View difference between Paste ID: <a href="/ji5cpbiH">ji5cpbiH</a> and <a href="/DzsPgH9w">DzsPgH9w</a> - Pastebin.com

View difference between Paste ID: ji5cpbiH and DzsPgH9w

SHOW: | | - or go back to the newest paste.

1	-	{
1	+	{
2	-	"scanner": "IPV4 JARM Scan: Silas Cutler - Beacon Config Scan: Wade Hickey",
2	+	"scanner": "IPV4 JARM Scan: Silas Cutler - Beacon Config Scan: Wade Hickey",
3	-	"scan_date": "2020-11-25",
3	+	"scan_date": "2020-11-25",
4	-	"100.24.69.72": {
4	+	"100.24.69.72": {
5	-	"x86": {
5	+	"x86": {
6	-	"BeaconType": "8 (HTTPS)",
6	+	"BeaconType": "8 (HTTPS)",
7	-	"Port": "443",
7	+	"Port": "443",
8	-	"Polling": "30000",
8	+	"Polling": "30000",
9	-	"Jitter": "50",
9	+	"Jitter": "50",
10	-	"Maxdns": "255",
10	+	"Maxdns": "255",
11	-	"C2 Server": "one.vhy.me,/__utm.gif",
11	+	"C2 Server": "one.vhy.me,/__utm.gif",
12	-	"User Agent": "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko",
12	+	"User Agent": "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko",
13	-	"HTTP Method Path 2": "/___utm.gif",
13	+	"HTTP Method Path 2": "/___utm.gif",
14	-	"Header1": "",
14	+	"Header1": "",
15	-	"Header2": "",
15	+	"Header2": "",
16	-	"PipeName": "",
16	+	"PipeName": "",
17	-	"DNS Idle": "\\x00\\x00\\x00\\x00",
17	+	"DNS Idle": "\\x00\\x00\\x00\\x00",
18	-	"DNS Sleep": "0",
18	+	"DNS Sleep": "0",
19	-	"Method1": "GET",
19	+	"Method1": "GET",
20	-	"Method2": "POST",
20	+	"Method2": "POST",
21	-	"Spawnto_x86": "%windir%\\syswow64\\svchost.exe -k netsvcs",
21	+	"Spawnto_x86": "%windir%\\syswow64\\svchost.exe -k netsvcs",
22	-	"Spawnto_x64": "%windir%\\sysnative\\svchost.exe -k netsvcs",
22	+	"Spawnto_x64": "%windir%\\sysnative\\svchost.exe -k netsvcs",
23	-	"Proxy_AccessType": "2 (Use IE settings)"
23	+	"Proxy_AccessType": "2 (Use IE settings)"
24	-	}
24	+	}
25	-	},
25	+	},
26	-	"100.26.209.220": {
26	+	"100.26.209.220": {
27	-	"x86": {
27	+	"x86": {
28	-	"BeaconType": "8 (HTTPS)",
28	+	"BeaconType": "8 (HTTPS)",
29	-	"Port": "443",
29	+	"Port": "443",
30	-	"Polling": "60000",
30	+	"Polling": "60000",
31	-	"Jitter": "0",
31	+	"Jitter": "0",
32	-	"Maxdns": "255",
32	+	"Maxdns": "255",
33	-	"C2 Server": "cdn.az.gov,/__utm.gif,cdn.zendesk.com,/__utm.gif,cdn.atlassian.com,/__utm.gif,a1.awsstatic.com,/__utm.gif,f0.awsstatic.com,/__utm.gif",
33	+	"C2 Server": "cdn.az.gov,/__utm.gif,cdn.zendesk.com,/__utm.gif,cdn.atlassian.com,/__utm.gif,a1.awsstatic.com,/__utm.gif,f0.awsstatic.com,/__utm.gif",
34	-	"User Agent": "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) likeGecko",
34	+	"User Agent": "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) likeGecko",
35	-	"HTTP Method Path 2": "/___utm.gif",
35	+	"HTTP Method Path 2": "/___utm.gif",
36	-	"Header1": "",
36	+	"Header1": "",
37	-	"Header2": "",
37	+	"Header2": "",
38	-	"PipeName": "",
38	+	"PipeName": "",
39	-	"DNS Idle": "\\x00\\x00\\x00\\x00",
39	+	"DNS Idle": "\\x00\\x00\\x00\\x00",
40	-	"DNS Sleep": "0",
40	+	"DNS Sleep": "0",
41	-	"Method1": "GET",
41	+	"Method1": "GET",
42	-	"Method2": "POST",
42	+	"Method2": "POST",
43	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
43	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
44	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
44	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
45	-	"Proxy_AccessType": "2 (Use IE settings)"
45	+	"Proxy_AccessType": "2 (Use IE settings)"
46	-	},
46	+	},
47	-	"x64": {
47	+	"x64": {
48	-	"BeaconType": "8 (HTTPS)",
48	+	"BeaconType": "8 (HTTPS)",
49	-	"Port": "443",
49	+	"Port": "443",
50	-	"Polling": "60000",
50	+	"Polling": "60000",
51	-	"Jitter": "0",
51	+	"Jitter": "0",
52	-	"Maxdns": "255",
52	+	"Maxdns": "255",
53	-	"C2 Server": "cdn.az.gov,/__utm.gif,cdn.zendesk.com,/__utm.gif,cdn.atlassian.com,/__utm.gif,a1.awsstatic.com,/__utm.gif,f0.awsstatic.com,/__utm.gif",
53	+	"C2 Server": "cdn.az.gov,/__utm.gif,cdn.zendesk.com,/__utm.gif,cdn.atlassian.com,/__utm.gif,a1.awsstatic.com,/__utm.gif,f0.awsstatic.com,/__utm.gif",
54	-	"User Agent": "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) likeGecko",
54	+	"User Agent": "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) likeGecko",
55	-	"HTTP Method Path 2": "/___utm.gif",
55	+	"HTTP Method Path 2": "/___utm.gif",
56	-	"Header1": "",
56	+	"Header1": "",
57	-	"Header2": "",
57	+	"Header2": "",
58	-	"PipeName": "",
58	+	"PipeName": "",
59	-	"DNS Idle": "\\x00\\x00\\x00\\x00",
59	+	"DNS Idle": "\\x00\\x00\\x00\\x00",
60	-	"DNS Sleep": "0",
60	+	"DNS Sleep": "0",
61	-	"Method1": "GET",
61	+	"Method1": "GET",
62	-	"Method2": "POST",
62	+	"Method2": "POST",
63	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
63	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
64	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
64	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
65	-	"Proxy_AccessType": "2 (Use IE settings)"
65	+	"Proxy_AccessType": "2 (Use IE settings)"
66	-	}
66	+	}
67	-	},
67	+	},
68	-	"103.106.65.251": {
68	+	"103.106.65.251": {
69	-	"x86": {
69	+	"x86": {
70	-	"BeaconType": "8 (HTTPS)",
70	+	"BeaconType": "8 (HTTPS)",
71	-	"Port": "443",
71	+	"Port": "443",
72	-	"Polling": "60000",
72	+	"Polling": "60000",
73	-	"Jitter": "0",
73	+	"Jitter": "0",
74	-	"C2 Server": "103.106.65.251,/IE9CompatViewList.xml",
74	+	"C2 Server": "103.106.65.251,/IE9CompatViewList.xml",
75	-	"HTTP Method Path 2": "/submit.php",
75	+	"HTTP Method Path 2": "/submit.php",
76	-	"Method1": "GET",
76	+	"Method1": "GET",
77	-	"Method2": "POST",
77	+	"Method2": "POST",
78	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
78	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
79	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
79	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
80	-	"Proxy_AccessType": "2 (Use IE settings)"
80	+	"Proxy_AccessType": "2 (Use IE settings)"
81	-	}
81	+	}
82	-	},
82	+	},
83	-	"103.126.6.149": {
83	+	"103.126.6.149": {
84	-	"x86": {
84	+	"x86": {
85	-	"BeaconType": "8 (HTTPS)",
85	+	"BeaconType": "8 (HTTPS)",
86	-	"Port": "443",
86	+	"Port": "443",
87	-	"Polling": "45000",
87	+	"Polling": "45000",
88	-	"Jitter": "37",
88	+	"Jitter": "37",
89	-	"Maxdns": "255",
89	+	"Maxdns": "255",
90	-	"C2 Server": "103.126.6.149,/jquery-3.3.1.min.js",
90	+	"C2 Server": "103.126.6.149,/jquery-3.3.1.min.js",
91	-	"User Agent": "Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko",
91	+	"User Agent": "Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko",
92	-	"HTTP Method Path 2": "/jquery-3.3.2.min.js",
92	+	"HTTP Method Path 2": "/jquery-3.3.2.min.js",
93	-	"Header1": "",
93	+	"Header1": "",
94	-	"Header2": "",
94	+	"Header2": "",
95	-	"PipeName": "",
95	+	"PipeName": "",
96	-	"DNS Idle": "J}\\xC4q",
96	+	"DNS Idle": "J}\\xC4q",
97	-	"DNS Sleep": "0",
97	+	"DNS Sleep": "0",
98	-	"Method1": "GET",
98	+	"Method1": "GET",
99	-	"Method2": "POST",
99	+	"Method2": "POST",
100	-	"Spawnto_x86": "%windir%\\syswow64\\dllhost.exe",
100	+	"Spawnto_x86": "%windir%\\syswow64\\dllhost.exe",
101	-	"Spawnto_x64": "%windir%\\sysnative\\dllhost.exe",
101	+	"Spawnto_x64": "%windir%\\sysnative\\dllhost.exe",
102	-	"Proxy_AccessType": "2 (Use IE settings)"
102	+	"Proxy_AccessType": "2 (Use IE settings)"
103	-	}
103	+	}
104	-	},
104	+	},
105	-	"103.254.75.240": {
105	+	"103.254.75.240": {
106	-	"x86": {
106	+	"x86": {
107	-	"BeaconType": "8 (HTTPS)",
107	+	"BeaconType": "8 (HTTPS)",
108	-	"Port": "443",
108	+	"Port": "443",
109	-	"Polling": "60000",
109	+	"Polling": "60000",
110	-	"Jitter": "0",
110	+	"Jitter": "0",
111	-	"Maxdns": "255",
111	+	"Maxdns": "255",
112	-	"C2 Server": "103.254.75.240,/load",
112	+	"C2 Server": "103.254.75.240,/load",
113	-	"User Agent": "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322)",
113	+	"User Agent": "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322)",
114	-	"HTTP Method Path 2": "/submit.php",
114	+	"HTTP Method Path 2": "/submit.php",
115	-	"Header1": "",
115	+	"Header1": "",
116	-	"Header2": "",
116	+	"Header2": "",
117	-	"PipeName": "",
117	+	"PipeName": "",
118	-	"DNS Idle": "\\x00\\x00\\x00\\x00",
118	+	"DNS Idle": "\\x00\\x00\\x00\\x00",
119	-	"DNS Sleep": "0",
119	+	"DNS Sleep": "0",
120	-	"Method1": "GET",
120	+	"Method1": "GET",
121	-	"Method2": "POST",
121	+	"Method2": "POST",
122	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
122	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
123	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
123	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
124	-	"Proxy_AccessType": "2 (Use IE settings)"
124	+	"Proxy_AccessType": "2 (Use IE settings)"
125	-	},
125	+	},
126	-	"x64": {
126	+	"x64": {
127	-	"BeaconType": "8 (HTTPS)",
127	+	"BeaconType": "8 (HTTPS)",
128	-	"Port": "443",
128	+	"Port": "443",
129	-	"Polling": "60000",
129	+	"Polling": "60000",
130	-	"Jitter": "0",
130	+	"Jitter": "0",
131	-	"Maxdns": "255",
131	+	"Maxdns": "255",
132	-	"C2 Server": "103.254.75.240,/__utm.gif",
132	+	"C2 Server": "103.254.75.240,/__utm.gif",
133	-	"User Agent": "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0)",
133	+	"User Agent": "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0)",
134	-	"HTTP Method Path 2": "/submit.php",
134	+	"HTTP Method Path 2": "/submit.php",
135	-	"Header1": "",
135	+	"Header1": "",
136	-	"Header2": "",
136	+	"Header2": "",
137	-	"PipeName": "",
137	+	"PipeName": "",
138	-	"DNS Idle": "\\x00\\x00\\x00\\x00",
138	+	"DNS Idle": "\\x00\\x00\\x00\\x00",
139	-	"DNS Sleep": "0",
139	+	"DNS Sleep": "0",
140	-	"Method1": "GET",
140	+	"Method1": "GET",
141	-	"Method2": "POST",
141	+	"Method2": "POST",
142	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
142	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
143	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
143	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
144	-	"Proxy_AccessType": "2 (Use IE settings)"
144	+	"Proxy_AccessType": "2 (Use IE settings)"
145	-	}
145	+	}
146	-	},
146	+	},
147	-	"103.39.18.161": {
147	+	"103.39.18.161": {
148	-	"x86": {
148	+	"x86": {
149	-	"BeaconType": "8 (HTTPS)",
149	+	"BeaconType": "8 (HTTPS)",
150	-	"Port": "443",
150	+	"Port": "443",
151	-	"Polling": "60000",
151	+	"Polling": "60000",
152	-	"Jitter": "15",
152	+	"Jitter": "15",
153	-	"Maxdns": "255",
153	+	"Maxdns": "255",
154	-	"C2 Server": "156.226.191.234,/_/scs/mail-static/_/js/,djiqowenlsakdj.com,/_/scs/mail-static/_/js/",
154	+	"C2 Server": "156.226.191.234,/_/scs/mail-static/_/js/,djiqowenlsakdj.com,/_/scs/mail-static/_/js/",
155	-	"User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MALCJS)",
155	+	"User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MALCJS)",
156	-	"HTTP Method Path 2": "/mail/u/0/",
156	+	"HTTP Method Path 2": "/mail/u/0/",
157	-	"Header1": "",
157	+	"Header1": "",
158	-	"Header2": "",
158	+	"Header2": "",
159	-	"PipeName": "",
159	+	"PipeName": "",
160	-	"DNS Idle": "\\x08\\x08\\x04\\x04",
160	+	"DNS Idle": "\\x08\\x08\\x04\\x04",
161	-	"DNS Sleep": "0",
161	+	"DNS Sleep": "0",
162	-	"Method1": "GET",
162	+	"Method1": "GET",
163	-	"Method2": "POST",
163	+	"Method2": "POST",
164	-	"Spawnto_x86": "%windir%\\syswow64\\notepad.exe",
164	+	"Spawnto_x86": "%windir%\\syswow64\\notepad.exe",
165	-	"Spawnto_x64": "%windir%\\sysnative\\notepad.exe",
165	+	"Spawnto_x64": "%windir%\\sysnative\\notepad.exe",
166	-	"Proxy_AccessType": "2 (Use IE settings)"
166	+	"Proxy_AccessType": "2 (Use IE settings)"
167	-	}
167	+	}
168	-	},
168	+	},
169	-	"103.39.18.162": {
169	+	"103.39.18.162": {
170	-	"x86": {
170	+	"x86": {
171	-	"BeaconType": "8 (HTTPS)",
171	+	"BeaconType": "8 (HTTPS)",
172	-	"Port": "443",
172	+	"Port": "443",
173	-	"Polling": "60000",
173	+	"Polling": "60000",
174	-	"Jitter": "15",
174	+	"Jitter": "15",
175	-	"Maxdns": "255",
175	+	"Maxdns": "255",
176	-	"C2 Server": "156.226.191.234,/_/scs/mail-static/_/js/,djiqowenlsakdj.com,/_/scs/mail-static/_/js/",
176	+	"C2 Server": "156.226.191.234,/_/scs/mail-static/_/js/,djiqowenlsakdj.com,/_/scs/mail-static/_/js/",
177	-	"User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MALCJS)",
177	+	"User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MALCJS)",
178	-	"HTTP Method Path 2": "/mail/u/0/",
178	+	"HTTP Method Path 2": "/mail/u/0/",
179	-	"Header1": "",
179	+	"Header1": "",
180	-	"Header2": "",
180	+	"Header2": "",
181	-	"PipeName": "",
181	+	"PipeName": "",
182	-	"DNS Idle": "\\x08\\x08\\x04\\x04",
182	+	"DNS Idle": "\\x08\\x08\\x04\\x04",
183	-	"DNS Sleep": "0",
183	+	"DNS Sleep": "0",
184	-	"Method1": "GET",
184	+	"Method1": "GET",
185	-	"Method2": "POST",
185	+	"Method2": "POST",
186	-	"Spawnto_x86": "%windir%\\syswow64\\notepad.exe",
186	+	"Spawnto_x86": "%windir%\\syswow64\\notepad.exe",
187	-	"Spawnto_x64": "%windir%\\sysnative\\notepad.exe",
187	+	"Spawnto_x64": "%windir%\\sysnative\\notepad.exe",
188	-	"Proxy_AccessType": "2 (Use IE settings)"
188	+	"Proxy_AccessType": "2 (Use IE settings)"
189	-	},
189	+	},
190	-	"x64": {
190	+	"x64": {
191	-	"BeaconType": "8 (HTTPS)",
191	+	"BeaconType": "8 (HTTPS)",
192	-	"Port": "443",
192	+	"Port": "443",
193	-	"Polling": "60000",
193	+	"Polling": "60000",
194	-	"Jitter": "15",
194	+	"Jitter": "15",
195	-	"Maxdns": "255",
195	+	"Maxdns": "255",
196	-	"C2 Server": "156.226.191.234,/_/scs/mail-static/_/js/,djiqowenlsakdj.com,/_/scs/mail-static/_/js/",
196	+	"C2 Server": "156.226.191.234,/_/scs/mail-static/_/js/,djiqowenlsakdj.com,/_/scs/mail-static/_/js/",
197	-	"User Agent": "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; QQDownload 733; .NET CLR 2.0.50727)",
197	+	"User Agent": "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; QQDownload 733; .NET CLR 2.0.50727)",
198	-	"HTTP Method Path 2": "/mail/u/0/",
198	+	"HTTP Method Path 2": "/mail/u/0/",
199	-	"Header1": "",
199	+	"Header1": "",
200	-	"Header2": "",
200	+	"Header2": "",
201	-	"PipeName": "",
201	+	"PipeName": "",
202	-	"DNS Idle": "\\x08\\x08\\x04\\x04",
202	+	"DNS Idle": "\\x08\\x08\\x04\\x04",
203	-	"DNS Sleep": "0",
203	+	"DNS Sleep": "0",
204	-	"Method1": "GET",
204	+	"Method1": "GET",
205	-	"Method2": "POST",
205	+	"Method2": "POST",
206	-	"Spawnto_x86": "%windir%\\syswow64\\notepad.exe",
206	+	"Spawnto_x86": "%windir%\\syswow64\\notepad.exe",
207	-	"Spawnto_x64": "%windir%\\sysnative\\notepad.exe",
207	+	"Spawnto_x64": "%windir%\\sysnative\\notepad.exe",
208	-	"Proxy_AccessType": "2 (Use IE settings)"
208	+	"Proxy_AccessType": "2 (Use IE settings)"
209	-	}
209	+	}
210	-	},
210	+	},
211	-	"103.39.18.163": {
211	+	"103.39.18.163": {
212	-	"x86": {
212	+	"x86": {
213	-	"BeaconType": "8 (HTTPS)",
213	+	"BeaconType": "8 (HTTPS)",
214	-	"Port": "443",
214	+	"Port": "443",
215	-	"Polling": "60000",
215	+	"Polling": "60000",
216	-	"Jitter": "15",
216	+	"Jitter": "15",
217	-	"Maxdns": "255",
217	+	"Maxdns": "255",
218	-	"C2 Server": "156.226.191.234,/_/scs/mail-static/_/js/,djiqowenlsakdj.com,/_/scs/mail-static/_/js/",
218	+	"C2 Server": "156.226.191.234,/_/scs/mail-static/_/js/,djiqowenlsakdj.com,/_/scs/mail-static/_/js/",
219	-	"User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MALCJS)",
219	+	"User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MALCJS)",
220	-	"HTTP Method Path 2": "/mail/u/0/",
220	+	"HTTP Method Path 2": "/mail/u/0/",
221	-	"Header1": "",
221	+	"Header1": "",
222	-	"Header2": "",
222	+	"Header2": "",
223	-	"PipeName": "",
223	+	"PipeName": "",
224	-	"DNS Idle": "\\x08\\x08\\x04\\x04",
224	+	"DNS Idle": "\\x08\\x08\\x04\\x04",
225	-	"DNS Sleep": "0",
225	+	"DNS Sleep": "0",
226	-	"Method1": "GET",
226	+	"Method1": "GET",
227	-	"Method2": "POST",
227	+	"Method2": "POST",
228	-	"Spawnto_x86": "%windir%\\syswow64\\notepad.exe",
228	+	"Spawnto_x86": "%windir%\\syswow64\\notepad.exe",
229	-	"Spawnto_x64": "%windir%\\sysnative\\notepad.exe",
229	+	"Spawnto_x64": "%windir%\\sysnative\\notepad.exe",
230	-	"Proxy_AccessType": "2 (Use IE settings)"
230	+	"Proxy_AccessType": "2 (Use IE settings)"
231	-	}
231	+	}
232	-	},
232	+	},
233	-	"103.39.18.165": {
233	+	"103.39.18.165": {
234	-	"x86": {
234	+	"x86": {
235	-	"BeaconType": "8 (HTTPS)",
235	+	"BeaconType": "8 (HTTPS)",
236	-	"Port": "443",
236	+	"Port": "443",
237	-	"Polling": "60000",
237	+	"Polling": "60000",
238	-	"Jitter": "15",
238	+	"Jitter": "15",
239	-	"Maxdns": "255",
239	+	"Maxdns": "255",
240	-	"C2 Server": "156.226.191.234,/_/scs/mail-static/_/js/,djiqowenlsakdj.com,/_/scs/mail-static/_/js/",
240	+	"C2 Server": "156.226.191.234,/_/scs/mail-static/_/js/,djiqowenlsakdj.com,/_/scs/mail-static/_/js/",
241	-	"User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MALCJS)",
241	+	"User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MALCJS)",
242	-	"HTTP Method Path 2": "/mail/u/0/",
242	+	"HTTP Method Path 2": "/mail/u/0/",
243	-	"Header1": "",
243	+	"Header1": "",
244	-	"Header2": "",
244	+	"Header2": "",
245	-	"PipeName": "",
245	+	"PipeName": "",
246	-	"DNS Idle": "\\x08\\x08\\x04\\x04",
246	+	"DNS Idle": "\\x08\\x08\\x04\\x04",
247	-	"DNS Sleep": "0",
247	+	"DNS Sleep": "0",
248	-	"Method1": "GET",
248	+	"Method1": "GET",
249	-	"Method2": "POST",
249	+	"Method2": "POST",
250	-	"Spawnto_x86": "%windir%\\syswow64\\notepad.exe",
250	+	"Spawnto_x86": "%windir%\\syswow64\\notepad.exe",
251	-	"Spawnto_x64": "%windir%\\sysnative\\notepad.exe",
251	+	"Spawnto_x64": "%windir%\\sysnative\\notepad.exe",
252	-	"Proxy_AccessType": "2 (Use IE settings)"
252	+	"Proxy_AccessType": "2 (Use IE settings)"
253	-	}
253	+	}
254	-	},
254	+	},
255	-	"103.39.18.168": {
255	+	"103.39.18.168": {
256	-	"x86": {
256	+	"x86": {
257	-	"BeaconType": "8 (HTTPS)",
257	+	"BeaconType": "8 (HTTPS)",
258	-	"Port": "443",
258	+	"Port": "443",
259	-	"Polling": "60000",
259	+	"Polling": "60000",
260	-	"Jitter": "15",
260	+	"Jitter": "15",
261	-	"Maxdns": "255",
261	+	"Maxdns": "255",
262	-	"C2 Server": "156.226.191.234,/_/scs/mail-static/_/js/,djiqowenlsakdj.com,/_/scs/mail-static/_/js/",
262	+	"C2 Server": "156.226.191.234,/_/scs/mail-static/_/js/,djiqowenlsakdj.com,/_/scs/mail-static/_/js/",
263	-	"User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MALCJS)",
263	+	"User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MALCJS)",
264	-	"HTTP Method Path 2": "/mail/u/0/",
264	+	"HTTP Method Path 2": "/mail/u/0/",
265	-	"Header1": "",
265	+	"Header1": "",
266	-	"Header2": "",
266	+	"Header2": "",
267	-	"PipeName": "",
267	+	"PipeName": "",
268	-	"DNS Idle": "\\x08\\x08\\x04\\x04",
268	+	"DNS Idle": "\\x08\\x08\\x04\\x04",
269	-	"DNS Sleep": "0",
269	+	"DNS Sleep": "0",
270	-	"Method1": "GET",
270	+	"Method1": "GET",
271	-	"Method2": "POST",
271	+	"Method2": "POST",
272	-	"Spawnto_x86": "%windir%\\syswow64\\notepad.exe",
272	+	"Spawnto_x86": "%windir%\\syswow64\\notepad.exe",
273	-	"Spawnto_x64": "%windir%\\sysnative\\notepad.exe",
273	+	"Spawnto_x64": "%windir%\\sysnative\\notepad.exe",
274	-	"Proxy_AccessType": "2 (Use IE settings)"
274	+	"Proxy_AccessType": "2 (Use IE settings)"
275	-	},
275	+	},
276	-	"x64": {
276	+	"x64": {
277	-	"BeaconType": "8 (HTTPS)",
277	+	"BeaconType": "8 (HTTPS)",
278	-	"Port": "443",
278	+	"Port": "443",
279	-	"Polling": "60000",
279	+	"Polling": "60000",
280	-	"Jitter": "15",
280	+	"Jitter": "15",
281	-	"Maxdns": "255",
281	+	"Maxdns": "255",
282	-	"C2 Server": "156.226.191.234,/_/scs/mail-static/_/js/,djiqowenlsakdj.com,/_/scs/mail-static/_/js/",
282	+	"C2 Server": "156.226.191.234,/_/scs/mail-static/_/js/,djiqowenlsakdj.com,/_/scs/mail-static/_/js/",
283	-	"User Agent": "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; QQDownload 733; .NET CLR 2.0.50727)",
283	+	"User Agent": "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; QQDownload 733; .NET CLR 2.0.50727)",
284	-	"HTTP Method Path 2": "/mail/u/0/",
284	+	"HTTP Method Path 2": "/mail/u/0/",
285	-	"Header1": "",
285	+	"Header1": "",
286	-	"Header2": "",
286	+	"Header2": "",
287	-	"PipeName": "",
287	+	"PipeName": "",
288	-	"DNS Idle": "\\x08\\x08\\x04\\x04",
288	+	"DNS Idle": "\\x08\\x08\\x04\\x04",
289	-	"DNS Sleep": "0",
289	+	"DNS Sleep": "0",
290	-	"Method1": "GET",
290	+	"Method1": "GET",
291	-	"Method2": "POST",
291	+	"Method2": "POST",
292	-	"Spawnto_x86": "%windir%\\syswow64\\notepad.exe",
292	+	"Spawnto_x86": "%windir%\\syswow64\\notepad.exe",
293	-	"Spawnto_x64": "%windir%\\sysnative\\notepad.exe",
293	+	"Spawnto_x64": "%windir%\\sysnative\\notepad.exe",
294	-	"Proxy_AccessType": "2 (Use IE settings)"
294	+	"Proxy_AccessType": "2 (Use IE settings)"
295	-	}
295	+	}
296	-	},
296	+	},
297	-	"103.39.18.170": {
297	+	"103.39.18.170": {
298	-	"x64": {
298	+	"x64": {
299	-	"BeaconType": "8 (HTTPS)",
299	+	"BeaconType": "8 (HTTPS)",
300	-	"Port": "443",
300	+	"Port": "443",
301	-	"Polling": "60000",
301	+	"Polling": "60000",
302	-	"Jitter": "15",
302	+	"Jitter": "15",
303	-	"Maxdns": "255",
303	+	"Maxdns": "255",
304	-	"C2 Server": "156.226.191.234,/_/scs/mail-static/_/js/,djiqowenlsakdj.com,/_/scs/mail-static/_/js/",
304	+	"C2 Server": "156.226.191.234,/_/scs/mail-static/_/js/,djiqowenlsakdj.com,/_/scs/mail-static/_/js/",
305	-	"User Agent": "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; QQDownload 733; .NET CLR 2.0.50727)",
305	+	"User Agent": "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; QQDownload 733; .NET CLR 2.0.50727)",
306	-	"HTTP Method Path 2": "/mail/u/0/",
306	+	"HTTP Method Path 2": "/mail/u/0/",
307	-	"Header1": "",
307	+	"Header1": "",
308	-	"Header2": "",
308	+	"Header2": "",
309	-	"PipeName": "",
309	+	"PipeName": "",
310	-	"DNS Idle": "\\x08\\x08\\x04\\x04",
310	+	"DNS Idle": "\\x08\\x08\\x04\\x04",
311	-	"DNS Sleep": "0",
311	+	"DNS Sleep": "0",
312	-	"Method1": "GET",
312	+	"Method1": "GET",
313	-	"Method2": "POST",
313	+	"Method2": "POST",
314	-	"Spawnto_x86": "%windir%\\syswow64\\notepad.exe",
314	+	"Spawnto_x86": "%windir%\\syswow64\\notepad.exe",
315	-	"Spawnto_x64": "%windir%\\sysnative\\notepad.exe",
315	+	"Spawnto_x64": "%windir%\\sysnative\\notepad.exe",
316	-	"Proxy_AccessType": "2 (Use IE settings)"
316	+	"Proxy_AccessType": "2 (Use IE settings)"
317	-	}
317	+	}
318	-	},
318	+	},
319	-	"103.39.18.171": {
319	+	"103.39.18.171": {
320	-	"x86": {
320	+	"x86": {
321	-	"BeaconType": "8 (HTTPS)",
321	+	"BeaconType": "8 (HTTPS)",
322	-	"Port": "443",
322	+	"Port": "443",
323	-	"Polling": "60000",
323	+	"Polling": "60000",
324	-	"Jitter": "15",
324	+	"Jitter": "15",
325	-	"Maxdns": "255",
325	+	"Maxdns": "255",
326	-	"C2 Server": "156.226.191.234,/_/scs/mail-static/_/js/,djiqowenlsakdj.com,/_/scs/mail-static/_/js/",
326	+	"C2 Server": "156.226.191.234,/_/scs/mail-static/_/js/,djiqowenlsakdj.com,/_/scs/mail-static/_/js/",
327	-	"User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MALCJS)",
327	+	"User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MALCJS)",
328	-	"HTTP Method Path 2": "/mail/u/0/",
328	+	"HTTP Method Path 2": "/mail/u/0/",
329	-	"Header1": "",
329	+	"Header1": "",
330	-	"Header2": "",
330	+	"Header2": "",
331	-	"PipeName": "",
331	+	"PipeName": "",
332	-	"DNS Idle": "\\x08\\x08\\x04\\x04",
332	+	"DNS Idle": "\\x08\\x08\\x04\\x04",
333	-	"DNS Sleep": "0",
333	+	"DNS Sleep": "0",
334	-	"Method1": "GET",
334	+	"Method1": "GET",
335	-	"Method2": "POST",
335	+	"Method2": "POST",
336	-	"Spawnto_x86": "%windir%\\syswow64\\notepad.exe",
336	+	"Spawnto_x86": "%windir%\\syswow64\\notepad.exe",
337	-	"Spawnto_x64": "%windir%\\sysnative\\notepad.exe",
337	+	"Spawnto_x64": "%windir%\\sysnative\\notepad.exe",
338	-	"Proxy_AccessType": "2 (Use IE settings)"
338	+	"Proxy_AccessType": "2 (Use IE settings)"
339	-	},
339	+	},
340	-	"x64": {
340	+	"x64": {
341	-	"BeaconType": "8 (HTTPS)",
341	+	"BeaconType": "8 (HTTPS)",
342	-	"Port": "443",
342	+	"Port": "443",
343	-	"Polling": "60000",
343	+	"Polling": "60000",
344	-	"Jitter": "15",
344	+	"Jitter": "15",
345	-	"Maxdns": "255",
345	+	"Maxdns": "255",
346	-	"C2 Server": "156.226.191.234,/_/scs/mail-static/_/js/,djiqowenlsakdj.com,/_/scs/mail-static/_/js/",
346	+	"C2 Server": "156.226.191.234,/_/scs/mail-static/_/js/,djiqowenlsakdj.com,/_/scs/mail-static/_/js/",
347	-	"User Agent": "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; QQDownload 733; .NET CLR 2.0.50727)",
347	+	"User Agent": "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; QQDownload 733; .NET CLR 2.0.50727)",
348	-	"HTTP Method Path 2": "/mail/u/0/",
348	+	"HTTP Method Path 2": "/mail/u/0/",
349	-	"Header1": "",
349	+	"Header1": "",
350	-	"Header2": "",
350	+	"Header2": "",
351	-	"PipeName": "",
351	+	"PipeName": "",
352	-	"DNS Idle": "\\x08\\x08\\x04\\x04",
352	+	"DNS Idle": "\\x08\\x08\\x04\\x04",
353	-	"DNS Sleep": "0",
353	+	"DNS Sleep": "0",
354	-	"Method1": "GET",
354	+	"Method1": "GET",
355	-	"Method2": "POST",
355	+	"Method2": "POST",
356	-	"Spawnto_x86": "%windir%\\syswow64\\notepad.exe",
356	+	"Spawnto_x86": "%windir%\\syswow64\\notepad.exe",
357	-	"Spawnto_x64": "%windir%\\sysnative\\notepad.exe",
357	+	"Spawnto_x64": "%windir%\\sysnative\\notepad.exe",
358	-	"Proxy_AccessType": "2 (Use IE settings)"
358	+	"Proxy_AccessType": "2 (Use IE settings)"
359	-	}
359	+	}
360	-	},
360	+	},
361	-	"103.39.18.173": {
361	+	"103.39.18.173": {
362	-	"x86": {
362	+	"x86": {
363	-	"BeaconType": "8 (HTTPS)",
363	+	"BeaconType": "8 (HTTPS)",
364	-	"Port": "443",
364	+	"Port": "443",
365	-	"Polling": "60000",
365	+	"Polling": "60000",
366	-	"Jitter": "15",
366	+	"Jitter": "15",
367	-	"Maxdns": "255",
367	+	"Maxdns": "255",
368	-	"C2 Server": "156.226.191.234,/_/scs/mail-static/_/js/,djiqowenlsakdj.com,/_/scs/mail-static/_/js/",
368	+	"C2 Server": "156.226.191.234,/_/scs/mail-static/_/js/,djiqowenlsakdj.com,/_/scs/mail-static/_/js/",
369	-	"User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MALCJS)",
369	+	"User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MALCJS)",
370	-	"HTTP Method Path 2": "/mail/u/0/",
370	+	"HTTP Method Path 2": "/mail/u/0/",
371	-	"Header1": "",
371	+	"Header1": "",
372	-	"Header2": "",
372	+	"Header2": "",
373	-	"PipeName": "",
373	+	"PipeName": "",
374	-	"DNS Idle": "\\x08\\x08\\x04\\x04",
374	+	"DNS Idle": "\\x08\\x08\\x04\\x04",
375	-	"DNS Sleep": "0",
375	+	"DNS Sleep": "0",
376	-	"Method1": "GET",
376	+	"Method1": "GET",
377	-	"Method2": "POST",
377	+	"Method2": "POST",
378	-	"Spawnto_x86": "%windir%\\syswow64\\notepad.exe",
378	+	"Spawnto_x86": "%windir%\\syswow64\\notepad.exe",
379	-	"Spawnto_x64": "%windir%\\sysnative\\notepad.exe",
379	+	"Spawnto_x64": "%windir%\\sysnative\\notepad.exe",
380	-	"Proxy_AccessType": "2 (Use IE settings)"
380	+	"Proxy_AccessType": "2 (Use IE settings)"
381	-	}
381	+	}
382	-	},
382	+	},
383	-	"103.39.18.176": {
383	+	"103.39.18.176": {
384	-	"x86": {
384	+	"x86": {
385	-	"BeaconType": "8 (HTTPS)",
385	+	"BeaconType": "8 (HTTPS)",
386	-	"Port": "443",
386	+	"Port": "443",
387	-	"Polling": "60000",
387	+	"Polling": "60000",
388	-	"Jitter": "15",
388	+	"Jitter": "15",
389	-	"Maxdns": "255",
389	+	"Maxdns": "255",
390	-	"C2 Server": "156.226.191.234,/_/scs/mail-static/_/js/,djiqowenlsakdj.com,/_/scs/mail-static/_/js/",
390	+	"C2 Server": "156.226.191.234,/_/scs/mail-static/_/js/,djiqowenlsakdj.com,/_/scs/mail-static/_/js/",
391	-	"User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MALCJS)",
391	+	"User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MALCJS)",
392	-	"HTTP Method Path 2": "/mail/u/0/",
392	+	"HTTP Method Path 2": "/mail/u/0/",
393	-	"Header1": "",
393	+	"Header1": "",
394	-	"Header2": "",
394	+	"Header2": "",
395	-	"PipeName": "",
395	+	"PipeName": "",
396	-	"DNS Idle": "\\x08\\x08\\x04\\x04",
396	+	"DNS Idle": "\\x08\\x08\\x04\\x04",
397	-	"DNS Sleep": "0",
397	+	"DNS Sleep": "0",
398	-	"Method1": "GET",
398	+	"Method1": "GET",
399	-	"Method2": "POST",
399	+	"Method2": "POST",
400	-	"Spawnto_x86": "%windir%\\syswow64\\notepad.exe",
400	+	"Spawnto_x86": "%windir%\\syswow64\\notepad.exe",
401	-	"Spawnto_x64": "%windir%\\sysnative\\notepad.exe",
401	+	"Spawnto_x64": "%windir%\\sysnative\\notepad.exe",
402	-	"Proxy_AccessType": "2 (Use IE settings)"
402	+	"Proxy_AccessType": "2 (Use IE settings)"
403	-	},
403	+	},
404	-	"x64": {
404	+	"x64": {
405	-	"BeaconType": "8 (HTTPS)",
405	+	"BeaconType": "8 (HTTPS)",
406	-	"Port": "443",
406	+	"Port": "443",
407	-	"Polling": "60000",
407	+	"Polling": "60000",
408	-	"Jitter": "15",
408	+	"Jitter": "15",
409	-	"Maxdns": "255",
409	+	"Maxdns": "255",
410	-	"C2 Server": "156.226.191.234,/_/scs/mail-static/_/js/,djiqowenlsakdj.com,/_/scs/mail-static/_/js/",
410	+	"C2 Server": "156.226.191.234,/_/scs/mail-static/_/js/,djiqowenlsakdj.com,/_/scs/mail-static/_/js/",
411	-	"User Agent": "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; QQDownload 733; .NET CLR 2.0.50727)",
411	+	"User Agent": "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; QQDownload 733; .NET CLR 2.0.50727)",
412	-	"HTTP Method Path 2": "/mail/u/0/",
412	+	"HTTP Method Path 2": "/mail/u/0/",
413	-	"Header1": "",
413	+	"Header1": "",
414	-	"Header2": "",
414	+	"Header2": "",
415	-	"PipeName": "",
415	+	"PipeName": "",
416	-	"DNS Idle": "\\x08\\x08\\x04\\x04",
416	+	"DNS Idle": "\\x08\\x08\\x04\\x04",
417	-	"DNS Sleep": "0",
417	+	"DNS Sleep": "0",
418	-	"Method1": "GET",
418	+	"Method1": "GET",
419	-	"Method2": "POST",
419	+	"Method2": "POST",
420	-	"Spawnto_x86": "%windir%\\syswow64\\notepad.exe",
420	+	"Spawnto_x86": "%windir%\\syswow64\\notepad.exe",
421	-	"Spawnto_x64": "%windir%\\sysnative\\notepad.exe",
421	+	"Spawnto_x64": "%windir%\\sysnative\\notepad.exe",
422	-	"Proxy_AccessType": "2 (Use IE settings)"
422	+	"Proxy_AccessType": "2 (Use IE settings)"
423	-	}
423	+	}
424	-	},
424	+	},
425	-	"103.39.18.180": {
425	+	"103.39.18.180": {
426	-	"x86": {
426	+	"x86": {
427	-	"BeaconType": "8 (HTTPS)",
427	+	"BeaconType": "8 (HTTPS)",
428	-	"Port": "443",
428	+	"Port": "443",
429	-	"Polling": "60000",
429	+	"Polling": "60000",
430	-	"Jitter": "15",
430	+	"Jitter": "15",
431	-	"Maxdns": "255",
431	+	"Maxdns": "255",
432	-	"C2 Server": "156.226.191.234,/_/scs/mail-static/_/js/,djiqowenlsakdj.com,/_/scs/mail-static/_/js/",
432	+	"C2 Server": "156.226.191.234,/_/scs/mail-static/_/js/,djiqowenlsakdj.com,/_/scs/mail-static/_/js/",
433	-	"User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MALCJS)",
433	+	"User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MALCJS)",
434	-	"HTTP Method Path 2": "/mail/u/0/",
434	+	"HTTP Method Path 2": "/mail/u/0/",
435	-	"Header1": "",
435	+	"Header1": "",
436	-	"Header2": "",
436	+	"Header2": "",
437	-	"PipeName": "",
437	+	"PipeName": "",
438	-	"DNS Idle": "\\x08\\x08\\x04\\x04",
438	+	"DNS Idle": "\\x08\\x08\\x04\\x04",
439	-	"DNS Sleep": "0",
439	+	"DNS Sleep": "0",
440	-	"Method1": "GET",
440	+	"Method1": "GET",
441	-	"Method2": "POST",
441	+	"Method2": "POST",
442	-	"Spawnto_x86": "%windir%\\syswow64\\notepad.exe",
442	+	"Spawnto_x86": "%windir%\\syswow64\\notepad.exe",
443	-	"Spawnto_x64": "%windir%\\sysnative\\notepad.exe",
443	+	"Spawnto_x64": "%windir%\\sysnative\\notepad.exe",
444	-	"Proxy_AccessType": "2 (Use IE settings)"
444	+	"Proxy_AccessType": "2 (Use IE settings)"
445	-	}
445	+	}
446	-	},
446	+	},
447	-	"103.39.18.181": {
447	+	"103.39.18.181": {
448	-	"x86": {
448	+	"x86": {
449	-	"BeaconType": "8 (HTTPS)",
449	+	"BeaconType": "8 (HTTPS)",
450	-	"Port": "443",
450	+	"Port": "443",
451	-	"Polling": "60000",
451	+	"Polling": "60000",
452	-	"Jitter": "15",
452	+	"Jitter": "15",
453	-	"Maxdns": "255",
453	+	"Maxdns": "255",
454	-	"C2 Server": "156.226.191.234,/_/scs/mail-static/_/js/,djiqowenlsakdj.com,/_/scs/mail-static/_/js/",
454	+	"C2 Server": "156.226.191.234,/_/scs/mail-static/_/js/,djiqowenlsakdj.com,/_/scs/mail-static/_/js/",
455	-	"User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MALCJS)",
455	+	"User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MALCJS)",
456	-	"HTTP Method Path 2": "/mail/u/0/",
456	+	"HTTP Method Path 2": "/mail/u/0/",
457	-	"Header1": "",
457	+	"Header1": "",
458	-	"Header2": "",
458	+	"Header2": "",
459	-	"PipeName": "",
459	+	"PipeName": "",
460	-	"DNS Idle": "\\x08\\x08\\x04\\x04",
460	+	"DNS Idle": "\\x08\\x08\\x04\\x04",
461	-	"DNS Sleep": "0",
461	+	"DNS Sleep": "0",
462	-	"Method1": "GET",
462	+	"Method1": "GET",
463	-	"Method2": "POST",
463	+	"Method2": "POST",
464	-	"Spawnto_x86": "%windir%\\syswow64\\notepad.exe",
464	+	"Spawnto_x86": "%windir%\\syswow64\\notepad.exe",
465	-	"Spawnto_x64": "%windir%\\sysnative\\notepad.exe",
465	+	"Spawnto_x64": "%windir%\\sysnative\\notepad.exe",
466	-	"Proxy_AccessType": "2 (Use IE settings)"
466	+	"Proxy_AccessType": "2 (Use IE settings)"
467	-	}
467	+	}
468	-	},
468	+	},
469	-	"103.39.18.182": {
469	+	"103.39.18.182": {
470	-	"x86": {
470	+	"x86": {
471	-	"BeaconType": "8 (HTTPS)",
471	+	"BeaconType": "8 (HTTPS)",
472	-	"Port": "443",
472	+	"Port": "443",
473	-	"Polling": "60000",
473	+	"Polling": "60000",
474	-	"Jitter": "15",
474	+	"Jitter": "15",
475	-	"Maxdns": "255",
475	+	"Maxdns": "255",
476	-	"C2 Server": "156.226.191.234,/_/scs/mail-static/_/js/,djiqowenlsakdj.com,/_/scs/mail-static/_/js/",
476	+	"C2 Server": "156.226.191.234,/_/scs/mail-static/_/js/,djiqowenlsakdj.com,/_/scs/mail-static/_/js/",
477	-	"User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MALCJS)",
477	+	"User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MALCJS)",
478	-	"HTTP Method Path 2": "/mail/u/0/",
478	+	"HTTP Method Path 2": "/mail/u/0/",
479	-	"Header1": "",
479	+	"Header1": "",
480	-	"Header2": "",
480	+	"Header2": "",
481	-	"PipeName": "",
481	+	"PipeName": "",
482	-	"DNS Idle": "\\x08\\x08\\x04\\x04",
482	+	"DNS Idle": "\\x08\\x08\\x04\\x04",
483	-	"DNS Sleep": "0",
483	+	"DNS Sleep": "0",
484	-	"Method1": "GET",
484	+	"Method1": "GET",
485	-	"Method2": "POST",
485	+	"Method2": "POST",
486	-	"Spawnto_x86": "%windir%\\syswow64\\notepad.exe",
486	+	"Spawnto_x86": "%windir%\\syswow64\\notepad.exe",
487	-	"Spawnto_x64": "%windir%\\sysnative\\notepad.exe",
487	+	"Spawnto_x64": "%windir%\\sysnative\\notepad.exe",
488	-	"Proxy_AccessType": "2 (Use IE settings)"
488	+	"Proxy_AccessType": "2 (Use IE settings)"
489	-	}
489	+	}
490	-	},
490	+	},
491	-	"103.39.18.183": {
491	+	"103.39.18.183": {
492	-	"x86": {
492	+	"x86": {
493	-	"BeaconType": "8 (HTTPS)",
493	+	"BeaconType": "8 (HTTPS)",
494	-	"Port": "443",
494	+	"Port": "443",
495	-	"Polling": "60000",
495	+	"Polling": "60000",
496	-	"Jitter": "15",
496	+	"Jitter": "15",
497	-	"Maxdns": "255",
497	+	"Maxdns": "255",
498	-	"C2 Server": "156.226.191.234,/_/scs/mail-static/_/js/,djiqowenlsakdj.com,/_/scs/mail-static/_/js/",
498	+	"C2 Server": "156.226.191.234,/_/scs/mail-static/_/js/,djiqowenlsakdj.com,/_/scs/mail-static/_/js/",
499	-	"User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MALCJS)",
499	+	"User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MALCJS)",
500	-	"HTTP Method Path 2": "/mail/u/0/",
500	+	"HTTP Method Path 2": "/mail/u/0/",
501	-	"Header1": "",
501	+	"Header1": "",
502	-	"Header2": "",
502	+	"Header2": "",
503	-	"PipeName": "",
503	+	"PipeName": "",
504	-	"DNS Idle": "\\x08\\x08\\x04\\x04",
504	+	"DNS Idle": "\\x08\\x08\\x04\\x04",
505	-	"DNS Sleep": "0",
505	+	"DNS Sleep": "0",
506	-	"Method1": "GET",
506	+	"Method1": "GET",
507	-	"Method2": "POST",
507	+	"Method2": "POST",
508	-	"Spawnto_x86": "%windir%\\syswow64\\notepad.exe",
508	+	"Spawnto_x86": "%windir%\\syswow64\\notepad.exe",
509	-	"Spawnto_x64": "%windir%\\sysnative\\notepad.exe",
509	+	"Spawnto_x64": "%windir%\\sysnative\\notepad.exe",
510	-	"Proxy_AccessType": "2 (Use IE settings)"
510	+	"Proxy_AccessType": "2 (Use IE settings)"
511	-	}
511	+	}
512	-	},
512	+	},
513	-	"103.39.18.187": {
513	+	"103.39.18.187": {
514	-	"x86": {
514	+	"x86": {
515	-	"BeaconType": "8 (HTTPS)",
515	+	"BeaconType": "8 (HTTPS)",
516	-	"Port": "443",
516	+	"Port": "443",
517	-	"Polling": "60000",
517	+	"Polling": "60000",
518	-	"Jitter": "15",
518	+	"Jitter": "15",
519	-	"Maxdns": "255",
519	+	"Maxdns": "255",
520	-	"C2 Server": "156.226.191.234,/_/scs/mail-static/_/js/,djiqowenlsakdj.com,/_/scs/mail-static/_/js/",
520	+	"C2 Server": "156.226.191.234,/_/scs/mail-static/_/js/,djiqowenlsakdj.com,/_/scs/mail-static/_/js/",
521	-	"User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MALCJS)",
521	+	"User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MALCJS)",
522	-	"HTTP Method Path 2": "/mail/u/0/",
522	+	"HTTP Method Path 2": "/mail/u/0/",
523	-	"Header1": "",
523	+	"Header1": "",
524	-	"Header2": "",
524	+	"Header2": "",
525	-	"PipeName": "",
525	+	"PipeName": "",
526	-	"DNS Idle": "\\x08\\x08\\x04\\x04",
526	+	"DNS Idle": "\\x08\\x08\\x04\\x04",
527	-	"DNS Sleep": "0",
527	+	"DNS Sleep": "0",
528	-	"Method1": "GET",
528	+	"Method1": "GET",
529	-	"Method2": "POST",
529	+	"Method2": "POST",
530	-	"Spawnto_x86": "%windir%\\syswow64\\notepad.exe",
530	+	"Spawnto_x86": "%windir%\\syswow64\\notepad.exe",
531	-	"Spawnto_x64": "%windir%\\sysnative\\notepad.exe",
531	+	"Spawnto_x64": "%windir%\\sysnative\\notepad.exe",
532	-	"Proxy_AccessType": "2 (Use IE settings)"
532	+	"Proxy_AccessType": "2 (Use IE settings)"
533	-	}
533	+	}
534	-	},
534	+	},
535	-	"103.39.18.189": {
535	+	"103.39.18.189": {
536	-	"x86": {
536	+	"x86": {
537	-	"BeaconType": "8 (HTTPS)",
537	+	"BeaconType": "8 (HTTPS)",
538	-	"Port": "443",
538	+	"Port": "443",
539	-	"Polling": "60000",
539	+	"Polling": "60000",
540	-	"Jitter": "15",
540	+	"Jitter": "15",
541	-	"Maxdns": "255",
541	+	"Maxdns": "255",
542	-	"C2 Server": "156.226.191.234,/_/scs/mail-static/_/js/,djiqowenlsakdj.com,/_/scs/mail-static/_/js/",
542	+	"C2 Server": "156.226.191.234,/_/scs/mail-static/_/js/,djiqowenlsakdj.com,/_/scs/mail-static/_/js/",
543	-	"User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MALCJS)",
543	+	"User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MALCJS)",
544	-	"HTTP Method Path 2": "/mail/u/0/",
544	+	"HTTP Method Path 2": "/mail/u/0/",
545	-	"Header1": "",
545	+	"Header1": "",
546	-	"Header2": "",
546	+	"Header2": "",
547	-	"PipeName": "",
547	+	"PipeName": "",
548	-	"DNS Idle": "\\x08\\x08\\x04\\x04",
548	+	"DNS Idle": "\\x08\\x08\\x04\\x04",
549	-	"DNS Sleep": "0",
549	+	"DNS Sleep": "0",
550	-	"Method1": "GET",
550	+	"Method1": "GET",
551	-	"Method2": "POST",
551	+	"Method2": "POST",
552	-	"Spawnto_x86": "%windir%\\syswow64\\notepad.exe",
552	+	"Spawnto_x86": "%windir%\\syswow64\\notepad.exe",
553	-	"Spawnto_x64": "%windir%\\sysnative\\notepad.exe",
553	+	"Spawnto_x64": "%windir%\\sysnative\\notepad.exe",
554	-	"Proxy_AccessType": "2 (Use IE settings)"
554	+	"Proxy_AccessType": "2 (Use IE settings)"
555	-	}
555	+	}
556	-	},
556	+	},
557	-	"103.39.18.190": {
557	+	"103.39.18.190": {
558	-	"x86": {
558	+	"x86": {
559	-	"BeaconType": "8 (HTTPS)",
559	+	"BeaconType": "8 (HTTPS)",
560	-	"Port": "443",
560	+	"Port": "443",
561	-	"Polling": "60000",
561	+	"Polling": "60000",
562	-	"Jitter": "15",
562	+	"Jitter": "15",
563	-	"Maxdns": "255",
563	+	"Maxdns": "255",
564	-	"C2 Server": "156.226.191.234,/_/scs/mail-static/_/js/,djiqowenlsakdj.com,/_/scs/mail-static/_/js/",
564	+	"C2 Server": "156.226.191.234,/_/scs/mail-static/_/js/,djiqowenlsakdj.com,/_/scs/mail-static/_/js/",
565	-	"User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MALCJS)",
565	+	"User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MALCJS)",
566	-	"HTTP Method Path 2": "/mail/u/0/",
566	+	"HTTP Method Path 2": "/mail/u/0/",
567	-	"Header1": "",
567	+	"Header1": "",
568	-	"Header2": "",
568	+	"Header2": "",
569	-	"PipeName": "",
569	+	"PipeName": "",
570	-	"DNS Idle": "\\x08\\x08\\x04\\x04",
570	+	"DNS Idle": "\\x08\\x08\\x04\\x04",
571	-	"DNS Sleep": "0",
571	+	"DNS Sleep": "0",
572	-	"Method1": "GET",
572	+	"Method1": "GET",
573	-	"Method2": "POST",
573	+	"Method2": "POST",
574	-	"Spawnto_x86": "%windir%\\syswow64\\notepad.exe",
574	+	"Spawnto_x86": "%windir%\\syswow64\\notepad.exe",
575	-	"Spawnto_x64": "%windir%\\sysnative\\notepad.exe",
575	+	"Spawnto_x64": "%windir%\\sysnative\\notepad.exe",
576	-	"Proxy_AccessType": "2 (Use IE settings)"
576	+	"Proxy_AccessType": "2 (Use IE settings)"
577	-	}
577	+	}
578	-	},
578	+	},
579	-	"103.70.137.129": {
579	+	"103.70.137.129": {
580	-	"x86": {
580	+	"x86": {
581	-	"BeaconType": "8 (HTTPS)",
581	+	"BeaconType": "8 (HTTPS)",
582	-	"Port": "443",
582	+	"Port": "443",
583	-	"Polling": "60000",
583	+	"Polling": "60000",
584	-	"Jitter": "0",
584	+	"Jitter": "0",
585	-	"C2 Server": "45.170.251.101,/ga.js",
585	+	"C2 Server": "45.170.251.101,/ga.js",
586	-	"HTTP Method Path 2": "/submit.php",
586	+	"HTTP Method Path 2": "/submit.php",
587	-	"Method1": "GET",
587	+	"Method1": "GET",
588	-	"Method2": "POST",
588	+	"Method2": "POST",
589	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
589	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
590	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
590	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
591	-	"Proxy_AccessType": "2 (Use IE settings)"
591	+	"Proxy_AccessType": "2 (Use IE settings)"
592	-	},
592	+	},
593	-	"x64": {
593	+	"x64": {
594	-	"BeaconType": "8 (HTTPS)",
594	+	"BeaconType": "8 (HTTPS)",
595	-	"Port": "443",
595	+	"Port": "443",
596	-	"Polling": "60000",
596	+	"Polling": "60000",
597	-	"Jitter": "0",
597	+	"Jitter": "0",
598	-	"C2 Server": "45.170.251.101,/updates.rss",
598	+	"C2 Server": "45.170.251.101,/updates.rss",
599	-	"HTTP Method Path 2": "/submit.php",
599	+	"HTTP Method Path 2": "/submit.php",
600	-	"Method1": "GET",
600	+	"Method1": "GET",
601	-	"Method2": "POST",
601	+	"Method2": "POST",
602	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
602	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
603	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
603	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
604	-	"Proxy_AccessType": "2 (Use IE settings)"
604	+	"Proxy_AccessType": "2 (Use IE settings)"
605	-	}
605	+	}
606	-	},
606	+	},
607	-	"104.131.125.114": {
607	+	"104.131.125.114": {
608	-	"x64": {
608	+	"x64": {
609	-	"BeaconType": "8 (HTTPS)",
609	+	"BeaconType": "8 (HTTPS)",
610	-	"Port": "443",
610	+	"Port": "443",
611	-	"Polling": "15000",
611	+	"Polling": "15000",
612	-	"Jitter": "90",
612	+	"Jitter": "90",
613	-	"Maxdns": "225",
613	+	"Maxdns": "225",
614	-	"C2 Server": "ajax.microsoft.com,/wp-content/themes/am43-6/dist/records,amp.azure.net,/api2/json/cluster/tasks,global.asazure.windows.net,/wp-content/themes/am43-6/dist/records",
614	+	"C2 Server": "ajax.microsoft.com,/wp-content/themes/am43-6/dist/records,amp.azure.net,/api2/json/cluster/tasks,global.asazure.windows.net,/wp-content/themes/am43-6/dist/records",
615	-	"User Agent": "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko",
615	+	"User Agent": "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko",
616	-	"HTTP Method Path 2": "/ev/prd001001",
616	+	"HTTP Method Path 2": "/ev/prd001001",
617	-	"Header1": "",
617	+	"Header1": "",
618	-	"Header2": "",
618	+	"Header2": "",
619	-	"PipeName": "",
619	+	"PipeName": "",
620	-	"DNS Idle": "h\\xD8<\\x84",
620	+	"DNS Idle": "h\\xD8<\\x84",
621	-	"DNS Sleep": "0",
621	+	"DNS Sleep": "0",
622	-	"Method1": "GET",
622	+	"Method1": "GET",
623	-	"Method2": "POST",
623	+	"Method2": "POST",
624	-	"Spawnto_x86": "%windir%\\syswow64\\SearchProtocolHost.exe",
624	+	"Spawnto_x86": "%windir%\\syswow64\\SearchProtocolHost.exe",
625	-	"Spawnto_x64": "%windir%\\sysnative\\SearchProtocolHost.exe",
625	+	"Spawnto_x64": "%windir%\\sysnative\\SearchProtocolHost.exe",
626	-	"Proxy_AccessType": "2 (Use IE settings)"
626	+	"Proxy_AccessType": "2 (Use IE settings)"
627	-	}
627	+	}
628	-	},
628	+	},
629	-	"104.131.167.151": {
629	+	"104.131.167.151": {
630	-	"x86": {
630	+	"x86": {
631	-	"BeaconType": "8 (HTTPS)",
631	+	"BeaconType": "8 (HTTPS)",
632	-	"Port": "443",
632	+	"Port": "443",
633	-	"Polling": "15000",
633	+	"Polling": "15000",
634	-	"Jitter": "90",
634	+	"Jitter": "90",
635	-	"C2 Server": "ajax.microsoft.com,/v1/buckets/default/ext-5dkJ19tFufpMZjVJbsWCiqDcclDw/records",
635	+	"C2 Server": "ajax.microsoft.com,/v1/buckets/default/ext-5dkJ19tFufpMZjVJbsWCiqDcclDw/records",
636	-	"HTTP Method Path 2": "/1.5/95648064/storage/tabs",
636	+	"HTTP Method Path 2": "/1.5/95648064/storage/tabs",
637	-	"Method1": "GET",
637	+	"Method1": "GET",
638	-	"Method2": "POST",
638	+	"Method2": "POST",
639	-	"Spawnto_x86": "%windir%\\syswow64\\SearchProtocolHost.exe",
639	+	"Spawnto_x86": "%windir%\\syswow64\\SearchProtocolHost.exe",
640	-	"Spawnto_x64": "%windir%\\sysnative\\SearchProtocolHost.exe",
640	+	"Spawnto_x64": "%windir%\\sysnative\\SearchProtocolHost.exe",
641	-	"Proxy_AccessType": "2 (Use IE settings)"
641	+	"Proxy_AccessType": "2 (Use IE settings)"
642	-	},
642	+	},
643	-	"x64": {
643	+	"x64": {
644	-	"BeaconType": "8 (HTTPS)",
644	+	"BeaconType": "8 (HTTPS)",
645	-	"Port": "443",
645	+	"Port": "443",
646	-	"Polling": "15000",
646	+	"Polling": "15000",
647	-	"Jitter": "90",
647	+	"Jitter": "90",
648	-	"C2 Server": "ajax.microsoft.com,/wp-content/themes/am43-6/dist/records",
648	+	"C2 Server": "ajax.microsoft.com,/wp-content/themes/am43-6/dist/records",
649	-	"HTTP Method Path 2": "/v3/links/ping-beat/check",
649	+	"HTTP Method Path 2": "/v3/links/ping-beat/check",
650	-	"Method1": "GET",
650	+	"Method1": "GET",
651	-	"Method2": "POST",
651	+	"Method2": "POST",
652	-	"Spawnto_x86": "%windir%\\syswow64\\SearchProtocolHost.exe",
652	+	"Spawnto_x86": "%windir%\\syswow64\\SearchProtocolHost.exe",
653	-	"Spawnto_x64": "%windir%\\sysnative\\SearchProtocolHost.exe",
653	+	"Spawnto_x64": "%windir%\\sysnative\\SearchProtocolHost.exe",
654	-	"Proxy_AccessType": "2 (Use IE settings)"
654	+	"Proxy_AccessType": "2 (Use IE settings)"
655	-	}
655	+	}
656	-	},
656	+	},
657	-	"104.131.210.108": {
657	+	"104.131.210.108": {
658	-	"x86": {
658	+	"x86": {
659	-	"BeaconType": "8 (HTTPS)",
659	+	"BeaconType": "8 (HTTPS)",
660	-	"Port": "443",
660	+	"Port": "443",
661	-	"Polling": "60000",
661	+	"Polling": "60000",
662	-	"Jitter": "0",
662	+	"Jitter": "0",
663	-	"Maxdns": "255",
663	+	"Maxdns": "255",
664	-	"C2 Server": "mobilecdnprod.azureedge.net,/__utm.gif",
664	+	"C2 Server": "mobilecdnprod.azureedge.net,/__utm.gif",
665	-	"User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)",
665	+	"User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)",
666	-	"HTTP Method Path 2": "/submit.php",
666	+	"HTTP Method Path 2": "/submit.php",
667	-	"Header1": "",
667	+	"Header1": "",
668	-	"Header2": "",
668	+	"Header2": "",
669	-	"PipeName": "",
669	+	"PipeName": "",
670	-	"DNS Idle": "\\x00\\x00\\x00\\x00",
670	+	"DNS Idle": "\\x00\\x00\\x00\\x00",
671	-	"DNS Sleep": "0",
671	+	"DNS Sleep": "0",
672	-	"Method1": "GET",
672	+	"Method1": "GET",
673	-	"Method2": "POST",
673	+	"Method2": "POST",
674	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
674	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
675	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
675	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
676	-	"Proxy_AccessType": "2 (Use IE settings)"
676	+	"Proxy_AccessType": "2 (Use IE settings)"
677	-	}
677	+	}
678	-	},
678	+	},
679	-	"104.131.76.110": {
679	+	"104.131.76.110": {
680	-	"x86": {
680	+	"x86": {
681	-	"BeaconType": "8 (HTTPS)",
681	+	"BeaconType": "8 (HTTPS)",
682	-	"Port": "443",
682	+	"Port": "443",
683	-	"Polling": "15000",
683	+	"Polling": "15000",
684	-	"Jitter": "90",
684	+	"Jitter": "90",
685	-	"Maxdns": "225",
685	+	"Maxdns": "225",
686	-	"C2 Server": "ajax.microsoft.com,/api2/json/cluster/tasks",
686	+	"C2 Server": "ajax.microsoft.com,/api2/json/cluster/tasks",
687	-	"User Agent": "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko",
687	+	"User Agent": "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko",
688	-	"HTTP Method Path 2": "/v3/links/ping-beat/check",
688	+	"HTTP Method Path 2": "/v3/links/ping-beat/check",
689	-	"Header1": "",
689	+	"Header1": "",
690	-	"Header2": "",
690	+	"Header2": "",
691	-	"PipeName": "",
691	+	"PipeName": "",
692	-	"DNS Idle": "h\\xD8<\\x84",
692	+	"DNS Idle": "h\\xD8<\\x84",
693	-	"DNS Sleep": "0",
693	+	"DNS Sleep": "0",
694	-	"Method1": "GET",
694	+	"Method1": "GET",
695	-	"Method2": "POST",
695	+	"Method2": "POST",
696	-	"Spawnto_x86": "%windir%\\syswow64\\SearchProtocolHost.exe",
696	+	"Spawnto_x86": "%windir%\\syswow64\\SearchProtocolHost.exe",
697	-	"Spawnto_x64": "%windir%\\sysnative\\SearchProtocolHost.exe",
697	+	"Spawnto_x64": "%windir%\\sysnative\\SearchProtocolHost.exe",
698	-	"Proxy_AccessType": "2 (Use IE settings)"
698	+	"Proxy_AccessType": "2 (Use IE settings)"
699	-	}
699	+	}
700	-	},
700	+	},
701	-	"104.131.88.156": {
701	+	"104.131.88.156": {
702	-	"x86": {
702	+	"x86": {
703	-	"BeaconType": "8 (HTTPS)",
703	+	"BeaconType": "8 (HTTPS)",
704	-	"Port": "443",
704	+	"Port": "443",
705	-	"Polling": "15000",
705	+	"Polling": "15000",
706	-	"Jitter": "90",
706	+	"Jitter": "90",
707	-	"Maxdns": "225",
707	+	"Maxdns": "225",
708	-	"C2 Server": "wepay.com,/en-us/store/api/checkproductinwishlist",
708	+	"C2 Server": "wepay.com,/en-us/store/api/checkproductinwishlist",
709	-	"User Agent": "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko",
709	+	"User Agent": "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko",
710	-	"HTTP Method Path 2": "/u/0/_/og/botguard/get",
710	+	"HTTP Method Path 2": "/u/0/_/og/botguard/get",
711	-	"Header1": "",
711	+	"Header1": "",
712	-	"Header2": "",
712	+	"Header2": "",
713	-	"PipeName": "",
713	+	"PipeName": "",
714	-	"DNS Idle": "h\\xD8<\\x84",
714	+	"DNS Idle": "h\\xD8<\\x84",
715	-	"DNS Sleep": "0",
715	+	"DNS Sleep": "0",
716	-	"Method1": "GET",
716	+	"Method1": "GET",
717	-	"Method2": "POST",
717	+	"Method2": "POST",
718	-	"Spawnto_x86": "%windir%\\syswow64\\SearchProtocolHost.exe",
718	+	"Spawnto_x86": "%windir%\\syswow64\\SearchProtocolHost.exe",
719	-	"Spawnto_x64": "%windir%\\sysnative\\SearchProtocolHost.exe",
719	+	"Spawnto_x64": "%windir%\\sysnative\\SearchProtocolHost.exe",
720	-	"Proxy_AccessType": "2 (Use IE settings)"
720	+	"Proxy_AccessType": "2 (Use IE settings)"
721	-	},
721	+	},
722	-	"x64": {
722	+	"x64": {
723	-	"BeaconType": "8 (HTTPS)",
723	+	"BeaconType": "8 (HTTPS)",
724	-	"Port": "443",
724	+	"Port": "443",
725	-	"Polling": "15000",
725	+	"Polling": "15000",
726	-	"Jitter": "90",
726	+	"Jitter": "90",
727	-	"Maxdns": "225",
727	+	"Maxdns": "225",
728	-	"C2 Server": "wepay.com,/api2/json/access/ticket",
728	+	"C2 Server": "wepay.com,/api2/json/access/ticket",
729	-	"User Agent": "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko",
729	+	"User Agent": "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko",
730	-	"HTTP Method Path 2": "/v3/links/ping-beat/check",
730	+	"HTTP Method Path 2": "/v3/links/ping-beat/check",
731	-	"Header1": "",
731	+	"Header1": "",
732	-	"Header2": "",
732	+	"Header2": "",
733	-	"PipeName": "",
733	+	"PipeName": "",
734	-	"DNS Idle": "h\\xD8<\\x84",
734	+	"DNS Idle": "h\\xD8<\\x84",
735	-	"DNS Sleep": "0",
735	+	"DNS Sleep": "0",
736	-	"Method1": "GET",
736	+	"Method1": "GET",
737	-	"Method2": "POST",
737	+	"Method2": "POST",
738	-	"Spawnto_x86": "%windir%\\syswow64\\SearchProtocolHost.exe",
738	+	"Spawnto_x86": "%windir%\\syswow64\\SearchProtocolHost.exe",
739	-	"Spawnto_x64": "%windir%\\sysnative\\SearchProtocolHost.exe",
739	+	"Spawnto_x64": "%windir%\\sysnative\\SearchProtocolHost.exe",
740	-	"Proxy_AccessType": "2 (Use IE settings)"
740	+	"Proxy_AccessType": "2 (Use IE settings)"
741	-	}
741	+	}
742	-	},
742	+	},
743	-	"104.149.168.199": {
743	+	"104.149.168.199": {
744	-	"x86": {
744	+	"x86": {
745	-	"BeaconType": "8 (HTTPS)",
745	+	"BeaconType": "8 (HTTPS)",
746	-	"Port": "443",
746	+	"Port": "443",
747	-	"Polling": "60000",
747	+	"Polling": "60000",
748	-	"Jitter": "0",
748	+	"Jitter": "0",
749	-	"Maxdns": "255",
749	+	"Maxdns": "255",
750	-	"C2 Server": "104.149.168.199,/g.pixel",
750	+	"C2 Server": "104.149.168.199,/g.pixel",
751	-	"User Agent": "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0)",
751	+	"User Agent": "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0)",
752	-	"HTTP Method Path 2": "/submit.php",
752	+	"HTTP Method Path 2": "/submit.php",
753	-	"Header1": "",
753	+	"Header1": "",
754	-	"Header2": "",
754	+	"Header2": "",
755	-	"PipeName": "",
755	+	"PipeName": "",
756	-	"DNS Idle": "\\x00\\x00\\x00\\x00",
756	+	"DNS Idle": "\\x00\\x00\\x00\\x00",
757	-	"DNS Sleep": "0",
757	+	"DNS Sleep": "0",
758	-	"Method1": "GET",
758	+	"Method1": "GET",
759	-	"Method2": "POST",
759	+	"Method2": "POST",
760	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
760	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
761	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
761	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
762	-	"Proxy_AccessType": "2 (Use IE settings)"
762	+	"Proxy_AccessType": "2 (Use IE settings)"
763	-	},
763	+	},
764	-	"x64": {
764	+	"x64": {
765	-	"BeaconType": "8 (HTTPS)",
765	+	"BeaconType": "8 (HTTPS)",
766	-	"Port": "443",
766	+	"Port": "443",
767	-	"Polling": "60000",
767	+	"Polling": "60000",
768	-	"Jitter": "0",
768	+	"Jitter": "0",
769	-	"Maxdns": "255",
769	+	"Maxdns": "255",
770	-	"C2 Server": "104.149.168.199,/g.pixel",
770	+	"C2 Server": "104.149.168.199,/g.pixel",
771	-	"User Agent": "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; WOW64; Trident/6.0)",
771	+	"User Agent": "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; WOW64; Trident/6.0)",
772	-	"HTTP Method Path 2": "/submit.php",
772	+	"HTTP Method Path 2": "/submit.php",
773	-	"Header1": "",
773	+	"Header1": "",
774	-	"Header2": "",
774	+	"Header2": "",
775	-	"PipeName": "",
775	+	"PipeName": "",
776	-	"DNS Idle": "\\x00\\x00\\x00\\x00",
776	+	"DNS Idle": "\\x00\\x00\\x00\\x00",
777	-	"DNS Sleep": "0",
777	+	"DNS Sleep": "0",
778	-	"Method1": "GET",
778	+	"Method1": "GET",
779	-	"Method2": "POST",
779	+	"Method2": "POST",
780	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
780	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
781	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
781	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
782	-	"Proxy_AccessType": "2 (Use IE settings)"
782	+	"Proxy_AccessType": "2 (Use IE settings)"
783	-	}
783	+	}
784	-	},
784	+	},
785	-	"104.168.140.127": {
785	+	"104.168.140.127": {
786	-	"x86": {
786	+	"x86": {
787	-	"BeaconType": "8 (HTTPS)",
787	+	"BeaconType": "8 (HTTPS)",
788	-	"Port": "443",
788	+	"Port": "443",
789	-	"Polling": "62412",
789	+	"Polling": "62412",
790	-	"Jitter": "43",
790	+	"Jitter": "43",
791	-	"Maxdns": "242",
791	+	"Maxdns": "242",
792	-	"C2 Server": "qw.run-upgrade.monster,/avatars.js,as.run-upgrade.monster,/fam_newspaper.js,zx.run-upgrade.monster,/avatars.js",
792	+	"C2 Server": "qw.run-upgrade.monster,/avatars.js,as.run-upgrade.monster,/fam_newspaper.js,zx.run-upgrade.monster,/avatars.js",
793	-	"User Agent": "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/47.0.2526.111 Safari/537.36",
793	+	"User Agent": "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/47.0.2526.111 Safari/537.36",
794	-	"HTTP Method Path 2": "/templates",
794	+	"HTTP Method Path 2": "/templates",
795	-	"Header1": "",
795	+	"Header1": "",
796	-	"Header2": "",
796	+	"Header2": "",
797	-	"PipeName": "",
797	+	"PipeName": "",
798	-	"DNS Idle": "@\\xD9\\xA5\\x04",
798	+	"DNS Idle": "@\\xD9\\xA5\\x04",
799	-	"DNS Sleep": "0",
799	+	"DNS Sleep": "0",
800	-	"Method1": "GET",
800	+	"Method1": "GET",
801	-	"Method2": "POST",
801	+	"Method2": "POST",
802	-	"Spawnto_x86": "%windir%\\syswow64\\regsvr32.exe",
802	+	"Spawnto_x86": "%windir%\\syswow64\\regsvr32.exe",
803	-	"Spawnto_x64": "%windir%\\sysnative\\regsvr32.exe",
803	+	"Spawnto_x64": "%windir%\\sysnative\\regsvr32.exe",
804	-	"Proxy_AccessType": "2 (Use IE settings)"
804	+	"Proxy_AccessType": "2 (Use IE settings)"
805	-	},
805	+	},
806	-	"x64": {
806	+	"x64": {
807	-	"BeaconType": "8 (HTTPS)",
807	+	"BeaconType": "8 (HTTPS)",
808	-	"Port": "443",
808	+	"Port": "443",
809	-	"Polling": "62412",
809	+	"Polling": "62412",
810	-	"Jitter": "43",
810	+	"Jitter": "43",
811	-	"Maxdns": "242",
811	+	"Maxdns": "242",
812	-	"C2 Server": "qw.run-upgrade.monster,/fam_newspaper.js,as.run-upgrade.monster,/fam_newspaper.js,zx.run-upgrade.monster,/avatars.js",
812	+	"C2 Server": "qw.run-upgrade.monster,/fam_newspaper.js,as.run-upgrade.monster,/fam_newspaper.js,zx.run-upgrade.monster,/avatars.js",
813	-	"User Agent": "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/47.0.2526.111 Safari/537.36",
813	+	"User Agent": "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/47.0.2526.111 Safari/537.36",
814	-	"HTTP Method Path 2": "/templates",
814	+	"HTTP Method Path 2": "/templates",
815	-	"Header1": "",
815	+	"Header1": "",
816	-	"Header2": "",
816	+	"Header2": "",
817	-	"PipeName": "",
817	+	"PipeName": "",
818	-	"DNS Idle": "@\\xD9\\xA5\\x04",
818	+	"DNS Idle": "@\\xD9\\xA5\\x04",
819	-	"DNS Sleep": "0",
819	+	"DNS Sleep": "0",
820	-	"Method1": "GET",
820	+	"Method1": "GET",
821	-	"Method2": "POST",
821	+	"Method2": "POST",
822	-	"Spawnto_x86": "%windir%\\syswow64\\regsvr32.exe",
822	+	"Spawnto_x86": "%windir%\\syswow64\\regsvr32.exe",
823	-	"Spawnto_x64": "%windir%\\sysnative\\regsvr32.exe",
823	+	"Spawnto_x64": "%windir%\\sysnative\\regsvr32.exe",
824	-	"Proxy_AccessType": "2 (Use IE settings)"
824	+	"Proxy_AccessType": "2 (Use IE settings)"
825	-	}
825	+	}
826	-	},
826	+	},
827	-	"104.168.159.201": {
827	+	"104.168.159.201": {
828	-	"x86": {
828	+	"x86": {
829	-	"BeaconType": "8 (HTTPS)",
829	+	"BeaconType": "8 (HTTPS)",
830	-	"Port": "443",
830	+	"Port": "443",
831	-	"Polling": "55365",
831	+	"Polling": "55365",
832	-	"Jitter": "43",
832	+	"Jitter": "43",
833	-	"Maxdns": "255",
833	+	"Maxdns": "255",
834	-	"C2 Server": "104.168.159.201,/en",
834	+	"C2 Server": "104.168.159.201,/en",
835	-	"User Agent": "Mozilla/5.0 (Linux; Android 8.0.0; SM-G960F Build/R16NW) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3202",
835	+	"User Agent": "Mozilla/5.0 (Linux; Android 8.0.0; SM-G960F Build/R16NW) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3202",
836	-	"HTTP Method Path 2": "/as",
836	+	"HTTP Method Path 2": "/as",
837	-	"Header1": "",
837	+	"Header1": "",
838	-	"Header2": "",
838	+	"Header2": "",
839	-	"PipeName": "",
839	+	"PipeName": "",
840	-	"DNS Idle": "z\\xC1]\\x0E",
840	+	"DNS Idle": "z\\xC1]\\x0E",
841	-	"DNS Sleep": "0",
841	+	"DNS Sleep": "0",
842	-	"Method1": "GET",
842	+	"Method1": "GET",
843	-	"Method2": "POST",
843	+	"Method2": "POST",
844	-	"Spawnto_x86": "%windir%\\syswow64\\regsvr32.exe",
844	+	"Spawnto_x86": "%windir%\\syswow64\\regsvr32.exe",
845	-	"Spawnto_x64": "%windir%\\sysnative\\regsvr32.exe",
845	+	"Spawnto_x64": "%windir%\\sysnative\\regsvr32.exe",
846	-	"Proxy_AccessType": "2 (Use IE settings)"
846	+	"Proxy_AccessType": "2 (Use IE settings)"
847	-	}
847	+	}
848	-	},
848	+	},
849	-	"104.194.10.58": {
849	+	"104.194.10.58": {
850	-	"x86": {
850	+	"x86": {
851	-	"BeaconType": "8 (HTTPS)",
851	+	"BeaconType": "8 (HTTPS)",
852	-	"Port": "443",
852	+	"Port": "443",
853	-	"Polling": "30000",
853	+	"Polling": "30000",
854	-	"Jitter": "20",
854	+	"Jitter": "20",
855	-	"Maxdns": "255",
855	+	"Maxdns": "255",
856	-	"C2 Server": "peernew.com,/CWoNaJLBo/VTNeWw11212/",
856	+	"C2 Server": "peernew.com,/CWoNaJLBo/VTNeWw11212/",
857	-	"User Agent": "Mozilla/4.0 (compatible; MSIE 6.0;Windows NT 5.1)",
857	+	"User Agent": "Mozilla/4.0 (compatible; MSIE 6.0;Windows NT 5.1)",
858	-	"HTTP Method Path 2": "/CWoNaJLBo/VTNeWw11213/",
858	+	"HTTP Method Path 2": "/CWoNaJLBo/VTNeWw11213/",
859	-	"Header1": "",
859	+	"Header1": "",
860	-	"Header2": "",
860	+	"Header2": "",
861	-	"PipeName": "",
861	+	"PipeName": "",
862	-	"DNS Idle": "\\x00\\x00\\x00\\x00",
862	+	"DNS Idle": "\\x00\\x00\\x00\\x00",
863	-	"DNS Sleep": "0",
863	+	"DNS Sleep": "0",
864	-	"Method1": "GET",
864	+	"Method1": "GET",
865	-	"Method2": "POST",
865	+	"Method2": "POST",
866	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
866	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
867	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
867	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
868	-	"Proxy_AccessType": "2 (Use IE settings)"
868	+	"Proxy_AccessType": "2 (Use IE settings)"
869	-	}
869	+	}
870	-	},
870	+	},
871	-	"104.194.11.10": {
871	+	"104.194.11.10": {
872	-	"x86": {
872	+	"x86": {
873	-	"BeaconType": "8 (HTTPS)",
873	+	"BeaconType": "8 (HTTPS)",
874	-	"Port": "443",
874	+	"Port": "443",
875	-	"Polling": "5000",
875	+	"Polling": "5000",
876	-	"Jitter": "10",
876	+	"Jitter": "10",
877	-	"Maxdns": "235",
877	+	"Maxdns": "235",
878	-	"C2 Server": "simvp.com,/us/ky/louisville/312-s-fourth-st.html",
878	+	"C2 Server": "simvp.com,/us/ky/louisville/312-s-fourth-st.html",
879	-	"User Agent": "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko)",
879	+	"User Agent": "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko)",
880	-	"HTTP Method Path 2": "/OrderEntryService.asmx/AddOrderLine",
880	+	"HTTP Method Path 2": "/OrderEntryService.asmx/AddOrderLine",
881	-	"Header1": "",
881	+	"Header1": "",
882	-	"Header2": "",
882	+	"Header2": "",
883	-	"PipeName": "",
883	+	"PipeName": "",
884	-	"DNS Idle": "\\x08\\x08\\x08\\x08",
884	+	"DNS Idle": "\\x08\\x08\\x08\\x08",
885	-	"DNS Sleep": "0",
885	+	"DNS Sleep": "0",
886	-	"Method1": "GET",
886	+	"Method1": "GET",
887	-	"Method2": "POST",
887	+	"Method2": "POST",
888	-	"Spawnto_x86": "%windir%\\syswow64\\mstsc.exe",
888	+	"Spawnto_x86": "%windir%\\syswow64\\mstsc.exe",
889	-	"Spawnto_x64": "%windir%\\sysnative\\mstsc.exe",
889	+	"Spawnto_x64": "%windir%\\sysnative\\mstsc.exe",
890	-	"Proxy_AccessType": "2 (Use IE settings)"
890	+	"Proxy_AccessType": "2 (Use IE settings)"
891	-	},
891	+	},
892	-	"x64": {
892	+	"x64": {
893	-	"BeaconType": "8 (HTTPS)",
893	+	"BeaconType": "8 (HTTPS)",
894	-	"Port": "443",
894	+	"Port": "443",
895	-	"Polling": "5000",
895	+	"Polling": "5000",
896	-	"Jitter": "10",
896	+	"Jitter": "10",
897	-	"Maxdns": "235",
897	+	"Maxdns": "235",
898	-	"C2 Server": "simvp.com,/us/ky/louisville/312-s-fourth-st.html",
898	+	"C2 Server": "simvp.com,/us/ky/louisville/312-s-fourth-st.html",
899	-	"User Agent": "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko)",
899	+	"User Agent": "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko)",
900	-	"HTTP Method Path 2": "/OrderEntryService.asmx/AddOrderLine",
900	+	"HTTP Method Path 2": "/OrderEntryService.asmx/AddOrderLine",
901	-	"Header1": "",
901	+	"Header1": "",
902	-	"Header2": "",
902	+	"Header2": "",
903	-	"PipeName": "",
903	+	"PipeName": "",
904	-	"DNS Idle": "\\x08\\x08\\x08\\x08",
904	+	"DNS Idle": "\\x08\\x08\\x08\\x08",
905	-	"DNS Sleep": "0",
905	+	"DNS Sleep": "0",
906	-	"Method1": "GET",
906	+	"Method1": "GET",
907	-	"Method2": "POST",
907	+	"Method2": "POST",
908	-	"Spawnto_x86": "%windir%\\syswow64\\mstsc.exe",
908	+	"Spawnto_x86": "%windir%\\syswow64\\mstsc.exe",
909	-	"Spawnto_x64": "%windir%\\sysnative\\mstsc.exe",
909	+	"Spawnto_x64": "%windir%\\sysnative\\mstsc.exe",
910	-	"Proxy_AccessType": "2 (Use IE settings)"
910	+	"Proxy_AccessType": "2 (Use IE settings)"
911	-	}
911	+	}
912	-	},
912	+	},
913	-	"104.194.8.114": {
913	+	"104.194.8.114": {
914	-	"x86": {
914	+	"x86": {
915	-	"BeaconType": "8 (HTTPS)",
915	+	"BeaconType": "8 (HTTPS)",
916	-	"Port": "443",
916	+	"Port": "443",
917	-	"Polling": "5000",
917	+	"Polling": "5000",
918	-	"Jitter": "10",
918	+	"Jitter": "10",
919	-	"Maxdns": "235",
919	+	"Maxdns": "235",
920	-	"C2 Server": "raills.com,/us/ky/louisville/312-s-fourth-st.html",
920	+	"C2 Server": "raills.com,/us/ky/louisville/312-s-fourth-st.html",
921	-	"User Agent": "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko)",
921	+	"User Agent": "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko)",
922	-	"HTTP Method Path 2": "/OrderEntryService.asmx/AddOrderLine",
922	+	"HTTP Method Path 2": "/OrderEntryService.asmx/AddOrderLine",
923	-	"Header1": "",
923	+	"Header1": "",
924	-	"Header2": "",
924	+	"Header2": "",
925	-	"PipeName": "",
925	+	"PipeName": "",
926	-	"DNS Idle": "\\x08\\x08\\x08\\x08",
926	+	"DNS Idle": "\\x08\\x08\\x08\\x08",
927	-	"DNS Sleep": "0",
927	+	"DNS Sleep": "0",
928	-	"Method1": "GET",
928	+	"Method1": "GET",
929	-	"Method2": "POST",
929	+	"Method2": "POST",
930	-	"Spawnto_x86": "%windir%\\syswow64\\mstsc.exe",
930	+	"Spawnto_x86": "%windir%\\syswow64\\mstsc.exe",
931	-	"Spawnto_x64": "%windir%\\sysnative\\mstsc.exe",
931	+	"Spawnto_x64": "%windir%\\sysnative\\mstsc.exe",
932	-	"Proxy_AccessType": "2 (Use IE settings)"
932	+	"Proxy_AccessType": "2 (Use IE settings)"
933	-	}
933	+	}
934	-	},
934	+	},
935	-	"104.194.8.36": {
935	+	"104.194.8.36": {
936	-	"x64": {
936	+	"x64": {
937	-	"BeaconType": "8 (HTTPS)",
937	+	"BeaconType": "8 (HTTPS)",
938	-	"Port": "443",
938	+	"Port": "443",
939	-	"Polling": "5000",
939	+	"Polling": "5000",
940	-	"Jitter": "10",
940	+	"Jitter": "10",
941	-	"Maxdns": "235",
941	+	"Maxdns": "235",
942	-	"C2 Server": "rollfx.com,/us/ky/louisville/312-s-fourth-st.html",
942	+	"C2 Server": "rollfx.com,/us/ky/louisville/312-s-fourth-st.html",
943	-	"User Agent": "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko)",
943	+	"User Agent": "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko)",
944	-	"HTTP Method Path 2": "/OrderEntryService.asmx/AddOrderLine",
944	+	"HTTP Method Path 2": "/OrderEntryService.asmx/AddOrderLine",
945	-	"Header1": "",
945	+	"Header1": "",
946	-	"Header2": "",
946	+	"Header2": "",
947	-	"PipeName": "",
947	+	"PipeName": "",
948	-	"DNS Idle": "\\x08\\x08\\x08\\x08",
948	+	"DNS Idle": "\\x08\\x08\\x08\\x08",
949	-	"DNS Sleep": "0",
949	+	"DNS Sleep": "0",
950	-	"Method1": "GET",
950	+	"Method1": "GET",
951	-	"Method2": "POST",
951	+	"Method2": "POST",
952	-	"Spawnto_x86": "%windir%\\syswow64\\mstsc.exe",
952	+	"Spawnto_x86": "%windir%\\syswow64\\mstsc.exe",
953	-	"Spawnto_x64": "%windir%\\sysnative\\mstsc.exe",
953	+	"Spawnto_x64": "%windir%\\sysnative\\mstsc.exe",
954	-	"Proxy_AccessType": "2 (Use IE settings)"
954	+	"Proxy_AccessType": "2 (Use IE settings)"
955	-	}
955	+	}
956	-	},
956	+	},
957	-	"104.236.172.121": {
957	+	"104.236.172.121": {
958	-	"x86": {
958	+	"x86": {
959	-	"BeaconType": "8 (HTTPS)",
959	+	"BeaconType": "8 (HTTPS)",
960	-	"Port": "443",
960	+	"Port": "443",
961	-	"Polling": "60000",
961	+	"Polling": "60000",
962	-	"Jitter": "0",
962	+	"Jitter": "0",
963	-	"Maxdns": "255",
963	+	"Maxdns": "255",
964	-	"C2 Server": "104.236.172.121,/ga.js,n00she.com,/match",
964	+	"C2 Server": "104.236.172.121,/ga.js,n00she.com,/match",
965	-	"User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; BOIE9;ENUS)",
965	+	"User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; BOIE9;ENUS)",
966	-	"HTTP Method Path 2": "/submit.php",
966	+	"HTTP Method Path 2": "/submit.php",
967	-	"Header1": "",
967	+	"Header1": "",
968	-	"Header2": "",
968	+	"Header2": "",
969	-	"PipeName": "",
969	+	"PipeName": "",
970	-	"DNS Idle": "\\x00\\x00\\x00\\x00",
970	+	"DNS Idle": "\\x00\\x00\\x00\\x00",
971	-	"DNS Sleep": "0",
971	+	"DNS Sleep": "0",
972	-	"Method1": "GET",
972	+	"Method1": "GET",
973	-	"Method2": "POST",
973	+	"Method2": "POST",
974	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
974	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
975	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
975	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
976	-	"Proxy_AccessType": "2 (Use IE settings)"
976	+	"Proxy_AccessType": "2 (Use IE settings)"
977	-	},
977	+	},
978	-	"x64": {
978	+	"x64": {
979	-	"BeaconType": "8 (HTTPS)",
979	+	"BeaconType": "8 (HTTPS)",
980	-	"Port": "443",
980	+	"Port": "443",
981	-	"Polling": "60000",
981	+	"Polling": "60000",
982	-	"Jitter": "0",
982	+	"Jitter": "0",
983	-	"Maxdns": "255",
983	+	"Maxdns": "255",
984	-	"C2 Server": "104.236.172.121,/en_US/all.js,n00she.com,/activity",
984	+	"C2 Server": "104.236.172.121,/en_US/all.js,n00she.com,/activity",
985	-	"User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; LBBROWSER)",
985	+	"User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; LBBROWSER)",
986	-	"HTTP Method Path 2": "/submit.php",
986	+	"HTTP Method Path 2": "/submit.php",
987	-	"Header1": "",
987	+	"Header1": "",
988	-	"Header2": "",
988	+	"Header2": "",
989	-	"PipeName": "",
989	+	"PipeName": "",
990	-	"DNS Idle": "\\x00\\x00\\x00\\x00",
990	+	"DNS Idle": "\\x00\\x00\\x00\\x00",
991	-	"DNS Sleep": "0",
991	+	"DNS Sleep": "0",
992	-	"Method1": "GET",
992	+	"Method1": "GET",
993	-	"Method2": "POST",
993	+	"Method2": "POST",
994	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
994	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
995	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
995	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
996	-	"Proxy_AccessType": "2 (Use IE settings)"
996	+	"Proxy_AccessType": "2 (Use IE settings)"
997	-	}
997	+	}
998	-	},
998	+	},
999	-	"104.238.133.94": {
999	+	"104.238.133.94": {
1000	-	"x86": {
1000	+	"x86": {
1001	-	"BeaconType": "8 (HTTPS)",
1001	+	"BeaconType": "8 (HTTPS)",
1002	-	"Port": "443",
1002	+	"Port": "443",
1003	-	"Polling": "60000",
1003	+	"Polling": "60000",
1004	-	"Jitter": "0",
1004	+	"Jitter": "0",
1005	-	"Maxdns": "255",
1005	+	"Maxdns": "255",
1006	-	"C2 Server": "104.238.133.94,/pixel.gif",
1006	+	"C2 Server": "104.238.133.94,/pixel.gif",
1007	-	"User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; yie9)",
1007	+	"User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; yie9)",
1008	-	"HTTP Method Path 2": "/submit.php",
1008	+	"HTTP Method Path 2": "/submit.php",
1009	-	"Header1": "",
1009	+	"Header1": "",
1010	-	"Header2": "",
1010	+	"Header2": "",
1011	-	"PipeName": "",
1011	+	"PipeName": "",
1012	-	"DNS Idle": "\\x00\\x00\\x00\\x00",
1012	+	"DNS Idle": "\\x00\\x00\\x00\\x00",
1013	-	"DNS Sleep": "0",
1013	+	"DNS Sleep": "0",
1014	-	"Method1": "GET",
1014	+	"Method1": "GET",
1015	-	"Method2": "POST",
1015	+	"Method2": "POST",
1016	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
1016	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
1017	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
1017	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
1018	-	"Proxy_AccessType": "2 (Use IE settings)"
1018	+	"Proxy_AccessType": "2 (Use IE settings)"
1019	-	}
1019	+	}
1020	-	},
1020	+	},
1021	-	"104.238.205.115": {
1021	+	"104.238.205.115": {
1022	-	"x86": {
1022	+	"x86": {
1023	-	"BeaconType": "8 (HTTPS)",
1023	+	"BeaconType": "8 (HTTPS)",
1024	-	"Port": "443",
1024	+	"Port": "443",
1025	-	"Polling": "5000",
1025	+	"Polling": "5000",
1026	-	"Jitter": "10",
1026	+	"Jitter": "10",
1027	-	"Maxdns": "235",
1027	+	"Maxdns": "235",
1028	-	"C2 Server": "resfox.com,/us/ky/louisville/312-s-fourth-st.html,zeroflip.com,/us/ky/louisville/312-s-fourth-st.html",
1028	+	"C2 Server": "resfox.com,/us/ky/louisville/312-s-fourth-st.html,zeroflip.com,/us/ky/louisville/312-s-fourth-st.html",
1029	-	"User Agent": "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko)",
1029	+	"User Agent": "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko)",
1030	-	"HTTP Method Path 2": "/OrderEntryService.asmx/AddOrderLine",
1030	+	"HTTP Method Path 2": "/OrderEntryService.asmx/AddOrderLine",
1031	-	"Header1": "",
1031	+	"Header1": "",
1032	-	"Header2": "",
1032	+	"Header2": "",
1033	-	"PipeName": "",
1033	+	"PipeName": "",
1034	-	"DNS Idle": "\\x08\\x08\\x08\\x08",
1034	+	"DNS Idle": "\\x08\\x08\\x08\\x08",
1035	-	"DNS Sleep": "0",
1035	+	"DNS Sleep": "0",
1036	-	"Method1": "GET",
1036	+	"Method1": "GET",
1037	-	"Method2": "POST",
1037	+	"Method2": "POST",
1038	-	"Spawnto_x86": "%windir%\\syswow64\\mstsc.exe",
1038	+	"Spawnto_x86": "%windir%\\syswow64\\mstsc.exe",
1039	-	"Spawnto_x64": "%windir%\\sysnative\\mstsc.exe",
1039	+	"Spawnto_x64": "%windir%\\sysnative\\mstsc.exe",
1040	-	"Proxy_AccessType": "2 (Use IE settings)"
1040	+	"Proxy_AccessType": "2 (Use IE settings)"
1041	-	}
1041	+	}
1042	-	},
1042	+	},
1043	-	"104.238.205.44": {
1043	+	"104.238.205.44": {
1044	-	"x86": {
1044	+	"x86": {
1045	-	"BeaconType": "8 (HTTPS)",
1045	+	"BeaconType": "8 (HTTPS)",
1046	-	"Port": "443",
1046	+	"Port": "443",
1047	-	"Polling": "60000",
1047	+	"Polling": "60000",
1048	-	"Jitter": "0",
1048	+	"Jitter": "0",
1049	-	"Maxdns": "255",
1049	+	"Maxdns": "255",
1050	-	"C2 Server": "syscx.com,/dot.gif",
1050	+	"C2 Server": "syscx.com,/dot.gif",
1051	-	"User Agent": "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; Win64; x64; Trident/6.0; ASU2JS)",
1051	+	"User Agent": "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; Win64; x64; Trident/6.0; ASU2JS)",
1052	-	"HTTP Method Path 2": "/submit.php",
1052	+	"HTTP Method Path 2": "/submit.php",
1053	-	"Header1": "",
1053	+	"Header1": "",
1054	-	"Header2": "",
1054	+	"Header2": "",
1055	-	"PipeName": "",
1055	+	"PipeName": "",
1056	-	"DNS Idle": "\\x00\\x00\\x00\\x00",
1056	+	"DNS Idle": "\\x00\\x00\\x00\\x00",
1057	-	"DNS Sleep": "0",
1057	+	"DNS Sleep": "0",
1058	-	"Method1": "GET",
1058	+	"Method1": "GET",
1059	-	"Method2": "POST",
1059	+	"Method2": "POST",
1060	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
1060	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
1061	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
1061	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
1062	-	"Proxy_AccessType": "2 (Use IE settings)"
1062	+	"Proxy_AccessType": "2 (Use IE settings)"
1063	-	}
1063	+	}
1064	-	},
1064	+	},
1065	-	"104.238.205.63": {
1065	+	"104.238.205.63": {
1066	-	"x86": {
1066	+	"x86": {
1067	-	"BeaconType": "8 (HTTPS)",
1067	+	"BeaconType": "8 (HTTPS)",
1068	-	"Port": "443",
1068	+	"Port": "443",
1069	-	"Polling": "30000",
1069	+	"Polling": "30000",
1070	-	"Jitter": "20",
1070	+	"Jitter": "20",
1071	-	"Maxdns": "255",
1071	+	"Maxdns": "255",
1072	-	"C2 Server": "dealeva.com,/CWoNaJLBo/VTNeWw11212/",
1072	+	"C2 Server": "dealeva.com,/CWoNaJLBo/VTNeWw11212/",
1073	-	"User Agent": "Mozilla/4.0 (compatible; MSIE 6.0;Windows NT 5.1)",
1073	+	"User Agent": "Mozilla/4.0 (compatible; MSIE 6.0;Windows NT 5.1)",
1074	-	"HTTP Method Path 2": "/CWoNaJLBo/VTNeWw11213/",
1074	+	"HTTP Method Path 2": "/CWoNaJLBo/VTNeWw11213/",
1075	-	"Header1": "",
1075	+	"Header1": "",
1076	-	"Header2": "",
1076	+	"Header2": "",
1077	-	"PipeName": "",
1077	+	"PipeName": "",
1078	-	"DNS Idle": "\\x00\\x00\\x00\\x00",
1078	+	"DNS Idle": "\\x00\\x00\\x00\\x00",
1079	-	"DNS Sleep": "0",
1079	+	"DNS Sleep": "0",
1080	-	"Method1": "GET",
1080	+	"Method1": "GET",
1081	-	"Method2": "POST",
1081	+	"Method2": "POST",
1082	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
1082	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
1083	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
1083	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
1084	-	"Proxy_AccessType": "2 (Use IE settings)"
1084	+	"Proxy_AccessType": "2 (Use IE settings)"
1085	-	}
1085	+	}
1086	-	},
1086	+	},
1087	-	"104.243.33.7": {
1087	+	"104.243.33.7": {
1088	-	"x64": {
1088	+	"x64": {
1089	-	"BeaconType": "8 (HTTPS)",
1089	+	"BeaconType": "8 (HTTPS)",
1090	-	"Port": "443",
1090	+	"Port": "443",
1091	-	"Polling": "30000",
1091	+	"Polling": "30000",
1092	-	"Jitter": "20",
1092	+	"Jitter": "20",
1093	-	"Maxdns": "255",
1093	+	"Maxdns": "255",
1094	-	"C2 Server": "goodroy.com,/CWoNaJLBo/VTNeWw11212/",
1094	+	"C2 Server": "goodroy.com,/CWoNaJLBo/VTNeWw11212/",
1095	-	"User Agent": "Mozilla/4.0 (compatible; MSIE 6.0;Windows NT 5.1)",
1095	+	"User Agent": "Mozilla/4.0 (compatible; MSIE 6.0;Windows NT 5.1)",
1096	-	"HTTP Method Path 2": "/CWoNaJLBo/VTNeWw11213/",
1096	+	"HTTP Method Path 2": "/CWoNaJLBo/VTNeWw11213/",
1097	-	"Header1": "",
1097	+	"Header1": "",
1098	-	"Header2": "",
1098	+	"Header2": "",
1099	-	"PipeName": "",
1099	+	"PipeName": "",
1100	-	"DNS Idle": "\\x00\\x00\\x00\\x00",
1100	+	"DNS Idle": "\\x00\\x00\\x00\\x00",
1101	-	"DNS Sleep": "0",
1101	+	"DNS Sleep": "0",
1102	-	"Method1": "GET",
1102	+	"Method1": "GET",
1103	-	"Method2": "POST",
1103	+	"Method2": "POST",
1104	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
1104	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
1105	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
1105	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
1106	-	"Proxy_AccessType": "2 (Use IE settings)"
1106	+	"Proxy_AccessType": "2 (Use IE settings)"
1107	-	}
1107	+	}
1108	-	},
1108	+	},
1109	-	"104.243.40.126": {
1109	+	"104.243.40.126": {
1110	-	"x86": {
1110	+	"x86": {
1111	-	"BeaconType": "8 (HTTPS)",
1111	+	"BeaconType": "8 (HTTPS)",
1112	-	"Port": "443",
1112	+	"Port": "443",
1113	-	"Polling": "5000",
1113	+	"Polling": "5000",
1114	-	"Jitter": "10",
1114	+	"Jitter": "10",
1115	-	"Maxdns": "235",
1115	+	"Maxdns": "235",
1116	-	"C2 Server": "likenic.com,/us/ky/louisville/312-s-fourth-st.html",
1116	+	"C2 Server": "likenic.com,/us/ky/louisville/312-s-fourth-st.html",
1117	-	"User Agent": "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko)",
1117	+	"User Agent": "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko)",
1118	-	"HTTP Method Path 2": "/OrderEntryService.asmx/AddOrderLine",
1118	+	"HTTP Method Path 2": "/OrderEntryService.asmx/AddOrderLine",
1119	-	"Header1": "",
1119	+	"Header1": "",
1120	-	"Header2": "",
1120	+	"Header2": "",
1121	-	"PipeName": "",
1121	+	"PipeName": "",
1122	-	"DNS Idle": "\\x08\\x08\\x08\\x08",
1122	+	"DNS Idle": "\\x08\\x08\\x08\\x08",
1123	-	"DNS Sleep": "0",
1123	+	"DNS Sleep": "0",
1124	-	"Method1": "GET",
1124	+	"Method1": "GET",
1125	-	"Method2": "POST",
1125	+	"Method2": "POST",
1126	-	"Spawnto_x86": "%windir%\\syswow64\\mstsc.exe",
1126	+	"Spawnto_x86": "%windir%\\syswow64\\mstsc.exe",
1127	-	"Spawnto_x64": "%windir%\\sysnative\\mstsc.exe",
1127	+	"Spawnto_x64": "%windir%\\sysnative\\mstsc.exe",
1128	-	"Proxy_AccessType": "2 (Use IE settings)"
1128	+	"Proxy_AccessType": "2 (Use IE settings)"
1129	-	}
1129	+	}
1130	-	},
1130	+	},
1131	-	"104.243.41.123": {
1131	+	"104.243.41.123": {
1132	-	"x64": {
1132	+	"x64": {
1133	-	"BeaconType": "8 (HTTPS)",
1133	+	"BeaconType": "8 (HTTPS)",
1134	-	"Port": "443",
1134	+	"Port": "443",
1135	-	"Polling": "60000",
1135	+	"Polling": "60000",
1136	-	"Jitter": "0",
1136	+	"Jitter": "0",
1137	-	"Maxdns": "255",
1137	+	"Maxdns": "255",
1138	-	"C2 Server": "cuphq.com,/cx",
1138	+	"C2 Server": "cuphq.com,/cx",
1139	-	"User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; BOIE9;ENUS)",
1139	+	"User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; BOIE9;ENUS)",
1140	-	"HTTP Method Path 2": "/submit.php",
1140	+	"HTTP Method Path 2": "/submit.php",
1141	-	"Header1": "",
1141	+	"Header1": "",
1142	-	"Header2": "",
1142	+	"Header2": "",
1143	-	"PipeName": "",
1143	+	"PipeName": "",
1144	-	"DNS Idle": "\\x00\\x00\\x00\\x00",
1144	+	"DNS Idle": "\\x00\\x00\\x00\\x00",
1145	-	"DNS Sleep": "0",
1145	+	"DNS Sleep": "0",
1146	-	"Method1": "GET",
1146	+	"Method1": "GET",
1147	-	"Method2": "POST",
1147	+	"Method2": "POST",
1148	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
1148	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
1149	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
1149	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
1150	-	"Proxy_AccessType": "2 (Use IE settings)"
1150	+	"Proxy_AccessType": "2 (Use IE settings)"
1151	-	}
1151	+	}
1152	-	},
1152	+	},
1153	-	"104.243.45.15": {
1153	+	"104.243.45.15": {
1154	-	"x86": {
1154	+	"x86": {
1155	-	"BeaconType": "8 (HTTPS)",
1155	+	"BeaconType": "8 (HTTPS)",
1156	-	"Port": "443",
1156	+	"Port": "443",
1157	-	"Polling": "5000",
1157	+	"Polling": "5000",
1158	-	"Jitter": "10",
1158	+	"Jitter": "10",
1159	-	"Maxdns": "235",
1159	+	"Maxdns": "235",
1160	-	"C2 Server": "mixres.com,/us/ky/louisville/312-s-fourth-st.html",
1160	+	"C2 Server": "mixres.com,/us/ky/louisville/312-s-fourth-st.html",
1161	-	"User Agent": "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko)",
1161	+	"User Agent": "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko)",
1162	-	"HTTP Method Path 2": "/OrderEntryService.asmx/AddOrderLine",
1162	+	"HTTP Method Path 2": "/OrderEntryService.asmx/AddOrderLine",
1163	-	"Header1": "",
1163	+	"Header1": "",
1164	-	"Header2": "",
1164	+	"Header2": "",
1165	-	"PipeName": "",
1165	+	"PipeName": "",
1166	-	"DNS Idle": "\\x08\\x08\\x08\\x08",
1166	+	"DNS Idle": "\\x08\\x08\\x08\\x08",
1167	-	"DNS Sleep": "0",
1167	+	"DNS Sleep": "0",
1168	-	"Method1": "GET",
1168	+	"Method1": "GET",
1169	-	"Method2": "POST",
1169	+	"Method2": "POST",
1170	-	"Spawnto_x86": "%windir%\\syswow64\\mstsc.exe",
1170	+	"Spawnto_x86": "%windir%\\syswow64\\mstsc.exe",
1171	-	"Spawnto_x64": "%windir%\\sysnative\\mstsc.exe",
1171	+	"Spawnto_x64": "%windir%\\sysnative\\mstsc.exe",
1172	-	"Proxy_AccessType": "2 (Use IE settings)"
1172	+	"Proxy_AccessType": "2 (Use IE settings)"
1173	-	},
1173	+	},
1174	-	"x64": {
1174	+	"x64": {
1175	-	"BeaconType": "8 (HTTPS)",
1175	+	"BeaconType": "8 (HTTPS)",
1176	-	"Port": "443",
1176	+	"Port": "443",
1177	-	"Polling": "5000",
1177	+	"Polling": "5000",
1178	-	"Jitter": "10",
1178	+	"Jitter": "10",
1179	-	"Maxdns": "235",
1179	+	"Maxdns": "235",
1180	-	"C2 Server": "mixres.com,/us/ky/louisville/312-s-fourth-st.html",
1180	+	"C2 Server": "mixres.com,/us/ky/louisville/312-s-fourth-st.html",
1181	-	"User Agent": "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko)",
1181	+	"User Agent": "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko)",
1182	-	"HTTP Method Path 2": "/OrderEntryService.asmx/AddOrderLine",
1182	+	"HTTP Method Path 2": "/OrderEntryService.asmx/AddOrderLine",
1183	-	"Header1": "",
1183	+	"Header1": "",
1184	-	"Header2": "",
1184	+	"Header2": "",
1185	-	"PipeName": "",
1185	+	"PipeName": "",
1186	-	"DNS Idle": "\\x08\\x08\\x08\\x08",
1186	+	"DNS Idle": "\\x08\\x08\\x08\\x08",
1187	-	"DNS Sleep": "0",
1187	+	"DNS Sleep": "0",
1188	-	"Method1": "GET",
1188	+	"Method1": "GET",
1189	-	"Method2": "POST",
1189	+	"Method2": "POST",
1190	-	"Spawnto_x86": "%windir%\\syswow64\\mstsc.exe",
1190	+	"Spawnto_x86": "%windir%\\syswow64\\mstsc.exe",
1191	-	"Spawnto_x64": "%windir%\\sysnative\\mstsc.exe",
1191	+	"Spawnto_x64": "%windir%\\sysnative\\mstsc.exe",
1192	-	"Proxy_AccessType": "2 (Use IE settings)"
1192	+	"Proxy_AccessType": "2 (Use IE settings)"
1193	-	}
1193	+	}
1194	-	},
1194	+	},
1195	-	"104.243.45.45": {
1195	+	"104.243.45.45": {
1196	-	"x86": {
1196	+	"x86": {
1197	-	"BeaconType": "8 (HTTPS)",
1197	+	"BeaconType": "8 (HTTPS)",
1198	-	"Port": "443",
1198	+	"Port": "443",
1199	-	"Polling": "5000",
1199	+	"Polling": "5000",
1200	-	"Jitter": "10",
1200	+	"Jitter": "10",
1201	-	"Maxdns": "235",
1201	+	"Maxdns": "235",
1202	-	"C2 Server": "mobpros.com,/us/ky/louisville/312-s-fourth-st.html",
1202	+	"C2 Server": "mobpros.com,/us/ky/louisville/312-s-fourth-st.html",
1203	-	"User Agent": "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko)",
1203	+	"User Agent": "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko)",
1204	-	"HTTP Method Path 2": "/OrderEntryService.asmx/AddOrderLine",
1204	+	"HTTP Method Path 2": "/OrderEntryService.asmx/AddOrderLine",
1205	-	"Header1": "",
1205	+	"Header1": "",
1206	-	"Header2": "",
1206	+	"Header2": "",
1207	-	"PipeName": "",
1207	+	"PipeName": "",
1208	-	"DNS Idle": "\\x08\\x08\\x08\\x08",
1208	+	"DNS Idle": "\\x08\\x08\\x08\\x08",
1209	-	"DNS Sleep": "0",
1209	+	"DNS Sleep": "0",
1210	-	"Method1": "GET",
1210	+	"Method1": "GET",
1211	-	"Method2": "POST",
1211	+	"Method2": "POST",
1212	-	"Spawnto_x86": "%windir%\\syswow64\\mstsc.exe",
1212	+	"Spawnto_x86": "%windir%\\syswow64\\mstsc.exe",
1213	-	"Spawnto_x64": "%windir%\\sysnative\\mstsc.exe",
1213	+	"Spawnto_x64": "%windir%\\sysnative\\mstsc.exe",
1214	-	"Proxy_AccessType": "2 (Use IE settings)"
1214	+	"Proxy_AccessType": "2 (Use IE settings)"
1215	-	}
1215	+	}
1216	-	},
1216	+	},
1217	-	"104.243.46.74": {
1217	+	"104.243.46.74": {
1218	-	"x86": {
1218	+	"x86": {
1219	-	"BeaconType": "8 (HTTPS)",
1219	+	"BeaconType": "8 (HTTPS)",
1220	-	"Port": "443",
1220	+	"Port": "443",
1221	-	"Polling": "60000",
1221	+	"Polling": "60000",
1222	-	"Jitter": "0",
1222	+	"Jitter": "0",
1223	-	"Maxdns": "255",
1223	+	"Maxdns": "255",
1224	-	"C2 Server": "104.243.46.74,/IE9CompatViewList.xml",
1224	+	"C2 Server": "104.243.46.74,/IE9CompatViewList.xml",
1225	-	"User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.0; WOW64; Trident/5.0)",
1225	+	"User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.0; WOW64; Trident/5.0)",
1226	-	"HTTP Method Path 2": "/submit.php",
1226	+	"HTTP Method Path 2": "/submit.php",
1227	-	"Header1": "",
1227	+	"Header1": "",
1228	-	"Header2": "",
1228	+	"Header2": "",
1229	-	"PipeName": "",
1229	+	"PipeName": "",
1230	-	"DNS Idle": "\\x00\\x00\\x00\\x00",
1230	+	"DNS Idle": "\\x00\\x00\\x00\\x00",
1231	-	"DNS Sleep": "0",
1231	+	"DNS Sleep": "0",
1232	-	"Method1": "GET",
1232	+	"Method1": "GET",
1233	-	"Method2": "POST",
1233	+	"Method2": "POST",
1234	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
1234	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
1235	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
1235	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
1236	-	"Proxy_AccessType": "2 (Use IE settings)"
1236	+	"Proxy_AccessType": "2 (Use IE settings)"
1237	-	}
1237	+	}
1238	-	},
1238	+	},
1239	-	"104.247.196.106": {
1239	+	"104.247.196.106": {
1240	-	"x64": {
1240	+	"x64": {
1241	-	"BeaconType": "8 (HTTPS)",
1241	+	"BeaconType": "8 (HTTPS)",
1242	-	"Port": "443",
1242	+	"Port": "443",
1243	-	"Polling": "60000",
1243	+	"Polling": "60000",
1244	-	"Jitter": "0",
1244	+	"Jitter": "0",
1245	-	"Maxdns": "255",
1245	+	"Maxdns": "255",
1246	-	"C2 Server": "104.247.196.106,/match",
1246	+	"C2 Server": "104.247.196.106,/match",
1247	-	"User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; NP06)",
1247	+	"User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; NP06)",
1248	-	"HTTP Method Path 2": "/submit.php",
1248	+	"HTTP Method Path 2": "/submit.php",
1249	-	"Header1": "",
1249	+	"Header1": "",
1250	-	"Header2": "",
1250	+	"Header2": "",
1251	-	"PipeName": "",
1251	+	"PipeName": "",
1252	-	"DNS Idle": "\\x00\\x00\\x00\\x00",
1252	+	"DNS Idle": "\\x00\\x00\\x00\\x00",
1253	-	"DNS Sleep": "0",
1253	+	"DNS Sleep": "0",
1254	-	"Method1": "GET",
1254	+	"Method1": "GET",
1255	-	"Method2": "POST",
1255	+	"Method2": "POST",
1256	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
1256	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
1257	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
1257	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
1258	-	"Proxy_AccessType": "2 (Use IE settings)"
1258	+	"Proxy_AccessType": "2 (Use IE settings)"
1259	-	}
1259	+	}
1260	-	},
1260	+	},
1261	-	"104.247.196.170": {
1261	+	"104.247.196.170": {
1262	-	"x86": {
1262	+	"x86": {
1263	-	"BeaconType": "8 (HTTPS)",
1263	+	"BeaconType": "8 (HTTPS)",
1264	-	"Port": "443",
1264	+	"Port": "443",
1265	-	"Polling": "5000",
1265	+	"Polling": "5000",
1266	-	"Jitter": "10",
1266	+	"Jitter": "10",
1267	-	"Maxdns": "235",
1267	+	"Maxdns": "235",
1268	-	"C2 Server": "clubuz.com,/us/ky/louisville/312-s-fourth-st.html",
1268	+	"C2 Server": "clubuz.com,/us/ky/louisville/312-s-fourth-st.html",
1269	-	"User Agent": "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko)",
1269	+	"User Agent": "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko)",
1270	-	"HTTP Method Path 2": "/OrderEntryService.asmx/AddOrderLine",
1270	+	"HTTP Method Path 2": "/OrderEntryService.asmx/AddOrderLine",
1271	-	"Header1": "",
1271	+	"Header1": "",
1272	-	"Header2": "",
1272	+	"Header2": "",
1273	-	"PipeName": "",
1273	+	"PipeName": "",
1274	-	"DNS Idle": "\\x08\\x08\\x08\\x08",
1274	+	"DNS Idle": "\\x08\\x08\\x08\\x08",
1275	-	"DNS Sleep": "0",
1275	+	"DNS Sleep": "0",
1276	-	"Method1": "GET",
1276	+	"Method1": "GET",
1277	-	"Method2": "POST",
1277	+	"Method2": "POST",
1278	-	"Spawnto_x86": "%windir%\\syswow64\\mstsc.exe",
1278	+	"Spawnto_x86": "%windir%\\syswow64\\mstsc.exe",
1279	-	"Spawnto_x64": "%windir%\\sysnative\\mstsc.exe",
1279	+	"Spawnto_x64": "%windir%\\sysnative\\mstsc.exe",
1280	-	"Proxy_AccessType": "2 (Use IE settings)"
1280	+	"Proxy_AccessType": "2 (Use IE settings)"
1281	-	}
1281	+	}
1282	-	},
1282	+	},
1283	-	"104.248.224.90": {
1283	+	"104.248.224.90": {
1284	-	"x86": {
1284	+	"x86": {
1285	-	"BeaconType": "8 (HTTPS)",
1285	+	"BeaconType": "8 (HTTPS)",
1286	-	"Port": "443",
1286	+	"Port": "443",
1287	-	"Polling": "15000",
1287	+	"Polling": "15000",
1288	-	"Jitter": "90",
1288	+	"Jitter": "90",
1289	-	"Maxdns": "225",
1289	+	"Maxdns": "225",
1290	-	"C2 Server": "www.nytimes.com,/v1/preferences,www.nytimes.com,/v1/preferences,www.nytimes.com,/idcta/translations,www.nytimes.com,/v2/preferences,www.nytimes.com,/idcta/translations",
1290	+	"C2 Server": "www.nytimes.com,/v1/preferences,www.nytimes.com,/v1/preferences,www.nytimes.com,/idcta/translations,www.nytimes.com,/v2/preferences,www.nytimes.com,/idcta/translations",
1291	-	"User Agent": "Microsoft BITS/7.8",
1291	+	"User Agent": "Microsoft BITS/7.8",
1292	-	"HTTP Method Path 2": "/track",
1292	+	"HTTP Method Path 2": "/track",
1293	-	"Header1": "",
1293	+	"Header1": "",
1294	-	"Header2": "",
1294	+	"Header2": "",
1295	-	"PipeName": "",
1295	+	"PipeName": "",
1296	-	"DNS Idle": "h\\xD8<\\x84",
1296	+	"DNS Idle": "h\\xD8<\\x84",
1297	-	"DNS Sleep": "0",
1297	+	"DNS Sleep": "0",
1298	-	"Method1": "GET",
1298	+	"Method1": "GET",
1299	-	"Method2": "POST",
1299	+	"Method2": "POST",
