dnxliqkc.exe"
+                },
+                {
+                    "hashes": [
+                        "3e05620847484822b3a23a1250863b550732547923e88e14e64b8084bc24c0c6"
+                    ],
+                    "path": "%HOMEPATH%\\Local Settings\\Application Data\\fwagopgb.exe"
+                },
+                {
+                    "hashes": [
+                        "3a906ac6fc9c764876f897e70242d3614f988d629d68c35a0b13d1969ceba44a"
+                    ],
+                    "path": "%HOMEPATH%\\Local Settings\\Application Data\\uubcfqfj.exe"
+                },
+                {
+                    "hashes": [
+                        "072276d94f0ff3f700574cc3b84cbc65d41b0eaff2e83a5653edf6ff7fd2e0ba"
+                    ],
+                    "path": "%HOMEPATH%\\Local Settings\\Application Data\\pxlkbulv.exe"
+                },
+                {
+                    "hashes": [
+                        "0c47e6afcb8c3354a181e8bda0512ca65d7a5b5c0541da879994c787ab4530e1"
+                    ],
+                    "path": "%HOMEPATH%\\Local Settings\\Application Data\\riuodjqi.exe"
+                },
+                {
+                    "hashes": [
+                        "112078a290c017e9c56a38a18d57e3507567836c7ecd55a29d43d06d8c4b2e87"
+                    ],
+                    "path": "%HOMEPATH%\\Local Settings\\Application Data\\mrbccagr.exe"
+                },
+                {
+                    "hashes": [
+                        "16a1a073d93a8d56001a694d04fed70b17019eb244670390c0946104656528f6"
+                    ],
+                    "path": "%HOMEPATH%\\Local Settings\\Application Data\\scrqpcqd.exe"
+                },
+                {
+                    "hashes": [
+                        "1953ca3ec2aa45a27077b21f7e464f497abfb4f1ae6a75eb62824e414db4c88b"
+                    ],
+                    "path": "%HOMEPATH%\\Local Settings\\Application Data\\ujtqfsaf.exe"
+                },
+                {
+                    "hashes": [
+                        "1e8935e3c76df325b00eeb5e525ae4329de3ae64c991b9957327411740537b3c"
+                    ],
+                    "path": "%HOMEPATH%\\Local Settings\\Application Data\\jrcdbpal.exe"
+                },
+                {
+                    "hashes": [
+                        "1eac32099ccff0b55a138676e3ac291cb81c0cd2a573d6b5a013acbe5dc83536"
+                    ],
+                    "path": "%HOMEPATH%\\Local Settings\\Application Data\\eafbsogp.exe"
+                },
+                {
+                    "hashes": [
+                        "43fadbcf6b371f33f758f939b8ea7b524ade6a7753b41d7a5b3dad524add560f"
+                    ],
+                    "path": "%HOMEPATH%\\Local Settings\\Application Data\\ewrrdbtt.exe"
+                }
+            ],
+            "ip": [
+                {
+                    "hashes": [
+                        "072276d94f0ff3f700574cc3b84cbc65d41b0eaff2e83a5653edf6ff7fd2e0ba",
+                        "077d53918dccaae2871aa7b501da372a6673e15b4a4447051852d4e01f581a03",
+                        "0c47e6afcb8c3354a181e8bda0512ca65d7a5b5c0541da879994c787ab4530e1",
+                        "1953ca3ec2aa45a27077b21f7e464f497abfb4f1ae6a75eb62824e414db4c88b",
+                        "1a2e5b01d2f1150064e73fedcf18de3a90f3950ae6c0a55697b2a87d723bffe2",
+                        "1eac32099ccff0b55a138676e3ac291cb81c0cd2a573d6b5a013acbe5dc83536",
+                        "2f8594a39a654c99514983d6dbf367258de39be75294668ac80c2f9b248fd9aa",
+                        "375d5f6b94dbc0b1bd46e46aae64b6cee43c2459af4a8c51e3bbe36b885cf216",
+                        "3a906ac6fc9c764876f897e70242d3614f988d629d68c35a0b13d1969ceba44a",
+                        "3cb111e6d531ae041de2efeac8587374f59526fa719460ad55faaacfb4936d99",
+                        "3e05620847484822b3a23a1250863b550732547923e88e14e64b8084bc24c0c6",
+                        "43fadbcf6b371f33f758f939b8ea7b524ade6a7753b41d7a5b3dad524add560f",
+                        "5244ea22ca67d2b4dacfcb7625f4658a4c92a9b5c90eeace1427e71582321e1a",
+                        "575e01491c4d5a08c2a6e60747fc87824397884a187d335f399057f50ba421f5",
+                        "5b5a3363903ac2fd810e4e1877ad59ebab5563e2740e4d970bc0c8ba4a471b08",
+                        "6197022f055da5446b9e6e937373805a3d497fdd4159827e23fc3cff6d26a51b",
+                        "659b77581f815a025f1826468979f5fce066e7f2bc91393ee74bd71fbb62cf14",
+                        "65a2af1decd8c0a9209ce09d7eeb2088ae2007272e3a0ef6cfa90480d0871dba",
+                        "674937c7fea9937d3157090a4358a53d21b45cf0bbe67b76e5d1adcda87df931",
+                        "69fb5ba180985ff11e747db0bd46b177d9551503da46638ff5586ff90f7a6baf",
+                        "6bf293de0f7a6a267278de0d1d9d5b814f24853a0c2c1e5b4ea0406c0762f6f9",
+                        "7069134c0a0b1055a8bf49d54812015b4c4eaf24d638be77ca9c2b53389dffeb",
+                        "712ecbe881c06855b483f0bbeaf7ea17db994363503a54b99cc416116ada4dba",
+                        "71cbea725d64eb8055a0fb931b75cd3e917adb363af7ebdf12d22d0c149ecc1d",
+                        "7815afe50beb666d59454975871bc89711d3be94367a2dc1aeef4d1490e027a8",
+                        "7ca67b54493ec1fbf018e6f8da87d6d261ec7fdb9a17cf8327e28ce8c0ab97f4",
+                        "82fafc3ad44adb44bb8f4cc0205915a89b3dee6bfc1c84e4dc6a8b4c9c429e07",
+                        "8332cad289db9b2a133817901291d639742a6d17ee7d44694111655941ec2c1d",
+                        "880275a257523f16fb83b540e5e1f4489d751c6684cb6f10a605f76f70b08d3a",
+                        "89e73508b4da44c1b92b3c883f7ea4cacc9a689f14b42c6856b946f19b36ee3d",
+                        "9144fa8590d0bfd6b8d2aadcc182e26918c3d530e9cfac5df9ed9c74b49f3622",
+                        "91d31331456072dc5dd1c7f8e1a5de4f0c2e22e888a02006e267f76d919ad387",
+                        "9bbc0fe8ddcd656cab2b39f146ea8e57cb2496b8777266a528d7af3d5d3ef799",
+                        "9bd458840202ac6a3e775d0b5bb14da65560c615a2a7ba6cc01f7b8a7fb75f8c",
+                        "9c4408d9e0a07492ab2995e82e7b9200d78f0243a8f39b6f13adcfde3547611e",
+                        "9c7646c2bc1fbbee103868c7a13b9dd2c1cb29b62950fbf5acc67404b38da9ef",
+                        "9f7eabb50fcd7618c280d5639d6465fa87c3c2580495953f556d57da7242f515",
+                        "a210d0c79b879908b6b281722caf724f8e02b800ca7cffed17285574b1e73d4a",
+                        "b58b29b29b08569ac1e4dc89a41d765a9746a7fd13deebb76d6799e119a7dc81",
+                        "b6c5eebc72f7f175a7510d760e5aeffbfb77fa7d18cd707c57b47282cefb1b21",
+                        "ba7c302411d29424ac426051a867f8386f6e03abf7b83d385e3f028388dee559",
+                        "bcae3849ba57e0a0fed0f91d6f690361a98e1c5560c2f3144c6746d583cf5381",
+                        "be9755d7de1d78bd2c8bb957c80f199baf9630948b5e9e17eb54fd04a3646290",
+                        "c03e016df0ddc6fd937a52f97d3cc08b945046481578dfc2489e7208196cb468",
+                        "cf6d5a0dde7159109750880e5ae5595923b0e502e178326344c0bb49a141b5f3",
+                        "e5b34c78da584739945094d2543da674102a6e32f5d0c3e81923ce7a701ed824",
+                        "e7723943562ecd4c1394fefcd7d0321cd50e26c10d15a8136b3d524d6ee8a33e",
+                        "e7788132c06de65d834b5639a40606942ef6394b21350ae2fab19254f8f1bc75",
+                        "f106305a63851987e0f48556e1a61c2fa6035c3b569005761fa2ba0aa3a7c085",
+                        "f31698233389934cd18eaaed0d7fbafbe3cbe8738d1c493b492a26aa73a9c597",
+                        "f3d49f47a5ef0861e8c98df6432ab96e4694f406bc892b80f4215d4db54c1a75",
+                        "f5b90919a1c59edf4148d0d42ac361c8d439b4926956ec5ddc25c9eabb3abc21",
+                        "f75e8e0e0c7855400696c4dc9541bcd75a24f27676e9e4acf4146f434166a4b9"
+                    ],
+                    "ip": "212[.]45[.]17[.]15"
+                },
+                {
+                    "hashes": [
+                        "0c47e6afcb8c3354a181e8bda0512ca65d7a5b5c0541da879994c787ab4530e1",
+                        "2f8594a39a654c99514983d6dbf367258de39be75294668ac80c2f9b248fd9aa",
+                        "3977126c1a8ead71c700e64414dd4a97f1396fa97f6513650f0ae008f66e072f",
+                        "3a906ac6fc9c764876f897e70242d3614f988d629d68c35a0b13d1969ceba44a",
+                        "3b41e6fb3c8ece6117e852bdcdba6b3ef494e7eb502787ac12045fabc3ec5609",
+                        "3c84e14224e65aa3a067c7b392e98037fc3672afc21fa02ef3ad3417e58c8e0f",
+                        "3cb808292a7a81b6ff25d497f25acad1e554d14806492bfefa1c1c7f204d405a",
+                        "470fc19b55ecb8f7830c57763c22086d45e4bdbccbb410827da20f178d082eb1",
+                        "48fb31e3268057b2985bfe5455f5fe672169bc27c35b463266bac746af9e31e8",
+                        "4a86cbb357806bb557b9ef262e458fe051d14a4507f0cd23924b379e0e4f6b48",
+                        "56099780e1a7c1df6f8fe7b01f107b46bbe66025d492dfc7e72482dfc735113a",
+                        "5cda9d95afad5d7cc4584f8788ff30a2270020b6d4c874589dc4715f5fb166cc",
+                        "6197022f055da5446b9e6e937373805a3d497fdd4159827e23fc3cff6d26a51b",
+                        "659b77581f815a025f1826468979f5fce066e7f2bc91393ee74bd71fbb62cf14",
+                        "69fb5ba180985ff11e747db0bd46b177d9551503da46638ff5586ff90f7a6baf",
+                        "712ecbe881c06855b483f0bbeaf7ea17db994363503a54b99cc416116ada4dba",
+                        "82fafc3ad44adb44bb8f4cc0205915a89b3dee6bfc1c84e4dc6a8b4c9c429e07",
+                        "8332cad289db9b2a133817901291d639742a6d17ee7d44694111655941ec2c1d",
+                        "858716274ebe0e1eaffbe79fe3ea0764b2ee48409d42669e5c8e61c3c9831ff9",
+                        "89e73508b4da44c1b92b3c883f7ea4cacc9a689f14b42c6856b946f19b36ee3d",
+                        "9144fa8590d0bfd6b8d2aadcc182e26918c3d530e9cfac5df9ed9c74b49f3622",
+                        "91d31331456072dc5dd1c7f8e1a5de4f0c2e22e888a02006e267f76d919ad387",
+                        "9772b6f8e9a3a4e3112ca3e5284bb1ee177bbb13fbb724a6e5c9f72801f2a5a6",
+                        "9b5919486261f6182fca2fe05a6027ffecb0b21f85f8182ad0323983c3e64784",
+                        "9c7646c2bc1fbbee103868c7a13b9dd2c1cb29b62950fbf5acc67404b38da9ef",
+                        "9f7eabb50fcd7618c280d5639d6465fa87c3c2580495953f556d57da7242f515",
+                        "a1ff028ab0f1c0abdd2650837afdbc1f28dad905cccb802b7af72e439c6acba4",
+                        "a498beaab56b3c14562091c0ec732c4c5daeaf13754e9ec6e9b17f8292c9deb0",
+                        "af730f5170933c122bb4e9b8c50c596d150b45d670baba9ab4655e343c835e3d",
+                        "b3c3df072ff1aec9fff5f1b51bc8dcdcb656eeddceeb3c7643ed13d1d6760b4e",
+                        "b58b29b29b08569ac1e4dc89a41d765a9746a7fd13deebb76d6799e119a7dc81",
+                        "b889023e1c702a202486aae5d5ba7b4c22d8a497812420316db62bb485853c78",
+                        "be9755d7de1d78bd2c8bb957c80f199baf9630948b5e9e17eb54fd04a3646290",
+                        "c03e016df0ddc6fd937a52f97d3cc08b945046481578dfc2489e7208196cb468",
+                        "c828b4b562816f3a34ccbee1b804665f1aac2f8f487c39e5cecb751541b66713",
+                        "cca39eebc73390fc408f0070fd31a4fec405b4466c248adc5413bbc4b5b0308c",
+                        "cf6d5a0dde7159109750880e5ae5595923b0e502e178326344c0bb49a141b5f3",
+                        "db92a789081585aa07f255036b5a862cf6d0ceb8a8aee45d93aa882db61d35f0",
+                        "dbdb416f2be2761c4acd105b87255e2e7feea28fcb6d77224b5e436eb5e0c492",
+                        "e2682e27b3ad24b9dadf235adc1e1484fcc1f3ad4127494ae291f729178899dd",
+                        "e2827ceb2ca75fd7d6d81b031ff89f67ef273b25ad26afcf7218bee92edeba51",
+                        "e3ec3a1999c935c8dfb4922ed30353be3758696a4d7a336925f3f8b90315cd90",
+                        "e5b34c78da584739945094d2543da674102a6e32f5d0c3e81923ce7a701ed824",
+                        "e7788132c06de65d834b5639a40606942ef6394b21350ae2fab19254f8f1bc75",
+                        "ef4ac67eb5d531a8b4a5a54b69e5afcd6a9dc30cfbda86fe571fc0e04af41e1b",
+                        "f106305a63851987e0f48556e1a61c2fa6035c3b569005761fa2ba0aa3a7c085",
+                        "f3d49f47a5ef0861e8c98df6432ab96e4694f406bc892b80f4215d4db54c1a75",
+                        "f47dd464b5285b40dc39e07e414a6737d0f6289337c7618270fd3a4f53745081",
+                        "f5b90919a1c59edf4148d0d42ac361c8d439b4926956ec5ddc25c9eabb3abc21",
+                        "f75e8e0e0c7855400696c4dc9541bcd75a24f27676e9e4acf4146f434166a4b9",
+                        "f80065b055f780c8edb11b1871e74970c6abd0b5963966d470d09c060503a843"
+                    ],
+                    "ip": "173[.]203[.]97[.]13"
+                },
+                {
+                    "hashes": [
+                        "0c47e6afcb8c3354a181e8bda0512ca65d7a5b5c0541da879994c787ab4530e1",
+                        "10ea6c280c20d3567453bda8c2af4794b867ad43d3e9c6e06fea328e8b1d4f5a",
+                        "112078a290c017e9c56a38a18d57e3507567836c7ecd55a29d43d06d8c4b2e87",
+                        "16a1a073d93a8d56001a694d04fed70b17019eb244670390c0946104656528f6",
+                        "1e8935e3c76df325b00eeb5e525ae4329de3ae64c991b9957327411740537b3c",
+                        "1fbd62875d486e68e80118228cdb356e243f00b0060f7dca195dd734778afa82",
+                        "2f8594a39a654c99514983d6dbf367258de39be75294668ac80c2f9b248fd9aa",
+                        "375d5f6b94dbc0b1bd46e46aae64b6cee43c2459af4a8c51e3bbe36b885cf216",
+                        "3977126c1a8ead71c700e64414dd4a97f1396fa97f6513650f0ae008f66e072f",
+                        "3b41e6fb3c8ece6117e852bdcdba6b3ef494e7eb502787ac12045fabc3ec5609",
+                        "3cb111e6d531ae041de2efeac8587374f59526fa719460ad55faaacfb4936d99",
+                        "3cb808292a7a81b6ff25d497f25acad1e554d14806492bfefa1c1c7f204d405a",
+                        "43fadbcf6b371f33f758f939b8ea7b524ade6a7753b41d7a5b3dad524add560f",
+                        "470fc19b55ecb8f7830c57763c22086d45e4bdbccbb410827da20f178d082eb1",
+                        "48fb31e3268057b2985bfe5455f5fe672169bc27c35b463266bac746af9e31e8",
+                        "4a86cbb357806bb557b9ef262e458fe051d14a4507f0cd23924b379e0e4f6b48",
+                        "52091dc21ec158cf6d1a3593beb7043d9b95831cb7524b7f537ba13361fe24d5",
+                        "5244ea22ca67d2b4dacfcb7625f4658a4c92a9b5c90eeace1427e71582321e1a",
+                        "572bab030a2a464bf15793e5dd3e2d84b8360e3bb07be0e8d2708e3025b6a2a3",
+                        "5ac7670fa52909cabebac7345330da2c85311efd3dbe89dd57bcc952c75b58fb",
+                        "5b5a3363903ac2fd810e4e1877ad59ebab5563e2740e4d970bc0c8ba4a471b08",
+                        "5cda9d95afad5d7cc4584f8788ff30a2270020b6d4c874589dc4715f5fb166cc",
+                        "6197022f055da5446b9e6e937373805a3d497fdd4159827e23fc3cff6d26a51b",
+                        "65a2af1decd8c0a9209ce09d7eeb2088ae2007272e3a0ef6cfa90480d0871dba",
+                        "71cbea725d64eb8055a0fb931b75cd3e917adb363af7ebdf12d22d0c149ecc1d",
+                        "858716274ebe0e1eaffbe79fe3ea0764b2ee48409d42669e5c8e61c3c9831ff9",
+                        "8904f02c9115f5ea25a3815595be1ac6d642c646786d053ceec0d17606677c17",
+                        "89e73508b4da44c1b92b3c883f7ea4cacc9a689f14b42c6856b946f19b36ee3d",
+                        "91c7ff92f3938267720a28e9c995125500aeb78e82714220688d3da95612c15a",
+                        "9772b6f8e9a3a4e3112ca3e5284bb1ee177bbb13fbb724a6e5c9f72801f2a5a6",
+                        "9bd458840202ac6a3e775d0b5bb14da65560c615a2a7ba6cc01f7b8a7fb75f8c",
+                        "9c4408d9e0a07492ab2995e82e7b9200d78f0243a8f39b6f13adcfde3547611e",
+                        "a0afe1c788bc4f1902f409b5c475b2da63166d33794d19ce76fe450c8c3cf0f3",
+                        "a1ff028ab0f1c0abdd2650837afdbc1f28dad905cccb802b7af72e439c6acba4",
+                        "a210d0c79b879908b6b281722caf724f8e02b800ca7cffed17285574b1e73d4a",
+                        "a498beaab56b3c14562091c0ec732c4c5daeaf13754e9ec6e9b17f8292c9deb0",
+                        "b58b29b29b08569ac1e4dc89a41d765a9746a7fd13deebb76d6799e119a7dc81",
+                        "ba7c302411d29424ac426051a867f8386f6e03abf7b83d385e3f028388dee559",
+                        "bcae3849ba57e0a0fed0f91d6f690361a98e1c5560c2f3144c6746d583cf5381",
+                        "be9755d7de1d78bd2c8bb957c80f199baf9630948b5e9e17eb54fd04a3646290",
+                        "c828b4b562816f3a34ccbee1b804665f1aac2f8f487c39e5cecb751541b66713",
+                        "cca39eebc73390fc408f0070fd31a4fec405b4466c248adc5413bbc4b5b0308c",
+                        "cf6d5a0dde7159109750880e5ae5595923b0e502e178326344c0bb49a141b5f3",
+                        "db92a789081585aa07f255036b5a862cf6d0ceb8a8aee45d93aa882db61d35f0",
+                        "e2827ceb2ca75fd7d6d81b031ff89f67ef273b25ad26afcf7218bee92edeba51",
+                        "e344a020eb2b9e8f7849e6190250d881ce7ed68e89b447d47afba5fc34206895",
+                        "e3ec3a1999c935c8dfb4922ed30353be3758696a4d7a336925f3f8b90315cd90",
+                        "e5b34c78da584739945094d2543da674102a6e32f5d0c3e81923ce7a701ed824",
+                        "e9c00348e18aeb045f8e646f38b83c40b78bca943bfa5edba40ecb9e1794c5c3",
+                        "ef4ac67eb5d531a8b4a5a54b69e5afcd6a9dc30cfbda86fe571fc0e04af41e1b",
+                        "f106305a63851987e0f48556e1a61c2fa6035c3b569005761fa2ba0aa3a7c085"
+                    ],
+                    "ip": "142[.]4[.]60[.]242"
+                },
+                {
+                    "hashes": [
+                        "04f0e9827c423864e2f267f2fcfa8d31dbdfbe0d7b92d34f118d8e77b9597528",
+                        "072276d94f0ff3f700574cc3b84cbc65d41b0eaff2e83a5653edf6ff7fd2e0ba",
+                        "077d53918dccaae2871aa7b501da372a6673e15b4a4447051852d4e01f581a03",
+                        "112078a290c017e9c56a38a18d57e3507567836c7ecd55a29d43d06d8c4b2e87",
+                        "16a1a073d93a8d56001a694d04fed70b17019eb244670390c0946104656528f6",
+                        "1eac32099ccff0b55a138676e3ac291cb81c0cd2a573d6b5a013acbe5dc83536",
+                        "1fbd62875d486e68e80118228cdb356e243f00b0060f7dca195dd734778afa82",
+                        "2f8594a39a654c99514983d6dbf367258de39be75294668ac80c2f9b248fd9aa",
+                        "35d8e52e6d05dadf52f441971bb246d7d15e5a49f33626c91078dd1177d767b5",
+                        "3929cfbc0cb9cbe8be50104418169111b8ffdfdc58cf628560c61ea98adc7446",
+                        "3b41e6fb3c8ece6117e852bdcdba6b3ef494e7eb502787ac12045fabc3ec5609",
+                        "3c84e14224e65aa3a067c7b392e98037fc3672afc21fa02ef3ad3417e58c8e0f",
+                        "470fc19b55ecb8f7830c57763c22086d45e4bdbccbb410827da20f178d082eb1",
+                        "48fb31e3268057b2985bfe5455f5fe672169bc27c35b463266bac746af9e31e8",
+                        "4a86cbb357806bb557b9ef262e458fe051d14a4507f0cd23924b379e0e4f6b48",
+                        "52091dc21ec158cf6d1a3593beb7043d9b95831cb7524b7f537ba13361fe24d5",
+                        "56099780e1a7c1df6f8fe7b01f107b46bbe66025d492dfc7e72482dfc735113a",
+                        "575e01491c4d5a08c2a6e60747fc87824397884a187d335f399057f50ba421f5",
+                        "5ac7670fa52909cabebac7345330da2c85311efd3dbe89dd57bcc952c75b58fb",
+                        "6197022f055da5446b9e6e937373805a3d497fdd4159827e23fc3cff6d26a51b",
+                        "659b77581f815a025f1826468979f5fce066e7f2bc91393ee74bd71fbb62cf14",
+                        "6bf293de0f7a6a267278de0d1d9d5b814f24853a0c2c1e5b4ea0406c0762f6f9",
+                        "7069134c0a0b1055a8bf49d54812015b4c4eaf24d638be77ca9c2b53389dffeb",
+                        "7ca67b54493ec1fbf018e6f8da87d6d261ec7fdb9a17cf8327e28ce8c0ab97f4",
+                        "82fafc3ad44adb44bb8f4cc0205915a89b3dee6bfc1c84e4dc6a8b4c9c429e07",
+                        "8332cad289db9b2a133817901291d639742a6d17ee7d44694111655941ec2c1d",
+                        "880275a257523f16fb83b540e5e1f4489d751c6684cb6f10a605f76f70b08d3a",
+                        "89e73508b4da44c1b92b3c883f7ea4cacc9a689f14b42c6856b946f19b36ee3d",
+                        "9144fa8590d0bfd6b8d2aadcc182e26918c3d530e9cfac5df9ed9c74b49f3622",
+                        "91d31331456072dc5dd1c7f8e1a5de4f0c2e22e888a02006e267f76d919ad387",
+                        "9bbc0fe8ddcd656cab2b39f146ea8e57cb2496b8777266a528d7af3d5d3ef799",
+                        "9c4408d9e0a07492ab2995e82e7b9200d78f0243a8f39b6f13adcfde3547611e",
+                        "9f4c5694e674c829e242955febef9efb130ee87d8bb0caed1961a9cc39cf21ad",
+                        "af730f5170933c122bb4e9b8c50c596d150b45d670baba9ab4655e343c835e3d",
+                        "b3c3df072ff1aec9fff5f1b51bc8dcdcb656eeddceeb3c7643ed13d1d6760b4e",
+                        "b3db6584b32bda2b9bb77255ddcd4014e5dfcc1c4d2251d0677033d3a15cfa80",
+                        "b58b29b29b08569ac1e4dc89a41d765a9746a7fd13deebb76d6799e119a7dc81",
+                        "b889023e1c702a202486aae5d5ba7b4c22d8a497812420316db62bb485853c78",
+                        "ba7c302411d29424ac426051a867f8386f6e03abf7b83d385e3f028388dee559",
+                        "bcae3849ba57e0a0fed0f91d6f690361a98e1c5560c2f3144c6746d583cf5381",
+                        "be9755d7de1d78bd2c8bb957c80f199baf9630948b5e9e17eb54fd04a3646290",
+                        "db7e61f78c1334471f801f40e9f1c7b67a2a150b7bb1ea29b716debfc87e0d87",
+                        "dbdb416f2be2761c4acd105b87255e2e7feea28fcb6d77224b5e436eb5e0c492",
+                        "e2682e27b3ad24b9dadf235adc1e1484fcc1f3ad4127494ae291f729178899dd",
+                        "e5b34c78da584739945094d2543da674102a6e32f5d0c3e81923ce7a701ed824",
+                        "e7788132c06de65d834b5639a40606942ef6394b21350ae2fab19254f8f1bc75",
+                        "e9c00348e18aeb045f8e646f38b83c40b78bca943bfa5edba40ecb9e1794c5c3",
+                        "f3d49f47a5ef0861e8c98df6432ab96e4694f406bc892b80f4215d4db54c1a75",
+                        "f5b90919a1c59edf4148d0d42ac361c8d439b4926956ec5ddc25c9eabb3abc21"
+                    ],
+                    "ip": "203[.]157[.]142[.]2"
+                },
+                {
+                    "hashes": [
+                        "10ea6c280c20d3567453bda8c2af4794b867ad43d3e9c6e06fea328e8b1d4f5a",
+                        "112078a290c017e9c56a38a18d57e3507567836c7ecd55a29d43d06d8c4b2e87",
+                        "1953ca3ec2aa45a27077b21f7e464f497abfb4f1ae6a75eb62824e414db4c88b",
+                        "375d5f6b94dbc0b1bd46e46aae64b6cee43c2459af4a8c51e3bbe36b885cf216",
+                        "3929cfbc0cb9cbe8be50104418169111b8ffdfdc58cf628560c61ea98adc7446",
+                        "3977126c1a8ead71c700e64414dd4a97f1396fa97f6513650f0ae008f66e072f",
+                        "3a906ac6fc9c764876f897e70242d3614f988d629d68c35a0b13d1969ceba44a",
+                        "3c84e14224e65aa3a067c7b392e98037fc3672afc21fa02ef3ad3417e58c8e0f",
+                        "3e05620847484822b3a23a1250863b550732547923e88e14e64b8084bc24c0c6",
+                        "43fadbcf6b371f33f758f939b8ea7b524ade6a7753b41d7a5b3dad524add560f",
+                        "470fc19b55ecb8f7830c57763c22086d45e4bdbccbb410827da20f178d082eb1",
+                        "51d4c615066be53e24d1c2dc70bd9f5513f15ec615ec6b550945a5650d09035e",
+                        "572bab030a2a464bf15793e5dd3e2d84b8360e3bb07be0e8d2708e3025b6a2a3",
+                        "575e01491c4d5a08c2a6e60747fc87824397884a187d335f399057f50ba421f5",
+                        "5b5a3363903ac2fd810e4e1877ad59ebab5563e2740e4d970bc0c8ba4a471b08",
+                        "659b77581f815a025f1826468979f5fce066e7f2bc91393ee74bd71fbb62cf14",
+                        "65a2af1decd8c0a9209ce09d7eeb2088ae2007272e3a0ef6cfa90480d0871dba",
+                        "69fb5ba180985ff11e747db0bd46b177d9551503da46638ff5586ff90f7a6baf",
+                        "7069134c0a0b1055a8bf49d54812015b4c4eaf24d638be77ca9c2b53389dffeb",
+                        "712ecbe881c06855b483f0bbeaf7ea17db994363503a54b99cc416116ada4dba",
+                        "7815afe50beb666d59454975871bc89711d3be94367a2dc1aeef4d1490e027a8",
+                        "8332cad289db9b2a133817901291d639742a6d17ee7d44694111655941ec2c1d",
+                        "8558d6b9eade8d8efc56573f591d28bd15c09935e955448dae984dbc028ae5d3",
+                        "8904f02c9115f5ea25a3815595be1ac6d642c646786d053ceec0d17606677c17",
+                        "9144fa8590d0bfd6b8d2aadcc182e26918c3d530e9cfac5df9ed9c74b49f3622",
+                        "9772b6f8e9a3a4e3112ca3e5284bb1ee177bbb13fbb724a6e5c9f72801f2a5a6",
+                        "9bbc0fe8ddcd656cab2b39f146ea8e57cb2496b8777266a528d7af3d5d3ef799",
+                        "9bd458840202ac6a3e775d0b5bb14da65560c615a2a7ba6cc01f7b8a7fb75f8c",
+                        "9c4408d9e0a07492ab2995e82e7b9200d78f0243a8f39b6f13adcfde3547611e",
+                        "9c7646c2bc1fbbee103868c7a13b9dd2c1cb29b62950fbf5acc67404b38da9ef",
+                        "a0afe1c788bc4f1902f409b5c475b2da63166d33794d19ce76fe450c8c3cf0f3",
+                        "a1ff028ab0f1c0abdd2650837afdbc1f28dad905cccb802b7af72e439c6acba4",
+                        "a498beaab56b3c14562091c0ec732c4c5daeaf13754e9ec6e9b17f8292c9deb0",
+                        "b58b29b29b08569ac1e4dc89a41d765a9746a7fd13deebb76d6799e119a7dc81",
+                        "b6c5eebc72f7f175a7510d760e5aeffbfb77fa7d18cd707c57b47282cefb1b21",
+                        "c03e016df0ddc6fd937a52f97d3cc08b945046481578dfc2489e7208196cb468",
+                        "ca59f8e92dfefba36f5d601ffae6bb4ce3b5f05d1ff6c91d72461f475755d12e",
+                        "cca39eebc73390fc408f0070fd31a4fec405b4466c248adc5413bbc4b5b0308c",
+                        "d833f6e5ff1156e9c836dbc2e00f5d4431bc450a6dc36e4ebfab34a32e3741c0",
+                        "db92a789081585aa07f255036b5a862cf6d0ceb8a8aee45d93aa882db61d35f0",
+                        "e2827ceb2ca75fd7d6d81b031ff89f67ef273b25ad26afcf7218bee92edeba51",
+                        "e3ec3a1999c935c8dfb4922ed30353be3758696a4d7a336925f3f8b90315cd90",
+                        "e5b34c78da584739945094d2543da674102a6e32f5d0c3e81923ce7a701ed824",
+                        "e7723943562ecd4c1394fefcd7d0321cd50e26c10d15a8136b3d524d6ee8a33e",
+                        "f31698233389934cd18eaaed0d7fbafbe3cbe8738d1c493b492a26aa73a9c597",
+                        "f3d49f47a5ef0861e8c98df6432ab96e4694f406bc892b80f4215d4db54c1a75",
+                        "f47dd464b5285b40dc39e07e414a6737d0f6289337c7618270fd3a4f53745081",
+                        "f5b90919a1c59edf4148d0d42ac361c8d439b4926956ec5ddc25c9eabb3abc21",
+                        "f80065b055f780c8edb11b1871e74970c6abd0b5963966d470d09c060503a843"
+                    ],
+                    "ip": "176[.]31[.]181[.]76"
+                },
+                {
+                    "hashes": [
+                        "04f0e9827c423864e2f267f2fcfa8d31dbdfbe0d7b92d34f118d8e77b9597528",
+                        "077d53918dccaae2871aa7b501da372a6673e15b4a4447051852d4e01f581a03",
+                        "16a1a073d93a8d56001a694d04fed70b17019eb244670390c0946104656528f6",
+                        "1953ca3ec2aa45a27077b21f7e464f497abfb4f1ae6a75eb62824e414db4c88b",
+                        "1a2e5b01d2f1150064e73fedcf18de3a90f3950ae6c0a55697b2a87d723bffe2",
+                        "239051885f686e935ca2242165dc592c8e266e5eb72576c80d92a71fb558e83f",
+                        "3977126c1a8ead71c700e64414dd4a97f1396fa97f6513650f0ae008f66e072f",
+                        "3a906ac6fc9c764876f897e70242d3614f988d629d68c35a0b13d1969ceba44a",
+                        "3b41e6fb3c8ece6117e852bdcdba6b3ef494e7eb502787ac12045fabc3ec5609",
+                        "3c84e14224e65aa3a067c7b392e98037fc3672afc21fa02ef3ad3417e58c8e0f",
+                        "3cb111e6d531ae041de2efeac8587374f59526fa719460ad55faaacfb4936d99",
+                        "3e05620847484822b3a23a1250863b550732547923e88e14e64b8084bc24c0c6",
+                        "470fc19b55ecb8f7830c57763c22086d45e4bdbccbb410827da20f178d082eb1",
+                        "48fb31e3268057b2985bfe5455f5fe672169bc27c35b463266bac746af9e31e8",
+                        "4a86cbb357806bb557b9ef262e458fe051d14a4507f0cd23924b379e0e4f6b48",
+                        "51d4c615066be53e24d1c2dc70bd9f5513f15ec615ec6b550945a5650d09035e",
+                        "52091dc21ec158cf6d1a3593beb7043d9b95831cb7524b7f537ba13361fe24d5",
+                        "5244ea22ca67d2b4dacfcb7625f4658a4c92a9b5c90eeace1427e71582321e1a",
+                        "572bab030a2a464bf15793e5dd3e2d84b8360e3bb07be0e8d2708e3025b6a2a3",
+                        "5ac7670fa52909cabebac7345330da2c85311efd3dbe89dd57bcc952c75b58fb",
+                        "5cda9d95afad5d7cc4584f8788ff30a2270020b6d4c874589dc4715f5fb166cc",
+                        "6197022f055da5446b9e6e937373805a3d497fdd4159827e23fc3cff6d26a51b",
+                        "7440194e0b5ae29993d2f8571c8f7a83c029eeecf251a5e991fcd35e12108f61",
+                        "7815afe50beb666d59454975871bc89711d3be94367a2dc1aeef4d1490e027a8",
+                        "82fafc3ad44adb44bb8f4cc0205915a89b3dee6bfc1c84e4dc6a8b4c9c429e07",
+                        "858716274ebe0e1eaffbe79fe3ea0764b2ee48409d42669e5c8e61c3c9831ff9",
+                        "8904f02c9115f5ea25a3815595be1ac6d642c646786d053ceec0d17606677c17",
+                        "91d31331456072dc5dd1c7f8e1a5de4f0c2e22e888a02006e267f76d919ad387",
+                        "9c4408d9e0a07492ab2995e82e7b9200d78f0243a8f39b6f13adcfde3547611e",
+                        "9c7646c2bc1fbbee103868c7a13b9dd2c1cb29b62950fbf5acc67404b38da9ef",
+                        "9f7eabb50fcd7618c280d5639d6465fa87c3c2580495953f556d57da7242f515",
+                        "a210d0c79b879908b6b281722caf724f8e02b800ca7cffed17285574b1e73d4a",
+                        "a498beaab56b3c14562091c0ec732c4c5daeaf13754e9ec6e9b17f8292c9deb0",
+                        "af730f5170933c122bb4e9b8c50c596d150b45d670baba9ab4655e343c835e3d",
+                        "b58b29b29b08569ac1e4dc89a41d765a9746a7fd13deebb76d6799e119a7dc81",
+                        "bcae3849ba57e0a0fed0f91d6f690361a98e1c5560c2f3144c6746d583cf5381",
+                        "be9755d7de1d78bd2c8bb957c80f199baf9630948b5e9e17eb54fd04a3646290",
+                        "c828b4b562816f3a34ccbee1b804665f1aac2f8f487c39e5cecb751541b66713",
+                        "d833f6e5ff1156e9c836dbc2e00f5d4431bc450a6dc36e4ebfab34a32e3741c0",
+                        "db92a789081585aa07f255036b5a862cf6d0ceb8a8aee45d93aa882db61d35f0",
+                        "e2682e27b3ad24b9dadf235adc1e1484fcc1f3ad4127494ae291f729178899dd",
+                        "e2827ceb2ca75fd7d6d81b031ff89f67ef273b25ad26afcf7218bee92edeba51",
+                        "ef4ac67eb5d531a8b4a5a54b69e5afcd6a9dc30cfbda86fe571fc0e04af41e1b",
+                        "f106305a63851987e0f48556e1a61c2fa6035c3b569005761fa2ba0aa3a7c085",
+                        "f31698233389934cd18eaaed0d7fbafbe3cbe8738d1c493b492a26aa73a9c597",
+                        "f47dd464b5285b40dc39e07e414a6737d0f6289337c7618270fd3a4f53745081",
+                        "f75e8e0e0c7855400696c4dc9541bcd75a24f27676e9e4acf4146f434166a4b9",
+                        "f80065b055f780c8edb11b1871e74970c6abd0b5963966d470d09c060503a843"
+                    ],
+                    "ip": "188[.]165[.]192[.]116"
+                },
+                {
+                    "hashes": [
+                        "04f0e9827c423864e2f267f2fcfa8d31dbdfbe0d7b92d34f118d8e77b9597528",
+                        "10ea6c280c20d3567453bda8c2af4794b867ad43d3e9c6e06fea328e8b1d4f5a",
+                        "112078a290c017e9c56a38a18d57e3507567836c7ecd55a29d43d06d8c4b2e87",
+                        "16a1a073d93a8d56001a694d04fed70b17019eb244670390c0946104656528f6",
+                        "1953ca3ec2aa45a27077b21f7e464f497abfb4f1ae6a75eb62824e414db4c88b",
+                        "1a2e5b01d2f1150064e73fedcf18de3a90f3950ae6c0a55697b2a87d723bffe2",
+                        "1e8935e3c76df325b00eeb5e525ae4329de3ae64c991b9957327411740537b3c",
+                        "1eac32099ccff0b55a138676e3ac291cb81c0cd2a573d6b5a013acbe5dc83536",
+                        "2f8594a39a654c99514983d6dbf367258de39be75294668ac80c2f9b248fd9aa",
+                        "35d8e52e6d05dadf52f441971bb246d7d15e5a49f33626c91078dd1177d767b5",
+                        "3929cfbc0cb9cbe8be50104418169111b8ffdfdc58cf628560c61ea98adc7446",
+                        "3977126c1a8ead71c700e64414dd4a97f1396fa97f6513650f0ae008f66e072f",
+                        "3b41e6fb3c8ece6117e852bdcdba6b3ef494e7eb502787ac12045fabc3ec5609",
+                        "3cb111e6d531ae041de2efeac8587374f59526fa719460ad55faaacfb4936d99",
+                        "3cb808292a7a81b6ff25d497f25acad1e554d14806492bfefa1c1c7f204d405a",
+                        "4a86cbb357806bb557b9ef262e458fe051d14a4507f0cd23924b379e0e4f6b48",
+                        "51d4c615066be53e24d1c2dc70bd9f5513f15ec615ec6b550945a5650d09035e",
+                        "5244ea22ca67d2b4dacfcb7625f4658a4c92a9b5c90eeace1427e71582321e1a",
+                        "56099780e1a7c1df6f8fe7b01f107b46bbe66025d492dfc7e72482dfc735113a",
+                        "572bab030a2a464bf15793e5dd3e2d84b8360e3bb07be0e8d2708e3025b6a2a3",
+                        "575e01491c4d5a08c2a6e60747fc87824397884a187d335f399057f50ba421f5",
+                        "5b5a3363903ac2fd810e4e1877ad59ebab5563e2740e4d970bc0c8ba4a471b08",
+                        "5cda9d95afad5d7cc4584f8788ff30a2270020b6d4c874589dc4715f5fb166cc",
+                        "7069134c0a0b1055a8bf49d54812015b4c4eaf24d638be77ca9c2b53389dffeb",
+                        "71cbea725d64eb8055a0fb931b75cd3e917adb363af7ebdf12d22d0c149ecc1d",
+                        "7440194e0b5ae29993d2f8571c8f7a83c029eeecf251a5e991fcd35e12108f61",
+                        "7815afe50beb666d59454975871bc89711d3be94367a2dc1aeef4d1490e027a8",
+                        "8332cad289db9b2a133817901291d639742a6d17ee7d44694111655941ec2c1d",
+                        "91d31331456072dc5dd1c7f8e1a5de4f0c2e22e888a02006e267f76d919ad387",
+                        "9b5919486261f6182fca2fe05a6027ffecb0b21f85f8182ad0323983c3e64784",
+                        "9bbc0fe8ddcd656cab2b39f146ea8e57cb2496b8777266a528d7af3d5d3ef799",
+                        "9bd458840202ac6a3e775d0b5bb14da65560c615a2a7ba6cc01f7b8a7fb75f8c",
+                        "9c7646c2bc1fbbee103868c7a13b9dd2c1cb29b62950fbf5acc67404b38da9ef",
+                        "9f4c5694e674c829e242955febef9efb130ee87d8bb0caed1961a9cc39cf21ad",
+                        "9f7eabb50fcd7618c280d5639d6465fa87c3c2580495953f556d57da7242f515",
+                        "a1ff028ab0f1c0abdd2650837afdbc1f28dad905cccb802b7af72e439c6acba4",
+                        "a210d0c79b879908b6b281722caf724f8e02b800ca7cffed17285574b1e73d4a",
+                        "b3c3df072ff1aec9fff5f1b51bc8dcdcb656eeddceeb3c7643ed13d1d6760b4e",
+                        "b3db6584b32bda2b9bb77255ddcd4014e5dfcc1c4d2251d0677033d3a15cfa80",
+                        "b889023e1c702a202486aae5d5ba7b4c22d8a497812420316db62bb485853c78",
+                        "c03e016df0ddc6fd937a52f97d3cc08b945046481578dfc2489e7208196cb468",
+                        "db92a789081585aa07f255036b5a862cf6d0ceb8a8aee45d93aa882db61d35f0",
+                        "e2827ceb2ca75fd7d6d81b031ff89f67ef273b25ad26afcf7218bee92edeba51",
+                        "e3ec3a1999c935c8dfb4922ed30353be3758696a4d7a336925f3f8b90315cd90",
+                        "e9c00348e18aeb045f8e646f38b83c40b78bca943bfa5edba40ecb9e1794c5c3",
+                        "ef4ac67eb5d531a8b4a5a54b69e5afcd6a9dc30cfbda86fe571fc0e04af41e1b",
+                        "f31698233389934cd18eaaed0d7fbafbe3cbe8738d1c493b492a26aa73a9c597",
+                        "f47dd464b5285b40dc39e07e414a6737d0f6289337c7618270fd3a4f53745081"
+                    ],
+                    "ip": "113[.]53[.]247[.]147"
+                },
+                {
+                    "hashes": [
+                        "04f0e9827c423864e2f267f2fcfa8d31dbdfbe0d7b92d34f118d8e77b9597528",
+                        "072276d94f0ff3f700574cc3b84cbc65d41b0eaff2e83a5653edf6ff7fd2e0ba",
+                        "077d53918dccaae2871aa7b501da372a6673e15b4a4447051852d4e01f581a03",
+                        "0c47e6afcb8c3354a181e8bda0512ca65d7a5b5c0541da879994c787ab4530e1",
+                        "10ea6c280c20d3567453bda8c2af4794b867ad43d3e9c6e06fea328e8b1d4f5a",
+                        "112078a290c017e9c56a38a18d57e3507567836c7ecd55a29d43d06d8c4b2e87",
+                        "1953ca3ec2aa45a27077b21f7e464f497abfb4f1ae6a75eb62824e414db4c88b",
+                        "1e8935e3c76df325b00eeb5e525ae4329de3ae64c991b9957327411740537b3c",
+                        "1eac32099ccff0b55a138676e3ac291cb81c0cd2a573d6b5a013acbe5dc83536",
+                        "1fbd62875d486e68e80118228cdb356e243f00b0060f7dca195dd734778afa82",
+                        "239051885f686e935ca2242165dc592c8e266e5eb72576c80d92a71fb558e83f",
+                        "35d8e52e6d05dadf52f441971bb246d7d15e5a49f33626c91078dd1177d767b5",
+                        "3b41e6fb3c8ece6117e852bdcdba6b3ef494e7eb502787ac12045fabc3ec5609",
+                        "3e05620847484822b3a23a1250863b550732547923e88e14e64b8084bc24c0c6",
+                        "51d4c615066be53e24d1c2dc70bd9f5513f15ec615ec6b550945a5650d09035e",
+                        "56099780e1a7c1df6f8fe7b01f107b46bbe66025d492dfc7e72482dfc735113a",
+                        "575e01491c4d5a08c2a6e60747fc87824397884a187d335f399057f50ba421f5",
+                        "659b77581f815a025f1826468979f5fce066e7f2bc91393ee74bd71fbb62cf14",
+                        "674937c7fea9937d3157090a4358a53d21b45cf0bbe67b76e5d1adcda87df931",
+                        "69fb5ba180985ff11e747db0bd46b177d9551503da46638ff5586ff90f7a6baf",
+                        "6bf293de0f7a6a267278de0d1d9d5b814f24853a0c2c1e5b4ea0406c0762f6f9",
+                        "7069134c0a0b1055a8bf49d54812015b4c4eaf24d638be77ca9c2b53389dffeb",
+                        "7440194e0b5ae29993d2f8571c8f7a83c029eeecf251a5e991fcd35e12108f61",
+                        "7ca67b54493ec1fbf018e6f8da87d6d261ec7fdb9a17cf8327e28ce8c0ab97f4",
+                        "8558d6b9eade8d8efc56573f591d28bd15c09935e955448dae984dbc028ae5d3",
+                        "880275a257523f16fb83b540e5e1f4489d751c6684cb6f10a605f76f70b08d3a",
+                        "89e73508b4da44c1b92b3c883f7ea4cacc9a689f14b42c6856b946f19b36ee3d",
+                        "91d31331456072dc5dd1c7f8e1a5de4f0c2e22e888a02006e267f76d919ad387",
+                        "9772b6f8e9a3a4e3112ca3e5284bb1ee177bbb13fbb724a6e5c9f72801f2a5a6",
+                        "9c7646c2bc1fbbee103868c7a13b9dd2c1cb29b62950fbf5acc67404b38da9ef",
+                        "a0afe1c788bc4f1902f409b5c475b2da63166d33794d19ce76fe450c8c3cf0f3",
+                        "a498beaab56b3c14562091c0ec732c4c5daeaf13754e9ec6e9b17f8292c9deb0",
+                        "b3c3df072ff1aec9fff5f1b51bc8dcdcb656eeddceeb3c7643ed13d1d6760b4e",
+                        "b6c5eebc72f7f175a7510d760e5aeffbfb77fa7d18cd707c57b47282cefb1b21",
+                        "b889023e1c702a202486aae5d5ba7b4c22d8a497812420316db62bb485853c78",
+                        "ba7c302411d29424ac426051a867f8386f6e03abf7b83d385e3f028388dee559",
+                        "c03e016df0ddc6fd937a52f97d3cc08b945046481578dfc2489e7208196cb468",
+                        "c828b4b562816f3a34ccbee1b804665f1aac2f8f487c39e5cecb751541b66713",
+                        "ca59f8e92dfefba36f5d601ffae6bb4ce3b5f05d1ff6c91d72461f475755d12e",
+                        "cca39eebc73390fc408f0070fd31a4fec405b4466c248adc5413bbc4b5b0308c",
+                        "db7e61f78c1334471f801f40e9f1c7b67a2a150b7bb1ea29b716debfc87e0d87",
+                        "dbdb416f2be2761c4acd105b87255e2e7feea28fcb6d77224b5e436eb5e0c492",
+                        "e344a020eb2b9e8f7849e6190250d881ce7ed68e89b447d47afba5fc34206895",
+                        "e3ec3a1999c935c8dfb4922ed30353be3758696a4d7a336925f3f8b90315cd90",
+                        "ef4ac67eb5d531a8b4a5a54b69e5afcd6a9dc30cfbda86fe571fc0e04af41e1b",
+                        "f31698233389934cd18eaaed0d7fbafbe3cbe8738d1c493b492a26aa73a9c597"
+                    ],
+                    "ip": "76[.]74[.]184[.]127"
+                },
+                {
+                    "hashes": [
+                        "04f0e9827c423864e2f267f2fcfa8d31dbdfbe0d7b92d34f118d8e77b9597528",
+                        "077d53918dccaae2871aa7b501da372a6673e15b4a4447051852d4e01f581a03",
+                        "10ea6c280c20d3567453bda8c2af4794b867ad43d3e9c6e06fea328e8b1d4f5a",
+                        "1a2e5b01d2f1150064e73fedcf18de3a90f3950ae6c0a55697b2a87d723bffe2",
+                        "1e8935e3c76df325b00eeb5e525ae4329de3ae64c991b9957327411740537b3c",
+                        "1fbd62875d486e68e80118228cdb356e243f00b0060f7dca195dd734778afa82",
+                        "239051885f686e935ca2242165dc592c8e266e5eb72576c80d92a71fb558e83f",
+                        "35d8e52e6d05dadf52f441971bb246d7d15e5a49f33626c91078dd1177d767b5",
+                        "375d5f6b94dbc0b1bd46e46aae64b6cee43c2459af4a8c51e3bbe36b885cf216",
+                        "3977126c1a8ead71c700e64414dd4a97f1396fa97f6513650f0ae008f66e072f",
+                        "3c84e14224e65aa3a067c7b392e98037fc3672afc21fa02ef3ad3417e58c8e0f",
+                        "3cb111e6d531ae041de2efeac8587374f59526fa719460ad55faaacfb4936d99",
+                        "3cb808292a7a81b6ff25d497f25acad1e554d14806492bfefa1c1c7f204d405a",
+                        "43fadbcf6b371f33f758f939b8ea7b524ade6a7753b41d7a5b3dad524add560f",
+                        "48fb31e3268057b2985bfe5455f5fe672169bc27c35b463266bac746af9e31e8",
+                        "51d4c615066be53e24d1c2dc70bd9f5513f15ec615ec6b550945a5650d09035e",
+                        "52091dc21ec158cf6d1a3593beb7043d9b95831cb7524b7f537ba13361fe24d5",
+                        "56099780e1a7c1df6f8fe7b01f107b46bbe66025d492dfc7e72482dfc735113a",
+                        "5ac7670fa52909cabebac7345330da2c85311efd3dbe89dd57bcc952c75b58fb",
+                        "5cda9d95afad5d7cc4584f8788ff30a2270020b6d4c874589dc4715f5fb166cc",
+                        "712ecbe881c06855b483f0bbeaf7ea17db994363503a54b99cc416116ada4dba",
+                        "71cbea725d64eb8055a0fb931b75cd3e917adb363af7ebdf12d22d0c149ecc1d",
+                        "7440194e0b5ae29993d2f8571c8f7a83c029eeecf251a5e991fcd35e12108f61",
+                        "82fafc3ad44adb44bb8f4cc0205915a89b3dee6bfc1c84e4dc6a8b4c9c429e07",
+                        "8332cad289db9b2a133817901291d639742a6d17ee7d44694111655941ec2c1d",
+                        "91c7ff92f3938267720a28e9c995125500aeb78e82714220688d3da95612c15a",
+                        "91d31331456072dc5dd1c7f8e1a5de4f0c2e22e888a02006e267f76d919ad387",
+                        "9772b6f8e9a3a4e3112ca3e5284bb1ee177bbb13fbb724a6e5c9f72801f2a5a6",
+                        "9f7eabb50fcd7618c280d5639d6465fa87c3c2580495953f556d57da7242f515",
+                        "a0afe1c788bc4f1902f409b5c475b2da63166d33794d19ce76fe450c8c3cf0f3",
+                        "a1ff028ab0f1c0abdd2650837afdbc1f28dad905cccb802b7af72e439c6acba4",
+                        "af730f5170933c122bb4e9b8c50c596d150b45d670baba9ab4655e343c835e3d",
+                        "b3c3df072ff1aec9fff5f1b51bc8dcdcb656eeddceeb3c7643ed13d1d6760b4e",
+                        "b3db6584b32bda2b9bb77255ddcd4014e5dfcc1c4d2251d0677033d3a15cfa80",
+                        "be9755d7de1d78bd2c8bb957c80f199baf9630948b5e9e17eb54fd04a3646290",
+                        "c03e016df0ddc6fd937a52f97d3cc08b945046481578dfc2489e7208196cb468",
+                        "ca59f8e92dfefba36f5d601ffae6bb4ce3b5f05d1ff6c91d72461f475755d12e",
+                        "d833f6e5ff1156e9c836dbc2e00f5d4431bc450a6dc36e4ebfab34a32e3741c0",
+                        "db7e61f78c1334471f801f40e9f1c7b67a2a150b7bb1ea29b716debfc87e0d87",
+                        "e2682e27b3ad24b9dadf235adc1e1484fcc1f3ad4127494ae291f729178899dd",
+                        "e344a020eb2b9e8f7849e6190250d881ce7ed68e89b447d47afba5fc34206895",
+                        "e3ec3a1999c935c8dfb4922ed30353be3758696a4d7a336925f3f8b90315cd90",
+                        "e7723943562ecd4c1394fefcd7d0321cd50e26c10d15a8136b3d524d6ee8a33e",
+                        "e7788132c06de65d834b5639a40606942ef6394b21350ae2fab19254f8f1bc75",
+                        "f3d49f47a5ef0861e8c98df6432ab96e4694f406bc892b80f4215d4db54c1a75",
+                        "f80065b055f780c8edb11b1871e74970c6abd0b5963966d470d09c060503a843"
+                    ],
+                    "ip": "94[.]32[.]67[.]214"
+                },
+                {
+                    "hashes": [
+                        "072276d94f0ff3f700574cc3b84cbc65d41b0eaff2e83a5653edf6ff7fd2e0ba",
+                        "112078a290c017e9c56a38a18d57e3507567836c7ecd55a29d43d06d8c4b2e87",
+                        "1e8935e3c76df325b00eeb5e525ae4329de3ae64c991b9957327411740537b3c",
+                        "239051885f686e935ca2242165dc592c8e266e5eb72576c80d92a71fb558e83f",
+                        "35d8e52e6d05dadf52f441971bb246d7d15e5a49f33626c91078dd1177d767b5",
+                        "3929cfbc0cb9cbe8be50104418169111b8ffdfdc58cf628560c61ea98adc7446",
+                        "3c84e14224e65aa3a067c7b392e98037fc3672afc21fa02ef3ad3417e58c8e0f",
+                        "3cb111e6d531ae041de2efeac8587374f59526fa719460ad55faaacfb4936d99",
+                        "3cb808292a7a81b6ff25d497f25acad1e554d14806492bfefa1c1c7f204d405a",
+                        "3e05620847484822b3a23a1250863b550732547923e88e14e64b8084bc24c0c6",
+                        "572bab030a2a464bf15793e5dd3e2d84b8360e3bb07be0e8d2708e3025b6a2a3",
+                        "5ac7670fa52909cabebac7345330da2c85311efd3dbe89dd57bcc952c75b58fb",
+                        "65a2af1decd8c0a9209ce09d7eeb2088ae2007272e3a0ef6cfa90480d0871dba",
+                        "674937c7fea9937d3157090a4358a53d21b45cf0bbe67b76e5d1adcda87df931",
+                        "712ecbe881c06855b483f0bbeaf7ea17db994363503a54b99cc416116ada4dba",
+                        "71cbea725d64eb8055a0fb931b75cd3e917adb363af7ebdf12d22d0c149ecc1d",
+                        "7440194e0b5ae29993d2f8571c8f7a83c029eeecf251a5e991fcd35e12108f61",
+                        "7815afe50beb666d59454975871bc89711d3be94367a2dc1aeef4d1490e027a8",
+                        "8558d6b9eade8d8efc56573f591d28bd15c09935e955448dae984dbc028ae5d3",
+                        "858716274ebe0e1eaffbe79fe3ea0764b2ee48409d42669e5c8e61c3c9831ff9",
+                        "8904f02c9115f5ea25a3815595be1ac6d642c646786d053ceec0d17606677c17",
+                        "91c7ff92f3938267720a28e9c995125500aeb78e82714220688d3da95612c15a",
+                        "9772b6f8e9a3a4e3112ca3e5284bb1ee177bbb13fbb724a6e5c9f72801f2a5a6",
+                        "9b5919486261f6182fca2fe05a6027ffecb0b21f85f8182ad0323983c3e64784",
+                        "9bbc0fe8ddcd656cab2b39f146ea8e57cb2496b8777266a528d7af3d5d3ef799",
+                        "9c7646c2bc1fbbee103868c7a13b9dd2c1cb29b62950fbf5acc67404b38da9ef",
+                        "9f4c5694e674c829e242955febef9efb130ee87d8bb0caed1961a9cc39cf21ad",
+                        "9f7eabb50fcd7618c280d5639d6465fa87c3c2580495953f556d57da7242f515",
+                        "a0afe1c788bc4f1902f409b5c475b2da63166d33794d19ce76fe450c8c3cf0f3",
+                        "af730f5170933c122bb4e9b8c50c596d150b45d670baba9ab4655e343c835e3d",
+                        "b3c3df072ff1aec9fff5f1b51bc8dcdcb656eeddceeb3c7643ed13d1d6760b4e",
+                        "b3db6584b32bda2b9bb77255ddcd4014e5dfcc1c4d2251d0677033d3a15cfa80",
+                        "bcae3849ba57e0a0fed0f91d6f690361a98e1c5560c2f3144c6746d583cf5381",
+                        "c828b4b562816f3a34ccbee1b804665f1aac2f8f487c39e5cecb751541b66713",
+                        "ca59f8e92dfefba36f5d601ffae6bb4ce3b5f05d1ff6c91d72461f475755d12e",
+                        "cca39eebc73390fc408f0070fd31a4fec405b4466c248adc5413bbc4b5b0308c",
+                        "db7e61f78c1334471f801f40e9f1c7b67a2a150b7bb1ea29b716debfc87e0d87",
+                        "db92a789081585aa07f255036b5a862cf6d0ceb8a8aee45d93aa882db61d35f0",
+                        "e2682e27b3ad24b9dadf235adc1e1484fcc1f3ad4127494ae291f729178899dd",
+                        "e7723943562ecd4c1394fefcd7d0321cd50e26c10d15a8136b3d524d6ee8a33e",
+                        "f47dd464b5285b40dc39e07e414a6737d0f6289337c7618270fd3a4f53745081",
+                        "f5b90919a1c59edf4148d0d42ac361c8d439b4926956ec5ddc25c9eabb3abc21",
+                        "f75e8e0e0c7855400696c4dc9541bcd75a24f27676e9e4acf4146f434166a4b9",
+                        "f80065b055f780c8edb11b1871e74970c6abd0b5963966d470d09c060503a843"
+                    ],
+                    "ip": "82[.]150[.]199[.]140"
+                },
+                {
+                    "hashes": [
+                        "04f0e9827c423864e2f267f2fcfa8d31dbdfbe0d7b92d34f118d8e77b9597528",
+                        "112078a290c017e9c56a38a18d57e3507567836c7ecd55a29d43d06d8c4b2e87",
+                        "16a1a073d93a8d56001a694d04fed70b17019eb244670390c0946104656528f6",
+                        "239051885f686e935ca2242165dc592c8e266e5eb72576c80d92a71fb558e83f",
+                        "3929cfbc0cb9cbe8be50104418169111b8ffdfdc58cf628560c61ea98adc7446",
+                        "3a906ac6fc9c764876f897e70242d3614f988d629d68c35a0b13d1969ceba44a",
+                        "3e05620847484822b3a23a1250863b550732547923e88e14e64b8084bc24c0c6",
+                        "43fadbcf6b371f33f758f939b8ea7b524ade6a7753b41d7a5b3dad524add560f",
+                        "470fc19b55ecb8f7830c57763c22086d45e4bdbccbb410827da20f178d082eb1",
+                        "48fb31e3268057b2985bfe5455f5fe672169bc27c35b463266bac746af9e31e8",
+                        "51d4c615066be53e24d1c2dc70bd9f5513f15ec615ec6b550945a5650d09035e",
+                        "52091dc21ec158cf6d1a3593beb7043d9b95831cb7524b7f537ba13361fe24d5",
+                        "5244ea22ca67d2b4dacfcb7625f4658a4c92a9b5c90eeace1427e71582321e1a",
+                        "65a2af1decd8c0a9209ce09d7eeb2088ae2007272e3a0ef6cfa90480d0871dba",
+                        "674937c7fea9937d3157090a4358a53d21b45cf0bbe67b76e5d1adcda87df931",
+                        "71cbea725d64eb8055a0fb931b75cd3e917adb363af7ebdf12d22d0c149ecc1d",
+                        "858716274ebe0e1eaffbe79fe3ea0764b2ee48409d42669e5c8e61c3c9831ff9",
+                        "91d31331456072dc5dd1c7f8e1a5de4f0c2e22e888a02006e267f76d919ad387",
+                        "9c4408d9e0a07492ab2995e82e7b9200d78f0243a8f39b6f13adcfde3547611e",
+                        "9f4c5694e674c829e242955febef9efb130ee87d8bb0caed1961a9cc39cf21ad",
+                        "9f7eabb50fcd7618c280d5639d6465fa87c3c2580495953f556d57da7242f515",
+                        "a0afe1c788bc4f1902f409b5c475b2da63166d33794d19ce76fe450c8c3cf0f3",
+                        "a1ff028ab0f1c0abdd2650837afdbc1f28dad905cccb802b7af72e439c6acba4",
+                        "a210d0c79b879908b6b281722caf724f8e02b800ca7cffed17285574b1e73d4a",
+                        "a498beaab56b3c14562091c0ec732c4c5daeaf13754e9ec6e9b17f8292c9deb0",
+                        "b58b29b29b08569ac1e4dc89a41d765a9746a7fd13deebb76d6799e119a7dc81",
+                        "b6c5eebc72f7f175a7510d760e5aeffbfb77fa7d18cd707c57b47282cefb1b21",
+                        "b889023e1c702a202486aae5d5ba7b4c22d8a497812420316db62bb485853c78",
+                        "ba7c302411d29424ac426051a867f8386f6e03abf7b83d385e3f028388dee559",
+                        "be9755d7de1d78bd2c8bb957c80f199baf9630948b5e9e17eb54fd04a3646290",
+                        "ca59f8e92dfefba36f5d601ffae6bb4ce3b5f05d1ff6c91d72461f475755d12e",
+                        "d833f6e5ff1156e9c836dbc2e00f5d4431bc450a6dc36e4ebfab34a32e3741c0",
+                        "e2682e27b3ad24b9dadf235adc1e1484fcc1f3ad4127494ae291f729178899dd",
+                        "e2827ceb2ca75fd7d6d81b031ff89f67ef273b25ad26afcf7218bee92edeba51",
+                        "e344a020eb2b9e8f7849e6190250d881ce7ed68e89b447d47afba5fc34206895",
+                        "e3ec3a1999c935c8dfb4922ed30353be3758696a4d7a336925f3f8b90315cd90",
+                        "e9c00348e18aeb045f8e646f38b83c40b78bca943bfa5edba40ecb9e1794c5c3",
+                        "f5b90919a1c59edf4148d0d42ac361c8d439b4926956ec5ddc25c9eabb3abc21",
+                        "f75e8e0e0c7855400696c4dc9541bcd75a24f27676e9e4acf4146f434166a4b9"
+                    ],
+                    "ip": "92[.]240[.]232[.]232"
+                },
+                {
+                    "hashes": [
+                        "077d53918dccaae2871aa7b501da372a6673e15b4a4447051852d4e01f581a03",
+                        "112078a290c017e9c56a38a18d57e3507567836c7ecd55a29d43d06d8c4b2e87",
+                        "1953ca3ec2aa45a27077b21f7e464f497abfb4f1ae6a75eb62824e414db4c88b",
+                        "1a2e5b01d2f1150064e73fedcf18de3a90f3950ae6c0a55697b2a87d723bffe2",
+                        "1e8935e3c76df325b00eeb5e525ae4329de3ae64c991b9957327411740537b3c",
+                        "239051885f686e935ca2242165dc592c8e266e5eb72576c80d92a71fb558e83f",
+                        "2f8594a39a654c99514983d6dbf367258de39be75294668ac80c2f9b248fd9aa",
+                        "3929cfbc0cb9cbe8be50104418169111b8ffdfdc58cf628560c61ea98adc7446",
+                        "3977126c1a8ead71c700e64414dd4a97f1396fa97f6513650f0ae008f66e072f",
+                        "3b41e6fb3c8ece6117e852bdcdba6b3ef494e7eb502787ac12045fabc3ec5609",
+                        "3c84e14224e65aa3a067c7b392e98037fc3672afc21fa02ef3ad3417e58c8e0f",
+                        "3cb111e6d531ae041de2efeac8587374f59526fa719460ad55faaacfb4936d99",
+                        "3e05620847484822b3a23a1250863b550732547923e88e14e64b8084bc24c0c6"
+                    ],
+                    "ip": "37[.]59[.]82[.]218"
+                },
+                {
+                    "hashes": [
+                        "077d53918dccaae2871aa7b501da372a6673e15b4a4447051852d4e01f581a03",
+                        "0c47e6afcb8c3354a181e8bda0512ca65d7a5b5c0541da879994c787ab4530e1",
+                        "16a1a073d93a8d56001a694d04fed70b17019eb244670390c0946104656528f6",
+                        "1a2e5b01d2f1150064e73fedcf18de3a90f3950ae6c0a55697b2a87d723bffe2",
+                        "1fbd62875d486e68e80118228cdb356e243f00b0060f7dca195dd734778afa82",
+                        "2f8594a39a654c99514983d6dbf367258de39be75294668ac80c2f9b248fd9aa",
+                        "375d5f6b94dbc0b1bd46e46aae64b6cee43c2459af4a8c51e3bbe36b885cf216",
+                        "3977126c1a8ead71c700e64414dd4a97f1396fa97f6513650f0ae008f66e072f",
+                        "3b41e6fb3c8ece6117e852bdcdba6b3ef494e7eb502787ac12045fabc3ec5609",
+                        "3cb111e6d531ae041de2efeac8587374f59526fa719460ad55faaacfb4936d99",
+                        "43fadbcf6b371f33f758f939b8ea7b524ade6a7753b41d7a5b3dad524add560f"
+                    ],
+                    "ip": "50[.]57[.]139[.]41"
+                }
+            ],
+            "mutex": [
+                {
+                    "hashes": [
+                        "04f0e9827c423864e2f267f2fcfa8d31dbdfbe0d7b92d34f118d8e77b9597528",
+                        "072276d94f0ff3f700574cc3b84cbc65d41b0eaff2e83a5653edf6ff7fd2e0ba",
+                        "077d53918dccaae2871aa7b501da372a6673e15b4a4447051852d4e01f581a03",
+                        "0c47e6afcb8c3354a181e8bda0512ca65d7a5b5c0541da879994c787ab4530e1",
+                        "10ea6c280c20d3567453bda8c2af4794b867ad43d3e9c6e06fea328e8b1d4f5a",
+                        "112078a290c017e9c56a38a18d57e3507567836c7ecd55a29d43d06d8c4b2e87",
+                        "16a1a073d93a8d56001a694d04fed70b17019eb244670390c0946104656528f6",
+                        "1953ca3ec2aa45a27077b21f7e464f497abfb4f1ae6a75eb62824e414db4c88b",
+                        "1a2e5b01d2f1150064e73fedcf18de3a90f3950ae6c0a55697b2a87d723bffe2",
+                        "1e8935e3c76df325b00eeb5e525ae4329de3ae64c991b9957327411740537b3c",
+                        "1eac32099ccff0b55a138676e3ac291cb81c0cd2a573d6b5a013acbe5dc83536",
+                        "1fbd62875d486e68e80118228cdb356e243f00b0060f7dca195dd734778afa82",
+                        "239051885f686e935ca2242165dc592c8e266e5eb72576c80d92a71fb558e83f",
+                        "2f8594a39a654c99514983d6dbf367258de39be75294668ac80c2f9b248fd9aa",
+                        "35d8e52e6d05dadf52f441971bb246d7d15e5a49f33626c91078dd1177d767b5",
+                        "375d5f6b94dbc0b1bd46e46aae64b6cee43c2459af4a8c51e3bbe36b885cf216",
+                        "3929cfbc0cb9cbe8be50104418169111b8ffdfdc58cf628560c61ea98adc7446",
+                        "3977126c1a8ead71c700e64414dd4a97f1396fa97f6513650f0ae008f66e072f",
+                        "3a906ac6fc9c764876f897e70242d3614f988d629d68c35a0b13d1969ceba44a",
+                        "3b41e6fb3c8ece6117e852bdcdba6b3ef494e7eb502787ac12045fabc3ec5609",
+                        "3c84e14224e65aa3a067c7b392e98037fc3672afc21fa02ef3ad3417e58c8e0f",
+                        "3cb111e6d531ae041de2efeac8587374f59526fa719460ad55faaacfb4936d99",
+                        "3cb808292a7a81b6ff25d497f25acad1e554d14806492bfefa1c1c7f204d405a",
+                        "3e05620847484822b3a23a1250863b550732547923e88e14e64b8084bc24c0c6",
+                        "43fadbcf6b371f33f758f939b8ea7b524ade6a7753b41d7a5b3dad524add560f",
+                        "470fc19b55ecb8f7830c57763c22086d45e4bdbccbb410827da20f178d082eb1",
+                        "48fb31e3268057b2985bfe5455f5fe672169bc27c35b463266bac746af9e31e8",
+                        "4a86cbb357806bb557b9ef262e458fe051d14a4507f0cd23924b379e0e4f6b48",
+                        "51d4c615066be53e24d1c2dc70bd9f5513f15ec615ec6b550945a5650d09035e",
+                        "52091dc21ec158cf6d1a3593beb7043d9b95831cb7524b7f537ba13361fe24d5",
+                        "5244ea22ca67d2b4dacfcb7625f4658a4c92a9b5c90eeace1427e71582321e1a",
+                        "56099780e1a7c1df6f8fe7b01f107b46bbe66025d492dfc7e72482dfc735113a",
+                        "572bab030a2a464bf15793e5dd3e2d84b8360e3bb07be0e8d2708e3025b6a2a3",
+                        "575e01491c4d5a08c2a6e60747fc87824397884a187d335f399057f50ba421f5",
+                        "5ac7670fa52909cabebac7345330da2c85311efd3dbe89dd57bcc952c75b58fb",
+                        "5b5a3363903ac2fd810e4e1877ad59ebab5563e2740e4d970bc0c8ba4a471b08",
+                        "5cda9d95afad5d7cc4584f8788ff30a2270020b6d4c874589dc4715f5fb166cc",
+                        "6197022f055da5446b9e6e937373805a3d497fdd4159827e23fc3cff6d26a51b",
+                        "659b77581f815a025f1826468979f5fce066e7f2bc91393ee74bd71fbb62cf14",
+                        "65a2af1decd8c0a9209ce09d7eeb2088ae2007272e3a0ef6cfa90480d0871dba",
+                        "674937c7fea9937d3157090a4358a53d21b45cf0bbe67b76e5d1adcda87df931",
+                        "69fb5ba180985ff11e747db0bd46b177d9551503da46638ff5586ff90f7a6baf",
+                        "6bf293de0f7a6a267278de0d1d9d5b814f24853a0c2c1e5b4ea0406c0762f6f9",
+                        "7069134c0a0b1055a8bf49d54812015b4c4eaf24d638be77ca9c2b53389dffeb",
+                        "712ecbe881c06855b483f0bbeaf7ea17db994363503a54b99cc416116ada4dba",
+                        "71cbea725d64eb8055a0fb931b75cd3e917adb363af7ebdf12d22d0c149ecc1d",
+                        "7440194e0b5ae29993d2f8571c8f7a83c029eeecf251a5e991fcd35e12108f61",
+                        "7815afe50beb666d59454975871bc89711d3be94367a2dc1aeef4d1490e027a8",
+                        "7ca67b54493ec1fbf018e6f8da87d6d261ec7fdb9a17cf8327e28ce8c0ab97f4",
+                        "82fafc3ad44adb44bb8f4cc0205915a89b3dee6bfc1c84e4dc6a8b4c9c429e07",
+                        "8332cad289db9b2a133817901291d639742a6d17ee7d44694111655941ec2c1d",
+                        "8558d6b9eade8d8efc56573f591d28bd15c09935e955448dae984dbc028ae5d3",
+                        "858716274ebe0e1eaffbe79fe3ea0764b2ee48409d42669e5c8e61c3c9831ff9",
+                        "880275a257523f16fb83b540e5e1f4489d751c6684cb6f10a605f76f70b08d3a",
+                        "8904f02c9115f5ea25a3815595be1ac6d642c646786d053ceec0d17606677c17",
+                        "89e73508b4da44c1b92b3c883f7ea4cacc9a689f14b42c6856b946f19b36ee3d",
+                        "9144fa8590d0bfd6b8d2aadcc182e26918c3d530e9cfac5df9ed9c74b49f3622",
+                        "91c7ff92f3938267720a28e9c995125500aeb78e82714220688d3da95612c15a",
+                        "91d31331456072dc5dd1c7f8e1a5de4f0c2e22e888a02006e267f76d919ad387",
+                        "9772b6f8e9a3a4e3112ca3e5284bb1ee177bbb13fbb724a6e5c9f72801f2a5a6",
+                        "9b5919486261f6182fca2fe05a6027ffecb0b21f85f8182ad0323983c3e64784",
+                        "9bbc0fe8ddcd656cab2b39f146ea8e57cb2496b8777266a528d7af3d5d3ef799",
+                        "9bd458840202ac6a3e775d0b5bb14da65560c615a2a7ba6cc01f7b8a7fb75f8c",
+                        "9c4408d9e0a07492ab2995e82e7b9200d78f0243a8f39b6f13adcfde3547611e",
+                        "9c7646c2bc1fbbee103868c7a13b9dd2c1cb29b62950fbf5acc67404b38da9ef",
+                        "9f4c5694e674c829e242955febef9efb130ee87d8bb0caed1961a9cc39cf21ad",
+                        "9f7eabb50fcd7618c280d5639d6465fa87c3c2580495953f556d57da7242f515",
+                        "a0afe1c788bc4f1902f409b5c475b2da63166d33794d19ce76fe450c8c3cf0f3",
+                        "a1ff028ab0f1c0abdd2650837afdbc1f28dad905cccb802b7af72e439c6acba4",
+                        "a210d0c79b879908b6b281722caf724f8e02b800ca7cffed17285574b1e73d4a",
+                        "a498beaab56b3c14562091c0ec732c4c5daeaf13754e9ec6e9b17f8292c9deb0",
+                        "af730f5170933c122bb4e9b8c50c596d150b45d670baba9ab4655e343c835e3d",
+                        "b3c3df072ff1aec9fff5f1b51bc8dcdcb656eeddceeb3c7643ed13d1d6760b4e",
+                        "b3db6584b32bda2b9bb77255ddcd4014e5dfcc1c4d2251d0677033d3a15cfa80",
+                        "b58b29b29b08569ac1e4dc89a41d765a9746a7fd13deebb76d6799e119a7dc81",
+                        "b6c5eebc72f7f175a7510d760e5aeffbfb77fa7d18cd707c57b47282cefb1b21",
+                        "b889023e1c702a202486aae5d5ba7b4c22d8a497812420316db62bb485853c78",
+                        "ba7c302411d29424ac426051a867f8386f6e03abf7b83d385e3f028388dee559",
+                        "bcae3849ba57e0a0fed0f91d6f690361a98e1c5560c2f3144c6746d583cf5381",
+                        "be9755d7de1d78bd2c8bb957c80f199baf9630948b5e9e17eb54fd04a3646290",
+                        "c03e016df0ddc6fd937a52f97d3cc08b945046481578dfc2489e7208196cb468",
+                        "c828b4b562816f3a34ccbee1b804665f1aac2f8f487c39e5cecb751541b66713",
+                        "ca59f8e92dfefba36f5d601ffae6bb4ce3b5f05d1ff6c91d72461f475755d12e",
+                        "cca39eebc73390fc408f0070fd31a4fec405b4466c248adc5413bbc4b5b0308c",
+                        "cf6d5a0dde7159109750880e5ae5595923b0e502e178326344c0bb49a141b5f3",
+                        "d833f6e5ff1156e9c836dbc2e00f5d4431bc450a6dc36e4ebfab34a32e3741c0",
+                        "db7e61f78c1334471f801f40e9f1c7b67a2a150b7bb1ea29b716debfc87e0d87",
+                        "db92a789081585aa07f255036b5a862cf6d0ceb8a8aee45d93aa882db61d35f0",
+                        "dbdb416f2be2761c4acd105b87255e2e7feea28fcb6d77224b5e436eb5e0c492",
+                        "e2682e27b3ad24b9dadf235adc1e1484fcc1f3ad4127494ae291f729178899dd",
+                        "e2827ceb2ca75fd7d6d81b031ff89f67ef273b25ad26afcf7218bee92edeba51",
+                        "e344a020eb2b9e8f7849e6190250d881ce7ed68e89b447d47afba5fc34206895",
+                        "e3ec3a1999c935c8dfb4922ed30353be3758696a4d7a336925f3f8b90315cd90",
+                        "e5b34c78da584739945094d2543da674102a6e32f5d0c3e81923ce7a701ed824",
+                        "e7723943562ecd4c1394fefcd7d0321cd50e26c10d15a8136b3d524d6ee8a33e",
+                        "e7788132c06de65d834b5639a40606942ef6394b21350ae2fab19254f8f1bc75",
+                        "e9c00348e18aeb045f8e646f38b83c40b78bca943bfa5edba40ecb9e1794c5c3",
+                        "ef4ac67eb5d531a8b4a5a54b69e5afcd6a9dc30cfbda86fe571fc0e04af41e1b",
+                        "f106305a63851987e0f48556e1a61c2fa6035c3b569005761fa2ba0aa3a7c085",
+                        "f31698233389934cd18eaaed0d7fbafbe3cbe8738d1c493b492a26aa73a9c597",
+                        "f3d49f47a5ef0861e8c98df6432ab96e4694f406bc892b80f4215d4db54c1a75",
+                        "f47dd464b5285b40dc39e07e414a6737d0f6289337c7618270fd3a4f53745081",
+                        "f5b90919a1c59edf4148d0d42ac361c8d439b4926956ec5ddc25c9eabb3abc21",
+                        "f75e8e0e0c7855400696c4dc9541bcd75a24f27676e9e4acf4146f434166a4b9",
+                        "f80065b055f780c8edb11b1871e74970c6abd0b5963966d470d09c060503a843"
+                    ],
+                    "name": "2GVWNQJz1"
+                }
+            ],
+            "registry": [
+                {
+                    "hashes": [
+                        "04f0e9827c423864e2f267f2fcfa8d31dbdfbe0d7b92d34f118d8e77b9597528",
+                        "072276d94f0ff3f700574cc3b84cbc65d41b0eaff2e83a5653edf6ff7fd2e0ba",
+                        "077d53918dccaae2871aa7b501da372a6673e15b4a4447051852d4e01f581a03",
+                        "0c47e6afcb8c3354a181e8bda0512ca65d7a5b5c0541da879994c787ab4530e1",
+                        "10ea6c280c20d3567453bda8c2af4794b867ad43d3e9c6e06fea328e8b1d4f5a",
+                        "112078a290c017e9c56a38a18d57e3507567836c7ecd55a29d43d06d8c4b2e87",
+                        "16a1a073d93a8d56001a694d04fed70b17019eb244670390c0946104656528f6",
+                        "1953ca3ec2aa45a27077b21f7e464f497abfb4f1ae6a75eb62824e414db4c88b",
+                        "1a2e5b01d2f1150064e73fedcf18de3a90f3950ae6c0a55697b2a87d723bffe2",
+                        "1e8935e3c76df325b00eeb5e525ae4329de3ae64c991b9957327411740537b3c",
+                        "1eac32099ccff0b55a138676e3ac291cb81c0cd2a573d6b5a013acbe5dc83536",
+                        "1fbd62875d486e68e80118228cdb356e243f00b0060f7dca195dd734778afa82",
+                        "239051885f686e935ca2242165dc592c8e266e5eb72576c80d92a71fb558e83f",
+                        "2f8594a39a654c99514983d6dbf367258de39be75294668ac80c2f9b248fd9aa",
+                        "35d8e52e6d05dadf52f441971bb246d7d15e5a49f33626c91078dd1177d767b5",
+                        "375d5f6b94dbc0b1bd46e46aae64b6cee43c2459af4a8c51e3bbe36b885cf216",
+                        "3929cfbc0cb9cbe8be50104418169111b8ffdfdc58cf628560c61ea98adc7446",
+                        "3977126c1a8ead71c700e64414dd4a97f1396fa97f6513650f0ae008f66e072f",
+                        "3a906ac6fc9c764876f897e70242d3614f988d629d68c35a0b13d1969ceba44a",
+                        "3b41e6fb3c8ece6117e852bdcdba6b3ef494e7eb502787ac12045fabc3ec5609",
+                        "3c84e14224e65aa3a067c7b392e98037fc3672afc21fa02ef3ad3417e58c8e0f",
+                        "3cb111e6d531ae041de2efeac8587374f59526fa719460ad55faaacfb4936d99",
+                        "3cb808292a7a81b6ff25d497f25acad1e554d14806492bfefa1c1c7f204d405a",
+                        "3e05620847484822b3a23a1250863b550732547923e88e14e64b8084bc24c0c6",
+                        "43fadbcf6b371f33f758f939b8ea7b524ade6a7753b41d7a5b3dad524add560f",
+                        "470fc19b55ecb8f7830c57763c22086d45e4bdbccbb410827da20f178d082eb1",
+                        "48fb31e3268057b2985bfe5455f5fe672169bc27c35b463266bac746af9e31e8",
+                        "4a86cbb357806bb557b9ef262e458fe051d14a4507f0cd23924b379e0e4f6b48",
+                        "51d4c615066be53e24d1c2dc70bd9f5513f15ec615ec6b550945a5650d09035e",
+                        "52091dc21ec158cf6d1a3593beb7043d9b95831cb7524b7f537ba13361fe24d5",
+                        "5244ea22ca67d2b4dacfcb7625f4658a4c92a9b5c90eeace1427e71582321e1a",
+                        "56099780e1a7c1df6f8fe7b01f107b46bbe66025d492dfc7e72482dfc735113a",
+                        "572bab030a2a464bf15793e5dd3e2d84b8360e3bb07be0e8d2708e3025b6a2a3",
+                        "575e01491c4d5a08c2a6e60747fc87824397884a187d335f399057f50ba421f5",
+                        "5ac7670fa52909cabebac7345330da2c85311efd3dbe89dd57bcc952c75b58fb",
+                        "5b5a3363903ac2fd810e4e1877ad59ebab5563e2740e4d970bc0c8ba4a471b08",
+                        "5cda9d95afad5d7cc4584f8788ff30a2270020b6d4c874589dc4715f5fb166cc",
+                        "6197022f055da5446b9e6e937373805a3d497fdd4159827e23fc3cff6d26a51b",
+                        "659b77581f815a025f1826468979f5fce066e7f2bc91393ee74bd71fbb62cf14",
+                        "65a2af1decd8c0a9209ce09d7eeb2088ae2007272e3a0ef6cfa90480d0871dba",
+                        "674937c7fea9937d3157090a4358a53d21b45cf0bbe67b76e5d1adcda87df931",
+                        "69fb5ba180985ff11e747db0bd46b177d9551503da46638ff5586ff90f7a6baf",
+                        "6bf293de0f7a6a267278de0d1d9d5b814f24853a0c2c1e5b4ea0406c0762f6f9",
+                        "7069134c0a0b1055a8bf49d54812015b4c4eaf24d638be77ca9c2b53389dffeb",
+                        "712ecbe881c06855b483f0bbeaf7ea17db994363503a54b99cc416116ada4dba",
+                        "71cbea725d64eb8055a0fb931b75cd3e917adb363af7ebdf12d22d0c149ecc1d",
+                        "7440194e0b5ae29993d2f8571c8f7a83c029eeecf251a5e991fcd35e12108f61",
+                        "7815afe50beb666d59454975871bc89711d3be94367a2dc1aeef4d1490e027a8",
+                        "7ca67b54493ec1fbf018e6f8da87d6d261ec7fdb9a17cf8327e28ce8c0ab97f4",
+                        "82fafc3ad44adb44bb8f4cc0205915a89b3dee6bfc1c84e4dc6a8b4c9c429e07",
+                        "8332cad289db9b2a133817901291d639742a6d17ee7d44694111655941ec2c1d",
+                        "8558d6b9eade8d8efc56573f591d28bd15c09935e955448dae984dbc028ae5d3",
+                        "858716274ebe0e1eaffbe79fe3ea0764b2ee48409d42669e5c8e61c3c9831ff9",
+                        "880275a257523f16fb83b540e5e1f4489d751c6684cb6f10a605f76f70b08d3a",
+                        "8904f02c9115f5ea25a3815595be1ac6d642c646786d053ceec0d17606677c17",
+                        "89e73508b4da44c1b92b3c883f7ea4cacc9a689f14b42c6856b946f19b36ee3d",
+                        "9144fa8590d0bfd6b8d2aadcc182e26918c3d530e9cfac5df9ed9c74b49f3622",
+                        "91c7ff92f3938267720a28e9c995125500aeb78e82714220688d3da95612c15a",
+                        "91d31331456072dc5dd1c7f8e1a5de4f0c2e22e888a02006e267f76d919ad387",
+                        "9772b6f8e9a3a4e3112ca3e5284bb1ee177bbb13fbb724a6e5c9f72801f2a5a6",
+                        "9b5919486261f6182fca2fe05a6027ffecb0b21f85f8182ad0323983c3e64784",
+                        "9bbc0fe8ddcd656cab2b39f146ea8e57cb2496b8777266a528d7af3d5d3ef799",
+                        "9bd458840202ac6a3e775d0b5bb14da65560c615a2a7ba6cc01f7b8a7fb75f8c",
+                        "9c4408d9e0a07492ab2995e82e7b9200d78f0243a8f39b6f13adcfde3547611e",
+                        "9c7646c2bc1fbbee103868c7a13b9dd2c1cb29b62950fbf5acc67404b38da9ef",
+                        "9f4c5694e674c829e242955febef9efb130ee87d8bb0caed1961a9cc39cf21ad",
+                        "9f7eabb50fcd7618c280d5639d6465fa87c3c2580495953f556d57da7242f515",
+                        "a0afe1c788bc4f1902f409b5c475b2da63166d33794d19ce76fe450c8c3cf0f3",
+                        "a1ff028ab0f1c0abdd2650837afdbc1f28dad905cccb802b7af72e439c6acba4",
+                        "a210d0c79b879908b6b281722caf724f8e02b800ca7cffed17285574b1e73d4a",
+                        "a498beaab56b3c14562091c0ec732c4c5daeaf13754e9ec6e9b17f8292c9deb0",
+                        "af730f5170933c122bb4e9b8c50c596d150b45d670baba9ab4655e343c835e3d",
+                        "b3c3df072ff1aec9fff5f1b51bc8dcdcb656eeddceeb3c7643ed13d1d6760b4e",
+                        "b3db6584b32bda2b9bb77255ddcd4014e5dfcc1c4d2251d0677033d3a15cfa80",
+                        "b58b29b29b08569ac1e4dc89a41d765a9746a7fd13deebb76d6799e119a7dc81",
+                        "b6c5eebc72f7f175a7510d760e5aeffbfb77fa7d18cd707c57b47282cefb1b21",
+                        "b889023e1c702a202486aae5d5ba7b4c22d8a497812420316db62bb485853c78",
+                        "ba7c302411d29424ac426051a867f8386f6e03abf7b83d385e3f028388dee559",
+                        "bcae3849ba57e0a0fed0f91d6f690361a98e1c5560c2f3144c6746d583cf5381",
+                        "be9755d7de1d78bd2c8bb957c80f199baf9630948b5e9e17eb54fd04a3646290",
+                        "c03e016df0ddc6fd937a52f97d3cc08b945046481578dfc2489e7208196cb468",
+                        "c828b4b562816f3a34ccbee1b804665f1aac2f8f487c39e5cecb751541b66713",
+                        "ca59f8e92dfefba36f5d601ffae6bb4ce3b5f05d1ff6c91d72461f475755d12e",
+                        "cca39eebc73390fc408f0070fd31a4fec405b4466c248adc5413bbc4b5b0308c",
+                        "cf6d5a0dde7159109750880e5ae5595923b0e502e178326344c0bb49a141b5f3",
+                        "d833f6e5ff1156e9c836dbc2e00f5d4431bc450a6dc36e4ebfab34a32e3741c0",
+                        "db7e61f78c1334471f801f40e9f1c7b67a2a150b7bb1ea29b716debfc87e0d87",
+                        "db92a789081585aa07f255036b5a862cf6d0ceb8a8aee45d93aa882db61d35f0",
+                        "dbdb416f2be2761c4acd105b87255e2e7feea28fcb6d77224b5e436eb5e0c492",
+                        "e2682e27b3ad24b9dadf235adc1e1484fcc1f3ad4127494ae291f729178899dd",
+                        "e2827ceb2ca75fd7d6d81b031ff89f67ef273b25ad26afcf7218bee92edeba51",
+                        "e344a020eb2b9e8f7849e6190250d881ce7ed68e89b447d47afba5fc34206895",
+                        "e3ec3a1999c935c8dfb4922ed30353be3758696a4d7a336925f3f8b90315cd90",
+                        "e5b34c78da584739945094d2543da674102a6e32f5d0c3e81923ce7a701ed824",
+                        "e7723943562ecd4c1394fefcd7d0321cd50e26c10d15a8136b3d524d6ee8a33e",
+                        "e7788132c06de65d834b5639a40606942ef6394b21350ae2fab19254f8f1bc75",
+                        "e9c00348e18aeb045f8e646f38b83c40b78bca943bfa5edba40ecb9e1794c5c3",
+                        "ef4ac67eb5d531a8b4a5a54b69e5afcd6a9dc30cfbda86fe571fc0e04af41e1b",
+                        "f106305a63851987e0f48556e1a61c2fa6035c3b569005761fa2ba0aa3a7c085",
+                        "f31698233389934cd18eaaed0d7fbafbe3cbe8738d1c493b492a26aa73a9c597",
+                        "f3d49f47a5ef0861e8c98df6432ab96e4694f406bc892b80f4215d4db54c1a75",
+                        "f47dd464b5285b40dc39e07e414a6737d0f6289337c7618270fd3a4f53745081",
+                        "f5b90919a1c59edf4148d0d42ac361c8d439b4926956ec5ddc25c9eabb3abc21",
+                        "f75e8e0e0c7855400696c4dc9541bcd75a24f27676e9e4acf4146f434166a4b9",
+                        "f80065b055f780c8edb11b1871e74970c6abd0b5963966d470d09c060503a843"
+                    ],
+                    "key": "<HKCU>\\SOFTWARE\\<random, matching '[a-zA-Z0-9]{5,9}'>",
+                    "value_name": null
+                },
+                {
+                    "hashes": [
+                        "1953ca3ec2aa45a27077b21f7e464f497abfb4f1ae6a75eb62824e414db4c88b",
+                        "f31698233389934cd18eaaed0d7fbafbe3cbe8738d1c493b492a26aa73a9c597"
+                    ],
+                    "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN",
+                    "value_name": "xmacrbdl"
+                },
+                {
+                    "hashes": [
+                        "5b5a3363903ac2fd810e4e1877ad59ebab5563e2740e4d970bc0c8ba4a471b08",
+                        "9bd458840202ac6a3e775d0b5bb14da65560c615a2a7ba6cc01f7b8a7fb75f8c"
+                    ],
+                    "key": "<HKCU>\\SOFTWARE\\GAJXWHJP",
+                    "value_name": "gsmcqoda"
+                },
+                {
+                    "hashes": [
+                        "5b5a3363903ac2fd810e4e1877ad59ebab5563e2740e4d970bc0c8ba4a471b08",
+                        "9bd458840202ac6a3e775d0b5bb14da65560c615a2a7ba6cc01f7b8a7fb75f8c"
+                    ],
+                    "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN",
+                    "value_name": "lugmssnl"
+                },
+                {
+                    "hashes": [
+                        "1953ca3ec2aa45a27077b21f7e464f497abfb4f1ae6a75eb62824e414db4c88b",
+                        "f31698233389934cd18eaaed0d7fbafbe3cbe8738d1c493b492a26aa73a9c597"
+                    ],
+                    "key": "<HKCU>\\SOFTWARE\\LCFGUHWN",
+                    "value_name": "kkpiqpjh"
+                },
+                {
+                    "hashes": [
+                        "c03e016df0ddc6fd937a52f97d3cc08b945046481578dfc2489e7208196cb468"
+                    ],
+                    "key": "<HKCU>\\SOFTWARE\\RDSDIHPI",
+                    "value_name": "ooffhvvq"
+                },
+                {
+                    "hashes": [
+                        "c03e016df0ddc6fd937a52f97d3cc08b945046481578dfc2489e7208196cb468"
+                    ],
+                    "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN",
+                    "value_name": "gbpdjnro"
+                },
+                {
+                    "hashes": [
+                        "dbdb416f2be2761c4acd105b87255e2e7feea28fcb6d77224b5e436eb5e0c492"
+                    ],
+                    "key": "<HKCU>\\SOFTWARE\\LEHGMFUH",
+                    "value_name": "nfbspwqi"
+                },
+                {
+                    "hashes": [
+                        "dbdb416f2be2761c4acd105b87255e2e7feea28fcb6d77224b5e436eb5e0c492"
+                    ],
+                    "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN",
+                    "value_name": "stxigvvf"
+                },
+                {
+                    "hashes": [
+                        "c828b4b562816f3a34ccbee1b804665f1aac2f8f487c39e5cecb751541b66713"
+                    ],
+                    "key": "<HKCU>\\SOFTWARE\\ATGQWMWN",
+                    "value_name": "risbqlwn"
+                },
+                {
+                    "hashes": [
+                        "c828b4b562816f3a34ccbee1b804665f1aac2f8f487c39e5cecb751541b66713"
+                    ],
+                    "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN",
+                    "value_name": "jijgpgho"
+                },
+                {
+                    "hashes": [
+                        "d833f6e5ff1156e9c836dbc2e00f5d4431bc450a6dc36e4ebfab34a32e3741c0"
+                    ],
+                    "key": "<HKCU>\\SOFTWARE\\EAPSNCGM",
+                    "value_name": "botvmpma"
+                },
+                {
+                    "hashes": [
+                        "d833f6e5ff1156e9c836dbc2e00f5d4431bc450a6dc36e4ebfab34a32e3741c0"
+                    ],
+                    "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN",
+                    "value_name": "lcfvvaka"
+                },
+                {
+                    "hashes": [
+                        "cf6d5a0dde7159109750880e5ae5595923b0e502e178326344c0bb49a141b5f3"
+                    ],
+                    "key": "<HKCU>\\SOFTWARE\\AWNSSOSH",
+                    "value_name": "lwgulaor"
+                },
+                {
+                    "hashes": [
+                        "cf6d5a0dde7159109750880e5ae5595923b0e502e178326344c0bb49a141b5f3"
+                    ],
+                    "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN",
+                    "value_name": "wnavkjeq"
+                },
+                {
+                    "hashes": [
+                        "db7e61f78c1334471f801f40e9f1c7b67a2a150b7bb1ea29b716debfc87e0d87"
+                    ],
+                    "key": "<HKCU>\\SOFTWARE\\KABXXVNJ",
+                    "value_name": "pdilquld"
+                },
+                {
+                    "hashes": [
+                        "db7e61f78c1334471f801f40e9f1c7b67a2a150b7bb1ea29b716debfc87e0d87"
+                    ],
+                    "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN",
+                    "value_name": "xwrwisgs"
+                },
+                {
+                    "hashes": [
+                        "e2682e27b3ad24b9dadf235adc1e1484fcc1f3ad4127494ae291f729178899dd"
+                    ],
+                    "key": "<HKCU>\\SOFTWARE\\NOLANLNS",
+                    "value_name": "kjknnnrk"
+                },
+                {
+                    "hashes": [
+                        "e2682e27b3ad24b9dadf235adc1e1484fcc1f3ad4127494ae291f729178899dd"
+                    ],
+                    "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN",
+                    "value_name": "jtuoejek"
+                },
+                {
+                    "hashes": [
+                        "e9c00348e18aeb045f8e646f38b83c40b78bca943bfa5edba40ecb9e1794c5c3"
+                    ],
+                    "key": "<HKCU>\\SOFTWARE\\APKRXJCT",
+                    "value_name": "awpnebmp"
+                },
+                {
+                    "hashes": [
+                        "e9c00348e18aeb045f8e646f38b83c40b78bca943bfa5edba40ecb9e1794c5c3"
+                    ],
+                    "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN",
+                    "value_name": "wghkbolm"
+                },
+                {
+                    "hashes": [
+                        "e3ec3a1999c935c8dfb4922ed30353be3758696a4d7a336925f3f8b90315cd90"
+                    ],
+                    "key": "<HKCU>\\SOFTWARE\\BPCJNVPS",
+                    "value_name": "govolssr"
+                },
+                {
+                    "hashes": [
+                        "e3ec3a1999c935c8dfb4922ed30353be3758696a4d7a336925f3f8b90315cd90"
+                    ],
+                    "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN",
+                    "value_name": "tqsqpkkn"
+                },
+                {
+                    "hashes": [
+                        "e5b34c78da584739945094d2543da674102a6e32f5d0c3e81923ce7a701ed824"
+                    ],
+                    "key": "<HKCU>\\SOFTWARE\\UIMKHRCC",
+                    "value_name": "artghiar"
+                },
+                {
+                    "hashes": [
+                        "f106305a63851987e0f48556e1a61c2fa6035c3b569005761fa2ba0aa3a7c085"
+                    ],
+                    "key": "<HKCU>\\SOFTWARE\\WIVKXHOB",
+                    "value_name": "qlpdwusx"
+                },
+                {
+                    "hashes": [
+                        "e5b34c78da584739945094d2543da674102a6e32f5d0c3e81923ce7a701ed824"
+                    ],
+                    "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN",
+                    "value_name": "abjrelcu"
+                },
+                {
+                    "hashes": [
+                        "f106305a63851987e0f48556e1a61c2fa6035c3b569005761fa2ba0aa3a7c085"
+                    ],
+                    "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN",
+                    "value_name": "nnxrhwfd"
+                },
+                {
+                    "hashes": [
+                        "e344a020eb2b9e8f7849e6190250d881ce7ed68e89b447d47afba5fc34206895"
+                    ],
+                    "key": "<HKCU>\\SOFTWARE\\DXHIHGKO",
+                    "value_name": "tvwdujwk"
+                },
+                {
+                    "hashes": [
+                        "e344a020eb2b9e8f7849e6190250d881ce7ed68e89b447d47afba5fc34206895"
+                    ],
+                    "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN",
+                    "value_name": "iavdbqkn"
+                },
+                {
+                    "hashes": [
+                        "e7723943562ecd4c1394fefcd7d0321cd50e26c10d15a8136b3d524d6ee8a33e"
+                    ],
+                    "key": "<HKCU>\\SOFTWARE\\OVCODQSR",
+                    "value_name": "trsneafq"
+                },
+                {
+                    "hashes": [
+                        "e7723943562ecd4c1394fefcd7d0321cd50e26c10d15a8136b3d524d6ee8a33e"
+                    ],
+                    "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN",
+                    "value_name": "mejknekg"
+                },
+                {
+                    "hashes": [
+                        "f75e8e0e0c7855400696c4dc9541bcd75a24f27676e9e4acf4146f434166a4b9"
+                    ],
+                    "key": "<HKCU>\\SOFTWARE\\SROPWKEQ",
+                    "value_name": "mdrxtoca"
+                },
+                {
+                    "hashes": [
+                        "f75e8e0e0c7855400696c4dc9541bcd75a24f27676e9e4acf4146f434166a4b9"
+                    ],
+                    "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN",
+                    "value_name": "uaohmikj"
+                },
+                {
+                    "hashes": [
+                        "f3d49f47a5ef0861e8c98df6432ab96e4694f406bc892b80f4215d4db54c1a75"
+                    ],
+                    "key": "<HKCU>\\SOFTWARE\\VJJFQGKH",
+                    "value_name": "jfsxdjjc"
+                },
+                {
+                    "hashes": [
+                        "f3d49f47a5ef0861e8c98df6432ab96e4694f406bc892b80f4215d4db54c1a75"
+                    ],
+                    "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN",
+                    "value_name": "rjblrnis"
+                },
+                {
+                    "hashes": [
+                        "f5b90919a1c59edf4148d0d42ac361c8d439b4926956ec5ddc25c9eabb3abc21"
+                    ],
+                    "key": "<HKCU>\\SOFTWARE\\CUXQKICW",
+                    "value_name": "wxqakjbv"
+                },
+                {
+                    "hashes": [
+                        "f5b90919a1c59edf4148d0d42ac361c8d439b4926956ec5ddc25c9eabb3abc21"
+                    ],
+                    "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN",
+                    "value_name": "tlbijafu"
+                },
+                {
+                    "hashes": [
+                        "ef4ac67eb5d531a8b4a5a54b69e5afcd6a9dc30cfbda86fe571fc0e04af41e1b"
+                    ],
+                    "key": "<HKCU>\\SOFTWARE\\BLAJJSAW",
+                    "value_name": "qotudwci"
+                },
+                {
+                    "hashes": [
+                        "ef4ac67eb5d531a8b4a5a54b69e5afcd6a9dc30cfbda86fe571fc0e04af41e1b"
+                    ],
+                    "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN",
+                    "value_name": "dxbrpnqx"
+                },
+                {
+                    "hashes": [
+                        "e2827ceb2ca75fd7d6d81b031ff89f67ef273b25ad26afcf7218bee92edeba51"
+                    ],
+                    "key": "<HKCU>\\SOFTWARE\\MWDLHRFO",
+                    "value_name": "cgokfdvf"
+                },
+                {
+                    "hashes": [
+                        "e2827ceb2ca75fd7d6d81b031ff89f67ef273b25ad26afcf7218bee92edeba51"
+                    ],
+                    "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN",
+                    "value_name": "cmtfflxv"
+                },
+                {
+                    "hashes": [
+                        "e7788132c06de65d834b5639a40606942ef6394b21350ae2fab19254f8f1bc75"
+                    ],
+                    "key": "<HKCU>\\SOFTWARE\\DTSDABPG",
+                    "value_name": "tuswnfht"
+                },
+                {
+                    "hashes": [
+                        "e7788132c06de65d834b5639a40606942ef6394b21350ae2fab19254f8f1bc75"
+                    ],
+                    "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN",
+                    "value_name": "bgxtxfdm"
+                },
+                {
+                    "hashes": [
+                        "f47dd464b5285b40dc39e07e414a6737d0f6289337c7618270fd3a4f53745081"
+                    ],
+                    "key": "<HKCU>\\SOFTWARE\\JGVRVTVB",
+                    "value_name": "cfpgqvfm"
+                },
+                {
+                    "hashes": [
+                        "f47dd464b5285b40dc39e07e414a6737d0f6289337c7618270fd3a4f53745081"
+                    ],
+                    "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN",
+                    "value_name": "mnwvhhtc"
+                },
+                {
+                    "hashes": [
+                        "f80065b055f780c8edb11b1871e74970c6abd0b5963966d470d09c060503a843"
+                    ],
+                    "key": "<HKCU>\\SOFTWARE\\BDTHGPCI",
+                    "value_name": "jdcdoqbv"
+                },
+                {
+                    "hashes": [
+                        "f80065b055f780c8edb11b1871e74970c6abd0b5963966d470d09c060503a843"
+                    ],
+                    "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN",
+                    "value_name": "rbkprvfa"
+                }
+            ]
+        },
+        "reports_count": 105
+    },
+    "Win.Malware.Remcos-7914589-1": {
+        "bis": [
+            {
+                "bi": "memory-execute-readwrite",
+                "hashes": [
+                    "a7e31506a6f5136a74bc8e8ab40ca85f1d9a366ffaf69fbb01174c3302c2d836",
+                    "396e48550c04112c13456de4da057a5228757304afc0d20c74f5c24a735982a5",
+                    "7ca670fb5472d30d2bd320a373064dc919c3e24f580bdadc694a0c2950b620c5",
+                    "5b5b6c36541723ae5caad84ba2c230ce3be5629fc68226f6c5663bae222a2ac8",
+                    "3a25508291ec509c10f80ae66fe28e4c99b67dc71548ee679f3db6d0c8b1a8c1",
+                    "2ed399e979fa1ad8971db52bf7c295584d8f5834c9546a8753db2d8674936e50",
+                    "67d0e7c7c6ef03c64b8ff8b0e911de0e2b2e13925d78274b758dbf2b43cbe99f",
+                    "9f6df629221781bdb2a5d1147f759819fbe05bf30862b871d50e6a912632bc5e",
+                    "4429cd213094b8cb8b85afb9517140c551133333a920bbf82ba6cb1dfcbb9434",
+                    "c2d10a0e9929a419e0fdf9ecb685b63b8027c93e27e41d8a19965b0b5fb315f6",
+                    "284a302b8433f28439ac7adab777b0afb649eb798e869cf9f80ff9142359cb91",
+                    "01769ed4caabda8eeeaf95cf2769e7c70c7d07efdda8c45c99dfdc29fb6426b3",
+                    "47df64e82a237af5045e6fc6da1ed065302825eace28c86e0d622f6b9f29cddc",
+                    "d49428195a33e18cc313f11cce15943f20c7b6919b2fc847668773fac1062c73",
+                    "3074cb8b112d0f4ce6f4fac71bd6bd406a2fabc0551f29c3b7e8b771481dd330",
+                    "0bdc3b3fd3b8f4e356b694b3cfa541ff548c741cd24f1209a357f931ef00ca94",
+                    "c0d60f9c81843c9d5a564d96680635588ebad378bda384019e2c5fb2bf25d122"
+                ],
+                "mitre_attack_tags": [
+                    "TA0005",
+                    "TA0004",
+                    "T1055",
+                    "T1181"
+                ]
+            },
+            {
+                "bi": "cta-static-analyzer-malicious",
+                "hashes": [
+                    "a7e31506a6f5136a74bc8e8ab40ca85f1d9a366ffaf69fbb01174c3302c2d836",
+                    "396e48550c04112c13456de4da057a5228757304afc0d20c74f5c24a735982a5",
+                    "7ca670fb5472d30d2bd320a373064dc919c3e24f580bdadc694a0c2950b620c5",
+                    "5b5b6c36541723ae5caad84ba2c230ce3be5629fc68226f6c5663bae222a2ac8",
+                    "3a25508291ec509c10f80ae66fe28e4c99b67dc71548ee679f3db6d0c8b1a8c1",
+                    "2ed399e979fa1ad8971db52bf7c295584d8f5834c9546a8753db2d8674936e50",
+                    "67d0e7c7c6ef03c64b8ff8b0e911de0e2b2e13925d78274b758dbf2b43cbe99f",
+                    "9f6df629221781bdb2a5d1147f759819fbe05bf30862b871d50e6a912632bc5e",
+                    "4429cd213094b8cb8b85afb9517140c551133333a920bbf82ba6cb1dfcbb9434",
+                    "c2d10a0e9929a419e0fdf9ecb685b63b8027c93e27e41d8a19965b0b5fb315f6",
+                    "284a302b8433f28439ac7adab777b0afb649eb798e869cf9f80ff9142359cb91",
+                    "01769ed4caabda8eeeaf95cf2769e7c70c7d07efdda8c45c99dfdc29fb6426b3",
+                    "47df64e82a237af5045e6fc6da1ed065302825eace28c86e0d622f6b9f29cddc",
+                    "d49428195a33e18cc313f11cce15943f20c7b6919b2fc847668773fac1062c73",
+                    "3074cb8b112d0f4ce6f4fac71bd6bd406a2fabc0551f29c3b7e8b771481dd330",
+                    "0bdc3b3fd3b8f4e356b694b3cfa541ff548c741cd24f1209a357f931ef00ca94",
+                    "c0d60f9c81843c9d5a564d96680635588ebad378bda384019e2c5fb2bf25d122"
+                ],
+                "mitre_attack_tags": []
+            },
+            {
+                "bi": "hook-installed",
+                "hashes": [
+                    "a7e31506a6f5136a74bc8e8ab40ca85f1d9a366ffaf69fbb01174c3302c2d836",
+                    "396e48550c04112c13456de4da057a5228757304afc0d20c74f5c24a735982a5",
+                    "7ca670fb5472d30d2bd320a373064dc919c3e24f580bdadc694a0c2950b620c5",
+                    "5b5b6c36541723ae5caad84ba2c230ce3be5629fc68226f6c5663bae222a2ac8",
+                    "3a25508291ec509c10f80ae66fe28e4c99b67dc71548ee679f3db6d0c8b1a8c1",
+                    "2ed399e979fa1ad8971db52bf7c295584d8f5834c9546a8753db2d8674936e50",
+                    "67d0e7c7c6ef03c64b8ff8b0e911de0e2b2e13925d78274b758dbf2b43cbe99f",
+                    "9f6df629221781bdb2a5d1147f759819fbe05bf30862b871d50e6a912632bc5e",
+                    "4429cd213094b8cb8b85afb9517140c551133333a920bbf82ba6cb1dfcbb9434",
+                    "c2d10a0e9929a419e0fdf9ecb685b63b8027c93e27e41d8a19965b0b5fb315f6",
+                    "284a302b8433f28439ac7adab777b0afb649eb798e869cf9f80ff9142359cb91",
+                    "01769ed4caabda8eeeaf95cf2769e7c70c7d07efdda8c45c99dfdc29fb6426b3",
+                    "47df64e82a237af5045e6fc6da1ed065302825eace28c86e0d622f6b9f29cddc",
+                    "d49428195a33e18cc313f11cce15943f20c7b6919b2fc847668773fac1062c73",
+                    "3074cb8b112d0f4ce6f4fac71bd6bd406a2fabc0551f29c3b7e8b771481dd330",
+                    "0bdc3b3fd3b8f4e356b694b3cfa541ff548c741cd24f1209a357f931ef00ca94",
+                    "c0d60f9c81843c9d5a564d96680635588ebad378bda384019e2c5fb2bf25d122"
+                ],
+                "mitre_attack_tags": [
+                    "TA0006",
+                    "TA0003",
+                    "TA0004",
+                    "T1056",
+                    "T1179"
+                ]
+            },
+            {
+                "bi": "pe-tls-callback",
+                "hashes": [
+                    "a7e31506a6f5136a74bc8e8ab40ca85f1d9a366ffaf69fbb01174c3302c2d836",
+                    "396e48550c04112c13456de4da057a5228757304afc0d20c74f5c24a735982a5",
+                    "7ca670fb5472d30d2bd320a373064dc919c3e24f580bdadc694a0c2950b620c5",
+                    "5b5b6c36541723ae5caad84ba2c230ce3be5629fc68226f6c5663bae222a2ac8",
+                    "3a25508291ec509c10f80ae66fe28e4c99b67dc71548ee679f3db6d0c8b1a8c1",
+                    "2ed399e979fa1ad8971db52bf7c295584d8f5834c9546a8753db2d8674936e50",
+                    "67d0e7c7c6ef03c64b8ff8b0e911de0e2b2e13925d78274b758dbf2b43cbe99f",
+                    "9f6df629221781bdb2a5d1147f759819fbe05bf30862b871d50e6a912632bc5e",
+                    "4429cd213094b8cb8b85afb9517140c551133333a920bbf82ba6cb1dfcbb9434",
+                    "c2d10a0e9929a419e0fdf9ecb685b63b8027c93e27e41d8a19965b0b5fb315f6",
+                    "284a302b8433f28439ac7adab777b0afb649eb798e869cf9f80ff9142359cb91",
+                    "01769ed4caabda8eeeaf95cf2769e7c70c7d07efdda8c45c99dfdc29fb6426b3",
+                    "47df64e82a237af5045e6fc6da1ed065302825eace28c86e0d622f6b9f29cddc",
+                    "d49428195a33e18cc313f11cce15943f20c7b6919b2fc847668773fac1062c73",
+                    "3074cb8b112d0f4ce6f4fac71bd6bd406a2fabc0551f29c3b7e8b771481dd330",
+                    "0bdc3b3fd3b8f4e356b694b3cfa541ff548c741cd24f1209a357f931ef00ca94",
+                    "c0d60f9c81843c9d5a564d96680635588ebad378bda384019e2c5fb2bf25d122"
+                ],
+                "mitre_attack_tags": [
+                    "TA0005",
+                    "T1027"
+                ]
+            },
+            {
+                "bi": "pe-header-timestamp-prior",
+                "hashes": [
+                    "a7e31506a6f5136a74bc8e8ab40ca85f1d9a366ffaf69fbb01174c3302c2d836",
+                    "396e48550c04112c13456de4da057a5228757304afc0d20c74f5c24a735982a5",
+                    "7ca670fb5472d30d2bd320a373064dc919c3e24f580bdadc694a0c2950b620c5",
+                    "5b5b6c36541723ae5caad84ba2c230ce3be5629fc68226f6c5663bae222a2ac8",
+                    "3a25508291ec509c10f80ae66fe28e4c99b67dc71548ee679f3db6d0c8b1a8c1",
+                    "2ed399e979fa1ad8971db52bf7c295584d8f5834c9546a8753db2d8674936e50",
+                    "67d0e7c7c6ef03c64b8ff8b0e911de0e2b2e13925d78274b758dbf2b43cbe99f",
+                    "9f6df629221781bdb2a5d1147f759819fbe05bf30862b871d50e6a912632bc5e",
+                    "4429cd213094b8cb8b85afb9517140c551133333a920bbf82ba6cb1dfcbb9434",
+                    "c2d10a0e9929a419e0fdf9ecb685b63b8027c93e27e41d8a19965b0b5fb315f6",
+                    "284a302b8433f28439ac7adab777b0afb649eb798e869cf9f80ff9142359cb91",
+                    "01769ed4caabda8eeeaf95cf2769e7c70c7d07efdda8c45c99dfdc29fb6426b3",
+                    "47df64e82a237af5045e6fc6da1ed065302825eace28c86e0d622f6b9f29cddc",
+                    "d49428195a33e18cc313f11cce15943f20c7b6919b2fc847668773fac1062c73",
+                    "3074cb8b112d0f4ce6f4fac71bd6bd406a2fabc0551f29c3b7e8b771481dd330",
+                    "0bdc3b3fd3b8f4e356b694b3cfa541ff548c741cd24f1209a357f931ef00ca94",
+                    "c0d60f9c81843c9d5a564d96680635588ebad378bda384019e2c5fb2bf25d122"
+                ],
+                "mitre_attack_tags": []
+            },
+            {
+                "bi": "pe-section-shared",
+                "hashes": [
+                    "a7e31506a6f5136a74bc8e8ab40ca85f1d9a366ffaf69fbb01174c3302c2d836",
+                    "396e48550c04112c13456de4da057a5228757304afc0d20c74f5c24a735982a5",
+                    "7ca670fb5472d30d2bd320a373064dc919c3e24f580bdadc694a0c2950b620c5",
+                    "5b5b6c36541723ae5caad84ba2c230ce3be5629fc68226f6c5663bae222a2ac8",
+                    "3a25508291ec509c10f80ae66fe28e4c99b67dc71548ee679f3db6d0c8b1a8c1",
+                    "2ed399e979fa1ad8971db52bf7c295584d8f5834c9546a8753db2d8674936e50",
+                    "67d0e7c7c6ef03c64b8ff8b0e911de0e2b2e13925d78274b758dbf2b43cbe99f",
+                    "9f6df629221781bdb2a5d1147f759819fbe05bf30862b871d50e6a912632bc5e",
+                    "4429cd213094b8cb8b85afb9517140c551133333a920bbf82ba6cb1dfcbb9434",
+                    "c2d10a0e9929a419e0fdf9ecb685b63b8027c93e27e41d8a19965b0b5fb315f6",
+                    "284a302b8433f28439ac7adab777b0afb649eb798e869cf9f80ff9142359cb91",
+                    "01769ed4caabda8eeeaf95cf2769e7c70c7d07efdda8c45c99dfdc29fb6426b3",
+                    "47df64e82a237af5045e6fc6da1ed065302825eace28c86e0d622f6b9f29cddc",
+                    "d49428195a33e18cc313f11cce15943f20c7b6919b2fc847668773fac1062c73",
+                    "3074cb8b112d0f4ce6f4fac71bd6bd406a2fabc0551f29c3b7e8b771481dd330",
+                    "0bdc3b3fd3b8f4e356b694b3cfa541ff548c741cd24f1209a357f931ef00ca94",
+                    "c0d60f9c81843c9d5a564d96680635588ebad378bda384019e2c5fb2bf25d122"
+                ],
+                "mitre_attack_tags": [
+                    "TA0005",
+                    "T1027"
+                ]
+            },
+            {
+                "bi": "modified-executable",
+                "hashes": [
+                    "a7e31506a6f5136a74bc8e8ab40ca85f1d9a366ffaf69fbb01174c3302c2d836",
+                    "396e48550c04112c13456de4da057a5228757304afc0d20c74f5c24a735982a5",
+                    "7ca670fb5472d30d2bd320a373064dc919c3e24f580bdadc694a0c2950b620c5",
+                    "5b5b6c36541723ae5caad84ba2c230ce3be5629fc68226f6c5663bae222a2ac8",
+                    "3a25508291ec509c10f80ae66fe28e4c99b67dc71548ee679f3db6d0c8b1a8c1",
+                    "2ed399e979fa1ad8971db52bf7c295584d8f5834c9546a8753db2d8674936e50",
+                    "67d0e7c7c6ef03c64b8ff8b0e911de0e2b2e13925d78274b758dbf2b43cbe99f",
+                    "9f6df629221781bdb2a5d1147f759819fbe05bf30862b871d50e6a912632bc5e",
+                    "4429cd213094b8cb8b85afb9517140c551133333a920bbf82ba6cb1dfcbb9434",
+                    "c2d10a0e9929a419e0fdf9ecb685b63b8027c93e27e41d8a19965b0b5fb315f6",
+                    "284a302b8433f28439ac7adab777b0afb649eb798e869cf9f80ff9142359cb91",
+                    "01769ed4caabda8eeeaf95cf2769e7c70c7d07efdda8c45c99dfdc29fb6426b3",
+                    "47df64e82a237af5045e6fc6da1ed065302825eace28c86e0d622f6b9f29cddc",
+                    "d49428195a33e18cc313f11cce15943f20c7b6919b2fc847668773fac1062c73",
+                    "3074cb8b112d0f4ce6f4fac71bd6bd406a2fabc0551f29c3b7e8b771481dd330",
+                    "c0d60f9c81843c9d5a564d96680635588ebad378bda384019e2c5fb2bf25d122"
+                ],
+                "mitre_attack_tags": []
+            },
+            {
+                "bi": "created-executable-in-user-dir",
+                "hashes": [
+                    "a7e31506a6f5136a74bc8e8ab40ca85f1d9a366ffaf69fbb01174c3302c2d836",
