diff --git a/cyberops/mikey-trojan-threat-report.json b/cyberops/mikey-trojan-threat-report.json new file mode 100644 index 0000000..555896f --- /dev/null +++ b/cyberops/mikey-trojan-threat-report.json @@ -0,0 +1,20715 @@ +{ + "Win.Dropper.Barys-7914367-0": { + "bis": [ + { + "bi": "memory-execute-readwrite", + "hashes": [ + "5a34ed1857244c8c1db24c33d99280de595c31716c5c2650fb89a02d0e007632", + "c4365f20a5262b717f141f6e4af4958d9cd979b3ab4758d5a58fe899ea892c11", + "8dc69ab4615fb72cab03f7d490b47306a2372c3d72276daf0ef612499ea6343e", + "2259bc8ed872c70e64ee804e160494f9acb12417dbf39f4a8bb5352e3b73ff13", + "d41efc56e54ea0cc084306de7ac3e59c6c1083f750fc0889ce2ff4f8256d3686", + "8d4f1f8ec2f80e3933d413dc09f465c89cbdd9a2b9202780bac38ff2c58e13e5", + "8f52892f0c32bac7f505ed309c10b31b1b73465c14b03e1ac88bf02d8aab2e8c", + "ea876d3f251fd879bd4faef4c8129ab9ecfb4c896c5aac8061a831fdd088a7fc", + "6bbc68bb4c39f1e5879e30480115e961dc820aa418a6ee2ac96f5f1f6d0d603f", + "70da214ecceaad1c065f11fbd9e998d8a44289388cbb01f6aba8c12d768dcc9a", + "40e890d1e2c5341100cd769f5beb28b9ed2521dcce0142f20857e21460965b67", + "9e4b64ec986be184f84bc69074e6bc420cef02528eaca2cbd6eeaa6ea024d7a8", + "f4d7d34a60e168bfcf7acc2d1e5e1384610df60d2677017dd26356f7baca8466", + "55bac2e92e272bb455f85f8f60be34bfed008c356a16ba3a2bc114ce965f28b1", + "9cf889bb69ad79c0412ee0094b92a9b53d6ab77cc9d8242fd30b6e50f63be8d2", + "2af96cfcadd6f35896178900875a7eec7e9c06a33c36b4d12024db11af26106b", + "3f2528f499f50cb6bad87bdb60a582bfcb64683545c743ccb40830915bd23c47", + "ae131fd38c89b6548c95a647250c2448610d2b546547e8d1fbb4e02e8ae3cfab", + "fc1384c6fd798650826a73ec659919fb1f90d3ff2ff9749ac2ac1bf075fa6fa0" + ], + "mitre_attack_tags": [ + "TA0005", + "TA0004", + "T1055", + "T1181" + ] + }, + { + "bi": "antivirus-service-flagged-artifact", + "hashes": [ + "5a34ed1857244c8c1db24c33d99280de595c31716c5c2650fb89a02d0e007632", + "c4365f20a5262b717f141f6e4af4958d9cd979b3ab4758d5a58fe899ea892c11", + "8dc69ab4615fb72cab03f7d490b47306a2372c3d72276daf0ef612499ea6343e", + "2259bc8ed872c70e64ee804e160494f9acb12417dbf39f4a8bb5352e3b73ff13", + "d41efc56e54ea0cc084306de7ac3e59c6c1083f750fc0889ce2ff4f8256d3686", + "8d4f1f8ec2f80e3933d413dc09f465c89cbdd9a2b9202780bac38ff2c58e13e5", + "8f52892f0c32bac7f505ed309c10b31b1b73465c14b03e1ac88bf02d8aab2e8c", + "ea876d3f251fd879bd4faef4c8129ab9ecfb4c896c5aac8061a831fdd088a7fc", + "6bbc68bb4c39f1e5879e30480115e961dc820aa418a6ee2ac96f5f1f6d0d603f", + "70da214ecceaad1c065f11fbd9e998d8a44289388cbb01f6aba8c12d768dcc9a", + "40e890d1e2c5341100cd769f5beb28b9ed2521dcce0142f20857e21460965b67", + "9e4b64ec986be184f84bc69074e6bc420cef02528eaca2cbd6eeaa6ea024d7a8", + "f4d7d34a60e168bfcf7acc2d1e5e1384610df60d2677017dd26356f7baca8466", + "55bac2e92e272bb455f85f8f60be34bfed008c356a16ba3a2bc114ce965f28b1", + "9cf889bb69ad79c0412ee0094b92a9b53d6ab77cc9d8242fd30b6e50f63be8d2", + "2af96cfcadd6f35896178900875a7eec7e9c06a33c36b4d12024db11af26106b", + "3f2528f499f50cb6bad87bdb60a582bfcb64683545c743ccb40830915bd23c47", + "ae131fd38c89b6548c95a647250c2448610d2b546547e8d1fbb4e02e8ae3cfab", + "fc1384c6fd798650826a73ec659919fb1f90d3ff2ff9749ac2ac1bf075fa6fa0" + ], + "mitre_attack_tags": [] + }, + { + "bi": "pe-invalid-checksum", + "hashes": [ + "5a34ed1857244c8c1db24c33d99280de595c31716c5c2650fb89a02d0e007632", + "c4365f20a5262b717f141f6e4af4958d9cd979b3ab4758d5a58fe899ea892c11", + "8dc69ab4615fb72cab03f7d490b47306a2372c3d72276daf0ef612499ea6343e", + "2259bc8ed872c70e64ee804e160494f9acb12417dbf39f4a8bb5352e3b73ff13", + "d41efc56e54ea0cc084306de7ac3e59c6c1083f750fc0889ce2ff4f8256d3686", + "8d4f1f8ec2f80e3933d413dc09f465c89cbdd9a2b9202780bac38ff2c58e13e5", + "8f52892f0c32bac7f505ed309c10b31b1b73465c14b03e1ac88bf02d8aab2e8c", + "ea876d3f251fd879bd4faef4c8129ab9ecfb4c896c5aac8061a831fdd088a7fc", + "6bbc68bb4c39f1e5879e30480115e961dc820aa418a6ee2ac96f5f1f6d0d603f", + "70da214ecceaad1c065f11fbd9e998d8a44289388cbb01f6aba8c12d768dcc9a", + "40e890d1e2c5341100cd769f5beb28b9ed2521dcce0142f20857e21460965b67", + "9e4b64ec986be184f84bc69074e6bc420cef02528eaca2cbd6eeaa6ea024d7a8", + "f4d7d34a60e168bfcf7acc2d1e5e1384610df60d2677017dd26356f7baca8466", + "55bac2e92e272bb455f85f8f60be34bfed008c356a16ba3a2bc114ce965f28b1", + "9cf889bb69ad79c0412ee0094b92a9b53d6ab77cc9d8242fd30b6e50f63be8d2", + "2af96cfcadd6f35896178900875a7eec7e9c06a33c36b4d12024db11af26106b", + "3f2528f499f50cb6bad87bdb60a582bfcb64683545c743ccb40830915bd23c47", + "ae131fd38c89b6548c95a647250c2448610d2b546547e8d1fbb4e02e8ae3cfab", + "fc1384c6fd798650826a73ec659919fb1f90d3ff2ff9749ac2ac1bf075fa6fa0" + ], + "mitre_attack_tags": [] + }, + { + "bi": "cta-static-analyzer-malicious", + "hashes": [ + "5a34ed1857244c8c1db24c33d99280de595c31716c5c2650fb89a02d0e007632", + "c4365f20a5262b717f141f6e4af4958d9cd979b3ab4758d5a58fe899ea892c11", + "8dc69ab4615fb72cab03f7d490b47306a2372c3d72276daf0ef612499ea6343e", + "2259bc8ed872c70e64ee804e160494f9acb12417dbf39f4a8bb5352e3b73ff13", + "d41efc56e54ea0cc084306de7ac3e59c6c1083f750fc0889ce2ff4f8256d3686", + "8d4f1f8ec2f80e3933d413dc09f465c89cbdd9a2b9202780bac38ff2c58e13e5", + "8f52892f0c32bac7f505ed309c10b31b1b73465c14b03e1ac88bf02d8aab2e8c", + "ea876d3f251fd879bd4faef4c8129ab9ecfb4c896c5aac8061a831fdd088a7fc", + "6bbc68bb4c39f1e5879e30480115e961dc820aa418a6ee2ac96f5f1f6d0d603f", + "70da214ecceaad1c065f11fbd9e998d8a44289388cbb01f6aba8c12d768dcc9a", + "40e890d1e2c5341100cd769f5beb28b9ed2521dcce0142f20857e21460965b67", + "9e4b64ec986be184f84bc69074e6bc420cef02528eaca2cbd6eeaa6ea024d7a8", + "f4d7d34a60e168bfcf7acc2d1e5e1384610df60d2677017dd26356f7baca8466", + "55bac2e92e272bb455f85f8f60be34bfed008c356a16ba3a2bc114ce965f28b1", + "9cf889bb69ad79c0412ee0094b92a9b53d6ab77cc9d8242fd30b6e50f63be8d2", + "2af96cfcadd6f35896178900875a7eec7e9c06a33c36b4d12024db11af26106b", + "3f2528f499f50cb6bad87bdb60a582bfcb64683545c743ccb40830915bd23c47", + "ae131fd38c89b6548c95a647250c2448610d2b546547e8d1fbb4e02e8ae3cfab", + "fc1384c6fd798650826a73ec659919fb1f90d3ff2ff9749ac2ac1bf075fa6fa0" + ], + "mitre_attack_tags": [] + }, + { + "bi": "artifact-flagged-anomaly", + "hashes": [ + "5a34ed1857244c8c1db24c33d99280de595c31716c5c2650fb89a02d0e007632", + "c4365f20a5262b717f141f6e4af4958d9cd979b3ab4758d5a58fe899ea892c11", + "8dc69ab4615fb72cab03f7d490b47306a2372c3d72276daf0ef612499ea6343e", + "2259bc8ed872c70e64ee804e160494f9acb12417dbf39f4a8bb5352e3b73ff13", + "d41efc56e54ea0cc084306de7ac3e59c6c1083f750fc0889ce2ff4f8256d3686", + "8d4f1f8ec2f80e3933d413dc09f465c89cbdd9a2b9202780bac38ff2c58e13e5", + "8f52892f0c32bac7f505ed309c10b31b1b73465c14b03e1ac88bf02d8aab2e8c", + "ea876d3f251fd879bd4faef4c8129ab9ecfb4c896c5aac8061a831fdd088a7fc", + "6bbc68bb4c39f1e5879e30480115e961dc820aa418a6ee2ac96f5f1f6d0d603f", + "70da214ecceaad1c065f11fbd9e998d8a44289388cbb01f6aba8c12d768dcc9a", + "40e890d1e2c5341100cd769f5beb28b9ed2521dcce0142f20857e21460965b67", + "9e4b64ec986be184f84bc69074e6bc420cef02528eaca2cbd6eeaa6ea024d7a8", + "f4d7d34a60e168bfcf7acc2d1e5e1384610df60d2677017dd26356f7baca8466", + "55bac2e92e272bb455f85f8f60be34bfed008c356a16ba3a2bc114ce965f28b1", + "9cf889bb69ad79c0412ee0094b92a9b53d6ab77cc9d8242fd30b6e50f63be8d2", + "2af96cfcadd6f35896178900875a7eec7e9c06a33c36b4d12024db11af26106b", + "3f2528f499f50cb6bad87bdb60a582bfcb64683545c743ccb40830915bd23c47", + "ae131fd38c89b6548c95a647250c2448610d2b546547e8d1fbb4e02e8ae3cfab", + "fc1384c6fd798650826a73ec659919fb1f90d3ff2ff9749ac2ac1bf075fa6fa0" + ], + "mitre_attack_tags": [ + "TA0005", + "T1027" + ] + }, + { + "bi": "pe-resource-lang-spanish", + "hashes": [ + "5a34ed1857244c8c1db24c33d99280de595c31716c5c2650fb89a02d0e007632", + "c4365f20a5262b717f141f6e4af4958d9cd979b3ab4758d5a58fe899ea892c11", + "8dc69ab4615fb72cab03f7d490b47306a2372c3d72276daf0ef612499ea6343e", + "2259bc8ed872c70e64ee804e160494f9acb12417dbf39f4a8bb5352e3b73ff13", + "d41efc56e54ea0cc084306de7ac3e59c6c1083f750fc0889ce2ff4f8256d3686", + "8d4f1f8ec2f80e3933d413dc09f465c89cbdd9a2b9202780bac38ff2c58e13e5", + "8f52892f0c32bac7f505ed309c10b31b1b73465c14b03e1ac88bf02d8aab2e8c", + "ea876d3f251fd879bd4faef4c8129ab9ecfb4c896c5aac8061a831fdd088a7fc", + "6bbc68bb4c39f1e5879e30480115e961dc820aa418a6ee2ac96f5f1f6d0d603f", + "70da214ecceaad1c065f11fbd9e998d8a44289388cbb01f6aba8c12d768dcc9a", + "40e890d1e2c5341100cd769f5beb28b9ed2521dcce0142f20857e21460965b67", + "9e4b64ec986be184f84bc69074e6bc420cef02528eaca2cbd6eeaa6ea024d7a8", + "f4d7d34a60e168bfcf7acc2d1e5e1384610df60d2677017dd26356f7baca8466", + "55bac2e92e272bb455f85f8f60be34bfed008c356a16ba3a2bc114ce965f28b1", + "9cf889bb69ad79c0412ee0094b92a9b53d6ab77cc9d8242fd30b6e50f63be8d2", + "2af96cfcadd6f35896178900875a7eec7e9c06a33c36b4d12024db11af26106b", + "3f2528f499f50cb6bad87bdb60a582bfcb64683545c743ccb40830915bd23c47", + "ae131fd38c89b6548c95a647250c2448610d2b546547e8d1fbb4e02e8ae3cfab", + "fc1384c6fd798650826a73ec659919fb1f90d3ff2ff9749ac2ac1bf075fa6fa0" + ], + "mitre_attack_tags": [] + }, + { + "bi": "excessive-foreign-memory-modification", + "hashes": [ + "5a34ed1857244c8c1db24c33d99280de595c31716c5c2650fb89a02d0e007632", + "c4365f20a5262b717f141f6e4af4958d9cd979b3ab4758d5a58fe899ea892c11", + "8dc69ab4615fb72cab03f7d490b47306a2372c3d72276daf0ef612499ea6343e", + "d41efc56e54ea0cc084306de7ac3e59c6c1083f750fc0889ce2ff4f8256d3686", + "8d4f1f8ec2f80e3933d413dc09f465c89cbdd9a2b9202780bac38ff2c58e13e5", + "8f52892f0c32bac7f505ed309c10b31b1b73465c14b03e1ac88bf02d8aab2e8c", + "ea876d3f251fd879bd4faef4c8129ab9ecfb4c896c5aac8061a831fdd088a7fc", + "6bbc68bb4c39f1e5879e30480115e961dc820aa418a6ee2ac96f5f1f6d0d603f", + "70da214ecceaad1c065f11fbd9e998d8a44289388cbb01f6aba8c12d768dcc9a", + "40e890d1e2c5341100cd769f5beb28b9ed2521dcce0142f20857e21460965b67", + "9e4b64ec986be184f84bc69074e6bc420cef02528eaca2cbd6eeaa6ea024d7a8", + "f4d7d34a60e168bfcf7acc2d1e5e1384610df60d2677017dd26356f7baca8466", + "55bac2e92e272bb455f85f8f60be34bfed008c356a16ba3a2bc114ce965f28b1", + "2af96cfcadd6f35896178900875a7eec7e9c06a33c36b4d12024db11af26106b", + "3f2528f499f50cb6bad87bdb60a582bfcb64683545c743ccb40830915bd23c47", + "fc1384c6fd798650826a73ec659919fb1f90d3ff2ff9749ac2ac1bf075fa6fa0" + ], + "mitre_attack_tags": [ + "TA0005", + "T1055" + ] + }, + { + "bi": "sample-launched-copy-of-self", + "hashes": [ + "5a34ed1857244c8c1db24c33d99280de595c31716c5c2650fb89a02d0e007632", + "c4365f20a5262b717f141f6e4af4958d9cd979b3ab4758d5a58fe899ea892c11", + "8dc69ab4615fb72cab03f7d490b47306a2372c3d72276daf0ef612499ea6343e", + "d41efc56e54ea0cc084306de7ac3e59c6c1083f750fc0889ce2ff4f8256d3686", + "8d4f1f8ec2f80e3933d413dc09f465c89cbdd9a2b9202780bac38ff2c58e13e5", + "8f52892f0c32bac7f505ed309c10b31b1b73465c14b03e1ac88bf02d8aab2e8c", + "ea876d3f251fd879bd4faef4c8129ab9ecfb4c896c5aac8061a831fdd088a7fc", + "6bbc68bb4c39f1e5879e30480115e961dc820aa418a6ee2ac96f5f1f6d0d603f", + "70da214ecceaad1c065f11fbd9e998d8a44289388cbb01f6aba8c12d768dcc9a", + "40e890d1e2c5341100cd769f5beb28b9ed2521dcce0142f20857e21460965b67", + "9e4b64ec986be184f84bc69074e6bc420cef02528eaca2cbd6eeaa6ea024d7a8", + "f4d7d34a60e168bfcf7acc2d1e5e1384610df60d2677017dd26356f7baca8466", + "55bac2e92e272bb455f85f8f60be34bfed008c356a16ba3a2bc114ce965f28b1", + "2af96cfcadd6f35896178900875a7eec7e9c06a33c36b4d12024db11af26106b", + "3f2528f499f50cb6bad87bdb60a582bfcb64683545c743ccb40830915bd23c47" + ], + "mitre_attack_tags": [ + "TA0005", + "T1202" + ] + }, + { + "bi": "modified-file-in-user-dir", + "hashes": [ + "5a34ed1857244c8c1db24c33d99280de595c31716c5c2650fb89a02d0e007632", + "8dc69ab4615fb72cab03f7d490b47306a2372c3d72276daf0ef612499ea6343e", + "2259bc8ed872c70e64ee804e160494f9acb12417dbf39f4a8bb5352e3b73ff13", + "8f52892f0c32bac7f505ed309c10b31b1b73465c14b03e1ac88bf02d8aab2e8c", + "70da214ecceaad1c065f11fbd9e998d8a44289388cbb01f6aba8c12d768dcc9a", + "9e4b64ec986be184f84bc69074e6bc420cef02528eaca2cbd6eeaa6ea024d7a8", + "55bac2e92e272bb455f85f8f60be34bfed008c356a16ba3a2bc114ce965f28b1", + "ae131fd38c89b6548c95a647250c2448610d2b546547e8d1fbb4e02e8ae3cfab", + "fc1384c6fd798650826a73ec659919fb1f90d3ff2ff9749ac2ac1bf075fa6fa0" + ], + "mitre_attack_tags": [] + }, + { + "bi": "malware-darkcomet-mutex-detected", + "hashes": [ + "5a34ed1857244c8c1db24c33d99280de595c31716c5c2650fb89a02d0e007632", + "c4365f20a5262b717f141f6e4af4958d9cd979b3ab4758d5a58fe899ea892c11", + "ea876d3f251fd879bd4faef4c8129ab9ecfb4c896c5aac8061a831fdd088a7fc", + "40e890d1e2c5341100cd769f5beb28b9ed2521dcce0142f20857e21460965b67", + "f4d7d34a60e168bfcf7acc2d1e5e1384610df60d2677017dd26356f7baca8466", + "3f2528f499f50cb6bad87bdb60a582bfcb64683545c743ccb40830915bd23c47" + ], + "mitre_attack_tags": [] + }, + { + "bi": "modified-executable", + "hashes": [ + "5a34ed1857244c8c1db24c33d99280de595c31716c5c2650fb89a02d0e007632", + "70da214ecceaad1c065f11fbd9e998d8a44289388cbb01f6aba8c12d768dcc9a", + "9e4b64ec986be184f84bc69074e6bc420cef02528eaca2cbd6eeaa6ea024d7a8", + "55bac2e92e272bb455f85f8f60be34bfed008c356a16ba3a2bc114ce965f28b1", + "fc1384c6fd798650826a73ec659919fb1f90d3ff2ff9749ac2ac1bf075fa6fa0" + ], + "mitre_attack_tags": [] + }, + { + "bi": "process-requested-softice", + "hashes": [ + "c4365f20a5262b717f141f6e4af4958d9cd979b3ab4758d5a58fe899ea892c11", + "ea876d3f251fd879bd4faef4c8129ab9ecfb4c896c5aac8061a831fdd088a7fc", + "40e890d1e2c5341100cd769f5beb28b9ed2521dcce0142f20857e21460965b67", + "f4d7d34a60e168bfcf7acc2d1e5e1384610df60d2677017dd26356f7baca8466", + "3f2528f499f50cb6bad87bdb60a582bfcb64683545c743ccb40830915bd23c47" + ], + "mitre_attack_tags": [ + "TA0007", + "T1497" + ] + }, + { + "bi": "network-fast-flux-nameserver", + "hashes": [ + "5a34ed1857244c8c1db24c33d99280de595c31716c5c2650fb89a02d0e007632", + "8f52892f0c32bac7f505ed309c10b31b1b73465c14b03e1ac88bf02d8aab2e8c", + "55bac2e92e272bb455f85f8f60be34bfed008c356a16ba3a2bc114ce965f28b1", + "fc1384c6fd798650826a73ec659919fb1f90d3ff2ff9749ac2ac1bf075fa6fa0" + ], + "mitre_attack_tags": [] + }, + { + "bi": "windows-crash-tool-execution-detected", + "hashes": [ + "5a34ed1857244c8c1db24c33d99280de595c31716c5c2650fb89a02d0e007632", + "2259bc8ed872c70e64ee804e160494f9acb12417dbf39f4a8bb5352e3b73ff13", + "9e4b64ec986be184f84bc69074e6bc420cef02528eaca2cbd6eeaa6ea024d7a8", + "ae131fd38c89b6548c95a647250c2448610d2b546547e8d1fbb4e02e8ae3cfab" + ], + "mitre_attack_tags": [] + }, + { + "bi": "crash-dump-file-created", + "hashes": [ + "5a34ed1857244c8c1db24c33d99280de595c31716c5c2650fb89a02d0e007632", + "2259bc8ed872c70e64ee804e160494f9acb12417dbf39f4a8bb5352e3b73ff13", + "9e4b64ec986be184f84bc69074e6bc420cef02528eaca2cbd6eeaa6ea024d7a8", + "ae131fd38c89b6548c95a647250c2448610d2b546547e8d1fbb4e02e8ae3cfab" + ], + "mitre_attack_tags": [] + }, + { + "bi": "fault-report-file-created", + "hashes": [ + "5a34ed1857244c8c1db24c33d99280de595c31716c5c2650fb89a02d0e007632", + "2259bc8ed872c70e64ee804e160494f9acb12417dbf39f4a8bb5352e3b73ff13", + "9e4b64ec986be184f84bc69074e6bc420cef02528eaca2cbd6eeaa6ea024d7a8", + "ae131fd38c89b6548c95a647250c2448610d2b546547e8d1fbb4e02e8ae3cfab" + ], + "mitre_attack_tags": [] + }, + { + "bi": "network-dns-safe-categories", + "hashes": [ + "5a34ed1857244c8c1db24c33d99280de595c31716c5c2650fb89a02d0e007632", + "8f52892f0c32bac7f505ed309c10b31b1b73465c14b03e1ac88bf02d8aab2e8c", + "55bac2e92e272bb455f85f8f60be34bfed008c356a16ba3a2bc114ce965f28b1", + "fc1384c6fd798650826a73ec659919fb1f90d3ff2ff9749ac2ac1bf075fa6fa0" + ], + "mitre_attack_tags": [] + }, + { + "bi": "process-hollowing-detected", + "hashes": [ + "d41efc56e54ea0cc084306de7ac3e59c6c1083f750fc0889ce2ff4f8256d3686", + "8d4f1f8ec2f80e3933d413dc09f465c89cbdd9a2b9202780bac38ff2c58e13e5", + "6bbc68bb4c39f1e5879e30480115e961dc820aa418a6ee2ac96f5f1f6d0d603f", + "40e890d1e2c5341100cd769f5beb28b9ed2521dcce0142f20857e21460965b67" + ], + "mitre_attack_tags": [ + "TA0005", + "T1093" + ] + }, + { + "bi": "registry-autorun-key-modified", + "hashes": [ + "5a34ed1857244c8c1db24c33d99280de595c31716c5c2650fb89a02d0e007632", + "55bac2e92e272bb455f85f8f60be34bfed008c356a16ba3a2bc114ce965f28b1", + "fc1384c6fd798650826a73ec659919fb1f90d3ff2ff9749ac2ac1bf075fa6fa0" + ], + "mitre_attack_tags": [ + "TA0003", + "T1060" + ] + }, + { + "bi": "modified-file-in-system-dir", + "hashes": [ + "5a34ed1857244c8c1db24c33d99280de595c31716c5c2650fb89a02d0e007632", + "70da214ecceaad1c065f11fbd9e998d8a44289388cbb01f6aba8c12d768dcc9a", + "55bac2e92e272bb455f85f8f60be34bfed008c356a16ba3a2bc114ce965f28b1" + ], + "mitre_attack_tags": [] + }, + { + "bi": "registry-activesetup-key-modified", + "hashes": [ + "5a34ed1857244c8c1db24c33d99280de595c31716c5c2650fb89a02d0e007632", + "55bac2e92e272bb455f85f8f60be34bfed008c356a16ba3a2bc114ce965f28b1", + "fc1384c6fd798650826a73ec659919fb1f90d3ff2ff9749ac2ac1bf075fa6fa0" + ], + "mitre_attack_tags": [ + "TA0003", + "T1060" + ] + }, + { + "bi": "feed-domain-antivirus-service", + "hashes": [ + "8dc69ab4615fb72cab03f7d490b47306a2372c3d72276daf0ef612499ea6343e", + "d41efc56e54ea0cc084306de7ac3e59c6c1083f750fc0889ce2ff4f8256d3686", + "fc1384c6fd798650826a73ec659919fb1f90d3ff2ff9749ac2ac1bf075fa6fa0" + ], + "mitre_attack_tags": [] + }, + { + "bi": "process-svchost-suspicious-launch", + "hashes": [ + "8d4f1f8ec2f80e3933d413dc09f465c89cbdd9a2b9202780bac38ff2c58e13e5", + "6bbc68bb4c39f1e5879e30480115e961dc820aa418a6ee2ac96f5f1f6d0d603f", + "fc1384c6fd798650826a73ec659919fb1f90d3ff2ff9749ac2ac1bf075fa6fa0" + ], + "mitre_attack_tags": [ + "TA0005" + ] + }, + { + "bi": "malware-compound-cta-activity", + "hashes": [ + "8d4f1f8ec2f80e3933d413dc09f465c89cbdd9a2b9202780bac38ff2c58e13e5", + "6bbc68bb4c39f1e5879e30480115e961dc820aa418a6ee2ac96f5f1f6d0d603f", + "fc1384c6fd798650826a73ec659919fb1f90d3ff2ff9749ac2ac1bf075fa6fa0" + ], + "mitre_attack_tags": [] + }, + { + "bi": "created-executable-in-user-dir", + "hashes": [ + "70da214ecceaad1c065f11fbd9e998d8a44289388cbb01f6aba8c12d768dcc9a", + "9e4b64ec986be184f84bc69074e6bc420cef02528eaca2cbd6eeaa6ea024d7a8", + "fc1384c6fd798650826a73ec659919fb1f90d3ff2ff9749ac2ac1bf075fa6fa0" + ], + "mitre_attack_tags": [] + }, + { + "bi": "network-dns-category-dynamic", + "hashes": [ + "5a34ed1857244c8c1db24c33d99280de595c31716c5c2650fb89a02d0e007632", + "55bac2e92e272bb455f85f8f60be34bfed008c356a16ba3a2bc114ce965f28b1" + ], + "mitre_attack_tags": [] + }, + { + "bi": "deleted-submitted-file", + "hashes": [ + "5a34ed1857244c8c1db24c33d99280de595c31716c5c2650fb89a02d0e007632", + "fc1384c6fd798650826a73ec659919fb1f90d3ff2ff9749ac2ac1bf075fa6fa0" + ], + "mitre_attack_tags": [ + "TA0005", + "T1107" + ] + }, + { + "bi": "registry-autorun-key-system-dir", + "hashes": [ + "5a34ed1857244c8c1db24c33d99280de595c31716c5c2650fb89a02d0e007632", + "55bac2e92e272bb455f85f8f60be34bfed008c356a16ba3a2bc114ce965f28b1" + ], + "mitre_attack_tags": [ + "TA0003", + "T1060" + ] + }, + { + "bi": "process-explorer-suspicious-launch", + "hashes": [ + "5a34ed1857244c8c1db24c33d99280de595c31716c5c2650fb89a02d0e007632", + "fc1384c6fd798650826a73ec659919fb1f90d3ff2ff9749ac2ac1bf075fa6fa0" + ], + "mitre_attack_tags": [ + "TA0005", + "T1055" + ] + }, + { + "bi": "dns-query-nxdomain", + "hashes": [ + "d41efc56e54ea0cc084306de7ac3e59c6c1083f750fc0889ce2ff4f8256d3686", + "fc1384c6fd798650826a73ec659919fb1f90d3ff2ff9749ac2ac1bf075fa6fa0" + ], + "mitre_attack_tags": [] + }, + { + "bi": "malware-trojan-xtreme-rat-registry-key", + "hashes": [ + "8d4f1f8ec2f80e3933d413dc09f465c89cbdd9a2b9202780bac38ff2c58e13e5", + "6bbc68bb4c39f1e5879e30480115e961dc820aa418a6ee2ac96f5f1f6d0d603f" + ], + "mitre_attack_tags": [] + }, + { + "bi": "antivirus-flagged-artifact", + "hashes": [ + "8f52892f0c32bac7f505ed309c10b31b1b73465c14b03e1ac88bf02d8aab2e8c", + "70da214ecceaad1c065f11fbd9e998d8a44289388cbb01f6aba8c12d768dcc9a" + ], + "mitre_attack_tags": [] + }, + { + "bi": "dns-dynamic-domain", + "hashes": [ + "8f52892f0c32bac7f505ed309c10b31b1b73465c14b03e1ac88bf02d8aab2e8c", + "fc1384c6fd798650826a73ec659919fb1f90d3ff2ff9749ac2ac1bf075fa6fa0" + ], + "mitre_attack_tags": [ + "TA0011", + "TA0005" + ] + }, + { + "bi": "malware-known-trojan-av", + "hashes": [ + "8f52892f0c32bac7f505ed309c10b31b1b73465c14b03e1ac88bf02d8aab2e8c", + "70da214ecceaad1c065f11fbd9e998d8a44289388cbb01f6aba8c12d768dcc9a" + ], + "mitre_attack_tags": [] + }, + { + "bi": "disables-security-center-notifications", + "hashes": [ + "8f52892f0c32bac7f505ed309c10b31b1b73465c14b03e1ac88bf02d8aab2e8c", + "70da214ecceaad1c065f11fbd9e998d8a44289388cbb01f6aba8c12d768dcc9a" + ], + "mitre_attack_tags": [ + "TA0005", + "T1089" + ] + }, + { + "bi": "potential-registry-persistence", + "hashes": [ + "55bac2e92e272bb455f85f8f60be34bfed008c356a16ba3a2bc114ce965f28b1", + "fc1384c6fd798650826a73ec659919fb1f90d3ff2ff9749ac2ac1bf075fa6fa0" + ], + "mitre_attack_tags": [] + }, + { + "bi": "process-with-multiple-children", + "hashes": [ + "55bac2e92e272bb455f85f8f60be34bfed008c356a16ba3a2bc114ce965f28b1", + "fc1384c6fd798650826a73ec659919fb1f90d3ff2ff9749ac2ac1bf075fa6fa0" + ], + "mitre_attack_tags": [ + "TA0005" + ] + }, + { + "bi": "malware-xtreme-rat-default-mutex-detected", + "hashes": [ + "55bac2e92e272bb455f85f8f60be34bfed008c356a16ba3a2bc114ce965f28b1", + "fc1384c6fd798650826a73ec659919fb1f90d3ff2ff9749ac2ac1bf075fa6fa0" + ], + "mitre_attack_tags": [] + }, + { + "bi": "artifact-flagged-obfuscation", + "hashes": [ + "8dc69ab4615fb72cab03f7d490b47306a2372c3d72276daf0ef612499ea6343e" + ], + "mitre_attack_tags": [ + "TA0005", + "T1027" + ] + }, + { + "bi": "process-long-cmdline", + "hashes": [ + "8dc69ab4615fb72cab03f7d490b47306a2372c3d72276daf0ef612499ea6343e" + ], + "mitre_attack_tags": [ + "TA0005", + "T1027" + ] + }, + { + "bi": "network-fast-flux-domain", + "hashes": [ + "8dc69ab4615fb72cab03f7d490b47306a2372c3d72276daf0ef612499ea6343e" + ], + "mitre_attack_tags": [] + }, + { + "bi": "network-communications-http-get", + "hashes": [ + "8dc69ab4615fb72cab03f7d490b47306a2372c3d72276daf0ef612499ea6343e" + ], + "mitre_attack_tags": [ + "TA0011", + "TA0010", + "T1105", + "T1043" + ] + }, + { + "bi": "network-snort-protocol", + "hashes": [ + "8dc69ab4615fb72cab03f7d490b47306a2372c3d72276daf0ef612499ea6343e" + ], + "mitre_attack_tags": [] + }, + { + "bi": "dns-excessive-domain-queries", + "hashes": [ + "8dc69ab4615fb72cab03f7d490b47306a2372c3d72276daf0ef612499ea6343e" + ], + "mitre_attack_tags": [ + "TA0011", + "T1008" + ] + }, + { + "bi": "network-only-safe-domains-contacted", + "hashes": [ + "8dc69ab4615fb72cab03f7d490b47306a2372c3d72276daf0ef612499ea6343e" + ], + "mitre_attack_tags": [] + }, + { + "bi": "network-file-downloaded-to-disk", + "hashes": [ + "8dc69ab4615fb72cab03f7d490b47306a2372c3d72276daf0ef612499ea6343e" + ], + "mitre_attack_tags": [] + }, + { + "bi": "http-response-redirect", + "hashes": [ + "8dc69ab4615fb72cab03f7d490b47306a2372c3d72276daf0ef612499ea6343e" + ], + "mitre_attack_tags": [] + }, + { + "bi": "url-not-found", + "hashes": [ + "8dc69ab4615fb72cab03f7d490b47306a2372c3d72276daf0ef612499ea6343e" + ], + "mitre_attack_tags": [] + }, + { + "bi": "script-contains-url", + "hashes": [ + "8dc69ab4615fb72cab03f7d490b47306a2372c3d72276daf0ef612499ea6343e" + ], + "mitre_attack_tags": [] + }, + { + "bi": "js-uses-fromcharcode", + "hashes": [ + "8dc69ab4615fb72cab03f7d490b47306a2372c3d72276daf0ef612499ea6343e" + ], + "mitre_attack_tags": [ + "TA0005", + "T1027" + ] + }, + { + "bi": "js-calls-activex-object", + "hashes": [ + "8dc69ab4615fb72cab03f7d490b47306a2372c3d72276daf0ef612499ea6343e" + ], + "mitre_attack_tags": [ + "TA0005", + "T1202" + ] + }, + { + "bi": "js-uses-eval", + "hashes": [ + "8dc69ab4615fb72cab03f7d490b47306a2372c3d72276daf0ef612499ea6343e" + ], + "mitre_attack_tags": [ + "TA0005", + "T1027" + ] + }, + { + "bi": "js-contains-massive-strings", + "hashes": [ + "8dc69ab4615fb72cab03f7d490b47306a2372c3d72276daf0ef612499ea6343e" + ], + "mitre_attack_tags": [ + "TA0005", + "T1027" + ] + }, + { + "bi": "js-uses-encrypt-decrypt", + "hashes": [ + "8dc69ab4615fb72cab03f7d490b47306a2372c3d72276daf0ef612499ea6343e" + ], + "mitre_attack_tags": [ + "TA0005", + "T1027" + ] + }, + { + "bi": "html-small-file-redirect", + "hashes": [ + "8dc69ab4615fb72cab03f7d490b47306a2372c3d72276daf0ef612499ea6343e" + ], + "mitre_attack_tags": [] + }, + { + "bi": "pe-packed-upx", + "hashes": [ + "8f52892f0c32bac7f505ed309c10b31b1b73465c14b03e1ac88bf02d8aab2e8c" + ], + "mitre_attack_tags": [ + "TA0005", + "T1027" + ] + }, + { + "bi": "registry-service-autostart-disabled", + "hashes": [ + "8f52892f0c32bac7f505ed309c10b31b1b73465c14b03e1ac88bf02d8aab2e8c" + ], + "mitre_attack_tags": [ + "TA0003", + "T1112", + "T1489", + "T1058" + ] + }, + { + "bi": "artifact-memory-vm-detect", + "hashes": [ + "8f52892f0c32bac7f505ed309c10b31b1b73465c14b03e1ac88bf02d8aab2e8c" + ], + "mitre_attack_tags": [ + "TA0005", + "T1497" + ] + }, + { + "bi": "decoy-wpfv", + "hashes": [ + "8f52892f0c32bac7f505ed309c10b31b1b73465c14b03e1ac88bf02d8aab2e8c" + ], + "mitre_attack_tags": [ + "TA0001", + "T1193" + ] + }, + { + "bi": "windows-util-attrib-hide", + "hashes": [ + "8f52892f0c32bac7f505ed309c10b31b1b73465c14b03e1ac88bf02d8aab2e8c" + ], + "mitre_attack_tags": [ + "TA0005", + "T1158" + ] + }, + { + "bi": "malware-darkcomet-detected", + "hashes": [ + "8f52892f0c32bac7f505ed309c10b31b1b73465c14b03e1ac88bf02d8aab2e8c" + ], + "mitre_attack_tags": [] + }, + { + "bi": "malware-darkcomet-registry-detected", + "hashes": [ + "8f52892f0c32bac7f505ed309c10b31b1b73465c14b03e1ac88bf02d8aab2e8c" + ], + "mitre_attack_tags": [] + }, + { + "bi": "file-attribute-modification", + "hashes": [ + "8f52892f0c32bac7f505ed309c10b31b1b73465c14b03e1ac88bf02d8aab2e8c" + ], + "mitre_attack_tags": [ + "TA0005", + "T1096" + ] + }, + { + "bi": "pe-encrypted-section", + "hashes": [ + "70da214ecceaad1c065f11fbd9e998d8a44289388cbb01f6aba8c12d768dcc9a" + ], + "mitre_attack_tags": [ + "TA0005", + "T1027" + ] + }, + { + "bi": "pe-section-execute-writable", + "hashes": [ + "70da214ecceaad1c065f11fbd9e998d8a44289388cbb01f6aba8c12d768dcc9a" + ], + "mitre_attack_tags": [ + "TA0005", + "T1027" + ] + }, + { + "bi": "file-ini-read", + "hashes": [ + "70da214ecceaad1c065f11fbd9e998d8a44289388cbb01f6aba8c12d768dcc9a" + ], + "mitre_attack_tags": [] + }, + { + "bi": "registry-hide-files", + "hashes": [ + "70da214ecceaad1c065f11fbd9e998d8a44289388cbb01f6aba8c12d768dcc9a" + ], + "mitre_attack_tags": [ + "TA0005", + "T1158" + ] + }, + { + "bi": "registry-disablesuac", + "hashes": [ + "70da214ecceaad1c065f11fbd9e998d8a44289388cbb01f6aba8c12d768dcc9a" + ], + "mitre_attack_tags": [ + "TA0005", + "TA0002", + "TA0004", + "T1088", + "T1089" + ] + }, + { + "bi": "usb-drive-autoplay-modification", + "hashes": [ + "70da214ecceaad1c065f11fbd9e998d8a44289388cbb01f6aba8c12d768dcc9a" + ], + "mitre_attack_tags": [ + "TA0008", + "TA0001", + "T1091" + ] + }, + { + "bi": "modified-file-on-usb", + "hashes": [ + "70da214ecceaad1c065f11fbd9e998d8a44289388cbb01f6aba8c12d768dcc9a" + ], + "mitre_attack_tags": [ + "TA0011", + "T1092" + ] + }, + { + "bi": "created-executable-on-usb", + "hashes": [ + "70da214ecceaad1c065f11fbd9e998d8a44289388cbb01f6aba8c12d768dcc9a" + ], + "mitre_attack_tags": [ + "TA0008", + "TA0003", + "T1091" + ] + }, + { + "bi": "antivirus-flagged-artifact-cta", + "hashes": [ + "70da214ecceaad1c065f11fbd9e998d8a44289388cbb01f6aba8c12d768dcc9a" + ], + "mitre_attack_tags": [] + }, + { + "bi": "file-ini-modified", + "hashes": [ + "70da214ecceaad1c065f11fbd9e998d8a44289388cbb01f6aba8c12d768dcc9a" + ], + "mitre_attack_tags": [ + "TA0003" + ] + }, + { + "bi": "pe-dos-header-initialsp", + "hashes": [ + "70da214ecceaad1c065f11fbd9e998d8a44289388cbb01f6aba8c12d768dcc9a" + ], + "mitre_attack_tags": [ + "TA0005", + "T1027" + ] + }, + { + "bi": "pe-dos-header-initialip", + "hashes": [ + "70da214ecceaad1c065f11fbd9e998d8a44289388cbb01f6aba8c12d768dcc9a" + ], + "mitre_attack_tags": [ + "TA0005", + "T1027" + ] + }, + { + "bi": "pe-dos-header-initialcs", + "hashes": [ + "70da214ecceaad1c065f11fbd9e998d8a44289388cbb01f6aba8c12d768dcc9a" + ], + "mitre_attack_tags": [ + "TA0005", + "T1027" + ] + }, + { + "bi": "artifact-pe-header-overlap", + "hashes": [ + "70da214ecceaad1c065f11fbd9e998d8a44289388cbb01f6aba8c12d768dcc9a" + ], + "mitre_attack_tags": [ + "TA0005", + "T1027" + ] + }, + { + "bi": "pe-dos-header-checksum", + "hashes": [ + "70da214ecceaad1c065f11fbd9e998d8a44289388cbb01f6aba8c12d768dcc9a" + ], + "mitre_attack_tags": [] + }, + { + "bi": "excessive-logical-drive-enumeration", + "hashes": [ + "70da214ecceaad1c065f11fbd9e998d8a44289388cbb01f6aba8c12d768dcc9a" + ], + "mitre_attack_tags": [ + "TA0007", + "T1120", + "T1025" + ] + }, + { + "bi": "pe-header-numofsymbols", + "hashes": [ + "70da214ecceaad1c065f11fbd9e998d8a44289388cbb01f6aba8c12d768dcc9a" + ], + "mitre_attack_tags": [ + "TA0005", + "T1027" + ] + }, + { + "bi": "process-requested-file-external-drive", + "hashes": [ + "70da214ecceaad1c065f11fbd9e998d8a44289388cbb01f6aba8c12d768dcc9a" + ], + "mitre_attack_tags": [ + "TA0009", + "T1025" + ] + }, + { + "bi": "registry-firewall-exceptions-enabled", + "hashes": [ + "70da214ecceaad1c065f11fbd9e998d8a44289388cbb01f6aba8c12d768dcc9a" + ], + "mitre_attack_tags": [ + "TA0005", + "T1089" + ] + }, + { + "bi": "disables-windows-firewall", + "hashes": [ + "70da214ecceaad1c065f11fbd9e998d8a44289388cbb01f6aba8c12d768dcc9a" + ], + "mitre_attack_tags": [ + "TA0005", + "T1089" + ] + }, + { + "bi": "malware-sality-mutex", + "hashes": [ + "70da214ecceaad1c065f11fbd9e998d8a44289388cbb01f6aba8c12d768dcc9a" + ], + "mitre_attack_tags": [] + }, + { + "bi": "registry-firewall-notifications-disabled", + "hashes": [ + "70da214ecceaad1c065f11fbd9e998d8a44289388cbb01f6aba8c12d768dcc9a" + ], + "mitre_attack_tags": [ + "TA0005", + "T1089" + ] + }, + { + "bi": "registry-ie-work-offline-settings-modified", + "hashes": [ + "70da214ecceaad1c065f11fbd9e998d8a44289388cbb01f6aba8c12d768dcc9a" + ], + "mitre_attack_tags": [ + "TA0040", + "T1498" + ] + }, + { + "bi": "system-startup-file-modification", + "hashes": [ + "70da214ecceaad1c065f11fbd9e998d8a44289388cbb01f6aba8c12d768dcc9a" + ], + "mitre_attack_tags": [ + "TA0003", + "T1060" + ] + }, + { + "bi": "artifact-windows-component-suspicious-creation", + "hashes": [ + "9e4b64ec986be184f84bc69074e6bc420cef02528eaca2cbd6eeaa6ea024d7a8" + ], + "mitre_attack_tags": [ + "TA0005", + "T1036" + ] + }, + { + "bi": "imports-IsDebuggerPresent", + "hashes": [ + "55bac2e92e272bb455f85f8f60be34bfed008c356a16ba3a2bc114ce965f28b1" + ], + "mitre_attack_tags": [] + }, + { + "bi": "pe-certificate", + "hashes": [ + "55bac2e92e272bb455f85f8f60be34bfed008c356a16ba3a2bc114ce965f28b1" + ], + "mitre_attack_tags": [] + }, + { + "bi": "malware-svchost-misspell", + "hashes": [ + "55bac2e92e272bb455f85f8f60be34bfed008c356a16ba3a2bc114ce965f28b1" + ], + "mitre_attack_tags": [] + }, + { + "bi": "malware-misspell-binary", + "hashes": [ + "55bac2e92e272bb455f85f8f60be34bfed008c356a16ba3a2bc114ce965f28b1" + ], + "mitre_attack_tags": [] + }, + { + "bi": "malware-ufr-mutex-detected", + "hashes": [ + "2af96cfcadd6f35896178900875a7eec7e9c06a33c36b4d12024db11af26106b" + ], + "mitre_attack_tags": [] + }, + { + "bi": "feed-domain-rat", + "hashes": [ + "fc1384c6fd798650826a73ec659919fb1f90d3ff2ff9749ac2ac1bf075fa6fa0" + ], + "mitre_attack_tags": [] + }, + { + "bi": "registry-autorun-key-data-dir", + "hashes": [ + "fc1384c6fd798650826a73ec659919fb1f90d3ff2ff9749ac2ac1bf075fa6fa0" + ], + "mitre_attack_tags": [ + "TA0003", + "T1060" + ] + }, + { + "bi": "startup-folder-modification", + "hashes": [ + "fc1384c6fd798650826a73ec659919fb1f90d3ff2ff9749ac2ac1bf075fa6fa0" + ], + "mitre_attack_tags": [ + "TA0003", + "T1060" + ] + }, + { + "bi": "startup-folder-lnk-file", + "hashes": [ + "fc1384c6fd798650826a73ec659919fb1f90d3ff2ff9749ac2ac1bf075fa6fa0" + ], + "mitre_attack_tags": [ + "TA0003", + "T1060" + ] + } + ], + "category": "Dropper", + "coverage": { + "AMP": true, + "CWS": true, + "Cloudlock": false, + "Email Security": true, + "Network Security": false, + "Threat Grid": true, + "Umbrella": false, + "WSA": false + }, + "description": "This is a trojan and downloader that allows malicious actors to upload files to a victim's computer.", + "hashes": [ + "2259bc8ed872c70e64ee804e160494f9acb12417dbf39f4a8bb5352e3b73ff13", + "2af96cfcadd6f35896178900875a7eec7e9c06a33c36b4d12024db11af26106b", + "3f2528f499f50cb6bad87bdb60a582bfcb64683545c743ccb40830915bd23c47", + "40e890d1e2c5341100cd769f5beb28b9ed2521dcce0142f20857e21460965b67", + "55bac2e92e272bb455f85f8f60be34bfed008c356a16ba3a2bc114ce965f28b1", + "5a34ed1857244c8c1db24c33d99280de595c31716c5c2650fb89a02d0e007632", + "6bbc68bb4c39f1e5879e30480115e961dc820aa418a6ee2ac96f5f1f6d0d603f", + "70da214ecceaad1c065f11fbd9e998d8a44289388cbb01f6aba8c12d768dcc9a", + "8d4f1f8ec2f80e3933d413dc09f465c89cbdd9a2b9202780bac38ff2c58e13e5", + "8dc69ab4615fb72cab03f7d490b47306a2372c3d72276daf0ef612499ea6343e", + "8f52892f0c32bac7f505ed309c10b31b1b73465c14b03e1ac88bf02d8aab2e8c", + "9cf889bb69ad79c0412ee0094b92a9b53d6ab77cc9d8242fd30b6e50f63be8d2", + "9e4b64ec986be184f84bc69074e6bc420cef02528eaca2cbd6eeaa6ea024d7a8", + "ae131fd38c89b6548c95a647250c2448610d2b546547e8d1fbb4e02e8ae3cfab", + "c4365f20a5262b717f141f6e4af4958d9cd979b3ab4758d5a58fe899ea892c11", + "d41efc56e54ea0cc084306de7ac3e59c6c1083f750fc0889ce2ff4f8256d3686", + "ea876d3f251fd879bd4faef4c8129ab9ecfb4c896c5aac8061a831fdd088a7fc", + "f4d7d34a60e168bfcf7acc2d1e5e1384610df60d2677017dd26356f7baca8466", + "fc1384c6fd798650826a73ec659919fb1f90d3ff2ff9749ac2ac1bf075fa6fa0" + ], + "iocs": { + "domain": [ + { + "hashes": [ + "8dc69ab4615fb72cab03f7d490b47306a2372c3d72276daf0ef612499ea6343e" + ], + "host": "schema[.]org" + }, + { + "hashes": [ + "8dc69ab4615fb72cab03f7d490b47306a2372c3d72276daf0ef612499ea6343e" + ], + "host": "www[.]google-analytics[.]com" + }, + { + "hashes": [ + "8dc69ab4615fb72cab03f7d490b47306a2372c3d72276daf0ef612499ea6343e" + ], + "host": "stats[.]g[.]doubleclick[.]net" + }, + { + "hashes": [ + "8dc69ab4615fb72cab03f7d490b47306a2372c3d72276daf0ef612499ea6343e" + ], + "host": "github[.]com" + }, + { + "hashes": [ + "8dc69ab4615fb72cab03f7d490b47306a2372c3d72276daf0ef612499ea6343e" + ], + "host": "avatars1[.]githubusercontent[.]com" + }, + { + "hashes": [ + "8dc69ab4615fb72cab03f7d490b47306a2372c3d72276daf0ef612499ea6343e" + ], + "host": "az725175[.]vo[.]msecnd[.]net" + }, + { + "hashes": [ + "8dc69ab4615fb72cab03f7d490b47306a2372c3d72276daf0ef612499ea6343e" + ], + "host": "aka[.]ms" + }, + { + "hashes": [ + "8dc69ab4615fb72cab03f7d490b47306a2372c3d72276daf0ef612499ea6343e" + ], + "host": "avatars3[.]githubusercontent[.]com" + }, + { + "hashes": [ + "8dc69ab4615fb72cab03f7d490b47306a2372c3d72276daf0ef612499ea6343e" + ], + "host": "developercommunity[.]visualstudio[.]com" + }, + { + "hashes": [ + "d41efc56e54ea0cc084306de7ac3e59c6c1083f750fc0889ce2ff4f8256d3686" + ], + "host": "horses[.]ru-loading[.]ru" + }, + { + "hashes": [ + "8dc69ab4615fb72cab03f7d490b47306a2372c3d72276daf0ef612499ea6343e" + ], + "host": "cdn[.]speedcurve[.]com" + }, + { + "hashes": [ + "8dc69ab4615fb72cab03f7d490b47306a2372c3d72276daf0ef612499ea6343e" + ], + "host": "w[.]usabilla[.]com" + }, + { + "hashes": [ + "5a34ed1857244c8c1db24c33d99280de595c31716c5c2650fb89a02d0e007632" + ], + "host": "panicofas[.]no-ip[.]org" + }, + { + "hashes": [ + "8f52892f0c32bac7f505ed309c10b31b1b73465c14b03e1ac88bf02d8aab2e8c" + ], + "host": "matheustkt[.]no-ip[.]biz" + }, + { + "hashes": [ + "55bac2e92e272bb455f85f8f60be34bfed008c356a16ba3a2bc114ce965f28b1" + ], + "host": "laotra[.]no-ip[.]info" + }, + { + "hashes": [ + "fc1384c6fd798650826a73ec659919fb1f90d3ff2ff9749ac2ac1bf075fa6fa0" + ], + "host": "fedoshka[.]no-ip[.]biz" + }, + { + "hashes": [ + "fc1384c6fd798650826a73ec659919fb1f90d3ff2ff9749ac2ac1bf075fa6fa0" + ], + "host": "fedosh[.]np-ip[.]biz" + } + ], + "file": [ + { + "hashes": [ + "55bac2e92e272bb455f85f8f60be34bfed008c356a16ba3a2bc114ce965f28b1", + "6bbc68bb4c39f1e5879e30480115e961dc820aa418a6ee2ac96f5f1f6d0d603f", + "8d4f1f8ec2f80e3933d413dc09f465c89cbdd9a2b9202780bac38ff2c58e13e5" + ], + "path": "%TEMP%\\x.html" + }, + { + "hashes": [ + "70da214ecceaad1c065f11fbd9e998d8a44289388cbb01f6aba8c12d768dcc9a" + ], + "path": "%SystemRoot%\\system.ini" + }, + { + "hashes": [ + "8f52892f0c32bac7f505ed309c10b31b1b73465c14b03e1ac88bf02d8aab2e8c" + ], + "path": "%APPDATA%\\dclogs" + }, + { + "hashes": [ + "5a34ed1857244c8c1db24c33d99280de595c31716c5c2650fb89a02d0e007632" + ], + "path": "%TEMP%\\XX--XX--XX.txt" + }, + { + "hashes": [ + "5a34ed1857244c8c1db24c33d99280de595c31716c5c2650fb89a02d0e007632" + ], + "path": "%TEMP%\\UuU.uUu" + }, + { + "hashes": [ + "5a34ed1857244c8c1db24c33d99280de595c31716c5c2650fb89a02d0e007632" + ], + "path": "%TEMP%\\XxX.xXx" + }, + { + "hashes": [ + "5a34ed1857244c8c1db24c33d99280de595c31716c5c2650fb89a02d0e007632" + ], + "path": "%APPDATA%\\logs.dat" + }, + { + "hashes": [ + "70da214ecceaad1c065f11fbd9e998d8a44289388cbb01f6aba8c12d768dcc9a" + ], + "path": "E:\\autorun.inf" + }, + { + "hashes": [ + "55bac2e92e272bb455f85f8f60be34bfed008c356a16ba3a2bc114ce965f28b1" + ], + "path": "%SystemRoot%\\InstallDir" + }, + { + "hashes": [ + "5a34ed1857244c8c1db24c33d99280de595c31716c5c2650fb89a02d0e007632" + ], + "path": "%SystemRoot%\\Microsoft" + }, + { + "hashes": [ + "fc1384c6fd798650826a73ec659919fb1f90d3ff2ff9749ac2ac1bf075fa6fa0" + ], + "path": "%APPDATA%\\InstallDir" + }, + { + "hashes": [ + "5a34ed1857244c8c1db24c33d99280de595c31716c5c2650fb89a02d0e007632" + ], + "path": "%SystemRoot%\\Microsoft\\server.exe" + }, + { + "hashes": [ + "fc1384c6fd798650826a73ec659919fb1f90d3ff2ff9749ac2ac1bf075fa6fa0" + ], + "path": "%APPDATA%\\InstallDir\\Server.exe" + }, + { + "hashes": [ + "9e4b64ec986be184f84bc69074e6bc420cef02528eaca2cbd6eeaa6ea024d7a8" + ], + "path": "%LOCALAPPDATA%\\Microsoft\\svchost.exe" + }, + { + "hashes": [ + "9e4b64ec986be184f84bc69074e6bc420cef02528eaca2cbd6eeaa6ea024d7a8" + ], + "path": "\\TEMP\\svchost.exe" + }, + { + "hashes": [ + "2af96cfcadd6f35896178900875a7eec7e9c06a33c36b4d12024db11af26106b" + ], + "path": "\\TEMP\\ufr_reports" + }, + { + "hashes": [ + "70da214ecceaad1c065f11fbd9e998d8a44289388cbb01f6aba8c12d768dcc9a" + ], + "path": "\\autorun.inf" + }, + { + "hashes": [ + "fc1384c6fd798650826a73ec659919fb1f90d3ff2ff9749ac2ac1bf075fa6fa0" + ], + "path": "%ProgramData%\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\Microsoft.lnk" + }, + { + "hashes": [ + "5a34ed1857244c8c1db24c33d99280de595c31716c5c2650fb89a02d0e007632" + ], + "path": "\\TEMP\\server.exe" + }, + { + "hashes": [ + "8f52892f0c32bac7f505ed309c10b31b1b73465c14b03e1ac88bf02d8aab2e8c" + ], + "path": "%TEMP%\\~PIB27.tmp" + }, + { + "hashes": [ + "8f52892f0c32bac7f505ed309c10b31b1b73465c14b03e1ac88bf02d8aab2e8c" + ], + "path": "%TEMP%\\~PIBD3.tmp" + }, + { + "hashes": [ + "8f52892f0c32bac7f505ed309c10b31b1b73465c14b03e1ac88bf02d8aab2e8c" + ], + "path": "%TEMP%\\PIC_1187696292_8.JPG" + }, + { + "hashes": [ + "70da214ecceaad1c065f11fbd9e998d8a44289388cbb01f6aba8c12d768dcc9a" + ], + "path": "E:\\wtjnrl.exe" + }, + { + "hashes": [ + "70da214ecceaad1c065f11fbd9e998d8a44289388cbb01f6aba8c12d768dcc9a" + ], + "path": "%TEMP%\\winetaly.exe" + }, + { + "hashes": [ + "70da214ecceaad1c065f11fbd9e998d8a44289388cbb01f6aba8c12d768dcc9a" + ], + "path": "\\tsrirn.exe" + }, + { + "hashes": [ + "70da214ecceaad1c065f11fbd9e998d8a44289388cbb01f6aba8c12d768dcc9a" + ], + "path": "\\wtjnrl.exe" + }, + { + "hashes": [ + "55bac2e92e272bb455f85f8f60be34bfed008c356a16ba3a2bc114ce965f28b1" + ], + "path": "%APPDATA%\\Microsoft\\Windows\\XKJSP2eg.cfg" + }, + { + "hashes": [ + "55bac2e92e272bb455f85f8f60be34bfed008c356a16ba3a2bc114ce965f28b1" + ], + "path": "%SystemRoot%\\InstallDir\\svhost.exe" + }, + { + "hashes": [ + "fc1384c6fd798650826a73ec659919fb1f90d3ff2ff9749ac2ac1bf075fa6fa0" + ], + "path": "%APPDATA%\\Microsoft\\Windows\\AjnwBYm.dat" + }, + { + "hashes": [ + "55bac2e92e272bb455f85f8f60be34bfed008c356a16ba3a2bc114ce965f28b1" + ], + "path": "%APPDATA%\\Microsoft\\Windows\\XKJSP2eg.dat" + }, + { + "hashes": [ + "fc1384c6fd798650826a73ec659919fb1f90d3ff2ff9749ac2ac1bf075fa6fa0" + ], + "path": "%APPDATA%\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\Inicio.exe" + }, + { + "hashes": [ + "fc1384c6fd798650826a73ec659919fb1f90d3ff2ff9749ac2ac1bf075fa6fa0" + ], + "path": "%APPDATA%\\Microsoft\\Windows\\AjnwBYm.cfg" + } + ], + "ip": [ + { + "hashes": [ + "8dc69ab4615fb72cab03f7d490b47306a2372c3d72276daf0ef612499ea6343e" + ], + "ip": "13[.]107[.]21[.]200" + }, + { + "hashes": [ + "8dc69ab4615fb72cab03f7d490b47306a2372c3d72276daf0ef612499ea6343e" + ], + "ip": "204[.]79[.]197[.]200" + }, + { + "hashes": [ + "8dc69ab4615fb72cab03f7d490b47306a2372c3d72276daf0ef612499ea6343e" + ], + "ip": "151[.]101[.]194[.]217" + }, + { + "hashes": [ + "8dc69ab4615fb72cab03f7d490b47306a2372c3d72276daf0ef612499ea6343e" + ], + "ip": "152[.]199[.]4[.]33" + }, + { + "hashes": [ + "8dc69ab4615fb72cab03f7d490b47306a2372c3d72276daf0ef612499ea6343e" + ], + "ip": "65[.]55[.]44[.]109" + }, + { + "hashes": [ + "8dc69ab4615fb72cab03f7d490b47306a2372c3d72276daf0ef612499ea6343e" + ], + "ip": "20[.]36[.]253[.]92" + }, + { + "hashes": [ + "8dc69ab4615fb72cab03f7d490b47306a2372c3d72276daf0ef612499ea6343e" + ], + "ip": "151[.]101[.]128[.]133" + }, + { + "hashes": [ + "8dc69ab4615fb72cab03f7d490b47306a2372c3d72276daf0ef612499ea6343e" + ], + "ip": "151[.]101[.]192[.]133" + }, + { + "hashes": [ + "8dc69ab4615fb72cab03f7d490b47306a2372c3d72276daf0ef612499ea6343e" + ], + "ip": "23[.]6[.]69[.]99" + }, + { + "hashes": [ + "8dc69ab4615fb72cab03f7d490b47306a2372c3d72276daf0ef612499ea6343e" + ], + "ip": "172[.]217[.]5[.]238" + }, + { + "hashes": [ + "8dc69ab4615fb72cab03f7d490b47306a2372c3d72276daf0ef612499ea6343e" + ], + "ip": "34[.]232[.]187[.]93" + }, + { + "hashes": [ + "8dc69ab4615fb72cab03f7d490b47306a2372c3d72276daf0ef612499ea6343e" + ], + "ip": "140[.]82[.]112[.]3" + }, + { + "hashes": [ + "8dc69ab4615fb72cab03f7d490b47306a2372c3d72276daf0ef612499ea6343e" + ], + "ip": "172[.]253[.]63[.]156" + }, + { + "hashes": [ + "2af96cfcadd6f35896178900875a7eec7e9c06a33c36b4d12024db11af26106b" + ], + "ip": "31[.]170[.]160[.]103" + }, + { + "hashes": [ + "8dc69ab4615fb72cab03f7d490b47306a2372c3d72276daf0ef612499ea6343e" + ], + "ip": "104[.]108[.]100[.]37" + } + ], + "mutex": [ + { + "hashes": [ + "3f2528f499f50cb6bad87bdb60a582bfcb64683545c743ccb40830915bd23c47", + "40e890d1e2c5341100cd769f5beb28b9ed2521dcce0142f20857e21460965b67", + "5a34ed1857244c8c1db24c33d99280de595c31716c5c2650fb89a02d0e007632", + "c4365f20a5262b717f141f6e4af4958d9cd979b3ab4758d5a58fe899ea892c11", + "ea876d3f251fd879bd4faef4c8129ab9ecfb4c896c5aac8061a831fdd088a7fc", + "f4d7d34a60e168bfcf7acc2d1e5e1384610df60d2677017dd26356f7baca8466" + ], + "name": "_x_X_BLOCKMOUSE_X_x_" + }, + { + "hashes": [ + "3f2528f499f50cb6bad87bdb60a582bfcb64683545c743ccb40830915bd23c47", + "40e890d1e2c5341100cd769f5beb28b9ed2521dcce0142f20857e21460965b67", + "5a34ed1857244c8c1db24c33d99280de595c31716c5c2650fb89a02d0e007632", + "c4365f20a5262b717f141f6e4af4958d9cd979b3ab4758d5a58fe899ea892c11", + "ea876d3f251fd879bd4faef4c8129ab9ecfb4c896c5aac8061a831fdd088a7fc", + "f4d7d34a60e168bfcf7acc2d1e5e1384610df60d2677017dd26356f7baca8466" + ], + "name": "_x_X_PASSWORDLIST_X_x_" + }, + { + "hashes": [ + "3f2528f499f50cb6bad87bdb60a582bfcb64683545c743ccb40830915bd23c47", + "40e890d1e2c5341100cd769f5beb28b9ed2521dcce0142f20857e21460965b67", + "5a34ed1857244c8c1db24c33d99280de595c31716c5c2650fb89a02d0e007632", + "c4365f20a5262b717f141f6e4af4958d9cd979b3ab4758d5a58fe899ea892c11", + "ea876d3f251fd879bd4faef4c8129ab9ecfb4c896c5aac8061a831fdd088a7fc", + "f4d7d34a60e168bfcf7acc2d1e5e1384610df60d2677017dd26356f7baca8466" + ], + "name": "_x_X_UPDATE_X_x_" + }, + { + "hashes": [ + "55bac2e92e272bb455f85f8f60be34bfed008c356a16ba3a2bc114ce965f28b1", + "6bbc68bb4c39f1e5879e30480115e961dc820aa418a6ee2ac96f5f1f6d0d603f", + "70da214ecceaad1c065f11fbd9e998d8a44289388cbb01f6aba8c12d768dcc9a", + "8d4f1f8ec2f80e3933d413dc09f465c89cbdd9a2b9202780bac38ff2c58e13e5", + "fc1384c6fd798650826a73ec659919fb1f90d3ff2ff9749ac2ac1bf075fa6fa0" + ], + "name": "<random, matching [a-zA-Z0-9]{5,9}>" + }, + { + "hashes": [ + "55bac2e92e272bb455f85f8f60be34bfed008c356a16ba3a2bc114ce965f28b1", + "fc1384c6fd798650826a73ec659919fb1f90d3ff2ff9749ac2ac1bf075fa6fa0" + ], + "name": "XTREMEUPDATE" + }, + { + "hashes": [ + "2af96cfcadd6f35896178900875a7eec7e9c06a33c36b4d12024db11af26106b" + ], + "name": "UFR3" + }, + { + "hashes": [ + "8f52892f0c32bac7f505ed309c10b31b1b73465c14b03e1ac88bf02d8aab2e8c" + ], + "name": "DCPERSFWBP" + }, + { + "hashes": [ + "5a34ed1857244c8c1db24c33d99280de595c31716c5c2650fb89a02d0e007632" + ], + "name": "***MUTEX***" + }, + { + "hashes": [ + "5a34ed1857244c8c1db24c33d99280de595c31716c5c2650fb89a02d0e007632" + ], + "name": "***MUTEX***_PERSIST" + }, + { + "hashes": [ + "5a34ed1857244c8c1db24c33d99280de595c31716c5c2650fb89a02d0e007632" + ], + "name": "***MUTEX***_SAIR" + }, + { + "hashes": [ + "8dc69ab4615fb72cab03f7d490b47306a2372c3d72276daf0ef612499ea6343e" + ], + "name": "Local\\https://docs.microsoft.com/" + }, + { + "hashes": [ + "70da214ecceaad1c065f11fbd9e998d8a44289388cbb01f6aba8c12d768dcc9a" + ], + "name": "<process name>.exeM_<pid>_" + }, + { + "hashes": [ + "5a34ed1857244c8c1db24c33d99280de595c31716c5c2650fb89a02d0e007632" + ], + "name": "Global\\7f980f81-a05d-11ea-a007-00501e3ae7b5" + }, + { + "hashes": [ + "6bbc68bb4c39f1e5879e30480115e961dc820aa418a6ee2ac96f5f1f6d0d603f" + ], + "name": "VuTPb9wJrPERSIST" + }, + { + "hashes": [ + "ae131fd38c89b6548c95a647250c2448610d2b546547e8d1fbb4e02e8ae3cfab" + ], + "name": "Global\\75044201-a0cb-11ea-a007-00501e3ae7b5" + }, + { + "hashes": [ + "2259bc8ed872c70e64ee804e160494f9acb12417dbf39f4a8bb5352e3b73ff13" + ], + "name": "Global\\74e73481-a0cb-11ea-a007-00501e3ae7b5" + }, + { + "hashes": [ + "9e4b64ec986be184f84bc69074e6bc420cef02528eaca2cbd6eeaa6ea024d7a8" + ], + "name": "Global\\79274761-a0cb-11ea-a007-00501e3ae7b5" + }, + { + "hashes": [ + "8d4f1f8ec2f80e3933d413dc09f465c89cbdd9a2b9202780bac38ff2c58e13e5" + ], + "name": "TcCqgkPERSIST" + }, + { + "hashes": [ + "8f52892f0c32bac7f505ed309c10b31b1b73465c14b03e1ac88bf02d8aab2e8c" + ], + "name": "SDASDDSASD" + }, + { + "hashes": [ + "70da214ecceaad1c065f11fbd9e998d8a44289388cbb01f6aba8c12d768dcc9a" + ], + "name": "70da214ecceaad1c065f11fbd9e998d8a44289388cbb01f6aba8c12d768dcc9M_372_" + }, + { + "hashes": [ + "fc1384c6fd798650826a73ec659919fb1f90d3ff2ff9749ac2ac1bf075fa6fa0" + ], + "name": "AjnwBYmPERSIST" + }, + { + "hashes": [ + "fc1384c6fd798650826a73ec659919fb1f90d3ff2ff9749ac2ac1bf075fa6fa0" + ], + "name": "AjnwBYmEXIT" + } + ], + "registry": [ + { + "hashes": [ + "55bac2e92e272bb455f85f8f60be34bfed008c356a16ba3a2bc114ce965f28b1", + "fc1384c6fd798650826a73ec659919fb1f90d3ff2ff9749ac2ac1bf075fa6fa0" + ], + "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", + "value_name": "HKLM" + }, + { + "hashes": [ + "55bac2e92e272bb455f85f8f60be34bfed008c356a16ba3a2bc114ce965f28b1", + "fc1384c6fd798650826a73ec659919fb1f90d3ff2ff9749ac2ac1bf075fa6fa0" + ], + "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", + "value_name": "HKCU" + }, + { + "hashes": [ + "6bbc68bb4c39f1e5879e30480115e961dc820aa418a6ee2ac96f5f1f6d0d603f", + "8d4f1f8ec2f80e3933d413dc09f465c89cbdd9a2b9202780bac38ff2c58e13e5" + ], + "key": "<HKCU>\\SOFTWARE\\XTREMERAT", + "value_name": null + }, + { + "hashes": [ + "fc1384c6fd798650826a73ec659919fb1f90d3ff2ff9749ac2ac1bf075fa6fa0" + ], + "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\ACTIVE SETUP\\INSTALLED COMPONENTS\\{5460C4DF-B266-909E-CB58-E32B79832EB2}", + "value_name": "StubPath" + }, + { + "hashes": [ + "70da214ecceaad1c065f11fbd9e998d8a44289388cbb01f6aba8c12d768dcc9a" + ], + "key": "<HKCU>\\SOFTWARE\\AASPPAPMMXKVS", + "value_name": "A1_951" + }, + { + "hashes": [ + "70da214ecceaad1c065f11fbd9e998d8a44289388cbb01f6aba8c12d768dcc9a" + ], + "key": "<HKCU>\\SOFTWARE\\AASPPAPMMXKVS", + "value_name": "A2_951" + }, + { + "hashes": [ + "70da214ecceaad1c065f11fbd9e998d8a44289388cbb01f6aba8c12d768dcc9a" + ], + "key": "<HKCU>\\SOFTWARE\\AASPPAPMMXKVS", + "value_name": "A1_952" + }, + { + "hashes": [ + "70da214ecceaad1c065f11fbd9e998d8a44289388cbb01f6aba8c12d768dcc9a" + ], + "key": "<HKCU>\\SOFTWARE\\AASPPAPMMXKVS", + "value_name": "A2_952" + }, + { + "hashes": [ + "70da214ecceaad1c065f11fbd9e998d8a44289388cbb01f6aba8c12d768dcc9a" + ], + "key": "<HKCU>\\SOFTWARE\\AASPPAPMMXKVS", + "value_name": "A1_953" + }, + { + "hashes": [ + "70da214ecceaad1c065f11fbd9e998d8a44289388cbb01f6aba8c12d768dcc9a" + ], + "key": "<HKCU>\\SOFTWARE\\AASPPAPMMXKVS", + "value_name": "A2_953" + }, + { + "hashes": [ + "70da214ecceaad1c065f11fbd9e998d8a44289388cbb01f6aba8c12d768dcc9a" + ], + "key": "<HKCU>\\SOFTWARE\\AASPPAPMMXKVS", + "value_name": "A1_954" + }, + { + "hashes": [ + "70da214ecceaad1c065f11fbd9e998d8a44289388cbb01f6aba8c12d768dcc9a" + ], + "key": "<HKCU>\\SOFTWARE\\AASPPAPMMXKVS", + "value_name": "A1_955" + }, + { + "hashes": [ + "70da214ecceaad1c065f11fbd9e998d8a44289388cbb01f6aba8c12d768dcc9a" + ], + "key": "<HKCU>\\SOFTWARE\\AASPPAPMMXKVS", + "value_name": "A2_955" + }, + { + "hashes": [ + "70da214ecceaad1c065f11fbd9e998d8a44289388cbb01f6aba8c12d768dcc9a" + ], + "key": "<HKCU>\\SOFTWARE\\AASPPAPMMXKVS", + "value_name": "A1_956" + }, + { + "hashes": [ + "70da214ecceaad1c065f11fbd9e998d8a44289388cbb01f6aba8c12d768dcc9a" + ], + "key": "<HKCU>\\SOFTWARE\\AASPPAPMMXKVS", + "value_name": "A1_957" + }, + { + "hashes": [ + "70da214ecceaad1c065f11fbd9e998d8a44289388cbb01f6aba8c12d768dcc9a" + ], + "key": "<HKCU>\\SOFTWARE\\AASPPAPMMXKVS", + "value_name": "A2_957" + }, + { + "hashes": [ + "70da214ecceaad1c065f11fbd9e998d8a44289388cbb01f6aba8c12d768dcc9a" + ], + "key": "<HKCU>\\SOFTWARE\\AASPPAPMMXKVS", + "value_name": "A1_958" + }, + { + "hashes": [ + "70da214ecceaad1c065f11fbd9e998d8a44289388cbb01f6aba8c12d768dcc9a" + ], + "key": "<HKCU>\\SOFTWARE\\AASPPAPMMXKVS", + "value_name": "A1_959" + }, + { + "hashes": [ + "70da214ecceaad1c065f11fbd9e998d8a44289388cbb01f6aba8c12d768dcc9a" + ], + "key": "<HKCU>\\SOFTWARE\\AASPPAPMMXKVS", + "value_name": "A1_960" + }, + { + "hashes": [ + "70da214ecceaad1c065f11fbd9e998d8a44289388cbb01f6aba8c12d768dcc9a" + ], + "key": "<HKCU>\\SOFTWARE\\AASPPAPMMXKVS", + "value_name": "A2_960" + }, + { + "hashes": [ + "70da214ecceaad1c065f11fbd9e998d8a44289388cbb01f6aba8c12d768dcc9a" + ], + "key": "<HKCU>\\SOFTWARE\\AASPPAPMMXKVS", + "value_name": "A1_961" + }, + { + "hashes": [ + "70da214ecceaad1c065f11fbd9e998d8a44289388cbb01f6aba8c12d768dcc9a" + ], + "key": "<HKCU>\\SOFTWARE\\AASPPAPMMXKVS", + "value_name": "A1_962" + }, + { + "hashes": [ + "70da214ecceaad1c065f11fbd9e998d8a44289388cbb01f6aba8c12d768dcc9a" + ], + "key": "<HKCU>\\SOFTWARE\\AASPPAPMMXKVS", + "value_name": "A1_963" + }, + { + "hashes": [ + "70da214ecceaad1c065f11fbd9e998d8a44289388cbb01f6aba8c12d768dcc9a" + ], + "key": "<HKCU>\\SOFTWARE\\AASPPAPMMXKVS", + "value_name": "A1_964" + }, + { + "hashes": [ + "70da214ecceaad1c065f11fbd9e998d8a44289388cbb01f6aba8c12d768dcc9a" + ], + "key": "<HKCU>\\SOFTWARE\\AASPPAPMMXKVS", + "value_name": "A2_964" + }, + { + "hashes": [ + "70da214ecceaad1c065f11fbd9e998d8a44289388cbb01f6aba8c12d768dcc9a" + ], + "key": "<HKCU>\\SOFTWARE\\AASPPAPMMXKVS", + "value_name": "A1_965" + }, + { + "hashes": [ + "70da214ecceaad1c065f11fbd9e998d8a44289388cbb01f6aba8c12d768dcc9a" + ], + "key": "<HKCU>\\SOFTWARE\\AASPPAPMMXKVS", + "value_name": "A1_966" + }, + { + "hashes": [ + "70da214ecceaad1c065f11fbd9e998d8a44289388cbb01f6aba8c12d768dcc9a" + ], + "key": "<HKCU>\\SOFTWARE\\AASPPAPMMXKVS", + "value_name": "A1_967" + }, + { + "hashes": [ + "70da214ecceaad1c065f11fbd9e998d8a44289388cbb01f6aba8c12d768dcc9a" + ], + "key": "<HKCU>\\SOFTWARE\\AASPPAPMMXKVS", + "value_name": "A1_968" + }, + { + "hashes": [ + "70da214ecceaad1c065f11fbd9e998d8a44289388cbb01f6aba8c12d768dcc9a" + ], + "key": "<HKCU>\\SOFTWARE\\AASPPAPMMXKVS", + "value_name": "A1_969" + }, + { + "hashes": [ + "70da214ecceaad1c065f11fbd9e998d8a44289388cbb01f6aba8c12d768dcc9a" + ], + "key": "<HKCU>\\SOFTWARE\\AASPPAPMMXKVS", + "value_name": "A2_969" + }, + { + "hashes": [ + "70da214ecceaad1c065f11fbd9e998d8a44289388cbb01f6aba8c12d768dcc9a" + ], + "key": "<HKCU>\\SOFTWARE\\AASPPAPMMXKVS", + "value_name": "A1_970" + }, + { + "hashes": [ + "70da214ecceaad1c065f11fbd9e998d8a44289388cbb01f6aba8c12d768dcc9a" + ], + "key": "<HKCU>\\SOFTWARE\\AASPPAPMMXKVS", + "value_name": "A1_971" + }, + { + "hashes": [ + "70da214ecceaad1c065f11fbd9e998d8a44289388cbb01f6aba8c12d768dcc9a" + ], + "key": "<HKCU>\\SOFTWARE\\AASPPAPMMXKVS", + "value_name": "A1_972" + }, + { + "hashes": [ + "70da214ecceaad1c065f11fbd9e998d8a44289388cbb01f6aba8c12d768dcc9a" + ], + "key": "<HKCU>\\SOFTWARE\\AASPPAPMMXKVS", + "value_name": "A2_972" + }, + { + "hashes": [ + "70da214ecceaad1c065f11fbd9e998d8a44289388cbb01f6aba8c12d768dcc9a" + ], + "key": "<HKCU>\\SOFTWARE\\AASPPAPMMXKVS", + "value_name": "A1_973" + }, + { + "hashes": [ + "70da214ecceaad1c065f11fbd9e998d8a44289388cbb01f6aba8c12d768dcc9a" + ], + "key": "<HKCU>\\SOFTWARE\\AASPPAPMMXKVS", + "value_name": "A2_973" + }, + { + "hashes": [ + "70da214ecceaad1c065f11fbd9e998d8a44289388cbb01f6aba8c12d768dcc9a" + ], + "key": "<HKCU>\\SOFTWARE\\AASPPAPMMXKVS", + "value_name": "A1_974" + }, + { + "hashes": [ + "70da214ecceaad1c065f11fbd9e998d8a44289388cbb01f6aba8c12d768dcc9a" + ], + "key": "<HKCU>\\SOFTWARE\\AASPPAPMMXKVS", + "value_name": "A2_974" + }, + { + "hashes": [ + "70da214ecceaad1c065f11fbd9e998d8a44289388cbb01f6aba8c12d768dcc9a" + ], + "key": "<HKCU>\\SOFTWARE\\AASPPAPMMXKVS", + "value_name": "A1_975" + }, + { + "hashes": [ + "70da214ecceaad1c065f11fbd9e998d8a44289388cbb01f6aba8c12d768dcc9a" + ], + "key": "<HKCU>\\SOFTWARE\\AASPPAPMMXKVS", + "value_name": "A1_976" + }, + { + "hashes": [ + "70da214ecceaad1c065f11fbd9e998d8a44289388cbb01f6aba8c12d768dcc9a" + ], + "key": "<HKCU>\\SOFTWARE\\AASPPAPMMXKVS", + "value_name": "A2_976" + }, + { + "hashes": [ + "70da214ecceaad1c065f11fbd9e998d8a44289388cbb01f6aba8c12d768dcc9a" + ], + "key": "<HKCU>\\SOFTWARE\\AASPPAPMMXKVS", + "value_name": "A1_977" + }, + { + "hashes": [ + "70da214ecceaad1c065f11fbd9e998d8a44289388cbb01f6aba8c12d768dcc9a" + ], + "key": "<HKCU>\\SOFTWARE\\AASPPAPMMXKVS", + "value_name": "A2_977" + }, + { + "hashes": [ + "70da214ecceaad1c065f11fbd9e998d8a44289388cbb01f6aba8c12d768dcc9a" + ], + "key": "<HKCU>\\SOFTWARE\\AASPPAPMMXKVS", + "value_name": "A1_978" + }, + { + "hashes": [ + "70da214ecceaad1c065f11fbd9e998d8a44289388cbb01f6aba8c12d768dcc9a" + ], + "key": "<HKCU>\\SOFTWARE\\AASPPAPMMXKVS", + "value_name": "A1_979" + }, + { + "hashes": [ + "70da214ecceaad1c065f11fbd9e998d8a44289388cbb01f6aba8c12d768dcc9a" + ], + "key": "<HKCU>\\SOFTWARE\\AASPPAPMMXKVS", + "value_name": "A1_980" + }, + { + "hashes": [ + "70da214ecceaad1c065f11fbd9e998d8a44289388cbb01f6aba8c12d768dcc9a" + ], + "key": "<HKCU>\\SOFTWARE\\AASPPAPMMXKVS", + "value_name": "A2_980" + }, + { + "hashes": [ + "70da214ecceaad1c065f11fbd9e998d8a44289388cbb01f6aba8c12d768dcc9a" + ], + "key": "<HKCU>\\SOFTWARE\\AASPPAPMMXKVS", + "value_name": "A1_981" + }, + { + "hashes": [ + "70da214ecceaad1c065f11fbd9e998d8a44289388cbb01f6aba8c12d768dcc9a" + ], + "key": "<HKCU>\\SOFTWARE\\AASPPAPMMXKVS", + "value_name": "A1_982" + } + ] + }, + "reports_count": 19 + }, + "Win.Dropper.DarkComet-7945051-0": { + "bis": [ + { + "bi": "memory-execute-readwrite", + "hashes": [ + "ad9b169e3ec2bca38608c3a2a260a5c8fd7d425922c1be0480632b1853e8b800", + "f23c4432eb6761d5742ca93ac63e32f554b2f609089cce6c7b128560cad7864c", + "833d572bc5d010513b2db0ddf8585146717626ca0b1ed31afcf2c060a85532fc", + "cdf04a526edb74c65e0bad7231b1f7aa7b387db4b4d16dbed7ea5d7ce03b3c74", + "9588eea7a663c0b1afa4019215e3720191ca182b8ab3267600d3c0015b8b6f90", + "834ec1bfba399fed36481af92248915e4a4f9137a3ad3d2236b9932cbf7f142b", + "8512563d18fbbb08c0f925f52b57284e755f64aa11b8298ae25083b73826f98c", + "58d4c099e50e96300e2041940d65fbcb8e85978a83ad7cf7457972aeb9f006ba", + "c671c6ba02521a078cffc1509fd3f5864791ad7c38a89b626cd2fc9159bd3de5", + "73e47ae090f62b5723ccc7a1b452e8c8b305f22734f7efac6402c9edbd49bc5c", + "152d31444542e5096b757127ed11c3aa8aa75869c7bed47c110251d6e4dc73de", + "e76428349eaa3c7ff8417a3b892cd015a0c07a7971b4e422e21751b4f762ed79", + "5d0671d8aa8a4c3eaeca7d73c197f20fa5e3698f97d9f99abf50b4e43ab1d113", + "08039ef764c01600b0b21b33fb9c45031fecacfbc62ac1400a2604783c513e4d", + "b1bd6d9e01e6a377172d207b9c1f0ea2a22dd5cb8d1eb453c6753d8d4d1a2879", + "d8650cb35c1ae0a368ceb7254f17b62f5e05abf8e4ce7fe3a0d8c39574532d95", + "57f94f852f1a625bebfe96a57be5c6cbcb17016f786ebe1991265c442dc42103", + "f98a7257bc518d66a99b78f55fbde062882e70024240e2136ef3d9ae4d85f911", + "bcb654091e412f70fd2fee09794a727f4309f613eb2f03c224a559c1c338115c", + "3b765b6d85b21b8304c2287d2ede993082455f64d904529dd8eb03482b5cf3b3", + "edf0c17aed631d1cd31e43c1be2291b74129f2b71be868156866a31fcac6cb05", + "3ee0145434048bb9dbff5a92a2083b3baae1c539a459668e34316bb75ad318de", + "6557faee4a706e851f0aa28785e38dc56bfd422c4d8864c754c884163ab8ab3d", + "4ce17adddc15f920b90d1f6920fb398b3a3a229d8888c454cab78263e0e95801", + "31535bfd8856f9497076a79fc6bac118901275a4928e9c31bfd42641aa624a98", + "70ba4783c12ca57a129c5f3ab9d85ee34f5dc753952d15b49f5c54c6f067909e", + "5e59a550cc3f18a66b663286b2ad08a5612fdd34e8e1667f5229c05e3053d48d", + "0e473f4bdc3a37ef888a4f44616e0c09c38b8d7fcdb617736aa8f294dd99e920", + "63935268c3fd6806fc5de779b5f72358721f7dd537de53f019f3baa1cbdb3451", + "0f6a595d6bfd0dc514dbde0b8be7cdb2aa1dba94a103f1c79205f0bcf9856e7f", + "50e76d4936b183bf0c03761a38bf0d74e037ce72b59df8a28764b7f446675f51", + "2be6e59520303b18c3c4524be67c74f8cadfe80101440fcd61d5da6a9648b48f", + "1be1d57117ab25b16d4d17176062dc0cb469e25dcf2ec8c751c2104365697ae6", + "18bc76cc05f305549fbee7757c01f897110effac971738af751815589036d5dc", + "411f03cb9f75856e767ff1b2c3d03464026f32943e4a193d65f8997e6bf7f0cd", + "8167bea409789e03d3483aa7497762f2c3f33ed25122fcd8b7e7b45cb9b3e919", + "1899e0b8e3b986a5de287ba23c6e81b287078d7d17eecf30eb10b8013633f709" + ], + "mitre_attack_tags": [ + "TA0005", + "TA0004", + "T1055", + "T1181" + ] + }, + { + "bi": "antivirus-service-flagged-artifact", + "hashes": [ + "ad9b169e3ec2bca38608c3a2a260a5c8fd7d425922c1be0480632b1853e8b800", + "f23c4432eb6761d5742ca93ac63e32f554b2f609089cce6c7b128560cad7864c", + "833d572bc5d010513b2db0ddf8585146717626ca0b1ed31afcf2c060a85532fc", + "cdf04a526edb74c65e0bad7231b1f7aa7b387db4b4d16dbed7ea5d7ce03b3c74", + "9588eea7a663c0b1afa4019215e3720191ca182b8ab3267600d3c0015b8b6f90", + "834ec1bfba399fed36481af92248915e4a4f9137a3ad3d2236b9932cbf7f142b", + "8512563d18fbbb08c0f925f52b57284e755f64aa11b8298ae25083b73826f98c", + "58d4c099e50e96300e2041940d65fbcb8e85978a83ad7cf7457972aeb9f006ba", + "c671c6ba02521a078cffc1509fd3f5864791ad7c38a89b626cd2fc9159bd3de5", + "73e47ae090f62b5723ccc7a1b452e8c8b305f22734f7efac6402c9edbd49bc5c", + "152d31444542e5096b757127ed11c3aa8aa75869c7bed47c110251d6e4dc73de", + "e76428349eaa3c7ff8417a3b892cd015a0c07a7971b4e422e21751b4f762ed79", + "5d0671d8aa8a4c3eaeca7d73c197f20fa5e3698f97d9f99abf50b4e43ab1d113", + "08039ef764c01600b0b21b33fb9c45031fecacfbc62ac1400a2604783c513e4d", + "b1bd6d9e01e6a377172d207b9c1f0ea2a22dd5cb8d1eb453c6753d8d4d1a2879", + "d8650cb35c1ae0a368ceb7254f17b62f5e05abf8e4ce7fe3a0d8c39574532d95", + "57f94f852f1a625bebfe96a57be5c6cbcb17016f786ebe1991265c442dc42103", + "f98a7257bc518d66a99b78f55fbde062882e70024240e2136ef3d9ae4d85f911", + "bcb654091e412f70fd2fee09794a727f4309f613eb2f03c224a559c1c338115c", + "3b765b6d85b21b8304c2287d2ede993082455f64d904529dd8eb03482b5cf3b3", + "edf0c17aed631d1cd31e43c1be2291b74129f2b71be868156866a31fcac6cb05", + "3ee0145434048bb9dbff5a92a2083b3baae1c539a459668e34316bb75ad318de", + "6557faee4a706e851f0aa28785e38dc56bfd422c4d8864c754c884163ab8ab3d", + "4ce17adddc15f920b90d1f6920fb398b3a3a229d8888c454cab78263e0e95801", + "31535bfd8856f9497076a79fc6bac118901275a4928e9c31bfd42641aa624a98", + "70ba4783c12ca57a129c5f3ab9d85ee34f5dc753952d15b49f5c54c6f067909e", + "5e59a550cc3f18a66b663286b2ad08a5612fdd34e8e1667f5229c05e3053d48d", + "0e473f4bdc3a37ef888a4f44616e0c09c38b8d7fcdb617736aa8f294dd99e920", + "63935268c3fd6806fc5de779b5f72358721f7dd537de53f019f3baa1cbdb3451", + "0f6a595d6bfd0dc514dbde0b8be7cdb2aa1dba94a103f1c79205f0bcf9856e7f", + "50e76d4936b183bf0c03761a38bf0d74e037ce72b59df8a28764b7f446675f51", + "2be6e59520303b18c3c4524be67c74f8cadfe80101440fcd61d5da6a9648b48f", + "1be1d57117ab25b16d4d17176062dc0cb469e25dcf2ec8c751c2104365697ae6", + "18bc76cc05f305549fbee7757c01f897110effac971738af751815589036d5dc", + "411f03cb9f75856e767ff1b2c3d03464026f32943e4a193d65f8997e6bf7f0cd", + "8167bea409789e03d3483aa7497762f2c3f33ed25122fcd8b7e7b45cb9b3e919", + "1899e0b8e3b986a5de287ba23c6e81b287078d7d17eecf30eb10b8013633f709" + ], + "mitre_attack_tags": [] + }, + { + "bi": "cta-static-analyzer-malicious", + "hashes": [ + "ad9b169e3ec2bca38608c3a2a260a5c8fd7d425922c1be0480632b1853e8b800", + "f23c4432eb6761d5742ca93ac63e32f554b2f609089cce6c7b128560cad7864c", + "833d572bc5d010513b2db0ddf8585146717626ca0b1ed31afcf2c060a85532fc", + "cdf04a526edb74c65e0bad7231b1f7aa7b387db4b4d16dbed7ea5d7ce03b3c74", + "9588eea7a663c0b1afa4019215e3720191ca182b8ab3267600d3c0015b8b6f90", + "834ec1bfba399fed36481af92248915e4a4f9137a3ad3d2236b9932cbf7f142b", + "8512563d18fbbb08c0f925f52b57284e755f64aa11b8298ae25083b73826f98c", + "58d4c099e50e96300e2041940d65fbcb8e85978a83ad7cf7457972aeb9f006ba", + "c671c6ba02521a078cffc1509fd3f5864791ad7c38a89b626cd2fc9159bd3de5", + "73e47ae090f62b5723ccc7a1b452e8c8b305f22734f7efac6402c9edbd49bc5c", + "152d31444542e5096b757127ed11c3aa8aa75869c7bed47c110251d6e4dc73de", + "e76428349eaa3c7ff8417a3b892cd015a0c07a7971b4e422e21751b4f762ed79", + "5d0671d8aa8a4c3eaeca7d73c197f20fa5e3698f97d9f99abf50b4e43ab1d113", + "08039ef764c01600b0b21b33fb9c45031fecacfbc62ac1400a2604783c513e4d", + "b1bd6d9e01e6a377172d207b9c1f0ea2a22dd5cb8d1eb453c6753d8d4d1a2879", + "d8650cb35c1ae0a368ceb7254f17b62f5e05abf8e4ce7fe3a0d8c39574532d95", + "57f94f852f1a625bebfe96a57be5c6cbcb17016f786ebe1991265c442dc42103", + "f98a7257bc518d66a99b78f55fbde062882e70024240e2136ef3d9ae4d85f911", + "bcb654091e412f70fd2fee09794a727f4309f613eb2f03c224a559c1c338115c", + "3b765b6d85b21b8304c2287d2ede993082455f64d904529dd8eb03482b5cf3b3", + "edf0c17aed631d1cd31e43c1be2291b74129f2b71be868156866a31fcac6cb05", + "3ee0145434048bb9dbff5a92a2083b3baae1c539a459668e34316bb75ad318de", + "6557faee4a706e851f0aa28785e38dc56bfd422c4d8864c754c884163ab8ab3d", + "4ce17adddc15f920b90d1f6920fb398b3a3a229d8888c454cab78263e0e95801", + "31535bfd8856f9497076a79fc6bac118901275a4928e9c31bfd42641aa624a98", + "70ba4783c12ca57a129c5f3ab9d85ee34f5dc753952d15b49f5c54c6f067909e", + "5e59a550cc3f18a66b663286b2ad08a5612fdd34e8e1667f5229c05e3053d48d", + "0e473f4bdc3a37ef888a4f44616e0c09c38b8d7fcdb617736aa8f294dd99e920", + "63935268c3fd6806fc5de779b5f72358721f7dd537de53f019f3baa1cbdb3451", + "0f6a595d6bfd0dc514dbde0b8be7cdb2aa1dba94a103f1c79205f0bcf9856e7f", + "50e76d4936b183bf0c03761a38bf0d74e037ce72b59df8a28764b7f446675f51", + "2be6e59520303b18c3c4524be67c74f8cadfe80101440fcd61d5da6a9648b48f", + "1be1d57117ab25b16d4d17176062dc0cb469e25dcf2ec8c751c2104365697ae6", + "18bc76cc05f305549fbee7757c01f897110effac971738af751815589036d5dc", + "411f03cb9f75856e767ff1b2c3d03464026f32943e4a193d65f8997e6bf7f0cd", + "8167bea409789e03d3483aa7497762f2c3f33ed25122fcd8b7e7b45cb9b3e919", + "1899e0b8e3b986a5de287ba23c6e81b287078d7d17eecf30eb10b8013633f709" + ], + "mitre_attack_tags": [] + }, + { + "bi": "pe-dos-header-paragraphs", + "hashes": [ + "ad9b169e3ec2bca38608c3a2a260a5c8fd7d425922c1be0480632b1853e8b800", + "f23c4432eb6761d5742ca93ac63e32f554b2f609089cce6c7b128560cad7864c", + "833d572bc5d010513b2db0ddf8585146717626ca0b1ed31afcf2c060a85532fc", + "cdf04a526edb74c65e0bad7231b1f7aa7b387db4b4d16dbed7ea5d7ce03b3c74", + "9588eea7a663c0b1afa4019215e3720191ca182b8ab3267600d3c0015b8b6f90", + "834ec1bfba399fed36481af92248915e4a4f9137a3ad3d2236b9932cbf7f142b", + "8512563d18fbbb08c0f925f52b57284e755f64aa11b8298ae25083b73826f98c", + "58d4c099e50e96300e2041940d65fbcb8e85978a83ad7cf7457972aeb9f006ba", + "c671c6ba02521a078cffc1509fd3f5864791ad7c38a89b626cd2fc9159bd3de5", + "73e47ae090f62b5723ccc7a1b452e8c8b305f22734f7efac6402c9edbd49bc5c", + "152d31444542e5096b757127ed11c3aa8aa75869c7bed47c110251d6e4dc73de", + "e76428349eaa3c7ff8417a3b892cd015a0c07a7971b4e422e21751b4f762ed79", + "5d0671d8aa8a4c3eaeca7d73c197f20fa5e3698f97d9f99abf50b4e43ab1d113", + "08039ef764c01600b0b21b33fb9c45031fecacfbc62ac1400a2604783c513e4d", + "b1bd6d9e01e6a377172d207b9c1f0ea2a22dd5cb8d1eb453c6753d8d4d1a2879", + "d8650cb35c1ae0a368ceb7254f17b62f5e05abf8e4ce7fe3a0d8c39574532d95", + "57f94f852f1a625bebfe96a57be5c6cbcb17016f786ebe1991265c442dc42103", + "f98a7257bc518d66a99b78f55fbde062882e70024240e2136ef3d9ae4d85f911", + "bcb654091e412f70fd2fee09794a727f4309f613eb2f03c224a559c1c338115c", + "3b765b6d85b21b8304c2287d2ede993082455f64d904529dd8eb03482b5cf3b3", + "edf0c17aed631d1cd31e43c1be2291b74129f2b71be868156866a31fcac6cb05", + "3ee0145434048bb9dbff5a92a2083b3baae1c539a459668e34316bb75ad318de", + "6557faee4a706e851f0aa28785e38dc56bfd422c4d8864c754c884163ab8ab3d", + "4ce17adddc15f920b90d1f6920fb398b3a3a229d8888c454cab78263e0e95801", + "31535bfd8856f9497076a79fc6bac118901275a4928e9c31bfd42641aa624a98", + "70ba4783c12ca57a129c5f3ab9d85ee34f5dc753952d15b49f5c54c6f067909e", + "5e59a550cc3f18a66b663286b2ad08a5612fdd34e8e1667f5229c05e3053d48d", + "0e473f4bdc3a37ef888a4f44616e0c09c38b8d7fcdb617736aa8f294dd99e920", + "63935268c3fd6806fc5de779b5f72358721f7dd537de53f019f3baa1cbdb3451", + "0f6a595d6bfd0dc514dbde0b8be7cdb2aa1dba94a103f1c79205f0bcf9856e7f", + "50e76d4936b183bf0c03761a38bf0d74e037ce72b59df8a28764b7f446675f51", + "2be6e59520303b18c3c4524be67c74f8cadfe80101440fcd61d5da6a9648b48f", + "1be1d57117ab25b16d4d17176062dc0cb469e25dcf2ec8c751c2104365697ae6", + "18bc76cc05f305549fbee7757c01f897110effac971738af751815589036d5dc", + "411f03cb9f75856e767ff1b2c3d03464026f32943e4a193d65f8997e6bf7f0cd", + "8167bea409789e03d3483aa7497762f2c3f33ed25122fcd8b7e7b45cb9b3e919", + "1899e0b8e3b986a5de287ba23c6e81b287078d7d17eecf30eb10b8013633f709" + ], + "mitre_attack_tags": [ + "TA0005", + "T1027" + ] + }, + { + "bi": "pe-section-shared", + "hashes": [ + "ad9b169e3ec2bca38608c3a2a260a5c8fd7d425922c1be0480632b1853e8b800", + "f23c4432eb6761d5742ca93ac63e32f554b2f609089cce6c7b128560cad7864c", + "833d572bc5d010513b2db0ddf8585146717626ca0b1ed31afcf2c060a85532fc", + "cdf04a526edb74c65e0bad7231b1f7aa7b387db4b4d16dbed7ea5d7ce03b3c74", + "9588eea7a663c0b1afa4019215e3720191ca182b8ab3267600d3c0015b8b6f90", + "834ec1bfba399fed36481af92248915e4a4f9137a3ad3d2236b9932cbf7f142b", + "8512563d18fbbb08c0f925f52b57284e755f64aa11b8298ae25083b73826f98c", + "58d4c099e50e96300e2041940d65fbcb8e85978a83ad7cf7457972aeb9f006ba", + "c671c6ba02521a078cffc1509fd3f5864791ad7c38a89b626cd2fc9159bd3de5", + "73e47ae090f62b5723ccc7a1b452e8c8b305f22734f7efac6402c9edbd49bc5c", + "152d31444542e5096b757127ed11c3aa8aa75869c7bed47c110251d6e4dc73de", + "e76428349eaa3c7ff8417a3b892cd015a0c07a7971b4e422e21751b4f762ed79", + "5d0671d8aa8a4c3eaeca7d73c197f20fa5e3698f97d9f99abf50b4e43ab1d113", + "08039ef764c01600b0b21b33fb9c45031fecacfbc62ac1400a2604783c513e4d", + "b1bd6d9e01e6a377172d207b9c1f0ea2a22dd5cb8d1eb453c6753d8d4d1a2879", + "d8650cb35c1ae0a368ceb7254f17b62f5e05abf8e4ce7fe3a0d8c39574532d95", + "57f94f852f1a625bebfe96a57be5c6cbcb17016f786ebe1991265c442dc42103", + "f98a7257bc518d66a99b78f55fbde062882e70024240e2136ef3d9ae4d85f911", + "bcb654091e412f70fd2fee09794a727f4309f613eb2f03c224a559c1c338115c", + "3b765b6d85b21b8304c2287d2ede993082455f64d904529dd8eb03482b5cf3b3", + "edf0c17aed631d1cd31e43c1be2291b74129f2b71be868156866a31fcac6cb05", + "3ee0145434048bb9dbff5a92a2083b3baae1c539a459668e34316bb75ad318de", + "6557faee4a706e851f0aa28785e38dc56bfd422c4d8864c754c884163ab8ab3d", + "4ce17adddc15f920b90d1f6920fb398b3a3a229d8888c454cab78263e0e95801", + "31535bfd8856f9497076a79fc6bac118901275a4928e9c31bfd42641aa624a98", + "70ba4783c12ca57a129c5f3ab9d85ee34f5dc753952d15b49f5c54c6f067909e", + "5e59a550cc3f18a66b663286b2ad08a5612fdd34e8e1667f5229c05e3053d48d", + "0e473f4bdc3a37ef888a4f44616e0c09c38b8d7fcdb617736aa8f294dd99e920", + "63935268c3fd6806fc5de779b5f72358721f7dd537de53f019f3baa1cbdb3451", + "0f6a595d6bfd0dc514dbde0b8be7cdb2aa1dba94a103f1c79205f0bcf9856e7f", + "50e76d4936b183bf0c03761a38bf0d74e037ce72b59df8a28764b7f446675f51", + "2be6e59520303b18c3c4524be67c74f8cadfe80101440fcd61d5da6a9648b48f", + "1be1d57117ab25b16d4d17176062dc0cb469e25dcf2ec8c751c2104365697ae6", + "18bc76cc05f305549fbee7757c01f897110effac971738af751815589036d5dc", + "411f03cb9f75856e767ff1b2c3d03464026f32943e4a193d65f8997e6bf7f0cd", + "8167bea409789e03d3483aa7497762f2c3f33ed25122fcd8b7e7b45cb9b3e919", + "1899e0b8e3b986a5de287ba23c6e81b287078d7d17eecf30eb10b8013633f709" + ], + "mitre_attack_tags": [ + "TA0005", + "T1027" + ] + }, + { + "bi": "excessive-foreign-memory-modification", + "hashes": [ + "ad9b169e3ec2bca38608c3a2a260a5c8fd7d425922c1be0480632b1853e8b800", + "f23c4432eb6761d5742ca93ac63e32f554b2f609089cce6c7b128560cad7864c", + "833d572bc5d010513b2db0ddf8585146717626ca0b1ed31afcf2c060a85532fc", + "cdf04a526edb74c65e0bad7231b1f7aa7b387db4b4d16dbed7ea5d7ce03b3c74", + "9588eea7a663c0b1afa4019215e3720191ca182b8ab3267600d3c0015b8b6f90", + "834ec1bfba399fed36481af92248915e4a4f9137a3ad3d2236b9932cbf7f142b", + "8512563d18fbbb08c0f925f52b57284e755f64aa11b8298ae25083b73826f98c", + "58d4c099e50e96300e2041940d65fbcb8e85978a83ad7cf7457972aeb9f006ba", + "c671c6ba02521a078cffc1509fd3f5864791ad7c38a89b626cd2fc9159bd3de5", + "73e47ae090f62b5723ccc7a1b452e8c8b305f22734f7efac6402c9edbd49bc5c", + "152d31444542e5096b757127ed11c3aa8aa75869c7bed47c110251d6e4dc73de", + "e76428349eaa3c7ff8417a3b892cd015a0c07a7971b4e422e21751b4f762ed79", + "5d0671d8aa8a4c3eaeca7d73c197f20fa5e3698f97d9f99abf50b4e43ab1d113", + "08039ef764c01600b0b21b33fb9c45031fecacfbc62ac1400a2604783c513e4d", + "b1bd6d9e01e6a377172d207b9c1f0ea2a22dd5cb8d1eb453c6753d8d4d1a2879", + "d8650cb35c1ae0a368ceb7254f17b62f5e05abf8e4ce7fe3a0d8c39574532d95", + "57f94f852f1a625bebfe96a57be5c6cbcb17016f786ebe1991265c442dc42103", + "f98a7257bc518d66a99b78f55fbde062882e70024240e2136ef3d9ae4d85f911", + "bcb654091e412f70fd2fee09794a727f4309f613eb2f03c224a559c1c338115c", + "3b765b6d85b21b8304c2287d2ede993082455f64d904529dd8eb03482b5cf3b3", + "edf0c17aed631d1cd31e43c1be2291b74129f2b71be868156866a31fcac6cb05", + "6557faee4a706e851f0aa28785e38dc56bfd422c4d8864c754c884163ab8ab3d", + "4ce17adddc15f920b90d1f6920fb398b3a3a229d8888c454cab78263e0e95801", + "31535bfd8856f9497076a79fc6bac118901275a4928e9c31bfd42641aa624a98", + "70ba4783c12ca57a129c5f3ab9d85ee34f5dc753952d15b49f5c54c6f067909e", + "5e59a550cc3f18a66b663286b2ad08a5612fdd34e8e1667f5229c05e3053d48d", + "0e473f4bdc3a37ef888a4f44616e0c09c38b8d7fcdb617736aa8f294dd99e920", + "63935268c3fd6806fc5de779b5f72358721f7dd537de53f019f3baa1cbdb3451", + "0f6a595d6bfd0dc514dbde0b8be7cdb2aa1dba94a103f1c79205f0bcf9856e7f", + "50e76d4936b183bf0c03761a38bf0d74e037ce72b59df8a28764b7f446675f51", + "2be6e59520303b18c3c4524be67c74f8cadfe80101440fcd61d5da6a9648b48f", + "1be1d57117ab25b16d4d17176062dc0cb469e25dcf2ec8c751c2104365697ae6", + "18bc76cc05f305549fbee7757c01f897110effac971738af751815589036d5dc", + "411f03cb9f75856e767ff1b2c3d03464026f32943e4a193d65f8997e6bf7f0cd", + "8167bea409789e03d3483aa7497762f2c3f33ed25122fcd8b7e7b45cb9b3e919", + "1899e0b8e3b986a5de287ba23c6e81b287078d7d17eecf30eb10b8013633f709" + ], + "mitre_attack_tags": [ + "TA0005", + "T1055" + ] + }, + { + "bi": "pe-invalid-checksum", + "hashes": [ + "ad9b169e3ec2bca38608c3a2a260a5c8fd7d425922c1be0480632b1853e8b800", + "f23c4432eb6761d5742ca93ac63e32f554b2f609089cce6c7b128560cad7864c", + "833d572bc5d010513b2db0ddf8585146717626ca0b1ed31afcf2c060a85532fc", + "cdf04a526edb74c65e0bad7231b1f7aa7b387db4b4d16dbed7ea5d7ce03b3c74", + "9588eea7a663c0b1afa4019215e3720191ca182b8ab3267600d3c0015b8b6f90", + "834ec1bfba399fed36481af92248915e4a4f9137a3ad3d2236b9932cbf7f142b", + "8512563d18fbbb08c0f925f52b57284e755f64aa11b8298ae25083b73826f98c", + "58d4c099e50e96300e2041940d65fbcb8e85978a83ad7cf7457972aeb9f006ba", + "c671c6ba02521a078cffc1509fd3f5864791ad7c38a89b626cd2fc9159bd3de5", + "73e47ae090f62b5723ccc7a1b452e8c8b305f22734f7efac6402c9edbd49bc5c", + "152d31444542e5096b757127ed11c3aa8aa75869c7bed47c110251d6e4dc73de", + "e76428349eaa3c7ff8417a3b892cd015a0c07a7971b4e422e21751b4f762ed79", + "5d0671d8aa8a4c3eaeca7d73c197f20fa5e3698f97d9f99abf50b4e43ab1d113", + "08039ef764c01600b0b21b33fb9c45031fecacfbc62ac1400a2604783c513e4d", + "b1bd6d9e01e6a377172d207b9c1f0ea2a22dd5cb8d1eb453c6753d8d4d1a2879", + "d8650cb35c1ae0a368ceb7254f17b62f5e05abf8e4ce7fe3a0d8c39574532d95", + "57f94f852f1a625bebfe96a57be5c6cbcb17016f786ebe1991265c442dc42103", + "f98a7257bc518d66a99b78f55fbde062882e70024240e2136ef3d9ae4d85f911", + "bcb654091e412f70fd2fee09794a727f4309f613eb2f03c224a559c1c338115c", + "3b765b6d85b21b8304c2287d2ede993082455f64d904529dd8eb03482b5cf3b3", + "edf0c17aed631d1cd31e43c1be2291b74129f2b71be868156866a31fcac6cb05", + "3ee0145434048bb9dbff5a92a2083b3baae1c539a459668e34316bb75ad318de", + "6557faee4a706e851f0aa28785e38dc56bfd422c4d8864c754c884163ab8ab3d", + "4ce17adddc15f920b90d1f6920fb398b3a3a229d8888c454cab78263e0e95801", + "31535bfd8856f9497076a79fc6bac118901275a4928e9c31bfd42641aa624a98", + "70ba4783c12ca57a129c5f3ab9d85ee34f5dc753952d15b49f5c54c6f067909e", + "5e59a550cc3f18a66b663286b2ad08a5612fdd34e8e1667f5229c05e3053d48d", + "0e473f4bdc3a37ef888a4f44616e0c09c38b8d7fcdb617736aa8f294dd99e920", + "63935268c3fd6806fc5de779b5f72358721f7dd537de53f019f3baa1cbdb3451", + "0f6a595d6bfd0dc514dbde0b8be7cdb2aa1dba94a103f1c79205f0bcf9856e7f", + "50e76d4936b183bf0c03761a38bf0d74e037ce72b59df8a28764b7f446675f51", + "2be6e59520303b18c3c4524be67c74f8cadfe80101440fcd61d5da6a9648b48f", + "1be1d57117ab25b16d4d17176062dc0cb469e25dcf2ec8c751c2104365697ae6", + "411f03cb9f75856e767ff1b2c3d03464026f32943e4a193d65f8997e6bf7f0cd", + "1899e0b8e3b986a5de287ba23c6e81b287078d7d17eecf30eb10b8013633f709" + ], + "mitre_attack_tags": [] + }, + { + "bi": "sample-launched-copy-of-self", + "hashes": [ + "ad9b169e3ec2bca38608c3a2a260a5c8fd7d425922c1be0480632b1853e8b800", + "f23c4432eb6761d5742ca93ac63e32f554b2f609089cce6c7b128560cad7864c", + "833d572bc5d010513b2db0ddf8585146717626ca0b1ed31afcf2c060a85532fc", + "cdf04a526edb74c65e0bad7231b1f7aa7b387db4b4d16dbed7ea5d7ce03b3c74", + "9588eea7a663c0b1afa4019215e3720191ca182b8ab3267600d3c0015b8b6f90", + "834ec1bfba399fed36481af92248915e4a4f9137a3ad3d2236b9932cbf7f142b", + "8512563d18fbbb08c0f925f52b57284e755f64aa11b8298ae25083b73826f98c", + "58d4c099e50e96300e2041940d65fbcb8e85978a83ad7cf7457972aeb9f006ba", + "c671c6ba02521a078cffc1509fd3f5864791ad7c38a89b626cd2fc9159bd3de5", + "73e47ae090f62b5723ccc7a1b452e8c8b305f22734f7efac6402c9edbd49bc5c", + "e76428349eaa3c7ff8417a3b892cd015a0c07a7971b4e422e21751b4f762ed79", + "5d0671d8aa8a4c3eaeca7d73c197f20fa5e3698f97d9f99abf50b4e43ab1d113", + "08039ef764c01600b0b21b33fb9c45031fecacfbc62ac1400a2604783c513e4d", + "b1bd6d9e01e6a377172d207b9c1f0ea2a22dd5cb8d1eb453c6753d8d4d1a2879", + "d8650cb35c1ae0a368ceb7254f17b62f5e05abf8e4ce7fe3a0d8c39574532d95", + "57f94f852f1a625bebfe96a57be5c6cbcb17016f786ebe1991265c442dc42103", + "f98a7257bc518d66a99b78f55fbde062882e70024240e2136ef3d9ae4d85f911", + "bcb654091e412f70fd2fee09794a727f4309f613eb2f03c224a559c1c338115c", + "3b765b6d85b21b8304c2287d2ede993082455f64d904529dd8eb03482b5cf3b3", + "edf0c17aed631d1cd31e43c1be2291b74129f2b71be868156866a31fcac6cb05", + "6557faee4a706e851f0aa28785e38dc56bfd422c4d8864c754c884163ab8ab3d", + "4ce17adddc15f920b90d1f6920fb398b3a3a229d8888c454cab78263e0e95801", + "31535bfd8856f9497076a79fc6bac118901275a4928e9c31bfd42641aa624a98", + "70ba4783c12ca57a129c5f3ab9d85ee34f5dc753952d15b49f5c54c6f067909e", + "5e59a550cc3f18a66b663286b2ad08a5612fdd34e8e1667f5229c05e3053d48d", + "0e473f4bdc3a37ef888a4f44616e0c09c38b8d7fcdb617736aa8f294dd99e920", + "63935268c3fd6806fc5de779b5f72358721f7dd537de53f019f3baa1cbdb3451", + "0f6a595d6bfd0dc514dbde0b8be7cdb2aa1dba94a103f1c79205f0bcf9856e7f", + "50e76d4936b183bf0c03761a38bf0d74e037ce72b59df8a28764b7f446675f51", + "2be6e59520303b18c3c4524be67c74f8cadfe80101440fcd61d5da6a9648b48f", + "1be1d57117ab25b16d4d17176062dc0cb469e25dcf2ec8c751c2104365697ae6", + "18bc76cc05f305549fbee7757c01f897110effac971738af751815589036d5dc", + "411f03cb9f75856e767ff1b2c3d03464026f32943e4a193d65f8997e6bf7f0cd", + "8167bea409789e03d3483aa7497762f2c3f33ed25122fcd8b7e7b45cb9b3e919", + "1899e0b8e3b986a5de287ba23c6e81b287078d7d17eecf30eb10b8013633f709" + ], + "mitre_attack_tags": [ + "TA0005", + "T1202" + ] + }, + { + "bi": "artifact-flagged-anomaly", + "hashes": [ + "ad9b169e3ec2bca38608c3a2a260a5c8fd7d425922c1be0480632b1853e8b800", + "f23c4432eb6761d5742ca93ac63e32f554b2f609089cce6c7b128560cad7864c", + "833d572bc5d010513b2db0ddf8585146717626ca0b1ed31afcf2c060a85532fc", + "cdf04a526edb74c65e0bad7231b1f7aa7b387db4b4d16dbed7ea5d7ce03b3c74", + "9588eea7a663c0b1afa4019215e3720191ca182b8ab3267600d3c0015b8b6f90", + "834ec1bfba399fed36481af92248915e4a4f9137a3ad3d2236b9932cbf7f142b", + "8512563d18fbbb08c0f925f52b57284e755f64aa11b8298ae25083b73826f98c", + "58d4c099e50e96300e2041940d65fbcb8e85978a83ad7cf7457972aeb9f006ba", + "c671c6ba02521a078cffc1509fd3f5864791ad7c38a89b626cd2fc9159bd3de5", + "73e47ae090f62b5723ccc7a1b452e8c8b305f22734f7efac6402c9edbd49bc5c", + "152d31444542e5096b757127ed11c3aa8aa75869c7bed47c110251d6e4dc73de", + "e76428349eaa3c7ff8417a3b892cd015a0c07a7971b4e422e21751b4f762ed79", + "5d0671d8aa8a4c3eaeca7d73c197f20fa5e3698f97d9f99abf50b4e43ab1d113", + "08039ef764c01600b0b21b33fb9c45031fecacfbc62ac1400a2604783c513e4d", + "b1bd6d9e01e6a377172d207b9c1f0ea2a22dd5cb8d1eb453c6753d8d4d1a2879", + "d8650cb35c1ae0a368ceb7254f17b62f5e05abf8e4ce7fe3a0d8c39574532d95", + "57f94f852f1a625bebfe96a57be5c6cbcb17016f786ebe1991265c442dc42103", + "f98a7257bc518d66a99b78f55fbde062882e70024240e2136ef3d9ae4d85f911", + "bcb654091e412f70fd2fee09794a727f4309f613eb2f03c224a559c1c338115c", + "3b765b6d85b21b8304c2287d2ede993082455f64d904529dd8eb03482b5cf3b3", + "edf0c17aed631d1cd31e43c1be2291b74129f2b71be868156866a31fcac6cb05", + "3ee0145434048bb9dbff5a92a2083b3baae1c539a459668e34316bb75ad318de", + "4ce17adddc15f920b90d1f6920fb398b3a3a229d8888c454cab78263e0e95801", + "31535bfd8856f9497076a79fc6bac118901275a4928e9c31bfd42641aa624a98", + "70ba4783c12ca57a129c5f3ab9d85ee34f5dc753952d15b49f5c54c6f067909e", + "5e59a550cc3f18a66b663286b2ad08a5612fdd34e8e1667f5229c05e3053d48d", + "0e473f4bdc3a37ef888a4f44616e0c09c38b8d7fcdb617736aa8f294dd99e920", + "63935268c3fd6806fc5de779b5f72358721f7dd537de53f019f3baa1cbdb3451", + "50e76d4936b183bf0c03761a38bf0d74e037ce72b59df8a28764b7f446675f51", + "2be6e59520303b18c3c4524be67c74f8cadfe80101440fcd61d5da6a9648b48f", + "1be1d57117ab25b16d4d17176062dc0cb469e25dcf2ec8c751c2104365697ae6", + "411f03cb9f75856e767ff1b2c3d03464026f32943e4a193d65f8997e6bf7f0cd", + "8167bea409789e03d3483aa7497762f2c3f33ed25122fcd8b7e7b45cb9b3e919" + ], + "mitre_attack_tags": [ + "TA0005", + "T1027" + ] + }, + { + "bi": "malware-darkcomet-mutex-detected", + "hashes": [ + "ad9b169e3ec2bca38608c3a2a260a5c8fd7d425922c1be0480632b1853e8b800", + "f23c4432eb6761d5742ca93ac63e32f554b2f609089cce6c7b128560cad7864c", + "833d572bc5d010513b2db0ddf8585146717626ca0b1ed31afcf2c060a85532fc", + "cdf04a526edb74c65e0bad7231b1f7aa7b387db4b4d16dbed7ea5d7ce03b3c74", + "9588eea7a663c0b1afa4019215e3720191ca182b8ab3267600d3c0015b8b6f90", + "834ec1bfba399fed36481af92248915e4a4f9137a3ad3d2236b9932cbf7f142b", + "8512563d18fbbb08c0f925f52b57284e755f64aa11b8298ae25083b73826f98c", + "58d4c099e50e96300e2041940d65fbcb8e85978a83ad7cf7457972aeb9f006ba", + "c671c6ba02521a078cffc1509fd3f5864791ad7c38a89b626cd2fc9159bd3de5", + "73e47ae090f62b5723ccc7a1b452e8c8b305f22734f7efac6402c9edbd49bc5c", + "152d31444542e5096b757127ed11c3aa8aa75869c7bed47c110251d6e4dc73de", + "e76428349eaa3c7ff8417a3b892cd015a0c07a7971b4e422e21751b4f762ed79", + "5d0671d8aa8a4c3eaeca7d73c197f20fa5e3698f97d9f99abf50b4e43ab1d113", + "08039ef764c01600b0b21b33fb9c45031fecacfbc62ac1400a2604783c513e4d", + "b1bd6d9e01e6a377172d207b9c1f0ea2a22dd5cb8d1eb453c6753d8d4d1a2879", + "d8650cb35c1ae0a368ceb7254f17b62f5e05abf8e4ce7fe3a0d8c39574532d95", + "57f94f852f1a625bebfe96a57be5c6cbcb17016f786ebe1991265c442dc42103", + "f98a7257bc518d66a99b78f55fbde062882e70024240e2136ef3d9ae4d85f911", + "bcb654091e412f70fd2fee09794a727f4309f613eb2f03c224a559c1c338115c", + "3b765b6d85b21b8304c2287d2ede993082455f64d904529dd8eb03482b5cf3b3", + "edf0c17aed631d1cd31e43c1be2291b74129f2b71be868156866a31fcac6cb05", + "4ce17adddc15f920b90d1f6920fb398b3a3a229d8888c454cab78263e0e95801", + "5e59a550cc3f18a66b663286b2ad08a5612fdd34e8e1667f5229c05e3053d48d", + "63935268c3fd6806fc5de779b5f72358721f7dd537de53f019f3baa1cbdb3451", + "2be6e59520303b18c3c4524be67c74f8cadfe80101440fcd61d5da6a9648b48f", + "1be1d57117ab25b16d4d17176062dc0cb469e25dcf2ec8c751c2104365697ae6", + "18bc76cc05f305549fbee7757c01f897110effac971738af751815589036d5dc", + "411f03cb9f75856e767ff1b2c3d03464026f32943e4a193d65f8997e6bf7f0cd", + "8167bea409789e03d3483aa7497762f2c3f33ed25122fcd8b7e7b45cb9b3e919" + ], + "mitre_attack_tags": [] + }, + { + "bi": "modified-executable", + "hashes": [ + "f23c4432eb6761d5742ca93ac63e32f554b2f609089cce6c7b128560cad7864c", + "834ec1bfba399fed36481af92248915e4a4f9137a3ad3d2236b9932cbf7f142b", + "152d31444542e5096b757127ed11c3aa8aa75869c7bed47c110251d6e4dc73de", + "e76428349eaa3c7ff8417a3b892cd015a0c07a7971b4e422e21751b4f762ed79", + "5d0671d8aa8a4c3eaeca7d73c197f20fa5e3698f97d9f99abf50b4e43ab1d113", + "08039ef764c01600b0b21b33fb9c45031fecacfbc62ac1400a2604783c513e4d", + "b1bd6d9e01e6a377172d207b9c1f0ea2a22dd5cb8d1eb453c6753d8d4d1a2879", + "d8650cb35c1ae0a368ceb7254f17b62f5e05abf8e4ce7fe3a0d8c39574532d95", + "57f94f852f1a625bebfe96a57be5c6cbcb17016f786ebe1991265c442dc42103", + "f98a7257bc518d66a99b78f55fbde062882e70024240e2136ef3d9ae4d85f911", + "bcb654091e412f70fd2fee09794a727f4309f613eb2f03c224a559c1c338115c", + "edf0c17aed631d1cd31e43c1be2291b74129f2b71be868156866a31fcac6cb05", + "6557faee4a706e851f0aa28785e38dc56bfd422c4d8864c754c884163ab8ab3d", + "31535bfd8856f9497076a79fc6bac118901275a4928e9c31bfd42641aa624a98", + "70ba4783c12ca57a129c5f3ab9d85ee34f5dc753952d15b49f5c54c6f067909e", + "0e473f4bdc3a37ef888a4f44616e0c09c38b8d7fcdb617736aa8f294dd99e920", + "0f6a595d6bfd0dc514dbde0b8be7cdb2aa1dba94a103f1c79205f0bcf9856e7f", + "50e76d4936b183bf0c03761a38bf0d74e037ce72b59df8a28764b7f446675f51", + "1be1d57117ab25b16d4d17176062dc0cb469e25dcf2ec8c751c2104365697ae6" + ], + "mitre_attack_tags": [] + }, + { + "bi": "registry-autorun-key-modified", + "hashes": [ + "f23c4432eb6761d5742ca93ac63e32f554b2f609089cce6c7b128560cad7864c", + "834ec1bfba399fed36481af92248915e4a4f9137a3ad3d2236b9932cbf7f142b", + "152d31444542e5096b757127ed11c3aa8aa75869c7bed47c110251d6e4dc73de", + "e76428349eaa3c7ff8417a3b892cd015a0c07a7971b4e422e21751b4f762ed79", + "5d0671d8aa8a4c3eaeca7d73c197f20fa5e3698f97d9f99abf50b4e43ab1d113", + "08039ef764c01600b0b21b33fb9c45031fecacfbc62ac1400a2604783c513e4d", + "b1bd6d9e01e6a377172d207b9c1f0ea2a22dd5cb8d1eb453c6753d8d4d1a2879", + "d8650cb35c1ae0a368ceb7254f17b62f5e05abf8e4ce7fe3a0d8c39574532d95", + "57f94f852f1a625bebfe96a57be5c6cbcb17016f786ebe1991265c442dc42103", + "f98a7257bc518d66a99b78f55fbde062882e70024240e2136ef3d9ae4d85f911", + "bcb654091e412f70fd2fee09794a727f4309f613eb2f03c224a559c1c338115c", + "edf0c17aed631d1cd31e43c1be2291b74129f2b71be868156866a31fcac6cb05", + "6557faee4a706e851f0aa28785e38dc56bfd422c4d8864c754c884163ab8ab3d", + "31535bfd8856f9497076a79fc6bac118901275a4928e9c31bfd42641aa624a98", + "70ba4783c12ca57a129c5f3ab9d85ee34f5dc753952d15b49f5c54c6f067909e", + "0e473f4bdc3a37ef888a4f44616e0c09c38b8d7fcdb617736aa8f294dd99e920", + "0f6a595d6bfd0dc514dbde0b8be7cdb2aa1dba94a103f1c79205f0bcf9856e7f", + "50e76d4936b183bf0c03761a38bf0d74e037ce72b59df8a28764b7f446675f51", + "1be1d57117ab25b16d4d17176062dc0cb469e25dcf2ec8c751c2104365697ae6" + ], + "mitre_attack_tags": [ + "TA0003", + "T1060" + ] + }, + { + "bi": "process-hollowing-detected", + "hashes": [ + "ad9b169e3ec2bca38608c3a2a260a5c8fd7d425922c1be0480632b1853e8b800", + "f23c4432eb6761d5742ca93ac63e32f554b2f609089cce6c7b128560cad7864c", + "833d572bc5d010513b2db0ddf8585146717626ca0b1ed31afcf2c060a85532fc", + "cdf04a526edb74c65e0bad7231b1f7aa7b387db4b4d16dbed7ea5d7ce03b3c74", + "8512563d18fbbb08c0f925f52b57284e755f64aa11b8298ae25083b73826f98c", + "58d4c099e50e96300e2041940d65fbcb8e85978a83ad7cf7457972aeb9f006ba", + "73e47ae090f62b5723ccc7a1b452e8c8b305f22734f7efac6402c9edbd49bc5c", + "152d31444542e5096b757127ed11c3aa8aa75869c7bed47c110251d6e4dc73de", + "e76428349eaa3c7ff8417a3b892cd015a0c07a7971b4e422e21751b4f762ed79", + "08039ef764c01600b0b21b33fb9c45031fecacfbc62ac1400a2604783c513e4d", + "b1bd6d9e01e6a377172d207b9c1f0ea2a22dd5cb8d1eb453c6753d8d4d1a2879", + "57f94f852f1a625bebfe96a57be5c6cbcb17016f786ebe1991265c442dc42103", + "bcb654091e412f70fd2fee09794a727f4309f613eb2f03c224a559c1c338115c", + "6557faee4a706e851f0aa28785e38dc56bfd422c4d8864c754c884163ab8ab3d", + "31535bfd8856f9497076a79fc6bac118901275a4928e9c31bfd42641aa624a98", + "0e473f4bdc3a37ef888a4f44616e0c09c38b8d7fcdb617736aa8f294dd99e920", + "63935268c3fd6806fc5de779b5f72358721f7dd537de53f019f3baa1cbdb3451", + "2be6e59520303b18c3c4524be67c74f8cadfe80101440fcd61d5da6a9648b48f" + ], + "mitre_attack_tags": [ + "TA0005", + "T1093" + ] + }, + { + "bi": "modified-file-in-user-dir", + "hashes": [ + "f23c4432eb6761d5742ca93ac63e32f554b2f609089cce6c7b128560cad7864c", + "834ec1bfba399fed36481af92248915e4a4f9137a3ad3d2236b9932cbf7f142b", + "152d31444542e5096b757127ed11c3aa8aa75869c7bed47c110251d6e4dc73de", + "e76428349eaa3c7ff8417a3b892cd015a0c07a7971b4e422e21751b4f762ed79", + "08039ef764c01600b0b21b33fb9c45031fecacfbc62ac1400a2604783c513e4d", + "b1bd6d9e01e6a377172d207b9c1f0ea2a22dd5cb8d1eb453c6753d8d4d1a2879", + "d8650cb35c1ae0a368ceb7254f17b62f5e05abf8e4ce7fe3a0d8c39574532d95", + "57f94f852f1a625bebfe96a57be5c6cbcb17016f786ebe1991265c442dc42103", + "f98a7257bc518d66a99b78f55fbde062882e70024240e2136ef3d9ae4d85f911", + "bcb654091e412f70fd2fee09794a727f4309f613eb2f03c224a559c1c338115c", + "6557faee4a706e851f0aa28785e38dc56bfd422c4d8864c754c884163ab8ab3d", + "31535bfd8856f9497076a79fc6bac118901275a4928e9c31bfd42641aa624a98", + "70ba4783c12ca57a129c5f3ab9d85ee34f5dc753952d15b49f5c54c6f067909e", + "0e473f4bdc3a37ef888a4f44616e0c09c38b8d7fcdb617736aa8f294dd99e920", + "50e76d4936b183bf0c03761a38bf0d74e037ce72b59df8a28764b7f446675f51", + "1be1d57117ab25b16d4d17176062dc0cb469e25dcf2ec8c751c2104365697ae6", + "1899e0b8e3b986a5de287ba23c6e81b287078d7d17eecf30eb10b8013633f709" + ], + "mitre_attack_tags": [] + }, + { + "bi": "process-requested-softice", + "hashes": [ + "ad9b169e3ec2bca38608c3a2a260a5c8fd7d425922c1be0480632b1853e8b800", + "833d572bc5d010513b2db0ddf8585146717626ca0b1ed31afcf2c060a85532fc", + "cdf04a526edb74c65e0bad7231b1f7aa7b387db4b4d16dbed7ea5d7ce03b3c74", + "9588eea7a663c0b1afa4019215e3720191ca182b8ab3267600d3c0015b8b6f90", + "8512563d18fbbb08c0f925f52b57284e755f64aa11b8298ae25083b73826f98c", + "58d4c099e50e96300e2041940d65fbcb8e85978a83ad7cf7457972aeb9f006ba", + "c671c6ba02521a078cffc1509fd3f5864791ad7c38a89b626cd2fc9159bd3de5", + "73e47ae090f62b5723ccc7a1b452e8c8b305f22734f7efac6402c9edbd49bc5c", + "4ce17adddc15f920b90d1f6920fb398b3a3a229d8888c454cab78263e0e95801", + "5e59a550cc3f18a66b663286b2ad08a5612fdd34e8e1667f5229c05e3053d48d", + "63935268c3fd6806fc5de779b5f72358721f7dd537de53f019f3baa1cbdb3451", + "2be6e59520303b18c3c4524be67c74f8cadfe80101440fcd61d5da6a9648b48f", + "18bc76cc05f305549fbee7757c01f897110effac971738af751815589036d5dc", + "411f03cb9f75856e767ff1b2c3d03464026f32943e4a193d65f8997e6bf7f0cd", + "8167bea409789e03d3483aa7497762f2c3f33ed25122fcd8b7e7b45cb9b3e919" + ], + "mitre_attack_tags": [ + "TA0007", + "T1497" + ] + }, + { + "bi": "antivirus-flagged-artifact", + "hashes": [ + "152d31444542e5096b757127ed11c3aa8aa75869c7bed47c110251d6e4dc73de", + "5d0671d8aa8a4c3eaeca7d73c197f20fa5e3698f97d9f99abf50b4e43ab1d113", + "08039ef764c01600b0b21b33fb9c45031fecacfbc62ac1400a2604783c513e4d", + "b1bd6d9e01e6a377172d207b9c1f0ea2a22dd5cb8d1eb453c6753d8d4d1a2879", + "d8650cb35c1ae0a368ceb7254f17b62f5e05abf8e4ce7fe3a0d8c39574532d95", + "57f94f852f1a625bebfe96a57be5c6cbcb17016f786ebe1991265c442dc42103", + "f98a7257bc518d66a99b78f55fbde062882e70024240e2136ef3d9ae4d85f911", + "bcb654091e412f70fd2fee09794a727f4309f613eb2f03c224a559c1c338115c", + "3b765b6d85b21b8304c2287d2ede993082455f64d904529dd8eb03482b5cf3b3", + "edf0c17aed631d1cd31e43c1be2291b74129f2b71be868156866a31fcac6cb05", + "31535bfd8856f9497076a79fc6bac118901275a4928e9c31bfd42641aa624a98", + "70ba4783c12ca57a129c5f3ab9d85ee34f5dc753952d15b49f5c54c6f067909e", + "0e473f4bdc3a37ef888a4f44616e0c09c38b8d7fcdb617736aa8f294dd99e920", + "50e76d4936b183bf0c03761a38bf0d74e037ce72b59df8a28764b7f446675f51" + ], + "mitre_attack_tags": [] + }, + { + "bi": "created-executable-in-user-dir", + "hashes": [ + "152d31444542e5096b757127ed11c3aa8aa75869c7bed47c110251d6e4dc73de", + "e76428349eaa3c7ff8417a3b892cd015a0c07a7971b4e422e21751b4f762ed79", + "08039ef764c01600b0b21b33fb9c45031fecacfbc62ac1400a2604783c513e4d", + "b1bd6d9e01e6a377172d207b9c1f0ea2a22dd5cb8d1eb453c6753d8d4d1a2879", + "d8650cb35c1ae0a368ceb7254f17b62f5e05abf8e4ce7fe3a0d8c39574532d95", + "57f94f852f1a625bebfe96a57be5c6cbcb17016f786ebe1991265c442dc42103", + "f98a7257bc518d66a99b78f55fbde062882e70024240e2136ef3d9ae4d85f911", + "bcb654091e412f70fd2fee09794a727f4309f613eb2f03c224a559c1c338115c", + "6557faee4a706e851f0aa28785e38dc56bfd422c4d8864c754c884163ab8ab3d", + "31535bfd8856f9497076a79fc6bac118901275a4928e9c31bfd42641aa624a98", + "70ba4783c12ca57a129c5f3ab9d85ee34f5dc753952d15b49f5c54c6f067909e", + "0e473f4bdc3a37ef888a4f44616e0c09c38b8d7fcdb617736aa8f294dd99e920", + "50e76d4936b183bf0c03761a38bf0d74e037ce72b59df8a28764b7f446675f51", + "1be1d57117ab25b16d4d17176062dc0cb469e25dcf2ec8c751c2104365697ae6" + ], + "mitre_attack_tags": [] + }, + { + "bi": "malware-known-trojan-av", + "hashes": [ + "152d31444542e5096b757127ed11c3aa8aa75869c7bed47c110251d6e4dc73de", + "5d0671d8aa8a4c3eaeca7d73c197f20fa5e3698f97d9f99abf50b4e43ab1d113", + "08039ef764c01600b0b21b33fb9c45031fecacfbc62ac1400a2604783c513e4d", + "b1bd6d9e01e6a377172d207b9c1f0ea2a22dd5cb8d1eb453c6753d8d4d1a2879", + "d8650cb35c1ae0a368ceb7254f17b62f5e05abf8e4ce7fe3a0d8c39574532d95", + "57f94f852f1a625bebfe96a57be5c6cbcb17016f786ebe1991265c442dc42103", + "f98a7257bc518d66a99b78f55fbde062882e70024240e2136ef3d9ae4d85f911", + "bcb654091e412f70fd2fee09794a727f4309f613eb2f03c224a559c1c338115c", + "3b765b6d85b21b8304c2287d2ede993082455f64d904529dd8eb03482b5cf3b3", + "edf0c17aed631d1cd31e43c1be2291b74129f2b71be868156866a31fcac6cb05", + "31535bfd8856f9497076a79fc6bac118901275a4928e9c31bfd42641aa624a98", + "70ba4783c12ca57a129c5f3ab9d85ee34f5dc753952d15b49f5c54c6f067909e", + "0e473f4bdc3a37ef888a4f44616e0c09c38b8d7fcdb617736aa8f294dd99e920", + "50e76d4936b183bf0c03761a38bf0d74e037ce72b59df8a28764b7f446675f51" + ], + "mitre_attack_tags": [] + }, + { + "bi": "network-dns-category-dynamic", + "hashes": [ + "834ec1bfba399fed36481af92248915e4a4f9137a3ad3d2236b9932cbf7f142b", + "152d31444542e5096b757127ed11c3aa8aa75869c7bed47c110251d6e4dc73de", + "5d0671d8aa8a4c3eaeca7d73c197f20fa5e3698f97d9f99abf50b4e43ab1d113", + "b1bd6d9e01e6a377172d207b9c1f0ea2a22dd5cb8d1eb453c6753d8d4d1a2879", + "d8650cb35c1ae0a368ceb7254f17b62f5e05abf8e4ce7fe3a0d8c39574532d95", + "6557faee4a706e851f0aa28785e38dc56bfd422c4d8864c754c884163ab8ab3d", + "31535bfd8856f9497076a79fc6bac118901275a4928e9c31bfd42641aa624a98", + "70ba4783c12ca57a129c5f3ab9d85ee34f5dc753952d15b49f5c54c6f067909e", + "0e473f4bdc3a37ef888a4f44616e0c09c38b8d7fcdb617736aa8f294dd99e920", + "0f6a595d6bfd0dc514dbde0b8be7cdb2aa1dba94a103f1c79205f0bcf9856e7f", + "1be1d57117ab25b16d4d17176062dc0cb469e25dcf2ec8c751c2104365697ae6" + ], + "mitre_attack_tags": [] + }, + { + "bi": "malware-darkcomet-registry-detected", + "hashes": [ + "152d31444542e5096b757127ed11c3aa8aa75869c7bed47c110251d6e4dc73de", + "e76428349eaa3c7ff8417a3b892cd015a0c07a7971b4e422e21751b4f762ed79", + "5d0671d8aa8a4c3eaeca7d73c197f20fa5e3698f97d9f99abf50b4e43ab1d113", + "08039ef764c01600b0b21b33fb9c45031fecacfbc62ac1400a2604783c513e4d", + "b1bd6d9e01e6a377172d207b9c1f0ea2a22dd5cb8d1eb453c6753d8d4d1a2879", + "d8650cb35c1ae0a368ceb7254f17b62f5e05abf8e4ce7fe3a0d8c39574532d95", + "57f94f852f1a625bebfe96a57be5c6cbcb17016f786ebe1991265c442dc42103", + "f98a7257bc518d66a99b78f55fbde062882e70024240e2136ef3d9ae4d85f911", + "bcb654091e412f70fd2fee09794a727f4309f613eb2f03c224a559c1c338115c", + "3b765b6d85b21b8304c2287d2ede993082455f64d904529dd8eb03482b5cf3b3", + "edf0c17aed631d1cd31e43c1be2291b74129f2b71be868156866a31fcac6cb05" + ], + "mitre_attack_tags": [] + }, + { + "bi": "network-dns-safe-categories", + "hashes": [ + "f23c4432eb6761d5742ca93ac63e32f554b2f609089cce6c7b128560cad7864c", + "5d0671d8aa8a4c3eaeca7d73c197f20fa5e3698f97d9f99abf50b4e43ab1d113", + "08039ef764c01600b0b21b33fb9c45031fecacfbc62ac1400a2604783c513e4d", + "57f94f852f1a625bebfe96a57be5c6cbcb17016f786ebe1991265c442dc42103", + "bcb654091e412f70fd2fee09794a727f4309f613eb2f03c224a559c1c338115c", + "31535bfd8856f9497076a79fc6bac118901275a4928e9c31bfd42641aa624a98", + "70ba4783c12ca57a129c5f3ab9d85ee34f5dc753952d15b49f5c54c6f067909e", + "0e473f4bdc3a37ef888a4f44616e0c09c38b8d7fcdb617736aa8f294dd99e920", + "0f6a595d6bfd0dc514dbde0b8be7cdb2aa1dba94a103f1c79205f0bcf9856e7f", + "1be1d57117ab25b16d4d17176062dc0cb469e25dcf2ec8c751c2104365697ae6" + ], + "mitre_attack_tags": [] + }, + { + "bi": "hook-installed", + "hashes": [ + "152d31444542e5096b757127ed11c3aa8aa75869c7bed47c110251d6e4dc73de", + "5d0671d8aa8a4c3eaeca7d73c197f20fa5e3698f97d9f99abf50b4e43ab1d113", + "08039ef764c01600b0b21b33fb9c45031fecacfbc62ac1400a2604783c513e4d", + "b1bd6d9e01e6a377172d207b9c1f0ea2a22dd5cb8d1eb453c6753d8d4d1a2879", + "d8650cb35c1ae0a368ceb7254f17b62f5e05abf8e4ce7fe3a0d8c39574532d95", + "57f94f852f1a625bebfe96a57be5c6cbcb17016f786ebe1991265c442dc42103", + "f98a7257bc518d66a99b78f55fbde062882e70024240e2136ef3d9ae4d85f911", + "bcb654091e412f70fd2fee09794a727f4309f613eb2f03c224a559c1c338115c", + "3b765b6d85b21b8304c2287d2ede993082455f64d904529dd8eb03482b5cf3b3", + "edf0c17aed631d1cd31e43c1be2291b74129f2b71be868156866a31fcac6cb05" + ], + "mitre_attack_tags": [ + "TA0006", + "TA0003", + "TA0004", + "T1056", + "T1179" + ] + }, + { + "bi": "artifact-memory-vm-detect", + "hashes": [ + "152d31444542e5096b757127ed11c3aa8aa75869c7bed47c110251d6e4dc73de", + "5d0671d8aa8a4c3eaeca7d73c197f20fa5e3698f97d9f99abf50b4e43ab1d113", + "08039ef764c01600b0b21b33fb9c45031fecacfbc62ac1400a2604783c513e4d", + "b1bd6d9e01e6a377172d207b9c1f0ea2a22dd5cb8d1eb453c6753d8d4d1a2879", + "d8650cb35c1ae0a368ceb7254f17b62f5e05abf8e4ce7fe3a0d8c39574532d95", + "57f94f852f1a625bebfe96a57be5c6cbcb17016f786ebe1991265c442dc42103", + "f98a7257bc518d66a99b78f55fbde062882e70024240e2136ef3d9ae4d85f911", + "bcb654091e412f70fd2fee09794a727f4309f613eb2f03c224a559c1c338115c", + "3b765b6d85b21b8304c2287d2ede993082455f64d904529dd8eb03482b5cf3b3", + "edf0c17aed631d1cd31e43c1be2291b74129f2b71be868156866a31fcac6cb05" + ], + "mitre_attack_tags": [ + "TA0005", + "T1497" + ] + }, + { + "bi": "registry-winlogon-key-modified-nt", + "hashes": [ + "152d31444542e5096b757127ed11c3aa8aa75869c7bed47c110251d6e4dc73de", + "e76428349eaa3c7ff8417a3b892cd015a0c07a7971b4e422e21751b4f762ed79", + "5d0671d8aa8a4c3eaeca7d73c197f20fa5e3698f97d9f99abf50b4e43ab1d113", + "08039ef764c01600b0b21b33fb9c45031fecacfbc62ac1400a2604783c513e4d", + "b1bd6d9e01e6a377172d207b9c1f0ea2a22dd5cb8d1eb453c6753d8d4d1a2879", + "d8650cb35c1ae0a368ceb7254f17b62f5e05abf8e4ce7fe3a0d8c39574532d95", + "57f94f852f1a625bebfe96a57be5c6cbcb17016f786ebe1991265c442dc42103", + "f98a7257bc518d66a99b78f55fbde062882e70024240e2136ef3d9ae4d85f911", + "bcb654091e412f70fd2fee09794a727f4309f613eb2f03c224a559c1c338115c", + "edf0c17aed631d1cd31e43c1be2291b74129f2b71be868156866a31fcac6cb05" + ], + "mitre_attack_tags": [ + "TA0003", + "T1112" + ] + }, + { + "bi": "malware-darkcomet-detected", + "hashes": [ + "152d31444542e5096b757127ed11c3aa8aa75869c7bed47c110251d6e4dc73de", + "5d0671d8aa8a4c3eaeca7d73c197f20fa5e3698f97d9f99abf50b4e43ab1d113", + "08039ef764c01600b0b21b33fb9c45031fecacfbc62ac1400a2604783c513e4d", + "b1bd6d9e01e6a377172d207b9c1f0ea2a22dd5cb8d1eb453c6753d8d4d1a2879", + "d8650cb35c1ae0a368ceb7254f17b62f5e05abf8e4ce7fe3a0d8c39574532d95", + "57f94f852f1a625bebfe96a57be5c6cbcb17016f786ebe1991265c442dc42103", + "f98a7257bc518d66a99b78f55fbde062882e70024240e2136ef3d9ae4d85f911", + "bcb654091e412f70fd2fee09794a727f4309f613eb2f03c224a559c1c338115c", + "3b765b6d85b21b8304c2287d2ede993082455f64d904529dd8eb03482b5cf3b3", + "edf0c17aed631d1cd31e43c1be2291b74129f2b71be868156866a31fcac6cb05" + ], + "mitre_attack_tags": [] + }, + { + "bi": "network-fast-flux-nameserver", + "hashes": [ + "f23c4432eb6761d5742ca93ac63e32f554b2f609089cce6c7b128560cad7864c", + "08039ef764c01600b0b21b33fb9c45031fecacfbc62ac1400a2604783c513e4d", + "57f94f852f1a625bebfe96a57be5c6cbcb17016f786ebe1991265c442dc42103", + "bcb654091e412f70fd2fee09794a727f4309f613eb2f03c224a559c1c338115c", + "31535bfd8856f9497076a79fc6bac118901275a4928e9c31bfd42641aa624a98", + "70ba4783c12ca57a129c5f3ab9d85ee34f5dc753952d15b49f5c54c6f067909e", + "0e473f4bdc3a37ef888a4f44616e0c09c38b8d7fcdb617736aa8f294dd99e920", + "0f6a595d6bfd0dc514dbde0b8be7cdb2aa1dba94a103f1c79205f0bcf9856e7f", + "1be1d57117ab25b16d4d17176062dc0cb469e25dcf2ec8c751c2104365697ae6" + ], + "mitre_attack_tags": [] + }, + { + "bi": "modified-file-in-system-dir", + "hashes": [ + "f23c4432eb6761d5742ca93ac63e32f554b2f609089cce6c7b128560cad7864c", + "834ec1bfba399fed36481af92248915e4a4f9137a3ad3d2236b9932cbf7f142b", + "5d0671d8aa8a4c3eaeca7d73c197f20fa5e3698f97d9f99abf50b4e43ab1d113", + "edf0c17aed631d1cd31e43c1be2291b74129f2b71be868156866a31fcac6cb05", + "0f6a595d6bfd0dc514dbde0b8be7cdb2aa1dba94a103f1c79205f0bcf9856e7f", + "50e76d4936b183bf0c03761a38bf0d74e037ce72b59df8a28764b7f446675f51", + "1be1d57117ab25b16d4d17176062dc0cb469e25dcf2ec8c751c2104365697ae6" + ], + "mitre_attack_tags": [] + }, + { + "bi": "windows-util-attrib-hide", + "hashes": [ + "152d31444542e5096b757127ed11c3aa8aa75869c7bed47c110251d6e4dc73de", + "e76428349eaa3c7ff8417a3b892cd015a0c07a7971b4e422e21751b4f762ed79", + "08039ef764c01600b0b21b33fb9c45031fecacfbc62ac1400a2604783c513e4d", + "57f94f852f1a625bebfe96a57be5c6cbcb17016f786ebe1991265c442dc42103", + "bcb654091e412f70fd2fee09794a727f4309f613eb2f03c224a559c1c338115c" + ], + "mitre_attack_tags": [ + "TA0005", + "T1158" + ] + }, + { + "bi": "file-attribute-modification", + "hashes": [ + "152d31444542e5096b757127ed11c3aa8aa75869c7bed47c110251d6e4dc73de", + "e76428349eaa3c7ff8417a3b892cd015a0c07a7971b4e422e21751b4f762ed79", + "08039ef764c01600b0b21b33fb9c45031fecacfbc62ac1400a2604783c513e4d", + "57f94f852f1a625bebfe96a57be5c6cbcb17016f786ebe1991265c442dc42103", + "bcb654091e412f70fd2fee09794a727f4309f613eb2f03c224a559c1c338115c" + ], + "mitre_attack_tags": [ + "TA0005", + "T1096" + ] + }, + { + "bi": "registry-autorun-key-data-dir", + "hashes": [ + "d8650cb35c1ae0a368ceb7254f17b62f5e05abf8e4ce7fe3a0d8c39574532d95", + "6557faee4a706e851f0aa28785e38dc56bfd422c4d8864c754c884163ab8ab3d", + "31535bfd8856f9497076a79fc6bac118901275a4928e9c31bfd42641aa624a98", + "70ba4783c12ca57a129c5f3ab9d85ee34f5dc753952d15b49f5c54c6f067909e", + "0e473f4bdc3a37ef888a4f44616e0c09c38b8d7fcdb617736aa8f294dd99e920" + ], + "mitre_attack_tags": [ + "TA0003", + "T1060" + ] + }, + { + "bi": "unsigned-roaming-execution", + "hashes": [ + "d8650cb35c1ae0a368ceb7254f17b62f5e05abf8e4ce7fe3a0d8c39574532d95", + "6557faee4a706e851f0aa28785e38dc56bfd422c4d8864c754c884163ab8ab3d", + "31535bfd8856f9497076a79fc6bac118901275a4928e9c31bfd42641aa624a98", + "70ba4783c12ca57a129c5f3ab9d85ee34f5dc753952d15b49f5c54c6f067909e", + "0e473f4bdc3a37ef888a4f44616e0c09c38b8d7fcdb617736aa8f294dd99e920" + ], + "mitre_attack_tags": [ + "TA0005" + ] + }, + { + "bi": "dns-dynamic-domain", + "hashes": [ + "f23c4432eb6761d5742ca93ac63e32f554b2f609089cce6c7b128560cad7864c", + "08039ef764c01600b0b21b33fb9c45031fecacfbc62ac1400a2604783c513e4d", + "57f94f852f1a625bebfe96a57be5c6cbcb17016f786ebe1991265c442dc42103", + "bcb654091e412f70fd2fee09794a727f4309f613eb2f03c224a559c1c338115c" + ], + "mitre_attack_tags": [ + "TA0011", + "TA0005" + ] + }, + { + "bi": "registry-activesetup-key-modified", + "hashes": [ + "f23c4432eb6761d5742ca93ac63e32f554b2f609089cce6c7b128560cad7864c", + "834ec1bfba399fed36481af92248915e4a4f9137a3ad3d2236b9932cbf7f142b", + "0f6a595d6bfd0dc514dbde0b8be7cdb2aa1dba94a103f1c79205f0bcf9856e7f", + "1be1d57117ab25b16d4d17176062dc0cb469e25dcf2ec8c751c2104365697ae6" + ], + "mitre_attack_tags": [ + "TA0003", + "T1060" + ] + }, + { + "bi": "feed-domain-antivirus-service", + "hashes": [ + "834ec1bfba399fed36481af92248915e4a4f9137a3ad3d2236b9932cbf7f142b", + "d8650cb35c1ae0a368ceb7254f17b62f5e05abf8e4ce7fe3a0d8c39574532d95", + "6557faee4a706e851f0aa28785e38dc56bfd422c4d8864c754c884163ab8ab3d", + "1899e0b8e3b986a5de287ba23c6e81b287078d7d17eecf30eb10b8013633f709" + ], + "mitre_attack_tags": [] + }, + { + "bi": "registry-service-autostart-disabled", + "hashes": [ + "152d31444542e5096b757127ed11c3aa8aa75869c7bed47c110251d6e4dc73de", + "e76428349eaa3c7ff8417a3b892cd015a0c07a7971b4e422e21751b4f762ed79", + "d8650cb35c1ae0a368ceb7254f17b62f5e05abf8e4ce7fe3a0d8c39574532d95", + "edf0c17aed631d1cd31e43c1be2291b74129f2b71be868156866a31fcac6cb05" + ], + "mitre_attack_tags": [ + "TA0003", + "T1112", + "T1489", + "T1058" + ] + }, + { + "bi": "pe-packed-upx", + "hashes": [ + "6557faee4a706e851f0aa28785e38dc56bfd422c4d8864c754c884163ab8ab3d", + "31535bfd8856f9497076a79fc6bac118901275a4928e9c31bfd42641aa624a98", + "70ba4783c12ca57a129c5f3ab9d85ee34f5dc753952d15b49f5c54c6f067909e", + "0e473f4bdc3a37ef888a4f44616e0c09c38b8d7fcdb617736aa8f294dd99e920" + ], + "mitre_attack_tags": [ + "TA0005", + "T1027" + ] + }, + { + "bi": "modified-file-on-usb", + "hashes": [ + "31535bfd8856f9497076a79fc6bac118901275a4928e9c31bfd42641aa624a98", + "70ba4783c12ca57a129c5f3ab9d85ee34f5dc753952d15b49f5c54c6f067909e", + "0e473f4bdc3a37ef888a4f44616e0c09c38b8d7fcdb617736aa8f294dd99e920", + "50e76d4936b183bf0c03761a38bf0d74e037ce72b59df8a28764b7f446675f51" + ], + "mitre_attack_tags": [ + "TA0011", + "T1092" + ] + }, + { + "bi": "process-explorer-suspicious-launch", + "hashes": [ + "f23c4432eb6761d5742ca93ac63e32f554b2f609089cce6c7b128560cad7864c", + "834ec1bfba399fed36481af92248915e4a4f9137a3ad3d2236b9932cbf7f142b", + "1be1d57117ab25b16d4d17176062dc0cb469e25dcf2ec8c751c2104365697ae6" + ], + "mitre_attack_tags": [ + "TA0005", + "T1055" + ] + }, + { + "bi": "dns-query-nxdomain", + "hashes": [ + "834ec1bfba399fed36481af92248915e4a4f9137a3ad3d2236b9932cbf7f142b", + "d8650cb35c1ae0a368ceb7254f17b62f5e05abf8e4ce7fe3a0d8c39574532d95", + "6557faee4a706e851f0aa28785e38dc56bfd422c4d8864c754c884163ab8ab3d" + ], + "mitre_attack_tags": [] + }, + { + "bi": "registry-autorun-key-temp-dir", + "hashes": [ + "152d31444542e5096b757127ed11c3aa8aa75869c7bed47c110251d6e4dc73de", + "b1bd6d9e01e6a377172d207b9c1f0ea2a22dd5cb8d1eb453c6753d8d4d1a2879", + "50e76d4936b183bf0c03761a38bf0d74e037ce72b59df8a28764b7f446675f51" + ], + "mitre_attack_tags": [ + "TA0003", + "T1060" + ] + }, + { + "bi": "pe-encrypted-section", + "hashes": [ + "31535bfd8856f9497076a79fc6bac118901275a4928e9c31bfd42641aa624a98", + "70ba4783c12ca57a129c5f3ab9d85ee34f5dc753952d15b49f5c54c6f067909e", + "0e473f4bdc3a37ef888a4f44616e0c09c38b8d7fcdb617736aa8f294dd99e920" + ], + "mitre_attack_tags": [ + "TA0005", + "T1027" + ] + }, + { + "bi": "pe-filename-mismatch", + "hashes": [ + "31535bfd8856f9497076a79fc6bac118901275a4928e9c31bfd42641aa624a98", + "70ba4783c12ca57a129c5f3ab9d85ee34f5dc753952d15b49f5c54c6f067909e", + "0e473f4bdc3a37ef888a4f44616e0c09c38b8d7fcdb617736aa8f294dd99e920" + ], + "mitre_attack_tags": [] + }, + { + "bi": "pe-section-execute-writable", + "hashes": [ + "31535bfd8856f9497076a79fc6bac118901275a4928e9c31bfd42641aa624a98", + "70ba4783c12ca57a129c5f3ab9d85ee34f5dc753952d15b49f5c54c6f067909e", + "0e473f4bdc3a37ef888a4f44616e0c09c38b8d7fcdb617736aa8f294dd99e920" + ], + "mitre_attack_tags": [ + "TA0005", + "T1027" + ] + }, + { + "bi": "file-ini-read", + "hashes": [ + "31535bfd8856f9497076a79fc6bac118901275a4928e9c31bfd42641aa624a98", + "70ba4783c12ca57a129c5f3ab9d85ee34f5dc753952d15b49f5c54c6f067909e", + "0e473f4bdc3a37ef888a4f44616e0c09c38b8d7fcdb617736aa8f294dd99e920" + ], + "mitre_attack_tags": [] + }, + { + "bi": "pe-uses-visual-basic", + "hashes": [ + "31535bfd8856f9497076a79fc6bac118901275a4928e9c31bfd42641aa624a98", + "70ba4783c12ca57a129c5f3ab9d85ee34f5dc753952d15b49f5c54c6f067909e", + "0e473f4bdc3a37ef888a4f44616e0c09c38b8d7fcdb617736aa8f294dd99e920" + ], + "mitre_attack_tags": [] + }, + { + "bi": "firefox-password-manager-local-database-access", + "hashes": [ + "31535bfd8856f9497076a79fc6bac118901275a4928e9c31bfd42641aa624a98", + "70ba4783c12ca57a129c5f3ab9d85ee34f5dc753952d15b49f5c54c6f067909e", + "0e473f4bdc3a37ef888a4f44616e0c09c38b8d7fcdb617736aa8f294dd99e920" + ], + "mitre_attack_tags": [ + "TA0006", + "T1003" + ] + }, + { + "bi": "enumeration-browser-information", + "hashes": [ + "31535bfd8856f9497076a79fc6bac118901275a4928e9c31bfd42641aa624a98", + "70ba4783c12ca57a129c5f3ab9d85ee34f5dc753952d15b49f5c54c6f067909e", + "0e473f4bdc3a37ef888a4f44616e0c09c38b8d7fcdb617736aa8f294dd99e920" + ], + "mitre_attack_tags": [ + "TA0007", + "TA0006", + "T1003", + "T1217" + ] + }, + { + "bi": "files-deleted-used-batch", + "hashes": [ + "31535bfd8856f9497076a79fc6bac118901275a4928e9c31bfd42641aa624a98", + "70ba4783c12ca57a129c5f3ab9d85ee34f5dc753952d15b49f5c54c6f067909e", + "0e473f4bdc3a37ef888a4f44616e0c09c38b8d7fcdb617736aa8f294dd99e920" + ], + "mitre_attack_tags": [ + "TA0005", + "T1107" + ] + }, + { + "bi": "cmd-exe-file-execution", + "hashes": [ + "31535bfd8856f9497076a79fc6bac118901275a4928e9c31bfd42641aa624a98", + "70ba4783c12ca57a129c5f3ab9d85ee34f5dc753952d15b49f5c54c6f067909e", + "0e473f4bdc3a37ef888a4f44616e0c09c38b8d7fcdb617736aa8f294dd99e920" + ], + "mitre_attack_tags": [ + "TA0002", + "T1059" + ] + }, + { + "bi": "process-check-opera-appdata-folder", + "hashes": [ + "31535bfd8856f9497076a79fc6bac118901275a4928e9c31bfd42641aa624a98", + "70ba4783c12ca57a129c5f3ab9d85ee34f5dc753952d15b49f5c54c6f067909e", + "0e473f4bdc3a37ef888a4f44616e0c09c38b8d7fcdb617736aa8f294dd99e920" + ], + "mitre_attack_tags": [ + "TA0007", + "T1083" + ] + }, + { + "bi": "usb-drive-autoplay-modification", + "hashes": [ + "31535bfd8856f9497076a79fc6bac118901275a4928e9c31bfd42641aa624a98", + "70ba4783c12ca57a129c5f3ab9d85ee34f5dc753952d15b49f5c54c6f067909e", + "0e473f4bdc3a37ef888a4f44616e0c09c38b8d7fcdb617736aa8f294dd99e920" + ], + "mitre_attack_tags": [ + "TA0008", + "TA0001", + "T1091" + ] + }, + { + "bi": "created-executable-on-usb", + "hashes": [ + "31535bfd8856f9497076a79fc6bac118901275a4928e9c31bfd42641aa624a98", + "70ba4783c12ca57a129c5f3ab9d85ee34f5dc753952d15b49f5c54c6f067909e", + "0e473f4bdc3a37ef888a4f44616e0c09c38b8d7fcdb617736aa8f294dd99e920" + ], + "mitre_attack_tags": [ + "TA0008", + "TA0003", + "T1091" + ] + }, + { + "bi": "antivirus-flagged-artifact-cta", + "hashes": [ + "31535bfd8856f9497076a79fc6bac118901275a4928e9c31bfd42641aa624a98", + "70ba4783c12ca57a129c5f3ab9d85ee34f5dc753952d15b49f5c54c6f067909e", + "0e473f4bdc3a37ef888a4f44616e0c09c38b8d7fcdb617736aa8f294dd99e920" + ], + "mitre_attack_tags": [] + }, + { + "bi": "file-ini-modified", + "hashes": [ + "31535bfd8856f9497076a79fc6bac118901275a4928e9c31bfd42641aa624a98", + "70ba4783c12ca57a129c5f3ab9d85ee34f5dc753952d15b49f5c54c6f067909e", + "0e473f4bdc3a37ef888a4f44616e0c09c38b8d7fcdb617736aa8f294dd99e920" + ], + "mitre_attack_tags": [ + "TA0003" + ] + }, + { + "bi": "pe-vb-imports-toolhelp", + "hashes": [ + "31535bfd8856f9497076a79fc6bac118901275a4928e9c31bfd42641aa624a98", + "70ba4783c12ca57a129c5f3ab9d85ee34f5dc753952d15b49f5c54c6f067909e", + "0e473f4bdc3a37ef888a4f44616e0c09c38b8d7fcdb617736aa8f294dd99e920" + ], + "mitre_attack_tags": [ + "TA0007", + "T1057" + ] + }, + { + "bi": "feed-domain-rat", + "hashes": [ + "834ec1bfba399fed36481af92248915e4a4f9137a3ad3d2236b9932cbf7f142b", + "d8650cb35c1ae0a368ceb7254f17b62f5e05abf8e4ce7fe3a0d8c39574532d95" + ], + "mitre_attack_tags": [] + }, + { + "bi": "disables-windows-firewall", + "hashes": [ + "152d31444542e5096b757127ed11c3aa8aa75869c7bed47c110251d6e4dc73de", + "e76428349eaa3c7ff8417a3b892cd015a0c07a7971b4e422e21751b4f762ed79" + ], + "mitre_attack_tags": [ + "TA0005", + "T1089" + ] + }, + { + "bi": "registry-editor-disabled", + "hashes": [ + "152d31444542e5096b757127ed11c3aa8aa75869c7bed47c110251d6e4dc73de", + "e76428349eaa3c7ff8417a3b892cd015a0c07a7971b4e422e21751b4f762ed79" + ], + "mitre_attack_tags": [ + "TA0040", + "T1490" + ] + }, + { + "bi": "disables-security-center-notifications", + "hashes": [ + "152d31444542e5096b757127ed11c3aa8aa75869c7bed47c110251d6e4dc73de", + "e76428349eaa3c7ff8417a3b892cd015a0c07a7971b4e422e21751b4f762ed79" + ], + "mitre_attack_tags": [ + "TA0005", + "T1089" + ] + }, + { + "bi": "malware-cybergate-rat", + "hashes": [ + "f23c4432eb6761d5742ca93ac63e32f554b2f609089cce6c7b128560cad7864c" + ], + "mitre_attack_tags": [] + }, + { + "bi": "deleted-submitted-file", + "hashes": [ + "152d31444542e5096b757127ed11c3aa8aa75869c7bed47c110251d6e4dc73de" + ], + "mitre_attack_tags": [ + "TA0005", + "T1107" + ] + }, + { + "bi": "process-uses-localhost-traffic", + "hashes": [ + "e76428349eaa3c7ff8417a3b892cd015a0c07a7971b4e422e21751b4f762ed79" + ], + "mitre_attack_tags": [ + "TA0005" + ] + }, + { + "bi": "process-ping", + "hashes": [ + "e76428349eaa3c7ff8417a3b892cd015a0c07a7971b4e422e21751b4f762ed79" + ], + "mitre_attack_tags": [ + "TA0011", + "TA0007", + "T1049" + ] + }, + { + "bi": "process-ping-localhost", + "hashes": [ + "e76428349eaa3c7ff8417a3b892cd015a0c07a7971b4e422e21751b4f762ed79" + ], + "mitre_attack_tags": [ + "TA0011", + "TA0007", + "T1016" + ] + }, + { + "bi": "cmd-exe-file-deletion", + "hashes": [ + "e76428349eaa3c7ff8417a3b892cd015a0c07a7971b4e422e21751b4f762ed79" + ], + "mitre_attack_tags": [ + "TA0005", + "T1107" + ] + }, + { + "bi": "network-opendns-malicious", + "hashes": [ + "b1bd6d9e01e6a377172d207b9c1f0ea2a22dd5cb8d1eb453c6753d8d4d1a2879" + ], + "mitre_attack_tags": [] + }, + { + "bi": "netbios-query", + "hashes": [ + "b1bd6d9e01e6a377172d207b9c1f0ea2a22dd5cb8d1eb453c6753d8d4d1a2879" + ], + "mitre_attack_tags": [] + }, + { + "bi": "sample-launched-copy-domain-flagged", + "hashes": [ + "b1bd6d9e01e6a377172d207b9c1f0ea2a22dd5cb8d1eb453c6753d8d4d1a2879" + ], + "mitre_attack_tags": [ + "TA0005", + "T1102" + ] + }, + { + "bi": "artifact-windows-component-suspicious-creation", + "hashes": [ + "b1bd6d9e01e6a377172d207b9c1f0ea2a22dd5cb8d1eb453c6753d8d4d1a2879" + ], + "mitre_attack_tags": [ + "TA0005", + "T1036" + ] + }, + { + "bi": "malware-misspell-binary", + "hashes": [ + "6557faee4a706e851f0aa28785e38dc56bfd422c4d8864c754c884163ab8ab3d" + ], + "mitre_attack_tags": [] + }, + { + "bi": "process-svchost-suspicious-launch", + "hashes": [ + "0f6a595d6bfd0dc514dbde0b8be7cdb2aa1dba94a103f1c79205f0bcf9856e7f" + ], + "mitre_attack_tags": [ + "TA0005" + ] + }, + { + "bi": "potential-registry-persistence", + "hashes": [ + "0f6a595d6bfd0dc514dbde0b8be7cdb2aa1dba94a103f1c79205f0bcf9856e7f" + ], + "mitre_attack_tags": [] + }, + { + "bi": "malware-compound-cta-activity", + "hashes": [ + "0f6a595d6bfd0dc514dbde0b8be7cdb2aa1dba94a103f1c79205f0bcf9856e7f" + ], + "mitre_attack_tags": [] + }, + { + "bi": "malware-trojan-xtreme-rat-registry-key", + "hashes": [ + "0f6a595d6bfd0dc514dbde0b8be7cdb2aa1dba94a103f1c79205f0bcf9856e7f" + ], + "mitre_attack_tags": [] + }, + { + "bi": "modified-file-in-program-dir", + "hashes": [ + "50e76d4936b183bf0c03761a38bf0d74e037ce72b59df8a28764b7f446675f51" + ], + "mitre_attack_tags": [] + }, + { + "bi": "document-decoy-dropped", + "hashes": [ + "50e76d4936b183bf0c03761a38bf0d74e037ce72b59df8a28764b7f446675f51" + ], + "mitre_attack_tags": [] + }, + { + "bi": "startup-folder-modification", + "hashes": [ + "50e76d4936b183bf0c03761a38bf0d74e037ce72b59df8a28764b7f446675f51" + ], + "mitre_attack_tags": [ + "TA0003", + "T1060" + ] + }, + { + "bi": "excessive-file-modifications", + "hashes": [ + "50e76d4936b183bf0c03761a38bf0d74e037ce72b59df8a28764b7f446675f51" + ], + "mitre_attack_tags": [] + }, + { + "bi": "process-check-browser-mail-client-files", + "hashes": [ + "50e76d4936b183bf0c03761a38bf0d74e037ce72b59df8a28764b7f446675f51" + ], + "mitre_attack_tags": [ + "TA0007" + ] + }, + { + "bi": "malware-generic-ransomware-entropy", + "hashes": [ + "50e76d4936b183bf0c03761a38bf0d74e037ce72b59df8a28764b7f446675f51" + ], + "mitre_attack_tags": [] + }, + { + "bi": "registry-shell-default-file-handler-created", + "hashes": [ + "50e76d4936b183bf0c03761a38bf0d74e037ce72b59df8a28764b7f446675f51" + ], + "mitre_attack_tags": [ + "TA0003", + "T1112" + ] + }, + { + "bi": "file-handler-registration", + "hashes": [ + "50e76d4936b183bf0c03761a38bf0d74e037ce72b59df8a28764b7f446675f51" + ], + "mitre_attack_tags": [ + "TA0003", + "T1042" + ] + }, + { + "bi": "recycler-file-creation", + "hashes": [ + "50e76d4936b183bf0c03761a38bf0d74e037ce72b59df8a28764b7f446675f51" + ], + "mitre_attack_tags": [ + "TA0005", + "T1027" + ] + }, + { + "bi": "malware-generic-ransomware", + "hashes": [ + "50e76d4936b183bf0c03761a38bf0d74e037ce72b59df8a28764b7f446675f51" + ], + "mitre_attack_tags": [] + }, + { + "bi": "possible-privilege-escalation-detected", + "hashes": [ + "50e76d4936b183bf0c03761a38bf0d74e037ce72b59df8a28764b7f446675f51" + ], + "mitre_attack_tags": [ + "TA0004", + "T1068" + ] + }, + { + "bi": "process-read-ie-cookies", + "hashes": [ + "50e76d4936b183bf0c03761a38bf0d74e037ce72b59df8a28764b7f446675f51" + ], + "mitre_attack_tags": [ + "TA0009", + "T1005", + "T1119" + ] + }, + { + "bi": "process-deletes-many-files", + "hashes": [ + "50e76d4936b183bf0c03761a38bf0d74e037ce72b59df8a28764b7f446675f51" + ], + "mitre_attack_tags": [] + }, + { + "bi": "pe-uses-dot-net", + "hashes": [ + "1be1d57117ab25b16d4d17176062dc0cb469e25dcf2ec8c751c2104365697ae6" + ], + "mitre_attack_tags": [] + }, + { + "bi": "registry-autorun-key-system-dir", + "hashes": [ + "1be1d57117ab25b16d4d17176062dc0cb469e25dcf2ec8c751c2104365697ae6" + ], + "mitre_attack_tags": [ + "TA0003", + "T1060" + ] + }, + { + "bi": "artifact-flagged-obfuscation", + "hashes": [ + "1899e0b8e3b986a5de287ba23c6e81b287078d7d17eecf30eb10b8013633f709" + ], + "mitre_attack_tags": [ + "TA0005", + "T1027" + ] + }, + { + "bi": "process-long-cmdline", + "hashes": [ + "1899e0b8e3b986a5de287ba23c6e81b287078d7d17eecf30eb10b8013633f709" + ], + "mitre_attack_tags": [ + "TA0005", + "T1027" + ] + }, + { + "bi": "network-fast-flux-domain", + "hashes": [ + "1899e0b8e3b986a5de287ba23c6e81b287078d7d17eecf30eb10b8013633f709" + ], + "mitre_attack_tags": [] + }, + { + "bi": "network-communications-http-get", + "hashes": [ + "1899e0b8e3b986a5de287ba23c6e81b287078d7d17eecf30eb10b8013633f709" + ], + "mitre_attack_tags": [ + "TA0011", + "TA0010", + "T1105", + "T1043" + ] + }, + { + "bi": "network-snort-protocol", + "hashes": [ + "1899e0b8e3b986a5de287ba23c6e81b287078d7d17eecf30eb10b8013633f709" + ], + "mitre_attack_tags": [] + }, + { + "bi": "dns-excessive-domain-queries", + "hashes": [ + "1899e0b8e3b986a5de287ba23c6e81b287078d7d17eecf30eb10b8013633f709" + ], + "mitre_attack_tags": [ + "TA0011", + "T1008" + ] + }, + { + "bi": "network-only-safe-domains-contacted", + "hashes": [ + "1899e0b8e3b986a5de287ba23c6e81b287078d7d17eecf30eb10b8013633f709" + ], + "mitre_attack_tags": [] + }, + { + "bi": "network-file-downloaded-to-disk", + "hashes": [ + "1899e0b8e3b986a5de287ba23c6e81b287078d7d17eecf30eb10b8013633f709" + ], + "mitre_attack_tags": [] + }, + { + "bi": "http-response-redirect", + "hashes": [ + "1899e0b8e3b986a5de287ba23c6e81b287078d7d17eecf30eb10b8013633f709" + ], + "mitre_attack_tags": [] + }, + { + "bi": "url-not-found", + "hashes": [ + "1899e0b8e3b986a5de287ba23c6e81b287078d7d17eecf30eb10b8013633f709" + ], + "mitre_attack_tags": [] + }, + { + "bi": "script-contains-url", + "hashes": [ + "1899e0b8e3b986a5de287ba23c6e81b287078d7d17eecf30eb10b8013633f709" + ], + "mitre_attack_tags": [] + }, + { + "bi": "js-uses-fromcharcode", + "hashes": [ + "1899e0b8e3b986a5de287ba23c6e81b287078d7d17eecf30eb10b8013633f709" + ], + "mitre_attack_tags": [ + "TA0005", + "T1027" + ] + }, + { + "bi": "js-calls-activex-object", + "hashes": [ + "1899e0b8e3b986a5de287ba23c6e81b287078d7d17eecf30eb10b8013633f709" + ], + "mitre_attack_tags": [ + "TA0005", + "T1202" + ] + }, + { + "bi": "js-uses-eval", + "hashes": [ + "1899e0b8e3b986a5de287ba23c6e81b287078d7d17eecf30eb10b8013633f709" + ], + "mitre_attack_tags": [ + "TA0005", + "T1027" + ] + }, + { + "bi": "js-contains-massive-strings", + "hashes": [ + "1899e0b8e3b986a5de287ba23c6e81b287078d7d17eecf30eb10b8013633f709" + ], + "mitre_attack_tags": [ + "TA0005", + "T1027" + ] + }, + { + "bi": "js-uses-encrypt-decrypt", + "hashes": [ + "1899e0b8e3b986a5de287ba23c6e81b287078d7d17eecf30eb10b8013633f709" + ], + "mitre_attack_tags": [ + "TA0005", + "T1027" + ] + }, + { + "bi": "html-small-file-redirect", + "hashes": [ + "1899e0b8e3b986a5de287ba23c6e81b287078d7d17eecf30eb10b8013633f709" + ], + "mitre_attack_tags": [] + } + ], + "category": "Dropper", + "coverage": { + "AMP": true, + "CWS": true, + "Cloudlock": false, + "Email Security": true, + "Network Security": true, + "Threat Grid": true, + "Umbrella": true, + "WSA": true + }, + "description": "DarkComet and related variants are a family of remote access trojans designed to provide an attacker with control over an infected system. Capabilities of this malware include the ability to download files from a user's machine, mechanisms for persistence and hiding, and the ability to send back usernames and passwords from the infected system.", + "hashes": [ + "08039ef764c01600b0b21b33fb9c45031fecacfbc62ac1400a2604783c513e4d", + "0e473f4bdc3a37ef888a4f44616e0c09c38b8d7fcdb617736aa8f294dd99e920", + "0f6a595d6bfd0dc514dbde0b8be7cdb2aa1dba94a103f1c79205f0bcf9856e7f", + "152d31444542e5096b757127ed11c3aa8aa75869c7bed47c110251d6e4dc73de", + "1899e0b8e3b986a5de287ba23c6e81b287078d7d17eecf30eb10b8013633f709", + "18bc76cc05f305549fbee7757c01f897110effac971738af751815589036d5dc", + "1be1d57117ab25b16d4d17176062dc0cb469e25dcf2ec8c751c2104365697ae6", + "2be6e59520303b18c3c4524be67c74f8cadfe80101440fcd61d5da6a9648b48f", + "31535bfd8856f9497076a79fc6bac118901275a4928e9c31bfd42641aa624a98", + "3b765b6d85b21b8304c2287d2ede993082455f64d904529dd8eb03482b5cf3b3", + "3ee0145434048bb9dbff5a92a2083b3baae1c539a459668e34316bb75ad318de", + "411f03cb9f75856e767ff1b2c3d03464026f32943e4a193d65f8997e6bf7f0cd", + "4ce17adddc15f920b90d1f6920fb398b3a3a229d8888c454cab78263e0e95801", + "50e76d4936b183bf0c03761a38bf0d74e037ce72b59df8a28764b7f446675f51", + "57f94f852f1a625bebfe96a57be5c6cbcb17016f786ebe1991265c442dc42103", + "58d4c099e50e96300e2041940d65fbcb8e85978a83ad7cf7457972aeb9f006ba", + "5d0671d8aa8a4c3eaeca7d73c197f20fa5e3698f97d9f99abf50b4e43ab1d113", + "5e59a550cc3f18a66b663286b2ad08a5612fdd34e8e1667f5229c05e3053d48d", + "63935268c3fd6806fc5de779b5f72358721f7dd537de53f019f3baa1cbdb3451", + "6557faee4a706e851f0aa28785e38dc56bfd422c4d8864c754c884163ab8ab3d", + "70ba4783c12ca57a129c5f3ab9d85ee34f5dc753952d15b49f5c54c6f067909e", + "73e47ae090f62b5723ccc7a1b452e8c8b305f22734f7efac6402c9edbd49bc5c", + "8167bea409789e03d3483aa7497762f2c3f33ed25122fcd8b7e7b45cb9b3e919", + "833d572bc5d010513b2db0ddf8585146717626ca0b1ed31afcf2c060a85532fc", + "834ec1bfba399fed36481af92248915e4a4f9137a3ad3d2236b9932cbf7f142b", + "8512563d18fbbb08c0f925f52b57284e755f64aa11b8298ae25083b73826f98c", + "8a66db1a43f67412d02ea59872444b44edc3e9747ca0d244bc81680a9741256d", + "92e9d2dd4ddf6ffb2b760ef22715f8558737a3c9cfaec0177f5d71f7cf2bc8d5", + "9588eea7a663c0b1afa4019215e3720191ca182b8ab3267600d3c0015b8b6f90", + "992086a58afc0645e976496d672e66679c272167fc6d20ea9f3aae2bd0f42d13", + "994b44cf7e2467dbd95eb3c8df6f2699ab4442364917d7c641fbfa90a26a2390", + "a07ebce0c65b9da908a7eca884a952a2f1b171b07ae6c34df0a167b24791fb0d", + "a277114e0bb75f388acd5a7ef297b7da8920dfe72af8e8e2fc0080dd4cf74344", + "a6abfe821f4a0da6ff97c094bb92a88318c84b7ab8738795706d220b3f1b785b", + "ad9b169e3ec2bca38608c3a2a260a5c8fd7d425922c1be0480632b1853e8b800", + "af7ce9fd8dd8a70b798fa437b31aa50b12223891b4058952fadbf9c82f79736a", + "b1bd6d9e01e6a377172d207b9c1f0ea2a22dd5cb8d1eb453c6753d8d4d1a2879", + "b3976652a188a7c71e0e59507532b9ff25100a953cf6b465a0f09b7d2016b5f2", + "bcb654091e412f70fd2fee09794a727f4309f613eb2f03c224a559c1c338115c", + "be6356e2c499f57df5e5c39f53a0ea8592a07a68188af9d4ae32ae8e10ab67db", + "bfd75a8d3c77ab2552cf051f8f722221ec1c4a453e0fa01944dd2c9d9e4d0cb9", + "c671c6ba02521a078cffc1509fd3f5864791ad7c38a89b626cd2fc9159bd3de5", + "cdf04a526edb74c65e0bad7231b1f7aa7b387db4b4d16dbed7ea5d7ce03b3c74", + "cf93e6e677dc2ab70926372c1716a2413129eae190f771d8232ee88694a824ea", + "d5d10cde8b33c413a0394f65e177fda049d3b73d583aa05334466ee20f9a2edb", + "d6e93570f074ca1182478f151b393c9d9f8bd3aa91ca7097891ab671a8ce30e1", + "d8650cb35c1ae0a368ceb7254f17b62f5e05abf8e4ce7fe3a0d8c39574532d95", + "da515b01e95f27c67c01f71005bf42713ced58cbf6f2b5f53c36e465fad3a95e", + "e76428349eaa3c7ff8417a3b892cd015a0c07a7971b4e422e21751b4f762ed79", + "e7c319c4410bb1057e40a92abe4c0d15e8f9b6d297a85ad658461d851741b39e", + "e7ce36bfe35203e67072cb86e1a9cb4848f837bccc2318de3b27586fef4364c0", + "eb3b2de42768e4129acce3cedff0de9d663a77f77b3c68af682e5f5f94b0b86a", + "edf0c17aed631d1cd31e43c1be2291b74129f2b71be868156866a31fcac6cb05", + "f1e64796cd9af7b18727e7784485626f9a4fa87aab61ecd509417b8c36345766", + "f23c4432eb6761d5742ca93ac63e32f554b2f609089cce6c7b128560cad7864c", + "f7f74b86ed08220d18429df10ec7e25fbe97bca9af5183bdcfc802e550d37f58", + "f94a76f81541afdfd26ec9ba1ceee6e650c8aed7a47579d4bad6fce9608da50c", + "f98a7257bc518d66a99b78f55fbde062882e70024240e2136ef3d9ae4d85f911", + "fbc3997fdc75603a092d22c21b718cd1b8ef1d0944d5fdc97b62fe19a6ac296e" + ], + "iocs": { + "domain": [ + { + "hashes": [ + "0e473f4bdc3a37ef888a4f44616e0c09c38b8d7fcdb617736aa8f294dd99e920", + "31535bfd8856f9497076a79fc6bac118901275a4928e9c31bfd42641aa624a98", + "70ba4783c12ca57a129c5f3ab9d85ee34f5dc753952d15b49f5c54c6f067909e" + ], + "host": "mantwhouse[.]no-ip[.]info" + }, + { + "hashes": [ + "0e473f4bdc3a37ef888a4f44616e0c09c38b8d7fcdb617736aa8f294dd99e920", + "31535bfd8856f9497076a79fc6bac118901275a4928e9c31bfd42641aa624a98", + "70ba4783c12ca57a129c5f3ab9d85ee34f5dc753952d15b49f5c54c6f067909e" + ], + "host": "www[.]000webhost[.]com" + }, + { + "hashes": [ + "08039ef764c01600b0b21b33fb9c45031fecacfbc62ac1400a2604783c513e4d", + "57f94f852f1a625bebfe96a57be5c6cbcb17016f786ebe1991265c442dc42103", + "bcb654091e412f70fd2fee09794a727f4309f613eb2f03c224a559c1c338115c" + ], + "host": "caglar0201[.]no-ip[.]biz" + }, + { + "hashes": [ + "0e473f4bdc3a37ef888a4f44616e0c09c38b8d7fcdb617736aa8f294dd99e920", + "70ba4783c12ca57a129c5f3ab9d85ee34f5dc753952d15b49f5c54c6f067909e" + ], + "host": "private55[.]uphero[.]com" + }, + { + "hashes": [ + "1899e0b8e3b986a5de287ba23c6e81b287078d7d17eecf30eb10b8013633f709" + ], + "host": "schema[.]org" + }, + { + "hashes": [ + "1899e0b8e3b986a5de287ba23c6e81b287078d7d17eecf30eb10b8013633f709" + ], + "host": "www[.]google-analytics[.]com" + }, + { + "hashes": [ + "1899e0b8e3b986a5de287ba23c6e81b287078d7d17eecf30eb10b8013633f709" + ], + "host": "stats[.]g[.]doubleclick[.]net" + }, + { + "hashes": [ + "1899e0b8e3b986a5de287ba23c6e81b287078d7d17eecf30eb10b8013633f709" + ], + "host": "github[.]com" + }, + { + "hashes": [ + "1899e0b8e3b986a5de287ba23c6e81b287078d7d17eecf30eb10b8013633f709" + ], + "host": "avatars1[.]githubusercontent[.]com" + }, + { + "hashes": [ + "1899e0b8e3b986a5de287ba23c6e81b287078d7d17eecf30eb10b8013633f709" + ], + "host": "az725175[.]vo[.]msecnd[.]net" + }, + { + "hashes": [ + "1899e0b8e3b986a5de287ba23c6e81b287078d7d17eecf30eb10b8013633f709" + ], + "host": "aka[.]ms" + }, + { + "hashes": [ + "1899e0b8e3b986a5de287ba23c6e81b287078d7d17eecf30eb10b8013633f709" + ], + "host": "avatars3[.]githubusercontent[.]com" + }, + { + "hashes": [ + "1899e0b8e3b986a5de287ba23c6e81b287078d7d17eecf30eb10b8013633f709" + ], + "host": "developercommunity[.]visualstudio[.]com" + }, + { + "hashes": [ + "6557faee4a706e851f0aa28785e38dc56bfd422c4d8864c754c884163ab8ab3d" + ], + "host": "9000x[.]ignorelist[.]com" + }, + { + "hashes": [ + "1899e0b8e3b986a5de287ba23c6e81b287078d7d17eecf30eb10b8013633f709" + ], + "host": "cdn[.]speedcurve[.]com" + }, + { + "hashes": [ + "1899e0b8e3b986a5de287ba23c6e81b287078d7d17eecf30eb10b8013633f709" + ], + "host": "w[.]usabilla[.]com" + }, + { + "hashes": [ + "152d31444542e5096b757127ed11c3aa8aa75869c7bed47c110251d6e4dc73de" + ], + "host": "gloryday777[.]ddns[.]net" + }, + { + "hashes": [ + "5d0671d8aa8a4c3eaeca7d73c197f20fa5e3698f97d9f99abf50b4e43ab1d113" + ], + "host": "leontopodium[.]noip[.]me" + }, + { + "hashes": [ + "834ec1bfba399fed36481af92248915e4a4f9137a3ad3d2236b9932cbf7f142b" + ], + "host": "gelegele[.]ddns[.]net" + }, + { + "hashes": [ + "d8650cb35c1ae0a368ceb7254f17b62f5e05abf8e4ce7fe3a0d8c39574532d95" + ], + "host": "hackermtsystem[.]ddns[.]net" + }, + { + "hashes": [ + "b1bd6d9e01e6a377172d207b9c1f0ea2a22dd5cb8d1eb453c6753d8d4d1a2879" + ], + "host": "exad[.]noip[.]me" + }, + { + "hashes": [ + "f23c4432eb6761d5742ca93ac63e32f554b2f609089cce6c7b128560cad7864c" + ], + "host": "parfumnext[.]zapto[.]org" + }, + { + "hashes": [ + "f23c4432eb6761d5742ca93ac63e32f554b2f609089cce6c7b128560cad7864c" + ], + "host": "parfumlex[.]zapto[.]org" + }, + { + "hashes": [ + "f23c4432eb6761d5742ca93ac63e32f554b2f609089cce6c7b128560cad7864c" + ], + "host": "parfumsex[.]zapto[.]org" + }, + { + "hashes": [ + "f23c4432eb6761d5742ca93ac63e32f554b2f609089cce6c7b128560cad7864c" + ], + "host": "parfumerus[.]no-ip[.]biz" + }, + { + "hashes": [ + "f23c4432eb6761d5742ca93ac63e32f554b2f609089cce6c7b128560cad7864c" + ], + "host": "parfumlove[.]zapto[.]org" + }, + { + "hashes": [ + "0f6a595d6bfd0dc514dbde0b8be7cdb2aa1dba94a103f1c79205f0bcf9856e7f" + ], + "host": "joker2134[.]no-ip[.]org" + }, + { + "hashes": [ + "1be1d57117ab25b16d4d17176062dc0cb469e25dcf2ec8c751c2104365697ae6" + ], + "host": "foragidos[.]no-ip[.]org" + }, + { + "hashes": [ + "31535bfd8856f9497076a79fc6bac118901275a4928e9c31bfd42641aa624a98" + ], + "host": "manu777[.]net76[.]net" + } + ], + "file": [ + { + "hashes": [ + "08039ef764c01600b0b21b33fb9c45031fecacfbc62ac1400a2604783c513e4d", + "152d31444542e5096b757127ed11c3aa8aa75869c7bed47c110251d6e4dc73de", + "3b765b6d85b21b8304c2287d2ede993082455f64d904529dd8eb03482b5cf3b3", + "57f94f852f1a625bebfe96a57be5c6cbcb17016f786ebe1991265c442dc42103", + "5d0671d8aa8a4c3eaeca7d73c197f20fa5e3698f97d9f99abf50b4e43ab1d113", + "b1bd6d9e01e6a377172d207b9c1f0ea2a22dd5cb8d1eb453c6753d8d4d1a2879", + "bcb654091e412f70fd2fee09794a727f4309f613eb2f03c224a559c1c338115c", + "d8650cb35c1ae0a368ceb7254f17b62f5e05abf8e4ce7fe3a0d8c39574532d95", + "edf0c17aed631d1cd31e43c1be2291b74129f2b71be868156866a31fcac6cb05", + "f98a7257bc518d66a99b78f55fbde062882e70024240e2136ef3d9ae4d85f911" + ], + "path": "%APPDATA%\\dclogs" + }, + { + "hashes": [ + "08039ef764c01600b0b21b33fb9c45031fecacfbc62ac1400a2604783c513e4d", + "57f94f852f1a625bebfe96a57be5c6cbcb17016f786ebe1991265c442dc42103", + "bcb654091e412f70fd2fee09794a727f4309f613eb2f03c224a559c1c338115c", + "e76428349eaa3c7ff8417a3b892cd015a0c07a7971b4e422e21751b4f762ed79" + ], + "path": "%HOMEPATH%\\Documents\\MSDCSC" + }, + { + "hashes": [ + "08039ef764c01600b0b21b33fb9c45031fecacfbc62ac1400a2604783c513e4d", + "57f94f852f1a625bebfe96a57be5c6cbcb17016f786ebe1991265c442dc42103", + "bcb654091e412f70fd2fee09794a727f4309f613eb2f03c224a559c1c338115c", + "e76428349eaa3c7ff8417a3b892cd015a0c07a7971b4e422e21751b4f762ed79" + ], + "path": "%HOMEPATH%\\Documents\\MSDCSC\\msdcsc.exe" + }, + { + "hashes": [ + "08039ef764c01600b0b21b33fb9c45031fecacfbc62ac1400a2604783c513e4d", + "18bc76cc05f305549fbee7757c01f897110effac971738af751815589036d5dc", + "2be6e59520303b18c3c4524be67c74f8cadfe80101440fcd61d5da6a9648b48f", + "8167bea409789e03d3483aa7497762f2c3f33ed25122fcd8b7e7b45cb9b3e919" + ], + "path": "%APPDATA%\\Microsoft\\Crypto\\RSA\\S-1-5-21-2580483871-590521980-3826313501-500\\8984ef1fcc24342f5531acc4001616a5_d19ab989-a35f-4710-83df-7b2db7efe7c5" + }, + { + "hashes": [ + "08039ef764c01600b0b21b33fb9c45031fecacfbc62ac1400a2604783c513e4d", + "18bc76cc05f305549fbee7757c01f897110effac971738af751815589036d5dc", + "2be6e59520303b18c3c4524be67c74f8cadfe80101440fcd61d5da6a9648b48f", + "8167bea409789e03d3483aa7497762f2c3f33ed25122fcd8b7e7b45cb9b3e919" + ], + "path": "%APPDATA%\\Microsoft\\Crypto\\RSA\\S-1-5-21-1258710499-2222286471-4214075941-500\\8984ef1fcc24342f5531acc4001616a5_8f793a96-da80-4751-83f9-b23d8b735fb1" + }, + { + "hashes": [ + "0e473f4bdc3a37ef888a4f44616e0c09c38b8d7fcdb617736aa8f294dd99e920", + "31535bfd8856f9497076a79fc6bac118901275a4928e9c31bfd42641aa624a98", + "70ba4783c12ca57a129c5f3ab9d85ee34f5dc753952d15b49f5c54c6f067909e" + ], + "path": "\\autorun.inf" + }, + { + "hashes": [ + "0e473f4bdc3a37ef888a4f44616e0c09c38b8d7fcdb617736aa8f294dd99e920", + "31535bfd8856f9497076a79fc6bac118901275a4928e9c31bfd42641aa624a98", + "70ba4783c12ca57a129c5f3ab9d85ee34f5dc753952d15b49f5c54c6f067909e" + ], + "path": "\\Adobe Photoshop CS6 Keygen.exe" + }, + { + "hashes": [ + "0e473f4bdc3a37ef888a4f44616e0c09c38b8d7fcdb617736aa8f294dd99e920", + "31535bfd8856f9497076a79fc6bac118901275a4928e9c31bfd42641aa624a98", + "70ba4783c12ca57a129c5f3ab9d85ee34f5dc753952d15b49f5c54c6f067909e" + ], + "path": "\\1.exe" + }, + { + "hashes": [ + "0e473f4bdc3a37ef888a4f44616e0c09c38b8d7fcdb617736aa8f294dd99e920", + "31535bfd8856f9497076a79fc6bac118901275a4928e9c31bfd42641aa624a98", + "70ba4783c12ca57a129c5f3ab9d85ee34f5dc753952d15b49f5c54c6f067909e" + ], + "path": "E:\\autorun.inf" + }, + { + "hashes": [ + "0e473f4bdc3a37ef888a4f44616e0c09c38b8d7fcdb617736aa8f294dd99e920", + "31535bfd8856f9497076a79fc6bac118901275a4928e9c31bfd42641aa624a98", + "70ba4783c12ca57a129c5f3ab9d85ee34f5dc753952d15b49f5c54c6f067909e" + ], + "path": "\\TEMP\\1.exe" + }, + { + "hashes": [ + "0e473f4bdc3a37ef888a4f44616e0c09c38b8d7fcdb617736aa8f294dd99e920", + "31535bfd8856f9497076a79fc6bac118901275a4928e9c31bfd42641aa624a98", + "70ba4783c12ca57a129c5f3ab9d85ee34f5dc753952d15b49f5c54c6f067909e" + ], + "path": "E:\\Adobe Photoshop CS6 Keygen.exe" + }, + { + "hashes": [ + "0e473f4bdc3a37ef888a4f44616e0c09c38b8d7fcdb617736aa8f294dd99e920", + "31535bfd8856f9497076a79fc6bac118901275a4928e9c31bfd42641aa624a98", + "70ba4783c12ca57a129c5f3ab9d85ee34f5dc753952d15b49f5c54c6f067909e" + ], + "path": "%TEMP%\\gfdgfd.Exe" + }, + { + "hashes": [ + "0e473f4bdc3a37ef888a4f44616e0c09c38b8d7fcdb617736aa8f294dd99e920", + "31535bfd8856f9497076a79fc6bac118901275a4928e9c31bfd42641aa624a98", + "70ba4783c12ca57a129c5f3ab9d85ee34f5dc753952d15b49f5c54c6f067909e" + ], + "path": "%APPDATA%\\{0664ECA6-B456-E195-1216-E87E3554727E}" + }, + { + "hashes": [ + "0e473f4bdc3a37ef888a4f44616e0c09c38b8d7fcdb617736aa8f294dd99e920", + "31535bfd8856f9497076a79fc6bac118901275a4928e9c31bfd42641aa624a98", + "70ba4783c12ca57a129c5f3ab9d85ee34f5dc753952d15b49f5c54c6f067909e" + ], + "path": "%APPDATA%\\{0664ECA6-B456-E195-1216-E87E3554727E}\\dll.exe" + }, + { + "hashes": [ + "0e473f4bdc3a37ef888a4f44616e0c09c38b8d7fcdb617736aa8f294dd99e920", + "31535bfd8856f9497076a79fc6bac118901275a4928e9c31bfd42641aa624a98", + "70ba4783c12ca57a129c5f3ab9d85ee34f5dc753952d15b49f5c54c6f067909e" + ], + "path": "\\x.bat" + }, + { + "hashes": [ + "1be1d57117ab25b16d4d17176062dc0cb469e25dcf2ec8c751c2104365697ae6", + "834ec1bfba399fed36481af92248915e4a4f9137a3ad3d2236b9932cbf7f142b" + ], + "path": "%TEMP%\\XX--XX--XX.txt" + }, + { + "hashes": [ + "1be1d57117ab25b16d4d17176062dc0cb469e25dcf2ec8c751c2104365697ae6", + "834ec1bfba399fed36481af92248915e4a4f9137a3ad3d2236b9932cbf7f142b" + ], + "path": "%TEMP%\\UuU.uUu" + }, + { + "hashes": [ + "1be1d57117ab25b16d4d17176062dc0cb469e25dcf2ec8c751c2104365697ae6", + "834ec1bfba399fed36481af92248915e4a4f9137a3ad3d2236b9932cbf7f142b" + ], + "path": "%TEMP%\\XxX.xXx" + }, + { + "hashes": [ + "1be1d57117ab25b16d4d17176062dc0cb469e25dcf2ec8c751c2104365697ae6", + "834ec1bfba399fed36481af92248915e4a4f9137a3ad3d2236b9932cbf7f142b" + ], + "path": "%APPDATA%\\logs.dat" + }, + { + "hashes": [ + "50e76d4936b183bf0c03761a38bf0d74e037ce72b59df8a28764b7f446675f51" + ], + "path": "%HOMEPATH%\\ .txt" + }, + { + "hashes": [ + "50e76d4936b183bf0c03761a38bf0d74e037ce72b59df8a28764b7f446675f51" + ], + "path": "%HOMEPATH%\\Local Settings\\ .txt" + }, + { + "hashes": [ + "50e76d4936b183bf0c03761a38bf0d74e037ce72b59df8a28764b7f446675f51" + ], + "path": "%HOMEPATH%\\Local Settings\\Application Data\\Microsoft\\Windows Media\\9.0\\ .txt" + }, + { + "hashes": [ + "50e76d4936b183bf0c03761a38bf0d74e037ce72b59df8a28764b7f446675f51" + ], + "path": "%HOMEPATH%\\Local Settings\\Application Data\\Microsoft\\Windows\\ .txt" + }, + { + "hashes": [ + "f23c4432eb6761d5742ca93ac63e32f554b2f609089cce6c7b128560cad7864c" + ], + "path": "%TEMP%\\Administrator7" + }, + { + "hashes": [ + "f23c4432eb6761d5742ca93ac63e32f554b2f609089cce6c7b128560cad7864c" + ], + "path": "%TEMP%\\Administrator8" + }, + { + "hashes": [ + "f23c4432eb6761d5742ca93ac63e32f554b2f609089cce6c7b128560cad7864c" + ], + "path": "%TEMP%\\Administrator2.txt" + }, + { + "hashes": [ + "1be1d57117ab25b16d4d17176062dc0cb469e25dcf2ec8c751c2104365697ae6" + ], + "path": "%SystemRoot%\\Microsoft\\svchost.exe" + }, + { + "hashes": [ + "f23c4432eb6761d5742ca93ac63e32f554b2f609089cce6c7b128560cad7864c" + ], + "path": "%APPDATA%\\Administratorlog.dat" + }, + { + "hashes": [ + "152d31444542e5096b757127ed11c3aa8aa75869c7bed47c110251d6e4dc73de" + ], + "path": "%TEMP%\\MSDCSC\\msdcsc.exe" + }, + { + "hashes": [ + "50e76d4936b183bf0c03761a38bf0d74e037ce72b59df8a28764b7f446675f51" + ], + "path": "\\$Recycle.Bin\\<user SID>\\$<random, matching '[A-Z0-9]{7}'>.txt" + }, + { + "hashes": [ + "1be1d57117ab25b16d4d17176062dc0cb469e25dcf2ec8c751c2104365697ae6" + ], + "path": "%TEMP%\\Trade Hacker.exe" + }, + { + "hashes": [ + "50e76d4936b183bf0c03761a38bf0d74e037ce72b59df8a28764b7f446675f51" + ], + "path": "\\$Recycle.Bin\\S-1-5-21-2580483871-590521980-3826313501-500\\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt" + }, + { + "hashes": [ + "50e76d4936b183bf0c03761a38bf0d74e037ce72b59df8a28764b7f446675f51" + ], + "path": "%ProgramFiles(x86)%\\Java\\jre8\\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt" + }, + { + "hashes": [ + "50e76d4936b183bf0c03761a38bf0d74e037ce72b59df8a28764b7f446675f51" + ], + "path": "%ProgramFiles(x86)%\\MSBuild\\Microsoft\\Windows Workflow Foundation\\v3.0\\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt" + }, + { + "hashes": [ + "50e76d4936b183bf0c03761a38bf0d74e037ce72b59df8a28764b7f446675f51" + ], + "path": "%ProgramFiles(x86)%\\MSBuild\\Microsoft\\Windows Workflow Foundation\\v3.5\\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt" + }, + { + "hashes": [ + "50e76d4936b183bf0c03761a38bf0d74e037ce72b59df8a28764b7f446675f51" + ], + "path": "%ProgramFiles(x86)%\\MSBuild\\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt" + }, + { + "hashes": [ + "50e76d4936b183bf0c03761a38bf0d74e037ce72b59df8a28764b7f446675f51" + ], + "path": "%ProgramFiles(x86)%\\Microsoft Analysis Services\\AS OLEDB\\10\\Cartridges\\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt" + }, + { + "hashes": [ + "50e76d4936b183bf0c03761a38bf0d74e037ce72b59df8a28764b7f446675f51" + ], + "path": "%ProgramFiles(x86)%\\Microsoft Analysis Services\\AS OLEDB\\10\\Resources\\1033\\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt" + }, + { + "hashes": [ + "50e76d4936b183bf0c03761a38bf0d74e037ce72b59df8a28764b7f446675f51" + ], + "path": "%ProgramFiles(x86)%\\Microsoft Analysis Services\\AS OLEDB\\10\\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt" + }, + { + "hashes": [ + "50e76d4936b183bf0c03761a38bf0d74e037ce72b59df8a28764b7f446675f51" + ], + "path": "%ProgramFiles(x86)%\\Microsoft Office\\CLIPART\\PUB60COR\\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt" + }, + { + "hashes": [ + "50e76d4936b183bf0c03761a38bf0d74e037ce72b59df8a28764b7f446675f51" + ], + "path": "%ProgramFiles(x86)%\\Microsoft Office\\CLIPART\\Publisher\\Backgrounds\\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt" + }, + { + "hashes": [ + "50e76d4936b183bf0c03761a38bf0d74e037ce72b59df8a28764b7f446675f51" + ], + "path": "%ProgramFiles(x86)%\\Microsoft Office\\Document Themes 14\\Theme Colors\\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt" + }, + { + "hashes": [ + "50e76d4936b183bf0c03761a38bf0d74e037ce72b59df8a28764b7f446675f51" + ], + "path": "%ProgramFiles(x86)%\\Microsoft Office\\Document Themes 14\\Theme Effects\\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt" + }, + { + "hashes": [ + "50e76d4936b183bf0c03761a38bf0d74e037ce72b59df8a28764b7f446675f51" + ], + "path": "%ProgramFiles(x86)%\\Microsoft Office\\Document Themes 14\\Theme Fonts\\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt" + }, + { + "hashes": [ + "50e76d4936b183bf0c03761a38bf0d74e037ce72b59df8a28764b7f446675f51" + ], + "path": "%ProgramFiles(x86)%\\Microsoft Office\\Document Themes 14\\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt" + }, + { + "hashes": [ + "50e76d4936b183bf0c03761a38bf0d74e037ce72b59df8a28764b7f446675f51" + ], + "path": "%ProgramFiles(x86)%\\Microsoft Office\\MEDIA\\CAGCAT10\\1033\\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt" + }, + { + "hashes": [ + "50e76d4936b183bf0c03761a38bf0d74e037ce72b59df8a28764b7f446675f51" + ], + "path": "%ProgramFiles(x86)%\\Microsoft Office\\MEDIA\\CAGCAT10\\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt" + }, + { + "hashes": [ + "50e76d4936b183bf0c03761a38bf0d74e037ce72b59df8a28764b7f446675f51" + ], + "path": "%ProgramFiles(x86)%\\Microsoft Office\\MEDIA\\OFFICE14\\1033\\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt" + }, + { + "hashes": [ + "50e76d4936b183bf0c03761a38bf0d74e037ce72b59df8a28764b7f446675f51" + ], + "path": "%ProgramFiles(x86)%\\Microsoft Office\\MEDIA\\OFFICE14\\AUTOSHAP\\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt" + }, + { + "hashes": [ + "6557faee4a706e851f0aa28785e38dc56bfd422c4d8864c754c884163ab8ab3d" + ], + "path": "%APPDATA%\\wuaclt.exe" + } + ], + "ip": [ + { + "hashes": [ + "0e473f4bdc3a37ef888a4f44616e0c09c38b8d7fcdb617736aa8f294dd99e920", + "31535bfd8856f9497076a79fc6bac118901275a4928e9c31bfd42641aa624a98", + "70ba4783c12ca57a129c5f3ab9d85ee34f5dc753952d15b49f5c54c6f067909e" + ], + "ip": "153[.]92[.]0[.]100" + }, + { + "hashes": [ + "0e473f4bdc3a37ef888a4f44616e0c09c38b8d7fcdb617736aa8f294dd99e920", + "31535bfd8856f9497076a79fc6bac118901275a4928e9c31bfd42641aa624a98", + "70ba4783c12ca57a129c5f3ab9d85ee34f5dc753952d15b49f5c54c6f067909e" + ], + "ip": "104[.]20[.]67[.]46" + }, + { + "hashes": [ + "1899e0b8e3b986a5de287ba23c6e81b287078d7d17eecf30eb10b8013633f709" + ], + "ip": "204[.]79[.]197[.]200" + }, + { + "hashes": [ + "1899e0b8e3b986a5de287ba23c6e81b287078d7d17eecf30eb10b8013633f709" + ], + "ip": "151[.]101[.]194[.]217" + }, + { + "hashes": [ + "1899e0b8e3b986a5de287ba23c6e81b287078d7d17eecf30eb10b8013633f709" + ], + "ip": "152[.]199[.]4[.]33" + }, + { + "hashes": [ + "1899e0b8e3b986a5de287ba23c6e81b287078d7d17eecf30eb10b8013633f709" + ], + "ip": "65[.]55[.]44[.]109" + }, + { + "hashes": [ + "1899e0b8e3b986a5de287ba23c6e81b287078d7d17eecf30eb10b8013633f709" + ], + "ip": "20[.]36[.]253[.]92" + }, + { + "hashes": [ + "1899e0b8e3b986a5de287ba23c6e81b287078d7d17eecf30eb10b8013633f709" + ], + "ip": "151[.]101[.]128[.]133" + }, + { + "hashes": [ + "1899e0b8e3b986a5de287ba23c6e81b287078d7d17eecf30eb10b8013633f709" + ], + "ip": "23[.]218[.]140[.]208" + }, + { + "hashes": [ + "1899e0b8e3b986a5de287ba23c6e81b287078d7d17eecf30eb10b8013633f709" + ], + "ip": "140[.]82[.]114[.]3" + }, + { + "hashes": [ + "1899e0b8e3b986a5de287ba23c6e81b287078d7d17eecf30eb10b8013633f709" + ], + "ip": "23[.]6[.]69[.]99" + }, + { + "hashes": [ + "1899e0b8e3b986a5de287ba23c6e81b287078d7d17eecf30eb10b8013633f709" + ], + "ip": "172[.]217[.]5[.]238" + }, + { + "hashes": [ + "1899e0b8e3b986a5de287ba23c6e81b287078d7d17eecf30eb10b8013633f709" + ], + "ip": "52[.]201[.]110[.]209" + }, + { + "hashes": [ + "1899e0b8e3b986a5de287ba23c6e81b287078d7d17eecf30eb10b8013633f709" + ], + "ip": "172[.]253[.]63[.]155" + } + ], + "mutex": [ + { + "hashes": [ + "18bc76cc05f305549fbee7757c01f897110effac971738af751815589036d5dc", + "1be1d57117ab25b16d4d17176062dc0cb469e25dcf2ec8c751c2104365697ae6", + "4ce17adddc15f920b90d1f6920fb398b3a3a229d8888c454cab78263e0e95801", + "58d4c099e50e96300e2041940d65fbcb8e85978a83ad7cf7457972aeb9f006ba", + "73e47ae090f62b5723ccc7a1b452e8c8b305f22734f7efac6402c9edbd49bc5c", + "8167bea409789e03d3483aa7497762f2c3f33ed25122fcd8b7e7b45cb9b3e919", + "833d572bc5d010513b2db0ddf8585146717626ca0b1ed31afcf2c060a85532fc", + "834ec1bfba399fed36481af92248915e4a4f9137a3ad3d2236b9932cbf7f142b", + "8512563d18fbbb08c0f925f52b57284e755f64aa11b8298ae25083b73826f98c", + "ad9b169e3ec2bca38608c3a2a260a5c8fd7d425922c1be0480632b1853e8b800", + "cdf04a526edb74c65e0bad7231b1f7aa7b387db4b4d16dbed7ea5d7ce03b3c74" + ], + "name": "_x_X_BLOCKMOUSE_X_x_" + }, + { + "hashes": [ + "18bc76cc05f305549fbee7757c01f897110effac971738af751815589036d5dc", + "1be1d57117ab25b16d4d17176062dc0cb469e25dcf2ec8c751c2104365697ae6", + "4ce17adddc15f920b90d1f6920fb398b3a3a229d8888c454cab78263e0e95801", + "58d4c099e50e96300e2041940d65fbcb8e85978a83ad7cf7457972aeb9f006ba", + "73e47ae090f62b5723ccc7a1b452e8c8b305f22734f7efac6402c9edbd49bc5c", + "8167bea409789e03d3483aa7497762f2c3f33ed25122fcd8b7e7b45cb9b3e919", + "833d572bc5d010513b2db0ddf8585146717626ca0b1ed31afcf2c060a85532fc", + "834ec1bfba399fed36481af92248915e4a4f9137a3ad3d2236b9932cbf7f142b", + "8512563d18fbbb08c0f925f52b57284e755f64aa11b8298ae25083b73826f98c", + "ad9b169e3ec2bca38608c3a2a260a5c8fd7d425922c1be0480632b1853e8b800", + "cdf04a526edb74c65e0bad7231b1f7aa7b387db4b4d16dbed7ea5d7ce03b3c74" + ], + "name": "_x_X_PASSWORDLIST_X_x_" + }, + { + "hashes": [ + "18bc76cc05f305549fbee7757c01f897110effac971738af751815589036d5dc", + "1be1d57117ab25b16d4d17176062dc0cb469e25dcf2ec8c751c2104365697ae6", + "4ce17adddc15f920b90d1f6920fb398b3a3a229d8888c454cab78263e0e95801", + "58d4c099e50e96300e2041940d65fbcb8e85978a83ad7cf7457972aeb9f006ba", + "73e47ae090f62b5723ccc7a1b452e8c8b305f22734f7efac6402c9edbd49bc5c", + "8167bea409789e03d3483aa7497762f2c3f33ed25122fcd8b7e7b45cb9b3e919", + "833d572bc5d010513b2db0ddf8585146717626ca0b1ed31afcf2c060a85532fc", + "834ec1bfba399fed36481af92248915e4a4f9137a3ad3d2236b9932cbf7f142b", + "8512563d18fbbb08c0f925f52b57284e755f64aa11b8298ae25083b73826f98c", + "ad9b169e3ec2bca38608c3a2a260a5c8fd7d425922c1be0480632b1853e8b800", + "cdf04a526edb74c65e0bad7231b1f7aa7b387db4b4d16dbed7ea5d7ce03b3c74" + ], + "name": "_x_X_UPDATE_X_x_" + }, + { + "hashes": [ + "08039ef764c01600b0b21b33fb9c45031fecacfbc62ac1400a2604783c513e4d", + "152d31444542e5096b757127ed11c3aa8aa75869c7bed47c110251d6e4dc73de", + "3b765b6d85b21b8304c2287d2ede993082455f64d904529dd8eb03482b5cf3b3", + "57f94f852f1a625bebfe96a57be5c6cbcb17016f786ebe1991265c442dc42103", + "5d0671d8aa8a4c3eaeca7d73c197f20fa5e3698f97d9f99abf50b4e43ab1d113", + "bcb654091e412f70fd2fee09794a727f4309f613eb2f03c224a559c1c338115c", + "d8650cb35c1ae0a368ceb7254f17b62f5e05abf8e4ce7fe3a0d8c39574532d95", + "e76428349eaa3c7ff8417a3b892cd015a0c07a7971b4e422e21751b4f762ed79", + "edf0c17aed631d1cd31e43c1be2291b74129f2b71be868156866a31fcac6cb05", + "f98a7257bc518d66a99b78f55fbde062882e70024240e2136ef3d9ae4d85f911" + ], + "name": "DC_MUTEX-<random, matching [A-Z0-9]{7}>" + }, + { + "hashes": [ + "2be6e59520303b18c3c4524be67c74f8cadfe80101440fcd61d5da6a9648b48f", + "411f03cb9f75856e767ff1b2c3d03464026f32943e4a193d65f8997e6bf7f0cd", + "5e59a550cc3f18a66b663286b2ad08a5612fdd34e8e1667f5229c05e3053d48d", + "63935268c3fd6806fc5de779b5f72358721f7dd537de53f019f3baa1cbdb3451", + "9588eea7a663c0b1afa4019215e3720191ca182b8ab3267600d3c0015b8b6f90", + "c671c6ba02521a078cffc1509fd3f5864791ad7c38a89b626cd2fc9159bd3de5", + "f23c4432eb6761d5742ca93ac63e32f554b2f609089cce6c7b128560cad7864c" + ], + "name": "Administrator5" + }, + { + "hashes": [ + "2be6e59520303b18c3c4524be67c74f8cadfe80101440fcd61d5da6a9648b48f", + "411f03cb9f75856e767ff1b2c3d03464026f32943e4a193d65f8997e6bf7f0cd", + "63935268c3fd6806fc5de779b5f72358721f7dd537de53f019f3baa1cbdb3451", + "9588eea7a663c0b1afa4019215e3720191ca182b8ab3267600d3c0015b8b6f90", + "c671c6ba02521a078cffc1509fd3f5864791ad7c38a89b626cd2fc9159bd3de5", + "f23c4432eb6761d5742ca93ac63e32f554b2f609089cce6c7b128560cad7864c" + ], + "name": "Administrator1" + }, + { + "hashes": [ + "2be6e59520303b18c3c4524be67c74f8cadfe80101440fcd61d5da6a9648b48f", + "411f03cb9f75856e767ff1b2c3d03464026f32943e4a193d65f8997e6bf7f0cd", + "63935268c3fd6806fc5de779b5f72358721f7dd537de53f019f3baa1cbdb3451", + "9588eea7a663c0b1afa4019215e3720191ca182b8ab3267600d3c0015b8b6f90", + "c671c6ba02521a078cffc1509fd3f5864791ad7c38a89b626cd2fc9159bd3de5", + "f23c4432eb6761d5742ca93ac63e32f554b2f609089cce6c7b128560cad7864c" + ], + "name": "Administrator4" + }, + { + "hashes": [ + "08039ef764c01600b0b21b33fb9c45031fecacfbc62ac1400a2604783c513e4d", + "152d31444542e5096b757127ed11c3aa8aa75869c7bed47c110251d6e4dc73de", + "3b765b6d85b21b8304c2287d2ede993082455f64d904529dd8eb03482b5cf3b3", + "57f94f852f1a625bebfe96a57be5c6cbcb17016f786ebe1991265c442dc42103", + "5d0671d8aa8a4c3eaeca7d73c197f20fa5e3698f97d9f99abf50b4e43ab1d113", + "bcb654091e412f70fd2fee09794a727f4309f613eb2f03c224a559c1c338115c" + ], + "name": "DCPERSFWBP" + }, + { + "hashes": [ + "1899e0b8e3b986a5de287ba23c6e81b287078d7d17eecf30eb10b8013633f709" + ], + "name": "Local\\https://docs.microsoft.com/" + }, + { + "hashes": [ + "6557faee4a706e851f0aa28785e38dc56bfd422c4d8864c754c884163ab8ab3d" + ], + "name": "IPKPMTX" + }, + { + "hashes": [ + "1be1d57117ab25b16d4d17176062dc0cb469e25dcf2ec8c751c2104365697ae6" + ], + "name": "Microsoft" + }, + { + "hashes": [ + "834ec1bfba399fed36481af92248915e4a4f9137a3ad3d2236b9932cbf7f142b" + ], + "name": "LFO701A1756D" + }, + { + "hashes": [ + "834ec1bfba399fed36481af92248915e4a4f9137a3ad3d2236b9932cbf7f142b" + ], + "name": "LFO701A1756D_PERSIST" + }, + { + "hashes": [ + "834ec1bfba399fed36481af92248915e4a4f9137a3ad3d2236b9932cbf7f142b" + ], + "name": "LFO701A1756D_SAIR" + }, + { + "hashes": [ + "b1bd6d9e01e6a377172d207b9c1f0ea2a22dd5cb8d1eb453c6753d8d4d1a2879" + ], + "name": "DCMIN_MUTEX-GPLB87U" + }, + { + "hashes": [ + "f23c4432eb6761d5742ca93ac63e32f554b2f609089cce6c7b128560cad7864c" + ], + "name": "DF6Y34V6PC32TK" + }, + { + "hashes": [ + "f23c4432eb6761d5742ca93ac63e32f554b2f609089cce6c7b128560cad7864c" + ], + "name": "DF6Y34V6PC32TK_PERSIST" + }, + { + "hashes": [ + "f23c4432eb6761d5742ca93ac63e32f554b2f609089cce6c7b128560cad7864c" + ], + "name": "DF6Y34V6PC32TK_SAIR" + }, + { + "hashes": [ + "0f6a595d6bfd0dc514dbde0b8be7cdb2aa1dba94a103f1c79205f0bcf9856e7f" + ], + "name": "pZx1Bf" + }, + { + "hashes": [ + "0f6a595d6bfd0dc514dbde0b8be7cdb2aa1dba94a103f1c79205f0bcf9856e7f" + ], + "name": "pZx1BfPERSIST" + }, + { + "hashes": [ + "0f6a595d6bfd0dc514dbde0b8be7cdb2aa1dba94a103f1c79205f0bcf9856e7f" + ], + "name": "pZx1BfEXIT" + }, + { + "hashes": [ + "1be1d57117ab25b16d4d17176062dc0cb469e25dcf2ec8c751c2104365697ae6" + ], + "name": "Microsoft_PERSIST" + }, + { + "hashes": [ + "1be1d57117ab25b16d4d17176062dc0cb469e25dcf2ec8c751c2104365697ae6" + ], + "name": "Microsoft_SAIR" + }, + { + "hashes": [ + "6557faee4a706e851f0aa28785e38dc56bfd422c4d8864c754c884163ab8ab3d" + ], + "name": "x1x2x3x4" + } + ], + "registry": [ + { + "hashes": [ + "08039ef764c01600b0b21b33fb9c45031fecacfbc62ac1400a2604783c513e4d", + "152d31444542e5096b757127ed11c3aa8aa75869c7bed47c110251d6e4dc73de", + "3b765b6d85b21b8304c2287d2ede993082455f64d904529dd8eb03482b5cf3b3", + "57f94f852f1a625bebfe96a57be5c6cbcb17016f786ebe1991265c442dc42103", + "5d0671d8aa8a4c3eaeca7d73c197f20fa5e3698f97d9f99abf50b4e43ab1d113", + "b1bd6d9e01e6a377172d207b9c1f0ea2a22dd5cb8d1eb453c6753d8d4d1a2879", + "bcb654091e412f70fd2fee09794a727f4309f613eb2f03c224a559c1c338115c", + "d8650cb35c1ae0a368ceb7254f17b62f5e05abf8e4ce7fe3a0d8c39574532d95", + "e76428349eaa3c7ff8417a3b892cd015a0c07a7971b4e422e21751b4f762ed79", + "edf0c17aed631d1cd31e43c1be2291b74129f2b71be868156866a31fcac6cb05", + "f98a7257bc518d66a99b78f55fbde062882e70024240e2136ef3d9ae4d85f911" + ], + "key": "<HKCU>\\SOFTWARE\\DC3_FEXEC", + "value_name": null + }, + { + "hashes": [ + "08039ef764c01600b0b21b33fb9c45031fecacfbc62ac1400a2604783c513e4d", + "152d31444542e5096b757127ed11c3aa8aa75869c7bed47c110251d6e4dc73de", + "57f94f852f1a625bebfe96a57be5c6cbcb17016f786ebe1991265c442dc42103", + "5d0671d8aa8a4c3eaeca7d73c197f20fa5e3698f97d9f99abf50b4e43ab1d113", + "b1bd6d9e01e6a377172d207b9c1f0ea2a22dd5cb8d1eb453c6753d8d4d1a2879", + "bcb654091e412f70fd2fee09794a727f4309f613eb2f03c224a559c1c338115c", + "d8650cb35c1ae0a368ceb7254f17b62f5e05abf8e4ce7fe3a0d8c39574532d95", + "e76428349eaa3c7ff8417a3b892cd015a0c07a7971b4e422e21751b4f762ed79", + "edf0c17aed631d1cd31e43c1be2291b74129f2b71be868156866a31fcac6cb05", + "f98a7257bc518d66a99b78f55fbde062882e70024240e2136ef3d9ae4d85f911" + ], + "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINLOGON", + "value_name": "UserInit" + }, + { + "hashes": [ + "152d31444542e5096b757127ed11c3aa8aa75869c7bed47c110251d6e4dc73de", + "d8650cb35c1ae0a368ceb7254f17b62f5e05abf8e4ce7fe3a0d8c39574532d95", + "e76428349eaa3c7ff8417a3b892cd015a0c07a7971b4e422e21751b4f762ed79", + "edf0c17aed631d1cd31e43c1be2291b74129f2b71be868156866a31fcac6cb05" + ], + "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\WSCSVC", + "value_name": "Start" + }, + { + "hashes": [ + "08039ef764c01600b0b21b33fb9c45031fecacfbc62ac1400a2604783c513e4d", + "57f94f852f1a625bebfe96a57be5c6cbcb17016f786ebe1991265c442dc42103", + "bcb654091e412f70fd2fee09794a727f4309f613eb2f03c224a559c1c338115c", + "e76428349eaa3c7ff8417a3b892cd015a0c07a7971b4e422e21751b4f762ed79" + ], + "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", + "value_name": "MicroUpdate" + }, + { + "hashes": [ + "0e473f4bdc3a37ef888a4f44616e0c09c38b8d7fcdb617736aa8f294dd99e920", + "31535bfd8856f9497076a79fc6bac118901275a4928e9c31bfd42641aa624a98", + "70ba4783c12ca57a129c5f3ab9d85ee34f5dc753952d15b49f5c54c6f067909e" + ], + "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", + "value_name": "dll" + }, + { + "hashes": [ + "152d31444542e5096b757127ed11c3aa8aa75869c7bed47c110251d6e4dc73de", + "e76428349eaa3c7ff8417a3b892cd015a0c07a7971b4e422e21751b4f762ed79" + ], + "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\SHAREDACCESS\\PARAMETERS\\FIREWALLPOLICY\\STANDARDPROFILE", + "value_name": "EnableFirewall" + }, + { + "hashes": [ + "152d31444542e5096b757127ed11c3aa8aa75869c7bed47c110251d6e4dc73de", + "e76428349eaa3c7ff8417a3b892cd015a0c07a7971b4e422e21751b4f762ed79" + ], + "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\SHAREDACCESS\\PARAMETERS\\FIREWALLPOLICY\\STANDARDPROFILE", + "value_name": "DisableNotifications" + }, + { + "hashes": [ + "152d31444542e5096b757127ed11c3aa8aa75869c7bed47c110251d6e4dc73de", + "e76428349eaa3c7ff8417a3b892cd015a0c07a7971b4e422e21751b4f762ed79" + ], + "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\POLICIES\\SYSTEM", + "value_name": "EnableLUA" + }, + { + "hashes": [ + "152d31444542e5096b757127ed11c3aa8aa75869c7bed47c110251d6e4dc73de", + "e76428349eaa3c7ff8417a3b892cd015a0c07a7971b4e422e21751b4f762ed79" + ], + "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\SECURITY CENTER", + "value_name": "AntiVirusDisableNotify" + }, + { + "hashes": [ + "152d31444542e5096b757127ed11c3aa8aa75869c7bed47c110251d6e4dc73de", + "e76428349eaa3c7ff8417a3b892cd015a0c07a7971b4e422e21751b4f762ed79" + ], + "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\SECURITY CENTER", + "value_name": "UpdatesDisableNotify" + }, + { + "hashes": [ + "152d31444542e5096b757127ed11c3aa8aa75869c7bed47c110251d6e4dc73de", + "e76428349eaa3c7ff8417a3b892cd015a0c07a7971b4e422e21751b4f762ed79" + ], + "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\POLICIES\\CURRENTVERSION\\EXPLORERN", + "value_name": "NoControlPanel" + }, + { + "hashes": [ + "152d31444542e5096b757127ed11c3aa8aa75869c7bed47c110251d6e4dc73de", + "e76428349eaa3c7ff8417a3b892cd015a0c07a7971b4e422e21751b4f762ed79" + ], + "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\POLICIES\\SYSTEM", + "value_name": "DisableRegistryTools" + }, + { + "hashes": [ + "0f6a595d6bfd0dc514dbde0b8be7cdb2aa1dba94a103f1c79205f0bcf9856e7f", + "f23c4432eb6761d5742ca93ac63e32f554b2f609089cce6c7b128560cad7864c" + ], + "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", + "value_name": "HKLM" + }, + { + "hashes": [ + "0f6a595d6bfd0dc514dbde0b8be7cdb2aa1dba94a103f1c79205f0bcf9856e7f", + "f23c4432eb6761d5742ca93ac63e32f554b2f609089cce6c7b128560cad7864c" + ], + "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", + "value_name": "HKCU" + }, + { + "hashes": [ + "152d31444542e5096b757127ed11c3aa8aa75869c7bed47c110251d6e4dc73de", + "e76428349eaa3c7ff8417a3b892cd015a0c07a7971b4e422e21751b4f762ed79" + ], + "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\POLICIES\\SYSTEM", + "value_name": null + }, + { + "hashes": [ + "1be1d57117ab25b16d4d17176062dc0cb469e25dcf2ec8c751c2104365697ae6", + "f23c4432eb6761d5742ca93ac63e32f554b2f609089cce6c7b128560cad7864c" + ], + "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\POLICIES\\EXPLORER\\RUN", + "value_name": null + }, + { + "hashes": [ + "1be1d57117ab25b16d4d17176062dc0cb469e25dcf2ec8c751c2104365697ae6", + "f23c4432eb6761d5742ca93ac63e32f554b2f609089cce6c7b128560cad7864c" + ], + "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\POLICIES\\EXPLORER\\RUN", + "value_name": null + }, + { + "hashes": [ + "152d31444542e5096b757127ed11c3aa8aa75869c7bed47c110251d6e4dc73de", + "e76428349eaa3c7ff8417a3b892cd015a0c07a7971b4e422e21751b4f762ed79" + ], + "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\POLICIES\\CURRENTVERSION", + "value_name": null + }, + { + "hashes": [ + "152d31444542e5096b757127ed11c3aa8aa75869c7bed47c110251d6e4dc73de", + "e76428349eaa3c7ff8417a3b892cd015a0c07a7971b4e422e21751b4f762ed79" + ], + "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\POLICIES\\CURRENTVERSION\\EXPLORERN", + "value_name": null + }, + { + "hashes": [ + "d8650cb35c1ae0a368ceb7254f17b62f5e05abf8e4ce7fe3a0d8c39574532d95", + "edf0c17aed631d1cd31e43c1be2291b74129f2b71be868156866a31fcac6cb05" + ], + "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", + "value_name": "Microsoft" + }, + { + "hashes": [ + "152d31444542e5096b757127ed11c3aa8aa75869c7bed47c110251d6e4dc73de" + ], + "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", + "value_name": "msdcsc" + }, + { + "hashes": [ + "b1bd6d9e01e6a377172d207b9c1f0ea2a22dd5cb8d1eb453c6753d8d4d1a2879" + ], + "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", + "value_name": "))))))))))))))))))))))))" + }, + { + "hashes": [ + "f23c4432eb6761d5742ca93ac63e32f554b2f609089cce6c7b128560cad7864c" + ], + "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\ACTIVE SETUP\\INSTALLED COMPONENTS\\{51P2C78S-7FGB-24RE-T153-QSOS5248SH3A}", + "value_name": null + }, + { + "hashes": [ + "f23c4432eb6761d5742ca93ac63e32f554b2f609089cce6c7b128560cad7864c" + ], + "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\ACTIVE SETUP\\INSTALLED COMPONENTS\\{51P2C78S-7FGB-24RE-T153-QSOS5248SH3A}", + "value_name": "StubPath" + }, + { + "hashes": [ + "f23c4432eb6761d5742ca93ac63e32f554b2f609089cce6c7b128560cad7864c" + ], + "key": "<HKCU>\\SOFTWARE\\REMOTE", + "value_name": "FirstExecution" + }, + { + "hashes": [ + "f98a7257bc518d66a99b78f55fbde062882e70024240e2136ef3d9ae4d85f911" + ], + "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", + "value_name": "winlogon.exe" + }, + { + "hashes": [ + "0f6a595d6bfd0dc514dbde0b8be7cdb2aa1dba94a103f1c79205f0bcf9856e7f" + ], + "key": "<HKCU>\\SOFTWARE\\PZX1BF", + "value_name": null + }, + { + "hashes": [ + "0f6a595d6bfd0dc514dbde0b8be7cdb2aa1dba94a103f1c79205f0bcf9856e7f" + ], + "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\ACTIVE SETUP\\INSTALLED COMPONENTS\\{LCYKLPC8-3GPM-5T71-2B35-MD1K274642KG}", + "value_name": null + }, + { + "hashes": [ + "0f6a595d6bfd0dc514dbde0b8be7cdb2aa1dba94a103f1c79205f0bcf9856e7f" + ], + "key": "<HKCU>\\SOFTWARE\\XTREMERAT", + "value_name": "Mutex" + }, + { + "hashes": [ + "0f6a595d6bfd0dc514dbde0b8be7cdb2aa1dba94a103f1c79205f0bcf9856e7f" + ], + "key": "<HKCU>\\SOFTWARE\\PZX1BF", + "value_name": "ServerStarted" + }, + { + "hashes": [ + "0f6a595d6bfd0dc514dbde0b8be7cdb2aa1dba94a103f1c79205f0bcf9856e7f" + ], + "key": "<HKCU>\\SOFTWARE\\PZX1BF", + "value_name": "ServerName" + }, + { + "hashes": [ + "0f6a595d6bfd0dc514dbde0b8be7cdb2aa1dba94a103f1c79205f0bcf9856e7f" + ], + "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\ACTIVE SETUP\\INSTALLED COMPONENTS\\{LCYKLPC8-3GPM-5T71-2B35-MD1K274642KG}", + "value_name": "StubPath" + }, + { + "hashes": [ + "1be1d57117ab25b16d4d17176062dc0cb469e25dcf2ec8c751c2104365697ae6" + ], + "key": "<HKCU>\\SOFTWARE\\TRADE HACK", + "value_name": null + }, + { + "hashes": [ + "1be1d57117ab25b16d4d17176062dc0cb469e25dcf2ec8c751c2104365697ae6" + ], + "key": "<HKCU>\\SOFTWARE\\TRADE HACK", + "value_name": "FirstExecution" + }, + { + "hashes": [ + "1be1d57117ab25b16d4d17176062dc0cb469e25dcf2ec8c751c2104365697ae6" + ], + "key": "<HKCU>\\SOFTWARE\\TRADE HACK", + "value_name": "NewIdentification" + }, + { + "hashes": [ + "1be1d57117ab25b16d4d17176062dc0cb469e25dcf2ec8c751c2104365697ae6" + ], + "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\ACTIVE SETUP\\INSTALLED COMPONENTS\\{35U3X061-1S3N-6815-2665-WR6131KBIU55}", + "value_name": null + }, + { + "hashes": [ + "1be1d57117ab25b16d4d17176062dc0cb469e25dcf2ec8c751c2104365697ae6" + ], + "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", + "value_name": "Win32" + }, + { + "hashes": [ + "1be1d57117ab25b16d4d17176062dc0cb469e25dcf2ec8c751c2104365697ae6" + ], + "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\ACTIVE SETUP\\INSTALLED COMPONENTS\\{35U3X061-1S3N-6815-2665-WR6131KBIU55}", + "value_name": "StubPath" + }, + { + "hashes": [ + "6557faee4a706e851f0aa28785e38dc56bfd422c4d8864c754c884163ab8ab3d" + ], + "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", + "value_name": "Windows Update" + }, + { + "hashes": [ + "50e76d4936b183bf0c03761a38bf0d74e037ce72b59df8a28764b7f446675f51" + ], + "key": "<HKLM>\\SOFTWARE\\CLASSES\\.725863", + "value_name": null + }, + { + "hashes": [ + "50e76d4936b183bf0c03761a38bf0d74e037ce72b59df8a28764b7f446675f51" + ], + "key": "<HKLM>\\SOFTWARE\\CLASSES\\SOHSGQBZPYWWZAD", + "value_name": null + }, + { + "hashes": [ + "50e76d4936b183bf0c03761a38bf0d74e037ce72b59df8a28764b7f446675f51" + ], + "key": "<HKLM>\\SOFTWARE\\CLASSES\\SOHSGQBZPYWWZAD\\DEFAULTICON", + "value_name": null + }, + { + "hashes": [ + "50e76d4936b183bf0c03761a38bf0d74e037ce72b59df8a28764b7f446675f51" + ], + "key": "<HKLM>\\SOFTWARE\\CLASSES\\SOHSGQBZPYWWZAD\\SHELL", + "value_name": null + }, + { + "hashes": [ + "50e76d4936b183bf0c03761a38bf0d74e037ce72b59df8a28764b7f446675f51" + ], + "key": "<HKLM>\\SOFTWARE\\CLASSES\\SOHSGQBZPYWWZAD\\SHELL\\OPEN", + "value_name": null + }, + { + "hashes": [ + "50e76d4936b183bf0c03761a38bf0d74e037ce72b59df8a28764b7f446675f51" + ], + "key": "<HKLM>\\SOFTWARE\\CLASSES\\SOHSGQBZPYWWZAD\\SHELL\\OPEN\\COMMAND", + "value_name": null + }, + { + "hashes": [ + "50e76d4936b183bf0c03761a38bf0d74e037ce72b59df8a28764b7f446675f51" + ], + "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", + "value_name": "Alcmeter" + }, + { + "hashes": [ + "50e76d4936b183bf0c03761a38bf0d74e037ce72b59df8a28764b7f446675f51" + ], + "key": "<HKLM>\\SOFTWARE\\CLASSES\\.725863", + "value_name": "" + }, + { + "hashes": [ + "50e76d4936b183bf0c03761a38bf0d74e037ce72b59df8a28764b7f446675f51" + ], + "key": "<HKLM>\\SOFTWARE\\CLASSES\\SOHSGQBZPYWWZAD", + "value_name": "" + }, + { + "hashes": [ + "50e76d4936b183bf0c03761a38bf0d74e037ce72b59df8a28764b7f446675f51" + ], + "key": "<HKLM>\\SOFTWARE\\CLASSES\\SOHSGQBZPYWWZAD\\DEFAULTICON", + "value_name": "" + }, + { + "hashes": [ + "50e76d4936b183bf0c03761a38bf0d74e037ce72b59df8a28764b7f446675f51" + ], + "key": "<HKLM>\\SOFTWARE\\CLASSES\\SOHSGQBZPYWWZAD\\SHELL\\OPEN\\COMMAND", + "value_name": "" + } + ] + }, + "reports_count": 37 + }, + "Win.Dropper.Emotet-7916286-0": { + "bis": [ + { + "bi": "pe-encrypted-section", + "hashes": [ + "c2532fa62e30b21e80d77b50ebcdcd6448d8f3bd093f7c0a7f364f6929a4413e", + "49203fc60b2d9ad0f244637732cf598a3748063610779ad17f1ca06a36e98067", + "a5ad31517a1d5c47b07a969adf0cac3ca36fcf75f8294f381d1c55ee816ae751", + "3661ff97330d218f720d5ef2b7e7228ffe8e00bae17b323cea9cbf372f53a610", + "1439554c970367a8a5537acf228ecf9c034e22349abec790610f110777c31049", + "12dd0d6980466a1352a129d9a9cb46dc2292293c9a52bf4cdcd1e800f3496f58", + "92a70b066baf52ef85155b4c14ea46f276af53175c456762febb79afb261c84c", + "826c8af37ff6d02f1fc29f98edf9acf77473310e68d5318263cafb60e849d871", + "2f8904658ab8fbde508f5e322c44bc8d19cb82a1c09384295747dc75f5d43a18", + "3773a60b1c652c920e002f0e5d2271340e4c4c01343ff4ea45766656d3ee02dc", + "dea443fd9b9c480d9a80b9db9785b61d66a516f365424ba4c0748e23d0a4463d", + "d66ddfe71ab137d862f94882475f5eff7a7844a2180e55c02fab658a29986dc9", + "ef812b01fbe9906f65f861b047ed8abee42a7954115129f25ced15dcde1dde20", + "d20704d6e80e7a3041ce040c0917e301a5364fe3dd0aee1293494d598eff5243", + "4725101e4d4fd71e1950adabfd95b74bfbd5d1fbabbe6504b4468ed48d24e9b9", + "8f7f1306ecd94e8512016a109c884d49698afeba77a1076f690445b07c8fdd7e", + "9957bc67cc01d0d36f50b15c01e9ae7b739d6decf8ec37384cd974f4a1bd323c", + "8caae9d2da14a76eb8dc9cb76ed0072a0d376c69b5907202c4c6000645d0981a", + "901867cb3a008060c8404b54688d04dd04e2706664515cc687933ee62c4ef432", + "82c313e9c00cf9f07bf1a6a1235938d0cf3a0ac678183fe9968f8062de880275", + "88768a6e480806fcc06e46b2622d8d3b15df310c340506d8163753b2daf78776", + "1ff65a7530d7a95b3477f6845eae29f2b49d195878542a598c543141c1ba46b1", + "3e1b43c44cb94417a4c4005456515882731d2000ff6b5eaf62b3e8665bc862cf", + "0dd76654dc339f05497023f255e7100de1dc3bf4d134ccb078b32f617df6caa7", + "1e731e9409ae23c92129740ee934826b68f20154d52b92e1cebf84710ee91323", + "eded5f8342ae9b92e073647988c1f0de3e65a5d64dcebda41b8cdc0cbb4c3534", + "cd9f151945acfeecb5bd0add9965c689724e37f4f0cb75e957e622291f7d8825" + ], + "mitre_attack_tags": [ + "TA0005", + "T1027" + ] + }, + { + "bi": "memory-execute-readwrite", + "hashes": [ + "c2532fa62e30b21e80d77b50ebcdcd6448d8f3bd093f7c0a7f364f6929a4413e", + "49203fc60b2d9ad0f244637732cf598a3748063610779ad17f1ca06a36e98067", + "a5ad31517a1d5c47b07a969adf0cac3ca36fcf75f8294f381d1c55ee816ae751", + "3661ff97330d218f720d5ef2b7e7228ffe8e00bae17b323cea9cbf372f53a610", + "1439554c970367a8a5537acf228ecf9c034e22349abec790610f110777c31049", + "12dd0d6980466a1352a129d9a9cb46dc2292293c9a52bf4cdcd1e800f3496f58", + "92a70b066baf52ef85155b4c14ea46f276af53175c456762febb79afb261c84c", + "826c8af37ff6d02f1fc29f98edf9acf77473310e68d5318263cafb60e849d871", + "2f8904658ab8fbde508f5e322c44bc8d19cb82a1c09384295747dc75f5d43a18", + "3773a60b1c652c920e002f0e5d2271340e4c4c01343ff4ea45766656d3ee02dc", + "dea443fd9b9c480d9a80b9db9785b61d66a516f365424ba4c0748e23d0a4463d", + "d66ddfe71ab137d862f94882475f5eff7a7844a2180e55c02fab658a29986dc9", + "ef812b01fbe9906f65f861b047ed8abee42a7954115129f25ced15dcde1dde20", + "d20704d6e80e7a3041ce040c0917e301a5364fe3dd0aee1293494d598eff5243", + "4725101e4d4fd71e1950adabfd95b74bfbd5d1fbabbe6504b4468ed48d24e9b9", + "8f7f1306ecd94e8512016a109c884d49698afeba77a1076f690445b07c8fdd7e", + "9957bc67cc01d0d36f50b15c01e9ae7b739d6decf8ec37384cd974f4a1bd323c", + "8caae9d2da14a76eb8dc9cb76ed0072a0d376c69b5907202c4c6000645d0981a", + "901867cb3a008060c8404b54688d04dd04e2706664515cc687933ee62c4ef432", + "82c313e9c00cf9f07bf1a6a1235938d0cf3a0ac678183fe9968f8062de880275", + "88768a6e480806fcc06e46b2622d8d3b15df310c340506d8163753b2daf78776", + "1ff65a7530d7a95b3477f6845eae29f2b49d195878542a598c543141c1ba46b1", + "3e1b43c44cb94417a4c4005456515882731d2000ff6b5eaf62b3e8665bc862cf", + "0dd76654dc339f05497023f255e7100de1dc3bf4d134ccb078b32f617df6caa7", + "1e731e9409ae23c92129740ee934826b68f20154d52b92e1cebf84710ee91323", + "eded5f8342ae9b92e073647988c1f0de3e65a5d64dcebda41b8cdc0cbb4c3534", + "cd9f151945acfeecb5bd0add9965c689724e37f4f0cb75e957e622291f7d8825" + ], + "mitre_attack_tags": [ + "TA0005", + "TA0004", + "T1055", + "T1181" + ] + }, + { + "bi": "antivirus-service-flagged-artifact", + "hashes": [ + "c2532fa62e30b21e80d77b50ebcdcd6448d8f3bd093f7c0a7f364f6929a4413e", + "49203fc60b2d9ad0f244637732cf598a3748063610779ad17f1ca06a36e98067", + "a5ad31517a1d5c47b07a969adf0cac3ca36fcf75f8294f381d1c55ee816ae751", + "3661ff97330d218f720d5ef2b7e7228ffe8e00bae17b323cea9cbf372f53a610", + "1439554c970367a8a5537acf228ecf9c034e22349abec790610f110777c31049", + "12dd0d6980466a1352a129d9a9cb46dc2292293c9a52bf4cdcd1e800f3496f58", + "92a70b066baf52ef85155b4c14ea46f276af53175c456762febb79afb261c84c", + "826c8af37ff6d02f1fc29f98edf9acf77473310e68d5318263cafb60e849d871", + "2f8904658ab8fbde508f5e322c44bc8d19cb82a1c09384295747dc75f5d43a18", + "3773a60b1c652c920e002f0e5d2271340e4c4c01343ff4ea45766656d3ee02dc", + "dea443fd9b9c480d9a80b9db9785b61d66a516f365424ba4c0748e23d0a4463d", + "d66ddfe71ab137d862f94882475f5eff7a7844a2180e55c02fab658a29986dc9", + "ef812b01fbe9906f65f861b047ed8abee42a7954115129f25ced15dcde1dde20", + "d20704d6e80e7a3041ce040c0917e301a5364fe3dd0aee1293494d598eff5243", + "4725101e4d4fd71e1950adabfd95b74bfbd5d1fbabbe6504b4468ed48d24e9b9", + "8f7f1306ecd94e8512016a109c884d49698afeba77a1076f690445b07c8fdd7e", + "9957bc67cc01d0d36f50b15c01e9ae7b739d6decf8ec37384cd974f4a1bd323c", + "8caae9d2da14a76eb8dc9cb76ed0072a0d376c69b5907202c4c6000645d0981a", + "901867cb3a008060c8404b54688d04dd04e2706664515cc687933ee62c4ef432", + "82c313e9c00cf9f07bf1a6a1235938d0cf3a0ac678183fe9968f8062de880275", + "88768a6e480806fcc06e46b2622d8d3b15df310c340506d8163753b2daf78776", + "1ff65a7530d7a95b3477f6845eae29f2b49d195878542a598c543141c1ba46b1", + "3e1b43c44cb94417a4c4005456515882731d2000ff6b5eaf62b3e8665bc862cf", + "0dd76654dc339f05497023f255e7100de1dc3bf4d134ccb078b32f617df6caa7", + "1e731e9409ae23c92129740ee934826b68f20154d52b92e1cebf84710ee91323", + "eded5f8342ae9b92e073647988c1f0de3e65a5d64dcebda41b8cdc0cbb4c3534", + "cd9f151945acfeecb5bd0add9965c689724e37f4f0cb75e957e622291f7d8825" + ], + "mitre_attack_tags": [] + }, + { + "bi": "network-snort-policy", + "hashes": [ + "c2532fa62e30b21e80d77b50ebcdcd6448d8f3bd093f7c0a7f364f6929a4413e", + "49203fc60b2d9ad0f244637732cf598a3748063610779ad17f1ca06a36e98067", + "a5ad31517a1d5c47b07a969adf0cac3ca36fcf75f8294f381d1c55ee816ae751", + "3661ff97330d218f720d5ef2b7e7228ffe8e00bae17b323cea9cbf372f53a610", + "1439554c970367a8a5537acf228ecf9c034e22349abec790610f110777c31049", + "12dd0d6980466a1352a129d9a9cb46dc2292293c9a52bf4cdcd1e800f3496f58", + "92a70b066baf52ef85155b4c14ea46f276af53175c456762febb79afb261c84c", + "826c8af37ff6d02f1fc29f98edf9acf77473310e68d5318263cafb60e849d871", + "2f8904658ab8fbde508f5e322c44bc8d19cb82a1c09384295747dc75f5d43a18", + "3773a60b1c652c920e002f0e5d2271340e4c4c01343ff4ea45766656d3ee02dc", + "dea443fd9b9c480d9a80b9db9785b61d66a516f365424ba4c0748e23d0a4463d", + "d66ddfe71ab137d862f94882475f5eff7a7844a2180e55c02fab658a29986dc9", + "ef812b01fbe9906f65f861b047ed8abee42a7954115129f25ced15dcde1dde20", + "d20704d6e80e7a3041ce040c0917e301a5364fe3dd0aee1293494d598eff5243", + "4725101e4d4fd71e1950adabfd95b74bfbd5d1fbabbe6504b4468ed48d24e9b9", + "8f7f1306ecd94e8512016a109c884d49698afeba77a1076f690445b07c8fdd7e", + "9957bc67cc01d0d36f50b15c01e9ae7b739d6decf8ec37384cd974f4a1bd323c", + "8caae9d2da14a76eb8dc9cb76ed0072a0d376c69b5907202c4c6000645d0981a", + "901867cb3a008060c8404b54688d04dd04e2706664515cc687933ee62c4ef432", + "82c313e9c00cf9f07bf1a6a1235938d0cf3a0ac678183fe9968f8062de880275", + "88768a6e480806fcc06e46b2622d8d3b15df310c340506d8163753b2daf78776", + "1ff65a7530d7a95b3477f6845eae29f2b49d195878542a598c543141c1ba46b1", + "3e1b43c44cb94417a4c4005456515882731d2000ff6b5eaf62b3e8665bc862cf", + "0dd76654dc339f05497023f255e7100de1dc3bf4d134ccb078b32f617df6caa7", + "1e731e9409ae23c92129740ee934826b68f20154d52b92e1cebf84710ee91323", + "eded5f8342ae9b92e073647988c1f0de3e65a5d64dcebda41b8cdc0cbb4c3534", + "cd9f151945acfeecb5bd0add9965c689724e37f4f0cb75e957e622291f7d8825" + ], + "mitre_attack_tags": [] + }, + { + "bi": "nginx-webserver-detected", + "hashes": [ + "c2532fa62e30b21e80d77b50ebcdcd6448d8f3bd093f7c0a7f364f6929a4413e", + "49203fc60b2d9ad0f244637732cf598a3748063610779ad17f1ca06a36e98067", + "a5ad31517a1d5c47b07a969adf0cac3ca36fcf75f8294f381d1c55ee816ae751", + "3661ff97330d218f720d5ef2b7e7228ffe8e00bae17b323cea9cbf372f53a610", + "1439554c970367a8a5537acf228ecf9c034e22349abec790610f110777c31049", + "12dd0d6980466a1352a129d9a9cb46dc2292293c9a52bf4cdcd1e800f3496f58", + "92a70b066baf52ef85155b4c14ea46f276af53175c456762febb79afb261c84c", + "826c8af37ff6d02f1fc29f98edf9acf77473310e68d5318263cafb60e849d871", + "2f8904658ab8fbde508f5e322c44bc8d19cb82a1c09384295747dc75f5d43a18", + "3773a60b1c652c920e002f0e5d2271340e4c4c01343ff4ea45766656d3ee02dc", + "dea443fd9b9c480d9a80b9db9785b61d66a516f365424ba4c0748e23d0a4463d", + "d66ddfe71ab137d862f94882475f5eff7a7844a2180e55c02fab658a29986dc9", + "ef812b01fbe9906f65f861b047ed8abee42a7954115129f25ced15dcde1dde20", + "d20704d6e80e7a3041ce040c0917e301a5364fe3dd0aee1293494d598eff5243", + "4725101e4d4fd71e1950adabfd95b74bfbd5d1fbabbe6504b4468ed48d24e9b9", + "8f7f1306ecd94e8512016a109c884d49698afeba77a1076f690445b07c8fdd7e", + "9957bc67cc01d0d36f50b15c01e9ae7b739d6decf8ec37384cd974f4a1bd323c", + "8caae9d2da14a76eb8dc9cb76ed0072a0d376c69b5907202c4c6000645d0981a", + "901867cb3a008060c8404b54688d04dd04e2706664515cc687933ee62c4ef432", + "82c313e9c00cf9f07bf1a6a1235938d0cf3a0ac678183fe9968f8062de880275", + "88768a6e480806fcc06e46b2622d8d3b15df310c340506d8163753b2daf78776", + "1ff65a7530d7a95b3477f6845eae29f2b49d195878542a598c543141c1ba46b1", + "3e1b43c44cb94417a4c4005456515882731d2000ff6b5eaf62b3e8665bc862cf", + "0dd76654dc339f05497023f255e7100de1dc3bf4d134ccb078b32f617df6caa7", + "1e731e9409ae23c92129740ee934826b68f20154d52b92e1cebf84710ee91323", + "eded5f8342ae9b92e073647988c1f0de3e65a5d64dcebda41b8cdc0cbb4c3534", + "cd9f151945acfeecb5bd0add9965c689724e37f4f0cb75e957e622291f7d8825" + ], + "mitre_attack_tags": [] + }, + { + "bi": "network-http-numeric-ip", + "hashes": [ + "c2532fa62e30b21e80d77b50ebcdcd6448d8f3bd093f7c0a7f364f6929a4413e", + "49203fc60b2d9ad0f244637732cf598a3748063610779ad17f1ca06a36e98067", + "a5ad31517a1d5c47b07a969adf0cac3ca36fcf75f8294f381d1c55ee816ae751", + "3661ff97330d218f720d5ef2b7e7228ffe8e00bae17b323cea9cbf372f53a610", + "1439554c970367a8a5537acf228ecf9c034e22349abec790610f110777c31049", + "12dd0d6980466a1352a129d9a9cb46dc2292293c9a52bf4cdcd1e800f3496f58", + "92a70b066baf52ef85155b4c14ea46f276af53175c456762febb79afb261c84c", + "826c8af37ff6d02f1fc29f98edf9acf77473310e68d5318263cafb60e849d871", + "2f8904658ab8fbde508f5e322c44bc8d19cb82a1c09384295747dc75f5d43a18", + "3773a60b1c652c920e002f0e5d2271340e4c4c01343ff4ea45766656d3ee02dc", + "dea443fd9b9c480d9a80b9db9785b61d66a516f365424ba4c0748e23d0a4463d", + "d66ddfe71ab137d862f94882475f5eff7a7844a2180e55c02fab658a29986dc9", + "ef812b01fbe9906f65f861b047ed8abee42a7954115129f25ced15dcde1dde20", + "d20704d6e80e7a3041ce040c0917e301a5364fe3dd0aee1293494d598eff5243", + "4725101e4d4fd71e1950adabfd95b74bfbd5d1fbabbe6504b4468ed48d24e9b9", + "8f7f1306ecd94e8512016a109c884d49698afeba77a1076f690445b07c8fdd7e", + "9957bc67cc01d0d36f50b15c01e9ae7b739d6decf8ec37384cd974f4a1bd323c", + "8caae9d2da14a76eb8dc9cb76ed0072a0d376c69b5907202c4c6000645d0981a", + "901867cb3a008060c8404b54688d04dd04e2706664515cc687933ee62c4ef432", + "82c313e9c00cf9f07bf1a6a1235938d0cf3a0ac678183fe9968f8062de880275", + "88768a6e480806fcc06e46b2622d8d3b15df310c340506d8163753b2daf78776", + "1ff65a7530d7a95b3477f6845eae29f2b49d195878542a598c543141c1ba46b1", + "3e1b43c44cb94417a4c4005456515882731d2000ff6b5eaf62b3e8665bc862cf", + "0dd76654dc339f05497023f255e7100de1dc3bf4d134ccb078b32f617df6caa7", + "1e731e9409ae23c92129740ee934826b68f20154d52b92e1cebf84710ee91323", + "eded5f8342ae9b92e073647988c1f0de3e65a5d64dcebda41b8cdc0cbb4c3534", + "cd9f151945acfeecb5bd0add9965c689724e37f4f0cb75e957e622291f7d8825" + ], + "mitre_attack_tags": [ + "TA0011", + "TA0005", + "T1071" + ] + }, + { + "bi": "network-communications-http-post", + "hashes": [ + "c2532fa62e30b21e80d77b50ebcdcd6448d8f3bd093f7c0a7f364f6929a4413e", + "49203fc60b2d9ad0f244637732cf598a3748063610779ad17f1ca06a36e98067", + "a5ad31517a1d5c47b07a969adf0cac3ca36fcf75f8294f381d1c55ee816ae751", + "3661ff97330d218f720d5ef2b7e7228ffe8e00bae17b323cea9cbf372f53a610", + "1439554c970367a8a5537acf228ecf9c034e22349abec790610f110777c31049", + "12dd0d6980466a1352a129d9a9cb46dc2292293c9a52bf4cdcd1e800f3496f58", + "92a70b066baf52ef85155b4c14ea46f276af53175c456762febb79afb261c84c", + "826c8af37ff6d02f1fc29f98edf9acf77473310e68d5318263cafb60e849d871", + "2f8904658ab8fbde508f5e322c44bc8d19cb82a1c09384295747dc75f5d43a18", + "3773a60b1c652c920e002f0e5d2271340e4c4c01343ff4ea45766656d3ee02dc", + "dea443fd9b9c480d9a80b9db9785b61d66a516f365424ba4c0748e23d0a4463d", + "d66ddfe71ab137d862f94882475f5eff7a7844a2180e55c02fab658a29986dc9", + "ef812b01fbe9906f65f861b047ed8abee42a7954115129f25ced15dcde1dde20", + "d20704d6e80e7a3041ce040c0917e301a5364fe3dd0aee1293494d598eff5243", + "4725101e4d4fd71e1950adabfd95b74bfbd5d1fbabbe6504b4468ed48d24e9b9", + "8f7f1306ecd94e8512016a109c884d49698afeba77a1076f690445b07c8fdd7e", + "9957bc67cc01d0d36f50b15c01e9ae7b739d6decf8ec37384cd974f4a1bd323c", + "8caae9d2da14a76eb8dc9cb76ed0072a0d376c69b5907202c4c6000645d0981a", + "901867cb3a008060c8404b54688d04dd04e2706664515cc687933ee62c4ef432", + "82c313e9c00cf9f07bf1a6a1235938d0cf3a0ac678183fe9968f8062de880275", + "88768a6e480806fcc06e46b2622d8d3b15df310c340506d8163753b2daf78776", + "1ff65a7530d7a95b3477f6845eae29f2b49d195878542a598c543141c1ba46b1", + "3e1b43c44cb94417a4c4005456515882731d2000ff6b5eaf62b3e8665bc862cf", + "0dd76654dc339f05497023f255e7100de1dc3bf4d134ccb078b32f617df6caa7", + "1e731e9409ae23c92129740ee934826b68f20154d52b92e1cebf84710ee91323", + "eded5f8342ae9b92e073647988c1f0de3e65a5d64dcebda41b8cdc0cbb4c3534", + "cd9f151945acfeecb5bd0add9965c689724e37f4f0cb75e957e622291f7d8825" + ], + "mitre_attack_tags": [ + "TA0011", + "TA0010", + "T1048" + ] + }, + { + "bi": "hook-installed", + "hashes": [ + "c2532fa62e30b21e80d77b50ebcdcd6448d8f3bd093f7c0a7f364f6929a4413e", + "49203fc60b2d9ad0f244637732cf598a3748063610779ad17f1ca06a36e98067", + "a5ad31517a1d5c47b07a969adf0cac3ca36fcf75f8294f381d1c55ee816ae751", + "3661ff97330d218f720d5ef2b7e7228ffe8e00bae17b323cea9cbf372f53a610", + "1439554c970367a8a5537acf228ecf9c034e22349abec790610f110777c31049", + "12dd0d6980466a1352a129d9a9cb46dc2292293c9a52bf4cdcd1e800f3496f58", + "92a70b066baf52ef85155b4c14ea46f276af53175c456762febb79afb261c84c", + "826c8af37ff6d02f1fc29f98edf9acf77473310e68d5318263cafb60e849d871", + "2f8904658ab8fbde508f5e322c44bc8d19cb82a1c09384295747dc75f5d43a18", + "3773a60b1c652c920e002f0e5d2271340e4c4c01343ff4ea45766656d3ee02dc", + "dea443fd9b9c480d9a80b9db9785b61d66a516f365424ba4c0748e23d0a4463d", + "d66ddfe71ab137d862f94882475f5eff7a7844a2180e55c02fab658a29986dc9", + "ef812b01fbe9906f65f861b047ed8abee42a7954115129f25ced15dcde1dde20", + "d20704d6e80e7a3041ce040c0917e301a5364fe3dd0aee1293494d598eff5243", + "4725101e4d4fd71e1950adabfd95b74bfbd5d1fbabbe6504b4468ed48d24e9b9", + "8f7f1306ecd94e8512016a109c884d49698afeba77a1076f690445b07c8fdd7e", + "9957bc67cc01d0d36f50b15c01e9ae7b739d6decf8ec37384cd974f4a1bd323c", + "8caae9d2da14a76eb8dc9cb76ed0072a0d376c69b5907202c4c6000645d0981a", + "901867cb3a008060c8404b54688d04dd04e2706664515cc687933ee62c4ef432", + "82c313e9c00cf9f07bf1a6a1235938d0cf3a0ac678183fe9968f8062de880275", + "88768a6e480806fcc06e46b2622d8d3b15df310c340506d8163753b2daf78776", + "1ff65a7530d7a95b3477f6845eae29f2b49d195878542a598c543141c1ba46b1", + "3e1b43c44cb94417a4c4005456515882731d2000ff6b5eaf62b3e8665bc862cf", + "0dd76654dc339f05497023f255e7100de1dc3bf4d134ccb078b32f617df6caa7", + "1e731e9409ae23c92129740ee934826b68f20154d52b92e1cebf84710ee91323", + "eded5f8342ae9b92e073647988c1f0de3e65a5d64dcebda41b8cdc0cbb4c3534", + "cd9f151945acfeecb5bd0add9965c689724e37f4f0cb75e957e622291f7d8825" + ], + "mitre_attack_tags": [ + "TA0006", + "TA0003", + "TA0004", + "T1056", + "T1179" + ] + }, + { + "bi": "pe-uses-armadillo", + "hashes": [ + "c2532fa62e30b21e80d77b50ebcdcd6448d8f3bd093f7c0a7f364f6929a4413e", + "49203fc60b2d9ad0f244637732cf598a3748063610779ad17f1ca06a36e98067", + "a5ad31517a1d5c47b07a969adf0cac3ca36fcf75f8294f381d1c55ee816ae751", + "3661ff97330d218f720d5ef2b7e7228ffe8e00bae17b323cea9cbf372f53a610", + "1439554c970367a8a5537acf228ecf9c034e22349abec790610f110777c31049", + "12dd0d6980466a1352a129d9a9cb46dc2292293c9a52bf4cdcd1e800f3496f58", + "92a70b066baf52ef85155b4c14ea46f276af53175c456762febb79afb261c84c", + "826c8af37ff6d02f1fc29f98edf9acf77473310e68d5318263cafb60e849d871", + "2f8904658ab8fbde508f5e322c44bc8d19cb82a1c09384295747dc75f5d43a18", + "3773a60b1c652c920e002f0e5d2271340e4c4c01343ff4ea45766656d3ee02dc", + "dea443fd9b9c480d9a80b9db9785b61d66a516f365424ba4c0748e23d0a4463d", + "d66ddfe71ab137d862f94882475f5eff7a7844a2180e55c02fab658a29986dc9", + "ef812b01fbe9906f65f861b047ed8abee42a7954115129f25ced15dcde1dde20", + "d20704d6e80e7a3041ce040c0917e301a5364fe3dd0aee1293494d598eff5243", + "4725101e4d4fd71e1950adabfd95b74bfbd5d1fbabbe6504b4468ed48d24e9b9", + "8f7f1306ecd94e8512016a109c884d49698afeba77a1076f690445b07c8fdd7e", + "9957bc67cc01d0d36f50b15c01e9ae7b739d6decf8ec37384cd974f4a1bd323c", + "8caae9d2da14a76eb8dc9cb76ed0072a0d376c69b5907202c4c6000645d0981a", + "901867cb3a008060c8404b54688d04dd04e2706664515cc687933ee62c4ef432", + "82c313e9c00cf9f07bf1a6a1235938d0cf3a0ac678183fe9968f8062de880275", + "88768a6e480806fcc06e46b2622d8d3b15df310c340506d8163753b2daf78776", + "1ff65a7530d7a95b3477f6845eae29f2b49d195878542a598c543141c1ba46b1", + "3e1b43c44cb94417a4c4005456515882731d2000ff6b5eaf62b3e8665bc862cf", + "0dd76654dc339f05497023f255e7100de1dc3bf4d134ccb078b32f617df6caa7", + "1e731e9409ae23c92129740ee934826b68f20154d52b92e1cebf84710ee91323", + "eded5f8342ae9b92e073647988c1f0de3e65a5d64dcebda41b8cdc0cbb4c3534", + "cd9f151945acfeecb5bd0add9965c689724e37f4f0cb75e957e622291f7d8825" + ], + "mitre_attack_tags": [ + "TA0005", + "T1027" + ] + }, + { + "bi": "deleted-submitted-file", + "hashes": [ + "c2532fa62e30b21e80d77b50ebcdcd6448d8f3bd093f7c0a7f364f6929a4413e", + "49203fc60b2d9ad0f244637732cf598a3748063610779ad17f1ca06a36e98067", + "a5ad31517a1d5c47b07a969adf0cac3ca36fcf75f8294f381d1c55ee816ae751", + "3661ff97330d218f720d5ef2b7e7228ffe8e00bae17b323cea9cbf372f53a610", + "1439554c970367a8a5537acf228ecf9c034e22349abec790610f110777c31049", + "12dd0d6980466a1352a129d9a9cb46dc2292293c9a52bf4cdcd1e800f3496f58", + "92a70b066baf52ef85155b4c14ea46f276af53175c456762febb79afb261c84c", + "826c8af37ff6d02f1fc29f98edf9acf77473310e68d5318263cafb60e849d871", + "2f8904658ab8fbde508f5e322c44bc8d19cb82a1c09384295747dc75f5d43a18", + "3773a60b1c652c920e002f0e5d2271340e4c4c01343ff4ea45766656d3ee02dc", + "dea443fd9b9c480d9a80b9db9785b61d66a516f365424ba4c0748e23d0a4463d", + "d66ddfe71ab137d862f94882475f5eff7a7844a2180e55c02fab658a29986dc9", + "ef812b01fbe9906f65f861b047ed8abee42a7954115129f25ced15dcde1dde20", + "d20704d6e80e7a3041ce040c0917e301a5364fe3dd0aee1293494d598eff5243", + "4725101e4d4fd71e1950adabfd95b74bfbd5d1fbabbe6504b4468ed48d24e9b9", + "8f7f1306ecd94e8512016a109c884d49698afeba77a1076f690445b07c8fdd7e", + "9957bc67cc01d0d36f50b15c01e9ae7b739d6decf8ec37384cd974f4a1bd323c", + "8caae9d2da14a76eb8dc9cb76ed0072a0d376c69b5907202c4c6000645d0981a", + "901867cb3a008060c8404b54688d04dd04e2706664515cc687933ee62c4ef432", + "82c313e9c00cf9f07bf1a6a1235938d0cf3a0ac678183fe9968f8062de880275", + "88768a6e480806fcc06e46b2622d8d3b15df310c340506d8163753b2daf78776", + "1ff65a7530d7a95b3477f6845eae29f2b49d195878542a598c543141c1ba46b1", + "3e1b43c44cb94417a4c4005456515882731d2000ff6b5eaf62b3e8665bc862cf", + "0dd76654dc339f05497023f255e7100de1dc3bf4d134ccb078b32f617df6caa7", + "1e731e9409ae23c92129740ee934826b68f20154d52b92e1cebf84710ee91323", + "eded5f8342ae9b92e073647988c1f0de3e65a5d64dcebda41b8cdc0cbb4c3534", + "cd9f151945acfeecb5bd0add9965c689724e37f4f0cb75e957e622291f7d8825" + ], + "mitre_attack_tags": [ + "TA0005", + "T1107" + ] + }, + { + "bi": "currentcontrolset-service-added", + "hashes": [ + "c2532fa62e30b21e80d77b50ebcdcd6448d8f3bd093f7c0a7f364f6929a4413e", + "49203fc60b2d9ad0f244637732cf598a3748063610779ad17f1ca06a36e98067", + "a5ad31517a1d5c47b07a969adf0cac3ca36fcf75f8294f381d1c55ee816ae751", + "3661ff97330d218f720d5ef2b7e7228ffe8e00bae17b323cea9cbf372f53a610", + "1439554c970367a8a5537acf228ecf9c034e22349abec790610f110777c31049", + "12dd0d6980466a1352a129d9a9cb46dc2292293c9a52bf4cdcd1e800f3496f58", + "92a70b066baf52ef85155b4c14ea46f276af53175c456762febb79afb261c84c", + "826c8af37ff6d02f1fc29f98edf9acf77473310e68d5318263cafb60e849d871", + "2f8904658ab8fbde508f5e322c44bc8d19cb82a1c09384295747dc75f5d43a18", + "dea443fd9b9c480d9a80b9db9785b61d66a516f365424ba4c0748e23d0a4463d", + "d66ddfe71ab137d862f94882475f5eff7a7844a2180e55c02fab658a29986dc9", + "ef812b01fbe9906f65f861b047ed8abee42a7954115129f25ced15dcde1dde20", + "d20704d6e80e7a3041ce040c0917e301a5364fe3dd0aee1293494d598eff5243", + "4725101e4d4fd71e1950adabfd95b74bfbd5d1fbabbe6504b4468ed48d24e9b9", + "8f7f1306ecd94e8512016a109c884d49698afeba77a1076f690445b07c8fdd7e", + "9957bc67cc01d0d36f50b15c01e9ae7b739d6decf8ec37384cd974f4a1bd323c", + "8caae9d2da14a76eb8dc9cb76ed0072a0d376c69b5907202c4c6000645d0981a", + "901867cb3a008060c8404b54688d04dd04e2706664515cc687933ee62c4ef432", + "82c313e9c00cf9f07bf1a6a1235938d0cf3a0ac678183fe9968f8062de880275", + "88768a6e480806fcc06e46b2622d8d3b15df310c340506d8163753b2daf78776", + "1ff65a7530d7a95b3477f6845eae29f2b49d195878542a598c543141c1ba46b1", + "3e1b43c44cb94417a4c4005456515882731d2000ff6b5eaf62b3e8665bc862cf", + "0dd76654dc339f05497023f255e7100de1dc3bf4d134ccb078b32f617df6caa7", + "1e731e9409ae23c92129740ee934826b68f20154d52b92e1cebf84710ee91323", + "eded5f8342ae9b92e073647988c1f0de3e65a5d64dcebda41b8cdc0cbb4c3534", + "cd9f151945acfeecb5bd0add9965c689724e37f4f0cb75e957e622291f7d8825" + ], + "mitre_attack_tags": [ + "TA0002", + "TA0003", + "T1035", + "T1060" + ] + }, + { + "bi": "registry-service-with-autostart-created", + "hashes": [ + "c2532fa62e30b21e80d77b50ebcdcd6448d8f3bd093f7c0a7f364f6929a4413e", + "49203fc60b2d9ad0f244637732cf598a3748063610779ad17f1ca06a36e98067", + "a5ad31517a1d5c47b07a969adf0cac3ca36fcf75f8294f381d1c55ee816ae751", + "3661ff97330d218f720d5ef2b7e7228ffe8e00bae17b323cea9cbf372f53a610", + "1439554c970367a8a5537acf228ecf9c034e22349abec790610f110777c31049", + "12dd0d6980466a1352a129d9a9cb46dc2292293c9a52bf4cdcd1e800f3496f58", + "92a70b066baf52ef85155b4c14ea46f276af53175c456762febb79afb261c84c", + "826c8af37ff6d02f1fc29f98edf9acf77473310e68d5318263cafb60e849d871", + "2f8904658ab8fbde508f5e322c44bc8d19cb82a1c09384295747dc75f5d43a18", + "dea443fd9b9c480d9a80b9db9785b61d66a516f365424ba4c0748e23d0a4463d", + "d66ddfe71ab137d862f94882475f5eff7a7844a2180e55c02fab658a29986dc9", + "ef812b01fbe9906f65f861b047ed8abee42a7954115129f25ced15dcde1dde20", + "d20704d6e80e7a3041ce040c0917e301a5364fe3dd0aee1293494d598eff5243", + "4725101e4d4fd71e1950adabfd95b74bfbd5d1fbabbe6504b4468ed48d24e9b9", + "8f7f1306ecd94e8512016a109c884d49698afeba77a1076f690445b07c8fdd7e", + "9957bc67cc01d0d36f50b15c01e9ae7b739d6decf8ec37384cd974f4a1bd323c", + "901867cb3a008060c8404b54688d04dd04e2706664515cc687933ee62c4ef432", + "82c313e9c00cf9f07bf1a6a1235938d0cf3a0ac678183fe9968f8062de880275", + "88768a6e480806fcc06e46b2622d8d3b15df310c340506d8163753b2daf78776", + "1ff65a7530d7a95b3477f6845eae29f2b49d195878542a598c543141c1ba46b1", + "3e1b43c44cb94417a4c4005456515882731d2000ff6b5eaf62b3e8665bc862cf", + "0dd76654dc339f05497023f255e7100de1dc3bf4d134ccb078b32f617df6caa7", + "1e731e9409ae23c92129740ee934826b68f20154d52b92e1cebf84710ee91323", + "eded5f8342ae9b92e073647988c1f0de3e65a5d64dcebda41b8cdc0cbb4c3534", + "cd9f151945acfeecb5bd0add9965c689724e37f4f0cb75e957e622291f7d8825" + ], + "mitre_attack_tags": [ + "TA0003", + "T1112", + "T1058" + ] + }, + { + "bi": "sample-launched-copy-of-self", + "hashes": [ + "c2532fa62e30b21e80d77b50ebcdcd6448d8f3bd093f7c0a7f364f6929a4413e", + "1439554c970367a8a5537acf228ecf9c034e22349abec790610f110777c31049", + "826c8af37ff6d02f1fc29f98edf9acf77473310e68d5318263cafb60e849d871", + "2f8904658ab8fbde508f5e322c44bc8d19cb82a1c09384295747dc75f5d43a18", + "3773a60b1c652c920e002f0e5d2271340e4c4c01343ff4ea45766656d3ee02dc", + "dea443fd9b9c480d9a80b9db9785b61d66a516f365424ba4c0748e23d0a4463d", + "d66ddfe71ab137d862f94882475f5eff7a7844a2180e55c02fab658a29986dc9", + "ef812b01fbe9906f65f861b047ed8abee42a7954115129f25ced15dcde1dde20", + "d20704d6e80e7a3041ce040c0917e301a5364fe3dd0aee1293494d598eff5243", + "4725101e4d4fd71e1950adabfd95b74bfbd5d1fbabbe6504b4468ed48d24e9b9", + "8f7f1306ecd94e8512016a109c884d49698afeba77a1076f690445b07c8fdd7e", + "9957bc67cc01d0d36f50b15c01e9ae7b739d6decf8ec37384cd974f4a1bd323c", + "8caae9d2da14a76eb8dc9cb76ed0072a0d376c69b5907202c4c6000645d0981a", + "901867cb3a008060c8404b54688d04dd04e2706664515cc687933ee62c4ef432", + "82c313e9c00cf9f07bf1a6a1235938d0cf3a0ac678183fe9968f8062de880275", + "88768a6e480806fcc06e46b2622d8d3b15df310c340506d8163753b2daf78776", + "1ff65a7530d7a95b3477f6845eae29f2b49d195878542a598c543141c1ba46b1", + "3e1b43c44cb94417a4c4005456515882731d2000ff6b5eaf62b3e8665bc862cf", + "0dd76654dc339f05497023f255e7100de1dc3bf4d134ccb078b32f617df6caa7", + "1e731e9409ae23c92129740ee934826b68f20154d52b92e1cebf84710ee91323", + "eded5f8342ae9b92e073647988c1f0de3e65a5d64dcebda41b8cdc0cbb4c3534", + "cd9f151945acfeecb5bd0add9965c689724e37f4f0cb75e957e622291f7d8825" + ], + "mitre_attack_tags": [ + "TA0005", + "T1202" + ] + }, + { + "bi": "deleted-executable-in-system-dir", + "hashes": [ + "2f8904658ab8fbde508f5e322c44bc8d19cb82a1c09384295747dc75f5d43a18", + "3773a60b1c652c920e002f0e5d2271340e4c4c01343ff4ea45766656d3ee02dc", + "dea443fd9b9c480d9a80b9db9785b61d66a516f365424ba4c0748e23d0a4463d", + "d66ddfe71ab137d862f94882475f5eff7a7844a2180e55c02fab658a29986dc9", + "ef812b01fbe9906f65f861b047ed8abee42a7954115129f25ced15dcde1dde20", + "d20704d6e80e7a3041ce040c0917e301a5364fe3dd0aee1293494d598eff5243", + "4725101e4d4fd71e1950adabfd95b74bfbd5d1fbabbe6504b4468ed48d24e9b9", + "8f7f1306ecd94e8512016a109c884d49698afeba77a1076f690445b07c8fdd7e", + "9957bc67cc01d0d36f50b15c01e9ae7b739d6decf8ec37384cd974f4a1bd323c", + "8caae9d2da14a76eb8dc9cb76ed0072a0d376c69b5907202c4c6000645d0981a", + "901867cb3a008060c8404b54688d04dd04e2706664515cc687933ee62c4ef432", + "82c313e9c00cf9f07bf1a6a1235938d0cf3a0ac678183fe9968f8062de880275", + "88768a6e480806fcc06e46b2622d8d3b15df310c340506d8163753b2daf78776", + "1ff65a7530d7a95b3477f6845eae29f2b49d195878542a598c543141c1ba46b1", + "3e1b43c44cb94417a4c4005456515882731d2000ff6b5eaf62b3e8665bc862cf", + "0dd76654dc339f05497023f255e7100de1dc3bf4d134ccb078b32f617df6caa7", + "1e731e9409ae23c92129740ee934826b68f20154d52b92e1cebf84710ee91323", + "eded5f8342ae9b92e073647988c1f0de3e65a5d64dcebda41b8cdc0cbb4c3534", + "cd9f151945acfeecb5bd0add9965c689724e37f4f0cb75e957e622291f7d8825" + ], + "mitre_attack_tags": [] + }, + { + "bi": "antivirus-flagged-artifact", + "hashes": [ + "49203fc60b2d9ad0f244637732cf598a3748063610779ad17f1ca06a36e98067", + "a5ad31517a1d5c47b07a969adf0cac3ca36fcf75f8294f381d1c55ee816ae751", + "3661ff97330d218f720d5ef2b7e7228ffe8e00bae17b323cea9cbf372f53a610", + "12dd0d6980466a1352a129d9a9cb46dc2292293c9a52bf4cdcd1e800f3496f58", + "2f8904658ab8fbde508f5e322c44bc8d19cb82a1c09384295747dc75f5d43a18", + "3773a60b1c652c920e002f0e5d2271340e4c4c01343ff4ea45766656d3ee02dc", + "d66ddfe71ab137d862f94882475f5eff7a7844a2180e55c02fab658a29986dc9", + "d20704d6e80e7a3041ce040c0917e301a5364fe3dd0aee1293494d598eff5243", + "4725101e4d4fd71e1950adabfd95b74bfbd5d1fbabbe6504b4468ed48d24e9b9", + "9957bc67cc01d0d36f50b15c01e9ae7b739d6decf8ec37384cd974f4a1bd323c", + "8caae9d2da14a76eb8dc9cb76ed0072a0d376c69b5907202c4c6000645d0981a", + "901867cb3a008060c8404b54688d04dd04e2706664515cc687933ee62c4ef432", + "1ff65a7530d7a95b3477f6845eae29f2b49d195878542a598c543141c1ba46b1", + "3e1b43c44cb94417a4c4005456515882731d2000ff6b5eaf62b3e8665bc862cf", + "0dd76654dc339f05497023f255e7100de1dc3bf4d134ccb078b32f617df6caa7", + "eded5f8342ae9b92e073647988c1f0de3e65a5d64dcebda41b8cdc0cbb4c3534" + ], + "mitre_attack_tags": [] + }, + { + "bi": "malware-emotet-mutex", + "hashes": [ + "c2532fa62e30b21e80d77b50ebcdcd6448d8f3bd093f7c0a7f364f6929a4413e", + "49203fc60b2d9ad0f244637732cf598a3748063610779ad17f1ca06a36e98067", + "a5ad31517a1d5c47b07a969adf0cac3ca36fcf75f8294f381d1c55ee816ae751", + "3661ff97330d218f720d5ef2b7e7228ffe8e00bae17b323cea9cbf372f53a610", + "1439554c970367a8a5537acf228ecf9c034e22349abec790610f110777c31049", + "12dd0d6980466a1352a129d9a9cb46dc2292293c9a52bf4cdcd1e800f3496f58", + "92a70b066baf52ef85155b4c14ea46f276af53175c456762febb79afb261c84c", + "826c8af37ff6d02f1fc29f98edf9acf77473310e68d5318263cafb60e849d871" + ], + "mitre_attack_tags": [] + }, + { + "bi": "modified-executable", + "hashes": [ + "49203fc60b2d9ad0f244637732cf598a3748063610779ad17f1ca06a36e98067", + "a5ad31517a1d5c47b07a969adf0cac3ca36fcf75f8294f381d1c55ee816ae751", + "3661ff97330d218f720d5ef2b7e7228ffe8e00bae17b323cea9cbf372f53a610", + "12dd0d6980466a1352a129d9a9cb46dc2292293c9a52bf4cdcd1e800f3496f58", + "92a70b066baf52ef85155b4c14ea46f276af53175c456762febb79afb261c84c" + ], + "mitre_attack_tags": [] + }, + { + "bi": "network-snort-server", + "hashes": [ + "49203fc60b2d9ad0f244637732cf598a3748063610779ad17f1ca06a36e98067", + "a5ad31517a1d5c47b07a969adf0cac3ca36fcf75f8294f381d1c55ee816ae751", + "3661ff97330d218f720d5ef2b7e7228ffe8e00bae17b323cea9cbf372f53a610", + "12dd0d6980466a1352a129d9a9cb46dc2292293c9a52bf4cdcd1e800f3496f58", + "92a70b066baf52ef85155b4c14ea46f276af53175c456762febb79afb261c84c" + ], + "mitre_attack_tags": [] + }, + { + "bi": "imports-IsDebuggerPresent", + "hashes": [ + "49203fc60b2d9ad0f244637732cf598a3748063610779ad17f1ca06a36e98067", + "a5ad31517a1d5c47b07a969adf0cac3ca36fcf75f8294f381d1c55ee816ae751", + "3661ff97330d218f720d5ef2b7e7228ffe8e00bae17b323cea9cbf372f53a610", + "12dd0d6980466a1352a129d9a9cb46dc2292293c9a52bf4cdcd1e800f3496f58", + "92a70b066baf52ef85155b4c14ea46f276af53175c456762febb79afb261c84c" + ], + "mitre_attack_tags": [] + }, + { + "bi": "network-file-uploaded", + "hashes": [ + "49203fc60b2d9ad0f244637732cf598a3748063610779ad17f1ca06a36e98067", + "3661ff97330d218f720d5ef2b7e7228ffe8e00bae17b323cea9cbf372f53a610", + "12dd0d6980466a1352a129d9a9cb46dc2292293c9a52bf4cdcd1e800f3496f58", + "92a70b066baf52ef85155b4c14ea46f276af53175c456762febb79afb261c84c" + ], + "mitre_attack_tags": [ + "TA0010", + "T1011" + ] + }, + { + "bi": "registry-service-type-modified", + "hashes": [ + "8caae9d2da14a76eb8dc9cb76ed0072a0d376c69b5907202c4c6000645d0981a" + ], + "mitre_attack_tags": [ + "TA0003", + "T1112", + "T1058" + ] + }, + { + "bi": "process-ping", + "hashes": [ + "3e1b43c44cb94417a4c4005456515882731d2000ff6b5eaf62b3e8665bc862cf" + ], + "mitre_attack_tags": [ + "TA0011", + "TA0007", + "T1049" + ] + } + ], + "category": "Dropper", + "coverage": { + "AMP": true, + "CWS": true, + "Cloudlock": false, + "Email Security": true, + "Network Security": true, + "Threat Grid": true, + "Umbrella": false, + "WSA": true + }, + "description": "Emotet is one of the most widely distributed and active malware families today. It is a highly modular threat that can deliver a wide variety of payloads. Emotet is commonly delivered via Microsoft Office documents with macros, sent as attachments on malicious emails.", + "hashes": [ + "0dd76654dc339f05497023f255e7100de1dc3bf4d134ccb078b32f617df6caa7", + "12dd0d6980466a1352a129d9a9cb46dc2292293c9a52bf4cdcd1e800f3496f58", + "1439554c970367a8a5537acf228ecf9c034e22349abec790610f110777c31049", + "1e731e9409ae23c92129740ee934826b68f20154d52b92e1cebf84710ee91323", + "1ff65a7530d7a95b3477f6845eae29f2b49d195878542a598c543141c1ba46b1", + "2f8904658ab8fbde508f5e322c44bc8d19cb82a1c09384295747dc75f5d43a18", + "3661ff97330d218f720d5ef2b7e7228ffe8e00bae17b323cea9cbf372f53a610", + "3773a60b1c652c920e002f0e5d2271340e4c4c01343ff4ea45766656d3ee02dc", + "3e1b43c44cb94417a4c4005456515882731d2000ff6b5eaf62b3e8665bc862cf", + "4725101e4d4fd71e1950adabfd95b74bfbd5d1fbabbe6504b4468ed48d24e9b9", + "49203fc60b2d9ad0f244637732cf598a3748063610779ad17f1ca06a36e98067", + "826c8af37ff6d02f1fc29f98edf9acf77473310e68d5318263cafb60e849d871", + "82c313e9c00cf9f07bf1a6a1235938d0cf3a0ac678183fe9968f8062de880275", + "88768a6e480806fcc06e46b2622d8d3b15df310c340506d8163753b2daf78776", + "8caae9d2da14a76eb8dc9cb76ed0072a0d376c69b5907202c4c6000645d0981a", + "8f7f1306ecd94e8512016a109c884d49698afeba77a1076f690445b07c8fdd7e", + "901867cb3a008060c8404b54688d04dd04e2706664515cc687933ee62c4ef432", + "92a70b066baf52ef85155b4c14ea46f276af53175c456762febb79afb261c84c", + "9957bc67cc01d0d36f50b15c01e9ae7b739d6decf8ec37384cd974f4a1bd323c", + "a5ad31517a1d5c47b07a969adf0cac3ca36fcf75f8294f381d1c55ee816ae751", + "c2532fa62e30b21e80d77b50ebcdcd6448d8f3bd093f7c0a7f364f6929a4413e", + "cd9f151945acfeecb5bd0add9965c689724e37f4f0cb75e957e622291f7d8825", + "d20704d6e80e7a3041ce040c0917e301a5364fe3dd0aee1293494d598eff5243", + "d66ddfe71ab137d862f94882475f5eff7a7844a2180e55c02fab658a29986dc9", + "dea443fd9b9c480d9a80b9db9785b61d66a516f365424ba4c0748e23d0a4463d", + "eded5f8342ae9b92e073647988c1f0de3e65a5d64dcebda41b8cdc0cbb4c3534", + "ef812b01fbe9906f65f861b047ed8abee42a7954115129f25ced15dcde1dde20" + ], + "iocs": { + "domain": [], + "file": [ + { + "hashes": [ + "1e731e9409ae23c92129740ee934826b68f20154d52b92e1cebf84710ee91323", + "2f8904658ab8fbde508f5e322c44bc8d19cb82a1c09384295747dc75f5d43a18", + "3e1b43c44cb94417a4c4005456515882731d2000ff6b5eaf62b3e8665bc862cf", + "88768a6e480806fcc06e46b2622d8d3b15df310c340506d8163753b2daf78776", + "a5ad31517a1d5c47b07a969adf0cac3ca36fcf75f8294f381d1c55ee816ae751", + "cd9f151945acfeecb5bd0add9965c689724e37f4f0cb75e957e622291f7d8825", + "d66ddfe71ab137d862f94882475f5eff7a7844a2180e55c02fab658a29986dc9" + ], + "path": "%SystemRoot%\\SysWOW64\\<random, matching '[a-z]{8}'>" + }, + { + "hashes": [ + "8f7f1306ecd94e8512016a109c884d49698afeba77a1076f690445b07c8fdd7e" + ], + "path": "%SystemRoot%\\SysWOW64\\KBDROST" + }, + { + "hashes": [ + "826c8af37ff6d02f1fc29f98edf9acf77473310e68d5318263cafb60e849d871" + ], + "path": "%SystemRoot%\\SysWOW64\\xwizard" + }, + { + "hashes": [ + "dea443fd9b9c480d9a80b9db9785b61d66a516f365424ba4c0748e23d0a4463d" + ], + "path": "%SystemRoot%\\SysWOW64\\browcli" + }, + { + "hashes": [ + "0dd76654dc339f05497023f255e7100de1dc3bf4d134ccb078b32f617df6caa7" + ], + "path": "%SystemRoot%\\SysWOW64\\api-ms-win-core-namedpipe-l1-1-0" + }, + { + "hashes": [ + "ef812b01fbe9906f65f861b047ed8abee42a7954115129f25ced15dcde1dde20" + ], + "path": "%SystemRoot%\\SysWOW64\\devenum" + }, + { + "hashes": [ + "9957bc67cc01d0d36f50b15c01e9ae7b739d6decf8ec37384cd974f4a1bd323c" + ], + "path": "%SystemRoot%\\SysWOW64\\PortableDeviceConnectApi" + }, + { + "hashes": [ + "3773a60b1c652c920e002f0e5d2271340e4c4c01343ff4ea45766656d3ee02dc" + ], + "path": "%SystemRoot%\\SysWOW64\\dxgi" + }, + { + "hashes": [ + "c2532fa62e30b21e80d77b50ebcdcd6448d8f3bd093f7c0a7f364f6929a4413e" + ], + "path": "%SystemRoot%\\SysWOW64\\C_ISCII" + }, + { + "hashes": [ + "1439554c970367a8a5537acf228ecf9c034e22349abec790610f110777c31049" + ], + "path": "%SystemRoot%\\SysWOW64\\duser" + }, + { + "hashes": [ + "1ff65a7530d7a95b3477f6845eae29f2b49d195878542a598c543141c1ba46b1" + ], + "path": "%SystemRoot%\\SysWOW64\\dot3cfg" + }, + { + "hashes": [ + "82c313e9c00cf9f07bf1a6a1235938d0cf3a0ac678183fe9968f8062de880275" + ], + "path": "%SystemRoot%\\SysWOW64\\acppage" + }, + { + "hashes": [ + "4725101e4d4fd71e1950adabfd95b74bfbd5d1fbabbe6504b4468ed48d24e9b9" + ], + "path": "%SystemRoot%\\SysWOW64\\dwmcore" + }, + { + "hashes": [ + "92a70b066baf52ef85155b4c14ea46f276af53175c456762febb79afb261c84c" + ], + "path": "%SystemRoot%\\SysWOW64\\appmgr" + }, + { + "hashes": [ + "3661ff97330d218f720d5ef2b7e7228ffe8e00bae17b323cea9cbf372f53a610" + ], + "path": "%SystemRoot%\\SysWOW64\\NlsLexicons0045" + }, + { + "hashes": [ + "901867cb3a008060c8404b54688d04dd04e2706664515cc687933ee62c4ef432" + ], + "path": "%SystemRoot%\\SysWOW64\\dimsjob" + }, + { + "hashes": [ + "8caae9d2da14a76eb8dc9cb76ed0072a0d376c69b5907202c4c6000645d0981a" + ], + "path": "%SystemRoot%\\SysWOW64\\efsui" + }, + { + "hashes": [ + "49203fc60b2d9ad0f244637732cf598a3748063610779ad17f1ca06a36e98067" + ], + "path": "%SystemRoot%\\SysWOW64\\KBDTUF" + }, + { + "hashes": [ + "a5ad31517a1d5c47b07a969adf0cac3ca36fcf75f8294f381d1c55ee816ae751" + ], + "path": "%ProgramData%\\EFVejogcgdIyPmUHf.exe" + }, + { + "hashes": [ + "12dd0d6980466a1352a129d9a9cb46dc2292293c9a52bf4cdcd1e800f3496f58" + ], + "path": "%SystemRoot%\\SysWOW64\\kbdax2" + }, + { + "hashes": [ + "92a70b066baf52ef85155b4c14ea46f276af53175c456762febb79afb261c84c" + ], + "path": "%ProgramData%\\BaEROcraiYwPKk.exe" + }, + { + "hashes": [ + "3661ff97330d218f720d5ef2b7e7228ffe8e00bae17b323cea9cbf372f53a610" + ], + "path": "%ProgramData%\\HsGuvFk.exe" + }, + { + "hashes": [ + "49203fc60b2d9ad0f244637732cf598a3748063610779ad17f1ca06a36e98067" + ], + "path": "%ProgramData%\\LXZvgNjvQFfpF.exe" + }, + { + "hashes": [ + "12dd0d6980466a1352a129d9a9cb46dc2292293c9a52bf4cdcd1e800f3496f58" + ], + "path": "%ProgramData%\\vSqVr.exe" + }, + { + "hashes": [ + "d20704d6e80e7a3041ce040c0917e301a5364fe3dd0aee1293494d598eff5243" + ], + "path": "%SystemRoot%\\SysWOW64\\RPCNDFP" + } + ], + "ip": [ + { + "hashes": [ + "0dd76654dc339f05497023f255e7100de1dc3bf4d134ccb078b32f617df6caa7", + "1e731e9409ae23c92129740ee934826b68f20154d52b92e1cebf84710ee91323", + "1ff65a7530d7a95b3477f6845eae29f2b49d195878542a598c543141c1ba46b1", + "2f8904658ab8fbde508f5e322c44bc8d19cb82a1c09384295747dc75f5d43a18", + "3773a60b1c652c920e002f0e5d2271340e4c4c01343ff4ea45766656d3ee02dc", + "3e1b43c44cb94417a4c4005456515882731d2000ff6b5eaf62b3e8665bc862cf", + "4725101e4d4fd71e1950adabfd95b74bfbd5d1fbabbe6504b4468ed48d24e9b9", + "82c313e9c00cf9f07bf1a6a1235938d0cf3a0ac678183fe9968f8062de880275", + "88768a6e480806fcc06e46b2622d8d3b15df310c340506d8163753b2daf78776", + "8caae9d2da14a76eb8dc9cb76ed0072a0d376c69b5907202c4c6000645d0981a", + "8f7f1306ecd94e8512016a109c884d49698afeba77a1076f690445b07c8fdd7e", + "901867cb3a008060c8404b54688d04dd04e2706664515cc687933ee62c4ef432", + "9957bc67cc01d0d36f50b15c01e9ae7b739d6decf8ec37384cd974f4a1bd323c", + "cd9f151945acfeecb5bd0add9965c689724e37f4f0cb75e957e622291f7d8825", + "d20704d6e80e7a3041ce040c0917e301a5364fe3dd0aee1293494d598eff5243", + "d66ddfe71ab137d862f94882475f5eff7a7844a2180e55c02fab658a29986dc9", + "dea443fd9b9c480d9a80b9db9785b61d66a516f365424ba4c0748e23d0a4463d", + "eded5f8342ae9b92e073647988c1f0de3e65a5d64dcebda41b8cdc0cbb4c3534", + "ef812b01fbe9906f65f861b047ed8abee42a7954115129f25ced15dcde1dde20" + ], + "ip": "84[.]21[.]179[.]51" + }, + { + "hashes": [ + "12dd0d6980466a1352a129d9a9cb46dc2292293c9a52bf4cdcd1e800f3496f58", + "1439554c970367a8a5537acf228ecf9c034e22349abec790610f110777c31049", + "3661ff97330d218f720d5ef2b7e7228ffe8e00bae17b323cea9cbf372f53a610", + "49203fc60b2d9ad0f244637732cf598a3748063610779ad17f1ca06a36e98067", + "826c8af37ff6d02f1fc29f98edf9acf77473310e68d5318263cafb60e849d871", + "a5ad31517a1d5c47b07a969adf0cac3ca36fcf75f8294f381d1c55ee816ae751", + "c2532fa62e30b21e80d77b50ebcdcd6448d8f3bd093f7c0a7f364f6929a4413e" + ], + "ip": "200[.]119[.]11[.]118" + }, + { + "hashes": [ + "12dd0d6980466a1352a129d9a9cb46dc2292293c9a52bf4cdcd1e800f3496f58", + "1439554c970367a8a5537acf228ecf9c034e22349abec790610f110777c31049", + "3661ff97330d218f720d5ef2b7e7228ffe8e00bae17b323cea9cbf372f53a610", + "49203fc60b2d9ad0f244637732cf598a3748063610779ad17f1ca06a36e98067", + "826c8af37ff6d02f1fc29f98edf9acf77473310e68d5318263cafb60e849d871", + "a5ad31517a1d5c47b07a969adf0cac3ca36fcf75f8294f381d1c55ee816ae751", + "c2532fa62e30b21e80d77b50ebcdcd6448d8f3bd093f7c0a7f364f6929a4413e" + ], + "ip": "190[.]229[.]148[.]144" + }, + { + "hashes": [ + "12dd0d6980466a1352a129d9a9cb46dc2292293c9a52bf4cdcd1e800f3496f58", + "1439554c970367a8a5537acf228ecf9c034e22349abec790610f110777c31049", + "3661ff97330d218f720d5ef2b7e7228ffe8e00bae17b323cea9cbf372f53a610", + "49203fc60b2d9ad0f244637732cf598a3748063610779ad17f1ca06a36e98067", + "826c8af37ff6d02f1fc29f98edf9acf77473310e68d5318263cafb60e849d871", + "a5ad31517a1d5c47b07a969adf0cac3ca36fcf75f8294f381d1c55ee816ae751", + "c2532fa62e30b21e80d77b50ebcdcd6448d8f3bd093f7c0a7f364f6929a4413e" + ], + "ip": "103[.]83[.]81[.]141" + }, + { + "hashes": [ + "12dd0d6980466a1352a129d9a9cb46dc2292293c9a52bf4cdcd1e800f3496f58", + "3661ff97330d218f720d5ef2b7e7228ffe8e00bae17b323cea9cbf372f53a610", + "49203fc60b2d9ad0f244637732cf598a3748063610779ad17f1ca06a36e98067", + "92a70b066baf52ef85155b4c14ea46f276af53175c456762febb79afb261c84c" + ], + "ip": "239[.]255[.]255[.]250" + }, + { + "hashes": [ + "12dd0d6980466a1352a129d9a9cb46dc2292293c9a52bf4cdcd1e800f3496f58", + "3661ff97330d218f720d5ef2b7e7228ffe8e00bae17b323cea9cbf372f53a610", + "49203fc60b2d9ad0f244637732cf598a3748063610779ad17f1ca06a36e98067", + "a5ad31517a1d5c47b07a969adf0cac3ca36fcf75f8294f381d1c55ee816ae751" + ], + "ip": "190[.]147[.]137[.]153" + }, + { + "hashes": [ + "12dd0d6980466a1352a129d9a9cb46dc2292293c9a52bf4cdcd1e800f3496f58", + "3661ff97330d218f720d5ef2b7e7228ffe8e00bae17b323cea9cbf372f53a610", + "49203fc60b2d9ad0f244637732cf598a3748063610779ad17f1ca06a36e98067" + ], + "ip": "51[.]159[.]23[.]217" + }, + { + "hashes": [ + "92a70b066baf52ef85155b4c14ea46f276af53175c456762febb79afb261c84c" + ], + "ip": "104[.]236[.]52[.]89" + }, + { + "hashes": [ + "92a70b066baf52ef85155b4c14ea46f276af53175c456762febb79afb261c84c" + ], + "ip": "188[.]251[.]213[.]180" + }, + { + "hashes": [ + "92a70b066baf52ef85155b4c14ea46f276af53175c456762febb79afb261c84c" + ], + "ip": "181[.]92[.]244[.]156" + } + ], + "mutex": [ + { + "hashes": [ + "12dd0d6980466a1352a129d9a9cb46dc2292293c9a52bf4cdcd1e800f3496f58", + "1439554c970367a8a5537acf228ecf9c034e22349abec790610f110777c31049", + "3661ff97330d218f720d5ef2b7e7228ffe8e00bae17b323cea9cbf372f53a610", + "49203fc60b2d9ad0f244637732cf598a3748063610779ad17f1ca06a36e98067", + "826c8af37ff6d02f1fc29f98edf9acf77473310e68d5318263cafb60e849d871", + "92a70b066baf52ef85155b4c14ea46f276af53175c456762febb79afb261c84c", + "a5ad31517a1d5c47b07a969adf0cac3ca36fcf75f8294f381d1c55ee816ae751", + "c2532fa62e30b21e80d77b50ebcdcd6448d8f3bd093f7c0a7f364f6929a4413e" + ], + "name": "Global\\I98B68E3C" + }, + { + "hashes": [ + "12dd0d6980466a1352a129d9a9cb46dc2292293c9a52bf4cdcd1e800f3496f58", + "1439554c970367a8a5537acf228ecf9c034e22349abec790610f110777c31049", + "3661ff97330d218f720d5ef2b7e7228ffe8e00bae17b323cea9cbf372f53a610", + "49203fc60b2d9ad0f244637732cf598a3748063610779ad17f1ca06a36e98067", + "826c8af37ff6d02f1fc29f98edf9acf77473310e68d5318263cafb60e849d871", + "92a70b066baf52ef85155b4c14ea46f276af53175c456762febb79afb261c84c", + "a5ad31517a1d5c47b07a969adf0cac3ca36fcf75f8294f381d1c55ee816ae751", + "c2532fa62e30b21e80d77b50ebcdcd6448d8f3bd093f7c0a7f364f6929a4413e" + ], + "name": "Global\\M98B68E3C" + }, + { + "hashes": [ + "12dd0d6980466a1352a129d9a9cb46dc2292293c9a52bf4cdcd1e800f3496f58", + "3661ff97330d218f720d5ef2b7e7228ffe8e00bae17b323cea9cbf372f53a610", + "49203fc60b2d9ad0f244637732cf598a3748063610779ad17f1ca06a36e98067", + "92a70b066baf52ef85155b4c14ea46f276af53175c456762febb79afb261c84c" + ], + "name": "Global\\Nx534F51BC" + } + ], + "registry": [ + { + "hashes": [ + "82c313e9c00cf9f07bf1a6a1235938d0cf3a0ac678183fe9968f8062de880275", + "8caae9d2da14a76eb8dc9cb76ed0072a0d376c69b5907202c4c6000645d0981a", + "9957bc67cc01d0d36f50b15c01e9ae7b739d6decf8ec37384cd974f4a1bd323c", + "a5ad31517a1d5c47b07a969adf0cac3ca36fcf75f8294f381d1c55ee816ae751", + "cd9f151945acfeecb5bd0add9965c689724e37f4f0cb75e957e622291f7d8825", + "ef812b01fbe9906f65f861b047ed8abee42a7954115129f25ced15dcde1dde20" + ], + "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\<random, matching '[A-Z0-9]{8}'>", + "value_name": "Type" + }, + { + "hashes": [ + "82c313e9c00cf9f07bf1a6a1235938d0cf3a0ac678183fe9968f8062de880275", + "8caae9d2da14a76eb8dc9cb76ed0072a0d376c69b5907202c4c6000645d0981a", + "9957bc67cc01d0d36f50b15c01e9ae7b739d6decf8ec37384cd974f4a1bd323c", + "a5ad31517a1d5c47b07a969adf0cac3ca36fcf75f8294f381d1c55ee816ae751", + "cd9f151945acfeecb5bd0add9965c689724e37f4f0cb75e957e622291f7d8825", + "ef812b01fbe9906f65f861b047ed8abee42a7954115129f25ced15dcde1dde20" + ], + "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\<random, matching '[A-Z0-9]{8}'>", + "value_name": "Start" + }, + { + "hashes": [ + "82c313e9c00cf9f07bf1a6a1235938d0cf3a0ac678183fe9968f8062de880275", + "8caae9d2da14a76eb8dc9cb76ed0072a0d376c69b5907202c4c6000645d0981a", + "9957bc67cc01d0d36f50b15c01e9ae7b739d6decf8ec37384cd974f4a1bd323c", + "a5ad31517a1d5c47b07a969adf0cac3ca36fcf75f8294f381d1c55ee816ae751", + "cd9f151945acfeecb5bd0add9965c689724e37f4f0cb75e957e622291f7d8825", + "ef812b01fbe9906f65f861b047ed8abee42a7954115129f25ced15dcde1dde20" + ], + "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\<random, matching '[A-Z0-9]{8}'>", + "value_name": "ErrorControl" + }, + { + "hashes": [ + "82c313e9c00cf9f07bf1a6a1235938d0cf3a0ac678183fe9968f8062de880275", + "8caae9d2da14a76eb8dc9cb76ed0072a0d376c69b5907202c4c6000645d0981a", + "9957bc67cc01d0d36f50b15c01e9ae7b739d6decf8ec37384cd974f4a1bd323c", + "a5ad31517a1d5c47b07a969adf0cac3ca36fcf75f8294f381d1c55ee816ae751", + "cd9f151945acfeecb5bd0add9965c689724e37f4f0cb75e957e622291f7d8825", + "ef812b01fbe9906f65f861b047ed8abee42a7954115129f25ced15dcde1dde20" + ], + "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\<random, matching '[A-Z0-9]{8}'>", + "value_name": "ImagePath" + }, + { + "hashes": [ + "82c313e9c00cf9f07bf1a6a1235938d0cf3a0ac678183fe9968f8062de880275", + "8caae9d2da14a76eb8dc9cb76ed0072a0d376c69b5907202c4c6000645d0981a", + "9957bc67cc01d0d36f50b15c01e9ae7b739d6decf8ec37384cd974f4a1bd323c", + "a5ad31517a1d5c47b07a969adf0cac3ca36fcf75f8294f381d1c55ee816ae751", + "cd9f151945acfeecb5bd0add9965c689724e37f4f0cb75e957e622291f7d8825", + "ef812b01fbe9906f65f861b047ed8abee42a7954115129f25ced15dcde1dde20" + ], + "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\<random, matching '[A-Z0-9]{8}'>", + "value_name": "DisplayName" + }, + { + "hashes": [ + "82c313e9c00cf9f07bf1a6a1235938d0cf3a0ac678183fe9968f8062de880275", + "8caae9d2da14a76eb8dc9cb76ed0072a0d376c69b5907202c4c6000645d0981a", + "9957bc67cc01d0d36f50b15c01e9ae7b739d6decf8ec37384cd974f4a1bd323c", + "a5ad31517a1d5c47b07a969adf0cac3ca36fcf75f8294f381d1c55ee816ae751", + "cd9f151945acfeecb5bd0add9965c689724e37f4f0cb75e957e622291f7d8825", + "ef812b01fbe9906f65f861b047ed8abee42a7954115129f25ced15dcde1dde20" + ], + "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\<random, matching '[A-Z0-9]{8}'>", + "value_name": "WOW64" + }, + { + "hashes": [ + "82c313e9c00cf9f07bf1a6a1235938d0cf3a0ac678183fe9968f8062de880275", + "8caae9d2da14a76eb8dc9cb76ed0072a0d376c69b5907202c4c6000645d0981a", + "9957bc67cc01d0d36f50b15c01e9ae7b739d6decf8ec37384cd974f4a1bd323c", + "a5ad31517a1d5c47b07a969adf0cac3ca36fcf75f8294f381d1c55ee816ae751", + "cd9f151945acfeecb5bd0add9965c689724e37f4f0cb75e957e622291f7d8825", + "ef812b01fbe9906f65f861b047ed8abee42a7954115129f25ced15dcde1dde20" + ], + "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\<random, matching '[A-Z0-9]{8}'>", + "value_name": "ObjectName" + }, + { + "hashes": [ + "82c313e9c00cf9f07bf1a6a1235938d0cf3a0ac678183fe9968f8062de880275", + "8caae9d2da14a76eb8dc9cb76ed0072a0d376c69b5907202c4c6000645d0981a", + "9957bc67cc01d0d36f50b15c01e9ae7b739d6decf8ec37384cd974f4a1bd323c", + "a5ad31517a1d5c47b07a969adf0cac3ca36fcf75f8294f381d1c55ee816ae751", + "cd9f151945acfeecb5bd0add9965c689724e37f4f0cb75e957e622291f7d8825", + "ef812b01fbe9906f65f861b047ed8abee42a7954115129f25ced15dcde1dde20" + ], + "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\<random, matching '[A-Z0-9]{8}'>", + "value_name": "Description" + }, + { + "hashes": [ + "82c313e9c00cf9f07bf1a6a1235938d0cf3a0ac678183fe9968f8062de880275", + "9957bc67cc01d0d36f50b15c01e9ae7b739d6decf8ec37384cd974f4a1bd323c", + "a5ad31517a1d5c47b07a969adf0cac3ca36fcf75f8294f381d1c55ee816ae751", + "cd9f151945acfeecb5bd0add9965c689724e37f4f0cb75e957e622291f7d8825", + "ef812b01fbe9906f65f861b047ed8abee42a7954115129f25ced15dcde1dde20" + ], + "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\<random, matching '[A-Z0-9]{8}'>", + "value_name": null + }, + { + "hashes": [ + "0dd76654dc339f05497023f255e7100de1dc3bf4d134ccb078b32f617df6caa7" + ], + "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\NLSDATA0007", + "value_name": "Start" + }, + { + "hashes": [ + "0dd76654dc339f05497023f255e7100de1dc3bf4d134ccb078b32f617df6caa7" + ], + "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\NLSDATA0007", + "value_name": "ErrorControl" + }, + { + "hashes": [ + "0dd76654dc339f05497023f255e7100de1dc3bf4d134ccb078b32f617df6caa7" + ], + "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\NLSDATA0007", + "value_name": "ImagePath" + }, + { + "hashes": [ + "3661ff97330d218f720d5ef2b7e7228ffe8e00bae17b323cea9cbf372f53a610" + ], + "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\NLSLEXICONS0045", + "value_name": null + }, + { + "hashes": [ + "0dd76654dc339f05497023f255e7100de1dc3bf4d134ccb078b32f617df6caa7" + ], + "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\NLSDATA0007", + "value_name": "DisplayName" + }, + { + "hashes": [ + "3661ff97330d218f720d5ef2b7e7228ffe8e00bae17b323cea9cbf372f53a610" + ], + "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\NLSLEXICONS0045", + "value_name": "Type" + }, + { + "hashes": [ + "0dd76654dc339f05497023f255e7100de1dc3bf4d134ccb078b32f617df6caa7" + ], + "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\NLSDATA0007", + "value_name": "WOW64" + }, + { + "hashes": [ + "3661ff97330d218f720d5ef2b7e7228ffe8e00bae17b323cea9cbf372f53a610" + ], + "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\NLSLEXICONS0045", + "value_name": "Start" + }, + { + "hashes": [ + "0dd76654dc339f05497023f255e7100de1dc3bf4d134ccb078b32f617df6caa7" + ], + "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\NLSDATA0007", + "value_name": "ObjectName" + }, + { + "hashes": [ + "3661ff97330d218f720d5ef2b7e7228ffe8e00bae17b323cea9cbf372f53a610" + ], + "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\NLSLEXICONS0045", + "value_name": "ErrorControl" + }, + { + "hashes": [ + "0dd76654dc339f05497023f255e7100de1dc3bf4d134ccb078b32f617df6caa7" + ], + "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\NLSDATA0007", + "value_name": "Description" + }, + { + "hashes": [ + "3661ff97330d218f720d5ef2b7e7228ffe8e00bae17b323cea9cbf372f53a610" + ], + "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\NLSLEXICONS0045", + "value_name": "ImagePath" + }, + { + "hashes": [ + "49203fc60b2d9ad0f244637732cf598a3748063610779ad17f1ca06a36e98067" + ], + "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\KBDTUF", + "value_name": null + }, + { + "hashes": [ + "3661ff97330d218f720d5ef2b7e7228ffe8e00bae17b323cea9cbf372f53a610" + ], + "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\NLSLEXICONS0045", + "value_name": "DisplayName" + }, + { + "hashes": [ + "49203fc60b2d9ad0f244637732cf598a3748063610779ad17f1ca06a36e98067" + ], + "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\KBDTUF", + "value_name": "Type" + }, + { + "hashes": [ + "3661ff97330d218f720d5ef2b7e7228ffe8e00bae17b323cea9cbf372f53a610" + ], + "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\NLSLEXICONS0045", + "value_name": "WOW64" + }, + { + "hashes": [ + "49203fc60b2d9ad0f244637732cf598a3748063610779ad17f1ca06a36e98067" + ], + "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\KBDTUF", + "value_name": "Start" + }, + { + "hashes": [ + "92a70b066baf52ef85155b4c14ea46f276af53175c456762febb79afb261c84c" + ], + "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\APPMGR", + "value_name": "Description" + }, + { + "hashes": [ + "3661ff97330d218f720d5ef2b7e7228ffe8e00bae17b323cea9cbf372f53a610" + ], + "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\NLSLEXICONS0045", + "value_name": "ObjectName" + }, + { + "hashes": [ + "49203fc60b2d9ad0f244637732cf598a3748063610779ad17f1ca06a36e98067" + ], + "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\KBDTUF", + "value_name": "ErrorControl" + }, + { + "hashes": [ + "3661ff97330d218f720d5ef2b7e7228ffe8e00bae17b323cea9cbf372f53a610" + ], + "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\NLSLEXICONS0045", + "value_name": "Description" + }, + { + "hashes": [ + "49203fc60b2d9ad0f244637732cf598a3748063610779ad17f1ca06a36e98067" + ], + "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\KBDTUF", + "value_name": "ImagePath" + }, + { + "hashes": [ + "49203fc60b2d9ad0f244637732cf598a3748063610779ad17f1ca06a36e98067" + ], + "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\KBDTUF", + "value_name": "DisplayName" + }, + { + "hashes": [ + "49203fc60b2d9ad0f244637732cf598a3748063610779ad17f1ca06a36e98067" + ], + "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\KBDTUF", + "value_name": "WOW64" + }, + { + "hashes": [ + "49203fc60b2d9ad0f244637732cf598a3748063610779ad17f1ca06a36e98067" + ], + "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\KBDTUF", + "value_name": "ObjectName" + }, + { + "hashes": [ + "49203fc60b2d9ad0f244637732cf598a3748063610779ad17f1ca06a36e98067" + ], + "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\KBDTUF", + "value_name": "Description" + }, + { + "hashes": [ + "12dd0d6980466a1352a129d9a9cb46dc2292293c9a52bf4cdcd1e800f3496f58" + ], + "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\KBDAX2", + "value_name": null + }, + { + "hashes": [ + "12dd0d6980466a1352a129d9a9cb46dc2292293c9a52bf4cdcd1e800f3496f58" + ], + "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\KBDAX2", + "value_name": "Type" + }, + { + "hashes": [ + "12dd0d6980466a1352a129d9a9cb46dc2292293c9a52bf4cdcd1e800f3496f58" + ], + "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\KBDAX2", + "value_name": "Start" + }, + { + "hashes": [ + "12dd0d6980466a1352a129d9a9cb46dc2292293c9a52bf4cdcd1e800f3496f58" + ], + "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\KBDAX2", + "value_name": "ErrorControl" + }, + { + "hashes": [ + "12dd0d6980466a1352a129d9a9cb46dc2292293c9a52bf4cdcd1e800f3496f58" + ], + "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\KBDAX2", + "value_name": "ImagePath" + }, + { + "hashes": [ + "12dd0d6980466a1352a129d9a9cb46dc2292293c9a52bf4cdcd1e800f3496f58" + ], + "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\KBDAX2", + "value_name": "DisplayName" + }, + { + "hashes": [ + "12dd0d6980466a1352a129d9a9cb46dc2292293c9a52bf4cdcd1e800f3496f58" + ], + "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\KBDAX2", + "value_name": "WOW64" + }, + { + "hashes": [ + "12dd0d6980466a1352a129d9a9cb46dc2292293c9a52bf4cdcd1e800f3496f58" + ], + "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\KBDAX2", + "value_name": "ObjectName" + }, + { + "hashes": [ + "12dd0d6980466a1352a129d9a9cb46dc2292293c9a52bf4cdcd1e800f3496f58" + ], + "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\KBDAX2", + "value_name": "Description" + }, + { + "hashes": [ + "901867cb3a008060c8404b54688d04dd04e2706664515cc687933ee62c4ef432" + ], + "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\OLE32", + "value_name": "ImagePath" + }, + { + "hashes": [ + "901867cb3a008060c8404b54688d04dd04e2706664515cc687933ee62c4ef432" + ], + "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\OLE32", + "value_name": "Description" + }, + { + "hashes": [ + "d66ddfe71ab137d862f94882475f5eff7a7844a2180e55c02fab658a29986dc9" + ], + "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\LOCATIONAPI", + "value_name": "ImagePath" + }, + { + "hashes": [ + "d66ddfe71ab137d862f94882475f5eff7a7844a2180e55c02fab658a29986dc9" + ], + "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\LOCATIONAPI", + "value_name": "Description" + }, + { + "hashes": [ + "d20704d6e80e7a3041ce040c0917e301a5364fe3dd0aee1293494d598eff5243" + ], + "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\MFMJPEGDEC", + "value_name": "ImagePath" + }, + { + "hashes": [ + "d20704d6e80e7a3041ce040c0917e301a5364fe3dd0aee1293494d598eff5243" + ], + "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\MFMJPEGDEC", + "value_name": "Description" + } + ] + }, + "reports_count": 27 + }, + "Win.Dropper.Kuluoz-7929761-0": { + "bis": [ + { + "bi": "memory-execute-readwrite", + "hashes": [ + "3cb111e6d531ae041de2efeac8587374f59526fa719460ad55faaacfb4936d99", + "712ecbe881c06855b483f0bbeaf7ea17db994363503a54b99cc416116ada4dba", + "56099780e1a7c1df6f8fe7b01f107b46bbe66025d492dfc7e72482dfc735113a", + "0c47e6afcb8c3354a181e8bda0512ca65d7a5b5c0541da879994c787ab4530e1", + "f3d49f47a5ef0861e8c98df6432ab96e4694f406bc892b80f4215d4db54c1a75", + "d833f6e5ff1156e9c836dbc2e00f5d4431bc450a6dc36e4ebfab34a32e3741c0", + "239051885f686e935ca2242165dc592c8e266e5eb72576c80d92a71fb558e83f", + "35d8e52e6d05dadf52f441971bb246d7d15e5a49f33626c91078dd1177d767b5", + "1fbd62875d486e68e80118228cdb356e243f00b0060f7dca195dd734778afa82", + "3b41e6fb3c8ece6117e852bdcdba6b3ef494e7eb502787ac12045fabc3ec5609", + "ca59f8e92dfefba36f5d601ffae6bb4ce3b5f05d1ff6c91d72461f475755d12e", + "b889023e1c702a202486aae5d5ba7b4c22d8a497812420316db62bb485853c78", + "f80065b055f780c8edb11b1871e74970c6abd0b5963966d470d09c060503a843", + "04f0e9827c423864e2f267f2fcfa8d31dbdfbe0d7b92d34f118d8e77b9597528", + "858716274ebe0e1eaffbe79fe3ea0764b2ee48409d42669e5c8e61c3c9831ff9", + "470fc19b55ecb8f7830c57763c22086d45e4bdbccbb410827da20f178d082eb1", + "7069134c0a0b1055a8bf49d54812015b4c4eaf24d638be77ca9c2b53389dffeb", + "3929cfbc0cb9cbe8be50104418169111b8ffdfdc58cf628560c61ea98adc7446", + "6bf293de0f7a6a267278de0d1d9d5b814f24853a0c2c1e5b4ea0406c0762f6f9", + "072276d94f0ff3f700574cc3b84cbc65d41b0eaff2e83a5653edf6ff7fd2e0ba", + "3cb808292a7a81b6ff25d497f25acad1e554d14806492bfefa1c1c7f204d405a", + "7ca67b54493ec1fbf018e6f8da87d6d261ec7fdb9a17cf8327e28ce8c0ab97f4", + "b3c3df072ff1aec9fff5f1b51bc8dcdcb656eeddceeb3c7643ed13d1d6760b4e", + "e344a020eb2b9e8f7849e6190250d881ce7ed68e89b447d47afba5fc34206895", + "ef4ac67eb5d531a8b4a5a54b69e5afcd6a9dc30cfbda86fe571fc0e04af41e1b", + "b3db6584b32bda2b9bb77255ddcd4014e5dfcc1c4d2251d0677033d3a15cfa80", + "e7788132c06de65d834b5639a40606942ef6394b21350ae2fab19254f8f1bc75", + "b6c5eebc72f7f175a7510d760e5aeffbfb77fa7d18cd707c57b47282cefb1b21", + "91c7ff92f3938267720a28e9c995125500aeb78e82714220688d3da95612c15a", + "9b5919486261f6182fca2fe05a6027ffecb0b21f85f8182ad0323983c3e64784", + "16a1a073d93a8d56001a694d04fed70b17019eb244670390c0946104656528f6", + "e2682e27b3ad24b9dadf235adc1e1484fcc1f3ad4127494ae291f729178899dd", + "10ea6c280c20d3567453bda8c2af4794b867ad43d3e9c6e06fea328e8b1d4f5a", + "e9c00348e18aeb045f8e646f38b83c40b78bca943bfa5edba40ecb9e1794c5c3", + "9c4408d9e0a07492ab2995e82e7b9200d78f0243a8f39b6f13adcfde3547611e", + "5cda9d95afad5d7cc4584f8788ff30a2270020b6d4c874589dc4715f5fb166cc", + "bcae3849ba57e0a0fed0f91d6f690361a98e1c5560c2f3144c6746d583cf5381", + "af730f5170933c122bb4e9b8c50c596d150b45d670baba9ab4655e343c835e3d", + "82fafc3ad44adb44bb8f4cc0205915a89b3dee6bfc1c84e4dc6a8b4c9c429e07", + "ba7c302411d29424ac426051a867f8386f6e03abf7b83d385e3f028388dee559", + "9f4c5694e674c829e242955febef9efb130ee87d8bb0caed1961a9cc39cf21ad", + "674937c7fea9937d3157090a4358a53d21b45cf0bbe67b76e5d1adcda87df931", + "48fb31e3268057b2985bfe5455f5fe672169bc27c35b463266bac746af9e31e8", + "f5b90919a1c59edf4148d0d42ac361c8d439b4926956ec5ddc25c9eabb3abc21", + "cf6d5a0dde7159109750880e5ae5595923b0e502e178326344c0bb49a141b5f3", + "91d31331456072dc5dd1c7f8e1a5de4f0c2e22e888a02006e267f76d919ad387", + "b58b29b29b08569ac1e4dc89a41d765a9746a7fd13deebb76d6799e119a7dc81", + "5244ea22ca67d2b4dacfcb7625f4658a4c92a9b5c90eeace1427e71582321e1a", + "e3ec3a1999c935c8dfb4922ed30353be3758696a4d7a336925f3f8b90315cd90", + "e2827ceb2ca75fd7d6d81b031ff89f67ef273b25ad26afcf7218bee92edeba51", + "a498beaab56b3c14562091c0ec732c4c5daeaf13754e9ec6e9b17f8292c9deb0", + "4a86cbb357806bb557b9ef262e458fe051d14a4507f0cd23924b379e0e4f6b48", + "db92a789081585aa07f255036b5a862cf6d0ceb8a8aee45d93aa882db61d35f0", + "c828b4b562816f3a34ccbee1b804665f1aac2f8f487c39e5cecb751541b66713", + "52091dc21ec158cf6d1a3593beb7043d9b95831cb7524b7f537ba13361fe24d5", + "71cbea725d64eb8055a0fb931b75cd3e917adb363af7ebdf12d22d0c149ecc1d", + "69fb5ba180985ff11e747db0bd46b177d9551503da46638ff5586ff90f7a6baf", + "89e73508b4da44c1b92b3c883f7ea4cacc9a689f14b42c6856b946f19b36ee3d", + "9144fa8590d0bfd6b8d2aadcc182e26918c3d530e9cfac5df9ed9c74b49f3622", + "8332cad289db9b2a133817901291d639742a6d17ee7d44694111655941ec2c1d", + "a210d0c79b879908b6b281722caf724f8e02b800ca7cffed17285574b1e73d4a", + "f75e8e0e0c7855400696c4dc9541bcd75a24f27676e9e4acf4146f434166a4b9", + "9bd458840202ac6a3e775d0b5bb14da65560c615a2a7ba6cc01f7b8a7fb75f8c", + "3c84e14224e65aa3a067c7b392e98037fc3672afc21fa02ef3ad3417e58c8e0f", + "8904f02c9115f5ea25a3815595be1ac6d642c646786d053ceec0d17606677c17", + "7440194e0b5ae29993d2f8571c8f7a83c029eeecf251a5e991fcd35e12108f61", + "077d53918dccaae2871aa7b501da372a6673e15b4a4447051852d4e01f581a03", + "5b5a3363903ac2fd810e4e1877ad59ebab5563e2740e4d970bc0c8ba4a471b08", + "f106305a63851987e0f48556e1a61c2fa6035c3b569005761fa2ba0aa3a7c085", + "9c7646c2bc1fbbee103868c7a13b9dd2c1cb29b62950fbf5acc67404b38da9ef", + "575e01491c4d5a08c2a6e60747fc87824397884a187d335f399057f50ba421f5", + "880275a257523f16fb83b540e5e1f4489d751c6684cb6f10a605f76f70b08d3a", + "cca39eebc73390fc408f0070fd31a4fec405b4466c248adc5413bbc4b5b0308c", + "1a2e5b01d2f1150064e73fedcf18de3a90f3950ae6c0a55697b2a87d723bffe2", + "3e05620847484822b3a23a1250863b550732547923e88e14e64b8084bc24c0c6", + "6197022f055da5446b9e6e937373805a3d497fdd4159827e23fc3cff6d26a51b", + "2f8594a39a654c99514983d6dbf367258de39be75294668ac80c2f9b248fd9aa", + "5ac7670fa52909cabebac7345330da2c85311efd3dbe89dd57bcc952c75b58fb", + "572bab030a2a464bf15793e5dd3e2d84b8360e3bb07be0e8d2708e3025b6a2a3", + "51d4c615066be53e24d1c2dc70bd9f5513f15ec615ec6b550945a5650d09035e", + "9bbc0fe8ddcd656cab2b39f146ea8e57cb2496b8777266a528d7af3d5d3ef799", + "9f7eabb50fcd7618c280d5639d6465fa87c3c2580495953f556d57da7242f515", + "112078a290c017e9c56a38a18d57e3507567836c7ecd55a29d43d06d8c4b2e87", + "43fadbcf6b371f33f758f939b8ea7b524ade6a7753b41d7a5b3dad524add560f", + "375d5f6b94dbc0b1bd46e46aae64b6cee43c2459af4a8c51e3bbe36b885cf216", + "659b77581f815a025f1826468979f5fce066e7f2bc91393ee74bd71fbb62cf14", + "dbdb416f2be2761c4acd105b87255e2e7feea28fcb6d77224b5e436eb5e0c492", + "8558d6b9eade8d8efc56573f591d28bd15c09935e955448dae984dbc028ae5d3", + "c03e016df0ddc6fd937a52f97d3cc08b945046481578dfc2489e7208196cb468", + "9772b6f8e9a3a4e3112ca3e5284bb1ee177bbb13fbb724a6e5c9f72801f2a5a6", + "65a2af1decd8c0a9209ce09d7eeb2088ae2007272e3a0ef6cfa90480d0871dba", + "1eac32099ccff0b55a138676e3ac291cb81c0cd2a573d6b5a013acbe5dc83536", + "7815afe50beb666d59454975871bc89711d3be94367a2dc1aeef4d1490e027a8", + "e5b34c78da584739945094d2543da674102a6e32f5d0c3e81923ce7a701ed824", + "f47dd464b5285b40dc39e07e414a6737d0f6289337c7618270fd3a4f53745081", + "1e8935e3c76df325b00eeb5e525ae4329de3ae64c991b9957327411740537b3c", + "a1ff028ab0f1c0abdd2650837afdbc1f28dad905cccb802b7af72e439c6acba4", + "1953ca3ec2aa45a27077b21f7e464f497abfb4f1ae6a75eb62824e414db4c88b", + "3977126c1a8ead71c700e64414dd4a97f1396fa97f6513650f0ae008f66e072f", + "be9755d7de1d78bd2c8bb957c80f199baf9630948b5e9e17eb54fd04a3646290", + "db7e61f78c1334471f801f40e9f1c7b67a2a150b7bb1ea29b716debfc87e0d87", + "3a906ac6fc9c764876f897e70242d3614f988d629d68c35a0b13d1969ceba44a", + "a0afe1c788bc4f1902f409b5c475b2da63166d33794d19ce76fe450c8c3cf0f3", + "f31698233389934cd18eaaed0d7fbafbe3cbe8738d1c493b492a26aa73a9c597", + "e7723943562ecd4c1394fefcd7d0321cd50e26c10d15a8136b3d524d6ee8a33e" + ], + "mitre_attack_tags": [ + "TA0005", + "TA0004", + "T1055", + "T1181" + ] + }, + { + "bi": "modified-executable", + "hashes": [ + "3cb111e6d531ae041de2efeac8587374f59526fa719460ad55faaacfb4936d99", + "712ecbe881c06855b483f0bbeaf7ea17db994363503a54b99cc416116ada4dba", + "56099780e1a7c1df6f8fe7b01f107b46bbe66025d492dfc7e72482dfc735113a", + "0c47e6afcb8c3354a181e8bda0512ca65d7a5b5c0541da879994c787ab4530e1", + "f3d49f47a5ef0861e8c98df6432ab96e4694f406bc892b80f4215d4db54c1a75", + "d833f6e5ff1156e9c836dbc2e00f5d4431bc450a6dc36e4ebfab34a32e3741c0", + "239051885f686e935ca2242165dc592c8e266e5eb72576c80d92a71fb558e83f", + "35d8e52e6d05dadf52f441971bb246d7d15e5a49f33626c91078dd1177d767b5", + "1fbd62875d486e68e80118228cdb356e243f00b0060f7dca195dd734778afa82", + "3b41e6fb3c8ece6117e852bdcdba6b3ef494e7eb502787ac12045fabc3ec5609", + "ca59f8e92dfefba36f5d601ffae6bb4ce3b5f05d1ff6c91d72461f475755d12e", + "b889023e1c702a202486aae5d5ba7b4c22d8a497812420316db62bb485853c78", + "f80065b055f780c8edb11b1871e74970c6abd0b5963966d470d09c060503a843", + "04f0e9827c423864e2f267f2fcfa8d31dbdfbe0d7b92d34f118d8e77b9597528", + "858716274ebe0e1eaffbe79fe3ea0764b2ee48409d42669e5c8e61c3c9831ff9", + "470fc19b55ecb8f7830c57763c22086d45e4bdbccbb410827da20f178d082eb1", + "7069134c0a0b1055a8bf49d54812015b4c4eaf24d638be77ca9c2b53389dffeb", + "3929cfbc0cb9cbe8be50104418169111b8ffdfdc58cf628560c61ea98adc7446", + "6bf293de0f7a6a267278de0d1d9d5b814f24853a0c2c1e5b4ea0406c0762f6f9", + "072276d94f0ff3f700574cc3b84cbc65d41b0eaff2e83a5653edf6ff7fd2e0ba", + "3cb808292a7a81b6ff25d497f25acad1e554d14806492bfefa1c1c7f204d405a", + "7ca67b54493ec1fbf018e6f8da87d6d261ec7fdb9a17cf8327e28ce8c0ab97f4", + "b3c3df072ff1aec9fff5f1b51bc8dcdcb656eeddceeb3c7643ed13d1d6760b4e", + "e344a020eb2b9e8f7849e6190250d881ce7ed68e89b447d47afba5fc34206895", + "ef4ac67eb5d531a8b4a5a54b69e5afcd6a9dc30cfbda86fe571fc0e04af41e1b", + "b3db6584b32bda2b9bb77255ddcd4014e5dfcc1c4d2251d0677033d3a15cfa80", + "e7788132c06de65d834b5639a40606942ef6394b21350ae2fab19254f8f1bc75", + "b6c5eebc72f7f175a7510d760e5aeffbfb77fa7d18cd707c57b47282cefb1b21", + "91c7ff92f3938267720a28e9c995125500aeb78e82714220688d3da95612c15a", + "9b5919486261f6182fca2fe05a6027ffecb0b21f85f8182ad0323983c3e64784", + "16a1a073d93a8d56001a694d04fed70b17019eb244670390c0946104656528f6", + "e2682e27b3ad24b9dadf235adc1e1484fcc1f3ad4127494ae291f729178899dd", + "10ea6c280c20d3567453bda8c2af4794b867ad43d3e9c6e06fea328e8b1d4f5a", + "e9c00348e18aeb045f8e646f38b83c40b78bca943bfa5edba40ecb9e1794c5c3", + "9c4408d9e0a07492ab2995e82e7b9200d78f0243a8f39b6f13adcfde3547611e", + "5cda9d95afad5d7cc4584f8788ff30a2270020b6d4c874589dc4715f5fb166cc", + "bcae3849ba57e0a0fed0f91d6f690361a98e1c5560c2f3144c6746d583cf5381", + "af730f5170933c122bb4e9b8c50c596d150b45d670baba9ab4655e343c835e3d", + "82fafc3ad44adb44bb8f4cc0205915a89b3dee6bfc1c84e4dc6a8b4c9c429e07", + "ba7c302411d29424ac426051a867f8386f6e03abf7b83d385e3f028388dee559", + "9f4c5694e674c829e242955febef9efb130ee87d8bb0caed1961a9cc39cf21ad", + "674937c7fea9937d3157090a4358a53d21b45cf0bbe67b76e5d1adcda87df931", + "48fb31e3268057b2985bfe5455f5fe672169bc27c35b463266bac746af9e31e8", + "f5b90919a1c59edf4148d0d42ac361c8d439b4926956ec5ddc25c9eabb3abc21", + "cf6d5a0dde7159109750880e5ae5595923b0e502e178326344c0bb49a141b5f3", + "91d31331456072dc5dd1c7f8e1a5de4f0c2e22e888a02006e267f76d919ad387", + "b58b29b29b08569ac1e4dc89a41d765a9746a7fd13deebb76d6799e119a7dc81", + "5244ea22ca67d2b4dacfcb7625f4658a4c92a9b5c90eeace1427e71582321e1a", + "e3ec3a1999c935c8dfb4922ed30353be3758696a4d7a336925f3f8b90315cd90", + "e2827ceb2ca75fd7d6d81b031ff89f67ef273b25ad26afcf7218bee92edeba51", + "a498beaab56b3c14562091c0ec732c4c5daeaf13754e9ec6e9b17f8292c9deb0", + "4a86cbb357806bb557b9ef262e458fe051d14a4507f0cd23924b379e0e4f6b48", + "db92a789081585aa07f255036b5a862cf6d0ceb8a8aee45d93aa882db61d35f0", + "c828b4b562816f3a34ccbee1b804665f1aac2f8f487c39e5cecb751541b66713", + "52091dc21ec158cf6d1a3593beb7043d9b95831cb7524b7f537ba13361fe24d5", + "71cbea725d64eb8055a0fb931b75cd3e917adb363af7ebdf12d22d0c149ecc1d", + "69fb5ba180985ff11e747db0bd46b177d9551503da46638ff5586ff90f7a6baf", + "89e73508b4da44c1b92b3c883f7ea4cacc9a689f14b42c6856b946f19b36ee3d", + "9144fa8590d0bfd6b8d2aadcc182e26918c3d530e9cfac5df9ed9c74b49f3622", + "8332cad289db9b2a133817901291d639742a6d17ee7d44694111655941ec2c1d", + "a210d0c79b879908b6b281722caf724f8e02b800ca7cffed17285574b1e73d4a", + "f75e8e0e0c7855400696c4dc9541bcd75a24f27676e9e4acf4146f434166a4b9", + "9bd458840202ac6a3e775d0b5bb14da65560c615a2a7ba6cc01f7b8a7fb75f8c", + "3c84e14224e65aa3a067c7b392e98037fc3672afc21fa02ef3ad3417e58c8e0f", + "8904f02c9115f5ea25a3815595be1ac6d642c646786d053ceec0d17606677c17", + "7440194e0b5ae29993d2f8571c8f7a83c029eeecf251a5e991fcd35e12108f61", + "077d53918dccaae2871aa7b501da372a6673e15b4a4447051852d4e01f581a03", + "5b5a3363903ac2fd810e4e1877ad59ebab5563e2740e4d970bc0c8ba4a471b08", + "f106305a63851987e0f48556e1a61c2fa6035c3b569005761fa2ba0aa3a7c085", + "9c7646c2bc1fbbee103868c7a13b9dd2c1cb29b62950fbf5acc67404b38da9ef", + "575e01491c4d5a08c2a6e60747fc87824397884a187d335f399057f50ba421f5", + "880275a257523f16fb83b540e5e1f4489d751c6684cb6f10a605f76f70b08d3a", + "cca39eebc73390fc408f0070fd31a4fec405b4466c248adc5413bbc4b5b0308c", + "1a2e5b01d2f1150064e73fedcf18de3a90f3950ae6c0a55697b2a87d723bffe2", + "3e05620847484822b3a23a1250863b550732547923e88e14e64b8084bc24c0c6", + "6197022f055da5446b9e6e937373805a3d497fdd4159827e23fc3cff6d26a51b", + "2f8594a39a654c99514983d6dbf367258de39be75294668ac80c2f9b248fd9aa", + "5ac7670fa52909cabebac7345330da2c85311efd3dbe89dd57bcc952c75b58fb", + "572bab030a2a464bf15793e5dd3e2d84b8360e3bb07be0e8d2708e3025b6a2a3", + "51d4c615066be53e24d1c2dc70bd9f5513f15ec615ec6b550945a5650d09035e", + "9bbc0fe8ddcd656cab2b39f146ea8e57cb2496b8777266a528d7af3d5d3ef799", + "9f7eabb50fcd7618c280d5639d6465fa87c3c2580495953f556d57da7242f515", + "112078a290c017e9c56a38a18d57e3507567836c7ecd55a29d43d06d8c4b2e87", + "43fadbcf6b371f33f758f939b8ea7b524ade6a7753b41d7a5b3dad524add560f", + "375d5f6b94dbc0b1bd46e46aae64b6cee43c2459af4a8c51e3bbe36b885cf216", + "659b77581f815a025f1826468979f5fce066e7f2bc91393ee74bd71fbb62cf14", + "dbdb416f2be2761c4acd105b87255e2e7feea28fcb6d77224b5e436eb5e0c492", + "8558d6b9eade8d8efc56573f591d28bd15c09935e955448dae984dbc028ae5d3", + "c03e016df0ddc6fd937a52f97d3cc08b945046481578dfc2489e7208196cb468", + "9772b6f8e9a3a4e3112ca3e5284bb1ee177bbb13fbb724a6e5c9f72801f2a5a6", + "65a2af1decd8c0a9209ce09d7eeb2088ae2007272e3a0ef6cfa90480d0871dba", + "1eac32099ccff0b55a138676e3ac291cb81c0cd2a573d6b5a013acbe5dc83536", + "7815afe50beb666d59454975871bc89711d3be94367a2dc1aeef4d1490e027a8", + "e5b34c78da584739945094d2543da674102a6e32f5d0c3e81923ce7a701ed824", + "f47dd464b5285b40dc39e07e414a6737d0f6289337c7618270fd3a4f53745081", + "1e8935e3c76df325b00eeb5e525ae4329de3ae64c991b9957327411740537b3c", + "a1ff028ab0f1c0abdd2650837afdbc1f28dad905cccb802b7af72e439c6acba4", + "1953ca3ec2aa45a27077b21f7e464f497abfb4f1ae6a75eb62824e414db4c88b", + "3977126c1a8ead71c700e64414dd4a97f1396fa97f6513650f0ae008f66e072f", + "be9755d7de1d78bd2c8bb957c80f199baf9630948b5e9e17eb54fd04a3646290", + "db7e61f78c1334471f801f40e9f1c7b67a2a150b7bb1ea29b716debfc87e0d87", + "3a906ac6fc9c764876f897e70242d3614f988d629d68c35a0b13d1969ceba44a", + "a0afe1c788bc4f1902f409b5c475b2da63166d33794d19ce76fe450c8c3cf0f3", + "f31698233389934cd18eaaed0d7fbafbe3cbe8738d1c493b492a26aa73a9c597", + "e7723943562ecd4c1394fefcd7d0321cd50e26c10d15a8136b3d524d6ee8a33e" + ], + "mitre_attack_tags": [] + }, + { + "bi": "created-executable-in-user-dir", + "hashes": [ + "3cb111e6d531ae041de2efeac8587374f59526fa719460ad55faaacfb4936d99", + "712ecbe881c06855b483f0bbeaf7ea17db994363503a54b99cc416116ada4dba", + "56099780e1a7c1df6f8fe7b01f107b46bbe66025d492dfc7e72482dfc735113a", + "0c47e6afcb8c3354a181e8bda0512ca65d7a5b5c0541da879994c787ab4530e1", + "f3d49f47a5ef0861e8c98df6432ab96e4694f406bc892b80f4215d4db54c1a75", + "d833f6e5ff1156e9c836dbc2e00f5d4431bc450a6dc36e4ebfab34a32e3741c0", + "239051885f686e935ca2242165dc592c8e266e5eb72576c80d92a71fb558e83f", + "35d8e52e6d05dadf52f441971bb246d7d15e5a49f33626c91078dd1177d767b5", + "1fbd62875d486e68e80118228cdb356e243f00b0060f7dca195dd734778afa82", + "3b41e6fb3c8ece6117e852bdcdba6b3ef494e7eb502787ac12045fabc3ec5609", + "ca59f8e92dfefba36f5d601ffae6bb4ce3b5f05d1ff6c91d72461f475755d12e", + "b889023e1c702a202486aae5d5ba7b4c22d8a497812420316db62bb485853c78", + "f80065b055f780c8edb11b1871e74970c6abd0b5963966d470d09c060503a843", + "04f0e9827c423864e2f267f2fcfa8d31dbdfbe0d7b92d34f118d8e77b9597528", + "858716274ebe0e1eaffbe79fe3ea0764b2ee48409d42669e5c8e61c3c9831ff9", + "470fc19b55ecb8f7830c57763c22086d45e4bdbccbb410827da20f178d082eb1", + "7069134c0a0b1055a8bf49d54812015b4c4eaf24d638be77ca9c2b53389dffeb", + "3929cfbc0cb9cbe8be50104418169111b8ffdfdc58cf628560c61ea98adc7446", + "6bf293de0f7a6a267278de0d1d9d5b814f24853a0c2c1e5b4ea0406c0762f6f9", + "072276d94f0ff3f700574cc3b84cbc65d41b0eaff2e83a5653edf6ff7fd2e0ba", + "3cb808292a7a81b6ff25d497f25acad1e554d14806492bfefa1c1c7f204d405a", + "7ca67b54493ec1fbf018e6f8da87d6d261ec7fdb9a17cf8327e28ce8c0ab97f4", + "b3c3df072ff1aec9fff5f1b51bc8dcdcb656eeddceeb3c7643ed13d1d6760b4e", + "e344a020eb2b9e8f7849e6190250d881ce7ed68e89b447d47afba5fc34206895", + "ef4ac67eb5d531a8b4a5a54b69e5afcd6a9dc30cfbda86fe571fc0e04af41e1b", + "b3db6584b32bda2b9bb77255ddcd4014e5dfcc1c4d2251d0677033d3a15cfa80", + "e7788132c06de65d834b5639a40606942ef6394b21350ae2fab19254f8f1bc75", + "b6c5eebc72f7f175a7510d760e5aeffbfb77fa7d18cd707c57b47282cefb1b21", + "91c7ff92f3938267720a28e9c995125500aeb78e82714220688d3da95612c15a", + "9b5919486261f6182fca2fe05a6027ffecb0b21f85f8182ad0323983c3e64784", + "16a1a073d93a8d56001a694d04fed70b17019eb244670390c0946104656528f6", + "e2682e27b3ad24b9dadf235adc1e1484fcc1f3ad4127494ae291f729178899dd", + "10ea6c280c20d3567453bda8c2af4794b867ad43d3e9c6e06fea328e8b1d4f5a", + "e9c00348e18aeb045f8e646f38b83c40b78bca943bfa5edba40ecb9e1794c5c3", + "9c4408d9e0a07492ab2995e82e7b9200d78f0243a8f39b6f13adcfde3547611e", + "5cda9d95afad5d7cc4584f8788ff30a2270020b6d4c874589dc4715f5fb166cc", + "bcae3849ba57e0a0fed0f91d6f690361a98e1c5560c2f3144c6746d583cf5381", + "af730f5170933c122bb4e9b8c50c596d150b45d670baba9ab4655e343c835e3d", + "82fafc3ad44adb44bb8f4cc0205915a89b3dee6bfc1c84e4dc6a8b4c9c429e07", + "ba7c302411d29424ac426051a867f8386f6e03abf7b83d385e3f028388dee559", + "9f4c5694e674c829e242955febef9efb130ee87d8bb0caed1961a9cc39cf21ad", + "674937c7fea9937d3157090a4358a53d21b45cf0bbe67b76e5d1adcda87df931", + "48fb31e3268057b2985bfe5455f5fe672169bc27c35b463266bac746af9e31e8", + "f5b90919a1c59edf4148d0d42ac361c8d439b4926956ec5ddc25c9eabb3abc21", + "cf6d5a0dde7159109750880e5ae5595923b0e502e178326344c0bb49a141b5f3", + "91d31331456072dc5dd1c7f8e1a5de4f0c2e22e888a02006e267f76d919ad387", + "b58b29b29b08569ac1e4dc89a41d765a9746a7fd13deebb76d6799e119a7dc81", + "5244ea22ca67d2b4dacfcb7625f4658a4c92a9b5c90eeace1427e71582321e1a", + "e3ec3a1999c935c8dfb4922ed30353be3758696a4d7a336925f3f8b90315cd90", + "e2827ceb2ca75fd7d6d81b031ff89f67ef273b25ad26afcf7218bee92edeba51", + "a498beaab56b3c14562091c0ec732c4c5daeaf13754e9ec6e9b17f8292c9deb0", + "4a86cbb357806bb557b9ef262e458fe051d14a4507f0cd23924b379e0e4f6b48", + "db92a789081585aa07f255036b5a862cf6d0ceb8a8aee45d93aa882db61d35f0", + "c828b4b562816f3a34ccbee1b804665f1aac2f8f487c39e5cecb751541b66713", + "52091dc21ec158cf6d1a3593beb7043d9b95831cb7524b7f537ba13361fe24d5", + "71cbea725d64eb8055a0fb931b75cd3e917adb363af7ebdf12d22d0c149ecc1d", + "69fb5ba180985ff11e747db0bd46b177d9551503da46638ff5586ff90f7a6baf", + "89e73508b4da44c1b92b3c883f7ea4cacc9a689f14b42c6856b946f19b36ee3d", + "9144fa8590d0bfd6b8d2aadcc182e26918c3d530e9cfac5df9ed9c74b49f3622", + "8332cad289db9b2a133817901291d639742a6d17ee7d44694111655941ec2c1d", + "a210d0c79b879908b6b281722caf724f8e02b800ca7cffed17285574b1e73d4a", + "f75e8e0e0c7855400696c4dc9541bcd75a24f27676e9e4acf4146f434166a4b9", + "9bd458840202ac6a3e775d0b5bb14da65560c615a2a7ba6cc01f7b8a7fb75f8c", + "3c84e14224e65aa3a067c7b392e98037fc3672afc21fa02ef3ad3417e58c8e0f", + "8904f02c9115f5ea25a3815595be1ac6d642c646786d053ceec0d17606677c17", + "7440194e0b5ae29993d2f8571c8f7a83c029eeecf251a5e991fcd35e12108f61", + "077d53918dccaae2871aa7b501da372a6673e15b4a4447051852d4e01f581a03", + "5b5a3363903ac2fd810e4e1877ad59ebab5563e2740e4d970bc0c8ba4a471b08", + "f106305a63851987e0f48556e1a61c2fa6035c3b569005761fa2ba0aa3a7c085", + "9c7646c2bc1fbbee103868c7a13b9dd2c1cb29b62950fbf5acc67404b38da9ef", + "575e01491c4d5a08c2a6e60747fc87824397884a187d335f399057f50ba421f5", + "880275a257523f16fb83b540e5e1f4489d751c6684cb6f10a605f76f70b08d3a", + "cca39eebc73390fc408f0070fd31a4fec405b4466c248adc5413bbc4b5b0308c", + "1a2e5b01d2f1150064e73fedcf18de3a90f3950ae6c0a55697b2a87d723bffe2", + "3e05620847484822b3a23a1250863b550732547923e88e14e64b8084bc24c0c6", + "6197022f055da5446b9e6e937373805a3d497fdd4159827e23fc3cff6d26a51b", + "2f8594a39a654c99514983d6dbf367258de39be75294668ac80c2f9b248fd9aa", + "5ac7670fa52909cabebac7345330da2c85311efd3dbe89dd57bcc952c75b58fb", + "572bab030a2a464bf15793e5dd3e2d84b8360e3bb07be0e8d2708e3025b6a2a3", + "51d4c615066be53e24d1c2dc70bd9f5513f15ec615ec6b550945a5650d09035e", + "9bbc0fe8ddcd656cab2b39f146ea8e57cb2496b8777266a528d7af3d5d3ef799", + "9f7eabb50fcd7618c280d5639d6465fa87c3c2580495953f556d57da7242f515", + "112078a290c017e9c56a38a18d57e3507567836c7ecd55a29d43d06d8c4b2e87", + "43fadbcf6b371f33f758f939b8ea7b524ade6a7753b41d7a5b3dad524add560f", + "375d5f6b94dbc0b1bd46e46aae64b6cee43c2459af4a8c51e3bbe36b885cf216", + "659b77581f815a025f1826468979f5fce066e7f2bc91393ee74bd71fbb62cf14", + "dbdb416f2be2761c4acd105b87255e2e7feea28fcb6d77224b5e436eb5e0c492", + "8558d6b9eade8d8efc56573f591d28bd15c09935e955448dae984dbc028ae5d3", + "c03e016df0ddc6fd937a52f97d3cc08b945046481578dfc2489e7208196cb468", + "9772b6f8e9a3a4e3112ca3e5284bb1ee177bbb13fbb724a6e5c9f72801f2a5a6", + "65a2af1decd8c0a9209ce09d7eeb2088ae2007272e3a0ef6cfa90480d0871dba", + "1eac32099ccff0b55a138676e3ac291cb81c0cd2a573d6b5a013acbe5dc83536", + "7815afe50beb666d59454975871bc89711d3be94367a2dc1aeef4d1490e027a8", + "e5b34c78da584739945094d2543da674102a6e32f5d0c3e81923ce7a701ed824", + "f47dd464b5285b40dc39e07e414a6737d0f6289337c7618270fd3a4f53745081", + "1e8935e3c76df325b00eeb5e525ae4329de3ae64c991b9957327411740537b3c", + "a1ff028ab0f1c0abdd2650837afdbc1f28dad905cccb802b7af72e439c6acba4", + "1953ca3ec2aa45a27077b21f7e464f497abfb4f1ae6a75eb62824e414db4c88b", + "3977126c1a8ead71c700e64414dd4a97f1396fa97f6513650f0ae008f66e072f", + "be9755d7de1d78bd2c8bb957c80f199baf9630948b5e9e17eb54fd04a3646290", + "db7e61f78c1334471f801f40e9f1c7b67a2a150b7bb1ea29b716debfc87e0d87", + "3a906ac6fc9c764876f897e70242d3614f988d629d68c35a0b13d1969ceba44a", + "a0afe1c788bc4f1902f409b5c475b2da63166d33794d19ce76fe450c8c3cf0f3", + "f31698233389934cd18eaaed0d7fbafbe3cbe8738d1c493b492a26aa73a9c597", + "e7723943562ecd4c1394fefcd7d0321cd50e26c10d15a8136b3d524d6ee8a33e" + ], + "mitre_attack_tags": [] + }, + { + "bi": "antivirus-service-flagged-artifact", + "hashes": [ + "3cb111e6d531ae041de2efeac8587374f59526fa719460ad55faaacfb4936d99", + "712ecbe881c06855b483f0bbeaf7ea17db994363503a54b99cc416116ada4dba", + "56099780e1a7c1df6f8fe7b01f107b46bbe66025d492dfc7e72482dfc735113a", + "0c47e6afcb8c3354a181e8bda0512ca65d7a5b5c0541da879994c787ab4530e1", + "f3d49f47a5ef0861e8c98df6432ab96e4694f406bc892b80f4215d4db54c1a75", + "d833f6e5ff1156e9c836dbc2e00f5d4431bc450a6dc36e4ebfab34a32e3741c0", + "239051885f686e935ca2242165dc592c8e266e5eb72576c80d92a71fb558e83f", + "35d8e52e6d05dadf52f441971bb246d7d15e5a49f33626c91078dd1177d767b5", + "1fbd62875d486e68e80118228cdb356e243f00b0060f7dca195dd734778afa82", + "3b41e6fb3c8ece6117e852bdcdba6b3ef494e7eb502787ac12045fabc3ec5609", + "ca59f8e92dfefba36f5d601ffae6bb4ce3b5f05d1ff6c91d72461f475755d12e", + "b889023e1c702a202486aae5d5ba7b4c22d8a497812420316db62bb485853c78", + "f80065b055f780c8edb11b1871e74970c6abd0b5963966d470d09c060503a843", + "04f0e9827c423864e2f267f2fcfa8d31dbdfbe0d7b92d34f118d8e77b9597528", + "858716274ebe0e1eaffbe79fe3ea0764b2ee48409d42669e5c8e61c3c9831ff9", + "470fc19b55ecb8f7830c57763c22086d45e4bdbccbb410827da20f178d082eb1", + "7069134c0a0b1055a8bf49d54812015b4c4eaf24d638be77ca9c2b53389dffeb", + "3929cfbc0cb9cbe8be50104418169111b8ffdfdc58cf628560c61ea98adc7446", + "6bf293de0f7a6a267278de0d1d9d5b814f24853a0c2c1e5b4ea0406c0762f6f9", + "072276d94f0ff3f700574cc3b84cbc65d41b0eaff2e83a5653edf6ff7fd2e0ba", + "3cb808292a7a81b6ff25d497f25acad1e554d14806492bfefa1c1c7f204d405a", + "7ca67b54493ec1fbf018e6f8da87d6d261ec7fdb9a17cf8327e28ce8c0ab97f4", + "b3c3df072ff1aec9fff5f1b51bc8dcdcb656eeddceeb3c7643ed13d1d6760b4e", + "e344a020eb2b9e8f7849e6190250d881ce7ed68e89b447d47afba5fc34206895", + "ef4ac67eb5d531a8b4a5a54b69e5afcd6a9dc30cfbda86fe571fc0e04af41e1b", + "b3db6584b32bda2b9bb77255ddcd4014e5dfcc1c4d2251d0677033d3a15cfa80", + "e7788132c06de65d834b5639a40606942ef6394b21350ae2fab19254f8f1bc75", + "b6c5eebc72f7f175a7510d760e5aeffbfb77fa7d18cd707c57b47282cefb1b21", + "91c7ff92f3938267720a28e9c995125500aeb78e82714220688d3da95612c15a", + "9b5919486261f6182fca2fe05a6027ffecb0b21f85f8182ad0323983c3e64784", + "16a1a073d93a8d56001a694d04fed70b17019eb244670390c0946104656528f6", + "e2682e27b3ad24b9dadf235adc1e1484fcc1f3ad4127494ae291f729178899dd", + "10ea6c280c20d3567453bda8c2af4794b867ad43d3e9c6e06fea328e8b1d4f5a", + "e9c00348e18aeb045f8e646f38b83c40b78bca943bfa5edba40ecb9e1794c5c3", + "9c4408d9e0a07492ab2995e82e7b9200d78f0243a8f39b6f13adcfde3547611e", + "5cda9d95afad5d7cc4584f8788ff30a2270020b6d4c874589dc4715f5fb166cc", + "bcae3849ba57e0a0fed0f91d6f690361a98e1c5560c2f3144c6746d583cf5381", + "af730f5170933c122bb4e9b8c50c596d150b45d670baba9ab4655e343c835e3d", + "82fafc3ad44adb44bb8f4cc0205915a89b3dee6bfc1c84e4dc6a8b4c9c429e07", + "ba7c302411d29424ac426051a867f8386f6e03abf7b83d385e3f028388dee559", + "9f4c5694e674c829e242955febef9efb130ee87d8bb0caed1961a9cc39cf21ad", + "674937c7fea9937d3157090a4358a53d21b45cf0bbe67b76e5d1adcda87df931", + "48fb31e3268057b2985bfe5455f5fe672169bc27c35b463266bac746af9e31e8", + "f5b90919a1c59edf4148d0d42ac361c8d439b4926956ec5ddc25c9eabb3abc21", + "cf6d5a0dde7159109750880e5ae5595923b0e502e178326344c0bb49a141b5f3", + "91d31331456072dc5dd1c7f8e1a5de4f0c2e22e888a02006e267f76d919ad387", + "b58b29b29b08569ac1e4dc89a41d765a9746a7fd13deebb76d6799e119a7dc81", + "5244ea22ca67d2b4dacfcb7625f4658a4c92a9b5c90eeace1427e71582321e1a", + "e3ec3a1999c935c8dfb4922ed30353be3758696a4d7a336925f3f8b90315cd90", + "e2827ceb2ca75fd7d6d81b031ff89f67ef273b25ad26afcf7218bee92edeba51", + "a498beaab56b3c14562091c0ec732c4c5daeaf13754e9ec6e9b17f8292c9deb0", + "4a86cbb357806bb557b9ef262e458fe051d14a4507f0cd23924b379e0e4f6b48", + "db92a789081585aa07f255036b5a862cf6d0ceb8a8aee45d93aa882db61d35f0", + "c828b4b562816f3a34ccbee1b804665f1aac2f8f487c39e5cecb751541b66713", + "52091dc21ec158cf6d1a3593beb7043d9b95831cb7524b7f537ba13361fe24d5", + "71cbea725d64eb8055a0fb931b75cd3e917adb363af7ebdf12d22d0c149ecc1d", + "69fb5ba180985ff11e747db0bd46b177d9551503da46638ff5586ff90f7a6baf", + "89e73508b4da44c1b92b3c883f7ea4cacc9a689f14b42c6856b946f19b36ee3d", + "9144fa8590d0bfd6b8d2aadcc182e26918c3d530e9cfac5df9ed9c74b49f3622", + "8332cad289db9b2a133817901291d639742a6d17ee7d44694111655941ec2c1d", + "a210d0c79b879908b6b281722caf724f8e02b800ca7cffed17285574b1e73d4a", + "f75e8e0e0c7855400696c4dc9541bcd75a24f27676e9e4acf4146f434166a4b9", + "9bd458840202ac6a3e775d0b5bb14da65560c615a2a7ba6cc01f7b8a7fb75f8c", + "3c84e14224e65aa3a067c7b392e98037fc3672afc21fa02ef3ad3417e58c8e0f", + "8904f02c9115f5ea25a3815595be1ac6d642c646786d053ceec0d17606677c17", + "7440194e0b5ae29993d2f8571c8f7a83c029eeecf251a5e991fcd35e12108f61", + "077d53918dccaae2871aa7b501da372a6673e15b4a4447051852d4e01f581a03", + "5b5a3363903ac2fd810e4e1877ad59ebab5563e2740e4d970bc0c8ba4a471b08", + "f106305a63851987e0f48556e1a61c2fa6035c3b569005761fa2ba0aa3a7c085", + "9c7646c2bc1fbbee103868c7a13b9dd2c1cb29b62950fbf5acc67404b38da9ef", + "575e01491c4d5a08c2a6e60747fc87824397884a187d335f399057f50ba421f5", + "880275a257523f16fb83b540e5e1f4489d751c6684cb6f10a605f76f70b08d3a", + "cca39eebc73390fc408f0070fd31a4fec405b4466c248adc5413bbc4b5b0308c", + "1a2e5b01d2f1150064e73fedcf18de3a90f3950ae6c0a55697b2a87d723bffe2", + "3e05620847484822b3a23a1250863b550732547923e88e14e64b8084bc24c0c6", + "6197022f055da5446b9e6e937373805a3d497fdd4159827e23fc3cff6d26a51b", + "2f8594a39a654c99514983d6dbf367258de39be75294668ac80c2f9b248fd9aa", + "5ac7670fa52909cabebac7345330da2c85311efd3dbe89dd57bcc952c75b58fb", + "572bab030a2a464bf15793e5dd3e2d84b8360e3bb07be0e8d2708e3025b6a2a3", + "51d4c615066be53e24d1c2dc70bd9f5513f15ec615ec6b550945a5650d09035e", + "9bbc0fe8ddcd656cab2b39f146ea8e57cb2496b8777266a528d7af3d5d3ef799", + "9f7eabb50fcd7618c280d5639d6465fa87c3c2580495953f556d57da7242f515", + "112078a290c017e9c56a38a18d57e3507567836c7ecd55a29d43d06d8c4b2e87", + "43fadbcf6b371f33f758f939b8ea7b524ade6a7753b41d7a5b3dad524add560f", + "375d5f6b94dbc0b1bd46e46aae64b6cee43c2459af4a8c51e3bbe36b885cf216", + "659b77581f815a025f1826468979f5fce066e7f2bc91393ee74bd71fbb62cf14", + "dbdb416f2be2761c4acd105b87255e2e7feea28fcb6d77224b5e436eb5e0c492", + "8558d6b9eade8d8efc56573f591d28bd15c09935e955448dae984dbc028ae5d3", + "c03e016df0ddc6fd937a52f97d3cc08b945046481578dfc2489e7208196cb468", + "9772b6f8e9a3a4e3112ca3e5284bb1ee177bbb13fbb724a6e5c9f72801f2a5a6", + "65a2af1decd8c0a9209ce09d7eeb2088ae2007272e3a0ef6cfa90480d0871dba", + "1eac32099ccff0b55a138676e3ac291cb81c0cd2a573d6b5a013acbe5dc83536", + "7815afe50beb666d59454975871bc89711d3be94367a2dc1aeef4d1490e027a8", + "e5b34c78da584739945094d2543da674102a6e32f5d0c3e81923ce7a701ed824", + "f47dd464b5285b40dc39e07e414a6737d0f6289337c7618270fd3a4f53745081", + "1e8935e3c76df325b00eeb5e525ae4329de3ae64c991b9957327411740537b3c", + "a1ff028ab0f1c0abdd2650837afdbc1f28dad905cccb802b7af72e439c6acba4", + "1953ca3ec2aa45a27077b21f7e464f497abfb4f1ae6a75eb62824e414db4c88b", + "3977126c1a8ead71c700e64414dd4a97f1396fa97f6513650f0ae008f66e072f", + "be9755d7de1d78bd2c8bb957c80f199baf9630948b5e9e17eb54fd04a3646290", + "db7e61f78c1334471f801f40e9f1c7b67a2a150b7bb1ea29b716debfc87e0d87", + "3a906ac6fc9c764876f897e70242d3614f988d629d68c35a0b13d1969ceba44a", + "a0afe1c788bc4f1902f409b5c475b2da63166d33794d19ce76fe450c8c3cf0f3", + "f31698233389934cd18eaaed0d7fbafbe3cbe8738d1c493b492a26aa73a9c597", + "e7723943562ecd4c1394fefcd7d0321cd50e26c10d15a8136b3d524d6ee8a33e" + ], + "mitre_attack_tags": [] + }, + { + "bi": "modified-file-in-user-dir", + "hashes": [ + "3cb111e6d531ae041de2efeac8587374f59526fa719460ad55faaacfb4936d99", + "712ecbe881c06855b483f0bbeaf7ea17db994363503a54b99cc416116ada4dba", + "56099780e1a7c1df6f8fe7b01f107b46bbe66025d492dfc7e72482dfc735113a", + "0c47e6afcb8c3354a181e8bda0512ca65d7a5b5c0541da879994c787ab4530e1", + "f3d49f47a5ef0861e8c98df6432ab96e4694f406bc892b80f4215d4db54c1a75", + "d833f6e5ff1156e9c836dbc2e00f5d4431bc450a6dc36e4ebfab34a32e3741c0", + "239051885f686e935ca2242165dc592c8e266e5eb72576c80d92a71fb558e83f", + "35d8e52e6d05dadf52f441971bb246d7d15e5a49f33626c91078dd1177d767b5", + "1fbd62875d486e68e80118228cdb356e243f00b0060f7dca195dd734778afa82", + "3b41e6fb3c8ece6117e852bdcdba6b3ef494e7eb502787ac12045fabc3ec5609", + "ca59f8e92dfefba36f5d601ffae6bb4ce3b5f05d1ff6c91d72461f475755d12e", + "b889023e1c702a202486aae5d5ba7b4c22d8a497812420316db62bb485853c78", + "f80065b055f780c8edb11b1871e74970c6abd0b5963966d470d09c060503a843", + "04f0e9827c423864e2f267f2fcfa8d31dbdfbe0d7b92d34f118d8e77b9597528", + "858716274ebe0e1eaffbe79fe3ea0764b2ee48409d42669e5c8e61c3c9831ff9", + "470fc19b55ecb8f7830c57763c22086d45e4bdbccbb410827da20f178d082eb1", + "7069134c0a0b1055a8bf49d54812015b4c4eaf24d638be77ca9c2b53389dffeb", + "3929cfbc0cb9cbe8be50104418169111b8ffdfdc58cf628560c61ea98adc7446", + "6bf293de0f7a6a267278de0d1d9d5b814f24853a0c2c1e5b4ea0406c0762f6f9", + "072276d94f0ff3f700574cc3b84cbc65d41b0eaff2e83a5653edf6ff7fd2e0ba", + "3cb808292a7a81b6ff25d497f25acad1e554d14806492bfefa1c1c7f204d405a", + "7ca67b54493ec1fbf018e6f8da87d6d261ec7fdb9a17cf8327e28ce8c0ab97f4", + "b3c3df072ff1aec9fff5f1b51bc8dcdcb656eeddceeb3c7643ed13d1d6760b4e", + "e344a020eb2b9e8f7849e6190250d881ce7ed68e89b447d47afba5fc34206895", + "ef4ac67eb5d531a8b4a5a54b69e5afcd6a9dc30cfbda86fe571fc0e04af41e1b", + "b3db6584b32bda2b9bb77255ddcd4014e5dfcc1c4d2251d0677033d3a15cfa80", + "e7788132c06de65d834b5639a40606942ef6394b21350ae2fab19254f8f1bc75", + "b6c5eebc72f7f175a7510d760e5aeffbfb77fa7d18cd707c57b47282cefb1b21", + "91c7ff92f3938267720a28e9c995125500aeb78e82714220688d3da95612c15a", + "9b5919486261f6182fca2fe05a6027ffecb0b21f85f8182ad0323983c3e64784", + "16a1a073d93a8d56001a694d04fed70b17019eb244670390c0946104656528f6", + "e2682e27b3ad24b9dadf235adc1e1484fcc1f3ad4127494ae291f729178899dd", + "10ea6c280c20d3567453bda8c2af4794b867ad43d3e9c6e06fea328e8b1d4f5a", + "e9c00348e18aeb045f8e646f38b83c40b78bca943bfa5edba40ecb9e1794c5c3", + "9c4408d9e0a07492ab2995e82e7b9200d78f0243a8f39b6f13adcfde3547611e", + "5cda9d95afad5d7cc4584f8788ff30a2270020b6d4c874589dc4715f5fb166cc", + "bcae3849ba57e0a0fed0f91d6f690361a98e1c5560c2f3144c6746d583cf5381", + "af730f5170933c122bb4e9b8c50c596d150b45d670baba9ab4655e343c835e3d", + "82fafc3ad44adb44bb8f4cc0205915a89b3dee6bfc1c84e4dc6a8b4c9c429e07", + "ba7c302411d29424ac426051a867f8386f6e03abf7b83d385e3f028388dee559", + "9f4c5694e674c829e242955febef9efb130ee87d8bb0caed1961a9cc39cf21ad", + "674937c7fea9937d3157090a4358a53d21b45cf0bbe67b76e5d1adcda87df931", + "48fb31e3268057b2985bfe5455f5fe672169bc27c35b463266bac746af9e31e8", + "f5b90919a1c59edf4148d0d42ac361c8d439b4926956ec5ddc25c9eabb3abc21", + "cf6d5a0dde7159109750880e5ae5595923b0e502e178326344c0bb49a141b5f3", + "91d31331456072dc5dd1c7f8e1a5de4f0c2e22e888a02006e267f76d919ad387", + "b58b29b29b08569ac1e4dc89a41d765a9746a7fd13deebb76d6799e119a7dc81", + "5244ea22ca67d2b4dacfcb7625f4658a4c92a9b5c90eeace1427e71582321e1a", + "e3ec3a1999c935c8dfb4922ed30353be3758696a4d7a336925f3f8b90315cd90", + "e2827ceb2ca75fd7d6d81b031ff89f67ef273b25ad26afcf7218bee92edeba51", + "a498beaab56b3c14562091c0ec732c4c5daeaf13754e9ec6e9b17f8292c9deb0", + "4a86cbb357806bb557b9ef262e458fe051d14a4507f0cd23924b379e0e4f6b48", + "db92a789081585aa07f255036b5a862cf6d0ceb8a8aee45d93aa882db61d35f0", + "c828b4b562816f3a34ccbee1b804665f1aac2f8f487c39e5cecb751541b66713", + "52091dc21ec158cf6d1a3593beb7043d9b95831cb7524b7f537ba13361fe24d5", + "71cbea725d64eb8055a0fb931b75cd3e917adb363af7ebdf12d22d0c149ecc1d", + "69fb5ba180985ff11e747db0bd46b177d9551503da46638ff5586ff90f7a6baf", + "89e73508b4da44c1b92b3c883f7ea4cacc9a689f14b42c6856b946f19b36ee3d", + "9144fa8590d0bfd6b8d2aadcc182e26918c3d530e9cfac5df9ed9c74b49f3622", + "8332cad289db9b2a133817901291d639742a6d17ee7d44694111655941ec2c1d", + "a210d0c79b879908b6b281722caf724f8e02b800ca7cffed17285574b1e73d4a", + "f75e8e0e0c7855400696c4dc9541bcd75a24f27676e9e4acf4146f434166a4b9", + "9bd458840202ac6a3e775d0b5bb14da65560c615a2a7ba6cc01f7b8a7fb75f8c", + "3c84e14224e65aa3a067c7b392e98037fc3672afc21fa02ef3ad3417e58c8e0f", + "8904f02c9115f5ea25a3815595be1ac6d642c646786d053ceec0d17606677c17", + "7440194e0b5ae29993d2f8571c8f7a83c029eeecf251a5e991fcd35e12108f61", + "077d53918dccaae2871aa7b501da372a6673e15b4a4447051852d4e01f581a03", + "5b5a3363903ac2fd810e4e1877ad59ebab5563e2740e4d970bc0c8ba4a471b08", + "f106305a63851987e0f48556e1a61c2fa6035c3b569005761fa2ba0aa3a7c085", + "9c7646c2bc1fbbee103868c7a13b9dd2c1cb29b62950fbf5acc67404b38da9ef", + "575e01491c4d5a08c2a6e60747fc87824397884a187d335f399057f50ba421f5", + "880275a257523f16fb83b540e5e1f4489d751c6684cb6f10a605f76f70b08d3a", + "cca39eebc73390fc408f0070fd31a4fec405b4466c248adc5413bbc4b5b0308c", + "1a2e5b01d2f1150064e73fedcf18de3a90f3950ae6c0a55697b2a87d723bffe2", + "3e05620847484822b3a23a1250863b550732547923e88e14e64b8084bc24c0c6", + "6197022f055da5446b9e6e937373805a3d497fdd4159827e23fc3cff6d26a51b", + "2f8594a39a654c99514983d6dbf367258de39be75294668ac80c2f9b248fd9aa", + "5ac7670fa52909cabebac7345330da2c85311efd3dbe89dd57bcc952c75b58fb", + "572bab030a2a464bf15793e5dd3e2d84b8360e3bb07be0e8d2708e3025b6a2a3", + "51d4c615066be53e24d1c2dc70bd9f5513f15ec615ec6b550945a5650d09035e", + "9bbc0fe8ddcd656cab2b39f146ea8e57cb2496b8777266a528d7af3d5d3ef799", + "9f7eabb50fcd7618c280d5639d6465fa87c3c2580495953f556d57da7242f515", + "112078a290c017e9c56a38a18d57e3507567836c7ecd55a29d43d06d8c4b2e87", + "43fadbcf6b371f33f758f939b8ea7b524ade6a7753b41d7a5b3dad524add560f", + "375d5f6b94dbc0b1bd46e46aae64b6cee43c2459af4a8c51e3bbe36b885cf216", + "659b77581f815a025f1826468979f5fce066e7f2bc91393ee74bd71fbb62cf14", + "dbdb416f2be2761c4acd105b87255e2e7feea28fcb6d77224b5e436eb5e0c492", + "8558d6b9eade8d8efc56573f591d28bd15c09935e955448dae984dbc028ae5d3", + "c03e016df0ddc6fd937a52f97d3cc08b945046481578dfc2489e7208196cb468", + "9772b6f8e9a3a4e3112ca3e5284bb1ee177bbb13fbb724a6e5c9f72801f2a5a6", + "65a2af1decd8c0a9209ce09d7eeb2088ae2007272e3a0ef6cfa90480d0871dba", + "1eac32099ccff0b55a138676e3ac291cb81c0cd2a573d6b5a013acbe5dc83536", + "7815afe50beb666d59454975871bc89711d3be94367a2dc1aeef4d1490e027a8", + "e5b34c78da584739945094d2543da674102a6e32f5d0c3e81923ce7a701ed824", + "f47dd464b5285b40dc39e07e414a6737d0f6289337c7618270fd3a4f53745081", + "1e8935e3c76df325b00eeb5e525ae4329de3ae64c991b9957327411740537b3c", + "a1ff028ab0f1c0abdd2650837afdbc1f28dad905cccb802b7af72e439c6acba4", + "1953ca3ec2aa45a27077b21f7e464f497abfb4f1ae6a75eb62824e414db4c88b", + "3977126c1a8ead71c700e64414dd4a97f1396fa97f6513650f0ae008f66e072f", + "be9755d7de1d78bd2c8bb957c80f199baf9630948b5e9e17eb54fd04a3646290", + "db7e61f78c1334471f801f40e9f1c7b67a2a150b7bb1ea29b716debfc87e0d87", + "3a906ac6fc9c764876f897e70242d3614f988d629d68c35a0b13d1969ceba44a", + "a0afe1c788bc4f1902f409b5c475b2da63166d33794d19ce76fe450c8c3cf0f3", + "f31698233389934cd18eaaed0d7fbafbe3cbe8738d1c493b492a26aa73a9c597", + "e7723943562ecd4c1394fefcd7d0321cd50e26c10d15a8136b3d524d6ee8a33e" + ], + "mitre_attack_tags": [] + }, + { + "bi": "pe-invalid-checksum", + "hashes": [ + "3cb111e6d531ae041de2efeac8587374f59526fa719460ad55faaacfb4936d99", + "712ecbe881c06855b483f0bbeaf7ea17db994363503a54b99cc416116ada4dba", + "56099780e1a7c1df6f8fe7b01f107b46bbe66025d492dfc7e72482dfc735113a", + "0c47e6afcb8c3354a181e8bda0512ca65d7a5b5c0541da879994c787ab4530e1", + "f3d49f47a5ef0861e8c98df6432ab96e4694f406bc892b80f4215d4db54c1a75", + "d833f6e5ff1156e9c836dbc2e00f5d4431bc450a6dc36e4ebfab34a32e3741c0", + "239051885f686e935ca2242165dc592c8e266e5eb72576c80d92a71fb558e83f", + "35d8e52e6d05dadf52f441971bb246d7d15e5a49f33626c91078dd1177d767b5", + "1fbd62875d486e68e80118228cdb356e243f00b0060f7dca195dd734778afa82", + "3b41e6fb3c8ece6117e852bdcdba6b3ef494e7eb502787ac12045fabc3ec5609", + "ca59f8e92dfefba36f5d601ffae6bb4ce3b5f05d1ff6c91d72461f475755d12e", + "b889023e1c702a202486aae5d5ba7b4c22d8a497812420316db62bb485853c78", + "f80065b055f780c8edb11b1871e74970c6abd0b5963966d470d09c060503a843", + "04f0e9827c423864e2f267f2fcfa8d31dbdfbe0d7b92d34f118d8e77b9597528", + "858716274ebe0e1eaffbe79fe3ea0764b2ee48409d42669e5c8e61c3c9831ff9", + "470fc19b55ecb8f7830c57763c22086d45e4bdbccbb410827da20f178d082eb1", + "7069134c0a0b1055a8bf49d54812015b4c4eaf24d638be77ca9c2b53389dffeb", + "3929cfbc0cb9cbe8be50104418169111b8ffdfdc58cf628560c61ea98adc7446", + "6bf293de0f7a6a267278de0d1d9d5b814f24853a0c2c1e5b4ea0406c0762f6f9", + "072276d94f0ff3f700574cc3b84cbc65d41b0eaff2e83a5653edf6ff7fd2e0ba", + "3cb808292a7a81b6ff25d497f25acad1e554d14806492bfefa1c1c7f204d405a", + "7ca67b54493ec1fbf018e6f8da87d6d261ec7fdb9a17cf8327e28ce8c0ab97f4", + "b3c3df072ff1aec9fff5f1b51bc8dcdcb656eeddceeb3c7643ed13d1d6760b4e", + "e344a020eb2b9e8f7849e6190250d881ce7ed68e89b447d47afba5fc34206895", + "ef4ac67eb5d531a8b4a5a54b69e5afcd6a9dc30cfbda86fe571fc0e04af41e1b", + "b3db6584b32bda2b9bb77255ddcd4014e5dfcc1c4d2251d0677033d3a15cfa80", + "e7788132c06de65d834b5639a40606942ef6394b21350ae2fab19254f8f1bc75", + "b6c5eebc72f7f175a7510d760e5aeffbfb77fa7d18cd707c57b47282cefb1b21", + "91c7ff92f3938267720a28e9c995125500aeb78e82714220688d3da95612c15a", + "9b5919486261f6182fca2fe05a6027ffecb0b21f85f8182ad0323983c3e64784", + "16a1a073d93a8d56001a694d04fed70b17019eb244670390c0946104656528f6", + "e2682e27b3ad24b9dadf235adc1e1484fcc1f3ad4127494ae291f729178899dd", + "10ea6c280c20d3567453bda8c2af4794b867ad43d3e9c6e06fea328e8b1d4f5a", + "e9c00348e18aeb045f8e646f38b83c40b78bca943bfa5edba40ecb9e1794c5c3", + "9c4408d9e0a07492ab2995e82e7b9200d78f0243a8f39b6f13adcfde3547611e", + "5cda9d95afad5d7cc4584f8788ff30a2270020b6d4c874589dc4715f5fb166cc", + "bcae3849ba57e0a0fed0f91d6f690361a98e1c5560c2f3144c6746d583cf5381", + "af730f5170933c122bb4e9b8c50c596d150b45d670baba9ab4655e343c835e3d", + "82fafc3ad44adb44bb8f4cc0205915a89b3dee6bfc1c84e4dc6a8b4c9c429e07", + "ba7c302411d29424ac426051a867f8386f6e03abf7b83d385e3f028388dee559", + "9f4c5694e674c829e242955febef9efb130ee87d8bb0caed1961a9cc39cf21ad", + "674937c7fea9937d3157090a4358a53d21b45cf0bbe67b76e5d1adcda87df931", + "48fb31e3268057b2985bfe5455f5fe672169bc27c35b463266bac746af9e31e8", + "f5b90919a1c59edf4148d0d42ac361c8d439b4926956ec5ddc25c9eabb3abc21", + "cf6d5a0dde7159109750880e5ae5595923b0e502e178326344c0bb49a141b5f3", + "91d31331456072dc5dd1c7f8e1a5de4f0c2e22e888a02006e267f76d919ad387", + "b58b29b29b08569ac1e4dc89a41d765a9746a7fd13deebb76d6799e119a7dc81", + "5244ea22ca67d2b4dacfcb7625f4658a4c92a9b5c90eeace1427e71582321e1a", + "e3ec3a1999c935c8dfb4922ed30353be3758696a4d7a336925f3f8b90315cd90", + "e2827ceb2ca75fd7d6d81b031ff89f67ef273b25ad26afcf7218bee92edeba51", + "a498beaab56b3c14562091c0ec732c4c5daeaf13754e9ec6e9b17f8292c9deb0", + "4a86cbb357806bb557b9ef262e458fe051d14a4507f0cd23924b379e0e4f6b48", + "db92a789081585aa07f255036b5a862cf6d0ceb8a8aee45d93aa882db61d35f0", + "c828b4b562816f3a34ccbee1b804665f1aac2f8f487c39e5cecb751541b66713", + "52091dc21ec158cf6d1a3593beb7043d9b95831cb7524b7f537ba13361fe24d5", + "71cbea725d64eb8055a0fb931b75cd3e917adb363af7ebdf12d22d0c149ecc1d", + "69fb5ba180985ff11e747db0bd46b177d9551503da46638ff5586ff90f7a6baf", + "89e73508b4da44c1b92b3c883f7ea4cacc9a689f14b42c6856b946f19b36ee3d", + "9144fa8590d0bfd6b8d2aadcc182e26918c3d530e9cfac5df9ed9c74b49f3622", + "8332cad289db9b2a133817901291d639742a6d17ee7d44694111655941ec2c1d", + "a210d0c79b879908b6b281722caf724f8e02b800ca7cffed17285574b1e73d4a", + "f75e8e0e0c7855400696c4dc9541bcd75a24f27676e9e4acf4146f434166a4b9", + "9bd458840202ac6a3e775d0b5bb14da65560c615a2a7ba6cc01f7b8a7fb75f8c", + "3c84e14224e65aa3a067c7b392e98037fc3672afc21fa02ef3ad3417e58c8e0f", + "8904f02c9115f5ea25a3815595be1ac6d642c646786d053ceec0d17606677c17", + "7440194e0b5ae29993d2f8571c8f7a83c029eeecf251a5e991fcd35e12108f61", + "077d53918dccaae2871aa7b501da372a6673e15b4a4447051852d4e01f581a03", + "5b5a3363903ac2fd810e4e1877ad59ebab5563e2740e4d970bc0c8ba4a471b08", + "f106305a63851987e0f48556e1a61c2fa6035c3b569005761fa2ba0aa3a7c085", + "9c7646c2bc1fbbee103868c7a13b9dd2c1cb29b62950fbf5acc67404b38da9ef", + "575e01491c4d5a08c2a6e60747fc87824397884a187d335f399057f50ba421f5", + "880275a257523f16fb83b540e5e1f4489d751c6684cb6f10a605f76f70b08d3a", + "cca39eebc73390fc408f0070fd31a4fec405b4466c248adc5413bbc4b5b0308c", + "1a2e5b01d2f1150064e73fedcf18de3a90f3950ae6c0a55697b2a87d723bffe2", + "3e05620847484822b3a23a1250863b550732547923e88e14e64b8084bc24c0c6", + "6197022f055da5446b9e6e937373805a3d497fdd4159827e23fc3cff6d26a51b", + "2f8594a39a654c99514983d6dbf367258de39be75294668ac80c2f9b248fd9aa", + "5ac7670fa52909cabebac7345330da2c85311efd3dbe89dd57bcc952c75b58fb", + "572bab030a2a464bf15793e5dd3e2d84b8360e3bb07be0e8d2708e3025b6a2a3", + "51d4c615066be53e24d1c2dc70bd9f5513f15ec615ec6b550945a5650d09035e", + "9bbc0fe8ddcd656cab2b39f146ea8e57cb2496b8777266a528d7af3d5d3ef799", + "9f7eabb50fcd7618c280d5639d6465fa87c3c2580495953f556d57da7242f515", + "112078a290c017e9c56a38a18d57e3507567836c7ecd55a29d43d06d8c4b2e87", + "43fadbcf6b371f33f758f939b8ea7b524ade6a7753b41d7a5b3dad524add560f", + "375d5f6b94dbc0b1bd46e46aae64b6cee43c2459af4a8c51e3bbe36b885cf216", + "659b77581f815a025f1826468979f5fce066e7f2bc91393ee74bd71fbb62cf14", + "dbdb416f2be2761c4acd105b87255e2e7feea28fcb6d77224b5e436eb5e0c492", + "8558d6b9eade8d8efc56573f591d28bd15c09935e955448dae984dbc028ae5d3", + "c03e016df0ddc6fd937a52f97d3cc08b945046481578dfc2489e7208196cb468", + "9772b6f8e9a3a4e3112ca3e5284bb1ee177bbb13fbb724a6e5c9f72801f2a5a6", + "65a2af1decd8c0a9209ce09d7eeb2088ae2007272e3a0ef6cfa90480d0871dba", + "1eac32099ccff0b55a138676e3ac291cb81c0cd2a573d6b5a013acbe5dc83536", + "7815afe50beb666d59454975871bc89711d3be94367a2dc1aeef4d1490e027a8", + "e5b34c78da584739945094d2543da674102a6e32f5d0c3e81923ce7a701ed824", + "f47dd464b5285b40dc39e07e414a6737d0f6289337c7618270fd3a4f53745081", + "1e8935e3c76df325b00eeb5e525ae4329de3ae64c991b9957327411740537b3c", + "a1ff028ab0f1c0abdd2650837afdbc1f28dad905cccb802b7af72e439c6acba4", + "1953ca3ec2aa45a27077b21f7e464f497abfb4f1ae6a75eb62824e414db4c88b", + "3977126c1a8ead71c700e64414dd4a97f1396fa97f6513650f0ae008f66e072f", + "be9755d7de1d78bd2c8bb957c80f199baf9630948b5e9e17eb54fd04a3646290", + "db7e61f78c1334471f801f40e9f1c7b67a2a150b7bb1ea29b716debfc87e0d87", + "3a906ac6fc9c764876f897e70242d3614f988d629d68c35a0b13d1969ceba44a", + "a0afe1c788bc4f1902f409b5c475b2da63166d33794d19ce76fe450c8c3cf0f3", + "f31698233389934cd18eaaed0d7fbafbe3cbe8738d1c493b492a26aa73a9c597", + "e7723943562ecd4c1394fefcd7d0321cd50e26c10d15a8136b3d524d6ee8a33e" + ], + "mitre_attack_tags": [] + }, + { + "bi": "cta-static-analyzer-malicious", + "hashes": [ + "3cb111e6d531ae041de2efeac8587374f59526fa719460ad55faaacfb4936d99", + "712ecbe881c06855b483f0bbeaf7ea17db994363503a54b99cc416116ada4dba", + "56099780e1a7c1df6f8fe7b01f107b46bbe66025d492dfc7e72482dfc735113a", + "0c47e6afcb8c3354a181e8bda0512ca65d7a5b5c0541da879994c787ab4530e1", + "f3d49f47a5ef0861e8c98df6432ab96e4694f406bc892b80f4215d4db54c1a75", + "d833f6e5ff1156e9c836dbc2e00f5d4431bc450a6dc36e4ebfab34a32e3741c0", + "239051885f686e935ca2242165dc592c8e266e5eb72576c80d92a71fb558e83f", + "35d8e52e6d05dadf52f441971bb246d7d15e5a49f33626c91078dd1177d767b5", + "1fbd62875d486e68e80118228cdb356e243f00b0060f7dca195dd734778afa82", + "3b41e6fb3c8ece6117e852bdcdba6b3ef494e7eb502787ac12045fabc3ec5609", + "ca59f8e92dfefba36f5d601ffae6bb4ce3b5f05d1ff6c91d72461f475755d12e", + "b889023e1c702a202486aae5d5ba7b4c22d8a497812420316db62bb485853c78", + "f80065b055f780c8edb11b1871e74970c6abd0b5963966d470d09c060503a843", + "04f0e9827c423864e2f267f2fcfa8d31dbdfbe0d7b92d34f118d8e77b9597528", + "858716274ebe0e1eaffbe79fe3ea0764b2ee48409d42669e5c8e61c3c9831ff9", + "470fc19b55ecb8f7830c57763c22086d45e4bdbccbb410827da20f178d082eb1", + "7069134c0a0b1055a8bf49d54812015b4c4eaf24d638be77ca9c2b53389dffeb", + "3929cfbc0cb9cbe8be50104418169111b8ffdfdc58cf628560c61ea98adc7446", + "6bf293de0f7a6a267278de0d1d9d5b814f24853a0c2c1e5b4ea0406c0762f6f9", + "072276d94f0ff3f700574cc3b84cbc65d41b0eaff2e83a5653edf6ff7fd2e0ba", + "3cb808292a7a81b6ff25d497f25acad1e554d14806492bfefa1c1c7f204d405a", + "7ca67b54493ec1fbf018e6f8da87d6d261ec7fdb9a17cf8327e28ce8c0ab97f4", + "b3c3df072ff1aec9fff5f1b51bc8dcdcb656eeddceeb3c7643ed13d1d6760b4e", + "e344a020eb2b9e8f7849e6190250d881ce7ed68e89b447d47afba5fc34206895", + "ef4ac67eb5d531a8b4a5a54b69e5afcd6a9dc30cfbda86fe571fc0e04af41e1b", + "b3db6584b32bda2b9bb77255ddcd4014e5dfcc1c4d2251d0677033d3a15cfa80", + "e7788132c06de65d834b5639a40606942ef6394b21350ae2fab19254f8f1bc75", + "b6c5eebc72f7f175a7510d760e5aeffbfb77fa7d18cd707c57b47282cefb1b21", + "91c7ff92f3938267720a28e9c995125500aeb78e82714220688d3da95612c15a", + "9b5919486261f6182fca2fe05a6027ffecb0b21f85f8182ad0323983c3e64784", + "16a1a073d93a8d56001a694d04fed70b17019eb244670390c0946104656528f6", + "e2682e27b3ad24b9dadf235adc1e1484fcc1f3ad4127494ae291f729178899dd", + "10ea6c280c20d3567453bda8c2af4794b867ad43d3e9c6e06fea328e8b1d4f5a", + "e9c00348e18aeb045f8e646f38b83c40b78bca943bfa5edba40ecb9e1794c5c3", + "9c4408d9e0a07492ab2995e82e7b9200d78f0243a8f39b6f13adcfde3547611e", + "5cda9d95afad5d7cc4584f8788ff30a2270020b6d4c874589dc4715f5fb166cc", + "bcae3849ba57e0a0fed0f91d6f690361a98e1c5560c2f3144c6746d583cf5381", + "af730f5170933c122bb4e9b8c50c596d150b45d670baba9ab4655e343c835e3d", + "82fafc3ad44adb44bb8f4cc0205915a89b3dee6bfc1c84e4dc6a8b4c9c429e07", + "ba7c302411d29424ac426051a867f8386f6e03abf7b83d385e3f028388dee559", + "9f4c5694e674c829e242955febef9efb130ee87d8bb0caed1961a9cc39cf21ad", + "674937c7fea9937d3157090a4358a53d21b45cf0bbe67b76e5d1adcda87df931", + "48fb31e3268057b2985bfe5455f5fe672169bc27c35b463266bac746af9e31e8", + "f5b90919a1c59edf4148d0d42ac361c8d439b4926956ec5ddc25c9eabb3abc21", + "cf6d5a0dde7159109750880e5ae5595923b0e502e178326344c0bb49a141b5f3", + "91d31331456072dc5dd1c7f8e1a5de4f0c2e22e888a02006e267f76d919ad387", + "b58b29b29b08569ac1e4dc89a41d765a9746a7fd13deebb76d6799e119a7dc81", + "5244ea22ca67d2b4dacfcb7625f4658a4c92a9b5c90eeace1427e71582321e1a", + "e3ec3a1999c935c8dfb4922ed30353be3758696a4d7a336925f3f8b90315cd90", + "e2827ceb2ca75fd7d6d81b031ff89f67ef273b25ad26afcf7218bee92edeba51", + "a498beaab56b3c14562091c0ec732c4c5daeaf13754e9ec6e9b17f8292c9deb0", + "4a86cbb357806bb557b9ef262e458fe051d14a4507f0cd23924b379e0e4f6b48", + "db92a789081585aa07f255036b5a862cf6d0ceb8a8aee45d93aa882db61d35f0", + "c828b4b562816f3a34ccbee1b804665f1aac2f8f487c39e5cecb751541b66713", + "52091dc21ec158cf6d1a3593beb7043d9b95831cb7524b7f537ba13361fe24d5", + "71cbea725d64eb8055a0fb931b75cd3e917adb363af7ebdf12d22d0c149ecc1d", + "69fb5ba180985ff11e747db0bd46b177d9551503da46638ff5586ff90f7a6baf", + "89e73508b4da44c1b92b3c883f7ea4cacc9a689f14b42c6856b946f19b36ee3d", + "9144fa8590d0bfd6b8d2aadcc182e26918c3d530e9cfac5df9ed9c74b49f3622", + "8332cad289db9b2a133817901291d639742a6d17ee7d44694111655941ec2c1d", + "a210d0c79b879908b6b281722caf724f8e02b800ca7cffed17285574b1e73d4a", + "f75e8e0e0c7855400696c4dc9541bcd75a24f27676e9e4acf4146f434166a4b9", + "9bd458840202ac6a3e775d0b5bb14da65560c615a2a7ba6cc01f7b8a7fb75f8c", + "3c84e14224e65aa3a067c7b392e98037fc3672afc21fa02ef3ad3417e58c8e0f", + "8904f02c9115f5ea25a3815595be1ac6d642c646786d053ceec0d17606677c17", + "7440194e0b5ae29993d2f8571c8f7a83c029eeecf251a5e991fcd35e12108f61", + "077d53918dccaae2871aa7b501da372a6673e15b4a4447051852d4e01f581a03", + "5b5a3363903ac2fd810e4e1877ad59ebab5563e2740e4d970bc0c8ba4a471b08", + "f106305a63851987e0f48556e1a61c2fa6035c3b569005761fa2ba0aa3a7c085", + "9c7646c2bc1fbbee103868c7a13b9dd2c1cb29b62950fbf5acc67404b38da9ef", + "575e01491c4d5a08c2a6e60747fc87824397884a187d335f399057f50ba421f5", + "880275a257523f16fb83b540e5e1f4489d751c6684cb6f10a605f76f70b08d3a", + "cca39eebc73390fc408f0070fd31a4fec405b4466c248adc5413bbc4b5b0308c", + "1a2e5b01d2f1150064e73fedcf18de3a90f3950ae6c0a55697b2a87d723bffe2", + "3e05620847484822b3a23a1250863b550732547923e88e14e64b8084bc24c0c6", + "6197022f055da5446b9e6e937373805a3d497fdd4159827e23fc3cff6d26a51b", + "2f8594a39a654c99514983d6dbf367258de39be75294668ac80c2f9b248fd9aa", + "5ac7670fa52909cabebac7345330da2c85311efd3dbe89dd57bcc952c75b58fb", + "572bab030a2a464bf15793e5dd3e2d84b8360e3bb07be0e8d2708e3025b6a2a3", + "51d4c615066be53e24d1c2dc70bd9f5513f15ec615ec6b550945a5650d09035e", + "9bbc0fe8ddcd656cab2b39f146ea8e57cb2496b8777266a528d7af3d5d3ef799", + "9f7eabb50fcd7618c280d5639d6465fa87c3c2580495953f556d57da7242f515", + "112078a290c017e9c56a38a18d57e3507567836c7ecd55a29d43d06d8c4b2e87", + "43fadbcf6b371f33f758f939b8ea7b524ade6a7753b41d7a5b3dad524add560f", + "375d5f6b94dbc0b1bd46e46aae64b6cee43c2459af4a8c51e3bbe36b885cf216", + "659b77581f815a025f1826468979f5fce066e7f2bc91393ee74bd71fbb62cf14", + "dbdb416f2be2761c4acd105b87255e2e7feea28fcb6d77224b5e436eb5e0c492", + "8558d6b9eade8d8efc56573f591d28bd15c09935e955448dae984dbc028ae5d3", + "c03e016df0ddc6fd937a52f97d3cc08b945046481578dfc2489e7208196cb468", + "9772b6f8e9a3a4e3112ca3e5284bb1ee177bbb13fbb724a6e5c9f72801f2a5a6", + "65a2af1decd8c0a9209ce09d7eeb2088ae2007272e3a0ef6cfa90480d0871dba", + "1eac32099ccff0b55a138676e3ac291cb81c0cd2a573d6b5a013acbe5dc83536", + "7815afe50beb666d59454975871bc89711d3be94367a2dc1aeef4d1490e027a8", + "e5b34c78da584739945094d2543da674102a6e32f5d0c3e81923ce7a701ed824", + "f47dd464b5285b40dc39e07e414a6737d0f6289337c7618270fd3a4f53745081", + "1e8935e3c76df325b00eeb5e525ae4329de3ae64c991b9957327411740537b3c", + "a1ff028ab0f1c0abdd2650837afdbc1f28dad905cccb802b7af72e439c6acba4", + "1953ca3ec2aa45a27077b21f7e464f497abfb4f1ae6a75eb62824e414db4c88b", + "3977126c1a8ead71c700e64414dd4a97f1396fa97f6513650f0ae008f66e072f", + "be9755d7de1d78bd2c8bb957c80f199baf9630948b5e9e17eb54fd04a3646290", + "db7e61f78c1334471f801f40e9f1c7b67a2a150b7bb1ea29b716debfc87e0d87", + "3a906ac6fc9c764876f897e70242d3614f988d629d68c35a0b13d1969ceba44a", + "a0afe1c788bc4f1902f409b5c475b2da63166d33794d19ce76fe450c8c3cf0f3", + "f31698233389934cd18eaaed0d7fbafbe3cbe8738d1c493b492a26aa73a9c597", + "e7723943562ecd4c1394fefcd7d0321cd50e26c10d15a8136b3d524d6ee8a33e" + ], + "mitre_attack_tags": [] + }, + { + "bi": "process-svchost-suspicious-launch", + "hashes": [ + "3cb111e6d531ae041de2efeac8587374f59526fa719460ad55faaacfb4936d99", + "712ecbe881c06855b483f0bbeaf7ea17db994363503a54b99cc416116ada4dba", + "56099780e1a7c1df6f8fe7b01f107b46bbe66025d492dfc7e72482dfc735113a", + "0c47e6afcb8c3354a181e8bda0512ca65d7a5b5c0541da879994c787ab4530e1", + "f3d49f47a5ef0861e8c98df6432ab96e4694f406bc892b80f4215d4db54c1a75", + "d833f6e5ff1156e9c836dbc2e00f5d4431bc450a6dc36e4ebfab34a32e3741c0", + "239051885f686e935ca2242165dc592c8e266e5eb72576c80d92a71fb558e83f", + "35d8e52e6d05dadf52f441971bb246d7d15e5a49f33626c91078dd1177d767b5", + "1fbd62875d486e68e80118228cdb356e243f00b0060f7dca195dd734778afa82", + "3b41e6fb3c8ece6117e852bdcdba6b3ef494e7eb502787ac12045fabc3ec5609", + "ca59f8e92dfefba36f5d601ffae6bb4ce3b5f05d1ff6c91d72461f475755d12e", + "b889023e1c702a202486aae5d5ba7b4c22d8a497812420316db62bb485853c78", + "f80065b055f780c8edb11b1871e74970c6abd0b5963966d470d09c060503a843", + "04f0e9827c423864e2f267f2fcfa8d31dbdfbe0d7b92d34f118d8e77b9597528", + "858716274ebe0e1eaffbe79fe3ea0764b2ee48409d42669e5c8e61c3c9831ff9", + "470fc19b55ecb8f7830c57763c22086d45e4bdbccbb410827da20f178d082eb1", + "7069134c0a0b1055a8bf49d54812015b4c4eaf24d638be77ca9c2b53389dffeb", + "3929cfbc0cb9cbe8be50104418169111b8ffdfdc58cf628560c61ea98adc7446", + "6bf293de0f7a6a267278de0d1d9d5b814f24853a0c2c1e5b4ea0406c0762f6f9", + "072276d94f0ff3f700574cc3b84cbc65d41b0eaff2e83a5653edf6ff7fd2e0ba", + "3cb808292a7a81b6ff25d497f25acad1e554d14806492bfefa1c1c7f204d405a", + "7ca67b54493ec1fbf018e6f8da87d6d261ec7fdb9a17cf8327e28ce8c0ab97f4", + "b3c3df072ff1aec9fff5f1b51bc8dcdcb656eeddceeb3c7643ed13d1d6760b4e", + "e344a020eb2b9e8f7849e6190250d881ce7ed68e89b447d47afba5fc34206895", + "ef4ac67eb5d531a8b4a5a54b69e5afcd6a9dc30cfbda86fe571fc0e04af41e1b", + "b3db6584b32bda2b9bb77255ddcd4014e5dfcc1c4d2251d0677033d3a15cfa80", + "e7788132c06de65d834b5639a40606942ef6394b21350ae2fab19254f8f1bc75", + "b6c5eebc72f7f175a7510d760e5aeffbfb77fa7d18cd707c57b47282cefb1b21", + "91c7ff92f3938267720a28e9c995125500aeb78e82714220688d3da95612c15a", + "9b5919486261f6182fca2fe05a6027ffecb0b21f85f8182ad0323983c3e64784", + "16a1a073d93a8d56001a694d04fed70b17019eb244670390c0946104656528f6", + "e2682e27b3ad24b9dadf235adc1e1484fcc1f3ad4127494ae291f729178899dd", + "10ea6c280c20d3567453bda8c2af4794b867ad43d3e9c6e06fea328e8b1d4f5a", + "e9c00348e18aeb045f8e646f38b83c40b78bca943bfa5edba40ecb9e1794c5c3", + "9c4408d9e0a07492ab2995e82e7b9200d78f0243a8f39b6f13adcfde3547611e", + "5cda9d95afad5d7cc4584f8788ff30a2270020b6d4c874589dc4715f5fb166cc", + "bcae3849ba57e0a0fed0f91d6f690361a98e1c5560c2f3144c6746d583cf5381", + "af730f5170933c122bb4e9b8c50c596d150b45d670baba9ab4655e343c835e3d", + "82fafc3ad44adb44bb8f4cc0205915a89b3dee6bfc1c84e4dc6a8b4c9c429e07", + "ba7c302411d29424ac426051a867f8386f6e03abf7b83d385e3f028388dee559", + "9f4c5694e674c829e242955febef9efb130ee87d8bb0caed1961a9cc39cf21ad", + "674937c7fea9937d3157090a4358a53d21b45cf0bbe67b76e5d1adcda87df931", + "48fb31e3268057b2985bfe5455f5fe672169bc27c35b463266bac746af9e31e8", + "f5b90919a1c59edf4148d0d42ac361c8d439b4926956ec5ddc25c9eabb3abc21", + "cf6d5a0dde7159109750880e5ae5595923b0e502e178326344c0bb49a141b5f3", + "91d31331456072dc5dd1c7f8e1a5de4f0c2e22e888a02006e267f76d919ad387", + "b58b29b29b08569ac1e4dc89a41d765a9746a7fd13deebb76d6799e119a7dc81", + "5244ea22ca67d2b4dacfcb7625f4658a4c92a9b5c90eeace1427e71582321e1a", + "e3ec3a1999c935c8dfb4922ed30353be3758696a4d7a336925f3f8b90315cd90", + "e2827ceb2ca75fd7d6d81b031ff89f67ef273b25ad26afcf7218bee92edeba51", + "a498beaab56b3c14562091c0ec732c4c5daeaf13754e9ec6e9b17f8292c9deb0", + "4a86cbb357806bb557b9ef262e458fe051d14a4507f0cd23924b379e0e4f6b48", + "db92a789081585aa07f255036b5a862cf6d0ceb8a8aee45d93aa882db61d35f0", + "c828b4b562816f3a34ccbee1b804665f1aac2f8f487c39e5cecb751541b66713", + "52091dc21ec158cf6d1a3593beb7043d9b95831cb7524b7f537ba13361fe24d5", + "71cbea725d64eb8055a0fb931b75cd3e917adb363af7ebdf12d22d0c149ecc1d", + "69fb5ba180985ff11e747db0bd46b177d9551503da46638ff5586ff90f7a6baf", + "89e73508b4da44c1b92b3c883f7ea4cacc9a689f14b42c6856b946f19b36ee3d", + "9144fa8590d0bfd6b8d2aadcc182e26918c3d530e9cfac5df9ed9c74b49f3622", + "8332cad289db9b2a133817901291d639742a6d17ee7d44694111655941ec2c1d", + "a210d0c79b879908b6b281722caf724f8e02b800ca7cffed17285574b1e73d4a", + "f75e8e0e0c7855400696c4dc9541bcd75a24f27676e9e4acf4146f434166a4b9", + "9bd458840202ac6a3e775d0b5bb14da65560c615a2a7ba6cc01f7b8a7fb75f8c", + "3c84e14224e65aa3a067c7b392e98037fc3672afc21fa02ef3ad3417e58c8e0f", + "8904f02c9115f5ea25a3815595be1ac6d642c646786d053ceec0d17606677c17", + "7440194e0b5ae29993d2f8571c8f7a83c029eeecf251a5e991fcd35e12108f61", + "077d53918dccaae2871aa7b501da372a6673e15b4a4447051852d4e01f581a03", + "5b5a3363903ac2fd810e4e1877ad59ebab5563e2740e4d970bc0c8ba4a471b08", + "f106305a63851987e0f48556e1a61c2fa6035c3b569005761fa2ba0aa3a7c085", + "9c7646c2bc1fbbee103868c7a13b9dd2c1cb29b62950fbf5acc67404b38da9ef", + "575e01491c4d5a08c2a6e60747fc87824397884a187d335f399057f50ba421f5", + "880275a257523f16fb83b540e5e1f4489d751c6684cb6f10a605f76f70b08d3a", + "cca39eebc73390fc408f0070fd31a4fec405b4466c248adc5413bbc4b5b0308c", + "1a2e5b01d2f1150064e73fedcf18de3a90f3950ae6c0a55697b2a87d723bffe2", + "3e05620847484822b3a23a1250863b550732547923e88e14e64b8084bc24c0c6", + "6197022f055da5446b9e6e937373805a3d497fdd4159827e23fc3cff6d26a51b", + "2f8594a39a654c99514983d6dbf367258de39be75294668ac80c2f9b248fd9aa", + "5ac7670fa52909cabebac7345330da2c85311efd3dbe89dd57bcc952c75b58fb", + "572bab030a2a464bf15793e5dd3e2d84b8360e3bb07be0e8d2708e3025b6a2a3", + "51d4c615066be53e24d1c2dc70bd9f5513f15ec615ec6b550945a5650d09035e", + "9bbc0fe8ddcd656cab2b39f146ea8e57cb2496b8777266a528d7af3d5d3ef799", + "9f7eabb50fcd7618c280d5639d6465fa87c3c2580495953f556d57da7242f515", + "112078a290c017e9c56a38a18d57e3507567836c7ecd55a29d43d06d8c4b2e87", + "43fadbcf6b371f33f758f939b8ea7b524ade6a7753b41d7a5b3dad524add560f", + "375d5f6b94dbc0b1bd46e46aae64b6cee43c2459af4a8c51e3bbe36b885cf216", + "659b77581f815a025f1826468979f5fce066e7f2bc91393ee74bd71fbb62cf14", + "dbdb416f2be2761c4acd105b87255e2e7feea28fcb6d77224b5e436eb5e0c492", + "8558d6b9eade8d8efc56573f591d28bd15c09935e955448dae984dbc028ae5d3", + "c03e016df0ddc6fd937a52f97d3cc08b945046481578dfc2489e7208196cb468", + "9772b6f8e9a3a4e3112ca3e5284bb1ee177bbb13fbb724a6e5c9f72801f2a5a6", + "65a2af1decd8c0a9209ce09d7eeb2088ae2007272e3a0ef6cfa90480d0871dba", + "1eac32099ccff0b55a138676e3ac291cb81c0cd2a573d6b5a013acbe5dc83536", + "7815afe50beb666d59454975871bc89711d3be94367a2dc1aeef4d1490e027a8", + "e5b34c78da584739945094d2543da674102a6e32f5d0c3e81923ce7a701ed824", + "f47dd464b5285b40dc39e07e414a6737d0f6289337c7618270fd3a4f53745081", + "1e8935e3c76df325b00eeb5e525ae4329de3ae64c991b9957327411740537b3c", + "a1ff028ab0f1c0abdd2650837afdbc1f28dad905cccb802b7af72e439c6acba4", + "1953ca3ec2aa45a27077b21f7e464f497abfb4f1ae6a75eb62824e414db4c88b", + "3977126c1a8ead71c700e64414dd4a97f1396fa97f6513650f0ae008f66e072f", + "be9755d7de1d78bd2c8bb957c80f199baf9630948b5e9e17eb54fd04a3646290", + "db7e61f78c1334471f801f40e9f1c7b67a2a150b7bb1ea29b716debfc87e0d87", + "3a906ac6fc9c764876f897e70242d3614f988d629d68c35a0b13d1969ceba44a", + "a0afe1c788bc4f1902f409b5c475b2da63166d33794d19ce76fe450c8c3cf0f3", + "f31698233389934cd18eaaed0d7fbafbe3cbe8738d1c493b492a26aa73a9c597", + "e7723943562ecd4c1394fefcd7d0321cd50e26c10d15a8136b3d524d6ee8a33e" + ], + "mitre_attack_tags": [ + "TA0005" + ] + }, + { + "bi": "registry-autorun-key-data-dir", + "hashes": [ + "3cb111e6d531ae041de2efeac8587374f59526fa719460ad55faaacfb4936d99", + "712ecbe881c06855b483f0bbeaf7ea17db994363503a54b99cc416116ada4dba", + "56099780e1a7c1df6f8fe7b01f107b46bbe66025d492dfc7e72482dfc735113a", + "0c47e6afcb8c3354a181e8bda0512ca65d7a5b5c0541da879994c787ab4530e1", + "f3d49f47a5ef0861e8c98df6432ab96e4694f406bc892b80f4215d4db54c1a75", + "d833f6e5ff1156e9c836dbc2e00f5d4431bc450a6dc36e4ebfab34a32e3741c0", + "239051885f686e935ca2242165dc592c8e266e5eb72576c80d92a71fb558e83f", + "35d8e52e6d05dadf52f441971bb246d7d15e5a49f33626c91078dd1177d767b5", + "1fbd62875d486e68e80118228cdb356e243f00b0060f7dca195dd734778afa82", + "3b41e6fb3c8ece6117e852bdcdba6b3ef494e7eb502787ac12045fabc3ec5609", + "ca59f8e92dfefba36f5d601ffae6bb4ce3b5f05d1ff6c91d72461f475755d12e", + "b889023e1c702a202486aae5d5ba7b4c22d8a497812420316db62bb485853c78", + "f80065b055f780c8edb11b1871e74970c6abd0b5963966d470d09c060503a843", + "04f0e9827c423864e2f267f2fcfa8d31dbdfbe0d7b92d34f118d8e77b9597528", + "858716274ebe0e1eaffbe79fe3ea0764b2ee48409d42669e5c8e61c3c9831ff9", + "470fc19b55ecb8f7830c57763c22086d45e4bdbccbb410827da20f178d082eb1", + "7069134c0a0b1055a8bf49d54812015b4c4eaf24d638be77ca9c2b53389dffeb", + "3929cfbc0cb9cbe8be50104418169111b8ffdfdc58cf628560c61ea98adc7446", + "6bf293de0f7a6a267278de0d1d9d5b814f24853a0c2c1e5b4ea0406c0762f6f9", + "072276d94f0ff3f700574cc3b84cbc65d41b0eaff2e83a5653edf6ff7fd2e0ba", + "3cb808292a7a81b6ff25d497f25acad1e554d14806492bfefa1c1c7f204d405a", + "7ca67b54493ec1fbf018e6f8da87d6d261ec7fdb9a17cf8327e28ce8c0ab97f4", + "b3c3df072ff1aec9fff5f1b51bc8dcdcb656eeddceeb3c7643ed13d1d6760b4e", + "e344a020eb2b9e8f7849e6190250d881ce7ed68e89b447d47afba5fc34206895", + "ef4ac67eb5d531a8b4a5a54b69e5afcd6a9dc30cfbda86fe571fc0e04af41e1b", + "b3db6584b32bda2b9bb77255ddcd4014e5dfcc1c4d2251d0677033d3a15cfa80", + "e7788132c06de65d834b5639a40606942ef6394b21350ae2fab19254f8f1bc75", + "b6c5eebc72f7f175a7510d760e5aeffbfb77fa7d18cd707c57b47282cefb1b21", + "91c7ff92f3938267720a28e9c995125500aeb78e82714220688d3da95612c15a", + "9b5919486261f6182fca2fe05a6027ffecb0b21f85f8182ad0323983c3e64784", + "16a1a073d93a8d56001a694d04fed70b17019eb244670390c0946104656528f6", + "e2682e27b3ad24b9dadf235adc1e1484fcc1f3ad4127494ae291f729178899dd", + "10ea6c280c20d3567453bda8c2af4794b867ad43d3e9c6e06fea328e8b1d4f5a", + "e9c00348e18aeb045f8e646f38b83c40b78bca943bfa5edba40ecb9e1794c5c3", + "9c4408d9e0a07492ab2995e82e7b9200d78f0243a8f39b6f13adcfde3547611e", + "5cda9d95afad5d7cc4584f8788ff30a2270020b6d4c874589dc4715f5fb166cc", + "bcae3849ba57e0a0fed0f91d6f690361a98e1c5560c2f3144c6746d583cf5381", + "af730f5170933c122bb4e9b8c50c596d150b45d670baba9ab4655e343c835e3d", + "82fafc3ad44adb44bb8f4cc0205915a89b3dee6bfc1c84e4dc6a8b4c9c429e07", + "ba7c302411d29424ac426051a867f8386f6e03abf7b83d385e3f028388dee559", + "9f4c5694e674c829e242955febef9efb130ee87d8bb0caed1961a9cc39cf21ad", + "674937c7fea9937d3157090a4358a53d21b45cf0bbe67b76e5d1adcda87df931", + "48fb31e3268057b2985bfe5455f5fe672169bc27c35b463266bac746af9e31e8", + "f5b90919a1c59edf4148d0d42ac361c8d439b4926956ec5ddc25c9eabb3abc21", + "cf6d5a0dde7159109750880e5ae5595923b0e502e178326344c0bb49a141b5f3", + "91d31331456072dc5dd1c7f8e1a5de4f0c2e22e888a02006e267f76d919ad387", + "b58b29b29b08569ac1e4dc89a41d765a9746a7fd13deebb76d6799e119a7dc81", + "5244ea22ca67d2b4dacfcb7625f4658a4c92a9b5c90eeace1427e71582321e1a", + "e3ec3a1999c935c8dfb4922ed30353be3758696a4d7a336925f3f8b90315cd90", + "e2827ceb2ca75fd7d6d81b031ff89f67ef273b25ad26afcf7218bee92edeba51", + "a498beaab56b3c14562091c0ec732c4c5daeaf13754e9ec6e9b17f8292c9deb0", + "4a86cbb357806bb557b9ef262e458fe051d14a4507f0cd23924b379e0e4f6b48", + "db92a789081585aa07f255036b5a862cf6d0ceb8a8aee45d93aa882db61d35f0", + "c828b4b562816f3a34ccbee1b804665f1aac2f8f487c39e5cecb751541b66713", + "52091dc21ec158cf6d1a3593beb7043d9b95831cb7524b7f537ba13361fe24d5", + "71cbea725d64eb8055a0fb931b75cd3e917adb363af7ebdf12d22d0c149ecc1d", + "69fb5ba180985ff11e747db0bd46b177d9551503da46638ff5586ff90f7a6baf", + "89e73508b4da44c1b92b3c883f7ea4cacc9a689f14b42c6856b946f19b36ee3d", + "9144fa8590d0bfd6b8d2aadcc182e26918c3d530e9cfac5df9ed9c74b49f3622", + "8332cad289db9b2a133817901291d639742a6d17ee7d44694111655941ec2c1d", + "a210d0c79b879908b6b281722caf724f8e02b800ca7cffed17285574b1e73d4a", + "f75e8e0e0c7855400696c4dc9541bcd75a24f27676e9e4acf4146f434166a4b9", + "9bd458840202ac6a3e775d0b5bb14da65560c615a2a7ba6cc01f7b8a7fb75f8c", + "3c84e14224e65aa3a067c7b392e98037fc3672afc21fa02ef3ad3417e58c8e0f", + "8904f02c9115f5ea25a3815595be1ac6d642c646786d053ceec0d17606677c17", + "7440194e0b5ae29993d2f8571c8f7a83c029eeecf251a5e991fcd35e12108f61", + "077d53918dccaae2871aa7b501da372a6673e15b4a4447051852d4e01f581a03", + "5b5a3363903ac2fd810e4e1877ad59ebab5563e2740e4d970bc0c8ba4a471b08", + "f106305a63851987e0f48556e1a61c2fa6035c3b569005761fa2ba0aa3a7c085", + "9c7646c2bc1fbbee103868c7a13b9dd2c1cb29b62950fbf5acc67404b38da9ef", + "575e01491c4d5a08c2a6e60747fc87824397884a187d335f399057f50ba421f5", + "880275a257523f16fb83b540e5e1f4489d751c6684cb6f10a605f76f70b08d3a", + "cca39eebc73390fc408f0070fd31a4fec405b4466c248adc5413bbc4b5b0308c", + "1a2e5b01d2f1150064e73fedcf18de3a90f3950ae6c0a55697b2a87d723bffe2", + "3e05620847484822b3a23a1250863b550732547923e88e14e64b8084bc24c0c6", + "6197022f055da5446b9e6e937373805a3d497fdd4159827e23fc3cff6d26a51b", + "2f8594a39a654c99514983d6dbf367258de39be75294668ac80c2f9b248fd9aa", + "5ac7670fa52909cabebac7345330da2c85311efd3dbe89dd57bcc952c75b58fb", + "572bab030a2a464bf15793e5dd3e2d84b8360e3bb07be0e8d2708e3025b6a2a3", + "51d4c615066be53e24d1c2dc70bd9f5513f15ec615ec6b550945a5650d09035e", + "9bbc0fe8ddcd656cab2b39f146ea8e57cb2496b8777266a528d7af3d5d3ef799", + "9f7eabb50fcd7618c280d5639d6465fa87c3c2580495953f556d57da7242f515", + "112078a290c017e9c56a38a18d57e3507567836c7ecd55a29d43d06d8c4b2e87", + "43fadbcf6b371f33f758f939b8ea7b524ade6a7753b41d7a5b3dad524add560f", + "375d5f6b94dbc0b1bd46e46aae64b6cee43c2459af4a8c51e3bbe36b885cf216", + "659b77581f815a025f1826468979f5fce066e7f2bc91393ee74bd71fbb62cf14", + "dbdb416f2be2761c4acd105b87255e2e7feea28fcb6d77224b5e436eb5e0c492", + "8558d6b9eade8d8efc56573f591d28bd15c09935e955448dae984dbc028ae5d3", + "c03e016df0ddc6fd937a52f97d3cc08b945046481578dfc2489e7208196cb468", + "9772b6f8e9a3a4e3112ca3e5284bb1ee177bbb13fbb724a6e5c9f72801f2a5a6", + "65a2af1decd8c0a9209ce09d7eeb2088ae2007272e3a0ef6cfa90480d0871dba", + "1eac32099ccff0b55a138676e3ac291cb81c0cd2a573d6b5a013acbe5dc83536", + "7815afe50beb666d59454975871bc89711d3be94367a2dc1aeef4d1490e027a8", + "e5b34c78da584739945094d2543da674102a6e32f5d0c3e81923ce7a701ed824", + "f47dd464b5285b40dc39e07e414a6737d0f6289337c7618270fd3a4f53745081", + "1e8935e3c76df325b00eeb5e525ae4329de3ae64c991b9957327411740537b3c", + "a1ff028ab0f1c0abdd2650837afdbc1f28dad905cccb802b7af72e439c6acba4", + "1953ca3ec2aa45a27077b21f7e464f497abfb4f1ae6a75eb62824e414db4c88b", + "3977126c1a8ead71c700e64414dd4a97f1396fa97f6513650f0ae008f66e072f", + "be9755d7de1d78bd2c8bb957c80f199baf9630948b5e9e17eb54fd04a3646290", + "db7e61f78c1334471f801f40e9f1c7b67a2a150b7bb1ea29b716debfc87e0d87", + "3a906ac6fc9c764876f897e70242d3614f988d629d68c35a0b13d1969ceba44a", + "a0afe1c788bc4f1902f409b5c475b2da63166d33794d19ce76fe450c8c3cf0f3", + "f31698233389934cd18eaaed0d7fbafbe3cbe8738d1c493b492a26aa73a9c597", + "e7723943562ecd4c1394fefcd7d0321cd50e26c10d15a8136b3d524d6ee8a33e" + ], + "mitre_attack_tags": [ + "TA0003", + "T1060" + ] + }, + { + "bi": "registry-autorun-key-modified", + "hashes": [ + "3cb111e6d531ae041de2efeac8587374f59526fa719460ad55faaacfb4936d99", + "712ecbe881c06855b483f0bbeaf7ea17db994363503a54b99cc416116ada4dba", + "56099780e1a7c1df6f8fe7b01f107b46bbe66025d492dfc7e72482dfc735113a", + "0c47e6afcb8c3354a181e8bda0512ca65d7a5b5c0541da879994c787ab4530e1", + "f3d49f47a5ef0861e8c98df6432ab96e4694f406bc892b80f4215d4db54c1a75", + "d833f6e5ff1156e9c836dbc2e00f5d4431bc450a6dc36e4ebfab34a32e3741c0", + "239051885f686e935ca2242165dc592c8e266e5eb72576c80d92a71fb558e83f", + "35d8e52e6d05dadf52f441971bb246d7d15e5a49f33626c91078dd1177d767b5", + "1fbd62875d486e68e80118228cdb356e243f00b0060f7dca195dd734778afa82", + "3b41e6fb3c8ece6117e852bdcdba6b3ef494e7eb502787ac12045fabc3ec5609", + "ca59f8e92dfefba36f5d601ffae6bb4ce3b5f05d1ff6c91d72461f475755d12e", + "b889023e1c702a202486aae5d5ba7b4c22d8a497812420316db62bb485853c78", + "f80065b055f780c8edb11b1871e74970c6abd0b5963966d470d09c060503a843", + "04f0e9827c423864e2f267f2fcfa8d31dbdfbe0d7b92d34f118d8e77b9597528", + "858716274ebe0e1eaffbe79fe3ea0764b2ee48409d42669e5c8e61c3c9831ff9", + "470fc19b55ecb8f7830c57763c22086d45e4bdbccbb410827da20f178d082eb1", + "7069134c0a0b1055a8bf49d54812015b4c4eaf24d638be77ca9c2b53389dffeb", + "3929cfbc0cb9cbe8be50104418169111b8ffdfdc58cf628560c61ea98adc7446", + "6bf293de0f7a6a267278de0d1d9d5b814f24853a0c2c1e5b4ea0406c0762f6f9", + "072276d94f0ff3f700574cc3b84cbc65d41b0eaff2e83a5653edf6ff7fd2e0ba", + "3cb808292a7a81b6ff25d497f25acad1e554d14806492bfefa1c1c7f204d405a", + "7ca67b54493ec1fbf018e6f8da87d6d261ec7fdb9a17cf8327e28ce8c0ab97f4", + "b3c3df072ff1aec9fff5f1b51bc8dcdcb656eeddceeb3c7643ed13d1d6760b4e", + "e344a020eb2b9e8f7849e6190250d881ce7ed68e89b447d47afba5fc34206895", + "ef4ac67eb5d531a8b4a5a54b69e5afcd6a9dc30cfbda86fe571fc0e04af41e1b", + "b3db6584b32bda2b9bb77255ddcd4014e5dfcc1c4d2251d0677033d3a15cfa80", + "e7788132c06de65d834b5639a40606942ef6394b21350ae2fab19254f8f1bc75", + "b6c5eebc72f7f175a7510d760e5aeffbfb77fa7d18cd707c57b47282cefb1b21", + "91c7ff92f3938267720a28e9c995125500aeb78e82714220688d3da95612c15a", + "9b5919486261f6182fca2fe05a6027ffecb0b21f85f8182ad0323983c3e64784", + "16a1a073d93a8d56001a694d04fed70b17019eb244670390c0946104656528f6", + "e2682e27b3ad24b9dadf235adc1e1484fcc1f3ad4127494ae291f729178899dd", + "10ea6c280c20d3567453bda8c2af4794b867ad43d3e9c6e06fea328e8b1d4f5a", + "e9c00348e18aeb045f8e646f38b83c40b78bca943bfa5edba40ecb9e1794c5c3", + "9c4408d9e0a07492ab2995e82e7b9200d78f0243a8f39b6f13adcfde3547611e", + "5cda9d95afad5d7cc4584f8788ff30a2270020b6d4c874589dc4715f5fb166cc", + "bcae3849ba57e0a0fed0f91d6f690361a98e1c5560c2f3144c6746d583cf5381", + "af730f5170933c122bb4e9b8c50c596d150b45d670baba9ab4655e343c835e3d", + "82fafc3ad44adb44bb8f4cc0205915a89b3dee6bfc1c84e4dc6a8b4c9c429e07", + "ba7c302411d29424ac426051a867f8386f6e03abf7b83d385e3f028388dee559", + "9f4c5694e674c829e242955febef9efb130ee87d8bb0caed1961a9cc39cf21ad", + "674937c7fea9937d3157090a4358a53d21b45cf0bbe67b76e5d1adcda87df931", + "48fb31e3268057b2985bfe5455f5fe672169bc27c35b463266bac746af9e31e8", + "f5b90919a1c59edf4148d0d42ac361c8d439b4926956ec5ddc25c9eabb3abc21", + "cf6d5a0dde7159109750880e5ae5595923b0e502e178326344c0bb49a141b5f3", + "91d31331456072dc5dd1c7f8e1a5de4f0c2e22e888a02006e267f76d919ad387", + "b58b29b29b08569ac1e4dc89a41d765a9746a7fd13deebb76d6799e119a7dc81", + "5244ea22ca67d2b4dacfcb7625f4658a4c92a9b5c90eeace1427e71582321e1a", + "e3ec3a1999c935c8dfb4922ed30353be3758696a4d7a336925f3f8b90315cd90", + "e2827ceb2ca75fd7d6d81b031ff89f67ef273b25ad26afcf7218bee92edeba51", + "a498beaab56b3c14562091c0ec732c4c5daeaf13754e9ec6e9b17f8292c9deb0", + "4a86cbb357806bb557b9ef262e458fe051d14a4507f0cd23924b379e0e4f6b48", + "db92a789081585aa07f255036b5a862cf6d0ceb8a8aee45d93aa882db61d35f0", + "c828b4b562816f3a34ccbee1b804665f1aac2f8f487c39e5cecb751541b66713", + "52091dc21ec158cf6d1a3593beb7043d9b95831cb7524b7f537ba13361fe24d5", + "71cbea725d64eb8055a0fb931b75cd3e917adb363af7ebdf12d22d0c149ecc1d", + "69fb5ba180985ff11e747db0bd46b177d9551503da46638ff5586ff90f7a6baf", + "89e73508b4da44c1b92b3c883f7ea4cacc9a689f14b42c6856b946f19b36ee3d", + "9144fa8590d0bfd6b8d2aadcc182e26918c3d530e9cfac5df9ed9c74b49f3622", + "8332cad289db9b2a133817901291d639742a6d17ee7d44694111655941ec2c1d", + "a210d0c79b879908b6b281722caf724f8e02b800ca7cffed17285574b1e73d4a", + "f75e8e0e0c7855400696c4dc9541bcd75a24f27676e9e4acf4146f434166a4b9", + "9bd458840202ac6a3e775d0b5bb14da65560c615a2a7ba6cc01f7b8a7fb75f8c", + "3c84e14224e65aa3a067c7b392e98037fc3672afc21fa02ef3ad3417e58c8e0f", + "8904f02c9115f5ea25a3815595be1ac6d642c646786d053ceec0d17606677c17", + "7440194e0b5ae29993d2f8571c8f7a83c029eeecf251a5e991fcd35e12108f61", + "077d53918dccaae2871aa7b501da372a6673e15b4a4447051852d4e01f581a03", + "5b5a3363903ac2fd810e4e1877ad59ebab5563e2740e4d970bc0c8ba4a471b08", + "f106305a63851987e0f48556e1a61c2fa6035c3b569005761fa2ba0aa3a7c085", + "9c7646c2bc1fbbee103868c7a13b9dd2c1cb29b62950fbf5acc67404b38da9ef", + "575e01491c4d5a08c2a6e60747fc87824397884a187d335f399057f50ba421f5", + "880275a257523f16fb83b540e5e1f4489d751c6684cb6f10a605f76f70b08d3a", + "cca39eebc73390fc408f0070fd31a4fec405b4466c248adc5413bbc4b5b0308c", + "1a2e5b01d2f1150064e73fedcf18de3a90f3950ae6c0a55697b2a87d723bffe2", + "3e05620847484822b3a23a1250863b550732547923e88e14e64b8084bc24c0c6", + "6197022f055da5446b9e6e937373805a3d497fdd4159827e23fc3cff6d26a51b", + "2f8594a39a654c99514983d6dbf367258de39be75294668ac80c2f9b248fd9aa", + "5ac7670fa52909cabebac7345330da2c85311efd3dbe89dd57bcc952c75b58fb", + "572bab030a2a464bf15793e5dd3e2d84b8360e3bb07be0e8d2708e3025b6a2a3", + "51d4c615066be53e24d1c2dc70bd9f5513f15ec615ec6b550945a5650d09035e", + "9bbc0fe8ddcd656cab2b39f146ea8e57cb2496b8777266a528d7af3d5d3ef799", + "9f7eabb50fcd7618c280d5639d6465fa87c3c2580495953f556d57da7242f515", + "112078a290c017e9c56a38a18d57e3507567836c7ecd55a29d43d06d8c4b2e87", + "43fadbcf6b371f33f758f939b8ea7b524ade6a7753b41d7a5b3dad524add560f", + "375d5f6b94dbc0b1bd46e46aae64b6cee43c2459af4a8c51e3bbe36b885cf216", + "659b77581f815a025f1826468979f5fce066e7f2bc91393ee74bd71fbb62cf14", + "dbdb416f2be2761c4acd105b87255e2e7feea28fcb6d77224b5e436eb5e0c492", + "8558d6b9eade8d8efc56573f591d28bd15c09935e955448dae984dbc028ae5d3", + "c03e016df0ddc6fd937a52f97d3cc08b945046481578dfc2489e7208196cb468", + "9772b6f8e9a3a4e3112ca3e5284bb1ee177bbb13fbb724a6e5c9f72801f2a5a6", + "65a2af1decd8c0a9209ce09d7eeb2088ae2007272e3a0ef6cfa90480d0871dba", + "1eac32099ccff0b55a138676e3ac291cb81c0cd2a573d6b5a013acbe5dc83536", + "7815afe50beb666d59454975871bc89711d3be94367a2dc1aeef4d1490e027a8", + "e5b34c78da584739945094d2543da674102a6e32f5d0c3e81923ce7a701ed824", + "f47dd464b5285b40dc39e07e414a6737d0f6289337c7618270fd3a4f53745081", + "1e8935e3c76df325b00eeb5e525ae4329de3ae64c991b9957327411740537b3c", + "a1ff028ab0f1c0abdd2650837afdbc1f28dad905cccb802b7af72e439c6acba4", + "1953ca3ec2aa45a27077b21f7e464f497abfb4f1ae6a75eb62824e414db4c88b", + "3977126c1a8ead71c700e64414dd4a97f1396fa97f6513650f0ae008f66e072f", + "be9755d7de1d78bd2c8bb957c80f199baf9630948b5e9e17eb54fd04a3646290", + "db7e61f78c1334471f801f40e9f1c7b67a2a150b7bb1ea29b716debfc87e0d87", + "3a906ac6fc9c764876f897e70242d3614f988d629d68c35a0b13d1969ceba44a", + "a0afe1c788bc4f1902f409b5c475b2da63166d33794d19ce76fe450c8c3cf0f3", + "f31698233389934cd18eaaed0d7fbafbe3cbe8738d1c493b492a26aa73a9c597", + "e7723943562ecd4c1394fefcd7d0321cd50e26c10d15a8136b3d524d6ee8a33e" + ], + "mitre_attack_tags": [ + "TA0003", + "T1060" + ] + }, + { + "bi": "imports-IsDebuggerPresent", + "hashes": [ + "3cb111e6d531ae041de2efeac8587374f59526fa719460ad55faaacfb4936d99", + "712ecbe881c06855b483f0bbeaf7ea17db994363503a54b99cc416116ada4dba", + "56099780e1a7c1df6f8fe7b01f107b46bbe66025d492dfc7e72482dfc735113a", + "0c47e6afcb8c3354a181e8bda0512ca65d7a5b5c0541da879994c787ab4530e1", + "f3d49f47a5ef0861e8c98df6432ab96e4694f406bc892b80f4215d4db54c1a75", + "d833f6e5ff1156e9c836dbc2e00f5d4431bc450a6dc36e4ebfab34a32e3741c0", + "239051885f686e935ca2242165dc592c8e266e5eb72576c80d92a71fb558e83f", + "35d8e52e6d05dadf52f441971bb246d7d15e5a49f33626c91078dd1177d767b5", + "1fbd62875d486e68e80118228cdb356e243f00b0060f7dca195dd734778afa82", + "3b41e6fb3c8ece6117e852bdcdba6b3ef494e7eb502787ac12045fabc3ec5609", + "ca59f8e92dfefba36f5d601ffae6bb4ce3b5f05d1ff6c91d72461f475755d12e", + "b889023e1c702a202486aae5d5ba7b4c22d8a497812420316db62bb485853c78", + "f80065b055f780c8edb11b1871e74970c6abd0b5963966d470d09c060503a843", + "04f0e9827c423864e2f267f2fcfa8d31dbdfbe0d7b92d34f118d8e77b9597528", + "858716274ebe0e1eaffbe79fe3ea0764b2ee48409d42669e5c8e61c3c9831ff9", + "470fc19b55ecb8f7830c57763c22086d45e4bdbccbb410827da20f178d082eb1", + "7069134c0a0b1055a8bf49d54812015b4c4eaf24d638be77ca9c2b53389dffeb", + "3929cfbc0cb9cbe8be50104418169111b8ffdfdc58cf628560c61ea98adc7446", + "6bf293de0f7a6a267278de0d1d9d5b814f24853a0c2c1e5b4ea0406c0762f6f9", + "072276d94f0ff3f700574cc3b84cbc65d41b0eaff2e83a5653edf6ff7fd2e0ba", + "3cb808292a7a81b6ff25d497f25acad1e554d14806492bfefa1c1c7f204d405a", + "7ca67b54493ec1fbf018e6f8da87d6d261ec7fdb9a17cf8327e28ce8c0ab97f4", + "b3c3df072ff1aec9fff5f1b51bc8dcdcb656eeddceeb3c7643ed13d1d6760b4e", + "e344a020eb2b9e8f7849e6190250d881ce7ed68e89b447d47afba5fc34206895", + "ef4ac67eb5d531a8b4a5a54b69e5afcd6a9dc30cfbda86fe571fc0e04af41e1b", + "b3db6584b32bda2b9bb77255ddcd4014e5dfcc1c4d2251d0677033d3a15cfa80", + "e7788132c06de65d834b5639a40606942ef6394b21350ae2fab19254f8f1bc75", + "b6c5eebc72f7f175a7510d760e5aeffbfb77fa7d18cd707c57b47282cefb1b21", + "91c7ff92f3938267720a28e9c995125500aeb78e82714220688d3da95612c15a", + "9b5919486261f6182fca2fe05a6027ffecb0b21f85f8182ad0323983c3e64784", + "16a1a073d93a8d56001a694d04fed70b17019eb244670390c0946104656528f6", + "e2682e27b3ad24b9dadf235adc1e1484fcc1f3ad4127494ae291f729178899dd", + "10ea6c280c20d3567453bda8c2af4794b867ad43d3e9c6e06fea328e8b1d4f5a", + "e9c00348e18aeb045f8e646f38b83c40b78bca943bfa5edba40ecb9e1794c5c3", + "9c4408d9e0a07492ab2995e82e7b9200d78f0243a8f39b6f13adcfde3547611e", + "5cda9d95afad5d7cc4584f8788ff30a2270020b6d4c874589dc4715f5fb166cc", + "bcae3849ba57e0a0fed0f91d6f690361a98e1c5560c2f3144c6746d583cf5381", + "af730f5170933c122bb4e9b8c50c596d150b45d670baba9ab4655e343c835e3d", + "82fafc3ad44adb44bb8f4cc0205915a89b3dee6bfc1c84e4dc6a8b4c9c429e07", + "ba7c302411d29424ac426051a867f8386f6e03abf7b83d385e3f028388dee559", + "9f4c5694e674c829e242955febef9efb130ee87d8bb0caed1961a9cc39cf21ad", + "674937c7fea9937d3157090a4358a53d21b45cf0bbe67b76e5d1adcda87df931", + "48fb31e3268057b2985bfe5455f5fe672169bc27c35b463266bac746af9e31e8", + "f5b90919a1c59edf4148d0d42ac361c8d439b4926956ec5ddc25c9eabb3abc21", + "cf6d5a0dde7159109750880e5ae5595923b0e502e178326344c0bb49a141b5f3", + "91d31331456072dc5dd1c7f8e1a5de4f0c2e22e888a02006e267f76d919ad387", + "b58b29b29b08569ac1e4dc89a41d765a9746a7fd13deebb76d6799e119a7dc81", + "5244ea22ca67d2b4dacfcb7625f4658a4c92a9b5c90eeace1427e71582321e1a", + "e3ec3a1999c935c8dfb4922ed30353be3758696a4d7a336925f3f8b90315cd90", + "e2827ceb2ca75fd7d6d81b031ff89f67ef273b25ad26afcf7218bee92edeba51", + "a498beaab56b3c14562091c0ec732c4c5daeaf13754e9ec6e9b17f8292c9deb0", + "4a86cbb357806bb557b9ef262e458fe051d14a4507f0cd23924b379e0e4f6b48", + "db92a789081585aa07f255036b5a862cf6d0ceb8a8aee45d93aa882db61d35f0", + "c828b4b562816f3a34ccbee1b804665f1aac2f8f487c39e5cecb751541b66713", + "52091dc21ec158cf6d1a3593beb7043d9b95831cb7524b7f537ba13361fe24d5", + "71cbea725d64eb8055a0fb931b75cd3e917adb363af7ebdf12d22d0c149ecc1d", + "69fb5ba180985ff11e747db0bd46b177d9551503da46638ff5586ff90f7a6baf", + "89e73508b4da44c1b92b3c883f7ea4cacc9a689f14b42c6856b946f19b36ee3d", + "9144fa8590d0bfd6b8d2aadcc182e26918c3d530e9cfac5df9ed9c74b49f3622", + "8332cad289db9b2a133817901291d639742a6d17ee7d44694111655941ec2c1d", + "a210d0c79b879908b6b281722caf724f8e02b800ca7cffed17285574b1e73d4a", + "f75e8e0e0c7855400696c4dc9541bcd75a24f27676e9e4acf4146f434166a4b9", + "9bd458840202ac6a3e775d0b5bb14da65560c615a2a7ba6cc01f7b8a7fb75f8c", + "3c84e14224e65aa3a067c7b392e98037fc3672afc21fa02ef3ad3417e58c8e0f", + "8904f02c9115f5ea25a3815595be1ac6d642c646786d053ceec0d17606677c17", + "7440194e0b5ae29993d2f8571c8f7a83c029eeecf251a5e991fcd35e12108f61", + "077d53918dccaae2871aa7b501da372a6673e15b4a4447051852d4e01f581a03", + "5b5a3363903ac2fd810e4e1877ad59ebab5563e2740e4d970bc0c8ba4a471b08", + "f106305a63851987e0f48556e1a61c2fa6035c3b569005761fa2ba0aa3a7c085", + "9c7646c2bc1fbbee103868c7a13b9dd2c1cb29b62950fbf5acc67404b38da9ef", + "575e01491c4d5a08c2a6e60747fc87824397884a187d335f399057f50ba421f5", + "880275a257523f16fb83b540e5e1f4489d751c6684cb6f10a605f76f70b08d3a", + "cca39eebc73390fc408f0070fd31a4fec405b4466c248adc5413bbc4b5b0308c", + "1a2e5b01d2f1150064e73fedcf18de3a90f3950ae6c0a55697b2a87d723bffe2", + "3e05620847484822b3a23a1250863b550732547923e88e14e64b8084bc24c0c6", + "6197022f055da5446b9e6e937373805a3d497fdd4159827e23fc3cff6d26a51b", + "2f8594a39a654c99514983d6dbf367258de39be75294668ac80c2f9b248fd9aa", + "5ac7670fa52909cabebac7345330da2c85311efd3dbe89dd57bcc952c75b58fb", + "572bab030a2a464bf15793e5dd3e2d84b8360e3bb07be0e8d2708e3025b6a2a3", + "51d4c615066be53e24d1c2dc70bd9f5513f15ec615ec6b550945a5650d09035e", + "9bbc0fe8ddcd656cab2b39f146ea8e57cb2496b8777266a528d7af3d5d3ef799", + "9f7eabb50fcd7618c280d5639d6465fa87c3c2580495953f556d57da7242f515", + "112078a290c017e9c56a38a18d57e3507567836c7ecd55a29d43d06d8c4b2e87", + "43fadbcf6b371f33f758f939b8ea7b524ade6a7753b41d7a5b3dad524add560f", + "375d5f6b94dbc0b1bd46e46aae64b6cee43c2459af4a8c51e3bbe36b885cf216", + "659b77581f815a025f1826468979f5fce066e7f2bc91393ee74bd71fbb62cf14", + "dbdb416f2be2761c4acd105b87255e2e7feea28fcb6d77224b5e436eb5e0c492", + "8558d6b9eade8d8efc56573f591d28bd15c09935e955448dae984dbc028ae5d3", + "c03e016df0ddc6fd937a52f97d3cc08b945046481578dfc2489e7208196cb468", + "9772b6f8e9a3a4e3112ca3e5284bb1ee177bbb13fbb724a6e5c9f72801f2a5a6", + "65a2af1decd8c0a9209ce09d7eeb2088ae2007272e3a0ef6cfa90480d0871dba", + "1eac32099ccff0b55a138676e3ac291cb81c0cd2a573d6b5a013acbe5dc83536", + "7815afe50beb666d59454975871bc89711d3be94367a2dc1aeef4d1490e027a8", + "e5b34c78da584739945094d2543da674102a6e32f5d0c3e81923ce7a701ed824", + "f47dd464b5285b40dc39e07e414a6737d0f6289337c7618270fd3a4f53745081", + "1e8935e3c76df325b00eeb5e525ae4329de3ae64c991b9957327411740537b3c", + "a1ff028ab0f1c0abdd2650837afdbc1f28dad905cccb802b7af72e439c6acba4", + "1953ca3ec2aa45a27077b21f7e464f497abfb4f1ae6a75eb62824e414db4c88b", + "3977126c1a8ead71c700e64414dd4a97f1396fa97f6513650f0ae008f66e072f", + "be9755d7de1d78bd2c8bb957c80f199baf9630948b5e9e17eb54fd04a3646290", + "db7e61f78c1334471f801f40e9f1c7b67a2a150b7bb1ea29b716debfc87e0d87", + "3a906ac6fc9c764876f897e70242d3614f988d629d68c35a0b13d1969ceba44a", + "a0afe1c788bc4f1902f409b5c475b2da63166d33794d19ce76fe450c8c3cf0f3", + "f31698233389934cd18eaaed0d7fbafbe3cbe8738d1c493b492a26aa73a9c597", + "e7723943562ecd4c1394fefcd7d0321cd50e26c10d15a8136b3d524d6ee8a33e" + ], + "mitre_attack_tags": [] + }, + { + "bi": "malware-compound-cta-activity", + "hashes": [ + "3cb111e6d531ae041de2efeac8587374f59526fa719460ad55faaacfb4936d99", + "712ecbe881c06855b483f0bbeaf7ea17db994363503a54b99cc416116ada4dba", + "56099780e1a7c1df6f8fe7b01f107b46bbe66025d492dfc7e72482dfc735113a", + "0c47e6afcb8c3354a181e8bda0512ca65d7a5b5c0541da879994c787ab4530e1", + "f3d49f47a5ef0861e8c98df6432ab96e4694f406bc892b80f4215d4db54c1a75", + "d833f6e5ff1156e9c836dbc2e00f5d4431bc450a6dc36e4ebfab34a32e3741c0", + "239051885f686e935ca2242165dc592c8e266e5eb72576c80d92a71fb558e83f", + "35d8e52e6d05dadf52f441971bb246d7d15e5a49f33626c91078dd1177d767b5", + "1fbd62875d486e68e80118228cdb356e243f00b0060f7dca195dd734778afa82", + "3b41e6fb3c8ece6117e852bdcdba6b3ef494e7eb502787ac12045fabc3ec5609", + "ca59f8e92dfefba36f5d601ffae6bb4ce3b5f05d1ff6c91d72461f475755d12e", + "b889023e1c702a202486aae5d5ba7b4c22d8a497812420316db62bb485853c78", + "f80065b055f780c8edb11b1871e74970c6abd0b5963966d470d09c060503a843", + "04f0e9827c423864e2f267f2fcfa8d31dbdfbe0d7b92d34f118d8e77b9597528", + "858716274ebe0e1eaffbe79fe3ea0764b2ee48409d42669e5c8e61c3c9831ff9", + "470fc19b55ecb8f7830c57763c22086d45e4bdbccbb410827da20f178d082eb1", + "7069134c0a0b1055a8bf49d54812015b4c4eaf24d638be77ca9c2b53389dffeb", + "3929cfbc0cb9cbe8be50104418169111b8ffdfdc58cf628560c61ea98adc7446", + "6bf293de0f7a6a267278de0d1d9d5b814f24853a0c2c1e5b4ea0406c0762f6f9", + "072276d94f0ff3f700574cc3b84cbc65d41b0eaff2e83a5653edf6ff7fd2e0ba", + "3cb808292a7a81b6ff25d497f25acad1e554d14806492bfefa1c1c7f204d405a", + "7ca67b54493ec1fbf018e6f8da87d6d261ec7fdb9a17cf8327e28ce8c0ab97f4", + "b3c3df072ff1aec9fff5f1b51bc8dcdcb656eeddceeb3c7643ed13d1d6760b4e", + "e344a020eb2b9e8f7849e6190250d881ce7ed68e89b447d47afba5fc34206895", + "ef4ac67eb5d531a8b4a5a54b69e5afcd6a9dc30cfbda86fe571fc0e04af41e1b", + "b3db6584b32bda2b9bb77255ddcd4014e5dfcc1c4d2251d0677033d3a15cfa80", + "e7788132c06de65d834b5639a40606942ef6394b21350ae2fab19254f8f1bc75", + "b6c5eebc72f7f175a7510d760e5aeffbfb77fa7d18cd707c57b47282cefb1b21", + "91c7ff92f3938267720a28e9c995125500aeb78e82714220688d3da95612c15a", + "9b5919486261f6182fca2fe05a6027ffecb0b21f85f8182ad0323983c3e64784", + "16a1a073d93a8d56001a694d04fed70b17019eb244670390c0946104656528f6", + "e2682e27b3ad24b9dadf235adc1e1484fcc1f3ad4127494ae291f729178899dd", + "10ea6c280c20d3567453bda8c2af4794b867ad43d3e9c6e06fea328e8b1d4f5a", + "e9c00348e18aeb045f8e646f38b83c40b78bca943bfa5edba40ecb9e1794c5c3", + "9c4408d9e0a07492ab2995e82e7b9200d78f0243a8f39b6f13adcfde3547611e", + "5cda9d95afad5d7cc4584f8788ff30a2270020b6d4c874589dc4715f5fb166cc", + "bcae3849ba57e0a0fed0f91d6f690361a98e1c5560c2f3144c6746d583cf5381", + "af730f5170933c122bb4e9b8c50c596d150b45d670baba9ab4655e343c835e3d", + "82fafc3ad44adb44bb8f4cc0205915a89b3dee6bfc1c84e4dc6a8b4c9c429e07", + "ba7c302411d29424ac426051a867f8386f6e03abf7b83d385e3f028388dee559", + "9f4c5694e674c829e242955febef9efb130ee87d8bb0caed1961a9cc39cf21ad", + "674937c7fea9937d3157090a4358a53d21b45cf0bbe67b76e5d1adcda87df931", + "48fb31e3268057b2985bfe5455f5fe672169bc27c35b463266bac746af9e31e8", + "f5b90919a1c59edf4148d0d42ac361c8d439b4926956ec5ddc25c9eabb3abc21", + "cf6d5a0dde7159109750880e5ae5595923b0e502e178326344c0bb49a141b5f3", + "91d31331456072dc5dd1c7f8e1a5de4f0c2e22e888a02006e267f76d919ad387", + "b58b29b29b08569ac1e4dc89a41d765a9746a7fd13deebb76d6799e119a7dc81", + "5244ea22ca67d2b4dacfcb7625f4658a4c92a9b5c90eeace1427e71582321e1a", + "e3ec3a1999c935c8dfb4922ed30353be3758696a4d7a336925f3f8b90315cd90", + "e2827ceb2ca75fd7d6d81b031ff89f67ef273b25ad26afcf7218bee92edeba51", + "a498beaab56b3c14562091c0ec732c4c5daeaf13754e9ec6e9b17f8292c9deb0", + "4a86cbb357806bb557b9ef262e458fe051d14a4507f0cd23924b379e0e4f6b48", + "db92a789081585aa07f255036b5a862cf6d0ceb8a8aee45d93aa882db61d35f0", + "c828b4b562816f3a34ccbee1b804665f1aac2f8f487c39e5cecb751541b66713", + "52091dc21ec158cf6d1a3593beb7043d9b95831cb7524b7f537ba13361fe24d5", + "71cbea725d64eb8055a0fb931b75cd3e917adb363af7ebdf12d22d0c149ecc1d", + "69fb5ba180985ff11e747db0bd46b177d9551503da46638ff5586ff90f7a6baf", + "89e73508b4da44c1b92b3c883f7ea4cacc9a689f14b42c6856b946f19b36ee3d", + "9144fa8590d0bfd6b8d2aadcc182e26918c3d530e9cfac5df9ed9c74b49f3622", + "8332cad289db9b2a133817901291d639742a6d17ee7d44694111655941ec2c1d", + "a210d0c79b879908b6b281722caf724f8e02b800ca7cffed17285574b1e73d4a", + "f75e8e0e0c7855400696c4dc9541bcd75a24f27676e9e4acf4146f434166a4b9", + "9bd458840202ac6a3e775d0b5bb14da65560c615a2a7ba6cc01f7b8a7fb75f8c", + "3c84e14224e65aa3a067c7b392e98037fc3672afc21fa02ef3ad3417e58c8e0f", + "8904f02c9115f5ea25a3815595be1ac6d642c646786d053ceec0d17606677c17", + "7440194e0b5ae29993d2f8571c8f7a83c029eeecf251a5e991fcd35e12108f61", + "077d53918dccaae2871aa7b501da372a6673e15b4a4447051852d4e01f581a03", + "5b5a3363903ac2fd810e4e1877ad59ebab5563e2740e4d970bc0c8ba4a471b08", + "f106305a63851987e0f48556e1a61c2fa6035c3b569005761fa2ba0aa3a7c085", + "9c7646c2bc1fbbee103868c7a13b9dd2c1cb29b62950fbf5acc67404b38da9ef", + "575e01491c4d5a08c2a6e60747fc87824397884a187d335f399057f50ba421f5", + "880275a257523f16fb83b540e5e1f4489d751c6684cb6f10a605f76f70b08d3a", + "cca39eebc73390fc408f0070fd31a4fec405b4466c248adc5413bbc4b5b0308c", + "1a2e5b01d2f1150064e73fedcf18de3a90f3950ae6c0a55697b2a87d723bffe2", + "3e05620847484822b3a23a1250863b550732547923e88e14e64b8084bc24c0c6", + "6197022f055da5446b9e6e937373805a3d497fdd4159827e23fc3cff6d26a51b", + "2f8594a39a654c99514983d6dbf367258de39be75294668ac80c2f9b248fd9aa", + "5ac7670fa52909cabebac7345330da2c85311efd3dbe89dd57bcc952c75b58fb", + "572bab030a2a464bf15793e5dd3e2d84b8360e3bb07be0e8d2708e3025b6a2a3", + "51d4c615066be53e24d1c2dc70bd9f5513f15ec615ec6b550945a5650d09035e", + "9bbc0fe8ddcd656cab2b39f146ea8e57cb2496b8777266a528d7af3d5d3ef799", + "9f7eabb50fcd7618c280d5639d6465fa87c3c2580495953f556d57da7242f515", + "112078a290c017e9c56a38a18d57e3507567836c7ecd55a29d43d06d8c4b2e87", + "43fadbcf6b371f33f758f939b8ea7b524ade6a7753b41d7a5b3dad524add560f", + "375d5f6b94dbc0b1bd46e46aae64b6cee43c2459af4a8c51e3bbe36b885cf216", + "659b77581f815a025f1826468979f5fce066e7f2bc91393ee74bd71fbb62cf14", + "dbdb416f2be2761c4acd105b87255e2e7feea28fcb6d77224b5e436eb5e0c492", + "8558d6b9eade8d8efc56573f591d28bd15c09935e955448dae984dbc028ae5d3", + "c03e016df0ddc6fd937a52f97d3cc08b945046481578dfc2489e7208196cb468", + "9772b6f8e9a3a4e3112ca3e5284bb1ee177bbb13fbb724a6e5c9f72801f2a5a6", + "65a2af1decd8c0a9209ce09d7eeb2088ae2007272e3a0ef6cfa90480d0871dba", + "1eac32099ccff0b55a138676e3ac291cb81c0cd2a573d6b5a013acbe5dc83536", + "7815afe50beb666d59454975871bc89711d3be94367a2dc1aeef4d1490e027a8", + "e5b34c78da584739945094d2543da674102a6e32f5d0c3e81923ce7a701ed824", + "f47dd464b5285b40dc39e07e414a6737d0f6289337c7618270fd3a4f53745081", + "1e8935e3c76df325b00eeb5e525ae4329de3ae64c991b9957327411740537b3c", + "a1ff028ab0f1c0abdd2650837afdbc1f28dad905cccb802b7af72e439c6acba4", + "1953ca3ec2aa45a27077b21f7e464f497abfb4f1ae6a75eb62824e414db4c88b", + "3977126c1a8ead71c700e64414dd4a97f1396fa97f6513650f0ae008f66e072f", + "be9755d7de1d78bd2c8bb957c80f199baf9630948b5e9e17eb54fd04a3646290", + "db7e61f78c1334471f801f40e9f1c7b67a2a150b7bb1ea29b716debfc87e0d87", + "3a906ac6fc9c764876f897e70242d3614f988d629d68c35a0b13d1969ceba44a", + "a0afe1c788bc4f1902f409b5c475b2da63166d33794d19ce76fe450c8c3cf0f3", + "f31698233389934cd18eaaed0d7fbafbe3cbe8738d1c493b492a26aa73a9c597", + "e7723943562ecd4c1394fefcd7d0321cd50e26c10d15a8136b3d524d6ee8a33e" + ], + "mitre_attack_tags": [] + }, + { + "bi": "malware-kuluoz-mutex", + "hashes": [ + "3cb111e6d531ae041de2efeac8587374f59526fa719460ad55faaacfb4936d99", + "712ecbe881c06855b483f0bbeaf7ea17db994363503a54b99cc416116ada4dba", + "56099780e1a7c1df6f8fe7b01f107b46bbe66025d492dfc7e72482dfc735113a", + "0c47e6afcb8c3354a181e8bda0512ca65d7a5b5c0541da879994c787ab4530e1", + "f3d49f47a5ef0861e8c98df6432ab96e4694f406bc892b80f4215d4db54c1a75", + "d833f6e5ff1156e9c836dbc2e00f5d4431bc450a6dc36e4ebfab34a32e3741c0", + "239051885f686e935ca2242165dc592c8e266e5eb72576c80d92a71fb558e83f", + "35d8e52e6d05dadf52f441971bb246d7d15e5a49f33626c91078dd1177d767b5", + "1fbd62875d486e68e80118228cdb356e243f00b0060f7dca195dd734778afa82", + "3b41e6fb3c8ece6117e852bdcdba6b3ef494e7eb502787ac12045fabc3ec5609", + "ca59f8e92dfefba36f5d601ffae6bb4ce3b5f05d1ff6c91d72461f475755d12e", + "b889023e1c702a202486aae5d5ba7b4c22d8a497812420316db62bb485853c78", + "f80065b055f780c8edb11b1871e74970c6abd0b5963966d470d09c060503a843", + "04f0e9827c423864e2f267f2fcfa8d31dbdfbe0d7b92d34f118d8e77b9597528", + "858716274ebe0e1eaffbe79fe3ea0764b2ee48409d42669e5c8e61c3c9831ff9", + "470fc19b55ecb8f7830c57763c22086d45e4bdbccbb410827da20f178d082eb1", + "7069134c0a0b1055a8bf49d54812015b4c4eaf24d638be77ca9c2b53389dffeb", + "3929cfbc0cb9cbe8be50104418169111b8ffdfdc58cf628560c61ea98adc7446", + "6bf293de0f7a6a267278de0d1d9d5b814f24853a0c2c1e5b4ea0406c0762f6f9", + "072276d94f0ff3f700574cc3b84cbc65d41b0eaff2e83a5653edf6ff7fd2e0ba", + "3cb808292a7a81b6ff25d497f25acad1e554d14806492bfefa1c1c7f204d405a", + "7ca67b54493ec1fbf018e6f8da87d6d261ec7fdb9a17cf8327e28ce8c0ab97f4", + "b3c3df072ff1aec9fff5f1b51bc8dcdcb656eeddceeb3c7643ed13d1d6760b4e", + "e344a020eb2b9e8f7849e6190250d881ce7ed68e89b447d47afba5fc34206895", + "ef4ac67eb5d531a8b4a5a54b69e5afcd6a9dc30cfbda86fe571fc0e04af41e1b", + "b3db6584b32bda2b9bb77255ddcd4014e5dfcc1c4d2251d0677033d3a15cfa80", + "e7788132c06de65d834b5639a40606942ef6394b21350ae2fab19254f8f1bc75", + "b6c5eebc72f7f175a7510d760e5aeffbfb77fa7d18cd707c57b47282cefb1b21", + "91c7ff92f3938267720a28e9c995125500aeb78e82714220688d3da95612c15a", + "9b5919486261f6182fca2fe05a6027ffecb0b21f85f8182ad0323983c3e64784", + "16a1a073d93a8d56001a694d04fed70b17019eb244670390c0946104656528f6", + "e2682e27b3ad24b9dadf235adc1e1484fcc1f3ad4127494ae291f729178899dd", + "10ea6c280c20d3567453bda8c2af4794b867ad43d3e9c6e06fea328e8b1d4f5a", + "e9c00348e18aeb045f8e646f38b83c40b78bca943bfa5edba40ecb9e1794c5c3", + "9c4408d9e0a07492ab2995e82e7b9200d78f0243a8f39b6f13adcfde3547611e", + "5cda9d95afad5d7cc4584f8788ff30a2270020b6d4c874589dc4715f5fb166cc", + "bcae3849ba57e0a0fed0f91d6f690361a98e1c5560c2f3144c6746d583cf5381", + "af730f5170933c122bb4e9b8c50c596d150b45d670baba9ab4655e343c835e3d", + "82fafc3ad44adb44bb8f4cc0205915a89b3dee6bfc1c84e4dc6a8b4c9c429e07", + "ba7c302411d29424ac426051a867f8386f6e03abf7b83d385e3f028388dee559", + "9f4c5694e674c829e242955febef9efb130ee87d8bb0caed1961a9cc39cf21ad", + "674937c7fea9937d3157090a4358a53d21b45cf0bbe67b76e5d1adcda87df931", + "48fb31e3268057b2985bfe5455f5fe672169bc27c35b463266bac746af9e31e8", + "f5b90919a1c59edf4148d0d42ac361c8d439b4926956ec5ddc25c9eabb3abc21", + "cf6d5a0dde7159109750880e5ae5595923b0e502e178326344c0bb49a141b5f3", + "91d31331456072dc5dd1c7f8e1a5de4f0c2e22e888a02006e267f76d919ad387", + "b58b29b29b08569ac1e4dc89a41d765a9746a7fd13deebb76d6799e119a7dc81", + "5244ea22ca67d2b4dacfcb7625f4658a4c92a9b5c90eeace1427e71582321e1a", + "e3ec3a1999c935c8dfb4922ed30353be3758696a4d7a336925f3f8b90315cd90", + "e2827ceb2ca75fd7d6d81b031ff89f67ef273b25ad26afcf7218bee92edeba51", + "a498beaab56b3c14562091c0ec732c4c5daeaf13754e9ec6e9b17f8292c9deb0", + "4a86cbb357806bb557b9ef262e458fe051d14a4507f0cd23924b379e0e4f6b48", + "db92a789081585aa07f255036b5a862cf6d0ceb8a8aee45d93aa882db61d35f0", + "c828b4b562816f3a34ccbee1b804665f1aac2f8f487c39e5cecb751541b66713", + "52091dc21ec158cf6d1a3593beb7043d9b95831cb7524b7f537ba13361fe24d5", + "71cbea725d64eb8055a0fb931b75cd3e917adb363af7ebdf12d22d0c149ecc1d", + "69fb5ba180985ff11e747db0bd46b177d9551503da46638ff5586ff90f7a6baf", + "89e73508b4da44c1b92b3c883f7ea4cacc9a689f14b42c6856b946f19b36ee3d", + "9144fa8590d0bfd6b8d2aadcc182e26918c3d530e9cfac5df9ed9c74b49f3622", + "8332cad289db9b2a133817901291d639742a6d17ee7d44694111655941ec2c1d", + "a210d0c79b879908b6b281722caf724f8e02b800ca7cffed17285574b1e73d4a", + "f75e8e0e0c7855400696c4dc9541bcd75a24f27676e9e4acf4146f434166a4b9", + "9bd458840202ac6a3e775d0b5bb14da65560c615a2a7ba6cc01f7b8a7fb75f8c", + "3c84e14224e65aa3a067c7b392e98037fc3672afc21fa02ef3ad3417e58c8e0f", + "8904f02c9115f5ea25a3815595be1ac6d642c646786d053ceec0d17606677c17", + "7440194e0b5ae29993d2f8571c8f7a83c029eeecf251a5e991fcd35e12108f61", + "077d53918dccaae2871aa7b501da372a6673e15b4a4447051852d4e01f581a03", + "5b5a3363903ac2fd810e4e1877ad59ebab5563e2740e4d970bc0c8ba4a471b08", + "f106305a63851987e0f48556e1a61c2fa6035c3b569005761fa2ba0aa3a7c085", + "9c7646c2bc1fbbee103868c7a13b9dd2c1cb29b62950fbf5acc67404b38da9ef", + "575e01491c4d5a08c2a6e60747fc87824397884a187d335f399057f50ba421f5", + "880275a257523f16fb83b540e5e1f4489d751c6684cb6f10a605f76f70b08d3a", + "cca39eebc73390fc408f0070fd31a4fec405b4466c248adc5413bbc4b5b0308c", + "1a2e5b01d2f1150064e73fedcf18de3a90f3950ae6c0a55697b2a87d723bffe2", + "3e05620847484822b3a23a1250863b550732547923e88e14e64b8084bc24c0c6", + "6197022f055da5446b9e6e937373805a3d497fdd4159827e23fc3cff6d26a51b", + "2f8594a39a654c99514983d6dbf367258de39be75294668ac80c2f9b248fd9aa", + "5ac7670fa52909cabebac7345330da2c85311efd3dbe89dd57bcc952c75b58fb", + "572bab030a2a464bf15793e5dd3e2d84b8360e3bb07be0e8d2708e3025b6a2a3", + "51d4c615066be53e24d1c2dc70bd9f5513f15ec615ec6b550945a5650d09035e", + "9bbc0fe8ddcd656cab2b39f146ea8e57cb2496b8777266a528d7af3d5d3ef799", + "9f7eabb50fcd7618c280d5639d6465fa87c3c2580495953f556d57da7242f515", + "112078a290c017e9c56a38a18d57e3507567836c7ecd55a29d43d06d8c4b2e87", + "43fadbcf6b371f33f758f939b8ea7b524ade6a7753b41d7a5b3dad524add560f", + "375d5f6b94dbc0b1bd46e46aae64b6cee43c2459af4a8c51e3bbe36b885cf216", + "659b77581f815a025f1826468979f5fce066e7f2bc91393ee74bd71fbb62cf14", + "dbdb416f2be2761c4acd105b87255e2e7feea28fcb6d77224b5e436eb5e0c492", + "8558d6b9eade8d8efc56573f591d28bd15c09935e955448dae984dbc028ae5d3", + "c03e016df0ddc6fd937a52f97d3cc08b945046481578dfc2489e7208196cb468", + "9772b6f8e9a3a4e3112ca3e5284bb1ee177bbb13fbb724a6e5c9f72801f2a5a6", + "65a2af1decd8c0a9209ce09d7eeb2088ae2007272e3a0ef6cfa90480d0871dba", + "1eac32099ccff0b55a138676e3ac291cb81c0cd2a573d6b5a013acbe5dc83536", + "7815afe50beb666d59454975871bc89711d3be94367a2dc1aeef4d1490e027a8", + "e5b34c78da584739945094d2543da674102a6e32f5d0c3e81923ce7a701ed824", + "f47dd464b5285b40dc39e07e414a6737d0f6289337c7618270fd3a4f53745081", + "1e8935e3c76df325b00eeb5e525ae4329de3ae64c991b9957327411740537b3c", + "a1ff028ab0f1c0abdd2650837afdbc1f28dad905cccb802b7af72e439c6acba4", + "1953ca3ec2aa45a27077b21f7e464f497abfb4f1ae6a75eb62824e414db4c88b", + "3977126c1a8ead71c700e64414dd4a97f1396fa97f6513650f0ae008f66e072f", + "be9755d7de1d78bd2c8bb957c80f199baf9630948b5e9e17eb54fd04a3646290", + "db7e61f78c1334471f801f40e9f1c7b67a2a150b7bb1ea29b716debfc87e0d87", + "3a906ac6fc9c764876f897e70242d3614f988d629d68c35a0b13d1969ceba44a", + "a0afe1c788bc4f1902f409b5c475b2da63166d33794d19ce76fe450c8c3cf0f3", + "f31698233389934cd18eaaed0d7fbafbe3cbe8738d1c493b492a26aa73a9c597", + "e7723943562ecd4c1394fefcd7d0321cd50e26c10d15a8136b3d524d6ee8a33e" + ], + "mitre_attack_tags": [] + } + ], + "category": "Dropper", + "coverage": { + "AMP": true, + "CWS": true, + "Cloudlock": false, + "Email Security": true, + "Network Security": false, + "Threat Grid": true, + "Umbrella": false, + "WSA": false + }, + "description": "Kuluoz, sometimes known as \"Asprox,\" is a modular remote access trojan that is also known to download and execute follow-on malware, such as fake antivirus software. Kuluoz is often delivered via spam emails pretending to be shipment delivery notifications or flight booking confirmations.", + "hashes": [ + "04f0e9827c423864e2f267f2fcfa8d31dbdfbe0d7b92d34f118d8e77b9597528", + "072276d94f0ff3f700574cc3b84cbc65d41b0eaff2e83a5653edf6ff7fd2e0ba", + "077d53918dccaae2871aa7b501da372a6673e15b4a4447051852d4e01f581a03", + "0c47e6afcb8c3354a181e8bda0512ca65d7a5b5c0541da879994c787ab4530e1", + "10ea6c280c20d3567453bda8c2af4794b867ad43d3e9c6e06fea328e8b1d4f5a", + "112078a290c017e9c56a38a18d57e3507567836c7ecd55a29d43d06d8c4b2e87", + "16a1a073d93a8d56001a694d04fed70b17019eb244670390c0946104656528f6", + "1953ca3ec2aa45a27077b21f7e464f497abfb4f1ae6a75eb62824e414db4c88b", + "1a2e5b01d2f1150064e73fedcf18de3a90f3950ae6c0a55697b2a87d723bffe2", + "1e8935e3c76df325b00eeb5e525ae4329de3ae64c991b9957327411740537b3c", + "1eac32099ccff0b55a138676e3ac291cb81c0cd2a573d6b5a013acbe5dc83536", + "1fbd62875d486e68e80118228cdb356e243f00b0060f7dca195dd734778afa82", + "239051885f686e935ca2242165dc592c8e266e5eb72576c80d92a71fb558e83f", + "2f8594a39a654c99514983d6dbf367258de39be75294668ac80c2f9b248fd9aa", + "35d8e52e6d05dadf52f441971bb246d7d15e5a49f33626c91078dd1177d767b5", + "375d5f6b94dbc0b1bd46e46aae64b6cee43c2459af4a8c51e3bbe36b885cf216", + "3929cfbc0cb9cbe8be50104418169111b8ffdfdc58cf628560c61ea98adc7446", + "3977126c1a8ead71c700e64414dd4a97f1396fa97f6513650f0ae008f66e072f", + "3a906ac6fc9c764876f897e70242d3614f988d629d68c35a0b13d1969ceba44a", + "3b41e6fb3c8ece6117e852bdcdba6b3ef494e7eb502787ac12045fabc3ec5609", + "3c84e14224e65aa3a067c7b392e98037fc3672afc21fa02ef3ad3417e58c8e0f", + "3cb111e6d531ae041de2efeac8587374f59526fa719460ad55faaacfb4936d99", + "3cb808292a7a81b6ff25d497f25acad1e554d14806492bfefa1c1c7f204d405a", + "3e05620847484822b3a23a1250863b550732547923e88e14e64b8084bc24c0c6", + "43fadbcf6b371f33f758f939b8ea7b524ade6a7753b41d7a5b3dad524add560f", + "470fc19b55ecb8f7830c57763c22086d45e4bdbccbb410827da20f178d082eb1", + "48fb31e3268057b2985bfe5455f5fe672169bc27c35b463266bac746af9e31e8", + "4a86cbb357806bb557b9ef262e458fe051d14a4507f0cd23924b379e0e4f6b48", + "51d4c615066be53e24d1c2dc70bd9f5513f15ec615ec6b550945a5650d09035e", + "52091dc21ec158cf6d1a3593beb7043d9b95831cb7524b7f537ba13361fe24d5", + "5244ea22ca67d2b4dacfcb7625f4658a4c92a9b5c90eeace1427e71582321e1a", + "56099780e1a7c1df6f8fe7b01f107b46bbe66025d492dfc7e72482dfc735113a", + "572bab030a2a464bf15793e5dd3e2d84b8360e3bb07be0e8d2708e3025b6a2a3", + "575e01491c4d5a08c2a6e60747fc87824397884a187d335f399057f50ba421f5", + "5ac7670fa52909cabebac7345330da2c85311efd3dbe89dd57bcc952c75b58fb", + "5b5a3363903ac2fd810e4e1877ad59ebab5563e2740e4d970bc0c8ba4a471b08", + "5cda9d95afad5d7cc4584f8788ff30a2270020b6d4c874589dc4715f5fb166cc", + "6197022f055da5446b9e6e937373805a3d497fdd4159827e23fc3cff6d26a51b", + "659b77581f815a025f1826468979f5fce066e7f2bc91393ee74bd71fbb62cf14", + "65a2af1decd8c0a9209ce09d7eeb2088ae2007272e3a0ef6cfa90480d0871dba", + "674937c7fea9937d3157090a4358a53d21b45cf0bbe67b76e5d1adcda87df931", + "69fb5ba180985ff11e747db0bd46b177d9551503da46638ff5586ff90f7a6baf", + "6bf293de0f7a6a267278de0d1d9d5b814f24853a0c2c1e5b4ea0406c0762f6f9", + "7069134c0a0b1055a8bf49d54812015b4c4eaf24d638be77ca9c2b53389dffeb", + "712ecbe881c06855b483f0bbeaf7ea17db994363503a54b99cc416116ada4dba", + "71cbea725d64eb8055a0fb931b75cd3e917adb363af7ebdf12d22d0c149ecc1d", + "7440194e0b5ae29993d2f8571c8f7a83c029eeecf251a5e991fcd35e12108f61", + "7815afe50beb666d59454975871bc89711d3be94367a2dc1aeef4d1490e027a8", + "7ca67b54493ec1fbf018e6f8da87d6d261ec7fdb9a17cf8327e28ce8c0ab97f4", + "82fafc3ad44adb44bb8f4cc0205915a89b3dee6bfc1c84e4dc6a8b4c9c429e07", + "8332cad289db9b2a133817901291d639742a6d17ee7d44694111655941ec2c1d", + "8558d6b9eade8d8efc56573f591d28bd15c09935e955448dae984dbc028ae5d3", + "858716274ebe0e1eaffbe79fe3ea0764b2ee48409d42669e5c8e61c3c9831ff9", + "880275a257523f16fb83b540e5e1f4489d751c6684cb6f10a605f76f70b08d3a", + "8904f02c9115f5ea25a3815595be1ac6d642c646786d053ceec0d17606677c17", + "89e73508b4da44c1b92b3c883f7ea4cacc9a689f14b42c6856b946f19b36ee3d", + "9144fa8590d0bfd6b8d2aadcc182e26918c3d530e9cfac5df9ed9c74b49f3622", + "91c7ff92f3938267720a28e9c995125500aeb78e82714220688d3da95612c15a", + "91d31331456072dc5dd1c7f8e1a5de4f0c2e22e888a02006e267f76d919ad387", + "9772b6f8e9a3a4e3112ca3e5284bb1ee177bbb13fbb724a6e5c9f72801f2a5a6", + "9b5919486261f6182fca2fe05a6027ffecb0b21f85f8182ad0323983c3e64784", + "9bbc0fe8ddcd656cab2b39f146ea8e57cb2496b8777266a528d7af3d5d3ef799", + "9bd458840202ac6a3e775d0b5bb14da65560c615a2a7ba6cc01f7b8a7fb75f8c", + "9c4408d9e0a07492ab2995e82e7b9200d78f0243a8f39b6f13adcfde3547611e", + "9c7646c2bc1fbbee103868c7a13b9dd2c1cb29b62950fbf5acc67404b38da9ef", + "9f4c5694e674c829e242955febef9efb130ee87d8bb0caed1961a9cc39cf21ad", + "9f7eabb50fcd7618c280d5639d6465fa87c3c2580495953f556d57da7242f515", + "a0afe1c788bc4f1902f409b5c475b2da63166d33794d19ce76fe450c8c3cf0f3", + "a1ff028ab0f1c0abdd2650837afdbc1f28dad905cccb802b7af72e439c6acba4", + "a210d0c79b879908b6b281722caf724f8e02b800ca7cffed17285574b1e73d4a", + "a498beaab56b3c14562091c0ec732c4c5daeaf13754e9ec6e9b17f8292c9deb0", + "af730f5170933c122bb4e9b8c50c596d150b45d670baba9ab4655e343c835e3d", + "b3c3df072ff1aec9fff5f1b51bc8dcdcb656eeddceeb3c7643ed13d1d6760b4e", + "b3db6584b32bda2b9bb77255ddcd4014e5dfcc1c4d2251d0677033d3a15cfa80", + "b58b29b29b08569ac1e4dc89a41d765a9746a7fd13deebb76d6799e119a7dc81", + "b6c5eebc72f7f175a7510d760e5aeffbfb77fa7d18cd707c57b47282cefb1b21", + "b889023e1c702a202486aae5d5ba7b4c22d8a497812420316db62bb485853c78", + "ba7c302411d29424ac426051a867f8386f6e03abf7b83d385e3f028388dee559", + "bcae3849ba57e0a0fed0f91d6f690361a98e1c5560c2f3144c6746d583cf5381", + "be9755d7de1d78bd2c8bb957c80f199baf9630948b5e9e17eb54fd04a3646290", + "c03e016df0ddc6fd937a52f97d3cc08b945046481578dfc2489e7208196cb468", + "c828b4b562816f3a34ccbee1b804665f1aac2f8f487c39e5cecb751541b66713", + "ca59f8e92dfefba36f5d601ffae6bb4ce3b5f05d1ff6c91d72461f475755d12e", + "cca39eebc73390fc408f0070fd31a4fec405b4466c248adc5413bbc4b5b0308c", + "cf6d5a0dde7159109750880e5ae5595923b0e502e178326344c0bb49a141b5f3", + "d833f6e5ff1156e9c836dbc2e00f5d4431bc450a6dc36e4ebfab34a32e3741c0", + "db7e61f78c1334471f801f40e9f1c7b67a2a150b7bb1ea29b716debfc87e0d87", + "db92a789081585aa07f255036b5a862cf6d0ceb8a8aee45d93aa882db61d35f0", + "dbdb416f2be2761c4acd105b87255e2e7feea28fcb6d77224b5e436eb5e0c492", + "e2682e27b3ad24b9dadf235adc1e1484fcc1f3ad4127494ae291f729178899dd", + "e2827ceb2ca75fd7d6d81b031ff89f67ef273b25ad26afcf7218bee92edeba51", + "e344a020eb2b9e8f7849e6190250d881ce7ed68e89b447d47afba5fc34206895", + "e3ec3a1999c935c8dfb4922ed30353be3758696a4d7a336925f3f8b90315cd90", + "e5b34c78da584739945094d2543da674102a6e32f5d0c3e81923ce7a701ed824", + "e7723943562ecd4c1394fefcd7d0321cd50e26c10d15a8136b3d524d6ee8a33e", + "e7788132c06de65d834b5639a40606942ef6394b21350ae2fab19254f8f1bc75", + "e9c00348e18aeb045f8e646f38b83c40b78bca943bfa5edba40ecb9e1794c5c3", + "ef4ac67eb5d531a8b4a5a54b69e5afcd6a9dc30cfbda86fe571fc0e04af41e1b", + "f106305a63851987e0f48556e1a61c2fa6035c3b569005761fa2ba0aa3a7c085", + "f31698233389934cd18eaaed0d7fbafbe3cbe8738d1c493b492a26aa73a9c597", + "f3d49f47a5ef0861e8c98df6432ab96e4694f406bc892b80f4215d4db54c1a75", + "f47dd464b5285b40dc39e07e414a6737d0f6289337c7618270fd3a4f53745081", + "f5b90919a1c59edf4148d0d42ac361c8d439b4926956ec5ddc25c9eabb3abc21", + "f75e8e0e0c7855400696c4dc9541bcd75a24f27676e9e4acf4146f434166a4b9", + "f80065b055f780c8edb11b1871e74970c6abd0b5963966d470d09c060503a843" + ], + "iocs": { + "domain": [], + "file": [ + { + "hashes": [ + "04f0e9827c423864e2f267f2fcfa8d31dbdfbe0d7b92d34f118d8e77b9597528", + "072276d94f0ff3f700574cc3b84cbc65d41b0eaff2e83a5653edf6ff7fd2e0ba", + "077d53918dccaae2871aa7b501da372a6673e15b4a4447051852d4e01f581a03", + "0c47e6afcb8c3354a181e8bda0512ca65d7a5b5c0541da879994c787ab4530e1", + "10ea6c280c20d3567453bda8c2af4794b867ad43d3e9c6e06fea328e8b1d4f5a", + "112078a290c017e9c56a38a18d57e3507567836c7ecd55a29d43d06d8c4b2e87", + "16a1a073d93a8d56001a694d04fed70b17019eb244670390c0946104656528f6", + "1953ca3ec2aa45a27077b21f7e464f497abfb4f1ae6a75eb62824e414db4c88b", + "1a2e5b01d2f1150064e73fedcf18de3a90f3950ae6c0a55697b2a87d723bffe2", + "1e8935e3c76df325b00eeb5e525ae4329de3ae64c991b9957327411740537b3c", + "1eac32099ccff0b55a138676e3ac291cb81c0cd2a573d6b5a013acbe5dc83536", + "1fbd62875d486e68e80118228cdb356e243f00b0060f7dca195dd734778afa82", + "239051885f686e935ca2242165dc592c8e266e5eb72576c80d92a71fb558e83f", + "2f8594a39a654c99514983d6dbf367258de39be75294668ac80c2f9b248fd9aa", + "35d8e52e6d05dadf52f441971bb246d7d15e5a49f33626c91078dd1177d767b5", + "375d5f6b94dbc0b1bd46e46aae64b6cee43c2459af4a8c51e3bbe36b885cf216", + "3929cfbc0cb9cbe8be50104418169111b8ffdfdc58cf628560c61ea98adc7446", + "3977126c1a8ead71c700e64414dd4a97f1396fa97f6513650f0ae008f66e072f", + "3a906ac6fc9c764876f897e70242d3614f988d629d68c35a0b13d1969ceba44a", + "3b41e6fb3c8ece6117e852bdcdba6b3ef494e7eb502787ac12045fabc3ec5609", + "3c84e14224e65aa3a067c7b392e98037fc3672afc21fa02ef3ad3417e58c8e0f", + "3cb111e6d531ae041de2efeac8587374f59526fa719460ad55faaacfb4936d99", + "3cb808292a7a81b6ff25d497f25acad1e554d14806492bfefa1c1c7f204d405a", + "3e05620847484822b3a23a1250863b550732547923e88e14e64b8084bc24c0c6", + "43fadbcf6b371f33f758f939b8ea7b524ade6a7753b41d7a5b3dad524add560f", + "470fc19b55ecb8f7830c57763c22086d45e4bdbccbb410827da20f178d082eb1", + "48fb31e3268057b2985bfe5455f5fe672169bc27c35b463266bac746af9e31e8", + "4a86cbb357806bb557b9ef262e458fe051d14a4507f0cd23924b379e0e4f6b48", + "51d4c615066be53e24d1c2dc70bd9f5513f15ec615ec6b550945a5650d09035e", + "52091dc21ec158cf6d1a3593beb7043d9b95831cb7524b7f537ba13361fe24d5", + "5244ea22ca67d2b4dacfcb7625f4658a4c92a9b5c90eeace1427e71582321e1a", + "56099780e1a7c1df6f8fe7b01f107b46bbe66025d492dfc7e72482dfc735113a", + "572bab030a2a464bf15793e5dd3e2d84b8360e3bb07be0e8d2708e3025b6a2a3", + "575e01491c4d5a08c2a6e60747fc87824397884a187d335f399057f50ba421f5", + "5ac7670fa52909cabebac7345330da2c85311efd3dbe89dd57bcc952c75b58fb", + "5b5a3363903ac2fd810e4e1877ad59ebab5563e2740e4d970bc0c8ba4a471b08", + "5cda9d95afad5d7cc4584f8788ff30a2270020b6d4c874589dc4715f5fb166cc", + "6197022f055da5446b9e6e937373805a3d497fdd4159827e23fc3cff6d26a51b", + "659b77581f815a025f1826468979f5fce066e7f2bc91393ee74bd71fbb62cf14", + "65a2af1decd8c0a9209ce09d7eeb2088ae2007272e3a0ef6cfa90480d0871dba", + "674937c7fea9937d3157090a4358a53d21b45cf0bbe67b76e5d1adcda87df931", + "69fb5ba180985ff11e747db0bd46b177d9551503da46638ff5586ff90f7a6baf", + "6bf293de0f7a6a267278de0d1d9d5b814f24853a0c2c1e5b4ea0406c0762f6f9", + "7069134c0a0b1055a8bf49d54812015b4c4eaf24d638be77ca9c2b53389dffeb", + "712ecbe881c06855b483f0bbeaf7ea17db994363503a54b99cc416116ada4dba", + "71cbea725d64eb8055a0fb931b75cd3e917adb363af7ebdf12d22d0c149ecc1d", + "7440194e0b5ae29993d2f8571c8f7a83c029eeecf251a5e991fcd35e12108f61", + "7815afe50beb666d59454975871bc89711d3be94367a2dc1aeef4d1490e027a8", + "7ca67b54493ec1fbf018e6f8da87d6d261ec7fdb9a17cf8327e28ce8c0ab97f4", + "82fafc3ad44adb44bb8f4cc0205915a89b3dee6bfc1c84e4dc6a8b4c9c429e07", + "8332cad289db9b2a133817901291d639742a6d17ee7d44694111655941ec2c1d", + "8558d6b9eade8d8efc56573f591d28bd15c09935e955448dae984dbc028ae5d3", + "858716274ebe0e1eaffbe79fe3ea0764b2ee48409d42669e5c8e61c3c9831ff9", + "880275a257523f16fb83b540e5e1f4489d751c6684cb6f10a605f76f70b08d3a", + "8904f02c9115f5ea25a3815595be1ac6d642c646786d053ceec0d17606677c17", + "89e73508b4da44c1b92b3c883f7ea4cacc9a689f14b42c6856b946f19b36ee3d", + "9144fa8590d0bfd6b8d2aadcc182e26918c3d530e9cfac5df9ed9c74b49f3622", + "91c7ff92f3938267720a28e9c995125500aeb78e82714220688d3da95612c15a", + "91d31331456072dc5dd1c7f8e1a5de4f0c2e22e888a02006e267f76d919ad387", + "9772b6f8e9a3a4e3112ca3e5284bb1ee177bbb13fbb724a6e5c9f72801f2a5a6", + "9b5919486261f6182fca2fe05a6027ffecb0b21f85f8182ad0323983c3e64784", + "9bbc0fe8ddcd656cab2b39f146ea8e57cb2496b8777266a528d7af3d5d3ef799", + "9bd458840202ac6a3e775d0b5bb14da65560c615a2a7ba6cc01f7b8a7fb75f8c", + "9c4408d9e0a07492ab2995e82e7b9200d78f0243a8f39b6f13adcfde3547611e", + "9c7646c2bc1fbbee103868c7a13b9dd2c1cb29b62950fbf5acc67404b38da9ef", + "9f4c5694e674c829e242955febef9efb130ee87d8bb0caed1961a9cc39cf21ad", + "9f7eabb50fcd7618c280d5639d6465fa87c3c2580495953f556d57da7242f515", + "a0afe1c788bc4f1902f409b5c475b2da63166d33794d19ce76fe450c8c3cf0f3", + "a1ff028ab0f1c0abdd2650837afdbc1f28dad905cccb802b7af72e439c6acba4", + "a210d0c79b879908b6b281722caf724f8e02b800ca7cffed17285574b1e73d4a", + "a498beaab56b3c14562091c0ec732c4c5daeaf13754e9ec6e9b17f8292c9deb0", + "af730f5170933c122bb4e9b8c50c596d150b45d670baba9ab4655e343c835e3d", + "b3c3df072ff1aec9fff5f1b51bc8dcdcb656eeddceeb3c7643ed13d1d6760b4e", + "b3db6584b32bda2b9bb77255ddcd4014e5dfcc1c4d2251d0677033d3a15cfa80", + "b58b29b29b08569ac1e4dc89a41d765a9746a7fd13deebb76d6799e119a7dc81", + "b6c5eebc72f7f175a7510d760e5aeffbfb77fa7d18cd707c57b47282cefb1b21", + "b889023e1c702a202486aae5d5ba7b4c22d8a497812420316db62bb485853c78", + "ba7c302411d29424ac426051a867f8386f6e03abf7b83d385e3f028388dee559", + "bcae3849ba57e0a0fed0f91d6f690361a98e1c5560c2f3144c6746d583cf5381", + "be9755d7de1d78bd2c8bb957c80f199baf9630948b5e9e17eb54fd04a3646290", + "c03e016df0ddc6fd937a52f97d3cc08b945046481578dfc2489e7208196cb468", + "c828b4b562816f3a34ccbee1b804665f1aac2f8f487c39e5cecb751541b66713", + "ca59f8e92dfefba36f5d601ffae6bb4ce3b5f05d1ff6c91d72461f475755d12e", + "cca39eebc73390fc408f0070fd31a4fec405b4466c248adc5413bbc4b5b0308c", + "cf6d5a0dde7159109750880e5ae5595923b0e502e178326344c0bb49a141b5f3", + "d833f6e5ff1156e9c836dbc2e00f5d4431bc450a6dc36e4ebfab34a32e3741c0", + "db7e61f78c1334471f801f40e9f1c7b67a2a150b7bb1ea29b716debfc87e0d87", + "db92a789081585aa07f255036b5a862cf6d0ceb8a8aee45d93aa882db61d35f0", + "dbdb416f2be2761c4acd105b87255e2e7feea28fcb6d77224b5e436eb5e0c492", + "e2682e27b3ad24b9dadf235adc1e1484fcc1f3ad4127494ae291f729178899dd", + "e2827ceb2ca75fd7d6d81b031ff89f67ef273b25ad26afcf7218bee92edeba51", + "e344a020eb2b9e8f7849e6190250d881ce7ed68e89b447d47afba5fc34206895", + "e3ec3a1999c935c8dfb4922ed30353be3758696a4d7a336925f3f8b90315cd90", + "e5b34c78da584739945094d2543da674102a6e32f5d0c3e81923ce7a701ed824", + "e7723943562ecd4c1394fefcd7d0321cd50e26c10d15a8136b3d524d6ee8a33e", + "e7788132c06de65d834b5639a40606942ef6394b21350ae2fab19254f8f1bc75", + "e9c00348e18aeb045f8e646f38b83c40b78bca943bfa5edba40ecb9e1794c5c3", + "ef4ac67eb5d531a8b4a5a54b69e5afcd6a9dc30cfbda86fe571fc0e04af41e1b", + "f106305a63851987e0f48556e1a61c2fa6035c3b569005761fa2ba0aa3a7c085", + "f31698233389934cd18eaaed0d7fbafbe3cbe8738d1c493b492a26aa73a9c597", + "f3d49f47a5ef0861e8c98df6432ab96e4694f406bc892b80f4215d4db54c1a75", + "f47dd464b5285b40dc39e07e414a6737d0f6289337c7618270fd3a4f53745081", + "f5b90919a1c59edf4148d0d42ac361c8d439b4926956ec5ddc25c9eabb3abc21", + "f75e8e0e0c7855400696c4dc9541bcd75a24f27676e9e4acf4146f434166a4b9", + "f80065b055f780c8edb11b1871e74970c6abd0b5963966d470d09c060503a843" + ], + "path": "%LOCALAPPDATA%\\<random, matching '[a-z]{8}'>.exe" + }, + { + "hashes": [ + "2f8594a39a654c99514983d6dbf367258de39be75294668ac80c2f9b248fd9aa" + ], + "path": "%HOMEPATH%\\Local Settings\\Application Data\\hmrpjdnd.exe" + }, + { + "hashes": [ + "1fbd62875d486e68e80118228cdb356e243f00b0060f7dca195dd734778afa82" + ], + "path": "%HOMEPATH%\\Local Settings\\Application Data\\rbgruqii.exe" + }, + { + "hashes": [ + "3c84e14224e65aa3a067c7b392e98037fc3672afc21fa02ef3ad3417e58c8e0f" + ], + "path": "%HOMEPATH%\\Local Settings\\Application Data\\mrcxfbbl.exe" + }, + { + "hashes": [ + "1a2e5b01d2f1150064e73fedcf18de3a90f3950ae6c0a55697b2a87d723bffe2" + ], + "path": "%HOMEPATH%\\Local Settings\\Application Data\\laafhqtr.exe" + }, + { + "hashes": [ + "3cb111e6d531ae041de2efeac8587374f59526fa719460ad55faaacfb4936d99" + ], + "path": "%HOMEPATH%\\Local Settings\\Application Data\\xfcgdhod.exe" + }, + { + "hashes": [ + "3cb808292a7a81b6ff25d497f25acad1e554d14806492bfefa1c1c7f204d405a" + ], + "path": "%HOMEPATH%\\Local Settings\\Application Data\\eqfsdpli.exe" + }, + { + "hashes": [ + "04f0e9827c423864e2f267f2fcfa8d31dbdfbe0d7b92d34f118d8e77b9597528" + ], + "path": "%HOMEPATH%\\Local Settings\\Application Data\\lfmigull.exe" + }, + { + "hashes": [ + "077d53918dccaae2871aa7b501da372a6673e15b4a4447051852d4e01f581a03" + ], + "path": "%HOMEPATH%\\Local Settings\\Application Data\\mepsiutc.exe" + }, + { + "hashes": [ + "3929cfbc0cb9cbe8be50104418169111b8ffdfdc58cf628560c61ea98adc7446" + ], + "path": "%HOMEPATH%\\Local Settings\\Application Data\\evvlnbmm.exe" + }, + { + "hashes": [ + "35d8e52e6d05dadf52f441971bb246d7d15e5a49f33626c91078dd1177d767b5" + ], + "path": "%HOMEPATH%\\Local Settings\\Application Data\\dtrpdkof.exe" + }, + { + "hashes": [ + "3b41e6fb3c8ece6117e852bdcdba6b3ef494e7eb502787ac12045fabc3ec5609" + ], + "path": "%HOMEPATH%\\Local Settings\\Application Data\\xvtoeinf.exe" + }, + { + "hashes": [ + "10ea6c280c20d3567453bda8c2af4794b867ad43d3e9c6e06fea328e8b1d4f5a" + ], + "path": "%HOMEPATH%\\Local Settings\\Application Data\\deumjros.exe" + }, + { + "hashes": [ + "239051885f686e935ca2242165dc592c8e266e5eb72576c80d92a71fb558e83f" + ], + "path": "%HOMEPATH%\\Local Settings\\Application Data\\ptlclwer.exe" + }, + { + "hashes": [ + "3977126c1a8ead71c700e64414dd4a97f1396fa97f6513650f0ae008f66e072f" + ], + "path": "%HOMEPATH%\\Local Settings\\Application Data\\pfcekooh.exe" + }, + { + "hashes": [ + "375d5f6b94dbc0b1bd46e46aae64b6cee43c2459af4a8c51e3bbe36b885cf216" + ], + "path": "%HOMEPATH%\\Local Settings\\Application Data\\dnxliqkc.exe" + }, + { + "hashes": [ + "3e05620847484822b3a23a1250863b550732547923e88e14e64b8084bc24c0c6" + ], + "path": "%HOMEPATH%\\Local Settings\\Application Data\\fwagopgb.exe" + }, + { + "hashes": [ + "3a906ac6fc9c764876f897e70242d3614f988d629d68c35a0b13d1969ceba44a" + ], + "path": "%HOMEPATH%\\Local Settings\\Application Data\\uubcfqfj.exe" + }, + { + "hashes": [ + "072276d94f0ff3f700574cc3b84cbc65d41b0eaff2e83a5653edf6ff7fd2e0ba" + ], + "path": "%HOMEPATH%\\Local Settings\\Application Data\\pxlkbulv.exe" + }, + { + "hashes": [ + "0c47e6afcb8c3354a181e8bda0512ca65d7a5b5c0541da879994c787ab4530e1" + ], + "path": "%HOMEPATH%\\Local Settings\\Application Data\\riuodjqi.exe" + }, + { + "hashes": [ + "112078a290c017e9c56a38a18d57e3507567836c7ecd55a29d43d06d8c4b2e87" + ], + "path": "%HOMEPATH%\\Local Settings\\Application Data\\mrbccagr.exe" + }, + { + "hashes": [ + "16a1a073d93a8d56001a694d04fed70b17019eb244670390c0946104656528f6" + ], + "path": "%HOMEPATH%\\Local Settings\\Application Data\\scrqpcqd.exe" + }, + { + "hashes": [ + "1953ca3ec2aa45a27077b21f7e464f497abfb4f1ae6a75eb62824e414db4c88b" + ], + "path": "%HOMEPATH%\\Local Settings\\Application Data\\ujtqfsaf.exe" + }, + { + "hashes": [ + "1e8935e3c76df325b00eeb5e525ae4329de3ae64c991b9957327411740537b3c" + ], + "path": "%HOMEPATH%\\Local Settings\\Application Data\\jrcdbpal.exe" + }, + { + "hashes": [ + "1eac32099ccff0b55a138676e3ac291cb81c0cd2a573d6b5a013acbe5dc83536" + ], + "path": "%HOMEPATH%\\Local Settings\\Application Data\\eafbsogp.exe" + }, + { + "hashes": [ + "43fadbcf6b371f33f758f939b8ea7b524ade6a7753b41d7a5b3dad524add560f" + ], + "path": "%HOMEPATH%\\Local Settings\\Application Data\\ewrrdbtt.exe" + } + ], + "ip": [ + { + "hashes": [ + "072276d94f0ff3f700574cc3b84cbc65d41b0eaff2e83a5653edf6ff7fd2e0ba", + "077d53918dccaae2871aa7b501da372a6673e15b4a4447051852d4e01f581a03", + "0c47e6afcb8c3354a181e8bda0512ca65d7a5b5c0541da879994c787ab4530e1", + "1953ca3ec2aa45a27077b21f7e464f497abfb4f1ae6a75eb62824e414db4c88b", + "1a2e5b01d2f1150064e73fedcf18de3a90f3950ae6c0a55697b2a87d723bffe2", + "1eac32099ccff0b55a138676e3ac291cb81c0cd2a573d6b5a013acbe5dc83536", + "2f8594a39a654c99514983d6dbf367258de39be75294668ac80c2f9b248fd9aa", + "375d5f6b94dbc0b1bd46e46aae64b6cee43c2459af4a8c51e3bbe36b885cf216", + "3a906ac6fc9c764876f897e70242d3614f988d629d68c35a0b13d1969ceba44a", + "3cb111e6d531ae041de2efeac8587374f59526fa719460ad55faaacfb4936d99", + "3e05620847484822b3a23a1250863b550732547923e88e14e64b8084bc24c0c6", + "43fadbcf6b371f33f758f939b8ea7b524ade6a7753b41d7a5b3dad524add560f", + "5244ea22ca67d2b4dacfcb7625f4658a4c92a9b5c90eeace1427e71582321e1a", + "575e01491c4d5a08c2a6e60747fc87824397884a187d335f399057f50ba421f5", + "5b5a3363903ac2fd810e4e1877ad59ebab5563e2740e4d970bc0c8ba4a471b08", + "6197022f055da5446b9e6e937373805a3d497fdd4159827e23fc3cff6d26a51b", + "659b77581f815a025f1826468979f5fce066e7f2bc91393ee74bd71fbb62cf14", + "65a2af1decd8c0a9209ce09d7eeb2088ae2007272e3a0ef6cfa90480d0871dba", + "674937c7fea9937d3157090a4358a53d21b45cf0bbe67b76e5d1adcda87df931", + "69fb5ba180985ff11e747db0bd46b177d9551503da46638ff5586ff90f7a6baf", + "6bf293de0f7a6a267278de0d1d9d5b814f24853a0c2c1e5b4ea0406c0762f6f9", + "7069134c0a0b1055a8bf49d54812015b4c4eaf24d638be77ca9c2b53389dffeb", + "712ecbe881c06855b483f0bbeaf7ea17db994363503a54b99cc416116ada4dba", + "71cbea725d64eb8055a0fb931b75cd3e917adb363af7ebdf12d22d0c149ecc1d", + "7815afe50beb666d59454975871bc89711d3be94367a2dc1aeef4d1490e027a8", + "7ca67b54493ec1fbf018e6f8da87d6d261ec7fdb9a17cf8327e28ce8c0ab97f4", + "82fafc3ad44adb44bb8f4cc0205915a89b3dee6bfc1c84e4dc6a8b4c9c429e07", + "8332cad289db9b2a133817901291d639742a6d17ee7d44694111655941ec2c1d", + "880275a257523f16fb83b540e5e1f4489d751c6684cb6f10a605f76f70b08d3a", + "89e73508b4da44c1b92b3c883f7ea4cacc9a689f14b42c6856b946f19b36ee3d", + "9144fa8590d0bfd6b8d2aadcc182e26918c3d530e9cfac5df9ed9c74b49f3622", + "91d31331456072dc5dd1c7f8e1a5de4f0c2e22e888a02006e267f76d919ad387", + "9bbc0fe8ddcd656cab2b39f146ea8e57cb2496b8777266a528d7af3d5d3ef799", + "9bd458840202ac6a3e775d0b5bb14da65560c615a2a7ba6cc01f7b8a7fb75f8c", + "9c4408d9e0a07492ab2995e82e7b9200d78f0243a8f39b6f13adcfde3547611e", + "9c7646c2bc1fbbee103868c7a13b9dd2c1cb29b62950fbf5acc67404b38da9ef", + "9f7eabb50fcd7618c280d5639d6465fa87c3c2580495953f556d57da7242f515", + "a210d0c79b879908b6b281722caf724f8e02b800ca7cffed17285574b1e73d4a", + "b58b29b29b08569ac1e4dc89a41d765a9746a7fd13deebb76d6799e119a7dc81", + "b6c5eebc72f7f175a7510d760e5aeffbfb77fa7d18cd707c57b47282cefb1b21", + "ba7c302411d29424ac426051a867f8386f6e03abf7b83d385e3f028388dee559", + "bcae3849ba57e0a0fed0f91d6f690361a98e1c5560c2f3144c6746d583cf5381", + "be9755d7de1d78bd2c8bb957c80f199baf9630948b5e9e17eb54fd04a3646290", + "c03e016df0ddc6fd937a52f97d3cc08b945046481578dfc2489e7208196cb468", + "cf6d5a0dde7159109750880e5ae5595923b0e502e178326344c0bb49a141b5f3", + "e5b34c78da584739945094d2543da674102a6e32f5d0c3e81923ce7a701ed824", + "e7723943562ecd4c1394fefcd7d0321cd50e26c10d15a8136b3d524d6ee8a33e", + "e7788132c06de65d834b5639a40606942ef6394b21350ae2fab19254f8f1bc75", + "f106305a63851987e0f48556e1a61c2fa6035c3b569005761fa2ba0aa3a7c085", + "f31698233389934cd18eaaed0d7fbafbe3cbe8738d1c493b492a26aa73a9c597", + "f3d49f47a5ef0861e8c98df6432ab96e4694f406bc892b80f4215d4db54c1a75", + "f5b90919a1c59edf4148d0d42ac361c8d439b4926956ec5ddc25c9eabb3abc21", + "f75e8e0e0c7855400696c4dc9541bcd75a24f27676e9e4acf4146f434166a4b9" + ], + "ip": "212[.]45[.]17[.]15" + }, + { + "hashes": [ + "0c47e6afcb8c3354a181e8bda0512ca65d7a5b5c0541da879994c787ab4530e1", + "2f8594a39a654c99514983d6dbf367258de39be75294668ac80c2f9b248fd9aa", + "3977126c1a8ead71c700e64414dd4a97f1396fa97f6513650f0ae008f66e072f", + "3a906ac6fc9c764876f897e70242d3614f988d629d68c35a0b13d1969ceba44a", + "3b41e6fb3c8ece6117e852bdcdba6b3ef494e7eb502787ac12045fabc3ec5609", + "3c84e14224e65aa3a067c7b392e98037fc3672afc21fa02ef3ad3417e58c8e0f", + "3cb808292a7a81b6ff25d497f25acad1e554d14806492bfefa1c1c7f204d405a", + "470fc19b55ecb8f7830c57763c22086d45e4bdbccbb410827da20f178d082eb1", + "48fb31e3268057b2985bfe5455f5fe672169bc27c35b463266bac746af9e31e8", + "4a86cbb357806bb557b9ef262e458fe051d14a4507f0cd23924b379e0e4f6b48", + "56099780e1a7c1df6f8fe7b01f107b46bbe66025d492dfc7e72482dfc735113a", + "5cda9d95afad5d7cc4584f8788ff30a2270020b6d4c874589dc4715f5fb166cc", + "6197022f055da5446b9e6e937373805a3d497fdd4159827e23fc3cff6d26a51b", + "659b77581f815a025f1826468979f5fce066e7f2bc91393ee74bd71fbb62cf14", + "69fb5ba180985ff11e747db0bd46b177d9551503da46638ff5586ff90f7a6baf", + "712ecbe881c06855b483f0bbeaf7ea17db994363503a54b99cc416116ada4dba", + "82fafc3ad44adb44bb8f4cc0205915a89b3dee6bfc1c84e4dc6a8b4c9c429e07", + "8332cad289db9b2a133817901291d639742a6d17ee7d44694111655941ec2c1d", + "858716274ebe0e1eaffbe79fe3ea0764b2ee48409d42669e5c8e61c3c9831ff9", + "89e73508b4da44c1b92b3c883f7ea4cacc9a689f14b42c6856b946f19b36ee3d", + "9144fa8590d0bfd6b8d2aadcc182e26918c3d530e9cfac5df9ed9c74b49f3622", + "91d31331456072dc5dd1c7f8e1a5de4f0c2e22e888a02006e267f76d919ad387", + "9772b6f8e9a3a4e3112ca3e5284bb1ee177bbb13fbb724a6e5c9f72801f2a5a6", + "9b5919486261f6182fca2fe05a6027ffecb0b21f85f8182ad0323983c3e64784", + "9c7646c2bc1fbbee103868c7a13b9dd2c1cb29b62950fbf5acc67404b38da9ef", + "9f7eabb50fcd7618c280d5639d6465fa87c3c2580495953f556d57da7242f515", + "a1ff028ab0f1c0abdd2650837afdbc1f28dad905cccb802b7af72e439c6acba4", + "a498beaab56b3c14562091c0ec732c4c5daeaf13754e9ec6e9b17f8292c9deb0", + "af730f5170933c122bb4e9b8c50c596d150b45d670baba9ab4655e343c835e3d", + "b3c3df072ff1aec9fff5f1b51bc8dcdcb656eeddceeb3c7643ed13d1d6760b4e", + "b58b29b29b08569ac1e4dc89a41d765a9746a7fd13deebb76d6799e119a7dc81", + "b889023e1c702a202486aae5d5ba7b4c22d8a497812420316db62bb485853c78", + "be9755d7de1d78bd2c8bb957c80f199baf9630948b5e9e17eb54fd04a3646290", + "c03e016df0ddc6fd937a52f97d3cc08b945046481578dfc2489e7208196cb468", + "c828b4b562816f3a34ccbee1b804665f1aac2f8f487c39e5cecb751541b66713", + "cca39eebc73390fc408f0070fd31a4fec405b4466c248adc5413bbc4b5b0308c", + "cf6d5a0dde7159109750880e5ae5595923b0e502e178326344c0bb49a141b5f3", + "db92a789081585aa07f255036b5a862cf6d0ceb8a8aee45d93aa882db61d35f0", + "dbdb416f2be2761c4acd105b87255e2e7feea28fcb6d77224b5e436eb5e0c492", + "e2682e27b3ad24b9dadf235adc1e1484fcc1f3ad4127494ae291f729178899dd", + "e2827ceb2ca75fd7d6d81b031ff89f67ef273b25ad26afcf7218bee92edeba51", + "e3ec3a1999c935c8dfb4922ed30353be3758696a4d7a336925f3f8b90315cd90", + "e5b34c78da584739945094d2543da674102a6e32f5d0c3e81923ce7a701ed824", + "e7788132c06de65d834b5639a40606942ef6394b21350ae2fab19254f8f1bc75", + "ef4ac67eb5d531a8b4a5a54b69e5afcd6a9dc30cfbda86fe571fc0e04af41e1b", + "f106305a63851987e0f48556e1a61c2fa6035c3b569005761fa2ba0aa3a7c085", + "f3d49f47a5ef0861e8c98df6432ab96e4694f406bc892b80f4215d4db54c1a75", + "f47dd464b5285b40dc39e07e414a6737d0f6289337c7618270fd3a4f53745081", + "f5b90919a1c59edf4148d0d42ac361c8d439b4926956ec5ddc25c9eabb3abc21", + "f75e8e0e0c7855400696c4dc9541bcd75a24f27676e9e4acf4146f434166a4b9", + "f80065b055f780c8edb11b1871e74970c6abd0b5963966d470d09c060503a843" + ], + "ip": "173[.]203[.]97[.]13" + }, + { + "hashes": [ + "0c47e6afcb8c3354a181e8bda0512ca65d7a5b5c0541da879994c787ab4530e1", + "10ea6c280c20d3567453bda8c2af4794b867ad43d3e9c6e06fea328e8b1d4f5a", + "112078a290c017e9c56a38a18d57e3507567836c7ecd55a29d43d06d8c4b2e87", + "16a1a073d93a8d56001a694d04fed70b17019eb244670390c0946104656528f6", + "1e8935e3c76df325b00eeb5e525ae4329de3ae64c991b9957327411740537b3c", + "1fbd62875d486e68e80118228cdb356e243f00b0060f7dca195dd734778afa82", + "2f8594a39a654c99514983d6dbf367258de39be75294668ac80c2f9b248fd9aa", + "375d5f6b94dbc0b1bd46e46aae64b6cee43c2459af4a8c51e3bbe36b885cf216", + "3977126c1a8ead71c700e64414dd4a97f1396fa97f6513650f0ae008f66e072f", + "3b41e6fb3c8ece6117e852bdcdba6b3ef494e7eb502787ac12045fabc3ec5609", + "3cb111e6d531ae041de2efeac8587374f59526fa719460ad55faaacfb4936d99", + "3cb808292a7a81b6ff25d497f25acad1e554d14806492bfefa1c1c7f204d405a", + "43fadbcf6b371f33f758f939b8ea7b524ade6a7753b41d7a5b3dad524add560f", + "470fc19b55ecb8f7830c57763c22086d45e4bdbccbb410827da20f178d082eb1", + "48fb31e3268057b2985bfe5455f5fe672169bc27c35b463266bac746af9e31e8", + "4a86cbb357806bb557b9ef262e458fe051d14a4507f0cd23924b379e0e4f6b48", + "52091dc21ec158cf6d1a3593beb7043d9b95831cb7524b7f537ba13361fe24d5", + "5244ea22ca67d2b4dacfcb7625f4658a4c92a9b5c90eeace1427e71582321e1a", + "572bab030a2a464bf15793e5dd3e2d84b8360e3bb07be0e8d2708e3025b6a2a3", + "5ac7670fa52909cabebac7345330da2c85311efd3dbe89dd57bcc952c75b58fb", + "5b5a3363903ac2fd810e4e1877ad59ebab5563e2740e4d970bc0c8ba4a471b08", + "5cda9d95afad5d7cc4584f8788ff30a2270020b6d4c874589dc4715f5fb166cc", + "6197022f055da5446b9e6e937373805a3d497fdd4159827e23fc3cff6d26a51b", + "65a2af1decd8c0a9209ce09d7eeb2088ae2007272e3a0ef6cfa90480d0871dba", + "71cbea725d64eb8055a0fb931b75cd3e917adb363af7ebdf12d22d0c149ecc1d", + "858716274ebe0e1eaffbe79fe3ea0764b2ee48409d42669e5c8e61c3c9831ff9", + "8904f02c9115f5ea25a3815595be1ac6d642c646786d053ceec0d17606677c17", + "89e73508b4da44c1b92b3c883f7ea4cacc9a689f14b42c6856b946f19b36ee3d", + "91c7ff92f3938267720a28e9c995125500aeb78e82714220688d3da95612c15a", + "9772b6f8e9a3a4e3112ca3e5284bb1ee177bbb13fbb724a6e5c9f72801f2a5a6", + "9bd458840202ac6a3e775d0b5bb14da65560c615a2a7ba6cc01f7b8a7fb75f8c", + "9c4408d9e0a07492ab2995e82e7b9200d78f0243a8f39b6f13adcfde3547611e", + "a0afe1c788bc4f1902f409b5c475b2da63166d33794d19ce76fe450c8c3cf0f3", + "a1ff028ab0f1c0abdd2650837afdbc1f28dad905cccb802b7af72e439c6acba4", + "a210d0c79b879908b6b281722caf724f8e02b800ca7cffed17285574b1e73d4a", + "a498beaab56b3c14562091c0ec732c4c5daeaf13754e9ec6e9b17f8292c9deb0", + "b58b29b29b08569ac1e4dc89a41d765a9746a7fd13deebb76d6799e119a7dc81", + "ba7c302411d29424ac426051a867f8386f6e03abf7b83d385e3f028388dee559", + "bcae3849ba57e0a0fed0f91d6f690361a98e1c5560c2f3144c6746d583cf5381", + "be9755d7de1d78bd2c8bb957c80f199baf9630948b5e9e17eb54fd04a3646290", + "c828b4b562816f3a34ccbee1b804665f1aac2f8f487c39e5cecb751541b66713", + "cca39eebc73390fc408f0070fd31a4fec405b4466c248adc5413bbc4b5b0308c", + "cf6d5a0dde7159109750880e5ae5595923b0e502e178326344c0bb49a141b5f3", + "db92a789081585aa07f255036b5a862cf6d0ceb8a8aee45d93aa882db61d35f0", + "e2827ceb2ca75fd7d6d81b031ff89f67ef273b25ad26afcf7218bee92edeba51", + "e344a020eb2b9e8f7849e6190250d881ce7ed68e89b447d47afba5fc34206895", + "e3ec3a1999c935c8dfb4922ed30353be3758696a4d7a336925f3f8b90315cd90", + "e5b34c78da584739945094d2543da674102a6e32f5d0c3e81923ce7a701ed824", + "e9c00348e18aeb045f8e646f38b83c40b78bca943bfa5edba40ecb9e1794c5c3", + "ef4ac67eb5d531a8b4a5a54b69e5afcd6a9dc30cfbda86fe571fc0e04af41e1b", + "f106305a63851987e0f48556e1a61c2fa6035c3b569005761fa2ba0aa3a7c085" + ], + "ip": "142[.]4[.]60[.]242" + }, + { + "hashes": [ + "04f0e9827c423864e2f267f2fcfa8d31dbdfbe0d7b92d34f118d8e77b9597528", + "072276d94f0ff3f700574cc3b84cbc65d41b0eaff2e83a5653edf6ff7fd2e0ba", + "077d53918dccaae2871aa7b501da372a6673e15b4a4447051852d4e01f581a03", + "112078a290c017e9c56a38a18d57e3507567836c7ecd55a29d43d06d8c4b2e87", + "16a1a073d93a8d56001a694d04fed70b17019eb244670390c0946104656528f6", + "1eac32099ccff0b55a138676e3ac291cb81c0cd2a573d6b5a013acbe5dc83536", + "1fbd62875d486e68e80118228cdb356e243f00b0060f7dca195dd734778afa82", + "2f8594a39a654c99514983d6dbf367258de39be75294668ac80c2f9b248fd9aa", + "35d8e52e6d05dadf52f441971bb246d7d15e5a49f33626c91078dd1177d767b5", + "3929cfbc0cb9cbe8be50104418169111b8ffdfdc58cf628560c61ea98adc7446", + "3b41e6fb3c8ece6117e852bdcdba6b3ef494e7eb502787ac12045fabc3ec5609", + "3c84e14224e65aa3a067c7b392e98037fc3672afc21fa02ef3ad3417e58c8e0f", + "470fc19b55ecb8f7830c57763c22086d45e4bdbccbb410827da20f178d082eb1", + "48fb31e3268057b2985bfe5455f5fe672169bc27c35b463266bac746af9e31e8", + "4a86cbb357806bb557b9ef262e458fe051d14a4507f0cd23924b379e0e4f6b48", + "52091dc21ec158cf6d1a3593beb7043d9b95831cb7524b7f537ba13361fe24d5", + "56099780e1a7c1df6f8fe7b01f107b46bbe66025d492dfc7e72482dfc735113a", + "575e01491c4d5a08c2a6e60747fc87824397884a187d335f399057f50ba421f5", + "5ac7670fa52909cabebac7345330da2c85311efd3dbe89dd57bcc952c75b58fb", + "6197022f055da5446b9e6e937373805a3d497fdd4159827e23fc3cff6d26a51b", + "659b77581f815a025f1826468979f5fce066e7f2bc91393ee74bd71fbb62cf14", + "6bf293de0f7a6a267278de0d1d9d5b814f24853a0c2c1e5b4ea0406c0762f6f9", + "7069134c0a0b1055a8bf49d54812015b4c4eaf24d638be77ca9c2b53389dffeb", + "7ca67b54493ec1fbf018e6f8da87d6d261ec7fdb9a17cf8327e28ce8c0ab97f4", + "82fafc3ad44adb44bb8f4cc0205915a89b3dee6bfc1c84e4dc6a8b4c9c429e07", + "8332cad289db9b2a133817901291d639742a6d17ee7d44694111655941ec2c1d", + "880275a257523f16fb83b540e5e1f4489d751c6684cb6f10a605f76f70b08d3a", + "89e73508b4da44c1b92b3c883f7ea4cacc9a689f14b42c6856b946f19b36ee3d", + "9144fa8590d0bfd6b8d2aadcc182e26918c3d530e9cfac5df9ed9c74b49f3622", + "91d31331456072dc5dd1c7f8e1a5de4f0c2e22e888a02006e267f76d919ad387", + "9bbc0fe8ddcd656cab2b39f146ea8e57cb2496b8777266a528d7af3d5d3ef799", + "9c4408d9e0a07492ab2995e82e7b9200d78f0243a8f39b6f13adcfde3547611e", + "9f4c5694e674c829e242955febef9efb130ee87d8bb0caed1961a9cc39cf21ad", + "af730f5170933c122bb4e9b8c50c596d150b45d670baba9ab4655e343c835e3d", + "b3c3df072ff1aec9fff5f1b51bc8dcdcb656eeddceeb3c7643ed13d1d6760b4e", + "b3db6584b32bda2b9bb77255ddcd4014e5dfcc1c4d2251d0677033d3a15cfa80", + "b58b29b29b08569ac1e4dc89a41d765a9746a7fd13deebb76d6799e119a7dc81", + "b889023e1c702a202486aae5d5ba7b4c22d8a497812420316db62bb485853c78", + "ba7c302411d29424ac426051a867f8386f6e03abf7b83d385e3f028388dee559", + "bcae3849ba57e0a0fed0f91d6f690361a98e1c5560c2f3144c6746d583cf5381", + "be9755d7de1d78bd2c8bb957c80f199baf9630948b5e9e17eb54fd04a3646290", + "db7e61f78c1334471f801f40e9f1c7b67a2a150b7bb1ea29b716debfc87e0d87", + "dbdb416f2be2761c4acd105b87255e2e7feea28fcb6d77224b5e436eb5e0c492", + "e2682e27b3ad24b9dadf235adc1e1484fcc1f3ad4127494ae291f729178899dd", + "e5b34c78da584739945094d2543da674102a6e32f5d0c3e81923ce7a701ed824", + "e7788132c06de65d834b5639a40606942ef6394b21350ae2fab19254f8f1bc75", + "e9c00348e18aeb045f8e646f38b83c40b78bca943bfa5edba40ecb9e1794c5c3", + "f3d49f47a5ef0861e8c98df6432ab96e4694f406bc892b80f4215d4db54c1a75", + "f5b90919a1c59edf4148d0d42ac361c8d439b4926956ec5ddc25c9eabb3abc21" + ], + "ip": "203[.]157[.]142[.]2" + }, + { + "hashes": [ + "10ea6c280c20d3567453bda8c2af4794b867ad43d3e9c6e06fea328e8b1d4f5a", + "112078a290c017e9c56a38a18d57e3507567836c7ecd55a29d43d06d8c4b2e87", + "1953ca3ec2aa45a27077b21f7e464f497abfb4f1ae6a75eb62824e414db4c88b", + "375d5f6b94dbc0b1bd46e46aae64b6cee43c2459af4a8c51e3bbe36b885cf216", + "3929cfbc0cb9cbe8be50104418169111b8ffdfdc58cf628560c61ea98adc7446", + "3977126c1a8ead71c700e64414dd4a97f1396fa97f6513650f0ae008f66e072f", + "3a906ac6fc9c764876f897e70242d3614f988d629d68c35a0b13d1969ceba44a", + "3c84e14224e65aa3a067c7b392e98037fc3672afc21fa02ef3ad3417e58c8e0f", + "3e05620847484822b3a23a1250863b550732547923e88e14e64b8084bc24c0c6", + "43fadbcf6b371f33f758f939b8ea7b524ade6a7753b41d7a5b3dad524add560f", + "470fc19b55ecb8f7830c57763c22086d45e4bdbccbb410827da20f178d082eb1", + "51d4c615066be53e24d1c2dc70bd9f5513f15ec615ec6b550945a5650d09035e", + "572bab030a2a464bf15793e5dd3e2d84b8360e3bb07be0e8d2708e3025b6a2a3", + "575e01491c4d5a08c2a6e60747fc87824397884a187d335f399057f50ba421f5", + "5b5a3363903ac2fd810e4e1877ad59ebab5563e2740e4d970bc0c8ba4a471b08", + "659b77581f815a025f1826468979f5fce066e7f2bc91393ee74bd71fbb62cf14", + "65a2af1decd8c0a9209ce09d7eeb2088ae2007272e3a0ef6cfa90480d0871dba", + "69fb5ba180985ff11e747db0bd46b177d9551503da46638ff5586ff90f7a6baf", + "7069134c0a0b1055a8bf49d54812015b4c4eaf24d638be77ca9c2b53389dffeb", + "712ecbe881c06855b483f0bbeaf7ea17db994363503a54b99cc416116ada4dba", + "7815afe50beb666d59454975871bc89711d3be94367a2dc1aeef4d1490e027a8", + "8332cad289db9b2a133817901291d639742a6d17ee7d44694111655941ec2c1d", + "8558d6b9eade8d8efc56573f591d28bd15c09935e955448dae984dbc028ae5d3", + "8904f02c9115f5ea25a3815595be1ac6d642c646786d053ceec0d17606677c17", + "9144fa8590d0bfd6b8d2aadcc182e26918c3d530e9cfac5df9ed9c74b49f3622", + "9772b6f8e9a3a4e3112ca3e5284bb1ee177bbb13fbb724a6e5c9f72801f2a5a6", + "9bbc0fe8ddcd656cab2b39f146ea8e57cb2496b8777266a528d7af3d5d3ef799", + "9bd458840202ac6a3e775d0b5bb14da65560c615a2a7ba6cc01f7b8a7fb75f8c", + "9c4408d9e0a07492ab2995e82e7b9200d78f0243a8f39b6f13adcfde3547611e", + "9c7646c2bc1fbbee103868c7a13b9dd2c1cb29b62950fbf5acc67404b38da9ef", + "a0afe1c788bc4f1902f409b5c475b2da63166d33794d19ce76fe450c8c3cf0f3", + "a1ff028ab0f1c0abdd2650837afdbc1f28dad905cccb802b7af72e439c6acba4", + "a498beaab56b3c14562091c0ec732c4c5daeaf13754e9ec6e9b17f8292c9deb0", + "b58b29b29b08569ac1e4dc89a41d765a9746a7fd13deebb76d6799e119a7dc81", + "b6c5eebc72f7f175a7510d760e5aeffbfb77fa7d18cd707c57b47282cefb1b21", + "c03e016df0ddc6fd937a52f97d3cc08b945046481578dfc2489e7208196cb468", + "ca59f8e92dfefba36f5d601ffae6bb4ce3b5f05d1ff6c91d72461f475755d12e", + "cca39eebc73390fc408f0070fd31a4fec405b4466c248adc5413bbc4b5b0308c", + "d833f6e5ff1156e9c836dbc2e00f5d4431bc450a6dc36e4ebfab34a32e3741c0", + "db92a789081585aa07f255036b5a862cf6d0ceb8a8aee45d93aa882db61d35f0", + "e2827ceb2ca75fd7d6d81b031ff89f67ef273b25ad26afcf7218bee92edeba51", + "e3ec3a1999c935c8dfb4922ed30353be3758696a4d7a336925f3f8b90315cd90", + "e5b34c78da584739945094d2543da674102a6e32f5d0c3e81923ce7a701ed824", + "e7723943562ecd4c1394fefcd7d0321cd50e26c10d15a8136b3d524d6ee8a33e", + "f31698233389934cd18eaaed0d7fbafbe3cbe8738d1c493b492a26aa73a9c597", + "f3d49f47a5ef0861e8c98df6432ab96e4694f406bc892b80f4215d4db54c1a75", + "f47dd464b5285b40dc39e07e414a6737d0f6289337c7618270fd3a4f53745081", + "f5b90919a1c59edf4148d0d42ac361c8d439b4926956ec5ddc25c9eabb3abc21", + "f80065b055f780c8edb11b1871e74970c6abd0b5963966d470d09c060503a843" + ], + "ip": "176[.]31[.]181[.]76" + }, + { + "hashes": [ + "04f0e9827c423864e2f267f2fcfa8d31dbdfbe0d7b92d34f118d8e77b9597528", + "077d53918dccaae2871aa7b501da372a6673e15b4a4447051852d4e01f581a03", + "16a1a073d93a8d56001a694d04fed70b17019eb244670390c0946104656528f6", + "1953ca3ec2aa45a27077b21f7e464f497abfb4f1ae6a75eb62824e414db4c88b", + "1a2e5b01d2f1150064e73fedcf18de3a90f3950ae6c0a55697b2a87d723bffe2", + "239051885f686e935ca2242165dc592c8e266e5eb72576c80d92a71fb558e83f", + "3977126c1a8ead71c700e64414dd4a97f1396fa97f6513650f0ae008f66e072f", + "3a906ac6fc9c764876f897e70242d3614f988d629d68c35a0b13d1969ceba44a", + "3b41e6fb3c8ece6117e852bdcdba6b3ef494e7eb502787ac12045fabc3ec5609", + "3c84e14224e65aa3a067c7b392e98037fc3672afc21fa02ef3ad3417e58c8e0f", + "3cb111e6d531ae041de2efeac8587374f59526fa719460ad55faaacfb4936d99", + "3e05620847484822b3a23a1250863b550732547923e88e14e64b8084bc24c0c6", + "470fc19b55ecb8f7830c57763c22086d45e4bdbccbb410827da20f178d082eb1", + "48fb31e3268057b2985bfe5455f5fe672169bc27c35b463266bac746af9e31e8", + "4a86cbb357806bb557b9ef262e458fe051d14a4507f0cd23924b379e0e4f6b48", + "51d4c615066be53e24d1c2dc70bd9f5513f15ec615ec6b550945a5650d09035e", + "52091dc21ec158cf6d1a3593beb7043d9b95831cb7524b7f537ba13361fe24d5", + "5244ea22ca67d2b4dacfcb7625f4658a4c92a9b5c90eeace1427e71582321e1a", + "572bab030a2a464bf15793e5dd3e2d84b8360e3bb07be0e8d2708e3025b6a2a3", + "5ac7670fa52909cabebac7345330da2c85311efd3dbe89dd57bcc952c75b58fb", + "5cda9d95afad5d7cc4584f8788ff30a2270020b6d4c874589dc4715f5fb166cc", + "6197022f055da5446b9e6e937373805a3d497fdd4159827e23fc3cff6d26a51b", + "7440194e0b5ae29993d2f8571c8f7a83c029eeecf251a5e991fcd35e12108f61", + "7815afe50beb666d59454975871bc89711d3be94367a2dc1aeef4d1490e027a8", + "82fafc3ad44adb44bb8f4cc0205915a89b3dee6bfc1c84e4dc6a8b4c9c429e07", + "858716274ebe0e1eaffbe79fe3ea0764b2ee48409d42669e5c8e61c3c9831ff9", + "8904f02c9115f5ea25a3815595be1ac6d642c646786d053ceec0d17606677c17", + "91d31331456072dc5dd1c7f8e1a5de4f0c2e22e888a02006e267f76d919ad387", + "9c4408d9e0a07492ab2995e82e7b9200d78f0243a8f39b6f13adcfde3547611e", + "9c7646c2bc1fbbee103868c7a13b9dd2c1cb29b62950fbf5acc67404b38da9ef", + "9f7eabb50fcd7618c280d5639d6465fa87c3c2580495953f556d57da7242f515", + "a210d0c79b879908b6b281722caf724f8e02b800ca7cffed17285574b1e73d4a", + "a498beaab56b3c14562091c0ec732c4c5daeaf13754e9ec6e9b17f8292c9deb0", + "af730f5170933c122bb4e9b8c50c596d150b45d670baba9ab4655e343c835e3d", + "b58b29b29b08569ac1e4dc89a41d765a9746a7fd13deebb76d6799e119a7dc81", + "bcae3849ba57e0a0fed0f91d6f690361a98e1c5560c2f3144c6746d583cf5381", + "be9755d7de1d78bd2c8bb957c80f199baf9630948b5e9e17eb54fd04a3646290", + "c828b4b562816f3a34ccbee1b804665f1aac2f8f487c39e5cecb751541b66713", + "d833f6e5ff1156e9c836dbc2e00f5d4431bc450a6dc36e4ebfab34a32e3741c0", + "db92a789081585aa07f255036b5a862cf6d0ceb8a8aee45d93aa882db61d35f0", + "e2682e27b3ad24b9dadf235adc1e1484fcc1f3ad4127494ae291f729178899dd", + "e2827ceb2ca75fd7d6d81b031ff89f67ef273b25ad26afcf7218bee92edeba51", + "ef4ac67eb5d531a8b4a5a54b69e5afcd6a9dc30cfbda86fe571fc0e04af41e1b", + "f106305a63851987e0f48556e1a61c2fa6035c3b569005761fa2ba0aa3a7c085", + "f31698233389934cd18eaaed0d7fbafbe3cbe8738d1c493b492a26aa73a9c597", + "f47dd464b5285b40dc39e07e414a6737d0f6289337c7618270fd3a4f53745081", + "f75e8e0e0c7855400696c4dc9541bcd75a24f27676e9e4acf4146f434166a4b9", + "f80065b055f780c8edb11b1871e74970c6abd0b5963966d470d09c060503a843" + ], + "ip": "188[.]165[.]192[.]116" + }, + { + "hashes": [ + "04f0e9827c423864e2f267f2fcfa8d31dbdfbe0d7b92d34f118d8e77b9597528", + "10ea6c280c20d3567453bda8c2af4794b867ad43d3e9c6e06fea328e8b1d4f5a", + "112078a290c017e9c56a38a18d57e3507567836c7ecd55a29d43d06d8c4b2e87", + "16a1a073d93a8d56001a694d04fed70b17019eb244670390c0946104656528f6", + "1953ca3ec2aa45a27077b21f7e464f497abfb4f1ae6a75eb62824e414db4c88b", + "1a2e5b01d2f1150064e73fedcf18de3a90f3950ae6c0a55697b2a87d723bffe2", + "1e8935e3c76df325b00eeb5e525ae4329de3ae64c991b9957327411740537b3c", + "1eac32099ccff0b55a138676e3ac291cb81c0cd2a573d6b5a013acbe5dc83536", + "2f8594a39a654c99514983d6dbf367258de39be75294668ac80c2f9b248fd9aa", + "35d8e52e6d05dadf52f441971bb246d7d15e5a49f33626c91078dd1177d767b5", + "3929cfbc0cb9cbe8be50104418169111b8ffdfdc58cf628560c61ea98adc7446", + "3977126c1a8ead71c700e64414dd4a97f1396fa97f6513650f0ae008f66e072f", + "3b41e6fb3c8ece6117e852bdcdba6b3ef494e7eb502787ac12045fabc3ec5609", + "3cb111e6d531ae041de2efeac8587374f59526fa719460ad55faaacfb4936d99", + "3cb808292a7a81b6ff25d497f25acad1e554d14806492bfefa1c1c7f204d405a", + "4a86cbb357806bb557b9ef262e458fe051d14a4507f0cd23924b379e0e4f6b48", + "51d4c615066be53e24d1c2dc70bd9f5513f15ec615ec6b550945a5650d09035e", + "5244ea22ca67d2b4dacfcb7625f4658a4c92a9b5c90eeace1427e71582321e1a", + "56099780e1a7c1df6f8fe7b01f107b46bbe66025d492dfc7e72482dfc735113a", + "572bab030a2a464bf15793e5dd3e2d84b8360e3bb07be0e8d2708e3025b6a2a3", + "575e01491c4d5a08c2a6e60747fc87824397884a187d335f399057f50ba421f5", + "5b5a3363903ac2fd810e4e1877ad59ebab5563e2740e4d970bc0c8ba4a471b08", + "5cda9d95afad5d7cc4584f8788ff30a2270020b6d4c874589dc4715f5fb166cc", + "7069134c0a0b1055a8bf49d54812015b4c4eaf24d638be77ca9c2b53389dffeb", + "71cbea725d64eb8055a0fb931b75cd3e917adb363af7ebdf12d22d0c149ecc1d", + "7440194e0b5ae29993d2f8571c8f7a83c029eeecf251a5e991fcd35e12108f61", + "7815afe50beb666d59454975871bc89711d3be94367a2dc1aeef4d1490e027a8", + "8332cad289db9b2a133817901291d639742a6d17ee7d44694111655941ec2c1d", + "91d31331456072dc5dd1c7f8e1a5de4f0c2e22e888a02006e267f76d919ad387", + "9b5919486261f6182fca2fe05a6027ffecb0b21f85f8182ad0323983c3e64784", + "9bbc0fe8ddcd656cab2b39f146ea8e57cb2496b8777266a528d7af3d5d3ef799", + "9bd458840202ac6a3e775d0b5bb14da65560c615a2a7ba6cc01f7b8a7fb75f8c", + "9c7646c2bc1fbbee103868c7a13b9dd2c1cb29b62950fbf5acc67404b38da9ef", + "9f4c5694e674c829e242955febef9efb130ee87d8bb0caed1961a9cc39cf21ad", + "9f7eabb50fcd7618c280d5639d6465fa87c3c2580495953f556d57da7242f515", + "a1ff028ab0f1c0abdd2650837afdbc1f28dad905cccb802b7af72e439c6acba4", + "a210d0c79b879908b6b281722caf724f8e02b800ca7cffed17285574b1e73d4a", + "b3c3df072ff1aec9fff5f1b51bc8dcdcb656eeddceeb3c7643ed13d1d6760b4e", + "b3db6584b32bda2b9bb77255ddcd4014e5dfcc1c4d2251d0677033d3a15cfa80", + "b889023e1c702a202486aae5d5ba7b4c22d8a497812420316db62bb485853c78", + "c03e016df0ddc6fd937a52f97d3cc08b945046481578dfc2489e7208196cb468", + "db92a789081585aa07f255036b5a862cf6d0ceb8a8aee45d93aa882db61d35f0", + "e2827ceb2ca75fd7d6d81b031ff89f67ef273b25ad26afcf7218bee92edeba51", + "e3ec3a1999c935c8dfb4922ed30353be3758696a4d7a336925f3f8b90315cd90", + "e9c00348e18aeb045f8e646f38b83c40b78bca943bfa5edba40ecb9e1794c5c3", + "ef4ac67eb5d531a8b4a5a54b69e5afcd6a9dc30cfbda86fe571fc0e04af41e1b", + "f31698233389934cd18eaaed0d7fbafbe3cbe8738d1c493b492a26aa73a9c597", + "f47dd464b5285b40dc39e07e414a6737d0f6289337c7618270fd3a4f53745081" + ], + "ip": "113[.]53[.]247[.]147" + }, + { + "hashes": [ + "04f0e9827c423864e2f267f2fcfa8d31dbdfbe0d7b92d34f118d8e77b9597528", + "072276d94f0ff3f700574cc3b84cbc65d41b0eaff2e83a5653edf6ff7fd2e0ba", + "077d53918dccaae2871aa7b501da372a6673e15b4a4447051852d4e01f581a03", + "0c47e6afcb8c3354a181e8bda0512ca65d7a5b5c0541da879994c787ab4530e1", + "10ea6c280c20d3567453bda8c2af4794b867ad43d3e9c6e06fea328e8b1d4f5a", + "112078a290c017e9c56a38a18d57e3507567836c7ecd55a29d43d06d8c4b2e87", + "1953ca3ec2aa45a27077b21f7e464f497abfb4f1ae6a75eb62824e414db4c88b", + "1e8935e3c76df325b00eeb5e525ae4329de3ae64c991b9957327411740537b3c", + "1eac32099ccff0b55a138676e3ac291cb81c0cd2a573d6b5a013acbe5dc83536", + "1fbd62875d486e68e80118228cdb356e243f00b0060f7dca195dd734778afa82", + "239051885f686e935ca2242165dc592c8e266e5eb72576c80d92a71fb558e83f", + "35d8e52e6d05dadf52f441971bb246d7d15e5a49f33626c91078dd1177d767b5", + "3b41e6fb3c8ece6117e852bdcdba6b3ef494e7eb502787ac12045fabc3ec5609", + "3e05620847484822b3a23a1250863b550732547923e88e14e64b8084bc24c0c6", + "51d4c615066be53e24d1c2dc70bd9f5513f15ec615ec6b550945a5650d09035e", + "56099780e1a7c1df6f8fe7b01f107b46bbe66025d492dfc7e72482dfc735113a", + "575e01491c4d5a08c2a6e60747fc87824397884a187d335f399057f50ba421f5", + "659b77581f815a025f1826468979f5fce066e7f2bc91393ee74bd71fbb62cf14", + "674937c7fea9937d3157090a4358a53d21b45cf0bbe67b76e5d1adcda87df931", + "69fb5ba180985ff11e747db0bd46b177d9551503da46638ff5586ff90f7a6baf", + "6bf293de0f7a6a267278de0d1d9d5b814f24853a0c2c1e5b4ea0406c0762f6f9", + "7069134c0a0b1055a8bf49d54812015b4c4eaf24d638be77ca9c2b53389dffeb", + "7440194e0b5ae29993d2f8571c8f7a83c029eeecf251a5e991fcd35e12108f61", + "7ca67b54493ec1fbf018e6f8da87d6d261ec7fdb9a17cf8327e28ce8c0ab97f4", + "8558d6b9eade8d8efc56573f591d28bd15c09935e955448dae984dbc028ae5d3", + "880275a257523f16fb83b540e5e1f4489d751c6684cb6f10a605f76f70b08d3a", + "89e73508b4da44c1b92b3c883f7ea4cacc9a689f14b42c6856b946f19b36ee3d", + "91d31331456072dc5dd1c7f8e1a5de4f0c2e22e888a02006e267f76d919ad387", + "9772b6f8e9a3a4e3112ca3e5284bb1ee177bbb13fbb724a6e5c9f72801f2a5a6", + "9c7646c2bc1fbbee103868c7a13b9dd2c1cb29b62950fbf5acc67404b38da9ef", + "a0afe1c788bc4f1902f409b5c475b2da63166d33794d19ce76fe450c8c3cf0f3", + "a498beaab56b3c14562091c0ec732c4c5daeaf13754e9ec6e9b17f8292c9deb0", + "b3c3df072ff1aec9fff5f1b51bc8dcdcb656eeddceeb3c7643ed13d1d6760b4e", + "b6c5eebc72f7f175a7510d760e5aeffbfb77fa7d18cd707c57b47282cefb1b21", + "b889023e1c702a202486aae5d5ba7b4c22d8a497812420316db62bb485853c78", + "ba7c302411d29424ac426051a867f8386f6e03abf7b83d385e3f028388dee559", + "c03e016df0ddc6fd937a52f97d3cc08b945046481578dfc2489e7208196cb468", + "c828b4b562816f3a34ccbee1b804665f1aac2f8f487c39e5cecb751541b66713", + "ca59f8e92dfefba36f5d601ffae6bb4ce3b5f05d1ff6c91d72461f475755d12e", + "cca39eebc73390fc408f0070fd31a4fec405b4466c248adc5413bbc4b5b0308c", + "db7e61f78c1334471f801f40e9f1c7b67a2a150b7bb1ea29b716debfc87e0d87", + "dbdb416f2be2761c4acd105b87255e2e7feea28fcb6d77224b5e436eb5e0c492", + "e344a020eb2b9e8f7849e6190250d881ce7ed68e89b447d47afba5fc34206895", + "e3ec3a1999c935c8dfb4922ed30353be3758696a4d7a336925f3f8b90315cd90", + "ef4ac67eb5d531a8b4a5a54b69e5afcd6a9dc30cfbda86fe571fc0e04af41e1b", + "f31698233389934cd18eaaed0d7fbafbe3cbe8738d1c493b492a26aa73a9c597" + ], + "ip": "76[.]74[.]184[.]127" + }, + { + "hashes": [ + "04f0e9827c423864e2f267f2fcfa8d31dbdfbe0d7b92d34f118d8e77b9597528", + "077d53918dccaae2871aa7b501da372a6673e15b4a4447051852d4e01f581a03", + "10ea6c280c20d3567453bda8c2af4794b867ad43d3e9c6e06fea328e8b1d4f5a", + "1a2e5b01d2f1150064e73fedcf18de3a90f3950ae6c0a55697b2a87d723bffe2", + "1e8935e3c76df325b00eeb5e525ae4329de3ae64c991b9957327411740537b3c", + "1fbd62875d486e68e80118228cdb356e243f00b0060f7dca195dd734778afa82", + "239051885f686e935ca2242165dc592c8e266e5eb72576c80d92a71fb558e83f", + "35d8e52e6d05dadf52f441971bb246d7d15e5a49f33626c91078dd1177d767b5", + "375d5f6b94dbc0b1bd46e46aae64b6cee43c2459af4a8c51e3bbe36b885cf216", + "3977126c1a8ead71c700e64414dd4a97f1396fa97f6513650f0ae008f66e072f", + "3c84e14224e65aa3a067c7b392e98037fc3672afc21fa02ef3ad3417e58c8e0f", + "3cb111e6d531ae041de2efeac8587374f59526fa719460ad55faaacfb4936d99", + "3cb808292a7a81b6ff25d497f25acad1e554d14806492bfefa1c1c7f204d405a", + "43fadbcf6b371f33f758f939b8ea7b524ade6a7753b41d7a5b3dad524add560f", + "48fb31e3268057b2985bfe5455f5fe672169bc27c35b463266bac746af9e31e8", + "51d4c615066be53e24d1c2dc70bd9f5513f15ec615ec6b550945a5650d09035e", + "52091dc21ec158cf6d1a3593beb7043d9b95831cb7524b7f537ba13361fe24d5", + "56099780e1a7c1df6f8fe7b01f107b46bbe66025d492dfc7e72482dfc735113a", + "5ac7670fa52909cabebac7345330da2c85311efd3dbe89dd57bcc952c75b58fb", + "5cda9d95afad5d7cc4584f8788ff30a2270020b6d4c874589dc4715f5fb166cc", + "712ecbe881c06855b483f0bbeaf7ea17db994363503a54b99cc416116ada4dba", + "71cbea725d64eb8055a0fb931b75cd3e917adb363af7ebdf12d22d0c149ecc1d", + "7440194e0b5ae29993d2f8571c8f7a83c029eeecf251a5e991fcd35e12108f61", + "82fafc3ad44adb44bb8f4cc0205915a89b3dee6bfc1c84e4dc6a8b4c9c429e07", + "8332cad289db9b2a133817901291d639742a6d17ee7d44694111655941ec2c1d", + "91c7ff92f3938267720a28e9c995125500aeb78e82714220688d3da95612c15a", + "91d31331456072dc5dd1c7f8e1a5de4f0c2e22e888a02006e267f76d919ad387", + "9772b6f8e9a3a4e3112ca3e5284bb1ee177bbb13fbb724a6e5c9f72801f2a5a6", + "9f7eabb50fcd7618c280d5639d6465fa87c3c2580495953f556d57da7242f515", + "a0afe1c788bc4f1902f409b5c475b2da63166d33794d19ce76fe450c8c3cf0f3", + "a1ff028ab0f1c0abdd2650837afdbc1f28dad905cccb802b7af72e439c6acba4", + "af730f5170933c122bb4e9b8c50c596d150b45d670baba9ab4655e343c835e3d", + "b3c3df072ff1aec9fff5f1b51bc8dcdcb656eeddceeb3c7643ed13d1d6760b4e", + "b3db6584b32bda2b9bb77255ddcd4014e5dfcc1c4d2251d0677033d3a15cfa80", + "be9755d7de1d78bd2c8bb957c80f199baf9630948b5e9e17eb54fd04a3646290", + "c03e016df0ddc6fd937a52f97d3cc08b945046481578dfc2489e7208196cb468", + "ca59f8e92dfefba36f5d601ffae6bb4ce3b5f05d1ff6c91d72461f475755d12e", + "d833f6e5ff1156e9c836dbc2e00f5d4431bc450a6dc36e4ebfab34a32e3741c0", + "db7e61f78c1334471f801f40e9f1c7b67a2a150b7bb1ea29b716debfc87e0d87", + "e2682e27b3ad24b9dadf235adc1e1484fcc1f3ad4127494ae291f729178899dd", + "e344a020eb2b9e8f7849e6190250d881ce7ed68e89b447d47afba5fc34206895", + "e3ec3a1999c935c8dfb4922ed30353be3758696a4d7a336925f3f8b90315cd90", + "e7723943562ecd4c1394fefcd7d0321cd50e26c10d15a8136b3d524d6ee8a33e", + "e7788132c06de65d834b5639a40606942ef6394b21350ae2fab19254f8f1bc75", + "f3d49f47a5ef0861e8c98df6432ab96e4694f406bc892b80f4215d4db54c1a75", + "f80065b055f780c8edb11b1871e74970c6abd0b5963966d470d09c060503a843" + ], + "ip": "94[.]32[.]67[.]214" + }, + { + "hashes": [ + "072276d94f0ff3f700574cc3b84cbc65d41b0eaff2e83a5653edf6ff7fd2e0ba", + "112078a290c017e9c56a38a18d57e3507567836c7ecd55a29d43d06d8c4b2e87", + "1e8935e3c76df325b00eeb5e525ae4329de3ae64c991b9957327411740537b3c", + "239051885f686e935ca2242165dc592c8e266e5eb72576c80d92a71fb558e83f", + "35d8e52e6d05dadf52f441971bb246d7d15e5a49f33626c91078dd1177d767b5", + "3929cfbc0cb9cbe8be50104418169111b8ffdfdc58cf628560c61ea98adc7446", + "3c84e14224e65aa3a067c7b392e98037fc3672afc21fa02ef3ad3417e58c8e0f", + "3cb111e6d531ae041de2efeac8587374f59526fa719460ad55faaacfb4936d99", + "3cb808292a7a81b6ff25d497f25acad1e554d14806492bfefa1c1c7f204d405a", + "3e05620847484822b3a23a1250863b550732547923e88e14e64b8084bc24c0c6", + "572bab030a2a464bf15793e5dd3e2d84b8360e3bb07be0e8d2708e3025b6a2a3", + "5ac7670fa52909cabebac7345330da2c85311efd3dbe89dd57bcc952c75b58fb", + "65a2af1decd8c0a9209ce09d7eeb2088ae2007272e3a0ef6cfa90480d0871dba", + "674937c7fea9937d3157090a4358a53d21b45cf0bbe67b76e5d1adcda87df931", + "712ecbe881c06855b483f0bbeaf7ea17db994363503a54b99cc416116ada4dba", + "71cbea725d64eb8055a0fb931b75cd3e917adb363af7ebdf12d22d0c149ecc1d", + "7440194e0b5ae29993d2f8571c8f7a83c029eeecf251a5e991fcd35e12108f61", + "7815afe50beb666d59454975871bc89711d3be94367a2dc1aeef4d1490e027a8", + "8558d6b9eade8d8efc56573f591d28bd15c09935e955448dae984dbc028ae5d3", + "858716274ebe0e1eaffbe79fe3ea0764b2ee48409d42669e5c8e61c3c9831ff9", + "8904f02c9115f5ea25a3815595be1ac6d642c646786d053ceec0d17606677c17", + "91c7ff92f3938267720a28e9c995125500aeb78e82714220688d3da95612c15a", + "9772b6f8e9a3a4e3112ca3e5284bb1ee177bbb13fbb724a6e5c9f72801f2a5a6", + "9b5919486261f6182fca2fe05a6027ffecb0b21f85f8182ad0323983c3e64784", + "9bbc0fe8ddcd656cab2b39f146ea8e57cb2496b8777266a528d7af3d5d3ef799", + "9c7646c2bc1fbbee103868c7a13b9dd2c1cb29b62950fbf5acc67404b38da9ef", + "9f4c5694e674c829e242955febef9efb130ee87d8bb0caed1961a9cc39cf21ad", + "9f7eabb50fcd7618c280d5639d6465fa87c3c2580495953f556d57da7242f515", + "a0afe1c788bc4f1902f409b5c475b2da63166d33794d19ce76fe450c8c3cf0f3", + "af730f5170933c122bb4e9b8c50c596d150b45d670baba9ab4655e343c835e3d", + "b3c3df072ff1aec9fff5f1b51bc8dcdcb656eeddceeb3c7643ed13d1d6760b4e", + "b3db6584b32bda2b9bb77255ddcd4014e5dfcc1c4d2251d0677033d3a15cfa80", + "bcae3849ba57e0a0fed0f91d6f690361a98e1c5560c2f3144c6746d583cf5381", + "c828b4b562816f3a34ccbee1b804665f1aac2f8f487c39e5cecb751541b66713", + "ca59f8e92dfefba36f5d601ffae6bb4ce3b5f05d1ff6c91d72461f475755d12e", + "cca39eebc73390fc408f0070fd31a4fec405b4466c248adc5413bbc4b5b0308c", + "db7e61f78c1334471f801f40e9f1c7b67a2a150b7bb1ea29b716debfc87e0d87", + "db92a789081585aa07f255036b5a862cf6d0ceb8a8aee45d93aa882db61d35f0", + "e2682e27b3ad24b9dadf235adc1e1484fcc1f3ad4127494ae291f729178899dd", + "e7723943562ecd4c1394fefcd7d0321cd50e26c10d15a8136b3d524d6ee8a33e", + "f47dd464b5285b40dc39e07e414a6737d0f6289337c7618270fd3a4f53745081", + "f5b90919a1c59edf4148d0d42ac361c8d439b4926956ec5ddc25c9eabb3abc21", + "f75e8e0e0c7855400696c4dc9541bcd75a24f27676e9e4acf4146f434166a4b9", + "f80065b055f780c8edb11b1871e74970c6abd0b5963966d470d09c060503a843" + ], + "ip": "82[.]150[.]199[.]140" + }, + { + "hashes": [ + "04f0e9827c423864e2f267f2fcfa8d31dbdfbe0d7b92d34f118d8e77b9597528", + "112078a290c017e9c56a38a18d57e3507567836c7ecd55a29d43d06d8c4b2e87", + "16a1a073d93a8d56001a694d04fed70b17019eb244670390c0946104656528f6", + "239051885f686e935ca2242165dc592c8e266e5eb72576c80d92a71fb558e83f", + "3929cfbc0cb9cbe8be50104418169111b8ffdfdc58cf628560c61ea98adc7446", + "3a906ac6fc9c764876f897e70242d3614f988d629d68c35a0b13d1969ceba44a", + "3e05620847484822b3a23a1250863b550732547923e88e14e64b8084bc24c0c6", + "43fadbcf6b371f33f758f939b8ea7b524ade6a7753b41d7a5b3dad524add560f", + "470fc19b55ecb8f7830c57763c22086d45e4bdbccbb410827da20f178d082eb1", + "48fb31e3268057b2985bfe5455f5fe672169bc27c35b463266bac746af9e31e8", + "51d4c615066be53e24d1c2dc70bd9f5513f15ec615ec6b550945a5650d09035e", + "52091dc21ec158cf6d1a3593beb7043d9b95831cb7524b7f537ba13361fe24d5", + "5244ea22ca67d2b4dacfcb7625f4658a4c92a9b5c90eeace1427e71582321e1a", + "65a2af1decd8c0a9209ce09d7eeb2088ae2007272e3a0ef6cfa90480d0871dba", + "674937c7fea9937d3157090a4358a53d21b45cf0bbe67b76e5d1adcda87df931", + "71cbea725d64eb8055a0fb931b75cd3e917adb363af7ebdf12d22d0c149ecc1d", + "858716274ebe0e1eaffbe79fe3ea0764b2ee48409d42669e5c8e61c3c9831ff9", + "91d31331456072dc5dd1c7f8e1a5de4f0c2e22e888a02006e267f76d919ad387", + "9c4408d9e0a07492ab2995e82e7b9200d78f0243a8f39b6f13adcfde3547611e", + "9f4c5694e674c829e242955febef9efb130ee87d8bb0caed1961a9cc39cf21ad", + "9f7eabb50fcd7618c280d5639d6465fa87c3c2580495953f556d57da7242f515", + "a0afe1c788bc4f1902f409b5c475b2da63166d33794d19ce76fe450c8c3cf0f3", + "a1ff028ab0f1c0abdd2650837afdbc1f28dad905cccb802b7af72e439c6acba4", + "a210d0c79b879908b6b281722caf724f8e02b800ca7cffed17285574b1e73d4a", + "a498beaab56b3c14562091c0ec732c4c5daeaf13754e9ec6e9b17f8292c9deb0", + "b58b29b29b08569ac1e4dc89a41d765a9746a7fd13deebb76d6799e119a7dc81", + "b6c5eebc72f7f175a7510d760e5aeffbfb77fa7d18cd707c57b47282cefb1b21", + "b889023e1c702a202486aae5d5ba7b4c22d8a497812420316db62bb485853c78", + "ba7c302411d29424ac426051a867f8386f6e03abf7b83d385e3f028388dee559", + "be9755d7de1d78bd2c8bb957c80f199baf9630948b5e9e17eb54fd04a3646290", + "ca59f8e92dfefba36f5d601ffae6bb4ce3b5f05d1ff6c91d72461f475755d12e", + "d833f6e5ff1156e9c836dbc2e00f5d4431bc450a6dc36e4ebfab34a32e3741c0", + "e2682e27b3ad24b9dadf235adc1e1484fcc1f3ad4127494ae291f729178899dd", + "e2827ceb2ca75fd7d6d81b031ff89f67ef273b25ad26afcf7218bee92edeba51", + "e344a020eb2b9e8f7849e6190250d881ce7ed68e89b447d47afba5fc34206895", + "e3ec3a1999c935c8dfb4922ed30353be3758696a4d7a336925f3f8b90315cd90", + "e9c00348e18aeb045f8e646f38b83c40b78bca943bfa5edba40ecb9e1794c5c3", + "f5b90919a1c59edf4148d0d42ac361c8d439b4926956ec5ddc25c9eabb3abc21", + "f75e8e0e0c7855400696c4dc9541bcd75a24f27676e9e4acf4146f434166a4b9" + ], + "ip": "92[.]240[.]232[.]232" + }, + { + "hashes": [ + "077d53918dccaae2871aa7b501da372a6673e15b4a4447051852d4e01f581a03", + "112078a290c017e9c56a38a18d57e3507567836c7ecd55a29d43d06d8c4b2e87", + "1953ca3ec2aa45a27077b21f7e464f497abfb4f1ae6a75eb62824e414db4c88b", + "1a2e5b01d2f1150064e73fedcf18de3a90f3950ae6c0a55697b2a87d723bffe2", + "1e8935e3c76df325b00eeb5e525ae4329de3ae64c991b9957327411740537b3c", + "239051885f686e935ca2242165dc592c8e266e5eb72576c80d92a71fb558e83f", + "2f8594a39a654c99514983d6dbf367258de39be75294668ac80c2f9b248fd9aa", + "3929cfbc0cb9cbe8be50104418169111b8ffdfdc58cf628560c61ea98adc7446", + "3977126c1a8ead71c700e64414dd4a97f1396fa97f6513650f0ae008f66e072f", + "3b41e6fb3c8ece6117e852bdcdba6b3ef494e7eb502787ac12045fabc3ec5609", + "3c84e14224e65aa3a067c7b392e98037fc3672afc21fa02ef3ad3417e58c8e0f", + "3cb111e6d531ae041de2efeac8587374f59526fa719460ad55faaacfb4936d99", + "3e05620847484822b3a23a1250863b550732547923e88e14e64b8084bc24c0c6" + ], + "ip": "37[.]59[.]82[.]218" + }, + { + "hashes": [ + "077d53918dccaae2871aa7b501da372a6673e15b4a4447051852d4e01f581a03", + "0c47e6afcb8c3354a181e8bda0512ca65d7a5b5c0541da879994c787ab4530e1", + "16a1a073d93a8d56001a694d04fed70b17019eb244670390c0946104656528f6", + "1a2e5b01d2f1150064e73fedcf18de3a90f3950ae6c0a55697b2a87d723bffe2", + "1fbd62875d486e68e80118228cdb356e243f00b0060f7dca195dd734778afa82", + "2f8594a39a654c99514983d6dbf367258de39be75294668ac80c2f9b248fd9aa", + "375d5f6b94dbc0b1bd46e46aae64b6cee43c2459af4a8c51e3bbe36b885cf216", + "3977126c1a8ead71c700e64414dd4a97f1396fa97f6513650f0ae008f66e072f", + "3b41e6fb3c8ece6117e852bdcdba6b3ef494e7eb502787ac12045fabc3ec5609", + "3cb111e6d531ae041de2efeac8587374f59526fa719460ad55faaacfb4936d99", + "43fadbcf6b371f33f758f939b8ea7b524ade6a7753b41d7a5b3dad524add560f" + ], + "ip": "50[.]57[.]139[.]41" + } + ], + "mutex": [ + { + "hashes": [ + "04f0e9827c423864e2f267f2fcfa8d31dbdfbe0d7b92d34f118d8e77b9597528", + "072276d94f0ff3f700574cc3b84cbc65d41b0eaff2e83a5653edf6ff7fd2e0ba", + "077d53918dccaae2871aa7b501da372a6673e15b4a4447051852d4e01f581a03", + "0c47e6afcb8c3354a181e8bda0512ca65d7a5b5c0541da879994c787ab4530e1", + "10ea6c280c20d3567453bda8c2af4794b867ad43d3e9c6e06fea328e8b1d4f5a", + "112078a290c017e9c56a38a18d57e3507567836c7ecd55a29d43d06d8c4b2e87", + "16a1a073d93a8d56001a694d04fed70b17019eb244670390c0946104656528f6", + "1953ca3ec2aa45a27077b21f7e464f497abfb4f1ae6a75eb62824e414db4c88b", + "1a2e5b01d2f1150064e73fedcf18de3a90f3950ae6c0a55697b2a87d723bffe2", + "1e8935e3c76df325b00eeb5e525ae4329de3ae64c991b9957327411740537b3c", + "1eac32099ccff0b55a138676e3ac291cb81c0cd2a573d6b5a013acbe5dc83536", + "1fbd62875d486e68e80118228cdb356e243f00b0060f7dca195dd734778afa82", + "239051885f686e935ca2242165dc592c8e266e5eb72576c80d92a71fb558e83f", + "2f8594a39a654c99514983d6dbf367258de39be75294668ac80c2f9b248fd9aa", + "35d8e52e6d05dadf52f441971bb246d7d15e5a49f33626c91078dd1177d767b5", + "375d5f6b94dbc0b1bd46e46aae64b6cee43c2459af4a8c51e3bbe36b885cf216", + "3929cfbc0cb9cbe8be50104418169111b8ffdfdc58cf628560c61ea98adc7446", + "3977126c1a8ead71c700e64414dd4a97f1396fa97f6513650f0ae008f66e072f", + "3a906ac6fc9c764876f897e70242d3614f988d629d68c35a0b13d1969ceba44a", + "3b41e6fb3c8ece6117e852bdcdba6b3ef494e7eb502787ac12045fabc3ec5609", + "3c84e14224e65aa3a067c7b392e98037fc3672afc21fa02ef3ad3417e58c8e0f", + "3cb111e6d531ae041de2efeac8587374f59526fa719460ad55faaacfb4936d99", + "3cb808292a7a81b6ff25d497f25acad1e554d14806492bfefa1c1c7f204d405a", + "3e05620847484822b3a23a1250863b550732547923e88e14e64b8084bc24c0c6", + "43fadbcf6b371f33f758f939b8ea7b524ade6a7753b41d7a5b3dad524add560f", + "470fc19b55ecb8f7830c57763c22086d45e4bdbccbb410827da20f178d082eb1", + "48fb31e3268057b2985bfe5455f5fe672169bc27c35b463266bac746af9e31e8", + "4a86cbb357806bb557b9ef262e458fe051d14a4507f0cd23924b379e0e4f6b48", + "51d4c615066be53e24d1c2dc70bd9f5513f15ec615ec6b550945a5650d09035e", + "52091dc21ec158cf6d1a3593beb7043d9b95831cb7524b7f537ba13361fe24d5", + "5244ea22ca67d2b4dacfcb7625f4658a4c92a9b5c90eeace1427e71582321e1a", + "56099780e1a7c1df6f8fe7b01f107b46bbe66025d492dfc7e72482dfc735113a", + "572bab030a2a464bf15793e5dd3e2d84b8360e3bb07be0e8d2708e3025b6a2a3", + "575e01491c4d5a08c2a6e60747fc87824397884a187d335f399057f50ba421f5", + "5ac7670fa52909cabebac7345330da2c85311efd3dbe89dd57bcc952c75b58fb", + "5b5a3363903ac2fd810e4e1877ad59ebab5563e2740e4d970bc0c8ba4a471b08", + "5cda9d95afad5d7cc4584f8788ff30a2270020b6d4c874589dc4715f5fb166cc", + "6197022f055da5446b9e6e937373805a3d497fdd4159827e23fc3cff6d26a51b", + "659b77581f815a025f1826468979f5fce066e7f2bc91393ee74bd71fbb62cf14", + "65a2af1decd8c0a9209ce09d7eeb2088ae2007272e3a0ef6cfa90480d0871dba", + "674937c7fea9937d3157090a4358a53d21b45cf0bbe67b76e5d1adcda87df931", + "69fb5ba180985ff11e747db0bd46b177d9551503da46638ff5586ff90f7a6baf", + "6bf293de0f7a6a267278de0d1d9d5b814f24853a0c2c1e5b4ea0406c0762f6f9", + "7069134c0a0b1055a8bf49d54812015b4c4eaf24d638be77ca9c2b53389dffeb", + "712ecbe881c06855b483f0bbeaf7ea17db994363503a54b99cc416116ada4dba", + "71cbea725d64eb8055a0fb931b75cd3e917adb363af7ebdf12d22d0c149ecc1d", + "7440194e0b5ae29993d2f8571c8f7a83c029eeecf251a5e991fcd35e12108f61", + "7815afe50beb666d59454975871bc89711d3be94367a2dc1aeef4d1490e027a8", + "7ca67b54493ec1fbf018e6f8da87d6d261ec7fdb9a17cf8327e28ce8c0ab97f4", + "82fafc3ad44adb44bb8f4cc0205915a89b3dee6bfc1c84e4dc6a8b4c9c429e07", + "8332cad289db9b2a133817901291d639742a6d17ee7d44694111655941ec2c1d", + "8558d6b9eade8d8efc56573f591d28bd15c09935e955448dae984dbc028ae5d3", + "858716274ebe0e1eaffbe79fe3ea0764b2ee48409d42669e5c8e61c3c9831ff9", + "880275a257523f16fb83b540e5e1f4489d751c6684cb6f10a605f76f70b08d3a", + "8904f02c9115f5ea25a3815595be1ac6d642c646786d053ceec0d17606677c17", + "89e73508b4da44c1b92b3c883f7ea4cacc9a689f14b42c6856b946f19b36ee3d", + "9144fa8590d0bfd6b8d2aadcc182e26918c3d530e9cfac5df9ed9c74b49f3622", + "91c7ff92f3938267720a28e9c995125500aeb78e82714220688d3da95612c15a", + "91d31331456072dc5dd1c7f8e1a5de4f0c2e22e888a02006e267f76d919ad387", + "9772b6f8e9a3a4e3112ca3e5284bb1ee177bbb13fbb724a6e5c9f72801f2a5a6", + "9b5919486261f6182fca2fe05a6027ffecb0b21f85f8182ad0323983c3e64784", + "9bbc0fe8ddcd656cab2b39f146ea8e57cb2496b8777266a528d7af3d5d3ef799", + "9bd458840202ac6a3e775d0b5bb14da65560c615a2a7ba6cc01f7b8a7fb75f8c", + "9c4408d9e0a07492ab2995e82e7b9200d78f0243a8f39b6f13adcfde3547611e", + "9c7646c2bc1fbbee103868c7a13b9dd2c1cb29b62950fbf5acc67404b38da9ef", + "9f4c5694e674c829e242955febef9efb130ee87d8bb0caed1961a9cc39cf21ad", + "9f7eabb50fcd7618c280d5639d6465fa87c3c2580495953f556d57da7242f515", + "a0afe1c788bc4f1902f409b5c475b2da63166d33794d19ce76fe450c8c3cf0f3", + "a1ff028ab0f1c0abdd2650837afdbc1f28dad905cccb802b7af72e439c6acba4", + "a210d0c79b879908b6b281722caf724f8e02b800ca7cffed17285574b1e73d4a", + "a498beaab56b3c14562091c0ec732c4c5daeaf13754e9ec6e9b17f8292c9deb0", + "af730f5170933c122bb4e9b8c50c596d150b45d670baba9ab4655e343c835e3d", + "b3c3df072ff1aec9fff5f1b51bc8dcdcb656eeddceeb3c7643ed13d1d6760b4e", + "b3db6584b32bda2b9bb77255ddcd4014e5dfcc1c4d2251d0677033d3a15cfa80", + "b58b29b29b08569ac1e4dc89a41d765a9746a7fd13deebb76d6799e119a7dc81", + "b6c5eebc72f7f175a7510d760e5aeffbfb77fa7d18cd707c57b47282cefb1b21", + "b889023e1c702a202486aae5d5ba7b4c22d8a497812420316db62bb485853c78", + "ba7c302411d29424ac426051a867f8386f6e03abf7b83d385e3f028388dee559", + "bcae3849ba57e0a0fed0f91d6f690361a98e1c5560c2f3144c6746d583cf5381", + "be9755d7de1d78bd2c8bb957c80f199baf9630948b5e9e17eb54fd04a3646290", + "c03e016df0ddc6fd937a52f97d3cc08b945046481578dfc2489e7208196cb468", + "c828b4b562816f3a34ccbee1b804665f1aac2f8f487c39e5cecb751541b66713", + "ca59f8e92dfefba36f5d601ffae6bb4ce3b5f05d1ff6c91d72461f475755d12e", + "cca39eebc73390fc408f0070fd31a4fec405b4466c248adc5413bbc4b5b0308c", + "cf6d5a0dde7159109750880e5ae5595923b0e502e178326344c0bb49a141b5f3", + "d833f6e5ff1156e9c836dbc2e00f5d4431bc450a6dc36e4ebfab34a32e3741c0", + "db7e61f78c1334471f801f40e9f1c7b67a2a150b7bb1ea29b716debfc87e0d87", + "db92a789081585aa07f255036b5a862cf6d0ceb8a8aee45d93aa882db61d35f0", + "dbdb416f2be2761c4acd105b87255e2e7feea28fcb6d77224b5e436eb5e0c492", + "e2682e27b3ad24b9dadf235adc1e1484fcc1f3ad4127494ae291f729178899dd", + "e2827ceb2ca75fd7d6d81b031ff89f67ef273b25ad26afcf7218bee92edeba51", + "e344a020eb2b9e8f7849e6190250d881ce7ed68e89b447d47afba5fc34206895", + "e3ec3a1999c935c8dfb4922ed30353be3758696a4d7a336925f3f8b90315cd90", + "e5b34c78da584739945094d2543da674102a6e32f5d0c3e81923ce7a701ed824", + "e7723943562ecd4c1394fefcd7d0321cd50e26c10d15a8136b3d524d6ee8a33e", + "e7788132c06de65d834b5639a40606942ef6394b21350ae2fab19254f8f1bc75", + "e9c00348e18aeb045f8e646f38b83c40b78bca943bfa5edba40ecb9e1794c5c3", + "ef4ac67eb5d531a8b4a5a54b69e5afcd6a9dc30cfbda86fe571fc0e04af41e1b", + "f106305a63851987e0f48556e1a61c2fa6035c3b569005761fa2ba0aa3a7c085", + "f31698233389934cd18eaaed0d7fbafbe3cbe8738d1c493b492a26aa73a9c597", + "f3d49f47a5ef0861e8c98df6432ab96e4694f406bc892b80f4215d4db54c1a75", + "f47dd464b5285b40dc39e07e414a6737d0f6289337c7618270fd3a4f53745081", + "f5b90919a1c59edf4148d0d42ac361c8d439b4926956ec5ddc25c9eabb3abc21", + "f75e8e0e0c7855400696c4dc9541bcd75a24f27676e9e4acf4146f434166a4b9", + "f80065b055f780c8edb11b1871e74970c6abd0b5963966d470d09c060503a843" + ], + "name": "2GVWNQJz1" + } + ], + "registry": [ + { + "hashes": [ + "04f0e9827c423864e2f267f2fcfa8d31dbdfbe0d7b92d34f118d8e77b9597528", + "072276d94f0ff3f700574cc3b84cbc65d41b0eaff2e83a5653edf6ff7fd2e0ba", + "077d53918dccaae2871aa7b501da372a6673e15b4a4447051852d4e01f581a03", + "0c47e6afcb8c3354a181e8bda0512ca65d7a5b5c0541da879994c787ab4530e1", + "10ea6c280c20d3567453bda8c2af4794b867ad43d3e9c6e06fea328e8b1d4f5a", + "112078a290c017e9c56a38a18d57e3507567836c7ecd55a29d43d06d8c4b2e87", + "16a1a073d93a8d56001a694d04fed70b17019eb244670390c0946104656528f6", + "1953ca3ec2aa45a27077b21f7e464f497abfb4f1ae6a75eb62824e414db4c88b", + "1a2e5b01d2f1150064e73fedcf18de3a90f3950ae6c0a55697b2a87d723bffe2", + "1e8935e3c76df325b00eeb5e525ae4329de3ae64c991b9957327411740537b3c", + "1eac32099ccff0b55a138676e3ac291cb81c0cd2a573d6b5a013acbe5dc83536", + "1fbd62875d486e68e80118228cdb356e243f00b0060f7dca195dd734778afa82", + "239051885f686e935ca2242165dc592c8e266e5eb72576c80d92a71fb558e83f", + "2f8594a39a654c99514983d6dbf367258de39be75294668ac80c2f9b248fd9aa", + "35d8e52e6d05dadf52f441971bb246d7d15e5a49f33626c91078dd1177d767b5", + "375d5f6b94dbc0b1bd46e46aae64b6cee43c2459af4a8c51e3bbe36b885cf216", + "3929cfbc0cb9cbe8be50104418169111b8ffdfdc58cf628560c61ea98adc7446", + "3977126c1a8ead71c700e64414dd4a97f1396fa97f6513650f0ae008f66e072f", + "3a906ac6fc9c764876f897e70242d3614f988d629d68c35a0b13d1969ceba44a", + "3b41e6fb3c8ece6117e852bdcdba6b3ef494e7eb502787ac12045fabc3ec5609", + "3c84e14224e65aa3a067c7b392e98037fc3672afc21fa02ef3ad3417e58c8e0f", + "3cb111e6d531ae041de2efeac8587374f59526fa719460ad55faaacfb4936d99", + "3cb808292a7a81b6ff25d497f25acad1e554d14806492bfefa1c1c7f204d405a", + "3e05620847484822b3a23a1250863b550732547923e88e14e64b8084bc24c0c6", + "43fadbcf6b371f33f758f939b8ea7b524ade6a7753b41d7a5b3dad524add560f", + "470fc19b55ecb8f7830c57763c22086d45e4bdbccbb410827da20f178d082eb1", + "48fb31e3268057b2985bfe5455f5fe672169bc27c35b463266bac746af9e31e8", + "4a86cbb357806bb557b9ef262e458fe051d14a4507f0cd23924b379e0e4f6b48", + "51d4c615066be53e24d1c2dc70bd9f5513f15ec615ec6b550945a5650d09035e", + "52091dc21ec158cf6d1a3593beb7043d9b95831cb7524b7f537ba13361fe24d5", + "5244ea22ca67d2b4dacfcb7625f4658a4c92a9b5c90eeace1427e71582321e1a", + "56099780e1a7c1df6f8fe7b01f107b46bbe66025d492dfc7e72482dfc735113a", + "572bab030a2a464bf15793e5dd3e2d84b8360e3bb07be0e8d2708e3025b6a2a3", + "575e01491c4d5a08c2a6e60747fc87824397884a187d335f399057f50ba421f5", + "5ac7670fa52909cabebac7345330da2c85311efd3dbe89dd57bcc952c75b58fb", + "5b5a3363903ac2fd810e4e1877ad59ebab5563e2740e4d970bc0c8ba4a471b08", + "5cda9d95afad5d7cc4584f8788ff30a2270020b6d4c874589dc4715f5fb166cc", + "6197022f055da5446b9e6e937373805a3d497fdd4159827e23fc3cff6d26a51b", + "659b77581f815a025f1826468979f5fce066e7f2bc91393ee74bd71fbb62cf14", + "65a2af1decd8c0a9209ce09d7eeb2088ae2007272e3a0ef6cfa90480d0871dba", + "674937c7fea9937d3157090a4358a53d21b45cf0bbe67b76e5d1adcda87df931", + "69fb5ba180985ff11e747db0bd46b177d9551503da46638ff5586ff90f7a6baf", + "6bf293de0f7a6a267278de0d1d9d5b814f24853a0c2c1e5b4ea0406c0762f6f9", + "7069134c0a0b1055a8bf49d54812015b4c4eaf24d638be77ca9c2b53389dffeb", + "712ecbe881c06855b483f0bbeaf7ea17db994363503a54b99cc416116ada4dba", + "71cbea725d64eb8055a0fb931b75cd3e917adb363af7ebdf12d22d0c149ecc1d", + "7440194e0b5ae29993d2f8571c8f7a83c029eeecf251a5e991fcd35e12108f61", + "7815afe50beb666d59454975871bc89711d3be94367a2dc1aeef4d1490e027a8", + "7ca67b54493ec1fbf018e6f8da87d6d261ec7fdb9a17cf8327e28ce8c0ab97f4", + "82fafc3ad44adb44bb8f4cc0205915a89b3dee6bfc1c84e4dc6a8b4c9c429e07", + "8332cad289db9b2a133817901291d639742a6d17ee7d44694111655941ec2c1d", + "8558d6b9eade8d8efc56573f591d28bd15c09935e955448dae984dbc028ae5d3", + "858716274ebe0e1eaffbe79fe3ea0764b2ee48409d42669e5c8e61c3c9831ff9", + "880275a257523f16fb83b540e5e1f4489d751c6684cb6f10a605f76f70b08d3a", + "8904f02c9115f5ea25a3815595be1ac6d642c646786d053ceec0d17606677c17", + "89e73508b4da44c1b92b3c883f7ea4cacc9a689f14b42c6856b946f19b36ee3d", + "9144fa8590d0bfd6b8d2aadcc182e26918c3d530e9cfac5df9ed9c74b49f3622", + "91c7ff92f3938267720a28e9c995125500aeb78e82714220688d3da95612c15a", + "91d31331456072dc5dd1c7f8e1a5de4f0c2e22e888a02006e267f76d919ad387", + "9772b6f8e9a3a4e3112ca3e5284bb1ee177bbb13fbb724a6e5c9f72801f2a5a6", + "9b5919486261f6182fca2fe05a6027ffecb0b21f85f8182ad0323983c3e64784", + "9bbc0fe8ddcd656cab2b39f146ea8e57cb2496b8777266a528d7af3d5d3ef799", + "9bd458840202ac6a3e775d0b5bb14da65560c615a2a7ba6cc01f7b8a7fb75f8c", + "9c4408d9e0a07492ab2995e82e7b9200d78f0243a8f39b6f13adcfde3547611e", + "9c7646c2bc1fbbee103868c7a13b9dd2c1cb29b62950fbf5acc67404b38da9ef", + "9f4c5694e674c829e242955febef9efb130ee87d8bb0caed1961a9cc39cf21ad", + "9f7eabb50fcd7618c280d5639d6465fa87c3c2580495953f556d57da7242f515", + "a0afe1c788bc4f1902f409b5c475b2da63166d33794d19ce76fe450c8c3cf0f3", + "a1ff028ab0f1c0abdd2650837afdbc1f28dad905cccb802b7af72e439c6acba4", + "a210d0c79b879908b6b281722caf724f8e02b800ca7cffed17285574b1e73d4a", + "a498beaab56b3c14562091c0ec732c4c5daeaf13754e9ec6e9b17f8292c9deb0", + "af730f5170933c122bb4e9b8c50c596d150b45d670baba9ab4655e343c835e3d", + "b3c3df072ff1aec9fff5f1b51bc8dcdcb656eeddceeb3c7643ed13d1d6760b4e", + "b3db6584b32bda2b9bb77255ddcd4014e5dfcc1c4d2251d0677033d3a15cfa80", + "b58b29b29b08569ac1e4dc89a41d765a9746a7fd13deebb76d6799e119a7dc81", + "b6c5eebc72f7f175a7510d760e5aeffbfb77fa7d18cd707c57b47282cefb1b21", + "b889023e1c702a202486aae5d5ba7b4c22d8a497812420316db62bb485853c78", + "ba7c302411d29424ac426051a867f8386f6e03abf7b83d385e3f028388dee559", + "bcae3849ba57e0a0fed0f91d6f690361a98e1c5560c2f3144c6746d583cf5381", + "be9755d7de1d78bd2c8bb957c80f199baf9630948b5e9e17eb54fd04a3646290", + "c03e016df0ddc6fd937a52f97d3cc08b945046481578dfc2489e7208196cb468", + "c828b4b562816f3a34ccbee1b804665f1aac2f8f487c39e5cecb751541b66713", + "ca59f8e92dfefba36f5d601ffae6bb4ce3b5f05d1ff6c91d72461f475755d12e", + "cca39eebc73390fc408f0070fd31a4fec405b4466c248adc5413bbc4b5b0308c", + "cf6d5a0dde7159109750880e5ae5595923b0e502e178326344c0bb49a141b5f3", + "d833f6e5ff1156e9c836dbc2e00f5d4431bc450a6dc36e4ebfab34a32e3741c0", + "db7e61f78c1334471f801f40e9f1c7b67a2a150b7bb1ea29b716debfc87e0d87", + "db92a789081585aa07f255036b5a862cf6d0ceb8a8aee45d93aa882db61d35f0", + "dbdb416f2be2761c4acd105b87255e2e7feea28fcb6d77224b5e436eb5e0c492", + "e2682e27b3ad24b9dadf235adc1e1484fcc1f3ad4127494ae291f729178899dd", + "e2827ceb2ca75fd7d6d81b031ff89f67ef273b25ad26afcf7218bee92edeba51", + "e344a020eb2b9e8f7849e6190250d881ce7ed68e89b447d47afba5fc34206895", + "e3ec3a1999c935c8dfb4922ed30353be3758696a4d7a336925f3f8b90315cd90", + "e5b34c78da584739945094d2543da674102a6e32f5d0c3e81923ce7a701ed824", + "e7723943562ecd4c1394fefcd7d0321cd50e26c10d15a8136b3d524d6ee8a33e", + "e7788132c06de65d834b5639a40606942ef6394b21350ae2fab19254f8f1bc75", + "e9c00348e18aeb045f8e646f38b83c40b78bca943bfa5edba40ecb9e1794c5c3", + "ef4ac67eb5d531a8b4a5a54b69e5afcd6a9dc30cfbda86fe571fc0e04af41e1b", + "f106305a63851987e0f48556e1a61c2fa6035c3b569005761fa2ba0aa3a7c085", + "f31698233389934cd18eaaed0d7fbafbe3cbe8738d1c493b492a26aa73a9c597", + "f3d49f47a5ef0861e8c98df6432ab96e4694f406bc892b80f4215d4db54c1a75", + "f47dd464b5285b40dc39e07e414a6737d0f6289337c7618270fd3a4f53745081", + "f5b90919a1c59edf4148d0d42ac361c8d439b4926956ec5ddc25c9eabb3abc21", + "f75e8e0e0c7855400696c4dc9541bcd75a24f27676e9e4acf4146f434166a4b9", + "f80065b055f780c8edb11b1871e74970c6abd0b5963966d470d09c060503a843" + ], + "key": "<HKCU>\\SOFTWARE\\<random, matching '[a-zA-Z0-9]{5,9}'>", + "value_name": null + }, + { + "hashes": [ + "1953ca3ec2aa45a27077b21f7e464f497abfb4f1ae6a75eb62824e414db4c88b", + "f31698233389934cd18eaaed0d7fbafbe3cbe8738d1c493b492a26aa73a9c597" + ], + "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", + "value_name": "xmacrbdl" + }, + { + "hashes": [ + "5b5a3363903ac2fd810e4e1877ad59ebab5563e2740e4d970bc0c8ba4a471b08", + "9bd458840202ac6a3e775d0b5bb14da65560c615a2a7ba6cc01f7b8a7fb75f8c" + ], + "key": "<HKCU>\\SOFTWARE\\GAJXWHJP", + "value_name": "gsmcqoda" + }, + { + "hashes": [ + "5b5a3363903ac2fd810e4e1877ad59ebab5563e2740e4d970bc0c8ba4a471b08", + "9bd458840202ac6a3e775d0b5bb14da65560c615a2a7ba6cc01f7b8a7fb75f8c" + ], + "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", + "value_name": "lugmssnl" + }, + { + "hashes": [ + "1953ca3ec2aa45a27077b21f7e464f497abfb4f1ae6a75eb62824e414db4c88b", + "f31698233389934cd18eaaed0d7fbafbe3cbe8738d1c493b492a26aa73a9c597" + ], + "key": "<HKCU>\\SOFTWARE\\LCFGUHWN", + "value_name": "kkpiqpjh" + }, + { + "hashes": [ + "c03e016df0ddc6fd937a52f97d3cc08b945046481578dfc2489e7208196cb468" + ], + "key": "<HKCU>\\SOFTWARE\\RDSDIHPI", + "value_name": "ooffhvvq" + }, + { + "hashes": [ + "c03e016df0ddc6fd937a52f97d3cc08b945046481578dfc2489e7208196cb468" + ], + "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", + "value_name": "gbpdjnro" + }, + { + "hashes": [ + "dbdb416f2be2761c4acd105b87255e2e7feea28fcb6d77224b5e436eb5e0c492" + ], + "key": "<HKCU>\\SOFTWARE\\LEHGMFUH", + "value_name": "nfbspwqi" + }, + { + "hashes": [ + "dbdb416f2be2761c4acd105b87255e2e7feea28fcb6d77224b5e436eb5e0c492" + ], + "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", + "value_name": "stxigvvf" + }, + { + "hashes": [ + "c828b4b562816f3a34ccbee1b804665f1aac2f8f487c39e5cecb751541b66713" + ], + "key": "<HKCU>\\SOFTWARE\\ATGQWMWN", + "value_name": "risbqlwn" + }, + { + "hashes": [ + "c828b4b562816f3a34ccbee1b804665f1aac2f8f487c39e5cecb751541b66713" + ], + "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", + "value_name": "jijgpgho" + }, + { + "hashes": [ + "d833f6e5ff1156e9c836dbc2e00f5d4431bc450a6dc36e4ebfab34a32e3741c0" + ], + "key": "<HKCU>\\SOFTWARE\\EAPSNCGM", + "value_name": "botvmpma" + }, + { + "hashes": [ + "d833f6e5ff1156e9c836dbc2e00f5d4431bc450a6dc36e4ebfab34a32e3741c0" + ], + "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", + "value_name": "lcfvvaka" + }, + { + "hashes": [ + "cf6d5a0dde7159109750880e5ae5595923b0e502e178326344c0bb49a141b5f3" + ], + "key": "<HKCU>\\SOFTWARE\\AWNSSOSH", + "value_name": "lwgulaor" + }, + { + "hashes": [ + "cf6d5a0dde7159109750880e5ae5595923b0e502e178326344c0bb49a141b5f3" + ], + "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", + "value_name": "wnavkjeq" + }, + { + "hashes": [ + "db7e61f78c1334471f801f40e9f1c7b67a2a150b7bb1ea29b716debfc87e0d87" + ], + "key": "<HKCU>\\SOFTWARE\\KABXXVNJ", + "value_name": "pdilquld" + }, + { + "hashes": [ + "db7e61f78c1334471f801f40e9f1c7b67a2a150b7bb1ea29b716debfc87e0d87" + ], + "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", + "value_name": "xwrwisgs" + }, + { + "hashes": [ + "e2682e27b3ad24b9dadf235adc1e1484fcc1f3ad4127494ae291f729178899dd" + ], + "key": "<HKCU>\\SOFTWARE\\NOLANLNS", + "value_name": "kjknnnrk" + }, + { + "hashes": [ + "e2682e27b3ad24b9dadf235adc1e1484fcc1f3ad4127494ae291f729178899dd" + ], + "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", + "value_name": "jtuoejek" + }, + { + "hashes": [ + "e9c00348e18aeb045f8e646f38b83c40b78bca943bfa5edba40ecb9e1794c5c3" + ], + "key": "<HKCU>\\SOFTWARE\\APKRXJCT", + "value_name": "awpnebmp" + }, + { + "hashes": [ + "e9c00348e18aeb045f8e646f38b83c40b78bca943bfa5edba40ecb9e1794c5c3" + ], + "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", + "value_name": "wghkbolm" + }, + { + "hashes": [ + "e3ec3a1999c935c8dfb4922ed30353be3758696a4d7a336925f3f8b90315cd90" + ], + "key": "<HKCU>\\SOFTWARE\\BPCJNVPS", + "value_name": "govolssr" + }, + { + "hashes": [ + "e3ec3a1999c935c8dfb4922ed30353be3758696a4d7a336925f3f8b90315cd90" + ], + "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", + "value_name": "tqsqpkkn" + }, + { + "hashes": [ + "e5b34c78da584739945094d2543da674102a6e32f5d0c3e81923ce7a701ed824" + ], + "key": "<HKCU>\\SOFTWARE\\UIMKHRCC", + "value_name": "artghiar" + }, + { + "hashes": [ + "f106305a63851987e0f48556e1a61c2fa6035c3b569005761fa2ba0aa3a7c085" + ], + "key": "<HKCU>\\SOFTWARE\\WIVKXHOB", + "value_name": "qlpdwusx" + }, + { + "hashes": [ + "e5b34c78da584739945094d2543da674102a6e32f5d0c3e81923ce7a701ed824" + ], + "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", + "value_name": "abjrelcu" + }, + { + "hashes": [ + "f106305a63851987e0f48556e1a61c2fa6035c3b569005761fa2ba0aa3a7c085" + ], + "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", + "value_name": "nnxrhwfd" + }, + { + "hashes": [ + "e344a020eb2b9e8f7849e6190250d881ce7ed68e89b447d47afba5fc34206895" + ], + "key": "<HKCU>\\SOFTWARE\\DXHIHGKO", + "value_name": "tvwdujwk" + }, + { + "hashes": [ + "e344a020eb2b9e8f7849e6190250d881ce7ed68e89b447d47afba5fc34206895" + ], + "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", + "value_name": "iavdbqkn" + }, + { + "hashes": [ + "e7723943562ecd4c1394fefcd7d0321cd50e26c10d15a8136b3d524d6ee8a33e" + ], + "key": "<HKCU>\\SOFTWARE\\OVCODQSR", + "value_name": "trsneafq" + }, + { + "hashes": [ + "e7723943562ecd4c1394fefcd7d0321cd50e26c10d15a8136b3d524d6ee8a33e" + ], + "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", + "value_name": "mejknekg" + }, + { + "hashes": [ + "f75e8e0e0c7855400696c4dc9541bcd75a24f27676e9e4acf4146f434166a4b9" + ], + "key": "<HKCU>\\SOFTWARE\\SROPWKEQ", + "value_name": "mdrxtoca" + }, + { + "hashes": [ + "f75e8e0e0c7855400696c4dc9541bcd75a24f27676e9e4acf4146f434166a4b9" + ], + "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", + "value_name": "uaohmikj" + }, + { + "hashes": [ + "f3d49f47a5ef0861e8c98df6432ab96e4694f406bc892b80f4215d4db54c1a75" + ], + "key": "<HKCU>\\SOFTWARE\\VJJFQGKH", + "value_name": "jfsxdjjc" + }, + { + "hashes": [ + "f3d49f47a5ef0861e8c98df6432ab96e4694f406bc892b80f4215d4db54c1a75" + ], + "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", + "value_name": "rjblrnis" + }, + { + "hashes": [ + "f5b90919a1c59edf4148d0d42ac361c8d439b4926956ec5ddc25c9eabb3abc21" + ], + "key": "<HKCU>\\SOFTWARE\\CUXQKICW", + "value_name": "wxqakjbv" + }, + { + "hashes": [ + "f5b90919a1c59edf4148d0d42ac361c8d439b4926956ec5ddc25c9eabb3abc21" + ], + "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", + "value_name": "tlbijafu" + }, + { + "hashes": [ + "ef4ac67eb5d531a8b4a5a54b69e5afcd6a9dc30cfbda86fe571fc0e04af41e1b" + ], + "key": "<HKCU>\\SOFTWARE\\BLAJJSAW", + "value_name": "qotudwci" + }, + { + "hashes": [ + "ef4ac67eb5d531a8b4a5a54b69e5afcd6a9dc30cfbda86fe571fc0e04af41e1b" + ], + "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", + "value_name": "dxbrpnqx" + }, + { + "hashes": [ + "e2827ceb2ca75fd7d6d81b031ff89f67ef273b25ad26afcf7218bee92edeba51" + ], + "key": "<HKCU>\\SOFTWARE\\MWDLHRFO", + "value_name": "cgokfdvf" + }, + { + "hashes": [ + "e2827ceb2ca75fd7d6d81b031ff89f67ef273b25ad26afcf7218bee92edeba51" + ], + "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", + "value_name": "cmtfflxv" + }, + { + "hashes": [ + "e7788132c06de65d834b5639a40606942ef6394b21350ae2fab19254f8f1bc75" + ], + "key": "<HKCU>\\SOFTWARE\\DTSDABPG", + "value_name": "tuswnfht" + }, + { + "hashes": [ + "e7788132c06de65d834b5639a40606942ef6394b21350ae2fab19254f8f1bc75" + ], + "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", + "value_name": "bgxtxfdm" + }, + { + "hashes": [ + "f47dd464b5285b40dc39e07e414a6737d0f6289337c7618270fd3a4f53745081" + ], + "key": "<HKCU>\\SOFTWARE\\JGVRVTVB", + "value_name": "cfpgqvfm" + }, + { + "hashes": [ + "f47dd464b5285b40dc39e07e414a6737d0f6289337c7618270fd3a4f53745081" + ], + "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", + "value_name": "mnwvhhtc" + }, + { + "hashes": [ + "f80065b055f780c8edb11b1871e74970c6abd0b5963966d470d09c060503a843" + ], + "key": "<HKCU>\\SOFTWARE\\BDTHGPCI", + "value_name": "jdcdoqbv" + }, + { + "hashes": [ + "f80065b055f780c8edb11b1871e74970c6abd0b5963966d470d09c060503a843" + ], + "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", + "value_name": "rbkprvfa" + } + ] + }, + "reports_count": 105 + }, + "Win.Malware.Remcos-7914589-1": { + "bis": [ + { + "bi": "memory-execute-readwrite", + "hashes": [ + "a7e31506a6f5136a74bc8e8ab40ca85f1d9a366ffaf69fbb01174c3302c2d836", + "396e48550c04112c13456de4da057a5228757304afc0d20c74f5c24a735982a5", + "7ca670fb5472d30d2bd320a373064dc919c3e24f580bdadc694a0c2950b620c5", + "5b5b6c36541723ae5caad84ba2c230ce3be5629fc68226f6c5663bae222a2ac8", + "3a25508291ec509c10f80ae66fe28e4c99b67dc71548ee679f3db6d0c8b1a8c1", + "2ed399e979fa1ad8971db52bf7c295584d8f5834c9546a8753db2d8674936e50", + "67d0e7c7c6ef03c64b8ff8b0e911de0e2b2e13925d78274b758dbf2b43cbe99f", + "9f6df629221781bdb2a5d1147f759819fbe05bf30862b871d50e6a912632bc5e", + "4429cd213094b8cb8b85afb9517140c551133333a920bbf82ba6cb1dfcbb9434", + "c2d10a0e9929a419e0fdf9ecb685b63b8027c93e27e41d8a19965b0b5fb315f6", + "284a302b8433f28439ac7adab777b0afb649eb798e869cf9f80ff9142359cb91", + "01769ed4caabda8eeeaf95cf2769e7c70c7d07efdda8c45c99dfdc29fb6426b3", + "47df64e82a237af5045e6fc6da1ed065302825eace28c86e0d622f6b9f29cddc", + "d49428195a33e18cc313f11cce15943f20c7b6919b2fc847668773fac1062c73", + "3074cb8b112d0f4ce6f4fac71bd6bd406a2fabc0551f29c3b7e8b771481dd330", + "0bdc3b3fd3b8f4e356b694b3cfa541ff548c741cd24f1209a357f931ef00ca94", + "c0d60f9c81843c9d5a564d96680635588ebad378bda384019e2c5fb2bf25d122" + ], + "mitre_attack_tags": [ + "TA0005", + "TA0004", + "T1055", + "T1181" + ] + }, + { + "bi": "cta-static-analyzer-malicious", + "hashes": [ + "a7e31506a6f5136a74bc8e8ab40ca85f1d9a366ffaf69fbb01174c3302c2d836", + "396e48550c04112c13456de4da057a5228757304afc0d20c74f5c24a735982a5", + "7ca670fb5472d30d2bd320a373064dc919c3e24f580bdadc694a0c2950b620c5", + "5b5b6c36541723ae5caad84ba2c230ce3be5629fc68226f6c5663bae222a2ac8", + "3a25508291ec509c10f80ae66fe28e4c99b67dc71548ee679f3db6d0c8b1a8c1", + "2ed399e979fa1ad8971db52bf7c295584d8f5834c9546a8753db2d8674936e50", + "67d0e7c7c6ef03c64b8ff8b0e911de0e2b2e13925d78274b758dbf2b43cbe99f", + "9f6df629221781bdb2a5d1147f759819fbe05bf30862b871d50e6a912632bc5e", + "4429cd213094b8cb8b85afb9517140c551133333a920bbf82ba6cb1dfcbb9434", + "c2d10a0e9929a419e0fdf9ecb685b63b8027c93e27e41d8a19965b0b5fb315f6", + "284a302b8433f28439ac7adab777b0afb649eb798e869cf9f80ff9142359cb91", + "01769ed4caabda8eeeaf95cf2769e7c70c7d07efdda8c45c99dfdc29fb6426b3", + "47df64e82a237af5045e6fc6da1ed065302825eace28c86e0d622f6b9f29cddc", + "d49428195a33e18cc313f11cce15943f20c7b6919b2fc847668773fac1062c73", + "3074cb8b112d0f4ce6f4fac71bd6bd406a2fabc0551f29c3b7e8b771481dd330", + "0bdc3b3fd3b8f4e356b694b3cfa541ff548c741cd24f1209a357f931ef00ca94", + "c0d60f9c81843c9d5a564d96680635588ebad378bda384019e2c5fb2bf25d122" + ], + "mitre_attack_tags": [] + }, + { + "bi": "hook-installed", + "hashes": [ + "a7e31506a6f5136a74bc8e8ab40ca85f1d9a366ffaf69fbb01174c3302c2d836", + "396e48550c04112c13456de4da057a5228757304afc0d20c74f5c24a735982a5", + "7ca670fb5472d30d2bd320a373064dc919c3e24f580bdadc694a0c2950b620c5", + "5b5b6c36541723ae5caad84ba2c230ce3be5629fc68226f6c5663bae222a2ac8", + "3a25508291ec509c10f80ae66fe28e4c99b67dc71548ee679f3db6d0c8b1a8c1", + "2ed399e979fa1ad8971db52bf7c295584d8f5834c9546a8753db2d8674936e50", + "67d0e7c7c6ef03c64b8ff8b0e911de0e2b2e13925d78274b758dbf2b43cbe99f", + "9f6df629221781bdb2a5d1147f759819fbe05bf30862b871d50e6a912632bc5e", + "4429cd213094b8cb8b85afb9517140c551133333a920bbf82ba6cb1dfcbb9434", + "c2d10a0e9929a419e0fdf9ecb685b63b8027c93e27e41d8a19965b0b5fb315f6", + "284a302b8433f28439ac7adab777b0afb649eb798e869cf9f80ff9142359cb91", + "01769ed4caabda8eeeaf95cf2769e7c70c7d07efdda8c45c99dfdc29fb6426b3", + "47df64e82a237af5045e6fc6da1ed065302825eace28c86e0d622f6b9f29cddc", + "d49428195a33e18cc313f11cce15943f20c7b6919b2fc847668773fac1062c73", + "3074cb8b112d0f4ce6f4fac71bd6bd406a2fabc0551f29c3b7e8b771481dd330", + "0bdc3b3fd3b8f4e356b694b3cfa541ff548c741cd24f1209a357f931ef00ca94", + "c0d60f9c81843c9d5a564d96680635588ebad378bda384019e2c5fb2bf25d122" + ], + "mitre_attack_tags": [ + "TA0006", + "TA0003", + "TA0004", + "T1056", + "T1179" + ] + }, + { + "bi": "pe-tls-callback", + "hashes": [ + "a7e31506a6f5136a74bc8e8ab40ca85f1d9a366ffaf69fbb01174c3302c2d836", + "396e48550c04112c13456de4da057a5228757304afc0d20c74f5c24a735982a5", + "7ca670fb5472d30d2bd320a373064dc919c3e24f580bdadc694a0c2950b620c5", + "5b5b6c36541723ae5caad84ba2c230ce3be5629fc68226f6c5663bae222a2ac8", + "3a25508291ec509c10f80ae66fe28e4c99b67dc71548ee679f3db6d0c8b1a8c1", + "2ed399e979fa1ad8971db52bf7c295584d8f5834c9546a8753db2d8674936e50", + "67d0e7c7c6ef03c64b8ff8b0e911de0e2b2e13925d78274b758dbf2b43cbe99f", + "9f6df629221781bdb2a5d1147f759819fbe05bf30862b871d50e6a912632bc5e", + "4429cd213094b8cb8b85afb9517140c551133333a920bbf82ba6cb1dfcbb9434", + "c2d10a0e9929a419e0fdf9ecb685b63b8027c93e27e41d8a19965b0b5fb315f6", + "284a302b8433f28439ac7adab777b0afb649eb798e869cf9f80ff9142359cb91", + "01769ed4caabda8eeeaf95cf2769e7c70c7d07efdda8c45c99dfdc29fb6426b3", + "47df64e82a237af5045e6fc6da1ed065302825eace28c86e0d622f6b9f29cddc", + "d49428195a33e18cc313f11cce15943f20c7b6919b2fc847668773fac1062c73", + "3074cb8b112d0f4ce6f4fac71bd6bd406a2fabc0551f29c3b7e8b771481dd330", + "0bdc3b3fd3b8f4e356b694b3cfa541ff548c741cd24f1209a357f931ef00ca94", + "c0d60f9c81843c9d5a564d96680635588ebad378bda384019e2c5fb2bf25d122" + ], + "mitre_attack_tags": [ + "TA0005", + "T1027" + ] + }, + { + "bi": "pe-header-timestamp-prior", + "hashes": [ + "a7e31506a6f5136a74bc8e8ab40ca85f1d9a366ffaf69fbb01174c3302c2d836", + "396e48550c04112c13456de4da057a5228757304afc0d20c74f5c24a735982a5", + "7ca670fb5472d30d2bd320a373064dc919c3e24f580bdadc694a0c2950b620c5", + "5b5b6c36541723ae5caad84ba2c230ce3be5629fc68226f6c5663bae222a2ac8", + "3a25508291ec509c10f80ae66fe28e4c99b67dc71548ee679f3db6d0c8b1a8c1", + "2ed399e979fa1ad8971db52bf7c295584d8f5834c9546a8753db2d8674936e50", + "67d0e7c7c6ef03c64b8ff8b0e911de0e2b2e13925d78274b758dbf2b43cbe99f", + "9f6df629221781bdb2a5d1147f759819fbe05bf30862b871d50e6a912632bc5e", + "4429cd213094b8cb8b85afb9517140c551133333a920bbf82ba6cb1dfcbb9434", + "c2d10a0e9929a419e0fdf9ecb685b63b8027c93e27e41d8a19965b0b5fb315f6", + "284a302b8433f28439ac7adab777b0afb649eb798e869cf9f80ff9142359cb91", + "01769ed4caabda8eeeaf95cf2769e7c70c7d07efdda8c45c99dfdc29fb6426b3", + "47df64e82a237af5045e6fc6da1ed065302825eace28c86e0d622f6b9f29cddc", + "d49428195a33e18cc313f11cce15943f20c7b6919b2fc847668773fac1062c73", + "3074cb8b112d0f4ce6f4fac71bd6bd406a2fabc0551f29c3b7e8b771481dd330", + "0bdc3b3fd3b8f4e356b694b3cfa541ff548c741cd24f1209a357f931ef00ca94", + "c0d60f9c81843c9d5a564d96680635588ebad378bda384019e2c5fb2bf25d122" + ], + "mitre_attack_tags": [] + }, + { + "bi": "pe-section-shared", + "hashes": [ + "a7e31506a6f5136a74bc8e8ab40ca85f1d9a366ffaf69fbb01174c3302c2d836", + "396e48550c04112c13456de4da057a5228757304afc0d20c74f5c24a735982a5", + "7ca670fb5472d30d2bd320a373064dc919c3e24f580bdadc694a0c2950b620c5", + "5b5b6c36541723ae5caad84ba2c230ce3be5629fc68226f6c5663bae222a2ac8", + "3a25508291ec509c10f80ae66fe28e4c99b67dc71548ee679f3db6d0c8b1a8c1", + "2ed399e979fa1ad8971db52bf7c295584d8f5834c9546a8753db2d8674936e50", + "67d0e7c7c6ef03c64b8ff8b0e911de0e2b2e13925d78274b758dbf2b43cbe99f", + "9f6df629221781bdb2a5d1147f759819fbe05bf30862b871d50e6a912632bc5e", + "4429cd213094b8cb8b85afb9517140c551133333a920bbf82ba6cb1dfcbb9434", + "c2d10a0e9929a419e0fdf9ecb685b63b8027c93e27e41d8a19965b0b5fb315f6", + "284a302b8433f28439ac7adab777b0afb649eb798e869cf9f80ff9142359cb91", + "01769ed4caabda8eeeaf95cf2769e7c70c7d07efdda8c45c99dfdc29fb6426b3", + "47df64e82a237af5045e6fc6da1ed065302825eace28c86e0d622f6b9f29cddc", + "d49428195a33e18cc313f11cce15943f20c7b6919b2fc847668773fac1062c73", + "3074cb8b112d0f4ce6f4fac71bd6bd406a2fabc0551f29c3b7e8b771481dd330", + "0bdc3b3fd3b8f4e356b694b3cfa541ff548c741cd24f1209a357f931ef00ca94", + "c0d60f9c81843c9d5a564d96680635588ebad378bda384019e2c5fb2bf25d122" + ], + "mitre_attack_tags": [ + "TA0005", + "T1027" + ] + }, + { + "bi": "modified-executable", + "hashes": [ + "a7e31506a6f5136a74bc8e8ab40ca85f1d9a366ffaf69fbb01174c3302c2d836", + "396e48550c04112c13456de4da057a5228757304afc0d20c74f5c24a735982a5", + "7ca670fb5472d30d2bd320a373064dc919c3e24f580bdadc694a0c2950b620c5", + "5b5b6c36541723ae5caad84ba2c230ce3be5629fc68226f6c5663bae222a2ac8", + "3a25508291ec509c10f80ae66fe28e4c99b67dc71548ee679f3db6d0c8b1a8c1", + "2ed399e979fa1ad8971db52bf7c295584d8f5834c9546a8753db2d8674936e50", + "67d0e7c7c6ef03c64b8ff8b0e911de0e2b2e13925d78274b758dbf2b43cbe99f", + "9f6df629221781bdb2a5d1147f759819fbe05bf30862b871d50e6a912632bc5e", + "4429cd213094b8cb8b85afb9517140c551133333a920bbf82ba6cb1dfcbb9434", + "c2d10a0e9929a419e0fdf9ecb685b63b8027c93e27e41d8a19965b0b5fb315f6", + "284a302b8433f28439ac7adab777b0afb649eb798e869cf9f80ff9142359cb91", + "01769ed4caabda8eeeaf95cf2769e7c70c7d07efdda8c45c99dfdc29fb6426b3", + "47df64e82a237af5045e6fc6da1ed065302825eace28c86e0d622f6b9f29cddc", + "d49428195a33e18cc313f11cce15943f20c7b6919b2fc847668773fac1062c73", + "3074cb8b112d0f4ce6f4fac71bd6bd406a2fabc0551f29c3b7e8b771481dd330", + "c0d60f9c81843c9d5a564d96680635588ebad378bda384019e2c5fb2bf25d122" + ], + "mitre_attack_tags": [] + }, + { + "bi": "created-executable-in-user-dir", + "hashes": [ + "a7e31506a6f5136a74bc8e8ab40ca85f1d9a366ffaf69fbb01174c3302c2d836", + "396e48550c04112c13456de4da057a5228757304afc0d20c74f5c24a735982a5", + "7ca670fb5472d30d2bd320a373064dc919c3e24f580bdadc694a0c2950b620c5", + "5b5b6c36541723ae5caad84ba2c230ce3be5629fc68226f6c5663bae222a2ac8", + "3a25508291ec509c10f80ae66fe28e4c99b67dc71548ee679f3db6d0c8b1a8c1", + "2ed399e979fa1ad8971db52bf7c295584d8f5834c9546a8753db2d8674936e50", + "67d0e7c7c6ef03c64b8ff8b0e911de0e2b2e13925d78274b758dbf2b43cbe99f", + "9f6df629221781bdb2a5d1147f759819fbe05bf30862b871d50e6a912632bc5e", + "4429cd213094b8cb8b85afb9517140c551133333a920bbf82ba6cb1dfcbb9434", + "c2d10a0e9929a419e0fdf9ecb685b63b8027c93e27e41d8a19965b0b5fb315f6", + "284a302b8433f28439ac7adab777b0afb649eb798e869cf9f80ff9142359cb91", + "01769ed4caabda8eeeaf95cf2769e7c70c7d07efdda8c45c99dfdc29fb6426b3", + "47df64e82a237af5045e6fc6da1ed065302825eace28c86e0d622f6b9f29cddc", + "d49428195a33e18cc313f11cce15943f20c7b6919b2fc847668773fac1062c73", + "3074cb8b112d0f4ce6f4fac71bd6bd406a2fabc0551f29c3b7e8b771481dd330", + "c0d60f9c81843c9d5a564d96680635588ebad378bda384019e2c5fb2bf25d122" + ], + "mitre_attack_tags": [] + }, + { + "bi": "antivirus-service-flagged-artifact", + "hashes": [ + "a7e31506a6f5136a74bc8e8ab40ca85f1d9a366ffaf69fbb01174c3302c2d836", + "396e48550c04112c13456de4da057a5228757304afc0d20c74f5c24a735982a5", + "7ca670fb5472d30d2bd320a373064dc919c3e24f580bdadc694a0c2950b620c5", + "5b5b6c36541723ae5caad84ba2c230ce3be5629fc68226f6c5663bae222a2ac8", + "2ed399e979fa1ad8971db52bf7c295584d8f5834c9546a8753db2d8674936e50", + "67d0e7c7c6ef03c64b8ff8b0e911de0e2b2e13925d78274b758dbf2b43cbe99f", + "9f6df629221781bdb2a5d1147f759819fbe05bf30862b871d50e6a912632bc5e", + "4429cd213094b8cb8b85afb9517140c551133333a920bbf82ba6cb1dfcbb9434", + "c2d10a0e9929a419e0fdf9ecb685b63b8027c93e27e41d8a19965b0b5fb315f6", + "284a302b8433f28439ac7adab777b0afb649eb798e869cf9f80ff9142359cb91", + "01769ed4caabda8eeeaf95cf2769e7c70c7d07efdda8c45c99dfdc29fb6426b3", + "47df64e82a237af5045e6fc6da1ed065302825eace28c86e0d622f6b9f29cddc", + "d49428195a33e18cc313f11cce15943f20c7b6919b2fc847668773fac1062c73", + "3074cb8b112d0f4ce6f4fac71bd6bd406a2fabc0551f29c3b7e8b771481dd330", + "0bdc3b3fd3b8f4e356b694b3cfa541ff548c741cd24f1209a357f931ef00ca94", + "c0d60f9c81843c9d5a564d96680635588ebad378bda384019e2c5fb2bf25d122" + ], + "mitre_attack_tags": [] + }, + { + "bi": "modified-file-in-user-dir", + "hashes": [ + "a7e31506a6f5136a74bc8e8ab40ca85f1d9a366ffaf69fbb01174c3302c2d836", + "396e48550c04112c13456de4da057a5228757304afc0d20c74f5c24a735982a5", + "7ca670fb5472d30d2bd320a373064dc919c3e24f580bdadc694a0c2950b620c5", + "5b5b6c36541723ae5caad84ba2c230ce3be5629fc68226f6c5663bae222a2ac8", + "3a25508291ec509c10f80ae66fe28e4c99b67dc71548ee679f3db6d0c8b1a8c1", + "2ed399e979fa1ad8971db52bf7c295584d8f5834c9546a8753db2d8674936e50", + "67d0e7c7c6ef03c64b8ff8b0e911de0e2b2e13925d78274b758dbf2b43cbe99f", + "9f6df629221781bdb2a5d1147f759819fbe05bf30862b871d50e6a912632bc5e", + "4429cd213094b8cb8b85afb9517140c551133333a920bbf82ba6cb1dfcbb9434", + "c2d10a0e9929a419e0fdf9ecb685b63b8027c93e27e41d8a19965b0b5fb315f6", + "284a302b8433f28439ac7adab777b0afb649eb798e869cf9f80ff9142359cb91", + "01769ed4caabda8eeeaf95cf2769e7c70c7d07efdda8c45c99dfdc29fb6426b3", + "47df64e82a237af5045e6fc6da1ed065302825eace28c86e0d622f6b9f29cddc", + "d49428195a33e18cc313f11cce15943f20c7b6919b2fc847668773fac1062c73", + "3074cb8b112d0f4ce6f4fac71bd6bd406a2fabc0551f29c3b7e8b771481dd330", + "c0d60f9c81843c9d5a564d96680635588ebad378bda384019e2c5fb2bf25d122" + ], + "mitre_attack_tags": [] + }, + { + "bi": "network-fast-flux-domain", + "hashes": [ + "a7e31506a6f5136a74bc8e8ab40ca85f1d9a366ffaf69fbb01174c3302c2d836", + "396e48550c04112c13456de4da057a5228757304afc0d20c74f5c24a735982a5", + "7ca670fb5472d30d2bd320a373064dc919c3e24f580bdadc694a0c2950b620c5", + "5b5b6c36541723ae5caad84ba2c230ce3be5629fc68226f6c5663bae222a2ac8", + "3a25508291ec509c10f80ae66fe28e4c99b67dc71548ee679f3db6d0c8b1a8c1", + "2ed399e979fa1ad8971db52bf7c295584d8f5834c9546a8753db2d8674936e50", + "67d0e7c7c6ef03c64b8ff8b0e911de0e2b2e13925d78274b758dbf2b43cbe99f", + "9f6df629221781bdb2a5d1147f759819fbe05bf30862b871d50e6a912632bc5e", + "4429cd213094b8cb8b85afb9517140c551133333a920bbf82ba6cb1dfcbb9434", + "c2d10a0e9929a419e0fdf9ecb685b63b8027c93e27e41d8a19965b0b5fb315f6", + "284a302b8433f28439ac7adab777b0afb649eb798e869cf9f80ff9142359cb91", + "01769ed4caabda8eeeaf95cf2769e7c70c7d07efdda8c45c99dfdc29fb6426b3", + "47df64e82a237af5045e6fc6da1ed065302825eace28c86e0d622f6b9f29cddc", + "d49428195a33e18cc313f11cce15943f20c7b6919b2fc847668773fac1062c73", + "3074cb8b112d0f4ce6f4fac71bd6bd406a2fabc0551f29c3b7e8b771481dd330", + "c0d60f9c81843c9d5a564d96680635588ebad378bda384019e2c5fb2bf25d122" + ], + "mitre_attack_tags": [] + }, + { + "bi": "network-only-safe-domains-contacted", + "hashes": [ + "a7e31506a6f5136a74bc8e8ab40ca85f1d9a366ffaf69fbb01174c3302c2d836", + "396e48550c04112c13456de4da057a5228757304afc0d20c74f5c24a735982a5", + "7ca670fb5472d30d2bd320a373064dc919c3e24f580bdadc694a0c2950b620c5", + "5b5b6c36541723ae5caad84ba2c230ce3be5629fc68226f6c5663bae222a2ac8", + "3a25508291ec509c10f80ae66fe28e4c99b67dc71548ee679f3db6d0c8b1a8c1", + "2ed399e979fa1ad8971db52bf7c295584d8f5834c9546a8753db2d8674936e50", + "67d0e7c7c6ef03c64b8ff8b0e911de0e2b2e13925d78274b758dbf2b43cbe99f", + "9f6df629221781bdb2a5d1147f759819fbe05bf30862b871d50e6a912632bc5e", + "4429cd213094b8cb8b85afb9517140c551133333a920bbf82ba6cb1dfcbb9434", + "c2d10a0e9929a419e0fdf9ecb685b63b8027c93e27e41d8a19965b0b5fb315f6", + "284a302b8433f28439ac7adab777b0afb649eb798e869cf9f80ff9142359cb91", + "01769ed4caabda8eeeaf95cf2769e7c70c7d07efdda8c45c99dfdc29fb6426b3", + "47df64e82a237af5045e6fc6da1ed065302825eace28c86e0d622f6b9f29cddc", + "d49428195a33e18cc313f11cce15943f20c7b6919b2fc847668773fac1062c73", + "3074cb8b112d0f4ce6f4fac71bd6bd406a2fabc0551f29c3b7e8b771481dd330", + "c0d60f9c81843c9d5a564d96680635588ebad378bda384019e2c5fb2bf25d122" + ], + "mitre_attack_tags": [] + }, + { + "bi": "excessive-foreign-memory-modification", + "hashes": [ + "a7e31506a6f5136a74bc8e8ab40ca85f1d9a366ffaf69fbb01174c3302c2d836", + "396e48550c04112c13456de4da057a5228757304afc0d20c74f5c24a735982a5", + "7ca670fb5472d30d2bd320a373064dc919c3e24f580bdadc694a0c2950b620c5", + "5b5b6c36541723ae5caad84ba2c230ce3be5629fc68226f6c5663bae222a2ac8", + "3a25508291ec509c10f80ae66fe28e4c99b67dc71548ee679f3db6d0c8b1a8c1", + "2ed399e979fa1ad8971db52bf7c295584d8f5834c9546a8753db2d8674936e50", + "67d0e7c7c6ef03c64b8ff8b0e911de0e2b2e13925d78274b758dbf2b43cbe99f", + "9f6df629221781bdb2a5d1147f759819fbe05bf30862b871d50e6a912632bc5e", + "4429cd213094b8cb8b85afb9517140c551133333a920bbf82ba6cb1dfcbb9434", + "c2d10a0e9929a419e0fdf9ecb685b63b8027c93e27e41d8a19965b0b5fb315f6", + "284a302b8433f28439ac7adab777b0afb649eb798e869cf9f80ff9142359cb91", + "01769ed4caabda8eeeaf95cf2769e7c70c7d07efdda8c45c99dfdc29fb6426b3", + "47df64e82a237af5045e6fc6da1ed065302825eace28c86e0d622f6b9f29cddc", + "d49428195a33e18cc313f11cce15943f20c7b6919b2fc847668773fac1062c73", + "3074cb8b112d0f4ce6f4fac71bd6bd406a2fabc0551f29c3b7e8b771481dd330", + "c0d60f9c81843c9d5a564d96680635588ebad378bda384019e2c5fb2bf25d122" + ], + "mitre_attack_tags": [ + "TA0005", + "T1055" + ] + }, + { + "bi": "registry-autorun-key-modified", + "hashes": [ + "a7e31506a6f5136a74bc8e8ab40ca85f1d9a366ffaf69fbb01174c3302c2d836", + "396e48550c04112c13456de4da057a5228757304afc0d20c74f5c24a735982a5", + "7ca670fb5472d30d2bd320a373064dc919c3e24f580bdadc694a0c2950b620c5", + "5b5b6c36541723ae5caad84ba2c230ce3be5629fc68226f6c5663bae222a2ac8", + "3a25508291ec509c10f80ae66fe28e4c99b67dc71548ee679f3db6d0c8b1a8c1", + "2ed399e979fa1ad8971db52bf7c295584d8f5834c9546a8753db2d8674936e50", + "67d0e7c7c6ef03c64b8ff8b0e911de0e2b2e13925d78274b758dbf2b43cbe99f", + "9f6df629221781bdb2a5d1147f759819fbe05bf30862b871d50e6a912632bc5e", + "4429cd213094b8cb8b85afb9517140c551133333a920bbf82ba6cb1dfcbb9434", + "c2d10a0e9929a419e0fdf9ecb685b63b8027c93e27e41d8a19965b0b5fb315f6", + "284a302b8433f28439ac7adab777b0afb649eb798e869cf9f80ff9142359cb91", + "01769ed4caabda8eeeaf95cf2769e7c70c7d07efdda8c45c99dfdc29fb6426b3", + "47df64e82a237af5045e6fc6da1ed065302825eace28c86e0d622f6b9f29cddc", + "d49428195a33e18cc313f11cce15943f20c7b6919b2fc847668773fac1062c73", + "3074cb8b112d0f4ce6f4fac71bd6bd406a2fabc0551f29c3b7e8b771481dd330", + "c0d60f9c81843c9d5a564d96680635588ebad378bda384019e2c5fb2bf25d122" + ], + "mitre_attack_tags": [ + "TA0003", + "T1060" + ] + }, + { + "bi": "network-dns-category-file-storage", + "hashes": [ + "a7e31506a6f5136a74bc8e8ab40ca85f1d9a366ffaf69fbb01174c3302c2d836", + "7ca670fb5472d30d2bd320a373064dc919c3e24f580bdadc694a0c2950b620c5", + "5b5b6c36541723ae5caad84ba2c230ce3be5629fc68226f6c5663bae222a2ac8", + "3a25508291ec509c10f80ae66fe28e4c99b67dc71548ee679f3db6d0c8b1a8c1", + "2ed399e979fa1ad8971db52bf7c295584d8f5834c9546a8753db2d8674936e50", + "67d0e7c7c6ef03c64b8ff8b0e911de0e2b2e13925d78274b758dbf2b43cbe99f", + "9f6df629221781bdb2a5d1147f759819fbe05bf30862b871d50e6a912632bc5e", + "4429cd213094b8cb8b85afb9517140c551133333a920bbf82ba6cb1dfcbb9434", + "c2d10a0e9929a419e0fdf9ecb685b63b8027c93e27e41d8a19965b0b5fb315f6", + "284a302b8433f28439ac7adab777b0afb649eb798e869cf9f80ff9142359cb91", + "01769ed4caabda8eeeaf95cf2769e7c70c7d07efdda8c45c99dfdc29fb6426b3", + "47df64e82a237af5045e6fc6da1ed065302825eace28c86e0d622f6b9f29cddc", + "d49428195a33e18cc313f11cce15943f20c7b6919b2fc847668773fac1062c73", + "3074cb8b112d0f4ce6f4fac71bd6bd406a2fabc0551f29c3b7e8b771481dd330", + "c0d60f9c81843c9d5a564d96680635588ebad378bda384019e2c5fb2bf25d122" + ], + "mitre_attack_tags": [] + }, + { + "bi": "registry-modified-rootcerts", + "hashes": [ + "a7e31506a6f5136a74bc8e8ab40ca85f1d9a366ffaf69fbb01174c3302c2d836", + "7ca670fb5472d30d2bd320a373064dc919c3e24f580bdadc694a0c2950b620c5", + "5b5b6c36541723ae5caad84ba2c230ce3be5629fc68226f6c5663bae222a2ac8", + "3a25508291ec509c10f80ae66fe28e4c99b67dc71548ee679f3db6d0c8b1a8c1", + "2ed399e979fa1ad8971db52bf7c295584d8f5834c9546a8753db2d8674936e50", + "67d0e7c7c6ef03c64b8ff8b0e911de0e2b2e13925d78274b758dbf2b43cbe99f", + "9f6df629221781bdb2a5d1147f759819fbe05bf30862b871d50e6a912632bc5e", + "4429cd213094b8cb8b85afb9517140c551133333a920bbf82ba6cb1dfcbb9434", + "c2d10a0e9929a419e0fdf9ecb685b63b8027c93e27e41d8a19965b0b5fb315f6", + "284a302b8433f28439ac7adab777b0afb649eb798e869cf9f80ff9142359cb91", + "01769ed4caabda8eeeaf95cf2769e7c70c7d07efdda8c45c99dfdc29fb6426b3", + "47df64e82a237af5045e6fc6da1ed065302825eace28c86e0d622f6b9f29cddc", + "d49428195a33e18cc313f11cce15943f20c7b6919b2fc847668773fac1062c73", + "3074cb8b112d0f4ce6f4fac71bd6bd406a2fabc0551f29c3b7e8b771481dd330", + "c0d60f9c81843c9d5a564d96680635588ebad378bda384019e2c5fb2bf25d122" + ], + "mitre_attack_tags": [ + "TA0011", + "TA0006", + "TA0005", + "T1130" + ] + }, + { + "bi": "feed-domain-rat", + "hashes": [ + "a7e31506a6f5136a74bc8e8ab40ca85f1d9a366ffaf69fbb01174c3302c2d836", + "7ca670fb5472d30d2bd320a373064dc919c3e24f580bdadc694a0c2950b620c5", + "5b5b6c36541723ae5caad84ba2c230ce3be5629fc68226f6c5663bae222a2ac8", + "3a25508291ec509c10f80ae66fe28e4c99b67dc71548ee679f3db6d0c8b1a8c1", + "2ed399e979fa1ad8971db52bf7c295584d8f5834c9546a8753db2d8674936e50", + "67d0e7c7c6ef03c64b8ff8b0e911de0e2b2e13925d78274b758dbf2b43cbe99f", + "9f6df629221781bdb2a5d1147f759819fbe05bf30862b871d50e6a912632bc5e", + "c2d10a0e9929a419e0fdf9ecb685b63b8027c93e27e41d8a19965b0b5fb315f6", + "284a302b8433f28439ac7adab777b0afb649eb798e869cf9f80ff9142359cb91", + "01769ed4caabda8eeeaf95cf2769e7c70c7d07efdda8c45c99dfdc29fb6426b3", + "47df64e82a237af5045e6fc6da1ed065302825eace28c86e0d622f6b9f29cddc", + "d49428195a33e18cc313f11cce15943f20c7b6919b2fc847668773fac1062c73", + "3074cb8b112d0f4ce6f4fac71bd6bd406a2fabc0551f29c3b7e8b771481dd330", + "c0d60f9c81843c9d5a564d96680635588ebad378bda384019e2c5fb2bf25d122" + ], + "mitre_attack_tags": [] + }, + { + "bi": "feed-domain-antivirus-service", + "hashes": [ + "a7e31506a6f5136a74bc8e8ab40ca85f1d9a366ffaf69fbb01174c3302c2d836", + "7ca670fb5472d30d2bd320a373064dc919c3e24f580bdadc694a0c2950b620c5", + "5b5b6c36541723ae5caad84ba2c230ce3be5629fc68226f6c5663bae222a2ac8", + "3a25508291ec509c10f80ae66fe28e4c99b67dc71548ee679f3db6d0c8b1a8c1", + "2ed399e979fa1ad8971db52bf7c295584d8f5834c9546a8753db2d8674936e50", + "67d0e7c7c6ef03c64b8ff8b0e911de0e2b2e13925d78274b758dbf2b43cbe99f", + "9f6df629221781bdb2a5d1147f759819fbe05bf30862b871d50e6a912632bc5e", + "c2d10a0e9929a419e0fdf9ecb685b63b8027c93e27e41d8a19965b0b5fb315f6", + "284a302b8433f28439ac7adab777b0afb649eb798e869cf9f80ff9142359cb91", + "01769ed4caabda8eeeaf95cf2769e7c70c7d07efdda8c45c99dfdc29fb6426b3", + "47df64e82a237af5045e6fc6da1ed065302825eace28c86e0d622f6b9f29cddc", + "d49428195a33e18cc313f11cce15943f20c7b6919b2fc847668773fac1062c73", + "3074cb8b112d0f4ce6f4fac71bd6bd406a2fabc0551f29c3b7e8b771481dd330", + "c0d60f9c81843c9d5a564d96680635588ebad378bda384019e2c5fb2bf25d122" + ], + "mitre_attack_tags": [] + }, + { + "bi": "windows-util-schtask-generic", + "hashes": [ + "a7e31506a6f5136a74bc8e8ab40ca85f1d9a366ffaf69fbb01174c3302c2d836", + "7ca670fb5472d30d2bd320a373064dc919c3e24f580bdadc694a0c2950b620c5", + "5b5b6c36541723ae5caad84ba2c230ce3be5629fc68226f6c5663bae222a2ac8", + "3a25508291ec509c10f80ae66fe28e4c99b67dc71548ee679f3db6d0c8b1a8c1", + "2ed399e979fa1ad8971db52bf7c295584d8f5834c9546a8753db2d8674936e50", + "67d0e7c7c6ef03c64b8ff8b0e911de0e2b2e13925d78274b758dbf2b43cbe99f", + "9f6df629221781bdb2a5d1147f759819fbe05bf30862b871d50e6a912632bc5e", + "c2d10a0e9929a419e0fdf9ecb685b63b8027c93e27e41d8a19965b0b5fb315f6", + "284a302b8433f28439ac7adab777b0afb649eb798e869cf9f80ff9142359cb91", + "01769ed4caabda8eeeaf95cf2769e7c70c7d07efdda8c45c99dfdc29fb6426b3", + "47df64e82a237af5045e6fc6da1ed065302825eace28c86e0d622f6b9f29cddc", + "d49428195a33e18cc313f11cce15943f20c7b6919b2fc847668773fac1062c73", + "3074cb8b112d0f4ce6f4fac71bd6bd406a2fabc0551f29c3b7e8b771481dd330", + "c0d60f9c81843c9d5a564d96680635588ebad378bda384019e2c5fb2bf25d122" + ], + "mitre_attack_tags": [ + "TA0003", + "T1053" + ] + }, + { + "bi": "files-deleted-used-batch", + "hashes": [ + "a7e31506a6f5136a74bc8e8ab40ca85f1d9a366ffaf69fbb01174c3302c2d836", + "7ca670fb5472d30d2bd320a373064dc919c3e24f580bdadc694a0c2950b620c5", + "5b5b6c36541723ae5caad84ba2c230ce3be5629fc68226f6c5663bae222a2ac8", + "3a25508291ec509c10f80ae66fe28e4c99b67dc71548ee679f3db6d0c8b1a8c1", + "2ed399e979fa1ad8971db52bf7c295584d8f5834c9546a8753db2d8674936e50", + "67d0e7c7c6ef03c64b8ff8b0e911de0e2b2e13925d78274b758dbf2b43cbe99f", + "9f6df629221781bdb2a5d1147f759819fbe05bf30862b871d50e6a912632bc5e", + "c2d10a0e9929a419e0fdf9ecb685b63b8027c93e27e41d8a19965b0b5fb315f6", + "284a302b8433f28439ac7adab777b0afb649eb798e869cf9f80ff9142359cb91", + "01769ed4caabda8eeeaf95cf2769e7c70c7d07efdda8c45c99dfdc29fb6426b3", + "47df64e82a237af5045e6fc6da1ed065302825eace28c86e0d622f6b9f29cddc", + "d49428195a33e18cc313f11cce15943f20c7b6919b2fc847668773fac1062c73", + "3074cb8b112d0f4ce6f4fac71bd6bd406a2fabc0551f29c3b7e8b771481dd330", + "c0d60f9c81843c9d5a564d96680635588ebad378bda384019e2c5fb2bf25d122" + ], + "mitre_attack_tags": [ + "TA0005", + "T1107" + ] + }, + { + "bi": "cmd-exe-file-execution", + "hashes": [ + "a7e31506a6f5136a74bc8e8ab40ca85f1d9a366ffaf69fbb01174c3302c2d836", + "7ca670fb5472d30d2bd320a373064dc919c3e24f580bdadc694a0c2950b620c5", + "5b5b6c36541723ae5caad84ba2c230ce3be5629fc68226f6c5663bae222a2ac8", + "3a25508291ec509c10f80ae66fe28e4c99b67dc71548ee679f3db6d0c8b1a8c1", + "2ed399e979fa1ad8971db52bf7c295584d8f5834c9546a8753db2d8674936e50", + "67d0e7c7c6ef03c64b8ff8b0e911de0e2b2e13925d78274b758dbf2b43cbe99f", + "9f6df629221781bdb2a5d1147f759819fbe05bf30862b871d50e6a912632bc5e", + "c2d10a0e9929a419e0fdf9ecb685b63b8027c93e27e41d8a19965b0b5fb315f6", + "284a302b8433f28439ac7adab777b0afb649eb798e869cf9f80ff9142359cb91", + "01769ed4caabda8eeeaf95cf2769e7c70c7d07efdda8c45c99dfdc29fb6426b3", + "47df64e82a237af5045e6fc6da1ed065302825eace28c86e0d622f6b9f29cddc", + "d49428195a33e18cc313f11cce15943f20c7b6919b2fc847668773fac1062c73", + "3074cb8b112d0f4ce6f4fac71bd6bd406a2fabc0551f29c3b7e8b771481dd330", + "c0d60f9c81843c9d5a564d96680635588ebad378bda384019e2c5fb2bf25d122" + ], + "mitre_attack_tags": [ + "TA0002", + "T1059" + ] + }, + { + "bi": "registry-modification-reg", + "hashes": [ + "a7e31506a6f5136a74bc8e8ab40ca85f1d9a366ffaf69fbb01174c3302c2d836", + "7ca670fb5472d30d2bd320a373064dc919c3e24f580bdadc694a0c2950b620c5", + "5b5b6c36541723ae5caad84ba2c230ce3be5629fc68226f6c5663bae222a2ac8", + "3a25508291ec509c10f80ae66fe28e4c99b67dc71548ee679f3db6d0c8b1a8c1", + "2ed399e979fa1ad8971db52bf7c295584d8f5834c9546a8753db2d8674936e50", + "67d0e7c7c6ef03c64b8ff8b0e911de0e2b2e13925d78274b758dbf2b43cbe99f", + "9f6df629221781bdb2a5d1147f759819fbe05bf30862b871d50e6a912632bc5e", + "c2d10a0e9929a419e0fdf9ecb685b63b8027c93e27e41d8a19965b0b5fb315f6", + "284a302b8433f28439ac7adab777b0afb649eb798e869cf9f80ff9142359cb91", + "01769ed4caabda8eeeaf95cf2769e7c70c7d07efdda8c45c99dfdc29fb6426b3", + "47df64e82a237af5045e6fc6da1ed065302825eace28c86e0d622f6b9f29cddc", + "d49428195a33e18cc313f11cce15943f20c7b6919b2fc847668773fac1062c73", + "3074cb8b112d0f4ce6f4fac71bd6bd406a2fabc0551f29c3b7e8b771481dd330", + "c0d60f9c81843c9d5a564d96680635588ebad378bda384019e2c5fb2bf25d122" + ], + "mitre_attack_tags": [] + }, + { + "bi": "malware-remcos-mutex", + "hashes": [ + "a7e31506a6f5136a74bc8e8ab40ca85f1d9a366ffaf69fbb01174c3302c2d836", + "7ca670fb5472d30d2bd320a373064dc919c3e24f580bdadc694a0c2950b620c5", + "5b5b6c36541723ae5caad84ba2c230ce3be5629fc68226f6c5663bae222a2ac8", + "3a25508291ec509c10f80ae66fe28e4c99b67dc71548ee679f3db6d0c8b1a8c1", + "2ed399e979fa1ad8971db52bf7c295584d8f5834c9546a8753db2d8674936e50", + "67d0e7c7c6ef03c64b8ff8b0e911de0e2b2e13925d78274b758dbf2b43cbe99f", + "9f6df629221781bdb2a5d1147f759819fbe05bf30862b871d50e6a912632bc5e", + "c2d10a0e9929a419e0fdf9ecb685b63b8027c93e27e41d8a19965b0b5fb315f6", + "284a302b8433f28439ac7adab777b0afb649eb798e869cf9f80ff9142359cb91", + "01769ed4caabda8eeeaf95cf2769e7c70c7d07efdda8c45c99dfdc29fb6426b3", + "47df64e82a237af5045e6fc6da1ed065302825eace28c86e0d622f6b9f29cddc", + "d49428195a33e18cc313f11cce15943f20c7b6919b2fc847668773fac1062c73", + "3074cb8b112d0f4ce6f4fac71bd6bd406a2fabc0551f29c3b7e8b771481dd330", + "c0d60f9c81843c9d5a564d96680635588ebad378bda384019e2c5fb2bf25d122" + ], + "mitre_attack_tags": [] + }, + { + "bi": "pe-header-timestamp-future", + "hashes": [ + "a7e31506a6f5136a74bc8e8ab40ca85f1d9a366ffaf69fbb01174c3302c2d836", + "7ca670fb5472d30d2bd320a373064dc919c3e24f580bdadc694a0c2950b620c5", + "5b5b6c36541723ae5caad84ba2c230ce3be5629fc68226f6c5663bae222a2ac8", + "3a25508291ec509c10f80ae66fe28e4c99b67dc71548ee679f3db6d0c8b1a8c1", + "2ed399e979fa1ad8971db52bf7c295584d8f5834c9546a8753db2d8674936e50", + "67d0e7c7c6ef03c64b8ff8b0e911de0e2b2e13925d78274b758dbf2b43cbe99f", + "9f6df629221781bdb2a5d1147f759819fbe05bf30862b871d50e6a912632bc5e", + "c2d10a0e9929a419e0fdf9ecb685b63b8027c93e27e41d8a19965b0b5fb315f6", + "284a302b8433f28439ac7adab777b0afb649eb798e869cf9f80ff9142359cb91", + "01769ed4caabda8eeeaf95cf2769e7c70c7d07efdda8c45c99dfdc29fb6426b3", + "47df64e82a237af5045e6fc6da1ed065302825eace28c86e0d622f6b9f29cddc", + "d49428195a33e18cc313f11cce15943f20c7b6919b2fc847668773fac1062c73", + "3074cb8b112d0f4ce6f4fac71bd6bd406a2fabc0551f29c3b7e8b771481dd330", + "c0d60f9c81843c9d5a564d96680635588ebad378bda384019e2c5fb2bf25d122" + ], + "mitre_attack_tags": [] + }, + { + "bi": "malware-remcos-registry", + "hashes": [ + "a7e31506a6f5136a74bc8e8ab40ca85f1d9a366ffaf69fbb01174c3302c2d836", + "7ca670fb5472d30d2bd320a373064dc919c3e24f580bdadc694a0c2950b620c5", + "5b5b6c36541723ae5caad84ba2c230ce3be5629fc68226f6c5663bae222a2ac8", + "3a25508291ec509c10f80ae66fe28e4c99b67dc71548ee679f3db6d0c8b1a8c1", + "2ed399e979fa1ad8971db52bf7c295584d8f5834c9546a8753db2d8674936e50", + "67d0e7c7c6ef03c64b8ff8b0e911de0e2b2e13925d78274b758dbf2b43cbe99f", + "9f6df629221781bdb2a5d1147f759819fbe05bf30862b871d50e6a912632bc5e", + "c2d10a0e9929a419e0fdf9ecb685b63b8027c93e27e41d8a19965b0b5fb315f6", + "284a302b8433f28439ac7adab777b0afb649eb798e869cf9f80ff9142359cb91", + "01769ed4caabda8eeeaf95cf2769e7c70c7d07efdda8c45c99dfdc29fb6426b3", + "47df64e82a237af5045e6fc6da1ed065302825eace28c86e0d622f6b9f29cddc", + "d49428195a33e18cc313f11cce15943f20c7b6919b2fc847668773fac1062c73", + "3074cb8b112d0f4ce6f4fac71bd6bd406a2fabc0551f29c3b7e8b771481dd330", + "c0d60f9c81843c9d5a564d96680635588ebad378bda384019e2c5fb2bf25d122" + ], + "mitre_attack_tags": [ + "TA0009", + "TA0006", + "TA0011", + "TA0008", + "T1056", + "T1113", + "T1125", + "T1123", + "T1105" + ] + }, + { + "bi": "files-deleted-used-vbs", + "hashes": [ + "a7e31506a6f5136a74bc8e8ab40ca85f1d9a366ffaf69fbb01174c3302c2d836", + "7ca670fb5472d30d2bd320a373064dc919c3e24f580bdadc694a0c2950b620c5", + "5b5b6c36541723ae5caad84ba2c230ce3be5629fc68226f6c5663bae222a2ac8", + "3a25508291ec509c10f80ae66fe28e4c99b67dc71548ee679f3db6d0c8b1a8c1", + "2ed399e979fa1ad8971db52bf7c295584d8f5834c9546a8753db2d8674936e50", + "67d0e7c7c6ef03c64b8ff8b0e911de0e2b2e13925d78274b758dbf2b43cbe99f", + "9f6df629221781bdb2a5d1147f759819fbe05bf30862b871d50e6a912632bc5e", + "c2d10a0e9929a419e0fdf9ecb685b63b8027c93e27e41d8a19965b0b5fb315f6", + "284a302b8433f28439ac7adab777b0afb649eb798e869cf9f80ff9142359cb91", + "01769ed4caabda8eeeaf95cf2769e7c70c7d07efdda8c45c99dfdc29fb6426b3", + "47df64e82a237af5045e6fc6da1ed065302825eace28c86e0d622f6b9f29cddc", + "d49428195a33e18cc313f11cce15943f20c7b6919b2fc847668773fac1062c73", + "3074cb8b112d0f4ce6f4fac71bd6bd406a2fabc0551f29c3b7e8b771481dd330", + "c0d60f9c81843c9d5a564d96680635588ebad378bda384019e2c5fb2bf25d122" + ], + "mitre_attack_tags": [ + "TA0005", + "T1107" + ] + }, + { + "bi": "benign-process-has-child", + "hashes": [ + "a7e31506a6f5136a74bc8e8ab40ca85f1d9a366ffaf69fbb01174c3302c2d836", + "7ca670fb5472d30d2bd320a373064dc919c3e24f580bdadc694a0c2950b620c5", + "5b5b6c36541723ae5caad84ba2c230ce3be5629fc68226f6c5663bae222a2ac8", + "3a25508291ec509c10f80ae66fe28e4c99b67dc71548ee679f3db6d0c8b1a8c1", + "2ed399e979fa1ad8971db52bf7c295584d8f5834c9546a8753db2d8674936e50", + "67d0e7c7c6ef03c64b8ff8b0e911de0e2b2e13925d78274b758dbf2b43cbe99f", + "9f6df629221781bdb2a5d1147f759819fbe05bf30862b871d50e6a912632bc5e", + "c2d10a0e9929a419e0fdf9ecb685b63b8027c93e27e41d8a19965b0b5fb315f6", + "284a302b8433f28439ac7adab777b0afb649eb798e869cf9f80ff9142359cb91", + "01769ed4caabda8eeeaf95cf2769e7c70c7d07efdda8c45c99dfdc29fb6426b3", + "47df64e82a237af5045e6fc6da1ed065302825eace28c86e0d622f6b9f29cddc", + "d49428195a33e18cc313f11cce15943f20c7b6919b2fc847668773fac1062c73", + "3074cb8b112d0f4ce6f4fac71bd6bd406a2fabc0551f29c3b7e8b771481dd330", + "c0d60f9c81843c9d5a564d96680635588ebad378bda384019e2c5fb2bf25d122" + ], + "mitre_attack_tags": [ + "TA0005", + "T1055" + ] + }, + { + "bi": "fake-windows-directory-file-creation", + "hashes": [ + "a7e31506a6f5136a74bc8e8ab40ca85f1d9a366ffaf69fbb01174c3302c2d836", + "7ca670fb5472d30d2bd320a373064dc919c3e24f580bdadc694a0c2950b620c5", + "5b5b6c36541723ae5caad84ba2c230ce3be5629fc68226f6c5663bae222a2ac8", + "3a25508291ec509c10f80ae66fe28e4c99b67dc71548ee679f3db6d0c8b1a8c1", + "2ed399e979fa1ad8971db52bf7c295584d8f5834c9546a8753db2d8674936e50", + "67d0e7c7c6ef03c64b8ff8b0e911de0e2b2e13925d78274b758dbf2b43cbe99f", + "9f6df629221781bdb2a5d1147f759819fbe05bf30862b871d50e6a912632bc5e", + "c2d10a0e9929a419e0fdf9ecb685b63b8027c93e27e41d8a19965b0b5fb315f6", + "284a302b8433f28439ac7adab777b0afb649eb798e869cf9f80ff9142359cb91", + "01769ed4caabda8eeeaf95cf2769e7c70c7d07efdda8c45c99dfdc29fb6426b3", + "47df64e82a237af5045e6fc6da1ed065302825eace28c86e0d622f6b9f29cddc", + "d49428195a33e18cc313f11cce15943f20c7b6919b2fc847668773fac1062c73", + "3074cb8b112d0f4ce6f4fac71bd6bd406a2fabc0551f29c3b7e8b771481dd330", + "c0d60f9c81843c9d5a564d96680635588ebad378bda384019e2c5fb2bf25d122" + ], + "mitre_attack_tags": [ + "TA0005", + "TA0002", + "T1036", + "T1151" + ] + }, + { + "bi": "malware-gelup-artifact-detected", + "hashes": [ + "a7e31506a6f5136a74bc8e8ab40ca85f1d9a366ffaf69fbb01174c3302c2d836", + "7ca670fb5472d30d2bd320a373064dc919c3e24f580bdadc694a0c2950b620c5", + "5b5b6c36541723ae5caad84ba2c230ce3be5629fc68226f6c5663bae222a2ac8", + "3a25508291ec509c10f80ae66fe28e4c99b67dc71548ee679f3db6d0c8b1a8c1", + "2ed399e979fa1ad8971db52bf7c295584d8f5834c9546a8753db2d8674936e50", + "67d0e7c7c6ef03c64b8ff8b0e911de0e2b2e13925d78274b758dbf2b43cbe99f", + "9f6df629221781bdb2a5d1147f759819fbe05bf30862b871d50e6a912632bc5e", + "c2d10a0e9929a419e0fdf9ecb685b63b8027c93e27e41d8a19965b0b5fb315f6", + "284a302b8433f28439ac7adab777b0afb649eb798e869cf9f80ff9142359cb91", + "01769ed4caabda8eeeaf95cf2769e7c70c7d07efdda8c45c99dfdc29fb6426b3", + "47df64e82a237af5045e6fc6da1ed065302825eace28c86e0d622f6b9f29cddc", + "d49428195a33e18cc313f11cce15943f20c7b6919b2fc847668773fac1062c73", + "3074cb8b112d0f4ce6f4fac71bd6bd406a2fabc0551f29c3b7e8b771481dd330", + "c0d60f9c81843c9d5a564d96680635588ebad378bda384019e2c5fb2bf25d122" + ], + "mitre_attack_tags": [] + }, + { + "bi": "network-snort-protocol", + "hashes": [ + "a7e31506a6f5136a74bc8e8ab40ca85f1d9a366ffaf69fbb01174c3302c2d836", + "7ca670fb5472d30d2bd320a373064dc919c3e24f580bdadc694a0c2950b620c5", + "5b5b6c36541723ae5caad84ba2c230ce3be5629fc68226f6c5663bae222a2ac8", + "3a25508291ec509c10f80ae66fe28e4c99b67dc71548ee679f3db6d0c8b1a8c1", + "2ed399e979fa1ad8971db52bf7c295584d8f5834c9546a8753db2d8674936e50", + "67d0e7c7c6ef03c64b8ff8b0e911de0e2b2e13925d78274b758dbf2b43cbe99f", + "9f6df629221781bdb2a5d1147f759819fbe05bf30862b871d50e6a912632bc5e", + "c2d10a0e9929a419e0fdf9ecb685b63b8027c93e27e41d8a19965b0b5fb315f6", + "01769ed4caabda8eeeaf95cf2769e7c70c7d07efdda8c45c99dfdc29fb6426b3", + "47df64e82a237af5045e6fc6da1ed065302825eace28c86e0d622f6b9f29cddc", + "d49428195a33e18cc313f11cce15943f20c7b6919b2fc847668773fac1062c73", + "3074cb8b112d0f4ce6f4fac71bd6bd406a2fabc0551f29c3b7e8b771481dd330", + "c0d60f9c81843c9d5a564d96680635588ebad378bda384019e2c5fb2bf25d122" + ], + "mitre_attack_tags": [] + }, + { + "bi": "malware-remcos-path", + "hashes": [ + "a7e31506a6f5136a74bc8e8ab40ca85f1d9a366ffaf69fbb01174c3302c2d836", + "7ca670fb5472d30d2bd320a373064dc919c3e24f580bdadc694a0c2950b620c5", + "c2d10a0e9929a419e0fdf9ecb685b63b8027c93e27e41d8a19965b0b5fb315f6", + "c0d60f9c81843c9d5a564d96680635588ebad378bda384019e2c5fb2bf25d122" + ], + "mitre_attack_tags": [] + }, + { + "bi": "network-dns-category-dynamic", + "hashes": [ + "3a25508291ec509c10f80ae66fe28e4c99b67dc71548ee679f3db6d0c8b1a8c1", + "67d0e7c7c6ef03c64b8ff8b0e911de0e2b2e13925d78274b758dbf2b43cbe99f", + "c2d10a0e9929a419e0fdf9ecb685b63b8027c93e27e41d8a19965b0b5fb315f6", + "47df64e82a237af5045e6fc6da1ed065302825eace28c86e0d622f6b9f29cddc" + ], + "mitre_attack_tags": [] + }, + { + "bi": "audio-video-mutex-detected", + "hashes": [ + "396e48550c04112c13456de4da057a5228757304afc0d20c74f5c24a735982a5", + "4429cd213094b8cb8b85afb9517140c551133333a920bbf82ba6cb1dfcbb9434" + ], + "mitre_attack_tags": [ + "TA0009", + "T1123", + "T1125" + ] + }, + { + "bi": "network-opendns-malicious", + "hashes": [ + "7ca670fb5472d30d2bd320a373064dc919c3e24f580bdadc694a0c2950b620c5", + "c0d60f9c81843c9d5a564d96680635588ebad378bda384019e2c5fb2bf25d122" + ], + "mitre_attack_tags": [] + }, + { + "bi": "network-dns-category-cnc", + "hashes": [ + "7ca670fb5472d30d2bd320a373064dc919c3e24f580bdadc694a0c2950b620c5", + "c0d60f9c81843c9d5a564d96680635588ebad378bda384019e2c5fb2bf25d122" + ], + "mitre_attack_tags": [ + "TA0011" + ] + }, + { + "bi": "antivirus-service-flagged-artifact-mid", + "hashes": [ + "3a25508291ec509c10f80ae66fe28e4c99b67dc71548ee679f3db6d0c8b1a8c1" + ], + "mitre_attack_tags": [] + }, + { + "bi": "file-ini-read", + "hashes": [ + "4429cd213094b8cb8b85afb9517140c551133333a920bbf82ba6cb1dfcbb9434" + ], + "mitre_attack_tags": [] + }, + { + "bi": "windows-vault-api", + "hashes": [ + "4429cd213094b8cb8b85afb9517140c551133333a920bbf82ba6cb1dfcbb9434" + ], + "mitre_attack_tags": [ + "TA0006", + "T1003" + ] + }, + { + "bi": "firefox-password-manager-local-database-access", + "hashes": [ + "4429cd213094b8cb8b85afb9517140c551133333a920bbf82ba6cb1dfcbb9434" + ], + "mitre_attack_tags": [ + "TA0006", + "T1003" + ] + }, + { + "bi": "enumeration-browser-information", + "hashes": [ + "4429cd213094b8cb8b85afb9517140c551133333a920bbf82ba6cb1dfcbb9434" + ], + "mitre_attack_tags": [ + "TA0007", + "TA0006", + "T1003", + "T1217" + ] + }, + { + "bi": "network-fast-flux-nameserver", + "hashes": [ + "01769ed4caabda8eeeaf95cf2769e7c70c7d07efdda8c45c99dfdc29fb6426b3" + ], + "mitre_attack_tags": [] + }, + { + "bi": "dns-query-nxdomain", + "hashes": [ + "01769ed4caabda8eeeaf95cf2769e7c70c7d07efdda8c45c99dfdc29fb6426b3" + ], + "mitre_attack_tags": [] + }, + { + "bi": "netbios-query", + "hashes": [ + "01769ed4caabda8eeeaf95cf2769e7c70c7d07efdda8c45c99dfdc29fb6426b3" + ], + "mitre_attack_tags": [] + } + ], + "category": "Malware", + "coverage": { + "AMP": true, + "CWS": true, + "Cloudlock": false, + "Email Security": true, + "Network Security": true, + "Threat Grid": true, + "Umbrella": true, + "WSA": true + }, + "description": "Remcos is a remote access trojan (RAT) that allows attackers to execute commands on the infected host, log keystrokes, interact with a webcam, and capture screenshots. It is commonly delivered through Microsoft Office documents with macros, sent as attachments on malicious emails.", + "hashes": [ + "01769ed4caabda8eeeaf95cf2769e7c70c7d07efdda8c45c99dfdc29fb6426b3", + "0bdc3b3fd3b8f4e356b694b3cfa541ff548c741cd24f1209a357f931ef00ca94", + "284a302b8433f28439ac7adab777b0afb649eb798e869cf9f80ff9142359cb91", + "2ed399e979fa1ad8971db52bf7c295584d8f5834c9546a8753db2d8674936e50", + "3074cb8b112d0f4ce6f4fac71bd6bd406a2fabc0551f29c3b7e8b771481dd330", + "396e48550c04112c13456de4da057a5228757304afc0d20c74f5c24a735982a5", + "3a25508291ec509c10f80ae66fe28e4c99b67dc71548ee679f3db6d0c8b1a8c1", + "4429cd213094b8cb8b85afb9517140c551133333a920bbf82ba6cb1dfcbb9434", + "47df64e82a237af5045e6fc6da1ed065302825eace28c86e0d622f6b9f29cddc", + "5b5b6c36541723ae5caad84ba2c230ce3be5629fc68226f6c5663bae222a2ac8", + "67d0e7c7c6ef03c64b8ff8b0e911de0e2b2e13925d78274b758dbf2b43cbe99f", + "7ca670fb5472d30d2bd320a373064dc919c3e24f580bdadc694a0c2950b620c5", + "9f6df629221781bdb2a5d1147f759819fbe05bf30862b871d50e6a912632bc5e", + "a7e31506a6f5136a74bc8e8ab40ca85f1d9a366ffaf69fbb01174c3302c2d836", + "c0d60f9c81843c9d5a564d96680635588ebad378bda384019e2c5fb2bf25d122", + "c2d10a0e9929a419e0fdf9ecb685b63b8027c93e27e41d8a19965b0b5fb315f6", + "d49428195a33e18cc313f11cce15943f20c7b6919b2fc847668773fac1062c73" + ], + "iocs": { + "domain": [ + { + "hashes": [ + "2ed399e979fa1ad8971db52bf7c295584d8f5834c9546a8753db2d8674936e50", + "5b5b6c36541723ae5caad84ba2c230ce3be5629fc68226f6c5663bae222a2ac8", + "9f6df629221781bdb2a5d1147f759819fbe05bf30862b871d50e6a912632bc5e" + ], + "host": "goddywin[.]freedynamicdns[.]net" + }, + { + "hashes": [ + "01769ed4caabda8eeeaf95cf2769e7c70c7d07efdda8c45c99dfdc29fb6426b3", + "3074cb8b112d0f4ce6f4fac71bd6bd406a2fabc0551f29c3b7e8b771481dd330", + "d49428195a33e18cc313f11cce15943f20c7b6919b2fc847668773fac1062c73" + ], + "host": "boot[.]awsmppl[.]com" + }, + { + "hashes": [ + "3074cb8b112d0f4ce6f4fac71bd6bd406a2fabc0551f29c3b7e8b771481dd330", + "d49428195a33e18cc313f11cce15943f20c7b6919b2fc847668773fac1062c73" + ], + "host": "doc-0k-8o-docs[.]googleusercontent[.]com" + }, + { + "hashes": [ + "7ca670fb5472d30d2bd320a373064dc919c3e24f580bdadc694a0c2950b620c5", + "c0d60f9c81843c9d5a564d96680635588ebad378bda384019e2c5fb2bf25d122" + ], + "host": "u864246[.]nvpn[.]so" + }, + { + "hashes": [ + "7ca670fb5472d30d2bd320a373064dc919c3e24f580bdadc694a0c2950b620c5", + "c0d60f9c81843c9d5a564d96680635588ebad378bda384019e2c5fb2bf25d122" + ], + "host": "doc-0c-b0-docs[.]googleusercontent[.]com" + }, + { + "hashes": [ + "3a25508291ec509c10f80ae66fe28e4c99b67dc71548ee679f3db6d0c8b1a8c1", + "47df64e82a237af5045e6fc6da1ed065302825eace28c86e0d622f6b9f29cddc" + ], + "host": "newdawn4me[.]ddns[.]net" + }, + { + "hashes": [ + "47df64e82a237af5045e6fc6da1ed065302825eace28c86e0d622f6b9f29cddc", + "c2d10a0e9929a419e0fdf9ecb685b63b8027c93e27e41d8a19965b0b5fb315f6" + ], + "host": "doc-0g-54-docs[.]googleusercontent[.]com" + }, + { + "hashes": [ + "396e48550c04112c13456de4da057a5228757304afc0d20c74f5c24a735982a5" + ], + "host": "cdn[.]discordapp[.]com" + }, + { + "hashes": [ + "67d0e7c7c6ef03c64b8ff8b0e911de0e2b2e13925d78274b758dbf2b43cbe99f" + ], + "host": "doc-00-54-docs[.]googleusercontent[.]com" + }, + { + "hashes": [ + "4429cd213094b8cb8b85afb9517140c551133333a920bbf82ba6cb1dfcbb9434" + ], + "host": "doc-04-6k-docs[.]googleusercontent[.]com" + }, + { + "hashes": [ + "284a302b8433f28439ac7adab777b0afb649eb798e869cf9f80ff9142359cb91" + ], + "host": "site[.]ptbagasps[.]co[.]id" + }, + { + "hashes": [ + "2ed399e979fa1ad8971db52bf7c295584d8f5834c9546a8753db2d8674936e50" + ], + "host": "doc-14-54-docs[.]googleusercontent[.]com" + }, + { + "hashes": [ + "c2d10a0e9929a419e0fdf9ecb685b63b8027c93e27e41d8a19965b0b5fb315f6" + ], + "host": "dolxxrem[.]hopto[.]org" + }, + { + "hashes": [ + "5b5b6c36541723ae5caad84ba2c230ce3be5629fc68226f6c5663bae222a2ac8" + ], + "host": "doc-0c-54-docs[.]googleusercontent[.]com" + }, + { + "hashes": [ + "67d0e7c7c6ef03c64b8ff8b0e911de0e2b2e13925d78274b758dbf2b43cbe99f" + ], + "host": "thankyoulord[.]ddns[.]net" + }, + { + "hashes": [ + "9f6df629221781bdb2a5d1147f759819fbe05bf30862b871d50e6a912632bc5e" + ], + "host": "doc-0o-54-docs[.]googleusercontent[.]com" + }, + { + "hashes": [ + "3a25508291ec509c10f80ae66fe28e4c99b67dc71548ee679f3db6d0c8b1a8c1" + ], + "host": "doc-0s-54-docs[.]googleusercontent[.]com" + }, + { + "hashes": [ + "01769ed4caabda8eeeaf95cf2769e7c70c7d07efdda8c45c99dfdc29fb6426b3" + ], + "host": "coolcc1[.]xzy" + }, + { + "hashes": [ + "a7e31506a6f5136a74bc8e8ab40ca85f1d9a366ffaf69fbb01174c3302c2d836" + ], + "host": "latua[.]nsupdate[.]info" + }, + { + "hashes": [ + "01769ed4caabda8eeeaf95cf2769e7c70c7d07efdda8c45c99dfdc29fb6426b3" + ], + "host": "coolget1[.]xzy" + }, + { + "hashes": [ + "a7e31506a6f5136a74bc8e8ab40ca85f1d9a366ffaf69fbb01174c3302c2d836" + ], + "host": "doc-0s-b0-docs[.]googleusercontent[.]com" + }, + { + "hashes": [ + "01769ed4caabda8eeeaf95cf2769e7c70c7d07efdda8c45c99dfdc29fb6426b3" + ], + "host": "doc-10-8o-docs[.]googleusercontent[.]com" + }, + { + "hashes": [ + "01769ed4caabda8eeeaf95cf2769e7c70c7d07efdda8c45c99dfdc29fb6426b3" + ], + "host": "coolta1[.]xzy" + }, + { + "hashes": [ + "01769ed4caabda8eeeaf95cf2769e7c70c7d07efdda8c45c99dfdc29fb6426b3" + ], + "host": "coolta2[.]xzy" + }, + { + "hashes": [ + "01769ed4caabda8eeeaf95cf2769e7c70c7d07efdda8c45c99dfdc29fb6426b3" + ], + "host": "coolta71[.]com" + }, + { + "hashes": [ + "284a302b8433f28439ac7adab777b0afb649eb798e869cf9f80ff9142359cb91" + ], + "host": "doc-0c-bk-docs[.]googleusercontent[.]com" + } + ], + "file": [ + { + "hashes": [ + "01769ed4caabda8eeeaf95cf2769e7c70c7d07efdda8c45c99dfdc29fb6426b3", + "284a302b8433f28439ac7adab777b0afb649eb798e869cf9f80ff9142359cb91", + "2ed399e979fa1ad8971db52bf7c295584d8f5834c9546a8753db2d8674936e50", + "3074cb8b112d0f4ce6f4fac71bd6bd406a2fabc0551f29c3b7e8b771481dd330", + "396e48550c04112c13456de4da057a5228757304afc0d20c74f5c24a735982a5", + "3a25508291ec509c10f80ae66fe28e4c99b67dc71548ee679f3db6d0c8b1a8c1", + "4429cd213094b8cb8b85afb9517140c551133333a920bbf82ba6cb1dfcbb9434", + "47df64e82a237af5045e6fc6da1ed065302825eace28c86e0d622f6b9f29cddc", + "5b5b6c36541723ae5caad84ba2c230ce3be5629fc68226f6c5663bae222a2ac8", + "67d0e7c7c6ef03c64b8ff8b0e911de0e2b2e13925d78274b758dbf2b43cbe99f", + "7ca670fb5472d30d2bd320a373064dc919c3e24f580bdadc694a0c2950b620c5", + "9f6df629221781bdb2a5d1147f759819fbe05bf30862b871d50e6a912632bc5e", + "a7e31506a6f5136a74bc8e8ab40ca85f1d9a366ffaf69fbb01174c3302c2d836", + "c0d60f9c81843c9d5a564d96680635588ebad378bda384019e2c5fb2bf25d122", + "c2d10a0e9929a419e0fdf9ecb685b63b8027c93e27e41d8a19965b0b5fb315f6", + "d49428195a33e18cc313f11cce15943f20c7b6919b2fc847668773fac1062c73" + ], + "path": "%LOCALAPPDATA%\\<random, matching '[a-z0-9]{3,7}'>" + }, + { + "hashes": [ + "01769ed4caabda8eeeaf95cf2769e7c70c7d07efdda8c45c99dfdc29fb6426b3", + "284a302b8433f28439ac7adab777b0afb649eb798e869cf9f80ff9142359cb91", + "2ed399e979fa1ad8971db52bf7c295584d8f5834c9546a8753db2d8674936e50", + "3074cb8b112d0f4ce6f4fac71bd6bd406a2fabc0551f29c3b7e8b771481dd330", + "3a25508291ec509c10f80ae66fe28e4c99b67dc71548ee679f3db6d0c8b1a8c1", + "47df64e82a237af5045e6fc6da1ed065302825eace28c86e0d622f6b9f29cddc", + "5b5b6c36541723ae5caad84ba2c230ce3be5629fc68226f6c5663bae222a2ac8", + "67d0e7c7c6ef03c64b8ff8b0e911de0e2b2e13925d78274b758dbf2b43cbe99f", + "7ca670fb5472d30d2bd320a373064dc919c3e24f580bdadc694a0c2950b620c5", + "9f6df629221781bdb2a5d1147f759819fbe05bf30862b871d50e6a912632bc5e", + "a7e31506a6f5136a74bc8e8ab40ca85f1d9a366ffaf69fbb01174c3302c2d836", + "c0d60f9c81843c9d5a564d96680635588ebad378bda384019e2c5fb2bf25d122", + "c2d10a0e9929a419e0fdf9ecb685b63b8027c93e27e41d8a19965b0b5fb315f6", + "d49428195a33e18cc313f11cce15943f20c7b6919b2fc847668773fac1062c73" + ], + "path": "%System32%\\winevt\\Logs\\Microsoft-Windows-CodeIntegrity%4Operational.evtx" + }, + { + "hashes": [ + "01769ed4caabda8eeeaf95cf2769e7c70c7d07efdda8c45c99dfdc29fb6426b3", + "284a302b8433f28439ac7adab777b0afb649eb798e869cf9f80ff9142359cb91", + "2ed399e979fa1ad8971db52bf7c295584d8f5834c9546a8753db2d8674936e50", + "3074cb8b112d0f4ce6f4fac71bd6bd406a2fabc0551f29c3b7e8b771481dd330", + "3a25508291ec509c10f80ae66fe28e4c99b67dc71548ee679f3db6d0c8b1a8c1", + "47df64e82a237af5045e6fc6da1ed065302825eace28c86e0d622f6b9f29cddc", + "5b5b6c36541723ae5caad84ba2c230ce3be5629fc68226f6c5663bae222a2ac8", + "67d0e7c7c6ef03c64b8ff8b0e911de0e2b2e13925d78274b758dbf2b43cbe99f", + "7ca670fb5472d30d2bd320a373064dc919c3e24f580bdadc694a0c2950b620c5", + "9f6df629221781bdb2a5d1147f759819fbe05bf30862b871d50e6a912632bc5e", + "a7e31506a6f5136a74bc8e8ab40ca85f1d9a366ffaf69fbb01174c3302c2d836", + "c0d60f9c81843c9d5a564d96680635588ebad378bda384019e2c5fb2bf25d122", + "c2d10a0e9929a419e0fdf9ecb685b63b8027c93e27e41d8a19965b0b5fb315f6", + "d49428195a33e18cc313f11cce15943f20c7b6919b2fc847668773fac1062c73" + ], + "path": "%PUBLIC%\\Natso.bat" + }, + { + "hashes": [ + "01769ed4caabda8eeeaf95cf2769e7c70c7d07efdda8c45c99dfdc29fb6426b3", + "284a302b8433f28439ac7adab777b0afb649eb798e869cf9f80ff9142359cb91", + "2ed399e979fa1ad8971db52bf7c295584d8f5834c9546a8753db2d8674936e50", + "3074cb8b112d0f4ce6f4fac71bd6bd406a2fabc0551f29c3b7e8b771481dd330", + "3a25508291ec509c10f80ae66fe28e4c99b67dc71548ee679f3db6d0c8b1a8c1", + "47df64e82a237af5045e6fc6da1ed065302825eace28c86e0d622f6b9f29cddc", + "5b5b6c36541723ae5caad84ba2c230ce3be5629fc68226f6c5663bae222a2ac8", + "67d0e7c7c6ef03c64b8ff8b0e911de0e2b2e13925d78274b758dbf2b43cbe99f", + "7ca670fb5472d30d2bd320a373064dc919c3e24f580bdadc694a0c2950b620c5", + "9f6df629221781bdb2a5d1147f759819fbe05bf30862b871d50e6a912632bc5e", + "a7e31506a6f5136a74bc8e8ab40ca85f1d9a366ffaf69fbb01174c3302c2d836", + "c0d60f9c81843c9d5a564d96680635588ebad378bda384019e2c5fb2bf25d122", + "c2d10a0e9929a419e0fdf9ecb685b63b8027c93e27e41d8a19965b0b5fb315f6", + "d49428195a33e18cc313f11cce15943f20c7b6919b2fc847668773fac1062c73" + ], + "path": "%PUBLIC%\\Runex.bat" + }, + { + "hashes": [ + "01769ed4caabda8eeeaf95cf2769e7c70c7d07efdda8c45c99dfdc29fb6426b3", + "284a302b8433f28439ac7adab777b0afb649eb798e869cf9f80ff9142359cb91", + "2ed399e979fa1ad8971db52bf7c295584d8f5834c9546a8753db2d8674936e50", + "3074cb8b112d0f4ce6f4fac71bd6bd406a2fabc0551f29c3b7e8b771481dd330", + "3a25508291ec509c10f80ae66fe28e4c99b67dc71548ee679f3db6d0c8b1a8c1", + "47df64e82a237af5045e6fc6da1ed065302825eace28c86e0d622f6b9f29cddc", + "5b5b6c36541723ae5caad84ba2c230ce3be5629fc68226f6c5663bae222a2ac8", + "67d0e7c7c6ef03c64b8ff8b0e911de0e2b2e13925d78274b758dbf2b43cbe99f", + "7ca670fb5472d30d2bd320a373064dc919c3e24f580bdadc694a0c2950b620c5", + "9f6df629221781bdb2a5d1147f759819fbe05bf30862b871d50e6a912632bc5e", + "a7e31506a6f5136a74bc8e8ab40ca85f1d9a366ffaf69fbb01174c3302c2d836", + "c0d60f9c81843c9d5a564d96680635588ebad378bda384019e2c5fb2bf25d122", + "c2d10a0e9929a419e0fdf9ecb685b63b8027c93e27e41d8a19965b0b5fb315f6", + "d49428195a33e18cc313f11cce15943f20c7b6919b2fc847668773fac1062c73" + ], + "path": "%PUBLIC%\\fodhelper.exe" + }, + { + "hashes": [ + "01769ed4caabda8eeeaf95cf2769e7c70c7d07efdda8c45c99dfdc29fb6426b3", + "284a302b8433f28439ac7adab777b0afb649eb798e869cf9f80ff9142359cb91", + "2ed399e979fa1ad8971db52bf7c295584d8f5834c9546a8753db2d8674936e50", + "3074cb8b112d0f4ce6f4fac71bd6bd406a2fabc0551f29c3b7e8b771481dd330", + "3a25508291ec509c10f80ae66fe28e4c99b67dc71548ee679f3db6d0c8b1a8c1", + "47df64e82a237af5045e6fc6da1ed065302825eace28c86e0d622f6b9f29cddc", + "5b5b6c36541723ae5caad84ba2c230ce3be5629fc68226f6c5663bae222a2ac8", + "67d0e7c7c6ef03c64b8ff8b0e911de0e2b2e13925d78274b758dbf2b43cbe99f", + "7ca670fb5472d30d2bd320a373064dc919c3e24f580bdadc694a0c2950b620c5", + "9f6df629221781bdb2a5d1147f759819fbe05bf30862b871d50e6a912632bc5e", + "a7e31506a6f5136a74bc8e8ab40ca85f1d9a366ffaf69fbb01174c3302c2d836", + "c0d60f9c81843c9d5a564d96680635588ebad378bda384019e2c5fb2bf25d122", + "c2d10a0e9929a419e0fdf9ecb685b63b8027c93e27e41d8a19965b0b5fb315f6", + "d49428195a33e18cc313f11cce15943f20c7b6919b2fc847668773fac1062c73" + ], + "path": "%PUBLIC%\\propsys.dll" + }, + { + "hashes": [ + "01769ed4caabda8eeeaf95cf2769e7c70c7d07efdda8c45c99dfdc29fb6426b3", + "284a302b8433f28439ac7adab777b0afb649eb798e869cf9f80ff9142359cb91", + "2ed399e979fa1ad8971db52bf7c295584d8f5834c9546a8753db2d8674936e50", + "3074cb8b112d0f4ce6f4fac71bd6bd406a2fabc0551f29c3b7e8b771481dd330", + "3a25508291ec509c10f80ae66fe28e4c99b67dc71548ee679f3db6d0c8b1a8c1", + "47df64e82a237af5045e6fc6da1ed065302825eace28c86e0d622f6b9f29cddc", + "5b5b6c36541723ae5caad84ba2c230ce3be5629fc68226f6c5663bae222a2ac8", + "67d0e7c7c6ef03c64b8ff8b0e911de0e2b2e13925d78274b758dbf2b43cbe99f", + "7ca670fb5472d30d2bd320a373064dc919c3e24f580bdadc694a0c2950b620c5", + "9f6df629221781bdb2a5d1147f759819fbe05bf30862b871d50e6a912632bc5e", + "a7e31506a6f5136a74bc8e8ab40ca85f1d9a366ffaf69fbb01174c3302c2d836", + "c0d60f9c81843c9d5a564d96680635588ebad378bda384019e2c5fb2bf25d122", + "c2d10a0e9929a419e0fdf9ecb685b63b8027c93e27e41d8a19965b0b5fb315f6", + "d49428195a33e18cc313f11cce15943f20c7b6919b2fc847668773fac1062c73" + ], + "path": "%PUBLIC%\\x.bat" + }, + { + "hashes": [ + "01769ed4caabda8eeeaf95cf2769e7c70c7d07efdda8c45c99dfdc29fb6426b3", + "284a302b8433f28439ac7adab777b0afb649eb798e869cf9f80ff9142359cb91", + "2ed399e979fa1ad8971db52bf7c295584d8f5834c9546a8753db2d8674936e50", + "3074cb8b112d0f4ce6f4fac71bd6bd406a2fabc0551f29c3b7e8b771481dd330", + "3a25508291ec509c10f80ae66fe28e4c99b67dc71548ee679f3db6d0c8b1a8c1", + "47df64e82a237af5045e6fc6da1ed065302825eace28c86e0d622f6b9f29cddc", + "5b5b6c36541723ae5caad84ba2c230ce3be5629fc68226f6c5663bae222a2ac8", + "67d0e7c7c6ef03c64b8ff8b0e911de0e2b2e13925d78274b758dbf2b43cbe99f", + "7ca670fb5472d30d2bd320a373064dc919c3e24f580bdadc694a0c2950b620c5", + "9f6df629221781bdb2a5d1147f759819fbe05bf30862b871d50e6a912632bc5e", + "a7e31506a6f5136a74bc8e8ab40ca85f1d9a366ffaf69fbb01174c3302c2d836", + "c0d60f9c81843c9d5a564d96680635588ebad378bda384019e2c5fb2bf25d122", + "c2d10a0e9929a419e0fdf9ecb685b63b8027c93e27e41d8a19965b0b5fb315f6", + "d49428195a33e18cc313f11cce15943f20c7b6919b2fc847668773fac1062c73" + ], + "path": "%SystemRoot% " + }, + { + "hashes": [ + "01769ed4caabda8eeeaf95cf2769e7c70c7d07efdda8c45c99dfdc29fb6426b3", + "284a302b8433f28439ac7adab777b0afb649eb798e869cf9f80ff9142359cb91", + "2ed399e979fa1ad8971db52bf7c295584d8f5834c9546a8753db2d8674936e50", + "3074cb8b112d0f4ce6f4fac71bd6bd406a2fabc0551f29c3b7e8b771481dd330", + "3a25508291ec509c10f80ae66fe28e4c99b67dc71548ee679f3db6d0c8b1a8c1", + "47df64e82a237af5045e6fc6da1ed065302825eace28c86e0d622f6b9f29cddc", + "5b5b6c36541723ae5caad84ba2c230ce3be5629fc68226f6c5663bae222a2ac8", + "67d0e7c7c6ef03c64b8ff8b0e911de0e2b2e13925d78274b758dbf2b43cbe99f", + "7ca670fb5472d30d2bd320a373064dc919c3e24f580bdadc694a0c2950b620c5", + "9f6df629221781bdb2a5d1147f759819fbe05bf30862b871d50e6a912632bc5e", + "a7e31506a6f5136a74bc8e8ab40ca85f1d9a366ffaf69fbb01174c3302c2d836", + "c0d60f9c81843c9d5a564d96680635588ebad378bda384019e2c5fb2bf25d122", + "c2d10a0e9929a419e0fdf9ecb685b63b8027c93e27e41d8a19965b0b5fb315f6", + "d49428195a33e18cc313f11cce15943f20c7b6919b2fc847668773fac1062c73" + ], + "path": "%SystemRoot% \\System32" + }, + { + "hashes": [ + "01769ed4caabda8eeeaf95cf2769e7c70c7d07efdda8c45c99dfdc29fb6426b3", + "284a302b8433f28439ac7adab777b0afb649eb798e869cf9f80ff9142359cb91", + "2ed399e979fa1ad8971db52bf7c295584d8f5834c9546a8753db2d8674936e50", + "3074cb8b112d0f4ce6f4fac71bd6bd406a2fabc0551f29c3b7e8b771481dd330", + "3a25508291ec509c10f80ae66fe28e4c99b67dc71548ee679f3db6d0c8b1a8c1", + "47df64e82a237af5045e6fc6da1ed065302825eace28c86e0d622f6b9f29cddc", + "5b5b6c36541723ae5caad84ba2c230ce3be5629fc68226f6c5663bae222a2ac8", + "67d0e7c7c6ef03c64b8ff8b0e911de0e2b2e13925d78274b758dbf2b43cbe99f", + "7ca670fb5472d30d2bd320a373064dc919c3e24f580bdadc694a0c2950b620c5", + "9f6df629221781bdb2a5d1147f759819fbe05bf30862b871d50e6a912632bc5e", + "a7e31506a6f5136a74bc8e8ab40ca85f1d9a366ffaf69fbb01174c3302c2d836", + "c0d60f9c81843c9d5a564d96680635588ebad378bda384019e2c5fb2bf25d122", + "c2d10a0e9929a419e0fdf9ecb685b63b8027c93e27e41d8a19965b0b5fb315f6", + "d49428195a33e18cc313f11cce15943f20c7b6919b2fc847668773fac1062c73" + ], + "path": "%SystemRoot% \\System32\\fodhelper.exe" + }, + { + "hashes": [ + "01769ed4caabda8eeeaf95cf2769e7c70c7d07efdda8c45c99dfdc29fb6426b3", + "284a302b8433f28439ac7adab777b0afb649eb798e869cf9f80ff9142359cb91", + "2ed399e979fa1ad8971db52bf7c295584d8f5834c9546a8753db2d8674936e50", + "3074cb8b112d0f4ce6f4fac71bd6bd406a2fabc0551f29c3b7e8b771481dd330", + "3a25508291ec509c10f80ae66fe28e4c99b67dc71548ee679f3db6d0c8b1a8c1", + "47df64e82a237af5045e6fc6da1ed065302825eace28c86e0d622f6b9f29cddc", + "5b5b6c36541723ae5caad84ba2c230ce3be5629fc68226f6c5663bae222a2ac8", + "67d0e7c7c6ef03c64b8ff8b0e911de0e2b2e13925d78274b758dbf2b43cbe99f", + "7ca670fb5472d30d2bd320a373064dc919c3e24f580bdadc694a0c2950b620c5", + "9f6df629221781bdb2a5d1147f759819fbe05bf30862b871d50e6a912632bc5e", + "a7e31506a6f5136a74bc8e8ab40ca85f1d9a366ffaf69fbb01174c3302c2d836", + "c0d60f9c81843c9d5a564d96680635588ebad378bda384019e2c5fb2bf25d122", + "c2d10a0e9929a419e0fdf9ecb685b63b8027c93e27e41d8a19965b0b5fb315f6", + "d49428195a33e18cc313f11cce15943f20c7b6919b2fc847668773fac1062c73" + ], + "path": "%SystemRoot% \\System32\\propsys.dll" + }, + { + "hashes": [ + "01769ed4caabda8eeeaf95cf2769e7c70c7d07efdda8c45c99dfdc29fb6426b3", + "284a302b8433f28439ac7adab777b0afb649eb798e869cf9f80ff9142359cb91", + "2ed399e979fa1ad8971db52bf7c295584d8f5834c9546a8753db2d8674936e50", + "3074cb8b112d0f4ce6f4fac71bd6bd406a2fabc0551f29c3b7e8b771481dd330", + "3a25508291ec509c10f80ae66fe28e4c99b67dc71548ee679f3db6d0c8b1a8c1", + "47df64e82a237af5045e6fc6da1ed065302825eace28c86e0d622f6b9f29cddc", + "5b5b6c36541723ae5caad84ba2c230ce3be5629fc68226f6c5663bae222a2ac8", + "67d0e7c7c6ef03c64b8ff8b0e911de0e2b2e13925d78274b758dbf2b43cbe99f", + "7ca670fb5472d30d2bd320a373064dc919c3e24f580bdadc694a0c2950b620c5", + "9f6df629221781bdb2a5d1147f759819fbe05bf30862b871d50e6a912632bc5e", + "a7e31506a6f5136a74bc8e8ab40ca85f1d9a366ffaf69fbb01174c3302c2d836", + "c0d60f9c81843c9d5a564d96680635588ebad378bda384019e2c5fb2bf25d122", + "c2d10a0e9929a419e0fdf9ecb685b63b8027c93e27e41d8a19965b0b5fb315f6", + "d49428195a33e18cc313f11cce15943f20c7b6919b2fc847668773fac1062c73" + ], + "path": "%PUBLIC%\\cde.bat" + }, + { + "hashes": [ + "01769ed4caabda8eeeaf95cf2769e7c70c7d07efdda8c45c99dfdc29fb6426b3", + "284a302b8433f28439ac7adab777b0afb649eb798e869cf9f80ff9142359cb91", + "2ed399e979fa1ad8971db52bf7c295584d8f5834c9546a8753db2d8674936e50", + "3074cb8b112d0f4ce6f4fac71bd6bd406a2fabc0551f29c3b7e8b771481dd330", + "3a25508291ec509c10f80ae66fe28e4c99b67dc71548ee679f3db6d0c8b1a8c1", + "47df64e82a237af5045e6fc6da1ed065302825eace28c86e0d622f6b9f29cddc", + "5b5b6c36541723ae5caad84ba2c230ce3be5629fc68226f6c5663bae222a2ac8", + "67d0e7c7c6ef03c64b8ff8b0e911de0e2b2e13925d78274b758dbf2b43cbe99f", + "7ca670fb5472d30d2bd320a373064dc919c3e24f580bdadc694a0c2950b620c5", + "9f6df629221781bdb2a5d1147f759819fbe05bf30862b871d50e6a912632bc5e", + "a7e31506a6f5136a74bc8e8ab40ca85f1d9a366ffaf69fbb01174c3302c2d836", + "c0d60f9c81843c9d5a564d96680635588ebad378bda384019e2c5fb2bf25d122", + "c2d10a0e9929a419e0fdf9ecb685b63b8027c93e27e41d8a19965b0b5fb315f6", + "d49428195a33e18cc313f11cce15943f20c7b6919b2fc847668773fac1062c73" + ], + "path": "%PUBLIC%\\x.vbs" + }, + { + "hashes": [ + "7ca670fb5472d30d2bd320a373064dc919c3e24f580bdadc694a0c2950b620c5", + "a7e31506a6f5136a74bc8e8ab40ca85f1d9a366ffaf69fbb01174c3302c2d836", + "c0d60f9c81843c9d5a564d96680635588ebad378bda384019e2c5fb2bf25d122", + "c2d10a0e9929a419e0fdf9ecb685b63b8027c93e27e41d8a19965b0b5fb315f6" + ], + "path": "%APPDATA%\\remcos" + }, + { + "hashes": [ + "7ca670fb5472d30d2bd320a373064dc919c3e24f580bdadc694a0c2950b620c5", + "a7e31506a6f5136a74bc8e8ab40ca85f1d9a366ffaf69fbb01174c3302c2d836", + "c0d60f9c81843c9d5a564d96680635588ebad378bda384019e2c5fb2bf25d122", + "c2d10a0e9929a419e0fdf9ecb685b63b8027c93e27e41d8a19965b0b5fb315f6" + ], + "path": "%APPDATA%\\remcos\\logs.dat" + }, + { + "hashes": [ + "01769ed4caabda8eeeaf95cf2769e7c70c7d07efdda8c45c99dfdc29fb6426b3", + "3074cb8b112d0f4ce6f4fac71bd6bd406a2fabc0551f29c3b7e8b771481dd330", + "d49428195a33e18cc313f11cce15943f20c7b6919b2fc847668773fac1062c73" + ], + "path": "%APPDATA%\\cosp" + }, + { + "hashes": [ + "01769ed4caabda8eeeaf95cf2769e7c70c7d07efdda8c45c99dfdc29fb6426b3", + "3074cb8b112d0f4ce6f4fac71bd6bd406a2fabc0551f29c3b7e8b771481dd330", + "d49428195a33e18cc313f11cce15943f20c7b6919b2fc847668773fac1062c73" + ], + "path": "%APPDATA%\\cosp\\dos.dt" + }, + { + "hashes": [ + "396e48550c04112c13456de4da057a5228757304afc0d20c74f5c24a735982a5", + "4429cd213094b8cb8b85afb9517140c551133333a920bbf82ba6cb1dfcbb9434" + ], + "path": "%ProgramFiles%\\Microsoft DN1" + }, + { + "hashes": [ + "7ca670fb5472d30d2bd320a373064dc919c3e24f580bdadc694a0c2950b620c5", + "c0d60f9c81843c9d5a564d96680635588ebad378bda384019e2c5fb2bf25d122" + ], + "path": "%LOCALAPPDATA%\\Dkzc\\Dkzc.hta" + }, + { + "hashes": [ + "7ca670fb5472d30d2bd320a373064dc919c3e24f580bdadc694a0c2950b620c5", + "c0d60f9c81843c9d5a564d96680635588ebad378bda384019e2c5fb2bf25d122" + ], + "path": "%LOCALAPPDATA%\\Dkzc\\Dkzcset.exe" + }, + { + "hashes": [ + "3074cb8b112d0f4ce6f4fac71bd6bd406a2fabc0551f29c3b7e8b771481dd330", + "d49428195a33e18cc313f11cce15943f20c7b6919b2fc847668773fac1062c73" + ], + "path": "%LOCALAPPDATA%\\Xkox\\Xkox.hta" + }, + { + "hashes": [ + "3074cb8b112d0f4ce6f4fac71bd6bd406a2fabc0551f29c3b7e8b771481dd330", + "d49428195a33e18cc313f11cce15943f20c7b6919b2fc847668773fac1062c73" + ], + "path": "%LOCALAPPDATA%\\Xkox\\Xkoxset.exe" + }, + { + "hashes": [ + "4429cd213094b8cb8b85afb9517140c551133333a920bbf82ba6cb1dfcbb9434" + ], + "path": "%LOCALAPPDATA%\\Microsoft Vision" + }, + { + "hashes": [ + "284a302b8433f28439ac7adab777b0afb649eb798e869cf9f80ff9142359cb91" + ], + "path": "%APPDATA%\\winos" + }, + { + "hashes": [ + "284a302b8433f28439ac7adab777b0afb649eb798e869cf9f80ff9142359cb91" + ], + "path": "%APPDATA%\\winos\\logs.dat" + }, + { + "hashes": [ + "4429cd213094b8cb8b85afb9517140c551133333a920bbf82ba6cb1dfcbb9434" + ], + "path": "%LOCALAPPDATA%\\Kqgi\\Kqgi.hta" + }, + { + "hashes": [ + "4429cd213094b8cb8b85afb9517140c551133333a920bbf82ba6cb1dfcbb9434" + ], + "path": "%LOCALAPPDATA%\\Kqgi\\Kqgiset.exe" + }, + { + "hashes": [ + "67d0e7c7c6ef03c64b8ff8b0e911de0e2b2e13925d78274b758dbf2b43cbe99f" + ], + "path": "%LOCALAPPDATA%\\Uvxx\\Uvxx.hta" + }, + { + "hashes": [ + "67d0e7c7c6ef03c64b8ff8b0e911de0e2b2e13925d78274b758dbf2b43cbe99f" + ], + "path": "%LOCALAPPDATA%\\Uvxx\\Uvxxset.exe" + }, + { + "hashes": [ + "9f6df629221781bdb2a5d1147f759819fbe05bf30862b871d50e6a912632bc5e" + ], + "path": "%LOCALAPPDATA%\\Qsma\\Qsma.hta" + }, + { + "hashes": [ + "3a25508291ec509c10f80ae66fe28e4c99b67dc71548ee679f3db6d0c8b1a8c1" + ], + "path": "%LOCALAPPDATA%\\Vzva\\Vzva.hta" + }, + { + "hashes": [ + "9f6df629221781bdb2a5d1147f759819fbe05bf30862b871d50e6a912632bc5e" + ], + "path": "%LOCALAPPDATA%\\Qsma\\Qsmaset.exe" + }, + { + "hashes": [ + "3a25508291ec509c10f80ae66fe28e4c99b67dc71548ee679f3db6d0c8b1a8c1" + ], + "path": "%LOCALAPPDATA%\\Vzva\\Vzvaset.exe" + }, + { + "hashes": [ + "47df64e82a237af5045e6fc6da1ed065302825eace28c86e0d622f6b9f29cddc" + ], + "path": "%LOCALAPPDATA%\\Fhit\\Fhit.hta" + }, + { + "hashes": [ + "47df64e82a237af5045e6fc6da1ed065302825eace28c86e0d622f6b9f29cddc" + ], + "path": "%LOCALAPPDATA%\\Fhit\\Fhitset.exe" + }, + { + "hashes": [ + "2ed399e979fa1ad8971db52bf7c295584d8f5834c9546a8753db2d8674936e50" + ], + "path": "%LOCALAPPDATA%\\Opfq\\Opfq.hta" + }, + { + "hashes": [ + "2ed399e979fa1ad8971db52bf7c295584d8f5834c9546a8753db2d8674936e50" + ], + "path": "%LOCALAPPDATA%\\Opfq\\Opfqset.exe" + }, + { + "hashes": [ + "396e48550c04112c13456de4da057a5228757304afc0d20c74f5c24a735982a5" + ], + "path": "%LOCALAPPDATA%\\Xarf\\Xarf.hta" + }, + { + "hashes": [ + "396e48550c04112c13456de4da057a5228757304afc0d20c74f5c24a735982a5" + ], + "path": "%LOCALAPPDATA%\\Xarf\\Xarfset.exe" + }, + { + "hashes": [ + "5b5b6c36541723ae5caad84ba2c230ce3be5629fc68226f6c5663bae222a2ac8" + ], + "path": "%LOCALAPPDATA%\\Yaxi\\Yaxi.hta" + }, + { + "hashes": [ + "5b5b6c36541723ae5caad84ba2c230ce3be5629fc68226f6c5663bae222a2ac8" + ], + "path": "%LOCALAPPDATA%\\Yaxi\\Yaxiset.exe" + }, + { + "hashes": [ + "01769ed4caabda8eeeaf95cf2769e7c70c7d07efdda8c45c99dfdc29fb6426b3" + ], + "path": "%LOCALAPPDATA%\\Jwgz\\Jwgz.hta" + }, + { + "hashes": [ + "01769ed4caabda8eeeaf95cf2769e7c70c7d07efdda8c45c99dfdc29fb6426b3" + ], + "path": "%LOCALAPPDATA%\\Jwgz\\Jwgzset.exe" + }, + { + "hashes": [ + "a7e31506a6f5136a74bc8e8ab40ca85f1d9a366ffaf69fbb01174c3302c2d836" + ], + "path": "%LOCALAPPDATA%\\Xfbb\\Xfbb.hta" + }, + { + "hashes": [ + "a7e31506a6f5136a74bc8e8ab40ca85f1d9a366ffaf69fbb01174c3302c2d836" + ], + "path": "%LOCALAPPDATA%\\Xfbb\\Xfbbset.exe" + }, + { + "hashes": [ + "284a302b8433f28439ac7adab777b0afb649eb798e869cf9f80ff9142359cb91" + ], + "path": "%LOCALAPPDATA%\\Hlvx\\Hlvx.hta" + }, + { + "hashes": [ + "284a302b8433f28439ac7adab777b0afb649eb798e869cf9f80ff9142359cb91" + ], + "path": "%LOCALAPPDATA%\\Hlvx\\Hlvxset.exe" + }, + { + "hashes": [ + "c2d10a0e9929a419e0fdf9ecb685b63b8027c93e27e41d8a19965b0b5fb315f6" + ], + "path": "%LOCALAPPDATA%\\Jkpt\\Jkpt.hta" + }, + { + "hashes": [ + "c2d10a0e9929a419e0fdf9ecb685b63b8027c93e27e41d8a19965b0b5fb315f6" + ], + "path": "%LOCALAPPDATA%\\Jkpt\\Jkptset.exe" + } + ], + "ip": [ + { + "hashes": [ + "01769ed4caabda8eeeaf95cf2769e7c70c7d07efdda8c45c99dfdc29fb6426b3", + "284a302b8433f28439ac7adab777b0afb649eb798e869cf9f80ff9142359cb91", + "2ed399e979fa1ad8971db52bf7c295584d8f5834c9546a8753db2d8674936e50", + "3074cb8b112d0f4ce6f4fac71bd6bd406a2fabc0551f29c3b7e8b771481dd330", + "3a25508291ec509c10f80ae66fe28e4c99b67dc71548ee679f3db6d0c8b1a8c1", + "4429cd213094b8cb8b85afb9517140c551133333a920bbf82ba6cb1dfcbb9434", + "47df64e82a237af5045e6fc6da1ed065302825eace28c86e0d622f6b9f29cddc", + "5b5b6c36541723ae5caad84ba2c230ce3be5629fc68226f6c5663bae222a2ac8", + "67d0e7c7c6ef03c64b8ff8b0e911de0e2b2e13925d78274b758dbf2b43cbe99f", + "7ca670fb5472d30d2bd320a373064dc919c3e24f580bdadc694a0c2950b620c5", + "9f6df629221781bdb2a5d1147f759819fbe05bf30862b871d50e6a912632bc5e", + "a7e31506a6f5136a74bc8e8ab40ca85f1d9a366ffaf69fbb01174c3302c2d836", + "c0d60f9c81843c9d5a564d96680635588ebad378bda384019e2c5fb2bf25d122", + "c2d10a0e9929a419e0fdf9ecb685b63b8027c93e27e41d8a19965b0b5fb315f6", + "d49428195a33e18cc313f11cce15943f20c7b6919b2fc847668773fac1062c73" + ], + "ip": "172[.]217[.]15[.]97" + }, + { + "hashes": [ + "01769ed4caabda8eeeaf95cf2769e7c70c7d07efdda8c45c99dfdc29fb6426b3", + "284a302b8433f28439ac7adab777b0afb649eb798e869cf9f80ff9142359cb91", + "3a25508291ec509c10f80ae66fe28e4c99b67dc71548ee679f3db6d0c8b1a8c1", + "4429cd213094b8cb8b85afb9517140c551133333a920bbf82ba6cb1dfcbb9434", + "5b5b6c36541723ae5caad84ba2c230ce3be5629fc68226f6c5663bae222a2ac8", + "67d0e7c7c6ef03c64b8ff8b0e911de0e2b2e13925d78274b758dbf2b43cbe99f", + "9f6df629221781bdb2a5d1147f759819fbe05bf30862b871d50e6a912632bc5e", + "a7e31506a6f5136a74bc8e8ab40ca85f1d9a366ffaf69fbb01174c3302c2d836", + "c0d60f9c81843c9d5a564d96680635588ebad378bda384019e2c5fb2bf25d122", + "c2d10a0e9929a419e0fdf9ecb685b63b8027c93e27e41d8a19965b0b5fb315f6" + ], + "ip": "172[.]217[.]9[.]206" + }, + { + "hashes": [ + "01769ed4caabda8eeeaf95cf2769e7c70c7d07efdda8c45c99dfdc29fb6426b3", + "47df64e82a237af5045e6fc6da1ed065302825eace28c86e0d622f6b9f29cddc", + "67d0e7c7c6ef03c64b8ff8b0e911de0e2b2e13925d78274b758dbf2b43cbe99f", + "9f6df629221781bdb2a5d1147f759819fbe05bf30862b871d50e6a912632bc5e", + "a7e31506a6f5136a74bc8e8ab40ca85f1d9a366ffaf69fbb01174c3302c2d836", + "c2d10a0e9929a419e0fdf9ecb685b63b8027c93e27e41d8a19965b0b5fb315f6", + "d49428195a33e18cc313f11cce15943f20c7b6919b2fc847668773fac1062c73" + ], + "ip": "142[.]250[.]31[.]138/31" + }, + { + "hashes": [ + "2ed399e979fa1ad8971db52bf7c295584d8f5834c9546a8753db2d8674936e50", + "3074cb8b112d0f4ce6f4fac71bd6bd406a2fabc0551f29c3b7e8b771481dd330", + "3a25508291ec509c10f80ae66fe28e4c99b67dc71548ee679f3db6d0c8b1a8c1", + "4429cd213094b8cb8b85afb9517140c551133333a920bbf82ba6cb1dfcbb9434" + ], + "ip": "142[.]250[.]31[.]100/31" + }, + { + "hashes": [ + "2ed399e979fa1ad8971db52bf7c295584d8f5834c9546a8753db2d8674936e50", + "5b5b6c36541723ae5caad84ba2c230ce3be5629fc68226f6c5663bae222a2ac8", + "9f6df629221781bdb2a5d1147f759819fbe05bf30862b871d50e6a912632bc5e" + ], + "ip": "185[.]165[.]153[.]17" + }, + { + "hashes": [ + "01769ed4caabda8eeeaf95cf2769e7c70c7d07efdda8c45c99dfdc29fb6426b3", + "3074cb8b112d0f4ce6f4fac71bd6bd406a2fabc0551f29c3b7e8b771481dd330", + "d49428195a33e18cc313f11cce15943f20c7b6919b2fc847668773fac1062c73" + ], + "ip": "79[.]134[.]225[.]105" + }, + { + "hashes": [ + "284a302b8433f28439ac7adab777b0afb649eb798e869cf9f80ff9142359cb91", + "7ca670fb5472d30d2bd320a373064dc919c3e24f580bdadc694a0c2950b620c5", + "c0d60f9c81843c9d5a564d96680635588ebad378bda384019e2c5fb2bf25d122" + ], + "ip": "142[.]250[.]31[.]113" + }, + { + "hashes": [ + "3a25508291ec509c10f80ae66fe28e4c99b67dc71548ee679f3db6d0c8b1a8c1", + "47df64e82a237af5045e6fc6da1ed065302825eace28c86e0d622f6b9f29cddc" + ], + "ip": "194[.]5[.]99[.]12" + }, + { + "hashes": [ + "7ca670fb5472d30d2bd320a373064dc919c3e24f580bdadc694a0c2950b620c5", + "c0d60f9c81843c9d5a564d96680635588ebad378bda384019e2c5fb2bf25d122" + ], + "ip": "185[.]244[.]30[.]223" + }, + { + "hashes": [ + "c2d10a0e9929a419e0fdf9ecb685b63b8027c93e27e41d8a19965b0b5fb315f6" + ], + "ip": "79[.]134[.]225[.]11" + }, + { + "hashes": [ + "396e48550c04112c13456de4da057a5228757304afc0d20c74f5c24a735982a5" + ], + "ip": "162[.]159[.]130[.]233" + }, + { + "hashes": [ + "67d0e7c7c6ef03c64b8ff8b0e911de0e2b2e13925d78274b758dbf2b43cbe99f" + ], + "ip": "91[.]193[.]75[.]15" + }, + { + "hashes": [ + "5b5b6c36541723ae5caad84ba2c230ce3be5629fc68226f6c5663bae222a2ac8" + ], + "ip": "142[.]250[.]31[.]102" + }, + { + "hashes": [ + "4429cd213094b8cb8b85afb9517140c551133333a920bbf82ba6cb1dfcbb9434" + ], + "ip": "185[.]244[.]29[.]131" + }, + { + "hashes": [ + "a7e31506a6f5136a74bc8e8ab40ca85f1d9a366ffaf69fbb01174c3302c2d836" + ], + "ip": "194[.]5[.]99[.]213" + }, + { + "hashes": [ + "284a302b8433f28439ac7adab777b0afb649eb798e869cf9f80ff9142359cb91" + ], + "ip": "185[.]244[.]30[.]91" + }, + { + "hashes": [ + "396e48550c04112c13456de4da057a5228757304afc0d20c74f5c24a735982a5" + ], + "ip": "162[.]159[.]134[.]233" + } + ], + "mutex": [ + { + "hashes": [ + "01769ed4caabda8eeeaf95cf2769e7c70c7d07efdda8c45c99dfdc29fb6426b3", + "284a302b8433f28439ac7adab777b0afb649eb798e869cf9f80ff9142359cb91", + "2ed399e979fa1ad8971db52bf7c295584d8f5834c9546a8753db2d8674936e50", + "3074cb8b112d0f4ce6f4fac71bd6bd406a2fabc0551f29c3b7e8b771481dd330", + "3a25508291ec509c10f80ae66fe28e4c99b67dc71548ee679f3db6d0c8b1a8c1", + "47df64e82a237af5045e6fc6da1ed065302825eace28c86e0d622f6b9f29cddc", + "5b5b6c36541723ae5caad84ba2c230ce3be5629fc68226f6c5663bae222a2ac8", + "67d0e7c7c6ef03c64b8ff8b0e911de0e2b2e13925d78274b758dbf2b43cbe99f", + "7ca670fb5472d30d2bd320a373064dc919c3e24f580bdadc694a0c2950b620c5", + "9f6df629221781bdb2a5d1147f759819fbe05bf30862b871d50e6a912632bc5e", + "a7e31506a6f5136a74bc8e8ab40ca85f1d9a366ffaf69fbb01174c3302c2d836", + "c0d60f9c81843c9d5a564d96680635588ebad378bda384019e2c5fb2bf25d122", + "c2d10a0e9929a419e0fdf9ecb685b63b8027c93e27e41d8a19965b0b5fb315f6", + "d49428195a33e18cc313f11cce15943f20c7b6919b2fc847668773fac1062c73" + ], + "name": "Remcos_Mutex_Inj" + }, + { + "hashes": [ + "2ed399e979fa1ad8971db52bf7c295584d8f5834c9546a8753db2d8674936e50", + "5b5b6c36541723ae5caad84ba2c230ce3be5629fc68226f6c5663bae222a2ac8", + "9f6df629221781bdb2a5d1147f759819fbe05bf30862b871d50e6a912632bc5e" + ], + "name": "Remcos-PLP378" + }, + { + "hashes": [ + "01769ed4caabda8eeeaf95cf2769e7c70c7d07efdda8c45c99dfdc29fb6426b3", + "3074cb8b112d0f4ce6f4fac71bd6bd406a2fabc0551f29c3b7e8b771481dd330", + "d49428195a33e18cc313f11cce15943f20c7b6919b2fc847668773fac1062c73" + ], + "name": "-PUTW55" + }, + { + "hashes": [ + "7ca670fb5472d30d2bd320a373064dc919c3e24f580bdadc694a0c2950b620c5", + "c0d60f9c81843c9d5a564d96680635588ebad378bda384019e2c5fb2bf25d122" + ], + "name": "Nerdpol-NUCW3I" + }, + { + "hashes": [ + "3a25508291ec509c10f80ae66fe28e4c99b67dc71548ee679f3db6d0c8b1a8c1", + "47df64e82a237af5045e6fc6da1ed065302825eace28c86e0d622f6b9f29cddc" + ], + "name": "Remcos-4F6INU" + }, + { + "hashes": [ + "284a302b8433f28439ac7adab777b0afb649eb798e869cf9f80ff9142359cb91" + ], + "name": "remcos_nqtjidysxc" + }, + { + "hashes": [ + "c2d10a0e9929a419e0fdf9ecb685b63b8027c93e27e41d8a19965b0b5fb315f6" + ], + "name": "Remcos-B3XNCF" + }, + { + "hashes": [ + "67d0e7c7c6ef03c64b8ff8b0e911de0e2b2e13925d78274b758dbf2b43cbe99f" + ], + "name": "Remcos-0S5XD9" + }, + { + "hashes": [ + "a7e31506a6f5136a74bc8e8ab40ca85f1d9a366ffaf69fbb01174c3302c2d836" + ], + "name": "Remcoss-2AOK38" + } + ], + "registry": [ + { + "hashes": [ + "01769ed4caabda8eeeaf95cf2769e7c70c7d07efdda8c45c99dfdc29fb6426b3", + "0bdc3b3fd3b8f4e356b694b3cfa541ff548c741cd24f1209a357f931ef00ca94", + "284a302b8433f28439ac7adab777b0afb649eb798e869cf9f80ff9142359cb91", + "2ed399e979fa1ad8971db52bf7c295584d8f5834c9546a8753db2d8674936e50", + "3074cb8b112d0f4ce6f4fac71bd6bd406a2fabc0551f29c3b7e8b771481dd330", + "396e48550c04112c13456de4da057a5228757304afc0d20c74f5c24a735982a5", + "3a25508291ec509c10f80ae66fe28e4c99b67dc71548ee679f3db6d0c8b1a8c1", + "4429cd213094b8cb8b85afb9517140c551133333a920bbf82ba6cb1dfcbb9434", + "47df64e82a237af5045e6fc6da1ed065302825eace28c86e0d622f6b9f29cddc", + "5b5b6c36541723ae5caad84ba2c230ce3be5629fc68226f6c5663bae222a2ac8", + "67d0e7c7c6ef03c64b8ff8b0e911de0e2b2e13925d78274b758dbf2b43cbe99f", + "7ca670fb5472d30d2bd320a373064dc919c3e24f580bdadc694a0c2950b620c5", + "9f6df629221781bdb2a5d1147f759819fbe05bf30862b871d50e6a912632bc5e", + "a7e31506a6f5136a74bc8e8ab40ca85f1d9a366ffaf69fbb01174c3302c2d836", + "c0d60f9c81843c9d5a564d96680635588ebad378bda384019e2c5fb2bf25d122", + "c2d10a0e9929a419e0fdf9ecb685b63b8027c93e27e41d8a19965b0b5fb315f6", + "d49428195a33e18cc313f11cce15943f20c7b6919b2fc847668773fac1062c73" + ], + "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\DEMINEUR", + "value_name": null + }, + { + "hashes": [ + "01769ed4caabda8eeeaf95cf2769e7c70c7d07efdda8c45c99dfdc29fb6426b3", + "0bdc3b3fd3b8f4e356b694b3cfa541ff548c741cd24f1209a357f931ef00ca94", + "284a302b8433f28439ac7adab777b0afb649eb798e869cf9f80ff9142359cb91", + "2ed399e979fa1ad8971db52bf7c295584d8f5834c9546a8753db2d8674936e50", + "3074cb8b112d0f4ce6f4fac71bd6bd406a2fabc0551f29c3b7e8b771481dd330", + "396e48550c04112c13456de4da057a5228757304afc0d20c74f5c24a735982a5", + "3a25508291ec509c10f80ae66fe28e4c99b67dc71548ee679f3db6d0c8b1a8c1", + "4429cd213094b8cb8b85afb9517140c551133333a920bbf82ba6cb1dfcbb9434", + "47df64e82a237af5045e6fc6da1ed065302825eace28c86e0d622f6b9f29cddc", + "5b5b6c36541723ae5caad84ba2c230ce3be5629fc68226f6c5663bae222a2ac8", + "67d0e7c7c6ef03c64b8ff8b0e911de0e2b2e13925d78274b758dbf2b43cbe99f", + "7ca670fb5472d30d2bd320a373064dc919c3e24f580bdadc694a0c2950b620c5", + "9f6df629221781bdb2a5d1147f759819fbe05bf30862b871d50e6a912632bc5e", + "a7e31506a6f5136a74bc8e8ab40ca85f1d9a366ffaf69fbb01174c3302c2d836", + "c0d60f9c81843c9d5a564d96680635588ebad378bda384019e2c5fb2bf25d122", + "c2d10a0e9929a419e0fdf9ecb685b63b8027c93e27e41d8a19965b0b5fb315f6", + "d49428195a33e18cc313f11cce15943f20c7b6919b2fc847668773fac1062c73" + ], + "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\DEMINEUR\\DEBUTANT", + "value_name": null + }, + { + "hashes": [ + "01769ed4caabda8eeeaf95cf2769e7c70c7d07efdda8c45c99dfdc29fb6426b3", + "0bdc3b3fd3b8f4e356b694b3cfa541ff548c741cd24f1209a357f931ef00ca94", + "284a302b8433f28439ac7adab777b0afb649eb798e869cf9f80ff9142359cb91", + "2ed399e979fa1ad8971db52bf7c295584d8f5834c9546a8753db2d8674936e50", + "3074cb8b112d0f4ce6f4fac71bd6bd406a2fabc0551f29c3b7e8b771481dd330", + "396e48550c04112c13456de4da057a5228757304afc0d20c74f5c24a735982a5", + "3a25508291ec509c10f80ae66fe28e4c99b67dc71548ee679f3db6d0c8b1a8c1", + "4429cd213094b8cb8b85afb9517140c551133333a920bbf82ba6cb1dfcbb9434", + "47df64e82a237af5045e6fc6da1ed065302825eace28c86e0d622f6b9f29cddc", + "5b5b6c36541723ae5caad84ba2c230ce3be5629fc68226f6c5663bae222a2ac8", + "67d0e7c7c6ef03c64b8ff8b0e911de0e2b2e13925d78274b758dbf2b43cbe99f", + "7ca670fb5472d30d2bd320a373064dc919c3e24f580bdadc694a0c2950b620c5", + "9f6df629221781bdb2a5d1147f759819fbe05bf30862b871d50e6a912632bc5e", + "a7e31506a6f5136a74bc8e8ab40ca85f1d9a366ffaf69fbb01174c3302c2d836", + "c0d60f9c81843c9d5a564d96680635588ebad378bda384019e2c5fb2bf25d122", + "c2d10a0e9929a419e0fdf9ecb685b63b8027c93e27e41d8a19965b0b5fb315f6", + "d49428195a33e18cc313f11cce15943f20c7b6919b2fc847668773fac1062c73" + ], + "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\DEMINEUR\\INTERMEDIAIRE", + "value_name": null + }, + { + "hashes": [ + "01769ed4caabda8eeeaf95cf2769e7c70c7d07efdda8c45c99dfdc29fb6426b3", + "0bdc3b3fd3b8f4e356b694b3cfa541ff548c741cd24f1209a357f931ef00ca94", + "284a302b8433f28439ac7adab777b0afb649eb798e869cf9f80ff9142359cb91", + "2ed399e979fa1ad8971db52bf7c295584d8f5834c9546a8753db2d8674936e50", + "3074cb8b112d0f4ce6f4fac71bd6bd406a2fabc0551f29c3b7e8b771481dd330", + "396e48550c04112c13456de4da057a5228757304afc0d20c74f5c24a735982a5", + "3a25508291ec509c10f80ae66fe28e4c99b67dc71548ee679f3db6d0c8b1a8c1", + "4429cd213094b8cb8b85afb9517140c551133333a920bbf82ba6cb1dfcbb9434", + "47df64e82a237af5045e6fc6da1ed065302825eace28c86e0d622f6b9f29cddc", + "5b5b6c36541723ae5caad84ba2c230ce3be5629fc68226f6c5663bae222a2ac8", + "67d0e7c7c6ef03c64b8ff8b0e911de0e2b2e13925d78274b758dbf2b43cbe99f", + "7ca670fb5472d30d2bd320a373064dc919c3e24f580bdadc694a0c2950b620c5", + "9f6df629221781bdb2a5d1147f759819fbe05bf30862b871d50e6a912632bc5e", + "a7e31506a6f5136a74bc8e8ab40ca85f1d9a366ffaf69fbb01174c3302c2d836", + "c0d60f9c81843c9d5a564d96680635588ebad378bda384019e2c5fb2bf25d122", + "c2d10a0e9929a419e0fdf9ecb685b63b8027c93e27e41d8a19965b0b5fb315f6", + "d49428195a33e18cc313f11cce15943f20c7b6919b2fc847668773fac1062c73" + ], + "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\DEMINEUR\\EXPERT", + "value_name": null + }, + { + "hashes": [ + "01769ed4caabda8eeeaf95cf2769e7c70c7d07efdda8c45c99dfdc29fb6426b3", + "0bdc3b3fd3b8f4e356b694b3cfa541ff548c741cd24f1209a357f931ef00ca94", + "284a302b8433f28439ac7adab777b0afb649eb798e869cf9f80ff9142359cb91", + "2ed399e979fa1ad8971db52bf7c295584d8f5834c9546a8753db2d8674936e50", + "3074cb8b112d0f4ce6f4fac71bd6bd406a2fabc0551f29c3b7e8b771481dd330", + "396e48550c04112c13456de4da057a5228757304afc0d20c74f5c24a735982a5", + "3a25508291ec509c10f80ae66fe28e4c99b67dc71548ee679f3db6d0c8b1a8c1", + "4429cd213094b8cb8b85afb9517140c551133333a920bbf82ba6cb1dfcbb9434", + "47df64e82a237af5045e6fc6da1ed065302825eace28c86e0d622f6b9f29cddc", + "5b5b6c36541723ae5caad84ba2c230ce3be5629fc68226f6c5663bae222a2ac8", + "67d0e7c7c6ef03c64b8ff8b0e911de0e2b2e13925d78274b758dbf2b43cbe99f", + "7ca670fb5472d30d2bd320a373064dc919c3e24f580bdadc694a0c2950b620c5", + "9f6df629221781bdb2a5d1147f759819fbe05bf30862b871d50e6a912632bc5e", + "a7e31506a6f5136a74bc8e8ab40ca85f1d9a366ffaf69fbb01174c3302c2d836", + "c0d60f9c81843c9d5a564d96680635588ebad378bda384019e2c5fb2bf25d122", + "c2d10a0e9929a419e0fdf9ecb685b63b8027c93e27e41d8a19965b0b5fb315f6", + "d49428195a33e18cc313f11cce15943f20c7b6919b2fc847668773fac1062c73" + ], + "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\DEMINEUR\\DEBUTANT", + "value_name": "Time" + }, + { + "hashes": [ + "01769ed4caabda8eeeaf95cf2769e7c70c7d07efdda8c45c99dfdc29fb6426b3", + "0bdc3b3fd3b8f4e356b694b3cfa541ff548c741cd24f1209a357f931ef00ca94", + "284a302b8433f28439ac7adab777b0afb649eb798e869cf9f80ff9142359cb91", + "2ed399e979fa1ad8971db52bf7c295584d8f5834c9546a8753db2d8674936e50", + "3074cb8b112d0f4ce6f4fac71bd6bd406a2fabc0551f29c3b7e8b771481dd330", + "396e48550c04112c13456de4da057a5228757304afc0d20c74f5c24a735982a5", + "3a25508291ec509c10f80ae66fe28e4c99b67dc71548ee679f3db6d0c8b1a8c1", + "4429cd213094b8cb8b85afb9517140c551133333a920bbf82ba6cb1dfcbb9434", + "47df64e82a237af5045e6fc6da1ed065302825eace28c86e0d622f6b9f29cddc", + "5b5b6c36541723ae5caad84ba2c230ce3be5629fc68226f6c5663bae222a2ac8", + "67d0e7c7c6ef03c64b8ff8b0e911de0e2b2e13925d78274b758dbf2b43cbe99f", + "7ca670fb5472d30d2bd320a373064dc919c3e24f580bdadc694a0c2950b620c5", + "9f6df629221781bdb2a5d1147f759819fbe05bf30862b871d50e6a912632bc5e", + "a7e31506a6f5136a74bc8e8ab40ca85f1d9a366ffaf69fbb01174c3302c2d836", + "c0d60f9c81843c9d5a564d96680635588ebad378bda384019e2c5fb2bf25d122", + "c2d10a0e9929a419e0fdf9ecb685b63b8027c93e27e41d8a19965b0b5fb315f6", + "d49428195a33e18cc313f11cce15943f20c7b6919b2fc847668773fac1062c73" + ], + "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\DEMINEUR\\DEBUTANT", + "value_name": "Name" + }, + { + "hashes": [ + "01769ed4caabda8eeeaf95cf2769e7c70c7d07efdda8c45c99dfdc29fb6426b3", + "0bdc3b3fd3b8f4e356b694b3cfa541ff548c741cd24f1209a357f931ef00ca94", + "284a302b8433f28439ac7adab777b0afb649eb798e869cf9f80ff9142359cb91", + "2ed399e979fa1ad8971db52bf7c295584d8f5834c9546a8753db2d8674936e50", + "3074cb8b112d0f4ce6f4fac71bd6bd406a2fabc0551f29c3b7e8b771481dd330", + "396e48550c04112c13456de4da057a5228757304afc0d20c74f5c24a735982a5", + "3a25508291ec509c10f80ae66fe28e4c99b67dc71548ee679f3db6d0c8b1a8c1", + "4429cd213094b8cb8b85afb9517140c551133333a920bbf82ba6cb1dfcbb9434", + "47df64e82a237af5045e6fc6da1ed065302825eace28c86e0d622f6b9f29cddc", + "5b5b6c36541723ae5caad84ba2c230ce3be5629fc68226f6c5663bae222a2ac8", + "67d0e7c7c6ef03c64b8ff8b0e911de0e2b2e13925d78274b758dbf2b43cbe99f", + "7ca670fb5472d30d2bd320a373064dc919c3e24f580bdadc694a0c2950b620c5", + "9f6df629221781bdb2a5d1147f759819fbe05bf30862b871d50e6a912632bc5e", + "a7e31506a6f5136a74bc8e8ab40ca85f1d9a366ffaf69fbb01174c3302c2d836", + "c0d60f9c81843c9d5a564d96680635588ebad378bda384019e2c5fb2bf25d122", + "c2d10a0e9929a419e0fdf9ecb685b63b8027c93e27e41d8a19965b0b5fb315f6", + "d49428195a33e18cc313f11cce15943f20c7b6919b2fc847668773fac1062c73" + ], + "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\DEMINEUR\\INTERMEDIAIRE", + "value_name": "Time" + }, + { + "hashes": [ + "01769ed4caabda8eeeaf95cf2769e7c70c7d07efdda8c45c99dfdc29fb6426b3", + "0bdc3b3fd3b8f4e356b694b3cfa541ff548c741cd24f1209a357f931ef00ca94", + "284a302b8433f28439ac7adab777b0afb649eb798e869cf9f80ff9142359cb91", + "2ed399e979fa1ad8971db52bf7c295584d8f5834c9546a8753db2d8674936e50", + "3074cb8b112d0f4ce6f4fac71bd6bd406a2fabc0551f29c3b7e8b771481dd330", + "396e48550c04112c13456de4da057a5228757304afc0d20c74f5c24a735982a5", + "3a25508291ec509c10f80ae66fe28e4c99b67dc71548ee679f3db6d0c8b1a8c1", + "4429cd213094b8cb8b85afb9517140c551133333a920bbf82ba6cb1dfcbb9434", + "47df64e82a237af5045e6fc6da1ed065302825eace28c86e0d622f6b9f29cddc", + "5b5b6c36541723ae5caad84ba2c230ce3be5629fc68226f6c5663bae222a2ac8", + "67d0e7c7c6ef03c64b8ff8b0e911de0e2b2e13925d78274b758dbf2b43cbe99f", + "7ca670fb5472d30d2bd320a373064dc919c3e24f580bdadc694a0c2950b620c5", + "9f6df629221781bdb2a5d1147f759819fbe05bf30862b871d50e6a912632bc5e", + "a7e31506a6f5136a74bc8e8ab40ca85f1d9a366ffaf69fbb01174c3302c2d836", + "c0d60f9c81843c9d5a564d96680635588ebad378bda384019e2c5fb2bf25d122", + "c2d10a0e9929a419e0fdf9ecb685b63b8027c93e27e41d8a19965b0b5fb315f6", + "d49428195a33e18cc313f11cce15943f20c7b6919b2fc847668773fac1062c73" + ], + "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\DEMINEUR\\INTERMEDIAIRE", + "value_name": "Name" + }, + { + "hashes": [ + "01769ed4caabda8eeeaf95cf2769e7c70c7d07efdda8c45c99dfdc29fb6426b3", + "0bdc3b3fd3b8f4e356b694b3cfa541ff548c741cd24f1209a357f931ef00ca94", + "284a302b8433f28439ac7adab777b0afb649eb798e869cf9f80ff9142359cb91", + "2ed399e979fa1ad8971db52bf7c295584d8f5834c9546a8753db2d8674936e50", + "3074cb8b112d0f4ce6f4fac71bd6bd406a2fabc0551f29c3b7e8b771481dd330", + "396e48550c04112c13456de4da057a5228757304afc0d20c74f5c24a735982a5", + "3a25508291ec509c10f80ae66fe28e4c99b67dc71548ee679f3db6d0c8b1a8c1", + "4429cd213094b8cb8b85afb9517140c551133333a920bbf82ba6cb1dfcbb9434", + "47df64e82a237af5045e6fc6da1ed065302825eace28c86e0d622f6b9f29cddc", + "5b5b6c36541723ae5caad84ba2c230ce3be5629fc68226f6c5663bae222a2ac8", + "67d0e7c7c6ef03c64b8ff8b0e911de0e2b2e13925d78274b758dbf2b43cbe99f", + "7ca670fb5472d30d2bd320a373064dc919c3e24f580bdadc694a0c2950b620c5", + "9f6df629221781bdb2a5d1147f759819fbe05bf30862b871d50e6a912632bc5e", + "a7e31506a6f5136a74bc8e8ab40ca85f1d9a366ffaf69fbb01174c3302c2d836", + "c0d60f9c81843c9d5a564d96680635588ebad378bda384019e2c5fb2bf25d122", + "c2d10a0e9929a419e0fdf9ecb685b63b8027c93e27e41d8a19965b0b5fb315f6", + "d49428195a33e18cc313f11cce15943f20c7b6919b2fc847668773fac1062c73" + ], + "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\DEMINEUR\\EXPERT", + "value_name": "Time" + }, + { + "hashes": [ + "01769ed4caabda8eeeaf95cf2769e7c70c7d07efdda8c45c99dfdc29fb6426b3", + "0bdc3b3fd3b8f4e356b694b3cfa541ff548c741cd24f1209a357f931ef00ca94", + "284a302b8433f28439ac7adab777b0afb649eb798e869cf9f80ff9142359cb91", + "2ed399e979fa1ad8971db52bf7c295584d8f5834c9546a8753db2d8674936e50", + "3074cb8b112d0f4ce6f4fac71bd6bd406a2fabc0551f29c3b7e8b771481dd330", + "396e48550c04112c13456de4da057a5228757304afc0d20c74f5c24a735982a5", + "3a25508291ec509c10f80ae66fe28e4c99b67dc71548ee679f3db6d0c8b1a8c1", + "4429cd213094b8cb8b85afb9517140c551133333a920bbf82ba6cb1dfcbb9434", + "47df64e82a237af5045e6fc6da1ed065302825eace28c86e0d622f6b9f29cddc", + "5b5b6c36541723ae5caad84ba2c230ce3be5629fc68226f6c5663bae222a2ac8", + "67d0e7c7c6ef03c64b8ff8b0e911de0e2b2e13925d78274b758dbf2b43cbe99f", + "7ca670fb5472d30d2bd320a373064dc919c3e24f580bdadc694a0c2950b620c5", + "9f6df629221781bdb2a5d1147f759819fbe05bf30862b871d50e6a912632bc5e", + "a7e31506a6f5136a74bc8e8ab40ca85f1d9a366ffaf69fbb01174c3302c2d836", + "c0d60f9c81843c9d5a564d96680635588ebad378bda384019e2c5fb2bf25d122", + "c2d10a0e9929a419e0fdf9ecb685b63b8027c93e27e41d8a19965b0b5fb315f6", + "d49428195a33e18cc313f11cce15943f20c7b6919b2fc847668773fac1062c73" + ], + "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\DEMINEUR\\EXPERT", + "value_name": "Name" + }, + { + "hashes": [ + "01769ed4caabda8eeeaf95cf2769e7c70c7d07efdda8c45c99dfdc29fb6426b3", + "284a302b8433f28439ac7adab777b0afb649eb798e869cf9f80ff9142359cb91", + "2ed399e979fa1ad8971db52bf7c295584d8f5834c9546a8753db2d8674936e50", + "3074cb8b112d0f4ce6f4fac71bd6bd406a2fabc0551f29c3b7e8b771481dd330", + "3a25508291ec509c10f80ae66fe28e4c99b67dc71548ee679f3db6d0c8b1a8c1", + "4429cd213094b8cb8b85afb9517140c551133333a920bbf82ba6cb1dfcbb9434", + "47df64e82a237af5045e6fc6da1ed065302825eace28c86e0d622f6b9f29cddc", + "5b5b6c36541723ae5caad84ba2c230ce3be5629fc68226f6c5663bae222a2ac8", + "67d0e7c7c6ef03c64b8ff8b0e911de0e2b2e13925d78274b758dbf2b43cbe99f", + "7ca670fb5472d30d2bd320a373064dc919c3e24f580bdadc694a0c2950b620c5", + "9f6df629221781bdb2a5d1147f759819fbe05bf30862b871d50e6a912632bc5e", + "a7e31506a6f5136a74bc8e8ab40ca85f1d9a366ffaf69fbb01174c3302c2d836", + "c0d60f9c81843c9d5a564d96680635588ebad378bda384019e2c5fb2bf25d122", + "c2d10a0e9929a419e0fdf9ecb685b63b8027c93e27e41d8a19965b0b5fb315f6", + "d49428195a33e18cc313f11cce15943f20c7b6919b2fc847668773fac1062c73" + ], + "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\SYSTEMCERTIFICATES\\AUTHROOT\\CERTIFICATES\\75E0ABB6138512271C04F85FDDDE38E4B7242EFE", + "value_name": "Blob" + }, + { + "hashes": [ + "01769ed4caabda8eeeaf95cf2769e7c70c7d07efdda8c45c99dfdc29fb6426b3", + "284a302b8433f28439ac7adab777b0afb649eb798e869cf9f80ff9142359cb91", + "2ed399e979fa1ad8971db52bf7c295584d8f5834c9546a8753db2d8674936e50", + "3074cb8b112d0f4ce6f4fac71bd6bd406a2fabc0551f29c3b7e8b771481dd330", + "3a25508291ec509c10f80ae66fe28e4c99b67dc71548ee679f3db6d0c8b1a8c1", + "47df64e82a237af5045e6fc6da1ed065302825eace28c86e0d622f6b9f29cddc", + "5b5b6c36541723ae5caad84ba2c230ce3be5629fc68226f6c5663bae222a2ac8", + "67d0e7c7c6ef03c64b8ff8b0e911de0e2b2e13925d78274b758dbf2b43cbe99f", + "7ca670fb5472d30d2bd320a373064dc919c3e24f580bdadc694a0c2950b620c5", + "9f6df629221781bdb2a5d1147f759819fbe05bf30862b871d50e6a912632bc5e", + "a7e31506a6f5136a74bc8e8ab40ca85f1d9a366ffaf69fbb01174c3302c2d836", + "c0d60f9c81843c9d5a564d96680635588ebad378bda384019e2c5fb2bf25d122", + "c2d10a0e9929a419e0fdf9ecb685b63b8027c93e27e41d8a19965b0b5fb315f6", + "d49428195a33e18cc313f11cce15943f20c7b6919b2fc847668773fac1062c73" + ], + "key": "<HKCU>\\ENVIRONMENT", + "value_name": "windir" + }, + { + "hashes": [ + "2ed399e979fa1ad8971db52bf7c295584d8f5834c9546a8753db2d8674936e50", + "5b5b6c36541723ae5caad84ba2c230ce3be5629fc68226f6c5663bae222a2ac8", + "9f6df629221781bdb2a5d1147f759819fbe05bf30862b871d50e6a912632bc5e" + ], + "key": "<HKCU>\\SOFTWARE\\REMCOS-PLP378", + "value_name": null + }, + { + "hashes": [ + "2ed399e979fa1ad8971db52bf7c295584d8f5834c9546a8753db2d8674936e50", + "5b5b6c36541723ae5caad84ba2c230ce3be5629fc68226f6c5663bae222a2ac8", + "9f6df629221781bdb2a5d1147f759819fbe05bf30862b871d50e6a912632bc5e" + ], + "key": "<HKCU>\\SOFTWARE\\REMCOS-PLP378", + "value_name": "exepath" + }, + { + "hashes": [ + "2ed399e979fa1ad8971db52bf7c295584d8f5834c9546a8753db2d8674936e50", + "5b5b6c36541723ae5caad84ba2c230ce3be5629fc68226f6c5663bae222a2ac8", + "9f6df629221781bdb2a5d1147f759819fbe05bf30862b871d50e6a912632bc5e" + ], + "key": "<HKCU>\\SOFTWARE\\REMCOS-PLP378", + "value_name": "licence" + }, + { + "hashes": [ + "01769ed4caabda8eeeaf95cf2769e7c70c7d07efdda8c45c99dfdc29fb6426b3", + "3074cb8b112d0f4ce6f4fac71bd6bd406a2fabc0551f29c3b7e8b771481dd330", + "d49428195a33e18cc313f11cce15943f20c7b6919b2fc847668773fac1062c73" + ], + "key": "<HKCU>\\SOFTWARE\\-PUTW55", + "value_name": null + }, + { + "hashes": [ + "01769ed4caabda8eeeaf95cf2769e7c70c7d07efdda8c45c99dfdc29fb6426b3", + "3074cb8b112d0f4ce6f4fac71bd6bd406a2fabc0551f29c3b7e8b771481dd330", + "d49428195a33e18cc313f11cce15943f20c7b6919b2fc847668773fac1062c73" + ], + "key": "<HKCU>\\SOFTWARE\\-PUTW55", + "value_name": "exepath" + }, + { + "hashes": [ + "01769ed4caabda8eeeaf95cf2769e7c70c7d07efdda8c45c99dfdc29fb6426b3", + "3074cb8b112d0f4ce6f4fac71bd6bd406a2fabc0551f29c3b7e8b771481dd330", + "d49428195a33e18cc313f11cce15943f20c7b6919b2fc847668773fac1062c73" + ], + "key": "<HKCU>\\SOFTWARE\\-PUTW55", + "value_name": "licence" + }, + { + "hashes": [ + "7ca670fb5472d30d2bd320a373064dc919c3e24f580bdadc694a0c2950b620c5", + "c0d60f9c81843c9d5a564d96680635588ebad378bda384019e2c5fb2bf25d122" + ], + "key": "<HKCU>\\SOFTWARE\\NERDPOL-NUCW3I", + "value_name": null + }, + { + "hashes": [ + "7ca670fb5472d30d2bd320a373064dc919c3e24f580bdadc694a0c2950b620c5", + "c0d60f9c81843c9d5a564d96680635588ebad378bda384019e2c5fb2bf25d122" + ], + "key": "<HKCU>\\SOFTWARE\\NERDPOL-NUCW3I", + "value_name": "exepath" + }, + { + "hashes": [ + "7ca670fb5472d30d2bd320a373064dc919c3e24f580bdadc694a0c2950b620c5", + "c0d60f9c81843c9d5a564d96680635588ebad378bda384019e2c5fb2bf25d122" + ], + "key": "<HKCU>\\SOFTWARE\\NERDPOL-NUCW3I", + "value_name": "licence" + }, + { + "hashes": [ + "3a25508291ec509c10f80ae66fe28e4c99b67dc71548ee679f3db6d0c8b1a8c1", + "47df64e82a237af5045e6fc6da1ed065302825eace28c86e0d622f6b9f29cddc" + ], + "key": "<HKCU>\\SOFTWARE\\REMCOS-4F6INU", + "value_name": null + }, + { + "hashes": [ + "3a25508291ec509c10f80ae66fe28e4c99b67dc71548ee679f3db6d0c8b1a8c1", + "47df64e82a237af5045e6fc6da1ed065302825eace28c86e0d622f6b9f29cddc" + ], + "key": "<HKCU>\\SOFTWARE\\REMCOS-4F6INU", + "value_name": "exepath" + }, + { + "hashes": [ + "3a25508291ec509c10f80ae66fe28e4c99b67dc71548ee679f3db6d0c8b1a8c1", + "47df64e82a237af5045e6fc6da1ed065302825eace28c86e0d622f6b9f29cddc" + ], + "key": "<HKCU>\\SOFTWARE\\REMCOS-4F6INU", + "value_name": "licence" + }, + { + "hashes": [ + "7ca670fb5472d30d2bd320a373064dc919c3e24f580bdadc694a0c2950b620c5", + "c0d60f9c81843c9d5a564d96680635588ebad378bda384019e2c5fb2bf25d122" + ], + "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUNONCE", + "value_name": "Dkzc" + }, + { + "hashes": [ + "3074cb8b112d0f4ce6f4fac71bd6bd406a2fabc0551f29c3b7e8b771481dd330", + "d49428195a33e18cc313f11cce15943f20c7b6919b2fc847668773fac1062c73" + ], + "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUNONCE", + "value_name": "Xkox" + }, + { + "hashes": [ + "284a302b8433f28439ac7adab777b0afb649eb798e869cf9f80ff9142359cb91" + ], + "key": "<HKCU>\\SOFTWARE\\REMCOS_NQTJIDYSXC", + "value_name": null + }, + { + "hashes": [ + "284a302b8433f28439ac7adab777b0afb649eb798e869cf9f80ff9142359cb91" + ], + "key": "<HKCU>\\SOFTWARE\\REMCOS_NQTJIDYSXC", + "value_name": "EXEpath" + }, + { + "hashes": [ + "c2d10a0e9929a419e0fdf9ecb685b63b8027c93e27e41d8a19965b0b5fb315f6" + ], + "key": "<HKCU>\\SOFTWARE\\REMCOS-B3XNCF", + "value_name": null + }, + { + "hashes": [ + "c2d10a0e9929a419e0fdf9ecb685b63b8027c93e27e41d8a19965b0b5fb315f6" + ], + "key": "<HKCU>\\SOFTWARE\\REMCOS-B3XNCF", + "value_name": "exepath" + }, + { + "hashes": [ + "c2d10a0e9929a419e0fdf9ecb685b63b8027c93e27e41d8a19965b0b5fb315f6" + ], + "key": "<HKCU>\\SOFTWARE\\REMCOS-B3XNCF", + "value_name": "licence" + }, + { + "hashes": [ + "67d0e7c7c6ef03c64b8ff8b0e911de0e2b2e13925d78274b758dbf2b43cbe99f" + ], + "key": "<HKCU>\\SOFTWARE\\REMCOS-0S5XD9", + "value_name": null + }, + { + "hashes": [ + "67d0e7c7c6ef03c64b8ff8b0e911de0e2b2e13925d78274b758dbf2b43cbe99f" + ], + "key": "<HKCU>\\SOFTWARE\\REMCOS-0S5XD9", + "value_name": "exepath" + }, + { + "hashes": [ + "67d0e7c7c6ef03c64b8ff8b0e911de0e2b2e13925d78274b758dbf2b43cbe99f" + ], + "key": "<HKCU>\\SOFTWARE\\REMCOS-0S5XD9", + "value_name": "licence" + }, + { + "hashes": [ + "4429cd213094b8cb8b85afb9517140c551133333a920bbf82ba6cb1dfcbb9434" + ], + "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\EXPLORER\\33HRDNRKKR", + "value_name": null + }, + { + "hashes": [ + "4429cd213094b8cb8b85afb9517140c551133333a920bbf82ba6cb1dfcbb9434" + ], + "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUNONCE", + "value_name": "Kqgi" + }, + { + "hashes": [ + "67d0e7c7c6ef03c64b8ff8b0e911de0e2b2e13925d78274b758dbf2b43cbe99f" + ], + "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUNONCE", + "value_name": "Uvxx" + }, + { + "hashes": [ + "9f6df629221781bdb2a5d1147f759819fbe05bf30862b871d50e6a912632bc5e" + ], + "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUNONCE", + "value_name": "Qsma" + }, + { + "hashes": [ + "3a25508291ec509c10f80ae66fe28e4c99b67dc71548ee679f3db6d0c8b1a8c1" + ], + "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUNONCE", + "value_name": "Vzva" + }, + { + "hashes": [ + "47df64e82a237af5045e6fc6da1ed065302825eace28c86e0d622f6b9f29cddc" + ], + "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUNONCE", + "value_name": "Fhit" + }, + { + "hashes": [ + "2ed399e979fa1ad8971db52bf7c295584d8f5834c9546a8753db2d8674936e50" + ], + "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUNONCE", + "value_name": "Opfq" + }, + { + "hashes": [ + "396e48550c04112c13456de4da057a5228757304afc0d20c74f5c24a735982a5" + ], + "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUNONCE", + "value_name": "Xarf" + }, + { + "hashes": [ + "5b5b6c36541723ae5caad84ba2c230ce3be5629fc68226f6c5663bae222a2ac8" + ], + "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUNONCE", + "value_name": "Yaxi" + }, + { + "hashes": [ + "01769ed4caabda8eeeaf95cf2769e7c70c7d07efdda8c45c99dfdc29fb6426b3" + ], + "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUNONCE", + "value_name": "Jwgz" + }, + { + "hashes": [ + "a7e31506a6f5136a74bc8e8ab40ca85f1d9a366ffaf69fbb01174c3302c2d836" + ], + "key": "<HKCU>\\SOFTWARE\\REMCOSS-2AOK38", + "value_name": null + }, + { + "hashes": [ + "a7e31506a6f5136a74bc8e8ab40ca85f1d9a366ffaf69fbb01174c3302c2d836" + ], + "key": "<HKCU>\\SOFTWARE\\REMCOSS-2AOK38", + "value_name": "exepath" + }, + { + "hashes": [ + "a7e31506a6f5136a74bc8e8ab40ca85f1d9a366ffaf69fbb01174c3302c2d836" + ], + "key": "<HKCU>\\SOFTWARE\\REMCOSS-2AOK38", + "value_name": "licence" + }, + { + "hashes": [ + "a7e31506a6f5136a74bc8e8ab40ca85f1d9a366ffaf69fbb01174c3302c2d836" + ], + "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUNONCE", + "value_name": "Xfbb" + }, + { + "hashes": [ + "284a302b8433f28439ac7adab777b0afb649eb798e869cf9f80ff9142359cb91" + ], + "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUNONCE", + "value_name": "Hlvx" + }, + { + "hashes": [ + "c2d10a0e9929a419e0fdf9ecb685b63b8027c93e27e41d8a19965b0b5fb315f6" + ], + "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUNONCE", + "value_name": "Jkpt" + } + ] + }, + "reports_count": 17 + }, + "Win.Packed.Dridex-7914375-0": { + "bis": [ + { + "bi": "pe-encrypted-section", + "hashes": [ + "d5f3c9eab2e825b6e670dd529d1bb2212baf54437bd56915ecd6932b1745328a", + "9f0ab6f0b08a40138b4de3be8cd9c40333c4a5e30f476e632bfd715c20e7e1ba", + "031f4d2eb9e330adfbe2767c568c49a45f8feada9d466b2f09f5cfa6c321760a", + "846c29654222d6d540794abb5adff6da8aee5ecbc0f40ec9aec75610ff75f9d2", + "a098e6f2a14908c4220bcc59c872d331841b3d7beaaea945717439be15778a23", + "9366c5124ceb956ef97059b5b649707c0732a85e6912232294d5e3bcb078dd7f", + "5978e277d535ae6803d988ec03a5bb068a9930f4daf85ab966ac92278f59dabc", + "d63b9fcd6e2a3da9965cd991c2280c0297f0ddf9b38000eda95181e4f02736f7", + "6dde7661cbe3990f93ec05bfbd95f587bc857d576e79144f8c65cf9a36ae6c0c", + "15c213fa11b0440a690133df83c63e7f2729eb1b41e7143291f98a4b9d29f7a5", + "24770b17a0dff8ff2f9f2e593b7268a7626908c4753fa2dcae27535dc58442c3", + "f9db0f7f33191a91a6a4acc1593d696b62c2a6c927c1144937e58793e2249f78", + "43704d85c99c81841be1ecef92ad63d70050dda717ae6e176b62fa3133c52de2", + "28c8c6f3c9e638e2736c296b97a3597608ad1d8f17cde25e270b6233d76621a5", + "489a1579c940e2f4be4c7d47814e8dcc06e553e06418f826f47c973563ed42b8", + "95d71c0954cefa05cfcf7714d48c6a91208d9aa72bd232a393795ee5e0c970b3", + "9b363933d9304a7961a176a38585b509294769a7f8d2e49167e716582c6b0bf2", + "09bb829f1336b37f91bb6537a6ba0a2ac3b81919f99b49c7cea118c5cc1f6d55", + "7cca7d60a1503856ae962c4d98a8ad3d9fe22b3b0f1f09f2d2d66de27fc9d98e", + "03a38ff6103211309f144831629678a03a36d87c8fd071f6c314d22d37184867", + "fe6fad62d3e63eed458d33cfec58e20468d685bc21f69161f5f036bd5eb3c926", + "dfa766780679c50e15c2d0c1f64bccf78f1bedca63f0522804dab50cc5e173b1", + "e522387fcdded272d4382d03cccc979347e399abfef2319553022f5249ec7e9d" + ], + "mitre_attack_tags": [ + "TA0005", + "T1027" + ] + }, + { + "bi": "memory-execute-readwrite", + "hashes": [ + "d5f3c9eab2e825b6e670dd529d1bb2212baf54437bd56915ecd6932b1745328a", + "9f0ab6f0b08a40138b4de3be8cd9c40333c4a5e30f476e632bfd715c20e7e1ba", + "031f4d2eb9e330adfbe2767c568c49a45f8feada9d466b2f09f5cfa6c321760a", + "846c29654222d6d540794abb5adff6da8aee5ecbc0f40ec9aec75610ff75f9d2", + "a098e6f2a14908c4220bcc59c872d331841b3d7beaaea945717439be15778a23", + "9366c5124ceb956ef97059b5b649707c0732a85e6912232294d5e3bcb078dd7f", + "5978e277d535ae6803d988ec03a5bb068a9930f4daf85ab966ac92278f59dabc", + "d63b9fcd6e2a3da9965cd991c2280c0297f0ddf9b38000eda95181e4f02736f7", + "6dde7661cbe3990f93ec05bfbd95f587bc857d576e79144f8c65cf9a36ae6c0c", + "15c213fa11b0440a690133df83c63e7f2729eb1b41e7143291f98a4b9d29f7a5", + "24770b17a0dff8ff2f9f2e593b7268a7626908c4753fa2dcae27535dc58442c3", + "f9db0f7f33191a91a6a4acc1593d696b62c2a6c927c1144937e58793e2249f78", + "43704d85c99c81841be1ecef92ad63d70050dda717ae6e176b62fa3133c52de2", + "28c8c6f3c9e638e2736c296b97a3597608ad1d8f17cde25e270b6233d76621a5", + "489a1579c940e2f4be4c7d47814e8dcc06e553e06418f826f47c973563ed42b8", + "95d71c0954cefa05cfcf7714d48c6a91208d9aa72bd232a393795ee5e0c970b3", + "9b363933d9304a7961a176a38585b509294769a7f8d2e49167e716582c6b0bf2", + "09bb829f1336b37f91bb6537a6ba0a2ac3b81919f99b49c7cea118c5cc1f6d55", + "7cca7d60a1503856ae962c4d98a8ad3d9fe22b3b0f1f09f2d2d66de27fc9d98e", + "03a38ff6103211309f144831629678a03a36d87c8fd071f6c314d22d37184867", + "fe6fad62d3e63eed458d33cfec58e20468d685bc21f69161f5f036bd5eb3c926", + "dfa766780679c50e15c2d0c1f64bccf78f1bedca63f0522804dab50cc5e173b1", + "e522387fcdded272d4382d03cccc979347e399abfef2319553022f5249ec7e9d" + ], + "mitre_attack_tags": [ + "TA0005", + "TA0004", + "T1055", + "T1181" + ] + }, + { + "bi": "modified-executable", + "hashes": [ + "d5f3c9eab2e825b6e670dd529d1bb2212baf54437bd56915ecd6932b1745328a", + "9f0ab6f0b08a40138b4de3be8cd9c40333c4a5e30f476e632bfd715c20e7e1ba", + "031f4d2eb9e330adfbe2767c568c49a45f8feada9d466b2f09f5cfa6c321760a", + "846c29654222d6d540794abb5adff6da8aee5ecbc0f40ec9aec75610ff75f9d2", + "a098e6f2a14908c4220bcc59c872d331841b3d7beaaea945717439be15778a23", + "9366c5124ceb956ef97059b5b649707c0732a85e6912232294d5e3bcb078dd7f", + "5978e277d535ae6803d988ec03a5bb068a9930f4daf85ab966ac92278f59dabc", + "d63b9fcd6e2a3da9965cd991c2280c0297f0ddf9b38000eda95181e4f02736f7", + "6dde7661cbe3990f93ec05bfbd95f587bc857d576e79144f8c65cf9a36ae6c0c", + "15c213fa11b0440a690133df83c63e7f2729eb1b41e7143291f98a4b9d29f7a5", + "24770b17a0dff8ff2f9f2e593b7268a7626908c4753fa2dcae27535dc58442c3", + "f9db0f7f33191a91a6a4acc1593d696b62c2a6c927c1144937e58793e2249f78", + "43704d85c99c81841be1ecef92ad63d70050dda717ae6e176b62fa3133c52de2", + "28c8c6f3c9e638e2736c296b97a3597608ad1d8f17cde25e270b6233d76621a5", + "489a1579c940e2f4be4c7d47814e8dcc06e553e06418f826f47c973563ed42b8", + "95d71c0954cefa05cfcf7714d48c6a91208d9aa72bd232a393795ee5e0c970b3", + "9b363933d9304a7961a176a38585b509294769a7f8d2e49167e716582c6b0bf2", + "09bb829f1336b37f91bb6537a6ba0a2ac3b81919f99b49c7cea118c5cc1f6d55", + "7cca7d60a1503856ae962c4d98a8ad3d9fe22b3b0f1f09f2d2d66de27fc9d98e", + "03a38ff6103211309f144831629678a03a36d87c8fd071f6c314d22d37184867", + "fe6fad62d3e63eed458d33cfec58e20468d685bc21f69161f5f036bd5eb3c926", + "dfa766780679c50e15c2d0c1f64bccf78f1bedca63f0522804dab50cc5e173b1", + "e522387fcdded272d4382d03cccc979347e399abfef2319553022f5249ec7e9d" + ], + "mitre_attack_tags": [] + }, + { + "bi": "antivirus-service-flagged-artifact", + "hashes": [ + "d5f3c9eab2e825b6e670dd529d1bb2212baf54437bd56915ecd6932b1745328a", + "9f0ab6f0b08a40138b4de3be8cd9c40333c4a5e30f476e632bfd715c20e7e1ba", + "031f4d2eb9e330adfbe2767c568c49a45f8feada9d466b2f09f5cfa6c321760a", + "846c29654222d6d540794abb5adff6da8aee5ecbc0f40ec9aec75610ff75f9d2", + "a098e6f2a14908c4220bcc59c872d331841b3d7beaaea945717439be15778a23", + "9366c5124ceb956ef97059b5b649707c0732a85e6912232294d5e3bcb078dd7f", + "5978e277d535ae6803d988ec03a5bb068a9930f4daf85ab966ac92278f59dabc", + "d63b9fcd6e2a3da9965cd991c2280c0297f0ddf9b38000eda95181e4f02736f7", + "6dde7661cbe3990f93ec05bfbd95f587bc857d576e79144f8c65cf9a36ae6c0c", + "15c213fa11b0440a690133df83c63e7f2729eb1b41e7143291f98a4b9d29f7a5", + "24770b17a0dff8ff2f9f2e593b7268a7626908c4753fa2dcae27535dc58442c3", + "f9db0f7f33191a91a6a4acc1593d696b62c2a6c927c1144937e58793e2249f78", + "43704d85c99c81841be1ecef92ad63d70050dda717ae6e176b62fa3133c52de2", + "28c8c6f3c9e638e2736c296b97a3597608ad1d8f17cde25e270b6233d76621a5", + "489a1579c940e2f4be4c7d47814e8dcc06e553e06418f826f47c973563ed42b8", + "95d71c0954cefa05cfcf7714d48c6a91208d9aa72bd232a393795ee5e0c970b3", + "9b363933d9304a7961a176a38585b509294769a7f8d2e49167e716582c6b0bf2", + "09bb829f1336b37f91bb6537a6ba0a2ac3b81919f99b49c7cea118c5cc1f6d55", + "7cca7d60a1503856ae962c4d98a8ad3d9fe22b3b0f1f09f2d2d66de27fc9d98e", + "03a38ff6103211309f144831629678a03a36d87c8fd071f6c314d22d37184867", + "fe6fad62d3e63eed458d33cfec58e20468d685bc21f69161f5f036bd5eb3c926", + "dfa766780679c50e15c2d0c1f64bccf78f1bedca63f0522804dab50cc5e173b1", + "e522387fcdded272d4382d03cccc979347e399abfef2319553022f5249ec7e9d" + ], + "mitre_attack_tags": [] + }, + { + "bi": "cta-static-analyzer-malicious", + "hashes": [ + "d5f3c9eab2e825b6e670dd529d1bb2212baf54437bd56915ecd6932b1745328a", + "9f0ab6f0b08a40138b4de3be8cd9c40333c4a5e30f476e632bfd715c20e7e1ba", + "031f4d2eb9e330adfbe2767c568c49a45f8feada9d466b2f09f5cfa6c321760a", + "846c29654222d6d540794abb5adff6da8aee5ecbc0f40ec9aec75610ff75f9d2", + "a098e6f2a14908c4220bcc59c872d331841b3d7beaaea945717439be15778a23", + "9366c5124ceb956ef97059b5b649707c0732a85e6912232294d5e3bcb078dd7f", + "5978e277d535ae6803d988ec03a5bb068a9930f4daf85ab966ac92278f59dabc", + "d63b9fcd6e2a3da9965cd991c2280c0297f0ddf9b38000eda95181e4f02736f7", + "6dde7661cbe3990f93ec05bfbd95f587bc857d576e79144f8c65cf9a36ae6c0c", + "15c213fa11b0440a690133df83c63e7f2729eb1b41e7143291f98a4b9d29f7a5", + "24770b17a0dff8ff2f9f2e593b7268a7626908c4753fa2dcae27535dc58442c3", + "f9db0f7f33191a91a6a4acc1593d696b62c2a6c927c1144937e58793e2249f78", + "43704d85c99c81841be1ecef92ad63d70050dda717ae6e176b62fa3133c52de2", + "28c8c6f3c9e638e2736c296b97a3597608ad1d8f17cde25e270b6233d76621a5", + "489a1579c940e2f4be4c7d47814e8dcc06e553e06418f826f47c973563ed42b8", + "95d71c0954cefa05cfcf7714d48c6a91208d9aa72bd232a393795ee5e0c970b3", + "9b363933d9304a7961a176a38585b509294769a7f8d2e49167e716582c6b0bf2", + "09bb829f1336b37f91bb6537a6ba0a2ac3b81919f99b49c7cea118c5cc1f6d55", + "7cca7d60a1503856ae962c4d98a8ad3d9fe22b3b0f1f09f2d2d66de27fc9d98e", + "03a38ff6103211309f144831629678a03a36d87c8fd071f6c314d22d37184867", + "fe6fad62d3e63eed458d33cfec58e20468d685bc21f69161f5f036bd5eb3c926", + "dfa766780679c50e15c2d0c1f64bccf78f1bedca63f0522804dab50cc5e173b1", + "e522387fcdded272d4382d03cccc979347e399abfef2319553022f5249ec7e9d" + ], + "mitre_attack_tags": [] + }, + { + "bi": "artifact-flagged-anomaly", + "hashes": [ + "d5f3c9eab2e825b6e670dd529d1bb2212baf54437bd56915ecd6932b1745328a", + "9f0ab6f0b08a40138b4de3be8cd9c40333c4a5e30f476e632bfd715c20e7e1ba", + "031f4d2eb9e330adfbe2767c568c49a45f8feada9d466b2f09f5cfa6c321760a", + "846c29654222d6d540794abb5adff6da8aee5ecbc0f40ec9aec75610ff75f9d2", + "a098e6f2a14908c4220bcc59c872d331841b3d7beaaea945717439be15778a23", + "9366c5124ceb956ef97059b5b649707c0732a85e6912232294d5e3bcb078dd7f", + "5978e277d535ae6803d988ec03a5bb068a9930f4daf85ab966ac92278f59dabc", + "d63b9fcd6e2a3da9965cd991c2280c0297f0ddf9b38000eda95181e4f02736f7", + "6dde7661cbe3990f93ec05bfbd95f587bc857d576e79144f8c65cf9a36ae6c0c", + "15c213fa11b0440a690133df83c63e7f2729eb1b41e7143291f98a4b9d29f7a5", + "24770b17a0dff8ff2f9f2e593b7268a7626908c4753fa2dcae27535dc58442c3", + "f9db0f7f33191a91a6a4acc1593d696b62c2a6c927c1144937e58793e2249f78", + "43704d85c99c81841be1ecef92ad63d70050dda717ae6e176b62fa3133c52de2", + "28c8c6f3c9e638e2736c296b97a3597608ad1d8f17cde25e270b6233d76621a5", + "489a1579c940e2f4be4c7d47814e8dcc06e553e06418f826f47c973563ed42b8", + "95d71c0954cefa05cfcf7714d48c6a91208d9aa72bd232a393795ee5e0c970b3", + "9b363933d9304a7961a176a38585b509294769a7f8d2e49167e716582c6b0bf2", + "09bb829f1336b37f91bb6537a6ba0a2ac3b81919f99b49c7cea118c5cc1f6d55", + "7cca7d60a1503856ae962c4d98a8ad3d9fe22b3b0f1f09f2d2d66de27fc9d98e", + "03a38ff6103211309f144831629678a03a36d87c8fd071f6c314d22d37184867", + "fe6fad62d3e63eed458d33cfec58e20468d685bc21f69161f5f036bd5eb3c926", + "dfa766780679c50e15c2d0c1f64bccf78f1bedca63f0522804dab50cc5e173b1", + "e522387fcdded272d4382d03cccc979347e399abfef2319553022f5249ec7e9d" + ], + "mitre_attack_tags": [ + "TA0005", + "T1027" + ] + }, + { + "bi": "pe-section-execute-writable", + "hashes": [ + "d5f3c9eab2e825b6e670dd529d1bb2212baf54437bd56915ecd6932b1745328a", + "9f0ab6f0b08a40138b4de3be8cd9c40333c4a5e30f476e632bfd715c20e7e1ba", + "031f4d2eb9e330adfbe2767c568c49a45f8feada9d466b2f09f5cfa6c321760a", + "846c29654222d6d540794abb5adff6da8aee5ecbc0f40ec9aec75610ff75f9d2", + "a098e6f2a14908c4220bcc59c872d331841b3d7beaaea945717439be15778a23", + "9366c5124ceb956ef97059b5b649707c0732a85e6912232294d5e3bcb078dd7f", + "5978e277d535ae6803d988ec03a5bb068a9930f4daf85ab966ac92278f59dabc", + "d63b9fcd6e2a3da9965cd991c2280c0297f0ddf9b38000eda95181e4f02736f7", + "6dde7661cbe3990f93ec05bfbd95f587bc857d576e79144f8c65cf9a36ae6c0c", + "15c213fa11b0440a690133df83c63e7f2729eb1b41e7143291f98a4b9d29f7a5", + "24770b17a0dff8ff2f9f2e593b7268a7626908c4753fa2dcae27535dc58442c3", + "f9db0f7f33191a91a6a4acc1593d696b62c2a6c927c1144937e58793e2249f78", + "43704d85c99c81841be1ecef92ad63d70050dda717ae6e176b62fa3133c52de2", + "28c8c6f3c9e638e2736c296b97a3597608ad1d8f17cde25e270b6233d76621a5", + "489a1579c940e2f4be4c7d47814e8dcc06e553e06418f826f47c973563ed42b8", + "95d71c0954cefa05cfcf7714d48c6a91208d9aa72bd232a393795ee5e0c970b3", + "9b363933d9304a7961a176a38585b509294769a7f8d2e49167e716582c6b0bf2", + "09bb829f1336b37f91bb6537a6ba0a2ac3b81919f99b49c7cea118c5cc1f6d55", + "7cca7d60a1503856ae962c4d98a8ad3d9fe22b3b0f1f09f2d2d66de27fc9d98e", + "03a38ff6103211309f144831629678a03a36d87c8fd071f6c314d22d37184867", + "fe6fad62d3e63eed458d33cfec58e20468d685bc21f69161f5f036bd5eb3c926", + "dfa766780679c50e15c2d0c1f64bccf78f1bedca63f0522804dab50cc5e173b1", + "e522387fcdded272d4382d03cccc979347e399abfef2319553022f5249ec7e9d" + ], + "mitre_attack_tags": [ + "TA0005", + "T1027" + ] + }, + { + "bi": "network-fast-flux-domain", + "hashes": [ + "d5f3c9eab2e825b6e670dd529d1bb2212baf54437bd56915ecd6932b1745328a", + "9f0ab6f0b08a40138b4de3be8cd9c40333c4a5e30f476e632bfd715c20e7e1ba", + "031f4d2eb9e330adfbe2767c568c49a45f8feada9d466b2f09f5cfa6c321760a", + "846c29654222d6d540794abb5adff6da8aee5ecbc0f40ec9aec75610ff75f9d2", + "a098e6f2a14908c4220bcc59c872d331841b3d7beaaea945717439be15778a23", + "9366c5124ceb956ef97059b5b649707c0732a85e6912232294d5e3bcb078dd7f", + "5978e277d535ae6803d988ec03a5bb068a9930f4daf85ab966ac92278f59dabc", + "d63b9fcd6e2a3da9965cd991c2280c0297f0ddf9b38000eda95181e4f02736f7", + "6dde7661cbe3990f93ec05bfbd95f587bc857d576e79144f8c65cf9a36ae6c0c", + "15c213fa11b0440a690133df83c63e7f2729eb1b41e7143291f98a4b9d29f7a5", + "24770b17a0dff8ff2f9f2e593b7268a7626908c4753fa2dcae27535dc58442c3", + "f9db0f7f33191a91a6a4acc1593d696b62c2a6c927c1144937e58793e2249f78", + "43704d85c99c81841be1ecef92ad63d70050dda717ae6e176b62fa3133c52de2", + "28c8c6f3c9e638e2736c296b97a3597608ad1d8f17cde25e270b6233d76621a5", + "489a1579c940e2f4be4c7d47814e8dcc06e553e06418f826f47c973563ed42b8", + "95d71c0954cefa05cfcf7714d48c6a91208d9aa72bd232a393795ee5e0c970b3", + "9b363933d9304a7961a176a38585b509294769a7f8d2e49167e716582c6b0bf2", + "09bb829f1336b37f91bb6537a6ba0a2ac3b81919f99b49c7cea118c5cc1f6d55", + "7cca7d60a1503856ae962c4d98a8ad3d9fe22b3b0f1f09f2d2d66de27fc9d98e", + "03a38ff6103211309f144831629678a03a36d87c8fd071f6c314d22d37184867", + "fe6fad62d3e63eed458d33cfec58e20468d685bc21f69161f5f036bd5eb3c926", + "dfa766780679c50e15c2d0c1f64bccf78f1bedca63f0522804dab50cc5e173b1", + "e522387fcdded272d4382d03cccc979347e399abfef2319553022f5249ec7e9d" + ], + "mitre_attack_tags": [] + }, + { + "bi": "network-communications-http-get", + "hashes": [ + "d5f3c9eab2e825b6e670dd529d1bb2212baf54437bd56915ecd6932b1745328a", + "9f0ab6f0b08a40138b4de3be8cd9c40333c4a5e30f476e632bfd715c20e7e1ba", + "031f4d2eb9e330adfbe2767c568c49a45f8feada9d466b2f09f5cfa6c321760a", + "846c29654222d6d540794abb5adff6da8aee5ecbc0f40ec9aec75610ff75f9d2", + "a098e6f2a14908c4220bcc59c872d331841b3d7beaaea945717439be15778a23", + "9366c5124ceb956ef97059b5b649707c0732a85e6912232294d5e3bcb078dd7f", + "5978e277d535ae6803d988ec03a5bb068a9930f4daf85ab966ac92278f59dabc", + "d63b9fcd6e2a3da9965cd991c2280c0297f0ddf9b38000eda95181e4f02736f7", + "6dde7661cbe3990f93ec05bfbd95f587bc857d576e79144f8c65cf9a36ae6c0c", + "15c213fa11b0440a690133df83c63e7f2729eb1b41e7143291f98a4b9d29f7a5", + "24770b17a0dff8ff2f9f2e593b7268a7626908c4753fa2dcae27535dc58442c3", + "f9db0f7f33191a91a6a4acc1593d696b62c2a6c927c1144937e58793e2249f78", + "43704d85c99c81841be1ecef92ad63d70050dda717ae6e176b62fa3133c52de2", + "28c8c6f3c9e638e2736c296b97a3597608ad1d8f17cde25e270b6233d76621a5", + "489a1579c940e2f4be4c7d47814e8dcc06e553e06418f826f47c973563ed42b8", + "95d71c0954cefa05cfcf7714d48c6a91208d9aa72bd232a393795ee5e0c970b3", + "9b363933d9304a7961a176a38585b509294769a7f8d2e49167e716582c6b0bf2", + "09bb829f1336b37f91bb6537a6ba0a2ac3b81919f99b49c7cea118c5cc1f6d55", + "7cca7d60a1503856ae962c4d98a8ad3d9fe22b3b0f1f09f2d2d66de27fc9d98e", + "03a38ff6103211309f144831629678a03a36d87c8fd071f6c314d22d37184867", + "fe6fad62d3e63eed458d33cfec58e20468d685bc21f69161f5f036bd5eb3c926", + "dfa766780679c50e15c2d0c1f64bccf78f1bedca63f0522804dab50cc5e173b1", + "e522387fcdded272d4382d03cccc979347e399abfef2319553022f5249ec7e9d" + ], + "mitre_attack_tags": [ + "TA0011", + "TA0010", + "T1105", + "T1043" + ] + }, + { + "bi": "network-fast-flux-nameserver", + "hashes": [ + "d5f3c9eab2e825b6e670dd529d1bb2212baf54437bd56915ecd6932b1745328a", + "9f0ab6f0b08a40138b4de3be8cd9c40333c4a5e30f476e632bfd715c20e7e1ba", + "031f4d2eb9e330adfbe2767c568c49a45f8feada9d466b2f09f5cfa6c321760a", + "846c29654222d6d540794abb5adff6da8aee5ecbc0f40ec9aec75610ff75f9d2", + "a098e6f2a14908c4220bcc59c872d331841b3d7beaaea945717439be15778a23", + "9366c5124ceb956ef97059b5b649707c0732a85e6912232294d5e3bcb078dd7f", + "5978e277d535ae6803d988ec03a5bb068a9930f4daf85ab966ac92278f59dabc", + "d63b9fcd6e2a3da9965cd991c2280c0297f0ddf9b38000eda95181e4f02736f7", + "6dde7661cbe3990f93ec05bfbd95f587bc857d576e79144f8c65cf9a36ae6c0c", + "15c213fa11b0440a690133df83c63e7f2729eb1b41e7143291f98a4b9d29f7a5", + "24770b17a0dff8ff2f9f2e593b7268a7626908c4753fa2dcae27535dc58442c3", + "f9db0f7f33191a91a6a4acc1593d696b62c2a6c927c1144937e58793e2249f78", + "43704d85c99c81841be1ecef92ad63d70050dda717ae6e176b62fa3133c52de2", + "28c8c6f3c9e638e2736c296b97a3597608ad1d8f17cde25e270b6233d76621a5", + "489a1579c940e2f4be4c7d47814e8dcc06e553e06418f826f47c973563ed42b8", + "95d71c0954cefa05cfcf7714d48c6a91208d9aa72bd232a393795ee5e0c970b3", + "9b363933d9304a7961a176a38585b509294769a7f8d2e49167e716582c6b0bf2", + "09bb829f1336b37f91bb6537a6ba0a2ac3b81919f99b49c7cea118c5cc1f6d55", + "7cca7d60a1503856ae962c4d98a8ad3d9fe22b3b0f1f09f2d2d66de27fc9d98e", + "03a38ff6103211309f144831629678a03a36d87c8fd071f6c314d22d37184867", + "fe6fad62d3e63eed458d33cfec58e20468d685bc21f69161f5f036bd5eb3c926", + "dfa766780679c50e15c2d0c1f64bccf78f1bedca63f0522804dab50cc5e173b1", + "e522387fcdded272d4382d03cccc979347e399abfef2319553022f5249ec7e9d" + ], + "mitre_attack_tags": [] + }, + { + "bi": "dns-query-nxdomain", + "hashes": [ + "d5f3c9eab2e825b6e670dd529d1bb2212baf54437bd56915ecd6932b1745328a", + "9f0ab6f0b08a40138b4de3be8cd9c40333c4a5e30f476e632bfd715c20e7e1ba", + "031f4d2eb9e330adfbe2767c568c49a45f8feada9d466b2f09f5cfa6c321760a", + "846c29654222d6d540794abb5adff6da8aee5ecbc0f40ec9aec75610ff75f9d2", + "a098e6f2a14908c4220bcc59c872d331841b3d7beaaea945717439be15778a23", + "9366c5124ceb956ef97059b5b649707c0732a85e6912232294d5e3bcb078dd7f", + "5978e277d535ae6803d988ec03a5bb068a9930f4daf85ab966ac92278f59dabc", + "d63b9fcd6e2a3da9965cd991c2280c0297f0ddf9b38000eda95181e4f02736f7", + "6dde7661cbe3990f93ec05bfbd95f587bc857d576e79144f8c65cf9a36ae6c0c", + "15c213fa11b0440a690133df83c63e7f2729eb1b41e7143291f98a4b9d29f7a5", + "24770b17a0dff8ff2f9f2e593b7268a7626908c4753fa2dcae27535dc58442c3", + "f9db0f7f33191a91a6a4acc1593d696b62c2a6c927c1144937e58793e2249f78", + "43704d85c99c81841be1ecef92ad63d70050dda717ae6e176b62fa3133c52de2", + "28c8c6f3c9e638e2736c296b97a3597608ad1d8f17cde25e270b6233d76621a5", + "489a1579c940e2f4be4c7d47814e8dcc06e553e06418f826f47c973563ed42b8", + "95d71c0954cefa05cfcf7714d48c6a91208d9aa72bd232a393795ee5e0c970b3", + "9b363933d9304a7961a176a38585b509294769a7f8d2e49167e716582c6b0bf2", + "09bb829f1336b37f91bb6537a6ba0a2ac3b81919f99b49c7cea118c5cc1f6d55", + "7cca7d60a1503856ae962c4d98a8ad3d9fe22b3b0f1f09f2d2d66de27fc9d98e", + "03a38ff6103211309f144831629678a03a36d87c8fd071f6c314d22d37184867", + "fe6fad62d3e63eed458d33cfec58e20468d685bc21f69161f5f036bd5eb3c926", + "dfa766780679c50e15c2d0c1f64bccf78f1bedca63f0522804dab50cc5e173b1", + "e522387fcdded272d4382d03cccc979347e399abfef2319553022f5249ec7e9d" + ], + "mitre_attack_tags": [] + }, + { + "bi": "network-snort-protocol", + "hashes": [ + "d5f3c9eab2e825b6e670dd529d1bb2212baf54437bd56915ecd6932b1745328a", + "9f0ab6f0b08a40138b4de3be8cd9c40333c4a5e30f476e632bfd715c20e7e1ba", + "031f4d2eb9e330adfbe2767c568c49a45f8feada9d466b2f09f5cfa6c321760a", + "846c29654222d6d540794abb5adff6da8aee5ecbc0f40ec9aec75610ff75f9d2", + "a098e6f2a14908c4220bcc59c872d331841b3d7beaaea945717439be15778a23", + "9366c5124ceb956ef97059b5b649707c0732a85e6912232294d5e3bcb078dd7f", + "5978e277d535ae6803d988ec03a5bb068a9930f4daf85ab966ac92278f59dabc", + "d63b9fcd6e2a3da9965cd991c2280c0297f0ddf9b38000eda95181e4f02736f7", + "6dde7661cbe3990f93ec05bfbd95f587bc857d576e79144f8c65cf9a36ae6c0c", + "15c213fa11b0440a690133df83c63e7f2729eb1b41e7143291f98a4b9d29f7a5", + "24770b17a0dff8ff2f9f2e593b7268a7626908c4753fa2dcae27535dc58442c3", + "f9db0f7f33191a91a6a4acc1593d696b62c2a6c927c1144937e58793e2249f78", + "43704d85c99c81841be1ecef92ad63d70050dda717ae6e176b62fa3133c52de2", + "28c8c6f3c9e638e2736c296b97a3597608ad1d8f17cde25e270b6233d76621a5", + "489a1579c940e2f4be4c7d47814e8dcc06e553e06418f826f47c973563ed42b8", + "95d71c0954cefa05cfcf7714d48c6a91208d9aa72bd232a393795ee5e0c970b3", + "9b363933d9304a7961a176a38585b509294769a7f8d2e49167e716582c6b0bf2", + "09bb829f1336b37f91bb6537a6ba0a2ac3b81919f99b49c7cea118c5cc1f6d55", + "7cca7d60a1503856ae962c4d98a8ad3d9fe22b3b0f1f09f2d2d66de27fc9d98e", + "03a38ff6103211309f144831629678a03a36d87c8fd071f6c314d22d37184867", + "fe6fad62d3e63eed458d33cfec58e20468d685bc21f69161f5f036bd5eb3c926", + "dfa766780679c50e15c2d0c1f64bccf78f1bedca63f0522804dab50cc5e173b1", + "e522387fcdded272d4382d03cccc979347e399abfef2319553022f5249ec7e9d" + ], + "mitre_attack_tags": [] + }, + { + "bi": "network-only-safe-domains-contacted", + "hashes": [ + "d5f3c9eab2e825b6e670dd529d1bb2212baf54437bd56915ecd6932b1745328a", + "9f0ab6f0b08a40138b4de3be8cd9c40333c4a5e30f476e632bfd715c20e7e1ba", + "031f4d2eb9e330adfbe2767c568c49a45f8feada9d466b2f09f5cfa6c321760a", + "846c29654222d6d540794abb5adff6da8aee5ecbc0f40ec9aec75610ff75f9d2", + "a098e6f2a14908c4220bcc59c872d331841b3d7beaaea945717439be15778a23", + "9366c5124ceb956ef97059b5b649707c0732a85e6912232294d5e3bcb078dd7f", + "5978e277d535ae6803d988ec03a5bb068a9930f4daf85ab966ac92278f59dabc", + "d63b9fcd6e2a3da9965cd991c2280c0297f0ddf9b38000eda95181e4f02736f7", + "6dde7661cbe3990f93ec05bfbd95f587bc857d576e79144f8c65cf9a36ae6c0c", + "15c213fa11b0440a690133df83c63e7f2729eb1b41e7143291f98a4b9d29f7a5", + "24770b17a0dff8ff2f9f2e593b7268a7626908c4753fa2dcae27535dc58442c3", + "f9db0f7f33191a91a6a4acc1593d696b62c2a6c927c1144937e58793e2249f78", + "43704d85c99c81841be1ecef92ad63d70050dda717ae6e176b62fa3133c52de2", + "28c8c6f3c9e638e2736c296b97a3597608ad1d8f17cde25e270b6233d76621a5", + "489a1579c940e2f4be4c7d47814e8dcc06e553e06418f826f47c973563ed42b8", + "95d71c0954cefa05cfcf7714d48c6a91208d9aa72bd232a393795ee5e0c970b3", + "9b363933d9304a7961a176a38585b509294769a7f8d2e49167e716582c6b0bf2", + "09bb829f1336b37f91bb6537a6ba0a2ac3b81919f99b49c7cea118c5cc1f6d55", + "7cca7d60a1503856ae962c4d98a8ad3d9fe22b3b0f1f09f2d2d66de27fc9d98e", + "03a38ff6103211309f144831629678a03a36d87c8fd071f6c314d22d37184867", + "fe6fad62d3e63eed458d33cfec58e20468d685bc21f69161f5f036bd5eb3c926", + "dfa766780679c50e15c2d0c1f64bccf78f1bedca63f0522804dab50cc5e173b1", + "e522387fcdded272d4382d03cccc979347e399abfef2319553022f5249ec7e9d" + ], + "mitre_attack_tags": [] + }, + { + "bi": "feed-domain-banking", + "hashes": [ + "d5f3c9eab2e825b6e670dd529d1bb2212baf54437bd56915ecd6932b1745328a", + "9f0ab6f0b08a40138b4de3be8cd9c40333c4a5e30f476e632bfd715c20e7e1ba", + "031f4d2eb9e330adfbe2767c568c49a45f8feada9d466b2f09f5cfa6c321760a", + "846c29654222d6d540794abb5adff6da8aee5ecbc0f40ec9aec75610ff75f9d2", + "a098e6f2a14908c4220bcc59c872d331841b3d7beaaea945717439be15778a23", + "9366c5124ceb956ef97059b5b649707c0732a85e6912232294d5e3bcb078dd7f", + "5978e277d535ae6803d988ec03a5bb068a9930f4daf85ab966ac92278f59dabc", + "d63b9fcd6e2a3da9965cd991c2280c0297f0ddf9b38000eda95181e4f02736f7", + "6dde7661cbe3990f93ec05bfbd95f587bc857d576e79144f8c65cf9a36ae6c0c", + "15c213fa11b0440a690133df83c63e7f2729eb1b41e7143291f98a4b9d29f7a5", + "24770b17a0dff8ff2f9f2e593b7268a7626908c4753fa2dcae27535dc58442c3", + "f9db0f7f33191a91a6a4acc1593d696b62c2a6c927c1144937e58793e2249f78", + "43704d85c99c81841be1ecef92ad63d70050dda717ae6e176b62fa3133c52de2", + "28c8c6f3c9e638e2736c296b97a3597608ad1d8f17cde25e270b6233d76621a5", + "489a1579c940e2f4be4c7d47814e8dcc06e553e06418f826f47c973563ed42b8", + "95d71c0954cefa05cfcf7714d48c6a91208d9aa72bd232a393795ee5e0c970b3", + "9b363933d9304a7961a176a38585b509294769a7f8d2e49167e716582c6b0bf2", + "09bb829f1336b37f91bb6537a6ba0a2ac3b81919f99b49c7cea118c5cc1f6d55", + "7cca7d60a1503856ae962c4d98a8ad3d9fe22b3b0f1f09f2d2d66de27fc9d98e", + "03a38ff6103211309f144831629678a03a36d87c8fd071f6c314d22d37184867", + "fe6fad62d3e63eed458d33cfec58e20468d685bc21f69161f5f036bd5eb3c926", + "dfa766780679c50e15c2d0c1f64bccf78f1bedca63f0522804dab50cc5e173b1", + "e522387fcdded272d4382d03cccc979347e399abfef2319553022f5249ec7e9d" + ], + "mitre_attack_tags": [] + }, + { + "bi": "feed-domain-antivirus-service", + "hashes": [ + "d5f3c9eab2e825b6e670dd529d1bb2212baf54437bd56915ecd6932b1745328a", + "9f0ab6f0b08a40138b4de3be8cd9c40333c4a5e30f476e632bfd715c20e7e1ba", + "031f4d2eb9e330adfbe2767c568c49a45f8feada9d466b2f09f5cfa6c321760a", + "846c29654222d6d540794abb5adff6da8aee5ecbc0f40ec9aec75610ff75f9d2", + "a098e6f2a14908c4220bcc59c872d331841b3d7beaaea945717439be15778a23", + "9366c5124ceb956ef97059b5b649707c0732a85e6912232294d5e3bcb078dd7f", + "5978e277d535ae6803d988ec03a5bb068a9930f4daf85ab966ac92278f59dabc", + "d63b9fcd6e2a3da9965cd991c2280c0297f0ddf9b38000eda95181e4f02736f7", + "6dde7661cbe3990f93ec05bfbd95f587bc857d576e79144f8c65cf9a36ae6c0c", + "15c213fa11b0440a690133df83c63e7f2729eb1b41e7143291f98a4b9d29f7a5", + "24770b17a0dff8ff2f9f2e593b7268a7626908c4753fa2dcae27535dc58442c3", + "f9db0f7f33191a91a6a4acc1593d696b62c2a6c927c1144937e58793e2249f78", + "43704d85c99c81841be1ecef92ad63d70050dda717ae6e176b62fa3133c52de2", + "28c8c6f3c9e638e2736c296b97a3597608ad1d8f17cde25e270b6233d76621a5", + "489a1579c940e2f4be4c7d47814e8dcc06e553e06418f826f47c973563ed42b8", + "95d71c0954cefa05cfcf7714d48c6a91208d9aa72bd232a393795ee5e0c970b3", + "9b363933d9304a7961a176a38585b509294769a7f8d2e49167e716582c6b0bf2", + "09bb829f1336b37f91bb6537a6ba0a2ac3b81919f99b49c7cea118c5cc1f6d55", + "7cca7d60a1503856ae962c4d98a8ad3d9fe22b3b0f1f09f2d2d66de27fc9d98e", + "03a38ff6103211309f144831629678a03a36d87c8fd071f6c314d22d37184867", + "fe6fad62d3e63eed458d33cfec58e20468d685bc21f69161f5f036bd5eb3c926", + "dfa766780679c50e15c2d0c1f64bccf78f1bedca63f0522804dab50cc5e173b1", + "e522387fcdded272d4382d03cccc979347e399abfef2319553022f5249ec7e9d" + ], + "mitre_attack_tags": [] + }, + { + "bi": "http-response-client-error", + "hashes": [ + "d5f3c9eab2e825b6e670dd529d1bb2212baf54437bd56915ecd6932b1745328a", + "9f0ab6f0b08a40138b4de3be8cd9c40333c4a5e30f476e632bfd715c20e7e1ba", + "031f4d2eb9e330adfbe2767c568c49a45f8feada9d466b2f09f5cfa6c321760a", + "846c29654222d6d540794abb5adff6da8aee5ecbc0f40ec9aec75610ff75f9d2", + "a098e6f2a14908c4220bcc59c872d331841b3d7beaaea945717439be15778a23", + "9366c5124ceb956ef97059b5b649707c0732a85e6912232294d5e3bcb078dd7f", + "5978e277d535ae6803d988ec03a5bb068a9930f4daf85ab966ac92278f59dabc", + "d63b9fcd6e2a3da9965cd991c2280c0297f0ddf9b38000eda95181e4f02736f7", + "6dde7661cbe3990f93ec05bfbd95f587bc857d576e79144f8c65cf9a36ae6c0c", + "15c213fa11b0440a690133df83c63e7f2729eb1b41e7143291f98a4b9d29f7a5", + "24770b17a0dff8ff2f9f2e593b7268a7626908c4753fa2dcae27535dc58442c3", + "f9db0f7f33191a91a6a4acc1593d696b62c2a6c927c1144937e58793e2249f78", + "43704d85c99c81841be1ecef92ad63d70050dda717ae6e176b62fa3133c52de2", + "28c8c6f3c9e638e2736c296b97a3597608ad1d8f17cde25e270b6233d76621a5", + "489a1579c940e2f4be4c7d47814e8dcc06e553e06418f826f47c973563ed42b8", + "95d71c0954cefa05cfcf7714d48c6a91208d9aa72bd232a393795ee5e0c970b3", + "9b363933d9304a7961a176a38585b509294769a7f8d2e49167e716582c6b0bf2", + "09bb829f1336b37f91bb6537a6ba0a2ac3b81919f99b49c7cea118c5cc1f6d55", + "7cca7d60a1503856ae962c4d98a8ad3d9fe22b3b0f1f09f2d2d66de27fc9d98e", + "03a38ff6103211309f144831629678a03a36d87c8fd071f6c314d22d37184867", + "fe6fad62d3e63eed458d33cfec58e20468d685bc21f69161f5f036bd5eb3c926", + "dfa766780679c50e15c2d0c1f64bccf78f1bedca63f0522804dab50cc5e173b1", + "e522387fcdded272d4382d03cccc979347e399abfef2319553022f5249ec7e9d" + ], + "mitre_attack_tags": [] + }, + { + "bi": "deleted-submitted-file", + "hashes": [ + "d5f3c9eab2e825b6e670dd529d1bb2212baf54437bd56915ecd6932b1745328a", + "9f0ab6f0b08a40138b4de3be8cd9c40333c4a5e30f476e632bfd715c20e7e1ba", + "031f4d2eb9e330adfbe2767c568c49a45f8feada9d466b2f09f5cfa6c321760a", + "846c29654222d6d540794abb5adff6da8aee5ecbc0f40ec9aec75610ff75f9d2", + "a098e6f2a14908c4220bcc59c872d331841b3d7beaaea945717439be15778a23", + "9366c5124ceb956ef97059b5b649707c0732a85e6912232294d5e3bcb078dd7f", + "5978e277d535ae6803d988ec03a5bb068a9930f4daf85ab966ac92278f59dabc", + "d63b9fcd6e2a3da9965cd991c2280c0297f0ddf9b38000eda95181e4f02736f7", + "6dde7661cbe3990f93ec05bfbd95f587bc857d576e79144f8c65cf9a36ae6c0c", + "15c213fa11b0440a690133df83c63e7f2729eb1b41e7143291f98a4b9d29f7a5", + "24770b17a0dff8ff2f9f2e593b7268a7626908c4753fa2dcae27535dc58442c3", + "f9db0f7f33191a91a6a4acc1593d696b62c2a6c927c1144937e58793e2249f78", + "43704d85c99c81841be1ecef92ad63d70050dda717ae6e176b62fa3133c52de2", + "28c8c6f3c9e638e2736c296b97a3597608ad1d8f17cde25e270b6233d76621a5", + "489a1579c940e2f4be4c7d47814e8dcc06e553e06418f826f47c973563ed42b8", + "95d71c0954cefa05cfcf7714d48c6a91208d9aa72bd232a393795ee5e0c970b3", + "9b363933d9304a7961a176a38585b509294769a7f8d2e49167e716582c6b0bf2", + "09bb829f1336b37f91bb6537a6ba0a2ac3b81919f99b49c7cea118c5cc1f6d55", + "7cca7d60a1503856ae962c4d98a8ad3d9fe22b3b0f1f09f2d2d66de27fc9d98e", + "03a38ff6103211309f144831629678a03a36d87c8fd071f6c314d22d37184867", + "fe6fad62d3e63eed458d33cfec58e20468d685bc21f69161f5f036bd5eb3c926", + "dfa766780679c50e15c2d0c1f64bccf78f1bedca63f0522804dab50cc5e173b1", + "e522387fcdded272d4382d03cccc979347e399abfef2319553022f5249ec7e9d" + ], + "mitre_attack_tags": [ + "TA0005", + "T1107" + ] + }, + { + "bi": "registry-autorun-key-modified", + "hashes": [ + "d5f3c9eab2e825b6e670dd529d1bb2212baf54437bd56915ecd6932b1745328a", + "9f0ab6f0b08a40138b4de3be8cd9c40333c4a5e30f476e632bfd715c20e7e1ba", + "031f4d2eb9e330adfbe2767c568c49a45f8feada9d466b2f09f5cfa6c321760a", + "846c29654222d6d540794abb5adff6da8aee5ecbc0f40ec9aec75610ff75f9d2", + "a098e6f2a14908c4220bcc59c872d331841b3d7beaaea945717439be15778a23", + "9366c5124ceb956ef97059b5b649707c0732a85e6912232294d5e3bcb078dd7f", + "5978e277d535ae6803d988ec03a5bb068a9930f4daf85ab966ac92278f59dabc", + "d63b9fcd6e2a3da9965cd991c2280c0297f0ddf9b38000eda95181e4f02736f7", + "6dde7661cbe3990f93ec05bfbd95f587bc857d576e79144f8c65cf9a36ae6c0c", + "15c213fa11b0440a690133df83c63e7f2729eb1b41e7143291f98a4b9d29f7a5", + "24770b17a0dff8ff2f9f2e593b7268a7626908c4753fa2dcae27535dc58442c3", + "f9db0f7f33191a91a6a4acc1593d696b62c2a6c927c1144937e58793e2249f78", + "43704d85c99c81841be1ecef92ad63d70050dda717ae6e176b62fa3133c52de2", + "28c8c6f3c9e638e2736c296b97a3597608ad1d8f17cde25e270b6233d76621a5", + "489a1579c940e2f4be4c7d47814e8dcc06e553e06418f826f47c973563ed42b8", + "95d71c0954cefa05cfcf7714d48c6a91208d9aa72bd232a393795ee5e0c970b3", + "9b363933d9304a7961a176a38585b509294769a7f8d2e49167e716582c6b0bf2", + "09bb829f1336b37f91bb6537a6ba0a2ac3b81919f99b49c7cea118c5cc1f6d55", + "7cca7d60a1503856ae962c4d98a8ad3d9fe22b3b0f1f09f2d2d66de27fc9d98e", + "03a38ff6103211309f144831629678a03a36d87c8fd071f6c314d22d37184867", + "fe6fad62d3e63eed458d33cfec58e20468d685bc21f69161f5f036bd5eb3c926", + "dfa766780679c50e15c2d0c1f64bccf78f1bedca63f0522804dab50cc5e173b1", + "e522387fcdded272d4382d03cccc979347e399abfef2319553022f5249ec7e9d" + ], + "mitre_attack_tags": [ + "TA0003", + "T1060" + ] + }, + { + "bi": "potential-registry-persistence", + "hashes": [ + "d5f3c9eab2e825b6e670dd529d1bb2212baf54437bd56915ecd6932b1745328a", + "9f0ab6f0b08a40138b4de3be8cd9c40333c4a5e30f476e632bfd715c20e7e1ba", + "031f4d2eb9e330adfbe2767c568c49a45f8feada9d466b2f09f5cfa6c321760a", + "846c29654222d6d540794abb5adff6da8aee5ecbc0f40ec9aec75610ff75f9d2", + "a098e6f2a14908c4220bcc59c872d331841b3d7beaaea945717439be15778a23", + "9366c5124ceb956ef97059b5b649707c0732a85e6912232294d5e3bcb078dd7f", + "5978e277d535ae6803d988ec03a5bb068a9930f4daf85ab966ac92278f59dabc", + "d63b9fcd6e2a3da9965cd991c2280c0297f0ddf9b38000eda95181e4f02736f7", + "6dde7661cbe3990f93ec05bfbd95f587bc857d576e79144f8c65cf9a36ae6c0c", + "15c213fa11b0440a690133df83c63e7f2729eb1b41e7143291f98a4b9d29f7a5", + "24770b17a0dff8ff2f9f2e593b7268a7626908c4753fa2dcae27535dc58442c3", + "f9db0f7f33191a91a6a4acc1593d696b62c2a6c927c1144937e58793e2249f78", + "43704d85c99c81841be1ecef92ad63d70050dda717ae6e176b62fa3133c52de2", + "28c8c6f3c9e638e2736c296b97a3597608ad1d8f17cde25e270b6233d76621a5", + "489a1579c940e2f4be4c7d47814e8dcc06e553e06418f826f47c973563ed42b8", + "95d71c0954cefa05cfcf7714d48c6a91208d9aa72bd232a393795ee5e0c970b3", + "9b363933d9304a7961a176a38585b509294769a7f8d2e49167e716582c6b0bf2", + "09bb829f1336b37f91bb6537a6ba0a2ac3b81919f99b49c7cea118c5cc1f6d55", + "7cca7d60a1503856ae962c4d98a8ad3d9fe22b3b0f1f09f2d2d66de27fc9d98e", + "03a38ff6103211309f144831629678a03a36d87c8fd071f6c314d22d37184867", + "fe6fad62d3e63eed458d33cfec58e20468d685bc21f69161f5f036bd5eb3c926", + "dfa766780679c50e15c2d0c1f64bccf78f1bedca63f0522804dab50cc5e173b1", + "e522387fcdded272d4382d03cccc979347e399abfef2319553022f5249ec7e9d" + ], + "mitre_attack_tags": [] + }, + { + "bi": "http-response-redirect", + "hashes": [ + "d5f3c9eab2e825b6e670dd529d1bb2212baf54437bd56915ecd6932b1745328a", + "9f0ab6f0b08a40138b4de3be8cd9c40333c4a5e30f476e632bfd715c20e7e1ba", + "031f4d2eb9e330adfbe2767c568c49a45f8feada9d466b2f09f5cfa6c321760a", + "846c29654222d6d540794abb5adff6da8aee5ecbc0f40ec9aec75610ff75f9d2", + "a098e6f2a14908c4220bcc59c872d331841b3d7beaaea945717439be15778a23", + "9366c5124ceb956ef97059b5b649707c0732a85e6912232294d5e3bcb078dd7f", + "5978e277d535ae6803d988ec03a5bb068a9930f4daf85ab966ac92278f59dabc", + "d63b9fcd6e2a3da9965cd991c2280c0297f0ddf9b38000eda95181e4f02736f7", + "6dde7661cbe3990f93ec05bfbd95f587bc857d576e79144f8c65cf9a36ae6c0c", + "15c213fa11b0440a690133df83c63e7f2729eb1b41e7143291f98a4b9d29f7a5", + "24770b17a0dff8ff2f9f2e593b7268a7626908c4753fa2dcae27535dc58442c3", + "f9db0f7f33191a91a6a4acc1593d696b62c2a6c927c1144937e58793e2249f78", + "43704d85c99c81841be1ecef92ad63d70050dda717ae6e176b62fa3133c52de2", + "28c8c6f3c9e638e2736c296b97a3597608ad1d8f17cde25e270b6233d76621a5", + "489a1579c940e2f4be4c7d47814e8dcc06e553e06418f826f47c973563ed42b8", + "95d71c0954cefa05cfcf7714d48c6a91208d9aa72bd232a393795ee5e0c970b3", + "9b363933d9304a7961a176a38585b509294769a7f8d2e49167e716582c6b0bf2", + "09bb829f1336b37f91bb6537a6ba0a2ac3b81919f99b49c7cea118c5cc1f6d55", + "7cca7d60a1503856ae962c4d98a8ad3d9fe22b3b0f1f09f2d2d66de27fc9d98e", + "03a38ff6103211309f144831629678a03a36d87c8fd071f6c314d22d37184867", + "fe6fad62d3e63eed458d33cfec58e20468d685bc21f69161f5f036bd5eb3c926", + "dfa766780679c50e15c2d0c1f64bccf78f1bedca63f0522804dab50cc5e173b1", + "e522387fcdded272d4382d03cccc979347e399abfef2319553022f5249ec7e9d" + ], + "mitre_attack_tags": [] + }, + { + "bi": "pe-tls-callback", + "hashes": [ + "d5f3c9eab2e825b6e670dd529d1bb2212baf54437bd56915ecd6932b1745328a", + "9f0ab6f0b08a40138b4de3be8cd9c40333c4a5e30f476e632bfd715c20e7e1ba", + "031f4d2eb9e330adfbe2767c568c49a45f8feada9d466b2f09f5cfa6c321760a", + "846c29654222d6d540794abb5adff6da8aee5ecbc0f40ec9aec75610ff75f9d2", + "a098e6f2a14908c4220bcc59c872d331841b3d7beaaea945717439be15778a23", + "9366c5124ceb956ef97059b5b649707c0732a85e6912232294d5e3bcb078dd7f", + "5978e277d535ae6803d988ec03a5bb068a9930f4daf85ab966ac92278f59dabc", + "d63b9fcd6e2a3da9965cd991c2280c0297f0ddf9b38000eda95181e4f02736f7", + "6dde7661cbe3990f93ec05bfbd95f587bc857d576e79144f8c65cf9a36ae6c0c", + "15c213fa11b0440a690133df83c63e7f2729eb1b41e7143291f98a4b9d29f7a5", + "24770b17a0dff8ff2f9f2e593b7268a7626908c4753fa2dcae27535dc58442c3", + "f9db0f7f33191a91a6a4acc1593d696b62c2a6c927c1144937e58793e2249f78", + "43704d85c99c81841be1ecef92ad63d70050dda717ae6e176b62fa3133c52de2", + "28c8c6f3c9e638e2736c296b97a3597608ad1d8f17cde25e270b6233d76621a5", + "489a1579c940e2f4be4c7d47814e8dcc06e553e06418f826f47c973563ed42b8", + "95d71c0954cefa05cfcf7714d48c6a91208d9aa72bd232a393795ee5e0c970b3", + "9b363933d9304a7961a176a38585b509294769a7f8d2e49167e716582c6b0bf2", + "09bb829f1336b37f91bb6537a6ba0a2ac3b81919f99b49c7cea118c5cc1f6d55", + "7cca7d60a1503856ae962c4d98a8ad3d9fe22b3b0f1f09f2d2d66de27fc9d98e", + "03a38ff6103211309f144831629678a03a36d87c8fd071f6c314d22d37184867", + "fe6fad62d3e63eed458d33cfec58e20468d685bc21f69161f5f036bd5eb3c926", + "dfa766780679c50e15c2d0c1f64bccf78f1bedca63f0522804dab50cc5e173b1", + "e522387fcdded272d4382d03cccc979347e399abfef2319553022f5249ec7e9d" + ], + "mitre_attack_tags": [ + "TA0005", + "T1027" + ] + }, + { + "bi": "sample-pe-modified-on-disk", + "hashes": [ + "d5f3c9eab2e825b6e670dd529d1bb2212baf54437bd56915ecd6932b1745328a", + "9f0ab6f0b08a40138b4de3be8cd9c40333c4a5e30f476e632bfd715c20e7e1ba", + "031f4d2eb9e330adfbe2767c568c49a45f8feada9d466b2f09f5cfa6c321760a", + "846c29654222d6d540794abb5adff6da8aee5ecbc0f40ec9aec75610ff75f9d2", + "a098e6f2a14908c4220bcc59c872d331841b3d7beaaea945717439be15778a23", + "9366c5124ceb956ef97059b5b649707c0732a85e6912232294d5e3bcb078dd7f", + "5978e277d535ae6803d988ec03a5bb068a9930f4daf85ab966ac92278f59dabc", + "d63b9fcd6e2a3da9965cd991c2280c0297f0ddf9b38000eda95181e4f02736f7", + "6dde7661cbe3990f93ec05bfbd95f587bc857d576e79144f8c65cf9a36ae6c0c", + "15c213fa11b0440a690133df83c63e7f2729eb1b41e7143291f98a4b9d29f7a5", + "24770b17a0dff8ff2f9f2e593b7268a7626908c4753fa2dcae27535dc58442c3", + "f9db0f7f33191a91a6a4acc1593d696b62c2a6c927c1144937e58793e2249f78", + "43704d85c99c81841be1ecef92ad63d70050dda717ae6e176b62fa3133c52de2", + "28c8c6f3c9e638e2736c296b97a3597608ad1d8f17cde25e270b6233d76621a5", + "489a1579c940e2f4be4c7d47814e8dcc06e553e06418f826f47c973563ed42b8", + "95d71c0954cefa05cfcf7714d48c6a91208d9aa72bd232a393795ee5e0c970b3", + "9b363933d9304a7961a176a38585b509294769a7f8d2e49167e716582c6b0bf2", + "09bb829f1336b37f91bb6537a6ba0a2ac3b81919f99b49c7cea118c5cc1f6d55", + "7cca7d60a1503856ae962c4d98a8ad3d9fe22b3b0f1f09f2d2d66de27fc9d98e", + "03a38ff6103211309f144831629678a03a36d87c8fd071f6c314d22d37184867", + "fe6fad62d3e63eed458d33cfec58e20468d685bc21f69161f5f036bd5eb3c926", + "dfa766780679c50e15c2d0c1f64bccf78f1bedca63f0522804dab50cc5e173b1", + "e522387fcdded272d4382d03cccc979347e399abfef2319553022f5249ec7e9d" + ], + "mitre_attack_tags": [ + "TA0005", + "T1202" + ] + }, + { + "bi": "malware-compound-cta-activity", + "hashes": [ + "d5f3c9eab2e825b6e670dd529d1bb2212baf54437bd56915ecd6932b1745328a", + "9f0ab6f0b08a40138b4de3be8cd9c40333c4a5e30f476e632bfd715c20e7e1ba", + "031f4d2eb9e330adfbe2767c568c49a45f8feada9d466b2f09f5cfa6c321760a", + "846c29654222d6d540794abb5adff6da8aee5ecbc0f40ec9aec75610ff75f9d2", + "a098e6f2a14908c4220bcc59c872d331841b3d7beaaea945717439be15778a23", + "9366c5124ceb956ef97059b5b649707c0732a85e6912232294d5e3bcb078dd7f", + "5978e277d535ae6803d988ec03a5bb068a9930f4daf85ab966ac92278f59dabc", + "d63b9fcd6e2a3da9965cd991c2280c0297f0ddf9b38000eda95181e4f02736f7", + "6dde7661cbe3990f93ec05bfbd95f587bc857d576e79144f8c65cf9a36ae6c0c", + "15c213fa11b0440a690133df83c63e7f2729eb1b41e7143291f98a4b9d29f7a5", + "24770b17a0dff8ff2f9f2e593b7268a7626908c4753fa2dcae27535dc58442c3", + "f9db0f7f33191a91a6a4acc1593d696b62c2a6c927c1144937e58793e2249f78", + "43704d85c99c81841be1ecef92ad63d70050dda717ae6e176b62fa3133c52de2", + "28c8c6f3c9e638e2736c296b97a3597608ad1d8f17cde25e270b6233d76621a5", + "489a1579c940e2f4be4c7d47814e8dcc06e553e06418f826f47c973563ed42b8", + "95d71c0954cefa05cfcf7714d48c6a91208d9aa72bd232a393795ee5e0c970b3", + "9b363933d9304a7961a176a38585b509294769a7f8d2e49167e716582c6b0bf2", + "09bb829f1336b37f91bb6537a6ba0a2ac3b81919f99b49c7cea118c5cc1f6d55", + "7cca7d60a1503856ae962c4d98a8ad3d9fe22b3b0f1f09f2d2d66de27fc9d98e", + "03a38ff6103211309f144831629678a03a36d87c8fd071f6c314d22d37184867", + "fe6fad62d3e63eed458d33cfec58e20468d685bc21f69161f5f036bd5eb3c926", + "dfa766780679c50e15c2d0c1f64bccf78f1bedca63f0522804dab50cc5e173b1", + "e522387fcdded272d4382d03cccc979347e399abfef2319553022f5249ec7e9d" + ], + "mitre_attack_tags": [] + }, + { + "bi": "task-manager-disabled", + "hashes": [ + "d5f3c9eab2e825b6e670dd529d1bb2212baf54437bd56915ecd6932b1745328a", + "9f0ab6f0b08a40138b4de3be8cd9c40333c4a5e30f476e632bfd715c20e7e1ba", + "031f4d2eb9e330adfbe2767c568c49a45f8feada9d466b2f09f5cfa6c321760a", + "846c29654222d6d540794abb5adff6da8aee5ecbc0f40ec9aec75610ff75f9d2", + "a098e6f2a14908c4220bcc59c872d331841b3d7beaaea945717439be15778a23", + "9366c5124ceb956ef97059b5b649707c0732a85e6912232294d5e3bcb078dd7f", + "5978e277d535ae6803d988ec03a5bb068a9930f4daf85ab966ac92278f59dabc", + "d63b9fcd6e2a3da9965cd991c2280c0297f0ddf9b38000eda95181e4f02736f7", + "6dde7661cbe3990f93ec05bfbd95f587bc857d576e79144f8c65cf9a36ae6c0c", + "15c213fa11b0440a690133df83c63e7f2729eb1b41e7143291f98a4b9d29f7a5", + "24770b17a0dff8ff2f9f2e593b7268a7626908c4753fa2dcae27535dc58442c3", + "f9db0f7f33191a91a6a4acc1593d696b62c2a6c927c1144937e58793e2249f78", + "43704d85c99c81841be1ecef92ad63d70050dda717ae6e176b62fa3133c52de2", + "28c8c6f3c9e638e2736c296b97a3597608ad1d8f17cde25e270b6233d76621a5", + "489a1579c940e2f4be4c7d47814e8dcc06e553e06418f826f47c973563ed42b8", + "95d71c0954cefa05cfcf7714d48c6a91208d9aa72bd232a393795ee5e0c970b3", + "9b363933d9304a7961a176a38585b509294769a7f8d2e49167e716582c6b0bf2", + "09bb829f1336b37f91bb6537a6ba0a2ac3b81919f99b49c7cea118c5cc1f6d55", + "7cca7d60a1503856ae962c4d98a8ad3d9fe22b3b0f1f09f2d2d66de27fc9d98e", + "03a38ff6103211309f144831629678a03a36d87c8fd071f6c314d22d37184867", + "fe6fad62d3e63eed458d33cfec58e20468d685bc21f69161f5f036bd5eb3c926", + "dfa766780679c50e15c2d0c1f64bccf78f1bedca63f0522804dab50cc5e173b1", + "e522387fcdded272d4382d03cccc979347e399abfef2319553022f5249ec7e9d" + ], + "mitre_attack_tags": [ + "TA0005", + "T1499" + ] + }, + { + "bi": "pe-header-timestamp-prior", + "hashes": [ + "d5f3c9eab2e825b6e670dd529d1bb2212baf54437bd56915ecd6932b1745328a", + "9f0ab6f0b08a40138b4de3be8cd9c40333c4a5e30f476e632bfd715c20e7e1ba", + "031f4d2eb9e330adfbe2767c568c49a45f8feada9d466b2f09f5cfa6c321760a", + "846c29654222d6d540794abb5adff6da8aee5ecbc0f40ec9aec75610ff75f9d2", + "a098e6f2a14908c4220bcc59c872d331841b3d7beaaea945717439be15778a23", + "9366c5124ceb956ef97059b5b649707c0732a85e6912232294d5e3bcb078dd7f", + "5978e277d535ae6803d988ec03a5bb068a9930f4daf85ab966ac92278f59dabc", + "d63b9fcd6e2a3da9965cd991c2280c0297f0ddf9b38000eda95181e4f02736f7", + "6dde7661cbe3990f93ec05bfbd95f587bc857d576e79144f8c65cf9a36ae6c0c", + "15c213fa11b0440a690133df83c63e7f2729eb1b41e7143291f98a4b9d29f7a5", + "24770b17a0dff8ff2f9f2e593b7268a7626908c4753fa2dcae27535dc58442c3", + "f9db0f7f33191a91a6a4acc1593d696b62c2a6c927c1144937e58793e2249f78", + "43704d85c99c81841be1ecef92ad63d70050dda717ae6e176b62fa3133c52de2", + "28c8c6f3c9e638e2736c296b97a3597608ad1d8f17cde25e270b6233d76621a5", + "489a1579c940e2f4be4c7d47814e8dcc06e553e06418f826f47c973563ed42b8", + "95d71c0954cefa05cfcf7714d48c6a91208d9aa72bd232a393795ee5e0c970b3", + "9b363933d9304a7961a176a38585b509294769a7f8d2e49167e716582c6b0bf2", + "09bb829f1336b37f91bb6537a6ba0a2ac3b81919f99b49c7cea118c5cc1f6d55", + "7cca7d60a1503856ae962c4d98a8ad3d9fe22b3b0f1f09f2d2d66de27fc9d98e", + "03a38ff6103211309f144831629678a03a36d87c8fd071f6c314d22d37184867", + "fe6fad62d3e63eed458d33cfec58e20468d685bc21f69161f5f036bd5eb3c926", + "dfa766780679c50e15c2d0c1f64bccf78f1bedca63f0522804dab50cc5e173b1", + "e522387fcdded272d4382d03cccc979347e399abfef2319553022f5249ec7e9d" + ], + "mitre_attack_tags": [] + }, + { + "bi": "windows-os-reboot-detected", + "hashes": [ + "d5f3c9eab2e825b6e670dd529d1bb2212baf54437bd56915ecd6932b1745328a", + "9f0ab6f0b08a40138b4de3be8cd9c40333c4a5e30f476e632bfd715c20e7e1ba", + "031f4d2eb9e330adfbe2767c568c49a45f8feada9d466b2f09f5cfa6c321760a", + "846c29654222d6d540794abb5adff6da8aee5ecbc0f40ec9aec75610ff75f9d2", + "a098e6f2a14908c4220bcc59c872d331841b3d7beaaea945717439be15778a23", + "9366c5124ceb956ef97059b5b649707c0732a85e6912232294d5e3bcb078dd7f", + "5978e277d535ae6803d988ec03a5bb068a9930f4daf85ab966ac92278f59dabc", + "d63b9fcd6e2a3da9965cd991c2280c0297f0ddf9b38000eda95181e4f02736f7", + "6dde7661cbe3990f93ec05bfbd95f587bc857d576e79144f8c65cf9a36ae6c0c", + "15c213fa11b0440a690133df83c63e7f2729eb1b41e7143291f98a4b9d29f7a5", + "24770b17a0dff8ff2f9f2e593b7268a7626908c4753fa2dcae27535dc58442c3", + "f9db0f7f33191a91a6a4acc1593d696b62c2a6c927c1144937e58793e2249f78", + "43704d85c99c81841be1ecef92ad63d70050dda717ae6e176b62fa3133c52de2", + "28c8c6f3c9e638e2736c296b97a3597608ad1d8f17cde25e270b6233d76621a5", + "489a1579c940e2f4be4c7d47814e8dcc06e553e06418f826f47c973563ed42b8", + "95d71c0954cefa05cfcf7714d48c6a91208d9aa72bd232a393795ee5e0c970b3", + "9b363933d9304a7961a176a38585b509294769a7f8d2e49167e716582c6b0bf2", + "09bb829f1336b37f91bb6537a6ba0a2ac3b81919f99b49c7cea118c5cc1f6d55", + "7cca7d60a1503856ae962c4d98a8ad3d9fe22b3b0f1f09f2d2d66de27fc9d98e", + "03a38ff6103211309f144831629678a03a36d87c8fd071f6c314d22d37184867", + "fe6fad62d3e63eed458d33cfec58e20468d685bc21f69161f5f036bd5eb3c926", + "dfa766780679c50e15c2d0c1f64bccf78f1bedca63f0522804dab50cc5e173b1", + "e522387fcdded272d4382d03cccc979347e399abfef2319553022f5249ec7e9d" + ], + "mitre_attack_tags": [ + "TA0005" + ] + }, + { + "bi": "pe-header-timestamp-null", + "hashes": [ + "d5f3c9eab2e825b6e670dd529d1bb2212baf54437bd56915ecd6932b1745328a", + "9f0ab6f0b08a40138b4de3be8cd9c40333c4a5e30f476e632bfd715c20e7e1ba", + "031f4d2eb9e330adfbe2767c568c49a45f8feada9d466b2f09f5cfa6c321760a", + "846c29654222d6d540794abb5adff6da8aee5ecbc0f40ec9aec75610ff75f9d2", + "a098e6f2a14908c4220bcc59c872d331841b3d7beaaea945717439be15778a23", + "9366c5124ceb956ef97059b5b649707c0732a85e6912232294d5e3bcb078dd7f", + "5978e277d535ae6803d988ec03a5bb068a9930f4daf85ab966ac92278f59dabc", + "d63b9fcd6e2a3da9965cd991c2280c0297f0ddf9b38000eda95181e4f02736f7", + "6dde7661cbe3990f93ec05bfbd95f587bc857d576e79144f8c65cf9a36ae6c0c", + "15c213fa11b0440a690133df83c63e7f2729eb1b41e7143291f98a4b9d29f7a5", + "24770b17a0dff8ff2f9f2e593b7268a7626908c4753fa2dcae27535dc58442c3", + "f9db0f7f33191a91a6a4acc1593d696b62c2a6c927c1144937e58793e2249f78", + "43704d85c99c81841be1ecef92ad63d70050dda717ae6e176b62fa3133c52de2", + "28c8c6f3c9e638e2736c296b97a3597608ad1d8f17cde25e270b6233d76621a5", + "489a1579c940e2f4be4c7d47814e8dcc06e553e06418f826f47c973563ed42b8", + "95d71c0954cefa05cfcf7714d48c6a91208d9aa72bd232a393795ee5e0c970b3", + "9b363933d9304a7961a176a38585b509294769a7f8d2e49167e716582c6b0bf2", + "09bb829f1336b37f91bb6537a6ba0a2ac3b81919f99b49c7cea118c5cc1f6d55", + "7cca7d60a1503856ae962c4d98a8ad3d9fe22b3b0f1f09f2d2d66de27fc9d98e", + "03a38ff6103211309f144831629678a03a36d87c8fd071f6c314d22d37184867", + "fe6fad62d3e63eed458d33cfec58e20468d685bc21f69161f5f036bd5eb3c926", + "dfa766780679c50e15c2d0c1f64bccf78f1bedca63f0522804dab50cc5e173b1", + "e522387fcdded272d4382d03cccc979347e399abfef2319553022f5249ec7e9d" + ], + "mitre_attack_tags": [] + }, + { + "bi": "sample-modified-deleted", + "hashes": [ + "d5f3c9eab2e825b6e670dd529d1bb2212baf54437bd56915ecd6932b1745328a", + "9f0ab6f0b08a40138b4de3be8cd9c40333c4a5e30f476e632bfd715c20e7e1ba", + "031f4d2eb9e330adfbe2767c568c49a45f8feada9d466b2f09f5cfa6c321760a", + "846c29654222d6d540794abb5adff6da8aee5ecbc0f40ec9aec75610ff75f9d2", + "a098e6f2a14908c4220bcc59c872d331841b3d7beaaea945717439be15778a23", + "9366c5124ceb956ef97059b5b649707c0732a85e6912232294d5e3bcb078dd7f", + "5978e277d535ae6803d988ec03a5bb068a9930f4daf85ab966ac92278f59dabc", + "d63b9fcd6e2a3da9965cd991c2280c0297f0ddf9b38000eda95181e4f02736f7", + "6dde7661cbe3990f93ec05bfbd95f587bc857d576e79144f8c65cf9a36ae6c0c", + "15c213fa11b0440a690133df83c63e7f2729eb1b41e7143291f98a4b9d29f7a5", + "24770b17a0dff8ff2f9f2e593b7268a7626908c4753fa2dcae27535dc58442c3", + "f9db0f7f33191a91a6a4acc1593d696b62c2a6c927c1144937e58793e2249f78", + "43704d85c99c81841be1ecef92ad63d70050dda717ae6e176b62fa3133c52de2", + "28c8c6f3c9e638e2736c296b97a3597608ad1d8f17cde25e270b6233d76621a5", + "489a1579c940e2f4be4c7d47814e8dcc06e553e06418f826f47c973563ed42b8", + "95d71c0954cefa05cfcf7714d48c6a91208d9aa72bd232a393795ee5e0c970b3", + "9b363933d9304a7961a176a38585b509294769a7f8d2e49167e716582c6b0bf2", + "09bb829f1336b37f91bb6537a6ba0a2ac3b81919f99b49c7cea118c5cc1f6d55", + "7cca7d60a1503856ae962c4d98a8ad3d9fe22b3b0f1f09f2d2d66de27fc9d98e", + "03a38ff6103211309f144831629678a03a36d87c8fd071f6c314d22d37184867", + "fe6fad62d3e63eed458d33cfec58e20468d685bc21f69161f5f036bd5eb3c926", + "dfa766780679c50e15c2d0c1f64bccf78f1bedca63f0522804dab50cc5e173b1", + "e522387fcdded272d4382d03cccc979347e399abfef2319553022f5249ec7e9d" + ], + "mitre_attack_tags": [ + "TA0005", + "T1107" + ] + }, + { + "bi": "malware-dridex-detected", + "hashes": [ + "d5f3c9eab2e825b6e670dd529d1bb2212baf54437bd56915ecd6932b1745328a", + "9f0ab6f0b08a40138b4de3be8cd9c40333c4a5e30f476e632bfd715c20e7e1ba", + "031f4d2eb9e330adfbe2767c568c49a45f8feada9d466b2f09f5cfa6c321760a", + "846c29654222d6d540794abb5adff6da8aee5ecbc0f40ec9aec75610ff75f9d2", + "a098e6f2a14908c4220bcc59c872d331841b3d7beaaea945717439be15778a23", + "9366c5124ceb956ef97059b5b649707c0732a85e6912232294d5e3bcb078dd7f", + "5978e277d535ae6803d988ec03a5bb068a9930f4daf85ab966ac92278f59dabc", + "d63b9fcd6e2a3da9965cd991c2280c0297f0ddf9b38000eda95181e4f02736f7", + "6dde7661cbe3990f93ec05bfbd95f587bc857d576e79144f8c65cf9a36ae6c0c", + "15c213fa11b0440a690133df83c63e7f2729eb1b41e7143291f98a4b9d29f7a5", + "24770b17a0dff8ff2f9f2e593b7268a7626908c4753fa2dcae27535dc58442c3", + "f9db0f7f33191a91a6a4acc1593d696b62c2a6c927c1144937e58793e2249f78", + "43704d85c99c81841be1ecef92ad63d70050dda717ae6e176b62fa3133c52de2", + "28c8c6f3c9e638e2736c296b97a3597608ad1d8f17cde25e270b6233d76621a5", + "489a1579c940e2f4be4c7d47814e8dcc06e553e06418f826f47c973563ed42b8", + "95d71c0954cefa05cfcf7714d48c6a91208d9aa72bd232a393795ee5e0c970b3", + "9b363933d9304a7961a176a38585b509294769a7f8d2e49167e716582c6b0bf2", + "09bb829f1336b37f91bb6537a6ba0a2ac3b81919f99b49c7cea118c5cc1f6d55", + "7cca7d60a1503856ae962c4d98a8ad3d9fe22b3b0f1f09f2d2d66de27fc9d98e", + "03a38ff6103211309f144831629678a03a36d87c8fd071f6c314d22d37184867", + "fe6fad62d3e63eed458d33cfec58e20468d685bc21f69161f5f036bd5eb3c926", + "dfa766780679c50e15c2d0c1f64bccf78f1bedca63f0522804dab50cc5e173b1", + "e522387fcdded272d4382d03cccc979347e399abfef2319553022f5249ec7e9d" + ], + "mitre_attack_tags": [] + }, + { + "bi": "url-pastebin-service", + "hashes": [ + "d5f3c9eab2e825b6e670dd529d1bb2212baf54437bd56915ecd6932b1745328a", + "9f0ab6f0b08a40138b4de3be8cd9c40333c4a5e30f476e632bfd715c20e7e1ba", + "031f4d2eb9e330adfbe2767c568c49a45f8feada9d466b2f09f5cfa6c321760a", + "846c29654222d6d540794abb5adff6da8aee5ecbc0f40ec9aec75610ff75f9d2", + "a098e6f2a14908c4220bcc59c872d331841b3d7beaaea945717439be15778a23", + "9366c5124ceb956ef97059b5b649707c0732a85e6912232294d5e3bcb078dd7f", + "5978e277d535ae6803d988ec03a5bb068a9930f4daf85ab966ac92278f59dabc", + "d63b9fcd6e2a3da9965cd991c2280c0297f0ddf9b38000eda95181e4f02736f7", + "6dde7661cbe3990f93ec05bfbd95f587bc857d576e79144f8c65cf9a36ae6c0c", + "15c213fa11b0440a690133df83c63e7f2729eb1b41e7143291f98a4b9d29f7a5", + "24770b17a0dff8ff2f9f2e593b7268a7626908c4753fa2dcae27535dc58442c3", + "f9db0f7f33191a91a6a4acc1593d696b62c2a6c927c1144937e58793e2249f78", + "43704d85c99c81841be1ecef92ad63d70050dda717ae6e176b62fa3133c52de2", + "28c8c6f3c9e638e2736c296b97a3597608ad1d8f17cde25e270b6233d76621a5", + "489a1579c940e2f4be4c7d47814e8dcc06e553e06418f826f47c973563ed42b8", + "95d71c0954cefa05cfcf7714d48c6a91208d9aa72bd232a393795ee5e0c970b3", + "9b363933d9304a7961a176a38585b509294769a7f8d2e49167e716582c6b0bf2", + "09bb829f1336b37f91bb6537a6ba0a2ac3b81919f99b49c7cea118c5cc1f6d55", + "7cca7d60a1503856ae962c4d98a8ad3d9fe22b3b0f1f09f2d2d66de27fc9d98e", + "03a38ff6103211309f144831629678a03a36d87c8fd071f6c314d22d37184867", + "fe6fad62d3e63eed458d33cfec58e20468d685bc21f69161f5f036bd5eb3c926", + "dfa766780679c50e15c2d0c1f64bccf78f1bedca63f0522804dab50cc5e173b1", + "e522387fcdded272d4382d03cccc979347e399abfef2319553022f5249ec7e9d" + ], + "mitre_attack_tags": [ + "TA0011", + "T1102" + ] + }, + { + "bi": "artifact-windows-task", + "hashes": [ + "d5f3c9eab2e825b6e670dd529d1bb2212baf54437bd56915ecd6932b1745328a", + "9f0ab6f0b08a40138b4de3be8cd9c40333c4a5e30f476e632bfd715c20e7e1ba", + "031f4d2eb9e330adfbe2767c568c49a45f8feada9d466b2f09f5cfa6c321760a", + "846c29654222d6d540794abb5adff6da8aee5ecbc0f40ec9aec75610ff75f9d2", + "a098e6f2a14908c4220bcc59c872d331841b3d7beaaea945717439be15778a23", + "9366c5124ceb956ef97059b5b649707c0732a85e6912232294d5e3bcb078dd7f", + "5978e277d535ae6803d988ec03a5bb068a9930f4daf85ab966ac92278f59dabc", + "d63b9fcd6e2a3da9965cd991c2280c0297f0ddf9b38000eda95181e4f02736f7", + "6dde7661cbe3990f93ec05bfbd95f587bc857d576e79144f8c65cf9a36ae6c0c", + "15c213fa11b0440a690133df83c63e7f2729eb1b41e7143291f98a4b9d29f7a5", + "24770b17a0dff8ff2f9f2e593b7268a7626908c4753fa2dcae27535dc58442c3", + "f9db0f7f33191a91a6a4acc1593d696b62c2a6c927c1144937e58793e2249f78", + "43704d85c99c81841be1ecef92ad63d70050dda717ae6e176b62fa3133c52de2", + "28c8c6f3c9e638e2736c296b97a3597608ad1d8f17cde25e270b6233d76621a5", + "489a1579c940e2f4be4c7d47814e8dcc06e553e06418f826f47c973563ed42b8", + "95d71c0954cefa05cfcf7714d48c6a91208d9aa72bd232a393795ee5e0c970b3", + "9b363933d9304a7961a176a38585b509294769a7f8d2e49167e716582c6b0bf2", + "09bb829f1336b37f91bb6537a6ba0a2ac3b81919f99b49c7cea118c5cc1f6d55", + "7cca7d60a1503856ae962c4d98a8ad3d9fe22b3b0f1f09f2d2d66de27fc9d98e", + "fe6fad62d3e63eed458d33cfec58e20468d685bc21f69161f5f036bd5eb3c926", + "dfa766780679c50e15c2d0c1f64bccf78f1bedca63f0522804dab50cc5e173b1", + "e522387fcdded272d4382d03cccc979347e399abfef2319553022f5249ec7e9d" + ], + "mitre_attack_tags": [ + "TA0002", + "TA0003", + "T1053" + ] + }, + { + "bi": "hook-installed", + "hashes": [ + "d5f3c9eab2e825b6e670dd529d1bb2212baf54437bd56915ecd6932b1745328a", + "9f0ab6f0b08a40138b4de3be8cd9c40333c4a5e30f476e632bfd715c20e7e1ba", + "031f4d2eb9e330adfbe2767c568c49a45f8feada9d466b2f09f5cfa6c321760a", + "846c29654222d6d540794abb5adff6da8aee5ecbc0f40ec9aec75610ff75f9d2", + "a098e6f2a14908c4220bcc59c872d331841b3d7beaaea945717439be15778a23", + "9366c5124ceb956ef97059b5b649707c0732a85e6912232294d5e3bcb078dd7f", + "5978e277d535ae6803d988ec03a5bb068a9930f4daf85ab966ac92278f59dabc", + "d63b9fcd6e2a3da9965cd991c2280c0297f0ddf9b38000eda95181e4f02736f7", + "15c213fa11b0440a690133df83c63e7f2729eb1b41e7143291f98a4b9d29f7a5", + "24770b17a0dff8ff2f9f2e593b7268a7626908c4753fa2dcae27535dc58442c3", + "f9db0f7f33191a91a6a4acc1593d696b62c2a6c927c1144937e58793e2249f78", + "43704d85c99c81841be1ecef92ad63d70050dda717ae6e176b62fa3133c52de2", + "28c8c6f3c9e638e2736c296b97a3597608ad1d8f17cde25e270b6233d76621a5", + "489a1579c940e2f4be4c7d47814e8dcc06e553e06418f826f47c973563ed42b8", + "95d71c0954cefa05cfcf7714d48c6a91208d9aa72bd232a393795ee5e0c970b3", + "9b363933d9304a7961a176a38585b509294769a7f8d2e49167e716582c6b0bf2", + "09bb829f1336b37f91bb6537a6ba0a2ac3b81919f99b49c7cea118c5cc1f6d55", + "7cca7d60a1503856ae962c4d98a8ad3d9fe22b3b0f1f09f2d2d66de27fc9d98e", + "03a38ff6103211309f144831629678a03a36d87c8fd071f6c314d22d37184867", + "fe6fad62d3e63eed458d33cfec58e20468d685bc21f69161f5f036bd5eb3c926", + "dfa766780679c50e15c2d0c1f64bccf78f1bedca63f0522804dab50cc5e173b1" + ], + "mitre_attack_tags": [ + "TA0006", + "TA0003", + "TA0004", + "T1056", + "T1179" + ] + }, + { + "bi": "imports-IsDebuggerPresent", + "hashes": [ + "d5f3c9eab2e825b6e670dd529d1bb2212baf54437bd56915ecd6932b1745328a", + "9f0ab6f0b08a40138b4de3be8cd9c40333c4a5e30f476e632bfd715c20e7e1ba", + "031f4d2eb9e330adfbe2767c568c49a45f8feada9d466b2f09f5cfa6c321760a", + "846c29654222d6d540794abb5adff6da8aee5ecbc0f40ec9aec75610ff75f9d2", + "a098e6f2a14908c4220bcc59c872d331841b3d7beaaea945717439be15778a23", + "9366c5124ceb956ef97059b5b649707c0732a85e6912232294d5e3bcb078dd7f", + "5978e277d535ae6803d988ec03a5bb068a9930f4daf85ab966ac92278f59dabc", + "d63b9fcd6e2a3da9965cd991c2280c0297f0ddf9b38000eda95181e4f02736f7", + "15c213fa11b0440a690133df83c63e7f2729eb1b41e7143291f98a4b9d29f7a5", + "24770b17a0dff8ff2f9f2e593b7268a7626908c4753fa2dcae27535dc58442c3", + "f9db0f7f33191a91a6a4acc1593d696b62c2a6c927c1144937e58793e2249f78", + "43704d85c99c81841be1ecef92ad63d70050dda717ae6e176b62fa3133c52de2", + "28c8c6f3c9e638e2736c296b97a3597608ad1d8f17cde25e270b6233d76621a5", + "489a1579c940e2f4be4c7d47814e8dcc06e553e06418f826f47c973563ed42b8", + "95d71c0954cefa05cfcf7714d48c6a91208d9aa72bd232a393795ee5e0c970b3", + "9b363933d9304a7961a176a38585b509294769a7f8d2e49167e716582c6b0bf2", + "09bb829f1336b37f91bb6537a6ba0a2ac3b81919f99b49c7cea118c5cc1f6d55", + "7cca7d60a1503856ae962c4d98a8ad3d9fe22b3b0f1f09f2d2d66de27fc9d98e", + "fe6fad62d3e63eed458d33cfec58e20468d685bc21f69161f5f036bd5eb3c926", + "dfa766780679c50e15c2d0c1f64bccf78f1bedca63f0522804dab50cc5e173b1" + ], + "mitre_attack_tags": [] + }, + { + "bi": "possible-dga-communication", + "hashes": [ + "9f0ab6f0b08a40138b4de3be8cd9c40333c4a5e30f476e632bfd715c20e7e1ba", + "031f4d2eb9e330adfbe2767c568c49a45f8feada9d466b2f09f5cfa6c321760a", + "846c29654222d6d540794abb5adff6da8aee5ecbc0f40ec9aec75610ff75f9d2", + "9366c5124ceb956ef97059b5b649707c0732a85e6912232294d5e3bcb078dd7f", + "d63b9fcd6e2a3da9965cd991c2280c0297f0ddf9b38000eda95181e4f02736f7", + "6dde7661cbe3990f93ec05bfbd95f587bc857d576e79144f8c65cf9a36ae6c0c", + "15c213fa11b0440a690133df83c63e7f2729eb1b41e7143291f98a4b9d29f7a5", + "24770b17a0dff8ff2f9f2e593b7268a7626908c4753fa2dcae27535dc58442c3", + "f9db0f7f33191a91a6a4acc1593d696b62c2a6c927c1144937e58793e2249f78", + "28c8c6f3c9e638e2736c296b97a3597608ad1d8f17cde25e270b6233d76621a5", + "95d71c0954cefa05cfcf7714d48c6a91208d9aa72bd232a393795ee5e0c970b3", + "9b363933d9304a7961a176a38585b509294769a7f8d2e49167e716582c6b0bf2", + "09bb829f1336b37f91bb6537a6ba0a2ac3b81919f99b49c7cea118c5cc1f6d55", + "7cca7d60a1503856ae962c4d98a8ad3d9fe22b3b0f1f09f2d2d66de27fc9d98e", + "03a38ff6103211309f144831629678a03a36d87c8fd071f6c314d22d37184867", + "fe6fad62d3e63eed458d33cfec58e20468d685bc21f69161f5f036bd5eb3c926", + "dfa766780679c50e15c2d0c1f64bccf78f1bedca63f0522804dab50cc5e173b1", + "e522387fcdded272d4382d03cccc979347e399abfef2319553022f5249ec7e9d" + ], + "mitre_attack_tags": [ + "TA0011", + "TA0005", + "T1483" + ] + }, + { + "bi": "dns-excessive-domain-queries", + "hashes": [ + "d63b9fcd6e2a3da9965cd991c2280c0297f0ddf9b38000eda95181e4f02736f7", + "f9db0f7f33191a91a6a4acc1593d696b62c2a6c927c1144937e58793e2249f78", + "fe6fad62d3e63eed458d33cfec58e20468d685bc21f69161f5f036bd5eb3c926", + "dfa766780679c50e15c2d0c1f64bccf78f1bedca63f0522804dab50cc5e173b1" + ], + "mitre_attack_tags": [ + "TA0011", + "T1008" + ] + }, + { + "bi": "excessive-dns-query-nxdomain", + "hashes": [ + "d63b9fcd6e2a3da9965cd991c2280c0297f0ddf9b38000eda95181e4f02736f7", + "f9db0f7f33191a91a6a4acc1593d696b62c2a6c927c1144937e58793e2249f78", + "fe6fad62d3e63eed458d33cfec58e20468d685bc21f69161f5f036bd5eb3c926", + "dfa766780679c50e15c2d0c1f64bccf78f1bedca63f0522804dab50cc5e173b1" + ], + "mitre_attack_tags": [ + "TA0011", + "T1008" + ] + } + ], + "category": "Packed", + "coverage": { + "AMP": true, + "CWS": true, + "Cloudlock": false, + "Email Security": true, + "Network Security": false, + "Threat Grid": true, + "Umbrella": false, + "WSA": false + }, + "description": "Dridex is a well-known banking trojan that aims to steal credentials and other sensitive information from an infected machine.", + "hashes": [ + "031f4d2eb9e330adfbe2767c568c49a45f8feada9d466b2f09f5cfa6c321760a", + "03a38ff6103211309f144831629678a03a36d87c8fd071f6c314d22d37184867", + "09bb829f1336b37f91bb6537a6ba0a2ac3b81919f99b49c7cea118c5cc1f6d55", + "15c213fa11b0440a690133df83c63e7f2729eb1b41e7143291f98a4b9d29f7a5", + "24770b17a0dff8ff2f9f2e593b7268a7626908c4753fa2dcae27535dc58442c3", + "28c8c6f3c9e638e2736c296b97a3597608ad1d8f17cde25e270b6233d76621a5", + "43704d85c99c81841be1ecef92ad63d70050dda717ae6e176b62fa3133c52de2", + "489a1579c940e2f4be4c7d47814e8dcc06e553e06418f826f47c973563ed42b8", + "5978e277d535ae6803d988ec03a5bb068a9930f4daf85ab966ac92278f59dabc", + "6dde7661cbe3990f93ec05bfbd95f587bc857d576e79144f8c65cf9a36ae6c0c", + "7cca7d60a1503856ae962c4d98a8ad3d9fe22b3b0f1f09f2d2d66de27fc9d98e", + "846c29654222d6d540794abb5adff6da8aee5ecbc0f40ec9aec75610ff75f9d2", + "9366c5124ceb956ef97059b5b649707c0732a85e6912232294d5e3bcb078dd7f", + "95d71c0954cefa05cfcf7714d48c6a91208d9aa72bd232a393795ee5e0c970b3", + "9b363933d9304a7961a176a38585b509294769a7f8d2e49167e716582c6b0bf2", + "9f0ab6f0b08a40138b4de3be8cd9c40333c4a5e30f476e632bfd715c20e7e1ba", + "a098e6f2a14908c4220bcc59c872d331841b3d7beaaea945717439be15778a23", + "d5f3c9eab2e825b6e670dd529d1bb2212baf54437bd56915ecd6932b1745328a", + "d63b9fcd6e2a3da9965cd991c2280c0297f0ddf9b38000eda95181e4f02736f7", + "dfa766780679c50e15c2d0c1f64bccf78f1bedca63f0522804dab50cc5e173b1", + "e522387fcdded272d4382d03cccc979347e399abfef2319553022f5249ec7e9d", + "f9db0f7f33191a91a6a4acc1593d696b62c2a6c927c1144937e58793e2249f78", + "fe6fad62d3e63eed458d33cfec58e20468d685bc21f69161f5f036bd5eb3c926" + ], + "iocs": { + "domain": [ + { + "hashes": [ + "031f4d2eb9e330adfbe2767c568c49a45f8feada9d466b2f09f5cfa6c321760a", + "03a38ff6103211309f144831629678a03a36d87c8fd071f6c314d22d37184867", + "09bb829f1336b37f91bb6537a6ba0a2ac3b81919f99b49c7cea118c5cc1f6d55", + "15c213fa11b0440a690133df83c63e7f2729eb1b41e7143291f98a4b9d29f7a5", + "24770b17a0dff8ff2f9f2e593b7268a7626908c4753fa2dcae27535dc58442c3", + "28c8c6f3c9e638e2736c296b97a3597608ad1d8f17cde25e270b6233d76621a5", + "43704d85c99c81841be1ecef92ad63d70050dda717ae6e176b62fa3133c52de2", + "489a1579c940e2f4be4c7d47814e8dcc06e553e06418f826f47c973563ed42b8", + "5978e277d535ae6803d988ec03a5bb068a9930f4daf85ab966ac92278f59dabc", + "6dde7661cbe3990f93ec05bfbd95f587bc857d576e79144f8c65cf9a36ae6c0c", + "7cca7d60a1503856ae962c4d98a8ad3d9fe22b3b0f1f09f2d2d66de27fc9d98e", + "846c29654222d6d540794abb5adff6da8aee5ecbc0f40ec9aec75610ff75f9d2", + "9366c5124ceb956ef97059b5b649707c0732a85e6912232294d5e3bcb078dd7f", + "95d71c0954cefa05cfcf7714d48c6a91208d9aa72bd232a393795ee5e0c970b3", + "9b363933d9304a7961a176a38585b509294769a7f8d2e49167e716582c6b0bf2", + "9f0ab6f0b08a40138b4de3be8cd9c40333c4a5e30f476e632bfd715c20e7e1ba", + "a098e6f2a14908c4220bcc59c872d331841b3d7beaaea945717439be15778a23", + "d5f3c9eab2e825b6e670dd529d1bb2212baf54437bd56915ecd6932b1745328a", + "d63b9fcd6e2a3da9965cd991c2280c0297f0ddf9b38000eda95181e4f02736f7", + "dfa766780679c50e15c2d0c1f64bccf78f1bedca63f0522804dab50cc5e173b1", + "e522387fcdded272d4382d03cccc979347e399abfef2319553022f5249ec7e9d", + "f9db0f7f33191a91a6a4acc1593d696b62c2a6c927c1144937e58793e2249f78", + "fe6fad62d3e63eed458d33cfec58e20468d685bc21f69161f5f036bd5eb3c926" + ], + "host": "pastebin[.]com" + }, + { + "hashes": [ + "d63b9fcd6e2a3da9965cd991c2280c0297f0ddf9b38000eda95181e4f02736f7" + ], + "host": "www[.]llikaolgdj[.]com" + }, + { + "hashes": [ + "dfa766780679c50e15c2d0c1f64bccf78f1bedca63f0522804dab50cc5e173b1" + ], + "host": "www[.]zvslmngih2[.]com" + }, + { + "hashes": [ + "9f0ab6f0b08a40138b4de3be8cd9c40333c4a5e30f476e632bfd715c20e7e1ba" + ], + "host": "www[.]lckz9upvmu[.]com" + }, + { + "hashes": [ + "d63b9fcd6e2a3da9965cd991c2280c0297f0ddf9b38000eda95181e4f02736f7" + ], + "host": "www[.]0vl0yw9q6t[.]com" + }, + { + "hashes": [ + "9f0ab6f0b08a40138b4de3be8cd9c40333c4a5e30f476e632bfd715c20e7e1ba" + ], + "host": "www[.]6ibvmt1xkl[.]com" + }, + { + "hashes": [ + "e522387fcdded272d4382d03cccc979347e399abfef2319553022f5249ec7e9d" + ], + "host": "www[.]rbmh1eqrb4[.]com" + }, + { + "hashes": [ + "d63b9fcd6e2a3da9965cd991c2280c0297f0ddf9b38000eda95181e4f02736f7" + ], + "host": "www[.]2qwndfmzqo[.]com" + }, + { + "hashes": [ + "f9db0f7f33191a91a6a4acc1593d696b62c2a6c927c1144937e58793e2249f78" + ], + "host": "www[.]puipgy6zfi[.]com" + }, + { + "hashes": [ + "dfa766780679c50e15c2d0c1f64bccf78f1bedca63f0522804dab50cc5e173b1" + ], + "host": "www[.]cinj4ytc6j[.]com" + }, + { + "hashes": [ + "fe6fad62d3e63eed458d33cfec58e20468d685bc21f69161f5f036bd5eb3c926" + ], + "host": "www[.]lkzcbgbctx[.]com" + }, + { + "hashes": [ + "9f0ab6f0b08a40138b4de3be8cd9c40333c4a5e30f476e632bfd715c20e7e1ba" + ], + "host": "www[.]cv9a9ljdwv[.]com" + }, + { + "hashes": [ + "e522387fcdded272d4382d03cccc979347e399abfef2319553022f5249ec7e9d" + ], + "host": "www[.]sbduzmckjw[.]com" + }, + { + "hashes": [ + "f9db0f7f33191a91a6a4acc1593d696b62c2a6c927c1144937e58793e2249f78" + ], + "host": "www[.]k6ae4xlzib[.]com" + }, + { + "hashes": [ + "dfa766780679c50e15c2d0c1f64bccf78f1bedca63f0522804dab50cc5e173b1" + ], + "host": "www[.]0arvkcizhw[.]com" + }, + { + "hashes": [ + "fe6fad62d3e63eed458d33cfec58e20468d685bc21f69161f5f036bd5eb3c926" + ], + "host": "www[.]opxgrcvh9o[.]com" + }, + { + "hashes": [ + "e522387fcdded272d4382d03cccc979347e399abfef2319553022f5249ec7e9d" + ], + "host": "www[.]rkakmp5gxz[.]com" + }, + { + "hashes": [ + "f9db0f7f33191a91a6a4acc1593d696b62c2a6c927c1144937e58793e2249f78" + ], + "host": "www[.]cbobvzqelf[.]com" + }, + { + "hashes": [ + "fe6fad62d3e63eed458d33cfec58e20468d685bc21f69161f5f036bd5eb3c926" + ], + "host": "www[.]jh2hxge6zy[.]com" + }, + { + "hashes": [ + "9f0ab6f0b08a40138b4de3be8cd9c40333c4a5e30f476e632bfd715c20e7e1ba" + ], + "host": "www[.]ehtiatdjsv[.]com" + }, + { + "hashes": [ + "e522387fcdded272d4382d03cccc979347e399abfef2319553022f5249ec7e9d" + ], + "host": "www[.]dddu3yqvme[.]com" + }, + { + "hashes": [ + "f9db0f7f33191a91a6a4acc1593d696b62c2a6c927c1144937e58793e2249f78" + ], + "host": "www[.]wha0vpzn3c[.]com" + }, + { + "hashes": [ + "fe6fad62d3e63eed458d33cfec58e20468d685bc21f69161f5f036bd5eb3c926" + ], + "host": "www[.]ztxacd7o1j[.]com" + }, + { + "hashes": [ + "9f0ab6f0b08a40138b4de3be8cd9c40333c4a5e30f476e632bfd715c20e7e1ba" + ], + "host": "www[.]r5d42mselb[.]com" + }, + { + "hashes": [ + "f9db0f7f33191a91a6a4acc1593d696b62c2a6c927c1144937e58793e2249f78" + ], + "host": "www[.]yhbkncfupy[.]com" + }, + { + "hashes": [ + "fe6fad62d3e63eed458d33cfec58e20468d685bc21f69161f5f036bd5eb3c926" + ], + "host": "www[.]glj24iaof9[.]com" + }, + { + "hashes": [ + "9f0ab6f0b08a40138b4de3be8cd9c40333c4a5e30f476e632bfd715c20e7e1ba" + ], + "host": "www[.]bmnq8uo5cp[.]com" + }, + { + "hashes": [ + "e522387fcdded272d4382d03cccc979347e399abfef2319553022f5249ec7e9d" + ], + "host": "www[.]bpx615hrfk[.]com" + }, + { + "hashes": [ + "f9db0f7f33191a91a6a4acc1593d696b62c2a6c927c1144937e58793e2249f78" + ], + "host": "www[.]l9sj8pu5yc[.]com" + }, + { + "hashes": [ + "fe6fad62d3e63eed458d33cfec58e20468d685bc21f69161f5f036bd5eb3c926" + ], + "host": "www[.]vzdjct2zps[.]com" + }, + { + "hashes": [ + "9f0ab6f0b08a40138b4de3be8cd9c40333c4a5e30f476e632bfd715c20e7e1ba" + ], + "host": "www[.]lznjta3oev[.]com" + }, + { + "hashes": [ + "e522387fcdded272d4382d03cccc979347e399abfef2319553022f5249ec7e9d" + ], + "host": "www[.]hf66jhhwbw[.]com" + }, + { + "hashes": [ + "f9db0f7f33191a91a6a4acc1593d696b62c2a6c927c1144937e58793e2249f78" + ], + "host": "www[.]0ffaffdlmn[.]com" + }, + { + "hashes": [ + "fe6fad62d3e63eed458d33cfec58e20468d685bc21f69161f5f036bd5eb3c926" + ], + "host": "www[.]qryqt3kcej[.]com" + }, + { + "hashes": [ + "f9db0f7f33191a91a6a4acc1593d696b62c2a6c927c1144937e58793e2249f78" + ], + "host": "www[.]nsaevyfnmj[.]com" + }, + { + "hashes": [ + "e522387fcdded272d4382d03cccc979347e399abfef2319553022f5249ec7e9d" + ], + "host": "www[.]vpg6u1ulw5[.]com" + }, + { + "hashes": [ + "fe6fad62d3e63eed458d33cfec58e20468d685bc21f69161f5f036bd5eb3c926" + ], + "host": "www[.]djdnabtte0[.]com" + }, + { + "hashes": [ + "f9db0f7f33191a91a6a4acc1593d696b62c2a6c927c1144937e58793e2249f78" + ], + "host": "www[.]u1sgzd048q[.]com" + }, + { + "hashes": [ + "e522387fcdded272d4382d03cccc979347e399abfef2319553022f5249ec7e9d" + ], + "host": "www[.]dizyb18lcf[.]com" + }, + { + "hashes": [ + "fe6fad62d3e63eed458d33cfec58e20468d685bc21f69161f5f036bd5eb3c926" + ], + "host": "www[.]qqmkdeblo4[.]com" + }, + { + "hashes": [ + "f9db0f7f33191a91a6a4acc1593d696b62c2a6c927c1144937e58793e2249f78" + ], + "host": "www[.]gsop0488i4[.]com" + }, + { + "hashes": [ + "fe6fad62d3e63eed458d33cfec58e20468d685bc21f69161f5f036bd5eb3c926" + ], + "host": "www[.]z1vbwnryta[.]com" + }, + { + "hashes": [ + "fe6fad62d3e63eed458d33cfec58e20468d685bc21f69161f5f036bd5eb3c926" + ], + "host": "www[.]hmijkale2q[.]com" + }, + { + "hashes": [ + "f9db0f7f33191a91a6a4acc1593d696b62c2a6c927c1144937e58793e2249f78" + ], + "host": "www[.]zj2peapofa[.]com" + }, + { + "hashes": [ + "f9db0f7f33191a91a6a4acc1593d696b62c2a6c927c1144937e58793e2249f78" + ], + "host": "www[.]9ruqedkcy5[.]com" + }, + { + "hashes": [ + "fe6fad62d3e63eed458d33cfec58e20468d685bc21f69161f5f036bd5eb3c926" + ], + "host": "www[.]tsgimzq6qr[.]com" + }, + { + "hashes": [ + "f9db0f7f33191a91a6a4acc1593d696b62c2a6c927c1144937e58793e2249f78" + ], + "host": "www[.]kcdiwhiwcv[.]com" + }, + { + "hashes": [ + "fe6fad62d3e63eed458d33cfec58e20468d685bc21f69161f5f036bd5eb3c926" + ], + "host": "www[.]cfvycj65hc[.]com" + }, + { + "hashes": [ + "f9db0f7f33191a91a6a4acc1593d696b62c2a6c927c1144937e58793e2249f78" + ], + "host": "www[.]tpzzvsfurs[.]com" + }, + { + "hashes": [ + "fe6fad62d3e63eed458d33cfec58e20468d685bc21f69161f5f036bd5eb3c926" + ], + "host": "www[.]9dcol3x0mc[.]com" + } + ], + "file": [ + { + "hashes": [ + "031f4d2eb9e330adfbe2767c568c49a45f8feada9d466b2f09f5cfa6c321760a", + "03a38ff6103211309f144831629678a03a36d87c8fd071f6c314d22d37184867", + "09bb829f1336b37f91bb6537a6ba0a2ac3b81919f99b49c7cea118c5cc1f6d55", + "15c213fa11b0440a690133df83c63e7f2729eb1b41e7143291f98a4b9d29f7a5", + "24770b17a0dff8ff2f9f2e593b7268a7626908c4753fa2dcae27535dc58442c3", + "28c8c6f3c9e638e2736c296b97a3597608ad1d8f17cde25e270b6233d76621a5", + "43704d85c99c81841be1ecef92ad63d70050dda717ae6e176b62fa3133c52de2", + "489a1579c940e2f4be4c7d47814e8dcc06e553e06418f826f47c973563ed42b8", + "5978e277d535ae6803d988ec03a5bb068a9930f4daf85ab966ac92278f59dabc", + "6dde7661cbe3990f93ec05bfbd95f587bc857d576e79144f8c65cf9a36ae6c0c", + "846c29654222d6d540794abb5adff6da8aee5ecbc0f40ec9aec75610ff75f9d2", + "9366c5124ceb956ef97059b5b649707c0732a85e6912232294d5e3bcb078dd7f", + "95d71c0954cefa05cfcf7714d48c6a91208d9aa72bd232a393795ee5e0c970b3", + "9b363933d9304a7961a176a38585b509294769a7f8d2e49167e716582c6b0bf2", + "9f0ab6f0b08a40138b4de3be8cd9c40333c4a5e30f476e632bfd715c20e7e1ba", + "a098e6f2a14908c4220bcc59c872d331841b3d7beaaea945717439be15778a23", + "d5f3c9eab2e825b6e670dd529d1bb2212baf54437bd56915ecd6932b1745328a", + "d63b9fcd6e2a3da9965cd991c2280c0297f0ddf9b38000eda95181e4f02736f7", + "dfa766780679c50e15c2d0c1f64bccf78f1bedca63f0522804dab50cc5e173b1", + "e522387fcdded272d4382d03cccc979347e399abfef2319553022f5249ec7e9d", + "f9db0f7f33191a91a6a4acc1593d696b62c2a6c927c1144937e58793e2249f78", + "fe6fad62d3e63eed458d33cfec58e20468d685bc21f69161f5f036bd5eb3c926" + ], + "path": "<malware cwd>\\old_<malware exe name> (copy)" + }, + { + "hashes": [ + "43704d85c99c81841be1ecef92ad63d70050dda717ae6e176b62fa3133c52de2" + ], + "path": "\\TEMP\\2794388cf801e19b2e67e1e05565962b.exe" + } + ], + "ip": [ + { + "hashes": [ + "031f4d2eb9e330adfbe2767c568c49a45f8feada9d466b2f09f5cfa6c321760a", + "03a38ff6103211309f144831629678a03a36d87c8fd071f6c314d22d37184867", + "09bb829f1336b37f91bb6537a6ba0a2ac3b81919f99b49c7cea118c5cc1f6d55", + "15c213fa11b0440a690133df83c63e7f2729eb1b41e7143291f98a4b9d29f7a5", + "24770b17a0dff8ff2f9f2e593b7268a7626908c4753fa2dcae27535dc58442c3", + "28c8c6f3c9e638e2736c296b97a3597608ad1d8f17cde25e270b6233d76621a5", + "43704d85c99c81841be1ecef92ad63d70050dda717ae6e176b62fa3133c52de2", + "489a1579c940e2f4be4c7d47814e8dcc06e553e06418f826f47c973563ed42b8", + "5978e277d535ae6803d988ec03a5bb068a9930f4daf85ab966ac92278f59dabc", + "6dde7661cbe3990f93ec05bfbd95f587bc857d576e79144f8c65cf9a36ae6c0c", + "7cca7d60a1503856ae962c4d98a8ad3d9fe22b3b0f1f09f2d2d66de27fc9d98e", + "846c29654222d6d540794abb5adff6da8aee5ecbc0f40ec9aec75610ff75f9d2", + "9366c5124ceb956ef97059b5b649707c0732a85e6912232294d5e3bcb078dd7f", + "95d71c0954cefa05cfcf7714d48c6a91208d9aa72bd232a393795ee5e0c970b3", + "9b363933d9304a7961a176a38585b509294769a7f8d2e49167e716582c6b0bf2", + "9f0ab6f0b08a40138b4de3be8cd9c40333c4a5e30f476e632bfd715c20e7e1ba", + "a098e6f2a14908c4220bcc59c872d331841b3d7beaaea945717439be15778a23", + "d5f3c9eab2e825b6e670dd529d1bb2212baf54437bd56915ecd6932b1745328a", + "d63b9fcd6e2a3da9965cd991c2280c0297f0ddf9b38000eda95181e4f02736f7", + "dfa766780679c50e15c2d0c1f64bccf78f1bedca63f0522804dab50cc5e173b1", + "e522387fcdded272d4382d03cccc979347e399abfef2319553022f5249ec7e9d", + "f9db0f7f33191a91a6a4acc1593d696b62c2a6c927c1144937e58793e2249f78", + "fe6fad62d3e63eed458d33cfec58e20468d685bc21f69161f5f036bd5eb3c926" + ], + "ip": "172[.]217[.]7[.]206" + }, + { + "hashes": [ + "031f4d2eb9e330adfbe2767c568c49a45f8feada9d466b2f09f5cfa6c321760a", + "15c213fa11b0440a690133df83c63e7f2729eb1b41e7143291f98a4b9d29f7a5", + "24770b17a0dff8ff2f9f2e593b7268a7626908c4753fa2dcae27535dc58442c3", + "28c8c6f3c9e638e2736c296b97a3597608ad1d8f17cde25e270b6233d76621a5", + "43704d85c99c81841be1ecef92ad63d70050dda717ae6e176b62fa3133c52de2", + "6dde7661cbe3990f93ec05bfbd95f587bc857d576e79144f8c65cf9a36ae6c0c", + "846c29654222d6d540794abb5adff6da8aee5ecbc0f40ec9aec75610ff75f9d2", + "9366c5124ceb956ef97059b5b649707c0732a85e6912232294d5e3bcb078dd7f", + "9b363933d9304a7961a176a38585b509294769a7f8d2e49167e716582c6b0bf2", + "d5f3c9eab2e825b6e670dd529d1bb2212baf54437bd56915ecd6932b1745328a", + "d63b9fcd6e2a3da9965cd991c2280c0297f0ddf9b38000eda95181e4f02736f7", + "dfa766780679c50e15c2d0c1f64bccf78f1bedca63f0522804dab50cc5e173b1", + "e522387fcdded272d4382d03cccc979347e399abfef2319553022f5249ec7e9d", + "f9db0f7f33191a91a6a4acc1593d696b62c2a6c927c1144937e58793e2249f78", + "fe6fad62d3e63eed458d33cfec58e20468d685bc21f69161f5f036bd5eb3c926" + ], + "ip": "104[.]23[.]99[.]190" + }, + { + "hashes": [ + "03a38ff6103211309f144831629678a03a36d87c8fd071f6c314d22d37184867", + "09bb829f1336b37f91bb6537a6ba0a2ac3b81919f99b49c7cea118c5cc1f6d55", + "489a1579c940e2f4be4c7d47814e8dcc06e553e06418f826f47c973563ed42b8", + "5978e277d535ae6803d988ec03a5bb068a9930f4daf85ab966ac92278f59dabc", + "7cca7d60a1503856ae962c4d98a8ad3d9fe22b3b0f1f09f2d2d66de27fc9d98e", + "95d71c0954cefa05cfcf7714d48c6a91208d9aa72bd232a393795ee5e0c970b3", + "9f0ab6f0b08a40138b4de3be8cd9c40333c4a5e30f476e632bfd715c20e7e1ba", + "a098e6f2a14908c4220bcc59c872d331841b3d7beaaea945717439be15778a23", + "d63b9fcd6e2a3da9965cd991c2280c0297f0ddf9b38000eda95181e4f02736f7", + "dfa766780679c50e15c2d0c1f64bccf78f1bedca63f0522804dab50cc5e173b1", + "f9db0f7f33191a91a6a4acc1593d696b62c2a6c927c1144937e58793e2249f78", + "fe6fad62d3e63eed458d33cfec58e20468d685bc21f69161f5f036bd5eb3c926" + ], + "ip": "104[.]23[.]98[.]190" + } + ], + "mutex": [ + { + "hashes": [ + "dfa766780679c50e15c2d0c1f64bccf78f1bedca63f0522804dab50cc5e173b1" + ], + "name": "tlxDZX2Ntc" + }, + { + "hashes": [ + "a098e6f2a14908c4220bcc59c872d331841b3d7beaaea945717439be15778a23" + ], + "name": "G0eESuMwaM" + }, + { + "hashes": [ + "a098e6f2a14908c4220bcc59c872d331841b3d7beaaea945717439be15778a23" + ], + "name": "QLUuhtpFL4" + }, + { + "hashes": [ + "a098e6f2a14908c4220bcc59c872d331841b3d7beaaea945717439be15778a23" + ], + "name": "W81AjgGbqP" + }, + { + "hashes": [ + "a098e6f2a14908c4220bcc59c872d331841b3d7beaaea945717439be15778a23" + ], + "name": "b5WXmmWABJ" + }, + { + "hashes": [ + "a098e6f2a14908c4220bcc59c872d331841b3d7beaaea945717439be15778a23" + ], + "name": "q0OYNmrwzs" + }, + { + "hashes": [ + "9f0ab6f0b08a40138b4de3be8cd9c40333c4a5e30f476e632bfd715c20e7e1ba" + ], + "name": "22lOOR7vmz" + }, + { + "hashes": [ + "9f0ab6f0b08a40138b4de3be8cd9c40333c4a5e30f476e632bfd715c20e7e1ba" + ], + "name": "3vNIizgIBf" + }, + { + "hashes": [ + "9f0ab6f0b08a40138b4de3be8cd9c40333c4a5e30f476e632bfd715c20e7e1ba" + ], + "name": "4cbShiiIBW" + }, + { + "hashes": [ + "9f0ab6f0b08a40138b4de3be8cd9c40333c4a5e30f476e632bfd715c20e7e1ba" + ], + "name": "6hkO3nxjqn" + }, + { + "hashes": [ + "9f0ab6f0b08a40138b4de3be8cd9c40333c4a5e30f476e632bfd715c20e7e1ba" + ], + "name": "iPWsdpH8gA" + }, + { + "hashes": [ + "9f0ab6f0b08a40138b4de3be8cd9c40333c4a5e30f476e632bfd715c20e7e1ba" + ], + "name": "juhrLAoiFE" + }, + { + "hashes": [ + "9f0ab6f0b08a40138b4de3be8cd9c40333c4a5e30f476e632bfd715c20e7e1ba" + ], + "name": "kAwbNLNp7c" + }, + { + "hashes": [ + "9f0ab6f0b08a40138b4de3be8cd9c40333c4a5e30f476e632bfd715c20e7e1ba" + ], + "name": "q4G7hZQYnm" + }, + { + "hashes": [ + "f9db0f7f33191a91a6a4acc1593d696b62c2a6c927c1144937e58793e2249f78" + ], + "name": "3Ke8aq0xVe" + }, + { + "hashes": [ + "f9db0f7f33191a91a6a4acc1593d696b62c2a6c927c1144937e58793e2249f78" + ], + "name": "6v3JrEsK54" + }, + { + "hashes": [ + "f9db0f7f33191a91a6a4acc1593d696b62c2a6c927c1144937e58793e2249f78" + ], + "name": "Cu147nvDYW" + }, + { + "hashes": [ + "f9db0f7f33191a91a6a4acc1593d696b62c2a6c927c1144937e58793e2249f78" + ], + "name": "ERneZGynQ7" + }, + { + "hashes": [ + "f9db0f7f33191a91a6a4acc1593d696b62c2a6c927c1144937e58793e2249f78" + ], + "name": "GnENugv2bC" + }, + { + "hashes": [ + "f9db0f7f33191a91a6a4acc1593d696b62c2a6c927c1144937e58793e2249f78" + ], + "name": "MoxF68c4S6" + }, + { + "hashes": [ + "fe6fad62d3e63eed458d33cfec58e20468d685bc21f69161f5f036bd5eb3c926" + ], + "name": "4ijXaxYePH" + }, + { + "hashes": [ + "f9db0f7f33191a91a6a4acc1593d696b62c2a6c927c1144937e58793e2249f78" + ], + "name": "RD1rsFphWn" + }, + { + "hashes": [ + "fe6fad62d3e63eed458d33cfec58e20468d685bc21f69161f5f036bd5eb3c926" + ], + "name": "5RwkPpNJzh" + }, + { + "hashes": [ + "f9db0f7f33191a91a6a4acc1593d696b62c2a6c927c1144937e58793e2249f78" + ], + "name": "T8KuolUTed" + }, + { + "hashes": [ + "fe6fad62d3e63eed458d33cfec58e20468d685bc21f69161f5f036bd5eb3c926" + ], + "name": "H2qiRLadfB" + }, + { + "hashes": [ + "f9db0f7f33191a91a6a4acc1593d696b62c2a6c927c1144937e58793e2249f78" + ], + "name": "WbYuu2vXKF" + }, + { + "hashes": [ + "e522387fcdded272d4382d03cccc979347e399abfef2319553022f5249ec7e9d" + ], + "name": "6oHVTn7m1S" + }, + { + "hashes": [ + "fe6fad62d3e63eed458d33cfec58e20468d685bc21f69161f5f036bd5eb3c926" + ], + "name": "IiMz538TeT" + }, + { + "hashes": [ + "f9db0f7f33191a91a6a4acc1593d696b62c2a6c927c1144937e58793e2249f78" + ], + "name": "YH3sIXWxZ7" + }, + { + "hashes": [ + "fe6fad62d3e63eed458d33cfec58e20468d685bc21f69161f5f036bd5eb3c926" + ], + "name": "MrbqGAkrN6" + }, + { + "hashes": [ + "e522387fcdded272d4382d03cccc979347e399abfef2319553022f5249ec7e9d" + ], + "name": "AOP8bLZeZf" + }, + { + "hashes": [ + "f9db0f7f33191a91a6a4acc1593d696b62c2a6c927c1144937e58793e2249f78" + ], + "name": "aAUGQU6jY7" + }, + { + "hashes": [ + "e522387fcdded272d4382d03cccc979347e399abfef2319553022f5249ec7e9d" + ], + "name": "EJiGhkYRsT" + }, + { + "hashes": [ + "fe6fad62d3e63eed458d33cfec58e20468d685bc21f69161f5f036bd5eb3c926" + ], + "name": "VavP11maVe" + }, + { + "hashes": [ + "f9db0f7f33191a91a6a4acc1593d696b62c2a6c927c1144937e58793e2249f78" + ], + "name": "hd2DNIQQza" + }, + { + "hashes": [ + "e522387fcdded272d4382d03cccc979347e399abfef2319553022f5249ec7e9d" + ], + "name": "GC0BnG1NyT" + }, + { + "hashes": [ + "fe6fad62d3e63eed458d33cfec58e20468d685bc21f69161f5f036bd5eb3c926" + ], + "name": "WOD0NMwG0v" + }, + { + "hashes": [ + "f9db0f7f33191a91a6a4acc1593d696b62c2a6c927c1144937e58793e2249f78" + ], + "name": "nC4LYHkDUW" + }, + { + "hashes": [ + "e522387fcdded272d4382d03cccc979347e399abfef2319553022f5249ec7e9d" + ], + "name": "m6aiKNmZX7" + }, + { + "hashes": [ + "fe6fad62d3e63eed458d33cfec58e20468d685bc21f69161f5f036bd5eb3c926" + ], + "name": "alCShHejK0" + }, + { + "hashes": [ + "f9db0f7f33191a91a6a4acc1593d696b62c2a6c927c1144937e58793e2249f78" + ], + "name": "tv7Tjl0Sjm" + }, + { + "hashes": [ + "e522387fcdded272d4382d03cccc979347e399abfef2319553022f5249ec7e9d" + ], + "name": "nc8O2a3gZO" + }, + { + "hashes": [ + "fe6fad62d3e63eed458d33cfec58e20468d685bc21f69161f5f036bd5eb3c926" + ], + "name": "cEoNvtSzSO" + }, + { + "hashes": [ + "e522387fcdded272d4382d03cccc979347e399abfef2319553022f5249ec7e9d" + ], + "name": "t700AW7igk" + }, + { + "hashes": [ + "fe6fad62d3e63eed458d33cfec58e20468d685bc21f69161f5f036bd5eb3c926" + ], + "name": "hbCa9oBQcM" + }, + { + "hashes": [ + "e522387fcdded272d4382d03cccc979347e399abfef2319553022f5249ec7e9d" + ], + "name": "ygC9l4NjOK" + }, + { + "hashes": [ + "fe6fad62d3e63eed458d33cfec58e20468d685bc21f69161f5f036bd5eb3c926" + ], + "name": "ks8HKxrioy" + }, + { + "hashes": [ + "fe6fad62d3e63eed458d33cfec58e20468d685bc21f69161f5f036bd5eb3c926" + ], + "name": "qOVtUNs8zu" + }, + { + "hashes": [ + "fe6fad62d3e63eed458d33cfec58e20468d685bc21f69161f5f036bd5eb3c926" + ], + "name": "rI7PHRZE6H" + }, + { + "hashes": [ + "fe6fad62d3e63eed458d33cfec58e20468d685bc21f69161f5f036bd5eb3c926" + ], + "name": "usZX9BGzyP" + } + ], + "registry": [ + { + "hashes": [ + "031f4d2eb9e330adfbe2767c568c49a45f8feada9d466b2f09f5cfa6c321760a", + "03a38ff6103211309f144831629678a03a36d87c8fd071f6c314d22d37184867", + "09bb829f1336b37f91bb6537a6ba0a2ac3b81919f99b49c7cea118c5cc1f6d55", + "15c213fa11b0440a690133df83c63e7f2729eb1b41e7143291f98a4b9d29f7a5", + "24770b17a0dff8ff2f9f2e593b7268a7626908c4753fa2dcae27535dc58442c3", + "28c8c6f3c9e638e2736c296b97a3597608ad1d8f17cde25e270b6233d76621a5", + "43704d85c99c81841be1ecef92ad63d70050dda717ae6e176b62fa3133c52de2", + "489a1579c940e2f4be4c7d47814e8dcc06e553e06418f826f47c973563ed42b8", + "5978e277d535ae6803d988ec03a5bb068a9930f4daf85ab966ac92278f59dabc", + "6dde7661cbe3990f93ec05bfbd95f587bc857d576e79144f8c65cf9a36ae6c0c", + "7cca7d60a1503856ae962c4d98a8ad3d9fe22b3b0f1f09f2d2d66de27fc9d98e", + "846c29654222d6d540794abb5adff6da8aee5ecbc0f40ec9aec75610ff75f9d2", + "9366c5124ceb956ef97059b5b649707c0732a85e6912232294d5e3bcb078dd7f", + "95d71c0954cefa05cfcf7714d48c6a91208d9aa72bd232a393795ee5e0c970b3", + "9b363933d9304a7961a176a38585b509294769a7f8d2e49167e716582c6b0bf2", + "9f0ab6f0b08a40138b4de3be8cd9c40333c4a5e30f476e632bfd715c20e7e1ba", + "a098e6f2a14908c4220bcc59c872d331841b3d7beaaea945717439be15778a23", + "d5f3c9eab2e825b6e670dd529d1bb2212baf54437bd56915ecd6932b1745328a", + "d63b9fcd6e2a3da9965cd991c2280c0297f0ddf9b38000eda95181e4f02736f7", + "dfa766780679c50e15c2d0c1f64bccf78f1bedca63f0522804dab50cc5e173b1", + "e522387fcdded272d4382d03cccc979347e399abfef2319553022f5249ec7e9d", + "f9db0f7f33191a91a6a4acc1593d696b62c2a6c927c1144937e58793e2249f78", + "fe6fad62d3e63eed458d33cfec58e20468d685bc21f69161f5f036bd5eb3c926" + ], + "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUNONCE", + "value_name": "trkcore" + }, + { + "hashes": [ + "031f4d2eb9e330adfbe2767c568c49a45f8feada9d466b2f09f5cfa6c321760a", + "03a38ff6103211309f144831629678a03a36d87c8fd071f6c314d22d37184867", + "09bb829f1336b37f91bb6537a6ba0a2ac3b81919f99b49c7cea118c5cc1f6d55", + "15c213fa11b0440a690133df83c63e7f2729eb1b41e7143291f98a4b9d29f7a5", + "24770b17a0dff8ff2f9f2e593b7268a7626908c4753fa2dcae27535dc58442c3", + "28c8c6f3c9e638e2736c296b97a3597608ad1d8f17cde25e270b6233d76621a5", + "43704d85c99c81841be1ecef92ad63d70050dda717ae6e176b62fa3133c52de2", + "489a1579c940e2f4be4c7d47814e8dcc06e553e06418f826f47c973563ed42b8", + "5978e277d535ae6803d988ec03a5bb068a9930f4daf85ab966ac92278f59dabc", + "6dde7661cbe3990f93ec05bfbd95f587bc857d576e79144f8c65cf9a36ae6c0c", + "7cca7d60a1503856ae962c4d98a8ad3d9fe22b3b0f1f09f2d2d66de27fc9d98e", + "846c29654222d6d540794abb5adff6da8aee5ecbc0f40ec9aec75610ff75f9d2", + "9366c5124ceb956ef97059b5b649707c0732a85e6912232294d5e3bcb078dd7f", + "95d71c0954cefa05cfcf7714d48c6a91208d9aa72bd232a393795ee5e0c970b3", + "9b363933d9304a7961a176a38585b509294769a7f8d2e49167e716582c6b0bf2", + "9f0ab6f0b08a40138b4de3be8cd9c40333c4a5e30f476e632bfd715c20e7e1ba", + "a098e6f2a14908c4220bcc59c872d331841b3d7beaaea945717439be15778a23", + "d5f3c9eab2e825b6e670dd529d1bb2212baf54437bd56915ecd6932b1745328a", + "d63b9fcd6e2a3da9965cd991c2280c0297f0ddf9b38000eda95181e4f02736f7", + "dfa766780679c50e15c2d0c1f64bccf78f1bedca63f0522804dab50cc5e173b1", + "e522387fcdded272d4382d03cccc979347e399abfef2319553022f5249ec7e9d", + "f9db0f7f33191a91a6a4acc1593d696b62c2a6c927c1144937e58793e2249f78", + "fe6fad62d3e63eed458d33cfec58e20468d685bc21f69161f5f036bd5eb3c926" + ], + "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\POLICIES\\SYSTEM", + "value_name": "DisableTaskMgr" + }, + { + "hashes": [ + "031f4d2eb9e330adfbe2767c568c49a45f8feada9d466b2f09f5cfa6c321760a", + "03a38ff6103211309f144831629678a03a36d87c8fd071f6c314d22d37184867", + "09bb829f1336b37f91bb6537a6ba0a2ac3b81919f99b49c7cea118c5cc1f6d55", + "15c213fa11b0440a690133df83c63e7f2729eb1b41e7143291f98a4b9d29f7a5", + "24770b17a0dff8ff2f9f2e593b7268a7626908c4753fa2dcae27535dc58442c3", + "28c8c6f3c9e638e2736c296b97a3597608ad1d8f17cde25e270b6233d76621a5", + "43704d85c99c81841be1ecef92ad63d70050dda717ae6e176b62fa3133c52de2", + "489a1579c940e2f4be4c7d47814e8dcc06e553e06418f826f47c973563ed42b8", + "5978e277d535ae6803d988ec03a5bb068a9930f4daf85ab966ac92278f59dabc", + "6dde7661cbe3990f93ec05bfbd95f587bc857d576e79144f8c65cf9a36ae6c0c", + "7cca7d60a1503856ae962c4d98a8ad3d9fe22b3b0f1f09f2d2d66de27fc9d98e", + "846c29654222d6d540794abb5adff6da8aee5ecbc0f40ec9aec75610ff75f9d2", + "9366c5124ceb956ef97059b5b649707c0732a85e6912232294d5e3bcb078dd7f", + "95d71c0954cefa05cfcf7714d48c6a91208d9aa72bd232a393795ee5e0c970b3", + "9b363933d9304a7961a176a38585b509294769a7f8d2e49167e716582c6b0bf2", + "9f0ab6f0b08a40138b4de3be8cd9c40333c4a5e30f476e632bfd715c20e7e1ba", + "a098e6f2a14908c4220bcc59c872d331841b3d7beaaea945717439be15778a23", + "d5f3c9eab2e825b6e670dd529d1bb2212baf54437bd56915ecd6932b1745328a", + "d63b9fcd6e2a3da9965cd991c2280c0297f0ddf9b38000eda95181e4f02736f7", + "dfa766780679c50e15c2d0c1f64bccf78f1bedca63f0522804dab50cc5e173b1", + "e522387fcdded272d4382d03cccc979347e399abfef2319553022f5249ec7e9d", + "f9db0f7f33191a91a6a4acc1593d696b62c2a6c927c1144937e58793e2249f78", + "fe6fad62d3e63eed458d33cfec58e20468d685bc21f69161f5f036bd5eb3c926" + ], + "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\ACTION CENTER\\CHECKS\\{C8E6F269-B90A-4053-A3BE-499AFCEC98C4}.CHECK.0", + "value_name": "CheckSetting" + } + ] + }, + "reports_count": 23 + }, + "Win.Packed.Shiz-7945013-0": { + "bis": [ + { + "bi": "pe-encrypted-section", + "hashes": [ + "623c5e18f10921e6142ff115a750285427aa8e0d5e22b01826a13004471a945e", + "0629056f7d4102a08a4b773253d62453445ee91cc17fa1650b40d1bbca216e81", + "4dacfeb76545ad7fd43c89145e504410c257dff11ef64f9bb7dc3d0543474e30", + "6e191847d61897640fd344288756f5d59ec407e2d82191a80ca61ac1fdcf5ea4", + "356a0c3ec22d725e81f8441e61551f112ec136502b533c3eb3ae707345c7d1de", + "792e03a293bd084dae4581bd0d0968771bab2260198ae9921d69208b9cdbe1f8", + "861a9fe61b65913d45bc9e70f9f0967b0a1d6b8f5e10ca36e64d11f340845a1c", + "47dfc9a17dcf98d70546463ee6744ccd866bb25dcc761a17f6fc80c658360a87", + "07265ea0a06d695ee7d9c432328fa03c9b094156ea4340d655a9bd004f1ec245", + "13dfcc67efbbd2fbab594ec2f166c3bd606daedbc84e0af9a85aa73e9c365e69", + "1f729fb1fd0057f77b71361c6d65d65c9e1634fe5522f0e2eb30d6856c885567", + "555eafa8932f34b79dde787d1e24d049a6cd662a9f79433358c287ecf087c2d2", + "6916e5f854b557f379d37f689c565023e9b998ec33085f7db93c6c118e713856", + "476c6b55260a892b205eca31487a5c9df84972fcfa32e1579ad8cafc4e3ae412", + "261fa852470332ce18fee88de0ee43e701044a086a816e8e4c4fee5abd36feee", + "7c6c4b95a8f371197879242621a29b420020f499f2492b299e8f732aca2d9468", + "15dee18e595c7229866196fb35705cc11d156254302524d128c6de1091070752", + "1b0038caef373a183c07a3432a071d39a6cc6a1382a841176ba755d5f87093c1", + "043c264efa0f27d30ebff0d9c3c5239ec02ddf012bebf53740e9e9fa45278b88", + "56492e89b6d571e73f85bff04df71d7a120ea0db56e63282372f1e881aecec7c", + "1a8d546528102cd45980bce71b0159d8a8d50ad877219f2930f64010f3b10de2", + "61379474c1ffc0f3905676a35bbd7aeae723cafbd9d009e41e29105b058c12a5", + "3914cb2391b1f4dea8beb1310ad8804b9ab30218808f2fba1b21a7d398473d7c", + "07f6802aefceb7295163b85221c6edee87eb714f85e898f91b832fd427fcb840", + "1e86f351224a048a3e345984bab57e1573c78138af6593db20139cc35c907fe4" + ], + "mitre_attack_tags": [ + "TA0005", + "T1027" + ] + }, + { + "bi": "memory-execute-readwrite", + "hashes": [ + "623c5e18f10921e6142ff115a750285427aa8e0d5e22b01826a13004471a945e", + "0629056f7d4102a08a4b773253d62453445ee91cc17fa1650b40d1bbca216e81", + "4dacfeb76545ad7fd43c89145e504410c257dff11ef64f9bb7dc3d0543474e30", + "6e191847d61897640fd344288756f5d59ec407e2d82191a80ca61ac1fdcf5ea4", + "356a0c3ec22d725e81f8441e61551f112ec136502b533c3eb3ae707345c7d1de", + "792e03a293bd084dae4581bd0d0968771bab2260198ae9921d69208b9cdbe1f8", + "861a9fe61b65913d45bc9e70f9f0967b0a1d6b8f5e10ca36e64d11f340845a1c", + "47dfc9a17dcf98d70546463ee6744ccd866bb25dcc761a17f6fc80c658360a87", + "07265ea0a06d695ee7d9c432328fa03c9b094156ea4340d655a9bd004f1ec245", + "13dfcc67efbbd2fbab594ec2f166c3bd606daedbc84e0af9a85aa73e9c365e69", + "1f729fb1fd0057f77b71361c6d65d65c9e1634fe5522f0e2eb30d6856c885567", + "555eafa8932f34b79dde787d1e24d049a6cd662a9f79433358c287ecf087c2d2", + "6916e5f854b557f379d37f689c565023e9b998ec33085f7db93c6c118e713856", + "476c6b55260a892b205eca31487a5c9df84972fcfa32e1579ad8cafc4e3ae412", + "261fa852470332ce18fee88de0ee43e701044a086a816e8e4c4fee5abd36feee", + "7c6c4b95a8f371197879242621a29b420020f499f2492b299e8f732aca2d9468", + "15dee18e595c7229866196fb35705cc11d156254302524d128c6de1091070752", + "1b0038caef373a183c07a3432a071d39a6cc6a1382a841176ba755d5f87093c1", + "043c264efa0f27d30ebff0d9c3c5239ec02ddf012bebf53740e9e9fa45278b88", + "56492e89b6d571e73f85bff04df71d7a120ea0db56e63282372f1e881aecec7c", + "1a8d546528102cd45980bce71b0159d8a8d50ad877219f2930f64010f3b10de2", + "61379474c1ffc0f3905676a35bbd7aeae723cafbd9d009e41e29105b058c12a5", + "3914cb2391b1f4dea8beb1310ad8804b9ab30218808f2fba1b21a7d398473d7c", + "07f6802aefceb7295163b85221c6edee87eb714f85e898f91b832fd427fcb840", + "1e86f351224a048a3e345984bab57e1573c78138af6593db20139cc35c907fe4" + ], + "mitre_attack_tags": [ + "TA0005", + "TA0004", + "T1055", + "T1181" + ] + }, + { + "bi": "antivirus-service-flagged-artifact", + "hashes": [ + "623c5e18f10921e6142ff115a750285427aa8e0d5e22b01826a13004471a945e", + "0629056f7d4102a08a4b773253d62453445ee91cc17fa1650b40d1bbca216e81", + "4dacfeb76545ad7fd43c89145e504410c257dff11ef64f9bb7dc3d0543474e30", + "6e191847d61897640fd344288756f5d59ec407e2d82191a80ca61ac1fdcf5ea4", + "356a0c3ec22d725e81f8441e61551f112ec136502b533c3eb3ae707345c7d1de", + "792e03a293bd084dae4581bd0d0968771bab2260198ae9921d69208b9cdbe1f8", + "861a9fe61b65913d45bc9e70f9f0967b0a1d6b8f5e10ca36e64d11f340845a1c", + "47dfc9a17dcf98d70546463ee6744ccd866bb25dcc761a17f6fc80c658360a87", + "07265ea0a06d695ee7d9c432328fa03c9b094156ea4340d655a9bd004f1ec245", + "13dfcc67efbbd2fbab594ec2f166c3bd606daedbc84e0af9a85aa73e9c365e69", + "1f729fb1fd0057f77b71361c6d65d65c9e1634fe5522f0e2eb30d6856c885567", + "555eafa8932f34b79dde787d1e24d049a6cd662a9f79433358c287ecf087c2d2", + "6916e5f854b557f379d37f689c565023e9b998ec33085f7db93c6c118e713856", + "476c6b55260a892b205eca31487a5c9df84972fcfa32e1579ad8cafc4e3ae412", + "261fa852470332ce18fee88de0ee43e701044a086a816e8e4c4fee5abd36feee", + "7c6c4b95a8f371197879242621a29b420020f499f2492b299e8f732aca2d9468", + "15dee18e595c7229866196fb35705cc11d156254302524d128c6de1091070752", + "1b0038caef373a183c07a3432a071d39a6cc6a1382a841176ba755d5f87093c1", + "043c264efa0f27d30ebff0d9c3c5239ec02ddf012bebf53740e9e9fa45278b88", + "56492e89b6d571e73f85bff04df71d7a120ea0db56e63282372f1e881aecec7c", + "1a8d546528102cd45980bce71b0159d8a8d50ad877219f2930f64010f3b10de2", + "61379474c1ffc0f3905676a35bbd7aeae723cafbd9d009e41e29105b058c12a5", + "3914cb2391b1f4dea8beb1310ad8804b9ab30218808f2fba1b21a7d398473d7c", + "07f6802aefceb7295163b85221c6edee87eb714f85e898f91b832fd427fcb840", + "1e86f351224a048a3e345984bab57e1573c78138af6593db20139cc35c907fe4" + ], + "mitre_attack_tags": [] + }, + { + "bi": "modified-file-in-user-dir", + "hashes": [ + "623c5e18f10921e6142ff115a750285427aa8e0d5e22b01826a13004471a945e", + "0629056f7d4102a08a4b773253d62453445ee91cc17fa1650b40d1bbca216e81", + "4dacfeb76545ad7fd43c89145e504410c257dff11ef64f9bb7dc3d0543474e30", + "6e191847d61897640fd344288756f5d59ec407e2d82191a80ca61ac1fdcf5ea4", + "356a0c3ec22d725e81f8441e61551f112ec136502b533c3eb3ae707345c7d1de", + "792e03a293bd084dae4581bd0d0968771bab2260198ae9921d69208b9cdbe1f8", + "861a9fe61b65913d45bc9e70f9f0967b0a1d6b8f5e10ca36e64d11f340845a1c", + "47dfc9a17dcf98d70546463ee6744ccd866bb25dcc761a17f6fc80c658360a87", + "07265ea0a06d695ee7d9c432328fa03c9b094156ea4340d655a9bd004f1ec245", + "13dfcc67efbbd2fbab594ec2f166c3bd606daedbc84e0af9a85aa73e9c365e69", + "1f729fb1fd0057f77b71361c6d65d65c9e1634fe5522f0e2eb30d6856c885567", + "555eafa8932f34b79dde787d1e24d049a6cd662a9f79433358c287ecf087c2d2", + "6916e5f854b557f379d37f689c565023e9b998ec33085f7db93c6c118e713856", + "476c6b55260a892b205eca31487a5c9df84972fcfa32e1579ad8cafc4e3ae412", + "261fa852470332ce18fee88de0ee43e701044a086a816e8e4c4fee5abd36feee", + "7c6c4b95a8f371197879242621a29b420020f499f2492b299e8f732aca2d9468", + "15dee18e595c7229866196fb35705cc11d156254302524d128c6de1091070752", + "1b0038caef373a183c07a3432a071d39a6cc6a1382a841176ba755d5f87093c1", + "043c264efa0f27d30ebff0d9c3c5239ec02ddf012bebf53740e9e9fa45278b88", + "56492e89b6d571e73f85bff04df71d7a120ea0db56e63282372f1e881aecec7c", + "1a8d546528102cd45980bce71b0159d8a8d50ad877219f2930f64010f3b10de2", + "61379474c1ffc0f3905676a35bbd7aeae723cafbd9d009e41e29105b058c12a5", + "3914cb2391b1f4dea8beb1310ad8804b9ab30218808f2fba1b21a7d398473d7c", + "07f6802aefceb7295163b85221c6edee87eb714f85e898f91b832fd427fcb840", + "1e86f351224a048a3e345984bab57e1573c78138af6593db20139cc35c907fe4" + ], + "mitre_attack_tags": [] + }, + { + "bi": "pe-invalid-checksum", + "hashes": [ + "623c5e18f10921e6142ff115a750285427aa8e0d5e22b01826a13004471a945e", + "0629056f7d4102a08a4b773253d62453445ee91cc17fa1650b40d1bbca216e81", + "4dacfeb76545ad7fd43c89145e504410c257dff11ef64f9bb7dc3d0543474e30", + "6e191847d61897640fd344288756f5d59ec407e2d82191a80ca61ac1fdcf5ea4", + "356a0c3ec22d725e81f8441e61551f112ec136502b533c3eb3ae707345c7d1de", + "792e03a293bd084dae4581bd0d0968771bab2260198ae9921d69208b9cdbe1f8", + "861a9fe61b65913d45bc9e70f9f0967b0a1d6b8f5e10ca36e64d11f340845a1c", + "47dfc9a17dcf98d70546463ee6744ccd866bb25dcc761a17f6fc80c658360a87", + "07265ea0a06d695ee7d9c432328fa03c9b094156ea4340d655a9bd004f1ec245", + "13dfcc67efbbd2fbab594ec2f166c3bd606daedbc84e0af9a85aa73e9c365e69", + "1f729fb1fd0057f77b71361c6d65d65c9e1634fe5522f0e2eb30d6856c885567", + "555eafa8932f34b79dde787d1e24d049a6cd662a9f79433358c287ecf087c2d2", + "6916e5f854b557f379d37f689c565023e9b998ec33085f7db93c6c118e713856", + "476c6b55260a892b205eca31487a5c9df84972fcfa32e1579ad8cafc4e3ae412", + "261fa852470332ce18fee88de0ee43e701044a086a816e8e4c4fee5abd36feee", + "7c6c4b95a8f371197879242621a29b420020f499f2492b299e8f732aca2d9468", + "15dee18e595c7229866196fb35705cc11d156254302524d128c6de1091070752", + "1b0038caef373a183c07a3432a071d39a6cc6a1382a841176ba755d5f87093c1", + "043c264efa0f27d30ebff0d9c3c5239ec02ddf012bebf53740e9e9fa45278b88", + "56492e89b6d571e73f85bff04df71d7a120ea0db56e63282372f1e881aecec7c", + "1a8d546528102cd45980bce71b0159d8a8d50ad877219f2930f64010f3b10de2", + "61379474c1ffc0f3905676a35bbd7aeae723cafbd9d009e41e29105b058c12a5", + "3914cb2391b1f4dea8beb1310ad8804b9ab30218808f2fba1b21a7d398473d7c", + "07f6802aefceb7295163b85221c6edee87eb714f85e898f91b832fd427fcb840", + "1e86f351224a048a3e345984bab57e1573c78138af6593db20139cc35c907fe4" + ], + "mitre_attack_tags": [] + }, + { + "bi": "cta-static-analyzer-malicious", + "hashes": [ + "623c5e18f10921e6142ff115a750285427aa8e0d5e22b01826a13004471a945e", + "0629056f7d4102a08a4b773253d62453445ee91cc17fa1650b40d1bbca216e81", + "4dacfeb76545ad7fd43c89145e504410c257dff11ef64f9bb7dc3d0543474e30", + "6e191847d61897640fd344288756f5d59ec407e2d82191a80ca61ac1fdcf5ea4", + "356a0c3ec22d725e81f8441e61551f112ec136502b533c3eb3ae707345c7d1de", + "792e03a293bd084dae4581bd0d0968771bab2260198ae9921d69208b9cdbe1f8", + "861a9fe61b65913d45bc9e70f9f0967b0a1d6b8f5e10ca36e64d11f340845a1c", + "47dfc9a17dcf98d70546463ee6744ccd866bb25dcc761a17f6fc80c658360a87", + "07265ea0a06d695ee7d9c432328fa03c9b094156ea4340d655a9bd004f1ec245", + "13dfcc67efbbd2fbab594ec2f166c3bd606daedbc84e0af9a85aa73e9c365e69", + "1f729fb1fd0057f77b71361c6d65d65c9e1634fe5522f0e2eb30d6856c885567", + "555eafa8932f34b79dde787d1e24d049a6cd662a9f79433358c287ecf087c2d2", + "6916e5f854b557f379d37f689c565023e9b998ec33085f7db93c6c118e713856", + "476c6b55260a892b205eca31487a5c9df84972fcfa32e1579ad8cafc4e3ae412", + "261fa852470332ce18fee88de0ee43e701044a086a816e8e4c4fee5abd36feee", + "7c6c4b95a8f371197879242621a29b420020f499f2492b299e8f732aca2d9468", + "15dee18e595c7229866196fb35705cc11d156254302524d128c6de1091070752", + "1b0038caef373a183c07a3432a071d39a6cc6a1382a841176ba755d5f87093c1", + "043c264efa0f27d30ebff0d9c3c5239ec02ddf012bebf53740e9e9fa45278b88", + "56492e89b6d571e73f85bff04df71d7a120ea0db56e63282372f1e881aecec7c", + "1a8d546528102cd45980bce71b0159d8a8d50ad877219f2930f64010f3b10de2", + "61379474c1ffc0f3905676a35bbd7aeae723cafbd9d009e41e29105b058c12a5", + "3914cb2391b1f4dea8beb1310ad8804b9ab30218808f2fba1b21a7d398473d7c", + "07f6802aefceb7295163b85221c6edee87eb714f85e898f91b832fd427fcb840", + "1e86f351224a048a3e345984bab57e1573c78138af6593db20139cc35c907fe4" + ], + "mitre_attack_tags": [] + }, + { + "bi": "network-opendns-malicious", + "hashes": [ + "623c5e18f10921e6142ff115a750285427aa8e0d5e22b01826a13004471a945e", + "0629056f7d4102a08a4b773253d62453445ee91cc17fa1650b40d1bbca216e81", + "4dacfeb76545ad7fd43c89145e504410c257dff11ef64f9bb7dc3d0543474e30", + "6e191847d61897640fd344288756f5d59ec407e2d82191a80ca61ac1fdcf5ea4", + "356a0c3ec22d725e81f8441e61551f112ec136502b533c3eb3ae707345c7d1de", + "792e03a293bd084dae4581bd0d0968771bab2260198ae9921d69208b9cdbe1f8", + "861a9fe61b65913d45bc9e70f9f0967b0a1d6b8f5e10ca36e64d11f340845a1c", + "47dfc9a17dcf98d70546463ee6744ccd866bb25dcc761a17f6fc80c658360a87", + "07265ea0a06d695ee7d9c432328fa03c9b094156ea4340d655a9bd004f1ec245", + "13dfcc67efbbd2fbab594ec2f166c3bd606daedbc84e0af9a85aa73e9c365e69", + "1f729fb1fd0057f77b71361c6d65d65c9e1634fe5522f0e2eb30d6856c885567", + "555eafa8932f34b79dde787d1e24d049a6cd662a9f79433358c287ecf087c2d2", + "6916e5f854b557f379d37f689c565023e9b998ec33085f7db93c6c118e713856", + "476c6b55260a892b205eca31487a5c9df84972fcfa32e1579ad8cafc4e3ae412", + "261fa852470332ce18fee88de0ee43e701044a086a816e8e4c4fee5abd36feee", + "7c6c4b95a8f371197879242621a29b420020f499f2492b299e8f732aca2d9468", + "15dee18e595c7229866196fb35705cc11d156254302524d128c6de1091070752", + "1b0038caef373a183c07a3432a071d39a6cc6a1382a841176ba755d5f87093c1", + "043c264efa0f27d30ebff0d9c3c5239ec02ddf012bebf53740e9e9fa45278b88", + "56492e89b6d571e73f85bff04df71d7a120ea0db56e63282372f1e881aecec7c", + "1a8d546528102cd45980bce71b0159d8a8d50ad877219f2930f64010f3b10de2", + "61379474c1ffc0f3905676a35bbd7aeae723cafbd9d009e41e29105b058c12a5", + "3914cb2391b1f4dea8beb1310ad8804b9ab30218808f2fba1b21a7d398473d7c", + "07f6802aefceb7295163b85221c6edee87eb714f85e898f91b832fd427fcb840", + "1e86f351224a048a3e345984bab57e1573c78138af6593db20139cc35c907fe4" + ], + "mitre_attack_tags": [] + }, + { + "bi": "network-file-uploaded", + "hashes": [ + "623c5e18f10921e6142ff115a750285427aa8e0d5e22b01826a13004471a945e", + "0629056f7d4102a08a4b773253d62453445ee91cc17fa1650b40d1bbca216e81", + "4dacfeb76545ad7fd43c89145e504410c257dff11ef64f9bb7dc3d0543474e30", + "6e191847d61897640fd344288756f5d59ec407e2d82191a80ca61ac1fdcf5ea4", + "356a0c3ec22d725e81f8441e61551f112ec136502b533c3eb3ae707345c7d1de", + "792e03a293bd084dae4581bd0d0968771bab2260198ae9921d69208b9cdbe1f8", + "861a9fe61b65913d45bc9e70f9f0967b0a1d6b8f5e10ca36e64d11f340845a1c", + "47dfc9a17dcf98d70546463ee6744ccd866bb25dcc761a17f6fc80c658360a87", + "07265ea0a06d695ee7d9c432328fa03c9b094156ea4340d655a9bd004f1ec245", + "13dfcc67efbbd2fbab594ec2f166c3bd606daedbc84e0af9a85aa73e9c365e69", + "1f729fb1fd0057f77b71361c6d65d65c9e1634fe5522f0e2eb30d6856c885567", + "555eafa8932f34b79dde787d1e24d049a6cd662a9f79433358c287ecf087c2d2", + "6916e5f854b557f379d37f689c565023e9b998ec33085f7db93c6c118e713856", + "476c6b55260a892b205eca31487a5c9df84972fcfa32e1579ad8cafc4e3ae412", + "261fa852470332ce18fee88de0ee43e701044a086a816e8e4c4fee5abd36feee", + "7c6c4b95a8f371197879242621a29b420020f499f2492b299e8f732aca2d9468", + "15dee18e595c7229866196fb35705cc11d156254302524d128c6de1091070752", + "1b0038caef373a183c07a3432a071d39a6cc6a1382a841176ba755d5f87093c1", + "043c264efa0f27d30ebff0d9c3c5239ec02ddf012bebf53740e9e9fa45278b88", + "56492e89b6d571e73f85bff04df71d7a120ea0db56e63282372f1e881aecec7c", + "1a8d546528102cd45980bce71b0159d8a8d50ad877219f2930f64010f3b10de2", + "61379474c1ffc0f3905676a35bbd7aeae723cafbd9d009e41e29105b058c12a5", + "3914cb2391b1f4dea8beb1310ad8804b9ab30218808f2fba1b21a7d398473d7c", + "07f6802aefceb7295163b85221c6edee87eb714f85e898f91b832fd427fcb840", + "1e86f351224a048a3e345984bab57e1573c78138af6593db20139cc35c907fe4" + ], + "mitre_attack_tags": [ + "TA0010", + "T1011" + ] + }, + { + "bi": "nginx-webserver-detected", + "hashes": [ + "623c5e18f10921e6142ff115a750285427aa8e0d5e22b01826a13004471a945e", + "0629056f7d4102a08a4b773253d62453445ee91cc17fa1650b40d1bbca216e81", + "4dacfeb76545ad7fd43c89145e504410c257dff11ef64f9bb7dc3d0543474e30", + "6e191847d61897640fd344288756f5d59ec407e2d82191a80ca61ac1fdcf5ea4", + "356a0c3ec22d725e81f8441e61551f112ec136502b533c3eb3ae707345c7d1de", + "792e03a293bd084dae4581bd0d0968771bab2260198ae9921d69208b9cdbe1f8", + "861a9fe61b65913d45bc9e70f9f0967b0a1d6b8f5e10ca36e64d11f340845a1c", + "47dfc9a17dcf98d70546463ee6744ccd866bb25dcc761a17f6fc80c658360a87", + "07265ea0a06d695ee7d9c432328fa03c9b094156ea4340d655a9bd004f1ec245", + "13dfcc67efbbd2fbab594ec2f166c3bd606daedbc84e0af9a85aa73e9c365e69", + "1f729fb1fd0057f77b71361c6d65d65c9e1634fe5522f0e2eb30d6856c885567", + "555eafa8932f34b79dde787d1e24d049a6cd662a9f79433358c287ecf087c2d2", + "6916e5f854b557f379d37f689c565023e9b998ec33085f7db93c6c118e713856", + "476c6b55260a892b205eca31487a5c9df84972fcfa32e1579ad8cafc4e3ae412", + "261fa852470332ce18fee88de0ee43e701044a086a816e8e4c4fee5abd36feee", + "7c6c4b95a8f371197879242621a29b420020f499f2492b299e8f732aca2d9468", + "15dee18e595c7229866196fb35705cc11d156254302524d128c6de1091070752", + "1b0038caef373a183c07a3432a071d39a6cc6a1382a841176ba755d5f87093c1", + "043c264efa0f27d30ebff0d9c3c5239ec02ddf012bebf53740e9e9fa45278b88", + "56492e89b6d571e73f85bff04df71d7a120ea0db56e63282372f1e881aecec7c", + "1a8d546528102cd45980bce71b0159d8a8d50ad877219f2930f64010f3b10de2", + "61379474c1ffc0f3905676a35bbd7aeae723cafbd9d009e41e29105b058c12a5", + "3914cb2391b1f4dea8beb1310ad8804b9ab30218808f2fba1b21a7d398473d7c", + "07f6802aefceb7295163b85221c6edee87eb714f85e898f91b832fd427fcb840", + "1e86f351224a048a3e345984bab57e1573c78138af6593db20139cc35c907fe4" + ], + "mitre_attack_tags": [] + }, + { + "bi": "network-fast-flux-domain", + "hashes": [ + "623c5e18f10921e6142ff115a750285427aa8e0d5e22b01826a13004471a945e", + "0629056f7d4102a08a4b773253d62453445ee91cc17fa1650b40d1bbca216e81", + "4dacfeb76545ad7fd43c89145e504410c257dff11ef64f9bb7dc3d0543474e30", + "6e191847d61897640fd344288756f5d59ec407e2d82191a80ca61ac1fdcf5ea4", + "356a0c3ec22d725e81f8441e61551f112ec136502b533c3eb3ae707345c7d1de", + "792e03a293bd084dae4581bd0d0968771bab2260198ae9921d69208b9cdbe1f8", + "861a9fe61b65913d45bc9e70f9f0967b0a1d6b8f5e10ca36e64d11f340845a1c", + "47dfc9a17dcf98d70546463ee6744ccd866bb25dcc761a17f6fc80c658360a87", + "07265ea0a06d695ee7d9c432328fa03c9b094156ea4340d655a9bd004f1ec245", + "13dfcc67efbbd2fbab594ec2f166c3bd606daedbc84e0af9a85aa73e9c365e69", + "1f729fb1fd0057f77b71361c6d65d65c9e1634fe5522f0e2eb30d6856c885567", + "555eafa8932f34b79dde787d1e24d049a6cd662a9f79433358c287ecf087c2d2", + "6916e5f854b557f379d37f689c565023e9b998ec33085f7db93c6c118e713856", + "476c6b55260a892b205eca31487a5c9df84972fcfa32e1579ad8cafc4e3ae412", + "261fa852470332ce18fee88de0ee43e701044a086a816e8e4c4fee5abd36feee", + "7c6c4b95a8f371197879242621a29b420020f499f2492b299e8f732aca2d9468", + "15dee18e595c7229866196fb35705cc11d156254302524d128c6de1091070752", + "1b0038caef373a183c07a3432a071d39a6cc6a1382a841176ba755d5f87093c1", + "043c264efa0f27d30ebff0d9c3c5239ec02ddf012bebf53740e9e9fa45278b88", + "56492e89b6d571e73f85bff04df71d7a120ea0db56e63282372f1e881aecec7c", + "1a8d546528102cd45980bce71b0159d8a8d50ad877219f2930f64010f3b10de2", + "61379474c1ffc0f3905676a35bbd7aeae723cafbd9d009e41e29105b058c12a5", + "3914cb2391b1f4dea8beb1310ad8804b9ab30218808f2fba1b21a7d398473d7c", + "07f6802aefceb7295163b85221c6edee87eb714f85e898f91b832fd427fcb840", + "1e86f351224a048a3e345984bab57e1573c78138af6593db20139cc35c907fe4" + ], + "mitre_attack_tags": [] + }, + { + "bi": "network-communications-http-post", + "hashes": [ + "623c5e18f10921e6142ff115a750285427aa8e0d5e22b01826a13004471a945e", + "0629056f7d4102a08a4b773253d62453445ee91cc17fa1650b40d1bbca216e81", + "4dacfeb76545ad7fd43c89145e504410c257dff11ef64f9bb7dc3d0543474e30", + "6e191847d61897640fd344288756f5d59ec407e2d82191a80ca61ac1fdcf5ea4", + "356a0c3ec22d725e81f8441e61551f112ec136502b533c3eb3ae707345c7d1de", + "792e03a293bd084dae4581bd0d0968771bab2260198ae9921d69208b9cdbe1f8", + "861a9fe61b65913d45bc9e70f9f0967b0a1d6b8f5e10ca36e64d11f340845a1c", + "47dfc9a17dcf98d70546463ee6744ccd866bb25dcc761a17f6fc80c658360a87", + "07265ea0a06d695ee7d9c432328fa03c9b094156ea4340d655a9bd004f1ec245", + "13dfcc67efbbd2fbab594ec2f166c3bd606daedbc84e0af9a85aa73e9c365e69", + "1f729fb1fd0057f77b71361c6d65d65c9e1634fe5522f0e2eb30d6856c885567", + "555eafa8932f34b79dde787d1e24d049a6cd662a9f79433358c287ecf087c2d2", + "6916e5f854b557f379d37f689c565023e9b998ec33085f7db93c6c118e713856", + "476c6b55260a892b205eca31487a5c9df84972fcfa32e1579ad8cafc4e3ae412", + "261fa852470332ce18fee88de0ee43e701044a086a816e8e4c4fee5abd36feee", + "7c6c4b95a8f371197879242621a29b420020f499f2492b299e8f732aca2d9468", + "15dee18e595c7229866196fb35705cc11d156254302524d128c6de1091070752", + "1b0038caef373a183c07a3432a071d39a6cc6a1382a841176ba755d5f87093c1", + "043c264efa0f27d30ebff0d9c3c5239ec02ddf012bebf53740e9e9fa45278b88", + "56492e89b6d571e73f85bff04df71d7a120ea0db56e63282372f1e881aecec7c", + "1a8d546528102cd45980bce71b0159d8a8d50ad877219f2930f64010f3b10de2", + "61379474c1ffc0f3905676a35bbd7aeae723cafbd9d009e41e29105b058c12a5", + "3914cb2391b1f4dea8beb1310ad8804b9ab30218808f2fba1b21a7d398473d7c", + "07f6802aefceb7295163b85221c6edee87eb714f85e898f91b832fd427fcb840", + "1e86f351224a048a3e345984bab57e1573c78138af6593db20139cc35c907fe4" + ], + "mitre_attack_tags": [ + "TA0011", + "TA0010", + "T1048" + ] + }, + { + "bi": "network-dns-malicious-snort", + "hashes": [ + "623c5e18f10921e6142ff115a750285427aa8e0d5e22b01826a13004471a945e", + "0629056f7d4102a08a4b773253d62453445ee91cc17fa1650b40d1bbca216e81", + "4dacfeb76545ad7fd43c89145e504410c257dff11ef64f9bb7dc3d0543474e30", + "6e191847d61897640fd344288756f5d59ec407e2d82191a80ca61ac1fdcf5ea4", + "356a0c3ec22d725e81f8441e61551f112ec136502b533c3eb3ae707345c7d1de", + "792e03a293bd084dae4581bd0d0968771bab2260198ae9921d69208b9cdbe1f8", + "861a9fe61b65913d45bc9e70f9f0967b0a1d6b8f5e10ca36e64d11f340845a1c", + "47dfc9a17dcf98d70546463ee6744ccd866bb25dcc761a17f6fc80c658360a87", + "07265ea0a06d695ee7d9c432328fa03c9b094156ea4340d655a9bd004f1ec245", + "13dfcc67efbbd2fbab594ec2f166c3bd606daedbc84e0af9a85aa73e9c365e69", + "1f729fb1fd0057f77b71361c6d65d65c9e1634fe5522f0e2eb30d6856c885567", + "555eafa8932f34b79dde787d1e24d049a6cd662a9f79433358c287ecf087c2d2", + "6916e5f854b557f379d37f689c565023e9b998ec33085f7db93c6c118e713856", + "476c6b55260a892b205eca31487a5c9df84972fcfa32e1579ad8cafc4e3ae412", + "261fa852470332ce18fee88de0ee43e701044a086a816e8e4c4fee5abd36feee", + "7c6c4b95a8f371197879242621a29b420020f499f2492b299e8f732aca2d9468", + "15dee18e595c7229866196fb35705cc11d156254302524d128c6de1091070752", + "1b0038caef373a183c07a3432a071d39a6cc6a1382a841176ba755d5f87093c1", + "043c264efa0f27d30ebff0d9c3c5239ec02ddf012bebf53740e9e9fa45278b88", + "56492e89b6d571e73f85bff04df71d7a120ea0db56e63282372f1e881aecec7c", + "1a8d546528102cd45980bce71b0159d8a8d50ad877219f2930f64010f3b10de2", + "61379474c1ffc0f3905676a35bbd7aeae723cafbd9d009e41e29105b058c12a5", + "3914cb2391b1f4dea8beb1310ad8804b9ab30218808f2fba1b21a7d398473d7c", + "07f6802aefceb7295163b85221c6edee87eb714f85e898f91b832fd427fcb840", + "1e86f351224a048a3e345984bab57e1573c78138af6593db20139cc35c907fe4" + ], + "mitre_attack_tags": [ + "TA0011" + ] + }, + { + "bi": "network-fast-flux-nameserver", + "hashes": [ + "623c5e18f10921e6142ff115a750285427aa8e0d5e22b01826a13004471a945e", + "0629056f7d4102a08a4b773253d62453445ee91cc17fa1650b40d1bbca216e81", + "4dacfeb76545ad7fd43c89145e504410c257dff11ef64f9bb7dc3d0543474e30", + "6e191847d61897640fd344288756f5d59ec407e2d82191a80ca61ac1fdcf5ea4", + "356a0c3ec22d725e81f8441e61551f112ec136502b533c3eb3ae707345c7d1de", + "792e03a293bd084dae4581bd0d0968771bab2260198ae9921d69208b9cdbe1f8", + "861a9fe61b65913d45bc9e70f9f0967b0a1d6b8f5e10ca36e64d11f340845a1c", + "47dfc9a17dcf98d70546463ee6744ccd866bb25dcc761a17f6fc80c658360a87", + "07265ea0a06d695ee7d9c432328fa03c9b094156ea4340d655a9bd004f1ec245", + "13dfcc67efbbd2fbab594ec2f166c3bd606daedbc84e0af9a85aa73e9c365e69", + "1f729fb1fd0057f77b71361c6d65d65c9e1634fe5522f0e2eb30d6856c885567", + "555eafa8932f34b79dde787d1e24d049a6cd662a9f79433358c287ecf087c2d2", + "6916e5f854b557f379d37f689c565023e9b998ec33085f7db93c6c118e713856", + "476c6b55260a892b205eca31487a5c9df84972fcfa32e1579ad8cafc4e3ae412", + "261fa852470332ce18fee88de0ee43e701044a086a816e8e4c4fee5abd36feee", + "7c6c4b95a8f371197879242621a29b420020f499f2492b299e8f732aca2d9468", + "15dee18e595c7229866196fb35705cc11d156254302524d128c6de1091070752", + "1b0038caef373a183c07a3432a071d39a6cc6a1382a841176ba755d5f87093c1", + "043c264efa0f27d30ebff0d9c3c5239ec02ddf012bebf53740e9e9fa45278b88", + "56492e89b6d571e73f85bff04df71d7a120ea0db56e63282372f1e881aecec7c", + "1a8d546528102cd45980bce71b0159d8a8d50ad877219f2930f64010f3b10de2", + "61379474c1ffc0f3905676a35bbd7aeae723cafbd9d009e41e29105b058c12a5", + "3914cb2391b1f4dea8beb1310ad8804b9ab30218808f2fba1b21a7d398473d7c", + "07f6802aefceb7295163b85221c6edee87eb714f85e898f91b832fd427fcb840", + "1e86f351224a048a3e345984bab57e1573c78138af6593db20139cc35c907fe4" + ], + "mitre_attack_tags": [] + }, + { + "bi": "dns-query-nxdomain", + "hashes": [ + "623c5e18f10921e6142ff115a750285427aa8e0d5e22b01826a13004471a945e", + "0629056f7d4102a08a4b773253d62453445ee91cc17fa1650b40d1bbca216e81", + "4dacfeb76545ad7fd43c89145e504410c257dff11ef64f9bb7dc3d0543474e30", + "6e191847d61897640fd344288756f5d59ec407e2d82191a80ca61ac1fdcf5ea4", + "356a0c3ec22d725e81f8441e61551f112ec136502b533c3eb3ae707345c7d1de", + "792e03a293bd084dae4581bd0d0968771bab2260198ae9921d69208b9cdbe1f8", + "861a9fe61b65913d45bc9e70f9f0967b0a1d6b8f5e10ca36e64d11f340845a1c", + "47dfc9a17dcf98d70546463ee6744ccd866bb25dcc761a17f6fc80c658360a87", + "07265ea0a06d695ee7d9c432328fa03c9b094156ea4340d655a9bd004f1ec245", + "13dfcc67efbbd2fbab594ec2f166c3bd606daedbc84e0af9a85aa73e9c365e69", + "1f729fb1fd0057f77b71361c6d65d65c9e1634fe5522f0e2eb30d6856c885567", + "555eafa8932f34b79dde787d1e24d049a6cd662a9f79433358c287ecf087c2d2", + "6916e5f854b557f379d37f689c565023e9b998ec33085f7db93c6c118e713856", + "476c6b55260a892b205eca31487a5c9df84972fcfa32e1579ad8cafc4e3ae412", + "261fa852470332ce18fee88de0ee43e701044a086a816e8e4c4fee5abd36feee", + "7c6c4b95a8f371197879242621a29b420020f499f2492b299e8f732aca2d9468", + "15dee18e595c7229866196fb35705cc11d156254302524d128c6de1091070752", + "1b0038caef373a183c07a3432a071d39a6cc6a1382a841176ba755d5f87093c1", + "043c264efa0f27d30ebff0d9c3c5239ec02ddf012bebf53740e9e9fa45278b88", + "56492e89b6d571e73f85bff04df71d7a120ea0db56e63282372f1e881aecec7c", + "1a8d546528102cd45980bce71b0159d8a8d50ad877219f2930f64010f3b10de2", + "61379474c1ffc0f3905676a35bbd7aeae723cafbd9d009e41e29105b058c12a5", + "3914cb2391b1f4dea8beb1310ad8804b9ab30218808f2fba1b21a7d398473d7c", + "07f6802aefceb7295163b85221c6edee87eb714f85e898f91b832fd427fcb840", + "1e86f351224a048a3e345984bab57e1573c78138af6593db20139cc35c907fe4" + ], + "mitre_attack_tags": [] + }, + { + "bi": "netbios-query", + "hashes": [ + "623c5e18f10921e6142ff115a750285427aa8e0d5e22b01826a13004471a945e", + "0629056f7d4102a08a4b773253d62453445ee91cc17fa1650b40d1bbca216e81", + "4dacfeb76545ad7fd43c89145e504410c257dff11ef64f9bb7dc3d0543474e30", + "6e191847d61897640fd344288756f5d59ec407e2d82191a80ca61ac1fdcf5ea4", + "356a0c3ec22d725e81f8441e61551f112ec136502b533c3eb3ae707345c7d1de", + "792e03a293bd084dae4581bd0d0968771bab2260198ae9921d69208b9cdbe1f8", + "861a9fe61b65913d45bc9e70f9f0967b0a1d6b8f5e10ca36e64d11f340845a1c", + "47dfc9a17dcf98d70546463ee6744ccd866bb25dcc761a17f6fc80c658360a87", + "07265ea0a06d695ee7d9c432328fa03c9b094156ea4340d655a9bd004f1ec245", + "13dfcc67efbbd2fbab594ec2f166c3bd606daedbc84e0af9a85aa73e9c365e69", + "1f729fb1fd0057f77b71361c6d65d65c9e1634fe5522f0e2eb30d6856c885567", + "555eafa8932f34b79dde787d1e24d049a6cd662a9f79433358c287ecf087c2d2", + "6916e5f854b557f379d37f689c565023e9b998ec33085f7db93c6c118e713856", + "476c6b55260a892b205eca31487a5c9df84972fcfa32e1579ad8cafc4e3ae412", + "261fa852470332ce18fee88de0ee43e701044a086a816e8e4c4fee5abd36feee", + "7c6c4b95a8f371197879242621a29b420020f499f2492b299e8f732aca2d9468", + "15dee18e595c7229866196fb35705cc11d156254302524d128c6de1091070752", + "1b0038caef373a183c07a3432a071d39a6cc6a1382a841176ba755d5f87093c1", + "043c264efa0f27d30ebff0d9c3c5239ec02ddf012bebf53740e9e9fa45278b88", + "56492e89b6d571e73f85bff04df71d7a120ea0db56e63282372f1e881aecec7c", + "1a8d546528102cd45980bce71b0159d8a8d50ad877219f2930f64010f3b10de2", + "61379474c1ffc0f3905676a35bbd7aeae723cafbd9d009e41e29105b058c12a5", + "3914cb2391b1f4dea8beb1310ad8804b9ab30218808f2fba1b21a7d398473d7c", + "07f6802aefceb7295163b85221c6edee87eb714f85e898f91b832fd427fcb840", + "1e86f351224a048a3e345984bab57e1573c78138af6593db20139cc35c907fe4" + ], + "mitre_attack_tags": [] + }, + { + "bi": "dns-excessive-domain-queries", + "hashes": [ + "623c5e18f10921e6142ff115a750285427aa8e0d5e22b01826a13004471a945e", + "0629056f7d4102a08a4b773253d62453445ee91cc17fa1650b40d1bbca216e81", + "4dacfeb76545ad7fd43c89145e504410c257dff11ef64f9bb7dc3d0543474e30", + "6e191847d61897640fd344288756f5d59ec407e2d82191a80ca61ac1fdcf5ea4", + "356a0c3ec22d725e81f8441e61551f112ec136502b533c3eb3ae707345c7d1de", + "792e03a293bd084dae4581bd0d0968771bab2260198ae9921d69208b9cdbe1f8", + "861a9fe61b65913d45bc9e70f9f0967b0a1d6b8f5e10ca36e64d11f340845a1c", + "47dfc9a17dcf98d70546463ee6744ccd866bb25dcc761a17f6fc80c658360a87", + "07265ea0a06d695ee7d9c432328fa03c9b094156ea4340d655a9bd004f1ec245", + "13dfcc67efbbd2fbab594ec2f166c3bd606daedbc84e0af9a85aa73e9c365e69", + "1f729fb1fd0057f77b71361c6d65d65c9e1634fe5522f0e2eb30d6856c885567", + "555eafa8932f34b79dde787d1e24d049a6cd662a9f79433358c287ecf087c2d2", + "6916e5f854b557f379d37f689c565023e9b998ec33085f7db93c6c118e713856", + "476c6b55260a892b205eca31487a5c9df84972fcfa32e1579ad8cafc4e3ae412", + "261fa852470332ce18fee88de0ee43e701044a086a816e8e4c4fee5abd36feee", + "7c6c4b95a8f371197879242621a29b420020f499f2492b299e8f732aca2d9468", + "15dee18e595c7229866196fb35705cc11d156254302524d128c6de1091070752", + "1b0038caef373a183c07a3432a071d39a6cc6a1382a841176ba755d5f87093c1", + "043c264efa0f27d30ebff0d9c3c5239ec02ddf012bebf53740e9e9fa45278b88", + "56492e89b6d571e73f85bff04df71d7a120ea0db56e63282372f1e881aecec7c", + "1a8d546528102cd45980bce71b0159d8a8d50ad877219f2930f64010f3b10de2", + "61379474c1ffc0f3905676a35bbd7aeae723cafbd9d009e41e29105b058c12a5", + "3914cb2391b1f4dea8beb1310ad8804b9ab30218808f2fba1b21a7d398473d7c", + "07f6802aefceb7295163b85221c6edee87eb714f85e898f91b832fd427fcb840", + "1e86f351224a048a3e345984bab57e1573c78138af6593db20139cc35c907fe4" + ], + "mitre_attack_tags": [ + "TA0011", + "T1008" + ] + }, + { + "bi": "excessive-dns-query-nxdomain", + "hashes": [ + "623c5e18f10921e6142ff115a750285427aa8e0d5e22b01826a13004471a945e", + "0629056f7d4102a08a4b773253d62453445ee91cc17fa1650b40d1bbca216e81", + "4dacfeb76545ad7fd43c89145e504410c257dff11ef64f9bb7dc3d0543474e30", + "6e191847d61897640fd344288756f5d59ec407e2d82191a80ca61ac1fdcf5ea4", + "356a0c3ec22d725e81f8441e61551f112ec136502b533c3eb3ae707345c7d1de", + "792e03a293bd084dae4581bd0d0968771bab2260198ae9921d69208b9cdbe1f8", + "861a9fe61b65913d45bc9e70f9f0967b0a1d6b8f5e10ca36e64d11f340845a1c", + "47dfc9a17dcf98d70546463ee6744ccd866bb25dcc761a17f6fc80c658360a87", + "07265ea0a06d695ee7d9c432328fa03c9b094156ea4340d655a9bd004f1ec245", + "13dfcc67efbbd2fbab594ec2f166c3bd606daedbc84e0af9a85aa73e9c365e69", + "1f729fb1fd0057f77b71361c6d65d65c9e1634fe5522f0e2eb30d6856c885567", + "555eafa8932f34b79dde787d1e24d049a6cd662a9f79433358c287ecf087c2d2", + "6916e5f854b557f379d37f689c565023e9b998ec33085f7db93c6c118e713856", + "476c6b55260a892b205eca31487a5c9df84972fcfa32e1579ad8cafc4e3ae412", + "261fa852470332ce18fee88de0ee43e701044a086a816e8e4c4fee5abd36feee", + "7c6c4b95a8f371197879242621a29b420020f499f2492b299e8f732aca2d9468", + "15dee18e595c7229866196fb35705cc11d156254302524d128c6de1091070752", + "1b0038caef373a183c07a3432a071d39a6cc6a1382a841176ba755d5f87093c1", + "043c264efa0f27d30ebff0d9c3c5239ec02ddf012bebf53740e9e9fa45278b88", + "56492e89b6d571e73f85bff04df71d7a120ea0db56e63282372f1e881aecec7c", + "1a8d546528102cd45980bce71b0159d8a8d50ad877219f2930f64010f3b10de2", + "61379474c1ffc0f3905676a35bbd7aeae723cafbd9d009e41e29105b058c12a5", + "3914cb2391b1f4dea8beb1310ad8804b9ab30218808f2fba1b21a7d398473d7c", + "07f6802aefceb7295163b85221c6edee87eb714f85e898f91b832fd427fcb840", + "1e86f351224a048a3e345984bab57e1573c78138af6593db20139cc35c907fe4" + ], + "mitre_attack_tags": [ + "TA0011", + "T1008" + ] + }, + { + "bi": "feed-domain-antivirus-service", + "hashes": [ + "623c5e18f10921e6142ff115a750285427aa8e0d5e22b01826a13004471a945e", + "0629056f7d4102a08a4b773253d62453445ee91cc17fa1650b40d1bbca216e81", + "4dacfeb76545ad7fd43c89145e504410c257dff11ef64f9bb7dc3d0543474e30", + "6e191847d61897640fd344288756f5d59ec407e2d82191a80ca61ac1fdcf5ea4", + "356a0c3ec22d725e81f8441e61551f112ec136502b533c3eb3ae707345c7d1de", + "792e03a293bd084dae4581bd0d0968771bab2260198ae9921d69208b9cdbe1f8", + "861a9fe61b65913d45bc9e70f9f0967b0a1d6b8f5e10ca36e64d11f340845a1c", + "47dfc9a17dcf98d70546463ee6744ccd866bb25dcc761a17f6fc80c658360a87", + "07265ea0a06d695ee7d9c432328fa03c9b094156ea4340d655a9bd004f1ec245", + "13dfcc67efbbd2fbab594ec2f166c3bd606daedbc84e0af9a85aa73e9c365e69", + "1f729fb1fd0057f77b71361c6d65d65c9e1634fe5522f0e2eb30d6856c885567", + "555eafa8932f34b79dde787d1e24d049a6cd662a9f79433358c287ecf087c2d2", + "6916e5f854b557f379d37f689c565023e9b998ec33085f7db93c6c118e713856", + "476c6b55260a892b205eca31487a5c9df84972fcfa32e1579ad8cafc4e3ae412", + "261fa852470332ce18fee88de0ee43e701044a086a816e8e4c4fee5abd36feee", + "7c6c4b95a8f371197879242621a29b420020f499f2492b299e8f732aca2d9468", + "15dee18e595c7229866196fb35705cc11d156254302524d128c6de1091070752", + "1b0038caef373a183c07a3432a071d39a6cc6a1382a841176ba755d5f87093c1", + "043c264efa0f27d30ebff0d9c3c5239ec02ddf012bebf53740e9e9fa45278b88", + "56492e89b6d571e73f85bff04df71d7a120ea0db56e63282372f1e881aecec7c", + "1a8d546528102cd45980bce71b0159d8a8d50ad877219f2930f64010f3b10de2", + "61379474c1ffc0f3905676a35bbd7aeae723cafbd9d009e41e29105b058c12a5", + "3914cb2391b1f4dea8beb1310ad8804b9ab30218808f2fba1b21a7d398473d7c", + "07f6802aefceb7295163b85221c6edee87eb714f85e898f91b832fd427fcb840", + "1e86f351224a048a3e345984bab57e1573c78138af6593db20139cc35c907fe4" + ], + "mitre_attack_tags": [] + }, + { + "bi": "http-response-client-error", + "hashes": [ + "623c5e18f10921e6142ff115a750285427aa8e0d5e22b01826a13004471a945e", + "0629056f7d4102a08a4b773253d62453445ee91cc17fa1650b40d1bbca216e81", + "4dacfeb76545ad7fd43c89145e504410c257dff11ef64f9bb7dc3d0543474e30", + "6e191847d61897640fd344288756f5d59ec407e2d82191a80ca61ac1fdcf5ea4", + "356a0c3ec22d725e81f8441e61551f112ec136502b533c3eb3ae707345c7d1de", + "792e03a293bd084dae4581bd0d0968771bab2260198ae9921d69208b9cdbe1f8", + "861a9fe61b65913d45bc9e70f9f0967b0a1d6b8f5e10ca36e64d11f340845a1c", + "47dfc9a17dcf98d70546463ee6744ccd866bb25dcc761a17f6fc80c658360a87", + "07265ea0a06d695ee7d9c432328fa03c9b094156ea4340d655a9bd004f1ec245", + "13dfcc67efbbd2fbab594ec2f166c3bd606daedbc84e0af9a85aa73e9c365e69", + "1f729fb1fd0057f77b71361c6d65d65c9e1634fe5522f0e2eb30d6856c885567", + "555eafa8932f34b79dde787d1e24d049a6cd662a9f79433358c287ecf087c2d2", + "6916e5f854b557f379d37f689c565023e9b998ec33085f7db93c6c118e713856", + "476c6b55260a892b205eca31487a5c9df84972fcfa32e1579ad8cafc4e3ae412", + "261fa852470332ce18fee88de0ee43e701044a086a816e8e4c4fee5abd36feee", + "7c6c4b95a8f371197879242621a29b420020f499f2492b299e8f732aca2d9468", + "15dee18e595c7229866196fb35705cc11d156254302524d128c6de1091070752", + "1b0038caef373a183c07a3432a071d39a6cc6a1382a841176ba755d5f87093c1", + "043c264efa0f27d30ebff0d9c3c5239ec02ddf012bebf53740e9e9fa45278b88", + "56492e89b6d571e73f85bff04df71d7a120ea0db56e63282372f1e881aecec7c", + "1a8d546528102cd45980bce71b0159d8a8d50ad877219f2930f64010f3b10de2", + "61379474c1ffc0f3905676a35bbd7aeae723cafbd9d009e41e29105b058c12a5", + "3914cb2391b1f4dea8beb1310ad8804b9ab30218808f2fba1b21a7d398473d7c", + "07f6802aefceb7295163b85221c6edee87eb714f85e898f91b832fd427fcb840", + "1e86f351224a048a3e345984bab57e1573c78138af6593db20139cc35c907fe4" + ], + "mitre_attack_tags": [] + }, + { + "bi": "network-snort-malware", + "hashes": [ + "623c5e18f10921e6142ff115a750285427aa8e0d5e22b01826a13004471a945e", + "0629056f7d4102a08a4b773253d62453445ee91cc17fa1650b40d1bbca216e81", + "4dacfeb76545ad7fd43c89145e504410c257dff11ef64f9bb7dc3d0543474e30", + "6e191847d61897640fd344288756f5d59ec407e2d82191a80ca61ac1fdcf5ea4", + "356a0c3ec22d725e81f8441e61551f112ec136502b533c3eb3ae707345c7d1de", + "792e03a293bd084dae4581bd0d0968771bab2260198ae9921d69208b9cdbe1f8", + "861a9fe61b65913d45bc9e70f9f0967b0a1d6b8f5e10ca36e64d11f340845a1c", + "47dfc9a17dcf98d70546463ee6744ccd866bb25dcc761a17f6fc80c658360a87", + "07265ea0a06d695ee7d9c432328fa03c9b094156ea4340d655a9bd004f1ec245", + "13dfcc67efbbd2fbab594ec2f166c3bd606daedbc84e0af9a85aa73e9c365e69", + "1f729fb1fd0057f77b71361c6d65d65c9e1634fe5522f0e2eb30d6856c885567", + "555eafa8932f34b79dde787d1e24d049a6cd662a9f79433358c287ecf087c2d2", + "6916e5f854b557f379d37f689c565023e9b998ec33085f7db93c6c118e713856", + "476c6b55260a892b205eca31487a5c9df84972fcfa32e1579ad8cafc4e3ae412", + "261fa852470332ce18fee88de0ee43e701044a086a816e8e4c4fee5abd36feee", + "7c6c4b95a8f371197879242621a29b420020f499f2492b299e8f732aca2d9468", + "15dee18e595c7229866196fb35705cc11d156254302524d128c6de1091070752", + "1b0038caef373a183c07a3432a071d39a6cc6a1382a841176ba755d5f87093c1", + "043c264efa0f27d30ebff0d9c3c5239ec02ddf012bebf53740e9e9fa45278b88", + "56492e89b6d571e73f85bff04df71d7a120ea0db56e63282372f1e881aecec7c", + "1a8d546528102cd45980bce71b0159d8a8d50ad877219f2930f64010f3b10de2", + "61379474c1ffc0f3905676a35bbd7aeae723cafbd9d009e41e29105b058c12a5", + "3914cb2391b1f4dea8beb1310ad8804b9ab30218808f2fba1b21a7d398473d7c", + "07f6802aefceb7295163b85221c6edee87eb714f85e898f91b832fd427fcb840", + "1e86f351224a048a3e345984bab57e1573c78138af6593db20139cc35c907fe4" + ], + "mitre_attack_tags": [] + }, + { + "bi": "registry-autorun-key-modified", + "hashes": [ + "623c5e18f10921e6142ff115a750285427aa8e0d5e22b01826a13004471a945e", + "0629056f7d4102a08a4b773253d62453445ee91cc17fa1650b40d1bbca216e81", + "4dacfeb76545ad7fd43c89145e504410c257dff11ef64f9bb7dc3d0543474e30", + "6e191847d61897640fd344288756f5d59ec407e2d82191a80ca61ac1fdcf5ea4", + "356a0c3ec22d725e81f8441e61551f112ec136502b533c3eb3ae707345c7d1de", + "792e03a293bd084dae4581bd0d0968771bab2260198ae9921d69208b9cdbe1f8", + "861a9fe61b65913d45bc9e70f9f0967b0a1d6b8f5e10ca36e64d11f340845a1c", + "47dfc9a17dcf98d70546463ee6744ccd866bb25dcc761a17f6fc80c658360a87", + "07265ea0a06d695ee7d9c432328fa03c9b094156ea4340d655a9bd004f1ec245", + "13dfcc67efbbd2fbab594ec2f166c3bd606daedbc84e0af9a85aa73e9c365e69", + "1f729fb1fd0057f77b71361c6d65d65c9e1634fe5522f0e2eb30d6856c885567", + "555eafa8932f34b79dde787d1e24d049a6cd662a9f79433358c287ecf087c2d2", + "6916e5f854b557f379d37f689c565023e9b998ec33085f7db93c6c118e713856", + "476c6b55260a892b205eca31487a5c9df84972fcfa32e1579ad8cafc4e3ae412", + "261fa852470332ce18fee88de0ee43e701044a086a816e8e4c4fee5abd36feee", + "7c6c4b95a8f371197879242621a29b420020f499f2492b299e8f732aca2d9468", + "15dee18e595c7229866196fb35705cc11d156254302524d128c6de1091070752", + "1b0038caef373a183c07a3432a071d39a6cc6a1382a841176ba755d5f87093c1", + "043c264efa0f27d30ebff0d9c3c5239ec02ddf012bebf53740e9e9fa45278b88", + "56492e89b6d571e73f85bff04df71d7a120ea0db56e63282372f1e881aecec7c", + "1a8d546528102cd45980bce71b0159d8a8d50ad877219f2930f64010f3b10de2", + "61379474c1ffc0f3905676a35bbd7aeae723cafbd9d009e41e29105b058c12a5", + "3914cb2391b1f4dea8beb1310ad8804b9ab30218808f2fba1b21a7d398473d7c", + "07f6802aefceb7295163b85221c6edee87eb714f85e898f91b832fd427fcb840", + "1e86f351224a048a3e345984bab57e1573c78138af6593db20139cc35c907fe4" + ], + "mitre_attack_tags": [ + "TA0003", + "T1060" + ] + }, + { + "bi": "network-dns-upload-file", + "hashes": [ + "623c5e18f10921e6142ff115a750285427aa8e0d5e22b01826a13004471a945e", + "0629056f7d4102a08a4b773253d62453445ee91cc17fa1650b40d1bbca216e81", + "4dacfeb76545ad7fd43c89145e504410c257dff11ef64f9bb7dc3d0543474e30", + "6e191847d61897640fd344288756f5d59ec407e2d82191a80ca61ac1fdcf5ea4", + "356a0c3ec22d725e81f8441e61551f112ec136502b533c3eb3ae707345c7d1de", + "792e03a293bd084dae4581bd0d0968771bab2260198ae9921d69208b9cdbe1f8", + "861a9fe61b65913d45bc9e70f9f0967b0a1d6b8f5e10ca36e64d11f340845a1c", + "47dfc9a17dcf98d70546463ee6744ccd866bb25dcc761a17f6fc80c658360a87", + "07265ea0a06d695ee7d9c432328fa03c9b094156ea4340d655a9bd004f1ec245", + "13dfcc67efbbd2fbab594ec2f166c3bd606daedbc84e0af9a85aa73e9c365e69", + "1f729fb1fd0057f77b71361c6d65d65c9e1634fe5522f0e2eb30d6856c885567", + "555eafa8932f34b79dde787d1e24d049a6cd662a9f79433358c287ecf087c2d2", + "6916e5f854b557f379d37f689c565023e9b998ec33085f7db93c6c118e713856", + "476c6b55260a892b205eca31487a5c9df84972fcfa32e1579ad8cafc4e3ae412", + "261fa852470332ce18fee88de0ee43e701044a086a816e8e4c4fee5abd36feee", + "7c6c4b95a8f371197879242621a29b420020f499f2492b299e8f732aca2d9468", + "15dee18e595c7229866196fb35705cc11d156254302524d128c6de1091070752", + "1b0038caef373a183c07a3432a071d39a6cc6a1382a841176ba755d5f87093c1", + "043c264efa0f27d30ebff0d9c3c5239ec02ddf012bebf53740e9e9fa45278b88", + "56492e89b6d571e73f85bff04df71d7a120ea0db56e63282372f1e881aecec7c", + "1a8d546528102cd45980bce71b0159d8a8d50ad877219f2930f64010f3b10de2", + "61379474c1ffc0f3905676a35bbd7aeae723cafbd9d009e41e29105b058c12a5", + "3914cb2391b1f4dea8beb1310ad8804b9ab30218808f2fba1b21a7d398473d7c", + "07f6802aefceb7295163b85221c6edee87eb714f85e898f91b832fd427fcb840", + "1e86f351224a048a3e345984bab57e1573c78138af6593db20139cc35c907fe4" + ], + "mitre_attack_tags": [] + }, + { + "bi": "url-not-found", + "hashes": [ + "623c5e18f10921e6142ff115a750285427aa8e0d5e22b01826a13004471a945e", + "0629056f7d4102a08a4b773253d62453445ee91cc17fa1650b40d1bbca216e81", + "4dacfeb76545ad7fd43c89145e504410c257dff11ef64f9bb7dc3d0543474e30", + "6e191847d61897640fd344288756f5d59ec407e2d82191a80ca61ac1fdcf5ea4", + "356a0c3ec22d725e81f8441e61551f112ec136502b533c3eb3ae707345c7d1de", + "792e03a293bd084dae4581bd0d0968771bab2260198ae9921d69208b9cdbe1f8", + "861a9fe61b65913d45bc9e70f9f0967b0a1d6b8f5e10ca36e64d11f340845a1c", + "47dfc9a17dcf98d70546463ee6744ccd866bb25dcc761a17f6fc80c658360a87", + "07265ea0a06d695ee7d9c432328fa03c9b094156ea4340d655a9bd004f1ec245", + "13dfcc67efbbd2fbab594ec2f166c3bd606daedbc84e0af9a85aa73e9c365e69", + "1f729fb1fd0057f77b71361c6d65d65c9e1634fe5522f0e2eb30d6856c885567", + "555eafa8932f34b79dde787d1e24d049a6cd662a9f79433358c287ecf087c2d2", + "6916e5f854b557f379d37f689c565023e9b998ec33085f7db93c6c118e713856", + "476c6b55260a892b205eca31487a5c9df84972fcfa32e1579ad8cafc4e3ae412", + "261fa852470332ce18fee88de0ee43e701044a086a816e8e4c4fee5abd36feee", + "7c6c4b95a8f371197879242621a29b420020f499f2492b299e8f732aca2d9468", + "15dee18e595c7229866196fb35705cc11d156254302524d128c6de1091070752", + "1b0038caef373a183c07a3432a071d39a6cc6a1382a841176ba755d5f87093c1", + "043c264efa0f27d30ebff0d9c3c5239ec02ddf012bebf53740e9e9fa45278b88", + "56492e89b6d571e73f85bff04df71d7a120ea0db56e63282372f1e881aecec7c", + "1a8d546528102cd45980bce71b0159d8a8d50ad877219f2930f64010f3b10de2", + "61379474c1ffc0f3905676a35bbd7aeae723cafbd9d009e41e29105b058c12a5", + "3914cb2391b1f4dea8beb1310ad8804b9ab30218808f2fba1b21a7d398473d7c", + "07f6802aefceb7295163b85221c6edee87eb714f85e898f91b832fd427fcb840", + "1e86f351224a048a3e345984bab57e1573c78138af6593db20139cc35c907fe4" + ], + "mitre_attack_tags": [] + }, + { + "bi": "imports-IsDebuggerPresent", + "hashes": [ + "623c5e18f10921e6142ff115a750285427aa8e0d5e22b01826a13004471a945e", + "0629056f7d4102a08a4b773253d62453445ee91cc17fa1650b40d1bbca216e81", + "4dacfeb76545ad7fd43c89145e504410c257dff11ef64f9bb7dc3d0543474e30", + "6e191847d61897640fd344288756f5d59ec407e2d82191a80ca61ac1fdcf5ea4", + "356a0c3ec22d725e81f8441e61551f112ec136502b533c3eb3ae707345c7d1de", + "792e03a293bd084dae4581bd0d0968771bab2260198ae9921d69208b9cdbe1f8", + "861a9fe61b65913d45bc9e70f9f0967b0a1d6b8f5e10ca36e64d11f340845a1c", + "47dfc9a17dcf98d70546463ee6744ccd866bb25dcc761a17f6fc80c658360a87", + "07265ea0a06d695ee7d9c432328fa03c9b094156ea4340d655a9bd004f1ec245", + "13dfcc67efbbd2fbab594ec2f166c3bd606daedbc84e0af9a85aa73e9c365e69", + "1f729fb1fd0057f77b71361c6d65d65c9e1634fe5522f0e2eb30d6856c885567", + "555eafa8932f34b79dde787d1e24d049a6cd662a9f79433358c287ecf087c2d2", + "6916e5f854b557f379d37f689c565023e9b998ec33085f7db93c6c118e713856", + "476c6b55260a892b205eca31487a5c9df84972fcfa32e1579ad8cafc4e3ae412", + "261fa852470332ce18fee88de0ee43e701044a086a816e8e4c4fee5abd36feee", + "7c6c4b95a8f371197879242621a29b420020f499f2492b299e8f732aca2d9468", + "15dee18e595c7229866196fb35705cc11d156254302524d128c6de1091070752", + "1b0038caef373a183c07a3432a071d39a6cc6a1382a841176ba755d5f87093c1", + "043c264efa0f27d30ebff0d9c3c5239ec02ddf012bebf53740e9e9fa45278b88", + "56492e89b6d571e73f85bff04df71d7a120ea0db56e63282372f1e881aecec7c", + "1a8d546528102cd45980bce71b0159d8a8d50ad877219f2930f64010f3b10de2", + "61379474c1ffc0f3905676a35bbd7aeae723cafbd9d009e41e29105b058c12a5", + "3914cb2391b1f4dea8beb1310ad8804b9ab30218808f2fba1b21a7d398473d7c", + "07f6802aefceb7295163b85221c6edee87eb714f85e898f91b832fd427fcb840", + "1e86f351224a048a3e345984bab57e1573c78138af6593db20139cc35c907fe4" + ], + "mitre_attack_tags": [] + }, + { + "bi": "registry-autorun-key-modified-nt", + "hashes": [ + "623c5e18f10921e6142ff115a750285427aa8e0d5e22b01826a13004471a945e", + "0629056f7d4102a08a4b773253d62453445ee91cc17fa1650b40d1bbca216e81", + "4dacfeb76545ad7fd43c89145e504410c257dff11ef64f9bb7dc3d0543474e30", + "6e191847d61897640fd344288756f5d59ec407e2d82191a80ca61ac1fdcf5ea4", + "356a0c3ec22d725e81f8441e61551f112ec136502b533c3eb3ae707345c7d1de", + "792e03a293bd084dae4581bd0d0968771bab2260198ae9921d69208b9cdbe1f8", + "861a9fe61b65913d45bc9e70f9f0967b0a1d6b8f5e10ca36e64d11f340845a1c", + "47dfc9a17dcf98d70546463ee6744ccd866bb25dcc761a17f6fc80c658360a87", + "07265ea0a06d695ee7d9c432328fa03c9b094156ea4340d655a9bd004f1ec245", + "13dfcc67efbbd2fbab594ec2f166c3bd606daedbc84e0af9a85aa73e9c365e69", + "1f729fb1fd0057f77b71361c6d65d65c9e1634fe5522f0e2eb30d6856c885567", + "555eafa8932f34b79dde787d1e24d049a6cd662a9f79433358c287ecf087c2d2", + "6916e5f854b557f379d37f689c565023e9b998ec33085f7db93c6c118e713856", + "476c6b55260a892b205eca31487a5c9df84972fcfa32e1579ad8cafc4e3ae412", + "261fa852470332ce18fee88de0ee43e701044a086a816e8e4c4fee5abd36feee", + "7c6c4b95a8f371197879242621a29b420020f499f2492b299e8f732aca2d9468", + "15dee18e595c7229866196fb35705cc11d156254302524d128c6de1091070752", + "1b0038caef373a183c07a3432a071d39a6cc6a1382a841176ba755d5f87093c1", + "043c264efa0f27d30ebff0d9c3c5239ec02ddf012bebf53740e9e9fa45278b88", + "56492e89b6d571e73f85bff04df71d7a120ea0db56e63282372f1e881aecec7c", + "1a8d546528102cd45980bce71b0159d8a8d50ad877219f2930f64010f3b10de2", + "61379474c1ffc0f3905676a35bbd7aeae723cafbd9d009e41e29105b058c12a5", + "3914cb2391b1f4dea8beb1310ad8804b9ab30218808f2fba1b21a7d398473d7c", + "07f6802aefceb7295163b85221c6edee87eb714f85e898f91b832fd427fcb840", + "1e86f351224a048a3e345984bab57e1573c78138af6593db20139cc35c907fe4" + ], + "mitre_attack_tags": [ + "TA0003", + "T1060" + ] + }, + { + "bi": "registry-winlogon-key-modified-nt", + "hashes": [ + "623c5e18f10921e6142ff115a750285427aa8e0d5e22b01826a13004471a945e", + "0629056f7d4102a08a4b773253d62453445ee91cc17fa1650b40d1bbca216e81", + "4dacfeb76545ad7fd43c89145e504410c257dff11ef64f9bb7dc3d0543474e30", + "6e191847d61897640fd344288756f5d59ec407e2d82191a80ca61ac1fdcf5ea4", + "356a0c3ec22d725e81f8441e61551f112ec136502b533c3eb3ae707345c7d1de", + "792e03a293bd084dae4581bd0d0968771bab2260198ae9921d69208b9cdbe1f8", + "861a9fe61b65913d45bc9e70f9f0967b0a1d6b8f5e10ca36e64d11f340845a1c", + "47dfc9a17dcf98d70546463ee6744ccd866bb25dcc761a17f6fc80c658360a87", + "07265ea0a06d695ee7d9c432328fa03c9b094156ea4340d655a9bd004f1ec245", + "13dfcc67efbbd2fbab594ec2f166c3bd606daedbc84e0af9a85aa73e9c365e69", + "1f729fb1fd0057f77b71361c6d65d65c9e1634fe5522f0e2eb30d6856c885567", + "555eafa8932f34b79dde787d1e24d049a6cd662a9f79433358c287ecf087c2d2", + "6916e5f854b557f379d37f689c565023e9b998ec33085f7db93c6c118e713856", + "476c6b55260a892b205eca31487a5c9df84972fcfa32e1579ad8cafc4e3ae412", + "261fa852470332ce18fee88de0ee43e701044a086a816e8e4c4fee5abd36feee", + "7c6c4b95a8f371197879242621a29b420020f499f2492b299e8f732aca2d9468", + "15dee18e595c7229866196fb35705cc11d156254302524d128c6de1091070752", + "1b0038caef373a183c07a3432a071d39a6cc6a1382a841176ba755d5f87093c1", + "043c264efa0f27d30ebff0d9c3c5239ec02ddf012bebf53740e9e9fa45278b88", + "56492e89b6d571e73f85bff04df71d7a120ea0db56e63282372f1e881aecec7c", + "1a8d546528102cd45980bce71b0159d8a8d50ad877219f2930f64010f3b10de2", + "61379474c1ffc0f3905676a35bbd7aeae723cafbd9d009e41e29105b058c12a5", + "3914cb2391b1f4dea8beb1310ad8804b9ab30218808f2fba1b21a7d398473d7c", + "07f6802aefceb7295163b85221c6edee87eb714f85e898f91b832fd427fcb840", + "1e86f351224a048a3e345984bab57e1573c78138af6593db20139cc35c907fe4" + ], + "mitre_attack_tags": [ + "TA0003", + "T1112" + ] + }, + { + "bi": "pe-imports-toolhelp", + "hashes": [ + "623c5e18f10921e6142ff115a750285427aa8e0d5e22b01826a13004471a945e", + "0629056f7d4102a08a4b773253d62453445ee91cc17fa1650b40d1bbca216e81", + "4dacfeb76545ad7fd43c89145e504410c257dff11ef64f9bb7dc3d0543474e30", + "6e191847d61897640fd344288756f5d59ec407e2d82191a80ca61ac1fdcf5ea4", + "356a0c3ec22d725e81f8441e61551f112ec136502b533c3eb3ae707345c7d1de", + "792e03a293bd084dae4581bd0d0968771bab2260198ae9921d69208b9cdbe1f8", + "861a9fe61b65913d45bc9e70f9f0967b0a1d6b8f5e10ca36e64d11f340845a1c", + "47dfc9a17dcf98d70546463ee6744ccd866bb25dcc761a17f6fc80c658360a87", + "07265ea0a06d695ee7d9c432328fa03c9b094156ea4340d655a9bd004f1ec245", + "13dfcc67efbbd2fbab594ec2f166c3bd606daedbc84e0af9a85aa73e9c365e69", + "1f729fb1fd0057f77b71361c6d65d65c9e1634fe5522f0e2eb30d6856c885567", + "555eafa8932f34b79dde787d1e24d049a6cd662a9f79433358c287ecf087c2d2", + "6916e5f854b557f379d37f689c565023e9b998ec33085f7db93c6c118e713856", + "476c6b55260a892b205eca31487a5c9df84972fcfa32e1579ad8cafc4e3ae412", + "261fa852470332ce18fee88de0ee43e701044a086a816e8e4c4fee5abd36feee", + "7c6c4b95a8f371197879242621a29b420020f499f2492b299e8f732aca2d9468", + "15dee18e595c7229866196fb35705cc11d156254302524d128c6de1091070752", + "1b0038caef373a183c07a3432a071d39a6cc6a1382a841176ba755d5f87093c1", + "043c264efa0f27d30ebff0d9c3c5239ec02ddf012bebf53740e9e9fa45278b88", + "56492e89b6d571e73f85bff04df71d7a120ea0db56e63282372f1e881aecec7c", + "1a8d546528102cd45980bce71b0159d8a8d50ad877219f2930f64010f3b10de2", + "61379474c1ffc0f3905676a35bbd7aeae723cafbd9d009e41e29105b058c12a5", + "3914cb2391b1f4dea8beb1310ad8804b9ab30218808f2fba1b21a7d398473d7c", + "07f6802aefceb7295163b85221c6edee87eb714f85e898f91b832fd427fcb840", + "1e86f351224a048a3e345984bab57e1573c78138af6593db20139cc35c907fe4" + ], + "mitre_attack_tags": [ + "TA0007", + "T1057" + ] + }, + { + "bi": "pe-header-timestamp-prior", + "hashes": [ + "623c5e18f10921e6142ff115a750285427aa8e0d5e22b01826a13004471a945e", + "0629056f7d4102a08a4b773253d62453445ee91cc17fa1650b40d1bbca216e81", + "4dacfeb76545ad7fd43c89145e504410c257dff11ef64f9bb7dc3d0543474e30", + "6e191847d61897640fd344288756f5d59ec407e2d82191a80ca61ac1fdcf5ea4", + "356a0c3ec22d725e81f8441e61551f112ec136502b533c3eb3ae707345c7d1de", + "792e03a293bd084dae4581bd0d0968771bab2260198ae9921d69208b9cdbe1f8", + "861a9fe61b65913d45bc9e70f9f0967b0a1d6b8f5e10ca36e64d11f340845a1c", + "47dfc9a17dcf98d70546463ee6744ccd866bb25dcc761a17f6fc80c658360a87", + "07265ea0a06d695ee7d9c432328fa03c9b094156ea4340d655a9bd004f1ec245", + "13dfcc67efbbd2fbab594ec2f166c3bd606daedbc84e0af9a85aa73e9c365e69", + "1f729fb1fd0057f77b71361c6d65d65c9e1634fe5522f0e2eb30d6856c885567", + "555eafa8932f34b79dde787d1e24d049a6cd662a9f79433358c287ecf087c2d2", + "6916e5f854b557f379d37f689c565023e9b998ec33085f7db93c6c118e713856", + "476c6b55260a892b205eca31487a5c9df84972fcfa32e1579ad8cafc4e3ae412", + "261fa852470332ce18fee88de0ee43e701044a086a816e8e4c4fee5abd36feee", + "7c6c4b95a8f371197879242621a29b420020f499f2492b299e8f732aca2d9468", + "15dee18e595c7229866196fb35705cc11d156254302524d128c6de1091070752", + "1b0038caef373a183c07a3432a071d39a6cc6a1382a841176ba755d5f87093c1", + "043c264efa0f27d30ebff0d9c3c5239ec02ddf012bebf53740e9e9fa45278b88", + "56492e89b6d571e73f85bff04df71d7a120ea0db56e63282372f1e881aecec7c", + "1a8d546528102cd45980bce71b0159d8a8d50ad877219f2930f64010f3b10de2", + "61379474c1ffc0f3905676a35bbd7aeae723cafbd9d009e41e29105b058c12a5", + "3914cb2391b1f4dea8beb1310ad8804b9ab30218808f2fba1b21a7d398473d7c", + "07f6802aefceb7295163b85221c6edee87eb714f85e898f91b832fd427fcb840", + "1e86f351224a048a3e345984bab57e1573c78138af6593db20139cc35c907fe4" + ], + "mitre_attack_tags": [] + }, + { + "bi": "malware-shiz-mutex-detected", + "hashes": [ + "623c5e18f10921e6142ff115a750285427aa8e0d5e22b01826a13004471a945e", + "0629056f7d4102a08a4b773253d62453445ee91cc17fa1650b40d1bbca216e81", + "4dacfeb76545ad7fd43c89145e504410c257dff11ef64f9bb7dc3d0543474e30", + "6e191847d61897640fd344288756f5d59ec407e2d82191a80ca61ac1fdcf5ea4", + "356a0c3ec22d725e81f8441e61551f112ec136502b533c3eb3ae707345c7d1de", + "792e03a293bd084dae4581bd0d0968771bab2260198ae9921d69208b9cdbe1f8", + "861a9fe61b65913d45bc9e70f9f0967b0a1d6b8f5e10ca36e64d11f340845a1c", + "47dfc9a17dcf98d70546463ee6744ccd866bb25dcc761a17f6fc80c658360a87", + "07265ea0a06d695ee7d9c432328fa03c9b094156ea4340d655a9bd004f1ec245", + "13dfcc67efbbd2fbab594ec2f166c3bd606daedbc84e0af9a85aa73e9c365e69", + "1f729fb1fd0057f77b71361c6d65d65c9e1634fe5522f0e2eb30d6856c885567", + "555eafa8932f34b79dde787d1e24d049a6cd662a9f79433358c287ecf087c2d2", + "6916e5f854b557f379d37f689c565023e9b998ec33085f7db93c6c118e713856", + "476c6b55260a892b205eca31487a5c9df84972fcfa32e1579ad8cafc4e3ae412", + "261fa852470332ce18fee88de0ee43e701044a086a816e8e4c4fee5abd36feee", + "7c6c4b95a8f371197879242621a29b420020f499f2492b299e8f732aca2d9468", + "15dee18e595c7229866196fb35705cc11d156254302524d128c6de1091070752", + "1b0038caef373a183c07a3432a071d39a6cc6a1382a841176ba755d5f87093c1", + "043c264efa0f27d30ebff0d9c3c5239ec02ddf012bebf53740e9e9fa45278b88", + "56492e89b6d571e73f85bff04df71d7a120ea0db56e63282372f1e881aecec7c", + "1a8d546528102cd45980bce71b0159d8a8d50ad877219f2930f64010f3b10de2", + "61379474c1ffc0f3905676a35bbd7aeae723cafbd9d009e41e29105b058c12a5", + "3914cb2391b1f4dea8beb1310ad8804b9ab30218808f2fba1b21a7d398473d7c", + "07f6802aefceb7295163b85221c6edee87eb714f85e898f91b832fd427fcb840", + "1e86f351224a048a3e345984bab57e1573c78138af6593db20139cc35c907fe4" + ], + "mitre_attack_tags": [] + }, + { + "bi": "html-small-file-redirect", + "hashes": [ + "623c5e18f10921e6142ff115a750285427aa8e0d5e22b01826a13004471a945e", + "0629056f7d4102a08a4b773253d62453445ee91cc17fa1650b40d1bbca216e81", + "4dacfeb76545ad7fd43c89145e504410c257dff11ef64f9bb7dc3d0543474e30", + "6e191847d61897640fd344288756f5d59ec407e2d82191a80ca61ac1fdcf5ea4", + "356a0c3ec22d725e81f8441e61551f112ec136502b533c3eb3ae707345c7d1de", + "792e03a293bd084dae4581bd0d0968771bab2260198ae9921d69208b9cdbe1f8", + "861a9fe61b65913d45bc9e70f9f0967b0a1d6b8f5e10ca36e64d11f340845a1c", + "47dfc9a17dcf98d70546463ee6744ccd866bb25dcc761a17f6fc80c658360a87", + "07265ea0a06d695ee7d9c432328fa03c9b094156ea4340d655a9bd004f1ec245", + "13dfcc67efbbd2fbab594ec2f166c3bd606daedbc84e0af9a85aa73e9c365e69", + "1f729fb1fd0057f77b71361c6d65d65c9e1634fe5522f0e2eb30d6856c885567", + "555eafa8932f34b79dde787d1e24d049a6cd662a9f79433358c287ecf087c2d2", + "6916e5f854b557f379d37f689c565023e9b998ec33085f7db93c6c118e713856", + "476c6b55260a892b205eca31487a5c9df84972fcfa32e1579ad8cafc4e3ae412", + "261fa852470332ce18fee88de0ee43e701044a086a816e8e4c4fee5abd36feee", + "7c6c4b95a8f371197879242621a29b420020f499f2492b299e8f732aca2d9468", + "15dee18e595c7229866196fb35705cc11d156254302524d128c6de1091070752", + "1b0038caef373a183c07a3432a071d39a6cc6a1382a841176ba755d5f87093c1", + "043c264efa0f27d30ebff0d9c3c5239ec02ddf012bebf53740e9e9fa45278b88", + "56492e89b6d571e73f85bff04df71d7a120ea0db56e63282372f1e881aecec7c", + "1a8d546528102cd45980bce71b0159d8a8d50ad877219f2930f64010f3b10de2", + "61379474c1ffc0f3905676a35bbd7aeae723cafbd9d009e41e29105b058c12a5", + "3914cb2391b1f4dea8beb1310ad8804b9ab30218808f2fba1b21a7d398473d7c", + "07f6802aefceb7295163b85221c6edee87eb714f85e898f91b832fd427fcb840", + "1e86f351224a048a3e345984bab57e1573c78138af6593db20139cc35c907fe4" + ], + "mitre_attack_tags": [] + } + ], + "category": "Packed", + "coverage": { + "AMP": true, + "CWS": true, + "Cloudlock": false, + "Email Security": true, + "Network Security": true, + "Threat Grid": true, + "Umbrella": true, + "WSA": true + }, + "description": "Shiz is a remote access trojan that allows an attacker to access an infected machine in order to harvest sensitive information. It is commonly spread via droppers or by visiting a malicious site.", + "hashes": [ + "043c264efa0f27d30ebff0d9c3c5239ec02ddf012bebf53740e9e9fa45278b88", + "0629056f7d4102a08a4b773253d62453445ee91cc17fa1650b40d1bbca216e81", + "07265ea0a06d695ee7d9c432328fa03c9b094156ea4340d655a9bd004f1ec245", + "07f6802aefceb7295163b85221c6edee87eb714f85e898f91b832fd427fcb840", + "13dfcc67efbbd2fbab594ec2f166c3bd606daedbc84e0af9a85aa73e9c365e69", + "15dee18e595c7229866196fb35705cc11d156254302524d128c6de1091070752", + "1a8d546528102cd45980bce71b0159d8a8d50ad877219f2930f64010f3b10de2", + "1b0038caef373a183c07a3432a071d39a6cc6a1382a841176ba755d5f87093c1", + "1e86f351224a048a3e345984bab57e1573c78138af6593db20139cc35c907fe4", + "1f729fb1fd0057f77b71361c6d65d65c9e1634fe5522f0e2eb30d6856c885567", + "261fa852470332ce18fee88de0ee43e701044a086a816e8e4c4fee5abd36feee", + "356a0c3ec22d725e81f8441e61551f112ec136502b533c3eb3ae707345c7d1de", + "3914cb2391b1f4dea8beb1310ad8804b9ab30218808f2fba1b21a7d398473d7c", + "476c6b55260a892b205eca31487a5c9df84972fcfa32e1579ad8cafc4e3ae412", + "47dfc9a17dcf98d70546463ee6744ccd866bb25dcc761a17f6fc80c658360a87", + "4dacfeb76545ad7fd43c89145e504410c257dff11ef64f9bb7dc3d0543474e30", + "555eafa8932f34b79dde787d1e24d049a6cd662a9f79433358c287ecf087c2d2", + "56492e89b6d571e73f85bff04df71d7a120ea0db56e63282372f1e881aecec7c", + "61379474c1ffc0f3905676a35bbd7aeae723cafbd9d009e41e29105b058c12a5", + "623c5e18f10921e6142ff115a750285427aa8e0d5e22b01826a13004471a945e", + "6916e5f854b557f379d37f689c565023e9b998ec33085f7db93c6c118e713856", + "6e191847d61897640fd344288756f5d59ec407e2d82191a80ca61ac1fdcf5ea4", + "792e03a293bd084dae4581bd0d0968771bab2260198ae9921d69208b9cdbe1f8", + "7c6c4b95a8f371197879242621a29b420020f499f2492b299e8f732aca2d9468", + "861a9fe61b65913d45bc9e70f9f0967b0a1d6b8f5e10ca36e64d11f340845a1c", + "8a0e095662f72ef3ae59b5f5df7936c865831f4acf193ae1609ed4841fbf78ef", + "8ffb956b1174a711a18eb69b3da0b062eb5b1bf3e8e1c8b7f63b0e55e86c9560", + "a8523720f8ae02d4a39c7cd6eb480faed4dbf2d4bf1265f4014772261f066420", + "b0cd87a6aeeae56b0da7e587df4bc78c959ad721b4d1bc61db27fd568a23742e", + "b1d751a575ffb8207ad45e9ae4c8c52c2f9246ca4378002822158a86b84aae69", + "b2658ede9c454cc93e70ea05025f35c2e5557f1359e8c165e08b1d71155193b4", + "b74af0738f30244cf66da4a9d69dfc2c5412d6e08bd634458e112652cac1a73e", + "b9d220e2a57f3e58589090250377353f4215966ea88597ebdb7bce4f0b1bc5ee", + "ba66119d5c2d340662f2ccaaff74da09e3d15573433296565a26383efb77d8a7", + "c157e1c093c7c4cbe2d4431db326dcce5ea4f8f96847bf1c15eb3a0cb1b650a9", + "c1976ea4840648c135b720f34c2e4e605f7a2c7cc05ca2385a314f42ffd6f234", + "c7db1d62e8daa13576120cc2546ae2d1935363584b953f4ce1f8ae5bbf60e53b", + "cc947c275f36efa4f62af62c36e82cd75926a44f305b51540456ef6c32fa17f8", + "d0a114c446b41e490e6d44e4a1cbd88252cfa126685f0b5033e52b1f537b3ee6", + "d18e09bc3532f32fd4b7256e1e88f83357d625198f0f4414a894eceaa90d901c", + "d5450b35130d18cafbb2187c70af4cf2b637aa661bf9a84198a96e0f0e1233dc", + "dcca04da793e171e4763c1b8e9cddca1f7cf459da0616db70df0c63389a05682", + "dce3981d00ded810f40d295a27c52a2ac4cd03ebd9b83bd4e540d82808fb9a17", + "de37285a217e06900ac7d6ef4af004ef38acd071f662c25fe0055c00c39c4551", + "ee0e58d0e41f0af236808468abf270fb7ec5baa113d6a2282722c99805ab3c3e", + "f538484469ab7a4d98fe83de2676c2bc9c286d591e5859800fa31aff9121d1e7", + "ff19a365f2692108d154dbf82bc278b6cb86996730c563eb8db6a0e5500e4e4a" + ], + "iocs": { + "domain": [ + { + "hashes": [ + "043c264efa0f27d30ebff0d9c3c5239ec02ddf012bebf53740e9e9fa45278b88", + "0629056f7d4102a08a4b773253d62453445ee91cc17fa1650b40d1bbca216e81", + "07265ea0a06d695ee7d9c432328fa03c9b094156ea4340d655a9bd004f1ec245", + "07f6802aefceb7295163b85221c6edee87eb714f85e898f91b832fd427fcb840", + "13dfcc67efbbd2fbab594ec2f166c3bd606daedbc84e0af9a85aa73e9c365e69", + "15dee18e595c7229866196fb35705cc11d156254302524d128c6de1091070752", + "1a8d546528102cd45980bce71b0159d8a8d50ad877219f2930f64010f3b10de2", + "1b0038caef373a183c07a3432a071d39a6cc6a1382a841176ba755d5f87093c1", + "1e86f351224a048a3e345984bab57e1573c78138af6593db20139cc35c907fe4", + "1f729fb1fd0057f77b71361c6d65d65c9e1634fe5522f0e2eb30d6856c885567", + "261fa852470332ce18fee88de0ee43e701044a086a816e8e4c4fee5abd36feee", + "356a0c3ec22d725e81f8441e61551f112ec136502b533c3eb3ae707345c7d1de", + "3914cb2391b1f4dea8beb1310ad8804b9ab30218808f2fba1b21a7d398473d7c", + "476c6b55260a892b205eca31487a5c9df84972fcfa32e1579ad8cafc4e3ae412", + "47dfc9a17dcf98d70546463ee6744ccd866bb25dcc761a17f6fc80c658360a87", + "4dacfeb76545ad7fd43c89145e504410c257dff11ef64f9bb7dc3d0543474e30", + "555eafa8932f34b79dde787d1e24d049a6cd662a9f79433358c287ecf087c2d2", + "56492e89b6d571e73f85bff04df71d7a120ea0db56e63282372f1e881aecec7c", + "61379474c1ffc0f3905676a35bbd7aeae723cafbd9d009e41e29105b058c12a5", + "623c5e18f10921e6142ff115a750285427aa8e0d5e22b01826a13004471a945e", + "6916e5f854b557f379d37f689c565023e9b998ec33085f7db93c6c118e713856", + "6e191847d61897640fd344288756f5d59ec407e2d82191a80ca61ac1fdcf5ea4", + "792e03a293bd084dae4581bd0d0968771bab2260198ae9921d69208b9cdbe1f8", + "7c6c4b95a8f371197879242621a29b420020f499f2492b299e8f732aca2d9468", + "861a9fe61b65913d45bc9e70f9f0967b0a1d6b8f5e10ca36e64d11f340845a1c" + ], + "host": "xuboninogyt[.]eu" + }, + { + "hashes": [ + "043c264efa0f27d30ebff0d9c3c5239ec02ddf012bebf53740e9e9fa45278b88", + "0629056f7d4102a08a4b773253d62453445ee91cc17fa1650b40d1bbca216e81", + "07265ea0a06d695ee7d9c432328fa03c9b094156ea4340d655a9bd004f1ec245", + "07f6802aefceb7295163b85221c6edee87eb714f85e898f91b832fd427fcb840", + "13dfcc67efbbd2fbab594ec2f166c3bd606daedbc84e0af9a85aa73e9c365e69", + "15dee18e595c7229866196fb35705cc11d156254302524d128c6de1091070752", + "1a8d546528102cd45980bce71b0159d8a8d50ad877219f2930f64010f3b10de2", + "1b0038caef373a183c07a3432a071d39a6cc6a1382a841176ba755d5f87093c1", + "1e86f351224a048a3e345984bab57e1573c78138af6593db20139cc35c907fe4", + "1f729fb1fd0057f77b71361c6d65d65c9e1634fe5522f0e2eb30d6856c885567", + "261fa852470332ce18fee88de0ee43e701044a086a816e8e4c4fee5abd36feee", + "356a0c3ec22d725e81f8441e61551f112ec136502b533c3eb3ae707345c7d1de", + "3914cb2391b1f4dea8beb1310ad8804b9ab30218808f2fba1b21a7d398473d7c", + "476c6b55260a892b205eca31487a5c9df84972fcfa32e1579ad8cafc4e3ae412", + "47dfc9a17dcf98d70546463ee6744ccd866bb25dcc761a17f6fc80c658360a87", + "4dacfeb76545ad7fd43c89145e504410c257dff11ef64f9bb7dc3d0543474e30", + "555eafa8932f34b79dde787d1e24d049a6cd662a9f79433358c287ecf087c2d2", + "56492e89b6d571e73f85bff04df71d7a120ea0db56e63282372f1e881aecec7c", + "61379474c1ffc0f3905676a35bbd7aeae723cafbd9d009e41e29105b058c12a5", + "623c5e18f10921e6142ff115a750285427aa8e0d5e22b01826a13004471a945e", + "6916e5f854b557f379d37f689c565023e9b998ec33085f7db93c6c118e713856", + "6e191847d61897640fd344288756f5d59ec407e2d82191a80ca61ac1fdcf5ea4", + "792e03a293bd084dae4581bd0d0968771bab2260198ae9921d69208b9cdbe1f8", + "7c6c4b95a8f371197879242621a29b420020f499f2492b299e8f732aca2d9468", + "861a9fe61b65913d45bc9e70f9f0967b0a1d6b8f5e10ca36e64d11f340845a1c" + ], + "host": "tufamugevih[.]eu" + }, + { + "hashes": [ + "043c264efa0f27d30ebff0d9c3c5239ec02ddf012bebf53740e9e9fa45278b88", + "0629056f7d4102a08a4b773253d62453445ee91cc17fa1650b40d1bbca216e81", + "07265ea0a06d695ee7d9c432328fa03c9b094156ea4340d655a9bd004f1ec245", + "07f6802aefceb7295163b85221c6edee87eb714f85e898f91b832fd427fcb840", + "13dfcc67efbbd2fbab594ec2f166c3bd606daedbc84e0af9a85aa73e9c365e69", + "15dee18e595c7229866196fb35705cc11d156254302524d128c6de1091070752", + "1a8d546528102cd45980bce71b0159d8a8d50ad877219f2930f64010f3b10de2", + "1b0038caef373a183c07a3432a071d39a6cc6a1382a841176ba755d5f87093c1", + "1e86f351224a048a3e345984bab57e1573c78138af6593db20139cc35c907fe4", + "1f729fb1fd0057f77b71361c6d65d65c9e1634fe5522f0e2eb30d6856c885567", + "261fa852470332ce18fee88de0ee43e701044a086a816e8e4c4fee5abd36feee", + "356a0c3ec22d725e81f8441e61551f112ec136502b533c3eb3ae707345c7d1de", + "3914cb2391b1f4dea8beb1310ad8804b9ab30218808f2fba1b21a7d398473d7c", + "476c6b55260a892b205eca31487a5c9df84972fcfa32e1579ad8cafc4e3ae412", + "47dfc9a17dcf98d70546463ee6744ccd866bb25dcc761a17f6fc80c658360a87", + "4dacfeb76545ad7fd43c89145e504410c257dff11ef64f9bb7dc3d0543474e30", + "555eafa8932f34b79dde787d1e24d049a6cd662a9f79433358c287ecf087c2d2", + "56492e89b6d571e73f85bff04df71d7a120ea0db56e63282372f1e881aecec7c", + "61379474c1ffc0f3905676a35bbd7aeae723cafbd9d009e41e29105b058c12a5", + "623c5e18f10921e6142ff115a750285427aa8e0d5e22b01826a13004471a945e", + "6916e5f854b557f379d37f689c565023e9b998ec33085f7db93c6c118e713856", + "6e191847d61897640fd344288756f5d59ec407e2d82191a80ca61ac1fdcf5ea4", + "792e03a293bd084dae4581bd0d0968771bab2260198ae9921d69208b9cdbe1f8", + "7c6c4b95a8f371197879242621a29b420020f499f2492b299e8f732aca2d9468", + "861a9fe61b65913d45bc9e70f9f0967b0a1d6b8f5e10ca36e64d11f340845a1c" + ], + "host": "xudevunymex[.]eu" + }, + { + "hashes": [ + "043c264efa0f27d30ebff0d9c3c5239ec02ddf012bebf53740e9e9fa45278b88", + "0629056f7d4102a08a4b773253d62453445ee91cc17fa1650b40d1bbca216e81", + "07265ea0a06d695ee7d9c432328fa03c9b094156ea4340d655a9bd004f1ec245", + "07f6802aefceb7295163b85221c6edee87eb714f85e898f91b832fd427fcb840", + "13dfcc67efbbd2fbab594ec2f166c3bd606daedbc84e0af9a85aa73e9c365e69", + "15dee18e595c7229866196fb35705cc11d156254302524d128c6de1091070752", + "1a8d546528102cd45980bce71b0159d8a8d50ad877219f2930f64010f3b10de2", + "1b0038caef373a183c07a3432a071d39a6cc6a1382a841176ba755d5f87093c1", + "1e86f351224a048a3e345984bab57e1573c78138af6593db20139cc35c907fe4", + "1f729fb1fd0057f77b71361c6d65d65c9e1634fe5522f0e2eb30d6856c885567", + "261fa852470332ce18fee88de0ee43e701044a086a816e8e4c4fee5abd36feee", + "356a0c3ec22d725e81f8441e61551f112ec136502b533c3eb3ae707345c7d1de", + "3914cb2391b1f4dea8beb1310ad8804b9ab30218808f2fba1b21a7d398473d7c", + "476c6b55260a892b205eca31487a5c9df84972fcfa32e1579ad8cafc4e3ae412", + "47dfc9a17dcf98d70546463ee6744ccd866bb25dcc761a17f6fc80c658360a87", + "4dacfeb76545ad7fd43c89145e504410c257dff11ef64f9bb7dc3d0543474e30", + "555eafa8932f34b79dde787d1e24d049a6cd662a9f79433358c287ecf087c2d2", + "56492e89b6d571e73f85bff04df71d7a120ea0db56e63282372f1e881aecec7c", + "61379474c1ffc0f3905676a35bbd7aeae723cafbd9d009e41e29105b058c12a5", + "623c5e18f10921e6142ff115a750285427aa8e0d5e22b01826a13004471a945e", + "6916e5f854b557f379d37f689c565023e9b998ec33085f7db93c6c118e713856", + "6e191847d61897640fd344288756f5d59ec407e2d82191a80ca61ac1fdcf5ea4", + "792e03a293bd084dae4581bd0d0968771bab2260198ae9921d69208b9cdbe1f8", + "7c6c4b95a8f371197879242621a29b420020f499f2492b299e8f732aca2d9468", + "861a9fe61b65913d45bc9e70f9f0967b0a1d6b8f5e10ca36e64d11f340845a1c" + ], + "host": "qeguxylevus[.]eu" + }, + { + "hashes": [ + "043c264efa0f27d30ebff0d9c3c5239ec02ddf012bebf53740e9e9fa45278b88", + "0629056f7d4102a08a4b773253d62453445ee91cc17fa1650b40d1bbca216e81", + "07265ea0a06d695ee7d9c432328fa03c9b094156ea4340d655a9bd004f1ec245", + "07f6802aefceb7295163b85221c6edee87eb714f85e898f91b832fd427fcb840", + "13dfcc67efbbd2fbab594ec2f166c3bd606daedbc84e0af9a85aa73e9c365e69", + "15dee18e595c7229866196fb35705cc11d156254302524d128c6de1091070752", + "1a8d546528102cd45980bce71b0159d8a8d50ad877219f2930f64010f3b10de2", + "1b0038caef373a183c07a3432a071d39a6cc6a1382a841176ba755d5f87093c1", + "1e86f351224a048a3e345984bab57e1573c78138af6593db20139cc35c907fe4", + "1f729fb1fd0057f77b71361c6d65d65c9e1634fe5522f0e2eb30d6856c885567", + "261fa852470332ce18fee88de0ee43e701044a086a816e8e4c4fee5abd36feee", + "356a0c3ec22d725e81f8441e61551f112ec136502b533c3eb3ae707345c7d1de", + "3914cb2391b1f4dea8beb1310ad8804b9ab30218808f2fba1b21a7d398473d7c", + "476c6b55260a892b205eca31487a5c9df84972fcfa32e1579ad8cafc4e3ae412", + "47dfc9a17dcf98d70546463ee6744ccd866bb25dcc761a17f6fc80c658360a87", + "4dacfeb76545ad7fd43c89145e504410c257dff11ef64f9bb7dc3d0543474e30", + "555eafa8932f34b79dde787d1e24d049a6cd662a9f79433358c287ecf087c2d2", + "56492e89b6d571e73f85bff04df71d7a120ea0db56e63282372f1e881aecec7c", + "61379474c1ffc0f3905676a35bbd7aeae723cafbd9d009e41e29105b058c12a5", + "623c5e18f10921e6142ff115a750285427aa8e0d5e22b01826a13004471a945e", + "6916e5f854b557f379d37f689c565023e9b998ec33085f7db93c6c118e713856", + "6e191847d61897640fd344288756f5d59ec407e2d82191a80ca61ac1fdcf5ea4", + "792e03a293bd084dae4581bd0d0968771bab2260198ae9921d69208b9cdbe1f8", + "7c6c4b95a8f371197879242621a29b420020f499f2492b299e8f732aca2d9468", + "861a9fe61b65913d45bc9e70f9f0967b0a1d6b8f5e10ca36e64d11f340845a1c" + ], + "host": "vopycyfutoc[.]eu" + }, + { + "hashes": [ + "043c264efa0f27d30ebff0d9c3c5239ec02ddf012bebf53740e9e9fa45278b88", + "0629056f7d4102a08a4b773253d62453445ee91cc17fa1650b40d1bbca216e81", + "07265ea0a06d695ee7d9c432328fa03c9b094156ea4340d655a9bd004f1ec245", + "07f6802aefceb7295163b85221c6edee87eb714f85e898f91b832fd427fcb840", + "13dfcc67efbbd2fbab594ec2f166c3bd606daedbc84e0af9a85aa73e9c365e69", + "15dee18e595c7229866196fb35705cc11d156254302524d128c6de1091070752", + "1a8d546528102cd45980bce71b0159d8a8d50ad877219f2930f64010f3b10de2", + "1b0038caef373a183c07a3432a071d39a6cc6a1382a841176ba755d5f87093c1", + "1e86f351224a048a3e345984bab57e1573c78138af6593db20139cc35c907fe4", + "1f729fb1fd0057f77b71361c6d65d65c9e1634fe5522f0e2eb30d6856c885567", + "261fa852470332ce18fee88de0ee43e701044a086a816e8e4c4fee5abd36feee", + "356a0c3ec22d725e81f8441e61551f112ec136502b533c3eb3ae707345c7d1de", + "3914cb2391b1f4dea8beb1310ad8804b9ab30218808f2fba1b21a7d398473d7c", + "476c6b55260a892b205eca31487a5c9df84972fcfa32e1579ad8cafc4e3ae412", + "47dfc9a17dcf98d70546463ee6744ccd866bb25dcc761a17f6fc80c658360a87", + "4dacfeb76545ad7fd43c89145e504410c257dff11ef64f9bb7dc3d0543474e30", + "555eafa8932f34b79dde787d1e24d049a6cd662a9f79433358c287ecf087c2d2", + "56492e89b6d571e73f85bff04df71d7a120ea0db56e63282372f1e881aecec7c", + "61379474c1ffc0f3905676a35bbd7aeae723cafbd9d009e41e29105b058c12a5", + "623c5e18f10921e6142ff115a750285427aa8e0d5e22b01826a13004471a945e", + "6916e5f854b557f379d37f689c565023e9b998ec33085f7db93c6c118e713856", + "6e191847d61897640fd344288756f5d59ec407e2d82191a80ca61ac1fdcf5ea4", + "792e03a293bd084dae4581bd0d0968771bab2260198ae9921d69208b9cdbe1f8", + "7c6c4b95a8f371197879242621a29b420020f499f2492b299e8f732aca2d9468", + "861a9fe61b65913d45bc9e70f9f0967b0a1d6b8f5e10ca36e64d11f340845a1c" + ], + "host": "xukafinezeg[.]eu" + }, + { + "hashes": [ + "043c264efa0f27d30ebff0d9c3c5239ec02ddf012bebf53740e9e9fa45278b88", + "0629056f7d4102a08a4b773253d62453445ee91cc17fa1650b40d1bbca216e81", + "07265ea0a06d695ee7d9c432328fa03c9b094156ea4340d655a9bd004f1ec245", + "07f6802aefceb7295163b85221c6edee87eb714f85e898f91b832fd427fcb840", + "13dfcc67efbbd2fbab594ec2f166c3bd606daedbc84e0af9a85aa73e9c365e69", + "15dee18e595c7229866196fb35705cc11d156254302524d128c6de1091070752", + "1a8d546528102cd45980bce71b0159d8a8d50ad877219f2930f64010f3b10de2", + "1b0038caef373a183c07a3432a071d39a6cc6a1382a841176ba755d5f87093c1", + "1e86f351224a048a3e345984bab57e1573c78138af6593db20139cc35c907fe4", + "1f729fb1fd0057f77b71361c6d65d65c9e1634fe5522f0e2eb30d6856c885567", + "261fa852470332ce18fee88de0ee43e701044a086a816e8e4c4fee5abd36feee", + "356a0c3ec22d725e81f8441e61551f112ec136502b533c3eb3ae707345c7d1de", + "3914cb2391b1f4dea8beb1310ad8804b9ab30218808f2fba1b21a7d398473d7c", + "476c6b55260a892b205eca31487a5c9df84972fcfa32e1579ad8cafc4e3ae412", + "47dfc9a17dcf98d70546463ee6744ccd866bb25dcc761a17f6fc80c658360a87", + "4dacfeb76545ad7fd43c89145e504410c257dff11ef64f9bb7dc3d0543474e30", + "555eafa8932f34b79dde787d1e24d049a6cd662a9f79433358c287ecf087c2d2", + "56492e89b6d571e73f85bff04df71d7a120ea0db56e63282372f1e881aecec7c", + "61379474c1ffc0f3905676a35bbd7aeae723cafbd9d009e41e29105b058c12a5", + "623c5e18f10921e6142ff115a750285427aa8e0d5e22b01826a13004471a945e", + "6916e5f854b557f379d37f689c565023e9b998ec33085f7db93c6c118e713856", + "6e191847d61897640fd344288756f5d59ec407e2d82191a80ca61ac1fdcf5ea4", + "792e03a293bd084dae4581bd0d0968771bab2260198ae9921d69208b9cdbe1f8", + "7c6c4b95a8f371197879242621a29b420020f499f2492b299e8f732aca2d9468", + "861a9fe61b65913d45bc9e70f9f0967b0a1d6b8f5e10ca36e64d11f340845a1c" + ], + "host": "ciqehefitij[.]eu" + }, + { + "hashes": [ + "043c264efa0f27d30ebff0d9c3c5239ec02ddf012bebf53740e9e9fa45278b88", + "0629056f7d4102a08a4b773253d62453445ee91cc17fa1650b40d1bbca216e81", + "07265ea0a06d695ee7d9c432328fa03c9b094156ea4340d655a9bd004f1ec245", + "07f6802aefceb7295163b85221c6edee87eb714f85e898f91b832fd427fcb840", + "13dfcc67efbbd2fbab594ec2f166c3bd606daedbc84e0af9a85aa73e9c365e69", + "15dee18e595c7229866196fb35705cc11d156254302524d128c6de1091070752", + "1a8d546528102cd45980bce71b0159d8a8d50ad877219f2930f64010f3b10de2", + "1b0038caef373a183c07a3432a071d39a6cc6a1382a841176ba755d5f87093c1", + "1e86f351224a048a3e345984bab57e1573c78138af6593db20139cc35c907fe4", + "1f729fb1fd0057f77b71361c6d65d65c9e1634fe5522f0e2eb30d6856c885567", + "261fa852470332ce18fee88de0ee43e701044a086a816e8e4c4fee5abd36feee", + "356a0c3ec22d725e81f8441e61551f112ec136502b533c3eb3ae707345c7d1de", + "3914cb2391b1f4dea8beb1310ad8804b9ab30218808f2fba1b21a7d398473d7c", + "476c6b55260a892b205eca31487a5c9df84972fcfa32e1579ad8cafc4e3ae412", + "47dfc9a17dcf98d70546463ee6744ccd866bb25dcc761a17f6fc80c658360a87", + "4dacfeb76545ad7fd43c89145e504410c257dff11ef64f9bb7dc3d0543474e30", + "555eafa8932f34b79dde787d1e24d049a6cd662a9f79433358c287ecf087c2d2", + "56492e89b6d571e73f85bff04df71d7a120ea0db56e63282372f1e881aecec7c", + "61379474c1ffc0f3905676a35bbd7aeae723cafbd9d009e41e29105b058c12a5", + "623c5e18f10921e6142ff115a750285427aa8e0d5e22b01826a13004471a945e", + "6916e5f854b557f379d37f689c565023e9b998ec33085f7db93c6c118e713856", + "6e191847d61897640fd344288756f5d59ec407e2d82191a80ca61ac1fdcf5ea4", + "792e03a293bd084dae4581bd0d0968771bab2260198ae9921d69208b9cdbe1f8", + "7c6c4b95a8f371197879242621a29b420020f499f2492b299e8f732aca2d9468", + "861a9fe61b65913d45bc9e70f9f0967b0a1d6b8f5e10ca36e64d11f340845a1c" + ], + "host": "kemimojitir[.]eu" + }, + { + "hashes": [ + "043c264efa0f27d30ebff0d9c3c5239ec02ddf012bebf53740e9e9fa45278b88", + "0629056f7d4102a08a4b773253d62453445ee91cc17fa1650b40d1bbca216e81", + "07265ea0a06d695ee7d9c432328fa03c9b094156ea4340d655a9bd004f1ec245", + "07f6802aefceb7295163b85221c6edee87eb714f85e898f91b832fd427fcb840", + "13dfcc67efbbd2fbab594ec2f166c3bd606daedbc84e0af9a85aa73e9c365e69", + "15dee18e595c7229866196fb35705cc11d156254302524d128c6de1091070752", + "1a8d546528102cd45980bce71b0159d8a8d50ad877219f2930f64010f3b10de2", + "1b0038caef373a183c07a3432a071d39a6cc6a1382a841176ba755d5f87093c1", + "1e86f351224a048a3e345984bab57e1573c78138af6593db20139cc35c907fe4", + "1f729fb1fd0057f77b71361c6d65d65c9e1634fe5522f0e2eb30d6856c885567", + "261fa852470332ce18fee88de0ee43e701044a086a816e8e4c4fee5abd36feee", + "356a0c3ec22d725e81f8441e61551f112ec136502b533c3eb3ae707345c7d1de", + "3914cb2391b1f4dea8beb1310ad8804b9ab30218808f2fba1b21a7d398473d7c", + "476c6b55260a892b205eca31487a5c9df84972fcfa32e1579ad8cafc4e3ae412", + "47dfc9a17dcf98d70546463ee6744ccd866bb25dcc761a17f6fc80c658360a87", + "4dacfeb76545ad7fd43c89145e504410c257dff11ef64f9bb7dc3d0543474e30", + "555eafa8932f34b79dde787d1e24d049a6cd662a9f79433358c287ecf087c2d2", + "56492e89b6d571e73f85bff04df71d7a120ea0db56e63282372f1e881aecec7c", + "61379474c1ffc0f3905676a35bbd7aeae723cafbd9d009e41e29105b058c12a5", + "623c5e18f10921e6142ff115a750285427aa8e0d5e22b01826a13004471a945e", + "6916e5f854b557f379d37f689c565023e9b998ec33085f7db93c6c118e713856", + "6e191847d61897640fd344288756f5d59ec407e2d82191a80ca61ac1fdcf5ea4", + "792e03a293bd084dae4581bd0d0968771bab2260198ae9921d69208b9cdbe1f8", + "7c6c4b95a8f371197879242621a29b420020f499f2492b299e8f732aca2d9468", + "861a9fe61b65913d45bc9e70f9f0967b0a1d6b8f5e10ca36e64d11f340845a1c" + ], + "host": "qexusulakiq[.]eu" + }, + { + "hashes": [ + "043c264efa0f27d30ebff0d9c3c5239ec02ddf012bebf53740e9e9fa45278b88", + "0629056f7d4102a08a4b773253d62453445ee91cc17fa1650b40d1bbca216e81", + "07265ea0a06d695ee7d9c432328fa03c9b094156ea4340d655a9bd004f1ec245", + "07f6802aefceb7295163b85221c6edee87eb714f85e898f91b832fd427fcb840", + "13dfcc67efbbd2fbab594ec2f166c3bd606daedbc84e0af9a85aa73e9c365e69", + "15dee18e595c7229866196fb35705cc11d156254302524d128c6de1091070752", + "1a8d546528102cd45980bce71b0159d8a8d50ad877219f2930f64010f3b10de2", + "1b0038caef373a183c07a3432a071d39a6cc6a1382a841176ba755d5f87093c1", + "1e86f351224a048a3e345984bab57e1573c78138af6593db20139cc35c907fe4", + "1f729fb1fd0057f77b71361c6d65d65c9e1634fe5522f0e2eb30d6856c885567", + "261fa852470332ce18fee88de0ee43e701044a086a816e8e4c4fee5abd36feee", + "356a0c3ec22d725e81f8441e61551f112ec136502b533c3eb3ae707345c7d1de", + "3914cb2391b1f4dea8beb1310ad8804b9ab30218808f2fba1b21a7d398473d7c", + "476c6b55260a892b205eca31487a5c9df84972fcfa32e1579ad8cafc4e3ae412", + "47dfc9a17dcf98d70546463ee6744ccd866bb25dcc761a17f6fc80c658360a87", + "4dacfeb76545ad7fd43c89145e504410c257dff11ef64f9bb7dc3d0543474e30", + "555eafa8932f34b79dde787d1e24d049a6cd662a9f79433358c287ecf087c2d2", + "56492e89b6d571e73f85bff04df71d7a120ea0db56e63282372f1e881aecec7c", + "61379474c1ffc0f3905676a35bbd7aeae723cafbd9d009e41e29105b058c12a5", + "623c5e18f10921e6142ff115a750285427aa8e0d5e22b01826a13004471a945e", + "6916e5f854b557f379d37f689c565023e9b998ec33085f7db93c6c118e713856", + "6e191847d61897640fd344288756f5d59ec407e2d82191a80ca61ac1fdcf5ea4", + "792e03a293bd084dae4581bd0d0968771bab2260198ae9921d69208b9cdbe1f8", + "7c6c4b95a8f371197879242621a29b420020f499f2492b299e8f732aca2d9468", + "861a9fe61b65913d45bc9e70f9f0967b0a1d6b8f5e10ca36e64d11f340845a1c" + ], + "host": "qeqotogemet[.]eu" + }, + { + "hashes": [ + "043c264efa0f27d30ebff0d9c3c5239ec02ddf012bebf53740e9e9fa45278b88", + "0629056f7d4102a08a4b773253d62453445ee91cc17fa1650b40d1bbca216e81", + "07265ea0a06d695ee7d9c432328fa03c9b094156ea4340d655a9bd004f1ec245", + "07f6802aefceb7295163b85221c6edee87eb714f85e898f91b832fd427fcb840", + "13dfcc67efbbd2fbab594ec2f166c3bd606daedbc84e0af9a85aa73e9c365e69", + "15dee18e595c7229866196fb35705cc11d156254302524d128c6de1091070752", + "1a8d546528102cd45980bce71b0159d8a8d50ad877219f2930f64010f3b10de2", + "1b0038caef373a183c07a3432a071d39a6cc6a1382a841176ba755d5f87093c1", + "1e86f351224a048a3e345984bab57e1573c78138af6593db20139cc35c907fe4", + "1f729fb1fd0057f77b71361c6d65d65c9e1634fe5522f0e2eb30d6856c885567", + "261fa852470332ce18fee88de0ee43e701044a086a816e8e4c4fee5abd36feee", + "356a0c3ec22d725e81f8441e61551f112ec136502b533c3eb3ae707345c7d1de", + "3914cb2391b1f4dea8beb1310ad8804b9ab30218808f2fba1b21a7d398473d7c", + "476c6b55260a892b205eca31487a5c9df84972fcfa32e1579ad8cafc4e3ae412", + "47dfc9a17dcf98d70546463ee6744ccd866bb25dcc761a17f6fc80c658360a87", + "4dacfeb76545ad7fd43c89145e504410c257dff11ef64f9bb7dc3d0543474e30", + "555eafa8932f34b79dde787d1e24d049a6cd662a9f79433358c287ecf087c2d2", + "56492e89b6d571e73f85bff04df71d7a120ea0db56e63282372f1e881aecec7c", + "61379474c1ffc0f3905676a35bbd7aeae723cafbd9d009e41e29105b058c12a5", + "623c5e18f10921e6142ff115a750285427aa8e0d5e22b01826a13004471a945e", + "6916e5f854b557f379d37f689c565023e9b998ec33085f7db93c6c118e713856", + "6e191847d61897640fd344288756f5d59ec407e2d82191a80ca61ac1fdcf5ea4", + "792e03a293bd084dae4581bd0d0968771bab2260198ae9921d69208b9cdbe1f8", + "7c6c4b95a8f371197879242621a29b420020f499f2492b299e8f732aca2d9468", + "861a9fe61b65913d45bc9e70f9f0967b0a1d6b8f5e10ca36e64d11f340845a1c" + ], + "host": "foxofewuteq[.]eu" + }, + { + "hashes": [ + "043c264efa0f27d30ebff0d9c3c5239ec02ddf012bebf53740e9e9fa45278b88", + "0629056f7d4102a08a4b773253d62453445ee91cc17fa1650b40d1bbca216e81", + "07265ea0a06d695ee7d9c432328fa03c9b094156ea4340d655a9bd004f1ec245", + "07f6802aefceb7295163b85221c6edee87eb714f85e898f91b832fd427fcb840", + "13dfcc67efbbd2fbab594ec2f166c3bd606daedbc84e0af9a85aa73e9c365e69", + "15dee18e595c7229866196fb35705cc11d156254302524d128c6de1091070752", + "1a8d546528102cd45980bce71b0159d8a8d50ad877219f2930f64010f3b10de2", + "1b0038caef373a183c07a3432a071d39a6cc6a1382a841176ba755d5f87093c1", + "1e86f351224a048a3e345984bab57e1573c78138af6593db20139cc35c907fe4", + "1f729fb1fd0057f77b71361c6d65d65c9e1634fe5522f0e2eb30d6856c885567", + "261fa852470332ce18fee88de0ee43e701044a086a816e8e4c4fee5abd36feee", + "356a0c3ec22d725e81f8441e61551f112ec136502b533c3eb3ae707345c7d1de", + "3914cb2391b1f4dea8beb1310ad8804b9ab30218808f2fba1b21a7d398473d7c", + "476c6b55260a892b205eca31487a5c9df84972fcfa32e1579ad8cafc4e3ae412", + "47dfc9a17dcf98d70546463ee6744ccd866bb25dcc761a17f6fc80c658360a87", + "4dacfeb76545ad7fd43c89145e504410c257dff11ef64f9bb7dc3d0543474e30", + "555eafa8932f34b79dde787d1e24d049a6cd662a9f79433358c287ecf087c2d2", + "56492e89b6d571e73f85bff04df71d7a120ea0db56e63282372f1e881aecec7c", + "61379474c1ffc0f3905676a35bbd7aeae723cafbd9d009e41e29105b058c12a5", + "623c5e18f10921e6142ff115a750285427aa8e0d5e22b01826a13004471a945e", + "6916e5f854b557f379d37f689c565023e9b998ec33085f7db93c6c118e713856", + "6e191847d61897640fd344288756f5d59ec407e2d82191a80ca61ac1fdcf5ea4", + "792e03a293bd084dae4581bd0d0968771bab2260198ae9921d69208b9cdbe1f8", + "7c6c4b95a8f371197879242621a29b420020f499f2492b299e8f732aca2d9468", + "861a9fe61b65913d45bc9e70f9f0967b0a1d6b8f5e10ca36e64d11f340845a1c" + ], + "host": "cinazetybiq[.]eu" + }, + { + "hashes": [ + "043c264efa0f27d30ebff0d9c3c5239ec02ddf012bebf53740e9e9fa45278b88", + "0629056f7d4102a08a4b773253d62453445ee91cc17fa1650b40d1bbca216e81", + "07265ea0a06d695ee7d9c432328fa03c9b094156ea4340d655a9bd004f1ec245", + "07f6802aefceb7295163b85221c6edee87eb714f85e898f91b832fd427fcb840", + "13dfcc67efbbd2fbab594ec2f166c3bd606daedbc84e0af9a85aa73e9c365e69", + "15dee18e595c7229866196fb35705cc11d156254302524d128c6de1091070752", + "1a8d546528102cd45980bce71b0159d8a8d50ad877219f2930f64010f3b10de2", + "1b0038caef373a183c07a3432a071d39a6cc6a1382a841176ba755d5f87093c1", + "1e86f351224a048a3e345984bab57e1573c78138af6593db20139cc35c907fe4", + "1f729fb1fd0057f77b71361c6d65d65c9e1634fe5522f0e2eb30d6856c885567", + "261fa852470332ce18fee88de0ee43e701044a086a816e8e4c4fee5abd36feee", + "356a0c3ec22d725e81f8441e61551f112ec136502b533c3eb3ae707345c7d1de", + "3914cb2391b1f4dea8beb1310ad8804b9ab30218808f2fba1b21a7d398473d7c", + "476c6b55260a892b205eca31487a5c9df84972fcfa32e1579ad8cafc4e3ae412", + "47dfc9a17dcf98d70546463ee6744ccd866bb25dcc761a17f6fc80c658360a87", + "4dacfeb76545ad7fd43c89145e504410c257dff11ef64f9bb7dc3d0543474e30", + "555eafa8932f34b79dde787d1e24d049a6cd662a9f79433358c287ecf087c2d2", + "56492e89b6d571e73f85bff04df71d7a120ea0db56e63282372f1e881aecec7c", + "61379474c1ffc0f3905676a35bbd7aeae723cafbd9d009e41e29105b058c12a5", + "623c5e18f10921e6142ff115a750285427aa8e0d5e22b01826a13004471a945e", + "6916e5f854b557f379d37f689c565023e9b998ec33085f7db93c6c118e713856", + "6e191847d61897640fd344288756f5d59ec407e2d82191a80ca61ac1fdcf5ea4", + "792e03a293bd084dae4581bd0d0968771bab2260198ae9921d69208b9cdbe1f8", + "7c6c4b95a8f371197879242621a29b420020f499f2492b299e8f732aca2d9468", + "861a9fe61b65913d45bc9e70f9f0967b0a1d6b8f5e10ca36e64d11f340845a1c" + ], + "host": "gahoqohofib[.]eu" + }, + { + "hashes": [ + "043c264efa0f27d30ebff0d9c3c5239ec02ddf012bebf53740e9e9fa45278b88", + "0629056f7d4102a08a4b773253d62453445ee91cc17fa1650b40d1bbca216e81", + "07265ea0a06d695ee7d9c432328fa03c9b094156ea4340d655a9bd004f1ec245", + "07f6802aefceb7295163b85221c6edee87eb714f85e898f91b832fd427fcb840", + "13dfcc67efbbd2fbab594ec2f166c3bd606daedbc84e0af9a85aa73e9c365e69", + "15dee18e595c7229866196fb35705cc11d156254302524d128c6de1091070752", + "1a8d546528102cd45980bce71b0159d8a8d50ad877219f2930f64010f3b10de2", + "1b0038caef373a183c07a3432a071d39a6cc6a1382a841176ba755d5f87093c1", + "1e86f351224a048a3e345984bab57e1573c78138af6593db20139cc35c907fe4", + "1f729fb1fd0057f77b71361c6d65d65c9e1634fe5522f0e2eb30d6856c885567", + "261fa852470332ce18fee88de0ee43e701044a086a816e8e4c4fee5abd36feee", + "356a0c3ec22d725e81f8441e61551f112ec136502b533c3eb3ae707345c7d1de", + "3914cb2391b1f4dea8beb1310ad8804b9ab30218808f2fba1b21a7d398473d7c", + "476c6b55260a892b205eca31487a5c9df84972fcfa32e1579ad8cafc4e3ae412", + "47dfc9a17dcf98d70546463ee6744ccd866bb25dcc761a17f6fc80c658360a87", + "4dacfeb76545ad7fd43c89145e504410c257dff11ef64f9bb7dc3d0543474e30", + "555eafa8932f34b79dde787d1e24d049a6cd662a9f79433358c287ecf087c2d2", + "56492e89b6d571e73f85bff04df71d7a120ea0db56e63282372f1e881aecec7c", + "61379474c1ffc0f3905676a35bbd7aeae723cafbd9d009e41e29105b058c12a5", + "623c5e18f10921e6142ff115a750285427aa8e0d5e22b01826a13004471a945e", + "6916e5f854b557f379d37f689c565023e9b998ec33085f7db93c6c118e713856", + "6e191847d61897640fd344288756f5d59ec407e2d82191a80ca61ac1fdcf5ea4", + "792e03a293bd084dae4581bd0d0968771bab2260198ae9921d69208b9cdbe1f8", + "7c6c4b95a8f371197879242621a29b420020f499f2492b299e8f732aca2d9468", + "861a9fe61b65913d45bc9e70f9f0967b0a1d6b8f5e10ca36e64d11f340845a1c" + ], + "host": "lygowunezep[.]eu" + }, + { + "hashes": [ + "043c264efa0f27d30ebff0d9c3c5239ec02ddf012bebf53740e9e9fa45278b88", + "0629056f7d4102a08a4b773253d62453445ee91cc17fa1650b40d1bbca216e81", + "07265ea0a06d695ee7d9c432328fa03c9b094156ea4340d655a9bd004f1ec245", + "07f6802aefceb7295163b85221c6edee87eb714f85e898f91b832fd427fcb840", + "13dfcc67efbbd2fbab594ec2f166c3bd606daedbc84e0af9a85aa73e9c365e69", + "15dee18e595c7229866196fb35705cc11d156254302524d128c6de1091070752", + "1a8d546528102cd45980bce71b0159d8a8d50ad877219f2930f64010f3b10de2", + "1b0038caef373a183c07a3432a071d39a6cc6a1382a841176ba755d5f87093c1", + "1e86f351224a048a3e345984bab57e1573c78138af6593db20139cc35c907fe4", + "1f729fb1fd0057f77b71361c6d65d65c9e1634fe5522f0e2eb30d6856c885567", + "261fa852470332ce18fee88de0ee43e701044a086a816e8e4c4fee5abd36feee", + "356a0c3ec22d725e81f8441e61551f112ec136502b533c3eb3ae707345c7d1de", + "3914cb2391b1f4dea8beb1310ad8804b9ab30218808f2fba1b21a7d398473d7c", + "476c6b55260a892b205eca31487a5c9df84972fcfa32e1579ad8cafc4e3ae412", + "47dfc9a17dcf98d70546463ee6744ccd866bb25dcc761a17f6fc80c658360a87", + "4dacfeb76545ad7fd43c89145e504410c257dff11ef64f9bb7dc3d0543474e30", + "555eafa8932f34b79dde787d1e24d049a6cd662a9f79433358c287ecf087c2d2", + "56492e89b6d571e73f85bff04df71d7a120ea0db56e63282372f1e881aecec7c", + "61379474c1ffc0f3905676a35bbd7aeae723cafbd9d009e41e29105b058c12a5", + "623c5e18f10921e6142ff115a750285427aa8e0d5e22b01826a13004471a945e", + "6916e5f854b557f379d37f689c565023e9b998ec33085f7db93c6c118e713856", + "6e191847d61897640fd344288756f5d59ec407e2d82191a80ca61ac1fdcf5ea4", + "792e03a293bd084dae4581bd0d0968771bab2260198ae9921d69208b9cdbe1f8", + "7c6c4b95a8f371197879242621a29b420020f499f2492b299e8f732aca2d9468", + "861a9fe61b65913d45bc9e70f9f0967b0a1d6b8f5e10ca36e64d11f340845a1c" + ], + "host": "ganovowuqur[.]eu" + }, + { + "hashes": [ + "043c264efa0f27d30ebff0d9c3c5239ec02ddf012bebf53740e9e9fa45278b88", + "0629056f7d4102a08a4b773253d62453445ee91cc17fa1650b40d1bbca216e81", + "07265ea0a06d695ee7d9c432328fa03c9b094156ea4340d655a9bd004f1ec245", + "07f6802aefceb7295163b85221c6edee87eb714f85e898f91b832fd427fcb840", + "13dfcc67efbbd2fbab594ec2f166c3bd606daedbc84e0af9a85aa73e9c365e69", + "15dee18e595c7229866196fb35705cc11d156254302524d128c6de1091070752", + "1a8d546528102cd45980bce71b0159d8a8d50ad877219f2930f64010f3b10de2", + "1b0038caef373a183c07a3432a071d39a6cc6a1382a841176ba755d5f87093c1", + "1e86f351224a048a3e345984bab57e1573c78138af6593db20139cc35c907fe4", + "1f729fb1fd0057f77b71361c6d65d65c9e1634fe5522f0e2eb30d6856c885567", + "261fa852470332ce18fee88de0ee43e701044a086a816e8e4c4fee5abd36feee", + "356a0c3ec22d725e81f8441e61551f112ec136502b533c3eb3ae707345c7d1de", + "3914cb2391b1f4dea8beb1310ad8804b9ab30218808f2fba1b21a7d398473d7c", + "476c6b55260a892b205eca31487a5c9df84972fcfa32e1579ad8cafc4e3ae412", + "47dfc9a17dcf98d70546463ee6744ccd866bb25dcc761a17f6fc80c658360a87", + "4dacfeb76545ad7fd43c89145e504410c257dff11ef64f9bb7dc3d0543474e30", + "555eafa8932f34b79dde787d1e24d049a6cd662a9f79433358c287ecf087c2d2", + "56492e89b6d571e73f85bff04df71d7a120ea0db56e63282372f1e881aecec7c", + "61379474c1ffc0f3905676a35bbd7aeae723cafbd9d009e41e29105b058c12a5", + "623c5e18f10921e6142ff115a750285427aa8e0d5e22b01826a13004471a945e", + "6916e5f854b557f379d37f689c565023e9b998ec33085f7db93c6c118e713856", + "6e191847d61897640fd344288756f5d59ec407e2d82191a80ca61ac1fdcf5ea4", + "792e03a293bd084dae4581bd0d0968771bab2260198ae9921d69208b9cdbe1f8", + "7c6c4b95a8f371197879242621a29b420020f499f2492b299e8f732aca2d9468", + "861a9fe61b65913d45bc9e70f9f0967b0a1d6b8f5e10ca36e64d11f340845a1c" + ], + "host": "qekusagigyz[.]eu" + }, + { + "hashes": [ + "043c264efa0f27d30ebff0d9c3c5239ec02ddf012bebf53740e9e9fa45278b88", + "0629056f7d4102a08a4b773253d62453445ee91cc17fa1650b40d1bbca216e81", + "07265ea0a06d695ee7d9c432328fa03c9b094156ea4340d655a9bd004f1ec245", + "07f6802aefceb7295163b85221c6edee87eb714f85e898f91b832fd427fcb840", + "13dfcc67efbbd2fbab594ec2f166c3bd606daedbc84e0af9a85aa73e9c365e69", + "15dee18e595c7229866196fb35705cc11d156254302524d128c6de1091070752", + "1a8d546528102cd45980bce71b0159d8a8d50ad877219f2930f64010f3b10de2", + "1b0038caef373a183c07a3432a071d39a6cc6a1382a841176ba755d5f87093c1", + "1e86f351224a048a3e345984bab57e1573c78138af6593db20139cc35c907fe4", + "1f729fb1fd0057f77b71361c6d65d65c9e1634fe5522f0e2eb30d6856c885567", + "261fa852470332ce18fee88de0ee43e701044a086a816e8e4c4fee5abd36feee", + "356a0c3ec22d725e81f8441e61551f112ec136502b533c3eb3ae707345c7d1de", + "3914cb2391b1f4dea8beb1310ad8804b9ab30218808f2fba1b21a7d398473d7c", + "476c6b55260a892b205eca31487a5c9df84972fcfa32e1579ad8cafc4e3ae412", + "47dfc9a17dcf98d70546463ee6744ccd866bb25dcc761a17f6fc80c658360a87", + "4dacfeb76545ad7fd43c89145e504410c257dff11ef64f9bb7dc3d0543474e30", + "555eafa8932f34b79dde787d1e24d049a6cd662a9f79433358c287ecf087c2d2", + "56492e89b6d571e73f85bff04df71d7a120ea0db56e63282372f1e881aecec7c", + "61379474c1ffc0f3905676a35bbd7aeae723cafbd9d009e41e29105b058c12a5", + "623c5e18f10921e6142ff115a750285427aa8e0d5e22b01826a13004471a945e", + "6916e5f854b557f379d37f689c565023e9b998ec33085f7db93c6c118e713856", + "6e191847d61897640fd344288756f5d59ec407e2d82191a80ca61ac1fdcf5ea4", + "792e03a293bd084dae4581bd0d0968771bab2260198ae9921d69208b9cdbe1f8", + "7c6c4b95a8f371197879242621a29b420020f499f2492b299e8f732aca2d9468", + "861a9fe61b65913d45bc9e70f9f0967b0a1d6b8f5e10ca36e64d11f340845a1c" + ], + "host": "tuwypagupeb[.]eu" + }, + { + "hashes": [ + "043c264efa0f27d30ebff0d9c3c5239ec02ddf012bebf53740e9e9fa45278b88", + "0629056f7d4102a08a4b773253d62453445ee91cc17fa1650b40d1bbca216e81", + "07265ea0a06d695ee7d9c432328fa03c9b094156ea4340d655a9bd004f1ec245", + "07f6802aefceb7295163b85221c6edee87eb714f85e898f91b832fd427fcb840", + "13dfcc67efbbd2fbab594ec2f166c3bd606daedbc84e0af9a85aa73e9c365e69", + "15dee18e595c7229866196fb35705cc11d156254302524d128c6de1091070752", + "1a8d546528102cd45980bce71b0159d8a8d50ad877219f2930f64010f3b10de2", + "1b0038caef373a183c07a3432a071d39a6cc6a1382a841176ba755d5f87093c1", + "1e86f351224a048a3e345984bab57e1573c78138af6593db20139cc35c907fe4", + "1f729fb1fd0057f77b71361c6d65d65c9e1634fe5522f0e2eb30d6856c885567", + "261fa852470332ce18fee88de0ee43e701044a086a816e8e4c4fee5abd36feee", + "356a0c3ec22d725e81f8441e61551f112ec136502b533c3eb3ae707345c7d1de", + "3914cb2391b1f4dea8beb1310ad8804b9ab30218808f2fba1b21a7d398473d7c", + "476c6b55260a892b205eca31487a5c9df84972fcfa32e1579ad8cafc4e3ae412", + "47dfc9a17dcf98d70546463ee6744ccd866bb25dcc761a17f6fc80c658360a87", + "4dacfeb76545ad7fd43c89145e504410c257dff11ef64f9bb7dc3d0543474e30", + "555eafa8932f34b79dde787d1e24d049a6cd662a9f79433358c287ecf087c2d2", + "56492e89b6d571e73f85bff04df71d7a120ea0db56e63282372f1e881aecec7c", + "61379474c1ffc0f3905676a35bbd7aeae723cafbd9d009e41e29105b058c12a5", + "623c5e18f10921e6142ff115a750285427aa8e0d5e22b01826a13004471a945e", + "6916e5f854b557f379d37f689c565023e9b998ec33085f7db93c6c118e713856", + "6e191847d61897640fd344288756f5d59ec407e2d82191a80ca61ac1fdcf5ea4", + "792e03a293bd084dae4581bd0d0968771bab2260198ae9921d69208b9cdbe1f8", + "7c6c4b95a8f371197879242621a29b420020f499f2492b299e8f732aca2d9468", + "861a9fe61b65913d45bc9e70f9f0967b0a1d6b8f5e10ca36e64d11f340845a1c" + ], + "host": "tunupegirec[.]eu" + }, + { + "hashes": [ + "043c264efa0f27d30ebff0d9c3c5239ec02ddf012bebf53740e9e9fa45278b88", + "0629056f7d4102a08a4b773253d62453445ee91cc17fa1650b40d1bbca216e81", + "07265ea0a06d695ee7d9c432328fa03c9b094156ea4340d655a9bd004f1ec245", + "07f6802aefceb7295163b85221c6edee87eb714f85e898f91b832fd427fcb840", + "13dfcc67efbbd2fbab594ec2f166c3bd606daedbc84e0af9a85aa73e9c365e69", + "15dee18e595c7229866196fb35705cc11d156254302524d128c6de1091070752", + "1a8d546528102cd45980bce71b0159d8a8d50ad877219f2930f64010f3b10de2", + "1b0038caef373a183c07a3432a071d39a6cc6a1382a841176ba755d5f87093c1", + "1e86f351224a048a3e345984bab57e1573c78138af6593db20139cc35c907fe4", + "1f729fb1fd0057f77b71361c6d65d65c9e1634fe5522f0e2eb30d6856c885567", + "261fa852470332ce18fee88de0ee43e701044a086a816e8e4c4fee5abd36feee", + "356a0c3ec22d725e81f8441e61551f112ec136502b533c3eb3ae707345c7d1de", + "3914cb2391b1f4dea8beb1310ad8804b9ab30218808f2fba1b21a7d398473d7c", + "476c6b55260a892b205eca31487a5c9df84972fcfa32e1579ad8cafc4e3ae412", + "47dfc9a17dcf98d70546463ee6744ccd866bb25dcc761a17f6fc80c658360a87", + "4dacfeb76545ad7fd43c89145e504410c257dff11ef64f9bb7dc3d0543474e30", + "555eafa8932f34b79dde787d1e24d049a6cd662a9f79433358c287ecf087c2d2", + "56492e89b6d571e73f85bff04df71d7a120ea0db56e63282372f1e881aecec7c", + "61379474c1ffc0f3905676a35bbd7aeae723cafbd9d009e41e29105b058c12a5", + "623c5e18f10921e6142ff115a750285427aa8e0d5e22b01826a13004471a945e", + "6916e5f854b557f379d37f689c565023e9b998ec33085f7db93c6c118e713856", + "6e191847d61897640fd344288756f5d59ec407e2d82191a80ca61ac1fdcf5ea4", + "792e03a293bd084dae4581bd0d0968771bab2260198ae9921d69208b9cdbe1f8", + "7c6c4b95a8f371197879242621a29b420020f499f2492b299e8f732aca2d9468", + "861a9fe61b65913d45bc9e70f9f0967b0a1d6b8f5e10ca36e64d11f340845a1c" + ], + "host": "masafytunux[.]eu" + }, + { + "hashes": [ + "043c264efa0f27d30ebff0d9c3c5239ec02ddf012bebf53740e9e9fa45278b88", + "0629056f7d4102a08a4b773253d62453445ee91cc17fa1650b40d1bbca216e81", + "07265ea0a06d695ee7d9c432328fa03c9b094156ea4340d655a9bd004f1ec245", + "07f6802aefceb7295163b85221c6edee87eb714f85e898f91b832fd427fcb840", + "13dfcc67efbbd2fbab594ec2f166c3bd606daedbc84e0af9a85aa73e9c365e69", + "15dee18e595c7229866196fb35705cc11d156254302524d128c6de1091070752", + "1a8d546528102cd45980bce71b0159d8a8d50ad877219f2930f64010f3b10de2", + "1b0038caef373a183c07a3432a071d39a6cc6a1382a841176ba755d5f87093c1", + "1e86f351224a048a3e345984bab57e1573c78138af6593db20139cc35c907fe4", + "1f729fb1fd0057f77b71361c6d65d65c9e1634fe5522f0e2eb30d6856c885567", + "261fa852470332ce18fee88de0ee43e701044a086a816e8e4c4fee5abd36feee", + "356a0c3ec22d725e81f8441e61551f112ec136502b533c3eb3ae707345c7d1de", + "3914cb2391b1f4dea8beb1310ad8804b9ab30218808f2fba1b21a7d398473d7c", + "476c6b55260a892b205eca31487a5c9df84972fcfa32e1579ad8cafc4e3ae412", + "47dfc9a17dcf98d70546463ee6744ccd866bb25dcc761a17f6fc80c658360a87", + "4dacfeb76545ad7fd43c89145e504410c257dff11ef64f9bb7dc3d0543474e30", + "555eafa8932f34b79dde787d1e24d049a6cd662a9f79433358c287ecf087c2d2", + "56492e89b6d571e73f85bff04df71d7a120ea0db56e63282372f1e881aecec7c", + "61379474c1ffc0f3905676a35bbd7aeae723cafbd9d009e41e29105b058c12a5", + "623c5e18f10921e6142ff115a750285427aa8e0d5e22b01826a13004471a945e", + "6916e5f854b557f379d37f689c565023e9b998ec33085f7db93c6c118e713856", + "6e191847d61897640fd344288756f5d59ec407e2d82191a80ca61ac1fdcf5ea4", + "792e03a293bd084dae4581bd0d0968771bab2260198ae9921d69208b9cdbe1f8", + "7c6c4b95a8f371197879242621a29b420020f499f2492b299e8f732aca2d9468", + "861a9fe61b65913d45bc9e70f9f0967b0a1d6b8f5e10ca36e64d11f340845a1c" + ], + "host": "lyruterodiq[.]eu" + }, + { + "hashes": [ + "043c264efa0f27d30ebff0d9c3c5239ec02ddf012bebf53740e9e9fa45278b88", + "0629056f7d4102a08a4b773253d62453445ee91cc17fa1650b40d1bbca216e81", + "07265ea0a06d695ee7d9c432328fa03c9b094156ea4340d655a9bd004f1ec245", + "07f6802aefceb7295163b85221c6edee87eb714f85e898f91b832fd427fcb840", + "13dfcc67efbbd2fbab594ec2f166c3bd606daedbc84e0af9a85aa73e9c365e69", + "15dee18e595c7229866196fb35705cc11d156254302524d128c6de1091070752", + "1a8d546528102cd45980bce71b0159d8a8d50ad877219f2930f64010f3b10de2", + "1b0038caef373a183c07a3432a071d39a6cc6a1382a841176ba755d5f87093c1", + "1e86f351224a048a3e345984bab57e1573c78138af6593db20139cc35c907fe4", + "1f729fb1fd0057f77b71361c6d65d65c9e1634fe5522f0e2eb30d6856c885567", + "261fa852470332ce18fee88de0ee43e701044a086a816e8e4c4fee5abd36feee", + "356a0c3ec22d725e81f8441e61551f112ec136502b533c3eb3ae707345c7d1de", + "3914cb2391b1f4dea8beb1310ad8804b9ab30218808f2fba1b21a7d398473d7c", + "476c6b55260a892b205eca31487a5c9df84972fcfa32e1579ad8cafc4e3ae412", + "47dfc9a17dcf98d70546463ee6744ccd866bb25dcc761a17f6fc80c658360a87", + "4dacfeb76545ad7fd43c89145e504410c257dff11ef64f9bb7dc3d0543474e30", + "555eafa8932f34b79dde787d1e24d049a6cd662a9f79433358c287ecf087c2d2", + "56492e89b6d571e73f85bff04df71d7a120ea0db56e63282372f1e881aecec7c", + "61379474c1ffc0f3905676a35bbd7aeae723cafbd9d009e41e29105b058c12a5", + "623c5e18f10921e6142ff115a750285427aa8e0d5e22b01826a13004471a945e", + "6916e5f854b557f379d37f689c565023e9b998ec33085f7db93c6c118e713856", + "6e191847d61897640fd344288756f5d59ec407e2d82191a80ca61ac1fdcf5ea4", + "792e03a293bd084dae4581bd0d0968771bab2260198ae9921d69208b9cdbe1f8", + "7c6c4b95a8f371197879242621a29b420020f499f2492b299e8f732aca2d9468", + "861a9fe61b65913d45bc9e70f9f0967b0a1d6b8f5e10ca36e64d11f340845a1c" + ], + "host": "qegefavipev[.]eu" + }, + { + "hashes": [ + "043c264efa0f27d30ebff0d9c3c5239ec02ddf012bebf53740e9e9fa45278b88", + "0629056f7d4102a08a4b773253d62453445ee91cc17fa1650b40d1bbca216e81", + "07265ea0a06d695ee7d9c432328fa03c9b094156ea4340d655a9bd004f1ec245", + "07f6802aefceb7295163b85221c6edee87eb714f85e898f91b832fd427fcb840", + "13dfcc67efbbd2fbab594ec2f166c3bd606daedbc84e0af9a85aa73e9c365e69", + "15dee18e595c7229866196fb35705cc11d156254302524d128c6de1091070752", + "1a8d546528102cd45980bce71b0159d8a8d50ad877219f2930f64010f3b10de2", + "1b0038caef373a183c07a3432a071d39a6cc6a1382a841176ba755d5f87093c1", + "1e86f351224a048a3e345984bab57e1573c78138af6593db20139cc35c907fe4", + "1f729fb1fd0057f77b71361c6d65d65c9e1634fe5522f0e2eb30d6856c885567", + "261fa852470332ce18fee88de0ee43e701044a086a816e8e4c4fee5abd36feee", + "356a0c3ec22d725e81f8441e61551f112ec136502b533c3eb3ae707345c7d1de", + "3914cb2391b1f4dea8beb1310ad8804b9ab30218808f2fba1b21a7d398473d7c", + "476c6b55260a892b205eca31487a5c9df84972fcfa32e1579ad8cafc4e3ae412", + "47dfc9a17dcf98d70546463ee6744ccd866bb25dcc761a17f6fc80c658360a87", + "4dacfeb76545ad7fd43c89145e504410c257dff11ef64f9bb7dc3d0543474e30", + "555eafa8932f34b79dde787d1e24d049a6cd662a9f79433358c287ecf087c2d2", + "56492e89b6d571e73f85bff04df71d7a120ea0db56e63282372f1e881aecec7c", + "61379474c1ffc0f3905676a35bbd7aeae723cafbd9d009e41e29105b058c12a5", + "623c5e18f10921e6142ff115a750285427aa8e0d5e22b01826a13004471a945e", + "6916e5f854b557f379d37f689c565023e9b998ec33085f7db93c6c118e713856", + "6e191847d61897640fd344288756f5d59ec407e2d82191a80ca61ac1fdcf5ea4", + "792e03a293bd084dae4581bd0d0968771bab2260198ae9921d69208b9cdbe1f8", + "7c6c4b95a8f371197879242621a29b420020f499f2492b299e8f732aca2d9468", + "861a9fe61b65913d45bc9e70f9f0967b0a1d6b8f5e10ca36e64d11f340845a1c" + ], + "host": "cilupakuquk[.]eu" + }, + { + "hashes": [ + "043c264efa0f27d30ebff0d9c3c5239ec02ddf012bebf53740e9e9fa45278b88", + "0629056f7d4102a08a4b773253d62453445ee91cc17fa1650b40d1bbca216e81", + "07265ea0a06d695ee7d9c432328fa03c9b094156ea4340d655a9bd004f1ec245", + "07f6802aefceb7295163b85221c6edee87eb714f85e898f91b832fd427fcb840", + "13dfcc67efbbd2fbab594ec2f166c3bd606daedbc84e0af9a85aa73e9c365e69", + "15dee18e595c7229866196fb35705cc11d156254302524d128c6de1091070752", + "1a8d546528102cd45980bce71b0159d8a8d50ad877219f2930f64010f3b10de2", + "1b0038caef373a183c07a3432a071d39a6cc6a1382a841176ba755d5f87093c1", + "1e86f351224a048a3e345984bab57e1573c78138af6593db20139cc35c907fe4", + "1f729fb1fd0057f77b71361c6d65d65c9e1634fe5522f0e2eb30d6856c885567", + "261fa852470332ce18fee88de0ee43e701044a086a816e8e4c4fee5abd36feee", + "356a0c3ec22d725e81f8441e61551f112ec136502b533c3eb3ae707345c7d1de", + "3914cb2391b1f4dea8beb1310ad8804b9ab30218808f2fba1b21a7d398473d7c", + "476c6b55260a892b205eca31487a5c9df84972fcfa32e1579ad8cafc4e3ae412", + "47dfc9a17dcf98d70546463ee6744ccd866bb25dcc761a17f6fc80c658360a87", + "4dacfeb76545ad7fd43c89145e504410c257dff11ef64f9bb7dc3d0543474e30", + "555eafa8932f34b79dde787d1e24d049a6cd662a9f79433358c287ecf087c2d2", + "56492e89b6d571e73f85bff04df71d7a120ea0db56e63282372f1e881aecec7c", + "61379474c1ffc0f3905676a35bbd7aeae723cafbd9d009e41e29105b058c12a5", + "623c5e18f10921e6142ff115a750285427aa8e0d5e22b01826a13004471a945e", + "6916e5f854b557f379d37f689c565023e9b998ec33085f7db93c6c118e713856", + "6e191847d61897640fd344288756f5d59ec407e2d82191a80ca61ac1fdcf5ea4", + "792e03a293bd084dae4581bd0d0968771bab2260198ae9921d69208b9cdbe1f8", + "7c6c4b95a8f371197879242621a29b420020f499f2492b299e8f732aca2d9468", + "861a9fe61b65913d45bc9e70f9f0967b0a1d6b8f5e10ca36e64d11f340845a1c" + ], + "host": "ryciqavuqav[.]eu" + }, + { + "hashes": [ + "043c264efa0f27d30ebff0d9c3c5239ec02ddf012bebf53740e9e9fa45278b88", + "0629056f7d4102a08a4b773253d62453445ee91cc17fa1650b40d1bbca216e81", + "07265ea0a06d695ee7d9c432328fa03c9b094156ea4340d655a9bd004f1ec245", + "07f6802aefceb7295163b85221c6edee87eb714f85e898f91b832fd427fcb840", + "13dfcc67efbbd2fbab594ec2f166c3bd606daedbc84e0af9a85aa73e9c365e69", + "15dee18e595c7229866196fb35705cc11d156254302524d128c6de1091070752", + "1a8d546528102cd45980bce71b0159d8a8d50ad877219f2930f64010f3b10de2", + "1b0038caef373a183c07a3432a071d39a6cc6a1382a841176ba755d5f87093c1", + "1e86f351224a048a3e345984bab57e1573c78138af6593db20139cc35c907fe4", + "1f729fb1fd0057f77b71361c6d65d65c9e1634fe5522f0e2eb30d6856c885567", + "261fa852470332ce18fee88de0ee43e701044a086a816e8e4c4fee5abd36feee", + "356a0c3ec22d725e81f8441e61551f112ec136502b533c3eb3ae707345c7d1de", + "3914cb2391b1f4dea8beb1310ad8804b9ab30218808f2fba1b21a7d398473d7c", + "476c6b55260a892b205eca31487a5c9df84972fcfa32e1579ad8cafc4e3ae412", + "47dfc9a17dcf98d70546463ee6744ccd866bb25dcc761a17f6fc80c658360a87", + "4dacfeb76545ad7fd43c89145e504410c257dff11ef64f9bb7dc3d0543474e30", + "555eafa8932f34b79dde787d1e24d049a6cd662a9f79433358c287ecf087c2d2", + "56492e89b6d571e73f85bff04df71d7a120ea0db56e63282372f1e881aecec7c", + "61379474c1ffc0f3905676a35bbd7aeae723cafbd9d009e41e29105b058c12a5", + "623c5e18f10921e6142ff115a750285427aa8e0d5e22b01826a13004471a945e", + "6916e5f854b557f379d37f689c565023e9b998ec33085f7db93c6c118e713856", + "6e191847d61897640fd344288756f5d59ec407e2d82191a80ca61ac1fdcf5ea4", + "792e03a293bd084dae4581bd0d0968771bab2260198ae9921d69208b9cdbe1f8", + "7c6c4b95a8f371197879242621a29b420020f499f2492b299e8f732aca2d9468", + "861a9fe61b65913d45bc9e70f9f0967b0a1d6b8f5e10ca36e64d11f340845a1c" + ], + "host": "kerijudacyj[.]eu" + }, + { + "hashes": [ + "043c264efa0f27d30ebff0d9c3c5239ec02ddf012bebf53740e9e9fa45278b88", + "0629056f7d4102a08a4b773253d62453445ee91cc17fa1650b40d1bbca216e81", + "07265ea0a06d695ee7d9c432328fa03c9b094156ea4340d655a9bd004f1ec245", + "07f6802aefceb7295163b85221c6edee87eb714f85e898f91b832fd427fcb840", + "13dfcc67efbbd2fbab594ec2f166c3bd606daedbc84e0af9a85aa73e9c365e69", + "15dee18e595c7229866196fb35705cc11d156254302524d128c6de1091070752", + "1a8d546528102cd45980bce71b0159d8a8d50ad877219f2930f64010f3b10de2", + "1b0038caef373a183c07a3432a071d39a6cc6a1382a841176ba755d5f87093c1", + "1e86f351224a048a3e345984bab57e1573c78138af6593db20139cc35c907fe4", + "1f729fb1fd0057f77b71361c6d65d65c9e1634fe5522f0e2eb30d6856c885567", + "261fa852470332ce18fee88de0ee43e701044a086a816e8e4c4fee5abd36feee", + "356a0c3ec22d725e81f8441e61551f112ec136502b533c3eb3ae707345c7d1de", + "3914cb2391b1f4dea8beb1310ad8804b9ab30218808f2fba1b21a7d398473d7c", + "476c6b55260a892b205eca31487a5c9df84972fcfa32e1579ad8cafc4e3ae412", + "47dfc9a17dcf98d70546463ee6744ccd866bb25dcc761a17f6fc80c658360a87", + "4dacfeb76545ad7fd43c89145e504410c257dff11ef64f9bb7dc3d0543474e30", + "555eafa8932f34b79dde787d1e24d049a6cd662a9f79433358c287ecf087c2d2", + "56492e89b6d571e73f85bff04df71d7a120ea0db56e63282372f1e881aecec7c", + "61379474c1ffc0f3905676a35bbd7aeae723cafbd9d009e41e29105b058c12a5", + "623c5e18f10921e6142ff115a750285427aa8e0d5e22b01826a13004471a945e", + "6916e5f854b557f379d37f689c565023e9b998ec33085f7db93c6c118e713856", + "6e191847d61897640fd344288756f5d59ec407e2d82191a80ca61ac1fdcf5ea4", + "792e03a293bd084dae4581bd0d0968771bab2260198ae9921d69208b9cdbe1f8", + "7c6c4b95a8f371197879242621a29b420020f499f2492b299e8f732aca2d9468", + "861a9fe61b65913d45bc9e70f9f0967b0a1d6b8f5e10ca36e64d11f340845a1c" + ], + "host": "pumumagojef[.]eu" + }, + { + "hashes": [ + "043c264efa0f27d30ebff0d9c3c5239ec02ddf012bebf53740e9e9fa45278b88", + "0629056f7d4102a08a4b773253d62453445ee91cc17fa1650b40d1bbca216e81", + "07265ea0a06d695ee7d9c432328fa03c9b094156ea4340d655a9bd004f1ec245", + "07f6802aefceb7295163b85221c6edee87eb714f85e898f91b832fd427fcb840", + "13dfcc67efbbd2fbab594ec2f166c3bd606daedbc84e0af9a85aa73e9c365e69", + "15dee18e595c7229866196fb35705cc11d156254302524d128c6de1091070752", + "1a8d546528102cd45980bce71b0159d8a8d50ad877219f2930f64010f3b10de2", + "1b0038caef373a183c07a3432a071d39a6cc6a1382a841176ba755d5f87093c1", + "1e86f351224a048a3e345984bab57e1573c78138af6593db20139cc35c907fe4", + "1f729fb1fd0057f77b71361c6d65d65c9e1634fe5522f0e2eb30d6856c885567", + "261fa852470332ce18fee88de0ee43e701044a086a816e8e4c4fee5abd36feee", + "356a0c3ec22d725e81f8441e61551f112ec136502b533c3eb3ae707345c7d1de", + "3914cb2391b1f4dea8beb1310ad8804b9ab30218808f2fba1b21a7d398473d7c", + "476c6b55260a892b205eca31487a5c9df84972fcfa32e1579ad8cafc4e3ae412", + "47dfc9a17dcf98d70546463ee6744ccd866bb25dcc761a17f6fc80c658360a87", + "4dacfeb76545ad7fd43c89145e504410c257dff11ef64f9bb7dc3d0543474e30", + "555eafa8932f34b79dde787d1e24d049a6cd662a9f79433358c287ecf087c2d2", + "56492e89b6d571e73f85bff04df71d7a120ea0db56e63282372f1e881aecec7c", + "61379474c1ffc0f3905676a35bbd7aeae723cafbd9d009e41e29105b058c12a5", + "623c5e18f10921e6142ff115a750285427aa8e0d5e22b01826a13004471a945e", + "6916e5f854b557f379d37f689c565023e9b998ec33085f7db93c6c118e713856", + "6e191847d61897640fd344288756f5d59ec407e2d82191a80ca61ac1fdcf5ea4", + "792e03a293bd084dae4581bd0d0968771bab2260198ae9921d69208b9cdbe1f8", + "7c6c4b95a8f371197879242621a29b420020f499f2492b299e8f732aca2d9468", + "861a9fe61b65913d45bc9e70f9f0967b0a1d6b8f5e10ca36e64d11f340845a1c" + ], + "host": "jenerunybem[.]eu" + }, + { + "hashes": [ + "043c264efa0f27d30ebff0d9c3c5239ec02ddf012bebf53740e9e9fa45278b88", + "0629056f7d4102a08a4b773253d62453445ee91cc17fa1650b40d1bbca216e81", + "07265ea0a06d695ee7d9c432328fa03c9b094156ea4340d655a9bd004f1ec245", + "07f6802aefceb7295163b85221c6edee87eb714f85e898f91b832fd427fcb840", + "13dfcc67efbbd2fbab594ec2f166c3bd606daedbc84e0af9a85aa73e9c365e69", + "15dee18e595c7229866196fb35705cc11d156254302524d128c6de1091070752", + "1a8d546528102cd45980bce71b0159d8a8d50ad877219f2930f64010f3b10de2", + "1b0038caef373a183c07a3432a071d39a6cc6a1382a841176ba755d5f87093c1", + "1e86f351224a048a3e345984bab57e1573c78138af6593db20139cc35c907fe4", + "1f729fb1fd0057f77b71361c6d65d65c9e1634fe5522f0e2eb30d6856c885567", + "261fa852470332ce18fee88de0ee43e701044a086a816e8e4c4fee5abd36feee", + "356a0c3ec22d725e81f8441e61551f112ec136502b533c3eb3ae707345c7d1de", + "3914cb2391b1f4dea8beb1310ad8804b9ab30218808f2fba1b21a7d398473d7c", + "476c6b55260a892b205eca31487a5c9df84972fcfa32e1579ad8cafc4e3ae412", + "47dfc9a17dcf98d70546463ee6744ccd866bb25dcc761a17f6fc80c658360a87", + "4dacfeb76545ad7fd43c89145e504410c257dff11ef64f9bb7dc3d0543474e30", + "555eafa8932f34b79dde787d1e24d049a6cd662a9f79433358c287ecf087c2d2", + "56492e89b6d571e73f85bff04df71d7a120ea0db56e63282372f1e881aecec7c", + "61379474c1ffc0f3905676a35bbd7aeae723cafbd9d009e41e29105b058c12a5", + "623c5e18f10921e6142ff115a750285427aa8e0d5e22b01826a13004471a945e", + "6916e5f854b557f379d37f689c565023e9b998ec33085f7db93c6c118e713856", + "6e191847d61897640fd344288756f5d59ec407e2d82191a80ca61ac1fdcf5ea4", + "792e03a293bd084dae4581bd0d0968771bab2260198ae9921d69208b9cdbe1f8", + "7c6c4b95a8f371197879242621a29b420020f499f2492b299e8f732aca2d9468", + "861a9fe61b65913d45bc9e70f9f0967b0a1d6b8f5e10ca36e64d11f340845a1c" + ], + "host": "fotaqizymig[.]eu" + }, + { + "hashes": [ + "043c264efa0f27d30ebff0d9c3c5239ec02ddf012bebf53740e9e9fa45278b88", + "0629056f7d4102a08a4b773253d62453445ee91cc17fa1650b40d1bbca216e81", + "07265ea0a06d695ee7d9c432328fa03c9b094156ea4340d655a9bd004f1ec245", + "07f6802aefceb7295163b85221c6edee87eb714f85e898f91b832fd427fcb840", + "13dfcc67efbbd2fbab594ec2f166c3bd606daedbc84e0af9a85aa73e9c365e69", + "15dee18e595c7229866196fb35705cc11d156254302524d128c6de1091070752", + "1a8d546528102cd45980bce71b0159d8a8d50ad877219f2930f64010f3b10de2", + "1b0038caef373a183c07a3432a071d39a6cc6a1382a841176ba755d5f87093c1", + "1e86f351224a048a3e345984bab57e1573c78138af6593db20139cc35c907fe4", + "1f729fb1fd0057f77b71361c6d65d65c9e1634fe5522f0e2eb30d6856c885567", + "261fa852470332ce18fee88de0ee43e701044a086a816e8e4c4fee5abd36feee", + "356a0c3ec22d725e81f8441e61551f112ec136502b533c3eb3ae707345c7d1de", + "3914cb2391b1f4dea8beb1310ad8804b9ab30218808f2fba1b21a7d398473d7c", + "476c6b55260a892b205eca31487a5c9df84972fcfa32e1579ad8cafc4e3ae412", + "47dfc9a17dcf98d70546463ee6744ccd866bb25dcc761a17f6fc80c658360a87", + "4dacfeb76545ad7fd43c89145e504410c257dff11ef64f9bb7dc3d0543474e30", + "555eafa8932f34b79dde787d1e24d049a6cd662a9f79433358c287ecf087c2d2", + "56492e89b6d571e73f85bff04df71d7a120ea0db56e63282372f1e881aecec7c", + "61379474c1ffc0f3905676a35bbd7aeae723cafbd9d009e41e29105b058c12a5", + "623c5e18f10921e6142ff115a750285427aa8e0d5e22b01826a13004471a945e", + "6916e5f854b557f379d37f689c565023e9b998ec33085f7db93c6c118e713856", + "6e191847d61897640fd344288756f5d59ec407e2d82191a80ca61ac1fdcf5ea4", + "792e03a293bd084dae4581bd0d0968771bab2260198ae9921d69208b9cdbe1f8", + "7c6c4b95a8f371197879242621a29b420020f499f2492b299e8f732aca2d9468", + "861a9fe61b65913d45bc9e70f9f0967b0a1d6b8f5e10ca36e64d11f340845a1c" + ], + "host": "tujajepifyv[.]eu" + }, + { + "hashes": [ + "043c264efa0f27d30ebff0d9c3c5239ec02ddf012bebf53740e9e9fa45278b88", + "0629056f7d4102a08a4b773253d62453445ee91cc17fa1650b40d1bbca216e81", + "07265ea0a06d695ee7d9c432328fa03c9b094156ea4340d655a9bd004f1ec245", + "07f6802aefceb7295163b85221c6edee87eb714f85e898f91b832fd427fcb840", + "13dfcc67efbbd2fbab594ec2f166c3bd606daedbc84e0af9a85aa73e9c365e69", + "15dee18e595c7229866196fb35705cc11d156254302524d128c6de1091070752", + "1a8d546528102cd45980bce71b0159d8a8d50ad877219f2930f64010f3b10de2", + "1b0038caef373a183c07a3432a071d39a6cc6a1382a841176ba755d5f87093c1", + "1e86f351224a048a3e345984bab57e1573c78138af6593db20139cc35c907fe4", + "1f729fb1fd0057f77b71361c6d65d65c9e1634fe5522f0e2eb30d6856c885567", + "261fa852470332ce18fee88de0ee43e701044a086a816e8e4c4fee5abd36feee", + "356a0c3ec22d725e81f8441e61551f112ec136502b533c3eb3ae707345c7d1de", + "3914cb2391b1f4dea8beb1310ad8804b9ab30218808f2fba1b21a7d398473d7c", + "476c6b55260a892b205eca31487a5c9df84972fcfa32e1579ad8cafc4e3ae412", + "47dfc9a17dcf98d70546463ee6744ccd866bb25dcc761a17f6fc80c658360a87", + "4dacfeb76545ad7fd43c89145e504410c257dff11ef64f9bb7dc3d0543474e30", + "555eafa8932f34b79dde787d1e24d049a6cd662a9f79433358c287ecf087c2d2", + "56492e89b6d571e73f85bff04df71d7a120ea0db56e63282372f1e881aecec7c", + "61379474c1ffc0f3905676a35bbd7aeae723cafbd9d009e41e29105b058c12a5", + "623c5e18f10921e6142ff115a750285427aa8e0d5e22b01826a13004471a945e", + "6916e5f854b557f379d37f689c565023e9b998ec33085f7db93c6c118e713856", + "6e191847d61897640fd344288756f5d59ec407e2d82191a80ca61ac1fdcf5ea4", + "792e03a293bd084dae4581bd0d0968771bab2260198ae9921d69208b9cdbe1f8", + "7c6c4b95a8f371197879242621a29b420020f499f2492b299e8f732aca2d9468", + "861a9fe61b65913d45bc9e70f9f0967b0a1d6b8f5e10ca36e64d11f340845a1c" + ], + "host": "tuwiqelages[.]eu" + }, + { + "hashes": [ + "043c264efa0f27d30ebff0d9c3c5239ec02ddf012bebf53740e9e9fa45278b88", + "0629056f7d4102a08a4b773253d62453445ee91cc17fa1650b40d1bbca216e81", + "07265ea0a06d695ee7d9c432328fa03c9b094156ea4340d655a9bd004f1ec245", + "07f6802aefceb7295163b85221c6edee87eb714f85e898f91b832fd427fcb840", + "13dfcc67efbbd2fbab594ec2f166c3bd606daedbc84e0af9a85aa73e9c365e69", + "15dee18e595c7229866196fb35705cc11d156254302524d128c6de1091070752", + "1a8d546528102cd45980bce71b0159d8a8d50ad877219f2930f64010f3b10de2", + "1b0038caef373a183c07a3432a071d39a6cc6a1382a841176ba755d5f87093c1", + "1e86f351224a048a3e345984bab57e1573c78138af6593db20139cc35c907fe4", + "1f729fb1fd0057f77b71361c6d65d65c9e1634fe5522f0e2eb30d6856c885567", + "261fa852470332ce18fee88de0ee43e701044a086a816e8e4c4fee5abd36feee", + "356a0c3ec22d725e81f8441e61551f112ec136502b533c3eb3ae707345c7d1de", + "3914cb2391b1f4dea8beb1310ad8804b9ab30218808f2fba1b21a7d398473d7c", + "476c6b55260a892b205eca31487a5c9df84972fcfa32e1579ad8cafc4e3ae412", + "47dfc9a17dcf98d70546463ee6744ccd866bb25dcc761a17f6fc80c658360a87", + "4dacfeb76545ad7fd43c89145e504410c257dff11ef64f9bb7dc3d0543474e30", + "555eafa8932f34b79dde787d1e24d049a6cd662a9f79433358c287ecf087c2d2", + "56492e89b6d571e73f85bff04df71d7a120ea0db56e63282372f1e881aecec7c", + "61379474c1ffc0f3905676a35bbd7aeae723cafbd9d009e41e29105b058c12a5", + "623c5e18f10921e6142ff115a750285427aa8e0d5e22b01826a13004471a945e", + "6916e5f854b557f379d37f689c565023e9b998ec33085f7db93c6c118e713856", + "6e191847d61897640fd344288756f5d59ec407e2d82191a80ca61ac1fdcf5ea4", + "792e03a293bd084dae4581bd0d0968771bab2260198ae9921d69208b9cdbe1f8", + "7c6c4b95a8f371197879242621a29b420020f499f2492b299e8f732aca2d9468", + "861a9fe61b65913d45bc9e70f9f0967b0a1d6b8f5e10ca36e64d11f340845a1c" + ], + "host": "nopexifigep[.]eu" + }, + { + "hashes": [ + "043c264efa0f27d30ebff0d9c3c5239ec02ddf012bebf53740e9e9fa45278b88", + "0629056f7d4102a08a4b773253d62453445ee91cc17fa1650b40d1bbca216e81", + "07265ea0a06d695ee7d9c432328fa03c9b094156ea4340d655a9bd004f1ec245", + "07f6802aefceb7295163b85221c6edee87eb714f85e898f91b832fd427fcb840", + "13dfcc67efbbd2fbab594ec2f166c3bd606daedbc84e0af9a85aa73e9c365e69", + "15dee18e595c7229866196fb35705cc11d156254302524d128c6de1091070752", + "1a8d546528102cd45980bce71b0159d8a8d50ad877219f2930f64010f3b10de2", + "1b0038caef373a183c07a3432a071d39a6cc6a1382a841176ba755d5f87093c1", + "1e86f351224a048a3e345984bab57e1573c78138af6593db20139cc35c907fe4", + "1f729fb1fd0057f77b71361c6d65d65c9e1634fe5522f0e2eb30d6856c885567", + "261fa852470332ce18fee88de0ee43e701044a086a816e8e4c4fee5abd36feee", + "356a0c3ec22d725e81f8441e61551f112ec136502b533c3eb3ae707345c7d1de", + "3914cb2391b1f4dea8beb1310ad8804b9ab30218808f2fba1b21a7d398473d7c", + "476c6b55260a892b205eca31487a5c9df84972fcfa32e1579ad8cafc4e3ae412", + "47dfc9a17dcf98d70546463ee6744ccd866bb25dcc761a17f6fc80c658360a87", + "4dacfeb76545ad7fd43c89145e504410c257dff11ef64f9bb7dc3d0543474e30", + "555eafa8932f34b79dde787d1e24d049a6cd662a9f79433358c287ecf087c2d2", + "56492e89b6d571e73f85bff04df71d7a120ea0db56e63282372f1e881aecec7c", + "61379474c1ffc0f3905676a35bbd7aeae723cafbd9d009e41e29105b058c12a5", + "623c5e18f10921e6142ff115a750285427aa8e0d5e22b01826a13004471a945e", + "6916e5f854b557f379d37f689c565023e9b998ec33085f7db93c6c118e713856", + "6e191847d61897640fd344288756f5d59ec407e2d82191a80ca61ac1fdcf5ea4", + "792e03a293bd084dae4581bd0d0968771bab2260198ae9921d69208b9cdbe1f8", + "7c6c4b95a8f371197879242621a29b420020f499f2492b299e8f732aca2d9468", + "861a9fe61b65913d45bc9e70f9f0967b0a1d6b8f5e10ca36e64d11f340845a1c" + ], + "host": "gatykibojig[.]eu" + }, + { + "hashes": [ + "043c264efa0f27d30ebff0d9c3c5239ec02ddf012bebf53740e9e9fa45278b88", + "0629056f7d4102a08a4b773253d62453445ee91cc17fa1650b40d1bbca216e81", + "07265ea0a06d695ee7d9c432328fa03c9b094156ea4340d655a9bd004f1ec245", + "07f6802aefceb7295163b85221c6edee87eb714f85e898f91b832fd427fcb840", + "13dfcc67efbbd2fbab594ec2f166c3bd606daedbc84e0af9a85aa73e9c365e69", + "15dee18e595c7229866196fb35705cc11d156254302524d128c6de1091070752", + "1a8d546528102cd45980bce71b0159d8a8d50ad877219f2930f64010f3b10de2", + "1b0038caef373a183c07a3432a071d39a6cc6a1382a841176ba755d5f87093c1", + "1e86f351224a048a3e345984bab57e1573c78138af6593db20139cc35c907fe4", + "1f729fb1fd0057f77b71361c6d65d65c9e1634fe5522f0e2eb30d6856c885567", + "261fa852470332ce18fee88de0ee43e701044a086a816e8e4c4fee5abd36feee", + "356a0c3ec22d725e81f8441e61551f112ec136502b533c3eb3ae707345c7d1de", + "3914cb2391b1f4dea8beb1310ad8804b9ab30218808f2fba1b21a7d398473d7c", + "476c6b55260a892b205eca31487a5c9df84972fcfa32e1579ad8cafc4e3ae412", + "47dfc9a17dcf98d70546463ee6744ccd866bb25dcc761a17f6fc80c658360a87", + "4dacfeb76545ad7fd43c89145e504410c257dff11ef64f9bb7dc3d0543474e30", + "555eafa8932f34b79dde787d1e24d049a6cd662a9f79433358c287ecf087c2d2", + "56492e89b6d571e73f85bff04df71d7a120ea0db56e63282372f1e881aecec7c", + "61379474c1ffc0f3905676a35bbd7aeae723cafbd9d009e41e29105b058c12a5", + "623c5e18f10921e6142ff115a750285427aa8e0d5e22b01826a13004471a945e", + "6916e5f854b557f379d37f689c565023e9b998ec33085f7db93c6c118e713856", + "6e191847d61897640fd344288756f5d59ec407e2d82191a80ca61ac1fdcf5ea4", + "792e03a293bd084dae4581bd0d0968771bab2260198ae9921d69208b9cdbe1f8", + "7c6c4b95a8f371197879242621a29b420020f499f2492b299e8f732aca2d9468", + "861a9fe61b65913d45bc9e70f9f0967b0a1d6b8f5e10ca36e64d11f340845a1c" + ], + "host": "disumesenyv[.]eu" + }, + { + "hashes": [ + "043c264efa0f27d30ebff0d9c3c5239ec02ddf012bebf53740e9e9fa45278b88", + "0629056f7d4102a08a4b773253d62453445ee91cc17fa1650b40d1bbca216e81", + "07265ea0a06d695ee7d9c432328fa03c9b094156ea4340d655a9bd004f1ec245", + "07f6802aefceb7295163b85221c6edee87eb714f85e898f91b832fd427fcb840", + "13dfcc67efbbd2fbab594ec2f166c3bd606daedbc84e0af9a85aa73e9c365e69", + "15dee18e595c7229866196fb35705cc11d156254302524d128c6de1091070752", + "1a8d546528102cd45980bce71b0159d8a8d50ad877219f2930f64010f3b10de2", + "1b0038caef373a183c07a3432a071d39a6cc6a1382a841176ba755d5f87093c1", + "1e86f351224a048a3e345984bab57e1573c78138af6593db20139cc35c907fe4", + "1f729fb1fd0057f77b71361c6d65d65c9e1634fe5522f0e2eb30d6856c885567", + "261fa852470332ce18fee88de0ee43e701044a086a816e8e4c4fee5abd36feee", + "356a0c3ec22d725e81f8441e61551f112ec136502b533c3eb3ae707345c7d1de", + "3914cb2391b1f4dea8beb1310ad8804b9ab30218808f2fba1b21a7d398473d7c", + "476c6b55260a892b205eca31487a5c9df84972fcfa32e1579ad8cafc4e3ae412", + "47dfc9a17dcf98d70546463ee6744ccd866bb25dcc761a17f6fc80c658360a87", + "4dacfeb76545ad7fd43c89145e504410c257dff11ef64f9bb7dc3d0543474e30", + "555eafa8932f34b79dde787d1e24d049a6cd662a9f79433358c287ecf087c2d2", + "56492e89b6d571e73f85bff04df71d7a120ea0db56e63282372f1e881aecec7c", + "61379474c1ffc0f3905676a35bbd7aeae723cafbd9d009e41e29105b058c12a5", + "623c5e18f10921e6142ff115a750285427aa8e0d5e22b01826a13004471a945e", + "6916e5f854b557f379d37f689c565023e9b998ec33085f7db93c6c118e713856", + "6e191847d61897640fd344288756f5d59ec407e2d82191a80ca61ac1fdcf5ea4", + "792e03a293bd084dae4581bd0d0968771bab2260198ae9921d69208b9cdbe1f8", + "7c6c4b95a8f371197879242621a29b420020f499f2492b299e8f732aca2d9468", + "861a9fe61b65913d45bc9e70f9f0967b0a1d6b8f5e10ca36e64d11f340845a1c" + ], + "host": "jenujoxojug[.]eu" + }, + { + "hashes": [ + "043c264efa0f27d30ebff0d9c3c5239ec02ddf012bebf53740e9e9fa45278b88", + "0629056f7d4102a08a4b773253d62453445ee91cc17fa1650b40d1bbca216e81", + "07265ea0a06d695ee7d9c432328fa03c9b094156ea4340d655a9bd004f1ec245", + "07f6802aefceb7295163b85221c6edee87eb714f85e898f91b832fd427fcb840", + "13dfcc67efbbd2fbab594ec2f166c3bd606daedbc84e0af9a85aa73e9c365e69", + "15dee18e595c7229866196fb35705cc11d156254302524d128c6de1091070752", + "1a8d546528102cd45980bce71b0159d8a8d50ad877219f2930f64010f3b10de2", + "1b0038caef373a183c07a3432a071d39a6cc6a1382a841176ba755d5f87093c1", + "1e86f351224a048a3e345984bab57e1573c78138af6593db20139cc35c907fe4", + "1f729fb1fd0057f77b71361c6d65d65c9e1634fe5522f0e2eb30d6856c885567", + "261fa852470332ce18fee88de0ee43e701044a086a816e8e4c4fee5abd36feee", + "356a0c3ec22d725e81f8441e61551f112ec136502b533c3eb3ae707345c7d1de", + "3914cb2391b1f4dea8beb1310ad8804b9ab30218808f2fba1b21a7d398473d7c", + "476c6b55260a892b205eca31487a5c9df84972fcfa32e1579ad8cafc4e3ae412", + "47dfc9a17dcf98d70546463ee6744ccd866bb25dcc761a17f6fc80c658360a87", + "4dacfeb76545ad7fd43c89145e504410c257dff11ef64f9bb7dc3d0543474e30", + "555eafa8932f34b79dde787d1e24d049a6cd662a9f79433358c287ecf087c2d2", + "56492e89b6d571e73f85bff04df71d7a120ea0db56e63282372f1e881aecec7c", + "61379474c1ffc0f3905676a35bbd7aeae723cafbd9d009e41e29105b058c12a5", + "623c5e18f10921e6142ff115a750285427aa8e0d5e22b01826a13004471a945e", + "6916e5f854b557f379d37f689c565023e9b998ec33085f7db93c6c118e713856", + "6e191847d61897640fd344288756f5d59ec407e2d82191a80ca61ac1fdcf5ea4", + "792e03a293bd084dae4581bd0d0968771bab2260198ae9921d69208b9cdbe1f8", + "7c6c4b95a8f371197879242621a29b420020f499f2492b299e8f732aca2d9468", + "861a9fe61b65913d45bc9e70f9f0967b0a1d6b8f5e10ca36e64d11f340845a1c" + ], + "host": "dikiwewutav[.]eu" + }, + { + "hashes": [ + "043c264efa0f27d30ebff0d9c3c5239ec02ddf012bebf53740e9e9fa45278b88", + "0629056f7d4102a08a4b773253d62453445ee91cc17fa1650b40d1bbca216e81", + "07265ea0a06d695ee7d9c432328fa03c9b094156ea4340d655a9bd004f1ec245", + "07f6802aefceb7295163b85221c6edee87eb714f85e898f91b832fd427fcb840", + "13dfcc67efbbd2fbab594ec2f166c3bd606daedbc84e0af9a85aa73e9c365e69", + "15dee18e595c7229866196fb35705cc11d156254302524d128c6de1091070752", + "1a8d546528102cd45980bce71b0159d8a8d50ad877219f2930f64010f3b10de2", + "1b0038caef373a183c07a3432a071d39a6cc6a1382a841176ba755d5f87093c1", + "1e86f351224a048a3e345984bab57e1573c78138af6593db20139cc35c907fe4", + "1f729fb1fd0057f77b71361c6d65d65c9e1634fe5522f0e2eb30d6856c885567", + "261fa852470332ce18fee88de0ee43e701044a086a816e8e4c4fee5abd36feee", + "356a0c3ec22d725e81f8441e61551f112ec136502b533c3eb3ae707345c7d1de", + "3914cb2391b1f4dea8beb1310ad8804b9ab30218808f2fba1b21a7d398473d7c", + "476c6b55260a892b205eca31487a5c9df84972fcfa32e1579ad8cafc4e3ae412", + "47dfc9a17dcf98d70546463ee6744ccd866bb25dcc761a17f6fc80c658360a87", + "4dacfeb76545ad7fd43c89145e504410c257dff11ef64f9bb7dc3d0543474e30", + "555eafa8932f34b79dde787d1e24d049a6cd662a9f79433358c287ecf087c2d2", + "56492e89b6d571e73f85bff04df71d7a120ea0db56e63282372f1e881aecec7c", + "61379474c1ffc0f3905676a35bbd7aeae723cafbd9d009e41e29105b058c12a5", + "623c5e18f10921e6142ff115a750285427aa8e0d5e22b01826a13004471a945e", + "6916e5f854b557f379d37f689c565023e9b998ec33085f7db93c6c118e713856", + "6e191847d61897640fd344288756f5d59ec407e2d82191a80ca61ac1fdcf5ea4", + "792e03a293bd084dae4581bd0d0968771bab2260198ae9921d69208b9cdbe1f8", + "7c6c4b95a8f371197879242621a29b420020f499f2492b299e8f732aca2d9468", + "861a9fe61b65913d45bc9e70f9f0967b0a1d6b8f5e10ca36e64d11f340845a1c" + ], + "host": "kepolonavit[.]eu" + }, + { + "hashes": [ + "043c264efa0f27d30ebff0d9c3c5239ec02ddf012bebf53740e9e9fa45278b88", + "0629056f7d4102a08a4b773253d62453445ee91cc17fa1650b40d1bbca216e81", + "07265ea0a06d695ee7d9c432328fa03c9b094156ea4340d655a9bd004f1ec245", + "07f6802aefceb7295163b85221c6edee87eb714f85e898f91b832fd427fcb840", + "13dfcc67efbbd2fbab594ec2f166c3bd606daedbc84e0af9a85aa73e9c365e69", + "15dee18e595c7229866196fb35705cc11d156254302524d128c6de1091070752", + "1a8d546528102cd45980bce71b0159d8a8d50ad877219f2930f64010f3b10de2", + "1b0038caef373a183c07a3432a071d39a6cc6a1382a841176ba755d5f87093c1", + "1e86f351224a048a3e345984bab57e1573c78138af6593db20139cc35c907fe4", + "1f729fb1fd0057f77b71361c6d65d65c9e1634fe5522f0e2eb30d6856c885567", + "261fa852470332ce18fee88de0ee43e701044a086a816e8e4c4fee5abd36feee", + "356a0c3ec22d725e81f8441e61551f112ec136502b533c3eb3ae707345c7d1de", + "3914cb2391b1f4dea8beb1310ad8804b9ab30218808f2fba1b21a7d398473d7c", + "476c6b55260a892b205eca31487a5c9df84972fcfa32e1579ad8cafc4e3ae412", + "47dfc9a17dcf98d70546463ee6744ccd866bb25dcc761a17f6fc80c658360a87", + "4dacfeb76545ad7fd43c89145e504410c257dff11ef64f9bb7dc3d0543474e30", + "555eafa8932f34b79dde787d1e24d049a6cd662a9f79433358c287ecf087c2d2", + "56492e89b6d571e73f85bff04df71d7a120ea0db56e63282372f1e881aecec7c", + "61379474c1ffc0f3905676a35bbd7aeae723cafbd9d009e41e29105b058c12a5", + "623c5e18f10921e6142ff115a750285427aa8e0d5e22b01826a13004471a945e", + "6916e5f854b557f379d37f689c565023e9b998ec33085f7db93c6c118e713856", + "6e191847d61897640fd344288756f5d59ec407e2d82191a80ca61ac1fdcf5ea4", + "792e03a293bd084dae4581bd0d0968771bab2260198ae9921d69208b9cdbe1f8", + "7c6c4b95a8f371197879242621a29b420020f499f2492b299e8f732aca2d9468", + "861a9fe61b65913d45bc9e70f9f0967b0a1d6b8f5e10ca36e64d11f340845a1c" + ], + "host": "jejubyrexeq[.]eu" + }, + { + "hashes": [ + "043c264efa0f27d30ebff0d9c3c5239ec02ddf012bebf53740e9e9fa45278b88", + "0629056f7d4102a08a4b773253d62453445ee91cc17fa1650b40d1bbca216e81", + "07265ea0a06d695ee7d9c432328fa03c9b094156ea4340d655a9bd004f1ec245", + "07f6802aefceb7295163b85221c6edee87eb714f85e898f91b832fd427fcb840", + "13dfcc67efbbd2fbab594ec2f166c3bd606daedbc84e0af9a85aa73e9c365e69", + "15dee18e595c7229866196fb35705cc11d156254302524d128c6de1091070752", + "1a8d546528102cd45980bce71b0159d8a8d50ad877219f2930f64010f3b10de2", + "1b0038caef373a183c07a3432a071d39a6cc6a1382a841176ba755d5f87093c1", + "1e86f351224a048a3e345984bab57e1573c78138af6593db20139cc35c907fe4", + "1f729fb1fd0057f77b71361c6d65d65c9e1634fe5522f0e2eb30d6856c885567", + "261fa852470332ce18fee88de0ee43e701044a086a816e8e4c4fee5abd36feee", + "356a0c3ec22d725e81f8441e61551f112ec136502b533c3eb3ae707345c7d1de", + "3914cb2391b1f4dea8beb1310ad8804b9ab30218808f2fba1b21a7d398473d7c", + "476c6b55260a892b205eca31487a5c9df84972fcfa32e1579ad8cafc4e3ae412", + "47dfc9a17dcf98d70546463ee6744ccd866bb25dcc761a17f6fc80c658360a87", + "4dacfeb76545ad7fd43c89145e504410c257dff11ef64f9bb7dc3d0543474e30", + "555eafa8932f34b79dde787d1e24d049a6cd662a9f79433358c287ecf087c2d2", + "56492e89b6d571e73f85bff04df71d7a120ea0db56e63282372f1e881aecec7c", + "61379474c1ffc0f3905676a35bbd7aeae723cafbd9d009e41e29105b058c12a5", + "623c5e18f10921e6142ff115a750285427aa8e0d5e22b01826a13004471a945e", + "6916e5f854b557f379d37f689c565023e9b998ec33085f7db93c6c118e713856", + "6e191847d61897640fd344288756f5d59ec407e2d82191a80ca61ac1fdcf5ea4", + "792e03a293bd084dae4581bd0d0968771bab2260198ae9921d69208b9cdbe1f8", + "7c6c4b95a8f371197879242621a29b420020f499f2492b299e8f732aca2d9468", + "861a9fe61b65913d45bc9e70f9f0967b0a1d6b8f5e10ca36e64d11f340845a1c" + ], + "host": "puvacigakog[.]eu" + }, + { + "hashes": [ + "043c264efa0f27d30ebff0d9c3c5239ec02ddf012bebf53740e9e9fa45278b88", + "0629056f7d4102a08a4b773253d62453445ee91cc17fa1650b40d1bbca216e81", + "07265ea0a06d695ee7d9c432328fa03c9b094156ea4340d655a9bd004f1ec245", + "07f6802aefceb7295163b85221c6edee87eb714f85e898f91b832fd427fcb840", + "13dfcc67efbbd2fbab594ec2f166c3bd606daedbc84e0af9a85aa73e9c365e69", + "15dee18e595c7229866196fb35705cc11d156254302524d128c6de1091070752", + "1a8d546528102cd45980bce71b0159d8a8d50ad877219f2930f64010f3b10de2", + "1b0038caef373a183c07a3432a071d39a6cc6a1382a841176ba755d5f87093c1", + "1e86f351224a048a3e345984bab57e1573c78138af6593db20139cc35c907fe4", + "1f729fb1fd0057f77b71361c6d65d65c9e1634fe5522f0e2eb30d6856c885567", + "261fa852470332ce18fee88de0ee43e701044a086a816e8e4c4fee5abd36feee", + "356a0c3ec22d725e81f8441e61551f112ec136502b533c3eb3ae707345c7d1de", + "3914cb2391b1f4dea8beb1310ad8804b9ab30218808f2fba1b21a7d398473d7c", + "476c6b55260a892b205eca31487a5c9df84972fcfa32e1579ad8cafc4e3ae412", + "47dfc9a17dcf98d70546463ee6744ccd866bb25dcc761a17f6fc80c658360a87", + "4dacfeb76545ad7fd43c89145e504410c257dff11ef64f9bb7dc3d0543474e30", + "555eafa8932f34b79dde787d1e24d049a6cd662a9f79433358c287ecf087c2d2", + "56492e89b6d571e73f85bff04df71d7a120ea0db56e63282372f1e881aecec7c", + "61379474c1ffc0f3905676a35bbd7aeae723cafbd9d009e41e29105b058c12a5", + "623c5e18f10921e6142ff115a750285427aa8e0d5e22b01826a13004471a945e", + "6916e5f854b557f379d37f689c565023e9b998ec33085f7db93c6c118e713856", + "6e191847d61897640fd344288756f5d59ec407e2d82191a80ca61ac1fdcf5ea4", + "792e03a293bd084dae4581bd0d0968771bab2260198ae9921d69208b9cdbe1f8", + "7c6c4b95a8f371197879242621a29b420020f499f2492b299e8f732aca2d9468", + "861a9fe61b65913d45bc9e70f9f0967b0a1d6b8f5e10ca36e64d11f340845a1c" + ], + "host": "maxilumiriz[.]eu" + }, + { + "hashes": [ + "043c264efa0f27d30ebff0d9c3c5239ec02ddf012bebf53740e9e9fa45278b88", + "0629056f7d4102a08a4b773253d62453445ee91cc17fa1650b40d1bbca216e81", + "07265ea0a06d695ee7d9c432328fa03c9b094156ea4340d655a9bd004f1ec245", + "07f6802aefceb7295163b85221c6edee87eb714f85e898f91b832fd427fcb840", + "13dfcc67efbbd2fbab594ec2f166c3bd606daedbc84e0af9a85aa73e9c365e69", + "15dee18e595c7229866196fb35705cc11d156254302524d128c6de1091070752", + "1a8d546528102cd45980bce71b0159d8a8d50ad877219f2930f64010f3b10de2", + "1b0038caef373a183c07a3432a071d39a6cc6a1382a841176ba755d5f87093c1", + "1e86f351224a048a3e345984bab57e1573c78138af6593db20139cc35c907fe4", + "1f729fb1fd0057f77b71361c6d65d65c9e1634fe5522f0e2eb30d6856c885567", + "261fa852470332ce18fee88de0ee43e701044a086a816e8e4c4fee5abd36feee", + "356a0c3ec22d725e81f8441e61551f112ec136502b533c3eb3ae707345c7d1de", + "3914cb2391b1f4dea8beb1310ad8804b9ab30218808f2fba1b21a7d398473d7c", + "476c6b55260a892b205eca31487a5c9df84972fcfa32e1579ad8cafc4e3ae412", + "47dfc9a17dcf98d70546463ee6744ccd866bb25dcc761a17f6fc80c658360a87", + "4dacfeb76545ad7fd43c89145e504410c257dff11ef64f9bb7dc3d0543474e30", + "555eafa8932f34b79dde787d1e24d049a6cd662a9f79433358c287ecf087c2d2", + "56492e89b6d571e73f85bff04df71d7a120ea0db56e63282372f1e881aecec7c", + "61379474c1ffc0f3905676a35bbd7aeae723cafbd9d009e41e29105b058c12a5", + "623c5e18f10921e6142ff115a750285427aa8e0d5e22b01826a13004471a945e", + "6916e5f854b557f379d37f689c565023e9b998ec33085f7db93c6c118e713856", + "6e191847d61897640fd344288756f5d59ec407e2d82191a80ca61ac1fdcf5ea4", + "792e03a293bd084dae4581bd0d0968771bab2260198ae9921d69208b9cdbe1f8", + "7c6c4b95a8f371197879242621a29b420020f499f2492b299e8f732aca2d9468", + "861a9fe61b65913d45bc9e70f9f0967b0a1d6b8f5e10ca36e64d11f340845a1c" + ], + "host": "tujizipipiz[.]eu" + }, + { + "hashes": [ + "043c264efa0f27d30ebff0d9c3c5239ec02ddf012bebf53740e9e9fa45278b88", + "0629056f7d4102a08a4b773253d62453445ee91cc17fa1650b40d1bbca216e81", + "07265ea0a06d695ee7d9c432328fa03c9b094156ea4340d655a9bd004f1ec245", + "07f6802aefceb7295163b85221c6edee87eb714f85e898f91b832fd427fcb840", + "13dfcc67efbbd2fbab594ec2f166c3bd606daedbc84e0af9a85aa73e9c365e69", + "15dee18e595c7229866196fb35705cc11d156254302524d128c6de1091070752", + "1a8d546528102cd45980bce71b0159d8a8d50ad877219f2930f64010f3b10de2", + "1b0038caef373a183c07a3432a071d39a6cc6a1382a841176ba755d5f87093c1", + "1e86f351224a048a3e345984bab57e1573c78138af6593db20139cc35c907fe4", + "1f729fb1fd0057f77b71361c6d65d65c9e1634fe5522f0e2eb30d6856c885567", + "261fa852470332ce18fee88de0ee43e701044a086a816e8e4c4fee5abd36feee", + "356a0c3ec22d725e81f8441e61551f112ec136502b533c3eb3ae707345c7d1de", + "3914cb2391b1f4dea8beb1310ad8804b9ab30218808f2fba1b21a7d398473d7c", + "476c6b55260a892b205eca31487a5c9df84972fcfa32e1579ad8cafc4e3ae412", + "47dfc9a17dcf98d70546463ee6744ccd866bb25dcc761a17f6fc80c658360a87", + "4dacfeb76545ad7fd43c89145e504410c257dff11ef64f9bb7dc3d0543474e30", + "555eafa8932f34b79dde787d1e24d049a6cd662a9f79433358c287ecf087c2d2", + "56492e89b6d571e73f85bff04df71d7a120ea0db56e63282372f1e881aecec7c", + "61379474c1ffc0f3905676a35bbd7aeae723cafbd9d009e41e29105b058c12a5", + "623c5e18f10921e6142ff115a750285427aa8e0d5e22b01826a13004471a945e", + "6916e5f854b557f379d37f689c565023e9b998ec33085f7db93c6c118e713856", + "6e191847d61897640fd344288756f5d59ec407e2d82191a80ca61ac1fdcf5ea4", + "792e03a293bd084dae4581bd0d0968771bab2260198ae9921d69208b9cdbe1f8", + "7c6c4b95a8f371197879242621a29b420020f499f2492b299e8f732aca2d9468", + "861a9fe61b65913d45bc9e70f9f0967b0a1d6b8f5e10ca36e64d11f340845a1c" + ], + "host": "qekafuqafit[.]eu" + }, + { + "hashes": [ + "043c264efa0f27d30ebff0d9c3c5239ec02ddf012bebf53740e9e9fa45278b88", + "0629056f7d4102a08a4b773253d62453445ee91cc17fa1650b40d1bbca216e81", + "07265ea0a06d695ee7d9c432328fa03c9b094156ea4340d655a9bd004f1ec245", + "07f6802aefceb7295163b85221c6edee87eb714f85e898f91b832fd427fcb840", + "13dfcc67efbbd2fbab594ec2f166c3bd606daedbc84e0af9a85aa73e9c365e69", + "15dee18e595c7229866196fb35705cc11d156254302524d128c6de1091070752", + "1a8d546528102cd45980bce71b0159d8a8d50ad877219f2930f64010f3b10de2", + "1b0038caef373a183c07a3432a071d39a6cc6a1382a841176ba755d5f87093c1", + "1e86f351224a048a3e345984bab57e1573c78138af6593db20139cc35c907fe4", + "1f729fb1fd0057f77b71361c6d65d65c9e1634fe5522f0e2eb30d6856c885567", + "261fa852470332ce18fee88de0ee43e701044a086a816e8e4c4fee5abd36feee", + "356a0c3ec22d725e81f8441e61551f112ec136502b533c3eb3ae707345c7d1de", + "3914cb2391b1f4dea8beb1310ad8804b9ab30218808f2fba1b21a7d398473d7c", + "476c6b55260a892b205eca31487a5c9df84972fcfa32e1579ad8cafc4e3ae412", + "47dfc9a17dcf98d70546463ee6744ccd866bb25dcc761a17f6fc80c658360a87", + "4dacfeb76545ad7fd43c89145e504410c257dff11ef64f9bb7dc3d0543474e30", + "555eafa8932f34b79dde787d1e24d049a6cd662a9f79433358c287ecf087c2d2", + "56492e89b6d571e73f85bff04df71d7a120ea0db56e63282372f1e881aecec7c", + "61379474c1ffc0f3905676a35bbd7aeae723cafbd9d009e41e29105b058c12a5", + "623c5e18f10921e6142ff115a750285427aa8e0d5e22b01826a13004471a945e", + "6916e5f854b557f379d37f689c565023e9b998ec33085f7db93c6c118e713856", + "6e191847d61897640fd344288756f5d59ec407e2d82191a80ca61ac1fdcf5ea4", + "792e03a293bd084dae4581bd0d0968771bab2260198ae9921d69208b9cdbe1f8", + "7c6c4b95a8f371197879242621a29b420020f499f2492b299e8f732aca2d9468", + "861a9fe61b65913d45bc9e70f9f0967b0a1d6b8f5e10ca36e64d11f340845a1c" + ], + "host": "nofyjikoxex[.]eu" + }, + { + "hashes": [ + "043c264efa0f27d30ebff0d9c3c5239ec02ddf012bebf53740e9e9fa45278b88", + "0629056f7d4102a08a4b773253d62453445ee91cc17fa1650b40d1bbca216e81", + "07265ea0a06d695ee7d9c432328fa03c9b094156ea4340d655a9bd004f1ec245", + "07f6802aefceb7295163b85221c6edee87eb714f85e898f91b832fd427fcb840", + "13dfcc67efbbd2fbab594ec2f166c3bd606daedbc84e0af9a85aa73e9c365e69", + "15dee18e595c7229866196fb35705cc11d156254302524d128c6de1091070752", + "1a8d546528102cd45980bce71b0159d8a8d50ad877219f2930f64010f3b10de2", + "1b0038caef373a183c07a3432a071d39a6cc6a1382a841176ba755d5f87093c1", + "1e86f351224a048a3e345984bab57e1573c78138af6593db20139cc35c907fe4", + "1f729fb1fd0057f77b71361c6d65d65c9e1634fe5522f0e2eb30d6856c885567", + "261fa852470332ce18fee88de0ee43e701044a086a816e8e4c4fee5abd36feee", + "356a0c3ec22d725e81f8441e61551f112ec136502b533c3eb3ae707345c7d1de", + "3914cb2391b1f4dea8beb1310ad8804b9ab30218808f2fba1b21a7d398473d7c", + "476c6b55260a892b205eca31487a5c9df84972fcfa32e1579ad8cafc4e3ae412", + "47dfc9a17dcf98d70546463ee6744ccd866bb25dcc761a17f6fc80c658360a87", + "4dacfeb76545ad7fd43c89145e504410c257dff11ef64f9bb7dc3d0543474e30", + "555eafa8932f34b79dde787d1e24d049a6cd662a9f79433358c287ecf087c2d2", + "56492e89b6d571e73f85bff04df71d7a120ea0db56e63282372f1e881aecec7c", + "61379474c1ffc0f3905676a35bbd7aeae723cafbd9d009e41e29105b058c12a5", + "623c5e18f10921e6142ff115a750285427aa8e0d5e22b01826a13004471a945e", + "6916e5f854b557f379d37f689c565023e9b998ec33085f7db93c6c118e713856", + "6e191847d61897640fd344288756f5d59ec407e2d82191a80ca61ac1fdcf5ea4", + "792e03a293bd084dae4581bd0d0968771bab2260198ae9921d69208b9cdbe1f8", + "7c6c4b95a8f371197879242621a29b420020f499f2492b299e8f732aca2d9468", + "861a9fe61b65913d45bc9e70f9f0967b0a1d6b8f5e10ca36e64d11f340845a1c" + ], + "host": "purebupycug[.]eu" + }, + { + "hashes": [ + "043c264efa0f27d30ebff0d9c3c5239ec02ddf012bebf53740e9e9fa45278b88", + "0629056f7d4102a08a4b773253d62453445ee91cc17fa1650b40d1bbca216e81", + "07265ea0a06d695ee7d9c432328fa03c9b094156ea4340d655a9bd004f1ec245", + "07f6802aefceb7295163b85221c6edee87eb714f85e898f91b832fd427fcb840", + "13dfcc67efbbd2fbab594ec2f166c3bd606daedbc84e0af9a85aa73e9c365e69", + "15dee18e595c7229866196fb35705cc11d156254302524d128c6de1091070752", + "1a8d546528102cd45980bce71b0159d8a8d50ad877219f2930f64010f3b10de2", + "1b0038caef373a183c07a3432a071d39a6cc6a1382a841176ba755d5f87093c1", + "1e86f351224a048a3e345984bab57e1573c78138af6593db20139cc35c907fe4", + "1f729fb1fd0057f77b71361c6d65d65c9e1634fe5522f0e2eb30d6856c885567", + "261fa852470332ce18fee88de0ee43e701044a086a816e8e4c4fee5abd36feee", + "356a0c3ec22d725e81f8441e61551f112ec136502b533c3eb3ae707345c7d1de", + "3914cb2391b1f4dea8beb1310ad8804b9ab30218808f2fba1b21a7d398473d7c", + "476c6b55260a892b205eca31487a5c9df84972fcfa32e1579ad8cafc4e3ae412", + "47dfc9a17dcf98d70546463ee6744ccd866bb25dcc761a17f6fc80c658360a87", + "4dacfeb76545ad7fd43c89145e504410c257dff11ef64f9bb7dc3d0543474e30", + "555eafa8932f34b79dde787d1e24d049a6cd662a9f79433358c287ecf087c2d2", + "56492e89b6d571e73f85bff04df71d7a120ea0db56e63282372f1e881aecec7c", + "61379474c1ffc0f3905676a35bbd7aeae723cafbd9d009e41e29105b058c12a5", + "623c5e18f10921e6142ff115a750285427aa8e0d5e22b01826a13004471a945e", + "6916e5f854b557f379d37f689c565023e9b998ec33085f7db93c6c118e713856", + "6e191847d61897640fd344288756f5d59ec407e2d82191a80ca61ac1fdcf5ea4", + "792e03a293bd084dae4581bd0d0968771bab2260198ae9921d69208b9cdbe1f8", + "7c6c4b95a8f371197879242621a29b420020f499f2492b299e8f732aca2d9468", + "861a9fe61b65913d45bc9e70f9f0967b0a1d6b8f5e10ca36e64d11f340845a1c" + ], + "host": "nojuletacuf[.]eu" + }, + { + "hashes": [ + "043c264efa0f27d30ebff0d9c3c5239ec02ddf012bebf53740e9e9fa45278b88", + "0629056f7d4102a08a4b773253d62453445ee91cc17fa1650b40d1bbca216e81", + "07265ea0a06d695ee7d9c432328fa03c9b094156ea4340d655a9bd004f1ec245", + "07f6802aefceb7295163b85221c6edee87eb714f85e898f91b832fd427fcb840", + "13dfcc67efbbd2fbab594ec2f166c3bd606daedbc84e0af9a85aa73e9c365e69", + "15dee18e595c7229866196fb35705cc11d156254302524d128c6de1091070752", + "1a8d546528102cd45980bce71b0159d8a8d50ad877219f2930f64010f3b10de2", + "1b0038caef373a183c07a3432a071d39a6cc6a1382a841176ba755d5f87093c1", + "1e86f351224a048a3e345984bab57e1573c78138af6593db20139cc35c907fe4", + "1f729fb1fd0057f77b71361c6d65d65c9e1634fe5522f0e2eb30d6856c885567", + "261fa852470332ce18fee88de0ee43e701044a086a816e8e4c4fee5abd36feee", + "356a0c3ec22d725e81f8441e61551f112ec136502b533c3eb3ae707345c7d1de", + "3914cb2391b1f4dea8beb1310ad8804b9ab30218808f2fba1b21a7d398473d7c", + "476c6b55260a892b205eca31487a5c9df84972fcfa32e1579ad8cafc4e3ae412", + "47dfc9a17dcf98d70546463ee6744ccd866bb25dcc761a17f6fc80c658360a87", + "4dacfeb76545ad7fd43c89145e504410c257dff11ef64f9bb7dc3d0543474e30", + "555eafa8932f34b79dde787d1e24d049a6cd662a9f79433358c287ecf087c2d2", + "56492e89b6d571e73f85bff04df71d7a120ea0db56e63282372f1e881aecec7c", + "61379474c1ffc0f3905676a35bbd7aeae723cafbd9d009e41e29105b058c12a5", + "623c5e18f10921e6142ff115a750285427aa8e0d5e22b01826a13004471a945e", + "6916e5f854b557f379d37f689c565023e9b998ec33085f7db93c6c118e713856", + "6e191847d61897640fd344288756f5d59ec407e2d82191a80ca61ac1fdcf5ea4", + "792e03a293bd084dae4581bd0d0968771bab2260198ae9921d69208b9cdbe1f8", + "7c6c4b95a8f371197879242621a29b420020f499f2492b299e8f732aca2d9468", + "861a9fe61b65913d45bc9e70f9f0967b0a1d6b8f5e10ca36e64d11f340845a1c" + ], + "host": "dimasyhageh[.]eu" + }, + { + "hashes": [ + "043c264efa0f27d30ebff0d9c3c5239ec02ddf012bebf53740e9e9fa45278b88", + "0629056f7d4102a08a4b773253d62453445ee91cc17fa1650b40d1bbca216e81", + "07265ea0a06d695ee7d9c432328fa03c9b094156ea4340d655a9bd004f1ec245", + "07f6802aefceb7295163b85221c6edee87eb714f85e898f91b832fd427fcb840", + "13dfcc67efbbd2fbab594ec2f166c3bd606daedbc84e0af9a85aa73e9c365e69", + "15dee18e595c7229866196fb35705cc11d156254302524d128c6de1091070752", + "1a8d546528102cd45980bce71b0159d8a8d50ad877219f2930f64010f3b10de2", + "1b0038caef373a183c07a3432a071d39a6cc6a1382a841176ba755d5f87093c1", + "1e86f351224a048a3e345984bab57e1573c78138af6593db20139cc35c907fe4", + "1f729fb1fd0057f77b71361c6d65d65c9e1634fe5522f0e2eb30d6856c885567", + "261fa852470332ce18fee88de0ee43e701044a086a816e8e4c4fee5abd36feee", + "356a0c3ec22d725e81f8441e61551f112ec136502b533c3eb3ae707345c7d1de", + "3914cb2391b1f4dea8beb1310ad8804b9ab30218808f2fba1b21a7d398473d7c", + "476c6b55260a892b205eca31487a5c9df84972fcfa32e1579ad8cafc4e3ae412", + "47dfc9a17dcf98d70546463ee6744ccd866bb25dcc761a17f6fc80c658360a87", + "4dacfeb76545ad7fd43c89145e504410c257dff11ef64f9bb7dc3d0543474e30", + "555eafa8932f34b79dde787d1e24d049a6cd662a9f79433358c287ecf087c2d2", + "56492e89b6d571e73f85bff04df71d7a120ea0db56e63282372f1e881aecec7c", + "61379474c1ffc0f3905676a35bbd7aeae723cafbd9d009e41e29105b058c12a5", + "623c5e18f10921e6142ff115a750285427aa8e0d5e22b01826a13004471a945e", + "6916e5f854b557f379d37f689c565023e9b998ec33085f7db93c6c118e713856", + "6e191847d61897640fd344288756f5d59ec407e2d82191a80ca61ac1fdcf5ea4", + "792e03a293bd084dae4581bd0d0968771bab2260198ae9921d69208b9cdbe1f8", + "7c6c4b95a8f371197879242621a29b420020f499f2492b299e8f732aca2d9468", + "861a9fe61b65913d45bc9e70f9f0967b0a1d6b8f5e10ca36e64d11f340845a1c" + ], + "host": "mamasufexix[.]eu" + }, + { + "hashes": [ + "043c264efa0f27d30ebff0d9c3c5239ec02ddf012bebf53740e9e9fa45278b88", + "0629056f7d4102a08a4b773253d62453445ee91cc17fa1650b40d1bbca216e81", + "07265ea0a06d695ee7d9c432328fa03c9b094156ea4340d655a9bd004f1ec245", + "07f6802aefceb7295163b85221c6edee87eb714f85e898f91b832fd427fcb840", + "13dfcc67efbbd2fbab594ec2f166c3bd606daedbc84e0af9a85aa73e9c365e69", + "15dee18e595c7229866196fb35705cc11d156254302524d128c6de1091070752", + "1a8d546528102cd45980bce71b0159d8a8d50ad877219f2930f64010f3b10de2", + "1b0038caef373a183c07a3432a071d39a6cc6a1382a841176ba755d5f87093c1", + "1e86f351224a048a3e345984bab57e1573c78138af6593db20139cc35c907fe4", + "1f729fb1fd0057f77b71361c6d65d65c9e1634fe5522f0e2eb30d6856c885567", + "261fa852470332ce18fee88de0ee43e701044a086a816e8e4c4fee5abd36feee", + "356a0c3ec22d725e81f8441e61551f112ec136502b533c3eb3ae707345c7d1de", + "3914cb2391b1f4dea8beb1310ad8804b9ab30218808f2fba1b21a7d398473d7c", + "476c6b55260a892b205eca31487a5c9df84972fcfa32e1579ad8cafc4e3ae412", + "47dfc9a17dcf98d70546463ee6744ccd866bb25dcc761a17f6fc80c658360a87", + "4dacfeb76545ad7fd43c89145e504410c257dff11ef64f9bb7dc3d0543474e30", + "555eafa8932f34b79dde787d1e24d049a6cd662a9f79433358c287ecf087c2d2", + "56492e89b6d571e73f85bff04df71d7a120ea0db56e63282372f1e881aecec7c", + "61379474c1ffc0f3905676a35bbd7aeae723cafbd9d009e41e29105b058c12a5", + "623c5e18f10921e6142ff115a750285427aa8e0d5e22b01826a13004471a945e", + "6916e5f854b557f379d37f689c565023e9b998ec33085f7db93c6c118e713856", + "6e191847d61897640fd344288756f5d59ec407e2d82191a80ca61ac1fdcf5ea4", + "792e03a293bd084dae4581bd0d0968771bab2260198ae9921d69208b9cdbe1f8", + "7c6c4b95a8f371197879242621a29b420020f499f2492b299e8f732aca2d9468", + "861a9fe61b65913d45bc9e70f9f0967b0a1d6b8f5e10ca36e64d11f340845a1c" + ], + "host": "rydufupipug[.]eu" + }, + { + "hashes": [ + "043c264efa0f27d30ebff0d9c3c5239ec02ddf012bebf53740e9e9fa45278b88", + "0629056f7d4102a08a4b773253d62453445ee91cc17fa1650b40d1bbca216e81", + "07265ea0a06d695ee7d9c432328fa03c9b094156ea4340d655a9bd004f1ec245", + "07f6802aefceb7295163b85221c6edee87eb714f85e898f91b832fd427fcb840", + "13dfcc67efbbd2fbab594ec2f166c3bd606daedbc84e0af9a85aa73e9c365e69", + "15dee18e595c7229866196fb35705cc11d156254302524d128c6de1091070752", + "1a8d546528102cd45980bce71b0159d8a8d50ad877219f2930f64010f3b10de2", + "1b0038caef373a183c07a3432a071d39a6cc6a1382a841176ba755d5f87093c1", + "1e86f351224a048a3e345984bab57e1573c78138af6593db20139cc35c907fe4", + "1f729fb1fd0057f77b71361c6d65d65c9e1634fe5522f0e2eb30d6856c885567", + "261fa852470332ce18fee88de0ee43e701044a086a816e8e4c4fee5abd36feee", + "356a0c3ec22d725e81f8441e61551f112ec136502b533c3eb3ae707345c7d1de", + "3914cb2391b1f4dea8beb1310ad8804b9ab30218808f2fba1b21a7d398473d7c", + "476c6b55260a892b205eca31487a5c9df84972fcfa32e1579ad8cafc4e3ae412", + "47dfc9a17dcf98d70546463ee6744ccd866bb25dcc761a17f6fc80c658360a87", + "4dacfeb76545ad7fd43c89145e504410c257dff11ef64f9bb7dc3d0543474e30", + "555eafa8932f34b79dde787d1e24d049a6cd662a9f79433358c287ecf087c2d2", + "56492e89b6d571e73f85bff04df71d7a120ea0db56e63282372f1e881aecec7c", + "61379474c1ffc0f3905676a35bbd7aeae723cafbd9d009e41e29105b058c12a5", + "623c5e18f10921e6142ff115a750285427aa8e0d5e22b01826a13004471a945e", + "6916e5f854b557f379d37f689c565023e9b998ec33085f7db93c6c118e713856", + "6e191847d61897640fd344288756f5d59ec407e2d82191a80ca61ac1fdcf5ea4", + "792e03a293bd084dae4581bd0d0968771bab2260198ae9921d69208b9cdbe1f8", + "7c6c4b95a8f371197879242621a29b420020f499f2492b299e8f732aca2d9468", + "861a9fe61b65913d45bc9e70f9f0967b0a1d6b8f5e10ca36e64d11f340845a1c" + ], + "host": "purijygirem[.]eu" + }, + { + "hashes": [ + "043c264efa0f27d30ebff0d9c3c5239ec02ddf012bebf53740e9e9fa45278b88", + "0629056f7d4102a08a4b773253d62453445ee91cc17fa1650b40d1bbca216e81", + "07265ea0a06d695ee7d9c432328fa03c9b094156ea4340d655a9bd004f1ec245", + "07f6802aefceb7295163b85221c6edee87eb714f85e898f91b832fd427fcb840", + "13dfcc67efbbd2fbab594ec2f166c3bd606daedbc84e0af9a85aa73e9c365e69", + "15dee18e595c7229866196fb35705cc11d156254302524d128c6de1091070752", + "1a8d546528102cd45980bce71b0159d8a8d50ad877219f2930f64010f3b10de2", + "1b0038caef373a183c07a3432a071d39a6cc6a1382a841176ba755d5f87093c1", + "1e86f351224a048a3e345984bab57e1573c78138af6593db20139cc35c907fe4", + "1f729fb1fd0057f77b71361c6d65d65c9e1634fe5522f0e2eb30d6856c885567", + "261fa852470332ce18fee88de0ee43e701044a086a816e8e4c4fee5abd36feee", + "356a0c3ec22d725e81f8441e61551f112ec136502b533c3eb3ae707345c7d1de", + "3914cb2391b1f4dea8beb1310ad8804b9ab30218808f2fba1b21a7d398473d7c", + "476c6b55260a892b205eca31487a5c9df84972fcfa32e1579ad8cafc4e3ae412", + "47dfc9a17dcf98d70546463ee6744ccd866bb25dcc761a17f6fc80c658360a87", + "4dacfeb76545ad7fd43c89145e504410c257dff11ef64f9bb7dc3d0543474e30", + "555eafa8932f34b79dde787d1e24d049a6cd662a9f79433358c287ecf087c2d2", + "56492e89b6d571e73f85bff04df71d7a120ea0db56e63282372f1e881aecec7c", + "61379474c1ffc0f3905676a35bbd7aeae723cafbd9d009e41e29105b058c12a5", + "623c5e18f10921e6142ff115a750285427aa8e0d5e22b01826a13004471a945e", + "6916e5f854b557f379d37f689c565023e9b998ec33085f7db93c6c118e713856", + "6e191847d61897640fd344288756f5d59ec407e2d82191a80ca61ac1fdcf5ea4", + "792e03a293bd084dae4581bd0d0968771bab2260198ae9921d69208b9cdbe1f8", + "7c6c4b95a8f371197879242621a29b420020f499f2492b299e8f732aca2d9468", + "861a9fe61b65913d45bc9e70f9f0967b0a1d6b8f5e10ca36e64d11f340845a1c" + ], + "host": "kefypadofiw[.]eu" + }, + { + "hashes": [ + "043c264efa0f27d30ebff0d9c3c5239ec02ddf012bebf53740e9e9fa45278b88", + "0629056f7d4102a08a4b773253d62453445ee91cc17fa1650b40d1bbca216e81", + "07265ea0a06d695ee7d9c432328fa03c9b094156ea4340d655a9bd004f1ec245", + "07f6802aefceb7295163b85221c6edee87eb714f85e898f91b832fd427fcb840", + "13dfcc67efbbd2fbab594ec2f166c3bd606daedbc84e0af9a85aa73e9c365e69", + "15dee18e595c7229866196fb35705cc11d156254302524d128c6de1091070752", + "1a8d546528102cd45980bce71b0159d8a8d50ad877219f2930f64010f3b10de2", + "1b0038caef373a183c07a3432a071d39a6cc6a1382a841176ba755d5f87093c1", + "1e86f351224a048a3e345984bab57e1573c78138af6593db20139cc35c907fe4", + "1f729fb1fd0057f77b71361c6d65d65c9e1634fe5522f0e2eb30d6856c885567", + "261fa852470332ce18fee88de0ee43e701044a086a816e8e4c4fee5abd36feee", + "356a0c3ec22d725e81f8441e61551f112ec136502b533c3eb3ae707345c7d1de", + "3914cb2391b1f4dea8beb1310ad8804b9ab30218808f2fba1b21a7d398473d7c", + "476c6b55260a892b205eca31487a5c9df84972fcfa32e1579ad8cafc4e3ae412", + "47dfc9a17dcf98d70546463ee6744ccd866bb25dcc761a17f6fc80c658360a87", + "4dacfeb76545ad7fd43c89145e504410c257dff11ef64f9bb7dc3d0543474e30", + "555eafa8932f34b79dde787d1e24d049a6cd662a9f79433358c287ecf087c2d2", + "56492e89b6d571e73f85bff04df71d7a120ea0db56e63282372f1e881aecec7c", + "61379474c1ffc0f3905676a35bbd7aeae723cafbd9d009e41e29105b058c12a5", + "623c5e18f10921e6142ff115a750285427aa8e0d5e22b01826a13004471a945e", + "6916e5f854b557f379d37f689c565023e9b998ec33085f7db93c6c118e713856", + "6e191847d61897640fd344288756f5d59ec407e2d82191a80ca61ac1fdcf5ea4", + "792e03a293bd084dae4581bd0d0968771bab2260198ae9921d69208b9cdbe1f8", + "7c6c4b95a8f371197879242621a29b420020f499f2492b299e8f732aca2d9468", + "861a9fe61b65913d45bc9e70f9f0967b0a1d6b8f5e10ca36e64d11f340845a1c" + ], + "host": "vocumucokaj[.]eu" + }, + { + "hashes": [ + "043c264efa0f27d30ebff0d9c3c5239ec02ddf012bebf53740e9e9fa45278b88", + "0629056f7d4102a08a4b773253d62453445ee91cc17fa1650b40d1bbca216e81", + "07265ea0a06d695ee7d9c432328fa03c9b094156ea4340d655a9bd004f1ec245", + "07f6802aefceb7295163b85221c6edee87eb714f85e898f91b832fd427fcb840", + "13dfcc67efbbd2fbab594ec2f166c3bd606daedbc84e0af9a85aa73e9c365e69", + "15dee18e595c7229866196fb35705cc11d156254302524d128c6de1091070752", + "1a8d546528102cd45980bce71b0159d8a8d50ad877219f2930f64010f3b10de2", + "1b0038caef373a183c07a3432a071d39a6cc6a1382a841176ba755d5f87093c1", + "1e86f351224a048a3e345984bab57e1573c78138af6593db20139cc35c907fe4", + "1f729fb1fd0057f77b71361c6d65d65c9e1634fe5522f0e2eb30d6856c885567", + "261fa852470332ce18fee88de0ee43e701044a086a816e8e4c4fee5abd36feee", + "356a0c3ec22d725e81f8441e61551f112ec136502b533c3eb3ae707345c7d1de", + "3914cb2391b1f4dea8beb1310ad8804b9ab30218808f2fba1b21a7d398473d7c", + "476c6b55260a892b205eca31487a5c9df84972fcfa32e1579ad8cafc4e3ae412", + "47dfc9a17dcf98d70546463ee6744ccd866bb25dcc761a17f6fc80c658360a87", + "4dacfeb76545ad7fd43c89145e504410c257dff11ef64f9bb7dc3d0543474e30", + "555eafa8932f34b79dde787d1e24d049a6cd662a9f79433358c287ecf087c2d2", + "56492e89b6d571e73f85bff04df71d7a120ea0db56e63282372f1e881aecec7c", + "61379474c1ffc0f3905676a35bbd7aeae723cafbd9d009e41e29105b058c12a5", + "623c5e18f10921e6142ff115a750285427aa8e0d5e22b01826a13004471a945e", + "6916e5f854b557f379d37f689c565023e9b998ec33085f7db93c6c118e713856", + "6e191847d61897640fd344288756f5d59ec407e2d82191a80ca61ac1fdcf5ea4", + "792e03a293bd084dae4581bd0d0968771bab2260198ae9921d69208b9cdbe1f8", + "7c6c4b95a8f371197879242621a29b420020f499f2492b299e8f732aca2d9468", + "861a9fe61b65913d45bc9e70f9f0967b0a1d6b8f5e10ca36e64d11f340845a1c" + ], + "host": "masisokemep[.]eu" + } + ], + "file": [ + { + "hashes": [ + "043c264efa0f27d30ebff0d9c3c5239ec02ddf012bebf53740e9e9fa45278b88", + "0629056f7d4102a08a4b773253d62453445ee91cc17fa1650b40d1bbca216e81", + "07265ea0a06d695ee7d9c432328fa03c9b094156ea4340d655a9bd004f1ec245", + "07f6802aefceb7295163b85221c6edee87eb714f85e898f91b832fd427fcb840", + "13dfcc67efbbd2fbab594ec2f166c3bd606daedbc84e0af9a85aa73e9c365e69", + "15dee18e595c7229866196fb35705cc11d156254302524d128c6de1091070752", + "1a8d546528102cd45980bce71b0159d8a8d50ad877219f2930f64010f3b10de2", + "1b0038caef373a183c07a3432a071d39a6cc6a1382a841176ba755d5f87093c1", + "1e86f351224a048a3e345984bab57e1573c78138af6593db20139cc35c907fe4", + "1f729fb1fd0057f77b71361c6d65d65c9e1634fe5522f0e2eb30d6856c885567", + "261fa852470332ce18fee88de0ee43e701044a086a816e8e4c4fee5abd36feee", + "356a0c3ec22d725e81f8441e61551f112ec136502b533c3eb3ae707345c7d1de", + "3914cb2391b1f4dea8beb1310ad8804b9ab30218808f2fba1b21a7d398473d7c", + "476c6b55260a892b205eca31487a5c9df84972fcfa32e1579ad8cafc4e3ae412", + "47dfc9a17dcf98d70546463ee6744ccd866bb25dcc761a17f6fc80c658360a87", + "4dacfeb76545ad7fd43c89145e504410c257dff11ef64f9bb7dc3d0543474e30", + "555eafa8932f34b79dde787d1e24d049a6cd662a9f79433358c287ecf087c2d2", + "56492e89b6d571e73f85bff04df71d7a120ea0db56e63282372f1e881aecec7c", + "61379474c1ffc0f3905676a35bbd7aeae723cafbd9d009e41e29105b058c12a5", + "623c5e18f10921e6142ff115a750285427aa8e0d5e22b01826a13004471a945e", + "6916e5f854b557f379d37f689c565023e9b998ec33085f7db93c6c118e713856", + "6e191847d61897640fd344288756f5d59ec407e2d82191a80ca61ac1fdcf5ea4", + "792e03a293bd084dae4581bd0d0968771bab2260198ae9921d69208b9cdbe1f8", + "7c6c4b95a8f371197879242621a29b420020f499f2492b299e8f732aca2d9468", + "861a9fe61b65913d45bc9e70f9f0967b0a1d6b8f5e10ca36e64d11f340845a1c" + ], + "path": "%TEMP%\\<random, matching [A-F0-9]{1,4}>.tmp" + }, + { + "hashes": [ + "043c264efa0f27d30ebff0d9c3c5239ec02ddf012bebf53740e9e9fa45278b88", + "0629056f7d4102a08a4b773253d62453445ee91cc17fa1650b40d1bbca216e81", + "07265ea0a06d695ee7d9c432328fa03c9b094156ea4340d655a9bd004f1ec245", + "07f6802aefceb7295163b85221c6edee87eb714f85e898f91b832fd427fcb840", + "13dfcc67efbbd2fbab594ec2f166c3bd606daedbc84e0af9a85aa73e9c365e69", + "15dee18e595c7229866196fb35705cc11d156254302524d128c6de1091070752", + "1a8d546528102cd45980bce71b0159d8a8d50ad877219f2930f64010f3b10de2", + "1b0038caef373a183c07a3432a071d39a6cc6a1382a841176ba755d5f87093c1", + "1e86f351224a048a3e345984bab57e1573c78138af6593db20139cc35c907fe4", + "1f729fb1fd0057f77b71361c6d65d65c9e1634fe5522f0e2eb30d6856c885567", + "261fa852470332ce18fee88de0ee43e701044a086a816e8e4c4fee5abd36feee", + "356a0c3ec22d725e81f8441e61551f112ec136502b533c3eb3ae707345c7d1de", + "3914cb2391b1f4dea8beb1310ad8804b9ab30218808f2fba1b21a7d398473d7c", + "476c6b55260a892b205eca31487a5c9df84972fcfa32e1579ad8cafc4e3ae412", + "47dfc9a17dcf98d70546463ee6744ccd866bb25dcc761a17f6fc80c658360a87", + "4dacfeb76545ad7fd43c89145e504410c257dff11ef64f9bb7dc3d0543474e30", + "555eafa8932f34b79dde787d1e24d049a6cd662a9f79433358c287ecf087c2d2", + "56492e89b6d571e73f85bff04df71d7a120ea0db56e63282372f1e881aecec7c", + "61379474c1ffc0f3905676a35bbd7aeae723cafbd9d009e41e29105b058c12a5", + "623c5e18f10921e6142ff115a750285427aa8e0d5e22b01826a13004471a945e", + "6916e5f854b557f379d37f689c565023e9b998ec33085f7db93c6c118e713856", + "6e191847d61897640fd344288756f5d59ec407e2d82191a80ca61ac1fdcf5ea4", + "792e03a293bd084dae4581bd0d0968771bab2260198ae9921d69208b9cdbe1f8", + "7c6c4b95a8f371197879242621a29b420020f499f2492b299e8f732aca2d9468", + "861a9fe61b65913d45bc9e70f9f0967b0a1d6b8f5e10ca36e64d11f340845a1c" + ], + "path": "%SystemRoot%\\AppPatch\\<random, matching '[a-z]{6,8}'>.exe" + }, + { + "hashes": [ + "1f729fb1fd0057f77b71361c6d65d65c9e1634fe5522f0e2eb30d6856c885567" + ], + "path": "%TEMP%\\206BC.dmp" + }, + { + "hashes": [ + "476c6b55260a892b205eca31487a5c9df84972fcfa32e1579ad8cafc4e3ae412" + ], + "path": "%TEMP%\\207C6.dmp" + }, + { + "hashes": [ + "861a9fe61b65913d45bc9e70f9f0967b0a1d6b8f5e10ca36e64d11f340845a1c" + ], + "path": "%TEMP%\\dd24_appcompat.txt" + }, + { + "hashes": [ + "043c264efa0f27d30ebff0d9c3c5239ec02ddf012bebf53740e9e9fa45278b88" + ], + "path": "%TEMP%\\16116.dmp" + }, + { + "hashes": [ + "043c264efa0f27d30ebff0d9c3c5239ec02ddf012bebf53740e9e9fa45278b88" + ], + "path": "%TEMP%\\5ef2_appcompat.txt" + }, + { + "hashes": [ + "1f729fb1fd0057f77b71361c6d65d65c9e1634fe5522f0e2eb30d6856c885567" + ], + "path": "%TEMP%\\7cb_appcompat.txt" + }, + { + "hashes": [ + "476c6b55260a892b205eca31487a5c9df84972fcfa32e1579ad8cafc4e3ae412" + ], + "path": "%TEMP%\\13d_appcompat.txt" + }, + { + "hashes": [ + "861a9fe61b65913d45bc9e70f9f0967b0a1d6b8f5e10ca36e64d11f340845a1c" + ], + "path": "%TEMP%\\1DBD4.dmp" + } + ], + "ip": [ + { + "hashes": [ + "043c264efa0f27d30ebff0d9c3c5239ec02ddf012bebf53740e9e9fa45278b88", + "0629056f7d4102a08a4b773253d62453445ee91cc17fa1650b40d1bbca216e81", + "07265ea0a06d695ee7d9c432328fa03c9b094156ea4340d655a9bd004f1ec245", + "07f6802aefceb7295163b85221c6edee87eb714f85e898f91b832fd427fcb840", + "13dfcc67efbbd2fbab594ec2f166c3bd606daedbc84e0af9a85aa73e9c365e69", + "15dee18e595c7229866196fb35705cc11d156254302524d128c6de1091070752", + "1a8d546528102cd45980bce71b0159d8a8d50ad877219f2930f64010f3b10de2", + "1b0038caef373a183c07a3432a071d39a6cc6a1382a841176ba755d5f87093c1", + "1e86f351224a048a3e345984bab57e1573c78138af6593db20139cc35c907fe4", + "1f729fb1fd0057f77b71361c6d65d65c9e1634fe5522f0e2eb30d6856c885567", + "261fa852470332ce18fee88de0ee43e701044a086a816e8e4c4fee5abd36feee", + "356a0c3ec22d725e81f8441e61551f112ec136502b533c3eb3ae707345c7d1de", + "3914cb2391b1f4dea8beb1310ad8804b9ab30218808f2fba1b21a7d398473d7c", + "476c6b55260a892b205eca31487a5c9df84972fcfa32e1579ad8cafc4e3ae412", + "47dfc9a17dcf98d70546463ee6744ccd866bb25dcc761a17f6fc80c658360a87", + "4dacfeb76545ad7fd43c89145e504410c257dff11ef64f9bb7dc3d0543474e30", + "555eafa8932f34b79dde787d1e24d049a6cd662a9f79433358c287ecf087c2d2", + "56492e89b6d571e73f85bff04df71d7a120ea0db56e63282372f1e881aecec7c", + "61379474c1ffc0f3905676a35bbd7aeae723cafbd9d009e41e29105b058c12a5", + "623c5e18f10921e6142ff115a750285427aa8e0d5e22b01826a13004471a945e", + "6916e5f854b557f379d37f689c565023e9b998ec33085f7db93c6c118e713856", + "6e191847d61897640fd344288756f5d59ec407e2d82191a80ca61ac1fdcf5ea4", + "792e03a293bd084dae4581bd0d0968771bab2260198ae9921d69208b9cdbe1f8", + "7c6c4b95a8f371197879242621a29b420020f499f2492b299e8f732aca2d9468", + "861a9fe61b65913d45bc9e70f9f0967b0a1d6b8f5e10ca36e64d11f340845a1c" + ], + "ip": "23[.]253[.]126[.]58" + }, + { + "hashes": [ + "043c264efa0f27d30ebff0d9c3c5239ec02ddf012bebf53740e9e9fa45278b88", + "0629056f7d4102a08a4b773253d62453445ee91cc17fa1650b40d1bbca216e81", + "07265ea0a06d695ee7d9c432328fa03c9b094156ea4340d655a9bd004f1ec245", + "07f6802aefceb7295163b85221c6edee87eb714f85e898f91b832fd427fcb840", + "13dfcc67efbbd2fbab594ec2f166c3bd606daedbc84e0af9a85aa73e9c365e69", + "15dee18e595c7229866196fb35705cc11d156254302524d128c6de1091070752", + "1a8d546528102cd45980bce71b0159d8a8d50ad877219f2930f64010f3b10de2", + "1b0038caef373a183c07a3432a071d39a6cc6a1382a841176ba755d5f87093c1", + "1e86f351224a048a3e345984bab57e1573c78138af6593db20139cc35c907fe4", + "1f729fb1fd0057f77b71361c6d65d65c9e1634fe5522f0e2eb30d6856c885567", + "261fa852470332ce18fee88de0ee43e701044a086a816e8e4c4fee5abd36feee", + "356a0c3ec22d725e81f8441e61551f112ec136502b533c3eb3ae707345c7d1de", + "3914cb2391b1f4dea8beb1310ad8804b9ab30218808f2fba1b21a7d398473d7c", + "476c6b55260a892b205eca31487a5c9df84972fcfa32e1579ad8cafc4e3ae412", + "47dfc9a17dcf98d70546463ee6744ccd866bb25dcc761a17f6fc80c658360a87", + "4dacfeb76545ad7fd43c89145e504410c257dff11ef64f9bb7dc3d0543474e30", + "555eafa8932f34b79dde787d1e24d049a6cd662a9f79433358c287ecf087c2d2", + "56492e89b6d571e73f85bff04df71d7a120ea0db56e63282372f1e881aecec7c", + "61379474c1ffc0f3905676a35bbd7aeae723cafbd9d009e41e29105b058c12a5", + "623c5e18f10921e6142ff115a750285427aa8e0d5e22b01826a13004471a945e", + "6916e5f854b557f379d37f689c565023e9b998ec33085f7db93c6c118e713856", + "6e191847d61897640fd344288756f5d59ec407e2d82191a80ca61ac1fdcf5ea4", + "792e03a293bd084dae4581bd0d0968771bab2260198ae9921d69208b9cdbe1f8", + "7c6c4b95a8f371197879242621a29b420020f499f2492b299e8f732aca2d9468", + "861a9fe61b65913d45bc9e70f9f0967b0a1d6b8f5e10ca36e64d11f340845a1c" + ], + "ip": "104[.]239[.]157[.]210" + }, + { + "hashes": [ + "043c264efa0f27d30ebff0d9c3c5239ec02ddf012bebf53740e9e9fa45278b88", + "0629056f7d4102a08a4b773253d62453445ee91cc17fa1650b40d1bbca216e81", + "07265ea0a06d695ee7d9c432328fa03c9b094156ea4340d655a9bd004f1ec245", + "07f6802aefceb7295163b85221c6edee87eb714f85e898f91b832fd427fcb840", + "13dfcc67efbbd2fbab594ec2f166c3bd606daedbc84e0af9a85aa73e9c365e69", + "15dee18e595c7229866196fb35705cc11d156254302524d128c6de1091070752", + "1a8d546528102cd45980bce71b0159d8a8d50ad877219f2930f64010f3b10de2", + "1b0038caef373a183c07a3432a071d39a6cc6a1382a841176ba755d5f87093c1", + "1e86f351224a048a3e345984bab57e1573c78138af6593db20139cc35c907fe4", + "1f729fb1fd0057f77b71361c6d65d65c9e1634fe5522f0e2eb30d6856c885567", + "261fa852470332ce18fee88de0ee43e701044a086a816e8e4c4fee5abd36feee", + "356a0c3ec22d725e81f8441e61551f112ec136502b533c3eb3ae707345c7d1de", + "3914cb2391b1f4dea8beb1310ad8804b9ab30218808f2fba1b21a7d398473d7c", + "476c6b55260a892b205eca31487a5c9df84972fcfa32e1579ad8cafc4e3ae412", + "47dfc9a17dcf98d70546463ee6744ccd866bb25dcc761a17f6fc80c658360a87", + "4dacfeb76545ad7fd43c89145e504410c257dff11ef64f9bb7dc3d0543474e30", + "555eafa8932f34b79dde787d1e24d049a6cd662a9f79433358c287ecf087c2d2", + "56492e89b6d571e73f85bff04df71d7a120ea0db56e63282372f1e881aecec7c", + "61379474c1ffc0f3905676a35bbd7aeae723cafbd9d009e41e29105b058c12a5", + "623c5e18f10921e6142ff115a750285427aa8e0d5e22b01826a13004471a945e", + "6916e5f854b557f379d37f689c565023e9b998ec33085f7db93c6c118e713856", + "6e191847d61897640fd344288756f5d59ec407e2d82191a80ca61ac1fdcf5ea4", + "792e03a293bd084dae4581bd0d0968771bab2260198ae9921d69208b9cdbe1f8", + "7c6c4b95a8f371197879242621a29b420020f499f2492b299e8f732aca2d9468", + "861a9fe61b65913d45bc9e70f9f0967b0a1d6b8f5e10ca36e64d11f340845a1c" + ], + "ip": "45[.]77[.]226[.]209" + }, + { + "hashes": [ + "043c264efa0f27d30ebff0d9c3c5239ec02ddf012bebf53740e9e9fa45278b88", + "0629056f7d4102a08a4b773253d62453445ee91cc17fa1650b40d1bbca216e81", + "07265ea0a06d695ee7d9c432328fa03c9b094156ea4340d655a9bd004f1ec245", + "07f6802aefceb7295163b85221c6edee87eb714f85e898f91b832fd427fcb840", + "13dfcc67efbbd2fbab594ec2f166c3bd606daedbc84e0af9a85aa73e9c365e69", + "15dee18e595c7229866196fb35705cc11d156254302524d128c6de1091070752", + "1a8d546528102cd45980bce71b0159d8a8d50ad877219f2930f64010f3b10de2", + "1b0038caef373a183c07a3432a071d39a6cc6a1382a841176ba755d5f87093c1", + "1e86f351224a048a3e345984bab57e1573c78138af6593db20139cc35c907fe4", + "1f729fb1fd0057f77b71361c6d65d65c9e1634fe5522f0e2eb30d6856c885567", + "261fa852470332ce18fee88de0ee43e701044a086a816e8e4c4fee5abd36feee", + "356a0c3ec22d725e81f8441e61551f112ec136502b533c3eb3ae707345c7d1de", + "3914cb2391b1f4dea8beb1310ad8804b9ab30218808f2fba1b21a7d398473d7c", + "476c6b55260a892b205eca31487a5c9df84972fcfa32e1579ad8cafc4e3ae412", + "47dfc9a17dcf98d70546463ee6744ccd866bb25dcc761a17f6fc80c658360a87", + "4dacfeb76545ad7fd43c89145e504410c257dff11ef64f9bb7dc3d0543474e30", + "555eafa8932f34b79dde787d1e24d049a6cd662a9f79433358c287ecf087c2d2", + "56492e89b6d571e73f85bff04df71d7a120ea0db56e63282372f1e881aecec7c", + "61379474c1ffc0f3905676a35bbd7aeae723cafbd9d009e41e29105b058c12a5", + "623c5e18f10921e6142ff115a750285427aa8e0d5e22b01826a13004471a945e", + "6916e5f854b557f379d37f689c565023e9b998ec33085f7db93c6c118e713856", + "6e191847d61897640fd344288756f5d59ec407e2d82191a80ca61ac1fdcf5ea4", + "792e03a293bd084dae4581bd0d0968771bab2260198ae9921d69208b9cdbe1f8", + "7c6c4b95a8f371197879242621a29b420020f499f2492b299e8f732aca2d9468", + "861a9fe61b65913d45bc9e70f9f0967b0a1d6b8f5e10ca36e64d11f340845a1c" + ], + "ip": "208[.]100[.]26[.]245" + }, + { + "hashes": [ + "0629056f7d4102a08a4b773253d62453445ee91cc17fa1650b40d1bbca216e81", + "07265ea0a06d695ee7d9c432328fa03c9b094156ea4340d655a9bd004f1ec245", + "07f6802aefceb7295163b85221c6edee87eb714f85e898f91b832fd427fcb840", + "15dee18e595c7229866196fb35705cc11d156254302524d128c6de1091070752", + "1a8d546528102cd45980bce71b0159d8a8d50ad877219f2930f64010f3b10de2", + "1b0038caef373a183c07a3432a071d39a6cc6a1382a841176ba755d5f87093c1", + "1f729fb1fd0057f77b71361c6d65d65c9e1634fe5522f0e2eb30d6856c885567", + "261fa852470332ce18fee88de0ee43e701044a086a816e8e4c4fee5abd36feee", + "356a0c3ec22d725e81f8441e61551f112ec136502b533c3eb3ae707345c7d1de", + "47dfc9a17dcf98d70546463ee6744ccd866bb25dcc761a17f6fc80c658360a87", + "4dacfeb76545ad7fd43c89145e504410c257dff11ef64f9bb7dc3d0543474e30", + "555eafa8932f34b79dde787d1e24d049a6cd662a9f79433358c287ecf087c2d2", + "61379474c1ffc0f3905676a35bbd7aeae723cafbd9d009e41e29105b058c12a5", + "6916e5f854b557f379d37f689c565023e9b998ec33085f7db93c6c118e713856", + "6e191847d61897640fd344288756f5d59ec407e2d82191a80ca61ac1fdcf5ea4", + "792e03a293bd084dae4581bd0d0968771bab2260198ae9921d69208b9cdbe1f8", + "7c6c4b95a8f371197879242621a29b420020f499f2492b299e8f732aca2d9468" + ], + "ip": "35[.]229[.]93[.]46" + }, + { + "hashes": [ + "0629056f7d4102a08a4b773253d62453445ee91cc17fa1650b40d1bbca216e81", + "1a8d546528102cd45980bce71b0159d8a8d50ad877219f2930f64010f3b10de2", + "1e86f351224a048a3e345984bab57e1573c78138af6593db20139cc35c907fe4", + "261fa852470332ce18fee88de0ee43e701044a086a816e8e4c4fee5abd36feee", + "356a0c3ec22d725e81f8441e61551f112ec136502b533c3eb3ae707345c7d1de", + "3914cb2391b1f4dea8beb1310ad8804b9ab30218808f2fba1b21a7d398473d7c", + "47dfc9a17dcf98d70546463ee6744ccd866bb25dcc761a17f6fc80c658360a87", + "4dacfeb76545ad7fd43c89145e504410c257dff11ef64f9bb7dc3d0543474e30", + "555eafa8932f34b79dde787d1e24d049a6cd662a9f79433358c287ecf087c2d2", + "56492e89b6d571e73f85bff04df71d7a120ea0db56e63282372f1e881aecec7c", + "61379474c1ffc0f3905676a35bbd7aeae723cafbd9d009e41e29105b058c12a5", + "6e191847d61897640fd344288756f5d59ec407e2d82191a80ca61ac1fdcf5ea4", + "792e03a293bd084dae4581bd0d0968771bab2260198ae9921d69208b9cdbe1f8" + ], + "ip": "13[.]107[.]21[.]200" + }, + { + "hashes": [ + "043c264efa0f27d30ebff0d9c3c5239ec02ddf012bebf53740e9e9fa45278b88", + "07265ea0a06d695ee7d9c432328fa03c9b094156ea4340d655a9bd004f1ec245", + "07f6802aefceb7295163b85221c6edee87eb714f85e898f91b832fd427fcb840", + "13dfcc67efbbd2fbab594ec2f166c3bd606daedbc84e0af9a85aa73e9c365e69", + "15dee18e595c7229866196fb35705cc11d156254302524d128c6de1091070752", + "1b0038caef373a183c07a3432a071d39a6cc6a1382a841176ba755d5f87093c1", + "1f729fb1fd0057f77b71361c6d65d65c9e1634fe5522f0e2eb30d6856c885567", + "476c6b55260a892b205eca31487a5c9df84972fcfa32e1579ad8cafc4e3ae412", + "623c5e18f10921e6142ff115a750285427aa8e0d5e22b01826a13004471a945e", + "6916e5f854b557f379d37f689c565023e9b998ec33085f7db93c6c118e713856", + "7c6c4b95a8f371197879242621a29b420020f499f2492b299e8f732aca2d9468", + "861a9fe61b65913d45bc9e70f9f0967b0a1d6b8f5e10ca36e64d11f340845a1c" + ], + "ip": "204[.]79[.]197[.]200" + }, + { + "hashes": [ + "043c264efa0f27d30ebff0d9c3c5239ec02ddf012bebf53740e9e9fa45278b88", + "13dfcc67efbbd2fbab594ec2f166c3bd606daedbc84e0af9a85aa73e9c365e69", + "1e86f351224a048a3e345984bab57e1573c78138af6593db20139cc35c907fe4", + "3914cb2391b1f4dea8beb1310ad8804b9ab30218808f2fba1b21a7d398473d7c", + "476c6b55260a892b205eca31487a5c9df84972fcfa32e1579ad8cafc4e3ae412", + "56492e89b6d571e73f85bff04df71d7a120ea0db56e63282372f1e881aecec7c", + "623c5e18f10921e6142ff115a750285427aa8e0d5e22b01826a13004471a945e", + "861a9fe61b65913d45bc9e70f9f0967b0a1d6b8f5e10ca36e64d11f340845a1c" + ], + "ip": "35[.]231[.]151[.]7" + } + ], + "mutex": [ + { + "hashes": [ + "043c264efa0f27d30ebff0d9c3c5239ec02ddf012bebf53740e9e9fa45278b88", + "0629056f7d4102a08a4b773253d62453445ee91cc17fa1650b40d1bbca216e81", + "07265ea0a06d695ee7d9c432328fa03c9b094156ea4340d655a9bd004f1ec245", + "07f6802aefceb7295163b85221c6edee87eb714f85e898f91b832fd427fcb840", + "13dfcc67efbbd2fbab594ec2f166c3bd606daedbc84e0af9a85aa73e9c365e69", + "15dee18e595c7229866196fb35705cc11d156254302524d128c6de1091070752", + "1a8d546528102cd45980bce71b0159d8a8d50ad877219f2930f64010f3b10de2", + "1b0038caef373a183c07a3432a071d39a6cc6a1382a841176ba755d5f87093c1", + "1e86f351224a048a3e345984bab57e1573c78138af6593db20139cc35c907fe4", + "1f729fb1fd0057f77b71361c6d65d65c9e1634fe5522f0e2eb30d6856c885567", + "261fa852470332ce18fee88de0ee43e701044a086a816e8e4c4fee5abd36feee", + "356a0c3ec22d725e81f8441e61551f112ec136502b533c3eb3ae707345c7d1de", + "3914cb2391b1f4dea8beb1310ad8804b9ab30218808f2fba1b21a7d398473d7c", + "476c6b55260a892b205eca31487a5c9df84972fcfa32e1579ad8cafc4e3ae412", + "47dfc9a17dcf98d70546463ee6744ccd866bb25dcc761a17f6fc80c658360a87", + "4dacfeb76545ad7fd43c89145e504410c257dff11ef64f9bb7dc3d0543474e30", + "555eafa8932f34b79dde787d1e24d049a6cd662a9f79433358c287ecf087c2d2", + "56492e89b6d571e73f85bff04df71d7a120ea0db56e63282372f1e881aecec7c", + "61379474c1ffc0f3905676a35bbd7aeae723cafbd9d009e41e29105b058c12a5", + "623c5e18f10921e6142ff115a750285427aa8e0d5e22b01826a13004471a945e", + "6916e5f854b557f379d37f689c565023e9b998ec33085f7db93c6c118e713856", + "6e191847d61897640fd344288756f5d59ec407e2d82191a80ca61ac1fdcf5ea4", + "792e03a293bd084dae4581bd0d0968771bab2260198ae9921d69208b9cdbe1f8", + "7c6c4b95a8f371197879242621a29b420020f499f2492b299e8f732aca2d9468", + "861a9fe61b65913d45bc9e70f9f0967b0a1d6b8f5e10ca36e64d11f340845a1c" + ], + "name": "Global\\674972E3a" + }, + { + "hashes": [ + "043c264efa0f27d30ebff0d9c3c5239ec02ddf012bebf53740e9e9fa45278b88", + "0629056f7d4102a08a4b773253d62453445ee91cc17fa1650b40d1bbca216e81", + "07265ea0a06d695ee7d9c432328fa03c9b094156ea4340d655a9bd004f1ec245", + "07f6802aefceb7295163b85221c6edee87eb714f85e898f91b832fd427fcb840", + "13dfcc67efbbd2fbab594ec2f166c3bd606daedbc84e0af9a85aa73e9c365e69", + "15dee18e595c7229866196fb35705cc11d156254302524d128c6de1091070752", + "1a8d546528102cd45980bce71b0159d8a8d50ad877219f2930f64010f3b10de2", + "1b0038caef373a183c07a3432a071d39a6cc6a1382a841176ba755d5f87093c1", + "1e86f351224a048a3e345984bab57e1573c78138af6593db20139cc35c907fe4", + "1f729fb1fd0057f77b71361c6d65d65c9e1634fe5522f0e2eb30d6856c885567", + "261fa852470332ce18fee88de0ee43e701044a086a816e8e4c4fee5abd36feee", + "356a0c3ec22d725e81f8441e61551f112ec136502b533c3eb3ae707345c7d1de", + "3914cb2391b1f4dea8beb1310ad8804b9ab30218808f2fba1b21a7d398473d7c", + "476c6b55260a892b205eca31487a5c9df84972fcfa32e1579ad8cafc4e3ae412", + "47dfc9a17dcf98d70546463ee6744ccd866bb25dcc761a17f6fc80c658360a87", + "4dacfeb76545ad7fd43c89145e504410c257dff11ef64f9bb7dc3d0543474e30", + "555eafa8932f34b79dde787d1e24d049a6cd662a9f79433358c287ecf087c2d2", + "56492e89b6d571e73f85bff04df71d7a120ea0db56e63282372f1e881aecec7c", + "61379474c1ffc0f3905676a35bbd7aeae723cafbd9d009e41e29105b058c12a5", + "623c5e18f10921e6142ff115a750285427aa8e0d5e22b01826a13004471a945e", + "6916e5f854b557f379d37f689c565023e9b998ec33085f7db93c6c118e713856", + "6e191847d61897640fd344288756f5d59ec407e2d82191a80ca61ac1fdcf5ea4", + "792e03a293bd084dae4581bd0d0968771bab2260198ae9921d69208b9cdbe1f8", + "7c6c4b95a8f371197879242621a29b420020f499f2492b299e8f732aca2d9468", + "861a9fe61b65913d45bc9e70f9f0967b0a1d6b8f5e10ca36e64d11f340845a1c" + ], + "name": "internal_wutex_0x00000120" + }, + { + "hashes": [ + "043c264efa0f27d30ebff0d9c3c5239ec02ddf012bebf53740e9e9fa45278b88", + "0629056f7d4102a08a4b773253d62453445ee91cc17fa1650b40d1bbca216e81", + "07265ea0a06d695ee7d9c432328fa03c9b094156ea4340d655a9bd004f1ec245", + "07f6802aefceb7295163b85221c6edee87eb714f85e898f91b832fd427fcb840", + "13dfcc67efbbd2fbab594ec2f166c3bd606daedbc84e0af9a85aa73e9c365e69", + "15dee18e595c7229866196fb35705cc11d156254302524d128c6de1091070752", + "1a8d546528102cd45980bce71b0159d8a8d50ad877219f2930f64010f3b10de2", + "1b0038caef373a183c07a3432a071d39a6cc6a1382a841176ba755d5f87093c1", + "1e86f351224a048a3e345984bab57e1573c78138af6593db20139cc35c907fe4", + "1f729fb1fd0057f77b71361c6d65d65c9e1634fe5522f0e2eb30d6856c885567", + "261fa852470332ce18fee88de0ee43e701044a086a816e8e4c4fee5abd36feee", + "356a0c3ec22d725e81f8441e61551f112ec136502b533c3eb3ae707345c7d1de", + "3914cb2391b1f4dea8beb1310ad8804b9ab30218808f2fba1b21a7d398473d7c", + "476c6b55260a892b205eca31487a5c9df84972fcfa32e1579ad8cafc4e3ae412", + "47dfc9a17dcf98d70546463ee6744ccd866bb25dcc761a17f6fc80c658360a87", + "4dacfeb76545ad7fd43c89145e504410c257dff11ef64f9bb7dc3d0543474e30", + "555eafa8932f34b79dde787d1e24d049a6cd662a9f79433358c287ecf087c2d2", + "56492e89b6d571e73f85bff04df71d7a120ea0db56e63282372f1e881aecec7c", + "61379474c1ffc0f3905676a35bbd7aeae723cafbd9d009e41e29105b058c12a5", + "623c5e18f10921e6142ff115a750285427aa8e0d5e22b01826a13004471a945e", + "6916e5f854b557f379d37f689c565023e9b998ec33085f7db93c6c118e713856", + "6e191847d61897640fd344288756f5d59ec407e2d82191a80ca61ac1fdcf5ea4", + "792e03a293bd084dae4581bd0d0968771bab2260198ae9921d69208b9cdbe1f8", + "7c6c4b95a8f371197879242621a29b420020f499f2492b299e8f732aca2d9468", + "861a9fe61b65913d45bc9e70f9f0967b0a1d6b8f5e10ca36e64d11f340845a1c" + ], + "name": "internal_wutex_0x00000424" + }, + { + "hashes": [ + "043c264efa0f27d30ebff0d9c3c5239ec02ddf012bebf53740e9e9fa45278b88", + "0629056f7d4102a08a4b773253d62453445ee91cc17fa1650b40d1bbca216e81", + "07265ea0a06d695ee7d9c432328fa03c9b094156ea4340d655a9bd004f1ec245", + "07f6802aefceb7295163b85221c6edee87eb714f85e898f91b832fd427fcb840", + "13dfcc67efbbd2fbab594ec2f166c3bd606daedbc84e0af9a85aa73e9c365e69", + "15dee18e595c7229866196fb35705cc11d156254302524d128c6de1091070752", + "1a8d546528102cd45980bce71b0159d8a8d50ad877219f2930f64010f3b10de2", + "1b0038caef373a183c07a3432a071d39a6cc6a1382a841176ba755d5f87093c1", + "1e86f351224a048a3e345984bab57e1573c78138af6593db20139cc35c907fe4", + "1f729fb1fd0057f77b71361c6d65d65c9e1634fe5522f0e2eb30d6856c885567", + "261fa852470332ce18fee88de0ee43e701044a086a816e8e4c4fee5abd36feee", + "356a0c3ec22d725e81f8441e61551f112ec136502b533c3eb3ae707345c7d1de", + "3914cb2391b1f4dea8beb1310ad8804b9ab30218808f2fba1b21a7d398473d7c", + "476c6b55260a892b205eca31487a5c9df84972fcfa32e1579ad8cafc4e3ae412", + "47dfc9a17dcf98d70546463ee6744ccd866bb25dcc761a17f6fc80c658360a87", + "4dacfeb76545ad7fd43c89145e504410c257dff11ef64f9bb7dc3d0543474e30", + "555eafa8932f34b79dde787d1e24d049a6cd662a9f79433358c287ecf087c2d2", + "56492e89b6d571e73f85bff04df71d7a120ea0db56e63282372f1e881aecec7c", + "61379474c1ffc0f3905676a35bbd7aeae723cafbd9d009e41e29105b058c12a5", + "623c5e18f10921e6142ff115a750285427aa8e0d5e22b01826a13004471a945e", + "6916e5f854b557f379d37f689c565023e9b998ec33085f7db93c6c118e713856", + "6e191847d61897640fd344288756f5d59ec407e2d82191a80ca61ac1fdcf5ea4", + "792e03a293bd084dae4581bd0d0968771bab2260198ae9921d69208b9cdbe1f8", + "7c6c4b95a8f371197879242621a29b420020f499f2492b299e8f732aca2d9468", + "861a9fe61b65913d45bc9e70f9f0967b0a1d6b8f5e10ca36e64d11f340845a1c" + ], + "name": "internal_wutex_0x00000474" + }, + { + "hashes": [ + "043c264efa0f27d30ebff0d9c3c5239ec02ddf012bebf53740e9e9fa45278b88", + "0629056f7d4102a08a4b773253d62453445ee91cc17fa1650b40d1bbca216e81", + "07265ea0a06d695ee7d9c432328fa03c9b094156ea4340d655a9bd004f1ec245", + "07f6802aefceb7295163b85221c6edee87eb714f85e898f91b832fd427fcb840", + "13dfcc67efbbd2fbab594ec2f166c3bd606daedbc84e0af9a85aa73e9c365e69", + "15dee18e595c7229866196fb35705cc11d156254302524d128c6de1091070752", + "1a8d546528102cd45980bce71b0159d8a8d50ad877219f2930f64010f3b10de2", + "1b0038caef373a183c07a3432a071d39a6cc6a1382a841176ba755d5f87093c1", + "1e86f351224a048a3e345984bab57e1573c78138af6593db20139cc35c907fe4", + "1f729fb1fd0057f77b71361c6d65d65c9e1634fe5522f0e2eb30d6856c885567", + "261fa852470332ce18fee88de0ee43e701044a086a816e8e4c4fee5abd36feee", + "356a0c3ec22d725e81f8441e61551f112ec136502b533c3eb3ae707345c7d1de", + "3914cb2391b1f4dea8beb1310ad8804b9ab30218808f2fba1b21a7d398473d7c", + "476c6b55260a892b205eca31487a5c9df84972fcfa32e1579ad8cafc4e3ae412", + "47dfc9a17dcf98d70546463ee6744ccd866bb25dcc761a17f6fc80c658360a87", + "4dacfeb76545ad7fd43c89145e504410c257dff11ef64f9bb7dc3d0543474e30", + "555eafa8932f34b79dde787d1e24d049a6cd662a9f79433358c287ecf087c2d2", + "56492e89b6d571e73f85bff04df71d7a120ea0db56e63282372f1e881aecec7c", + "61379474c1ffc0f3905676a35bbd7aeae723cafbd9d009e41e29105b058c12a5", + "623c5e18f10921e6142ff115a750285427aa8e0d5e22b01826a13004471a945e", + "6916e5f854b557f379d37f689c565023e9b998ec33085f7db93c6c118e713856", + "6e191847d61897640fd344288756f5d59ec407e2d82191a80ca61ac1fdcf5ea4", + "792e03a293bd084dae4581bd0d0968771bab2260198ae9921d69208b9cdbe1f8", + "7c6c4b95a8f371197879242621a29b420020f499f2492b299e8f732aca2d9468", + "861a9fe61b65913d45bc9e70f9f0967b0a1d6b8f5e10ca36e64d11f340845a1c" + ], + "name": "Global\\C3D74C3Ba" + }, + { + "hashes": [ + "043c264efa0f27d30ebff0d9c3c5239ec02ddf012bebf53740e9e9fa45278b88", + "0629056f7d4102a08a4b773253d62453445ee91cc17fa1650b40d1bbca216e81", + "07265ea0a06d695ee7d9c432328fa03c9b094156ea4340d655a9bd004f1ec245", + "07f6802aefceb7295163b85221c6edee87eb714f85e898f91b832fd427fcb840", + "13dfcc67efbbd2fbab594ec2f166c3bd606daedbc84e0af9a85aa73e9c365e69", + "15dee18e595c7229866196fb35705cc11d156254302524d128c6de1091070752", + "1a8d546528102cd45980bce71b0159d8a8d50ad877219f2930f64010f3b10de2", + "1b0038caef373a183c07a3432a071d39a6cc6a1382a841176ba755d5f87093c1", + "1e86f351224a048a3e345984bab57e1573c78138af6593db20139cc35c907fe4", + "1f729fb1fd0057f77b71361c6d65d65c9e1634fe5522f0e2eb30d6856c885567", + "261fa852470332ce18fee88de0ee43e701044a086a816e8e4c4fee5abd36feee", + "356a0c3ec22d725e81f8441e61551f112ec136502b533c3eb3ae707345c7d1de", + "3914cb2391b1f4dea8beb1310ad8804b9ab30218808f2fba1b21a7d398473d7c", + "476c6b55260a892b205eca31487a5c9df84972fcfa32e1579ad8cafc4e3ae412", + "47dfc9a17dcf98d70546463ee6744ccd866bb25dcc761a17f6fc80c658360a87", + "4dacfeb76545ad7fd43c89145e504410c257dff11ef64f9bb7dc3d0543474e30", + "555eafa8932f34b79dde787d1e24d049a6cd662a9f79433358c287ecf087c2d2", + "56492e89b6d571e73f85bff04df71d7a120ea0db56e63282372f1e881aecec7c", + "61379474c1ffc0f3905676a35bbd7aeae723cafbd9d009e41e29105b058c12a5", + "623c5e18f10921e6142ff115a750285427aa8e0d5e22b01826a13004471a945e", + "6916e5f854b557f379d37f689c565023e9b998ec33085f7db93c6c118e713856", + "6e191847d61897640fd344288756f5d59ec407e2d82191a80ca61ac1fdcf5ea4", + "792e03a293bd084dae4581bd0d0968771bab2260198ae9921d69208b9cdbe1f8", + "7c6c4b95a8f371197879242621a29b420020f499f2492b299e8f732aca2d9468", + "861a9fe61b65913d45bc9e70f9f0967b0a1d6b8f5e10ca36e64d11f340845a1c" + ], + "name": "internal_wutex_0x<random, matching [0-9a-f]{8}>" + }, + { + "hashes": [ + "07f6802aefceb7295163b85221c6edee87eb714f85e898f91b832fd427fcb840", + "13dfcc67efbbd2fbab594ec2f166c3bd606daedbc84e0af9a85aa73e9c365e69", + "1a8d546528102cd45980bce71b0159d8a8d50ad877219f2930f64010f3b10de2", + "1f729fb1fd0057f77b71361c6d65d65c9e1634fe5522f0e2eb30d6856c885567", + "356a0c3ec22d725e81f8441e61551f112ec136502b533c3eb3ae707345c7d1de", + "3914cb2391b1f4dea8beb1310ad8804b9ab30218808f2fba1b21a7d398473d7c", + "476c6b55260a892b205eca31487a5c9df84972fcfa32e1579ad8cafc4e3ae412", + "4dacfeb76545ad7fd43c89145e504410c257dff11ef64f9bb7dc3d0543474e30", + "61379474c1ffc0f3905676a35bbd7aeae723cafbd9d009e41e29105b058c12a5", + "7c6c4b95a8f371197879242621a29b420020f499f2492b299e8f732aca2d9468" + ], + "name": "internal_wutex_0x000003b4" + } + ], + "registry": [ + { + "hashes": [ + "043c264efa0f27d30ebff0d9c3c5239ec02ddf012bebf53740e9e9fa45278b88", + "0629056f7d4102a08a4b773253d62453445ee91cc17fa1650b40d1bbca216e81", + "07265ea0a06d695ee7d9c432328fa03c9b094156ea4340d655a9bd004f1ec245", + "07f6802aefceb7295163b85221c6edee87eb714f85e898f91b832fd427fcb840", + "13dfcc67efbbd2fbab594ec2f166c3bd606daedbc84e0af9a85aa73e9c365e69", + "15dee18e595c7229866196fb35705cc11d156254302524d128c6de1091070752", + "1a8d546528102cd45980bce71b0159d8a8d50ad877219f2930f64010f3b10de2", + "1b0038caef373a183c07a3432a071d39a6cc6a1382a841176ba755d5f87093c1", + "1e86f351224a048a3e345984bab57e1573c78138af6593db20139cc35c907fe4", + "1f729fb1fd0057f77b71361c6d65d65c9e1634fe5522f0e2eb30d6856c885567", + "261fa852470332ce18fee88de0ee43e701044a086a816e8e4c4fee5abd36feee", + "356a0c3ec22d725e81f8441e61551f112ec136502b533c3eb3ae707345c7d1de", + "3914cb2391b1f4dea8beb1310ad8804b9ab30218808f2fba1b21a7d398473d7c", + "476c6b55260a892b205eca31487a5c9df84972fcfa32e1579ad8cafc4e3ae412", + "47dfc9a17dcf98d70546463ee6744ccd866bb25dcc761a17f6fc80c658360a87", + "4dacfeb76545ad7fd43c89145e504410c257dff11ef64f9bb7dc3d0543474e30", + "555eafa8932f34b79dde787d1e24d049a6cd662a9f79433358c287ecf087c2d2", + "56492e89b6d571e73f85bff04df71d7a120ea0db56e63282372f1e881aecec7c", + "61379474c1ffc0f3905676a35bbd7aeae723cafbd9d009e41e29105b058c12a5", + "623c5e18f10921e6142ff115a750285427aa8e0d5e22b01826a13004471a945e", + "6916e5f854b557f379d37f689c565023e9b998ec33085f7db93c6c118e713856", + "6e191847d61897640fd344288756f5d59ec407e2d82191a80ca61ac1fdcf5ea4", + "792e03a293bd084dae4581bd0d0968771bab2260198ae9921d69208b9cdbe1f8", + "7c6c4b95a8f371197879242621a29b420020f499f2492b299e8f732aca2d9468", + "861a9fe61b65913d45bc9e70f9f0967b0a1d6b8f5e10ca36e64d11f340845a1c" + ], + "key": "<HKLM>\\SOFTWARE\\MICROSOFT", + "value_name": "67497551a" + }, + { + "hashes": [ + "043c264efa0f27d30ebff0d9c3c5239ec02ddf012bebf53740e9e9fa45278b88", + "0629056f7d4102a08a4b773253d62453445ee91cc17fa1650b40d1bbca216e81", + "07265ea0a06d695ee7d9c432328fa03c9b094156ea4340d655a9bd004f1ec245", + "07f6802aefceb7295163b85221c6edee87eb714f85e898f91b832fd427fcb840", + "13dfcc67efbbd2fbab594ec2f166c3bd606daedbc84e0af9a85aa73e9c365e69", + "15dee18e595c7229866196fb35705cc11d156254302524d128c6de1091070752", + "1a8d546528102cd45980bce71b0159d8a8d50ad877219f2930f64010f3b10de2", + "1b0038caef373a183c07a3432a071d39a6cc6a1382a841176ba755d5f87093c1", + "1e86f351224a048a3e345984bab57e1573c78138af6593db20139cc35c907fe4", + "1f729fb1fd0057f77b71361c6d65d65c9e1634fe5522f0e2eb30d6856c885567", + "261fa852470332ce18fee88de0ee43e701044a086a816e8e4c4fee5abd36feee", + "356a0c3ec22d725e81f8441e61551f112ec136502b533c3eb3ae707345c7d1de", + "3914cb2391b1f4dea8beb1310ad8804b9ab30218808f2fba1b21a7d398473d7c", + "476c6b55260a892b205eca31487a5c9df84972fcfa32e1579ad8cafc4e3ae412", + "47dfc9a17dcf98d70546463ee6744ccd866bb25dcc761a17f6fc80c658360a87", + "4dacfeb76545ad7fd43c89145e504410c257dff11ef64f9bb7dc3d0543474e30", + "555eafa8932f34b79dde787d1e24d049a6cd662a9f79433358c287ecf087c2d2", + "56492e89b6d571e73f85bff04df71d7a120ea0db56e63282372f1e881aecec7c", + "61379474c1ffc0f3905676a35bbd7aeae723cafbd9d009e41e29105b058c12a5", + "623c5e18f10921e6142ff115a750285427aa8e0d5e22b01826a13004471a945e", + "6916e5f854b557f379d37f689c565023e9b998ec33085f7db93c6c118e713856", + "6e191847d61897640fd344288756f5d59ec407e2d82191a80ca61ac1fdcf5ea4", + "792e03a293bd084dae4581bd0d0968771bab2260198ae9921d69208b9cdbe1f8", + "7c6c4b95a8f371197879242621a29b420020f499f2492b299e8f732aca2d9468", + "861a9fe61b65913d45bc9e70f9f0967b0a1d6b8f5e10ca36e64d11f340845a1c" + ], + "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINLOGON", + "value_name": "98b68e3c" + }, + { + "hashes": [ + "043c264efa0f27d30ebff0d9c3c5239ec02ddf012bebf53740e9e9fa45278b88", + "0629056f7d4102a08a4b773253d62453445ee91cc17fa1650b40d1bbca216e81", + "07265ea0a06d695ee7d9c432328fa03c9b094156ea4340d655a9bd004f1ec245", + "07f6802aefceb7295163b85221c6edee87eb714f85e898f91b832fd427fcb840", + "13dfcc67efbbd2fbab594ec2f166c3bd606daedbc84e0af9a85aa73e9c365e69", + "15dee18e595c7229866196fb35705cc11d156254302524d128c6de1091070752", + "1a8d546528102cd45980bce71b0159d8a8d50ad877219f2930f64010f3b10de2", + "1b0038caef373a183c07a3432a071d39a6cc6a1382a841176ba755d5f87093c1", + "1e86f351224a048a3e345984bab57e1573c78138af6593db20139cc35c907fe4", + "1f729fb1fd0057f77b71361c6d65d65c9e1634fe5522f0e2eb30d6856c885567", + "261fa852470332ce18fee88de0ee43e701044a086a816e8e4c4fee5abd36feee", + "356a0c3ec22d725e81f8441e61551f112ec136502b533c3eb3ae707345c7d1de", + "3914cb2391b1f4dea8beb1310ad8804b9ab30218808f2fba1b21a7d398473d7c", + "476c6b55260a892b205eca31487a5c9df84972fcfa32e1579ad8cafc4e3ae412", + "47dfc9a17dcf98d70546463ee6744ccd866bb25dcc761a17f6fc80c658360a87", + "4dacfeb76545ad7fd43c89145e504410c257dff11ef64f9bb7dc3d0543474e30", + "555eafa8932f34b79dde787d1e24d049a6cd662a9f79433358c287ecf087c2d2", + "56492e89b6d571e73f85bff04df71d7a120ea0db56e63282372f1e881aecec7c", + "61379474c1ffc0f3905676a35bbd7aeae723cafbd9d009e41e29105b058c12a5", + "623c5e18f10921e6142ff115a750285427aa8e0d5e22b01826a13004471a945e", + "6916e5f854b557f379d37f689c565023e9b998ec33085f7db93c6c118e713856", + "6e191847d61897640fd344288756f5d59ec407e2d82191a80ca61ac1fdcf5ea4", + "792e03a293bd084dae4581bd0d0968771bab2260198ae9921d69208b9cdbe1f8", + "7c6c4b95a8f371197879242621a29b420020f499f2492b299e8f732aca2d9468", + "861a9fe61b65913d45bc9e70f9f0967b0a1d6b8f5e10ca36e64d11f340845a1c" + ], + "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINLOGON", + "value_name": "userinit" + }, + { + "hashes": [ + "043c264efa0f27d30ebff0d9c3c5239ec02ddf012bebf53740e9e9fa45278b88", + "0629056f7d4102a08a4b773253d62453445ee91cc17fa1650b40d1bbca216e81", + "07265ea0a06d695ee7d9c432328fa03c9b094156ea4340d655a9bd004f1ec245", + "07f6802aefceb7295163b85221c6edee87eb714f85e898f91b832fd427fcb840", + "13dfcc67efbbd2fbab594ec2f166c3bd606daedbc84e0af9a85aa73e9c365e69", + "15dee18e595c7229866196fb35705cc11d156254302524d128c6de1091070752", + "1a8d546528102cd45980bce71b0159d8a8d50ad877219f2930f64010f3b10de2", + "1b0038caef373a183c07a3432a071d39a6cc6a1382a841176ba755d5f87093c1", + "1e86f351224a048a3e345984bab57e1573c78138af6593db20139cc35c907fe4", + "1f729fb1fd0057f77b71361c6d65d65c9e1634fe5522f0e2eb30d6856c885567", + "261fa852470332ce18fee88de0ee43e701044a086a816e8e4c4fee5abd36feee", + "356a0c3ec22d725e81f8441e61551f112ec136502b533c3eb3ae707345c7d1de", + "3914cb2391b1f4dea8beb1310ad8804b9ab30218808f2fba1b21a7d398473d7c", + "476c6b55260a892b205eca31487a5c9df84972fcfa32e1579ad8cafc4e3ae412", + "47dfc9a17dcf98d70546463ee6744ccd866bb25dcc761a17f6fc80c658360a87", + "4dacfeb76545ad7fd43c89145e504410c257dff11ef64f9bb7dc3d0543474e30", + "555eafa8932f34b79dde787d1e24d049a6cd662a9f79433358c287ecf087c2d2", + "56492e89b6d571e73f85bff04df71d7a120ea0db56e63282372f1e881aecec7c", + "61379474c1ffc0f3905676a35bbd7aeae723cafbd9d009e41e29105b058c12a5", + "623c5e18f10921e6142ff115a750285427aa8e0d5e22b01826a13004471a945e", + "6916e5f854b557f379d37f689c565023e9b998ec33085f7db93c6c118e713856", + "6e191847d61897640fd344288756f5d59ec407e2d82191a80ca61ac1fdcf5ea4", + "792e03a293bd084dae4581bd0d0968771bab2260198ae9921d69208b9cdbe1f8", + "7c6c4b95a8f371197879242621a29b420020f499f2492b299e8f732aca2d9468", + "861a9fe61b65913d45bc9e70f9f0967b0a1d6b8f5e10ca36e64d11f340845a1c" + ], + "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINLOGON", + "value_name": "System" + }, + { + "hashes": [ + "043c264efa0f27d30ebff0d9c3c5239ec02ddf012bebf53740e9e9fa45278b88", + "0629056f7d4102a08a4b773253d62453445ee91cc17fa1650b40d1bbca216e81", + "07265ea0a06d695ee7d9c432328fa03c9b094156ea4340d655a9bd004f1ec245", + "07f6802aefceb7295163b85221c6edee87eb714f85e898f91b832fd427fcb840", + "13dfcc67efbbd2fbab594ec2f166c3bd606daedbc84e0af9a85aa73e9c365e69", + "15dee18e595c7229866196fb35705cc11d156254302524d128c6de1091070752", + "1a8d546528102cd45980bce71b0159d8a8d50ad877219f2930f64010f3b10de2", + "1b0038caef373a183c07a3432a071d39a6cc6a1382a841176ba755d5f87093c1", + "1e86f351224a048a3e345984bab57e1573c78138af6593db20139cc35c907fe4", + "1f729fb1fd0057f77b71361c6d65d65c9e1634fe5522f0e2eb30d6856c885567", + "261fa852470332ce18fee88de0ee43e701044a086a816e8e4c4fee5abd36feee", + "356a0c3ec22d725e81f8441e61551f112ec136502b533c3eb3ae707345c7d1de", + "3914cb2391b1f4dea8beb1310ad8804b9ab30218808f2fba1b21a7d398473d7c", + "476c6b55260a892b205eca31487a5c9df84972fcfa32e1579ad8cafc4e3ae412", + "47dfc9a17dcf98d70546463ee6744ccd866bb25dcc761a17f6fc80c658360a87", + "4dacfeb76545ad7fd43c89145e504410c257dff11ef64f9bb7dc3d0543474e30", + "555eafa8932f34b79dde787d1e24d049a6cd662a9f79433358c287ecf087c2d2", + "56492e89b6d571e73f85bff04df71d7a120ea0db56e63282372f1e881aecec7c", + "61379474c1ffc0f3905676a35bbd7aeae723cafbd9d009e41e29105b058c12a5", + "623c5e18f10921e6142ff115a750285427aa8e0d5e22b01826a13004471a945e", + "6916e5f854b557f379d37f689c565023e9b998ec33085f7db93c6c118e713856", + "6e191847d61897640fd344288756f5d59ec407e2d82191a80ca61ac1fdcf5ea4", + "792e03a293bd084dae4581bd0d0968771bab2260198ae9921d69208b9cdbe1f8", + "7c6c4b95a8f371197879242621a29b420020f499f2492b299e8f732aca2d9468", + "861a9fe61b65913d45bc9e70f9f0967b0a1d6b8f5e10ca36e64d11f340845a1c" + ], + "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS", + "value_name": "load" + }, + { + "hashes": [ + "043c264efa0f27d30ebff0d9c3c5239ec02ddf012bebf53740e9e9fa45278b88", + "0629056f7d4102a08a4b773253d62453445ee91cc17fa1650b40d1bbca216e81", + "07265ea0a06d695ee7d9c432328fa03c9b094156ea4340d655a9bd004f1ec245", + "07f6802aefceb7295163b85221c6edee87eb714f85e898f91b832fd427fcb840", + "13dfcc67efbbd2fbab594ec2f166c3bd606daedbc84e0af9a85aa73e9c365e69", + "15dee18e595c7229866196fb35705cc11d156254302524d128c6de1091070752", + "1a8d546528102cd45980bce71b0159d8a8d50ad877219f2930f64010f3b10de2", + "1b0038caef373a183c07a3432a071d39a6cc6a1382a841176ba755d5f87093c1", + "1e86f351224a048a3e345984bab57e1573c78138af6593db20139cc35c907fe4", + "1f729fb1fd0057f77b71361c6d65d65c9e1634fe5522f0e2eb30d6856c885567", + "261fa852470332ce18fee88de0ee43e701044a086a816e8e4c4fee5abd36feee", + "356a0c3ec22d725e81f8441e61551f112ec136502b533c3eb3ae707345c7d1de", + "3914cb2391b1f4dea8beb1310ad8804b9ab30218808f2fba1b21a7d398473d7c", + "476c6b55260a892b205eca31487a5c9df84972fcfa32e1579ad8cafc4e3ae412", + "47dfc9a17dcf98d70546463ee6744ccd866bb25dcc761a17f6fc80c658360a87", + "4dacfeb76545ad7fd43c89145e504410c257dff11ef64f9bb7dc3d0543474e30", + "555eafa8932f34b79dde787d1e24d049a6cd662a9f79433358c287ecf087c2d2", + "56492e89b6d571e73f85bff04df71d7a120ea0db56e63282372f1e881aecec7c", + "61379474c1ffc0f3905676a35bbd7aeae723cafbd9d009e41e29105b058c12a5", + "623c5e18f10921e6142ff115a750285427aa8e0d5e22b01826a13004471a945e", + "6916e5f854b557f379d37f689c565023e9b998ec33085f7db93c6c118e713856", + "6e191847d61897640fd344288756f5d59ec407e2d82191a80ca61ac1fdcf5ea4", + "792e03a293bd084dae4581bd0d0968771bab2260198ae9921d69208b9cdbe1f8", + "7c6c4b95a8f371197879242621a29b420020f499f2492b299e8f732aca2d9468", + "861a9fe61b65913d45bc9e70f9f0967b0a1d6b8f5e10ca36e64d11f340845a1c" + ], + "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS", + "value_name": "run" + }, + { + "hashes": [ + "043c264efa0f27d30ebff0d9c3c5239ec02ddf012bebf53740e9e9fa45278b88", + "0629056f7d4102a08a4b773253d62453445ee91cc17fa1650b40d1bbca216e81", + "07265ea0a06d695ee7d9c432328fa03c9b094156ea4340d655a9bd004f1ec245", + "07f6802aefceb7295163b85221c6edee87eb714f85e898f91b832fd427fcb840", + "13dfcc67efbbd2fbab594ec2f166c3bd606daedbc84e0af9a85aa73e9c365e69", + "15dee18e595c7229866196fb35705cc11d156254302524d128c6de1091070752", + "1a8d546528102cd45980bce71b0159d8a8d50ad877219f2930f64010f3b10de2", + "1b0038caef373a183c07a3432a071d39a6cc6a1382a841176ba755d5f87093c1", + "1e86f351224a048a3e345984bab57e1573c78138af6593db20139cc35c907fe4", + "1f729fb1fd0057f77b71361c6d65d65c9e1634fe5522f0e2eb30d6856c885567", + "261fa852470332ce18fee88de0ee43e701044a086a816e8e4c4fee5abd36feee", + "356a0c3ec22d725e81f8441e61551f112ec136502b533c3eb3ae707345c7d1de", + "3914cb2391b1f4dea8beb1310ad8804b9ab30218808f2fba1b21a7d398473d7c", + "476c6b55260a892b205eca31487a5c9df84972fcfa32e1579ad8cafc4e3ae412", + "47dfc9a17dcf98d70546463ee6744ccd866bb25dcc761a17f6fc80c658360a87", + "4dacfeb76545ad7fd43c89145e504410c257dff11ef64f9bb7dc3d0543474e30", + "555eafa8932f34b79dde787d1e24d049a6cd662a9f79433358c287ecf087c2d2", + "56492e89b6d571e73f85bff04df71d7a120ea0db56e63282372f1e881aecec7c", + "61379474c1ffc0f3905676a35bbd7aeae723cafbd9d009e41e29105b058c12a5", + "623c5e18f10921e6142ff115a750285427aa8e0d5e22b01826a13004471a945e", + "6916e5f854b557f379d37f689c565023e9b998ec33085f7db93c6c118e713856", + "6e191847d61897640fd344288756f5d59ec407e2d82191a80ca61ac1fdcf5ea4", + "792e03a293bd084dae4581bd0d0968771bab2260198ae9921d69208b9cdbe1f8", + "7c6c4b95a8f371197879242621a29b420020f499f2492b299e8f732aca2d9468", + "861a9fe61b65913d45bc9e70f9f0967b0a1d6b8f5e10ca36e64d11f340845a1c" + ], + "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", + "value_name": "userinit" + } + ] + }, + "reports_count": 25 + }, + "Win.Packed.Tofsee-7916644-0": { + "bis": [ + { + "bi": "pe-encrypted-section", + "hashes": [ + "309899a737816d8291685aeb67618be893d201317399830ae4a6f7d7e9858000", + "fe8365c21e87e06f043cbe7bba77282f4ef863ec1e4daf3ff3d636f94220cc77", + "4ad9b2c71f0eafb891f414285257264f921c343864188c1398f68b61726f758d", + "9d96b364c973c091ff9e621c1ded677389e00acf7fc33e9977199824cf4e26f2", + "d87d470c2057041c3557a57eb7c5b00e979a7af48e7ebfa0675690bf6eb9c514", + "6df0c5e8223170acf789bf9b431f8c8c792dadc8194c1ab0da7e1926df128f89", + "b4e429e50a1d0441eb65a08386df57f386dd3f78992572a5cc11e05b679989f0", + "61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586", + "00e38dec7e06aad96186e8811f0119eb1b56369f73ce2b1d7e682084657db5d6", + "4a6604cb3a9a6570eaacffb681b3ccd28d2521f03bb449f1a205525dd8172046" + ], + "mitre_attack_tags": [ + "TA0005", + "T1027" + ] + }, + { + "bi": "memory-execute-readwrite", + "hashes": [ + "309899a737816d8291685aeb67618be893d201317399830ae4a6f7d7e9858000", + "fe8365c21e87e06f043cbe7bba77282f4ef863ec1e4daf3ff3d636f94220cc77", + "4ad9b2c71f0eafb891f414285257264f921c343864188c1398f68b61726f758d", + "9d96b364c973c091ff9e621c1ded677389e00acf7fc33e9977199824cf4e26f2", + "d87d470c2057041c3557a57eb7c5b00e979a7af48e7ebfa0675690bf6eb9c514", + "6df0c5e8223170acf789bf9b431f8c8c792dadc8194c1ab0da7e1926df128f89", + "b4e429e50a1d0441eb65a08386df57f386dd3f78992572a5cc11e05b679989f0", + "61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586", + "00e38dec7e06aad96186e8811f0119eb1b56369f73ce2b1d7e682084657db5d6", + "4a6604cb3a9a6570eaacffb681b3ccd28d2521f03bb449f1a205525dd8172046" + ], + "mitre_attack_tags": [ + "TA0005", + "TA0004", + "T1055", + "T1181" + ] + }, + { + "bi": "cta-static-analyzer-malicious", + "hashes": [ + "309899a737816d8291685aeb67618be893d201317399830ae4a6f7d7e9858000", + "fe8365c21e87e06f043cbe7bba77282f4ef863ec1e4daf3ff3d636f94220cc77", + "4ad9b2c71f0eafb891f414285257264f921c343864188c1398f68b61726f758d", + "9d96b364c973c091ff9e621c1ded677389e00acf7fc33e9977199824cf4e26f2", + "d87d470c2057041c3557a57eb7c5b00e979a7af48e7ebfa0675690bf6eb9c514", + "6df0c5e8223170acf789bf9b431f8c8c792dadc8194c1ab0da7e1926df128f89", + "b4e429e50a1d0441eb65a08386df57f386dd3f78992572a5cc11e05b679989f0", + "61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586", + "00e38dec7e06aad96186e8811f0119eb1b56369f73ce2b1d7e682084657db5d6", + "4a6604cb3a9a6570eaacffb681b3ccd28d2521f03bb449f1a205525dd8172046" + ], + "mitre_attack_tags": [] + }, + { + "bi": "imports-IsDebuggerPresent", + "hashes": [ + "309899a737816d8291685aeb67618be893d201317399830ae4a6f7d7e9858000", + "fe8365c21e87e06f043cbe7bba77282f4ef863ec1e4daf3ff3d636f94220cc77", + "4ad9b2c71f0eafb891f414285257264f921c343864188c1398f68b61726f758d", + "9d96b364c973c091ff9e621c1ded677389e00acf7fc33e9977199824cf4e26f2", + "d87d470c2057041c3557a57eb7c5b00e979a7af48e7ebfa0675690bf6eb9c514", + "6df0c5e8223170acf789bf9b431f8c8c792dadc8194c1ab0da7e1926df128f89", + "b4e429e50a1d0441eb65a08386df57f386dd3f78992572a5cc11e05b679989f0", + "61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586", + "00e38dec7e06aad96186e8811f0119eb1b56369f73ce2b1d7e682084657db5d6", + "4a6604cb3a9a6570eaacffb681b3ccd28d2521f03bb449f1a205525dd8172046" + ], + "mitre_attack_tags": [] + }, + { + "bi": "antivirus-service-flagged-artifact", + "hashes": [ + "309899a737816d8291685aeb67618be893d201317399830ae4a6f7d7e9858000", + "4ad9b2c71f0eafb891f414285257264f921c343864188c1398f68b61726f758d", + "9d96b364c973c091ff9e621c1ded677389e00acf7fc33e9977199824cf4e26f2", + "d87d470c2057041c3557a57eb7c5b00e979a7af48e7ebfa0675690bf6eb9c514", + "6df0c5e8223170acf789bf9b431f8c8c792dadc8194c1ab0da7e1926df128f89", + "b4e429e50a1d0441eb65a08386df57f386dd3f78992572a5cc11e05b679989f0", + "61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586", + "00e38dec7e06aad96186e8811f0119eb1b56369f73ce2b1d7e682084657db5d6", + "4a6604cb3a9a6570eaacffb681b3ccd28d2521f03bb449f1a205525dd8172046" + ], + "mitre_attack_tags": [] + }, + { + "bi": "modified-file-in-user-dir", + "hashes": [ + "fe8365c21e87e06f043cbe7bba77282f4ef863ec1e4daf3ff3d636f94220cc77", + "d87d470c2057041c3557a57eb7c5b00e979a7af48e7ebfa0675690bf6eb9c514", + "6df0c5e8223170acf789bf9b431f8c8c792dadc8194c1ab0da7e1926df128f89", + "b4e429e50a1d0441eb65a08386df57f386dd3f78992572a5cc11e05b679989f0", + "61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586", + "00e38dec7e06aad96186e8811f0119eb1b56369f73ce2b1d7e682084657db5d6" + ], + "mitre_attack_tags": [] + }, + { + "bi": "pe-filename-mismatch", + "hashes": [ + "fe8365c21e87e06f043cbe7bba77282f4ef863ec1e4daf3ff3d636f94220cc77", + "d87d470c2057041c3557a57eb7c5b00e979a7af48e7ebfa0675690bf6eb9c514", + "6df0c5e8223170acf789bf9b431f8c8c792dadc8194c1ab0da7e1926df128f89", + "b4e429e50a1d0441eb65a08386df57f386dd3f78992572a5cc11e05b679989f0", + "00e38dec7e06aad96186e8811f0119eb1b56369f73ce2b1d7e682084657db5d6" + ], + "mitre_attack_tags": [] + }, + { + "bi": "artifact-flagged-vm", + "hashes": [ + "fe8365c21e87e06f043cbe7bba77282f4ef863ec1e4daf3ff3d636f94220cc77", + "d87d470c2057041c3557a57eb7c5b00e979a7af48e7ebfa0675690bf6eb9c514", + "6df0c5e8223170acf789bf9b431f8c8c792dadc8194c1ab0da7e1926df128f89", + "b4e429e50a1d0441eb65a08386df57f386dd3f78992572a5cc11e05b679989f0", + "00e38dec7e06aad96186e8811f0119eb1b56369f73ce2b1d7e682084657db5d6" + ], + "mitre_attack_tags": [ + "TA0005", + "T1497" + ] + }, + { + "bi": "windows-crash-tool-execution-detected", + "hashes": [ + "fe8365c21e87e06f043cbe7bba77282f4ef863ec1e4daf3ff3d636f94220cc77", + "d87d470c2057041c3557a57eb7c5b00e979a7af48e7ebfa0675690bf6eb9c514", + "6df0c5e8223170acf789bf9b431f8c8c792dadc8194c1ab0da7e1926df128f89", + "b4e429e50a1d0441eb65a08386df57f386dd3f78992572a5cc11e05b679989f0", + "00e38dec7e06aad96186e8811f0119eb1b56369f73ce2b1d7e682084657db5d6" + ], + "mitre_attack_tags": [] + }, + { + "bi": "crash-dump-file-created", + "hashes": [ + "fe8365c21e87e06f043cbe7bba77282f4ef863ec1e4daf3ff3d636f94220cc77", + "d87d470c2057041c3557a57eb7c5b00e979a7af48e7ebfa0675690bf6eb9c514", + "6df0c5e8223170acf789bf9b431f8c8c792dadc8194c1ab0da7e1926df128f89", + "b4e429e50a1d0441eb65a08386df57f386dd3f78992572a5cc11e05b679989f0", + "00e38dec7e06aad96186e8811f0119eb1b56369f73ce2b1d7e682084657db5d6" + ], + "mitre_attack_tags": [] + }, + { + "bi": "fault-report-file-created", + "hashes": [ + "fe8365c21e87e06f043cbe7bba77282f4ef863ec1e4daf3ff3d636f94220cc77", + "d87d470c2057041c3557a57eb7c5b00e979a7af48e7ebfa0675690bf6eb9c514", + "6df0c5e8223170acf789bf9b431f8c8c792dadc8194c1ab0da7e1926df128f89", + "b4e429e50a1d0441eb65a08386df57f386dd3f78992572a5cc11e05b679989f0", + "00e38dec7e06aad96186e8811f0119eb1b56369f73ce2b1d7e682084657db5d6" + ], + "mitre_attack_tags": [] + }, + { + "bi": "pe-certificate", + "hashes": [ + "fe8365c21e87e06f043cbe7bba77282f4ef863ec1e4daf3ff3d636f94220cc77", + "d87d470c2057041c3557a57eb7c5b00e979a7af48e7ebfa0675690bf6eb9c514", + "6df0c5e8223170acf789bf9b431f8c8c792dadc8194c1ab0da7e1926df128f89", + "b4e429e50a1d0441eb65a08386df57f386dd3f78992572a5cc11e05b679989f0", + "00e38dec7e06aad96186e8811f0119eb1b56369f73ce2b1d7e682084657db5d6" + ], + "mitre_attack_tags": [] + }, + { + "bi": "artifact-exec-extension-obfuscation", + "hashes": [ + "fe8365c21e87e06f043cbe7bba77282f4ef863ec1e4daf3ff3d636f94220cc77", + "d87d470c2057041c3557a57eb7c5b00e979a7af48e7ebfa0675690bf6eb9c514", + "6df0c5e8223170acf789bf9b431f8c8c792dadc8194c1ab0da7e1926df128f89", + "b4e429e50a1d0441eb65a08386df57f386dd3f78992572a5cc11e05b679989f0", + "00e38dec7e06aad96186e8811f0119eb1b56369f73ce2b1d7e682084657db5d6" + ], + "mitre_attack_tags": [ + "TA0005", + "T1027" + ] + }, + { + "bi": "artifact-flagged-antianalysis", + "hashes": [ + "fe8365c21e87e06f043cbe7bba77282f4ef863ec1e4daf3ff3d636f94220cc77", + "d87d470c2057041c3557a57eb7c5b00e979a7af48e7ebfa0675690bf6eb9c514", + "6df0c5e8223170acf789bf9b431f8c8c792dadc8194c1ab0da7e1926df128f89", + "b4e429e50a1d0441eb65a08386df57f386dd3f78992572a5cc11e05b679989f0", + "00e38dec7e06aad96186e8811f0119eb1b56369f73ce2b1d7e682084657db5d6" + ], + "mitre_attack_tags": [ + "TA0005", + "T1027" + ] + }, + { + "bi": "network-fast-flux-nameserver", + "hashes": [ + "309899a737816d8291685aeb67618be893d201317399830ae4a6f7d7e9858000", + "4ad9b2c71f0eafb891f414285257264f921c343864188c1398f68b61726f758d", + "61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586", + "4a6604cb3a9a6570eaacffb681b3ccd28d2521f03bb449f1a205525dd8172046" + ], + "mitre_attack_tags": [] + }, + { + "bi": "dns-query-nxdomain", + "hashes": [ + "309899a737816d8291685aeb67618be893d201317399830ae4a6f7d7e9858000", + "4ad9b2c71f0eafb891f414285257264f921c343864188c1398f68b61726f758d", + "61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586", + "4a6604cb3a9a6570eaacffb681b3ccd28d2521f03bb449f1a205525dd8172046" + ], + "mitre_attack_tags": [] + }, + { + "bi": "feed-domain-antivirus-service", + "hashes": [ + "309899a737816d8291685aeb67618be893d201317399830ae4a6f7d7e9858000", + "4ad9b2c71f0eafb891f414285257264f921c343864188c1398f68b61726f758d", + "61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586", + "4a6604cb3a9a6570eaacffb681b3ccd28d2521f03bb449f1a205525dd8172046" + ], + "mitre_attack_tags": [] + }, + { + "bi": "network-communications-http-get", + "hashes": [ + "309899a737816d8291685aeb67618be893d201317399830ae4a6f7d7e9858000", + "4ad9b2c71f0eafb891f414285257264f921c343864188c1398f68b61726f758d", + "61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586" + ], + "mitre_attack_tags": [ + "TA0011", + "TA0010", + "T1105", + "T1043" + ] + }, + { + "bi": "netbios-query", + "hashes": [ + "309899a737816d8291685aeb67618be893d201317399830ae4a6f7d7e9858000", + "4ad9b2c71f0eafb891f414285257264f921c343864188c1398f68b61726f758d", + "4a6604cb3a9a6570eaacffb681b3ccd28d2521f03bb449f1a205525dd8172046" + ], + "mitre_attack_tags": [] + }, + { + "bi": "process-with-multiple-children", + "hashes": [ + "309899a737816d8291685aeb67618be893d201317399830ae4a6f7d7e9858000", + "4ad9b2c71f0eafb891f414285257264f921c343864188c1398f68b61726f758d", + "4a6604cb3a9a6570eaacffb681b3ccd28d2521f03bb449f1a205525dd8172046" + ], + "mitre_attack_tags": [ + "TA0005" + ] + }, + { + "bi": "network-dns-category-new", + "hashes": [ + "309899a737816d8291685aeb67618be893d201317399830ae4a6f7d7e9858000", + "4ad9b2c71f0eafb891f414285257264f921c343864188c1398f68b61726f758d" + ], + "mitre_attack_tags": [] + }, + { + "bi": "network-snort-malware", + "hashes": [ + "309899a737816d8291685aeb67618be893d201317399830ae4a6f7d7e9858000", + "4ad9b2c71f0eafb891f414285257264f921c343864188c1398f68b61726f758d" + ], + "mitre_attack_tags": [] + }, + { + "bi": "excessive-foreign-memory-modification", + "hashes": [ + "9d96b364c973c091ff9e621c1ded677389e00acf7fc33e9977199824cf4e26f2", + "61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586" + ], + "mitre_attack_tags": [ + "TA0005", + "T1055" + ] + }, + { + "bi": "antivirus-service-flagged-artifact-mid", + "hashes": [ + "fe8365c21e87e06f043cbe7bba77282f4ef863ec1e4daf3ff3d636f94220cc77" + ], + "mitre_attack_tags": [] + }, + { + "bi": "sample-launched-copy-of-self", + "hashes": [ + "9d96b364c973c091ff9e621c1ded677389e00acf7fc33e9977199824cf4e26f2" + ], + "mitre_attack_tags": [ + "TA0005", + "T1202" + ] + }, + { + "bi": "process-created-apt29-named-pipe", + "hashes": [ + "9d96b364c973c091ff9e621c1ded677389e00acf7fc33e9977199824cf4e26f2" + ], + "mitre_attack_tags": [ + "TA0011", + "TA0005" + ] + }, + { + "bi": "modified-executable", + "hashes": [ + "61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586" + ], + "mitre_attack_tags": [] + }, + { + "bi": "created-executable-in-user-dir", + "hashes": [ + "61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586" + ], + "mitre_attack_tags": [] + }, + { + "bi": "pe-invalid-checksum", + "hashes": [ + "61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586" + ], + "mitre_attack_tags": [] + }, + { + "bi": "registry-service-with-autostart-created", + "hashes": [ + "61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586" + ], + "mitre_attack_tags": [ + "TA0003", + "T1112", + "T1058" + ] + }, + { + "bi": "currentcontrolset-service-added", + "hashes": [ + "61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586" + ], + "mitre_attack_tags": [ + "TA0002", + "TA0003", + "T1035", + "T1060" + ] + }, + { + "bi": "process-long-cmdline", + "hashes": [ + "61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586" + ], + "mitre_attack_tags": [ + "TA0005", + "T1027" + ] + }, + { + "bi": "network-fast-flux-domain", + "hashes": [ + "61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586" + ], + "mitre_attack_tags": [] + }, + { + "bi": "network-communications-smtp", + "hashes": [ + "61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586" + ], + "mitre_attack_tags": [ + "TA0011", + "T1071" + ] + }, + { + "bi": "network-snort-protocol", + "hashes": [ + "61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586" + ], + "mitre_attack_tags": [] + }, + { + "bi": "network-smtp-spambot", + "hashes": [ + "61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586" + ], + "mitre_attack_tags": [] + }, + { + "bi": "network-only-safe-domains-contacted", + "hashes": [ + "61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586" + ], + "mitre_attack_tags": [] + }, + { + "bi": "feed-domain-rat", + "hashes": [ + "61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586" + ], + "mitre_attack_tags": [] + }, + { + "bi": "network-smtp-spambot-v2", + "hashes": [ + "61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586" + ], + "mitre_attack_tags": [] + }, + { + "bi": "network-snort-sensitive-data", + "hashes": [ + "61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586" + ], + "mitre_attack_tags": [] + }, + { + "bi": "process-requested-named-pipe", + "hashes": [ + "61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586" + ], + "mitre_attack_tags": [ + "TA0004", + "TA0005" + ] + }, + { + "bi": "network-dns-category-file-storage", + "hashes": [ + "61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586" + ], + "mitre_attack_tags": [] + }, + { + "bi": "suspicious-user-agent", + "hashes": [ + "61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586" + ], + "mitre_attack_tags": [ + "TA0011", + "T1071" + ] + }, + { + "bi": "deleted-submitted-file", + "hashes": [ + "61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586" + ], + "mitre_attack_tags": [ + "TA0005", + "T1107" + ] + }, + { + "bi": "listening-port-opened", + "hashes": [ + "61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586" + ], + "mitre_attack_tags": [ + "TA0011", + "T1219" + ] + }, + { + "bi": "process-svchost-suspicious-launch", + "hashes": [ + "61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586" + ], + "mitre_attack_tags": [ + "TA0005" + ] + }, + { + "bi": "localhost-ipaddress-detected", + "hashes": [ + "61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586" + ], + "mitre_attack_tags": [] + }, + { + "bi": "public-ip-address-identification-attempt", + "hashes": [ + "61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586" + ], + "mitre_attack_tags": [ + "TA0007", + "T1082", + "T1016" + ] + }, + { + "bi": "feed-public-ip-check-dns", + "hashes": [ + "61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586" + ], + "mitre_attack_tags": [] + }, + { + "bi": "cmd-exe-file-execution", + "hashes": [ + "61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586" + ], + "mitre_attack_tags": [ + "TA0002", + "T1059" + ] + }, + { + "bi": "registry-large-data-entry", + "hashes": [ + "61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586" + ], + "mitre_attack_tags": [ + "TA0005", + "T1112" + ] + }, + { + "bi": "malware-compound-cta-activity", + "hashes": [ + "61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586" + ], + "mitre_attack_tags": [] + }, + { + "bi": "sc-service-start", + "hashes": [ + "61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586" + ], + "mitre_attack_tags": [ + "TA0002", + "TA0003", + "T1035", + "T1031" + ] + }, + { + "bi": "netbios-null-domain", + "hashes": [ + "61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586" + ], + "mitre_attack_tags": [] + }, + { + "bi": "file-alternate-data-stream-modification", + "hashes": [ + "61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586" + ], + "mitre_attack_tags": [ + "TA0005" + ] + }, + { + "bi": "malware-tofsee-cmd-detected", + "hashes": [ + "61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586" + ], + "mitre_attack_tags": [] + }, + { + "bi": "netsh-firewall-generic", + "hashes": [ + "61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586" + ], + "mitre_attack_tags": [ + "TA0005", + "T1016", + "T1089" + ] + }, + { + "bi": "sc-service-create", + "hashes": [ + "61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586" + ], + "mitre_attack_tags": [ + "TA0003", + "T1050" + ] + }, + { + "bi": "file-alternate-data-stream-creation", + "hashes": [ + "61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586" + ], + "mitre_attack_tags": [ + "TA0005", + "T1096" + ] + }, + { + "bi": "new-service-launched", + "hashes": [ + "61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586" + ], + "mitre_attack_tags": [ + "TA0002", + "TA0003", + "T1035" + ] + }, + { + "bi": "registry-windows-defender-exclusions-added", + "hashes": [ + "61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586" + ], + "mitre_attack_tags": [ + "TA0005", + "T1089" + ] + }, + { + "bi": "dns-bypassed-assigned-server", + "hashes": [ + "61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586" + ], + "mitre_attack_tags": [ + "TA0011", + "TA0005" + ] + }, + { + "bi": "netsh-firewall-add", + "hashes": [ + "61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586" + ], + "mitre_attack_tags": [ + "TA0011", + "TA0005", + "T1089" + ] + }, + { + "bi": "malware-tofsee-domain-detected", + "hashes": [ + "61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586" + ], + "mitre_attack_tags": [] + } + ], + "category": "Packed", + "coverage": { + "AMP": true, + "CWS": true, + "Cloudlock": false, + "Email Security": true, + "Network Security": true, + "Threat Grid": true, + "Umbrella": true, + "WSA": true + }, + "description": "Tofsee is multi-purpose malware that features a number of modules used to carry out various activities such as sending spam messages, conducting click-fraud, mining cryptocurrency and more. Infected systems become part of the Tofsee spam botnet and are used to send large volumes of spam messages in an effort to infect additional systems and increase the overall size of the botnet under the operator's control.", + "hashes": [ + "00e38dec7e06aad96186e8811f0119eb1b56369f73ce2b1d7e682084657db5d6", + "309899a737816d8291685aeb67618be893d201317399830ae4a6f7d7e9858000", + "4a6604cb3a9a6570eaacffb681b3ccd28d2521f03bb449f1a205525dd8172046", + "4ad9b2c71f0eafb891f414285257264f921c343864188c1398f68b61726f758d", + "61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586", + "6df0c5e8223170acf789bf9b431f8c8c792dadc8194c1ab0da7e1926df128f89", + "9d96b364c973c091ff9e621c1ded677389e00acf7fc33e9977199824cf4e26f2", + "b4e429e50a1d0441eb65a08386df57f386dd3f78992572a5cc11e05b679989f0", + "d87d470c2057041c3557a57eb7c5b00e979a7af48e7ebfa0675690bf6eb9c514", + "fe8365c21e87e06f043cbe7bba77282f4ef863ec1e4daf3ff3d636f94220cc77" + ], + "iocs": { + "domain": [ + { + "hashes": [ + "309899a737816d8291685aeb67618be893d201317399830ae4a6f7d7e9858000", + "4a6604cb3a9a6570eaacffb681b3ccd28d2521f03bb449f1a205525dd8172046", + "4ad9b2c71f0eafb891f414285257264f921c343864188c1398f68b61726f758d" + ], + "host": "mcc[.]avast[.]com" + }, + { + "hashes": [ + "309899a737816d8291685aeb67618be893d201317399830ae4a6f7d7e9858000", + "4a6604cb3a9a6570eaacffb681b3ccd28d2521f03bb449f1a205525dd8172046", + "4ad9b2c71f0eafb891f414285257264f921c343864188c1398f68b61726f758d" + ], + "host": "line[.]beibiandmom[.]com" + }, + { + "hashes": [ + "61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586" + ], + "host": "schema[.]org" + }, + { + "hashes": [ + "61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586" + ], + "host": "ipinfo[.]io" + }, + { + "hashes": [ + "61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586" + ], + "host": "microsoft-com[.]mail[.]protection[.]outlook[.]com" + }, + { + "hashes": [ + "61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586" + ], + "host": "117[.]151[.]167[.]12[.]in-addr[.]arpa" + }, + { + "hashes": [ + "61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586" + ], + "host": "252[.]5[.]55[.]69[.]zen[.]spamhaus[.]org" + }, + { + "hashes": [ + "61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586" + ], + "host": "252[.]5[.]55[.]69[.]in-addr[.]arpa" + }, + { + "hashes": [ + "61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586" + ], + "host": "252[.]5[.]55[.]69[.]bl[.]spamcop[.]net" + }, + { + "hashes": [ + "61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586" + ], + "host": "252[.]5[.]55[.]69[.]sbl-xbl[.]spamhaus[.]org" + }, + { + "hashes": [ + "61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586" + ], + "host": "252[.]5[.]55[.]69[.]cbl[.]abuseat[.]org" + }, + { + "hashes": [ + "61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586" + ], + "host": "252[.]5[.]55[.]69[.]dnsbl[.]sorbs[.]net" + } + ], + "file": [ + { + "hashes": [ + "00e38dec7e06aad96186e8811f0119eb1b56369f73ce2b1d7e682084657db5d6", + "6df0c5e8223170acf789bf9b431f8c8c792dadc8194c1ab0da7e1926df128f89", + "b4e429e50a1d0441eb65a08386df57f386dd3f78992572a5cc11e05b679989f0", + "d87d470c2057041c3557a57eb7c5b00e979a7af48e7ebfa0675690bf6eb9c514", + "fe8365c21e87e06f043cbe7bba77282f4ef863ec1e4daf3ff3d636f94220cc77" + ], + "path": "%TEMP%\\<random, matching '[a-f0-9]{3,5}'>_appcompat.txt" + }, + { + "hashes": [ + "00e38dec7e06aad96186e8811f0119eb1b56369f73ce2b1d7e682084657db5d6", + "6df0c5e8223170acf789bf9b431f8c8c792dadc8194c1ab0da7e1926df128f89", + "b4e429e50a1d0441eb65a08386df57f386dd3f78992572a5cc11e05b679989f0", + "d87d470c2057041c3557a57eb7c5b00e979a7af48e7ebfa0675690bf6eb9c514", + "fe8365c21e87e06f043cbe7bba77282f4ef863ec1e4daf3ff3d636f94220cc77" + ], + "path": "%TEMP%\\<random, matching '[A-F0-9]{4,5}'>.dmp" + }, + { + "hashes": [ + "309899a737816d8291685aeb67618be893d201317399830ae4a6f7d7e9858000", + "4a6604cb3a9a6570eaacffb681b3ccd28d2521f03bb449f1a205525dd8172046", + "4ad9b2c71f0eafb891f414285257264f921c343864188c1398f68b61726f758d" + ], + "path": "%TEMP%\\www2.tmp" + }, + { + "hashes": [ + "309899a737816d8291685aeb67618be893d201317399830ae4a6f7d7e9858000", + "4a6604cb3a9a6570eaacffb681b3ccd28d2521f03bb449f1a205525dd8172046", + "4ad9b2c71f0eafb891f414285257264f921c343864188c1398f68b61726f758d" + ], + "path": "%TEMP%\\www3.tmp" + }, + { + "hashes": [ + "309899a737816d8291685aeb67618be893d201317399830ae4a6f7d7e9858000", + "4a6604cb3a9a6570eaacffb681b3ccd28d2521f03bb449f1a205525dd8172046", + "4ad9b2c71f0eafb891f414285257264f921c343864188c1398f68b61726f758d" + ], + "path": "%TEMP%\\www4.tmp" + }, + { + "hashes": [ + "309899a737816d8291685aeb67618be893d201317399830ae4a6f7d7e9858000", + "4a6604cb3a9a6570eaacffb681b3ccd28d2521f03bb449f1a205525dd8172046", + "4ad9b2c71f0eafb891f414285257264f921c343864188c1398f68b61726f758d" + ], + "path": "%HOMEPATH%\\Favorites\\Links\\Suggested Sites.url" + }, + { + "hashes": [ + "309899a737816d8291685aeb67618be893d201317399830ae4a6f7d7e9858000", + "4a6604cb3a9a6570eaacffb681b3ccd28d2521f03bb449f1a205525dd8172046", + "4ad9b2c71f0eafb891f414285257264f921c343864188c1398f68b61726f758d" + ], + "path": "%HOMEPATH%\\Local Settings\\Application Data\\Microsoft\\Feeds\\FeedsStore.feedsdb-ms" + }, + { + "hashes": [ + "309899a737816d8291685aeb67618be893d201317399830ae4a6f7d7e9858000", + "4a6604cb3a9a6570eaacffb681b3ccd28d2521f03bb449f1a205525dd8172046", + "4ad9b2c71f0eafb891f414285257264f921c343864188c1398f68b61726f758d" + ], + "path": "%HOMEPATH%\\Local Settings\\Application Data\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\WebSlices~\\Suggested Sites~.feed-ms" + }, + { + "hashes": [ + "00e38dec7e06aad96186e8811f0119eb1b56369f73ce2b1d7e682084657db5d6", + "b4e429e50a1d0441eb65a08386df57f386dd3f78992572a5cc11e05b679989f0", + "fe8365c21e87e06f043cbe7bba77282f4ef863ec1e4daf3ff3d636f94220cc77" + ], + "path": "%TEMP%\\CC4F.tmp" + }, + { + "hashes": [ + "6df0c5e8223170acf789bf9b431f8c8c792dadc8194c1ab0da7e1926df128f89", + "d87d470c2057041c3557a57eb7c5b00e979a7af48e7ebfa0675690bf6eb9c514" + ], + "path": "%TEMP%\\9419.tmp" + }, + { + "hashes": [ + "61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586" + ], + "path": "%SystemRoot%\\SysWOW64\\config\\systemprofile" + }, + { + "hashes": [ + "61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586" + ], + "path": "%SystemRoot%\\SysWOW64\\config\\systemprofile:.repos" + }, + { + "hashes": [ + "61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586" + ], + "path": "%SystemRoot%\\SysWOW64\\lesyxfla" + }, + { + "hashes": [ + "61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586" + ], + "path": "%TEMP%\\pysxpojf.exe" + }, + { + "hashes": [ + "61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586" + ], + "path": "%TEMP%\\evryposw.exe" + }, + { + "hashes": [ + "9d96b364c973c091ff9e621c1ded677389e00acf7fc33e9977199824cf4e26f2" + ], + "path": "\\MSSE-4155-server" + }, + { + "hashes": [ + "61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586" + ], + "path": "%System32%\\tgmnzkpo\\pysxpojf.exe (copy)" + }, + { + "hashes": [ + "9d96b364c973c091ff9e621c1ded677389e00acf7fc33e9977199824cf4e26f2" + ], + "path": "\\MSSE-6892-server" + } + ], + "ip": [ + { + "hashes": [ + "309899a737816d8291685aeb67618be893d201317399830ae4a6f7d7e9858000", + "4ad9b2c71f0eafb891f414285257264f921c343864188c1398f68b61726f758d" + ], + "ip": "185[.]98[.]87[.]176" + }, + { + "hashes": [ + "309899a737816d8291685aeb67618be893d201317399830ae4a6f7d7e9858000", + "4ad9b2c71f0eafb891f414285257264f921c343864188c1398f68b61726f758d" + ], + "ip": "45[.]143[.]137[.]184" + }, + { + "hashes": [ + "61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586" + ], + "ip": "239[.]255[.]255[.]250" + }, + { + "hashes": [ + "309899a737816d8291685aeb67618be893d201317399830ae4a6f7d7e9858000" + ], + "ip": "13[.]107[.]21[.]200" + }, + { + "hashes": [ + "61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586" + ], + "ip": "216[.]239[.]36[.]21" + }, + { + "hashes": [ + "61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586" + ], + "ip": "216[.]239[.]38[.]21" + }, + { + "hashes": [ + "61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586" + ], + "ip": "104[.]47[.]8[.]33" + }, + { + "hashes": [ + "61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586" + ], + "ip": "43[.]231[.]4[.]7" + }, + { + "hashes": [ + "61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586" + ], + "ip": "104[.]47[.]10[.]33" + }, + { + "hashes": [ + "61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586" + ], + "ip": "40[.]113[.]200[.]201" + }, + { + "hashes": [ + "61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586" + ], + "ip": "157[.]240[.]18[.]174" + }, + { + "hashes": [ + "61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586" + ], + "ip": "104[.]47[.]54[.]36" + }, + { + "hashes": [ + "61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586" + ], + "ip": "12[.]167[.]151[.]117" + }, + { + "hashes": [ + "309899a737816d8291685aeb67618be893d201317399830ae4a6f7d7e9858000" + ], + "ip": "204[.]79[.]197[.]200" + }, + { + "hashes": [ + "61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586" + ], + "ip": "69[.]55[.]5[.]252" + }, + { + "hashes": [ + "61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586" + ], + "ip": "104[.]28[.]19[.]94" + }, + { + "hashes": [ + "61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586" + ], + "ip": "157[.]240[.]2[.]174" + }, + { + "hashes": [ + "61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586" + ], + "ip": "172[.]217[.]197[.]106" + }, + { + "hashes": [ + "9d96b364c973c091ff9e621c1ded677389e00acf7fc33e9977199824cf4e26f2" + ], + "ip": "141[.]105[.]69[.]247" + }, + { + "hashes": [ + "61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586" + ], + "ip": "85[.]114[.]134[.]88" + }, + { + "hashes": [ + "61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586" + ], + "ip": "192[.]0[.]50[.]54" + }, + { + "hashes": [ + "61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586" + ], + "ip": "192[.]0[.]51[.]239" + }, + { + "hashes": [ + "61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586" + ], + "ip": "172[.]217[.]13[.]228" + }, + { + "hashes": [ + "61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586" + ], + "ip": "217[.]172[.]179[.]54" + }, + { + "hashes": [ + "61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586" + ], + "ip": "5[.]9[.]72[.]48" + }, + { + "hashes": [ + "61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586" + ], + "ip": "130[.]0[.]232[.]208" + }, + { + "hashes": [ + "61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586" + ], + "ip": "144[.]76[.]108[.]82" + }, + { + "hashes": [ + "61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586" + ], + "ip": "185[.]253[.]217[.]20" + }, + { + "hashes": [ + "61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586" + ], + "ip": "45[.]90[.]34[.]87" + }, + { + "hashes": [ + "61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586" + ], + "ip": "192[.]0[.]50[.]87" + }, + { + "hashes": [ + "309899a737816d8291685aeb67618be893d201317399830ae4a6f7d7e9858000" + ], + "ip": "77[.]87[.]213[.]82" + }, + { + "hashes": [ + "4a6604cb3a9a6570eaacffb681b3ccd28d2521f03bb449f1a205525dd8172046" + ], + "ip": "145[.]249[.]106[.]236" + }, + { + "hashes": [ + "61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586" + ], + "ip": "172[.]217[.]197[.]103" + }, + { + "hashes": [ + "61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586" + ], + "ip": "172[.]217[.]197[.]147" + }, + { + "hashes": [ + "61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586" + ], + "ip": "172[.]217[.]197[.]99" + }, + { + "hashes": [ + "61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586" + ], + "ip": "172[.]217[.]197[.]104/31" + } + ], + "mutex": [ + { + "hashes": [ + "00e38dec7e06aad96186e8811f0119eb1b56369f73ce2b1d7e682084657db5d6", + "6df0c5e8223170acf789bf9b431f8c8c792dadc8194c1ab0da7e1926df128f89", + "b4e429e50a1d0441eb65a08386df57f386dd3f78992572a5cc11e05b679989f0", + "d87d470c2057041c3557a57eb7c5b00e979a7af48e7ebfa0675690bf6eb9c514", + "fe8365c21e87e06f043cbe7bba77282f4ef863ec1e4daf3ff3d636f94220cc77" + ], + "name": "Global\\<random guid>" + } + ], + "registry": [ + { + "hashes": [ + "61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586" + ], + "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS DEFENDER\\EXCLUSIONS\\PATHS", + "value_name": "C:\\Windows\\SysWOW64\\lesyxfla" + }, + { + "hashes": [ + "61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586" + ], + "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\LESYXFLA", + "value_name": "Type" + }, + { + "hashes": [ + "61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586" + ], + "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\LESYXFLA", + "value_name": "Start" + }, + { + "hashes": [ + "61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586" + ], + "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\LESYXFLA", + "value_name": "ErrorControl" + }, + { + "hashes": [ + "61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586" + ], + "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\LESYXFLA", + "value_name": "DisplayName" + }, + { + "hashes": [ + "61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586" + ], + "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\LESYXFLA", + "value_name": "WOW64" + }, + { + "hashes": [ + "61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586" + ], + "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\LESYXFLA", + "value_name": "ObjectName" + }, + { + "hashes": [ + "61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586" + ], + "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\LESYXFLA", + "value_name": "Description" + }, + { + "hashes": [ + "61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586" + ], + "key": "<HKU>\\.DEFAULT\\CONTROL PANEL\\BUSES", + "value_name": null + }, + { + "hashes": [ + "61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586" + ], + "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\LESYXFLA", + "value_name": null + }, + { + "hashes": [ + "61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586" + ], + "key": "<HKU>\\.DEFAULT\\CONTROL PANEL\\BUSES", + "value_name": "Config2" + }, + { + "hashes": [ + "61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586" + ], + "key": "<HKU>\\.DEFAULT\\CONTROL PANEL\\BUSES", + "value_name": "Config0" + }, + { + "hashes": [ + "61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586" + ], + "key": "<HKU>\\.DEFAULT\\CONTROL PANEL\\BUSES", + "value_name": "Config1" + }, + { + "hashes": [ + "61fba56962fe5e52536f496140b7fd0f95b4f36ad4c3fd758547b9bcb6f2e586" + ], + "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\LESYXFLA", + "value_name": "ImagePath" + } + ] + }, + "reports_count": 10 + }, + "Win.Trojan.Mikey-7914350-0": { + "bis": [ + { + "bi": "pe-encrypted-section", + "hashes": [ + "37dae85fa1f091a9c4270b77c628f46f559a8ed9d7a8302278ed348fbfa9fec0", + "049c2426192d0e9d1fc2db3ebd48e07166dab4e0c840b22d0f45ede076f61389", + "01bc3645259d6553ae26142e215713d74a4ab9b72ce70a0e407ef0b0c24f3a78", + "3d7043f6f4bd7a68f0829df9bacf696dc7e9ea36f5642a35efc197b98612f0e5", + "378819dbd951424471777f89811e16d58010b1161254b4b74bdf487861e5a5f7", + "1930371eb1a0cec8e5b7311f5476053304cff52572d3304cb71044159d7711ed", + "3bd0b289aa4a812494c325fe9364eacbc1e800e312d9048db9bc48c49ced3523", + "44a965a9c0f214704c2cd8c993ed701347e0fcd81132d4ee7085b22fe5031d48", + "341822381fec4eaec4d7735ccd63c250f7a93caab334cd6b44d3a7c7f623ef39", + "22ff13fa4513f554f10b6a38ee3f642cb2996788e4c6c4cfbed2962118ef73fd", + "0f07c570d967fdd014a1990c6b0bddaa8d0e096841faa93f3afdc1f55779d868", + "21eb0a07f6cbdaa846bc90ada59c653873674d1c417e86bad60619f28ce86102", + "2c35fea69feeff1bd9031260d8c11a46473c82fb5be8cbe185eb486fb5f72c84", + "19b2f654cd22a980242d96f861693c1a0d838df3d3627fb5247edf615badedea", + "46d1fa84a261bf0f281f59544a2d5175091c2a672864ed93301558cd80b82b3f", + "346a4804c4c61e3573b96fbfc1c3912087f2f68c01e4d50ba24e1e80c3aad02f", + "31eeee772b983f6553c1721920e8a9c4ffd4f9c9197ab8161d278347ac538f0a", + "1be801bcfc361a65283c4e8d07d2217d35a5ba9d356496a6c4f87043fc356f58", + "0d8f3110fbd771989644939a3b0fcff866870ff88c05df7ee5a1235e4c4749f8", + "19f84524d2718c165108376091927e42b63e2c8da8c2f92a37ae4c9c8d9275da", + "2b307f42f7cf30065cce12063b3bcb8803a1e19d4aa73792f440b0f80c91fcf3", + "2c45116ab57056f76d28d7a8929f1033bfdaaaaf2bf4a443ff150d75ae2b6013", + "4c044cec574a1b83c341b25e2b3febec0955e3d8163f3ecd3c3ccfff800f0608", + "1627c2372a603ac231a8709998ab1bf1096dea2e014cadd145afcf1dc550337e", + "20edee9146f0772dac4efb13e92b9aa0c267c95ae509d751c8a991f0a95d0d2b" + ], + "mitre_attack_tags": [ + "TA0005", + "T1027" + ] + }, + { + "bi": "memory-execute-readwrite", + "hashes": [ + "37dae85fa1f091a9c4270b77c628f46f559a8ed9d7a8302278ed348fbfa9fec0", + "049c2426192d0e9d1fc2db3ebd48e07166dab4e0c840b22d0f45ede076f61389", + "01bc3645259d6553ae26142e215713d74a4ab9b72ce70a0e407ef0b0c24f3a78", + "3d7043f6f4bd7a68f0829df9bacf696dc7e9ea36f5642a35efc197b98612f0e5", + "378819dbd951424471777f89811e16d58010b1161254b4b74bdf487861e5a5f7", + "1930371eb1a0cec8e5b7311f5476053304cff52572d3304cb71044159d7711ed", + "3bd0b289aa4a812494c325fe9364eacbc1e800e312d9048db9bc48c49ced3523", + "44a965a9c0f214704c2cd8c993ed701347e0fcd81132d4ee7085b22fe5031d48", + "341822381fec4eaec4d7735ccd63c250f7a93caab334cd6b44d3a7c7f623ef39", + "22ff13fa4513f554f10b6a38ee3f642cb2996788e4c6c4cfbed2962118ef73fd", + "0f07c570d967fdd014a1990c6b0bddaa8d0e096841faa93f3afdc1f55779d868", + "21eb0a07f6cbdaa846bc90ada59c653873674d1c417e86bad60619f28ce86102", + "2c35fea69feeff1bd9031260d8c11a46473c82fb5be8cbe185eb486fb5f72c84", + "19b2f654cd22a980242d96f861693c1a0d838df3d3627fb5247edf615badedea", + "46d1fa84a261bf0f281f59544a2d5175091c2a672864ed93301558cd80b82b3f", + "346a4804c4c61e3573b96fbfc1c3912087f2f68c01e4d50ba24e1e80c3aad02f", + "31eeee772b983f6553c1721920e8a9c4ffd4f9c9197ab8161d278347ac538f0a", + "1be801bcfc361a65283c4e8d07d2217d35a5ba9d356496a6c4f87043fc356f58", + "0d8f3110fbd771989644939a3b0fcff866870ff88c05df7ee5a1235e4c4749f8", + "19f84524d2718c165108376091927e42b63e2c8da8c2f92a37ae4c9c8d9275da", + "2b307f42f7cf30065cce12063b3bcb8803a1e19d4aa73792f440b0f80c91fcf3", + "2c45116ab57056f76d28d7a8929f1033bfdaaaaf2bf4a443ff150d75ae2b6013", + "4c044cec574a1b83c341b25e2b3febec0955e3d8163f3ecd3c3ccfff800f0608", + "1627c2372a603ac231a8709998ab1bf1096dea2e014cadd145afcf1dc550337e", + "20edee9146f0772dac4efb13e92b9aa0c267c95ae509d751c8a991f0a95d0d2b" + ], + "mitre_attack_tags": [ + "TA0005", + "TA0004", + "T1055", + "T1181" + ] + }, + { + "bi": "antivirus-service-flagged-artifact", + "hashes": [ + "37dae85fa1f091a9c4270b77c628f46f559a8ed9d7a8302278ed348fbfa9fec0", + "049c2426192d0e9d1fc2db3ebd48e07166dab4e0c840b22d0f45ede076f61389", + "01bc3645259d6553ae26142e215713d74a4ab9b72ce70a0e407ef0b0c24f3a78", + "3d7043f6f4bd7a68f0829df9bacf696dc7e9ea36f5642a35efc197b98612f0e5", + "378819dbd951424471777f89811e16d58010b1161254b4b74bdf487861e5a5f7", + "1930371eb1a0cec8e5b7311f5476053304cff52572d3304cb71044159d7711ed", + "3bd0b289aa4a812494c325fe9364eacbc1e800e312d9048db9bc48c49ced3523", + "44a965a9c0f214704c2cd8c993ed701347e0fcd81132d4ee7085b22fe5031d48", + "341822381fec4eaec4d7735ccd63c250f7a93caab334cd6b44d3a7c7f623ef39", + "22ff13fa4513f554f10b6a38ee3f642cb2996788e4c6c4cfbed2962118ef73fd", + "0f07c570d967fdd014a1990c6b0bddaa8d0e096841faa93f3afdc1f55779d868", + "21eb0a07f6cbdaa846bc90ada59c653873674d1c417e86bad60619f28ce86102", + "2c35fea69feeff1bd9031260d8c11a46473c82fb5be8cbe185eb486fb5f72c84", + "19b2f654cd22a980242d96f861693c1a0d838df3d3627fb5247edf615badedea", + "46d1fa84a261bf0f281f59544a2d5175091c2a672864ed93301558cd80b82b3f", + "346a4804c4c61e3573b96fbfc1c3912087f2f68c01e4d50ba24e1e80c3aad02f", + "31eeee772b983f6553c1721920e8a9c4ffd4f9c9197ab8161d278347ac538f0a", + "1be801bcfc361a65283c4e8d07d2217d35a5ba9d356496a6c4f87043fc356f58", + "0d8f3110fbd771989644939a3b0fcff866870ff88c05df7ee5a1235e4c4749f8", + "19f84524d2718c165108376091927e42b63e2c8da8c2f92a37ae4c9c8d9275da", + "2b307f42f7cf30065cce12063b3bcb8803a1e19d4aa73792f440b0f80c91fcf3", + "2c45116ab57056f76d28d7a8929f1033bfdaaaaf2bf4a443ff150d75ae2b6013", + "4c044cec574a1b83c341b25e2b3febec0955e3d8163f3ecd3c3ccfff800f0608", + "1627c2372a603ac231a8709998ab1bf1096dea2e014cadd145afcf1dc550337e", + "20edee9146f0772dac4efb13e92b9aa0c267c95ae509d751c8a991f0a95d0d2b" + ], + "mitre_attack_tags": [] + }, + { + "bi": "cta-static-analyzer-malicious", + "hashes": [ + "37dae85fa1f091a9c4270b77c628f46f559a8ed9d7a8302278ed348fbfa9fec0", + "049c2426192d0e9d1fc2db3ebd48e07166dab4e0c840b22d0f45ede076f61389", + "01bc3645259d6553ae26142e215713d74a4ab9b72ce70a0e407ef0b0c24f3a78", + "3d7043f6f4bd7a68f0829df9bacf696dc7e9ea36f5642a35efc197b98612f0e5", + "378819dbd951424471777f89811e16d58010b1161254b4b74bdf487861e5a5f7", + "1930371eb1a0cec8e5b7311f5476053304cff52572d3304cb71044159d7711ed", + "3bd0b289aa4a812494c325fe9364eacbc1e800e312d9048db9bc48c49ced3523", + "44a965a9c0f214704c2cd8c993ed701347e0fcd81132d4ee7085b22fe5031d48", + "341822381fec4eaec4d7735ccd63c250f7a93caab334cd6b44d3a7c7f623ef39", + "22ff13fa4513f554f10b6a38ee3f642cb2996788e4c6c4cfbed2962118ef73fd", + "0f07c570d967fdd014a1990c6b0bddaa8d0e096841faa93f3afdc1f55779d868", + "21eb0a07f6cbdaa846bc90ada59c653873674d1c417e86bad60619f28ce86102", + "2c35fea69feeff1bd9031260d8c11a46473c82fb5be8cbe185eb486fb5f72c84", + "19b2f654cd22a980242d96f861693c1a0d838df3d3627fb5247edf615badedea", + "46d1fa84a261bf0f281f59544a2d5175091c2a672864ed93301558cd80b82b3f", + "346a4804c4c61e3573b96fbfc1c3912087f2f68c01e4d50ba24e1e80c3aad02f", + "31eeee772b983f6553c1721920e8a9c4ffd4f9c9197ab8161d278347ac538f0a", + "1be801bcfc361a65283c4e8d07d2217d35a5ba9d356496a6c4f87043fc356f58", + "0d8f3110fbd771989644939a3b0fcff866870ff88c05df7ee5a1235e4c4749f8", + "19f84524d2718c165108376091927e42b63e2c8da8c2f92a37ae4c9c8d9275da", + "2b307f42f7cf30065cce12063b3bcb8803a1e19d4aa73792f440b0f80c91fcf3", + "2c45116ab57056f76d28d7a8929f1033bfdaaaaf2bf4a443ff150d75ae2b6013", + "4c044cec574a1b83c341b25e2b3febec0955e3d8163f3ecd3c3ccfff800f0608", + "1627c2372a603ac231a8709998ab1bf1096dea2e014cadd145afcf1dc550337e", + "20edee9146f0772dac4efb13e92b9aa0c267c95ae509d751c8a991f0a95d0d2b" + ], + "mitre_attack_tags": [] + }, + { + "bi": "imports-IsDebuggerPresent", + "hashes": [ + "37dae85fa1f091a9c4270b77c628f46f559a8ed9d7a8302278ed348fbfa9fec0", + "049c2426192d0e9d1fc2db3ebd48e07166dab4e0c840b22d0f45ede076f61389", + "01bc3645259d6553ae26142e215713d74a4ab9b72ce70a0e407ef0b0c24f3a78", + "3d7043f6f4bd7a68f0829df9bacf696dc7e9ea36f5642a35efc197b98612f0e5", + "378819dbd951424471777f89811e16d58010b1161254b4b74bdf487861e5a5f7", + "1930371eb1a0cec8e5b7311f5476053304cff52572d3304cb71044159d7711ed", + "3bd0b289aa4a812494c325fe9364eacbc1e800e312d9048db9bc48c49ced3523", + "44a965a9c0f214704c2cd8c993ed701347e0fcd81132d4ee7085b22fe5031d48", + "341822381fec4eaec4d7735ccd63c250f7a93caab334cd6b44d3a7c7f623ef39", + "22ff13fa4513f554f10b6a38ee3f642cb2996788e4c6c4cfbed2962118ef73fd", + "0f07c570d967fdd014a1990c6b0bddaa8d0e096841faa93f3afdc1f55779d868", + "21eb0a07f6cbdaa846bc90ada59c653873674d1c417e86bad60619f28ce86102", + "2c35fea69feeff1bd9031260d8c11a46473c82fb5be8cbe185eb486fb5f72c84", + "19b2f654cd22a980242d96f861693c1a0d838df3d3627fb5247edf615badedea", + "46d1fa84a261bf0f281f59544a2d5175091c2a672864ed93301558cd80b82b3f", + "346a4804c4c61e3573b96fbfc1c3912087f2f68c01e4d50ba24e1e80c3aad02f", + "31eeee772b983f6553c1721920e8a9c4ffd4f9c9197ab8161d278347ac538f0a", + "1be801bcfc361a65283c4e8d07d2217d35a5ba9d356496a6c4f87043fc356f58", + "0d8f3110fbd771989644939a3b0fcff866870ff88c05df7ee5a1235e4c4749f8", + "19f84524d2718c165108376091927e42b63e2c8da8c2f92a37ae4c9c8d9275da", + "2b307f42f7cf30065cce12063b3bcb8803a1e19d4aa73792f440b0f80c91fcf3", + "2c45116ab57056f76d28d7a8929f1033bfdaaaaf2bf4a443ff150d75ae2b6013", + "4c044cec574a1b83c341b25e2b3febec0955e3d8163f3ecd3c3ccfff800f0608", + "1627c2372a603ac231a8709998ab1bf1096dea2e014cadd145afcf1dc550337e", + "20edee9146f0772dac4efb13e92b9aa0c267c95ae509d751c8a991f0a95d0d2b" + ], + "mitre_attack_tags": [] + }, + { + "bi": "modified-executable", + "hashes": [ + "37dae85fa1f091a9c4270b77c628f46f559a8ed9d7a8302278ed348fbfa9fec0", + "049c2426192d0e9d1fc2db3ebd48e07166dab4e0c840b22d0f45ede076f61389", + "01bc3645259d6553ae26142e215713d74a4ab9b72ce70a0e407ef0b0c24f3a78", + "1930371eb1a0cec8e5b7311f5476053304cff52572d3304cb71044159d7711ed", + "3bd0b289aa4a812494c325fe9364eacbc1e800e312d9048db9bc48c49ced3523", + "44a965a9c0f214704c2cd8c993ed701347e0fcd81132d4ee7085b22fe5031d48", + "341822381fec4eaec4d7735ccd63c250f7a93caab334cd6b44d3a7c7f623ef39", + "22ff13fa4513f554f10b6a38ee3f642cb2996788e4c6c4cfbed2962118ef73fd", + "0f07c570d967fdd014a1990c6b0bddaa8d0e096841faa93f3afdc1f55779d868", + "21eb0a07f6cbdaa846bc90ada59c653873674d1c417e86bad60619f28ce86102", + "346a4804c4c61e3573b96fbfc1c3912087f2f68c01e4d50ba24e1e80c3aad02f", + "1be801bcfc361a65283c4e8d07d2217d35a5ba9d356496a6c4f87043fc356f58", + "0d8f3110fbd771989644939a3b0fcff866870ff88c05df7ee5a1235e4c4749f8", + "19f84524d2718c165108376091927e42b63e2c8da8c2f92a37ae4c9c8d9275da", + "2b307f42f7cf30065cce12063b3bcb8803a1e19d4aa73792f440b0f80c91fcf3", + "2c45116ab57056f76d28d7a8929f1033bfdaaaaf2bf4a443ff150d75ae2b6013", + "4c044cec574a1b83c341b25e2b3febec0955e3d8163f3ecd3c3ccfff800f0608", + "1627c2372a603ac231a8709998ab1bf1096dea2e014cadd145afcf1dc550337e", + "20edee9146f0772dac4efb13e92b9aa0c267c95ae509d751c8a991f0a95d0d2b" + ], + "mitre_attack_tags": [] + }, + { + "bi": "feed-domain-antivirus-service", + "hashes": [ + "37dae85fa1f091a9c4270b77c628f46f559a8ed9d7a8302278ed348fbfa9fec0", + "049c2426192d0e9d1fc2db3ebd48e07166dab4e0c840b22d0f45ede076f61389", + "01bc3645259d6553ae26142e215713d74a4ab9b72ce70a0e407ef0b0c24f3a78", + "1930371eb1a0cec8e5b7311f5476053304cff52572d3304cb71044159d7711ed", + "3bd0b289aa4a812494c325fe9364eacbc1e800e312d9048db9bc48c49ced3523", + "44a965a9c0f214704c2cd8c993ed701347e0fcd81132d4ee7085b22fe5031d48", + "341822381fec4eaec4d7735ccd63c250f7a93caab334cd6b44d3a7c7f623ef39", + "22ff13fa4513f554f10b6a38ee3f642cb2996788e4c6c4cfbed2962118ef73fd", + "19f84524d2718c165108376091927e42b63e2c8da8c2f92a37ae4c9c8d9275da", + "2b307f42f7cf30065cce12063b3bcb8803a1e19d4aa73792f440b0f80c91fcf3", + "4c044cec574a1b83c341b25e2b3febec0955e3d8163f3ecd3c3ccfff800f0608", + "20edee9146f0772dac4efb13e92b9aa0c267c95ae509d751c8a991f0a95d0d2b" + ], + "mitre_attack_tags": [] + }, + { + "bi": "modified-file-in-user-dir", + "hashes": [ + "0f07c570d967fdd014a1990c6b0bddaa8d0e096841faa93f3afdc1f55779d868", + "21eb0a07f6cbdaa846bc90ada59c653873674d1c417e86bad60619f28ce86102", + "2c35fea69feeff1bd9031260d8c11a46473c82fb5be8cbe185eb486fb5f72c84", + "346a4804c4c61e3573b96fbfc1c3912087f2f68c01e4d50ba24e1e80c3aad02f", + "1be801bcfc361a65283c4e8d07d2217d35a5ba9d356496a6c4f87043fc356f58", + "0d8f3110fbd771989644939a3b0fcff866870ff88c05df7ee5a1235e4c4749f8", + "19f84524d2718c165108376091927e42b63e2c8da8c2f92a37ae4c9c8d9275da", + "2b307f42f7cf30065cce12063b3bcb8803a1e19d4aa73792f440b0f80c91fcf3", + "2c45116ab57056f76d28d7a8929f1033bfdaaaaf2bf4a443ff150d75ae2b6013", + "4c044cec574a1b83c341b25e2b3febec0955e3d8163f3ecd3c3ccfff800f0608", + "1627c2372a603ac231a8709998ab1bf1096dea2e014cadd145afcf1dc550337e", + "20edee9146f0772dac4efb13e92b9aa0c267c95ae509d751c8a991f0a95d0d2b" + ], + "mitre_attack_tags": [] + }, + { + "bi": "nginx-webserver-detected", + "hashes": [ + "37dae85fa1f091a9c4270b77c628f46f559a8ed9d7a8302278ed348fbfa9fec0", + "049c2426192d0e9d1fc2db3ebd48e07166dab4e0c840b22d0f45ede076f61389", + "1930371eb1a0cec8e5b7311f5476053304cff52572d3304cb71044159d7711ed", + "3bd0b289aa4a812494c325fe9364eacbc1e800e312d9048db9bc48c49ced3523", + "44a965a9c0f214704c2cd8c993ed701347e0fcd81132d4ee7085b22fe5031d48", + "341822381fec4eaec4d7735ccd63c250f7a93caab334cd6b44d3a7c7f623ef39", + "22ff13fa4513f554f10b6a38ee3f642cb2996788e4c6c4cfbed2962118ef73fd", + "19f84524d2718c165108376091927e42b63e2c8da8c2f92a37ae4c9c8d9275da", + "2b307f42f7cf30065cce12063b3bcb8803a1e19d4aa73792f440b0f80c91fcf3", + "4c044cec574a1b83c341b25e2b3febec0955e3d8163f3ecd3c3ccfff800f0608", + "20edee9146f0772dac4efb13e92b9aa0c267c95ae509d751c8a991f0a95d0d2b" + ], + "mitre_attack_tags": [] + }, + { + "bi": "registry-autorun-key-modified", + "hashes": [ + "37dae85fa1f091a9c4270b77c628f46f559a8ed9d7a8302278ed348fbfa9fec0", + "049c2426192d0e9d1fc2db3ebd48e07166dab4e0c840b22d0f45ede076f61389", + "01bc3645259d6553ae26142e215713d74a4ab9b72ce70a0e407ef0b0c24f3a78", + "1930371eb1a0cec8e5b7311f5476053304cff52572d3304cb71044159d7711ed", + "3bd0b289aa4a812494c325fe9364eacbc1e800e312d9048db9bc48c49ced3523", + "44a965a9c0f214704c2cd8c993ed701347e0fcd81132d4ee7085b22fe5031d48", + "341822381fec4eaec4d7735ccd63c250f7a93caab334cd6b44d3a7c7f623ef39", + "22ff13fa4513f554f10b6a38ee3f642cb2996788e4c6c4cfbed2962118ef73fd", + "19f84524d2718c165108376091927e42b63e2c8da8c2f92a37ae4c9c8d9275da", + "2b307f42f7cf30065cce12063b3bcb8803a1e19d4aa73792f440b0f80c91fcf3", + "4c044cec574a1b83c341b25e2b3febec0955e3d8163f3ecd3c3ccfff800f0608" + ], + "mitre_attack_tags": [ + "TA0003", + "T1060" + ] + }, + { + "bi": "pe-invalid-checksum", + "hashes": [ + "3d7043f6f4bd7a68f0829df9bacf696dc7e9ea36f5642a35efc197b98612f0e5", + "378819dbd951424471777f89811e16d58010b1161254b4b74bdf487861e5a5f7", + "0f07c570d967fdd014a1990c6b0bddaa8d0e096841faa93f3afdc1f55779d868", + "21eb0a07f6cbdaa846bc90ada59c653873674d1c417e86bad60619f28ce86102", + "46d1fa84a261bf0f281f59544a2d5175091c2a672864ed93301558cd80b82b3f", + "346a4804c4c61e3573b96fbfc1c3912087f2f68c01e4d50ba24e1e80c3aad02f", + "31eeee772b983f6553c1721920e8a9c4ffd4f9c9197ab8161d278347ac538f0a", + "1be801bcfc361a65283c4e8d07d2217d35a5ba9d356496a6c4f87043fc356f58", + "0d8f3110fbd771989644939a3b0fcff866870ff88c05df7ee5a1235e4c4749f8", + "2c45116ab57056f76d28d7a8929f1033bfdaaaaf2bf4a443ff150d75ae2b6013", + "1627c2372a603ac231a8709998ab1bf1096dea2e014cadd145afcf1dc550337e" + ], + "mitre_attack_tags": [] + }, + { + "bi": "created-executable-in-user-dir", + "hashes": [ + "0f07c570d967fdd014a1990c6b0bddaa8d0e096841faa93f3afdc1f55779d868", + "21eb0a07f6cbdaa846bc90ada59c653873674d1c417e86bad60619f28ce86102", + "346a4804c4c61e3573b96fbfc1c3912087f2f68c01e4d50ba24e1e80c3aad02f", + "1be801bcfc361a65283c4e8d07d2217d35a5ba9d356496a6c4f87043fc356f58", + "0d8f3110fbd771989644939a3b0fcff866870ff88c05df7ee5a1235e4c4749f8", + "19f84524d2718c165108376091927e42b63e2c8da8c2f92a37ae4c9c8d9275da", + "2b307f42f7cf30065cce12063b3bcb8803a1e19d4aa73792f440b0f80c91fcf3", + "2c45116ab57056f76d28d7a8929f1033bfdaaaaf2bf4a443ff150d75ae2b6013", + "4c044cec574a1b83c341b25e2b3febec0955e3d8163f3ecd3c3ccfff800f0608", + "1627c2372a603ac231a8709998ab1bf1096dea2e014cadd145afcf1dc550337e", + "20edee9146f0772dac4efb13e92b9aa0c267c95ae509d751c8a991f0a95d0d2b" + ], + "mitre_attack_tags": [] + }, + { + "bi": "network-fast-flux-domain", + "hashes": [ + "37dae85fa1f091a9c4270b77c628f46f559a8ed9d7a8302278ed348fbfa9fec0", + "049c2426192d0e9d1fc2db3ebd48e07166dab4e0c840b22d0f45ede076f61389", + "01bc3645259d6553ae26142e215713d74a4ab9b72ce70a0e407ef0b0c24f3a78", + "1930371eb1a0cec8e5b7311f5476053304cff52572d3304cb71044159d7711ed", + "3bd0b289aa4a812494c325fe9364eacbc1e800e312d9048db9bc48c49ced3523", + "44a965a9c0f214704c2cd8c993ed701347e0fcd81132d4ee7085b22fe5031d48", + "341822381fec4eaec4d7735ccd63c250f7a93caab334cd6b44d3a7c7f623ef39", + "22ff13fa4513f554f10b6a38ee3f642cb2996788e4c6c4cfbed2962118ef73fd", + "2b307f42f7cf30065cce12063b3bcb8803a1e19d4aa73792f440b0f80c91fcf3", + "4c044cec574a1b83c341b25e2b3febec0955e3d8163f3ecd3c3ccfff800f0608" + ], + "mitre_attack_tags": [] + }, + { + "bi": "feed-domain-banking", + "hashes": [ + "37dae85fa1f091a9c4270b77c628f46f559a8ed9d7a8302278ed348fbfa9fec0", + "049c2426192d0e9d1fc2db3ebd48e07166dab4e0c840b22d0f45ede076f61389", + "01bc3645259d6553ae26142e215713d74a4ab9b72ce70a0e407ef0b0c24f3a78", + "1930371eb1a0cec8e5b7311f5476053304cff52572d3304cb71044159d7711ed", + "3bd0b289aa4a812494c325fe9364eacbc1e800e312d9048db9bc48c49ced3523", + "44a965a9c0f214704c2cd8c993ed701347e0fcd81132d4ee7085b22fe5031d48", + "341822381fec4eaec4d7735ccd63c250f7a93caab334cd6b44d3a7c7f623ef39", + "22ff13fa4513f554f10b6a38ee3f642cb2996788e4c6c4cfbed2962118ef73fd", + "2b307f42f7cf30065cce12063b3bcb8803a1e19d4aa73792f440b0f80c91fcf3", + "4c044cec574a1b83c341b25e2b3febec0955e3d8163f3ecd3c3ccfff800f0608" + ], + "mitre_attack_tags": [] + }, + { + "bi": "url-not-found", + "hashes": [ + "37dae85fa1f091a9c4270b77c628f46f559a8ed9d7a8302278ed348fbfa9fec0", + "049c2426192d0e9d1fc2db3ebd48e07166dab4e0c840b22d0f45ede076f61389", + "1930371eb1a0cec8e5b7311f5476053304cff52572d3304cb71044159d7711ed", + "3bd0b289aa4a812494c325fe9364eacbc1e800e312d9048db9bc48c49ced3523", + "44a965a9c0f214704c2cd8c993ed701347e0fcd81132d4ee7085b22fe5031d48", + "22ff13fa4513f554f10b6a38ee3f642cb2996788e4c6c4cfbed2962118ef73fd", + "19f84524d2718c165108376091927e42b63e2c8da8c2f92a37ae4c9c8d9275da", + "2b307f42f7cf30065cce12063b3bcb8803a1e19d4aa73792f440b0f80c91fcf3", + "4c044cec574a1b83c341b25e2b3febec0955e3d8163f3ecd3c3ccfff800f0608" + ], + "mitre_attack_tags": [] + }, + { + "bi": "registry-large-data-entry", + "hashes": [ + "0f07c570d967fdd014a1990c6b0bddaa8d0e096841faa93f3afdc1f55779d868", + "21eb0a07f6cbdaa846bc90ada59c653873674d1c417e86bad60619f28ce86102", + "346a4804c4c61e3573b96fbfc1c3912087f2f68c01e4d50ba24e1e80c3aad02f", + "1be801bcfc361a65283c4e8d07d2217d35a5ba9d356496a6c4f87043fc356f58", + "0d8f3110fbd771989644939a3b0fcff866870ff88c05df7ee5a1235e4c4749f8", + "2b307f42f7cf30065cce12063b3bcb8803a1e19d4aa73792f440b0f80c91fcf3", + "2c45116ab57056f76d28d7a8929f1033bfdaaaaf2bf4a443ff150d75ae2b6013", + "4c044cec574a1b83c341b25e2b3febec0955e3d8163f3ecd3c3ccfff800f0608", + "1627c2372a603ac231a8709998ab1bf1096dea2e014cadd145afcf1dc550337e" + ], + "mitre_attack_tags": [ + "TA0005", + "T1112" + ] + }, + { + "bi": "network-file-uploaded", + "hashes": [ + "37dae85fa1f091a9c4270b77c628f46f559a8ed9d7a8302278ed348fbfa9fec0", + "049c2426192d0e9d1fc2db3ebd48e07166dab4e0c840b22d0f45ede076f61389", + "1930371eb1a0cec8e5b7311f5476053304cff52572d3304cb71044159d7711ed", + "3bd0b289aa4a812494c325fe9364eacbc1e800e312d9048db9bc48c49ced3523", + "44a965a9c0f214704c2cd8c993ed701347e0fcd81132d4ee7085b22fe5031d48", + "341822381fec4eaec4d7735ccd63c250f7a93caab334cd6b44d3a7c7f623ef39", + "22ff13fa4513f554f10b6a38ee3f642cb2996788e4c6c4cfbed2962118ef73fd", + "19f84524d2718c165108376091927e42b63e2c8da8c2f92a37ae4c9c8d9275da" + ], + "mitre_attack_tags": [ + "TA0010", + "T1011" + ] + }, + { + "bi": "network-communications-http-post", + "hashes": [ + "37dae85fa1f091a9c4270b77c628f46f559a8ed9d7a8302278ed348fbfa9fec0", + "049c2426192d0e9d1fc2db3ebd48e07166dab4e0c840b22d0f45ede076f61389", + "1930371eb1a0cec8e5b7311f5476053304cff52572d3304cb71044159d7711ed", + "3bd0b289aa4a812494c325fe9364eacbc1e800e312d9048db9bc48c49ced3523", + "44a965a9c0f214704c2cd8c993ed701347e0fcd81132d4ee7085b22fe5031d48", + "341822381fec4eaec4d7735ccd63c250f7a93caab334cd6b44d3a7c7f623ef39", + "22ff13fa4513f554f10b6a38ee3f642cb2996788e4c6c4cfbed2962118ef73fd", + "19f84524d2718c165108376091927e42b63e2c8da8c2f92a37ae4c9c8d9275da" + ], + "mitre_attack_tags": [ + "TA0011", + "TA0010", + "T1048" + ] + }, + { + "bi": "network-only-safe-domains-contacted", + "hashes": [ + "37dae85fa1f091a9c4270b77c628f46f559a8ed9d7a8302278ed348fbfa9fec0", + "049c2426192d0e9d1fc2db3ebd48e07166dab4e0c840b22d0f45ede076f61389", + "01bc3645259d6553ae26142e215713d74a4ab9b72ce70a0e407ef0b0c24f3a78", + "1930371eb1a0cec8e5b7311f5476053304cff52572d3304cb71044159d7711ed", + "3bd0b289aa4a812494c325fe9364eacbc1e800e312d9048db9bc48c49ced3523", + "44a965a9c0f214704c2cd8c993ed701347e0fcd81132d4ee7085b22fe5031d48", + "341822381fec4eaec4d7735ccd63c250f7a93caab334cd6b44d3a7c7f623ef39", + "22ff13fa4513f554f10b6a38ee3f642cb2996788e4c6c4cfbed2962118ef73fd" + ], + "mitre_attack_tags": [] + }, + { + "bi": "feed-domain-rat", + "hashes": [ + "37dae85fa1f091a9c4270b77c628f46f559a8ed9d7a8302278ed348fbfa9fec0", + "049c2426192d0e9d1fc2db3ebd48e07166dab4e0c840b22d0f45ede076f61389", + "01bc3645259d6553ae26142e215713d74a4ab9b72ce70a0e407ef0b0c24f3a78", + "1930371eb1a0cec8e5b7311f5476053304cff52572d3304cb71044159d7711ed", + "3bd0b289aa4a812494c325fe9364eacbc1e800e312d9048db9bc48c49ced3523", + "44a965a9c0f214704c2cd8c993ed701347e0fcd81132d4ee7085b22fe5031d48", + "341822381fec4eaec4d7735ccd63c250f7a93caab334cd6b44d3a7c7f623ef39", + "22ff13fa4513f554f10b6a38ee3f642cb2996788e4c6c4cfbed2962118ef73fd" + ], + "mitre_attack_tags": [] + }, + { + "bi": "deleted-submitted-file", + "hashes": [ + "37dae85fa1f091a9c4270b77c628f46f559a8ed9d7a8302278ed348fbfa9fec0", + "049c2426192d0e9d1fc2db3ebd48e07166dab4e0c840b22d0f45ede076f61389", + "01bc3645259d6553ae26142e215713d74a4ab9b72ce70a0e407ef0b0c24f3a78", + "1930371eb1a0cec8e5b7311f5476053304cff52572d3304cb71044159d7711ed", + "3bd0b289aa4a812494c325fe9364eacbc1e800e312d9048db9bc48c49ced3523", + "44a965a9c0f214704c2cd8c993ed701347e0fcd81132d4ee7085b22fe5031d48", + "341822381fec4eaec4d7735ccd63c250f7a93caab334cd6b44d3a7c7f623ef39", + "22ff13fa4513f554f10b6a38ee3f642cb2996788e4c6c4cfbed2962118ef73fd" + ], + "mitre_attack_tags": [ + "TA0005", + "T1107" + ] + }, + { + "bi": "dns-public-server-contacted", + "hashes": [ + "37dae85fa1f091a9c4270b77c628f46f559a8ed9d7a8302278ed348fbfa9fec0", + "049c2426192d0e9d1fc2db3ebd48e07166dab4e0c840b22d0f45ede076f61389", + "01bc3645259d6553ae26142e215713d74a4ab9b72ce70a0e407ef0b0c24f3a78", + "1930371eb1a0cec8e5b7311f5476053304cff52572d3304cb71044159d7711ed", + "3bd0b289aa4a812494c325fe9364eacbc1e800e312d9048db9bc48c49ced3523", + "44a965a9c0f214704c2cd8c993ed701347e0fcd81132d4ee7085b22fe5031d48", + "341822381fec4eaec4d7735ccd63c250f7a93caab334cd6b44d3a7c7f623ef39", + "22ff13fa4513f554f10b6a38ee3f642cb2996788e4c6c4cfbed2962118ef73fd" + ], + "mitre_attack_tags": [ + "TA0011", + "TA0005" + ] + }, + { + "bi": "registry-hide-files", + "hashes": [ + "37dae85fa1f091a9c4270b77c628f46f559a8ed9d7a8302278ed348fbfa9fec0", + "049c2426192d0e9d1fc2db3ebd48e07166dab4e0c840b22d0f45ede076f61389", + "01bc3645259d6553ae26142e215713d74a4ab9b72ce70a0e407ef0b0c24f3a78", + "1930371eb1a0cec8e5b7311f5476053304cff52572d3304cb71044159d7711ed", + "3bd0b289aa4a812494c325fe9364eacbc1e800e312d9048db9bc48c49ced3523", + "44a965a9c0f214704c2cd8c993ed701347e0fcd81132d4ee7085b22fe5031d48", + "341822381fec4eaec4d7735ccd63c250f7a93caab334cd6b44d3a7c7f623ef39", + "22ff13fa4513f554f10b6a38ee3f642cb2996788e4c6c4cfbed2962118ef73fd" + ], + "mitre_attack_tags": [ + "TA0005", + "T1158" + ] + }, + { + "bi": "registry-autorun-key-modified-nt", + "hashes": [ + "37dae85fa1f091a9c4270b77c628f46f559a8ed9d7a8302278ed348fbfa9fec0", + "049c2426192d0e9d1fc2db3ebd48e07166dab4e0c840b22d0f45ede076f61389", + "01bc3645259d6553ae26142e215713d74a4ab9b72ce70a0e407ef0b0c24f3a78", + "1930371eb1a0cec8e5b7311f5476053304cff52572d3304cb71044159d7711ed", + "3bd0b289aa4a812494c325fe9364eacbc1e800e312d9048db9bc48c49ced3523", + "44a965a9c0f214704c2cd8c993ed701347e0fcd81132d4ee7085b22fe5031d48", + "341822381fec4eaec4d7735ccd63c250f7a93caab334cd6b44d3a7c7f623ef39", + "22ff13fa4513f554f10b6a38ee3f642cb2996788e4c6c4cfbed2962118ef73fd" + ], + "mitre_attack_tags": [ + "TA0003", + "T1060" + ] + }, + { + "bi": "registry-service-autostart-disabled", + "hashes": [ + "37dae85fa1f091a9c4270b77c628f46f559a8ed9d7a8302278ed348fbfa9fec0", + "049c2426192d0e9d1fc2db3ebd48e07166dab4e0c840b22d0f45ede076f61389", + "01bc3645259d6553ae26142e215713d74a4ab9b72ce70a0e407ef0b0c24f3a78", + "1930371eb1a0cec8e5b7311f5476053304cff52572d3304cb71044159d7711ed", + "3bd0b289aa4a812494c325fe9364eacbc1e800e312d9048db9bc48c49ced3523", + "44a965a9c0f214704c2cd8c993ed701347e0fcd81132d4ee7085b22fe5031d48", + "341822381fec4eaec4d7735ccd63c250f7a93caab334cd6b44d3a7c7f623ef39", + "22ff13fa4513f554f10b6a38ee3f642cb2996788e4c6c4cfbed2962118ef73fd" + ], + "mitre_attack_tags": [ + "TA0003", + "T1112", + "T1489", + "T1058" + ] + }, + { + "bi": "registry-disablesuac", + "hashes": [ + "37dae85fa1f091a9c4270b77c628f46f559a8ed9d7a8302278ed348fbfa9fec0", + "049c2426192d0e9d1fc2db3ebd48e07166dab4e0c840b22d0f45ede076f61389", + "01bc3645259d6553ae26142e215713d74a4ab9b72ce70a0e407ef0b0c24f3a78", + "1930371eb1a0cec8e5b7311f5476053304cff52572d3304cb71044159d7711ed", + "3bd0b289aa4a812494c325fe9364eacbc1e800e312d9048db9bc48c49ced3523", + "44a965a9c0f214704c2cd8c993ed701347e0fcd81132d4ee7085b22fe5031d48", + "341822381fec4eaec4d7735ccd63c250f7a93caab334cd6b44d3a7c7f623ef39", + "22ff13fa4513f554f10b6a38ee3f642cb2996788e4c6c4cfbed2962118ef73fd" + ], + "mitre_attack_tags": [ + "TA0005", + "TA0002", + "TA0004", + "T1088", + "T1089" + ] + }, + { + "bi": "registry-action-center-disabled", + "hashes": [ + "37dae85fa1f091a9c4270b77c628f46f559a8ed9d7a8302278ed348fbfa9fec0", + "049c2426192d0e9d1fc2db3ebd48e07166dab4e0c840b22d0f45ede076f61389", + "01bc3645259d6553ae26142e215713d74a4ab9b72ce70a0e407ef0b0c24f3a78", + "1930371eb1a0cec8e5b7311f5476053304cff52572d3304cb71044159d7711ed", + "3bd0b289aa4a812494c325fe9364eacbc1e800e312d9048db9bc48c49ced3523", + "44a965a9c0f214704c2cd8c993ed701347e0fcd81132d4ee7085b22fe5031d48", + "341822381fec4eaec4d7735ccd63c250f7a93caab334cd6b44d3a7c7f623ef39", + "22ff13fa4513f554f10b6a38ee3f642cb2996788e4c6c4cfbed2962118ef73fd" + ], + "mitre_attack_tags": [ + "TA0005", + "T1089" + ] + }, + { + "bi": "malware-chthonic-rat-detected", + "hashes": [ + "37dae85fa1f091a9c4270b77c628f46f559a8ed9d7a8302278ed348fbfa9fec0", + "049c2426192d0e9d1fc2db3ebd48e07166dab4e0c840b22d0f45ede076f61389", + "01bc3645259d6553ae26142e215713d74a4ab9b72ce70a0e407ef0b0c24f3a78", + "1930371eb1a0cec8e5b7311f5476053304cff52572d3304cb71044159d7711ed", + "3bd0b289aa4a812494c325fe9364eacbc1e800e312d9048db9bc48c49ced3523", + "44a965a9c0f214704c2cd8c993ed701347e0fcd81132d4ee7085b22fe5031d48", + "341822381fec4eaec4d7735ccd63c250f7a93caab334cd6b44d3a7c7f623ef39", + "22ff13fa4513f554f10b6a38ee3f642cb2996788e4c6c4cfbed2962118ef73fd" + ], + "mitre_attack_tags": [] + }, + { + "bi": "pe-imports-psapi-dll", + "hashes": [ + "0f07c570d967fdd014a1990c6b0bddaa8d0e096841faa93f3afdc1f55779d868", + "21eb0a07f6cbdaa846bc90ada59c653873674d1c417e86bad60619f28ce86102", + "346a4804c4c61e3573b96fbfc1c3912087f2f68c01e4d50ba24e1e80c3aad02f", + "1be801bcfc361a65283c4e8d07d2217d35a5ba9d356496a6c4f87043fc356f58", + "0d8f3110fbd771989644939a3b0fcff866870ff88c05df7ee5a1235e4c4749f8", + "19f84524d2718c165108376091927e42b63e2c8da8c2f92a37ae4c9c8d9275da", + "2c45116ab57056f76d28d7a8929f1033bfdaaaaf2bf4a443ff150d75ae2b6013", + "1627c2372a603ac231a8709998ab1bf1096dea2e014cadd145afcf1dc550337e" + ], + "mitre_attack_tags": [ + "TA0007", + "T1057" + ] + }, + { + "bi": "pe-imports-toolhelp", + "hashes": [ + "0f07c570d967fdd014a1990c6b0bddaa8d0e096841faa93f3afdc1f55779d868", + "21eb0a07f6cbdaa846bc90ada59c653873674d1c417e86bad60619f28ce86102", + "346a4804c4c61e3573b96fbfc1c3912087f2f68c01e4d50ba24e1e80c3aad02f", + "1be801bcfc361a65283c4e8d07d2217d35a5ba9d356496a6c4f87043fc356f58", + "0d8f3110fbd771989644939a3b0fcff866870ff88c05df7ee5a1235e4c4749f8", + "19f84524d2718c165108376091927e42b63e2c8da8c2f92a37ae4c9c8d9275da", + "2c45116ab57056f76d28d7a8929f1033bfdaaaaf2bf4a443ff150d75ae2b6013", + "1627c2372a603ac231a8709998ab1bf1096dea2e014cadd145afcf1dc550337e" + ], + "mitre_attack_tags": [ + "TA0007", + "T1057" + ] + }, + { + "bi": "pe-header-timestamp-prior", + "hashes": [ + "0f07c570d967fdd014a1990c6b0bddaa8d0e096841faa93f3afdc1f55779d868", + "21eb0a07f6cbdaa846bc90ada59c653873674d1c417e86bad60619f28ce86102", + "346a4804c4c61e3573b96fbfc1c3912087f2f68c01e4d50ba24e1e80c3aad02f", + "31eeee772b983f6553c1721920e8a9c4ffd4f9c9197ab8161d278347ac538f0a", + "1be801bcfc361a65283c4e8d07d2217d35a5ba9d356496a6c4f87043fc356f58", + "0d8f3110fbd771989644939a3b0fcff866870ff88c05df7ee5a1235e4c4749f8", + "2c45116ab57056f76d28d7a8929f1033bfdaaaaf2bf4a443ff150d75ae2b6013", + "1627c2372a603ac231a8709998ab1bf1096dea2e014cadd145afcf1dc550337e" + ], + "mitre_attack_tags": [] + }, + { + "bi": "pe-header-timestamp-null", + "hashes": [ + "0f07c570d967fdd014a1990c6b0bddaa8d0e096841faa93f3afdc1f55779d868", + "21eb0a07f6cbdaa846bc90ada59c653873674d1c417e86bad60619f28ce86102", + "346a4804c4c61e3573b96fbfc1c3912087f2f68c01e4d50ba24e1e80c3aad02f", + "31eeee772b983f6553c1721920e8a9c4ffd4f9c9197ab8161d278347ac538f0a", + "1be801bcfc361a65283c4e8d07d2217d35a5ba9d356496a6c4f87043fc356f58", + "0d8f3110fbd771989644939a3b0fcff866870ff88c05df7ee5a1235e4c4749f8", + "2c45116ab57056f76d28d7a8929f1033bfdaaaaf2bf4a443ff150d75ae2b6013", + "1627c2372a603ac231a8709998ab1bf1096dea2e014cadd145afcf1dc550337e" + ], + "mitre_attack_tags": [] + }, + { + "bi": "network-opendns-malicious", + "hashes": [ + "37dae85fa1f091a9c4270b77c628f46f559a8ed9d7a8302278ed348fbfa9fec0", + "049c2426192d0e9d1fc2db3ebd48e07166dab4e0c840b22d0f45ede076f61389", + "1930371eb1a0cec8e5b7311f5476053304cff52572d3304cb71044159d7711ed", + "3bd0b289aa4a812494c325fe9364eacbc1e800e312d9048db9bc48c49ced3523", + "44a965a9c0f214704c2cd8c993ed701347e0fcd81132d4ee7085b22fe5031d48", + "22ff13fa4513f554f10b6a38ee3f642cb2996788e4c6c4cfbed2962118ef73fd", + "19f84524d2718c165108376091927e42b63e2c8da8c2f92a37ae4c9c8d9275da" + ], + "mitre_attack_tags": [] + }, + { + "bi": "network-dns-upload-file", + "hashes": [ + "37dae85fa1f091a9c4270b77c628f46f559a8ed9d7a8302278ed348fbfa9fec0", + "049c2426192d0e9d1fc2db3ebd48e07166dab4e0c840b22d0f45ede076f61389", + "1930371eb1a0cec8e5b7311f5476053304cff52572d3304cb71044159d7711ed", + "3bd0b289aa4a812494c325fe9364eacbc1e800e312d9048db9bc48c49ced3523", + "44a965a9c0f214704c2cd8c993ed701347e0fcd81132d4ee7085b22fe5031d48", + "22ff13fa4513f554f10b6a38ee3f642cb2996788e4c6c4cfbed2962118ef73fd", + "19f84524d2718c165108376091927e42b63e2c8da8c2f92a37ae4c9c8d9275da" + ], + "mitre_attack_tags": [] + }, + { + "bi": "recycler-file-creation", + "hashes": [ + "0f07c570d967fdd014a1990c6b0bddaa8d0e096841faa93f3afdc1f55779d868", + "21eb0a07f6cbdaa846bc90ada59c653873674d1c417e86bad60619f28ce86102", + "346a4804c4c61e3573b96fbfc1c3912087f2f68c01e4d50ba24e1e80c3aad02f", + "1be801bcfc361a65283c4e8d07d2217d35a5ba9d356496a6c4f87043fc356f58", + "0d8f3110fbd771989644939a3b0fcff866870ff88c05df7ee5a1235e4c4749f8", + "2c45116ab57056f76d28d7a8929f1033bfdaaaaf2bf4a443ff150d75ae2b6013", + "1627c2372a603ac231a8709998ab1bf1096dea2e014cadd145afcf1dc550337e" + ], + "mitre_attack_tags": [ + "TA0005", + "T1027" + ] + }, + { + "bi": "pe-section-name-contains-whitespace", + "hashes": [ + "0f07c570d967fdd014a1990c6b0bddaa8d0e096841faa93f3afdc1f55779d868", + "21eb0a07f6cbdaa846bc90ada59c653873674d1c417e86bad60619f28ce86102", + "346a4804c4c61e3573b96fbfc1c3912087f2f68c01e4d50ba24e1e80c3aad02f", + "1be801bcfc361a65283c4e8d07d2217d35a5ba9d356496a6c4f87043fc356f58", + "0d8f3110fbd771989644939a3b0fcff866870ff88c05df7ee5a1235e4c4749f8", + "2c45116ab57056f76d28d7a8929f1033bfdaaaaf2bf4a443ff150d75ae2b6013", + "1627c2372a603ac231a8709998ab1bf1096dea2e014cadd145afcf1dc550337e" + ], + "mitre_attack_tags": [] + }, + { + "bi": "process-check-deep-freeze", + "hashes": [ + "0f07c570d967fdd014a1990c6b0bddaa8d0e096841faa93f3afdc1f55779d868", + "21eb0a07f6cbdaa846bc90ada59c653873674d1c417e86bad60619f28ce86102", + "346a4804c4c61e3573b96fbfc1c3912087f2f68c01e4d50ba24e1e80c3aad02f", + "1be801bcfc361a65283c4e8d07d2217d35a5ba9d356496a6c4f87043fc356f58", + "0d8f3110fbd771989644939a3b0fcff866870ff88c05df7ee5a1235e4c4749f8", + "2c45116ab57056f76d28d7a8929f1033bfdaaaaf2bf4a443ff150d75ae2b6013", + "1627c2372a603ac231a8709998ab1bf1096dea2e014cadd145afcf1dc550337e" + ], + "mitre_attack_tags": [ + "TA0007", + "T1497" + ] + }, + { + "bi": "process-check-analysis-tools", + "hashes": [ + "0f07c570d967fdd014a1990c6b0bddaa8d0e096841faa93f3afdc1f55779d868", + "21eb0a07f6cbdaa846bc90ada59c653873674d1c417e86bad60619f28ce86102", + "346a4804c4c61e3573b96fbfc1c3912087f2f68c01e4d50ba24e1e80c3aad02f", + "1be801bcfc361a65283c4e8d07d2217d35a5ba9d356496a6c4f87043fc356f58", + "0d8f3110fbd771989644939a3b0fcff866870ff88c05df7ee5a1235e4c4749f8", + "2c45116ab57056f76d28d7a8929f1033bfdaaaaf2bf4a443ff150d75ae2b6013", + "1627c2372a603ac231a8709998ab1bf1096dea2e014cadd145afcf1dc550337e" + ], + "mitre_attack_tags": [ + "TA0007", + "T1497" + ] + }, + { + "bi": "dns-excessive-domain-queries", + "hashes": [ + "37dae85fa1f091a9c4270b77c628f46f559a8ed9d7a8302278ed348fbfa9fec0", + "049c2426192d0e9d1fc2db3ebd48e07166dab4e0c840b22d0f45ede076f61389", + "1930371eb1a0cec8e5b7311f5476053304cff52572d3304cb71044159d7711ed", + "3bd0b289aa4a812494c325fe9364eacbc1e800e312d9048db9bc48c49ced3523", + "44a965a9c0f214704c2cd8c993ed701347e0fcd81132d4ee7085b22fe5031d48", + "22ff13fa4513f554f10b6a38ee3f642cb2996788e4c6c4cfbed2962118ef73fd" + ], + "mitre_attack_tags": [ + "TA0011", + "T1008" + ] + }, + { + "bi": "altered-sample-dns-flagged", + "hashes": [ + "37dae85fa1f091a9c4270b77c628f46f559a8ed9d7a8302278ed348fbfa9fec0", + "049c2426192d0e9d1fc2db3ebd48e07166dab4e0c840b22d0f45ede076f61389", + "1930371eb1a0cec8e5b7311f5476053304cff52572d3304cb71044159d7711ed", + "3bd0b289aa4a812494c325fe9364eacbc1e800e312d9048db9bc48c49ced3523", + "44a965a9c0f214704c2cd8c993ed701347e0fcd81132d4ee7085b22fe5031d48", + "22ff13fa4513f554f10b6a38ee3f642cb2996788e4c6c4cfbed2962118ef73fd" + ], + "mitre_attack_tags": [ + "TA0005", + "T1102" + ] + }, + { + "bi": "dns-query-nxdomain", + "hashes": [ + "01bc3645259d6553ae26142e215713d74a4ab9b72ce70a0e407ef0b0c24f3a78", + "19f84524d2718c165108376091927e42b63e2c8da8c2f92a37ae4c9c8d9275da", + "2b307f42f7cf30065cce12063b3bcb8803a1e19d4aa73792f440b0f80c91fcf3", + "4c044cec574a1b83c341b25e2b3febec0955e3d8163f3ecd3c3ccfff800f0608", + "20edee9146f0772dac4efb13e92b9aa0c267c95ae509d751c8a991f0a95d0d2b" + ], + "mitre_attack_tags": [] + }, + { + "bi": "registry-autorun-key-data-dir", + "hashes": [ + "19f84524d2718c165108376091927e42b63e2c8da8c2f92a37ae4c9c8d9275da", + "2b307f42f7cf30065cce12063b3bcb8803a1e19d4aa73792f440b0f80c91fcf3", + "4c044cec574a1b83c341b25e2b3febec0955e3d8163f3ecd3c3ccfff800f0608" + ], + "mitre_attack_tags": [ + "TA0003", + "T1060" + ] + }, + { + "bi": "network-communications-http-get", + "hashes": [ + "2b307f42f7cf30065cce12063b3bcb8803a1e19d4aa73792f440b0f80c91fcf3", + "4c044cec574a1b83c341b25e2b3febec0955e3d8163f3ecd3c3ccfff800f0608", + "20edee9146f0772dac4efb13e92b9aa0c267c95ae509d751c8a991f0a95d0d2b" + ], + "mitre_attack_tags": [ + "TA0011", + "TA0010", + "T1105", + "T1043" + ] + }, + { + "bi": "network-fast-flux-nameserver", + "hashes": [ + "01bc3645259d6553ae26142e215713d74a4ab9b72ce70a0e407ef0b0c24f3a78", + "2b307f42f7cf30065cce12063b3bcb8803a1e19d4aa73792f440b0f80c91fcf3" + ], + "mitre_attack_tags": [] + }, + { + "bi": "netbios-query", + "hashes": [ + "01bc3645259d6553ae26142e215713d74a4ab9b72ce70a0e407ef0b0c24f3a78", + "20edee9146f0772dac4efb13e92b9aa0c267c95ae509d751c8a991f0a95d0d2b" + ], + "mitre_attack_tags": [] + }, + { + "bi": "process-long-cmdline", + "hashes": [ + "2b307f42f7cf30065cce12063b3bcb8803a1e19d4aa73792f440b0f80c91fcf3", + "4c044cec574a1b83c341b25e2b3febec0955e3d8163f3ecd3c3ccfff800f0608" + ], + "mitre_attack_tags": [ + "TA0005", + "T1027" + ] + }, + { + "bi": "network-snort-server", + "hashes": [ + "2b307f42f7cf30065cce12063b3bcb8803a1e19d4aa73792f440b0f80c91fcf3", + "4c044cec574a1b83c341b25e2b3febec0955e3d8163f3ecd3c3ccfff800f0608" + ], + "mitre_attack_tags": [] + }, + { + "bi": "network-snort-protocol", + "hashes": [ + "2b307f42f7cf30065cce12063b3bcb8803a1e19d4aa73792f440b0f80c91fcf3", + "4c044cec574a1b83c341b25e2b3febec0955e3d8163f3ecd3c3ccfff800f0608" + ], + "mitre_attack_tags": [] + }, + { + "bi": "files-deleted-used-batch", + "hashes": [ + "2b307f42f7cf30065cce12063b3bcb8803a1e19d4aa73792f440b0f80c91fcf3", + "4c044cec574a1b83c341b25e2b3febec0955e3d8163f3ecd3c3ccfff800f0608" + ], + "mitre_attack_tags": [ + "TA0005", + "T1107" + ] + }, + { + "bi": "cmd-exe-file-execution", + "hashes": [ + "2b307f42f7cf30065cce12063b3bcb8803a1e19d4aa73792f440b0f80c91fcf3", + "4c044cec574a1b83c341b25e2b3febec0955e3d8163f3ecd3c3ccfff800f0608" + ], + "mitre_attack_tags": [ + "TA0002", + "T1059" + ] + }, + { + "bi": "http-response-redirect", + "hashes": [ + "2b307f42f7cf30065cce12063b3bcb8803a1e19d4aa73792f440b0f80c91fcf3", + "4c044cec574a1b83c341b25e2b3febec0955e3d8163f3ecd3c3ccfff800f0608" + ], + "mitre_attack_tags": [] + }, + { + "bi": "script-contains-url", + "hashes": [ + "2b307f42f7cf30065cce12063b3bcb8803a1e19d4aa73792f440b0f80c91fcf3", + "4c044cec574a1b83c341b25e2b3febec0955e3d8163f3ecd3c3ccfff800f0608" + ], + "mitre_attack_tags": [] + }, + { + "bi": "registry-windows-defender-exclusions-added", + "hashes": [ + "2b307f42f7cf30065cce12063b3bcb8803a1e19d4aa73792f440b0f80c91fcf3", + "4c044cec574a1b83c341b25e2b3febec0955e3d8163f3ecd3c3ccfff800f0608" + ], + "mitre_attack_tags": [ + "TA0005", + "T1089" + ] + }, + { + "bi": "network-explorer-process", + "hashes": [ + "2b307f42f7cf30065cce12063b3bcb8803a1e19d4aa73792f440b0f80c91fcf3", + "4c044cec574a1b83c341b25e2b3febec0955e3d8163f3ecd3c3ccfff800f0608" + ], + "mitre_attack_tags": [ + "TA0011", + "TA0005", + "T1055" + ] + }, + { + "bi": "firefox-prefs-modified", + "hashes": [ + "2b307f42f7cf30065cce12063b3bcb8803a1e19d4aa73792f440b0f80c91fcf3", + "4c044cec574a1b83c341b25e2b3febec0955e3d8163f3ecd3c3ccfff800f0608" + ], + "mitre_attack_tags": [ + "TA0009" + ] + }, + { + "bi": "malware-ursnif-detected", + "hashes": [ + "2b307f42f7cf30065cce12063b3bcb8803a1e19d4aa73792f440b0f80c91fcf3", + "4c044cec574a1b83c341b25e2b3febec0955e3d8163f3ecd3c3ccfff800f0608" + ], + "mitre_attack_tags": [] + }, + { + "bi": "malware-ursnif-bypass-check-detected", + "hashes": [ + "2b307f42f7cf30065cce12063b3bcb8803a1e19d4aa73792f440b0f80c91fcf3", + "4c044cec574a1b83c341b25e2b3febec0955e3d8163f3ecd3c3ccfff800f0608" + ], + "mitre_attack_tags": [] + }, + { + "bi": "url-gate-php", + "hashes": [ + "341822381fec4eaec4d7735ccd63c250f7a93caab334cd6b44d3a7c7f623ef39" + ], + "mitre_attack_tags": [ + "TA0011", + "T1071" + ] + }, + { + "bi": "excessive-foreign-memory-modification", + "hashes": [ + "2c35fea69feeff1bd9031260d8c11a46473c82fb5be8cbe185eb486fb5f72c84" + ], + "mitre_attack_tags": [ + "TA0005", + "T1055" + ] + }, + { + "bi": "windows-crash-tool-execution-detected", + "hashes": [ + "2c35fea69feeff1bd9031260d8c11a46473c82fb5be8cbe185eb486fb5f72c84" + ], + "mitre_attack_tags": [] + }, + { + "bi": "crash-dump-file-created", + "hashes": [ + "2c35fea69feeff1bd9031260d8c11a46473c82fb5be8cbe185eb486fb5f72c84" + ], + "mitre_attack_tags": [] + }, + { + "bi": "fake-recycler-folder-creation", + "hashes": [ + "2c35fea69feeff1bd9031260d8c11a46473c82fb5be8cbe185eb486fb5f72c84" + ], + "mitre_attack_tags": [ + "TA0005", + "T1036" + ] + }, + { + "bi": "process-explorer-suspicious-launch", + "hashes": [ + "2c35fea69feeff1bd9031260d8c11a46473c82fb5be8cbe185eb486fb5f72c84" + ], + "mitre_attack_tags": [ + "TA0005", + "T1055" + ] + }, + { + "bi": "fault-report-file-created", + "hashes": [ + "2c35fea69feeff1bd9031260d8c11a46473c82fb5be8cbe185eb486fb5f72c84" + ], + "mitre_attack_tags": [] + }, + { + "bi": "pe-uses-armadillo", + "hashes": [ + "19f84524d2718c165108376091927e42b63e2c8da8c2f92a37ae4c9c8d9275da" + ], + "mitre_attack_tags": [ + "TA0005", + "T1027" + ] + }, + { + "bi": "sample-launched-copy-of-self", + "hashes": [ + "19f84524d2718c165108376091927e42b63e2c8da8c2f92a37ae4c9c8d9275da" + ], + "mitre_attack_tags": [ + "TA0005", + "T1202" + ] + }, + { + "bi": "sample-launched-copy-domain-flagged", + "hashes": [ + "19f84524d2718c165108376091927e42b63e2c8da8c2f92a37ae4c9c8d9275da" + ], + "mitre_attack_tags": [ + "TA0005", + "T1102" + ] + }, + { + "bi": "artifact-vm-detect", + "hashes": [ + "19f84524d2718c165108376091927e42b63e2c8da8c2f92a37ae4c9c8d9275da" + ], + "mitre_attack_tags": [ + "TA0005", + "T1497" + ] + }, + { + "bi": "unsigned-roaming-execution", + "hashes": [ + "19f84524d2718c165108376091927e42b63e2c8da8c2f92a37ae4c9c8d9275da" + ], + "mitre_attack_tags": [ + "TA0005" + ] + }, + { + "bi": "artifact-memory-vm-detect", + "hashes": [ + "19f84524d2718c165108376091927e42b63e2c8da8c2f92a37ae4c9c8d9275da" + ], + "mitre_attack_tags": [ + "TA0005", + "T1497" + ] + }, + { + "bi": "windows-utility-downloaded-artifact", + "hashes": [ + "2b307f42f7cf30065cce12063b3bcb8803a1e19d4aa73792f440b0f80c91fcf3" + ], + "mitre_attack_tags": [ + "TA0011", + "T1105" + ] + }, + { + "bi": "artifact-flagged-anomaly", + "hashes": [ + "20edee9146f0772dac4efb13e92b9aa0c267c95ae509d751c8a991f0a95d0d2b" + ], + "mitre_attack_tags": [ + "TA0005", + "T1027" + ] + }, + { + "bi": "network-dns-category-parked-domain", + "hashes": [ + "20edee9146f0772dac4efb13e92b9aa0c267c95ae509d751c8a991f0a95d0d2b" + ], + "mitre_attack_tags": [] + }, + { + "bi": "suspicious-user-agent", + "hashes": [ + "20edee9146f0772dac4efb13e92b9aa0c267c95ae509d751c8a991f0a95d0d2b" + ], + "mitre_attack_tags": [ + "TA0011", + "T1071" + ] + }, + { + "bi": "listening-port-opened", + "hashes": [ + "20edee9146f0772dac4efb13e92b9aa0c267c95ae509d751c8a991f0a95d0d2b" + ], + "mitre_attack_tags": [ + "TA0011", + "T1219" + ] + }, + { + "bi": "artifact-windows-task", + "hashes": [ + "20edee9146f0772dac4efb13e92b9aa0c267c95ae509d751c8a991f0a95d0d2b" + ], + "mitre_attack_tags": [ + "TA0002", + "TA0003", + "T1053" + ] + }, + { + "bi": "network-dns-category-proxy", + "hashes": [ + "20edee9146f0772dac4efb13e92b9aa0c267c95ae509d751c8a991f0a95d0d2b" + ], + "mitre_attack_tags": [] + }, + { + "bi": "modified-file-in-program-dir", + "hashes": [ + "20edee9146f0772dac4efb13e92b9aa0c267c95ae509d751c8a991f0a95d0d2b" + ], + "mitre_attack_tags": [] + }, + { + "bi": "file-ini-modified", + "hashes": [ + "20edee9146f0772dac4efb13e92b9aa0c267c95ae509d751c8a991f0a95d0d2b" + ], + "mitre_attack_tags": [ + "TA0003" + ] + }, + { + "bi": "task-ran-using-system-account", + "hashes": [ + "20edee9146f0772dac4efb13e92b9aa0c267c95ae509d751c8a991f0a95d0d2b" + ], + "mitre_attack_tags": [ + "TA0002", + "TA0003", + "TA0004", + "T1053" + ] + }, + { + "bi": "command-deleted-shadow-copy", + "hashes": [ + "20edee9146f0772dac4efb13e92b9aa0c267c95ae509d751c8a991f0a95d0d2b" + ], + "mitre_attack_tags": [ + "TA0005", + "T1490" + ] + }, + { + "bi": "malware-generic-ransomware-entropy", + "hashes": [ + "20edee9146f0772dac4efb13e92b9aa0c267c95ae509d751c8a991f0a95d0d2b" + ], + "mitre_attack_tags": [] + }, + { + "bi": "malware-generic-ransomware-backup-del", + "hashes": [ + "20edee9146f0772dac4efb13e92b9aa0c267c95ae509d751c8a991f0a95d0d2b" + ], + "mitre_attack_tags": [] + }, + { + "bi": "feed-domain-ransomware", + "hashes": [ + "20edee9146f0772dac4efb13e92b9aa0c267c95ae509d751c8a991f0a95d0d2b" + ], + "mitre_attack_tags": [] + }, + { + "bi": "html-js-uses-window-open", + "hashes": [ + "20edee9146f0772dac4efb13e92b9aa0c267c95ae509d751c8a991f0a95d0d2b" + ], + "mitre_attack_tags": [ + "TA0001", + "T1189" + ] + }, + { + "bi": "js-contains-massive-strings", + "hashes": [ + "20edee9146f0772dac4efb13e92b9aa0c267c95ae509d751c8a991f0a95d0d2b" + ], + "mitre_attack_tags": [ + "TA0005", + "T1027" + ] + }, + { + "bi": "malware-generic-ransomware", + "hashes": [ + "20edee9146f0772dac4efb13e92b9aa0c267c95ae509d751c8a991f0a95d0d2b" + ], + "mitre_attack_tags": [] + }, + { + "bi": "network-communications-tor", + "hashes": [ + "20edee9146f0772dac4efb13e92b9aa0c267c95ae509d751c8a991f0a95d0d2b" + ], + "mitre_attack_tags": [ + "TA0011", + "T1079", + "T1188" + ] + }, + { + "bi": "malware-ransomware-ctb-locker", + "hashes": [ + "20edee9146f0772dac4efb13e92b9aa0c267c95ae509d751c8a991f0a95d0d2b" + ], + "mitre_attack_tags": [] + } + ], + "category": "Trojan", + "coverage": { + "AMP": true, + "CWS": true, + "Cloudlock": false, + "Email Security": true, + "Network Security": true, + "Threat Grid": true, + "Umbrella": true, + "WSA": true + }, + "description": "Mikey is a trojan that installs itself on the system, collects information and communicates with a C2 server, potentially exfiltrating sensitive information. This threats can also receive additional commands and perform other malicious actions on the system such as installing additional malware upon request.", + "hashes": [ + "01bc3645259d6553ae26142e215713d74a4ab9b72ce70a0e407ef0b0c24f3a78", + "049c2426192d0e9d1fc2db3ebd48e07166dab4e0c840b22d0f45ede076f61389", + "0d8f3110fbd771989644939a3b0fcff866870ff88c05df7ee5a1235e4c4749f8", + "0f07c570d967fdd014a1990c6b0bddaa8d0e096841faa93f3afdc1f55779d868", + "1627c2372a603ac231a8709998ab1bf1096dea2e014cadd145afcf1dc550337e", + "1930371eb1a0cec8e5b7311f5476053304cff52572d3304cb71044159d7711ed", + "19b2f654cd22a980242d96f861693c1a0d838df3d3627fb5247edf615badedea", + "19f84524d2718c165108376091927e42b63e2c8da8c2f92a37ae4c9c8d9275da", + "1be801bcfc361a65283c4e8d07d2217d35a5ba9d356496a6c4f87043fc356f58", + "20edee9146f0772dac4efb13e92b9aa0c267c95ae509d751c8a991f0a95d0d2b", + "21eb0a07f6cbdaa846bc90ada59c653873674d1c417e86bad60619f28ce86102", + "22ff13fa4513f554f10b6a38ee3f642cb2996788e4c6c4cfbed2962118ef73fd", + "2b307f42f7cf30065cce12063b3bcb8803a1e19d4aa73792f440b0f80c91fcf3", + "2c35fea69feeff1bd9031260d8c11a46473c82fb5be8cbe185eb486fb5f72c84", + "2c45116ab57056f76d28d7a8929f1033bfdaaaaf2bf4a443ff150d75ae2b6013", + "31eeee772b983f6553c1721920e8a9c4ffd4f9c9197ab8161d278347ac538f0a", + "341822381fec4eaec4d7735ccd63c250f7a93caab334cd6b44d3a7c7f623ef39", + "346a4804c4c61e3573b96fbfc1c3912087f2f68c01e4d50ba24e1e80c3aad02f", + "378819dbd951424471777f89811e16d58010b1161254b4b74bdf487861e5a5f7", + "37dae85fa1f091a9c4270b77c628f46f559a8ed9d7a8302278ed348fbfa9fec0", + "3bd0b289aa4a812494c325fe9364eacbc1e800e312d9048db9bc48c49ced3523", + "3d7043f6f4bd7a68f0829df9bacf696dc7e9ea36f5642a35efc197b98612f0e5", + "44a965a9c0f214704c2cd8c993ed701347e0fcd81132d4ee7085b22fe5031d48", + "46d1fa84a261bf0f281f59544a2d5175091c2a672864ed93301558cd80b82b3f", + "4c044cec574a1b83c341b25e2b3febec0955e3d8163f3ecd3c3ccfff800f0608", + "4c397965def4df7897e68d1ce762d2e02b080d89e068752d37b70c91aea58cea", + "52c0ba53e01fd69d9ae140cf37b361c778cbf4723e12d57b7df9e41f61c927b7", + "55a1eded6acb9e55ee143b77df938ed4e6cc3ed8574ffa50d248374221e76ef9", + "568a37db692d1e9f015fe640e2cc6bd5188705fd4f94e0ad2b6e3e9c068d2d5a", + "631adefa8ebcb6f0e8f0189b47c041dab7fc8ae1f12a1e896e40c6da714e585c", + "63fda55e63bf5edd39706c2a96fc85130f8d34e8000cd3d63d9c84ae7eea551e", + "66d77bed46642eb9bb7ac96ea3ed48e650293cf7b8e2edee7f31a59eaafa370f", + "6b20b478b7f26138a5c46786cf866bd3001435ec87e64a6772b75ac5c91e14f8", + "6b3169daadd2d52c674794c66c0170dff7a7c1d8d2e716511c80ceba428a15d2", + "6b6abf2811b5016b4fc4f9f2c6dc608088faef61ca138a67dddb4d32097d1a24", + "6c2cb620ae462499cb5e59d53723c684925718bfc3bbec659e307201c6cd0935", + "7479ba884a2998019d546453ce23f77bafa6394c1147808aa94184d3e290535b", + "76640f4811f85f98de27354e81855fc2ef940bec413e9d0e9cd627f2ae26af87", + "7a1b542fc68238cbac3e93424d1e97e33ba24c6c6234d8179fafbd2e800c1694", + "7b56b22a25a5af33c0cdb30320c4d32e1816c0cd9f0ba9c881595cce2448727c", + "7b9210357c3b0eb159f3cd54a8170ad3571f98bbc97fdbba8d9db652d27db000", + "7c7c582ce7bbd8f1d3e6c6d0527b1177eef07e9565541f253a774fb3f0dddb2d", + "824154245416bd167a5b2b9c2e3345185434743976f983c881502590b959da2f", + "8663f70c11b52d3fe0d7ca7bf703ae6224f363e3f4c41e898d3db63537c500aa", + "874760bbc316b12098de4683a5fb691655e6eb85f81a3b0deaa79b35f9c87ae3", + "8acf2147344ce830ccb78cdbfdfb1fafc63041806800a435610c2d3cd1f6508a", + "8c3d54f5b451b52f072fc514f57017b1ed2033d896300e6d8abd1063b0d070a7", + "90943ab6d847695836961498aed2552d9469a1397e3106beb326b037f1812c4c", + "99ce0fe8d7f57532685d8dcd60fc8ffcdd06a0353e9892ba42d32060fb399160", + "a37b732b69a5603a76636b16da5f2728c6b888d09599127863774fa6fcd990bf", + "a777ab5e9552e593b128e65f051c0ac18614eb8ab285deb9950f58ab91099023", + "a9cda5d034deac962c85eb092a21ba5dc1127612218d9bc6cc7d6f95220e30a0", + "ad40d945da5ae0f56cdce2b942d04b24424c3c59b0bb1a1df2e93de952f96d59", + "affa7053b5990a106cb313dadc33de50dd8448bd683973b16c561c31d353d101", + "b5681dd1261e6aaaa08f0fce54b4df414773f4bec0badac5605e167e8cd23e52", + "ba7d6c78533ccaf1fc7a0fd48a9e9c8f02b127cd800864a7c34a10d470320b01", + "c6e34427ce0ce3141e4b1a67f27d4803e50d5e8645bd6f65cc4c6df897f8a64c", + "c816a718eb2daebcaff4de87ff8e0e2f070cb91dc36afbc5aeeba9f009cb5aa8", + "c980f4f7feb810e747de84eaae7c94b708df87797d29509eeea5cb877b6b3a3c", + "dacfe3a0638415f33548b39be4fe9ec86c724ea32fb76a45e28a74ce508f93a3", + "df0790cea76cfd3cd22673b2321ef76d7ff39e94b14963a5f134eaab5f82cc93", + "e54c5a87c8c572defc415d4ebf15384f80a5c5711f7c4bd95b37154cffc03740", + "ea265bdae08481159e35d93cb126f6b198327ebf4a10a6ebbe2fdecdd97d3437", + "ea3b81dc922eb33fea5e18fc86124851a731136925be0eca79f295524cfe46e9", + "f0d66a69aa5351aa992b5ac5b20553906238029280dc56759f79c40488f04840", + "f2e5acff860faff7cb5af56cd01dc1dac7442312a3a441211827d2ccf99497d6", + "f391ba07f6cacdc2232ffcc2e7e103c0df6725504af796a969d66f20b4a90ff4", + "f749054c44aaa09a2afcf4c19fca389493f149ada5920bc0745de9b94fd8e2cb", + "fe909cf9e558ad24255402e5b9e1f16efe8f2daa2de49077012cc0199592d230" + ], + "iocs": { + "domain": [ + { + "hashes": [ + "01bc3645259d6553ae26142e215713d74a4ab9b72ce70a0e407ef0b0c24f3a78", + "049c2426192d0e9d1fc2db3ebd48e07166dab4e0c840b22d0f45ede076f61389", + "1930371eb1a0cec8e5b7311f5476053304cff52572d3304cb71044159d7711ed", + "22ff13fa4513f554f10b6a38ee3f642cb2996788e4c6c4cfbed2962118ef73fd", + "341822381fec4eaec4d7735ccd63c250f7a93caab334cd6b44d3a7c7f623ef39", + "37dae85fa1f091a9c4270b77c628f46f559a8ed9d7a8302278ed348fbfa9fec0", + "3bd0b289aa4a812494c325fe9364eacbc1e800e312d9048db9bc48c49ced3523", + "44a965a9c0f214704c2cd8c993ed701347e0fcd81132d4ee7085b22fe5031d48" + ], + "host": "europe[.]pool[.]ntp[.]org" + }, + { + "hashes": [ + "049c2426192d0e9d1fc2db3ebd48e07166dab4e0c840b22d0f45ede076f61389", + "1930371eb1a0cec8e5b7311f5476053304cff52572d3304cb71044159d7711ed", + "19f84524d2718c165108376091927e42b63e2c8da8c2f92a37ae4c9c8d9275da", + "22ff13fa4513f554f10b6a38ee3f642cb2996788e4c6c4cfbed2962118ef73fd", + "37dae85fa1f091a9c4270b77c628f46f559a8ed9d7a8302278ed348fbfa9fec0", + "3bd0b289aa4a812494c325fe9364eacbc1e800e312d9048db9bc48c49ced3523", + "44a965a9c0f214704c2cd8c993ed701347e0fcd81132d4ee7085b22fe5031d48" + ], + "host": "bestbrightday[.]ru" + }, + { + "hashes": [ + "049c2426192d0e9d1fc2db3ebd48e07166dab4e0c840b22d0f45ede076f61389", + "1930371eb1a0cec8e5b7311f5476053304cff52572d3304cb71044159d7711ed", + "19f84524d2718c165108376091927e42b63e2c8da8c2f92a37ae4c9c8d9275da", + "22ff13fa4513f554f10b6a38ee3f642cb2996788e4c6c4cfbed2962118ef73fd", + "37dae85fa1f091a9c4270b77c628f46f559a8ed9d7a8302278ed348fbfa9fec0", + "3bd0b289aa4a812494c325fe9364eacbc1e800e312d9048db9bc48c49ced3523", + "44a965a9c0f214704c2cd8c993ed701347e0fcd81132d4ee7085b22fe5031d48" + ], + "host": "connect-support-server[.]ru" + }, + { + "hashes": [ + "049c2426192d0e9d1fc2db3ebd48e07166dab4e0c840b22d0f45ede076f61389", + "1930371eb1a0cec8e5b7311f5476053304cff52572d3304cb71044159d7711ed", + "22ff13fa4513f554f10b6a38ee3f642cb2996788e4c6c4cfbed2962118ef73fd", + "37dae85fa1f091a9c4270b77c628f46f559a8ed9d7a8302278ed348fbfa9fec0", + "3bd0b289aa4a812494c325fe9364eacbc1e800e312d9048db9bc48c49ced3523", + "44a965a9c0f214704c2cd8c993ed701347e0fcd81132d4ee7085b22fe5031d48" + ], + "host": "connect-s3892[.]ru" + }, + { + "hashes": [ + "01bc3645259d6553ae26142e215713d74a4ab9b72ce70a0e407ef0b0c24f3a78", + "341822381fec4eaec4d7735ccd63c250f7a93caab334cd6b44d3a7c7f623ef39" + ], + "host": "www[.]update[.]microsoft[.]com[.]nsatc[.]net" + }, + { + "hashes": [ + "2b307f42f7cf30065cce12063b3bcb8803a1e19d4aa73792f440b0f80c91fcf3", + "4c044cec574a1b83c341b25e2b3febec0955e3d8163f3ecd3c3ccfff800f0608" + ], + "host": "constitution[.]org" + }, + { + "hashes": [ + "2b307f42f7cf30065cce12063b3bcb8803a1e19d4aa73792f440b0f80c91fcf3", + "4c044cec574a1b83c341b25e2b3febec0955e3d8163f3ecd3c3ccfff800f0608" + ], + "host": "whenconsentcombexperhis[.]ru" + }, + { + "hashes": [ + "20edee9146f0772dac4efb13e92b9aa0c267c95ae509d751c8a991f0a95d0d2b" + ], + "host": "www[.]mydomaincontact[.]com" + }, + { + "hashes": [ + "20edee9146f0772dac4efb13e92b9aa0c267c95ae509d751c8a991f0a95d0d2b" + ], + "host": "www[.]torproject[.]org" + }, + { + "hashes": [ + "20edee9146f0772dac4efb13e92b9aa0c267c95ae509d751c8a991f0a95d0d2b" + ], + "host": "ip[.]telize[.]com" + }, + { + "hashes": [ + "20edee9146f0772dac4efb13e92b9aa0c267c95ae509d751c8a991f0a95d0d2b" + ], + "host": "pf5dahldauhrjxfd[.]onion" + }, + { + "hashes": [ + "20edee9146f0772dac4efb13e92b9aa0c267c95ae509d751c8a991f0a95d0d2b" + ], + "host": "pf5dahldauhrjxfd[.]tor2web[.]org" + }, + { + "hashes": [ + "20edee9146f0772dac4efb13e92b9aa0c267c95ae509d751c8a991f0a95d0d2b" + ], + "host": "pf5dahldauhrjxfd[.]onion[.]cab" + }, + { + "hashes": [ + "341822381fec4eaec4d7735ccd63c250f7a93caab334cd6b44d3a7c7f623ef39" + ], + "host": "and4[.]junglebeariwtc1[.]com" + }, + { + "hashes": [ + "19f84524d2718c165108376091927e42b63e2c8da8c2f92a37ae4c9c8d9275da" + ], + "host": "paranormal-online-kino[.]ru" + }, + { + "hashes": [ + "01bc3645259d6553ae26142e215713d74a4ab9b72ce70a0e407ef0b0c24f3a78" + ], + "host": "pas2joux[.]info" + }, + { + "hashes": [ + "20edee9146f0772dac4efb13e92b9aa0c267c95ae509d751c8a991f0a95d0d2b" + ], + "host": "vgqisyuzmsa7cenq[.]onion[.]cab" + }, + { + "hashes": [ + "20edee9146f0772dac4efb13e92b9aa0c267c95ae509d751c8a991f0a95d0d2b" + ], + "host": "vgqisyuzmsa7cenq[.]onion[.]lt" + } + ], + "file": [ + { + "hashes": [ + "0d8f3110fbd771989644939a3b0fcff866870ff88c05df7ee5a1235e4c4749f8", + "0f07c570d967fdd014a1990c6b0bddaa8d0e096841faa93f3afdc1f55779d868", + "1627c2372a603ac231a8709998ab1bf1096dea2e014cadd145afcf1dc550337e", + "1be801bcfc361a65283c4e8d07d2217d35a5ba9d356496a6c4f87043fc356f58", + "21eb0a07f6cbdaa846bc90ada59c653873674d1c417e86bad60619f28ce86102", + "2c45116ab57056f76d28d7a8929f1033bfdaaaaf2bf4a443ff150d75ae2b6013", + "31eeee772b983f6553c1721920e8a9c4ffd4f9c9197ab8161d278347ac538f0a", + "346a4804c4c61e3573b96fbfc1c3912087f2f68c01e4d50ba24e1e80c3aad02f", + "378819dbd951424471777f89811e16d58010b1161254b4b74bdf487861e5a5f7", + "3d7043f6f4bd7a68f0829df9bacf696dc7e9ea36f5642a35efc197b98612f0e5", + "46d1fa84a261bf0f281f59544a2d5175091c2a672864ed93301558cd80b82b3f" + ], + "path": "\\$Recycle.bin\\S-1-5-21-2580483871-590521980-3826313501-500\\$ast-S-1-5-21-2580483871-590521980-3826313501-500" + }, + { + "hashes": [ + "0d8f3110fbd771989644939a3b0fcff866870ff88c05df7ee5a1235e4c4749f8", + "0f07c570d967fdd014a1990c6b0bddaa8d0e096841faa93f3afdc1f55779d868", + "1627c2372a603ac231a8709998ab1bf1096dea2e014cadd145afcf1dc550337e", + "1be801bcfc361a65283c4e8d07d2217d35a5ba9d356496a6c4f87043fc356f58", + "21eb0a07f6cbdaa846bc90ada59c653873674d1c417e86bad60619f28ce86102", + "2b307f42f7cf30065cce12063b3bcb8803a1e19d4aa73792f440b0f80c91fcf3", + "2c45116ab57056f76d28d7a8929f1033bfdaaaaf2bf4a443ff150d75ae2b6013", + "346a4804c4c61e3573b96fbfc1c3912087f2f68c01e4d50ba24e1e80c3aad02f", + "4c044cec574a1b83c341b25e2b3febec0955e3d8163f3ecd3c3ccfff800f0608" + ], + "path": "%TEMP%\\WPDNSE" + }, + { + "hashes": [ + "01bc3645259d6553ae26142e215713d74a4ab9b72ce70a0e407ef0b0c24f3a78", + "049c2426192d0e9d1fc2db3ebd48e07166dab4e0c840b22d0f45ede076f61389", + "1930371eb1a0cec8e5b7311f5476053304cff52572d3304cb71044159d7711ed", + "22ff13fa4513f554f10b6a38ee3f642cb2996788e4c6c4cfbed2962118ef73fd", + "341822381fec4eaec4d7735ccd63c250f7a93caab334cd6b44d3a7c7f623ef39", + "37dae85fa1f091a9c4270b77c628f46f559a8ed9d7a8302278ed348fbfa9fec0", + "3bd0b289aa4a812494c325fe9364eacbc1e800e312d9048db9bc48c49ced3523", + "44a965a9c0f214704c2cd8c993ed701347e0fcd81132d4ee7085b22fe5031d48" + ], + "path": "%ProgramData%\\msodtyzm.exe" + }, + { + "hashes": [ + "01bc3645259d6553ae26142e215713d74a4ab9b72ce70a0e407ef0b0c24f3a78", + "049c2426192d0e9d1fc2db3ebd48e07166dab4e0c840b22d0f45ede076f61389", + "1930371eb1a0cec8e5b7311f5476053304cff52572d3304cb71044159d7711ed", + "22ff13fa4513f554f10b6a38ee3f642cb2996788e4c6c4cfbed2962118ef73fd", + "341822381fec4eaec4d7735ccd63c250f7a93caab334cd6b44d3a7c7f623ef39", + "37dae85fa1f091a9c4270b77c628f46f559a8ed9d7a8302278ed348fbfa9fec0", + "3bd0b289aa4a812494c325fe9364eacbc1e800e312d9048db9bc48c49ced3523", + "44a965a9c0f214704c2cd8c993ed701347e0fcd81132d4ee7085b22fe5031d48" + ], + "path": "%ProgramData%\\~" + }, + { + "hashes": [ + "0d8f3110fbd771989644939a3b0fcff866870ff88c05df7ee5a1235e4c4749f8", + "0f07c570d967fdd014a1990c6b0bddaa8d0e096841faa93f3afdc1f55779d868", + "1627c2372a603ac231a8709998ab1bf1096dea2e014cadd145afcf1dc550337e", + "1be801bcfc361a65283c4e8d07d2217d35a5ba9d356496a6c4f87043fc356f58", + "21eb0a07f6cbdaa846bc90ada59c653873674d1c417e86bad60619f28ce86102", + "2c45116ab57056f76d28d7a8929f1033bfdaaaaf2bf4a443ff150d75ae2b6013", + "346a4804c4c61e3573b96fbfc1c3912087f2f68c01e4d50ba24e1e80c3aad02f" + ], + "path": "%APPDATA%\\Microsoft\\Windows\\IEUpdate" + }, + { + "hashes": [ + "01bc3645259d6553ae26142e215713d74a4ab9b72ce70a0e407ef0b0c24f3a78", + "049c2426192d0e9d1fc2db3ebd48e07166dab4e0c840b22d0f45ede076f61389", + "22ff13fa4513f554f10b6a38ee3f642cb2996788e4c6c4cfbed2962118ef73fd", + "341822381fec4eaec4d7735ccd63c250f7a93caab334cd6b44d3a7c7f623ef39", + "37dae85fa1f091a9c4270b77c628f46f559a8ed9d7a8302278ed348fbfa9fec0" + ], + "path": "\\Documents and Settings\\All Users\\mslkrru.exe" + }, + { + "hashes": [ + "2b307f42f7cf30065cce12063b3bcb8803a1e19d4aa73792f440b0f80c91fcf3", + "4c044cec574a1b83c341b25e2b3febec0955e3d8163f3ecd3c3ccfff800f0608" + ], + "path": "%APPDATA%\\Mozilla\\Firefox\\Profiles\\1lcuq8ab.default\\prefs.js" + }, + { + "hashes": [ + "2b307f42f7cf30065cce12063b3bcb8803a1e19d4aa73792f440b0f80c91fcf3", + "4c044cec574a1b83c341b25e2b3febec0955e3d8163f3ecd3c3ccfff800f0608" + ], + "path": "%LOCALAPPDATA%\\Microsoft\\Windows\\WER\\ERC\\statecache.lock" + }, + { + "hashes": [ + "2b307f42f7cf30065cce12063b3bcb8803a1e19d4aa73792f440b0f80c91fcf3", + "4c044cec574a1b83c341b25e2b3febec0955e3d8163f3ecd3c3ccfff800f0608" + ], + "path": "\\{7BFF4B7E-9EEE-6505-80DF-B269B48306AD}" + }, + { + "hashes": [ + "2b307f42f7cf30065cce12063b3bcb8803a1e19d4aa73792f440b0f80c91fcf3", + "4c044cec574a1b83c341b25e2b3febec0955e3d8163f3ecd3c3ccfff800f0608" + ], + "path": "%APPDATA%\\d3d8dmrc.exe" + }, + { + "hashes": [ + "20edee9146f0772dac4efb13e92b9aa0c267c95ae509d751c8a991f0a95d0d2b" + ], + "path": "%ProgramData%\\Package Cache\\dgrughe" + }, + { + "hashes": [ + "20edee9146f0772dac4efb13e92b9aa0c267c95ae509d751c8a991f0a95d0d2b" + ], + "path": "%System32%\\Tasks\\aonxqbj" + }, + { + "hashes": [ + "20edee9146f0772dac4efb13e92b9aa0c267c95ae509d751c8a991f0a95d0d2b" + ], + "path": "%TEMP%\\tjumvad.exe" + }, + { + "hashes": [ + "20edee9146f0772dac4efb13e92b9aa0c267c95ae509d751c8a991f0a95d0d2b" + ], + "path": "\\$RECYCLE.BIN\\S-1-5-18\\desktop.ini" + }, + { + "hashes": [ + "20edee9146f0772dac4efb13e92b9aa0c267c95ae509d751c8a991f0a95d0d2b" + ], + "path": "%ProgramData%\\whaadba.html" + }, + { + "hashes": [ + "0d8f3110fbd771989644939a3b0fcff866870ff88c05df7ee5a1235e4c4749f8" + ], + "path": "\\$Recycle.bin\\S-1-5-21-2580483871-590521980-3826313501-500\\$ast-S-1-5-21-2580483871-590521980-3826313501-500\\05_eG_0WhYkjdCUdP8GzNoBh.dat" + }, + { + "hashes": [ + "0d8f3110fbd771989644939a3b0fcff866870ff88c05df7ee5a1235e4c4749f8" + ], + "path": "\\$Recycle.bin\\S-1-5-21-2580483871-590521980-3826313501-500\\$ast-S-1-5-21-2580483871-590521980-3826313501-500\\y6WGtFCIB8cuv0c2LfcldnkNh4T.dat" + }, + { + "hashes": [ + "0d8f3110fbd771989644939a3b0fcff866870ff88c05df7ee5a1235e4c4749f8" + ], + "path": "%APPDATA%\\Microsoft\\Windows\\IEUpdate\\PushPrinterConnections.exe" + }, + { + "hashes": [ + "0f07c570d967fdd014a1990c6b0bddaa8d0e096841faa93f3afdc1f55779d868" + ], + "path": "\\$Recycle.bin\\S-1-5-21-2580483871-590521980-3826313501-500\\$ast-S-1-5-21-2580483871-590521980-3826313501-500\\5lRsecBUKS5d_lxgOkp.dat" + }, + { + "hashes": [ + "0f07c570d967fdd014a1990c6b0bddaa8d0e096841faa93f3afdc1f55779d868" + ], + "path": "\\$Recycle.bin\\S-1-5-21-2580483871-590521980-3826313501-500\\$ast-S-1-5-21-2580483871-590521980-3826313501-500\\P1WLRm-Nyrsk-oY7ZZ5LTiSf.dat" + }, + { + "hashes": [ + "0f07c570d967fdd014a1990c6b0bddaa8d0e096841faa93f3afdc1f55779d868" + ], + "path": "%APPDATA%\\Microsoft\\Windows\\IEUpdate\\hh.exe" + }, + { + "hashes": [ + "1627c2372a603ac231a8709998ab1bf1096dea2e014cadd145afcf1dc550337e" + ], + "path": "\\$Recycle.bin\\S-1-5-21-2580483871-590521980-3826313501-500\\$ast-S-1-5-21-2580483871-590521980-3826313501-500\\io9wBnnpx0TXElfGtTLc.dat" + }, + { + "hashes": [ + "1627c2372a603ac231a8709998ab1bf1096dea2e014cadd145afcf1dc550337e" + ], + "path": "\\$Recycle.bin\\S-1-5-21-2580483871-590521980-3826313501-500\\$ast-S-1-5-21-2580483871-590521980-3826313501-500\\s0XKgwBjkZNTR38M6Rh.dat" + }, + { + "hashes": [ + "1627c2372a603ac231a8709998ab1bf1096dea2e014cadd145afcf1dc550337e" + ], + "path": "%APPDATA%\\Microsoft\\Windows\\IEUpdate\\label.exe" + }, + { + "hashes": [ + "19f84524d2718c165108376091927e42b63e2c8da8c2f92a37ae4c9c8d9275da" + ], + "path": "%APPDATA%\\UVJlWVxU\\write.exe" + }, + { + "hashes": [ + "1be801bcfc361a65283c4e8d07d2217d35a5ba9d356496a6c4f87043fc356f58" + ], + "path": "\\$Recycle.bin\\S-1-5-21-2580483871-590521980-3826313501-500\\$ast-S-1-5-21-2580483871-590521980-3826313501-500\\4EUFp32cjHlXrI3ahr535_g.dat" + }, + { + "hashes": [ + "1be801bcfc361a65283c4e8d07d2217d35a5ba9d356496a6c4f87043fc356f58" + ], + "path": "\\$Recycle.bin\\S-1-5-21-2580483871-590521980-3826313501-500\\$ast-S-1-5-21-2580483871-590521980-3826313501-500\\GYgCMy08rEblS8NJKhWJzh.dat" + }, + { + "hashes": [ + "1be801bcfc361a65283c4e8d07d2217d35a5ba9d356496a6c4f87043fc356f58" + ], + "path": "%APPDATA%\\Microsoft\\Windows\\IEUpdate\\verifier.exe" + }, + { + "hashes": [ + "20edee9146f0772dac4efb13e92b9aa0c267c95ae509d751c8a991f0a95d0d2b" + ], + "path": "%HOMEPATH%\\Documents\\!Decrypt-All-Files-qfrkhla.bmp" + }, + { + "hashes": [ + "20edee9146f0772dac4efb13e92b9aa0c267c95ae509d751c8a991f0a95d0d2b" + ], + "path": "%HOMEPATH%\\Documents\\!Decrypt-All-Files-qfrkhla.txt" + }, + { + "hashes": [ + "20edee9146f0772dac4efb13e92b9aa0c267c95ae509d751c8a991f0a95d0d2b" + ], + "path": "%System32%\\config\\systemprofile\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\MSHist012020052820200529\\container.dat" + }, + { + "hashes": [ + "20edee9146f0772dac4efb13e92b9aa0c267c95ae509d751c8a991f0a95d0d2b" + ], + "path": "%ProgramFiles(x86)%\\Microsoft Office\\CLIPART\\PUB60COR\\!Decrypt-All-Files-qfrkhla.bmp" + }, + { + "hashes": [ + "20edee9146f0772dac4efb13e92b9aa0c267c95ae509d751c8a991f0a95d0d2b" + ], + "path": "%ProgramFiles(x86)%\\Microsoft Office\\CLIPART\\PUB60COR\\!Decrypt-All-Files-qfrkhla.txt" + }, + { + "hashes": [ + "20edee9146f0772dac4efb13e92b9aa0c267c95ae509d751c8a991f0a95d0d2b" + ], + "path": "%APPDATA%\\Microsoft\\Windows\\Cookies\\!Decrypt-All-Files-qfrkhla.bmp" + }, + { + "hashes": [ + "20edee9146f0772dac4efb13e92b9aa0c267c95ae509d751c8a991f0a95d0d2b" + ], + "path": "%APPDATA%\\Microsoft\\Windows\\Cookies\\!Decrypt-All-Files-qfrkhla.txt" + }, + { + "hashes": [ + "21eb0a07f6cbdaa846bc90ada59c653873674d1c417e86bad60619f28ce86102" + ], + "path": "\\$Recycle.bin\\S-1-5-21-2580483871-590521980-3826313501-500\\$ast-S-1-5-21-2580483871-590521980-3826313501-500\\5bCJVbTlP8drop_y7Nrbhgwi7g.dat" + }, + { + "hashes": [ + "21eb0a07f6cbdaa846bc90ada59c653873674d1c417e86bad60619f28ce86102" + ], + "path": "\\$Recycle.bin\\S-1-5-21-2580483871-590521980-3826313501-500\\$ast-S-1-5-21-2580483871-590521980-3826313501-500\\UGQYzaAAolzNogviyW83.dat" + }, + { + "hashes": [ + "21eb0a07f6cbdaa846bc90ada59c653873674d1c417e86bad60619f28ce86102" + ], + "path": "%APPDATA%\\Microsoft\\Windows\\IEUpdate\\cliconfg.exe" + }, + { + "hashes": [ + "2b307f42f7cf30065cce12063b3bcb8803a1e19d4aa73792f440b0f80c91fcf3" + ], + "path": "%TEMP%\\BDB8.bin" + }, + { + "hashes": [ + "2b307f42f7cf30065cce12063b3bcb8803a1e19d4aa73792f440b0f80c91fcf3" + ], + "path": "%TEMP%\\D6CC.bat" + }, + { + "hashes": [ + "2c45116ab57056f76d28d7a8929f1033bfdaaaaf2bf4a443ff150d75ae2b6013" + ], + "path": "\\$Recycle.bin\\S-1-5-21-2580483871-590521980-3826313501-500\\$ast-S-1-5-21-2580483871-590521980-3826313501-500\\KJx7-j33FQ5ZAgdNMO_v_JDA0HLd.dat" + }, + { + "hashes": [ + "2c45116ab57056f76d28d7a8929f1033bfdaaaaf2bf4a443ff150d75ae2b6013" + ], + "path": "\\$Recycle.bin\\S-1-5-21-2580483871-590521980-3826313501-500\\$ast-S-1-5-21-2580483871-590521980-3826313501-500\\RslRFsPiM5FvRqLN9.dat" + }, + { + "hashes": [ + "2c45116ab57056f76d28d7a8929f1033bfdaaaaf2bf4a443ff150d75ae2b6013" + ], + "path": "%APPDATA%\\Microsoft\\Windows\\IEUpdate\\DevicePairingWizard.exe" + }, + { + "hashes": [ + "346a4804c4c61e3573b96fbfc1c3912087f2f68c01e4d50ba24e1e80c3aad02f" + ], + "path": "\\$Recycle.bin\\S-1-5-21-2580483871-590521980-3826313501-500\\$ast-S-1-5-21-2580483871-590521980-3826313501-500\\d7psQDWs3eVKE83MLjcX18eY.dat" + }, + { + "hashes": [ + "346a4804c4c61e3573b96fbfc1c3912087f2f68c01e4d50ba24e1e80c3aad02f" + ], + "path": "\\$Recycle.bin\\S-1-5-21-2580483871-590521980-3826313501-500\\$ast-S-1-5-21-2580483871-590521980-3826313501-500\\pxI5KiZDiEjWFSQ.dat" + }, + { + "hashes": [ + "346a4804c4c61e3573b96fbfc1c3912087f2f68c01e4d50ba24e1e80c3aad02f" + ], + "path": "%APPDATA%\\Microsoft\\Windows\\IEUpdate\\systeminfo.exe" + }, + { + "hashes": [ + "4c044cec574a1b83c341b25e2b3febec0955e3d8163f3ecd3c3ccfff800f0608" + ], + "path": "%TEMP%\\B07F.bin" + }, + { + "hashes": [ + "4c044cec574a1b83c341b25e2b3febec0955e3d8163f3ecd3c3ccfff800f0608" + ], + "path": "%TEMP%\\C8B8.bat" + }, + { + "hashes": [ + "2b307f42f7cf30065cce12063b3bcb8803a1e19d4aa73792f440b0f80c91fcf3" + ], + "path": "%TEMP%\\E230.bat" + }, + { + "hashes": [ + "2b307f42f7cf30065cce12063b3bcb8803a1e19d4aa73792f440b0f80c91fcf3" + ], + "path": "\\{7EBA09AF-C59F-608E-3F92-C994E3E60D08}" + } + ], + "ip": [ + { + "hashes": [ + "0d8f3110fbd771989644939a3b0fcff866870ff88c05df7ee5a1235e4c4749f8", + "0f07c570d967fdd014a1990c6b0bddaa8d0e096841faa93f3afdc1f55779d868", + "1627c2372a603ac231a8709998ab1bf1096dea2e014cadd145afcf1dc550337e", + "1be801bcfc361a65283c4e8d07d2217d35a5ba9d356496a6c4f87043fc356f58", + "21eb0a07f6cbdaa846bc90ada59c653873674d1c417e86bad60619f28ce86102", + "2c45116ab57056f76d28d7a8929f1033bfdaaaaf2bf4a443ff150d75ae2b6013", + "346a4804c4c61e3573b96fbfc1c3912087f2f68c01e4d50ba24e1e80c3aad02f" + ], + "ip": "194[.]165[.]16[.]15" + }, + { + "hashes": [ + "049c2426192d0e9d1fc2db3ebd48e07166dab4e0c840b22d0f45ede076f61389", + "1930371eb1a0cec8e5b7311f5476053304cff52572d3304cb71044159d7711ed", + "19f84524d2718c165108376091927e42b63e2c8da8c2f92a37ae4c9c8d9275da", + "22ff13fa4513f554f10b6a38ee3f642cb2996788e4c6c4cfbed2962118ef73fd", + "37dae85fa1f091a9c4270b77c628f46f559a8ed9d7a8302278ed348fbfa9fec0", + "3bd0b289aa4a812494c325fe9364eacbc1e800e312d9048db9bc48c49ced3523", + "44a965a9c0f214704c2cd8c993ed701347e0fcd81132d4ee7085b22fe5031d48" + ], + "ip": "184[.]105[.]192[.]2" + }, + { + "hashes": [ + "049c2426192d0e9d1fc2db3ebd48e07166dab4e0c840b22d0f45ede076f61389", + "1930371eb1a0cec8e5b7311f5476053304cff52572d3304cb71044159d7711ed", + "22ff13fa4513f554f10b6a38ee3f642cb2996788e4c6c4cfbed2962118ef73fd", + "37dae85fa1f091a9c4270b77c628f46f559a8ed9d7a8302278ed348fbfa9fec0", + "3bd0b289aa4a812494c325fe9364eacbc1e800e312d9048db9bc48c49ced3523", + "44a965a9c0f214704c2cd8c993ed701347e0fcd81132d4ee7085b22fe5031d48" + ], + "ip": "109[.]120[.]180[.]29" + }, + { + "hashes": [ + "01bc3645259d6553ae26142e215713d74a4ab9b72ce70a0e407ef0b0c24f3a78", + "049c2426192d0e9d1fc2db3ebd48e07166dab4e0c840b22d0f45ede076f61389", + "37dae85fa1f091a9c4270b77c628f46f559a8ed9d7a8302278ed348fbfa9fec0", + "3bd0b289aa4a812494c325fe9364eacbc1e800e312d9048db9bc48c49ced3523", + "44a965a9c0f214704c2cd8c993ed701347e0fcd81132d4ee7085b22fe5031d48" + ], + "ip": "40[.]67[.]189[.]14" + }, + { + "hashes": [ + "1930371eb1a0cec8e5b7311f5476053304cff52572d3304cb71044159d7711ed", + "22ff13fa4513f554f10b6a38ee3f642cb2996788e4c6c4cfbed2962118ef73fd", + "37dae85fa1f091a9c4270b77c628f46f559a8ed9d7a8302278ed348fbfa9fec0", + "3bd0b289aa4a812494c325fe9364eacbc1e800e312d9048db9bc48c49ced3523", + "44a965a9c0f214704c2cd8c993ed701347e0fcd81132d4ee7085b22fe5031d48" + ], + "ip": "40[.]90[.]247[.]210" + }, + { + "hashes": [ + "01bc3645259d6553ae26142e215713d74a4ab9b72ce70a0e407ef0b0c24f3a78", + "049c2426192d0e9d1fc2db3ebd48e07166dab4e0c840b22d0f45ede076f61389", + "1930371eb1a0cec8e5b7311f5476053304cff52572d3304cb71044159d7711ed", + "22ff13fa4513f554f10b6a38ee3f642cb2996788e4c6c4cfbed2962118ef73fd", + "341822381fec4eaec4d7735ccd63c250f7a93caab334cd6b44d3a7c7f623ef39" + ], + "ip": "40[.]91[.]124[.]111" + }, + { + "hashes": [ + "0d8f3110fbd771989644939a3b0fcff866870ff88c05df7ee5a1235e4c4749f8", + "0f07c570d967fdd014a1990c6b0bddaa8d0e096841faa93f3afdc1f55779d868", + "346a4804c4c61e3573b96fbfc1c3912087f2f68c01e4d50ba24e1e80c3aad02f" + ], + "ip": "49[.]124[.]15[.]147" + }, + { + "hashes": [ + "0d8f3110fbd771989644939a3b0fcff866870ff88c05df7ee5a1235e4c4749f8", + "0f07c570d967fdd014a1990c6b0bddaa8d0e096841faa93f3afdc1f55779d868", + "21eb0a07f6cbdaa846bc90ada59c653873674d1c417e86bad60619f28ce86102" + ], + "ip": "190[.]38[.]228[.]128" + }, + { + "hashes": [ + "0d8f3110fbd771989644939a3b0fcff866870ff88c05df7ee5a1235e4c4749f8", + "0f07c570d967fdd014a1990c6b0bddaa8d0e096841faa93f3afdc1f55779d868", + "21eb0a07f6cbdaa846bc90ada59c653873674d1c417e86bad60619f28ce86102" + ], + "ip": "24[.]35[.]232[.]189" + }, + { + "hashes": [ + "1627c2372a603ac231a8709998ab1bf1096dea2e014cadd145afcf1dc550337e", + "1be801bcfc361a65283c4e8d07d2217d35a5ba9d356496a6c4f87043fc356f58", + "346a4804c4c61e3573b96fbfc1c3912087f2f68c01e4d50ba24e1e80c3aad02f" + ], + "ip": "126[.]83[.]87[.]201" + }, + { + "hashes": [ + "01bc3645259d6553ae26142e215713d74a4ab9b72ce70a0e407ef0b0c24f3a78", + "341822381fec4eaec4d7735ccd63c250f7a93caab334cd6b44d3a7c7f623ef39" + ], + "ip": "20[.]45[.]1[.]107" + }, + { + "hashes": [ + "0f07c570d967fdd014a1990c6b0bddaa8d0e096841faa93f3afdc1f55779d868", + "2c45116ab57056f76d28d7a8929f1033bfdaaaaf2bf4a443ff150d75ae2b6013" + ], + "ip": "77[.]77[.]31[.]42" + }, + { + "hashes": [ + "0f07c570d967fdd014a1990c6b0bddaa8d0e096841faa93f3afdc1f55779d868", + "2c45116ab57056f76d28d7a8929f1033bfdaaaaf2bf4a443ff150d75ae2b6013" + ], + "ip": "46[.]128[.]161[.]129" + }, + { + "hashes": [ + "0f07c570d967fdd014a1990c6b0bddaa8d0e096841faa93f3afdc1f55779d868", + "2c45116ab57056f76d28d7a8929f1033bfdaaaaf2bf4a443ff150d75ae2b6013" + ], + "ip": "93[.]80[.]151[.]62" + }, + { + "hashes": [ + "0f07c570d967fdd014a1990c6b0bddaa8d0e096841faa93f3afdc1f55779d868", + "1627c2372a603ac231a8709998ab1bf1096dea2e014cadd145afcf1dc550337e" + ], + "ip": "109[.]251[.]147[.]17" + }, + { + "hashes": [ + "1627c2372a603ac231a8709998ab1bf1096dea2e014cadd145afcf1dc550337e", + "346a4804c4c61e3573b96fbfc1c3912087f2f68c01e4d50ba24e1e80c3aad02f" + ], + "ip": "122[.]196[.]217[.]40" + }, + { + "hashes": [ + "1627c2372a603ac231a8709998ab1bf1096dea2e014cadd145afcf1dc550337e", + "2c45116ab57056f76d28d7a8929f1033bfdaaaaf2bf4a443ff150d75ae2b6013" + ], + "ip": "124[.]123[.]153[.]47" + }, + { + "hashes": [ + "1be801bcfc361a65283c4e8d07d2217d35a5ba9d356496a6c4f87043fc356f58", + "21eb0a07f6cbdaa846bc90ada59c653873674d1c417e86bad60619f28ce86102" + ], + "ip": "218[.]157[.]244[.]205" + }, + { + "hashes": [ + "341822381fec4eaec4d7735ccd63c250f7a93caab334cd6b44d3a7c7f623ef39" + ], + "ip": "104[.]42[.]225[.]122" + }, + { + "hashes": [ + "21eb0a07f6cbdaa846bc90ada59c653873674d1c417e86bad60619f28ce86102" + ], + "ip": "69[.]133[.]65[.]5" + }, + { + "hashes": [ + "21eb0a07f6cbdaa846bc90ada59c653873674d1c417e86bad60619f28ce86102" + ], + "ip": "125[.]58[.]91[.]226" + }, + { + "hashes": [ + "21eb0a07f6cbdaa846bc90ada59c653873674d1c417e86bad60619f28ce86102" + ], + "ip": "178[.]205[.]86[.]64" + }, + { + "hashes": [ + "21eb0a07f6cbdaa846bc90ada59c653873674d1c417e86bad60619f28ce86102" + ], + "ip": "94[.]248[.]24[.]112" + }, + { + "hashes": [ + "21eb0a07f6cbdaa846bc90ada59c653873674d1c417e86bad60619f28ce86102" + ], + "ip": "24[.]42[.]115[.]69" + }, + { + "hashes": [ + "21eb0a07f6cbdaa846bc90ada59c653873674d1c417e86bad60619f28ce86102" + ], + "ip": "180[.]220[.]13[.]57" + }, + { + "hashes": [ + "21eb0a07f6cbdaa846bc90ada59c653873674d1c417e86bad60619f28ce86102" + ], + "ip": "129[.]22[.]245[.]159" + }, + { + "hashes": [ + "21eb0a07f6cbdaa846bc90ada59c653873674d1c417e86bad60619f28ce86102" + ], + "ip": "58[.]91[.]10[.]231" + }, + { + "hashes": [ + "21eb0a07f6cbdaa846bc90ada59c653873674d1c417e86bad60619f28ce86102" + ], + "ip": "125[.]196[.]172[.]20" + }, + { + "hashes": [ + "2b307f42f7cf30065cce12063b3bcb8803a1e19d4aa73792f440b0f80c91fcf3" + ], + "ip": "50[.]16[.]49[.]81" + }, + { + "hashes": [ + "2c45116ab57056f76d28d7a8929f1033bfdaaaaf2bf4a443ff150d75ae2b6013" + ], + "ip": "218[.]229[.]34[.]33" + }, + { + "hashes": [ + "2c45116ab57056f76d28d7a8929f1033bfdaaaaf2bf4a443ff150d75ae2b6013" + ], + "ip": "95[.]160[.]49[.]115" + }, + { + "hashes": [ + "2c45116ab57056f76d28d7a8929f1033bfdaaaaf2bf4a443ff150d75ae2b6013" + ], + "ip": "80[.]116[.]242[.]163" + }, + { + "hashes": [ + "2c45116ab57056f76d28d7a8929f1033bfdaaaaf2bf4a443ff150d75ae2b6013" + ], + "ip": "5[.]78[.]60[.]8" + }, + { + "hashes": [ + "2c45116ab57056f76d28d7a8929f1033bfdaaaaf2bf4a443ff150d75ae2b6013" + ], + "ip": "1[.]23[.]37[.]160" + }, + { + "hashes": [ + "2c45116ab57056f76d28d7a8929f1033bfdaaaaf2bf4a443ff150d75ae2b6013" + ], + "ip": "119[.]10[.]189[.]184" + }, + { + "hashes": [ + "2c45116ab57056f76d28d7a8929f1033bfdaaaaf2bf4a443ff150d75ae2b6013" + ], + "ip": "31[.]192[.]50[.]2" + }, + { + "hashes": [ + "2c45116ab57056f76d28d7a8929f1033bfdaaaaf2bf4a443ff150d75ae2b6013" + ], + "ip": "109[.]184[.]87[.]184" + }, + { + "hashes": [ + "2c45116ab57056f76d28d7a8929f1033bfdaaaaf2bf4a443ff150d75ae2b6013" + ], + "ip": "168[.]131[.]125[.]12" + }, + { + "hashes": [ + "346a4804c4c61e3573b96fbfc1c3912087f2f68c01e4d50ba24e1e80c3aad02f" + ], + "ip": "175[.]151[.]27[.]234" + }, + { + "hashes": [ + "346a4804c4c61e3573b96fbfc1c3912087f2f68c01e4d50ba24e1e80c3aad02f" + ], + "ip": "151[.]233[.]16[.]231" + }, + { + "hashes": [ + "346a4804c4c61e3573b96fbfc1c3912087f2f68c01e4d50ba24e1e80c3aad02f" + ], + "ip": "124[.]150[.]233[.]7" + }, + { + "hashes": [ + "346a4804c4c61e3573b96fbfc1c3912087f2f68c01e4d50ba24e1e80c3aad02f" + ], + "ip": "197[.]7[.]192[.]38" + }, + { + "hashes": [ + "346a4804c4c61e3573b96fbfc1c3912087f2f68c01e4d50ba24e1e80c3aad02f" + ], + "ip": "61[.]121[.]235[.]94" + }, + { + "hashes": [ + "346a4804c4c61e3573b96fbfc1c3912087f2f68c01e4d50ba24e1e80c3aad02f" + ], + "ip": "220[.]99[.]173[.]15" + }, + { + "hashes": [ + "346a4804c4c61e3573b96fbfc1c3912087f2f68c01e4d50ba24e1e80c3aad02f" + ], + "ip": "153[.]177[.]77[.]224" + }, + { + "hashes": [ + "346a4804c4c61e3573b96fbfc1c3912087f2f68c01e4d50ba24e1e80c3aad02f" + ], + "ip": "119[.]150[.]79[.]132" + }, + { + "hashes": [ + "346a4804c4c61e3573b96fbfc1c3912087f2f68c01e4d50ba24e1e80c3aad02f" + ], + "ip": "114[.]150[.]245[.]103" + }, + { + "hashes": [ + "346a4804c4c61e3573b96fbfc1c3912087f2f68c01e4d50ba24e1e80c3aad02f" + ], + "ip": "92[.]87[.]28[.]118" + }, + { + "hashes": [ + "346a4804c4c61e3573b96fbfc1c3912087f2f68c01e4d50ba24e1e80c3aad02f" + ], + "ip": "37[.]19[.]168[.]80" + }, + { + "hashes": [ + "2b307f42f7cf30065cce12063b3bcb8803a1e19d4aa73792f440b0f80c91fcf3" + ], + "ip": "35[.]175[.]60[.]16" + } + ], + "mutex": [ + { + "hashes": [ + "0d8f3110fbd771989644939a3b0fcff866870ff88c05df7ee5a1235e4c4749f8", + "0f07c570d967fdd014a1990c6b0bddaa8d0e096841faa93f3afdc1f55779d868", + "1627c2372a603ac231a8709998ab1bf1096dea2e014cadd145afcf1dc550337e", + "1be801bcfc361a65283c4e8d07d2217d35a5ba9d356496a6c4f87043fc356f58", + "21eb0a07f6cbdaa846bc90ada59c653873674d1c417e86bad60619f28ce86102", + "2c45116ab57056f76d28d7a8929f1033bfdaaaaf2bf4a443ff150d75ae2b6013", + "346a4804c4c61e3573b96fbfc1c3912087f2f68c01e4d50ba24e1e80c3aad02f" + ], + "name": "Frz_State" + }, + { + "hashes": [ + "0d8f3110fbd771989644939a3b0fcff866870ff88c05df7ee5a1235e4c4749f8", + "0f07c570d967fdd014a1990c6b0bddaa8d0e096841faa93f3afdc1f55779d868", + "1627c2372a603ac231a8709998ab1bf1096dea2e014cadd145afcf1dc550337e", + "1be801bcfc361a65283c4e8d07d2217d35a5ba9d356496a6c4f87043fc356f58", + "21eb0a07f6cbdaa846bc90ada59c653873674d1c417e86bad60619f28ce86102", + "2c45116ab57056f76d28d7a8929f1033bfdaaaaf2bf4a443ff150d75ae2b6013", + "346a4804c4c61e3573b96fbfc1c3912087f2f68c01e4d50ba24e1e80c3aad02f" + ], + "name": "shell.{51D4DBE8-BDA0-10DF-2D07-6083593E274E}" + }, + { + "hashes": [ + "0d8f3110fbd771989644939a3b0fcff866870ff88c05df7ee5a1235e4c4749f8", + "0f07c570d967fdd014a1990c6b0bddaa8d0e096841faa93f3afdc1f55779d868", + "1627c2372a603ac231a8709998ab1bf1096dea2e014cadd145afcf1dc550337e", + "1be801bcfc361a65283c4e8d07d2217d35a5ba9d356496a6c4f87043fc356f58", + "21eb0a07f6cbdaa846bc90ada59c653873674d1c417e86bad60619f28ce86102", + "2c45116ab57056f76d28d7a8929f1033bfdaaaaf2bf4a443ff150d75ae2b6013", + "346a4804c4c61e3573b96fbfc1c3912087f2f68c01e4d50ba24e1e80c3aad02f" + ], + "name": "shell.{6378803E-0C4F-158B-122F-45AACF1EEAA5}" + }, + { + "hashes": [ + "2b307f42f7cf30065cce12063b3bcb8803a1e19d4aa73792f440b0f80c91fcf3", + "4c044cec574a1b83c341b25e2b3febec0955e3d8163f3ecd3c3ccfff800f0608" + ], + "name": "Local\\{AF64E7EC-42CA-B984-C453-96FD38372A81}" + }, + { + "hashes": [ + "20edee9146f0772dac4efb13e92b9aa0c267c95ae509d751c8a991f0a95d0d2b" + ], + "name": "seiuebfbgnppen" + }, + { + "hashes": [ + "19f84524d2718c165108376091927e42b63e2c8da8c2f92a37ae4c9c8d9275da" + ], + "name": "UVJlWVxU" + }, + { + "hashes": [ + "4c044cec574a1b83c341b25e2b3febec0955e3d8163f3ecd3c3ccfff800f0608" + ], + "name": "{F37309D7-B6A8-9D08-58D7-4A210CFB1EE5}" + }, + { + "hashes": [ + "2b307f42f7cf30065cce12063b3bcb8803a1e19d4aa73792f440b0f80c91fcf3" + ], + "name": "{33F762DD-F6D2-DDAD-9817-8A614C3B5E25}" + }, + { + "hashes": [ + "2c35fea69feeff1bd9031260d8c11a46473c82fb5be8cbe185eb486fb5f72c84" + ], + "name": "Global\\fbd4d201-a0ca-11ea-a007-00501e3ae7b5" + }, + { + "hashes": [ + "2b307f42f7cf30065cce12063b3bcb8803a1e19d4aa73792f440b0f80c91fcf3" + ], + "name": "Local\\{227C68F6-19CD-A453-B376-5D18970AE1CC}" + }, + { + "hashes": [ + "2b307f42f7cf30065cce12063b3bcb8803a1e19d4aa73792f440b0f80c91fcf3" + ], + "name": "{1E72B4E3-E5B2-0047-5F32-E93403862DA8}" + }, + { + "hashes": [ + "2c35fea69feeff1bd9031260d8c11a46473c82fb5be8cbe185eb486fb5f72c84" + ], + "name": "f318011atatt" + } + ], + "registry": [ + { + "hashes": [ + "0d8f3110fbd771989644939a3b0fcff866870ff88c05df7ee5a1235e4c4749f8", + "0f07c570d967fdd014a1990c6b0bddaa8d0e096841faa93f3afdc1f55779d868", + "1627c2372a603ac231a8709998ab1bf1096dea2e014cadd145afcf1dc550337e", + "1be801bcfc361a65283c4e8d07d2217d35a5ba9d356496a6c4f87043fc356f58", + "21eb0a07f6cbdaa846bc90ada59c653873674d1c417e86bad60619f28ce86102", + "2c45116ab57056f76d28d7a8929f1033bfdaaaaf2bf4a443ff150d75ae2b6013", + "31eeee772b983f6553c1721920e8a9c4ffd4f9c9197ab8161d278347ac538f0a", + "346a4804c4c61e3573b96fbfc1c3912087f2f68c01e4d50ba24e1e80c3aad02f", + "378819dbd951424471777f89811e16d58010b1161254b4b74bdf487861e5a5f7", + "3d7043f6f4bd7a68f0829df9bacf696dc7e9ea36f5642a35efc197b98612f0e5", + "46d1fa84a261bf0f281f59544a2d5175091c2a672864ed93301558cd80b82b3f" + ], + "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\EXPLORER\\DISCARDABLE\\POSTSETUP\\COMPONENT CATEGORIES\\{F3F18253-2050-E690-FED7-0BE7DF1E790D}", + "value_name": null + }, + { + "hashes": [ + "0d8f3110fbd771989644939a3b0fcff866870ff88c05df7ee5a1235e4c4749f8", + "0f07c570d967fdd014a1990c6b0bddaa8d0e096841faa93f3afdc1f55779d868", + "1627c2372a603ac231a8709998ab1bf1096dea2e014cadd145afcf1dc550337e", + "1be801bcfc361a65283c4e8d07d2217d35a5ba9d356496a6c4f87043fc356f58", + "21eb0a07f6cbdaa846bc90ada59c653873674d1c417e86bad60619f28ce86102", + "2c45116ab57056f76d28d7a8929f1033bfdaaaaf2bf4a443ff150d75ae2b6013", + "31eeee772b983f6553c1721920e8a9c4ffd4f9c9197ab8161d278347ac538f0a", + "346a4804c4c61e3573b96fbfc1c3912087f2f68c01e4d50ba24e1e80c3aad02f", + "378819dbd951424471777f89811e16d58010b1161254b4b74bdf487861e5a5f7", + "3d7043f6f4bd7a68f0829df9bacf696dc7e9ea36f5642a35efc197b98612f0e5", + "46d1fa84a261bf0f281f59544a2d5175091c2a672864ed93301558cd80b82b3f" + ], + "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\EXPLORER\\DISCARDABLE\\POSTSETUP\\COMPONENT CATEGORIES\\{F3F18253-2050-E690-FED7-0BE7DF1E790D}\\ENUM", + "value_name": null + }, + { + "hashes": [ + "01bc3645259d6553ae26142e215713d74a4ab9b72ce70a0e407ef0b0c24f3a78", + "049c2426192d0e9d1fc2db3ebd48e07166dab4e0c840b22d0f45ede076f61389", + "1930371eb1a0cec8e5b7311f5476053304cff52572d3304cb71044159d7711ed", + "22ff13fa4513f554f10b6a38ee3f642cb2996788e4c6c4cfbed2962118ef73fd", + "341822381fec4eaec4d7735ccd63c250f7a93caab334cd6b44d3a7c7f623ef39", + "37dae85fa1f091a9c4270b77c628f46f559a8ed9d7a8302278ed348fbfa9fec0", + "3bd0b289aa4a812494c325fe9364eacbc1e800e312d9048db9bc48c49ced3523", + "44a965a9c0f214704c2cd8c993ed701347e0fcd81132d4ee7085b22fe5031d48" + ], + "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\EXPLORER\\ADVANCED", + "value_name": "Hidden" + }, + { + "hashes": [ + "01bc3645259d6553ae26142e215713d74a4ab9b72ce70a0e407ef0b0c24f3a78", + "049c2426192d0e9d1fc2db3ebd48e07166dab4e0c840b22d0f45ede076f61389", + "1930371eb1a0cec8e5b7311f5476053304cff52572d3304cb71044159d7711ed", + "22ff13fa4513f554f10b6a38ee3f642cb2996788e4c6c4cfbed2962118ef73fd", + "341822381fec4eaec4d7735ccd63c250f7a93caab334cd6b44d3a7c7f623ef39", + "37dae85fa1f091a9c4270b77c628f46f559a8ed9d7a8302278ed348fbfa9fec0", + "3bd0b289aa4a812494c325fe9364eacbc1e800e312d9048db9bc48c49ced3523", + "44a965a9c0f214704c2cd8c993ed701347e0fcd81132d4ee7085b22fe5031d48" + ], + "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\POLICIES\\SYSTEM", + "value_name": "EnableLUA" + }, + { + "hashes": [ + "01bc3645259d6553ae26142e215713d74a4ab9b72ce70a0e407ef0b0c24f3a78", + "049c2426192d0e9d1fc2db3ebd48e07166dab4e0c840b22d0f45ede076f61389", + "1930371eb1a0cec8e5b7311f5476053304cff52572d3304cb71044159d7711ed", + "22ff13fa4513f554f10b6a38ee3f642cb2996788e4c6c4cfbed2962118ef73fd", + "341822381fec4eaec4d7735ccd63c250f7a93caab334cd6b44d3a7c7f623ef39", + "37dae85fa1f091a9c4270b77c628f46f559a8ed9d7a8302278ed348fbfa9fec0", + "3bd0b289aa4a812494c325fe9364eacbc1e800e312d9048db9bc48c49ced3523", + "44a965a9c0f214704c2cd8c993ed701347e0fcd81132d4ee7085b22fe5031d48" + ], + "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\WSCSVC", + "value_name": "Start" + }, + { + "hashes": [ + "01bc3645259d6553ae26142e215713d74a4ab9b72ce70a0e407ef0b0c24f3a78", + "049c2426192d0e9d1fc2db3ebd48e07166dab4e0c840b22d0f45ede076f61389", + "1930371eb1a0cec8e5b7311f5476053304cff52572d3304cb71044159d7711ed", + "22ff13fa4513f554f10b6a38ee3f642cb2996788e4c6c4cfbed2962118ef73fd", + "341822381fec4eaec4d7735ccd63c250f7a93caab334cd6b44d3a7c7f623ef39", + "37dae85fa1f091a9c4270b77c628f46f559a8ed9d7a8302278ed348fbfa9fec0", + "3bd0b289aa4a812494c325fe9364eacbc1e800e312d9048db9bc48c49ced3523", + "44a965a9c0f214704c2cd8c993ed701347e0fcd81132d4ee7085b22fe5031d48" + ], + "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\WINDEFEND", + "value_name": "Start" + }, + { + "hashes": [ + "01bc3645259d6553ae26142e215713d74a4ab9b72ce70a0e407ef0b0c24f3a78", + "049c2426192d0e9d1fc2db3ebd48e07166dab4e0c840b22d0f45ede076f61389", + "1930371eb1a0cec8e5b7311f5476053304cff52572d3304cb71044159d7711ed", + "22ff13fa4513f554f10b6a38ee3f642cb2996788e4c6c4cfbed2962118ef73fd", + "341822381fec4eaec4d7735ccd63c250f7a93caab334cd6b44d3a7c7f623ef39", + "37dae85fa1f091a9c4270b77c628f46f559a8ed9d7a8302278ed348fbfa9fec0", + "3bd0b289aa4a812494c325fe9364eacbc1e800e312d9048db9bc48c49ced3523", + "44a965a9c0f214704c2cd8c993ed701347e0fcd81132d4ee7085b22fe5031d48" + ], + "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\EXPLORER\\ADVANCED", + "value_name": "ShowSuperHidden" + }, + { + "hashes": [ + "01bc3645259d6553ae26142e215713d74a4ab9b72ce70a0e407ef0b0c24f3a78", + "049c2426192d0e9d1fc2db3ebd48e07166dab4e0c840b22d0f45ede076f61389", + "1930371eb1a0cec8e5b7311f5476053304cff52572d3304cb71044159d7711ed", + "22ff13fa4513f554f10b6a38ee3f642cb2996788e4c6c4cfbed2962118ef73fd", + "341822381fec4eaec4d7735ccd63c250f7a93caab334cd6b44d3a7c7f623ef39", + "37dae85fa1f091a9c4270b77c628f46f559a8ed9d7a8302278ed348fbfa9fec0", + "3bd0b289aa4a812494c325fe9364eacbc1e800e312d9048db9bc48c49ced3523", + "44a965a9c0f214704c2cd8c993ed701347e0fcd81132d4ee7085b22fe5031d48" + ], + "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\MPSSVC", + "value_name": "Start" + }, + { + "hashes": [ + "01bc3645259d6553ae26142e215713d74a4ab9b72ce70a0e407ef0b0c24f3a78", + "049c2426192d0e9d1fc2db3ebd48e07166dab4e0c840b22d0f45ede076f61389", + "1930371eb1a0cec8e5b7311f5476053304cff52572d3304cb71044159d7711ed", + "22ff13fa4513f554f10b6a38ee3f642cb2996788e4c6c4cfbed2962118ef73fd", + "341822381fec4eaec4d7735ccd63c250f7a93caab334cd6b44d3a7c7f623ef39", + "37dae85fa1f091a9c4270b77c628f46f559a8ed9d7a8302278ed348fbfa9fec0", + "3bd0b289aa4a812494c325fe9364eacbc1e800e312d9048db9bc48c49ced3523", + "44a965a9c0f214704c2cd8c993ed701347e0fcd81132d4ee7085b22fe5031d48" + ], + "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\POLICIES\\EXPLORER", + "value_name": "HideSCAHealth" + }, + { + "hashes": [ + "01bc3645259d6553ae26142e215713d74a4ab9b72ce70a0e407ef0b0c24f3a78", + "049c2426192d0e9d1fc2db3ebd48e07166dab4e0c840b22d0f45ede076f61389", + "1930371eb1a0cec8e5b7311f5476053304cff52572d3304cb71044159d7711ed", + "22ff13fa4513f554f10b6a38ee3f642cb2996788e4c6c4cfbed2962118ef73fd", + "341822381fec4eaec4d7735ccd63c250f7a93caab334cd6b44d3a7c7f623ef39", + "37dae85fa1f091a9c4270b77c628f46f559a8ed9d7a8302278ed348fbfa9fec0", + "3bd0b289aa4a812494c325fe9364eacbc1e800e312d9048db9bc48c49ced3523", + "44a965a9c0f214704c2cd8c993ed701347e0fcd81132d4ee7085b22fe5031d48" + ], + "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\POLICIES\\EXPLORER", + "value_name": "HideSCAHealth" + }, + { + "hashes": [ + "01bc3645259d6553ae26142e215713d74a4ab9b72ce70a0e407ef0b0c24f3a78", + "049c2426192d0e9d1fc2db3ebd48e07166dab4e0c840b22d0f45ede076f61389", + "1930371eb1a0cec8e5b7311f5476053304cff52572d3304cb71044159d7711ed", + "22ff13fa4513f554f10b6a38ee3f642cb2996788e4c6c4cfbed2962118ef73fd", + "341822381fec4eaec4d7735ccd63c250f7a93caab334cd6b44d3a7c7f623ef39", + "37dae85fa1f091a9c4270b77c628f46f559a8ed9d7a8302278ed348fbfa9fec0", + "3bd0b289aa4a812494c325fe9364eacbc1e800e312d9048db9bc48c49ced3523", + "44a965a9c0f214704c2cd8c993ed701347e0fcd81132d4ee7085b22fe5031d48" + ], + "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\WUAUSERV", + "value_name": "Start" + }, + { + "hashes": [ + "01bc3645259d6553ae26142e215713d74a4ab9b72ce70a0e407ef0b0c24f3a78", + "049c2426192d0e9d1fc2db3ebd48e07166dab4e0c840b22d0f45ede076f61389", + "1930371eb1a0cec8e5b7311f5476053304cff52572d3304cb71044159d7711ed", + "22ff13fa4513f554f10b6a38ee3f642cb2996788e4c6c4cfbed2962118ef73fd", + "341822381fec4eaec4d7735ccd63c250f7a93caab334cd6b44d3a7c7f623ef39", + "37dae85fa1f091a9c4270b77c628f46f559a8ed9d7a8302278ed348fbfa9fec0", + "3bd0b289aa4a812494c325fe9364eacbc1e800e312d9048db9bc48c49ced3523", + "44a965a9c0f214704c2cd8c993ed701347e0fcd81132d4ee7085b22fe5031d48" + ], + "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\POLICIES\\EXPLORER", + "value_name": "TaskbarNoNotification" + }, + { + "hashes": [ + "01bc3645259d6553ae26142e215713d74a4ab9b72ce70a0e407ef0b0c24f3a78", + "049c2426192d0e9d1fc2db3ebd48e07166dab4e0c840b22d0f45ede076f61389", + "1930371eb1a0cec8e5b7311f5476053304cff52572d3304cb71044159d7711ed", + "22ff13fa4513f554f10b6a38ee3f642cb2996788e4c6c4cfbed2962118ef73fd", + "341822381fec4eaec4d7735ccd63c250f7a93caab334cd6b44d3a7c7f623ef39", + "37dae85fa1f091a9c4270b77c628f46f559a8ed9d7a8302278ed348fbfa9fec0", + "3bd0b289aa4a812494c325fe9364eacbc1e800e312d9048db9bc48c49ced3523", + "44a965a9c0f214704c2cd8c993ed701347e0fcd81132d4ee7085b22fe5031d48" + ], + "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\POLICIES\\EXPLORER", + "value_name": "TaskbarNoNotification" + }, + { + "hashes": [ + "01bc3645259d6553ae26142e215713d74a4ab9b72ce70a0e407ef0b0c24f3a78", + "049c2426192d0e9d1fc2db3ebd48e07166dab4e0c840b22d0f45ede076f61389", + "1930371eb1a0cec8e5b7311f5476053304cff52572d3304cb71044159d7711ed", + "22ff13fa4513f554f10b6a38ee3f642cb2996788e4c6c4cfbed2962118ef73fd", + "341822381fec4eaec4d7735ccd63c250f7a93caab334cd6b44d3a7c7f623ef39", + "37dae85fa1f091a9c4270b77c628f46f559a8ed9d7a8302278ed348fbfa9fec0", + "3bd0b289aa4a812494c325fe9364eacbc1e800e312d9048db9bc48c49ced3523", + "44a965a9c0f214704c2cd8c993ed701347e0fcd81132d4ee7085b22fe5031d48" + ], + "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS", + "value_name": "Load" + }, + { + "hashes": [ + "01bc3645259d6553ae26142e215713d74a4ab9b72ce70a0e407ef0b0c24f3a78", + "049c2426192d0e9d1fc2db3ebd48e07166dab4e0c840b22d0f45ede076f61389", + "1930371eb1a0cec8e5b7311f5476053304cff52572d3304cb71044159d7711ed", + "22ff13fa4513f554f10b6a38ee3f642cb2996788e4c6c4cfbed2962118ef73fd", + "341822381fec4eaec4d7735ccd63c250f7a93caab334cd6b44d3a7c7f623ef39", + "37dae85fa1f091a9c4270b77c628f46f559a8ed9d7a8302278ed348fbfa9fec0", + "3bd0b289aa4a812494c325fe9364eacbc1e800e312d9048db9bc48c49ced3523", + "44a965a9c0f214704c2cd8c993ed701347e0fcd81132d4ee7085b22fe5031d48" + ], + "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", + "value_name": "1081297374" + }, + { + "hashes": [ + "01bc3645259d6553ae26142e215713d74a4ab9b72ce70a0e407ef0b0c24f3a78", + "049c2426192d0e9d1fc2db3ebd48e07166dab4e0c840b22d0f45ede076f61389", + "1930371eb1a0cec8e5b7311f5476053304cff52572d3304cb71044159d7711ed", + "22ff13fa4513f554f10b6a38ee3f642cb2996788e4c6c4cfbed2962118ef73fd", + "341822381fec4eaec4d7735ccd63c250f7a93caab334cd6b44d3a7c7f623ef39", + "37dae85fa1f091a9c4270b77c628f46f559a8ed9d7a8302278ed348fbfa9fec0", + "3bd0b289aa4a812494c325fe9364eacbc1e800e312d9048db9bc48c49ced3523", + "44a965a9c0f214704c2cd8c993ed701347e0fcd81132d4ee7085b22fe5031d48" + ], + "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\POLICIES\\EXPLORER\\RUN", + "value_name": "1081297374" + }, + { + "hashes": [ + "01bc3645259d6553ae26142e215713d74a4ab9b72ce70a0e407ef0b0c24f3a78", + "049c2426192d0e9d1fc2db3ebd48e07166dab4e0c840b22d0f45ede076f61389", + "1930371eb1a0cec8e5b7311f5476053304cff52572d3304cb71044159d7711ed", + "22ff13fa4513f554f10b6a38ee3f642cb2996788e4c6c4cfbed2962118ef73fd", + "341822381fec4eaec4d7735ccd63c250f7a93caab334cd6b44d3a7c7f623ef39", + "37dae85fa1f091a9c4270b77c628f46f559a8ed9d7a8302278ed348fbfa9fec0", + "3bd0b289aa4a812494c325fe9364eacbc1e800e312d9048db9bc48c49ced3523", + "44a965a9c0f214704c2cd8c993ed701347e0fcd81132d4ee7085b22fe5031d48" + ], + "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\POLICIES\\EXPLORER\\RUN", + "value_name": null + }, + { + "hashes": [ + "0d8f3110fbd771989644939a3b0fcff866870ff88c05df7ee5a1235e4c4749f8", + "0f07c570d967fdd014a1990c6b0bddaa8d0e096841faa93f3afdc1f55779d868", + "1627c2372a603ac231a8709998ab1bf1096dea2e014cadd145afcf1dc550337e", + "1be801bcfc361a65283c4e8d07d2217d35a5ba9d356496a6c4f87043fc356f58", + "21eb0a07f6cbdaa846bc90ada59c653873674d1c417e86bad60619f28ce86102", + "2c45116ab57056f76d28d7a8929f1033bfdaaaaf2bf4a443ff150d75ae2b6013", + "346a4804c4c61e3573b96fbfc1c3912087f2f68c01e4d50ba24e1e80c3aad02f" + ], + "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\OUTLOOK EXPRESS\\5.0", + "value_name": null + }, + { + "hashes": [ + "0d8f3110fbd771989644939a3b0fcff866870ff88c05df7ee5a1235e4c4749f8", + "0f07c570d967fdd014a1990c6b0bddaa8d0e096841faa93f3afdc1f55779d868", + "1627c2372a603ac231a8709998ab1bf1096dea2e014cadd145afcf1dc550337e", + "1be801bcfc361a65283c4e8d07d2217d35a5ba9d356496a6c4f87043fc356f58", + "21eb0a07f6cbdaa846bc90ada59c653873674d1c417e86bad60619f28ce86102", + "2c45116ab57056f76d28d7a8929f1033bfdaaaaf2bf4a443ff150d75ae2b6013", + "346a4804c4c61e3573b96fbfc1c3912087f2f68c01e4d50ba24e1e80c3aad02f" + ], + "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\OUTLOOK EXPRESS\\5.0\\SHARED SETTINGS\\SETUP\\10002", + "value_name": null + }, + { + "hashes": [ + "0d8f3110fbd771989644939a3b0fcff866870ff88c05df7ee5a1235e4c4749f8", + "0f07c570d967fdd014a1990c6b0bddaa8d0e096841faa93f3afdc1f55779d868", + "1627c2372a603ac231a8709998ab1bf1096dea2e014cadd145afcf1dc550337e", + "1be801bcfc361a65283c4e8d07d2217d35a5ba9d356496a6c4f87043fc356f58", + "21eb0a07f6cbdaa846bc90ada59c653873674d1c417e86bad60619f28ce86102", + "2c45116ab57056f76d28d7a8929f1033bfdaaaaf2bf4a443ff150d75ae2b6013", + "346a4804c4c61e3573b96fbfc1c3912087f2f68c01e4d50ba24e1e80c3aad02f" + ], + "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\OUTLOOK EXPRESS", + "value_name": null + }, + { + "hashes": [ + "0d8f3110fbd771989644939a3b0fcff866870ff88c05df7ee5a1235e4c4749f8", + "0f07c570d967fdd014a1990c6b0bddaa8d0e096841faa93f3afdc1f55779d868", + "1627c2372a603ac231a8709998ab1bf1096dea2e014cadd145afcf1dc550337e", + "1be801bcfc361a65283c4e8d07d2217d35a5ba9d356496a6c4f87043fc356f58", + "21eb0a07f6cbdaa846bc90ada59c653873674d1c417e86bad60619f28ce86102", + "2c45116ab57056f76d28d7a8929f1033bfdaaaaf2bf4a443ff150d75ae2b6013", + "346a4804c4c61e3573b96fbfc1c3912087f2f68c01e4d50ba24e1e80c3aad02f" + ], + "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\OUTLOOK EXPRESS\\5.0\\SHARED SETTINGS", + "value_name": null + }, + { + "hashes": [ + "0d8f3110fbd771989644939a3b0fcff866870ff88c05df7ee5a1235e4c4749f8", + "0f07c570d967fdd014a1990c6b0bddaa8d0e096841faa93f3afdc1f55779d868", + "1627c2372a603ac231a8709998ab1bf1096dea2e014cadd145afcf1dc550337e", + "1be801bcfc361a65283c4e8d07d2217d35a5ba9d356496a6c4f87043fc356f58", + "21eb0a07f6cbdaa846bc90ada59c653873674d1c417e86bad60619f28ce86102", + "2c45116ab57056f76d28d7a8929f1033bfdaaaaf2bf4a443ff150d75ae2b6013", + "346a4804c4c61e3573b96fbfc1c3912087f2f68c01e4d50ba24e1e80c3aad02f" + ], + "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\OUTLOOK EXPRESS\\5.0\\SHARED SETTINGS\\SETUP", + "value_name": null + }, + { + "hashes": [ + "0d8f3110fbd771989644939a3b0fcff866870ff88c05df7ee5a1235e4c4749f8", + "0f07c570d967fdd014a1990c6b0bddaa8d0e096841faa93f3afdc1f55779d868", + "1627c2372a603ac231a8709998ab1bf1096dea2e014cadd145afcf1dc550337e", + "1be801bcfc361a65283c4e8d07d2217d35a5ba9d356496a6c4f87043fc356f58", + "21eb0a07f6cbdaa846bc90ada59c653873674d1c417e86bad60619f28ce86102", + "2c45116ab57056f76d28d7a8929f1033bfdaaaaf2bf4a443ff150d75ae2b6013", + "346a4804c4c61e3573b96fbfc1c3912087f2f68c01e4d50ba24e1e80c3aad02f" + ], + "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\OUTLOOK EXPRESS\\5.0\\SHARED SETTINGS\\SETUP\\10002", + "value_name": "r\u007fdOyt" + }, + { + "hashes": [ + "2b307f42f7cf30065cce12063b3bcb8803a1e19d4aa73792f440b0f80c91fcf3", + "4c044cec574a1b83c341b25e2b3febec0955e3d8163f3ecd3c3ccfff800f0608" + ], + "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\EXPLORER\\CD BURNING\\DRIVES\\VOLUME{509D0DCA-5840-11E6-A51E-806E6F6E6963}", + "value_name": "IsImapiDataBurnSupported" + }, + { + "hashes": [ + "2b307f42f7cf30065cce12063b3bcb8803a1e19d4aa73792f440b0f80c91fcf3", + "4c044cec574a1b83c341b25e2b3febec0955e3d8163f3ecd3c3ccfff800f0608" + ], + "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\EXPLORER\\CD BURNING\\STAGINGINFO\\VOLUME{509D0DCA-5840-11E6-A51E-806E6F6E6963}", + "value_name": "DriveNumber" + }, + { + "hashes": [ + "2b307f42f7cf30065cce12063b3bcb8803a1e19d4aa73792f440b0f80c91fcf3", + "4c044cec574a1b83c341b25e2b3febec0955e3d8163f3ecd3c3ccfff800f0608" + ], + "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\EXPLORER\\CD BURNING\\STAGINGINFO\\VOLUME{509D0DCA-5840-11E6-A51E-806E6F6E6963}", + "value_name": "StagingPath" + }, + { + "hashes": [ + "2b307f42f7cf30065cce12063b3bcb8803a1e19d4aa73792f440b0f80c91fcf3", + "4c044cec574a1b83c341b25e2b3febec0955e3d8163f3ecd3c3ccfff800f0608" + ], + "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\EXPLORER\\CD BURNING\\STAGINGINFO\\VOLUME{509D0DCA-5840-11E6-A51E-806E6F6E6963}", + "value_name": "Active" + }, + { + "hashes": [ + "2b307f42f7cf30065cce12063b3bcb8803a1e19d4aa73792f440b0f80c91fcf3", + "4c044cec574a1b83c341b25e2b3febec0955e3d8163f3ecd3c3ccfff800f0608" + ], + "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\EXPLORER\\CD BURNING", + "value_name": "CD Recorder Drive" + }, + { + "hashes": [ + "2b307f42f7cf30065cce12063b3bcb8803a1e19d4aa73792f440b0f80c91fcf3", + "4c044cec574a1b83c341b25e2b3febec0955e3d8163f3ecd3c3ccfff800f0608" + ], + "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\EXPLORER\\CD BURNING\\DRIVES\\VOLUME{509D0DCA-5840-11E6-A51E-806E6F6E6963}\\CURRENT MEDIA", + "value_name": "FreeBytes" + }, + { + "hashes": [ + "2b307f42f7cf30065cce12063b3bcb8803a1e19d4aa73792f440b0f80c91fcf3", + "4c044cec574a1b83c341b25e2b3febec0955e3d8163f3ecd3c3ccfff800f0608" + ], + "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\EXPLORER\\CD BURNING\\DRIVES\\VOLUME{509D0DCA-5840-11E6-A51E-806E6F6E6963}\\CURRENT MEDIA", + "value_name": "Blank Disc" + }, + { + "hashes": [ + "2b307f42f7cf30065cce12063b3bcb8803a1e19d4aa73792f440b0f80c91fcf3", + "4c044cec574a1b83c341b25e2b3febec0955e3d8163f3ecd3c3ccfff800f0608" + ], + "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\EXPLORER\\CD BURNING\\DRIVES\\VOLUME{509D0DCA-5840-11E6-A51E-806E6F6E6963}\\CURRENT MEDIA", + "value_name": "Can Close" + }, + { + "hashes": [ + "2b307f42f7cf30065cce12063b3bcb8803a1e19d4aa73792f440b0f80c91fcf3", + "4c044cec574a1b83c341b25e2b3febec0955e3d8163f3ecd3c3ccfff800f0608" + ], + "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\EXPLORER\\CD BURNING\\DRIVES\\VOLUME{509D0DCA-5840-11E6-A51E-806E6F6E6963}\\CURRENT MEDIA", + "value_name": "Live FS" + }, + { + "hashes": [ + "2b307f42f7cf30065cce12063b3bcb8803a1e19d4aa73792f440b0f80c91fcf3", + "4c044cec574a1b83c341b25e2b3febec0955e3d8163f3ecd3c3ccfff800f0608" + ], + "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\EXPLORER\\CD BURNING\\DRIVES\\VOLUME{509D0DCA-5840-11E6-A51E-806E6F6E6963}\\CURRENT MEDIA", + "value_name": "Disc Label" + }, + { + "hashes": [ + "2b307f42f7cf30065cce12063b3bcb8803a1e19d4aa73792f440b0f80c91fcf3", + "4c044cec574a1b83c341b25e2b3febec0955e3d8163f3ecd3c3ccfff800f0608" + ], + "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\EXPLORER\\CD BURNING\\DRIVES\\VOLUME{509D0DCA-5840-11E6-A51E-806E6F6E6963}\\CURRENT MEDIA", + "value_name": "Set" + }, + { + "hashes": [ + "2b307f42f7cf30065cce12063b3bcb8803a1e19d4aa73792f440b0f80c91fcf3", + "4c044cec574a1b83c341b25e2b3febec0955e3d8163f3ecd3c3ccfff800f0608" + ], + "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\HOMEGROUP\\UISTATUSCACHE", + "value_name": "UIStatus" + }, + { + "hashes": [ + "2b307f42f7cf30065cce12063b3bcb8803a1e19d4aa73792f440b0f80c91fcf3", + "4c044cec574a1b83c341b25e2b3febec0955e3d8163f3ecd3c3ccfff800f0608" + ], + "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\ACTION CENTER\\CHECKS\\{852FB1F8-5CC6-4567-9C0E-7C330F8807C2}.CHECK.101", + "value_name": "CheckSetting" + }, + { + "hashes": [ + "2b307f42f7cf30065cce12063b3bcb8803a1e19d4aa73792f440b0f80c91fcf3", + "4c044cec574a1b83c341b25e2b3febec0955e3d8163f3ecd3c3ccfff800f0608" + ], + "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\ENUM\\PCIIDE\\IDECHANNEL\\4&A27250A&0&2", + "value_name": "CustomPropertyHwIdKey" + }, + { + "hashes": [ + "2b307f42f7cf30065cce12063b3bcb8803a1e19d4aa73792f440b0f80c91fcf3", + "4c044cec574a1b83c341b25e2b3febec0955e3d8163f3ecd3c3ccfff800f0608" + ], + "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\ENUM\\USB\\VID_46F4&PID_0001\\1-0000:00:1D.7-2", + "value_name": "CustomPropertyHwIdKey" + }, + { + "hashes": [ + "2b307f42f7cf30065cce12063b3bcb8803a1e19d4aa73792f440b0f80c91fcf3", + "4c044cec574a1b83c341b25e2b3febec0955e3d8163f3ecd3c3ccfff800f0608" + ], + "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\ENUM\\PCI\\VEN_1AF4&DEV_1001&SUBSYS_00021AF4&REV_00\\3&2411E6FE&2&18", + "value_name": "CustomPropertyHwIdKey" + }, + { + "hashes": [ + "2b307f42f7cf30065cce12063b3bcb8803a1e19d4aa73792f440b0f80c91fcf3", + "4c044cec574a1b83c341b25e2b3febec0955e3d8163f3ecd3c3ccfff800f0608" + ], + "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\SYSTEMCERTIFICATES\\AUTHROOT\\CERTIFICATES\\DAC9024F54D8F6DF94935FB1732638CA6AD77C13", + "value_name": "Blob" + }, + { + "hashes": [ + "2b307f42f7cf30065cce12063b3bcb8803a1e19d4aa73792f440b0f80c91fcf3", + "4c044cec574a1b83c341b25e2b3febec0955e3d8163f3ecd3c3ccfff800f0608" + ], + "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\EXPLORER\\SESSIONINFO\\1\\LOGONSOUNDHASBEENPLAYED", + "value_name": null + }, + { + "hashes": [ + "2b307f42f7cf30065cce12063b3bcb8803a1e19d4aa73792f440b0f80c91fcf3", + "4c044cec574a1b83c341b25e2b3febec0955e3d8163f3ecd3c3ccfff800f0608" + ], + "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\EXPLORER\\CD BURNING\\DRIVES\\VOLUME{509D0DCA-5840-11E6-A51E-806E6F6E6963}\\CURRENT MEDIA", + "value_name": null + }, + { + "hashes": [ + "2b307f42f7cf30065cce12063b3bcb8803a1e19d4aa73792f440b0f80c91fcf3", + "4c044cec574a1b83c341b25e2b3febec0955e3d8163f3ecd3c3ccfff800f0608" + ], + "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\HOMEGROUP\\UISTATUSCACHE", + "value_name": null + }, + { + "hashes": [ + "2b307f42f7cf30065cce12063b3bcb8803a1e19d4aa73792f440b0f80c91fcf3", + "4c044cec574a1b83c341b25e2b3febec0955e3d8163f3ecd3c3ccfff800f0608" + ], + "key": "<HKCU>\\SOFTWARE\\APPDATALOW\\SOFTWARE\\MICROSOFT\\D35DC52E-16C9-7DED-B8B7-AA016CDB7EC5", + "value_name": "Temp" + }, + { + "hashes": [ + "2b307f42f7cf30065cce12063b3bcb8803a1e19d4aa73792f440b0f80c91fcf3", + "4c044cec574a1b83c341b25e2b3febec0955e3d8163f3ecd3c3ccfff800f0608" + ], + "key": "<HKCU>\\SOFTWARE\\APPDATALOW\\SOFTWARE\\MICROSOFT\\D35DC52E-16C9-7DED-B8B7-AA016CDB7EC5", + "value_name": "Client" + }, + { + "hashes": [ + "2b307f42f7cf30065cce12063b3bcb8803a1e19d4aa73792f440b0f80c91fcf3", + "4c044cec574a1b83c341b25e2b3febec0955e3d8163f3ecd3c3ccfff800f0608" + ], + "key": "<HKCU>\\SOFTWARE\\APPDATALOW\\SOFTWARE\\MICROSOFT\\D35DC52E-16C9-7DED-B8B7-AA016CDB7EC5", + "value_name": null + }, + { + "hashes": [ + "2b307f42f7cf30065cce12063b3bcb8803a1e19d4aa73792f440b0f80c91fcf3", + "4c044cec574a1b83c341b25e2b3febec0955e3d8163f3ecd3c3ccfff800f0608" + ], + "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS DEFENDER\\EXCLUSIONS\\PATHS", + "value_name": "C:\\Users\\Administrator\\AppData\\Roaming\\d3d8dmrc.exe" + }, + { + "hashes": [ + "2b307f42f7cf30065cce12063b3bcb8803a1e19d4aa73792f440b0f80c91fcf3", + "4c044cec574a1b83c341b25e2b3febec0955e3d8163f3ecd3c3ccfff800f0608" + ], + "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", + "value_name": "catsdtsh" + }, + { + "hashes": [ + "2b307f42f7cf30065cce12063b3bcb8803a1e19d4aa73792f440b0f80c91fcf3", + "4c044cec574a1b83c341b25e2b3febec0955e3d8163f3ecd3c3ccfff800f0608" + ], + "key": "<HKCU>\\SOFTWARE\\APPDATALOW\\SOFTWARE\\MICROSOFT\\D35DC52E-16C9-7DED-B8B7-AA016CDB7EC5", + "value_name": "Install" + }, + { + "hashes": [ + "2b307f42f7cf30065cce12063b3bcb8803a1e19d4aa73792f440b0f80c91fcf3", + "4c044cec574a1b83c341b25e2b3febec0955e3d8163f3ecd3c3ccfff800f0608" + ], + "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\EXPLORER\\CD BURNING\\DRIVES\\VOLUME{509D0DCA-5840-11E6-A51E-806E6F6E6963}\\CURRENT MEDIA", + "value_name": "TotalBytes" + } + ] + }, + "reports_count": 25 + }, + "exprev": [ + { + "count": 14879, + "description": "A PowerShell command with a very long command line argument that may indicate an obfuscated script has been detected. PowerShell is an extensible Windows scripting language present on all versions of Windows. Malware authors use PowerShell in an attempt to evade security software or other monitoring that is not tuned to detect PowerShell based threats.", + "name": "Excessively long PowerShell command detected" + }, + { + "count": 7026, + "description": "DealPly is adware, which claims to improve your online shopping experience. It is often bundled into other legitimate installers and is difficult to uninstall. It creates pop-up advertisements and injects advertisements on webpages. Adware has also been known to download and install malware.", + "name": "Dealply adware detected" + }, + { + "count": 4405, + "description": "An attempt to exploit CVE-2019-0708 has been detected. The vulnerability, dubbed BlueKeep, is a heap memory corruption which can be triggered by sending a specially crafted Remote Desktop Protocol (RDP) request. Since this vulnerability can be triggered without authentication and allows remote code execution, it can be used by worms to spread automatically without human interaction.", + "name": "CVE-2019-0708 detected" + }, + { + "count": 1061, + "description": "Process hollowing is a technique used by some programs to avoid static analysis. In typical usage, a process is started and its obfuscated or encrypted contents are unpacked into memory. The parent then manually sets up the first stages of launching a child process, but before launching it, the memory is cleared and filled in with the memory from the parent instead.", + "name": "Process hollowing detected" + }, + { + "count": 166, + "description": "Install core is an installer which bundles legitimate applications with offers for additional third-party applications that may be unwanted. The unwanted applications are often adware that display advertising in the form of popups or by injecting into browsers and adding or altering advertisements on webpages. Adware is known to sometimes download and install malware.", + "name": "Installcore adware detected" + }, + { + "count": 158, + "description": "A process was injected into, most likely by an existing Kovter infection. Kovter is a click fraud Trojan that can also act as an information stealer. Kovter is also file-less malware meaning the malicious DLL is stored inside Windows registry and injected directly into memory using PowerShell. It can detect and report the usage of monitoring software such as wireshark and sandboxes to its C2. It spreads through malicious advertising and spam campaigns.", + "name": "Kovter injection detected" + }, + { + "count": 84, + "description": "Gamarue is a family of malware that can download files and steal information from an infected system. Worm variants of the Gamarue family may spread by infecting USB drives or portable hard disks that have been plugged into a compromised system.", + "name": "Gamarue malware detected" + }, + { + "count": 51, + "description": "IcedID is a banking Trojan. It uses both web browser injection and browser redirection to steal banking and/or other financial credentials and data. The features and sophistication of IcedID demonstrate the malware author's knowledge and technical skill for this kind of fraud, and suggest the authors have previous experience creating banking Trojans. IcedID has been observed being installed by Emotet or Ursnif. Systems infected with IcedID should also be scanned for additional malware infections.", + "name": "IcedID malware detected" + }, + { + "count": 29, + "description": "A process associated with Microsoft Office, such as EXCEL.exe or WINWORD.exe, has started a Windows utility such as powershell.exe or cmd.exe. This is typical behavior of malicious documents executing additional scripts. This behavior is extremely suspicious and is associated with many malware different malware campaigns and families.", + "name": "A Microsoft Office process has started a windows utility." + }, + { + "count": 22, + "description": "An exploit payload intended to connect back to an attacker controlled host using http has been detected.", + "name": "Reverse http payload detected" + }, + { + "count": 19, + "description": "Special Search Offer adware displays unwanted advertising in the form of popups or by injecting into browsers and altering advertisements on webpages. Adware has also been known to download and install malware.", + "name": "Special Search Offer adware" + }, + { + "count": 17, + "description": "Palikan is a potentially unwanted application (PUA), browser hijacker, a type of malware that most of the time does not explicitly or completely state its function or purpose. When is present on the system, it may change the default homepage, change the search engine, redirect traffic to malicious sites, install add-ons, extensions, or plug-ins, open unwanted windows or show advertising. Palikan commonly arrives as a file dropped by other malware or as a file downloaded unknowingly from a malicious site. It has also been closely associated with DealPly.", + "name": "Palikan browser hijacker detected" + }, + { + "count": 11, + "description": "Corebot is a Trojan with many capabilities found in other prominent families. It features a plugin system to enable it to load a variety of features from the C&C server at any time. Known plugins include RAT capabilities such as taking desktop screenshots, as well as being able to intercept and modify browser communications and steal data, especially data related to banking.", + "name": "Corebot malware detected" + }, + { + "count": 5, + "description": "Bluestacks adware displays unwanted advertising in the form of popups or by injecting into browsers and altering advertisements on webpages. Adware has also been known to download and install malware.", + "name": "Bluestacks adware detected" + }, + { + "count": 5, + "description": "A PowerShell command was stored in an environment variable and run. The environment variable is commonly set by a previously run script and is used as a means of evasion. This behavior is a known tactic of the Kovter and Poweliks malware families.", + "name": "PowerShell file-less infection detected" + } + ], + "info": { + "origin": "Cisco Talos Intelligence Group", + "publication_date": "2020-06-05T16:24:08+00:00", + "version": "2.1", + "warning": "As a reminder, the information provided for the following threatsin this post is non-exhaustive and current as of the date ofpublication. Additionally, please keep in mind that IOC searchingis only one part of threat hunting. Spotting a single IOC does notnecessarily indicate maliciousness. Detection and coverage for thefollowing threats is subject to updates, pending additional threator vulnerability analysis. For the most current information, pleaserefer to your Firepower Management Center, Snort.org, or ClamAV.net." + }, + "signatures": [ + "Win.Trojan.Mikey-7914350-0", + "Win.Dropper.Barys-7914367-0", + "Win.Packed.Dridex-7914375-0", + "Win.Malware.Remcos-7914589-1", + "Win.Dropper.Emotet-7916286-0", + "Win.Packed.Tofsee-7916644-0", + "Win.Dropper.Kuluoz-7929761-0", + "Win.Dropper.DarkComet-7945051-0", + "Win.Packed.Shiz-7945013-0" + ] +}