1300	-	"Spawnto_x86": "%windir%\\syswow64\\SearchProtocolHost.exe",
1300	+	"Spawnto_x86": "%windir%\\syswow64\\SearchProtocolHost.exe",
1301	-	"Spawnto_x64": "%windir%\\sysnative\\SearchProtocolHost.exe",
1301	+	"Spawnto_x64": "%windir%\\sysnative\\SearchProtocolHost.exe",
1302	-	"Proxy_AccessType": "2 (Use IE settings)"
1302	+	"Proxy_AccessType": "2 (Use IE settings)"
1303	-	}
1303	+	}
1304	-	},
1304	+	},
1305	-	"104.248.48.249": {
1305	+	"104.248.48.249": {
1306	-	"x86": {
1306	+	"x86": {
1307	-	"BeaconType": "8 (HTTPS)",
1307	+	"BeaconType": "8 (HTTPS)",
1308	-	"Port": "443",
1308	+	"Port": "443",
1309	-	"Polling": "15000",
1309	+	"Polling": "15000",
1310	-	"Jitter": "90",
1310	+	"Jitter": "90",
1311	-	"C2 Server": "104.248.48.249,/gp/cerberus/gv",
1311	+	"C2 Server": "104.248.48.249,/gp/cerberus/gv",
1312	-	"HTTP Method Path 2": "/1.5/95648064/storage/tabs",
1312	+	"HTTP Method Path 2": "/1.5/95648064/storage/tabs",
1313	-	"Method1": "GET",
1313	+	"Method1": "GET",
1314	-	"Method2": "POST",
1314	+	"Method2": "POST",
1315	-	"Spawnto_x86": "%windir%\\syswow64\\SearchProtocolHost.exe",
1315	+	"Spawnto_x86": "%windir%\\syswow64\\SearchProtocolHost.exe",
1316	-	"Spawnto_x64": "%windir%\\sysnative\\SearchProtocolHost.exe",
1316	+	"Spawnto_x64": "%windir%\\sysnative\\SearchProtocolHost.exe",
1317	-	"Proxy_AccessType": "2 (Use IE settings)"
1317	+	"Proxy_AccessType": "2 (Use IE settings)"
1318	-	}
1318	+	}
1319	-	},
1319	+	},
1320	-	"104.254.128.107": {
1320	+	"104.254.128.107": {
1321	-	"x86": {
1321	+	"x86": {
1322	-	"BeaconType": "8 (HTTPS)",
1322	+	"BeaconType": "8 (HTTPS)",
1323	-	"Port": "443",
1323	+	"Port": "443",
1324	-	"Polling": "60000",
1324	+	"Polling": "60000",
1325	-	"Jitter": "0",
1325	+	"Jitter": "0",
1326	-	"C2 Server": "45.170.251.101,/ga.js",
1326	+	"C2 Server": "45.170.251.101,/ga.js",
1327	-	"HTTP Method Path 2": "/submit.php",
1327	+	"HTTP Method Path 2": "/submit.php",
1328	-	"Method1": "GET",
1328	+	"Method1": "GET",
1329	-	"Method2": "POST",
1329	+	"Method2": "POST",
1330	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
1330	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
1331	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
1331	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
1332	-	"Proxy_AccessType": "2 (Use IE settings)"
1332	+	"Proxy_AccessType": "2 (Use IE settings)"
1333	-	}
1333	+	}
1334	-	},
1334	+	},
1335	-	"106.52.233.118": {
1335	+	"106.52.233.118": {
1336	-	"x64": {
1336	+	"x64": {
1337	-	"BeaconType": "8 (HTTPS)",
1337	+	"BeaconType": "8 (HTTPS)",
1338	-	"Port": "443",
1338	+	"Port": "443",
1339	-	"Polling": "60000",
1339	+	"Polling": "60000",
1340	-	"Jitter": "0",
1340	+	"Jitter": "0",
1341	-	"Maxdns": "255",
1341	+	"Maxdns": "255",
1342	-	"C2 Server": "106.52.233.118,/s",
1342	+	"C2 Server": "106.52.233.118,/s",
1343	-	"User Agent": "Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko",
1343	+	"User Agent": "Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko",
1344	-	"HTTP Method Path 2": "/S",
1344	+	"HTTP Method Path 2": "/S",
1345	-	"Header1": "",
1345	+	"Header1": "",
1346	-	"Header2": "",
1346	+	"Header2": "",
1347	-	"PipeName": "",
1347	+	"PipeName": "",
1348	-	"DNS Idle": "\\x00\\x00\\x00\\x00",
1348	+	"DNS Idle": "\\x00\\x00\\x00\\x00",
1349	-	"DNS Sleep": "0",
1349	+	"DNS Sleep": "0",
1350	-	"Method1": "GET",
1350	+	"Method1": "GET",
1351	-	"Method2": "POST",
1351	+	"Method2": "POST",
1352	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
1352	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
1353	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
1353	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
1354	-	"Proxy_AccessType": "2 (Use IE settings)"
1354	+	"Proxy_AccessType": "2 (Use IE settings)"
1355	-	}
1355	+	}
1356	-	},
1356	+	},
1357	-	"106.55.153.204": {
1357	+	"106.55.153.204": {
1358	-	"x86": {
1358	+	"x86": {
1359	-	"BeaconType": "8 (HTTPS)",
1359	+	"BeaconType": "8 (HTTPS)",
1360	-	"Port": "443",
1360	+	"Port": "443",
1361	-	"Polling": "60000",
1361	+	"Polling": "60000",
1362	-	"Jitter": "0",
1362	+	"Jitter": "0",
1363	-	"Maxdns": "255",
1363	+	"Maxdns": "255",
1364	-	"C2 Server": "106.55.153.204,/en_US/all.js",
1364	+	"C2 Server": "106.55.153.204,/en_US/all.js",
1365	-	"User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; BOIE9;SVSE)",
1365	+	"User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; BOIE9;SVSE)",
1366	-	"HTTP Method Path 2": "/submit.php",
1366	+	"HTTP Method Path 2": "/submit.php",
1367	-	"Header1": "",
1367	+	"Header1": "",
1368	-	"Header2": "",
1368	+	"Header2": "",
1369	-	"PipeName": "",
1369	+	"PipeName": "",
1370	-	"DNS Idle": "\\x00\\x00\\x00\\x00",
1370	+	"DNS Idle": "\\x00\\x00\\x00\\x00",
1371	-	"DNS Sleep": "0",
1371	+	"DNS Sleep": "0",
1372	-	"Method1": "GET",
1372	+	"Method1": "GET",
1373	-	"Method2": "POST",
1373	+	"Method2": "POST",
1374	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
1374	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
1375	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
1375	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
1376	-	"Proxy_AccessType": "2 (Use IE settings)"
1376	+	"Proxy_AccessType": "2 (Use IE settings)"
1377	-	}
1377	+	}
1378	-	},
1378	+	},
1379	-	"108.177.235.180": {
1379	+	"108.177.235.180": {
1380	-	"x86": {
1380	+	"x86": {
1381	-	"BeaconType": "8 (HTTPS)",
1381	+	"BeaconType": "8 (HTTPS)",
1382	-	"Port": "443",
1382	+	"Port": "443",
1383	-	"Polling": "60000",
1383	+	"Polling": "60000",
1384	-	"Jitter": "0",
1384	+	"Jitter": "0",
1385	-	"Maxdns": "255",
1385	+	"Maxdns": "255",
1386	-	"C2 Server": "mail.safeyoke.com,/ptj,feedback.safeyoke.com,/cx",
1386	+	"C2 Server": "mail.safeyoke.com,/ptj,feedback.safeyoke.com,/cx",
1387	-	"User Agent": "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; InfoPath.2)",
1387	+	"User Agent": "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; InfoPath.2)",
1388	-	"HTTP Method Path 2": "/submit.php",
1388	+	"HTTP Method Path 2": "/submit.php",
1389	-	"Header1": "",
1389	+	"Header1": "",
1390	-	"Header2": "",
1390	+	"Header2": "",
1391	-	"PipeName": "",
1391	+	"PipeName": "",
1392	-	"DNS Idle": "\\x00\\x00\\x00\\x00",
1392	+	"DNS Idle": "\\x00\\x00\\x00\\x00",
1393	-	"DNS Sleep": "0",
1393	+	"DNS Sleep": "0",
1394	-	"Method1": "GET",
1394	+	"Method1": "GET",
1395	-	"Method2": "POST",
1395	+	"Method2": "POST",
1396	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
1396	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
1397	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
1397	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
1398	-	"Proxy_AccessType": "2 (Use IE settings)"
1398	+	"Proxy_AccessType": "2 (Use IE settings)"
1399	-	}
1399	+	}
1400	-	},
1400	+	},
1401	-	"108.177.235.22": {
1401	+	"108.177.235.22": {
1402	-	"x86": {
1402	+	"x86": {
1403	-	"BeaconType": "8 (HTTPS)",
1403	+	"BeaconType": "8 (HTTPS)",
1404	-	"Port": "443",
1404	+	"Port": "443",
1405	-	"Polling": "60000",
1405	+	"Polling": "60000",
1406	-	"Jitter": "0",
1406	+	"Jitter": "0",
1407	-	"Maxdns": "255",
1407	+	"Maxdns": "255",
1408	-	"C2 Server": "108.177.235.22,/fwlink",
1408	+	"C2 Server": "108.177.235.22,/fwlink",
1409	-	"User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)",
1409	+	"User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)",
1410	-	"HTTP Method Path 2": "/submit.php",
1410	+	"HTTP Method Path 2": "/submit.php",
1411	-	"Header1": "",
1411	+	"Header1": "",
1412	-	"Header2": "",
1412	+	"Header2": "",
1413	-	"PipeName": "",
1413	+	"PipeName": "",
1414	-	"DNS Idle": "\\x00\\x00\\x00\\x00",
1414	+	"DNS Idle": "\\x00\\x00\\x00\\x00",
1415	-	"DNS Sleep": "0",
1415	+	"DNS Sleep": "0",
1416	-	"Method1": "GET",
1416	+	"Method1": "GET",
1417	-	"Method2": "POST",
1417	+	"Method2": "POST",
1418	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
1418	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
1419	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
1419	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
1420	-	"Proxy_AccessType": "2 (Use IE settings)"
1420	+	"Proxy_AccessType": "2 (Use IE settings)"
1421	-	}
1421	+	}
1422	-	},
1422	+	},
1423	-	"108.62.118.187": {
1423	+	"108.62.118.187": {
1424	-	"x86": {
1424	+	"x86": {
1425	-	"BeaconType": "8 (HTTPS)",
1425	+	"BeaconType": "8 (HTTPS)",
1426	-	"Port": "443",
1426	+	"Port": "443",
1427	-	"Polling": "5000",
1427	+	"Polling": "5000",
1428	-	"Jitter": "10",
1428	+	"Jitter": "10",
1429	-	"Maxdns": "235",
1429	+	"Maxdns": "235",
1430	-	"C2 Server": "ramush.com,/us/ky/louisville/312-s-fourth-st.html,leepick.com,/us/ky/louisville/312-s-fourth-st.html",
1430	+	"C2 Server": "ramush.com,/us/ky/louisville/312-s-fourth-st.html,leepick.com,/us/ky/louisville/312-s-fourth-st.html",
1431	-	"User Agent": "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko)",
1431	+	"User Agent": "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko)",
1432	-	"HTTP Method Path 2": "/OrderEntryService.asmx/AddOrderLine",
1432	+	"HTTP Method Path 2": "/OrderEntryService.asmx/AddOrderLine",
1433	-	"Header1": "",
1433	+	"Header1": "",
1434	-	"Header2": "",
1434	+	"Header2": "",
1435	-	"PipeName": "",
1435	+	"PipeName": "",
1436	-	"DNS Idle": "\\x08\\x08\\x08\\x08",
1436	+	"DNS Idle": "\\x08\\x08\\x08\\x08",
1437	-	"DNS Sleep": "0",
1437	+	"DNS Sleep": "0",
1438	-	"Method1": "GET",
1438	+	"Method1": "GET",
1439	-	"Method2": "POST",
1439	+	"Method2": "POST",
1440	-	"Spawnto_x86": "%windir%\\syswow64\\mstsc.exe",
1440	+	"Spawnto_x86": "%windir%\\syswow64\\mstsc.exe",
1441	-	"Spawnto_x64": "%windir%\\sysnative\\mstsc.exe",
1441	+	"Spawnto_x64": "%windir%\\sysnative\\mstsc.exe",
1442	-	"Proxy_AccessType": "2 (Use IE settings)"
1442	+	"Proxy_AccessType": "2 (Use IE settings)"
1443	-	},
1443	+	},
1444	-	"x64": {
1444	+	"x64": {
1445	-	"BeaconType": "8 (HTTPS)",
1445	+	"BeaconType": "8 (HTTPS)",
1446	-	"Port": "443",
1446	+	"Port": "443",
1447	-	"Polling": "5000",
1447	+	"Polling": "5000",
1448	-	"Jitter": "10",
1448	+	"Jitter": "10",
1449	-	"Maxdns": "235",
1449	+	"Maxdns": "235",
1450	-	"C2 Server": "ramush.com,/us/ky/louisville/312-s-fourth-st.html,leepick.com,/us/ky/louisville/312-s-fourth-st.html",
1450	+	"C2 Server": "ramush.com,/us/ky/louisville/312-s-fourth-st.html,leepick.com,/us/ky/louisville/312-s-fourth-st.html",
1451	-	"User Agent": "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko)",
1451	+	"User Agent": "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko)",
1452	-	"HTTP Method Path 2": "/OrderEntryService.asmx/AddOrderLine",
1452	+	"HTTP Method Path 2": "/OrderEntryService.asmx/AddOrderLine",
1453	-	"Header1": "",
1453	+	"Header1": "",
1454	-	"Header2": "",
1454	+	"Header2": "",
1455	-	"PipeName": "",
1455	+	"PipeName": "",
1456	-	"DNS Idle": "\\x08\\x08\\x08\\x08",
1456	+	"DNS Idle": "\\x08\\x08\\x08\\x08",
1457	-	"DNS Sleep": "0",
1457	+	"DNS Sleep": "0",
1458	-	"Method1": "GET",
1458	+	"Method1": "GET",
1459	-	"Method2": "POST",
1459	+	"Method2": "POST",
1460	-	"Spawnto_x86": "%windir%\\syswow64\\mstsc.exe",
1460	+	"Spawnto_x86": "%windir%\\syswow64\\mstsc.exe",
1461	-	"Spawnto_x64": "%windir%\\sysnative\\mstsc.exe",
1461	+	"Spawnto_x64": "%windir%\\sysnative\\mstsc.exe",
1462	-	"Proxy_AccessType": "2 (Use IE settings)"
1462	+	"Proxy_AccessType": "2 (Use IE settings)"
1463	-	}
1463	+	}
1464	-	},
1464	+	},
1465	-	"108.62.118.37": {
1465	+	"108.62.118.37": {
1466	-	"x86": {
1466	+	"x86": {
1467	-	"BeaconType": "8 (HTTPS)",
1467	+	"BeaconType": "8 (HTTPS)",
1468	-	"Port": "443",
1468	+	"Port": "443",
1469	-	"Polling": "60000",
1469	+	"Polling": "60000",
1470	-	"Jitter": "0",
1470	+	"Jitter": "0",
1471	-	"Maxdns": "255",
1471	+	"Maxdns": "255",
1472	-	"C2 Server": "amajai-technologies.trade,/ga.js",
1472	+	"C2 Server": "amajai-technologies.trade,/ga.js",
1473	-	"User Agent": "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET4.0C; .NET4.0E)",
1473	+	"User Agent": "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET4.0C; .NET4.0E)",
1474	-	"HTTP Method Path 2": "/submit.php",
1474	+	"HTTP Method Path 2": "/submit.php",
1475	-	"Header1": "",
1475	+	"Header1": "",
1476	-	"Header2": "",
1476	+	"Header2": "",
1477	-	"PipeName": "",
1477	+	"PipeName": "",
1478	-	"DNS Idle": "\\x00\\x00\\x00\\x00",
1478	+	"DNS Idle": "\\x00\\x00\\x00\\x00",
1479	-	"DNS Sleep": "0",
1479	+	"DNS Sleep": "0",
1480	-	"Method1": "GET",
1480	+	"Method1": "GET",
1481	-	"Method2": "POST",
1481	+	"Method2": "POST",
1482	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
1482	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
1483	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
1483	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
1484	-	"Proxy_AccessType": "2 (Use IE settings)"
1484	+	"Proxy_AccessType": "2 (Use IE settings)"
1485	-	},
1485	+	},
1486	-	"x64": {
1486	+	"x64": {
1487	-	"BeaconType": "8 (HTTPS)",
1487	+	"BeaconType": "8 (HTTPS)",
1488	-	"Port": "443",
1488	+	"Port": "443",
1489	-	"Polling": "60000",
1489	+	"Polling": "60000",
1490	-	"Jitter": "0",
1490	+	"Jitter": "0",
1491	-	"Maxdns": "255",
1491	+	"Maxdns": "255",
1492	-	"C2 Server": "amajai-technologies.trade,/match",
1492	+	"C2 Server": "amajai-technologies.trade,/match",
1493	-	"User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.0; Trident/5.0; BO1IE8_v1;ENUS)",
1493	+	"User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.0; Trident/5.0; BO1IE8_v1;ENUS)",
1494	-	"HTTP Method Path 2": "/submit.php",
1494	+	"HTTP Method Path 2": "/submit.php",
1495	-	"Header1": "",
1495	+	"Header1": "",
1496	-	"Header2": "",
1496	+	"Header2": "",
1497	-	"PipeName": "",
1497	+	"PipeName": "",
1498	-	"DNS Idle": "\\x00\\x00\\x00\\x00",
1498	+	"DNS Idle": "\\x00\\x00\\x00\\x00",
1499	-	"DNS Sleep": "0",
1499	+	"DNS Sleep": "0",
1500	-	"Method1": "GET",
1500	+	"Method1": "GET",
1501	-	"Method2": "POST",
1501	+	"Method2": "POST",
1502	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
1502	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
1503	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
1503	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
1504	-	"Proxy_AccessType": "2 (Use IE settings)"
1504	+	"Proxy_AccessType": "2 (Use IE settings)"
1505	-	}
1505	+	}
1506	-	},
1506	+	},
1507	-	"108.62.141.129": {
1507	+	"108.62.141.129": {
1508	-	"x64": {
1508	+	"x64": {
1509	-	"BeaconType": "8 (HTTPS)",
1509	+	"BeaconType": "8 (HTTPS)",
1510	-	"Port": "443",
1510	+	"Port": "443",
1511	-	"Polling": "5000",
1511	+	"Polling": "5000",
1512	-	"Jitter": "10",
1512	+	"Jitter": "10",
1513	-	"Maxdns": "235",
1513	+	"Maxdns": "235",
1514	-	"C2 Server": "eyedm.com,/us/ky/louisville/312-s-fourth-st.html",
1514	+	"C2 Server": "eyedm.com,/us/ky/louisville/312-s-fourth-st.html",
1515	-	"User Agent": "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko)",
1515	+	"User Agent": "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko)",
1516	-	"HTTP Method Path 2": "/OrderEntryService.asmx/AddOrderLine",
1516	+	"HTTP Method Path 2": "/OrderEntryService.asmx/AddOrderLine",
1517	-	"Header1": "",
1517	+	"Header1": "",
1518	-	"Header2": "",
1518	+	"Header2": "",
1519	-	"PipeName": "",
1519	+	"PipeName": "",
1520	-	"DNS Idle": "\\x08\\x08\\x08\\x08",
1520	+	"DNS Idle": "\\x08\\x08\\x08\\x08",
1521	-	"DNS Sleep": "0",
1521	+	"DNS Sleep": "0",
1522	-	"Method1": "GET",
1522	+	"Method1": "GET",
1523	-	"Method2": "POST",
1523	+	"Method2": "POST",
1524	-	"Spawnto_x86": "%windir%\\syswow64\\mstsc.exe",
1524	+	"Spawnto_x86": "%windir%\\syswow64\\mstsc.exe",
1525	-	"Spawnto_x64": "%windir%\\sysnative\\mstsc.exe",
1525	+	"Spawnto_x64": "%windir%\\sysnative\\mstsc.exe",
1526	-	"Proxy_AccessType": "2 (Use IE settings)"
1526	+	"Proxy_AccessType": "2 (Use IE settings)"
1527	-	}
1527	+	}
1528	-	},
1528	+	},
1529	-	"108.62.141.158": {
1529	+	"108.62.141.158": {
1530	-	"x86": {
1530	+	"x86": {
1531	-	"BeaconType": "8 (HTTPS)",
1531	+	"BeaconType": "8 (HTTPS)",
1532	-	"Port": "443",
1532	+	"Port": "443",
1533	-	"Polling": "5000",
1533	+	"Polling": "5000",
1534	-	"Jitter": "10",
1534	+	"Jitter": "10",
1535	-	"Maxdns": "235",
1535	+	"Maxdns": "235",
1536	-	"C2 Server": "lenfree.com,/us/ky/louisville/312-s-fourth-st.html,199.127.61.74,/us/ky/louisville/312-s-fourth-st.html",
1536	+	"C2 Server": "lenfree.com,/us/ky/louisville/312-s-fourth-st.html,199.127.61.74,/us/ky/louisville/312-s-fourth-st.html",
1537	-	"User Agent": "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko)",
1537	+	"User Agent": "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko)",
1538	-	"HTTP Method Path 2": "/OrderEntryService.asmx/AddOrderLine",
1538	+	"HTTP Method Path 2": "/OrderEntryService.asmx/AddOrderLine",
1539	-	"Header1": "",
1539	+	"Header1": "",
1540	-	"Header2": "",
1540	+	"Header2": "",
1541	-	"PipeName": "",
1541	+	"PipeName": "",
1542	-	"DNS Idle": "\\x08\\x08\\x08\\x08",
1542	+	"DNS Idle": "\\x08\\x08\\x08\\x08",
1543	-	"DNS Sleep": "0",
1543	+	"DNS Sleep": "0",
1544	-	"Method1": "GET",
1544	+	"Method1": "GET",
1545	-	"Method2": "POST",
1545	+	"Method2": "POST",
1546	-	"Spawnto_x86": "%windir%\\syswow64\\mstsc.exe",
1546	+	"Spawnto_x86": "%windir%\\syswow64\\mstsc.exe",
1547	-	"Spawnto_x64": "%windir%\\sysnative\\mstsc.exe",
1547	+	"Spawnto_x64": "%windir%\\sysnative\\mstsc.exe",
1548	-	"Proxy_AccessType": "2 (Use IE settings)"
1548	+	"Proxy_AccessType": "2 (Use IE settings)"
1549	-	}
1549	+	}
1550	-	},
1550	+	},
1551	-	"108.62.141.170": {
1551	+	"108.62.141.170": {
1552	-	"x64": {
1552	+	"x64": {
1553	-	"BeaconType": "8 (HTTPS)",
1553	+	"BeaconType": "8 (HTTPS)",
1554	-	"Port": "443",
1554	+	"Port": "443",
1555	-	"Polling": "5000",
1555	+	"Polling": "5000",
1556	-	"Jitter": "10",
1556	+	"Jitter": "10",
1557	-	"Maxdns": "235",
1557	+	"Maxdns": "235",
1558	-	"C2 Server": "172.82.148.202,/us/ky/louisville/312-s-fourth-st.html,resnote.com,/us/ky/louisville/312-s-fourth-st.html",
1558	+	"C2 Server": "172.82.148.202,/us/ky/louisville/312-s-fourth-st.html,resnote.com,/us/ky/louisville/312-s-fourth-st.html",
1559	-	"User Agent": "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko)",
1559	+	"User Agent": "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko)",
1560	-	"HTTP Method Path 2": "/OrderEntryService.asmx/AddOrderLine",
1560	+	"HTTP Method Path 2": "/OrderEntryService.asmx/AddOrderLine",
1561	-	"Header1": "",
1561	+	"Header1": "",
1562	-	"Header2": "",
1562	+	"Header2": "",
1563	-	"PipeName": "",
1563	+	"PipeName": "",
1564	-	"DNS Idle": "\\x08\\x08\\x08\\x08",
1564	+	"DNS Idle": "\\x08\\x08\\x08\\x08",
1565	-	"DNS Sleep": "0",
1565	+	"DNS Sleep": "0",
1566	-	"Method1": "GET",
1566	+	"Method1": "GET",
1567	-	"Method2": "POST",
1567	+	"Method2": "POST",
1568	-	"Spawnto_x86": "%windir%\\syswow64\\mstsc.exe",
1568	+	"Spawnto_x86": "%windir%\\syswow64\\mstsc.exe",
1569	-	"Spawnto_x64": "%windir%\\sysnative\\mstsc.exe",
1569	+	"Spawnto_x64": "%windir%\\sysnative\\mstsc.exe",
1570	-	"Proxy_AccessType": "2 (Use IE settings)"
1570	+	"Proxy_AccessType": "2 (Use IE settings)"
1571	-	}
1571	+	}
1572	-	},
1572	+	},
1573	-	"108.62.141.62": {
1573	+	"108.62.141.62": {
1574	-	"x86": {
1574	+	"x86": {
1575	-	"BeaconType": "8 (HTTPS)",
1575	+	"BeaconType": "8 (HTTPS)",
1576	-	"Port": "443",
1576	+	"Port": "443",
1577	-	"Polling": "5000",
1577	+	"Polling": "5000",
1578	-	"Jitter": "10",
1578	+	"Jitter": "10",
1579	-	"Maxdns": "235",
1579	+	"Maxdns": "235",
1580	-	"C2 Server": "orgsale.com,/us/ky/louisville/312-s-fourth-st.html",
1580	+	"C2 Server": "orgsale.com,/us/ky/louisville/312-s-fourth-st.html",
1581	-	"User Agent": "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko)",
1581	+	"User Agent": "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko)",
1582	-	"HTTP Method Path 2": "/OrderEntryService.asmx/AddOrderLine",
1582	+	"HTTP Method Path 2": "/OrderEntryService.asmx/AddOrderLine",
1583	-	"Header1": "",
1583	+	"Header1": "",
1584	-	"Header2": "",
1584	+	"Header2": "",
1585	-	"PipeName": "",
1585	+	"PipeName": "",
1586	-	"DNS Idle": "\\x08\\x08\\x08\\x08",
1586	+	"DNS Idle": "\\x08\\x08\\x08\\x08",
1587	-	"DNS Sleep": "0",
1587	+	"DNS Sleep": "0",
1588	-	"Method1": "GET",
1588	+	"Method1": "GET",
1589	-	"Method2": "POST",
1589	+	"Method2": "POST",
1590	-	"Spawnto_x86": "%windir%\\syswow64\\mstsc.exe",
1590	+	"Spawnto_x86": "%windir%\\syswow64\\mstsc.exe",
1591	-	"Spawnto_x64": "%windir%\\sysnative\\mstsc.exe",
1591	+	"Spawnto_x64": "%windir%\\sysnative\\mstsc.exe",
1592	-	"Proxy_AccessType": "2 (Use IE settings)"
1592	+	"Proxy_AccessType": "2 (Use IE settings)"
1593	-	}
1593	+	}
1594	-	},
1594	+	},
1595	-	"108.62.141.72": {
1595	+	"108.62.141.72": {
1596	-	"x86": {
1596	+	"x86": {
1597	-	"BeaconType": "8 (HTTPS)",
1597	+	"BeaconType": "8 (HTTPS)",
1598	-	"Port": "443",
1598	+	"Port": "443",
1599	-	"Polling": "5000",
1599	+	"Polling": "5000",
1600	-	"Jitter": "10",
1600	+	"Jitter": "10",
1601	-	"Maxdns": "235",
1601	+	"Maxdns": "235",
1602	-	"C2 Server": "foxreps.com,/us/ky/louisville/312-s-fourth-st.html,novause.com,/us/ky/louisville/312-s-fourth-st.html",
1602	+	"C2 Server": "foxreps.com,/us/ky/louisville/312-s-fourth-st.html,novause.com,/us/ky/louisville/312-s-fourth-st.html",
1603	-	"User Agent": "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko)",
1603	+	"User Agent": "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko)",
1604	-	"HTTP Method Path 2": "/OrderEntryService.asmx/AddOrderLine",
1604	+	"HTTP Method Path 2": "/OrderEntryService.asmx/AddOrderLine",
1605	-	"Header1": "",
1605	+	"Header1": "",
1606	-	"Header2": "",
1606	+	"Header2": "",
1607	-	"PipeName": "",
1607	+	"PipeName": "",
1608	-	"DNS Idle": "\\x08\\x08\\x08\\x08",
1608	+	"DNS Idle": "\\x08\\x08\\x08\\x08",
1609	-	"DNS Sleep": "0",
1609	+	"DNS Sleep": "0",
1610	-	"Method1": "GET",
1610	+	"Method1": "GET",
1611	-	"Method2": "POST",
1611	+	"Method2": "POST",
1612	-	"Spawnto_x86": "%windir%\\syswow64\\mstsc.exe",
1612	+	"Spawnto_x86": "%windir%\\syswow64\\mstsc.exe",
1613	-	"Spawnto_x64": "%windir%\\sysnative\\mstsc.exe",
1613	+	"Spawnto_x64": "%windir%\\sysnative\\mstsc.exe",
1614	-	"Proxy_AccessType": "2 (Use IE settings)"
1614	+	"Proxy_AccessType": "2 (Use IE settings)"
1615	-	}
1615	+	}
1616	-	},
1616	+	},
1617	-	"109.201.142.110": {
1617	+	"109.201.142.110": {
1618	-	"x86": {
1618	+	"x86": {
1619	-	"BeaconType": "8 (HTTPS)",
1619	+	"BeaconType": "8 (HTTPS)",
1620	-	"Port": "443",
1620	+	"Port": "443",
1621	-	"Polling": "60000",
1621	+	"Polling": "60000",
1622	-	"Jitter": "0",
1622	+	"Jitter": "0",
1623	-	"Maxdns": "255",
1623	+	"Maxdns": "255",
1624	-	"C2 Server": "forteupdate.com,/match",
1624	+	"C2 Server": "forteupdate.com,/match",
1625	-	"User Agent": "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; Trident/6.0)",
1625	+	"User Agent": "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; Trident/6.0)",
1626	-	"HTTP Method Path 2": "/submit.php",
1626	+	"HTTP Method Path 2": "/submit.php",
1627	-	"Header1": "",
1627	+	"Header1": "",
1628	-	"Header2": "",
1628	+	"Header2": "",
1629	-	"PipeName": "",
1629	+	"PipeName": "",
1630	-	"DNS Idle": "\\x00\\x00\\x00\\x00",
1630	+	"DNS Idle": "\\x00\\x00\\x00\\x00",
1631	-	"DNS Sleep": "0",
1631	+	"DNS Sleep": "0",
1632	-	"Method1": "GET",
1632	+	"Method1": "GET",
1633	-	"Method2": "POST",
1633	+	"Method2": "POST",
1634	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
1634	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
1635	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
1635	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
1636	-	"Proxy_AccessType": "2 (Use IE settings)"
1636	+	"Proxy_AccessType": "2 (Use IE settings)"
1637	-	}
1637	+	}
1638	-	},
1638	+	},
1639	-	"109.230.199.56": {
1639	+	"109.230.199.56": {
1640	-	"x64": {
1640	+	"x64": {
1641	-	"BeaconType": "8 (HTTPS)",
1641	+	"BeaconType": "8 (HTTPS)",
1642	-	"Port": "443",
1642	+	"Port": "443",
1643	-	"Polling": "60000",
1643	+	"Polling": "60000",
1644	-	"Jitter": "0",
1644	+	"Jitter": "0",
1645	-	"Maxdns": "255",
1645	+	"Maxdns": "255",
1646	-	"C2 Server": "109.230.199.56,/dpixel",
1646	+	"C2 Server": "109.230.199.56,/dpixel",
1647	-	"User Agent": "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; SV1)",
1647	+	"User Agent": "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; SV1)",
1648	-	"HTTP Method Path 2": "/submit.php",
1648	+	"HTTP Method Path 2": "/submit.php",
1649	-	"Header1": "",
1649	+	"Header1": "",
1650	-	"Header2": "",
1650	+	"Header2": "",
1651	-	"PipeName": "",
1651	+	"PipeName": "",
1652	-	"DNS Idle": "\\x00\\x00\\x00\\x00",
1652	+	"DNS Idle": "\\x00\\x00\\x00\\x00",
1653	-	"DNS Sleep": "0",
1653	+	"DNS Sleep": "0",
1654	-	"Method1": "GET",
1654	+	"Method1": "GET",
1655	-	"Method2": "POST",
1655	+	"Method2": "POST",
1656	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
1656	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
1657	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
1657	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
1658	-	"Proxy_AccessType": "2 (Use IE settings)"
1658	+	"Proxy_AccessType": "2 (Use IE settings)"
1659	-	}
1659	+	}
1660	-	},
1660	+	},
1661	-	"109.231.194.189": {
1661	+	"109.231.194.189": {
1662	-	"x86": {
1662	+	"x86": {
1663	-	"BeaconType": "8 (HTTPS)",
1663	+	"BeaconType": "8 (HTTPS)",
1664	-	"Port": "443",
1664	+	"Port": "443",
1665	-	"Polling": "880",
1665	+	"Polling": "880",
1666	-	"Jitter": "0",
1666	+	"Jitter": "0",
1667	-	"Maxdns": "244",
1667	+	"Maxdns": "244",
1668	-	"C2 Server": "109.231.194.189,/access/",
1668	+	"C2 Server": "109.231.194.189,/access/",
1669	-	"User Agent": "Mozilla/5.0 (Windows NT 6.1; rv:1.9) Gecko/20100101 Firefox/4.0",
1669	+	"User Agent": "Mozilla/5.0 (Windows NT 6.1; rv:1.9) Gecko/20100101 Firefox/4.0",
1670	-	"HTTP Method Path 2": "/radio/xmlrpc/v35",
1670	+	"HTTP Method Path 2": "/radio/xmlrpc/v35",
1671	-	"Header1": "",
1671	+	"Header1": "",
1672	-	"Header2": "",
1672	+	"Header2": "",
1673	-	"PipeName": "\\\\%s\\pipe\\msagent_%x",
1673	+	"PipeName": "\\\\%s\\pipe\\msagent_%x",
1674	-	"DNS Idle": "\\x00\\x00\\x00\\x00",
1674	+	"DNS Idle": "\\x00\\x00\\x00\\x00",
1675	-	"DNS Sleep": "0",
1675	+	"DNS Sleep": "0",
1676	-	"Method1": "GET",
1676	+	"Method1": "GET",
1677	-	"Method2": "POST",
1677	+	"Method2": "POST",
1678	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
1678	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
1679	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
1679	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
1680	-	"Proxy_AccessType": "2 (Use IE settings)"
1680	+	"Proxy_AccessType": "2 (Use IE settings)"
1681	-	},
1681	+	},
1682	-	"x64": {
1682	+	"x64": {
1683	-	"BeaconType": "8 (HTTPS)",
1683	+	"BeaconType": "8 (HTTPS)",
1684	-	"Port": "443",
1684	+	"Port": "443",
1685	-	"Polling": "880",
1685	+	"Polling": "880",
1686	-	"Jitter": "0",
1686	+	"Jitter": "0",
1687	-	"Maxdns": "244",
1687	+	"Maxdns": "244",
1688	-	"C2 Server": "109.231.194.189,/access/",
1688	+	"C2 Server": "109.231.194.189,/access/",
1689	-	"User Agent": "Mozilla/5.0 (Windows NT 6.1; rv:1.9) Gecko/20100101 Firefox/4.0",
1689	+	"User Agent": "Mozilla/5.0 (Windows NT 6.1; rv:1.9) Gecko/20100101 Firefox/4.0",
1690	-	"HTTP Method Path 2": "/radio/xmlrpc/v35",
1690	+	"HTTP Method Path 2": "/radio/xmlrpc/v35",
1691	-	"Header1": "",
1691	+	"Header1": "",
1692	-	"Header2": "",
1692	+	"Header2": "",
1693	-	"PipeName": "\\\\%s\\pipe\\msagent_%x",
1693	+	"PipeName": "\\\\%s\\pipe\\msagent_%x",
1694	-	"DNS Idle": "\\x00\\x00\\x00\\x00",
1694	+	"DNS Idle": "\\x00\\x00\\x00\\x00",
1695	-	"DNS Sleep": "0",
1695	+	"DNS Sleep": "0",
1696	-	"Method1": "GET",
1696	+	"Method1": "GET",
1697	-	"Method2": "POST",
1697	+	"Method2": "POST",
1698	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
1698	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
1699	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
1699	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
1700	-	"Proxy_AccessType": "2 (Use IE settings)"
1700	+	"Proxy_AccessType": "2 (Use IE settings)"
1701	-	}
1701	+	}
1702	-	},
1702	+	},
1703	-	"111.229.210.49": {
1703	+	"111.229.210.49": {
1704	-	"x86": {
1704	+	"x86": {
1705	-	"BeaconType": "8 (HTTPS)",
1705	+	"BeaconType": "8 (HTTPS)",
1706	-	"Port": "443",
1706	+	"Port": "443",
1707	-	"Polling": "60000",
1707	+	"Polling": "60000",
1708	-	"Jitter": "0",
1708	+	"Jitter": "0",
1709	-	"Maxdns": "255",
1709	+	"Maxdns": "255",
1710	-	"C2 Server": "111.229.210.49,/push",
1710	+	"C2 Server": "111.229.210.49,/push",
1711	-	"User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; NP06)",
1711	+	"User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; NP06)",
1712	-	"HTTP Method Path 2": "/submit.php",
1712	+	"HTTP Method Path 2": "/submit.php",
1713	-	"Header1": "",
1713	+	"Header1": "",
1714	-	"Header2": "",
1714	+	"Header2": "",
1715	-	"PipeName": "",
1715	+	"PipeName": "",
1716	-	"DNS Idle": "\\x00\\x00\\x00\\x00",
1716	+	"DNS Idle": "\\x00\\x00\\x00\\x00",
1717	-	"DNS Sleep": "0",
1717	+	"DNS Sleep": "0",
1718	-	"Method1": "GET",
1718	+	"Method1": "GET",
1719	-	"Method2": "POST",
1719	+	"Method2": "POST",
1720	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
1720	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
1721	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
1721	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
1722	-	"Proxy_AccessType": "2 (Use IE settings)"
1722	+	"Proxy_AccessType": "2 (Use IE settings)"
1723	-	}
1723	+	}
1724	-	},
1724	+	},
1725	-	"114.118.4.189": {
1725	+	"114.118.4.189": {
1726	-	"x86": {
1726	+	"x86": {
1727	-	"BeaconType": "8 (HTTPS)",
1727	+	"BeaconType": "8 (HTTPS)",
1728	-	"Port": "443",
1728	+	"Port": "443",
1729	-	"Polling": "5000",
1729	+	"Polling": "5000",
1730	-	"Jitter": "10",
1730	+	"Jitter": "10",
1731	-	"Maxdns": "235",
1731	+	"Maxdns": "235",
1732	-	"C2 Server": "114.118.4.189,/updates",
1732	+	"C2 Server": "114.118.4.189,/updates",
1733	-	"User Agent": "Mozilla/5.0 (Windows NT 6.1; rv:24.0) Gecko/20100101 Firefox/24.0",
1733	+	"User Agent": "Mozilla/5.0 (Windows NT 6.1; rv:24.0) Gecko/20100101 Firefox/24.0",
1734	-	"HTTP Method Path 2": "/windows/mark.jsp",
1734	+	"HTTP Method Path 2": "/windows/mark.jsp",
1735	-	"Header1": "",
1735	+	"Header1": "",
1736	-	"Header2": "",
1736	+	"Header2": "",
1737	-	"PipeName": "",
1737	+	"PipeName": "",
1738	-	"DNS Idle": "\\x08\\x08\\x04\\x04",
1738	+	"DNS Idle": "\\x08\\x08\\x04\\x04",
1739	-	"DNS Sleep": "0",
1739	+	"DNS Sleep": "0",
1740	-	"Method1": "GET",
1740	+	"Method1": "GET",
1741	-	"Method2": "POST",
1741	+	"Method2": "POST",
1742	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
1742	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
1743	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
1743	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
1744	-	"Proxy_AccessType": "2 (Use IE settings)"
1744	+	"Proxy_AccessType": "2 (Use IE settings)"
1745	-	},
1745	+	},
1746	-	"x64": {
1746	+	"x64": {
1747	-	"BeaconType": "8 (HTTPS)",
1747	+	"BeaconType": "8 (HTTPS)",
1748	-	"Port": "443",
1748	+	"Port": "443",
1749	-	"Polling": "5000",
1749	+	"Polling": "5000",
1750	-	"Jitter": "10",
1750	+	"Jitter": "10",
1751	-	"Maxdns": "235",
1751	+	"Maxdns": "235",
1752	-	"C2 Server": "114.118.4.189,/updates",
1752	+	"C2 Server": "114.118.4.189,/updates",
1753	-	"User Agent": "Mozilla/5.0 (Windows NT 6.1; rv:24.0) Gecko/20100101 Firefox/24.0",
1753	+	"User Agent": "Mozilla/5.0 (Windows NT 6.1; rv:24.0) Gecko/20100101 Firefox/24.0",
1754	-	"HTTP Method Path 2": "/windows/fly.jsp",
1754	+	"HTTP Method Path 2": "/windows/fly.jsp",
1755	-	"Header1": "",
1755	+	"Header1": "",
1756	-	"Header2": "",
1756	+	"Header2": "",
1757	-	"PipeName": "",
1757	+	"PipeName": "",
1758	-	"DNS Idle": "\\x08\\x08\\x04\\x04",
1758	+	"DNS Idle": "\\x08\\x08\\x04\\x04",
1759	-	"DNS Sleep": "0",
1759	+	"DNS Sleep": "0",
1760	-	"Method1": "GET",
1760	+	"Method1": "GET",
1761	-	"Method2": "POST",
1761	+	"Method2": "POST",
1762	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
1762	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
1763	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
1763	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
1764	-	"Proxy_AccessType": "2 (Use IE settings)"
1764	+	"Proxy_AccessType": "2 (Use IE settings)"
1765	-	}
1765	+	}
1766	-	},
1766	+	},
1767	-	"117.50.106.161": {
1767	+	"117.50.106.161": {
1768	-	"x86": {
1768	+	"x86": {
1769	-	"BeaconType": "8 (HTTPS)",
1769	+	"BeaconType": "8 (HTTPS)",
1770	-	"Port": "443",
1770	+	"Port": "443",
1771	-	"Polling": "60000",
1771	+	"Polling": "60000",
1772	-	"Jitter": "0",
1772	+	"Jitter": "0",
1773	-	"Maxdns": "255",
1773	+	"Maxdns": "255",
1774	-	"C2 Server": "117.50.106.161,/pixel",
1774	+	"C2 Server": "117.50.106.161,/pixel",
1775	-	"User Agent": "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; Win64; x64; Trident/6.0; MAARJS)",
1775	+	"User Agent": "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; Win64; x64; Trident/6.0; MAARJS)",
1776	-	"HTTP Method Path 2": "/submit.php",
1776	+	"HTTP Method Path 2": "/submit.php",
1777	-	"Header1": "",
1777	+	"Header1": "",
1778	-	"Header2": "",
1778	+	"Header2": "",
1779	-	"PipeName": "",
1779	+	"PipeName": "",
1780	-	"DNS Idle": "\\x00\\x00\\x00\\x00",
1780	+	"DNS Idle": "\\x00\\x00\\x00\\x00",
1781	-	"DNS Sleep": "0",
1781	+	"DNS Sleep": "0",
1782	-	"Method1": "GET",
1782	+	"Method1": "GET",
1783	-	"Method2": "POST",
1783	+	"Method2": "POST",
1784	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
1784	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
1785	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
1785	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
1786	-	"Proxy_AccessType": "2 (Use IE settings)"
1786	+	"Proxy_AccessType": "2 (Use IE settings)"
1787	-	}
1787	+	}
1788	-	},
1788	+	},
1789	-	"117.51.149.186": {
1789	+	"117.51.149.186": {
1790	-	"x64": {
1790	+	"x64": {
1791	-	"BeaconType": "8 (HTTPS)",
1791	+	"BeaconType": "8 (HTTPS)",
1792	-	"Port": "443",
1792	+	"Port": "443",
1793	-	"Polling": "60000",
1793	+	"Polling": "60000",
1794	-	"Jitter": "0",
1794	+	"Jitter": "0",
1795	-	"Maxdns": "255",
1795	+	"Maxdns": "255",
1796	-	"C2 Server": "117.51.149.186,/fwlink",
1796	+	"C2 Server": "117.51.149.186,/fwlink",
1797	-	"User Agent": "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; Win64; x64; Trident/6.0; MATMJS)",
1797	+	"User Agent": "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; Win64; x64; Trident/6.0; MATMJS)",
1798	-	"HTTP Method Path 2": "/submit.php",
1798	+	"HTTP Method Path 2": "/submit.php",
1799	-	"Header1": "",
1799	+	"Header1": "",
1800	-	"Header2": "",
1800	+	"Header2": "",
1801	-	"PipeName": "",
1801	+	"PipeName": "",
1802	-	"DNS Idle": "\\x00\\x00\\x00\\x00",
1802	+	"DNS Idle": "\\x00\\x00\\x00\\x00",
1803	-	"DNS Sleep": "0",
1803	+	"DNS Sleep": "0",
1804	-	"Method1": "GET",
1804	+	"Method1": "GET",
1805	-	"Method2": "POST",
1805	+	"Method2": "POST",
1806	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
1806	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
1807	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
1807	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
1808	-	"Proxy_AccessType": "2 (Use IE settings)"
1808	+	"Proxy_AccessType": "2 (Use IE settings)"
1809	-	}
1809	+	}
1810	-	},
1810	+	},
1811	-	"119.28.9.129": {
1811	+	"119.28.9.129": {
1812	-	"x64": {
1812	+	"x64": {
1813	-	"BeaconType": "8 (HTTPS)",
1813	+	"BeaconType": "8 (HTTPS)",
1814	-	"Port": "443",
1814	+	"Port": "443",
1815	-	"Polling": "60000",
1815	+	"Polling": "60000",
1816	-	"Jitter": "0",
1816	+	"Jitter": "0",
1817	-	"Maxdns": "255",
1817	+	"Maxdns": "255",
1818	-	"C2 Server": "119.28.9.129,/pixel.gif",
1818	+	"C2 Server": "119.28.9.129,/pixel.gif",
1819	-	"User Agent": "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0)",
1819	+	"User Agent": "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0)",
1820	-	"HTTP Method Path 2": "/submit.php",
1820	+	"HTTP Method Path 2": "/submit.php",
1821	-	"Header1": "",
1821	+	"Header1": "",
1822	-	"Header2": "",
1822	+	"Header2": "",
1823	-	"PipeName": "",
1823	+	"PipeName": "",
1824	-	"DNS Idle": "\\x00\\x00\\x00\\x00",
1824	+	"DNS Idle": "\\x00\\x00\\x00\\x00",
1825	-	"DNS Sleep": "0",
1825	+	"DNS Sleep": "0",
1826	-	"Method1": "GET",
1826	+	"Method1": "GET",
1827	-	"Method2": "POST",
1827	+	"Method2": "POST",
1828	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
1828	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
1829	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
1829	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
1830	-	"Proxy_AccessType": "2 (Use IE settings)"
1830	+	"Proxy_AccessType": "2 (Use IE settings)"
1831	-	}
1831	+	}
1832	-	},
1832	+	},
1833	-	"121.196.148.36": {
1833	+	"121.196.148.36": {
1834	-	"x86": {
1834	+	"x86": {
1835	-	"BeaconType": "8 (HTTPS)",
1835	+	"BeaconType": "8 (HTTPS)",
1836	-	"Port": "443",
1836	+	"Port": "443",
1837	-	"Polling": "60534",
1837	+	"Polling": "60534",
1838	-	"Jitter": "41",
1838	+	"Jitter": "41",
1839	-	"Maxdns": "249",
1839	+	"Maxdns": "249",
1840	-	"C2 Server": "121.196.148.36,/ur.js",
1840	+	"C2 Server": "121.196.148.36,/ur.js",
1841	-	"User Agent": "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/47.0.2526.111 Safari/537.36",
1841	+	"User Agent": "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/47.0.2526.111 Safari/537.36",
1842	-	"HTTP Method Path 2": "/favicon",
1842	+	"HTTP Method Path 2": "/favicon",
1843	-	"Header1": "",
1843	+	"Header1": "",
1844	-	"Header2": "",
1844	+	"Header2": "",
1845	-	"PipeName": "",
1845	+	"PipeName": "",
1846	-	"DNS Idle": "\\xD6\\x82\\xA4E",
1846	+	"DNS Idle": "\\xD6\\x82\\xA4E",
1847	-	"DNS Sleep": "0",
1847	+	"DNS Sleep": "0",
1848	-	"Method1": "GET",
1848	+	"Method1": "GET",
1849	-	"Method2": "POST",
1849	+	"Method2": "POST",
1850	-	"Spawnto_x86": "%windir%\\syswow64\\svchost.exe",
1850	+	"Spawnto_x86": "%windir%\\syswow64\\svchost.exe",
1851	-	"Spawnto_x64": "%windir%\\sysnative\\svchost.exe",
1851	+	"Spawnto_x64": "%windir%\\sysnative\\svchost.exe",
1852	-	"Proxy_AccessType": "2 (Use IE settings)"
1852	+	"Proxy_AccessType": "2 (Use IE settings)"
1853	-	}
1853	+	}
1854	-	},
1854	+	},
1855	-	"123.56.133.239": {
1855	+	"123.56.133.239": {
1856	-	"x86": {
1856	+	"x86": {
1857	-	"BeaconType": "8 (HTTPS)",
1857	+	"BeaconType": "8 (HTTPS)",
1858	-	"Port": "443",
1858	+	"Port": "443",
1859	-	"Polling": "60000",
1859	+	"Polling": "60000",
1860	-	"Jitter": "0",
1860	+	"Jitter": "0",
1861	-	"Maxdns": "255",
1861	+	"Maxdns": "255",
1862	-	"C2 Server": "123.56.133.239,/activity",
1862	+	"C2 Server": "123.56.133.239,/activity",
1863	-	"User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; BOIE9;ENUSMSCOM)",
1863	+	"User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; BOIE9;ENUSMSCOM)",
1864	-	"HTTP Method Path 2": "/submit.php",
1864	+	"HTTP Method Path 2": "/submit.php",
1865	-	"Header1": "",
1865	+	"Header1": "",
1866	-	"Header2": "",
1866	+	"Header2": "",
1867	-	"PipeName": "",
1867	+	"PipeName": "",
1868	-	"DNS Idle": "\\x00\\x00\\x00\\x00",
1868	+	"DNS Idle": "\\x00\\x00\\x00\\x00",
1869	-	"DNS Sleep": "0",
1869	+	"DNS Sleep": "0",
1870	-	"Method1": "GET",
1870	+	"Method1": "GET",
1871	-	"Method2": "POST",
1871	+	"Method2": "POST",
1872	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
1872	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
1873	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
1873	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
1874	-	"Proxy_AccessType": "2 (Use IE settings)"
1874	+	"Proxy_AccessType": "2 (Use IE settings)"
1875	-	},
1875	+	},
1876	-	"x64": {
1876	+	"x64": {
1877	-	"BeaconType": "8 (HTTPS)",
1877	+	"BeaconType": "8 (HTTPS)",
1878	-	"Port": "443",
1878	+	"Port": "443",
1879	-	"Polling": "60000",
1879	+	"Polling": "60000",
1880	-	"Jitter": "0",
1880	+	"Jitter": "0",
1881	-	"Maxdns": "255",
1881	+	"Maxdns": "255",
1882	-	"C2 Server": "123.56.133.239,/activity",
1882	+	"C2 Server": "123.56.133.239,/activity",
1883	-	"User Agent": "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; SV1)",
1883	+	"User Agent": "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; SV1)",
1884	-	"HTTP Method Path 2": "/submit.php",
1884	+	"HTTP Method Path 2": "/submit.php",
1885	-	"Header1": "",
1885	+	"Header1": "",
1886	-	"Header2": "",
1886	+	"Header2": "",
1887	-	"PipeName": "",
1887	+	"PipeName": "",
1888	-	"DNS Idle": "\\x00\\x00\\x00\\x00",
1888	+	"DNS Idle": "\\x00\\x00\\x00\\x00",
1889	-	"DNS Sleep": "0",
1889	+	"DNS Sleep": "0",
1890	-	"Method1": "GET",
1890	+	"Method1": "GET",
1891	-	"Method2": "POST",
1891	+	"Method2": "POST",
1892	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
1892	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
1893	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
1893	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
1894	-	"Proxy_AccessType": "2 (Use IE settings)"
1894	+	"Proxy_AccessType": "2 (Use IE settings)"
1895	-	}
1895	+	}
1896	-	},
1896	+	},
1897	-	"123.57.235.194": {
1897	+	"123.57.235.194": {
1898	-	"x64": {
1898	+	"x64": {
1899	-	"BeaconType": "8 (HTTPS)",
1899	+	"BeaconType": "8 (HTTPS)",
1900	-	"Port": "443",
1900	+	"Port": "443",
1901	-	"Polling": "1000",
1901	+	"Polling": "1000",
1902	-	"Jitter": "37",
1902	+	"Jitter": "37",
1903	-	"Maxdns": "255",
1903	+	"Maxdns": "255",
1904	-	"C2 Server": "123.57.235.194,/jquery-3.3.1.min.js",
1904	+	"C2 Server": "123.57.235.194,/jquery-3.3.1.min.js",
1905	-	"User Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36",
1905	+	"User Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36",
1906	-	"HTTP Method Path 2": "/jquery-3.3.2.min.js",
1906	+	"HTTP Method Path 2": "/jquery-3.3.2.min.js",
1907	-	"Header1": "",
1907	+	"Header1": "",
1908	-	"Header2": "",
1908	+	"Header2": "",
1909	-	"PipeName": "",
1909	+	"PipeName": "",
1910	-	"DNS Idle": "J}\\xC4q",
1910	+	"DNS Idle": "J}\\xC4q",
1911	-	"DNS Sleep": "0",
1911	+	"DNS Sleep": "0",
1912	-	"Method1": "GET",
1912	+	"Method1": "GET",
1913	-	"Method2": "POST",
1913	+	"Method2": "POST",
1914	-	"Spawnto_x86": "%windir%\\syswow64\\dllhost.exe",
1914	+	"Spawnto_x86": "%windir%\\syswow64\\dllhost.exe",
1915	-	"Spawnto_x64": "%windir%\\sysnative\\dllhost.exe",
1915	+	"Spawnto_x64": "%windir%\\sysnative\\dllhost.exe",
1916	-	"Proxy_AccessType": "2 (Use IE settings)"
1916	+	"Proxy_AccessType": "2 (Use IE settings)"
1917	-	}
1917	+	}
1918	-	},
1918	+	},
1919	-	"123.57.90.172": {
1919	+	"123.57.90.172": {
1920	-	"x64": {
1920	+	"x64": {
1921	-	"BeaconType": "8 (HTTPS)",
1921	+	"BeaconType": "8 (HTTPS)",
1922	-	"Port": "443",
1922	+	"Port": "443",
1923	-	"Polling": "60000",
1923	+	"Polling": "60000",
1924	-	"Jitter": "0",
1924	+	"Jitter": "0",
1925	-	"Maxdns": "255",
1925	+	"Maxdns": "255",
1926	-	"C2 Server": "123.57.90.172,/__utm.gif",
1926	+	"C2 Server": "123.57.90.172,/__utm.gif",
1927	-	"User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)",
1927	+	"User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)",
1928	-	"HTTP Method Path 2": "/submit.php",
1928	+	"HTTP Method Path 2": "/submit.php",
1929	-	"Header1": "",
1929	+	"Header1": "",
1930	-	"Header2": "",
1930	+	"Header2": "",
1931	-	"PipeName": "",
1931	+	"PipeName": "",
1932	-	"DNS Idle": "\\x00\\x00\\x00\\x00",
1932	+	"DNS Idle": "\\x00\\x00\\x00\\x00",
1933	-	"DNS Sleep": "0",
1933	+	"DNS Sleep": "0",
1934	-	"Method1": "GET",
1934	+	"Method1": "GET",
1935	-	"Method2": "POST",
1935	+	"Method2": "POST",
1936	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
1936	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
1937	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
1937	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
1938	-	"Proxy_AccessType": "2 (Use IE settings)"
1938	+	"Proxy_AccessType": "2 (Use IE settings)"
1939	-	}
1939	+	}
1940	-	},
1940	+	},
1941	-	"123.58.211.116": {
1941	+	"123.58.211.116": {
1942	-	"x86": {
1942	+	"x86": {
1943	-	"BeaconType": "8 (HTTPS)",
1943	+	"BeaconType": "8 (HTTPS)",
1944	-	"Port": "443",
1944	+	"Port": "443",
1945	-	"Polling": "60000",
1945	+	"Polling": "60000",
1946	-	"Jitter": "0",
1946	+	"Jitter": "0",
1947	-	"Maxdns": "255",
1947	+	"Maxdns": "255",
1948	-	"C2 Server": "123.58.211.116,/dot.gif",
1948	+	"C2 Server": "123.58.211.116,/dot.gif",
1949	-	"User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MALC)",
1949	+	"User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MALC)",
1950	-	"HTTP Method Path 2": "/submit.php",
1950	+	"HTTP Method Path 2": "/submit.php",
1951	-	"Header1": "",
1951	+	"Header1": "",
1952	-	"Header2": "",
1952	+	"Header2": "",
1953	-	"PipeName": "",
1953	+	"PipeName": "",
1954	-	"DNS Idle": "\\x00\\x00\\x00\\x00",
1954	+	"DNS Idle": "\\x00\\x00\\x00\\x00",
1955	-	"DNS Sleep": "0",
1955	+	"DNS Sleep": "0",
1956	-	"Method1": "GET",
1956	+	"Method1": "GET",
1957	-	"Method2": "POST",
1957	+	"Method2": "POST",
1958	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
1958	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
1959	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
1959	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
1960	-	"Proxy_AccessType": "2 (Use IE settings)"
1960	+	"Proxy_AccessType": "2 (Use IE settings)"
1961	-	}
1961	+	}
1962	-	},
1962	+	},
1963	-	"124.217.230.137": {
1963	+	"124.217.230.137": {
1964	-	"x64": {
1964	+	"x64": {
1965	-	"BeaconType": "8 (HTTPS)",
1965	+	"BeaconType": "8 (HTTPS)",
1966	-	"Port": "443",
1966	+	"Port": "443",
1967	-	"Polling": "41000",
1967	+	"Polling": "41000",
1968	-	"Jitter": "37",
1968	+	"Jitter": "37",
1969	-	"Maxdns": "255",
1969	+	"Maxdns": "255",
1970	-	"C2 Server": "124.217.230.137,/jquery-3.3.1.min.js",
1970	+	"C2 Server": "124.217.230.137,/jquery-3.3.1.min.js",
1971	-	"User Agent": "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 7.0; InfoPath.3; .NET CLR 3.1.40767; Trident/6.0; en-IN)",
1971	+	"User Agent": "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 7.0; InfoPath.3; .NET CLR 3.1.40767; Trident/6.0; en-IN)",
1972	-	"HTTP Method Path 2": "/jquery-3.3.2.min.js",
1972	+	"HTTP Method Path 2": "/jquery-3.3.2.min.js",
1973	-	"Header1": "",
1973	+	"Header1": "",
1974	-	"Header2": "",
1974	+	"Header2": "",
1975	-	"PipeName": "",
1975	+	"PipeName": "",
1976	-	"DNS Idle": "J}\\xC4q",
1976	+	"DNS Idle": "J}\\xC4q",
1977	-	"DNS Sleep": "0",
1977	+	"DNS Sleep": "0",
1978	-	"Method1": "GET",
1978	+	"Method1": "GET",
1979	-	"Method2": "POST",
1979	+	"Method2": "POST",
1980	-	"Spawnto_x86": "%windir%\\syswow64\\dllhost.exe",
1980	+	"Spawnto_x86": "%windir%\\syswow64\\dllhost.exe",
1981	-	"Spawnto_x64": "%windir%\\sysnative\\dllhost.exe",
1981	+	"Spawnto_x64": "%windir%\\sysnative\\dllhost.exe",
1982	-	"Proxy_AccessType": "2 (Use IE settings)"
1982	+	"Proxy_AccessType": "2 (Use IE settings)"
1983	-	}
1983	+	}
1984	-	},
1984	+	},
1985	-	"128.199.180.58": {
1985	+	"128.199.180.58": {
1986	-	"x86": {
1986	+	"x86": {
1987	-	"BeaconType": "8 (HTTPS)",
1987	+	"BeaconType": "8 (HTTPS)",
1988	-	"Port": "443",
1988	+	"Port": "443",
1989	-	"Polling": "45000",
1989	+	"Polling": "45000",
1990	-	"Jitter": "37",
1990	+	"Jitter": "37",
1991	-	"Maxdns": "255",
1991	+	"Maxdns": "255",
1992	-	"C2 Server": "128.199.180.58,/jquery-3.3.1.min.js",
1992	+	"C2 Server": "128.199.180.58,/jquery-3.3.1.min.js",
1993	-	"User Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.83 Safari/537.36/8mqQhSuL-09",
1993	+	"User Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.83 Safari/537.36/8mqQhSuL-09",
1994	-	"HTTP Method Path 2": "/jquery-3.3.2.min.js",
1994	+	"HTTP Method Path 2": "/jquery-3.3.2.min.js",
1995	-	"Header1": "",
1995	+	"Header1": "",
1996	-	"Header2": "",
1996	+	"Header2": "",
1997	-	"PipeName": "",
1997	+	"PipeName": "",
1998	-	"DNS Idle": "J}\\xC4q",
1998	+	"DNS Idle": "J}\\xC4q",
1999	-	"DNS Sleep": "0",
1999	+	"DNS Sleep": "0",
2000	-	"Method1": "GET",
2000	+	"Method1": "GET",
2001	-	"Method2": "POST",
2001	+	"Method2": "POST",
2002	-	"Spawnto_x86": "%windir%\\syswow64\\dllhost.exe",
2002	+	"Spawnto_x86": "%windir%\\syswow64\\dllhost.exe",
2003	-	"Spawnto_x64": "%windir%\\sysnative\\dllhost.exe",
2003	+	"Spawnto_x64": "%windir%\\sysnative\\dllhost.exe",
2004	-	"Proxy_AccessType": "2 (Use IE settings)"
2004	+	"Proxy_AccessType": "2 (Use IE settings)"
2005	-	},
2005	+	},
2006	-	"x64": {
2006	+	"x64": {
2007	-	"BeaconType": "8 (HTTPS)",
2007	+	"BeaconType": "8 (HTTPS)",
2008	-	"Port": "443",
2008	+	"Port": "443",
2009	-	"Polling": "45000",
2009	+	"Polling": "45000",
2010	-	"Jitter": "37",
2010	+	"Jitter": "37",
2011	-	"Maxdns": "255",
2011	+	"Maxdns": "255",
2012	-	"C2 Server": "128.199.180.58,/jquery-3.3.1.min.js",
2012	+	"C2 Server": "128.199.180.58,/jquery-3.3.1.min.js",
2013	-	"User Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.83 Safari/537.36/8mqQhSuL-09",
2013	+	"User Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.83 Safari/537.36/8mqQhSuL-09",
2014	-	"HTTP Method Path 2": "/jquery-3.3.2.min.js",
2014	+	"HTTP Method Path 2": "/jquery-3.3.2.min.js",
2015	-	"Header1": "",
2015	+	"Header1": "",
2016	-	"Header2": "",
2016	+	"Header2": "",
2017	-	"PipeName": "",
2017	+	"PipeName": "",
2018	-	"DNS Idle": "J}\\xC4q",
2018	+	"DNS Idle": "J}\\xC4q",
2019	-	"DNS Sleep": "0",
2019	+	"DNS Sleep": "0",
2020	-	"Method1": "GET",
2020	+	"Method1": "GET",
2021	-	"Method2": "POST",
2021	+	"Method2": "POST",
2022	-	"Spawnto_x86": "%windir%\\syswow64\\dllhost.exe",
2022	+	"Spawnto_x86": "%windir%\\syswow64\\dllhost.exe",
2023	-	"Spawnto_x64": "%windir%\\sysnative\\dllhost.exe",
2023	+	"Spawnto_x64": "%windir%\\sysnative\\dllhost.exe",
2024	-	"Proxy_AccessType": "2 (Use IE settings)"
2024	+	"Proxy_AccessType": "2 (Use IE settings)"
2025	-	}
2025	+	}
2026	-	},
2026	+	},
2027	-	"128.199.23.209": {
2027	+	"128.199.23.209": {
2028	-	"x64": {
2028	+	"x64": {
2029	-	"BeaconType": "8 (HTTPS)",
2029	+	"BeaconType": "8 (HTTPS)",
2030	-	"Port": "443",
2030	+	"Port": "443",
2031	-	"Polling": "60000",
2031	+	"Polling": "60000",
2032	-	"Jitter": "37",
2032	+	"Jitter": "37",
2033	-	"Maxdns": "255",
2033	+	"Maxdns": "255",
2034	-	"C2 Server": "128.199.23.209,/jquery-3.3.1.min.js",
2034	+	"C2 Server": "128.199.23.209,/jquery-3.3.1.min.js",
2035	-	"User Agent": "Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko",
2035	+	"User Agent": "Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko",
2036	-	"HTTP Method Path 2": "/jquery-3.3.2.min.js",
2036	+	"HTTP Method Path 2": "/jquery-3.3.2.min.js",
2037	-	"Header1": "",
2037	+	"Header1": "",
2038	-	"Header2": "",
2038	+	"Header2": "",
2039	-	"PipeName": "",
2039	+	"PipeName": "",
2040	-	"DNS Idle": "J}\\xC4q",
2040	+	"DNS Idle": "J}\\xC4q",
2041	-	"DNS Sleep": "0",
2041	+	"DNS Sleep": "0",
2042	-	"Method1": "GET",
2042	+	"Method1": "GET",
2043	-	"Method2": "POST",
2043	+	"Method2": "POST",
2044	-	"Spawnto_x86": "%windir%\\syswow64\\svchost.exe -k netsvcs",
2044	+	"Spawnto_x86": "%windir%\\syswow64\\svchost.exe -k netsvcs",
2045	-	"Spawnto_x64": "%windir%\\sysnative\\svchost.exe -k netsvcs",
2045	+	"Spawnto_x64": "%windir%\\sysnative\\svchost.exe -k netsvcs",
2046	-	"Proxy_AccessType": "2 (Use IE settings)"
2046	+	"Proxy_AccessType": "2 (Use IE settings)"
2047	-	}
2047	+	}
2048	-	},
2048	+	},
2049	-	"130.211.251.187": {
2049	+	"130.211.251.187": {
2050	-	"x86": {
2050	+	"x86": {
2051	-	"BeaconType": "8 (HTTPS)",
2051	+	"BeaconType": "8 (HTTPS)",
2052	-	"Port": "443",
2052	+	"Port": "443",
2053	-	"Polling": "60000",
2053	+	"Polling": "60000",
2054	-	"Jitter": "0",
2054	+	"Jitter": "0",
2055	-	"Maxdns": "255",
2055	+	"Maxdns": "255",
2056	-	"C2 Server": "130.211.251.187,/ca",
2056	+	"C2 Server": "130.211.251.187,/ca",
2057	-	"User Agent": "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727)",
2057	+	"User Agent": "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727)",
2058	-	"HTTP Method Path 2": "/submit.php",
2058	+	"HTTP Method Path 2": "/submit.php",
2059	-	"Header1": "",
2059	+	"Header1": "",
2060	-	"Header2": "",
2060	+	"Header2": "",
2061	-	"PipeName": "",
2061	+	"PipeName": "",
2062	-	"DNS Idle": "\\x00\\x00\\x00\\x00",
2062	+	"DNS Idle": "\\x00\\x00\\x00\\x00",
2063	-	"DNS Sleep": "0",
2063	+	"DNS Sleep": "0",
2064	-	"Method1": "GET",
2064	+	"Method1": "GET",
2065	-	"Method2": "POST",
2065	+	"Method2": "POST",
2066	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
2066	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
2067	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
2067	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
2068	-	"Proxy_AccessType": "2 (Use IE settings)"
2068	+	"Proxy_AccessType": "2 (Use IE settings)"
2069	-	}
2069	+	}
2070	-	},
2070	+	},
2071	-	"13.211.94.224": {
2071	+	"13.211.94.224": {
2072	-	"x64": {
2072	+	"x64": {
2073	-	"BeaconType": "8 (HTTPS)",
2073	+	"BeaconType": "8 (HTTPS)",
2074	-	"Port": "443",
2074	+	"Port": "443",
2075	-	"Polling": "60000",
2075	+	"Polling": "60000",
2076	-	"Jitter": "20",
2076	+	"Jitter": "20",
2077	-	"Maxdns": "235",
2077	+	"Maxdns": "235",
2078	-	"C2 Server": "au.theguardianweb.com,/preload",
2078	+	"C2 Server": "au.theguardianweb.com,/preload",
2079	-	"User Agent": "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko",
2079	+	"User Agent": "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko",
2080	-	"HTTP Method Path 2": "/sa",
2080	+	"HTTP Method Path 2": "/sa",
2081	-	"Header1": "",
2081	+	"Header1": "",
2082	-	"Header2": "",
2082	+	"Header2": "",
2083	-	"PipeName": "",
2083	+	"PipeName": "",
2084	-	"DNS Idle": "\\x08\\x08\\x04\\x04",
2084	+	"DNS Idle": "\\x08\\x08\\x04\\x04",
2085	-	"DNS Sleep": "0",
2085	+	"DNS Sleep": "0",
2086	-	"Method1": "GET",
2086	+	"Method1": "GET",
2087	-	"Method2": "GET",
2087	+	"Method2": "GET",
2088	-	"Spawnto_x86": "C:\\Windows\\syswow64\\svchost.exe -k localservice -p -s fdPHost",
2088	+	"Spawnto_x86": "C:\\Windows\\syswow64\\svchost.exe -k localservice -p -s fdPHost",
2089	-	"Spawnto_x64": "C:\\Windows\\sysnative\\svchost.exe -k localservice -p -s fdPHost",
2089	+	"Spawnto_x64": "C:\\Windows\\sysnative\\svchost.exe -k localservice -p -s fdPHost",
2090	-	"Proxy_AccessType": "2 (Use IE settings)"
2090	+	"Proxy_AccessType": "2 (Use IE settings)"
2091	-	}
2091	+	}
2092	-	},
2092	+	},
2093	-	"134.122.21.15": {
2093	+	"134.122.21.15": {
2094	-	"x86": {
2094	+	"x86": {
2095	-	"BeaconType": "8 (HTTPS)",
2095	+	"BeaconType": "8 (HTTPS)",
2096	-	"Port": "443",
2096	+	"Port": "443",
2097	-	"Polling": "600",
2097	+	"Polling": "600",
2098	-	"Jitter": "39",
2098	+	"Jitter": "39",
2099	-	"Maxdns": "248",
2099	+	"Maxdns": "248",
2100	-	"C2 Server": "egress.ninja,/bn",
2100	+	"C2 Server": "egress.ninja,/bn",
2101	-	"User Agent": "",
2101	+	"User Agent": "",
2102	-	"HTTP Method Path 2": "/br",
2102	+	"HTTP Method Path 2": "/br",
2103	-	"Header1": "",
2103	+	"Header1": "",
2104	-	"Header2": "",
2104	+	"Header2": "",
2105	-	"PipeName": "",
2105	+	"PipeName": "",
2106	-	"DNS Idle": "\\x08\\x08\\x08\\x08",
2106	+	"DNS Idle": "\\x08\\x08\\x08\\x08",
2107	-	"DNS Sleep": "0",
2107	+	"DNS Sleep": "0",
2108	-	"Method1": "GET",
2108	+	"Method1": "GET",
2109	-	"Method2": "POST",
2109	+	"Method2": "POST",
2110	-	"Spawnto_x86": "%windir%\\system32\\regsvr32.exe",
2110	+	"Spawnto_x86": "%windir%\\system32\\regsvr32.exe",
2111	-	"Spawnto_x64": "%windir%\\sysnative\\regsvr32.exe",
2111	+	"Spawnto_x64": "%windir%\\sysnative\\regsvr32.exe",
2112	-	"Proxy_Hostname": "http://185.46.212.88:9400",
2112	+	"Proxy_Hostname": "http://185.46.212.88:9400",
2113	-	"Proxy_AccessType": "0 (Unknown)"
2113	+	"Proxy_AccessType": "0 (Unknown)"
2114	-	},
2114	+	},
2115	-	"x64": {
2115	+	"x64": {
2116	-	"BeaconType": "8 (HTTPS)",
2116	+	"BeaconType": "8 (HTTPS)",
2117	-	"Port": "443",
2117	+	"Port": "443",
2118	-	"Polling": "600",
2118	+	"Polling": "600",
2119	-	"Jitter": "39",
2119	+	"Jitter": "39",
2120	-	"Maxdns": "248",
2120	+	"Maxdns": "248",
2121	-	"C2 Server": "egress.ninja,/bn",
2121	+	"C2 Server": "egress.ninja,/bn",
2122	-	"User Agent": "",
2122	+	"User Agent": "",
2123	-	"HTTP Method Path 2": "/br",
2123	+	"HTTP Method Path 2": "/br",
2124	-	"Header1": "",
2124	+	"Header1": "",
2125	-	"Header2": "",
2125	+	"Header2": "",
2126	-	"PipeName": "",
2126	+	"PipeName": "",
2127	-	"DNS Idle": "\\x08\\x08\\x08\\x08",
2127	+	"DNS Idle": "\\x08\\x08\\x08\\x08",
2128	-	"DNS Sleep": "0",
2128	+	"DNS Sleep": "0",
2129	-	"Method1": "GET",
2129	+	"Method1": "GET",
2130	-	"Method2": "POST",
2130	+	"Method2": "POST",
2131	-	"Spawnto_x86": "%windir%\\system32\\regsvr32.exe",
2131	+	"Spawnto_x86": "%windir%\\system32\\regsvr32.exe",
2132	-	"Spawnto_x64": "%windir%\\sysnative\\regsvr32.exe",
2132	+	"Spawnto_x64": "%windir%\\sysnative\\regsvr32.exe",
2133	-	"Proxy_Hostname": "http://185.46.212.88:9400",
2133	+	"Proxy_Hostname": "http://185.46.212.88:9400",
2134	-	"Proxy_AccessType": "0 (Unknown)"
2134	+	"Proxy_AccessType": "0 (Unknown)"
2135	-	}
2135	+	}
2136	-	},
2136	+	},
2137	-	"134.209.117.238": {
2137	+	"134.209.117.238": {
2138	-	"x86": {
2138	+	"x86": {
2139	-	"BeaconType": "8 (HTTPS)",
2139	+	"BeaconType": "8 (HTTPS)",
2140	-	"Port": "443",
2140	+	"Port": "443",
2141	-	"Polling": "50000",
2141	+	"Polling": "50000",
2142	-	"Jitter": "37",
2142	+	"Jitter": "37",
2143	-	"C2 Server": "jude.saintjameschurch.org,/Video",
2143	+	"C2 Server": "jude.saintjameschurch.org,/Video",
2144	-	"HTTP Method Path 2": "/search",
2144	+	"HTTP Method Path 2": "/search",
2145	-	"Method1": "GET",
2145	+	"Method1": "GET",
2146	-	"Method2": "POST",
2146	+	"Method2": "POST",
2147	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
2147	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
2148	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
2148	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
2149	-	"Proxy_AccessType": "2 (Use IE settings)"
2149	+	"Proxy_AccessType": "2 (Use IE settings)"
2150	-	}
2150	+	}
2151	-	},
2151	+	},
2152	-	"134.209.165.165": {
2152	+	"134.209.165.165": {
2153	-	"x86": {
2153	+	"x86": {
2154	-	"BeaconType": "8 (HTTPS)",
2154	+	"BeaconType": "8 (HTTPS)",
2155	-	"Port": "443",
2155	+	"Port": "443",
2156	-	"Polling": "15000",
2156	+	"Polling": "15000",
2157	-	"Jitter": "90",
2157	+	"Jitter": "90",
2158	-	"Maxdns": "225",
2158	+	"Maxdns": "225",
2159	-	"C2 Server": "ajax.microsoft.com,/wp-includes/js/script/indigo-migrate",
2159	+	"C2 Server": "ajax.microsoft.com,/wp-includes/js/script/indigo-migrate",
2160	-	"User Agent": "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko",
2160	+	"User Agent": "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko",
2161	-	"HTTP Method Path 2": "/gp/aw/ybh/handlers",
2161	+	"HTTP Method Path 2": "/gp/aw/ybh/handlers",
2162	-	"Header1": "",
2162	+	"Header1": "",
2163	-	"Header2": "",
2163	+	"Header2": "",
2164	-	"PipeName": "",
2164	+	"PipeName": "",
2165	-	"DNS Idle": "h\\xD8<\\x84",
2165	+	"DNS Idle": "h\\xD8<\\x84",
2166	-	"DNS Sleep": "0",
2166	+	"DNS Sleep": "0",
2167	-	"Method1": "GET",
2167	+	"Method1": "GET",
2168	-	"Method2": "POST",
2168	+	"Method2": "POST",
2169	-	"Spawnto_x86": "%windir%\\syswow64\\SearchProtocolHost.exe",
2169	+	"Spawnto_x86": "%windir%\\syswow64\\SearchProtocolHost.exe",
2170	-	"Spawnto_x64": "%windir%\\sysnative\\SearchProtocolHost.exe",
2170	+	"Spawnto_x64": "%windir%\\sysnative\\SearchProtocolHost.exe",
2171	-	"Proxy_AccessType": "2 (Use IE settings)"
2171	+	"Proxy_AccessType": "2 (Use IE settings)"
2172	-	}
2172	+	}
2173	-	},
2173	+	},
2174	-	"134.209.200.91": {
2174	+	"134.209.200.91": {
2175	-	"x86": {
2175	+	"x86": {
2176	-	"BeaconType": "8 (HTTPS)",
2176	+	"BeaconType": "8 (HTTPS)",
2177	-	"Port": "443",
2177	+	"Port": "443",
2178	-	"Polling": "30000",
2178	+	"Polling": "30000",
2179	-	"Jitter": "85",
2179	+	"Jitter": "85",
2180	-	"Maxdns": "255",
2180	+	"Maxdns": "255",
2181	-	"C2 Server": "134.209.200.91,/jquery-3.3.1.min.js",
2181	+	"C2 Server": "134.209.200.91,/jquery-3.3.1.min.js",
2182	-	"User Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.157 Safari/537.36",
2182	+	"User Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.157 Safari/537.36",
2183	-	"HTTP Method Path 2": "/jquery-3.3.2.min.js",
2183	+	"HTTP Method Path 2": "/jquery-3.3.2.min.js",
2184	-	"Header1": "",
2184	+	"Header1": "",
2185	-	"Header2": "",
2185	+	"Header2": "",
2186	-	"PipeName": "",
2186	+	"PipeName": "",
2187	-	"DNS Idle": "J}\\xC4q",
2187	+	"DNS Idle": "J}\\xC4q",
2188	-	"DNS Sleep": "0",
2188	+	"DNS Sleep": "0",
2189	-	"Method1": "GET",
2189	+	"Method1": "GET",
2190	-	"Method2": "POST",
2190	+	"Method2": "POST",
2191	-	"Spawnto_x86": "%windir%\\syswow64\\dllhost.exe",
2191	+	"Spawnto_x86": "%windir%\\syswow64\\dllhost.exe",
2192	-	"Spawnto_x64": "%windir%\\sysnative\\dllhost.exe",
2192	+	"Spawnto_x64": "%windir%\\sysnative\\dllhost.exe",
2193	-	"Proxy_AccessType": "2 (Use IE settings)"
2193	+	"Proxy_AccessType": "2 (Use IE settings)"
2194	-	}
2194	+	}
2195	-	},
2195	+	},
2196	-	"134.209.5.246": {
2196	+	"134.209.5.246": {
2197	-	"x64": {
2197	+	"x64": {
2198	-	"BeaconType": "8 (HTTPS)",
2198	+	"BeaconType": "8 (HTTPS)",
2199	-	"Port": "443",
2199	+	"Port": "443",
2200	-	"Polling": "60000",
2200	+	"Polling": "60000",
2201	-	"Jitter": "0",
2201	+	"Jitter": "0",
2202	-	"Maxdns": "255",
2202	+	"Maxdns": "255",
2203	-	"C2 Server": "134.209.5.246,/j.ad",
2203	+	"C2 Server": "134.209.5.246,/j.ad",
2204	-	"User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.0; Trident/5.0)",
2204	+	"User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.0; Trident/5.0)",
2205	-	"HTTP Method Path 2": "/submit.php",
2205	+	"HTTP Method Path 2": "/submit.php",
2206	-	"Header1": "",
2206	+	"Header1": "",
2207	-	"Header2": "",
2207	+	"Header2": "",
2208	-	"PipeName": "",
2208	+	"PipeName": "",
2209	-	"DNS Idle": "\\x00\\x00\\x00\\x00",
2209	+	"DNS Idle": "\\x00\\x00\\x00\\x00",
2210	-	"DNS Sleep": "0",
2210	+	"DNS Sleep": "0",
2211	-	"Method1": "GET",
2211	+	"Method1": "GET",
2212	-	"Method2": "POST",
2212	+	"Method2": "POST",
2213	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
2213	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
2214	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
2214	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
2215	-	"Proxy_AccessType": "2 (Use IE settings)"
2215	+	"Proxy_AccessType": "2 (Use IE settings)"
2216	-	}
2216	+	}
2217	-	},
2217	+	},
2218	-	"134.209.86.120": {
2218	+	"134.209.86.120": {
2219	-	"x64": {
2219	+	"x64": {
2220	-	"BeaconType": "8 (HTTPS)",
2220	+	"BeaconType": "8 (HTTPS)",
2221	-	"Port": "443",
2221	+	"Port": "443",
2222	-	"Polling": "8000",
2222	+	"Polling": "8000",
2223	-	"Jitter": "30",
2223	+	"Jitter": "30",
2224	-	"Maxdns": "255",
2224	+	"Maxdns": "255",
2225	-	"C2 Server": "www.stackpath.com,/api/v2/metrics/",
2225	+	"C2 Server": "www.stackpath.com,/api/v2/metrics/",
2226	-	"User Agent": "Microsoft-CryptoAPI/6.1",
2226	+	"User Agent": "Microsoft-CryptoAPI/6.1",
2227	-	"HTTP Method Path 2": "/api/v2/analytics/",
2227	+	"HTTP Method Path 2": "/api/v2/analytics/",
2228	-	"Header1": "",
2228	+	"Header1": "",
2229	-	"Header2": "",
2229	+	"Header2": "",
2230	-	"PipeName": "",
2230	+	"PipeName": "",
2231	-	"DNS Idle": "\\xAC\\xD9\\x10\\x8E",
2231	+	"DNS Idle": "\\xAC\\xD9\\x10\\x8E",
2232	-	"DNS Sleep": "0",
2232	+	"DNS Sleep": "0",
2233	-	"Method1": "GET",
2233	+	"Method1": "GET",
2234	-	"Method2": "POST",
2234	+	"Method2": "POST",
2235	-	"Spawnto_x86": "%windir%\\syswow64\\svchost.exe -k netsvcs",
2235	+	"Spawnto_x86": "%windir%\\syswow64\\svchost.exe -k netsvcs",
2236	-	"Spawnto_x64": "%windir%\\sysnative\\svchost.exe -k netsvcs",
2236	+	"Spawnto_x64": "%windir%\\sysnative\\svchost.exe -k netsvcs",
2237	-	"Proxy_AccessType": "2 (Use IE settings)"
2237	+	"Proxy_AccessType": "2 (Use IE settings)"
2238	-	}
2238	+	}
2239	-	},
2239	+	},
2240	-	"13.64.101.24": {
2240	+	"13.64.101.24": {
2241	-	"x86": {
2241	+	"x86": {
2242	-	"BeaconType": "8 (HTTPS)",
2242	+	"BeaconType": "8 (HTTPS)",
2243	-	"Port": "443",
2243	+	"Port": "443",
2244	-	"Polling": "64489",
2244	+	"Polling": "64489",
2245	-	"Jitter": "39",
2245	+	"Jitter": "39",
2246	-	"Maxdns": "248",
2246	+	"Maxdns": "248",
2247	-	"C2 Server": "http://daiwa-cm-us.azureedge.net/,/ro,13.64.101.24,/ro",
2247	+	"C2 Server": "http://daiwa-cm-us.azureedge.net/,/ro,13.64.101.24,/ro",
2248	-	"User Agent": "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/47.0.2526.111 Safari/537.36",
2248	+	"User Agent": "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/47.0.2526.111 Safari/537.36",
2249	-	"HTTP Method Path 2": "/mobile-ipad-home",
2249	+	"HTTP Method Path 2": "/mobile-ipad-home",
2250	-	"Header1": "",
2250	+	"Header1": "",
2251	-	"Header2": "",
2251	+	"Header2": "",
2252	-	"PipeName": "",
2252	+	"PipeName": "",
2253	-	"DNS Idle": "^\\x16\\xC1\\x88",
2253	+	"DNS Idle": "^\\x16\\xC1\\x88",
2254	-	"DNS Sleep": "0",
2254	+	"DNS Sleep": "0",
2255	-	"Method1": "GET",
2255	+	"Method1": "GET",
2256	-	"Method2": "POST",
2256	+	"Method2": "POST",
2257	-	"Spawnto_x86": "%windir%\\syswow64\\regsvr32.exe",
2257	+	"Spawnto_x86": "%windir%\\syswow64\\regsvr32.exe",
2258	-	"Spawnto_x64": "%windir%\\sysnative\\regsvr32.exe",
2258	+	"Spawnto_x64": "%windir%\\sysnative\\regsvr32.exe",
2259	-	"Proxy_AccessType": "2 (Use IE settings)"
2259	+	"Proxy_AccessType": "2 (Use IE settings)"
2260	-	}
2260	+	}
2261	-	},
2261	+	},
2262	-	"138.124.180.52": {
2262	+	"138.124.180.52": {
2263	-	"x86": {
2263	+	"x86": {
2264	-	"BeaconType": "8 (HTTPS)",
2264	+	"BeaconType": "8 (HTTPS)",
2265	-	"Port": "443",
2265	+	"Port": "443",
2266	-	"Polling": "7000",
2266	+	"Polling": "7000",
2267	-	"Jitter": "0",
2267	+	"Jitter": "0",
2268	-	"Maxdns": "255",
2268	+	"Maxdns": "255",
2269	-	"C2 Server": "gosleepaddict.com,/jquery-3.3.1.min.js",
2269	+	"C2 Server": "gosleepaddict.com,/jquery-3.3.1.min.js",
2270	-	"User Agent": "Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko",
2270	+	"User Agent": "Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko",
2271	-	"HTTP Method Path 2": "/jquery-3.3.2.min.js",
2271	+	"HTTP Method Path 2": "/jquery-3.3.2.min.js",
2272	-	"Header1": "",
2272	+	"Header1": "",
2273	-	"Header2": "",
2273	+	"Header2": "",
2274	-	"PipeName": "",
2274	+	"PipeName": "",
2275	-	"DNS Idle": "J}\\xC4q",
2275	+	"DNS Idle": "J}\\xC4q",
2276	-	"DNS Sleep": "0",
2276	+	"DNS Sleep": "0",
2277	-	"Method1": "GET",
2277	+	"Method1": "GET",
2278	-	"Method2": "POST",
2278	+	"Method2": "POST",
2279	-	"Spawnto_x86": "%windir%\\syswow64\\dllhost.exe",
2279	+	"Spawnto_x86": "%windir%\\syswow64\\dllhost.exe",
2280	-	"Spawnto_x64": "%windir%\\sysnative\\dllhost.exe",
2280	+	"Spawnto_x64": "%windir%\\sysnative\\dllhost.exe",
2281	-	"Proxy_AccessType": "2 (Use IE settings)"
2281	+	"Proxy_AccessType": "2 (Use IE settings)"
2282	-	},
2282	+	},
2283	-	"x64": {
2283	+	"x64": {
2284	-	"BeaconType": "8 (HTTPS)",
2284	+	"BeaconType": "8 (HTTPS)",
2285	-	"Port": "443",
2285	+	"Port": "443",
2286	-	"Polling": "7000",
2286	+	"Polling": "7000",
2287	-	"Jitter": "0",
2287	+	"Jitter": "0",
2288	-	"Maxdns": "255",
2288	+	"Maxdns": "255",
2289	-	"C2 Server": "gosleepaddict.com,/jquery-3.3.1.min.js",
2289	+	"C2 Server": "gosleepaddict.com,/jquery-3.3.1.min.js",
2290	-	"User Agent": "Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko",
2290	+	"User Agent": "Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko",
2291	-	"HTTP Method Path 2": "/jquery-3.3.2.min.js",
2291	+	"HTTP Method Path 2": "/jquery-3.3.2.min.js",
2292	-	"Header1": "",
2292	+	"Header1": "",
2293	-	"Header2": "",
2293	+	"Header2": "",
2294	-	"PipeName": "",
2294	+	"PipeName": "",
2295	-	"DNS Idle": "J}\\xC4q",
2295	+	"DNS Idle": "J}\\xC4q",
2296	-	"DNS Sleep": "0",
2296	+	"DNS Sleep": "0",
2297	-	"Method1": "GET",
2297	+	"Method1": "GET",
2298	-	"Method2": "POST",
2298	+	"Method2": "POST",
2299	-	"Spawnto_x86": "%windir%\\syswow64\\dllhost.exe",
2299	+	"Spawnto_x86": "%windir%\\syswow64\\dllhost.exe",
2300	-	"Spawnto_x64": "%windir%\\sysnative\\dllhost.exe",
2300	+	"Spawnto_x64": "%windir%\\sysnative\\dllhost.exe",
2301	-	"Proxy_AccessType": "2 (Use IE settings)"
2301	+	"Proxy_AccessType": "2 (Use IE settings)"
2302	-	}
2302	+	}
2303	-	},
2303	+	},
2304	-	"139.155.242.130": {
2304	+	"139.155.242.130": {
2305	-	"x86": {
2305	+	"x86": {
2306	-	"BeaconType": "8 (HTTPS)",
2306	+	"BeaconType": "8 (HTTPS)",
2307	-	"Port": "443",
2307	+	"Port": "443",
2308	-	"Polling": "60000",
2308	+	"Polling": "60000",
2309	-	"Jitter": "0",
2309	+	"Jitter": "0",
2310	-	"Maxdns": "255",
2310	+	"Maxdns": "255",
2311	-	"C2 Server": "139.155.242.130,/load",
2311	+	"C2 Server": "139.155.242.130,/load",
2312	-	"User Agent": "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; InfoPath.2)",
2312	+	"User Agent": "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; InfoPath.2)",
2313	-	"HTTP Method Path 2": "/submit.php",
2313	+	"HTTP Method Path 2": "/submit.php",
2314	-	"Header1": "",
2314	+	"Header1": "",
2315	-	"Header2": "",
2315	+	"Header2": "",
2316	-	"PipeName": "",
2316	+	"PipeName": "",
2317	-	"DNS Idle": "\\x00\\x00\\x00\\x00",
2317	+	"DNS Idle": "\\x00\\x00\\x00\\x00",
2318	-	"DNS Sleep": "0",
2318	+	"DNS Sleep": "0",
2319	-	"Method1": "GET",
2319	+	"Method1": "GET",
2320	-	"Method2": "POST",
2320	+	"Method2": "POST",
2321	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
2321	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
2322	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
2322	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
2323	-	"Proxy_AccessType": "2 (Use IE settings)"
2323	+	"Proxy_AccessType": "2 (Use IE settings)"
2324	-	}
2324	+	}
2325	-	},
2325	+	},
2326	-	"139.162.197.65": {
2326	+	"139.162.197.65": {
2327	-	"x86": {
2327	+	"x86": {
2328	-	"BeaconType": "8 (HTTPS)",
2328	+	"BeaconType": "8 (HTTPS)",
2329	-	"Port": "443",
2329	+	"Port": "443",
2330	-	"Polling": "56943",
2330	+	"Polling": "56943",
2331	-	"Jitter": "39",
2331	+	"Jitter": "39",
2332	-	"C2 Server": "139.162.197.65,/styles",
2332	+	"C2 Server": "139.162.197.65,/styles",
2333	-	"HTTP Method Path 2": "/RELEASE_NOTES",
2333	+	"HTTP Method Path 2": "/RELEASE_NOTES",
2334	-	"Method1": "GET",
2334	+	"Method1": "GET",
2335	-	"Method2": "POST",
2335	+	"Method2": "POST",
2336	-	"Spawnto_x86": "%windir%\\syswow64\\WUAUCLT.exe",
2336	+	"Spawnto_x86": "%windir%\\syswow64\\WUAUCLT.exe",
2337	-	"Spawnto_x64": "%windir%\\sysnative\\WUAUCLT.exe",
2337	+	"Spawnto_x64": "%windir%\\sysnative\\WUAUCLT.exe",
2338	-	"Proxy_AccessType": "2 (Use IE settings)"
2338	+	"Proxy_AccessType": "2 (Use IE settings)"
2339	-	}
2339	+	}
2340	-	},
2340	+	},
2341	-	"139.180.212.244": {
2341	+	"139.180.212.244": {
2342	-	"x86": {
2342	+	"x86": {
2343	-	"BeaconType": "8 (HTTPS)",
2343	+	"BeaconType": "8 (HTTPS)",
2344	-	"Port": "443",
2344	+	"Port": "443",
2345	-	"Polling": "60000",
2345	+	"Polling": "60000",
2346	-	"Jitter": "0",
2346	+	"Jitter": "0",
2347	-	"Maxdns": "255",
2347	+	"Maxdns": "255",
2348	-	"C2 Server": "139.180.212.244,/pixel",
2348	+	"C2 Server": "139.180.212.244,/pixel",
2349	-	"User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.0; WOW64; Trident/5.0)",
2349	+	"User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.0; WOW64; Trident/5.0)",
2350	-	"HTTP Method Path 2": "/submit.php",
2350	+	"HTTP Method Path 2": "/submit.php",
2351	-	"Header1": "",
2351	+	"Header1": "",
2352	-	"Header2": "",
2352	+	"Header2": "",
2353	-	"PipeName": "",
2353	+	"PipeName": "",
2354	-	"DNS Idle": "\\x00\\x00\\x00\\x00",
2354	+	"DNS Idle": "\\x00\\x00\\x00\\x00",
2355	-	"DNS Sleep": "0",
2355	+	"DNS Sleep": "0",
2356	-	"Method1": "GET",
2356	+	"Method1": "GET",
2357	-	"Method2": "POST",
2357	+	"Method2": "POST",
2358	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
2358	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
2359	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
2359	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
2360	-	"Proxy_AccessType": "2 (Use IE settings)"
2360	+	"Proxy_AccessType": "2 (Use IE settings)"
2361	-	}
2361	+	}
2362	-	},
2362	+	},
2363	-	"139.186.146.78": {
2363	+	"139.186.146.78": {
2364	-	"x86": {
2364	+	"x86": {
2365	-	"BeaconType": "8 (HTTPS)",
2365	+	"BeaconType": "8 (HTTPS)",
2366	-	"Port": "443",
2366	+	"Port": "443",
2367	-	"Polling": "10000",
2367	+	"Polling": "10000",
2368	-	"Jitter": "0",
2368	+	"Jitter": "0",
2369	-	"Maxdns": "255",
2369	+	"Maxdns": "255",
2370	-	"C2 Server": "139.186.146.78,/geo/collect/v1,hw.x0x.in,/geo/collect/v1",
2370	+	"C2 Server": "139.186.146.78,/geo/collect/v1,hw.x0x.in,/geo/collect/v1",
2371	-	"User Agent": "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0;) like Gecko",
2371	+	"User Agent": "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0;) like Gecko",
2372	-	"HTTP Method Path 2": "/collect/v1",
2372	+	"HTTP Method Path 2": "/collect/v1",
2373	-	"Header1": "",
2373	+	"Header1": "",
2374	-	"Header2": "",
2374	+	"Header2": "",
2375	-	"PipeName": "",
2375	+	"PipeName": "",
2376	-	"DNS Idle": "\\x08\\x08\\x08\\x08",
2376	+	"DNS Idle": "\\x08\\x08\\x08\\x08",
2377	-	"DNS Sleep": "0",
2377	+	"DNS Sleep": "0",
2378	-	"Method1": "GET",
2378	+	"Method1": "GET",
2379	-	"Method2": "POST",
2379	+	"Method2": "POST",
2380	-	"Spawnto_x86": "%windir%\\syswow64\\svchost.exe -k netsvcs",
2380	+	"Spawnto_x86": "%windir%\\syswow64\\svchost.exe -k netsvcs",
2381	-	"Spawnto_x64": "%windir%\\sysnative\\svchost.exe -k netsvcs",
2381	+	"Spawnto_x64": "%windir%\\sysnative\\svchost.exe -k netsvcs",
2382	-	"Proxy_AccessType": "2 (Use IE settings)"
2382	+	"Proxy_AccessType": "2 (Use IE settings)"
2383	-	}
2383	+	}
2384	-	},
2384	+	},
2385	-	"139.196.171.222": {
2385	+	"139.196.171.222": {
2386	-	"x86": {
2386	+	"x86": {
2387	-	"BeaconType": "8 (HTTPS)",
2387	+	"BeaconType": "8 (HTTPS)",
2388	-	"Port": "443",
2388	+	"Port": "443",
2389	-	"Polling": "5500",
2389	+	"Polling": "5500",
2390	-	"Jitter": "30",
2390	+	"Jitter": "30",
2391	-	"Maxdns": "240",
2391	+	"Maxdns": "240",
2392	-	"C2 Server": "v.autohome.com.cn,/_layouts/Wopi/01554532-64bc-45ee-9645-512577ae642d",
2392	+	"C2 Server": "v.autohome.com.cn,/_layouts/Wopi/01554532-64bc-45ee-9645-512577ae642d",
2393	-	"User Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/18.177",
2393	+	"User Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/18.177",
2394	-	"HTTP Method Path 2": "/person/ithelp/bug/list",
2394	+	"HTTP Method Path 2": "/person/ithelp/bug/list",
2395	-	"Header1": "",
2395	+	"Header1": "",
2396	-	"Header2": "",
2396	+	"Header2": "",
2397	-	"PipeName": "",
2397	+	"PipeName": "",
2398	-	"DNS Idle": "\\x00\\x00\\x00\\x00",
2398	+	"DNS Idle": "\\x00\\x00\\x00\\x00",
2399	-	"DNS Sleep": "0",
2399	+	"DNS Sleep": "0",
2400	-	"Method1": "GET",
2400	+	"Method1": "GET",
2401	-	"Method2": "POST",
2401	+	"Method2": "POST",
2402	-	"Spawnto_x86": "%windir%\\syswow64\\w32tm.exe",
2402	+	"Spawnto_x86": "%windir%\\syswow64\\w32tm.exe",
2403	-	"Spawnto_x64": "%windir%\\sysnative\\w32tm.exe",
2403	+	"Spawnto_x64": "%windir%\\sysnative\\w32tm.exe",
2404	-	"Proxy_Hostname": "http://10.37.84.125:8080",
2404	+	"Proxy_Hostname": "http://10.37.84.125:8080",
2405	-	"Proxy_Username": "paicdom\\lihongmei826",
2405	+	"Proxy_Username": "paicdom\\lihongmei826",
2406	-	"Proxy_Password": "Pa888888",
2406	+	"Proxy_Password": "Pa888888",
2407	-	"Proxy_AccessType": "4 (Use proxy server)"
2407	+	"Proxy_AccessType": "4 (Use proxy server)"
2408	-	}
2408	+	}
2409	-	},
2409	+	},
2410	-	"139.196.224.35": {
2410	+	"139.196.224.35": {
2411	-	"x86": {
2411	+	"x86": {
2412	-	"BeaconType": "8 (HTTPS)",
2412	+	"BeaconType": "8 (HTTPS)",
2413	-	"Port": "443",
2413	+	"Port": "443",
2414	-	"Polling": "60000",
2414	+	"Polling": "60000",
2415	-	"Jitter": "0",
2415	+	"Jitter": "0",
2416	-	"Maxdns": "255",
2416	+	"Maxdns": "255",
2417	-	"C2 Server": "58.215.145.112,/activity",
2417	+	"C2 Server": "58.215.145.112,/activity",
2418	-	"User Agent": "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)",
2418	+	"User Agent": "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)",
2419	-	"HTTP Method Path 2": "/submit.php",
2419	+	"HTTP Method Path 2": "/submit.php",
2420	-	"Header1": "",
2420	+	"Header1": "",
2421	-	"Header2": "",
2421	+	"Header2": "",
2422	-	"PipeName": "",
2422	+	"PipeName": "",
2423	-	"DNS Idle": "\\x00\\x00\\x00\\x00",
2423	+	"DNS Idle": "\\x00\\x00\\x00\\x00",
2424	-	"DNS Sleep": "0",
2424	+	"DNS Sleep": "0",
2425	-	"Method1": "GET",
2425	+	"Method1": "GET",
2426	-	"Method2": "POST",
2426	+	"Method2": "POST",
2427	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
2427	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
2428	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
2428	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
2429	-	"Proxy_AccessType": "2 (Use IE settings)"
2429	+	"Proxy_AccessType": "2 (Use IE settings)"
2430	-	}
2430	+	}
2431	-	},
2431	+	},
2432	-	"139.199.185.41": {
2432	+	"139.199.185.41": {
2433	-	"x64": {
2433	+	"x64": {
2434	-	"BeaconType": "8 (HTTPS)",
2434	+	"BeaconType": "8 (HTTPS)",
2435	-	"Port": "443",
2435	+	"Port": "443",
2436	-	"Polling": "5000",
2436	+	"Polling": "5000",
2437	-	"Jitter": "10",
2437	+	"Jitter": "10",
2438	-	"Maxdns": "235",
2438	+	"Maxdns": "235",
2439	-	"C2 Server": "139.199.185.41,/updates",
2439	+	"C2 Server": "139.199.185.41,/updates",
2440	-	"User Agent": "Mozilla/5.0 (Windows NT 6.1; rv:24.0) Gecko/20100101 Firefox/24.0",
2440	+	"User Agent": "Mozilla/5.0 (Windows NT 6.1; rv:24.0) Gecko/20100101 Firefox/24.0",
2441	-	"HTTP Method Path 2": "/windowsxp/updcheck.php",
2441	+	"HTTP Method Path 2": "/windowsxp/updcheck.php",
2442	-	"Header1": "",
2442	+	"Header1": "",
2443	-	"Header2": "",
2443	+	"Header2": "",
2444	-	"PipeName": "",
2444	+	"PipeName": "",
2445	-	"DNS Idle": "\\x08\\x08\\x04\\x04",
2445	+	"DNS Idle": "\\x08\\x08\\x04\\x04",
2446	-	"DNS Sleep": "0",
2446	+	"DNS Sleep": "0",
2447	-	"Method1": "GET",
2447	+	"Method1": "GET",
2448	-	"Method2": "POST",
2448	+	"Method2": "POST",
2449	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
2449	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
2450	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
2450	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
2451	-	"Proxy_AccessType": "2 (Use IE settings)"
2451	+	"Proxy_AccessType": "2 (Use IE settings)"
2452	-	}
2452	+	}
2453	-	},
2453	+	},
2454	-	"139.224.105.96": {
2454	+	"139.224.105.96": {
2455	-	"x86": {
2455	+	"x86": {
2456	-	"BeaconType": "8 (HTTPS)",
2456	+	"BeaconType": "8 (HTTPS)",
2457	-	"Port": "443",
2457	+	"Port": "443",
2458	-	"Polling": "62236",
2458	+	"Polling": "62236",
2459	-	"Jitter": "39",
2459	+	"Jitter": "39",
2460	-	"Maxdns": "252",
2460	+	"Maxdns": "252",
2461	-	"C2 Server": "theones.me,/template.js",
2461	+	"C2 Server": "theones.me,/template.js",
2462	-	"User Agent": "Mozilla/5.0 (Linux; Android 8.0.0; SM-G960F Build/R16NW) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3202",
2462	+	"User Agent": "Mozilla/5.0 (Linux; Android 8.0.0; SM-G960F Build/R16NW) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3202",
2463	-	"HTTP Method Path 2": "/nv",
2463	+	"HTTP Method Path 2": "/nv",
2464	-	"Header1": "",
2464	+	"Header1": "",
2465	-	"Header2": "",
2465	+	"Header2": "",
2466	-	"PipeName": "",
2466	+	"PipeName": "",
2467	-	"DNS Idle": "G\\xEB\\x88\\x8E",
2467	+	"DNS Idle": "G\\xEB\\x88\\x8E",
2468	-	"DNS Sleep": "0",
2468	+	"DNS Sleep": "0",
2469	-	"Method1": "GET",
2469	+	"Method1": "GET",
2470	-	"Method2": "POST",
2470	+	"Method2": "POST",
2471	-	"Spawnto_x86": "%windir%\\syswow64\\regsvr32.exe",
2471	+	"Spawnto_x86": "%windir%\\syswow64\\regsvr32.exe",
2472	-	"Spawnto_x64": "%windir%\\sysnative\\regsvr32.exe",
2472	+	"Spawnto_x64": "%windir%\\sysnative\\regsvr32.exe",
2473	-	"Proxy_AccessType": "2 (Use IE settings)"
2473	+	"Proxy_AccessType": "2 (Use IE settings)"
2474	-	}
2474	+	}
2475	-	},
2475	+	},
2476	-	"139.59.230.84": {
2476	+	"139.59.230.84": {
2477	-	"x86": {
2477	+	"x86": {
2478	-	"BeaconType": "8 (HTTPS)",
2478	+	"BeaconType": "8 (HTTPS)",
2479	-	"Port": "443",
2479	+	"Port": "443",
2480	-	"Polling": "60000",
2480	+	"Polling": "60000",
2481	-	"Jitter": "0",
2481	+	"Jitter": "0",
2482	-	"Maxdns": "255",
2482	+	"Maxdns": "255",
2483	-	"C2 Server": "139.59.230.84,/push",
2483	+	"C2 Server": "139.59.230.84,/push",
2484	-	"User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; BOIE9;ESES)",
2484	+	"User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; BOIE9;ESES)",
2485	-	"HTTP Method Path 2": "/submit.php",
2485	+	"HTTP Method Path 2": "/submit.php",
2486	-	"Header1": "",
2486	+	"Header1": "",
2487	-	"Header2": "",
2487	+	"Header2": "",
2488	-	"PipeName": "",
2488	+	"PipeName": "",
2489	-	"DNS Idle": "\\x00\\x00\\x00\\x00",
2489	+	"DNS Idle": "\\x00\\x00\\x00\\x00",
2490	-	"DNS Sleep": "0",
2490	+	"DNS Sleep": "0",
2491	-	"Method1": "GET",
2491	+	"Method1": "GET",
2492	-	"Method2": "POST",
2492	+	"Method2": "POST",
2493	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
2493	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
2494	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
2494	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
2495	-	"Proxy_AccessType": "2 (Use IE settings)"
2495	+	"Proxy_AccessType": "2 (Use IE settings)"
2496	-	}
2496	+	}
2497	-	},
2497	+	},
2498	-	"139.59.73.112": {
2498	+	"139.59.73.112": {
2499	-	"x86": {
2499	+	"x86": {
2500	-	"BeaconType": "8 (HTTPS)",
2500	+	"BeaconType": "8 (HTTPS)",
2501	-	"Port": "443",
2501	+	"Port": "443",
2502	-	"Polling": "45000",
2502	+	"Polling": "45000",
2503	-	"Jitter": "37",
2503	+	"Jitter": "37",
2504	-	"Maxdns": "255",
2504	+	"Maxdns": "255",
2505	-	"C2 Server": "139.59.73.112,/jquery-3.3.1.min.js",
2505	+	"C2 Server": "139.59.73.112,/jquery-3.3.1.min.js",
2506	-	"User Agent": "Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko",
2506	+	"User Agent": "Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko",
2507	-	"HTTP Method Path 2": "/jquery-3.3.2.min.js",
2507	+	"HTTP Method Path 2": "/jquery-3.3.2.min.js",
2508	-	"Header1": "",
2508	+	"Header1": "",
2509	-	"Header2": "",
2509	+	"Header2": "",
2510	-	"PipeName": "",
2510	+	"PipeName": "",
2511	-	"DNS Idle": "J}\\xC4q",
2511	+	"DNS Idle": "J}\\xC4q",
2512	-	"DNS Sleep": "0",
2512	+	"DNS Sleep": "0",
2513	-	"Method1": "GET",
2513	+	"Method1": "GET",
2514	-	"Method2": "POST",
2514	+	"Method2": "POST",
2515	-	"Spawnto_x86": "%windir%\\syswow64\\dllhost.exe",
2515	+	"Spawnto_x86": "%windir%\\syswow64\\dllhost.exe",
2516	-	"Spawnto_x64": "%windir%\\sysnative\\dllhost.exe",
2516	+	"Spawnto_x64": "%windir%\\sysnative\\dllhost.exe",
2517	-	"Proxy_AccessType": "1 (Use direct connection)"
2517	+	"Proxy_AccessType": "1 (Use direct connection)"
2518	-	}
2518	+	}
2519	-	},
2519	+	},
2520	-	"139.60.161.215": {
2520	+	"139.60.161.215": {
2521	-	"x86": {
2521	+	"x86": {
2522	-	"BeaconType": "8 (HTTPS)",
2522	+	"BeaconType": "8 (HTTPS)",
2523	-	"Port": "443",
2523	+	"Port": "443",
2524	-	"Polling": "600000",
2524	+	"Polling": "600000",
2525	-	"Jitter": "28",
2525	+	"Jitter": "28",
2526	-	"Maxdns": "245",
2526	+	"Maxdns": "245",
2527	-	"C2 Server": "139.60.161.215,/jquery-3.3.1.min.js",
2527	+	"C2 Server": "139.60.161.215,/jquery-3.3.1.min.js",
2528	-	"User Agent": "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:47.0) Gecko/20100101 Firefox/47.3",
2528	+	"User Agent": "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:47.0) Gecko/20100101 Firefox/47.3",
2529	-	"HTTP Method Path 2": "/jquery-3.3.2.min.js",
2529	+	"HTTP Method Path 2": "/jquery-3.3.2.min.js",
2530	-	"Header1": "",
2530	+	"Header1": "",
2531	-	"Header2": "",
2531	+	"Header2": "",
2532	-	"PipeName": "",
2532	+	"PipeName": "",
2533	-	"DNS Idle": "\\x08\\x08\\x08\\x08",
2533	+	"DNS Idle": "\\x08\\x08\\x08\\x08",
2534	-	"DNS Sleep": "0",
2534	+	"DNS Sleep": "0",
2535	-	"Method1": "GET",
2535	+	"Method1": "GET",
2536	-	"Method2": "POST",
2536	+	"Method2": "POST",
2537	-	"Spawnto_x86": "%windir%\\syswow64\\dllhost.exe",
2537	+	"Spawnto_x86": "%windir%\\syswow64\\dllhost.exe",
2538	-	"Spawnto_x64": "%windir%\\sysnative\\dllhost.exe",
2538	+	"Spawnto_x64": "%windir%\\sysnative\\dllhost.exe",
2539	-	"Proxy_AccessType": "2 (Use IE settings)"
2539	+	"Proxy_AccessType": "2 (Use IE settings)"
2540	-	},
2540	+	},
2541	-	"x64": {
2541	+	"x64": {
2542	-	"BeaconType": "8 (HTTPS)",
2542	+	"BeaconType": "8 (HTTPS)",
2543	-	"Port": "443",
2543	+	"Port": "443",
2544	-	"Polling": "600000",
2544	+	"Polling": "600000",
2545	-	"Jitter": "28",
2545	+	"Jitter": "28",
2546	-	"Maxdns": "245",
2546	+	"Maxdns": "245",
2547	-	"C2 Server": "139.60.161.215,/jquery-3.3.1.min.js",
2547	+	"C2 Server": "139.60.161.215,/jquery-3.3.1.min.js",
2548	-	"User Agent": "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:47.0) Gecko/20100101 Firefox/47.3",
2548	+	"User Agent": "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:47.0) Gecko/20100101 Firefox/47.3",
2549	-	"HTTP Method Path 2": "/jquery-3.3.2.min.js",
2549	+	"HTTP Method Path 2": "/jquery-3.3.2.min.js",
2550	-	"Header1": "",
2550	+	"Header1": "",
2551	-	"Header2": "",
2551	+	"Header2": "",
2552	-	"PipeName": "",
2552	+	"PipeName": "",
2553	-	"DNS Idle": "\\x08\\x08\\x08\\x08",
2553	+	"DNS Idle": "\\x08\\x08\\x08\\x08",
2554	-	"DNS Sleep": "0",
2554	+	"DNS Sleep": "0",
2555	-	"Method1": "GET",
2555	+	"Method1": "GET",
2556	-	"Method2": "POST",
2556	+	"Method2": "POST",
2557	-	"Spawnto_x86": "%windir%\\syswow64\\dllhost.exe",
2557	+	"Spawnto_x86": "%windir%\\syswow64\\dllhost.exe",
2558	-	"Spawnto_x64": "%windir%\\sysnative\\dllhost.exe",
2558	+	"Spawnto_x64": "%windir%\\sysnative\\dllhost.exe",
2559	-	"Proxy_AccessType": "2 (Use IE settings)"
2559	+	"Proxy_AccessType": "2 (Use IE settings)"
2560	-	}
2560	+	}
2561	-	},
2561	+	},
2562	-	"139.60.162.19": {
2562	+	"139.60.162.19": {
2563	-	"x86": {
2563	+	"x86": {
2564	-	"BeaconType": "8 (HTTPS)",
2564	+	"BeaconType": "8 (HTTPS)",
2565	-	"Port": "443",
2565	+	"Port": "443",
2566	-	"Polling": "60000",
2566	+	"Polling": "60000",
2567	-	"Jitter": "0",
2567	+	"Jitter": "0",
2568	-	"Maxdns": "255",
2568	+	"Maxdns": "255",
2569	-	"C2 Server": "139.60.162.19,/g.pixel",
2569	+	"C2 Server": "139.60.162.19,/g.pixel",
2570	-	"User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; BOIE9;SVSE)",
2570	+	"User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; BOIE9;SVSE)",
2571	-	"HTTP Method Path 2": "/submit.php",
2571	+	"HTTP Method Path 2": "/submit.php",
2572	-	"Header1": "",
2572	+	"Header1": "",
2573	-	"Header2": "",
2573	+	"Header2": "",
2574	-	"PipeName": "",
2574	+	"PipeName": "",
2575	-	"DNS Idle": "\\x00\\x00\\x00\\x00",
2575	+	"DNS Idle": "\\x00\\x00\\x00\\x00",
2576	-	"DNS Sleep": "0",
2576	+	"DNS Sleep": "0",
2577	-	"Method1": "GET",
2577	+	"Method1": "GET",
2578	-	"Method2": "POST",
2578	+	"Method2": "POST",
2579	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
2579	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
2580	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
2580	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
2581	-	"Proxy_AccessType": "2 (Use IE settings)"
2581	+	"Proxy_AccessType": "2 (Use IE settings)"
2582	-	}
2582	+	}
2583	-	},
2583	+	},
2584	-	"139.9.244.218": {
2584	+	"139.9.244.218": {
2585	-	"x86": {
2585	+	"x86": {
2586	-	"BeaconType": "8 (HTTPS)",
2586	+	"BeaconType": "8 (HTTPS)",
2587	-	"Port": "443",
2587	+	"Port": "443",
2588	-	"Polling": "10000",
2588	+	"Polling": "10000",
2589	-	"Jitter": "0",
2589	+	"Jitter": "0",
2590	-	"Maxdns": "255",
2590	+	"Maxdns": "255",
2591	-	"C2 Server": "img.alicdn.com,/contentsvc/microsofticon,at.alicdn.com,/contentsvc/microsofticon,ald.taobao.com,/contentsvc/microsofticon,www.aliyunbaike.com,/contentsvc/microsofticon",
2591	+	"C2 Server": "img.alicdn.com,/contentsvc/microsofticon,at.alicdn.com,/contentsvc/microsofticon,ald.taobao.com,/contentsvc/microsofticon,www.aliyunbaike.com,/contentsvc/microsofticon",
2592	-	"User Agent": "Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)",
2592	+	"User Agent": "Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)",
2593	-	"HTTP Method Path 2": "/NlEditor/CloudSuggest/V1",
2593	+	"HTTP Method Path 2": "/NlEditor/CloudSuggest/V1",
2594	-	"Header1": "",
2594	+	"Header1": "",
2595	-	"Header2": "",
2595	+	"Header2": "",
2596	-	"PipeName": "",
2596	+	"PipeName": "",
2597	-	"DNS Idle": "\\x08\\x08\\x08\\x08",
2597	+	"DNS Idle": "\\x08\\x08\\x08\\x08",
2598	-	"DNS Sleep": "0",
2598	+	"DNS Sleep": "0",
2599	-	"Method1": "GET",
2599	+	"Method1": "GET",
2600	-	"Method2": "POST",
2600	+	"Method2": "POST",
2601	-	"Spawnto_x86": "%windir%\\syswow64\\svchost.exe -k netsvcs",
2601	+	"Spawnto_x86": "%windir%\\syswow64\\svchost.exe -k netsvcs",
2602	-	"Spawnto_x64": "%windir%\\sysnative\\svchost.exe -k netsvcs",
2602	+	"Spawnto_x64": "%windir%\\sysnative\\svchost.exe -k netsvcs",
2603	-	"Proxy_AccessType": "2 (Use IE settings)"
2603	+	"Proxy_AccessType": "2 (Use IE settings)"
2604	-	}
2604	+	}
2605	-	},
2605	+	},
2606	-	"141.164.35.117": {
2606	+	"141.164.35.117": {
2607	-	"x86": {
2607	+	"x86": {
2608	-	"BeaconType": "8 (HTTPS)",
2608	+	"BeaconType": "8 (HTTPS)",
2609	-	"Port": "443",
2609	+	"Port": "443",
2610	-	"Polling": "5000",
2610	+	"Polling": "5000",
2611	-	"Jitter": "0",
2611	+	"Jitter": "0",
2612	-	"Maxdns": "255",
2612	+	"Maxdns": "255",
2613	-	"C2 Server": "coivo2xo.livehost.live,/access/",
2613	+	"C2 Server": "coivo2xo.livehost.live,/access/",