+                    "396e48550c04112c13456de4da057a5228757304afc0d20c74f5c24a735982a5",
+                    "7ca670fb5472d30d2bd320a373064dc919c3e24f580bdadc694a0c2950b620c5",
+                    "5b5b6c36541723ae5caad84ba2c230ce3be5629fc68226f6c5663bae222a2ac8",
+                    "3a25508291ec509c10f80ae66fe28e4c99b67dc71548ee679f3db6d0c8b1a8c1",
+                    "2ed399e979fa1ad8971db52bf7c295584d8f5834c9546a8753db2d8674936e50",
+                    "67d0e7c7c6ef03c64b8ff8b0e911de0e2b2e13925d78274b758dbf2b43cbe99f",
+                    "9f6df629221781bdb2a5d1147f759819fbe05bf30862b871d50e6a912632bc5e",
+                    "4429cd213094b8cb8b85afb9517140c551133333a920bbf82ba6cb1dfcbb9434",
+                    "c2d10a0e9929a419e0fdf9ecb685b63b8027c93e27e41d8a19965b0b5fb315f6",
+                    "284a302b8433f28439ac7adab777b0afb649eb798e869cf9f80ff9142359cb91",
+                    "01769ed4caabda8eeeaf95cf2769e7c70c7d07efdda8c45c99dfdc29fb6426b3",
+                    "47df64e82a237af5045e6fc6da1ed065302825eace28c86e0d622f6b9f29cddc",
+                    "d49428195a33e18cc313f11cce15943f20c7b6919b2fc847668773fac1062c73",
+                    "3074cb8b112d0f4ce6f4fac71bd6bd406a2fabc0551f29c3b7e8b771481dd330",
+                    "c0d60f9c81843c9d5a564d96680635588ebad378bda384019e2c5fb2bf25d122"
+                ],
+                "mitre_attack_tags": []
+            },
+            {
+                "bi": "antivirus-service-flagged-artifact",
+                "hashes": [
+                    "a7e31506a6f5136a74bc8e8ab40ca85f1d9a366ffaf69fbb01174c3302c2d836",
+                    "396e48550c04112c13456de4da057a5228757304afc0d20c74f5c24a735982a5",
+                    "7ca670fb5472d30d2bd320a373064dc919c3e24f580bdadc694a0c2950b620c5",
+                    "5b5b6c36541723ae5caad84ba2c230ce3be5629fc68226f6c5663bae222a2ac8",
+                    "2ed399e979fa1ad8971db52bf7c295584d8f5834c9546a8753db2d8674936e50",
+                    "67d0e7c7c6ef03c64b8ff8b0e911de0e2b2e13925d78274b758dbf2b43cbe99f",
+                    "9f6df629221781bdb2a5d1147f759819fbe05bf30862b871d50e6a912632bc5e",
+                    "4429cd213094b8cb8b85afb9517140c551133333a920bbf82ba6cb1dfcbb9434",
+                    "c2d10a0e9929a419e0fdf9ecb685b63b8027c93e27e41d8a19965b0b5fb315f6",
+                    "284a302b8433f28439ac7adab777b0afb649eb798e869cf9f80ff9142359cb91",
+                    "01769ed4caabda8eeeaf95cf2769e7c70c7d07efdda8c45c99dfdc29fb6426b3",
+                    "47df64e82a237af5045e6fc6da1ed065302825eace28c86e0d622f6b9f29cddc",
+                    "d49428195a33e18cc313f11cce15943f20c7b6919b2fc847668773fac1062c73",
+                    "3074cb8b112d0f4ce6f4fac71bd6bd406a2fabc0551f29c3b7e8b771481dd330",
+                    "0bdc3b3fd3b8f4e356b694b3cfa541ff548c741cd24f1209a357f931ef00ca94",
+                    "c0d60f9c81843c9d5a564d96680635588ebad378bda384019e2c5fb2bf25d122"
+                ],
+                "mitre_attack_tags": []
+            },
+            {
+                "bi": "modified-file-in-user-dir",
+                "hashes": [
+                    "a7e31506a6f5136a74bc8e8ab40ca85f1d9a366ffaf69fbb01174c3302c2d836",
+                    "396e48550c04112c13456de4da057a5228757304afc0d20c74f5c24a735982a5",
+                    "7ca670fb5472d30d2bd320a373064dc919c3e24f580bdadc694a0c2950b620c5",
+                    "5b5b6c36541723ae5caad84ba2c230ce3be5629fc68226f6c5663bae222a2ac8",
+                    "3a25508291ec509c10f80ae66fe28e4c99b67dc71548ee679f3db6d0c8b1a8c1",
+                    "2ed399e979fa1ad8971db52bf7c295584d8f5834c9546a8753db2d8674936e50",
+                    "67d0e7c7c6ef03c64b8ff8b0e911de0e2b2e13925d78274b758dbf2b43cbe99f",
+                    "9f6df629221781bdb2a5d1147f759819fbe05bf30862b871d50e6a912632bc5e",
+                    "4429cd213094b8cb8b85afb9517140c551133333a920bbf82ba6cb1dfcbb9434",
+                    "c2d10a0e9929a419e0fdf9ecb685b63b8027c93e27e41d8a19965b0b5fb315f6",
+                    "284a302b8433f28439ac7adab777b0afb649eb798e869cf9f80ff9142359cb91",
+                    "01769ed4caabda8eeeaf95cf2769e7c70c7d07efdda8c45c99dfdc29fb6426b3",
+                    "47df64e82a237af5045e6fc6da1ed065302825eace28c86e0d622f6b9f29cddc",
+                    "d49428195a33e18cc313f11cce15943f20c7b6919b2fc847668773fac1062c73",
+                    "3074cb8b112d0f4ce6f4fac71bd6bd406a2fabc0551f29c3b7e8b771481dd330",
+                    "c0d60f9c81843c9d5a564d96680635588ebad378bda384019e2c5fb2bf25d122"
+                ],
+                "mitre_attack_tags": []
+            },
+            {
+                "bi": "network-fast-flux-domain",
+                "hashes": [
+                    "a7e31506a6f5136a74bc8e8ab40ca85f1d9a366ffaf69fbb01174c3302c2d836",
+                    "396e48550c04112c13456de4da057a5228757304afc0d20c74f5c24a735982a5",
+                    "7ca670fb5472d30d2bd320a373064dc919c3e24f580bdadc694a0c2950b620c5",
+                    "5b5b6c36541723ae5caad84ba2c230ce3be5629fc68226f6c5663bae222a2ac8",
+                    "3a25508291ec509c10f80ae66fe28e4c99b67dc71548ee679f3db6d0c8b1a8c1",
+                    "2ed399e979fa1ad8971db52bf7c295584d8f5834c9546a8753db2d8674936e50",
+                    "67d0e7c7c6ef03c64b8ff8b0e911de0e2b2e13925d78274b758dbf2b43cbe99f",
+                    "9f6df629221781bdb2a5d1147f759819fbe05bf30862b871d50e6a912632bc5e",
+                    "4429cd213094b8cb8b85afb9517140c551133333a920bbf82ba6cb1dfcbb9434",
+                    "c2d10a0e9929a419e0fdf9ecb685b63b8027c93e27e41d8a19965b0b5fb315f6",
+                    "284a302b8433f28439ac7adab777b0afb649eb798e869cf9f80ff9142359cb91",
+                    "01769ed4caabda8eeeaf95cf2769e7c70c7d07efdda8c45c99dfdc29fb6426b3",
+                    "47df64e82a237af5045e6fc6da1ed065302825eace28c86e0d622f6b9f29cddc",
+                    "d49428195a33e18cc313f11cce15943f20c7b6919b2fc847668773fac1062c73",
+                    "3074cb8b112d0f4ce6f4fac71bd6bd406a2fabc0551f29c3b7e8b771481dd330",
+                    "c0d60f9c81843c9d5a564d96680635588ebad378bda384019e2c5fb2bf25d122"
+                ],
+                "mitre_attack_tags": []
+            },
+            {
+                "bi": "network-only-safe-domains-contacted",
+                "hashes": [
+                    "a7e31506a6f5136a74bc8e8ab40ca85f1d9a366ffaf69fbb01174c3302c2d836",
+                    "396e48550c04112c13456de4da057a5228757304afc0d20c74f5c24a735982a5",
+                    "7ca670fb5472d30d2bd320a373064dc919c3e24f580bdadc694a0c2950b620c5",
+                    "5b5b6c36541723ae5caad84ba2c230ce3be5629fc68226f6c5663bae222a2ac8",
+                    "3a25508291ec509c10f80ae66fe28e4c99b67dc71548ee679f3db6d0c8b1a8c1",
+                    "2ed399e979fa1ad8971db52bf7c295584d8f5834c9546a8753db2d8674936e50",
+                    "67d0e7c7c6ef03c64b8ff8b0e911de0e2b2e13925d78274b758dbf2b43cbe99f",
+                    "9f6df629221781bdb2a5d1147f759819fbe05bf30862b871d50e6a912632bc5e",
+                    "4429cd213094b8cb8b85afb9517140c551133333a920bbf82ba6cb1dfcbb9434",
+                    "c2d10a0e9929a419e0fdf9ecb685b63b8027c93e27e41d8a19965b0b5fb315f6",
+                    "284a302b8433f28439ac7adab777b0afb649eb798e869cf9f80ff9142359cb91",
+                    "01769ed4caabda8eeeaf95cf2769e7c70c7d07efdda8c45c99dfdc29fb6426b3",
+                    "47df64e82a237af5045e6fc6da1ed065302825eace28c86e0d622f6b9f29cddc",
+                    "d49428195a33e18cc313f11cce15943f20c7b6919b2fc847668773fac1062c73",
+                    "3074cb8b112d0f4ce6f4fac71bd6bd406a2fabc0551f29c3b7e8b771481dd330",
+                    "c0d60f9c81843c9d5a564d96680635588ebad378bda384019e2c5fb2bf25d122"
+                ],
+                "mitre_attack_tags": []
+            },
+            {
+                "bi": "excessive-foreign-memory-modification",
+                "hashes": [
+                    "a7e31506a6f5136a74bc8e8ab40ca85f1d9a366ffaf69fbb01174c3302c2d836",
+                    "396e48550c04112c13456de4da057a5228757304afc0d20c74f5c24a735982a5",
+                    "7ca670fb5472d30d2bd320a373064dc919c3e24f580bdadc694a0c2950b620c5",
+                    "5b5b6c36541723ae5caad84ba2c230ce3be5629fc68226f6c5663bae222a2ac8",
+                    "3a25508291ec509c10f80ae66fe28e4c99b67dc71548ee679f3db6d0c8b1a8c1",
+                    "2ed399e979fa1ad8971db52bf7c295584d8f5834c9546a8753db2d8674936e50",
+                    "67d0e7c7c6ef03c64b8ff8b0e911de0e2b2e13925d78274b758dbf2b43cbe99f",
+                    "9f6df629221781bdb2a5d1147f759819fbe05bf30862b871d50e6a912632bc5e",
+                    "4429cd213094b8cb8b85afb9517140c551133333a920bbf82ba6cb1dfcbb9434",
+                    "c2d10a0e9929a419e0fdf9ecb685b63b8027c93e27e41d8a19965b0b5fb315f6",
+                    "284a302b8433f28439ac7adab777b0afb649eb798e869cf9f80ff9142359cb91",
+                    "01769ed4caabda8eeeaf95cf2769e7c70c7d07efdda8c45c99dfdc29fb6426b3",
+                    "47df64e82a237af5045e6fc6da1ed065302825eace28c86e0d622f6b9f29cddc",
+                    "d49428195a33e18cc313f11cce15943f20c7b6919b2fc847668773fac1062c73",
+                    "3074cb8b112d0f4ce6f4fac71bd6bd406a2fabc0551f29c3b7e8b771481dd330",
+                    "c0d60f9c81843c9d5a564d96680635588ebad378bda384019e2c5fb2bf25d122"
+                ],
+                "mitre_attack_tags": [
+                    "TA0005",
+                    "T1055"
+                ]
+            },
+            {
+                "bi": "registry-autorun-key-modified",
+                "hashes": [
+                    "a7e31506a6f5136a74bc8e8ab40ca85f1d9a366ffaf69fbb01174c3302c2d836",
+                    "396e48550c04112c13456de4da057a5228757304afc0d20c74f5c24a735982a5",
+                    "7ca670fb5472d30d2bd320a373064dc919c3e24f580bdadc694a0c2950b620c5",
+                    "5b5b6c36541723ae5caad84ba2c230ce3be5629fc68226f6c5663bae222a2ac8",
+                    "3a25508291ec509c10f80ae66fe28e4c99b67dc71548ee679f3db6d0c8b1a8c1",
+                    "2ed399e979fa1ad8971db52bf7c295584d8f5834c9546a8753db2d8674936e50",
+                    "67d0e7c7c6ef03c64b8ff8b0e911de0e2b2e13925d78274b758dbf2b43cbe99f",
+                    "9f6df629221781bdb2a5d1147f759819fbe05bf30862b871d50e6a912632bc5e",
+                    "4429cd213094b8cb8b85afb9517140c551133333a920bbf82ba6cb1dfcbb9434",
+                    "c2d10a0e9929a419e0fdf9ecb685b63b8027c93e27e41d8a19965b0b5fb315f6",
+                    "284a302b8433f28439ac7adab777b0afb649eb798e869cf9f80ff9142359cb91",
+                    "01769ed4caabda8eeeaf95cf2769e7c70c7d07efdda8c45c99dfdc29fb6426b3",
+                    "47df64e82a237af5045e6fc6da1ed065302825eace28c86e0d622f6b9f29cddc",
+                    "d49428195a33e18cc313f11cce15943f20c7b6919b2fc847668773fac1062c73",
+                    "3074cb8b112d0f4ce6f4fac71bd6bd406a2fabc0551f29c3b7e8b771481dd330",
+                    "c0d60f9c81843c9d5a564d96680635588ebad378bda384019e2c5fb2bf25d122"
+                ],
+                "mitre_attack_tags": [
+                    "TA0003",
+                    "T1060"
+                ]
+            },
+            {
+                "bi": "network-dns-category-file-storage",
+                "hashes": [
+                    "a7e31506a6f5136a74bc8e8ab40ca85f1d9a366ffaf69fbb01174c3302c2d836",
+                    "7ca670fb5472d30d2bd320a373064dc919c3e24f580bdadc694a0c2950b620c5",
+                    "5b5b6c36541723ae5caad84ba2c230ce3be5629fc68226f6c5663bae222a2ac8",
+                    "3a25508291ec509c10f80ae66fe28e4c99b67dc71548ee679f3db6d0c8b1a8c1",
+                    "2ed399e979fa1ad8971db52bf7c295584d8f5834c9546a8753db2d8674936e50",
+                    "67d0e7c7c6ef03c64b8ff8b0e911de0e2b2e13925d78274b758dbf2b43cbe99f",
+                    "9f6df629221781bdb2a5d1147f759819fbe05bf30862b871d50e6a912632bc5e",
+                    "4429cd213094b8cb8b85afb9517140c551133333a920bbf82ba6cb1dfcbb9434",
+                    "c2d10a0e9929a419e0fdf9ecb685b63b8027c93e27e41d8a19965b0b5fb315f6",
+                    "284a302b8433f28439ac7adab777b0afb649eb798e869cf9f80ff9142359cb91",
+                    "01769ed4caabda8eeeaf95cf2769e7c70c7d07efdda8c45c99dfdc29fb6426b3",
+                    "47df64e82a237af5045e6fc6da1ed065302825eace28c86e0d622f6b9f29cddc",
+                    "d49428195a33e18cc313f11cce15943f20c7b6919b2fc847668773fac1062c73",
+                    "3074cb8b112d0f4ce6f4fac71bd6bd406a2fabc0551f29c3b7e8b771481dd330",
+                    "c0d60f9c81843c9d5a564d96680635588ebad378bda384019e2c5fb2bf25d122"
+                ],
+                "mitre_attack_tags": []
+            },
+            {
+                "bi": "registry-modified-rootcerts",
+                "hashes": [
+                    "a7e31506a6f5136a74bc8e8ab40ca85f1d9a366ffaf69fbb01174c3302c2d836",
+                    "7ca670fb5472d30d2bd320a373064dc919c3e24f580bdadc694a0c2950b620c5",
+                    "5b5b6c36541723ae5caad84ba2c230ce3be5629fc68226f6c5663bae222a2ac8",
+                    "3a25508291ec509c10f80ae66fe28e4c99b67dc71548ee679f3db6d0c8b1a8c1",
+                    "2ed399e979fa1ad8971db52bf7c295584d8f5834c9546a8753db2d8674936e50",
+                    "67d0e7c7c6ef03c64b8ff8b0e911de0e2b2e13925d78274b758dbf2b43cbe99f",
+                    "9f6df629221781bdb2a5d1147f759819fbe05bf30862b871d50e6a912632bc5e",
+                    "4429cd213094b8cb8b85afb9517140c551133333a920bbf82ba6cb1dfcbb9434",
+                    "c2d10a0e9929a419e0fdf9ecb685b63b8027c93e27e41d8a19965b0b5fb315f6",
+                    "284a302b8433f28439ac7adab777b0afb649eb798e869cf9f80ff9142359cb91",
+                    "01769ed4caabda8eeeaf95cf2769e7c70c7d07efdda8c45c99dfdc29fb6426b3",
+                    "47df64e82a237af5045e6fc6da1ed065302825eace28c86e0d622f6b9f29cddc",
+                    "d49428195a33e18cc313f11cce15943f20c7b6919b2fc847668773fac1062c73",
+                    "3074cb8b112d0f4ce6f4fac71bd6bd406a2fabc0551f29c3b7e8b771481dd330",
+                    "c0d60f9c81843c9d5a564d96680635588ebad378bda384019e2c5fb2bf25d122"
+                ],
+                "mitre_attack_tags": [
+                    "TA0011",
+                    "TA0006",
+                    "TA0005",
+                    "T1130"
+                ]
+            },
+            {
+                "bi": "feed-domain-rat",
+                "hashes": [
+                    "a7e31506a6f5136a74bc8e8ab40ca85f1d9a366ffaf69fbb01174c3302c2d836",
+                    "7ca670fb5472d30d2bd320a373064dc919c3e24f580bdadc694a0c2950b620c5",
+                    "5b5b6c36541723ae5caad84ba2c230ce3be5629fc68226f6c5663bae222a2ac8",
+                    "3a25508291ec509c10f80ae66fe28e4c99b67dc71548ee679f3db6d0c8b1a8c1",
+                    "2ed399e979fa1ad8971db52bf7c295584d8f5834c9546a8753db2d8674936e50",
+                    "67d0e7c7c6ef03c64b8ff8b0e911de0e2b2e13925d78274b758dbf2b43cbe99f",
+                    "9f6df629221781bdb2a5d1147f759819fbe05bf30862b871d50e6a912632bc5e",
+                    "c2d10a0e9929a419e0fdf9ecb685b63b8027c93e27e41d8a19965b0b5fb315f6",
+                    "284a302b8433f28439ac7adab777b0afb649eb798e869cf9f80ff9142359cb91",
+                    "01769ed4caabda8eeeaf95cf2769e7c70c7d07efdda8c45c99dfdc29fb6426b3",
+                    "47df64e82a237af5045e6fc6da1ed065302825eace28c86e0d622f6b9f29cddc",
+                    "d49428195a33e18cc313f11cce15943f20c7b6919b2fc847668773fac1062c73",
+                    "3074cb8b112d0f4ce6f4fac71bd6bd406a2fabc0551f29c3b7e8b771481dd330",
+                    "c0d60f9c81843c9d5a564d96680635588ebad378bda384019e2c5fb2bf25d122"
+                ],
+                "mitre_attack_tags": []
+            },
+            {
+                "bi": "feed-domain-antivirus-service",
+                "hashes": [
+                    "a7e31506a6f5136a74bc8e8ab40ca85f1d9a366ffaf69fbb01174c3302c2d836",
+                    "7ca670fb5472d30d2bd320a373064dc919c3e24f580bdadc694a0c2950b620c5",
+                    "5b5b6c36541723ae5caad84ba2c230ce3be5629fc68226f6c5663bae222a2ac8",
+                    "3a25508291ec509c10f80ae66fe28e4c99b67dc71548ee679f3db6d0c8b1a8c1",
+                    "2ed399e979fa1ad8971db52bf7c295584d8f5834c9546a8753db2d8674936e50",
+                    "67d0e7c7c6ef03c64b8ff8b0e911de0e2b2e13925d78274b758dbf2b43cbe99f",
+                    "9f6df629221781bdb2a5d1147f759819fbe05bf30862b871d50e6a912632bc5e",
+                    "c2d10a0e9929a419e0fdf9ecb685b63b8027c93e27e41d8a19965b0b5fb315f6",
+                    "284a302b8433f28439ac7adab777b0afb649eb798e869cf9f80ff9142359cb91",
+                    "01769ed4caabda8eeeaf95cf2769e7c70c7d07efdda8c45c99dfdc29fb6426b3",
+                    "47df64e82a237af5045e6fc6da1ed065302825eace28c86e0d622f6b9f29cddc",
+                    "d49428195a33e18cc313f11cce15943f20c7b6919b2fc847668773fac1062c73",
+                    "3074cb8b112d0f4ce6f4fac71bd6bd406a2fabc0551f29c3b7e8b771481dd330",
+                    "c0d60f9c81843c9d5a564d96680635588ebad378bda384019e2c5fb2bf25d122"
+                ],
+                "mitre_attack_tags": []
+            },
+            {
+                "bi": "windows-util-schtask-generic",
+                "hashes": [
+                    "a7e31506a6f5136a74bc8e8ab40ca85f1d9a366ffaf69fbb01174c3302c2d836",
+                    "7ca670fb5472d30d2bd320a373064dc919c3e24f580bdadc694a0c2950b620c5",
+                    "5b5b6c36541723ae5caad84ba2c230ce3be5629fc68226f6c5663bae222a2ac8",
+                    "3a25508291ec509c10f80ae66fe28e4c99b67dc71548ee679f3db6d0c8b1a8c1",
+                    "2ed399e979fa1ad8971db52bf7c295584d8f5834c9546a8753db2d8674936e50",
+                    "67d0e7c7c6ef03c64b8ff8b0e911de0e2b2e13925d78274b758dbf2b43cbe99f",
+                    "9f6df629221781bdb2a5d1147f759819fbe05bf30862b871d50e6a912632bc5e",
+                    "c2d10a0e9929a419e0fdf9ecb685b63b8027c93e27e41d8a19965b0b5fb315f6",
+                    "284a302b8433f28439ac7adab777b0afb649eb798e869cf9f80ff9142359cb91",
+                    "01769ed4caabda8eeeaf95cf2769e7c70c7d07efdda8c45c99dfdc29fb6426b3",
+                    "47df64e82a237af5045e6fc6da1ed065302825eace28c86e0d622f6b9f29cddc",
+                    "d49428195a33e18cc313f11cce15943f20c7b6919b2fc847668773fac1062c73",
+                    "3074cb8b112d0f4ce6f4fac71bd6bd406a2fabc0551f29c3b7e8b771481dd330",
+                    "c0d60f9c81843c9d5a564d96680635588ebad378bda384019e2c5fb2bf25d122"
+                ],
+                "mitre_attack_tags": [
+                    "TA0003",
+                    "T1053"
+                ]
+            },
+            {
+                "bi": "files-deleted-used-batch",
+                "hashes": [
+                    "a7e31506a6f5136a74bc8e8ab40ca85f1d9a366ffaf69fbb01174c3302c2d836",
+                    "7ca670fb5472d30d2bd320a373064dc919c3e24f580bdadc694a0c2950b620c5",
+                    "5b5b6c36541723ae5caad84ba2c230ce3be5629fc68226f6c5663bae222a2ac8",
+                    "3a25508291ec509c10f80ae66fe28e4c99b67dc71548ee679f3db6d0c8b1a8c1",
+                    "2ed399e979fa1ad8971db52bf7c295584d8f5834c9546a8753db2d8674936e50",
+                    "67d0e7c7c6ef03c64b8ff8b0e911de0e2b2e13925d78274b758dbf2b43cbe99f",
+                    "9f6df629221781bdb2a5d1147f759819fbe05bf30862b871d50e6a912632bc5e",
+                    "c2d10a0e9929a419e0fdf9ecb685b63b8027c93e27e41d8a19965b0b5fb315f6",
+                    "284a302b8433f28439ac7adab777b0afb649eb798e869cf9f80ff9142359cb91",
+                    "01769ed4caabda8eeeaf95cf2769e7c70c7d07efdda8c45c99dfdc29fb6426b3",
+                    "47df64e82a237af5045e6fc6da1ed065302825eace28c86e0d622f6b9f29cddc",
+                    "d49428195a33e18cc313f11cce15943f20c7b6919b2fc847668773fac1062c73",
+                    "3074cb8b112d0f4ce6f4fac71bd6bd406a2fabc0551f29c3b7e8b771481dd330",
+                    "c0d60f9c81843c9d5a564d96680635588ebad378bda384019e2c5fb2bf25d122"
+                ],
+                "mitre_attack_tags": [
+                    "TA0005",
+                    "T1107"
+                ]
+            },
+            {
+                "bi": "cmd-exe-file-execution",
+                "hashes": [
+                    "a7e31506a6f5136a74bc8e8ab40ca85f1d9a366ffaf69fbb01174c3302c2d836",
+                    "7ca670fb5472d30d2bd320a373064dc919c3e24f580bdadc694a0c2950b620c5",
+                    "5b5b6c36541723ae5caad84ba2c230ce3be5629fc68226f6c5663bae222a2ac8",
+                    "3a25508291ec509c10f80ae66fe28e4c99b67dc71548ee679f3db6d0c8b1a8c1",
+                    "2ed399e979fa1ad8971db52bf7c295584d8f5834c9546a8753db2d8674936e50",
+                    "67d0e7c7c6ef03c64b8ff8b0e911de0e2b2e13925d78274b758dbf2b43cbe99f",
+                    "9f6df629221781bdb2a5d1147f759819fbe05bf30862b871d50e6a912632bc5e",
+                    "c2d10a0e9929a419e0fdf9ecb685b63b8027c93e27e41d8a19965b0b5fb315f6",
+                    "284a302b8433f28439ac7adab777b0afb649eb798e869cf9f80ff9142359cb91",
+                    "01769ed4caabda8eeeaf95cf2769e7c70c7d07efdda8c45c99dfdc29fb6426b3",
+                    "47df64e82a237af5045e6fc6da1ed065302825eace28c86e0d622f6b9f29cddc",
+                    "d49428195a33e18cc313f11cce15943f20c7b6919b2fc847668773fac1062c73",
+                    "3074cb8b112d0f4ce6f4fac71bd6bd406a2fabc0551f29c3b7e8b771481dd330",
+                    "c0d60f9c81843c9d5a564d96680635588ebad378bda384019e2c5fb2bf25d122"
+                ],
+                "mitre_attack_tags": [
+                    "TA0002",
+                    "T1059"
+                ]
+            },
+            {
+                "bi": "registry-modification-reg",
+                "hashes": [
+                    "a7e31506a6f5136a74bc8e8ab40ca85f1d9a366ffaf69fbb01174c3302c2d836",
+                    "7ca670fb5472d30d2bd320a373064dc919c3e24f580bdadc694a0c2950b620c5",
+                    "5b5b6c36541723ae5caad84ba2c230ce3be5629fc68226f6c5663bae222a2ac8",
+                    "3a25508291ec509c10f80ae66fe28e4c99b67dc71548ee679f3db6d0c8b1a8c1",
+                    "2ed399e979fa1ad8971db52bf7c295584d8f5834c9546a8753db2d8674936e50",
+                    "67d0e7c7c6ef03c64b8ff8b0e911de0e2b2e13925d78274b758dbf2b43cbe99f",
+                    "9f6df629221781bdb2a5d1147f759819fbe05bf30862b871d50e6a912632bc5e",
+                    "c2d10a0e9929a419e0fdf9ecb685b63b8027c93e27e41d8a19965b0b5fb315f6",
+                    "284a302b8433f28439ac7adab777b0afb649eb798e869cf9f80ff9142359cb91",
+                    "01769ed4caabda8eeeaf95cf2769e7c70c7d07efdda8c45c99dfdc29fb6426b3",
+                    "47df64e82a237af5045e6fc6da1ed065302825eace28c86e0d622f6b9f29cddc",
+                    "d49428195a33e18cc313f11cce15943f20c7b6919b2fc847668773fac1062c73",
+                    "3074cb8b112d0f4ce6f4fac71bd6bd406a2fabc0551f29c3b7e8b771481dd330",
+                    "c0d60f9c81843c9d5a564d96680635588ebad378bda384019e2c5fb2bf25d122"
+                ],
+                "mitre_attack_tags": []
+            },
+            {
+                "bi": "malware-remcos-mutex",
+                "hashes": [
+                    "a7e31506a6f5136a74bc8e8ab40ca85f1d9a366ffaf69fbb01174c3302c2d836",
+                    "7ca670fb5472d30d2bd320a373064dc919c3e24f580bdadc694a0c2950b620c5",
+                    "5b5b6c36541723ae5caad84ba2c230ce3be5629fc68226f6c5663bae222a2ac8",
+                    "3a25508291ec509c10f80ae66fe28e4c99b67dc71548ee679f3db6d0c8b1a8c1",
+                    "2ed399e979fa1ad8971db52bf7c295584d8f5834c9546a8753db2d8674936e50",
+                    "67d0e7c7c6ef03c64b8ff8b0e911de0e2b2e13925d78274b758dbf2b43cbe99f",
+                    "9f6df629221781bdb2a5d1147f759819fbe05bf30862b871d50e6a912632bc5e",
+                    "c2d10a0e9929a419e0fdf9ecb685b63b8027c93e27e41d8a19965b0b5fb315f6",
+                    "284a302b8433f28439ac7adab777b0afb649eb798e869cf9f80ff9142359cb91",
+                    "01769ed4caabda8eeeaf95cf2769e7c70c7d07efdda8c45c99dfdc29fb6426b3",
+                    "47df64e82a237af5045e6fc6da1ed065302825eace28c86e0d622f6b9f29cddc",
+                    "d49428195a33e18cc313f11cce15943f20c7b6919b2fc847668773fac1062c73",
+                    "3074cb8b112d0f4ce6f4fac71bd6bd406a2fabc0551f29c3b7e8b771481dd330",
+                    "c0d60f9c81843c9d5a564d96680635588ebad378bda384019e2c5fb2bf25d122"
+                ],
+                "mitre_attack_tags": []
+            },
+            {
+                "bi": "pe-header-timestamp-future",
+                "hashes": [
+                    "a7e31506a6f5136a74bc8e8ab40ca85f1d9a366ffaf69fbb01174c3302c2d836",
+                    "7ca670fb5472d30d2bd320a373064dc919c3e24f580bdadc694a0c2950b620c5",
+                    "5b5b6c36541723ae5caad84ba2c230ce3be5629fc68226f6c5663bae222a2ac8",
+                    "3a25508291ec509c10f80ae66fe28e4c99b67dc71548ee679f3db6d0c8b1a8c1",
+                    "2ed399e979fa1ad8971db52bf7c295584d8f5834c9546a8753db2d8674936e50",
+                    "67d0e7c7c6ef03c64b8ff8b0e911de0e2b2e13925d78274b758dbf2b43cbe99f",
+                    "9f6df629221781bdb2a5d1147f759819fbe05bf30862b871d50e6a912632bc5e",
+                    "c2d10a0e9929a419e0fdf9ecb685b63b8027c93e27e41d8a19965b0b5fb315f6",
+                    "284a302b8433f28439ac7adab777b0afb649eb798e869cf9f80ff9142359cb91",
+                    "01769ed4caabda8eeeaf95cf2769e7c70c7d07efdda8c45c99dfdc29fb6426b3",
+                    "47df64e82a237af5045e6fc6da1ed065302825eace28c86e0d622f6b9f29cddc",
+                    "d49428195a33e18cc313f11cce15943f20c7b6919b2fc847668773fac1062c73",
+                    "3074cb8b112d0f4ce6f4fac71bd6bd406a2fabc0551f29c3b7e8b771481dd330",
+                    "c0d60f9c81843c9d5a564d96680635588ebad378bda384019e2c5fb2bf25d122"
+                ],
+                "mitre_attack_tags": []
+            },
+            {
+                "bi": "malware-remcos-registry",
+                "hashes": [
+                    "a7e31506a6f5136a74bc8e8ab40ca85f1d9a366ffaf69fbb01174c3302c2d836",
+                    "7ca670fb5472d30d2bd320a373064dc919c3e24f580bdadc694a0c2950b620c5",
+                    "5b5b6c36541723ae5caad84ba2c230ce3be5629fc68226f6c5663bae222a2ac8",
+                    "3a25508291ec509c10f80ae66fe28e4c99b67dc71548ee679f3db6d0c8b1a8c1",
+                    "2ed399e979fa1ad8971db52bf7c295584d8f5834c9546a8753db2d8674936e50",
+                    "67d0e7c7c6ef03c64b8ff8b0e911de0e2b2e13925d78274b758dbf2b43cbe99f",
+                    "9f6df629221781bdb2a5d1147f759819fbe05bf30862b871d50e6a912632bc5e",
+                    "c2d10a0e9929a419e0fdf9ecb685b63b8027c93e27e41d8a19965b0b5fb315f6",
+                    "284a302b8433f28439ac7adab777b0afb649eb798e869cf9f80ff9142359cb91",
+                    "01769ed4caabda8eeeaf95cf2769e7c70c7d07efdda8c45c99dfdc29fb6426b3",
+                    "47df64e82a237af5045e6fc6da1ed065302825eace28c86e0d622f6b9f29cddc",
+                    "d49428195a33e18cc313f11cce15943f20c7b6919b2fc847668773fac1062c73",
+                    "3074cb8b112d0f4ce6f4fac71bd6bd406a2fabc0551f29c3b7e8b771481dd330",
+                    "c0d60f9c81843c9d5a564d96680635588ebad378bda384019e2c5fb2bf25d122"
+                ],
+                "mitre_attack_tags": [
+                    "TA0009",
+                    "TA0006",
+                    "TA0011",
+                    "TA0008",
+                    "T1056",
+                    "T1113",
+                    "T1125",
+                    "T1123",
+                    "T1105"
+                ]
+            },
+            {
+                "bi": "files-deleted-used-vbs",
+                "hashes": [
+                    "a7e31506a6f5136a74bc8e8ab40ca85f1d9a366ffaf69fbb01174c3302c2d836",
+                    "7ca670fb5472d30d2bd320a373064dc919c3e24f580bdadc694a0c2950b620c5",
+                    "5b5b6c36541723ae5caad84ba2c230ce3be5629fc68226f6c5663bae222a2ac8",
+                    "3a25508291ec509c10f80ae66fe28e4c99b67dc71548ee679f3db6d0c8b1a8c1",
+                    "2ed399e979fa1ad8971db52bf7c295584d8f5834c9546a8753db2d8674936e50",
+                    "67d0e7c7c6ef03c64b8ff8b0e911de0e2b2e13925d78274b758dbf2b43cbe99f",
+                    "9f6df629221781bdb2a5d1147f759819fbe05bf30862b871d50e6a912632bc5e",
+                    "c2d10a0e9929a419e0fdf9ecb685b63b8027c93e27e41d8a19965b0b5fb315f6",
+                    "284a302b8433f28439ac7adab777b0afb649eb798e869cf9f80ff9142359cb91",
+                    "01769ed4caabda8eeeaf95cf2769e7c70c7d07efdda8c45c99dfdc29fb6426b3",
+                    "47df64e82a237af5045e6fc6da1ed065302825eace28c86e0d622f6b9f29cddc",
+                    "d49428195a33e18cc313f11cce15943f20c7b6919b2fc847668773fac1062c73",
+                    "3074cb8b112d0f4ce6f4fac71bd6bd406a2fabc0551f29c3b7e8b771481dd330",
+                    "c0d60f9c81843c9d5a564d96680635588ebad378bda384019e2c5fb2bf25d122"
+                ],
+                "mitre_attack_tags": [
+                    "TA0005",
+                    "T1107"
+                ]
+            },
+            {
+                "bi": "benign-process-has-child",
+                "hashes": [
+                    "a7e31506a6f5136a74bc8e8ab40ca85f1d9a366ffaf69fbb01174c3302c2d836",
+                    "7ca670fb5472d30d2bd320a373064dc919c3e24f580bdadc694a0c2950b620c5",
+                    "5b5b6c36541723ae5caad84ba2c230ce3be5629fc68226f6c5663bae222a2ac8",
+                    "3a25508291ec509c10f80ae66fe28e4c99b67dc71548ee679f3db6d0c8b1a8c1",
+                    "2ed399e979fa1ad8971db52bf7c295584d8f5834c9546a8753db2d8674936e50",
+                    "67d0e7c7c6ef03c64b8ff8b0e911de0e2b2e13925d78274b758dbf2b43cbe99f",
+                    "9f6df629221781bdb2a5d1147f759819fbe05bf30862b871d50e6a912632bc5e",
+                    "c2d10a0e9929a419e0fdf9ecb685b63b8027c93e27e41d8a19965b0b5fb315f6",
+                    "284a302b8433f28439ac7adab777b0afb649eb798e869cf9f80ff9142359cb91",
+                    "01769ed4caabda8eeeaf95cf2769e7c70c7d07efdda8c45c99dfdc29fb6426b3",
+                    "47df64e82a237af5045e6fc6da1ed065302825eace28c86e0d622f6b9f29cddc",
+                    "d49428195a33e18cc313f11cce15943f20c7b6919b2fc847668773fac1062c73",
+                    "3074cb8b112d0f4ce6f4fac71bd6bd406a2fabc0551f29c3b7e8b771481dd330",
+                    "c0d60f9c81843c9d5a564d96680635588ebad378bda384019e2c5fb2bf25d122"
+                ],
+                "mitre_attack_tags": [
+                    "TA0005",
+                    "T1055"
+                ]
+            },
+            {
+                "bi": "fake-windows-directory-file-creation",
+                "hashes": [
+                    "a7e31506a6f5136a74bc8e8ab40ca85f1d9a366ffaf69fbb01174c3302c2d836",
+                    "7ca670fb5472d30d2bd320a373064dc919c3e24f580bdadc694a0c2950b620c5",
+                    "5b5b6c36541723ae5caad84ba2c230ce3be5629fc68226f6c5663bae222a2ac8",
+                    "3a25508291ec509c10f80ae66fe28e4c99b67dc71548ee679f3db6d0c8b1a8c1",
+                    "2ed399e979fa1ad8971db52bf7c295584d8f5834c9546a8753db2d8674936e50",
+                    "67d0e7c7c6ef03c64b8ff8b0e911de0e2b2e13925d78274b758dbf2b43cbe99f",
+                    "9f6df629221781bdb2a5d1147f759819fbe05bf30862b871d50e6a912632bc5e",
+                    "c2d10a0e9929a419e0fdf9ecb685b63b8027c93e27e41d8a19965b0b5fb315f6",
+                    "284a302b8433f28439ac7adab777b0afb649eb798e869cf9f80ff9142359cb91",
+                    "01769ed4caabda8eeeaf95cf2769e7c70c7d07efdda8c45c99dfdc29fb6426b3",
+                    "47df64e82a237af5045e6fc6da1ed065302825eace28c86e0d622f6b9f29cddc",
+                    "d49428195a33e18cc313f11cce15943f20c7b6919b2fc847668773fac1062c73",
+                    "3074cb8b112d0f4ce6f4fac71bd6bd406a2fabc0551f29c3b7e8b771481dd330",
+                    "c0d60f9c81843c9d5a564d96680635588ebad378bda384019e2c5fb2bf25d122"
+                ],
+                "mitre_attack_tags": [
+                    "TA0005",
+                    "TA0002",
+                    "T1036",
+                    "T1151"
+                ]
+            },
+            {
+                "bi": "malware-gelup-artifact-detected",
+                "hashes": [
+                    "a7e31506a6f5136a74bc8e8ab40ca85f1d9a366ffaf69fbb01174c3302c2d836",
+                    "7ca670fb5472d30d2bd320a373064dc919c3e24f580bdadc694a0c2950b620c5",
+                    "5b5b6c36541723ae5caad84ba2c230ce3be5629fc68226f6c5663bae222a2ac8",
+                    "3a25508291ec509c10f80ae66fe28e4c99b67dc71548ee679f3db6d0c8b1a8c1",
+                    "2ed399e979fa1ad8971db52bf7c295584d8f5834c9546a8753db2d8674936e50",
+                    "67d0e7c7c6ef03c64b8ff8b0e911de0e2b2e13925d78274b758dbf2b43cbe99f",
+                    "9f6df629221781bdb2a5d1147f759819fbe05bf30862b871d50e6a912632bc5e",
+                    "c2d10a0e9929a419e0fdf9ecb685b63b8027c93e27e41d8a19965b0b5fb315f6",
+                    "284a302b8433f28439ac7adab777b0afb649eb798e869cf9f80ff9142359cb91",
+                    "01769ed4caabda8eeeaf95cf2769e7c70c7d07efdda8c45c99dfdc29fb6426b3",
+                    "47df64e82a237af5045e6fc6da1ed065302825eace28c86e0d622f6b9f29cddc",
+                    "d49428195a33e18cc313f11cce15943f20c7b6919b2fc847668773fac1062c73",
+                    "3074cb8b112d0f4ce6f4fac71bd6bd406a2fabc0551f29c3b7e8b771481dd330",
+                    "c0d60f9c81843c9d5a564d96680635588ebad378bda384019e2c5fb2bf25d122"
+                ],
+                "mitre_attack_tags": []
+            },
+            {
+                "bi": "network-snort-protocol",
+                "hashes": [
+                    "a7e31506a6f5136a74bc8e8ab40ca85f1d9a366ffaf69fbb01174c3302c2d836",
+                    "7ca670fb5472d30d2bd320a373064dc919c3e24f580bdadc694a0c2950b620c5",
+                    "5b5b6c36541723ae5caad84ba2c230ce3be5629fc68226f6c5663bae222a2ac8",
+                    "3a25508291ec509c10f80ae66fe28e4c99b67dc71548ee679f3db6d0c8b1a8c1",
+                    "2ed399e979fa1ad8971db52bf7c295584d8f5834c9546a8753db2d8674936e50",
+                    "67d0e7c7c6ef03c64b8ff8b0e911de0e2b2e13925d78274b758dbf2b43cbe99f",
+                    "9f6df629221781bdb2a5d1147f759819fbe05bf30862b871d50e6a912632bc5e",
+                    "c2d10a0e9929a419e0fdf9ecb685b63b8027c93e27e41d8a19965b0b5fb315f6",
+                    "01769ed4caabda8eeeaf95cf2769e7c70c7d07efdda8c45c99dfdc29fb6426b3",
+                    "47df64e82a237af5045e6fc6da1ed065302825eace28c86e0d622f6b9f29cddc",
+                    "d49428195a33e18cc313f11cce15943f20c7b6919b2fc847668773fac1062c73",
+                    "3074cb8b112d0f4ce6f4fac71bd6bd406a2fabc0551f29c3b7e8b771481dd330",
+                    "c0d60f9c81843c9d5a564d96680635588ebad378bda384019e2c5fb2bf25d122"
+                ],
+                "mitre_attack_tags": []
+            },
+            {
+                "bi": "malware-remcos-path",
+                "hashes": [
+                    "a7e31506a6f5136a74bc8e8ab40ca85f1d9a366ffaf69fbb01174c3302c2d836",
+                    "7ca670fb5472d30d2bd320a373064dc919c3e24f580bdadc694a0c2950b620c5",
+                    "c2d10a0e9929a419e0fdf9ecb685b63b8027c93e27e41d8a19965b0b5fb315f6",
+                    "c0d60f9c81843c9d5a564d96680635588ebad378bda384019e2c5fb2bf25d122"
+                ],
+                "mitre_attack_tags": []
+            },
+            {
+                "bi": "network-dns-category-dynamic",
+                "hashes": [
+                    "3a25508291ec509c10f80ae66fe28e4c99b67dc71548ee679f3db6d0c8b1a8c1",
+                    "67d0e7c7c6ef03c64b8ff8b0e911de0e2b2e13925d78274b758dbf2b43cbe99f",
+                    "c2d10a0e9929a419e0fdf9ecb685b63b8027c93e27e41d8a19965b0b5fb315f6",
+                    "47df64e82a237af5045e6fc6da1ed065302825eace28c86e0d622f6b9f29cddc"
+                ],
+                "mitre_attack_tags": []
+            },
+            {
+                "bi": "audio-video-mutex-detected",
+                "hashes": [
+                    "396e48550c04112c13456de4da057a5228757304afc0d20c74f5c24a735982a5",
+                    "4429cd213094b8cb8b85afb9517140c551133333a920bbf82ba6cb1dfcbb9434"
+                ],
+                "mitre_attack_tags": [
+                    "TA0009",
+                    "T1123",
+                    "T1125"
+                ]
+            },
+            {
+                "bi": "network-opendns-malicious",
+                "hashes": [
+                    "7ca670fb5472d30d2bd320a373064dc919c3e24f580bdadc694a0c2950b620c5",
+                    "c0d60f9c81843c9d5a564d96680635588ebad378bda384019e2c5fb2bf25d122"
+                ],
+                "mitre_attack_tags": []
+            },
+            {
+                "bi": "network-dns-category-cnc",
+                "hashes": [
+                    "7ca670fb5472d30d2bd320a373064dc919c3e24f580bdadc694a0c2950b620c5",
+                    "c0d60f9c81843c9d5a564d96680635588ebad378bda384019e2c5fb2bf25d122"
+                ],
+                "mitre_attack_tags": [
+                    "TA0011"
+                ]
+            },
+            {
+                "bi": "antivirus-service-flagged-artifact-mid",
+                "hashes": [
+                    "3a25508291ec509c10f80ae66fe28e4c99b67dc71548ee679f3db6d0c8b1a8c1"
+                ],
+                "mitre_attack_tags": []
+            },
+            {
+                "bi": "file-ini-read",
+                "hashes": [
+                    "4429cd213094b8cb8b85afb9517140c551133333a920bbf82ba6cb1dfcbb9434"
+                ],
+                "mitre_attack_tags": []
+            },
+            {
+                "bi": "windows-vault-api",
+                "hashes": [
+                    "4429cd213094b8cb8b85afb9517140c551133333a920bbf82ba6cb1dfcbb9434"
+                ],
+                "mitre_attack_tags": [
+                    "TA0006",
+                    "T1003"
+                ]
+            },
+            {
+                "bi": "firefox-password-manager-local-database-access",
+                "hashes": [
+                    "4429cd213094b8cb8b85afb9517140c551133333a920bbf82ba6cb1dfcbb9434"
+                ],
+                "mitre_attack_tags": [
+                    "TA0006",
+                    "T1003"
+                ]
+            },
+            {
+                "bi": "enumeration-browser-information",
+                "hashes": [
+                    "4429cd213094b8cb8b85afb9517140c551133333a920bbf82ba6cb1dfcbb9434"
+                ],
+                "mitre_attack_tags": [
+                    "TA0007",
+                    "TA0006",
+                    "T1003",
+                    "T1217"
+                ]
+            },
+            {
+                "bi": "network-fast-flux-nameserver",
+                "hashes": [
+                    "01769ed4caabda8eeeaf95cf2769e7c70c7d07efdda8c45c99dfdc29fb6426b3"
+                ],
+                "mitre_attack_tags": []
+            },
+            {
+                "bi": "dns-query-nxdomain",
+                "hashes": [
+                    "01769ed4caabda8eeeaf95cf2769e7c70c7d07efdda8c45c99dfdc29fb6426b3"
+                ],
+                "mitre_attack_tags": []
+            },
+            {
+                "bi": "netbios-query",
+                "hashes": [
+                    "01769ed4caabda8eeeaf95cf2769e7c70c7d07efdda8c45c99dfdc29fb6426b3"
+                ],
+                "mitre_attack_tags": []
+            }
+        ],
+        "category": "Malware",
+        "coverage": {
+            "AMP": true,
+            "CWS": true,
+            "Cloudlock": false,
+            "Email Security": true,
+            "Network Security": true,
+            "Threat Grid": true,
+            "Umbrella": true,
+            "WSA": true
+        },
+        "description": "Remcos is a remote access trojan (RAT) that allows attackers to execute commands on the infected host, log keystrokes, interact with a webcam, and capture screenshots. It is commonly delivered through Microsoft Office documents with macros, sent as attachments on malicious emails.",
+        "hashes": [
+            "01769ed4caabda8eeeaf95cf2769e7c70c7d07efdda8c45c99dfdc29fb6426b3",
+            "0bdc3b3fd3b8f4e356b694b3cfa541ff548c741cd24f1209a357f931ef00ca94",
+            "284a302b8433f28439ac7adab777b0afb649eb798e869cf9f80ff9142359cb91",
+            "2ed399e979fa1ad8971db52bf7c295584d8f5834c9546a8753db2d8674936e50",
+            "3074cb8b112d0f4ce6f4fac71bd6bd406a2fabc0551f29c3b7e8b771481dd330",
+            "396e48550c04112c13456de4da057a5228757304afc0d20c74f5c24a735982a5",
+            "3a25508291ec509c10f80ae66fe28e4c99b67dc71548ee679f3db6d0c8b1a8c1",
+            "4429cd213094b8cb8b85afb9517140c551133333a920bbf82ba6cb1dfcbb9434",
+            "47df64e82a237af5045e6fc6da1ed065302825eace28c86e0d622f6b9f29cddc",
+            "5b5b6c36541723ae5caad84ba2c230ce3be5629fc68226f6c5663bae222a2ac8",
+            "67d0e7c7c6ef03c64b8ff8b0e911de0e2b2e13925d78274b758dbf2b43cbe99f",
+            "7ca670fb5472d30d2bd320a373064dc919c3e24f580bdadc694a0c2950b620c5",
+            "9f6df629221781bdb2a5d1147f759819fbe05bf30862b871d50e6a912632bc5e",
+            "a7e31506a6f5136a74bc8e8ab40ca85f1d9a366ffaf69fbb01174c3302c2d836",
+            "c0d60f9c81843c9d5a564d96680635588ebad378bda384019e2c5fb2bf25d122",
+            "c2d10a0e9929a419e0fdf9ecb685b63b8027c93e27e41d8a19965b0b5fb315f6",
+            "d49428195a33e18cc313f11cce15943f20c7b6919b2fc847668773fac1062c73"
+        ],
+        "iocs": {
+            "domain": [
+                {
+                    "hashes": [
+                        "2ed399e979fa1ad8971db52bf7c295584d8f5834c9546a8753db2d8674936e50",
+                        "5b5b6c36541723ae5caad84ba2c230ce3be5629fc68226f6c5663bae222a2ac8",
+                        "9f6df629221781bdb2a5d1147f759819fbe05bf30862b871d50e6a912632bc5e"
+                    ],
+                    "host": "goddywin[.]freedynamicdns[.]net"
+                },
+                {
+                    "hashes": [
+                        "01769ed4caabda8eeeaf95cf2769e7c70c7d07efdda8c45c99dfdc29fb6426b3",
+                        "3074cb8b112d0f4ce6f4fac71bd6bd406a2fabc0551f29c3b7e8b771481dd330",
+                        "d49428195a33e18cc313f11cce15943f20c7b6919b2fc847668773fac1062c73"
+                    ],
+                    "host": "boot[.]awsmppl[.]com"
+                },
+                {
+                    "hashes": [
+                        "3074cb8b112d0f4ce6f4fac71bd6bd406a2fabc0551f29c3b7e8b771481dd330",
+                        "d49428195a33e18cc313f11cce15943f20c7b6919b2fc847668773fac1062c73"
+                    ],
+                    "host": "doc-0k-8o-docs[.]googleusercontent[.]com"
+                },
+                {
+                    "hashes": [
+                        "7ca670fb5472d30d2bd320a373064dc919c3e24f580bdadc694a0c2950b620c5",
+                        "c0d60f9c81843c9d5a564d96680635588ebad378bda384019e2c5fb2bf25d122"
+                    ],
+                    "host": "u864246[.]nvpn[.]so"
+                },
+                {
+                    "hashes": [
+                        "7ca670fb5472d30d2bd320a373064dc919c3e24f580bdadc694a0c2950b620c5",
+                        "c0d60f9c81843c9d5a564d96680635588ebad378bda384019e2c5fb2bf25d122"
+                    ],
+                    "host": "doc-0c-b0-docs[.]googleusercontent[.]com"
+                },
+                {
+                    "hashes": [
+                        "3a25508291ec509c10f80ae66fe28e4c99b67dc71548ee679f3db6d0c8b1a8c1",
+                        "47df64e82a237af5045e6fc6da1ed065302825eace28c86e0d622f6b9f29cddc"
+                    ],
+                    "host": "newdawn4me[.]ddns[.]net"
+                },
+                {
+                    "hashes": [
+                        "47df64e82a237af5045e6fc6da1ed065302825eace28c86e0d622f6b9f29cddc",
+                        "c2d10a0e9929a419e0fdf9ecb685b63b8027c93e27e41d8a19965b0b5fb315f6"
+                    ],
+                    "host": "doc-0g-54-docs[.]googleusercontent[.]com"
+                },
+                {
+                    "hashes": [
+                        "396e48550c04112c13456de4da057a5228757304afc0d20c74f5c24a735982a5"
+                    ],
+                    "host": "cdn[.]discordapp[.]com"
+                },
+                {
+                    "hashes": [
+                        "67d0e7c7c6ef03c64b8ff8b0e911de0e2b2e13925d78274b758dbf2b43cbe99f"
+                    ],
+                    "host": "doc-00-54-docs[.]googleusercontent[.]com"
+                },
+                {
+                    "hashes": [
+                        "4429cd213094b8cb8b85afb9517140c551133333a920bbf82ba6cb1dfcbb9434"
+                    ],
+                    "host": "doc-04-6k-docs[.]googleusercontent[.]com"
+                },
+                {
+                    "hashes": [
+                        "284a302b8433f28439ac7adab777b0afb649eb798e869cf9f80ff9142359cb91"
+                    ],
+                    "host": "site[.]ptbagasps[.]co[.]id"
+                },
+                {
+                    "hashes": [
+                        "2ed399e979fa1ad8971db52bf7c295584d8f5834c9546a8753db2d8674936e50"
+                    ],
+                    "host": "doc-14-54-docs[.]googleusercontent[.]com"
+                },
+                {
+                    "hashes": [
+                        "c2d10a0e9929a419e0fdf9ecb685b63b8027c93e27e41d8a19965b0b5fb315f6"
+                    ],
+                    "host": "dolxxrem[.]hopto[.]org"
+                },
+                {
+                    "hashes": [
+                        "5b5b6c36541723ae5caad84ba2c230ce3be5629fc68226f6c5663bae222a2ac8"
+                    ],
+                    "host": "doc-0c-54-docs[.]googleusercontent[.]com"
+                },
+                {
+                    "hashes": [
+                        "67d0e7c7c6ef03c64b8ff8b0e911de0e2b2e13925d78274b758dbf2b43cbe99f"
+                    ],
+                    "host": "thankyoulord[.]ddns[.]net"
+                },
+                {
+                    "hashes": [
+                        "9f6df629221781bdb2a5d1147f759819fbe05bf30862b871d50e6a912632bc5e"
+                    ],
+                    "host": "doc-0o-54-docs[.]googleusercontent[.]com"
+                },
+                {
+                    "hashes": [
+                        "3a25508291ec509c10f80ae66fe28e4c99b67dc71548ee679f3db6d0c8b1a8c1"
+                    ],
+                    "host": "doc-0s-54-docs[.]googleusercontent[.]com"
+                },
+                {
+                    "hashes": [
+                        "01769ed4caabda8eeeaf95cf2769e7c70c7d07efdda8c45c99dfdc29fb6426b3"
+                    ],
+                    "host": "coolcc1[.]xzy"
+                },
+                {
+                    "hashes": [
+                        "a7e31506a6f5136a74bc8e8ab40ca85f1d9a366ffaf69fbb01174c3302c2d836"
+                    ],
+                    "host": "latua[.]nsupdate[.]info"
+                },
+                {
+                    "hashes": [
+                        "01769ed4caabda8eeeaf95cf2769e7c70c7d07efdda8c45c99dfdc29fb6426b3"
+                    ],
+                    "host": "coolget1[.]xzy"
+                },
+                {
+                    "hashes": [
+                        "a7e31506a6f5136a74bc8e8ab40ca85f1d9a366ffaf69fbb01174c3302c2d836"
+                    ],
+                    "host": "doc-0s-b0-docs[.]googleusercontent[.]com"
+                },
+                {
+                    "hashes": [
+                        "01769ed4caabda8eeeaf95cf2769e7c70c7d07efdda8c45c99dfdc29fb6426b3"
+                    ],
+                    "host": "doc-10-8o-docs[.]googleusercontent[.]com"
+                },
+                {
+                    "hashes": [
+                        "01769ed4caabda8eeeaf95cf2769e7c70c7d07efdda8c45c99dfdc29fb6426b3"
+                    ],
+                    "host": "coolta1[.]xzy"
+                },
+                {
+                    "hashes": [
+                        "01769ed4caabda8eeeaf95cf2769e7c70c7d07efdda8c45c99dfdc29fb6426b3"
+                    ],
+                    "host": "coolta2[.]xzy"
+                },
+                {
+                    "hashes": [
+                        "01769ed4caabda8eeeaf95cf2769e7c70c7d07efdda8c45c99dfdc29fb6426b3"
+                    ],
+                    "host": "coolta71[.]com"
+                },
+                {
+                    "hashes": [
+                        "284a302b8433f28439ac7adab777b0afb649eb798e869cf9f80ff9142359cb91"
+                    ],
+                    "host": "doc-0c-bk-docs[.]googleusercontent[.]com"
+                }
+            ],
+            "file": [
+                {
+                    "hashes": [
+                        "01769ed4caabda8eeeaf95cf2769e7c70c7d07efdda8c45c99dfdc29fb6426b3",
+                        "284a302b8433f28439ac7adab777b0afb649eb798e869cf9f80ff9142359cb91",
+                        "2ed399e979fa1ad8971db52bf7c295584d8f5834c9546a8753db2d8674936e50",
+                        "3074cb8b112d0f4ce6f4fac71bd6bd406a2fabc0551f29c3b7e8b771481dd330",
+                        "396e48550c04112c13456de4da057a5228757304afc0d20c74f5c24a735982a5",
+                        "3a25508291ec509c10f80ae66fe28e4c99b67dc71548ee679f3db6d0c8b1a8c1",
+                        "4429cd213094b8cb8b85afb9517140c551133333a920bbf82ba6cb1dfcbb9434",
+                        "47df64e82a237af5045e6fc6da1ed065302825eace28c86e0d622f6b9f29cddc",
+                        "5b5b6c36541723ae5caad84ba2c230ce3be5629fc68226f6c5663bae222a2ac8",
+                        "67d0e7c7c6ef03c64b8ff8b0e911de0e2b2e13925d78274b758dbf2b43cbe99f",
+                        "7ca670fb5472d30d2bd320a373064dc919c3e24f580bdadc694a0c2950b620c5",
+                        "9f6df629221781bdb2a5d1147f759819fbe05bf30862b871d50e6a912632bc5e",
+                        "a7e31506a6f5136a74bc8e8ab40ca85f1d9a366ffaf69fbb01174c3302c2d836",
+                        "c0d60f9c81843c9d5a564d96680635588ebad378bda384019e2c5fb2bf25d122",
+                        "c2d10a0e9929a419e0fdf9ecb685b63b8027c93e27e41d8a19965b0b5fb315f6",
+                        "d49428195a33e18cc313f11cce15943f20c7b6919b2fc847668773fac1062c73"
+                    ],
+                    "path": "%LOCALAPPDATA%\\<random, matching '[a-z0-9]{3,7}'>"
+                },
+                {
+                    "hashes": [
+                        "01769ed4caabda8eeeaf95cf2769e7c70c7d07efdda8c45c99dfdc29fb6426b3",
+                        "284a302b8433f28439ac7adab777b0afb649eb798e869cf9f80ff9142359cb91",
+                        "2ed399e979fa1ad8971db52bf7c295584d8f5834c9546a8753db2d8674936e50",
+                        "3074cb8b112d0f4ce6f4fac71bd6bd406a2fabc0551f29c3b7e8b771481dd330",
+                        "3a25508291ec509c10f80ae66fe28e4c99b67dc71548ee679f3db6d0c8b1a8c1",
+                        "47df64e82a237af5045e6fc6da1ed065302825eace28c86e0d622f6b9f29cddc",
+                        "5b5b6c36541723ae5caad84ba2c230ce3be5629fc68226f6c5663bae222a2ac8",
+                        "67d0e7c7c6ef03c64b8ff8b0e911de0e2b2e13925d78274b758dbf2b43cbe99f",
+                        "7ca670fb5472d30d2bd320a373064dc919c3e24f580bdadc694a0c2950b620c5",
+                        "9f6df629221781bdb2a5d1147f759819fbe05bf30862b871d50e6a912632bc5e",
+                        "a7e31506a6f5136a74bc8e8ab40ca85f1d9a366ffaf69fbb01174c3302c2d836",
+                        "c0d60f9c81843c9d5a564d96680635588ebad378bda384019e2c5fb2bf25d122",
+                        "c2d10a0e9929a419e0fdf9ecb685b63b8027c93e27e41d8a19965b0b5fb315f6",
+                        "d49428195a33e18cc313f11cce15943f20c7b6919b2fc847668773fac1062c73"
+                    ],
+                    "path": "%System32%\\winevt\\Logs\\Microsoft-Windows-CodeIntegrity%4Operational.evtx"
+                },
+                {
+                    "hashes": [
+                        "01769ed4caabda8eeeaf95cf2769e7c70c7d07efdda8c45c99dfdc29fb6426b3",
+                        "284a302b8433f28439ac7adab777b0afb649eb798e869cf9f80ff9142359cb91",
+                        "2ed399e979fa1ad8971db52bf7c295584d8f5834c9546a8753db2d8674936e50",
+                        "3074cb8b112d0f4ce6f4fac71bd6bd406a2fabc0551f29c3b7e8b771481dd330",
+                        "3a25508291ec509c10f80ae66fe28e4c99b67dc71548ee679f3db6d0c8b1a8c1",
+                        "47df64e82a237af5045e6fc6da1ed065302825eace28c86e0d622f6b9f29cddc",
+                        "5b5b6c36541723ae5caad84ba2c230ce3be5629fc68226f6c5663bae222a2ac8",
+                        "67d0e7c7c6ef03c64b8ff8b0e911de0e2b2e13925d78274b758dbf2b43cbe99f",
+                        "7ca670fb5472d30d2bd320a373064dc919c3e24f580bdadc694a0c2950b620c5",
+                        "9f6df629221781bdb2a5d1147f759819fbe05bf30862b871d50e6a912632bc5e",
+                        "a7e31506a6f5136a74bc8e8ab40ca85f1d9a366ffaf69fbb01174c3302c2d836",
+                        "c0d60f9c81843c9d5a564d96680635588ebad378bda384019e2c5fb2bf25d122",
+                        "c2d10a0e9929a419e0fdf9ecb685b63b8027c93e27e41d8a19965b0b5fb315f6",
+                        "d49428195a33e18cc313f11cce15943f20c7b6919b2fc847668773fac1062c73"
+                    ],
+                    "path": "%PUBLIC%\\Natso.bat"
+                },
+                {
+                    "hashes": [
+                        "01769ed4caabda8eeeaf95cf2769e7c70c7d07efdda8c45c99dfdc29fb6426b3",
+                        "284a302b8433f28439ac7adab777b0afb649eb798e869cf9f80ff9142359cb91",
+                        "2ed399e979fa1ad8971db52bf7c295584d8f5834c9546a8753db2d8674936e50",
+                        "3074cb8b112d0f4ce6f4fac71bd6bd406a2fabc0551f29c3b7e8b771481dd330",
+                        "3a25508291ec509c10f80ae66fe28e4c99b67dc71548ee679f3db6d0c8b1a8c1",
+                        "47df64e82a237af5045e6fc6da1ed065302825eace28c86e0d622f6b9f29cddc",
+                        "5b5b6c36541723ae5caad84ba2c230ce3be5629fc68226f6c5663bae222a2ac8",
+                        "67d0e7c7c6ef03c64b8ff8b0e911de0e2b2e13925d78274b758dbf2b43cbe99f",
+                        "7ca670fb5472d30d2bd320a373064dc919c3e24f580bdadc694a0c2950b620c5",
+                        "9f6df629221781bdb2a5d1147f759819fbe05bf30862b871d50e6a912632bc5e",
+                        "a7e31506a6f5136a74bc8e8ab40ca85f1d9a366ffaf69fbb01174c3302c2d836",
+                        "c0d60f9c81843c9d5a564d96680635588ebad378bda384019e2c5fb2bf25d122",
+                        "c2d10a0e9929a419e0fdf9ecb685b63b8027c93e27e41d8a19965b0b5fb315f6",
+                        "d49428195a33e18cc313f11cce15943f20c7b6919b2fc847668773fac1062c73"
+                    ],
+                    "path": "%PUBLIC%\\Runex.bat"
+                },
+                {
+                    "hashes": [
+                        "01769ed4caabda8eeeaf95cf2769e7c70c7d07efdda8c45c99dfdc29fb6426b3",
+                        "284a302b8433f28439ac7adab777b0afb649eb798e869cf9f80ff9142359cb91",
+                        "2ed399e979fa1ad8971db52bf7c295584d8f5834c9546a8753db2d8674936e50",
+                        "3074cb8b112d0f4ce6f4fac71bd6bd406a2fabc0551f29c3b7e8b771481dd330",
+                        "3a25508291ec509c10f80ae66fe28e4c99b67dc71548ee679f3db6d0c8b1a8c1",
+                        "47df64e82a237af5045e6fc6da1ed065302825eace28c86e0d622f6b9f29cddc",
+                        "5b5b6c36541723ae5caad84ba2c230ce3be5629fc68226f6c5663bae222a2ac8",
+                        "67d0e7c7c6ef03c64b8ff8b0e911de0e2b2e13925d78274b758dbf2b43cbe99f",
+                        "7ca670fb5472d30d2bd320a373064dc919c3e24f580bdadc694a0c2950b620c5",
+                        "9f6df629221781bdb2a5d1147f759819fbe05bf30862b871d50e6a912632bc5e",
+                        "a7e31506a6f5136a74bc8e8ab40ca85f1d9a366ffaf69fbb01174c3302c2d836",
+                        "c0d60f9c81843c9d5a564d96680635588ebad378bda384019e2c5fb2bf25d122",
+                        "c2d10a0e9929a419e0fdf9ecb685b63b8027c93e27e41d8a19965b0b5fb315f6",
+                        "d49428195a33e18cc313f11cce15943f20c7b6919b2fc847668773fac1062c73"
+                    ],
+                    "path": "%PUBLIC%\\fodhelper.exe"
+                },
+                {
+                    "hashes": [
+                        "01769ed4caabda8eeeaf95cf2769e7c70c7d07efdda8c45c99dfdc29fb6426b3",
+                        "284a302b8433f28439ac7adab777b0afb649eb798e869cf9f80ff9142359cb91",
+                        "2ed399e979fa1ad8971db52bf7c295584d8f5834c9546a8753db2d8674936e50",
+                        "3074cb8b112d0f4ce6f4fac71bd6bd406a2fabc0551f29c3b7e8b771481dd330",
+                        "3a25508291ec509c10f80ae66fe28e4c99b67dc71548ee679f3db6d0c8b1a8c1",
+                        "47df64e82a237af5045e6fc6da1ed065302825eace28c86e0d622f6b9f29cddc",
+                        "5b5b6c36541723ae5caad84ba2c230ce3be5629fc68226f6c5663bae222a2ac8",
+                        "67d0e7c7c6ef03c64b8ff8b0e911de0e2b2e13925d78274b758dbf2b43cbe99f",
+                        "7ca670fb5472d30d2bd320a373064dc919c3e24f580bdadc694a0c2950b620c5",
+                        "9f6df629221781bdb2a5d1147f759819fbe05bf30862b871d50e6a912632bc5e",
+                        "a7e31506a6f5136a74bc8e8ab40ca85f1d9a366ffaf69fbb01174c3302c2d836",
+                        "c0d60f9c81843c9d5a564d96680635588ebad378bda384019e2c5fb2bf25d122",
+                        "c2d10a0e9929a419e0fdf9ecb685b63b8027c93e27e41d8a19965b0b5fb315f6",
+                        "d49428195a33e18cc313f11cce15943f20c7b6919b2fc847668773fac1062c73"
+                    ],
+                    "path": "%PUBLIC%\\propsys.dll"
+                },
+                {
+                    "hashes": [
+                        "01769ed4caabda8eeeaf95cf2769e7c70c7d07efdda8c45c99dfdc29fb6426b3",
+                        "284a302b8433f28439ac7adab777b0afb649eb798e869cf9f80ff9142359cb91",
+                        "2ed399e979fa1ad8971db52bf7c295584d8f5834c9546a8753db2d8674936e50",
+                        "3074cb8b112d0f4ce6f4fac71bd6bd406a2fabc0551f29c3b7e8b771481dd330",
+                        "3a25508291ec509c10f80ae66fe28e4c99b67dc71548ee679f3db6d0c8b1a8c1",
+                        "47df64e82a237af5045e6fc6da1ed065302825eace28c86e0d622f6b9f29cddc",
+                        "5b5b6c36541723ae5caad84ba2c230ce3be5629fc68226f6c5663bae222a2ac8",
+                        "67d0e7c7c6ef03c64b8ff8b0e911de0e2b2e13925d78274b758dbf2b43cbe99f",
+                        "7ca670fb5472d30d2bd320a373064dc919c3e24f580bdadc694a0c2950b620c5",
+                        "9f6df629221781bdb2a5d1147f759819fbe05bf30862b871d50e6a912632bc5e",
+                        "a7e31506a6f5136a74bc8e8ab40ca85f1d9a366ffaf69fbb01174c3302c2d836",
+                        "c0d60f9c81843c9d5a564d96680635588ebad378bda384019e2c5fb2bf25d122",
+                        "c2d10a0e9929a419e0fdf9ecb685b63b8027c93e27e41d8a19965b0b5fb315f6",
+                        "d49428195a33e18cc313f11cce15943f20c7b6919b2fc847668773fac1062c73"
+                    ],
+                    "path": "%PUBLIC%\\x.bat"
+                },
+                {
+                    "hashes": [
+                        "01769ed4caabda8eeeaf95cf2769e7c70c7d07efdda8c45c99dfdc29fb6426b3",
+                        "284a302b8433f28439ac7adab777b0afb649eb798e869cf9f80ff9142359cb91",
+                        "2ed399e979fa1ad8971db52bf7c295584d8f5834c9546a8753db2d8674936e50",
+                        "3074cb8b112d0f4ce6f4fac71bd6bd406a2fabc0551f29c3b7e8b771481dd330",
+                        "3a25508291ec509c10f80ae66fe28e4c99b67dc71548ee679f3db6d0c8b1a8c1",
+                        "47df64e82a237af5045e6fc6da1ed065302825eace28c86e0d622f6b9f29cddc",
+                        "5b5b6c36541723ae5caad84ba2c230ce3be5629fc68226f6c5663bae222a2ac8",
+                        "67d0e7c7c6ef03c64b8ff8b0e911de0e2b2e13925d78274b758dbf2b43cbe99f",
+                        "7ca670fb5472d30d2bd320a373064dc919c3e24f580bdadc694a0c2950b620c5",
+                        "9f6df629221781bdb2a5d1147f759819fbe05bf30862b871d50e6a912632bc5e",
+                        "a7e31506a6f5136a74bc8e8ab40ca85f1d9a366ffaf69fbb01174c3302c2d836",
+                        "c0d60f9c81843c9d5a564d96680635588ebad378bda384019e2c5fb2bf25d122",
+                        "c2d10a0e9929a419e0fdf9ecb685b63b8027c93e27e41d8a19965b0b5fb315f6",
+                        "d49428195a33e18cc313f11cce15943f20c7b6919b2fc847668773fac1062c73"
+                    ],
+                    "path": "%SystemRoot% "
+                },
+                {
+                    "hashes": [
+                        "01769ed4caabda8eeeaf95cf2769e7c70c7d07efdda8c45c99dfdc29fb6426b3",
+                        "284a302b8433f28439ac7adab777b0afb649eb798e869cf9f80ff9142359cb91",
+                        "2ed399e979fa1ad8971db52bf7c295584d8f5834c9546a8753db2d8674936e50",
+                        "3074cb8b112d0f4ce6f4fac71bd6bd406a2fabc0551f29c3b7e8b771481dd330",
+                        "3a25508291ec509c10f80ae66fe28e4c99b67dc71548ee679f3db6d0c8b1a8c1",
+                        "47df64e82a237af5045e6fc6da1ed065302825eace28c86e0d622f6b9f29cddc",
+                        "5b5b6c36541723ae5caad84ba2c230ce3be5629fc68226f6c5663bae222a2ac8",
+                        "67d0e7c7c6ef03c64b8ff8b0e911de0e2b2e13925d78274b758dbf2b43cbe99f",
+                        "7ca670fb5472d30d2bd320a373064dc919c3e24f580bdadc694a0c2950b620c5",
+                        "9f6df629221781bdb2a5d1147f759819fbe05bf30862b871d50e6a912632bc5e",
+                        "a7e31506a6f5136a74bc8e8ab40ca85f1d9a366ffaf69fbb01174c3302c2d836",
+                        "c0d60f9c81843c9d5a564d96680635588ebad378bda384019e2c5fb2bf25d122",
+                        "c2d10a0e9929a419e0fdf9ecb685b63b8027c93e27e41d8a19965b0b5fb315f6",
+                        "d49428195a33e18cc313f11cce15943f20c7b6919b2fc847668773fac1062c73"
+                    ],
+                    "path": "%SystemRoot% \\System32"
+                },
+                {
+                    "hashes": [
+                        "01769ed4caabda8eeeaf95cf2769e7c70c7d07efdda8c45c99dfdc29fb6426b3",
+                        "284a302b8433f28439ac7adab777b0afb649eb798e869cf9f80ff9142359cb91",
+                        "2ed399e979fa1ad8971db52bf7c295584d8f5834c9546a8753db2d8674936e50",
+                        "3074cb8b112d0f4ce6f4fac71bd6bd406a2fabc0551f29c3b7e8b771481dd330",
+                        "3a25508291ec509c10f80ae66fe28e4c99b67dc71548ee679f3db6d0c8b1a8c1",
+                        "47df64e82a237af5045e6fc6da1ed065302825eace28c86e0d622f6b9f29cddc",
+                        "5b5b6c36541723ae5caad84ba2c230ce3be5629fc68226f6c5663bae222a2ac8",
+                        "67d0e7c7c6ef03c64b8ff8b0e911de0e2b2e13925d78274b758dbf2b43cbe99f",
+                        "7ca670fb5472d30d2bd320a373064dc919c3e24f580bdadc694a0c2950b620c5",
+                        "9f6df629221781bdb2a5d1147f759819fbe05bf30862b871d50e6a912632bc5e",
+                        "a7e31506a6f5136a74bc8e8ab40ca85f1d9a366ffaf69fbb01174c3302c2d836",
+                        "c0d60f9c81843c9d5a564d96680635588ebad378bda384019e2c5fb2bf25d122",
+                        "c2d10a0e9929a419e0fdf9ecb685b63b8027c93e27e41d8a19965b0b5fb315f6",
+                        "d49428195a33e18cc313f11cce15943f20c7b6919b2fc847668773fac1062c73"
+                    ],
+                    "path": "%SystemRoot% \\System32\\fodhelper.exe"
+                },
+                {
+                    "hashes": [
+                        "01769ed4caabda8eeeaf95cf2769e7c70c7d07efdda8c45c99dfdc29fb6426b3",
+                        "284a302b8433f28439ac7adab777b0afb649eb798e869cf9f80ff9142359cb91",
+                        "2ed399e979fa1ad8971db52bf7c295584d8f5834c9546a8753db2d8674936e50",
+                        "3074cb8b112d0f4ce6f4fac71bd6bd406a2fabc0551f29c3b7e8b771481dd330",
+                        "3a25508291ec509c10f80ae66fe28e4c99b67dc71548ee679f3db6d0c8b1a8c1",
+                        "47df64e82a237af5045e6fc6da1ed065302825eace28c86e0d622f6b9f29cddc",
+                        "5b5b6c36541723ae5caad84ba2c230ce3be5629fc68226f6c5663bae222a2ac8",
+                        "67d0e7c7c6ef03c64b8ff8b0e911de0e2b2e13925d78274b758dbf2b43cbe99f",
+                        "7ca670fb5472d30d2bd320a373064dc919c3e24f580bdadc694a0c2950b620c5",
+                        "9f6df629221781bdb2a5d1147f759819fbe05bf30862b871d50e6a912632bc5e",
+                        "a7e31506a6f5136a74bc8e8ab40ca85f1d9a366ffaf69fbb01174c3302c2d836",
+                        "c0d60f9c81843c9d5a564d96680635588ebad378bda384019e2c5fb2bf25d122",
+                        "c2d10a0e9929a419e0fdf9ecb685b63b8027c93e27e41d8a19965b0b5fb315f6",
+                        "d49428195a33e18cc313f11cce15943f20c7b6919b2fc847668773fac1062c73"
+                    ],
+                    "path": "%SystemRoot% \\System32\\propsys.dll"
+                },
+                {
+                    "hashes": [
+                        "01769ed4caabda8eeeaf95cf2769e7c70c7d07efdda8c45c99dfdc29fb6426b3",
+                        "284a302b8433f28439ac7adab777b0afb649eb798e869cf9f80ff9142359cb91",
+                        "2ed399e979fa1ad8971db52bf7c295584d8f5834c9546a8753db2d8674936e50",
+                        "3074cb8b112d0f4ce6f4fac71bd6bd406a2fabc0551f29c3b7e8b771481dd330",
+                        "3a25508291ec509c10f80ae66fe28e4c99b67dc71548ee679f3db6d0c8b1a8c1",
+                        "47df64e82a237af5045e6fc6da1ed065302825eace28c86e0d622f6b9f29cddc",
+                        "5b5b6c36541723ae5caad84ba2c230ce3be5629fc68226f6c5663bae222a2ac8",
+                        "67d0e7c7c6ef03c64b8ff8b0e911de0e2b2e13925d78274b758dbf2b43cbe99f",
+                        "7ca670fb5472d30d2bd320a373064dc919c3e24f580bdadc694a0c2950b620c5",
+                        "9f6df629221781bdb2a5d1147f759819fbe05bf30862b871d50e6a912632bc5e",
+                        "a7e31506a6f5136a74bc8e8ab40ca85f1d9a366ffaf69fbb01174c3302c2d836",
+                        "c0d60f9c81843c9d5a564d96680635588ebad378bda384019e2c5fb2bf25d122",
+                        "c2d10a0e9929a419e0fdf9ecb685b63b8027c93e27e41d8a19965b0b5fb315f6",
+                        "d49428195a33e18cc313f11cce15943f20c7b6919b2fc847668773fac1062c73"
+                    ],
+                    "path": "%PUBLIC%\\cde.bat"
+                },
+                {
+                    "hashes": [
+                        "01769ed4caabda8eeeaf95cf2769e7c70c7d07efdda8c45c99dfdc29fb6426b3",
+                        "284a302b8433f28439ac7adab777b0afb649eb798e869cf9f80ff9142359cb91",
+                        "2ed399e979fa1ad8971db52bf7c295584d8f5834c9546a8753db2d8674936e50",
+                        "3074cb8b112d0f4ce6f4fac71bd6bd406a2fabc0551f29c3b7e8b771481dd330",
+                        "3a25508291ec509c10f80ae66fe28e4c99b67dc71548ee679f3db6d0c8b1a8c1",
+                        "47df64e82a237af5045e6fc6da1ed065302825eace28c86e0d622f6b9f29cddc",
+                        "5b5b6c36541723ae5caad84ba2c230ce3be5629fc68226f6c5663bae222a2ac8",
+                        "67d0e7c7c6ef03c64b8ff8b0e911de0e2b2e13925d78274b758dbf2b43cbe99f",
+                        "7ca670fb5472d30d2bd320a373064dc919c3e24f580bdadc694a0c2950b620c5",
+                        "9f6df629221781bdb2a5d1147f759819fbe05bf30862b871d50e6a912632bc5e",
+                        "a7e31506a6f5136a74bc8e8ab40ca85f1d9a366ffaf69fbb01174c3302c2d836",
+                        "c0d60f9c81843c9d5a564d96680635588ebad378bda384019e2c5fb2bf25d122",
+                        "c2d10a0e9929a419e0fdf9ecb685b63b8027c93e27e41d8a19965b0b5fb315f6",
+                        "d49428195a33e18cc313f11cce15943f20c7b6919b2fc847668773fac1062c73"
+                    ],
+                    "path": "%PUBLIC%\\x.vbs"
+                },
+                {
+                    "hashes": [
+                        "7ca670fb5472d30d2bd320a373064dc919c3e24f580bdadc694a0c2950b620c5",
+                        "a7e31506a6f5136a74bc8e8ab40ca85f1d9a366ffaf69fbb01174c3302c2d836",
+                        "c0d60f9c81843c9d5a564d96680635588ebad378bda384019e2c5fb2bf25d122",
+                        "c2d10a0e9929a419e0fdf9ecb685b63b8027c93e27e41d8a19965b0b5fb315f6"
+                    ],
+                    "path": "%APPDATA%\\remcos"
+                },
+                {
+                    "hashes": [
+                        "7ca670fb5472d30d2bd320a373064dc919c3e24f580bdadc694a0c2950b620c5",
+                        "a7e31506a6f5136a74bc8e8ab40ca85f1d9a366ffaf69fbb01174c3302c2d836",
+                        "c0d60f9c81843c9d5a564d96680635588ebad378bda384019e2c5fb2bf25d122",
+                        "c2d10a0e9929a419e0fdf9ecb685b63b8027c93e27e41d8a19965b0b5fb315f6"
+                    ],
+                    "path": "%APPDATA%\\remcos\\logs.dat"
+                },
+                {
+                    "hashes": [
+                        "01769ed4caabda8eeeaf95cf2769e7c70c7d07efdda8c45c99dfdc29fb6426b3",
+                        "3074cb8b112d0f4ce6f4fac71bd6bd406a2fabc0551f29c3b7e8b771481dd330",
+                        "d49428195a33e18cc313f11cce15943f20c7b6919b2fc847668773fac1062c73"
+                    ],
+                    "path": "%APPDATA%\\cosp"
+                },
+                {
+                    "hashes": [
+                        "01769ed4caabda8eeeaf95cf2769e7c70c7d07efdda8c45c99dfdc29fb6426b3",
+                        "3074cb8b112d0f4ce6f4fac71bd6bd406a2fabc0551f29c3b7e8b771481dd330",
+                        "d49428195a33e18cc313f11cce15943f20c7b6919b2fc847668773fac1062c73"
+                    ],
+                    "path": "%APPDATA%\\cosp\\dos.dt"
+                },
+                {
+                    "hashes": [
+                        "396e48550c04112c13456de4da057a5228757304afc0d20c74f5c24a735982a5",
+                        "4429cd213094b8cb8b85afb9517140c551133333a920bbf82ba6cb1dfcbb9434"
+                    ],
+                    "path": "%ProgramFiles%\\Microsoft DN1"
+                },
+                {
+                    "hashes": [
+                        "7ca670fb5472d30d2bd320a373064dc919c3e24f580bdadc694a0c2950b620c5",
+                        "c0d60f9c81843c9d5a564d96680635588ebad378bda384019e2c5fb2bf25d122"
+                    ],
+                    "path": "%LOCALAPPDATA%\\Dkzc\\Dkzc.hta"
+                },
+                {
+                    "hashes": [
+                        "7ca670fb5472d30d2bd320a373064dc919c3e24f580bdadc694a0c2950b620c5",
+                        "c0d60f9c81843c9d5a564d96680635588ebad378bda384019e2c5fb2bf25d122"
+                    ],
+                    "path": "%LOCALAPPDATA%\\Dkzc\\Dkzcset.exe"
+                },
+                {
+                    "hashes": [
+                        "3074cb8b112d0f4ce6f4fac71bd6bd406a2fabc0551f29c3b7e8b771481dd330",
+                        "d49428195a33e18cc313f11cce15943f20c7b6919b2fc847668773fac1062c73"
+                    ],
+                    "path": "%LOCALAPPDATA%\\Xkox\\Xkox.hta"
+                },
+                {
+                    "hashes": [
+                        "3074cb8b112d0f4ce6f4fac71bd6bd406a2fabc0551f29c3b7e8b771481dd330",
+                        "d49428195a33e18cc313f11cce15943f20c7b6919b2fc847668773fac1062c73"
+                    ],
+                    "path": "%LOCALAPPDATA%\\Xkox\\Xkoxset.exe"
+                },
+                {
+                    "hashes": [
+                        "4429cd213094b8cb8b85afb9517140c551133333a920bbf82ba6cb1dfcbb9434"
+                    ],
+                    "path": "%LOCALAPPDATA%\\Microsoft Vision"
+                },
+                {
+                    "hashes": [
+                        "284a302b8433f28439ac7adab777b0afb649eb798e869cf9f80ff9142359cb91"
+                    ],
+                    "path": "%APPDATA%\\winos"
+                },
+                {
+                    "hashes": [
+                        "284a302b8433f28439ac7adab777b0afb649eb798e869cf9f80ff9142359cb91"
+                    ],
+                    "path": "%APPDATA%\\winos\\logs.dat"
+                },
+                {
+                    "hashes": [
+                        "4429cd213094b8cb8b85afb9517140c551133333a920bbf82ba6cb1dfcbb9434"
+                    ],
+                    "path": "%LOCALAPPDATA%\\Kqgi\\Kqgi.hta"
+                },
+                {
+                    "hashes": [
+                        "4429cd213094b8cb8b85afb9517140c551133333a920bbf82ba6cb1dfcbb9434"
+                    ],
+                    "path": "%LOCALAPPDATA%\\Kqgi\\Kqgiset.exe"
+                },
+                {
+                    "hashes": [
+                        "67d0e7c7c6ef03c64b8ff8b0e911de0e2b2e13925d78274b758dbf2b43cbe99f"
+                    ],
+                    "path": "%LOCALAPPDATA%\\Uvxx\\Uvxx.hta"
+                },
+                {
+                    "hashes": [
+                        "67d0e7c7c6ef03c64b8ff8b0e911de0e2b2e13925d78274b758dbf2b43cbe99f"
+                    ],
+                    "path": "%LOCALAPPDATA%\\Uvxx\\Uvxxset.exe"
+                },
+                {
+                    "hashes": [
+                        "9f6df629221781bdb2a5d1147f759819fbe05bf30862b871d50e6a912632bc5e"
+                    ],
+                    "path": "%LOCALAPPDATA%\\Qsma\\Qsma.hta"
+                },
+                {
+                    "hashes": [
+                        "3a25508291ec509c10f80ae66fe28e4c99b67dc71548ee679f3db6d0c8b1a8c1"
+                    ],
+                    "path": "%LOCALAPPDATA%\\Vzva\\Vzva.hta"
+                },
+                {
+                    "hashes": [
+                        "9f6df629221781bdb2a5d1147f759819fbe05bf30862b871d50e6a912632bc5e"
+                    ],
+                    "path": "%LOCALAPPDATA%\\Qsma\\Qsmaset.exe"
+                },
+                {
+                    "hashes": [
+                        "3a25508291ec509c10f80ae66fe28e4c99b67dc71548ee679f3db6d0c8b1a8c1"
+                    ],
+                    "path": "%LOCALAPPDATA%\\Vzva\\Vzvaset.exe"
+                },
+                {
+                    "hashes": [
+                        "47df64e82a237af5045e6fc6da1ed065302825eace28c86e0d622f6b9f29cddc"
+                    ],
+                    "path": "%LOCALAPPDATA%\\Fhit\\Fhit.hta"
+                },
+                {
+                    "hashes": [
+                        "47df64e82a237af5045e6fc6da1ed065302825eace28c86e0d622f6b9f29cddc"
+                    ],
+                    "path": "%LOCALAPPDATA%\\Fhit\\Fhitset.exe"
+                },
+                {
+                    "hashes": [
+                        "2ed399e979fa1ad8971db52bf7c295584d8f5834c9546a8753db2d8674936e50"
+                    ],
+                    "path": "%LOCALAPPDATA%\\Opfq\\Opfq.hta"
+                },
+                {
+                    "hashes": [
+                        "2ed399e979fa1ad8971db52bf7c295584d8f5834c9546a8753db2d8674936e50"
+                    ],
+                    "path": "%LOCALAPPDATA%\\Opfq\\Opfqset.exe"
+                },
+                {
+                    "hashes": [
+                        "396e48550c04112c13456de4da057a5228757304afc0d20c74f5c24a735982a5"
+                    ],
+                    "path": "%LOCALAPPDATA%\\Xarf\\Xarf.hta"
+                },
+                {
+                    "hashes": [
+                        "396e48550c04112c13456de4da057a5228757304afc0d20c74f5c24a735982a5"
+                    ],
+                    "path": "%LOCALAPPDATA%\\Xarf\\Xarfset.exe"
+                },
+                {
+                    "hashes": [
+                        "5b5b6c36541723ae5caad84ba2c230ce3be5629fc68226f6c5663bae222a2ac8"
+                    ],
+                    "path": "%LOCALAPPDATA%\\Yaxi\\Yaxi.hta"
+                },
+                {
+                    "hashes": [
+                        "5b5b6c36541723ae5caad84ba2c230ce3be5629fc68226f6c5663bae222a2ac8"
+                    ],
+                    "path": "%LOCALAPPDATA%\\Yaxi\\Yaxiset.exe"
+                },
+                {
+                    "hashes": [
+                        "01769ed4caabda8eeeaf95cf2769e7c70c7d07efdda8c45c99dfdc29fb6426b3"
+                    ],
+                    "path": "%LOCALAPPDATA%\\Jwgz\\Jwgz.hta"
+                },
+                {
+                    "hashes": [
+                        "01769ed4caabda8eeeaf95cf2769e7c70c7d07efdda8c45c99dfdc29fb6426b3"
+                    ],
+                    "path": "%LOCALAPPDATA%\\Jwgz\\Jwgzset.exe"
+                },
+                {
+                    "hashes": [
+                        "a7e31506a6f5136a74bc8e8ab40ca85f1d9a366ffaf69fbb01174c3302c2d836"
+                    ],
+                    "path": "%LOCALAPPDATA%\\Xfbb\\Xfbb.hta"
+                },
+                {
+                    "hashes": [
+                        "a7e31506a6f5136a74bc8e8ab40ca85f1d9a366ffaf69fbb01174c3302c2d836"
+                    ],
+                    "path": "%LOCALAPPDATA%\\Xfbb\\Xfbbset.exe"
+                },
+                {
+                    "hashes": [
+                        "284a302b8433f28439ac7adab777b0afb649eb798e869cf9f80ff9142359cb91"
+                    ],
+                    "path": "%LOCALAPPDATA%\\Hlvx\\Hlvx.hta"
+                },
+                {
+                    "hashes": [
+                        "284a302b8433f28439ac7adab777b0afb649eb798e869cf9f80ff9142359cb91"
+                    ],
+                    "path": "%LOCALAPPDATA%\\Hlvx\\Hlvxset.exe"
+                },
+                {
+                    "hashes": [
+                        "c2d10a0e9929a419e0fdf9ecb685b63b8027c93e27e41d8a19965b0b5fb315f6"
+                    ],
+                    "path": "%LOCALAPPDATA%\\Jkpt\\Jkpt.hta"
+                },
+                {
+                    "hashes": [
+                        "c2d10a0e9929a419e0fdf9ecb685b63b8027c93e27e41d8a19965b0b5fb315f6"
+                    ],
+                    "path": "%LOCALAPPDATA%\\Jkpt\\Jkptset.exe"
+                }
+            ],
+            "ip": [
+                {
+                    "hashes": [
+                        "01769ed4caabda8eeeaf95cf2769e7c70c7d07efdda8c45c99dfdc29fb6426b3",
+                        "284a302b8433f28439ac7adab777b0afb649eb798e869cf9f80ff9142359cb91",
+                        "2ed399e979fa1ad8971db52bf7c295584d8f5834c9546a8753db2d8674936e50",
+                        "3074cb8b112d0f4ce6f4fac71bd6bd406a2fabc0551f29c3b7e8b771481dd330",
+                        "3a25508291ec509c10f80ae66fe28e4c99b67dc71548ee679f3db6d0c8b1a8c1",
+                        "4429cd213094b8cb8b85afb9517140c551133333a920bbf82ba6cb1dfcbb9434",
+                        "47df64e82a237af5045e6fc6da1ed065302825eace28c86e0d622f6b9f29cddc",
+                        "5b5b6c36541723ae5caad84ba2c230ce3be5629fc68226f6c5663bae222a2ac8",
+                        "67d0e7c7c6ef03c64b8ff8b0e911de0e2b2e13925d78274b758dbf2b43cbe99f",
+                        "7ca670fb5472d30d2bd320a373064dc919c3e24f580bdadc694a0c2950b620c5",
+                        "9f6df629221781bdb2a5d1147f759819fbe05bf30862b871d50e6a912632bc5e",
+                        "a7e31506a6f5136a74bc8e8ab40ca85f1d9a366ffaf69fbb01174c3302c2d836",
+                        "c0d60f9c81843c9d5a564d96680635588ebad378bda384019e2c5fb2bf25d122",
+                        "c2d10a0e9929a419e0fdf9ecb685b63b8027c93e27e41d8a19965b0b5fb315f6",
+                        "d49428195a33e18cc313f11cce15943f20c7b6919b2fc847668773fac1062c73"
+                    ],
+                    "ip": "172[.]217[.]15[.]97"
+                },
+                {
+                    "hashes": [
+                        "01769ed4caabda8eeeaf95cf2769e7c70c7d07efdda8c45c99dfdc29fb6426b3",
+                        "284a302b8433f28439ac7adab777b0afb649eb798e869cf9f80ff9142359cb91",
+                        "3a25508291ec509c10f80ae66fe28e4c99b67dc71548ee679f3db6d0c8b1a8c1",
+                        "4429cd213094b8cb8b85afb9517140c551133333a920bbf82ba6cb1dfcbb9434",
+                        "5b5b6c36541723ae5caad84ba2c230ce3be5629fc68226f6c5663bae222a2ac8",
+                        "67d0e7c7c6ef03c64b8ff8b0e911de0e2b2e13925d78274b758dbf2b43cbe99f",
+                        "9f6df629221781bdb2a5d1147f759819fbe05bf30862b871d50e6a912632bc5e",
+                        "a7e31506a6f5136a74bc8e8ab40ca85f1d9a366ffaf69fbb01174c3302c2d836",
+                        "c0d60f9c81843c9d5a564d96680635588ebad378bda384019e2c5fb2bf25d122",
+                        "c2d10a0e9929a419e0fdf9ecb685b63b8027c93e27e41d8a19965b0b5fb315f6"
+                    ],
+                    "ip": "172[.]217[.]9[.]206"
+                },
+                {
+                    "hashes": [
+                        "01769ed4caabda8eeeaf95cf2769e7c70c7d07efdda8c45c99dfdc29fb6426b3",
+                        "47df64e82a237af5045e6fc6da1ed065302825eace28c86e0d622f6b9f29cddc",
+                        "67d0e7c7c6ef03c64b8ff8b0e911de0e2b2e13925d78274b758dbf2b43cbe99f",
+                        "9f6df629221781bdb2a5d1147f759819fbe05bf30862b871d50e6a912632bc5e",
+                        "a7e31506a6f5136a74bc8e8ab40ca85f1d9a366ffaf69fbb01174c3302c2d836",
+                        "c2d10a0e9929a419e0fdf9ecb685b63b8027c93e27e41d8a19965b0b5fb315f6",
+                        "d49428195a33e18cc313f11cce15943f20c7b6919b2fc847668773fac1062c73"
+                    ],
+                    "ip": "142[.]250[.]31[.]138/31"
+                },
+                {
+                    "hashes": [
+                        "2ed399e979fa1ad8971db52bf7c295584d8f5834c9546a8753db2d8674936e50",
+                        "3074cb8b112d0f4ce6f4fac71bd6bd406a2fabc0551f29c3b7e8b771481dd330",
+                        "3a25508291ec509c10f80ae66fe28e4c99b67dc71548ee679f3db6d0c8b1a8c1",
+                        "4429cd213094b8cb8b85afb9517140c551133333a920bbf82ba6cb1dfcbb9434"
+                    ],
+                    "ip": "142[.]250[.]31[.]100/31"
+                },
+                {
+                    "hashes": [
+                        "2ed399e979fa1ad8971db52bf7c295584d8f5834c9546a8753db2d8674936e50",
+                        "5b5b6c36541723ae5caad84ba2c230ce3be5629fc68226f6c5663bae222a2ac8",
+                        "9f6df629221781bdb2a5d1147f759819fbe05bf30862b871d50e6a912632bc5e"
+                    ],
+                    "ip": "185[.]165[.]153[.]17"
+                },
+                {
+                    "hashes": [
+                        "01769ed4caabda8eeeaf95cf2769e7c70c7d07efdda8c45c99dfdc29fb6426b3",
+                        "3074cb8b112d0f4ce6f4fac71bd6bd406a2fabc0551f29c3b7e8b771481dd330",
+                        "d49428195a33e18cc313f11cce15943f20c7b6919b2fc847668773fac1062c73"
+                    ],
+                    "ip": "79[.]134[.]225[.]105"
+                },
+                {
+                    "hashes": [
+                        "284a302b8433f28439ac7adab777b0afb649eb798e869cf9f80ff9142359cb91",
+                        "7ca670fb5472d30d2bd320a373064dc919c3e24f580bdadc694a0c2950b620c5",
+                        "c0d60f9c81843c9d5a564d96680635588ebad378bda384019e2c5fb2bf25d122"
+                    ],
+                    "ip": "142[.]250[.]31[.]113"
+                },
+                {
+                    "hashes": [
+                        "3a25508291ec509c10f80ae66fe28e4c99b67dc71548ee679f3db6d0c8b1a8c1",
+                        "47df64e82a237af5045e6fc6da1ed065302825eace28c86e0d622f6b9f29cddc"
+                    ],
+                    "ip": "194[.]5[.]99[.]12"
+                },
+                {
+                    "hashes": [
+                        "7ca670fb5472d30d2bd320a373064dc919c3e24f580bdadc694a0c2950b620c5",
+                        "c0d60f9c81843c9d5a564d96680635588ebad378bda384019e2c5fb2bf25d122"
+                    ],
+                    "ip": "185[.]244[.]30[.]223"
+                },
+                {
+                    "hashes": [
+                        "c2d10a0e9929a419e0fdf9ecb685b63b8027c93e27e41d8a19965b0b5fb315f6"
+                    ],
+                    "ip": "79[.]134[.]225[.]11"
+                },
+                {
+                    "hashes": [
+                        "396e48550c04112c13456de4da057a5228757304afc0d20c74f5c24a735982a5"
+                    ],
+                    "ip": "162[.]159[.]130[.]233"
+                },
+                {
+                    "hashes": [
+                        "67d0e7c7c6ef03c64b8ff8b0e911de0e2b2e13925d78274b758dbf2b43cbe99f"
+                    ],
+                    "ip": "91[.]193[.]75[.]15"
+                },
+                {
+                    "hashes": [
+                        "5b5b6c36541723ae5caad84ba2c230ce3be5629fc68226f6c5663bae222a2ac8"
+                    ],
+                    "ip": "142[.]250[.]31[.]102"
+                },
+                {
+                    "hashes": [
+                        "4429cd213094b8cb8b85afb9517140c551133333a920bbf82ba6cb1dfcbb9434"
+                    ],
+                    "ip": "185[.]244[.]29[.]131"
+                },
+                {
+                    "hashes": [
+                        "a7e31506a6f5136a74bc8e8ab40ca85f1d9a366ffaf69fbb01174c3302c2d836"
+                    ],
+                    "ip": "194[.]5[.]99[.]213"
+                },
+                {
+                    "hashes": [
+                        "284a302b8433f28439ac7adab777b0afb649eb798e869cf9f80ff9142359cb91"
+                    ],
+                    "ip": "185[.]244[.]30[.]91"
+                },
+                {
+                    "hashes": [
+                        "396e48550c04112c13456de4da057a5228757304afc0d20c74f5c24a735982a5"
+                    ],
+                    "ip": "162[.]159[.]134[.]233"
+                }
+            ],
+            "mutex": [
+                {
+                    "hashes": [
+                        "01769ed4caabda8eeeaf95cf2769e7c70c7d07efdda8c45c99dfdc29fb6426b3",
+                        "284a302b8433f28439ac7adab777b0afb649eb798e869cf9f80ff9142359cb91",
+                        "2ed399e979fa1ad8971db52bf7c295584d8f5834c9546a8753db2d8674936e50",
+                        "3074cb8b112d0f4ce6f4fac71bd6bd406a2fabc0551f29c3b7e8b771481dd330",
+                        "3a25508291ec509c10f80ae66fe28e4c99b67dc71548ee679f3db6d0c8b1a8c1",
+                        "47df64e82a237af5045e6fc6da1ed065302825eace28c86e0d622f6b9f29cddc",
+                        "5b5b6c36541723ae5caad84ba2c230ce3be5629fc68226f6c5663bae222a2ac8",
+                        "67d0e7c7c6ef03c64b8ff8b0e911de0e2b2e13925d78274b758dbf2b43cbe99f",
+                        "7ca670fb5472d30d2bd320a373064dc919c3e24f580bdadc694a0c2950b620c5",
+                        "9f6df629221781bdb2a5d1147f759819fbe05bf30862b871d50e6a912632bc5e",
+                        "a7e31506a6f5136a74bc8e8ab40ca85f1d9a366ffaf69fbb01174c3302c2d836",
+                        "c0d60f9c81843c9d5a564d96680635588ebad378bda384019e2c5fb2bf25d122",
+                        "c2d10a0e9929a419e0fdf9ecb685b63b8027c93e27e41d8a19965b0b5fb315f6",
+                        "d49428195a33e18cc313f11cce15943f20c7b6919b2fc847668773fac1062c73"
+                    ],
+                    "name": "Remcos_Mutex_Inj"
+                },
+                {
+                    "hashes": [
+                        "2ed399e979fa1ad8971db52bf7c295584d8f5834c9546a8753db2d8674936e50",
+                        "5b5b6c36541723ae5caad84ba2c230ce3be5629fc68226f6c5663bae222a2ac8",
+                        "9f6df629221781bdb2a5d1147f759819fbe05bf30862b871d50e6a912632bc5e"
+                    ],
+                    "name": "Remcos-PLP378"
+                },
+                {
+                    "hashes": [
+                        "01769ed4caabda8eeeaf95cf2769e7c70c7d07efdda8c45c99dfdc29fb6426b3",
+                        "3074cb8b112d0f4ce6f4fac71bd6bd406a2fabc0551f29c3b7e8b771481dd330",
+                        "d49428195a33e18cc313f11cce15943f20c7b6919b2fc847668773fac1062c73"
+                    ],
+                    "name": "-PUTW55"
+                },
+                {
+                    "hashes": [
+                        "7ca670fb5472d30d2bd320a373064dc919c3e24f580bdadc694a0c2950b620c5",
+                        "c0d60f9c81843c9d5a564d96680635588ebad378bda384019e2c5fb2bf25d122"
+                    ],
+                    "name": "Nerdpol-NUCW3I"
+                },
+                {
+                    "hashes": [
+                        "3a25508291ec509c10f80ae66fe28e4c99b67dc71548ee679f3db6d0c8b1a8c1",
+                        "47df64e82a237af5045e6fc6da1ed065302825eace28c86e0d622f6b9f29cddc"
+                    ],
+                    "name": "Remcos-4F6INU"
+                },
+                {
+                    "hashes": [
+                        "284a302b8433f28439ac7adab777b0afb649eb798e869cf9f80ff9142359cb91"
+                    ],
+                    "name": "remcos_nqtjidysxc"
+                },
+                {
+                    "hashes": [
+                        "c2d10a0e9929a419e0fdf9ecb685b63b8027c93e27e41d8a19965b0b5fb315f6"
+                    ],
+                    "name": "Remcos-B3XNCF"
+                },
+                {
+                    "hashes": [
+                        "67d0e7c7c6ef03c64b8ff8b0e911de0e2b2e13925d78274b758dbf2b43cbe99f"
+                    ],
+                    "name": "Remcos-0S5XD9"
+                },
+                {
+                    "hashes": [
+                        "a7e31506a6f5136a74bc8e8ab40ca85f1d9a366ffaf69fbb01174c3302c2d836"
+                    ],
+                    "name": "Remcoss-2AOK38"
+                }
+            ],
+            "registry": [
+                {
+                    "hashes": [
+                        "01769ed4caabda8eeeaf95cf2769e7c70c7d07efdda8c45c99dfdc29fb6426b3",
+                        "0bdc3b3fd3b8f4e356b694b3cfa541ff548c741cd24f1209a357f931ef00ca94",
+                        "284a302b8433f28439ac7adab777b0afb649eb798e869cf9f80ff9142359cb91",
+                        "2ed399e979fa1ad8971db52bf7c295584d8f5834c9546a8753db2d8674936e50",
+                        "3074cb8b112d0f4ce6f4fac71bd6bd406a2fabc0551f29c3b7e8b771481dd330",
+                        "396e48550c04112c13456de4da057a5228757304afc0d20c74f5c24a735982a5",
+                        "3a25508291ec509c10f80ae66fe28e4c99b67dc71548ee679f3db6d0c8b1a8c1",
+                        "4429cd213094b8cb8b85afb9517140c551133333a920bbf82ba6cb1dfcbb9434",
+                        "47df64e82a237af5045e6fc6da1ed065302825eace28c86e0d622f6b9f29cddc",
+                        "5b5b6c36541723ae5caad84ba2c230ce3be5629fc68226f6c5663bae222a2ac8",
+                        "67d0e7c7c6ef03c64b8ff8b0e911de0e2b2e13925d78274b758dbf2b43cbe99f",
+                        "7ca670fb5472d30d2bd320a373064dc919c3e24f580bdadc694a0c2950b620c5",
+                        "9f6df629221781bdb2a5d1147f759819fbe05bf30862b871d50e6a912632bc5e",
+                        "a7e31506a6f5136a74bc8e8ab40ca85f1d9a366ffaf69fbb01174c3302c2d836",
+                        "c0d60f9c81843c9d5a564d96680635588ebad378bda384019e2c5fb2bf25d122",
+                        "c2d10a0e9929a419e0fdf9ecb685b63b8027c93e27e41d8a19965b0b5fb315f6",
+                        "d49428195a33e18cc313f11cce15943f20c7b6919b2fc847668773fac1062c73"
+                    ],
+                    "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\DEMINEUR",
+                    "value_name": null
+                },
+                {
+                    "hashes": [
+                        "01769ed4caabda8eeeaf95cf2769e7c70c7d07efdda8c45c99dfdc29fb6426b3",
+                        "0bdc3b3fd3b8f4e356b694b3cfa541ff548c741cd24f1209a357f931ef00ca94",
+                        "284a302b8433f28439ac7adab777b0afb649eb798e869cf9f80ff9142359cb91",
+                        "2ed399e979fa1ad8971db52bf7c295584d8f5834c9546a8753db2d8674936e50",
+                        "3074cb8b112d0f4ce6f4fac71bd6bd406a2fabc0551f29c3b7e8b771481dd330",
+                        "396e48550c04112c13456de4da057a5228757304afc0d20c74f5c24a735982a5",
+                        "3a25508291ec509c10f80ae66fe28e4c99b67dc71548ee679f3db6d0c8b1a8c1",
+                        "4429cd213094b8cb8b85afb9517140c551133333a920bbf82ba6cb1dfcbb9434",
+                        "47df64e82a237af5045e6fc6da1ed065302825eace28c86e0d622f6b9f29cddc",
+                        "5b5b6c36541723ae5caad84ba2c230ce3be5629fc68226f6c5663bae222a2ac8",
+                        "67d0e7c7c6ef03c64b8ff8b0e911de0e2b2e13925d78274b758dbf2b43cbe99f",
+                        "7ca670fb5472d30d2bd320a373064dc919c3e24f580bdadc694a0c2950b620c5",
+                        "9f6df629221781bdb2a5d1147f759819fbe05bf30862b871d50e6a912632bc5e",
+                        "a7e31506a6f5136a74bc8e8ab40ca85f1d9a366ffaf69fbb01174c3302c2d836",
+                        "c0d60f9c81843c9d5a564d96680635588ebad378bda384019e2c5fb2bf25d122",
+                        "c2d10a0e9929a419e0fdf9ecb685b63b8027c93e27e41d8a19965b0b5fb315f6",
+                        "d49428195a33e18cc313f11cce15943f20c7b6919b2fc847668773fac1062c73"
+                    ],
+                    "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\DEMINEUR\\DEBUTANT",
+                    "value_name": null
+                },
+                {
+                    "hashes": [
+                        "01769ed4caabda8eeeaf95cf2769e7c70c7d07efdda8c45c99dfdc29fb6426b3",
+                        "0bdc3b3fd3b8f4e356b694b3cfa541ff548c741cd24f1209a357f931ef00ca94",
+                        "284a302b8433f28439ac7adab777b0afb649eb798e869cf9f80ff9142359cb91",
+                        "2ed399e979fa1ad8971db52bf7c295584d8f5834c9546a8753db2d8674936e50",
+                        "3074cb8b112d0f4ce6f4fac71bd6bd406a2fabc0551f29c3b7e8b771481dd330",
+                        "396e48550c04112c13456de4da057a5228757304afc0d20c74f5c24a735982a5",
+                        "3a25508291ec509c10f80ae66fe28e4c99b67dc71548ee679f3db6d0c8b1a8c1",
+                        "4429cd213094b8cb8b85afb9517140c551133333a920bbf82ba6cb1dfcbb9434",
+                        "47df64e82a237af5045e6fc6da1ed065302825eace28c86e0d622f6b9f29cddc",
+                        "5b5b6c36541723ae5caad84ba2c230ce3be5629fc68226f6c5663bae222a2ac8",
+                        "67d0e7c7c6ef03c64b8ff8b0e911de0e2b2e13925d78274b758dbf2b43cbe99f",
+                        "7ca670fb5472d30d2bd320a373064dc919c3e24f580bdadc694a0c2950b620c5",
+                        "9f6df629221781bdb2a5d1147f759819fbe05bf30862b871d50e6a912632bc5e",
+                        "a7e31506a6f5136a74bc8e8ab40ca85f1d9a366ffaf69fbb01174c3302c2d836",
+                        "c0d60f9c81843c9d5a564d96680635588ebad378bda384019e2c5fb2bf25d122",
+                        "c2d10a0e9929a419e0fdf9ecb685b63b8027c93e27e41d8a19965b0b5fb315f6",
+                        "d49428195a33e18cc313f11cce15943f20c7b6919b2fc847668773fac1062c73"
+                    ],
+                    "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\DEMINEUR\\INTERMEDIAIRE",
+                    "value_name": null
+                },
+                {
+                    "hashes": [
+                        "01769ed4caabda8eeeaf95cf2769e7c70c7d07efdda8c45c99dfdc29fb6426b3",
+                        "0bdc3b3fd3b8f4e356b694b3cfa541ff548c741cd24f1209a357f931ef00ca94",
+                        "284a302b8433f28439ac7adab777b0afb649eb798e869cf9f80ff9142359cb91",
+                        "2ed399e979fa1ad8971db52bf7c295584d8f5834c9546a8753db2d8674936e50",
+                        "3074cb8b112d0f4ce6f4fac71bd6bd406a2fabc0551f29c3b7e8b771481dd330",
+                        "396e48550c04112c13456de4da057a5228757304afc0d20c74f5c24a735982a5",
+                        "3a25508291ec509c10f80ae66fe28e4c99b67dc71548ee679f3db6d0c8b1a8c1",
+                        "4429cd213094b8cb8b85afb9517140c551133333a920bbf82ba6cb1dfcbb9434",
+                        "47df64e82a237af5045e6fc6da1ed065302825eace28c86e0d622f6b9f29cddc",
+                        "5b5b6c36541723ae5caad84ba2c230ce3be5629fc68226f6c5663bae222a2ac8",
+                        "67d0e7c7c6ef03c64b8ff8b0e911de0e2b2e13925d78274b758dbf2b43cbe99f",
+                        "7ca670fb5472d30d2bd320a373064dc919c3e24f580bdadc694a0c2950b620c5",
+                        "9f6df629221781bdb2a5d1147f759819fbe05bf30862b871d50e6a912632bc5e",
+                        "a7e31506a6f5136a74bc8e8ab40ca85f1d9a366ffaf69fbb01174c3302c2d836",
+                        "c0d60f9c81843c9d5a564d96680635588ebad378bda384019e2c5fb2bf25d122",
+                        "c2d10a0e9929a419e0fdf9ecb685b63b8027c93e27e41d8a19965b0b5fb315f6",
+                        "d49428195a33e18cc313f11cce15943f20c7b6919b2fc847668773fac1062c73"
+                    ],
+                    "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\DEMINEUR\\EXPERT",
+                    "value_name": null
+                },
+                {
+                    "hashes": [
+                        "01769ed4caabda8eeeaf95cf2769e7c70c7d07efdda8c45c99dfdc29fb6426b3",
+                        "0bdc3b3fd3b8f4e356b694b3cfa541ff548c741cd24f1209a357f931ef00ca94",
+                        "284a302b8433f28439ac7adab777b0afb649eb798e869cf9f80ff9142359cb91",
+                        "2ed399e979fa1ad8971db52bf7c295584d8f5834c9546a8753db2d8674936e50",
+                        "3074cb8b112d0f4ce6f4fac71bd6bd406a2fabc0551f29c3b7e8b771481dd330",
+                        "396e48550c04112c13456de4da057a5228757304afc0d20c74f5c24a735982a5",
+                        "3a25508291ec509c10f80ae66fe28e4c99b67dc71548ee679f3db6d0c8b1a8c1",
+                        "4429cd213094b8cb8b85afb9517140c551133333a920bbf82ba6cb1dfcbb9434",
+                        "47df64e82a237af5045e6fc6da1ed065302825eace28c86e0d622f6b9f29cddc",
+                        "5b5b6c36541723ae5caad84ba2c230ce3be5629fc68226f6c5663bae222a2ac8",
+                        "67d0e7c7c6ef03c64b8ff8b0e911de0e2b2e13925d78274b758dbf2b43cbe99f",
+                        "7ca670fb5472d30d2bd320a373064dc919c3e24f580bdadc694a0c2950b620c5",
+                        "9f6df629221781bdb2a5d1147f759819fbe05bf30862b871d50e6a912632bc5e",
+                        "a7e31506a6f5136a74bc8e8ab40ca85f1d9a366ffaf69fbb01174c3302c2d836",
+                        "c0d60f9c81843c9d5a564d96680635588ebad378bda384019e2c5fb2bf25d122",
+                        "c2d10a0e9929a419e0fdf9ecb685b63b8027c93e27e41d8a19965b0b5fb315f6",
+                        "d49428195a33e18cc313f11cce15943f20c7b6919b2fc847668773fac1062c73"
+                    ],
+                    "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\DEMINEUR\\DEBUTANT",
+                    "value_name": "Time"
+                },
+                {
+                    "hashes": [
+                        "01769ed4caabda8eeeaf95cf2769e7c70c7d07efdda8c45c99dfdc29fb6426b3",
+                        "0bdc3b3fd3b8f4e356b694b3cfa541ff548c741cd24f1209a357f931ef00ca94",
+                        "284a302b8433f28439ac7adab777b0afb649eb798e869cf9f80ff9142359cb91",
+                        "2ed399e979fa1ad8971db52bf7c295584d8f5834c9546a8753db2d8674936e50",
+                        "3074cb8b112d0f4ce6f4fac71bd6bd406a2fabc0551f29c3b7e8b771481dd330",
+                        "396e48550c04112c13456de4da057a5228757304afc0d20c74f5c24a735982a5",
+                        "3a25508291ec509c10f80ae66fe28e4c99b67dc71548ee679f3db6d0c8b1a8c1",
+                        "4429cd213094b8cb8b85afb9517140c551133333a920bbf82ba6cb1dfcbb9434",
+                        "47df64e82a237af5045e6fc6da1ed065302825eace28c86e0d622f6b9f29cddc",
+                        "5b5b6c36541723ae5caad84ba2c230ce3be5629fc68226f6c5663bae222a2ac8",
+                        "67d0e7c7c6ef03c64b8ff8b0e911de0e2b2e13925d78274b758dbf2b43cbe99f",
+                        "7ca670fb5472d30d2bd320a373064dc919c3e24f580bdadc694a0c2950b620c5",
+                        "9f6df629221781bdb2a5d1147f759819fbe05bf30862b871d50e6a912632bc5e",
+                        "a7e31506a6f5136a74bc8e8ab40ca85f1d9a366ffaf69fbb01174c3302c2d836",
+                        "c0d60f9c81843c9d5a564d96680635588ebad378bda384019e2c5fb2bf25d122",
+                        "c2d10a0e9929a419e0fdf9ecb685b63b8027c93e27e41d8a19965b0b5fb315f6",
+                        "d49428195a33e18cc313f11cce15943f20c7b6919b2fc847668773fac1062c73"
+                    ],
+                    "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\DEMINEUR\\DEBUTANT",
+                    "value_name": "Name"
+                },
+                {
+                    "hashes": [
+                        "01769ed4caabda8eeeaf95cf2769e7c70c7d07efdda8c45c99dfdc29fb6426b3",
+                        "0bdc3b3fd3b8f4e356b694b3cfa541ff548c741cd24f1209a357f931ef00ca94",
+                        "284a302b8433f28439ac7adab777b0afb649eb798e869cf9f80ff9142359cb91",
+                        "2ed399e979fa1ad8971db52bf7c295584d8f5834c9546a8753db2d8674936e50",
+                        "3074cb8b112d0f4ce6f4fac71bd6bd406a2fabc0551f29c3b7e8b771481dd330",
+                        "396e48550c04112c13456de4da057a5228757304afc0d20c74f5c24a735982a5",
+                        "3a25508291ec509c10f80ae66fe28e4c99b67dc71548ee679f3db6d0c8b1a8c1",
+                        "4429cd213094b8cb8b85afb9517140c551133333a920bbf82ba6cb1dfcbb9434",
+                        "47df64e82a237af5045e6fc6da1ed065302825eace28c86e0d622f6b9f29cddc",
+                        "5b5b6c36541723ae5caad84ba2c230ce3be5629fc68226f6c5663bae222a2ac8",
+                        "67d0e7c7c6ef03c64b8ff8b0e911de0e2b2e13925d78274b758dbf2b43cbe99f",
+                        "7ca670fb5472d30d2bd320a373064dc919c3e24f580bdadc694a0c2950b620c5",
+                        "9f6df629221781bdb2a5d1147f759819fbe05bf30862b871d50e6a912632bc5e",