2614	-	"User Agent": "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko",
2614	+	"User Agent": "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko",
2615	-	"HTTP Method Path 2": "/radio/xmlrpc/v35",
2615	+	"HTTP Method Path 2": "/radio/xmlrpc/v35",
2616	-	"Header1": "",
2616	+	"Header1": "",
2617	-	"Header2": "",
2617	+	"Header2": "",
2618	-	"PipeName": "",
2618	+	"PipeName": "",
2619	-	"DNS Idle": "\\x00\\x00\\x00\\x00",
2619	+	"DNS Idle": "\\x00\\x00\\x00\\x00",
2620	-	"DNS Sleep": "0",
2620	+	"DNS Sleep": "0",
2621	-	"Method1": "GET",
2621	+	"Method1": "GET",
2622	-	"Method2": "POST",
2622	+	"Method2": "POST",
2623	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
2623	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
2624	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
2624	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
2625	-	"Proxy_AccessType": "2 (Use IE settings)"
2625	+	"Proxy_AccessType": "2 (Use IE settings)"
2626	-	},
2626	+	},
2627	-	"x64": {
2627	+	"x64": {
2628	-	"BeaconType": "8 (HTTPS)",
2628	+	"BeaconType": "8 (HTTPS)",
2629	-	"Port": "443",
2629	+	"Port": "443",
2630	-	"Polling": "5000",
2630	+	"Polling": "5000",
2631	-	"Jitter": "0",
2631	+	"Jitter": "0",
2632	-	"Maxdns": "255",
2632	+	"Maxdns": "255",
2633	-	"C2 Server": "coivo2xo.livehost.live,/access/",
2633	+	"C2 Server": "coivo2xo.livehost.live,/access/",
2634	-	"User Agent": "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko",
2634	+	"User Agent": "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko",
2635	-	"HTTP Method Path 2": "/radio/xmlrpc/v35",
2635	+	"HTTP Method Path 2": "/radio/xmlrpc/v35",
2636	-	"Header1": "",
2636	+	"Header1": "",
2637	-	"Header2": "",
2637	+	"Header2": "",
2638	-	"PipeName": "",
2638	+	"PipeName": "",
2639	-	"DNS Idle": "\\x00\\x00\\x00\\x00",
2639	+	"DNS Idle": "\\x00\\x00\\x00\\x00",
2640	-	"DNS Sleep": "0",
2640	+	"DNS Sleep": "0",
2641	-	"Method1": "GET",
2641	+	"Method1": "GET",
2642	-	"Method2": "POST",
2642	+	"Method2": "POST",
2643	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
2643	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
2644	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
2644	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
2645	-	"Proxy_AccessType": "2 (Use IE settings)"
2645	+	"Proxy_AccessType": "2 (Use IE settings)"
2646	-	}
2646	+	}
2647	-	},
2647	+	},
2648	-	"142.202.205.57": {
2648	+	"142.202.205.57": {
2649	-	"x86": {
2649	+	"x86": {
2650	-	"BeaconType": "8 (HTTPS)",
2650	+	"BeaconType": "8 (HTTPS)",
2651	-	"Port": "443",
2651	+	"Port": "443",
2652	-	"Polling": "60000",
2652	+	"Polling": "60000",
2653	-	"Jitter": "0",
2653	+	"Jitter": "0",
2654	-	"Maxdns": "255",
2654	+	"Maxdns": "255",
2655	-	"C2 Server": "142.202.205.57,/updates.rss",
2655	+	"C2 Server": "142.202.205.57,/updates.rss",
2656	-	"User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; MALC)",
2656	+	"User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; MALC)",
2657	-	"HTTP Method Path 2": "/submit.php",
2657	+	"HTTP Method Path 2": "/submit.php",
2658	-	"Header1": "",
2658	+	"Header1": "",
2659	-	"Header2": "",
2659	+	"Header2": "",
2660	-	"PipeName": "",
2660	+	"PipeName": "",
2661	-	"DNS Idle": "\\x00\\x00\\x00\\x00",
2661	+	"DNS Idle": "\\x00\\x00\\x00\\x00",
2662	-	"DNS Sleep": "0",
2662	+	"DNS Sleep": "0",
2663	-	"Method1": "GET",
2663	+	"Method1": "GET",
2664	-	"Method2": "POST",
2664	+	"Method2": "POST",
2665	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
2665	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
2666	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
2666	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
2667	-	"Proxy_AccessType": "2 (Use IE settings)"
2667	+	"Proxy_AccessType": "2 (Use IE settings)"
2668	-	}
2668	+	}
2669	-	},
2669	+	},
2670	-	"142.202.205.88": {
2670	+	"142.202.205.88": {
2671	-	"x86": {
2671	+	"x86": {
2672	-	"BeaconType": "8 (HTTPS)",
2672	+	"BeaconType": "8 (HTTPS)",
2673	-	"Port": "443",
2673	+	"Port": "443",
2674	-	"Polling": "60000",
2674	+	"Polling": "60000",
2675	-	"Jitter": "0",
2675	+	"Jitter": "0",
2676	-	"Maxdns": "255",
2676	+	"Maxdns": "255",
2677	-	"C2 Server": "142.202.205.88,/dot.gif",
2677	+	"C2 Server": "142.202.205.88,/dot.gif",
2678	-	"User Agent": "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; WOW64; Trident/6.0; MAGWJS)",
2678	+	"User Agent": "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; WOW64; Trident/6.0; MAGWJS)",
2679	-	"HTTP Method Path 2": "/submit.php",
2679	+	"HTTP Method Path 2": "/submit.php",
2680	-	"Header1": "",
2680	+	"Header1": "",
2681	-	"Header2": "",
2681	+	"Header2": "",
2682	-	"PipeName": "",
2682	+	"PipeName": "",
2683	-	"DNS Idle": "\\x00\\x00\\x00\\x00",
2683	+	"DNS Idle": "\\x00\\x00\\x00\\x00",
2684	-	"DNS Sleep": "0",
2684	+	"DNS Sleep": "0",
2685	-	"Method1": "GET",
2685	+	"Method1": "GET",
2686	-	"Method2": "POST",
2686	+	"Method2": "POST",
2687	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
2687	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
2688	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
2688	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
2689	-	"Proxy_AccessType": "2 (Use IE settings)"
2689	+	"Proxy_AccessType": "2 (Use IE settings)"
2690	-	},
2690	+	},
2691	-	"x64": {
2691	+	"x64": {
2692	-	"BeaconType": "8 (HTTPS)",
2692	+	"BeaconType": "8 (HTTPS)",
2693	-	"Port": "443",
2693	+	"Port": "443",
2694	-	"Polling": "60000",
2694	+	"Polling": "60000",
2695	-	"Jitter": "0",
2695	+	"Jitter": "0",
2696	-	"Maxdns": "255",
2696	+	"Maxdns": "255",
2697	-	"C2 Server": "142.202.205.88,/ptj",
2697	+	"C2 Server": "142.202.205.88,/ptj",
2698	-	"User Agent": "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322)",
2698	+	"User Agent": "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322)",
2699	-	"HTTP Method Path 2": "/submit.php",
2699	+	"HTTP Method Path 2": "/submit.php",
2700	-	"Header1": "",
2700	+	"Header1": "",
2701	-	"Header2": "",
2701	+	"Header2": "",
2702	-	"PipeName": "",
2702	+	"PipeName": "",
2703	-	"DNS Idle": "\\x00\\x00\\x00\\x00",
2703	+	"DNS Idle": "\\x00\\x00\\x00\\x00",
2704	-	"DNS Sleep": "0",
2704	+	"DNS Sleep": "0",
2705	-	"Method1": "GET",
2705	+	"Method1": "GET",
2706	-	"Method2": "POST",
2706	+	"Method2": "POST",
2707	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
2707	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
2708	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
2708	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
2709	-	"Proxy_AccessType": "2 (Use IE settings)"
2709	+	"Proxy_AccessType": "2 (Use IE settings)"
2710	-	}
2710	+	}
2711	-	},
2711	+	},
2712	-	"142.54.188.26": {
2712	+	"142.54.188.26": {
2713	-	"x64": {
2713	+	"x64": {
2714	-	"BeaconType": "8 (HTTPS)",
2714	+	"BeaconType": "8 (HTTPS)",
2715	-	"Port": "443",
2715	+	"Port": "443",
2716	-	"Polling": "5000",
2716	+	"Polling": "5000",
2717	-	"Jitter": "0",
2717	+	"Jitter": "0",
2718	-	"Maxdns": "255",
2718	+	"Maxdns": "255",
2719	-	"C2 Server": "agturnfa.com,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books",
2719	+	"C2 Server": "agturnfa.com,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books",
2720	-	"User Agent": "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko",
2720	+	"User Agent": "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko",
2721	-	"HTTP Method Path 2": "/N4215/adj/amzn.us.sr.aps",
2721	+	"HTTP Method Path 2": "/N4215/adj/amzn.us.sr.aps",
2722	-	"Header1": "",
2722	+	"Header1": "",
2723	-	"Header2": "",
2723	+	"Header2": "",
2724	-	"PipeName": "",
2724	+	"PipeName": "",
2725	-	"DNS Idle": "\\x00\\x00\\x00\\x00",
2725	+	"DNS Idle": "\\x00\\x00\\x00\\x00",
2726	-	"DNS Sleep": "0",
2726	+	"DNS Sleep": "0",
2727	-	"Method1": "GET",
2727	+	"Method1": "GET",
2728	-	"Method2": "POST",
2728	+	"Method2": "POST",
2729	-	"Spawnto_x86": "%windir%\\syswow64\\mstsc.exe",
2729	+	"Spawnto_x86": "%windir%\\syswow64\\mstsc.exe",
2730	-	"Spawnto_x64": "%windir%\\sysnative\\mstsc.exe",
2730	+	"Spawnto_x64": "%windir%\\sysnative\\mstsc.exe",
2731	-	"Proxy_AccessType": "2 (Use IE settings)"
2731	+	"Proxy_AccessType": "2 (Use IE settings)"
2732	-	}
2732	+	}
2733	-	},
2733	+	},
2734	-	"142.93.152.156": {
2734	+	"142.93.152.156": {
2735	-	"x86": {
2735	+	"x86": {
2736	-	"BeaconType": "8 (HTTPS)",
2736	+	"BeaconType": "8 (HTTPS)",
2737	-	"Port": "443",
2737	+	"Port": "443",
2738	-	"Polling": "60000",
2738	+	"Polling": "60000",
2739	-	"Jitter": "70",
2739	+	"Jitter": "70",
2740	-	"C2 Server": "onrnicrosoft.com,/thisisnotevil.gif",
2740	+	"C2 Server": "onrnicrosoft.com,/thisisnotevil.gif",
2741	-	"HTTP Method Path 2": "/send",
2741	+	"HTTP Method Path 2": "/send",
2742	-	"Method1": "GET",
2742	+	"Method1": "GET",
2743	-	"Method2": "POST",
2743	+	"Method2": "POST",
2744	-	"Spawnto_x86": "%windir%\\syswow64\\WerFault.exe",
2744	+	"Spawnto_x86": "%windir%\\syswow64\\WerFault.exe",
2745	-	"Spawnto_x64": "%windir%\\sysnative\\WerFault.exe",
2745	+	"Spawnto_x64": "%windir%\\sysnative\\WerFault.exe",
2746	-	"Proxy_AccessType": "2 (Use IE settings)"
2746	+	"Proxy_AccessType": "2 (Use IE settings)"
2747	-	},
2747	+	},
2748	-	"x64": {
2748	+	"x64": {
2749	-	"BeaconType": "8 (HTTPS)",
2749	+	"BeaconType": "8 (HTTPS)",
2750	-	"Port": "443",
2750	+	"Port": "443",
2751	-	"Polling": "60000",
2751	+	"Polling": "60000",
2752	-	"Jitter": "70",
2752	+	"Jitter": "70",
2753	-	"C2 Server": "onrnicrosoft.com,/thisisnotevil.gif",
2753	+	"C2 Server": "onrnicrosoft.com,/thisisnotevil.gif",
2754	-	"HTTP Method Path 2": "/send",
2754	+	"HTTP Method Path 2": "/send",
2755	-	"Method1": "GET",
2755	+	"Method1": "GET",
2756	-	"Method2": "POST",
2756	+	"Method2": "POST",
2757	-	"Spawnto_x86": "%windir%\\syswow64\\WerFault.exe",
2757	+	"Spawnto_x86": "%windir%\\syswow64\\WerFault.exe",
2758	-	"Spawnto_x64": "%windir%\\sysnative\\WerFault.exe",
2758	+	"Spawnto_x64": "%windir%\\sysnative\\WerFault.exe",
2759	-	"Proxy_AccessType": "2 (Use IE settings)"
2759	+	"Proxy_AccessType": "2 (Use IE settings)"
2760	-	}
2760	+	}
2761	-	},
2761	+	},
2762	-	"142.93.187.11": {
2762	+	"142.93.187.11": {
2763	-	"x86": {
2763	+	"x86": {
2764	-	"BeaconType": "8 (HTTPS)",
2764	+	"BeaconType": "8 (HTTPS)",
2765	-	"Port": "443",
2765	+	"Port": "443",
2766	-	"Polling": "12000",
2766	+	"Polling": "12000",
2767	-	"Jitter": "35",
2767	+	"Jitter": "35",
2768	-	"C2 Server": "142.93.187.11,/u/vercheck,training42.microsoft-essentials.com,/u/vercheck",
2768	+	"C2 Server": "142.93.187.11,/u/vercheck,training42.microsoft-essentials.com,/u/vercheck",
2769	-	"HTTP Method Path 2": "/u/version_status",
2769	+	"HTTP Method Path 2": "/u/version_status",
2770	-	"Method1": "GET",
2770	+	"Method1": "GET",
2771	-	"Method2": "POST",
2771	+	"Method2": "POST",
2772	-	"Spawnto_x86": "%windir%\\syswow64\\svchost.exe -k netsvcs",
2772	+	"Spawnto_x86": "%windir%\\syswow64\\svchost.exe -k netsvcs",
2773	-	"Spawnto_x64": "%windir%\\sysnative\\svchost.exe -k netsvcs",
2773	+	"Spawnto_x64": "%windir%\\sysnative\\svchost.exe -k netsvcs",
2774	-	"Proxy_AccessType": "2 (Use IE settings)"
2774	+	"Proxy_AccessType": "2 (Use IE settings)"
2775	-	}
2775	+	}
2776	-	},
2776	+	},
2777	-	"142.93.98.6": {
2777	+	"142.93.98.6": {
2778	-	"x86": {
2778	+	"x86": {
2779	-	"BeaconType": "8 (HTTPS)",
2779	+	"BeaconType": "8 (HTTPS)",
2780	-	"Port": "443",
2780	+	"Port": "443",
2781	-	"Polling": "60000",
2781	+	"Polling": "60000",
2782	-	"Jitter": "0",
2782	+	"Jitter": "0",
2783	-	"Maxdns": "255",
2783	+	"Maxdns": "255",
2784	-	"C2 Server": "360live.digital,/pixel",
2784	+	"C2 Server": "360live.digital,/pixel",
2785	-	"User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.0; Trident/5.0; BO1IE8_v1;ENUS)",
2785	+	"User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.0; Trident/5.0; BO1IE8_v1;ENUS)",
2786	-	"HTTP Method Path 2": "/submit.php",
2786	+	"HTTP Method Path 2": "/submit.php",
2787	-	"Header1": "",
2787	+	"Header1": "",
2788	-	"Header2": "",
2788	+	"Header2": "",
2789	-	"PipeName": "",
2789	+	"PipeName": "",
2790	-	"DNS Idle": "\\x00\\x00\\x00\\x00",
2790	+	"DNS Idle": "\\x00\\x00\\x00\\x00",
2791	-	"DNS Sleep": "0",
2791	+	"DNS Sleep": "0",
2792	-	"Method1": "GET",
2792	+	"Method1": "GET",
2793	-	"Method2": "POST",
2793	+	"Method2": "POST",
2794	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
2794	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
2795	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
2795	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
2796	-	"Proxy_AccessType": "2 (Use IE settings)"
2796	+	"Proxy_AccessType": "2 (Use IE settings)"
2797	-	}
2797	+	}
2798	-	},
2798	+	},
2799	-	"144.202.112.14": {
2799	+	"144.202.112.14": {
2800	-	"x64": {
2800	+	"x64": {
2801	-	"BeaconType": "8 (HTTPS)",
2801	+	"BeaconType": "8 (HTTPS)",
2802	-	"Port": "443",
2802	+	"Port": "443",
2803	-	"Polling": "5000",
2803	+	"Polling": "5000",
2804	-	"Jitter": "0",
2804	+	"Jitter": "0",
2805	-	"Maxdns": "245",
2805	+	"Maxdns": "245",
2806	-	"C2 Server": "z.ziper.xyz,/image/",
2806	+	"C2 Server": "z.ziper.xyz,/image/",
2807	-	"User Agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_6) Chrome/85.0.4183.102 Safari/537.36",
2807	+	"User Agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_6) Chrome/85.0.4183.102 Safari/537.36",
2808	-	"HTTP Method Path 2": "/history/",
2808	+	"HTTP Method Path 2": "/history/",
2809	-	"Header1": "",
2809	+	"Header1": "",
2810	-	"Header2": "",
2810	+	"Header2": "",
2811	-	"PipeName": "",
2811	+	"PipeName": "",
2812	-	"DNS Idle": "\\x08\\x08\\x08\\x08",
2812	+	"DNS Idle": "\\x08\\x08\\x08\\x08",
2813	-	"DNS Sleep": "0",
2813	+	"DNS Sleep": "0",
2814	-	"Method1": "GET",
2814	+	"Method1": "GET",
2815	-	"Method2": "POST",
2815	+	"Method2": "POST",
2816	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
2816	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
2817	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
2817	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
2818	-	"Proxy_AccessType": "2 (Use IE settings)"
2818	+	"Proxy_AccessType": "2 (Use IE settings)"
2819	-	}
2819	+	}
2820	-	},
2820	+	},
2821	-	"144.217.207.21": {
2821	+	"144.217.207.21": {
2822	-	"x64": {
2822	+	"x64": {
2823	-	"BeaconType": "8 (HTTPS)",
2823	+	"BeaconType": "8 (HTTPS)",
2824	-	"Port": "443",
2824	+	"Port": "443",
2825	-	"Polling": "60000",
2825	+	"Polling": "60000",
2826	-	"Jitter": "0",
2826	+	"Jitter": "0",
2827	-	"Maxdns": "255",
2827	+	"Maxdns": "255",
2828	-	"C2 Server": "52.188.209.63,/visit.js",
2828	+	"C2 Server": "52.188.209.63,/visit.js",
2829	-	"User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; BOIE9;ENUSMSE)",
2829	+	"User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; BOIE9;ENUSMSE)",
2830	-	"HTTP Method Path 2": "/submit.php",
2830	+	"HTTP Method Path 2": "/submit.php",
2831	-	"Header1": "",
2831	+	"Header1": "",
2832	-	"Header2": "",
2832	+	"Header2": "",
2833	-	"PipeName": "",
2833	+	"PipeName": "",
2834	-	"DNS Idle": "\\x00\\x00\\x00\\x00",
2834	+	"DNS Idle": "\\x00\\x00\\x00\\x00",
2835	-	"DNS Sleep": "0",
2835	+	"DNS Sleep": "0",
2836	-	"Method1": "GET",
2836	+	"Method1": "GET",
2837	-	"Method2": "POST",
2837	+	"Method2": "POST",
2838	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
2838	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
2839	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
2839	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
2840	-	"Proxy_AccessType": "2 (Use IE settings)"
2840	+	"Proxy_AccessType": "2 (Use IE settings)"
2841	-	}
2841	+	}
2842	-	},
2842	+	},
2843	-	"145.249.107.130": {
2843	+	"145.249.107.130": {
2844	-	"x86": {
2844	+	"x86": {
2845	-	"BeaconType": "8 (HTTPS)",
2845	+	"BeaconType": "8 (HTTPS)",
2846	-	"Port": "443",
2846	+	"Port": "443",
2847	-	"Polling": "60000",
2847	+	"Polling": "60000",
2848	-	"Jitter": "0",
2848	+	"Jitter": "0",
2849	-	"Maxdns": "255",
2849	+	"Maxdns": "255",
2850	-	"C2 Server": "145.249.107.130,/fwlink",
2850	+	"C2 Server": "145.249.107.130,/fwlink",
2851	-	"User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; FunWebProducts; IE0006_ver1;EN_GB)",
2851	+	"User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; FunWebProducts; IE0006_ver1;EN_GB)",
2852	-	"HTTP Method Path 2": "/submit.php",
2852	+	"HTTP Method Path 2": "/submit.php",
2853	-	"Header1": "",
2853	+	"Header1": "",
2854	-	"Header2": "",
2854	+	"Header2": "",
2855	-	"PipeName": "",
2855	+	"PipeName": "",
2856	-	"DNS Idle": "\\x00\\x00\\x00\\x00",
2856	+	"DNS Idle": "\\x00\\x00\\x00\\x00",
2857	-	"DNS Sleep": "0",
2857	+	"DNS Sleep": "0",
2858	-	"Method1": "GET",
2858	+	"Method1": "GET",
2859	-	"Method2": "POST",
2859	+	"Method2": "POST",
2860	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
2860	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
2861	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
2861	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
2862	-	"Proxy_AccessType": "2 (Use IE settings)"
2862	+	"Proxy_AccessType": "2 (Use IE settings)"
2863	-	},
2863	+	},
2864	-	"x64": {
2864	+	"x64": {
2865	-	"BeaconType": "8 (HTTPS)",
2865	+	"BeaconType": "8 (HTTPS)",
2866	-	"Port": "443",
2866	+	"Port": "443",
2867	-	"Polling": "60000",
2867	+	"Polling": "60000",
2868	-	"Jitter": "0",
2868	+	"Jitter": "0",
2869	-	"Maxdns": "255",
2869	+	"Maxdns": "255",
2870	-	"C2 Server": "145.249.107.130,/pixel",
2870	+	"C2 Server": "145.249.107.130,/pixel",
2871	-	"User Agent": "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; SV1)",
2871	+	"User Agent": "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; SV1)",
2872	-	"HTTP Method Path 2": "/submit.php",
2872	+	"HTTP Method Path 2": "/submit.php",
2873	-	"Header1": "",
2873	+	"Header1": "",
2874	-	"Header2": "",
2874	+	"Header2": "",
2875	-	"PipeName": "",
2875	+	"PipeName": "",
2876	-	"DNS Idle": "\\x00\\x00\\x00\\x00",
2876	+	"DNS Idle": "\\x00\\x00\\x00\\x00",
2877	-	"DNS Sleep": "0",
2877	+	"DNS Sleep": "0",
2878	-	"Method1": "GET",
2878	+	"Method1": "GET",
2879	-	"Method2": "POST",
2879	+	"Method2": "POST",
2880	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
2880	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
2881	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
2881	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
2882	-	"Proxy_AccessType": "2 (Use IE settings)"
2882	+	"Proxy_AccessType": "2 (Use IE settings)"
2883	-	}
2883	+	}
2884	-	},
2884	+	},
2885	-	"146.56.208.33": {
2885	+	"146.56.208.33": {
2886	-	"x86": {
2886	+	"x86": {
2887	-	"BeaconType": "8 (HTTPS)",
2887	+	"BeaconType": "8 (HTTPS)",
2888	-	"Port": "443",
2888	+	"Port": "443",
2889	-	"Polling": "60000",
2889	+	"Polling": "60000",
2890	-	"Jitter": "0",
2890	+	"Jitter": "0",
2891	-	"Maxdns": "255",
2891	+	"Maxdns": "255",
2892	-	"C2 Server": "146.56.208.33,/visit.js",
2892	+	"C2 Server": "146.56.208.33,/visit.js",
2893	-	"User Agent": "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0)",
2893	+	"User Agent": "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0)",
2894	-	"HTTP Method Path 2": "/submit.php",
2894	+	"HTTP Method Path 2": "/submit.php",
2895	-	"Header1": "",
2895	+	"Header1": "",
2896	-	"Header2": "",
2896	+	"Header2": "",
2897	-	"PipeName": "",
2897	+	"PipeName": "",
2898	-	"DNS Idle": "\\x00\\x00\\x00\\x00",
2898	+	"DNS Idle": "\\x00\\x00\\x00\\x00",
2899	-	"DNS Sleep": "0",
2899	+	"DNS Sleep": "0",
2900	-	"Method1": "GET",
2900	+	"Method1": "GET",
2901	-	"Method2": "POST",
2901	+	"Method2": "POST",
2902	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
2902	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
2903	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
2903	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
2904	-	"Proxy_AccessType": "2 (Use IE settings)"
2904	+	"Proxy_AccessType": "2 (Use IE settings)"
2905	-	}
2905	+	}
2906	-	},
2906	+	},
2907	-	"146.6.15.12": {
2907	+	"146.6.15.12": {
2908	-	"x64": {
2908	+	"x64": {
2909	-	"BeaconType": "8 (HTTPS)",
2909	+	"BeaconType": "8 (HTTPS)",
2910	-	"Port": "443",
2910	+	"Port": "443",
2911	-	"Polling": "60000",
2911	+	"Polling": "60000",
2912	-	"Jitter": "0",
2912	+	"Jitter": "0",
2913	-	"C2 Server": "146.6.15.12,/g.pixel",
2913	+	"C2 Server": "146.6.15.12,/g.pixel",
2914	-	"HTTP Method Path 2": "/submit.php",
2914	+	"HTTP Method Path 2": "/submit.php",
2915	-	"Method1": "GET",
2915	+	"Method1": "GET",
2916	-	"Method2": "POST",
2916	+	"Method2": "POST",
2917	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
2917	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
2918	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
2918	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
2919	-	"Proxy_AccessType": "2 (Use IE settings)"
2919	+	"Proxy_AccessType": "2 (Use IE settings)"
2920	-	}
2920	+	}
2921	-	},
2921	+	},
2922	-	"149.129.53.162": {
2922	+	"149.129.53.162": {
2923	-	"x86": {
2923	+	"x86": {
2924	-	"BeaconType": "8 (HTTPS)",
2924	+	"BeaconType": "8 (HTTPS)",
2925	-	"Port": "443",
2925	+	"Port": "443",
2926	-	"Polling": "5000",
2926	+	"Polling": "5000",
2927	-	"Jitter": "10",
2927	+	"Jitter": "10",
2928	-	"Maxdns": "235",
2928	+	"Maxdns": "235",
2929	-	"C2 Server": "sit.watchdog3.com,/updates",
2929	+	"C2 Server": "sit.watchdog3.com,/updates",
2930	-	"User Agent": "Mozilla/5.0 (Windows NT 6.1; rv:24.0) Gecko/20100101 Firefox/24.0",
2930	+	"User Agent": "Mozilla/5.0 (Windows NT 6.1; rv:24.0) Gecko/20100101 Firefox/24.0",
2931	-	"HTTP Method Path 2": "/aircanada/dark.php",
2931	+	"HTTP Method Path 2": "/aircanada/dark.php",
2932	-	"Header1": "",
2932	+	"Header1": "",
2933	-	"Header2": "",
2933	+	"Header2": "",
2934	-	"PipeName": "",
2934	+	"PipeName": "",
2935	-	"DNS Idle": "\\x08\\x08\\x04\\x04",
2935	+	"DNS Idle": "\\x08\\x08\\x04\\x04",
2936	-	"DNS Sleep": "0",
2936	+	"DNS Sleep": "0",
2937	-	"Method1": "GET",
2937	+	"Method1": "GET",
2938	-	"Method2": "POST",
2938	+	"Method2": "POST",
2939	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
2939	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
2940	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
2940	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
2941	-	"Proxy_AccessType": "2 (Use IE settings)"
2941	+	"Proxy_AccessType": "2 (Use IE settings)"
2942	-	},
2942	+	},
2943	-	"x64": {
2943	+	"x64": {
2944	-	"BeaconType": "8 (HTTPS)",
2944	+	"BeaconType": "8 (HTTPS)",
2945	-	"Port": "443",
2945	+	"Port": "443",
2946	-	"Polling": "5000",
2946	+	"Polling": "5000",
2947	-	"Jitter": "10",
2947	+	"Jitter": "10",
2948	-	"Maxdns": "235",
2948	+	"Maxdns": "235",
2949	-	"C2 Server": "sit.watchdog3.com,/updates",
2949	+	"C2 Server": "sit.watchdog3.com,/updates",
2950	-	"User Agent": "Mozilla/5.0 (Windows NT 6.1; rv:24.0) Gecko/20100101 Firefox/24.0",
2950	+	"User Agent": "Mozilla/5.0 (Windows NT 6.1; rv:24.0) Gecko/20100101 Firefox/24.0",
2951	-	"HTTP Method Path 2": "/aircanada/dark.php",
2951	+	"HTTP Method Path 2": "/aircanada/dark.php",
2952	-	"Header1": "",
2952	+	"Header1": "",
2953	-	"Header2": "",
2953	+	"Header2": "",
2954	-	"PipeName": "",
2954	+	"PipeName": "",
2955	-	"DNS Idle": "\\x08\\x08\\x04\\x04",
2955	+	"DNS Idle": "\\x08\\x08\\x04\\x04",
2956	-	"DNS Sleep": "0",
2956	+	"DNS Sleep": "0",
2957	-	"Method1": "GET",
2957	+	"Method1": "GET",
2958	-	"Method2": "POST",
2958	+	"Method2": "POST",
2959	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
2959	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
2960	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
2960	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
2961	-	"Proxy_AccessType": "2 (Use IE settings)"
2961	+	"Proxy_AccessType": "2 (Use IE settings)"
2962	-	}
2962	+	}
2963	-	},
2963	+	},
2964	-	"149.28.20.245": {
2964	+	"149.28.20.245": {
2965	-	"x86": {
2965	+	"x86": {
2966	-	"BeaconType": "8 (HTTPS)",
2966	+	"BeaconType": "8 (HTTPS)",
2967	-	"Port": "443",
2967	+	"Port": "443",
2968	-	"Polling": "60000",
2968	+	"Polling": "60000",
2969	-	"Jitter": "20",
2969	+	"Jitter": "20",
2970	-	"Maxdns": "235",
2970	+	"Maxdns": "235",
2971	-	"C2 Server": "149.28.20.245,/search/",
2971	+	"C2 Server": "149.28.20.245,/search/",
2972	-	"User Agent": "Mozilla/5.0 (compatible, MSIE 11, Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko",
2972	+	"User Agent": "Mozilla/5.0 (compatible, MSIE 11, Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko",
2973	-	"HTTP Method Path 2": "/Search/",
2973	+	"HTTP Method Path 2": "/Search/",
2974	-	"Header1": "",
2974	+	"Header1": "",
2975	-	"Header2": "",
2975	+	"Header2": "",
2976	-	"PipeName": "",
2976	+	"PipeName": "",
2977	-	"DNS Idle": "\\x08\\x08\\x04\\x04",
2977	+	"DNS Idle": "\\x08\\x08\\x04\\x04",
2978	-	"DNS Sleep": "0",
2978	+	"DNS Sleep": "0",
2979	-	"Method1": "GET",
2979	+	"Method1": "GET",
2980	-	"Method2": "GET",
2980	+	"Method2": "GET",
2981	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
2981	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
2982	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
2982	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
2983	-	"Proxy_AccessType": "1 (Use direct connection)"
2983	+	"Proxy_AccessType": "1 (Use direct connection)"
2984	-	}
2984	+	}
2985	-	},
2985	+	},
2986	-	"149.28.95.180": {
2986	+	"149.28.95.180": {
2987	-	"x86": {
2987	+	"x86": {
2988	-	"BeaconType": "8 (HTTPS)",
2988	+	"BeaconType": "8 (HTTPS)",
2989	-	"Port": "443",
2989	+	"Port": "443",
2990	-	"Polling": "60000",
2990	+	"Polling": "60000",
2991	-	"Jitter": "0",
2991	+	"Jitter": "0",
2992	-	"Maxdns": "255",
2992	+	"Maxdns": "255",
2993	-	"C2 Server": "149.28.95.180,/en_US/all.js",
2993	+	"C2 Server": "149.28.95.180,/en_US/all.js",
2994	-	"User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MAAU)",
2994	+	"User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MAAU)",
2995	-	"HTTP Method Path 2": "/submit.php",
2995	+	"HTTP Method Path 2": "/submit.php",
2996	-	"Header1": "",
2996	+	"Header1": "",
2997	-	"Header2": "",
2997	+	"Header2": "",
2998	-	"PipeName": "",
2998	+	"PipeName": "",
2999	-	"DNS Idle": "\\x00\\x00\\x00\\x00",
2999	+	"DNS Idle": "\\x00\\x00\\x00\\x00",
3000	-	"DNS Sleep": "0",
3000	+	"DNS Sleep": "0",
3001	-	"Method1": "GET",
3001	+	"Method1": "GET",
3002	-	"Method2": "POST",
3002	+	"Method2": "POST",
3003	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
3003	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
3004	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
3004	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
3005	-	"Proxy_AccessType": "2 (Use IE settings)"
3005	+	"Proxy_AccessType": "2 (Use IE settings)"
3006	-	}
3006	+	}
3007	-	},
3007	+	},
3008	-	"149.6.167.60": {
3008	+	"149.6.167.60": {
3009	-	"x86": {
3009	+	"x86": {
3010	-	"BeaconType": "8 (HTTPS)",
3010	+	"BeaconType": "8 (HTTPS)",
3011	-	"Port": "443",
3011	+	"Port": "443",
3012	-	"Polling": "5000",
3012	+	"Polling": "5000",
3013	-	"Jitter": "37",
3013	+	"Jitter": "37",
3014	-	"C2 Server": "CLIENT.ELISEA-MUTUELLE.fr,/jquery-3.3.1.min.js",
3014	+	"C2 Server": "CLIENT.ELISEA-MUTUELLE.fr,/jquery-3.3.1.min.js",
3015	-	"HTTP Method Path 2": "/jquery-3.3.2.min.js",
3015	+	"HTTP Method Path 2": "/jquery-3.3.2.min.js",
3016	-	"Method1": "GET",
3016	+	"Method1": "GET",
3017	-	"Method2": "POST",
3017	+	"Method2": "POST",
3018	-	"Spawnto_x86": "%windir%\\syswow64\\WerFault.exe -u -p 223",
3018	+	"Spawnto_x86": "%windir%\\syswow64\\WerFault.exe -u -p 223",
3019	-	"Spawnto_x64": "%windir%\\sysnative\\WerFault.exe -u -p 223",
3019	+	"Spawnto_x64": "%windir%\\sysnative\\WerFault.exe -u -p 223",
3020	-	"Proxy_AccessType": "2 (Use IE settings)"
3020	+	"Proxy_AccessType": "2 (Use IE settings)"
3021	-	},
3021	+	},
3022	-	"x64": {
3022	+	"x64": {
3023	-	"BeaconType": "8 (HTTPS)",
3023	+	"BeaconType": "8 (HTTPS)",
3024	-	"Port": "443",
3024	+	"Port": "443",
3025	-	"Polling": "5000",
3025	+	"Polling": "5000",
3026	-	"Jitter": "37",
3026	+	"Jitter": "37",
3027	-	"C2 Server": "CLIENT.ELISEA-MUTUELLE.fr,/jquery-3.3.1.min.js",
3027	+	"C2 Server": "CLIENT.ELISEA-MUTUELLE.fr,/jquery-3.3.1.min.js",
3028	-	"HTTP Method Path 2": "/jquery-3.3.2.min.js",
3028	+	"HTTP Method Path 2": "/jquery-3.3.2.min.js",
3029	-	"Method1": "GET",
3029	+	"Method1": "GET",
3030	-	"Method2": "POST",
3030	+	"Method2": "POST",
3031	-	"Spawnto_x86": "%windir%\\syswow64\\WerFault.exe -u -p 223",
3031	+	"Spawnto_x86": "%windir%\\syswow64\\WerFault.exe -u -p 223",
3032	-	"Spawnto_x64": "%windir%\\sysnative\\WerFault.exe -u -p 223",
3032	+	"Spawnto_x64": "%windir%\\sysnative\\WerFault.exe -u -p 223",
3033	-	"Proxy_AccessType": "2 (Use IE settings)"
3033	+	"Proxy_AccessType": "2 (Use IE settings)"
3034	-	}
3034	+	}
3035	-	},
3035	+	},
3036	-	"15.188.88.72": {
3036	+	"15.188.88.72": {
3037	-	"x86": {
3037	+	"x86": {
3038	-	"BeaconType": "8 (HTTPS)",
3038	+	"BeaconType": "8 (HTTPS)",
3039	-	"Port": "443",
3039	+	"Port": "443",
3040	-	"Polling": "600000",
3040	+	"Polling": "600000",
3041	-	"Jitter": "50",
3041	+	"Jitter": "50",
3042	-	"Maxdns": "235",
3042	+	"Maxdns": "235",
3043	-	"C2 Server": "tmestoragetest.azureedge.net,/obj_",
3043	+	"C2 Server": "tmestoragetest.azureedge.net,/obj_",
3044	-	"User Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.130 Safari/537.36",
3044	+	"User Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.130 Safari/537.36",
3045	-	"HTTP Method Path 2": "/upload",
3045	+	"HTTP Method Path 2": "/upload",
3046	-	"Header1": "",
3046	+	"Header1": "",
3047	-	"Header2": "",
3047	+	"Header2": "",
3048	-	"PipeName": "",
3048	+	"PipeName": "",
3049	-	"DNS Idle": "\\x08\\x08\\x04\\x04",
3049	+	"DNS Idle": "\\x08\\x08\\x04\\x04",
3050	-	"DNS Sleep": "0",
3050	+	"DNS Sleep": "0",
3051	-	"Method1": "GET",
3051	+	"Method1": "GET",
3052	-	"Method2": "POST",
3052	+	"Method2": "POST",
3053	-	"Spawnto_x86": "%windir%\\syswow64\\svchost.exe -k LocalService",
3053	+	"Spawnto_x86": "%windir%\\syswow64\\svchost.exe -k LocalService",
3054	-	"Spawnto_x64": "%windir%\\sysnative\\svchost.exe -k LocalService",
3054	+	"Spawnto_x64": "%windir%\\sysnative\\svchost.exe -k LocalService",
3055	-	"Proxy_AccessType": "2 (Use IE settings)"
3055	+	"Proxy_AccessType": "2 (Use IE settings)"
3056	-	}
3056	+	}
3057	-	},
3057	+	},
3058	-	"15.222.241.107": {
3058	+	"15.222.241.107": {
3059	-	"x86": {
3059	+	"x86": {
3060	-	"BeaconType": "8 (HTTPS)",
3060	+	"BeaconType": "8 (HTTPS)",
3061	-	"Port": "443",
3061	+	"Port": "443",
3062	-	"Polling": "45000",
3062	+	"Polling": "45000",
3063	-	"Jitter": "37",
3063	+	"Jitter": "37",
3064	-	"C2 Server": "jquery.soundcloudcdn.com,/jquery-3.3.1.min.js",
3064	+	"C2 Server": "jquery.soundcloudcdn.com,/jquery-3.3.1.min.js",
3065	-	"HTTP Method Path 2": "/jquery-3.3.2.min.js",
3065	+	"HTTP Method Path 2": "/jquery-3.3.2.min.js",
3066	-	"Method1": "GET",
3066	+	"Method1": "GET",
3067	-	"Method2": "POST",
3067	+	"Method2": "POST",
3068	-	"Spawnto_x86": "%windir%\\syswow64\\dllhost.exe",
3068	+	"Spawnto_x86": "%windir%\\syswow64\\dllhost.exe",
3069	-	"Spawnto_x64": "%windir%\\sysnative\\dllhost.exe",
3069	+	"Spawnto_x64": "%windir%\\sysnative\\dllhost.exe",
3070	-	"Proxy_AccessType": "2 (Use IE settings)"
3070	+	"Proxy_AccessType": "2 (Use IE settings)"
3071	-	}
3071	+	}
3072	-	},
3072	+	},
3073	-	"153.92.127.203": {
3073	+	"153.92.127.203": {
3074	-	"x86": {
3074	+	"x86": {
3075	-	"BeaconType": "8 (HTTPS)",
3075	+	"BeaconType": "8 (HTTPS)",
3076	-	"Port": "443",
3076	+	"Port": "443",
3077	-	"Polling": "60000",
3077	+	"Polling": "60000",
3078	-	"Jitter": "0",
3078	+	"Jitter": "0",
3079	-	"Maxdns": "255",
3079	+	"Maxdns": "255",
3080	-	"C2 Server": "io.amscloud.xyz,/ping,d2dtgcu8n83vy7.cloudfront.net,/ping,d1iz6lkxr9mblm.cloudfront.net,/ping",
3080	+	"C2 Server": "io.amscloud.xyz,/ping,d2dtgcu8n83vy7.cloudfront.net,/ping,d1iz6lkxr9mblm.cloudfront.net,/ping",
3081	-	"User Agent": "Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko",
3081	+	"User Agent": "Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko",
3082	-	"HTTP Method Path 2": "/pong",
3082	+	"HTTP Method Path 2": "/pong",
3083	-	"Header1": "",
3083	+	"Header1": "",
3084	-	"Header2": "",
3084	+	"Header2": "",
3085	-	"PipeName": "",
3085	+	"PipeName": "",
3086	-	"DNS Idle": "\\x00\\x00\\x00\\x00",
3086	+	"DNS Idle": "\\x00\\x00\\x00\\x00",
3087	-	"DNS Sleep": "0",
3087	+	"DNS Sleep": "0",
3088	-	"Method1": "GET",
3088	+	"Method1": "GET",
3089	-	"Method2": "POST",
3089	+	"Method2": "POST",
3090	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
3090	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
3091	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
3091	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
3092	-	"Proxy_AccessType": "2 (Use IE settings)"
3092	+	"Proxy_AccessType": "2 (Use IE settings)"
3093	-	}
3093	+	}
3094	-	},
3094	+	},
3095	-	"153.92.127.208": {
3095	+	"153.92.127.208": {
3096	-	"x86": {
3096	+	"x86": {
3097	-	"BeaconType": "8 (HTTPS)",
3097	+	"BeaconType": "8 (HTTPS)",
3098	-	"Port": "443",
3098	+	"Port": "443",
3099	-	"Polling": "60000",
3099	+	"Polling": "60000",
3100	-	"Jitter": "0",
3100	+	"Jitter": "0",
3101	-	"Maxdns": "255",
3101	+	"Maxdns": "255",
3102	-	"C2 Server": "io.amscloud.xyz,/ping,d2dtgcu8n83vy7.cloudfront.net,/ping,d1iz6lkxr9mblm.cloudfront.net,/ping",
3102	+	"C2 Server": "io.amscloud.xyz,/ping,d2dtgcu8n83vy7.cloudfront.net,/ping,d1iz6lkxr9mblm.cloudfront.net,/ping",
3103	-	"User Agent": "Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko",
3103	+	"User Agent": "Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko",
3104	-	"HTTP Method Path 2": "/pong",
3104	+	"HTTP Method Path 2": "/pong",
3105	-	"Header1": "",
3105	+	"Header1": "",
3106	-	"Header2": "",
3106	+	"Header2": "",
3107	-	"PipeName": "",
3107	+	"PipeName": "",
3108	-	"DNS Idle": "\\x00\\x00\\x00\\x00",
3108	+	"DNS Idle": "\\x00\\x00\\x00\\x00",
3109	-	"DNS Sleep": "0",
3109	+	"DNS Sleep": "0",
3110	-	"Method1": "GET",
3110	+	"Method1": "GET",
3111	-	"Method2": "POST",
3111	+	"Method2": "POST",
3112	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
3112	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
3113	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
3113	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
3114	-	"Proxy_AccessType": "2 (Use IE settings)"
3114	+	"Proxy_AccessType": "2 (Use IE settings)"
3115	-	},
3115	+	},
3116	-	"x64": {
3116	+	"x64": {
3117	-	"BeaconType": "8 (HTTPS)",
3117	+	"BeaconType": "8 (HTTPS)",
3118	-	"Port": "443",
3118	+	"Port": "443",
3119	-	"Polling": "60000",
3119	+	"Polling": "60000",
3120	-	"Jitter": "0",
3120	+	"Jitter": "0",
3121	-	"Maxdns": "255",
3121	+	"Maxdns": "255",
3122	-	"C2 Server": "io.amscloud.xyz,/ping,d2dtgcu8n83vy7.cloudfront.net,/ping,d1iz6lkxr9mblm.cloudfront.net,/ping",
3122	+	"C2 Server": "io.amscloud.xyz,/ping,d2dtgcu8n83vy7.cloudfront.net,/ping,d1iz6lkxr9mblm.cloudfront.net,/ping",
3123	-	"User Agent": "Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko",
3123	+	"User Agent": "Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko",
3124	-	"HTTP Method Path 2": "/pong",
3124	+	"HTTP Method Path 2": "/pong",
3125	-	"Header1": "",
3125	+	"Header1": "",
3126	-	"Header2": "",
3126	+	"Header2": "",
3127	-	"PipeName": "",
3127	+	"PipeName": "",
3128	-	"DNS Idle": "\\x00\\x00\\x00\\x00",
3128	+	"DNS Idle": "\\x00\\x00\\x00\\x00",
3129	-	"DNS Sleep": "0",
3129	+	"DNS Sleep": "0",
3130	-	"Method1": "GET",
3130	+	"Method1": "GET",
3131	-	"Method2": "POST",
3131	+	"Method2": "POST",
3132	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
3132	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
3133	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
3133	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
3134	-	"Proxy_AccessType": "2 (Use IE settings)"
3134	+	"Proxy_AccessType": "2 (Use IE settings)"
3135	-	}
3135	+	}
3136	-	},
3136	+	},
3137	-	"154.86.46.35": {
3137	+	"154.86.46.35": {
3138	-	"x64": {
3138	+	"x64": {
3139	-	"BeaconType": "8 (HTTPS)",
3139	+	"BeaconType": "8 (HTTPS)",
3140	-	"Port": "443",
3140	+	"Port": "443",
3141	-	"Polling": "60000",
3141	+	"Polling": "60000",
3142	-	"Jitter": "0",
3142	+	"Jitter": "0",
3143	-	"Maxdns": "255",
3143	+	"Maxdns": "255",
3144	-	"C2 Server": "154.86.46.35,/IE9CompatViewList.xml",
3144	+	"C2 Server": "154.86.46.35,/IE9CompatViewList.xml",
3145	-	"User Agent": "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)",
3145	+	"User Agent": "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)",
3146	-	"HTTP Method Path 2": "/submit.php",
3146	+	"HTTP Method Path 2": "/submit.php",
3147	-	"Header1": "",
3147	+	"Header1": "",
3148	-	"Header2": "",
3148	+	"Header2": "",
3149	-	"PipeName": "",
3149	+	"PipeName": "",
3150	-	"DNS Idle": "\\x00\\x00\\x00\\x00",
3150	+	"DNS Idle": "\\x00\\x00\\x00\\x00",
3151	-	"DNS Sleep": "0",
3151	+	"DNS Sleep": "0",
3152	-	"Method1": "GET",
3152	+	"Method1": "GET",
3153	-	"Method2": "POST",
3153	+	"Method2": "POST",
3154	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
3154	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
3155	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
3155	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
3156	-	"Proxy_AccessType": "2 (Use IE settings)"
3156	+	"Proxy_AccessType": "2 (Use IE settings)"
3157	-	}
3157	+	}
3158	-	},
3158	+	},
3159	-	"155.138.230.65": {
3159	+	"155.138.230.65": {
3160	-	"x86": {
3160	+	"x86": {
3161	-	"BeaconType": "8 (HTTPS)",
3161	+	"BeaconType": "8 (HTTPS)",
3162	-	"Port": "443",
3162	+	"Port": "443",
3163	-	"Polling": "60000",
3163	+	"Polling": "60000",
3164	-	"Jitter": "20",
3164	+	"Jitter": "20",
3165	-	"Maxdns": "235",
3165	+	"Maxdns": "235",
3166	-	"C2 Server": "155.138.230.65,/viewerng/meta",
3166	+	"C2 Server": "155.138.230.65,/viewerng/meta",
3167	-	"User Agent": "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko",
3167	+	"User Agent": "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko",
3168	-	"HTTP Method Path 2": "/viewersng/meta",
3168	+	"HTTP Method Path 2": "/viewersng/meta",
3169	-	"Header1": "",
3169	+	"Header1": "",
3170	-	"Header2": "",
3170	+	"Header2": "",
3171	-	"PipeName": "",
3171	+	"PipeName": "",
3172	-	"DNS Idle": "\\x08\\x08\\x04\\x04",
3172	+	"DNS Idle": "\\x08\\x08\\x04\\x04",
3173	-	"DNS Sleep": "0",
3173	+	"DNS Sleep": "0",
3174	-	"Method1": "GET",
3174	+	"Method1": "GET",
3175	-	"Method2": "GET",
3175	+	"Method2": "GET",
3176	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
3176	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
3177	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
3177	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
3178	-	"Proxy_AccessType": "2 (Use IE settings)"
3178	+	"Proxy_AccessType": "2 (Use IE settings)"
3179	-	}
3179	+	}
3180	-	},
3180	+	},
3181	-	"155.138.245.98": {
3181	+	"155.138.245.98": {
3182	-	"x64": {
3182	+	"x64": {
3183	-	"BeaconType": "8 (HTTPS)",
3183	+	"BeaconType": "8 (HTTPS)",
3184	-	"Port": "443",
3184	+	"Port": "443",
3185	-	"Polling": "60000",
3185	+	"Polling": "60000",
3186	-	"Jitter": "0",
3186	+	"Jitter": "0",
3187	-	"C2 Server": "155.138.245.98,/pixel.gif",
3187	+	"C2 Server": "155.138.245.98,/pixel.gif",
3188	-	"HTTP Method Path 2": "/submit.php",
3188	+	"HTTP Method Path 2": "/submit.php",
3189	-	"Method1": "GET",
3189	+	"Method1": "GET",
3190	-	"Method2": "POST",
3190	+	"Method2": "POST",
3191	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
3191	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
3192	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
3192	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
3193	-	"Proxy_AccessType": "2 (Use IE settings)"
3193	+	"Proxy_AccessType": "2 (Use IE settings)"
3194	-	}
3194	+	}
3195	-	},
3195	+	},
3196	-	"156.226.191.234": {
3196	+	"156.226.191.234": {
3197	-	"x86": {
3197	+	"x86": {
3198	-	"BeaconType": "8 (HTTPS)",
3198	+	"BeaconType": "8 (HTTPS)",
3199	-	"Port": "443",
3199	+	"Port": "443",
3200	-	"Polling": "60000",
3200	+	"Polling": "60000",
3201	-	"Jitter": "15",
3201	+	"Jitter": "15",
3202	-	"Maxdns": "255",
3202	+	"Maxdns": "255",
3203	-	"C2 Server": "156.226.191.234,/_/scs/mail-static/_/js/,djiqowenlsakdj.com,/_/scs/mail-static/_/js/",
3203	+	"C2 Server": "156.226.191.234,/_/scs/mail-static/_/js/,djiqowenlsakdj.com,/_/scs/mail-static/_/js/",
3204	-	"User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MALCJS)",
3204	+	"User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MALCJS)",
3205	-	"HTTP Method Path 2": "/mail/u/0/",
3205	+	"HTTP Method Path 2": "/mail/u/0/",
3206	-	"Header1": "",
3206	+	"Header1": "",
3207	-	"Header2": "",
3207	+	"Header2": "",
3208	-	"PipeName": "",
3208	+	"PipeName": "",
3209	-	"DNS Idle": "\\x08\\x08\\x04\\x04",
3209	+	"DNS Idle": "\\x08\\x08\\x04\\x04",
3210	-	"DNS Sleep": "0",
3210	+	"DNS Sleep": "0",
3211	-	"Method1": "GET",
3211	+	"Method1": "GET",
3212	-	"Method2": "POST",
3212	+	"Method2": "POST",
3213	-	"Spawnto_x86": "%windir%\\syswow64\\notepad.exe",
3213	+	"Spawnto_x86": "%windir%\\syswow64\\notepad.exe",
3214	-	"Spawnto_x64": "%windir%\\sysnative\\notepad.exe",
3214	+	"Spawnto_x64": "%windir%\\sysnative\\notepad.exe",
3215	-	"Proxy_AccessType": "2 (Use IE settings)"
3215	+	"Proxy_AccessType": "2 (Use IE settings)"
3216	-	},
3216	+	},
3217	-	"x64": {
3217	+	"x64": {
3218	-	"BeaconType": "8 (HTTPS)",
3218	+	"BeaconType": "8 (HTTPS)",
3219	-	"Port": "443",
3219	+	"Port": "443",
3220	-	"Polling": "60000",
3220	+	"Polling": "60000",
3221	-	"Jitter": "15",
3221	+	"Jitter": "15",
3222	-	"Maxdns": "255",
3222	+	"Maxdns": "255",
3223	-	"C2 Server": "156.226.191.234,/_/scs/mail-static/_/js/,djiqowenlsakdj.com,/_/scs/mail-static/_/js/",
3223	+	"C2 Server": "156.226.191.234,/_/scs/mail-static/_/js/,djiqowenlsakdj.com,/_/scs/mail-static/_/js/",
3224	-	"User Agent": "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; QQDownload 733; .NET CLR 2.0.50727)",
3224	+	"User Agent": "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; QQDownload 733; .NET CLR 2.0.50727)",
3225	-	"HTTP Method Path 2": "/mail/u/0/",
3225	+	"HTTP Method Path 2": "/mail/u/0/",
3226	-	"Header1": "",
3226	+	"Header1": "",
3227	-	"Header2": "",
3227	+	"Header2": "",
3228	-	"PipeName": "",
3228	+	"PipeName": "",
3229	-	"DNS Idle": "\\x08\\x08\\x04\\x04",
3229	+	"DNS Idle": "\\x08\\x08\\x04\\x04",
3230	-	"DNS Sleep": "0",
3230	+	"DNS Sleep": "0",
3231	-	"Method1": "GET",
3231	+	"Method1": "GET",
3232	-	"Method2": "POST",
3232	+	"Method2": "POST",
3233	-	"Spawnto_x86": "%windir%\\syswow64\\notepad.exe",
3233	+	"Spawnto_x86": "%windir%\\syswow64\\notepad.exe",
3234	-	"Spawnto_x64": "%windir%\\sysnative\\notepad.exe",
3234	+	"Spawnto_x64": "%windir%\\sysnative\\notepad.exe",
3235	-	"Proxy_AccessType": "2 (Use IE settings)"
3235	+	"Proxy_AccessType": "2 (Use IE settings)"
3236	-	}
3236	+	}
3237	-	},
3237	+	},
3238	-	"156.226.191.235": {
3238	+	"156.226.191.235": {
3239	-	"x86": {
3239	+	"x86": {
3240	-	"BeaconType": "8 (HTTPS)",
3240	+	"BeaconType": "8 (HTTPS)",
3241	-	"Port": "443",
3241	+	"Port": "443",
3242	-	"Polling": "60000",
3242	+	"Polling": "60000",
3243	-	"Jitter": "15",
3243	+	"Jitter": "15",
3244	-	"Maxdns": "255",
3244	+	"Maxdns": "255",
3245	-	"C2 Server": "156.226.191.234,/_/scs/mail-static/_/js/,djiqowenlsakdj.com,/_/scs/mail-static/_/js/",
3245	+	"C2 Server": "156.226.191.234,/_/scs/mail-static/_/js/,djiqowenlsakdj.com,/_/scs/mail-static/_/js/",
3246	-	"User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MALCJS)",
3246	+	"User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MALCJS)",
3247	-	"HTTP Method Path 2": "/mail/u/0/",
3247	+	"HTTP Method Path 2": "/mail/u/0/",
3248	-	"Header1": "",
3248	+	"Header1": "",
3249	-	"Header2": "",
3249	+	"Header2": "",
3250	-	"PipeName": "",
3250	+	"PipeName": "",
3251	-	"DNS Idle": "\\x08\\x08\\x04\\x04",
3251	+	"DNS Idle": "\\x08\\x08\\x04\\x04",
3252	-	"DNS Sleep": "0",
3252	+	"DNS Sleep": "0",
3253	-	"Method1": "GET",
3253	+	"Method1": "GET",
3254	-	"Method2": "POST",
3254	+	"Method2": "POST",
3255	-	"Spawnto_x86": "%windir%\\syswow64\\notepad.exe",
3255	+	"Spawnto_x86": "%windir%\\syswow64\\notepad.exe",
3256	-	"Spawnto_x64": "%windir%\\sysnative\\notepad.exe",
3256	+	"Spawnto_x64": "%windir%\\sysnative\\notepad.exe",
3257	-	"Proxy_AccessType": "2 (Use IE settings)"
3257	+	"Proxy_AccessType": "2 (Use IE settings)"
3258	-	}
3258	+	}
3259	-	},
3259	+	},
3260	-	"156.226.191.236": {
3260	+	"156.226.191.236": {
3261	-	"x64": {
3261	+	"x64": {
3262	-	"BeaconType": "8 (HTTPS)",
3262	+	"BeaconType": "8 (HTTPS)",
3263	-	"Port": "443",
3263	+	"Port": "443",
3264	-	"Polling": "60000",
3264	+	"Polling": "60000",
3265	-	"Jitter": "15",
3265	+	"Jitter": "15",
3266	-	"Maxdns": "255",
3266	+	"Maxdns": "255",
3267	-	"C2 Server": "156.226.191.234,/_/scs/mail-static/_/js/,djiqowenlsakdj.com,/_/scs/mail-static/_/js/",
3267	+	"C2 Server": "156.226.191.234,/_/scs/mail-static/_/js/,djiqowenlsakdj.com,/_/scs/mail-static/_/js/",
3268	-	"User Agent": "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; QQDownload 733; .NET CLR 2.0.50727)",
3268	+	"User Agent": "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; QQDownload 733; .NET CLR 2.0.50727)",
3269	-	"HTTP Method Path 2": "/mail/u/0/",
3269	+	"HTTP Method Path 2": "/mail/u/0/",
3270	-	"Header1": "",
3270	+	"Header1": "",
3271	-	"Header2": "",
3271	+	"Header2": "",
3272	-	"PipeName": "",
3272	+	"PipeName": "",
3273	-	"DNS Idle": "\\x08\\x08\\x04\\x04",
3273	+	"DNS Idle": "\\x08\\x08\\x04\\x04",
3274	-	"DNS Sleep": "0",
3274	+	"DNS Sleep": "0",
3275	-	"Method1": "GET",
3275	+	"Method1": "GET",
3276	-	"Method2": "POST",
3276	+	"Method2": "POST",
3277	-	"Spawnto_x86": "%windir%\\syswow64\\notepad.exe",
3277	+	"Spawnto_x86": "%windir%\\syswow64\\notepad.exe",
3278	-	"Spawnto_x64": "%windir%\\sysnative\\notepad.exe",
3278	+	"Spawnto_x64": "%windir%\\sysnative\\notepad.exe",
3279	-	"Proxy_AccessType": "2 (Use IE settings)"
3279	+	"Proxy_AccessType": "2 (Use IE settings)"
3280	-	}
3280	+	}
3281	-	},
3281	+	},
3282	-	"156.226.191.237": {
3282	+	"156.226.191.237": {
3283	-	"x86": {
3283	+	"x86": {
3284	-	"BeaconType": "8 (HTTPS)",
3284	+	"BeaconType": "8 (HTTPS)",
3285	-	"Port": "443",
3285	+	"Port": "443",
3286	-	"Polling": "60000",
3286	+	"Polling": "60000",
3287	-	"Jitter": "15",
3287	+	"Jitter": "15",
3288	-	"Maxdns": "255",
3288	+	"Maxdns": "255",
3289	-	"C2 Server": "156.226.191.234,/_/scs/mail-static/_/js/,djiqowenlsakdj.com,/_/scs/mail-static/_/js/",
3289	+	"C2 Server": "156.226.191.234,/_/scs/mail-static/_/js/,djiqowenlsakdj.com,/_/scs/mail-static/_/js/",
3290	-	"User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MALCJS)",
3290	+	"User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MALCJS)",
3291	-	"HTTP Method Path 2": "/mail/u/0/",
3291	+	"HTTP Method Path 2": "/mail/u/0/",
3292	-	"Header1": "",
3292	+	"Header1": "",
3293	-	"Header2": "",
3293	+	"Header2": "",
3294	-	"PipeName": "",
3294	+	"PipeName": "",
3295	-	"DNS Idle": "\\x08\\x08\\x04\\x04",
3295	+	"DNS Idle": "\\x08\\x08\\x04\\x04",
3296	-	"DNS Sleep": "0",
3296	+	"DNS Sleep": "0",
3297	-	"Method1": "GET",
3297	+	"Method1": "GET",
3298	-	"Method2": "POST",
3298	+	"Method2": "POST",
3299	-	"Spawnto_x86": "%windir%\\syswow64\\notepad.exe",
3299	+	"Spawnto_x86": "%windir%\\syswow64\\notepad.exe",
3300	-	"Spawnto_x64": "%windir%\\sysnative\\notepad.exe",
3300	+	"Spawnto_x64": "%windir%\\sysnative\\notepad.exe",
3301	-	"Proxy_AccessType": "2 (Use IE settings)"
3301	+	"Proxy_AccessType": "2 (Use IE settings)"
3302	-	}
3302	+	}
3303	-	},
3303	+	},
3304	-	"157.230.184.142": {
3304	+	"157.230.184.142": {
3305	-	"x86": {
3305	+	"x86": {
3306	-	"BeaconType": "8 (HTTPS)",
3306	+	"BeaconType": "8 (HTTPS)",
3307	-	"Port": "443",
3307	+	"Port": "443",
3308	-	"Polling": "15",
3308	+	"Polling": "15",
3309	-	"Jitter": "20",
3309	+	"Jitter": "20",
3310	-	"Maxdns": "235",
3310	+	"Maxdns": "235",
3311	-	"C2 Server": "157.230.184.142,/5aq/XP/SY75Qyw.htm",
3311	+	"C2 Server": "157.230.184.142,/5aq/XP/SY75Qyw.htm",
3312	-	"User Agent": "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E )",
3312	+	"User Agent": "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E )",
3313	-	"HTTP Method Path 2": "/RCg/vp6rBcQ.htm",
3313	+	"HTTP Method Path 2": "/RCg/vp6rBcQ.htm",
3314	-	"Header1": "",
3314	+	"Header1": "",
3315	-	"Header2": "",
3315	+	"Header2": "",
3316	-	"PipeName": "",
3316	+	"PipeName": "",
3317	-	"DNS Idle": "\\x08\\x08\\x08\\x08",
3317	+	"DNS Idle": "\\x08\\x08\\x08\\x08",
3318	-	"DNS Sleep": "0",
3318	+	"DNS Sleep": "0",
3319	-	"Method1": "GET",
3319	+	"Method1": "GET",
3320	-	"Method2": "GET",
3320	+	"Method2": "GET",
3321	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
3321	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
3322	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
3322	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
3323	-	"Proxy_AccessType": "2 (Use IE settings)"
3323	+	"Proxy_AccessType": "2 (Use IE settings)"
3324	-	}
3324	+	}
3325	-	},
3325	+	},
3326	-	"157.230.239.44": {
3326	+	"157.230.239.44": {
3327	-	"x86": {
3327	+	"x86": {
3328	-	"BeaconType": "8 (HTTPS)",
3328	+	"BeaconType": "8 (HTTPS)",
3329	-	"Port": "443",
3329	+	"Port": "443",
3330	-	"Polling": "63931",
3330	+	"Polling": "63931",
3331	-	"Jitter": "41",
3331	+	"Jitter": "41",
3332	-	"C2 Server": "157.230.239.44,/faq",
3332	+	"C2 Server": "157.230.239.44,/faq",
3333	-	"HTTP Method Path 2": "/lt",
3333	+	"HTTP Method Path 2": "/lt",
3334	-	"Method1": "GET",
3334	+	"Method1": "GET",
3335	-	"Method2": "POST",
3335	+	"Method2": "POST",
3336	-	"Spawnto_x86": "%windir%\\syswow64\\runonce.exe",
3336	+	"Spawnto_x86": "%windir%\\syswow64\\runonce.exe",
3337	-	"Spawnto_x64": "%windir%\\sysnative\\runonce.exe",
3337	+	"Spawnto_x64": "%windir%\\sysnative\\runonce.exe",
3338	-	"Proxy_AccessType": "2 (Use IE settings)"
3338	+	"Proxy_AccessType": "2 (Use IE settings)"
3339	-	}
3339	+	}
3340	-	},
3340	+	},
3341	-	"157.230.81.209": {
3341	+	"157.230.81.209": {
3342	-	"x86": {
3342	+	"x86": {
3343	-	"BeaconType": "8 (HTTPS)",
3343	+	"BeaconType": "8 (HTTPS)",
3344	-	"Port": "443",
3344	+	"Port": "443",
3345	-	"Polling": "15000",
3345	+	"Polling": "15000",
3346	-	"Jitter": "90",
3346	+	"Jitter": "90",
3347	-	"Maxdns": "225",
3347	+	"Maxdns": "225",
3348	-	"C2 Server": "software-download.office.microsoft.com,/updates",
3348	+	"C2 Server": "software-download.office.microsoft.com,/updates",
3349	-	"User Agent": "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko",
3349	+	"User Agent": "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko",
3350	-	"HTTP Method Path 2": "/notification",
3350	+	"HTTP Method Path 2": "/notification",
3351	-	"Header1": "",
3351	+	"Header1": "",
3352	-	"Header2": "",
3352	+	"Header2": "",
3353	-	"PipeName": "",
3353	+	"PipeName": "",
3354	-	"DNS Idle": "h\\xD8<\\x84",
3354	+	"DNS Idle": "h\\xD8<\\x84",
3355	-	"DNS Sleep": "0",
3355	+	"DNS Sleep": "0",
3356	-	"Method1": "GET",
3356	+	"Method1": "GET",
3357	-	"Method2": "POST",
3357	+	"Method2": "POST",
3358	-	"Spawnto_x86": "%windir%\\syswow64\\SearchProtocolHost.exe",
3358	+	"Spawnto_x86": "%windir%\\syswow64\\SearchProtocolHost.exe",
3359	-	"Spawnto_x64": "%windir%\\sysnative\\SearchProtocolHost.exe",
3359	+	"Spawnto_x64": "%windir%\\sysnative\\SearchProtocolHost.exe",
3360	-	"Proxy_AccessType": "2 (Use IE settings)"
3360	+	"Proxy_AccessType": "2 (Use IE settings)"
3361	-	},
3361	+	},
3362	-	"x64": {
3362	+	"x64": {
3363	-	"BeaconType": "8 (HTTPS)",
3363	+	"BeaconType": "8 (HTTPS)",
3364	-	"Port": "443",
3364	+	"Port": "443",
3365	-	"Polling": "15000",
3365	+	"Polling": "15000",
3366	-	"Jitter": "90",
3366	+	"Jitter": "90",
3367	-	"Maxdns": "225",
3367	+	"Maxdns": "225",
3368	-	"C2 Server": "software-download.office.microsoft.com,/updates",
3368	+	"C2 Server": "software-download.office.microsoft.com,/updates",
3369	-	"User Agent": "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko",
3369	+	"User Agent": "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko",
3370	-	"HTTP Method Path 2": "/notification",
3370	+	"HTTP Method Path 2": "/notification",
3371	-	"Header1": "",
3371	+	"Header1": "",
3372	-	"Header2": "",
3372	+	"Header2": "",
3373	-	"PipeName": "",
3373	+	"PipeName": "",
3374	-	"DNS Idle": "h\\xD8<\\x84",
3374	+	"DNS Idle": "h\\xD8<\\x84",
3375	-	"DNS Sleep": "0",
3375	+	"DNS Sleep": "0",
3376	-	"Method1": "GET",
3376	+	"Method1": "GET",
3377	-	"Method2": "POST",
3377	+	"Method2": "POST",
3378	-	"Spawnto_x86": "%windir%\\syswow64\\SearchProtocolHost.exe",
3378	+	"Spawnto_x86": "%windir%\\syswow64\\SearchProtocolHost.exe",
3379	-	"Spawnto_x64": "%windir%\\sysnative\\SearchProtocolHost.exe",
3379	+	"Spawnto_x64": "%windir%\\sysnative\\SearchProtocolHost.exe",
3380	-	"Proxy_AccessType": "2 (Use IE settings)"
3380	+	"Proxy_AccessType": "2 (Use IE settings)"
3381	-	}
3381	+	}
3382	-	},
3382	+	},
3383	-	"159.65.115.160": {
3383	+	"159.65.115.160": {
3384	-	"x86": {
3384	+	"x86": {
3385	-	"BeaconType": "8 (HTTPS)",
3385	+	"BeaconType": "8 (HTTPS)",
3386	-	"Port": "443",
3386	+	"Port": "443",
3387	-	"Polling": "1500",
3387	+	"Polling": "1500",
3388	-	"Jitter": "0",
3388	+	"Jitter": "0",
3389	-	"Maxdns": "255",
3389	+	"Maxdns": "255",
3390	-	"C2 Server": "159.65.115.160,/ocsp/a/",
3390	+	"C2 Server": "159.65.115.160,/ocsp/a/",
3391	-	"User Agent": "Microsoft-CryptoAPI/6.1",
3391	+	"User Agent": "Microsoft-CryptoAPI/6.1",
3392	-	"HTTP Method Path 2": "/ocsp/b/",
3392	+	"HTTP Method Path 2": "/ocsp/b/",
3393	-	"Header1": "",
3393	+	"Header1": "",
3394	-	"Header2": "",
3394	+	"Header2": "",
3395	-	"PipeName": "",
3395	+	"PipeName": "",
3396	-	"DNS Idle": "\\xAC\\xD9\\x10\\x8E",
3396	+	"DNS Idle": "\\xAC\\xD9\\x10\\x8E",
3397	-	"DNS Sleep": "0",
3397	+	"DNS Sleep": "0",
3398	-	"Method1": "GET",
3398	+	"Method1": "GET",
3399	-	"Method2": "POST",
3399	+	"Method2": "POST",
3400	-	"Spawnto_x86": "%windir%\\syswow64\\svchost.exe -k netsvcs",
3400	+	"Spawnto_x86": "%windir%\\syswow64\\svchost.exe -k netsvcs",
3401	-	"Spawnto_x64": "%windir%\\sysnative\\svchost.exe -k netsvcs",
3401	+	"Spawnto_x64": "%windir%\\sysnative\\svchost.exe -k netsvcs",
3402	-	"Proxy_AccessType": "2 (Use IE settings)"
3402	+	"Proxy_AccessType": "2 (Use IE settings)"
3403	-	},
3403	+	},
3404	-	"x64": {
3404	+	"x64": {
3405	-	"BeaconType": "8 (HTTPS)",
3405	+	"BeaconType": "8 (HTTPS)",
3406	-	"Port": "443",
3406	+	"Port": "443",
3407	-	"Polling": "1500",
3407	+	"Polling": "1500",
3408	-	"Jitter": "0",
3408	+	"Jitter": "0",
3409	-	"Maxdns": "255",
3409	+	"Maxdns": "255",
3410	-	"C2 Server": "159.65.115.160,/ocsp/a/",
3410	+	"C2 Server": "159.65.115.160,/ocsp/a/",
3411	-	"User Agent": "Microsoft-CryptoAPI/6.1",
3411	+	"User Agent": "Microsoft-CryptoAPI/6.1",
3412	-	"HTTP Method Path 2": "/ocsp/b/",
3412	+	"HTTP Method Path 2": "/ocsp/b/",
3413	-	"Header1": "",
3413	+	"Header1": "",
3414	-	"Header2": "",
3414	+	"Header2": "",
3415	-	"PipeName": "",
3415	+	"PipeName": "",
3416	-	"DNS Idle": "\\xAC\\xD9\\x10\\x8E",
3416	+	"DNS Idle": "\\xAC\\xD9\\x10\\x8E",
3417	-	"DNS Sleep": "0",
3417	+	"DNS Sleep": "0",
3418	-	"Method1": "GET",
3418	+	"Method1": "GET",
3419	-	"Method2": "POST",
3419	+	"Method2": "POST",
3420	-	"Spawnto_x86": "%windir%\\syswow64\\svchost.exe -k netsvcs",
3420	+	"Spawnto_x86": "%windir%\\syswow64\\svchost.exe -k netsvcs",
3421	-	"Spawnto_x64": "%windir%\\sysnative\\svchost.exe -k netsvcs",
3421	+	"Spawnto_x64": "%windir%\\sysnative\\svchost.exe -k netsvcs",
3422	-	"Proxy_AccessType": "2 (Use IE settings)"
3422	+	"Proxy_AccessType": "2 (Use IE settings)"
3423	-	}
3423	+	}
3424	-	},
3424	+	},
3425	-	"159.65.96.79": {
3425	+	"159.65.96.79": {
3426	-	"x64": {
3426	+	"x64": {
3427	-	"BeaconType": "8 (HTTPS)",
3427	+	"BeaconType": "8 (HTTPS)",
3428	-	"Port": "443",
3428	+	"Port": "443",
3429	-	"Polling": "61924",
3429	+	"Polling": "61924",
3430	-	"Jitter": "43",
3430	+	"Jitter": "43",
3431	-	"C2 Server": "cleerhr.com,/html.js",
3431	+	"C2 Server": "cleerhr.com,/html.js",
3432	-	"HTTP Method Path 2": "/sq",
3432	+	"HTTP Method Path 2": "/sq",
3433	-	"Method1": "GET",
3433	+	"Method1": "GET",
3434	-	"Method2": "POST",
3434	+	"Method2": "POST",
3435	-	"Spawnto_x86": "%windir%\\syswow64\\WUAUCLT.exe",
3435	+	"Spawnto_x86": "%windir%\\syswow64\\WUAUCLT.exe",
3436	-	"Spawnto_x64": "%windir%\\sysnative\\WUAUCLT.exe",
3436	+	"Spawnto_x64": "%windir%\\sysnative\\WUAUCLT.exe",
3437	-	"Proxy_AccessType": "2 (Use IE settings)"
3437	+	"Proxy_AccessType": "2 (Use IE settings)"
3438	-	}
3438	+	}
3439	-	},
3439	+	},
3440	-	"159.89.109.225": {
3440	+	"159.89.109.225": {
3441	-	"x64": {
3441	+	"x64": {
3442	-	"BeaconType": "8 (HTTPS)",
3442	+	"BeaconType": "8 (HTTPS)",
3443	-	"Port": "443",
3443	+	"Port": "443",
3444	-	"Polling": "15000",
3444	+	"Polling": "15000",
3445	-	"Jitter": "23",
3445	+	"Jitter": "23",
3446	-	"Maxdns": "255",
3446	+	"Maxdns": "255",
3447	-	"C2 Server": "159.89.109.225,/sxn/start,104.248.245.41,/sxn/start",
3447	+	"C2 Server": "159.89.109.225,/sxn/start,104.248.245.41,/sxn/start",
3448	-	"User Agent": "Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko",
3448	+	"User Agent": "Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko",
3449	-	"HTTP Method Path 2": "/dd/met7",
3449	+	"HTTP Method Path 2": "/dd/met7",
3450	-	"Header1": "",
3450	+	"Header1": "",
3451	-	"Header2": "",
3451	+	"Header2": "",
3452	-	"PipeName": "",
3452	+	"PipeName": "",
3453	-	"DNS Idle": "\\x00\\x00\\x00\\x00",
3453	+	"DNS Idle": "\\x00\\x00\\x00\\x00",
3454	-	"DNS Sleep": "0",
3454	+	"DNS Sleep": "0",
3455	-	"Method1": "GET",
3455	+	"Method1": "GET",
3456	-	"Method2": "POST",
3456	+	"Method2": "POST",
3457	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
3457	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
3458	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
3458	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
3459	-	"Proxy_AccessType": "2 (Use IE settings)"
3459	+	"Proxy_AccessType": "2 (Use IE settings)"
3460	-	}
3460	+	}
3461	-	},
3461	+	},
3462	-	"159.89.131.233": {
3462	+	"159.89.131.233": {
3463	-	"x86": {
3463	+	"x86": {
3464	-	"BeaconType": "8 (HTTPS)",
3464	+	"BeaconType": "8 (HTTPS)",
3465	-	"Port": "443",
3465	+	"Port": "443",
3466	-	"Polling": "45102",
3466	+	"Polling": "45102",
3467	-	"Jitter": "29",
3467	+	"Jitter": "29",
3468	-	"C2 Server": "milbank.azurewebsites.net,/azure/api",
3468	+	"C2 Server": "milbank.azurewebsites.net,/azure/api",
3469	-	"HTTP Method Path 2": "/azure/us",
3469	+	"HTTP Method Path 2": "/azure/us",
3470	-	"Method1": "GET",
3470	+	"Method1": "GET",
3471	-	"Method2": "POST",
3471	+	"Method2": "POST",
3472	-	"Spawnto_x86": "%windir%\\syswow64\\typeperf.exe",
3472	+	"Spawnto_x86": "%windir%\\syswow64\\typeperf.exe",
3473	-	"Spawnto_x64": "%windir%\\sysnative\\typeperf.exe",
3473	+	"Spawnto_x64": "%windir%\\sysnative\\typeperf.exe",
3474	-	"Proxy_AccessType": "2 (Use IE settings)"
3474	+	"Proxy_AccessType": "2 (Use IE settings)"
3475	-	}
3475	+	}
3476	-	},
3476	+	},
3477	-	"159.89.13.234": {
3477	+	"159.89.13.234": {
3478	-	"x86": {
3478	+	"x86": {
3479	-	"BeaconType": "8 (HTTPS)",
3479	+	"BeaconType": "8 (HTTPS)",
3480	-	"Port": "443",
3480	+	"Port": "443",
3481	-	"Polling": "15000",
3481	+	"Polling": "15000",
3482	-	"Jitter": "90",
3482	+	"Jitter": "90",
3483	-	"Maxdns": "225",
3483	+	"Maxdns": "225",
3484	-	"C2 Server": "yelp.com,/wp-includes/js/script/indigo-migrate",
3484	+	"C2 Server": "yelp.com,/wp-includes/js/script/indigo-migrate",
3485	-	"User Agent": "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko",
3485	+	"User Agent": "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko",
3486	-	"HTTP Method Path 2": "/api2/json/check/ticket",
3486	+	"HTTP Method Path 2": "/api2/json/check/ticket",
3487	-	"Header1": "",
3487	+	"Header1": "",
3488	-	"Header2": "",
3488	+	"Header2": "",
3489	-	"PipeName": "",
3489	+	"PipeName": "",
3490	-	"DNS Idle": "h\\xD8<\\x84",
3490	+	"DNS Idle": "h\\xD8<\\x84",
3491	-	"DNS Sleep": "0",
3491	+	"DNS Sleep": "0",
3492	-	"Method1": "GET",
3492	+	"Method1": "GET",
3493	-	"Method2": "POST",
3493	+	"Method2": "POST",
3494	-	"Spawnto_x86": "%windir%\\syswow64\\SearchProtocolHost.exe",
3494	+	"Spawnto_x86": "%windir%\\syswow64\\SearchProtocolHost.exe",
3495	-	"Spawnto_x64": "%windir%\\sysnative\\SearchProtocolHost.exe",
3495	+	"Spawnto_x64": "%windir%\\sysnative\\SearchProtocolHost.exe",
3496	-	"Proxy_AccessType": "2 (Use IE settings)"
3496	+	"Proxy_AccessType": "2 (Use IE settings)"
3497	-	}
3497	+	}
3498	-	},
3498	+	},
3499	-	"161.35.218.255": {
3499	+	"161.35.218.255": {
3500	-	"x86": {
3500	+	"x86": {
3501	-	"BeaconType": "8 (HTTPS)",
3501	+	"BeaconType": "8 (HTTPS)",
3502	-	"Port": "443",
3502	+	"Port": "443",
3503	-	"Polling": "60000",
3503	+	"Polling": "60000",
3504	-	"Jitter": "0",
3504	+	"Jitter": "0",
3505	-	"C2 Server": "161.35.218.255,/g.pixel",
3505	+	"C2 Server": "161.35.218.255,/g.pixel",
3506	-	"HTTP Method Path 2": "/submit.php",
3506	+	"HTTP Method Path 2": "/submit.php",
3507	-	"Method1": "GET",
3507	+	"Method1": "GET",
3508	-	"Method2": "POST",
3508	+	"Method2": "POST",
3509	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
3509	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
3510	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
3510	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
3511	-	"Proxy_AccessType": "2 (Use IE settings)"
3511	+	"Proxy_AccessType": "2 (Use IE settings)"
3512	-	},
3512	+	},
3513	-	"x64": {
3513	+	"x64": {
3514	-	"BeaconType": "8 (HTTPS)",
3514	+	"BeaconType": "8 (HTTPS)",
3515	-	"Port": "443",
3515	+	"Port": "443",
3516	-	"Polling": "60000",
3516	+	"Polling": "60000",
3517	-	"Jitter": "0",
3517	+	"Jitter": "0",
3518	-	"C2 Server": "161.35.218.255,/dot.gif",
3518	+	"C2 Server": "161.35.218.255,/dot.gif",
3519	-	"HTTP Method Path 2": "/submit.php",
3519	+	"HTTP Method Path 2": "/submit.php",
3520	-	"Method1": "GET",
3520	+	"Method1": "GET",
3521	-	"Method2": "POST",
3521	+	"Method2": "POST",
3522	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
3522	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
3523	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
3523	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
3524	-	"Proxy_AccessType": "2 (Use IE settings)"
3524	+	"Proxy_AccessType": "2 (Use IE settings)"
3525	-	}
3525	+	}
3526	-	},
3526	+	},
3527	-	"161.35.38.97": {
3527	+	"161.35.38.97": {
3528	-	"x64": {
3528	+	"x64": {
3529	-	"BeaconType": "8 (HTTPS)",
3529	+	"BeaconType": "8 (HTTPS)",
3530	-	"Port": "443",
3530	+	"Port": "443",
3531	-	"Polling": "90000",
3531	+	"Polling": "90000",
3532	-	"Jitter": "15",
3532	+	"Jitter": "15",
3533	-	"Maxdns": "212",
3533	+	"Maxdns": "212",
3534	-	"C2 Server": "jscript-cdn.azureedge.net,/npm/[email protected]/dist/jquery.fullpage.min.css",
3534	+	"C2 Server": "jscript-cdn.azureedge.net,/npm/[email protected]/dist/jquery.fullpage.min.css",
3535	-	"User Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.3396.99 Safari/537.36",
3535	+	"User Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.3396.99 Safari/537.36",
3536	-	"HTTP Method Path 2": "/sites/p/b93/googleanalytics/track",
3536	+	"HTTP Method Path 2": "/sites/p/b93/googleanalytics/track",
3537	-	"Header1": "",
3537	+	"Header1": "",
3538	-	"Header2": "",
3538	+	"Header2": "",
3539	-	"PipeName": "",
3539	+	"PipeName": "",
3540	-	"DNS Idle": "h\\x10U\\x14",
3540	+	"DNS Idle": "h\\x10U\\x14",
3541	-	"DNS Sleep": "0",
3541	+	"DNS Sleep": "0",
3542	-	"Method1": "GET",
3542	+	"Method1": "GET",
3543	-	"Method2": "POST",
3543	+	"Method2": "POST",
3544	-	"Spawnto_x86": "%windir%\\syswow64\\gpresult.exe",
3544	+	"Spawnto_x86": "%windir%\\syswow64\\gpresult.exe",
3545	-	"Spawnto_x64": "%windir%\\sysnative\\gpresult.exe",
3545	+	"Spawnto_x64": "%windir%\\sysnative\\gpresult.exe",
3546	-	"Proxy_AccessType": "2 (Use IE settings)"
3546	+	"Proxy_AccessType": "2 (Use IE settings)"
3547	-	}
3547	+	}
3548	-	},
3548	+	},
3549	-	"161.35.51.98": {
3549	+	"161.35.51.98": {
3550	-	"x86": {
3550	+	"x86": {
3551	-	"BeaconType": "8 (HTTPS)",
3551	+	"BeaconType": "8 (HTTPS)",
3552	-	"Port": "443",
3552	+	"Port": "443",
3553	-	"Polling": "53",
3553	+	"Polling": "53",
3554	-	"Jitter": "40",
3554	+	"Jitter": "40",
3555	-	"Maxdns": "255",
3555	+	"Maxdns": "255",
3556	-	"C2 Server": "mscrl.microsoft.com,/feed/Video/c/dynamic/,ajax.microsoft.com,/feed/Video/c/dynamic/",
3556	+	"C2 Server": "mscrl.microsoft.com,/feed/Video/c/dynamic/,ajax.microsoft.com,/feed/Video/c/dynamic/",
3557	-	"User Agent": "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727)",
3557	+	"User Agent": "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727)",
3558	-	"HTTP Method Path 2": "/main/urgent/w/06/",
3558	+	"HTTP Method Path 2": "/main/urgent/w/06/",
3559	-	"Header1": "",
3559	+	"Header1": "",
3560	-	"Header2": "",
3560	+	"Header2": "",
3561	-	"PipeName": "",
3561	+	"PipeName": "",
3562	-	"DNS Idle": "\\x00\\x00\\x00\\x00",
3562	+	"DNS Idle": "\\x00\\x00\\x00\\x00",
3563	-	"DNS Sleep": "0",
3563	+	"DNS Sleep": "0",
3564	-	"Method1": "GET",
3564	+	"Method1": "GET",
3565	-	"Method2": "POST",
3565	+	"Method2": "POST",
3566	-	"Spawnto_x86": "%windir%\\syswow64\\svchost.exe",
3566	+	"Spawnto_x86": "%windir%\\syswow64\\svchost.exe",
3567	-	"Spawnto_x64": "%windir%\\sysnative\\svchost.exe",
3567	+	"Spawnto_x64": "%windir%\\sysnative\\svchost.exe",
3568	-	"Proxy_AccessType": "2 (Use IE settings)"
3568	+	"Proxy_AccessType": "2 (Use IE settings)"
3569	-	}
3569	+	}
3570	-	},
3570	+	},
3571	-	"161.35.6.3": {
3571	+	"161.35.6.3": {
3572	-	"x64": {
3572	+	"x64": {
3573	-	"BeaconType": "8 (HTTPS)",
3573	+	"BeaconType": "8 (HTTPS)",
3574	-	"Port": "443",
3574	+	"Port": "443",
3575	-	"Polling": "60000",
3575	+	"Polling": "60000",
3576	-	"Jitter": "0",
3576	+	"Jitter": "0",
3577	-	"C2 Server": "161.35.6.3,/updates.rss",
3577	+	"C2 Server": "161.35.6.3,/updates.rss",
3578	-	"HTTP Method Path 2": "/submit.php",
3578	+	"HTTP Method Path 2": "/submit.php",
3579	-	"Method1": "GET",
3579	+	"Method1": "GET",
3580	-	"Method2": "POST",
3580	+	"Method2": "POST",
3581	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
3581	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
3582	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
3582	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
3583	-	"Proxy_AccessType": "2 (Use IE settings)"
3583	+	"Proxy_AccessType": "2 (Use IE settings)"
3584	-	}
3584	+	}
3585	-	},
3585	+	},
3586	-	"161.35.76.1": {
3586	+	"161.35.76.1": {
3587	-	"x64": {
3587	+	"x64": {
3588	-	"BeaconType": "8 (HTTPS)",
3588	+	"BeaconType": "8 (HTTPS)",
3589	-	"Port": "443",
3589	+	"Port": "443",
3590	-	"Polling": "1000",
3590	+	"Polling": "1000",
3591	-	"Jitter": "37",
3591	+	"Jitter": "37",
3592	-	"Maxdns": "255",
3592	+	"Maxdns": "255",
3593	-	"C2 Server": "161.35.76.1,/jquery-3.3.1.min.js",
3593	+	"C2 Server": "161.35.76.1,/jquery-3.3.1.min.js",
3594	-	"User Agent": "Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko",
3594	+	"User Agent": "Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko",
3595	-	"HTTP Method Path 2": "/jquery-3.3.2.min.js",
3595	+	"HTTP Method Path 2": "/jquery-3.3.2.min.js",
3596	-	"Header1": "",
3596	+	"Header1": "",
3597	-	"Header2": "",
3597	+	"Header2": "",
3598	-	"PipeName": "",
3598	+	"PipeName": "",
3599	-	"DNS Idle": "J}\\xC4q",
3599	+	"DNS Idle": "J}\\xC4q",
3600	-	"DNS Sleep": "0",
3600	+	"DNS Sleep": "0",
3601	-	"Method1": "GET",
3601	+	"Method1": "GET",
3602	-	"Method2": "POST",
3602	+	"Method2": "POST",
3603	-	"Spawnto_x86": "%windir%\\syswow64\\cmd.exe -k updatehelp",
3603	+	"Spawnto_x86": "%windir%\\syswow64\\cmd.exe -k updatehelp",
3604	-	"Spawnto_x64": "%windir%\\sysnative\\cmd.exe -k updatehelp",
3604	+	"Spawnto_x64": "%windir%\\sysnative\\cmd.exe -k updatehelp",
3605	-	"Proxy_AccessType": "2 (Use IE settings)"
3605	+	"Proxy_AccessType": "2 (Use IE settings)"
3606	-	}
3606	+	}
3607	-	},
3607	+	},
3608	-	"161.35.81.119": {
3608	+	"161.35.81.119": {
3609	-	"x86": {
3609	+	"x86": {
3610	-	"BeaconType": "8 (HTTPS)",
3610	+	"BeaconType": "8 (HTTPS)",
3611	-	"Port": "443",
3611	+	"Port": "443",
3612	-	"Polling": "15000",
3612	+	"Polling": "15000",
3613	-	"Jitter": "90",
3613	+	"Jitter": "90",
3614	-	"Maxdns": "225",
3614	+	"Maxdns": "225",
3615	-	"C2 Server": "bbc.com,/en-us/p/onerf/MeSilentPassport",
3615	+	"C2 Server": "bbc.com,/en-us/p/onerf/MeSilentPassport",
3616	-	"User Agent": "Microsoft BITS/7.8",
3616	+	"User Agent": "Microsoft BITS/7.8",
3617	-	"HTTP Method Path 2": "/1.5/95648064/storage/tabs",
3617	+	"HTTP Method Path 2": "/1.5/95648064/storage/tabs",
3618	-	"Header1": "",
3618	+	"Header1": "",
3619	-	"Header2": "",
3619	+	"Header2": "",
3620	-	"PipeName": "",
3620	+	"PipeName": "",
3621	-	"DNS Idle": "\\xBC\\xA6\\x0Ee",
3621	+	"DNS Idle": "\\xBC\\xA6\\x0Ee",
3622	-	"DNS Sleep": "0",
3622	+	"DNS Sleep": "0",
3623	-	"Method1": "GET",
3623	+	"Method1": "GET",
3624	-	"Method2": "POST",
3624	+	"Method2": "POST",
3625	-	"Spawnto_x86": "%windir%\\syswow64\\SearchProtocolHost.exe",
3625	+	"Spawnto_x86": "%windir%\\syswow64\\SearchProtocolHost.exe",
3626	-	"Spawnto_x64": "%windir%\\sysnative\\SearchProtocolHost.exe",
3626	+	"Spawnto_x64": "%windir%\\sysnative\\SearchProtocolHost.exe",
3627	-	"Proxy_AccessType": "2 (Use IE settings)"
3627	+	"Proxy_AccessType": "2 (Use IE settings)"
3628	-	},
3628	+	},
3629	-	"x64": {
3629	+	"x64": {
3630	-	"BeaconType": "8 (HTTPS)",
3630	+	"BeaconType": "8 (HTTPS)",
3631	-	"Port": "443",
3631	+	"Port": "443",
3632	-	"Polling": "15000",
3632	+	"Polling": "15000",
3633	-	"Jitter": "90",
3633	+	"Jitter": "90",
3634	-	"Maxdns": "225",
3634	+	"Maxdns": "225",
3635	-	"C2 Server": "bbc.com,/en-us/p/book-2/8MCPZJJCC98C",
3635	+	"C2 Server": "bbc.com,/en-us/p/book-2/8MCPZJJCC98C",
3636	-	"User Agent": "Microsoft BITS/7.8",
3636	+	"User Agent": "Microsoft BITS/7.8",
3637	-	"HTTP Method Path 2": "/v1/stats",
3637	+	"HTTP Method Path 2": "/v1/stats",
3638	-	"Header1": "",
3638	+	"Header1": "",
3639	-	"Header2": "",
3639	+	"Header2": "",
3640	-	"PipeName": "",
3640	+	"PipeName": "",
3641	-	"DNS Idle": "\\xBC\\xA6\\x0Ee",
3641	+	"DNS Idle": "\\xBC\\xA6\\x0Ee",
3642	-	"DNS Sleep": "0",
3642	+	"DNS Sleep": "0",
3643	-	"Method1": "GET",
3643	+	"Method1": "GET",
3644	-	"Method2": "POST",
3644	+	"Method2": "POST",
3645	-	"Spawnto_x86": "%windir%\\syswow64\\SearchProtocolHost.exe",
3645	+	"Spawnto_x86": "%windir%\\syswow64\\SearchProtocolHost.exe",
3646	-	"Spawnto_x64": "%windir%\\sysnative\\SearchProtocolHost.exe",
3646	+	"Spawnto_x64": "%windir%\\sysnative\\SearchProtocolHost.exe",
3647	-	"Proxy_AccessType": "2 (Use IE settings)"
3647	+	"Proxy_AccessType": "2 (Use IE settings)"
3648	-	}
3648	+	}
3649	-	},
3649	+	},
3650	-	"161.35.99.14": {
3650	+	"161.35.99.14": {
3651	-	"x86": {
3651	+	"x86": {
3652	-	"BeaconType": "8 (HTTPS)",
3652	+	"BeaconType": "8 (HTTPS)",
3653	-	"Port": "443",
3653	+	"Port": "443",
3654	-	"Polling": "5000",
3654	+	"Polling": "5000",
3655	-	"Jitter": "37",
3655	+	"Jitter": "37",
3656	-	"C2 Server": "161.35.99.14,/jquery-3.3.1.min.js",
3656	+	"C2 Server": "161.35.99.14,/jquery-3.3.1.min.js",
3657	-	"HTTP Method Path 2": "/jquery-3.3.2.min.js",
3657	+	"HTTP Method Path 2": "/jquery-3.3.2.min.js",
3658	-	"Method1": "GET",
3658	+	"Method1": "GET",
3659	-	"Method2": "POST",
3659	+	"Method2": "POST",
3660	-	"Spawnto_x86": "%windir%\\syswow64\\dllhost.exe",
3660	+	"Spawnto_x86": "%windir%\\syswow64\\dllhost.exe",
3661	-	"Spawnto_x64": "%windir%\\sysnative\\dllhost.exe",
3661	+	"Spawnto_x64": "%windir%\\sysnative\\dllhost.exe",
3662	-	"Proxy_AccessType": "2 (Use IE settings)"
3662	+	"Proxy_AccessType": "2 (Use IE settings)"
3663	-	}
3663	+	}
3664	-	},
3664	+	},
3665	-	"162.241.127.180": {
3665	+	"162.241.127.180": {
3666	-	"x86": {
3666	+	"x86": {
3667	-	"BeaconType": "8 (HTTPS)",
3667	+	"BeaconType": "8 (HTTPS)",
3668	-	"Port": "443",
3668	+	"Port": "443",
3669	-	"Polling": "60000",
3669	+	"Polling": "60000",
3670	-	"Jitter": "0",
3670	+	"Jitter": "0",
3671	-	"Maxdns": "255",
3671	+	"Maxdns": "255",
3672	-	"C2 Server": "162.241.127.180,/j.ad",
3672	+	"C2 Server": "162.241.127.180,/j.ad",
3673	-	"User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; BOIE9;NLNL)",
3673	+	"User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; BOIE9;NLNL)",
3674	-	"HTTP Method Path 2": "/submit.php",
3674	+	"HTTP Method Path 2": "/submit.php",
3675	-	"Header1": "",
3675	+	"Header1": "",
3676	-	"Header2": "",
3676	+	"Header2": "",
3677	-	"PipeName": "",
3677	+	"PipeName": "",
3678	-	"DNS Idle": "\\x00\\x00\\x00\\x00",
3678	+	"DNS Idle": "\\x00\\x00\\x00\\x00",
3679	-	"DNS Sleep": "0",
3679	+	"DNS Sleep": "0",
3680	-	"Method1": "GET",
3680	+	"Method1": "GET",
3681	-	"Method2": "POST",
3681	+	"Method2": "POST",
3682	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
3682	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
3683	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
3683	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
3684	-	"Proxy_AccessType": "2 (Use IE settings)"
3684	+	"Proxy_AccessType": "2 (Use IE settings)"
3685	-	},
3685	+	},
3686	-	"x64": {
3686	+	"x64": {
3687	-	"BeaconType": "8 (HTTPS)",
3687	+	"BeaconType": "8 (HTTPS)",
3688	-	"Port": "443",
3688	+	"Port": "443",
3689	-	"Polling": "60000",
3689	+	"Polling": "60000",
3690	-	"Jitter": "0",
3690	+	"Jitter": "0",
3691	-	"Maxdns": "255",
3691	+	"Maxdns": "255",
3692	-	"C2 Server": "162.241.127.180,/activity",
3692	+	"C2 Server": "162.241.127.180,/activity",
3693	-	"User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; BOIE9;ENCA)",
3693	+	"User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; BOIE9;ENCA)",
3694	-	"HTTP Method Path 2": "/submit.php",
3694	+	"HTTP Method Path 2": "/submit.php",
3695	-	"Header1": "",
3695	+	"Header1": "",
3696	-	"Header2": "",
3696	+	"Header2": "",
3697	-	"PipeName": "",
3697	+	"PipeName": "",
3698	-	"DNS Idle": "\\x00\\x00\\x00\\x00",
3698	+	"DNS Idle": "\\x00\\x00\\x00\\x00",
3699	-	"DNS Sleep": "0",
3699	+	"DNS Sleep": "0",
3700	-	"Method1": "GET",
3700	+	"Method1": "GET",
3701	-	"Method2": "POST",
3701	+	"Method2": "POST",
3702	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
3702	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
3703	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
3703	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
3704	-	"Proxy_AccessType": "2 (Use IE settings)"
3704	+	"Proxy_AccessType": "2 (Use IE settings)"
3705	-	}
3705	+	}
3706	-	},
3706	+	},
3707	-	"162.241.65.121": {
3707	+	"162.241.65.121": {
3708	-	"x86": {
3708	+	"x86": {
3709	-	"BeaconType": "8 (HTTPS)",
3709	+	"BeaconType": "8 (HTTPS)",
3710	-	"Port": "443",
3710	+	"Port": "443",
3711	-	"Polling": "60000",
3711	+	"Polling": "60000",
3712	-	"Jitter": "0",
3712	+	"Jitter": "0",
3713	-	"Maxdns": "255",
3713	+	"Maxdns": "255",
3714	-	"C2 Server": "162.241.65.121,/cx",
3714	+	"C2 Server": "162.241.65.121,/cx",
3715	-	"User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)",
3715	+	"User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)",
3716	-	"HTTP Method Path 2": "/submit.php",
3716	+	"HTTP Method Path 2": "/submit.php",
3717	-	"Header1": "",
3717	+	"Header1": "",
3718	-	"Header2": "",
3718	+	"Header2": "",
3719	-	"PipeName": "",
3719	+	"PipeName": "",
3720	-	"DNS Idle": "\\x00\\x00\\x00\\x00",
3720	+	"DNS Idle": "\\x00\\x00\\x00\\x00",
3721	-	"DNS Sleep": "0",
3721	+	"DNS Sleep": "0",
3722	-	"Method1": "GET",
3722	+	"Method1": "GET",
3723	-	"Method2": "POST",
3723	+	"Method2": "POST",
3724	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
3724	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
3725	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
3725	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
3726	-	"Proxy_AccessType": "2 (Use IE settings)"
3726	+	"Proxy_AccessType": "2 (Use IE settings)"
3727	-	}
3727	+	}
3728	-	},
3728	+	},
3729	-	"162.248.210.234": {
3729	+	"162.248.210.234": {
3730	-	"x64": {
3730	+	"x64": {
3731	-	"BeaconType": "8 (HTTPS)",
3731	+	"BeaconType": "8 (HTTPS)",
3732	-	"Port": "443",
3732	+	"Port": "443",
3733	-	"Polling": "5000",
3733	+	"Polling": "5000",
3734	-	"Jitter": "10",
3734	+	"Jitter": "10",
3735	-	"Maxdns": "235",
3735	+	"Maxdns": "235",
3736	-	"C2 Server": "wavetips.com,/us/ky/louisville/312-s-fourth-st.html",
3736	+	"C2 Server": "wavetips.com,/us/ky/louisville/312-s-fourth-st.html",
3737	-	"User Agent": "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko)",
3737	+	"User Agent": "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko)",
3738	-	"HTTP Method Path 2": "/OrderEntryService.asmx/AddOrderLine",
3738	+	"HTTP Method Path 2": "/OrderEntryService.asmx/AddOrderLine",
3739	-	"Header1": "",
3739	+	"Header1": "",
3740	-	"Header2": "",
3740	+	"Header2": "",
3741	-	"PipeName": "",
3741	+	"PipeName": "",
3742	-	"DNS Idle": "\\x08\\x08\\x08\\x08",
3742	+	"DNS Idle": "\\x08\\x08\\x08\\x08",
3743	-	"DNS Sleep": "0",
3743	+	"DNS Sleep": "0",
3744	-	"Method1": "GET",
3744	+	"Method1": "GET",
3745	-	"Method2": "POST",
3745	+	"Method2": "POST",
3746	-	"Spawnto_x86": "%windir%\\syswow64\\mstsc.exe",
3746	+	"Spawnto_x86": "%windir%\\syswow64\\mstsc.exe",
3747	-	"Spawnto_x64": "%windir%\\sysnative\\mstsc.exe",
3747	+	"Spawnto_x64": "%windir%\\sysnative\\mstsc.exe",
3748	-	"Proxy_AccessType": "2 (Use IE settings)"
3748	+	"Proxy_AccessType": "2 (Use IE settings)"
3749	-	}
3749	+	}
3750	-	},
3750	+	},
3751	-	"162.254.204.222": {
3751	+	"162.254.204.222": {
3752	-	"x86": {
3752	+	"x86": {
3753	-	"BeaconType": "8 (HTTPS)",
3753	+	"BeaconType": "8 (HTTPS)",
3754	-	"Port": "443",
3754	+	"Port": "443",
3755	-	"Polling": "13500",
3755	+	"Polling": "13500",
3756	-	"Jitter": "27",
3756	+	"Jitter": "27",
3757	-	"Maxdns": "255",
3757	+	"Maxdns": "255",
3758	-	"C2 Server": "mstronestia.me,/maps/overlaybfpr",
3758	+	"C2 Server": "mstronestia.me,/maps/overlaybfpr",
3759	-	"User Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36",
3759	+	"User Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36",
3760	-	"HTTP Method Path 2": "/fd/ls/lsp.aspx",
3760	+	"HTTP Method Path 2": "/fd/ls/lsp.aspx",
3761	-	"Header1": "",
3761	+	"Header1": "",
3762	-	"Header2": "",
3762	+	"Header2": "",
3763	-	"PipeName": "",
3763	+	"PipeName": "",
3764	-	"DNS Idle": "\\x00\\x00\\x00\\x00",
3764	+	"DNS Idle": "\\x00\\x00\\x00\\x00",
3765	-	"DNS Sleep": "0",
3765	+	"DNS Sleep": "0",
3766	-	"Method1": "GET",
3766	+	"Method1": "GET",
3767	-	"Method2": "POST",
3767	+	"Method2": "POST",
3768	-	"Spawnto_x86": "%windir%\\syswow64\\gpupdate.exe",
3768	+	"Spawnto_x86": "%windir%\\syswow64\\gpupdate.exe",
3769	-	"Spawnto_x64": "%windir%\\sysnative\\gpupdate.exe",
3769	+	"Spawnto_x64": "%windir%\\sysnative\\gpupdate.exe",
3770	-	"Proxy_AccessType": "2 (Use IE settings)"
3770	+	"Proxy_AccessType": "2 (Use IE settings)"
3771	-	}
3771	+	}
3772	-	},
3772	+	},
3773	-	"165.22.37.148": {
3773	+	"165.22.37.148": {
3774	-	"x86": {
3774	+	"x86": {
3775	-	"BeaconType": "8 (HTTPS)",
3775	+	"BeaconType": "8 (HTTPS)",
3776	-	"Port": "443",
3776	+	"Port": "443",
3777	-	"Polling": "12000",
3777	+	"Polling": "12000",
3778	-	"Jitter": "35",
3778	+	"Jitter": "35",
3779	-	"C2 Server": "update03.microsoft-essentials.com,/u/vercheck,165.22.37.148,/u/vercheck",
3779	+	"C2 Server": "update03.microsoft-essentials.com,/u/vercheck,165.22.37.148,/u/vercheck",
3780	-	"HTTP Method Path 2": "/u/version_status",
3780	+	"HTTP Method Path 2": "/u/version_status",
3781	-	"Method1": "GET",
3781	+	"Method1": "GET",
3782	-	"Method2": "POST",
3782	+	"Method2": "POST",
3783	-	"Spawnto_x86": "%windir%\\syswow64\\svchost.exe -k netsvcs",
3783	+	"Spawnto_x86": "%windir%\\syswow64\\svchost.exe -k netsvcs",
3784	-	"Spawnto_x64": "%windir%\\sysnative\\svchost.exe -k netsvcs",
3784	+	"Spawnto_x64": "%windir%\\sysnative\\svchost.exe -k netsvcs",
3785	-	"Proxy_AccessType": "2 (Use IE settings)"
3785	+	"Proxy_AccessType": "2 (Use IE settings)"
3786	-	}
3786	+	}
3787	-	},
3787	+	},
3788	-	"165.227.85.160": {
3788	+	"165.227.85.160": {
3789	-	"x86": {
3789	+	"x86": {
3790	-	"BeaconType": "8 (HTTPS)",
3790	+	"BeaconType": "8 (HTTPS)",
3791	-	"Port": "443",
3791	+	"Port": "443",
3792	-	"Polling": "60000",
3792	+	"Polling": "60000",
3793	-	"Jitter": "0",
3793	+	"Jitter": "0",
3794	-	"Maxdns": "255",
3794	+	"Maxdns": "255",
3795	-	"C2 Server": "165.227.85.160,/__utm.gif",
3795	+	"C2 Server": "165.227.85.160,/__utm.gif",
3796	-	"User Agent": "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0)",
3796	+	"User Agent": "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0)",
3797	-	"HTTP Method Path 2": "/submit.php",
3797	+	"HTTP Method Path 2": "/submit.php",
3798	-	"Header1": "",
3798	+	"Header1": "",
3799	-	"Header2": "",
3799	+	"Header2": "",
3800	-	"PipeName": "",
3800	+	"PipeName": "",
3801	-	"DNS Idle": "\\x00\\x00\\x00\\x00",
3801	+	"DNS Idle": "\\x00\\x00\\x00\\x00",
3802	-	"DNS Sleep": "0",
3802	+	"DNS Sleep": "0",
3803	-	"Method1": "GET",
3803	+	"Method1": "GET",
3804	-	"Method2": "POST",
3804	+	"Method2": "POST",
3805	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
3805	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
3806	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
3806	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
3807	-	"Proxy_AccessType": "2 (Use IE settings)"
3807	+	"Proxy_AccessType": "2 (Use IE settings)"
3808	-	},
3808	+	},
3809	-	"x64": {
3809	+	"x64": {
3810	-	"BeaconType": "8 (HTTPS)",
3810	+	"BeaconType": "8 (HTTPS)",
3811	-	"Port": "443",
3811	+	"Port": "443",
3812	-	"Polling": "60000",
3812	+	"Polling": "60000",
3813	-	"Jitter": "0",
3813	+	"Jitter": "0",
3814	-	"Maxdns": "255",
3814	+	"Maxdns": "255",
3815	-	"C2 Server": "165.227.85.160,/match",
3815	+	"C2 Server": "165.227.85.160,/match",
3816	-	"User Agent": "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)",
3816	+	"User Agent": "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)",
3817	-	"HTTP Method Path 2": "/submit.php",
3817	+	"HTTP Method Path 2": "/submit.php",
3818	-	"Header1": "",
3818	+	"Header1": "",
3819	-	"Header2": "",
3819	+	"Header2": "",
3820	-	"PipeName": "",
3820	+	"PipeName": "",
3821	-	"DNS Idle": "\\x00\\x00\\x00\\x00",
3821	+	"DNS Idle": "\\x00\\x00\\x00\\x00",
3822	-	"DNS Sleep": "0",
3822	+	"DNS Sleep": "0",
3823	-	"Method1": "GET",
3823	+	"Method1": "GET",
3824	-	"Method2": "POST",
3824	+	"Method2": "POST",
3825	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
3825	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
3826	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
3826	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
3827	-	"Proxy_AccessType": "2 (Use IE settings)"
3827	+	"Proxy_AccessType": "2 (Use IE settings)"
3828	-	}
3828	+	}
3829	-	},
3829	+	},
3830	-	"165.22.8.172": {
3830	+	"165.22.8.172": {
3831	-	"x86": {
3831	+	"x86": {
3832	-	"BeaconType": "8 (HTTPS)",
3832	+	"BeaconType": "8 (HTTPS)",
3833	-	"Port": "443",
3833	+	"Port": "443",
3834	-	"Polling": "48",
3834	+	"Polling": "48",
3835	-	"Jitter": "79",
3835	+	"Jitter": "79",
3836	-	"C2 Server": "silicontechgroup.com,/content/latest/i/updateonScroll/",
3836	+	"C2 Server": "silicontechgroup.com,/content/latest/i/updateonScroll/",
3837	-	"HTTP Method Path 2": "/all/hot/0t/1/",
3837	+	"HTTP Method Path 2": "/all/hot/0t/1/",
3838	-	"Method1": "GET",
3838	+	"Method1": "GET",
3839	-	"Method2": "POST",
3839	+	"Method2": "POST",
3840	-	"Spawnto_x86": "%windir%\\syswow64\\werfault.exe",
3840	+	"Spawnto_x86": "%windir%\\syswow64\\werfault.exe",
3841	-	"Spawnto_x64": "%windir%\\sysnative\\werfault.exe",
3841	+	"Spawnto_x64": "%windir%\\sysnative\\werfault.exe",
3842	-	"Proxy_AccessType": "2 (Use IE settings)"
3842	+	"Proxy_AccessType": "2 (Use IE settings)"
3843	-	}
3843	+	}
3844	-	},
3844	+	},
3845	-	"167.172.203.162": {
3845	+	"167.172.203.162": {
3846	-	"x64": {
3846	+	"x64": {
3847	-	"BeaconType": "8 (HTTPS)",
3847	+	"BeaconType": "8 (HTTPS)",
3848	-	"Port": "443",
3848	+	"Port": "443",
3849	-	"Polling": "15000",
3849	+	"Polling": "15000",
3850	-	"Jitter": "90",
3850	+	"Jitter": "90",
3851	-	"C2 Server": "ajax.microsoft.com,/v4/links/activity-stream",
3851	+	"C2 Server": "ajax.microsoft.com,/v4/links/activity-stream",
3852	-	"HTTP Method Path 2": "/api2/json/check/ticket",
3852	+	"HTTP Method Path 2": "/api2/json/check/ticket",
3853	-	"Method1": "GET",
3853	+	"Method1": "GET",
3854	-	"Method2": "POST",
3854	+	"Method2": "POST",
3855	-	"Spawnto_x86": "%windir%\\syswow64\\SearchProtocolHost.exe",
3855	+	"Spawnto_x86": "%windir%\\syswow64\\SearchProtocolHost.exe",
3856	-	"Spawnto_x64": "%windir%\\sysnative\\SearchProtocolHost.exe",
3856	+	"Spawnto_x64": "%windir%\\sysnative\\SearchProtocolHost.exe",
3857	-	"Proxy_AccessType": "2 (Use IE settings)"
3857	+	"Proxy_AccessType": "2 (Use IE settings)"
3858	-	}
3858	+	}
3859	-	},
3859	+	},
3860	-	"167.172.217.69": {
3860	+	"167.172.217.69": {
3861	-	"x64": {
3861	+	"x64": {
3862	-	"BeaconType": "8 (HTTPS)",
3862	+	"BeaconType": "8 (HTTPS)",
3863	-	"Port": "443",
3863	+	"Port": "443",
3864	-	"Polling": "45000",
3864	+	"Polling": "45000",
3865	-	"Jitter": "37",
3865	+	"Jitter": "37",
3866	-	"C2 Server": "xifin.co,/jquery-3.3.1.min.js",
3866	+	"C2 Server": "xifin.co,/jquery-3.3.1.min.js",
3867	-	"HTTP Method Path 2": "/jquery-3.3.2.min.js",
3867	+	"HTTP Method Path 2": "/jquery-3.3.2.min.js",
3868	-	"Method1": "GET",
3868	+	"Method1": "GET",
3869	-	"Method2": "POST",
3869	+	"Method2": "POST",
3870	-	"Spawnto_x86": "%windir%\\syswow64\\dllhost.exe",
3870	+	"Spawnto_x86": "%windir%\\syswow64\\dllhost.exe",
3871	-	"Spawnto_x64": "%windir%\\sysnative\\dllhost.exe",
3871	+	"Spawnto_x64": "%windir%\\sysnative\\dllhost.exe",
3872	-	"Proxy_AccessType": "2 (Use IE settings)"
3872	+	"Proxy_AccessType": "2 (Use IE settings)"
3873	-	}
3873	+	}
3874	-	},
3874	+	},
3875	-	"167.179.87.86": {
3875	+	"167.179.87.86": {
3876	-	"x64": {
3876	+	"x64": {
3877	-	"BeaconType": "8 (HTTPS)",
3877	+	"BeaconType": "8 (HTTPS)",
3878	-	"Port": "443",
3878	+	"Port": "443",
3879	-	"Polling": "60000",
3879	+	"Polling": "60000",
3880	-	"Jitter": "0",
3880	+	"Jitter": "0",
3881	-	"Maxdns": "255",
3881	+	"Maxdns": "255",
3882	-	"C2 Server": "167.179.87.86,/g.pixel",
3882	+	"C2 Server": "167.179.87.86,/g.pixel",
3883	-	"User Agent": "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; WOW64; Trident/6.0; BOIE9;ENUS)",
3883	+	"User Agent": "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; WOW64; Trident/6.0; BOIE9;ENUS)",
3884	-	"HTTP Method Path 2": "/submit.php",
3884	+	"HTTP Method Path 2": "/submit.php",
3885	-	"Header1": "",
3885	+	"Header1": "",
3886	-	"Header2": "",
3886	+	"Header2": "",
3887	-	"PipeName": "",
3887	+	"PipeName": "",
3888	-	"DNS Idle": "\\x00\\x00\\x00\\x00",
3888	+	"DNS Idle": "\\x00\\x00\\x00\\x00",
3889	-	"DNS Sleep": "0",
3889	+	"DNS Sleep": "0",
3890	-	"Method1": "GET",
3890	+	"Method1": "GET",
3891	-	"Method2": "POST",
3891	+	"Method2": "POST",
3892	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
3892	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
3893	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
3893	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
3894	-	"Proxy_AccessType": "2 (Use IE settings)"
3894	+	"Proxy_AccessType": "2 (Use IE settings)"
3895	-	}
3895	+	}
3896	-	},
3896	+	},
3897	-	"167.179.96.215": {
3897	+	"167.179.96.215": {
3898	-	"x64": {
3898	+	"x64": {
3899	-	"BeaconType": "8 (HTTPS)",
3899	+	"BeaconType": "8 (HTTPS)",
3900	-	"Port": "443",
3900	+	"Port": "443",
3901	-	"Polling": "9800",
3901	+	"Polling": "9800",
3902	-	"Jitter": "26",
3902	+	"Jitter": "26",
3903	-	"Maxdns": "235",
3903	+	"Maxdns": "235",
3904	-	"C2 Server": "167.179.96.215,/cdn/heartbeat",
3904	+	"C2 Server": "167.179.96.215,/cdn/heartbeat",
3905	-	"User Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:76.0) Gecko/20100101 Firefox/76.0",
3905	+	"User Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:76.0) Gecko/20100101 Firefox/76.0",
3906	-	"HTTP Method Path 2": "/cdn/update",
3906	+	"HTTP Method Path 2": "/cdn/update",
3907	-	"Header1": "",
3907	+	"Header1": "",
3908	-	"Header2": "",
3908	+	"Header2": "",
3909	-	"PipeName": "",
3909	+	"PipeName": "",
3910	-	"DNS Idle": "\\x08\\x08\\x04\\x04",
3910	+	"DNS Idle": "\\x08\\x08\\x04\\x04",
3911	-	"DNS Sleep": "0",
3911	+	"DNS Sleep": "0",
3912	-	"Method1": "GET",
3912	+	"Method1": "GET",
3913	-	"Method2": "POST",
3913	+	"Method2": "POST",
3914	-	"Spawnto_x86": "%windir%\\syswow64\\svchost.exe -k netsvcs",
3914	+	"Spawnto_x86": "%windir%\\syswow64\\svchost.exe -k netsvcs",
3915	-	"Spawnto_x64": "%windir%\\sysnative\\svchost.exe -k netsvcs",
3915	+	"Spawnto_x64": "%windir%\\sysnative\\svchost.exe -k netsvcs",
3916	-	"Proxy_AccessType": "2 (Use IE settings)"
3916	+	"Proxy_AccessType": "2 (Use IE settings)"
3917	-	}
3917	+	}
3918	-	},
3918	+	},
3919	-	"167.71.145.204": {
3919	+	"167.71.145.204": {
3920	-	"x86": {
3920	+	"x86": {
3921	-	"BeaconType": "8 (HTTPS)",
3921	+	"BeaconType": "8 (HTTPS)",
3922	-	"Port": "443",
3922	+	"Port": "443",
3923	-	"Polling": "45000",
3923	+	"Polling": "45000",
3924	-	"Jitter": "37",
3924	+	"Jitter": "37",
3925	-	"C2 Server": "1shop4health.com,/jquery-3.3.1.min.js",
3925	+	"C2 Server": "1shop4health.com,/jquery-3.3.1.min.js",
3926	-	"HTTP Method Path 2": "/jquery-3.3.2.min.js",
3926	+	"HTTP Method Path 2": "/jquery-3.3.2.min.js",
3927	-	"Method1": "GET",
3927	+	"Method1": "GET",