+                        "a7e31506a6f5136a74bc8e8ab40ca85f1d9a366ffaf69fbb01174c3302c2d836",
+                        "c0d60f9c81843c9d5a564d96680635588ebad378bda384019e2c5fb2bf25d122",
+                        "c2d10a0e9929a419e0fdf9ecb685b63b8027c93e27e41d8a19965b0b5fb315f6",
+                        "d49428195a33e18cc313f11cce15943f20c7b6919b2fc847668773fac1062c73"
+                    ],
+                    "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\DEMINEUR\\INTERMEDIAIRE",
+                    "value_name": "Time"
+                },
+                {
+                    "hashes": [
+                        "01769ed4caabda8eeeaf95cf2769e7c70c7d07efdda8c45c99dfdc29fb6426b3",
+                        "0bdc3b3fd3b8f4e356b694b3cfa541ff548c741cd24f1209a357f931ef00ca94",
+                        "284a302b8433f28439ac7adab777b0afb649eb798e869cf9f80ff9142359cb91",
+                        "2ed399e979fa1ad8971db52bf7c295584d8f5834c9546a8753db2d8674936e50",
+                        "3074cb8b112d0f4ce6f4fac71bd6bd406a2fabc0551f29c3b7e8b771481dd330",
+                        "396e48550c04112c13456de4da057a5228757304afc0d20c74f5c24a735982a5",
+                        "3a25508291ec509c10f80ae66fe28e4c99b67dc71548ee679f3db6d0c8b1a8c1",
+                        "4429cd213094b8cb8b85afb9517140c551133333a920bbf82ba6cb1dfcbb9434",
+                        "47df64e82a237af5045e6fc6da1ed065302825eace28c86e0d622f6b9f29cddc",
+                        "5b5b6c36541723ae5caad84ba2c230ce3be5629fc68226f6c5663bae222a2ac8",
+                        "67d0e7c7c6ef03c64b8ff8b0e911de0e2b2e13925d78274b758dbf2b43cbe99f",
+                        "7ca670fb5472d30d2bd320a373064dc919c3e24f580bdadc694a0c2950b620c5",
+                        "9f6df629221781bdb2a5d1147f759819fbe05bf30862b871d50e6a912632bc5e",
+                        "a7e31506a6f5136a74bc8e8ab40ca85f1d9a366ffaf69fbb01174c3302c2d836",
+                        "c0d60f9c81843c9d5a564d96680635588ebad378bda384019e2c5fb2bf25d122",
+                        "c2d10a0e9929a419e0fdf9ecb685b63b8027c93e27e41d8a19965b0b5fb315f6",
+                        "d49428195a33e18cc313f11cce15943f20c7b6919b2fc847668773fac1062c73"
+                    ],
+                    "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\DEMINEUR\\INTERMEDIAIRE",
+                    "value_name": "Name"
+                },
+                {
+                    "hashes": [
+                        "01769ed4caabda8eeeaf95cf2769e7c70c7d07efdda8c45c99dfdc29fb6426b3",
+                        "0bdc3b3fd3b8f4e356b694b3cfa541ff548c741cd24f1209a357f931ef00ca94",
+                        "284a302b8433f28439ac7adab777b0afb649eb798e869cf9f80ff9142359cb91",
+                        "2ed399e979fa1ad8971db52bf7c295584d8f5834c9546a8753db2d8674936e50",
+                        "3074cb8b112d0f4ce6f4fac71bd6bd406a2fabc0551f29c3b7e8b771481dd330",
+                        "396e48550c04112c13456de4da057a5228757304afc0d20c74f5c24a735982a5",
+                        "3a25508291ec509c10f80ae66fe28e4c99b67dc71548ee679f3db6d0c8b1a8c1",
+                        "4429cd213094b8cb8b85afb9517140c551133333a920bbf82ba6cb1dfcbb9434",
+                        "47df64e82a237af5045e6fc6da1ed065302825eace28c86e0d622f6b9f29cddc",
+                        "5b5b6c36541723ae5caad84ba2c230ce3be5629fc68226f6c5663bae222a2ac8",
+                        "67d0e7c7c6ef03c64b8ff8b0e911de0e2b2e13925d78274b758dbf2b43cbe99f",
+                        "7ca670fb5472d30d2bd320a373064dc919c3e24f580bdadc694a0c2950b620c5",
+                        "9f6df629221781bdb2a5d1147f759819fbe05bf30862b871d50e6a912632bc5e",
+                        "a7e31506a6f5136a74bc8e8ab40ca85f1d9a366ffaf69fbb01174c3302c2d836",
+                        "c0d60f9c81843c9d5a564d96680635588ebad378bda384019e2c5fb2bf25d122",
+                        "c2d10a0e9929a419e0fdf9ecb685b63b8027c93e27e41d8a19965b0b5fb315f6",
+                        "d49428195a33e18cc313f11cce15943f20c7b6919b2fc847668773fac1062c73"
+                    ],
+                    "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\DEMINEUR\\EXPERT",
+                    "value_name": "Time"
+                },
+                {
+                    "hashes": [
+                        "01769ed4caabda8eeeaf95cf2769e7c70c7d07efdda8c45c99dfdc29fb6426b3",
+                        "0bdc3b3fd3b8f4e356b694b3cfa541ff548c741cd24f1209a357f931ef00ca94",
+                        "284a302b8433f28439ac7adab777b0afb649eb798e869cf9f80ff9142359cb91",
+                        "2ed399e979fa1ad8971db52bf7c295584d8f5834c9546a8753db2d8674936e50",
+                        "3074cb8b112d0f4ce6f4fac71bd6bd406a2fabc0551f29c3b7e8b771481dd330",
+                        "396e48550c04112c13456de4da057a5228757304afc0d20c74f5c24a735982a5",
+                        "3a25508291ec509c10f80ae66fe28e4c99b67dc71548ee679f3db6d0c8b1a8c1",
+                        "4429cd213094b8cb8b85afb9517140c551133333a920bbf82ba6cb1dfcbb9434",
+                        "47df64e82a237af5045e6fc6da1ed065302825eace28c86e0d622f6b9f29cddc",
+                        "5b5b6c36541723ae5caad84ba2c230ce3be5629fc68226f6c5663bae222a2ac8",
+                        "67d0e7c7c6ef03c64b8ff8b0e911de0e2b2e13925d78274b758dbf2b43cbe99f",
+                        "7ca670fb5472d30d2bd320a373064dc919c3e24f580bdadc694a0c2950b620c5",
+                        "9f6df629221781bdb2a5d1147f759819fbe05bf30862b871d50e6a912632bc5e",
+                        "a7e31506a6f5136a74bc8e8ab40ca85f1d9a366ffaf69fbb01174c3302c2d836",
+                        "c0d60f9c81843c9d5a564d96680635588ebad378bda384019e2c5fb2bf25d122",
+                        "c2d10a0e9929a419e0fdf9ecb685b63b8027c93e27e41d8a19965b0b5fb315f6",
+                        "d49428195a33e18cc313f11cce15943f20c7b6919b2fc847668773fac1062c73"
+                    ],
+                    "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\DEMINEUR\\EXPERT",
+                    "value_name": "Name"
+                },
+                {
+                    "hashes": [
+                        "01769ed4caabda8eeeaf95cf2769e7c70c7d07efdda8c45c99dfdc29fb6426b3",
+                        "284a302b8433f28439ac7adab777b0afb649eb798e869cf9f80ff9142359cb91",
+                        "2ed399e979fa1ad8971db52bf7c295584d8f5834c9546a8753db2d8674936e50",
+                        "3074cb8b112d0f4ce6f4fac71bd6bd406a2fabc0551f29c3b7e8b771481dd330",
+                        "3a25508291ec509c10f80ae66fe28e4c99b67dc71548ee679f3db6d0c8b1a8c1",
+                        "4429cd213094b8cb8b85afb9517140c551133333a920bbf82ba6cb1dfcbb9434",
+                        "47df64e82a237af5045e6fc6da1ed065302825eace28c86e0d622f6b9f29cddc",
+                        "5b5b6c36541723ae5caad84ba2c230ce3be5629fc68226f6c5663bae222a2ac8",
+                        "67d0e7c7c6ef03c64b8ff8b0e911de0e2b2e13925d78274b758dbf2b43cbe99f",
+                        "7ca670fb5472d30d2bd320a373064dc919c3e24f580bdadc694a0c2950b620c5",
+                        "9f6df629221781bdb2a5d1147f759819fbe05bf30862b871d50e6a912632bc5e",
+                        "a7e31506a6f5136a74bc8e8ab40ca85f1d9a366ffaf69fbb01174c3302c2d836",
+                        "c0d60f9c81843c9d5a564d96680635588ebad378bda384019e2c5fb2bf25d122",
+                        "c2d10a0e9929a419e0fdf9ecb685b63b8027c93e27e41d8a19965b0b5fb315f6",
+                        "d49428195a33e18cc313f11cce15943f20c7b6919b2fc847668773fac1062c73"
+                    ],
+                    "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\SYSTEMCERTIFICATES\\AUTHROOT\\CERTIFICATES\\75E0ABB6138512271C04F85FDDDE38E4B7242EFE",
+                    "value_name": "Blob"
+                },
+                {
+                    "hashes": [
+                        "01769ed4caabda8eeeaf95cf2769e7c70c7d07efdda8c45c99dfdc29fb6426b3",
+                        "284a302b8433f28439ac7adab777b0afb649eb798e869cf9f80ff9142359cb91",
+                        "2ed399e979fa1ad8971db52bf7c295584d8f5834c9546a8753db2d8674936e50",
+                        "3074cb8b112d0f4ce6f4fac71bd6bd406a2fabc0551f29c3b7e8b771481dd330",
+                        "3a25508291ec509c10f80ae66fe28e4c99b67dc71548ee679f3db6d0c8b1a8c1",
+                        "47df64e82a237af5045e6fc6da1ed065302825eace28c86e0d622f6b9f29cddc",
+                        "5b5b6c36541723ae5caad84ba2c230ce3be5629fc68226f6c5663bae222a2ac8",
+                        "67d0e7c7c6ef03c64b8ff8b0e911de0e2b2e13925d78274b758dbf2b43cbe99f",
+                        "7ca670fb5472d30d2bd320a373064dc919c3e24f580bdadc694a0c2950b620c5",
+                        "9f6df629221781bdb2a5d1147f759819fbe05bf30862b871d50e6a912632bc5e",
+                        "a7e31506a6f5136a74bc8e8ab40ca85f1d9a366ffaf69fbb01174c3302c2d836",
+                        "c0d60f9c81843c9d5a564d96680635588ebad378bda384019e2c5fb2bf25d122",
+                        "c2d10a0e9929a419e0fdf9ecb685b63b8027c93e27e41d8a19965b0b5fb315f6",
+                        "d49428195a33e18cc313f11cce15943f20c7b6919b2fc847668773fac1062c73"
+                    ],
+                    "key": "<HKCU>\\ENVIRONMENT",
+                    "value_name": "windir"
+                },
+                {
+                    "hashes": [
+                        "2ed399e979fa1ad8971db52bf7c295584d8f5834c9546a8753db2d8674936e50",
+                        "5b5b6c36541723ae5caad84ba2c230ce3be5629fc68226f6c5663bae222a2ac8",
+                        "9f6df629221781bdb2a5d1147f759819fbe05bf30862b871d50e6a912632bc5e"
+                    ],
+                    "key": "<HKCU>\\SOFTWARE\\REMCOS-PLP378",
+                    "value_name": null
+                },
+                {
+                    "hashes": [
+                        "2ed399e979fa1ad8971db52bf7c295584d8f5834c9546a8753db2d8674936e50",
+                        "5b5b6c36541723ae5caad84ba2c230ce3be5629fc68226f6c5663bae222a2ac8",
+                        "9f6df629221781bdb2a5d1147f759819fbe05bf30862b871d50e6a912632bc5e"
+                    ],
+                    "key": "<HKCU>\\SOFTWARE\\REMCOS-PLP378",
+                    "value_name": "exepath"
+                },
+                {
+                    "hashes": [
+                        "2ed399e979fa1ad8971db52bf7c295584d8f5834c9546a8753db2d8674936e50",
+                        "5b5b6c36541723ae5caad84ba2c230ce3be5629fc68226f6c5663bae222a2ac8",
+                        "9f6df629221781bdb2a5d1147f759819fbe05bf30862b871d50e6a912632bc5e"
+                    ],
+                    "key": "<HKCU>\\SOFTWARE\\REMCOS-PLP378",
+                    "value_name": "licence"
+                },
+                {
+                    "hashes": [
+                        "01769ed4caabda8eeeaf95cf2769e7c70c7d07efdda8c45c99dfdc29fb6426b3",
+                        "3074cb8b112d0f4ce6f4fac71bd6bd406a2fabc0551f29c3b7e8b771481dd330",
+                        "d49428195a33e18cc313f11cce15943f20c7b6919b2fc847668773fac1062c73"
+                    ],
+                    "key": "<HKCU>\\SOFTWARE\\-PUTW55",
+                    "value_name": null
+                },
+                {
+                    "hashes": [
+                        "01769ed4caabda8eeeaf95cf2769e7c70c7d07efdda8c45c99dfdc29fb6426b3",
+                        "3074cb8b112d0f4ce6f4fac71bd6bd406a2fabc0551f29c3b7e8b771481dd330",
+                        "d49428195a33e18cc313f11cce15943f20c7b6919b2fc847668773fac1062c73"
+                    ],
+                    "key": "<HKCU>\\SOFTWARE\\-PUTW55",
+                    "value_name": "exepath"
+                },
+                {
+                    "hashes": [
+                        "01769ed4caabda8eeeaf95cf2769e7c70c7d07efdda8c45c99dfdc29fb6426b3",
+                        "3074cb8b112d0f4ce6f4fac71bd6bd406a2fabc0551f29c3b7e8b771481dd330",
+                        "d49428195a33e18cc313f11cce15943f20c7b6919b2fc847668773fac1062c73"
+                    ],
+                    "key": "<HKCU>\\SOFTWARE\\-PUTW55",
+                    "value_name": "licence"
+                },
+                {
+                    "hashes": [
+                        "7ca670fb5472d30d2bd320a373064dc919c3e24f580bdadc694a0c2950b620c5",
+                        "c0d60f9c81843c9d5a564d96680635588ebad378bda384019e2c5fb2bf25d122"
+                    ],
+                    "key": "<HKCU>\\SOFTWARE\\NERDPOL-NUCW3I",
+                    "value_name": null
+                },
+                {
+                    "hashes": [
+                        "7ca670fb5472d30d2bd320a373064dc919c3e24f580bdadc694a0c2950b620c5",
+                        "c0d60f9c81843c9d5a564d96680635588ebad378bda384019e2c5fb2bf25d122"
+                    ],
+                    "key": "<HKCU>\\SOFTWARE\\NERDPOL-NUCW3I",
+                    "value_name": "exepath"
+                },
+                {
+                    "hashes": [
+                        "7ca670fb5472d30d2bd320a373064dc919c3e24f580bdadc694a0c2950b620c5",
+                        "c0d60f9c81843c9d5a564d96680635588ebad378bda384019e2c5fb2bf25d122"
+                    ],
+                    "key": "<HKCU>\\SOFTWARE\\NERDPOL-NUCW3I",
+                    "value_name": "licence"
+                },
+                {
+                    "hashes": [
+                        "3a25508291ec509c10f80ae66fe28e4c99b67dc71548ee679f3db6d0c8b1a8c1",
+                        "47df64e82a237af5045e6fc6da1ed065302825eace28c86e0d622f6b9f29cddc"
+                    ],
+                    "key": "<HKCU>\\SOFTWARE\\REMCOS-4F6INU",
+                    "value_name": null
+                },
+                {
+                    "hashes": [
+                        "3a25508291ec509c10f80ae66fe28e4c99b67dc71548ee679f3db6d0c8b1a8c1",
+                        "47df64e82a237af5045e6fc6da1ed065302825eace28c86e0d622f6b9f29cddc"
+                    ],
+                    "key": "<HKCU>\\SOFTWARE\\REMCOS-4F6INU",
+                    "value_name": "exepath"
+                },
+                {
+                    "hashes": [
+                        "3a25508291ec509c10f80ae66fe28e4c99b67dc71548ee679f3db6d0c8b1a8c1",
+                        "47df64e82a237af5045e6fc6da1ed065302825eace28c86e0d622f6b9f29cddc"
+                    ],
+                    "key": "<HKCU>\\SOFTWARE\\REMCOS-4F6INU",
+                    "value_name": "licence"
+                },
+                {
+                    "hashes": [
+                        "7ca670fb5472d30d2bd320a373064dc919c3e24f580bdadc694a0c2950b620c5",
+                        "c0d60f9c81843c9d5a564d96680635588ebad378bda384019e2c5fb2bf25d122"
+                    ],
+                    "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUNONCE",
+                    "value_name": "Dkzc"
+                },
+                {
+                    "hashes": [
+                        "3074cb8b112d0f4ce6f4fac71bd6bd406a2fabc0551f29c3b7e8b771481dd330",
+                        "d49428195a33e18cc313f11cce15943f20c7b6919b2fc847668773fac1062c73"
+                    ],
+                    "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUNONCE",
+                    "value_name": "Xkox"
+                },
+                {
+                    "hashes": [
+                        "284a302b8433f28439ac7adab777b0afb649eb798e869cf9f80ff9142359cb91"
+                    ],
+                    "key": "<HKCU>\\SOFTWARE\\REMCOS_NQTJIDYSXC",
+                    "value_name": null
+                },
+                {
+                    "hashes": [
+                        "284a302b8433f28439ac7adab777b0afb649eb798e869cf9f80ff9142359cb91"
+                    ],
+                    "key": "<HKCU>\\SOFTWARE\\REMCOS_NQTJIDYSXC",
+                    "value_name": "EXEpath"
+                },
+                {
+                    "hashes": [
+                        "c2d10a0e9929a419e0fdf9ecb685b63b8027c93e27e41d8a19965b0b5fb315f6"
+                    ],
+                    "key": "<HKCU>\\SOFTWARE\\REMCOS-B3XNCF",
+                    "value_name": null
+                },
+                {
+                    "hashes": [
+                        "c2d10a0e9929a419e0fdf9ecb685b63b8027c93e27e41d8a19965b0b5fb315f6"
+                    ],
+                    "key": "<HKCU>\\SOFTWARE\\REMCOS-B3XNCF",
+                    "value_name": "exepath"
+                },
+                {
+                    "hashes": [
+                        "c2d10a0e9929a419e0fdf9ecb685b63b8027c93e27e41d8a19965b0b5fb315f6"
+                    ],
+                    "key": "<HKCU>\\SOFTWARE\\REMCOS-B3XNCF",
+                    "value_name": "licence"
+                },
+                {
+                    "hashes": [
+                        "67d0e7c7c6ef03c64b8ff8b0e911de0e2b2e13925d78274b758dbf2b43cbe99f"
+                    ],
+                    "key": "<HKCU>\\SOFTWARE\\REMCOS-0S5XD9",
+                    "value_name": null
+                },
+                {
+                    "hashes": [
+                        "67d0e7c7c6ef03c64b8ff8b0e911de0e2b2e13925d78274b758dbf2b43cbe99f"
+                    ],
+                    "key": "<HKCU>\\SOFTWARE\\REMCOS-0S5XD9",
+                    "value_name": "exepath"
+                },
+                {
+                    "hashes": [
+                        "67d0e7c7c6ef03c64b8ff8b0e911de0e2b2e13925d78274b758dbf2b43cbe99f"
+                    ],
+                    "key": "<HKCU>\\SOFTWARE\\REMCOS-0S5XD9",
+                    "value_name": "licence"
+                },
+                {
+                    "hashes": [
+                        "4429cd213094b8cb8b85afb9517140c551133333a920bbf82ba6cb1dfcbb9434"
+                    ],
+                    "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\EXPLORER\\33HRDNRKKR",
+                    "value_name": null
+                },
+                {
+                    "hashes": [
+                        "4429cd213094b8cb8b85afb9517140c551133333a920bbf82ba6cb1dfcbb9434"
+                    ],
+                    "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUNONCE",
+                    "value_name": "Kqgi"
+                },
+                {
+                    "hashes": [
+                        "67d0e7c7c6ef03c64b8ff8b0e911de0e2b2e13925d78274b758dbf2b43cbe99f"
+                    ],
+                    "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUNONCE",
+                    "value_name": "Uvxx"
+                },
+                {
+                    "hashes": [
+                        "9f6df629221781bdb2a5d1147f759819fbe05bf30862b871d50e6a912632bc5e"
+                    ],
+                    "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUNONCE",
+                    "value_name": "Qsma"
+                },
+                {
+                    "hashes": [
+                        "3a25508291ec509c10f80ae66fe28e4c99b67dc71548ee679f3db6d0c8b1a8c1"
+                    ],
+                    "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUNONCE",
+                    "value_name": "Vzva"
+                },
+                {
+                    "hashes": [
+                        "47df64e82a237af5045e6fc6da1ed065302825eace28c86e0d622f6b9f29cddc"
+                    ],
+                    "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUNONCE",
+                    "value_name": "Fhit"
+                },
+                {
+                    "hashes": [
+                        "2ed399e979fa1ad8971db52bf7c295584d8f5834c9546a8753db2d8674936e50"
+                    ],
+                    "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUNONCE",
+                    "value_name": "Opfq"
+                },
+                {
+                    "hashes": [
+                        "396e48550c04112c13456de4da057a5228757304afc0d20c74f5c24a735982a5"
+                    ],
+                    "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUNONCE",
+                    "value_name": "Xarf"
+                },
+                {
+                    "hashes": [
+                        "5b5b6c36541723ae5caad84ba2c230ce3be5629fc68226f6c5663bae222a2ac8"
+                    ],
+                    "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUNONCE",
+                    "value_name": "Yaxi"
+                },
+                {
+                    "hashes": [
+                        "01769ed4caabda8eeeaf95cf2769e7c70c7d07efdda8c45c99dfdc29fb6426b3"
+                    ],
+                    "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUNONCE",
+                    "value_name": "Jwgz"
+                },
+                {
+                    "hashes": [
+                        "a7e31506a6f5136a74bc8e8ab40ca85f1d9a366ffaf69fbb01174c3302c2d836"
+                    ],
+                    "key": "<HKCU>\\SOFTWARE\\REMCOSS-2AOK38",
+                    "value_name": null
+                },
+                {
+                    "hashes": [
+                        "a7e31506a6f5136a74bc8e8ab40ca85f1d9a366ffaf69fbb01174c3302c2d836"
+                    ],
+                    "key": "<HKCU>\\SOFTWARE\\REMCOSS-2AOK38",
+                    "value_name": "exepath"
+                },
+                {
+                    "hashes": [
+                        "a7e31506a6f5136a74bc8e8ab40ca85f1d9a366ffaf69fbb01174c3302c2d836"
+                    ],
+                    "key": "<HKCU>\\SOFTWARE\\REMCOSS-2AOK38",
+                    "value_name": "licence"
+                },
+                {
+                    "hashes": [
+                        "a7e31506a6f5136a74bc8e8ab40ca85f1d9a366ffaf69fbb01174c3302c2d836"
+                    ],
+                    "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUNONCE",
+                    "value_name": "Xfbb"
+                },
+                {
+                    "hashes": [
+                        "284a302b8433f28439ac7adab777b0afb649eb798e869cf9f80ff9142359cb91"
+                    ],
+                    "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUNONCE",
+                    "value_name": "Hlvx"
+                },
+                {
+                    "hashes": [
+                        "c2d10a0e9929a419e0fdf9ecb685b63b8027c93e27e41d8a19965b0b5fb315f6"
+                    ],
+                    "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUNONCE",
+                    "value_name": "Jkpt"
+                }
+            ]
+        },
+        "reports_count": 17
+    },
+    "Win.Packed.Dridex-7914375-0": {
+        "bis": [
+            {
+                "bi": "pe-encrypted-section",
+                "hashes": [
+                    "d5f3c9eab2e825b6e670dd529d1bb2212baf54437bd56915ecd6932b1745328a",
+                    "9f0ab6f0b08a40138b4de3be8cd9c40333c4a5e30f476e632bfd715c20e7e1ba",
+                    "031f4d2eb9e330adfbe2767c568c49a45f8feada9d466b2f09f5cfa6c321760a",
+                    "846c29654222d6d540794abb5adff6da8aee5ecbc0f40ec9aec75610ff75f9d2",
+                    "a098e6f2a14908c4220bcc59c872d331841b3d7beaaea945717439be15778a23",
+                    "9366c5124ceb956ef97059b5b649707c0732a85e6912232294d5e3bcb078dd7f",
+                    "5978e277d535ae6803d988ec03a5bb068a9930f4daf85ab966ac92278f59dabc",
+                    "d63b9fcd6e2a3da9965cd991c2280c0297f0ddf9b38000eda95181e4f02736f7",
+                    "6dde7661cbe3990f93ec05bfbd95f587bc857d576e79144f8c65cf9a36ae6c0c",
+                    "15c213fa11b0440a690133df83c63e7f2729eb1b41e7143291f98a4b9d29f7a5",
+                    "24770b17a0dff8ff2f9f2e593b7268a7626908c4753fa2dcae27535dc58442c3",
+                    "f9db0f7f33191a91a6a4acc1593d696b62c2a6c927c1144937e58793e2249f78",
+                    "43704d85c99c81841be1ecef92ad63d70050dda717ae6e176b62fa3133c52de2",
+                    "28c8c6f3c9e638e2736c296b97a3597608ad1d8f17cde25e270b6233d76621a5",
+                    "489a1579c940e2f4be4c7d47814e8dcc06e553e06418f826f47c973563ed42b8",
+                    "95d71c0954cefa05cfcf7714d48c6a91208d9aa72bd232a393795ee5e0c970b3",
+                    "9b363933d9304a7961a176a38585b509294769a7f8d2e49167e716582c6b0bf2",
+                    "09bb829f1336b37f91bb6537a6ba0a2ac3b81919f99b49c7cea118c5cc1f6d55",
+                    "7cca7d60a1503856ae962c4d98a8ad3d9fe22b3b0f1f09f2d2d66de27fc9d98e",
+                    "03a38ff6103211309f144831629678a03a36d87c8fd071f6c314d22d37184867",
+                    "fe6fad62d3e63eed458d33cfec58e20468d685bc21f69161f5f036bd5eb3c926",
+                    "dfa766780679c50e15c2d0c1f64bccf78f1bedca63f0522804dab50cc5e173b1",
+                    "e522387fcdded272d4382d03cccc979347e399abfef2319553022f5249ec7e9d"
+                ],
+                "mitre_attack_tags": [
+                    "TA0005",
+                    "T1027"
+                ]
+            },
+            {
+                "bi": "memory-execute-readwrite",
+                "hashes": [
+                    "d5f3c9eab2e825b6e670dd529d1bb2212baf54437bd56915ecd6932b1745328a",
+                    "9f0ab6f0b08a40138b4de3be8cd9c40333c4a5e30f476e632bfd715c20e7e1ba",
+                    "031f4d2eb9e330adfbe2767c568c49a45f8feada9d466b2f09f5cfa6c321760a",
+                    "846c29654222d6d540794abb5adff6da8aee5ecbc0f40ec9aec75610ff75f9d2",
+                    "a098e6f2a14908c4220bcc59c872d331841b3d7beaaea945717439be15778a23",
+                    "9366c5124ceb956ef97059b5b649707c0732a85e6912232294d5e3bcb078dd7f",
+                    "5978e277d535ae6803d988ec03a5bb068a9930f4daf85ab966ac92278f59dabc",
+                    "d63b9fcd6e2a3da9965cd991c2280c0297f0ddf9b38000eda95181e4f02736f7",
+                    "6dde7661cbe3990f93ec05bfbd95f587bc857d576e79144f8c65cf9a36ae6c0c",
+                    "15c213fa11b0440a690133df83c63e7f2729eb1b41e7143291f98a4b9d29f7a5",
+                    "24770b17a0dff8ff2f9f2e593b7268a7626908c4753fa2dcae27535dc58442c3",
+                    "f9db0f7f33191a91a6a4acc1593d696b62c2a6c927c1144937e58793e2249f78",
+                    "43704d85c99c81841be1ecef92ad63d70050dda717ae6e176b62fa3133c52de2",
+                    "28c8c6f3c9e638e2736c296b97a3597608ad1d8f17cde25e270b6233d76621a5",
+                    "489a1579c940e2f4be4c7d47814e8dcc06e553e06418f826f47c973563ed42b8",
+                    "95d71c0954cefa05cfcf7714d48c6a91208d9aa72bd232a393795ee5e0c970b3",
+                    "9b363933d9304a7961a176a38585b509294769a7f8d2e49167e716582c6b0bf2",
+                    "09bb829f1336b37f91bb6537a6ba0a2ac3b81919f99b49c7cea118c5cc1f6d55",
+                    "7cca7d60a1503856ae962c4d98a8ad3d9fe22b3b0f1f09f2d2d66de27fc9d98e",
+                    "03a38ff6103211309f144831629678a03a36d87c8fd071f6c314d22d37184867",
+                    "fe6fad62d3e63eed458d33cfec58e20468d685bc21f69161f5f036bd5eb3c926",
+                    "dfa766780679c50e15c2d0c1f64bccf78f1bedca63f0522804dab50cc5e173b1",
+                    "e522387fcdded272d4382d03cccc979347e399abfef2319553022f5249ec7e9d"
+                ],
+                "mitre_attack_tags": [
+                    "TA0005",
+                    "TA0004",
+                    "T1055",
+                    "T1181"
+                ]
+            },
+            {
+                "bi": "modified-executable",
+                "hashes": [
+                    "d5f3c9eab2e825b6e670dd529d1bb2212baf54437bd56915ecd6932b1745328a",
+                    "9f0ab6f0b08a40138b4de3be8cd9c40333c4a5e30f476e632bfd715c20e7e1ba",
+                    "031f4d2eb9e330adfbe2767c568c49a45f8feada9d466b2f09f5cfa6c321760a",
+                    "846c29654222d6d540794abb5adff6da8aee5ecbc0f40ec9aec75610ff75f9d2",
+                    "a098e6f2a14908c4220bcc59c872d331841b3d7beaaea945717439be15778a23",
+                    "9366c5124ceb956ef97059b5b649707c0732a85e6912232294d5e3bcb078dd7f",
+                    "5978e277d535ae6803d988ec03a5bb068a9930f4daf85ab966ac92278f59dabc",
+                    "d63b9fcd6e2a3da9965cd991c2280c0297f0ddf9b38000eda95181e4f02736f7",
+                    "6dde7661cbe3990f93ec05bfbd95f587bc857d576e79144f8c65cf9a36ae6c0c",
+                    "15c213fa11b0440a690133df83c63e7f2729eb1b41e7143291f98a4b9d29f7a5",
+                    "24770b17a0dff8ff2f9f2e593b7268a7626908c4753fa2dcae27535dc58442c3",
+                    "f9db0f7f33191a91a6a4acc1593d696b62c2a6c927c1144937e58793e2249f78",
+                    "43704d85c99c81841be1ecef92ad63d70050dda717ae6e176b62fa3133c52de2",
+                    "28c8c6f3c9e638e2736c296b97a3597608ad1d8f17cde25e270b6233d76621a5",
+                    "489a1579c940e2f4be4c7d47814e8dcc06e553e06418f826f47c973563ed42b8",
+                    "95d71c0954cefa05cfcf7714d48c6a91208d9aa72bd232a393795ee5e0c970b3",
+                    "9b363933d9304a7961a176a38585b509294769a7f8d2e49167e716582c6b0bf2",
+                    "09bb829f1336b37f91bb6537a6ba0a2ac3b81919f99b49c7cea118c5cc1f6d55",
+                    "7cca7d60a1503856ae962c4d98a8ad3d9fe22b3b0f1f09f2d2d66de27fc9d98e",
+                    "03a38ff6103211309f144831629678a03a36d87c8fd071f6c314d22d37184867",
+                    "fe6fad62d3e63eed458d33cfec58e20468d685bc21f69161f5f036bd5eb3c926",
+                    "dfa766780679c50e15c2d0c1f64bccf78f1bedca63f0522804dab50cc5e173b1",
+                    "e522387fcdded272d4382d03cccc979347e399abfef2319553022f5249ec7e9d"
+                ],
+                "mitre_attack_tags": []
+            },
+            {
+                "bi": "antivirus-service-flagged-artifact",
+                "hashes": [
+                    "d5f3c9eab2e825b6e670dd529d1bb2212baf54437bd56915ecd6932b1745328a",
+                    "9f0ab6f0b08a40138b4de3be8cd9c40333c4a5e30f476e632bfd715c20e7e1ba",
+                    "031f4d2eb9e330adfbe2767c568c49a45f8feada9d466b2f09f5cfa6c321760a",
+                    "846c29654222d6d540794abb5adff6da8aee5ecbc0f40ec9aec75610ff75f9d2",
+                    "a098e6f2a14908c4220bcc59c872d331841b3d7beaaea945717439be15778a23",
+                    "9366c5124ceb956ef97059b5b649707c0732a85e6912232294d5e3bcb078dd7f",
+                    "5978e277d535ae6803d988ec03a5bb068a9930f4daf85ab966ac92278f59dabc",
+                    "d63b9fcd6e2a3da9965cd991c2280c0297f0ddf9b38000eda95181e4f02736f7",
+                    "6dde7661cbe3990f93ec05bfbd95f587bc857d576e79144f8c65cf9a36ae6c0c",
+                    "15c213fa11b0440a690133df83c63e7f2729eb1b41e7143291f98a4b9d29f7a5",
+                    "24770b17a0dff8ff2f9f2e593b7268a7626908c4753fa2dcae27535dc58442c3",
+                    "f9db0f7f33191a91a6a4acc1593d696b62c2a6c927c1144937e58793e2249f78",
+                    "43704d85c99c81841be1ecef92ad63d70050dda717ae6e176b62fa3133c52de2",
+                    "28c8c6f3c9e638e2736c296b97a3597608ad1d8f17cde25e270b6233d76621a5",
+                    "489a1579c940e2f4be4c7d47814e8dcc06e553e06418f826f47c973563ed42b8",
+                    "95d71c0954cefa05cfcf7714d48c6a91208d9aa72bd232a393795ee5e0c970b3",
+                    "9b363933d9304a7961a176a38585b509294769a7f8d2e49167e716582c6b0bf2",
+                    "09bb829f1336b37f91bb6537a6ba0a2ac3b81919f99b49c7cea118c5cc1f6d55",
+                    "7cca7d60a1503856ae962c4d98a8ad3d9fe22b3b0f1f09f2d2d66de27fc9d98e",
+                    "03a38ff6103211309f144831629678a03a36d87c8fd071f6c314d22d37184867",
+                    "fe6fad62d3e63eed458d33cfec58e20468d685bc21f69161f5f036bd5eb3c926",
+                    "dfa766780679c50e15c2d0c1f64bccf78f1bedca63f0522804dab50cc5e173b1",
+                    "e522387fcdded272d4382d03cccc979347e399abfef2319553022f5249ec7e9d"
+                ],
+                "mitre_attack_tags": []
+            },
+            {
+                "bi": "cta-static-analyzer-malicious",
+                "hashes": [
+                    "d5f3c9eab2e825b6e670dd529d1bb2212baf54437bd56915ecd6932b1745328a",
+                    "9f0ab6f0b08a40138b4de3be8cd9c40333c4a5e30f476e632bfd715c20e7e1ba",
+                    "031f4d2eb9e330adfbe2767c568c49a45f8feada9d466b2f09f5cfa6c321760a",
+                    "846c29654222d6d540794abb5adff6da8aee5ecbc0f40ec9aec75610ff75f9d2",
+                    "a098e6f2a14908c4220bcc59c872d331841b3d7beaaea945717439be15778a23",
+                    "9366c5124ceb956ef97059b5b649707c0732a85e6912232294d5e3bcb078dd7f",
+                    "5978e277d535ae6803d988ec03a5bb068a9930f4daf85ab966ac92278f59dabc",
+                    "d63b9fcd6e2a3da9965cd991c2280c0297f0ddf9b38000eda95181e4f02736f7",
+                    "6dde7661cbe3990f93ec05bfbd95f587bc857d576e79144f8c65cf9a36ae6c0c",
+                    "15c213fa11b0440a690133df83c63e7f2729eb1b41e7143291f98a4b9d29f7a5",
+                    "24770b17a0dff8ff2f9f2e593b7268a7626908c4753fa2dcae27535dc58442c3",
+                    "f9db0f7f33191a91a6a4acc1593d696b62c2a6c927c1144937e58793e2249f78",
+                    "43704d85c99c81841be1ecef92ad63d70050dda717ae6e176b62fa3133c52de2",
+                    "28c8c6f3c9e638e2736c296b97a3597608ad1d8f17cde25e270b6233d76621a5",
+                    "489a1579c940e2f4be4c7d47814e8dcc06e553e06418f826f47c973563ed42b8",
+                    "95d71c0954cefa05cfcf7714d48c6a91208d9aa72bd232a393795ee5e0c970b3",
+                    "9b363933d9304a7961a176a38585b509294769a7f8d2e49167e716582c6b0bf2",
+                    "09bb829f1336b37f91bb6537a6ba0a2ac3b81919f99b49c7cea118c5cc1f6d55",
+                    "7cca7d60a1503856ae962c4d98a8ad3d9fe22b3b0f1f09f2d2d66de27fc9d98e",
+                    "03a38ff6103211309f144831629678a03a36d87c8fd071f6c314d22d37184867",
+                    "fe6fad62d3e63eed458d33cfec58e20468d685bc21f69161f5f036bd5eb3c926",
+                    "dfa766780679c50e15c2d0c1f64bccf78f1bedca63f0522804dab50cc5e173b1",
+                    "e522387fcdded272d4382d03cccc979347e399abfef2319553022f5249ec7e9d"
+                ],
+                "mitre_attack_tags": []
+            },
+            {
+                "bi": "artifact-flagged-anomaly",
+                "hashes": [
+                    "d5f3c9eab2e825b6e670dd529d1bb2212baf54437bd56915ecd6932b1745328a",
+                    "9f0ab6f0b08a40138b4de3be8cd9c40333c4a5e30f476e632bfd715c20e7e1ba",
+                    "031f4d2eb9e330adfbe2767c568c49a45f8feada9d466b2f09f5cfa6c321760a",
+                    "846c29654222d6d540794abb5adff6da8aee5ecbc0f40ec9aec75610ff75f9d2",
+                    "a098e6f2a14908c4220bcc59c872d331841b3d7beaaea945717439be15778a23",
+                    "9366c5124ceb956ef97059b5b649707c0732a85e6912232294d5e3bcb078dd7f",
+                    "5978e277d535ae6803d988ec03a5bb068a9930f4daf85ab966ac92278f59dabc",
+                    "d63b9fcd6e2a3da9965cd991c2280c0297f0ddf9b38000eda95181e4f02736f7",
+                    "6dde7661cbe3990f93ec05bfbd95f587bc857d576e79144f8c65cf9a36ae6c0c",
+                    "15c213fa11b0440a690133df83c63e7f2729eb1b41e7143291f98a4b9d29f7a5",
+                    "24770b17a0dff8ff2f9f2e593b7268a7626908c4753fa2dcae27535dc58442c3",
+                    "f9db0f7f33191a91a6a4acc1593d696b62c2a6c927c1144937e58793e2249f78",
+                    "43704d85c99c81841be1ecef92ad63d70050dda717ae6e176b62fa3133c52de2",
+                    "28c8c6f3c9e638e2736c296b97a3597608ad1d8f17cde25e270b6233d76621a5",
+                    "489a1579c940e2f4be4c7d47814e8dcc06e553e06418f826f47c973563ed42b8",
+                    "95d71c0954cefa05cfcf7714d48c6a91208d9aa72bd232a393795ee5e0c970b3",
+                    "9b363933d9304a7961a176a38585b509294769a7f8d2e49167e716582c6b0bf2",
+                    "09bb829f1336b37f91bb6537a6ba0a2ac3b81919f99b49c7cea118c5cc1f6d55",
+                    "7cca7d60a1503856ae962c4d98a8ad3d9fe22b3b0f1f09f2d2d66de27fc9d98e",
+                    "03a38ff6103211309f144831629678a03a36d87c8fd071f6c314d22d37184867",
+                    "fe6fad62d3e63eed458d33cfec58e20468d685bc21f69161f5f036bd5eb3c926",
+                    "dfa766780679c50e15c2d0c1f64bccf78f1bedca63f0522804dab50cc5e173b1",
+                    "e522387fcdded272d4382d03cccc979347e399abfef2319553022f5249ec7e9d"
+                ],
+                "mitre_attack_tags": [
+                    "TA0005",
+                    "T1027"
+                ]
+            },
+            {
+                "bi": "pe-section-execute-writable",
+                "hashes": [
+                    "d5f3c9eab2e825b6e670dd529d1bb2212baf54437bd56915ecd6932b1745328a",
+                    "9f0ab6f0b08a40138b4de3be8cd9c40333c4a5e30f476e632bfd715c20e7e1ba",
+                    "031f4d2eb9e330adfbe2767c568c49a45f8feada9d466b2f09f5cfa6c321760a",
+                    "846c29654222d6d540794abb5adff6da8aee5ecbc0f40ec9aec75610ff75f9d2",
+                    "a098e6f2a14908c4220bcc59c872d331841b3d7beaaea945717439be15778a23",
+                    "9366c5124ceb956ef97059b5b649707c0732a85e6912232294d5e3bcb078dd7f",
+                    "5978e277d535ae6803d988ec03a5bb068a9930f4daf85ab966ac92278f59dabc",
+                    "d63b9fcd6e2a3da9965cd991c2280c0297f0ddf9b38000eda95181e4f02736f7",
+                    "6dde7661cbe3990f93ec05bfbd95f587bc857d576e79144f8c65cf9a36ae6c0c",
+                    "15c213fa11b0440a690133df83c63e7f2729eb1b41e7143291f98a4b9d29f7a5",
+                    "24770b17a0dff8ff2f9f2e593b7268a7626908c4753fa2dcae27535dc58442c3",
+                    "f9db0f7f33191a91a6a4acc1593d696b62c2a6c927c1144937e58793e2249f78",
+                    "43704d85c99c81841be1ecef92ad63d70050dda717ae6e176b62fa3133c52de2",
+                    "28c8c6f3c9e638e2736c296b97a3597608ad1d8f17cde25e270b6233d76621a5",
+                    "489a1579c940e2f4be4c7d47814e8dcc06e553e06418f826f47c973563ed42b8",
+                    "95d71c0954cefa05cfcf7714d48c6a91208d9aa72bd232a393795ee5e0c970b3",
+                    "9b363933d9304a7961a176a38585b509294769a7f8d2e49167e716582c6b0bf2",
+                    "09bb829f1336b37f91bb6537a6ba0a2ac3b81919f99b49c7cea118c5cc1f6d55",
+                    "7cca7d60a1503856ae962c4d98a8ad3d9fe22b3b0f1f09f2d2d66de27fc9d98e",
+                    "03a38ff6103211309f144831629678a03a36d87c8fd071f6c314d22d37184867",
+                    "fe6fad62d3e63eed458d33cfec58e20468d685bc21f69161f5f036bd5eb3c926",
+                    "dfa766780679c50e15c2d0c1f64bccf78f1bedca63f0522804dab50cc5e173b1",
+                    "e522387fcdded272d4382d03cccc979347e399abfef2319553022f5249ec7e9d"
+                ],
+                "mitre_attack_tags": [
+                    "TA0005",
+                    "T1027"
+                ]
+            },
+            {
+                "bi": "network-fast-flux-domain",
+                "hashes": [
+                    "d5f3c9eab2e825b6e670dd529d1bb2212baf54437bd56915ecd6932b1745328a",
+                    "9f0ab6f0b08a40138b4de3be8cd9c40333c4a5e30f476e632bfd715c20e7e1ba",
+                    "031f4d2eb9e330adfbe2767c568c49a45f8feada9d466b2f09f5cfa6c321760a",
+                    "846c29654222d6d540794abb5adff6da8aee5ecbc0f40ec9aec75610ff75f9d2",
+                    "a098e6f2a14908c4220bcc59c872d331841b3d7beaaea945717439be15778a23",
+                    "9366c5124ceb956ef97059b5b649707c0732a85e6912232294d5e3bcb078dd7f",
+                    "5978e277d535ae6803d988ec03a5bb068a9930f4daf85ab966ac92278f59dabc",
+                    "d63b9fcd6e2a3da9965cd991c2280c0297f0ddf9b38000eda95181e4f02736f7",
+                    "6dde7661cbe3990f93ec05bfbd95f587bc857d576e79144f8c65cf9a36ae6c0c",
+                    "15c213fa11b0440a690133df83c63e7f2729eb1b41e7143291f98a4b9d29f7a5",
+                    "24770b17a0dff8ff2f9f2e593b7268a7626908c4753fa2dcae27535dc58442c3",
+                    "f9db0f7f33191a91a6a4acc1593d696b62c2a6c927c1144937e58793e2249f78",
+                    "43704d85c99c81841be1ecef92ad63d70050dda717ae6e176b62fa3133c52de2",
+                    "28c8c6f3c9e638e2736c296b97a3597608ad1d8f17cde25e270b6233d76621a5",
+                    "489a1579c940e2f4be4c7d47814e8dcc06e553e06418f826f47c973563ed42b8",
+                    "95d71c0954cefa05cfcf7714d48c6a91208d9aa72bd232a393795ee5e0c970b3",
+                    "9b363933d9304a7961a176a38585b509294769a7f8d2e49167e716582c6b0bf2",
+                    "09bb829f1336b37f91bb6537a6ba0a2ac3b81919f99b49c7cea118c5cc1f6d55",
+                    "7cca7d60a1503856ae962c4d98a8ad3d9fe22b3b0f1f09f2d2d66de27fc9d98e",
+                    "03a38ff6103211309f144831629678a03a36d87c8fd071f6c314d22d37184867",
+                    "fe6fad62d3e63eed458d33cfec58e20468d685bc21f69161f5f036bd5eb3c926",
+                    "dfa766780679c50e15c2d0c1f64bccf78f1bedca63f0522804dab50cc5e173b1",
+                    "e522387fcdded272d4382d03cccc979347e399abfef2319553022f5249ec7e9d"
+                ],
+                "mitre_attack_tags": []
+            },
+            {
+                "bi": "network-communications-http-get",
+                "hashes": [
+                    "d5f3c9eab2e825b6e670dd529d1bb2212baf54437bd56915ecd6932b1745328a",
+                    "9f0ab6f0b08a40138b4de3be8cd9c40333c4a5e30f476e632bfd715c20e7e1ba",
+                    "031f4d2eb9e330adfbe2767c568c49a45f8feada9d466b2f09f5cfa6c321760a",
+                    "846c29654222d6d540794abb5adff6da8aee5ecbc0f40ec9aec75610ff75f9d2",
+                    "a098e6f2a14908c4220bcc59c872d331841b3d7beaaea945717439be15778a23",
+                    "9366c5124ceb956ef97059b5b649707c0732a85e6912232294d5e3bcb078dd7f",
+                    "5978e277d535ae6803d988ec03a5bb068a9930f4daf85ab966ac92278f59dabc",
+                    "d63b9fcd6e2a3da9965cd991c2280c0297f0ddf9b38000eda95181e4f02736f7",
+                    "6dde7661cbe3990f93ec05bfbd95f587bc857d576e79144f8c65cf9a36ae6c0c",
+                    "15c213fa11b0440a690133df83c63e7f2729eb1b41e7143291f98a4b9d29f7a5",
+                    "24770b17a0dff8ff2f9f2e593b7268a7626908c4753fa2dcae27535dc58442c3",
+                    "f9db0f7f33191a91a6a4acc1593d696b62c2a6c927c1144937e58793e2249f78",
+                    "43704d85c99c81841be1ecef92ad63d70050dda717ae6e176b62fa3133c52de2",
+                    "28c8c6f3c9e638e2736c296b97a3597608ad1d8f17cde25e270b6233d76621a5",
+                    "489a1579c940e2f4be4c7d47814e8dcc06e553e06418f826f47c973563ed42b8",
+                    "95d71c0954cefa05cfcf7714d48c6a91208d9aa72bd232a393795ee5e0c970b3",
+                    "9b363933d9304a7961a176a38585b509294769a7f8d2e49167e716582c6b0bf2",
+                    "09bb829f1336b37f91bb6537a6ba0a2ac3b81919f99b49c7cea118c5cc1f6d55",
+                    "7cca7d60a1503856ae962c4d98a8ad3d9fe22b3b0f1f09f2d2d66de27fc9d98e",
+                    "03a38ff6103211309f144831629678a03a36d87c8fd071f6c314d22d37184867",
+                    "fe6fad62d3e63eed458d33cfec58e20468d685bc21f69161f5f036bd5eb3c926",
+                    "dfa766780679c50e15c2d0c1f64bccf78f1bedca63f0522804dab50cc5e173b1",
+                    "e522387fcdded272d4382d03cccc979347e399abfef2319553022f5249ec7e9d"
+                ],
+                "mitre_attack_tags": [
+                    "TA0011",
+                    "TA0010",
+                    "T1105",
+                    "T1043"
+                ]
+            },
+            {
+                "bi": "network-fast-flux-nameserver",
+                "hashes": [
+                    "d5f3c9eab2e825b6e670dd529d1bb2212baf54437bd56915ecd6932b1745328a",
+                    "9f0ab6f0b08a40138b4de3be8cd9c40333c4a5e30f476e632bfd715c20e7e1ba",
+                    "031f4d2eb9e330adfbe2767c568c49a45f8feada9d466b2f09f5cfa6c321760a",
+                    "846c29654222d6d540794abb5adff6da8aee5ecbc0f40ec9aec75610ff75f9d2",
+                    "a098e6f2a14908c4220bcc59c872d331841b3d7beaaea945717439be15778a23",
+                    "9366c5124ceb956ef97059b5b649707c0732a85e6912232294d5e3bcb078dd7f",
+                    "5978e277d535ae6803d988ec03a5bb068a9930f4daf85ab966ac92278f59dabc",
+                    "d63b9fcd6e2a3da9965cd991c2280c0297f0ddf9b38000eda95181e4f02736f7",
+                    "6dde7661cbe3990f93ec05bfbd95f587bc857d576e79144f8c65cf9a36ae6c0c",
+                    "15c213fa11b0440a690133df83c63e7f2729eb1b41e7143291f98a4b9d29f7a5",
+                    "24770b17a0dff8ff2f9f2e593b7268a7626908c4753fa2dcae27535dc58442c3",
+                    "f9db0f7f33191a91a6a4acc1593d696b62c2a6c927c1144937e58793e2249f78",
+                    "43704d85c99c81841be1ecef92ad63d70050dda717ae6e176b62fa3133c52de2",
+                    "28c8c6f3c9e638e2736c296b97a3597608ad1d8f17cde25e270b6233d76621a5",
+                    "489a1579c940e2f4be4c7d47814e8dcc06e553e06418f826f47c973563ed42b8",
+                    "95d71c0954cefa05cfcf7714d48c6a91208d9aa72bd232a393795ee5e0c970b3",
+                    "9b363933d9304a7961a176a38585b509294769a7f8d2e49167e716582c6b0bf2",
+                    "09bb829f1336b37f91bb6537a6ba0a2ac3b81919f99b49c7cea118c5cc1f6d55",
+                    "7cca7d60a1503856ae962c4d98a8ad3d9fe22b3b0f1f09f2d2d66de27fc9d98e",
+                    "03a38ff6103211309f144831629678a03a36d87c8fd071f6c314d22d37184867",
+                    "fe6fad62d3e63eed458d33cfec58e20468d685bc21f69161f5f036bd5eb3c926",
+                    "dfa766780679c50e15c2d0c1f64bccf78f1bedca63f0522804dab50cc5e173b1",
+                    "e522387fcdded272d4382d03cccc979347e399abfef2319553022f5249ec7e9d"
+                ],
+                "mitre_attack_tags": []
+            },
+            {
+                "bi": "dns-query-nxdomain",
+                "hashes": [
+                    "d5f3c9eab2e825b6e670dd529d1bb2212baf54437bd56915ecd6932b1745328a",
+                    "9f0ab6f0b08a40138b4de3be8cd9c40333c4a5e30f476e632bfd715c20e7e1ba",
+                    "031f4d2eb9e330adfbe2767c568c49a45f8feada9d466b2f09f5cfa6c321760a",
+                    "846c29654222d6d540794abb5adff6da8aee5ecbc0f40ec9aec75610ff75f9d2",
+                    "a098e6f2a14908c4220bcc59c872d331841b3d7beaaea945717439be15778a23",
+                    "9366c5124ceb956ef97059b5b649707c0732a85e6912232294d5e3bcb078dd7f",
+                    "5978e277d535ae6803d988ec03a5bb068a9930f4daf85ab966ac92278f59dabc",
+                    "d63b9fcd6e2a3da9965cd991c2280c0297f0ddf9b38000eda95181e4f02736f7",
+                    "6dde7661cbe3990f93ec05bfbd95f587bc857d576e79144f8c65cf9a36ae6c0c",
+                    "15c213fa11b0440a690133df83c63e7f2729eb1b41e7143291f98a4b9d29f7a5",
+                    "24770b17a0dff8ff2f9f2e593b7268a7626908c4753fa2dcae27535dc58442c3",
+                    "f9db0f7f33191a91a6a4acc1593d696b62c2a6c927c1144937e58793e2249f78",
+                    "43704d85c99c81841be1ecef92ad63d70050dda717ae6e176b62fa3133c52de2",
+                    "28c8c6f3c9e638e2736c296b97a3597608ad1d8f17cde25e270b6233d76621a5",
+                    "489a1579c940e2f4be4c7d47814e8dcc06e553e06418f826f47c973563ed42b8",
+                    "95d71c0954cefa05cfcf7714d48c6a91208d9aa72bd232a393795ee5e0c970b3",
+                    "9b363933d9304a7961a176a38585b509294769a7f8d2e49167e716582c6b0bf2",
+                    "09bb829f1336b37f91bb6537a6ba0a2ac3b81919f99b49c7cea118c5cc1f6d55",
+                    "7cca7d60a1503856ae962c4d98a8ad3d9fe22b3b0f1f09f2d2d66de27fc9d98e",
+                    "03a38ff6103211309f144831629678a03a36d87c8fd071f6c314d22d37184867",
+                    "fe6fad62d3e63eed458d33cfec58e20468d685bc21f69161f5f036bd5eb3c926",
+                    "dfa766780679c50e15c2d0c1f64bccf78f1bedca63f0522804dab50cc5e173b1",
+                    "e522387fcdded272d4382d03cccc979347e399abfef2319553022f5249ec7e9d"
+                ],
+                "mitre_attack_tags": []
+            },
+            {
+                "bi": "network-snort-protocol",
+                "hashes": [
+                    "d5f3c9eab2e825b6e670dd529d1bb2212baf54437bd56915ecd6932b1745328a",
+                    "9f0ab6f0b08a40138b4de3be8cd9c40333c4a5e30f476e632bfd715c20e7e1ba",
+                    "031f4d2eb9e330adfbe2767c568c49a45f8feada9d466b2f09f5cfa6c321760a",
+                    "846c29654222d6d540794abb5adff6da8aee5ecbc0f40ec9aec75610ff75f9d2",
+                    "a098e6f2a14908c4220bcc59c872d331841b3d7beaaea945717439be15778a23",
+                    "9366c5124ceb956ef97059b5b649707c0732a85e6912232294d5e3bcb078dd7f",
+                    "5978e277d535ae6803d988ec03a5bb068a9930f4daf85ab966ac92278f59dabc",
+                    "d63b9fcd6e2a3da9965cd991c2280c0297f0ddf9b38000eda95181e4f02736f7",
+                    "6dde7661cbe3990f93ec05bfbd95f587bc857d576e79144f8c65cf9a36ae6c0c",
+                    "15c213fa11b0440a690133df83c63e7f2729eb1b41e7143291f98a4b9d29f7a5",
+                    "24770b17a0dff8ff2f9f2e593b7268a7626908c4753fa2dcae27535dc58442c3",
+                    "f9db0f7f33191a91a6a4acc1593d696b62c2a6c927c1144937e58793e2249f78",
+                    "43704d85c99c81841be1ecef92ad63d70050dda717ae6e176b62fa3133c52de2",
+                    "28c8c6f3c9e638e2736c296b97a3597608ad1d8f17cde25e270b6233d76621a5",
+                    "489a1579c940e2f4be4c7d47814e8dcc06e553e06418f826f47c973563ed42b8",
+                    "95d71c0954cefa05cfcf7714d48c6a91208d9aa72bd232a393795ee5e0c970b3",
+                    "9b363933d9304a7961a176a38585b509294769a7f8d2e49167e716582c6b0bf2",
+                    "09bb829f1336b37f91bb6537a6ba0a2ac3b81919f99b49c7cea118c5cc1f6d55",
+                    "7cca7d60a1503856ae962c4d98a8ad3d9fe22b3b0f1f09f2d2d66de27fc9d98e",
+                    "03a38ff6103211309f144831629678a03a36d87c8fd071f6c314d22d37184867",
+                    "fe6fad62d3e63eed458d33cfec58e20468d685bc21f69161f5f036bd5eb3c926",
+                    "dfa766780679c50e15c2d0c1f64bccf78f1bedca63f0522804dab50cc5e173b1",
+                    "e522387fcdded272d4382d03cccc979347e399abfef2319553022f5249ec7e9d"
+                ],
+                "mitre_attack_tags": []
+            },
+            {
+                "bi": "network-only-safe-domains-contacted",
+                "hashes": [
+                    "d5f3c9eab2e825b6e670dd529d1bb2212baf54437bd56915ecd6932b1745328a",
+                    "9f0ab6f0b08a40138b4de3be8cd9c40333c4a5e30f476e632bfd715c20e7e1ba",
+                    "031f4d2eb9e330adfbe2767c568c49a45f8feada9d466b2f09f5cfa6c321760a",
+                    "846c29654222d6d540794abb5adff6da8aee5ecbc0f40ec9aec75610ff75f9d2",
+                    "a098e6f2a14908c4220bcc59c872d331841b3d7beaaea945717439be15778a23",
+                    "9366c5124ceb956ef97059b5b649707c0732a85e6912232294d5e3bcb078dd7f",
+                    "5978e277d535ae6803d988ec03a5bb068a9930f4daf85ab966ac92278f59dabc",
+                    "d63b9fcd6e2a3da9965cd991c2280c0297f0ddf9b38000eda95181e4f02736f7",
+                    "6dde7661cbe3990f93ec05bfbd95f587bc857d576e79144f8c65cf9a36ae6c0c",
+                    "15c213fa11b0440a690133df83c63e7f2729eb1b41e7143291f98a4b9d29f7a5",
+                    "24770b17a0dff8ff2f9f2e593b7268a7626908c4753fa2dcae27535dc58442c3",
+                    "f9db0f7f33191a91a6a4acc1593d696b62c2a6c927c1144937e58793e2249f78",
+                    "43704d85c99c81841be1ecef92ad63d70050dda717ae6e176b62fa3133c52de2",
+                    "28c8c6f3c9e638e2736c296b97a3597608ad1d8f17cde25e270b6233d76621a5",
+                    "489a1579c940e2f4be4c7d47814e8dcc06e553e06418f826f47c973563ed42b8",
+                    "95d71c0954cefa05cfcf7714d48c6a91208d9aa72bd232a393795ee5e0c970b3",
+                    "9b363933d9304a7961a176a38585b509294769a7f8d2e49167e716582c6b0bf2",
+                    "09bb829f1336b37f91bb6537a6ba0a2ac3b81919f99b49c7cea118c5cc1f6d55",
+                    "7cca7d60a1503856ae962c4d98a8ad3d9fe22b3b0f1f09f2d2d66de27fc9d98e",
+                    "03a38ff6103211309f144831629678a03a36d87c8fd071f6c314d22d37184867",
+                    "fe6fad62d3e63eed458d33cfec58e20468d685bc21f69161f5f036bd5eb3c926",
+                    "dfa766780679c50e15c2d0c1f64bccf78f1bedca63f0522804dab50cc5e173b1",
+                    "e522387fcdded272d4382d03cccc979347e399abfef2319553022f5249ec7e9d"
+                ],
+                "mitre_attack_tags": []
+            },
+            {
+                "bi": "feed-domain-banking",
+                "hashes": [
+                    "d5f3c9eab2e825b6e670dd529d1bb2212baf54437bd56915ecd6932b1745328a",
+                    "9f0ab6f0b08a40138b4de3be8cd9c40333c4a5e30f476e632bfd715c20e7e1ba",
+                    "031f4d2eb9e330adfbe2767c568c49a45f8feada9d466b2f09f5cfa6c321760a",
+                    "846c29654222d6d540794abb5adff6da8aee5ecbc0f40ec9aec75610ff75f9d2",
+                    "a098e6f2a14908c4220bcc59c872d331841b3d7beaaea945717439be15778a23",
+                    "9366c5124ceb956ef97059b5b649707c0732a85e6912232294d5e3bcb078dd7f",
+                    "5978e277d535ae6803d988ec03a5bb068a9930f4daf85ab966ac92278f59dabc",
+                    "d63b9fcd6e2a3da9965cd991c2280c0297f0ddf9b38000eda95181e4f02736f7",
+                    "6dde7661cbe3990f93ec05bfbd95f587bc857d576e79144f8c65cf9a36ae6c0c",
+                    "15c213fa11b0440a690133df83c63e7f2729eb1b41e7143291f98a4b9d29f7a5",
+                    "24770b17a0dff8ff2f9f2e593b7268a7626908c4753fa2dcae27535dc58442c3",
+                    "f9db0f7f33191a91a6a4acc1593d696b62c2a6c927c1144937e58793e2249f78",
+                    "43704d85c99c81841be1ecef92ad63d70050dda717ae6e176b62fa3133c52de2",
+                    "28c8c6f3c9e638e2736c296b97a3597608ad1d8f17cde25e270b6233d76621a5",
+                    "489a1579c940e2f4be4c7d47814e8dcc06e553e06418f826f47c973563ed42b8",
+                    "95d71c0954cefa05cfcf7714d48c6a91208d9aa72bd232a393795ee5e0c970b3",
+                    "9b363933d9304a7961a176a38585b509294769a7f8d2e49167e716582c6b0bf2",
+                    "09bb829f1336b37f91bb6537a6ba0a2ac3b81919f99b49c7cea118c5cc1f6d55",
+                    "7cca7d60a1503856ae962c4d98a8ad3d9fe22b3b0f1f09f2d2d66de27fc9d98e",
+                    "03a38ff6103211309f144831629678a03a36d87c8fd071f6c314d22d37184867",
+                    "fe6fad62d3e63eed458d33cfec58e20468d685bc21f69161f5f036bd5eb3c926",
+                    "dfa766780679c50e15c2d0c1f64bccf78f1bedca63f0522804dab50cc5e173b1",
+                    "e522387fcdded272d4382d03cccc979347e399abfef2319553022f5249ec7e9d"
+                ],
+                "mitre_attack_tags": []
+            },
+            {
+                "bi": "feed-domain-antivirus-service",
+                "hashes": [
+                    "d5f3c9eab2e825b6e670dd529d1bb2212baf54437bd56915ecd6932b1745328a",
+                    "9f0ab6f0b08a40138b4de3be8cd9c40333c4a5e30f476e632bfd715c20e7e1ba",
+                    "031f4d2eb9e330adfbe2767c568c49a45f8feada9d466b2f09f5cfa6c321760a",
+                    "846c29654222d6d540794abb5adff6da8aee5ecbc0f40ec9aec75610ff75f9d2",
+                    "a098e6f2a14908c4220bcc59c872d331841b3d7beaaea945717439be15778a23",
+                    "9366c5124ceb956ef97059b5b649707c0732a85e6912232294d5e3bcb078dd7f",
+                    "5978e277d535ae6803d988ec03a5bb068a9930f4daf85ab966ac92278f59dabc",
+                    "d63b9fcd6e2a3da9965cd991c2280c0297f0ddf9b38000eda95181e4f02736f7",
+                    "6dde7661cbe3990f93ec05bfbd95f587bc857d576e79144f8c65cf9a36ae6c0c",
+                    "15c213fa11b0440a690133df83c63e7f2729eb1b41e7143291f98a4b9d29f7a5",
+                    "24770b17a0dff8ff2f9f2e593b7268a7626908c4753fa2dcae27535dc58442c3",
+                    "f9db0f7f33191a91a6a4acc1593d696b62c2a6c927c1144937e58793e2249f78",
+                    "43704d85c99c81841be1ecef92ad63d70050dda717ae6e176b62fa3133c52de2",
+                    "28c8c6f3c9e638e2736c296b97a3597608ad1d8f17cde25e270b6233d76621a5",
+                    "489a1579c940e2f4be4c7d47814e8dcc06e553e06418f826f47c973563ed42b8",
+                    "95d71c0954cefa05cfcf7714d48c6a91208d9aa72bd232a393795ee5e0c970b3",
+                    "9b363933d9304a7961a176a38585b509294769a7f8d2e49167e716582c6b0bf2",
+                    "09bb829f1336b37f91bb6537a6ba0a2ac3b81919f99b49c7cea118c5cc1f6d55",
+                    "7cca7d60a1503856ae962c4d98a8ad3d9fe22b3b0f1f09f2d2d66de27fc9d98e",
+                    "03a38ff6103211309f144831629678a03a36d87c8fd071f6c314d22d37184867",
+                    "fe6fad62d3e63eed458d33cfec58e20468d685bc21f69161f5f036bd5eb3c926",
+                    "dfa766780679c50e15c2d0c1f64bccf78f1bedca63f0522804dab50cc5e173b1",
+                    "e522387fcdded272d4382d03cccc979347e399abfef2319553022f5249ec7e9d"
+                ],
+                "mitre_attack_tags": []
+            },
+            {
+                "bi": "http-response-client-error",
+                "hashes": [
+                    "d5f3c9eab2e825b6e670dd529d1bb2212baf54437bd56915ecd6932b1745328a",
+                    "9f0ab6f0b08a40138b4de3be8cd9c40333c4a5e30f476e632bfd715c20e7e1ba",
+                    "031f4d2eb9e330adfbe2767c568c49a45f8feada9d466b2f09f5cfa6c321760a",
+                    "846c29654222d6d540794abb5adff6da8aee5ecbc0f40ec9aec75610ff75f9d2",
+                    "a098e6f2a14908c4220bcc59c872d331841b3d7beaaea945717439be15778a23",
+                    "9366c5124ceb956ef97059b5b649707c0732a85e6912232294d5e3bcb078dd7f",
+                    "5978e277d535ae6803d988ec03a5bb068a9930f4daf85ab966ac92278f59dabc",
+                    "d63b9fcd6e2a3da9965cd991c2280c0297f0ddf9b38000eda95181e4f02736f7",
+                    "6dde7661cbe3990f93ec05bfbd95f587bc857d576e79144f8c65cf9a36ae6c0c",
+                    "15c213fa11b0440a690133df83c63e7f2729eb1b41e7143291f98a4b9d29f7a5",
+                    "24770b17a0dff8ff2f9f2e593b7268a7626908c4753fa2dcae27535dc58442c3",
+                    "f9db0f7f33191a91a6a4acc1593d696b62c2a6c927c1144937e58793e2249f78",
+                    "43704d85c99c81841be1ecef92ad63d70050dda717ae6e176b62fa3133c52de2",
+                    "28c8c6f3c9e638e2736c296b97a3597608ad1d8f17cde25e270b6233d76621a5",
+                    "489a1579c940e2f4be4c7d47814e8dcc06e553e06418f826f47c973563ed42b8",
+                    "95d71c0954cefa05cfcf7714d48c6a91208d9aa72bd232a393795ee5e0c970b3",
+                    "9b363933d9304a7961a176a38585b509294769a7f8d2e49167e716582c6b0bf2",
+                    "09bb829f1336b37f91bb6537a6ba0a2ac3b81919f99b49c7cea118c5cc1f6d55",
+                    "7cca7d60a1503856ae962c4d98a8ad3d9fe22b3b0f1f09f2d2d66de27fc9d98e",
+                    "03a38ff6103211309f144831629678a03a36d87c8fd071f6c314d22d37184867",
+                    "fe6fad62d3e63eed458d33cfec58e20468d685bc21f69161f5f036bd5eb3c926",
+                    "dfa766780679c50e15c2d0c1f64bccf78f1bedca63f0522804dab50cc5e173b1",
+                    "e522387fcdded272d4382d03cccc979347e399abfef2319553022f5249ec7e9d"
+                ],
+                "mitre_attack_tags": []
+            },
+            {
+                "bi": "deleted-submitted-file",
+                "hashes": [
+                    "d5f3c9eab2e825b6e670dd529d1bb2212baf54437bd56915ecd6932b1745328a",
+                    "9f0ab6f0b08a40138b4de3be8cd9c40333c4a5e30f476e632bfd715c20e7e1ba",
+                    "031f4d2eb9e330adfbe2767c568c49a45f8feada9d466b2f09f5cfa6c321760a",
+                    "846c29654222d6d540794abb5adff6da8aee5ecbc0f40ec9aec75610ff75f9d2",
+                    "a098e6f2a14908c4220bcc59c872d331841b3d7beaaea945717439be15778a23",
+                    "9366c5124ceb956ef97059b5b649707c0732a85e6912232294d5e3bcb078dd7f",
+                    "5978e277d535ae6803d988ec03a5bb068a9930f4daf85ab966ac92278f59dabc",
+                    "d63b9fcd6e2a3da9965cd991c2280c0297f0ddf9b38000eda95181e4f02736f7",
+                    "6dde7661cbe3990f93ec05bfbd95f587bc857d576e79144f8c65cf9a36ae6c0c",
+                    "15c213fa11b0440a690133df83c63e7f2729eb1b41e7143291f98a4b9d29f7a5",
+                    "24770b17a0dff8ff2f9f2e593b7268a7626908c4753fa2dcae27535dc58442c3",
+                    "f9db0f7f33191a91a6a4acc1593d696b62c2a6c927c1144937e58793e2249f78",
+                    "43704d85c99c81841be1ecef92ad63d70050dda717ae6e176b62fa3133c52de2",
+                    "28c8c6f3c9e638e2736c296b97a3597608ad1d8f17cde25e270b6233d76621a5",
+                    "489a1579c940e2f4be4c7d47814e8dcc06e553e06418f826f47c973563ed42b8",
+                    "95d71c0954cefa05cfcf7714d48c6a91208d9aa72bd232a393795ee5e0c970b3",
+                    "9b363933d9304a7961a176a38585b509294769a7f8d2e49167e716582c6b0bf2",
+                    "09bb829f1336b37f91bb6537a6ba0a2ac3b81919f99b49c7cea118c5cc1f6d55",
+                    "7cca7d60a1503856ae962c4d98a8ad3d9fe22b3b0f1f09f2d2d66de27fc9d98e",
+                    "03a38ff6103211309f144831629678a03a36d87c8fd071f6c314d22d37184867",
+                    "fe6fad62d3e63eed458d33cfec58e20468d685bc21f69161f5f036bd5eb3c926",
+                    "dfa766780679c50e15c2d0c1f64bccf78f1bedca63f0522804dab50cc5e173b1",
+                    "e522387fcdded272d4382d03cccc979347e399abfef2319553022f5249ec7e9d"
+                ],
+                "mitre_attack_tags": [
+                    "TA0005",
+                    "T1107"
+                ]
+            },
+            {
+                "bi": "registry-autorun-key-modified",
+                "hashes": [
+                    "d5f3c9eab2e825b6e670dd529d1bb2212baf54437bd56915ecd6932b1745328a",
+                    "9f0ab6f0b08a40138b4de3be8cd9c40333c4a5e30f476e632bfd715c20e7e1ba",
+                    "031f4d2eb9e330adfbe2767c568c49a45f8feada9d466b2f09f5cfa6c321760a",
+                    "846c29654222d6d540794abb5adff6da8aee5ecbc0f40ec9aec75610ff75f9d2",
+                    "a098e6f2a14908c4220bcc59c872d331841b3d7beaaea945717439be15778a23",
+                    "9366c5124ceb956ef97059b5b649707c0732a85e6912232294d5e3bcb078dd7f",
+                    "5978e277d535ae6803d988ec03a5bb068a9930f4daf85ab966ac92278f59dabc",
+                    "d63b9fcd6e2a3da9965cd991c2280c0297f0ddf9b38000eda95181e4f02736f7",
+                    "6dde7661cbe3990f93ec05bfbd95f587bc857d576e79144f8c65cf9a36ae6c0c",
+                    "15c213fa11b0440a690133df83c63e7f2729eb1b41e7143291f98a4b9d29f7a5",
+                    "24770b17a0dff8ff2f9f2e593b7268a7626908c4753fa2dcae27535dc58442c3",
+                    "f9db0f7f33191a91a6a4acc1593d696b62c2a6c927c1144937e58793e2249f78",
+                    "43704d85c99c81841be1ecef92ad63d70050dda717ae6e176b62fa3133c52de2",
+                    "28c8c6f3c9e638e2736c296b97a3597608ad1d8f17cde25e270b6233d76621a5",
+                    "489a1579c940e2f4be4c7d47814e8dcc06e553e06418f826f47c973563ed42b8",
+                    "95d71c0954cefa05cfcf7714d48c6a91208d9aa72bd232a393795ee5e0c970b3",
+                    "9b363933d9304a7961a176a38585b509294769a7f8d2e49167e716582c6b0bf2",
+                    "09bb829f1336b37f91bb6537a6ba0a2ac3b81919f99b49c7cea118c5cc1f6d55",
+                    "7cca7d60a1503856ae962c4d98a8ad3d9fe22b3b0f1f09f2d2d66de27fc9d98e",
+                    "03a38ff6103211309f144831629678a03a36d87c8fd071f6c314d22d37184867",
+                    "fe6fad62d3e63eed458d33cfec58e20468d685bc21f69161f5f036bd5eb3c926",
+                    "dfa766780679c50e15c2d0c1f64bccf78f1bedca63f0522804dab50cc5e173b1",
+                    "e522387fcdded272d4382d03cccc979347e399abfef2319553022f5249ec7e9d"
+                ],
+                "mitre_attack_tags": [
+                    "TA0003",
+                    "T1060"
+                ]
+            },
+            {
+                "bi": "potential-registry-persistence",
+                "hashes": [
+                    "d5f3c9eab2e825b6e670dd529d1bb2212baf54437bd56915ecd6932b1745328a",
+                    "9f0ab6f0b08a40138b4de3be8cd9c40333c4a5e30f476e632bfd715c20e7e1ba",
+                    "031f4d2eb9e330adfbe2767c568c49a45f8feada9d466b2f09f5cfa6c321760a",
+                    "846c29654222d6d540794abb5adff6da8aee5ecbc0f40ec9aec75610ff75f9d2",
+                    "a098e6f2a14908c4220bcc59c872d331841b3d7beaaea945717439be15778a23",
+                    "9366c5124ceb956ef97059b5b649707c0732a85e6912232294d5e3bcb078dd7f",
+                    "5978e277d535ae6803d988ec03a5bb068a9930f4daf85ab966ac92278f59dabc",
+                    "d63b9fcd6e2a3da9965cd991c2280c0297f0ddf9b38000eda95181e4f02736f7",
+                    "6dde7661cbe3990f93ec05bfbd95f587bc857d576e79144f8c65cf9a36ae6c0c",
+                    "15c213fa11b0440a690133df83c63e7f2729eb1b41e7143291f98a4b9d29f7a5",
+                    "24770b17a0dff8ff2f9f2e593b7268a7626908c4753fa2dcae27535dc58442c3",
+                    "f9db0f7f33191a91a6a4acc1593d696b62c2a6c927c1144937e58793e2249f78",
+                    "43704d85c99c81841be1ecef92ad63d70050dda717ae6e176b62fa3133c52de2",
+                    "28c8c6f3c9e638e2736c296b97a3597608ad1d8f17cde25e270b6233d76621a5",
+                    "489a1579c940e2f4be4c7d47814e8dcc06e553e06418f826f47c973563ed42b8",
+                    "95d71c0954cefa05cfcf7714d48c6a91208d9aa72bd232a393795ee5e0c970b3",
+                    "9b363933d9304a7961a176a38585b509294769a7f8d2e49167e716582c6b0bf2",
+                    "09bb829f1336b37f91bb6537a6ba0a2ac3b81919f99b49c7cea118c5cc1f6d55",
+                    "7cca7d60a1503856ae962c4d98a8ad3d9fe22b3b0f1f09f2d2d66de27fc9d98e",
+                    "03a38ff6103211309f144831629678a03a36d87c8fd071f6c314d22d37184867",
+                    "fe6fad62d3e63eed458d33cfec58e20468d685bc21f69161f5f036bd5eb3c926",
+                    "dfa766780679c50e15c2d0c1f64bccf78f1bedca63f0522804dab50cc5e173b1",
+                    "e522387fcdded272d4382d03cccc979347e399abfef2319553022f5249ec7e9d"
+                ],
+                "mitre_attack_tags": []
+            },
+            {
+                "bi": "http-response-redirect",
+                "hashes": [
+                    "d5f3c9eab2e825b6e670dd529d1bb2212baf54437bd56915ecd6932b1745328a",
+                    "9f0ab6f0b08a40138b4de3be8cd9c40333c4a5e30f476e632bfd715c20e7e1ba",
+                    "031f4d2eb9e330adfbe2767c568c49a45f8feada9d466b2f09f5cfa6c321760a",
+                    "846c29654222d6d540794abb5adff6da8aee5ecbc0f40ec9aec75610ff75f9d2",
+                    "a098e6f2a14908c4220bcc59c872d331841b3d7beaaea945717439be15778a23",
+                    "9366c5124ceb956ef97059b5b649707c0732a85e6912232294d5e3bcb078dd7f",
+                    "5978e277d535ae6803d988ec03a5bb068a9930f4daf85ab966ac92278f59dabc",
+                    "d63b9fcd6e2a3da9965cd991c2280c0297f0ddf9b38000eda95181e4f02736f7",
+                    "6dde7661cbe3990f93ec05bfbd95f587bc857d576e79144f8c65cf9a36ae6c0c",
+                    "15c213fa11b0440a690133df83c63e7f2729eb1b41e7143291f98a4b9d29f7a5",
+                    "24770b17a0dff8ff2f9f2e593b7268a7626908c4753fa2dcae27535dc58442c3",
+                    "f9db0f7f33191a91a6a4acc1593d696b62c2a6c927c1144937e58793e2249f78",
+                    "43704d85c99c81841be1ecef92ad63d70050dda717ae6e176b62fa3133c52de2",
+                    "28c8c6f3c9e638e2736c296b97a3597608ad1d8f17cde25e270b6233d76621a5",
+                    "489a1579c940e2f4be4c7d47814e8dcc06e553e06418f826f47c973563ed42b8",
+                    "95d71c0954cefa05cfcf7714d48c6a91208d9aa72bd232a393795ee5e0c970b3",
+                    "9b363933d9304a7961a176a38585b509294769a7f8d2e49167e716582c6b0bf2",
+                    "09bb829f1336b37f91bb6537a6ba0a2ac3b81919f99b49c7cea118c5cc1f6d55",
+                    "7cca7d60a1503856ae962c4d98a8ad3d9fe22b3b0f1f09f2d2d66de27fc9d98e",
+                    "03a38ff6103211309f144831629678a03a36d87c8fd071f6c314d22d37184867",
+                    "fe6fad62d3e63eed458d33cfec58e20468d685bc21f69161f5f036bd5eb3c926",
+                    "dfa766780679c50e15c2d0c1f64bccf78f1bedca63f0522804dab50cc5e173b1",
+                    "e522387fcdded272d4382d03cccc979347e399abfef2319553022f5249ec7e9d"
+                ],
+                "mitre_attack_tags": []
+            },
+            {
+                "bi": "pe-tls-callback",
+                "hashes": [
+                    "d5f3c9eab2e825b6e670dd529d1bb2212baf54437bd56915ecd6932b1745328a",
+                    "9f0ab6f0b08a40138b4de3be8cd9c40333c4a5e30f476e632bfd715c20e7e1ba",
+                    "031f4d2eb9e330adfbe2767c568c49a45f8feada9d466b2f09f5cfa6c321760a",
+                    "846c29654222d6d540794abb5adff6da8aee5ecbc0f40ec9aec75610ff75f9d2",
+                    "a098e6f2a14908c4220bcc59c872d331841b3d7beaaea945717439be15778a23",
+                    "9366c5124ceb956ef97059b5b649707c0732a85e6912232294d5e3bcb078dd7f",
+                    "5978e277d535ae6803d988ec03a5bb068a9930f4daf85ab966ac92278f59dabc",
+                    "d63b9fcd6e2a3da9965cd991c2280c0297f0ddf9b38000eda95181e4f02736f7",
+                    "6dde7661cbe3990f93ec05bfbd95f587bc857d576e79144f8c65cf9a36ae6c0c",
+                    "15c213fa11b0440a690133df83c63e7f2729eb1b41e7143291f98a4b9d29f7a5",
+                    "24770b17a0dff8ff2f9f2e593b7268a7626908c4753fa2dcae27535dc58442c3",
+                    "f9db0f7f33191a91a6a4acc1593d696b62c2a6c927c1144937e58793e2249f78",
+                    "43704d85c99c81841be1ecef92ad63d70050dda717ae6e176b62fa3133c52de2",
+                    "28c8c6f3c9e638e2736c296b97a3597608ad1d8f17cde25e270b6233d76621a5",
+                    "489a1579c940e2f4be4c7d47814e8dcc06e553e06418f826f47c973563ed42b8",
+                    "95d71c0954cefa05cfcf7714d48c6a91208d9aa72bd232a393795ee5e0c970b3",
+                    "9b363933d9304a7961a176a38585b509294769a7f8d2e49167e716582c6b0bf2",
+                    "09bb829f1336b37f91bb6537a6ba0a2ac3b81919f99b49c7cea118c5cc1f6d55",
+                    "7cca7d60a1503856ae962c4d98a8ad3d9fe22b3b0f1f09f2d2d66de27fc9d98e",
+                    "03a38ff6103211309f144831629678a03a36d87c8fd071f6c314d22d37184867",
+                    "fe6fad62d3e63eed458d33cfec58e20468d685bc21f69161f5f036bd5eb3c926",
+                    "dfa766780679c50e15c2d0c1f64bccf78f1bedca63f0522804dab50cc5e173b1",
+                    "e522387fcdded272d4382d03cccc979347e399abfef2319553022f5249ec7e9d"
+                ],
+                "mitre_attack_tags": [
+                    "TA0005",
+                    "T1027"
+                ]
+            },
+            {
+                "bi": "sample-pe-modified-on-disk",
+                "hashes": [
+                    "d5f3c9eab2e825b6e670dd529d1bb2212baf54437bd56915ecd6932b1745328a",
+                    "9f0ab6f0b08a40138b4de3be8cd9c40333c4a5e30f476e632bfd715c20e7e1ba",
+                    "031f4d2eb9e330adfbe2767c568c49a45f8feada9d466b2f09f5cfa6c321760a",
+                    "846c29654222d6d540794abb5adff6da8aee5ecbc0f40ec9aec75610ff75f9d2",
+                    "a098e6f2a14908c4220bcc59c872d331841b3d7beaaea945717439be15778a23",
+                    "9366c5124ceb956ef97059b5b649707c0732a85e6912232294d5e3bcb078dd7f",
+                    "5978e277d535ae6803d988ec03a5bb068a9930f4daf85ab966ac92278f59dabc",
+                    "d63b9fcd6e2a3da9965cd991c2280c0297f0ddf9b38000eda95181e4f02736f7",
+                    "6dde7661cbe3990f93ec05bfbd95f587bc857d576e79144f8c65cf9a36ae6c0c",
+                    "15c213fa11b0440a690133df83c63e7f2729eb1b41e7143291f98a4b9d29f7a5",
+                    "24770b17a0dff8ff2f9f2e593b7268a7626908c4753fa2dcae27535dc58442c3",
+                    "f9db0f7f33191a91a6a4acc1593d696b62c2a6c927c1144937e58793e2249f78",
+                    "43704d85c99c81841be1ecef92ad63d70050dda717ae6e176b62fa3133c52de2",
+                    "28c8c6f3c9e638e2736c296b97a3597608ad1d8f17cde25e270b6233d76621a5",
+                    "489a1579c940e2f4be4c7d47814e8dcc06e553e06418f826f47c973563ed42b8",
+                    "95d71c0954cefa05cfcf7714d48c6a91208d9aa72bd232a393795ee5e0c970b3",
+                    "9b363933d9304a7961a176a38585b509294769a7f8d2e49167e716582c6b0bf2",
+                    "09bb829f1336b37f91bb6537a6ba0a2ac3b81919f99b49c7cea118c5cc1f6d55",
+                    "7cca7d60a1503856ae962c4d98a8ad3d9fe22b3b0f1f09f2d2d66de27fc9d98e",
+                    "03a38ff6103211309f144831629678a03a36d87c8fd071f6c314d22d37184867",
+                    "fe6fad62d3e63eed458d33cfec58e20468d685bc21f69161f5f036bd5eb3c926",
+                    "dfa766780679c50e15c2d0c1f64bccf78f1bedca63f0522804dab50cc5e173b1",
+                    "e522387fcdded272d4382d03cccc979347e399abfef2319553022f5249ec7e9d"
+                ],
+                "mitre_attack_tags": [
+                    "TA0005",
+                    "T1202"
+                ]
+            },
+            {
+                "bi": "malware-compound-cta-activity",
+                "hashes": [
+                    "d5f3c9eab2e825b6e670dd529d1bb2212baf54437bd56915ecd6932b1745328a",
+                    "9f0ab6f0b08a40138b4de3be8cd9c40333c4a5e30f476e632bfd715c20e7e1ba",
+                    "031f4d2eb9e330adfbe2767c568c49a45f8feada9d466b2f09f5cfa6c321760a",
+                    "846c29654222d6d540794abb5adff6da8aee5ecbc0f40ec9aec75610ff75f9d2",
+                    "a098e6f2a14908c4220bcc59c872d331841b3d7beaaea945717439be15778a23",
+                    "9366c5124ceb956ef97059b5b649707c0732a85e6912232294d5e3bcb078dd7f",
+                    "5978e277d535ae6803d988ec03a5bb068a9930f4daf85ab966ac92278f59dabc",
+                    "d63b9fcd6e2a3da9965cd991c2280c0297f0ddf9b38000eda95181e4f02736f7",
+                    "6dde7661cbe3990f93ec05bfbd95f587bc857d576e79144f8c65cf9a36ae6c0c",
+                    "15c213fa11b0440a690133df83c63e7f2729eb1b41e7143291f98a4b9d29f7a5",
+                    "24770b17a0dff8ff2f9f2e593b7268a7626908c4753fa2dcae27535dc58442c3",
+                    "f9db0f7f33191a91a6a4acc1593d696b62c2a6c927c1144937e58793e2249f78",
+                    "43704d85c99c81841be1ecef92ad63d70050dda717ae6e176b62fa3133c52de2",
+                    "28c8c6f3c9e638e2736c296b97a3597608ad1d8f17cde25e270b6233d76621a5",
+                    "489a1579c940e2f4be4c7d47814e8dcc06e553e06418f826f47c973563ed42b8",
+                    "95d71c0954cefa05cfcf7714d48c6a91208d9aa72bd232a393795ee5e0c970b3",
+                    "9b363933d9304a7961a176a38585b509294769a7f8d2e49167e716582c6b0bf2",
+                    "09bb829f1336b37f91bb6537a6ba0a2ac3b81919f99b49c7cea118c5cc1f6d55",
+                    "7cca7d60a1503856ae962c4d98a8ad3d9fe22b3b0f1f09f2d2d66de27fc9d98e",
+                    "03a38ff6103211309f144831629678a03a36d87c8fd071f6c314d22d37184867",
+                    "fe6fad62d3e63eed458d33cfec58e20468d685bc21f69161f5f036bd5eb3c926",
+                    "dfa766780679c50e15c2d0c1f64bccf78f1bedca63f0522804dab50cc5e173b1",
+                    "e522387fcdded272d4382d03cccc979347e399abfef2319553022f5249ec7e9d"
+                ],
+                "mitre_attack_tags": []
+            },
+            {
+                "bi": "task-manager-disabled",
+                "hashes": [
+                    "d5f3c9eab2e825b6e670dd529d1bb2212baf54437bd56915ecd6932b1745328a",
+                    "9f0ab6f0b08a40138b4de3be8cd9c40333c4a5e30f476e632bfd715c20e7e1ba",
+                    "031f4d2eb9e330adfbe2767c568c49a45f8feada9d466b2f09f5cfa6c321760a",
+                    "846c29654222d6d540794abb5adff6da8aee5ecbc0f40ec9aec75610ff75f9d2",
+                    "a098e6f2a14908c4220bcc59c872d331841b3d7beaaea945717439be15778a23",
+                    "9366c5124ceb956ef97059b5b649707c0732a85e6912232294d5e3bcb078dd7f",
+                    "5978e277d535ae6803d988ec03a5bb068a9930f4daf85ab966ac92278f59dabc",
+                    "d63b9fcd6e2a3da9965cd991c2280c0297f0ddf9b38000eda95181e4f02736f7",
+                    "6dde7661cbe3990f93ec05bfbd95f587bc857d576e79144f8c65cf9a36ae6c0c",
+                    "15c213fa11b0440a690133df83c63e7f2729eb1b41e7143291f98a4b9d29f7a5",
+                    "24770b17a0dff8ff2f9f2e593b7268a7626908c4753fa2dcae27535dc58442c3",
+                    "f9db0f7f33191a91a6a4acc1593d696b62c2a6c927c1144937e58793e2249f78",
+                    "43704d85c99c81841be1ecef92ad63d70050dda717ae6e176b62fa3133c52de2",
+                    "28c8c6f3c9e638e2736c296b97a3597608ad1d8f17cde25e270b6233d76621a5",
+                    "489a1579c940e2f4be4c7d47814e8dcc06e553e06418f826f47c973563ed42b8",
+                    "95d71c0954cefa05cfcf7714d48c6a91208d9aa72bd232a393795ee5e0c970b3",
+                    "9b363933d9304a7961a176a38585b509294769a7f8d2e49167e716582c6b0bf2",
+                    "09bb829f1336b37f91bb6537a6ba0a2ac3b81919f99b49c7cea118c5cc1f6d55",
+                    "7cca7d60a1503856ae962c4d98a8ad3d9fe22b3b0f1f09f2d2d66de27fc9d98e",
+                    "03a38ff6103211309f144831629678a03a36d87c8fd071f6c314d22d37184867",
+                    "fe6fad62d3e63eed458d33cfec58e20468d685bc21f69161f5f036bd5eb3c926",
+                    "dfa766780679c50e15c2d0c1f64bccf78f1bedca63f0522804dab50cc5e173b1",
+                    "e522387fcdded272d4382d03cccc979347e399abfef2319553022f5249ec7e9d"
+                ],
+                "mitre_attack_tags": [
+                    "TA0005",
+                    "T1499"
+                ]
+            },
+            {
+                "bi": "pe-header-timestamp-prior",
+                "hashes": [
+                    "d5f3c9eab2e825b6e670dd529d1bb2212baf54437bd56915ecd6932b1745328a",
+                    "9f0ab6f0b08a40138b4de3be8cd9c40333c4a5e30f476e632bfd715c20e7e1ba",
+                    "031f4d2eb9e330adfbe2767c568c49a45f8feada9d466b2f09f5cfa6c321760a",
+                    "846c29654222d6d540794abb5adff6da8aee5ecbc0f40ec9aec75610ff75f9d2",
+                    "a098e6f2a14908c4220bcc59c872d331841b3d7beaaea945717439be15778a23",
+                    "9366c5124ceb956ef97059b5b649707c0732a85e6912232294d5e3bcb078dd7f",
+                    "5978e277d535ae6803d988ec03a5bb068a9930f4daf85ab966ac92278f59dabc",
+                    "d63b9fcd6e2a3da9965cd991c2280c0297f0ddf9b38000eda95181e4f02736f7",
+                    "6dde7661cbe3990f93ec05bfbd95f587bc857d576e79144f8c65cf9a36ae6c0c",
+                    "15c213fa11b0440a690133df83c63e7f2729eb1b41e7143291f98a4b9d29f7a5",
+                    "24770b17a0dff8ff2f9f2e593b7268a7626908c4753fa2dcae27535dc58442c3",
+                    "f9db0f7f33191a91a6a4acc1593d696b62c2a6c927c1144937e58793e2249f78",
+                    "43704d85c99c81841be1ecef92ad63d70050dda717ae6e176b62fa3133c52de2",
+                    "28c8c6f3c9e638e2736c296b97a3597608ad1d8f17cde25e270b6233d76621a5",
+                    "489a1579c940e2f4be4c7d47814e8dcc06e553e06418f826f47c973563ed42b8",
+                    "95d71c0954cefa05cfcf7714d48c6a91208d9aa72bd232a393795ee5e0c970b3",
+                    "9b363933d9304a7961a176a38585b509294769a7f8d2e49167e716582c6b0bf2",
+                    "09bb829f1336b37f91bb6537a6ba0a2ac3b81919f99b49c7cea118c5cc1f6d55",
+                    "7cca7d60a1503856ae962c4d98a8ad3d9fe22b3b0f1f09f2d2d66de27fc9d98e",
+                    "03a38ff6103211309f144831629678a03a36d87c8fd071f6c314d22d37184867",
+                    "fe6fad62d3e63eed458d33cfec58e20468d685bc21f69161f5f036bd5eb3c926",
+                    "dfa766780679c50e15c2d0c1f64bccf78f1bedca63f0522804dab50cc5e173b1",
+                    "e522387fcdded272d4382d03cccc979347e399abfef2319553022f5249ec7e9d"
+                ],
+                "mitre_attack_tags": []
+            },
+            {
+                "bi": "windows-os-reboot-detected",
+                "hashes": [
+                    "d5f3c9eab2e825b6e670dd529d1bb2212baf54437bd56915ecd6932b1745328a",
+                    "9f0ab6f0b08a40138b4de3be8cd9c40333c4a5e30f476e632bfd715c20e7e1ba",
+                    "031f4d2eb9e330adfbe2767c568c49a45f8feada9d466b2f09f5cfa6c321760a",
+                    "846c29654222d6d540794abb5adff6da8aee5ecbc0f40ec9aec75610ff75f9d2",
+                    "a098e6f2a14908c4220bcc59c872d331841b3d7beaaea945717439be15778a23",
+                    "9366c5124ceb956ef97059b5b649707c0732a85e6912232294d5e3bcb078dd7f",
+                    "5978e277d535ae6803d988ec03a5bb068a9930f4daf85ab966ac92278f59dabc",
+                    "d63b9fcd6e2a3da9965cd991c2280c0297f0ddf9b38000eda95181e4f02736f7",
+                    "6dde7661cbe3990f93ec05bfbd95f587bc857d576e79144f8c65cf9a36ae6c0c",
+                    "15c213fa11b0440a690133df83c63e7f2729eb1b41e7143291f98a4b9d29f7a5",
+                    "24770b17a0dff8ff2f9f2e593b7268a7626908c4753fa2dcae27535dc58442c3",
+                    "f9db0f7f33191a91a6a4acc1593d696b62c2a6c927c1144937e58793e2249f78",
+                    "43704d85c99c81841be1ecef92ad63d70050dda717ae6e176b62fa3133c52de2",
+                    "28c8c6f3c9e638e2736c296b97a3597608ad1d8f17cde25e270b6233d76621a5",
+                    "489a1579c940e2f4be4c7d47814e8dcc06e553e06418f826f47c973563ed42b8",
+                    "95d71c0954cefa05cfcf7714d48c6a91208d9aa72bd232a393795ee5e0c970b3",
+                    "9b363933d9304a7961a176a38585b509294769a7f8d2e49167e716582c6b0bf2",
+                    "09bb829f1336b37f91bb6537a6ba0a2ac3b81919f99b49c7cea118c5cc1f6d55",
+                    "7cca7d60a1503856ae962c4d98a8ad3d9fe22b3b0f1f09f2d2d66de27fc9d98e",
+                    "03a38ff6103211309f144831629678a03a36d87c8fd071f6c314d22d37184867",
+                    "fe6fad62d3e63eed458d33cfec58e20468d685bc21f69161f5f036bd5eb3c926",
+                    "dfa766780679c50e15c2d0c1f64bccf78f1bedca63f0522804dab50cc5e173b1",
+                    "e522387fcdded272d4382d03cccc979347e399abfef2319553022f5249ec7e9d"
+                ],
+                "mitre_attack_tags": [
+                    "TA0005"
+                ]
+            },
+            {
+                "bi": "pe-header-timestamp-null",
+                "hashes": [
+                    "d5f3c9eab2e825b6e670dd529d1bb2212baf54437bd56915ecd6932b1745328a",
+                    "9f0ab6f0b08a40138b4de3be8cd9c40333c4a5e30f476e632bfd715c20e7e1ba",
+                    "031f4d2eb9e330adfbe2767c568c49a45f8feada9d466b2f09f5cfa6c321760a",
+                    "846c29654222d6d540794abb5adff6da8aee5ecbc0f40ec9aec75610ff75f9d2",
+                    "a098e6f2a14908c4220bcc59c872d331841b3d7beaaea945717439be15778a23",
+                    "9366c5124ceb956ef97059b5b649707c0732a85e6912232294d5e3bcb078dd7f",
+                    "5978e277d535ae6803d988ec03a5bb068a9930f4daf85ab966ac92278f59dabc",
+                    "d63b9fcd6e2a3da9965cd991c2280c0297f0ddf9b38000eda95181e4f02736f7",
+                    "6dde7661cbe3990f93ec05bfbd95f587bc857d576e79144f8c65cf9a36ae6c0c",
+                    "15c213fa11b0440a690133df83c63e7f2729eb1b41e7143291f98a4b9d29f7a5",
+                    "24770b17a0dff8ff2f9f2e593b7268a7626908c4753fa2dcae27535dc58442c3",
+                    "f9db0f7f33191a91a6a4acc1593d696b62c2a6c927c1144937e58793e2249f78",
+                    "43704d85c99c81841be1ecef92ad63d70050dda717ae6e176b62fa3133c52de2",
+                    "28c8c6f3c9e638e2736c296b97a3597608ad1d8f17cde25e270b6233d76621a5",
+                    "489a1579c940e2f4be4c7d47814e8dcc06e553e06418f826f47c973563ed42b8",
+                    "95d71c0954cefa05cfcf7714d48c6a91208d9aa72bd232a393795ee5e0c970b3",
+                    "9b363933d9304a7961a176a38585b509294769a7f8d2e49167e716582c6b0bf2",
+                    "09bb829f1336b37f91bb6537a6ba0a2ac3b81919f99b49c7cea118c5cc1f6d55",
+                    "7cca7d60a1503856ae962c4d98a8ad3d9fe22b3b0f1f09f2d2d66de27fc9d98e",
+                    "03a38ff6103211309f144831629678a03a36d87c8fd071f6c314d22d37184867",
+                    "fe6fad62d3e63eed458d33cfec58e20468d685bc21f69161f5f036bd5eb3c926",
+                    "dfa766780679c50e15c2d0c1f64bccf78f1bedca63f0522804dab50cc5e173b1",
+                    "e522387fcdded272d4382d03cccc979347e399abfef2319553022f5249ec7e9d"
+                ],
+                "mitre_attack_tags": []
+            },
+            {
+                "bi": "sample-modified-deleted",
+                "hashes": [
+                    "d5f3c9eab2e825b6e670dd529d1bb2212baf54437bd56915ecd6932b1745328a",
+                    "9f0ab6f0b08a40138b4de3be8cd9c40333c4a5e30f476e632bfd715c20e7e1ba",
+                    "031f4d2eb9e330adfbe2767c568c49a45f8feada9d466b2f09f5cfa6c321760a",
+                    "846c29654222d6d540794abb5adff6da8aee5ecbc0f40ec9aec75610ff75f9d2",
+                    "a098e6f2a14908c4220bcc59c872d331841b3d7beaaea945717439be15778a23",
+                    "9366c5124ceb956ef97059b5b649707c0732a85e6912232294d5e3bcb078dd7f",
+                    "5978e277d535ae6803d988ec03a5bb068a9930f4daf85ab966ac92278f59dabc",
+                    "d63b9fcd6e2a3da9965cd991c2280c0297f0ddf9b38000eda95181e4f02736f7",
+                    "6dde7661cbe3990f93ec05bfbd95f587bc857d576e79144f8c65cf9a36ae6c0c",
+                    "15c213fa11b0440a690133df83c63e7f2729eb1b41e7143291f98a4b9d29f7a5",
+                    "24770b17a0dff8ff2f9f2e593b7268a7626908c4753fa2dcae27535dc58442c3",
+                    "f9db0f7f33191a91a6a4acc1593d696b62c2a6c927c1144937e58793e2249f78",
+                    "43704d85c99c81841be1ecef92ad63d70050dda717ae6e176b62fa3133c52de2",
+                    "28c8c6f3c9e638e2736c296b97a3597608ad1d8f17cde25e270b6233d76621a5",
+                    "489a1579c940e2f4be4c7d47814e8dcc06e553e06418f826f47c973563ed42b8",
+                    "95d71c0954cefa05cfcf7714d48c6a91208d9aa72bd232a393795ee5e0c970b3",
+                    "9b363933d9304a7961a176a38585b509294769a7f8d2e49167e716582c6b0bf2",
+                    "09bb829f1336b37f91bb6537a6ba0a2ac3b81919f99b49c7cea118c5cc1f6d55",
+                    "7cca7d60a1503856ae962c4d98a8ad3d9fe22b3b0f1f09f2d2d66de27fc9d98e",
+                    "03a38ff6103211309f144831629678a03a36d87c8fd071f6c314d22d37184867",
+                    "fe6fad62d3e63eed458d33cfec58e20468d685bc21f69161f5f036bd5eb3c926",
+                    "dfa766780679c50e15c2d0c1f64bccf78f1bedca63f0522804dab50cc5e173b1",
+                    "e522387fcdded272d4382d03cccc979347e399abfef2319553022f5249ec7e9d"
+                ],
+                "mitre_attack_tags": [
+                    "TA0005",
+                    "T1107"
+                ]
+            },
+            {
+                "bi": "malware-dridex-detected",
+                "hashes": [
+                    "d5f3c9eab2e825b6e670dd529d1bb2212baf54437bd56915ecd6932b1745328a",
+                    "9f0ab6f0b08a40138b4de3be8cd9c40333c4a5e30f476e632bfd715c20e7e1ba",
+                    "031f4d2eb9e330adfbe2767c568c49a45f8feada9d466b2f09f5cfa6c321760a",
+                    "846c29654222d6d540794abb5adff6da8aee5ecbc0f40ec9aec75610ff75f9d2",
+                    "a098e6f2a14908c4220bcc59c872d331841b3d7beaaea945717439be15778a23",
+                    "9366c5124ceb956ef97059b5b649707c0732a85e6912232294d5e3bcb078dd7f",
+                    "5978e277d535ae6803d988ec03a5bb068a9930f4daf85ab966ac92278f59dabc",
+                    "d63b9fcd6e2a3da9965cd991c2280c0297f0ddf9b38000eda95181e4f02736f7",
+                    "6dde7661cbe3990f93ec05bfbd95f587bc857d576e79144f8c65cf9a36ae6c0c",
+                    "15c213fa11b0440a690133df83c63e7f2729eb1b41e7143291f98a4b9d29f7a5",
+                    "24770b17a0dff8ff2f9f2e593b7268a7626908c4753fa2dcae27535dc58442c3",
+                    "f9db0f7f33191a91a6a4acc1593d696b62c2a6c927c1144937e58793e2249f78",
+                    "43704d85c99c81841be1ecef92ad63d70050dda717ae6e176b62fa3133c52de2",
+                    "28c8c6f3c9e638e2736c296b97a3597608ad1d8f17cde25e270b6233d76621a5",
+                    "489a1579c940e2f4be4c7d47814e8dcc06e553e06418f826f47c973563ed42b8",
+                    "95d71c0954cefa05cfcf7714d48c6a91208d9aa72bd232a393795ee5e0c970b3",
+                    "9b363933d9304a7961a176a38585b509294769a7f8d2e49167e716582c6b0bf2",
+                    "09bb829f1336b37f91bb6537a6ba0a2ac3b81919f99b49c7cea118c5cc1f6d55",
+                    "7cca7d60a1503856ae962c4d98a8ad3d9fe22b3b0f1f09f2d2d66de27fc9d98e",
+                    "03a38ff6103211309f144831629678a03a36d87c8fd071f6c314d22d37184867",
+                    "fe6fad62d3e63eed458d33cfec58e20468d685bc21f69161f5f036bd5eb3c926",
+                    "dfa766780679c50e15c2d0c1f64bccf78f1bedca63f0522804dab50cc5e173b1",
+                    "e522387fcdded272d4382d03cccc979347e399abfef2319553022f5249ec7e9d"
+                ],
+                "mitre_attack_tags": []
+            },
+            {
+                "bi": "url-pastebin-service",
+                "hashes": [
+                    "d5f3c9eab2e825b6e670dd529d1bb2212baf54437bd56915ecd6932b1745328a",
+                    "9f0ab6f0b08a40138b4de3be8cd9c40333c4a5e30f476e632bfd715c20e7e1ba",
+                    "031f4d2eb9e330adfbe2767c568c49a45f8feada9d466b2f09f5cfa6c321760a",
+                    "846c29654222d6d540794abb5adff6da8aee5ecbc0f40ec9aec75610ff75f9d2",
+                    "a098e6f2a14908c4220bcc59c872d331841b3d7beaaea945717439be15778a23",
+                    "9366c5124ceb956ef97059b5b649707c0732a85e6912232294d5e3bcb078dd7f",
+                    "5978e277d535ae6803d988ec03a5bb068a9930f4daf85ab966ac92278f59dabc",
+                    "d63b9fcd6e2a3da9965cd991c2280c0297f0ddf9b38000eda95181e4f02736f7",
+                    "6dde7661cbe3990f93ec05bfbd95f587bc857d576e79144f8c65cf9a36ae6c0c",
+                    "15c213fa11b0440a690133df83c63e7f2729eb1b41e7143291f98a4b9d29f7a5",
+                    "24770b17a0dff8ff2f9f2e593b7268a7626908c4753fa2dcae27535dc58442c3",
+                    "f9db0f7f33191a91a6a4acc1593d696b62c2a6c927c1144937e58793e2249f78",
+                    "43704d85c99c81841be1ecef92ad63d70050dda717ae6e176b62fa3133c52de2",
+                    "28c8c6f3c9e638e2736c296b97a3597608ad1d8f17cde25e270b6233d76621a5",
+                    "489a1579c940e2f4be4c7d47814e8dcc06e553e06418f826f47c973563ed42b8",
+                    "95d71c0954cefa05cfcf7714d48c6a91208d9aa72bd232a393795ee5e0c970b3",
+                    "9b363933d9304a7961a176a38585b509294769a7f8d2e49167e716582c6b0bf2",
+                    "09bb829f1336b37f91bb6537a6ba0a2ac3b81919f99b49c7cea118c5cc1f6d55",
+                    "7cca7d60a1503856ae962c4d98a8ad3d9fe22b3b0f1f09f2d2d66de27fc9d98e",
+                    "03a38ff6103211309f144831629678a03a36d87c8fd071f6c314d22d37184867",
+                    "fe6fad62d3e63eed458d33cfec58e20468d685bc21f69161f5f036bd5eb3c926",
+                    "dfa766780679c50e15c2d0c1f64bccf78f1bedca63f0522804dab50cc5e173b1",
+                    "e522387fcdded272d4382d03cccc979347e399abfef2319553022f5249ec7e9d"
+                ],
+                "mitre_attack_tags": [
+                    "TA0011",
+                    "T1102"
+                ]
+            },
+            {
+                "bi": "artifact-windows-task",
+                "hashes": [
+                    "d5f3c9eab2e825b6e670dd529d1bb2212baf54437bd56915ecd6932b1745328a",
+                    "9f0ab6f0b08a40138b4de3be8cd9c40333c4a5e30f476e632bfd715c20e7e1ba",
+                    "031f4d2eb9e330adfbe2767c568c49a45f8feada9d466b2f09f5cfa6c321760a",
+                    "846c29654222d6d540794abb5adff6da8aee5ecbc0f40ec9aec75610ff75f9d2",
+                    "a098e6f2a14908c4220bcc59c872d331841b3d7beaaea945717439be15778a23",
+                    "9366c5124ceb956ef97059b5b649707c0732a85e6912232294d5e3bcb078dd7f",
+                    "5978e277d535ae6803d988ec03a5bb068a9930f4daf85ab966ac92278f59dabc",
+                    "d63b9fcd6e2a3da9965cd991c2280c0297f0ddf9b38000eda95181e4f02736f7",
+                    "6dde7661cbe3990f93ec05bfbd95f587bc857d576e79144f8c65cf9a36ae6c0c",
+                    "15c213fa11b0440a690133df83c63e7f2729eb1b41e7143291f98a4b9d29f7a5",
+                    "24770b17a0dff8ff2f9f2e593b7268a7626908c4753fa2dcae27535dc58442c3",
+                    "f9db0f7f33191a91a6a4acc1593d696b62c2a6c927c1144937e58793e2249f78",
+                    "43704d85c99c81841be1ecef92ad63d70050dda717ae6e176b62fa3133c52de2",
+                    "28c8c6f3c9e638e2736c296b97a3597608ad1d8f17cde25e270b6233d76621a5",
+                    "489a1579c940e2f4be4c7d47814e8dcc06e553e06418f826f47c973563ed42b8",
+                    "95d71c0954cefa05cfcf7714d48c6a91208d9aa72bd232a393795ee5e0c970b3",
+                    "9b363933d9304a7961a176a38585b509294769a7f8d2e49167e716582c6b0bf2",
+                    "09bb829f1336b37f91bb6537a6ba0a2ac3b81919f99b49c7cea118c5cc1f6d55",
+                    "7cca7d60a1503856ae962c4d98a8ad3d9fe22b3b0f1f09f2d2d66de27fc9d98e",
+                    "fe6fad62d3e63eed458d33cfec58e20468d685bc21f69161f5f036bd5eb3c926",
+                    "dfa766780679c50e15c2d0c1f64bccf78f1bedca63f0522804dab50cc5e173b1",
+                    "e522387fcdded272d4382d03cccc979347e399abfef2319553022f5249ec7e9d"
+                ],
+                "mitre_attack_tags": [
+                    "TA0002",
+                    "TA0003",
+                    "T1053"
+                ]
+            },
+            {
+                "bi": "hook-installed",
+                "hashes": [
+                    "d5f3c9eab2e825b6e670dd529d1bb2212baf54437bd56915ecd6932b1745328a",
+                    "9f0ab6f0b08a40138b4de3be8cd9c40333c4a5e30f476e632bfd715c20e7e1ba",
+                    "031f4d2eb9e330adfbe2767c568c49a45f8feada9d466b2f09f5cfa6c321760a",
+                    "846c29654222d6d540794abb5adff6da8aee5ecbc0f40ec9aec75610ff75f9d2",
+                    "a098e6f2a14908c4220bcc59c872d331841b3d7beaaea945717439be15778a23",
+                    "9366c5124ceb956ef97059b5b649707c0732a85e6912232294d5e3bcb078dd7f",
+                    "5978e277d535ae6803d988ec03a5bb068a9930f4daf85ab966ac92278f59dabc",
+                    "d63b9fcd6e2a3da9965cd991c2280c0297f0ddf9b38000eda95181e4f02736f7",
+                    "15c213fa11b0440a690133df83c63e7f2729eb1b41e7143291f98a4b9d29f7a5",
+                    "24770b17a0dff8ff2f9f2e593b7268a7626908c4753fa2dcae27535dc58442c3",
+                    "f9db0f7f33191a91a6a4acc1593d696b62c2a6c927c1144937e58793e2249f78",
+                    "43704d85c99c81841be1ecef92ad63d70050dda717ae6e176b62fa3133c52de2",
+                    "28c8c6f3c9e638e2736c296b97a3597608ad1d8f17cde25e270b6233d76621a5",
+                    "489a1579c940e2f4be4c7d47814e8dcc06e553e06418f826f47c973563ed42b8",
+                    "95d71c0954cefa05cfcf7714d48c6a91208d9aa72bd232a393795ee5e0c970b3",
+                    "9b363933d9304a7961a176a38585b509294769a7f8d2e49167e716582c6b0bf2",
+                    "09bb829f1336b37f91bb6537a6ba0a2ac3b81919f99b49c7cea118c5cc1f6d55",
+                    "7cca7d60a1503856ae962c4d98a8ad3d9fe22b3b0f1f09f2d2d66de27fc9d98e",
+                    "03a38ff6103211309f144831629678a03a36d87c8fd071f6c314d22d37184867",
+                    "fe6fad62d3e63eed458d33cfec58e20468d685bc21f69161f5f036bd5eb3c926",
+                    "dfa766780679c50e15c2d0c1f64bccf78f1bedca63f0522804dab50cc5e173b1"
+                ],
+                "mitre_attack_tags": [
+                    "TA0006",
+                    "TA0003",
+                    "TA0004",
+                    "T1056",
+                    "T1179"
+                ]
+            },
+            {
+                "bi": "imports-IsDebuggerPresent",
+                "hashes": [
+                    "d5f3c9eab2e825b6e670dd529d1bb2212baf54437bd56915ecd6932b1745328a",
+                    "9f0ab6f0b08a40138b4de3be8cd9c40333c4a5e30f476e632bfd715c20e7e1ba",
+                    "031f4d2eb9e330adfbe2767c568c49a45f8feada9d466b2f09f5cfa6c321760a",
+                    "846c29654222d6d540794abb5adff6da8aee5ecbc0f40ec9aec75610ff75f9d2",
+                    "a098e6f2a14908c4220bcc59c872d331841b3d7beaaea945717439be15778a23",
+                    "9366c5124ceb956ef97059b5b649707c0732a85e6912232294d5e3bcb078dd7f",
+                    "5978e277d535ae6803d988ec03a5bb068a9930f4daf85ab966ac92278f59dabc",
+                    "d63b9fcd6e2a3da9965cd991c2280c0297f0ddf9b38000eda95181e4f02736f7",
+                    "15c213fa11b0440a690133df83c63e7f2729eb1b41e7143291f98a4b9d29f7a5",
+                    "24770b17a0dff8ff2f9f2e593b7268a7626908c4753fa2dcae27535dc58442c3",
+                    "f9db0f7f33191a91a6a4acc1593d696b62c2a6c927c1144937e58793e2249f78",
+                    "43704d85c99c81841be1ecef92ad63d70050dda717ae6e176b62fa3133c52de2",
+                    "28c8c6f3c9e638e2736c296b97a3597608ad1d8f17cde25e270b6233d76621a5",
+                    "489a1579c940e2f4be4c7d47814e8dcc06e553e06418f826f47c973563ed42b8",
+                    "95d71c0954cefa05cfcf7714d48c6a91208d9aa72bd232a393795ee5e0c970b3",
+                    "9b363933d9304a7961a176a38585b509294769a7f8d2e49167e716582c6b0bf2",
+                    "09bb829f1336b37f91bb6537a6ba0a2ac3b81919f99b49c7cea118c5cc1f6d55",
+                    "7cca7d60a1503856ae962c4d98a8ad3d9fe22b3b0f1f09f2d2d66de27fc9d98e",
+                    "fe6fad62d3e63eed458d33cfec58e20468d685bc21f69161f5f036bd5eb3c926",
+                    "dfa766780679c50e15c2d0c1f64bccf78f1bedca63f0522804dab50cc5e173b1"
+                ],
+                "mitre_attack_tags": []
+            },
+            {
+                "bi": "possible-dga-communication",
+                "hashes": [
+                    "9f0ab6f0b08a40138b4de3be8cd9c40333c4a5e30f476e632bfd715c20e7e1ba",
+                    "031f4d2eb9e330adfbe2767c568c49a45f8feada9d466b2f09f5cfa6c321760a",
+                    "846c29654222d6d540794abb5adff6da8aee5ecbc0f40ec9aec75610ff75f9d2",
+                    "9366c5124ceb956ef97059b5b649707c0732a85e6912232294d5e3bcb078dd7f",
+                    "d63b9fcd6e2a3da9965cd991c2280c0297f0ddf9b38000eda95181e4f02736f7",
+                    "6dde7661cbe3990f93ec05bfbd95f587bc857d576e79144f8c65cf9a36ae6c0c",
+                    "15c213fa11b0440a690133df83c63e7f2729eb1b41e7143291f98a4b9d29f7a5",
+                    "24770b17a0dff8ff2f9f2e593b7268a7626908c4753fa2dcae27535dc58442c3",
+                    "f9db0f7f33191a91a6a4acc1593d696b62c2a6c927c1144937e58793e2249f78",
+                    "28c8c6f3c9e638e2736c296b97a3597608ad1d8f17cde25e270b6233d76621a5",
+                    "95d71c0954cefa05cfcf7714d48c6a91208d9aa72bd232a393795ee5e0c970b3",
+                    "9b363933d9304a7961a176a38585b509294769a7f8d2e49167e716582c6b0bf2",
+                    "09bb829f1336b37f91bb6537a6ba0a2ac3b81919f99b49c7cea118c5cc1f6d55",
+                    "7cca7d60a1503856ae962c4d98a8ad3d9fe22b3b0f1f09f2d2d66de27fc9d98e",
+                    "03a38ff6103211309f144831629678a03a36d87c8fd071f6c314d22d37184867",
+                    "fe6fad62d3e63eed458d33cfec58e20468d685bc21f69161f5f036bd5eb3c926",
+                    "dfa766780679c50e15c2d0c1f64bccf78f1bedca63f0522804dab50cc5e173b1",
+                    "e522387fcdded272d4382d03cccc979347e399abfef2319553022f5249ec7e9d"
+                ],
+                "mitre_attack_tags": [
+                    "TA0011",
+                    "TA0005",
+                    "T1483"
+                ]
+            },
+            {
+                "bi": "dns-excessive-domain-queries",
+                "hashes": [
+                    "d63b9fcd6e2a3da9965cd991c2280c0297f0ddf9b38000eda95181e4f02736f7",
+                    "f9db0f7f33191a91a6a4acc1593d696b62c2a6c927c1144937e58793e2249f78",
+                    "fe6fad62d3e63eed458d33cfec58e20468d685bc21f69161f5f036bd5eb3c926",
+                    "dfa766780679c50e15c2d0c1f64bccf78f1bedca63f0522804dab50cc5e173b1"
+                ],
+                "mitre_attack_tags": [
+                    "TA0011",
+                    "T1008"
+                ]
+            },
+            {
+                "bi": "excessive-dns-query-nxdomain",
+                "hashes": [
+                    "d63b9fcd6e2a3da9965cd991c2280c0297f0ddf9b38000eda95181e4f02736f7",
+                    "f9db0f7f33191a91a6a4acc1593d696b62c2a6c927c1144937e58793e2249f78",
+                    "fe6fad62d3e63eed458d33cfec58e20468d685bc21f69161f5f036bd5eb3c926",
+                    "dfa766780679c50e15c2d0c1f64bccf78f1bedca63f0522804dab50cc5e173b1"
+                ],
+                "mitre_attack_tags": [
+                    "TA0011",
+                    "T1008"
+                ]
+            }
+        ],
+        "category": "Packed",
+        "coverage": {
+            "AMP": true,
+            "CWS": true,
+            "Cloudlock": false,
+            "Email Security": true,
+            "Network Security": false,
+            "Threat Grid": true,
+            "Umbrella": false,
+            "WSA": false
+        },
+        "description": "Dridex is a well-known banking trojan that aims to steal credentials and other sensitive information from an infected machine.",
+        "hashes": [
+            "031f4d2eb9e330adfbe2767c568c49a45f8feada9d466b2f09f5cfa6c321760a",
+            "03a38ff6103211309f144831629678a03a36d87c8fd071f6c314d22d37184867",
+            "09bb829f1336b37f91bb6537a6ba0a2ac3b81919f99b49c7cea118c5cc1f6d55",
+            "15c213fa11b0440a690133df83c63e7f2729eb1b41e7143291f98a4b9d29f7a5",
+            "24770b17a0dff8ff2f9f2e593b7268a7626908c4753fa2dcae27535dc58442c3",
+            "28c8c6f3c9e638e2736c296b97a3597608ad1d8f17cde25e270b6233d76621a5",
+            "43704d85c99c81841be1ecef92ad63d70050dda717ae6e176b62fa3133c52de2",
+            "489a1579c940e2f4be4c7d47814e8dcc06e553e06418f826f47c973563ed42b8",
+            "5978e277d535ae6803d988ec03a5bb068a9930f4daf85ab966ac92278f59dabc",
+            "6dde7661cbe3990f93ec05bfbd95f587bc857d576e79144f8c65cf9a36ae6c0c",
+            "7cca7d60a1503856ae962c4d98a8ad3d9fe22b3b0f1f09f2d2d66de27fc9d98e",
+            "846c29654222d6d540794abb5adff6da8aee5ecbc0f40ec9aec75610ff75f9d2",
+            "9366c5124ceb956ef97059b5b649707c0732a85e6912232294d5e3bcb078dd7f",
+            "95d71c0954cefa05cfcf7714d48c6a91208d9aa72bd232a393795ee5e0c970b3",
+            "9b363933d9304a7961a176a38585b509294769a7f8d2e49167e716582c6b0bf2",
+            "9f0ab6f0b08a40138b4de3be8cd9c40333c4a5e30f476e632bfd715c20e7e1ba",
+            "a098e6f2a14908c4220bcc59c872d331841b3d7beaaea945717439be15778a23",
+            "d5f3c9eab2e825b6e670dd529d1bb2212baf54437bd56915ecd6932b1745328a",
+            "d63b9fcd6e2a3da9965cd991c2280c0297f0ddf9b38000eda95181e4f02736f7",
+            "dfa766780679c50e15c2d0c1f64bccf78f1bedca63f0522804dab50cc5e173b1",
+            "e522387fcdded272d4382d03cccc979347e399abfef2319553022f5249ec7e9d",
+            "f9db0f7f33191a91a6a4acc1593d696b62c2a6c927c1144937e58793e2249f78",
+            "fe6fad62d3e63eed458d33cfec58e20468d685bc21f69161f5f036bd5eb3c926"
+        ],
+        "iocs": {
+            "domain": [
+                {
+                    "hashes": [
+                        "031f4d2eb9e330adfbe2767c568c49a45f8feada9d466b2f09f5cfa6c321760a",