3928	-	"Method2": "POST",
3928	+	"Method2": "POST",
3929	-	"Spawnto_x86": "%windir%\\syswow64\\dllhost.exe",
3929	+	"Spawnto_x86": "%windir%\\syswow64\\dllhost.exe",
3930	-	"Spawnto_x64": "%windir%\\sysnative\\dllhost.exe",
3930	+	"Spawnto_x64": "%windir%\\sysnative\\dllhost.exe",
3931	-	"Proxy_AccessType": "2 (Use IE settings)"
3931	+	"Proxy_AccessType": "2 (Use IE settings)"
3932	-	},
3932	+	},
3933	-	"x64": {
3933	+	"x64": {
3934	-	"BeaconType": "8 (HTTPS)",
3934	+	"BeaconType": "8 (HTTPS)",
3935	-	"Port": "443",
3935	+	"Port": "443",
3936	-	"Polling": "45000",
3936	+	"Polling": "45000",
3937	-	"Jitter": "37",
3937	+	"Jitter": "37",
3938	-	"C2 Server": "1shop4health.com,/jquery-3.3.1.min.js",
3938	+	"C2 Server": "1shop4health.com,/jquery-3.3.1.min.js",
3939	-	"HTTP Method Path 2": "/jquery-3.3.2.min.js",
3939	+	"HTTP Method Path 2": "/jquery-3.3.2.min.js",
3940	-	"Method1": "GET",
3940	+	"Method1": "GET",
3941	-	"Method2": "POST",
3941	+	"Method2": "POST",
3942	-	"Spawnto_x86": "%windir%\\syswow64\\dllhost.exe",
3942	+	"Spawnto_x86": "%windir%\\syswow64\\dllhost.exe",
3943	-	"Spawnto_x64": "%windir%\\sysnative\\dllhost.exe",
3943	+	"Spawnto_x64": "%windir%\\sysnative\\dllhost.exe",
3944	-	"Proxy_AccessType": "2 (Use IE settings)"
3944	+	"Proxy_AccessType": "2 (Use IE settings)"
3945	-	}
3945	+	}
3946	-	},
3946	+	},
3947	-	"167.71.244.25": {
3947	+	"167.71.244.25": {
3948	-	"x86": {
3948	+	"x86": {
3949	-	"BeaconType": "8 (HTTPS)",
3949	+	"BeaconType": "8 (HTTPS)",
3950	-	"Port": "443",
3950	+	"Port": "443",
3951	-	"Polling": "15000",
3951	+	"Polling": "15000",
3952	-	"Jitter": "90",
3952	+	"Jitter": "90",
3953	-	"C2 Server": "ajax.microsoft.com,/wp-content/themes/am43-6/dist/records",
3953	+	"C2 Server": "ajax.microsoft.com,/wp-content/themes/am43-6/dist/records",
3954	-	"HTTP Method Path 2": "/ev/ext001001",
3954	+	"HTTP Method Path 2": "/ev/ext001001",
3955	-	"Method1": "GET",
3955	+	"Method1": "GET",
3956	-	"Method2": "POST",
3956	+	"Method2": "POST",
3957	-	"Spawnto_x86": "%windir%\\syswow64\\SearchProtocolHost.exe",
3957	+	"Spawnto_x86": "%windir%\\syswow64\\SearchProtocolHost.exe",
3958	-	"Spawnto_x64": "%windir%\\sysnative\\SearchProtocolHost.exe",
3958	+	"Spawnto_x64": "%windir%\\sysnative\\SearchProtocolHost.exe",
3959	-	"Proxy_AccessType": "2 (Use IE settings)"
3959	+	"Proxy_AccessType": "2 (Use IE settings)"
3960	-	},
3960	+	},
3961	-	"x64": {
3961	+	"x64": {
3962	-	"BeaconType": "8 (HTTPS)",
3962	+	"BeaconType": "8 (HTTPS)",
3963	-	"Port": "443",
3963	+	"Port": "443",
3964	-	"Polling": "15000",
3964	+	"Polling": "15000",
3965	-	"Jitter": "90",
3965	+	"Jitter": "90",
3966	-	"C2 Server": "ajax.microsoft.com,/api2/json/cluster/resources",
3966	+	"C2 Server": "ajax.microsoft.com,/api2/json/cluster/resources",
3967	-	"HTTP Method Path 2": "/gp/aw/ybh/handlers",
3967	+	"HTTP Method Path 2": "/gp/aw/ybh/handlers",
3968	-	"Method1": "GET",
3968	+	"Method1": "GET",
3969	-	"Method2": "POST",
3969	+	"Method2": "POST",
3970	-	"Spawnto_x86": "%windir%\\syswow64\\SearchProtocolHost.exe",
3970	+	"Spawnto_x86": "%windir%\\syswow64\\SearchProtocolHost.exe",
3971	-	"Spawnto_x64": "%windir%\\sysnative\\SearchProtocolHost.exe",
3971	+	"Spawnto_x64": "%windir%\\sysnative\\SearchProtocolHost.exe",
3972	-	"Proxy_AccessType": "2 (Use IE settings)"
3972	+	"Proxy_AccessType": "2 (Use IE settings)"
3973	-	}
3973	+	}
3974	-	},
3974	+	},
3975	-	"167.99.197.196": {
3975	+	"167.99.197.196": {
3976	-	"x86": {
3976	+	"x86": {
3977	-	"BeaconType": "8 (HTTPS)",
3977	+	"BeaconType": "8 (HTTPS)",
3978	-	"Port": "443",
3978	+	"Port": "443",
3979	-	"Polling": "60000",
3979	+	"Polling": "60000",
3980	-	"Jitter": "0",
3980	+	"Jitter": "0",
3981	-	"Maxdns": "255",
3981	+	"Maxdns": "255",
3982	-	"C2 Server": "myredirector1.live,/c/msdownload/update/others/2020/10/29136388_,myredirector2.live,/c/msdownload/update/others/2020/10/29136388_",
3982	+	"C2 Server": "myredirector1.live,/c/msdownload/update/others/2020/10/29136388_,myredirector2.live,/c/msdownload/update/others/2020/10/29136388_",
3983	-	"User Agent": "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0)",
3983	+	"User Agent": "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0)",
3984	-	"HTTP Method Path 2": "/c/msdownload/update/others/2020/10/28986731_",
3984	+	"HTTP Method Path 2": "/c/msdownload/update/others/2020/10/28986731_",
3985	-	"Header1": "",
3985	+	"Header1": "",
3986	-	"Header2": "",
3986	+	"Header2": "",
3987	-	"PipeName": "",
3987	+	"PipeName": "",
3988	-	"DNS Idle": "\\x00\\x00\\x00\\x00",
3988	+	"DNS Idle": "\\x00\\x00\\x00\\x00",
3989	-	"DNS Sleep": "0",
3989	+	"DNS Sleep": "0",
3990	-	"Method1": "GET",
3990	+	"Method1": "GET",
3991	-	"Method2": "POST",
3991	+	"Method2": "POST",
3992	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
3992	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
3993	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
3993	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
3994	-	"Proxy_AccessType": "2 (Use IE settings)"
3994	+	"Proxy_AccessType": "2 (Use IE settings)"
3995	-	}
3995	+	}
3996	-	},
3996	+	},
3997	-	"167.99.200.45": {
3997	+	"167.99.200.45": {
3998	-	"x64": {
3998	+	"x64": {
3999	-	"BeaconType": "8 (HTTPS)",
3999	+	"BeaconType": "8 (HTTPS)",
4000	-	"Port": "443",
4000	+	"Port": "443",
4001	-	"Polling": "30000",
4001	+	"Polling": "30000",
4002	-	"Jitter": "20",
4002	+	"Jitter": "20",
4003	-	"Maxdns": "235",
4003	+	"Maxdns": "235",
4004	-	"C2 Server": "outlook-1.azureedge.net,/static/css/main.d22d3525.chunk.css",
4004	+	"C2 Server": "outlook-1.azureedge.net,/static/css/main.d22d3525.chunk.css",
4005	-	"User Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4147.105 Safari/537.36",
4005	+	"User Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4147.105 Safari/537.36",
4006	-	"HTTP Method Path 2": "/owamail/calendar/service.svc",
4006	+	"HTTP Method Path 2": "/owamail/calendar/service.svc",
4007	-	"Header1": "",
4007	+	"Header1": "",
4008	-	"Header2": "",
4008	+	"Header2": "",
4009	-	"PipeName": "",
4009	+	"PipeName": "",
4010	-	"DNS Idle": "\rZ\\xD5\\xCC",
4010	+	"DNS Idle": "\rZ\\xD5\\xCC",
4011	-	"DNS Sleep": "0",
4011	+	"DNS Sleep": "0",
4012	-	"Method1": "GET",
4012	+	"Method1": "GET",
4013	-	"Method2": "POST",
4013	+	"Method2": "POST",
4014	-	"Spawnto_x86": "%windir%\\syswow64\\gpupdate.exe",
4014	+	"Spawnto_x86": "%windir%\\syswow64\\gpupdate.exe",
4015	-	"Spawnto_x64": "%windir%\\sysnative\\gpupdate.exe",
4015	+	"Spawnto_x64": "%windir%\\sysnative\\gpupdate.exe",
4016	-	"Proxy_AccessType": "2 (Use IE settings)"
4016	+	"Proxy_AccessType": "2 (Use IE settings)"
4017	-	}
4017	+	}
4018	-	},
4018	+	},
4019	-	"168.119.0.88": {
4019	+	"168.119.0.88": {
4020	-	"x86": {
4020	+	"x86": {
4021	-	"BeaconType": "8 (HTTPS)",
4021	+	"BeaconType": "8 (HTTPS)",
4022	-	"Port": "443",
4022	+	"Port": "443",
4023	-	"Polling": "60000",
4023	+	"Polling": "60000",
4024	-	"Jitter": "0",
4024	+	"Jitter": "0",
4025	-	"Maxdns": "255",
4025	+	"Maxdns": "255",
4026	-	"C2 Server": "168.119.0.88,/g.pixel",
4026	+	"C2 Server": "168.119.0.88,/g.pixel",
4027	-	"User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; BOIE9;ENUSMSCOM)",
4027	+	"User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; BOIE9;ENUSMSCOM)",
4028	-	"HTTP Method Path 2": "/submit.php",
4028	+	"HTTP Method Path 2": "/submit.php",
4029	-	"Header1": "",
4029	+	"Header1": "",
4030	-	"Header2": "",
4030	+	"Header2": "",
4031	-	"PipeName": "",
4031	+	"PipeName": "",
4032	-	"DNS Idle": "\\x00\\x00\\x00\\x00",
4032	+	"DNS Idle": "\\x00\\x00\\x00\\x00",
4033	-	"DNS Sleep": "0",
4033	+	"DNS Sleep": "0",
4034	-	"Method1": "GET",
4034	+	"Method1": "GET",
4035	-	"Method2": "POST",
4035	+	"Method2": "POST",
4036	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
4036	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
4037	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
4037	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
4038	-	"Proxy_AccessType": "2 (Use IE settings)"
4038	+	"Proxy_AccessType": "2 (Use IE settings)"
4039	-	}
4039	+	}
4040	-	},
4040	+	},
4041	-	"168.62.7.130": {
4041	+	"168.62.7.130": {
4042	-	"x64": {
4042	+	"x64": {
4043	-	"BeaconType": "8 (HTTPS)",
4043	+	"BeaconType": "8 (HTTPS)",
4044	-	"Port": "443",
4044	+	"Port": "443",
4045	-	"Polling": "37500",
4045	+	"Polling": "37500",
4046	-	"Jitter": "33",
4046	+	"Jitter": "33",
4047	-	"Maxdns": "245",
4047	+	"Maxdns": "245",
4048	-	"C2 Server": "red.therclegalgroup.com,/javascripts/jquery.foundation.navigation.js",
4048	+	"C2 Server": "red.therclegalgroup.com,/javascripts/jquery.foundation.navigation.js",
4049	-	"User Agent": "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; SLCC; .NET CLR 3.5.30729; .NET CLR 3.0.30729; MS-RTC LM 8)",
4049	+	"User Agent": "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; SLCC; .NET CLR 3.5.30729; .NET CLR 3.0.30729; MS-RTC LM 8)",
4050	-	"HTTP Method Path 2": "/jquery-3.3.2.min.js",
4050	+	"HTTP Method Path 2": "/jquery-3.3.2.min.js",
4051	-	"Header1": "",
4051	+	"Header1": "",
4052	-	"Header2": "",
4052	+	"Header2": "",
4053	-	"PipeName": "",
4053	+	"PipeName": "",
4054	-	"DNS Idle": "\\x08\\x08\\x08\\x08",
4054	+	"DNS Idle": "\\x08\\x08\\x08\\x08",
4055	-	"DNS Sleep": "0",
4055	+	"DNS Sleep": "0",
4056	-	"Method1": "GET",
4056	+	"Method1": "GET",
4057	-	"Method2": "POST",
4057	+	"Method2": "POST",
4058	-	"Spawnto_x86": "%windir%\\syswow64\\svchost.exe -k netsvcs",
4058	+	"Spawnto_x86": "%windir%\\syswow64\\svchost.exe -k netsvcs",
4059	-	"Spawnto_x64": "%windir%\\sysnative\\svchost.exe -k netsvcs",
4059	+	"Spawnto_x64": "%windir%\\sysnative\\svchost.exe -k netsvcs",
4060	-	"Proxy_AccessType": "2 (Use IE settings)"
4060	+	"Proxy_AccessType": "2 (Use IE settings)"
4061	-	}
4061	+	}
4062	-	},
4062	+	},
4063	-	"172.241.27.214": {
4063	+	"172.241.27.214": {
4064	-	"x86": {
4064	+	"x86": {
4065	-	"BeaconType": "8 (HTTPS)",
4065	+	"BeaconType": "8 (HTTPS)",
4066	-	"Port": "443",
4066	+	"Port": "443",
4067	-	"Polling": "5000",
4067	+	"Polling": "5000",
4068	-	"Jitter": "10",
4068	+	"Jitter": "10",
4069	-	"Maxdns": "235",
4069	+	"Maxdns": "235",
4070	-	"C2 Server": "repshd.com,/us/ky/louisville/312-s-fourth-st.html,pinglis.com,/us/ky/louisville/312-s-fourth-st.html,stargut.com,/us/ky/louisville/312-s-fourth-st.html",
4070	+	"C2 Server": "repshd.com,/us/ky/louisville/312-s-fourth-st.html,pinglis.com,/us/ky/louisville/312-s-fourth-st.html,stargut.com,/us/ky/louisville/312-s-fourth-st.html",
4071	-	"User Agent": "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko)",
4071	+	"User Agent": "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko)",
4072	-	"HTTP Method Path 2": "/OrderEntryService.asmx/AddOrderLine",
4072	+	"HTTP Method Path 2": "/OrderEntryService.asmx/AddOrderLine",
4073	-	"Header1": "",
4073	+	"Header1": "",
4074	-	"Header2": "",
4074	+	"Header2": "",
4075	-	"PipeName": "",
4075	+	"PipeName": "",
4076	-	"DNS Idle": "\\x08\\x08\\x08\\x08",
4076	+	"DNS Idle": "\\x08\\x08\\x08\\x08",
4077	-	"DNS Sleep": "0",
4077	+	"DNS Sleep": "0",
4078	-	"Method1": "GET",
4078	+	"Method1": "GET",
4079	-	"Method2": "POST",
4079	+	"Method2": "POST",
4080	-	"Spawnto_x86": "%windir%\\syswow64\\mstsc.exe",
4080	+	"Spawnto_x86": "%windir%\\syswow64\\mstsc.exe",
4081	-	"Spawnto_x64": "%windir%\\sysnative\\mstsc.exe",
4081	+	"Spawnto_x64": "%windir%\\sysnative\\mstsc.exe",
4082	-	"Proxy_AccessType": "2 (Use IE settings)"
4082	+	"Proxy_AccessType": "2 (Use IE settings)"
4083	-	}
4083	+	}
4084	-	},
4084	+	},
4085	-	"172.241.27.230": {
4085	+	"172.241.27.230": {
4086	-	"x86": {
4086	+	"x86": {
4087	-	"BeaconType": "8 (HTTPS)",
4087	+	"BeaconType": "8 (HTTPS)",
4088	-	"Port": "443",
4088	+	"Port": "443",
4089	-	"Polling": "5000",
4089	+	"Polling": "5000",
4090	-	"Jitter": "10",
4090	+	"Jitter": "10",
4091	-	"Maxdns": "235",
4091	+	"Maxdns": "235",
4092	-	"C2 Server": "ramush.com,/us/ky/louisville/312-s-fourth-st.html,leepick.com,/us/ky/louisville/312-s-fourth-st.html",
4092	+	"C2 Server": "ramush.com,/us/ky/louisville/312-s-fourth-st.html,leepick.com,/us/ky/louisville/312-s-fourth-st.html",
4093	-	"User Agent": "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko)",
4093	+	"User Agent": "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko)",
4094	-	"HTTP Method Path 2": "/OrderEntryService.asmx/AddOrderLine",
4094	+	"HTTP Method Path 2": "/OrderEntryService.asmx/AddOrderLine",
4095	-	"Header1": "",
4095	+	"Header1": "",
4096	-	"Header2": "",
4096	+	"Header2": "",
4097	-	"PipeName": "",
4097	+	"PipeName": "",
4098	-	"DNS Idle": "\\x08\\x08\\x08\\x08",
4098	+	"DNS Idle": "\\x08\\x08\\x08\\x08",
4099	-	"DNS Sleep": "0",
4099	+	"DNS Sleep": "0",
4100	-	"Method1": "GET",
4100	+	"Method1": "GET",
4101	-	"Method2": "POST",
4101	+	"Method2": "POST",
4102	-	"Spawnto_x86": "%windir%\\syswow64\\mstsc.exe",
4102	+	"Spawnto_x86": "%windir%\\syswow64\\mstsc.exe",
4103	-	"Spawnto_x64": "%windir%\\sysnative\\mstsc.exe",
4103	+	"Spawnto_x64": "%windir%\\sysnative\\mstsc.exe",
4104	-	"Proxy_AccessType": "2 (Use IE settings)"
4104	+	"Proxy_AccessType": "2 (Use IE settings)"
4105	-	}
4105	+	}
4106	-	},
4106	+	},
4107	-	"172.241.27.46": {
4107	+	"172.241.27.46": {
4108	-	"x86": {
4108	+	"x86": {
4109	-	"BeaconType": "8 (HTTPS)",
4109	+	"BeaconType": "8 (HTTPS)",
4110	-	"Port": "443",
4110	+	"Port": "443",
4111	-	"Polling": "5000",
4111	+	"Polling": "5000",
4112	-	"Jitter": "10",
4112	+	"Jitter": "10",
4113	-	"Maxdns": "235",
4113	+	"Maxdns": "235",
4114	-	"C2 Server": "oldplex.com,/us/ky/louisville/312-s-fourth-st.html",
4114	+	"C2 Server": "oldplex.com,/us/ky/louisville/312-s-fourth-st.html",
4115	-	"User Agent": "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko)",
4115	+	"User Agent": "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko)",
4116	-	"HTTP Method Path 2": "/OrderEntryService.asmx/AddOrderLine",
4116	+	"HTTP Method Path 2": "/OrderEntryService.asmx/AddOrderLine",
4117	-	"Header1": "",
4117	+	"Header1": "",
4118	-	"Header2": "",
4118	+	"Header2": "",
4119	-	"PipeName": "",
4119	+	"PipeName": "",
4120	-	"DNS Idle": "\\x08\\x08\\x08\\x08",
4120	+	"DNS Idle": "\\x08\\x08\\x08\\x08",
4121	-	"DNS Sleep": "0",
4121	+	"DNS Sleep": "0",
4122	-	"Method1": "GET",
4122	+	"Method1": "GET",
4123	-	"Method2": "POST",
4123	+	"Method2": "POST",
4124	-	"Spawnto_x86": "%windir%\\syswow64\\mstsc.exe",
4124	+	"Spawnto_x86": "%windir%\\syswow64\\mstsc.exe",
4125	-	"Spawnto_x64": "%windir%\\sysnative\\mstsc.exe",
4125	+	"Spawnto_x64": "%windir%\\sysnative\\mstsc.exe",
4126	-	"Proxy_AccessType": "2 (Use IE settings)"
4126	+	"Proxy_AccessType": "2 (Use IE settings)"
4127	-	},
4127	+	},
4128	-	"x64": {
4128	+	"x64": {
4129	-	"BeaconType": "8 (HTTPS)",
4129	+	"BeaconType": "8 (HTTPS)",
4130	-	"Port": "443",
4130	+	"Port": "443",
4131	-	"Polling": "5000",
4131	+	"Polling": "5000",
4132	-	"Jitter": "10",
4132	+	"Jitter": "10",
4133	-	"Maxdns": "235",
4133	+	"Maxdns": "235",
4134	-	"C2 Server": "oldplex.com,/us/ky/louisville/312-s-fourth-st.html",
4134	+	"C2 Server": "oldplex.com,/us/ky/louisville/312-s-fourth-st.html",
4135	-	"User Agent": "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko)",
4135	+	"User Agent": "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko)",
4136	-	"HTTP Method Path 2": "/OrderEntryService.asmx/AddOrderLine",
4136	+	"HTTP Method Path 2": "/OrderEntryService.asmx/AddOrderLine",
4137	-	"Header1": "",
4137	+	"Header1": "",
4138	-	"Header2": "",
4138	+	"Header2": "",
4139	-	"PipeName": "",
4139	+	"PipeName": "",
4140	-	"DNS Idle": "\\x08\\x08\\x08\\x08",
4140	+	"DNS Idle": "\\x08\\x08\\x08\\x08",
4141	-	"DNS Sleep": "0",
4141	+	"DNS Sleep": "0",
4142	-	"Method1": "GET",
4142	+	"Method1": "GET",
4143	-	"Method2": "POST",
4143	+	"Method2": "POST",
4144	-	"Spawnto_x86": "%windir%\\syswow64\\mstsc.exe",
4144	+	"Spawnto_x86": "%windir%\\syswow64\\mstsc.exe",
4145	-	"Spawnto_x64": "%windir%\\sysnative\\mstsc.exe",
4145	+	"Spawnto_x64": "%windir%\\sysnative\\mstsc.exe",
4146	-	"Proxy_AccessType": "2 (Use IE settings)"
4146	+	"Proxy_AccessType": "2 (Use IE settings)"
4147	-	}
4147	+	}
4148	-	},
4148	+	},
4149	-	"172.241.27.57": {
4149	+	"172.241.27.57": {
4150	-	"x86": {
4150	+	"x86": {
4151	-	"BeaconType": "8 (HTTPS)",
4151	+	"BeaconType": "8 (HTTPS)",
4152	-	"Port": "443",
4152	+	"Port": "443",
4153	-	"Polling": "5000",
4153	+	"Polling": "5000",
4154	-	"Jitter": "10",
4154	+	"Jitter": "10",
4155	-	"Maxdns": "235",
4155	+	"Maxdns": "235",
4156	-	"C2 Server": "zipflag.com,/us/ky/louisville/312-s-fourth-st.html",
4156	+	"C2 Server": "zipflag.com,/us/ky/louisville/312-s-fourth-st.html",
4157	-	"User Agent": "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko)",
4157	+	"User Agent": "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko)",
4158	-	"HTTP Method Path 2": "/OrderEntryService.asmx/AddOrderLine",
4158	+	"HTTP Method Path 2": "/OrderEntryService.asmx/AddOrderLine",
4159	-	"Header1": "",
4159	+	"Header1": "",
4160	-	"Header2": "",
4160	+	"Header2": "",
4161	-	"PipeName": "",
4161	+	"PipeName": "",
4162	-	"DNS Idle": "\\x08\\x08\\x08\\x08",
4162	+	"DNS Idle": "\\x08\\x08\\x08\\x08",
4163	-	"DNS Sleep": "0",
4163	+	"DNS Sleep": "0",
4164	-	"Method1": "GET",
4164	+	"Method1": "GET",
4165	-	"Method2": "POST",
4165	+	"Method2": "POST",
4166	-	"Spawnto_x86": "%windir%\\syswow64\\mstsc.exe",
4166	+	"Spawnto_x86": "%windir%\\syswow64\\mstsc.exe",
4167	-	"Spawnto_x64": "%windir%\\sysnative\\mstsc.exe",
4167	+	"Spawnto_x64": "%windir%\\sysnative\\mstsc.exe",
4168	-	"Proxy_AccessType": "2 (Use IE settings)"
4168	+	"Proxy_AccessType": "2 (Use IE settings)"
4169	-	}
4169	+	}
4170	-	},
4170	+	},
4171	-	"172.241.29.153": {
4171	+	"172.241.29.153": {
4172	-	"x86": {
4172	+	"x86": {
4173	-	"BeaconType": "8 (HTTPS)",
4173	+	"BeaconType": "8 (HTTPS)",
4174	-	"Port": "443",
4174	+	"Port": "443",
4175	-	"Polling": "60000",
4175	+	"Polling": "60000",
4176	-	"Jitter": "0",
4176	+	"Jitter": "0",
4177	-	"Maxdns": "255",
4177	+	"Maxdns": "255",
4178	-	"C2 Server": "172.241.29.153,/dpixel",
4178	+	"C2 Server": "172.241.29.153,/dpixel",
4179	-	"User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; Xbox)",
4179	+	"User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; Xbox)",
4180	-	"HTTP Method Path 2": "/submit.php",
4180	+	"HTTP Method Path 2": "/submit.php",
4181	-	"Header1": "",
4181	+	"Header1": "",
4182	-	"Header2": "",
4182	+	"Header2": "",
4183	-	"PipeName": "",
4183	+	"PipeName": "",
4184	-	"DNS Idle": "\\x00\\x00\\x00\\x00",
4184	+	"DNS Idle": "\\x00\\x00\\x00\\x00",
4185	-	"DNS Sleep": "0",
4185	+	"DNS Sleep": "0",
4186	-	"Method1": "GET",
4186	+	"Method1": "GET",
4187	-	"Method2": "POST",
4187	+	"Method2": "POST",
4188	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
4188	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
4189	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
4189	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
4190	-	"Proxy_AccessType": "2 (Use IE settings)"
4190	+	"Proxy_AccessType": "2 (Use IE settings)"
4191	-	}
4191	+	}
4192	-	},
4192	+	},
4193	-	"172.241.29.155": {
4193	+	"172.241.29.155": {
4194	-	"x64": {
4194	+	"x64": {
4195	-	"BeaconType": "8 (HTTPS)",
4195	+	"BeaconType": "8 (HTTPS)",
4196	-	"Port": "443",
4196	+	"Port": "443",
4197	-	"Polling": "60000",
4197	+	"Polling": "60000",
4198	-	"Jitter": "0",
4198	+	"Jitter": "0",
4199	-	"Maxdns": "255",
4199	+	"Maxdns": "255",
4200	-	"C2 Server": "amamai-tecnologies.space,/dot.gif",
4200	+	"C2 Server": "amamai-tecnologies.space,/dot.gif",
4201	-	"User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; NP06)",
4201	+	"User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; NP06)",
4202	-	"HTTP Method Path 2": "/submit.php",
4202	+	"HTTP Method Path 2": "/submit.php",
4203	-	"Header1": "",
4203	+	"Header1": "",
4204	-	"Header2": "",
4204	+	"Header2": "",
4205	-	"PipeName": "",
4205	+	"PipeName": "",
4206	-	"DNS Idle": "\\x00\\x00\\x00\\x00",
4206	+	"DNS Idle": "\\x00\\x00\\x00\\x00",
4207	-	"DNS Sleep": "0",
4207	+	"DNS Sleep": "0",
4208	-	"Method1": "GET",
4208	+	"Method1": "GET",
4209	-	"Method2": "POST",
4209	+	"Method2": "POST",
4210	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
4210	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
4211	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
4211	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
4212	-	"Proxy_AccessType": "2 (Use IE settings)"
4212	+	"Proxy_AccessType": "2 (Use IE settings)"
4213	-	}
4213	+	}
4214	-	},
4214	+	},
4215	-	"172.241.29.156": {
4215	+	"172.241.29.156": {
4216	-	"x64": {
4216	+	"x64": {
4217	-	"BeaconType": "8 (HTTPS)",
4217	+	"BeaconType": "8 (HTTPS)",
4218	-	"Port": "443",
4218	+	"Port": "443",
4219	-	"Polling": "60000",
4219	+	"Polling": "60000",
4220	-	"Jitter": "0",
4220	+	"Jitter": "0",
4221	-	"Maxdns": "255",
4221	+	"Maxdns": "255",
4222	-	"C2 Server": "amamai-tecnologies.digital,/IE9CompatViewList.xml",
4222	+	"C2 Server": "amamai-tecnologies.digital,/IE9CompatViewList.xml",
4223	-	"User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; BOIE9;ENAU)",
4223	+	"User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; BOIE9;ENAU)",
4224	-	"HTTP Method Path 2": "/submit.php",
4224	+	"HTTP Method Path 2": "/submit.php",
4225	-	"Header1": "",
4225	+	"Header1": "",
4226	-	"Header2": "",
4226	+	"Header2": "",
4227	-	"PipeName": "",
4227	+	"PipeName": "",
4228	-	"DNS Idle": "\\x00\\x00\\x00\\x00",
4228	+	"DNS Idle": "\\x00\\x00\\x00\\x00",
4229	-	"DNS Sleep": "0",
4229	+	"DNS Sleep": "0",
4230	-	"Method1": "GET",
4230	+	"Method1": "GET",
4231	-	"Method2": "POST",
4231	+	"Method2": "POST",
4232	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
4232	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
4233	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
4233	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
4234	-	"Proxy_AccessType": "2 (Use IE settings)"
4234	+	"Proxy_AccessType": "2 (Use IE settings)"
4235	-	}
4235	+	}
4236	-	},
4236	+	},
4237	-	"172.82.148.202": {
4237	+	"172.82.148.202": {
4238	-	"x86": {
4238	+	"x86": {
4239	-	"BeaconType": "8 (HTTPS)",
4239	+	"BeaconType": "8 (HTTPS)",
4240	-	"Port": "443",
4240	+	"Port": "443",
4241	-	"Polling": "5000",
4241	+	"Polling": "5000",
4242	-	"Jitter": "10",
4242	+	"Jitter": "10",
4243	-	"Maxdns": "235",
4243	+	"Maxdns": "235",
4244	-	"C2 Server": "172.82.148.202,/us/ky/louisville/312-s-fourth-st.html,resnote.com,/us/ky/louisville/312-s-fourth-st.html",
4244	+	"C2 Server": "172.82.148.202,/us/ky/louisville/312-s-fourth-st.html,resnote.com,/us/ky/louisville/312-s-fourth-st.html",
4245	-	"User Agent": "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko)",
4245	+	"User Agent": "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko)",
4246	-	"HTTP Method Path 2": "/OrderEntryService.asmx/AddOrderLine",
4246	+	"HTTP Method Path 2": "/OrderEntryService.asmx/AddOrderLine",
4247	-	"Header1": "",
4247	+	"Header1": "",
4248	-	"Header2": "",
4248	+	"Header2": "",
4249	-	"PipeName": "",
4249	+	"PipeName": "",
4250	-	"DNS Idle": "\\x08\\x08\\x08\\x08",
4250	+	"DNS Idle": "\\x08\\x08\\x08\\x08",
4251	-	"DNS Sleep": "0",
4251	+	"DNS Sleep": "0",
4252	-	"Method1": "GET",
4252	+	"Method1": "GET",
4253	-	"Method2": "POST",
4253	+	"Method2": "POST",
4254	-	"Spawnto_x86": "%windir%\\syswow64\\mstsc.exe",
4254	+	"Spawnto_x86": "%windir%\\syswow64\\mstsc.exe",
4255	-	"Spawnto_x64": "%windir%\\sysnative\\mstsc.exe",
4255	+	"Spawnto_x64": "%windir%\\sysnative\\mstsc.exe",
4256	-	"Proxy_AccessType": "2 (Use IE settings)"
4256	+	"Proxy_AccessType": "2 (Use IE settings)"
4257	-	},
4257	+	},
4258	-	"x64": {
4258	+	"x64": {
4259	-	"BeaconType": "8 (HTTPS)",
4259	+	"BeaconType": "8 (HTTPS)",
4260	-	"Port": "443",
4260	+	"Port": "443",
4261	-	"Polling": "5000",
4261	+	"Polling": "5000",
4262	-	"Jitter": "10",
4262	+	"Jitter": "10",
4263	-	"Maxdns": "235",
4263	+	"Maxdns": "235",
4264	-	"C2 Server": "172.82.148.202,/us/ky/louisville/312-s-fourth-st.html,resnote.com,/us/ky/louisville/312-s-fourth-st.html",
4264	+	"C2 Server": "172.82.148.202,/us/ky/louisville/312-s-fourth-st.html,resnote.com,/us/ky/louisville/312-s-fourth-st.html",
4265	-	"User Agent": "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko)",
4265	+	"User Agent": "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko)",
4266	-	"HTTP Method Path 2": "/OrderEntryService.asmx/AddOrderLine",
4266	+	"HTTP Method Path 2": "/OrderEntryService.asmx/AddOrderLine",
4267	-	"Header1": "",
4267	+	"Header1": "",
4268	-	"Header2": "",
4268	+	"Header2": "",
4269	-	"PipeName": "",
4269	+	"PipeName": "",
4270	-	"DNS Idle": "\\x08\\x08\\x08\\x08",
4270	+	"DNS Idle": "\\x08\\x08\\x08\\x08",
4271	-	"DNS Sleep": "0",
4271	+	"DNS Sleep": "0",
4272	-	"Method1": "GET",
4272	+	"Method1": "GET",
4273	-	"Method2": "POST",
4273	+	"Method2": "POST",
4274	-	"Spawnto_x86": "%windir%\\syswow64\\mstsc.exe",
4274	+	"Spawnto_x86": "%windir%\\syswow64\\mstsc.exe",
4275	-	"Spawnto_x64": "%windir%\\sysnative\\mstsc.exe",
4275	+	"Spawnto_x64": "%windir%\\sysnative\\mstsc.exe",
4276	-	"Proxy_AccessType": "2 (Use IE settings)"
4276	+	"Proxy_AccessType": "2 (Use IE settings)"
4277	-	}
4277	+	}
4278	-	},
4278	+	},
4279	-	"172.82.179.170": {
4279	+	"172.82.179.170": {
4280	-	"x64": {
4280	+	"x64": {
4281	-	"BeaconType": "8 (HTTPS)",
4281	+	"BeaconType": "8 (HTTPS)",
4282	-	"Port": "443",
4282	+	"Port": "443",
4283	-	"Polling": "5000",
4283	+	"Polling": "5000",
4284	-	"Jitter": "10",
4284	+	"Jitter": "10",
4285	-	"Maxdns": "235",
4285	+	"Maxdns": "235",
4286	-	"C2 Server": "foxreps.com,/us/ky/louisville/312-s-fourth-st.html,novause.com,/us/ky/louisville/312-s-fourth-st.html",
4286	+	"C2 Server": "foxreps.com,/us/ky/louisville/312-s-fourth-st.html,novause.com,/us/ky/louisville/312-s-fourth-st.html",
4287	-	"User Agent": "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko)",
4287	+	"User Agent": "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko)",
4288	-	"HTTP Method Path 2": "/OrderEntryService.asmx/AddOrderLine",
4288	+	"HTTP Method Path 2": "/OrderEntryService.asmx/AddOrderLine",
4289	-	"Header1": "",
4289	+	"Header1": "",
4290	-	"Header2": "",
4290	+	"Header2": "",
4291	-	"PipeName": "",
4291	+	"PipeName": "",
4292	-	"DNS Idle": "\\x08\\x08\\x08\\x08",
4292	+	"DNS Idle": "\\x08\\x08\\x08\\x08",
4293	-	"DNS Sleep": "0",
4293	+	"DNS Sleep": "0",
4294	-	"Method1": "GET",
4294	+	"Method1": "GET",
4295	-	"Method2": "POST",
4295	+	"Method2": "POST",
4296	-	"Spawnto_x86": "%windir%\\syswow64\\mstsc.exe",
4296	+	"Spawnto_x86": "%windir%\\syswow64\\mstsc.exe",
4297	-	"Spawnto_x64": "%windir%\\sysnative\\mstsc.exe",
4297	+	"Spawnto_x64": "%windir%\\sysnative\\mstsc.exe",
4298	-	"Proxy_AccessType": "2 (Use IE settings)"
4298	+	"Proxy_AccessType": "2 (Use IE settings)"
4299	-	}
4299	+	}
4300	-	},
4300	+	},
4301	-	"172.93.101.50": {
4301	+	"172.93.101.50": {
4302	-	"x86": {
4302	+	"x86": {
4303	-	"BeaconType": "8 (HTTPS)",
4303	+	"BeaconType": "8 (HTTPS)",
4304	-	"Port": "443",
4304	+	"Port": "443",
4305	-	"Polling": "5000",
4305	+	"Polling": "5000",
4306	-	"Jitter": "10",
4306	+	"Jitter": "10",
4307	-	"Maxdns": "235",
4307	+	"Maxdns": "235",
4308	-	"C2 Server": "orgsale.com,/us/ky/louisville/312-s-fourth-st.html",
4308	+	"C2 Server": "orgsale.com,/us/ky/louisville/312-s-fourth-st.html",
4309	-	"User Agent": "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko)",
4309	+	"User Agent": "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko)",
4310	-	"HTTP Method Path 2": "/OrderEntryService.asmx/AddOrderLine",
4310	+	"HTTP Method Path 2": "/OrderEntryService.asmx/AddOrderLine",
4311	-	"Header1": "",
4311	+	"Header1": "",
4312	-	"Header2": "",
4312	+	"Header2": "",
4313	-	"PipeName": "",
4313	+	"PipeName": "",
4314	-	"DNS Idle": "\\x08\\x08\\x08\\x08",
4314	+	"DNS Idle": "\\x08\\x08\\x08\\x08",
4315	-	"DNS Sleep": "0",
4315	+	"DNS Sleep": "0",
4316	-	"Method1": "GET",
4316	+	"Method1": "GET",
4317	-	"Method2": "POST",
4317	+	"Method2": "POST",
4318	-	"Spawnto_x86": "%windir%\\syswow64\\mstsc.exe",
4318	+	"Spawnto_x86": "%windir%\\syswow64\\mstsc.exe",
4319	-	"Spawnto_x64": "%windir%\\sysnative\\mstsc.exe",
4319	+	"Spawnto_x64": "%windir%\\sysnative\\mstsc.exe",
4320	-	"Proxy_AccessType": "2 (Use IE settings)"
4320	+	"Proxy_AccessType": "2 (Use IE settings)"
4321	-	},
4321	+	},
4322	-	"x64": {
4322	+	"x64": {
4323	-	"BeaconType": "8 (HTTPS)",
4323	+	"BeaconType": "8 (HTTPS)",
4324	-	"Port": "443",
4324	+	"Port": "443",
4325	-	"Polling": "5000",
4325	+	"Polling": "5000",
4326	-	"Jitter": "10",
4326	+	"Jitter": "10",
4327	-	"Maxdns": "235",
4327	+	"Maxdns": "235",
4328	-	"C2 Server": "orgsale.com,/us/ky/louisville/312-s-fourth-st.html",
4328	+	"C2 Server": "orgsale.com,/us/ky/louisville/312-s-fourth-st.html",
4329	-	"User Agent": "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko)",
4329	+	"User Agent": "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko)",
4330	-	"HTTP Method Path 2": "/OrderEntryService.asmx/AddOrderLine",
4330	+	"HTTP Method Path 2": "/OrderEntryService.asmx/AddOrderLine",
4331	-	"Header1": "",
4331	+	"Header1": "",
4332	-	"Header2": "",
4332	+	"Header2": "",
4333	-	"PipeName": "",
4333	+	"PipeName": "",
4334	-	"DNS Idle": "\\x08\\x08\\x08\\x08",
4334	+	"DNS Idle": "\\x08\\x08\\x08\\x08",
4335	-	"DNS Sleep": "0",
4335	+	"DNS Sleep": "0",
4336	-	"Method1": "GET",
4336	+	"Method1": "GET",
4337	-	"Method2": "POST",
4337	+	"Method2": "POST",
4338	-	"Spawnto_x86": "%windir%\\syswow64\\mstsc.exe",
4338	+	"Spawnto_x86": "%windir%\\syswow64\\mstsc.exe",
4339	-	"Spawnto_x64": "%windir%\\sysnative\\mstsc.exe",
4339	+	"Spawnto_x64": "%windir%\\sysnative\\mstsc.exe",
4340	-	"Proxy_AccessType": "2 (Use IE settings)"
4340	+	"Proxy_AccessType": "2 (Use IE settings)"
4341	-	}
4341	+	}
4342	-	},
4342	+	},
4343	-	"172.93.102.164": {
4343	+	"172.93.102.164": {
4344	-	"x86": {
4344	+	"x86": {
4345	-	"BeaconType": "8 (HTTPS)",
4345	+	"BeaconType": "8 (HTTPS)",
4346	-	"Port": "443",
4346	+	"Port": "443",
4347	-	"Polling": "5000",
4347	+	"Polling": "5000",
4348	-	"Jitter": "10",
4348	+	"Jitter": "10",
4349	-	"Maxdns": "235",
4349	+	"Maxdns": "235",
4350	-	"C2 Server": "facesh.com,/us/ky/louisville/312-s-fourth-st.html",
4350	+	"C2 Server": "facesh.com,/us/ky/louisville/312-s-fourth-st.html",
4351	-	"User Agent": "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko)",
4351	+	"User Agent": "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko)",
4352	-	"HTTP Method Path 2": "/OrderEntryService.asmx/AddOrderLine",
4352	+	"HTTP Method Path 2": "/OrderEntryService.asmx/AddOrderLine",
4353	-	"Header1": "",
4353	+	"Header1": "",
4354	-	"Header2": "",
4354	+	"Header2": "",
4355	-	"PipeName": "",
4355	+	"PipeName": "",
4356	-	"DNS Idle": "\\x08\\x08\\x08\\x08",
4356	+	"DNS Idle": "\\x08\\x08\\x08\\x08",
4357	-	"DNS Sleep": "0",
4357	+	"DNS Sleep": "0",
4358	-	"Method1": "GET",
4358	+	"Method1": "GET",
4359	-	"Method2": "POST",
4359	+	"Method2": "POST",
4360	-	"Spawnto_x86": "%windir%\\syswow64\\mstsc.exe",
4360	+	"Spawnto_x86": "%windir%\\syswow64\\mstsc.exe",
4361	-	"Spawnto_x64": "%windir%\\sysnative\\mstsc.exe",
4361	+	"Spawnto_x64": "%windir%\\sysnative\\mstsc.exe",
4362	-	"Proxy_AccessType": "2 (Use IE settings)"
4362	+	"Proxy_AccessType": "2 (Use IE settings)"
4363	-	}
4363	+	}
4364	-	},
4364	+	},
4365	-	"172.93.107.2": {
4365	+	"172.93.107.2": {
4366	-	"x86": {
4366	+	"x86": {
4367	-	"BeaconType": "8 (HTTPS)",
4367	+	"BeaconType": "8 (HTTPS)",
4368	-	"Port": "443",
4368	+	"Port": "443",
4369	-	"Polling": "30000",
4369	+	"Polling": "30000",
4370	-	"Jitter": "20",
4370	+	"Jitter": "20",
4371	-	"Maxdns": "255",
4371	+	"Maxdns": "255",
4372	-	"C2 Server": "keyisa.com,/CWoNaJLBo/VTNeWw11212/",
4372	+	"C2 Server": "keyisa.com,/CWoNaJLBo/VTNeWw11212/",
4373	-	"User Agent": "Mozilla/4.0 (compatible; MSIE 6.0;Windows NT 5.1)",
4373	+	"User Agent": "Mozilla/4.0 (compatible; MSIE 6.0;Windows NT 5.1)",
4374	-	"HTTP Method Path 2": "/CWoNaJLBo/VTNeWw11213/",
4374	+	"HTTP Method Path 2": "/CWoNaJLBo/VTNeWw11213/",
4375	-	"Header1": "",
4375	+	"Header1": "",
4376	-	"Header2": "",
4376	+	"Header2": "",
4377	-	"PipeName": "",
4377	+	"PipeName": "",
4378	-	"DNS Idle": "\\x00\\x00\\x00\\x00",
4378	+	"DNS Idle": "\\x00\\x00\\x00\\x00",
4379	-	"DNS Sleep": "0",
4379	+	"DNS Sleep": "0",
4380	-	"Method1": "GET",
4380	+	"Method1": "GET",
4381	-	"Method2": "POST",
4381	+	"Method2": "POST",
4382	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
4382	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
4383	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
4383	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
4384	-	"Proxy_AccessType": "2 (Use IE settings)"
4384	+	"Proxy_AccessType": "2 (Use IE settings)"
4385	-	},
4385	+	},
4386	-	"x64": {
4386	+	"x64": {
4387	-	"BeaconType": "8 (HTTPS)",
4387	+	"BeaconType": "8 (HTTPS)",
4388	-	"Port": "443",
4388	+	"Port": "443",
4389	-	"Polling": "30000",
4389	+	"Polling": "30000",
4390	-	"Jitter": "20",
4390	+	"Jitter": "20",
4391	-	"Maxdns": "255",
4391	+	"Maxdns": "255",
4392	-	"C2 Server": "keyisa.com,/CWoNaJLBo/VTNeWw11212/",
4392	+	"C2 Server": "keyisa.com,/CWoNaJLBo/VTNeWw11212/",
4393	-	"User Agent": "Mozilla/4.0 (compatible; MSIE 6.0;Windows NT 5.1)",
4393	+	"User Agent": "Mozilla/4.0 (compatible; MSIE 6.0;Windows NT 5.1)",
4394	-	"HTTP Method Path 2": "/CWoNaJLBo/VTNeWw11213/",
4394	+	"HTTP Method Path 2": "/CWoNaJLBo/VTNeWw11213/",
4395	-	"Header1": "",
4395	+	"Header1": "",
4396	-	"Header2": "",
4396	+	"Header2": "",
4397	-	"PipeName": "",
4397	+	"PipeName": "",
4398	-	"DNS Idle": "\\x00\\x00\\x00\\x00",
4398	+	"DNS Idle": "\\x00\\x00\\x00\\x00",
4399	-	"DNS Sleep": "0",
4399	+	"DNS Sleep": "0",
4400	-	"Method1": "GET",
4400	+	"Method1": "GET",
4401	-	"Method2": "POST",
4401	+	"Method2": "POST",
4402	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
4402	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
4403	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
4403	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
4404	-	"Proxy_AccessType": "2 (Use IE settings)"
4404	+	"Proxy_AccessType": "2 (Use IE settings)"
4405	-	}
4405	+	}
4406	-	},
4406	+	},
4407	-	"172.93.97.66": {
4407	+	"172.93.97.66": {
4408	-	"x86": {
4408	+	"x86": {
4409	-	"BeaconType": "8 (HTTPS)",
4409	+	"BeaconType": "8 (HTTPS)",
4410	-	"Port": "443",
4410	+	"Port": "443",
4411	-	"Polling": "30000",
4411	+	"Polling": "30000",
4412	-	"Jitter": "20",
4412	+	"Jitter": "20",
4413	-	"Maxdns": "255",
4413	+	"Maxdns": "255",
4414	-	"C2 Server": "stephq.com,/CWoNaJLBo/VTNeWw11212/",
4414	+	"C2 Server": "stephq.com,/CWoNaJLBo/VTNeWw11212/",
4415	-	"User Agent": "Mozilla/4.0 (compatible; MSIE 6.0;Windows NT 5.1)",
4415	+	"User Agent": "Mozilla/4.0 (compatible; MSIE 6.0;Windows NT 5.1)",
4416	-	"HTTP Method Path 2": "/CWoNaJLBo/VTNeWw11213/",
4416	+	"HTTP Method Path 2": "/CWoNaJLBo/VTNeWw11213/",
4417	-	"Header1": "",
4417	+	"Header1": "",
4418	-	"Header2": "",
4418	+	"Header2": "",
4419	-	"PipeName": "",
4419	+	"PipeName": "",
4420	-	"DNS Idle": "\\x00\\x00\\x00\\x00",
4420	+	"DNS Idle": "\\x00\\x00\\x00\\x00",
4421	-	"DNS Sleep": "0",
4421	+	"DNS Sleep": "0",
4422	-	"Method1": "GET",
4422	+	"Method1": "GET",
4423	-	"Method2": "POST",
4423	+	"Method2": "POST",
4424	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
4424	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
4425	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
4425	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
4426	-	"Proxy_AccessType": "2 (Use IE settings)"
4426	+	"Proxy_AccessType": "2 (Use IE settings)"
4427	-	},
4427	+	},
4428	-	"x64": {
4428	+	"x64": {
4429	-	"BeaconType": "8 (HTTPS)",
4429	+	"BeaconType": "8 (HTTPS)",
4430	-	"Port": "443",
4430	+	"Port": "443",
4431	-	"Polling": "30000",
4431	+	"Polling": "30000",
4432	-	"Jitter": "20",
4432	+	"Jitter": "20",
4433	-	"Maxdns": "255",
4433	+	"Maxdns": "255",
4434	-	"C2 Server": "stephq.com,/CWoNaJLBo/VTNeWw11212/",
4434	+	"C2 Server": "stephq.com,/CWoNaJLBo/VTNeWw11212/",
4435	-	"User Agent": "Mozilla/4.0 (compatible; MSIE 6.0;Windows NT 5.1)",
4435	+	"User Agent": "Mozilla/4.0 (compatible; MSIE 6.0;Windows NT 5.1)",
4436	-	"HTTP Method Path 2": "/CWoNaJLBo/VTNeWw11213/",
4436	+	"HTTP Method Path 2": "/CWoNaJLBo/VTNeWw11213/",
4437	-	"Header1": "",
4437	+	"Header1": "",
4438	-	"Header2": "",
4438	+	"Header2": "",
4439	-	"PipeName": "",
4439	+	"PipeName": "",
4440	-	"DNS Idle": "\\x00\\x00\\x00\\x00",
4440	+	"DNS Idle": "\\x00\\x00\\x00\\x00",
4441	-	"DNS Sleep": "0",
4441	+	"DNS Sleep": "0",
4442	-	"Method1": "GET",
4442	+	"Method1": "GET",
4443	-	"Method2": "POST",
4443	+	"Method2": "POST",
4444	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
4444	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
4445	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
4445	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
4446	-	"Proxy_AccessType": "2 (Use IE settings)"
4446	+	"Proxy_AccessType": "2 (Use IE settings)"
4447	-	}
4447	+	}
4448	-	},
4448	+	},
4449	-	"172.96.160.218": {
4449	+	"172.96.160.218": {
4450	-	"x64": {
4450	+	"x64": {
4451	-	"BeaconType": "8 (HTTPS)",
4451	+	"BeaconType": "8 (HTTPS)",
4452	-	"Port": "443",
4452	+	"Port": "443",
4453	-	"Polling": "5000",
4453	+	"Polling": "5000",
4454	-	"Jitter": "10",
4454	+	"Jitter": "10",
4455	-	"Maxdns": "235",
4455	+	"Maxdns": "235",
4456	-	"C2 Server": "lenview.com,/us/ky/louisville/312-s-fourth-st.html",
4456	+	"C2 Server": "lenview.com,/us/ky/louisville/312-s-fourth-st.html",
4457	-	"User Agent": "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko)",
4457	+	"User Agent": "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko)",
4458	-	"HTTP Method Path 2": "/OrderEntryService.asmx/AddOrderLine",
4458	+	"HTTP Method Path 2": "/OrderEntryService.asmx/AddOrderLine",
4459	-	"Header1": "",
4459	+	"Header1": "",
4460	-	"Header2": "",
4460	+	"Header2": "",
4461	-	"PipeName": "",
4461	+	"PipeName": "",
4462	-	"DNS Idle": "\\x08\\x08\\x08\\x08",
4462	+	"DNS Idle": "\\x08\\x08\\x08\\x08",
4463	-	"DNS Sleep": "0",
4463	+	"DNS Sleep": "0",
4464	-	"Method1": "GET",
4464	+	"Method1": "GET",
4465	-	"Method2": "POST",
4465	+	"Method2": "POST",
4466	-	"Spawnto_x86": "%windir%\\syswow64\\mstsc.exe",
4466	+	"Spawnto_x86": "%windir%\\syswow64\\mstsc.exe",
4467	-	"Spawnto_x64": "%windir%\\sysnative\\mstsc.exe",
4467	+	"Spawnto_x64": "%windir%\\sysnative\\mstsc.exe",
4468	-	"Proxy_AccessType": "2 (Use IE settings)"
4468	+	"Proxy_AccessType": "2 (Use IE settings)"
4469	-	}
4469	+	}
4470	-	},
4470	+	},
4471	-	"172.98.192.91": {
4471	+	"172.98.192.91": {
4472	-	"x86": {
4472	+	"x86": {
4473	-	"BeaconType": "8 (HTTPS)",
4473	+	"BeaconType": "8 (HTTPS)",
4474	-	"Port": "443",
4474	+	"Port": "443",
4475	-	"Polling": "5000",
4475	+	"Polling": "5000",
4476	-	"Jitter": "0",
4476	+	"Jitter": "0",
4477	-	"Maxdns": "255",
4477	+	"Maxdns": "255",
4478	-	"C2 Server": "172.98.192.91,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books",
4478	+	"C2 Server": "172.98.192.91,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books",
4479	-	"User Agent": "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko",
4479	+	"User Agent": "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko",
4480	-	"HTTP Method Path 2": "/N4215/adj/amzn.us.sr.aps",
4480	+	"HTTP Method Path 2": "/N4215/adj/amzn.us.sr.aps",
4481	-	"Header1": "",
4481	+	"Header1": "",
4482	-	"Header2": "",
4482	+	"Header2": "",
4483	-	"PipeName": "",
4483	+	"PipeName": "",
4484	-	"DNS Idle": "\\x00\\x00\\x00\\x00",
4484	+	"DNS Idle": "\\x00\\x00\\x00\\x00",
4485	-	"DNS Sleep": "0",
4485	+	"DNS Sleep": "0",
4486	-	"Method1": "GET",
4486	+	"Method1": "GET",
4487	-	"Method2": "POST",
4487	+	"Method2": "POST",
4488	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
4488	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
4489	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
4489	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
4490	-	"Proxy_AccessType": "2 (Use IE settings)"
4490	+	"Proxy_AccessType": "2 (Use IE settings)"
4491	-	}
4491	+	}
4492	-	},
4492	+	},
4493	-	"172.98.192.94": {
4493	+	"172.98.192.94": {
4494	-	"x86": {
4494	+	"x86": {
4495	-	"BeaconType": "8 (HTTPS)",
4495	+	"BeaconType": "8 (HTTPS)",
4496	-	"Port": "443",
4496	+	"Port": "443",
4497	-	"Polling": "60000",
4497	+	"Polling": "60000",
4498	-	"Jitter": "0",
4498	+	"Jitter": "0",
4499	-	"Maxdns": "255",
4499	+	"Maxdns": "255",
4500	-	"C2 Server": "172.98.192.94,/g.pixel",
4500	+	"C2 Server": "172.98.192.94,/g.pixel",
4501	-	"User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; BOIE9;ENAU)",
4501	+	"User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; BOIE9;ENAU)",
4502	-	"HTTP Method Path 2": "/submit.php",
4502	+	"HTTP Method Path 2": "/submit.php",
4503	-	"Header1": "",
4503	+	"Header1": "",
4504	-	"Header2": "",
4504	+	"Header2": "",
4505	-	"PipeName": "",
4505	+	"PipeName": "",
4506	-	"DNS Idle": "\\x00\\x00\\x00\\x00",
4506	+	"DNS Idle": "\\x00\\x00\\x00\\x00",
4507	-	"DNS Sleep": "0",
4507	+	"DNS Sleep": "0",
4508	-	"Method1": "GET",
4508	+	"Method1": "GET",
4509	-	"Method2": "POST",
4509	+	"Method2": "POST",
4510	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
4510	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
4511	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
4511	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
4512	-	"Proxy_AccessType": "2 (Use IE settings)"
4512	+	"Proxy_AccessType": "2 (Use IE settings)"
4513	-	}
4513	+	}
4514	-	},
4514	+	},
4515	-	"173.234.155.146": {
4515	+	"173.234.155.146": {
4516	-	"x86": {
4516	+	"x86": {
4517	-	"BeaconType": "8 (HTTPS)",
4517	+	"BeaconType": "8 (HTTPS)",
4518	-	"Port": "443",
4518	+	"Port": "443",
4519	-	"Polling": "5000",
4519	+	"Polling": "5000",
4520	-	"Jitter": "10",
4520	+	"Jitter": "10",
4521	-	"Maxdns": "235",
4521	+	"Maxdns": "235",
4522	-	"C2 Server": "landcook.com,/us/ky/louisville/312-s-fourth-st.html",
4522	+	"C2 Server": "landcook.com,/us/ky/louisville/312-s-fourth-st.html",
4523	-	"User Agent": "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko)",
4523	+	"User Agent": "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko)",
4524	-	"HTTP Method Path 2": "/OrderEntryService.asmx/AddOrderLine",
4524	+	"HTTP Method Path 2": "/OrderEntryService.asmx/AddOrderLine",
4525	-	"Header1": "",
4525	+	"Header1": "",
4526	-	"Header2": "",
4526	+	"Header2": "",
4527	-	"PipeName": "",
4527	+	"PipeName": "",
4528	-	"DNS Idle": "\\x08\\x08\\x08\\x08",
4528	+	"DNS Idle": "\\x08\\x08\\x08\\x08",
4529	-	"DNS Sleep": "0",
4529	+	"DNS Sleep": "0",
4530	-	"Method1": "GET",
4530	+	"Method1": "GET",
4531	-	"Method2": "POST",
4531	+	"Method2": "POST",
4532	-	"Spawnto_x86": "%windir%\\syswow64\\mstsc.exe",
4532	+	"Spawnto_x86": "%windir%\\syswow64\\mstsc.exe",
4533	-	"Spawnto_x64": "%windir%\\sysnative\\mstsc.exe",
4533	+	"Spawnto_x64": "%windir%\\sysnative\\mstsc.exe",
4534	-	"Proxy_AccessType": "2 (Use IE settings)"
4534	+	"Proxy_AccessType": "2 (Use IE settings)"
4535	-	}
4535	+	}
4536	-	},
4536	+	},
4537	-	"173.234.155.173": {
4537	+	"173.234.155.173": {
4538	-	"x86": {
4538	+	"x86": {
4539	-	"BeaconType": "8 (HTTPS)",
4539	+	"BeaconType": "8 (HTTPS)",
4540	-	"Port": "443",
4540	+	"Port": "443",
4541	-	"Polling": "5000",
4541	+	"Polling": "5000",
4542	-	"Jitter": "10",
4542	+	"Jitter": "10",
4543	-	"Maxdns": "235",
4543	+	"Maxdns": "235",
4544	-	"C2 Server": "resfox.com,/us/ky/louisville/312-s-fourth-st.html,zeroflip.com,/us/ky/louisville/312-s-fourth-st.html",
4544	+	"C2 Server": "resfox.com,/us/ky/louisville/312-s-fourth-st.html,zeroflip.com,/us/ky/louisville/312-s-fourth-st.html",
4545	-	"User Agent": "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko)",
4545	+	"User Agent": "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko)",
4546	-	"HTTP Method Path 2": "/OrderEntryService.asmx/AddOrderLine",
4546	+	"HTTP Method Path 2": "/OrderEntryService.asmx/AddOrderLine",
4547	-	"Header1": "",
4547	+	"Header1": "",
4548	-	"Header2": "",
4548	+	"Header2": "",
4549	-	"PipeName": "",
4549	+	"PipeName": "",
4550	-	"DNS Idle": "\\x08\\x08\\x08\\x08",
4550	+	"DNS Idle": "\\x08\\x08\\x08\\x08",
4551	-	"DNS Sleep": "0",
4551	+	"DNS Sleep": "0",
4552	-	"Method1": "GET",
4552	+	"Method1": "GET",
4553	-	"Method2": "POST",
4553	+	"Method2": "POST",
4554	-	"Spawnto_x86": "%windir%\\syswow64\\mstsc.exe",
4554	+	"Spawnto_x86": "%windir%\\syswow64\\mstsc.exe",
4555	-	"Spawnto_x64": "%windir%\\sysnative\\mstsc.exe",
4555	+	"Spawnto_x64": "%windir%\\sysnative\\mstsc.exe",
4556	-	"Proxy_AccessType": "2 (Use IE settings)"
4556	+	"Proxy_AccessType": "2 (Use IE settings)"
4557	-	}
4557	+	}
4558	-	},
4558	+	},
4559	-	"173.234.155.184": {
4559	+	"173.234.155.184": {
4560	-	"x86": {
4560	+	"x86": {
4561	-	"BeaconType": "8 (HTTPS)",
4561	+	"BeaconType": "8 (HTTPS)",
4562	-	"Port": "443",
4562	+	"Port": "443",
4563	-	"Polling": "30000",
4563	+	"Polling": "30000",
4564	-	"Jitter": "20",
4564	+	"Jitter": "20",
4565	-	"Maxdns": "255",
4565	+	"Maxdns": "255",
4566	-	"C2 Server": "dealeva.com,/CWoNaJLBo/VTNeWw11212/",
4566	+	"C2 Server": "dealeva.com,/CWoNaJLBo/VTNeWw11212/",
4567	-	"User Agent": "Mozilla/4.0 (compatible; MSIE 6.0;Windows NT 5.1)",
4567	+	"User Agent": "Mozilla/4.0 (compatible; MSIE 6.0;Windows NT 5.1)",
4568	-	"HTTP Method Path 2": "/CWoNaJLBo/VTNeWw11213/",
4568	+	"HTTP Method Path 2": "/CWoNaJLBo/VTNeWw11213/",
4569	-	"Header1": "",
4569	+	"Header1": "",
4570	-	"Header2": "",
4570	+	"Header2": "",
4571	-	"PipeName": "",
4571	+	"PipeName": "",
4572	-	"DNS Idle": "\\x00\\x00\\x00\\x00",
4572	+	"DNS Idle": "\\x00\\x00\\x00\\x00",
4573	-	"DNS Sleep": "0",
4573	+	"DNS Sleep": "0",
4574	-	"Method1": "GET",
4574	+	"Method1": "GET",
4575	-	"Method2": "POST",
4575	+	"Method2": "POST",
4576	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
4576	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
4577	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
4577	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
4578	-	"Proxy_AccessType": "2 (Use IE settings)"
4578	+	"Proxy_AccessType": "2 (Use IE settings)"
4579	-	},
4579	+	},
4580	-	"x64": {
4580	+	"x64": {
4581	-	"BeaconType": "8 (HTTPS)",
4581	+	"BeaconType": "8 (HTTPS)",
4582	-	"Port": "443",
4582	+	"Port": "443",
4583	-	"Polling": "30000",
4583	+	"Polling": "30000",
4584	-	"Jitter": "20",
4584	+	"Jitter": "20",
4585	-	"Maxdns": "255",
4585	+	"Maxdns": "255",
4586	-	"C2 Server": "dealeva.com,/CWoNaJLBo/VTNeWw11212/",
4586	+	"C2 Server": "dealeva.com,/CWoNaJLBo/VTNeWw11212/",
4587	-	"User Agent": "Mozilla/4.0 (compatible; MSIE 6.0;Windows NT 5.1)",
4587	+	"User Agent": "Mozilla/4.0 (compatible; MSIE 6.0;Windows NT 5.1)",
4588	-	"HTTP Method Path 2": "/CWoNaJLBo/VTNeWw11213/",
4588	+	"HTTP Method Path 2": "/CWoNaJLBo/VTNeWw11213/",
4589	-	"Header1": "",
4589	+	"Header1": "",
4590	-	"Header2": "",
4590	+	"Header2": "",
4591	-	"PipeName": "",
4591	+	"PipeName": "",
4592	-	"DNS Idle": "\\x00\\x00\\x00\\x00",
4592	+	"DNS Idle": "\\x00\\x00\\x00\\x00",
4593	-	"DNS Sleep": "0",
4593	+	"DNS Sleep": "0",
4594	-	"Method1": "GET",
4594	+	"Method1": "GET",
4595	-	"Method2": "POST",
4595	+	"Method2": "POST",
4596	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
4596	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
4597	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
4597	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
4598	-	"Proxy_AccessType": "2 (Use IE settings)"
4598	+	"Proxy_AccessType": "2 (Use IE settings)"
4599	-	}
4599	+	}
4600	-	},
4600	+	},
4601	-	"173.234.155.54": {
4601	+	"173.234.155.54": {
4602	-	"x86": {
4602	+	"x86": {
4603	-	"BeaconType": "8 (HTTPS)",
4603	+	"BeaconType": "8 (HTTPS)",
4604	-	"Port": "443",
4604	+	"Port": "443",
4605	-	"Polling": "60000",
4605	+	"Polling": "60000",
4606	-	"Jitter": "0",
4606	+	"Jitter": "0",
4607	-	"Maxdns": "255",
4607	+	"Maxdns": "255",
4608	-	"C2 Server": "img.intactlinks.com,/fwlink,print.intactlinks.com,/cx",
4608	+	"C2 Server": "img.intactlinks.com,/fwlink,print.intactlinks.com,/cx",
4609	-	"User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; ; NCLIENT50_AAPCDA5841E333)",
4609	+	"User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; ; NCLIENT50_AAPCDA5841E333)",
4610	-	"HTTP Method Path 2": "/submit.php",
4610	+	"HTTP Method Path 2": "/submit.php",
4611	-	"Header1": "",
4611	+	"Header1": "",
4612	-	"Header2": "",
4612	+	"Header2": "",
4613	-	"PipeName": "",
4613	+	"PipeName": "",
4614	-	"DNS Idle": "\\x00\\x00\\x00\\x00",
4614	+	"DNS Idle": "\\x00\\x00\\x00\\x00",
4615	-	"DNS Sleep": "0",
4615	+	"DNS Sleep": "0",
4616	-	"Method1": "GET",
4616	+	"Method1": "GET",
4617	-	"Method2": "POST",
4617	+	"Method2": "POST",
4618	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
4618	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
4619	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
4619	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
4620	-	"Proxy_AccessType": "2 (Use IE settings)"
4620	+	"Proxy_AccessType": "2 (Use IE settings)"
4621	-	},
4621	+	},
4622	-	"x64": {
4622	+	"x64": {
4623	-	"BeaconType": "8 (HTTPS)",
4623	+	"BeaconType": "8 (HTTPS)",
4624	-	"Port": "443",
4624	+	"Port": "443",
4625	-	"Polling": "60000",
4625	+	"Polling": "60000",
4626	-	"Jitter": "0",
4626	+	"Jitter": "0",
4627	-	"Maxdns": "255",
4627	+	"Maxdns": "255",
4628	-	"C2 Server": "img.intactlinks.com,/j.ad,print.intactlinks.com,/activity",
4628	+	"C2 Server": "img.intactlinks.com,/j.ad,print.intactlinks.com,/activity",
4629	-	"User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)",
4629	+	"User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)",
4630	-	"HTTP Method Path 2": "/submit.php",
4630	+	"HTTP Method Path 2": "/submit.php",
4631	-	"Header1": "",
4631	+	"Header1": "",
4632	-	"Header2": "",
4632	+	"Header2": "",
4633	-	"PipeName": "",
4633	+	"PipeName": "",
4634	-	"DNS Idle": "\\x00\\x00\\x00\\x00",
4634	+	"DNS Idle": "\\x00\\x00\\x00\\x00",
4635	-	"DNS Sleep": "0",
4635	+	"DNS Sleep": "0",
4636	-	"Method1": "GET",
4636	+	"Method1": "GET",
4637	-	"Method2": "POST",
4637	+	"Method2": "POST",
4638	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
4638	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
4639	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
4639	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
4640	-	"Proxy_AccessType": "2 (Use IE settings)"
4640	+	"Proxy_AccessType": "2 (Use IE settings)"
4641	-	}
4641	+	}
4642	-	},
4642	+	},
4643	-	"173.234.155.55": {
4643	+	"173.234.155.55": {
4644	-	"x86": {
4644	+	"x86": {
4645	-	"BeaconType": "8 (HTTPS)",
4645	+	"BeaconType": "8 (HTTPS)",
4646	-	"Port": "443",
4646	+	"Port": "443",
4647	-	"Polling": "5000",
4647	+	"Polling": "5000",
4648	-	"Jitter": "37",
4648	+	"Jitter": "37",
4649	-	"Maxdns": "255",
4649	+	"Maxdns": "255",
4650	-	"C2 Server": "cwsedge.net,/jquery-3.3.1.min.js",
4650	+	"C2 Server": "cwsedge.net,/jquery-3.3.1.min.js",
4651	-	"User Agent": "Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko",
4651	+	"User Agent": "Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko",
4652	-	"HTTP Method Path 2": "/jquery-3.3.2.min.js",
4652	+	"HTTP Method Path 2": "/jquery-3.3.2.min.js",
4653	-	"Header1": "",
4653	+	"Header1": "",
4654	-	"Header2": "",
4654	+	"Header2": "",
4655	-	"PipeName": "",
4655	+	"PipeName": "",
4656	-	"DNS Idle": "J}\\xC4q",
4656	+	"DNS Idle": "J}\\xC4q",
4657	-	"DNS Sleep": "0",
4657	+	"DNS Sleep": "0",
4658	-	"Method1": "GET",
4658	+	"Method1": "GET",
4659	-	"Method2": "POST",
4659	+	"Method2": "POST",
4660	-	"Spawnto_x86": "%windir%\\syswow64\\dllhost.exe",
4660	+	"Spawnto_x86": "%windir%\\syswow64\\dllhost.exe",
4661	-	"Spawnto_x64": "%windir%\\sysnative\\dllhost.exe",
4661	+	"Spawnto_x64": "%windir%\\sysnative\\dllhost.exe",
4662	-	"Proxy_AccessType": "2 (Use IE settings)"
4662	+	"Proxy_AccessType": "2 (Use IE settings)"
4663	-	}
4663	+	}
4664	-	},
4664	+	},
4665	-	"173.234.155.75": {
4665	+	"173.234.155.75": {
4666	-	"x64": {
4666	+	"x64": {
4667	-	"BeaconType": "8 (HTTPS)",
4667	+	"BeaconType": "8 (HTTPS)",
4668	-	"Port": "443",
4668	+	"Port": "443",
4669	-	"Polling": "5000",
4669	+	"Polling": "5000",
4670	-	"Jitter": "10",
4670	+	"Jitter": "10",
4671	-	"Maxdns": "235",
4671	+	"Maxdns": "235",
4672	-	"C2 Server": "likenic.com,/us/ky/louisville/312-s-fourth-st.html",
4672	+	"C2 Server": "likenic.com,/us/ky/louisville/312-s-fourth-st.html",
4673	-	"User Agent": "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko)",
4673	+	"User Agent": "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko)",
4674	-	"HTTP Method Path 2": "/OrderEntryService.asmx/AddOrderLine",
4674	+	"HTTP Method Path 2": "/OrderEntryService.asmx/AddOrderLine",
4675	-	"Header1": "",
4675	+	"Header1": "",
4676	-	"Header2": "",
4676	+	"Header2": "",
4677	-	"PipeName": "",
4677	+	"PipeName": "",
4678	-	"DNS Idle": "\\x08\\x08\\x08\\x08",
4678	+	"DNS Idle": "\\x08\\x08\\x08\\x08",
4679	-	"DNS Sleep": "0",
4679	+	"DNS Sleep": "0",
4680	-	"Method1": "GET",
4680	+	"Method1": "GET",
4681	-	"Method2": "POST",
4681	+	"Method2": "POST",
4682	-	"Spawnto_x86": "%windir%\\syswow64\\mstsc.exe",
4682	+	"Spawnto_x86": "%windir%\\syswow64\\mstsc.exe",
4683	-	"Spawnto_x64": "%windir%\\sysnative\\mstsc.exe",
4683	+	"Spawnto_x64": "%windir%\\sysnative\\mstsc.exe",
4684	-	"Proxy_AccessType": "2 (Use IE settings)"
4684	+	"Proxy_AccessType": "2 (Use IE settings)"
4685	-	}
4685	+	}
4686	-	},
4686	+	},
4687	-	"173.234.155.85": {
4687	+	"173.234.155.85": {
4688	-	"x86": {
4688	+	"x86": {
4689	-	"BeaconType": "8 (HTTPS)",
4689	+	"BeaconType": "8 (HTTPS)",
4690	-	"Port": "443",
4690	+	"Port": "443",
4691	-	"Polling": "5000",
4691	+	"Polling": "5000",
4692	-	"Jitter": "10",
4692	+	"Jitter": "10",
4693	-	"Maxdns": "235",
4693	+	"Maxdns": "235",
4694	-	"C2 Server": "arcnew.com,/us/ky/louisville/312-s-fourth-st.html",
4694	+	"C2 Server": "arcnew.com,/us/ky/louisville/312-s-fourth-st.html",
4695	-	"User Agent": "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko)",
4695	+	"User Agent": "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko)",
4696	-	"HTTP Method Path 2": "/OrderEntryService.asmx/AddOrderLine",
4696	+	"HTTP Method Path 2": "/OrderEntryService.asmx/AddOrderLine",
4697	-	"Header1": "",
4697	+	"Header1": "",
4698	-	"Header2": "",
4698	+	"Header2": "",
4699	-	"PipeName": "",
4699	+	"PipeName": "",
4700	-	"DNS Idle": "\\x08\\x08\\x08\\x08",
4700	+	"DNS Idle": "\\x08\\x08\\x08\\x08",
4701	-	"DNS Sleep": "0",
4701	+	"DNS Sleep": "0",
4702	-	"Method1": "GET",
4702	+	"Method1": "GET",
4703	-	"Method2": "POST",
4703	+	"Method2": "POST",
4704	-	"Spawnto_x86": "%windir%\\syswow64\\mstsc.exe",
4704	+	"Spawnto_x86": "%windir%\\syswow64\\mstsc.exe",
4705	-	"Spawnto_x64": "%windir%\\sysnative\\mstsc.exe",
4705	+	"Spawnto_x64": "%windir%\\sysnative\\mstsc.exe",
4706	-	"Proxy_AccessType": "2 (Use IE settings)"
4706	+	"Proxy_AccessType": "2 (Use IE settings)"
4707	-	},
4707	+	},
4708	-	"x64": {
4708	+	"x64": {
4709	-	"BeaconType": "8 (HTTPS)",
4709	+	"BeaconType": "8 (HTTPS)",
4710	-	"Port": "443",
4710	+	"Port": "443",
4711	-	"Polling": "5000",
4711	+	"Polling": "5000",
4712	-	"Jitter": "10",
4712	+	"Jitter": "10",
4713	-	"Maxdns": "235",
4713	+	"Maxdns": "235",
4714	-	"C2 Server": "arcnew.com,/us/ky/louisville/312-s-fourth-st.html",
4714	+	"C2 Server": "arcnew.com,/us/ky/louisville/312-s-fourth-st.html",
4715	-	"User Agent": "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko)",
4715	+	"User Agent": "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko)",
4716	-	"HTTP Method Path 2": "/OrderEntryService.asmx/AddOrderLine",
4716	+	"HTTP Method Path 2": "/OrderEntryService.asmx/AddOrderLine",
4717	-	"Header1": "",
4717	+	"Header1": "",
4718	-	"Header2": "",
4718	+	"Header2": "",
4719	-	"PipeName": "",
4719	+	"PipeName": "",
4720	-	"DNS Idle": "\\x08\\x08\\x08\\x08",
4720	+	"DNS Idle": "\\x08\\x08\\x08\\x08",
4721	-	"DNS Sleep": "0",
4721	+	"DNS Sleep": "0",
4722	-	"Method1": "GET",
4722	+	"Method1": "GET",
4723	-	"Method2": "POST",
4723	+	"Method2": "POST",
4724	-	"Spawnto_x86": "%windir%\\syswow64\\mstsc.exe",
4724	+	"Spawnto_x86": "%windir%\\syswow64\\mstsc.exe",
4725	-	"Spawnto_x64": "%windir%\\sysnative\\mstsc.exe",
4725	+	"Spawnto_x64": "%windir%\\sysnative\\mstsc.exe",
4726	-	"Proxy_AccessType": "2 (Use IE settings)"
4726	+	"Proxy_AccessType": "2 (Use IE settings)"
4727	-	}
4727	+	}
4728	-	},
4728	+	},
4729	-	"173.234.25.74": {
4729	+	"173.234.25.74": {
4730	-	"x86": {
4730	+	"x86": {
4731	-	"BeaconType": "8 (HTTPS)",
4731	+	"BeaconType": "8 (HTTPS)",
4732	-	"Port": "443",
4732	+	"Port": "443",
4733	-	"Polling": "60000",
4733	+	"Polling": "60000",
4734	-	"Jitter": "0",
4734	+	"Jitter": "0",
4735	-	"C2 Server": "45.170.251.101,/ga.js",
4735	+	"C2 Server": "45.170.251.101,/ga.js",
4736	-	"HTTP Method Path 2": "/submit.php",
4736	+	"HTTP Method Path 2": "/submit.php",
4737	-	"Method1": "GET",
4737	+	"Method1": "GET",
4738	-	"Method2": "POST",
4738	+	"Method2": "POST",
4739	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
4739	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
4740	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
4740	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
4741	-	"Proxy_AccessType": "2 (Use IE settings)"
4741	+	"Proxy_AccessType": "2 (Use IE settings)"
4742	-	}
4742	+	}
4743	-	},
4743	+	},
4744	-	"173.234.25.75": {
4744	+	"173.234.25.75": {
4745	-	"x64": {
4745	+	"x64": {
4746	-	"BeaconType": "8 (HTTPS)",
4746	+	"BeaconType": "8 (HTTPS)",
4747	-	"Port": "443",
4747	+	"Port": "443",
4748	-	"Polling": "60000",
4748	+	"Polling": "60000",
4749	-	"Jitter": "0",
4749	+	"Jitter": "0",
4750	-	"C2 Server": "45.170.251.101,/updates.rss",
4750	+	"C2 Server": "45.170.251.101,/updates.rss",
4751	-	"HTTP Method Path 2": "/submit.php",
4751	+	"HTTP Method Path 2": "/submit.php",
4752	-	"Method1": "GET",
4752	+	"Method1": "GET",
4753	-	"Method2": "POST",
4753	+	"Method2": "POST",
4754	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
4754	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
4755	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
4755	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
4756	-	"Proxy_AccessType": "2 (Use IE settings)"
4756	+	"Proxy_AccessType": "2 (Use IE settings)"
4757	-	}
4757	+	}
4758	-	},
4758	+	},
4759	-	"173.234.25.76": {
4759	+	"173.234.25.76": {
4760	-	"x86": {
4760	+	"x86": {
4761	-	"BeaconType": "8 (HTTPS)",
4761	+	"BeaconType": "8 (HTTPS)",
4762	-	"Port": "443",
4762	+	"Port": "443",
4763	-	"Polling": "60000",
4763	+	"Polling": "60000",
4764	-	"Jitter": "0",
4764	+	"Jitter": "0",
4765	-	"C2 Server": "45.170.251.101,/ga.js",
4765	+	"C2 Server": "45.170.251.101,/ga.js",
4766	-	"HTTP Method Path 2": "/submit.php",
4766	+	"HTTP Method Path 2": "/submit.php",
4767	-	"Method1": "GET",
4767	+	"Method1": "GET",
4768	-	"Method2": "POST",
4768	+	"Method2": "POST",
4769	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
4769	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
4770	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
4770	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
4771	-	"Proxy_AccessType": "2 (Use IE settings)"
4771	+	"Proxy_AccessType": "2 (Use IE settings)"
4772	-	}
4772	+	}
4773	-	},
4773	+	},
4774	-	"173.234.25.77": {
4774	+	"173.234.25.77": {
4775	-	"x86": {
4775	+	"x86": {
4776	-	"BeaconType": "8 (HTTPS)",
4776	+	"BeaconType": "8 (HTTPS)",
4777	-	"Port": "443",
4777	+	"Port": "443",
4778	-	"Polling": "60000",
4778	+	"Polling": "60000",
4779	-	"Jitter": "0",
4779	+	"Jitter": "0",
4780	-	"C2 Server": "45.170.251.101,/ga.js",
4780	+	"C2 Server": "45.170.251.101,/ga.js",
4781	-	"HTTP Method Path 2": "/submit.php",
4781	+	"HTTP Method Path 2": "/submit.php",
4782	-	"Method1": "GET",
4782	+	"Method1": "GET",
4783	-	"Method2": "POST",
4783	+	"Method2": "POST",
4784	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
4784	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
4785	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
4785	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
4786	-	"Proxy_AccessType": "2 (Use IE settings)"
4786	+	"Proxy_AccessType": "2 (Use IE settings)"
4787	-	}
4787	+	}
4788	-	},
4788	+	},
4789	-	"173.234.25.78": {
4789	+	"173.234.25.78": {
4790	-	"x86": {
4790	+	"x86": {
4791	-	"BeaconType": "8 (HTTPS)",
4791	+	"BeaconType": "8 (HTTPS)",
4792	-	"Port": "443",
4792	+	"Port": "443",
4793	-	"Polling": "60000",
4793	+	"Polling": "60000",
4794	-	"Jitter": "0",
4794	+	"Jitter": "0",
4795	-	"C2 Server": "45.170.251.101,/ga.js",
4795	+	"C2 Server": "45.170.251.101,/ga.js",
4796	-	"HTTP Method Path 2": "/submit.php",
4796	+	"HTTP Method Path 2": "/submit.php",
4797	-	"Method1": "GET",
4797	+	"Method1": "GET",
4798	-	"Method2": "POST",
4798	+	"Method2": "POST",
4799	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
4799	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
4800	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
4800	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
4801	-	"Proxy_AccessType": "2 (Use IE settings)"
4801	+	"Proxy_AccessType": "2 (Use IE settings)"
4802	-	},
4802	+	},
4803	-	"x64": {
4803	+	"x64": {
4804	-	"BeaconType": "8 (HTTPS)",
4804	+	"BeaconType": "8 (HTTPS)",
4805	-	"Port": "443",
4805	+	"Port": "443",
4806	-	"Polling": "60000",
4806	+	"Polling": "60000",
4807	-	"Jitter": "0",
4807	+	"Jitter": "0",
4808	-	"C2 Server": "45.170.251.101,/updates.rss",
4808	+	"C2 Server": "45.170.251.101,/updates.rss",
4809	-	"HTTP Method Path 2": "/submit.php",
4809	+	"HTTP Method Path 2": "/submit.php",
4810	-	"Method1": "GET",
4810	+	"Method1": "GET",
4811	-	"Method2": "POST",
4811	+	"Method2": "POST",
4812	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
4812	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
4813	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
4813	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
4814	-	"Proxy_AccessType": "2 (Use IE settings)"
4814	+	"Proxy_AccessType": "2 (Use IE settings)"
4815	-	}
4815	+	}
4816	-	},
4816	+	},
4817	-	"176.105.254.220": {
4817	+	"176.105.254.220": {
4818	-	"x64": {
4818	+	"x64": {
4819	-	"BeaconType": "8 (HTTPS)",
4819	+	"BeaconType": "8 (HTTPS)",
4820	-	"Port": "443",
4820	+	"Port": "443",
4821	-	"Polling": "38310",
4821	+	"Polling": "38310",
4822	-	"Jitter": "35",
4822	+	"Jitter": "35",
4823	-	"Maxdns": "245",
4823	+	"Maxdns": "245",
4824	-	"C2 Server": "chromeupdates.best,/admin",
4824	+	"C2 Server": "chromeupdates.best,/admin",
4825	-	"User Agent": "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/587.38 (KHTML, like Gecko) Chrome/41.0.227.0 Safari/536.3",
4825	+	"User Agent": "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/587.38 (KHTML, like Gecko) Chrome/41.0.227.0 Safari/536.3",
4826	-	"HTTP Method Path 2": "/Login",
4826	+	"HTTP Method Path 2": "/Login",
4827	-	"Header1": "",
4827	+	"Header1": "",
4828	-	"Header2": "",
4828	+	"Header2": "",
4829	-	"PipeName": "",
4829	+	"PipeName": "",
4830	-	"DNS Idle": "\\x00\\x00\\x00\\x00",
4830	+	"DNS Idle": "\\x00\\x00\\x00\\x00",
4831	-	"DNS Sleep": "0",
4831	+	"DNS Sleep": "0",
4832	-	"Method1": "GET",
4832	+	"Method1": "GET",
4833	-	"Method2": "GET",
4833	+	"Method2": "GET",
4834	-	"Spawnto_x86": "%windir%\\syswow64\\gpupdate.exe",
4834	+	"Spawnto_x86": "%windir%\\syswow64\\gpupdate.exe",
4835	-	"Spawnto_x64": "%windir%\\sysnative\\gpupdate.exe",
4835	+	"Spawnto_x64": "%windir%\\sysnative\\gpupdate.exe",
4836	-	"Proxy_AccessType": "2 (Use IE settings)"
4836	+	"Proxy_AccessType": "2 (Use IE settings)"
4837	-	}
4837	+	}
4838	-	},
4838	+	},
4839	-	"176.121.14.229": {
4839	+	"176.121.14.229": {
4840	-	"x86": {
4840	+	"x86": {
4841	-	"BeaconType": "8 (HTTPS)",
4841	+	"BeaconType": "8 (HTTPS)",
4842	-	"Port": "443",
4842	+	"Port": "443",
4843	-	"Polling": "60000",
4843	+	"Polling": "60000",
4844	-	"Jitter": "0",
4844	+	"Jitter": "0",
4845	-	"Maxdns": "255",
4845	+	"Maxdns": "255",
4846	-	"C2 Server": "176.121.14.229,/match",
4846	+	"C2 Server": "176.121.14.229,/match",
4847	-	"User Agent": "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)",
4847	+	"User Agent": "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)",
4848	-	"HTTP Method Path 2": "/submit.php",
4848	+	"HTTP Method Path 2": "/submit.php",
4849	-	"Header1": "",
4849	+	"Header1": "",
4850	-	"Header2": "",
4850	+	"Header2": "",
4851	-	"PipeName": "",
4851	+	"PipeName": "",
4852	-	"DNS Idle": "\\x00\\x00\\x00\\x00",
4852	+	"DNS Idle": "\\x00\\x00\\x00\\x00",
4853	-	"DNS Sleep": "0",
4853	+	"DNS Sleep": "0",
4854	-	"Method1": "GET",
4854	+	"Method1": "GET",
4855	-	"Method2": "POST",
4855	+	"Method2": "POST",
4856	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
4856	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
4857	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
4857	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
4858	-	"Proxy_AccessType": "2 (Use IE settings)"
4858	+	"Proxy_AccessType": "2 (Use IE settings)"
4859	-	}
4859	+	}
4860	-	},
4860	+	},
4861	-	"176.121.14.249": {
4861	+	"176.121.14.249": {
4862	-	"x64": {
4862	+	"x64": {
4863	-	"BeaconType": "8 (HTTPS)",
4863	+	"BeaconType": "8 (HTTPS)",
4864	-	"Port": "443",
4864	+	"Port": "443",
4865	-	"Polling": "60000",
4865	+	"Polling": "60000",
4866	-	"Jitter": "0",
4866	+	"Jitter": "0",
4867	-	"Maxdns": "255",
4867	+	"Maxdns": "255",
4868	-	"C2 Server": "176.121.14.249,/j.ad",
4868	+	"C2 Server": "176.121.14.249,/j.ad",
4869	-	"User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.0; Trident/5.0)",
4869	+	"User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.0; Trident/5.0)",
4870	-	"HTTP Method Path 2": "/submit.php",
4870	+	"HTTP Method Path 2": "/submit.php",
4871	-	"Header1": "",
4871	+	"Header1": "",
4872	-	"Header2": "",
4872	+	"Header2": "",
4873	-	"PipeName": "",
4873	+	"PipeName": "",
4874	-	"DNS Idle": "\\x00\\x00\\x00\\x00",
4874	+	"DNS Idle": "\\x00\\x00\\x00\\x00",
4875	-	"DNS Sleep": "0",
4875	+	"DNS Sleep": "0",
4876	-	"Method1": "GET",
4876	+	"Method1": "GET",
4877	-	"Method2": "POST",
4877	+	"Method2": "POST",
4878	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
4878	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
4879	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
4879	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
4880	-	"Proxy_AccessType": "2 (Use IE settings)"
4880	+	"Proxy_AccessType": "2 (Use IE settings)"
4881	-	}
4881	+	}
4882	-	},
4882	+	},
4883	-	"176.121.14.251": {
4883	+	"176.121.14.251": {
4884	-	"x86": {
4884	+	"x86": {
4885	-	"BeaconType": "8 (HTTPS)",
4885	+	"BeaconType": "8 (HTTPS)",
4886	-	"Port": "443",
4886	+	"Port": "443",
4887	-	"Polling": "60000",
4887	+	"Polling": "60000",
4888	-	"Jitter": "0",
4888	+	"Jitter": "0",
4889	-	"Maxdns": "255",
4889	+	"Maxdns": "255",
4890	-	"C2 Server": "176.121.14.251,/updates.rss",
4890	+	"C2 Server": "176.121.14.251,/updates.rss",
4891	-	"User Agent": "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; 360space)",
4891	+	"User Agent": "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; 360space)",
4892	-	"HTTP Method Path 2": "/submit.php",
4892	+	"HTTP Method Path 2": "/submit.php",
4893	-	"Header1": "",
4893	+	"Header1": "",
4894	-	"Header2": "",
4894	+	"Header2": "",
4895	-	"PipeName": "",
4895	+	"PipeName": "",
4896	-	"DNS Idle": "\\x00\\x00\\x00\\x00",
4896	+	"DNS Idle": "\\x00\\x00\\x00\\x00",
4897	-	"DNS Sleep": "0",
4897	+	"DNS Sleep": "0",
4898	-	"Method1": "GET",
4898	+	"Method1": "GET",
4899	-	"Method2": "POST",
4899	+	"Method2": "POST",
4900	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
4900	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
4901	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
4901	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
4902	-	"Proxy_AccessType": "2 (Use IE settings)"
4902	+	"Proxy_AccessType": "2 (Use IE settings)"
4903	-	}
4903	+	}
4904	-	},
4904	+	},
4905	-	"176.123.8.228": {
4905	+	"176.123.8.228": {
4906	-	"x86": {
4906	+	"x86": {
4907	-	"BeaconType": "8 (HTTPS)",
4907	+	"BeaconType": "8 (HTTPS)",
4908	-	"Port": "443",
4908	+	"Port": "443",
4909	-	"Polling": "60000",
4909	+	"Polling": "60000",
4910	-	"Jitter": "0",
4910	+	"Jitter": "0",
4911	-	"Maxdns": "255",
4911	+	"Maxdns": "255",
4912	-	"C2 Server": "176.123.8.228,/__utm.gif",
4912	+	"C2 Server": "176.123.8.228,/__utm.gif",
4913	-	"User Agent": "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)",
4913	+	"User Agent": "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)",
4914	-	"HTTP Method Path 2": "/___utm.gif",
4914	+	"HTTP Method Path 2": "/___utm.gif",
4915	-	"Header1": "",
4915	+	"Header1": "",
4916	-	"Header2": "",
4916	+	"Header2": "",
4917	-	"PipeName": "",
4917	+	"PipeName": "",
4918	-	"DNS Idle": "\\x00\\x00\\x00\\x00",
4918	+	"DNS Idle": "\\x00\\x00\\x00\\x00",
4919	-	"DNS Sleep": "0",
4919	+	"DNS Sleep": "0",
4920	-	"Method1": "GET",
4920	+	"Method1": "GET",
4921	-	"Method2": "POST",
4921	+	"Method2": "POST",
4922	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
4922	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
4923	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
4923	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
4924	-	"Proxy_AccessType": "2 (Use IE settings)"
4924	+	"Proxy_AccessType": "2 (Use IE settings)"
4925	-	}
4925	+	}
4926	-	},
4926	+	},
4927	-	"178.128.105.13": {
4927	+	"178.128.105.13": {
4928	-	"x86": {
4928	+	"x86": {
4929	-	"BeaconType": "8 (HTTPS)",
4929	+	"BeaconType": "8 (HTTPS)",
4930	-	"Port": "443",
4930	+	"Port": "443",
4931	-	"Polling": "15000",
4931	+	"Polling": "15000",
4932	-	"Jitter": "90",
4932	+	"Jitter": "90",
4933	-	"Maxdns": "225",
4933	+	"Maxdns": "225",
4934	-	"C2 Server": "ajax.microsoft.com,/gp/aj/private/reviewsGallery/get-image-gallery-assets,mscrl.microsoft.com,/wp-includes/js/script/indigo-migrate",
4934	+	"C2 Server": "ajax.microsoft.com,/gp/aj/private/reviewsGallery/get-image-gallery-assets,mscrl.microsoft.com,/wp-includes/js/script/indigo-migrate",
4935	-	"User Agent": "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko",
4935	+	"User Agent": "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko",
4936	-	"HTTP Method Path 2": "/gp/aw/ybh/handlers",
4936	+	"HTTP Method Path 2": "/gp/aw/ybh/handlers",
4937	-	"Header1": "",
4937	+	"Header1": "",
4938	-	"Header2": "",
4938	+	"Header2": "",
4939	-	"PipeName": "",
4939	+	"PipeName": "",
4940	-	"DNS Idle": "h\\xD8<\\x84",
4940	+	"DNS Idle": "h\\xD8<\\x84",
4941	-	"DNS Sleep": "0",
4941	+	"DNS Sleep": "0",
4942	-	"Method1": "GET",
4942	+	"Method1": "GET",
4943	-	"Method2": "POST",
4943	+	"Method2": "POST",
4944	-	"Spawnto_x86": "%windir%\\syswow64\\WerFault.exe",
4944	+	"Spawnto_x86": "%windir%\\syswow64\\WerFault.exe",
4945	-	"Spawnto_x64": "%windir%\\sysnative\\WerFault.exe",
4945	+	"Spawnto_x64": "%windir%\\sysnative\\WerFault.exe",
4946	-	"Proxy_AccessType": "2 (Use IE settings)"
4946	+	"Proxy_AccessType": "2 (Use IE settings)"
4947	-	}
4947	+	}
4948	-	},
4948	+	},
4949	-	"178.128.187.10": {
4949	+	"178.128.187.10": {
4950	-	"x64": {
4950	+	"x64": {
4951	-	"BeaconType": "8 (HTTPS)",
4951	+	"BeaconType": "8 (HTTPS)",
4952	-	"Port": "443",
4952	+	"Port": "443",
4953	-	"Polling": "15000",
4953	+	"Polling": "15000",
4954	-	"Jitter": "90",
4954	+	"Jitter": "90",
4955	-	"C2 Server": "securetraining.org,/wp-includes/js/script/indigo-migrate",
4955	+	"C2 Server": "securetraining.org,/wp-includes/js/script/indigo-migrate",
4956	-	"HTTP Method Path 2": "/v4/links/check-activity/check",
4956	+	"HTTP Method Path 2": "/v4/links/check-activity/check",
4957	-	"Method1": "GET",
4957	+	"Method1": "GET",
4958	-	"Method2": "POST",
4958	+	"Method2": "POST",
4959	-	"Spawnto_x86": "%windir%\\syswow64\\SearchProtocolHost.exe",
4959	+	"Spawnto_x86": "%windir%\\syswow64\\SearchProtocolHost.exe",
4960	-	"Spawnto_x64": "%windir%\\sysnative\\SearchProtocolHost.exe",
4960	+	"Spawnto_x64": "%windir%\\sysnative\\SearchProtocolHost.exe",
4961	-	"Proxy_AccessType": "2 (Use IE settings)"
4961	+	"Proxy_AccessType": "2 (Use IE settings)"
4962	-	}
4962	+	}
4963	-	},
4963	+	},
4964	-	"178.238.228.90": {
4964	+	"178.238.228.90": {
4965	-	"x86": {
4965	+	"x86": {
4966	-	"BeaconType": "8 (HTTPS)",
4966	+	"BeaconType": "8 (HTTPS)",
4967	-	"Port": "443",
4967	+	"Port": "443",
4968	-	"Polling": "57236",
4968	+	"Polling": "57236",
4969	-	"Jitter": "37",
4969	+	"Jitter": "37",
4970	-	"Maxdns": "249",
4970	+	"Maxdns": "249",
4971	-	"C2 Server": "178.238.228.90,/Content",
4971	+	"C2 Server": "178.238.228.90,/Content",
4972	-	"User Agent": "Mozilla/5.0 (Linux; Android 7.0; Pixel C Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0",
4972	+	"User Agent": "Mozilla/5.0 (Linux; Android 7.0; Pixel C Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0",
4973	-	"HTTP Method Path 2": "/adminhtml",
4973	+	"HTTP Method Path 2": "/adminhtml",
4974	-	"Header1": "",
4974	+	"Header1": "",
4975	-	"Header2": "",
4975	+	"Header2": "",
4976	-	"PipeName": "",
4976	+	"PipeName": "",
4977	-	"DNS Idle": "\\xDC\\\\x92\\x8B",
4977	+	"DNS Idle": "\\xDC\\\\x92\\x8B",
4978	-	"DNS Sleep": "0",
4978	+	"DNS Sleep": "0",
4979	-	"Method1": "GET",
4979	+	"Method1": "GET",
4980	-	"Method2": "POST",
4980	+	"Method2": "POST",
4981	-	"Spawnto_x86": "%windir%\\syswow64\\runonce.exe",
4981	+	"Spawnto_x86": "%windir%\\syswow64\\runonce.exe",
4982	-	"Spawnto_x64": "%windir%\\sysnative\\runonce.exe",
4982	+	"Spawnto_x64": "%windir%\\sysnative\\runonce.exe",
4983	-	"Proxy_AccessType": "2 (Use IE settings)"
4983	+	"Proxy_AccessType": "2 (Use IE settings)"
4984	-	}
4984	+	}
4985	-	},
4985	+	},
4986	-	"178.79.134.144": {
4986	+	"178.79.134.144": {
4987	-	"x86": {
4987	+	"x86": {
4988	-	"BeaconType": "8 (HTTPS)",
4988	+	"BeaconType": "8 (HTTPS)",
4989	-	"Port": "443",
4989	+	"Port": "443",
4990	-	"Polling": "5000",
4990	+	"Polling": "5000",
4991	-	"Jitter": "0",
4991	+	"Jitter": "0",
4992	-	"Maxdns": "255",
4992	+	"Maxdns": "255",
4993	-	"C2 Server": "tcpsessionsconnect.com,/idle/1376547834/1",
4993	+	"C2 Server": "tcpsessionsconnect.com,/idle/1376547834/1",
4994	-	"User Agent": "Shockwave Flash",
4994	+	"User Agent": "Shockwave Flash",
4995	-	"HTTP Method Path 2": "/send/1376547834/",
4995	+	"HTTP Method Path 2": "/send/1376547834/",
4996	-	"Header1": "",
4996	+	"Header1": "",
4997	-	"Header2": "",
4997	+	"Header2": "",
4998	-	"PipeName": "",
4998	+	"PipeName": "",
4999	-	"DNS Idle": "\\x00\\x00\\x00\\x00",
4999	+	"DNS Idle": "\\x00\\x00\\x00\\x00",
5000	-	"DNS Sleep": "0",
5000	+	"DNS Sleep": "0",
5001	-	"Method1": "GET",
5001	+	"Method1": "GET",
5002	-	"Method2": "POST",
5002	+	"Method2": "POST",
5003	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
5003	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
5004	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
5004	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
5005	-	"Proxy_AccessType": "1 (Use direct connection)"
5005	+	"Proxy_AccessType": "1 (Use direct connection)"
5006	-	}
5006	+	}
5007	-	},
5007	+	},
5008	-	"18.144.133.24": {
5008	+	"18.144.133.24": {
5009	-	"x64": {
5009	+	"x64": {
5010	-	"BeaconType": "8 (HTTPS)",
5010	+	"BeaconType": "8 (HTTPS)",
5011	-	"Port": "443",
5011	+	"Port": "443",
5012	-	"Polling": "62658",
5012	+	"Polling": "62658",
5013	-	"Jitter": "39",
5013	+	"Jitter": "39",
5014	-	"C2 Server": "18.144.133.24,/search",
5014	+	"C2 Server": "18.144.133.24,/search",
5015	-	"HTTP Method Path 2": "/fo",
5015	+	"HTTP Method Path 2": "/fo",
5016	-	"Method1": "GET",
5016	+	"Method1": "GET",
5017	-	"Method2": "POST",
5017	+	"Method2": "POST",
5018	-	"Spawnto_x86": "%windir%\\syswow64\\runonce.exe",
5018	+	"Spawnto_x86": "%windir%\\syswow64\\runonce.exe",
5019	-	"Spawnto_x64": "%windir%\\sysnative\\runonce.exe",
5019	+	"Spawnto_x64": "%windir%\\sysnative\\runonce.exe",
5020	-	"Proxy_AccessType": "2 (Use IE settings)"
5020	+	"Proxy_AccessType": "2 (Use IE settings)"
5021	-	}
5021	+	}
5022	-	},
5022	+	},
5023	-	"18.156.114.88": {
5023	+	"18.156.114.88": {
5024	-	"x86": {
5024	+	"x86": {
5025	-	"BeaconType": "8 (HTTPS)",
5025	+	"BeaconType": "8 (HTTPS)",
5026	-	"Port": "443",
5026	+	"Port": "443",
5027	-	"Polling": "60000",
5027	+	"Polling": "60000",
5028	-	"Jitter": "20",
5028	+	"Jitter": "20",
5029	-	"C2 Server": "3.127.139.203,/c/msdownload/update/others/2020/11/KB152288_",
5029	+	"C2 Server": "3.127.139.203,/c/msdownload/update/others/2020/11/KB152288_",
5030	-	"HTTP Method Path 2": "/c/msdownload/update/others/2020/11/KB13434_",
5030	+	"HTTP Method Path 2": "/c/msdownload/update/others/2020/11/KB13434_",
5031	-	"Method1": "GET",
5031	+	"Method1": "GET",
5032	-	"Method2": "GET",
5032	+	"Method2": "GET",
5033	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
5033	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
5034	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
5034	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
5035	-	"Proxy_AccessType": "2 (Use IE settings)"
5035	+	"Proxy_AccessType": "2 (Use IE settings)"
5036	-	}
5036	+	}
5037	-	},
5037	+	},
5038	-	"18.163.120.26": {
5038	+	"18.163.120.26": {
5039	-	"x64": {
5039	+	"x64": {
5040	-	"BeaconType": "8 (HTTPS)",
5040	+	"BeaconType": "8 (HTTPS)",
5041	-	"Port": "443",
5041	+	"Port": "443",
5042	-	"Polling": "60000",
5042	+	"Polling": "60000",
5043	-	"Jitter": "0",
5043	+	"Jitter": "0",
5044	-	"Maxdns": "255",
5044	+	"Maxdns": "255",
5045	-	"C2 Server": "18.163.120.26,/__utm.gif",
5045	+	"C2 Server": "18.163.120.26,/__utm.gif",
5046	-	"User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; BOIE9;ENUSMSE)",
5046	+	"User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; BOIE9;ENUSMSE)",
5047	-	"HTTP Method Path 2": "/submit.php",
5047	+	"HTTP Method Path 2": "/submit.php",
5048	-	"Header1": "",
5048	+	"Header1": "",
5049	-	"Header2": "",
5049	+	"Header2": "",
5050	-	"PipeName": "",
5050	+	"PipeName": "",
5051	-	"DNS Idle": "\\x00\\x00\\x00\\x00",
5051	+	"DNS Idle": "\\x00\\x00\\x00\\x00",
5052	-	"DNS Sleep": "0",
5052	+	"DNS Sleep": "0",
5053	-	"Method1": "GET",
5053	+	"Method1": "GET",
5054	-	"Method2": "POST",
5054	+	"Method2": "POST",
5055	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
5055	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
5056	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
5056	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
5057	-	"Proxy_AccessType": "2 (Use IE settings)"
5057	+	"Proxy_AccessType": "2 (Use IE settings)"
5058	-	}
5058	+	}
5059	-	},
5059	+	},
5060	-	"18.163.195.231": {
5060	+	"18.163.195.231": {
5061	-	"x86": {
5061	+	"x86": {
5062	-	"BeaconType": "8 (HTTPS)",
5062	+	"BeaconType": "8 (HTTPS)",
5063	-	"Port": "443",
5063	+	"Port": "443",
5064	-	"Polling": "60000",
5064	+	"Polling": "60000",
5065	-	"Jitter": "20",
5065	+	"Jitter": "20",
5066	-	"Maxdns": "235",
5066	+	"Maxdns": "235",
5067	-	"C2 Server": "18.166.71.96,/c/msdownload/update/others/2016/12/29136388_",
5067	+	"C2 Server": "18.166.71.96,/c/msdownload/update/others/2016/12/29136388_",
5068	-	"User Agent": "Windows-Update-Agent/10.0.10011.16384 Client-Protocol/1.40",
5068	+	"User Agent": "Windows-Update-Agent/10.0.10011.16384 Client-Protocol/1.40",
5069	-	"HTTP Method Path 2": "/c/msdownload/update/others/2016/12/3215234_",
5069	+	"HTTP Method Path 2": "/c/msdownload/update/others/2016/12/3215234_",
5070	-	"Header1": "",
5070	+	"Header1": "",
5071	-	"Header2": "",
5071	+	"Header2": "",
5072	-	"PipeName": "",
5072	+	"PipeName": "",
5073	-	"DNS Idle": "\\x08\\x08\\x04\\x04",
5073	+	"DNS Idle": "\\x08\\x08\\x04\\x04",
5074	-	"DNS Sleep": "0",
5074	+	"DNS Sleep": "0",
5075	-	"Method1": "GET",
5075	+	"Method1": "GET",
5076	-	"Method2": "GET",
5076	+	"Method2": "GET",
5077	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
5077	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
5078	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
5078	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
5079	-	"Proxy_AccessType": "2 (Use IE settings)"
5079	+	"Proxy_AccessType": "2 (Use IE settings)"
5080	-	},
5080	+	},
5081	-	"x64": {
5081	+	"x64": {
5082	-	"BeaconType": "8 (HTTPS)",
5082	+	"BeaconType": "8 (HTTPS)",
5083	-	"Port": "443",
5083	+	"Port": "443",
5084	-	"Polling": "60000",
5084	+	"Polling": "60000",
5085	-	"Jitter": "20",
5085	+	"Jitter": "20",
5086	-	"Maxdns": "235",
5086	+	"Maxdns": "235",
5087	-	"C2 Server": "18.166.71.96,/c/msdownload/update/others/2016/12/29136388_",
5087	+	"C2 Server": "18.166.71.96,/c/msdownload/update/others/2016/12/29136388_",
5088	-	"User Agent": "Windows-Update-Agent/10.0.10011.16384 Client-Protocol/1.40",
5088	+	"User Agent": "Windows-Update-Agent/10.0.10011.16384 Client-Protocol/1.40",
5089	-	"HTTP Method Path 2": "/c/msdownload/update/others/2016/12/3215234_",
5089	+	"HTTP Method Path 2": "/c/msdownload/update/others/2016/12/3215234_",
5090	-	"Header1": "",
5090	+	"Header1": "",
5091	-	"Header2": "",
5091	+	"Header2": "",
5092	-	"PipeName": "",
5092	+	"PipeName": "",
5093	-	"DNS Idle": "\\x08\\x08\\x04\\x04",
5093	+	"DNS Idle": "\\x08\\x08\\x04\\x04",
5094	-	"DNS Sleep": "0",
5094	+	"DNS Sleep": "0",
5095	-	"Method1": "GET",
5095	+	"Method1": "GET",
5096	-	"Method2": "GET",
5096	+	"Method2": "GET",
5097	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
5097	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
5098	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
5098	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
5099	-	"Proxy_AccessType": "2 (Use IE settings)"
5099	+	"Proxy_AccessType": "2 (Use IE settings)"
5100	-	}
5100	+	}
5101	-	},
5101	+	},
5102	-	"18.189.12.168": {
5102	+	"18.189.12.168": {
5103	-	"x64": {
5103	+	"x64": {
5104	-	"BeaconType": "8 (HTTPS)",
5104	+	"BeaconType": "8 (HTTPS)",
5105	-	"Port": "443",
5105	+	"Port": "443",
5106	-	"Polling": "60000",
5106	+	"Polling": "60000",
5107	-	"Jitter": "47",
5107	+	"Jitter": "47",
5108	-	"Maxdns": "255",
5108	+	"Maxdns": "255",
5109	-	"C2 Server": "jquery.alrowadclinic.com,/jquery-3.3.1.min.js",
5109	+	"C2 Server": "jquery.alrowadclinic.com,/jquery-3.3.1.min.js",
5110	-	"User Agent": "Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko",
5110	+	"User Agent": "Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko",
5111	-	"HTTP Method Path 2": "/jquery-3.3.2.min.js",
5111	+	"HTTP Method Path 2": "/jquery-3.3.2.min.js",
5112	-	"Header1": "",
5112	+	"Header1": "",
5113	-	"Header2": "",
5113	+	"Header2": "",
5114	-	"PipeName": "",
5114	+	"PipeName": "",
5115	-	"DNS Idle": "J}\\xC4q",
5115	+	"DNS Idle": "J}\\xC4q",
5116	-	"DNS Sleep": "0",
5116	+	"DNS Sleep": "0",
5117	-	"Method1": "GET",
5117	+	"Method1": "GET",
5118	-	"Method2": "POST",
5118	+	"Method2": "POST",
5119	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
5119	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
5120	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
5120	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
5121	-	"Proxy_AccessType": "2 (Use IE settings)"
5121	+	"Proxy_AccessType": "2 (Use IE settings)"
5122	-	}
5122	+	}
5123	-	},
5123	+	},
5124	-	"18.191.170.242": {
5124	+	"18.191.170.242": {
5125	-	"x86": {
5125	+	"x86": {
5126	-	"BeaconType": "8 (HTTPS)",
5126	+	"BeaconType": "8 (HTTPS)",
5127	-	"Port": "443",
5127	+	"Port": "443",
5128	-	"Polling": "5000",
5128	+	"Polling": "5000",
5129	-	"Jitter": "37",
5129	+	"Jitter": "37",
5130	-	"C2 Server": "18.191.170.242,/jquery-3.3.1.min.js",
5130	+	"C2 Server": "18.191.170.242,/jquery-3.3.1.min.js",
5131	-	"HTTP Method Path 2": "/jquery-3.3.2.min.js",
5131	+	"HTTP Method Path 2": "/jquery-3.3.2.min.js",
5132	-	"Method1": "GET",
5132	+	"Method1": "GET",
5133	-	"Method2": "POST",
5133	+	"Method2": "POST",
5134	-	"Spawnto_x86": "%windir%\\syswow64\\WerFault.exe",
5134	+	"Spawnto_x86": "%windir%\\syswow64\\WerFault.exe",
5135	-	"Spawnto_x64": "%windir%\\sysnative\\WerFault.exe",
5135	+	"Spawnto_x64": "%windir%\\sysnative\\WerFault.exe",
5136	-	"Proxy_AccessType": "2 (Use IE settings)"
5136	+	"Proxy_AccessType": "2 (Use IE settings)"
5137	-	}
5137	+	}
5138	-	},
5138	+	},
5139	-	"18.191.221.167": {
5139	+	"18.191.221.167": {
5140	-	"x86": {
5140	+	"x86": {
5141	-	"BeaconType": "8 (HTTPS)",
5141	+	"BeaconType": "8 (HTTPS)",
5142	-	"Port": "443",
5142	+	"Port": "443",
5143	-	"Polling": "45000",
5143	+	"Polling": "45000",
5144	-	"Jitter": "37",
5144	+	"Jitter": "37",
5145	-	"Maxdns": "255",
5145	+	"Maxdns": "255",
5146	-	"C2 Server": "18.191.221.167,/jquery-3.3.1.min.js",
5146	+	"C2 Server": "18.191.221.167,/jquery-3.3.1.min.js",
5147	-	"User Agent": "Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko",
5147	+	"User Agent": "Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko",
5148	-	"HTTP Method Path 2": "/jquery-3.3.2.min.js",
5148	+	"HTTP Method Path 2": "/jquery-3.3.2.min.js",
5149	-	"Header1": "",
5149	+	"Header1": "",
5150	-	"Header2": "",
5150	+	"Header2": "",
5151	-	"PipeName": "",
5151	+	"PipeName": "",
5152	-	"DNS Idle": "J}\\xC4q",
5152	+	"DNS Idle": "J}\\xC4q",
5153	-	"DNS Sleep": "0",
5153	+	"DNS Sleep": "0",
5154	-	"Method1": "GET",
5154	+	"Method1": "GET",
5155	-	"Method2": "POST",
5155	+	"Method2": "POST",
5156	-	"Spawnto_x86": "%windir%\\syswow64\\dllhost.exe",
5156	+	"Spawnto_x86": "%windir%\\syswow64\\dllhost.exe",
5157	-	"Spawnto_x64": "%windir%\\sysnative\\dllhost.exe",
5157	+	"Spawnto_x64": "%windir%\\sysnative\\dllhost.exe",
5158	-	"Proxy_AccessType": "2 (Use IE settings)"
5158	+	"Proxy_AccessType": "2 (Use IE settings)"
5159	-	}
5159	+	}
5160	-	},
5160	+	},
5161	-	"18.191.221.28": {
5161	+	"18.191.221.28": {
5162	-	"x86": {
5162	+	"x86": {
5163	-	"BeaconType": "8 (HTTPS)",
5163	+	"BeaconType": "8 (HTTPS)",
5164	-	"Port": "443",
5164	+	"Port": "443",
5165	-	"Polling": "6700",
5165	+	"Polling": "6700",
5166	-	"Jitter": "13",
5166	+	"Jitter": "13",
5167	-	"Maxdns": "247",
5167	+	"Maxdns": "247",
5168	-	"C2 Server": "cmpinsurance.com,/s/ref=nb_sb_noss_1/122-66617254-9010232/field-keywords=problem",
5168	+	"C2 Server": "cmpinsurance.com,/s/ref=nb_sb_noss_1/122-66617254-9010232/field-keywords=problem",
5169	-	"User Agent": "Mozilla/5.0 (Windows NT 6.1; rv:31.0) Gecko/20100101 Firefox/31.0",
5169	+	"User Agent": "Mozilla/5.0 (Windows NT 6.1; rv:31.0) Gecko/20100101 Firefox/31.0",
5170	-	"HTTP Method Path 2": "/N1547/adj/amzn.us.sr.aps",
5170	+	"HTTP Method Path 2": "/N1547/adj/amzn.us.sr.aps",
5171	-	"Header1": "",
5171	+	"Header1": "",
5172	-	"Header2": "",
5172	+	"Header2": "",
5173	-	"PipeName": "",
5173	+	"PipeName": "",
5174	-	"DNS Idle": "\\x00\\x00\\x00\\x00",
5174	+	"DNS Idle": "\\x00\\x00\\x00\\x00",
5175	-	"DNS Sleep": "0",
5175	+	"DNS Sleep": "0",
5176	-	"Method1": "GET",
5176	+	"Method1": "GET",
5177	-	"Method2": "POST",
5177	+	"Method2": "POST",
5178	-	"Spawnto_x86": "%windir%\\syswow64\\mstsc.exe",
5178	+	"Spawnto_x86": "%windir%\\syswow64\\mstsc.exe",
5179	-	"Spawnto_x64": "%windir%\\sysnative\\mstsc.exe",
5179	+	"Spawnto_x64": "%windir%\\sysnative\\mstsc.exe",
5180	-	"Proxy_AccessType": "2 (Use IE settings)"
5180	+	"Proxy_AccessType": "2 (Use IE settings)"
5181	-	}
5181	+	}
5182	-	},
5182	+	},
5183	-	"18.206.136.219": {
5183	+	"18.206.136.219": {
5184	-	"x64": {
5184	+	"x64": {
5185	-	"BeaconType": "8 (HTTPS)",
5185	+	"BeaconType": "8 (HTTPS)",
5186	-	"Port": "443",
5186	+	"Port": "443",
5187	-	"Polling": "62177",
5187	+	"Polling": "62177",
5188	-	"Jitter": "43",
5188	+	"Jitter": "43",
5189	-	"Maxdns": "254",
5189	+	"Maxdns": "254",
5190	-	"C2 Server": "utils.couch2kubernetes.com,/mobile-home",
5190	+	"C2 Server": "utils.couch2kubernetes.com,/mobile-home",
5191	-	"User Agent": "Mozilla/5.0 (Linux; Android 6.0; HTC One X10 Build/MRA58K; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0",
5191	+	"User Agent": "Mozilla/5.0 (Linux; Android 6.0; HTC One X10 Build/MRA58K; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0",
5192	-	"HTTP Method Path 2": "/posting",
5192	+	"HTTP Method Path 2": "/posting",
5193	-	"Header1": "",
5193	+	"Header1": "",
5194	-	"Header2": "",
5194	+	"Header2": "",
5195	-	"PipeName": "",
5195	+	"PipeName": "",
5196	-	"DNS Idle": ":Sg?",
5196	+	"DNS Idle": ":Sg?",
5197	-	"DNS Sleep": "0",
5197	+	"DNS Sleep": "0",
5198	-	"Method1": "GET",
5198	+	"Method1": "GET",
5199	-	"Method2": "POST",
5199	+	"Method2": "POST",
5200	-	"Spawnto_x86": "%windir%\\syswow64\\runonce.exe",
5200	+	"Spawnto_x86": "%windir%\\syswow64\\runonce.exe",
5201	-	"Spawnto_x64": "%windir%\\sysnative\\runonce.exe",
5201	+	"Spawnto_x64": "%windir%\\sysnative\\runonce.exe",
5202	-	"Proxy_AccessType": "2 (Use IE settings)"
5202	+	"Proxy_AccessType": "2 (Use IE settings)"
5203	-	}
5203	+	}
5204	-	},
5204	+	},
5205	-	"18.212.159.80": {
5205	+	"18.212.159.80": {
5206	-	"x64": {
5206	+	"x64": {
5207	-	"BeaconType": "8 (HTTPS)",
5207	+	"BeaconType": "8 (HTTPS)",
5208	-	"Port": "443",
5208	+	"Port": "443",
5209	-	"Polling": "10000",
5209	+	"Polling": "10000",
5210	-	"Jitter": "10",
5210	+	"Jitter": "10",
5211	-	"C2 Server": "d2mq9y2bddy4j9.cloudfront.net,/ec2/",
5211	+	"C2 Server": "d2mq9y2bddy4j9.cloudfront.net,/ec2/",
5212	-	"HTTP Method Path 2": "/console/home/ec2",
5212	+	"HTTP Method Path 2": "/console/home/ec2",
5213	-	"Method1": "GET",
5213	+	"Method1": "GET",
5214	-	"Method2": "POST",
5214	+	"Method2": "POST",
5215	-	"Spawnto_x86": "%windir%\\syswow64\\wermgr.exe",
5215	+	"Spawnto_x86": "%windir%\\syswow64\\wermgr.exe",
5216	-	"Spawnto_x64": "%windir%\\sysnative\\wermgr.exe",
5216	+	"Spawnto_x64": "%windir%\\sysnative\\wermgr.exe",
5217	-	"Proxy_AccessType": "2 (Use IE settings)"
5217	+	"Proxy_AccessType": "2 (Use IE settings)"
5218	-	}
5218	+	}
5219	-	},
5219	+	},
5220	-	"18.223.155.112": {
5220	+	"18.223.155.112": {
5221	-	"x86": {
5221	+	"x86": {
5222	-	"BeaconType": "8 (HTTPS)",
5222	+	"BeaconType": "8 (HTTPS)",
5223	-	"Port": "443",
5223	+	"Port": "443",
5224	-	"Polling": "60000",
5224	+	"Polling": "60000",
5225	-	"Jitter": "0",
5225	+	"Jitter": "0",
5226	-	"Maxdns": "255",
5226	+	"Maxdns": "255",
5227	-	"C2 Server": "18.223.155.112,/match",
5227	+	"C2 Server": "18.223.155.112,/match",
5228	-	"User Agent": "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; WOW64; Trident/6.0; MATBJS)",
5228	+	"User Agent": "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; WOW64; Trident/6.0; MATBJS)",
5229	-	"HTTP Method Path 2": "/submit.php",
5229	+	"HTTP Method Path 2": "/submit.php",
5230	-	"Header1": "",
5230	+	"Header1": "",
5231	-	"Header2": "",
5231	+	"Header2": "",
5232	-	"PipeName": "",
5232	+	"PipeName": "",
5233	-	"DNS Idle": "\\x00\\x00\\x00\\x00",
5233	+	"DNS Idle": "\\x00\\x00\\x00\\x00",
5234	-	"DNS Sleep": "0",
5234	+	"DNS Sleep": "0",
5235	-	"Method1": "GET",
5235	+	"Method1": "GET",
5236	-	"Method2": "POST",
5236	+	"Method2": "POST",
5237	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
5237	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
5238	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
5238	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
5239	-	"Proxy_AccessType": "2 (Use IE settings)"
5239	+	"Proxy_AccessType": "2 (Use IE settings)"
5240	-	}
5240	+	}
5241	-	},
5241	+	},
5242	-	"182.254.180.180": {
5242	+	"182.254.180.180": {
5243	-	"x64": {
5243	+	"x64": {
5244	-	"BeaconType": "8 (HTTPS)",
5244	+	"BeaconType": "8 (HTTPS)",
5245	-	"Port": "443",
5245	+	"Port": "443",
5246	-	"Polling": "60000",
5246	+	"Polling": "60000",
5247	-	"Jitter": "0",
5247	+	"Jitter": "0",
5248	-	"Maxdns": "255",
5248	+	"Maxdns": "255",
5249	-	"C2 Server": "182.254.180.180,/en_US/all.js",
5249	+	"C2 Server": "182.254.180.180,/en_US/all.js",
5250	-	"User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; yie9)",
5250	+	"User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; yie9)",
5251	-	"HTTP Method Path 2": "/submit.php",
5251	+	"HTTP Method Path 2": "/submit.php",
5252	-	"Header1": "",
5252	+	"Header1": "",
5253	-	"Header2": "",
5253	+	"Header2": "",
5254	-	"PipeName": "",
5254	+	"PipeName": "",
5255	-	"DNS Idle": "\\x00\\x00\\x00\\x00",
5255	+	"DNS Idle": "\\x00\\x00\\x00\\x00",
5256	-	"DNS Sleep": "0",
5256	+	"DNS Sleep": "0",
5257	-	"Method1": "GET",
5257	+	"Method1": "GET",
5258	-	"Method2": "POST",
5258	+	"Method2": "POST",
5259	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
5259	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
5260	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
5260	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
5261	-	"Proxy_AccessType": "2 (Use IE settings)"
5261	+	"Proxy_AccessType": "2 (Use IE settings)"
5262	-	}
5262	+	}
5263	-	},
5263	+	},
5264	-	"182.92.120.156": {
5264	+	"182.92.120.156": {
5265	-	"x86": {
5265	+	"x86": {
5266	-	"BeaconType": "8 (HTTPS)",
5266	+	"BeaconType": "8 (HTTPS)",
5267	-	"Port": "443",
5267	+	"Port": "443",
5268	-	"Polling": "60000",
5268	+	"Polling": "60000",
5269	-	"Jitter": "0",
5269	+	"Jitter": "0",
5270	-	"Maxdns": "255",
5270	+	"Maxdns": "255",
5271	-	"C2 Server": "182.92.120.156,/visit.js",
5271	+	"C2 Server": "182.92.120.156,/visit.js",
5272	-	"User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; XBLWP7; ZuneWP7)",
5272	+	"User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; XBLWP7; ZuneWP7)",
5273	-	"HTTP Method Path 2": "/submit.php",
5273	+	"HTTP Method Path 2": "/submit.php",
5274	-	"Header1": "",
5274	+	"Header1": "",
5275	-	"Header2": "",
5275	+	"Header2": "",
5276	-	"PipeName": "",
5276	+	"PipeName": "",
5277	-	"DNS Idle": "\\x00\\x00\\x00\\x00",
5277	+	"DNS Idle": "\\x00\\x00\\x00\\x00",
5278	-	"DNS Sleep": "0",
5278	+	"DNS Sleep": "0",
5279	-	"Method1": "GET",
5279	+	"Method1": "GET",
5280	-	"Method2": "POST",
5280	+	"Method2": "POST",
5281	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
5281	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
5282	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
5282	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
5283	-	"Proxy_AccessType": "2 (Use IE settings)"
5283	+	"Proxy_AccessType": "2 (Use IE settings)"
5284	-	}
5284	+	}
5285	-	},
5285	+	},
5286	-	"185.14.30.217": {
5286	+	"185.14.30.217": {
5287	-	"x86": {
5287	+	"x86": {
5288	-	"BeaconType": "8 (HTTPS)",
5288	+	"BeaconType": "8 (HTTPS)",
5289	-	"Port": "443",
5289	+	"Port": "443",
5290	-	"Polling": "5000",
5290	+	"Polling": "5000",
5291	-	"Jitter": "0",
5291	+	"Jitter": "0",
5292	-	"C2 Server": "185.14.30.217,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books",
5292	+	"C2 Server": "185.14.30.217,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books",
5293	-	"HTTP Method Path 2": "/N4215/adj/amzn.us.sr.aps",
5293	+	"HTTP Method Path 2": "/N4215/adj/amzn.us.sr.aps",
5294	-	"Method1": "GET",
5294	+	"Method1": "GET",
5295	-	"Method2": "POST",
5295	+	"Method2": "POST",
5296	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
5296	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
5297	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
5297	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
5298	-	"Proxy_AccessType": "2 (Use IE settings)"
5298	+	"Proxy_AccessType": "2 (Use IE settings)"
5299	-	},
5299	+	},
5300	-	"x64": {
5300	+	"x64": {
5301	-	"BeaconType": "8 (HTTPS)",
5301	+	"BeaconType": "8 (HTTPS)",
5302	-	"Port": "443",
5302	+	"Port": "443",
5303	-	"Polling": "5000",
5303	+	"Polling": "5000",
5304	-	"Jitter": "0",
5304	+	"Jitter": "0",
5305	-	"C2 Server": "185.14.30.217,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books",
5305	+	"C2 Server": "185.14.30.217,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books",
5306	-	"HTTP Method Path 2": "/N4215/adj/amzn.us.sr.aps",
5306	+	"HTTP Method Path 2": "/N4215/adj/amzn.us.sr.aps",
5307	-	"Method1": "GET",
5307	+	"Method1": "GET",
5308	-	"Method2": "POST",
5308	+	"Method2": "POST",
5309	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
5309	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
5310	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
5310	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
5311	-	"Proxy_AccessType": "2 (Use IE settings)"
5311	+	"Proxy_AccessType": "2 (Use IE settings)"
5312	-	}
5312	+	}
5313	-	},
5313	+	},
5314	-	"185.150.117.142": {
5314	+	"185.150.117.142": {
5315	-	"x86": {
5315	+	"x86": {
5316	-	"BeaconType": "8 (HTTPS)",
5316	+	"BeaconType": "8 (HTTPS)",
5317	-	"Port": "443",
5317	+	"Port": "443",
5318	-	"Polling": "60000",
5318	+	"Polling": "60000",
5319	-	"Jitter": "0",
5319	+	"Jitter": "0",
5320	-	"Maxdns": "255",
5320	+	"Maxdns": "255",
5321	-	"C2 Server": "185.150.117.142,/activity",
5321	+	"C2 Server": "185.150.117.142,/activity",
5322	-	"User Agent": "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; 360space)",
5322	+	"User Agent": "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; 360space)",
5323	-	"HTTP Method Path 2": "/submit.php",
5323	+	"HTTP Method Path 2": "/submit.php",
5324	-	"Header1": "",
5324	+	"Header1": "",
5325	-	"Header2": "",
5325	+	"Header2": "",
5326	-	"PipeName": "",
5326	+	"PipeName": "",
5327	-	"DNS Idle": "\\x00\\x00\\x00\\x00",
5327	+	"DNS Idle": "\\x00\\x00\\x00\\x00",
5328	-	"DNS Sleep": "0",
5328	+	"DNS Sleep": "0",
5329	-	"Method1": "GET",
5329	+	"Method1": "GET",
5330	-	"Method2": "POST",
5330	+	"Method2": "POST",
5331	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
5331	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
5332	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
5332	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
5333	-	"Proxy_AccessType": "2 (Use IE settings)"
5333	+	"Proxy_AccessType": "2 (Use IE settings)"
5334	-	}
5334	+	}
5335	-	},
5335	+	},
5336	-	"185.150.119.148": {
5336	+	"185.150.119.148": {
5337	-	"x86": {
5337	+	"x86": {
5338	-	"BeaconType": "8 (HTTPS)",
5338	+	"BeaconType": "8 (HTTPS)",
5339	-	"Port": "443",
5339	+	"Port": "443",
5340	-	"Polling": "60000",
5340	+	"Polling": "60000",
5341	-	"Jitter": "15",
5341	+	"Jitter": "15",
5342	-	"C2 Server": "185.150.119.148,/_/scs/mail-static/_/js/",
5342	+	"C2 Server": "185.150.119.148,/_/scs/mail-static/_/js/",
5343	-	"HTTP Method Path 2": "/mail/u/0/",
5343	+	"HTTP Method Path 2": "/mail/u/0/",
5344	-	"Method1": "GET",
5344	+	"Method1": "GET",
5345	-	"Method2": "POST",
5345	+	"Method2": "POST",
5346	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
5346	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
5347	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
5347	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
5348	-	"Proxy_AccessType": "2 (Use IE settings)"
5348	+	"Proxy_AccessType": "2 (Use IE settings)"
5349	-	}
5349	+	}
5350	-	},
5350	+	},
5351	-	"185.150.190.113": {
5351	+	"185.150.190.113": {
5352	-	"x86": {
5352	+	"x86": {
5353	-	"BeaconType": "8 (HTTPS)",
5353	+	"BeaconType": "8 (HTTPS)",
5354	-	"Port": "443",
5354	+	"Port": "443",
5355	-	"Polling": "5000",
5355	+	"Polling": "5000",
5356	-	"Jitter": "10",
5356	+	"Jitter": "10",
5357	-	"Maxdns": "235",
5357	+	"Maxdns": "235",
5358	-	"C2 Server": "topevi.com,/us/ky/louisville/312-s-fourth-st.html",
5358	+	"C2 Server": "topevi.com,/us/ky/louisville/312-s-fourth-st.html",
5359	-	"User Agent": "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko)",
5359	+	"User Agent": "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko)",
5360	-	"HTTP Method Path 2": "/OrderEntryService.asmx/AddOrderLine",
5360	+	"HTTP Method Path 2": "/OrderEntryService.asmx/AddOrderLine",
5361	-	"Header1": "",
5361	+	"Header1": "",
5362	-	"Header2": "",
5362	+	"Header2": "",
5363	-	"PipeName": "",
5363	+	"PipeName": "",
5364	-	"DNS Idle": "\\x08\\x08\\x08\\x08",
5364	+	"DNS Idle": "\\x08\\x08\\x08\\x08",
5365	-	"DNS Sleep": "0",
5365	+	"DNS Sleep": "0",
5366	-	"Method1": "GET",
5366	+	"Method1": "GET",
5367	-	"Method2": "POST",
5367	+	"Method2": "POST",
5368	-	"Spawnto_x86": "%windir%\\syswow64\\mstsc.exe",
5368	+	"Spawnto_x86": "%windir%\\syswow64\\mstsc.exe",
5369	-	"Spawnto_x64": "%windir%\\sysnative\\mstsc.exe",
5369	+	"Spawnto_x64": "%windir%\\sysnative\\mstsc.exe",
5370	-	"Proxy_AccessType": "2 (Use IE settings)"
5370	+	"Proxy_AccessType": "2 (Use IE settings)"
5371	-	}
5371	+	}
5372	-	},
5372	+	},
5373	-	"185.150.190.204": {
5373	+	"185.150.190.204": {
5374	-	"x86": {
5374	+	"x86": {
5375	-	"BeaconType": "8 (HTTPS)",
5375	+	"BeaconType": "8 (HTTPS)",
5376	-	"Port": "443",
5376	+	"Port": "443",
5377	-	"Polling": "5000",
5377	+	"Polling": "5000",
5378	-	"Jitter": "10",
5378	+	"Jitter": "10",
5379	-	"Maxdns": "235",
5379	+	"Maxdns": "235",
5380	-	"C2 Server": "regbest.com,/us/ky/louisville/312-s-fourth-st.html",
5380	+	"C2 Server": "regbest.com,/us/ky/louisville/312-s-fourth-st.html",
5381	-	"User Agent": "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko)",
5381	+	"User Agent": "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko)",
5382	-	"HTTP Method Path 2": "/OrderEntryService.asmx/AddOrderLine",
5382	+	"HTTP Method Path 2": "/OrderEntryService.asmx/AddOrderLine",
5383	-	"Header1": "",
5383	+	"Header1": "",
5384	-	"Header2": "",
5384	+	"Header2": "",
5385	-	"PipeName": "",
5385	+	"PipeName": "",
5386	-	"DNS Idle": "\\x08\\x08\\x08\\x08",
5386	+	"DNS Idle": "\\x08\\x08\\x08\\x08",
5387	-	"DNS Sleep": "0",
5387	+	"DNS Sleep": "0",
5388	-	"Method1": "GET",
5388	+	"Method1": "GET",
5389	-	"Method2": "POST",
5389	+	"Method2": "POST",
5390	-	"Spawnto_x86": "%windir%\\syswow64\\mstsc.exe",
5390	+	"Spawnto_x86": "%windir%\\syswow64\\mstsc.exe",
5391	-	"Spawnto_x64": "%windir%\\sysnative\\mstsc.exe",
5391	+	"Spawnto_x64": "%windir%\\sysnative\\mstsc.exe",
5392	-	"Proxy_AccessType": "2 (Use IE settings)"
5392	+	"Proxy_AccessType": "2 (Use IE settings)"
5393	-	},
5393	+	},
5394	-	"x64": {
5394	+	"x64": {
5395	-	"BeaconType": "8 (HTTPS)",
5395	+	"BeaconType": "8 (HTTPS)",
5396	-	"Port": "443",
5396	+	"Port": "443",
5397	-	"Polling": "5000",
5397	+	"Polling": "5000",
5398	-	"Jitter": "10",
5398	+	"Jitter": "10",
5399	-	"Maxdns": "235",
5399	+	"Maxdns": "235",
5400	-	"C2 Server": "regbest.com,/us/ky/louisville/312-s-fourth-st.html",
5400	+	"C2 Server": "regbest.com,/us/ky/louisville/312-s-fourth-st.html",
5401	-	"User Agent": "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko)",
5401	+	"User Agent": "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko)",
5402	-	"HTTP Method Path 2": "/OrderEntryService.asmx/AddOrderLine",
5402	+	"HTTP Method Path 2": "/OrderEntryService.asmx/AddOrderLine",
5403	-	"Header1": "",
5403	+	"Header1": "",
5404	-	"Header2": "",
5404	+	"Header2": "",
5405	-	"PipeName": "",
5405	+	"PipeName": "",
5406	-	"DNS Idle": "\\x08\\x08\\x08\\x08",
5406	+	"DNS Idle": "\\x08\\x08\\x08\\x08",
5407	-	"DNS Sleep": "0",
5407	+	"DNS Sleep": "0",
5408	-	"Method1": "GET",
5408	+	"Method1": "GET",
5409	-	"Method2": "POST",
5409	+	"Method2": "POST",
5410	-	"Spawnto_x86": "%windir%\\syswow64\\mstsc.exe",
5410	+	"Spawnto_x86": "%windir%\\syswow64\\mstsc.exe",
5411	-	"Spawnto_x64": "%windir%\\sysnative\\mstsc.exe",
5411	+	"Spawnto_x64": "%windir%\\sysnative\\mstsc.exe",
5412	-	"Proxy_AccessType": "2 (Use IE settings)"
5412	+	"Proxy_AccessType": "2 (Use IE settings)"
5413	-	}
5413	+	}
5414	-	},
5414	+	},
5415	-	"185.153.196.130": {
5415	+	"185.153.196.130": {
5416	-	"x86": {
5416	+	"x86": {
5417	-	"BeaconType": "8 (HTTPS)",
5417	+	"BeaconType": "8 (HTTPS)",
5418	-	"Port": "443",
5418	+	"Port": "443",
5419	-	"Polling": "60000",
5419	+	"Polling": "60000",
5420	-	"Jitter": "0",
5420	+	"Jitter": "0",
5421	-	"Maxdns": "255",
5421	+	"Maxdns": "255",
5422	-	"C2 Server": "185.153.196.130,/match",
5422	+	"C2 Server": "185.153.196.130,/match",
5423	-	"User Agent": "Mozilla/4.0 (compatible; MSIE 5.0; Windows NT; DigExt; DTS Agent",
5423	+	"User Agent": "Mozilla/4.0 (compatible; MSIE 5.0; Windows NT; DigExt; DTS Agent",
5424	-	"HTTP Method Path 2": "/submit.php",
5424	+	"HTTP Method Path 2": "/submit.php",
5425	-	"Header1": "",
5425	+	"Header1": "",
5426	-	"Header2": "",
5426	+	"Header2": "",
5427	-	"PipeName": "",
5427	+	"PipeName": "",
5428	-	"DNS Idle": "\\x00\\x00\\x00\\x00",
5428	+	"DNS Idle": "\\x00\\x00\\x00\\x00",
5429	-	"DNS Sleep": "0",
5429	+	"DNS Sleep": "0",
5430	-	"Method1": "GET",
5430	+	"Method1": "GET",
5431	-	"Method2": "POST",
5431	+	"Method2": "POST",
5432	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
5432	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
5433	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
5433	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
5434	-	"Proxy_AccessType": "2 (Use IE settings)"
5434	+	"Proxy_AccessType": "2 (Use IE settings)"
5435	-	}
5435	+	}
5436	-	},
5436	+	},
5437	-	"185.158.249.123": {
5437	+	"185.158.249.123": {
5438	-	"x64": {
5438	+	"x64": {
5439	-	"BeaconType": "8 (HTTPS)",
5439	+	"BeaconType": "8 (HTTPS)",
5440	-	"Port": "443",
5440	+	"Port": "443",
5441	-	"Polling": "60000",
5441	+	"Polling": "60000",
5442	-	"Jitter": "0",
5442	+	"Jitter": "0",
5443	-	"Maxdns": "255",
5443	+	"Maxdns": "255",
5444	-	"C2 Server": "185.158.249.123,/cm",
5444	+	"C2 Server": "185.158.249.123,/cm",
5445	-	"User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.0; Trident/5.0)",
5445	+	"User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.0; Trident/5.0)",
5446	-	"HTTP Method Path 2": "/submit.php",
5446	+	"HTTP Method Path 2": "/submit.php",
5447	-	"Header1": "",
5447	+	"Header1": "",
5448	-	"Header2": "",
5448	+	"Header2": "",
5449	-	"PipeName": "",
5449	+	"PipeName": "",
5450	-	"DNS Idle": "\\x00\\x00\\x00\\x00",
5450	+	"DNS Idle": "\\x00\\x00\\x00\\x00",
5451	-	"DNS Sleep": "0",
5451	+	"DNS Sleep": "0",
5452	-	"Method1": "GET",
5452	+	"Method1": "GET",
5453	-	"Method2": "POST",
5453	+	"Method2": "POST",
5454	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
5454	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
5455	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
5455	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
5456	-	"Proxy_AccessType": "2 (Use IE settings)"
5456	+	"Proxy_AccessType": "2 (Use IE settings)"
5457	-	}
5457	+	}
5458	-	},
5458	+	},
5459	-	"185.162.235.111": {
5459	+	"185.162.235.111": {
5460	-	"x64": {
5460	+	"x64": {
5461	-	"BeaconType": "8 (HTTPS)",
5461	+	"BeaconType": "8 (HTTPS)",
5462	-	"Port": "443",
5462	+	"Port": "443",
5463	-	"Polling": "60000",
5463	+	"Polling": "60000",
5464	-	"Jitter": "0",
5464	+	"Jitter": "0",
5465	-	"Maxdns": "255",
5465	+	"Maxdns": "255",
5466	-	"C2 Server": "185.162.235.111,/visit.js",
5466	+	"C2 Server": "185.162.235.111,/visit.js",
5467	-	"User Agent": "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; LBBROWSER)",
5467	+	"User Agent": "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; LBBROWSER)",
5468	-	"HTTP Method Path 2": "/submit.php",
5468	+	"HTTP Method Path 2": "/submit.php",
5469	-	"Header1": "",
5469	+	"Header1": "",
5470	-	"Header2": "",
5470	+	"Header2": "",
5471	-	"PipeName": "",
5471	+	"PipeName": "",
5472	-	"DNS Idle": "\\x00\\x00\\x00\\x00",
5472	+	"DNS Idle": "\\x00\\x00\\x00\\x00",
5473	-	"DNS Sleep": "0",
5473	+	"DNS Sleep": "0",
5474	-	"Method1": "GET",
5474	+	"Method1": "GET",
5475	-	"Method2": "POST",
5475	+	"Method2": "POST",
5476	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
5476	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
5477	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
5477	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
5478	-	"Proxy_AccessType": "2 (Use IE settings)"
5478	+	"Proxy_AccessType": "2 (Use IE settings)"
5479	-	}
5479	+	}
5480	-	},
5480	+	},
5481	-	"185.162.235.35": {
5481	+	"185.162.235.35": {
5482	-	"x86": {
5482	+	"x86": {
5483	-	"BeaconType": "8 (HTTPS)",
5483	+	"BeaconType": "8 (HTTPS)",
5484	-	"Port": "443",
5484	+	"Port": "443",
5485	-	"Polling": "60000",
5485	+	"Polling": "60000",
5486	-	"Jitter": "0",
5486	+	"Jitter": "0",
5487	-	"Maxdns": "255",
5487	+	"Maxdns": "255",
5488	-	"C2 Server": "185.162.235.35,/dot.gif",
5488	+	"C2 Server": "185.162.235.35,/dot.gif",
5489	-	"User Agent": "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; SV1)",
5489	+	"User Agent": "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; SV1)",
5490	-	"HTTP Method Path 2": "/submit.php",
5490	+	"HTTP Method Path 2": "/submit.php",
5491	-	"Header1": "",
5491	+	"Header1": "",
5492	-	"Header2": "",
5492	+	"Header2": "",
5493	-	"PipeName": "",
5493	+	"PipeName": "",
5494	-	"DNS Idle": "\\x00\\x00\\x00\\x00",
5494	+	"DNS Idle": "\\x00\\x00\\x00\\x00",
5495	-	"DNS Sleep": "0",
5495	+	"DNS Sleep": "0",
5496	-	"Method1": "GET",
5496	+	"Method1": "GET",
5497	-	"Method2": "POST",
5497	+	"Method2": "POST",
5498	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
5498	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
5499	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
5499	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
5500	-	"Proxy_AccessType": "2 (Use IE settings)"
5500	+	"Proxy_AccessType": "2 (Use IE settings)"
5501	-	}
5501	+	}
5502	-	},
5502	+	},
5503	-	"185.162.235.61": {
5503	+	"185.162.235.61": {
5504	-	"x86": {
5504	+	"x86": {
5505	-	"BeaconType": "8 (HTTPS)",
5505	+	"BeaconType": "8 (HTTPS)",
5506	-	"Port": "443",
5506	+	"Port": "443",
5507	-	"Polling": "60000",
5507	+	"Polling": "60000",
5508	-	"Jitter": "0",
5508	+	"Jitter": "0",
5509	-	"Maxdns": "255",
5509	+	"Maxdns": "255",
5510	-	"C2 Server": "185.162.235.61,/fwlink",
5510	+	"C2 Server": "185.162.235.61,/fwlink",
5511	-	"User Agent": "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; WOW64; Trident/6.0; Touch; ASU2JS)",
5511	+	"User Agent": "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; WOW64; Trident/6.0; Touch; ASU2JS)",
5512	-	"HTTP Method Path 2": "/submit.php",
5512	+	"HTTP Method Path 2": "/submit.php",
5513	-	"Header1": "",
5513	+	"Header1": "",
5514	-	"Header2": "",
5514	+	"Header2": "",
5515	-	"PipeName": "",
5515	+	"PipeName": "",
5516	-	"DNS Idle": "\\x00\\x00\\x00\\x00",
5516	+	"DNS Idle": "\\x00\\x00\\x00\\x00",
5517	-	"DNS Sleep": "0",
5517	+	"DNS Sleep": "0",
5518	-	"Method1": "GET",
5518	+	"Method1": "GET",
5519	-	"Method2": "POST",
5519	+	"Method2": "POST",
5520	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
5520	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
5521	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
5521	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
5522	-	"Proxy_AccessType": "2 (Use IE settings)"
5522	+	"Proxy_AccessType": "2 (Use IE settings)"
5523	-	},
5523	+	},
5524	-	"x64": {
5524	+	"x64": {
5525	-	"BeaconType": "8 (HTTPS)",
5525	+	"BeaconType": "8 (HTTPS)",
5526	-	"Port": "443",
5526	+	"Port": "443",
5527	-	"Polling": "60000",
5527	+	"Polling": "60000",
5528	-	"Jitter": "0",
5528	+	"Jitter": "0",
5529	-	"Maxdns": "255",
5529	+	"Maxdns": "255",
5530	-	"C2 Server": "185.162.235.61,/cx",
5530	+	"C2 Server": "185.162.235.61,/cx",
5531	-	"User Agent": "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; WOW64; Trident/6.0; MATBJS)",
5531	+	"User Agent": "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; WOW64; Trident/6.0; MATBJS)",
5532	-	"HTTP Method Path 2": "/submit.php",
5532	+	"HTTP Method Path 2": "/submit.php",
5533	-	"Header1": "",
5533	+	"Header1": "",
5534	-	"Header2": "",
5534	+	"Header2": "",
5535	-	"PipeName": "",
5535	+	"PipeName": "",
5536	-	"DNS Idle": "\\x00\\x00\\x00\\x00",
5536	+	"DNS Idle": "\\x00\\x00\\x00\\x00",
5537	-	"DNS Sleep": "0",
5537	+	"DNS Sleep": "0",
5538	-	"Method1": "GET",
5538	+	"Method1": "GET",
5539	-	"Method2": "POST",
5539	+	"Method2": "POST",
5540	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
5540	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
5541	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
5541	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
5542	-	"Proxy_AccessType": "2 (Use IE settings)"
5542	+	"Proxy_AccessType": "2 (Use IE settings)"
5543	-	}
5543	+	}
5544	-	},
5544	+	},
5545	-	"185.189.151.92": {
5545	+	"185.189.151.92": {
5546	-	"x86": {
5546	+	"x86": {
5547	-	"BeaconType": "8 (HTTPS)",
5547	+	"BeaconType": "8 (HTTPS)",
5548	-	"Port": "443",
5548	+	"Port": "443",
5549	-	"Polling": "60000",
5549	+	"Polling": "60000",
5550	-	"Jitter": "0",
5550	+	"Jitter": "0",
5551	-	"Maxdns": "255",
5551	+	"Maxdns": "255",
5552	-	"C2 Server": "185.189.151.92,/activity",
5552	+	"C2 Server": "185.189.151.92,/activity",
5553	-	"User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.0; Trident/5.0; BOIE9;ENUSMSNIP)",
5553	+	"User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.0; Trident/5.0; BOIE9;ENUSMSNIP)",
5554	-	"HTTP Method Path 2": "/submit.php",
5554	+	"HTTP Method Path 2": "/submit.php",
5555	-	"Header1": "",
5555	+	"Header1": "",
5556	-	"Header2": "",
5556	+	"Header2": "",
5557	-	"PipeName": "",
5557	+	"PipeName": "",
5558	-	"DNS Idle": "\\x00\\x00\\x00\\x00",
5558	+	"DNS Idle": "\\x00\\x00\\x00\\x00",
5559	-	"DNS Sleep": "0",
5559	+	"DNS Sleep": "0",
5560	-	"Method1": "GET",
5560	+	"Method1": "GET",
5561	-	"Method2": "POST",
5561	+	"Method2": "POST",
5562	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
5562	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
5563	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
5563	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
5564	-	"Proxy_AccessType": "2 (Use IE settings)"
5564	+	"Proxy_AccessType": "2 (Use IE settings)"
5565	-	},
5565	+	},
5566	-	"x64": {
5566	+	"x64": {
5567	-	"BeaconType": "8 (HTTPS)",
5567	+	"BeaconType": "8 (HTTPS)",
5568	-	"Port": "443",
5568	+	"Port": "443",
5569	-	"Polling": "60000",
5569	+	"Polling": "60000",
5570	-	"Jitter": "0",
5570	+	"Jitter": "0",
5571	-	"Maxdns": "255",
5571	+	"Maxdns": "255",
5572	-	"C2 Server": "185.189.151.92,/dot.gif",
5572	+	"C2 Server": "185.189.151.92,/dot.gif",
5573	-	"User Agent": "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; WOW64; Trident/6.0; MATBJS)",
5573	+	"User Agent": "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; WOW64; Trident/6.0; MATBJS)",
5574	-	"HTTP Method Path 2": "/submit.php",
5574	+	"HTTP Method Path 2": "/submit.php",
5575	-	"Header1": "",
5575	+	"Header1": "",
5576	-	"Header2": "",
5576	+	"Header2": "",
5577	-	"PipeName": "",
5577	+	"PipeName": "",
5578	-	"DNS Idle": "\\x00\\x00\\x00\\x00",
5578	+	"DNS Idle": "\\x00\\x00\\x00\\x00",
5579	-	"DNS Sleep": "0",
5579	+	"DNS Sleep": "0",
5580	-	"Method1": "GET",
5580	+	"Method1": "GET",
5581	-	"Method2": "POST",
5581	+	"Method2": "POST",
5582	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
5582	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
5583	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
5583	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
5584	-	"Proxy_AccessType": "2 (Use IE settings)"
5584	+	"Proxy_AccessType": "2 (Use IE settings)"
5585	-	}
5585	+	}
5586	-	},
5586	+	},
5587	-	"185.191.32.168": {
5587	+	"185.191.32.168": {
5588	-	"x86": {
5588	+	"x86": {
5589	-	"BeaconType": "8 (HTTPS)",
5589	+	"BeaconType": "8 (HTTPS)",
5590	-	"Port": "443",
5590	+	"Port": "443",
5591	-	"Polling": "45000",
5591	+	"Polling": "45000",
5592	-	"Jitter": "37",
5592	+	"Jitter": "37",
5593	-	"Maxdns": "255",
5593	+	"Maxdns": "255",
5594	-	"C2 Server": "185.191.32.168,/jquery-3.3.1.min.js",
5594	+	"C2 Server": "185.191.32.168,/jquery-3.3.1.min.js",
5595	-	"User Agent": "Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko",
5595	+	"User Agent": "Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko",
5596	-	"HTTP Method Path 2": "/jquery-3.3.2.min.js",
5596	+	"HTTP Method Path 2": "/jquery-3.3.2.min.js",
5597	-	"Header1": "",
5597	+	"Header1": "",
5598	-	"Header2": "",
5598	+	"Header2": "",
5599	-	"PipeName": "",
5599	+	"PipeName": "",
5600	-	"DNS Idle": "J}\\xC4q",
5600	+	"DNS Idle": "J}\\xC4q",
5601	-	"DNS Sleep": "0",
5601	+	"DNS Sleep": "0",
5602	-	"Method1": "GET",
5602	+	"Method1": "GET",
5603	-	"Method2": "POST",
5603	+	"Method2": "POST",
5604	-	"Spawnto_x86": "%windir%\\syswow64\\dllhost.exe",
5604	+	"Spawnto_x86": "%windir%\\syswow64\\dllhost.exe",
5605	-	"Spawnto_x64": "%windir%\\sysnative\\dllhost.exe",
5605	+	"Spawnto_x64": "%windir%\\sysnative\\dllhost.exe",
5606	-	"Proxy_AccessType": "2 (Use IE settings)"
5606	+	"Proxy_AccessType": "2 (Use IE settings)"
5607	-	}
5607	+	}
5608	-	},
5608	+	},
5609	-	"185.191.32.180": {
5609	+	"185.191.32.180": {
5610	-	"x64": {
5610	+	"x64": {
5611	-	"BeaconType": "8 (HTTPS)",
5611	+	"BeaconType": "8 (HTTPS)",
5612	-	"Port": "443",
5612	+	"Port": "443",
5613	-	"Polling": "60000",
5613	+	"Polling": "60000",
5614	-	"Jitter": "0",
5614	+	"Jitter": "0",
5615	-	"Maxdns": "255",
5615	+	"Maxdns": "255",
5616	-	"C2 Server": "185.191.32.180,/en_US/all.js",
5616	+	"C2 Server": "185.191.32.180,/en_US/all.js",
5617	-	"User Agent": "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0)",
5617	+	"User Agent": "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0)",
5618	-	"HTTP Method Path 2": "/submit.php",
5618	+	"HTTP Method Path 2": "/submit.php",
5619	-	"Header1": "",
5619	+	"Header1": "",
5620	-	"Header2": "",
5620	+	"Header2": "",
5621	-	"PipeName": "",
5621	+	"PipeName": "",
5622	-	"DNS Idle": "\\x00\\x00\\x00\\x00",
5622	+	"DNS Idle": "\\x00\\x00\\x00\\x00",
5623	-	"DNS Sleep": "0",
5623	+	"DNS Sleep": "0",
5624	-	"Method1": "GET",
5624	+	"Method1": "GET",
5625	-	"Method2": "POST",
5625	+	"Method2": "POST",
5626	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
5626	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
5627	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
5627	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
5628	-	"Proxy_AccessType": "2 (Use IE settings)"
5628	+	"Proxy_AccessType": "2 (Use IE settings)"
5629	-	}
5629	+	}
5630	-	},
5630	+	},
5631	-	"185.201.47.155": {
5631	+	"185.201.47.155": {
5632	-	"x86": {
5632	+	"x86": {
5633	-	"BeaconType": "8 (HTTPS)",
5633	+	"BeaconType": "8 (HTTPS)",
5634	-	"Port": "443",
5634	+	"Port": "443",
5635	-	"Polling": "60000",
5635	+	"Polling": "60000",
5636	-	"Jitter": "0",
5636	+	"Jitter": "0",
5637	-	"Maxdns": "255",
5637	+	"Maxdns": "255",
5638	-	"C2 Server": "thie7keiz2eu2eeshoog.greenyellow.xyz,/ga.js,Oophofeip9aiph4zoo6e.greenyellow.site,/dpixel,eeTaicaiT4eeceingoz9.greenyellow.fun,/visit.js",
5638	+	"C2 Server": "thie7keiz2eu2eeshoog.greenyellow.xyz,/ga.js,Oophofeip9aiph4zoo6e.greenyellow.site,/dpixel,eeTaicaiT4eeceingoz9.greenyellow.fun,/visit.js",
5639	-	"User Agent": "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)",
5639	+	"User Agent": "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)",
5640	-	"HTTP Method Path 2": "/submit.php",
5640	+	"HTTP Method Path 2": "/submit.php",
5641	-	"Header1": "",
5641	+	"Header1": "",
5642	-	"Header2": "",
5642	+	"Header2": "",
5643	-	"PipeName": "",
5643	+	"PipeName": "",
5644	-	"DNS Idle": "\\x00\\x00\\x00\\x00",
5644	+	"DNS Idle": "\\x00\\x00\\x00\\x00",
5645	-	"DNS Sleep": "0",
5645	+	"DNS Sleep": "0",
5646	-	"Method1": "GET",
5646	+	"Method1": "GET",
5647	-	"Method2": "POST",
5647	+	"Method2": "POST",
5648	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
5648	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
5649	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
5649	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
5650	-	"Proxy_AccessType": "2 (Use IE settings)"
5650	+	"Proxy_AccessType": "2 (Use IE settings)"
5651	-	},
5651	+	},
5652	-	"x64": {
5652	+	"x64": {
5653	-	"BeaconType": "8 (HTTPS)",
5653	+	"BeaconType": "8 (HTTPS)",
5654	-	"Port": "443",
5654	+	"Port": "443",
5655	-	"Polling": "60000",
5655	+	"Polling": "60000",
5656	-	"Jitter": "0",
5656	+	"Jitter": "0",
5657	-	"Maxdns": "255",
5657	+	"Maxdns": "255",
5658	-	"C2 Server": "thie7keiz2eu2eeshoog.greenyellow.xyz,/cm,Oophofeip9aiph4zoo6e.greenyellow.site,/cx,eeTaicaiT4eeceingoz9.greenyellow.fun,/dot.gif",
5658	+	"C2 Server": "thie7keiz2eu2eeshoog.greenyellow.xyz,/cm,Oophofeip9aiph4zoo6e.greenyellow.site,/cx,eeTaicaiT4eeceingoz9.greenyellow.fun,/dot.gif",
5659	-	"User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MALC)",
5659	+	"User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MALC)",
5660	-	"HTTP Method Path 2": "/submit.php",
5660	+	"HTTP Method Path 2": "/submit.php",
5661	-	"Header1": "",
5661	+	"Header1": "",
5662	-	"Header2": "",
5662	+	"Header2": "",
5663	-	"PipeName": "",
5663	+	"PipeName": "",
5664	-	"DNS Idle": "\\x00\\x00\\x00\\x00",
5664	+	"DNS Idle": "\\x00\\x00\\x00\\x00",
5665	-	"DNS Sleep": "0",
5665	+	"DNS Sleep": "0",
5666	-	"Method1": "GET",
5666	+	"Method1": "GET",
5667	-	"Method2": "POST",
5667	+	"Method2": "POST",
5668	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
5668	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
5669	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
5669	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
5670	-	"Proxy_AccessType": "2 (Use IE settings)"
5670	+	"Proxy_AccessType": "2 (Use IE settings)"
5671	-	}
5671	+	}
5672	-	},
5672	+	},
5673	-	"185.225.19.140": {
5673	+	"185.225.19.140": {
5674	-	"x86": {
5674	+	"x86": {
5675	-	"BeaconType": "8 (HTTPS)",
5675	+	"BeaconType": "8 (HTTPS)",
5676	-	"Port": "443",
5676	+	"Port": "443",
5677	-	"Polling": "60000",
5677	+	"Polling": "60000",
5678	-	"Jitter": "20",
5678	+	"Jitter": "20",
5679	-	"Maxdns": "255",
5679	+	"Maxdns": "255",
5680	-	"C2 Server": "185.225.19.140,/c/msdownload/update/others/2020/10/29136388_",
5680	+	"C2 Server": "185.225.19.140,/c/msdownload/update/others/2020/10/29136388_",
5681	-	"User Agent": "Windows-Update-Agent/10.0.10022.16384 Client-Protocol/1.40",
5681	+	"User Agent": "Windows-Update-Agent/10.0.10022.16384 Client-Protocol/1.40",
5682	-	"HTTP Method Path 2": "/c/msdownload/update/others/2020/10/28986731_",
5682	+	"HTTP Method Path 2": "/c/msdownload/update/others/2020/10/28986731_",
5683	-	"Header1": "",
5683	+	"Header1": "",
5684	-	"Header2": "",
5684	+	"Header2": "",
5685	-	"PipeName": "",
5685	+	"PipeName": "",
5686	-	"DNS Idle": "\\x00\\x00\\x00\\x00",
5686	+	"DNS Idle": "\\x00\\x00\\x00\\x00",
5687	-	"DNS Sleep": "0",
5687	+	"DNS Sleep": "0",
5688	-	"Method1": "GET",
5688	+	"Method1": "GET",
5689	-	"Method2": "POST",
5689	+	"Method2": "POST",
5690	-	"Spawnto_x86": "%windir%\\syswow64\\wusa.exe",
5690	+	"Spawnto_x86": "%windir%\\syswow64\\wusa.exe",
5691	-	"Spawnto_x64": "%windir%\\sysnative\\wusa.exe",
5691	+	"Spawnto_x64": "%windir%\\sysnative\\wusa.exe",
5692	-	"Proxy_AccessType": "2 (Use IE settings)"
5692	+	"Proxy_AccessType": "2 (Use IE settings)"
5693	-	}
5693	+	}
5694	-	},
5694	+	},
5695	-	"185.227.82.66": {
5695	+	"185.227.82.66": {
5696	-	"x86": {
5696	+	"x86": {
5697	-	"BeaconType": "8 (HTTPS)",
5697	+	"BeaconType": "8 (HTTPS)",
5698	-	"Port": "443",
5698	+	"Port": "443",
5699	-	"Polling": "60000",
5699	+	"Polling": "60000",
5700	-	"Jitter": "0",
5700	+	"Jitter": "0",
5701	-	"Maxdns": "255",
5701	+	"Maxdns": "255",
5702	-	"C2 Server": "185.227.82.66,/push",
5702	+	"C2 Server": "185.227.82.66,/push",
5703	-	"User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; BOIE9;ENUSMSCOM)",
5703	+	"User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; BOIE9;ENUSMSCOM)",
5704	-	"HTTP Method Path 2": "/submit.php",
5704	+	"HTTP Method Path 2": "/submit.php",
5705	-	"Header1": "",
5705	+	"Header1": "",
5706	-	"Header2": "",
5706	+	"Header2": "",
5707	-	"PipeName": "",
5707	+	"PipeName": "",
5708	-	"DNS Idle": "\\x00\\x00\\x00\\x00",
5708	+	"DNS Idle": "\\x00\\x00\\x00\\x00",
5709	-	"DNS Sleep": "0",
5709	+	"DNS Sleep": "0",
5710	-	"Method1": "GET",
5710	+	"Method1": "GET",
5711	-	"Method2": "POST",
5711	+	"Method2": "POST",
5712	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
5712	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
5713	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
5713	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
5714	-	"Proxy_AccessType": "2 (Use IE settings)"
5714	+	"Proxy_AccessType": "2 (Use IE settings)"
5715	-	}
5715	+	}
5716	-	},
5716	+	},
5717	-	"185.232.52.137": {
5717	+	"185.232.52.137": {
5718	-	"x86": {
5718	+	"x86": {
5719	-	"BeaconType": "8 (HTTPS)",
5719	+	"BeaconType": "8 (HTTPS)",
5720	-	"Port": "443",
5720	+	"Port": "443",
5721	-	"Polling": "60000",
5721	+	"Polling": "60000",
5722	-	"Jitter": "0",
5722	+	"Jitter": "0",
5723	-	"Maxdns": "255",
5723	+	"Maxdns": "255",
5724	-	"C2 Server": "185.232.52.137,/g.pixel",
5724	+	"C2 Server": "185.232.52.137,/g.pixel",
5725	-	"User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)",
5725	+	"User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)",
5726	-	"HTTP Method Path 2": "/submit.php",
5726	+	"HTTP Method Path 2": "/submit.php",
5727	-	"Header1": "",
5727	+	"Header1": "",
5728	-	"Header2": "",
5728	+	"Header2": "",
5729	-	"PipeName": "",
5729	+	"PipeName": "",
5730	-	"DNS Idle": "\\x00\\x00\\x00\\x00",
5730	+	"DNS Idle": "\\x00\\x00\\x00\\x00",
5731	-	"DNS Sleep": "0",
5731	+	"DNS Sleep": "0",
5732	-	"Method1": "GET",
5732	+	"Method1": "GET",
5733	-	"Method2": "POST",
5733	+	"Method2": "POST",
5734	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
5734	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
5735	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
5735	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
5736	-	"Proxy_AccessType": "2 (Use IE settings)"
5736	+	"Proxy_AccessType": "2 (Use IE settings)"
5737	-	},
5737	+	},
5738	-	"x64": {
5738	+	"x64": {
5739	-	"BeaconType": "8 (HTTPS)",
5739	+	"BeaconType": "8 (HTTPS)",
5740	-	"Port": "443",
5740	+	"Port": "443",
5741	-	"Polling": "60000",
5741	+	"Polling": "60000",
5742	-	"Jitter": "0",
5742	+	"Jitter": "0",
5743	-	"Maxdns": "255",
5743	+	"Maxdns": "255",
5744	-	"C2 Server": "185.232.52.137,/pixel",
5744	+	"C2 Server": "185.232.52.137,/pixel",
5745	-	"User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0) LBBROWSER",
5745	+	"User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0) LBBROWSER",
5746	-	"HTTP Method Path 2": "/submit.php",
5746	+	"HTTP Method Path 2": "/submit.php",
5747	-	"Header1": "",
5747	+	"Header1": "",
5748	-	"Header2": "",
5748	+	"Header2": "",
5749	-	"PipeName": "",
5749	+	"PipeName": "",
5750	-	"DNS Idle": "\\x00\\x00\\x00\\x00",
5750	+	"DNS Idle": "\\x00\\x00\\x00\\x00",
5751	-	"DNS Sleep": "0",
5751	+	"DNS Sleep": "0",
5752	-	"Method1": "GET",
5752	+	"Method1": "GET",
5753	-	"Method2": "POST",
5753	+	"Method2": "POST",
5754	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
5754	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
5755	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
5755	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
5756	-	"Proxy_AccessType": "2 (Use IE settings)"
5756	+	"Proxy_AccessType": "2 (Use IE settings)"
5757	-	}
5757	+	}
5758	-	},
5758	+	},
5759	-	"185.232.52.143": {
5759	+	"185.232.52.143": {
5760	-	"x64": {
5760	+	"x64": {
5761	-	"BeaconType": "8 (HTTPS)",
5761	+	"BeaconType": "8 (HTTPS)",
5762	-	"Port": "443",
5762	+	"Port": "443",
5763	-	"Polling": "60000",
5763	+	"Polling": "60000",
5764	-	"Jitter": "0",
5764	+	"Jitter": "0",
5765	-	"Maxdns": "255",
5765	+	"Maxdns": "255",
5766	-	"C2 Server": "185.232.52.143,/ptj",
5766	+	"C2 Server": "185.232.52.143,/ptj",
5767	-	"User Agent": "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)",
5767	+	"User Agent": "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)",
5768	-	"HTTP Method Path 2": "/submit.php",
5768	+	"HTTP Method Path 2": "/submit.php",
5769	-	"Header1": "",
5769	+	"Header1": "",
5770	-	"Header2": "",
5770	+	"Header2": "",
5771	-	"PipeName": "",
5771	+	"PipeName": "",
5772	-	"DNS Idle": "\\x00\\x00\\x00\\x00",
5772	+	"DNS Idle": "\\x00\\x00\\x00\\x00",
5773	-	"DNS Sleep": "0",
5773	+	"DNS Sleep": "0",
5774	-	"Method1": "GET",
5774	+	"Method1": "GET",
5775	-	"Method2": "POST",
5775	+	"Method2": "POST",
5776	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
5776	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
5777	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
5777	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
5778	-	"Proxy_AccessType": "2 (Use IE settings)"
5778	+	"Proxy_AccessType": "2 (Use IE settings)"
5779	-	}
5779	+	}
5780	-	},
5780	+	},
5781	-	"185.238.169.166": {
5781	+	"185.238.169.166": {
5782	-	"x86": {
5782	+	"x86": {
5783	-	"BeaconType": "8 (HTTPS)",
5783	+	"BeaconType": "8 (HTTPS)",
5784	-	"Port": "443",
5784	+	"Port": "443",
5785	-	"Polling": "5000",
5785	+	"Polling": "5000",
5786	-	"Jitter": "10",
5786	+	"Jitter": "10",
5787	-	"Maxdns": "235",
5787	+	"Maxdns": "235",
5788	-	"C2 Server": "rinnosaur.com,/us/ky/louisville/312-s-fourth-st.html",
5788	+	"C2 Server": "rinnosaur.com,/us/ky/louisville/312-s-fourth-st.html",
5789	-	"User Agent": "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko)",
5789	+	"User Agent": "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko)",
5790	-	"HTTP Method Path 2": "/OrderEntryService.asmx/AddOrderLine",
5790	+	"HTTP Method Path 2": "/OrderEntryService.asmx/AddOrderLine",
5791	-	"Header1": "",
5791	+	"Header1": "",
5792	-	"Header2": "",
5792	+	"Header2": "",
5793	-	"PipeName": "",
5793	+	"PipeName": "",
5794	-	"DNS Idle": "\\x08\\x08\\x08\\x08",
5794	+	"DNS Idle": "\\x08\\x08\\x08\\x08",
5795	-	"DNS Sleep": "0",
5795	+	"DNS Sleep": "0",
5796	-	"Method1": "GET",
5796	+	"Method1": "GET",
5797	-	"Method2": "POST",
5797	+	"Method2": "POST",
5798	-	"Spawnto_x86": "%windir%\\syswow64\\mstsc.exe",
5798	+	"Spawnto_x86": "%windir%\\syswow64\\mstsc.exe",
5799	-	"Spawnto_x64": "%windir%\\sysnative\\mstsc.exe",
5799	+	"Spawnto_x64": "%windir%\\sysnative\\mstsc.exe",
5800	-	"Proxy_AccessType": "2 (Use IE settings)"
5800	+	"Proxy_AccessType": "2 (Use IE settings)"
5801	-	}
5801	+	}
5802	-	},
5802	+	},
5803	-	"185.244.149.152": {
5803	+	"185.244.149.152": {
5804	-	"x64": {
5804	+	"x64": {
5805	-	"BeaconType": "8 (HTTPS)",
5805	+	"BeaconType": "8 (HTTPS)",
5806	-	"Port": "443",
5806	+	"Port": "443",
5807	-	"Polling": "60000",
5807	+	"Polling": "60000",
5808	-	"Jitter": "0",
5808	+	"Jitter": "0",
5809	-	"Maxdns": "255",
5809	+	"Maxdns": "255",
5810	-	"C2 Server": "yambanetsdev.net,/g.pixel",
5810	+	"C2 Server": "yambanetsdev.net,/g.pixel",
5811	-	"User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)",
5811	+	"User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)",
5812	-	"HTTP Method Path 2": "/submit.php",
5812	+	"HTTP Method Path 2": "/submit.php",
5813	-	"Header1": "",
5813	+	"Header1": "",
5814	-	"Header2": "",
5814	+	"Header2": "",
5815	-	"PipeName": "",
5815	+	"PipeName": "",
5816	-	"DNS Idle": "\\x00\\x00\\x00\\x00",
5816	+	"DNS Idle": "\\x00\\x00\\x00\\x00",
5817	-	"DNS Sleep": "0",
5817	+	"DNS Sleep": "0",
5818	-	"Method1": "GET",
5818	+	"Method1": "GET",
5819	-	"Method2": "POST",
5819	+	"Method2": "POST",
5820	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
5820	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
5821	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
5821	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
5822	-	"Proxy_AccessType": "2 (Use IE settings)"
5822	+	"Proxy_AccessType": "2 (Use IE settings)"
5823	-	}
5823	+	}
5824	-	},
5824	+	},
5825	-	"185.244.39.110": {
5825	+	"185.244.39.110": {
5826	-	"x86": {
5826	+	"x86": {
5827	-	"BeaconType": "8 (HTTPS)",
5827	+	"BeaconType": "8 (HTTPS)",
5828	-	"Port": "443",
5828	+	"Port": "443",
5829	-	"Polling": "45000",
5829	+	"Polling": "45000",
5830	-	"Jitter": "37",
5830	+	"Jitter": "37",
5831	-	"Maxdns": "255",
5831	+	"Maxdns": "255",
5832	-	"C2 Server": "185.244.39.110,/jquery-3.3.1.min.js",
5832	+	"C2 Server": "185.244.39.110,/jquery-3.3.1.min.js",
5833	-	"User Agent": "Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko",
5833	+	"User Agent": "Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko",
5834	-	"HTTP Method Path 2": "/jquery-3.3.2.min.js",
5834	+	"HTTP Method Path 2": "/jquery-3.3.2.min.js",
5835	-	"Header1": "",
5835	+	"Header1": "",
5836	-	"Header2": "",
5836	+	"Header2": "",
5837	-	"PipeName": "",
5837	+	"PipeName": "",
5838	-	"DNS Idle": "J}\\xC4q",
5838	+	"DNS Idle": "J}\\xC4q",
5839	-	"DNS Sleep": "0",
5839	+	"DNS Sleep": "0",
5840	-	"Method1": "GET",
5840	+	"Method1": "GET",
5841	-	"Method2": "POST",
5841	+	"Method2": "POST",
5842	-	"Spawnto_x86": "%windir%\\syswow64\\dllhost.exe",
5842	+	"Spawnto_x86": "%windir%\\syswow64\\dllhost.exe",
5843	-	"Spawnto_x64": "%windir%\\sysnative\\dllhost.exe",
5843	+	"Spawnto_x64": "%windir%\\sysnative\\dllhost.exe",
5844	-	"Proxy_AccessType": "2 (Use IE settings)"
5844	+	"Proxy_AccessType": "2 (Use IE settings)"
5845	-	},
5845	+	},
5846	-	"x64": {
5846	+	"x64": {
5847	-	"BeaconType": "8 (HTTPS)",
5847	+	"BeaconType": "8 (HTTPS)",
5848	-	"Port": "443",
5848	+	"Port": "443",
5849	-	"Polling": "45000",
5849	+	"Polling": "45000",
5850	-	"Jitter": "37",
5850	+	"Jitter": "37",
5851	-	"Maxdns": "255",
5851	+	"Maxdns": "255",
5852	-	"C2 Server": "185.244.39.110,/jquery-3.3.1.min.js",
5852	+	"C2 Server": "185.244.39.110,/jquery-3.3.1.min.js",
5853	-	"User Agent": "Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko",
5853	+	"User Agent": "Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko",
5854	-	"HTTP Method Path 2": "/jquery-3.3.2.min.js",
5854	+	"HTTP Method Path 2": "/jquery-3.3.2.min.js",
5855	-	"Header1": "",
5855	+	"Header1": "",
5856	-	"Header2": "",
5856	+	"Header2": "",
5857	-	"PipeName": "",
5857	+	"PipeName": "",
5858	-	"DNS Idle": "J}\\xC4q",
5858	+	"DNS Idle": "J}\\xC4q",
5859	-	"DNS Sleep": "0",
5859	+	"DNS Sleep": "0",
5860	-	"Method1": "GET",
5860	+	"Method1": "GET",
5861	-	"Method2": "POST",
5861	+	"Method2": "POST",
5862	-	"Spawnto_x86": "%windir%\\syswow64\\dllhost.exe",
5862	+	"Spawnto_x86": "%windir%\\syswow64\\dllhost.exe",
5863	-	"Spawnto_x64": "%windir%\\sysnative\\dllhost.exe",
5863	+	"Spawnto_x64": "%windir%\\sysnative\\dllhost.exe",
5864	-	"Proxy_AccessType": "2 (Use IE settings)"
5864	+	"Proxy_AccessType": "2 (Use IE settings)"
5865	-	}
5865	+	}
5866	-	},
5866	+	},
5867	-	"185.62.189.116": {
5867	+	"185.62.189.116": {
5868	-	"x64": {
5868	+	"x64": {
5869	-	"BeaconType": "8 (HTTPS)",
5869	+	"BeaconType": "8 (HTTPS)",
5870	-	"Port": "443",
5870	+	"Port": "443",
5871	-	"Polling": "10000",
5871	+	"Polling": "10000",
5872	-	"Jitter": "37",
5872	+	"Jitter": "37",
5873	-	"Maxdns": "255",
5873	+	"Maxdns": "255",
5874	-	"C2 Server": "ojbg.sigiwendksgna.com,/jquery-3.3.1.min.js",
5874	+	"C2 Server": "ojbg.sigiwendksgna.com,/jquery-3.3.1.min.js",
5875	-	"User Agent": "Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko",
5875	+	"User Agent": "Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko",
5876	-	"HTTP Method Path 2": "/jquery-3.3.2.min.js",
5876	+	"HTTP Method Path 2": "/jquery-3.3.2.min.js",
5877	-	"Header1": "",
5877	+	"Header1": "",
5878	-	"Header2": "",
5878	+	"Header2": "",
5879	-	"PipeName": "",
5879	+	"PipeName": "",
5880	-	"DNS Idle": "J}\\xC4q",
5880	+	"DNS Idle": "J}\\xC4q",
5881	-	"DNS Sleep": "0",
5881	+	"DNS Sleep": "0",
5882	-	"Method1": "GET",
5882	+	"Method1": "GET",
5883	-	"Method2": "POST",
5883	+	"Method2": "POST",
5884	-	"Spawnto_x86": "%windir%\\syswow64\\dllhost.exe",
5884	+	"Spawnto_x86": "%windir%\\syswow64\\dllhost.exe",
5885	-	"Spawnto_x64": "%windir%\\sysnative\\dllhost.exe",
5885	+	"Spawnto_x64": "%windir%\\sysnative\\dllhost.exe",
5886	-	"Proxy_AccessType": "2 (Use IE settings)"
5886	+	"Proxy_AccessType": "2 (Use IE settings)"
5887	-	}
5887	+	}
5888	-	},
5888	+	},
5889	-	"185.82.126.47": {
5889	+	"185.82.126.47": {
5890	-	"x86": {
5890	+	"x86": {
5891	-	"BeaconType": "8 (HTTPS)",
5891	+	"BeaconType": "8 (HTTPS)",
5892	-	"Port": "443",
5892	+	"Port": "443",
5893	-	"Polling": "60000",
5893	+	"Polling": "60000",
5894	-	"Jitter": "0",
5894	+	"Jitter": "0",
5895	-	"Maxdns": "255",
5895	+	"Maxdns": "255",
5896	-	"C2 Server": "185.82.126.47,/pixel",
5896	+	"C2 Server": "185.82.126.47,/pixel",
5897	-	"User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MASB)",
5897	+	"User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MASB)",
5898	-	"HTTP Method Path 2": "/submit.php",
5898	+	"HTTP Method Path 2": "/submit.php",
5899	-	"Header1": "",
5899	+	"Header1": "",
5900	-	"Header2": "",
5900	+	"Header2": "",
5901	-	"PipeName": "",
5901	+	"PipeName": "",
5902	-	"DNS Idle": "\\x00\\x00\\x00\\x00",
5902	+	"DNS Idle": "\\x00\\x00\\x00\\x00",
5903	-	"DNS Sleep": "0",
5903	+	"DNS Sleep": "0",
5904	-	"Method1": "GET",
5904	+	"Method1": "GET",
5905	-	"Method2": "POST",
5905	+	"Method2": "POST",
5906	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
5906	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
5907	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
5907	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
5908	-	"Proxy_AccessType": "2 (Use IE settings)"
5908	+	"Proxy_AccessType": "2 (Use IE settings)"
5909	-	}
5909	+	}
5910	-	},
5910	+	},
5911	-	"188.119.112.174": {
5911	+	"188.119.112.174": {
5912	-	"x86": {
5912	+	"x86": {
5913	-	"BeaconType": "8 (HTTPS)",
5913	+	"BeaconType": "8 (HTTPS)",
5914	-	"Port": "8081",
5914	+	"Port": "8081",
5915	-	"Polling": "30000",
5915	+	"Polling": "30000",
5916	-	"Jitter": "20",
5916	+	"Jitter": "20",
5917	-	"Maxdns": "255",
5917	+	"Maxdns": "255",
5918	-	"C2 Server": "girls4dating.asia,/safebrowsing/rd/CltOb12nLW1IbHehcmUtd2hUdmFzEBAY7-0KIOkUDC7h2",
5918	+	"C2 Server": "girls4dating.asia,/safebrowsing/rd/CltOb12nLW1IbHehcmUtd2hUdmFzEBAY7-0KIOkUDC7h2",
5919	-	"User Agent": "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko",
5919	+	"User Agent": "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko",
5920	-	"HTTP Method Path 2": "/safebrowsing/rd/CINnu27nLO8hbHdfgmUtc2ihdmFyEAcY4",
5920	+	"HTTP Method Path 2": "/safebrowsing/rd/CINnu27nLO8hbHdfgmUtc2ihdmFyEAcY4",
5921	-	"Header1": "",
5921	+	"Header1": "",
5922	-	"Header2": "",
5922	+	"Header2": "",
5923	-	"PipeName": "",
5923	+	"PipeName": "",
5924	-	"DNS Idle": "\\x00\\x00\\x00\\x00",
5924	+	"DNS Idle": "\\x00\\x00\\x00\\x00",
5925	-	"DNS Sleep": "0",
5925	+	"DNS Sleep": "0",
5926	-	"Method1": "GET",
5926	+	"Method1": "GET",
5927	-	"Method2": "POST",
5927	+	"Method2": "POST",
5928	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
5928	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
5929	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
5929	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
5930	-	"Proxy_AccessType": "2 (Use IE settings)"
5930	+	"Proxy_AccessType": "2 (Use IE settings)"
5931	-	},
5931	+	},
5932	-	"x64": {
5932	+	"x64": {
5933	-	"BeaconType": "8 (HTTPS)",
5933	+	"BeaconType": "8 (HTTPS)",
5934	-	"Port": "8081",
5934	+	"Port": "8081",
5935	-	"Polling": "30000",
5935	+	"Polling": "30000",
5936	-	"Jitter": "20",
5936	+	"Jitter": "20",
5937	-	"Maxdns": "255",
5937	+	"Maxdns": "255",
5938	-	"C2 Server": "girls4dating.asia,/safebrowsing/rd/CltOb12nLW1IbHehcmUtd2hUdmFzEBAY7-0KIOkUDC7h2",
5938	+	"C2 Server": "girls4dating.asia,/safebrowsing/rd/CltOb12nLW1IbHehcmUtd2hUdmFzEBAY7-0KIOkUDC7h2",
5939	-	"User Agent": "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko",
5939	+	"User Agent": "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko",
5940	-	"HTTP Method Path 2": "/safebrowsing/rd/CINnu27nLO8hbHdfgmUtc2ihdmFyEAcY4",
5940	+	"HTTP Method Path 2": "/safebrowsing/rd/CINnu27nLO8hbHdfgmUtc2ihdmFyEAcY4",
5941	-	"Header1": "",
5941	+	"Header1": "",
5942	-	"Header2": "",
5942	+	"Header2": "",
5943	-	"PipeName": "",
5943	+	"PipeName": "",
5944	-	"DNS Idle": "\\x00\\x00\\x00\\x00",
5944	+	"DNS Idle": "\\x00\\x00\\x00\\x00",
5945	-	"DNS Sleep": "0",
5945	+	"DNS Sleep": "0",
5946	-	"Method1": "GET",
5946	+	"Method1": "GET",
5947	-	"Method2": "POST",
5947	+	"Method2": "POST",
5948	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
5948	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
5949	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
5949	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
5950	-	"Proxy_AccessType": "2 (Use IE settings)"
5950	+	"Proxy_AccessType": "2 (Use IE settings)"
5951	-	}
5951	+	}
5952	-	},
5952	+	},
5953	-	"188.119.113.18": {
5953	+	"188.119.113.18": {
5954	-	"x86": {
5954	+	"x86": {
5955	-	"BeaconType": "0 (HTTP)",
5955	+	"BeaconType": "0 (HTTP)",
5956	-	"Port": "443",
5956	+	"Port": "443",
5957	-	"Polling": "7000",
5957	+	"Polling": "7000",
5958	-	"Jitter": "0",
5958	+	"Jitter": "0",
5959	-	"Maxdns": "255",
5959	+	"Maxdns": "255",
5960	-	"C2 Server": "hopetmone.com,/jquery-3.3.1.min.js",
5960	+	"C2 Server": "hopetmone.com,/jquery-3.3.1.min.js",
5961	-	"User Agent": "Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko",
5961	+	"User Agent": "Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko",
5962	-	"HTTP Method Path 2": "/jquery-3.3.2.min.js",
5962	+	"HTTP Method Path 2": "/jquery-3.3.2.min.js",
5963	-	"Header1": "",
5963	+	"Header1": "",
5964	-	"Header2": "",
5964	+	"Header2": "",
5965	-	"PipeName": "",
5965	+	"PipeName": "",
5966	-	"DNS Idle": "J}\\xC4q",
5966	+	"DNS Idle": "J}\\xC4q",
5967	-	"DNS Sleep": "0",
5967	+	"DNS Sleep": "0",
5968	-	"Method1": "GET",
5968	+	"Method1": "GET",
5969	-	"Method2": "POST",
5969	+	"Method2": "POST",
5970	-	"Spawnto_x86": "%windir%\\syswow64\\dllhost.exe",
5970	+	"Spawnto_x86": "%windir%\\syswow64\\dllhost.exe",
5971	-	"Spawnto_x64": "%windir%\\sysnative\\dllhost.exe",
5971	+	"Spawnto_x64": "%windir%\\sysnative\\dllhost.exe",
5972	-	"Proxy_AccessType": "2 (Use IE settings)"
5972	+	"Proxy_AccessType": "2 (Use IE settings)"
5973	-	},
5973	+	},
5974	-	"x64": {
5974	+	"x64": {
5975	-	"BeaconType": "0 (HTTP)",
5975	+	"BeaconType": "0 (HTTP)",
5976	-	"Port": "443",
5976	+	"Port": "443",
5977	-	"Polling": "7000",
5977	+	"Polling": "7000",
5978	-	"Jitter": "0",
5978	+	"Jitter": "0",
5979	-	"Maxdns": "255",
5979	+	"Maxdns": "255",
5980	-	"C2 Server": "hopetmone.com,/jquery-3.3.1.min.js",
5980	+	"C2 Server": "hopetmone.com,/jquery-3.3.1.min.js",
5981	-	"User Agent": "Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko",
5981	+	"User Agent": "Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko",
5982	-	"HTTP Method Path 2": "/jquery-3.3.2.min.js",
5982	+	"HTTP Method Path 2": "/jquery-3.3.2.min.js",
5983	-	"Header1": "",
5983	+	"Header1": "",
5984	-	"Header2": "",
5984	+	"Header2": "",
5985	-	"PipeName": "",
5985	+	"PipeName": "",
5986	-	"DNS Idle": "J}\\xC4q",
5986	+	"DNS Idle": "J}\\xC4q",
5987	-	"DNS Sleep": "0",
5987	+	"DNS Sleep": "0",
5988	-	"Method1": "GET",
5988	+	"Method1": "GET",
5989	-	"Method2": "POST",
5989	+	"Method2": "POST",
5990	-	"Spawnto_x86": "%windir%\\syswow64\\dllhost.exe",
5990	+	"Spawnto_x86": "%windir%\\syswow64\\dllhost.exe",
5991	-	"Spawnto_x64": "%windir%\\sysnative\\dllhost.exe",
5991	+	"Spawnto_x64": "%windir%\\sysnative\\dllhost.exe",
5992	-	"Proxy_AccessType": "2 (Use IE settings)"
5992	+	"Proxy_AccessType": "2 (Use IE settings)"
5993	-	}
5993	+	}
5994	-	},
5994	+	},
5995	-	"192.111.144.210": {
5995	+	"192.111.144.210": {
5996	-	"x64": {
5996	+	"x64": {
5997	-	"BeaconType": "8 (HTTPS)",
5997	+	"BeaconType": "8 (HTTPS)",
5998	-	"Port": "443",
5998	+	"Port": "443",
5999	-	"Polling": "5000",
5999	+	"Polling": "5000",
6000	-	"Jitter": "10",
6000	+	"Jitter": "10",
6001	-	"Maxdns": "235",
6001	+	"Maxdns": "235",
6002	-	"C2 Server": "repshd.com,/us/ky/louisville/312-s-fourth-st.html,pinglis.com,/us/ky/louisville/312-s-fourth-st.html,stargut.com,/us/ky/louisville/312-s-fourth-st.html",
6002	+	"C2 Server": "repshd.com,/us/ky/louisville/312-s-fourth-st.html,pinglis.com,/us/ky/louisville/312-s-fourth-st.html,stargut.com,/us/ky/louisville/312-s-fourth-st.html",
6003	-	"User Agent": "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko)",
6003	+	"User Agent": "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko)",
6004	-	"HTTP Method Path 2": "/OrderEntryService.asmx/AddOrderLine",
6004	+	"HTTP Method Path 2": "/OrderEntryService.asmx/AddOrderLine",
6005	-	"Header1": "",
6005	+	"Header1": "",
6006	-	"Header2": "",
6006	+	"Header2": "",
6007	-	"PipeName": "",
6007	+	"PipeName": "",
6008	-	"DNS Idle": "\\x08\\x08\\x08\\x08",
6008	+	"DNS Idle": "\\x08\\x08\\x08\\x08",
6009	-	"DNS Sleep": "0",
6009	+	"DNS Sleep": "0",
6010	-	"Method1": "GET",
6010	+	"Method1": "GET",
6011	-	"Method2": "POST",
6011	+	"Method2": "POST",
6012	-	"Spawnto_x86": "%windir%\\syswow64\\mstsc.exe",
6012	+	"Spawnto_x86": "%windir%\\syswow64\\mstsc.exe",
6013	-	"Spawnto_x64": "%windir%\\sysnative\\mstsc.exe",
6013	+	"Spawnto_x64": "%windir%\\sysnative\\mstsc.exe",
6014	-	"Proxy_AccessType": "2 (Use IE settings)"
6014	+	"Proxy_AccessType": "2 (Use IE settings)"
6015	-	}
6015	+	}
6016	-	},
6016	+	},
6017	-	"192.119.110.81": {
6017	+	"192.119.110.81": {
6018	-	"x64": {
6018	+	"x64": {
6019	-	"BeaconType": "8 (HTTPS)",
6019	+	"BeaconType": "8 (HTTPS)",
6020	-	"Port": "443",
6020	+	"Port": "443",
6021	-	"Polling": "60000",
6021	+	"Polling": "60000",
6022	-	"Jitter": "0",
6022	+	"Jitter": "0",
6023	-	"Maxdns": "255",
6023	+	"Maxdns": "255",
6024	-	"C2 Server": "192.119.111.117,/IE9CompatViewList.xml",
6024	+	"C2 Server": "192.119.111.117,/IE9CompatViewList.xml",
6025	-	"User Agent": "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; Win64; x64; Trident/6.0; MAARJS)",
6025	+	"User Agent": "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; Win64; x64; Trident/6.0; MAARJS)",
6026	-	"HTTP Method Path 2": "/submit.php",
6026	+	"HTTP Method Path 2": "/submit.php",
6027	-	"Header1": "",
6027	+	"Header1": "",
6028	-	"Header2": "",
6028	+	"Header2": "",
6029	-	"PipeName": "",
6029	+	"PipeName": "",
6030	-	"DNS Idle": "\\x00\\x00\\x00\\x00",
6030	+	"DNS Idle": "\\x00\\x00\\x00\\x00",
6031	-	"DNS Sleep": "0",
6031	+	"DNS Sleep": "0",
6032	-	"Method1": "GET",
6032	+	"Method1": "GET",
6033	-	"Method2": "POST",
6033	+	"Method2": "POST",
6034	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
6034	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
6035	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
6035	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
6036	-	"Proxy_AccessType": "2 (Use IE settings)"
6036	+	"Proxy_AccessType": "2 (Use IE settings)"
6037	-	}
6037	+	}
6038	-	},
6038	+	},
6039	-	"192.119.111.117": {
6039	+	"192.119.111.117": {
6040	-	"x86": {
6040	+	"x86": {
6041	-	"BeaconType": "8 (HTTPS)",
6041	+	"BeaconType": "8 (HTTPS)",
6042	-	"Port": "443",
6042	+	"Port": "443",
6043	-	"Polling": "60000",
6043	+	"Polling": "60000",
6044	-	"Jitter": "0",
6044	+	"Jitter": "0",
6045	-	"Maxdns": "255",
6045	+	"Maxdns": "255",
6046	-	"C2 Server": "192.119.111.117,/cm",
6046	+	"C2 Server": "192.119.111.117,/cm",
6047	-	"User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; NP06)",
6047	+	"User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; NP06)",
6048	-	"HTTP Method Path 2": "/submit.php",
6048	+	"HTTP Method Path 2": "/submit.php",
6049	-	"Header1": "",
6049	+	"Header1": "",
6050	-	"Header2": "",
6050	+	"Header2": "",
6051	-	"PipeName": "",
6051	+	"PipeName": "",
6052	-	"DNS Idle": "\\x00\\x00\\x00\\x00",
6052	+	"DNS Idle": "\\x00\\x00\\x00\\x00",
6053	-	"DNS Sleep": "0",
6053	+	"DNS Sleep": "0",
6054	-	"Method1": "GET",
6054	+	"Method1": "GET",
6055	-	"Method2": "POST",
6055	+	"Method2": "POST",
6056	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
6056	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
6057	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
6057	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
6058	-	"Proxy_AccessType": "2 (Use IE settings)"
6058	+	"Proxy_AccessType": "2 (Use IE settings)"
6059	-	},
6059	+	},
6060	-	"x64": {
6060	+	"x64": {
6061	-	"BeaconType": "8 (HTTPS)",
6061	+	"BeaconType": "8 (HTTPS)",
6062	-	"Port": "443",
6062	+	"Port": "443",
6063	-	"Polling": "60000",
6063	+	"Polling": "60000",
6064	-	"Jitter": "0",
6064	+	"Jitter": "0",
6065	-	"Maxdns": "255",
6065	+	"Maxdns": "255",
6066	-	"C2 Server": "192.119.111.117,/IE9CompatViewList.xml",
6066	+	"C2 Server": "192.119.111.117,/IE9CompatViewList.xml",
6067	-	"User Agent": "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; Win64; x64; Trident/6.0; MAARJS)",
6067	+	"User Agent": "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; Win64; x64; Trident/6.0; MAARJS)",
6068	-	"HTTP Method Path 2": "/submit.php",
6068	+	"HTTP Method Path 2": "/submit.php",
6069	-	"Header1": "",
6069	+	"Header1": "",
6070	-	"Header2": "",
6070	+	"Header2": "",
6071	-	"PipeName": "",
6071	+	"PipeName": "",
6072	-	"DNS Idle": "\\x00\\x00\\x00\\x00",
6072	+	"DNS Idle": "\\x00\\x00\\x00\\x00",
6073	-	"DNS Sleep": "0",
6073	+	"DNS Sleep": "0",
6074	-	"Method1": "GET",
6074	+	"Method1": "GET",
6075	-	"Method2": "POST",
6075	+	"Method2": "POST",
6076	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
6076	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
6077	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
6077	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
6078	-	"Proxy_AccessType": "2 (Use IE settings)"
6078	+	"Proxy_AccessType": "2 (Use IE settings)"
6079	-	}
6079	+	}
6080	-	},
6080	+	},
6081	-	"192.119.111.155": {
6081	+	"192.119.111.155": {
6082	-	"x86": {
6082	+	"x86": {
6083	-	"BeaconType": "8 (HTTPS)",
6083	+	"BeaconType": "8 (HTTPS)",
6084	-	"Port": "443",
6084	+	"Port": "443",
6085	-	"Polling": "60000",
6085	+	"Polling": "60000",
6086	-	"Jitter": "0",
6086	+	"Jitter": "0",
6087	-	"Maxdns": "255",
6087	+	"Maxdns": "255",
6088	-	"C2 Server": "192.119.111.117,/cm",
6088	+	"C2 Server": "192.119.111.117,/cm",
6089	-	"User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; NP06)",
6089	+	"User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; NP06)",
6090	-	"HTTP Method Path 2": "/submit.php",
6090	+	"HTTP Method Path 2": "/submit.php",
6091	-	"Header1": "",
6091	+	"Header1": "",
6092	-	"Header2": "",
6092	+	"Header2": "",
6093	-	"PipeName": "",
6093	+	"PipeName": "",
6094	-	"DNS Idle": "\\x00\\x00\\x00\\x00",
6094	+	"DNS Idle": "\\x00\\x00\\x00\\x00",
6095	-	"DNS Sleep": "0",
6095	+	"DNS Sleep": "0",
6096	-	"Method1": "GET",
6096	+	"Method1": "GET",
6097	-	"Method2": "POST",
6097	+	"Method2": "POST",
6098	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
6098	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
6099	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
6099	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
6100	-	"Proxy_AccessType": "2 (Use IE settings)"
6100	+	"Proxy_AccessType": "2 (Use IE settings)"
6101	-	}
6101	+	}
6102	-	},
6102	+	},
6103	-	"192.119.92.16": {
6103	+	"192.119.92.16": {
6104	-	"x86": {
6104	+	"x86": {
6105	-	"BeaconType": "8 (HTTPS)",
6105	+	"BeaconType": "8 (HTTPS)",
6106	-	"Port": "443",
6106	+	"Port": "443",
6107	-	"Polling": "59558",
6107	+	"Polling": "59558",
6108	-	"Jitter": "41",
6108	+	"Jitter": "41",
6109	-	"Maxdns": "241",
6109	+	"Maxdns": "241",
6110	-	"C2 Server": "qw.client-update.xyz,/kj.html,as.client-update.xyz,/kj.html,zx.client-update.xyz,/kj.html",
6110	+	"C2 Server": "qw.client-update.xyz,/kj.html,as.client-update.xyz,/kj.html,zx.client-update.xyz,/kj.html",
6111	-	"User Agent": "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/47.0.2526.111 Safari/537.36",
6111	+	"User Agent": "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/47.0.2526.111 Safari/537.36",
6112	-	"HTTP Method Path 2": "/temp",
6112	+	"HTTP Method Path 2": "/temp",
6113	-	"Header1": "",
6113	+	"Header1": "",
6114	-	"Header2": "",
6114	+	"Header2": "",
6115	-	"PipeName": "",
6115	+	"PipeName": "",
6116	-	"DNS Idle": "\\xA7\\x99\\x1D\\x01",
6116	+	"DNS Idle": "\\xA7\\x99\\x1D\\x01",
6117	-	"DNS Sleep": "0",
6117	+	"DNS Sleep": "0",
6118	-	"Method1": "GET",
6118	+	"Method1": "GET",
6119	-	"Method2": "POST",
6119	+	"Method2": "POST",
6120	-	"Spawnto_x86": "%windir%\\syswow64\\regsvr32.exe",
6120	+	"Spawnto_x86": "%windir%\\syswow64\\regsvr32.exe",
6121	-	"Spawnto_x64": "%windir%\\sysnative\\regsvr32.exe",
6121	+	"Spawnto_x64": "%windir%\\sysnative\\regsvr32.exe",
6122	-	"Proxy_AccessType": "2 (Use IE settings)"
6122	+	"Proxy_AccessType": "2 (Use IE settings)"
6123	-	}
6123	+	}
6124	-	},
6124	+	},
6125	-	"192.184.35.222": {
6125	+	"192.184.35.222": {
6126	-	"x86": {
6126	+	"x86": {
6127	-	"BeaconType": "8 (HTTPS)",
6127	+	"BeaconType": "8 (HTTPS)",
6128	-	"Port": "443",
6128	+	"Port": "443",
6129	-	"Polling": "5000",
6129	+	"Polling": "5000",
6130	-	"Jitter": "10",
6130	+	"Jitter": "10",
6131	-	"Maxdns": "235",
6131	+	"Maxdns": "235",
6132	-	"C2 Server": "exrap.com,/us/ky/louisville/312-s-fourth-st.html",
6132	+	"C2 Server": "exrap.com,/us/ky/louisville/312-s-fourth-st.html",
6133	-	"User Agent": "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko)",
6133	+	"User Agent": "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko)",
6134	-	"HTTP Method Path 2": "/OrderEntryService.asmx/AddOrderLine",
6134	+	"HTTP Method Path 2": "/OrderEntryService.asmx/AddOrderLine",
6135	-	"Header1": "",
6135	+	"Header1": "",
6136	-	"Header2": "",
6136	+	"Header2": "",
6137	-	"PipeName": "",
6137	+	"PipeName": "",
6138	-	"DNS Idle": "\\x08\\x08\\x08\\x08",
6138	+	"DNS Idle": "\\x08\\x08\\x08\\x08",
6139	-	"DNS Sleep": "0",
6139	+	"DNS Sleep": "0",
6140	-	"Method1": "GET",
6140	+	"Method1": "GET",
6141	-	"Method2": "POST",
6141	+	"Method2": "POST",
6142	-	"Spawnto_x86": "%windir%\\syswow64\\mstsc.exe",
6142	+	"Spawnto_x86": "%windir%\\syswow64\\mstsc.exe",
6143	-	"Spawnto_x64": "%windir%\\sysnative\\mstsc.exe",
6143	+	"Spawnto_x64": "%windir%\\sysnative\\mstsc.exe",
6144	-	"Proxy_AccessType": "2 (Use IE settings)"
6144	+	"Proxy_AccessType": "2 (Use IE settings)"
6145	-	},
6145	+	},
6146	-	"x64": {
6146	+	"x64": {
6147	-	"BeaconType": "8 (HTTPS)",
6147	+	"BeaconType": "8 (HTTPS)",
6148	-	"Port": "443",
6148	+	"Port": "443",
6149	-	"Polling": "5000",
6149	+	"Polling": "5000",
6150	-	"Jitter": "10",
6150	+	"Jitter": "10",
6151	-	"Maxdns": "235",
6151	+	"Maxdns": "235",
6152	-	"C2 Server": "exrap.com,/us/ky/louisville/312-s-fourth-st.html",
6152	+	"C2 Server": "exrap.com,/us/ky/louisville/312-s-fourth-st.html",
6153	-	"User Agent": "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko)",
6153	+	"User Agent": "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko)",
6154	-	"HTTP Method Path 2": "/OrderEntryService.asmx/AddOrderLine",
6154	+	"HTTP Method Path 2": "/OrderEntryService.asmx/AddOrderLine",
6155	-	"Header1": "",
6155	+	"Header1": "",
6156	-	"Header2": "",
6156	+	"Header2": "",
6157	-	"PipeName": "",
6157	+	"PipeName": "",
6158	-	"DNS Idle": "\\x08\\x08\\x08\\x08",
6158	+	"DNS Idle": "\\x08\\x08\\x08\\x08",
6159	-	"DNS Sleep": "0",
6159	+	"DNS Sleep": "0",
6160	-	"Method1": "GET",
6160	+	"Method1": "GET",
6161	-	"Method2": "POST",
6161	+	"Method2": "POST",
6162	-	"Spawnto_x86": "%windir%\\syswow64\\mstsc.exe",
6162	+	"Spawnto_x86": "%windir%\\syswow64\\mstsc.exe",
6163	-	"Spawnto_x64": "%windir%\\sysnative\\mstsc.exe",
6163	+	"Spawnto_x64": "%windir%\\sysnative\\mstsc.exe",
6164	-	"Proxy_AccessType": "2 (Use IE settings)"
6164	+	"Proxy_AccessType": "2 (Use IE settings)"
6165	-	}
6165	+	}
6166	-	},
6166	+	},
6167	-	"192.236.232.228": {
6167	+	"192.236.232.228": {
6168	-	"x64": {
6168	+	"x64": {
6169	-	"BeaconType": "8 (HTTPS)",
6169	+	"BeaconType": "8 (HTTPS)",
6170	-	"Port": "443",
6170	+	"Port": "443",
6171	-	"Polling": "60000",
6171	+	"Polling": "60000",
6172	-	"Jitter": "0",
6172	+	"Jitter": "0",
6173	-	"Maxdns": "255",
6173	+	"Maxdns": "255",
6174	-	"C2 Server": "192.236.232.228,/en_US/all.js",
6174	+	"C2 Server": "192.236.232.228,/en_US/all.js",
6175	-	"User Agent": "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)",
6175	+	"User Agent": "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)",
6176	-	"HTTP Method Path 2": "/submit.php",
6176	+	"HTTP Method Path 2": "/submit.php",
6177	-	"Header1": "",
6177	+	"Header1": "",
6178	-	"Header2": "",
6178	+	"Header2": "",
6179	-	"PipeName": "",
6179	+	"PipeName": "",
6180	-	"DNS Idle": "\\x00\\x00\\x00\\x00",
6180	+	"DNS Idle": "\\x00\\x00\\x00\\x00",
6181	-	"DNS Sleep": "0",
6181	+	"DNS Sleep": "0",
6182	-	"Method1": "GET",
6182	+	"Method1": "GET",
6183	-	"Method2": "POST",
6183	+	"Method2": "POST",
6184	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
6184	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
6185	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
6185	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
6186	-	"Proxy_AccessType": "2 (Use IE settings)"
6186	+	"Proxy_AccessType": "2 (Use IE settings)"
6187	-	}
6187	+	}
6188	-	},
6188	+	},
6189	-	"192.236.248.169": {
6189	+	"192.236.248.169": {
6190	-	"x86": {
6190	+	"x86": {
6191	-	"BeaconType": "8 (HTTPS)",
6191	+	"BeaconType": "8 (HTTPS)",
6192	-	"Port": "443",
6192	+	"Port": "443",
6193	-	"Polling": "60000",
6193	+	"Polling": "60000",
6194	-	"Jitter": "0",
6194	+	"Jitter": "0",
6195	-	"Maxdns": "255",
6195	+	"Maxdns": "255",
6196	-	"C2 Server": "amapai-technologies.email,/ptj",
6196	+	"C2 Server": "amapai-technologies.email,/ptj",
6197	-	"User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; NP06)",
6197	+	"User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; NP06)",
6198	-	"HTTP Method Path 2": "/submit.php",
6198	+	"HTTP Method Path 2": "/submit.php",
6199	-	"Header1": "",
6199	+	"Header1": "",
6200	-	"Header2": "",
6200	+	"Header2": "",
6201	-	"PipeName": "",
6201	+	"PipeName": "",
6202	-	"DNS Idle": "\\x00\\x00\\x00\\x00",
6202	+	"DNS Idle": "\\x00\\x00\\x00\\x00",
6203	-	"DNS Sleep": "0",
6203	+	"DNS Sleep": "0",
6204	-	"Method1": "GET",
6204	+	"Method1": "GET",
6205	-	"Method2": "POST",
6205	+	"Method2": "POST",
6206	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
6206	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
6207	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
6207	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
6208	-	"Proxy_AccessType": "2 (Use IE settings)"
6208	+	"Proxy_AccessType": "2 (Use IE settings)"
6209	-	}
6209	+	}
6210	-	},
6210	+	},
6211	-	"192.3.81.214": {
6211	+	"192.3.81.214": {
6212	-	"x64": {
6212	+	"x64": {
6213	-	"BeaconType": "8 (HTTPS)",
6213	+	"BeaconType": "8 (HTTPS)",
6214	-	"Port": "443",
6214	+	"Port": "443",
6215	-	"Polling": "5000",
6215	+	"Polling": "5000",
6216	-	"Jitter": "10",
6216	+	"Jitter": "10",
6217	-	"Maxdns": "235",
6217	+	"Maxdns": "235",
6218	-	"C2 Server": "139.199.185.41,/updates",
6218	+	"C2 Server": "139.199.185.41,/updates",
6219	-	"User Agent": "Mozilla/5.0 (Windows NT 6.1; rv:24.0) Gecko/20100101 Firefox/24.0",
6219	+	"User Agent": "Mozilla/5.0 (Windows NT 6.1; rv:24.0) Gecko/20100101 Firefox/24.0",
6220	-	"HTTP Method Path 2": "/aircanada/dark.php",
6220	+	"HTTP Method Path 2": "/aircanada/dark.php",
6221	-	"Header1": "",
6221	+	"Header1": "",
6222	-	"Header2": "",
6222	+	"Header2": "",
6223	-	"PipeName": "",
6223	+	"PipeName": "",
6224	-	"DNS Idle": "\\x08\\x08\\x04\\x04",
6224	+	"DNS Idle": "\\x08\\x08\\x04\\x04",
6225	-	"DNS Sleep": "0",
6225	+	"DNS Sleep": "0",
6226	-	"Method1": "GET",
6226	+	"Method1": "GET",
6227	-	"Method2": "POST",
6227	+	"Method2": "POST",
6228	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
6228	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
6229	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
6229	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
6230	-	"Proxy_AccessType": "2 (Use IE settings)"
6230	+	"Proxy_AccessType": "2 (Use IE settings)"
6231	-	}
6231	+	}
6232	-	},
6232	+	},
6233	-	"193.168.147.249": {
6233	+	"193.168.147.249": {
6234	-	"x86": {
6234	+	"x86": {
6235	-	"BeaconType": "8 (HTTPS)",
6235	+	"BeaconType": "8 (HTTPS)",
6236	-	"Port": "443",
6236	+	"Port": "443",
6237	-	"Polling": "5000",
6237	+	"Polling": "5000",
6238	-	"Jitter": "0",
6238	+	"Jitter": "0",
6239	-	"Maxdns": "255",
6239	+	"Maxdns": "255",
6240	-	"C2 Server": "mesteratosr.me,/api",
6240	+	"C2 Server": "mesteratosr.me,/api",
6241	-	"User Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:74.0) Gecko/20100101 Firefox/74.0",
6241	+	"User Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:74.0) Gecko/20100101 Firefox/74.0",
6242	-	"HTTP Method Path 2": "/lowpacket/mt.php",
6242	+	"HTTP Method Path 2": "/lowpacket/mt.php",
6243	-	"Header1": "",
6243	+	"Header1": "",
6244	-	"Header2": "",
6244	+	"Header2": "",
6245	-	"PipeName": "",
6245	+	"PipeName": "",
6246	-	"DNS Idle": "\\x00\\x00\\x00\\x00",
6246	+	"DNS Idle": "\\x00\\x00\\x00\\x00",
6247	-	"DNS Sleep": "0",
6247	+	"DNS Sleep": "0",
6248	-	"Method1": "GET",
6248	+	"Method1": "GET",
6249	-	"Method2": "POST",
6249	+	"Method2": "POST",
6250	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
6250	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
6251	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
6251	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
6252	-	"Proxy_AccessType": "2 (Use IE settings)"
6252	+	"Proxy_AccessType": "2 (Use IE settings)"
6253	-	}
6253	+	}
6254	-	},
6254	+	},
6255	-	"193.27.14.247": {
6255	+	"193.27.14.247": {
6256	-	"x64": {
6256	+	"x64": {
6257	-	"BeaconType": "8 (HTTPS)",
6257	+	"BeaconType": "8 (HTTPS)",
6258	-	"Port": "443",
6258	+	"Port": "443",
6259	-	"Polling": "60000",
6259	+	"Polling": "60000",
6260	-	"Jitter": "37",
6260	+	"Jitter": "37",
6261	-	"Maxdns": "255",
6261	+	"Maxdns": "255",
6262	-	"C2 Server": "ap.availablenationwide.com,/jquery-ajaxSuccess.js",
6262	+	"C2 Server": "ap.availablenationwide.com,/jquery-ajaxSuccess.js",
6263	-	"User Agent": "Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko",
6263	+	"User Agent": "Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko",
6264	-	"HTTP Method Path 2": "/jquery-before.js",
6264	+	"HTTP Method Path 2": "/jquery-before.js",
6265	-	"Header1": "",
6265	+	"Header1": "",
6266	-	"Header2": "",
6266	+	"Header2": "",
6267	-	"PipeName": "",
6267	+	"PipeName": "",
6268	-	"DNS Idle": "\\x00\\x00\\x00\\x00",
6268	+	"DNS Idle": "\\x00\\x00\\x00\\x00",
6269	-	"DNS Sleep": "0",
6269	+	"DNS Sleep": "0",
6270	-	"Method1": "GET",
6270	+	"Method1": "GET",
6271	-	"Method2": "POST",
6271	+	"Method2": "POST",
6272	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
6272	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
6273	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
6273	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
6274	-	"Proxy_AccessType": "2 (Use IE settings)"
6274	+	"Proxy_AccessType": "2 (Use IE settings)"
6275	-	}
6275	+	}
6276	-	},
6276	+	},
6277	-	"193.34.166.124": {
6277	+	"193.34.166.124": {
6278	-	"x86": {
6278	+	"x86": {
6279	-	"BeaconType": "8 (HTTPS)",
6279	+	"BeaconType": "8 (HTTPS)",
6280	-	"Port": "443",
6280	+	"Port": "443",
6281	-	"Polling": "60000",
6281	+	"Polling": "60000",
6282	-	"Jitter": "0",
6282	+	"Jitter": "0",
6283	-	"Maxdns": "255",
6283	+	"Maxdns": "255",
6284	-	"C2 Server": "ntservicespack.com,/load",
6284	+	"C2 Server": "ntservicespack.com,/load",
6285	-	"User Agent": "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; Win64; x64; Trident/6.0)",
6285	+	"User Agent": "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; Win64; x64; Trident/6.0)",
6286	-	"HTTP Method Path 2": "/submit.php",
6286	+	"HTTP Method Path 2": "/submit.php",
6287	-	"Header1": "",
6287	+	"Header1": "",
6288	-	"Header2": "",
6288	+	"Header2": "",
6289	-	"PipeName": "",
6289	+	"PipeName": "",
6290	-	"DNS Idle": "\\x00\\x00\\x00\\x00",
6290	+	"DNS Idle": "\\x00\\x00\\x00\\x00",
6291	-	"DNS Sleep": "0",
6291	+	"DNS Sleep": "0",
6292	-	"Method1": "GET",
6292	+	"Method1": "GET",
6293	-	"Method2": "POST",
6293	+	"Method2": "POST",
6294	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
6294	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
6295	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
6295	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
6296	-	"Proxy_AccessType": "2 (Use IE settings)"
6296	+	"Proxy_AccessType": "2 (Use IE settings)"
6297	-	},
6297	+	},
6298	-	"x64": {
6298	+	"x64": {
6299	-	"BeaconType": "8 (HTTPS)",
6299	+	"BeaconType": "8 (HTTPS)",
6300	-	"Port": "443",
6300	+	"Port": "443",
6301	-	"Polling": "60000",
6301	+	"Polling": "60000",
6302	-	"Jitter": "0",
6302	+	"Jitter": "0",
6303	-	"Maxdns": "255",
6303	+	"Maxdns": "255",
6304	-	"C2 Server": "ntservicespack.com,/ptj",
6304	+	"C2 Server": "ntservicespack.com,/ptj",
6305	-	"User Agent": "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0)",
6305	+	"User Agent": "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0)",
6306	-	"HTTP Method Path 2": "/submit.php",
6306	+	"HTTP Method Path 2": "/submit.php",
6307	-	"Header1": "",
6307	+	"Header1": "",
6308	-	"Header2": "",
6308	+	"Header2": "",
6309	-	"PipeName": "",
6309	+	"PipeName": "",
6310	-	"DNS Idle": "\\x00\\x00\\x00\\x00",
6310	+	"DNS Idle": "\\x00\\x00\\x00\\x00",
6311	-	"DNS Sleep": "0",
6311	+	"DNS Sleep": "0",
6312	-	"Method1": "GET",
6312	+	"Method1": "GET",
6313	-	"Method2": "POST",
6313	+	"Method2": "POST",
6314	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
6314	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
6315	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
6315	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
6316	-	"Proxy_AccessType": "2 (Use IE settings)"
6316	+	"Proxy_AccessType": "2 (Use IE settings)"
6317	-	}
6317	+	}
6318	-	},
6318	+	},
6319	-	"193.34.166.207": {
6319	+	"193.34.166.207": {
6320	-	"x86": {
6320	+	"x86": {
6321	-	"BeaconType": "8 (HTTPS)",
6321	+	"BeaconType": "8 (HTTPS)",
6322	-	"Port": "443",
6322	+	"Port": "443",
6323	-	"Polling": "60000",
6323	+	"Polling": "60000",
6324	-	"Jitter": "0",
6324	+	"Jitter": "0",
6325	-	"Maxdns": "255",
6325	+	"Maxdns": "255",
6326	-	"C2 Server": "timesyncad.com,/IE9CompatViewList.xml",
6326	+	"C2 Server": "timesyncad.com,/IE9CompatViewList.xml",
6327	-	"User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; MAAU; NP08)",
6327	+	"User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; MAAU; NP08)",
6328	-	"HTTP Method Path 2": "/submit.php",
6328	+	"HTTP Method Path 2": "/submit.php",
6329	-	"Header1": "",
6329	+	"Header1": "",
6330	-	"Header2": "",
6330	+	"Header2": "",
6331	-	"PipeName": "",
6331	+	"PipeName": "",
6332	-	"DNS Idle": "\\x00\\x00\\x00\\x00",
6332	+	"DNS Idle": "\\x00\\x00\\x00\\x00",
6333	-	"DNS Sleep": "0",
6333	+	"DNS Sleep": "0",
6334	-	"Method1": "GET",
6334	+	"Method1": "GET",
6335	-	"Method2": "POST",
6335	+	"Method2": "POST",
6336	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
6336	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
6337	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
6337	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
6338	-	"Proxy_AccessType": "2 (Use IE settings)"
6338	+	"Proxy_AccessType": "2 (Use IE settings)"
6339	-	}
6339	+	}
6340	-	},
6340	+	},
6341	-	"193.34.166.73": {
6341	+	"193.34.166.73": {
6342	-	"x86": {
6342	+	"x86": {
6343	-	"BeaconType": "8 (HTTPS)",
6343	+	"BeaconType": "8 (HTTPS)",
6344	-	"Port": "443",
6344	+	"Port": "443",
6345	-	"Polling": "60000",
6345	+	"Polling": "60000",
6346	-	"Jitter": "0",
6346	+	"Jitter": "0",
6347	-	"Maxdns": "255",
6347	+	"Maxdns": "255",
6348	-	"C2 Server": "servupdates.com,/ca",
6348	+	"C2 Server": "servupdates.com,/ca",
6349	-	"User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; MANM)",
6349	+	"User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; MANM)",
6350	-	"HTTP Method Path 2": "/submit.php",
6350	+	"HTTP Method Path 2": "/submit.php",
6351	-	"Header1": "",
6351	+	"Header1": "",
6352	-	"Header2": "",
6352	+	"Header2": "",
6353	-	"PipeName": "",
6353	+	"PipeName": "",
6354	-	"DNS Idle": "\\x00\\x00\\x00\\x00",
6354	+	"DNS Idle": "\\x00\\x00\\x00\\x00",
6355	-	"DNS Sleep": "0",
6355	+	"DNS Sleep": "0",
6356	-	"Method1": "GET",
6356	+	"Method1": "GET",
6357	-	"Method2": "POST",
6357	+	"Method2": "POST",
6358	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
6358	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
6359	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
6359	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
6360	-	"Proxy_AccessType": "2 (Use IE settings)"
6360	+	"Proxy_AccessType": "2 (Use IE settings)"
6361	-	},
6361	+	},
6362	-	"x64": {
6362	+	"x64": {
6363	-	"BeaconType": "8 (HTTPS)",
6363	+	"BeaconType": "8 (HTTPS)",
6364	-	"Port": "443",
6364	+	"Port": "443",
6365	-	"Polling": "60000",
6365	+	"Polling": "60000",
6366	-	"Jitter": "0",
6366	+	"Jitter": "0",
6367	-	"Maxdns": "255",
6367	+	"Maxdns": "255",
6368	-	"C2 Server": "servupdates.com,/cx",
6368	+	"C2 Server": "servupdates.com,/cx",
6369	-	"User Agent": "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)",
6369	+	"User Agent": "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)",
6370	-	"HTTP Method Path 2": "/submit.php",
6370	+	"HTTP Method Path 2": "/submit.php",
6371	-	"Header1": "",
6371	+	"Header1": "",
6372	-	"Header2": "",
6372	+	"Header2": "",
6373	-	"PipeName": "",
6373	+	"PipeName": "",
6374	-	"DNS Idle": "\\x00\\x00\\x00\\x00",
6374	+	"DNS Idle": "\\x00\\x00\\x00\\x00",
6375	-	"DNS Sleep": "0",
6375	+	"DNS Sleep": "0",
6376	-	"Method1": "GET",
6376	+	"Method1": "GET",
6377	-	"Method2": "POST",
6377	+	"Method2": "POST",
6378	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
6378	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
6379	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
6379	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
6380	-	"Proxy_AccessType": "2 (Use IE settings)"
6380	+	"Proxy_AccessType": "2 (Use IE settings)"
6381	-	}
6381	+	}
6382	-	},
6382	+	},
6383	-	"193.34.166.89": {
6383	+	"193.34.166.89": {
6384	-	"x64": {
6384	+	"x64": {
6385	-	"BeaconType": "8 (HTTPS)",
6385	+	"BeaconType": "8 (HTTPS)",
6386	-	"Port": "443",
6386	+	"Port": "443",
6387	-	"Polling": "60000",
6387	+	"Polling": "60000",
6388	-	"Jitter": "0",
6388	+	"Jitter": "0",
6389	-	"Maxdns": "255",
6389	+	"Maxdns": "255",
6390	-	"C2 Server": "193.34.166.89,/fwlink",
6390	+	"C2 Server": "193.34.166.89,/fwlink",
6391	-	"User Agent": "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; WOW64; Trident/6.0; Touch; MALCJS)",
6391	+	"User Agent": "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; WOW64; Trident/6.0; Touch; MALCJS)",
6392	-	"HTTP Method Path 2": "/submit.php",
6392	+	"HTTP Method Path 2": "/submit.php",
6393	-	"Header1": "",
6393	+	"Header1": "",
6394	-	"Header2": "",
6394	+	"Header2": "",
6395	-	"PipeName": "",
6395	+	"PipeName": "",
6396	-	"DNS Idle": "\\x00\\x00\\x00\\x00",
6396	+	"DNS Idle": "\\x00\\x00\\x00\\x00",
6397	-	"DNS Sleep": "0",
6397	+	"DNS Sleep": "0",
6398	-	"Method1": "GET",
6398	+	"Method1": "GET",
6399	-	"Method2": "POST",
6399	+	"Method2": "POST",
6400	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
6400	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
6401	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
6401	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
6402	-	"Proxy_AccessType": "2 (Use IE settings)"
6402	+	"Proxy_AccessType": "2 (Use IE settings)"
6403	-	}
6403	+	}
6404	-	},
6404	+	},
6405	-	"193.34.167.200": {
6405	+	"193.34.167.200": {
6406	-	"x86": {
6406	+	"x86": {
6407	-	"BeaconType": "8 (HTTPS)",
6407	+	"BeaconType": "8 (HTTPS)",
6408	-	"Port": "443",
6408	+	"Port": "443",
6409	-	"Polling": "60000",
6409	+	"Polling": "60000",
6410	-	"Jitter": "0",
6410	+	"Jitter": "0",
6411	-	"Maxdns": "255",
6411	+	"Maxdns": "255",
6412	-	"C2 Server": "inteldrivers.com,/cm",
6412	+	"C2 Server": "inteldrivers.com,/cm",
6413	-	"User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; XBLWP7; ZuneWP7)",
6413	+	"User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; XBLWP7; ZuneWP7)",
6414	-	"HTTP Method Path 2": "/submit.php",
6414	+	"HTTP Method Path 2": "/submit.php",
6415	-	"Header1": "",
6415	+	"Header1": "",
6416	-	"Header2": "",
6416	+	"Header2": "",
6417	-	"PipeName": "",
6417	+	"PipeName": "",
6418	-	"DNS Idle": "\\x00\\x00\\x00\\x00",
6418	+	"DNS Idle": "\\x00\\x00\\x00\\x00",
6419	-	"DNS Sleep": "0",
6419	+	"DNS Sleep": "0",
6420	-	"Method1": "GET",
6420	+	"Method1": "GET",
6421	-	"Method2": "POST",
6421	+	"Method2": "POST",
6422	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
6422	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
6423	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
6423	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
6424	-	"Proxy_AccessType": "2 (Use IE settings)"
6424	+	"Proxy_AccessType": "2 (Use IE settings)"
6425	-	}
6425	+	}
6426	-	},
6426	+	},
6427	-	"193.34.167.60": {
6427	+	"193.34.167.60": {
6428	-	"x86": {
6428	+	"x86": {
6429	-	"BeaconType": "8 (HTTPS)",
6429	+	"BeaconType": "8 (HTTPS)",
6430	-	"Port": "443",
6430	+	"Port": "443",
6431	-	"Polling": "60000",
6431	+	"Polling": "60000",
6432	-	"Jitter": "0",
6432	+	"Jitter": "0",
6433	-	"C2 Server": "server3.msadwindows.com,/cm",
6433	+	"C2 Server": "server3.msadwindows.com,/cm",
6434	-	"HTTP Method Path 2": "/submit.php",
6434	+	"HTTP Method Path 2": "/submit.php",
6435	-	"Method1": "GET",
6435	+	"Method1": "GET",
6436	-	"Method2": "POST",
6436	+	"Method2": "POST",
6437	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
6437	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
6438	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
6438	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
6439	-	"Proxy_AccessType": "2 (Use IE settings)"
6439	+	"Proxy_AccessType": "2 (Use IE settings)"
6440	-	}
6440	+	}
6441	-	},
6441	+	},
6442	-	"194.5.249.55": {
6442	+	"194.5.249.55": {
6443	-	"x86": {
6443	+	"x86": {
6444	-	"BeaconType": "8 (HTTPS)",
6444	+	"BeaconType": "8 (HTTPS)",
6445	-	"Port": "443",
6445	+	"Port": "443",
6446	-	"Polling": "60000",
6446	+	"Polling": "60000",
6447	-	"Jitter": "0",
6447	+	"Jitter": "0",
6448	-	"Maxdns": "255",
6448	+	"Maxdns": "255",
6449	-	"C2 Server": "194.5.249.55,/cx",
6449	+	"C2 Server": "194.5.249.55,/cx",
6450	-	"User Agent": "Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)",
6450	+	"User Agent": "Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)",
6451	-	"HTTP Method Path 2": "/submit.php",
6451	+	"HTTP Method Path 2": "/submit.php",
6452	-	"Header1": "",
6452	+	"Header1": "",
6453	-	"Header2": "",
6453	+	"Header2": "",
6454	-	"PipeName": "",
6454	+	"PipeName": "",
6455	-	"DNS Idle": "\\x00\\x00\\x00\\x00",
6455	+	"DNS Idle": "\\x00\\x00\\x00\\x00",
6456	-	"DNS Sleep": "0",
6456	+	"DNS Sleep": "0",
6457	-	"Method1": "GET",
6457	+	"Method1": "GET",
6458	-	"Method2": "POST",
6458	+	"Method2": "POST",
6459	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
6459	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
6460	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
6460	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
6461	-	"Proxy_AccessType": "2 (Use IE settings)"
6461	+	"Proxy_AccessType": "2 (Use IE settings)"
6462	-	}
6462	+	}
6463	-	},
6463	+	},
6464	-	"195.123.217.7": {
6464	+	"195.123.217.7": {
6465	-	"x86": {
6465	+	"x86": {
6466	-	"BeaconType": "8 (HTTPS)",
6466	+	"BeaconType": "8 (HTTPS)",
6467	-	"Port": "443",
6467	+	"Port": "443",
6468	-	"Polling": "5000",
6468	+	"Polling": "5000",
6469	-	"Jitter": "0",
6469	+	"Jitter": "0",
6470	-	"Maxdns": "255",
6470	+	"Maxdns": "255",
6471	-	"C2 Server": "195.123.217.7,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,yten.xyz,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books",
6471	+	"C2 Server": "195.123.217.7,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,yten.xyz,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books",
6472	-	"User Agent": "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko",
6472	+	"User Agent": "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko",
6473	-	"HTTP Method Path 2": "/N4215/adj/amzn.us.sr.aps",
6473	+	"HTTP Method Path 2": "/N4215/adj/amzn.us.sr.aps",
6474	-	"Header1": "",
6474	+	"Header1": "",
6475	-	"Header2": "",
6475	+	"Header2": "",
6476	-	"PipeName": "",
6476	+	"PipeName": "",
6477	-	"DNS Idle": "\\x00\\x00\\x00\\x00",
6477	+	"DNS Idle": "\\x00\\x00\\x00\\x00",
6478	-	"DNS Sleep": "0",
6478	+	"DNS Sleep": "0",
6479	-	"Method1": "GET",
6479	+	"Method1": "GET",
6480	-	"Method2": "POST",
6480	+	"Method2": "POST",
6481	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
6481	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
6482	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
6482	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
6483	-	"Proxy_AccessType": "2 (Use IE settings)"
6483	+	"Proxy_AccessType": "2 (Use IE settings)"
6484	-	},
6484	+	},
6485	-	"x64": {
6485	+	"x64": {
6486	-	"BeaconType": "8 (HTTPS)",
6486	+	"BeaconType": "8 (HTTPS)",
6487	-	"Port": "443",
6487	+	"Port": "443",
6488	-	"Polling": "5000",
6488	+	"Polling": "5000",
6489	-	"Jitter": "0",
6489	+	"Jitter": "0",
6490	-	"Maxdns": "255",
6490	+	"Maxdns": "255",
6491	-	"C2 Server": "195.123.217.7,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,yten.xyz,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books",
6491	+	"C2 Server": "195.123.217.7,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,yten.xyz,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books",
6492	-	"User Agent": "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko",
6492	+	"User Agent": "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko",
6493	-	"HTTP Method Path 2": "/N4215/adj/amzn.us.sr.aps",
6493	+	"HTTP Method Path 2": "/N4215/adj/amzn.us.sr.aps",
6494	-	"Header1": "",
6494	+	"Header1": "",
6495	-	"Header2": "",
6495	+	"Header2": "",
6496	-	"PipeName": "",
6496	+	"PipeName": "",
6497	-	"DNS Idle": "\\x00\\x00\\x00\\x00",
6497	+	"DNS Idle": "\\x00\\x00\\x00\\x00",
6498	-	"DNS Sleep": "0",
6498	+	"DNS Sleep": "0",
6499	-	"Method1": "GET",
6499	+	"Method1": "GET",
6500	-	"Method2": "POST",
6500	+	"Method2": "POST",
6501	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
6501	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
6502	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
6502	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
6503	-	"Proxy_AccessType": "2 (Use IE settings)"
6503	+	"Proxy_AccessType": "2 (Use IE settings)"
6504	-	}
6504	+	}
6505	-	},
6505	+	},
6506	-	"195.123.222.43": {
6506	+	"195.123.222.43": {
6507	-	"x86": {
6507	+	"x86": {
6508	-	"BeaconType": "8 (HTTPS)",
6508	+	"BeaconType": "8 (HTTPS)",
6509	-	"Port": "443",
6509	+	"Port": "443",
6510	-	"Polling": "7000",
6510	+	"Polling": "7000",
6511	-	"Jitter": "0",
6511	+	"Jitter": "0",
6512	-	"Maxdns": "255",
6512	+	"Maxdns": "255",
6513	-	"C2 Server": "duskeducate.com,/jquery-3.3.1.min.js",
6513	+	"C2 Server": "duskeducate.com,/jquery-3.3.1.min.js",
6514	-	"User Agent": "Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko",
6514	+	"User Agent": "Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko",
6515	-	"HTTP Method Path 2": "/jquery-3.3.2.min.js",
6515	+	"HTTP Method Path 2": "/jquery-3.3.2.min.js",
6516	-	"Header1": "",
6516	+	"Header1": "",
6517	-	"Header2": "",
6517	+	"Header2": "",
6518	-	"PipeName": "",
6518	+	"PipeName": "",
6519	-	"DNS Idle": "J}\\xC4q",
6519	+	"DNS Idle": "J}\\xC4q",
6520	-	"DNS Sleep": "0",
6520	+	"DNS Sleep": "0",