+                        "03a38ff6103211309f144831629678a03a36d87c8fd071f6c314d22d37184867",
+                        "09bb829f1336b37f91bb6537a6ba0a2ac3b81919f99b49c7cea118c5cc1f6d55",
+                        "15c213fa11b0440a690133df83c63e7f2729eb1b41e7143291f98a4b9d29f7a5",
+                        "24770b17a0dff8ff2f9f2e593b7268a7626908c4753fa2dcae27535dc58442c3",
+                        "28c8c6f3c9e638e2736c296b97a3597608ad1d8f17cde25e270b6233d76621a5",
+                        "43704d85c99c81841be1ecef92ad63d70050dda717ae6e176b62fa3133c52de2",
+                        "489a1579c940e2f4be4c7d47814e8dcc06e553e06418f826f47c973563ed42b8",
+                        "5978e277d535ae6803d988ec03a5bb068a9930f4daf85ab966ac92278f59dabc",
+                        "6dde7661cbe3990f93ec05bfbd95f587bc857d576e79144f8c65cf9a36ae6c0c",
+                        "7cca7d60a1503856ae962c4d98a8ad3d9fe22b3b0f1f09f2d2d66de27fc9d98e",
+                        "846c29654222d6d540794abb5adff6da8aee5ecbc0f40ec9aec75610ff75f9d2",
+                        "9366c5124ceb956ef97059b5b649707c0732a85e6912232294d5e3bcb078dd7f",
+                        "95d71c0954cefa05cfcf7714d48c6a91208d9aa72bd232a393795ee5e0c970b3",
+                        "9b363933d9304a7961a176a38585b509294769a7f8d2e49167e716582c6b0bf2",
+                        "9f0ab6f0b08a40138b4de3be8cd9c40333c4a5e30f476e632bfd715c20e7e1ba",
+                        "a098e6f2a14908c4220bcc59c872d331841b3d7beaaea945717439be15778a23",
+                        "d5f3c9eab2e825b6e670dd529d1bb2212baf54437bd56915ecd6932b1745328a",
+                        "d63b9fcd6e2a3da9965cd991c2280c0297f0ddf9b38000eda95181e4f02736f7",
+                        "dfa766780679c50e15c2d0c1f64bccf78f1bedca63f0522804dab50cc5e173b1",
+                        "e522387fcdded272d4382d03cccc979347e399abfef2319553022f5249ec7e9d",
+                        "f9db0f7f33191a91a6a4acc1593d696b62c2a6c927c1144937e58793e2249f78",
+                        "fe6fad62d3e63eed458d33cfec58e20468d685bc21f69161f5f036bd5eb3c926"
+                    ],
+                    "host": "pastebin[.]com"
+                },
+                {
+                    "hashes": [
+                        "d63b9fcd6e2a3da9965cd991c2280c0297f0ddf9b38000eda95181e4f02736f7"
+                    ],
+                    "host": "www[.]llikaolgdj[.]com"
+                },
+                {
+                    "hashes": [
+                        "dfa766780679c50e15c2d0c1f64bccf78f1bedca63f0522804dab50cc5e173b1"
+                    ],
+                    "host": "www[.]zvslmngih2[.]com"
+                },
+                {
+                    "hashes": [
+                        "9f0ab6f0b08a40138b4de3be8cd9c40333c4a5e30f476e632bfd715c20e7e1ba"
+                    ],
+                    "host": "www[.]lckz9upvmu[.]com"
+                },
+                {
+                    "hashes": [
+                        "d63b9fcd6e2a3da9965cd991c2280c0297f0ddf9b38000eda95181e4f02736f7"
+                    ],
+                    "host": "www[.]0vl0yw9q6t[.]com"
+                },
+                {
+                    "hashes": [
+                        "9f0ab6f0b08a40138b4de3be8cd9c40333c4a5e30f476e632bfd715c20e7e1ba"
+                    ],
+                    "host": "www[.]6ibvmt1xkl[.]com"
+                },
+                {
+                    "hashes": [
+                        "e522387fcdded272d4382d03cccc979347e399abfef2319553022f5249ec7e9d"
+                    ],
+                    "host": "www[.]rbmh1eqrb4[.]com"
+                },
+                {
+                    "hashes": [
+                        "d63b9fcd6e2a3da9965cd991c2280c0297f0ddf9b38000eda95181e4f02736f7"
+                    ],
+                    "host": "www[.]2qwndfmzqo[.]com"
+                },
+                {
+                    "hashes": [
+                        "f9db0f7f33191a91a6a4acc1593d696b62c2a6c927c1144937e58793e2249f78"
+                    ],
+                    "host": "www[.]puipgy6zfi[.]com"
+                },
+                {
+                    "hashes": [
+                        "dfa766780679c50e15c2d0c1f64bccf78f1bedca63f0522804dab50cc5e173b1"
+                    ],
+                    "host": "www[.]cinj4ytc6j[.]com"
+                },
+                {
+                    "hashes": [
+                        "fe6fad62d3e63eed458d33cfec58e20468d685bc21f69161f5f036bd5eb3c926"
+                    ],
+                    "host": "www[.]lkzcbgbctx[.]com"
+                },
+                {
+                    "hashes": [
+                        "9f0ab6f0b08a40138b4de3be8cd9c40333c4a5e30f476e632bfd715c20e7e1ba"
+                    ],
+                    "host": "www[.]cv9a9ljdwv[.]com"
+                },
+                {
+                    "hashes": [
+                        "e522387fcdded272d4382d03cccc979347e399abfef2319553022f5249ec7e9d"
+                    ],
+                    "host": "www[.]sbduzmckjw[.]com"
+                },
+                {
+                    "hashes": [
+                        "f9db0f7f33191a91a6a4acc1593d696b62c2a6c927c1144937e58793e2249f78"
+                    ],
+                    "host": "www[.]k6ae4xlzib[.]com"
+                },
+                {
+                    "hashes": [
+                        "dfa766780679c50e15c2d0c1f64bccf78f1bedca63f0522804dab50cc5e173b1"
+                    ],
+                    "host": "www[.]0arvkcizhw[.]com"
+                },
+                {
+                    "hashes": [
+                        "fe6fad62d3e63eed458d33cfec58e20468d685bc21f69161f5f036bd5eb3c926"
+                    ],
+                    "host": "www[.]opxgrcvh9o[.]com"
+                },
+                {
+                    "hashes": [
+                        "e522387fcdded272d4382d03cccc979347e399abfef2319553022f5249ec7e9d"
+                    ],
+                    "host": "www[.]rkakmp5gxz[.]com"
+                },
+                {
+                    "hashes": [
+                        "f9db0f7f33191a91a6a4acc1593d696b62c2a6c927c1144937e58793e2249f78"
+                    ],
+                    "host": "www[.]cbobvzqelf[.]com"
+                },
+                {
+                    "hashes": [
+                        "fe6fad62d3e63eed458d33cfec58e20468d685bc21f69161f5f036bd5eb3c926"
+                    ],
+                    "host": "www[.]jh2hxge6zy[.]com"
+                },
+                {
+                    "hashes": [
+                        "9f0ab6f0b08a40138b4de3be8cd9c40333c4a5e30f476e632bfd715c20e7e1ba"
+                    ],
+                    "host": "www[.]ehtiatdjsv[.]com"
+                },
+                {
+                    "hashes": [
+                        "e522387fcdded272d4382d03cccc979347e399abfef2319553022f5249ec7e9d"
+                    ],
+                    "host": "www[.]dddu3yqvme[.]com"
+                },
+                {
+                    "hashes": [
+                        "f9db0f7f33191a91a6a4acc1593d696b62c2a6c927c1144937e58793e2249f78"
+                    ],
+                    "host": "www[.]wha0vpzn3c[.]com"
+                },
+                {
+                    "hashes": [
+                        "fe6fad62d3e63eed458d33cfec58e20468d685bc21f69161f5f036bd5eb3c926"
+                    ],
+                    "host": "www[.]ztxacd7o1j[.]com"
+                },
+                {
+                    "hashes": [
+                        "9f0ab6f0b08a40138b4de3be8cd9c40333c4a5e30f476e632bfd715c20e7e1ba"
+                    ],
+                    "host": "www[.]r5d42mselb[.]com"
+                },
+                {
+                    "hashes": [
+                        "f9db0f7f33191a91a6a4acc1593d696b62c2a6c927c1144937e58793e2249f78"
+                    ],
+                    "host": "www[.]yhbkncfupy[.]com"
+                },
+                {
+                    "hashes": [
+                        "fe6fad62d3e63eed458d33cfec58e20468d685bc21f69161f5f036bd5eb3c926"
+                    ],
+                    "host": "www[.]glj24iaof9[.]com"
+                },
+                {
+                    "hashes": [
+                        "9f0ab6f0b08a40138b4de3be8cd9c40333c4a5e30f476e632bfd715c20e7e1ba"
+                    ],
+                    "host": "www[.]bmnq8uo5cp[.]com"
+                },
+                {
+                    "hashes": [
+                        "e522387fcdded272d4382d03cccc979347e399abfef2319553022f5249ec7e9d"
+                    ],
+                    "host": "www[.]bpx615hrfk[.]com"
+                },
+                {
+                    "hashes": [
+                        "f9db0f7f33191a91a6a4acc1593d696b62c2a6c927c1144937e58793e2249f78"
+                    ],
+                    "host": "www[.]l9sj8pu5yc[.]com"
+                },
+                {
+                    "hashes": [
+                        "fe6fad62d3e63eed458d33cfec58e20468d685bc21f69161f5f036bd5eb3c926"
+                    ],
+                    "host": "www[.]vzdjct2zps[.]com"
+                },
+                {
+                    "hashes": [
+                        "9f0ab6f0b08a40138b4de3be8cd9c40333c4a5e30f476e632bfd715c20e7e1ba"
+                    ],
+                    "host": "www[.]lznjta3oev[.]com"
+                },
+                {
+                    "hashes": [
+                        "e522387fcdded272d4382d03cccc979347e399abfef2319553022f5249ec7e9d"
+                    ],
+                    "host": "www[.]hf66jhhwbw[.]com"
+                },
+                {
+                    "hashes": [
+                        "f9db0f7f33191a91a6a4acc1593d696b62c2a6c927c1144937e58793e2249f78"
+                    ],
+                    "host": "www[.]0ffaffdlmn[.]com"
+                },
+                {
+                    "hashes": [
+                        "fe6fad62d3e63eed458d33cfec58e20468d685bc21f69161f5f036bd5eb3c926"
+                    ],
+                    "host": "www[.]qryqt3kcej[.]com"
+                },
+                {
+                    "hashes": [
+                        "f9db0f7f33191a91a6a4acc1593d696b62c2a6c927c1144937e58793e2249f78"
+                    ],
+                    "host": "www[.]nsaevyfnmj[.]com"
+                },
+                {
+                    "hashes": [
+                        "e522387fcdded272d4382d03cccc979347e399abfef2319553022f5249ec7e9d"
+                    ],
+                    "host": "www[.]vpg6u1ulw5[.]com"
+                },
+                {
+                    "hashes": [
+                        "fe6fad62d3e63eed458d33cfec58e20468d685bc21f69161f5f036bd5eb3c926"
+                    ],
+                    "host": "www[.]djdnabtte0[.]com"
+                },
+                {
+                    "hashes": [
+                        "f9db0f7f33191a91a6a4acc1593d696b62c2a6c927c1144937e58793e2249f78"
+                    ],
+                    "host": "www[.]u1sgzd048q[.]com"
+                },
+                {
+                    "hashes": [
+                        "e522387fcdded272d4382d03cccc979347e399abfef2319553022f5249ec7e9d"
+                    ],
+                    "host": "www[.]dizyb18lcf[.]com"
+                },
+                {
+                    "hashes": [
+                        "fe6fad62d3e63eed458d33cfec58e20468d685bc21f69161f5f036bd5eb3c926"
+                    ],
+                    "host": "www[.]qqmkdeblo4[.]com"
+                },
+                {
+                    "hashes": [
+                        "f9db0f7f33191a91a6a4acc1593d696b62c2a6c927c1144937e58793e2249f78"
+                    ],
+                    "host": "www[.]gsop0488i4[.]com"
+                },
+                {
+                    "hashes": [
+                        "fe6fad62d3e63eed458d33cfec58e20468d685bc21f69161f5f036bd5eb3c926"
+                    ],
+                    "host": "www[.]z1vbwnryta[.]com"
+                },
+                {
+                    "hashes": [
+                        "fe6fad62d3e63eed458d33cfec58e20468d685bc21f69161f5f036bd5eb3c926"
+                    ],
+                    "host": "www[.]hmijkale2q[.]com"
+                },
+                {
+                    "hashes": [
+                        "f9db0f7f33191a91a6a4acc1593d696b62c2a6c927c1144937e58793e2249f78"
+                    ],
+                    "host": "www[.]zj2peapofa[.]com"
+                },
+                {
+                    "hashes": [
+                        "f9db0f7f33191a91a6a4acc1593d696b62c2a6c927c1144937e58793e2249f78"
+                    ],
+                    "host": "www[.]9ruqedkcy5[.]com"
+                },
+                {
+                    "hashes": [
+                        "fe6fad62d3e63eed458d33cfec58e20468d685bc21f69161f5f036bd5eb3c926"
+                    ],
+                    "host": "www[.]tsgimzq6qr[.]com"
+                },
+                {
+                    "hashes": [
+                        "f9db0f7f33191a91a6a4acc1593d696b62c2a6c927c1144937e58793e2249f78"
+                    ],
+                    "host": "www[.]kcdiwhiwcv[.]com"
+                },
+                {
+                    "hashes": [
+                        "fe6fad62d3e63eed458d33cfec58e20468d685bc21f69161f5f036bd5eb3c926"
+                    ],
+                    "host": "www[.]cfvycj65hc[.]com"
+                },
+                {
+                    "hashes": [
+                        "f9db0f7f33191a91a6a4acc1593d696b62c2a6c927c1144937e58793e2249f78"
+                    ],
+                    "host": "www[.]tpzzvsfurs[.]com"
+                },
+                {
+                    "hashes": [
+                        "fe6fad62d3e63eed458d33cfec58e20468d685bc21f69161f5f036bd5eb3c926"
+                    ],
+                    "host": "www[.]9dcol3x0mc[.]com"
+                }
+            ],
+            "file": [
+                {
+                    "hashes": [
+                        "031f4d2eb9e330adfbe2767c568c49a45f8feada9d466b2f09f5cfa6c321760a",
+                        "03a38ff6103211309f144831629678a03a36d87c8fd071f6c314d22d37184867",
+                        "09bb829f1336b37f91bb6537a6ba0a2ac3b81919f99b49c7cea118c5cc1f6d55",
+                        "15c213fa11b0440a690133df83c63e7f2729eb1b41e7143291f98a4b9d29f7a5",
+                        "24770b17a0dff8ff2f9f2e593b7268a7626908c4753fa2dcae27535dc58442c3",
+                        "28c8c6f3c9e638e2736c296b97a3597608ad1d8f17cde25e270b6233d76621a5",
+                        "43704d85c99c81841be1ecef92ad63d70050dda717ae6e176b62fa3133c52de2",
+                        "489a1579c940e2f4be4c7d47814e8dcc06e553e06418f826f47c973563ed42b8",
+                        "5978e277d535ae6803d988ec03a5bb068a9930f4daf85ab966ac92278f59dabc",
+                        "6dde7661cbe3990f93ec05bfbd95f587bc857d576e79144f8c65cf9a36ae6c0c",
+                        "846c29654222d6d540794abb5adff6da8aee5ecbc0f40ec9aec75610ff75f9d2",
+                        "9366c5124ceb956ef97059b5b649707c0732a85e6912232294d5e3bcb078dd7f",
+                        "95d71c0954cefa05cfcf7714d48c6a91208d9aa72bd232a393795ee5e0c970b3",
+                        "9b363933d9304a7961a176a38585b509294769a7f8d2e49167e716582c6b0bf2",
+                        "9f0ab6f0b08a40138b4de3be8cd9c40333c4a5e30f476e632bfd715c20e7e1ba",
+                        "a098e6f2a14908c4220bcc59c872d331841b3d7beaaea945717439be15778a23",
+                        "d5f3c9eab2e825b6e670dd529d1bb2212baf54437bd56915ecd6932b1745328a",
+                        "d63b9fcd6e2a3da9965cd991c2280c0297f0ddf9b38000eda95181e4f02736f7",
+                        "dfa766780679c50e15c2d0c1f64bccf78f1bedca63f0522804dab50cc5e173b1",
+                        "e522387fcdded272d4382d03cccc979347e399abfef2319553022f5249ec7e9d",
+                        "f9db0f7f33191a91a6a4acc1593d696b62c2a6c927c1144937e58793e2249f78",
+                        "fe6fad62d3e63eed458d33cfec58e20468d685bc21f69161f5f036bd5eb3c926"
+                    ],
+                    "path": "<malware cwd>\\old_<malware exe name> (copy)"
+                },
+                {
+                    "hashes": [
+                        "43704d85c99c81841be1ecef92ad63d70050dda717ae6e176b62fa3133c52de2"
+                    ],
+                    "path": "\\TEMP\\2794388cf801e19b2e67e1e05565962b.exe"
+                }
+            ],
+            "ip": [
+                {
+                    "hashes": [
+                        "031f4d2eb9e330adfbe2767c568c49a45f8feada9d466b2f09f5cfa6c321760a",
+                        "03a38ff6103211309f144831629678a03a36d87c8fd071f6c314d22d37184867",
+                        "09bb829f1336b37f91bb6537a6ba0a2ac3b81919f99b49c7cea118c5cc1f6d55",
+                        "15c213fa11b0440a690133df83c63e7f2729eb1b41e7143291f98a4b9d29f7a5",
+                        "24770b17a0dff8ff2f9f2e593b7268a7626908c4753fa2dcae27535dc58442c3",
+                        "28c8c6f3c9e638e2736c296b97a3597608ad1d8f17cde25e270b6233d76621a5",
+                        "43704d85c99c81841be1ecef92ad63d70050dda717ae6e176b62fa3133c52de2",
+                        "489a1579c940e2f4be4c7d47814e8dcc06e553e06418f826f47c973563ed42b8",
+                        "5978e277d535ae6803d988ec03a5bb068a9930f4daf85ab966ac92278f59dabc",
+                        "6dde7661cbe3990f93ec05bfbd95f587bc857d576e79144f8c65cf9a36ae6c0c",
+                        "7cca7d60a1503856ae962c4d98a8ad3d9fe22b3b0f1f09f2d2d66de27fc9d98e",
+                        "846c29654222d6d540794abb5adff6da8aee5ecbc0f40ec9aec75610ff75f9d2",
+                        "9366c5124ceb956ef97059b5b649707c0732a85e6912232294d5e3bcb078dd7f",
+                        "95d71c0954cefa05cfcf7714d48c6a91208d9aa72bd232a393795ee5e0c970b3",
+                        "9b363933d9304a7961a176a38585b509294769a7f8d2e49167e716582c6b0bf2",
+                        "9f0ab6f0b08a40138b4de3be8cd9c40333c4a5e30f476e632bfd715c20e7e1ba",
+                        "a098e6f2a14908c4220bcc59c872d331841b3d7beaaea945717439be15778a23",
+                        "d5f3c9eab2e825b6e670dd529d1bb2212baf54437bd56915ecd6932b1745328a",
+                        "d63b9fcd6e2a3da9965cd991c2280c0297f0ddf9b38000eda95181e4f02736f7",
+                        "dfa766780679c50e15c2d0c1f64bccf78f1bedca63f0522804dab50cc5e173b1",
+                        "e522387fcdded272d4382d03cccc979347e399abfef2319553022f5249ec7e9d",
+                        "f9db0f7f33191a91a6a4acc1593d696b62c2a6c927c1144937e58793e2249f78",
+                        "fe6fad62d3e63eed458d33cfec58e20468d685bc21f69161f5f036bd5eb3c926"
+                    ],
+                    "ip": "172[.]217[.]7[.]206"
+                },
+                {
+                    "hashes": [
+                        "031f4d2eb9e330adfbe2767c568c49a45f8feada9d466b2f09f5cfa6c321760a",
+                        "15c213fa11b0440a690133df83c63e7f2729eb1b41e7143291f98a4b9d29f7a5",
+                        "24770b17a0dff8ff2f9f2e593b7268a7626908c4753fa2dcae27535dc58442c3",
+                        "28c8c6f3c9e638e2736c296b97a3597608ad1d8f17cde25e270b6233d76621a5",
+                        "43704d85c99c81841be1ecef92ad63d70050dda717ae6e176b62fa3133c52de2",
+                        "6dde7661cbe3990f93ec05bfbd95f587bc857d576e79144f8c65cf9a36ae6c0c",
+                        "846c29654222d6d540794abb5adff6da8aee5ecbc0f40ec9aec75610ff75f9d2",
+                        "9366c5124ceb956ef97059b5b649707c0732a85e6912232294d5e3bcb078dd7f",
+                        "9b363933d9304a7961a176a38585b509294769a7f8d2e49167e716582c6b0bf2",
+                        "d5f3c9eab2e825b6e670dd529d1bb2212baf54437bd56915ecd6932b1745328a",
+                        "d63b9fcd6e2a3da9965cd991c2280c0297f0ddf9b38000eda95181e4f02736f7",
+                        "dfa766780679c50e15c2d0c1f64bccf78f1bedca63f0522804dab50cc5e173b1",
+                        "e522387fcdded272d4382d03cccc979347e399abfef2319553022f5249ec7e9d",
+                        "f9db0f7f33191a91a6a4acc1593d696b62c2a6c927c1144937e58793e2249f78",
+                        "fe6fad62d3e63eed458d33cfec58e20468d685bc21f69161f5f036bd5eb3c926"
+                    ],
+                    "ip": "104[.]23[.]99[.]190"
+                },
+                {
+                    "hashes": [
+                        "03a38ff6103211309f144831629678a03a36d87c8fd071f6c314d22d37184867",
+                        "09bb829f1336b37f91bb6537a6ba0a2ac3b81919f99b49c7cea118c5cc1f6d55",
+                        "489a1579c940e2f4be4c7d47814e8dcc06e553e06418f826f47c973563ed42b8",
+                        "5978e277d535ae6803d988ec03a5bb068a9930f4daf85ab966ac92278f59dabc",
+                        "7cca7d60a1503856ae962c4d98a8ad3d9fe22b3b0f1f09f2d2d66de27fc9d98e",
+                        "95d71c0954cefa05cfcf7714d48c6a91208d9aa72bd232a393795ee5e0c970b3",
+                        "9f0ab6f0b08a40138b4de3be8cd9c40333c4a5e30f476e632bfd715c20e7e1ba",
+                        "a098e6f2a14908c4220bcc59c872d331841b3d7beaaea945717439be15778a23",
+                        "d63b9fcd6e2a3da9965cd991c2280c0297f0ddf9b38000eda95181e4f02736f7",
+                        "dfa766780679c50e15c2d0c1f64bccf78f1bedca63f0522804dab50cc5e173b1",
+                        "f9db0f7f33191a91a6a4acc1593d696b62c2a6c927c1144937e58793e2249f78",
+                        "fe6fad62d3e63eed458d33cfec58e20468d685bc21f69161f5f036bd5eb3c926"
+                    ],
+                    "ip": "104[.]23[.]98[.]190"
+                }
+            ],
+            "mutex": [
+                {
+                    "hashes": [
+                        "dfa766780679c50e15c2d0c1f64bccf78f1bedca63f0522804dab50cc5e173b1"
+                    ],
+                    "name": "tlxDZX2Ntc"
+                },
+                {
+                    "hashes": [
+                        "a098e6f2a14908c4220bcc59c872d331841b3d7beaaea945717439be15778a23"
+                    ],
+                    "name": "G0eESuMwaM"
+                },
+                {
+                    "hashes": [
+                        "a098e6f2a14908c4220bcc59c872d331841b3d7beaaea945717439be15778a23"
+                    ],
+                    "name": "QLUuhtpFL4"
+                },
+                {
+                    "hashes": [
+                        "a098e6f2a14908c4220bcc59c872d331841b3d7beaaea945717439be15778a23"
+                    ],
+                    "name": "W81AjgGbqP"
+                },
+                {
+                    "hashes": [
+                        "a098e6f2a14908c4220bcc59c872d331841b3d7beaaea945717439be15778a23"
+                    ],
+                    "name": "b5WXmmWABJ"
+                },
+                {
+                    "hashes": [
+                        "a098e6f2a14908c4220bcc59c872d331841b3d7beaaea945717439be15778a23"
+                    ],
+                    "name": "q0OYNmrwzs"
+                },
+                {
+                    "hashes": [
+                        "9f0ab6f0b08a40138b4de3be8cd9c40333c4a5e30f476e632bfd715c20e7e1ba"
+                    ],
+                    "name": "22lOOR7vmz"
+                },
+                {
+                    "hashes": [
+                        "9f0ab6f0b08a40138b4de3be8cd9c40333c4a5e30f476e632bfd715c20e7e1ba"
+                    ],
+                    "name": "3vNIizgIBf"
+                },
+                {
+                    "hashes": [
+                        "9f0ab6f0b08a40138b4de3be8cd9c40333c4a5e30f476e632bfd715c20e7e1ba"
+                    ],
+                    "name": "4cbShiiIBW"
+                },
+                {
+                    "hashes": [
+                        "9f0ab6f0b08a40138b4de3be8cd9c40333c4a5e30f476e632bfd715c20e7e1ba"
+                    ],
+                    "name": "6hkO3nxjqn"
+                },
+                {
+                    "hashes": [
+                        "9f0ab6f0b08a40138b4de3be8cd9c40333c4a5e30f476e632bfd715c20e7e1ba"
+                    ],
+                    "name": "iPWsdpH8gA"
+                },
+                {
+                    "hashes": [
+                        "9f0ab6f0b08a40138b4de3be8cd9c40333c4a5e30f476e632bfd715c20e7e1ba"
+                    ],
+                    "name": "juhrLAoiFE"
+                },
+                {
+                    "hashes": [
+                        "9f0ab6f0b08a40138b4de3be8cd9c40333c4a5e30f476e632bfd715c20e7e1ba"
+                    ],
+                    "name": "kAwbNLNp7c"
+                },
+                {
+                    "hashes": [
+                        "9f0ab6f0b08a40138b4de3be8cd9c40333c4a5e30f476e632bfd715c20e7e1ba"
+                    ],
+                    "name": "q4G7hZQYnm"
+                },
+                {
+                    "hashes": [
+                        "f9db0f7f33191a91a6a4acc1593d696b62c2a6c927c1144937e58793e2249f78"
+                    ],
+                    "name": "3Ke8aq0xVe"
+                },
+                {
+                    "hashes": [
+                        "f9db0f7f33191a91a6a4acc1593d696b62c2a6c927c1144937e58793e2249f78"
+                    ],
+                    "name": "6v3JrEsK54"
+                },
+                {
+                    "hashes": [
+                        "f9db0f7f33191a91a6a4acc1593d696b62c2a6c927c1144937e58793e2249f78"
+                    ],
+                    "name": "Cu147nvDYW"
+                },
+                {
+                    "hashes": [
+                        "f9db0f7f33191a91a6a4acc1593d696b62c2a6c927c1144937e58793e2249f78"
+                    ],
+                    "name": "ERneZGynQ7"
+                },
+                {
+                    "hashes": [
+                        "f9db0f7f33191a91a6a4acc1593d696b62c2a6c927c1144937e58793e2249f78"
+                    ],
+                    "name": "GnENugv2bC"
+                },
+                {
+                    "hashes": [
+                        "f9db0f7f33191a91a6a4acc1593d696b62c2a6c927c1144937e58793e2249f78"
+                    ],
+                    "name": "MoxF68c4S6"
+                },
+                {
+                    "hashes": [
+                        "fe6fad62d3e63eed458d33cfec58e20468d685bc21f69161f5f036bd5eb3c926"
+                    ],
+                    "name": "4ijXaxYePH"
+                },
+                {
+                    "hashes": [
+                        "f9db0f7f33191a91a6a4acc1593d696b62c2a6c927c1144937e58793e2249f78"
+                    ],
+                    "name": "RD1rsFphWn"
+                },
+                {
+                    "hashes": [
+                        "fe6fad62d3e63eed458d33cfec58e20468d685bc21f69161f5f036bd5eb3c926"
+                    ],
+                    "name": "5RwkPpNJzh"
+                },
+                {
+                    "hashes": [
+                        "f9db0f7f33191a91a6a4acc1593d696b62c2a6c927c1144937e58793e2249f78"
+                    ],
+                    "name": "T8KuolUTed"
+                },
+                {
+                    "hashes": [
+                        "fe6fad62d3e63eed458d33cfec58e20468d685bc21f69161f5f036bd5eb3c926"
+                    ],
+                    "name": "H2qiRLadfB"
+                },
+                {
+                    "hashes": [
+                        "f9db0f7f33191a91a6a4acc1593d696b62c2a6c927c1144937e58793e2249f78"
+                    ],
+                    "name": "WbYuu2vXKF"
+                },
+                {
+                    "hashes": [
+                        "e522387fcdded272d4382d03cccc979347e399abfef2319553022f5249ec7e9d"
+                    ],
+                    "name": "6oHVTn7m1S"
+                },
+                {
+                    "hashes": [
+                        "fe6fad62d3e63eed458d33cfec58e20468d685bc21f69161f5f036bd5eb3c926"
+                    ],
+                    "name": "IiMz538TeT"
+                },
+                {
+                    "hashes": [
+                        "f9db0f7f33191a91a6a4acc1593d696b62c2a6c927c1144937e58793e2249f78"
+                    ],
+                    "name": "YH3sIXWxZ7"
+                },
+                {
+                    "hashes": [
+                        "fe6fad62d3e63eed458d33cfec58e20468d685bc21f69161f5f036bd5eb3c926"
+                    ],
+                    "name": "MrbqGAkrN6"
+                },
+                {
+                    "hashes": [
+                        "e522387fcdded272d4382d03cccc979347e399abfef2319553022f5249ec7e9d"
+                    ],
+                    "name": "AOP8bLZeZf"
+                },
+                {
+                    "hashes": [
+                        "f9db0f7f33191a91a6a4acc1593d696b62c2a6c927c1144937e58793e2249f78"
+                    ],
+                    "name": "aAUGQU6jY7"
+                },
+                {
+                    "hashes": [
+                        "e522387fcdded272d4382d03cccc979347e399abfef2319553022f5249ec7e9d"
+                    ],
+                    "name": "EJiGhkYRsT"
+                },
+                {
+                    "hashes": [
+                        "fe6fad62d3e63eed458d33cfec58e20468d685bc21f69161f5f036bd5eb3c926"
+                    ],
+                    "name": "VavP11maVe"
+                },
+                {
+                    "hashes": [
+                        "f9db0f7f33191a91a6a4acc1593d696b62c2a6c927c1144937e58793e2249f78"
+                    ],
+                    "name": "hd2DNIQQza"
+                },
+                {
+                    "hashes": [
+                        "e522387fcdded272d4382d03cccc979347e399abfef2319553022f5249ec7e9d"
+                    ],
+                    "name": "GC0BnG1NyT"
+                },
+                {
+                    "hashes": [
+                        "fe6fad62d3e63eed458d33cfec58e20468d685bc21f69161f5f036bd5eb3c926"
+                    ],
+                    "name": "WOD0NMwG0v"
+                },
+                {
+                    "hashes": [
+                        "f9db0f7f33191a91a6a4acc1593d696b62c2a6c927c1144937e58793e2249f78"
+                    ],
+                    "name": "nC4LYHkDUW"
+                },
+                {
+                    "hashes": [
+                        "e522387fcdded272d4382d03cccc979347e399abfef2319553022f5249ec7e9d"
+                    ],
+                    "name": "m6aiKNmZX7"
+                },
+                {
+                    "hashes": [
+                        "fe6fad62d3e63eed458d33cfec58e20468d685bc21f69161f5f036bd5eb3c926"
+                    ],
+                    "name": "alCShHejK0"
+                },
+                {
+                    "hashes": [
+                        "f9db0f7f33191a91a6a4acc1593d696b62c2a6c927c1144937e58793e2249f78"
+                    ],
+                    "name": "tv7Tjl0Sjm"
+                },
+                {
+                    "hashes": [
+                        "e522387fcdded272d4382d03cccc979347e399abfef2319553022f5249ec7e9d"
+                    ],
+                    "name": "nc8O2a3gZO"
+                },
+                {
+                    "hashes": [
+                        "fe6fad62d3e63eed458d33cfec58e20468d685bc21f69161f5f036bd5eb3c926"
+                    ],
+                    "name": "cEoNvtSzSO"
+                },
+                {
+                    "hashes": [
+                        "e522387fcdded272d4382d03cccc979347e399abfef2319553022f5249ec7e9d"
+                    ],
+                    "name": "t700AW7igk"
+                },
+                {
+                    "hashes": [
+                        "fe6fad62d3e63eed458d33cfec58e20468d685bc21f69161f5f036bd5eb3c926"
+                    ],
+                    "name": "hbCa9oBQcM"
+                },
+                {
+                    "hashes": [
+                        "e522387fcdded272d4382d03cccc979347e399abfef2319553022f5249ec7e9d"
+                    ],
+                    "name": "ygC9l4NjOK"
+                },
+                {
+                    "hashes": [
+                        "fe6fad62d3e63eed458d33cfec58e20468d685bc21f69161f5f036bd5eb3c926"
+                    ],
+                    "name": "ks8HKxrioy"
+                },
+                {
+                    "hashes": [
+                        "fe6fad62d3e63eed458d33cfec58e20468d685bc21f69161f5f036bd5eb3c926"
+                    ],
+                    "name": "qOVtUNs8zu"
+                },
+                {
+                    "hashes": [
+                        "fe6fad62d3e63eed458d33cfec58e20468d685bc21f69161f5f036bd5eb3c926"
+                    ],
+                    "name": "rI7PHRZE6H"
+                },
+                {
+                    "hashes": [
+                        "fe6fad62d3e63eed458d33cfec58e20468d685bc21f69161f5f036bd5eb3c926"
+                    ],
+                    "name": "usZX9BGzyP"
+                }
+            ],
+            "registry": [
+                {
+                    "hashes": [
+                        "031f4d2eb9e330adfbe2767c568c49a45f8feada9d466b2f09f5cfa6c321760a",
+                        "03a38ff6103211309f144831629678a03a36d87c8fd071f6c314d22d37184867",
+                        "09bb829f1336b37f91bb6537a6ba0a2ac3b81919f99b49c7cea118c5cc1f6d55",
+                        "15c213fa11b0440a690133df83c63e7f2729eb1b41e7143291f98a4b9d29f7a5",
+                        "24770b17a0dff8ff2f9f2e593b7268a7626908c4753fa2dcae27535dc58442c3",
+                        "28c8c6f3c9e638e2736c296b97a3597608ad1d8f17cde25e270b6233d76621a5",
+                        "43704d85c99c81841be1ecef92ad63d70050dda717ae6e176b62fa3133c52de2",
+                        "489a1579c940e2f4be4c7d47814e8dcc06e553e06418f826f47c973563ed42b8",
+                        "5978e277d535ae6803d988ec03a5bb068a9930f4daf85ab966ac92278f59dabc",
+                        "6dde7661cbe3990f93ec05bfbd95f587bc857d576e79144f8c65cf9a36ae6c0c",
+                        "7cca7d60a1503856ae962c4d98a8ad3d9fe22b3b0f1f09f2d2d66de27fc9d98e",
+                        "846c29654222d6d540794abb5adff6da8aee5ecbc0f40ec9aec75610ff75f9d2",
+                        "9366c5124ceb956ef97059b5b649707c0732a85e6912232294d5e3bcb078dd7f",
+                        "95d71c0954cefa05cfcf7714d48c6a91208d9aa72bd232a393795ee5e0c970b3",
+                        "9b363933d9304a7961a176a38585b509294769a7f8d2e49167e716582c6b0bf2",
+                        "9f0ab6f0b08a40138b4de3be8cd9c40333c4a5e30f476e632bfd715c20e7e1ba",
+                        "a098e6f2a14908c4220bcc59c872d331841b3d7beaaea945717439be15778a23",
+                        "d5f3c9eab2e825b6e670dd529d1bb2212baf54437bd56915ecd6932b1745328a",
+                        "d63b9fcd6e2a3da9965cd991c2280c0297f0ddf9b38000eda95181e4f02736f7",
+                        "dfa766780679c50e15c2d0c1f64bccf78f1bedca63f0522804dab50cc5e173b1",
+                        "e522387fcdded272d4382d03cccc979347e399abfef2319553022f5249ec7e9d",
+                        "f9db0f7f33191a91a6a4acc1593d696b62c2a6c927c1144937e58793e2249f78",
+                        "fe6fad62d3e63eed458d33cfec58e20468d685bc21f69161f5f036bd5eb3c926"
+                    ],
+                    "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUNONCE",
+                    "value_name": "trkcore"
+                },
+                {
+                    "hashes": [
+                        "031f4d2eb9e330adfbe2767c568c49a45f8feada9d466b2f09f5cfa6c321760a",
+                        "03a38ff6103211309f144831629678a03a36d87c8fd071f6c314d22d37184867",
+                        "09bb829f1336b37f91bb6537a6ba0a2ac3b81919f99b49c7cea118c5cc1f6d55",
+                        "15c213fa11b0440a690133df83c63e7f2729eb1b41e7143291f98a4b9d29f7a5",
+                        "24770b17a0dff8ff2f9f2e593b7268a7626908c4753fa2dcae27535dc58442c3",
+                        "28c8c6f3c9e638e2736c296b97a3597608ad1d8f17cde25e270b6233d76621a5",
+                        "43704d85c99c81841be1ecef92ad63d70050dda717ae6e176b62fa3133c52de2",
+                        "489a1579c940e2f4be4c7d47814e8dcc06e553e06418f826f47c973563ed42b8",
+                        "5978e277d535ae6803d988ec03a5bb068a9930f4daf85ab966ac92278f59dabc",
+                        "6dde7661cbe3990f93ec05bfbd95f587bc857d576e79144f8c65cf9a36ae6c0c",
+                        "7cca7d60a1503856ae962c4d98a8ad3d9fe22b3b0f1f09f2d2d66de27fc9d98e",
+                        "846c29654222d6d540794abb5adff6da8aee5ecbc0f40ec9aec75610ff75f9d2",
+                        "9366c5124ceb956ef97059b5b649707c0732a85e6912232294d5e3bcb078dd7f",
+                        "95d71c0954cefa05cfcf7714d48c6a91208d9aa72bd232a393795ee5e0c970b3",
+                        "9b363933d9304a7961a176a38585b509294769a7f8d2e49167e716582c6b0bf2",
+                        "9f0ab6f0b08a40138b4de3be8cd9c40333c4a5e30f476e632bfd715c20e7e1ba",
+                        "a098e6f2a14908c4220bcc59c872d331841b3d7beaaea945717439be15778a23",
+                        "d5f3c9eab2e825b6e670dd529d1bb2212baf54437bd56915ecd6932b1745328a",
+                        "d63b9fcd6e2a3da9965cd991c2280c0297f0ddf9b38000eda95181e4f02736f7",
+                        "dfa766780679c50e15c2d0c1f64bccf78f1bedca63f0522804dab50cc5e173b1",
+                        "e522387fcdded272d4382d03cccc979347e399abfef2319553022f5249ec7e9d",
+                        "f9db0f7f33191a91a6a4acc1593d696b62c2a6c927c1144937e58793e2249f78",
+                        "fe6fad62d3e63eed458d33cfec58e20468d685bc21f69161f5f036bd5eb3c926"
+                    ],
+                    "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\POLICIES\\SYSTEM",
+                    "value_name": "DisableTaskMgr"
+                },
+                {
+                    "hashes": [
+                        "031f4d2eb9e330adfbe2767c568c49a45f8feada9d466b2f09f5cfa6c321760a",
+                        "03a38ff6103211309f144831629678a03a36d87c8fd071f6c314d22d37184867",
+                        "09bb829f1336b37f91bb6537a6ba0a2ac3b81919f99b49c7cea118c5cc1f6d55",
+                        "15c213fa11b0440a690133df83c63e7f2729eb1b41e7143291f98a4b9d29f7a5",
+                        "24770b17a0dff8ff2f9f2e593b7268a7626908c4753fa2dcae27535dc58442c3",
+                        "28c8c6f3c9e638e2736c296b97a3597608ad1d8f17cde25e270b6233d76621a5",
+                        "43704d85c99c81841be1ecef92ad63d70050dda717ae6e176b62fa3133c52de2",
+                        "489a1579c940e2f4be4c7d47814e8dcc06e553e06418f826f47c973563ed42b8",
+                        "5978e277d535ae6803d988ec03a5bb068a9930f4daf85ab966ac92278f59dabc",
+                        "6dde7661cbe3990f93ec05bfbd95f587bc857d576e79144f8c65cf9a36ae6c0c",
+                        "7cca7d60a1503856ae962c4d98a8ad3d9fe22b3b0f1f09f2d2d66de27fc9d98e",
+                        "846c29654222d6d540794abb5adff6da8aee5ecbc0f40ec9aec75610ff75f9d2",
+                        "9366c5124ceb956ef97059b5b649707c0732a85e6912232294d5e3bcb078dd7f",
+                        "95d71c0954cefa05cfcf7714d48c6a91208d9aa72bd232a393795ee5e0c970b3",
+                        "9b363933d9304a7961a176a38585b509294769a7f8d2e49167e716582c6b0bf2",
+                        "9f0ab6f0b08a40138b4de3be8cd9c40333c4a5e30f476e632bfd715c20e7e1ba",
+                        "a098e6f2a14908c4220bcc59c872d331841b3d7beaaea945717439be15778a23",
+                        "d5f3c9eab2e825b6e670dd529d1bb2212baf54437bd56915ecd6932b1745328a",
+                        "d63b9fcd6e2a3da9965cd991c2280c0297f0ddf9b38000eda95181e4f02736f7",
+                        "dfa766780679c50e15c2d0c1f64bccf78f1bedca63f0522804dab50cc5e173b1",
+                        "e522387fcdded272d4382d03cccc979347e399abfef2319553022f5249ec7e9d",
+                        "f9db0f7f33191a91a6a4acc1593d696b62c2a6c927c1144937e58793e2249f78",
+                        "fe6fad62d3e63eed458d33cfec58e20468d685bc21f69161f5f036bd5eb3c926"
+                    ],
+                    "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\ACTION CENTER\\CHECKS\\{C8E6F269-B90A-4053-A3BE-499AFCEC98C4}.CHECK.0",
+                    "value_name": "CheckSetting"
+                }
+            ]
+        },
+        "reports_count": 23
+    },
+    "Win.Packed.Shiz-7945013-0": {
+        "bis": [
+            {
+                "bi": "pe-encrypted-section",
+                "hashes": [
+                    "623c5e18f10921e6142ff115a750285427aa8e0d5e22b01826a13004471a945e",
+                    "0629056f7d4102a08a4b773253d62453445ee91cc17fa1650b40d1bbca216e81",
+                    "4dacfeb76545ad7fd43c89145e504410c257dff11ef64f9bb7dc3d0543474e30",
+                    "6e191847d61897640fd344288756f5d59ec407e2d82191a80ca61ac1fdcf5ea4",
+                    "356a0c3ec22d725e81f8441e61551f112ec136502b533c3eb3ae707345c7d1de",
+                    "792e03a293bd084dae4581bd0d0968771bab2260198ae9921d69208b9cdbe1f8",
+                    "861a9fe61b65913d45bc9e70f9f0967b0a1d6b8f5e10ca36e64d11f340845a1c",
+                    "47dfc9a17dcf98d70546463ee6744ccd866bb25dcc761a17f6fc80c658360a87",
+                    "07265ea0a06d695ee7d9c432328fa03c9b094156ea4340d655a9bd004f1ec245",
+                    "13dfcc67efbbd2fbab594ec2f166c3bd606daedbc84e0af9a85aa73e9c365e69",
+                    "1f729fb1fd0057f77b71361c6d65d65c9e1634fe5522f0e2eb30d6856c885567",
+                    "555eafa8932f34b79dde787d1e24d049a6cd662a9f79433358c287ecf087c2d2",
+                    "6916e5f854b557f379d37f689c565023e9b998ec33085f7db93c6c118e713856",
+                    "476c6b55260a892b205eca31487a5c9df84972fcfa32e1579ad8cafc4e3ae412",
+                    "261fa852470332ce18fee88de0ee43e701044a086a816e8e4c4fee5abd36feee",
+                    "7c6c4b95a8f371197879242621a29b420020f499f2492b299e8f732aca2d9468",
+                    "15dee18e595c7229866196fb35705cc11d156254302524d128c6de1091070752",
+                    "1b0038caef373a183c07a3432a071d39a6cc6a1382a841176ba755d5f87093c1",
+                    "043c264efa0f27d30ebff0d9c3c5239ec02ddf012bebf53740e9e9fa45278b88",
+                    "56492e89b6d571e73f85bff04df71d7a120ea0db56e63282372f1e881aecec7c",
+                    "1a8d546528102cd45980bce71b0159d8a8d50ad877219f2930f64010f3b10de2",
+                    "61379474c1ffc0f3905676a35bbd7aeae723cafbd9d009e41e29105b058c12a5",
+                    "3914cb2391b1f4dea8beb1310ad8804b9ab30218808f2fba1b21a7d398473d7c",
+                    "07f6802aefceb7295163b85221c6edee87eb714f85e898f91b832fd427fcb840",
+                    "1e86f351224a048a3e345984bab57e1573c78138af6593db20139cc35c907fe4"
+                ],
+                "mitre_attack_tags": [
+                    "TA0005",
+                    "T1027"
+                ]
+            },
+            {
+                "bi": "memory-execute-readwrite",
+                "hashes": [
+                    "623c5e18f10921e6142ff115a750285427aa8e0d5e22b01826a13004471a945e",
+                    "0629056f7d4102a08a4b773253d62453445ee91cc17fa1650b40d1bbca216e81",
+                    "4dacfeb76545ad7fd43c89145e504410c257dff11ef64f9bb7dc3d0543474e30",
+                    "6e191847d61897640fd344288756f5d59ec407e2d82191a80ca61ac1fdcf5ea4",
+                    "356a0c3ec22d725e81f8441e61551f112ec136502b533c3eb3ae707345c7d1de",
+                    "792e03a293bd084dae4581bd0d0968771bab2260198ae9921d69208b9cdbe1f8",
+                    "861a9fe61b65913d45bc9e70f9f0967b0a1d6b8f5e10ca36e64d11f340845a1c",
+                    "47dfc9a17dcf98d70546463ee6744ccd866bb25dcc761a17f6fc80c658360a87",
+                    "07265ea0a06d695ee7d9c432328fa03c9b094156ea4340d655a9bd004f1ec245",
+                    "13dfcc67efbbd2fbab594ec2f166c3bd606daedbc84e0af9a85aa73e9c365e69",
+                    "1f729fb1fd0057f77b71361c6d65d65c9e1634fe5522f0e2eb30d6856c885567",
+                    "555eafa8932f34b79dde787d1e24d049a6cd662a9f79433358c287ecf087c2d2",
+                    "6916e5f854b557f379d37f689c565023e9b998ec33085f7db93c6c118e713856",
+                    "476c6b55260a892b205eca31487a5c9df84972fcfa32e1579ad8cafc4e3ae412",
+                    "261fa852470332ce18fee88de0ee43e701044a086a816e8e4c4fee5abd36feee",
+                    "7c6c4b95a8f371197879242621a29b420020f499f2492b299e8f732aca2d9468",
+                    "15dee18e595c7229866196fb35705cc11d156254302524d128c6de1091070752",
+                    "1b0038caef373a183c07a3432a071d39a6cc6a1382a841176ba755d5f87093c1",
+                    "043c264efa0f27d30ebff0d9c3c5239ec02ddf012bebf53740e9e9fa45278b88",
+                    "56492e89b6d571e73f85bff04df71d7a120ea0db56e63282372f1e881aecec7c",
+                    "1a8d546528102cd45980bce71b0159d8a8d50ad877219f2930f64010f3b10de2",
+                    "61379474c1ffc0f3905676a35bbd7aeae723cafbd9d009e41e29105b058c12a5",
+                    "3914cb2391b1f4dea8beb1310ad8804b9ab30218808f2fba1b21a7d398473d7c",
+                    "07f6802aefceb7295163b85221c6edee87eb714f85e898f91b832fd427fcb840",
+                    "1e86f351224a048a3e345984bab57e1573c78138af6593db20139cc35c907fe4"
+                ],
+                "mitre_attack_tags": [
+                    "TA0005",
+                    "TA0004",
+                    "T1055",
+                    "T1181"
+                ]
+            },
+            {
+                "bi": "antivirus-service-flagged-artifact",
+                "hashes": [
+                    "623c5e18f10921e6142ff115a750285427aa8e0d5e22b01826a13004471a945e",
+                    "0629056f7d4102a08a4b773253d62453445ee91cc17fa1650b40d1bbca216e81",
+                    "4dacfeb76545ad7fd43c89145e504410c257dff11ef64f9bb7dc3d0543474e30",
+                    "6e191847d61897640fd344288756f5d59ec407e2d82191a80ca61ac1fdcf5ea4",
+                    "356a0c3ec22d725e81f8441e61551f112ec136502b533c3eb3ae707345c7d1de",
+                    "792e03a293bd084dae4581bd0d0968771bab2260198ae9921d69208b9cdbe1f8",
+                    "861a9fe61b65913d45bc9e70f9f0967b0a1d6b8f5e10ca36e64d11f340845a1c",
+                    "47dfc9a17dcf98d70546463ee6744ccd866bb25dcc761a17f6fc80c658360a87",
+                    "07265ea0a06d695ee7d9c432328fa03c9b094156ea4340d655a9bd004f1ec245",
+                    "13dfcc67efbbd2fbab594ec2f166c3bd606daedbc84e0af9a85aa73e9c365e69",
+                    "1f729fb1fd0057f77b71361c6d65d65c9e1634fe5522f0e2eb30d6856c885567",
+                    "555eafa8932f34b79dde787d1e24d049a6cd662a9f79433358c287ecf087c2d2",
+                    "6916e5f854b557f379d37f689c565023e9b998ec33085f7db93c6c118e713856",
+                    "476c6b55260a892b205eca31487a5c9df84972fcfa32e1579ad8cafc4e3ae412",
+                    "261fa852470332ce18fee88de0ee43e701044a086a816e8e4c4fee5abd36feee",
+                    "7c6c4b95a8f371197879242621a29b420020f499f2492b299e8f732aca2d9468",
+                    "15dee18e595c7229866196fb35705cc11d156254302524d128c6de1091070752",
+                    "1b0038caef373a183c07a3432a071d39a6cc6a1382a841176ba755d5f87093c1",
+                    "043c264efa0f27d30ebff0d9c3c5239ec02ddf012bebf53740e9e9fa45278b88",
+                    "56492e89b6d571e73f85bff04df71d7a120ea0db56e63282372f1e881aecec7c",
+                    "1a8d546528102cd45980bce71b0159d8a8d50ad877219f2930f64010f3b10de2",
+                    "61379474c1ffc0f3905676a35bbd7aeae723cafbd9d009e41e29105b058c12a5",
+                    "3914cb2391b1f4dea8beb1310ad8804b9ab30218808f2fba1b21a7d398473d7c",
+                    "07f6802aefceb7295163b85221c6edee87eb714f85e898f91b832fd427fcb840",
+                    "1e86f351224a048a3e345984bab57e1573c78138af6593db20139cc35c907fe4"
+                ],
+                "mitre_attack_tags": []
+            },
+            {
+                "bi": "modified-file-in-user-dir",
+                "hashes": [
+                    "623c5e18f10921e6142ff115a750285427aa8e0d5e22b01826a13004471a945e",
+                    "0629056f7d4102a08a4b773253d62453445ee91cc17fa1650b40d1bbca216e81",
+                    "4dacfeb76545ad7fd43c89145e504410c257dff11ef64f9bb7dc3d0543474e30",
+                    "6e191847d61897640fd344288756f5d59ec407e2d82191a80ca61ac1fdcf5ea4",
+                    "356a0c3ec22d725e81f8441e61551f112ec136502b533c3eb3ae707345c7d1de",
+                    "792e03a293bd084dae4581bd0d0968771bab2260198ae9921d69208b9cdbe1f8",
+                    "861a9fe61b65913d45bc9e70f9f0967b0a1d6b8f5e10ca36e64d11f340845a1c",
+                    "47dfc9a17dcf98d70546463ee6744ccd866bb25dcc761a17f6fc80c658360a87",
+                    "07265ea0a06d695ee7d9c432328fa03c9b094156ea4340d655a9bd004f1ec245",
+                    "13dfcc67efbbd2fbab594ec2f166c3bd606daedbc84e0af9a85aa73e9c365e69",
+                    "1f729fb1fd0057f77b71361c6d65d65c9e1634fe5522f0e2eb30d6856c885567",
+                    "555eafa8932f34b79dde787d1e24d049a6cd662a9f79433358c287ecf087c2d2",
+                    "6916e5f854b557f379d37f689c565023e9b998ec33085f7db93c6c118e713856",
+                    "476c6b55260a892b205eca31487a5c9df84972fcfa32e1579ad8cafc4e3ae412",
+                    "261fa852470332ce18fee88de0ee43e701044a086a816e8e4c4fee5abd36feee",
+                    "7c6c4b95a8f371197879242621a29b420020f499f2492b299e8f732aca2d9468",
+                    "15dee18e595c7229866196fb35705cc11d156254302524d128c6de1091070752",
+                    "1b0038caef373a183c07a3432a071d39a6cc6a1382a841176ba755d5f87093c1",
+                    "043c264efa0f27d30ebff0d9c3c5239ec02ddf012bebf53740e9e9fa45278b88",
+                    "56492e89b6d571e73f85bff04df71d7a120ea0db56e63282372f1e881aecec7c",
+                    "1a8d546528102cd45980bce71b0159d8a8d50ad877219f2930f64010f3b10de2",
+                    "61379474c1ffc0f3905676a35bbd7aeae723cafbd9d009e41e29105b058c12a5",
+                    "3914cb2391b1f4dea8beb1310ad8804b9ab30218808f2fba1b21a7d398473d7c",
+                    "07f6802aefceb7295163b85221c6edee87eb714f85e898f91b832fd427fcb840",
+                    "1e86f351224a048a3e345984bab57e1573c78138af6593db20139cc35c907fe4"
+                ],
+                "mitre_attack_tags": []
+            },
+            {
+                "bi": "pe-invalid-checksum",
+                "hashes": [
+                    "623c5e18f10921e6142ff115a750285427aa8e0d5e22b01826a13004471a945e",
+                    "0629056f7d4102a08a4b773253d62453445ee91cc17fa1650b40d1bbca216e81",
+                    "4dacfeb76545ad7fd43c89145e504410c257dff11ef64f9bb7dc3d0543474e30",
+                    "6e191847d61897640fd344288756f5d59ec407e2d82191a80ca61ac1fdcf5ea4",
+                    "356a0c3ec22d725e81f8441e61551f112ec136502b533c3eb3ae707345c7d1de",
+                    "792e03a293bd084dae4581bd0d0968771bab2260198ae9921d69208b9cdbe1f8",
+                    "861a9fe61b65913d45bc9e70f9f0967b0a1d6b8f5e10ca36e64d11f340845a1c",
+                    "47dfc9a17dcf98d70546463ee6744ccd866bb25dcc761a17f6fc80c658360a87",
+                    "07265ea0a06d695ee7d9c432328fa03c9b094156ea4340d655a9bd004f1ec245",
+                    "13dfcc67efbbd2fbab594ec2f166c3bd606daedbc84e0af9a85aa73e9c365e69",
+                    "1f729fb1fd0057f77b71361c6d65d65c9e1634fe5522f0e2eb30d6856c885567",
+                    "555eafa8932f34b79dde787d1e24d049a6cd662a9f79433358c287ecf087c2d2",
+                    "6916e5f854b557f379d37f689c565023e9b998ec33085f7db93c6c118e713856",
+                    "476c6b55260a892b205eca31487a5c9df84972fcfa32e1579ad8cafc4e3ae412",
+                    "261fa852470332ce18fee88de0ee43e701044a086a816e8e4c4fee5abd36feee",
+                    "7c6c4b95a8f371197879242621a29b420020f499f2492b299e8f732aca2d9468",
+                    "15dee18e595c7229866196fb35705cc11d156254302524d128c6de1091070752",
+                    "1b0038caef373a183c07a3432a071d39a6cc6a1382a841176ba755d5f87093c1",
+                    "043c264efa0f27d30ebff0d9c3c5239ec02ddf012bebf53740e9e9fa45278b88",
+                    "56492e89b6d571e73f85bff04df71d7a120ea0db56e63282372f1e881aecec7c",
+                    "1a8d546528102cd45980bce71b0159d8a8d50ad877219f2930f64010f3b10de2",
+                    "61379474c1ffc0f3905676a35bbd7aeae723cafbd9d009e41e29105b058c12a5",
+                    "3914cb2391b1f4dea8beb1310ad8804b9ab30218808f2fba1b21a7d398473d7c",
+                    "07f6802aefceb7295163b85221c6edee87eb714f85e898f91b832fd427fcb840",
+                    "1e86f351224a048a3e345984bab57e1573c78138af6593db20139cc35c907fe4"
+                ],
+                "mitre_attack_tags": []
+            },
+            {
+                "bi": "cta-static-analyzer-malicious",
+                "hashes": [
+                    "623c5e18f10921e6142ff115a750285427aa8e0d5e22b01826a13004471a945e",
+                    "0629056f7d4102a08a4b773253d62453445ee91cc17fa1650b40d1bbca216e81",
+                    "4dacfeb76545ad7fd43c89145e504410c257dff11ef64f9bb7dc3d0543474e30",
+                    "6e191847d61897640fd344288756f5d59ec407e2d82191a80ca61ac1fdcf5ea4",
+                    "356a0c3ec22d725e81f8441e61551f112ec136502b533c3eb3ae707345c7d1de",
+                    "792e03a293bd084dae4581bd0d0968771bab2260198ae9921d69208b9cdbe1f8",
+                    "861a9fe61b65913d45bc9e70f9f0967b0a1d6b8f5e10ca36e64d11f340845a1c",
+                    "47dfc9a17dcf98d70546463ee6744ccd866bb25dcc761a17f6fc80c658360a87",
+                    "07265ea0a06d695ee7d9c432328fa03c9b094156ea4340d655a9bd004f1ec245",
+                    "13dfcc67efbbd2fbab594ec2f166c3bd606daedbc84e0af9a85aa73e9c365e69",
+                    "1f729fb1fd0057f77b71361c6d65d65c9e1634fe5522f0e2eb30d6856c885567",
+                    "555eafa8932f34b79dde787d1e24d049a6cd662a9f79433358c287ecf087c2d2",
+                    "6916e5f854b557f379d37f689c565023e9b998ec33085f7db93c6c118e713856",
+                    "476c6b55260a892b205eca31487a5c9df84972fcfa32e1579ad8cafc4e3ae412",
+                    "261fa852470332ce18fee88de0ee43e701044a086a816e8e4c4fee5abd36feee",
+                    "7c6c4b95a8f371197879242621a29b420020f499f2492b299e8f732aca2d9468",
+                    "15dee18e595c7229866196fb35705cc11d156254302524d128c6de1091070752",
+                    "1b0038caef373a183c07a3432a071d39a6cc6a1382a841176ba755d5f87093c1",
+                    "043c264efa0f27d30ebff0d9c3c5239ec02ddf012bebf53740e9e9fa45278b88",
+                    "56492e89b6d571e73f85bff04df71d7a120ea0db56e63282372f1e881aecec7c",
+                    "1a8d546528102cd45980bce71b0159d8a8d50ad877219f2930f64010f3b10de2",
+                    "61379474c1ffc0f3905676a35bbd7aeae723cafbd9d009e41e29105b058c12a5",
+                    "3914cb2391b1f4dea8beb1310ad8804b9ab30218808f2fba1b21a7d398473d7c",
+                    "07f6802aefceb7295163b85221c6edee87eb714f85e898f91b832fd427fcb840",
+                    "1e86f351224a048a3e345984bab57e1573c78138af6593db20139cc35c907fe4"
+                ],
+                "mitre_attack_tags": []
+            },
+            {
+                "bi": "network-opendns-malicious",
+                "hashes": [
+                    "623c5e18f10921e6142ff115a750285427aa8e0d5e22b01826a13004471a945e",
+                    "0629056f7d4102a08a4b773253d62453445ee91cc17fa1650b40d1bbca216e81",
+                    "4dacfeb76545ad7fd43c89145e504410c257dff11ef64f9bb7dc3d0543474e30",
+                    "6e191847d61897640fd344288756f5d59ec407e2d82191a80ca61ac1fdcf5ea4",
+                    "356a0c3ec22d725e81f8441e61551f112ec136502b533c3eb3ae707345c7d1de",
+                    "792e03a293bd084dae4581bd0d0968771bab2260198ae9921d69208b9cdbe1f8",
+                    "861a9fe61b65913d45bc9e70f9f0967b0a1d6b8f5e10ca36e64d11f340845a1c",
+                    "47dfc9a17dcf98d70546463ee6744ccd866bb25dcc761a17f6fc80c658360a87",
+                    "07265ea0a06d695ee7d9c432328fa03c9b094156ea4340d655a9bd004f1ec245",
+                    "13dfcc67efbbd2fbab594ec2f166c3bd606daedbc84e0af9a85aa73e9c365e69",
+                    "1f729fb1fd0057f77b71361c6d65d65c9e1634fe5522f0e2eb30d6856c885567",
+                    "555eafa8932f34b79dde787d1e24d049a6cd662a9f79433358c287ecf087c2d2",
+                    "6916e5f854b557f379d37f689c565023e9b998ec33085f7db93c6c118e713856",
+                    "476c6b55260a892b205eca31487a5c9df84972fcfa32e1579ad8cafc4e3ae412",
+                    "261fa852470332ce18fee88de0ee43e701044a086a816e8e4c4fee5abd36feee",
+                    "7c6c4b95a8f371197879242621a29b420020f499f2492b299e8f732aca2d9468",
+                    "15dee18e595c7229866196fb35705cc11d156254302524d128c6de1091070752",
+                    "1b0038caef373a183c07a3432a071d39a6cc6a1382a841176ba755d5f87093c1",
+                    "043c264efa0f27d30ebff0d9c3c5239ec02ddf012bebf53740e9e9fa45278b88",
+                    "56492e89b6d571e73f85bff04df71d7a120ea0db56e63282372f1e881aecec7c",
+                    "1a8d546528102cd45980bce71b0159d8a8d50ad877219f2930f64010f3b10de2",
+                    "61379474c1ffc0f3905676a35bbd7aeae723cafbd9d009e41e29105b058c12a5",
+                    "3914cb2391b1f4dea8beb1310ad8804b9ab30218808f2fba1b21a7d398473d7c",
+                    "07f6802aefceb7295163b85221c6edee87eb714f85e898f91b832fd427fcb840",
+                    "1e86f351224a048a3e345984bab57e1573c78138af6593db20139cc35c907fe4"
+                ],
+                "mitre_attack_tags": []
+            },
+            {
+                "bi": "network-file-uploaded",
+                "hashes": [
+                    "623c5e18f10921e6142ff115a750285427aa8e0d5e22b01826a13004471a945e",
+                    "0629056f7d4102a08a4b773253d62453445ee91cc17fa1650b40d1bbca216e81",
+                    "4dacfeb76545ad7fd43c89145e504410c257dff11ef64f9bb7dc3d0543474e30",
+                    "6e191847d61897640fd344288756f5d59ec407e2d82191a80ca61ac1fdcf5ea4",
+                    "356a0c3ec22d725e81f8441e61551f112ec136502b533c3eb3ae707345c7d1de",
+                    "792e03a293bd084dae4581bd0d0968771bab2260198ae9921d69208b9cdbe1f8",
+                    "861a9fe61b65913d45bc9e70f9f0967b0a1d6b8f5e10ca36e64d11f340845a1c",
+                    "47dfc9a17dcf98d70546463ee6744ccd866bb25dcc761a17f6fc80c658360a87",
+                    "07265ea0a06d695ee7d9c432328fa03c9b094156ea4340d655a9bd004f1ec245",
+                    "13dfcc67efbbd2fbab594ec2f166c3bd606daedbc84e0af9a85aa73e9c365e69",
+                    "1f729fb1fd0057f77b71361c6d65d65c9e1634fe5522f0e2eb30d6856c885567",
+                    "555eafa8932f34b79dde787d1e24d049a6cd662a9f79433358c287ecf087c2d2",
+                    "6916e5f854b557f379d37f689c565023e9b998ec33085f7db93c6c118e713856",
+                    "476c6b55260a892b205eca31487a5c9df84972fcfa32e1579ad8cafc4e3ae412",
+                    "261fa852470332ce18fee88de0ee43e701044a086a816e8e4c4fee5abd36feee",
+                    "7c6c4b95a8f371197879242621a29b420020f499f2492b299e8f732aca2d9468",
+                    "15dee18e595c7229866196fb35705cc11d156254302524d128c6de1091070752",
+                    "1b0038caef373a183c07a3432a071d39a6cc6a1382a841176ba755d5f87093c1",
+                    "043c264efa0f27d30ebff0d9c3c5239ec02ddf012bebf53740e9e9fa45278b88",
+                    "56492e89b6d571e73f85bff04df71d7a120ea0db56e63282372f1e881aecec7c",
+                    "1a8d546528102cd45980bce71b0159d8a8d50ad877219f2930f64010f3b10de2",
+                    "61379474c1ffc0f3905676a35bbd7aeae723cafbd9d009e41e29105b058c12a5",
+                    "3914cb2391b1f4dea8beb1310ad8804b9ab30218808f2fba1b21a7d398473d7c",
+                    "07f6802aefceb7295163b85221c6edee87eb714f85e898f91b832fd427fcb840",
+                    "1e86f351224a048a3e345984bab57e1573c78138af6593db20139cc35c907fe4"
+                ],
+                "mitre_attack_tags": [
+                    "TA0010",
+                    "T1011"
+                ]
+            },
+            {
+                "bi": "nginx-webserver-detected",
+                "hashes": [
+                    "623c5e18f10921e6142ff115a750285427aa8e0d5e22b01826a13004471a945e",
+                    "0629056f7d4102a08a4b773253d62453445ee91cc17fa1650b40d1bbca216e81",
+                    "4dacfeb76545ad7fd43c89145e504410c257dff11ef64f9bb7dc3d0543474e30",
+                    "6e191847d61897640fd344288756f5d59ec407e2d82191a80ca61ac1fdcf5ea4",
+                    "356a0c3ec22d725e81f8441e61551f112ec136502b533c3eb3ae707345c7d1de",
+                    "792e03a293bd084dae4581bd0d0968771bab2260198ae9921d69208b9cdbe1f8",
+                    "861a9fe61b65913d45bc9e70f9f0967b0a1d6b8f5e10ca36e64d11f340845a1c",
+                    "47dfc9a17dcf98d70546463ee6744ccd866bb25dcc761a17f6fc80c658360a87",
+                    "07265ea0a06d695ee7d9c432328fa03c9b094156ea4340d655a9bd004f1ec245",
+                    "13dfcc67efbbd2fbab594ec2f166c3bd606daedbc84e0af9a85aa73e9c365e69",
+                    "1f729fb1fd0057f77b71361c6d65d65c9e1634fe5522f0e2eb30d6856c885567",
+                    "555eafa8932f34b79dde787d1e24d049a6cd662a9f79433358c287ecf087c2d2",
+                    "6916e5f854b557f379d37f689c565023e9b998ec33085f7db93c6c118e713856",
+                    "476c6b55260a892b205eca31487a5c9df84972fcfa32e1579ad8cafc4e3ae412",
+                    "261fa852470332ce18fee88de0ee43e701044a086a816e8e4c4fee5abd36feee",
+                    "7c6c4b95a8f371197879242621a29b420020f499f2492b299e8f732aca2d9468",
+                    "15dee18e595c7229866196fb35705cc11d156254302524d128c6de1091070752",
+                    "1b0038caef373a183c07a3432a071d39a6cc6a1382a841176ba755d5f87093c1",
+                    "043c264efa0f27d30ebff0d9c3c5239ec02ddf012bebf53740e9e9fa45278b88",
+                    "56492e89b6d571e73f85bff04df71d7a120ea0db56e63282372f1e881aecec7c",
+                    "1a8d546528102cd45980bce71b0159d8a8d50ad877219f2930f64010f3b10de2",
+                    "61379474c1ffc0f3905676a35bbd7aeae723cafbd9d009e41e29105b058c12a5",
+                    "3914cb2391b1f4dea8beb1310ad8804b9ab30218808f2fba1b21a7d398473d7c",
+                    "07f6802aefceb7295163b85221c6edee87eb714f85e898f91b832fd427fcb840",
+                    "1e86f351224a048a3e345984bab57e1573c78138af6593db20139cc35c907fe4"
+                ],
+                "mitre_attack_tags": []
+            },
+            {
+                "bi": "network-fast-flux-domain",
+                "hashes": [
+                    "623c5e18f10921e6142ff115a750285427aa8e0d5e22b01826a13004471a945e",
+                    "0629056f7d4102a08a4b773253d62453445ee91cc17fa1650b40d1bbca216e81",
+                    "4dacfeb76545ad7fd43c89145e504410c257dff11ef64f9bb7dc3d0543474e30",
+                    "6e191847d61897640fd344288756f5d59ec407e2d82191a80ca61ac1fdcf5ea4",
+                    "356a0c3ec22d725e81f8441e61551f112ec136502b533c3eb3ae707345c7d1de",
+                    "792e03a293bd084dae4581bd0d0968771bab2260198ae9921d69208b9cdbe1f8",
+                    "861a9fe61b65913d45bc9e70f9f0967b0a1d6b8f5e10ca36e64d11f340845a1c",
+                    "47dfc9a17dcf98d70546463ee6744ccd866bb25dcc761a17f6fc80c658360a87",
+                    "07265ea0a06d695ee7d9c432328fa03c9b094156ea4340d655a9bd004f1ec245",
+                    "13dfcc67efbbd2fbab594ec2f166c3bd606daedbc84e0af9a85aa73e9c365e69",
+                    "1f729fb1fd0057f77b71361c6d65d65c9e1634fe5522f0e2eb30d6856c885567",
+                    "555eafa8932f34b79dde787d1e24d049a6cd662a9f79433358c287ecf087c2d2",
+                    "6916e5f854b557f379d37f689c565023e9b998ec33085f7db93c6c118e713856",
+                    "476c6b55260a892b205eca31487a5c9df84972fcfa32e1579ad8cafc4e3ae412",
+                    "261fa852470332ce18fee88de0ee43e701044a086a816e8e4c4fee5abd36feee",
+                    "7c6c4b95a8f371197879242621a29b420020f499f2492b299e8f732aca2d9468",
+                    "15dee18e595c7229866196fb35705cc11d156254302524d128c6de1091070752",
+                    "1b0038caef373a183c07a3432a071d39a6cc6a1382a841176ba755d5f87093c1",
+                    "043c264efa0f27d30ebff0d9c3c5239ec02ddf012bebf53740e9e9fa45278b88",
+                    "56492e89b6d571e73f85bff04df71d7a120ea0db56e63282372f1e881aecec7c",
+                    "1a8d546528102cd45980bce71b0159d8a8d50ad877219f2930f64010f3b10de2",
+                    "61379474c1ffc0f3905676a35bbd7aeae723cafbd9d009e41e29105b058c12a5",
+                    "3914cb2391b1f4dea8beb1310ad8804b9ab30218808f2fba1b21a7d398473d7c",
+                    "07f6802aefceb7295163b85221c6edee87eb714f85e898f91b832fd427fcb840",
+                    "1e86f351224a048a3e345984bab57e1573c78138af6593db20139cc35c907fe4"
+                ],
+                "mitre_attack_tags": []
+            },
+            {
+                "bi": "network-communications-http-post",
+                "hashes": [
+                    "623c5e18f10921e6142ff115a750285427aa8e0d5e22b01826a13004471a945e",
+                    "0629056f7d4102a08a4b773253d62453445ee91cc17fa1650b40d1bbca216e81",
+                    "4dacfeb76545ad7fd43c89145e504410c257dff11ef64f9bb7dc3d0543474e30",
+                    "6e191847d61897640fd344288756f5d59ec407e2d82191a80ca61ac1fdcf5ea4",
+                    "356a0c3ec22d725e81f8441e61551f112ec136502b533c3eb3ae707345c7d1de",
+                    "792e03a293bd084dae4581bd0d0968771bab2260198ae9921d69208b9cdbe1f8",
+                    "861a9fe61b65913d45bc9e70f9f0967b0a1d6b8f5e10ca36e64d11f340845a1c",
+                    "47dfc9a17dcf98d70546463ee6744ccd866bb25dcc761a17f6fc80c658360a87",
+                    "07265ea0a06d695ee7d9c432328fa03c9b094156ea4340d655a9bd004f1ec245",
+                    "13dfcc67efbbd2fbab594ec2f166c3bd606daedbc84e0af9a85aa73e9c365e69",
+                    "1f729fb1fd0057f77b71361c6d65d65c9e1634fe5522f0e2eb30d6856c885567",
+                    "555eafa8932f34b79dde787d1e24d049a6cd662a9f79433358c287ecf087c2d2",
+                    "6916e5f854b557f379d37f689c565023e9b998ec33085f7db93c6c118e713856",
+                    "476c6b55260a892b205eca31487a5c9df84972fcfa32e1579ad8cafc4e3ae412",
+                    "261fa852470332ce18fee88de0ee43e701044a086a816e8e4c4fee5abd36feee",
+                    "7c6c4b95a8f371197879242621a29b420020f499f2492b299e8f732aca2d9468",
+                    "15dee18e595c7229866196fb35705cc11d156254302524d128c6de1091070752",
+                    "1b0038caef373a183c07a3432a071d39a6cc6a1382a841176ba755d5f87093c1",
+                    "043c264efa0f27d30ebff0d9c3c5239ec02ddf012bebf53740e9e9fa45278b88",
+                    "56492e89b6d571e73f85bff04df71d7a120ea0db56e63282372f1e881aecec7c",
+                    "1a8d546528102cd45980bce71b0159d8a8d50ad877219f2930f64010f3b10de2",
+                    "61379474c1ffc0f3905676a35bbd7aeae723cafbd9d009e41e29105b058c12a5",
+                    "3914cb2391b1f4dea8beb1310ad8804b9ab30218808f2fba1b21a7d398473d7c",
+                    "07f6802aefceb7295163b85221c6edee87eb714f85e898f91b832fd427fcb840",
+                    "1e86f351224a048a3e345984bab57e1573c78138af6593db20139cc35c907fe4"
+                ],
+                "mitre_attack_tags": [
+                    "TA0011",
+                    "TA0010",
+                    "T1048"
+                ]
+            },
+            {
+                "bi": "network-dns-malicious-snort",
+                "hashes": [
+                    "623c5e18f10921e6142ff115a750285427aa8e0d5e22b01826a13004471a945e",
+                    "0629056f7d4102a08a4b773253d62453445ee91cc17fa1650b40d1bbca216e81",
+                    "4dacfeb76545ad7fd43c89145e504410c257dff11ef64f9bb7dc3d0543474e30",
+                    "6e191847d61897640fd344288756f5d59ec407e2d82191a80ca61ac1fdcf5ea4",
+                    "356a0c3ec22d725e81f8441e61551f112ec136502b533c3eb3ae707345c7d1de",
+                    "792e03a293bd084dae4581bd0d0968771bab2260198ae9921d69208b9cdbe1f8",
+                    "861a9fe61b65913d45bc9e70f9f0967b0a1d6b8f5e10ca36e64d11f340845a1c",
+                    "47dfc9a17dcf98d70546463ee6744ccd866bb25dcc761a17f6fc80c658360a87",
+                    "07265ea0a06d695ee7d9c432328fa03c9b094156ea4340d655a9bd004f1ec245",
+                    "13dfcc67efbbd2fbab594ec2f166c3bd606daedbc84e0af9a85aa73e9c365e69",
+                    "1f729fb1fd0057f77b71361c6d65d65c9e1634fe5522f0e2eb30d6856c885567",
+                    "555eafa8932f34b79dde787d1e24d049a6cd662a9f79433358c287ecf087c2d2",
+                    "6916e5f854b557f379d37f689c565023e9b998ec33085f7db93c6c118e713856",
+                    "476c6b55260a892b205eca31487a5c9df84972fcfa32e1579ad8cafc4e3ae412",
+                    "261fa852470332ce18fee88de0ee43e701044a086a816e8e4c4fee5abd36feee",
+                    "7c6c4b95a8f371197879242621a29b420020f499f2492b299e8f732aca2d9468",
+                    "15dee18e595c7229866196fb35705cc11d156254302524d128c6de1091070752",
+                    "1b0038caef373a183c07a3432a071d39a6cc6a1382a841176ba755d5f87093c1",
+                    "043c264efa0f27d30ebff0d9c3c5239ec02ddf012bebf53740e9e9fa45278b88",
+                    "56492e89b6d571e73f85bff04df71d7a120ea0db56e63282372f1e881aecec7c",
+                    "1a8d546528102cd45980bce71b0159d8a8d50ad877219f2930f64010f3b10de2",
+                    "61379474c1ffc0f3905676a35bbd7aeae723cafbd9d009e41e29105b058c12a5",
+                    "3914cb2391b1f4dea8beb1310ad8804b9ab30218808f2fba1b21a7d398473d7c",
+                    "07f6802aefceb7295163b85221c6edee87eb714f85e898f91b832fd427fcb840",
+                    "1e86f351224a048a3e345984bab57e1573c78138af6593db20139cc35c907fe4"
+                ],
+                "mitre_attack_tags": [
+                    "TA0011"
+                ]
+            },
+            {
+                "bi": "network-fast-flux-nameserver",
+                "hashes": [
+                    "623c5e18f10921e6142ff115a750285427aa8e0d5e22b01826a13004471a945e",
+                    "0629056f7d4102a08a4b773253d62453445ee91cc17fa1650b40d1bbca216e81",
+                    "4dacfeb76545ad7fd43c89145e504410c257dff11ef64f9bb7dc3d0543474e30",
+                    "6e191847d61897640fd344288756f5d59ec407e2d82191a80ca61ac1fdcf5ea4",
+                    "356a0c3ec22d725e81f8441e61551f112ec136502b533c3eb3ae707345c7d1de",
+                    "792e03a293bd084dae4581bd0d0968771bab2260198ae9921d69208b9cdbe1f8",
+                    "861a9fe61b65913d45bc9e70f9f0967b0a1d6b8f5e10ca36e64d11f340845a1c",
+                    "47dfc9a17dcf98d70546463ee6744ccd866bb25dcc761a17f6fc80c658360a87",
+                    "07265ea0a06d695ee7d9c432328fa03c9b094156ea4340d655a9bd004f1ec245",
+                    "13dfcc67efbbd2fbab594ec2f166c3bd606daedbc84e0af9a85aa73e9c365e69",
+                    "1f729fb1fd0057f77b71361c6d65d65c9e1634fe5522f0e2eb30d6856c885567",
+                    "555eafa8932f34b79dde787d1e24d049a6cd662a9f79433358c287ecf087c2d2",
+                    "6916e5f854b557f379d37f689c565023e9b998ec33085f7db93c6c118e713856",
+                    "476c6b55260a892b205eca31487a5c9df84972fcfa32e1579ad8cafc4e3ae412",
+                    "261fa852470332ce18fee88de0ee43e701044a086a816e8e4c4fee5abd36feee",
+                    "7c6c4b95a8f371197879242621a29b420020f499f2492b299e8f732aca2d9468",
+                    "15dee18e595c7229866196fb35705cc11d156254302524d128c6de1091070752",
+                    "1b0038caef373a183c07a3432a071d39a6cc6a1382a841176ba755d5f87093c1",
+                    "043c264efa0f27d30ebff0d9c3c5239ec02ddf012bebf53740e9e9fa45278b88",
+                    "56492e89b6d571e73f85bff04df71d7a120ea0db56e63282372f1e881aecec7c",
+                    "1a8d546528102cd45980bce71b0159d8a8d50ad877219f2930f64010f3b10de2",
+                    "61379474c1ffc0f3905676a35bbd7aeae723cafbd9d009e41e29105b058c12a5",
+                    "3914cb2391b1f4dea8beb1310ad8804b9ab30218808f2fba1b21a7d398473d7c",
+                    "07f6802aefceb7295163b85221c6edee87eb714f85e898f91b832fd427fcb840",
+                    "1e86f351224a048a3e345984bab57e1573c78138af6593db20139cc35c907fe4"
+                ],
+                "mitre_attack_tags": []
+            },
+            {
+                "bi": "dns-query-nxdomain",
+                "hashes": [
+                    "623c5e18f10921e6142ff115a750285427aa8e0d5e22b01826a13004471a945e",
+                    "0629056f7d4102a08a4b773253d62453445ee91cc17fa1650b40d1bbca216e81",
+                    "4dacfeb76545ad7fd43c89145e504410c257dff11ef64f9bb7dc3d0543474e30",
+                    "6e191847d61897640fd344288756f5d59ec407e2d82191a80ca61ac1fdcf5ea4",
+                    "356a0c3ec22d725e81f8441e61551f112ec136502b533c3eb3ae707345c7d1de",
+                    "792e03a293bd084dae4581bd0d0968771bab2260198ae9921d69208b9cdbe1f8",
+                    "861a9fe61b65913d45bc9e70f9f0967b0a1d6b8f5e10ca36e64d11f340845a1c",
+                    "47dfc9a17dcf98d70546463ee6744ccd866bb25dcc761a17f6fc80c658360a87",
+                    "07265ea0a06d695ee7d9c432328fa03c9b094156ea4340d655a9bd004f1ec245",
+                    "13dfcc67efbbd2fbab594ec2f166c3bd606daedbc84e0af9a85aa73e9c365e69",
+                    "1f729fb1fd0057f77b71361c6d65d65c9e1634fe5522f0e2eb30d6856c885567",
+                    "555eafa8932f34b79dde787d1e24d049a6cd662a9f79433358c287ecf087c2d2",
+                    "6916e5f854b557f379d37f689c565023e9b998ec33085f7db93c6c118e713856",
+                    "476c6b55260a892b205eca31487a5c9df84972fcfa32e1579ad8cafc4e3ae412",
+                    "261fa852470332ce18fee88de0ee43e701044a086a816e8e4c4fee5abd36feee",
+                    "7c6c4b95a8f371197879242621a29b420020f499f2492b299e8f732aca2d9468",
+                    "15dee18e595c7229866196fb35705cc11d156254302524d128c6de1091070752",
+                    "1b0038caef373a183c07a3432a071d39a6cc6a1382a841176ba755d5f87093c1",
+                    "043c264efa0f27d30ebff0d9c3c5239ec02ddf012bebf53740e9e9fa45278b88",
+                    "56492e89b6d571e73f85bff04df71d7a120ea0db56e63282372f1e881aecec7c",
+                    "1a8d546528102cd45980bce71b0159d8a8d50ad877219f2930f64010f3b10de2",
+                    "61379474c1ffc0f3905676a35bbd7aeae723cafbd9d009e41e29105b058c12a5",
+                    "3914cb2391b1f4dea8beb1310ad8804b9ab30218808f2fba1b21a7d398473d7c",
+                    "07f6802aefceb7295163b85221c6edee87eb714f85e898f91b832fd427fcb840",
+                    "1e86f351224a048a3e345984bab57e1573c78138af6593db20139cc35c907fe4"
+                ],
+                "mitre_attack_tags": []
+            },
+            {
+                "bi": "netbios-query",
+                "hashes": [
+                    "623c5e18f10921e6142ff115a750285427aa8e0d5e22b01826a13004471a945e",
+                    "0629056f7d4102a08a4b773253d62453445ee91cc17fa1650b40d1bbca216e81",
+                    "4dacfeb76545ad7fd43c89145e504410c257dff11ef64f9bb7dc3d0543474e30",
+                    "6e191847d61897640fd344288756f5d59ec407e2d82191a80ca61ac1fdcf5ea4",
+                    "356a0c3ec22d725e81f8441e61551f112ec136502b533c3eb3ae707345c7d1de",
+                    "792e03a293bd084dae4581bd0d0968771bab2260198ae9921d69208b9cdbe1f8",
+                    "861a9fe61b65913d45bc9e70f9f0967b0a1d6b8f5e10ca36e64d11f340845a1c",
+                    "47dfc9a17dcf98d70546463ee6744ccd866bb25dcc761a17f6fc80c658360a87",
+                    "07265ea0a06d695ee7d9c432328fa03c9b094156ea4340d655a9bd004f1ec245",
+                    "13dfcc67efbbd2fbab594ec2f166c3bd606daedbc84e0af9a85aa73e9c365e69",
+                    "1f729fb1fd0057f77b71361c6d65d65c9e1634fe5522f0e2eb30d6856c885567",
+                    "555eafa8932f34b79dde787d1e24d049a6cd662a9f79433358c287ecf087c2d2",
+                    "6916e5f854b557f379d37f689c565023e9b998ec33085f7db93c6c118e713856",
+                    "476c6b55260a892b205eca31487a5c9df84972fcfa32e1579ad8cafc4e3ae412",
+                    "261fa852470332ce18fee88de0ee43e701044a086a816e8e4c4fee5abd36feee",
+                    "7c6c4b95a8f371197879242621a29b420020f499f2492b299e8f732aca2d9468",
+                    "15dee18e595c7229866196fb35705cc11d156254302524d128c6de1091070752",
+                    "1b0038caef373a183c07a3432a071d39a6cc6a1382a841176ba755d5f87093c1",
+                    "043c264efa0f27d30ebff0d9c3c5239ec02ddf012bebf53740e9e9fa45278b88",
+                    "56492e89b6d571e73f85bff04df71d7a120ea0db56e63282372f1e881aecec7c",
+                    "1a8d546528102cd45980bce71b0159d8a8d50ad877219f2930f64010f3b10de2",
+                    "61379474c1ffc0f3905676a35bbd7aeae723cafbd9d009e41e29105b058c12a5",
+                    "3914cb2391b1f4dea8beb1310ad8804b9ab30218808f2fba1b21a7d398473d7c",
+                    "07f6802aefceb7295163b85221c6edee87eb714f85e898f91b832fd427fcb840",
+                    "1e86f351224a048a3e345984bab57e1573c78138af6593db20139cc35c907fe4"
+                ],
+                "mitre_attack_tags": []
+            },
+            {
+                "bi": "dns-excessive-domain-queries",
+                "hashes": [
+                    "623c5e18f10921e6142ff115a750285427aa8e0d5e22b01826a13004471a945e",
+                    "0629056f7d4102a08a4b773253d62453445ee91cc17fa1650b40d1bbca216e81",
+                    "4dacfeb76545ad7fd43c89145e504410c257dff11ef64f9bb7dc3d0543474e30",
+                    "6e191847d61897640fd344288756f5d59ec407e2d82191a80ca61ac1fdcf5ea4",
+                    "356a0c3ec22d725e81f8441e61551f112ec136502b533c3eb3ae707345c7d1de",
+                    "792e03a293bd084dae4581bd0d0968771bab2260198ae9921d69208b9cdbe1f8",
+                    "861a9fe61b65913d45bc9e70f9f0967b0a1d6b8f5e10ca36e64d11f340845a1c",
+                    "47dfc9a17dcf98d70546463ee6744ccd866bb25dcc761a17f6fc80c658360a87",
+                    "07265ea0a06d695ee7d9c432328fa03c9b094156ea4340d655a9bd004f1ec245",
+                    "13dfcc67efbbd2fbab594ec2f166c3bd606daedbc84e0af9a85aa73e9c365e69",
+                    "1f729fb1fd0057f77b71361c6d65d65c9e1634fe5522f0e2eb30d6856c885567",
+                    "555eafa8932f34b79dde787d1e24d049a6cd662a9f79433358c287ecf087c2d2",
+                    "6916e5f854b557f379d37f689c565023e9b998ec33085f7db93c6c118e713856",
+                    "476c6b55260a892b205eca31487a5c9df84972fcfa32e1579ad8cafc4e3ae412",
+                    "261fa852470332ce18fee88de0ee43e701044a086a816e8e4c4fee5abd36feee",
+                    "7c6c4b95a8f371197879242621a29b420020f499f2492b299e8f732aca2d9468",
+                    "15dee18e595c7229866196fb35705cc11d156254302524d128c6de1091070752",
+                    "1b0038caef373a183c07a3432a071d39a6cc6a1382a841176ba755d5f87093c1",
+                    "043c264efa0f27d30ebff0d9c3c5239ec02ddf012bebf53740e9e9fa45278b88",
+                    "56492e89b6d571e73f85bff04df71d7a120ea0db56e63282372f1e881aecec7c",
+                    "1a8d546528102cd45980bce71b0159d8a8d50ad877219f2930f64010f3b10de2",
+                    "61379474c1ffc0f3905676a35bbd7aeae723cafbd9d009e41e29105b058c12a5",
+                    "3914cb2391b1f4dea8beb1310ad8804b9ab30218808f2fba1b21a7d398473d7c",
+                    "07f6802aefceb7295163b85221c6edee87eb714f85e898f91b832fd427fcb840",
+                    "1e86f351224a048a3e345984bab57e1573c78138af6593db20139cc35c907fe4"
+                ],
+                "mitre_attack_tags": [
+                    "TA0011",
+                    "T1008"
+                ]
+            },
+            {
+                "bi": "excessive-dns-query-nxdomain",
+                "hashes": [
+                    "623c5e18f10921e6142ff115a750285427aa8e0d5e22b01826a13004471a945e",
+                    "0629056f7d4102a08a4b773253d62453445ee91cc17fa1650b40d1bbca216e81",
+                    "4dacfeb76545ad7fd43c89145e504410c257dff11ef64f9bb7dc3d0543474e30",
+                    "6e191847d61897640fd344288756f5d59ec407e2d82191a80ca61ac1fdcf5ea4",
+                    "356a0c3ec22d725e81f8441e61551f112ec136502b533c3eb3ae707345c7d1de",
+                    "792e03a293bd084dae4581bd0d0968771bab2260198ae9921d69208b9cdbe1f8",
+                    "861a9fe61b65913d45bc9e70f9f0967b0a1d6b8f5e10ca36e64d11f340845a1c",
+                    "47dfc9a17dcf98d70546463ee6744ccd866bb25dcc761a17f6fc80c658360a87",
+                    "07265ea0a06d695ee7d9c432328fa03c9b094156ea4340d655a9bd004f1ec245",
+                    "13dfcc67efbbd2fbab594ec2f166c3bd606daedbc84e0af9a85aa73e9c365e69",
+                    "1f729fb1fd0057f77b71361c6d65d65c9e1634fe5522f0e2eb30d6856c885567",
+                    "555eafa8932f34b79dde787d1e24d049a6cd662a9f79433358c287ecf087c2d2",
+                    "6916e5f854b557f379d37f689c565023e9b998ec33085f7db93c6c118e713856",
+                    "476c6b55260a892b205eca31487a5c9df84972fcfa32e1579ad8cafc4e3ae412",
+                    "261fa852470332ce18fee88de0ee43e701044a086a816e8e4c4fee5abd36feee",
+                    "7c6c4b95a8f371197879242621a29b420020f499f2492b299e8f732aca2d9468",
+                    "15dee18e595c7229866196fb35705cc11d156254302524d128c6de1091070752",
+                    "1b0038caef373a183c07a3432a071d39a6cc6a1382a841176ba755d5f87093c1",
+                    "043c264efa0f27d30ebff0d9c3c5239ec02ddf012bebf53740e9e9fa45278b88",
+                    "56492e89b6d571e73f85bff04df71d7a120ea0db56e63282372f1e881aecec7c",
+                    "1a8d546528102cd45980bce71b0159d8a8d50ad877219f2930f64010f3b10de2",
+                    "61379474c1ffc0f3905676a35bbd7aeae723cafbd9d009e41e29105b058c12a5",
+                    "3914cb2391b1f4dea8beb1310ad8804b9ab30218808f2fba1b21a7d398473d7c",
+                    "07f6802aefceb7295163b85221c6edee87eb714f85e898f91b832fd427fcb840",
+                    "1e86f351224a048a3e345984bab57e1573c78138af6593db20139cc35c907fe4"
+                ],
+                "mitre_attack_tags": [
+                    "TA0011",
+                    "T1008"
+                ]
+            },
+            {
+                "bi": "feed-domain-antivirus-service",
+                "hashes": [
+                    "623c5e18f10921e6142ff115a750285427aa8e0d5e22b01826a13004471a945e",
+                    "0629056f7d4102a08a4b773253d62453445ee91cc17fa1650b40d1bbca216e81",
+                    "4dacfeb76545ad7fd43c89145e504410c257dff11ef64f9bb7dc3d0543474e30",
+                    "6e191847d61897640fd344288756f5d59ec407e2d82191a80ca61ac1fdcf5ea4",
+                    "356a0c3ec22d725e81f8441e61551f112ec136502b533c3eb3ae707345c7d1de",
+                    "792e03a293bd084dae4581bd0d0968771bab2260198ae9921d69208b9cdbe1f8",
+                    "861a9fe61b65913d45bc9e70f9f0967b0a1d6b8f5e10ca36e64d11f340845a1c",
+                    "47dfc9a17dcf98d70546463ee6744ccd866bb25dcc761a17f6fc80c658360a87",
+                    "07265ea0a06d695ee7d9c432328fa03c9b094156ea4340d655a9bd004f1ec245",
+                    "13dfcc67efbbd2fbab594ec2f166c3bd606daedbc84e0af9a85aa73e9c365e69",
+                    "1f729fb1fd0057f77b71361c6d65d65c9e1634fe5522f0e2eb30d6856c885567",
+                    "555eafa8932f34b79dde787d1e24d049a6cd662a9f79433358c287ecf087c2d2",
+                    "6916e5f854b557f379d37f689c565023e9b998ec33085f7db93c6c118e713856",
+                    "476c6b55260a892b205eca31487a5c9df84972fcfa32e1579ad8cafc4e3ae412",
+                    "261fa852470332ce18fee88de0ee43e701044a086a816e8e4c4fee5abd36feee",
+                    "7c6c4b95a8f371197879242621a29b420020f499f2492b299e8f732aca2d9468",
+                    "15dee18e595c7229866196fb35705cc11d156254302524d128c6de1091070752",
+                    "1b0038caef373a183c07a3432a071d39a6cc6a1382a841176ba755d5f87093c1",
+                    "043c264efa0f27d30ebff0d9c3c5239ec02ddf012bebf53740e9e9fa45278b88",
+                    "56492e89b6d571e73f85bff04df71d7a120ea0db56e63282372f1e881aecec7c",
+                    "1a8d546528102cd45980bce71b0159d8a8d50ad877219f2930f64010f3b10de2",
+                    "61379474c1ffc0f3905676a35bbd7aeae723cafbd9d009e41e29105b058c12a5",
+                    "3914cb2391b1f4dea8beb1310ad8804b9ab30218808f2fba1b21a7d398473d7c",
+                    "07f6802aefceb7295163b85221c6edee87eb714f85e898f91b832fd427fcb840",
+                    "1e86f351224a048a3e345984bab57e1573c78138af6593db20139cc35c907fe4"
+                ],
+                "mitre_attack_tags": []
+            },
+            {
+                "bi": "http-response-client-error",
+                "hashes": [
+                    "623c5e18f10921e6142ff115a750285427aa8e0d5e22b01826a13004471a945e",
+                    "0629056f7d4102a08a4b773253d62453445ee91cc17fa1650b40d1bbca216e81",
+                    "4dacfeb76545ad7fd43c89145e504410c257dff11ef64f9bb7dc3d0543474e30",
+                    "6e191847d61897640fd344288756f5d59ec407e2d82191a80ca61ac1fdcf5ea4",
+                    "356a0c3ec22d725e81f8441e61551f112ec136502b533c3eb3ae707345c7d1de",
+                    "792e03a293bd084dae4581bd0d0968771bab2260198ae9921d69208b9cdbe1f8",
+                    "861a9fe61b65913d45bc9e70f9f0967b0a1d6b8f5e10ca36e64d11f340845a1c",
+                    "47dfc9a17dcf98d70546463ee6744ccd866bb25dcc761a17f6fc80c658360a87",
+                    "07265ea0a06d695ee7d9c432328fa03c9b094156ea4340d655a9bd004f1ec245",
+                    "13dfcc67efbbd2fbab594ec2f166c3bd606daedbc84e0af9a85aa73e9c365e69",
+                    "1f729fb1fd0057f77b71361c6d65d65c9e1634fe5522f0e2eb30d6856c885567",
+                    "555eafa8932f34b79dde787d1e24d049a6cd662a9f79433358c287ecf087c2d2",
+                    "6916e5f854b557f379d37f689c565023e9b998ec33085f7db93c6c118e713856",
+                    "476c6b55260a892b205eca31487a5c9df84972fcfa32e1579ad8cafc4e3ae412",
+                    "261fa852470332ce18fee88de0ee43e701044a086a816e8e4c4fee5abd36feee",
+                    "7c6c4b95a8f371197879242621a29b420020f499f2492b299e8f732aca2d9468",
+                    "15dee18e595c7229866196fb35705cc11d156254302524d128c6de1091070752",
+                    "1b0038caef373a183c07a3432a071d39a6cc6a1382a841176ba755d5f87093c1",
+                    "043c264efa0f27d30ebff0d9c3c5239ec02ddf012bebf53740e9e9fa45278b88",
+                    "56492e89b6d571e73f85bff04df71d7a120ea0db56e63282372f1e881aecec7c",
+                    "1a8d546528102cd45980bce71b0159d8a8d50ad877219f2930f64010f3b10de2",
+                    "61379474c1ffc0f3905676a35bbd7aeae723cafbd9d009e41e29105b058c12a5",
+                    "3914cb2391b1f4dea8beb1310ad8804b9ab30218808f2fba1b21a7d398473d7c",
+                    "07f6802aefceb7295163b85221c6edee87eb714f85e898f91b832fd427fcb840",
+                    "1e86f351224a048a3e345984bab57e1573c78138af6593db20139cc35c907fe4"
+                ],
+                "mitre_attack_tags": []
+            },
+            {
+                "bi": "network-snort-malware",
+                "hashes": [
+                    "623c5e18f10921e6142ff115a750285427aa8e0d5e22b01826a13004471a945e",
+                    "0629056f7d4102a08a4b773253d62453445ee91cc17fa1650b40d1bbca216e81",
+                    "4dacfeb76545ad7fd43c89145e504410c257dff11ef64f9bb7dc3d0543474e30",
+                    "6e191847d61897640fd344288756f5d59ec407e2d82191a80ca61ac1fdcf5ea4",
+                    "356a0c3ec22d725e81f8441e61551f112ec136502b533c3eb3ae707345c7d1de",
+                    "792e03a293bd084dae4581bd0d0968771bab2260198ae9921d69208b9cdbe1f8",
+                    "861a9fe61b65913d45bc9e70f9f0967b0a1d6b8f5e10ca36e64d11f340845a1c",
+                    "47dfc9a17dcf98d70546463ee6744ccd866bb25dcc761a17f6fc80c658360a87",
+                    "07265ea0a06d695ee7d9c432328fa03c9b094156ea4340d655a9bd004f1ec245",
+                    "13dfcc67efbbd2fbab594ec2f166c3bd606daedbc84e0af9a85aa73e9c365e69",
+                    "1f729fb1fd0057f77b71361c6d65d65c9e1634fe5522f0e2eb30d6856c885567",
+                    "555eafa8932f34b79dde787d1e24d049a6cd662a9f79433358c287ecf087c2d2",
+                    "6916e5f854b557f379d37f689c565023e9b998ec33085f7db93c6c118e713856",
+                    "476c6b55260a892b205eca31487a5c9df84972fcfa32e1579ad8cafc4e3ae412",
+                    "261fa852470332ce18fee88de0ee43e701044a086a816e8e4c4fee5abd36feee",
+                    "7c6c4b95a8f371197879242621a29b420020f499f2492b299e8f732aca2d9468",
+                    "15dee18e595c7229866196fb35705cc11d156254302524d128c6de1091070752",
+                    "1b0038caef373a183c07a3432a071d39a6cc6a1382a841176ba755d5f87093c1",
+                    "043c264efa0f27d30ebff0d9c3c5239ec02ddf012bebf53740e9e9fa45278b88",
+                    "56492e89b6d571e73f85bff04df71d7a120ea0db56e63282372f1e881aecec7c",
+                    "1a8d546528102cd45980bce71b0159d8a8d50ad877219f2930f64010f3b10de2",
+                    "61379474c1ffc0f3905676a35bbd7aeae723cafbd9d009e41e29105b058c12a5",
+                    "3914cb2391b1f4dea8beb1310ad8804b9ab30218808f2fba1b21a7d398473d7c",
+                    "07f6802aefceb7295163b85221c6edee87eb714f85e898f91b832fd427fcb840",
+                    "1e86f351224a048a3e345984bab57e1573c78138af6593db20139cc35c907fe4"
+                ],
+                "mitre_attack_tags": []
+            },
+            {
+                "bi": "registry-autorun-key-modified",
+                "hashes": [
+                    "623c5e18f10921e6142ff115a750285427aa8e0d5e22b01826a13004471a945e",
+                    "0629056f7d4102a08a4b773253d62453445ee91cc17fa1650b40d1bbca216e81",
+                    "4dacfeb76545ad7fd43c89145e504410c257dff11ef64f9bb7dc3d0543474e30",
+                    "6e191847d61897640fd344288756f5d59ec407e2d82191a80ca61ac1fdcf5ea4",
+                    "356a0c3ec22d725e81f8441e61551f112ec136502b533c3eb3ae707345c7d1de",
+                    "792e03a293bd084dae4581bd0d0968771bab2260198ae9921d69208b9cdbe1f8",
+                    "861a9fe61b65913d45bc9e70f9f0967b0a1d6b8f5e10ca36e64d11f340845a1c",
+                    "47dfc9a17dcf98d70546463ee6744ccd866bb25dcc761a17f6fc80c658360a87",
+                    "07265ea0a06d695ee7d9c432328fa03c9b094156ea4340d655a9bd004f1ec245",
+                    "13dfcc67efbbd2fbab594ec2f166c3bd606daedbc84e0af9a85aa73e9c365e69",
+                    "1f729fb1fd0057f77b71361c6d65d65c9e1634fe5522f0e2eb30d6856c885567",
+                    "555eafa8932f34b79dde787d1e24d049a6cd662a9f79433358c287ecf087c2d2",
+                    "6916e5f854b557f379d37f689c565023e9b998ec33085f7db93c6c118e713856",
+                    "476c6b55260a892b205eca31487a5c9df84972fcfa32e1579ad8cafc4e3ae412",
+                    "261fa852470332ce18fee88de0ee43e701044a086a816e8e4c4fee5abd36feee",
+                    "7c6c4b95a8f371197879242621a29b420020f499f2492b299e8f732aca2d9468",
+                    "15dee18e595c7229866196fb35705cc11d156254302524d128c6de1091070752",
+                    "1b0038caef373a183c07a3432a071d39a6cc6a1382a841176ba755d5f87093c1",
+                    "043c264efa0f27d30ebff0d9c3c5239ec02ddf012bebf53740e9e9fa45278b88",
+                    "56492e89b6d571e73f85bff04df71d7a120ea0db56e63282372f1e881aecec7c",
+                    "1a8d546528102cd45980bce71b0159d8a8d50ad877219f2930f64010f3b10de2",
+                    "61379474c1ffc0f3905676a35bbd7aeae723cafbd9d009e41e29105b058c12a5",
+                    "3914cb2391b1f4dea8beb1310ad8804b9ab30218808f2fba1b21a7d398473d7c",
+                    "07f6802aefceb7295163b85221c6edee87eb714f85e898f91b832fd427fcb840",
+                    "1e86f351224a048a3e345984bab57e1573c78138af6593db20139cc35c907fe4"
+                ],
+                "mitre_attack_tags": [
+                    "TA0003",
+                    "T1060"
+                ]
+            },
+            {
+                "bi": "network-dns-upload-file",
+                "hashes": [
+                    "623c5e18f10921e6142ff115a750285427aa8e0d5e22b01826a13004471a945e",
+                    "0629056f7d4102a08a4b773253d62453445ee91cc17fa1650b40d1bbca216e81",
+                    "4dacfeb76545ad7fd43c89145e504410c257dff11ef64f9bb7dc3d0543474e30",
+                    "6e191847d61897640fd344288756f5d59ec407e2d82191a80ca61ac1fdcf5ea4",
+                    "356a0c3ec22d725e81f8441e61551f112ec136502b533c3eb3ae707345c7d1de",
+                    "792e03a293bd084dae4581bd0d0968771bab2260198ae9921d69208b9cdbe1f8",
+                    "861a9fe61b65913d45bc9e70f9f0967b0a1d6b8f5e10ca36e64d11f340845a1c",
+                    "47dfc9a17dcf98d70546463ee6744ccd866bb25dcc761a17f6fc80c658360a87",
+                    "07265ea0a06d695ee7d9c432328fa03c9b094156ea4340d655a9bd004f1ec245",
+                    "13dfcc67efbbd2fbab594ec2f166c3bd606daedbc84e0af9a85aa73e9c365e69",
+                    "1f729fb1fd0057f77b71361c6d65d65c9e1634fe5522f0e2eb30d6856c885567",
+                    "555eafa8932f34b79dde787d1e24d049a6cd662a9f79433358c287ecf087c2d2",
+                    "6916e5f854b557f379d37f689c565023e9b998ec33085f7db93c6c118e713856",
+                    "476c6b55260a892b205eca31487a5c9df84972fcfa32e1579ad8cafc4e3ae412",
+                    "261fa852470332ce18fee88de0ee43e701044a086a816e8e4c4fee5abd36feee",
+                    "7c6c4b95a8f371197879242621a29b420020f499f2492b299e8f732aca2d9468",
+                    "15dee18e595c7229866196fb35705cc11d156254302524d128c6de1091070752",
+                    "1b0038caef373a183c07a3432a071d39a6cc6a1382a841176ba755d5f87093c1",
+                    "043c264efa0f27d30ebff0d9c3c5239ec02ddf012bebf53740e9e9fa45278b88",
+                    "56492e89b6d571e73f85bff04df71d7a120ea0db56e63282372f1e881aecec7c",
+                    "1a8d546528102cd45980bce71b0159d8a8d50ad877219f2930f64010f3b10de2",
+                    "61379474c1ffc0f3905676a35bbd7aeae723cafbd9d009e41e29105b058c12a5",
+                    "3914cb2391b1f4dea8beb1310ad8804b9ab30218808f2fba1b21a7d398473d7c",
+                    "07f6802aefceb7295163b85221c6edee87eb714f85e898f91b832fd427fcb840",
+                    "1e86f351224a048a3e345984bab57e1573c78138af6593db20139cc35c907fe4"
+                ],
+                "mitre_attack_tags": []
+            },
+            {
+                "bi": "url-not-found",
+                "hashes": [
+                    "623c5e18f10921e6142ff115a750285427aa8e0d5e22b01826a13004471a945e",
+                    "0629056f7d4102a08a4b773253d62453445ee91cc17fa1650b40d1bbca216e81",
+                    "4dacfeb76545ad7fd43c89145e504410c257dff11ef64f9bb7dc3d0543474e30",
+                    "6e191847d61897640fd344288756f5d59ec407e2d82191a80ca61ac1fdcf5ea4",
+                    "356a0c3ec22d725e81f8441e61551f112ec136502b533c3eb3ae707345c7d1de",
+                    "792e03a293bd084dae4581bd0d0968771bab2260198ae9921d69208b9cdbe1f8",
+                    "861a9fe61b65913d45bc9e70f9f0967b0a1d6b8f5e10ca36e64d11f340845a1c",
+                    "47dfc9a17dcf98d70546463ee6744ccd866bb25dcc761a17f6fc80c658360a87",
+                    "07265ea0a06d695ee7d9c432328fa03c9b094156ea4340d655a9bd004f1ec245",
+                    "13dfcc67efbbd2fbab594ec2f166c3bd606daedbc84e0af9a85aa73e9c365e69",
+                    "1f729fb1fd0057f77b71361c6d65d65c9e1634fe5522f0e2eb30d6856c885567",
+                    "555eafa8932f34b79dde787d1e24d049a6cd662a9f79433358c287ecf087c2d2",
+                    "6916e5f854b557f379d37f689c565023e9b998ec33085f7db93c6c118e713856",
+                    "476c6b55260a892b205eca31487a5c9df84972fcfa32e1579ad8cafc4e3ae412",
+                    "261fa852470332ce18fee88de0ee43e701044a086a816e8e4c4fee5abd36feee",
+                    "7c6c4b95a8f371197879242621a29b420020f499f2492b299e8f732aca2d9468",
+                    "15dee18e595c7229866196fb35705cc11d156254302524d128c6de1091070752",
+                    "1b0038caef373a183c07a3432a071d39a6cc6a1382a841176ba755d5f87093c1",
+                    "043c264efa0f27d30ebff0d9c3c5239ec02ddf012bebf53740e9e9fa45278b88",
+                    "56492e89b6d571e73f85bff04df71d7a120ea0db56e63282372f1e881aecec7c",
+                    "1a8d546528102cd45980bce71b0159d8a8d50ad877219f2930f64010f3b10de2",
+                    "61379474c1ffc0f3905676a35bbd7aeae723cafbd9d009e41e29105b058c12a5",
+                    "3914cb2391b1f4dea8beb1310ad8804b9ab30218808f2fba1b21a7d398473d7c",
+                    "07f6802aefceb7295163b85221c6edee87eb714f85e898f91b832fd427fcb840",
+                    "1e86f351224a048a3e345984bab57e1573c78138af6593db20139cc35c907fe4"
+                ],
+                "mitre_attack_tags": []
+            },
+            {
+                "bi": "imports-IsDebuggerPresent",
+                "hashes": [
+                    "623c5e18f10921e6142ff115a750285427aa8e0d5e22b01826a13004471a945e",
+                    "0629056f7d4102a08a4b773253d62453445ee91cc17fa1650b40d1bbca216e81",
+                    "4dacfeb76545ad7fd43c89145e504410c257dff11ef64f9bb7dc3d0543474e30",
+                    "6e191847d61897640fd344288756f5d59ec407e2d82191a80ca61ac1fdcf5ea4",
+                    "356a0c3ec22d725e81f8441e61551f112ec136502b533c3eb3ae707345c7d1de",
+                    "792e03a293bd084dae4581bd0d0968771bab2260198ae9921d69208b9cdbe1f8",
+                    "861a9fe61b65913d45bc9e70f9f0967b0a1d6b8f5e10ca36e64d11f340845a1c",
+                    "47dfc9a17dcf98d70546463ee6744ccd866bb25dcc761a17f6fc80c658360a87",
+                    "07265ea0a06d695ee7d9c432328fa03c9b094156ea4340d655a9bd004f1ec245",
+                    "13dfcc67efbbd2fbab594ec2f166c3bd606daedbc84e0af9a85aa73e9c365e69",
+                    "1f729fb1fd0057f77b71361c6d65d65c9e1634fe5522f0e2eb30d6856c885567",
+                    "555eafa8932f34b79dde787d1e24d049a6cd662a9f79433358c287ecf087c2d2",
+                    "6916e5f854b557f379d37f689c565023e9b998ec33085f7db93c6c118e713856",
+                    "476c6b55260a892b205eca31487a5c9df84972fcfa32e1579ad8cafc4e3ae412",
+                    "261fa852470332ce18fee88de0ee43e701044a086a816e8e4c4fee5abd36feee",
+                    "7c6c4b95a8f371197879242621a29b420020f499f2492b299e8f732aca2d9468",
+                    "15dee18e595c7229866196fb35705cc11d156254302524d128c6de1091070752",
+                    "1b0038caef373a183c07a3432a071d39a6cc6a1382a841176ba755d5f87093c1",
+                    "043c264efa0f27d30ebff0d9c3c5239ec02ddf012bebf53740e9e9fa45278b88",
+                    "56492e89b6d571e73f85bff04df71d7a120ea0db56e63282372f1e881aecec7c",
+                    "1a8d546528102cd45980bce71b0159d8a8d50ad877219f2930f64010f3b10de2",
+                    "61379474c1ffc0f3905676a35bbd7aeae723cafbd9d009e41e29105b058c12a5",
+                    "3914cb2391b1f4dea8beb1310ad8804b9ab30218808f2fba1b21a7d398473d7c",
+                    "07f6802aefceb7295163b85221c6edee87eb714f85e898f91b832fd427fcb840",
+                    "1e86f351224a048a3e345984bab57e1573c78138af6593db20139cc35c907fe4"
+                ],
+                "mitre_attack_tags": []
+            },
+            {
+                "bi": "registry-autorun-key-modified-nt",
+                "hashes": [
+                    "623c5e18f10921e6142ff115a750285427aa8e0d5e22b01826a13004471a945e",
+                    "0629056f7d4102a08a4b773253d62453445ee91cc17fa1650b40d1bbca216e81",
+                    "4dacfeb76545ad7fd43c89145e504410c257dff11ef64f9bb7dc3d0543474e30",
+                    "6e191847d61897640fd344288756f5d59ec407e2d82191a80ca61ac1fdcf5ea4",
+                    "356a0c3ec22d725e81f8441e61551f112ec136502b533c3eb3ae707345c7d1de",
+                    "792e03a293bd084dae4581bd0d0968771bab2260198ae9921d69208b9cdbe1f8",
+                    "861a9fe61b65913d45bc9e70f9f0967b0a1d6b8f5e10ca36e64d11f340845a1c",
+                    "47dfc9a17dcf98d70546463ee6744ccd866bb25dcc761a17f6fc80c658360a87",
+                    "07265ea0a06d695ee7d9c432328fa03c9b094156ea4340d655a9bd004f1ec245",
+                    "13dfcc67efbbd2fbab594ec2f166c3bd606daedbc84e0af9a85aa73e9c365e69",
+                    "1f729fb1fd0057f77b71361c6d65d65c9e1634fe5522f0e2eb30d6856c885567",
+                    "555eafa8932f34b79dde787d1e24d049a6cd662a9f79433358c287ecf087c2d2",
+                    "6916e5f854b557f379d37f689c565023e9b998ec33085f7db93c6c118e713856",
+                    "476c6b55260a892b205eca31487a5c9df84972fcfa32e1579ad8cafc4e3ae412",
+                    "261fa852470332ce18fee88de0ee43e701044a086a816e8e4c4fee5abd36feee",
+                    "7c6c4b95a8f371197879242621a29b420020f499f2492b299e8f732aca2d9468",
+                    "15dee18e595c7229866196fb35705cc11d156254302524d128c6de1091070752",
+                    "1b0038caef373a183c07a3432a071d39a6cc6a1382a841176ba755d5f87093c1",
+                    "043c264efa0f27d30ebff0d9c3c5239ec02ddf012bebf53740e9e9fa45278b88",
+                    "56492e89b6d571e73f85bff04df71d7a120ea0db56e63282372f1e881aecec7c",
+                    "1a8d546528102cd45980bce71b0159d8a8d50ad877219f2930f64010f3b10de2",
+                    "61379474c1ffc0f3905676a35bbd7aeae723cafbd9d009e41e29105b058c12a5",
+                    "3914cb2391b1f4dea8beb1310ad8804b9ab30218808f2fba1b21a7d398473d7c",
+                    "07f6802aefceb7295163b85221c6edee87eb714f85e898f91b832fd427fcb840",
+                    "1e86f351224a048a3e345984bab57e1573c78138af6593db20139cc35c907fe4"
+                ],
+                "mitre_attack_tags": [
+                    "TA0003",
+                    "T1060"
+                ]
+            },
+            {
+                "bi": "registry-winlogon-key-modified-nt",
+                "hashes": [
+                    "623c5e18f10921e6142ff115a750285427aa8e0d5e22b01826a13004471a945e",
+                    "0629056f7d4102a08a4b773253d62453445ee91cc17fa1650b40d1bbca216e81",
+                    "4dacfeb76545ad7fd43c89145e504410c257dff11ef64f9bb7dc3d0543474e30",
+                    "6e191847d61897640fd344288756f5d59ec407e2d82191a80ca61ac1fdcf5ea4",
+                    "356a0c3ec22d725e81f8441e61551f112ec136502b533c3eb3ae707345c7d1de",
+                    "792e03a293bd084dae4581bd0d0968771bab2260198ae9921d69208b9cdbe1f8",
+                    "861a9fe61b65913d45bc9e70f9f0967b0a1d6b8f5e10ca36e64d11f340845a1c",
+                    "47dfc9a17dcf98d70546463ee6744ccd866bb25dcc761a17f6fc80c658360a87",
+                    "07265ea0a06d695ee7d9c432328fa03c9b094156ea4340d655a9bd004f1ec245",
+                    "13dfcc67efbbd2fbab594ec2f166c3bd606daedbc84e0af9a85aa73e9c365e69",
+                    "1f729fb1fd0057f77b71361c6d65d65c9e1634fe5522f0e2eb30d6856c885567",
+                    "555eafa8932f34b79dde787d1e24d049a6cd662a9f79433358c287ecf087c2d2",