6521	-	"Method1": "GET",
6521	+	"Method1": "GET",
6522	-	"Method2": "POST",
6522	+	"Method2": "POST",
6523	-	"Spawnto_x86": "%windir%\\syswow64\\dllhost.exe",
6523	+	"Spawnto_x86": "%windir%\\syswow64\\dllhost.exe",
6524	-	"Spawnto_x64": "%windir%\\sysnative\\dllhost.exe",
6524	+	"Spawnto_x64": "%windir%\\sysnative\\dllhost.exe",
6525	-	"Proxy_AccessType": "2 (Use IE settings)"
6525	+	"Proxy_AccessType": "2 (Use IE settings)"
6526	-	},
6526	+	},
6527	-	"x64": {
6527	+	"x64": {
6528	-	"BeaconType": "8 (HTTPS)",
6528	+	"BeaconType": "8 (HTTPS)",
6529	-	"Port": "443",
6529	+	"Port": "443",
6530	-	"Polling": "7000",
6530	+	"Polling": "7000",
6531	-	"Jitter": "0",
6531	+	"Jitter": "0",
6532	-	"Maxdns": "255",
6532	+	"Maxdns": "255",
6533	-	"C2 Server": "duskeducate.com,/jquery-3.3.1.min.js",
6533	+	"C2 Server": "duskeducate.com,/jquery-3.3.1.min.js",
6534	-	"User Agent": "Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko",
6534	+	"User Agent": "Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko",
6535	-	"HTTP Method Path 2": "/jquery-3.3.2.min.js",
6535	+	"HTTP Method Path 2": "/jquery-3.3.2.min.js",
6536	-	"Header1": "",
6536	+	"Header1": "",
6537	-	"Header2": "",
6537	+	"Header2": "",
6538	-	"PipeName": "",
6538	+	"PipeName": "",
6539	-	"DNS Idle": "J}\\xC4q",
6539	+	"DNS Idle": "J}\\xC4q",
6540	-	"DNS Sleep": "0",
6540	+	"DNS Sleep": "0",
6541	-	"Method1": "GET",
6541	+	"Method1": "GET",
6542	-	"Method2": "POST",
6542	+	"Method2": "POST",
6543	-	"Spawnto_x86": "%windir%\\syswow64\\dllhost.exe",
6543	+	"Spawnto_x86": "%windir%\\syswow64\\dllhost.exe",
6544	-	"Spawnto_x64": "%windir%\\sysnative\\dllhost.exe",
6544	+	"Spawnto_x64": "%windir%\\sysnative\\dllhost.exe",
6545	-	"Proxy_AccessType": "2 (Use IE settings)"
6545	+	"Proxy_AccessType": "2 (Use IE settings)"
6546	-	}
6546	+	}
6547	-	},
6547	+	},
6548	-	"195.30.132.195": {
6548	+	"195.30.132.195": {
6549	-	"x86": {
6549	+	"x86": {
6550	-	"BeaconType": "8 (HTTPS)",
6550	+	"BeaconType": "8 (HTTPS)",
6551	-	"Port": "443",
6551	+	"Port": "443",
6552	-	"Polling": "5000",
6552	+	"Polling": "5000",
6553	-	"Jitter": "15",
6553	+	"Jitter": "15",
6554	-	"Maxdns": "255",
6554	+	"Maxdns": "255",
6555	-	"C2 Server": "d1hp3kzjl3pr7y.cloudfront.net,/_/scs/mail-static/_/css/,d3mdcyc7die6tc.cloudfront.net,/_/scs/mail-static/_/css/",
6555	+	"C2 Server": "d1hp3kzjl3pr7y.cloudfront.net,/_/scs/mail-static/_/css/,d3mdcyc7die6tc.cloudfront.net,/_/scs/mail-static/_/css/",
6556	-	"User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.0; Trident/5.0)",
6556	+	"User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.0; Trident/5.0)",
6557	-	"HTTP Method Path 2": "/mail/u/2/",
6557	+	"HTTP Method Path 2": "/mail/u/2/",
6558	-	"Header1": "",
6558	+	"Header1": "",
6559	-	"Header2": "",
6559	+	"Header2": "",
6560	-	"PipeName": "",
6560	+	"PipeName": "",
6561	-	"DNS Idle": "\\x01\\x01\\x01\\x01",
6561	+	"DNS Idle": "\\x01\\x01\\x01\\x01",
6562	-	"DNS Sleep": "0",
6562	+	"DNS Sleep": "0",
6563	-	"Method1": "GET",
6563	+	"Method1": "GET",
6564	-	"Method2": "POST",
6564	+	"Method2": "POST",
6565	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
6565	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
6566	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
6566	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
6567	-	"Proxy_AccessType": "2 (Use IE settings)"
6567	+	"Proxy_AccessType": "2 (Use IE settings)"
6568	-	},
6568	+	},
6569	-	"x64": {
6569	+	"x64": {
6570	-	"BeaconType": "8 (HTTPS)",
6570	+	"BeaconType": "8 (HTTPS)",
6571	-	"Port": "443",
6571	+	"Port": "443",
6572	-	"Polling": "5000",
6572	+	"Polling": "5000",
6573	-	"Jitter": "15",
6573	+	"Jitter": "15",
6574	-	"Maxdns": "255",
6574	+	"Maxdns": "255",
6575	-	"C2 Server": "d1hp3kzjl3pr7y.cloudfront.net,/_/scs/mail-static/_/css/,d3mdcyc7die6tc.cloudfront.net,/_/scs/mail-static/_/css/",
6575	+	"C2 Server": "d1hp3kzjl3pr7y.cloudfront.net,/_/scs/mail-static/_/css/,d3mdcyc7die6tc.cloudfront.net,/_/scs/mail-static/_/css/",
6576	-	"User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)",
6576	+	"User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)",
6577	-	"HTTP Method Path 2": "/mail/u/2/",
6577	+	"HTTP Method Path 2": "/mail/u/2/",
6578	-	"Header1": "",
6578	+	"Header1": "",
6579	-	"Header2": "",
6579	+	"Header2": "",
6580	-	"PipeName": "",
6580	+	"PipeName": "",
6581	-	"DNS Idle": "\\x01\\x01\\x01\\x01",
6581	+	"DNS Idle": "\\x01\\x01\\x01\\x01",
6582	-	"DNS Sleep": "0",
6582	+	"DNS Sleep": "0",
6583	-	"Method1": "GET",
6583	+	"Method1": "GET",
6584	-	"Method2": "POST",
6584	+	"Method2": "POST",
6585	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
6585	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
6586	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
6586	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
6587	-	"Proxy_AccessType": "2 (Use IE settings)"
6587	+	"Proxy_AccessType": "2 (Use IE settings)"
6588	-	}
6588	+	}
6589	-	},
6589	+	},
6590	-	"198.211.107.136": {
6590	+	"198.211.107.136": {
6591	-	"x64": {
6591	+	"x64": {
6592	-	"BeaconType": "8 (HTTPS)",
6592	+	"BeaconType": "8 (HTTPS)",
6593	-	"Port": "443",
6593	+	"Port": "443",
6594	-	"Polling": "58758",
6594	+	"Polling": "58758",
6595	-	"Jitter": "39",
6595	+	"Jitter": "39",
6596	-	"Maxdns": "254",
6596	+	"Maxdns": "254",
6597	-	"C2 Server": "ajax.microsoft.com,/zh.css",
6597	+	"C2 Server": "ajax.microsoft.com,/zh.css",
6598	-	"User Agent": "Mozilla/5.0 (iPhone; CPU iPhone OS 12_0 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.0",
6598	+	"User Agent": "Mozilla/5.0 (iPhone; CPU iPhone OS 12_0 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.0",
6599	-	"HTTP Method Path 2": "/an",
6599	+	"HTTP Method Path 2": "/an",
6600	-	"Header1": "",
6600	+	"Header1": "",
6601	-	"Header2": "",
6601	+	"Header2": "",
6602	-	"PipeName": "",
6602	+	"PipeName": "",
6603	-	"DNS Idle": "L4\\x8D}",
6603	+	"DNS Idle": "L4\\x8D}",
6604	-	"DNS Sleep": "0",
6604	+	"DNS Sleep": "0",
6605	-	"Method1": "GET",
6605	+	"Method1": "GET",
6606	-	"Method2": "POST",
6606	+	"Method2": "POST",
6607	-	"Spawnto_x86": "%windir%\\syswow64\\regsvr32.exe",
6607	+	"Spawnto_x86": "%windir%\\syswow64\\regsvr32.exe",
6608	-	"Spawnto_x64": "%windir%\\sysnative\\regsvr32.exe",
6608	+	"Spawnto_x64": "%windir%\\sysnative\\regsvr32.exe",
6609	-	"Proxy_AccessType": "2 (Use IE settings)"
6609	+	"Proxy_AccessType": "2 (Use IE settings)"
6610	-	}
6610	+	}
6611	-	},
6611	+	},
6612	-	"198.27.79.75": {
6612	+	"198.27.79.75": {
6613	-	"x64": {
6613	+	"x64": {
6614	-	"BeaconType": "8 (HTTPS)",
6614	+	"BeaconType": "8 (HTTPS)",
6615	-	"Port": "443",
6615	+	"Port": "443",
6616	-	"Polling": "56196",
6616	+	"Polling": "56196",
6617	-	"Jitter": "43",
6617	+	"Jitter": "43",
6618	-	"Maxdns": "241",
6618	+	"Maxdns": "241",
6619	-	"C2 Server": "185.189.151.107,/na",
6619	+	"C2 Server": "185.189.151.107,/na",
6620	-	"User Agent": "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/47.0.2526.111 Safari/537.36",
6620	+	"User Agent": "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/47.0.2526.111 Safari/537.36",
6621	-	"HTTP Method Path 2": "/extension",
6621	+	"HTTP Method Path 2": "/extension",
6622	-	"Header1": "",
6622	+	"Header1": "",
6623	-	"Header2": "",
6623	+	"Header2": "",
6624	-	"PipeName": "",
6624	+	"PipeName": "",
6625	-	"DNS Idle": "q\\xF5\\x128",
6625	+	"DNS Idle": "q\\xF5\\x128",
6626	-	"DNS Sleep": "0",
6626	+	"DNS Sleep": "0",
6627	-	"Method1": "GET",
6627	+	"Method1": "GET",
6628	-	"Method2": "POST",
6628	+	"Method2": "POST",
6629	-	"Spawnto_x86": "%windir%\\syswow64\\regsvr32.exe",
6629	+	"Spawnto_x86": "%windir%\\syswow64\\regsvr32.exe",
6630	-	"Spawnto_x64": "%windir%\\sysnative\\regsvr32.exe",
6630	+	"Spawnto_x64": "%windir%\\sysnative\\regsvr32.exe",
6631	-	"Proxy_AccessType": "2 (Use IE settings)"
6631	+	"Proxy_AccessType": "2 (Use IE settings)"
6632	-	}
6632	+	}
6633	-	},
6633	+	},
6634	-	"198.44.14.47": {
6634	+	"198.44.14.47": {
6635	-	"x86": {
6635	+	"x86": {
6636	-	"BeaconType": "8 (HTTPS)",
6636	+	"BeaconType": "8 (HTTPS)",
6637	-	"Port": "443",
6637	+	"Port": "443",
6638	-	"Polling": "63118",
6638	+	"Polling": "63118",
6639	-	"Jitter": "39",
6639	+	"Jitter": "39",
6640	-	"Maxdns": "240",
6640	+	"Maxdns": "240",
6641	-	"C2 Server": "qw.update-chromeservices.com,/groupcp,as.update-chromeservices.com,/groupcp,zx.update-chromeservices.com,/hr",
6641	+	"C2 Server": "qw.update-chromeservices.com,/groupcp,as.update-chromeservices.com,/groupcp,zx.update-chromeservices.com,/hr",
6642	-	"User Agent": "Mozilla/5.0 (Windows Phone 10.0; Android 6.0.1; Microsoft; RM-1152) AppleWebKit/537.36 (KHTML, like Gecko)",
6642	+	"User Agent": "Mozilla/5.0 (Windows Phone 10.0; Android 6.0.1; Microsoft; RM-1152) AppleWebKit/537.36 (KHTML, like Gecko)",
6643	-	"HTTP Method Path 2": "/groupcp",
6643	+	"HTTP Method Path 2": "/groupcp",
6644	-	"Header1": "",
6644	+	"Header1": "",
6645	-	"Header2": "",
6645	+	"Header2": "",
6646	-	"PipeName": "",
6646	+	"PipeName": "",
6647	-	"DNS Idle": "\\xD4\\xCC\\xC7&",
6647	+	"DNS Idle": "\\xD4\\xCC\\xC7&",
6648	-	"DNS Sleep": "0",
6648	+	"DNS Sleep": "0",
6649	-	"Method1": "GET",
6649	+	"Method1": "GET",
6650	-	"Method2": "POST",
6650	+	"Method2": "POST",
6651	-	"Spawnto_x86": "%windir%\\syswow64\\runonce.exe",
6651	+	"Spawnto_x86": "%windir%\\syswow64\\runonce.exe",
6652	-	"Spawnto_x64": "%windir%\\sysnative\\runonce.exe",
6652	+	"Spawnto_x64": "%windir%\\sysnative\\runonce.exe",
6653	-	"Proxy_AccessType": "2 (Use IE settings)"
6653	+	"Proxy_AccessType": "2 (Use IE settings)"
6654	-	}
6654	+	}
6655	-	},
6655	+	},
6656	-	"198.44.97.180": {
6656	+	"198.44.97.180": {
6657	-	"x86": {
6657	+	"x86": {
6658	-	"BeaconType": "8 (HTTPS)",
6658	+	"BeaconType": "8 (HTTPS)",
6659	-	"Port": "443",
6659	+	"Port": "443",
6660	-	"Polling": "60000",
6660	+	"Polling": "60000",
6661	-	"Jitter": "0",
6661	+	"Jitter": "0",
6662	-	"Maxdns": "255",
6662	+	"Maxdns": "255",
6663	-	"C2 Server": "198.44.97.180,/push",
6663	+	"C2 Server": "198.44.97.180,/push",
6664	-	"User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; BOIE9;ENGB)",
6664	+	"User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; BOIE9;ENGB)",
6665	-	"HTTP Method Path 2": "/submit.php",
6665	+	"HTTP Method Path 2": "/submit.php",
6666	-	"Header1": "",
6666	+	"Header1": "",
6667	-	"Header2": "",
6667	+	"Header2": "",
6668	-	"PipeName": "",
6668	+	"PipeName": "",
6669	-	"DNS Idle": "\\x00\\x00\\x00\\x00",
6669	+	"DNS Idle": "\\x00\\x00\\x00\\x00",
6670	-	"DNS Sleep": "0",
6670	+	"DNS Sleep": "0",
6671	-	"Method1": "GET",
6671	+	"Method1": "GET",
6672	-	"Method2": "POST",
6672	+	"Method2": "POST",
6673	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
6673	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
6674	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
6674	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
6675	-	"Proxy_AccessType": "2 (Use IE settings)"
6675	+	"Proxy_AccessType": "2 (Use IE settings)"
6676	-	}
6676	+	}
6677	-	},
6677	+	},
6678	-	"198.44.97.181": {
6678	+	"198.44.97.181": {
6679	-	"x86": {
6679	+	"x86": {
6680	-	"BeaconType": "8 (HTTPS)",
6680	+	"BeaconType": "8 (HTTPS)",
6681	-	"Port": "443",
6681	+	"Port": "443",
6682	-	"Polling": "60000",
6682	+	"Polling": "60000",
6683	-	"Jitter": "0",
6683	+	"Jitter": "0",
6684	-	"Maxdns": "255",
6684	+	"Maxdns": "255",
6685	-	"C2 Server": "198.44.97.180,/push",
6685	+	"C2 Server": "198.44.97.180,/push",
6686	-	"User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; BOIE9;ENGB)",
6686	+	"User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; BOIE9;ENGB)",
6687	-	"HTTP Method Path 2": "/submit.php",
6687	+	"HTTP Method Path 2": "/submit.php",
6688	-	"Header1": "",
6688	+	"Header1": "",
6689	-	"Header2": "",
6689	+	"Header2": "",
6690	-	"PipeName": "",
6690	+	"PipeName": "",
6691	-	"DNS Idle": "\\x00\\x00\\x00\\x00",
6691	+	"DNS Idle": "\\x00\\x00\\x00\\x00",
6692	-	"DNS Sleep": "0",
6692	+	"DNS Sleep": "0",
6693	-	"Method1": "GET",
6693	+	"Method1": "GET",
6694	-	"Method2": "POST",
6694	+	"Method2": "POST",
6695	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
6695	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
6696	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
6696	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
6697	-	"Proxy_AccessType": "2 (Use IE settings)"
6697	+	"Proxy_AccessType": "2 (Use IE settings)"
6698	-	}
6698	+	}
6699	-	},
6699	+	},
6700	-	"199.127.60.227": {
6700	+	"199.127.60.227": {
6701	-	"x86": {
6701	+	"x86": {
6702	-	"BeaconType": "8 (HTTPS)",
6702	+	"BeaconType": "8 (HTTPS)",
6703	-	"Port": "443",
6703	+	"Port": "443",
6704	-	"Polling": "5000",
6704	+	"Polling": "5000",
6705	-	"Jitter": "10",
6705	+	"Jitter": "10",
6706	-	"Maxdns": "235",
6706	+	"Maxdns": "235",
6707	-	"C2 Server": "bitsse.com,/us/ky/louisville/312-s-fourth-st.html,uncole.com,/us/ky/louisville/312-s-fourth-st.html",
6707	+	"C2 Server": "bitsse.com,/us/ky/louisville/312-s-fourth-st.html,uncole.com,/us/ky/louisville/312-s-fourth-st.html",
6708	-	"User Agent": "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko)",
6708	+	"User Agent": "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko)",
6709	-	"HTTP Method Path 2": "/OrderEntryService.asmx/AddOrderLine",
6709	+	"HTTP Method Path 2": "/OrderEntryService.asmx/AddOrderLine",
6710	-	"Header1": "",
6710	+	"Header1": "",
6711	-	"Header2": "",
6711	+	"Header2": "",
6712	-	"PipeName": "",
6712	+	"PipeName": "",
6713	-	"DNS Idle": "\\x08\\x08\\x08\\x08",
6713	+	"DNS Idle": "\\x08\\x08\\x08\\x08",
6714	-	"DNS Sleep": "0",
6714	+	"DNS Sleep": "0",
6715	-	"Method1": "GET",
6715	+	"Method1": "GET",
6716	-	"Method2": "POST",
6716	+	"Method2": "POST",
6717	-	"Spawnto_x86": "%windir%\\syswow64\\mstsc.exe",
6717	+	"Spawnto_x86": "%windir%\\syswow64\\mstsc.exe",
6718	-	"Spawnto_x64": "%windir%\\sysnative\\mstsc.exe",
6718	+	"Spawnto_x64": "%windir%\\sysnative\\mstsc.exe",
6719	-	"Proxy_AccessType": "2 (Use IE settings)"
6719	+	"Proxy_AccessType": "2 (Use IE settings)"
6720	-	}
6720	+	}
6721	-	},
6721	+	},
6722	-	"199.127.60.67": {
6722	+	"199.127.60.67": {
6723	-	"x86": {
6723	+	"x86": {
6724	-	"BeaconType": "8 (HTTPS)",
6724	+	"BeaconType": "8 (HTTPS)",
6725	-	"Port": "443",
6725	+	"Port": "443",
6726	-	"Polling": "5000",
6726	+	"Polling": "5000",
6727	-	"Jitter": "10",
6727	+	"Jitter": "10",
6728	-	"Maxdns": "235",
6728	+	"Maxdns": "235",
6729	-	"C2 Server": "zipflag.com,/us/ky/louisville/312-s-fourth-st.html",
6729	+	"C2 Server": "zipflag.com,/us/ky/louisville/312-s-fourth-st.html",
6730	-	"User Agent": "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko)",
6730	+	"User Agent": "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko)",
6731	-	"HTTP Method Path 2": "/OrderEntryService.asmx/AddOrderLine",
6731	+	"HTTP Method Path 2": "/OrderEntryService.asmx/AddOrderLine",
6732	-	"Header1": "",
6732	+	"Header1": "",
6733	-	"Header2": "",
6733	+	"Header2": "",
6734	-	"PipeName": "",
6734	+	"PipeName": "",
6735	-	"DNS Idle": "\\x08\\x08\\x08\\x08",
6735	+	"DNS Idle": "\\x08\\x08\\x08\\x08",
6736	-	"DNS Sleep": "0",
6736	+	"DNS Sleep": "0",
6737	-	"Method1": "GET",
6737	+	"Method1": "GET",
6738	-	"Method2": "POST",
6738	+	"Method2": "POST",
6739	-	"Spawnto_x86": "%windir%\\syswow64\\mstsc.exe",
6739	+	"Spawnto_x86": "%windir%\\syswow64\\mstsc.exe",
6740	-	"Spawnto_x64": "%windir%\\sysnative\\mstsc.exe",
6740	+	"Spawnto_x64": "%windir%\\sysnative\\mstsc.exe",
6741	-	"Proxy_AccessType": "2 (Use IE settings)"
6741	+	"Proxy_AccessType": "2 (Use IE settings)"
6742	-	}
6742	+	}
6743	-	},
6743	+	},
6744	-	"199.127.61.214": {
6744	+	"199.127.61.214": {
6745	-	"x86": {
6745	+	"x86": {
6746	-	"BeaconType": "8 (HTTPS)",
6746	+	"BeaconType": "8 (HTTPS)",
6747	-	"Port": "443",
6747	+	"Port": "443",
6748	-	"Polling": "5000",
6748	+	"Polling": "5000",
6749	-	"Jitter": "10",
6749	+	"Jitter": "10",
6750	-	"Maxdns": "235",
6750	+	"Maxdns": "235",
6751	-	"C2 Server": "volof.com,/us/ky/louisville/312-s-fourth-st.html",
6751	+	"C2 Server": "volof.com,/us/ky/louisville/312-s-fourth-st.html",
6752	-	"User Agent": "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko)",
6752	+	"User Agent": "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko)",
6753	-	"HTTP Method Path 2": "/OrderEntryService.asmx/AddOrderLine",
6753	+	"HTTP Method Path 2": "/OrderEntryService.asmx/AddOrderLine",
6754	-	"Header1": "",
6754	+	"Header1": "",
6755	-	"Header2": "",
6755	+	"Header2": "",
6756	-	"PipeName": "",
6756	+	"PipeName": "",
6757	-	"DNS Idle": "\\x08\\x08\\x08\\x08",
6757	+	"DNS Idle": "\\x08\\x08\\x08\\x08",
6758	-	"DNS Sleep": "0",
6758	+	"DNS Sleep": "0",
6759	-	"Method1": "GET",
6759	+	"Method1": "GET",
6760	-	"Method2": "POST",
6760	+	"Method2": "POST",
6761	-	"Spawnto_x86": "%windir%\\syswow64\\mstsc.exe",
6761	+	"Spawnto_x86": "%windir%\\syswow64\\mstsc.exe",
6762	-	"Spawnto_x64": "%windir%\\sysnative\\mstsc.exe",
6762	+	"Spawnto_x64": "%windir%\\sysnative\\mstsc.exe",
6763	-	"Proxy_AccessType": "2 (Use IE settings)"
6763	+	"Proxy_AccessType": "2 (Use IE settings)"
6764	-	}
6764	+	}
6765	-	},
6765	+	},
6766	-	"199.127.61.74": {
6766	+	"199.127.61.74": {
6767	-	"x86": {
6767	+	"x86": {
6768	-	"BeaconType": "8 (HTTPS)",
6768	+	"BeaconType": "8 (HTTPS)",
6769	-	"Port": "443",
6769	+	"Port": "443",
6770	-	"Polling": "5000",
6770	+	"Polling": "5000",
6771	-	"Jitter": "10",
6771	+	"Jitter": "10",
6772	-	"Maxdns": "235",
6772	+	"Maxdns": "235",
6773	-	"C2 Server": "lenfree.com,/us/ky/louisville/312-s-fourth-st.html,199.127.61.74,/us/ky/louisville/312-s-fourth-st.html",
6773	+	"C2 Server": "lenfree.com,/us/ky/louisville/312-s-fourth-st.html,199.127.61.74,/us/ky/louisville/312-s-fourth-st.html",
6774	-	"User Agent": "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko)",
6774	+	"User Agent": "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko)",
6775	-	"HTTP Method Path 2": "/OrderEntryService.asmx/AddOrderLine",
6775	+	"HTTP Method Path 2": "/OrderEntryService.asmx/AddOrderLine",
6776	-	"Header1": "",
6776	+	"Header1": "",
6777	-	"Header2": "",
6777	+	"Header2": "",
6778	-	"PipeName": "",
6778	+	"PipeName": "",
6779	-	"DNS Idle": "\\x08\\x08\\x08\\x08",
6779	+	"DNS Idle": "\\x08\\x08\\x08\\x08",
6780	-	"DNS Sleep": "0",
6780	+	"DNS Sleep": "0",
6781	-	"Method1": "GET",
6781	+	"Method1": "GET",
6782	-	"Method2": "POST",
6782	+	"Method2": "POST",
6783	-	"Spawnto_x86": "%windir%\\syswow64\\mstsc.exe",
6783	+	"Spawnto_x86": "%windir%\\syswow64\\mstsc.exe",
6784	-	"Spawnto_x64": "%windir%\\sysnative\\mstsc.exe",
6784	+	"Spawnto_x64": "%windir%\\sysnative\\mstsc.exe",
6785	-	"Proxy_AccessType": "2 (Use IE settings)"
6785	+	"Proxy_AccessType": "2 (Use IE settings)"
6786	-	},
6786	+	},
6787	-	"x64": {
6787	+	"x64": {
6788	-	"BeaconType": "8 (HTTPS)",
6788	+	"BeaconType": "8 (HTTPS)",
6789	-	"Port": "443",
6789	+	"Port": "443",
6790	-	"Polling": "5000",
6790	+	"Polling": "5000",
6791	-	"Jitter": "10",
6791	+	"Jitter": "10",
6792	-	"Maxdns": "235",
6792	+	"Maxdns": "235",
6793	-	"C2 Server": "lenfree.com,/us/ky/louisville/312-s-fourth-st.html,199.127.61.74,/us/ky/louisville/312-s-fourth-st.html",
6793	+	"C2 Server": "lenfree.com,/us/ky/louisville/312-s-fourth-st.html,199.127.61.74,/us/ky/louisville/312-s-fourth-st.html",
6794	-	"User Agent": "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko)",
6794	+	"User Agent": "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko)",
6795	-	"HTTP Method Path 2": "/OrderEntryService.asmx/AddOrderLine",
6795	+	"HTTP Method Path 2": "/OrderEntryService.asmx/AddOrderLine",
6796	-	"Header1": "",
6796	+	"Header1": "",
6797	-	"Header2": "",
6797	+	"Header2": "",
6798	-	"PipeName": "",
6798	+	"PipeName": "",
6799	-	"DNS Idle": "\\x08\\x08\\x08\\x08",
6799	+	"DNS Idle": "\\x08\\x08\\x08\\x08",
6800	-	"DNS Sleep": "0",
6800	+	"DNS Sleep": "0",
6801	-	"Method1": "GET",
6801	+	"Method1": "GET",
6802	-	"Method2": "POST",
6802	+	"Method2": "POST",
6803	-	"Spawnto_x86": "%windir%\\syswow64\\mstsc.exe",
6803	+	"Spawnto_x86": "%windir%\\syswow64\\mstsc.exe",
6804	-	"Spawnto_x64": "%windir%\\sysnative\\mstsc.exe",
6804	+	"Spawnto_x64": "%windir%\\sysnative\\mstsc.exe",
6805	-	"Proxy_AccessType": "2 (Use IE settings)"
6805	+	"Proxy_AccessType": "2 (Use IE settings)"
6806	-	}
6806	+	}
6807	-	},
6807	+	},
6808	-	"199.127.63.73": {
6808	+	"199.127.63.73": {
6809	-	"x86": {
6809	+	"x86": {
6810	-	"BeaconType": "8 (HTTPS)",
6810	+	"BeaconType": "8 (HTTPS)",
6811	-	"Port": "443",
6811	+	"Port": "443",
6812	-	"Polling": "5000",
6812	+	"Polling": "5000",
6813	-	"Jitter": "10",
6813	+	"Jitter": "10",
6814	-	"Maxdns": "235",
6814	+	"Maxdns": "235",
6815	-	"C2 Server": "eyedm.com,/us/ky/louisville/312-s-fourth-st.html",
6815	+	"C2 Server": "eyedm.com,/us/ky/louisville/312-s-fourth-st.html",
6816	-	"User Agent": "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko)",
6816	+	"User Agent": "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko)",
6817	-	"HTTP Method Path 2": "/OrderEntryService.asmx/AddOrderLine",
6817	+	"HTTP Method Path 2": "/OrderEntryService.asmx/AddOrderLine",
6818	-	"Header1": "",
6818	+	"Header1": "",
6819	-	"Header2": "",
6819	+	"Header2": "",
6820	-	"PipeName": "",
6820	+	"PipeName": "",
6821	-	"DNS Idle": "\\x08\\x08\\x08\\x08",
6821	+	"DNS Idle": "\\x08\\x08\\x08\\x08",
6822	-	"DNS Sleep": "0",
6822	+	"DNS Sleep": "0",
6823	-	"Method1": "GET",
6823	+	"Method1": "GET",
6824	-	"Method2": "POST",
6824	+	"Method2": "POST",
6825	-	"Spawnto_x86": "%windir%\\syswow64\\mstsc.exe",
6825	+	"Spawnto_x86": "%windir%\\syswow64\\mstsc.exe",
6826	-	"Spawnto_x64": "%windir%\\sysnative\\mstsc.exe",
6826	+	"Spawnto_x64": "%windir%\\sysnative\\mstsc.exe",
6827	-	"Proxy_AccessType": "2 (Use IE settings)"
6827	+	"Proxy_AccessType": "2 (Use IE settings)"
6828	-	}
6828	+	}
6829	-	},
6829	+	},
6830	-	"199.195.251.56": {
6830	+	"199.195.251.56": {
6831	-	"x86": {
6831	+	"x86": {
6832	-	"BeaconType": "8 (HTTPS)",
6832	+	"BeaconType": "8 (HTTPS)",
6833	-	"Port": "443",
6833	+	"Port": "443",
6834	-	"Polling": "5000",
6834	+	"Polling": "5000",
6835	-	"Jitter": "10",
6835	+	"Jitter": "10",
6836	-	"Maxdns": "235",
6836	+	"Maxdns": "235",
6837	-	"C2 Server": "micsoftin.us,/updates",
6837	+	"C2 Server": "micsoftin.us,/updates",
6838	-	"User Agent": "Mozilla/5.0 (Windows NT 6.1; rv:24.0) Gecko/20100101 Firefox/24.0",
6838	+	"User Agent": "Mozilla/5.0 (Windows NT 6.1; rv:24.0) Gecko/20100101 Firefox/24.0",
6839	-	"HTTP Method Path 2": "/aircanada/dark.php",
6839	+	"HTTP Method Path 2": "/aircanada/dark.php",
6840	-	"Header1": "",
6840	+	"Header1": "",
6841	-	"Header2": "",
6841	+	"Header2": "",
6842	-	"PipeName": "",
6842	+	"PipeName": "",
6843	-	"DNS Idle": "\\x08\\x08\\x04\\x04",
6843	+	"DNS Idle": "\\x08\\x08\\x04\\x04",
6844	-	"DNS Sleep": "0",
6844	+	"DNS Sleep": "0",
6845	-	"Method1": "GET",
6845	+	"Method1": "GET",
6846	-	"Method2": "POST",
6846	+	"Method2": "POST",
6847	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
6847	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
6848	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
6848	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
6849	-	"Proxy_AccessType": "2 (Use IE settings)"
6849	+	"Proxy_AccessType": "2 (Use IE settings)"
6850	-	}
6850	+	}
6851	-	},
6851	+	},
6852	-	"199.195.254.79": {
6852	+	"199.195.254.79": {
6853	-	"x64": {
6853	+	"x64": {
6854	-	"BeaconType": "8 (HTTPS)",
6854	+	"BeaconType": "8 (HTTPS)",
6855	-	"Port": "443",
6855	+	"Port": "443",
6856	-	"Polling": "10000",
6856	+	"Polling": "10000",
6857	-	"Jitter": "20",
6857	+	"Jitter": "20",
6858	-	"Maxdns": "235",
6858	+	"Maxdns": "235",
6859	-	"C2 Server": "www.google-dev.tk,/jquery-3.3.1.min.js",
6859	+	"C2 Server": "www.google-dev.tk,/jquery-3.3.1.min.js",
6860	-	"User Agent": "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E )",
6860	+	"User Agent": "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E )",
6861	-	"HTTP Method Path 2": "/jquery-3.3.2.min.js",
6861	+	"HTTP Method Path 2": "/jquery-3.3.2.min.js",
6862	-	"Header1": "",
6862	+	"Header1": "",
6863	-	"Header2": "",
6863	+	"Header2": "",
6864	-	"PipeName": "",
6864	+	"PipeName": "",
6865	-	"DNS Idle": "\\x08\\x08\\x08\\x08",
6865	+	"DNS Idle": "\\x08\\x08\\x08\\x08",
6866	-	"DNS Sleep": "0",
6866	+	"DNS Sleep": "0",
6867	-	"Method1": "GET",
6867	+	"Method1": "GET",
6868	-	"Method2": "POST",
6868	+	"Method2": "POST",
6869	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
6869	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
6870	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
6870	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
6871	-	"Proxy_AccessType": "2 (Use IE settings)"
6871	+	"Proxy_AccessType": "2 (Use IE settings)"
6872	-	}
6872	+	}
6873	-	},
6873	+	},
6874	-	"202.182.101.162": {
6874	+	"202.182.101.162": {
6875	-	"x64": {
6875	+	"x64": {
6876	-	"BeaconType": "8 (HTTPS)",
6876	+	"BeaconType": "8 (HTTPS)",
6877	-	"Port": "443",
6877	+	"Port": "443",
6878	-	"Polling": "60000",
6878	+	"Polling": "60000",
6879	-	"Jitter": "0",
6879	+	"Jitter": "0",
6880	-	"Maxdns": "255",
6880	+	"Maxdns": "255",
6881	-	"C2 Server": "202.182.101.162,/ca",
6881	+	"C2 Server": "202.182.101.162,/ca",
6882	-	"User Agent": "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; InfoPath.2)",
6882	+	"User Agent": "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; InfoPath.2)",
6883	-	"HTTP Method Path 2": "/submit.php",
6883	+	"HTTP Method Path 2": "/submit.php",
6884	-	"Header1": "",
6884	+	"Header1": "",
6885	-	"Header2": "",
6885	+	"Header2": "",
6886	-	"PipeName": "",
6886	+	"PipeName": "",
6887	-	"DNS Idle": "\\x00\\x00\\x00\\x00",
6887	+	"DNS Idle": "\\x00\\x00\\x00\\x00",
6888	-	"DNS Sleep": "0",
6888	+	"DNS Sleep": "0",
6889	-	"Method1": "GET",
6889	+	"Method1": "GET",
6890	-	"Method2": "POST",
6890	+	"Method2": "POST",
6891	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
6891	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
6892	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
6892	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
6893	-	"Proxy_AccessType": "2 (Use IE settings)"
6893	+	"Proxy_AccessType": "2 (Use IE settings)"
6894	-	}
6894	+	}
6895	-	},
6895	+	},
6896	-	"202.182.96.238": {
6896	+	"202.182.96.238": {
6897	-	"x64": {
6897	+	"x64": {
6898	-	"BeaconType": "8 (HTTPS)",
6898	+	"BeaconType": "8 (HTTPS)",
6899	-	"Port": "443",
6899	+	"Port": "443",
6900	-	"Polling": "5000",
6900	+	"Polling": "5000",
6901	-	"Jitter": "0",
6901	+	"Jitter": "0",
6902	-	"Maxdns": "255",
6902	+	"Maxdns": "255",
6903	-	"C2 Server": "coivotek.livehost.live,/access/",
6903	+	"C2 Server": "coivotek.livehost.live,/access/",
6904	-	"User Agent": "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko",
6904	+	"User Agent": "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko",
6905	-	"HTTP Method Path 2": "/radio/xmlrpc/v35",
6905	+	"HTTP Method Path 2": "/radio/xmlrpc/v35",
6906	-	"Header1": "",
6906	+	"Header1": "",
6907	-	"Header2": "",
6907	+	"Header2": "",
6908	-	"PipeName": "",
6908	+	"PipeName": "",
6909	-	"DNS Idle": "\\x00\\x00\\x00\\x00",
6909	+	"DNS Idle": "\\x00\\x00\\x00\\x00",
6910	-	"DNS Sleep": "0",
6910	+	"DNS Sleep": "0",
6911	-	"Method1": "GET",
6911	+	"Method1": "GET",
6912	-	"Method2": "POST",
6912	+	"Method2": "POST",
6913	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
6913	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
6914	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
6914	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
6915	-	"Proxy_AccessType": "2 (Use IE settings)"
6915	+	"Proxy_AccessType": "2 (Use IE settings)"
6916	-	}
6916	+	}
6917	-	},
6917	+	},
6918	-	"20.36.203.162": {
6918	+	"20.36.203.162": {
6919	-	"x64": {
6919	+	"x64": {
6920	-	"BeaconType": "8 (HTTPS)",
6920	+	"BeaconType": "8 (HTTPS)",
6921	-	"Port": "443",
6921	+	"Port": "443",
6922	-	"Polling": "60000",
6922	+	"Polling": "60000",
6923	-	"Jitter": "0",
6923	+	"Jitter": "0",
6924	-	"C2 Server": "20.36.203.162,/load",
6924	+	"C2 Server": "20.36.203.162,/load",
6925	-	"HTTP Method Path 2": "/submit.php",
6925	+	"HTTP Method Path 2": "/submit.php",
6926	-	"Method1": "GET",
6926	+	"Method1": "GET",
6927	-	"Method2": "POST",
6927	+	"Method2": "POST",
6928	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
6928	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
6929	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
6929	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
6930	-	"Proxy_AccessType": "2 (Use IE settings)"
6930	+	"Proxy_AccessType": "2 (Use IE settings)"
6931	-	}
6931	+	}
6932	-	},
6932	+	},
6933	-	"204.16.247.235": {
6933	+	"204.16.247.235": {
6934	-	"x86": {
6934	+	"x86": {
6935	-	"BeaconType": "8 (HTTPS)",
6935	+	"BeaconType": "8 (HTTPS)",
6936	-	"Port": "443",
6936	+	"Port": "443",
6937	-	"Polling": "5000",
6937	+	"Polling": "5000",
6938	-	"Jitter": "10",
6938	+	"Jitter": "10",
6939	-	"Maxdns": "235",
6939	+	"Maxdns": "235",
6940	-	"C2 Server": "avetool.com,/us/ky/louisville/312-s-fourth-st.html",
6940	+	"C2 Server": "avetool.com,/us/ky/louisville/312-s-fourth-st.html",
6941	-	"User Agent": "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko)",
6941	+	"User Agent": "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko)",
6942	-	"HTTP Method Path 2": "/OrderEntryService.asmx/AddOrderLine",
6942	+	"HTTP Method Path 2": "/OrderEntryService.asmx/AddOrderLine",
6943	-	"Header1": "",
6943	+	"Header1": "",
6944	-	"Header2": "",
6944	+	"Header2": "",
6945	-	"PipeName": "",
6945	+	"PipeName": "",
6946	-	"DNS Idle": "\\x08\\x08\\x08\\x08",
6946	+	"DNS Idle": "\\x08\\x08\\x08\\x08",
6947	-	"DNS Sleep": "0",
6947	+	"DNS Sleep": "0",
6948	-	"Method1": "GET",
6948	+	"Method1": "GET",
6949	-	"Method2": "POST",
6949	+	"Method2": "POST",
6950	-	"Spawnto_x86": "%windir%\\syswow64\\mstsc.exe",
6950	+	"Spawnto_x86": "%windir%\\syswow64\\mstsc.exe",
6951	-	"Spawnto_x64": "%windir%\\sysnative\\mstsc.exe",
6951	+	"Spawnto_x64": "%windir%\\sysnative\\mstsc.exe",
6952	-	"Proxy_AccessType": "2 (Use IE settings)"
6952	+	"Proxy_AccessType": "2 (Use IE settings)"
6953	-	},
6953	+	},
6954	-	"x64": {
6954	+	"x64": {
6955	-	"BeaconType": "8 (HTTPS)",
6955	+	"BeaconType": "8 (HTTPS)",
6956	-	"Port": "443",
6956	+	"Port": "443",
6957	-	"Polling": "5000",
6957	+	"Polling": "5000",
6958	-	"Jitter": "10",
6958	+	"Jitter": "10",
6959	-	"Maxdns": "235",
6959	+	"Maxdns": "235",
6960	-	"C2 Server": "avetool.com,/us/ky/louisville/312-s-fourth-st.html",
6960	+	"C2 Server": "avetool.com,/us/ky/louisville/312-s-fourth-st.html",
6961	-	"User Agent": "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko)",
6961	+	"User Agent": "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko)",
6962	-	"HTTP Method Path 2": "/OrderEntryService.asmx/AddOrderLine",
6962	+	"HTTP Method Path 2": "/OrderEntryService.asmx/AddOrderLine",
6963	-	"Header1": "",
6963	+	"Header1": "",
6964	-	"Header2": "",
6964	+	"Header2": "",
6965	-	"PipeName": "",
6965	+	"PipeName": "",
6966	-	"DNS Idle": "\\x08\\x08\\x08\\x08",
6966	+	"DNS Idle": "\\x08\\x08\\x08\\x08",
6967	-	"DNS Sleep": "0",
6967	+	"DNS Sleep": "0",
6968	-	"Method1": "GET",
6968	+	"Method1": "GET",
6969	-	"Method2": "POST",
6969	+	"Method2": "POST",
6970	-	"Spawnto_x86": "%windir%\\syswow64\\mstsc.exe",
6970	+	"Spawnto_x86": "%windir%\\syswow64\\mstsc.exe",
6971	-	"Spawnto_x64": "%windir%\\sysnative\\mstsc.exe",
6971	+	"Spawnto_x64": "%windir%\\sysnative\\mstsc.exe",
6972	-	"Proxy_AccessType": "2 (Use IE settings)"
6972	+	"Proxy_AccessType": "2 (Use IE settings)"
6973	-	}
6973	+	}
6974	-	},
6974	+	},
6975	-	"204.16.247.30": {
6975	+	"204.16.247.30": {
6976	-	"x86": {
6976	+	"x86": {
6977	-	"BeaconType": "8 (HTTPS)",
6977	+	"BeaconType": "8 (HTTPS)",
6978	-	"Port": "443",
6978	+	"Port": "443",
6979	-	"Polling": "5000",
6979	+	"Polling": "5000",
6980	-	"Jitter": "10",
6980	+	"Jitter": "10",
6981	-	"Maxdns": "235",
6981	+	"Maxdns": "235",
6982	-	"C2 Server": "ballom.com,/us/ky/louisville/312-s-fourth-st.html",
6982	+	"C2 Server": "ballom.com,/us/ky/louisville/312-s-fourth-st.html",
6983	-	"User Agent": "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko)",
6983	+	"User Agent": "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko)",
6984	-	"HTTP Method Path 2": "/OrderEntryService.asmx/AddOrderLine",
6984	+	"HTTP Method Path 2": "/OrderEntryService.asmx/AddOrderLine",
6985	-	"Header1": "",
6985	+	"Header1": "",
6986	-	"Header2": "",
6986	+	"Header2": "",
6987	-	"PipeName": "",
6987	+	"PipeName": "",
6988	-	"DNS Idle": "\\x08\\x08\\x08\\x08",
6988	+	"DNS Idle": "\\x08\\x08\\x08\\x08",
6989	-	"DNS Sleep": "0",
6989	+	"DNS Sleep": "0",
6990	-	"Method1": "GET",
6990	+	"Method1": "GET",
6991	-	"Method2": "POST",
6991	+	"Method2": "POST",
6992	-	"Spawnto_x86": "%windir%\\syswow64\\mstsc.exe",
6992	+	"Spawnto_x86": "%windir%\\syswow64\\mstsc.exe",
6993	-	"Spawnto_x64": "%windir%\\sysnative\\mstsc.exe",
6993	+	"Spawnto_x64": "%windir%\\sysnative\\mstsc.exe",
6994	-	"Proxy_AccessType": "2 (Use IE settings)"
6994	+	"Proxy_AccessType": "2 (Use IE settings)"
6995	-	}
6995	+	}
6996	-	},
6996	+	},
6997	-	"204.16.247.48": {
6997	+	"204.16.247.48": {
6998	-	"x86": {
6998	+	"x86": {
6999	-	"BeaconType": "8 (HTTPS)",
6999	+	"BeaconType": "8 (HTTPS)",
7000	-	"Port": "443",
7000	+	"Port": "443",
7001	-	"Polling": "30000",
7001	+	"Polling": "30000",
7002	-	"Jitter": "20",
7002	+	"Jitter": "20",
7003	-	"Maxdns": "255",
7003	+	"Maxdns": "255",
7004	-	"C2 Server": "goodroy.com,/CWoNaJLBo/VTNeWw11212/",
7004	+	"C2 Server": "goodroy.com,/CWoNaJLBo/VTNeWw11212/",
7005	-	"User Agent": "Mozilla/4.0 (compatible; MSIE 6.0;Windows NT 5.1)",
7005	+	"User Agent": "Mozilla/4.0 (compatible; MSIE 6.0;Windows NT 5.1)",
7006	-	"HTTP Method Path 2": "/CWoNaJLBo/VTNeWw11213/",
7006	+	"HTTP Method Path 2": "/CWoNaJLBo/VTNeWw11213/",
7007	-	"Header1": "",
7007	+	"Header1": "",
7008	-	"Header2": "",
7008	+	"Header2": "",
7009	-	"PipeName": "",
7009	+	"PipeName": "",
7010	-	"DNS Idle": "\\x00\\x00\\x00\\x00",
7010	+	"DNS Idle": "\\x00\\x00\\x00\\x00",
7011	-	"DNS Sleep": "0",
7011	+	"DNS Sleep": "0",
7012	-	"Method1": "GET",
7012	+	"Method1": "GET",
7013	-	"Method2": "POST",
7013	+	"Method2": "POST",
7014	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
7014	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
7015	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
7015	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
7016	-	"Proxy_AccessType": "2 (Use IE settings)"
7016	+	"Proxy_AccessType": "2 (Use IE settings)"
7017	-	}
7017	+	}
7018	-	},
7018	+	},
7019	-	"204.16.247.65": {
7019	+	"204.16.247.65": {
7020	-	"x86": {
7020	+	"x86": {
7021	-	"BeaconType": "8 (HTTPS)",
7021	+	"BeaconType": "8 (HTTPS)",
7022	-	"Port": "443",
7022	+	"Port": "443",
7023	-	"Polling": "30000",
7023	+	"Polling": "30000",
7024	-	"Jitter": "20",
7024	+	"Jitter": "20",
7025	-	"Maxdns": "255",
7025	+	"Maxdns": "255",
7026	-	"C2 Server": "peernew.com,/CWoNaJLBo/VTNeWw11212/",
7026	+	"C2 Server": "peernew.com,/CWoNaJLBo/VTNeWw11212/",
7027	-	"User Agent": "Mozilla/4.0 (compatible; MSIE 6.0;Windows NT 5.1)",
7027	+	"User Agent": "Mozilla/4.0 (compatible; MSIE 6.0;Windows NT 5.1)",
7028	-	"HTTP Method Path 2": "/CWoNaJLBo/VTNeWw11213/",
7028	+	"HTTP Method Path 2": "/CWoNaJLBo/VTNeWw11213/",
7029	-	"Header1": "",
7029	+	"Header1": "",
7030	-	"Header2": "",
7030	+	"Header2": "",
7031	-	"PipeName": "",
7031	+	"PipeName": "",
7032	-	"DNS Idle": "\\x00\\x00\\x00\\x00",
7032	+	"DNS Idle": "\\x00\\x00\\x00\\x00",
7033	-	"DNS Sleep": "0",
7033	+	"DNS Sleep": "0",
7034	-	"Method1": "GET",
7034	+	"Method1": "GET",
7035	-	"Method2": "POST",
7035	+	"Method2": "POST",
7036	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
7036	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
7037	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
7037	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
7038	-	"Proxy_AccessType": "2 (Use IE settings)"
7038	+	"Proxy_AccessType": "2 (Use IE settings)"
7039	-	}
7039	+	}
7040	-	},
7040	+	},
7041	-	"204.16.247.89": {
7041	+	"204.16.247.89": {
7042	-	"x86": {
7042	+	"x86": {
7043	-	"BeaconType": "8 (HTTPS)",
7043	+	"BeaconType": "8 (HTTPS)",
7044	-	"Port": "443",
7044	+	"Port": "443",
7045	-	"Polling": "60000",
7045	+	"Polling": "60000",
7046	-	"Jitter": "0",
7046	+	"Jitter": "0",
7047	-	"Maxdns": "255",
7047	+	"Maxdns": "255",
7048	-	"C2 Server": "204.16.247.89,/g.pixel",
7048	+	"C2 Server": "204.16.247.89,/g.pixel",
7049	-	"User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows Phone OS 7.5; Trident/5.0; IEMobile/9.0; LG; LG-E906)",
7049	+	"User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows Phone OS 7.5; Trident/5.0; IEMobile/9.0; LG; LG-E906)",
7050	-	"HTTP Method Path 2": "/submit.php",
7050	+	"HTTP Method Path 2": "/submit.php",
7051	-	"Header1": "",
7051	+	"Header1": "",
7052	-	"Header2": "",
7052	+	"Header2": "",
7053	-	"PipeName": "",
7053	+	"PipeName": "",
7054	-	"DNS Idle": "\\x00\\x00\\x00\\x00",
7054	+	"DNS Idle": "\\x00\\x00\\x00\\x00",
7055	-	"DNS Sleep": "0",
7055	+	"DNS Sleep": "0",
7056	-	"Method1": "GET",
7056	+	"Method1": "GET",
7057	-	"Method2": "POST",
7057	+	"Method2": "POST",
7058	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
7058	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
7059	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
7059	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
7060	-	"Proxy_AccessType": "2 (Use IE settings)"
7060	+	"Proxy_AccessType": "2 (Use IE settings)"
7061	-	},
7061	+	},
7062	-	"x64": {
7062	+	"x64": {
7063	-	"BeaconType": "8 (HTTPS)",
7063	+	"BeaconType": "8 (HTTPS)",
7064	-	"Port": "443",
7064	+	"Port": "443",
7065	-	"Polling": "60000",
7065	+	"Polling": "60000",
7066	-	"Jitter": "0",
7066	+	"Jitter": "0",
7067	-	"Maxdns": "255",
7067	+	"Maxdns": "255",
7068	-	"C2 Server": "204.16.247.89,/ptj",
7068	+	"C2 Server": "204.16.247.89,/ptj",
7069	-	"User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; NP06)",
7069	+	"User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; NP06)",
7070	-	"HTTP Method Path 2": "/submit.php",
7070	+	"HTTP Method Path 2": "/submit.php",
7071	-	"Header1": "",
7071	+	"Header1": "",
7072	-	"Header2": "",
7072	+	"Header2": "",
7073	-	"PipeName": "",
7073	+	"PipeName": "",
7074	-	"DNS Idle": "\\x00\\x00\\x00\\x00",
7074	+	"DNS Idle": "\\x00\\x00\\x00\\x00",
7075	-	"DNS Sleep": "0",
7075	+	"DNS Sleep": "0",
7076	-	"Method1": "GET",
7076	+	"Method1": "GET",
7077	-	"Method2": "POST",
7077	+	"Method2": "POST",
7078	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
7078	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
7079	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
7079	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
7080	-	"Proxy_AccessType": "2 (Use IE settings)"
7080	+	"Proxy_AccessType": "2 (Use IE settings)"
7081	-	}
7081	+	}
7082	-	},
7082	+	},
7083	-	"206.189.223.152": {
7083	+	"206.189.223.152": {
7084	-	"x86": {
7084	+	"x86": {
7085	-	"BeaconType": "8 (HTTPS)",
7085	+	"BeaconType": "8 (HTTPS)",
7086	-	"Port": "443",
7086	+	"Port": "443",
7087	-	"Polling": "60000",
7087	+	"Polling": "60000",
7088	-	"Jitter": "0",
7088	+	"Jitter": "0",
7089	-	"C2 Server": "206.189.223.152,/push",
7089	+	"C2 Server": "206.189.223.152,/push",
7090	-	"HTTP Method Path 2": "/submit.php",
7090	+	"HTTP Method Path 2": "/submit.php",
7091	-	"Method1": "GET",
7091	+	"Method1": "GET",
7092	-	"Method2": "POST",
7092	+	"Method2": "POST",
7093	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
7093	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
7094	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
7094	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
7095	-	"Proxy_AccessType": "2 (Use IE settings)"
7095	+	"Proxy_AccessType": "2 (Use IE settings)"
7096	-	}
7096	+	}
7097	-	},
7097	+	},
7098	-	"206.189.37.245": {
7098	+	"206.189.37.245": {
7099	-	"x64": {
7099	+	"x64": {
7100	-	"BeaconType": "8 (HTTPS)",
7100	+	"BeaconType": "8 (HTTPS)",
7101	-	"Port": "443",
7101	+	"Port": "443",
7102	-	"Polling": "15000",
7102	+	"Polling": "15000",
7103	-	"Jitter": "90",
7103	+	"Jitter": "90",
7104	-	"Maxdns": "225",
7104	+	"Maxdns": "225",
7105	-	"C2 Server": "do.skype.com,/api2/json/access/ticket,mscrl.microsoft.com,/en-us/p/onerf/MeSilentPassport",
7105	+	"C2 Server": "do.skype.com,/api2/json/access/ticket,mscrl.microsoft.com,/en-us/p/onerf/MeSilentPassport",
7106	-	"User Agent": "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko",
7106	+	"User Agent": "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko",
7107	-	"HTTP Method Path 2": "/gql",
7107	+	"HTTP Method Path 2": "/gql",
7108	-	"Header1": "",
7108	+	"Header1": "",
7109	-	"Header2": "",
7109	+	"Header2": "",
7110	-	"PipeName": "",
7110	+	"PipeName": "",
7111	-	"DNS Idle": "h\\xD8<\\x84",
7111	+	"DNS Idle": "h\\xD8<\\x84",
7112	-	"DNS Sleep": "0",
7112	+	"DNS Sleep": "0",
7113	-	"Method1": "GET",
7113	+	"Method1": "GET",
7114	-	"Method2": "POST",
7114	+	"Method2": "POST",
7115	-	"Spawnto_x86": "%windir%\\System32\\werfault.exe",
7115	+	"Spawnto_x86": "%windir%\\System32\\werfault.exe",
7116	-	"Spawnto_x64": "%windir%\\System32\\werfault.exe",
7116	+	"Spawnto_x64": "%windir%\\System32\\werfault.exe",
7117	-	"Proxy_AccessType": "2 (Use IE settings)"
7117	+	"Proxy_AccessType": "2 (Use IE settings)"
7118	-	}
7118	+	}
7119	-	},
7119	+	},
7120	-	"206.221.176.205": {
7120	+	"206.221.176.205": {
7121	-	"x64": {
7121	+	"x64": {
7122	-	"BeaconType": "8 (HTTPS)",
7122	+	"BeaconType": "8 (HTTPS)",
7123	-	"Port": "443",
7123	+	"Port": "443",
7124	-	"Polling": "5000",
7124	+	"Polling": "5000",
7125	-	"Jitter": "10",
7125	+	"Jitter": "10",
7126	-	"Maxdns": "235",
7126	+	"Maxdns": "235",
7127	-	"C2 Server": "arcnew.com,/us/ky/louisville/312-s-fourth-st.html",
7127	+	"C2 Server": "arcnew.com,/us/ky/louisville/312-s-fourth-st.html",
7128	-	"User Agent": "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko)",
7128	+	"User Agent": "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko)",
7129	-	"HTTP Method Path 2": "/OrderEntryService.asmx/AddOrderLine",
7129	+	"HTTP Method Path 2": "/OrderEntryService.asmx/AddOrderLine",
7130	-	"Header1": "",
7130	+	"Header1": "",
7131	-	"Header2": "",
7131	+	"Header2": "",
7132	-	"PipeName": "",
7132	+	"PipeName": "",
7133	-	"DNS Idle": "\\x08\\x08\\x08\\x08",
7133	+	"DNS Idle": "\\x08\\x08\\x08\\x08",
7134	-	"DNS Sleep": "0",
7134	+	"DNS Sleep": "0",
7135	-	"Method1": "GET",
7135	+	"Method1": "GET",
7136	-	"Method2": "POST",
7136	+	"Method2": "POST",
7137	-	"Spawnto_x86": "%windir%\\syswow64\\mstsc.exe",
7137	+	"Spawnto_x86": "%windir%\\syswow64\\mstsc.exe",
7138	-	"Spawnto_x64": "%windir%\\sysnative\\mstsc.exe",
7138	+	"Spawnto_x64": "%windir%\\sysnative\\mstsc.exe",
7139	-	"Proxy_AccessType": "2 (Use IE settings)"
7139	+	"Proxy_AccessType": "2 (Use IE settings)"
7140	-	}
7140	+	}
7141	-	},
7141	+	},
7142	-	"206.221.179.202": {
7142	+	"206.221.179.202": {
7143	-	"x86": {
7143	+	"x86": {
7144	-	"BeaconType": "8 (HTTPS)",
7144	+	"BeaconType": "8 (HTTPS)",
7145	-	"Port": "443",
7145	+	"Port": "443",
7146	-	"Polling": "5000",
7146	+	"Polling": "5000",
7147	-	"Jitter": "10",
7147	+	"Jitter": "10",
7148	-	"Maxdns": "235",
7148	+	"Maxdns": "235",
7149	-	"C2 Server": "geotry.com,/us/ky/louisville/312-s-fourth-st.html",
7149	+	"C2 Server": "geotry.com,/us/ky/louisville/312-s-fourth-st.html",
7150	-	"User Agent": "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko)",
7150	+	"User Agent": "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko)",
7151	-	"HTTP Method Path 2": "/OrderEntryService.asmx/AddOrderLine",
7151	+	"HTTP Method Path 2": "/OrderEntryService.asmx/AddOrderLine",
7152	-	"Header1": "",
7152	+	"Header1": "",
7153	-	"Header2": "",
7153	+	"Header2": "",
7154	-	"PipeName": "",
7154	+	"PipeName": "",
7155	-	"DNS Idle": "\\x08\\x08\\x08\\x08",
7155	+	"DNS Idle": "\\x08\\x08\\x08\\x08",
7156	-	"DNS Sleep": "0",
7156	+	"DNS Sleep": "0",
7157	-	"Method1": "GET",
7157	+	"Method1": "GET",
7158	-	"Method2": "POST",
7158	+	"Method2": "POST",
7159	-	"Spawnto_x86": "%windir%\\syswow64\\mstsc.exe",
7159	+	"Spawnto_x86": "%windir%\\syswow64\\mstsc.exe",
7160	-	"Spawnto_x64": "%windir%\\sysnative\\mstsc.exe",
7160	+	"Spawnto_x64": "%windir%\\sysnative\\mstsc.exe",
7161	-	"Proxy_AccessType": "2 (Use IE settings)"
7161	+	"Proxy_AccessType": "2 (Use IE settings)"
7162	-	},
7162	+	},
7163	-	"x64": {
7163	+	"x64": {
7164	-	"BeaconType": "8 (HTTPS)",
7164	+	"BeaconType": "8 (HTTPS)",
7165	-	"Port": "443",
7165	+	"Port": "443",
7166	-	"Polling": "5000",
7166	+	"Polling": "5000",
7167	-	"Jitter": "10",
7167	+	"Jitter": "10",
7168	-	"Maxdns": "235",
7168	+	"Maxdns": "235",
7169	-	"C2 Server": "geotry.com,/us/ky/louisville/312-s-fourth-st.html",
7169	+	"C2 Server": "geotry.com,/us/ky/louisville/312-s-fourth-st.html",
7170	-	"User Agent": "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko)",
7170	+	"User Agent": "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko)",
7171	-	"HTTP Method Path 2": "/OrderEntryService.asmx/AddOrderLine",
7171	+	"HTTP Method Path 2": "/OrderEntryService.asmx/AddOrderLine",
7172	-	"Header1": "",
7172	+	"Header1": "",
7173	-	"Header2": "",
7173	+	"Header2": "",
7174	-	"PipeName": "",
7174	+	"PipeName": "",
7175	-	"DNS Idle": "\\x08\\x08\\x08\\x08",
7175	+	"DNS Idle": "\\x08\\x08\\x08\\x08",
7176	-	"DNS Sleep": "0",
7176	+	"DNS Sleep": "0",
7177	-	"Method1": "GET",
7177	+	"Method1": "GET",
7178	-	"Method2": "POST",
7178	+	"Method2": "POST",
7179	-	"Spawnto_x86": "%windir%\\syswow64\\mstsc.exe",
7179	+	"Spawnto_x86": "%windir%\\syswow64\\mstsc.exe",
7180	-	"Spawnto_x64": "%windir%\\sysnative\\mstsc.exe",
7180	+	"Spawnto_x64": "%windir%\\sysnative\\mstsc.exe",
7181	-	"Proxy_AccessType": "2 (Use IE settings)"
7181	+	"Proxy_AccessType": "2 (Use IE settings)"
7182	-	}
7182	+	}
7183	-	},
7183	+	},
7184	-	"206.54.190.220": {
7184	+	"206.54.190.220": {
7185	-	"x86": {
7185	+	"x86": {
7186	-	"BeaconType": "8 (HTTPS)",
7186	+	"BeaconType": "8 (HTTPS)",
7187	-	"Port": "443",
7187	+	"Port": "443",
7188	-	"Polling": "60000",
7188	+	"Polling": "60000",
7189	-	"Jitter": "0",
7189	+	"Jitter": "0",
7190	-	"C2 Server": "45.170.251.101,/ga.js",
7190	+	"C2 Server": "45.170.251.101,/ga.js",
7191	-	"HTTP Method Path 2": "/submit.php",
7191	+	"HTTP Method Path 2": "/submit.php",
7192	-	"Method1": "GET",
7192	+	"Method1": "GET",
7193	-	"Method2": "POST",
7193	+	"Method2": "POST",
7194	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
7194	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
7195	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
7195	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
7196	-	"Proxy_AccessType": "2 (Use IE settings)"
7196	+	"Proxy_AccessType": "2 (Use IE settings)"
7197	-	}
7197	+	}
7198	-	},
7198	+	},
7199	-	"207.148.70.82": {
7199	+	"207.148.70.82": {
7200	-	"x64": {
7200	+	"x64": {
7201	-	"BeaconType": "8 (HTTPS)",
7201	+	"BeaconType": "8 (HTTPS)",
7202	-	"Port": "443",
7202	+	"Port": "443",
7203	-	"Polling": "60000",
7203	+	"Polling": "60000",
7204	-	"Jitter": "0",
7204	+	"Jitter": "0",
7205	-	"Maxdns": "255",
7205	+	"Maxdns": "255",
7206	-	"C2 Server": "207.148.70.82,/pixel",
7206	+	"C2 Server": "207.148.70.82,/pixel",
7207	-	"User Agent": "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)",
7207	+	"User Agent": "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)",
7208	-	"HTTP Method Path 2": "/submit.php",
7208	+	"HTTP Method Path 2": "/submit.php",
7209	-	"Header1": "",
7209	+	"Header1": "",
7210	-	"Header2": "",
7210	+	"Header2": "",
7211	-	"PipeName": "",
7211	+	"PipeName": "",
7212	-	"DNS Idle": "\\x00\\x00\\x00\\x00",
7212	+	"DNS Idle": "\\x00\\x00\\x00\\x00",
7213	-	"DNS Sleep": "0",
7213	+	"DNS Sleep": "0",
7214	-	"Method1": "GET",
7214	+	"Method1": "GET",
7215	-	"Method2": "POST",
7215	+	"Method2": "POST",
7216	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
7216	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
7217	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
7217	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
7218	-	"Proxy_AccessType": "2 (Use IE settings)"
7218	+	"Proxy_AccessType": "2 (Use IE settings)"
7219	-	}
7219	+	}
7220	-	},
7220	+	},
7221	-	"207.219.199.120": {
7221	+	"207.219.199.120": {
7222	-	"x86": {
7222	+	"x86": {
7223	-	"BeaconType": "8 (HTTPS)",
7223	+	"BeaconType": "8 (HTTPS)",
7224	-	"Port": "443",
7224	+	"Port": "443",
7225	-	"Polling": "5000",
7225	+	"Polling": "5000",
7226	-	"Jitter": "0",
7226	+	"Jitter": "0",
7227	-	"Maxdns": "255",
7227	+	"Maxdns": "255",
7228	-	"C2 Server": "s3app.eastus.cloudapp.azure.com,/iconpage.gif,azurecloudapi.eastus.cloudapp.azure.com,/iconpage.gif",
7228	+	"C2 Server": "s3app.eastus.cloudapp.azure.com,/iconpage.gif,azurecloudapi.eastus.cloudapp.azure.com,/iconpage.gif",
7229	-	"User Agent": "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; WOW64; Trident/6.0; MATBJS)",
7229	+	"User Agent": "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; WOW64; Trident/6.0; MATBJS)",
7230	-	"HTTP Method Path 2": "/iconimage.gif",
7230	+	"HTTP Method Path 2": "/iconimage.gif",
7231	-	"Header1": "",
7231	+	"Header1": "",
7232	-	"Header2": "",
7232	+	"Header2": "",
7233	-	"PipeName": "",
7233	+	"PipeName": "",
7234	-	"DNS Idle": "\\x00\\x00\\x00\\x00",
7234	+	"DNS Idle": "\\x00\\x00\\x00\\x00",
7235	-	"DNS Sleep": "0",
7235	+	"DNS Sleep": "0",
7236	-	"Method1": "GET",
7236	+	"Method1": "GET",
7237	-	"Method2": "GET",
7237	+	"Method2": "GET",
7238	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
7238	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
7239	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
7239	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
7240	-	"Proxy_AccessType": "2 (Use IE settings)"
7240	+	"Proxy_AccessType": "2 (Use IE settings)"
7241	-	},
7241	+	},
7242	-	"x64": {
7242	+	"x64": {
7243	-	"BeaconType": "8 (HTTPS)",
7243	+	"BeaconType": "8 (HTTPS)",
7244	-	"Port": "443",
7244	+	"Port": "443",
7245	-	"Polling": "5000",
7245	+	"Polling": "5000",
7246	-	"Jitter": "0",
7246	+	"Jitter": "0",
7247	-	"Maxdns": "255",
7247	+	"Maxdns": "255",
7248	-	"C2 Server": "s3app.eastus.cloudapp.azure.com,/iconpage.gif,azurecloudapi.eastus.cloudapp.azure.com,/iconpage.gif",
7248	+	"C2 Server": "s3app.eastus.cloudapp.azure.com,/iconpage.gif,azurecloudapi.eastus.cloudapp.azure.com,/iconpage.gif",
7249	-	"User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)",
7249	+	"User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)",
7250	-	"HTTP Method Path 2": "/iconimage.gif",
7250	+	"HTTP Method Path 2": "/iconimage.gif",
7251	-	"Header1": "",
7251	+	"Header1": "",
7252	-	"Header2": "",
7252	+	"Header2": "",
7253	-	"PipeName": "",
7253	+	"PipeName": "",
7254	-	"DNS Idle": "\\x00\\x00\\x00\\x00",
7254	+	"DNS Idle": "\\x00\\x00\\x00\\x00",
7255	-	"DNS Sleep": "0",
7255	+	"DNS Sleep": "0",
7256	-	"Method1": "GET",
7256	+	"Method1": "GET",
7257	-	"Method2": "GET",
7257	+	"Method2": "GET",
7258	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
7258	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
7259	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
7259	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
7260	-	"Proxy_AccessType": "2 (Use IE settings)"
7260	+	"Proxy_AccessType": "2 (Use IE settings)"
7261	-	}
7261	+	}
7262	-	},
7262	+	},
7263	-	"209.222.101.153": {
7263	+	"209.222.101.153": {
7264	-	"x86": {
7264	+	"x86": {
7265	-	"BeaconType": "8 (HTTPS)",
7265	+	"BeaconType": "8 (HTTPS)",
7266	-	"Port": "443",
7266	+	"Port": "443",
7267	-	"Polling": "5000",
7267	+	"Polling": "5000",
7268	-	"Jitter": "10",
7268	+	"Jitter": "10",
7269	-	"Maxdns": "235",
7269	+	"Maxdns": "235",
7270	-	"C2 Server": "mixdir.com,/us/ky/louisville/312-s-fourth-st.html",
7270	+	"C2 Server": "mixdir.com,/us/ky/louisville/312-s-fourth-st.html",
7271	-	"User Agent": "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko)",
7271	+	"User Agent": "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko)",
7272	-	"HTTP Method Path 2": "/OrderEntryService.asmx/AddOrderLine",
7272	+	"HTTP Method Path 2": "/OrderEntryService.asmx/AddOrderLine",
7273	-	"Header1": "",
7273	+	"Header1": "",
7274	-	"Header2": "",
7274	+	"Header2": "",
7275	-	"PipeName": "",
7275	+	"PipeName": "",
7276	-	"DNS Idle": "\\x08\\x08\\x08\\x08",
7276	+	"DNS Idle": "\\x08\\x08\\x08\\x08",
7277	-	"DNS Sleep": "0",
7277	+	"DNS Sleep": "0",
7278	-	"Method1": "GET",
7278	+	"Method1": "GET",
7279	-	"Method2": "POST",
7279	+	"Method2": "POST",
7280	-	"Spawnto_x86": "%windir%\\syswow64\\mstsc.exe",
7280	+	"Spawnto_x86": "%windir%\\syswow64\\mstsc.exe",
7281	-	"Spawnto_x64": "%windir%\\sysnative\\mstsc.exe",
7281	+	"Spawnto_x64": "%windir%\\sysnative\\mstsc.exe",
7282	-	"Proxy_AccessType": "2 (Use IE settings)"
7282	+	"Proxy_AccessType": "2 (Use IE settings)"
7283	-	}
7283	+	}
7284	-	},
7284	+	},
7285	-	"209.222.97.8": {
7285	+	"209.222.97.8": {
7286	-	"x86": {
7286	+	"x86": {
7287	-	"BeaconType": "8 (HTTPS)",
7287	+	"BeaconType": "8 (HTTPS)",
7288	-	"Port": "443",
7288	+	"Port": "443",
7289	-	"Polling": "5000",
7289	+	"Polling": "5000",
7290	-	"Jitter": "10",
7290	+	"Jitter": "10",
7291	-	"Maxdns": "235",
7291	+	"Maxdns": "235",
7292	-	"C2 Server": "landcook.com,/us/ky/louisville/312-s-fourth-st.html",
7292	+	"C2 Server": "landcook.com,/us/ky/louisville/312-s-fourth-st.html",
7293	-	"User Agent": "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko)",
7293	+	"User Agent": "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko)",
7294	-	"HTTP Method Path 2": "/OrderEntryService.asmx/AddOrderLine",
7294	+	"HTTP Method Path 2": "/OrderEntryService.asmx/AddOrderLine",
7295	-	"Header1": "",
7295	+	"Header1": "",
7296	-	"Header2": "",
7296	+	"Header2": "",
7297	-	"PipeName": "",
7297	+	"PipeName": "",
7298	-	"DNS Idle": "\\x08\\x08\\x08\\x08",
7298	+	"DNS Idle": "\\x08\\x08\\x08\\x08",
7299	-	"DNS Sleep": "0",
7299	+	"DNS Sleep": "0",
7300	-	"Method1": "GET",
7300	+	"Method1": "GET",
7301	-	"Method2": "POST",
7301	+	"Method2": "POST",
7302	-	"Spawnto_x86": "%windir%\\syswow64\\mstsc.exe",
7302	+	"Spawnto_x86": "%windir%\\syswow64\\mstsc.exe",
7303	-	"Spawnto_x64": "%windir%\\sysnative\\mstsc.exe",
7303	+	"Spawnto_x64": "%windir%\\sysnative\\mstsc.exe",
7304	-	"Proxy_AccessType": "2 (Use IE settings)"
7304	+	"Proxy_AccessType": "2 (Use IE settings)"
7305	-	},
7305	+	},
7306	-	"x64": {
7306	+	"x64": {
7307	-	"BeaconType": "8 (HTTPS)",
7307	+	"BeaconType": "8 (HTTPS)",
7308	-	"Port": "443",
7308	+	"Port": "443",
7309	-	"Polling": "5000",
7309	+	"Polling": "5000",
7310	-	"Jitter": "10",
7310	+	"Jitter": "10",
7311	-	"Maxdns": "235",
7311	+	"Maxdns": "235",
7312	-	"C2 Server": "landcook.com,/us/ky/louisville/312-s-fourth-st.html",
7312	+	"C2 Server": "landcook.com,/us/ky/louisville/312-s-fourth-st.html",
7313	-	"User Agent": "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko)",
7313	+	"User Agent": "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko)",
7314	-	"HTTP Method Path 2": "/OrderEntryService.asmx/AddOrderLine",
7314	+	"HTTP Method Path 2": "/OrderEntryService.asmx/AddOrderLine",
7315	-	"Header1": "",
7315	+	"Header1": "",
7316	-	"Header2": "",
7316	+	"Header2": "",
7317	-	"PipeName": "",
7317	+	"PipeName": "",
7318	-	"DNS Idle": "\\x08\\x08\\x08\\x08",
7318	+	"DNS Idle": "\\x08\\x08\\x08\\x08",
7319	-	"DNS Sleep": "0",
7319	+	"DNS Sleep": "0",
7320	-	"Method1": "GET",
7320	+	"Method1": "GET",
7321	-	"Method2": "POST",
7321	+	"Method2": "POST",
7322	-	"Spawnto_x86": "%windir%\\syswow64\\mstsc.exe",
7322	+	"Spawnto_x86": "%windir%\\syswow64\\mstsc.exe",
7323	-	"Spawnto_x64": "%windir%\\sysnative\\mstsc.exe",
7323	+	"Spawnto_x64": "%windir%\\sysnative\\mstsc.exe",
7324	-	"Proxy_AccessType": "2 (Use IE settings)"
7324	+	"Proxy_AccessType": "2 (Use IE settings)"
7325	-	}
7325	+	}
7326	-	},
7326	+	},
7327	-	"209.222.98.45": {
7327	+	"209.222.98.45": {
7328	-	"x86": {
7328	+	"x86": {
7329	-	"BeaconType": "8 (HTTPS)",
7329	+	"BeaconType": "8 (HTTPS)",
7330	-	"Port": "443",
7330	+	"Port": "443",
7331	-	"Polling": "5000",
7331	+	"Polling": "5000",
7332	-	"Jitter": "10",
7332	+	"Jitter": "10",
7333	-	"Maxdns": "235",
7333	+	"Maxdns": "235",
7334	-	"C2 Server": "exrap.com,/us/ky/louisville/312-s-fourth-st.html",
7334	+	"C2 Server": "exrap.com,/us/ky/louisville/312-s-fourth-st.html",
7335	-	"User Agent": "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko)",
7335	+	"User Agent": "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko)",
7336	-	"HTTP Method Path 2": "/OrderEntryService.asmx/AddOrderLine",
7336	+	"HTTP Method Path 2": "/OrderEntryService.asmx/AddOrderLine",
7337	-	"Header1": "",
7337	+	"Header1": "",
7338	-	"Header2": "",
7338	+	"Header2": "",
7339	-	"PipeName": "",
7339	+	"PipeName": "",
7340	-	"DNS Idle": "\\x08\\x08\\x08\\x08",
7340	+	"DNS Idle": "\\x08\\x08\\x08\\x08",
7341	-	"DNS Sleep": "0",
7341	+	"DNS Sleep": "0",
7342	-	"Method1": "GET",
7342	+	"Method1": "GET",
7343	-	"Method2": "POST",
7343	+	"Method2": "POST",
7344	-	"Spawnto_x86": "%windir%\\syswow64\\mstsc.exe",
7344	+	"Spawnto_x86": "%windir%\\syswow64\\mstsc.exe",
7345	-	"Spawnto_x64": "%windir%\\sysnative\\mstsc.exe",
7345	+	"Spawnto_x64": "%windir%\\sysnative\\mstsc.exe",
7346	-	"Proxy_AccessType": "2 (Use IE settings)"
7346	+	"Proxy_AccessType": "2 (Use IE settings)"
7347	-	},
7347	+	},
7348	-	"x64": {
7348	+	"x64": {
7349	-	"BeaconType": "8 (HTTPS)",
7349	+	"BeaconType": "8 (HTTPS)",
7350	-	"Port": "443",
7350	+	"Port": "443",
7351	-	"Polling": "5000",
7351	+	"Polling": "5000",
7352	-	"Jitter": "10",
7352	+	"Jitter": "10",
7353	-	"Maxdns": "235",
7353	+	"Maxdns": "235",
7354	-	"C2 Server": "exrap.com,/us/ky/louisville/312-s-fourth-st.html",
7354	+	"C2 Server": "exrap.com,/us/ky/louisville/312-s-fourth-st.html",
7355	-	"User Agent": "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko)",
7355	+	"User Agent": "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko)",
7356	-	"HTTP Method Path 2": "/OrderEntryService.asmx/AddOrderLine",
7356	+	"HTTP Method Path 2": "/OrderEntryService.asmx/AddOrderLine",
7357	-	"Header1": "",
7357	+	"Header1": "",
7358	-	"Header2": "",
7358	+	"Header2": "",
7359	-	"PipeName": "",
7359	+	"PipeName": "",
7360	-	"DNS Idle": "\\x08\\x08\\x08\\x08",
7360	+	"DNS Idle": "\\x08\\x08\\x08\\x08",
7361	-	"DNS Sleep": "0",
7361	+	"DNS Sleep": "0",
7362	-	"Method1": "GET",
7362	+	"Method1": "GET",
7363	-	"Method2": "POST",
7363	+	"Method2": "POST",
7364	-	"Spawnto_x86": "%windir%\\syswow64\\mstsc.exe",
7364	+	"Spawnto_x86": "%windir%\\syswow64\\mstsc.exe",
7365	-	"Spawnto_x64": "%windir%\\sysnative\\mstsc.exe",
7365	+	"Spawnto_x64": "%windir%\\sysnative\\mstsc.exe",
7366	-	"Proxy_AccessType": "2 (Use IE settings)"
7366	+	"Proxy_AccessType": "2 (Use IE settings)"
7367	-	}
7367	+	}
7368	-	},
7368	+	},
7369	-	"209.222.98.96": {
7369	+	"209.222.98.96": {
7370	-	"x86": {
7370	+	"x86": {
7371	-	"BeaconType": "8 (HTTPS)",
7371	+	"BeaconType": "8 (HTTPS)",
7372	-	"Port": "443",
7372	+	"Port": "443",
7373	-	"Polling": "5000",
7373	+	"Polling": "5000",
7374	-	"Jitter": "10",
7374	+	"Jitter": "10",
7375	-	"Maxdns": "235",
7375	+	"Maxdns": "235",
7376	-	"C2 Server": "wolfnew.com,/us/ky/louisville/312-s-fourth-st.html",
7376	+	"C2 Server": "wolfnew.com,/us/ky/louisville/312-s-fourth-st.html",
7377	-	"User Agent": "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko)",
7377	+	"User Agent": "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko)",
7378	-	"HTTP Method Path 2": "/OrderEntryService.asmx/AddOrderLine",
7378	+	"HTTP Method Path 2": "/OrderEntryService.asmx/AddOrderLine",
7379	-	"Header1": "",
7379	+	"Header1": "",
7380	-	"Header2": "",
7380	+	"Header2": "",
7381	-	"PipeName": "",
7381	+	"PipeName": "",
7382	-	"DNS Idle": "\\x08\\x08\\x08\\x08",
7382	+	"DNS Idle": "\\x08\\x08\\x08\\x08",
7383	-	"DNS Sleep": "0",
7383	+	"DNS Sleep": "0",
7384	-	"Method1": "GET",
7384	+	"Method1": "GET",
7385	-	"Method2": "POST",
7385	+	"Method2": "POST",
7386	-	"Spawnto_x86": "%windir%\\syswow64\\mstsc.exe",
7386	+	"Spawnto_x86": "%windir%\\syswow64\\mstsc.exe",
7387	-	"Spawnto_x64": "%windir%\\sysnative\\mstsc.exe",
7387	+	"Spawnto_x64": "%windir%\\sysnative\\mstsc.exe",
7388	-	"Proxy_AccessType": "2 (Use IE settings)"
7388	+	"Proxy_AccessType": "2 (Use IE settings)"
7389	-	},
7389	+	},
7390	-	"x64": {
7390	+	"x64": {
7391	-	"BeaconType": "8 (HTTPS)",
7391	+	"BeaconType": "8 (HTTPS)",
7392	-	"Port": "443",
7392	+	"Port": "443",
7393	-	"Polling": "5000",
7393	+	"Polling": "5000",
7394	-	"Jitter": "10",
7394	+	"Jitter": "10",
7395	-	"Maxdns": "235",
7395	+	"Maxdns": "235",
7396	-	"C2 Server": "wolfnew.com,/us/ky/louisville/312-s-fourth-st.html",
7396	+	"C2 Server": "wolfnew.com,/us/ky/louisville/312-s-fourth-st.html",
7397	-	"User Agent": "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko)",
7397	+	"User Agent": "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko)",
7398	-	"HTTP Method Path 2": "/OrderEntryService.asmx/AddOrderLine",
7398	+	"HTTP Method Path 2": "/OrderEntryService.asmx/AddOrderLine",
7399	-	"Header1": "",
7399	+	"Header1": "",
7400	-	"Header2": "",
7400	+	"Header2": "",
7401	-	"PipeName": "",
7401	+	"PipeName": "",
7402	-	"DNS Idle": "\\x08\\x08\\x08\\x08",
7402	+	"DNS Idle": "\\x08\\x08\\x08\\x08",
7403	-	"DNS Sleep": "0",
7403	+	"DNS Sleep": "0",
7404	-	"Method1": "GET",
7404	+	"Method1": "GET",
7405	-	"Method2": "POST",
7405	+	"Method2": "POST",
7406	-	"Spawnto_x86": "%windir%\\syswow64\\mstsc.exe",
7406	+	"Spawnto_x86": "%windir%\\syswow64\\mstsc.exe",
7407	-	"Spawnto_x64": "%windir%\\sysnative\\mstsc.exe",
7407	+	"Spawnto_x64": "%windir%\\sysnative\\mstsc.exe",
7408	-	"Proxy_AccessType": "2 (Use IE settings)"
7408	+	"Proxy_AccessType": "2 (Use IE settings)"
7409	-	}
7409	+	}
7410	-	},
7410	+	},
7411	-	"209.249.134.14": {
7411	+	"209.249.134.14": {
7412	-	"x86": {
7412	+	"x86": {
7413	-	"BeaconType": "8 (HTTPS)",
7413	+	"BeaconType": "8 (HTTPS)",
7414	-	"Port": "443",
7414	+	"Port": "443",
7415	-	"Polling": "30000",
7415	+	"Polling": "30000",
7416	-	"Jitter": "20",
7416	+	"Jitter": "20",
7417	-	"Maxdns": "255",
7417	+	"Maxdns": "255",
7418	-	"C2 Server": "downloads.daytonaneurosurgery.com,/login",
7418	+	"C2 Server": "downloads.daytonaneurosurgery.com,/login",
7419	-	"User Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.100 Safari/537.36",
7419	+	"User Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.100 Safari/537.36",
7420	-	"HTTP Method Path 2": "/api/chat.postMessage",
7420	+	"HTTP Method Path 2": "/api/chat.postMessage",
7421	-	"Header1": "",
7421	+	"Header1": "",
7422	-	"Header2": "",
7422	+	"Header2": "",
7423	-	"PipeName": "",
7423	+	"PipeName": "",
7424	-	"DNS Idle": "J}\\xC4q",
7424	+	"DNS Idle": "J}\\xC4q",
7425	-	"DNS Sleep": "0",
7425	+	"DNS Sleep": "0",
7426	-	"Method1": "GET",
7426	+	"Method1": "GET",
7427	-	"Method2": "POST",
7427	+	"Method2": "POST",
7428	-	"Spawnto_x86": "%windir%\\syswow64\\SearchProtocolHost.exe",
7428	+	"Spawnto_x86": "%windir%\\syswow64\\SearchProtocolHost.exe",
7429	-	"Spawnto_x64": "%windir%\\sysnative\\SearchProtocolHost.exe",
7429	+	"Spawnto_x64": "%windir%\\sysnative\\SearchProtocolHost.exe",
7430	-	"Proxy_AccessType": "2 (Use IE settings)"
7430	+	"Proxy_AccessType": "2 (Use IE settings)"
7431	-	}
7431	+	}
7432	-	},
7432	+	},
7433	-	"217.12.208.251": {
7433	+	"217.12.208.251": {
7434	-	"x86": {
7434	+	"x86": {
7435	-	"BeaconType": "8 (HTTPS)",
7435	+	"BeaconType": "8 (HTTPS)",
7436	-	"Port": "443",
7436	+	"Port": "443",
7437	-	"Polling": "45000",
7437	+	"Polling": "45000",
7438	-	"Jitter": "37",
7438	+	"Jitter": "37",
7439	-	"Maxdns": "255",
7439	+	"Maxdns": "255",
7440	-	"C2 Server": "217.12.208.251,/jquery-3.3.1.min.js",
7440	+	"C2 Server": "217.12.208.251,/jquery-3.3.1.min.js",
7441	-	"User Agent": "Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko",
7441	+	"User Agent": "Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko",
7442	-	"HTTP Method Path 2": "/jquery-3.3.2.min.js",
7442	+	"HTTP Method Path 2": "/jquery-3.3.2.min.js",
7443	-	"Header1": "",
7443	+	"Header1": "",
7444	-	"Header2": "",
7444	+	"Header2": "",
7445	-	"PipeName": "",
7445	+	"PipeName": "",
7446	-	"DNS Idle": "J}\\xC4q",
7446	+	"DNS Idle": "J}\\xC4q",
7447	-	"DNS Sleep": "0",
7447	+	"DNS Sleep": "0",
7448	-	"Method1": "GET",
7448	+	"Method1": "GET",
7449	-	"Method2": "POST",
7449	+	"Method2": "POST",
7450	-	"Spawnto_x86": "%windir%\\syswow64\\dllhost.exe",
7450	+	"Spawnto_x86": "%windir%\\syswow64\\dllhost.exe",
7451	-	"Spawnto_x64": "%windir%\\sysnative\\dllhost.exe",
7451	+	"Spawnto_x64": "%windir%\\sysnative\\dllhost.exe",
7452	-	"Proxy_AccessType": "2 (Use IE settings)"
7452	+	"Proxy_AccessType": "2 (Use IE settings)"
7453	-	}
7453	+	}
7454	-	},
7454	+	},
7455	-	"217.8.117.13": {
7455	+	"217.8.117.13": {
7456	-	"x64": {
7456	+	"x64": {
7457	-	"BeaconType": "8 (HTTPS)",
7457	+	"BeaconType": "8 (HTTPS)",
7458	-	"Port": "443",
7458	+	"Port": "443",
7459	-	"Polling": "60000",
7459	+	"Polling": "60000",
7460	-	"Jitter": "0",
7460	+	"Jitter": "0",
7461	-	"Maxdns": "255",
7461	+	"Maxdns": "255",
7462	-	"C2 Server": "217.8.117.13,/fwlink",
7462	+	"C2 Server": "217.8.117.13,/fwlink",
7463	-	"User Agent": "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; SV1)",
7463	+	"User Agent": "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; SV1)",
7464	-	"HTTP Method Path 2": "/submit.php",
7464	+	"HTTP Method Path 2": "/submit.php",
7465	-	"Header1": "",
7465	+	"Header1": "",
7466	-	"Header2": "",
7466	+	"Header2": "",
7467	-	"PipeName": "",
7467	+	"PipeName": "",
7468	-	"DNS Idle": "\\x00\\x00\\x00\\x00",
7468	+	"DNS Idle": "\\x00\\x00\\x00\\x00",
7469	-	"DNS Sleep": "0",
7469	+	"DNS Sleep": "0",
7470	-	"Method1": "GET",
7470	+	"Method1": "GET",
7471	-	"Method2": "POST",
7471	+	"Method2": "POST",
7472	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
7472	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
7473	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
7473	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
7474	-	"Proxy_AccessType": "2 (Use IE settings)"
7474	+	"Proxy_AccessType": "2 (Use IE settings)"
7475	-	}
7475	+	}
7476	-	},
7476	+	},
7477	-	"23.106.160.111": {
7477	+	"23.106.160.111": {
7478	-	"x64": {
7478	+	"x64": {
7479	-	"BeaconType": "8 (HTTPS)",
7479	+	"BeaconType": "8 (HTTPS)",
7480	-	"Port": "443",
7480	+	"Port": "443",
7481	-	"Polling": "5000",
7481	+	"Polling": "5000",
7482	-	"Jitter": "10",
7482	+	"Jitter": "10",
7483	-	"Maxdns": "235",
7483	+	"Maxdns": "235",
7484	-	"C2 Server": "mixres.com,/us/ky/louisville/312-s-fourth-st.html",
7484	+	"C2 Server": "mixres.com,/us/ky/louisville/312-s-fourth-st.html",
7485	-	"User Agent": "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko)",
7485	+	"User Agent": "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko)",
7486	-	"HTTP Method Path 2": "/OrderEntryService.asmx/AddOrderLine",
7486	+	"HTTP Method Path 2": "/OrderEntryService.asmx/AddOrderLine",
7487	-	"Header1": "",
7487	+	"Header1": "",
7488	-	"Header2": "",
7488	+	"Header2": "",
7489	-	"PipeName": "",
7489	+	"PipeName": "",
7490	-	"DNS Idle": "\\x08\\x08\\x08\\x08",
7490	+	"DNS Idle": "\\x08\\x08\\x08\\x08",
7491	-	"DNS Sleep": "0",
7491	+	"DNS Sleep": "0",
7492	-	"Method1": "GET",
7492	+	"Method1": "GET",
7493	-	"Method2": "POST",
7493	+	"Method2": "POST",
7494	-	"Spawnto_x86": "%windir%\\syswow64\\mstsc.exe",
7494	+	"Spawnto_x86": "%windir%\\syswow64\\mstsc.exe",
7495	-	"Spawnto_x64": "%windir%\\sysnative\\mstsc.exe",
7495	+	"Spawnto_x64": "%windir%\\sysnative\\mstsc.exe",
7496	-	"Proxy_AccessType": "2 (Use IE settings)"
7496	+	"Proxy_AccessType": "2 (Use IE settings)"
7497	-	}
7497	+	}
7498	-	},
7498	+	},
7499	-	"23.106.160.129": {
7499	+	"23.106.160.129": {
7500	-	"x64": {
7500	+	"x64": {
7501	-	"BeaconType": "8 (HTTPS)",
7501	+	"BeaconType": "8 (HTTPS)",
7502	-	"Port": "443",
7502	+	"Port": "443",
7503	-	"Polling": "5000",
7503	+	"Polling": "5000",
7504	-	"Jitter": "10",
7504	+	"Jitter": "10",
7505	-	"Maxdns": "235",
7505	+	"Maxdns": "235",
7506	-	"C2 Server": "regbest.com,/us/ky/louisville/312-s-fourth-st.html",
7506	+	"C2 Server": "regbest.com,/us/ky/louisville/312-s-fourth-st.html",
7507	-	"User Agent": "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko)",
7507	+	"User Agent": "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko)",
7508	-	"HTTP Method Path 2": "/OrderEntryService.asmx/AddOrderLine",
7508	+	"HTTP Method Path 2": "/OrderEntryService.asmx/AddOrderLine",
7509	-	"Header1": "",
7509	+	"Header1": "",
7510	-	"Header2": "",
7510	+	"Header2": "",
7511	-	"PipeName": "",
7511	+	"PipeName": "",
7512	-	"DNS Idle": "\\x08\\x08\\x08\\x08",
7512	+	"DNS Idle": "\\x08\\x08\\x08\\x08",
7513	-	"DNS Sleep": "0",
7513	+	"DNS Sleep": "0",
7514	-	"Method1": "GET",
7514	+	"Method1": "GET",
7515	-	"Method2": "POST",
7515	+	"Method2": "POST",
7516	-	"Spawnto_x86": "%windir%\\syswow64\\mstsc.exe",
7516	+	"Spawnto_x86": "%windir%\\syswow64\\mstsc.exe",
7517	-	"Spawnto_x64": "%windir%\\sysnative\\mstsc.exe",
7517	+	"Spawnto_x64": "%windir%\\sysnative\\mstsc.exe",
7518	-	"Proxy_AccessType": "2 (Use IE settings)"
7518	+	"Proxy_AccessType": "2 (Use IE settings)"
7519	-	}
7519	+	}
7520	-	},
7520	+	},
7521	-	"23.106.160.191": {
7521	+	"23.106.160.191": {
7522	-	"x86": {
7522	+	"x86": {
7523	-	"BeaconType": "8 (HTTPS)",
7523	+	"BeaconType": "8 (HTTPS)",
7524	-	"Port": "443",
7524	+	"Port": "443",
7525	-	"Polling": "60000",
7525	+	"Polling": "60000",
7526	-	"Jitter": "0",
7526	+	"Jitter": "0",
7527	-	"Maxdns": "255",
7527	+	"Maxdns": "255",
7528	-	"C2 Server": "23.106.160.191,/activity",
7528	+	"C2 Server": "23.106.160.191,/activity",
7529	-	"User Agent": "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; InfoPath.2; .NET CLR 2.0.50727)",
7529	+	"User Agent": "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; InfoPath.2; .NET CLR 2.0.50727)",
7530	-	"HTTP Method Path 2": "/submit.php",
7530	+	"HTTP Method Path 2": "/submit.php",
7531	-	"Header1": "",
7531	+	"Header1": "",
7532	-	"Header2": "",
7532	+	"Header2": "",
7533	-	"PipeName": "",
7533	+	"PipeName": "",
7534	-	"DNS Idle": "\\x00\\x00\\x00\\x00",
7534	+	"DNS Idle": "\\x00\\x00\\x00\\x00",
7535	-	"DNS Sleep": "0",
7535	+	"DNS Sleep": "0",
7536	-	"Method1": "GET",
7536	+	"Method1": "GET",
7537	-	"Method2": "POST",
7537	+	"Method2": "POST",
7538	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
7538	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
7539	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
7539	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
7540	-	"Proxy_AccessType": "2 (Use IE settings)"
7540	+	"Proxy_AccessType": "2 (Use IE settings)"
7541	-	}
7541	+	}
7542	-	},
7542	+	},
7543	-	"23.106.160.195": {
7543	+	"23.106.160.195": {
7544	-	"x86": {
7544	+	"x86": {
7545	-	"BeaconType": "8 (HTTPS)",
7545	+	"BeaconType": "8 (HTTPS)",
7546	-	"Port": "443",
7546	+	"Port": "443",
7547	-	"Polling": "5000",
7547	+	"Polling": "5000",
7548	-	"Jitter": "10",
7548	+	"Jitter": "10",
7549	-	"Maxdns": "235",
7549	+	"Maxdns": "235",
7550	-	"C2 Server": "topevi.com,/us/ky/louisville/312-s-fourth-st.html",
7550	+	"C2 Server": "topevi.com,/us/ky/louisville/312-s-fourth-st.html",
7551	-	"User Agent": "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko)",
7551	+	"User Agent": "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko)",
7552	-	"HTTP Method Path 2": "/OrderEntryService.asmx/AddOrderLine",
7552	+	"HTTP Method Path 2": "/OrderEntryService.asmx/AddOrderLine",
7553	-	"Header1": "",
7553	+	"Header1": "",
7554	-	"Header2": "",
7554	+	"Header2": "",
7555	-	"PipeName": "",
7555	+	"PipeName": "",
7556	-	"DNS Idle": "\\x08\\x08\\x08\\x08",
7556	+	"DNS Idle": "\\x08\\x08\\x08\\x08",
7557	-	"DNS Sleep": "0",
7557	+	"DNS Sleep": "0",
7558	-	"Method1": "GET",
7558	+	"Method1": "GET",
7559	-	"Method2": "POST",
7559	+	"Method2": "POST",
7560	-	"Spawnto_x86": "%windir%\\syswow64\\mstsc.exe",
7560	+	"Spawnto_x86": "%windir%\\syswow64\\mstsc.exe",
7561	-	"Spawnto_x64": "%windir%\\sysnative\\mstsc.exe",
7561	+	"Spawnto_x64": "%windir%\\sysnative\\mstsc.exe",
7562	-	"Proxy_AccessType": "2 (Use IE settings)"
7562	+	"Proxy_AccessType": "2 (Use IE settings)"
7563	-	}
7563	+	}
7564	-	},
7564	+	},
7565	-	"23.106.160.198": {
7565	+	"23.106.160.198": {
7566	-	"x86": {
7566	+	"x86": {
7567	-	"BeaconType": "8 (HTTPS)",
7567	+	"BeaconType": "8 (HTTPS)",
7568	-	"Port": "443",
7568	+	"Port": "443",
7569	-	"Polling": "5000",
7569	+	"Polling": "5000",
7570	-	"Jitter": "10",
7570	+	"Jitter": "10",
7571	-	"Maxdns": "235",
7571	+	"Maxdns": "235",
7572	-	"C2 Server": "repshd.com,/us/ky/louisville/312-s-fourth-st.html,pinglis.com,/us/ky/louisville/312-s-fourth-st.html,stargut.com,/us/ky/louisville/312-s-fourth-st.html",
7572	+	"C2 Server": "repshd.com,/us/ky/louisville/312-s-fourth-st.html,pinglis.com,/us/ky/louisville/312-s-fourth-st.html,stargut.com,/us/ky/louisville/312-s-fourth-st.html",
7573	-	"User Agent": "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko)",
7573	+	"User Agent": "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko)",
7574	-	"HTTP Method Path 2": "/OrderEntryService.asmx/AddOrderLine",
7574	+	"HTTP Method Path 2": "/OrderEntryService.asmx/AddOrderLine",
7575	-	"Header1": "",
7575	+	"Header1": "",
7576	-	"Header2": "",
7576	+	"Header2": "",
7577	-	"PipeName": "",
7577	+	"PipeName": "",
7578	-	"DNS Idle": "\\x08\\x08\\x08\\x08",
7578	+	"DNS Idle": "\\x08\\x08\\x08\\x08",
7579	-	"DNS Sleep": "0",
7579	+	"DNS Sleep": "0",
7580	-	"Method1": "GET",
7580	+	"Method1": "GET",
7581	-	"Method2": "POST",
7581	+	"Method2": "POST",
7582	-	"Spawnto_x86": "%windir%\\syswow64\\mstsc.exe",
7582	+	"Spawnto_x86": "%windir%\\syswow64\\mstsc.exe",
7583	-	"Spawnto_x64": "%windir%\\sysnative\\mstsc.exe",
7583	+	"Spawnto_x64": "%windir%\\sysnative\\mstsc.exe",
7584	-	"Proxy_AccessType": "2 (Use IE settings)"
7584	+	"Proxy_AccessType": "2 (Use IE settings)"
7585	-	}
7585	+	}
7586	-	},
7586	+	},
7587	-	"23.106.160.2": {
7587	+	"23.106.160.2": {
7588	-	"x64": {
7588	+	"x64": {
7589	-	"BeaconType": "8 (HTTPS)",
7589	+	"BeaconType": "8 (HTTPS)",
7590	-	"Port": "443",
7590	+	"Port": "443",
7591	-	"Polling": "5000",
7591	+	"Polling": "5000",
7592	-	"Jitter": "10",
7592	+	"Jitter": "10",
7593	-	"Maxdns": "235",
7593	+	"Maxdns": "235",
7594	-	"C2 Server": "bitsse.com,/us/ky/louisville/312-s-fourth-st.html,uncole.com,/us/ky/louisville/312-s-fourth-st.html",
7594	+	"C2 Server": "bitsse.com,/us/ky/louisville/312-s-fourth-st.html,uncole.com,/us/ky/louisville/312-s-fourth-st.html",
7595	-	"User Agent": "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko)",
7595	+	"User Agent": "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko)",
7596	-	"HTTP Method Path 2": "/OrderEntryService.asmx/AddOrderLine",
7596	+	"HTTP Method Path 2": "/OrderEntryService.asmx/AddOrderLine",
7597	-	"Header1": "",
7597	+	"Header1": "",
7598	-	"Header2": "",
7598	+	"Header2": "",
7599	-	"PipeName": "",
7599	+	"PipeName": "",
7600	-	"DNS Idle": "\\x08\\x08\\x08\\x08",
7600	+	"DNS Idle": "\\x08\\x08\\x08\\x08",
7601	-	"DNS Sleep": "0",
7601	+	"DNS Sleep": "0",
7602	-	"Method1": "GET",
7602	+	"Method1": "GET",
7603	-	"Method2": "POST",
7603	+	"Method2": "POST",
7604	-	"Spawnto_x86": "%windir%\\syswow64\\mstsc.exe",
7604	+	"Spawnto_x86": "%windir%\\syswow64\\mstsc.exe",
7605	-	"Spawnto_x64": "%windir%\\sysnative\\mstsc.exe",
7605	+	"Spawnto_x64": "%windir%\\sysnative\\mstsc.exe",
7606	-	"Proxy_AccessType": "2 (Use IE settings)"
7606	+	"Proxy_AccessType": "2 (Use IE settings)"
7607	-	}
7607	+	}
7608	-	},
7608	+	},
7609	-	"23.106.160.216": {
7609	+	"23.106.160.216": {
7610	-	"x86": {
7610	+	"x86": {
7611	-	"BeaconType": "8 (HTTPS)",
7611	+	"BeaconType": "8 (HTTPS)",
7612	-	"Port": "443",
7612	+	"Port": "443",
7613	-	"Polling": "5000",
7613	+	"Polling": "5000",
7614	-	"Jitter": "10",
7614	+	"Jitter": "10",
7615	-	"Maxdns": "235",
7615	+	"Maxdns": "235",
7616	-	"C2 Server": "volof.com,/us/ky/louisville/312-s-fourth-st.html",
7616	+	"C2 Server": "volof.com,/us/ky/louisville/312-s-fourth-st.html",
7617	-	"User Agent": "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko)",
7617	+	"User Agent": "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko)",
7618	-	"HTTP Method Path 2": "/OrderEntryService.asmx/AddOrderLine",
7618	+	"HTTP Method Path 2": "/OrderEntryService.asmx/AddOrderLine",
7619	-	"Header1": "",
7619	+	"Header1": "",
7620	-	"Header2": "",
7620	+	"Header2": "",
7621	-	"PipeName": "",
7621	+	"PipeName": "",
7622	-	"DNS Idle": "\\x08\\x08\\x08\\x08",
7622	+	"DNS Idle": "\\x08\\x08\\x08\\x08",
7623	-	"DNS Sleep": "0",
7623	+	"DNS Sleep": "0",
7624	-	"Method1": "GET",
7624	+	"Method1": "GET",
7625	-	"Method2": "POST",
7625	+	"Method2": "POST",
7626	-	"Spawnto_x86": "%windir%\\syswow64\\mstsc.exe",
7626	+	"Spawnto_x86": "%windir%\\syswow64\\mstsc.exe",
7627	-	"Spawnto_x64": "%windir%\\sysnative\\mstsc.exe",
7627	+	"Spawnto_x64": "%windir%\\sysnative\\mstsc.exe",
7628	-	"Proxy_AccessType": "2 (Use IE settings)"
7628	+	"Proxy_AccessType": "2 (Use IE settings)"
7629	-	}
7629	+	}
7630	-	},
7630	+	},
7631	-	"23.106.160.229": {
7631	+	"23.106.160.229": {
7632	-	"x86": {
7632	+	"x86": {
7633	-	"BeaconType": "8 (HTTPS)",
7633	+	"BeaconType": "8 (HTTPS)",
7634	-	"Port": "443",
7634	+	"Port": "443",
7635	-	"Polling": "60000",
7635	+	"Polling": "60000",
7636	-	"Jitter": "0",
7636	+	"Jitter": "0",
7637	-	"Maxdns": "255",
7637	+	"Maxdns": "255",
7638	-	"C2 Server": "23.106.160.229,/cx",
7638	+	"C2 Server": "23.106.160.229,/cx",
7639	-	"User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MATP; MATP)",
7639	+	"User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MATP; MATP)",
7640	-	"HTTP Method Path 2": "/submit.php",
7640	+	"HTTP Method Path 2": "/submit.php",
7641	-	"Header1": "",
7641	+	"Header1": "",
7642	-	"Header2": "",
7642	+	"Header2": "",
7643	-	"PipeName": "",
7643	+	"PipeName": "",
7644	-	"DNS Idle": "\\x00\\x00\\x00\\x00",
7644	+	"DNS Idle": "\\x00\\x00\\x00\\x00",
7645	-	"DNS Sleep": "0",
7645	+	"DNS Sleep": "0",
7646	-	"Method1": "GET",
7646	+	"Method1": "GET",
7647	-	"Method2": "POST",
7647	+	"Method2": "POST",
7648	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
7648	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
7649	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
7649	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
7650	-	"Proxy_AccessType": "2 (Use IE settings)"
7650	+	"Proxy_AccessType": "2 (Use IE settings)"
7651	-	},
7651	+	},
7652	-	"x64": {
7652	+	"x64": {
7653	-	"BeaconType": "8 (HTTPS)",
7653	+	"BeaconType": "8 (HTTPS)",
7654	-	"Port": "443",
7654	+	"Port": "443",
7655	-	"Polling": "60000",
7655	+	"Polling": "60000",
7656	-	"Jitter": "0",
7656	+	"Jitter": "0",
7657	-	"Maxdns": "255",
7657	+	"Maxdns": "255",
7658	-	"C2 Server": "23.106.160.229,/push",
7658	+	"C2 Server": "23.106.160.229,/push",
7659	-	"User Agent": "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0)",
7659	+	"User Agent": "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0)",
7660	-	"HTTP Method Path 2": "/submit.php",
7660	+	"HTTP Method Path 2": "/submit.php",
7661	-	"Header1": "",
7661	+	"Header1": "",
7662	-	"Header2": "",
7662	+	"Header2": "",
7663	-	"PipeName": "",
7663	+	"PipeName": "",
7664	-	"DNS Idle": "\\x00\\x00\\x00\\x00",
7664	+	"DNS Idle": "\\x00\\x00\\x00\\x00",
7665	-	"DNS Sleep": "0",
7665	+	"DNS Sleep": "0",
7666	-	"Method1": "GET",
7666	+	"Method1": "GET",
7667	-	"Method2": "POST",
7667	+	"Method2": "POST",
7668	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
7668	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
7669	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
7669	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
7670	-	"Proxy_AccessType": "2 (Use IE settings)"
7670	+	"Proxy_AccessType": "2 (Use IE settings)"
7671	-	}
7671	+	}
7672	-	},
7672	+	},
7673	-	"23.106.160.61": {
7673	+	"23.106.160.61": {
7674	-	"x86": {
7674	+	"x86": {
7675	-	"BeaconType": "8 (HTTPS)",
7675	+	"BeaconType": "8 (HTTPS)",
7676	-	"Port": "443",
7676	+	"Port": "443",
7677	-	"Polling": "5000",
7677	+	"Polling": "5000",
7678	-	"Jitter": "10",
7678	+	"Jitter": "10",
7679	-	"Maxdns": "235",
7679	+	"Maxdns": "235",
7680	-	"C2 Server": "wikibros.com,/us/ky/louisville/312-s-fourth-st.html",
7680	+	"C2 Server": "wikibros.com,/us/ky/louisville/312-s-fourth-st.html",
7681	-	"User Agent": "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko)",
7681	+	"User Agent": "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko)",
7682	-	"HTTP Method Path 2": "/OrderEntryService.asmx/AddOrderLine",
7682	+	"HTTP Method Path 2": "/OrderEntryService.asmx/AddOrderLine",
7683	-	"Header1": "",
7683	+	"Header1": "",
7684	-	"Header2": "",
7684	+	"Header2": "",
7685	-	"PipeName": "",
7685	+	"PipeName": "",
7686	-	"DNS Idle": "\\x08\\x08\\x08\\x08",
7686	+	"DNS Idle": "\\x08\\x08\\x08\\x08",
7687	-	"DNS Sleep": "0",
7687	+	"DNS Sleep": "0",
7688	-	"Method1": "GET",
7688	+	"Method1": "GET",
7689	-	"Method2": "POST",
7689	+	"Method2": "POST",
7690	-	"Spawnto_x86": "%windir%\\syswow64\\mstsc.exe",
7690	+	"Spawnto_x86": "%windir%\\syswow64\\mstsc.exe",
7691	-	"Spawnto_x64": "%windir%\\sysnative\\mstsc.exe",
7691	+	"Spawnto_x64": "%windir%\\sysnative\\mstsc.exe",
7692	-	"Proxy_AccessType": "2 (Use IE settings)"
7692	+	"Proxy_AccessType": "2 (Use IE settings)"
7693	-	}
7693	+	}
7694	-	},
7694	+	},
7695	-	"23.106.160.86": {
7695	+	"23.106.160.86": {
7696	-	"x86": {
7696	+	"x86": {
7697	-	"BeaconType": "8 (HTTPS)",
7697	+	"BeaconType": "8 (HTTPS)",
7698	-	"Port": "443",
7698	+	"Port": "443",
7699	-	"Polling": "5000",
7699	+	"Polling": "5000",
7700	-	"Jitter": "10",
7700	+	"Jitter": "10",
7701	-	"Maxdns": "235",
7701	+	"Maxdns": "235",
7702	-	"C2 Server": "raills.com,/us/ky/louisville/312-s-fourth-st.html",
7702	+	"C2 Server": "raills.com,/us/ky/louisville/312-s-fourth-st.html",
7703	-	"User Agent": "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko)",
7703	+	"User Agent": "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko)",
7704	-	"HTTP Method Path 2": "/OrderEntryService.asmx/AddOrderLine",
7704	+	"HTTP Method Path 2": "/OrderEntryService.asmx/AddOrderLine",
7705	-	"Header1": "",
7705	+	"Header1": "",
7706	-	"Header2": "",
7706	+	"Header2": "",
7707	-	"PipeName": "",
7707	+	"PipeName": "",
7708	-	"DNS Idle": "\\x08\\x08\\x08\\x08",
7708	+	"DNS Idle": "\\x08\\x08\\x08\\x08",
7709	-	"DNS Sleep": "0",
7709	+	"DNS Sleep": "0",
7710	-	"Method1": "GET",
7710	+	"Method1": "GET",
7711	-	"Method2": "POST",
7711	+	"Method2": "POST",
7712	-	"Spawnto_x86": "%windir%\\syswow64\\mstsc.exe",
7712	+	"Spawnto_x86": "%windir%\\syswow64\\mstsc.exe",
7713	-	"Spawnto_x64": "%windir%\\sysnative\\mstsc.exe",
7713	+	"Spawnto_x64": "%windir%\\sysnative\\mstsc.exe",
7714	-	"Proxy_AccessType": "2 (Use IE settings)"
7714	+	"Proxy_AccessType": "2 (Use IE settings)"
7715	-	}
7715	+	}
7716	-	},
7716	+	},
7717	-	"23.106.215.199": {
7717	+	"23.106.215.199": {
7718	-	"x64": {
7718	+	"x64": {
7719	-	"BeaconType": "8 (HTTPS)",
7719	+	"BeaconType": "8 (HTTPS)",
7720	-	"Port": "443",
7720	+	"Port": "443",
7721	-	"Polling": "30000",
7721	+	"Polling": "30000",
7722	-	"Jitter": "20",
7722	+	"Jitter": "20",
7723	-	"Maxdns": "255",
7723	+	"Maxdns": "255",
7724	-	"C2 Server": "stephq.com,/CWoNaJLBo/VTNeWw11212/",
7724	+	"C2 Server": "stephq.com,/CWoNaJLBo/VTNeWw11212/",
7725	-	"User Agent": "Mozilla/4.0 (compatible; MSIE 6.0;Windows NT 5.1)",
7725	+	"User Agent": "Mozilla/4.0 (compatible; MSIE 6.0;Windows NT 5.1)",
7726	-	"HTTP Method Path 2": "/CWoNaJLBo/VTNeWw11213/",
7726	+	"HTTP Method Path 2": "/CWoNaJLBo/VTNeWw11213/",
7727	-	"Header1": "",
7727	+	"Header1": "",
7728	-	"Header2": "",
7728	+	"Header2": "",
7729	-	"PipeName": "",
7729	+	"PipeName": "",
7730	-	"DNS Idle": "\\x00\\x00\\x00\\x00",
7730	+	"DNS Idle": "\\x00\\x00\\x00\\x00",
7731	-	"DNS Sleep": "0",
7731	+	"DNS Sleep": "0",
7732	-	"Method1": "GET",
7732	+	"Method1": "GET",
7733	-	"Method2": "POST",
7733	+	"Method2": "POST",
7734	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
7734	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
7735	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
7735	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
7736	-	"Proxy_AccessType": "2 (Use IE settings)"
7736	+	"Proxy_AccessType": "2 (Use IE settings)"
7737	-	}
7737	+	}
7738	-	},
7738	+	},
7739	-	"23.106.215.32": {
7739	+	"23.106.215.32": {
7740	-	"x64": {
7740	+	"x64": {
7741	-	"BeaconType": "8 (HTTPS)",
7741	+	"BeaconType": "8 (HTTPS)",
7742	-	"Port": "443",
7742	+	"Port": "443",
7743	-	"Polling": "5000",
7743	+	"Polling": "5000",
7744	-	"Jitter": "37",
7744	+	"Jitter": "37",
7745	-	"Maxdns": "255",
7745	+	"Maxdns": "255",
7746	-	"C2 Server": "contedge.net,/jquery-3.3.1.min.js",
7746	+	"C2 Server": "contedge.net,/jquery-3.3.1.min.js",
7747	-	"User Agent": "Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko",
7747	+	"User Agent": "Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko",
7748	-	"HTTP Method Path 2": "/jquery-3.3.2.min.js",
7748	+	"HTTP Method Path 2": "/jquery-3.3.2.min.js",
7749	-	"Header1": "",
7749	+	"Header1": "",
7750	-	"Header2": "",
7750	+	"Header2": "",
7751	-	"PipeName": "",
7751	+	"PipeName": "",
7752	-	"DNS Idle": "J}\\xC4q",
7752	+	"DNS Idle": "J}\\xC4q",
7753	-	"DNS Sleep": "0",
7753	+	"DNS Sleep": "0",
7754	-	"Method1": "GET",
7754	+	"Method1": "GET",
7755	-	"Method2": "POST",
7755	+	"Method2": "POST",
7756	-	"Spawnto_x86": "%windir%\\syswow64\\dllhost.exe",
7756	+	"Spawnto_x86": "%windir%\\syswow64\\dllhost.exe",
7757	-	"Spawnto_x64": "%windir%\\sysnative\\dllhost.exe",
7757	+	"Spawnto_x64": "%windir%\\sysnative\\dllhost.exe",
7758	-	"Proxy_AccessType": "2 (Use IE settings)"
7758	+	"Proxy_AccessType": "2 (Use IE settings)"
7759	-	}
7759	+	}
7760	-	},
7760	+	},
7761	-	"23.106.215.40": {
7761	+	"23.106.215.40": {
7762	-	"x86": {
7762	+	"x86": {
7763	-	"BeaconType": "8 (HTTPS)",
7763	+	"BeaconType": "8 (HTTPS)",
7764	-	"Port": "443",
7764	+	"Port": "443",
7765	-	"Polling": "60000",
7765	+	"Polling": "60000",
7766	-	"Jitter": "0",
7766	+	"Jitter": "0",
7767	-	"Maxdns": "255",
7767	+	"Maxdns": "255",
7768	-	"C2 Server": "cuphq.com,/ga.js",
7768	+	"C2 Server": "cuphq.com,/ga.js",
7769	-	"User Agent": "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; WOW64; Trident/6.0; MATBJS)",
7769	+	"User Agent": "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; WOW64; Trident/6.0; MATBJS)",
7770	-	"HTTP Method Path 2": "/submit.php",
7770	+	"HTTP Method Path 2": "/submit.php",
7771	-	"Header1": "",
7771	+	"Header1": "",
7772	-	"Header2": "",
7772	+	"Header2": "",
7773	-	"PipeName": "",
7773	+	"PipeName": "",
7774	-	"DNS Idle": "\\x00\\x00\\x00\\x00",
7774	+	"DNS Idle": "\\x00\\x00\\x00\\x00",
7775	-	"DNS Sleep": "0",
7775	+	"DNS Sleep": "0",
7776	-	"Method1": "GET",
7776	+	"Method1": "GET",
7777	-	"Method2": "POST",
7777	+	"Method2": "POST",
7778	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
7778	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
7779	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
7779	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
7780	-	"Proxy_AccessType": "2 (Use IE settings)"
7780	+	"Proxy_AccessType": "2 (Use IE settings)"
7781	-	}
7781	+	}
7782	-	},
7782	+	},
7783	-	"23.106.223.151": {
7783	+	"23.106.223.151": {
7784	-	"x86": {
7784	+	"x86": {
7785	-	"BeaconType": "8 (HTTPS)",
7785	+	"BeaconType": "8 (HTTPS)",
7786	-	"Port": "443",
7786	+	"Port": "443",
7787	-	"Polling": "5000",
7787	+	"Polling": "5000",
7788	-	"Jitter": "10",
7788	+	"Jitter": "10",
7789	-	"Maxdns": "235",
7789	+	"Maxdns": "235",
7790	-	"C2 Server": "foxreps.com,/us/ky/louisville/312-s-fourth-st.html,novause.com,/us/ky/louisville/312-s-fourth-st.html",
7790	+	"C2 Server": "foxreps.com,/us/ky/louisville/312-s-fourth-st.html,novause.com,/us/ky/louisville/312-s-fourth-st.html",
7791	-	"User Agent": "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko)",
7791	+	"User Agent": "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko)",
7792	-	"HTTP Method Path 2": "/OrderEntryService.asmx/AddOrderLine",
7792	+	"HTTP Method Path 2": "/OrderEntryService.asmx/AddOrderLine",
7793	-	"Header1": "",
7793	+	"Header1": "",
7794	-	"Header2": "",
7794	+	"Header2": "",
7795	-	"PipeName": "",
7795	+	"PipeName": "",
7796	-	"DNS Idle": "\\x08\\x08\\x08\\x08",
7796	+	"DNS Idle": "\\x08\\x08\\x08\\x08",
7797	-	"DNS Sleep": "0",
7797	+	"DNS Sleep": "0",
7798	-	"Method1": "GET",
7798	+	"Method1": "GET",
7799	-	"Method2": "POST",
7799	+	"Method2": "POST",
7800	-	"Spawnto_x86": "%windir%\\syswow64\\mstsc.exe",
7800	+	"Spawnto_x86": "%windir%\\syswow64\\mstsc.exe",
7801	-	"Spawnto_x64": "%windir%\\sysnative\\mstsc.exe",
7801	+	"Spawnto_x64": "%windir%\\sysnative\\mstsc.exe",
7802	-	"Proxy_AccessType": "2 (Use IE settings)"
7802	+	"Proxy_AccessType": "2 (Use IE settings)"
7803	-	},
7803	+	},
7804	-	"x64": {
7804	+	"x64": {
7805	-	"BeaconType": "8 (HTTPS)",
7805	+	"BeaconType": "8 (HTTPS)",
7806	-	"Port": "443",
7806	+	"Port": "443",
7807	-	"Polling": "5000",
7807	+	"Polling": "5000",
7808	-	"Jitter": "10",
7808	+	"Jitter": "10",
7809	-	"Maxdns": "235",
7809	+	"Maxdns": "235",