+                    "6916e5f854b557f379d37f689c565023e9b998ec33085f7db93c6c118e713856",
+                    "476c6b55260a892b205eca31487a5c9df84972fcfa32e1579ad8cafc4e3ae412",
+                    "261fa852470332ce18fee88de0ee43e701044a086a816e8e4c4fee5abd36feee",
+                    "7c6c4b95a8f371197879242621a29b420020f499f2492b299e8f732aca2d9468",
+                    "15dee18e595c7229866196fb35705cc11d156254302524d128c6de1091070752",
+                    "1b0038caef373a183c07a3432a071d39a6cc6a1382a841176ba755d5f87093c1",
+                    "043c264efa0f27d30ebff0d9c3c5239ec02ddf012bebf53740e9e9fa45278b88",
+                    "56492e89b6d571e73f85bff04df71d7a120ea0db56e63282372f1e881aecec7c",
+                    "1a8d546528102cd45980bce71b0159d8a8d50ad877219f2930f64010f3b10de2",
+                    "61379474c1ffc0f3905676a35bbd7aeae723cafbd9d009e41e29105b058c12a5",
+                    "3914cb2391b1f4dea8beb1310ad8804b9ab30218808f2fba1b21a7d398473d7c",
+                    "07f6802aefceb7295163b85221c6edee87eb714f85e898f91b832fd427fcb840",
+                    "1e86f351224a048a3e345984bab57e1573c78138af6593db20139cc35c907fe4"
+                ],
+                "mitre_attack_tags": [
+                    "TA0003",
+                    "T1112"
+                ]
+            },
+            {
+                "bi": "pe-imports-toolhelp",
+                "hashes": [
+                    "623c5e18f10921e6142ff115a750285427aa8e0d5e22b01826a13004471a945e",
+                    "0629056f7d4102a08a4b773253d62453445ee91cc17fa1650b40d1bbca216e81",
+                    "4dacfeb76545ad7fd43c89145e504410c257dff11ef64f9bb7dc3d0543474e30",
+                    "6e191847d61897640fd344288756f5d59ec407e2d82191a80ca61ac1fdcf5ea4",
+                    "356a0c3ec22d725e81f8441e61551f112ec136502b533c3eb3ae707345c7d1de",
+                    "792e03a293bd084dae4581bd0d0968771bab2260198ae9921d69208b9cdbe1f8",
+                    "861a9fe61b65913d45bc9e70f9f0967b0a1d6b8f5e10ca36e64d11f340845a1c",
+                    "47dfc9a17dcf98d70546463ee6744ccd866bb25dcc761a17f6fc80c658360a87",
+                    "07265ea0a06d695ee7d9c432328fa03c9b094156ea4340d655a9bd004f1ec245",
+                    "13dfcc67efbbd2fbab594ec2f166c3bd606daedbc84e0af9a85aa73e9c365e69",
+                    "1f729fb1fd0057f77b71361c6d65d65c9e1634fe5522f0e2eb30d6856c885567",
+                    "555eafa8932f34b79dde787d1e24d049a6cd662a9f79433358c287ecf087c2d2",
+                    "6916e5f854b557f379d37f689c565023e9b998ec33085f7db93c6c118e713856",
+                    "476c6b55260a892b205eca31487a5c9df84972fcfa32e1579ad8cafc4e3ae412",
+                    "261fa852470332ce18fee88de0ee43e701044a086a816e8e4c4fee5abd36feee",
+                    "7c6c4b95a8f371197879242621a29b420020f499f2492b299e8f732aca2d9468",
+                    "15dee18e595c7229866196fb35705cc11d156254302524d128c6de1091070752",
+                    "1b0038caef373a183c07a3432a071d39a6cc6a1382a841176ba755d5f87093c1",
+                    "043c264efa0f27d30ebff0d9c3c5239ec02ddf012bebf53740e9e9fa45278b88",
+                    "56492e89b6d571e73f85bff04df71d7a120ea0db56e63282372f1e881aecec7c",
+                    "1a8d546528102cd45980bce71b0159d8a8d50ad877219f2930f64010f3b10de2",
+                    "61379474c1ffc0f3905676a35bbd7aeae723cafbd9d009e41e29105b058c12a5",
+                    "3914cb2391b1f4dea8beb1310ad8804b9ab30218808f2fba1b21a7d398473d7c",
+                    "07f6802aefceb7295163b85221c6edee87eb714f85e898f91b832fd427fcb840",
+                    "1e86f351224a048a3e345984bab57e1573c78138af6593db20139cc35c907fe4"
+                ],
+                "mitre_attack_tags": [
+                    "TA0007",
+                    "T1057"
+                ]
+            },
+            {
+                "bi": "pe-header-timestamp-prior",
+                "hashes": [
+                    "623c5e18f10921e6142ff115a750285427aa8e0d5e22b01826a13004471a945e",
+                    "0629056f7d4102a08a4b773253d62453445ee91cc17fa1650b40d1bbca216e81",
+                    "4dacfeb76545ad7fd43c89145e504410c257dff11ef64f9bb7dc3d0543474e30",
+                    "6e191847d61897640fd344288756f5d59ec407e2d82191a80ca61ac1fdcf5ea4",
+                    "356a0c3ec22d725e81f8441e61551f112ec136502b533c3eb3ae707345c7d1de",
+                    "792e03a293bd084dae4581bd0d0968771bab2260198ae9921d69208b9cdbe1f8",
+                    "861a9fe61b65913d45bc9e70f9f0967b0a1d6b8f5e10ca36e64d11f340845a1c",
+                    "47dfc9a17dcf98d70546463ee6744ccd866bb25dcc761a17f6fc80c658360a87",
+                    "07265ea0a06d695ee7d9c432328fa03c9b094156ea4340d655a9bd004f1ec245",
+                    "13dfcc67efbbd2fbab594ec2f166c3bd606daedbc84e0af9a85aa73e9c365e69",
+                    "1f729fb1fd0057f77b71361c6d65d65c9e1634fe5522f0e2eb30d6856c885567",
+                    "555eafa8932f34b79dde787d1e24d049a6cd662a9f79433358c287ecf087c2d2",
+                    "6916e5f854b557f379d37f689c565023e9b998ec33085f7db93c6c118e713856",
+                    "476c6b55260a892b205eca31487a5c9df84972fcfa32e1579ad8cafc4e3ae412",
+                    "261fa852470332ce18fee88de0ee43e701044a086a816e8e4c4fee5abd36feee",
+                    "7c6c4b95a8f371197879242621a29b420020f499f2492b299e8f732aca2d9468",
+                    "15dee18e595c7229866196fb35705cc11d156254302524d128c6de1091070752",
+                    "1b0038caef373a183c07a3432a071d39a6cc6a1382a841176ba755d5f87093c1",
+                    "043c264efa0f27d30ebff0d9c3c5239ec02ddf012bebf53740e9e9fa45278b88",
+                    "56492e89b6d571e73f85bff04df71d7a120ea0db56e63282372f1e881aecec7c",
+                    "1a8d546528102cd45980bce71b0159d8a8d50ad877219f2930f64010f3b10de2",
+                    "61379474c1ffc0f3905676a35bbd7aeae723cafbd9d009e41e29105b058c12a5",
+                    "3914cb2391b1f4dea8beb1310ad8804b9ab30218808f2fba1b21a7d398473d7c",
+                    "07f6802aefceb7295163b85221c6edee87eb714f85e898f91b832fd427fcb840",
+                    "1e86f351224a048a3e345984bab57e1573c78138af6593db20139cc35c907fe4"
+                ],
+                "mitre_attack_tags": []
+            },
+            {
+                "bi": "malware-shiz-mutex-detected",
+                "hashes": [
+                    "623c5e18f10921e6142ff115a750285427aa8e0d5e22b01826a13004471a945e",
+                    "0629056f7d4102a08a4b773253d62453445ee91cc17fa1650b40d1bbca216e81",
+                    "4dacfeb76545ad7fd43c89145e504410c257dff11ef64f9bb7dc3d0543474e30",
+                    "6e191847d61897640fd344288756f5d59ec407e2d82191a80ca61ac1fdcf5ea4",
+                    "356a0c3ec22d725e81f8441e61551f112ec136502b533c3eb3ae707345c7d1de",
+                    "792e03a293bd084dae4581bd0d0968771bab2260198ae9921d69208b9cdbe1f8",
+                    "861a9fe61b65913d45bc9e70f9f0967b0a1d6b8f5e10ca36e64d11f340845a1c",
+                    "47dfc9a17dcf98d70546463ee6744ccd866bb25dcc761a17f6fc80c658360a87",
+                    "07265ea0a06d695ee7d9c432328fa03c9b094156ea4340d655a9bd004f1ec245",
+                    "13dfcc67efbbd2fbab594ec2f166c3bd606daedbc84e0af9a85aa73e9c365e69",
+                    "1f729fb1fd0057f77b71361c6d65d65c9e1634fe5522f0e2eb30d6856c885567",
+                    "555eafa8932f34b79dde787d1e24d049a6cd662a9f79433358c287ecf087c2d2",
+                    "6916e5f854b557f379d37f689c565023e9b998ec33085f7db93c6c118e713856",
+                    "476c6b55260a892b205eca31487a5c9df84972fcfa32e1579ad8cafc4e3ae412",
+                    "261fa852470332ce18fee88de0ee43e701044a086a816e8e4c4fee5abd36feee",
+                    "7c6c4b95a8f371197879242621a29b420020f499f2492b299e8f732aca2d9468",
+                    "15dee18e595c7229866196fb35705cc11d156254302524d128c6de1091070752",
+                    "1b0038caef373a183c07a3432a071d39a6cc6a1382a841176ba755d5f87093c1",
+                    "043c264efa0f27d30ebff0d9c3c5239ec02ddf012bebf53740e9e9fa45278b88",
+                    "56492e89b6d571e73f85bff04df71d7a120ea0db56e63282372f1e881aecec7c",
+                    "1a8d546528102cd45980bce71b0159d8a8d50ad877219f2930f64010f3b10de2",
+                    "61379474c1ffc0f3905676a35bbd7aeae723cafbd9d009e41e29105b058c12a5",
+                    "3914cb2391b1f4dea8beb1310ad8804b9ab30218808f2fba1b21a7d398473d7c",
+                    "07f6802aefceb7295163b85221c6edee87eb714f85e898f91b832fd427fcb840",
+                    "1e86f351224a048a3e345984bab57e1573c78138af6593db20139cc35c907fe4"
+                ],
+                "mitre_attack_tags": []
+            },
+            {
+                "bi": "html-small-file-redirect",
+                "hashes": [
+                    "623c5e18f10921e6142ff115a750285427aa8e0d5e22b01826a13004471a945e",
+                    "0629056f7d4102a08a4b773253d62453445ee91cc17fa1650b40d1bbca216e81",
+                    "4dacfeb76545ad7fd43c89145e504410c257dff11ef64f9bb7dc3d0543474e30",
+                    "6e191847d61897640fd344288756f5d59ec407e2d82191a80ca61ac1fdcf5ea4",
+                    "356a0c3ec22d725e81f8441e61551f112ec136502b533c3eb3ae707345c7d1de",
+                    "792e03a293bd084dae4581bd0d0968771bab2260198ae9921d69208b9cdbe1f8",
+                    "861a9fe61b65913d45bc9e70f9f0967b0a1d6b8f5e10ca36e64d11f340845a1c",
+                    "47dfc9a17dcf98d70546463ee6744ccd866bb25dcc761a17f6fc80c658360a87",
+                    "07265ea0a06d695ee7d9c432328fa03c9b094156ea4340d655a9bd004f1ec245",
+                    "13dfcc67efbbd2fbab594ec2f166c3bd606daedbc84e0af9a85aa73e9c365e69",
+                    "1f729fb1fd0057f77b71361c6d65d65c9e1634fe5522f0e2eb30d6856c885567",
+                    "555eafa8932f34b79dde787d1e24d049a6cd662a9f79433358c287ecf087c2d2",
+                    "6916e5f854b557f379d37f689c565023e9b998ec33085f7db93c6c118e713856",
+                    "476c6b55260a892b205eca31487a5c9df84972fcfa32e1579ad8cafc4e3ae412",
+                    "261fa852470332ce18fee88de0ee43e701044a086a816e8e4c4fee5abd36feee",
+                    "7c6c4b95a8f371197879242621a29b420020f499f2492b299e8f732aca2d9468",
+                    "15dee18e595c7229866196fb35705cc11d156254302524d128c6de1091070752",
+                    "1b0038caef373a183c07a3432a071d39a6cc6a1382a841176ba755d5f87093c1",
+                    "043c264efa0f27d30ebff0d9c3c5239ec02ddf012bebf53740e9e9fa45278b88",
+                    "56492e89b6d571e73f85bff04df71d7a120ea0db56e63282372f1e881aecec7c",
+                    "1a8d546528102cd45980bce71b0159d8a8d50ad877219f2930f64010f3b10de2",
+                    "61379474c1ffc0f3905676a35bbd7aeae723cafbd9d009e41e29105b058c12a5",
+                    "3914cb2391b1f4dea8beb1310ad8804b9ab30218808f2fba1b21a7d398473d7c",
+                    "07f6802aefceb7295163b85221c6edee87eb714f85e898f91b832fd427fcb840",
+                    "1e86f351224a048a3e345984bab57e1573c78138af6593db20139cc35c907fe4"
+                ],
+                "mitre_attack_tags": []
+            }
+        ],
+        "category": "Packed",
+        "coverage": {
+            "AMP": true,
+            "CWS": true,
+            "Cloudlock": false,
+            "Email Security": true,
+            "Network Security": true,
+            "Threat Grid": true,
+            "Umbrella": true,
+            "WSA": true
+        },
+        "description": "Shiz is a remote access trojan that allows an attacker to access an infected machine in order to harvest sensitive information. It is commonly spread via droppers or by visiting a malicious site.",
+        "hashes": [
+            "043c264efa0f27d30ebff0d9c3c5239ec02ddf012bebf53740e9e9fa45278b88",
+            "0629056f7d4102a08a4b773253d62453445ee91cc17fa1650b40d1bbca216e81",
+            "07265ea0a06d695ee7d9c432328fa03c9b094156ea4340d655a9bd004f1ec245",
+            "07f6802aefceb7295163b85221c6edee87eb714f85e898f91b832fd427fcb840",
+            "13dfcc67efbbd2fbab594ec2f166c3bd606daedbc84e0af9a85aa73e9c365e69",
+            "15dee18e595c7229866196fb35705cc11d156254302524d128c6de1091070752",
+            "1a8d546528102cd45980bce71b0159d8a8d50ad877219f2930f64010f3b10de2",
+            "1b0038caef373a183c07a3432a071d39a6cc6a1382a841176ba755d5f87093c1",
+            "1e86f351224a048a3e345984bab57e1573c78138af6593db20139cc35c907fe4",
+            "1f729fb1fd0057f77b71361c6d65d65c9e1634fe5522f0e2eb30d6856c885567",
+            "261fa852470332ce18fee88de0ee43e701044a086a816e8e4c4fee5abd36feee",
+            "356a0c3ec22d725e81f8441e61551f112ec136502b533c3eb3ae707345c7d1de",
+            "3914cb2391b1f4dea8beb1310ad8804b9ab30218808f2fba1b21a7d398473d7c",
+            "476c6b55260a892b205eca31487a5c9df84972fcfa32e1579ad8cafc4e3ae412",
+            "47dfc9a17dcf98d70546463ee6744ccd866bb25dcc761a17f6fc80c658360a87",
+            "4dacfeb76545ad7fd43c89145e504410c257dff11ef64f9bb7dc3d0543474e30",
+            "555eafa8932f34b79dde787d1e24d049a6cd662a9f79433358c287ecf087c2d2",
+            "56492e89b6d571e73f85bff04df71d7a120ea0db56e63282372f1e881aecec7c",
+            "61379474c1ffc0f3905676a35bbd7aeae723cafbd9d009e41e29105b058c12a5",
+            "623c5e18f10921e6142ff115a750285427aa8e0d5e22b01826a13004471a945e",
+            "6916e5f854b557f379d37f689c565023e9b998ec33085f7db93c6c118e713856",
+            "6e191847d61897640fd344288756f5d59ec407e2d82191a80ca61ac1fdcf5ea4",
+            "792e03a293bd084dae4581bd0d0968771bab2260198ae9921d69208b9cdbe1f8",
+            "7c6c4b95a8f371197879242621a29b420020f499f2492b299e8f732aca2d9468",
+            "861a9fe61b65913d45bc9e70f9f0967b0a1d6b8f5e10ca36e64d11f340845a1c",
+            "8a0e095662f72ef3ae59b5f5df7936c865831f4acf193ae1609ed4841fbf78ef",
+            "8ffb956b1174a711a18eb69b3da0b062eb5b1bf3e8e1c8b7f63b0e55e86c9560",
+            "a8523720f8ae02d4a39c7cd6eb480faed4dbf2d4bf1265f4014772261f066420",
+            "b0cd87a6aeeae56b0da7e587df4bc78c959ad721b4d1bc61db27fd568a23742e",
+            "b1d751a575ffb8207ad45e9ae4c8c52c2f9246ca4378002822158a86b84aae69",
+            "b2658ede9c454cc93e70ea05025f35c2e5557f1359e8c165e08b1d71155193b4",
+            "b74af0738f30244cf66da4a9d69dfc2c5412d6e08bd634458e112652cac1a73e",
+            "b9d220e2a57f3e58589090250377353f4215966ea88597ebdb7bce4f0b1bc5ee",
+            "ba66119d5c2d340662f2ccaaff74da09e3d15573433296565a26383efb77d8a7",
+            "c157e1c093c7c4cbe2d4431db326dcce5ea4f8f96847bf1c15eb3a0cb1b650a9",
+            "c1976ea4840648c135b720f34c2e4e605f7a2c7cc05ca2385a314f42ffd6f234",
+            "c7db1d62e8daa13576120cc2546ae2d1935363584b953f4ce1f8ae5bbf60e53b",
+            "cc947c275f36efa4f62af62c36e82cd75926a44f305b51540456ef6c32fa17f8",
+            "d0a114c446b41e490e6d44e4a1cbd88252cfa126685f0b5033e52b1f537b3ee6",
+            "d18e09bc3532f32fd4b7256e1e88f83357d625198f0f4414a894eceaa90d901c",
+            "d5450b35130d18cafbb2187c70af4cf2b637aa661bf9a84198a96e0f0e1233dc",
+            "dcca04da793e171e4763c1b8e9cddca1f7cf459da0616db70df0c63389a05682",
+            "dce3981d00ded810f40d295a27c52a2ac4cd03ebd9b83bd4e540d82808fb9a17",
+            "de37285a217e06900ac7d6ef4af004ef38acd071f662c25fe0055c00c39c4551",
+            "ee0e58d0e41f0af236808468abf270fb7ec5baa113d6a2282722c99805ab3c3e",
+            "f538484469ab7a4d98fe83de2676c2bc9c286d591e5859800fa31aff9121d1e7",
+            "ff19a365f2692108d154dbf82bc278b6cb86996730c563eb8db6a0e5500e4e4a"
+        ],
+        "iocs": {
+            "domain": [
+                {
+                    "hashes": [
+                        "043c264efa0f27d30ebff0d9c3c5239ec02ddf012bebf53740e9e9fa45278b88",
+                        "0629056f7d4102a08a4b773253d62453445ee91cc17fa1650b40d1bbca216e81",
+                        "07265ea0a06d695ee7d9c432328fa03c9b094156ea4340d655a9bd004f1ec245",
+                        "07f6802aefceb7295163b85221c6edee87eb714f85e898f91b832fd427fcb840",
+                        "13dfcc67efbbd2fbab594ec2f166c3bd606daedbc84e0af9a85aa73e9c365e69",
+                        "15dee18e595c7229866196fb35705cc11d156254302524d128c6de1091070752",
+                        "1a8d546528102cd45980bce71b0159d8a8d50ad877219f2930f64010f3b10de2",
+                        "1b0038caef373a183c07a3432a071d39a6cc6a1382a841176ba755d5f87093c1",
+                        "1e86f351224a048a3e345984bab57e1573c78138af6593db20139cc35c907fe4",
+                        "1f729fb1fd0057f77b71361c6d65d65c9e1634fe5522f0e2eb30d6856c885567",
+                        "261fa852470332ce18fee88de0ee43e701044a086a816e8e4c4fee5abd36feee",
+                        "356a0c3ec22d725e81f8441e61551f112ec136502b533c3eb3ae707345c7d1de",
+                        "3914cb2391b1f4dea8beb1310ad8804b9ab30218808f2fba1b21a7d398473d7c",
+                        "476c6b55260a892b205eca31487a5c9df84972fcfa32e1579ad8cafc4e3ae412",
+                        "47dfc9a17dcf98d70546463ee6744ccd866bb25dcc761a17f6fc80c658360a87",
+                        "4dacfeb76545ad7fd43c89145e504410c257dff11ef64f9bb7dc3d0543474e30",
+                        "555eafa8932f34b79dde787d1e24d049a6cd662a9f79433358c287ecf087c2d2",
+                        "56492e89b6d571e73f85bff04df71d7a120ea0db56e63282372f1e881aecec7c",
+                        "61379474c1ffc0f3905676a35bbd7aeae723cafbd9d009e41e29105b058c12a5",
+                        "623c5e18f10921e6142ff115a750285427aa8e0d5e22b01826a13004471a945e",
+                        "6916e5f854b557f379d37f689c565023e9b998ec33085f7db93c6c118e713856",
+                        "6e191847d61897640fd344288756f5d59ec407e2d82191a80ca61ac1fdcf5ea4",
+                        "792e03a293bd084dae4581bd0d0968771bab2260198ae9921d69208b9cdbe1f8",
+                        "7c6c4b95a8f371197879242621a29b420020f499f2492b299e8f732aca2d9468",
+                        "861a9fe61b65913d45bc9e70f9f0967b0a1d6b8f5e10ca36e64d11f340845a1c"
+                    ],
+                    "host": "xuboninogyt[.]eu"
+                },
+                {
+                    "hashes": [
+                        "043c264efa0f27d30ebff0d9c3c5239ec02ddf012bebf53740e9e9fa45278b88",
+                        "0629056f7d4102a08a4b773253d62453445ee91cc17fa1650b40d1bbca216e81",
+                        "07265ea0a06d695ee7d9c432328fa03c9b094156ea4340d655a9bd004f1ec245",
+                        "07f6802aefceb7295163b85221c6edee87eb714f85e898f91b832fd427fcb840",
+                        "13dfcc67efbbd2fbab594ec2f166c3bd606daedbc84e0af9a85aa73e9c365e69",
+                        "15dee18e595c7229866196fb35705cc11d156254302524d128c6de1091070752",
+                        "1a8d546528102cd45980bce71b0159d8a8d50ad877219f2930f64010f3b10de2",
+                        "1b0038caef373a183c07a3432a071d39a6cc6a1382a841176ba755d5f87093c1",
+                        "1e86f351224a048a3e345984bab57e1573c78138af6593db20139cc35c907fe4",
+                        "1f729fb1fd0057f77b71361c6d65d65c9e1634fe5522f0e2eb30d6856c885567",
+                        "261fa852470332ce18fee88de0ee43e701044a086a816e8e4c4fee5abd36feee",
+                        "356a0c3ec22d725e81f8441e61551f112ec136502b533c3eb3ae707345c7d1de",
+                        "3914cb2391b1f4dea8beb1310ad8804b9ab30218808f2fba1b21a7d398473d7c",
+                        "476c6b55260a892b205eca31487a5c9df84972fcfa32e1579ad8cafc4e3ae412",
+                        "47dfc9a17dcf98d70546463ee6744ccd866bb25dcc761a17f6fc80c658360a87",
+                        "4dacfeb76545ad7fd43c89145e504410c257dff11ef64f9bb7dc3d0543474e30",
+                        "555eafa8932f34b79dde787d1e24d049a6cd662a9f79433358c287ecf087c2d2",
+                        "56492e89b6d571e73f85bff04df71d7a120ea0db56e63282372f1e881aecec7c",
+                        "61379474c1ffc0f3905676a35bbd7aeae723cafbd9d009e41e29105b058c12a5",
+                        "623c5e18f10921e6142ff115a750285427aa8e0d5e22b01826a13004471a945e",
+                        "6916e5f854b557f379d37f689c565023e9b998ec33085f7db93c6c118e713856",
+                        "6e191847d61897640fd344288756f5d59ec407e2d82191a80ca61ac1fdcf5ea4",
+                        "792e03a293bd084dae4581bd0d0968771bab2260198ae9921d69208b9cdbe1f8",
+                        "7c6c4b95a8f371197879242621a29b420020f499f2492b299e8f732aca2d9468",
+                        "861a9fe61b65913d45bc9e70f9f0967b0a1d6b8f5e10ca36e64d11f340845a1c"
+                    ],
+                    "host": "tufamugevih[.]eu"
+                },
+                {
+                    "hashes": [
+                        "043c264efa0f27d30ebff0d9c3c5239ec02ddf012bebf53740e9e9fa45278b88",
+                        "0629056f7d4102a08a4b773253d62453445ee91cc17fa1650b40d1bbca216e81",
+                        "07265ea0a06d695ee7d9c432328fa03c9b094156ea4340d655a9bd004f1ec245",
+                        "07f6802aefceb7295163b85221c6edee87eb714f85e898f91b832fd427fcb840",
+                        "13dfcc67efbbd2fbab594ec2f166c3bd606daedbc84e0af9a85aa73e9c365e69",
+                        "15dee18e595c7229866196fb35705cc11d156254302524d128c6de1091070752",
+                        "1a8d546528102cd45980bce71b0159d8a8d50ad877219f2930f64010f3b10de2",
+                        "1b0038caef373a183c07a3432a071d39a6cc6a1382a841176ba755d5f87093c1",
+                        "1e86f351224a048a3e345984bab57e1573c78138af6593db20139cc35c907fe4",
+                        "1f729fb1fd0057f77b71361c6d65d65c9e1634fe5522f0e2eb30d6856c885567",
+                        "261fa852470332ce18fee88de0ee43e701044a086a816e8e4c4fee5abd36feee",
+                        "356a0c3ec22d725e81f8441e61551f112ec136502b533c3eb3ae707345c7d1de",
+                        "3914cb2391b1f4dea8beb1310ad8804b9ab30218808f2fba1b21a7d398473d7c",
+                        "476c6b55260a892b205eca31487a5c9df84972fcfa32e1579ad8cafc4e3ae412",
+                        "47dfc9a17dcf98d70546463ee6744ccd866bb25dcc761a17f6fc80c658360a87",
+                        "4dacfeb76545ad7fd43c89145e504410c257dff11ef64f9bb7dc3d0543474e30",
+                        "555eafa8932f34b79dde787d1e24d049a6cd662a9f79433358c287ecf087c2d2",
+                        "56492e89b6d571e73f85bff04df71d7a120ea0db56e63282372f1e881aecec7c",
+                        "61379474c1ffc0f3905676a35bbd7aeae723cafbd9d009e41e29105b058c12a5",
+                        "623c5e18f10921e6142ff115a750285427aa8e0d5e22b01826a13004471a945e",
+                        "6916e5f854b557f379d37f689c565023e9b998ec33085f7db93c6c118e713856",
+                        "6e191847d61897640fd344288756f5d59ec407e2d82191a80ca61ac1fdcf5ea4",
+                        "792e03a293bd084dae4581bd0d0968771bab2260198ae9921d69208b9cdbe1f8",
+                        "7c6c4b95a8f371197879242621a29b420020f499f2492b299e8f732aca2d9468",
+                        "861a9fe61b65913d45bc9e70f9f0967b0a1d6b8f5e10ca36e64d11f340845a1c"
+                    ],
+                    "host": "xudevunymex[.]eu"
+                },
+                {
+                    "hashes": [
+                        "043c264efa0f27d30ebff0d9c3c5239ec02ddf012bebf53740e9e9fa45278b88",
+                        "0629056f7d4102a08a4b773253d62453445ee91cc17fa1650b40d1bbca216e81",
+                        "07265ea0a06d695ee7d9c432328fa03c9b094156ea4340d655a9bd004f1ec245",
+                        "07f6802aefceb7295163b85221c6edee87eb714f85e898f91b832fd427fcb840",
+                        "13dfcc67efbbd2fbab594ec2f166c3bd606daedbc84e0af9a85aa73e9c365e69",
+                        "15dee18e595c7229866196fb35705cc11d156254302524d128c6de1091070752",
+                        "1a8d546528102cd45980bce71b0159d8a8d50ad877219f2930f64010f3b10de2",
+                        "1b0038caef373a183c07a3432a071d39a6cc6a1382a841176ba755d5f87093c1",
+                        "1e86f351224a048a3e345984bab57e1573c78138af6593db20139cc35c907fe4",
+                        "1f729fb1fd0057f77b71361c6d65d65c9e1634fe5522f0e2eb30d6856c885567",
+                        "261fa852470332ce18fee88de0ee43e701044a086a816e8e4c4fee5abd36feee",
+                        "356a0c3ec22d725e81f8441e61551f112ec136502b533c3eb3ae707345c7d1de",
+                        "3914cb2391b1f4dea8beb1310ad8804b9ab30218808f2fba1b21a7d398473d7c",
+                        "476c6b55260a892b205eca31487a5c9df84972fcfa32e1579ad8cafc4e3ae412",
+                        "47dfc9a17dcf98d70546463ee6744ccd866bb25dcc761a17f6fc80c658360a87",
+                        "4dacfeb76545ad7fd43c89145e504410c257dff11ef64f9bb7dc3d0543474e30",
+                        "555eafa8932f34b79dde787d1e24d049a6cd662a9f79433358c287ecf087c2d2",
+                        "56492e89b6d571e73f85bff04df71d7a120ea0db56e63282372f1e881aecec7c",
+                        "61379474c1ffc0f3905676a35bbd7aeae723cafbd9d009e41e29105b058c12a5",
+                        "623c5e18f10921e6142ff115a750285427aa8e0d5e22b01826a13004471a945e",
+                        "6916e5f854b557f379d37f689c565023e9b998ec33085f7db93c6c118e713856",
+                        "6e191847d61897640fd344288756f5d59ec407e2d82191a80ca61ac1fdcf5ea4",
+                        "792e03a293bd084dae4581bd0d0968771bab2260198ae9921d69208b9cdbe1f8",
+                        "7c6c4b95a8f371197879242621a29b420020f499f2492b299e8f732aca2d9468",
+                        "861a9fe61b65913d45bc9e70f9f0967b0a1d6b8f5e10ca36e64d11f340845a1c"
+                    ],
+                    "host": "qeguxylevus[.]eu"
+                },
+                {
+                    "hashes": [
+                        "043c264efa0f27d30ebff0d9c3c5239ec02ddf012bebf53740e9e9fa45278b88",
+                        "0629056f7d4102a08a4b773253d62453445ee91cc17fa1650b40d1bbca216e81",
+                        "07265ea0a06d695ee7d9c432328fa03c9b094156ea4340d655a9bd004f1ec245",
+                        "07f6802aefceb7295163b85221c6edee87eb714f85e898f91b832fd427fcb840",
+                        "13dfcc67efbbd2fbab594ec2f166c3bd606daedbc84e0af9a85aa73e9c365e69",
+                        "15dee18e595c7229866196fb35705cc11d156254302524d128c6de1091070752",
+                        "1a8d546528102cd45980bce71b0159d8a8d50ad877219f2930f64010f3b10de2",
+                        "1b0038caef373a183c07a3432a071d39a6cc6a1382a841176ba755d5f87093c1",
+                        "1e86f351224a048a3e345984bab57e1573c78138af6593db20139cc35c907fe4",
+                        "1f729fb1fd0057f77b71361c6d65d65c9e1634fe5522f0e2eb30d6856c885567",
+                        "261fa852470332ce18fee88de0ee43e701044a086a816e8e4c4fee5abd36feee",
+                        "356a0c3ec22d725e81f8441e61551f112ec136502b533c3eb3ae707345c7d1de",
+                        "3914cb2391b1f4dea8beb1310ad8804b9ab30218808f2fba1b21a7d398473d7c",
+                        "476c6b55260a892b205eca31487a5c9df84972fcfa32e1579ad8cafc4e3ae412",
+                        "47dfc9a17dcf98d70546463ee6744ccd866bb25dcc761a17f6fc80c658360a87",
+                        "4dacfeb76545ad7fd43c89145e504410c257dff11ef64f9bb7dc3d0543474e30",
+                        "555eafa8932f34b79dde787d1e24d049a6cd662a9f79433358c287ecf087c2d2",
+                        "56492e89b6d571e73f85bff04df71d7a120ea0db56e63282372f1e881aecec7c",
+                        "61379474c1ffc0f3905676a35bbd7aeae723cafbd9d009e41e29105b058c12a5",
+                        "623c5e18f10921e6142ff115a750285427aa8e0d5e22b01826a13004471a945e",
+                        "6916e5f854b557f379d37f689c565023e9b998ec33085f7db93c6c118e713856",
+                        "6e191847d61897640fd344288756f5d59ec407e2d82191a80ca61ac1fdcf5ea4",
+                        "792e03a293bd084dae4581bd0d0968771bab2260198ae9921d69208b9cdbe1f8",
+                        "7c6c4b95a8f371197879242621a29b420020f499f2492b299e8f732aca2d9468",
+                        "861a9fe61b65913d45bc9e70f9f0967b0a1d6b8f5e10ca36e64d11f340845a1c"
+                    ],
+                    "host": "vopycyfutoc[.]eu"
+                },
+                {
+                    "hashes": [
+                        "043c264efa0f27d30ebff0d9c3c5239ec02ddf012bebf53740e9e9fa45278b88",
+                        "0629056f7d4102a08a4b773253d62453445ee91cc17fa1650b40d1bbca216e81",
+                        "07265ea0a06d695ee7d9c432328fa03c9b094156ea4340d655a9bd004f1ec245",
+                        "07f6802aefceb7295163b85221c6edee87eb714f85e898f91b832fd427fcb840",
+                        "13dfcc67efbbd2fbab594ec2f166c3bd606daedbc84e0af9a85aa73e9c365e69",
+                        "15dee18e595c7229866196fb35705cc11d156254302524d128c6de1091070752",
+                        "1a8d546528102cd45980bce71b0159d8a8d50ad877219f2930f64010f3b10de2",
+                        "1b0038caef373a183c07a3432a071d39a6cc6a1382a841176ba755d5f87093c1",
+                        "1e86f351224a048a3e345984bab57e1573c78138af6593db20139cc35c907fe4",
+                        "1f729fb1fd0057f77b71361c6d65d65c9e1634fe5522f0e2eb30d6856c885567",
+                        "261fa852470332ce18fee88de0ee43e701044a086a816e8e4c4fee5abd36feee",
+                        "356a0c3ec22d725e81f8441e61551f112ec136502b533c3eb3ae707345c7d1de",
+                        "3914cb2391b1f4dea8beb1310ad8804b9ab30218808f2fba1b21a7d398473d7c",
+                        "476c6b55260a892b205eca31487a5c9df84972fcfa32e1579ad8cafc4e3ae412",
+                        "47dfc9a17dcf98d70546463ee6744ccd866bb25dcc761a17f6fc80c658360a87",
+                        "4dacfeb76545ad7fd43c89145e504410c257dff11ef64f9bb7dc3d0543474e30",
+                        "555eafa8932f34b79dde787d1e24d049a6cd662a9f79433358c287ecf087c2d2",
+                        "56492e89b6d571e73f85bff04df71d7a120ea0db56e63282372f1e881aecec7c",
+                        "61379474c1ffc0f3905676a35bbd7aeae723cafbd9d009e41e29105b058c12a5",
+                        "623c5e18f10921e6142ff115a750285427aa8e0d5e22b01826a13004471a945e",
+                        "6916e5f854b557f379d37f689c565023e9b998ec33085f7db93c6c118e713856",
+                        "6e191847d61897640fd344288756f5d59ec407e2d82191a80ca61ac1fdcf5ea4",
+                        "792e03a293bd084dae4581bd0d0968771bab2260198ae9921d69208b9cdbe1f8",
+                        "7c6c4b95a8f371197879242621a29b420020f499f2492b299e8f732aca2d9468",
+                        "861a9fe61b65913d45bc9e70f9f0967b0a1d6b8f5e10ca36e64d11f340845a1c"
+                    ],
+                    "host": "xukafinezeg[.]eu"
+                },
+                {
+                    "hashes": [
+                        "043c264efa0f27d30ebff0d9c3c5239ec02ddf012bebf53740e9e9fa45278b88",
+                        "0629056f7d4102a08a4b773253d62453445ee91cc17fa1650b40d1bbca216e81",
+                        "07265ea0a06d695ee7d9c432328fa03c9b094156ea4340d655a9bd004f1ec245",
+                        "07f6802aefceb7295163b85221c6edee87eb714f85e898f91b832fd427fcb840",
+                        "13dfcc67efbbd2fbab594ec2f166c3bd606daedbc84e0af9a85aa73e9c365e69",
+                        "15dee18e595c7229866196fb35705cc11d156254302524d128c6de1091070752",
+                        "1a8d546528102cd45980bce71b0159d8a8d50ad877219f2930f64010f3b10de2",
+                        "1b0038caef373a183c07a3432a071d39a6cc6a1382a841176ba755d5f87093c1",
+                        "1e86f351224a048a3e345984bab57e1573c78138af6593db20139cc35c907fe4",
+                        "1f729fb1fd0057f77b71361c6d65d65c9e1634fe5522f0e2eb30d6856c885567",
+                        "261fa852470332ce18fee88de0ee43e701044a086a816e8e4c4fee5abd36feee",
+                        "356a0c3ec22d725e81f8441e61551f112ec136502b533c3eb3ae707345c7d1de",
+                        "3914cb2391b1f4dea8beb1310ad8804b9ab30218808f2fba1b21a7d398473d7c",
+                        "476c6b55260a892b205eca31487a5c9df84972fcfa32e1579ad8cafc4e3ae412",
+                        "47dfc9a17dcf98d70546463ee6744ccd866bb25dcc761a17f6fc80c658360a87",
+                        "4dacfeb76545ad7fd43c89145e504410c257dff11ef64f9bb7dc3d0543474e30",
+                        "555eafa8932f34b79dde787d1e24d049a6cd662a9f79433358c287ecf087c2d2",
+                        "56492e89b6d571e73f85bff04df71d7a120ea0db56e63282372f1e881aecec7c",
+                        "61379474c1ffc0f3905676a35bbd7aeae723cafbd9d009e41e29105b058c12a5",
+                        "623c5e18f10921e6142ff115a750285427aa8e0d5e22b01826a13004471a945e",
+                        "6916e5f854b557f379d37f689c565023e9b998ec33085f7db93c6c118e713856",
+                        "6e191847d61897640fd344288756f5d59ec407e2d82191a80ca61ac1fdcf5ea4",
+                        "792e03a293bd084dae4581bd0d0968771bab2260198ae9921d69208b9cdbe1f8",
+                        "7c6c4b95a8f371197879242621a29b420020f499f2492b299e8f732aca2d9468",
+                        "861a9fe61b65913d45bc9e70f9f0967b0a1d6b8f5e10ca36e64d11f340845a1c"
+                    ],
+                    "host": "ciqehefitij[.]eu"
+                },
+                {
+                    "hashes": [
+                        "043c264efa0f27d30ebff0d9c3c5239ec02ddf012bebf53740e9e9fa45278b88",
+                        "0629056f7d4102a08a4b773253d62453445ee91cc17fa1650b40d1bbca216e81",
+                        "07265ea0a06d695ee7d9c432328fa03c9b094156ea4340d655a9bd004f1ec245",
+                        "07f6802aefceb7295163b85221c6edee87eb714f85e898f91b832fd427fcb840",
+                        "13dfcc67efbbd2fbab594ec2f166c3bd606daedbc84e0af9a85aa73e9c365e69",
+                        "15dee18e595c7229866196fb35705cc11d156254302524d128c6de1091070752",
+                        "1a8d546528102cd45980bce71b0159d8a8d50ad877219f2930f64010f3b10de2",
+                        "1b0038caef373a183c07a3432a071d39a6cc6a1382a841176ba755d5f87093c1",
+                        "1e86f351224a048a3e345984bab57e1573c78138af6593db20139cc35c907fe4",
+                        "1f729fb1fd0057f77b71361c6d65d65c9e1634fe5522f0e2eb30d6856c885567",
+                        "261fa852470332ce18fee88de0ee43e701044a086a816e8e4c4fee5abd36feee",
+                        "356a0c3ec22d725e81f8441e61551f112ec136502b533c3eb3ae707345c7d1de",
+                        "3914cb2391b1f4dea8beb1310ad8804b9ab30218808f2fba1b21a7d398473d7c",
+                        "476c6b55260a892b205eca31487a5c9df84972fcfa32e1579ad8cafc4e3ae412",
+                        "47dfc9a17dcf98d70546463ee6744ccd866bb25dcc761a17f6fc80c658360a87",
+                        "4dacfeb76545ad7fd43c89145e504410c257dff11ef64f9bb7dc3d0543474e30",
+                        "555eafa8932f34b79dde787d1e24d049a6cd662a9f79433358c287ecf087c2d2",
+                        "56492e89b6d571e73f85bff04df71d7a120ea0db56e63282372f1e881aecec7c",
+                        "61379474c1ffc0f3905676a35bbd7aeae723cafbd9d009e41e29105b058c12a5",
+                        "623c5e18f10921e6142ff115a750285427aa8e0d5e22b01826a13004471a945e",
+                        "6916e5f854b557f379d37f689c565023e9b998ec33085f7db93c6c118e713856",
+                        "6e191847d61897640fd344288756f5d59ec407e2d82191a80ca61ac1fdcf5ea4",
+                        "792e03a293bd084dae4581bd0d0968771bab2260198ae9921d69208b9cdbe1f8",
+                        "7c6c4b95a8f371197879242621a29b420020f499f2492b299e8f732aca2d9468",
+                        "861a9fe61b65913d45bc9e70f9f0967b0a1d6b8f5e10ca36e64d11f340845a1c"
+                    ],
+                    "host": "kemimojitir[.]eu"
+                },
+                {
+                    "hashes": [
+                        "043c264efa0f27d30ebff0d9c3c5239ec02ddf012bebf53740e9e9fa45278b88",
+                        "0629056f7d4102a08a4b773253d62453445ee91cc17fa1650b40d1bbca216e81",
+                        "07265ea0a06d695ee7d9c432328fa03c9b094156ea4340d655a9bd004f1ec245",
+                        "07f6802aefceb7295163b85221c6edee87eb714f85e898f91b832fd427fcb840",
+                        "13dfcc67efbbd2fbab594ec2f166c3bd606daedbc84e0af9a85aa73e9c365e69",
+                        "15dee18e595c7229866196fb35705cc11d156254302524d128c6de1091070752",
+                        "1a8d546528102cd45980bce71b0159d8a8d50ad877219f2930f64010f3b10de2",
+                        "1b0038caef373a183c07a3432a071d39a6cc6a1382a841176ba755d5f87093c1",
+                        "1e86f351224a048a3e345984bab57e1573c78138af6593db20139cc35c907fe4",
+                        "1f729fb1fd0057f77b71361c6d65d65c9e1634fe5522f0e2eb30d6856c885567",
+                        "261fa852470332ce18fee88de0ee43e701044a086a816e8e4c4fee5abd36feee",
+                        "356a0c3ec22d725e81f8441e61551f112ec136502b533c3eb3ae707345c7d1de",
+                        "3914cb2391b1f4dea8beb1310ad8804b9ab30218808f2fba1b21a7d398473d7c",
+                        "476c6b55260a892b205eca31487a5c9df84972fcfa32e1579ad8cafc4e3ae412",
+                        "47dfc9a17dcf98d70546463ee6744ccd866bb25dcc761a17f6fc80c658360a87",
+                        "4dacfeb76545ad7fd43c89145e504410c257dff11ef64f9bb7dc3d0543474e30",
+                        "555eafa8932f34b79dde787d1e24d049a6cd662a9f79433358c287ecf087c2d2",
+                        "56492e89b6d571e73f85bff04df71d7a120ea0db56e63282372f1e881aecec7c",
+                        "61379474c1ffc0f3905676a35bbd7aeae723cafbd9d009e41e29105b058c12a5",
+                        "623c5e18f10921e6142ff115a750285427aa8e0d5e22b01826a13004471a945e",
+                        "6916e5f854b557f379d37f689c565023e9b998ec33085f7db93c6c118e713856",
+                        "6e191847d61897640fd344288756f5d59ec407e2d82191a80ca61ac1fdcf5ea4",
+                        "792e03a293bd084dae4581bd0d0968771bab2260198ae9921d69208b9cdbe1f8",
+                        "7c6c4b95a8f371197879242621a29b420020f499f2492b299e8f732aca2d9468",
+                        "861a9fe61b65913d45bc9e70f9f0967b0a1d6b8f5e10ca36e64d11f340845a1c"
+                    ],
+                    "host": "qexusulakiq[.]eu"
+                },
+                {
+                    "hashes": [
+                        "043c264efa0f27d30ebff0d9c3c5239ec02ddf012bebf53740e9e9fa45278b88",
+                        "0629056f7d4102a08a4b773253d62453445ee91cc17fa1650b40d1bbca216e81",
+                        "07265ea0a06d695ee7d9c432328fa03c9b094156ea4340d655a9bd004f1ec245",
+                        "07f6802aefceb7295163b85221c6edee87eb714f85e898f91b832fd427fcb840",
+                        "13dfcc67efbbd2fbab594ec2f166c3bd606daedbc84e0af9a85aa73e9c365e69",
+                        "15dee18e595c7229866196fb35705cc11d156254302524d128c6de1091070752",
+                        "1a8d546528102cd45980bce71b0159d8a8d50ad877219f2930f64010f3b10de2",
+                        "1b0038caef373a183c07a3432a071d39a6cc6a1382a841176ba755d5f87093c1",
+                        "1e86f351224a048a3e345984bab57e1573c78138af6593db20139cc35c907fe4",
+                        "1f729fb1fd0057f77b71361c6d65d65c9e1634fe5522f0e2eb30d6856c885567",
+                        "261fa852470332ce18fee88de0ee43e701044a086a816e8e4c4fee5abd36feee",
+                        "356a0c3ec22d725e81f8441e61551f112ec136502b533c3eb3ae707345c7d1de",
+                        "3914cb2391b1f4dea8beb1310ad8804b9ab30218808f2fba1b21a7d398473d7c",
+                        "476c6b55260a892b205eca31487a5c9df84972fcfa32e1579ad8cafc4e3ae412",
+                        "47dfc9a17dcf98d70546463ee6744ccd866bb25dcc761a17f6fc80c658360a87",
+                        "4dacfeb76545ad7fd43c89145e504410c257dff11ef64f9bb7dc3d0543474e30",
+                        "555eafa8932f34b79dde787d1e24d049a6cd662a9f79433358c287ecf087c2d2",
+                        "56492e89b6d571e73f85bff04df71d7a120ea0db56e63282372f1e881aecec7c",
+                        "61379474c1ffc0f3905676a35bbd7aeae723cafbd9d009e41e29105b058c12a5",
+                        "623c5e18f10921e6142ff115a750285427aa8e0d5e22b01826a13004471a945e",
+                        "6916e5f854b557f379d37f689c565023e9b998ec33085f7db93c6c118e713856",
+                        "6e191847d61897640fd344288756f5d59ec407e2d82191a80ca61ac1fdcf5ea4",
+                        "792e03a293bd084dae4581bd0d0968771bab2260198ae9921d69208b9cdbe1f8",
+                        "7c6c4b95a8f371197879242621a29b420020f499f2492b299e8f732aca2d9468",
+                        "861a9fe61b65913d45bc9e70f9f0967b0a1d6b8f5e10ca36e64d11f340845a1c"
+                    ],
+                    "host": "qeqotogemet[.]eu"
+                },
+                {
+                    "hashes": [
+                        "043c264efa0f27d30ebff0d9c3c5239ec02ddf012bebf53740e9e9fa45278b88",
+                        "0629056f7d4102a08a4b773253d62453445ee91cc17fa1650b40d1bbca216e81",
+                        "07265ea0a06d695ee7d9c432328fa03c9b094156ea4340d655a9bd004f1ec245",
+                        "07f6802aefceb7295163b85221c6edee87eb714f85e898f91b832fd427fcb840",
+                        "13dfcc67efbbd2fbab594ec2f166c3bd606daedbc84e0af9a85aa73e9c365e69",
+                        "15dee18e595c7229866196fb35705cc11d156254302524d128c6de1091070752",
+                        "1a8d546528102cd45980bce71b0159d8a8d50ad877219f2930f64010f3b10de2",
+                        "1b0038caef373a183c07a3432a071d39a6cc6a1382a841176ba755d5f87093c1",
+                        "1e86f351224a048a3e345984bab57e1573c78138af6593db20139cc35c907fe4",
+                        "1f729fb1fd0057f77b71361c6d65d65c9e1634fe5522f0e2eb30d6856c885567",
+                        "261fa852470332ce18fee88de0ee43e701044a086a816e8e4c4fee5abd36feee",
+                        "356a0c3ec22d725e81f8441e61551f112ec136502b533c3eb3ae707345c7d1de",
+                        "3914cb2391b1f4dea8beb1310ad8804b9ab30218808f2fba1b21a7d398473d7c",
+                        "476c6b55260a892b205eca31487a5c9df84972fcfa32e1579ad8cafc4e3ae412",
+                        "47dfc9a17dcf98d70546463ee6744ccd866bb25dcc761a17f6fc80c658360a87",
+                        "4dacfeb76545ad7fd43c89145e504410c257dff11ef64f9bb7dc3d0543474e30",
+                        "555eafa8932f34b79dde787d1e24d049a6cd662a9f79433358c287ecf087c2d2",
+                        "56492e89b6d571e73f85bff04df71d7a120ea0db56e63282372f1e881aecec7c",
+                        "61379474c1ffc0f3905676a35bbd7aeae723cafbd9d009e41e29105b058c12a5",
+                        "623c5e18f10921e6142ff115a750285427aa8e0d5e22b01826a13004471a945e",
+                        "6916e5f854b557f379d37f689c565023e9b998ec33085f7db93c6c118e713856",
+                        "6e191847d61897640fd344288756f5d59ec407e2d82191a80ca61ac1fdcf5ea4",
+                        "792e03a293bd084dae4581bd0d0968771bab2260198ae9921d69208b9cdbe1f8",
+                        "7c6c4b95a8f371197879242621a29b420020f499f2492b299e8f732aca2d9468",
+                        "861a9fe61b65913d45bc9e70f9f0967b0a1d6b8f5e10ca36e64d11f340845a1c"
+                    ],
+                    "host": "foxofewuteq[.]eu"
+                },
+                {
+                    "hashes": [
+                        "043c264efa0f27d30ebff0d9c3c5239ec02ddf012bebf53740e9e9fa45278b88",
+                        "0629056f7d4102a08a4b773253d62453445ee91cc17fa1650b40d1bbca216e81",
+                        "07265ea0a06d695ee7d9c432328fa03c9b094156ea4340d655a9bd004f1ec245",
+                        "07f6802aefceb7295163b85221c6edee87eb714f85e898f91b832fd427fcb840",
+                        "13dfcc67efbbd2fbab594ec2f166c3bd606daedbc84e0af9a85aa73e9c365e69",
+                        "15dee18e595c7229866196fb35705cc11d156254302524d128c6de1091070752",
+                        "1a8d546528102cd45980bce71b0159d8a8d50ad877219f2930f64010f3b10de2",
+                        "1b0038caef373a183c07a3432a071d39a6cc6a1382a841176ba755d5f87093c1",
+                        "1e86f351224a048a3e345984bab57e1573c78138af6593db20139cc35c907fe4",
+                        "1f729fb1fd0057f77b71361c6d65d65c9e1634fe5522f0e2eb30d6856c885567",
+                        "261fa852470332ce18fee88de0ee43e701044a086a816e8e4c4fee5abd36feee",
+                        "356a0c3ec22d725e81f8441e61551f112ec136502b533c3eb3ae707345c7d1de",
+                        "3914cb2391b1f4dea8beb1310ad8804b9ab30218808f2fba1b21a7d398473d7c",
+                        "476c6b55260a892b205eca31487a5c9df84972fcfa32e1579ad8cafc4e3ae412",
+                        "47dfc9a17dcf98d70546463ee6744ccd866bb25dcc761a17f6fc80c658360a87",
+                        "4dacfeb76545ad7fd43c89145e504410c257dff11ef64f9bb7dc3d0543474e30",
+                        "555eafa8932f34b79dde787d1e24d049a6cd662a9f79433358c287ecf087c2d2",
+                        "56492e89b6d571e73f85bff04df71d7a120ea0db56e63282372f1e881aecec7c",
+                        "61379474c1ffc0f3905676a35bbd7aeae723cafbd9d009e41e29105b058c12a5",
+                        "623c5e18f10921e6142ff115a750285427aa8e0d5e22b01826a13004471a945e",
+                        "6916e5f854b557f379d37f689c565023e9b998ec33085f7db93c6c118e713856",
+                        "6e191847d61897640fd344288756f5d59ec407e2d82191a80ca61ac1fdcf5ea4",
+                        "792e03a293bd084dae4581bd0d0968771bab2260198ae9921d69208b9cdbe1f8",
+                        "7c6c4b95a8f371197879242621a29b420020f499f2492b299e8f732aca2d9468",
+                        "861a9fe61b65913d45bc9e70f9f0967b0a1d6b8f5e10ca36e64d11f340845a1c"
+                    ],
+                    "host": "cinazetybiq[.]eu"
+                },
+                {
+                    "hashes": [
+                        "043c264efa0f27d30ebff0d9c3c5239ec02ddf012bebf53740e9e9fa45278b88",
+                        "0629056f7d4102a08a4b773253d62453445ee91cc17fa1650b40d1bbca216e81",
+                        "07265ea0a06d695ee7d9c432328fa03c9b094156ea4340d655a9bd004f1ec245",
+                        "07f6802aefceb7295163b85221c6edee87eb714f85e898f91b832fd427fcb840",
+                        "13dfcc67efbbd2fbab594ec2f166c3bd606daedbc84e0af9a85aa73e9c365e69",
+                        "15dee18e595c7229866196fb35705cc11d156254302524d128c6de1091070752",
+                        "1a8d546528102cd45980bce71b0159d8a8d50ad877219f2930f64010f3b10de2",
+                        "1b0038caef373a183c07a3432a071d39a6cc6a1382a841176ba755d5f87093c1",
+                        "1e86f351224a048a3e345984bab57e1573c78138af6593db20139cc35c907fe4",
+                        "1f729fb1fd0057f77b71361c6d65d65c9e1634fe5522f0e2eb30d6856c885567",
+                        "261fa852470332ce18fee88de0ee43e701044a086a816e8e4c4fee5abd36feee",
+                        "356a0c3ec22d725e81f8441e61551f112ec136502b533c3eb3ae707345c7d1de",
+                        "3914cb2391b1f4dea8beb1310ad8804b9ab30218808f2fba1b21a7d398473d7c",
+                        "476c6b55260a892b205eca31487a5c9df84972fcfa32e1579ad8cafc4e3ae412",
+                        "47dfc9a17dcf98d70546463ee6744ccd866bb25dcc761a17f6fc80c658360a87",
+                        "4dacfeb76545ad7fd43c89145e504410c257dff11ef64f9bb7dc3d0543474e30",
+                        "555eafa8932f34b79dde787d1e24d049a6cd662a9f79433358c287ecf087c2d2",
+                        "56492e89b6d571e73f85bff04df71d7a120ea0db56e63282372f1e881aecec7c",
+                        "61379474c1ffc0f3905676a35bbd7aeae723cafbd9d009e41e29105b058c12a5",
+                        "623c5e18f10921e6142ff115a750285427aa8e0d5e22b01826a13004471a945e",
+                        "6916e5f854b557f379d37f689c565023e9b998ec33085f7db93c6c118e713856",
+                        "6e191847d61897640fd344288756f5d59ec407e2d82191a80ca61ac1fdcf5ea4",
+                        "792e03a293bd084dae4581bd0d0968771bab2260198ae9921d69208b9cdbe1f8",
+                        "7c6c4b95a8f371197879242621a29b420020f499f2492b299e8f732aca2d9468",
+                        "861a9fe61b65913d45bc9e70f9f0967b0a1d6b8f5e10ca36e64d11f340845a1c"
+                    ],
+                    "host": "gahoqohofib[.]eu"
+                },
+                {
+                    "hashes": [
+                        "043c264efa0f27d30ebff0d9c3c5239ec02ddf012bebf53740e9e9fa45278b88",
+                        "0629056f7d4102a08a4b773253d62453445ee91cc17fa1650b40d1bbca216e81",
+                        "07265ea0a06d695ee7d9c432328fa03c9b094156ea4340d655a9bd004f1ec245",
+                        "07f6802aefceb7295163b85221c6edee87eb714f85e898f91b832fd427fcb840",
+                        "13dfcc67efbbd2fbab594ec2f166c3bd606daedbc84e0af9a85aa73e9c365e69",
+                        "15dee18e595c7229866196fb35705cc11d156254302524d128c6de1091070752",
+                        "1a8d546528102cd45980bce71b0159d8a8d50ad877219f2930f64010f3b10de2",
+                        "1b0038caef373a183c07a3432a071d39a6cc6a1382a841176ba755d5f87093c1",
+                        "1e86f351224a048a3e345984bab57e1573c78138af6593db20139cc35c907fe4",
+                        "1f729fb1fd0057f77b71361c6d65d65c9e1634fe5522f0e2eb30d6856c885567",
+                        "261fa852470332ce18fee88de0ee43e701044a086a816e8e4c4fee5abd36feee",
+                        "356a0c3ec22d725e81f8441e61551f112ec136502b533c3eb3ae707345c7d1de",
+                        "3914cb2391b1f4dea8beb1310ad8804b9ab30218808f2fba1b21a7d398473d7c",
+                        "476c6b55260a892b205eca31487a5c9df84972fcfa32e1579ad8cafc4e3ae412",
+                        "47dfc9a17dcf98d70546463ee6744ccd866bb25dcc761a17f6fc80c658360a87",
+                        "4dacfeb76545ad7fd43c89145e504410c257dff11ef64f9bb7dc3d0543474e30",
+                        "555eafa8932f34b79dde787d1e24d049a6cd662a9f79433358c287ecf087c2d2",
+                        "56492e89b6d571e73f85bff04df71d7a120ea0db56e63282372f1e881aecec7c",
+                        "61379474c1ffc0f3905676a35bbd7aeae723cafbd9d009e41e29105b058c12a5",
+                        "623c5e18f10921e6142ff115a750285427aa8e0d5e22b01826a13004471a945e",
+                        "6916e5f854b557f379d37f689c565023e9b998ec33085f7db93c6c118e713856",
+                        "6e191847d61897640fd344288756f5d59ec407e2d82191a80ca61ac1fdcf5ea4",
+                        "792e03a293bd084dae4581bd0d0968771bab2260198ae9921d69208b9cdbe1f8",
+                        "7c6c4b95a8f371197879242621a29b420020f499f2492b299e8f732aca2d9468",
+                        "861a9fe61b65913d45bc9e70f9f0967b0a1d6b8f5e10ca36e64d11f340845a1c"
+                    ],
+                    "host": "lygowunezep[.]eu"
+                },
+                {
+                    "hashes": [
+                        "043c264efa0f27d30ebff0d9c3c5239ec02ddf012bebf53740e9e9fa45278b88",
+                        "0629056f7d4102a08a4b773253d62453445ee91cc17fa1650b40d1bbca216e81",
+                        "07265ea0a06d695ee7d9c432328fa03c9b094156ea4340d655a9bd004f1ec245",
+                        "07f6802aefceb7295163b85221c6edee87eb714f85e898f91b832fd427fcb840",
+                        "13dfcc67efbbd2fbab594ec2f166c3bd606daedbc84e0af9a85aa73e9c365e69",
+                        "15dee18e595c7229866196fb35705cc11d156254302524d128c6de1091070752",
+                        "1a8d546528102cd45980bce71b0159d8a8d50ad877219f2930f64010f3b10de2",
+                        "1b0038caef373a183c07a3432a071d39a6cc6a1382a841176ba755d5f87093c1",
+                        "1e86f351224a048a3e345984bab57e1573c78138af6593db20139cc35c907fe4",
+                        "1f729fb1fd0057f77b71361c6d65d65c9e1634fe5522f0e2eb30d6856c885567",
+                        "261fa852470332ce18fee88de0ee43e701044a086a816e8e4c4fee5abd36feee",
+                        "356a0c3ec22d725e81f8441e61551f112ec136502b533c3eb3ae707345c7d1de",
+                        "3914cb2391b1f4dea8beb1310ad8804b9ab30218808f2fba1b21a7d398473d7c",
+                        "476c6b55260a892b205eca31487a5c9df84972fcfa32e1579ad8cafc4e3ae412",
+                        "47dfc9a17dcf98d70546463ee6744ccd866bb25dcc761a17f6fc80c658360a87",
+                        "4dacfeb76545ad7fd43c89145e504410c257dff11ef64f9bb7dc3d0543474e30",
+                        "555eafa8932f34b79dde787d1e24d049a6cd662a9f79433358c287ecf087c2d2",
+                        "56492e89b6d571e73f85bff04df71d7a120ea0db56e63282372f1e881aecec7c",
+                        "61379474c1ffc0f3905676a35bbd7aeae723cafbd9d009e41e29105b058c12a5",
+                        "623c5e18f10921e6142ff115a750285427aa8e0d5e22b01826a13004471a945e",
+                        "6916e5f854b557f379d37f689c565023e9b998ec33085f7db93c6c118e713856",
+                        "6e191847d61897640fd344288756f5d59ec407e2d82191a80ca61ac1fdcf5ea4",
+                        "792e03a293bd084dae4581bd0d0968771bab2260198ae9921d69208b9cdbe1f8",
+                        "7c6c4b95a8f371197879242621a29b420020f499f2492b299e8f732aca2d9468",
+                        "861a9fe61b65913d45bc9e70f9f0967b0a1d6b8f5e10ca36e64d11f340845a1c"
+                    ],
+                    "host": "ganovowuqur[.]eu"
+                },
+                {
+                    "hashes": [
+                        "043c264efa0f27d30ebff0d9c3c5239ec02ddf012bebf53740e9e9fa45278b88",
+                        "0629056f7d4102a08a4b773253d62453445ee91cc17fa1650b40d1bbca216e81",
+                        "07265ea0a06d695ee7d9c432328fa03c9b094156ea4340d655a9bd004f1ec245",
+                        "07f6802aefceb7295163b85221c6edee87eb714f85e898f91b832fd427fcb840",
+                        "13dfcc67efbbd2fbab594ec2f166c3bd606daedbc84e0af9a85aa73e9c365e69",
+                        "15dee18e595c7229866196fb35705cc11d156254302524d128c6de1091070752",
+                        "1a8d546528102cd45980bce71b0159d8a8d50ad877219f2930f64010f3b10de2",
+                        "1b0038caef373a183c07a3432a071d39a6cc6a1382a841176ba755d5f87093c1",
+                        "1e86f351224a048a3e345984bab57e1573c78138af6593db20139cc35c907fe4",
+                        "1f729fb1fd0057f77b71361c6d65d65c9e1634fe5522f0e2eb30d6856c885567",
+                        "261fa852470332ce18fee88de0ee43e701044a086a816e8e4c4fee5abd36feee",
+                        "356a0c3ec22d725e81f8441e61551f112ec136502b533c3eb3ae707345c7d1de",
+                        "3914cb2391b1f4dea8beb1310ad8804b9ab30218808f2fba1b21a7d398473d7c",
+                        "476c6b55260a892b205eca31487a5c9df84972fcfa32e1579ad8cafc4e3ae412",
+                        "47dfc9a17dcf98d70546463ee6744ccd866bb25dcc761a17f6fc80c658360a87",
+                        "4dacfeb76545ad7fd43c89145e504410c257dff11ef64f9bb7dc3d0543474e30",
+                        "555eafa8932f34b79dde787d1e24d049a6cd662a9f79433358c287ecf087c2d2",
+                        "56492e89b6d571e73f85bff04df71d7a120ea0db56e63282372f1e881aecec7c",
+                        "61379474c1ffc0f3905676a35bbd7aeae723cafbd9d009e41e29105b058c12a5",
+                        "623c5e18f10921e6142ff115a750285427aa8e0d5e22b01826a13004471a945e",
+                        "6916e5f854b557f379d37f689c565023e9b998ec33085f7db93c6c118e713856",
+                        "6e191847d61897640fd344288756f5d59ec407e2d82191a80ca61ac1fdcf5ea4",
+                        "792e03a293bd084dae4581bd0d0968771bab2260198ae9921d69208b9cdbe1f8",
+                        "7c6c4b95a8f371197879242621a29b420020f499f2492b299e8f732aca2d9468",
+                        "861a9fe61b65913d45bc9e70f9f0967b0a1d6b8f5e10ca36e64d11f340845a1c"
+                    ],
+                    "host": "qekusagigyz[.]eu"
+                },
+                {
+                    "hashes": [
+                        "043c264efa0f27d30ebff0d9c3c5239ec02ddf012bebf53740e9e9fa45278b88",
+                        "0629056f7d4102a08a4b773253d62453445ee91cc17fa1650b40d1bbca216e81",
+                        "07265ea0a06d695ee7d9c432328fa03c9b094156ea4340d655a9bd004f1ec245",
+                        "07f6802aefceb7295163b85221c6edee87eb714f85e898f91b832fd427fcb840",
+                        "13dfcc67efbbd2fbab594ec2f166c3bd606daedbc84e0af9a85aa73e9c365e69",
+                        "15dee18e595c7229866196fb35705cc11d156254302524d128c6de1091070752",
+                        "1a8d546528102cd45980bce71b0159d8a8d50ad877219f2930f64010f3b10de2",
+                        "1b0038caef373a183c07a3432a071d39a6cc6a1382a841176ba755d5f87093c1",
+                        "1e86f351224a048a3e345984bab57e1573c78138af6593db20139cc35c907fe4",
+                        "1f729fb1fd0057f77b71361c6d65d65c9e1634fe5522f0e2eb30d6856c885567",
+                        "261fa852470332ce18fee88de0ee43e701044a086a816e8e4c4fee5abd36feee",
+                        "356a0c3ec22d725e81f8441e61551f112ec136502b533c3eb3ae707345c7d1de",
+                        "3914cb2391b1f4dea8beb1310ad8804b9ab30218808f2fba1b21a7d398473d7c",
+                        "476c6b55260a892b205eca31487a5c9df84972fcfa32e1579ad8cafc4e3ae412",
+                        "47dfc9a17dcf98d70546463ee6744ccd866bb25dcc761a17f6fc80c658360a87",
+                        "4dacfeb76545ad7fd43c89145e504410c257dff11ef64f9bb7dc3d0543474e30",
+                        "555eafa8932f34b79dde787d1e24d049a6cd662a9f79433358c287ecf087c2d2",
+                        "56492e89b6d571e73f85bff04df71d7a120ea0db56e63282372f1e881aecec7c",
+                        "61379474c1ffc0f3905676a35bbd7aeae723cafbd9d009e41e29105b058c12a5",
+                        "623c5e18f10921e6142ff115a750285427aa8e0d5e22b01826a13004471a945e",
+                        "6916e5f854b557f379d37f689c565023e9b998ec33085f7db93c6c118e713856",
+                        "6e191847d61897640fd344288756f5d59ec407e2d82191a80ca61ac1fdcf5ea4",
+                        "792e03a293bd084dae4581bd0d0968771bab2260198ae9921d69208b9cdbe1f8",
+                        "7c6c4b95a8f371197879242621a29b420020f499f2492b299e8f732aca2d9468",
+                        "861a9fe61b65913d45bc9e70f9f0967b0a1d6b8f5e10ca36e64d11f340845a1c"
+                    ],
+                    "host": "tuwypagupeb[.]eu"
+                },
+                {
+                    "hashes": [
+                        "043c264efa0f27d30ebff0d9c3c5239ec02ddf012bebf53740e9e9fa45278b88",
+                        "0629056f7d4102a08a4b773253d62453445ee91cc17fa1650b40d1bbca216e81",
+                        "07265ea0a06d695ee7d9c432328fa03c9b094156ea4340d655a9bd004f1ec245",
+                        "07f6802aefceb7295163b85221c6edee87eb714f85e898f91b832fd427fcb840",
+                        "13dfcc67efbbd2fbab594ec2f166c3bd606daedbc84e0af9a85aa73e9c365e69",
+                        "15dee18e595c7229866196fb35705cc11d156254302524d128c6de1091070752",
+                        "1a8d546528102cd45980bce71b0159d8a8d50ad877219f2930f64010f3b10de2",
+                        "1b0038caef373a183c07a3432a071d39a6cc6a1382a841176ba755d5f87093c1",
+                        "1e86f351224a048a3e345984bab57e1573c78138af6593db20139cc35c907fe4",
+                        "1f729fb1fd0057f77b71361c6d65d65c9e1634fe5522f0e2eb30d6856c885567",
+                        "261fa852470332ce18fee88de0ee43e701044a086a816e8e4c4fee5abd36feee",
+                        "356a0c3ec22d725e81f8441e61551f112ec136502b533c3eb3ae707345c7d1de",
+                        "3914cb2391b1f4dea8beb1310ad8804b9ab30218808f2fba1b21a7d398473d7c",
+                        "476c6b55260a892b205eca31487a5c9df84972fcfa32e1579ad8cafc4e3ae412",
+                        "47dfc9a17dcf98d70546463ee6744ccd866bb25dcc761a17f6fc80c658360a87",
+                        "4dacfeb76545ad7fd43c89145e504410c257dff11ef64f9bb7dc3d0543474e30",
+                        "555eafa8932f34b79dde787d1e24d049a6cd662a9f79433358c287ecf087c2d2",
+                        "56492e89b6d571e73f85bff04df71d7a120ea0db56e63282372f1e881aecec7c",
+                        "61379474c1ffc0f3905676a35bbd7aeae723cafbd9d009e41e29105b058c12a5",
+                        "623c5e18f10921e6142ff115a750285427aa8e0d5e22b01826a13004471a945e",
+                        "6916e5f854b557f379d37f689c565023e9b998ec33085f7db93c6c118e713856",
+                        "6e191847d61897640fd344288756f5d59ec407e2d82191a80ca61ac1fdcf5ea4",
+                        "792e03a293bd084dae4581bd0d0968771bab2260198ae9921d69208b9cdbe1f8",
+                        "7c6c4b95a8f371197879242621a29b420020f499f2492b299e8f732aca2d9468",
+                        "861a9fe61b65913d45bc9e70f9f0967b0a1d6b8f5e10ca36e64d11f340845a1c"
+                    ],
+                    "host": "tunupegirec[.]eu"
+                },
+                {
+                    "hashes": [
+                        "043c264efa0f27d30ebff0d9c3c5239ec02ddf012bebf53740e9e9fa45278b88",
+                        "0629056f7d4102a08a4b773253d62453445ee91cc17fa1650b40d1bbca216e81",
+                        "07265ea0a06d695ee7d9c432328fa03c9b094156ea4340d655a9bd004f1ec245",
+                        "07f6802aefceb7295163b85221c6edee87eb714f85e898f91b832fd427fcb840",
+                        "13dfcc67efbbd2fbab594ec2f166c3bd606daedbc84e0af9a85aa73e9c365e69",
+                        "15dee18e595c7229866196fb35705cc11d156254302524d128c6de1091070752",
+                        "1a8d546528102cd45980bce71b0159d8a8d50ad877219f2930f64010f3b10de2",
+                        "1b0038caef373a183c07a3432a071d39a6cc6a1382a841176ba755d5f87093c1",
+                        "1e86f351224a048a3e345984bab57e1573c78138af6593db20139cc35c907fe4",
+                        "1f729fb1fd0057f77b71361c6d65d65c9e1634fe5522f0e2eb30d6856c885567",
+                        "261fa852470332ce18fee88de0ee43e701044a086a816e8e4c4fee5abd36feee",
+                        "356a0c3ec22d725e81f8441e61551f112ec136502b533c3eb3ae707345c7d1de",
+                        "3914cb2391b1f4dea8beb1310ad8804b9ab30218808f2fba1b21a7d398473d7c",
+                        "476c6b55260a892b205eca31487a5c9df84972fcfa32e1579ad8cafc4e3ae412",
+                        "47dfc9a17dcf98d70546463ee6744ccd866bb25dcc761a17f6fc80c658360a87",
+                        "4dacfeb76545ad7fd43c89145e504410c257dff11ef64f9bb7dc3d0543474e30",
+                        "555eafa8932f34b79dde787d1e24d049a6cd662a9f79433358c287ecf087c2d2",
+                        "56492e89b6d571e73f85bff04df71d7a120ea0db56e63282372f1e881aecec7c",
+                        "61379474c1ffc0f3905676a35bbd7aeae723cafbd9d009e41e29105b058c12a5",
+                        "623c5e18f10921e6142ff115a750285427aa8e0d5e22b01826a13004471a945e",
+                        "6916e5f854b557f379d37f689c565023e9b998ec33085f7db93c6c118e713856",
+                        "6e191847d61897640fd344288756f5d59ec407e2d82191a80ca61ac1fdcf5ea4",
+                        "792e03a293bd084dae4581bd0d0968771bab2260198ae9921d69208b9cdbe1f8",
+                        "7c6c4b95a8f371197879242621a29b420020f499f2492b299e8f732aca2d9468",
+                        "861a9fe61b65913d45bc9e70f9f0967b0a1d6b8f5e10ca36e64d11f340845a1c"
+                    ],
+                    "host": "masafytunux[.]eu"
+                },
+                {
+                    "hashes": [
+                        "043c264efa0f27d30ebff0d9c3c5239ec02ddf012bebf53740e9e9fa45278b88",
+                        "0629056f7d4102a08a4b773253d62453445ee91cc17fa1650b40d1bbca216e81",
+                        "07265ea0a06d695ee7d9c432328fa03c9b094156ea4340d655a9bd004f1ec245",
+                        "07f6802aefceb7295163b85221c6edee87eb714f85e898f91b832fd427fcb840",
+                        "13dfcc67efbbd2fbab594ec2f166c3bd606daedbc84e0af9a85aa73e9c365e69",
+                        "15dee18e595c7229866196fb35705cc11d156254302524d128c6de1091070752",
+                        "1a8d546528102cd45980bce71b0159d8a8d50ad877219f2930f64010f3b10de2",
+                        "1b0038caef373a183c07a3432a071d39a6cc6a1382a841176ba755d5f87093c1",
+                        "1e86f351224a048a3e345984bab57e1573c78138af6593db20139cc35c907fe4",
+                        "1f729fb1fd0057f77b71361c6d65d65c9e1634fe5522f0e2eb30d6856c885567",
+                        "261fa852470332ce18fee88de0ee43e701044a086a816e8e4c4fee5abd36feee",
+                        "356a0c3ec22d725e81f8441e61551f112ec136502b533c3eb3ae707345c7d1de",
+                        "3914cb2391b1f4dea8beb1310ad8804b9ab30218808f2fba1b21a7d398473d7c",
+                        "476c6b55260a892b205eca31487a5c9df84972fcfa32e1579ad8cafc4e3ae412",
+                        "47dfc9a17dcf98d70546463ee6744ccd866bb25dcc761a17f6fc80c658360a87",
+                        "4dacfeb76545ad7fd43c89145e504410c257dff11ef64f9bb7dc3d0543474e30",
+                        "555eafa8932f34b79dde787d1e24d049a6cd662a9f79433358c287ecf087c2d2",
+                        "56492e89b6d571e73f85bff04df71d7a120ea0db56e63282372f1e881aecec7c",
+                        "61379474c1ffc0f3905676a35bbd7aeae723cafbd9d009e41e29105b058c12a5",
+                        "623c5e18f10921e6142ff115a750285427aa8e0d5e22b01826a13004471a945e",
+                        "6916e5f854b557f379d37f689c565023e9b998ec33085f7db93c6c118e713856",
+                        "6e191847d61897640fd344288756f5d59ec407e2d82191a80ca61ac1fdcf5ea4",
+                        "792e03a293bd084dae4581bd0d0968771bab2260198ae9921d69208b9cdbe1f8",
+                        "7c6c4b95a8f371197879242621a29b420020f499f2492b299e8f732aca2d9468",
+                        "861a9fe61b65913d45bc9e70f9f0967b0a1d6b8f5e10ca36e64d11f340845a1c"
+                    ],
+                    "host": "lyruterodiq[.]eu"
+                },
+                {
+                    "hashes": [
+                        "043c264efa0f27d30ebff0d9c3c5239ec02ddf012bebf53740e9e9fa45278b88",
+                        "0629056f7d4102a08a4b773253d62453445ee91cc17fa1650b40d1bbca216e81",
+                        "07265ea0a06d695ee7d9c432328fa03c9b094156ea4340d655a9bd004f1ec245",
+                        "07f6802aefceb7295163b85221c6edee87eb714f85e898f91b832fd427fcb840",
+                        "13dfcc67efbbd2fbab594ec2f166c3bd606daedbc84e0af9a85aa73e9c365e69",
+                        "15dee18e595c7229866196fb35705cc11d156254302524d128c6de1091070752",
+                        "1a8d546528102cd45980bce71b0159d8a8d50ad877219f2930f64010f3b10de2",
+                        "1b0038caef373a183c07a3432a071d39a6cc6a1382a841176ba755d5f87093c1",
+                        "1e86f351224a048a3e345984bab57e1573c78138af6593db20139cc35c907fe4",
+                        "1f729fb1fd0057f77b71361c6d65d65c9e1634fe5522f0e2eb30d6856c885567",
+                        "261fa852470332ce18fee88de0ee43e701044a086a816e8e4c4fee5abd36feee",
+                        "356a0c3ec22d725e81f8441e61551f112ec136502b533c3eb3ae707345c7d1de",
+                        "3914cb2391b1f4dea8beb1310ad8804b9ab30218808f2fba1b21a7d398473d7c",
+                        "476c6b55260a892b205eca31487a5c9df84972fcfa32e1579ad8cafc4e3ae412",
+                        "47dfc9a17dcf98d70546463ee6744ccd866bb25dcc761a17f6fc80c658360a87",
+                        "4dacfeb76545ad7fd43c89145e504410c257dff11ef64f9bb7dc3d0543474e30",
+                        "555eafa8932f34b79dde787d1e24d049a6cd662a9f79433358c287ecf087c2d2",
+                        "56492e89b6d571e73f85bff04df71d7a120ea0db56e63282372f1e881aecec7c",
+                        "61379474c1ffc0f3905676a35bbd7aeae723cafbd9d009e41e29105b058c12a5",
+                        "623c5e18f10921e6142ff115a750285427aa8e0d5e22b01826a13004471a945e",
+                        "6916e5f854b557f379d37f689c565023e9b998ec33085f7db93c6c118e713856",
+                        "6e191847d61897640fd344288756f5d59ec407e2d82191a80ca61ac1fdcf5ea4",
+                        "792e03a293bd084dae4581bd0d0968771bab2260198ae9921d69208b9cdbe1f8",
+                        "7c6c4b95a8f371197879242621a29b420020f499f2492b299e8f732aca2d9468",
+                        "861a9fe61b65913d45bc9e70f9f0967b0a1d6b8f5e10ca36e64d11f340845a1c"
+                    ],
+                    "host": "qegefavipev[.]eu"
+                },
+                {
+                    "hashes": [
+                        "043c264efa0f27d30ebff0d9c3c5239ec02ddf012bebf53740e9e9fa45278b88",
+                        "0629056f7d4102a08a4b773253d62453445ee91cc17fa1650b40d1bbca216e81",
+                        "07265ea0a06d695ee7d9c432328fa03c9b094156ea4340d655a9bd004f1ec245",
+                        "07f6802aefceb7295163b85221c6edee87eb714f85e898f91b832fd427fcb840",
+                        "13dfcc67efbbd2fbab594ec2f166c3bd606daedbc84e0af9a85aa73e9c365e69",
+                        "15dee18e595c7229866196fb35705cc11d156254302524d128c6de1091070752",
+                        "1a8d546528102cd45980bce71b0159d8a8d50ad877219f2930f64010f3b10de2",
+                        "1b0038caef373a183c07a3432a071d39a6cc6a1382a841176ba755d5f87093c1",
+                        "1e86f351224a048a3e345984bab57e1573c78138af6593db20139cc35c907fe4",
+                        "1f729fb1fd0057f77b71361c6d65d65c9e1634fe5522f0e2eb30d6856c885567",
+                        "261fa852470332ce18fee88de0ee43e701044a086a816e8e4c4fee5abd36feee",
+                        "356a0c3ec22d725e81f8441e61551f112ec136502b533c3eb3ae707345c7d1de",
+                        "3914cb2391b1f4dea8beb1310ad8804b9ab30218808f2fba1b21a7d398473d7c",
+                        "476c6b55260a892b205eca31487a5c9df84972fcfa32e1579ad8cafc4e3ae412",
+                        "47dfc9a17dcf98d70546463ee6744ccd866bb25dcc761a17f6fc80c658360a87",
+                        "4dacfeb76545ad7fd43c89145e504410c257dff11ef64f9bb7dc3d0543474e30",
+                        "555eafa8932f34b79dde787d1e24d049a6cd662a9f79433358c287ecf087c2d2",
+                        "56492e89b6d571e73f85bff04df71d7a120ea0db56e63282372f1e881aecec7c",
+                        "61379474c1ffc0f3905676a35bbd7aeae723cafbd9d009e41e29105b058c12a5",
+                        "623c5e18f10921e6142ff115a750285427aa8e0d5e22b01826a13004471a945e",
+                        "6916e5f854b557f379d37f689c565023e9b998ec33085f7db93c6c118e713856",
+                        "6e191847d61897640fd344288756f5d59ec407e2d82191a80ca61ac1fdcf5ea4",
+                        "792e03a293bd084dae4581bd0d0968771bab2260198ae9921d69208b9cdbe1f8",
+                        "7c6c4b95a8f371197879242621a29b420020f499f2492b299e8f732aca2d9468",
+                        "861a9fe61b65913d45bc9e70f9f0967b0a1d6b8f5e10ca36e64d11f340845a1c"
+                    ],
+                    "host": "cilupakuquk[.]eu"
+                },
+                {
+                    "hashes": [
+                        "043c264efa0f27d30ebff0d9c3c5239ec02ddf012bebf53740e9e9fa45278b88",
+                        "0629056f7d4102a08a4b773253d62453445ee91cc17fa1650b40d1bbca216e81",
+                        "07265ea0a06d695ee7d9c432328fa03c9b094156ea4340d655a9bd004f1ec245",
+                        "07f6802aefceb7295163b85221c6edee87eb714f85e898f91b832fd427fcb840",
+                        "13dfcc67efbbd2fbab594ec2f166c3bd606daedbc84e0af9a85aa73e9c365e69",
+                        "15dee18e595c7229866196fb35705cc11d156254302524d128c6de1091070752",
+                        "1a8d546528102cd45980bce71b0159d8a8d50ad877219f2930f64010f3b10de2",
+                        "1b0038caef373a183c07a3432a071d39a6cc6a1382a841176ba755d5f87093c1",
+                        "1e86f351224a048a3e345984bab57e1573c78138af6593db20139cc35c907fe4",
+                        "1f729fb1fd0057f77b71361c6d65d65c9e1634fe5522f0e2eb30d6856c885567",
+                        "261fa852470332ce18fee88de0ee43e701044a086a816e8e4c4fee5abd36feee",
+                        "356a0c3ec22d725e81f8441e61551f112ec136502b533c3eb3ae707345c7d1de",
+                        "3914cb2391b1f4dea8beb1310ad8804b9ab30218808f2fba1b21a7d398473d7c",
+                        "476c6b55260a892b205eca31487a5c9df84972fcfa32e1579ad8cafc4e3ae412",
+                        "47dfc9a17dcf98d70546463ee6744ccd866bb25dcc761a17f6fc80c658360a87",
+                        "4dacfeb76545ad7fd43c89145e504410c257dff11ef64f9bb7dc3d0543474e30",
+                        "555eafa8932f34b79dde787d1e24d049a6cd662a9f79433358c287ecf087c2d2",
+                        "56492e89b6d571e73f85bff04df71d7a120ea0db56e63282372f1e881aecec7c",
+                        "61379474c1ffc0f3905676a35bbd7aeae723cafbd9d009e41e29105b058c12a5",
+                        "623c5e18f10921e6142ff115a750285427aa8e0d5e22b01826a13004471a945e",
+                        "6916e5f854b557f379d37f689c565023e9b998ec33085f7db93c6c118e713856",
+                        "6e191847d61897640fd344288756f5d59ec407e2d82191a80ca61ac1fdcf5ea4",
+                        "792e03a293bd084dae4581bd0d0968771bab2260198ae9921d69208b9cdbe1f8",
+                        "7c6c4b95a8f371197879242621a29b420020f499f2492b299e8f732aca2d9468",
+                        "861a9fe61b65913d45bc9e70f9f0967b0a1d6b8f5e10ca36e64d11f340845a1c"
+                    ],
+                    "host": "ryciqavuqav[.]eu"
+                },
+                {
+                    "hashes": [
+                        "043c264efa0f27d30ebff0d9c3c5239ec02ddf012bebf53740e9e9fa45278b88",
+                        "0629056f7d4102a08a4b773253d62453445ee91cc17fa1650b40d1bbca216e81",
+                        "07265ea0a06d695ee7d9c432328fa03c9b094156ea4340d655a9bd004f1ec245",
+                        "07f6802aefceb7295163b85221c6edee87eb714f85e898f91b832fd427fcb840",
+                        "13dfcc67efbbd2fbab594ec2f166c3bd606daedbc84e0af9a85aa73e9c365e69",
+                        "15dee18e595c7229866196fb35705cc11d156254302524d128c6de1091070752",
+                        "1a8d546528102cd45980bce71b0159d8a8d50ad877219f2930f64010f3b10de2",
+                        "1b0038caef373a183c07a3432a071d39a6cc6a1382a841176ba755d5f87093c1",
+                        "1e86f351224a048a3e345984bab57e1573c78138af6593db20139cc35c907fe4",
+                        "1f729fb1fd0057f77b71361c6d65d65c9e1634fe5522f0e2eb30d6856c885567",
+                        "261fa852470332ce18fee88de0ee43e701044a086a816e8e4c4fee5abd36feee",
+                        "356a0c3ec22d725e81f8441e61551f112ec136502b533c3eb3ae707345c7d1de",
+                        "3914cb2391b1f4dea8beb1310ad8804b9ab30218808f2fba1b21a7d398473d7c",
+                        "476c6b55260a892b205eca31487a5c9df84972fcfa32e1579ad8cafc4e3ae412",
+                        "47dfc9a17dcf98d70546463ee6744ccd866bb25dcc761a17f6fc80c658360a87",
+                        "4dacfeb76545ad7fd43c89145e504410c257dff11ef64f9bb7dc3d0543474e30",
+                        "555eafa8932f34b79dde787d1e24d049a6cd662a9f79433358c287ecf087c2d2",
+                        "56492e89b6d571e73f85bff04df71d7a120ea0db56e63282372f1e881aecec7c",
+                        "61379474c1ffc0f3905676a35bbd7aeae723cafbd9d009e41e29105b058c12a5",
+                        "623c5e18f10921e6142ff115a750285427aa8e0d5e22b01826a13004471a945e",
+                        "6916e5f854b557f379d37f689c565023e9b998ec33085f7db93c6c118e713856",
+                        "6e191847d61897640fd344288756f5d59ec407e2d82191a80ca61ac1fdcf5ea4",
+                        "792e03a293bd084dae4581bd0d0968771bab2260198ae9921d69208b9cdbe1f8",
+                        "7c6c4b95a8f371197879242621a29b420020f499f2492b299e8f732aca2d9468",
+                        "861a9fe61b65913d45bc9e70f9f0967b0a1d6b8f5e10ca36e64d11f340845a1c"
+                    ],
+                    "host": "kerijudacyj[.]eu"
+                },
+                {
+                    "hashes": [
+                        "043c264efa0f27d30ebff0d9c3c5239ec02ddf012bebf53740e9e9fa45278b88",
+                        "0629056f7d4102a08a4b773253d62453445ee91cc17fa1650b40d1bbca216e81",
+                        "07265ea0a06d695ee7d9c432328fa03c9b094156ea4340d655a9bd004f1ec245",
+                        "07f6802aefceb7295163b85221c6edee87eb714f85e898f91b832fd427fcb840",
+                        "13dfcc67efbbd2fbab594ec2f166c3bd606daedbc84e0af9a85aa73e9c365e69",
+                        "15dee18e595c7229866196fb35705cc11d156254302524d128c6de1091070752",
+                        "1a8d546528102cd45980bce71b0159d8a8d50ad877219f2930f64010f3b10de2",
+                        "1b0038caef373a183c07a3432a071d39a6cc6a1382a841176ba755d5f87093c1",
+                        "1e86f351224a048a3e345984bab57e1573c78138af6593db20139cc35c907fe4",
+                        "1f729fb1fd0057f77b71361c6d65d65c9e1634fe5522f0e2eb30d6856c885567",
+                        "261fa852470332ce18fee88de0ee43e701044a086a816e8e4c4fee5abd36feee",
+                        "356a0c3ec22d725e81f8441e61551f112ec136502b533c3eb3ae707345c7d1de",
+                        "3914cb2391b1f4dea8beb1310ad8804b9ab30218808f2fba1b21a7d398473d7c",
+                        "476c6b55260a892b205eca31487a5c9df84972fcfa32e1579ad8cafc4e3ae412",
+                        "47dfc9a17dcf98d70546463ee6744ccd866bb25dcc761a17f6fc80c658360a87",
+                        "4dacfeb76545ad7fd43c89145e504410c257dff11ef64f9bb7dc3d0543474e30",
+                        "555eafa8932f34b79dde787d1e24d049a6cd662a9f79433358c287ecf087c2d2",
+                        "56492e89b6d571e73f85bff04df71d7a120ea0db56e63282372f1e881aecec7c",
+                        "61379474c1ffc0f3905676a35bbd7aeae723cafbd9d009e41e29105b058c12a5",
+                        "623c5e18f10921e6142ff115a750285427aa8e0d5e22b01826a13004471a945e",
+                        "6916e5f854b557f379d37f689c565023e9b998ec33085f7db93c6c118e713856",
+                        "6e191847d61897640fd344288756f5d59ec407e2d82191a80ca61ac1fdcf5ea4",
+                        "792e03a293bd084dae4581bd0d0968771bab2260198ae9921d69208b9cdbe1f8",
+                        "7c6c4b95a8f371197879242621a29b420020f499f2492b299e8f732aca2d9468",
+                        "861a9fe61b65913d45bc9e70f9f0967b0a1d6b8f5e10ca36e64d11f340845a1c"
+                    ],
+                    "host": "pumumagojef[.]eu"
+                },
+                {
+                    "hashes": [
+                        "043c264efa0f27d30ebff0d9c3c5239ec02ddf012bebf53740e9e9fa45278b88",
+                        "0629056f7d4102a08a4b773253d62453445ee91cc17fa1650b40d1bbca216e81",
+                        "07265ea0a06d695ee7d9c432328fa03c9b094156ea4340d655a9bd004f1ec245",
+                        "07f6802aefceb7295163b85221c6edee87eb714f85e898f91b832fd427fcb840",
+                        "13dfcc67efbbd2fbab594ec2f166c3bd606daedbc84e0af9a85aa73e9c365e69",
+                        "15dee18e595c7229866196fb35705cc11d156254302524d128c6de1091070752",
+                        "1a8d546528102cd45980bce71b0159d8a8d50ad877219f2930f64010f3b10de2",
+                        "1b0038caef373a183c07a3432a071d39a6cc6a1382a841176ba755d5f87093c1",
+                        "1e86f351224a048a3e345984bab57e1573c78138af6593db20139cc35c907fe4",
+                        "1f729fb1fd0057f77b71361c6d65d65c9e1634fe5522f0e2eb30d6856c885567",
+                        "261fa852470332ce18fee88de0ee43e701044a086a816e8e4c4fee5abd36feee",
+                        "356a0c3ec22d725e81f8441e61551f112ec136502b533c3eb3ae707345c7d1de",
+                        "3914cb2391b1f4dea8beb1310ad8804b9ab30218808f2fba1b21a7d398473d7c",
+                        "476c6b55260a892b205eca31487a5c9df84972fcfa32e1579ad8cafc4e3ae412",
+                        "47dfc9a17dcf98d70546463ee6744ccd866bb25dcc761a17f6fc80c658360a87",
+                        "4dacfeb76545ad7fd43c89145e504410c257dff11ef64f9bb7dc3d0543474e30",
+                        "555eafa8932f34b79dde787d1e24d049a6cd662a9f79433358c287ecf087c2d2",
+                        "56492e89b6d571e73f85bff04df71d7a120ea0db56e63282372f1e881aecec7c",
+                        "61379474c1ffc0f3905676a35bbd7aeae723cafbd9d009e41e29105b058c12a5",
+                        "623c5e18f10921e6142ff115a750285427aa8e0d5e22b01826a13004471a945e",
+                        "6916e5f854b557f379d37f689c565023e9b998ec33085f7db93c6c118e713856",
+                        "6e191847d61897640fd344288756f5d59ec407e2d82191a80ca61ac1fdcf5ea4",
+                        "792e03a293bd084dae4581bd0d0968771bab2260198ae9921d69208b9cdbe1f8",
+                        "7c6c4b95a8f371197879242621a29b420020f499f2492b299e8f732aca2d9468",
+                        "861a9fe61b65913d45bc9e70f9f0967b0a1d6b8f5e10ca36e64d11f340845a1c"
+                    ],
+                    "host": "jenerunybem[.]eu"
+                },
+                {
+                    "hashes": [
+                        "043c264efa0f27d30ebff0d9c3c5239ec02ddf012bebf53740e9e9fa45278b88",
+                        "0629056f7d4102a08a4b773253d62453445ee91cc17fa1650b40d1bbca216e81",
+                        "07265ea0a06d695ee7d9c432328fa03c9b094156ea4340d655a9bd004f1ec245",
+                        "07f6802aefceb7295163b85221c6edee87eb714f85e898f91b832fd427fcb840",
+                        "13dfcc67efbbd2fbab594ec2f166c3bd606daedbc84e0af9a85aa73e9c365e69",
+                        "15dee18e595c7229866196fb35705cc11d156254302524d128c6de1091070752",
+                        "1a8d546528102cd45980bce71b0159d8a8d50ad877219f2930f64010f3b10de2",
+                        "1b0038caef373a183c07a3432a071d39a6cc6a1382a841176ba755d5f87093c1",
+                        "1e86f351224a048a3e345984bab57e1573c78138af6593db20139cc35c907fe4",
+                        "1f729fb1fd0057f77b71361c6d65d65c9e1634fe5522f0e2eb30d6856c885567",
+                        "261fa852470332ce18fee88de0ee43e701044a086a816e8e4c4fee5abd36feee",
+                        "356a0c3ec22d725e81f8441e61551f112ec136502b533c3eb3ae707345c7d1de",
+                        "3914cb2391b1f4dea8beb1310ad8804b9ab30218808f2fba1b21a7d398473d7c",
+                        "476c6b55260a892b205eca31487a5c9df84972fcfa32e1579ad8cafc4e3ae412",
+                        "47dfc9a17dcf98d70546463ee6744ccd866bb25dcc761a17f6fc80c658360a87",
+                        "4dacfeb76545ad7fd43c89145e504410c257dff11ef64f9bb7dc3d0543474e30",
+                        "555eafa8932f34b79dde787d1e24d049a6cd662a9f79433358c287ecf087c2d2",
+                        "56492e89b6d571e73f85bff04df71d7a120ea0db56e63282372f1e881aecec7c",
+                        "61379474c1ffc0f3905676a35bbd7aeae723cafbd9d009e41e29105b058c12a5",
+                        "623c5e18f10921e6142ff115a750285427aa8e0d5e22b01826a13004471a945e",
+                        "6916e5f854b557f379d37f689c565023e9b998ec33085f7db93c6c118e713856",
+                        "6e191847d61897640fd344288756f5d59ec407e2d82191a80ca61ac1fdcf5ea4",
+                        "792e03a293bd084dae4581bd0d0968771bab2260198ae9921d69208b9cdbe1f8",
+                        "7c6c4b95a8f371197879242621a29b420020f499f2492b299e8f732aca2d9468",
+                        "861a9fe61b65913d45bc9e70f9f0967b0a1d6b8f5e10ca36e64d11f340845a1c"
+                    ],
+                    "host": "fotaqizymig[.]eu"
+                },
+                {
+                    "hashes": [
+                        "043c264efa0f27d30ebff0d9c3c5239ec02ddf012bebf53740e9e9fa45278b88",
+                        "0629056f7d4102a08a4b773253d62453445ee91cc17fa1650b40d1bbca216e81",
+                        "07265ea0a06d695ee7d9c432328fa03c9b094156ea4340d655a9bd004f1ec245",
+                        "07f6802aefceb7295163b85221c6edee87eb714f85e898f91b832fd427fcb840",
+                        "13dfcc67efbbd2fbab594ec2f166c3bd606daedbc84e0af9a85aa73e9c365e69",
+                        "15dee18e595c7229866196fb35705cc11d156254302524d128c6de1091070752",
+                        "1a8d546528102cd45980bce71b0159d8a8d50ad877219f2930f64010f3b10de2",
+                        "1b0038caef373a183c07a3432a071d39a6cc6a1382a841176ba755d5f87093c1",
+                        "1e86f351224a048a3e345984bab57e1573c78138af6593db20139cc35c907fe4",
+                        "1f729fb1fd0057f77b71361c6d65d65c9e1634fe5522f0e2eb30d6856c885567",
+                        "261fa852470332ce18fee88de0ee43e701044a086a816e8e4c4fee5abd36feee",
+                        "356a0c3ec22d725e81f8441e61551f112ec136502b533c3eb3ae707345c7d1de",
+                        "3914cb2391b1f4dea8beb1310ad8804b9ab30218808f2fba1b21a7d398473d7c",
+                        "476c6b55260a892b205eca31487a5c9df84972fcfa32e1579ad8cafc4e3ae412",
+                        "47dfc9a17dcf98d70546463ee6744ccd866bb25dcc761a17f6fc80c658360a87",
+                        "4dacfeb76545ad7fd43c89145e504410c257dff11ef64f9bb7dc3d0543474e30",
+                        "555eafa8932f34b79dde787d1e24d049a6cd662a9f79433358c287ecf087c2d2",
+                        "56492e89b6d571e73f85bff04df71d7a120ea0db56e63282372f1e881aecec7c",
+                        "61379474c1ffc0f3905676a35bbd7aeae723cafbd9d009e41e29105b058c12a5",
+                        "623c5e18f10921e6142ff115a750285427aa8e0d5e22b01826a13004471a945e",
+                        "6916e5f854b557f379d37f689c565023e9b998ec33085f7db93c6c118e713856",
+                        "6e191847d61897640fd344288756f5d59ec407e2d82191a80ca61ac1fdcf5ea4",
+                        "792e03a293bd084dae4581bd0d0968771bab2260198ae9921d69208b9cdbe1f8",
+                        "7c6c4b95a8f371197879242621a29b420020f499f2492b299e8f732aca2d9468",
+                        "861a9fe61b65913d45bc9e70f9f0967b0a1d6b8f5e10ca36e64d11f340845a1c"
+                    ],
+                    "host": "tujajepifyv[.]eu"
+                },
+                {
+                    "hashes": [
+                        "043c264efa0f27d30ebff0d9c3c5239ec02ddf012bebf53740e9e9fa45278b88",
+                        "0629056f7d4102a08a4b773253d62453445ee91cc17fa1650b40d1bbca216e81",
+                        "07265ea0a06d695ee7d9c432328fa03c9b094156ea4340d655a9bd004f1ec245",
+                        "07f6802aefceb7295163b85221c6edee87eb714f85e898f91b832fd427fcb840",
+                        "13dfcc67efbbd2fbab594ec2f166c3bd606daedbc84e0af9a85aa73e9c365e69",
+                        "15dee18e595c7229866196fb35705cc11d156254302524d128c6de1091070752",
+                        "1a8d546528102cd45980bce71b0159d8a8d50ad877219f2930f64010f3b10de2",
+                        "1b0038caef373a183c07a3432a071d39a6cc6a1382a841176ba755d5f87093c1",
+                        "1e86f351224a048a3e345984bab57e1573c78138af6593db20139cc35c907fe4",
+                        "1f729fb1fd0057f77b71361c6d65d65c9e1634fe5522f0e2eb30d6856c885567",
+                        "261fa852470332ce18fee88de0ee43e701044a086a816e8e4c4fee5abd36feee",
+                        "356a0c3ec22d725e81f8441e61551f112ec136502b533c3eb3ae707345c7d1de",
+                        "3914cb2391b1f4dea8beb1310ad8804b9ab30218808f2fba1b21a7d398473d7c",
+                        "476c6b55260a892b205eca31487a5c9df84972fcfa32e1579ad8cafc4e3ae412",
+                        "47dfc9a17dcf98d70546463ee6744ccd866bb25dcc761a17f6fc80c658360a87",
+                        "4dacfeb76545ad7fd43c89145e504410c257dff11ef64f9bb7dc3d0543474e30",
+                        "555eafa8932f34b79dde787d1e24d049a6cd662a9f79433358c287ecf087c2d2",
+                        "56492e89b6d571e73f85bff04df71d7a120ea0db56e63282372f1e881aecec7c",
+                        "61379474c1ffc0f3905676a35bbd7aeae723cafbd9d009e41e29105b058c12a5",
+                        "623c5e18f10921e6142ff115a750285427aa8e0d5e22b01826a13004471a945e",
+                        "6916e5f854b557f379d37f689c565023e9b998ec33085f7db93c6c118e713856",
+                        "6e191847d61897640fd344288756f5d59ec407e2d82191a80ca61ac1fdcf5ea4",
+                        "792e03a293bd084dae4581bd0d0968771bab2260198ae9921d69208b9cdbe1f8",
+                        "7c6c4b95a8f371197879242621a29b420020f499f2492b299e8f732aca2d9468",
+                        "861a9fe61b65913d45bc9e70f9f0967b0a1d6b8f5e10ca36e64d11f340845a1c"
+                    ],
+                    "host": "tuwiqelages[.]eu"
+                },
+                {
+                    "hashes": [
+                        "043c264efa0f27d30ebff0d9c3c5239ec02ddf012bebf53740e9e9fa45278b88",
+                        "0629056f7d4102a08a4b773253d62453445ee91cc17fa1650b40d1bbca216e81",
+                        "07265ea0a06d695ee7d9c432328fa03c9b094156ea4340d655a9bd004f1ec245",
+                        "07f6802aefceb7295163b85221c6edee87eb714f85e898f91b832fd427fcb840",
+                        "13dfcc67efbbd2fbab594ec2f166c3bd606daedbc84e0af9a85aa73e9c365e69",
+                        "15dee18e595c7229866196fb35705cc11d156254302524d128c6de1091070752",
+                        "1a8d546528102cd45980bce71b0159d8a8d50ad877219f2930f64010f3b10de2",
+                        "1b0038caef373a183c07a3432a071d39a6cc6a1382a841176ba755d5f87093c1",
+                        "1e86f351224a048a3e345984bab57e1573c78138af6593db20139cc35c907fe4",
+                        "1f729fb1fd0057f77b71361c6d65d65c9e1634fe5522f0e2eb30d6856c885567",
+                        "261fa852470332ce18fee88de0ee43e701044a086a816e8e4c4fee5abd36feee",
+                        "356a0c3ec22d725e81f8441e61551f112ec136502b533c3eb3ae707345c7d1de",
+                        "3914cb2391b1f4dea8beb1310ad8804b9ab30218808f2fba1b21a7d398473d7c",
+                        "476c6b55260a892b205eca31487a5c9df84972fcfa32e1579ad8cafc4e3ae412",
+                        "47dfc9a17dcf98d70546463ee6744ccd866bb25dcc761a17f6fc80c658360a87",
+                        "4dacfeb76545ad7fd43c89145e504410c257dff11ef64f9bb7dc3d0543474e30",
+                        "555eafa8932f34b79dde787d1e24d049a6cd662a9f79433358c287ecf087c2d2",
+                        "56492e89b6d571e73f85bff04df71d7a120ea0db56e63282372f1e881aecec7c",
+                        "61379474c1ffc0f3905676a35bbd7aeae723cafbd9d009e41e29105b058c12a5",
+                        "623c5e18f10921e6142ff115a750285427aa8e0d5e22b01826a13004471a945e",
+                        "6916e5f854b557f379d37f689c565023e9b998ec33085f7db93c6c118e713856",
+                        "6e191847d61897640fd344288756f5d59ec407e2d82191a80ca61ac1fdcf5ea4",
+                        "792e03a293bd084dae4581bd0d0968771bab2260198ae9921d69208b9cdbe1f8",
+                        "7c6c4b95a8f371197879242621a29b420020f499f2492b299e8f732aca2d9468",
+                        "861a9fe61b65913d45bc9e70f9f0967b0a1d6b8f5e10ca36e64d11f340845a1c"
+                    ],
+                    "host": "nopexifigep[.]eu"
+                },
+                {
+                    "hashes": [
+                        "043c264efa0f27d30ebff0d9c3c5239ec02ddf012bebf53740e9e9fa45278b88",
+                        "0629056f7d4102a08a4b773253d62453445ee91cc17fa1650b40d1bbca216e81",
+                        "07265ea0a06d695ee7d9c432328fa03c9b094156ea4340d655a9bd004f1ec245",
+                        "07f6802aefceb7295163b85221c6edee87eb714f85e898f91b832fd427fcb840",
+                        "13dfcc67efbbd2fbab594ec2f166c3bd606daedbc84e0af9a85aa73e9c365e69",
+                        "15dee18e595c7229866196fb35705cc11d156254302524d128c6de1091070752",
+                        "1a8d546528102cd45980bce71b0159d8a8d50ad877219f2930f64010f3b10de2",
+                        "1b0038caef373a183c07a3432a071d39a6cc6a1382a841176ba755d5f87093c1",
+                        "1e86f351224a048a3e345984bab57e1573c78138af6593db20139cc35c907fe4",
+                        "1f729fb1fd0057f77b71361c6d65d65c9e1634fe5522f0e2eb30d6856c885567",
+                        "261fa852470332ce18fee88de0ee43e701044a086a816e8e4c4fee5abd36feee",
+                        "356a0c3ec22d725e81f8441e61551f112ec136502b533c3eb3ae707345c7d1de",
+                        "3914cb2391b1f4dea8beb1310ad8804b9ab30218808f2fba1b21a7d398473d7c",
+                        "476c6b55260a892b205eca31487a5c9df84972fcfa32e1579ad8cafc4e3ae412",
+                        "47dfc9a17dcf98d70546463ee6744ccd866bb25dcc761a17f6fc80c658360a87",
+                        "4dacfeb76545ad7fd43c89145e504410c257dff11ef64f9bb7dc3d0543474e30",
+                        "555eafa8932f34b79dde787d1e24d049a6cd662a9f79433358c287ecf087c2d2",
+                        "56492e89b6d571e73f85bff04df71d7a120ea0db56e63282372f1e881aecec7c",
+                        "61379474c1ffc0f3905676a35bbd7aeae723cafbd9d009e41e29105b058c12a5",
+                        "623c5e18f10921e6142ff115a750285427aa8e0d5e22b01826a13004471a945e",
+                        "6916e5f854b557f379d37f689c565023e9b998ec33085f7db93c6c118e713856",
+                        "6e191847d61897640fd344288756f5d59ec407e2d82191a80ca61ac1fdcf5ea4",
+                        "792e03a293bd084dae4581bd0d0968771bab2260198ae9921d69208b9cdbe1f8",
+                        "7c6c4b95a8f371197879242621a29b420020f499f2492b299e8f732aca2d9468",
+                        "861a9fe61b65913d45bc9e70f9f0967b0a1d6b8f5e10ca36e64d11f340845a1c"
+                    ],
+                    "host": "gatykibojig[.]eu"
+                },
+                {
+                    "hashes": [
+                        "043c264efa0f27d30ebff0d9c3c5239ec02ddf012bebf53740e9e9fa45278b88",
+                        "0629056f7d4102a08a4b773253d62453445ee91cc17fa1650b40d1bbca216e81",
+                        "07265ea0a06d695ee7d9c432328fa03c9b094156ea4340d655a9bd004f1ec245",
+                        "07f6802aefceb7295163b85221c6edee87eb714f85e898f91b832fd427fcb840",
+                        "13dfcc67efbbd2fbab594ec2f166c3bd606daedbc84e0af9a85aa73e9c365e69",
+                        "15dee18e595c7229866196fb35705cc11d156254302524d128c6de1091070752",
+                        "1a8d546528102cd45980bce71b0159d8a8d50ad877219f2930f64010f3b10de2",
+                        "1b0038caef373a183c07a3432a071d39a6cc6a1382a841176ba755d5f87093c1",
+                        "1e86f351224a048a3e345984bab57e1573c78138af6593db20139cc35c907fe4",
+                        "1f729fb1fd0057f77b71361c6d65d65c9e1634fe5522f0e2eb30d6856c885567",
+                        "261fa852470332ce18fee88de0ee43e701044a086a816e8e4c4fee5abd36feee",
+                        "356a0c3ec22d725e81f8441e61551f112ec136502b533c3eb3ae707345c7d1de",
+                        "3914cb2391b1f4dea8beb1310ad8804b9ab30218808f2fba1b21a7d398473d7c",
+                        "476c6b55260a892b205eca31487a5c9df84972fcfa32e1579ad8cafc4e3ae412",
+                        "47dfc9a17dcf98d70546463ee6744ccd866bb25dcc761a17f6fc80c658360a87",
+                        "4dacfeb76545ad7fd43c89145e504410c257dff11ef64f9bb7dc3d0543474e30",
+                        "555eafa8932f34b79dde787d1e24d049a6cd662a9f79433358c287ecf087c2d2",
+                        "56492e89b6d571e73f85bff04df71d7a120ea0db56e63282372f1e881aecec7c",
+                        "61379474c1ffc0f3905676a35bbd7aeae723cafbd9d009e41e29105b058c12a5",
+                        "623c5e18f10921e6142ff115a750285427aa8e0d5e22b01826a13004471a945e",
+                        "6916e5f854b557f379d37f689c565023e9b998ec33085f7db93c6c118e713856",
+                        "6e191847d61897640fd344288756f5d59ec407e2d82191a80ca61ac1fdcf5ea4",
+                        "792e03a293bd084dae4581bd0d0968771bab2260198ae9921d69208b9cdbe1f8",
+                        "7c6c4b95a8f371197879242621a29b420020f499f2492b299e8f732aca2d9468",
+                        "861a9fe61b65913d45bc9e70f9f0967b0a1d6b8f5e10ca36e64d11f340845a1c"
+                    ],
+                    "host": "disumesenyv[.]eu"
+                },
+                {
+                    "hashes": [
+                        "043c264efa0f27d30ebff0d9c3c5239ec02ddf012bebf53740e9e9fa45278b88",
+                        "0629056f7d4102a08a4b773253d62453445ee91cc17fa1650b40d1bbca216e81",
+                        "07265ea0a06d695ee7d9c432328fa03c9b094156ea4340d655a9bd004f1ec245",
+                        "07f6802aefceb7295163b85221c6edee87eb714f85e898f91b832fd427fcb840",
+                        "13dfcc67efbbd2fbab594ec2f166c3bd606daedbc84e0af9a85aa73e9c365e69",
+                        "15dee18e595c7229866196fb35705cc11d156254302524d128c6de1091070752",
+                        "1a8d546528102cd45980bce71b0159d8a8d50ad877219f2930f64010f3b10de2",
+                        "1b0038caef373a183c07a3432a071d39a6cc6a1382a841176ba755d5f87093c1",
+                        "1e86f351224a048a3e345984bab57e1573c78138af6593db20139cc35c907fe4",
+                        "1f729fb1fd0057f77b71361c6d65d65c9e1634fe5522f0e2eb30d6856c885567",
+                        "261fa852470332ce18fee88de0ee43e701044a086a816e8e4c4fee5abd36feee",
+                        "356a0c3ec22d725e81f8441e61551f112ec136502b533c3eb3ae707345c7d1de",
+                        "3914cb2391b1f4dea8beb1310ad8804b9ab30218808f2fba1b21a7d398473d7c",
+                        "476c6b55260a892b205eca31487a5c9df84972fcfa32e1579ad8cafc4e3ae412",
+                        "47dfc9a17dcf98d70546463ee6744ccd866bb25dcc761a17f6fc80c658360a87",
+                        "4dacfeb76545ad7fd43c89145e504410c257dff11ef64f9bb7dc3d0543474e30",
+                        "555eafa8932f34b79dde787d1e24d049a6cd662a9f79433358c287ecf087c2d2",
+                        "56492e89b6d571e73f85bff04df71d7a120ea0db56e63282372f1e881aecec7c",
+                        "61379474c1ffc0f3905676a35bbd7aeae723cafbd9d009e41e29105b058c12a5",
+                        "623c5e18f10921e6142ff115a750285427aa8e0d5e22b01826a13004471a945e",
+                        "6916e5f854b557f379d37f689c565023e9b998ec33085f7db93c6c118e713856",
+                        "6e191847d61897640fd344288756f5d59ec407e2d82191a80ca61ac1fdcf5ea4",
+                        "792e03a293bd084dae4581bd0d0968771bab2260198ae9921d69208b9cdbe1f8",
+                        "7c6c4b95a8f371197879242621a29b420020f499f2492b299e8f732aca2d9468",
+                        "861a9fe61b65913d45bc9e70f9f0967b0a1d6b8f5e10ca36e64d11f340845a1c"
+                    ],
+                    "host": "jenujoxojug[.]eu"
+                },
+                {
+                    "hashes": [
+                        "043c264efa0f27d30ebff0d9c3c5239ec02ddf012bebf53740e9e9fa45278b88",
+                        "0629056f7d4102a08a4b773253d62453445ee91cc17fa1650b40d1bbca216e81",
+                        "07265ea0a06d695ee7d9c432328fa03c9b094156ea4340d655a9bd004f1ec245",
+                        "07f6802aefceb7295163b85221c6edee87eb714f85e898f91b832fd427fcb840",
+                        "13dfcc67efbbd2fbab594ec2f166c3bd606daedbc84e0af9a85aa73e9c365e69",
+                        "15dee18e595c7229866196fb35705cc11d156254302524d128c6de1091070752",
+                        "1a8d546528102cd45980bce71b0159d8a8d50ad877219f2930f64010f3b10de2",
+                        "1b0038caef373a183c07a3432a071d39a6cc6a1382a841176ba755d5f87093c1",
+                        "1e86f351224a048a3e345984bab57e1573c78138af6593db20139cc35c907fe4",
+                        "1f729fb1fd0057f77b71361c6d65d65c9e1634fe5522f0e2eb30d6856c885567",
+                        "261fa852470332ce18fee88de0ee43e701044a086a816e8e4c4fee5abd36feee",
+                        "356a0c3ec22d725e81f8441e61551f112ec136502b533c3eb3ae707345c7d1de",
+                        "3914cb2391b1f4dea8beb1310ad8804b9ab30218808f2fba1b21a7d398473d7c",
+                        "476c6b55260a892b205eca31487a5c9df84972fcfa32e1579ad8cafc4e3ae412",
+                        "47dfc9a17dcf98d70546463ee6744ccd866bb25dcc761a17f6fc80c658360a87",
+                        "4dacfeb76545ad7fd43c89145e504410c257dff11ef64f9bb7dc3d0543474e30",
+                        "555eafa8932f34b79dde787d1e24d049a6cd662a9f79433358c287ecf087c2d2",
+                        "56492e89b6d571e73f85bff04df71d7a120ea0db56e63282372f1e881aecec7c",
+                        "61379474c1ffc0f3905676a35bbd7aeae723cafbd9d009e41e29105b058c12a5",
+                        "623c5e18f10921e6142ff115a750285427aa8e0d5e22b01826a13004471a945e",
+                        "6916e5f854b557f379d37f689c565023e9b998ec33085f7db93c6c118e713856",
+                        "6e191847d61897640fd344288756f5d59ec407e2d82191a80ca61ac1fdcf5ea4",
+                        "792e03a293bd084dae4581bd0d0968771bab2260198ae9921d69208b9cdbe1f8",
+                        "7c6c4b95a8f371197879242621a29b420020f499f2492b299e8f732aca2d9468",
+                        "861a9fe61b65913d45bc9e70f9f0967b0a1d6b8f5e10ca36e64d11f340845a1c"
+                    ],
+                    "host": "dikiwewutav[.]eu"
+                },
+                {
+                    "hashes": [
+                        "043c264efa0f27d30ebff0d9c3c5239ec02ddf012bebf53740e9e9fa45278b88",
+                        "0629056f7d4102a08a4b773253d62453445ee91cc17fa1650b40d1bbca216e81",
+                        "07265ea0a06d695ee7d9c432328fa03c9b094156ea4340d655a9bd004f1ec245",
+                        "07f6802aefceb7295163b85221c6edee87eb714f85e898f91b832fd427fcb840",
+                        "13dfcc67efbbd2fbab594ec2f166c3bd606daedbc84e0af9a85aa73e9c365e69",
+                        "15dee18e595c7229866196fb35705cc11d156254302524d128c6de1091070752",
+                        "1a8d546528102cd45980bce71b0159d8a8d50ad877219f2930f64010f3b10de2",
+                        "1b0038caef373a183c07a3432a071d39a6cc6a1382a841176ba755d5f87093c1",
+                        "1e86f351224a048a3e345984bab57e1573c78138af6593db20139cc35c907fe4",
+                        "1f729fb1fd0057f77b71361c6d65d65c9e1634fe5522f0e2eb30d6856c885567",
+                        "261fa852470332ce18fee88de0ee43e701044a086a816e8e4c4fee5abd36feee",
+                        "356a0c3ec22d725e81f8441e61551f112ec136502b533c3eb3ae707345c7d1de",
+                        "3914cb2391b1f4dea8beb1310ad8804b9ab30218808f2fba1b21a7d398473d7c",
+                        "476c6b55260a892b205eca31487a5c9df84972fcfa32e1579ad8cafc4e3ae412",
+                        "47dfc9a17dcf98d70546463ee6744ccd866bb25dcc761a17f6fc80c658360a87",
+                        "4dacfeb76545ad7fd43c89145e504410c257dff11ef64f9bb7dc3d0543474e30",
+                        "555eafa8932f34b79dde787d1e24d049a6cd662a9f79433358c287ecf087c2d2",
+                        "56492e89b6d571e73f85bff04df71d7a120ea0db56e63282372f1e881aecec7c",
+                        "61379474c1ffc0f3905676a35bbd7aeae723cafbd9d009e41e29105b058c12a5",
+                        "623c5e18f10921e6142ff115a750285427aa8e0d5e22b01826a13004471a945e",
+                        "6916e5f854b557f379d37f689c565023e9b998ec33085f7db93c6c118e713856",
+                        "6e191847d61897640fd344288756f5d59ec407e2d82191a80ca61ac1fdcf5ea4",
+                        "792e03a293bd084dae4581bd0d0968771bab2260198ae9921d69208b9cdbe1f8",
+                        "7c6c4b95a8f371197879242621a29b420020f499f2492b299e8f732aca2d9468",
+                        "861a9fe61b65913d45bc9e70f9f0967b0a1d6b8f5e10ca36e64d11f340845a1c"
+                    ],
+                    "host": "kepolonavit[.]eu"
+                },
+                {
+                    "hashes": [
+                        "043c264efa0f27d30ebff0d9c3c5239ec02ddf012bebf53740e9e9fa45278b88",
+                        "0629056f7d4102a08a4b773253d62453445ee91cc17fa1650b40d1bbca216e81",
+                        "07265ea0a06d695ee7d9c432328fa03c9b094156ea4340d655a9bd004f1ec245",
+                        "07f6802aefceb7295163b85221c6edee87eb714f85e898f91b832fd427fcb840",
+                        "13dfcc67efbbd2fbab594ec2f166c3bd606daedbc84e0af9a85aa73e9c365e69",
+                        "15dee18e595c7229866196fb35705cc11d156254302524d128c6de1091070752",
+                        "1a8d546528102cd45980bce71b0159d8a8d50ad877219f2930f64010f3b10de2",
+                        "1b0038caef373a183c07a3432a071d39a6cc6a1382a841176ba755d5f87093c1",
+                        "1e86f351224a048a3e345984bab57e1573c78138af6593db20139cc35c907fe4",
+                        "1f729fb1fd0057f77b71361c6d65d65c9e1634fe5522f0e2eb30d6856c885567",
+                        "261fa852470332ce18fee88de0ee43e701044a086a816e8e4c4fee5abd36feee",
+                        "356a0c3ec22d725e81f8441e61551f112ec136502b533c3eb3ae707345c7d1de",
+                        "3914cb2391b1f4dea8beb1310ad8804b9ab30218808f2fba1b21a7d398473d7c",
+                        "476c6b55260a892b205eca31487a5c9df84972fcfa32e1579ad8cafc4e3ae412",
+                        "47dfc9a17dcf98d70546463ee6744ccd866bb25dcc761a17f6fc80c658360a87",
+                        "4dacfeb76545ad7fd43c89145e504410c257dff11ef64f9bb7dc3d0543474e30",
+                        "555eafa8932f34b79dde787d1e24d049a6cd662a9f79433358c287ecf087c2d2",
+                        "56492e89b6d571e73f85bff04df71d7a120ea0db56e63282372f1e881aecec7c",
+                        "61379474c1ffc0f3905676a35bbd7aeae723cafbd9d009e41e29105b058c12a5",
+                        "623c5e18f10921e6142ff115a750285427aa8e0d5e22b01826a13004471a945e",
+                        "6916e5f854b557f379d37f689c565023e9b998ec33085f7db93c6c118e713856",
+                        "6e191847d61897640fd344288756f5d59ec407e2d82191a80ca61ac1fdcf5ea4",
+                        "792e03a293bd084dae4581bd0d0968771bab2260198ae9921d69208b9cdbe1f8",
+                        "7c6c4b95a8f371197879242621a29b420020f499f2492b299e8f732aca2d9468",
+                        "861a9fe61b65913d45bc9e70f9f0967b0a1d6b8f5e10ca36e64d11f340845a1c"
+                    ],
+                    "host": "jejubyrexeq[.]eu"
+                },
+                {
+                    "hashes": [
+                        "043c264efa0f27d30ebff0d9c3c5239ec02ddf012bebf53740e9e9fa45278b88",
+                        "0629056f7d4102a08a4b773253d62453445ee91cc17fa1650b40d1bbca216e81",
+                        "07265ea0a06d695ee7d9c432328fa03c9b094156ea4340d655a9bd004f1ec245",
+                        "07f6802aefceb7295163b85221c6edee87eb714f85e898f91b832fd427fcb840",
+                        "13dfcc67efbbd2fbab594ec2f166c3bd606daedbc84e0af9a85aa73e9c365e69",
+                        "15dee18e595c7229866196fb35705cc11d156254302524d128c6de1091070752",
+                        "1a8d546528102cd45980bce71b0159d8a8d50ad877219f2930f64010f3b10de2",
+                        "1b0038caef373a183c07a3432a071d39a6cc6a1382a841176ba755d5f87093c1",
+                        "1e86f351224a048a3e345984bab57e1573c78138af6593db20139cc35c907fe4",
+                        "1f729fb1fd0057f77b71361c6d65d65c9e1634fe5522f0e2eb30d6856c885567",
+                        "261fa852470332ce18fee88de0ee43e701044a086a816e8e4c4fee5abd36feee",
+                        "356a0c3ec22d725e81f8441e61551f112ec136502b533c3eb3ae707345c7d1de",
+                        "3914cb2391b1f4dea8beb1310ad8804b9ab30218808f2fba1b21a7d398473d7c",
+                        "476c6b55260a892b205eca31487a5c9df84972fcfa32e1579ad8cafc4e3ae412",
+                        "47dfc9a17dcf98d70546463ee6744ccd866bb25dcc761a17f6fc80c658360a87",
+                        "4dacfeb76545ad7fd43c89145e504410c257dff11ef64f9bb7dc3d0543474e30",
+                        "555eafa8932f34b79dde787d1e24d049a6cd662a9f79433358c287ecf087c2d2",
+                        "56492e89b6d571e73f85bff04df71d7a120ea0db56e63282372f1e881aecec7c",
+                        "61379474c1ffc0f3905676a35bbd7aeae723cafbd9d009e41e29105b058c12a5",
+                        "623c5e18f10921e6142ff115a750285427aa8e0d5e22b01826a13004471a945e",
+                        "6916e5f854b557f379d37f689c565023e9b998ec33085f7db93c6c118e713856",
+                        "6e191847d61897640fd344288756f5d59ec407e2d82191a80ca61ac1fdcf5ea4",
+                        "792e03a293bd084dae4581bd0d0968771bab2260198ae9921d69208b9cdbe1f8",
+                        "7c6c4b95a8f371197879242621a29b420020f499f2492b299e8f732aca2d9468",
+                        "861a9fe61b65913d45bc9e70f9f0967b0a1d6b8f5e10ca36e64d11f340845a1c"
+                    ],
+                    "host": "puvacigakog[.]eu"
+                },
+                {
+                    "hashes": [
+                        "043c264efa0f27d30ebff0d9c3c5239ec02ddf012bebf53740e9e9fa45278b88",
+                        "0629056f7d4102a08a4b773253d62453445ee91cc17fa1650b40d1bbca216e81",
+                        "07265ea0a06d695ee7d9c432328fa03c9b094156ea4340d655a9bd004f1ec245",
+                        "07f6802aefceb7295163b85221c6edee87eb714f85e898f91b832fd427fcb840",
+                        "13dfcc67efbbd2fbab594ec2f166c3bd606daedbc84e0af9a85aa73e9c365e69",
+                        "15dee18e595c7229866196fb35705cc11d156254302524d128c6de1091070752",
+                        "1a8d546528102cd45980bce71b0159d8a8d50ad877219f2930f64010f3b10de2",
+                        "1b0038caef373a183c07a3432a071d39a6cc6a1382a841176ba755d5f87093c1",
+                        "1e86f351224a048a3e345984bab57e1573c78138af6593db20139cc35c907fe4",
+                        "1f729fb1fd0057f77b71361c6d65d65c9e1634fe5522f0e2eb30d6856c885567",
+                        "261fa852470332ce18fee88de0ee43e701044a086a816e8e4c4fee5abd36feee",
+                        "356a0c3ec22d725e81f8441e61551f112ec136502b533c3eb3ae707345c7d1de",
+                        "3914cb2391b1f4dea8beb1310ad8804b9ab30218808f2fba1b21a7d398473d7c",
+                        "476c6b55260a892b205eca31487a5c9df84972fcfa32e1579ad8cafc4e3ae412",
+                        "47dfc9a17dcf98d70546463ee6744ccd866bb25dcc761a17f6fc80c658360a87",
+                        "4dacfeb76545ad7fd43c89145e504410c257dff11ef64f9bb7dc3d0543474e30",
+                        "555eafa8932f34b79dde787d1e24d049a6cd662a9f79433358c287ecf087c2d2",
+                        "56492e89b6d571e73f85bff04df71d7a120ea0db56e63282372f1e881aecec7c",
+                        "61379474c1ffc0f3905676a35bbd7aeae723cafbd9d009e41e29105b058c12a5",
+                        "623c5e18f10921e6142ff115a750285427aa8e0d5e22b01826a13004471a945e",
+                        "6916e5f854b557f379d37f689c565023e9b998ec33085f7db93c6c118e713856",
+                        "6e191847d61897640fd344288756f5d59ec407e2d82191a80ca61ac1fdcf5ea4",
+                        "792e03a293bd084dae4581bd0d0968771bab2260198ae9921d69208b9cdbe1f8",
+                        "7c6c4b95a8f371197879242621a29b420020f499f2492b299e8f732aca2d9468",
+                        "861a9fe61b65913d45bc9e70f9f0967b0a1d6b8f5e10ca36e64d11f340845a1c"
+                    ],
+                    "host": "maxilumiriz[.]eu"
+                },
+                {
+                    "hashes": [
+                        "043c264efa0f27d30ebff0d9c3c5239ec02ddf012bebf53740e9e9fa45278b88",
+                        "0629056f7d4102a08a4b773253d62453445ee91cc17fa1650b40d1bbca216e81",
+                        "07265ea0a06d695ee7d9c432328fa03c9b094156ea4340d655a9bd004f1ec245",
+                        "07f6802aefceb7295163b85221c6edee87eb714f85e898f91b832fd427fcb840",
+                        "13dfcc67efbbd2fbab594ec2f166c3bd606daedbc84e0af9a85aa73e9c365e69",
+                        "15dee18e595c7229866196fb35705cc11d156254302524d128c6de1091070752",
+                        "1a8d546528102cd45980bce71b0159d8a8d50ad877219f2930f64010f3b10de2",
+                        "1b0038caef373a183c07a3432a071d39a6cc6a1382a841176ba755d5f87093c1",
+                        "1e86f351224a048a3e345984bab57e1573c78138af6593db20139cc35c907fe4",
+                        "1f729fb1fd0057f77b71361c6d65d65c9e1634fe5522f0e2eb30d6856c885567",
+                        "261fa852470332ce18fee88de0ee43e701044a086a816e8e4c4fee5abd36feee",
+                        "356a0c3ec22d725e81f8441e61551f112ec136502b533c3eb3ae707345c7d1de",
+                        "3914cb2391b1f4dea8beb1310ad8804b9ab30218808f2fba1b21a7d398473d7c",
+                        "476c6b55260a892b205eca31487a5c9df84972fcfa32e1579ad8cafc4e3ae412",
+                        "47dfc9a17dcf98d70546463ee6744ccd866bb25dcc761a17f6fc80c658360a87",
+                        "4dacfeb76545ad7fd43c89145e504410c257dff11ef64f9bb7dc3d0543474e30",
+                        "555eafa8932f34b79dde787d1e24d049a6cd662a9f79433358c287ecf087c2d2",
+                        "56492e89b6d571e73f85bff04df71d7a120ea0db56e63282372f1e881aecec7c",
+                        "61379474c1ffc0f3905676a35bbd7aeae723cafbd9d009e41e29105b058c12a5",
+                        "623c5e18f10921e6142ff115a750285427aa8e0d5e22b01826a13004471a945e",
+                        "6916e5f854b557f379d37f689c565023e9b998ec33085f7db93c6c118e713856",
+                        "6e191847d61897640fd344288756f5d59ec407e2d82191a80ca61ac1fdcf5ea4",
+                        "792e03a293bd084dae4581bd0d0968771bab2260198ae9921d69208b9cdbe1f8",
+                        "7c6c4b95a8f371197879242621a29b420020f499f2492b299e8f732aca2d9468",
+                        "861a9fe61b65913d45bc9e70f9f0967b0a1d6b8f5e10ca36e64d11f340845a1c"
+                    ],
+                    "host": "tujizipipiz[.]eu"
+                },
+                {
+                    "hashes": [
+                        "043c264efa0f27d30ebff0d9c3c5239ec02ddf012bebf53740e9e9fa45278b88",
+                        "0629056f7d4102a08a4b773253d62453445ee91cc17fa1650b40d1bbca216e81",
+                        "07265ea0a06d695ee7d9c432328fa03c9b094156ea4340d655a9bd004f1ec245",
+                        "07f6802aefceb7295163b85221c6edee87eb714f85e898f91b832fd427fcb840",
+                        "13dfcc67efbbd2fbab594ec2f166c3bd606daedbc84e0af9a85aa73e9c365e69",
+                        "15dee18e595c7229866196fb35705cc11d156254302524d128c6de1091070752",
+                        "1a8d546528102cd45980bce71b0159d8a8d50ad877219f2930f64010f3b10de2",
+                        "1b0038caef373a183c07a3432a071d39a6cc6a1382a841176ba755d5f87093c1",
+                        "1e86f351224a048a3e345984bab57e1573c78138af6593db20139cc35c907fe4",
+                        "1f729fb1fd0057f77b71361c6d65d65c9e1634fe5522f0e2eb30d6856c885567",
+                        "261fa852470332ce18fee88de0ee43e701044a086a816e8e4c4fee5abd36feee",
+                        "356a0c3ec22d725e81f8441e61551f112ec136502b533c3eb3ae707345c7d1de",
+                        "3914cb2391b1f4dea8beb1310ad8804b9ab30218808f2fba1b21a7d398473d7c",
+                        "476c6b55260a892b205eca31487a5c9df84972fcfa32e1579ad8cafc4e3ae412",
+                        "47dfc9a17dcf98d70546463ee6744ccd866bb25dcc761a17f6fc80c658360a87",
+                        "4dacfeb76545ad7fd43c89145e504410c257dff11ef64f9bb7dc3d0543474e30",
+                        "555eafa8932f34b79dde787d1e24d049a6cd662a9f79433358c287ecf087c2d2",
+                        "56492e89b6d571e73f85bff04df71d7a120ea0db56e63282372f1e881aecec7c",
+                        "61379474c1ffc0f3905676a35bbd7aeae723cafbd9d009e41e29105b058c12a5",
+                        "623c5e18f10921e6142ff115a750285427aa8e0d5e22b01826a13004471a945e",
+                        "6916e5f854b557f379d37f689c565023e9b998ec33085f7db93c6c118e713856",
+                        "6e191847d61897640fd344288756f5d59ec407e2d82191a80ca61ac1fdcf5ea4",
+                        "792e03a293bd084dae4581bd0d0968771bab2260198ae9921d69208b9cdbe1f8",
+                        "7c6c4b95a8f371197879242621a29b420020f499f2492b299e8f732aca2d9468",
+                        "861a9fe61b65913d45bc9e70f9f0967b0a1d6b8f5e10ca36e64d11f340845a1c"
+                    ],
+                    "host": "qekafuqafit[.]eu"
+                },
+                {
+                    "hashes": [
+                        "043c264efa0f27d30ebff0d9c3c5239ec02ddf012bebf53740e9e9fa45278b88",
+                        "0629056f7d4102a08a4b773253d62453445ee91cc17fa1650b40d1bbca216e81",
+                        "07265ea0a06d695ee7d9c432328fa03c9b094156ea4340d655a9bd004f1ec245",
+                        "07f6802aefceb7295163b85221c6edee87eb714f85e898f91b832fd427fcb840",
+                        "13dfcc67efbbd2fbab594ec2f166c3bd606daedbc84e0af9a85aa73e9c365e69",
+                        "15dee18e595c7229866196fb35705cc11d156254302524d128c6de1091070752",
+                        "1a8d546528102cd45980bce71b0159d8a8d50ad877219f2930f64010f3b10de2",
+                        "1b0038caef373a183c07a3432a071d39a6cc6a1382a841176ba755d5f87093c1",
+                        "1e86f351224a048a3e345984bab57e1573c78138af6593db20139cc35c907fe4",
+                        "1f729fb1fd0057f77b71361c6d65d65c9e1634fe5522f0e2eb30d6856c885567",
+                        "261fa852470332ce18fee88de0ee43e701044a086a816e8e4c4fee5abd36feee",
+                        "356a0c3ec22d725e81f8441e61551f112ec136502b533c3eb3ae707345c7d1de",
+                        "3914cb2391b1f4dea8beb1310ad8804b9ab30218808f2fba1b21a7d398473d7c",
+                        "476c6b55260a892b205eca31487a5c9df84972fcfa32e1579ad8cafc4e3ae412",
+                        "47dfc9a17dcf98d70546463ee6744ccd866bb25dcc761a17f6fc80c658360a87",
+                        "4dacfeb76545ad7fd43c89145e504410c257dff11ef64f9bb7dc3d0543474e30",
+                        "555eafa8932f34b79dde787d1e24d049a6cd662a9f79433358c287ecf087c2d2",
+                        "56492e89b6d571e73f85bff04df71d7a120ea0db56e63282372f1e881aecec7c",
+                        "61379474c1ffc0f3905676a35bbd7aeae723cafbd9d009e41e29105b058c12a5",
+                        "623c5e18f10921e6142ff115a750285427aa8e0d5e22b01826a13004471a945e",
+                        "6916e5f854b557f379d37f689c565023e9b998ec33085f7db93c6c118e713856",
+                        "6e191847d61897640fd344288756f5d59ec407e2d82191a80ca61ac1fdcf5ea4",
+                        "792e03a293bd084dae4581bd0d0968771bab2260198ae9921d69208b9cdbe1f8",
+                        "7c6c4b95a8f371197879242621a29b420020f499f2492b299e8f732aca2d9468",
+                        "861a9fe61b65913d45bc9e70f9f0967b0a1d6b8f5e10ca36e64d11f340845a1c"
+                    ],
+                    "host": "nofyjikoxex[.]eu"
+                },
+                {
+                    "hashes": [
+                        "043c264efa0f27d30ebff0d9c3c5239ec02ddf012bebf53740e9e9fa45278b88",
+                        "0629056f7d4102a08a4b773253d62453445ee91cc17fa1650b40d1bbca216e81",
+                        "07265ea0a06d695ee7d9c432328fa03c9b094156ea4340d655a9bd004f1ec245",
+                        "07f6802aefceb7295163b85221c6edee87eb714f85e898f91b832fd427fcb840",
+                        "13dfcc67efbbd2fbab594ec2f166c3bd606daedbc84e0af9a85aa73e9c365e69",
+                        "15dee18e595c7229866196fb35705cc11d156254302524d128c6de1091070752",
+                        "1a8d546528102cd45980bce71b0159d8a8d50ad877219f2930f64010f3b10de2",
+                        "1b0038caef373a183c07a3432a071d39a6cc6a1382a841176ba755d5f87093c1",
+                        "1e86f351224a048a3e345984bab57e1573c78138af6593db20139cc35c907fe4",
+                        "1f729fb1fd0057f77b71361c6d65d65c9e1634fe5522f0e2eb30d6856c885567",
+                        "261fa852470332ce18fee88de0ee43e701044a086a816e8e4c4fee5abd36feee",
+                        "356a0c3ec22d725e81f8441e61551f112ec136502b533c3eb3ae707345c7d1de",
+                        "3914cb2391b1f4dea8beb1310ad8804b9ab30218808f2fba1b21a7d398473d7c",
+                        "476c6b55260a892b205eca31487a5c9df84972fcfa32e1579ad8cafc4e3ae412",
+                        "47dfc9a17dcf98d70546463ee6744ccd866bb25dcc761a17f6fc80c658360a87",
+                        "4dacfeb76545ad7fd43c89145e504410c257dff11ef64f9bb7dc3d0543474e30",
+                        "555eafa8932f34b79dde787d1e24d049a6cd662a9f79433358c287ecf087c2d2",
+                        "56492e89b6d571e73f85bff04df71d7a120ea0db56e63282372f1e881aecec7c",
+                        "61379474c1ffc0f3905676a35bbd7aeae723cafbd9d009e41e29105b058c12a5",
+                        "623c5e18f10921e6142ff115a750285427aa8e0d5e22b01826a13004471a945e",
+                        "6916e5f854b557f379d37f689c565023e9b998ec33085f7db93c6c118e713856",
+                        "6e191847d61897640fd344288756f5d59ec407e2d82191a80ca61ac1fdcf5ea4",
+                        "792e03a293bd084dae4581bd0d0968771bab2260198ae9921d69208b9cdbe1f8",
+                        "7c6c4b95a8f371197879242621a29b420020f499f2492b299e8f732aca2d9468",
+                        "861a9fe61b65913d45bc9e70f9f0967b0a1d6b8f5e10ca36e64d11f340845a1c"
+                    ],
+                    "host": "purebupycug[.]eu"
+                },
+                {
+                    "hashes": [
+                        "043c264efa0f27d30ebff0d9c3c5239ec02ddf012bebf53740e9e9fa45278b88",
+                        "0629056f7d4102a08a4b773253d62453445ee91cc17fa1650b40d1bbca216e81",
+                        "07265ea0a06d695ee7d9c432328fa03c9b094156ea4340d655a9bd004f1ec245",
+                        "07f6802aefceb7295163b85221c6edee87eb714f85e898f91b832fd427fcb840",
+                        "13dfcc67efbbd2fbab594ec2f166c3bd606daedbc84e0af9a85aa73e9c365e69",
+                        "15dee18e595c7229866196fb35705cc11d156254302524d128c6de1091070752",
+                        "1a8d546528102cd45980bce71b0159d8a8d50ad877219f2930f64010f3b10de2",
+                        "1b0038caef373a183c07a3432a071d39a6cc6a1382a841176ba755d5f87093c1",
+                        "1e86f351224a048a3e345984bab57e1573c78138af6593db20139cc35c907fe4",
+                        "1f729fb1fd0057f77b71361c6d65d65c9e1634fe5522f0e2eb30d6856c885567",
+                        "261fa852470332ce18fee88de0ee43e701044a086a816e8e4c4fee5abd36feee",
+                        "356a0c3ec22d725e81f8441e61551f112ec136502b533c3eb3ae707345c7d1de",
+                        "3914cb2391b1f4dea8beb1310ad8804b9ab30218808f2fba1b21a7d398473d7c",
+                        "476c6b55260a892b205eca31487a5c9df84972fcfa32e1579ad8cafc4e3ae412",
+                        "47dfc9a17dcf98d70546463ee6744ccd866bb25dcc761a17f6fc80c658360a87",
+                        "4dacfeb76545ad7fd43c89145e504410c257dff11ef64f9bb7dc3d0543474e30",
+                        "555eafa8932f34b79dde787d1e24d049a6cd662a9f79433358c287ecf087c2d2",
+                        "56492e89b6d571e73f85bff04df71d7a120ea0db56e63282372f1e881aecec7c",
+                        "61379474c1ffc0f3905676a35bbd7aeae723cafbd9d009e41e29105b058c12a5",
+                        "623c5e18f10921e6142ff115a750285427aa8e0d5e22b01826a13004471a945e",
+                        "6916e5f854b557f379d37f689c565023e9b998ec33085f7db93c6c118e713856",
+                        "6e191847d61897640fd344288756f5d59ec407e2d82191a80ca61ac1fdcf5ea4",
+                        "792e03a293bd084dae4581bd0d0968771bab2260198ae9921d69208b9cdbe1f8",
+                        "7c6c4b95a8f371197879242621a29b420020f499f2492b299e8f732aca2d9468",
+                        "861a9fe61b65913d45bc9e70f9f0967b0a1d6b8f5e10ca36e64d11f340845a1c"
+                    ],
+                    "host": "nojuletacuf[.]eu"
+                },
+                {
+                    "hashes": [
+                        "043c264efa0f27d30ebff0d9c3c5239ec02ddf012bebf53740e9e9fa45278b88",
+                        "0629056f7d4102a08a4b773253d62453445ee91cc17fa1650b40d1bbca216e81",
+                        "07265ea0a06d695ee7d9c432328fa03c9b094156ea4340d655a9bd004f1ec245",
+                        "07f6802aefceb7295163b85221c6edee87eb714f85e898f91b832fd427fcb840",
+                        "13dfcc67efbbd2fbab594ec2f166c3bd606daedbc84e0af9a85aa73e9c365e69",
+                        "15dee18e595c7229866196fb35705cc11d156254302524d128c6de1091070752",
+                        "1a8d546528102cd45980bce71b0159d8a8d50ad877219f2930f64010f3b10de2",
+                        "1b0038caef373a183c07a3432a071d39a6cc6a1382a841176ba755d5f87093c1",
+                        "1e86f351224a048a3e345984bab57e1573c78138af6593db20139cc35c907fe4",
+                        "1f729fb1fd0057f77b71361c6d65d65c9e1634fe5522f0e2eb30d6856c885567",
+                        "261fa852470332ce18fee88de0ee43e701044a086a816e8e4c4fee5abd36feee",
+                        "356a0c3ec22d725e81f8441e61551f112ec136502b533c3eb3ae707345c7d1de",
+                        "3914cb2391b1f4dea8beb1310ad8804b9ab30218808f2fba1b21a7d398473d7c",
+                        "476c6b55260a892b205eca31487a5c9df84972fcfa32e1579ad8cafc4e3ae412",
+                        "47dfc9a17dcf98d70546463ee6744ccd866bb25dcc761a17f6fc80c658360a87",
+                        "4dacfeb76545ad7fd43c89145e504410c257dff11ef64f9bb7dc3d0543474e30",
+                        "555eafa8932f34b79dde787d1e24d049a6cd662a9f79433358c287ecf087c2d2",
+                        "56492e89b6d571e73f85bff04df71d7a120ea0db56e63282372f1e881aecec7c",
+                        "61379474c1ffc0f3905676a35bbd7aeae723cafbd9d009e41e29105b058c12a5",
+                        "623c5e18f10921e6142ff115a750285427aa8e0d5e22b01826a13004471a945e",
+                        "6916e5f854b557f379d37f689c565023e9b998ec33085f7db93c6c118e713856",
+                        "6e191847d61897640fd344288756f5d59ec407e2d82191a80ca61ac1fdcf5ea4",
+                        "792e03a293bd084dae4581bd0d0968771bab2260198ae9921d69208b9cdbe1f8",
+                        "7c6c4b95a8f371197879242621a29b420020f499f2492b299e8f732aca2d9468",
+                        "861a9fe61b65913d45bc9e70f9f0967b0a1d6b8f5e10ca36e64d11f340845a1c"
+                    ],
+                    "host": "dimasyhageh[.]eu"
+                },
+                {
+                    "hashes": [
+                        "043c264efa0f27d30ebff0d9c3c5239ec02ddf012bebf53740e9e9fa45278b88",
+                        "0629056f7d4102a08a4b773253d62453445ee91cc17fa1650b40d1bbca216e81",
+                        "07265ea0a06d695ee7d9c432328fa03c9b094156ea4340d655a9bd004f1ec245",
+                        "07f6802aefceb7295163b85221c6edee87eb714f85e898f91b832fd427fcb840",
+                        "13dfcc67efbbd2fbab594ec2f166c3bd606daedbc84e0af9a85aa73e9c365e69",
+                        "15dee18e595c7229866196fb35705cc11d156254302524d128c6de1091070752",
+                        "1a8d546528102cd45980bce71b0159d8a8d50ad877219f2930f64010f3b10de2",
+                        "1b0038caef373a183c07a3432a071d39a6cc6a1382a841176ba755d5f87093c1",
+                        "1e86f351224a048a3e345984bab57e1573c78138af6593db20139cc35c907fe4",
+                        "1f729fb1fd0057f77b71361c6d65d65c9e1634fe5522f0e2eb30d6856c885567",
+                        "261fa852470332ce18fee88de0ee43e701044a086a816e8e4c4fee5abd36feee",
+                        "356a0c3ec22d725e81f8441e61551f112ec136502b533c3eb3ae707345c7d1de",
+                        "3914cb2391b1f4dea8beb1310ad8804b9ab30218808f2fba1b21a7d398473d7c",
+                        "476c6b55260a892b205eca31487a5c9df84972fcfa32e1579ad8cafc4e3ae412",
+                        "47dfc9a17dcf98d70546463ee6744ccd866bb25dcc761a17f6fc80c658360a87",
+                        "4dacfeb76545ad7fd43c89145e504410c257dff11ef64f9bb7dc3d0543474e30",
+                        "555eafa8932f34b79dde787d1e24d049a6cd662a9f79433358c287ecf087c2d2",
+                        "56492e89b6d571e73f85bff04df71d7a120ea0db56e63282372f1e881aecec7c",
+                        "61379474c1ffc0f3905676a35bbd7aeae723cafbd9d009e41e29105b058c12a5",
+                        "623c5e18f10921e6142ff115a750285427aa8e0d5e22b01826a13004471a945e",
+                        "6916e5f854b557f379d37f689c565023e9b998ec33085f7db93c6c118e713856",
+                        "6e191847d61897640fd344288756f5d59ec407e2d82191a80ca61ac1fdcf5ea4",
+                        "792e03a293bd084dae4581bd0d0968771bab2260198ae9921d69208b9cdbe1f8",
+                        "7c6c4b95a8f371197879242621a29b420020f499f2492b299e8f732aca2d9468",
+                        "861a9fe61b65913d45bc9e70f9f0967b0a1d6b8f5e10ca36e64d11f340845a1c"
+                    ],
+                    "host": "mamasufexix[.]eu"
+                },
+                {
+                    "hashes": [
+                        "043c264efa0f27d30ebff0d9c3c5239ec02ddf012bebf53740e9e9fa45278b88",
+                        "0629056f7d4102a08a4b773253d62453445ee91cc17fa1650b40d1bbca216e81",
+                        "07265ea0a06d695ee7d9c432328fa03c9b094156ea4340d655a9bd004f1ec245",
+                        "07f6802aefceb7295163b85221c6edee87eb714f85e898f91b832fd427fcb840",
+                        "13dfcc67efbbd2fbab594ec2f166c3bd606daedbc84e0af9a85aa73e9c365e69",
+                        "15dee18e595c7229866196fb35705cc11d156254302524d128c6de1091070752",
+                        "1a8d546528102cd45980bce71b0159d8a8d50ad877219f2930f64010f3b10de2",
+                        "1b0038caef373a183c07a3432a071d39a6cc6a1382a841176ba755d5f87093c1",
+                        "1e86f351224a048a3e345984bab57e1573c78138af6593db20139cc35c907fe4",
+                        "1f729fb1fd0057f77b71361c6d65d65c9e1634fe5522f0e2eb30d6856c885567",
+                        "261fa852470332ce18fee88de0ee43e701044a086a816e8e4c4fee5abd36feee",
+                        "356a0c3ec22d725e81f8441e61551f112ec136502b533c3eb3ae707345c7d1de",
+                        "3914cb2391b1f4dea8beb1310ad8804b9ab30218808f2fba1b21a7d398473d7c",
+                        "476c6b55260a892b205eca31487a5c9df84972fcfa32e1579ad8cafc4e3ae412",
+                        "47dfc9a17dcf98d70546463ee6744ccd866bb25dcc761a17f6fc80c658360a87",
+                        "4dacfeb76545ad7fd43c89145e504410c257dff11ef64f9bb7dc3d0543474e30",
+                        "555eafa8932f34b79dde787d1e24d049a6cd662a9f79433358c287ecf087c2d2",
+                        "56492e89b6d571e73f85bff04df71d7a120ea0db56e63282372f1e881aecec7c",
+                        "61379474c1ffc0f3905676a35bbd7aeae723cafbd9d009e41e29105b058c12a5",
+                        "623c5e18f10921e6142ff115a750285427aa8e0d5e22b01826a13004471a945e",
+                        "6916e5f854b557f379d37f689c565023e9b998ec33085f7db93c6c118e713856",
+                        "6e191847d61897640fd344288756f5d59ec407e2d82191a80ca61ac1fdcf5ea4",
+                        "792e03a293bd084dae4581bd0d0968771bab2260198ae9921d69208b9cdbe1f8",
+                        "7c6c4b95a8f371197879242621a29b420020f499f2492b299e8f732aca2d9468",
+                        "861a9fe61b65913d45bc9e70f9f0967b0a1d6b8f5e10ca36e64d11f340845a1c"
+                    ],
+                    "host": "rydufupipug[.]eu"
+                },
+                {
+                    "hashes": [
+                        "043c264efa0f27d30ebff0d9c3c5239ec02ddf012bebf53740e9e9fa45278b88",
+                        "0629056f7d4102a08a4b773253d62453445ee91cc17fa1650b40d1bbca216e81",
+                        "07265ea0a06d695ee7d9c432328fa03c9b094156ea4340d655a9bd004f1ec245",
+                        "07f6802aefceb7295163b85221c6edee87eb714f85e898f91b832fd427fcb840",
+                        "13dfcc67efbbd2fbab594ec2f166c3bd606daedbc84e0af9a85aa73e9c365e69",
+                        "15dee18e595c7229866196fb35705cc11d156254302524d128c6de1091070752",
+                        "1a8d546528102cd45980bce71b0159d8a8d50ad877219f2930f64010f3b10de2",
+                        "1b0038caef373a183c07a3432a071d39a6cc6a1382a841176ba755d5f87093c1",
+                        "1e86f351224a048a3e345984bab57e1573c78138af6593db20139cc35c907fe4",
+                        "1f729fb1fd0057f77b71361c6d65d65c9e1634fe5522f0e2eb30d6856c885567",
+                        "261fa852470332ce18fee88de0ee43e701044a086a816e8e4c4fee5abd36feee",
+                        "356a0c3ec22d725e81f8441e61551f112ec136502b533c3eb3ae707345c7d1de",
+                        "3914cb2391b1f4dea8beb1310ad8804b9ab30218808f2fba1b21a7d398473d7c",
+                        "476c6b55260a892b205eca31487a5c9df84972fcfa32e1579ad8cafc4e3ae412",
+                        "47dfc9a17dcf98d70546463ee6744ccd866bb25dcc761a17f6fc80c658360a87",
+                        "4dacfeb76545ad7fd43c89145e504410c257dff11ef64f9bb7dc3d0543474e30",
+                        "555eafa8932f34b79dde787d1e24d049a6cd662a9f79433358c287ecf087c2d2",
+                        "56492e89b6d571e73f85bff04df71d7a120ea0db56e63282372f1e881aecec7c",
+                        "61379474c1ffc0f3905676a35bbd7aeae723cafbd9d009e41e29105b058c12a5",
+                        "623c5e18f10921e6142ff115a750285427aa8e0d5e22b01826a13004471a945e",
+                        "6916e5f854b557f379d37f689c565023e9b998ec33085f7db93c6c118e713856",
+                        "6e191847d61897640fd344288756f5d59ec407e2d82191a80ca61ac1fdcf5ea4",
+                        "792e03a293bd084dae4581bd0d0968771bab2260198ae9921d69208b9cdbe1f8",
+                        "7c6c4b95a8f371197879242621a29b420020f499f2492b299e8f732aca2d9468",
+                        "861a9fe61b65913d45bc9e70f9f0967b0a1d6b8f5e10ca36e64d11f340845a1c"
+                    ],
+                    "host": "purijygirem[.]eu"
+                },
+                {
+                    "hashes": [
+                        "043c264efa0f27d30ebff0d9c3c5239ec02ddf012bebf53740e9e9fa45278b88",
+                        "0629056f7d4102a08a4b773253d62453445ee91cc17fa1650b40d1bbca216e81",
+                        "07265ea0a06d695ee7d9c432328fa03c9b094156ea4340d655a9bd004f1ec245",
+                        "07f6802aefceb7295163b85221c6edee87eb714f85e898f91b832fd427fcb840",
+                        "13dfcc67efbbd2fbab594ec2f166c3bd606daedbc84e0af9a85aa73e9c365e69",
+                        "15dee18e595c7229866196fb35705cc11d156254302524d128c6de1091070752",
+                        "1a8d546528102cd45980bce71b0159d8a8d50ad877219f2930f64010f3b10de2",
+                        "1b0038caef373a183c07a3432a071d39a6cc6a1382a841176ba755d5f87093c1",
+                        "1e86f351224a048a3e345984bab57e1573c78138af6593db20139cc35c907fe4",
+                        "1f729fb1fd0057f77b71361c6d65d65c9e1634fe5522f0e2eb30d6856c885567",
+                        "261fa852470332ce18fee88de0ee43e701044a086a816e8e4c4fee5abd36feee",
+                        "356a0c3ec22d725e81f8441e61551f112ec136502b533c3eb3ae707345c7d1de",
+                        "3914cb2391b1f4dea8beb1310ad8804b9ab30218808f2fba1b21a7d398473d7c",
+                        "476c6b55260a892b205eca31487a5c9df84972fcfa32e1579ad8cafc4e3ae412",
+                        "47dfc9a17dcf98d70546463ee6744ccd866bb25dcc761a17f6fc80c658360a87",
+                        "4dacfeb76545ad7fd43c89145e504410c257dff11ef64f9bb7dc3d0543474e30",
+                        "555eafa8932f34b79dde787d1e24d049a6cd662a9f79433358c287ecf087c2d2",
+                        "56492e89b6d571e73f85bff04df71d7a120ea0db56e63282372f1e881aecec7c",
+                        "61379474c1ffc0f3905676a35bbd7aeae723cafbd9d009e41e29105b058c12a5",
+                        "623c5e18f10921e6142ff115a750285427aa8e0d5e22b01826a13004471a945e",
+                        "6916e5f854b557f379d37f689c565023e9b998ec33085f7db93c6c118e713856",
+                        "6e191847d61897640fd344288756f5d59ec407e2d82191a80ca61ac1fdcf5ea4",
+                        "792e03a293bd084dae4581bd0d0968771bab2260198ae9921d69208b9cdbe1f8",
+                        "7c6c4b95a8f371197879242621a29b420020f499f2492b299e8f732aca2d9468",
+                        "861a9fe61b65913d45bc9e70f9f0967b0a1d6b8f5e10ca36e64d11f340845a1c"
+                    ],
+                    "host": "kefypadofiw[.]eu"
+                },
+                {
+                    "hashes": [
+                        "043c264efa0f27d30ebff0d9c3c5239ec02ddf012bebf53740e9e9fa45278b88",
+                        "0629056f7d4102a08a4b773253d62453445ee91cc17fa1650b40d1bbca216e81",
+                        "07265ea0a06d695ee7d9c432328fa03c9b094156ea4340d655a9bd004f1ec245",
+                        "07f6802aefceb7295163b85221c6edee87eb714f85e898f91b832fd427fcb840",
+                        "13dfcc67efbbd2fbab594ec2f166c3bd606daedbc84e0af9a85aa73e9c365e69",
+                        "15dee18e595c7229866196fb35705cc11d156254302524d128c6de1091070752",
+                        "1a8d546528102cd45980bce71b0159d8a8d50ad877219f2930f64010f3b10de2",
+                        "1b0038caef373a183c07a3432a071d39a6cc6a1382a841176ba755d5f87093c1",
+                        "1e86f351224a048a3e345984bab57e1573c78138af6593db20139cc35c907fe4",
+                        "1f729fb1fd0057f77b71361c6d65d65c9e1634fe5522f0e2eb30d6856c885567",
+                        "261fa852470332ce18fee88de0ee43e701044a086a816e8e4c4fee5abd36feee",
+                        "356a0c3ec22d725e81f8441e61551f112ec136502b533c3eb3ae707345c7d1de",
+                        "3914cb2391b1f4dea8beb1310ad8804b9ab30218808f2fba1b21a7d398473d7c",
+                        "476c6b55260a892b205eca31487a5c9df84972fcfa32e1579ad8cafc4e3ae412",
+                        "47dfc9a17dcf98d70546463ee6744ccd866bb25dcc761a17f6fc80c658360a87",
+                        "4dacfeb76545ad7fd43c89145e504410c257dff11ef64f9bb7dc3d0543474e30",
+                        "555eafa8932f34b79dde787d1e24d049a6cd662a9f79433358c287ecf087c2d2",
+                        "56492e89b6d571e73f85bff04df71d7a120ea0db56e63282372f1e881aecec7c",
+                        "61379474c1ffc0f3905676a35bbd7aeae723cafbd9d009e41e29105b058c12a5",
+                        "623c5e18f10921e6142ff115a750285427aa8e0d5e22b01826a13004471a945e",
+                        "6916e5f854b557f379d37f689c565023e9b998ec33085f7db93c6c118e713856",
+                        "6e191847d61897640fd344288756f5d59ec407e2d82191a80ca61ac1fdcf5ea4",
+                        "792e03a293bd084dae4581bd0d0968771bab2260198ae9921d69208b9cdbe1f8",
+                        "7c6c4b95a8f371197879242621a29b420020f499f2492b299e8f732aca2d9468",
+                        "861a9fe61b65913d45bc9e70f9f0967b0a1d6b8f5e10ca36e64d11f340845a1c"
+                    ],
+                    "host": "vocumucokaj[.]eu"
+                },
+                {
+                    "hashes": [
+                        "043c264efa0f27d30ebff0d9c3c5239ec02ddf012bebf53740e9e9fa45278b88",
+                        "0629056f7d4102a08a4b773253d62453445ee91cc17fa1650b40d1bbca216e81",
+                        "07265ea0a06d695ee7d9c432328fa03c9b094156ea4340d655a9bd004f1ec245",
+                        "07f6802aefceb7295163b85221c6edee87eb714f85e898f91b832fd427fcb840",
+                        "13dfcc67efbbd2fbab594ec2f166c3bd606daedbc84e0af9a85aa73e9c365e69",
+                        "15dee18e595c7229866196fb35705cc11d156254302524d128c6de1091070752",
+                        "1a8d546528102cd45980bce71b0159d8a8d50ad877219f2930f64010f3b10de2",
+                        "1b0038caef373a183c07a3432a071d39a6cc6a1382a841176ba755d5f87093c1",
+                        "1e86f351224a048a3e345984bab57e1573c78138af6593db20139cc35c907fe4",
+                        "1f729fb1fd0057f77b71361c6d65d65c9e1634fe5522f0e2eb30d6856c885567",
+                        "261fa852470332ce18fee88de0ee43e701044a086a816e8e4c4fee5abd36feee",
+                        "356a0c3ec22d725e81f8441e61551f112ec136502b533c3eb3ae707345c7d1de",
+                        "3914cb2391b1f4dea8beb1310ad8804b9ab30218808f2fba1b21a7d398473d7c",
+                        "476c6b55260a892b205eca31487a5c9df84972fcfa32e1579ad8cafc4e3ae412",
+                        "47dfc9a17dcf98d70546463ee6744ccd866bb25dcc761a17f6fc80c658360a87",
+                        "4dacfeb76545ad7fd43c89145e504410c257dff11ef64f9bb7dc3d0543474e30",
+                        "555eafa8932f34b79dde787d1e24d049a6cd662a9f79433358c287ecf087c2d2",
+                        "56492e89b6d571e73f85bff04df71d7a120ea0db56e63282372f1e881aecec7c",
+                        "61379474c1ffc0f3905676a35bbd7aeae723cafbd9d009e41e29105b058c12a5",
+                        "623c5e18f10921e6142ff115a750285427aa8e0d5e22b01826a13004471a945e",
+                        "6916e5f854b557f379d37f689c565023e9b998ec33085f7db93c6c118e713856",
+                        "6e191847d61897640fd344288756f5d59ec407e2d82191a80ca61ac1fdcf5ea4",
+                        "792e03a293bd084dae4581bd0d0968771bab2260198ae9921d69208b9cdbe1f8",
+                        "7c6c4b95a8f371197879242621a29b420020f499f2492b299e8f732aca2d9468",
+                        "861a9fe61b65913d45bc9e70f9f0967b0a1d6b8f5e10ca36e64d11f340845a1c"
+                    ],
+                    "host": "masisokemep[.]eu"
+                }
+            ],
+            "file": [
+                {
+                    "hashes": [
+                        "043c264efa0f27d30ebff0d9c3c5239ec02ddf012bebf53740e9e9fa45278b88",
+                        "0629056f7d4102a08a4b773253d62453445ee91cc17fa1650b40d1bbca216e81",
+                        "07265ea0a06d695ee7d9c432328fa03c9b094156ea4340d655a9bd004f1ec245",
+                        "07f6802aefceb7295163b85221c6edee87eb714f85e898f91b832fd427fcb840",
+                        "13dfcc67efbbd2fbab594ec2f166c3bd606daedbc84e0af9a85aa73e9c365e69",
+                        "15dee18e595c7229866196fb35705cc11d156254302524d128c6de1091070752",
+                        "1a8d546528102cd45980bce71b0159d8a8d50ad877219f2930f64010f3b10de2",
+                        "1b0038caef373a183c07a3432a071d39a6cc6a1382a841176ba755d5f87093c1",
+                        "1e86f351224a048a3e345984bab57e1573c78138af6593db20139cc35c907fe4",
+                        "1f729fb1fd0057f77b71361c6d65d65c9e1634fe5522f0e2eb30d6856c885567",
+                        "261fa852470332ce18fee88de0ee43e701044a086a816e8e4c4fee5abd36feee",
+                        "356a0c3ec22d725e81f8441e61551f112ec136502b533c3eb3ae707345c7d1de",
+                        "3914cb2391b1f4dea8beb1310ad8804b9ab30218808f2fba1b21a7d398473d7c",
+                        "476c6b55260a892b205eca31487a5c9df84972fcfa32e1579ad8cafc4e3ae412",
+                        "47dfc9a17dcf98d70546463ee6744ccd866bb25dcc761a17f6fc80c658360a87",
+                        "4dacfeb76545ad7fd43c89145e504410c257dff11ef64f9bb7dc3d0543474e30",
+                        "555eafa8932f34b79dde787d1e24d049a6cd662a9f79433358c287ecf087c2d2",
+                        "56492e89b6d571e73f85bff04df71d7a120ea0db56e63282372f1e881aecec7c",
+                        "61379474c1ffc0f3905676a35bbd7aeae723cafbd9d009e41e29105b058c12a5",
+                        "623c5e18f10921e6142ff115a750285427aa8e0d5e22b01826a13004471a945e",
+                        "6916e5f854b557f379d37f689c565023e9b998ec33085f7db93c6c118e713856",
+                        "6e191847d61897640fd344288756f5d59ec407e2d82191a80ca61ac1fdcf5ea4",
+                        "792e03a293bd084dae4581bd0d0968771bab2260198ae9921d69208b9cdbe1f8",
+                        "7c6c4b95a8f371197879242621a29b420020f499f2492b299e8f732aca2d9468",
+                        "861a9fe61b65913d45bc9e70f9f0967b0a1d6b8f5e10ca36e64d11f340845a1c"
+                    ],
+                    "path": "%TEMP%\\<random, matching [A-F0-9]{1,4}>.tmp"
+                },
+                {
+                    "hashes": [
+                        "043c264efa0f27d30ebff0d9c3c5239ec02ddf012bebf53740e9e9fa45278b88",
+                        "0629056f7d4102a08a4b773253d62453445ee91cc17fa1650b40d1bbca216e81",
+                        "07265ea0a06d695ee7d9c432328fa03c9b094156ea4340d655a9bd004f1ec245",
+                        "07f6802aefceb7295163b85221c6edee87eb714f85e898f91b832fd427fcb840",
+                        "13dfcc67efbbd2fbab594ec2f166c3bd606daedbc84e0af9a85aa73e9c365e69",
+                        "15dee18e595c7229866196fb35705cc11d156254302524d128c6de1091070752",
+                        "1a8d546528102cd45980bce71b0159d8a8d50ad877219f2930f64010f3b10de2",
+                        "1b0038caef373a183c07a3432a071d39a6cc6a1382a841176ba755d5f87093c1",
+                        "1e86f351224a048a3e345984bab57e1573c78138af6593db20139cc35c907fe4",
+                        "1f729fb1fd0057f77b71361c6d65d65c9e1634fe5522f0e2eb30d6856c885567",
+                        "261fa852470332ce18fee88de0ee43e701044a086a816e8e4c4fee5abd36feee",
+                        "356a0c3ec22d725e81f8441e61551f112ec136502b533c3eb3ae707345c7d1de",
+                        "3914cb2391b1f4dea8beb1310ad8804b9ab30218808f2fba1b21a7d398473d7c",
+                        "476c6b55260a892b205eca31487a5c9df84972fcfa32e1579ad8cafc4e3ae412",
+                        "47dfc9a17dcf98d70546463ee6744ccd866bb25dcc761a17f6fc80c658360a87",
+                        "4dacfeb76545ad7fd43c89145e504410c257dff11ef64f9bb7dc3d0543474e30",
+                        "555eafa8932f34b79dde787d1e24d049a6cd662a9f79433358c287ecf087c2d2",
+                        "56492e89b6d571e73f85bff04df71d7a120ea0db56e63282372f1e881aecec7c",
+                        "61379474c1ffc0f3905676a35bbd7aeae723cafbd9d009e41e29105b058c12a5",
+                        "623c5e18f10921e6142ff115a750285427aa8e0d5e22b01826a13004471a945e",
+                        "6916e5f854b557f379d37f689c565023e9b998ec33085f7db93c6c118e713856",
+                        "6e191847d61897640fd344288756f5d59ec407e2d82191a80ca61ac1fdcf5ea4",
+                        "792e03a293bd084dae4581bd0d0968771bab2260198ae9921d69208b9cdbe1f8",
+                        "7c6c4b95a8f371197879242621a29b420020f499f2492b299e8f732aca2d9468",
+                        "861a9fe61b65913d45bc9e70f9f0967b0a1d6b8f5e10ca36e64d11f340845a1c"
+                    ],
+                    "path": "%SystemRoot%\\AppPatch\\<random, matching '[a-z]{6,8}'>.exe"
+                },
+                {
+                    "hashes": [
+                        "1f729fb1fd0057f77b71361c6d65d65c9e1634fe5522f0e2eb30d6856c885567"
+                    ],
+                    "path": "%TEMP%\\206BC.dmp"
+                },
+                {
+                    "hashes": [
+                        "476c6b55260a892b205eca31487a5c9df84972fcfa32e1579ad8cafc4e3ae412"
+                    ],
+                    "path": "%TEMP%\\207C6.dmp"
+                },
+                {
+                    "hashes": [
+                        "861a9fe61b65913d45bc9e70f9f0967b0a1d6b8f5e10ca36e64d11f340845a1c"
+                    ],
+                    "path": "%TEMP%\\dd24_appcompat.txt"
+                },
+                {
+                    "hashes": [
+                        "043c264efa0f27d30ebff0d9c3c5239ec02ddf012bebf53740e9e9fa45278b88"
+                    ],
+                    "path": "%TEMP%\\16116.dmp"
+                },
+                {
+                    "hashes": [
+                        "043c264efa0f27d30ebff0d9c3c5239ec02ddf012bebf53740e9e9fa45278b88"
+                    ],
+                    "path": "%TEMP%\\5ef2_appcompat.txt"
+                },
+                {
+                    "hashes": [
+                        "1f729fb1fd0057f77b71361c6d65d65c9e1634fe5522f0e2eb30d6856c885567"
+                    ],
+                    "path": "%TEMP%\\7cb_appcompat.txt"
+                },
+                {
+                    "hashes": [
+                        "476c6b55260a892b205eca31487a5c9df84972fcfa32e1579ad8cafc4e3ae412"
+                    ],
+                    "path": "%TEMP%\\13d_appcompat.txt"
+                },
+                {
+                    "hashes": [
+                        "861a9fe61b65913d45bc9e70f9f0967b0a1d6b8f5e10ca36e64d11f340845a1c"
+                    ],
+                    "path": "%TEMP%\\1DBD4.dmp"
+                }
+            ],
+            "ip": [
+                {
+                    "hashes": [
+                        "043c264efa0f27d30ebff0d9c3c5239ec02ddf012bebf53740e9e9fa45278b88",
+                        "0629056f7d4102a08a4b773253d62453445ee91cc17fa1650b40d1bbca216e81",
+                        "07265ea0a06d695ee7d9c432328fa03c9b094156ea4340d655a9bd004f1ec245",
+                        "07f6802aefceb7295163b85221c6edee87eb714f85e898f91b832fd427fcb840",
+                        "13dfcc67efbbd2fbab594ec2f166c3bd606daedbc84e0af9a85aa73e9c365e69",
+                        "15dee18e595c7229866196fb35705cc11d156254302524d128c6de1091070752",
+                        "1a8d546528102cd45980bce71b0159d8a8d50ad877219f2930f64010f3b10de2",
+                        "1b0038caef373a183c07a3432a071d39a6cc6a1382a841176ba755d5f87093c1",
+                        "1e86f351224a048a3e345984bab57e1573c78138af6593db20139cc35c907fe4",
+                        "1f729fb1fd0057f77b71361c6d65d65c9e1634fe5522f0e2eb30d6856c885567",
+                        "261fa852470332ce18fee88de0ee43e701044a086a816e8e4c4fee5abd36feee",
+                        "356a0c3ec22d725e81f8441e61551f112ec136502b533c3eb3ae707345c7d1de",
+                        "3914cb2391b1f4dea8beb1310ad8804b9ab30218808f2fba1b21a7d398473d7c",
+                        "476c6b55260a892b205eca31487a5c9df84972fcfa32e1579ad8cafc4e3ae412",
+                        "47dfc9a17dcf98d70546463ee6744ccd866bb25dcc761a17f6fc80c658360a87",
+                        "4dacfeb76545ad7fd43c89145e504410c257dff11ef64f9bb7dc3d0543474e30",
+                        "555eafa8932f34b79dde787d1e24d049a6cd662a9f79433358c287ecf087c2d2",
+                        "56492e89b6d571e73f85bff04df71d7a120ea0db56e63282372f1e881aecec7c",
+                        "61379474c1ffc0f3905676a35bbd7aeae723cafbd9d009e41e29105b058c12a5",
+                        "623c5e18f10921e6142ff115a750285427aa8e0d5e22b01826a13004471a945e",
+                        "6916e5f854b557f379d37f689c565023e9b998ec33085f7db93c6c118e713856",
+                        "6e191847d61897640fd344288756f5d59ec407e2d82191a80ca61ac1fdcf5ea4",
+                        "792e03a293bd084dae4581bd0d0968771bab2260198ae9921d69208b9cdbe1f8",
+                        "7c6c4b95a8f371197879242621a29b420020f499f2492b299e8f732aca2d9468",
+                        "861a9fe61b65913d45bc9e70f9f0967b0a1d6b8f5e10ca36e64d11f340845a1c"
+                    ],
+                    "ip": "23[.]253[.]126[.]58"
+                },
+                {
+                    "hashes": [
+                        "043c264efa0f27d30ebff0d9c3c5239ec02ddf012bebf53740e9e9fa45278b88",
+                        "0629056f7d4102a08a4b773253d62453445ee91cc17fa1650b40d1bbca216e81",
+                        "07265ea0a06d695ee7d9c432328fa03c9b094156ea4340d655a9bd004f1ec245",
+                        "07f6802aefceb7295163b85221c6edee87eb714f85e898f91b832fd427fcb840",
+                        "13dfcc67efbbd2fbab594ec2f166c3bd606daedbc84e0af9a85aa73e9c365e69",
+                        "15dee18e595c7229866196fb35705cc11d156254302524d128c6de1091070752",
+                        "1a8d546528102cd45980bce71b0159d8a8d50ad877219f2930f64010f3b10de2",
+                        "1b0038caef373a183c07a3432a071d39a6cc6a1382a841176ba755d5f87093c1",
+                        "1e86f351224a048a3e345984bab57e1573c78138af6593db20139cc35c907fe4",
+                        "1f729fb1fd0057f77b71361c6d65d65c9e1634fe5522f0e2eb30d6856c885567",
+                        "261fa852470332ce18fee88de0ee43e701044a086a816e8e4c4fee5abd36feee",
+                        "356a0c3ec22d725e81f8441e61551f112ec136502b533c3eb3ae707345c7d1de",
+                        "3914cb2391b1f4dea8beb1310ad8804b9ab30218808f2fba1b21a7d398473d7c",
+                        "476c6b55260a892b205eca31487a5c9df84972fcfa32e1579ad8cafc4e3ae412",
+                        "47dfc9a17dcf98d70546463ee6744ccd866bb25dcc761a17f6fc80c658360a87",
+                        "4dacfeb76545ad7fd43c89145e504410c257dff11ef64f9bb7dc3d0543474e30",
+                        "555eafa8932f34b79dde787d1e24d049a6cd662a9f79433358c287ecf087c2d2",
+                        "56492e89b6d571e73f85bff04df71d7a120ea0db56e63282372f1e881aecec7c",
+                        "61379474c1ffc0f3905676a35bbd7aeae723cafbd9d009e41e29105b058c12a5",
+                        "623c5e18f10921e6142ff115a750285427aa8e0d5e22b01826a13004471a945e",
+                        "6916e5f854b557f379d37f689c565023e9b998ec33085f7db93c6c118e713856",
+                        "6e191847d61897640fd344288756f5d59ec407e2d82191a80ca61ac1fdcf5ea4",
+                        "792e03a293bd084dae4581bd0d0968771bab2260198ae9921d69208b9cdbe1f8",
+                        "7c6c4b95a8f371197879242621a29b420020f499f2492b299e8f732aca2d9468",
+                        "861a9fe61b65913d45bc9e70f9f0967b0a1d6b8f5e10ca36e64d11f340845a1c"
+                    ],
+                    "ip": "104[.]239[.]157[.]210"
+                },
+                {
+                    "hashes": [
+                        "043c264efa0f27d30ebff0d9c3c5239ec02ddf012bebf53740e9e9fa45278b88",
+                        "0629056f7d4102a08a4b773253d62453445ee91cc17fa1650b40d1bbca216e81",
+                        "07265ea0a06d695ee7d9c432328fa03c9b094156ea4340d655a9bd004f1ec245",
+                        "07f6802aefceb7295163b85221c6edee87eb714f85e898f91b832fd427fcb840",
+                        "13dfcc67efbbd2fbab594ec2f166c3bd606daedbc84e0af9a85aa73e9c365e69",
+                        "15dee18e595c7229866196fb35705cc11d156254302524d128c6de1091070752",
+                        "1a8d546528102cd45980bce71b0159d8a8d50ad877219f2930f64010f3b10de2",
+                        "1b0038caef373a183c07a3432a071d39a6cc6a1382a841176ba755d5f87093c1",
+                        "1e86f351224a048a3e345984bab57e1573c78138af6593db20139cc35c907fe4",
+                        "1f729fb1fd0057f77b71361c6d65d65c9e1634fe5522f0e2eb30d6856c885567",
+                        "261fa852470332ce18fee88de0ee43e701044a086a816e8e4c4fee5abd36feee",
+                        "356a0c3ec22d725e81f8441e61551f112ec136502b533c3eb3ae707345c7d1de",
+                        "3914cb2391b1f4dea8beb1310ad8804b9ab30218808f2fba1b21a7d398473d7c",
+                        "476c6b55260a892b205eca31487a5c9df84972fcfa32e1579ad8cafc4e3ae412",
+                        "47dfc9a17dcf98d70546463ee6744ccd866bb25dcc761a17f6fc80c658360a87",
+                        "4dacfeb76545ad7fd43c89145e504410c257dff11ef64f9bb7dc3d0543474e30",
+                        "555eafa8932f34b79dde787d1e24d049a6cd662a9f79433358c287ecf087c2d2",
+                        "56492e89b6d571e73f85bff04df71d7a120ea0db56e63282372f1e881aecec7c",
+                        "61379474c1ffc0f3905676a35bbd7aeae723cafbd9d009e41e29105b058c12a5",
+                        "623c5e18f10921e6142ff115a750285427aa8e0d5e22b01826a13004471a945e",
+                        "6916e5f854b557f379d37f689c565023e9b998ec33085f7db93c6c118e713856",
+                        "6e191847d61897640fd344288756f5d59ec407e2d82191a80ca61ac1fdcf5ea4",
+                        "792e03a293bd084dae4581bd0d0968771bab2260198ae9921d69208b9cdbe1f8",
+                        "7c6c4b95a8f371197879242621a29b420020f499f2492b299e8f732aca2d9468",
+                        "861a9fe61b65913d45bc9e70f9f0967b0a1d6b8f5e10ca36e64d11f340845a1c"
+                    ],
+                    "ip": "45[.]77[.]226[.]209"
+                },
+                {
+                    "hashes": [
+                        "043c264efa0f27d30ebff0d9c3c5239ec02ddf012bebf53740e9e9fa45278b88",
+                        "0629056f7d4102a08a4b773253d62453445ee91cc17fa1650b40d1bbca216e81",
+                        "07265ea0a06d695ee7d9c432328fa03c9b094156ea4340d655a9bd004f1ec245",
+                        "07f6802aefceb7295163b85221c6edee87eb714f85e898f91b832fd427fcb840",
+                        "13dfcc67efbbd2fbab594ec2f166c3bd606daedbc84e0af9a85aa73e9c365e69",
+                        "15dee18e595c7229866196fb35705cc11d156254302524d128c6de1091070752",
+                        "1a8d546528102cd45980bce71b0159d8a8d50ad877219f2930f64010f3b10de2",
+                        "1b0038caef373a183c07a3432a071d39a6cc6a1382a841176ba755d5f87093c1",
+                        "1e86f351224a048a3e345984bab57e1573c78138af6593db20139cc35c907fe4",
+                        "1f729fb1fd0057f77b71361c6d65d65c9e1634fe5522f0e2eb30d6856c885567",
+                        "261fa852470332ce18fee88de0ee43e701044a086a816e8e4c4fee5abd36feee",
+                        "356a0c3ec22d725e81f8441e61551f112ec136502b533c3eb3ae707345c7d1de",
+                        "3914cb2391b1f4dea8beb1310ad8804b9ab30218808f2fba1b21a7d398473d7c",
+                        "476c6b55260a892b205eca31487a5c9df84972fcfa32e1579ad8cafc4e3ae412",
+                        "47dfc9a17dcf98d70546463ee6744ccd866bb25dcc761a17f6fc80c658360a87",
+                        "4dacfeb76545ad7fd43c89145e504410c257dff11ef64f9bb7dc3d0543474e30",
+                        "555eafa8932f34b79dde787d1e24d049a6cd662a9f79433358c287ecf087c2d2",
+                        "56492e89b6d571e73f85bff04df71d7a120ea0db56e63282372f1e881aecec7c",
+                        "61379474c1ffc0f3905676a35bbd7aeae723cafbd9d009e41e29105b058c12a5",
+                        "623c5e18f10921e6142ff115a750285427aa8e0d5e22b01826a13004471a945e",
+                        "6916e5f854b557f379d37f689c565023e9b998ec33085f7db93c6c118e713856",
+                        "6e191847d61897640fd344288756f5d59ec407e2d82191a80ca61ac1fdcf5ea4",
+                        "792e03a293bd084dae4581bd0d0968771bab2260198ae9921d69208b9cdbe1f8",
+                        "7c6c4b95a8f371197879242621a29b420020f499f2492b299e8f732aca2d9468",
+                        "861a9fe61b65913d45bc9e70f9f0967b0a1d6b8f5e10ca36e64d11f340845a1c"
+                    ],
+                    "ip": "208[.]100[.]26[.]245"
+                },
+                {
+                    "hashes": [
+                        "0629056f7d4102a08a4b773253d62453445ee91cc17fa1650b40d1bbca216e81",
+                        "07265ea0a06d695ee7d9c432328fa03c9b094156ea4340d655a9bd004f1ec245",
+                        "07f6802aefceb7295163b85221c6edee87eb714f85e898f91b832fd427fcb840",
+                        "15dee18e595c7229866196fb35705cc11d156254302524d128c6de1091070752",
+                        "1a8d546528102cd45980bce71b0159d8a8d50ad877219f2930f64010f3b10de2",
+                        "1b0038caef373a183c07a3432a071d39a6cc6a1382a841176ba755d5f87093c1",
+                        "1f729fb1fd0057f77b71361c6d65d65c9e1634fe5522f0e2eb30d6856c885567",
+                        "261fa852470332ce18fee88de0ee43e701044a086a816e8e4c4fee5abd36feee",
+                        "356a0c3ec22d725e81f8441e61551f112ec136502b533c3eb3ae707345c7d1de",
+                        "47dfc9a17dcf98d70546463ee6744ccd866bb25dcc761a17f6fc80c658360a87",
+                        "4dacfeb76545ad7fd43c89145e504410c257dff11ef64f9bb7dc3d0543474e30",
+                        "555eafa8932f34b79dde787d1e24d049a6cd662a9f79433358c287ecf087c2d2",
+                        "61379474c1ffc0f3905676a35bbd7aeae723cafbd9d009e41e29105b058c12a5",
+                        "6916e5f854b557f379d37f689c565023e9b998ec33085f7db93c6c118e713856",
+                        "6e191847d61897640fd344288756f5d59ec407e2d82191a80ca61ac1fdcf5ea4",
+                        "792e03a293bd084dae4581bd0d0968771bab2260198ae9921d69208b9cdbe1f8",
+                        "7c6c4b95a8f371197879242621a29b420020f499f2492b299e8f732aca2d9468"
+                    ],
+                    "ip": "35[.]229[.]93[.]46"
+                },
+                {
+                    "hashes": [
+                        "0629056f7d4102a08a4b773253d62453445ee91cc17fa1650b40d1bbca216e81",
+                        "1a8d546528102cd45980bce71b0159d8a8d50ad877219f2930f64010f3b10de2",
+                        "1e86f351224a048a3e345984bab57e1573c78138af6593db20139cc35c907fe4",
+                        "261fa852470332ce18fee88de0ee43e701044a086a816e8e4c4fee5abd36feee",
+                        "356a0c3ec22d725e81f8441e61551f112ec136502b533c3eb3ae707345c7d1de",
+                        "3914cb2391b1f4dea8beb1310ad8804b9ab30218808f2fba1b21a7d398473d7c",
+                        "47dfc9a17dcf98d70546463ee6744ccd866bb25dcc761a17f6fc80c658360a87",
+                        "4dacfeb76545ad7fd43c89145e504410c257dff11ef64f9bb7dc3d0543474e30",
+                        "555eafa8932f34b79dde787d1e24d049a6cd662a9f79433358c287ecf087c2d2",
+                        "56492e89b6d571e73f85bff04df71d7a120ea0db56e63282372f1e881aecec7c",
+                        "61379474c1ffc0f3905676a35bbd7aeae723cafbd9d009e41e29105b058c12a5",
+                        "6e191847d61897640fd344288756f5d59ec407e2d82191a80ca61ac1fdcf5ea4",
+                        "792e03a293bd084dae4581bd0d0968771bab2260198ae9921d69208b9cdbe1f8"
+                    ],
+                    "ip": "13[.]107[.]21[.]200"
+                },
+                {
+                    "hashes": [
+                        "043c264efa0f27d30ebff0d9c3c5239ec02ddf012bebf53740e9e9fa45278b88",
+                        "07265ea0a06d695ee7d9c432328fa03c9b094156ea4340d655a9bd004f1ec245",
+                        "07f6802aefceb7295163b85221c6edee87eb714f85e898f91b832fd427fcb840",
+                        "13dfcc67efbbd2fbab594ec2f166c3bd606daedbc84e0af9a85aa73e9c365e69",
+                        "15dee18e595c7229866196fb35705cc11d156254302524d128c6de1091070752",
+                        "1b0038caef373a183c07a3432a071d39a6cc6a1382a841176ba755d5f87093c1",
+                        "1f729fb1fd0057f77b71361c6d65d65c9e1634fe5522f0e2eb30d6856c885567",
+                        "476c6b55260a892b205eca31487a5c9df84972fcfa32e1579ad8cafc4e3ae412",
+                        "623c5e18f10921e6142ff115a750285427aa8e0d5e22b01826a13004471a945e",
+                        "6916e5f854b557f379d37f689c565023e9b998ec33085f7db93c6c118e713856",
+                        "7c6c4b95a8f371197879242621a29b420020f499f2492b299e8f732aca2d9468",
+                        "861a9fe61b65913d45bc9e70f9f0967b0a1d6b8f5e10ca36e64d11f340845a1c"
+                    ],
+                    "ip": "204[.]79[.]197[.]200"
+                },
+                {
+                    "hashes": [
+                        "043c264efa0f27d30ebff0d9c3c5239ec02ddf012bebf53740e9e9fa45278b88",
+                        "13dfcc67efbbd2fbab594ec2f166c3bd606daedbc84e0af9a85aa73e9c365e69",
+                        "1e86f351224a048a3e345984bab57e1573c78138af6593db20139cc35c907fe4",
+                        "3914cb2391b1f4dea8beb1310ad8804b9ab30218808f2fba1b21a7d398473d7c",
+                        "476c6b55260a892b205eca31487a5c9df84972fcfa32e1579ad8cafc4e3ae412",
+                        "56492e89b6d571e73f85bff04df71d7a120ea0db56e63282372f1e881aecec7c",
+                        "623c5e18f10921e6142ff115a750285427aa8e0d5e22b01826a13004471a945e",
+                        "861a9fe61b65913d45bc9e70f9f0967b0a1d6b8f5e10ca36e64d11f340845a1c"
+                    ],
+                    "ip": "35[.]231[.]151[.]7"
+                }
+            ],
+            "mutex": [
+                {
+                    "hashes": [
+                        "043c264efa0f27d30ebff0d9c3c5239ec02ddf012bebf53740e9e9fa45278b88",
+                        "0629056f7d4102a08a4b773253d62453445ee91cc17fa1650b40d1bbca216e81",
+                        "07265ea0a06d695ee7d9c432328fa03c9b094156ea4340d655a9bd004f1ec245",
+                        "07f6802aefceb7295163b85221c6edee87eb714f85e898f91b832fd427fcb840",
+                        "13dfcc67efbbd2fbab594ec2f166c3bd606daedbc84e0af9a85aa73e9c365e69",
+                        "15dee18e595c7229866196fb35705cc11d156254302524d128c6de1091070752",
+                        "1a8d546528102cd45980bce71b0159d8a8d50ad877219f2930f64010f3b10de2",
+                        "1b0038caef373a183c07a3432a071d39a6cc6a1382a841176ba755d5f87093c1",
+                        "1e86f351224a048a3e345984bab57e1573c78138af6593db20139cc35c907fe4",
+                        "1f729fb1fd0057f77b71361c6d65d65c9e1634fe5522f0e2eb30d6856c885567",
+                        "261fa852470332ce18fee88de0ee43e701044a086a816e8e4c4fee5abd36feee",
+                        "356a0c3ec22d725e81f8441e61551f112ec136502b533c3eb3ae707345c7d1de",
+                        "3914cb2391b1f4dea8beb1310ad8804b9ab30218808f2fba1b21a7d398473d7c",
+                        "476c6b55260a892b205eca31487a5c9df84972fcfa32e1579ad8cafc4e3ae412",
+                        "47dfc9a17dcf98d70546463ee6744ccd866bb25dcc761a17f6fc80c658360a87",
+                        "4dacfeb76545ad7fd43c89145e504410c257dff11ef64f9bb7dc3d0543474e30",
+                        "555eafa8932f34b79dde787d1e24d049a6cd662a9f79433358c287ecf087c2d2",
+                        "56492e89b6d571e73f85bff04df71d7a120ea0db56e63282372f1e881aecec7c",
+                        "61379474c1ffc0f3905676a35bbd7aeae723cafbd9d009e41e29105b058c12a5",
+                        "623c5e18f10921e6142ff115a750285427aa8e0d5e22b01826a13004471a945e",
+                        "6916e5f854b557f379d37f689c565023e9b998ec33085f7db93c6c118e713856",
+                        "6e191847d61897640fd344288756f5d59ec407e2d82191a80ca61ac1fdcf5ea4",
+                        "792e03a293bd084dae4581bd0d0968771bab2260198ae9921d69208b9cdbe1f8",
+                        "7c6c4b95a8f371197879242621a29b420020f499f2492b299e8f732aca2d9468",
+                        "861a9fe61b65913d45bc9e70f9f0967b0a1d6b8f5e10ca36e64d11f340845a1c"
+                    ],
+                    "name": "Global\\674972E3a"
+                },
+                {
+                    "hashes": [
+                        "043c264efa0f27d30ebff0d9c3c5239ec02ddf012bebf53740e9e9fa45278b88",
+                        "0629056f7d4102a08a4b773253d62453445ee91cc17fa1650b40d1bbca216e81",
+                        "07265ea0a06d695ee7d9c432328fa03c9b094156ea4340d655a9bd004f1ec245",
+                        "07f6802aefceb7295163b85221c6edee87eb714f85e898f91b832fd427fcb840",
+                        "13dfcc67efbbd2fbab594ec2f166c3bd606daedbc84e0af9a85aa73e9c365e69",
+                        "15dee18e595c7229866196fb35705cc11d156254302524d128c6de1091070752",
+                        "1a8d546528102cd45980bce71b0159d8a8d50ad877219f2930f64010f3b10de2",
+                        "1b0038caef373a183c07a3432a071d39a6cc6a1382a841176ba755d5f87093c1",
+                        "1e86f351224a048a3e345984bab57e1573c78138af6593db20139cc35c907fe4",
+                        "1f729fb1fd0057f77b71361c6d65d65c9e1634fe5522f0e2eb30d6856c885567",
+                        "261fa852470332ce18fee88de0ee43e701044a086a816e8e4c4fee5abd36feee",
+                        "356a0c3ec22d725e81f8441e61551f112ec136502b533c3eb3ae707345c7d1de",
+                        "3914cb2391b1f4dea8beb1310ad8804b9ab30218808f2fba1b21a7d398473d7c",
+                        "476c6b55260a892b205eca31487a5c9df84972fcfa32e1579ad8cafc4e3ae412",
+                        "47dfc9a17dcf98d70546463ee6744ccd866bb25dcc761a17f6fc80c658360a87",
+                        "4dacfeb76545ad7fd43c89145e504410c257dff11ef64f9bb7dc3d0543474e30",
+                        "555eafa8932f34b79dde787d1e24d049a6cd662a9f79433358c287ecf087c2d2",
+                        "56492e89b6d571e73f85bff04df71d7a120ea0db56e63282372f1e881aecec7c",
+                        "61379474c1ffc0f3905676a35bbd7aeae723cafbd9d009e41e29105b058c12a5",
+                        "623c5e18f10921e6142ff115a750285427aa8e0d5e22b01826a13004471a945e",
+                        "6916e5f854b557f379d37f689c565023e9b998ec33085f7db93c6c118e713856",
+                        "6e191847d61897640fd344288756f5d59ec407e2d82191a80ca61ac1fdcf5ea4",
+                        "792e03a293bd084dae4581bd0d0968771bab2260198ae9921d69208b9cdbe1f8",
+                        "7c6c4b95a8f371197879242621a29b420020f499f2492b299e8f732aca2d9468",
+                        "861a9fe61b65913d45bc9e70f9f0967b0a1d6b8f5e10ca36e64d11f340845a1c"
+                    ],
+                    "name": "internal_wutex_0x00000120"
+                },
+                {
+                    "hashes": [
+                        "043c264efa0f27d30ebff0d9c3c5239ec02ddf012bebf53740e9e9fa45278b88",
+                        "0629056f7d4102a08a4b773253d62453445ee91cc17fa1650b40d1bbca216e81",
+                        "07265ea0a06d695ee7d9c432328fa03c9b094156ea4340d655a9bd004f1ec245",
+                        "07f6802aefceb7295163b85221c6edee87eb714f85e898f91b832fd427fcb840",
+                        "13dfcc67efbbd2fbab594ec2f166c3bd606daedbc84e0af9a85aa73e9c365e69",
+                        "15dee18e595c7229866196fb35705cc11d156254302524d128c6de1091070752",
+                        "1a8d546528102cd45980bce71b0159d8a8d50ad877219f2930f64010f3b10de2",
+                        "1b0038caef373a183c07a3432a071d39a6cc6a1382a841176ba755d5f87093c1",
+                        "1e86f351224a048a3e345984bab57e1573c78138af6593db20139cc35c907fe4",
+                        "1f729fb1fd0057f77b71361c6d65d65c9e1634fe5522f0e2eb30d6856c885567",
+                        "261fa852470332ce18fee88de0ee43e701044a086a816e8e4c4fee5abd36feee",
+                        "356a0c3ec22d725e81f8441e61551f112ec136502b533c3eb3ae707345c7d1de",
+                        "3914cb2391b1f4dea8beb1310ad8804b9ab30218808f2fba1b21a7d398473d7c",
+                        "476c6b55260a892b205eca31487a5c9df84972fcfa32e1579ad8cafc4e3ae412",
+                        "47dfc9a17dcf98d70546463ee6744ccd866bb25dcc761a17f6fc80c658360a87",
+                        "4dacfeb76545ad7fd43c89145e504410c257dff11ef64f9bb7dc3d0543474e30",
+                        "555eafa8932f34b79dde787d1e24d049a6cd662a9f79433358c287ecf087c2d2",
+                        "56492e89b6d571e73f85bff04df71d7a120ea0db56e63282372f1e881aecec7c",
+                        "61379474c1ffc0f3905676a35bbd7aeae723cafbd9d009e41e29105b058c12a5",
+                        "623c5e18f10921e6142ff115a750285427aa8e0d5e22b01826a13004471a945e",
+                        "6916e5f854b557f379d37f689c565023e9b998ec33085f7db93c6c118e713856",
+                        "6e191847d61897640fd344288756f5d59ec407e2d82191a80ca61ac1fdcf5ea4",
+                        "792e03a293bd084dae4581bd0d0968771bab2260198ae9921d69208b9cdbe1f8",
+                        "7c6c4b95a8f371197879242621a29b420020f499f2492b299e8f732aca2d9468",
+                        "861a9fe61b65913d45bc9e70f9f0967b0a1d6b8f5e10ca36e64d11f340845a1c"
+                    ],
+                    "name": "internal_wutex_0x00000424"
+                },
+                {
+                    "hashes": [
+                        "043c264efa0f27d30ebff0d9c3c5239ec02ddf012bebf53740e9e9fa45278b88",
+                        "0629056f7d4102a08a4b773253d62453445ee91cc17fa1650b40d1bbca216e81",
+                        "07265ea0a06d695ee7d9c432328fa03c9b094156ea4340d655a9bd004f1ec245",
+                        "07f6802aefceb7295163b85221c6edee87eb714f85e898f91b832fd427fcb840",
+                        "13dfcc67efbbd2fbab594ec2f166c3bd606daedbc84e0af9a85aa73e9c365e69",
+                        "15dee18e595c7229866196fb35705cc11d156254302524d128c6de1091070752",
+                        "1a8d546528102cd45980bce71b0159d8a8d50ad877219f2930f64010f3b10de2",
+                        "1b0038caef373a183c07a3432a071d39a6cc6a1382a841176ba755d5f87093c1",
+                        "1e86f351224a048a3e345984bab57e1573c78138af6593db20139cc35c907fe4",
+                        "1f729fb1fd0057f77b71361c6d65d65c9e1634fe5522f0e2eb30d6856c885567",
+                        "261fa852470332ce18fee88de0ee43e701044a086a816e8e4c4fee5abd36feee",
+                        "356a0c3ec22d725e81f8441e61551f112ec136502b533c3eb3ae707345c7d1de",
+                        "3914cb2391b1f4dea8beb1310ad8804b9ab30218808f2fba1b21a7d398473d7c",
+                        "476c6b55260a892b205eca31487a5c9df84972fcfa32e1579ad8cafc4e3ae412",
+                        "47dfc9a17dcf98d70546463ee6744ccd866bb25dcc761a17f6fc80c658360a87",
+                        "4dacfeb76545ad7fd43c89145e504410c257dff11ef64f9bb7dc3d0543474e30",
+                        "555eafa8932f34b79dde787d1e24d049a6cd662a9f79433358c287ecf087c2d2",
+                        "56492e89b6d571e73f85bff04df71d7a120ea0db56e63282372f1e881aecec7c",
+                        "61379474c1ffc0f3905676a35bbd7aeae723cafbd9d009e41e29105b058c12a5",
+                        "623c5e18f10921e6142ff115a750285427aa8e0d5e22b01826a13004471a945e",
+                        "6916e5f854b557f379d37f689c565023e9b998ec33085f7db93c6c118e713856",
+                        "6e191847d61897640fd344288756f5d59ec407e2d82191a80ca61ac1fdcf5ea4",
+                        "792e03a293bd084dae4581bd0d0968771bab2260198ae9921d69208b9cdbe1f8",
+                        "7c6c4b95a8f371197879242621a29b420020f499f2492b299e8f732aca2d9468",
+                        "861a9fe61b65913d45bc9e70f9f0967b0a1d6b8f5e10ca36e64d11f340845a1c"
+                    ],
+                    "name": "internal_wutex_0x00000474"
+                },
+                {
+                    "hashes": [
+                        "043c264efa0f27d30ebff0d9c3c5239ec02ddf012bebf53740e9e9fa45278b88",
+                        "0629056f7d4102a08a4b773253d62453445ee91cc17fa1650b40d1bbca216e81",
+                        "07265ea0a06d695ee7d9c432328fa03c9b094156ea4340d655a9bd004f1ec245",
+                        "07f6802aefceb7295163b85221c6edee87eb714f85e898f91b832fd427fcb840",
+                        "13dfcc67efbbd2fbab594ec2f166c3bd606daedbc84e0af9a85aa73e9c365e69",
+                        "15dee18e595c7229866196fb35705cc11d156254302524d128c6de1091070752",
+                        "1a8d546528102cd45980bce71b0159d8a8d50ad877219f2930f64010f3b10de2",
+                        "1b0038caef373a183c07a3432a071d39a6cc6a1382a841176ba755d5f87093c1",
+                        "1e86f351224a048a3e345984bab57e1573c78138af6593db20139cc35c907fe4",
+                        "1f729fb1fd0057f77b71361c6d65d65c9e1634fe5522f0e2eb30d6856c885567",
+                        "261fa852470332ce18fee88de0ee43e701044a086a816e8e4c4fee5abd36feee",
+                        "356a0c3ec22d725e81f8441e61551f112ec136502b533c3eb3ae707345c7d1de",
+                        "3914cb2391b1f4dea8beb1310ad8804b9ab30218808f2fba1b21a7d398473d7c",
+                        "476c6b55260a892b205eca31487a5c9df84972fcfa32e1579ad8cafc4e3ae412",
+                        "47dfc9a17dcf98d70546463ee6744ccd866bb25dcc761a17f6fc80c658360a87",
+                        "4dacfeb76545ad7fd43c89145e504410c257dff11ef64f9bb7dc3d0543474e30",
+                        "555eafa8932f34b79dde787d1e24d049a6cd662a9f79433358c287ecf087c2d2",
+                        "56492e89b6d571e73f85bff04df71d7a120ea0db56e63282372f1e881aecec7c",
+                        "61379474c1ffc0f3905676a35bbd7aeae723cafbd9d009e41e29105b058c12a5",
+                        "623c5e18f10921e6142ff115a750285427aa8e0d5e22b01826a13004471a945e",
+                        "6916e5f854b557f379d37f689c565023e9b998ec33085f7db93c6c118e713856",
+                        "6e191847d61897640fd344288756f5d59ec407e2d82191a80ca61ac1fdcf5ea4",
+                        "792e03a293bd084dae4581bd0d0968771bab2260198ae9921d69208b9cdbe1f8",
+                        "7c6c4b95a8f371197879242621a29b420020f499f2492b299e8f732aca2d9468",
+                        "861a9fe61b65913d45bc9e70f9f0967b0a1d6b8f5e10ca36e64d11f340845a1c"
+                    ],
+                    "name": "Global\\C3D74C3Ba"
+                },
+                {
+                    "hashes": [
+                        "043c264efa0f27d30ebff0d9c3c5239ec02ddf012bebf53740e9e9fa45278b88",
+                        "0629056f7d4102a08a4b773253d62453445ee91cc17fa1650b40d1bbca216e81",
+                        "07265ea0a06d695ee7d9c432328fa03c9b094156ea4340d655a9bd004f1ec245",
+                        "07f6802aefceb7295163b85221c6edee87eb714f85e898f91b832fd427fcb840",
+                        "13dfcc67efbbd2fbab594ec2f166c3bd606daedbc84e0af9a85aa73e9c365e69",
+                        "15dee18e595c7229866196fb35705cc11d156254302524d128c6de1091070752",
+                        "1a8d546528102cd45980bce71b0159d8a8d50ad877219f2930f64010f3b10de2",
+                        "1b0038caef373a183c07a3432a071d39a6cc6a1382a841176ba755d5f87093c1",
+                        "1e86f351224a048a3e345984bab57e1573c78138af6593db20139cc35c907fe4",
+                        "1f729fb1fd0057f77b71361c6d65d65c9e1634fe5522f0e2eb30d6856c885567",
+                        "261fa852470332ce18fee88de0ee43e701044a086a816e8e4c4fee5abd36feee",
+                        "356a0c3ec22d725e81f8441e61551f112ec136502b533c3eb3ae707345c7d1de",
+                        "3914cb2391b1f4dea8beb1310ad8804b9ab30218808f2fba1b21a7d398473d7c",
+                        "476c6b55260a892b205eca31487a5c9df84972fcfa32e1579ad8cafc4e3ae412",
+                        "47dfc9a17dcf98d70546463ee6744ccd866bb25dcc761a17f6fc80c658360a87",
+                        "4dacfeb76545ad7fd43c89145e504410c257dff11ef64f9bb7dc3d0543474e30",
+                        "555eafa8932f34b79dde787d1e24d049a6cd662a9f79433358c287ecf087c2d2",
+                        "56492e89b6d571e73f85bff04df71d7a120ea0db56e63282372f1e881aecec7c",
+                        "61379474c1ffc0f3905676a35bbd7aeae723cafbd9d009e41e29105b058c12a5",
+                        "623c5e18f10921e6142ff115a750285427aa8e0d5e22b01826a13004471a945e",
+                        "6916e5f854b557f379d37f689c565023e9b998ec33085f7db93c6c118e713856",
+                        "6e191847d61897640fd344288756f5d59ec407e2d82191a80ca61ac1fdcf5ea4",
+                        "792e03a293bd084dae4581bd0d0968771bab2260198ae9921d69208b9cdbe1f8",
+                        "7c6c4b95a8f371197879242621a29b420020f499f2492b299e8f732aca2d9468",
+                        "861a9fe61b65913d45bc9e70f9f0967b0a1d6b8f5e10ca36e64d11f340845a1c"
+                    ],
+                    "name": "internal_wutex_0x<random, matching [0-9a-f]{8}>"
+                },
+                {
+                    "hashes": [
+                        "07f6802aefceb7295163b85221c6edee87eb714f85e898f91b832fd427fcb840",
+                        "13dfcc67efbbd2fbab594ec2f166c3bd606daedbc84e0af9a85aa73e9c365e69",
+                        "1a8d546528102cd45980bce71b0159d8a8d50ad877219f2930f64010f3b10de2",
+                        "1f729fb1fd0057f77b71361c6d65d65c9e1634fe5522f0e2eb30d6856c885567",
+                        "356a0c3ec22d725e81f8441e61551f112ec136502b533c3eb3ae707345c7d1de",
+                        "3914cb2391b1f4dea8beb1310ad8804b9ab30218808f2fba1b21a7d398473d7c",
+                        "476c6b55260a892b205eca31487a5c9df84972fcfa32e1579ad8cafc4e3ae412",
+                        "4dacfeb76545ad7fd43c89145e504410c257dff11ef64f9bb7dc3d0543474e30",
+                        "61379474c1ffc0f3905676a35bbd7aeae723cafbd9d009e41e29105b058c12a5",
+                        "7c6c4b95a8f371197879242621a29b420020f499f2492b299e8f732aca2d9468"
+                    ],
+                    "name": "internal_wutex_0x000003b4"
+                }
+            ],
+            "registry": [
+                {
+                    "hashes": [
+                        "043c264efa0f27d30ebff0d9c3c5239ec02ddf012bebf53740e9e9fa45278b88",
+                        "0629056f7d4102a08a4b773253d62453445ee91cc17fa1650b40d1bbca216e81",
+                        "07265ea0a06d695ee7d9c432328fa03c9b094156ea4340d655a9bd004f1ec245",
+                        "07f6802aefceb7295163b85221c6edee87eb714f85e898f91b832fd427fcb840",
+                        "13dfcc67efbbd2fbab594ec2f166c3bd606daedbc84e0af9a85aa73e9c365e69",
+                        "15dee18e595c7229866196fb35705cc11d156254302524d128c6de1091070752",
+                        "1a8d546528102cd45980bce71b0159d8a8d50ad877219f2930f64010f3b10de2",
+                        "1b0038caef373a183c07a3432a071d39a6cc6a1382a841176ba755d5f87093c1",
+                        "1e86f351224a048a3e345984bab57e1573c78138af6593db20139cc35c907fe4",
+                        "1f729fb1fd0057f77b71361c6d65d65c9e1634fe5522f0e2eb30d6856c885567",
+                        "261fa852470332ce18fee88de0ee43e701044a086a816e8e4c4fee5abd36feee",
+                        "356a0c3ec22d725e81f8441e61551f112ec136502b533c3eb3ae707345c7d1de",
+                        "3914cb2391b1f4dea8beb1310ad8804b9ab30218808f2fba1b21a7d398473d7c",
+                        "476c6b55260a892b205eca31487a5c9df84972fcfa32e1579ad8cafc4e3ae412",
+                        "47dfc9a17dcf98d70546463ee6744ccd866bb25dcc761a17f6fc80c658360a87",
+                        "4dacfeb76545ad7fd43c89145e504410c257dff11ef64f9bb7dc3d0543474e30",
+                        "555eafa8932f34b79dde787d1e24d049a6cd662a9f79433358c287ecf087c2d2",
+                        "56492e89b6d571e73f85bff04df71d7a120ea0db56e63282372f1e881aecec7c",
+                        "61379474c1ffc0f3905676a35bbd7aeae723cafbd9d009e41e29105b058c12a5",
+                        "623c5e18f10921e6142ff115a750285427aa8e0d5e22b01826a13004471a945e",
+                        "6916e5f854b557f379d37f689c565023e9b998ec33085f7db93c6c118e713856",
+                        "6e191847d61897640fd344288756f5d59ec407e2d82191a80ca61ac1fdcf5ea4",
+                        "792e03a293bd084dae4581bd0d0968771bab2260198ae9921d69208b9cdbe1f8",
+                        "7c6c4b95a8f371197879242621a29b420020f499f2492b299e8f732aca2d9468",
+                        "861a9fe61b65913d45bc9e70f9f0967b0a1d6b8f5e10ca36e64d11f340845a1c"
+                    ],
+                    "key": "<HKLM>\\SOFTWARE\\MICROSOFT",
+                    "value_name": "67497551a"
+                },
+                {
+                    "hashes": [
+                        "043c264efa0f27d30ebff0d9c3c5239ec02ddf012bebf53740e9e9fa45278b88",
+                        "0629056f7d4102a08a4b773253d62453445ee91cc17fa1650b40d1bbca216e81",
+                        "07265ea0a06d695ee7d9c432328fa03c9b094156ea4340d655a9bd004f1ec245",
+                        "07f6802aefceb7295163b85221c6edee87eb714f85e898f91b832fd427fcb840",
+                        "13dfcc67efbbd2fbab594ec2f166c3bd606daedbc84e0af9a85aa73e9c365e69",
+                        "15dee18e595c7229866196fb35705cc11d156254302524d128c6de1091070752",
+                        "1a8d546528102cd45980bce71b0159d8a8d50ad877219f2930f64010f3b10de2",
+                        "1b0038caef373a183c07a3432a071d39a6cc6a1382a841176ba755d5f87093c1",
+                        "1e86f351224a048a3e345984bab57e1573c78138af6593db20139cc35c907fe4",
+                        "1f729fb1fd0057f77b71361c6d65d65c9e1634fe5522f0e2eb30d6856c885567",
+                        "261fa852470332ce18fee88de0ee43e701044a086a816e8e4c4fee5abd36feee",
+                        "356a0c3ec22d725e81f8441e61551f112ec136502b533c3eb3ae707345c7d1de",
+                        "3914cb2391b1f4dea8beb1310ad8804b9ab30218808f2fba1b21a7d398473d7c",
+                        "476c6b55260a892b205eca31487a5c9df84972fcfa32e1579ad8cafc4e3ae412",
+                        "47dfc9a17dcf98d70546463ee6744ccd866bb25dcc761a17f6fc80c658360a87",
+                        "4dacfeb76545ad7fd43c89145e504410c257dff11ef64f9bb7dc3d0543474e30",
+                        "555eafa8932f34b79dde787d1e24d049a6cd662a9f79433358c287ecf087c2d2",
+                        "56492e89b6d571e73f85bff04df71d7a120ea0db56e63282372f1e881aecec7c",
+                        "61379474c1ffc0f3905676a35bbd7aeae723cafbd9d009e41e29105b058c12a5",
+                        "623c5e18f10921e6142ff115a750285427aa8e0d5e22b01826a13004471a945e",
+                        "6916e5f854b557f379d37f689c565023e9b998ec33085f7db93c6c118e713856",
+                        "6e191847d61897640fd344288756f5d59ec407e2d82191a80ca61ac1fdcf5ea4",
+                        "792e03a293bd084dae4581bd0d0968771bab2260198ae9921d69208b9cdbe1f8",
+                        "7c6c4b95a8f371197879242621a29b420020f499f2492b299e8f732aca2d9468",
+                        "861a9fe61b65913d45bc9e70f9f0967b0a1d6b8f5e10ca36e64d11f340845a1c"
+                    ],
+                    "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINLOGON",
+                    "value_name": "98b68e3c"
+                },
+                {
+                    "hashes": [
+                        "043c264efa0f27d30ebff0d9c3c5239ec02ddf012bebf53740e9e9fa45278b88",
+                        "0629056f7d4102a08a4b773253d62453445ee91cc17fa1650b40d1bbca216e81",
+                        "07265ea0a06d695ee7d9c432328fa03c9b094156ea4340d655a9bd004f1ec245",
+                        "07f6802aefceb7295163b85221c6edee87eb714f85e898f91b832fd427fcb840",
+                        "13dfcc67efbbd2fbab594ec2f166c3bd606daedbc84e0af9a85aa73e9c365e69",
+                        "15dee18e595c7229866196fb35705cc11d156254302524d128c6de1091070752",
+                        "1a8d546528102cd45980bce71b0159d8a8d50ad877219f2930f64010f3b10de2",
+                        "1b0038caef373a183c07a3432a071d39a6cc6a1382a841176ba755d5f87093c1",
+                        "1e86f351224a048a3e345984bab57e1573c78138af6593db20139cc35c907fe4",
+                        "1f729fb1fd0057f77b71361c6d65d65c9e1634fe5522f0e2eb30d6856c885567",
+                        "261fa852470332ce18fee88de0ee43e701044a086a816e8e4c4fee5abd36feee",
+                        "356a0c3ec22d725e81f8441e61551f112ec136502b533c3eb3ae707345c7d1de",
+                        "3914cb2391b1f4dea8beb1310ad8804b9ab30218808f2fba1b21a7d398473d7c",
+                        "476c6b55260a892b205eca31487a5c9df84972fcfa32e1579ad8cafc4e3ae412",
+                        "47dfc9a17dcf98d70546463ee6744ccd866bb25dcc761a17f6fc80c658360a87",
+                        "4dacfeb76545ad7fd43c89145e504410c257dff11ef64f9bb7dc3d0543474e30",
+                        "555eafa8932f34b79dde787d1e24d049a6cd662a9f79433358c287ecf087c2d2",
+                        "56492e89b6d571e73f85bff04df71d7a120ea0db56e63282372f1e881aecec7c",
+                        "61379474c1ffc0f3905676a35bbd7aeae723cafbd9d009e41e29105b058c12a5",
+                        "623c5e18f10921e6142ff115a750285427aa8e0d5e22b01826a13004471a945e",
+                        "6916e5f854b557f379d37f689c565023e9b998ec33085f7db93c6c118e713856",
+                        "6e191847d61897640fd344288756f5d59ec407e2d82191a80ca61ac1fdcf5ea4",
+                        "792e03a293bd084dae4581bd0d0968771bab2260198ae9921d69208b9cdbe1f8",
+                        "7c6c4b95a8f371197879242621a29b420020f499f2492b299e8f732aca2d9468",
+                        "861a9fe61b65913d45bc9e70f9f0967b0a1d6b8f5e10ca36e64d11f340845a1c"
+                    ],
+                    "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINLOGON",
+                    "value_name": "userinit"
+                },
+                {
+                    "hashes": [
+                        "043c264efa0f27d30ebff0d9c3c5239ec02ddf012bebf53740e9e9fa45278b88",
+                        "0629056f7d4102a08a4b773253d62453445ee91cc17fa1650b40d1bbca216e81",
+                        "07265ea0a06d695ee7d9c432328fa03c9b094156ea4340d655a9bd004f1ec245",
+                        "07f6802aefceb7295163b85221c6edee87eb714f85e898f91b832fd427fcb840",
+                        "13dfcc67efbbd2fbab594ec2f166c3bd606daedbc84e0af9a85aa73e9c365e69",
+                        "15dee18e595c7229866196fb35705cc11d156254302524d128c6de1091070752",
+                        "1a8d546528102cd45980bce71b0159d8a8d50ad877219f2930f64010f3b10de2",
+                        "1b0038caef373a183c07a3432a071d39a6cc6a1382a841176ba755d5f87093c1",
+                        "1e86f351224a048a3e345984bab57e1573c78138af6593db20139cc35c907fe4",
+                        "1f729fb1fd0057f77b71361c6d65d65c9e1634fe5522f0e2eb30d6856c885567",
+                        "261fa852470332ce18fee88de0ee43e701044a086a816e8e4c4fee5abd36feee",
+                        "356a0c3ec22d725e81f8441e61551f112ec136502b533c3eb3ae707345c7d1de",
+                        "3914cb2391b1f4dea8beb1310ad8804b9ab30218808f2fba1b21a7d398473d7c",
+                        "476c6b55260a892b205eca31487a5c9df84972fcfa32e1579ad8cafc4e3ae412",
+                        "47dfc9a17dcf98d70546463ee6744ccd866bb25dcc761a17f6fc80c658360a87",
+                        "4dacfeb76545ad7fd43c89145e504410c257dff11ef64f9bb7dc3d0543474e30",
+                        "555eafa8932f34b79dde787d1e24d049a6cd662a9f79433358c287ecf087c2d2",
+                        "56492e89b6d571e73f85bff04df71d7a120ea0db56e63282372f1e881aecec7c",
+                        "61379474c1ffc0f3905676a35bbd7aeae723cafbd9d009e41e29105b058c12a5",
+                        "623c5e18f10921e6142ff115a750285427aa8e0d5e22b01826a13004471a945e",
+                        "6916e5f854b557f379d37f689c565023e9b998ec33085f7db93c6c118e713856",
+                        "6e191847d61897640fd344288756f5d59ec407e2d82191a80ca61ac1fdcf5ea4",
+                        "792e03a293bd084dae4581bd0d0968771bab2260198ae9921d69208b9cdbe1f8",
+                        "7c6c4b95a8f371197879242621a29b420020f499f2492b299e8f732aca2d9468",
+                        "861a9fe61b65913d45bc9e70f9f0967b0a1d6b8f5e10ca36e64d11f340845a1c"
+                    ],
+                    "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINLOGON",
+                    "value_name": "System"
+                },
+                {
+                    "hashes": [
+                        "043c264efa0f27d30ebff0d9c3c5239ec02ddf012bebf53740e9e9fa45278b88",
+                        "0629056f7d4102a08a4b773253d62453445ee91cc17fa1650b40d1bbca216e81",
+                        "07265ea0a06d695ee7d9c432328fa03c9b094156ea4340d655a9bd004f1ec245",
+                        "07f6802aefceb7295163b85221c6edee87eb714f85e898f91b832fd427fcb840",
+                        "13dfcc67efbbd2fbab594ec2f166c3bd606daedbc84e0af9a85aa73e9c365e69",
+                        "15dee18e595c7229866196fb35705cc11d156254302524d128c6de1091070752",
+                        "1a8d546528102cd45980bce71b0159d8a8d50ad877219f2930f64010f3b10de2",
+                        "1b0038caef373a183c07a3432a071d39a6cc6a1382a841176ba755d5f87093c1",
+                        "1e86f351224a048a3e345984bab57e1573c78138af6593db20139cc35c907fe4",
+                        "1f729fb1fd0057f77b71361c6d65d65c9e1634fe5522f0e2eb30d6856c885567",
+                        "261fa852470332ce18fee88de0ee43e701044a086a816e8e4c4fee5abd36feee",
+                        "356a0c3ec22d725e81f8441e61551f112ec136502b533c3eb3ae707345c7d1de",
+                        "3914cb2391b1f4dea8beb1310ad8804b9ab30218808f2fba1b21a7d398473d7c",
+                        "476c6b55260a892b205eca31487a5c9df84972fcfa32e1579ad8cafc4e3ae412",
+                        "47dfc9a17dcf98d70546463ee6744ccd866bb25dcc761a17f6fc80c658360a87",
+                        "4dacfeb76545ad7fd43c89145e504410c257dff11ef64f9bb7dc3d0543474e30",
+                        "555eafa8932f34b79dde787d1e24d049a6cd662a9f79433358c287ecf087c2d2",
+                        "56492e89b6d571e73f85bff04df71d7a120ea0db56e63282372f1e881aecec7c",
+                        "61379474c1ffc0f3905676a35bbd7aeae723cafbd9d009e41e29105b058c12a5",
+                        "623c5e18f10921e6142ff115a750285427aa8e0d5e22b01826a13004471a945e",
+                        "6916e5f854b557f379d37f689c565023e9b998ec33085f7db93c6c118e713856",
+                        "6e191847d61897640fd344288756f5d59ec407e2d82191a80ca61ac1fdcf5ea4",
+                        "792e03a293bd084dae4581bd0d0968771bab2260198ae9921d69208b9cdbe1f8",
+                        "7c6c4b95a8f371197879242621a29b420020f499f2492b299e8f732aca2d9468",
+                        "861a9fe61b65913d45bc9e70f9f0967b0a1d6b8f5e10ca36e64d11f340845a1c"
+                    ],
+                    "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS",
+                    "value_name": "load"
+                },
+                {
+                    "hashes": [
+                        "043c264efa0f27d30ebff0d9c3c5239ec02ddf012bebf53740e9e9fa45278b88",
+                        "0629056f7d4102a08a4b773253d62453445ee91cc17fa1650b40d1bbca216e81",
+                        "07265ea0a06d695ee7d9c432328fa03c9b094156ea4340d655a9bd004f1ec245",
+                        "07f6802aefceb7295163b85221c6edee87eb714f85e898f91b832fd427fcb840",
+                        "13dfcc67efbbd2fbab594ec2f166c3bd606daedbc84e0af9a85aa73e9c365e69",
+                        "15dee18e595c7229866196fb35705cc11d156254302524d128c6de1091070752",
+                        "1a8d546528102cd45980bce71b0159d8a8d50ad877219f2930f64010f3b10de2",
+                        "1b0038caef373a183c07a3432a071d39a6cc6a1382a841176ba755d5f87093c1",
+                        "1e86f351224a048a3e345984bab57e1573c78138af6593db20139cc35c907fe4",
+                        "1f729fb1fd0057f77b71361c6d65d65c9e1634fe5522f0e2eb30d6856c885567",
+                        "261fa852470332ce18fee88de0ee43e701044a086a816e8e4c4fee5abd36feee",
+                        "356a0c3ec22d725e81f8441e61551f112ec136502b533c3eb3ae707345c7d1de",
+                        "3914cb2391b1f4dea8beb1310ad8804b9ab30218808f2fba1b21a7d398473d7c",
+                        "476c6b55260a892b205eca31487a5c9df84972fcfa32e1579ad8cafc4e3ae412",
+                        "47dfc9a17dcf98d70546463ee6744ccd866bb25dcc761a17f6fc80c658360a87",
+                        "4dacfeb76545ad7fd43c89145e504410c257dff11ef64f9bb7dc3d0543474e30",
+                        "555eafa8932f34b79dde787d1e24d049a6cd662a9f79433358c287ecf087c2d2",
+                        "56492e89b6d571e73f85bff04df71d7a120ea0db56e63282372f1e881aecec7c",
+                        "61379474c1ffc0f3905676a35bbd7aeae723cafbd9d009e41e29105b058c12a5",
+                        "623c5e18f10921e6142ff115a750285427aa8e0d5e22b01826a13004471a945e",
+                        "6916e5f854b557f379d37f689c565023e9b998ec33085f7db93c6c118e713856",
+                        "6e191847d61897640fd344288756f5d59ec407e2d82191a80ca61ac1fdcf5ea4",
+                        "792e03a293bd084dae4581bd0d0968771bab2260198ae9921d69208b9cdbe1f8",
+                        "7c6c4b95a8f371197879242621a29b420020f499f2492b299e8f732aca2d9468",
+                        "861a9fe61b65913d45bc9e70f9f0967b0a1d6b8f5e10ca36e64d11f340845a1c"
+                    ],
+                    "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS",
+                    "value_name": "run"
+                },
+                {
+                    "hashes": [
+                        "043c264efa0f27d30ebff0d9c3c5239ec02ddf012bebf53740e9e9fa45278b88",
+                        "0629056f7d4102a08a4b773253d62453445ee91cc17fa1650b40d1bbca216e81",
+                        "07265ea0a06d695ee7d9c432328fa03c9b094156ea4340d655a9bd004f1ec245",
+                        "07f6802aefceb7295163b85221c6edee87eb714f85e898f91b832fd427fcb840",
+                        "13dfcc67efbbd2fbab594ec2f166c3bd606daedbc84e0af9a85aa73e9c365e69",
+                        "15dee18e595c7229866196fb35705cc11d156254302524d128c6de1091070752",
+                        "1a8d546528102cd45980bce71b0159d8a8d50ad877219f2930f64010f3b10de2",
+                        "1b0038caef373a183c07a3432a071d39a6cc6a1382a841176ba755d5f87093c1",
+                        "1e86f351224a048a3e345984bab57e1573c78138af6593db20139cc35c907fe4",
+                        "1f729fb1fd0057f77b71361c6d65d65c9e1634fe5522f0e2eb30d6856c885567",
+                        "261fa852470332ce18fee88de0ee43e701044a086a816e8e4c4fee5abd36feee",
+                        "356a0c3ec22d725e81f8441e61551f112ec136502b533c3eb3ae707345c7d1de",
+                        "3914cb2391b1f4dea8beb1310ad8804b9ab30218808f2fba1b21a7d398473d7c",
+                        "476c6b55260a892b205eca31487a5c9df84972fcfa32e1579ad8cafc4e3ae412",
+                        "47dfc9a17dcf98d70546463ee6744ccd866bb25dcc761a17f6fc80c658360a87",
+                        "4dacfeb76545ad7fd43c89145e504410c257dff11ef64f9bb7dc3d0543474e30",
+                        "555eafa8932f34b79dde787d1e24d049a6cd662a9f79433358c287ecf087c2d2",
+                        "56492e89b6d571e73f85bff04df71d7a120ea0db56e63282372f1e881aecec7c",
+                        "61379474c1ffc0f3905676a35bbd7aeae723cafbd9d009e41e29105b058c12a5",
+                        "623c5e18f10921e6142ff115a750285427aa8e0d5e22b01826a13004471a945e",
+                        "6916e5f854b557f379d37f689c565023e9b998ec33085f7db93c6c118e713856",
+                        "6e191847d61897640fd344288756f5d59ec407e2d82191a80ca61ac1fdcf5ea4",
+                        "792e03a293bd084dae4581bd0d0968771bab2260198ae9921d69208b9cdbe1f8",
+                        "7c6c4b95a8f371197879242621a29b420020f499f2492b299e8f732aca2d9468",
+                        "861a9fe61b65913d45bc9e70f9f0967b0a1d6b8f5e10ca36e64d11f340845a1c"
+                    ],
+                    "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN",
+                    "value_name": "userinit"
+                }
+            ]
+        },
+        "reports_count": 25
+    },
+    "Win.Packed.Tofsee-7916644-0": {
+        "bis": [
+            {
+                "bi": "pe-encrypted-section",
+                "hashes": [
+                    "309899a737816d8291685aeb67618be893d201317399830ae4a6f7d7e9858000",
+                    "fe8365c21e87e06f043cbe7bba77282f4ef863ec1e4daf3ff3d636f94220cc77",
+                    "4ad9b2c71f0eafb891f414285257264f921c343864188c1398f68b61726f758d",
+                    "9d96b364c973c091ff9e621c1ded677389e00acf7fc33e9977199824cf4e26f2",
+                    "d87d470c2057041c3557a57eb7c5b00e979a7af48e7ebfa0675690bf6eb9c514",
+                    "6df0c5e8223170acf789bf9b431f8c8c792dadc8194c1ab0da7e1926df128f89",
+                    "b4e429e50a1d0441eb65a08386df57f386dd3f78992572a5cc11e05b679989f0",
+                    "61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586",
+                    "00e38dec7e06aad96186e8811f0119eb1b56369f73ce2b1d7e682084657db5d6",
+                    "4a6604cb3a9a6570eaacffb681b3ccd28d2521f03bb449f1a205525dd8172046"
+                ],
+                "mitre_attack_tags": [
+                    "TA0005",
+                    "T1027"
+                ]
+            },
+            {
+                "bi": "memory-execute-readwrite",
+                "hashes": [
+                    "309899a737816d8291685aeb67618be893d201317399830ae4a6f7d7e9858000",
+                    "fe8365c21e87e06f043cbe7bba77282f4ef863ec1e4daf3ff3d636f94220cc77",
+                    "4ad9b2c71f0eafb891f414285257264f921c343864188c1398f68b61726f758d",
+                    "9d96b364c973c091ff9e621c1ded677389e00acf7fc33e9977199824cf4e26f2",
+                    "d87d470c2057041c3557a57eb7c5b00e979a7af48e7ebfa0675690bf6eb9c514",
+                    "6df0c5e8223170acf789bf9b431f8c8c792dadc8194c1ab0da7e1926df128f89",
+                    "b4e429e50a1d0441eb65a08386df57f386dd3f78992572a5cc11e05b679989f0",
+                    "61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586",
+                    "00e38dec7e06aad96186e8811f0119eb1b56369f73ce2b1d7e682084657db5d6",
+                    "4a6604cb3a9a6570eaacffb681b3ccd28d2521f03bb449f1a205525dd8172046"
+                ],
+                "mitre_attack_tags": [
+                    "TA0005",
+                    "TA0004",
+                    "T1055",
+                    "T1181"
+                ]
+            },
+            {
+                "bi": "cta-static-analyzer-malicious",
+                "hashes": [
+                    "309899a737816d8291685aeb67618be893d201317399830ae4a6f7d7e9858000",
+                    "fe8365c21e87e06f043cbe7bba77282f4ef863ec1e4daf3ff3d636f94220cc77",
+                    "4ad9b2c71f0eafb891f414285257264f921c343864188c1398f68b61726f758d",
+                    "9d96b364c973c091ff9e621c1ded677389e00acf7fc33e9977199824cf4e26f2",
+                    "d87d470c2057041c3557a57eb7c5b00e979a7af48e7ebfa0675690bf6eb9c514",
+                    "6df0c5e8223170acf789bf9b431f8c8c792dadc8194c1ab0da7e1926df128f89",
+                    "b4e429e50a1d0441eb65a08386df57f386dd3f78992572a5cc11e05b679989f0",
+                    "61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586",
+                    "00e38dec7e06aad96186e8811f0119eb1b56369f73ce2b1d7e682084657db5d6",
+                    "4a6604cb3a9a6570eaacffb681b3ccd28d2521f03bb449f1a205525dd8172046"
+                ],
+                "mitre_attack_tags": []
+            },
+            {
+                "bi": "imports-IsDebuggerPresent",
+                "hashes": [
+                    "309899a737816d8291685aeb67618be893d201317399830ae4a6f7d7e9858000",
+                    "fe8365c21e87e06f043cbe7bba77282f4ef863ec1e4daf3ff3d636f94220cc77",
+                    "4ad9b2c71f0eafb891f414285257264f921c343864188c1398f68b61726f758d",
+                    "9d96b364c973c091ff9e621c1ded677389e00acf7fc33e9977199824cf4e26f2",
+                    "d87d470c2057041c3557a57eb7c5b00e979a7af48e7ebfa0675690bf6eb9c514",
+                    "6df0c5e8223170acf789bf9b431f8c8c792dadc8194c1ab0da7e1926df128f89",
+                    "b4e429e50a1d0441eb65a08386df57f386dd3f78992572a5cc11e05b679989f0",
+                    "61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586",
+                    "00e38dec7e06aad96186e8811f0119eb1b56369f73ce2b1d7e682084657db5d6",
+                    "4a6604cb3a9a6570eaacffb681b3ccd28d2521f03bb449f1a205525dd8172046"
+                ],
+                "mitre_attack_tags": []
+            },
+            {
+                "bi": "antivirus-service-flagged-artifact",
+                "hashes": [
+                    "309899a737816d8291685aeb67618be893d201317399830ae4a6f7d7e9858000",
+                    "4ad9b2c71f0eafb891f414285257264f921c343864188c1398f68b61726f758d",
+                    "9d96b364c973c091ff9e621c1ded677389e00acf7fc33e9977199824cf4e26f2",
+                    "d87d470c2057041c3557a57eb7c5b00e979a7af48e7ebfa0675690bf6eb9c514",
+                    "6df0c5e8223170acf789bf9b431f8c8c792dadc8194c1ab0da7e1926df128f89",
+                    "b4e429e50a1d0441eb65a08386df57f386dd3f78992572a5cc11e05b679989f0",
+                    "61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586",
+                    "00e38dec7e06aad96186e8811f0119eb1b56369f73ce2b1d7e682084657db5d6",
+                    "4a6604cb3a9a6570eaacffb681b3ccd28d2521f03bb449f1a205525dd8172046"
+                ],
+                "mitre_attack_tags": []
+            },
+            {
+                "bi": "modified-file-in-user-dir",
+                "hashes": [
+                    "fe8365c21e87e06f043cbe7bba77282f4ef863ec1e4daf3ff3d636f94220cc77",
+                    "d87d470c2057041c3557a57eb7c5b00e979a7af48e7ebfa0675690bf6eb9c514",
+                    "6df0c5e8223170acf789bf9b431f8c8c792dadc8194c1ab0da7e1926df128f89",
+                    "b4e429e50a1d0441eb65a08386df57f386dd3f78992572a5cc11e05b679989f0",
+                    "61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586",
+                    "00e38dec7e06aad96186e8811f0119eb1b56369f73ce2b1d7e682084657db5d6"
+                ],
+                "mitre_attack_tags": []
+            },
+            {
+                "bi": "pe-filename-mismatch",
+                "hashes": [
+                    "fe8365c21e87e06f043cbe7bba77282f4ef863ec1e4daf3ff3d636f94220cc77",
+                    "d87d470c2057041c3557a57eb7c5b00e979a7af48e7ebfa0675690bf6eb9c514",
+                    "6df0c5e8223170acf789bf9b431f8c8c792dadc8194c1ab0da7e1926df128f89",
+                    "b4e429e50a1d0441eb65a08386df57f386dd3f78992572a5cc11e05b679989f0",
+                    "00e38dec7e06aad96186e8811f0119eb1b56369f73ce2b1d7e682084657db5d6"
+                ],
+                "mitre_attack_tags": []
+            },
+            {
+                "bi": "artifact-flagged-vm",
+                "hashes": [
+                    "fe8365c21e87e06f043cbe7bba77282f4ef863ec1e4daf3ff3d636f94220cc77",
+                    "d87d470c2057041c3557a57eb7c5b00e979a7af48e7ebfa0675690bf6eb9c514",
+                    "6df0c5e8223170acf789bf9b431f8c8c792dadc8194c1ab0da7e1926df128f89",
+                    "b4e429e50a1d0441eb65a08386df57f386dd3f78992572a5cc11e05b679989f0",
+                    "00e38dec7e06aad96186e8811f0119eb1b56369f73ce2b1d7e682084657db5d6"
+                ],
+                "mitre_attack_tags": [
+                    "TA0005",
+                    "T1497"
+                ]
+            },
+            {
+                "bi": "windows-crash-tool-execution-detected",
+                "hashes": [
+                    "fe8365c21e87e06f043cbe7bba77282f4ef863ec1e4daf3ff3d636f94220cc77",
+                    "d87d470c2057041c3557a57eb7c5b00e979a7af48e7ebfa0675690bf6eb9c514",
+                    "6df0c5e8223170acf789bf9b431f8c8c792dadc8194c1ab0da7e1926df128f89",
+                    "b4e429e50a1d0441eb65a08386df57f386dd3f78992572a5cc11e05b679989f0",
+                    "00e38dec7e06aad96186e8811f0119eb1b56369f73ce2b1d7e682084657db5d6"
+                ],
+                "mitre_attack_tags": []
+            },
+            {
+                "bi": "crash-dump-file-created",
+                "hashes": [
+                    "fe8365c21e87e06f043cbe7bba77282f4ef863ec1e4daf3ff3d636f94220cc77",
+                    "d87d470c2057041c3557a57eb7c5b00e979a7af48e7ebfa0675690bf6eb9c514",
+                    "6df0c5e8223170acf789bf9b431f8c8c792dadc8194c1ab0da7e1926df128f89",
+                    "b4e429e50a1d0441eb65a08386df57f386dd3f78992572a5cc11e05b679989f0",
+                    "00e38dec7e06aad96186e8811f0119eb1b56369f73ce2b1d7e682084657db5d6"
+                ],
+                "mitre_attack_tags": []
+            },
+            {
+                "bi": "fault-report-file-created",
+                "hashes": [
+                    "fe8365c21e87e06f043cbe7bba77282f4ef863ec1e4daf3ff3d636f94220cc77",
+                    "d87d470c2057041c3557a57eb7c5b00e979a7af48e7ebfa0675690bf6eb9c514",
+                    "6df0c5e8223170acf789bf9b431f8c8c792dadc8194c1ab0da7e1926df128f89",
+                    "b4e429e50a1d0441eb65a08386df57f386dd3f78992572a5cc11e05b679989f0",
+                    "00e38dec7e06aad96186e8811f0119eb1b56369f73ce2b1d7e682084657db5d6"
+                ],
+                "mitre_attack_tags": []
+            },
+            {
+                "bi": "pe-certificate",
+                "hashes": [
+                    "fe8365c21e87e06f043cbe7bba77282f4ef863ec1e4daf3ff3d636f94220cc77",
+                    "d87d470c2057041c3557a57eb7c5b00e979a7af48e7ebfa0675690bf6eb9c514",
+                    "6df0c5e8223170acf789bf9b431f8c8c792dadc8194c1ab0da7e1926df128f89",
+                    "b4e429e50a1d0441eb65a08386df57f386dd3f78992572a5cc11e05b679989f0",
+                    "00e38dec7e06aad96186e8811f0119eb1b56369f73ce2b1d7e682084657db5d6"
+                ],
+                "mitre_attack_tags": []
+            },
+            {