7810	-	"C2 Server": "foxreps.com,/us/ky/louisville/312-s-fourth-st.html,novause.com,/us/ky/louisville/312-s-fourth-st.html",
7810	+	"C2 Server": "foxreps.com,/us/ky/louisville/312-s-fourth-st.html,novause.com,/us/ky/louisville/312-s-fourth-st.html",
7811	-	"User Agent": "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko)",
7811	+	"User Agent": "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko)",
7812	-	"HTTP Method Path 2": "/OrderEntryService.asmx/AddOrderLine",
7812	+	"HTTP Method Path 2": "/OrderEntryService.asmx/AddOrderLine",
7813	-	"Header1": "",
7813	+	"Header1": "",
7814	-	"Header2": "",
7814	+	"Header2": "",
7815	-	"PipeName": "",
7815	+	"PipeName": "",
7816	-	"DNS Idle": "\\x08\\x08\\x08\\x08",
7816	+	"DNS Idle": "\\x08\\x08\\x08\\x08",
7817	-	"DNS Sleep": "0",
7817	+	"DNS Sleep": "0",
7818	-	"Method1": "GET",
7818	+	"Method1": "GET",
7819	-	"Method2": "POST",
7819	+	"Method2": "POST",
7820	-	"Spawnto_x86": "%windir%\\syswow64\\mstsc.exe",
7820	+	"Spawnto_x86": "%windir%\\syswow64\\mstsc.exe",
7821	-	"Spawnto_x64": "%windir%\\sysnative\\mstsc.exe",
7821	+	"Spawnto_x64": "%windir%\\sysnative\\mstsc.exe",
7822	-	"Proxy_AccessType": "2 (Use IE settings)"
7822	+	"Proxy_AccessType": "2 (Use IE settings)"
7823	-	}
7823	+	}
7824	-	},
7824	+	},
7825	-	"23.106.223.172": {
7825	+	"23.106.223.172": {
7826	-	"x86": {
7826	+	"x86": {
7827	-	"BeaconType": "8 (HTTPS)",
7827	+	"BeaconType": "8 (HTTPS)",
7828	-	"Port": "443",
7828	+	"Port": "443",
7829	-	"Polling": "5000",
7829	+	"Polling": "5000",
7830	-	"Jitter": "10",
7830	+	"Jitter": "10",
7831	-	"Maxdns": "235",
7831	+	"Maxdns": "235",
7832	-	"C2 Server": "resfox.com,/us/ky/louisville/312-s-fourth-st.html,zeroflip.com,/us/ky/louisville/312-s-fourth-st.html",
7832	+	"C2 Server": "resfox.com,/us/ky/louisville/312-s-fourth-st.html,zeroflip.com,/us/ky/louisville/312-s-fourth-st.html",
7833	-	"User Agent": "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko)",
7833	+	"User Agent": "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko)",
7834	-	"HTTP Method Path 2": "/OrderEntryService.asmx/AddOrderLine",
7834	+	"HTTP Method Path 2": "/OrderEntryService.asmx/AddOrderLine",
7835	-	"Header1": "",
7835	+	"Header1": "",
7836	-	"Header2": "",
7836	+	"Header2": "",
7837	-	"PipeName": "",
7837	+	"PipeName": "",
7838	-	"DNS Idle": "\\x08\\x08\\x08\\x08",
7838	+	"DNS Idle": "\\x08\\x08\\x08\\x08",
7839	-	"DNS Sleep": "0",
7839	+	"DNS Sleep": "0",
7840	-	"Method1": "GET",
7840	+	"Method1": "GET",
7841	-	"Method2": "POST",
7841	+	"Method2": "POST",
7842	-	"Spawnto_x86": "%windir%\\syswow64\\mstsc.exe",
7842	+	"Spawnto_x86": "%windir%\\syswow64\\mstsc.exe",
7843	-	"Spawnto_x64": "%windir%\\sysnative\\mstsc.exe",
7843	+	"Spawnto_x64": "%windir%\\sysnative\\mstsc.exe",
7844	-	"Proxy_AccessType": "2 (Use IE settings)"
7844	+	"Proxy_AccessType": "2 (Use IE settings)"
7845	-	}
7845	+	}
7846	-	},
7846	+	},
7847	-	"23.106.223.27": {
7847	+	"23.106.223.27": {
7848	-	"x86": {
7848	+	"x86": {
7849	-	"BeaconType": "8 (HTTPS)",
7849	+	"BeaconType": "8 (HTTPS)",
7850	-	"Port": "443",
7850	+	"Port": "443",
7851	-	"Polling": "5000",
7851	+	"Polling": "5000",
7852	-	"Jitter": "10",
7852	+	"Jitter": "10",
7853	-	"Maxdns": "235",
7853	+	"Maxdns": "235",
7854	-	"C2 Server": "arcnew.com,/us/ky/louisville/312-s-fourth-st.html",
7854	+	"C2 Server": "arcnew.com,/us/ky/louisville/312-s-fourth-st.html",
7855	-	"User Agent": "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko)",
7855	+	"User Agent": "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko)",
7856	-	"HTTP Method Path 2": "/OrderEntryService.asmx/AddOrderLine",
7856	+	"HTTP Method Path 2": "/OrderEntryService.asmx/AddOrderLine",
7857	-	"Header1": "",
7857	+	"Header1": "",
7858	-	"Header2": "",
7858	+	"Header2": "",
7859	-	"PipeName": "",
7859	+	"PipeName": "",
7860	-	"DNS Idle": "\\x08\\x08\\x08\\x08",
7860	+	"DNS Idle": "\\x08\\x08\\x08\\x08",
7861	-	"DNS Sleep": "0",
7861	+	"DNS Sleep": "0",
7862	-	"Method1": "GET",
7862	+	"Method1": "GET",
7863	-	"Method2": "POST",
7863	+	"Method2": "POST",
7864	-	"Spawnto_x86": "%windir%\\syswow64\\mstsc.exe",
7864	+	"Spawnto_x86": "%windir%\\syswow64\\mstsc.exe",
7865	-	"Spawnto_x64": "%windir%\\sysnative\\mstsc.exe",
7865	+	"Spawnto_x64": "%windir%\\sysnative\\mstsc.exe",
7866	-	"Proxy_AccessType": "2 (Use IE settings)"
7866	+	"Proxy_AccessType": "2 (Use IE settings)"
7867	-	},
7867	+	},
7868	-	"x64": {
7868	+	"x64": {
7869	-	"BeaconType": "8 (HTTPS)",
7869	+	"BeaconType": "8 (HTTPS)",
7870	-	"Port": "443",
7870	+	"Port": "443",
7871	-	"Polling": "5000",
7871	+	"Polling": "5000",
7872	-	"Jitter": "10",
7872	+	"Jitter": "10",
7873	-	"Maxdns": "235",
7873	+	"Maxdns": "235",
7874	-	"C2 Server": "arcnew.com,/us/ky/louisville/312-s-fourth-st.html",
7874	+	"C2 Server": "arcnew.com,/us/ky/louisville/312-s-fourth-st.html",
7875	-	"User Agent": "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko)",
7875	+	"User Agent": "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko)",
7876	-	"HTTP Method Path 2": "/OrderEntryService.asmx/AddOrderLine",
7876	+	"HTTP Method Path 2": "/OrderEntryService.asmx/AddOrderLine",
7877	-	"Header1": "",
7877	+	"Header1": "",
7878	-	"Header2": "",
7878	+	"Header2": "",
7879	-	"PipeName": "",
7879	+	"PipeName": "",
7880	-	"DNS Idle": "\\x08\\x08\\x08\\x08",
7880	+	"DNS Idle": "\\x08\\x08\\x08\\x08",
7881	-	"DNS Sleep": "0",
7881	+	"DNS Sleep": "0",
7882	-	"Method1": "GET",
7882	+	"Method1": "GET",
7883	-	"Method2": "POST",
7883	+	"Method2": "POST",
7884	-	"Spawnto_x86": "%windir%\\syswow64\\mstsc.exe",
7884	+	"Spawnto_x86": "%windir%\\syswow64\\mstsc.exe",
7885	-	"Spawnto_x64": "%windir%\\sysnative\\mstsc.exe",
7885	+	"Spawnto_x64": "%windir%\\sysnative\\mstsc.exe",
7886	-	"Proxy_AccessType": "2 (Use IE settings)"
7886	+	"Proxy_AccessType": "2 (Use IE settings)"
7887	-	}
7887	+	}
7888	-	},
7888	+	},
7889	-	"23.19.227.165": {
7889	+	"23.19.227.165": {
7890	-	"x86": {
7890	+	"x86": {
7891	-	"BeaconType": "8 (HTTPS)",
7891	+	"BeaconType": "8 (HTTPS)",
7892	-	"Port": "443",
7892	+	"Port": "443",
7893	-	"Polling": "5000",
7893	+	"Polling": "5000",
7894	-	"Jitter": "10",
7894	+	"Jitter": "10",
7895	-	"Maxdns": "235",
7895	+	"Maxdns": "235",
7896	-	"C2 Server": "facesh.com,/us/ky/louisville/312-s-fourth-st.html",
7896	+	"C2 Server": "facesh.com,/us/ky/louisville/312-s-fourth-st.html",
7897	-	"User Agent": "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko)",
7897	+	"User Agent": "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko)",
7898	-	"HTTP Method Path 2": "/OrderEntryService.asmx/AddOrderLine",
7898	+	"HTTP Method Path 2": "/OrderEntryService.asmx/AddOrderLine",
7899	-	"Header1": "",
7899	+	"Header1": "",
7900	-	"Header2": "",
7900	+	"Header2": "",
7901	-	"PipeName": "",
7901	+	"PipeName": "",
7902	-	"DNS Idle": "\\x08\\x08\\x08\\x08",
7902	+	"DNS Idle": "\\x08\\x08\\x08\\x08",
7903	-	"DNS Sleep": "0",
7903	+	"DNS Sleep": "0",
7904	-	"Method1": "GET",
7904	+	"Method1": "GET",
7905	-	"Method2": "POST",
7905	+	"Method2": "POST",
7906	-	"Spawnto_x86": "%windir%\\syswow64\\mstsc.exe",
7906	+	"Spawnto_x86": "%windir%\\syswow64\\mstsc.exe",
7907	-	"Spawnto_x64": "%windir%\\sysnative\\mstsc.exe",
7907	+	"Spawnto_x64": "%windir%\\sysnative\\mstsc.exe",
7908	-	"Proxy_AccessType": "2 (Use IE settings)"
7908	+	"Proxy_AccessType": "2 (Use IE settings)"
7909	-	}
7909	+	}
7910	-	},
7910	+	},
7911	-	"23.19.227.204": {
7911	+	"23.19.227.204": {
7912	-	"x86": {
7912	+	"x86": {
7913	-	"BeaconType": "8 (HTTPS)",
7913	+	"BeaconType": "8 (HTTPS)",
7914	-	"Port": "443",
7914	+	"Port": "443",
7915	-	"Polling": "60000",
7915	+	"Polling": "60000",
7916	-	"Jitter": "0",
7916	+	"Jitter": "0",
7917	-	"Maxdns": "255",
7917	+	"Maxdns": "255",
7918	-	"C2 Server": "pics.lockboxlink.com,/IE9CompatViewList.xml,black.lockboxlink.com,/g.pixel",
7918	+	"C2 Server": "pics.lockboxlink.com,/IE9CompatViewList.xml,black.lockboxlink.com,/g.pixel",
7919	-	"User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; UHS)",
7919	+	"User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; UHS)",
7920	-	"HTTP Method Path 2": "/submit.php",
7920	+	"HTTP Method Path 2": "/submit.php",
7921	-	"Header1": "",
7921	+	"Header1": "",
7922	-	"Header2": "",
7922	+	"Header2": "",
7923	-	"PipeName": "",
7923	+	"PipeName": "",
7924	-	"DNS Idle": "\\x00\\x00\\x00\\x00",
7924	+	"DNS Idle": "\\x00\\x00\\x00\\x00",
7925	-	"DNS Sleep": "0",
7925	+	"DNS Sleep": "0",
7926	-	"Method1": "GET",
7926	+	"Method1": "GET",
7927	-	"Method2": "POST",
7927	+	"Method2": "POST",
7928	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
7928	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
7929	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
7929	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
7930	-	"Proxy_AccessType": "2 (Use IE settings)"
7930	+	"Proxy_AccessType": "2 (Use IE settings)"
7931	-	}
7931	+	}
7932	-	},
7932	+	},
7933	-	"23.227.194.185": {
7933	+	"23.227.194.185": {
7934	-	"x86": {
7934	+	"x86": {
7935	-	"BeaconType": "8 (HTTPS)",
7935	+	"BeaconType": "8 (HTTPS)",
7936	-	"Port": "443",
7936	+	"Port": "443",
7937	-	"Polling": "60000",
7937	+	"Polling": "60000",
7938	-	"Jitter": "0",
7938	+	"Jitter": "0",
7939	-	"C2 Server": "23.227.194.185,/pixel.gif",
7939	+	"C2 Server": "23.227.194.185,/pixel.gif",
7940	-	"HTTP Method Path 2": "/submit.php",
7940	+	"HTTP Method Path 2": "/submit.php",
7941	-	"Method1": "GET",
7941	+	"Method1": "GET",
7942	-	"Method2": "POST",
7942	+	"Method2": "POST",
7943	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
7943	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
7944	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
7944	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
7945	-	"Proxy_AccessType": "2 (Use IE settings)"
7945	+	"Proxy_AccessType": "2 (Use IE settings)"
7946	-	}
7946	+	}
7947	-	},
7947	+	},
7948	-	"23.81.246.24": {
7948	+	"23.81.246.24": {
7949	-	"x86": {
7949	+	"x86": {
7950	-	"BeaconType": "8 (HTTPS)",
7950	+	"BeaconType": "8 (HTTPS)",
7951	-	"Port": "443",
7951	+	"Port": "443",
7952	-	"Polling": "5000",
7952	+	"Polling": "5000",
7953	-	"Jitter": "10",
7953	+	"Jitter": "10",
7954	-	"Maxdns": "235",
7954	+	"Maxdns": "235",
7955	-	"C2 Server": "repshd.com,/us/ky/louisville/312-s-fourth-st.html,pinglis.com,/us/ky/louisville/312-s-fourth-st.html,stargut.com,/us/ky/louisville/312-s-fourth-st.html",
7955	+	"C2 Server": "repshd.com,/us/ky/louisville/312-s-fourth-st.html,pinglis.com,/us/ky/louisville/312-s-fourth-st.html,stargut.com,/us/ky/louisville/312-s-fourth-st.html",
7956	-	"User Agent": "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko)",
7956	+	"User Agent": "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko)",
7957	-	"HTTP Method Path 2": "/OrderEntryService.asmx/AddOrderLine",
7957	+	"HTTP Method Path 2": "/OrderEntryService.asmx/AddOrderLine",
7958	-	"Header1": "",
7958	+	"Header1": "",
7959	-	"Header2": "",
7959	+	"Header2": "",
7960	-	"PipeName": "",
7960	+	"PipeName": "",
7961	-	"DNS Idle": "\\x08\\x08\\x08\\x08",
7961	+	"DNS Idle": "\\x08\\x08\\x08\\x08",
7962	-	"DNS Sleep": "0",
7962	+	"DNS Sleep": "0",
7963	-	"Method1": "GET",
7963	+	"Method1": "GET",
7964	-	"Method2": "POST",
7964	+	"Method2": "POST",
7965	-	"Spawnto_x86": "%windir%\\syswow64\\mstsc.exe",
7965	+	"Spawnto_x86": "%windir%\\syswow64\\mstsc.exe",
7966	-	"Spawnto_x64": "%windir%\\sysnative\\mstsc.exe",
7966	+	"Spawnto_x64": "%windir%\\sysnative\\mstsc.exe",
7967	-	"Proxy_AccessType": "2 (Use IE settings)"
7967	+	"Proxy_AccessType": "2 (Use IE settings)"
7968	-	},
7968	+	},
7969	-	"x64": {
7969	+	"x64": {
7970	-	"BeaconType": "8 (HTTPS)",
7970	+	"BeaconType": "8 (HTTPS)",
7971	-	"Port": "443",
7971	+	"Port": "443",
7972	-	"Polling": "5000",
7972	+	"Polling": "5000",
7973	-	"Jitter": "10",
7973	+	"Jitter": "10",
7974	-	"Maxdns": "235",
7974	+	"Maxdns": "235",
7975	-	"C2 Server": "repshd.com,/us/ky/louisville/312-s-fourth-st.html,pinglis.com,/us/ky/louisville/312-s-fourth-st.html,stargut.com,/us/ky/louisville/312-s-fourth-st.html",
7975	+	"C2 Server": "repshd.com,/us/ky/louisville/312-s-fourth-st.html,pinglis.com,/us/ky/louisville/312-s-fourth-st.html,stargut.com,/us/ky/louisville/312-s-fourth-st.html",
7976	-	"User Agent": "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko)",
7976	+	"User Agent": "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko)",
7977	-	"HTTP Method Path 2": "/OrderEntryService.asmx/AddOrderLine",
7977	+	"HTTP Method Path 2": "/OrderEntryService.asmx/AddOrderLine",
7978	-	"Header1": "",
7978	+	"Header1": "",
7979	-	"Header2": "",
7979	+	"Header2": "",
7980	-	"PipeName": "",
7980	+	"PipeName": "",
7981	-	"DNS Idle": "\\x08\\x08\\x08\\x08",
7981	+	"DNS Idle": "\\x08\\x08\\x08\\x08",
7982	-	"DNS Sleep": "0",
7982	+	"DNS Sleep": "0",
7983	-	"Method1": "GET",
7983	+	"Method1": "GET",
7984	-	"Method2": "POST",
7984	+	"Method2": "POST",
7985	-	"Spawnto_x86": "%windir%\\syswow64\\mstsc.exe",
7985	+	"Spawnto_x86": "%windir%\\syswow64\\mstsc.exe",
7986	-	"Spawnto_x64": "%windir%\\sysnative\\mstsc.exe",
7986	+	"Spawnto_x64": "%windir%\\sysnative\\mstsc.exe",
7987	-	"Proxy_AccessType": "2 (Use IE settings)"
7987	+	"Proxy_AccessType": "2 (Use IE settings)"
7988	-	}
7988	+	}
7989	-	},
7989	+	},
7990	-	"23.81.246.46": {
7990	+	"23.81.246.46": {
7991	-	"x86": {
7991	+	"x86": {
7992	-	"BeaconType": "8 (HTTPS)",
7992	+	"BeaconType": "8 (HTTPS)",
7993	-	"Port": "443",
7993	+	"Port": "443",
7994	-	"Polling": "5000",
7994	+	"Polling": "5000",
7995	-	"Jitter": "0",
7995	+	"Jitter": "0",
7996	-	"Maxdns": "255",
7996	+	"Maxdns": "255",
7997	-	"C2 Server": "contmetric.com,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books",
7997	+	"C2 Server": "contmetric.com,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books",
7998	-	"User Agent": "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko",
7998	+	"User Agent": "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko",
7999	-	"HTTP Method Path 2": "/N4215/adj/amzn.us.sr.aps",
7999	+	"HTTP Method Path 2": "/N4215/adj/amzn.us.sr.aps",
8000	-	"Header1": "",
8000	+	"Header1": "",
8001	-	"Header2": "",
8001	+	"Header2": "",
8002	-	"PipeName": "",
8002	+	"PipeName": "",
8003	-	"DNS Idle": "\\x00\\x00\\x00\\x00",
8003	+	"DNS Idle": "\\x00\\x00\\x00\\x00",
8004	-	"DNS Sleep": "0",
8004	+	"DNS Sleep": "0",
8005	-	"Method1": "GET",
8005	+	"Method1": "GET",
8006	-	"Method2": "POST",
8006	+	"Method2": "POST",
8007	-	"Spawnto_x86": "%windir%\\syswow64\\gpupdate.exe",
8007	+	"Spawnto_x86": "%windir%\\syswow64\\gpupdate.exe",
8008	-	"Spawnto_x64": "%windir%\\sysnative\\gpupdate.exe",
8008	+	"Spawnto_x64": "%windir%\\sysnative\\gpupdate.exe",
8009	-	"Proxy_AccessType": "2 (Use IE settings)"
8009	+	"Proxy_AccessType": "2 (Use IE settings)"
8010	-	}
8010	+	}
8011	-	},
8011	+	},
8012	-	"23.81.246.74": {
8012	+	"23.81.246.74": {
8013	-	"x86": {
8013	+	"x86": {
8014	-	"BeaconType": "8 (HTTPS)",
8014	+	"BeaconType": "8 (HTTPS)",
8015	-	"Port": "443",
8015	+	"Port": "443",
8016	-	"Polling": "30000",
8016	+	"Polling": "30000",
8017	-	"Jitter": "20",
8017	+	"Jitter": "20",
8018	-	"Maxdns": "255",
8018	+	"Maxdns": "255",
8019	-	"C2 Server": "keyisa.com,/CWoNaJLBo/VTNeWw11212/",
8019	+	"C2 Server": "keyisa.com,/CWoNaJLBo/VTNeWw11212/",
8020	-	"User Agent": "Mozilla/4.0 (compatible; MSIE 6.0;Windows NT 5.1)",
8020	+	"User Agent": "Mozilla/4.0 (compatible; MSIE 6.0;Windows NT 5.1)",
8021	-	"HTTP Method Path 2": "/CWoNaJLBo/VTNeWw11213/",
8021	+	"HTTP Method Path 2": "/CWoNaJLBo/VTNeWw11213/",
8022	-	"Header1": "",
8022	+	"Header1": "",
8023	-	"Header2": "",
8023	+	"Header2": "",
8024	-	"PipeName": "",
8024	+	"PipeName": "",
8025	-	"DNS Idle": "\\x00\\x00\\x00\\x00",
8025	+	"DNS Idle": "\\x00\\x00\\x00\\x00",
8026	-	"DNS Sleep": "0",
8026	+	"DNS Sleep": "0",
8027	-	"Method1": "GET",
8027	+	"Method1": "GET",
8028	-	"Method2": "POST",
8028	+	"Method2": "POST",
8029	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
8029	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
8030	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
8030	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
8031	-	"Proxy_AccessType": "2 (Use IE settings)"
8031	+	"Proxy_AccessType": "2 (Use IE settings)"
8032	-	},
8032	+	},
8033	-	"x64": {
8033	+	"x64": {
8034	-	"BeaconType": "8 (HTTPS)",
8034	+	"BeaconType": "8 (HTTPS)",
8035	-	"Port": "443",
8035	+	"Port": "443",
8036	-	"Polling": "30000",
8036	+	"Polling": "30000",
8037	-	"Jitter": "20",
8037	+	"Jitter": "20",
8038	-	"Maxdns": "255",
8038	+	"Maxdns": "255",
8039	-	"C2 Server": "keyisa.com,/CWoNaJLBo/VTNeWw11212/",
8039	+	"C2 Server": "keyisa.com,/CWoNaJLBo/VTNeWw11212/",
8040	-	"User Agent": "Mozilla/4.0 (compatible; MSIE 6.0;Windows NT 5.1)",
8040	+	"User Agent": "Mozilla/4.0 (compatible; MSIE 6.0;Windows NT 5.1)",
8041	-	"HTTP Method Path 2": "/CWoNaJLBo/VTNeWw11213/",
8041	+	"HTTP Method Path 2": "/CWoNaJLBo/VTNeWw11213/",
8042	-	"Header1": "",
8042	+	"Header1": "",
8043	-	"Header2": "",
8043	+	"Header2": "",
8044	-	"PipeName": "",
8044	+	"PipeName": "",
8045	-	"DNS Idle": "\\x00\\x00\\x00\\x00",
8045	+	"DNS Idle": "\\x00\\x00\\x00\\x00",
8046	-	"DNS Sleep": "0",
8046	+	"DNS Sleep": "0",
8047	-	"Method1": "GET",
8047	+	"Method1": "GET",
8048	-	"Method2": "POST",
8048	+	"Method2": "POST",
8049	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
8049	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
8050	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
8050	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
8051	-	"Proxy_AccessType": "2 (Use IE settings)"
8051	+	"Proxy_AccessType": "2 (Use IE settings)"
8052	-	}
8052	+	}
8053	-	},
8053	+	},
8054	-	"23.81.246.89": {
8054	+	"23.81.246.89": {
8055	-	"x86": {
8055	+	"x86": {
8056	-	"BeaconType": "8 (HTTPS)",
8056	+	"BeaconType": "8 (HTTPS)",
8057	-	"Port": "443",
8057	+	"Port": "443",
8058	-	"Polling": "60000",
8058	+	"Polling": "60000",
8059	-	"Jitter": "0",
8059	+	"Jitter": "0",
8060	-	"Maxdns": "255",
8060	+	"Maxdns": "255",
8061	-	"C2 Server": "amapai-technologies.space,/g.pixel",
8061	+	"C2 Server": "amapai-technologies.space,/g.pixel",
8062	-	"User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; BOIE9;ENAU)",
8062	+	"User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; BOIE9;ENAU)",
8063	-	"HTTP Method Path 2": "/submit.php",
8063	+	"HTTP Method Path 2": "/submit.php",
8064	-	"Header1": "",
8064	+	"Header1": "",
8065	-	"Header2": "",
8065	+	"Header2": "",
8066	-	"PipeName": "",
8066	+	"PipeName": "",
8067	-	"DNS Idle": "\\x00\\x00\\x00\\x00",
8067	+	"DNS Idle": "\\x00\\x00\\x00\\x00",
8068	-	"DNS Sleep": "0",
8068	+	"DNS Sleep": "0",
8069	-	"Method1": "GET",
8069	+	"Method1": "GET",
8070	-	"Method2": "POST",
8070	+	"Method2": "POST",
8071	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
8071	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
8072	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
8072	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
8073	-	"Proxy_AccessType": "2 (Use IE settings)"
8073	+	"Proxy_AccessType": "2 (Use IE settings)"
8074	-	},
8074	+	},
8075	-	"x64": {
8075	+	"x64": {
8076	-	"BeaconType": "8 (HTTPS)",
8076	+	"BeaconType": "8 (HTTPS)",
8077	-	"Port": "443",
8077	+	"Port": "443",
8078	-	"Polling": "60000",
8078	+	"Polling": "60000",
8079	-	"Jitter": "0",
8079	+	"Jitter": "0",
8080	-	"Maxdns": "255",
8080	+	"Maxdns": "255",
8081	-	"C2 Server": "amapai-technologies.space,/__utm.gif",
8081	+	"C2 Server": "amapai-technologies.space,/__utm.gif",
8082	-	"User Agent": "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727)",
8082	+	"User Agent": "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727)",
8083	-	"HTTP Method Path 2": "/submit.php",
8083	+	"HTTP Method Path 2": "/submit.php",
8084	-	"Header1": "",
8084	+	"Header1": "",
8085	-	"Header2": "",
8085	+	"Header2": "",
8086	-	"PipeName": "",
8086	+	"PipeName": "",
8087	-	"DNS Idle": "\\x00\\x00\\x00\\x00",
8087	+	"DNS Idle": "\\x00\\x00\\x00\\x00",
8088	-	"DNS Sleep": "0",
8088	+	"DNS Sleep": "0",
8089	-	"Method1": "GET",
8089	+	"Method1": "GET",
8090	-	"Method2": "POST",
8090	+	"Method2": "POST",
8091	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
8091	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
8092	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
8092	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
8093	-	"Proxy_AccessType": "2 (Use IE settings)"
8093	+	"Proxy_AccessType": "2 (Use IE settings)"
8094	-	}
8094	+	}
8095	-	},
8095	+	},
8096	-	"23.83.133.240": {
8096	+	"23.83.133.240": {
8097	-	"x86": {
8097	+	"x86": {
8098	-	"BeaconType": "8 (HTTPS)",
8098	+	"BeaconType": "8 (HTTPS)",
8099	-	"Port": "443",
8099	+	"Port": "443",
8100	-	"Polling": "60000",
8100	+	"Polling": "60000",
8101	-	"Jitter": "0",
8101	+	"Jitter": "0",
8102	-	"Maxdns": "255",
8102	+	"Maxdns": "255",
8103	-	"C2 Server": "amapai-technologies.site,/ptj",
8103	+	"C2 Server": "amapai-technologies.site,/ptj",
8104	-	"User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; BOIE9;ENUS)",
8104	+	"User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; BOIE9;ENUS)",
8105	-	"HTTP Method Path 2": "/submit.php",
8105	+	"HTTP Method Path 2": "/submit.php",
8106	-	"Header1": "",
8106	+	"Header1": "",
8107	-	"Header2": "",
8107	+	"Header2": "",
8108	-	"PipeName": "",
8108	+	"PipeName": "",
8109	-	"DNS Idle": "\\x00\\x00\\x00\\x00",
8109	+	"DNS Idle": "\\x00\\x00\\x00\\x00",
8110	-	"DNS Sleep": "0",
8110	+	"DNS Sleep": "0",
8111	-	"Method1": "GET",
8111	+	"Method1": "GET",
8112	-	"Method2": "POST",
8112	+	"Method2": "POST",
8113	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
8113	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
8114	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
8114	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
8115	-	"Proxy_AccessType": "2 (Use IE settings)"
8115	+	"Proxy_AccessType": "2 (Use IE settings)"
8116	-	}
8116	+	}
8117	-	},
8117	+	},
8118	-	"23.83.134.16": {
8118	+	"23.83.134.16": {
8119	-	"x86": {
8119	+	"x86": {
8120	-	"BeaconType": "8 (HTTPS)",
8120	+	"BeaconType": "8 (HTTPS)",
8121	-	"Port": "443",
8121	+	"Port": "443",
8122	-	"Polling": "60000",
8122	+	"Polling": "60000",
8123	-	"Jitter": "0",
8123	+	"Jitter": "0",
8124	-	"Maxdns": "255",
8124	+	"Maxdns": "255",
8125	-	"C2 Server": "black.lockboxlink.com,/ga.js,pics.lockboxlink.com,/match",
8125	+	"C2 Server": "black.lockboxlink.com,/ga.js,pics.lockboxlink.com,/match",
8126	-	"User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; MAAU; NP08)",
8126	+	"User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; MAAU; NP08)",
8127	-	"HTTP Method Path 2": "/submit.php",
8127	+	"HTTP Method Path 2": "/submit.php",
8128	-	"Header1": "",
8128	+	"Header1": "",
8129	-	"Header2": "",
8129	+	"Header2": "",
8130	-	"PipeName": "",
8130	+	"PipeName": "",
8131	-	"DNS Idle": "\\x00\\x00\\x00\\x00",
8131	+	"DNS Idle": "\\x00\\x00\\x00\\x00",
8132	-	"DNS Sleep": "0",
8132	+	"DNS Sleep": "0",
8133	-	"Method1": "GET",
8133	+	"Method1": "GET",
8134	-	"Method2": "POST",
8134	+	"Method2": "POST",
8135	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
8135	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
8136	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
8136	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
8137	-	"Proxy_AccessType": "2 (Use IE settings)"
8137	+	"Proxy_AccessType": "2 (Use IE settings)"
8138	-	},
8138	+	},
8139	-	"x64": {
8139	+	"x64": {
8140	-	"BeaconType": "8 (HTTPS)",
8140	+	"BeaconType": "8 (HTTPS)",
8141	-	"Port": "443",
8141	+	"Port": "443",
8142	-	"Polling": "60000",
8142	+	"Polling": "60000",
8143	-	"Jitter": "0",
8143	+	"Jitter": "0",
8144	-	"Maxdns": "255",
8144	+	"Maxdns": "255",
8145	-	"C2 Server": "black.lockboxlink.com,/ptj,pics.lockboxlink.com,/pixel",
8145	+	"C2 Server": "black.lockboxlink.com,/ptj,pics.lockboxlink.com,/pixel",
8146	-	"User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows Phone OS 7.5; Trident/5.0; IEMobile/9.0; LG; LG-E906)",
8146	+	"User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows Phone OS 7.5; Trident/5.0; IEMobile/9.0; LG; LG-E906)",
8147	-	"HTTP Method Path 2": "/submit.php",
8147	+	"HTTP Method Path 2": "/submit.php",
8148	-	"Header1": "",
8148	+	"Header1": "",
8149	-	"Header2": "",
8149	+	"Header2": "",
8150	-	"PipeName": "",
8150	+	"PipeName": "",
8151	-	"DNS Idle": "\\x00\\x00\\x00\\x00",
8151	+	"DNS Idle": "\\x00\\x00\\x00\\x00",
8152	-	"DNS Sleep": "0",
8152	+	"DNS Sleep": "0",
8153	-	"Method1": "GET",
8153	+	"Method1": "GET",
8154	-	"Method2": "POST",
8154	+	"Method2": "POST",
8155	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
8155	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
8156	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
8156	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
8157	-	"Proxy_AccessType": "2 (Use IE settings)"
8157	+	"Proxy_AccessType": "2 (Use IE settings)"
8158	-	}
8158	+	}
8159	-	},
8159	+	},
8160	-	"27.102.70.189": {
8160	+	"27.102.70.189": {
8161	-	"x64": {
8161	+	"x64": {
8162	-	"BeaconType": "8 (HTTPS)",
8162	+	"BeaconType": "8 (HTTPS)",
8163	-	"Port": "443",
8163	+	"Port": "443",
8164	-	"Polling": "10000",
8164	+	"Polling": "10000",
8165	-	"Jitter": "0",
8165	+	"Jitter": "0",
8166	-	"Maxdns": "255",
8166	+	"Maxdns": "255",
8167	-	"C2 Server": "img.alicdn.com,/geo/collect/v1,at.alicdn.com,/geo/collect/v1,ald.taobao.com,/geo/collect/v1,www.aliyunbaike.com,/geo/collect/v1",
8167	+	"C2 Server": "img.alicdn.com,/geo/collect/v1,at.alicdn.com,/geo/collect/v1,ald.taobao.com,/geo/collect/v1,www.aliyunbaike.com,/geo/collect/v1",
8168	-	"User Agent": "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0;) like Gecko",
8168	+	"User Agent": "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0;) like Gecko",
8169	-	"HTTP Method Path 2": "/collect/v1",
8169	+	"HTTP Method Path 2": "/collect/v1",
8170	-	"Header1": "",
8170	+	"Header1": "",
8171	-	"Header2": "",
8171	+	"Header2": "",
8172	-	"PipeName": "",
8172	+	"PipeName": "",
8173	-	"DNS Idle": "\\x08\\x08\\x08\\x08",
8173	+	"DNS Idle": "\\x08\\x08\\x08\\x08",
8174	-	"DNS Sleep": "0",
8174	+	"DNS Sleep": "0",
8175	-	"Method1": "GET",
8175	+	"Method1": "GET",
8176	-	"Method2": "POST",
8176	+	"Method2": "POST",
8177	-	"Spawnto_x86": "%windir%\\syswow64\\svchost.exe -k netsvcs",
8177	+	"Spawnto_x86": "%windir%\\syswow64\\svchost.exe -k netsvcs",
8178	-	"Spawnto_x64": "%windir%\\sysnative\\svchost.exe -k netsvcs",
8178	+	"Spawnto_x64": "%windir%\\sysnative\\svchost.exe -k netsvcs",
8179	-	"Proxy_AccessType": "2 (Use IE settings)"
8179	+	"Proxy_AccessType": "2 (Use IE settings)"
8180	-	}
8180	+	}
8181	-	},
8181	+	},
8182	-	"31.14.40.143": {
8182	+	"31.14.40.143": {
8183	-	"x86": {
8183	+	"x86": {
8184	-	"BeaconType": "8 (HTTPS)",
8184	+	"BeaconType": "8 (HTTPS)",
8185	-	"Port": "443",
8185	+	"Port": "443",
8186	-	"Polling": "60000",
8186	+	"Polling": "60000",
8187	-	"Jitter": "0",
8187	+	"Jitter": "0",
8188	-	"Maxdns": "255",
8188	+	"Maxdns": "255",
8189	-	"C2 Server": "31.14.40.143,/g.pixel",
8189	+	"C2 Server": "31.14.40.143,/g.pixel",
8190	-	"User Agent": "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1)",
8190	+	"User Agent": "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1)",
8191	-	"HTTP Method Path 2": "/submit.php",
8191	+	"HTTP Method Path 2": "/submit.php",
8192	-	"Header1": "",
8192	+	"Header1": "",
8193	-	"Header2": "",
8193	+	"Header2": "",
8194	-	"PipeName": "",
8194	+	"PipeName": "",
8195	-	"DNS Idle": "\\x00\\x00\\x00\\x00",
8195	+	"DNS Idle": "\\x00\\x00\\x00\\x00",
8196	-	"DNS Sleep": "0",
8196	+	"DNS Sleep": "0",
8197	-	"Method1": "GET",
8197	+	"Method1": "GET",
8198	-	"Method2": "POST",
8198	+	"Method2": "POST",
8199	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
8199	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
8200	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
8200	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
8201	-	"Proxy_AccessType": "2 (Use IE settings)"
8201	+	"Proxy_AccessType": "2 (Use IE settings)"
8202	-	},
8202	+	},
8203	-	"x64": {
8203	+	"x64": {
8204	-	"BeaconType": "8 (HTTPS)",
8204	+	"BeaconType": "8 (HTTPS)",
8205	-	"Port": "443",
8205	+	"Port": "443",
8206	-	"Polling": "60000",
8206	+	"Polling": "60000",
8207	-	"Jitter": "0",
8207	+	"Jitter": "0",
8208	-	"Maxdns": "255",
8208	+	"Maxdns": "255",
8209	-	"C2 Server": "31.14.40.143,/push",
8209	+	"C2 Server": "31.14.40.143,/push",
8210	-	"User Agent": "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)",
8210	+	"User Agent": "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)",
8211	-	"HTTP Method Path 2": "/submit.php",
8211	+	"HTTP Method Path 2": "/submit.php",
8212	-	"Header1": "",
8212	+	"Header1": "",
8213	-	"Header2": "",
8213	+	"Header2": "",
8214	-	"PipeName": "",
8214	+	"PipeName": "",
8215	-	"DNS Idle": "\\x00\\x00\\x00\\x00",
8215	+	"DNS Idle": "\\x00\\x00\\x00\\x00",
8216	-	"DNS Sleep": "0",
8216	+	"DNS Sleep": "0",
8217	-	"Method1": "GET",
8217	+	"Method1": "GET",
8218	-	"Method2": "POST",
8218	+	"Method2": "POST",
8219	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
8219	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
8220	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
8220	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
8221	-	"Proxy_AccessType": "2 (Use IE settings)"
8221	+	"Proxy_AccessType": "2 (Use IE settings)"
8222	-	}
8222	+	}
8223	-	},
8223	+	},
8224	-	"31.187.64.199": {
8224	+	"31.187.64.199": {
8225	-	"x86": {
8225	+	"x86": {
8226	-	"BeaconType": "8 (HTTPS)",
8226	+	"BeaconType": "8 (HTTPS)",
8227	-	"Port": "443",
8227	+	"Port": "443",
8228	-	"Polling": "10010",
8228	+	"Polling": "10010",
8229	-	"Jitter": "1",
8229	+	"Jitter": "1",
8230	-	"Maxdns": "255",
8230	+	"Maxdns": "255",
8231	-	"C2 Server": "d30qpb9e10re4o.cloudfront.net,/gen_204eiT6EX_r4F3fqwHI9boDg,dzep7n1lqmr18.cloudfront.net,/gen_204eiT6EX_r4F3fqwHI9boDg,d2qbce1fkipgyc.cloudfront.net,/gen_204eiT6EX_r4F3fqwHI9boDg,nix1.xyz,/gen_204eiT6EX_r4F3fqwHI9boDg",
8231	+	"C2 Server": "d30qpb9e10re4o.cloudfront.net,/gen_204eiT6EX_r4F3fqwHI9boDg,dzep7n1lqmr18.cloudfront.net,/gen_204eiT6EX_r4F3fqwHI9boDg,d2qbce1fkipgyc.cloudfront.net,/gen_204eiT6EX_r4F3fqwHI9boDg,nix1.xyz,/gen_204eiT6EX_r4F3fqwHI9boDg",
8232	-	"User Agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 15.0;) Gecko/20100101 Firefox/637.0",
8232	+	"User Agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 15.0;) Gecko/20100101 Firefox/637.0",
8233	-	"HTTP Method Path 2": "/_/VisualFrontendUi/data/batchexecute",
8233	+	"HTTP Method Path 2": "/_/VisualFrontendUi/data/batchexecute",
8234	-	"Header1": "",
8234	+	"Header1": "",
8235	-	"Header2": "",
8235	+	"Header2": "",
8236	-	"PipeName": "",
8236	+	"PipeName": "",
8237	-	"DNS Idle": "\\x00\\x00\\x00\\x00",
8237	+	"DNS Idle": "\\x00\\x00\\x00\\x00",
8238	-	"DNS Sleep": "0",
8238	+	"DNS Sleep": "0",
8239	-	"Method1": "POST",
8239	+	"Method1": "POST",
8240	-	"Method2": "POST",
8240	+	"Method2": "POST",
8241	-	"Spawnto_x86": "%windir%\\syswow64\\gpupdate.exe",
8241	+	"Spawnto_x86": "%windir%\\syswow64\\gpupdate.exe",
8242	-	"Spawnto_x64": "%windir%\\sysnative\\gpupdate.exe",
8242	+	"Spawnto_x64": "%windir%\\sysnative\\gpupdate.exe",
8243	-	"Proxy_AccessType": "2 (Use IE settings)"
8243	+	"Proxy_AccessType": "2 (Use IE settings)"
8244	-	}
8244	+	}
8245	-	},
8245	+	},
8246	-	"31.187.64.231": {
8246	+	"31.187.64.231": {
8247	-	"x64": {
8247	+	"x64": {
8248	-	"BeaconType": "8 (HTTPS)",
8248	+	"BeaconType": "8 (HTTPS)",
8249	-	"Port": "443",
8249	+	"Port": "443",
8250	-	"Polling": "10010",
8250	+	"Polling": "10010",
8251	-	"Jitter": "1",
8251	+	"Jitter": "1",
8252	-	"Maxdns": "255",
8252	+	"Maxdns": "255",
8253	-	"C2 Server": "d30qpb9e10re4o.cloudfront.net,/gen_204eiT6EX_r4F3fqwHI9boDg,dzep7n1lqmr18.cloudfront.net,/gen_204eiT6EX_r4F3fqwHI9boDg,d2qbce1fkipgyc.cloudfront.net,/gen_204eiT6EX_r4F3fqwHI9boDg,nix1.xyz,/gen_204eiT6EX_r4F3fqwHI9boDg",
8253	+	"C2 Server": "d30qpb9e10re4o.cloudfront.net,/gen_204eiT6EX_r4F3fqwHI9boDg,dzep7n1lqmr18.cloudfront.net,/gen_204eiT6EX_r4F3fqwHI9boDg,d2qbce1fkipgyc.cloudfront.net,/gen_204eiT6EX_r4F3fqwHI9boDg,nix1.xyz,/gen_204eiT6EX_r4F3fqwHI9boDg",
8254	-	"User Agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 15.0;) Gecko/20100101 Firefox/637.0",
8254	+	"User Agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 15.0;) Gecko/20100101 Firefox/637.0",
8255	-	"HTTP Method Path 2": "/_/VisualFrontendUi/data/batchexecute",
8255	+	"HTTP Method Path 2": "/_/VisualFrontendUi/data/batchexecute",
8256	-	"Header1": "",
8256	+	"Header1": "",
8257	-	"Header2": "",
8257	+	"Header2": "",
8258	-	"PipeName": "",
8258	+	"PipeName": "",
8259	-	"DNS Idle": "\\x00\\x00\\x00\\x00",
8259	+	"DNS Idle": "\\x00\\x00\\x00\\x00",
8260	-	"DNS Sleep": "0",
8260	+	"DNS Sleep": "0",
8261	-	"Method1": "POST",
8261	+	"Method1": "POST",
8262	-	"Method2": "POST",
8262	+	"Method2": "POST",
8263	-	"Spawnto_x86": "%windir%\\syswow64\\gpupdate.exe",
8263	+	"Spawnto_x86": "%windir%\\syswow64\\gpupdate.exe",
8264	-	"Spawnto_x64": "%windir%\\sysnative\\gpupdate.exe",
8264	+	"Spawnto_x64": "%windir%\\sysnative\\gpupdate.exe",
8265	-	"Proxy_AccessType": "2 (Use IE settings)"
8265	+	"Proxy_AccessType": "2 (Use IE settings)"
8266	-	}
8266	+	}
8267	-	},
8267	+	},
8268	-	"3.122.109.210": {
8268	+	"3.122.109.210": {
8269	-	"x86": {
8269	+	"x86": {
8270	-	"BeaconType": "8 (HTTPS)",
8270	+	"BeaconType": "8 (HTTPS)",
8271	-	"Port": "443",
8271	+	"Port": "443",
8272	-	"Polling": "37500",
8272	+	"Polling": "37500",
8273	-	"Jitter": "33",
8273	+	"Jitter": "33",
8274	-	"Maxdns": "245",
8274	+	"Maxdns": "245",
8275	-	"C2 Server": "3.122.109.210,/audio/",
8275	+	"C2 Server": "3.122.109.210,/audio/",
8276	-	"User Agent": "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/587.38 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.36",
8276	+	"User Agent": "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/587.38 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.36",
8277	-	"HTTP Method Path 2": "/melody/",
8277	+	"HTTP Method Path 2": "/melody/",
8278	-	"Header1": "",
8278	+	"Header1": "",
8279	-	"Header2": "",
8279	+	"Header2": "",
8280	-	"PipeName": "",
8280	+	"PipeName": "",
8281	-	"DNS Idle": "\\x08\\x08\\x08\\x08",
8281	+	"DNS Idle": "\\x08\\x08\\x08\\x08",
8282	-	"DNS Sleep": "0",
8282	+	"DNS Sleep": "0",
8283	-	"Method1": "GET",
8283	+	"Method1": "GET",
8284	-	"Method2": "POST",
8284	+	"Method2": "POST",
8285	-	"Spawnto_x86": "%windir%\\syswow64\\gpupdate.exe",
8285	+	"Spawnto_x86": "%windir%\\syswow64\\gpupdate.exe",
8286	-	"Spawnto_x64": "%windir%\\sysnative\\gpupdate.exe",
8286	+	"Spawnto_x64": "%windir%\\sysnative\\gpupdate.exe",
8287	-	"Proxy_AccessType": "2 (Use IE settings)"
8287	+	"Proxy_AccessType": "2 (Use IE settings)"
8288	-	}
8288	+	}
8289	-	},
8289	+	},
8290	-	"3.122.252.220": {
8290	+	"3.122.252.220": {
8291	-	"x64": {
8291	+	"x64": {
8292	-	"BeaconType": "8 (HTTPS)",
8292	+	"BeaconType": "8 (HTTPS)",
8293	-	"Port": "443",
8293	+	"Port": "443",
8294	-	"Polling": "45000",
8294	+	"Polling": "45000",
8295	-	"Jitter": "37",
8295	+	"Jitter": "37",
8296	-	"Maxdns": "255",
8296	+	"Maxdns": "255",
8297	-	"C2 Server": "cdn1.srv-spotlfy.com,/js/jquery-3.3.1.min.js",
8297	+	"C2 Server": "cdn1.srv-spotlfy.com,/js/jquery-3.3.1.min.js",
8298	-	"User Agent": "Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko",
8298	+	"User Agent": "Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko",
8299	-	"HTTP Method Path 2": "/js/jquery-3.3.2.min.js",
8299	+	"HTTP Method Path 2": "/js/jquery-3.3.2.min.js",
8300	-	"Header1": "",
8300	+	"Header1": "",
8301	-	"Header2": "",
8301	+	"Header2": "",
8302	-	"PipeName": "",
8302	+	"PipeName": "",
8303	-	"DNS Idle": "J}\\xC4q",
8303	+	"DNS Idle": "J}\\xC4q",
8304	-	"DNS Sleep": "0",
8304	+	"DNS Sleep": "0",
8305	-	"Method1": "GET",
8305	+	"Method1": "GET",
8306	-	"Method2": "POST",
8306	+	"Method2": "POST",
8307	-	"Spawnto_x86": "%windir%\\syswow64\\svchost.exe -k netsvcs",
8307	+	"Spawnto_x86": "%windir%\\syswow64\\svchost.exe -k netsvcs",
8308	-	"Spawnto_x64": "%windir%\\sysnative\\svchost.exe -k netsvcs",
8308	+	"Spawnto_x64": "%windir%\\sysnative\\svchost.exe -k netsvcs",
8309	-	"Proxy_AccessType": "2 (Use IE settings)"
8309	+	"Proxy_AccessType": "2 (Use IE settings)"
8310	-	}
8310	+	}
8311	-	},
8311	+	},
8312	-	"3.124.3.252": {
8312	+	"3.124.3.252": {
8313	-	"x86": {
8313	+	"x86": {
8314	-	"BeaconType": "8 (HTTPS)",
8314	+	"BeaconType": "8 (HTTPS)",
8315	-	"Port": "443",
8315	+	"Port": "443",
8316	-	"Polling": "60000",
8316	+	"Polling": "60000",
8317	-	"Jitter": "20",
8317	+	"Jitter": "20",
8318	-	"C2 Server": "3.127.139.203,/c/msdownload/update/others/2020/11/KB152288_",
8318	+	"C2 Server": "3.127.139.203,/c/msdownload/update/others/2020/11/KB152288_",
8319	-	"HTTP Method Path 2": "/c/msdownload/update/others/2020/11/KB13434_",
8319	+	"HTTP Method Path 2": "/c/msdownload/update/others/2020/11/KB13434_",
8320	-	"Method1": "GET",
8320	+	"Method1": "GET",
8321	-	"Method2": "GET",
8321	+	"Method2": "GET",
8322	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
8322	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
8323	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
8323	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
8324	-	"Proxy_AccessType": "2 (Use IE settings)"
8324	+	"Proxy_AccessType": "2 (Use IE settings)"
8325	-	}
8325	+	}
8326	-	},
8326	+	},
8327	-	"3.125.158.190": {
8327	+	"3.125.158.190": {
8328	-	"x64": {
8328	+	"x64": {
8329	-	"BeaconType": "8 (HTTPS)",
8329	+	"BeaconType": "8 (HTTPS)",
8330	-	"Port": "443",
8330	+	"Port": "443",
8331	-	"Polling": "37500",
8331	+	"Polling": "37500",
8332	-	"Jitter": "33",
8332	+	"Jitter": "33",
8333	-	"Maxdns": "245",
8333	+	"Maxdns": "245",
8334	-	"C2 Server": "hydra1337.com,/audio/",
8334	+	"C2 Server": "hydra1337.com,/audio/",
8335	-	"User Agent": "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/587.38 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.36",
8335	+	"User Agent": "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/587.38 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.36",
8336	-	"HTTP Method Path 2": "/melody/",
8336	+	"HTTP Method Path 2": "/melody/",
8337	-	"Header1": "",
8337	+	"Header1": "",
8338	-	"Header2": "",
8338	+	"Header2": "",
8339	-	"PipeName": "",
8339	+	"PipeName": "",
8340	-	"DNS Idle": "\\x08\\x08\\x08\\x08",
8340	+	"DNS Idle": "\\x08\\x08\\x08\\x08",
8341	-	"DNS Sleep": "0",
8341	+	"DNS Sleep": "0",
8342	-	"Method1": "GET",
8342	+	"Method1": "GET",
8343	-	"Method2": "POST",
8343	+	"Method2": "POST",
8344	-	"Spawnto_x86": "%windir%\\syswow64\\gpupdate.exe",
8344	+	"Spawnto_x86": "%windir%\\syswow64\\gpupdate.exe",
8345	-	"Spawnto_x64": "%windir%\\sysnative\\gpupdate.exe",
8345	+	"Spawnto_x64": "%windir%\\sysnative\\gpupdate.exe",
8346	-	"Proxy_AccessType": "2 (Use IE settings)"
8346	+	"Proxy_AccessType": "2 (Use IE settings)"
8347	-	}
8347	+	}
8348	-	},
8348	+	},
8349	-	"3.126.209.180": {
8349	+	"3.126.209.180": {
8350	-	"x86": {
8350	+	"x86": {
8351	-	"BeaconType": "8 (HTTPS)",
8351	+	"BeaconType": "8 (HTTPS)",
8352	-	"Port": "443",
8352	+	"Port": "443",
8353	-	"Polling": "60000",
8353	+	"Polling": "60000",
8354	-	"Jitter": "15",
8354	+	"Jitter": "15",
8355	-	"C2 Server": "cob.maranshipssupplies.com,/_/scs/mail-static/_/js/",
8355	+	"C2 Server": "cob.maranshipssupplies.com,/_/scs/mail-static/_/js/",
8356	-	"HTTP Method Path 2": "/mail/u/0/",
8356	+	"HTTP Method Path 2": "/mail/u/0/",
8357	-	"Method1": "GET",
8357	+	"Method1": "GET",
8358	-	"Method2": "POST",
8358	+	"Method2": "POST",
8359	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
8359	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
8360	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
8360	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
8361	-	"Proxy_AccessType": "2 (Use IE settings)"
8361	+	"Proxy_AccessType": "2 (Use IE settings)"
8362	-	}
8362	+	}
8363	-	},
8363	+	},
8364	-	"3.127.139.203": {
8364	+	"3.127.139.203": {
8365	-	"x64": {
8365	+	"x64": {
8366	-	"BeaconType": "8 (HTTPS)",
8366	+	"BeaconType": "8 (HTTPS)",
8367	-	"Port": "443",
8367	+	"Port": "443",
8368	-	"Polling": "60000",
8368	+	"Polling": "60000",
8369	-	"Jitter": "20",
8369	+	"Jitter": "20",
8370	-	"C2 Server": "3.127.139.203,/c/msdownload/update/others/2020/11/KB152288_",
8370	+	"C2 Server": "3.127.139.203,/c/msdownload/update/others/2020/11/KB152288_",
8371	-	"HTTP Method Path 2": "/c/msdownload/update/others/2020/11/KB13434_",
8371	+	"HTTP Method Path 2": "/c/msdownload/update/others/2020/11/KB13434_",
8372	-	"Method1": "GET",
8372	+	"Method1": "GET",
8373	-	"Method2": "GET",
8373	+	"Method2": "GET",
8374	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
8374	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
8375	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
8375	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
8376	-	"Proxy_AccessType": "2 (Use IE settings)"
8376	+	"Proxy_AccessType": "2 (Use IE settings)"
8377	-	}
8377	+	}
8378	-	},
8378	+	},
8379	-	"3.127.150.208": {
8379	+	"3.127.150.208": {
8380	-	"x86": {
8380	+	"x86": {
8381	-	"BeaconType": "8 (HTTPS)",
8381	+	"BeaconType": "8 (HTTPS)",
8382	-	"Port": "443",
8382	+	"Port": "443",
8383	-	"Polling": "60000",
8383	+	"Polling": "60000",
8384	-	"Jitter": "15",
8384	+	"Jitter": "15",
8385	-	"C2 Server": "cob.maranshipssupplies.com,/_/scs/mail-static/_/js/",
8385	+	"C2 Server": "cob.maranshipssupplies.com,/_/scs/mail-static/_/js/",
8386	-	"HTTP Method Path 2": "/mail/u/0/",
8386	+	"HTTP Method Path 2": "/mail/u/0/",
8387	-	"Method1": "GET",
8387	+	"Method1": "GET",
8388	-	"Method2": "POST",
8388	+	"Method2": "POST",
8389	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
8389	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
8390	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
8390	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
8391	-	"Proxy_AccessType": "2 (Use IE settings)"
8391	+	"Proxy_AccessType": "2 (Use IE settings)"
8392	-	},
8392	+	},
8393	-	"x64": {
8393	+	"x64": {
8394	-	"BeaconType": "8 (HTTPS)",
8394	+	"BeaconType": "8 (HTTPS)",
8395	-	"Port": "443",
8395	+	"Port": "443",
8396	-	"Polling": "60000",
8396	+	"Polling": "60000",
8397	-	"Jitter": "15",
8397	+	"Jitter": "15",
8398	-	"C2 Server": "cob.maranshipssupplies.com,/_/scs/mail-static/_/js/",
8398	+	"C2 Server": "cob.maranshipssupplies.com,/_/scs/mail-static/_/js/",
8399	-	"HTTP Method Path 2": "/mail/u/0/",
8399	+	"HTTP Method Path 2": "/mail/u/0/",
8400	-	"Method1": "GET",
8400	+	"Method1": "GET",
8401	-	"Method2": "POST",
8401	+	"Method2": "POST",
8402	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
8402	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
8403	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
8403	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
8404	-	"Proxy_AccessType": "2 (Use IE settings)"
8404	+	"Proxy_AccessType": "2 (Use IE settings)"
8405	-	}
8405	+	}
8406	-	},
8406	+	},
8407	-	"3.128.244.129": {
8407	+	"3.128.244.129": {
8408	-	"x86": {
8408	+	"x86": {
8409	-	"BeaconType": "8 (HTTPS)",
8409	+	"BeaconType": "8 (HTTPS)",
8410	-	"Port": "443",
8410	+	"Port": "443",
8411	-	"Polling": "30000",
8411	+	"Polling": "30000",
8412	-	"Jitter": "30",
8412	+	"Jitter": "30",
8413	-	"Maxdns": "99",
8413	+	"Maxdns": "99",
8414	-	"C2 Server": "analytics.itshealthpro.com,/logo",
8414	+	"C2 Server": "analytics.itshealthpro.com,/logo",
8415	-	"User Agent": "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko",
8415	+	"User Agent": "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko",
8416	-	"HTTP Method Path 2": "/r_config",
8416	+	"HTTP Method Path 2": "/r_config",
8417	-	"Header1": "",
8417	+	"Header1": "",
8418	-	"Header2": "",
8418	+	"Header2": "",
8419	-	"PipeName": "",
8419	+	"PipeName": "",
8420	-	"DNS Idle": "(pH\\xCD",
8420	+	"DNS Idle": "(pH\\xCD",
8421	-	"DNS Sleep": "0",
8421	+	"DNS Sleep": "0",
8422	-	"Method1": "GET",
8422	+	"Method1": "GET",
8423	-	"Method2": "POST",
8423	+	"Method2": "POST",
8424	-	"Spawnto_x86": "%windir%\\syswow64\\WerFault.exe",
8424	+	"Spawnto_x86": "%windir%\\syswow64\\WerFault.exe",
8425	-	"Spawnto_x64": "%windir%\\sysnative\\WerFault.exe",
8425	+	"Spawnto_x64": "%windir%\\sysnative\\WerFault.exe",
8426	-	"Proxy_AccessType": "2 (Use IE settings)"
8426	+	"Proxy_AccessType": "2 (Use IE settings)"
8427	-	}
8427	+	}
8428	-	},
8428	+	},
8429	-	"3.133.100.221": {
8429	+	"3.133.100.221": {
8430	-	"x64": {
8430	+	"x64": {
8431	-	"BeaconType": "8 (HTTPS)",
8431	+	"BeaconType": "8 (HTTPS)",
8432	-	"Port": "443",
8432	+	"Port": "443",
8433	-	"Polling": "60000",
8433	+	"Polling": "60000",
8434	-	"Jitter": "0",
8434	+	"Jitter": "0",
8435	-	"C2 Server": "3.133.100.221,/cx",
8435	+	"C2 Server": "3.133.100.221,/cx",
8436	-	"HTTP Method Path 2": "/submit.php",
8436	+	"HTTP Method Path 2": "/submit.php",
8437	-	"Method1": "GET",
8437	+	"Method1": "GET",
8438	-	"Method2": "POST",
8438	+	"Method2": "POST",
8439	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
8439	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
8440	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
8440	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
8441	-	"Proxy_AccessType": "2 (Use IE settings)"
8441	+	"Proxy_AccessType": "2 (Use IE settings)"
8442	-	}
8442	+	}
8443	-	},
8443	+	},
8444	-	"3.133.160.202": {
8444	+	"3.133.160.202": {
8445	-	"x86": {
8445	+	"x86": {
8446	-	"BeaconType": "8 (HTTPS)",
8446	+	"BeaconType": "8 (HTTPS)",
8447	-	"Port": "443",
8447	+	"Port": "443",
8448	-	"Polling": "60000",
8448	+	"Polling": "60000",
8449	-	"Jitter": "0",
8449	+	"Jitter": "0",
8450	-	"C2 Server": "scripts.completelyinnocuousdomain.com,/updates.rss",
8450	+	"C2 Server": "scripts.completelyinnocuousdomain.com,/updates.rss",
8451	-	"HTTP Method Path 2": "/submit.php",
8451	+	"HTTP Method Path 2": "/submit.php",
8452	-	"Method1": "GET",
8452	+	"Method1": "GET",
8453	-	"Method2": "POST",
8453	+	"Method2": "POST",
8454	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
8454	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
8455	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
8455	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
8456	-	"Proxy_AccessType": "2 (Use IE settings)"
8456	+	"Proxy_AccessType": "2 (Use IE settings)"
8457	-	}
8457	+	}
8458	-	},
8458	+	},
8459	-	"3.135.189.104": {
8459	+	"3.135.189.104": {
8460	-	"x86": {
8460	+	"x86": {
8461	-	"BeaconType": "8 (HTTPS)",
8461	+	"BeaconType": "8 (HTTPS)",
8462	-	"Port": "443",
8462	+	"Port": "443",
8463	-	"Polling": "810",
8463	+	"Polling": "810",
8464	-	"Jitter": "0",
8464	+	"Jitter": "0",
8465	-	"Maxdns": "242",
8465	+	"Maxdns": "242",
8466	-	"C2 Server": "raymondjames.hostedconnectedrisk.com:,/access/",
8466	+	"C2 Server": "raymondjames.hostedconnectedrisk.com:,/access/",
8467	-	"User Agent": "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.87 Safari/537.36",
8467	+	"User Agent": "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.87 Safari/537.36",
8468	-	"HTTP Method Path 2": "/radio/xmlrpc/v35",
8468	+	"HTTP Method Path 2": "/radio/xmlrpc/v35",
8469	-	"Header1": "",
8469	+	"Header1": "",
8470	-	"Header2": "",
8470	+	"Header2": "",
8471	-	"PipeName": "",
8471	+	"PipeName": "",
8472	-	"DNS Idle": "\\x00\\x00\\x00\\x00",
8472	+	"DNS Idle": "\\x00\\x00\\x00\\x00",
8473	-	"DNS Sleep": "0",
8473	+	"DNS Sleep": "0",
8474	-	"Method1": "GET",
8474	+	"Method1": "GET",
8475	-	"Method2": "POST",
8475	+	"Method2": "POST",
8476	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
8476	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
8477	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
8477	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
8478	-	"Proxy_AccessType": "2 (Use IE settings)"
8478	+	"Proxy_AccessType": "2 (Use IE settings)"
8479	-	},
8479	+	},
8480	-	"x64": {
8480	+	"x64": {
8481	-	"BeaconType": "8 (HTTPS)",
8481	+	"BeaconType": "8 (HTTPS)",
8482	-	"Port": "443",
8482	+	"Port": "443",
8483	-	"Polling": "810",
8483	+	"Polling": "810",
8484	-	"Jitter": "0",
8484	+	"Jitter": "0",
8485	-	"Maxdns": "242",
8485	+	"Maxdns": "242",
8486	-	"C2 Server": "raymondjames.hostedconnectedrisk.com:,/access/",
8486	+	"C2 Server": "raymondjames.hostedconnectedrisk.com:,/access/",
8487	-	"User Agent": "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.87 Safari/537.36",
8487	+	"User Agent": "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.87 Safari/537.36",
8488	-	"HTTP Method Path 2": "/radio/xmlrpc/v35",
8488	+	"HTTP Method Path 2": "/radio/xmlrpc/v35",
8489	-	"Header1": "",
8489	+	"Header1": "",
8490	-	"Header2": "",
8490	+	"Header2": "",
8491	-	"PipeName": "",
8491	+	"PipeName": "",
8492	-	"DNS Idle": "\\x00\\x00\\x00\\x00",
8492	+	"DNS Idle": "\\x00\\x00\\x00\\x00",
8493	-	"DNS Sleep": "0",
8493	+	"DNS Sleep": "0",
8494	-	"Method1": "GET",
8494	+	"Method1": "GET",
8495	-	"Method2": "POST",
8495	+	"Method2": "POST",
8496	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
8496	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
8497	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
8497	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
8498	-	"Proxy_AccessType": "2 (Use IE settings)"
8498	+	"Proxy_AccessType": "2 (Use IE settings)"
8499	-	}
8499	+	}
8500	-	},
8500	+	},
8501	-	"3.135.47.125": {
8501	+	"3.135.47.125": {
8502	-	"x86": {
8502	+	"x86": {
8503	-	"BeaconType": "8 (HTTPS)",
8503	+	"BeaconType": "8 (HTTPS)",
8504	-	"Port": "443",
8504	+	"Port": "443",
8505	-	"Polling": "5000",
8505	+	"Polling": "5000",
8506	-	"Jitter": "47",
8506	+	"Jitter": "47",
8507	-	"Maxdns": "255",
8507	+	"Maxdns": "255",
8508	-	"C2 Server": "DailyHealthGuide.org,/jquery-3.3.1.min.js",
8508	+	"C2 Server": "DailyHealthGuide.org,/jquery-3.3.1.min.js",
8509	-	"User Agent": "Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko",
8509	+	"User Agent": "Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko",
8510	-	"HTTP Method Path 2": "/jquery-3.3.2.min.js",
8510	+	"HTTP Method Path 2": "/jquery-3.3.2.min.js",
8511	-	"Header1": "",
8511	+	"Header1": "",
8512	-	"Header2": "",
8512	+	"Header2": "",
8513	-	"PipeName": "",
8513	+	"PipeName": "",
8514	-	"DNS Idle": "J}\\xC4q",
8514	+	"DNS Idle": "J}\\xC4q",
8515	-	"DNS Sleep": "0",
8515	+	"DNS Sleep": "0",
8516	-	"Method1": "GET",
8516	+	"Method1": "GET",
8517	-	"Method2": "POST",
8517	+	"Method2": "POST",
8518	-	"Spawnto_x86": "%windir%\\syswow64\\svchost.exe -k netsvcs",
8518	+	"Spawnto_x86": "%windir%\\syswow64\\svchost.exe -k netsvcs",
8519	-	"Spawnto_x64": "%windir%\\sysnative\\svchost.exe -k netsvcs",
8519	+	"Spawnto_x64": "%windir%\\sysnative\\svchost.exe -k netsvcs",
8520	-	"Proxy_AccessType": "2 (Use IE settings)"
8520	+	"Proxy_AccessType": "2 (Use IE settings)"
8521	-	}
8521	+	}
8522	-	},
8522	+	},
8523	-	"3.136.109.67": {
8523	+	"3.136.109.67": {
8524	-	"x64": {
8524	+	"x64": {
8525	-	"BeaconType": "8 (HTTPS)",
8525	+	"BeaconType": "8 (HTTPS)",
8526	-	"Port": "443",
8526	+	"Port": "443",
8527	-	"Polling": "30000",
8527	+	"Polling": "30000",
8528	-	"Jitter": "20",
8528	+	"Jitter": "20",
8529	-	"Maxdns": "235",
8529	+	"Maxdns": "235",
8530	-	"C2 Server": "pentair-slack.com,/messages/C0527B0NM,3.136.109.67,/messages/C0527B0NM",
8530	+	"C2 Server": "pentair-slack.com,/messages/C0527B0NM,3.136.109.67,/messages/C0527B0NM",
8531	-	"User Agent": "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko)",
8531	+	"User Agent": "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko)",
8532	-	"HTTP Method Path 2": "/api/api.test",
8532	+	"HTTP Method Path 2": "/api/api.test",
8533	-	"Header1": "",
8533	+	"Header1": "",
8534	-	"Header2": "",
8534	+	"Header2": "",
8535	-	"PipeName": "",
8535	+	"PipeName": "",
8536	-	"DNS Idle": "\\x08\\x08\\x08\\x08",
8536	+	"DNS Idle": "\\x08\\x08\\x08\\x08",
8537	-	"DNS Sleep": "0",
8537	+	"DNS Sleep": "0",
8538	-	"Method1": "GET",
8538	+	"Method1": "GET",
8539	-	"Method2": "POST",
8539	+	"Method2": "POST",
8540	-	"Spawnto_x86": "%windir%\\syswow64\\gpupdate.exe",
8540	+	"Spawnto_x86": "%windir%\\syswow64\\gpupdate.exe",
8541	-	"Spawnto_x64": "%windir%\\sysnative\\gpupdate.exe",
8541	+	"Spawnto_x64": "%windir%\\sysnative\\gpupdate.exe",
8542	-	"Proxy_AccessType": "2 (Use IE settings)"
8542	+	"Proxy_AccessType": "2 (Use IE settings)"
8543	-	}
8543	+	}
8544	-	},
8544	+	},
8545	-	"3.136.160.122": {
8545	+	"3.136.160.122": {
8546	-	"x64": {
8546	+	"x64": {
8547	-	"BeaconType": "8 (HTTPS)",
8547	+	"BeaconType": "8 (HTTPS)",
8548	-	"Port": "443",
8548	+	"Port": "443",
8549	-	"Polling": "60000",
8549	+	"Polling": "60000",
8550	-	"Jitter": "37",
8550	+	"Jitter": "37",
8551	-	"Maxdns": "255",
8551	+	"Maxdns": "255",
8552	-	"C2 Server": "telemetry.wessonlabpartners.com,/jquery-3.3.1.min.js,admitting.healthfitconnection.com,/jquery-3.3.1.min.js,skilled_nursing.healthmanagementtoday.com,/jquery-3.3.1.min.js",
8552	+	"C2 Server": "telemetry.wessonlabpartners.com,/jquery-3.3.1.min.js,admitting.healthfitconnection.com,/jquery-3.3.1.min.js,skilled_nursing.healthmanagementtoday.com,/jquery-3.3.1.min.js",
8553	-	"User Agent": "Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko",
8553	+	"User Agent": "Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko",
8554	-	"HTTP Method Path 2": "/jquery-3.3.2.min.js",
8554	+	"HTTP Method Path 2": "/jquery-3.3.2.min.js",
8555	-	"Header1": "",
8555	+	"Header1": "",
8556	-	"Header2": "",
8556	+	"Header2": "",
8557	-	"PipeName": "",
8557	+	"PipeName": "",
8558	-	"DNS Idle": "\\x03\\x88\\xA0z",
8558	+	"DNS Idle": "\\x03\\x88\\xA0z",
8559	-	"DNS Sleep": "0",
8559	+	"DNS Sleep": "0",
8560	-	"Method1": "GET",
8560	+	"Method1": "GET",
8561	-	"Method2": "POST",
8561	+	"Method2": "POST",
8562	-	"Spawnto_x86": "%windir%\\syswow64\\spoolsv.exe",
8562	+	"Spawnto_x86": "%windir%\\syswow64\\spoolsv.exe",
8563	-	"Spawnto_x64": "%windir%\\sysnative\\spoolsv.exe",
8563	+	"Spawnto_x64": "%windir%\\sysnative\\spoolsv.exe",
8564	-	"Proxy_AccessType": "2 (Use IE settings)"
8564	+	"Proxy_AccessType": "2 (Use IE settings)"
8565	-	}
8565	+	}
8566	-	},
8566	+	},
8567	-	"3.137.139.119": {
8567	+	"3.137.139.119": {
8568	-	"x64": {
8568	+	"x64": {
8569	-	"BeaconType": "8 (HTTPS)",
8569	+	"BeaconType": "8 (HTTPS)",
8570	-	"Port": "443",
8570	+	"Port": "443",
8571	-	"Polling": "60000",
8571	+	"Polling": "60000",
8572	-	"Jitter": "0",
8572	+	"Jitter": "0",
8573	-	"Maxdns": "255",
8573	+	"Maxdns": "255",
8574	-	"C2 Server": "service.office247.tech,/match",
8574	+	"C2 Server": "service.office247.tech,/match",
8575	-	"User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; NP06)",
8575	+	"User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; NP06)",
8576	-	"HTTP Method Path 2": "/submit.php",
8576	+	"HTTP Method Path 2": "/submit.php",
8577	-	"Header1": "",
8577	+	"Header1": "",
8578	-	"Header2": "",
8578	+	"Header2": "",
8579	-	"PipeName": "",
8579	+	"PipeName": "",
8580	-	"DNS Idle": "\\x00\\x00\\x00\\x00",
8580	+	"DNS Idle": "\\x00\\x00\\x00\\x00",
8581	-	"DNS Sleep": "0",
8581	+	"DNS Sleep": "0",
8582	-	"Method1": "GET",
8582	+	"Method1": "GET",
8583	-	"Method2": "POST",
8583	+	"Method2": "POST",
8584	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
8584	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
8585	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
8585	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
8586	-	"Proxy_AccessType": "2 (Use IE settings)"
8586	+	"Proxy_AccessType": "2 (Use IE settings)"
8587	-	}
8587	+	}
8588	-	},
8588	+	},
8589	-	"3.137.206.229": {
8589	+	"3.137.206.229": {
8590	-	"x64": {
8590	+	"x64": {
8591	-	"BeaconType": "8 (HTTPS)",
8591	+	"BeaconType": "8 (HTTPS)",
8592	-	"Port": "443",
8592	+	"Port": "443",
8593	-	"Polling": "60000",
8593	+	"Polling": "60000",
8594	-	"Jitter": "0",
8594	+	"Jitter": "0",
8595	-	"C2 Server": "3.133.100.221,/cx",
8595	+	"C2 Server": "3.133.100.221,/cx",
8596	-	"HTTP Method Path 2": "/submit.php",
8596	+	"HTTP Method Path 2": "/submit.php",
8597	-	"Method1": "GET",
8597	+	"Method1": "GET",
8598	-	"Method2": "POST",
8598	+	"Method2": "POST",
8599	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
8599	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
8600	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
8600	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
8601	-	"Proxy_AccessType": "2 (Use IE settings)"
8601	+	"Proxy_AccessType": "2 (Use IE settings)"
8602	-	}
8602	+	}
8603	-	},
8603	+	},
8604	-	"3.137.217.140": {
8604	+	"3.137.217.140": {
8605	-	"x64": {
8605	+	"x64": {
8606	-	"BeaconType": "8 (HTTPS)",
8606	+	"BeaconType": "8 (HTTPS)",
8607	-	"Port": "443",
8607	+	"Port": "443",
8608	-	"Polling": "60000",
8608	+	"Polling": "60000",
8609	-	"Jitter": "0",
8609	+	"Jitter": "0",
8610	-	"Maxdns": "255",
8610	+	"Maxdns": "255",
8611	-	"C2 Server": "3.137.217.140,/cm",
8611	+	"C2 Server": "3.137.217.140,/cm",
8612	-	"User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; NP07; NP07)",
8612	+	"User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; NP07; NP07)",
8613	-	"HTTP Method Path 2": "/submit.php",
8613	+	"HTTP Method Path 2": "/submit.php",
8614	-	"Header1": "",
8614	+	"Header1": "",
8615	-	"Header2": "",
8615	+	"Header2": "",
8616	-	"PipeName": "",
8616	+	"PipeName": "",
8617	-	"DNS Idle": "\\x00\\x00\\x00\\x00",
8617	+	"DNS Idle": "\\x00\\x00\\x00\\x00",
8618	-	"DNS Sleep": "0",
8618	+	"DNS Sleep": "0",
8619	-	"Method1": "GET",
8619	+	"Method1": "GET",
8620	-	"Method2": "POST",
8620	+	"Method2": "POST",
8621	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
8621	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
8622	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
8622	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
8623	-	"Proxy_AccessType": "2 (Use IE settings)"
8623	+	"Proxy_AccessType": "2 (Use IE settings)"
8624	-	}
8624	+	}
8625	-	},
8625	+	},
8626	-	"3.139.231.113": {
8626	+	"3.139.231.113": {
8627	-	"x86": {
8627	+	"x86": {
8628	-	"BeaconType": "8 (HTTPS)",
8628	+	"BeaconType": "8 (HTTPS)",
8629	-	"Port": "443",
8629	+	"Port": "443",
8630	-	"Polling": "57081",
8630	+	"Polling": "57081",
8631	-	"Jitter": "37",
8631	+	"Jitter": "37",
8632	-	"C2 Server": "3.139.231.113,/ky",
8632	+	"C2 Server": "3.139.231.113,/ky",
8633	-	"HTTP Method Path 2": "/lv",
8633	+	"HTTP Method Path 2": "/lv",
8634	-	"Method1": "GET",
8634	+	"Method1": "GET",
8635	-	"Method2": "POST",
8635	+	"Method2": "POST",
8636	-	"Spawnto_x86": "%windir%\\syswow64\\WUAUCLT.exe",
8636	+	"Spawnto_x86": "%windir%\\syswow64\\WUAUCLT.exe",
8637	-	"Spawnto_x64": "%windir%\\sysnative\\WUAUCLT.exe",
8637	+	"Spawnto_x64": "%windir%\\sysnative\\WUAUCLT.exe",
8638	-	"Proxy_AccessType": "2 (Use IE settings)"
8638	+	"Proxy_AccessType": "2 (Use IE settings)"
8639	-	},
8639	+	},
8640	-	"x64": {
8640	+	"x64": {
8641	-	"BeaconType": "8 (HTTPS)",
8641	+	"BeaconType": "8 (HTTPS)",
8642	-	"Port": "443",
8642	+	"Port": "443",
8643	-	"Polling": "57081",
8643	+	"Polling": "57081",
8644	-	"Jitter": "37",
8644	+	"Jitter": "37",
8645	-	"C2 Server": "3.139.231.113,/ky",
8645	+	"C2 Server": "3.139.231.113,/ky",
8646	-	"HTTP Method Path 2": "/lv",
8646	+	"HTTP Method Path 2": "/lv",
8647	-	"Method1": "GET",
8647	+	"Method1": "GET",
8648	-	"Method2": "POST",
8648	+	"Method2": "POST",
8649	-	"Spawnto_x86": "%windir%\\syswow64\\WUAUCLT.exe",
8649	+	"Spawnto_x86": "%windir%\\syswow64\\WUAUCLT.exe",
8650	-	"Spawnto_x64": "%windir%\\sysnative\\WUAUCLT.exe",
8650	+	"Spawnto_x64": "%windir%\\sysnative\\WUAUCLT.exe",
8651	-	"Proxy_AccessType": "2 (Use IE settings)"
8651	+	"Proxy_AccessType": "2 (Use IE settings)"
8652	-	}
8652	+	}
8653	-	},
8653	+	},
8654	-	"31.44.184.100": {
8654	+	"31.44.184.100": {
8655	-	"x86": {
8655	+	"x86": {
8656	-	"BeaconType": "8 (HTTPS)",
8656	+	"BeaconType": "8 (HTTPS)",
8657	-	"Port": "443",
8657	+	"Port": "443",
8658	-	"Polling": "60000",
8658	+	"Polling": "60000",
8659	-	"Jitter": "0",
8659	+	"Jitter": "0",
8660	-	"C2 Server": "31.44.184.100,/dpixel",
8660	+	"C2 Server": "31.44.184.100,/dpixel",
8661	-	"HTTP Method Path 2": "/submit.php",
8661	+	"HTTP Method Path 2": "/submit.php",
8662	-	"Method1": "GET",
8662	+	"Method1": "GET",
8663	-	"Method2": "POST",
8663	+	"Method2": "POST",
8664	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
8664	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
8665	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
8665	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
8666	-	"Proxy_AccessType": "2 (Use IE settings)"
8666	+	"Proxy_AccessType": "2 (Use IE settings)"
8667	-	}
8667	+	}
8668	-	},
8668	+	},
8669	-	"31.44.184.174": {
8669	+	"31.44.184.174": {
8670	-	"x86": {
8670	+	"x86": {
8671	-	"BeaconType": "8 (HTTPS)",
8671	+	"BeaconType": "8 (HTTPS)",
8672	-	"Port": "443",
8672	+	"Port": "443",
8673	-	"Polling": "60000",
8673	+	"Polling": "60000",
8674	-	"Jitter": "0",
8674	+	"Jitter": "0",
8675	-	"C2 Server": "31.44.184.174,/ptj",
8675	+	"C2 Server": "31.44.184.174,/ptj",
8676	-	"HTTP Method Path 2": "/submit.php",
8676	+	"HTTP Method Path 2": "/submit.php",
8677	-	"Method1": "GET",
8677	+	"Method1": "GET",
8678	-	"Method2": "POST",
8678	+	"Method2": "POST",
8679	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
8679	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
8680	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
8680	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
8681	-	"Proxy_AccessType": "2 (Use IE settings)"
8681	+	"Proxy_AccessType": "2 (Use IE settings)"
8682	-	},
8682	+	},
8683	-	"x64": {
8683	+	"x64": {
8684	-	"BeaconType": "8 (HTTPS)",
8684	+	"BeaconType": "8 (HTTPS)",
8685	-	"Port": "443",
8685	+	"Port": "443",
8686	-	"Polling": "60000",
8686	+	"Polling": "60000",
8687	-	"Jitter": "0",
8687	+	"Jitter": "0",
8688	-	"C2 Server": "31.44.184.174,/dot.gif",
8688	+	"C2 Server": "31.44.184.174,/dot.gif",
8689	-	"HTTP Method Path 2": "/submit.php",
8689	+	"HTTP Method Path 2": "/submit.php",
8690	-	"Method1": "GET",
8690	+	"Method1": "GET",
8691	-	"Method2": "POST",
8691	+	"Method2": "POST",
8692	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
8692	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
8693	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
8693	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
8694	-	"Proxy_AccessType": "2 (Use IE settings)"
8694	+	"Proxy_AccessType": "2 (Use IE settings)"
8695	-	}
8695	+	}
8696	-	},
8696	+	},
8697	-	"31.44.184.181": {
8697	+	"31.44.184.181": {
8698	-	"x86": {
8698	+	"x86": {
8699	-	"BeaconType": "8 (HTTPS)",
8699	+	"BeaconType": "8 (HTTPS)",
8700	-	"Port": "443",
8700	+	"Port": "443",
8701	-	"Polling": "60000",
8701	+	"Polling": "60000",
8702	-	"Jitter": "0",
8702	+	"Jitter": "0",
8703	-	"C2 Server": "31.44.184.181,/ptj",
8703	+	"C2 Server": "31.44.184.181,/ptj",
8704	-	"HTTP Method Path 2": "/submit.php",
8704	+	"HTTP Method Path 2": "/submit.php",
8705	-	"Method1": "GET",
8705	+	"Method1": "GET",
8706	-	"Method2": "POST",
8706	+	"Method2": "POST",
8707	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
8707	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
8708	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
8708	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
8709	-	"Proxy_AccessType": "2 (Use IE settings)"
8709	+	"Proxy_AccessType": "2 (Use IE settings)"
8710	-	}
8710	+	}
8711	-	},
8711	+	},
8712	-	"31.44.184.56": {
8712	+	"31.44.184.56": {
8713	-	"x86": {
8713	+	"x86": {
8714	-	"BeaconType": "8 (HTTPS)",
8714	+	"BeaconType": "8 (HTTPS)",
8715	-	"Port": "443",
8715	+	"Port": "443",
8716	-	"Polling": "60000",
8716	+	"Polling": "60000",
8717	-	"Jitter": "0",
8717	+	"Jitter": "0",
8718	-	"C2 Server": "31.44.184.56,/pixel.gif",
8718	+	"C2 Server": "31.44.184.56,/pixel.gif",
8719	-	"HTTP Method Path 2": "/submit.php",
8719	+	"HTTP Method Path 2": "/submit.php",
8720	-	"Method1": "GET",
8720	+	"Method1": "GET",
8721	-	"Method2": "POST",
8721	+	"Method2": "POST",
8722	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
8722	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
8723	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
8723	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
8724	-	"Proxy_AccessType": "2 (Use IE settings)"
8724	+	"Proxy_AccessType": "2 (Use IE settings)"
8725	-	}
8725	+	}
8726	-	},
8726	+	},
8727	-	"3.16.136.106": {
8727	+	"3.16.136.106": {
8728	-	"x86": {
8728	+	"x86": {
8729	-	"BeaconType": "8 (HTTPS)",
8729	+	"BeaconType": "8 (HTTPS)",
8730	-	"Port": "443",
8730	+	"Port": "443",
8731	-	"Polling": "60000",
8731	+	"Polling": "60000",
8732	-	"Jitter": "37",
8732	+	"Jitter": "37",
8733	-	"Maxdns": "255",
8733	+	"Maxdns": "255",
8734	-	"C2 Server": "ajax.microsoft.com,/jquery-3.3.1.min.js",
8734	+	"C2 Server": "ajax.microsoft.com,/jquery-3.3.1.min.js",
8735	-	"User Agent": "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36",
8735	+	"User Agent": "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36",
8736	-	"HTTP Method Path 2": "/jquery-3.3.2.min.js",
8736	+	"HTTP Method Path 2": "/jquery-3.3.2.min.js",
8737	-	"Header1": "",
8737	+	"Header1": "",
8738	-	"Header2": "",
8738	+	"Header2": "",
8739	-	"PipeName": "",
8739	+	"PipeName": "",
8740	-	"DNS Idle": "\\x00\\x00\\x00\\x00",
8740	+	"DNS Idle": "\\x00\\x00\\x00\\x00",
8741	-	"DNS Sleep": "0",
8741	+	"DNS Sleep": "0",
8742	-	"Method1": "GET",
8742	+	"Method1": "GET",
8743	-	"Method2": "POST",
8743	+	"Method2": "POST",
8744	-	"Spawnto_x86": "%windir%\\syswow64\\svchost.exe -k netsvcs",
8744	+	"Spawnto_x86": "%windir%\\syswow64\\svchost.exe -k netsvcs",
8745	-	"Spawnto_x64": "%windir%\\sysnative\\svchost.exe -k netsvcs",
8745	+	"Spawnto_x64": "%windir%\\sysnative\\svchost.exe -k netsvcs",
8746	-	"Proxy_AccessType": "2 (Use IE settings)"
8746	+	"Proxy_AccessType": "2 (Use IE settings)"
8747	-	}
8747	+	}
8748	-	},
8748	+	},
8749	-	"3.16.1.87": {
8749	+	"3.16.1.87": {
8750	-	"x86": {
8750	+	"x86": {
8751	-	"BeaconType": "8 (HTTPS)",
8751	+	"BeaconType": "8 (HTTPS)",
8752	-	"Port": "443",
8752	+	"Port": "443",
8753	-	"Polling": "60000",
8753	+	"Polling": "60000",
8754	-	"Jitter": "0",
8754	+	"Jitter": "0",
8755	-	"Maxdns": "255",
8755	+	"Maxdns": "255",
8756	-	"C2 Server": "3.16.1.87,/dot.gif",
8756	+	"C2 Server": "3.16.1.87,/dot.gif",
8757	-	"User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; BOIE9;ENUSMSE)",
8757	+	"User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; BOIE9;ENUSMSE)",
8758	-	"HTTP Method Path 2": "/submit.php",
8758	+	"HTTP Method Path 2": "/submit.php",
8759	-	"Header1": "",
8759	+	"Header1": "",
8760	-	"Header2": "",
8760	+	"Header2": "",
8761	-	"PipeName": "",
8761	+	"PipeName": "",
8762	-	"DNS Idle": "\\x00\\x00\\x00\\x00",
8762	+	"DNS Idle": "\\x00\\x00\\x00\\x00",
8763	-	"DNS Sleep": "0",
8763	+	"DNS Sleep": "0",
8764	-	"Method1": "GET",
8764	+	"Method1": "GET",
8765	-	"Method2": "POST",
8765	+	"Method2": "POST",
8766	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
8766	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
8767	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
8767	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
8768	-	"Proxy_AccessType": "2 (Use IE settings)"
8768	+	"Proxy_AccessType": "2 (Use IE settings)"
8769	-	},
8769	+	},
8770	-	"x64": {
8770	+	"x64": {
8771	-	"BeaconType": "8 (HTTPS)",
8771	+	"BeaconType": "8 (HTTPS)",
8772	-	"Port": "443",
8772	+	"Port": "443",
8773	-	"Polling": "60000",
8773	+	"Polling": "60000",
8774	-	"Jitter": "0",
8774	+	"Jitter": "0",
8775	-	"Maxdns": "255",
8775	+	"Maxdns": "255",
8776	-	"C2 Server": "3.16.1.87,/load",
8776	+	"C2 Server": "3.16.1.87,/load",
8777	-	"User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; BOIE9;ENUS)",
8777	+	"User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; BOIE9;ENUS)",
8778	-	"HTTP Method Path 2": "/submit.php",
8778	+	"HTTP Method Path 2": "/submit.php",
8779	-	"Header1": "",
8779	+	"Header1": "",
8780	-	"Header2": "",
8780	+	"Header2": "",
8781	-	"PipeName": "",
8781	+	"PipeName": "",
8782	-	"DNS Idle": "\\x00\\x00\\x00\\x00",
8782	+	"DNS Idle": "\\x00\\x00\\x00\\x00",
8783	-	"DNS Sleep": "0",
8783	+	"DNS Sleep": "0",
8784	-	"Method1": "GET",
8784	+	"Method1": "GET",
8785	-	"Method2": "POST",
8785	+	"Method2": "POST",
8786	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
8786	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
8787	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
8787	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
8788	-	"Proxy_AccessType": "2 (Use IE settings)"
8788	+	"Proxy_AccessType": "2 (Use IE settings)"
8789	-	}
8789	+	}
8790	-	},
8790	+	},
8791	-	"3.17.176.47": {
8791	+	"3.17.176.47": {
8792	-	"x64": {
8792	+	"x64": {
8793	-	"BeaconType": "8 (HTTPS)",
8793	+	"BeaconType": "8 (HTTPS)",
8794	-	"Port": "443",
8794	+	"Port": "443",
8795	-	"Polling": "60000",
8795	+	"Polling": "60000",
8796	-	"Jitter": "0",
8796	+	"Jitter": "0",
8797	-	"C2 Server": "scripts.arshmedicalfoundation.com,/dot.gif",
8797	+	"C2 Server": "scripts.arshmedicalfoundation.com,/dot.gif",
8798	-	"HTTP Method Path 2": "/submit.php",
8798	+	"HTTP Method Path 2": "/submit.php",
8799	-	"Method1": "GET",
8799	+	"Method1": "GET",
8800	-	"Method2": "POST",
8800	+	"Method2": "POST",
8801	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
8801	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
8802	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
8802	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
8803	-	"Proxy_AccessType": "2 (Use IE settings)"
8803	+	"Proxy_AccessType": "2 (Use IE settings)"
8804	-	}
8804	+	}
8805	-	},
8805	+	},
8806	-	"3.19.26.213": {
8806	+	"3.19.26.213": {
8807	-	"x86": {
8807	+	"x86": {
8808	-	"BeaconType": "8 (HTTPS)",
8808	+	"BeaconType": "8 (HTTPS)",
8809	-	"Port": "443",
8809	+	"Port": "443",
8810	-	"Polling": "5000",
8810	+	"Polling": "5000",
8811	-	"Jitter": "0",
8811	+	"Jitter": "0",
8812	-	"C2 Server": "ec2-3-19-26-213.us-east-2.compute.amazonaws.com,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books",
8812	+	"C2 Server": "ec2-3-19-26-213.us-east-2.compute.amazonaws.com,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books",
8813	-	"HTTP Method Path 2": "/N4215/adj/amzn.us.sr.aps",
8813	+	"HTTP Method Path 2": "/N4215/adj/amzn.us.sr.aps",
8814	-	"Method1": "GET",
8814	+	"Method1": "GET",
8815	-	"Method2": "POST",
8815	+	"Method2": "POST",
8816	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
8816	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
8817	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
8817	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
8818	-	"Proxy_AccessType": "2 (Use IE settings)"
8818	+	"Proxy_AccessType": "2 (Use IE settings)"
8819	-	}
8819	+	}
8820	-	},
8820	+	},
8821	-	"3.22.101.152": {
8821	+	"3.22.101.152": {
8822	-	"x86": {
8822	+	"x86": {
8823	-	"BeaconType": "8 (HTTPS)",
8823	+	"BeaconType": "8 (HTTPS)",
8824	-	"Port": "443",
8824	+	"Port": "443",
8825	-	"Polling": "30000",
8825	+	"Polling": "30000",
8826	-	"Jitter": "20",
8826	+	"Jitter": "20",
8827	-	"C2 Server": "d6qg530ok85uj.cloudfront.net,/safebrowsing/fp/X5dYOhqFrKn95vdkmSCHODPEuY9",
8827	+	"C2 Server": "d6qg530ok85uj.cloudfront.net,/safebrowsing/fp/X5dYOhqFrKn95vdkmSCHODPEuY9",
8828	-	"HTTP Method Path 2": "/safebrowsing/fp/Xtsuqd9wDd34nVxGbIiRlzzODKYweAye7kEob",
8828	+	"HTTP Method Path 2": "/safebrowsing/fp/Xtsuqd9wDd34nVxGbIiRlzzODKYweAye7kEob",
8829	-	"Method1": "GET",
8829	+	"Method1": "GET",
8830	-	"Method2": "POST",
8830	+	"Method2": "POST",
8831	-	"Spawnto_x86": "%windir%\\syswow64\\mcbuilder.exe",
8831	+	"Spawnto_x86": "%windir%\\syswow64\\mcbuilder.exe",
8832	-	"Spawnto_x64": "%windir%\\sysnative\\mcbuilder.exe",
8832	+	"Spawnto_x64": "%windir%\\sysnative\\mcbuilder.exe",
8833	-	"Proxy_AccessType": "2 (Use IE settings)"
8833	+	"Proxy_AccessType": "2 (Use IE settings)"
8834	-	},
8834	+	},
8835	-	"x64": {
8835	+	"x64": {
8836	-	"BeaconType": "8 (HTTPS)",
8836	+	"BeaconType": "8 (HTTPS)",
8837	-	"Port": "443",
8837	+	"Port": "443",
8838	-	"Polling": "30000",
8838	+	"Polling": "30000",
8839	-	"Jitter": "20",
8839	+	"Jitter": "20",
8840	-	"C2 Server": "d6qg530ok85uj.cloudfront.net,/safebrowsing/fp/X5dYOhqFrKn95vdkmSCHODPEuY9",
8840	+	"C2 Server": "d6qg530ok85uj.cloudfront.net,/safebrowsing/fp/X5dYOhqFrKn95vdkmSCHODPEuY9",
8841	-	"HTTP Method Path 2": "/safebrowsing/fp/Xtsuqd9wDd34nVxGbIiRlzzODKYweAye7kEob",
8841	+	"HTTP Method Path 2": "/safebrowsing/fp/Xtsuqd9wDd34nVxGbIiRlzzODKYweAye7kEob",
8842	-	"Method1": "GET",
8842	+	"Method1": "GET",
8843	-	"Method2": "POST",
8843	+	"Method2": "POST",
8844	-	"Spawnto_x86": "%windir%\\syswow64\\mcbuilder.exe",
8844	+	"Spawnto_x86": "%windir%\\syswow64\\mcbuilder.exe",
8845	-	"Spawnto_x64": "%windir%\\sysnative\\mcbuilder.exe",
8845	+	"Spawnto_x64": "%windir%\\sysnative\\mcbuilder.exe",
8846	-	"Proxy_AccessType": "2 (Use IE settings)"
8846	+	"Proxy_AccessType": "2 (Use IE settings)"
8847	-	}
8847	+	}
8848	-	},
8848	+	},
8849	-	"3.231.164.70": {
8849	+	"3.231.164.70": {
8850	-	"x64": {
8850	+	"x64": {
8851	-	"BeaconType": "8 (HTTPS)",
8851	+	"BeaconType": "8 (HTTPS)",
8852	-	"Port": "443",
8852	+	"Port": "443",
8853	-	"Polling": "57970",
8853	+	"Polling": "57970",
8854	-	"Jitter": "43",
8854	+	"Jitter": "43",
8855	-	"Maxdns": "254",
8855	+	"Maxdns": "254",
8856	-	"C2 Server": "k8s.containerkubernetes.com,/bm",
8856	+	"C2 Server": "k8s.containerkubernetes.com,/bm",
8857	-	"User Agent": "Mozilla/5.0 (Windows Phone 10.0; Android 6.0.1; Microsoft; RM-1152) AppleWebKit/537.36 (KHTML, like Gecko)",
8857	+	"User Agent": "Mozilla/5.0 (Windows Phone 10.0; Android 6.0.1; Microsoft; RM-1152) AppleWebKit/537.36 (KHTML, like Gecko)",
8858	-	"HTTP Method Path 2": "/br",
8858	+	"HTTP Method Path 2": "/br",
8859	-	"Header1": "",
8859	+	"Header1": "",
8860	-	"Header2": "",
8860	+	"Header2": "",
8861	-	"PipeName": "",
8861	+	"PipeName": "",
8862	-	"DNS Idle": "\\xB7\\x08(1",
8862	+	"DNS Idle": "\\xB7\\x08(1",
8863	-	"DNS Sleep": "0",
8863	+	"DNS Sleep": "0",
8864	-	"Method1": "GET",
8864	+	"Method1": "GET",
8865	-	"Method2": "POST",
8865	+	"Method2": "POST",
8866	-	"Spawnto_x86": "%windir%\\syswow64\\runonce.exe",
8866	+	"Spawnto_x86": "%windir%\\syswow64\\runonce.exe",
8867	-	"Spawnto_x64": "%windir%\\sysnative\\runonce.exe",
8867	+	"Spawnto_x64": "%windir%\\sysnative\\runonce.exe",
8868	-	"Proxy_AccessType": "2 (Use IE settings)"
8868	+	"Proxy_AccessType": "2 (Use IE settings)"
8869	-	}
8869	+	}
8870	-	},
8870	+	},
8871	-	"3.234.215.191": {
8871	+	"3.234.215.191": {
8872	-	"x64": {
8872	+	"x64": {
8873	-	"BeaconType": "8 (HTTPS)",
8873	+	"BeaconType": "8 (HTTPS)",
8874	-	"Port": "443",
8874	+	"Port": "443",
8875	-	"Polling": "30000",
8875	+	"Polling": "30000",
8876	-	"Jitter": "10",
8876	+	"Jitter": "10",
8877	-	"C2 Server": "secure.kaysHealthAndBeautySense.com,/recipe.html",
8877	+	"C2 Server": "secure.kaysHealthAndBeautySense.com,/recipe.html",
8878	-	"HTTP Method Path 2": "/italian",
8878	+	"HTTP Method Path 2": "/italian",
8879	-	"Method1": "GET",
8879	+	"Method1": "GET",
8880	-	"Method2": "POST",
8880	+	"Method2": "POST",
8881	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
8881	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
8882	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
8882	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
8883	-	"Proxy_AccessType": "2 (Use IE settings)"
8883	+	"Proxy_AccessType": "2 (Use IE settings)"
8884	-	}
8884	+	}
8885	-	},
8885	+	},
8886	-	"3.23.61.79": {
8886	+	"3.23.61.79": {
8887	-	"x86": {
8887	+	"x86": {
8888	-	"BeaconType": "8 (HTTPS)",
8888	+	"BeaconType": "8 (HTTPS)",
8889	-	"Port": "443",
8889	+	"Port": "443",
8890	-	"Polling": "41000",
8890	+	"Polling": "41000",
8891	-	"Jitter": "35",
8891	+	"Jitter": "35",
8892	-	"C2 Server": "3.23.61.79,/c/msdownload/update/others/2019/12/mVKMlUG03GFQfOJ2FZUYNYaNl",
8892	+	"C2 Server": "3.23.61.79,/c/msdownload/update/others/2019/12/mVKMlUG03GFQfOJ2FZUYNYaNl",
8893	-	"HTTP Method Path 2": "/msdownload/update/others/2019/12/lmT9iLxVAILu9XhSluVMNWXi9lAma",
8893	+	"HTTP Method Path 2": "/msdownload/update/others/2019/12/lmT9iLxVAILu9XhSluVMNWXi9lAma",
8894	-	"Method1": "GET",
8894	+	"Method1": "GET",
8895	-	"Method2": "POST",
8895	+	"Method2": "POST",
8896	-	"Spawnto_x86": "%windir%\\syswow64\\WerFault.exe",
8896	+	"Spawnto_x86": "%windir%\\syswow64\\WerFault.exe",
8897	-	"Spawnto_x64": "%windir%\\sysnative\\WerFault.exe",
8897	+	"Spawnto_x64": "%windir%\\sysnative\\WerFault.exe",
8898	-	"Proxy_AccessType": "2 (Use IE settings)"
8898	+	"Proxy_AccessType": "2 (Use IE settings)"
8899	-	},
8899	+	},
8900	-	"x64": {
8900	+	"x64": {
8901	-	"BeaconType": "8 (HTTPS)",
8901	+	"BeaconType": "8 (HTTPS)",
8902	-	"Port": "443",
8902	+	"Port": "443",
8903	-	"Polling": "41000",
8903	+	"Polling": "41000",
8904	-	"Jitter": "35",
8904	+	"Jitter": "35",
8905	-	"C2 Server": "3.23.61.79,/c/msdownload/update/others/2019/12/mVKMlUG03GFQfOJ2FZUYNYaNl",
8905	+	"C2 Server": "3.23.61.79,/c/msdownload/update/others/2019/12/mVKMlUG03GFQfOJ2FZUYNYaNl",
8906	-	"HTTP Method Path 2": "/msdownload/update/others/2019/12/lmT9iLxVAILu9XhSluVMNWXi9lAma",
8906	+	"HTTP Method Path 2": "/msdownload/update/others/2019/12/lmT9iLxVAILu9XhSluVMNWXi9lAma",
8907	-	"Method1": "GET",
8907	+	"Method1": "GET",
8908	-	"Method2": "POST",
8908	+	"Method2": "POST",
8909	-	"Spawnto_x86": "%windir%\\syswow64\\WerFault.exe",
8909	+	"Spawnto_x86": "%windir%\\syswow64\\WerFault.exe",
8910	-	"Spawnto_x64": "%windir%\\sysnative\\WerFault.exe",
8910	+	"Spawnto_x64": "%windir%\\sysnative\\WerFault.exe",
8911	-	"Proxy_AccessType": "2 (Use IE settings)"
8911	+	"Proxy_AccessType": "2 (Use IE settings)"
8912	-	}
8912	+	}
8913	-	},
8913	+	},
8914	-	"3.236.230.152": {
8914	+	"3.236.230.152": {
8915	-	"x86": {
8915	+	"x86": {
8916	-	"BeaconType": "8 (HTTPS)",
8916	+	"BeaconType": "8 (HTTPS)",
8917	-	"Port": "443",
8917	+	"Port": "443",
8918	-	"Polling": "2700",
8918	+	"Polling": "2700",
8919	-	"Jitter": "11",
8919	+	"Jitter": "11",
8920	-	"Maxdns": "244",
8920	+	"Maxdns": "244",
8921	-	"C2 Server": "www.pepsicoamerica.com,/preload",
8921	+	"C2 Server": "www.pepsicoamerica.com,/preload",
8922	-	"User Agent": "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3 GTB6 (.NET CLR 3.5.30729)",
8922	+	"User Agent": "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3 GTB6 (.NET CLR 3.5.30729)",
8923	-	"HTTP Method Path 2": "/sa",
8923	+	"HTTP Method Path 2": "/sa",
8924	-	"Header1": "",
8924	+	"Header1": "",
8925	-	"Header2": "",
8925	+	"Header2": "",
8926	-	"PipeName": "",
8926	+	"PipeName": "",
8927	-	"DNS Idle": "\\x08\\x08\\x04\\x04",
8927	+	"DNS Idle": "\\x08\\x08\\x04\\x04",
8928	-	"DNS Sleep": "0",
8928	+	"DNS Sleep": "0",
8929	-	"Method1": "GET",
8929	+	"Method1": "GET",
8930	-	"Method2": "GET",
8930	+	"Method2": "GET",
8931	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
8931	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
8932	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
8932	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
8933	-	"Proxy_AccessType": "1 (Use direct connection)"
8933	+	"Proxy_AccessType": "1 (Use direct connection)"
8934	-	},
8934	+	},
8935	-	"x64": {
8935	+	"x64": {
8936	-	"BeaconType": "8 (HTTPS)",
8936	+	"BeaconType": "8 (HTTPS)",
8937	-	"Port": "443",
8937	+	"Port": "443",
8938	-	"Polling": "2700",
8938	+	"Polling": "2700",
8939	-	"Jitter": "11",
8939	+	"Jitter": "11",
8940	-	"Maxdns": "244",
8940	+	"Maxdns": "244",
8941	-	"C2 Server": "www.pepsicoamerica.com,/preload",
8941	+	"C2 Server": "www.pepsicoamerica.com,/preload",
8942	-	"User Agent": "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3 GTB6 (.NET CLR 3.5.30729)",
8942	+	"User Agent": "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3 GTB6 (.NET CLR 3.5.30729)",
8943	-	"HTTP Method Path 2": "/sa",
8943	+	"HTTP Method Path 2": "/sa",
8944	-	"Header1": "",
8944	+	"Header1": "",
8945	-	"Header2": "",
8945	+	"Header2": "",
8946	-	"PipeName": "",
8946	+	"PipeName": "",
8947	-	"DNS Idle": "\\x08\\x08\\x04\\x04",
8947	+	"DNS Idle": "\\x08\\x08\\x04\\x04",
8948	-	"DNS Sleep": "0",
8948	+	"DNS Sleep": "0",
8949	-	"Method1": "GET",
8949	+	"Method1": "GET",
8950	-	"Method2": "GET",
8950	+	"Method2": "GET",
8951	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
8951	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
8952	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
8952	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
8953	-	"Proxy_AccessType": "1 (Use direct connection)"
8953	+	"Proxy_AccessType": "1 (Use direct connection)"
8954	-	}
8954	+	}
8955	-	},
8955	+	},
8956	-	"3.237.38.249": {
8956	+	"3.237.38.249": {
8957	-	"x86": {
8957	+	"x86": {
8958	-	"BeaconType": "8 (HTTPS)",
8958	+	"BeaconType": "8 (HTTPS)",
8959	-	"Port": "443",
8959	+	"Port": "443",
8960	-	"Polling": "45000",
8960	+	"Polling": "45000",
8961	-	"Jitter": "20",
8961	+	"Jitter": "20",
8962	-	"C2 Server": "www.amzn-solutions.com,/page.jsp,help.amzn-solutions.com,/page.jsp,forum.dmcseddebtservices.com,/index.jsp,www.dmcseddebtservices.com,/process.jsp",
8962	+	"C2 Server": "www.amzn-solutions.com,/page.jsp,help.amzn-solutions.com,/page.jsp,forum.dmcseddebtservices.com,/index.jsp,www.dmcseddebtservices.com,/process.jsp",
8963	-	"HTTP Method Path 2": "/search.jsp",
8963	+	"HTTP Method Path 2": "/search.jsp",
8964	-	"Method1": "GET",
8964	+	"Method1": "GET",
8965	-	"Method2": "POST",
8965	+	"Method2": "POST",
8966	-	"Spawnto_x86": "%windir%\\syswow64\\wecutil.exe",
8966	+	"Spawnto_x86": "%windir%\\syswow64\\wecutil.exe",
8967	-	"Spawnto_x64": "%windir%\\sysnative\\wecutil.exe",
8967	+	"Spawnto_x64": "%windir%\\sysnative\\wecutil.exe",
8968	-	"Proxy_AccessType": "2 (Use IE settings)"
8968	+	"Proxy_AccessType": "2 (Use IE settings)"
8969	-	},
8969	+	},
8970	-	"x64": {
8970	+	"x64": {
8971	-	"BeaconType": "8 (HTTPS)",
8971	+	"BeaconType": "8 (HTTPS)",
8972	-	"Port": "443",
8972	+	"Port": "443",
8973	-	"Polling": "45000",
8973	+	"Polling": "45000",
8974	-	"Jitter": "20",
8974	+	"Jitter": "20",
8975	-	"C2 Server": "www.amzn-solutions.com,/page.jsp,help.amzn-solutions.com,/process.jsp,forum.dmcseddebtservices.com,/index.jsp,www.dmcseddebtservices.com,/user.jsp",
8975	+	"C2 Server": "www.amzn-solutions.com,/page.jsp,help.amzn-solutions.com,/process.jsp,forum.dmcseddebtservices.com,/index.jsp,www.dmcseddebtservices.com,/user.jsp",
8976	-	"HTTP Method Path 2": "/parse.jsp",
8976	+	"HTTP Method Path 2": "/parse.jsp",
8977	-	"Method1": "GET",
8977	+	"Method1": "GET",
8978	-	"Method2": "POST",
8978	+	"Method2": "POST",
8979	-	"Spawnto_x86": "%windir%\\syswow64\\wecutil.exe",
8979	+	"Spawnto_x86": "%windir%\\syswow64\\wecutil.exe",
8980	-	"Spawnto_x64": "%windir%\\sysnative\\wecutil.exe",
8980	+	"Spawnto_x64": "%windir%\\sysnative\\wecutil.exe",
8981	-	"Proxy_AccessType": "2 (Use IE settings)"
8981	+	"Proxy_AccessType": "2 (Use IE settings)"
8982	-	}
8982	+	}
8983	-	},
8983	+	},
8984	-	"3.250.193.216": {
8984	+	"3.250.193.216": {
8985	-	"x86": {
8985	+	"x86": {
8986	-	"BeaconType": "8 (HTTPS)",
8986	+	"BeaconType": "8 (HTTPS)",
8987	-	"Port": "443",
8987	+	"Port": "443",
8988	-	"Polling": "400",
8988	+	"Polling": "400",
8989	-	"Jitter": "12",
8989	+	"Jitter": "12",
8990	-	"C2 Server": "ehrclient-canary.teams.microsoft.com,/s/ref=nb_sb_noss_1/698-71218292-1534620/field-keywords=point",
8990	+	"C2 Server": "ehrclient-canary.teams.microsoft.com,/s/ref=nb_sb_noss_1/698-71218292-1534620/field-keywords=point",
8991	-	"HTTP Method Path 2": "/N5819/adj/amzn.us.sr.aps",
8991	+	"HTTP Method Path 2": "/N5819/adj/amzn.us.sr.aps",
8992	-	"Method1": "GET",
8992	+	"Method1": "GET",
8993	-	"Method2": "POST",
8993	+	"Method2": "POST",
8994	-	"Spawnto_x86": "%windir%\\syswow64\\net.exe",
8994	+	"Spawnto_x86": "%windir%\\syswow64\\net.exe",
8995	-	"Spawnto_x64": "%windir%\\sysnative\\net.exe",
8995	+	"Spawnto_x64": "%windir%\\sysnative\\net.exe",
8996	-	"Proxy_AccessType": "2 (Use IE settings)"
8996	+	"Proxy_AccessType": "2 (Use IE settings)"
8997	-	},
8997	+	},
8998	-	"x64": {
8998	+	"x64": {
8999	-	"BeaconType": "8 (HTTPS)",
8999	+	"BeaconType": "8 (HTTPS)",
9000	-	"Port": "443",
9000	+	"Port": "443",
9001	-	"Polling": "400",
9001	+	"Polling": "400",
9002	-	"Jitter": "12",
9002	+	"Jitter": "12",
9003	-	"C2 Server": "ehrclient-canary.teams.microsoft.com,/s/ref=nb_sb_noss_1/698-71218292-1534620/field-keywords=point",
9003	+	"C2 Server": "ehrclient-canary.teams.microsoft.com,/s/ref=nb_sb_noss_1/698-71218292-1534620/field-keywords=point",
9004	-	"HTTP Method Path 2": "/N5819/adj/amzn.us.sr.aps",
9004	+	"HTTP Method Path 2": "/N5819/adj/amzn.us.sr.aps",
9005	-	"Method1": "GET",
9005	+	"Method1": "GET",
9006	-	"Method2": "POST",
9006	+	"Method2": "POST",
9007	-	"Spawnto_x86": "%windir%\\syswow64\\net.exe",
9007	+	"Spawnto_x86": "%windir%\\syswow64\\net.exe",
9008	-	"Spawnto_x64": "%windir%\\sysnative\\net.exe",
9008	+	"Spawnto_x64": "%windir%\\sysnative\\net.exe",
9009	-	"Proxy_AccessType": "2 (Use IE settings)"
9009	+	"Proxy_AccessType": "2 (Use IE settings)"
9010	-	}
9010	+	}
9011	-	},
9011	+	},
9012	-	"3.25.232.105": {
9012	+	"3.25.232.105": {
9013	-	"x86": {
9013	+	"x86": {
9014	-	"BeaconType": "8 (HTTPS)",
9014	+	"BeaconType": "8 (HTTPS)",
9015	-	"Port": "443",
9015	+	"Port": "443",
9016	-	"Polling": "5000",
9016	+	"Polling": "5000",
9017	-	"Jitter": "0",
9017	+	"Jitter": "0",
9018	-	"C2 Server": "blog.widetechworld.com,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books",
9018	+	"C2 Server": "blog.widetechworld.com,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books",
9019	-	"HTTP Method Path 2": "/N4215/adj/amzn.us.sr.aps",
9019	+	"HTTP Method Path 2": "/N4215/adj/amzn.us.sr.aps",
9020	-	"Method1": "GET",
9020	+	"Method1": "GET",
9021	-	"Method2": "POST",
9021	+	"Method2": "POST",
9022	-	"Spawnto_x86": "C:\\Windows\\syswow64\\svchost.exe -k localservice -p -s fdPHost",
9022	+	"Spawnto_x86": "C:\\Windows\\syswow64\\svchost.exe -k localservice -p -s fdPHost",
9023	-	"Spawnto_x64": "C:\\Windows\\sysnative\\svchost.exe -k localservice -p -s fdPHost",
9023	+	"Spawnto_x64": "C:\\Windows\\sysnative\\svchost.exe -k localservice -p -s fdPHost",
9024	-	"Proxy_AccessType": "2 (Use IE settings)"
9024	+	"Proxy_AccessType": "2 (Use IE settings)"
9025	-	}
9025	+	}
9026	-	},
9026	+	},
9027	-	"34.121.230.223": {
9027	+	"34.121.230.223": {
9028	-	"x64": {
9028	+	"x64": {
9029	-	"BeaconType": "8 (HTTPS)",
9029	+	"BeaconType": "8 (HTTPS)",
9030	-	"Port": "443",
9030	+	"Port": "443",
9031	-	"Polling": "60000",
9031	+	"Polling": "60000",
9032	-	"Jitter": "0",
9032	+	"Jitter": "0",
9033	-	"Maxdns": "255",
9033	+	"Maxdns": "255",
9034	-	"C2 Server": "about.inno-finance.com,/cx",
9034	+	"C2 Server": "about.inno-finance.com,/cx",
9035	-	"User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MASB)",
9035	+	"User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MASB)",
9036	-	"HTTP Method Path 2": "/submit.php",
9036	+	"HTTP Method Path 2": "/submit.php",
9037	-	"Header1": "",
9037	+	"Header1": "",
9038	-	"Header2": "",
9038	+	"Header2": "",
9039	-	"PipeName": "",
9039	+	"PipeName": "",
9040	-	"DNS Idle": "\\x00\\x00\\x00\\x00",
9040	+	"DNS Idle": "\\x00\\x00\\x00\\x00",
9041	-	"DNS Sleep": "0",
9041	+	"DNS Sleep": "0",
9042	-	"Method1": "GET",
9042	+	"Method1": "GET",
9043	-	"Method2": "POST",
9043	+	"Method2": "POST",
9044	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
9044	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
9045	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
9045	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
9046	-	"Proxy_AccessType": "2 (Use IE settings)"
9046	+	"Proxy_AccessType": "2 (Use IE settings)"
9047	-	}
9047	+	}
9048	-	},
9048	+	},
9049	-	"34.200.243.234": {
9049	+	"34.200.243.234": {
9050	-	"x86": {
9050	+	"x86": {
9051	-	"BeaconType": "8 (HTTPS)",
9051	+	"BeaconType": "8 (HTTPS)",
9052	-	"Port": "443",
9052	+	"Port": "443",
9053	-	"Polling": "60000",
9053	+	"Polling": "60000",
9054	-	"Jitter": "20",
9054	+	"Jitter": "20",
9055	-	"C2 Server": "api.bcbshealth.care,/complete/search",
9055	+	"C2 Server": "api.bcbshealth.care,/complete/search",
9056	-	"HTTP Method Path 2": "/Complete_Search",
9056	+	"HTTP Method Path 2": "/Complete_Search",
9057	-	"Method1": "GET",
9057	+	"Method1": "GET",
9058	-	"Method2": "POST",
9058	+	"Method2": "POST",
9059	-	"Spawnto_x86": "C:\\Program Files (x86)\\Internet Explorer\\iexplore.exe",
9059	+	"Spawnto_x86": "C:\\Program Files (x86)\\Internet Explorer\\iexplore.exe",
9060	-	"Spawnto_x64": "C:\\Program Files\\internet explorer\\iexplore.exe",
9060	+	"Spawnto_x64": "C:\\Program Files\\internet explorer\\iexplore.exe",
9061	-	"Proxy_AccessType": "2 (Use IE settings)"
9061	+	"Proxy_AccessType": "2 (Use IE settings)"
9062	-	}
9062	+	}
9063	-	},
9063	+	},
9064	-	"34.201.140.145": {
9064	+	"34.201.140.145": {
9065	-	"x64": {
9065	+	"x64": {
9066	-	"BeaconType": "8 (HTTPS)",
9066	+	"BeaconType": "8 (HTTPS)",
9067	-	"Port": "443",
9067	+	"Port": "443",
9068	-	"Polling": "60000",
9068	+	"Polling": "60000",
9069	-	"Jitter": "15",
9069	+	"Jitter": "15",
9070	-	"Maxdns": "255",
9070	+	"Maxdns": "255",
9071	-	"C2 Server": "34.201.140.145,/_/scs/mail-static/_/js/",
9071	+	"C2 Server": "34.201.140.145,/_/scs/mail-static/_/js/",