+                "bi": "artifact-exec-extension-obfuscation",
+                "hashes": [
+                    "fe8365c21e87e06f043cbe7bba77282f4ef863ec1e4daf3ff3d636f94220cc77",
+                    "d87d470c2057041c3557a57eb7c5b00e979a7af48e7ebfa0675690bf6eb9c514",
+                    "6df0c5e8223170acf789bf9b431f8c8c792dadc8194c1ab0da7e1926df128f89",
+                    "b4e429e50a1d0441eb65a08386df57f386dd3f78992572a5cc11e05b679989f0",
+                    "00e38dec7e06aad96186e8811f0119eb1b56369f73ce2b1d7e682084657db5d6"
+                ],
+                "mitre_attack_tags": [
+                    "TA0005",
+                    "T1027"
+                ]
+            },
+            {
+                "bi": "artifact-flagged-antianalysis",
+                "hashes": [
+                    "fe8365c21e87e06f043cbe7bba77282f4ef863ec1e4daf3ff3d636f94220cc77",
+                    "d87d470c2057041c3557a57eb7c5b00e979a7af48e7ebfa0675690bf6eb9c514",
+                    "6df0c5e8223170acf789bf9b431f8c8c792dadc8194c1ab0da7e1926df128f89",
+                    "b4e429e50a1d0441eb65a08386df57f386dd3f78992572a5cc11e05b679989f0",
+                    "00e38dec7e06aad96186e8811f0119eb1b56369f73ce2b1d7e682084657db5d6"
+                ],
+                "mitre_attack_tags": [
+                    "TA0005",
+                    "T1027"
+                ]
+            },
+            {
+                "bi": "network-fast-flux-nameserver",
+                "hashes": [
+                    "309899a737816d8291685aeb67618be893d201317399830ae4a6f7d7e9858000",
+                    "4ad9b2c71f0eafb891f414285257264f921c343864188c1398f68b61726f758d",
+                    "61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586",
+                    "4a6604cb3a9a6570eaacffb681b3ccd28d2521f03bb449f1a205525dd8172046"
+                ],
+                "mitre_attack_tags": []
+            },
+            {
+                "bi": "dns-query-nxdomain",
+                "hashes": [
+                    "309899a737816d8291685aeb67618be893d201317399830ae4a6f7d7e9858000",
+                    "4ad9b2c71f0eafb891f414285257264f921c343864188c1398f68b61726f758d",
+                    "61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586",
+                    "4a6604cb3a9a6570eaacffb681b3ccd28d2521f03bb449f1a205525dd8172046"
+                ],
+                "mitre_attack_tags": []
+            },
+            {
+                "bi": "feed-domain-antivirus-service",
+                "hashes": [
+                    "309899a737816d8291685aeb67618be893d201317399830ae4a6f7d7e9858000",
+                    "4ad9b2c71f0eafb891f414285257264f921c343864188c1398f68b61726f758d",
+                    "61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586",
+                    "4a6604cb3a9a6570eaacffb681b3ccd28d2521f03bb449f1a205525dd8172046"
+                ],
+                "mitre_attack_tags": []
+            },
+            {
+                "bi": "network-communications-http-get",
+                "hashes": [
+                    "309899a737816d8291685aeb67618be893d201317399830ae4a6f7d7e9858000",
+                    "4ad9b2c71f0eafb891f414285257264f921c343864188c1398f68b61726f758d",
+                    "61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586"
+                ],
+                "mitre_attack_tags": [
+                    "TA0011",
+                    "TA0010",
+                    "T1105",
+                    "T1043"
+                ]
+            },
+            {
+                "bi": "netbios-query",
+                "hashes": [
+                    "309899a737816d8291685aeb67618be893d201317399830ae4a6f7d7e9858000",
+                    "4ad9b2c71f0eafb891f414285257264f921c343864188c1398f68b61726f758d",
+                    "4a6604cb3a9a6570eaacffb681b3ccd28d2521f03bb449f1a205525dd8172046"
+                ],
+                "mitre_attack_tags": []
+            },
+            {
+                "bi": "process-with-multiple-children",
+                "hashes": [
+                    "309899a737816d8291685aeb67618be893d201317399830ae4a6f7d7e9858000",
+                    "4ad9b2c71f0eafb891f414285257264f921c343864188c1398f68b61726f758d",
+                    "4a6604cb3a9a6570eaacffb681b3ccd28d2521f03bb449f1a205525dd8172046"
+                ],
+                "mitre_attack_tags": [
+                    "TA0005"
+                ]
+            },
+            {
+                "bi": "network-dns-category-new",
+                "hashes": [
+                    "309899a737816d8291685aeb67618be893d201317399830ae4a6f7d7e9858000",
+                    "4ad9b2c71f0eafb891f414285257264f921c343864188c1398f68b61726f758d"
+                ],
+                "mitre_attack_tags": []
+            },
+            {
+                "bi": "network-snort-malware",
+                "hashes": [
+                    "309899a737816d8291685aeb67618be893d201317399830ae4a6f7d7e9858000",
+                    "4ad9b2c71f0eafb891f414285257264f921c343864188c1398f68b61726f758d"
+                ],
+                "mitre_attack_tags": []
+            },
+            {
+                "bi": "excessive-foreign-memory-modification",
+                "hashes": [
+                    "9d96b364c973c091ff9e621c1ded677389e00acf7fc33e9977199824cf4e26f2",
+                    "61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586"
+                ],
+                "mitre_attack_tags": [
+                    "TA0005",
+                    "T1055"
+                ]
+            },
+            {
+                "bi": "antivirus-service-flagged-artifact-mid",
+                "hashes": [
+                    "fe8365c21e87e06f043cbe7bba77282f4ef863ec1e4daf3ff3d636f94220cc77"
+                ],
+                "mitre_attack_tags": []
+            },
+            {
+                "bi": "sample-launched-copy-of-self",
+                "hashes": [
+                    "9d96b364c973c091ff9e621c1ded677389e00acf7fc33e9977199824cf4e26f2"
+                ],
+                "mitre_attack_tags": [
+                    "TA0005",
+                    "T1202"
+                ]
+            },
+            {
+                "bi": "process-created-apt29-named-pipe",
+                "hashes": [
+                    "9d96b364c973c091ff9e621c1ded677389e00acf7fc33e9977199824cf4e26f2"
+                ],
+                "mitre_attack_tags": [
+                    "TA0011",
+                    "TA0005"
+                ]
+            },
+            {
+                "bi": "modified-executable",
+                "hashes": [
+                    "61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586"
+                ],
+                "mitre_attack_tags": []
+            },
+            {
+                "bi": "created-executable-in-user-dir",
+                "hashes": [
+                    "61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586"
+                ],
+                "mitre_attack_tags": []
+            },
+            {
+                "bi": "pe-invalid-checksum",
+                "hashes": [
+                    "61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586"
+                ],
+                "mitre_attack_tags": []
+            },
+            {
+                "bi": "registry-service-with-autostart-created",
+                "hashes": [
+                    "61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586"
+                ],
+                "mitre_attack_tags": [
+                    "TA0003",
+                    "T1112",
+                    "T1058"
+                ]
+            },
+            {
+                "bi": "currentcontrolset-service-added",
+                "hashes": [
+                    "61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586"
+                ],
+                "mitre_attack_tags": [
+                    "TA0002",
+                    "TA0003",
+                    "T1035",
+                    "T1060"
+                ]
+            },
+            {
+                "bi": "process-long-cmdline",
+                "hashes": [
+                    "61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586"
+                ],
+                "mitre_attack_tags": [
+                    "TA0005",
+                    "T1027"
+                ]
+            },
+            {
+                "bi": "network-fast-flux-domain",
+                "hashes": [
+                    "61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586"
+                ],
+                "mitre_attack_tags": []
+            },
+            {
+                "bi": "network-communications-smtp",
+                "hashes": [
+                    "61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586"
+                ],
+                "mitre_attack_tags": [
+                    "TA0011",
+                    "T1071"
+                ]
+            },
+            {
+                "bi": "network-snort-protocol",
+                "hashes": [
+                    "61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586"
+                ],
+                "mitre_attack_tags": []
+            },
+            {
+                "bi": "network-smtp-spambot",
+                "hashes": [
+                    "61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586"
+                ],
+                "mitre_attack_tags": []
+            },
+            {
+                "bi": "network-only-safe-domains-contacted",
+                "hashes": [
+                    "61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586"
+                ],
+                "mitre_attack_tags": []
+            },
+            {
+                "bi": "feed-domain-rat",
+                "hashes": [
+                    "61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586"
+                ],
+                "mitre_attack_tags": []
+            },
+            {
+                "bi": "network-smtp-spambot-v2",
+                "hashes": [
+                    "61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586"
+                ],
+                "mitre_attack_tags": []
+            },
+            {
+                "bi": "network-snort-sensitive-data",
+                "hashes": [
+                    "61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586"
+                ],
+                "mitre_attack_tags": []
+            },
+            {
+                "bi": "process-requested-named-pipe",
+                "hashes": [
+                    "61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586"
+                ],
+                "mitre_attack_tags": [
+                    "TA0004",
+                    "TA0005"
+                ]
+            },
+            {
+                "bi": "network-dns-category-file-storage",
+                "hashes": [
+                    "61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586"
+                ],
+                "mitre_attack_tags": []
+            },
+            {
+                "bi": "suspicious-user-agent",
+                "hashes": [
+                    "61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586"
+                ],
+                "mitre_attack_tags": [
+                    "TA0011",
+                    "T1071"
+                ]
+            },
+            {
+                "bi": "deleted-submitted-file",
+                "hashes": [
+                    "61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586"
+                ],
+                "mitre_attack_tags": [
+                    "TA0005",
+                    "T1107"
+                ]
+            },
+            {
+                "bi": "listening-port-opened",
+                "hashes": [
+                    "61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586"
+                ],
+                "mitre_attack_tags": [
+                    "TA0011",
+                    "T1219"
+                ]
+            },
+            {
+                "bi": "process-svchost-suspicious-launch",
+                "hashes": [
+                    "61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586"
+                ],
+                "mitre_attack_tags": [
+                    "TA0005"
+                ]
+            },
+            {
+                "bi": "localhost-ipaddress-detected",
+                "hashes": [
+                    "61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586"
+                ],
+                "mitre_attack_tags": []
+            },
+            {
+                "bi": "public-ip-address-identification-attempt",
+                "hashes": [
+                    "61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586"
+                ],
+                "mitre_attack_tags": [
+                    "TA0007",
+                    "T1082",
+                    "T1016"
+                ]
+            },
+            {
+                "bi": "feed-public-ip-check-dns",
+                "hashes": [
+                    "61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586"
+                ],
+                "mitre_attack_tags": []
+            },
+            {
+                "bi": "cmd-exe-file-execution",
+                "hashes": [
+                    "61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586"
+                ],
+                "mitre_attack_tags": [
+                    "TA0002",
+                    "T1059"
+                ]
+            },
+            {
+                "bi": "registry-large-data-entry",
+                "hashes": [
+                    "61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586"
+                ],
+                "mitre_attack_tags": [
+                    "TA0005",
+                    "T1112"
+                ]
+            },
+            {
+                "bi": "malware-compound-cta-activity",
+                "hashes": [
+                    "61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586"
+                ],
+                "mitre_attack_tags": []
+            },
+            {
+                "bi": "sc-service-start",
+                "hashes": [
+                    "61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586"
+                ],
+                "mitre_attack_tags": [
+                    "TA0002",
+                    "TA0003",
+                    "T1035",
+                    "T1031"
+                ]
+            },
+            {
+                "bi": "netbios-null-domain",
+                "hashes": [
+                    "61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586"
+                ],
+                "mitre_attack_tags": []
+            },
+            {
+                "bi": "file-alternate-data-stream-modification",
+                "hashes": [
+                    "61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586"
+                ],
+                "mitre_attack_tags": [
+                    "TA0005"
+                ]
+            },
+            {
+                "bi": "malware-tofsee-cmd-detected",
+                "hashes": [
+                    "61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586"
+                ],
+                "mitre_attack_tags": []
+            },
+            {
+                "bi": "netsh-firewall-generic",
+                "hashes": [
+                    "61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586"
+                ],
+                "mitre_attack_tags": [
+                    "TA0005",
+                    "T1016",
+                    "T1089"
+                ]
+            },
+            {
+                "bi": "sc-service-create",
+                "hashes": [
+                    "61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586"
+                ],
+                "mitre_attack_tags": [
+                    "TA0003",
+                    "T1050"
+                ]
+            },
+            {
+                "bi": "file-alternate-data-stream-creation",
+                "hashes": [
+                    "61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586"
+                ],
+                "mitre_attack_tags": [
+                    "TA0005",
+                    "T1096"
+                ]
+            },
+            {
+                "bi": "new-service-launched",
+                "hashes": [
+                    "61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586"
+                ],
+                "mitre_attack_tags": [
+                    "TA0002",
+                    "TA0003",
+                    "T1035"
+                ]
+            },
+            {
+                "bi": "registry-windows-defender-exclusions-added",
+                "hashes": [
+                    "61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586"
+                ],
+                "mitre_attack_tags": [
+                    "TA0005",
+                    "T1089"
+                ]
+            },
+            {
+                "bi": "dns-bypassed-assigned-server",
+                "hashes": [
+                    "61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586"
+                ],
+                "mitre_attack_tags": [
+                    "TA0011",
+                    "TA0005"
+                ]
+            },
+            {
+                "bi": "netsh-firewall-add",
+                "hashes": [
+                    "61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586"
+                ],
+                "mitre_attack_tags": [
+                    "TA0011",
+                    "TA0005",
+                    "T1089"
+                ]
+            },
+            {
+                "bi": "malware-tofsee-domain-detected",
+                "hashes": [
+                    "61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586"
+                ],
+                "mitre_attack_tags": []
+            }
+        ],
+        "category": "Packed",
+        "coverage": {
+            "AMP": true,
+            "CWS": true,
+            "Cloudlock": false,
+            "Email Security": true,
+            "Network Security": true,
+            "Threat Grid": true,
+            "Umbrella": true,
+            "WSA": true
+        },
+        "description": "Tofsee is multi-purpose malware that features a number of modules used to carry out various activities such as sending spam messages, conducting click-fraud, mining cryptocurrency and more. Infected systems become part of the Tofsee spam botnet and are used to send large volumes of spam messages in an effort to infect additional systems and increase the overall size of the botnet under the operator's control.",
+        "hashes": [
+            "00e38dec7e06aad96186e8811f0119eb1b56369f73ce2b1d7e682084657db5d6",
+            "309899a737816d8291685aeb67618be893d201317399830ae4a6f7d7e9858000",
+            "4a6604cb3a9a6570eaacffb681b3ccd28d2521f03bb449f1a205525dd8172046",
+            "4ad9b2c71f0eafb891f414285257264f921c343864188c1398f68b61726f758d",
+            "61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586",
+            "6df0c5e8223170acf789bf9b431f8c8c792dadc8194c1ab0da7e1926df128f89",
+            "9d96b364c973c091ff9e621c1ded677389e00acf7fc33e9977199824cf4e26f2",
+            "b4e429e50a1d0441eb65a08386df57f386dd3f78992572a5cc11e05b679989f0",
+            "d87d470c2057041c3557a57eb7c5b00e979a7af48e7ebfa0675690bf6eb9c514",
+            "fe8365c21e87e06f043cbe7bba77282f4ef863ec1e4daf3ff3d636f94220cc77"
+        ],
+        "iocs": {
+            "domain": [
+                {
+                    "hashes": [
+                        "309899a737816d8291685aeb67618be893d201317399830ae4a6f7d7e9858000",
+                        "4a6604cb3a9a6570eaacffb681b3ccd28d2521f03bb449f1a205525dd8172046",
+                        "4ad9b2c71f0eafb891f414285257264f921c343864188c1398f68b61726f758d"
+                    ],
+                    "host": "mcc[.]avast[.]com"
+                },
+                {
+                    "hashes": [
+                        "309899a737816d8291685aeb67618be893d201317399830ae4a6f7d7e9858000",
+                        "4a6604cb3a9a6570eaacffb681b3ccd28d2521f03bb449f1a205525dd8172046",
+                        "4ad9b2c71f0eafb891f414285257264f921c343864188c1398f68b61726f758d"
+                    ],
+                    "host": "line[.]beibiandmom[.]com"
+                },
+                {
+                    "hashes": [
+                        "61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586"
+                    ],
+                    "host": "schema[.]org"
+                },
+                {
+                    "hashes": [
+                        "61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586"
+                    ],
+                    "host": "ipinfo[.]io"
+                },
+                {
+                    "hashes": [
+                        "61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586"
+                    ],
+                    "host": "microsoft-com[.]mail[.]protection[.]outlook[.]com"
+                },
+                {
+                    "hashes": [
+                        "61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586"
+                    ],
+                    "host": "117[.]151[.]167[.]12[.]in-addr[.]arpa"
+                },
+                {
+                    "hashes": [
+                        "61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586"
+                    ],
+                    "host": "252[.]5[.]55[.]69[.]zen[.]spamhaus[.]org"
+                },
+                {
+                    "hashes": [
+                        "61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586"
+                    ],
+                    "host": "252[.]5[.]55[.]69[.]in-addr[.]arpa"
+                },
+                {
+                    "hashes": [
+                        "61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586"
+                    ],
+                    "host": "252[.]5[.]55[.]69[.]bl[.]spamcop[.]net"
+                },
+                {
+                    "hashes": [
+                        "61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586"
+                    ],
+                    "host": "252[.]5[.]55[.]69[.]sbl-xbl[.]spamhaus[.]org"
+                },
+                {
+                    "hashes": [
+                        "61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586"
+                    ],
+                    "host": "252[.]5[.]55[.]69[.]cbl[.]abuseat[.]org"
+                },
+                {
+                    "hashes": [
+                        "61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586"
+                    ],
+                    "host": "252[.]5[.]55[.]69[.]dnsbl[.]sorbs[.]net"
+                }
+            ],
+            "file": [
+                {
+                    "hashes": [
+                        "00e38dec7e06aad96186e8811f0119eb1b56369f73ce2b1d7e682084657db5d6",
+                        "6df0c5e8223170acf789bf9b431f8c8c792dadc8194c1ab0da7e1926df128f89",
+                        "b4e429e50a1d0441eb65a08386df57f386dd3f78992572a5cc11e05b679989f0",
+                        "d87d470c2057041c3557a57eb7c5b00e979a7af48e7ebfa0675690bf6eb9c514",
+                        "fe8365c21e87e06f043cbe7bba77282f4ef863ec1e4daf3ff3d636f94220cc77"
+                    ],
+                    "path": "%TEMP%\\<random, matching '[a-f0-9]{3,5}'>_appcompat.txt"
+                },
+                {
+                    "hashes": [
+                        "00e38dec7e06aad96186e8811f0119eb1b56369f73ce2b1d7e682084657db5d6",
+                        "6df0c5e8223170acf789bf9b431f8c8c792dadc8194c1ab0da7e1926df128f89",
+                        "b4e429e50a1d0441eb65a08386df57f386dd3f78992572a5cc11e05b679989f0",
+                        "d87d470c2057041c3557a57eb7c5b00e979a7af48e7ebfa0675690bf6eb9c514",
+                        "fe8365c21e87e06f043cbe7bba77282f4ef863ec1e4daf3ff3d636f94220cc77"
+                    ],
+                    "path": "%TEMP%\\<random, matching '[A-F0-9]{4,5}'>.dmp"
+                },
+                {
+                    "hashes": [
+                        "309899a737816d8291685aeb67618be893d201317399830ae4a6f7d7e9858000",
+                        "4a6604cb3a9a6570eaacffb681b3ccd28d2521f03bb449f1a205525dd8172046",
+                        "4ad9b2c71f0eafb891f414285257264f921c343864188c1398f68b61726f758d"
+                    ],
+                    "path": "%TEMP%\\www2.tmp"
+                },
+                {
+                    "hashes": [
+                        "309899a737816d8291685aeb67618be893d201317399830ae4a6f7d7e9858000",
+                        "4a6604cb3a9a6570eaacffb681b3ccd28d2521f03bb449f1a205525dd8172046",
+                        "4ad9b2c71f0eafb891f414285257264f921c343864188c1398f68b61726f758d"
+                    ],
+                    "path": "%TEMP%\\www3.tmp"
+                },
+                {
+                    "hashes": [
+                        "309899a737816d8291685aeb67618be893d201317399830ae4a6f7d7e9858000",
+                        "4a6604cb3a9a6570eaacffb681b3ccd28d2521f03bb449f1a205525dd8172046",
+                        "4ad9b2c71f0eafb891f414285257264f921c343864188c1398f68b61726f758d"
+                    ],
+                    "path": "%TEMP%\\www4.tmp"
+                },
+                {
+                    "hashes": [
+                        "309899a737816d8291685aeb67618be893d201317399830ae4a6f7d7e9858000",
+                        "4a6604cb3a9a6570eaacffb681b3ccd28d2521f03bb449f1a205525dd8172046",
+                        "4ad9b2c71f0eafb891f414285257264f921c343864188c1398f68b61726f758d"
+                    ],
+                    "path": "%HOMEPATH%\\Favorites\\Links\\Suggested Sites.url"
+                },
+                {
+                    "hashes": [
+                        "309899a737816d8291685aeb67618be893d201317399830ae4a6f7d7e9858000",
+                        "4a6604cb3a9a6570eaacffb681b3ccd28d2521f03bb449f1a205525dd8172046",
+                        "4ad9b2c71f0eafb891f414285257264f921c343864188c1398f68b61726f758d"
+                    ],
+                    "path": "%HOMEPATH%\\Local Settings\\Application Data\\Microsoft\\Feeds\\FeedsStore.feedsdb-ms"
+                },
+                {
+                    "hashes": [
+                        "309899a737816d8291685aeb67618be893d201317399830ae4a6f7d7e9858000",
+                        "4a6604cb3a9a6570eaacffb681b3ccd28d2521f03bb449f1a205525dd8172046",
+                        "4ad9b2c71f0eafb891f414285257264f921c343864188c1398f68b61726f758d"
+                    ],
+                    "path": "%HOMEPATH%\\Local Settings\\Application Data\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\WebSlices~\\Suggested Sites~.feed-ms"
+                },
+                {
+                    "hashes": [
+                        "00e38dec7e06aad96186e8811f0119eb1b56369f73ce2b1d7e682084657db5d6",
+                        "b4e429e50a1d0441eb65a08386df57f386dd3f78992572a5cc11e05b679989f0",
+                        "fe8365c21e87e06f043cbe7bba77282f4ef863ec1e4daf3ff3d636f94220cc77"
+                    ],
+                    "path": "%TEMP%\\CC4F.tmp"
+                },
+                {
+                    "hashes": [
+                        "6df0c5e8223170acf789bf9b431f8c8c792dadc8194c1ab0da7e1926df128f89",
+                        "d87d470c2057041c3557a57eb7c5b00e979a7af48e7ebfa0675690bf6eb9c514"
+                    ],
+                    "path": "%TEMP%\\9419.tmp"
+                },
+                {
+                    "hashes": [
+                        "61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586"
+                    ],
+                    "path": "%SystemRoot%\\SysWOW64\\config\\systemprofile"
+                },
+                {
+                    "hashes": [
+                        "61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586"
+                    ],
+                    "path": "%SystemRoot%\\SysWOW64\\config\\systemprofile:.repos"
+                },
+                {
+                    "hashes": [
+                        "61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586"
+                    ],
+                    "path": "%SystemRoot%\\SysWOW64\\lesyxfla"
+                },
+                {
+                    "hashes": [
+                        "61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586"
+                    ],
+                    "path": "%TEMP%\\pysxpojf.exe"
+                },
+                {
+                    "hashes": [
+                        "61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586"
+                    ],
+                    "path": "%TEMP%\\evryposw.exe"
+                },
+                {
+                    "hashes": [
+                        "9d96b364c973c091ff9e621c1ded677389e00acf7fc33e9977199824cf4e26f2"
+                    ],
+                    "path": "\\MSSE-4155-server"
+                },
+                {
+                    "hashes": [
+                        "61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586"
+                    ],
+                    "path": "%System32%\\tgmnzkpo\\pysxpojf.exe (copy)"
+                },
+                {
+                    "hashes": [
+                        "9d96b364c973c091ff9e621c1ded677389e00acf7fc33e9977199824cf4e26f2"
+                    ],
+                    "path": "\\MSSE-6892-server"
+                }
+            ],
+            "ip": [
+                {
+                    "hashes": [
+                        "309899a737816d8291685aeb67618be893d201317399830ae4a6f7d7e9858000",
+                        "4ad9b2c71f0eafb891f414285257264f921c343864188c1398f68b61726f758d"
+                    ],
+                    "ip": "185[.]98[.]87[.]176"
+                },
+                {
+                    "hashes": [
+                        "309899a737816d8291685aeb67618be893d201317399830ae4a6f7d7e9858000",
+                        "4ad9b2c71f0eafb891f414285257264f921c343864188c1398f68b61726f758d"
+                    ],
+                    "ip": "45[.]143[.]137[.]184"
+                },
+                {
+                    "hashes": [
+                        "61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586"
+                    ],
+                    "ip": "239[.]255[.]255[.]250"
+                },
+                {
+                    "hashes": [
+                        "309899a737816d8291685aeb67618be893d201317399830ae4a6f7d7e9858000"
+                    ],
+                    "ip": "13[.]107[.]21[.]200"
+                },
+                {
+                    "hashes": [
+                        "61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586"
+                    ],
+                    "ip": "216[.]239[.]36[.]21"
+                },
+                {
+                    "hashes": [
+                        "61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586"
+                    ],
+                    "ip": "216[.]239[.]38[.]21"
+                },
+                {
+                    "hashes": [
+                        "61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586"
+                    ],
+                    "ip": "104[.]47[.]8[.]33"
+                },
+                {
+                    "hashes": [
+                        "61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586"
+                    ],
+                    "ip": "43[.]231[.]4[.]7"
+                },
+                {
+                    "hashes": [
+                        "61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586"
+                    ],
+                    "ip": "104[.]47[.]10[.]33"
+                },
+                {
+                    "hashes": [
+                        "61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586"
+                    ],
+                    "ip": "40[.]113[.]200[.]201"
+                },
+                {
+                    "hashes": [
+                        "61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586"
+                    ],
+                    "ip": "157[.]240[.]18[.]174"
+                },
+                {
+                    "hashes": [
+                        "61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586"
+                    ],
+                    "ip": "104[.]47[.]54[.]36"
+                },
+                {
+                    "hashes": [
+                        "61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586"
+                    ],
+                    "ip": "12[.]167[.]151[.]117"
+                },
+                {
+                    "hashes": [
+                        "309899a737816d8291685aeb67618be893d201317399830ae4a6f7d7e9858000"
+                    ],
+                    "ip": "204[.]79[.]197[.]200"
+                },
+                {
+                    "hashes": [
+                        "61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586"
+                    ],
+                    "ip": "69[.]55[.]5[.]252"
+                },
+                {
+                    "hashes": [
+                        "61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586"
+                    ],
+                    "ip": "104[.]28[.]19[.]94"
+                },
+                {
+                    "hashes": [
+                        "61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586"
+                    ],
+                    "ip": "157[.]240[.]2[.]174"
+                },
+                {
+                    "hashes": [
+                        "61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586"
+                    ],
+                    "ip": "172[.]217[.]197[.]106"
+                },
+                {
+                    "hashes": [
+                        "9d96b364c973c091ff9e621c1ded677389e00acf7fc33e9977199824cf4e26f2"
+                    ],
+                    "ip": "141[.]105[.]69[.]247"
+                },
+                {
+                    "hashes": [
+                        "61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586"
+                    ],
+                    "ip": "85[.]114[.]134[.]88"
+                },
+                {
+                    "hashes": [
+                        "61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586"
+                    ],
+                    "ip": "192[.]0[.]50[.]54"
+                },
+                {
+                    "hashes": [
+                        "61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586"
+                    ],
+                    "ip": "192[.]0[.]51[.]239"
+                },
+                {
+                    "hashes": [
+                        "61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586"
+                    ],
+                    "ip": "172[.]217[.]13[.]228"
+                },
+                {
+                    "hashes": [
+                        "61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586"
+                    ],
+                    "ip": "217[.]172[.]179[.]54"
+                },
+                {
+                    "hashes": [
+                        "61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586"
+                    ],
+                    "ip": "5[.]9[.]72[.]48"
+                },
+                {
+                    "hashes": [
+                        "61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586"
+                    ],
+                    "ip": "130[.]0[.]232[.]208"
+                },
+                {
+                    "hashes": [
+                        "61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586"
+                    ],
+                    "ip": "144[.]76[.]108[.]82"
+                },
+                {
+                    "hashes": [
+                        "61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586"
+                    ],
+                    "ip": "185[.]253[.]217[.]20"
+                },
+                {
+                    "hashes": [
+                        "61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586"
+                    ],
+                    "ip": "45[.]90[.]34[.]87"
+                },
+                {
+                    "hashes": [
+                        "61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586"
+                    ],
+                    "ip": "192[.]0[.]50[.]87"
+                },
+                {
+                    "hashes": [
+                        "309899a737816d8291685aeb67618be893d201317399830ae4a6f7d7e9858000"
+                    ],
+                    "ip": "77[.]87[.]213[.]82"
+                },
+                {
+                    "hashes": [
+                        "4a6604cb3a9a6570eaacffb681b3ccd28d2521f03bb449f1a205525dd8172046"
+                    ],
+                    "ip": "145[.]249[.]106[.]236"
+                },
+                {
+                    "hashes": [
+                        "61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586"
+                    ],
+                    "ip": "172[.]217[.]197[.]103"
+                },
+                {
+                    "hashes": [
+                        "61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586"
+                    ],
+                    "ip": "172[.]217[.]197[.]147"
+                },
+                {
+                    "hashes": [
+                        "61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586"
+                    ],
+                    "ip": "172[.]217[.]197[.]99"
+                },
+                {
+                    "hashes": [
+                        "61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586"
+                    ],
+                    "ip": "172[.]217[.]197[.]104/31"
+                }
+            ],
+            "mutex": [
+                {
+                    "hashes": [
+                        "00e38dec7e06aad96186e8811f0119eb1b56369f73ce2b1d7e682084657db5d6",
+                        "6df0c5e8223170acf789bf9b431f8c8c792dadc8194c1ab0da7e1926df128f89",
+                        "b4e429e50a1d0441eb65a08386df57f386dd3f78992572a5cc11e05b679989f0",
+                        "d87d470c2057041c3557a57eb7c5b00e979a7af48e7ebfa0675690bf6eb9c514",
+                        "fe8365c21e87e06f043cbe7bba77282f4ef863ec1e4daf3ff3d636f94220cc77"
+                    ],
+                    "name": "Global\\<random guid>"
+                }
+            ],
+            "registry": [
+                {
+                    "hashes": [
+                        "61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586"
+                    ],
+                    "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS DEFENDER\\EXCLUSIONS\\PATHS",
+                    "value_name": "C:\\Windows\\SysWOW64\\lesyxfla"
+                },
+                {
+                    "hashes": [
+                        "61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586"
+                    ],
+                    "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\LESYXFLA",
+                    "value_name": "Type"
+                },
+                {
+                    "hashes": [
+                        "61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586"
+                    ],
+                    "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\LESYXFLA",
+                    "value_name": "Start"
+                },
+                {
+                    "hashes": [
+                        "61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586"
+                    ],
+                    "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\LESYXFLA",
+                    "value_name": "ErrorControl"
+                },
+                {
+                    "hashes": [
+                        "61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586"
+                    ],
+                    "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\LESYXFLA",
+                    "value_name": "DisplayName"
+                },
+                {
+                    "hashes": [
+                        "61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586"
+                    ],
+                    "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\LESYXFLA",
+                    "value_name": "WOW64"
+                },
+                {
+                    "hashes": [
+                        "61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586"
+                    ],
+                    "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\LESYXFLA",
+                    "value_name": "ObjectName"
+                },
+                {
+                    "hashes": [
+                        "61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586"
+                    ],
+                    "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\LESYXFLA",
+                    "value_name": "Description"
+                },
+                {
+                    "hashes": [
+                        "61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586"
+                    ],
+                    "key": "<HKU>\\.DEFAULT\\CONTROL PANEL\\BUSES",
+                    "value_name": null
+                },
+                {
+                    "hashes": [
+                        "61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586"
+                    ],
+                    "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\LESYXFLA",
+                    "value_name": null
+                },
+                {
+                    "hashes": [
+                        "61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586"
+                    ],
+                    "key": "<HKU>\\.DEFAULT\\CONTROL PANEL\\BUSES",
+                    "value_name": "Config2"
+                },
+                {
+                    "hashes": [
+                        "61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586"
+                    ],
+                    "key": "<HKU>\\.DEFAULT\\CONTROL PANEL\\BUSES",
+                    "value_name": "Config0"
+                },
+                {
+                    "hashes": [
+                        "61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586"
+                    ],
+                    "key": "<HKU>\\.DEFAULT\\CONTROL PANEL\\BUSES",
+                    "value_name": "Config1"
+                },
+                {
+                    "hashes": [
+                        "61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586"
+                    ],
+                    "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\LESYXFLA",
+                    "value_name": "ImagePath"
+                }
+            ]
+        },
+        "reports_count": 10
+    },
+    "Win.Trojan.Mikey-7914350-0": {
+        "bis": [
+            {
+                "bi": "pe-encrypted-section",
+                "hashes": [
+                    "37dae85fa1f091a9c4270b77c628f46f559a8ed9d7a8302278ed348fbfa9fec0",
+                    "049c2426192d0e9d1fc2db3ebd48e07166dab4e0c840b22d0f45ede076f61389",
+                    "01bc3645259d6553ae26142e215713d74a4ab9b72ce70a0e407ef0b0c24f3a78",
+                    "3d7043f6f4bd7a68f0829df9bacf696dc7e9ea36f5642a35efc197b98612f0e5",
+                    "378819dbd951424471777f89811e16d58010b1161254b4b74bdf487861e5a5f7",
+                    "1930371eb1a0cec8e5b7311f5476053304cff52572d3304cb71044159d7711ed",
+                    "3bd0b289aa4a812494c325fe9364eacbc1e800e312d9048db9bc48c49ced3523",
+                    "44a965a9c0f214704c2cd8c993ed701347e0fcd81132d4ee7085b22fe5031d48",
+                    "341822381fec4eaec4d7735ccd63c250f7a93caab334cd6b44d3a7c7f623ef39",
+                    "22ff13fa4513f554f10b6a38ee3f642cb2996788e4c6c4cfbed2962118ef73fd",
+                    "0f07c570d967fdd014a1990c6b0bddaa8d0e096841faa93f3afdc1f55779d868",
+                    "21eb0a07f6cbdaa846bc90ada59c653873674d1c417e86bad60619f28ce86102",
+                    "2c35fea69feeff1bd9031260d8c11a46473c82fb5be8cbe185eb486fb5f72c84",
+                    "19b2f654cd22a980242d96f861693c1a0d838df3d3627fb5247edf615badedea",
+                    "46d1fa84a261bf0f281f59544a2d5175091c2a672864ed93301558cd80b82b3f",
+                    "346a4804c4c61e3573b96fbfc1c3912087f2f68c01e4d50ba24e1e80c3aad02f",
+                    "31eeee772b983f6553c1721920e8a9c4ffd4f9c9197ab8161d278347ac538f0a",
+                    "1be801bcfc361a65283c4e8d07d2217d35a5ba9d356496a6c4f87043fc356f58",
+                    "0d8f3110fbd771989644939a3b0fcff866870ff88c05df7ee5a1235e4c4749f8",
+                    "19f84524d2718c165108376091927e42b63e2c8da8c2f92a37ae4c9c8d9275da",
+                    "2b307f42f7cf30065cce12063b3bcb8803a1e19d4aa73792f440b0f80c91fcf3",
+                    "2c45116ab57056f76d28d7a8929f1033bfdaaaaf2bf4a443ff150d75ae2b6013",
+                    "4c044cec574a1b83c341b25e2b3febec0955e3d8163f3ecd3c3ccfff800f0608",
+                    "1627c2372a603ac231a8709998ab1bf1096dea2e014cadd145afcf1dc550337e",
+                    "20edee9146f0772dac4efb13e92b9aa0c267c95ae509d751c8a991f0a95d0d2b"
+                ],
+                "mitre_attack_tags": [
+                    "TA0005",
+                    "T1027"
+                ]
+            },
+            {
+                "bi": "memory-execute-readwrite",
+                "hashes": [
+                    "37dae85fa1f091a9c4270b77c628f46f559a8ed9d7a8302278ed348fbfa9fec0",
+                    "049c2426192d0e9d1fc2db3ebd48e07166dab4e0c840b22d0f45ede076f61389",
+                    "01bc3645259d6553ae26142e215713d74a4ab9b72ce70a0e407ef0b0c24f3a78",
+                    "3d7043f6f4bd7a68f0829df9bacf696dc7e9ea36f5642a35efc197b98612f0e5",
+                    "378819dbd951424471777f89811e16d58010b1161254b4b74bdf487861e5a5f7",
+                    "1930371eb1a0cec8e5b7311f5476053304cff52572d3304cb71044159d7711ed",
+                    "3bd0b289aa4a812494c325fe9364eacbc1e800e312d9048db9bc48c49ced3523",
+                    "44a965a9c0f214704c2cd8c993ed701347e0fcd81132d4ee7085b22fe5031d48",
+                    "341822381fec4eaec4d7735ccd63c250f7a93caab334cd6b44d3a7c7f623ef39",
+                    "22ff13fa4513f554f10b6a38ee3f642cb2996788e4c6c4cfbed2962118ef73fd",
+                    "0f07c570d967fdd014a1990c6b0bddaa8d0e096841faa93f3afdc1f55779d868",
+                    "21eb0a07f6cbdaa846bc90ada59c653873674d1c417e86bad60619f28ce86102",
+                    "2c35fea69feeff1bd9031260d8c11a46473c82fb5be8cbe185eb486fb5f72c84",
+                    "19b2f654cd22a980242d96f861693c1a0d838df3d3627fb5247edf615badedea",
+                    "46d1fa84a261bf0f281f59544a2d5175091c2a672864ed93301558cd80b82b3f",
+                    "346a4804c4c61e3573b96fbfc1c3912087f2f68c01e4d50ba24e1e80c3aad02f",
+                    "31eeee772b983f6553c1721920e8a9c4ffd4f9c9197ab8161d278347ac538f0a",
+                    "1be801bcfc361a65283c4e8d07d2217d35a5ba9d356496a6c4f87043fc356f58",
+                    "0d8f3110fbd771989644939a3b0fcff866870ff88c05df7ee5a1235e4c4749f8",
+                    "19f84524d2718c165108376091927e42b63e2c8da8c2f92a37ae4c9c8d9275da",
+                    "2b307f42f7cf30065cce12063b3bcb8803a1e19d4aa73792f440b0f80c91fcf3",
+                    "2c45116ab57056f76d28d7a8929f1033bfdaaaaf2bf4a443ff150d75ae2b6013",
+                    "4c044cec574a1b83c341b25e2b3febec0955e3d8163f3ecd3c3ccfff800f0608",
+                    "1627c2372a603ac231a8709998ab1bf1096dea2e014cadd145afcf1dc550337e",
+                    "20edee9146f0772dac4efb13e92b9aa0c267c95ae509d751c8a991f0a95d0d2b"
+                ],
+                "mitre_attack_tags": [
+                    "TA0005",
+                    "TA0004",
+                    "T1055",
+                    "T1181"
+                ]
+            },
+            {
+                "bi": "antivirus-service-flagged-artifact",
+                "hashes": [
+                    "37dae85fa1f091a9c4270b77c628f46f559a8ed9d7a8302278ed348fbfa9fec0",
+                    "049c2426192d0e9d1fc2db3ebd48e07166dab4e0c840b22d0f45ede076f61389",
+                    "01bc3645259d6553ae26142e215713d74a4ab9b72ce70a0e407ef0b0c24f3a78",
+                    "3d7043f6f4bd7a68f0829df9bacf696dc7e9ea36f5642a35efc197b98612f0e5",
+                    "378819dbd951424471777f89811e16d58010b1161254b4b74bdf487861e5a5f7",
+                    "1930371eb1a0cec8e5b7311f5476053304cff52572d3304cb71044159d7711ed",
+                    "3bd0b289aa4a812494c325fe9364eacbc1e800e312d9048db9bc48c49ced3523",
+                    "44a965a9c0f214704c2cd8c993ed701347e0fcd81132d4ee7085b22fe5031d48",
+                    "341822381fec4eaec4d7735ccd63c250f7a93caab334cd6b44d3a7c7f623ef39",
+                    "22ff13fa4513f554f10b6a38ee3f642cb2996788e4c6c4cfbed2962118ef73fd",
+                    "0f07c570d967fdd014a1990c6b0bddaa8d0e096841faa93f3afdc1f55779d868",
+                    "21eb0a07f6cbdaa846bc90ada59c653873674d1c417e86bad60619f28ce86102",
+                    "2c35fea69feeff1bd9031260d8c11a46473c82fb5be8cbe185eb486fb5f72c84",
+                    "19b2f654cd22a980242d96f861693c1a0d838df3d3627fb5247edf615badedea",
+                    "46d1fa84a261bf0f281f59544a2d5175091c2a672864ed93301558cd80b82b3f",
+                    "346a4804c4c61e3573b96fbfc1c3912087f2f68c01e4d50ba24e1e80c3aad02f",
+                    "31eeee772b983f6553c1721920e8a9c4ffd4f9c9197ab8161d278347ac538f0a",
+                    "1be801bcfc361a65283c4e8d07d2217d35a5ba9d356496a6c4f87043fc356f58",
+                    "0d8f3110fbd771989644939a3b0fcff866870ff88c05df7ee5a1235e4c4749f8",
+                    "19f84524d2718c165108376091927e42b63e2c8da8c2f92a37ae4c9c8d9275da",
+                    "2b307f42f7cf30065cce12063b3bcb8803a1e19d4aa73792f440b0f80c91fcf3",
+                    "2c45116ab57056f76d28d7a8929f1033bfdaaaaf2bf4a443ff150d75ae2b6013",
+                    "4c044cec574a1b83c341b25e2b3febec0955e3d8163f3ecd3c3ccfff800f0608",
+                    "1627c2372a603ac231a8709998ab1bf1096dea2e014cadd145afcf1dc550337e",
+                    "20edee9146f0772dac4efb13e92b9aa0c267c95ae509d751c8a991f0a95d0d2b"
+                ],
+                "mitre_attack_tags": []
+            },
+            {
+                "bi": "cta-static-analyzer-malicious",
+                "hashes": [
+                    "37dae85fa1f091a9c4270b77c628f46f559a8ed9d7a8302278ed348fbfa9fec0",
+                    "049c2426192d0e9d1fc2db3ebd48e07166dab4e0c840b22d0f45ede076f61389",
+                    "01bc3645259d6553ae26142e215713d74a4ab9b72ce70a0e407ef0b0c24f3a78",
+                    "3d7043f6f4bd7a68f0829df9bacf696dc7e9ea36f5642a35efc197b98612f0e5",
+                    "378819dbd951424471777f89811e16d58010b1161254b4b74bdf487861e5a5f7",
+                    "1930371eb1a0cec8e5b7311f5476053304cff52572d3304cb71044159d7711ed",
+                    "3bd0b289aa4a812494c325fe9364eacbc1e800e312d9048db9bc48c49ced3523",
+                    "44a965a9c0f214704c2cd8c993ed701347e0fcd81132d4ee7085b22fe5031d48",
+                    "341822381fec4eaec4d7735ccd63c250f7a93caab334cd6b44d3a7c7f623ef39",
+                    "22ff13fa4513f554f10b6a38ee3f642cb2996788e4c6c4cfbed2962118ef73fd",
+                    "0f07c570d967fdd014a1990c6b0bddaa8d0e096841faa93f3afdc1f55779d868",
+                    "21eb0a07f6cbdaa846bc90ada59c653873674d1c417e86bad60619f28ce86102",
+                    "2c35fea69feeff1bd9031260d8c11a46473c82fb5be8cbe185eb486fb5f72c84",
+                    "19b2f654cd22a980242d96f861693c1a0d838df3d3627fb5247edf615badedea",
+                    "46d1fa84a261bf0f281f59544a2d5175091c2a672864ed93301558cd80b82b3f",
+                    "346a4804c4c61e3573b96fbfc1c3912087f2f68c01e4d50ba24e1e80c3aad02f",
+                    "31eeee772b983f6553c1721920e8a9c4ffd4f9c9197ab8161d278347ac538f0a",
+                    "1be801bcfc361a65283c4e8d07d2217d35a5ba9d356496a6c4f87043fc356f58",
+                    "0d8f3110fbd771989644939a3b0fcff866870ff88c05df7ee5a1235e4c4749f8",
+                    "19f84524d2718c165108376091927e42b63e2c8da8c2f92a37ae4c9c8d9275da",
+                    "2b307f42f7cf30065cce12063b3bcb8803a1e19d4aa73792f440b0f80c91fcf3",
+                    "2c45116ab57056f76d28d7a8929f1033bfdaaaaf2bf4a443ff150d75ae2b6013",
+                    "4c044cec574a1b83c341b25e2b3febec0955e3d8163f3ecd3c3ccfff800f0608",
+                    "1627c2372a603ac231a8709998ab1bf1096dea2e014cadd145afcf1dc550337e",
+                    "20edee9146f0772dac4efb13e92b9aa0c267c95ae509d751c8a991f0a95d0d2b"
+                ],
+                "mitre_attack_tags": []
+            },
+            {
+                "bi": "imports-IsDebuggerPresent",
+                "hashes": [
+                    "37dae85fa1f091a9c4270b77c628f46f559a8ed9d7a8302278ed348fbfa9fec0",
+                    "049c2426192d0e9d1fc2db3ebd48e07166dab4e0c840b22d0f45ede076f61389",
+                    "01bc3645259d6553ae26142e215713d74a4ab9b72ce70a0e407ef0b0c24f3a78",
+                    "3d7043f6f4bd7a68f0829df9bacf696dc7e9ea36f5642a35efc197b98612f0e5",
+                    "378819dbd951424471777f89811e16d58010b1161254b4b74bdf487861e5a5f7",
+                    "1930371eb1a0cec8e5b7311f5476053304cff52572d3304cb71044159d7711ed",
+                    "3bd0b289aa4a812494c325fe9364eacbc1e800e312d9048db9bc48c49ced3523",
+                    "44a965a9c0f214704c2cd8c993ed701347e0fcd81132d4ee7085b22fe5031d48",
+                    "341822381fec4eaec4d7735ccd63c250f7a93caab334cd6b44d3a7c7f623ef39",
+                    "22ff13fa4513f554f10b6a38ee3f642cb2996788e4c6c4cfbed2962118ef73fd",
+                    "0f07c570d967fdd014a1990c6b0bddaa8d0e096841faa93f3afdc1f55779d868",
+                    "21eb0a07f6cbdaa846bc90ada59c653873674d1c417e86bad60619f28ce86102",
+                    "2c35fea69feeff1bd9031260d8c11a46473c82fb5be8cbe185eb486fb5f72c84",
+                    "19b2f654cd22a980242d96f861693c1a0d838df3d3627fb5247edf615badedea",
+                    "46d1fa84a261bf0f281f59544a2d5175091c2a672864ed93301558cd80b82b3f",
+                    "346a4804c4c61e3573b96fbfc1c3912087f2f68c01e4d50ba24e1e80c3aad02f",
+                    "31eeee772b983f6553c1721920e8a9c4ffd4f9c9197ab8161d278347ac538f0a",
+                    "1be801bcfc361a65283c4e8d07d2217d35a5ba9d356496a6c4f87043fc356f58",
+                    "0d8f3110fbd771989644939a3b0fcff866870ff88c05df7ee5a1235e4c4749f8",
+                    "19f84524d2718c165108376091927e42b63e2c8da8c2f92a37ae4c9c8d9275da",
+                    "2b307f42f7cf30065cce12063b3bcb8803a1e19d4aa73792f440b0f80c91fcf3",
+                    "2c45116ab57056f76d28d7a8929f1033bfdaaaaf2bf4a443ff150d75ae2b6013",
+                    "4c044cec574a1b83c341b25e2b3febec0955e3d8163f3ecd3c3ccfff800f0608",
+                    "1627c2372a603ac231a8709998ab1bf1096dea2e014cadd145afcf1dc550337e",
+                    "20edee9146f0772dac4efb13e92b9aa0c267c95ae509d751c8a991f0a95d0d2b"
+                ],
+                "mitre_attack_tags": []
+            },
+            {
+                "bi": "modified-executable",
+                "hashes": [
+                    "37dae85fa1f091a9c4270b77c628f46f559a8ed9d7a8302278ed348fbfa9fec0",
+                    "049c2426192d0e9d1fc2db3ebd48e07166dab4e0c840b22d0f45ede076f61389",
+                    "01bc3645259d6553ae26142e215713d74a4ab9b72ce70a0e407ef0b0c24f3a78",
+                    "1930371eb1a0cec8e5b7311f5476053304cff52572d3304cb71044159d7711ed",
+                    "3bd0b289aa4a812494c325fe9364eacbc1e800e312d9048db9bc48c49ced3523",
+                    "44a965a9c0f214704c2cd8c993ed701347e0fcd81132d4ee7085b22fe5031d48",
+                    "341822381fec4eaec4d7735ccd63c250f7a93caab334cd6b44d3a7c7f623ef39",
+                    "22ff13fa4513f554f10b6a38ee3f642cb2996788e4c6c4cfbed2962118ef73fd",
+                    "0f07c570d967fdd014a1990c6b0bddaa8d0e096841faa93f3afdc1f55779d868",
+                    "21eb0a07f6cbdaa846bc90ada59c653873674d1c417e86bad60619f28ce86102",
+                    "346a4804c4c61e3573b96fbfc1c3912087f2f68c01e4d50ba24e1e80c3aad02f",
+                    "1be801bcfc361a65283c4e8d07d2217d35a5ba9d356496a6c4f87043fc356f58",
+                    "0d8f3110fbd771989644939a3b0fcff866870ff88c05df7ee5a1235e4c4749f8",
+                    "19f84524d2718c165108376091927e42b63e2c8da8c2f92a37ae4c9c8d9275da",
+                    "2b307f42f7cf30065cce12063b3bcb8803a1e19d4aa73792f440b0f80c91fcf3",
+                    "2c45116ab57056f76d28d7a8929f1033bfdaaaaf2bf4a443ff150d75ae2b6013",
+                    "4c044cec574a1b83c341b25e2b3febec0955e3d8163f3ecd3c3ccfff800f0608",
+                    "1627c2372a603ac231a8709998ab1bf1096dea2e014cadd145afcf1dc550337e",
+                    "20edee9146f0772dac4efb13e92b9aa0c267c95ae509d751c8a991f0a95d0d2b"
+                ],
+                "mitre_attack_tags": []
+            },
+            {
+                "bi": "feed-domain-antivirus-service",
+                "hashes": [
+                    "37dae85fa1f091a9c4270b77c628f46f559a8ed9d7a8302278ed348fbfa9fec0",
+                    "049c2426192d0e9d1fc2db3ebd48e07166dab4e0c840b22d0f45ede076f61389",
+                    "01bc3645259d6553ae26142e215713d74a4ab9b72ce70a0e407ef0b0c24f3a78",
+                    "1930371eb1a0cec8e5b7311f5476053304cff52572d3304cb71044159d7711ed",
+                    "3bd0b289aa4a812494c325fe9364eacbc1e800e312d9048db9bc48c49ced3523",
+                    "44a965a9c0f214704c2cd8c993ed701347e0fcd81132d4ee7085b22fe5031d48",
+                    "341822381fec4eaec4d7735ccd63c250f7a93caab334cd6b44d3a7c7f623ef39",
+                    "22ff13fa4513f554f10b6a38ee3f642cb2996788e4c6c4cfbed2962118ef73fd",
+                    "19f84524d2718c165108376091927e42b63e2c8da8c2f92a37ae4c9c8d9275da",
+                    "2b307f42f7cf30065cce12063b3bcb8803a1e19d4aa73792f440b0f80c91fcf3",
+                    "4c044cec574a1b83c341b25e2b3febec0955e3d8163f3ecd3c3ccfff800f0608",
+                    "20edee9146f0772dac4efb13e92b9aa0c267c95ae509d751c8a991f0a95d0d2b"
+                ],
+                "mitre_attack_tags": []
+            },
+            {
+                "bi": "modified-file-in-user-dir",
+                "hashes": [
+                    "0f07c570d967fdd014a1990c6b0bddaa8d0e096841faa93f3afdc1f55779d868",
+                    "21eb0a07f6cbdaa846bc90ada59c653873674d1c417e86bad60619f28ce86102",
+                    "2c35fea69feeff1bd9031260d8c11a46473c82fb5be8cbe185eb486fb5f72c84",
+                    "346a4804c4c61e3573b96fbfc1c3912087f2f68c01e4d50ba24e1e80c3aad02f",
+                    "1be801bcfc361a65283c4e8d07d2217d35a5ba9d356496a6c4f87043fc356f58",
+                    "0d8f3110fbd771989644939a3b0fcff866870ff88c05df7ee5a1235e4c4749f8",
+                    "19f84524d2718c165108376091927e42b63e2c8da8c2f92a37ae4c9c8d9275da",
+                    "2b307f42f7cf30065cce12063b3bcb8803a1e19d4aa73792f440b0f80c91fcf3",
+                    "2c45116ab57056f76d28d7a8929f1033bfdaaaaf2bf4a443ff150d75ae2b6013",
+                    "4c044cec574a1b83c341b25e2b3febec0955e3d8163f3ecd3c3ccfff800f0608",
+                    "1627c2372a603ac231a8709998ab1bf1096dea2e014cadd145afcf1dc550337e",
+                    "20edee9146f0772dac4efb13e92b9aa0c267c95ae509d751c8a991f0a95d0d2b"
+                ],
+                "mitre_attack_tags": []
+            },
+            {
+                "bi": "nginx-webserver-detected",
+                "hashes": [
+                    "37dae85fa1f091a9c4270b77c628f46f559a8ed9d7a8302278ed348fbfa9fec0",
+                    "049c2426192d0e9d1fc2db3ebd48e07166dab4e0c840b22d0f45ede076f61389",
+                    "1930371eb1a0cec8e5b7311f5476053304cff52572d3304cb71044159d7711ed",
+                    "3bd0b289aa4a812494c325fe9364eacbc1e800e312d9048db9bc48c49ced3523",
+                    "44a965a9c0f214704c2cd8c993ed701347e0fcd81132d4ee7085b22fe5031d48",
+                    "341822381fec4eaec4d7735ccd63c250f7a93caab334cd6b44d3a7c7f623ef39",
+                    "22ff13fa4513f554f10b6a38ee3f642cb2996788e4c6c4cfbed2962118ef73fd",
+                    "19f84524d2718c165108376091927e42b63e2c8da8c2f92a37ae4c9c8d9275da",
+                    "2b307f42f7cf30065cce12063b3bcb8803a1e19d4aa73792f440b0f80c91fcf3",
+                    "4c044cec574a1b83c341b25e2b3febec0955e3d8163f3ecd3c3ccfff800f0608",
+                    "20edee9146f0772dac4efb13e92b9aa0c267c95ae509d751c8a991f0a95d0d2b"
+                ],
+                "mitre_attack_tags": []
+            },
+            {
+                "bi": "registry-autorun-key-modified",
+                "hashes": [
+                    "37dae85fa1f091a9c4270b77c628f46f559a8ed9d7a8302278ed348fbfa9fec0",
+                    "049c2426192d0e9d1fc2db3ebd48e07166dab4e0c840b22d0f45ede076f61389",
+                    "01bc3645259d6553ae26142e215713d74a4ab9b72ce70a0e407ef0b0c24f3a78",
+                    "1930371eb1a0cec8e5b7311f5476053304cff52572d3304cb71044159d7711ed",
+                    "3bd0b289aa4a812494c325fe9364eacbc1e800e312d9048db9bc48c49ced3523",
+                    "44a965a9c0f214704c2cd8c993ed701347e0fcd81132d4ee7085b22fe5031d48",
+                    "341822381fec4eaec4d7735ccd63c250f7a93caab334cd6b44d3a7c7f623ef39",
+                    "22ff13fa4513f554f10b6a38ee3f642cb2996788e4c6c4cfbed2962118ef73fd",
+                    "19f84524d2718c165108376091927e42b63e2c8da8c2f92a37ae4c9c8d9275da",
+                    "2b307f42f7cf30065cce12063b3bcb8803a1e19d4aa73792f440b0f80c91fcf3",
+                    "4c044cec574a1b83c341b25e2b3febec0955e3d8163f3ecd3c3ccfff800f0608"
+                ],
+                "mitre_attack_tags": [
+                    "TA0003",
+                    "T1060"
+                ]
+            },
+            {
+                "bi": "pe-invalid-checksum",
+                "hashes": [
+                    "3d7043f6f4bd7a68f0829df9bacf696dc7e9ea36f5642a35efc197b98612f0e5",
+                    "378819dbd951424471777f89811e16d58010b1161254b4b74bdf487861e5a5f7",
+                    "0f07c570d967fdd014a1990c6b0bddaa8d0e096841faa93f3afdc1f55779d868",
+                    "21eb0a07f6cbdaa846bc90ada59c653873674d1c417e86bad60619f28ce86102",
+                    "46d1fa84a261bf0f281f59544a2d5175091c2a672864ed93301558cd80b82b3f",
+                    "346a4804c4c61e3573b96fbfc1c3912087f2f68c01e4d50ba24e1e80c3aad02f",
+                    "31eeee772b983f6553c1721920e8a9c4ffd4f9c9197ab8161d278347ac538f0a",
+                    "1be801bcfc361a65283c4e8d07d2217d35a5ba9d356496a6c4f87043fc356f58",
+                    "0d8f3110fbd771989644939a3b0fcff866870ff88c05df7ee5a1235e4c4749f8",
+                    "2c45116ab57056f76d28d7a8929f1033bfdaaaaf2bf4a443ff150d75ae2b6013",
+                    "1627c2372a603ac231a8709998ab1bf1096dea2e014cadd145afcf1dc550337e"
+                ],
+                "mitre_attack_tags": []
+            },
+            {
+                "bi": "created-executable-in-user-dir",
+                "hashes": [
+                    "0f07c570d967fdd014a1990c6b0bddaa8d0e096841faa93f3afdc1f55779d868",
+                    "21eb0a07f6cbdaa846bc90ada59c653873674d1c417e86bad60619f28ce86102",
+                    "346a4804c4c61e3573b96fbfc1c3912087f2f68c01e4d50ba24e1e80c3aad02f",
+                    "1be801bcfc361a65283c4e8d07d2217d35a5ba9d356496a6c4f87043fc356f58",
+                    "0d8f3110fbd771989644939a3b0fcff866870ff88c05df7ee5a1235e4c4749f8",
+                    "19f84524d2718c165108376091927e42b63e2c8da8c2f92a37ae4c9c8d9275da",
+                    "2b307f42f7cf30065cce12063b3bcb8803a1e19d4aa73792f440b0f80c91fcf3",
+                    "2c45116ab57056f76d28d7a8929f1033bfdaaaaf2bf4a443ff150d75ae2b6013",
+                    "4c044cec574a1b83c341b25e2b3febec0955e3d8163f3ecd3c3ccfff800f0608",
+                    "1627c2372a603ac231a8709998ab1bf1096dea2e014cadd145afcf1dc550337e",
+                    "20edee9146f0772dac4efb13e92b9aa0c267c95ae509d751c8a991f0a95d0d2b"
+                ],
+                "mitre_attack_tags": []
+            },
+            {
+                "bi": "network-fast-flux-domain",
+                "hashes": [
+                    "37dae85fa1f091a9c4270b77c628f46f559a8ed9d7a8302278ed348fbfa9fec0",
+                    "049c2426192d0e9d1fc2db3ebd48e07166dab4e0c840b22d0f45ede076f61389",
+                    "01bc3645259d6553ae26142e215713d74a4ab9b72ce70a0e407ef0b0c24f3a78",
+                    "1930371eb1a0cec8e5b7311f5476053304cff52572d3304cb71044159d7711ed",
+                    "3bd0b289aa4a812494c325fe9364eacbc1e800e312d9048db9bc48c49ced3523",
+                    "44a965a9c0f214704c2cd8c993ed701347e0fcd81132d4ee7085b22fe5031d48",
+                    "341822381fec4eaec4d7735ccd63c250f7a93caab334cd6b44d3a7c7f623ef39",
+                    "22ff13fa4513f554f10b6a38ee3f642cb2996788e4c6c4cfbed2962118ef73fd",
+                    "2b307f42f7cf30065cce12063b3bcb8803a1e19d4aa73792f440b0f80c91fcf3",
+                    "4c044cec574a1b83c341b25e2b3febec0955e3d8163f3ecd3c3ccfff800f0608"
+                ],
+                "mitre_attack_tags": []
+            },
+            {
+                "bi": "feed-domain-banking",
+                "hashes": [
+                    "37dae85fa1f091a9c4270b77c628f46f559a8ed9d7a8302278ed348fbfa9fec0",
+                    "049c2426192d0e9d1fc2db3ebd48e07166dab4e0c840b22d0f45ede076f61389",
+                    "01bc3645259d6553ae26142e215713d74a4ab9b72ce70a0e407ef0b0c24f3a78",
+                    "1930371eb1a0cec8e5b7311f5476053304cff52572d3304cb71044159d7711ed",
+                    "3bd0b289aa4a812494c325fe9364eacbc1e800e312d9048db9bc48c49ced3523",
+                    "44a965a9c0f214704c2cd8c993ed701347e0fcd81132d4ee7085b22fe5031d48",
+                    "341822381fec4eaec4d7735ccd63c250f7a93caab334cd6b44d3a7c7f623ef39",
+                    "22ff13fa4513f554f10b6a38ee3f642cb2996788e4c6c4cfbed2962118ef73fd",
+                    "2b307f42f7cf30065cce12063b3bcb8803a1e19d4aa73792f440b0f80c91fcf3",
+                    "4c044cec574a1b83c341b25e2b3febec0955e3d8163f3ecd3c3ccfff800f0608"
+                ],
+                "mitre_attack_tags": []
+            },
+            {
+                "bi": "url-not-found",
+                "hashes": [
+                    "37dae85fa1f091a9c4270b77c628f46f559a8ed9d7a8302278ed348fbfa9fec0",
+                    "049c2426192d0e9d1fc2db3ebd48e07166dab4e0c840b22d0f45ede076f61389",
+                    "1930371eb1a0cec8e5b7311f5476053304cff52572d3304cb71044159d7711ed",
+                    "3bd0b289aa4a812494c325fe9364eacbc1e800e312d9048db9bc48c49ced3523",
+                    "44a965a9c0f214704c2cd8c993ed701347e0fcd81132d4ee7085b22fe5031d48",
+                    "22ff13fa4513f554f10b6a38ee3f642cb2996788e4c6c4cfbed2962118ef73fd",
+                    "19f84524d2718c165108376091927e42b63e2c8da8c2f92a37ae4c9c8d9275da",
+                    "2b307f42f7cf30065cce12063b3bcb8803a1e19d4aa73792f440b0f80c91fcf3",
+                    "4c044cec574a1b83c341b25e2b3febec0955e3d8163f3ecd3c3ccfff800f0608"
+                ],
+                "mitre_attack_tags": []
+            },
+            {
+                "bi": "registry-large-data-entry",
+                "hashes": [
+                    "0f07c570d967fdd014a1990c6b0bddaa8d0e096841faa93f3afdc1f55779d868",
+                    "21eb0a07f6cbdaa846bc90ada59c653873674d1c417e86bad60619f28ce86102",
+                    "346a4804c4c61e3573b96fbfc1c3912087f2f68c01e4d50ba24e1e80c3aad02f",
+                    "1be801bcfc361a65283c4e8d07d2217d35a5ba9d356496a6c4f87043fc356f58",
+                    "0d8f3110fbd771989644939a3b0fcff866870ff88c05df7ee5a1235e4c4749f8",
+                    "2b307f42f7cf30065cce12063b3bcb8803a1e19d4aa73792f440b0f80c91fcf3",
+                    "2c45116ab57056f76d28d7a8929f1033bfdaaaaf2bf4a443ff150d75ae2b6013",
+                    "4c044cec574a1b83c341b25e2b3febec0955e3d8163f3ecd3c3ccfff800f0608",
+                    "1627c2372a603ac231a8709998ab1bf1096dea2e014cadd145afcf1dc550337e"
+                ],
+                "mitre_attack_tags": [
+                    "TA0005",
+                    "T1112"
+                ]
+            },
+            {
+                "bi": "network-file-uploaded",
+                "hashes": [
+                    "37dae85fa1f091a9c4270b77c628f46f559a8ed9d7a8302278ed348fbfa9fec0",
+                    "049c2426192d0e9d1fc2db3ebd48e07166dab4e0c840b22d0f45ede076f61389",
+                    "1930371eb1a0cec8e5b7311f5476053304cff52572d3304cb71044159d7711ed",
+                    "3bd0b289aa4a812494c325fe9364eacbc1e800e312d9048db9bc48c49ced3523",
+                    "44a965a9c0f214704c2cd8c993ed701347e0fcd81132d4ee7085b22fe5031d48",
+                    "341822381fec4eaec4d7735ccd63c250f7a93caab334cd6b44d3a7c7f623ef39",
+                    "22ff13fa4513f554f10b6a38ee3f642cb2996788e4c6c4cfbed2962118ef73fd",
+                    "19f84524d2718c165108376091927e42b63e2c8da8c2f92a37ae4c9c8d9275da"
+                ],
+                "mitre_attack_tags": [
+                    "TA0010",
+                    "T1011"
+                ]
+            },
+            {
+                "bi": "network-communications-http-post",
+                "hashes": [
+                    "37dae85fa1f091a9c4270b77c628f46f559a8ed9d7a8302278ed348fbfa9fec0",
+                    "049c2426192d0e9d1fc2db3ebd48e07166dab4e0c840b22d0f45ede076f61389",
+                    "1930371eb1a0cec8e5b7311f5476053304cff52572d3304cb71044159d7711ed",
+                    "3bd0b289aa4a812494c325fe9364eacbc1e800e312d9048db9bc48c49ced3523",
+                    "44a965a9c0f214704c2cd8c993ed701347e0fcd81132d4ee7085b22fe5031d48",
+                    "341822381fec4eaec4d7735ccd63c250f7a93caab334cd6b44d3a7c7f623ef39",
+                    "22ff13fa4513f554f10b6a38ee3f642cb2996788e4c6c4cfbed2962118ef73fd",
+                    "19f84524d2718c165108376091927e42b63e2c8da8c2f92a37ae4c9c8d9275da"
+                ],
+                "mitre_attack_tags": [
+                    "TA0011",
+                    "TA0010",
+                    "T1048"
+                ]
+            },
+            {
+                "bi": "network-only-safe-domains-contacted",
+                "hashes": [
+                    "37dae85fa1f091a9c4270b77c628f46f559a8ed9d7a8302278ed348fbfa9fec0",
+                    "049c2426192d0e9d1fc2db3ebd48e07166dab4e0c840b22d0f45ede076f61389",
+                    "01bc3645259d6553ae26142e215713d74a4ab9b72ce70a0e407ef0b0c24f3a78",
+                    "1930371eb1a0cec8e5b7311f5476053304cff52572d3304cb71044159d7711ed",
+                    "3bd0b289aa4a812494c325fe9364eacbc1e800e312d9048db9bc48c49ced3523",
+                    "44a965a9c0f214704c2cd8c993ed701347e0fcd81132d4ee7085b22fe5031d48",
+                    "341822381fec4eaec4d7735ccd63c250f7a93caab334cd6b44d3a7c7f623ef39",
+                    "22ff13fa4513f554f10b6a38ee3f642cb2996788e4c6c4cfbed2962118ef73fd"
+                ],
+                "mitre_attack_tags": []
+            },
+            {
+                "bi": "feed-domain-rat",
+                "hashes": [
+                    "37dae85fa1f091a9c4270b77c628f46f559a8ed9d7a8302278ed348fbfa9fec0",
+                    "049c2426192d0e9d1fc2db3ebd48e07166dab4e0c840b22d0f45ede076f61389",
+                    "01bc3645259d6553ae26142e215713d74a4ab9b72ce70a0e407ef0b0c24f3a78",
+                    "1930371eb1a0cec8e5b7311f5476053304cff52572d3304cb71044159d7711ed",
+                    "3bd0b289aa4a812494c325fe9364eacbc1e800e312d9048db9bc48c49ced3523",
+                    "44a965a9c0f214704c2cd8c993ed701347e0fcd81132d4ee7085b22fe5031d48",
+                    "341822381fec4eaec4d7735ccd63c250f7a93caab334cd6b44d3a7c7f623ef39",
+                    "22ff13fa4513f554f10b6a38ee3f642cb2996788e4c6c4cfbed2962118ef73fd"
+                ],
+                "mitre_attack_tags": []
+            },
+            {
+                "bi": "deleted-submitted-file",
+                "hashes": [
+                    "37dae85fa1f091a9c4270b77c628f46f559a8ed9d7a8302278ed348fbfa9fec0",
+                    "049c2426192d0e9d1fc2db3ebd48e07166dab4e0c840b22d0f45ede076f61389",
+                    "01bc3645259d6553ae26142e215713d74a4ab9b72ce70a0e407ef0b0c24f3a78",
+                    "1930371eb1a0cec8e5b7311f5476053304cff52572d3304cb71044159d7711ed",
+                    "3bd0b289aa4a812494c325fe9364eacbc1e800e312d9048db9bc48c49ced3523",
+                    "44a965a9c0f214704c2cd8c993ed701347e0fcd81132d4ee7085b22fe5031d48",
+                    "341822381fec4eaec4d7735ccd63c250f7a93caab334cd6b44d3a7c7f623ef39",
+                    "22ff13fa4513f554f10b6a38ee3f642cb2996788e4c6c4cfbed2962118ef73fd"
+                ],
+                "mitre_attack_tags": [
+                    "TA0005",
+                    "T1107"
+                ]
+            },
+            {
+                "bi": "dns-public-server-contacted",
+                "hashes": [
+                    "37dae85fa1f091a9c4270b77c628f46f559a8ed9d7a8302278ed348fbfa9fec0",
+                    "049c2426192d0e9d1fc2db3ebd48e07166dab4e0c840b22d0f45ede076f61389",
+                    "01bc3645259d6553ae26142e215713d74a4ab9b72ce70a0e407ef0b0c24f3a78",
+                    "1930371eb1a0cec8e5b7311f5476053304cff52572d3304cb71044159d7711ed",
+                    "3bd0b289aa4a812494c325fe9364eacbc1e800e312d9048db9bc48c49ced3523",
+                    "44a965a9c0f214704c2cd8c993ed701347e0fcd81132d4ee7085b22fe5031d48",
+                    "341822381fec4eaec4d7735ccd63c250f7a93caab334cd6b44d3a7c7f623ef39",
+                    "22ff13fa4513f554f10b6a38ee3f642cb2996788e4c6c4cfbed2962118ef73fd"
+                ],
+                "mitre_attack_tags": [
+                    "TA0011",
+                    "TA0005"
+                ]
+            },
+            {
+                "bi": "registry-hide-files",
+                "hashes": [
+                    "37dae85fa1f091a9c4270b77c628f46f559a8ed9d7a8302278ed348fbfa9fec0",
+                    "049c2426192d0e9d1fc2db3ebd48e07166dab4e0c840b22d0f45ede076f61389",
+                    "01bc3645259d6553ae26142e215713d74a4ab9b72ce70a0e407ef0b0c24f3a78",
+                    "1930371eb1a0cec8e5b7311f5476053304cff52572d3304cb71044159d7711ed",
+                    "3bd0b289aa4a812494c325fe9364eacbc1e800e312d9048db9bc48c49ced3523",
+                    "44a965a9c0f214704c2cd8c993ed701347e0fcd81132d4ee7085b22fe5031d48",
+                    "341822381fec4eaec4d7735ccd63c250f7a93caab334cd6b44d3a7c7f623ef39",
+                    "22ff13fa4513f554f10b6a38ee3f642cb2996788e4c6c4cfbed2962118ef73fd"
+                ],
+                "mitre_attack_tags": [
+                    "TA0005",
+                    "T1158"
+                ]
+            },
+            {
+                "bi": "registry-autorun-key-modified-nt",
+                "hashes": [
+                    "37dae85fa1f091a9c4270b77c628f46f559a8ed9d7a8302278ed348fbfa9fec0",
+                    "049c2426192d0e9d1fc2db3ebd48e07166dab4e0c840b22d0f45ede076f61389",
+                    "01bc3645259d6553ae26142e215713d74a4ab9b72ce70a0e407ef0b0c24f3a78",
+                    "1930371eb1a0cec8e5b7311f5476053304cff52572d3304cb71044159d7711ed",
+                    "3bd0b289aa4a812494c325fe9364eacbc1e800e312d9048db9bc48c49ced3523",
+                    "44a965a9c0f214704c2cd8c993ed701347e0fcd81132d4ee7085b22fe5031d48",
+                    "341822381fec4eaec4d7735ccd63c250f7a93caab334cd6b44d3a7c7f623ef39",
+                    "22ff13fa4513f554f10b6a38ee3f642cb2996788e4c6c4cfbed2962118ef73fd"
+                ],
+                "mitre_attack_tags": [
+                    "TA0003",
+                    "T1060"
+                ]
+            },
+            {
+                "bi": "registry-service-autostart-disabled",
+                "hashes": [
+                    "37dae85fa1f091a9c4270b77c628f46f559a8ed9d7a8302278ed348fbfa9fec0",
+                    "049c2426192d0e9d1fc2db3ebd48e07166dab4e0c840b22d0f45ede076f61389",
+                    "01bc3645259d6553ae26142e215713d74a4ab9b72ce70a0e407ef0b0c24f3a78",
+                    "1930371eb1a0cec8e5b7311f5476053304cff52572d3304cb71044159d7711ed",
+                    "3bd0b289aa4a812494c325fe9364eacbc1e800e312d9048db9bc48c49ced3523",
+                    "44a965a9c0f214704c2cd8c993ed701347e0fcd81132d4ee7085b22fe5031d48",
+                    "341822381fec4eaec4d7735ccd63c250f7a93caab334cd6b44d3a7c7f623ef39",
+                    "22ff13fa4513f554f10b6a38ee3f642cb2996788e4c6c4cfbed2962118ef73fd"
+                ],
+                "mitre_attack_tags": [
+                    "TA0003",
+                    "T1112",
+                    "T1489",
+                    "T1058"
+                ]
+            },
+            {
+                "bi": "registry-disablesuac",
+                "hashes": [
+                    "37dae85fa1f091a9c4270b77c628f46f559a8ed9d7a8302278ed348fbfa9fec0",
+                    "049c2426192d0e9d1fc2db3ebd48e07166dab4e0c840b22d0f45ede076f61389",
+                    "01bc3645259d6553ae26142e215713d74a4ab9b72ce70a0e407ef0b0c24f3a78",
+                    "1930371eb1a0cec8e5b7311f5476053304cff52572d3304cb71044159d7711ed",
+                    "3bd0b289aa4a812494c325fe9364eacbc1e800e312d9048db9bc48c49ced3523",
+                    "44a965a9c0f214704c2cd8c993ed701347e0fcd81132d4ee7085b22fe5031d48",
+                    "341822381fec4eaec4d7735ccd63c250f7a93caab334cd6b44d3a7c7f623ef39",
+                    "22ff13fa4513f554f10b6a38ee3f642cb2996788e4c6c4cfbed2962118ef73fd"
+                ],
+                "mitre_attack_tags": [
+                    "TA0005",
+                    "TA0002",
+                    "TA0004",
+                    "T1088",
+                    "T1089"
+                ]
+            },
+            {
+                "bi": "registry-action-center-disabled",
+                "hashes": [
+                    "37dae85fa1f091a9c4270b77c628f46f559a8ed9d7a8302278ed348fbfa9fec0",
+                    "049c2426192d0e9d1fc2db3ebd48e07166dab4e0c840b22d0f45ede076f61389",
+                    "01bc3645259d6553ae26142e215713d74a4ab9b72ce70a0e407ef0b0c24f3a78",
+                    "1930371eb1a0cec8e5b7311f5476053304cff52572d3304cb71044159d7711ed",
+                    "3bd0b289aa4a812494c325fe9364eacbc1e800e312d9048db9bc48c49ced3523",
+                    "44a965a9c0f214704c2cd8c993ed701347e0fcd81132d4ee7085b22fe5031d48",
+                    "341822381fec4eaec4d7735ccd63c250f7a93caab334cd6b44d3a7c7f623ef39",
+                    "22ff13fa4513f554f10b6a38ee3f642cb2996788e4c6c4cfbed2962118ef73fd"
+                ],
+                "mitre_attack_tags": [
+                    "TA0005",
+                    "T1089"
+                ]
+            },
+            {
+                "bi": "malware-chthonic-rat-detected",
+                "hashes": [
+                    "37dae85fa1f091a9c4270b77c628f46f559a8ed9d7a8302278ed348fbfa9fec0",
+                    "049c2426192d0e9d1fc2db3ebd48e07166dab4e0c840b22d0f45ede076f61389",
+                    "01bc3645259d6553ae26142e215713d74a4ab9b72ce70a0e407ef0b0c24f3a78",
+                    "1930371eb1a0cec8e5b7311f5476053304cff52572d3304cb71044159d7711ed",
+                    "3bd0b289aa4a812494c325fe9364eacbc1e800e312d9048db9bc48c49ced3523",
+                    "44a965a9c0f214704c2cd8c993ed701347e0fcd81132d4ee7085b22fe5031d48",
+                    "341822381fec4eaec4d7735ccd63c250f7a93caab334cd6b44d3a7c7f623ef39",
+                    "22ff13fa4513f554f10b6a38ee3f642cb2996788e4c6c4cfbed2962118ef73fd"
+                ],
+                "mitre_attack_tags": []
+            },
+            {
+                "bi": "pe-imports-psapi-dll",
+                "hashes": [
+                    "0f07c570d967fdd014a1990c6b0bddaa8d0e096841faa93f3afdc1f55779d868",
+                    "21eb0a07f6cbdaa846bc90ada59c653873674d1c417e86bad60619f28ce86102",
+                    "346a4804c4c61e3573b96fbfc1c3912087f2f68c01e4d50ba24e1e80c3aad02f",
+                    "1be801bcfc361a65283c4e8d07d2217d35a5ba9d356496a6c4f87043fc356f58",
+                    "0d8f3110fbd771989644939a3b0fcff866870ff88c05df7ee5a1235e4c4749f8",
+                    "19f84524d2718c165108376091927e42b63e2c8da8c2f92a37ae4c9c8d9275da",
+                    "2c45116ab57056f76d28d7a8929f1033bfdaaaaf2bf4a443ff150d75ae2b6013",
+                    "1627c2372a603ac231a8709998ab1bf1096dea2e014cadd145afcf1dc550337e"
+                ],
+                "mitre_attack_tags": [
+                    "TA0007",
+                    "T1057"
+                ]
+            },
+            {
+                "bi": "pe-imports-toolhelp",
+                "hashes": [
+                    "0f07c570d967fdd014a1990c6b0bddaa8d0e096841faa93f3afdc1f55779d868",
+                    "21eb0a07f6cbdaa846bc90ada59c653873674d1c417e86bad60619f28ce86102",
+                    "346a4804c4c61e3573b96fbfc1c3912087f2f68c01e4d50ba24e1e80c3aad02f",
+                    "1be801bcfc361a65283c4e8d07d2217d35a5ba9d356496a6c4f87043fc356f58",
+                    "0d8f3110fbd771989644939a3b0fcff866870ff88c05df7ee5a1235e4c4749f8",
+                    "19f84524d2718c165108376091927e42b63e2c8da8c2f92a37ae4c9c8d9275da",
+                    "2c45116ab57056f76d28d7a8929f1033bfdaaaaf2bf4a443ff150d75ae2b6013",
+                    "1627c2372a603ac231a8709998ab1bf1096dea2e014cadd145afcf1dc550337e"
+                ],
+                "mitre_attack_tags": [
+                    "TA0007",
+                    "T1057"
+                ]
+            },
+            {
+                "bi": "pe-header-timestamp-prior",
+                "hashes": [
+                    "0f07c570d967fdd014a1990c6b0bddaa8d0e096841faa93f3afdc1f55779d868",
+                    "21eb0a07f6cbdaa846bc90ada59c653873674d1c417e86bad60619f28ce86102",
+                    "346a4804c4c61e3573b96fbfc1c3912087f2f68c01e4d50ba24e1e80c3aad02f",
+                    "31eeee772b983f6553c1721920e8a9c4ffd4f9c9197ab8161d278347ac538f0a",
+                    "1be801bcfc361a65283c4e8d07d2217d35a5ba9d356496a6c4f87043fc356f58",
+                    "0d8f3110fbd771989644939a3b0fcff866870ff88c05df7ee5a1235e4c4749f8",
+                    "2c45116ab57056f76d28d7a8929f1033bfdaaaaf2bf4a443ff150d75ae2b6013",
+                    "1627c2372a603ac231a8709998ab1bf1096dea2e014cadd145afcf1dc550337e"
+                ],
+                "mitre_attack_tags": []
+            },
+            {
+                "bi": "pe-header-timestamp-null",
+                "hashes": [
+                    "0f07c570d967fdd014a1990c6b0bddaa8d0e096841faa93f3afdc1f55779d868",
+                    "21eb0a07f6cbdaa846bc90ada59c653873674d1c417e86bad60619f28ce86102",
+                    "346a4804c4c61e3573b96fbfc1c3912087f2f68c01e4d50ba24e1e80c3aad02f",
+                    "31eeee772b983f6553c1721920e8a9c4ffd4f9c9197ab8161d278347ac538f0a",
+                    "1be801bcfc361a65283c4e8d07d2217d35a5ba9d356496a6c4f87043fc356f58",
+                    "0d8f3110fbd771989644939a3b0fcff866870ff88c05df7ee5a1235e4c4749f8",
+                    "2c45116ab57056f76d28d7a8929f1033bfdaaaaf2bf4a443ff150d75ae2b6013",
+                    "1627c2372a603ac231a8709998ab1bf1096dea2e014cadd145afcf1dc550337e"
+                ],
+                "mitre_attack_tags": []
+            },
+            {
+                "bi": "network-opendns-malicious",
+                "hashes": [
+                    "37dae85fa1f091a9c4270b77c628f46f559a8ed9d7a8302278ed348fbfa9fec0",
+                    "049c2426192d0e9d1fc2db3ebd48e07166dab4e0c840b22d0f45ede076f61389",
+                    "1930371eb1a0cec8e5b7311f5476053304cff52572d3304cb71044159d7711ed",
+                    "3bd0b289aa4a812494c325fe9364eacbc1e800e312d9048db9bc48c49ced3523",
+                    "44a965a9c0f214704c2cd8c993ed701347e0fcd81132d4ee7085b22fe5031d48",
+                    "22ff13fa4513f554f10b6a38ee3f642cb2996788e4c6c4cfbed2962118ef73fd",
+                    "19f84524d2718c165108376091927e42b63e2c8da8c2f92a37ae4c9c8d9275da"
+                ],
+                "mitre_attack_tags": []
+            },
+            {
+                "bi": "network-dns-upload-file",
+                "hashes": [
+                    "37dae85fa1f091a9c4270b77c628f46f559a8ed9d7a8302278ed348fbfa9fec0",
+                    "049c2426192d0e9d1fc2db3ebd48e07166dab4e0c840b22d0f45ede076f61389",
+                    "1930371eb1a0cec8e5b7311f5476053304cff52572d3304cb71044159d7711ed",
+                    "3bd0b289aa4a812494c325fe9364eacbc1e800e312d9048db9bc48c49ced3523",
+                    "44a965a9c0f214704c2cd8c993ed701347e0fcd81132d4ee7085b22fe5031d48",
+                    "22ff13fa4513f554f10b6a38ee3f642cb2996788e4c6c4cfbed2962118ef73fd",
+                    "19f84524d2718c165108376091927e42b63e2c8da8c2f92a37ae4c9c8d9275da"
+                ],
+                "mitre_attack_tags": []
+            },
+            {
+                "bi": "recycler-file-creation",
+                "hashes": [
+                    "0f07c570d967fdd014a1990c6b0bddaa8d0e096841faa93f3afdc1f55779d868",
+                    "21eb0a07f6cbdaa846bc90ada59c653873674d1c417e86bad60619f28ce86102",
+                    "346a4804c4c61e3573b96fbfc1c3912087f2f68c01e4d50ba24e1e80c3aad02f",
+                    "1be801bcfc361a65283c4e8d07d2217d35a5ba9d356496a6c4f87043fc356f58",
+                    "0d8f3110fbd771989644939a3b0fcff866870ff88c05df7ee5a1235e4c4749f8",
+                    "2c45116ab57056f76d28d7a8929f1033bfdaaaaf2bf4a443ff150d75ae2b6013",
+                    "1627c2372a603ac231a8709998ab1bf1096dea2e014cadd145afcf1dc550337e"
+                ],
+                "mitre_attack_tags": [
+                    "TA0005",
+                    "T1027"
+                ]
+            },
+            {
+                "bi": "pe-section-name-contains-whitespace",
+                "hashes": [
+                    "0f07c570d967fdd014a1990c6b0bddaa8d0e096841faa93f3afdc1f55779d868",
+                    "21eb0a07f6cbdaa846bc90ada59c653873674d1c417e86bad60619f28ce86102",
+                    "346a4804c4c61e3573b96fbfc1c3912087f2f68c01e4d50ba24e1e80c3aad02f",
+                    "1be801bcfc361a65283c4e8d07d2217d35a5ba9d356496a6c4f87043fc356f58",
+                    "0d8f3110fbd771989644939a3b0fcff866870ff88c05df7ee5a1235e4c4749f8",
+                    "2c45116ab57056f76d28d7a8929f1033bfdaaaaf2bf4a443ff150d75ae2b6013",
+                    "1627c2372a603ac231a8709998ab1bf1096dea2e014cadd145afcf1dc550337e"
+                ],
+                "mitre_attack_tags": []
+            },
+            {
+                "bi": "process-check-deep-freeze",
+                "hashes": [
+                    "0f07c570d967fdd014a1990c6b0bddaa8d0e096841faa93f3afdc1f55779d868",
+                    "21eb0a07f6cbdaa846bc90ada59c653873674d1c417e86bad60619f28ce86102",
+                    "346a4804c4c61e3573b96fbfc1c3912087f2f68c01e4d50ba24e1e80c3aad02f",
+                    "1be801bcfc361a65283c4e8d07d2217d35a5ba9d356496a6c4f87043fc356f58",
+                    "0d8f3110fbd771989644939a3b0fcff866870ff88c05df7ee5a1235e4c4749f8",
+                    "2c45116ab57056f76d28d7a8929f1033bfdaaaaf2bf4a443ff150d75ae2b6013",
+                    "1627c2372a603ac231a8709998ab1bf1096dea2e014cadd145afcf1dc550337e"
+                ],
+                "mitre_attack_tags": [
+                    "TA0007",
+                    "T1497"
+                ]
+            },
+            {
+                "bi": "process-check-analysis-tools",
+                "hashes": [
+                    "0f07c570d967fdd014a1990c6b0bddaa8d0e096841faa93f3afdc1f55779d868",
+                    "21eb0a07f6cbdaa846bc90ada59c653873674d1c417e86bad60619f28ce86102",
+                    "346a4804c4c61e3573b96fbfc1c3912087f2f68c01e4d50ba24e1e80c3aad02f",
+                    "1be801bcfc361a65283c4e8d07d2217d35a5ba9d356496a6c4f87043fc356f58",
+                    "0d8f3110fbd771989644939a3b0fcff866870ff88c05df7ee5a1235e4c4749f8",
+                    "2c45116ab57056f76d28d7a8929f1033bfdaaaaf2bf4a443ff150d75ae2b6013",
+                    "1627c2372a603ac231a8709998ab1bf1096dea2e014cadd145afcf1dc550337e"
+                ],
+                "mitre_attack_tags": [
+                    "TA0007",
+                    "T1497"
+                ]
+            },
+            {
+                "bi": "dns-excessive-domain-queries",
+                "hashes": [
+                    "37dae85fa1f091a9c4270b77c628f46f559a8ed9d7a8302278ed348fbfa9fec0",
+                    "049c2426192d0e9d1fc2db3ebd48e07166dab4e0c840b22d0f45ede076f61389",
+                    "1930371eb1a0cec8e5b7311f5476053304cff52572d3304cb71044159d7711ed",
+                    "3bd0b289aa4a812494c325fe9364eacbc1e800e312d9048db9bc48c49ced3523",
+                    "44a965a9c0f214704c2cd8c993ed701347e0fcd81132d4ee7085b22fe5031d48",
+                    "22ff13fa4513f554f10b6a38ee3f642cb2996788e4c6c4cfbed2962118ef73fd"
+                ],
+                "mitre_attack_tags": [
+                    "TA0011",
+                    "T1008"
+                ]
+            },
+            {
+                "bi": "altered-sample-dns-flagged",
+                "hashes": [
+                    "37dae85fa1f091a9c4270b77c628f46f559a8ed9d7a8302278ed348fbfa9fec0",
+                    "049c2426192d0e9d1fc2db3ebd48e07166dab4e0c840b22d0f45ede076f61389",
+                    "1930371eb1a0cec8e5b7311f5476053304cff52572d3304cb71044159d7711ed",
+                    "3bd0b289aa4a812494c325fe9364eacbc1e800e312d9048db9bc48c49ced3523",
+                    "44a965a9c0f214704c2cd8c993ed701347e0fcd81132d4ee7085b22fe5031d48",
+                    "22ff13fa4513f554f10b6a38ee3f642cb2996788e4c6c4cfbed2962118ef73fd"
+                ],
+                "mitre_attack_tags": [
+                    "TA0005",
+                    "T1102"
+                ]
+            },
+            {
+                "bi": "dns-query-nxdomain",
+                "hashes": [
+                    "01bc3645259d6553ae26142e215713d74a4ab9b72ce70a0e407ef0b0c24f3a78",
+                    "19f84524d2718c165108376091927e42b63e2c8da8c2f92a37ae4c9c8d9275da",
+                    "2b307f42f7cf30065cce12063b3bcb8803a1e19d4aa73792f440b0f80c91fcf3",
+                    "4c044cec574a1b83c341b25e2b3febec0955e3d8163f3ecd3c3ccfff800f0608",
+                    "20edee9146f0772dac4efb13e92b9aa0c267c95ae509d751c8a991f0a95d0d2b"
+                ],
+                "mitre_attack_tags": []
+            },
+            {
+                "bi": "registry-autorun-key-data-dir",
+                "hashes": [
+                    "19f84524d2718c165108376091927e42b63e2c8da8c2f92a37ae4c9c8d9275da",
+                    "2b307f42f7cf30065cce12063b3bcb8803a1e19d4aa73792f440b0f80c91fcf3",
+                    "4c044cec574a1b83c341b25e2b3febec0955e3d8163f3ecd3c3ccfff800f0608"
+                ],
+                "mitre_attack_tags": [
+                    "TA0003",
+                    "T1060"
+                ]
+            },
+            {
+                "bi": "network-communications-http-get",
+                "hashes": [
+                    "2b307f42f7cf30065cce12063b3bcb8803a1e19d4aa73792f440b0f80c91fcf3",
+                    "4c044cec574a1b83c341b25e2b3febec0955e3d8163f3ecd3c3ccfff800f0608",
+                    "20edee9146f0772dac4efb13e92b9aa0c267c95ae509d751c8a991f0a95d0d2b"
+                ],
+                "mitre_attack_tags": [
+                    "TA0011",
+                    "TA0010",
+                    "T1105",
+                    "T1043"
+                ]
+            },
+            {
+                "bi": "network-fast-flux-nameserver",
+                "hashes": [
+                    "01bc3645259d6553ae26142e215713d74a4ab9b72ce70a0e407ef0b0c24f3a78",
+                    "2b307f42f7cf30065cce12063b3bcb8803a1e19d4aa73792f440b0f80c91fcf3"
+                ],
+                "mitre_attack_tags": []
+            },
+            {
+                "bi": "netbios-query",
+                "hashes": [
+                    "01bc3645259d6553ae26142e215713d74a4ab9b72ce70a0e407ef0b0c24f3a78",
+                    "20edee9146f0772dac4efb13e92b9aa0c267c95ae509d751c8a991f0a95d0d2b"
+                ],
+                "mitre_attack_tags": []
+            },
+            {
+                "bi": "process-long-cmdline",
+                "hashes": [
+                    "2b307f42f7cf30065cce12063b3bcb8803a1e19d4aa73792f440b0f80c91fcf3",
+                    "4c044cec574a1b83c341b25e2b3febec0955e3d8163f3ecd3c3ccfff800f0608"
+                ],
+                "mitre_attack_tags": [
+                    "TA0005",
+                    "T1027"
+                ]
+            },
+            {
+                "bi": "network-snort-server",
+                "hashes": [
+                    "2b307f42f7cf30065cce12063b3bcb8803a1e19d4aa73792f440b0f80c91fcf3",
+                    "4c044cec574a1b83c341b25e2b3febec0955e3d8163f3ecd3c3ccfff800f0608"
+                ],
+                "mitre_attack_tags": []
+            },
+            {
+                "bi": "network-snort-protocol",
+                "hashes": [
+                    "2b307f42f7cf30065cce12063b3bcb8803a1e19d4aa73792f440b0f80c91fcf3",
+                    "4c044cec574a1b83c341b25e2b3febec0955e3d8163f3ecd3c3ccfff800f0608"
+                ],
+                "mitre_attack_tags": []
+            },
+            {
+                "bi": "files-deleted-used-batch",
+                "hashes": [
+                    "2b307f42f7cf30065cce12063b3bcb8803a1e19d4aa73792f440b0f80c91fcf3",
+                    "4c044cec574a1b83c341b25e2b3febec0955e3d8163f3ecd3c3ccfff800f0608"
+                ],
+                "mitre_attack_tags": [
+                    "TA0005",
+                    "T1107"
+                ]
+            },
+            {
+                "bi": "cmd-exe-file-execution",
+                "hashes": [
+                    "2b307f42f7cf30065cce12063b3bcb8803a1e19d4aa73792f440b0f80c91fcf3",
+                    "4c044cec574a1b83c341b25e2b3febec0955e3d8163f3ecd3c3ccfff800f0608"
+                ],
+                "mitre_attack_tags": [
+                    "TA0002",
+                    "T1059"
+                ]
+            },
+            {
+                "bi": "http-response-redirect",
+                "hashes": [
+                    "2b307f42f7cf30065cce12063b3bcb8803a1e19d4aa73792f440b0f80c91fcf3",
+                    "4c044cec574a1b83c341b25e2b3febec0955e3d8163f3ecd3c3ccfff800f0608"
+                ],
+                "mitre_attack_tags": []
+            },
+            {
+                "bi": "script-contains-url",
+                "hashes": [
+                    "2b307f42f7cf30065cce12063b3bcb8803a1e19d4aa73792f440b0f80c91fcf3",
+                    "4c044cec574a1b83c341b25e2b3febec0955e3d8163f3ecd3c3ccfff800f0608"
+                ],
+                "mitre_attack_tags": []
+            },
+            {
+                "bi": "registry-windows-defender-exclusions-added",
+                "hashes": [
+                    "2b307f42f7cf30065cce12063b3bcb8803a1e19d4aa73792f440b0f80c91fcf3",
+                    "4c044cec574a1b83c341b25e2b3febec0955e3d8163f3ecd3c3ccfff800f0608"
+                ],
+                "mitre_attack_tags": [
+                    "TA0005",
+                    "T1089"
+                ]
+            },
+            {
+                "bi": "network-explorer-process",
+                "hashes": [
+                    "2b307f42f7cf30065cce12063b3bcb8803a1e19d4aa73792f440b0f80c91fcf3",
+                    "4c044cec574a1b83c341b25e2b3febec0955e3d8163f3ecd3c3ccfff800f0608"
+                ],
+                "mitre_attack_tags": [
+                    "TA0011",
+                    "TA0005",
+                    "T1055"
+                ]
+            },
+            {
+                "bi": "firefox-prefs-modified",
+                "hashes": [
+                    "2b307f42f7cf30065cce12063b3bcb8803a1e19d4aa73792f440b0f80c91fcf3",
+                    "4c044cec574a1b83c341b25e2b3febec0955e3d8163f3ecd3c3ccfff800f0608"
+                ],
+                "mitre_attack_tags": [
+                    "TA0009"
+                ]
+            },
+            {
+                "bi": "malware-ursnif-detected",
+                "hashes": [
+                    "2b307f42f7cf30065cce12063b3bcb8803a1e19d4aa73792f440b0f80c91fcf3",
+                    "4c044cec574a1b83c341b25e2b3febec0955e3d8163f3ecd3c3ccfff800f0608"
+                ],
+                "mitre_attack_tags": []
+            },
+            {
+                "bi": "malware-ursnif-bypass-check-detected",
+                "hashes": [
+                    "2b307f42f7cf30065cce12063b3bcb8803a1e19d4aa73792f440b0f80c91fcf3",
+                    "4c044cec574a1b83c341b25e2b3febec0955e3d8163f3ecd3c3ccfff800f0608"
+                ],
+                "mitre_attack_tags": []
+            },
+            {
+                "bi": "url-gate-php",
+                "hashes": [
+                    "341822381fec4eaec4d7735ccd63c250f7a93caab334cd6b44d3a7c7f623ef39"
+                ],
+                "mitre_attack_tags": [
+                    "TA0011",
+                    "T1071"
+                ]
+            },
+            {
+                "bi": "excessive-foreign-memory-modification",
+                "hashes": [
+                    "2c35fea69feeff1bd9031260d8c11a46473c82fb5be8cbe185eb486fb5f72c84"
+                ],
+                "mitre_attack_tags": [
+                    "TA0005",
+                    "T1055"
+                ]
+            },
+            {
+                "bi": "windows-crash-tool-execution-detected",
+                "hashes": [
+                    "2c35fea69feeff1bd9031260d8c11a46473c82fb5be8cbe185eb486fb5f72c84"
+                ],
+                "mitre_attack_tags": []
+            },
+            {
+                "bi": "crash-dump-file-created",
+                "hashes": [
+                    "2c35fea69feeff1bd9031260d8c11a46473c82fb5be8cbe185eb486fb5f72c84"
+                ],
+                "mitre_attack_tags": []
+            },
+            {
+                "bi": "fake-recycler-folder-creation",
+                "hashes": [
+                    "2c35fea69feeff1bd9031260d8c11a46473c82fb5be8cbe185eb486fb5f72c84"
+                ],
+                "mitre_attack_tags": [
+                    "TA0005",
+                    "T1036"
+                ]
+            },
+            {
+                "bi": "process-explorer-suspicious-launch",
+                "hashes": [
+                    "2c35fea69feeff1bd9031260d8c11a46473c82fb5be8cbe185eb486fb5f72c84"
+                ],
+                "mitre_attack_tags": [
+                    "TA0005",
+                    "T1055"
+                ]
+            },
+            {
+                "bi": "fault-report-file-created",
+                "hashes": [
+                    "2c35fea69feeff1bd9031260d8c11a46473c82fb5be8cbe185eb486fb5f72c84"
+                ],
+                "mitre_attack_tags": []
+            },
+            {
+                "bi": "pe-uses-armadillo",
+                "hashes": [
+                    "19f84524d2718c165108376091927e42b63e2c8da8c2f92a37ae4c9c8d9275da"
+                ],
+                "mitre_attack_tags": [
+                    "TA0005",
+                    "T1027"
+                ]
+            },
+            {
+                "bi": "sample-launched-copy-of-self",
+                "hashes": [
+                    "19f84524d2718c165108376091927e42b63e2c8da8c2f92a37ae4c9c8d9275da"
+                ],
+                "mitre_attack_tags": [
+                    "TA0005",
+                    "T1202"
+                ]
+            },
+            {
+                "bi": "sample-launched-copy-domain-flagged",
+                "hashes": [
+                    "19f84524d2718c165108376091927e42b63e2c8da8c2f92a37ae4c9c8d9275da"
+                ],
+                "mitre_attack_tags": [
+                    "TA0005",
+                    "T1102"
+                ]
+            },
+            {
+                "bi": "artifact-vm-detect",
+                "hashes": [
+                    "19f84524d2718c165108376091927e42b63e2c8da8c2f92a37ae4c9c8d9275da"
+                ],
+                "mitre_attack_tags": [
+                    "TA0005",
+                    "T1497"
+                ]
+            },
+            {
+                "bi": "unsigned-roaming-execution",
+                "hashes": [
+                    "19f84524d2718c165108376091927e42b63e2c8da8c2f92a37ae4c9c8d9275da"
+                ],
+                "mitre_attack_tags": [
+                    "TA0005"
+                ]
+            },
+            {
+                "bi": "artifact-memory-vm-detect",
+                "hashes": [
+                    "19f84524d2718c165108376091927e42b63e2c8da8c2f92a37ae4c9c8d9275da"
+                ],
+                "mitre_attack_tags": [
+                    "TA0005",
+                    "T1497"
+                ]
+            },
+            {
+                "bi": "windows-utility-downloaded-artifact",
+                "hashes": [
+                    "2b307f42f7cf30065cce12063b3bcb8803a1e19d4aa73792f440b0f80c91fcf3"
+                ],
+                "mitre_attack_tags": [
+                    "TA0011",
+                    "T1105"
+                ]
+            },
+            {
+                "bi": "artifact-flagged-anomaly",
+                "hashes": [
+                    "20edee9146f0772dac4efb13e92b9aa0c267c95ae509d751c8a991f0a95d0d2b"
+                ],
+                "mitre_attack_tags": [
+                    "TA0005",
+                    "T1027"
+                ]
+            },
+            {
+                "bi": "network-dns-category-parked-domain",
+                "hashes": [
+                    "20edee9146f0772dac4efb13e92b9aa0c267c95ae509d751c8a991f0a95d0d2b"
+                ],
+                "mitre_attack_tags": []
+            },
+            {
+                "bi": "suspicious-user-agent",
+                "hashes": [
+                    "20edee9146f0772dac4efb13e92b9aa0c267c95ae509d751c8a991f0a95d0d2b"
+                ],
+                "mitre_attack_tags": [
+                    "TA0011",
+                    "T1071"
+                ]
+            },
+            {
+                "bi": "listening-port-opened",
+                "hashes": [
+                    "20edee9146f0772dac4efb13e92b9aa0c267c95ae509d751c8a991f0a95d0d2b"
+                ],
+                "mitre_attack_tags": [
+                    "TA0011",
+                    "T1219"
+                ]
+            },
+            {
+                "bi": "artifact-windows-task",
+                "hashes": [
+                    "20edee9146f0772dac4efb13e92b9aa0c267c95ae509d751c8a991f0a95d0d2b"
+                ],
+                "mitre_attack_tags": [
+                    "TA0002",
+                    "TA0003",
+                    "T1053"
+                ]
+            },
+            {
+                "bi": "network-dns-category-proxy",
+                "hashes": [
+                    "20edee9146f0772dac4efb13e92b9aa0c267c95ae509d751c8a991f0a95d0d2b"
+                ],
+                "mitre_attack_tags": []
+            },
+            {
+                "bi": "modified-file-in-program-dir",
+                "hashes": [
+                    "20edee9146f0772dac4efb13e92b9aa0c267c95ae509d751c8a991f0a95d0d2b"
+                ],
+                "mitre_attack_tags": []
+            },
+            {
+                "bi": "file-ini-modified",
+                "hashes": [
+                    "20edee9146f0772dac4efb13e92b9aa0c267c95ae509d751c8a991f0a95d0d2b"
+                ],
+                "mitre_attack_tags": [
+                    "TA0003"
+                ]
+            },
+            {
+                "bi": "task-ran-using-system-account",
+                "hashes": [
+                    "20edee9146f0772dac4efb13e92b9aa0c267c95ae509d751c8a991f0a95d0d2b"
+                ],
+                "mitre_attack_tags": [
+                    "TA0002",
+                    "TA0003",
+                    "TA0004",
+                    "T1053"
+                ]
+            },
+            {
+                "bi": "command-deleted-shadow-copy",
+                "hashes": [
+                    "20edee9146f0772dac4efb13e92b9aa0c267c95ae509d751c8a991f0a95d0d2b"
+                ],
+                "mitre_attack_tags": [
+                    "TA0005",
+                    "T1490"
+                ]
+            },
+            {
+                "bi": "malware-generic-ransomware-entropy",
+                "hashes": [
+                    "20edee9146f0772dac4efb13e92b9aa0c267c95ae509d751c8a991f0a95d0d2b"
+                ],
+                "mitre_attack_tags": []
+            },
+            {
+                "bi": "malware-generic-ransomware-backup-del",
+                "hashes": [
+                    "20edee9146f0772dac4efb13e92b9aa0c267c95ae509d751c8a991f0a95d0d2b"
+                ],
+                "mitre_attack_tags": []
+            },
+            {
+                "bi": "feed-domain-ransomware",
+                "hashes": [
+                    "20edee9146f0772dac4efb13e92b9aa0c267c95ae509d751c8a991f0a95d0d2b"
+                ],
+                "mitre_attack_tags": []
+            },
+            {
+                "bi": "html-js-uses-window-open",
+                "hashes": [
+                    "20edee9146f0772dac4efb13e92b9aa0c267c95ae509d751c8a991f0a95d0d2b"
+                ],
+                "mitre_attack_tags": [
+                    "TA0001",
+                    "T1189"
+                ]
+            },
+            {
+                "bi": "js-contains-massive-strings",
+                "hashes": [
+                    "20edee9146f0772dac4efb13e92b9aa0c267c95ae509d751c8a991f0a95d0d2b"
+                ],
+                "mitre_attack_tags": [
+                    "TA0005",
+                    "T1027"
+                ]
+            },
+            {
+                "bi": "malware-generic-ransomware",
+                "hashes": [
+                    "20edee9146f0772dac4efb13e92b9aa0c267c95ae509d751c8a991f0a95d0d2b"
+                ],
+                "mitre_attack_tags": []
+            },
+            {
+                "bi": "network-communications-tor",
+                "hashes": [
+                    "20edee9146f0772dac4efb13e92b9aa0c267c95ae509d751c8a991f0a95d0d2b"
+                ],
+                "mitre_attack_tags": [
+                    "TA0011",
+                    "T1079",
+                    "T1188"
+                ]
+            },
+            {
+                "bi": "malware-ransomware-ctb-locker",
+                "hashes": [
+                    "20edee9146f0772dac4efb13e92b9aa0c267c95ae509d751c8a991f0a95d0d2b"
+                ],
+                "mitre_attack_tags": []
+            }
+        ],
+        "category": "Trojan",
+        "coverage": {
+            "AMP": true,
+            "CWS": true,
+            "Cloudlock": false,
+            "Email Security": true,
+            "Network Security": true,
+            "Threat Grid": true,
+            "Umbrella": true,
+            "WSA": true
+        },
+        "description": "Mikey is a trojan that installs itself on the system, collects information and communicates with a C2 server, potentially exfiltrating sensitive information. This threats can also receive additional commands and perform other malicious actions on the system such as installing additional malware upon request.",
+        "hashes": [
+            "01bc3645259d6553ae26142e215713d74a4ab9b72ce70a0e407ef0b0c24f3a78",
+            "049c2426192d0e9d1fc2db3ebd48e07166dab4e0c840b22d0f45ede076f61389",
+            "0d8f3110fbd771989644939a3b0fcff866870ff88c05df7ee5a1235e4c4749f8",
+            "0f07c570d967fdd014a1990c6b0bddaa8d0e096841faa93f3afdc1f55779d868",
+            "1627c2372a603ac231a8709998ab1bf1096dea2e014cadd145afcf1dc550337e",
+            "1930371eb1a0cec8e5b7311f5476053304cff52572d3304cb71044159d7711ed",
+            "19b2f654cd22a980242d96f861693c1a0d838df3d3627fb5247edf615badedea",
+            "19f84524d2718c165108376091927e42b63e2c8da8c2f92a37ae4c9c8d9275da",
+            "1be801bcfc361a65283c4e8d07d2217d35a5ba9d356496a6c4f87043fc356f58",
+            "20edee9146f0772dac4efb13e92b9aa0c267c95ae509d751c8a991f0a95d0d2b",
+            "21eb0a07f6cbdaa846bc90ada59c653873674d1c417e86bad60619f28ce86102",
+            "22ff13fa4513f554f10b6a38ee3f642cb2996788e4c6c4cfbed2962118ef73fd",
+            "2b307f42f7cf30065cce12063b3bcb8803a1e19d4aa73792f440b0f80c91fcf3",
+            "2c35fea69feeff1bd9031260d8c11a46473c82fb5be8cbe185eb486fb5f72c84",
+            "2c45116ab57056f76d28d7a8929f1033bfdaaaaf2bf4a443ff150d75ae2b6013",
+            "31eeee772b983f6553c1721920e8a9c4ffd4f9c9197ab8161d278347ac538f0a",
+            "341822381fec4eaec4d7735ccd63c250f7a93caab334cd6b44d3a7c7f623ef39",
+            "346a4804c4c61e3573b96fbfc1c3912087f2f68c01e4d50ba24e1e80c3aad02f",
+            "378819dbd951424471777f89811e16d58010b1161254b4b74bdf487861e5a5f7",
+            "37dae85fa1f091a9c4270b77c628f46f559a8ed9d7a8302278ed348fbfa9fec0",
+            "3bd0b289aa4a812494c325fe9364eacbc1e800e312d9048db9bc48c49ced3523",
+            "3d7043f6f4bd7a68f0829df9bacf696dc7e9ea36f5642a35efc197b98612f0e5",
+            "44a965a9c0f214704c2cd8c993ed701347e0fcd81132d4ee7085b22fe5031d48",
+            "46d1fa84a261bf0f281f59544a2d5175091c2a672864ed93301558cd80b82b3f",
+            "4c044cec574a1b83c341b25e2b3febec0955e3d8163f3ecd3c3ccfff800f0608",
+            "4c397965def4df7897e68d1ce762d2e02b080d89e068752d37b70c91aea58cea",
+            "52c0ba53e01fd69d9ae140cf37b361c778cbf4723e12d57b7df9e41f61c927b7",
+            "55a1eded6acb9e55ee143b77df938ed4e6cc3ed8574ffa50d248374221e76ef9",
+            "568a37db692d1e9f015fe640e2cc6bd5188705fd4f94e0ad2b6e3e9c068d2d5a",
+            "631adefa8ebcb6f0e8f0189b47c041dab7fc8ae1f12a1e896e40c6da714e585c",
+            "63fda55e63bf5edd39706c2a96fc85130f8d34e8000cd3d63d9c84ae7eea551e",
+            "66d77bed46642eb9bb7ac96ea3ed48e650293cf7b8e2edee7f31a59eaafa370f",
+            "6b20b478b7f26138a5c46786cf866bd3001435ec87e64a6772b75ac5c91e14f8",
+            "6b3169daadd2d52c674794c66c0170dff7a7c1d8d2e716511c80ceba428a15d2",
+            "6b6abf2811b5016b4fc4f9f2c6dc608088faef61ca138a67dddb4d32097d1a24",
+            "6c2cb620ae462499cb5e59d53723c684925718bfc3bbec659e307201c6cd0935",
+            "7479ba884a2998019d546453ce23f77bafa6394c1147808aa94184d3e290535b",
+            "76640f4811f85f98de27354e81855fc2ef940bec413e9d0e9cd627f2ae26af87",
+            "7a1b542fc68238cbac3e93424d1e97e33ba24c6c6234d8179fafbd2e800c1694",
+            "7b56b22a25a5af33c0cdb30320c4d32e1816c0cd9f0ba9c881595cce2448727c",
+            "7b9210357c3b0eb159f3cd54a8170ad3571f98bbc97fdbba8d9db652d27db000",
+            "7c7c582ce7bbd8f1d3e6c6d0527b1177eef07e9565541f253a774fb3f0dddb2d",
+            "824154245416bd167a5b2b9c2e3345185434743976f983c881502590b959da2f",
+            "8663f70c11b52d3fe0d7ca7bf703ae6224f363e3f4c41e898d3db63537c500aa",
+            "874760bbc316b12098de4683a5fb691655e6eb85f81a3b0deaa79b35f9c87ae3",
+            "8acf2147344ce830ccb78cdbfdfb1fafc63041806800a435610c2d3cd1f6508a",
+            "8c3d54f5b451b52f072fc514f57017b1ed2033d896300e6d8abd1063b0d070a7",
+            "90943ab6d847695836961498aed2552d9469a1397e3106beb326b037f1812c4c",
+            "99ce0fe8d7f57532685d8dcd60fc8ffcdd06a0353e9892ba42d32060fb399160",
+            "a37b732b69a5603a76636b16da5f2728c6b888d09599127863774fa6fcd990bf",
+            "a777ab5e9552e593b128e65f051c0ac18614eb8ab285deb9950f58ab91099023",
+            "a9cda5d034deac962c85eb092a21ba5dc1127612218d9bc6cc7d6f95220e30a0",
+            "ad40d945da5ae0f56cdce2b942d04b24424c3c59b0bb1a1df2e93de952f96d59",
+            "affa7053b5990a106cb313dadc33de50dd8448bd683973b16c561c31d353d101",
+            "b5681dd1261e6aaaa08f0fce54b4df414773f4bec0badac5605e167e8cd23e52",
+            "ba7d6c78533ccaf1fc7a0fd48a9e9c8f02b127cd800864a7c34a10d470320b01",
+            "c6e34427ce0ce3141e4b1a67f27d4803e50d5e8645bd6f65cc4c6df897f8a64c",
+            "c816a718eb2daebcaff4de87ff8e0e2f070cb91dc36afbc5aeeba9f009cb5aa8",
+            "c980f4f7feb810e747de84eaae7c94b708df87797d29509eeea5cb877b6b3a3c",
+            "dacfe3a0638415f33548b39be4fe9ec86c724ea32fb76a45e28a74ce508f93a3",
+            "df0790cea76cfd3cd22673b2321ef76d7ff39e94b14963a5f134eaab5f82cc93",
+            "e54c5a87c8c572defc415d4ebf15384f80a5c5711f7c4bd95b37154cffc03740",
+            "ea265bdae08481159e35d93cb126f6b198327ebf4a10a6ebbe2fdecdd97d3437",
+            "ea3b81dc922eb33fea5e18fc86124851a731136925be0eca79f295524cfe46e9",
+            "f0d66a69aa5351aa992b5ac5b20553906238029280dc56759f79c40488f04840",
+            "f2e5acff860faff7cb5af56cd01dc1dac7442312a3a441211827d2ccf99497d6",
+            "f391ba07f6cacdc2232ffcc2e7e103c0df6725504af796a969d66f20b4a90ff4",
+            "f749054c44aaa09a2afcf4c19fca389493f149ada5920bc0745de9b94fd8e2cb",
+            "fe909cf9e558ad24255402e5b9e1f16efe8f2daa2de49077012cc0199592d230"
+        ],
+        "iocs": {
+            "domain": [
+                {
+                    "hashes": [
+                        "01bc3645259d6553ae26142e215713d74a4ab9b72ce70a0e407ef0b0c24f3a78",
+                        "049c2426192d0e9d1fc2db3ebd48e07166dab4e0c840b22d0f45ede076f61389",
+                        "1930371eb1a0cec8e5b7311f5476053304cff52572d3304cb71044159d7711ed",
+                        "22ff13fa4513f554f10b6a38ee3f642cb2996788e4c6c4cfbed2962118ef73fd",
+                        "341822381fec4eaec4d7735ccd63c250f7a93caab334cd6b44d3a7c7f623ef39",
+                        "37dae85fa1f091a9c4270b77c628f46f559a8ed9d7a8302278ed348fbfa9fec0",
+                        "3bd0b289aa4a812494c325fe9364eacbc1e800e312d9048db9bc48c49ced3523",
+                        "44a965a9c0f214704c2cd8c993ed701347e0fcd81132d4ee7085b22fe5031d48"
+                    ],
+                    "host": "europe[.]pool[.]ntp[.]org"
+                },
+                {
+                    "hashes": [
+                        "049c2426192d0e9d1fc2db3ebd48e07166dab4e0c840b22d0f45ede076f61389",
+                        "1930371eb1a0cec8e5b7311f5476053304cff52572d3304cb71044159d7711ed",
+                        "19f84524d2718c165108376091927e42b63e2c8da8c2f92a37ae4c9c8d9275da",
+                        "22ff13fa4513f554f10b6a38ee3f642cb2996788e4c6c4cfbed2962118ef73fd",
+                        "37dae85fa1f091a9c4270b77c628f46f559a8ed9d7a8302278ed348fbfa9fec0",
+                        "3bd0b289aa4a812494c325fe9364eacbc1e800e312d9048db9bc48c49ced3523",
+                        "44a965a9c0f214704c2cd8c993ed701347e0fcd81132d4ee7085b22fe5031d48"
+                    ],
+                    "host": "bestbrightday[.]ru"
+                },
+                {
+                    "hashes": [
+                        "049c2426192d0e9d1fc2db3ebd48e07166dab4e0c840b22d0f45ede076f61389",
+                        "1930371eb1a0cec8e5b7311f5476053304cff52572d3304cb71044159d7711ed",
+                        "19f84524d2718c165108376091927e42b63e2c8da8c2f92a37ae4c9c8d9275da",
+                        "22ff13fa4513f554f10b6a38ee3f642cb2996788e4c6c4cfbed2962118ef73fd",
+                        "37dae85fa1f091a9c4270b77c628f46f559a8ed9d7a8302278ed348fbfa9fec0",
+                        "3bd0b289aa4a812494c325fe9364eacbc1e800e312d9048db9bc48c49ced3523",
+                        "44a965a9c0f214704c2cd8c993ed701347e0fcd81132d4ee7085b22fe5031d48"
+                    ],
+                    "host": "connect-support-server[.]ru"
+                },
+                {
+                    "hashes": [
+                        "049c2426192d0e9d1fc2db3ebd48e07166dab4e0c840b22d0f45ede076f61389",
+                        "1930371eb1a0cec8e5b7311f5476053304cff52572d3304cb71044159d7711ed",
+                        "22ff13fa4513f554f10b6a38ee3f642cb2996788e4c6c4cfbed2962118ef73fd",
+                        "37dae85fa1f091a9c4270b77c628f46f559a8ed9d7a8302278ed348fbfa9fec0",
+                        "3bd0b289aa4a812494c325fe9364eacbc1e800e312d9048db9bc48c49ced3523",
+                        "44a965a9c0f214704c2cd8c993ed701347e0fcd81132d4ee7085b22fe5031d48"
+                    ],
+                    "host": "connect-s3892[.]ru"
+                },
+                {
+                    "hashes": [
+                        "01bc3645259d6553ae26142e215713d74a4ab9b72ce70a0e407ef0b0c24f3a78",
+                        "341822381fec4eaec4d7735ccd63c250f7a93caab334cd6b44d3a7c7f623ef39"
+                    ],
+                    "host": "www[.]update[.]microsoft[.]com[.]nsatc[.]net"
+                },
+                {
+                    "hashes": [
+                        "2b307f42f7cf30065cce12063b3bcb8803a1e19d4aa73792f440b0f80c91fcf3",
+                        "4c044cec574a1b83c341b25e2b3febec0955e3d8163f3ecd3c3ccfff800f0608"
+                    ],
+                    "host": "constitution[.]org"
+                },
+                {
+                    "hashes": [
+                        "2b307f42f7cf30065cce12063b3bcb8803a1e19d4aa73792f440b0f80c91fcf3",
+                        "4c044cec574a1b83c341b25e2b3febec0955e3d8163f3ecd3c3ccfff800f0608"
+                    ],
+                    "host": "whenconsentcombexperhis[.]ru"
+                },
+                {
+                    "hashes": [
+                        "20edee9146f0772dac4efb13e92b9aa0c267c95ae509d751c8a991f0a95d0d2b"
+                    ],
+                    "host": "www[.]mydomaincontact[.]com"
+                },
+                {
+                    "hashes": [
+                        "20edee9146f0772dac4efb13e92b9aa0c267c95ae509d751c8a991f0a95d0d2b"
+                    ],
+                    "host": "www[.]torproject[.]org"
+                },
+                {
+                    "hashes": [
+                        "20edee9146f0772dac4efb13e92b9aa0c267c95ae509d751c8a991f0a95d0d2b"
+                    ],
+                    "host": "ip[.]telize[.]com"
+                },
+                {
+                    "hashes": [
+                        "20edee9146f0772dac4efb13e92b9aa0c267c95ae509d751c8a991f0a95d0d2b"
+                    ],
+                    "host": "pf5dahldauhrjxfd[.]onion"
+                },
+                {
+                    "hashes": [
+                        "20edee9146f0772dac4efb13e92b9aa0c267c95ae509d751c8a991f0a95d0d2b"
+                    ],
+                    "host": "pf5dahldauhrjxfd[.]tor2web[.]org"
+                },
+                {
+                    "hashes": [
+                        "20edee9146f0772dac4efb13e92b9aa0c267c95ae509d751c8a991f0a95d0d2b"
+                    ],
+                    "host": "pf5dahldauhrjxfd[.]onion[.]cab"
+                },
+                {
+                    "hashes": [
+                        "341822381fec4eaec4d7735ccd63c250f7a93caab334cd6b44d3a7c7f623ef39"
+                    ],
+                    "host": "and4[.]junglebeariwtc1[.]com"
+                },
+                {
+                    "hashes": [
+                        "19f84524d2718c165108376091927e42b63e2c8da8c2f92a37ae4c9c8d9275da"
+                    ],
+                    "host": "paranormal-online-kino[.]ru"
+                },
+                {
+                    "hashes": [
+                        "01bc3645259d6553ae26142e215713d74a4ab9b72ce70a0e407ef0b0c24f3a78"
+                    ],
+                    "host": "pas2joux[.]info"
+                },
+                {
+                    "hashes": [
+                        "20edee9146f0772dac4efb13e92b9aa0c267c95ae509d751c8a991f0a95d0d2b"
+                    ],
+                    "host": "vgqisyuzmsa7cenq[.]onion[.]cab"
+                },
+                {
+                    "hashes": [
+                        "20edee9146f0772dac4efb13e92b9aa0c267c95ae509d751c8a991f0a95d0d2b"
+                    ],
+                    "host": "vgqisyuzmsa7cenq[.]onion[.]lt"
+                }
+            ],
+            "file": [
+                {
+                    "hashes": [
+                        "0d8f3110fbd771989644939a3b0fcff866870ff88c05df7ee5a1235e4c4749f8",
+                        "0f07c570d967fdd014a1990c6b0bddaa8d0e096841faa93f3afdc1f55779d868",
+                        "1627c2372a603ac231a8709998ab1bf1096dea2e014cadd145afcf1dc550337e",
+                        "1be801bcfc361a65283c4e8d07d2217d35a5ba9d356496a6c4f87043fc356f58",
+                        "21eb0a07f6cbdaa846bc90ada59c653873674d1c417e86bad60619f28ce86102",
+                        "2c45116ab57056f76d28d7a8929f1033bfdaaaaf2bf4a443ff150d75ae2b6013",
+                        "31eeee772b983f6553c1721920e8a9c4ffd4f9c9197ab8161d278347ac538f0a",
+                        "346a4804c4c61e3573b96fbfc1c3912087f2f68c01e4d50ba24e1e80c3aad02f",
+                        "378819dbd951424471777f89811e16d58010b1161254b4b74bdf487861e5a5f7",
+                        "3d7043f6f4bd7a68f0829df9bacf696dc7e9ea36f5642a35efc197b98612f0e5",
+                        "46d1fa84a261bf0f281f59544a2d5175091c2a672864ed93301558cd80b82b3f"
+                    ],
+                    "path": "\\$Recycle.bin\\S-1-5-21-2580483871-590521980-3826313501-500\\$ast-S-1-5-21-2580483871-590521980-3826313501-500"
+                },
+                {
+                    "hashes": [
+                        "0d8f3110fbd771989644939a3b0fcff866870ff88c05df7ee5a1235e4c4749f8",
+                        "0f07c570d967fdd014a1990c6b0bddaa8d0e096841faa93f3afdc1f55779d868",
+                        "1627c2372a603ac231a8709998ab1bf1096dea2e014cadd145afcf1dc550337e",
+                        "1be801bcfc361a65283c4e8d07d2217d35a5ba9d356496a6c4f87043fc356f58",
+                        "21eb0a07f6cbdaa846bc90ada59c653873674d1c417e86bad60619f28ce86102",
+                        "2b307f42f7cf30065cce12063b3bcb8803a1e19d4aa73792f440b0f80c91fcf3",
+                        "2c45116ab57056f76d28d7a8929f1033bfdaaaaf2bf4a443ff150d75ae2b6013",
+                        "346a4804c4c61e3573b96fbfc1c3912087f2f68c01e4d50ba24e1e80c3aad02f",
+                        "4c044cec574a1b83c341b25e2b3febec0955e3d8163f3ecd3c3ccfff800f0608"
+                    ],
+                    "path": "%TEMP%\\WPDNSE"
+                },
+                {
+                    "hashes": [
+                        "01bc3645259d6553ae26142e215713d74a4ab9b72ce70a0e407ef0b0c24f3a78",
+                        "049c2426192d0e9d1fc2db3ebd48e07166dab4e0c840b22d0f45ede076f61389",
+                        "1930371eb1a0cec8e5b7311f5476053304cff52572d3304cb71044159d7711ed",
+                        "22ff13fa4513f554f10b6a38ee3f642cb2996788e4c6c4cfbed2962118ef73fd",
+                        "341822381fec4eaec4d7735ccd63c250f7a93caab334cd6b44d3a7c7f623ef39",
+                        "37dae85fa1f091a9c4270b77c628f46f559a8ed9d7a8302278ed348fbfa9fec0",
+                        "3bd0b289aa4a812494c325fe9364eacbc1e800e312d9048db9bc48c49ced3523",
+                        "44a965a9c0f214704c2cd8c993ed701347e0fcd81132d4ee7085b22fe5031d48"
+                    ],
+                    "path": "%ProgramData%\\msodtyzm.exe"
+                },
+                {
+                    "hashes": [
+                        "01bc3645259d6553ae26142e215713d74a4ab9b72ce70a0e407ef0b0c24f3a78",
+                        "049c2426192d0e9d1fc2db3ebd48e07166dab4e0c840b22d0f45ede076f61389",
+                        "1930371eb1a0cec8e5b7311f5476053304cff52572d3304cb71044159d7711ed",
+                        "22ff13fa4513f554f10b6a38ee3f642cb2996788e4c6c4cfbed2962118ef73fd",
+                        "341822381fec4eaec4d7735ccd63c250f7a93caab334cd6b44d3a7c7f623ef39",
+                        "37dae85fa1f091a9c4270b77c628f46f559a8ed9d7a8302278ed348fbfa9fec0",
+                        "3bd0b289aa4a812494c325fe9364eacbc1e800e312d9048db9bc48c49ced3523",
+                        "44a965a9c0f214704c2cd8c993ed701347e0fcd81132d4ee7085b22fe5031d48"
+                    ],
+                    "path": "%ProgramData%\\~"
+                },
+                {
+                    "hashes": [
+                        "0d8f3110fbd771989644939a3b0fcff866870ff88c05df7ee5a1235e4c4749f8",
+                        "0f07c570d967fdd014a1990c6b0bddaa8d0e096841faa93f3afdc1f55779d868",
+                        "1627c2372a603ac231a8709998ab1bf1096dea2e014cadd145afcf1dc550337e",
+                        "1be801bcfc361a65283c4e8d07d2217d35a5ba9d356496a6c4f87043fc356f58",
+                        "21eb0a07f6cbdaa846bc90ada59c653873674d1c417e86bad60619f28ce86102",
+                        "2c45116ab57056f76d28d7a8929f1033bfdaaaaf2bf4a443ff150d75ae2b6013",
+                        "346a4804c4c61e3573b96fbfc1c3912087f2f68c01e4d50ba24e1e80c3aad02f"
+                    ],
+                    "path": "%APPDATA%\\Microsoft\\Windows\\IEUpdate"
+                },
+                {
+                    "hashes": [
+                        "01bc3645259d6553ae26142e215713d74a4ab9b72ce70a0e407ef0b0c24f3a78",
+                        "049c2426192d0e9d1fc2db3ebd48e07166dab4e0c840b22d0f45ede076f61389",
+                        "22ff13fa4513f554f10b6a38ee3f642cb2996788e4c6c4cfbed2962118ef73fd",
+                        "341822381fec4eaec4d7735ccd63c250f7a93caab334cd6b44d3a7c7f623ef39",
+                        "37dae85fa1f091a9c4270b77c628f46f559a8ed9d7a8302278ed348fbfa9fec0"
+                    ],
+                    "path": "\\Documents and Settings\\All Users\\mslkrru.exe"
+                },
+                {
+                    "hashes": [
+                        "2b307f42f7cf30065cce12063b3bcb8803a1e19d4aa73792f440b0f80c91fcf3",
+                        "4c044cec574a1b83c341b25e2b3febec0955e3d8163f3ecd3c3ccfff800f0608"
+                    ],
+                    "path": "%APPDATA%\\Mozilla\\Firefox\\Profiles\\1lcuq8ab.default\\prefs.js"
+                },
+                {
+                    "hashes": [
+                        "2b307f42f7cf30065cce12063b3bcb8803a1e19d4aa73792f440b0f80c91fcf3",
+                        "4c044cec574a1b83c341b25e2b3febec0955e3d8163f3ecd3c3ccfff800f0608"
+                    ],
+                    "path": "%LOCALAPPDATA%\\Microsoft\\Windows\\WER\\ERC\\statecache.lock"
+                },
+                {
+                    "hashes": [
+                        "2b307f42f7cf30065cce12063b3bcb8803a1e19d4aa73792f440b0f80c91fcf3",
+                        "4c044cec574a1b83c341b25e2b3febec0955e3d8163f3ecd3c3ccfff800f0608"
+                    ],
+                    "path": "\\{7BFF4B7E-9EEE-6505-80DF-B269B48306AD}"
+                },
+                {
+                    "hashes": [
+                        "2b307f42f7cf30065cce12063b3bcb8803a1e19d4aa73792f440b0f80c91fcf3",
+                        "4c044cec574a1b83c341b25e2b3febec0955e3d8163f3ecd3c3ccfff800f0608"
+                    ],
+                    "path": "%APPDATA%\\d3d8dmrc.exe"
+                },
+                {
+                    "hashes": [
+                        "20edee9146f0772dac4efb13e92b9aa0c267c95ae509d751c8a991f0a95d0d2b"
+                    ],
+                    "path": "%ProgramData%\\Package Cache\\dgrughe"
+                },
+                {
+                    "hashes": [
+                        "20edee9146f0772dac4efb13e92b9aa0c267c95ae509d751c8a991f0a95d0d2b"
+                    ],
+                    "path": "%System32%\\Tasks\\aonxqbj"
+                },
+                {
+                    "hashes": [
+                        "20edee9146f0772dac4efb13e92b9aa0c267c95ae509d751c8a991f0a95d0d2b"
+                    ],
+                    "path": "%TEMP%\\tjumvad.exe"
+                },
+                {
+                    "hashes": [
+                        "20edee9146f0772dac4efb13e92b9aa0c267c95ae509d751c8a991f0a95d0d2b"
+                    ],
+                    "path": "\\$RECYCLE.BIN\\S-1-5-18\\desktop.ini"
+                },
+                {
+                    "hashes": [
+                        "20edee9146f0772dac4efb13e92b9aa0c267c95ae509d751c8a991f0a95d0d2b"
+                    ],
+                    "path": "%ProgramData%\\whaadba.html"
+                },
+                {
+                    "hashes": [
+                        "0d8f3110fbd771989644939a3b0fcff866870ff88c05df7ee5a1235e4c4749f8"
+                    ],
+                    "path": "\\$Recycle.bin\\S-1-5-21-2580483871-590521980-3826313501-500\\$ast-S-1-5-21-2580483871-590521980-3826313501-500\\05_eG_0WhYkjdCUdP8GzNoBh.dat"
+                },
+                {
+                    "hashes": [
+                        "0d8f3110fbd771989644939a3b0fcff866870ff88c05df7ee5a1235e4c4749f8"
+                    ],
+                    "path": "\\$Recycle.bin\\S-1-5-21-2580483871-590521980-3826313501-500\\$ast-S-1-5-21-2580483871-590521980-3826313501-500\\y6WGtFCIB8cuv0c2LfcldnkNh4T.dat"
+                },
+                {
+                    "hashes": [
+                        "0d8f3110fbd771989644939a3b0fcff866870ff88c05df7ee5a1235e4c4749f8"
+                    ],
+                    "path": "%APPDATA%\\Microsoft\\Windows\\IEUpdate\\PushPrinterConnections.exe"
+                },
+                {
+                    "hashes": [
+                        "0f07c570d967fdd014a1990c6b0bddaa8d0e096841faa93f3afdc1f55779d868"
+                    ],
+                    "path": "\\$Recycle.bin\\S-1-5-21-2580483871-590521980-3826313501-500\\$ast-S-1-5-21-2580483871-590521980-3826313501-500\\5lRsecBUKS5d_lxgOkp.dat"
+                },
+                {
+                    "hashes": [
+                        "0f07c570d967fdd014a1990c6b0bddaa8d0e096841faa93f3afdc1f55779d868"
+                    ],
+                    "path": "\\$Recycle.bin\\S-1-5-21-2580483871-590521980-3826313501-500\\$ast-S-1-5-21-2580483871-590521980-3826313501-500\\P1WLRm-Nyrsk-oY7ZZ5LTiSf.dat"
+                },
+                {
+                    "hashes": [
+                        "0f07c570d967fdd014a1990c6b0bddaa8d0e096841faa93f3afdc1f55779d868"
+                    ],
+                    "path": "%APPDATA%\\Microsoft\\Windows\\IEUpdate\\hh.exe"
+                },
+                {
+                    "hashes": [
+                        "1627c2372a603ac231a8709998ab1bf1096dea2e014cadd145afcf1dc550337e"
+                    ],
+                    "path": "\\$Recycle.bin\\S-1-5-21-2580483871-590521980-3826313501-500\\$ast-S-1-5-21-2580483871-590521980-3826313501-500\\io9wBnnpx0TXElfGtTLc.dat"
+                },
+                {
+                    "hashes": [
+                        "1627c2372a603ac231a8709998ab1bf1096dea2e014cadd145afcf1dc550337e"
+                    ],
+                    "path": "\\$Recycle.bin\\S-1-5-21-2580483871-590521980-3826313501-500\\$ast-S-1-5-21-2580483871-590521980-3826313501-500\\s0XKgwBjkZNTR38M6Rh.dat"
+                },
+                {
+                    "hashes": [
+                        "1627c2372a603ac231a8709998ab1bf1096dea2e014cadd145afcf1dc550337e"
+                    ],
+                    "path": "%APPDATA%\\Microsoft\\Windows\\IEUpdate\\label.exe"
+                },
+                {
+                    "hashes": [
+                        "19f84524d2718c165108376091927e42b63e2c8da8c2f92a37ae4c9c8d9275da"
+                    ],
+                    "path": "%APPDATA%\\UVJlWVxU\\write.exe"
+                },
+                {
+                    "hashes": [
+                        "1be801bcfc361a65283c4e8d07d2217d35a5ba9d356496a6c4f87043fc356f58"
+                    ],
+                    "path": "\\$Recycle.bin\\S-1-5-21-2580483871-590521980-3826313501-500\\$ast-S-1-5-21-2580483871-590521980-3826313501-500\\4EUFp32cjHlXrI3ahr535_g.dat"
+                },
+                {
+                    "hashes": [
+                        "1be801bcfc361a65283c4e8d07d2217d35a5ba9d356496a6c4f87043fc356f58"
+                    ],
+                    "path": "\\$Recycle.bin\\S-1-5-21-2580483871-590521980-3826313501-500\\$ast-S-1-5-21-2580483871-590521980-3826313501-500\\GYgCMy08rEblS8NJKhWJzh.dat"
+                },
+                {
+                    "hashes": [
+                        "1be801bcfc361a65283c4e8d07d2217d35a5ba9d356496a6c4f87043fc356f58"
+                    ],
+                    "path": "%APPDATA%\\Microsoft\\Windows\\IEUpdate\\verifier.exe"
+                },
+                {
+                    "hashes": [
+                        "20edee9146f0772dac4efb13e92b9aa0c267c95ae509d751c8a991f0a95d0d2b"
+                    ],
+                    "path": "%HOMEPATH%\\Documents\\!Decrypt-All-Files-qfrkhla.bmp"
+                },
+                {
+                    "hashes": [
+                        "20edee9146f0772dac4efb13e92b9aa0c267c95ae509d751c8a991f0a95d0d2b"
+                    ],
+                    "path": "%HOMEPATH%\\Documents\\!Decrypt-All-Files-qfrkhla.txt"
+                },
+                {
+                    "hashes": [
+                        "20edee9146f0772dac4efb13e92b9aa0c267c95ae509d751c8a991f0a95d0d2b"
+                    ],
+                    "path": "%System32%\\config\\systemprofile\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\MSHist012020052820200529\\container.dat"
+                },
+                {
+                    "hashes": [
+                        "20edee9146f0772dac4efb13e92b9aa0c267c95ae509d751c8a991f0a95d0d2b"
+                    ],
+                    "path": "%ProgramFiles(x86)%\\Microsoft Office\\CLIPART\\PUB60COR\\!Decrypt-All-Files-qfrkhla.bmp"
+                },
+                {
+                    "hashes": [
+                        "20edee9146f0772dac4efb13e92b9aa0c267c95ae509d751c8a991f0a95d0d2b"
+                    ],
+                    "path": "%ProgramFiles(x86)%\\Microsoft Office\\CLIPART\\PUB60COR\\!Decrypt-All-Files-qfrkhla.txt"
+                },
+                {
+                    "hashes": [
+                        "20edee9146f0772dac4efb13e92b9aa0c267c95ae509d751c8a991f0a95d0d2b"
+                    ],
+                    "path": "%APPDATA%\\Microsoft\\Windows\\Cookies\\!Decrypt-All-Files-qfrkhla.bmp"
+                },
+                {
+                    "hashes": [
+                        "20edee9146f0772dac4efb13e92b9aa0c267c95ae509d751c8a991f0a95d0d2b"
+                    ],
+                    "path": "%APPDATA%\\Microsoft\\Windows\\Cookies\\!Decrypt-All-Files-qfrkhla.txt"
+                },
+                {
+                    "hashes": [
+                        "21eb0a07f6cbdaa846bc90ada59c653873674d1c417e86bad60619f28ce86102"
+                    ],
+                    "path": "\\$Recycle.bin\\S-1-5-21-2580483871-590521980-3826313501-500\\$ast-S-1-5-21-2580483871-590521980-3826313501-500\\5bCJVbTlP8drop_y7Nrbhgwi7g.dat"
+                },
+                {
+                    "hashes": [
+                        "21eb0a07f6cbdaa846bc90ada59c653873674d1c417e86bad60619f28ce86102"
+                    ],
+                    "path": "\\$Recycle.bin\\S-1-5-21-2580483871-590521980-3826313501-500\\$ast-S-1-5-21-2580483871-590521980-3826313501-500\\UGQYzaAAolzNogviyW83.dat"
+                },
+                {
+                    "hashes": [
+                        "21eb0a07f6cbdaa846bc90ada59c653873674d1c417e86bad60619f28ce86102"
+                    ],
+                    "path": "%APPDATA%\\Microsoft\\Windows\\IEUpdate\\cliconfg.exe"
+                },
+                {
+                    "hashes": [
+                        "2b307f42f7cf30065cce12063b3bcb8803a1e19d4aa73792f440b0f80c91fcf3"
+                    ],
+                    "path": "%TEMP%\\BDB8.bin"
+                },
+                {
+                    "hashes": [
+                        "2b307f42f7cf30065cce12063b3bcb8803a1e19d4aa73792f440b0f80c91fcf3"
+                    ],
+                    "path": "%TEMP%\\D6CC.bat"
+                },
+                {
+                    "hashes": [
+                        "2c45116ab57056f76d28d7a8929f1033bfdaaaaf2bf4a443ff150d75ae2b6013"
+                    ],
+                    "path": "\\$Recycle.bin\\S-1-5-21-2580483871-590521980-3826313501-500\\$ast-S-1-5-21-2580483871-590521980-3826313501-500\\KJx7-j33FQ5ZAgdNMO_v_JDA0HLd.dat"
+                },
+                {
+                    "hashes": [
+                        "2c45116ab57056f76d28d7a8929f1033bfdaaaaf2bf4a443ff150d75ae2b6013"
+                    ],
+                    "path": "\\$Recycle.bin\\S-1-5-21-2580483871-590521980-3826313501-500\\$ast-S-1-5-21-2580483871-590521980-3826313501-500\\RslRFsPiM5FvRqLN9.dat"
+                },
+                {
+                    "hashes": [
+                        "2c45116ab57056f76d28d7a8929f1033bfdaaaaf2bf4a443ff150d75ae2b6013"
+                    ],
+                    "path": "%APPDATA%\\Microsoft\\Windows\\IEUpdate\\DevicePairingWizard.exe"
+                },
+                {
+                    "hashes": [
+                        "346a4804c4c61e3573b96fbfc1c3912087f2f68c01e4d50ba24e1e80c3aad02f"
+                    ],
+                    "path": "\\$Recycle.bin\\S-1-5-21-2580483871-590521980-3826313501-500\\$ast-S-1-5-21-2580483871-590521980-3826313501-500\\d7psQDWs3eVKE83MLjcX18eY.dat"
+                },
+                {
+                    "hashes": [
+                        "346a4804c4c61e3573b96fbfc1c3912087f2f68c01e4d50ba24e1e80c3aad02f"
+                    ],
+                    "path": "\\$Recycle.bin\\S-1-5-21-2580483871-590521980-3826313501-500\\$ast-S-1-5-21-2580483871-590521980-3826313501-500\\pxI5KiZDiEjWFSQ.dat"
+                },
+                {
+                    "hashes": [
+                        "346a4804c4c61e3573b96fbfc1c3912087f2f68c01e4d50ba24e1e80c3aad02f"
+                    ],
+                    "path": "%APPDATA%\\Microsoft\\Windows\\IEUpdate\\systeminfo.exe"
+                },
+                {
+                    "hashes": [
+                        "4c044cec574a1b83c341b25e2b3febec0955e3d8163f3ecd3c3ccfff800f0608"
+                    ],
+                    "path": "%TEMP%\\B07F.bin"
+                },
+                {
+                    "hashes": [
+                        "4c044cec574a1b83c341b25e2b3febec0955e3d8163f3ecd3c3ccfff800f0608"
+                    ],
+                    "path": "%TEMP%\\C8B8.bat"
+                },
+                {
+                    "hashes": [
+                        "2b307f42f7cf30065cce12063b3bcb8803a1e19d4aa73792f440b0f80c91fcf3"
+                    ],
+                    "path": "%TEMP%\\E230.bat"
+                },
+                {
+                    "hashes": [
+                        "2b307f42f7cf30065cce12063b3bcb8803a1e19d4aa73792f440b0f80c91fcf3"
+                    ],
+                    "path": "\\{7EBA09AF-C59F-608E-3F92-C994E3E60D08}"
+                }
+            ],
+            "ip": [
+                {
+                    "hashes": [
+                        "0d8f3110fbd771989644939a3b0fcff866870ff88c05df7ee5a1235e4c4749f8",
+                        "0f07c570d967fdd014a1990c6b0bddaa8d0e096841faa93f3afdc1f55779d868",
+                        "1627c2372a603ac231a8709998ab1bf1096dea2e014cadd145afcf1dc550337e",
+                        "1be801bcfc361a65283c4e8d07d2217d35a5ba9d356496a6c4f87043fc356f58",
+                        "21eb0a07f6cbdaa846bc90ada59c653873674d1c417e86bad60619f28ce86102",
+                        "2c45116ab57056f76d28d7a8929f1033bfdaaaaf2bf4a443ff150d75ae2b6013",
+                        "346a4804c4c61e3573b96fbfc1c3912087f2f68c01e4d50ba24e1e80c3aad02f"
+                    ],
+                    "ip": "194[.]165[.]16[.]15"
+                },
+                {
+                    "hashes": [
+                        "049c2426192d0e9d1fc2db3ebd48e07166dab4e0c840b22d0f45ede076f61389",
+                        "1930371eb1a0cec8e5b7311f5476053304cff52572d3304cb71044159d7711ed",
+                        "19f84524d2718c165108376091927e42b63e2c8da8c2f92a37ae4c9c8d9275da",
+                        "22ff13fa4513f554f10b6a38ee3f642cb2996788e4c6c4cfbed2962118ef73fd",
+                        "37dae85fa1f091a9c4270b77c628f46f559a8ed9d7a8302278ed348fbfa9fec0",
+                        "3bd0b289aa4a812494c325fe9364eacbc1e800e312d9048db9bc48c49ced3523",
+                        "44a965a9c0f214704c2cd8c993ed701347e0fcd81132d4ee7085b22fe5031d48"
+                    ],
+                    "ip": "184[.]105[.]192[.]2"
+                },
+                {
+                    "hashes": [
+                        "049c2426192d0e9d1fc2db3ebd48e07166dab4e0c840b22d0f45ede076f61389",
+                        "1930371eb1a0cec8e5b7311f5476053304cff52572d3304cb71044159d7711ed",
+                        "22ff13fa4513f554f10b6a38ee3f642cb2996788e4c6c4cfbed2962118ef73fd",
+                        "37dae85fa1f091a9c4270b77c628f46f559a8ed9d7a8302278ed348fbfa9fec0",
+                        "3bd0b289aa4a812494c325fe9364eacbc1e800e312d9048db9bc48c49ced3523",
+                        "44a965a9c0f214704c2cd8c993ed701347e0fcd81132d4ee7085b22fe5031d48"
+                    ],
+                    "ip": "109[.]120[.]180[.]29"
+                },
+                {
+                    "hashes": [
+                        "01bc3645259d6553ae26142e215713d74a4ab9b72ce70a0e407ef0b0c24f3a78",
+                        "049c2426192d0e9d1fc2db3ebd48e07166dab4e0c840b22d0f45ede076f61389",
+                        "37dae85fa1f091a9c4270b77c628f46f559a8ed9d7a8302278ed348fbfa9fec0",
+                        "3bd0b289aa4a812494c325fe9364eacbc1e800e312d9048db9bc48c49ced3523",
+                        "44a965a9c0f214704c2cd8c993ed701347e0fcd81132d4ee7085b22fe5031d48"
+                    ],
+                    "ip": "40[.]67[.]189[.]14"
+                },
+                {
+                    "hashes": [
+                        "1930371eb1a0cec8e5b7311f5476053304cff52572d3304cb71044159d7711ed",
+                        "22ff13fa4513f554f10b6a38ee3f642cb2996788e4c6c4cfbed2962118ef73fd",
+                        "37dae85fa1f091a9c4270b77c628f46f559a8ed9d7a8302278ed348fbfa9fec0",
+                        "3bd0b289aa4a812494c325fe9364eacbc1e800e312d9048db9bc48c49ced3523",
+                        "44a965a9c0f214704c2cd8c993ed701347e0fcd81132d4ee7085b22fe5031d48"
+                    ],
+                    "ip": "40[.]90[.]247[.]210"
+                },
+                {
+                    "hashes": [
+                        "01bc3645259d6553ae26142e215713d74a4ab9b72ce70a0e407ef0b0c24f3a78",
+                        "049c2426192d0e9d1fc2db3ebd48e07166dab4e0c840b22d0f45ede076f61389",
+                        "1930371eb1a0cec8e5b7311f5476053304cff52572d3304cb71044159d7711ed",
+                        "22ff13fa4513f554f10b6a38ee3f642cb2996788e4c6c4cfbed2962118ef73fd",
+                        "341822381fec4eaec4d7735ccd63c250f7a93caab334cd6b44d3a7c7f623ef39"
+                    ],
+                    "ip": "40[.]91[.]124[.]111"
+                },
+                {
+                    "hashes": [
+                        "0d8f3110fbd771989644939a3b0fcff866870ff88c05df7ee5a1235e4c4749f8",
+                        "0f07c570d967fdd014a1990c6b0bddaa8d0e096841faa93f3afdc1f55779d868",
+                        "346a4804c4c61e3573b96fbfc1c3912087f2f68c01e4d50ba24e1e80c3aad02f"
+                    ],
+                    "ip": "49[.]124[.]15[.]147"
+                },
+                {
+                    "hashes": [
+                        "0d8f3110fbd771989644939a3b0fcff866870ff88c05df7ee5a1235e4c4749f8",
+                        "0f07c570d967fdd014a1990c6b0bddaa8d0e096841faa93f3afdc1f55779d868",
+                        "21eb0a07f6cbdaa846bc90ada59c653873674d1c417e86bad60619f28ce86102"
+                    ],
+                    "ip": "190[.]38[.]228[.]128"
+                },
+                {
+                    "hashes": [
+                        "0d8f3110fbd771989644939a3b0fcff866870ff88c05df7ee5a1235e4c4749f8",
+                        "0f07c570d967fdd014a1990c6b0bddaa8d0e096841faa93f3afdc1f55779d868",
+                        "21eb0a07f6cbdaa846bc90ada59c653873674d1c417e86bad60619f28ce86102"
+                    ],
+                    "ip": "24[.]35[.]232[.]189"
+                },
+                {
+                    "hashes": [
+                        "1627c2372a603ac231a8709998ab1bf1096dea2e014cadd145afcf1dc550337e",
+                        "1be801bcfc361a65283c4e8d07d2217d35a5ba9d356496a6c4f87043fc356f58",
+                        "346a4804c4c61e3573b96fbfc1c3912087f2f68c01e4d50ba24e1e80c3aad02f"
+                    ],
+                    "ip": "126[.]83[.]87[.]201"
+                },
+                {
+                    "hashes": [
+                        "01bc3645259d6553ae26142e215713d74a4ab9b72ce70a0e407ef0b0c24f3a78",
+                        "341822381fec4eaec4d7735ccd63c250f7a93caab334cd6b44d3a7c7f623ef39"
+                    ],
+                    "ip": "20[.]45[.]1[.]107"
+                },
+                {
+                    "hashes": [
+                        "0f07c570d967fdd014a1990c6b0bddaa8d0e096841faa93f3afdc1f55779d868",
+                        "2c45116ab57056f76d28d7a8929f1033bfdaaaaf2bf4a443ff150d75ae2b6013"
+                    ],
+                    "ip": "77[.]77[.]31[.]42"
+                },
+                {
+                    "hashes": [
+                        "0f07c570d967fdd014a1990c6b0bddaa8d0e096841faa93f3afdc1f55779d868",
+                        "2c45116ab57056f76d28d7a8929f1033bfdaaaaf2bf4a443ff150d75ae2b6013"
+                    ],
+                    "ip": "46[.]128[.]161[.]129"
+                },
+                {
+                    "hashes": [
+                        "0f07c570d967fdd014a1990c6b0bddaa8d0e096841faa93f3afdc1f55779d868",
+                        "2c45116ab57056f76d28d7a8929f1033bfdaaaaf2bf4a443ff150d75ae2b6013"
+                    ],
+                    "ip": "93[.]80[.]151[.]62"
+                },
+                {
+                    "hashes": [
+                        "0f07c570d967fdd014a1990c6b0bddaa8d0e096841faa93f3afdc1f55779d868",
+                        "1627c2372a603ac231a8709998ab1bf1096dea2e014cadd145afcf1dc550337e"
+                    ],
+                    "ip": "109[.]251[.]147[.]17"
+                },
+                {
+                    "hashes": [
+                        "1627c2372a603ac231a8709998ab1bf1096dea2e014cadd145afcf1dc550337e",
+                        "346a4804c4c61e3573b96fbfc1c3912087f2f68c01e4d50ba24e1e80c3aad02f"
+                    ],
+                    "ip": "122[.]196[.]217[.]40"
+                },
+                {
+                    "hashes": [
+                        "1627c2372a603ac231a8709998ab1bf1096dea2e014cadd145afcf1dc550337e",
+                        "2c45116ab57056f76d28d7a8929f1033bfdaaaaf2bf4a443ff150d75ae2b6013"
+                    ],
+                    "ip": "124[.]123[.]153[.]47"
+                },
+                {
+                    "hashes": [
+                        "1be801bcfc361a65283c4e8d07d2217d35a5ba9d356496a6c4f87043fc356f58",
+                        "21eb0a07f6cbdaa846bc90ada59c653873674d1c417e86bad60619f28ce86102"
+                    ],
+                    "ip": "218[.]157[.]244[.]205"
+                },
+                {
+                    "hashes": [
+                        "341822381fec4eaec4d7735ccd63c250f7a93caab334cd6b44d3a7c7f623ef39"
+                    ],
+                    "ip": "104[.]42[.]225[.]122"
+                },
+                {
+                    "hashes": [
+                        "21eb0a07f6cbdaa846bc90ada59c653873674d1c417e86bad60619f28ce86102"
+                    ],
+                    "ip": "69[.]133[.]65[.]5"
+                },
+                {
+                    "hashes": [
+                        "21eb0a07f6cbdaa846bc90ada59c653873674d1c417e86bad60619f28ce86102"
+                    ],
+                    "ip": "125[.]58[.]91[.]226"
+                },
+                {
+                    "hashes": [
+                        "21eb0a07f6cbdaa846bc90ada59c653873674d1c417e86bad60619f28ce86102"
+                    ],
+                    "ip": "178[.]205[.]86[.]64"
+                },
+                {
+                    "hashes": [
+                        "21eb0a07f6cbdaa846bc90ada59c653873674d1c417e86bad60619f28ce86102"
+                    ],
+                    "ip": "94[.]248[.]24[.]112"
+                },
+                {
+                    "hashes": [
+                        "21eb0a07f6cbdaa846bc90ada59c653873674d1c417e86bad60619f28ce86102"
+                    ],
+                    "ip": "24[.]42[.]115[.]69"
+                },
+                {
+                    "hashes": [
+                        "21eb0a07f6cbdaa846bc90ada59c653873674d1c417e86bad60619f28ce86102"
+                    ],
+                    "ip": "180[.]220[.]13[.]57"
+                },
+                {
+                    "hashes": [
+                        "21eb0a07f6cbdaa846bc90ada59c653873674d1c417e86bad60619f28ce86102"
+                    ],
+                    "ip": "129[.]22[.]245[.]159"
+                },
+                {
+                    "hashes": [
+                        "21eb0a07f6cbdaa846bc90ada59c653873674d1c417e86bad60619f28ce86102"
+                    ],
+                    "ip": "58[.]91[.]10[.]231"
+                },
+                {
+                    "hashes": [
+                        "21eb0a07f6cbdaa846bc90ada59c653873674d1c417e86bad60619f28ce86102"
+                    ],
+                    "ip": "125[.]196[.]172[.]20"
+                },
+                {
+                    "hashes": [
+                        "2b307f42f7cf30065cce12063b3bcb8803a1e19d4aa73792f440b0f80c91fcf3"
+                    ],
+                    "ip": "50[.]16[.]49[.]81"
+                },
+                {
+                    "hashes": [
+                        "2c45116ab57056f76d28d7a8929f1033bfdaaaaf2bf4a443ff150d75ae2b6013"
+                    ],
+                    "ip": "218[.]229[.]34[.]33"
+                },
+                {
+                    "hashes": [
+                        "2c45116ab57056f76d28d7a8929f1033bfdaaaaf2bf4a443ff150d75ae2b6013"
+                    ],
+                    "ip": "95[.]160[.]49[.]115"
+                },
+                {
+                    "hashes": [
+                        "2c45116ab57056f76d28d7a8929f1033bfdaaaaf2bf4a443ff150d75ae2b6013"
+                    ],
+                    "ip": "80[.]116[.]242[.]163"
+                },
+                {
+                    "hashes": [
+                        "2c45116ab57056f76d28d7a8929f1033bfdaaaaf2bf4a443ff150d75ae2b6013"
+                    ],
+                    "ip": "5[.]78[.]60[.]8"
+                },
+                {
+                    "hashes": [
+                        "2c45116ab57056f76d28d7a8929f1033bfdaaaaf2bf4a443ff150d75ae2b6013"
+                    ],
+                    "ip": "1[.]23[.]37[.]160"
+                },
+                {
+                    "hashes": [
+                        "2c45116ab57056f76d28d7a8929f1033bfdaaaaf2bf4a443ff150d75ae2b6013"
+                    ],
+                    "ip": "119[.]10[.]189[.]184"
+                },
+                {
+                    "hashes": [
+                        "2c45116ab57056f76d28d7a8929f1033bfdaaaaf2bf4a443ff150d75ae2b6013"
+                    ],
+                    "ip": "31[.]192[.]50[.]2"
+                },
+                {
+                    "hashes": [
+                        "2c45116ab57056f76d28d7a8929f1033bfdaaaaf2bf4a443ff150d75ae2b6013"
+                    ],
+                    "ip": "109[.]184[.]87[.]184"
+                },
+                {
+                    "hashes": [
+                        "2c45116ab57056f76d28d7a8929f1033bfdaaaaf2bf4a443ff150d75ae2b6013"
+                    ],
+                    "ip": "168[.]131[.]125[.]12"
+                },
+                {
+                    "hashes": [
+                        "346a4804c4c61e3573b96fbfc1c3912087f2f68c01e4d50ba24e1e80c3aad02f"
+                    ],
+                    "ip": "175[.]151[.]27[.]234"
+                },
+                {
+                    "hashes": [
+                        "346a4804c4c61e3573b96fbfc1c3912087f2f68c01e4d50ba24e1e80c3aad02f"
+                    ],
+                    "ip": "151[.]233[.]16[.]231"
+                },
+                {
+                    "hashes": [
+                        "346a4804c4c61e3573b96fbfc1c3912087f2f68c01e4d50ba24e1e80c3aad02f"
+                    ],
+                    "ip": "124[.]150[.]233[.]7"
+                },
+                {
+                    "hashes": [
+                        "346a4804c4c61e3573b96fbfc1c3912087f2f68c01e4d50ba24e1e80c3aad02f"
+                    ],
+                    "ip": "197[.]7[.]192[.]38"
+                },
+                {
+                    "hashes": [
+                        "346a4804c4c61e3573b96fbfc1c3912087f2f68c01e4d50ba24e1e80c3aad02f"
+                    ],
+                    "ip": "61[.]121[.]235[.]94"
+                },
+                {
+                    "hashes": [
+                        "346a4804c4c61e3573b96fbfc1c3912087f2f68c01e4d50ba24e1e80c3aad02f"
+                    ],
+                    "ip": "220[.]99[.]173[.]15"
+                },
+                {
+                    "hashes": [
+                        "346a4804c4c61e3573b96fbfc1c3912087f2f68c01e4d50ba24e1e80c3aad02f"
+                    ],
+                    "ip": "153[.]177[.]77[.]224"
+                },
+                {
+                    "hashes": [
+                        "346a4804c4c61e3573b96fbfc1c3912087f2f68c01e4d50ba24e1e80c3aad02f"
+                    ],
+                    "ip": "119[.]150[.]79[.]132"
+                },
+                {
+                    "hashes": [
+                        "346a4804c4c61e3573b96fbfc1c3912087f2f68c01e4d50ba24e1e80c3aad02f"
+                    ],
+                    "ip": "114[.]150[.]245[.]103"
+                },
+                {
+                    "hashes": [
+                        "346a4804c4c61e3573b96fbfc1c3912087f2f68c01e4d50ba24e1e80c3aad02f"
+                    ],
+                    "ip": "92[.]87[.]28[.]118"
+                },
+                {
+                    "hashes": [
+                        "346a4804c4c61e3573b96fbfc1c3912087f2f68c01e4d50ba24e1e80c3aad02f"
+                    ],
+                    "ip": "37[.]19[.]168[.]80"
+                },
+                {
+                    "hashes": [
+                        "2b307f42f7cf30065cce12063b3bcb8803a1e19d4aa73792f440b0f80c91fcf3"
+                    ],
+                    "ip": "35[.]175[.]60[.]16"
+                }
+            ],
+            "mutex": [
+                {
+                    "hashes": [
+                        "0d8f3110fbd771989644939a3b0fcff866870ff88c05df7ee5a1235e4c4749f8",
+                        "0f07c570d967fdd014a1990c6b0bddaa8d0e096841faa93f3afdc1f55779d868",
+                        "1627c2372a603ac231a8709998ab1bf1096dea2e014cadd145afcf1dc550337e",
+                        "1be801bcfc361a65283c4e8d07d2217d35a5ba9d356496a6c4f87043fc356f58",
+                        "21eb0a07f6cbdaa846bc90ada59c653873674d1c417e86bad60619f28ce86102",
+                        "2c45116ab57056f76d28d7a8929f1033bfdaaaaf2bf4a443ff150d75ae2b6013",
+                        "346a4804c4c61e3573b96fbfc1c3912087f2f68c01e4d50ba24e1e80c3aad02f"
+                    ],
+                    "name": "Frz_State"
+                },
+                {
+                    "hashes": [
+                        "0d8f3110fbd771989644939a3b0fcff866870ff88c05df7ee5a1235e4c4749f8",
+                        "0f07c570d967fdd014a1990c6b0bddaa8d0e096841faa93f3afdc1f55779d868",
+                        "1627c2372a603ac231a8709998ab1bf1096dea2e014cadd145afcf1dc550337e",
+                        "1be801bcfc361a65283c4e8d07d2217d35a5ba9d356496a6c4f87043fc356f58",
+                        "21eb0a07f6cbdaa846bc90ada59c653873674d1c417e86bad60619f28ce86102",
+                        "2c45116ab57056f76d28d7a8929f1033bfdaaaaf2bf4a443ff150d75ae2b6013",
+                        "346a4804c4c61e3573b96fbfc1c3912087f2f68c01e4d50ba24e1e80c3aad02f"
+                    ],
+                    "name": "shell.{51D4DBE8-BDA0-10DF-2D07-6083593E274E}"
+                },
+                {
+                    "hashes": [
+                        "0d8f3110fbd771989644939a3b0fcff866870ff88c05df7ee5a1235e4c4749f8",
+                        "0f07c570d967fdd014a1990c6b0bddaa8d0e096841faa93f3afdc1f55779d868",
+                        "1627c2372a603ac231a8709998ab1bf1096dea2e014cadd145afcf1dc550337e",
+                        "1be801bcfc361a65283c4e8d07d2217d35a5ba9d356496a6c4f87043fc356f58",
+                        "21eb0a07f6cbdaa846bc90ada59c653873674d1c417e86bad60619f28ce86102",
+                        "2c45116ab57056f76d28d7a8929f1033bfdaaaaf2bf4a443ff150d75ae2b6013",
+                        "346a4804c4c61e3573b96fbfc1c3912087f2f68c01e4d50ba24e1e80c3aad02f"
+                    ],
+                    "name": "shell.{6378803E-0C4F-158B-122F-45AACF1EEAA5}"
+                },
+                {
+                    "hashes": [
+                        "2b307f42f7cf30065cce12063b3bcb8803a1e19d4aa73792f440b0f80c91fcf3",
+                        "4c044cec574a1b83c341b25e2b3febec0955e3d8163f3ecd3c3ccfff800f0608"
+                    ],
+                    "name": "Local\\{AF64E7EC-42CA-B984-C453-96FD38372A81}"
+                },
+                {
+                    "hashes": [
+                        "20edee9146f0772dac4efb13e92b9aa0c267c95ae509d751c8a991f0a95d0d2b"
+                    ],
+                    "name": "seiuebfbgnppen"
+                },
+                {
+                    "hashes": [
+                        "19f84524d2718c165108376091927e42b63e2c8da8c2f92a37ae4c9c8d9275da"
+                    ],
+                    "name": "UVJlWVxU"
+                },
+                {
+                    "hashes": [
+                        "4c044cec574a1b83c341b25e2b3febec0955e3d8163f3ecd3c3ccfff800f0608"
+                    ],
+                    "name": "{F37309D7-B6A8-9D08-58D7-4A210CFB1EE5}"
+                },
+                {
+                    "hashes": [
+                        "2b307f42f7cf30065cce12063b3bcb8803a1e19d4aa73792f440b0f80c91fcf3"
+                    ],
+                    "name": "{33F762DD-F6D2-DDAD-9817-8A614C3B5E25}"
+                },
+                {
+                    "hashes": [
+                        "2c35fea69feeff1bd9031260d8c11a46473c82fb5be8cbe185eb486fb5f72c84"
+                    ],
+                    "name": "Global\\fbd4d201-a0ca-11ea-a007-00501e3ae7b5"
+                },
+                {
+                    "hashes": [
+                        "2b307f42f7cf30065cce12063b3bcb8803a1e19d4aa73792f440b0f80c91fcf3"
+                    ],
+                    "name": "Local\\{227C68F6-19CD-A453-B376-5D18970AE1CC}"
+                },
+                {
+                    "hashes": [
+                        "2b307f42f7cf30065cce12063b3bcb8803a1e19d4aa73792f440b0f80c91fcf3"
+                    ],
+                    "name": "{1E72B4E3-E5B2-0047-5F32-E93403862DA8}"
+                },
+                {
+                    "hashes": [
+                        "2c35fea69feeff1bd9031260d8c11a46473c82fb5be8cbe185eb486fb5f72c84"
+                    ],
+                    "name": "f318011atatt"
+                }
+            ],
+            "registry": [
+                {
+                    "hashes": [
+                        "0d8f3110fbd771989644939a3b0fcff866870ff88c05df7ee5a1235e4c4749f8",
+                        "0f07c570d967fdd014a1990c6b0bddaa8d0e096841faa93f3afdc1f55779d868",
+                        "1627c2372a603ac231a8709998ab1bf1096dea2e014cadd145afcf1dc550337e",
+                        "1be801bcfc361a65283c4e8d07d2217d35a5ba9d356496a6c4f87043fc356f58",
+                        "21eb0a07f6cbdaa846bc90ada59c653873674d1c417e86bad60619f28ce86102",
+                        "2c45116ab57056f76d28d7a8929f1033bfdaaaaf2bf4a443ff150d75ae2b6013",
+                        "31eeee772b983f6553c1721920e8a9c4ffd4f9c9197ab8161d278347ac538f0a",
+                        "346a4804c4c61e3573b96fbfc1c3912087f2f68c01e4d50ba24e1e80c3aad02f",
+                        "378819dbd951424471777f89811e16d58010b1161254b4b74bdf487861e5a5f7",
+                        "3d7043f6f4bd7a68f0829df9bacf696dc7e9ea36f5642a35efc197b98612f0e5",
+                        "46d1fa84a261bf0f281f59544a2d5175091c2a672864ed93301558cd80b82b3f"
+                    ],
+                    "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\EXPLORER\\DISCARDABLE\\POSTSETUP\\COMPONENT CATEGORIES\\{F3F18253-2050-E690-FED7-0BE7DF1E790D}",
+                    "value_name": null
+                },
+                {
+                    "hashes": [
+                        "0d8f3110fbd771989644939a3b0fcff866870ff88c05df7ee5a1235e4c4749f8",
+                        "0f07c570d967fdd014a1990c6b0bddaa8d0e096841faa93f3afdc1f55779d868",
+                        "1627c2372a603ac231a8709998ab1bf1096dea2e014cadd145afcf1dc550337e",
+                        "1be801bcfc361a65283c4e8d07d2217d35a5ba9d356496a6c4f87043fc356f58",
+                        "21eb0a07f6cbdaa846bc90ada59c653873674d1c417e86bad60619f28ce86102",
+                        "2c45116ab57056f76d28d7a8929f1033bfdaaaaf2bf4a443ff150d75ae2b6013",
+                        "31eeee772b983f6553c1721920e8a9c4ffd4f9c9197ab8161d278347ac538f0a",
+                        "346a4804c4c61e3573b96fbfc1c3912087f2f68c01e4d50ba24e1e80c3aad02f",
+                        "378819dbd951424471777f89811e16d58010b1161254b4b74bdf487861e5a5f7",
+                        "3d7043f6f4bd7a68f0829df9bacf696dc7e9ea36f5642a35efc197b98612f0e5",
+                        "46d1fa84a261bf0f281f59544a2d5175091c2a672864ed93301558cd80b82b3f"
+                    ],
+                    "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\EXPLORER\\DISCARDABLE\\POSTSETUP\\COMPONENT CATEGORIES\\{F3F18253-2050-E690-FED7-0BE7DF1E790D}\\ENUM",
+                    "value_name": null
+                },
+                {
+                    "hashes": [
+                        "01bc3645259d6553ae26142e215713d74a4ab9b72ce70a0e407ef0b0c24f3a78",
+                        "049c2426192d0e9d1fc2db3ebd48e07166dab4e0c840b22d0f45ede076f61389",
+                        "1930371eb1a0cec8e5b7311f5476053304cff52572d3304cb71044159d7711ed",
+                        "22ff13fa4513f554f10b6a38ee3f642cb2996788e4c6c4cfbed2962118ef73fd",
+                        "341822381fec4eaec4d7735ccd63c250f7a93caab334cd6b44d3a7c7f623ef39",
+                        "37dae85fa1f091a9c4270b77c628f46f559a8ed9d7a8302278ed348fbfa9fec0",
+                        "3bd0b289aa4a812494c325fe9364eacbc1e800e312d9048db9bc48c49ced3523",
+                        "44a965a9c0f214704c2cd8c993ed701347e0fcd81132d4ee7085b22fe5031d48"
+                    ],
+                    "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\EXPLORER\\ADVANCED",
+                    "value_name": "Hidden"
+                },
+                {
+                    "hashes": [
+                        "01bc3645259d6553ae26142e215713d74a4ab9b72ce70a0e407ef0b0c24f3a78",
+                        "049c2426192d0e9d1fc2db3ebd48e07166dab4e0c840b22d0f45ede076f61389",
+                        "1930371eb1a0cec8e5b7311f5476053304cff52572d3304cb71044159d7711ed",
+                        "22ff13fa4513f554f10b6a38ee3f642cb2996788e4c6c4cfbed2962118ef73fd",
+                        "341822381fec4eaec4d7735ccd63c250f7a93caab334cd6b44d3a7c7f623ef39",
+                        "37dae85fa1f091a9c4270b77c628f46f559a8ed9d7a8302278ed348fbfa9fec0",
+                        "3bd0b289aa4a812494c325fe9364eacbc1e800e312d9048db9bc48c49ced3523",
+                        "44a965a9c0f214704c2cd8c993ed701347e0fcd81132d4ee7085b22fe5031d48"
+                    ],
+                    "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\POLICIES\\SYSTEM",
+                    "value_name": "EnableLUA"
+                },
+                {
+                    "hashes": [
+                        "01bc3645259d6553ae26142e215713d74a4ab9b72ce70a0e407ef0b0c24f3a78",
+                        "049c2426192d0e9d1fc2db3ebd48e07166dab4e0c840b22d0f45ede076f61389",
+                        "1930371eb1a0cec8e5b7311f5476053304cff52572d3304cb71044159d7711ed",
+                        "22ff13fa4513f554f10b6a38ee3f642cb2996788e4c6c4cfbed2962118ef73fd",
+                        "341822381fec4eaec4d7735ccd63c250f7a93caab334cd6b44d3a7c7f623ef39",
+                        "37dae85fa1f091a9c4270b77c628f46f559a8ed9d7a8302278ed348fbfa9fec0",
+                        "3bd0b289aa4a812494c325fe9364eacbc1e800e312d9048db9bc48c49ced3523",
+                        "44a965a9c0f214704c2cd8c993ed701347e0fcd81132d4ee7085b22fe5031d48"
+                    ],
+                    "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\WSCSVC",
+                    "value_name": "Start"
+                },
+                {
+                    "hashes": [
+                        "01bc3645259d6553ae26142e215713d74a4ab9b72ce70a0e407ef0b0c24f3a78",
+                        "049c2426192d0e9d1fc2db3ebd48e07166dab4e0c840b22d0f45ede076f61389",
+                        "1930371eb1a0cec8e5b7311f5476053304cff52572d3304cb71044159d7711ed",
+                        "22ff13fa4513f554f10b6a38ee3f642cb2996788e4c6c4cfbed2962118ef73fd",
+                        "341822381fec4eaec4d7735ccd63c250f7a93caab334cd6b44d3a7c7f623ef39",
+                        "37dae85fa1f091a9c4270b77c628f46f559a8ed9d7a8302278ed348fbfa9fec0",
+                        "3bd0b289aa4a812494c325fe9364eacbc1e800e312d9048db9bc48c49ced3523",
+                        "44a965a9c0f214704c2cd8c993ed701347e0fcd81132d4ee7085b22fe5031d48"
+                    ],
+                    "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\WINDEFEND",
+                    "value_name": "Start"
+                },
+                {
+                    "hashes": [
+                        "01bc3645259d6553ae26142e215713d74a4ab9b72ce70a0e407ef0b0c24f3a78",
+                        "049c2426192d0e9d1fc2db3ebd48e07166dab4e0c840b22d0f45ede076f61389",
+                        "1930371eb1a0cec8e5b7311f5476053304cff52572d3304cb71044159d7711ed",
+                        "22ff13fa4513f554f10b6a38ee3f642cb2996788e4c6c4cfbed2962118ef73fd",
+                        "341822381fec4eaec4d7735ccd63c250f7a93caab334cd6b44d3a7c7f623ef39",
+                        "37dae85fa1f091a9c4270b77c628f46f559a8ed9d7a8302278ed348fbfa9fec0",
+                        "3bd0b289aa4a812494c325fe9364eacbc1e800e312d9048db9bc48c49ced3523",
+                        "44a965a9c0f214704c2cd8c993ed701347e0fcd81132d4ee7085b22fe5031d48"
+                    ],
+                    "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\EXPLORER\\ADVANCED",
+                    "value_name": "ShowSuperHidden"
+                },
+                {
+                    "hashes": [
+                        "01bc3645259d6553ae26142e215713d74a4ab9b72ce70a0e407ef0b0c24f3a78",
+                        "049c2426192d0e9d1fc2db3ebd48e07166dab4e0c840b22d0f45ede076f61389",
+                        "1930371eb1a0cec8e5b7311f5476053304cff52572d3304cb71044159d7711ed",
+                        "22ff13fa4513f554f10b6a38ee3f642cb2996788e4c6c4cfbed2962118ef73fd",
+                        "341822381fec4eaec4d7735ccd63c250f7a93caab334cd6b44d3a7c7f623ef39",
+                        "37dae85fa1f091a9c4270b77c628f46f559a8ed9d7a8302278ed348fbfa9fec0",
+                        "3bd0b289aa4a812494c325fe9364eacbc1e800e312d9048db9bc48c49ced3523",
+                        "44a965a9c0f214704c2cd8c993ed701347e0fcd81132d4ee7085b22fe5031d48"
+                    ],
+                    "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\MPSSVC",
+                    "value_name": "Start"
+                },
+                {
+                    "hashes": [
+                        "01bc3645259d6553ae26142e215713d74a4ab9b72ce70a0e407ef0b0c24f3a78",
+                        "049c2426192d0e9d1fc2db3ebd48e07166dab4e0c840b22d0f45ede076f61389",
+                        "1930371eb1a0cec8e5b7311f5476053304cff52572d3304cb71044159d7711ed",
+                        "22ff13fa4513f554f10b6a38ee3f642cb2996788e4c6c4cfbed2962118ef73fd",
+                        "341822381fec4eaec4d7735ccd63c250f7a93caab334cd6b44d3a7c7f623ef39",
+                        "37dae85fa1f091a9c4270b77c628f46f559a8ed9d7a8302278ed348fbfa9fec0",
+                        "3bd0b289aa4a812494c325fe9364eacbc1e800e312d9048db9bc48c49ced3523",
+                        "44a965a9c0f214704c2cd8c993ed701347e0fcd81132d4ee7085b22fe5031d48"
+                    ],
+                    "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\POLICIES\\EXPLORER",
+                    "value_name": "HideSCAHealth"
+                },
+                {
+                    "hashes": [
+                        "01bc3645259d6553ae26142e215713d74a4ab9b72ce70a0e407ef0b0c24f3a78",
+                        "049c2426192d0e9d1fc2db3ebd48e07166dab4e0c840b22d0f45ede076f61389",
+                        "1930371eb1a0cec8e5b7311f5476053304cff52572d3304cb71044159d7711ed",
+                        "22ff13fa4513f554f10b6a38ee3f642cb2996788e4c6c4cfbed2962118ef73fd",
+                        "341822381fec4eaec4d7735ccd63c250f7a93caab334cd6b44d3a7c7f623ef39",
+                        "37dae85fa1f091a9c4270b77c628f46f559a8ed9d7a8302278ed348fbfa9fec0",
+                        "3bd0b289aa4a812494c325fe9364eacbc1e800e312d9048db9bc48c49ced3523",
+                        "44a965a9c0f214704c2cd8c993ed701347e0fcd81132d4ee7085b22fe5031d48"
+                    ],
+                    "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\POLICIES\\EXPLORER",
+                    "value_name": "HideSCAHealth"
+                },
+                {
+                    "hashes": [
+                        "01bc3645259d6553ae26142e215713d74a4ab9b72ce70a0e407ef0b0c24f3a78",
+                        "049c2426192d0e9d1fc2db3ebd48e07166dab4e0c840b22d0f45ede076f61389",
+                        "1930371eb1a0cec8e5b7311f5476053304cff52572d3304cb71044159d7711ed",
+                        "22ff13fa4513f554f10b6a38ee3f642cb2996788e4c6c4cfbed2962118ef73fd",
+                        "341822381fec4eaec4d7735ccd63c250f7a93caab334cd6b44d3a7c7f623ef39",
+                        "37dae85fa1f091a9c4270b77c628f46f559a8ed9d7a8302278ed348fbfa9fec0",
+                        "3bd0b289aa4a812494c325fe9364eacbc1e800e312d9048db9bc48c49ced3523",
+                        "44a965a9c0f214704c2cd8c993ed701347e0fcd81132d4ee7085b22fe5031d48"
+                    ],
+                    "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\WUAUSERV",
+                    "value_name": "Start"
+                },
+                {
+                    "hashes": [
+                        "01bc3645259d6553ae26142e215713d74a4ab9b72ce70a0e407ef0b0c24f3a78",
+                        "049c2426192d0e9d1fc2db3ebd48e07166dab4e0c840b22d0f45ede076f61389",
+                        "1930371eb1a0cec8e5b7311f5476053304cff52572d3304cb71044159d7711ed",
+                        "22ff13fa4513f554f10b6a38ee3f642cb2996788e4c6c4cfbed2962118ef73fd",
+                        "341822381fec4eaec4d7735ccd63c250f7a93caab334cd6b44d3a7c7f623ef39",
+                        "37dae85fa1f091a9c4270b77c628f46f559a8ed9d7a8302278ed348fbfa9fec0",
+                        "3bd0b289aa4a812494c325fe9364eacbc1e800e312d9048db9bc48c49ced3523",
+                        "44a965a9c0f214704c2cd8c993ed701347e0fcd81132d4ee7085b22fe5031d48"
+                    ],
+                    "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\POLICIES\\EXPLORER",
+                    "value_name": "TaskbarNoNotification"
+                },
+                {
+                    "hashes": [
+                        "01bc3645259d6553ae26142e215713d74a4ab9b72ce70a0e407ef0b0c24f3a78",
+                        "049c2426192d0e9d1fc2db3ebd48e07166dab4e0c840b22d0f45ede076f61389",
+                        "1930371eb1a0cec8e5b7311f5476053304cff52572d3304cb71044159d7711ed",
+                        "22ff13fa4513f554f10b6a38ee3f642cb2996788e4c6c4cfbed2962118ef73fd",
+                        "341822381fec4eaec4d7735ccd63c250f7a93caab334cd6b44d3a7c7f623ef39",
+                        "37dae85fa1f091a9c4270b77c628f46f559a8ed9d7a8302278ed348fbfa9fec0",
+                        "3bd0b289aa4a812494c325fe9364eacbc1e800e312d9048db9bc48c49ced3523",
+                        "44a965a9c0f214704c2cd8c993ed701347e0fcd81132d4ee7085b22fe5031d48"
+                    ],
+                    "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\POLICIES\\EXPLORER",
+                    "value_name": "TaskbarNoNotification"
+                },
+                {
+                    "hashes": [
+                        "01bc3645259d6553ae26142e215713d74a4ab9b72ce70a0e407ef0b0c24f3a78",
+                        "049c2426192d0e9d1fc2db3ebd48e07166dab4e0c840b22d0f45ede076f61389",
+                        "1930371eb1a0cec8e5b7311f5476053304cff52572d3304cb71044159d7711ed",
+                        "22ff13fa4513f554f10b6a38ee3f642cb2996788e4c6c4cfbed2962118ef73fd",
+                        "341822381fec4eaec4d7735ccd63c250f7a93caab334cd6b44d3a7c7f623ef39",
+                        "37dae85fa1f091a9c4270b77c628f46f559a8ed9d7a8302278ed348fbfa9fec0",
+                        "3bd0b289aa4a812494c325fe9364eacbc1e800e312d9048db9bc48c49ced3523",
+                        "44a965a9c0f214704c2cd8c993ed701347e0fcd81132d4ee7085b22fe5031d48"
+                    ],
+                    "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS",
+                    "value_name": "Load"
+                },
+                {
+                    "hashes": [
+                        "01bc3645259d6553ae26142e215713d74a4ab9b72ce70a0e407ef0b0c24f3a78",
+                        "049c2426192d0e9d1fc2db3ebd48e07166dab4e0c840b22d0f45ede076f61389",
+                        "1930371eb1a0cec8e5b7311f5476053304cff52572d3304cb71044159d7711ed",
+                        "22ff13fa4513f554f10b6a38ee3f642cb2996788e4c6c4cfbed2962118ef73fd",
+                        "341822381fec4eaec4d7735ccd63c250f7a93caab334cd6b44d3a7c7f623ef39",
+                        "37dae85fa1f091a9c4270b77c628f46f559a8ed9d7a8302278ed348fbfa9fec0",
+                        "3bd0b289aa4a812494c325fe9364eacbc1e800e312d9048db9bc48c49ced3523",
+                        "44a965a9c0f214704c2cd8c993ed701347e0fcd81132d4ee7085b22fe5031d48"
+                    ],
+                    "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN",
+                    "value_name": "1081297374"
+                },
+                {
+                    "hashes": [
+                        "01bc3645259d6553ae26142e215713d74a4ab9b72ce70a0e407ef0b0c24f3a78",
+                        "049c2426192d0e9d1fc2db3ebd48e07166dab4e0c840b22d0f45ede076f61389",
+                        "1930371eb1a0cec8e5b7311f5476053304cff52572d3304cb71044159d7711ed",
+                        "22ff13fa4513f554f10b6a38ee3f642cb2996788e4c6c4cfbed2962118ef73fd",
+                        "341822381fec4eaec4d7735ccd63c250f7a93caab334cd6b44d3a7c7f623ef39",
+                        "37dae85fa1f091a9c4270b77c628f46f559a8ed9d7a8302278ed348fbfa9fec0",
+                        "3bd0b289aa4a812494c325fe9364eacbc1e800e312d9048db9bc48c49ced3523",
+                        "44a965a9c0f214704c2cd8c993ed701347e0fcd81132d4ee7085b22fe5031d48"
+                    ],
+                    "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\POLICIES\\EXPLORER\\RUN",
+                    "value_name": "1081297374"
+                },
+                {
+                    "hashes": [
+                        "01bc3645259d6553ae26142e215713d74a4ab9b72ce70a0e407ef0b0c24f3a78",
+                        "049c2426192d0e9d1fc2db3ebd48e07166dab4e0c840b22d0f45ede076f61389",
+                        "1930371eb1a0cec8e5b7311f5476053304cff52572d3304cb71044159d7711ed",
+                        "22ff13fa4513f554f10b6a38ee3f642cb2996788e4c6c4cfbed2962118ef73fd",
+                        "341822381fec4eaec4d7735ccd63c250f7a93caab334cd6b44d3a7c7f623ef39",
+                        "37dae85fa1f091a9c4270b77c628f46f559a8ed9d7a8302278ed348fbfa9fec0",
+                        "3bd0b289aa4a812494c325fe9364eacbc1e800e312d9048db9bc48c49ced3523",
+                        "44a965a9c0f214704c2cd8c993ed701347e0fcd81132d4ee7085b22fe5031d48"
+                    ],
+                    "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\POLICIES\\EXPLORER\\RUN",
+                    "value_name": null
+                },
+                {
+                    "hashes": [
+                        "0d8f3110fbd771989644939a3b0fcff866870ff88c05df7ee5a1235e4c4749f8",
+                        "0f07c570d967fdd014a1990c6b0bddaa8d0e096841faa93f3afdc1f55779d868",
+                        "1627c2372a603ac231a8709998ab1bf1096dea2e014cadd145afcf1dc550337e",
+                        "1be801bcfc361a65283c4e8d07d2217d35a5ba9d356496a6c4f87043fc356f58",
+                        "21eb0a07f6cbdaa846bc90ada59c653873674d1c417e86bad60619f28ce86102",
+                        "2c45116ab57056f76d28d7a8929f1033bfdaaaaf2bf4a443ff150d75ae2b6013",
+                        "346a4804c4c61e3573b96fbfc1c3912087f2f68c01e4d50ba24e1e80c3aad02f"
+                    ],
+                    "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\OUTLOOK EXPRESS\\5.0",
+                    "value_name": null
+                },
+                {
+                    "hashes": [
+                        "0d8f3110fbd771989644939a3b0fcff866870ff88c05df7ee5a1235e4c4749f8",
+                        "0f07c570d967fdd014a1990c6b0bddaa8d0e096841faa93f3afdc1f55779d868",
+                        "1627c2372a603ac231a8709998ab1bf1096dea2e014cadd145afcf1dc550337e",
+                        "1be801bcfc361a65283c4e8d07d2217d35a5ba9d356496a6c4f87043fc356f58",
+                        "21eb0a07f6cbdaa846bc90ada59c653873674d1c417e86bad60619f28ce86102",
+                        "2c45116ab57056f76d28d7a8929f1033bfdaaaaf2bf4a443ff150d75ae2b6013",
+                        "346a4804c4c61e3573b96fbfc1c3912087f2f68c01e4d50ba24e1e80c3aad02f"
+                    ],
+                    "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\OUTLOOK EXPRESS\\5.0\\SHARED SETTINGS\\SETUP\\10002",
+                    "value_name": null
+                },
+                {
+                    "hashes": [
+                        "0d8f3110fbd771989644939a3b0fcff866870ff88c05df7ee5a1235e4c4749f8",
+                        "0f07c570d967fdd014a1990c6b0bddaa8d0e096841faa93f3afdc1f55779d868",
+                        "1627c2372a603ac231a8709998ab1bf1096dea2e014cadd145afcf1dc550337e",
+                        "1be801bcfc361a65283c4e8d07d2217d35a5ba9d356496a6c4f87043fc356f58",
+                        "21eb0a07f6cbdaa846bc90ada59c653873674d1c417e86bad60619f28ce86102",
+                        "2c45116ab57056f76d28d7a8929f1033bfdaaaaf2bf4a443ff150d75ae2b6013",
+                        "346a4804c4c61e3573b96fbfc1c3912087f2f68c01e4d50ba24e1e80c3aad02f"
+                    ],
+                    "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\OUTLOOK EXPRESS",
+                    "value_name": null
+                },
+                {
+                    "hashes": [
+                        "0d8f3110fbd771989644939a3b0fcff866870ff88c05df7ee5a1235e4c4749f8",
+                        "0f07c570d967fdd014a1990c6b0bddaa8d0e096841faa93f3afdc1f55779d868",
+                        "1627c2372a603ac231a8709998ab1bf1096dea2e014cadd145afcf1dc550337e",
+                        "1be801bcfc361a65283c4e8d07d2217d35a5ba9d356496a6c4f87043fc356f58",
+                        "21eb0a07f6cbdaa846bc90ada59c653873674d1c417e86bad60619f28ce86102",
+                        "2c45116ab57056f76d28d7a8929f1033bfdaaaaf2bf4a443ff150d75ae2b6013",
+                        "346a4804c4c61e3573b96fbfc1c3912087f2f68c01e4d50ba24e1e80c3aad02f"
+                    ],
+                    "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\OUTLOOK EXPRESS\\5.0\\SHARED SETTINGS",
+                    "value_name": null
+                },
+                {
+                    "hashes": [
+                        "0d8f3110fbd771989644939a3b0fcff866870ff88c05df7ee5a1235e4c4749f8",
+                        "0f07c570d967fdd014a1990c6b0bddaa8d0e096841faa93f3afdc1f55779d868",
+                        "1627c2372a603ac231a8709998ab1bf1096dea2e014cadd145afcf1dc550337e",
+                        "1be801bcfc361a65283c4e8d07d2217d35a5ba9d356496a6c4f87043fc356f58",
+                        "21eb0a07f6cbdaa846bc90ada59c653873674d1c417e86bad60619f28ce86102",
+                        "2c45116ab57056f76d28d7a8929f1033bfdaaaaf2bf4a443ff150d75ae2b6013",
+                        "346a4804c4c61e3573b96fbfc1c3912087f2f68c01e4d50ba24e1e80c3aad02f"
+                    ],
+                    "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\OUTLOOK EXPRESS\\5.0\\SHARED SETTINGS\\SETUP",
+                    "value_name": null
+                },
+                {
+                    "hashes": [
+                        "0d8f3110fbd771989644939a3b0fcff866870ff88c05df7ee5a1235e4c4749f8",
+                        "0f07c570d967fdd014a1990c6b0bddaa8d0e096841faa93f3afdc1f55779d868",
+                        "1627c2372a603ac231a8709998ab1bf1096dea2e014cadd145afcf1dc550337e",
+                        "1be801bcfc361a65283c4e8d07d2217d35a5ba9d356496a6c4f87043fc356f58",
+                        "21eb0a07f6cbdaa846bc90ada59c653873674d1c417e86bad60619f28ce86102",
+                        "2c45116ab57056f76d28d7a8929f1033bfdaaaaf2bf4a443ff150d75ae2b6013",
+                        "346a4804c4c61e3573b96fbfc1c3912087f2f68c01e4d50ba24e1e80c3aad02f"
+                    ],
+                    "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\OUTLOOK EXPRESS\\5.0\\SHARED SETTINGS\\SETUP\\10002",
+                    "value_name": "r\u007fdOyt"
+                },
+                {
+                    "hashes": [
+                        "2b307f42f7cf30065cce12063b3bcb8803a1e19d4aa73792f440b0f80c91fcf3",
+                        "4c044cec574a1b83c341b25e2b3febec0955e3d8163f3ecd3c3ccfff800f0608"
+                    ],
+                    "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\EXPLORER\\CD BURNING\\DRIVES\\VOLUME{509D0DCA-5840-11E6-A51E-806E6F6E6963}",
+                    "value_name": "IsImapiDataBurnSupported"
+                },
+                {
+                    "hashes": [
+                        "2b307f42f7cf30065cce12063b3bcb8803a1e19d4aa73792f440b0f80c91fcf3",
+                        "4c044cec574a1b83c341b25e2b3febec0955e3d8163f3ecd3c3ccfff800f0608"
+                    ],
+                    "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\EXPLORER\\CD BURNING\\STAGINGINFO\\VOLUME{509D0DCA-5840-11E6-A51E-806E6F6E6963}",
+                    "value_name": "DriveNumber"
+                },
+                {
+                    "hashes": [
+                        "2b307f42f7cf30065cce12063b3bcb8803a1e19d4aa73792f440b0f80c91fcf3",
+                        "4c044cec574a1b83c341b25e2b3febec0955e3d8163f3ecd3c3ccfff800f0608"
+                    ],
+                    "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\EXPLORER\\CD BURNING\\STAGINGINFO\\VOLUME{509D0DCA-5840-11E6-A51E-806E6F6E6963}",
+                    "value_name": "StagingPath"
+                },
+                {
+                    "hashes": [
+                        "2b307f42f7cf30065cce12063b3bcb8803a1e19d4aa73792f440b0f80c91fcf3",
+                        "4c044cec574a1b83c341b25e2b3febec0955e3d8163f3ecd3c3ccfff800f0608"
+                    ],
+                    "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\EXPLORER\\CD BURNING\\STAGINGINFO\\VOLUME{509D0DCA-5840-11E6-A51E-806E6F6E6963}",
+                    "value_name": "Active"
+                },
+                {
+                    "hashes": [
+                        "2b307f42f7cf30065cce12063b3bcb8803a1e19d4aa73792f440b0f80c91fcf3",
+                        "4c044cec574a1b83c341b25e2b3febec0955e3d8163f3ecd3c3ccfff800f0608"
+                    ],
+                    "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\EXPLORER\\CD BURNING",
+                    "value_name": "CD Recorder Drive"
+                },
+                {
+                    "hashes": [
+                        "2b307f42f7cf30065cce12063b3bcb8803a1e19d4aa73792f440b0f80c91fcf3",
+                        "4c044cec574a1b83c341b25e2b3febec0955e3d8163f3ecd3c3ccfff800f0608"
+                    ],
+                    "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\EXPLORER\\CD BURNING\\DRIVES\\VOLUME{509D0DCA-5840-11E6-A51E-806E6F6E6963}\\CURRENT MEDIA",
+                    "value_name": "FreeBytes"
+                },
+                {
+                    "hashes": [
+                        "2b307f42f7cf30065cce12063b3bcb8803a1e19d4aa73792f440b0f80c91fcf3",
+                        "4c044cec574a1b83c341b25e2b3febec0955e3d8163f3ecd3c3ccfff800f0608"
+                    ],
+                    "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\EXPLORER\\CD BURNING\\DRIVES\\VOLUME{509D0DCA-5840-11E6-A51E-806E6F6E6963}\\CURRENT MEDIA",
+                    "value_name": "Blank Disc"
+                },
+                {
+                    "hashes": [
+                        "2b307f42f7cf30065cce12063b3bcb8803a1e19d4aa73792f440b0f80c91fcf3",
+                        "4c044cec574a1b83c341b25e2b3febec0955e3d8163f3ecd3c3ccfff800f0608"
+                    ],
+                    "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\EXPLORER\\CD BURNING\\DRIVES\\VOLUME{509D0DCA-5840-11E6-A51E-806E6F6E6963}\\CURRENT MEDIA",
+                    "value_name": "Can Close"
+                },
+                {
+                    "hashes": [
+                        "2b307f42f7cf30065cce12063b3bcb8803a1e19d4aa73792f440b0f80c91fcf3",
+                        "4c044cec574a1b83c341b25e2b3febec0955e3d8163f3ecd3c3ccfff800f0608"
+                    ],
+                    "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\EXPLORER\\CD BURNING\\DRIVES\\VOLUME{509D0DCA-5840-11E6-A51E-806E6F6E6963}\\CURRENT MEDIA",
+                    "value_name": "Live FS"
+                },
+                {
+                    "hashes": [
+                        "2b307f42f7cf30065cce12063b3bcb8803a1e19d4aa73792f440b0f80c91fcf3",
+                        "4c044cec574a1b83c341b25e2b3febec0955e3d8163f3ecd3c3ccfff800f0608"
+                    ],
+                    "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\EXPLORER\\CD BURNING\\DRIVES\\VOLUME{509D0DCA-5840-11E6-A51E-806E6F6E6963}\\CURRENT MEDIA",
+                    "value_name": "Disc Label"
+                },
+                {
+                    "hashes": [
+                        "2b307f42f7cf30065cce12063b3bcb8803a1e19d4aa73792f440b0f80c91fcf3",
+                        "4c044cec574a1b83c341b25e2b3febec0955e3d8163f3ecd3c3ccfff800f0608"
+                    ],
+                    "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\EXPLORER\\CD BURNING\\DRIVES\\VOLUME{509D0DCA-5840-11E6-A51E-806E6F6E6963}\\CURRENT MEDIA",
+                    "value_name": "Set"
+                },
+                {
+                    "hashes": [
+                        "2b307f42f7cf30065cce12063b3bcb8803a1e19d4aa73792f440b0f80c91fcf3",
+                        "4c044cec574a1b83c341b25e2b3febec0955e3d8163f3ecd3c3ccfff800f0608"
+                    ],
+                    "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\HOMEGROUP\\UISTATUSCACHE",
+                    "value_name": "UIStatus"
+                },
+                {
+                    "hashes": [
+                        "2b307f42f7cf30065cce12063b3bcb8803a1e19d4aa73792f440b0f80c91fcf3",
+                        "4c044cec574a1b83c341b25e2b3febec0955e3d8163f3ecd3c3ccfff800f0608"
+                    ],
+                    "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\ACTION CENTER\\CHECKS\\{852FB1F8-5CC6-4567-9C0E-7C330F8807C2}.CHECK.101",
+                    "value_name": "CheckSetting"
+                },
+                {
+                    "hashes": [
+                        "2b307f42f7cf30065cce12063b3bcb8803a1e19d4aa73792f440b0f80c91fcf3",
+                        "4c044cec574a1b83c341b25e2b3febec0955e3d8163f3ecd3c3ccfff800f0608"
+                    ],
+                    "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\ENUM\\PCIIDE\\IDECHANNEL\\4&A27250A&0&2",
+                    "value_name": "CustomPropertyHwIdKey"
+                },
+                {
+                    "hashes": [
+                        "2b307f42f7cf30065cce12063b3bcb8803a1e19d4aa73792f440b0f80c91fcf3",
+                        "4c044cec574a1b83c341b25e2b3febec0955e3d8163f3ecd3c3ccfff800f0608"
+                    ],
+                    "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\ENUM\\USB\\VID_46F4&PID_0001\\1-0000:00:1D.7-2",
+                    "value_name": "CustomPropertyHwIdKey"
+                },
+                {
+                    "hashes": [
+                        "2b307f42f7cf30065cce12063b3bcb8803a1e19d4aa73792f440b0f80c91fcf3",
+                        "4c044cec574a1b83c341b25e2b3febec0955e3d8163f3ecd3c3ccfff800f0608"
+                    ],
+                    "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\ENUM\\PCI\\VEN_1AF4&DEV_1001&SUBSYS_00021AF4&REV_00\\3&2411E6FE&2&18",
+                    "value_name": "CustomPropertyHwIdKey"
+                },
+                {
+                    "hashes": [
+                        "2b307f42f7cf30065cce12063b3bcb8803a1e19d4aa73792f440b0f80c91fcf3",
+                        "4c044cec574a1b83c341b25e2b3febec0955e3d8163f3ecd3c3ccfff800f0608"
+                    ],
+                    "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\SYSTEMCERTIFICATES\\AUTHROOT\\CERTIFICATES\\DAC9024F54D8F6DF94935FB1732638CA6AD77C13",
+                    "value_name": "Blob"
+                },
+                {
+                    "hashes": [
+                        "2b307f42f7cf30065cce12063b3bcb8803a1e19d4aa73792f440b0f80c91fcf3",
+                        "4c044cec574a1b83c341b25e2b3febec0955e3d8163f3ecd3c3ccfff800f0608"
+                    ],
+                    "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\EXPLORER\\SESSIONINFO\\1\\LOGONSOUNDHASBEENPLAYED",
+                    "value_name": null
+                },
+                {
+                    "hashes": [
+                        "2b307f42f7cf30065cce12063b3bcb8803a1e19d4aa73792f440b0f80c91fcf3",
+                        "4c044cec574a1b83c341b25e2b3febec0955e3d8163f3ecd3c3ccfff800f0608"
+                    ],
+                    "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\EXPLORER\\CD BURNING\\DRIVES\\VOLUME{509D0DCA-5840-11E6-A51E-806E6F6E6963}\\CURRENT MEDIA",
+                    "value_name": null
+                },
+                {
+                    "hashes": [
+                        "2b307f42f7cf30065cce12063b3bcb8803a1e19d4aa73792f440b0f80c91fcf3",
+                        "4c044cec574a1b83c341b25e2b3febec0955e3d8163f3ecd3c3ccfff800f0608"
+                    ],
+                    "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\HOMEGROUP\\UISTATUSCACHE",
+                    "value_name": null
+                },
+                {
+                    "hashes": [
+                        "2b307f42f7cf30065cce12063b3bcb8803a1e19d4aa73792f440b0f80c91fcf3",
+                        "4c044cec574a1b83c341b25e2b3febec0955e3d8163f3ecd3c3ccfff800f0608"
+                    ],
+                    "key": "<HKCU>\\SOFTWARE\\APPDATALOW\\SOFTWARE\\MICROSOFT\\D35DC52E-16C9-7DED-B8B7-AA016CDB7EC5",
+                    "value_name": "Temp"
+                },
+                {
+                    "hashes": [
+                        "2b307f42f7cf30065cce12063b3bcb8803a1e19d4aa73792f440b0f80c91fcf3",
+                        "4c044cec574a1b83c341b25e2b3febec0955e3d8163f3ecd3c3ccfff800f0608"
+                    ],
+                    "key": "<HKCU>\\SOFTWARE\\APPDATALOW\\SOFTWARE\\MICROSOFT\\D35DC52E-16C9-7DED-B8B7-AA016CDB7EC5",
+                    "value_name": "Client"
+                },
+                {
+                    "hashes": [
+                        "2b307f42f7cf30065cce12063b3bcb8803a1e19d4aa73792f440b0f80c91fcf3",
+                        "4c044cec574a1b83c341b25e2b3febec0955e3d8163f3ecd3c3ccfff800f0608"
+                    ],
+                    "key": "<HKCU>\\SOFTWARE\\APPDATALOW\\SOFTWARE\\MICROSOFT\\D35DC52E-16C9-7DED-B8B7-AA016CDB7EC5",
+                    "value_name": null
+                },
+                {
+                    "hashes": [
+                        "2b307f42f7cf30065cce12063b3bcb8803a1e19d4aa73792f440b0f80c91fcf3",
+                        "4c044cec574a1b83c341b25e2b3febec0955e3d8163f3ecd3c3ccfff800f0608"
+                    ],
+                    "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS DEFENDER\\EXCLUSIONS\\PATHS",
+                    "value_name": "C:\\Users\\Administrator\\AppData\\Roaming\\d3d8dmrc.exe"
+                },
+                {
+                    "hashes": [
+                        "2b307f42f7cf30065cce12063b3bcb8803a1e19d4aa73792f440b0f80c91fcf3",
+                        "4c044cec574a1b83c341b25e2b3febec0955e3d8163f3ecd3c3ccfff800f0608"
+                    ],
+                    "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN",
+                    "value_name": "catsdtsh"
+                },
+                {
+                    "hashes": [
+                        "2b307f42f7cf30065cce12063b3bcb8803a1e19d4aa73792f440b0f80c91fcf3",
+                        "4c044cec574a1b83c341b25e2b3febec0955e3d8163f3ecd3c3ccfff800f0608"
+                    ],
+                    "key": "<HKCU>\\SOFTWARE\\APPDATALOW\\SOFTWARE\\MICROSOFT\\D35DC52E-16C9-7DED-B8B7-AA016CDB7EC5",
+                    "value_name": "Install"
+                },
+                {
+                    "hashes": [
+                        "2b307f42f7cf30065cce12063b3bcb8803a1e19d4aa73792f440b0f80c91fcf3",
+                        "4c044cec574a1b83c341b25e2b3febec0955e3d8163f3ecd3c3ccfff800f0608"
+                    ],
+                    "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\EXPLORER\\CD BURNING\\DRIVES\\VOLUME{509D0DCA-5840-11E6-A51E-806E6F6E6963}\\CURRENT MEDIA",
+                    "value_name": "TotalBytes"
+                }
+            ]
+        },
+        "reports_count": 25
+    },
+    "exprev": [
+        {
+            "count": 14879,
+            "description": "A PowerShell command with a very long command line argument that may indicate an obfuscated script has been detected. PowerShell is an extensible Windows scripting language present on all versions of Windows. Malware authors use PowerShell in an attempt to evade security software or other monitoring that is not tuned to detect PowerShell based threats.",
+            "name": "Excessively long PowerShell command detected"
+        },
+        {
+            "count": 7026,
+            "description": "DealPly is adware, which claims to improve your online shopping experience. It is often bundled into other legitimate installers and is difficult to uninstall. It creates pop-up advertisements and injects advertisements on webpages. Adware has also been known to download and install malware.",
+            "name": "Dealply adware detected"
+        },
+        {
+            "count": 4405,
+            "description": "An attempt to exploit CVE-2019-0708 has been detected. The vulnerability, dubbed BlueKeep, is a heap memory corruption which can be triggered by sending a specially crafted Remote Desktop Protocol (RDP) request. Since this vulnerability can be triggered without authentication and allows remote code execution, it can be used by worms to spread automatically without human interaction.",
+            "name": "CVE-2019-0708 detected"
+        },
+        {
+            "count": 1061,
+            "description": "Process hollowing is a technique used by some programs to avoid static analysis. In typical usage, a process is started and its obfuscated or encrypted contents are unpacked into memory. The parent then manually sets up the first stages of launching a child process, but before launching it, the memory is cleared and filled in with the memory from the parent instead.",
+            "name": "Process hollowing detected"
+        },
+        {
+            "count": 166,
+            "description": "Install core is an installer which bundles legitimate applications with offers for additional third-party applications that may be unwanted. The unwanted applications are often adware that display advertising in the form of popups or by injecting into browsers and adding or altering advertisements on webpages. Adware is known to sometimes download and install malware.",
+            "name": "Installcore adware detected"
+        },
+        {
+            "count": 158,
+            "description": "A process was injected into, most likely by an existing Kovter infection. Kovter is a click fraud Trojan that can also act as an information stealer. Kovter is also file-less malware meaning the malicious DLL is stored inside Windows registry and injected directly into memory using PowerShell. It can detect and report the usage of monitoring software such as wireshark and sandboxes to its C2. It spreads through malicious advertising and spam campaigns.",
+            "name": "Kovter injection detected"
+        },
+        {
+            "count": 84,
+            "description": "Gamarue is a family of malware that can download files and steal information from an infected system. Worm variants of the Gamarue family may spread by infecting USB drives or portable hard disks that have been plugged into a compromised system.",
+            "name": "Gamarue malware detected"
+        },
+        {
+            "count": 51,
+            "description": "IcedID is a banking Trojan. It uses both web browser injection and browser redirection to steal banking and/or other financial credentials and data. The features and sophistication of IcedID demonstrate the malware author's knowledge and technical skill for this kind of fraud, and suggest the authors have previous experience creating banking Trojans. IcedID has been observed being installed by Emotet or Ursnif. Systems infected with IcedID should also be scanned for additional malware infections.",
+            "name": "IcedID malware detected"
+        },
+        {
+            "count": 29,
+            "description": "A process associated with Microsoft Office, such as EXCEL.exe or WINWORD.exe, has started a Windows utility such as powershell.exe or cmd.exe. This is typical behavior of malicious documents executing additional scripts. This behavior is extremely suspicious and is associated with many malware different malware campaigns and families.",
+            "name": "A Microsoft Office process has started a windows utility."
+        },
+        {
+            "count": 22,
+            "description": "An exploit payload intended to connect back to an attacker controlled host using http has been detected.",
+            "name": "Reverse http payload detected"
+        },
+        {
+            "count": 19,
+            "description": "Special Search Offer adware displays unwanted advertising in the form of popups or by injecting into browsers and altering advertisements on webpages. Adware has also been known to download and install malware.",
+            "name": "Special Search Offer adware"
+        },
+        {
+            "count": 17,
+            "description": "Palikan is a potentially unwanted application (PUA), browser hijacker, a type of malware that most of the time does not explicitly or completely state its function or purpose. When is present on the system, it may change the default homepage, change the search engine, redirect traffic to malicious sites, install add-ons, extensions, or plug-ins, open unwanted windows or show advertising. Palikan commonly arrives as a file dropped by other malware or as a file downloaded unknowingly from a malicious site. It has also been closely associated with DealPly.",
+            "name": "Palikan browser hijacker detected"
+        },
+        {
+            "count": 11,
+            "description": "Corebot is a Trojan with many capabilities found in other prominent families. It features a plugin system to enable it to load a variety of features from the C&C server at any time. Known plugins include RAT capabilities such as taking desktop screenshots, as well as being able to intercept and modify browser communications and steal data, especially data related to banking.",
+            "name": "Corebot malware detected"
+        },
+        {
+            "count": 5,
+            "description": "Bluestacks adware displays unwanted advertising in the form of popups or by injecting into browsers and altering advertisements on webpages. Adware has also been known to download and install malware.",
+            "name": "Bluestacks adware detected"
+        },
+        {
+            "count": 5,
+            "description": "A PowerShell command was stored in an environment variable and run. The environment variable is commonly set by a previously run script and is used as a means of evasion. This behavior is a known tactic of the Kovter and Poweliks malware families.",
+            "name": "PowerShell file-less infection detected"
+        }
+    ],
+    "info": {
+        "origin": "Cisco Talos Intelligence Group",
+        "publication_date": "2020-06-05T16:24:08+00:00",
+        "version": "2.1",
+        "warning": "As a reminder, the information provided for the following threatsin this post is non-exhaustive and current as of the date ofpublication. Additionally, please keep in mind that IOC searchingis only one part of threat hunting. Spotting a single IOC does notnecessarily indicate maliciousness. Detection and coverage for thefollowing threats is subject to updates, pending additional threator vulnerability analysis. For the most current information, pleaserefer to your Firepower Management Center, Snort.org, or ClamAV.net."
+    },
+    "signatures": [
+        "Win.Trojan.Mikey-7914350-0",
+        "Win.Dropper.Barys-7914367-0",
+        "Win.Packed.Dridex-7914375-0",
+        "Win.Malware.Remcos-7914589-1",
+        "Win.Dropper.Emotet-7916286-0",
+        "Win.Packed.Tofsee-7916644-0",
+        "Win.Dropper.Kuluoz-7929761-0",
+        "Win.Dropper.DarkComet-7945051-0",
+        "Win.Packed.Shiz-7945013-0"
+    ]
+}