9072	-	"User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MAAU)",
9072	+	"User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MAAU)",
9073	-	"HTTP Method Path 2": "/mail/u/0/",
9073	+	"HTTP Method Path 2": "/mail/u/0/",
9074	-	"Header1": "",
9074	+	"Header1": "",
9075	-	"Header2": "",
9075	+	"Header2": "",
9076	-	"PipeName": "",
9076	+	"PipeName": "",
9077	-	"DNS Idle": "\\x08\\x08\\x04\\x04",
9077	+	"DNS Idle": "\\x08\\x08\\x04\\x04",
9078	-	"DNS Sleep": "0",
9078	+	"DNS Sleep": "0",
9079	-	"Method1": "GET",
9079	+	"Method1": "GET",
9080	-	"Method2": "POST",
9080	+	"Method2": "POST",
9081	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
9081	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
9082	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
9082	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
9083	-	"Proxy_AccessType": "2 (Use IE settings)"
9083	+	"Proxy_AccessType": "2 (Use IE settings)"
9084	-	}
9084	+	}
9085	-	},
9085	+	},
9086	-	"34.203.235.59": {
9086	+	"34.203.235.59": {
9087	-	"x86": {
9087	+	"x86": {
9088	-	"BeaconType": "8 (HTTPS)",
9088	+	"BeaconType": "8 (HTTPS)",
9089	-	"Port": "443",
9089	+	"Port": "443",
9090	-	"Polling": "20000",
9090	+	"Polling": "20000",
9091	-	"Jitter": "20",
9091	+	"Jitter": "20",
9092	-	"C2 Server": "sitehealthcheck.org,/oscp/",
9092	+	"C2 Server": "sitehealthcheck.org,/oscp/",
9093	-	"HTTP Method Path 2": "/oscp/a/",
9093	+	"HTTP Method Path 2": "/oscp/a/",
9094	-	"Method1": "GET",
9094	+	"Method1": "GET",
9095	-	"Method2": "POST",
9095	+	"Method2": "POST",
9096	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
9096	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
9097	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
9097	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
9098	-	"Proxy_AccessType": "2 (Use IE settings)"
9098	+	"Proxy_AccessType": "2 (Use IE settings)"
9099	-	},
9099	+	},
9100	-	"x64": {
9100	+	"x64": {
9101	-	"BeaconType": "8 (HTTPS)",
9101	+	"BeaconType": "8 (HTTPS)",
9102	-	"Port": "443",
9102	+	"Port": "443",
9103	-	"Polling": "20000",
9103	+	"Polling": "20000",
9104	-	"Jitter": "20",
9104	+	"Jitter": "20",
9105	-	"C2 Server": "sitehealthcheck.org,/oscp/",
9105	+	"C2 Server": "sitehealthcheck.org,/oscp/",
9106	-	"HTTP Method Path 2": "/oscp/a/",
9106	+	"HTTP Method Path 2": "/oscp/a/",
9107	-	"Method1": "GET",
9107	+	"Method1": "GET",
9108	-	"Method2": "POST",
9108	+	"Method2": "POST",
9109	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
9109	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
9110	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
9110	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
9111	-	"Proxy_AccessType": "2 (Use IE settings)"
9111	+	"Proxy_AccessType": "2 (Use IE settings)"
9112	-	}
9112	+	}
9113	-	},
9113	+	},
9114	-	"34.211.110.219": {
9114	+	"34.211.110.219": {
9115	-	"x86": {
9115	+	"x86": {
9116	-	"BeaconType": "8 (HTTPS)",
9116	+	"BeaconType": "8 (HTTPS)",
9117	-	"Port": "443",
9117	+	"Port": "443",
9118	-	"Polling": "60000",
9118	+	"Polling": "60000",
9119	-	"Jitter": "0",
9119	+	"Jitter": "0",
9120	-	"Maxdns": "255",
9120	+	"Maxdns": "255",
9121	-	"C2 Server": "nelnetbanks.com,/fwlink",
9121	+	"C2 Server": "nelnetbanks.com,/fwlink",
9122	-	"User Agent": "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; InfoPath.2; InfoPath.3)",
9122	+	"User Agent": "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; InfoPath.2; InfoPath.3)",
9123	-	"HTTP Method Path 2": "/submit.php",
9123	+	"HTTP Method Path 2": "/submit.php",
9124	-	"Header1": "",
9124	+	"Header1": "",
9125	-	"Header2": "",
9125	+	"Header2": "",
9126	-	"PipeName": "",
9126	+	"PipeName": "",
9127	-	"DNS Idle": "\\x00\\x00\\x00\\x00",
9127	+	"DNS Idle": "\\x00\\x00\\x00\\x00",
9128	-	"DNS Sleep": "0",
9128	+	"DNS Sleep": "0",
9129	-	"Method1": "GET",
9129	+	"Method1": "GET",
9130	-	"Method2": "POST",
9130	+	"Method2": "POST",
9131	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
9131	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
9132	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
9132	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
9133	-	"Proxy_AccessType": "2 (Use IE settings)"
9133	+	"Proxy_AccessType": "2 (Use IE settings)"
9134	-	}
9134	+	}
9135	-	},
9135	+	},
9136	-	"34.212.57.1": {
9136	+	"34.212.57.1": {
9137	-	"x86": {
9137	+	"x86": {
9138	-	"BeaconType": "8 (HTTPS)",
9138	+	"BeaconType": "8 (HTTPS)",
9139	-	"Port": "443",
9139	+	"Port": "443",
9140	-	"Polling": "60000",
9140	+	"Polling": "60000",
9141	-	"Jitter": "0",
9141	+	"Jitter": "0",
9142	-	"C2 Server": "ec2-34-212-57-1.us-west-2.compute.amazonaws.com,/ptj",
9142	+	"C2 Server": "ec2-34-212-57-1.us-west-2.compute.amazonaws.com,/ptj",
9143	-	"HTTP Method Path 2": "/submit.php",
9143	+	"HTTP Method Path 2": "/submit.php",
9144	-	"Method1": "GET",
9144	+	"Method1": "GET",
9145	-	"Method2": "POST",
9145	+	"Method2": "POST",
9146	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
9146	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
9147	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
9147	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
9148	-	"Proxy_AccessType": "2 (Use IE settings)"
9148	+	"Proxy_AccessType": "2 (Use IE settings)"
9149	-	}
9149	+	}
9150	-	},
9150	+	},
9151	-	"34.217.5.107": {
9151	+	"34.217.5.107": {
9152	-	"x86": {
9152	+	"x86": {
9153	-	"BeaconType": "8 (HTTPS)",
9153	+	"BeaconType": "8 (HTTPS)",
9154	-	"Port": "443",
9154	+	"Port": "443",
9155	-	"Polling": "30000",
9155	+	"Polling": "30000",
9156	-	"Jitter": "50",
9156	+	"Jitter": "50",
9157	-	"Maxdns": "255",
9157	+	"Maxdns": "255",
9158	-	"C2 Server": "secure.carestreamhealthcare.com,/__utm.gif",
9158	+	"C2 Server": "secure.carestreamhealthcare.com,/__utm.gif",
9159	-	"User Agent": "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko",
9159	+	"User Agent": "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko",
9160	-	"HTTP Method Path 2": "/___utm.gif",
9160	+	"HTTP Method Path 2": "/___utm.gif",
9161	-	"Header1": "",
9161	+	"Header1": "",
9162	-	"Header2": "",
9162	+	"Header2": "",
9163	-	"PipeName": "",
9163	+	"PipeName": "",
9164	-	"DNS Idle": "\\x00\\x00\\x00\\x00",
9164	+	"DNS Idle": "\\x00\\x00\\x00\\x00",
9165	-	"DNS Sleep": "0",
9165	+	"DNS Sleep": "0",
9166	-	"Method1": "GET",
9166	+	"Method1": "GET",
9167	-	"Method2": "POST",
9167	+	"Method2": "POST",
9168	-	"Spawnto_x86": "%windir%\\syswow64\\WerFault.exe",
9168	+	"Spawnto_x86": "%windir%\\syswow64\\WerFault.exe",
9169	-	"Spawnto_x64": "%windir%\\sysnative\\WerFault.exe",
9169	+	"Spawnto_x64": "%windir%\\sysnative\\WerFault.exe",
9170	-	"Proxy_AccessType": "2 (Use IE settings)"
9170	+	"Proxy_AccessType": "2 (Use IE settings)"
9171	-	}
9171	+	}
9172	-	},
9172	+	},
9173	-	"34.222.203.112": {
9173	+	"34.222.203.112": {
9174	-	"x86": {
9174	+	"x86": {
9175	-	"BeaconType": "8 (HTTPS)",
9175	+	"BeaconType": "8 (HTTPS)",
9176	-	"Port": "443",
9176	+	"Port": "443",
9177	-	"Polling": "5400",
9177	+	"Polling": "5400",
9178	-	"Jitter": "12",
9178	+	"Jitter": "12",
9179	-	"C2 Server": "creditnetfinance.com,/rs-apps/assets/images/portfolio",
9179	+	"C2 Server": "creditnetfinance.com,/rs-apps/assets/images/portfolio",
9180	-	"HTTP Method Path 2": "/next-api/graphql",
9180	+	"HTTP Method Path 2": "/next-api/graphql",
9181	-	"Method1": "GET",
9181	+	"Method1": "GET",
9182	-	"Method2": "POST",
9182	+	"Method2": "POST",
9183	-	"Spawnto_x86": "%windir%\\syswow64\\upnpcont.exe",
9183	+	"Spawnto_x86": "%windir%\\syswow64\\upnpcont.exe",
9184	-	"Spawnto_x64": "%windir%\\sysnative\\upnpcont.exe",
9184	+	"Spawnto_x64": "%windir%\\sysnative\\upnpcont.exe",
9185	-	"Proxy_AccessType": "2 (Use IE settings)"
9185	+	"Proxy_AccessType": "2 (Use IE settings)"
9186	-	},
9186	+	},
9187	-	"x64": {
9187	+	"x64": {
9188	-	"BeaconType": "8 (HTTPS)",
9188	+	"BeaconType": "8 (HTTPS)",
9189	-	"Port": "443",
9189	+	"Port": "443",
9190	-	"Polling": "5400",
9190	+	"Polling": "5400",
9191	-	"Jitter": "12",
9191	+	"Jitter": "12",
9192	-	"C2 Server": "creditnetfinance.com,/rs-apps/assets/images/portfolio",
9192	+	"C2 Server": "creditnetfinance.com,/rs-apps/assets/images/portfolio",
9193	-	"HTTP Method Path 2": "/next-api/graphql",
9193	+	"HTTP Method Path 2": "/next-api/graphql",
9194	-	"Method1": "GET",
9194	+	"Method1": "GET",
9195	-	"Method2": "POST",
9195	+	"Method2": "POST",
9196	-	"Spawnto_x86": "%windir%\\syswow64\\upnpcont.exe",
9196	+	"Spawnto_x86": "%windir%\\syswow64\\upnpcont.exe",
9197	-	"Spawnto_x64": "%windir%\\sysnative\\upnpcont.exe",
9197	+	"Spawnto_x64": "%windir%\\sysnative\\upnpcont.exe",
9198	-	"Proxy_AccessType": "2 (Use IE settings)"
9198	+	"Proxy_AccessType": "2 (Use IE settings)"
9199	-	}
9199	+	}
9200	-	},
9200	+	},
9201	-	"34.238.192.43": {
9201	+	"34.238.192.43": {
9202	-	"x86": {
9202	+	"x86": {
9203	-	"BeaconType": "8 (HTTPS)",
9203	+	"BeaconType": "8 (HTTPS)",
9204	-	"Port": "443",
9204	+	"Port": "443",
9205	-	"Polling": "32051",
9205	+	"Polling": "32051",
9206	-	"Jitter": "57",
9206	+	"Jitter": "57",
9207	-	"Maxdns": "255",
9207	+	"Maxdns": "255",
9208	-	"C2 Server": "sharkfishinguk.com,/jquery-1.12.1.min.js",
9208	+	"C2 Server": "sharkfishinguk.com,/jquery-1.12.1.min.js",
9209	-	"User Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Safari/537.36 Edg/80.0.361.62",
9209	+	"User Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Safari/537.36 Edg/80.0.361.62",
9210	-	"HTTP Method Path 2": "/jquery-1.12.2.min.js",
9210	+	"HTTP Method Path 2": "/jquery-1.12.2.min.js",
9211	-	"Header1": "",
9211	+	"Header1": "",
9212	-	"Header2": "",
9212	+	"Header2": "",
9213	-	"PipeName": "",
9213	+	"PipeName": "",
9214	-	"DNS Idle": "\\x00\\x00\\x00\\x00",
9214	+	"DNS Idle": "\\x00\\x00\\x00\\x00",
9215	-	"DNS Sleep": "0",
9215	+	"DNS Sleep": "0",
9216	-	"Method1": "GET",
9216	+	"Method1": "GET",
9217	-	"Method2": "POST",
9217	+	"Method2": "POST",
9218	-	"Spawnto_x86": "%windir%\\syswow64\\svchost.exe",
9218	+	"Spawnto_x86": "%windir%\\syswow64\\svchost.exe",
9219	-	"Spawnto_x64": "%windir%\\sysnative\\spoolsv.exe",
9219	+	"Spawnto_x64": "%windir%\\sysnative\\spoolsv.exe",
9220	-	"Proxy_AccessType": "2 (Use IE settings)"
9220	+	"Proxy_AccessType": "2 (Use IE settings)"
9221	-	},
9221	+	},
9222	-	"x64": {
9222	+	"x64": {
9223	-	"BeaconType": "8 (HTTPS)",
9223	+	"BeaconType": "8 (HTTPS)",
9224	-	"Port": "443",
9224	+	"Port": "443",
9225	-	"Polling": "32051",
9225	+	"Polling": "32051",
9226	-	"Jitter": "57",
9226	+	"Jitter": "57",
9227	-	"Maxdns": "255",
9227	+	"Maxdns": "255",
9228	-	"C2 Server": "sharkfishinguk.com,/jquery-1.12.1.min.js",
9228	+	"C2 Server": "sharkfishinguk.com,/jquery-1.12.1.min.js",
9229	-	"User Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Safari/537.36 Edg/80.0.361.62",
9229	+	"User Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Safari/537.36 Edg/80.0.361.62",
9230	-	"HTTP Method Path 2": "/jquery-1.12.2.min.js",
9230	+	"HTTP Method Path 2": "/jquery-1.12.2.min.js",
9231	-	"Header1": "",
9231	+	"Header1": "",
9232	-	"Header2": "",
9232	+	"Header2": "",
9233	-	"PipeName": "",
9233	+	"PipeName": "",
9234	-	"DNS Idle": "\\x00\\x00\\x00\\x00",
9234	+	"DNS Idle": "\\x00\\x00\\x00\\x00",
9235	-	"DNS Sleep": "0",
9235	+	"DNS Sleep": "0",
9236	-	"Method1": "GET",
9236	+	"Method1": "GET",
9237	-	"Method2": "POST",
9237	+	"Method2": "POST",
9238	-	"Spawnto_x86": "%windir%\\syswow64\\svchost.exe",
9238	+	"Spawnto_x86": "%windir%\\syswow64\\svchost.exe",
9239	-	"Spawnto_x64": "%windir%\\sysnative\\spoolsv.exe",
9239	+	"Spawnto_x64": "%windir%\\sysnative\\spoolsv.exe",
9240	-	"Proxy_AccessType": "2 (Use IE settings)"
9240	+	"Proxy_AccessType": "2 (Use IE settings)"
9241	-	}
9241	+	}
9242	-	},
9242	+	},
9243	-	"34.80.40.66": {
9243	+	"34.80.40.66": {
9244	-	"x86": {
9244	+	"x86": {
9245	-	"BeaconType": "8 (HTTPS)",
9245	+	"BeaconType": "8 (HTTPS)",
9246	-	"Port": "443",
9246	+	"Port": "443",
9247	-	"Polling": "25000",
9247	+	"Polling": "25000",
9248	-	"Jitter": "5",
9248	+	"Jitter": "5",
9249	-	"Maxdns": "255",
9249	+	"Maxdns": "255",
9250	-	"C2 Server": "www.huijingwifi.com,/link",
9250	+	"C2 Server": "www.huijingwifi.com,/link",
9251	-	"User Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3835.79",
9251	+	"User Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3835.79",
9252	-	"HTTP Method Path 2": "/images/",
9252	+	"HTTP Method Path 2": "/images/",
9253	-	"Header1": "",
9253	+	"Header1": "",
9254	-	"Header2": "",
9254	+	"Header2": "",
9255	-	"PipeName": "",
9255	+	"PipeName": "",
9256	-	"DNS Idle": "\\x00\\x00\\x00\\x00",
9256	+	"DNS Idle": "\\x00\\x00\\x00\\x00",
9257	-	"DNS Sleep": "0",
9257	+	"DNS Sleep": "0",
9258	-	"Method1": "GET",
9258	+	"Method1": "GET",
9259	-	"Method2": "POST",
9259	+	"Method2": "POST",
9260	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
9260	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
9261	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
9261	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
9262	-	"Proxy_AccessType": "2 (Use IE settings)"
9262	+	"Proxy_AccessType": "2 (Use IE settings)"
9263	-	}
9263	+	}
9264	-	},
9264	+	},
9265	-	"35.158.118.182": {
9265	+	"35.158.118.182": {
9266	-	"x86": {
9266	+	"x86": {
9267	-	"BeaconType": "8 (HTTPS)",
9267	+	"BeaconType": "8 (HTTPS)",
9268	-	"Port": "443",
9268	+	"Port": "443",
9269	-	"Polling": "60000",
9269	+	"Polling": "60000",
9270	-	"Jitter": "15",
9270	+	"Jitter": "15",
9271	-	"C2 Server": "cob.maranshipssupplies.com,/_/scs/mail-static/_/js/",
9271	+	"C2 Server": "cob.maranshipssupplies.com,/_/scs/mail-static/_/js/",
9272	-	"HTTP Method Path 2": "/mail/u/0/",
9272	+	"HTTP Method Path 2": "/mail/u/0/",
9273	-	"Method1": "GET",
9273	+	"Method1": "GET",
9274	-	"Method2": "POST",
9274	+	"Method2": "POST",
9275	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
9275	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
9276	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
9276	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
9277	-	"Proxy_AccessType": "2 (Use IE settings)"
9277	+	"Proxy_AccessType": "2 (Use IE settings)"
9278	-	}
9278	+	}
9279	-	},
9279	+	},
9280	-	"35.158.226.16": {
9280	+	"35.158.226.16": {
9281	-	"x86": {
9281	+	"x86": {
9282	-	"BeaconType": "8 (HTTPS)",
9282	+	"BeaconType": "8 (HTTPS)",
9283	-	"Port": "443",
9283	+	"Port": "443",
9284	-	"Polling": "5000",
9284	+	"Polling": "5000",
9285	-	"Jitter": "10",
9285	+	"Jitter": "10",
9286	-	"C2 Server": "rijkzijn.nl,/vlk/grants,uwprivatebank.nl,/vlk/grants,systest.nl,/vlk/grants",
9286	+	"C2 Server": "rijkzijn.nl,/vlk/grants,uwprivatebank.nl,/vlk/grants,systest.nl,/vlk/grants",
9287	-	"HTTP Method Path 2": "/vlk/xmlrpc/v2",
9287	+	"HTTP Method Path 2": "/vlk/xmlrpc/v2",
9288	-	"Method1": "GET",
9288	+	"Method1": "GET",
9289	-	"Method2": "POST",
9289	+	"Method2": "POST",
9290	-	"Spawnto_x86": "%windir%\\syswow64\\mavinject.exe",
9290	+	"Spawnto_x86": "%windir%\\syswow64\\mavinject.exe",
9291	-	"Spawnto_x64": "%windir%\\sysnative\\gpupdate.exe",
9291	+	"Spawnto_x64": "%windir%\\sysnative\\gpupdate.exe",
9292	-	"Proxy_AccessType": "2 (Use IE settings)"
9292	+	"Proxy_AccessType": "2 (Use IE settings)"
9293	-	},
9293	+	},
9294	-	"x64": {
9294	+	"x64": {
9295	-	"BeaconType": "8 (HTTPS)",
9295	+	"BeaconType": "8 (HTTPS)",
9296	-	"Port": "443",
9296	+	"Port": "443",
9297	-	"Polling": "5000",
9297	+	"Polling": "5000",
9298	-	"Jitter": "10",
9298	+	"Jitter": "10",
9299	-	"C2 Server": "rijkzijn.nl,/vlk/grants,uwprivatebank.nl,/vlk/grants,systest.nl,/vlk/grants",
9299	+	"C2 Server": "rijkzijn.nl,/vlk/grants,uwprivatebank.nl,/vlk/grants,systest.nl,/vlk/grants",
9300	-	"HTTP Method Path 2": "/vlk/xmlrpc/v2",
9300	+	"HTTP Method Path 2": "/vlk/xmlrpc/v2",
9301	-	"Method1": "GET",
9301	+	"Method1": "GET",
9302	-	"Method2": "POST",
9302	+	"Method2": "POST",
9303	-	"Spawnto_x86": "%windir%\\syswow64\\mavinject.exe",
9303	+	"Spawnto_x86": "%windir%\\syswow64\\mavinject.exe",
9304	-	"Spawnto_x64": "%windir%\\sysnative\\gpupdate.exe",
9304	+	"Spawnto_x64": "%windir%\\sysnative\\gpupdate.exe",
9305	-	"Proxy_AccessType": "2 (Use IE settings)"
9305	+	"Proxy_AccessType": "2 (Use IE settings)"
9306	-	}
9306	+	}
9307	-	},
9307	+	},
9308	-	"35.176.207.20": {
9308	+	"35.176.207.20": {
9309	-	"x86": {
9309	+	"x86": {
9310	-	"BeaconType": "8 (HTTPS)",
9310	+	"BeaconType": "8 (HTTPS)",
9311	-	"Port": "443",
9311	+	"Port": "443",
9312	-	"Polling": "60000",
9312	+	"Polling": "60000",
9313	-	"Jitter": "20",
9313	+	"Jitter": "20",
9314	-	"Maxdns": "235",
9314	+	"Maxdns": "235",
9315	-	"C2 Server": "35.176.207.20,/c/msdownload/update/others/2016/12/29136388_",
9315	+	"C2 Server": "35.176.207.20,/c/msdownload/update/others/2016/12/29136388_",
9316	-	"User Agent": "Windows-Update-Agent/10.0.10011.16384 Client-Protocol/1.40",
9316	+	"User Agent": "Windows-Update-Agent/10.0.10011.16384 Client-Protocol/1.40",
9317	-	"HTTP Method Path 2": "/c/msdownload/update/others/2016/12/3215234_",
9317	+	"HTTP Method Path 2": "/c/msdownload/update/others/2016/12/3215234_",
9318	-	"Header1": "",
9318	+	"Header1": "",
9319	-	"Header2": "",
9319	+	"Header2": "",
9320	-	"PipeName": "",
9320	+	"PipeName": "",
9321	-	"DNS Idle": "\\x08\\x08\\x04\\x04",
9321	+	"DNS Idle": "\\x08\\x08\\x04\\x04",
9322	-	"DNS Sleep": "0",
9322	+	"DNS Sleep": "0",
9323	-	"Method1": "GET",
9323	+	"Method1": "GET",
9324	-	"Method2": "GET",
9324	+	"Method2": "GET",
9325	-	"Spawnto_x86": "%windir%\\syswow64\\WUAUCLT.exe",
9325	+	"Spawnto_x86": "%windir%\\syswow64\\WUAUCLT.exe",
9326	-	"Spawnto_x64": "%windir%\\sysnative\\WUAUCLT.exe",
9326	+	"Spawnto_x64": "%windir%\\sysnative\\WUAUCLT.exe",
9327	-	"Proxy_AccessType": "2 (Use IE settings)"
9327	+	"Proxy_AccessType": "2 (Use IE settings)"
9328	-	},
9328	+	},
9329	-	"x64": {
9329	+	"x64": {
9330	-	"BeaconType": "8 (HTTPS)",
9330	+	"BeaconType": "8 (HTTPS)",
9331	-	"Port": "443",
9331	+	"Port": "443",
9332	-	"Polling": "60000",
9332	+	"Polling": "60000",
9333	-	"Jitter": "20",
9333	+	"Jitter": "20",
9334	-	"Maxdns": "235",
9334	+	"Maxdns": "235",
9335	-	"C2 Server": "35.176.207.20,/c/msdownload/update/others/2016/12/29136388_",
9335	+	"C2 Server": "35.176.207.20,/c/msdownload/update/others/2016/12/29136388_",
9336	-	"User Agent": "Windows-Update-Agent/10.0.10011.16384 Client-Protocol/1.40",
9336	+	"User Agent": "Windows-Update-Agent/10.0.10011.16384 Client-Protocol/1.40",
9337	-	"HTTP Method Path 2": "/c/msdownload/update/others/2016/12/3215234_",
9337	+	"HTTP Method Path 2": "/c/msdownload/update/others/2016/12/3215234_",
9338	-	"Header1": "",
9338	+	"Header1": "",
9339	-	"Header2": "",
9339	+	"Header2": "",
9340	-	"PipeName": "",
9340	+	"PipeName": "",
9341	-	"DNS Idle": "\\x08\\x08\\x04\\x04",
9341	+	"DNS Idle": "\\x08\\x08\\x04\\x04",
9342	-	"DNS Sleep": "0",
9342	+	"DNS Sleep": "0",
9343	-	"Method1": "GET",
9343	+	"Method1": "GET",
9344	-	"Method2": "GET",
9344	+	"Method2": "GET",
9345	-	"Spawnto_x86": "%windir%\\syswow64\\WUAUCLT.exe",
9345	+	"Spawnto_x86": "%windir%\\syswow64\\WUAUCLT.exe",
9346	-	"Spawnto_x64": "%windir%\\sysnative\\WUAUCLT.exe",
9346	+	"Spawnto_x64": "%windir%\\sysnative\\WUAUCLT.exe",
9347	-	"Proxy_AccessType": "2 (Use IE settings)"
9347	+	"Proxy_AccessType": "2 (Use IE settings)"
9348	-	}
9348	+	}
9349	-	},
9349	+	},
9350	-	"35.192.90.50": {
9350	+	"35.192.90.50": {
9351	-	"x86": {
9351	+	"x86": {
9352	-	"BeaconType": "8 (HTTPS)",
9352	+	"BeaconType": "8 (HTTPS)",
9353	-	"Port": "443",
9353	+	"Port": "443",
9354	-	"Polling": "55647",
9354	+	"Polling": "55647",
9355	-	"Jitter": "39",
9355	+	"Jitter": "39",
9356	-	"Maxdns": "254",
9356	+	"Maxdns": "254",
9357	-	"C2 Server": "recovery.healthfitconnection.com,/ticket",
9357	+	"C2 Server": "recovery.healthfitconnection.com,/ticket",
9358	-	"User Agent": "Mozilla/5.0 (Linux; Android 6.0; HTC One X10 Build/MRA58K; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0",
9358	+	"User Agent": "Mozilla/5.0 (Linux; Android 6.0; HTC One X10 Build/MRA58K; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0",
9359	-	"HTTP Method Path 2": "/wwwboard",
9359	+	"HTTP Method Path 2": "/wwwboard",
9360	-	"Header1": "",
9360	+	"Header1": "",
9361	-	"Header2": "",
9361	+	"Header2": "",
9362	-	"PipeName": "",
9362	+	"PipeName": "",
9363	-	"DNS Idle": "D@\\xE68",
9363	+	"DNS Idle": "D@\\xE68",
9364	-	"DNS Sleep": "0",
9364	+	"DNS Sleep": "0",
9365	-	"Method1": "GET",
9365	+	"Method1": "GET",
9366	-	"Method2": "POST",
9366	+	"Method2": "POST",
9367	-	"Spawnto_x86": "%windir%\\syswow64\\regsvr32.exe",
9367	+	"Spawnto_x86": "%windir%\\syswow64\\regsvr32.exe",
9368	-	"Spawnto_x64": "%windir%\\sysnative\\regsvr32.exe",
9368	+	"Spawnto_x64": "%windir%\\sysnative\\regsvr32.exe",
9369	-	"Proxy_AccessType": "2 (Use IE settings)"
9369	+	"Proxy_AccessType": "2 (Use IE settings)"
9370	-	}
9370	+	}
9371	-	},
9371	+	},
9372	-	"35.193.193.149": {
9372	+	"35.193.193.149": {
9373	-	"x86": {
9373	+	"x86": {
9374	-	"BeaconType": "8 (HTTPS)",
9374	+	"BeaconType": "8 (HTTPS)",
9375	-	"Port": "443",
9375	+	"Port": "443",
9376	-	"Polling": "60000",
9376	+	"Polling": "60000",
9377	-	"Jitter": "0",
9377	+	"Jitter": "0",
9378	-	"Maxdns": "255",
9378	+	"Maxdns": "255",
9379	-	"C2 Server": "35.193.193.149,/dot.gif",
9379	+	"C2 Server": "35.193.193.149,/dot.gif",
9380	-	"User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; MAAU; NP08)",
9380	+	"User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; MAAU; NP08)",
9381	-	"HTTP Method Path 2": "/submit.php",
9381	+	"HTTP Method Path 2": "/submit.php",
9382	-	"Header1": "",
9382	+	"Header1": "",
9383	-	"Header2": "",
9383	+	"Header2": "",
9384	-	"PipeName": "",
9384	+	"PipeName": "",
9385	-	"DNS Idle": "\\x00\\x00\\x00\\x00",
9385	+	"DNS Idle": "\\x00\\x00\\x00\\x00",
9386	-	"DNS Sleep": "0",
9386	+	"DNS Sleep": "0",
9387	-	"Method1": "GET",
9387	+	"Method1": "GET",
9388	-	"Method2": "POST",
9388	+	"Method2": "POST",
9389	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
9389	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
9390	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
9390	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
9391	-	"Proxy_AccessType": "2 (Use IE settings)"
9391	+	"Proxy_AccessType": "2 (Use IE settings)"
9392	-	}
9392	+	}
9393	-	},
9393	+	},
9394	-	"35.221.158.178": {
9394	+	"35.221.158.178": {
9395	-	"x86": {
9395	+	"x86": {
9396	-	"BeaconType": "8 (HTTPS)",
9396	+	"BeaconType": "8 (HTTPS)",
9397	-	"Port": "443",
9397	+	"Port": "443",
9398	-	"Polling": "60000",
9398	+	"Polling": "60000",
9399	-	"Jitter": "0",
9399	+	"Jitter": "0",
9400	-	"Maxdns": "255",
9400	+	"Maxdns": "255",
9401	-	"C2 Server": "35.221.158.178,/ptj",
9401	+	"C2 Server": "35.221.158.178,/ptj",
9402	-	"User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; XBLWP7; ZuneWP7)",
9402	+	"User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; XBLWP7; ZuneWP7)",
9403	-	"HTTP Method Path 2": "/submit.php",
9403	+	"HTTP Method Path 2": "/submit.php",
9404	-	"Header1": "",
9404	+	"Header1": "",
9405	-	"Header2": "",
9405	+	"Header2": "",
9406	-	"PipeName": "",
9406	+	"PipeName": "",
9407	-	"DNS Idle": "\\x00\\x00\\x00\\x00",
9407	+	"DNS Idle": "\\x00\\x00\\x00\\x00",
9408	-	"DNS Sleep": "0",
9408	+	"DNS Sleep": "0",
9409	-	"Method1": "GET",
9409	+	"Method1": "GET",
9410	-	"Method2": "POST",
9410	+	"Method2": "POST",
9411	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
9411	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
9412	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
9412	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
9413	-	"Proxy_AccessType": "2 (Use IE settings)"
9413	+	"Proxy_AccessType": "2 (Use IE settings)"
9414	-	}
9414	+	}
9415	-	},
9415	+	},
9416	-	"35.241.143.134": {
9416	+	"35.241.143.134": {
9417	-	"x64": {
9417	+	"x64": {
9418	-	"BeaconType": "8 (HTTPS)",
9418	+	"BeaconType": "8 (HTTPS)",
9419	-	"Port": "443",
9419	+	"Port": "443",
9420	-	"Polling": "60000",
9420	+	"Polling": "60000",
9421	-	"Jitter": "20",
9421	+	"Jitter": "20",
9422	-	"Maxdns": "235",
9422	+	"Maxdns": "235",
9423	-	"C2 Server": "control.commanderinthe.cloud,/search/",
9423	+	"C2 Server": "control.commanderinthe.cloud,/search/",
9424	-	"User Agent": "Mozilla/5.0 (compatible, MSIE 11, Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko",
9424	+	"User Agent": "Mozilla/5.0 (compatible, MSIE 11, Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko",
9425	-	"HTTP Method Path 2": "/Search/",
9425	+	"HTTP Method Path 2": "/Search/",
9426	-	"Header1": "",
9426	+	"Header1": "",
9427	-	"Header2": "",
9427	+	"Header2": "",
9428	-	"PipeName": "",
9428	+	"PipeName": "",
9429	-	"DNS Idle": "\\x08\\x08\\x04\\x04",
9429	+	"DNS Idle": "\\x08\\x08\\x04\\x04",
9430	-	"DNS Sleep": "0",
9430	+	"DNS Sleep": "0",
9431	-	"Method1": "GET",
9431	+	"Method1": "GET",
9432	-	"Method2": "GET",
9432	+	"Method2": "GET",
9433	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
9433	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
9434	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
9434	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
9435	-	"Proxy_AccessType": "2 (Use IE settings)"
9435	+	"Proxy_AccessType": "2 (Use IE settings)"
9436	-	}
9436	+	}
9437	-	},
9437	+	},
9438	-	"37.252.120.101": {
9438	+	"37.252.120.101": {
9439	-	"x64": {
9439	+	"x64": {
9440	-	"BeaconType": "8 (HTTPS)",
9440	+	"BeaconType": "8 (HTTPS)",
9441	-	"Port": "443",
9441	+	"Port": "443",
9442	-	"Polling": "10000",
9442	+	"Polling": "10000",
9443	-	"Jitter": "15",
9443	+	"Jitter": "15",
9444	-	"Maxdns": "255",
9444	+	"Maxdns": "255",
9445	-	"C2 Server": "37.252.120.101,/resolve/alter/",
9445	+	"C2 Server": "37.252.120.101,/resolve/alter/",
9446	-	"User Agent": "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; BTRS125526)",
9446	+	"User Agent": "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; BTRS125526)",
9447	-	"HTTP Method Path 2": "/client/real/",
9447	+	"HTTP Method Path 2": "/client/real/",
9448	-	"Header1": "",
9448	+	"Header1": "",
9449	-	"Header2": "",
9449	+	"Header2": "",
9450	-	"PipeName": "",
9450	+	"PipeName": "",
9451	-	"DNS Idle": "\\x08\\x08\\x04\\x04",
9451	+	"DNS Idle": "\\x08\\x08\\x04\\x04",
9452	-	"DNS Sleep": "0",
9452	+	"DNS Sleep": "0",
9453	-	"Method1": "GET",
9453	+	"Method1": "GET",
9454	-	"Method2": "POST",
9454	+	"Method2": "POST",
9455	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
9455	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
9456	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
9456	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
9457	-	"Proxy_AccessType": "2 (Use IE settings)"
9457	+	"Proxy_AccessType": "2 (Use IE settings)"
9458	-	}
9458	+	}
9459	-	},
9459	+	},
9460	-	"38.100.141.131": {
9460	+	"38.100.141.131": {
9461	-	"x86": {
9461	+	"x86": {
9462	-	"BeaconType": "8 (HTTPS)",
9462	+	"BeaconType": "8 (HTTPS)",
9463	-	"Port": "443",
9463	+	"Port": "443",
9464	-	"Polling": "15000",
9464	+	"Polling": "15000",
9465	-	"Jitter": "90",
9465	+	"Jitter": "90",
9466	-	"Maxdns": "225",
9466	+	"Maxdns": "225",
9467	-	"C2 Server": "ecnads1.msn.com,/api2/json/access/ticket",
9467	+	"C2 Server": "ecnads1.msn.com,/api2/json/access/ticket",
9468	-	"User Agent": "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko",
9468	+	"User Agent": "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko",
9469	-	"HTTP Method Path 2": "/gp/aw/ybh/handlers",
9469	+	"HTTP Method Path 2": "/gp/aw/ybh/handlers",
9470	-	"Header1": "",
9470	+	"Header1": "",
9471	-	"Header2": "",
9471	+	"Header2": "",
9472	-	"PipeName": "",
9472	+	"PipeName": "",
9473	-	"DNS Idle": "h\\xD8<\\x84",
9473	+	"DNS Idle": "h\\xD8<\\x84",
9474	-	"DNS Sleep": "0",
9474	+	"DNS Sleep": "0",
9475	-	"Method1": "GET",
9475	+	"Method1": "GET",
9476	-	"Method2": "POST",
9476	+	"Method2": "POST",
9477	-	"Spawnto_x86": "%windir%\\syswow64\\SearchProtocolHost.exe",
9477	+	"Spawnto_x86": "%windir%\\syswow64\\SearchProtocolHost.exe",
9478	-	"Spawnto_x64": "%windir%\\sysnative\\SearchProtocolHost.exe",
9478	+	"Spawnto_x64": "%windir%\\sysnative\\SearchProtocolHost.exe",
9479	-	"Proxy_AccessType": "2 (Use IE settings)"
9479	+	"Proxy_AccessType": "2 (Use IE settings)"
9480	-	}
9480	+	}
9481	-	},
9481	+	},
9482	-	"3.85.60.172": {
9482	+	"3.85.60.172": {
9483	-	"x86": {
9483	+	"x86": {
9484	-	"BeaconType": "8 (HTTPS)",
9484	+	"BeaconType": "8 (HTTPS)",
9485	-	"Port": "443",
9485	+	"Port": "443",
9486	-	"Polling": "32051",
9486	+	"Polling": "32051",
9487	-	"Jitter": "57",
9487	+	"Jitter": "57",
9488	-	"Maxdns": "255",
9488	+	"Maxdns": "255",
9489	-	"C2 Server": "banking.capitalviewfinance.com,/jquery-1.12.1.min.js",
9489	+	"C2 Server": "banking.capitalviewfinance.com,/jquery-1.12.1.min.js",
9490	-	"User Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Safari/537.36 Edg/80.0.361.62",
9490	+	"User Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Safari/537.36 Edg/80.0.361.62",
9491	-	"HTTP Method Path 2": "/jquery-1.12.2.min.js",
9491	+	"HTTP Method Path 2": "/jquery-1.12.2.min.js",
9492	-	"Header1": "",
9492	+	"Header1": "",
9493	-	"Header2": "",
9493	+	"Header2": "",
9494	-	"PipeName": "",
9494	+	"PipeName": "",
9495	-	"DNS Idle": "\\x00\\x00\\x00\\x00",
9495	+	"DNS Idle": "\\x00\\x00\\x00\\x00",
9496	-	"DNS Sleep": "0",
9496	+	"DNS Sleep": "0",
9497	-	"Method1": "GET",
9497	+	"Method1": "GET",
9498	-	"Method2": "POST",
9498	+	"Method2": "POST",
9499	-	"Spawnto_x86": "%windir%\\syswow64\\svchost.exe",
9499	+	"Spawnto_x86": "%windir%\\syswow64\\svchost.exe",
9500	-	"Spawnto_x64": "%windir%\\sysnative\\spoolsv.exe",
9500	+	"Spawnto_x64": "%windir%\\sysnative\\spoolsv.exe",
9501	-	"Proxy_AccessType": "2 (Use IE settings)"
9501	+	"Proxy_AccessType": "2 (Use IE settings)"
9502	-	}
9502	+	}
9503	-	},
9503	+	},
9504	-	"3.86.2.34": {
9504	+	"3.86.2.34": {
9505	-	"x86": {
9505	+	"x86": {
9506	-	"BeaconType": "8 (HTTPS)",
9506	+	"BeaconType": "8 (HTTPS)",
9507	-	"Port": "443",
9507	+	"Port": "443",
9508	-	"Polling": "5400",
9508	+	"Polling": "5400",
9509	-	"Jitter": "12",
9509	+	"Jitter": "12",
9510	-	"Maxdns": "255",
9510	+	"Maxdns": "255",
9511	-	"C2 Server": "roofstock-cdn5.azureedge.net,/rs-apps/assets/images/portfolio",
9511	+	"C2 Server": "roofstock-cdn5.azureedge.net,/rs-apps/assets/images/portfolio",
9512	-	"User Agent": "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko",
9512	+	"User Agent": "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko",
9513	-	"HTTP Method Path 2": "/next-api/graphql",
9513	+	"HTTP Method Path 2": "/next-api/graphql",
9514	-	"Header1": "",
9514	+	"Header1": "",
9515	-	"Header2": "",
9515	+	"Header2": "",
9516	-	"PipeName": "",
9516	+	"PipeName": "",
9517	-	"DNS Idle": "\\x00\\x00\\x00\\x00",
9517	+	"DNS Idle": "\\x00\\x00\\x00\\x00",
9518	-	"DNS Sleep": "0",
9518	+	"DNS Sleep": "0",
9519	-	"Method1": "GET",
9519	+	"Method1": "GET",
9520	-	"Method2": "POST",
9520	+	"Method2": "POST",
9521	-	"Spawnto_x86": "%windir%\\syswow64\\upnpcont.exe",
9521	+	"Spawnto_x86": "%windir%\\syswow64\\upnpcont.exe",
9522	-	"Spawnto_x64": "%windir%\\sysnative\\upnpcont.exe",
9522	+	"Spawnto_x64": "%windir%\\sysnative\\upnpcont.exe",
9523	-	"Proxy_AccessType": "2 (Use IE settings)"
9523	+	"Proxy_AccessType": "2 (Use IE settings)"
9524	-	},
9524	+	},
9525	-	"x64": {
9525	+	"x64": {
9526	-	"BeaconType": "8 (HTTPS)",
9526	+	"BeaconType": "8 (HTTPS)",
9527	-	"Port": "443",
9527	+	"Port": "443",
9528	-	"Polling": "5400",
9528	+	"Polling": "5400",
9529	-	"Jitter": "12",
9529	+	"Jitter": "12",
9530	-	"Maxdns": "255",
9530	+	"Maxdns": "255",
9531	-	"C2 Server": "roofstock-cdn5.azureedge.net,/rs-apps/assets/images/portfolio",
9531	+	"C2 Server": "roofstock-cdn5.azureedge.net,/rs-apps/assets/images/portfolio",
9532	-	"User Agent": "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko",
9532	+	"User Agent": "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko",
9533	-	"HTTP Method Path 2": "/next-api/graphql",
9533	+	"HTTP Method Path 2": "/next-api/graphql",
9534	-	"Header1": "",
9534	+	"Header1": "",
9535	-	"Header2": "",
9535	+	"Header2": "",
9536	-	"PipeName": "",
9536	+	"PipeName": "",
9537	-	"DNS Idle": "\\x00\\x00\\x00\\x00",
9537	+	"DNS Idle": "\\x00\\x00\\x00\\x00",
9538	-	"DNS Sleep": "0",
9538	+	"DNS Sleep": "0",
9539	-	"Method1": "GET",
9539	+	"Method1": "GET",
9540	-	"Method2": "POST",
9540	+	"Method2": "POST",
9541	-	"Spawnto_x86": "%windir%\\syswow64\\upnpcont.exe",
9541	+	"Spawnto_x86": "%windir%\\syswow64\\upnpcont.exe",
9542	-	"Spawnto_x64": "%windir%\\sysnative\\upnpcont.exe",
9542	+	"Spawnto_x64": "%windir%\\sysnative\\upnpcont.exe",
9543	-	"Proxy_AccessType": "2 (Use IE settings)"
9543	+	"Proxy_AccessType": "2 (Use IE settings)"
9544	-	}
9544	+	}
9545	-	},
9545	+	},
9546	-	"39.108.229.236": {
9546	+	"39.108.229.236": {
9547	-	"x86": {
9547	+	"x86": {
9548	-	"BeaconType": "8 (HTTPS)",
9548	+	"BeaconType": "8 (HTTPS)",
9549	-	"Port": "443",
9549	+	"Port": "443",
9550	-	"Polling": "60000",
9550	+	"Polling": "60000",
9551	-	"Jitter": "0",
9551	+	"Jitter": "0",
9552	-	"Maxdns": "255",
9552	+	"Maxdns": "255",
9553	-	"C2 Server": "39.108.229.236,/match",
9553	+	"C2 Server": "39.108.229.236,/match",
9554	-	"User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; BOIE9;ENXA)",
9554	+	"User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; BOIE9;ENXA)",
9555	-	"HTTP Method Path 2": "/submit.php",
9555	+	"HTTP Method Path 2": "/submit.php",
9556	-	"Header1": "",
9556	+	"Header1": "",
9557	-	"Header2": "",
9557	+	"Header2": "",
9558	-	"PipeName": "",
9558	+	"PipeName": "",
9559	-	"DNS Idle": "\\x00\\x00\\x00\\x00",
9559	+	"DNS Idle": "\\x00\\x00\\x00\\x00",
9560	-	"DNS Sleep": "0",
9560	+	"DNS Sleep": "0",
9561	-	"Method1": "GET",
9561	+	"Method1": "GET",
9562	-	"Method2": "POST",
9562	+	"Method2": "POST",
9563	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
9563	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
9564	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
9564	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
9565	-	"Proxy_AccessType": "2 (Use IE settings)"
9565	+	"Proxy_AccessType": "2 (Use IE settings)"
9566	-	}
9566	+	}
9567	-	},
9567	+	},
9568	-	"3.95.159.27": {
9568	+	"3.95.159.27": {
9569	-	"x86": {
9569	+	"x86": {
9570	-	"BeaconType": "8 (HTTPS)",
9570	+	"BeaconType": "8 (HTTPS)",
9571	-	"Port": "443",
9571	+	"Port": "443",
9572	-	"Polling": "32051",
9572	+	"Polling": "32051",
9573	-	"Jitter": "57",
9573	+	"Jitter": "57",
9574	-	"Maxdns": "255",
9574	+	"Maxdns": "255",
9575	-	"C2 Server": "sharkfishinguk.com,/jquery-1.12.1.min.js",
9575	+	"C2 Server": "sharkfishinguk.com,/jquery-1.12.1.min.js",
9576	-	"User Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Safari/537.36 Edg/80.0.361.62",
9576	+	"User Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Safari/537.36 Edg/80.0.361.62",
9577	-	"HTTP Method Path 2": "/jquery-1.12.2.min.js",
9577	+	"HTTP Method Path 2": "/jquery-1.12.2.min.js",
9578	-	"Header1": "",
9578	+	"Header1": "",
9579	-	"Header2": "",
9579	+	"Header2": "",
9580	-	"PipeName": "",
9580	+	"PipeName": "",
9581	-	"DNS Idle": "\\x00\\x00\\x00\\x00",
9581	+	"DNS Idle": "\\x00\\x00\\x00\\x00",
9582	-	"DNS Sleep": "0",
9582	+	"DNS Sleep": "0",
9583	-	"Method1": "GET",
9583	+	"Method1": "GET",
9584	-	"Method2": "POST",
9584	+	"Method2": "POST",
9585	-	"Spawnto_x86": "%windir%\\syswow64\\svchost.exe",
9585	+	"Spawnto_x86": "%windir%\\syswow64\\svchost.exe",
9586	-	"Spawnto_x64": "%windir%\\sysnative\\spoolsv.exe",
9586	+	"Spawnto_x64": "%windir%\\sysnative\\spoolsv.exe",
9587	-	"Proxy_AccessType": "2 (Use IE settings)"
9587	+	"Proxy_AccessType": "2 (Use IE settings)"
9588	-	}
9588	+	}
9589	-	},
9589	+	},
9590	-	"39.98.84.58": {
9590	+	"39.98.84.58": {
9591	-	"x86": {
9591	+	"x86": {
9592	-	"BeaconType": "8 (HTTPS)",
9592	+	"BeaconType": "8 (HTTPS)",
9593	-	"Port": "443",
9593	+	"Port": "443",
9594	-	"Polling": "5000",
9594	+	"Polling": "5000",
9595	-	"Jitter": "0",
9595	+	"Jitter": "0",
9596	-	"Maxdns": "255",
9596	+	"Maxdns": "255",
9597	-	"C2 Server": "www.microport.com.cn,/zC",
9597	+	"C2 Server": "www.microport.com.cn,/zC",
9598	-	"User Agent": "Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko",
9598	+	"User Agent": "Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko",
9599	-	"HTTP Method Path 2": "/dE",
9599	+	"HTTP Method Path 2": "/dE",
9600	-	"Header1": "",
9600	+	"Header1": "",
9601	-	"Header2": "",
9601	+	"Header2": "",
9602	-	"PipeName": "",
9602	+	"PipeName": "",
9603	-	"DNS Idle": "\\x00\\x00\\x00\\x00",
9603	+	"DNS Idle": "\\x00\\x00\\x00\\x00",
9604	-	"DNS Sleep": "0",
9604	+	"DNS Sleep": "0",
9605	-	"Method1": "GET",
9605	+	"Method1": "GET",
9606	-	"Method2": "POST",
9606	+	"Method2": "POST",
9607	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
9607	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
9608	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
9608	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
9609	-	"Proxy_AccessType": "2 (Use IE settings)"
9609	+	"Proxy_AccessType": "2 (Use IE settings)"
9610	-	}
9610	+	}
9611	-	},
9611	+	},
9612	-	"39.99.60.123": {
9612	+	"39.99.60.123": {
9613	-	"x64": {
9613	+	"x64": {
9614	-	"BeaconType": "8 (HTTPS)",
9614	+	"BeaconType": "8 (HTTPS)",
9615	-	"Port": "443",
9615	+	"Port": "443",
9616	-	"Polling": "60000",
9616	+	"Polling": "60000",
9617	-	"Jitter": "0",
9617	+	"Jitter": "0",
9618	-	"Maxdns": "255",
9618	+	"Maxdns": "255",
9619	-	"C2 Server": "39.99.60.123,/cx",
9619	+	"C2 Server": "39.99.60.123,/cx",
9620	-	"User Agent": "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; Win64; x64; Trident/6.0; MDDCJS)",
9620	+	"User Agent": "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; Win64; x64; Trident/6.0; MDDCJS)",
9621	-	"HTTP Method Path 2": "/submit.php",
9621	+	"HTTP Method Path 2": "/submit.php",
9622	-	"Header1": "",
9622	+	"Header1": "",
9623	-	"Header2": "",
9623	+	"Header2": "",
9624	-	"PipeName": "",
9624	+	"PipeName": "",
9625	-	"DNS Idle": "\\x00\\x00\\x00\\x00",
9625	+	"DNS Idle": "\\x00\\x00\\x00\\x00",
9626	-	"DNS Sleep": "0",
9626	+	"DNS Sleep": "0",
9627	-	"Method1": "GET",
9627	+	"Method1": "GET",
9628	-	"Method2": "POST",
9628	+	"Method2": "POST",
9629	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
9629	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
9630	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
9630	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
9631	-	"Proxy_AccessType": "2 (Use IE settings)"
9631	+	"Proxy_AccessType": "2 (Use IE settings)"
9632	-	}
9632	+	}
9633	-	},
9633	+	},
9634	-	"40.113.217.182": {
9634	+	"40.113.217.182": {
9635	-	"x86": {
9635	+	"x86": {
9636	-	"BeaconType": "8 (HTTPS)",
9636	+	"BeaconType": "8 (HTTPS)",
9637	-	"Port": "443",
9637	+	"Port": "443",
9638	-	"Polling": "60000",
9638	+	"Polling": "60000",
9639	-	"Jitter": "0",
9639	+	"Jitter": "0",
9640	-	"C2 Server": "40.113.217.182,/__utm.gif",
9640	+	"C2 Server": "40.113.217.182,/__utm.gif",
9641	-	"HTTP Method Path 2": "/___utm.gif",
9641	+	"HTTP Method Path 2": "/___utm.gif",
9642	-	"Method1": "GET",
9642	+	"Method1": "GET",
9643	-	"Method2": "POST",
9643	+	"Method2": "POST",
9644	-	"Spawnto_x86": "%windir%\\syswow64\\explorer.exe",
9644	+	"Spawnto_x86": "%windir%\\syswow64\\explorer.exe",
9645	-	"Spawnto_x64": "%windir%\\sysnative\\svchost.exe",
9645	+	"Spawnto_x64": "%windir%\\sysnative\\svchost.exe",
9646	-	"Proxy_AccessType": "2 (Use IE settings)"
9646	+	"Proxy_AccessType": "2 (Use IE settings)"
9647	-	},
9647	+	},
9648	-	"x64": {
9648	+	"x64": {
9649	-	"BeaconType": "8 (HTTPS)",
9649	+	"BeaconType": "8 (HTTPS)",
9650	-	"Port": "443",
9650	+	"Port": "443",
9651	-	"Polling": "60000",
9651	+	"Polling": "60000",
9652	-	"Jitter": "0",
9652	+	"Jitter": "0",
9653	-	"C2 Server": "40.113.217.182,/__utm.gif",
9653	+	"C2 Server": "40.113.217.182,/__utm.gif",
9654	-	"HTTP Method Path 2": "/___utm.gif",
9654	+	"HTTP Method Path 2": "/___utm.gif",
9655	-	"Method1": "GET",
9655	+	"Method1": "GET",
9656	-	"Method2": "POST",
9656	+	"Method2": "POST",
9657	-	"Spawnto_x86": "%windir%\\syswow64\\explorer.exe",
9657	+	"Spawnto_x86": "%windir%\\syswow64\\explorer.exe",
9658	-	"Spawnto_x64": "%windir%\\sysnative\\svchost.exe",
9658	+	"Spawnto_x64": "%windir%\\sysnative\\svchost.exe",
9659	-	"Proxy_AccessType": "2 (Use IE settings)"
9659	+	"Proxy_AccessType": "2 (Use IE settings)"
9660	-	}
9660	+	}
9661	-	},
9661	+	},
9662	-	"40.117.40.46": {
9662	+	"40.117.40.46": {
9663	-	"x64": {
9663	+	"x64": {
9664	-	"BeaconType": "8 (HTTPS)",
9664	+	"BeaconType": "8 (HTTPS)",
9665	-	"Port": "443",
9665	+	"Port": "443",
9666	-	"Polling": "5000",
9666	+	"Polling": "5000",
9667	-	"Jitter": "0",
9667	+	"Jitter": "0",
9668	-	"Maxdns": "255",
9668	+	"Maxdns": "255",
9669	-	"C2 Server": "wmjdvuif.limyonly.me,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books",
9669	+	"C2 Server": "wmjdvuif.limyonly.me,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books",
9670	-	"User Agent": "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko",
9670	+	"User Agent": "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko",
9671	-	"HTTP Method Path 2": "/N4215/adj/amzn.us.sr.aps",
9671	+	"HTTP Method Path 2": "/N4215/adj/amzn.us.sr.aps",
9672	-	"Header1": "",
9672	+	"Header1": "",
9673	-	"Header2": "",
9673	+	"Header2": "",
9674	-	"PipeName": "",
9674	+	"PipeName": "",
9675	-	"DNS Idle": "\\x00\\x00\\x00\\x00",
9675	+	"DNS Idle": "\\x00\\x00\\x00\\x00",
9676	-	"DNS Sleep": "0",
9676	+	"DNS Sleep": "0",
9677	-	"Method1": "GET",
9677	+	"Method1": "GET",
9678	-	"Method2": "POST",
9678	+	"Method2": "POST",
9679	-	"Spawnto_x86": "%windir%\\syswow64\\mstsc.exe",
9679	+	"Spawnto_x86": "%windir%\\syswow64\\mstsc.exe",
9680	-	"Spawnto_x64": "%windir%\\sysnative\\mstsc.exe",
9680	+	"Spawnto_x64": "%windir%\\sysnative\\mstsc.exe",
9681	-	"Proxy_AccessType": "2 (Use IE settings)"
9681	+	"Proxy_AccessType": "2 (Use IE settings)"
9682	-	}
9682	+	}
9683	-	},
9683	+	},
9684	-	"40.122.106.213": {
9684	+	"40.122.106.213": {
9685	-	"x64": {
9685	+	"x64": {
9686	-	"BeaconType": "8 (HTTPS)",
9686	+	"BeaconType": "8 (HTTPS)",
9687	-	"Port": "443",
9687	+	"Port": "443",
9688	-	"Polling": "37000",
9688	+	"Polling": "37000",
9689	-	"Jitter": "25",
9689	+	"Jitter": "25",
9690	-	"C2 Server": "api.aperture.network,/functionalStatus",
9690	+	"C2 Server": "api.aperture.network,/functionalStatus",
9691	-	"HTTP Method Path 2": "/rest/2/meetings",
9691	+	"HTTP Method Path 2": "/rest/2/meetings",
9692	-	"Method1": "GET",
9692	+	"Method1": "GET",
9693	-	"Method2": "POST",
9693	+	"Method2": "POST",
9694	-	"Spawnto_x86": "%windir%\\syswow64\\gpupdate.exe",
9694	+	"Spawnto_x86": "%windir%\\syswow64\\gpupdate.exe",
9695	-	"Spawnto_x64": "%windir%\\sysnative\\gpupdate.exe",
9695	+	"Spawnto_x64": "%windir%\\sysnative\\gpupdate.exe",
9696	-	"Proxy_AccessType": "2 (Use IE settings)"
9696	+	"Proxy_AccessType": "2 (Use IE settings)"
9697	-	}
9697	+	}
9698	-	},
9698	+	},
9699	-	"43.240.15.68": {
9699	+	"43.240.15.68": {
9700	-	"x86": {
9700	+	"x86": {
9701	-	"BeaconType": "8 (HTTPS)",
9701	+	"BeaconType": "8 (HTTPS)",
9702	-	"Port": "443",
9702	+	"Port": "443",
9703	-	"Polling": "60000",
9703	+	"Polling": "60000",
9704	-	"Jitter": "0",
9704	+	"Jitter": "0",
9705	-	"Maxdns": "255",
9705	+	"Maxdns": "255",
9706	-	"C2 Server": "5.180.99.65,/dot.gif",
9706	+	"C2 Server": "5.180.99.65,/dot.gif",
9707	-	"User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; NP06)",
9707	+	"User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; NP06)",
9708	-	"HTTP Method Path 2": "/submit.php",
9708	+	"HTTP Method Path 2": "/submit.php",
9709	-	"Header1": "",
9709	+	"Header1": "",
9710	-	"Header2": "",
9710	+	"Header2": "",
9711	-	"PipeName": "",
9711	+	"PipeName": "",
9712	-	"DNS Idle": "\\x00\\x00\\x00\\x00",
9712	+	"DNS Idle": "\\x00\\x00\\x00\\x00",
9713	-	"DNS Sleep": "0",
9713	+	"DNS Sleep": "0",
9714	-	"Method1": "GET",
9714	+	"Method1": "GET",
9715	-	"Method2": "POST",
9715	+	"Method2": "POST",
9716	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
9716	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
9717	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
9717	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
9718	-	"Proxy_AccessType": "2 (Use IE settings)"
9718	+	"Proxy_AccessType": "2 (Use IE settings)"
9719	-	}
9719	+	}
9720	-	},
9720	+	},
9721	-	"43.243.171.226": {
9721	+	"43.243.171.226": {
9722	-	"x86": {
9722	+	"x86": {
9723	-	"BeaconType": "8 (HTTPS)",
9723	+	"BeaconType": "8 (HTTPS)",
9724	-	"Port": "443",
9724	+	"Port": "443",
9725	-	"Polling": "5000",
9725	+	"Polling": "5000",
9726	-	"Jitter": "30",
9726	+	"Jitter": "30",
9727	-	"Maxdns": "255",
9727	+	"Maxdns": "255",
9728	-	"C2 Server": "43.243.171.226,/cache/global/img/aladdinIcon-1.0.gif",
9728	+	"C2 Server": "43.243.171.226,/cache/global/img/aladdinIcon-1.0.gif",
9729	-	"User Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.83 Safari/537.36",
9729	+	"User Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.83 Safari/537.36",
9730	-	"HTTP Method Path 2": "/link",
9730	+	"HTTP Method Path 2": "/link",
9731	-	"Header1": "",
9731	+	"Header1": "",
9732	-	"Header2": "",
9732	+	"Header2": "",
9733	-	"PipeName": "",
9733	+	"PipeName": "",
9734	-	"DNS Idle": "\\x00\\x00\\x00\\x00",
9734	+	"DNS Idle": "\\x00\\x00\\x00\\x00",
9735	-	"DNS Sleep": "0",
9735	+	"DNS Sleep": "0",
9736	-	"Method1": "GET",
9736	+	"Method1": "GET",
9737	-	"Method2": "GET",
9737	+	"Method2": "GET",
9738	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
9738	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
9739	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
9739	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
9740	-	"Proxy_AccessType": "2 (Use IE settings)"
9740	+	"Proxy_AccessType": "2 (Use IE settings)"
9741	-	},
9741	+	},
9742	-	"x64": {
9742	+	"x64": {
9743	-	"BeaconType": "8 (HTTPS)",
9743	+	"BeaconType": "8 (HTTPS)",
9744	-	"Port": "443",
9744	+	"Port": "443",
9745	-	"Polling": "5000",
9745	+	"Polling": "5000",
9746	-	"Jitter": "30",
9746	+	"Jitter": "30",
9747	-	"Maxdns": "255",
9747	+	"Maxdns": "255",
9748	-	"C2 Server": "43.243.171.226,/cache/global/img/aladdinIcon-1.0.gif",
9748	+	"C2 Server": "43.243.171.226,/cache/global/img/aladdinIcon-1.0.gif",
9749	-	"User Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.83 Safari/537.36",
9749	+	"User Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.83 Safari/537.36",
9750	-	"HTTP Method Path 2": "/link",
9750	+	"HTTP Method Path 2": "/link",
9751	-	"Header1": "",
9751	+	"Header1": "",
9752	-	"Header2": "",
9752	+	"Header2": "",
9753	-	"PipeName": "",
9753	+	"PipeName": "",
9754	-	"DNS Idle": "\\x00\\x00\\x00\\x00",
9754	+	"DNS Idle": "\\x00\\x00\\x00\\x00",
9755	-	"DNS Sleep": "0",
9755	+	"DNS Sleep": "0",
9756	-	"Method1": "GET",
9756	+	"Method1": "GET",
9757	-	"Method2": "GET",
9757	+	"Method2": "GET",
9758	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
9758	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
9759	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
9759	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
9760	-	"Proxy_AccessType": "2 (Use IE settings)"
9760	+	"Proxy_AccessType": "2 (Use IE settings)"
9761	-	}
9761	+	}
9762	-	},
9762	+	},
9763	-	"44.231.58.231": {
9763	+	"44.231.58.231": {
9764	-	"x86": {
9764	+	"x86": {
9765	-	"BeaconType": "8 (HTTPS)",
9765	+	"BeaconType": "8 (HTTPS)",
9766	-	"Port": "443",
9766	+	"Port": "443",
9767	-	"Polling": "60000",
9767	+	"Polling": "60000",
9768	-	"Jitter": "0",
9768	+	"Jitter": "0",
9769	-	"Maxdns": "225",
9769	+	"Maxdns": "225",
9770	-	"C2 Server": "dist.nuget.org,/cgi-bin/certstore/,ajax.aspnetcdn.com,/cgi-bin/certstore/",
9770	+	"C2 Server": "dist.nuget.org,/cgi-bin/certstore/,ajax.aspnetcdn.com,/cgi-bin/certstore/",
9771	-	"User Agent": "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.146 Safari/537.36",
9771	+	"User Agent": "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.146 Safari/537.36",
9772	-	"HTTP Method Path 2": "/pem/office.microsoft.com/",
9772	+	"HTTP Method Path 2": "/pem/office.microsoft.com/",
9773	-	"Header1": "",
9773	+	"Header1": "",
9774	-	"Header2": "",
9774	+	"Header2": "",
9775	-	"PipeName": "",
9775	+	"PipeName": "",
9776	-	"DNS Idle": "(pH\\xCD",
9776	+	"DNS Idle": "(pH\\xCD",
9777	-	"DNS Sleep": "0",
9777	+	"DNS Sleep": "0",
9778	-	"Method1": "GET",
9778	+	"Method1": "GET",
9779	-	"Method2": "POST",
9779	+	"Method2": "POST",
9780	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
9780	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
9781	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
9781	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
9782	-	"Proxy_AccessType": "2 (Use IE settings)"
9782	+	"Proxy_AccessType": "2 (Use IE settings)"
9783	-	},
9783	+	},
9784	-	"x64": {
9784	+	"x64": {
9785	-	"BeaconType": "8 (HTTPS)",
9785	+	"BeaconType": "8 (HTTPS)",
9786	-	"Port": "443",
9786	+	"Port": "443",
9787	-	"Polling": "60000",
9787	+	"Polling": "60000",
9788	-	"Jitter": "0",
9788	+	"Jitter": "0",
9789	-	"Maxdns": "225",
9789	+	"Maxdns": "225",
9790	-	"C2 Server": "dist.nuget.org,/cgi-bin/certstore/,ajax.aspnetcdn.com,/cgi-bin/certstore/",
9790	+	"C2 Server": "dist.nuget.org,/cgi-bin/certstore/,ajax.aspnetcdn.com,/cgi-bin/certstore/",
9791	-	"User Agent": "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.146 Safari/537.36",
9791	+	"User Agent": "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.146 Safari/537.36",
9792	-	"HTTP Method Path 2": "/pem/office.microsoft.com/",
9792	+	"HTTP Method Path 2": "/pem/office.microsoft.com/",
9793	-	"Header1": "",
9793	+	"Header1": "",
9794	-	"Header2": "",
9794	+	"Header2": "",
9795	-	"PipeName": "",
9795	+	"PipeName": "",
9796	-	"DNS Idle": "(pH\\xCD",
9796	+	"DNS Idle": "(pH\\xCD",
9797	-	"DNS Sleep": "0",
9797	+	"DNS Sleep": "0",
9798	-	"Method1": "GET",
9798	+	"Method1": "GET",
9799	-	"Method2": "POST",
9799	+	"Method2": "POST",
9800	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
9800	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
9801	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
9801	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
9802	-	"Proxy_AccessType": "2 (Use IE settings)"
9802	+	"Proxy_AccessType": "2 (Use IE settings)"
9803	-	}
9803	+	}
9804	-	},
9804	+	},
9805	-	"44.234.72.246": {
9805	+	"44.234.72.246": {
9806	-	"x64": {
9806	+	"x64": {
9807	-	"BeaconType": "8 (HTTPS)",
9807	+	"BeaconType": "8 (HTTPS)",
9808	-	"Port": "443",
9808	+	"Port": "443",
9809	-	"Polling": "60000",
9809	+	"Polling": "60000",
9810	-	"Jitter": "0",
9810	+	"Jitter": "0",
9811	-	"Maxdns": "255",
9811	+	"Maxdns": "255",
9812	-	"C2 Server": "44.234.72.246,/cx",
9812	+	"C2 Server": "44.234.72.246,/cx",
9813	-	"User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; BOIE9;SVSE)",
9813	+	"User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; BOIE9;SVSE)",
9814	-	"HTTP Method Path 2": "/submit.php",
9814	+	"HTTP Method Path 2": "/submit.php",
9815	-	"Header1": "",
9815	+	"Header1": "",
9816	-	"Header2": "",
9816	+	"Header2": "",
9817	-	"PipeName": "",
9817	+	"PipeName": "",
9818	-	"DNS Idle": "\\x00\\x00\\x00\\x00",
9818	+	"DNS Idle": "\\x00\\x00\\x00\\x00",
9819	-	"DNS Sleep": "0",
9819	+	"DNS Sleep": "0",
9820	-	"Method1": "GET",
9820	+	"Method1": "GET",
9821	-	"Method2": "POST",
9821	+	"Method2": "POST",
9822	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
9822	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
9823	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
9823	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
9824	-	"Proxy_AccessType": "2 (Use IE settings)"
9824	+	"Proxy_AccessType": "2 (Use IE settings)"
9825	-	}
9825	+	}
9826	-	},
9826	+	},
9827	-	"45.128.156.102": {
9827	+	"45.128.156.102": {
9828	-	"x86": {
9828	+	"x86": {
9829	-	"BeaconType": "8 (HTTPS)",
9829	+	"BeaconType": "8 (HTTPS)",
9830	-	"Port": "443",
9830	+	"Port": "443",
9831	-	"Polling": "5000",
9831	+	"Polling": "5000",
9832	-	"Jitter": "10",
9832	+	"Jitter": "10",
9833	-	"Maxdns": "235",
9833	+	"Maxdns": "235",
9834	-	"C2 Server": "mixdir.com,/us/ky/louisville/312-s-fourth-st.html",
9834	+	"C2 Server": "mixdir.com,/us/ky/louisville/312-s-fourth-st.html",
9835	-	"User Agent": "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko)",
9835	+	"User Agent": "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko)",
9836	-	"HTTP Method Path 2": "/OrderEntryService.asmx/AddOrderLine",
9836	+	"HTTP Method Path 2": "/OrderEntryService.asmx/AddOrderLine",
9837	-	"Header1": "",
9837	+	"Header1": "",
9838	-	"Header2": "",
9838	+	"Header2": "",
9839	-	"PipeName": "",
9839	+	"PipeName": "",
9840	-	"DNS Idle": "\\x08\\x08\\x08\\x08",
9840	+	"DNS Idle": "\\x08\\x08\\x08\\x08",
9841	-	"DNS Sleep": "0",
9841	+	"DNS Sleep": "0",
9842	-	"Method1": "GET",
9842	+	"Method1": "GET",
9843	-	"Method2": "POST",
9843	+	"Method2": "POST",
9844	-	"Spawnto_x86": "%windir%\\syswow64\\mstsc.exe",
9844	+	"Spawnto_x86": "%windir%\\syswow64\\mstsc.exe",
9845	-	"Spawnto_x64": "%windir%\\sysnative\\mstsc.exe",
9845	+	"Spawnto_x64": "%windir%\\sysnative\\mstsc.exe",
9846	-	"Proxy_AccessType": "2 (Use IE settings)"
9846	+	"Proxy_AccessType": "2 (Use IE settings)"
9847	-	}
9847	+	}
9848	-	},
9848	+	},
9849	-	"45.138.172.80": {
9849	+	"45.138.172.80": {
9850	-	"x64": {
9850	+	"x64": {
9851	-	"BeaconType": "8 (HTTPS)",
9851	+	"BeaconType": "8 (HTTPS)",
9852	-	"Port": "443",
9852	+	"Port": "443",
9853	-	"Polling": "57000",
9853	+	"Polling": "57000",
9854	-	"Jitter": "41",
9854	+	"Jitter": "41",
9855	-	"C2 Server": "meadowstonto.com,/fo.html",
9855	+	"C2 Server": "meadowstonto.com,/fo.html",
9856	-	"HTTP Method Path 2": "/default",
9856	+	"HTTP Method Path 2": "/default",
9857	-	"Method1": "GET",
9857	+	"Method1": "GET",
9858	-	"Method2": "POST",
9858	+	"Method2": "POST",
9859	-	"Spawnto_x86": "%windir%\\syswow64\\regsvr32.exe",
9859	+	"Spawnto_x86": "%windir%\\syswow64\\regsvr32.exe",
9860	-	"Spawnto_x64": "%windir%\\sysnative\\regsvr32.exe",
9860	+	"Spawnto_x64": "%windir%\\sysnative\\regsvr32.exe",
9861	-	"Proxy_AccessType": "2 (Use IE settings)"
9861	+	"Proxy_AccessType": "2 (Use IE settings)"
9862	-	}
9862	+	}
9863	-	},
9863	+	},
9864	-	"45.14.149.202": {
9864	+	"45.14.149.202": {
9865	-	"x86": {
9865	+	"x86": {
9866	-	"BeaconType": "8 (HTTPS)",
9866	+	"BeaconType": "8 (HTTPS)",
9867	-	"Port": "443",
9867	+	"Port": "443",
9868	-	"Polling": "60000",
9868	+	"Polling": "60000",
9869	-	"Jitter": "0",
9869	+	"Jitter": "0",
9870	-	"Maxdns": "255",
9870	+	"Maxdns": "255",
9871	-	"C2 Server": "45.14.149.202,/activity",
9871	+	"C2 Server": "45.14.149.202,/activity",
9872	-	"User Agent": "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.2; Trident/4.0; .NET CLR 2.0.50727)",
9872	+	"User Agent": "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.2; Trident/4.0; .NET CLR 2.0.50727)",
9873	-	"HTTP Method Path 2": "/submit.php",
9873	+	"HTTP Method Path 2": "/submit.php",
9874	-	"Header1": "",
9874	+	"Header1": "",
9875	-	"Header2": "",
9875	+	"Header2": "",
9876	-	"PipeName": "",
9876	+	"PipeName": "",
9877	-	"DNS Idle": "\\x00\\x00\\x00\\x00",
9877	+	"DNS Idle": "\\x00\\x00\\x00\\x00",
9878	-	"DNS Sleep": "0",
9878	+	"DNS Sleep": "0",
9879	-	"Method1": "GET",
9879	+	"Method1": "GET",
9880	-	"Method2": "POST",
9880	+	"Method2": "POST",
9881	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
9881	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
9882	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
9882	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
9883	-	"Proxy_AccessType": "2 (Use IE settings)"
9883	+	"Proxy_AccessType": "2 (Use IE settings)"
9884	-	},
9884	+	},
9885	-	"x64": {
9885	+	"x64": {
9886	-	"BeaconType": "8 (HTTPS)",
9886	+	"BeaconType": "8 (HTTPS)",
9887	-	"Port": "443",
9887	+	"Port": "443",
9888	-	"Polling": "60000",
9888	+	"Polling": "60000",
9889	-	"Jitter": "0",
9889	+	"Jitter": "0",
9890	-	"Maxdns": "255",
9890	+	"Maxdns": "255",
9891	-	"C2 Server": "45.14.149.202,/pixel.gif",
9891	+	"C2 Server": "45.14.149.202,/pixel.gif",
9892	-	"User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)",
9892	+	"User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)",
9893	-	"HTTP Method Path 2": "/submit.php",
9893	+	"HTTP Method Path 2": "/submit.php",
9894	-	"Header1": "",
9894	+	"Header1": "",
9895	-	"Header2": "",
9895	+	"Header2": "",
9896	-	"PipeName": "",
9896	+	"PipeName": "",
9897	-	"DNS Idle": "\\x00\\x00\\x00\\x00",
9897	+	"DNS Idle": "\\x00\\x00\\x00\\x00",
9898	-	"DNS Sleep": "0",
9898	+	"DNS Sleep": "0",
9899	-	"Method1": "GET",
9899	+	"Method1": "GET",
9900	-	"Method2": "POST",
9900	+	"Method2": "POST",
9901	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
9901	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
9902	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
9902	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
9903	-	"Proxy_AccessType": "2 (Use IE settings)"
9903	+	"Proxy_AccessType": "2 (Use IE settings)"
9904	-	}
9904	+	}
9905	-	},
9905	+	},
9906	-	"45.141.84.32": {
9906	+	"45.141.84.32": {
9907	-	"x86": {
9907	+	"x86": {
9908	-	"BeaconType": "8 (HTTPS)",
9908	+	"BeaconType": "8 (HTTPS)",
9909	-	"Port": "443",
9909	+	"Port": "443",
9910	-	"Polling": "60000",
9910	+	"Polling": "60000",
9911	-	"Jitter": "0",
9911	+	"Jitter": "0",
9912	-	"Maxdns": "255",
9912	+	"Maxdns": "255",
9913	-	"C2 Server": "45.141.84.32,/IE9CompatViewList.xml",
9913	+	"C2 Server": "45.141.84.32,/IE9CompatViewList.xml",
9914	-	"User Agent": "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; WOW64; Trident/6.0; ASU2JS)",
9914	+	"User Agent": "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; WOW64; Trident/6.0; ASU2JS)",
9915	-	"HTTP Method Path 2": "/submit.php",
9915	+	"HTTP Method Path 2": "/submit.php",
9916	-	"Header1": "",
9916	+	"Header1": "",
9917	-	"Header2": "",
9917	+	"Header2": "",
9918	-	"PipeName": "",
9918	+	"PipeName": "",
9919	-	"DNS Idle": "\\x00\\x00\\x00\\x00",
9919	+	"DNS Idle": "\\x00\\x00\\x00\\x00",
9920	-	"DNS Sleep": "0",
9920	+	"DNS Sleep": "0",
9921	-	"Method1": "GET",
9921	+	"Method1": "GET",
9922	-	"Method2": "POST",
9922	+	"Method2": "POST",
9923	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
9923	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
9924	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
9924	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
9925	-	"Proxy_AccessType": "2 (Use IE settings)"
9925	+	"Proxy_AccessType": "2 (Use IE settings)"
9926	-	}
9926	+	}
9927	-	},
9927	+	},
9928	-	"45.146.165.140": {
9928	+	"45.146.165.140": {
9929	-	"x86": {
9929	+	"x86": {
9930	-	"BeaconType": "8 (HTTPS)",
9930	+	"BeaconType": "8 (HTTPS)",
9931	-	"Port": "443",
9931	+	"Port": "443",
9932	-	"Polling": "60000",
9932	+	"Polling": "60000",
9933	-	"Jitter": "0",
9933	+	"Jitter": "0",
9934	-	"Maxdns": "255",
9934	+	"Maxdns": "255",
9935	-	"C2 Server": "45.146.165.140,/IE9CompatViewList.xml",
9935	+	"C2 Server": "45.146.165.140,/IE9CompatViewList.xml",
9936	-	"User Agent": "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0)",
9936	+	"User Agent": "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0)",
9937	-	"HTTP Method Path 2": "/submit.php",
9937	+	"HTTP Method Path 2": "/submit.php",
9938	-	"Header1": "",
9938	+	"Header1": "",
9939	-	"Header2": "",
9939	+	"Header2": "",
9940	-	"PipeName": "",
9940	+	"PipeName": "",
9941	-	"DNS Idle": "\\x00\\x00\\x00\\x00",
9941	+	"DNS Idle": "\\x00\\x00\\x00\\x00",
9942	-	"DNS Sleep": "0",
9942	+	"DNS Sleep": "0",
9943	-	"Method1": "GET",
9943	+	"Method1": "GET",
9944	-	"Method2": "POST",
9944	+	"Method2": "POST",
9945	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
9945	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
9946	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
9946	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
9947	-	"Proxy_AccessType": "2 (Use IE settings)"
9947	+	"Proxy_AccessType": "2 (Use IE settings)"
9948	-	}
9948	+	}
9949	-	},
9949	+	},
9950	-	"45.147.229.44": {
9950	+	"45.147.229.44": {
9951	-	"x86": {
9951	+	"x86": {
9952	-	"BeaconType": "8 (HTTPS)",
9952	+	"BeaconType": "8 (HTTPS)",
9953	-	"Port": "443",
9953	+	"Port": "443",
9954	-	"Polling": "60283",
9954	+	"Polling": "60283",
9955	-	"Jitter": "39",
9955	+	"Jitter": "39",
9956	-	"Maxdns": "249",
9956	+	"Maxdns": "249",
9957	-	"C2 Server": "mn.backup-helper.com,/template.css,nm.backup-helper.com,/fam_calendar.css,ws.backup-helper.com,/fam_calendar.css",
9957	+	"C2 Server": "mn.backup-helper.com,/template.css,nm.backup-helper.com,/fam_calendar.css,ws.backup-helper.com,/fam_calendar.css",
9958	-	"User Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Safari/537.36 Edge/12.246",
9958	+	"User Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Safari/537.36 Edge/12.246",
9959	-	"HTTP Method Path 2": "/gv",
9959	+	"HTTP Method Path 2": "/gv",
9960	-	"Header1": "",
9960	+	"Header1": "",
9961	-	"Header2": "",
9961	+	"Header2": "",
9962	-	"PipeName": "",
9962	+	"PipeName": "",
9963	-	"DNS Idle": "\\x1E\\xBEI\\x86",
9963	+	"DNS Idle": "\\x1E\\xBEI\\x86",
9964	-	"DNS Sleep": "0",
9964	+	"DNS Sleep": "0",
9965	-	"Method1": "GET",
9965	+	"Method1": "GET",
9966	-	"Method2": "POST",
9966	+	"Method2": "POST",
9967	-	"Spawnto_x86": "%windir%\\syswow64\\regsvr32.exe",
9967	+	"Spawnto_x86": "%windir%\\syswow64\\regsvr32.exe",
9968	-	"Spawnto_x64": "%windir%\\sysnative\\regsvr32.exe",
9968	+	"Spawnto_x64": "%windir%\\sysnative\\regsvr32.exe",
9969	-	"Proxy_AccessType": "2 (Use IE settings)"
9969	+	"Proxy_AccessType": "2 (Use IE settings)"
9970	-	}
9970	+	}
9971	-	},
9971	+	},
9972	-	"45.147.230.0": {
9972	+	"45.147.230.0": {
9973	-	"x86": {
9973	+	"x86": {
9974	-	"BeaconType": "8 (HTTPS)",
9974	+	"BeaconType": "8 (HTTPS)",
9975	-	"Port": "443",
9975	+	"Port": "443",
9976	-	"Polling": "60000",
9976	+	"Polling": "60000",
9977	-	"Jitter": "0",
9977	+	"Jitter": "0",
9978	-	"Maxdns": "255",
9978	+	"Maxdns": "255",
9979	-	"C2 Server": "amajai-technologies.online,/push",
9979	+	"C2 Server": "amajai-technologies.online,/push",
9980	-	"User Agent": "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0)",
9980	+	"User Agent": "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0)",
9981	-	"HTTP Method Path 2": "/submit.php",
9981	+	"HTTP Method Path 2": "/submit.php",
9982	-	"Header1": "",
9982	+	"Header1": "",
9983	-	"Header2": "",
9983	+	"Header2": "",
9984	-	"PipeName": "",
9984	+	"PipeName": "",
9985	-	"DNS Idle": "\\x00\\x00\\x00\\x00",
9985	+	"DNS Idle": "\\x00\\x00\\x00\\x00",
9986	-	"DNS Sleep": "0",
9986	+	"DNS Sleep": "0",
9987	-	"Method1": "GET",
9987	+	"Method1": "GET",
9988	-	"Method2": "POST",
9988	+	"Method2": "POST",
9989	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
9989	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
9990	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
9990	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
9991	-	"Proxy_AccessType": "2 (Use IE settings)"
9991	+	"Proxy_AccessType": "2 (Use IE settings)"
9992	-	},
9992	+	},
9993	-	"x64": {
9993	+	"x64": {
9994	-	"BeaconType": "8 (HTTPS)",
9994	+	"BeaconType": "8 (HTTPS)",
9995	-	"Port": "443",
9995	+	"Port": "443",
9996	-	"Polling": "60000",
9996	+	"Polling": "60000",
9997	-	"Jitter": "0",
9997	+	"Jitter": "0",
9998	-	"Maxdns": "255",
9998	+	"Maxdns": "255",
9999	-	"C2 Server": "amajai-technologies.online,/en_US/all.js",
9999	+	"C2 Server": "amajai-technologies.online,/en_US/all.js",
10000	-	"User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)",
10000	+	"User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)",
10001	-	"HTTP Method Path 2": "/submit.php",
10001	+	"HTTP Method Path 2": "/submit.php",
10002	-	"Header1": "",
10002	+	"Header1": "",
10003	-	"Header2": "",
10003	+	"Header2": "",
10004	-	"PipeName": "",
10004	+	"PipeName": "",
10005	-	"DNS Idle": "\\x00\\x00\\x00\\x00",
10005	+	"DNS Idle": "\\x00\\x00\\x00\\x00",
10006	-	"DNS Sleep": "0",
10006	+	"DNS Sleep": "0",
10007	-	"Method1": "GET",
10007	+	"Method1": "GET",
10008	-	"Method2": "POST",
10008	+	"Method2": "POST",
10009	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
10009	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
10010	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
10010	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
10011	-	"Proxy_AccessType": "2 (Use IE settings)"
10011	+	"Proxy_AccessType": "2 (Use IE settings)"
10012	-	}
10012	+	}
10013	-	},
10013	+	},
10014	-	"45.153.243.215": {
10014	+	"45.153.243.215": {
10015	-	"x86": {
10015	+	"x86": {
10016	-	"BeaconType": "8 (HTTPS)",
10016	+	"BeaconType": "8 (HTTPS)",
10017	-	"Port": "443",
10017	+	"Port": "443",
10018	-	"Polling": "60000",
10018	+	"Polling": "60000",
10019	-	"Jitter": "0",
10019	+	"Jitter": "0",
10020	-	"Maxdns": "255",
10020	+	"Maxdns": "255",
10021	-	"C2 Server": "amajai-technologies.support,/g.pixel",
10021	+	"C2 Server": "amajai-technologies.support,/g.pixel",
10022	-	"User Agent": "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident/4.0)",
10022	+	"User Agent": "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident/4.0)",
10023	-	"HTTP Method Path 2": "/submit.php",
10023	+	"HTTP Method Path 2": "/submit.php",
10024	-	"Header1": "",
10024	+	"Header1": "",
10025	-	"Header2": "",
10025	+	"Header2": "",
10026	-	"PipeName": "",
10026	+	"PipeName": "",
10027	-	"DNS Idle": "\\x00\\x00\\x00\\x00",
10027	+	"DNS Idle": "\\x00\\x00\\x00\\x00",
10028	-	"DNS Sleep": "0",
10028	+	"DNS Sleep": "0",
10029	-	"Method1": "GET",
10029	+	"Method1": "GET",
10030	-	"Method2": "POST",
10030	+	"Method2": "POST",
10031	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
10031	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
10032	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
10032	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
10033	-	"Proxy_AccessType": "2 (Use IE settings)"
10033	+	"Proxy_AccessType": "2 (Use IE settings)"
10034	-	}
10034	+	}
10035	-	},
10035	+	},
10036	-	"45.170.251.101": {
10036	+	"45.170.251.101": {
10037	-	"x86": {
10037	+	"x86": {
10038	-	"BeaconType": "8 (HTTPS)",
10038	+	"BeaconType": "8 (HTTPS)",
10039	-	"Port": "443",
10039	+	"Port": "443",
10040	-	"Polling": "60000",
10040	+	"Polling": "60000",
10041	-	"Jitter": "0",
10041	+	"Jitter": "0",
10042	-	"C2 Server": "45.170.251.101,/ga.js",
10042	+	"C2 Server": "45.170.251.101,/ga.js",
10043	-	"HTTP Method Path 2": "/submit.php",
10043	+	"HTTP Method Path 2": "/submit.php",
10044	-	"Method1": "GET",
10044	+	"Method1": "GET",
10045	-	"Method2": "POST",
10045	+	"Method2": "POST",
10046	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
10046	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
10047	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
10047	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
10048	-	"Proxy_AccessType": "2 (Use IE settings)"
10048	+	"Proxy_AccessType": "2 (Use IE settings)"
10049	-	},
10049	+	},
10050	-	"x64": {
10050	+	"x64": {
10051	-	"BeaconType": "8 (HTTPS)",
10051	+	"BeaconType": "8 (HTTPS)",
10052	-	"Port": "443",
10052	+	"Port": "443",
10053	-	"Polling": "60000",
10053	+	"Polling": "60000",
10054	-	"Jitter": "0",
10054	+	"Jitter": "0",
10055	-	"C2 Server": "45.170.251.101,/updates.rss",
10055	+	"C2 Server": "45.170.251.101,/updates.rss",
10056	-	"HTTP Method Path 2": "/submit.php",
10056	+	"HTTP Method Path 2": "/submit.php",
10057	-	"Method1": "GET",
10057	+	"Method1": "GET",
10058	-	"Method2": "POST",
10058	+	"Method2": "POST",
10059	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
10059	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
10060	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
10060	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
10061	-	"Proxy_AccessType": "2 (Use IE settings)"
10061	+	"Proxy_AccessType": "2 (Use IE settings)"
10062	-	}
10062	+	}
10063	-	},
10063	+	},
10064	-	"45.199.110.164": {
10064	+	"45.199.110.164": {
10065	-	"x86": {
10065	+	"x86": {
10066	-	"BeaconType": "8 (HTTPS)",
10066	+	"BeaconType": "8 (HTTPS)",
10067	-	"Port": "443",
10067	+	"Port": "443",
10068	-	"Polling": "60000",
10068	+	"Polling": "60000",
10069	-	"Jitter": "0",
10069	+	"Jitter": "0",
10070	-	"Maxdns": "255",
10070	+	"Maxdns": "255",
10071	-	"C2 Server": "wyx.3utilities.com,/IE9CompatViewList.xml",
10071	+	"C2 Server": "wyx.3utilities.com,/IE9CompatViewList.xml",
10072	-	"User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0) LBBROWSER",
10072	+	"User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0) LBBROWSER",
10073	-	"HTTP Method Path 2": "/submit.php",
10073	+	"HTTP Method Path 2": "/submit.php",
10074	-	"Header1": "",
10074	+	"Header1": "",
10075	-	"Header2": "",
10075	+	"Header2": "",
10076	-	"PipeName": "",
10076	+	"PipeName": "",
10077	-	"DNS Idle": "\\x00\\x00\\x00\\x00",
10077	+	"DNS Idle": "\\x00\\x00\\x00\\x00",
10078	-	"DNS Sleep": "0",
10078	+	"DNS Sleep": "0",
10079	-	"Method1": "GET",
10079	+	"Method1": "GET",
10080	-	"Method2": "POST",
10080	+	"Method2": "POST",
10081	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
10081	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
10082	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
10082	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
10083	-	"Proxy_AccessType": "2 (Use IE settings)"
10083	+	"Proxy_AccessType": "2 (Use IE settings)"
10084	-	}
10084	+	}
10085	-	},
10085	+	},
10086	-	"45.207.49.205": {
10086	+	"45.207.49.205": {
10087	-	"x86": {
10087	+	"x86": {
10088	-	"BeaconType": "8 (HTTPS)",
10088	+	"BeaconType": "8 (HTTPS)",
10089	-	"Port": "443",
10089	+	"Port": "443",
10090	-	"Polling": "5000",
10090	+	"Polling": "5000",
10091	-	"Jitter": "10",
10091	+	"Jitter": "10",
10092	-	"Maxdns": "235",
10092	+	"Maxdns": "235",
10093	-	"C2 Server": "45.207.49.205,/updates",
10093	+	"C2 Server": "45.207.49.205,/updates",
10094	-	"User Agent": "Mozilla/5.0 (Windows NT 6.1; rv:24.0) Gecko/20100101 Firefox/24.0",
10094	+	"User Agent": "Mozilla/5.0 (Windows NT 6.1; rv:24.0) Gecko/20100101 Firefox/24.0",
10095	-	"HTTP Method Path 2": "/windebug/updcheck.php",
10095	+	"HTTP Method Path 2": "/windebug/updcheck.php",
10096	-	"Header1": "",
10096	+	"Header1": "",
10097	-	"Header2": "",
10097	+	"Header2": "",
10098	-	"PipeName": "",
10098	+	"PipeName": "",
10099	-	"DNS Idle": "\\x08\\x08\\x04\\x04",
10099	+	"DNS Idle": "\\x08\\x08\\x04\\x04",
10100	-	"DNS Sleep": "0",
10100	+	"DNS Sleep": "0",
10101	-	"Method1": "GET",
10101	+	"Method1": "GET",
10102	-	"Method2": "POST",
10102	+	"Method2": "POST",
10103	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
10103	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
10104	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
10104	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
10105	-	"Proxy_AccessType": "2 (Use IE settings)"
10105	+	"Proxy_AccessType": "2 (Use IE settings)"
10106	-	},
10106	+	},
10107	-	"x64": {
10107	+	"x64": {
10108	-	"BeaconType": "8 (HTTPS)",
10108	+	"BeaconType": "8 (HTTPS)",
10109	-	"Port": "443",
10109	+	"Port": "443",
10110	-	"Polling": "5000",
10110	+	"Polling": "5000",
10111	-	"Jitter": "10",
10111	+	"Jitter": "10",
10112	-	"Maxdns": "235",
10112	+	"Maxdns": "235",
10113	-	"C2 Server": "45.207.49.205,/updates",
10113	+	"C2 Server": "45.207.49.205,/updates",
10114	-	"User Agent": "Mozilla/5.0 (Windows NT 6.1; rv:24.0) Gecko/20100101 Firefox/24.0",
10114	+	"User Agent": "Mozilla/5.0 (Windows NT 6.1; rv:24.0) Gecko/20100101 Firefox/24.0",
10115	-	"HTTP Method Path 2": "/aero2/fly.php",
10115	+	"HTTP Method Path 2": "/aero2/fly.php",
10116	-	"Header1": "",
10116	+	"Header1": "",
10117	-	"Header2": "",
10117	+	"Header2": "",
10118	-	"PipeName": "",
10118	+	"PipeName": "",
10119	-	"DNS Idle": "\\x08\\x08\\x04\\x04",
10119	+	"DNS Idle": "\\x08\\x08\\x04\\x04",
10120	-	"DNS Sleep": "0",
10120	+	"DNS Sleep": "0",
10121	-	"Method1": "GET",
10121	+	"Method1": "GET",
10122	-	"Method2": "POST",
10122	+	"Method2": "POST",
10123	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
10123	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
10124	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
10124	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
10125	-	"Proxy_AccessType": "2 (Use IE settings)"
10125	+	"Proxy_AccessType": "2 (Use IE settings)"
10126	-	}
10126	+	}
10127	-	},
10127	+	},
10128	-	"45.32.52.188": {
10128	+	"45.32.52.188": {
10129	-	"x86": {
10129	+	"x86": {
10130	-	"BeaconType": "8 (HTTPS)",
10130	+	"BeaconType": "8 (HTTPS)",
10131	-	"Port": "443",
10131	+	"Port": "443",
10132	-	"Polling": "10000",
10132	+	"Polling": "10000",
10133	-	"Jitter": "41",
10133	+	"Jitter": "41",
10134	-	"Maxdns": "67",
10134	+	"Maxdns": "67",
10135	-	"C2 Server": "45.32.52.188,/settings",
10135	+	"C2 Server": "45.32.52.188,/settings",
10136	-	"User Agent": "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.75 Safari/537.36",
10136	+	"User Agent": "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.75 Safari/537.36",
10137	-	"HTTP Method Path 2": "/collect/v1",
10137	+	"HTTP Method Path 2": "/collect/v1",
10138	-	"Header1": "",
10138	+	"Header1": "",
10139	-	"Header2": "",
10139	+	"Header2": "",
10140	-	"PipeName": "",
10140	+	"PipeName": "",
10141	-	"DNS Idle": "\\xDF\\x05\\x05\\x05",
10141	+	"DNS Idle": "\\xDF\\x05\\x05\\x05",
10142	-	"DNS Sleep": "0",
10142	+	"DNS Sleep": "0",
10143	-	"Method1": "POST",
10143	+	"Method1": "POST",
10144	-	"Method2": "POST",
10144	+	"Method2": "POST",
10145	-	"Spawnto_x86": "%windir%\\syswow64\\msiexec.exe",
10145	+	"Spawnto_x86": "%windir%\\syswow64\\msiexec.exe",
10146	-	"Spawnto_x64": "%windir%\\sysnative\\msiexec.exe",
10146	+	"Spawnto_x64": "%windir%\\sysnative\\msiexec.exe",
10147	-	"Proxy_AccessType": "2 (Use IE settings)"
10147	+	"Proxy_AccessType": "2 (Use IE settings)"
10148	-	},
10148	+	},
10149	-	"x64": {
10149	+	"x64": {
10150	-	"BeaconType": "8 (HTTPS)",
10150	+	"BeaconType": "8 (HTTPS)",
10151	-	"Port": "443",
10151	+	"Port": "443",
10152	-	"Polling": "10000",
10152	+	"Polling": "10000",
10153	-	"Jitter": "41",
10153	+	"Jitter": "41",
10154	-	"Maxdns": "67",
10154	+	"Maxdns": "67",
10155	-	"C2 Server": "45.32.52.188,/settings",
10155	+	"C2 Server": "45.32.52.188,/settings",
10156	-	"User Agent": "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.75 Safari/537.36",
10156	+	"User Agent": "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.75 Safari/537.36",
10157	-	"HTTP Method Path 2": "/collect/v1",
10157	+	"HTTP Method Path 2": "/collect/v1",
10158	-	"Header1": "",
10158	+	"Header1": "",
10159	-	"Header2": "",
10159	+	"Header2": "",
10160	-	"PipeName": "",
10160	+	"PipeName": "",
10161	-	"DNS Idle": "\\xDF\\x05\\x05\\x05",
10161	+	"DNS Idle": "\\xDF\\x05\\x05\\x05",
10162	-	"DNS Sleep": "0",
10162	+	"DNS Sleep": "0",
10163	-	"Method1": "POST",
10163	+	"Method1": "POST",
10164	-	"Method2": "POST",
10164	+	"Method2": "POST",
10165	-	"Spawnto_x86": "%windir%\\syswow64\\msiexec.exe",
10165	+	"Spawnto_x86": "%windir%\\syswow64\\msiexec.exe",
10166	-	"Spawnto_x64": "%windir%\\sysnative\\msiexec.exe",
10166	+	"Spawnto_x64": "%windir%\\sysnative\\msiexec.exe",
10167	-	"Proxy_AccessType": "2 (Use IE settings)"
10167	+	"Proxy_AccessType": "2 (Use IE settings)"
10168	-	}
10168	+	}
10169	-	},
10169	+	},
10170	-	"45.33.27.73": {
10170	+	"45.33.27.73": {
10171	-	"x64": {
10171	+	"x64": {
10172	-	"BeaconType": "8 (HTTPS)",
10172	+	"BeaconType": "8 (HTTPS)",
10173	-	"Port": "443",
10173	+	"Port": "443",
10174	-	"Polling": "60000",
10174	+	"Polling": "60000",
10175	-	"Jitter": "0",
10175	+	"Jitter": "0",
10176	-	"Maxdns": "255",
10176	+	"Maxdns": "255",
10177	-	"C2 Server": "45.33.27.73,/dpixel",
10177	+	"C2 Server": "45.33.27.73,/dpixel",
10178	-	"User Agent": "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)",
10178	+	"User Agent": "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)",
10179	-	"HTTP Method Path 2": "/submit.php",
10179	+	"HTTP Method Path 2": "/submit.php",
10180	-	"Header1": "",
10180	+	"Header1": "",
10181	-	"Header2": "",
10181	+	"Header2": "",
10182	-	"PipeName": "",
10182	+	"PipeName": "",
10183	-	"DNS Idle": "\\x00\\x00\\x00\\x00",
10183	+	"DNS Idle": "\\x00\\x00\\x00\\x00",
10184	-	"DNS Sleep": "0",
10184	+	"DNS Sleep": "0",
10185	-	"Method1": "GET",
10185	+	"Method1": "GET",
10186	-	"Method2": "POST",
10186	+	"Method2": "POST",
10187	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
10187	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
10188	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
10188	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
10189	-	"Proxy_AccessType": "2 (Use IE settings)"
10189	+	"Proxy_AccessType": "2 (Use IE settings)"
10190	-	}
10190	+	}
10191	-	},
10191	+	},
10192	-	"45.58.116.242": {
10192	+	"45.58.116.242": {
10193	-	"x86": {
10193	+	"x86": {
10194	-	"BeaconType": "8 (HTTPS)",
10194	+	"BeaconType": "8 (HTTPS)",
10195	-	"Port": "443",
10195	+	"Port": "443",
10196	-	"Polling": "5000",
10196	+	"Polling": "5000",
10197	-	"Jitter": "10",
10197	+	"Jitter": "10",
10198	-	"Maxdns": "235",
10198	+	"Maxdns": "235",
10199	-	"C2 Server": "withfix.com,/us/ky/louisville/312-s-fourth-st.html",
10199	+	"C2 Server": "withfix.com,/us/ky/louisville/312-s-fourth-st.html",
10200	-	"User Agent": "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko)",
10200	+	"User Agent": "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko)",
10201	-	"HTTP Method Path 2": "/OrderEntryService.asmx/AddOrderLine",
10201	+	"HTTP Method Path 2": "/OrderEntryService.asmx/AddOrderLine",
10202	-	"Header1": "",
10202	+	"Header1": "",
10203	-	"Header2": "",
10203	+	"Header2": "",
10204	-	"PipeName": "",
10204	+	"PipeName": "",
10205	-	"DNS Idle": "\\x08\\x08\\x08\\x08",
10205	+	"DNS Idle": "\\x08\\x08\\x08\\x08",
10206	-	"DNS Sleep": "0",
10206	+	"DNS Sleep": "0",
10207	-	"Method1": "GET",
10207	+	"Method1": "GET",
10208	-	"Method2": "POST",
10208	+	"Method2": "POST",
10209	-	"Spawnto_x86": "%windir%\\syswow64\\mstsc.exe",
10209	+	"Spawnto_x86": "%windir%\\syswow64\\mstsc.exe",
10210	-	"Spawnto_x64": "%windir%\\sysnative\\mstsc.exe",
10210	+	"Spawnto_x64": "%windir%\\sysnative\\mstsc.exe",
10211	-	"Proxy_AccessType": "2 (Use IE settings)"
10211	+	"Proxy_AccessType": "2 (Use IE settings)"
10212	-	}
10212	+	}
10213	-	},
10213	+	},
10214	-	"45.64.186.249": {
10214	+	"45.64.186.249": {
10215	-	"x64": {
10215	+	"x64": {
10216	-	"BeaconType": "8 (HTTPS)",
10216	+	"BeaconType": "8 (HTTPS)",
10217	-	"Port": "443",
10217	+	"Port": "443",
10218	-	"Polling": "60000",
10218	+	"Polling": "60000",
10219	-	"Jitter": "0",
10219	+	"Jitter": "0",
10220	-	"Maxdns": "255",
10220	+	"Maxdns": "255",
10221	-	"C2 Server": "45.64.186.249,/static/v3/logo2.gif",
10221	+	"C2 Server": "45.64.186.249,/static/v3/logo2.gif",
10222	-	"User Agent": "Mozilla/5.0 (Windows; U; MSIE 7.0; Windows NT 5.2) Java/1.5.0_08",
10222	+	"User Agent": "Mozilla/5.0 (Windows; U; MSIE 7.0; Windows NT 5.2) Java/1.5.0_08",
10223	-	"HTTP Method Path 2": "/static/v3/logo1.gif",
10223	+	"HTTP Method Path 2": "/static/v3/logo1.gif",
10224	-	"Header1": "",
10224	+	"Header1": "",
10225	-	"Header2": "",
10225	+	"Header2": "",
10226	-	"PipeName": "",
10226	+	"PipeName": "",
10227	-	"DNS Idle": "\\x00\\x00\\x00\\x00",
10227	+	"DNS Idle": "\\x00\\x00\\x00\\x00",
10228	-	"DNS Sleep": "0",
10228	+	"DNS Sleep": "0",
10229	-	"Method1": "GET",
10229	+	"Method1": "GET",
10230	-	"Method2": "POST",
10230	+	"Method2": "POST",
10231	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
10231	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
10232	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
10232	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
10233	-	"Proxy_AccessType": "2 (Use IE settings)"
10233	+	"Proxy_AccessType": "2 (Use IE settings)"
10234	-	}
10234	+	}
10235	-	},
10235	+	},
10236	-	"45.67.229.168": {
10236	+	"45.67.229.168": {
10237	-	"x64": {
10237	+	"x64": {
10238	-	"BeaconType": "8 (HTTPS)",
10238	+	"BeaconType": "8 (HTTPS)",
10239	-	"Port": "443",
10239	+	"Port": "443",
10240	-	"Polling": "53000",
10240	+	"Polling": "53000",
10241	-	"Jitter": "34",
10241	+	"Jitter": "34",
10242	-	"Maxdns": "255",
10242	+	"Maxdns": "255",
10243	-	"C2 Server": "45.67.229.168,/jquery-3.3.1.min.js",
10243	+	"C2 Server": "45.67.229.168,/jquery-3.3.1.min.js",
10244	-	"User Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.111 Safari/537.36",
10244	+	"User Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.111 Safari/537.36",
10245	-	"HTTP Method Path 2": "/jquery-3.3.2.min.js",
10245	+	"HTTP Method Path 2": "/jquery-3.3.2.min.js",
10246	-	"Header1": "",
10246	+	"Header1": "",
10247	-	"Header2": "",
10247	+	"Header2": "",
10248	-	"PipeName": "",
10248	+	"PipeName": "",
10249	-	"DNS Idle": "J}\\xC4q",
10249	+	"DNS Idle": "J}\\xC4q",
10250	-	"DNS Sleep": "0",
10250	+	"DNS Sleep": "0",
10251	-	"Method1": "GET",
10251	+	"Method1": "GET",
10252	-	"Method2": "POST",
10252	+	"Method2": "POST",
10253	-	"Spawnto_x86": "%windir%\\syswow64\\dllhost.exe",
10253	+	"Spawnto_x86": "%windir%\\syswow64\\dllhost.exe",
10254	-	"Spawnto_x64": "%windir%\\sysnative\\dllhost.exe",
10254	+	"Spawnto_x64": "%windir%\\sysnative\\dllhost.exe",
10255	-	"Proxy_AccessType": "2 (Use IE settings)"
10255	+	"Proxy_AccessType": "2 (Use IE settings)"
10256	-	}
10256	+	}
10257	-	},
10257	+	},
10258	-	"45.76.48.40": {
10258	+	"45.76.48.40": {
10259	-	"x86": {
10259	+	"x86": {
10260	-	"BeaconType": "8 (HTTPS)",
10260	+	"BeaconType": "8 (HTTPS)",
10261	-	"Port": "443",
10261	+	"Port": "443",
10262	-	"Polling": "60000",
10262	+	"Polling": "60000",
10263	-	"Jitter": "0",
10263	+	"Jitter": "0",
10264	-	"Maxdns": "255",
10264	+	"Maxdns": "255",
10265	-	"C2 Server": "45.76.48.40,/ptj",
10265	+	"C2 Server": "45.76.48.40,/ptj",
10266	-	"User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows Phone OS 7.5; Trident/5.0; IEMobile/9.0; LG; LG-E906)",
10266	+	"User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows Phone OS 7.5; Trident/5.0; IEMobile/9.0; LG; LG-E906)",
10267	-	"HTTP Method Path 2": "/submit.php",
10267	+	"HTTP Method Path 2": "/submit.php",
10268	-	"Header1": "",
10268	+	"Header1": "",
10269	-	"Header2": "",
10269	+	"Header2": "",
10270	-	"PipeName": "",
10270	+	"PipeName": "",
10271	-	"DNS Idle": "\\x00\\x00\\x00\\x00",
10271	+	"DNS Idle": "\\x00\\x00\\x00\\x00",
10272	-	"DNS Sleep": "0",
10272	+	"DNS Sleep": "0",
10273	-	"Method1": "GET",
10273	+	"Method1": "GET",
10274	-	"Method2": "POST",
10274	+	"Method2": "POST",
10275	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
10275	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
10276	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
10276	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
10277	-	"Proxy_AccessType": "2 (Use IE settings)"
10277	+	"Proxy_AccessType": "2 (Use IE settings)"
10278	-	}
10278	+	}
10279	-	},
10279	+	},
10280	-	"46.161.27.220": {
10280	+	"46.161.27.220": {
10281	-	"x86": {
10281	+	"x86": {
10282	-	"BeaconType": "8 (HTTPS)",
10282	+	"BeaconType": "8 (HTTPS)",
10283	-	"Port": "443",
10283	+	"Port": "443",
10284	-	"Polling": "60000",
10284	+	"Polling": "60000",
10285	-	"Jitter": "0",
10285	+	"Jitter": "0",
10286	-	"Maxdns": "255",
10286	+	"Maxdns": "255",
10287	-	"C2 Server": "46.161.27.220,/ptj",
10287	+	"C2 Server": "46.161.27.220,/ptj",
10288	-	"User Agent": "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)",
10288	+	"User Agent": "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)",
10289	-	"HTTP Method Path 2": "/submit.php",
10289	+	"HTTP Method Path 2": "/submit.php",
10290	-	"Header1": "",
10290	+	"Header1": "",
10291	-	"Header2": "",
10291	+	"Header2": "",
10292	-	"PipeName": "",
10292	+	"PipeName": "",
10293	-	"DNS Idle": "\\x00\\x00\\x00\\x00",
10293	+	"DNS Idle": "\\x00\\x00\\x00\\x00",
10294	-	"DNS Sleep": "0",
10294	+	"DNS Sleep": "0",
10295	-	"Method1": "GET",
10295	+	"Method1": "GET",
10296	-	"Method2": "POST",
10296	+	"Method2": "POST",
10297	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
10297	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
10298	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
10298	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
10299	-	"Proxy_AccessType": "2 (Use IE settings)"
10299	+	"Proxy_AccessType": "2 (Use IE settings)"
10300	-	}
10300	+	}
10301	-	},
10301	+	},
10302	-	"46.166.128.234": {
10302	+	"46.166.128.234": {
10303	-	"x64": {
10303	+	"x64": {
10304	-	"BeaconType": "8 (HTTPS)",
10304	+	"BeaconType": "8 (HTTPS)",
10305	-	"Port": "443",
10305	+	"Port": "443",
10306	-	"Polling": "60000",
10306	+	"Polling": "60000",
10307	-	"Jitter": "0",
10307	+	"Jitter": "0",
10308	-	"Maxdns": "255",
10308	+	"Maxdns": "255",
10309	-	"C2 Server": "46.166.128.234,/cx",
10309	+	"C2 Server": "46.166.128.234,/cx",
10310	-	"User Agent": "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)",
10310	+	"User Agent": "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)",
10311	-	"HTTP Method Path 2": "/submit.php",
10311	+	"HTTP Method Path 2": "/submit.php",
10312	-	"Header1": "",
10312	+	"Header1": "",
10313	-	"Header2": "",
10313	+	"Header2": "",
10314	-	"PipeName": "",
10314	+	"PipeName": "",
10315	-	"DNS Idle": "\\x00\\x00\\x00\\x00",
10315	+	"DNS Idle": "\\x00\\x00\\x00\\x00",
10316	-	"DNS Sleep": "0",
10316	+	"DNS Sleep": "0",
10317	-	"Method1": "GET",
10317	+	"Method1": "GET",
10318	-	"Method2": "POST",
10318	+	"Method2": "POST",
10319	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
10319	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
10320	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
10320	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
10321	-	"Proxy_AccessType": "2 (Use IE settings)"
10321	+	"Proxy_AccessType": "2 (Use IE settings)"
10322	-	}
10322	+	}
10323	-	},
10323	+	},
10324	-	"46.166.129.176": {
10324	+	"46.166.129.176": {
10325	-	"x86": {
10325	+	"x86": {
10326	-	"BeaconType": "8 (HTTPS)",
10326	+	"BeaconType": "8 (HTTPS)",
10327	-	"Port": "443",
10327	+	"Port": "443",
10328	-	"Polling": "60000",
10328	+	"Polling": "60000",
10329	-	"Jitter": "0",
10329	+	"Jitter": "0",
10330	-	"Maxdns": "255",
10330	+	"Maxdns": "255",
10331	-	"C2 Server": "46.166.129.169,/load",
10331	+	"C2 Server": "46.166.129.169,/load",
10332	-	"User Agent": "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0)",
10332	+	"User Agent": "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0)",
10333	-	"HTTP Method Path 2": "/submit.php",
10333	+	"HTTP Method Path 2": "/submit.php",
10334	-	"Header1": "",
10334	+	"Header1": "",
10335	-	"Header2": "",
10335	+	"Header2": "",
10336	-	"PipeName": "",
10336	+	"PipeName": "",
10337	-	"DNS Idle": "\\x00\\x00\\x00\\x00",
10337	+	"DNS Idle": "\\x00\\x00\\x00\\x00",
10338	-	"DNS Sleep": "0",
10338	+	"DNS Sleep": "0",
10339	-	"Method1": "GET",
10339	+	"Method1": "GET",
10340	-	"Method2": "POST",
10340	+	"Method2": "POST",
10341	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
10341	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
10342	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
10342	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
10343	-	"Proxy_AccessType": "2 (Use IE settings)"
10343	+	"Proxy_AccessType": "2 (Use IE settings)"
10344	-	}
10344	+	}
10345	-	},
10345	+	},
10346	-	"46.166.162.165": {
10346	+	"46.166.162.165": {
10347	-	"x86": {
10347	+	"x86": {
10348	-	"BeaconType": "8 (HTTPS)",
10348	+	"BeaconType": "8 (HTTPS)",
10349	-	"Port": "443",
10349	+	"Port": "443",
10350	-	"Polling": "60000",
10350	+	"Polling": "60000",
10351	-	"Jitter": "0",
10351	+	"Jitter": "0",
10352	-	"Maxdns": "255",
10352	+	"Maxdns": "255",
10353	-	"C2 Server": "46.166.162.165,/pixel.gif",
10353	+	"C2 Server": "46.166.162.165,/pixel.gif",
10354	-	"User Agent": "Mozilla/4.0 (compatible; MSIE 5.0; Windows NT; DigExt; DTS Agent",
10354	+	"User Agent": "Mozilla/4.0 (compatible; MSIE 5.0; Windows NT; DigExt; DTS Agent",
10355	-	"HTTP Method Path 2": "/submit.php",
10355	+	"HTTP Method Path 2": "/submit.php",
10356	-	"Header1": "",
10356	+	"Header1": "",
10357	-	"Header2": "",
10357	+	"Header2": "",
10358	-	"PipeName": "",
10358	+	"PipeName": "",
10359	-	"DNS Idle": "\\x00\\x00\\x00\\x00",
10359	+	"DNS Idle": "\\x00\\x00\\x00\\x00",
10360	-	"DNS Sleep": "0",
10360	+	"DNS Sleep": "0",
10361	-	"Method1": "GET",
10361	+	"Method1": "GET",
10362	-	"Method2": "POST",
10362	+	"Method2": "POST",
10363	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
10363	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
10364	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
10364	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
10365	-	"Proxy_AccessType": "2 (Use IE settings)"
10365	+	"Proxy_AccessType": "2 (Use IE settings)"
10366	-	},
10366	+	},
10367	-	"x64": {
10367	+	"x64": {
10368	-	"BeaconType": "8 (HTTPS)",
10368	+	"BeaconType": "8 (HTTPS)",
10369	-	"Port": "443",
10369	+	"Port": "443",
10370	-	"Polling": "60000",
10370	+	"Polling": "60000",
10371	-	"Jitter": "0",
10371	+	"Jitter": "0",
10372	-	"Maxdns": "255",
10372	+	"Maxdns": "255",
10373	-	"C2 Server": "46.166.162.165,/j.ad",
10373	+	"C2 Server": "46.166.162.165,/j.ad",
10374	-	"User Agent": "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; Win64; x64; Trident/6.0; Avant Browser)",
10374	+	"User Agent": "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; Win64; x64; Trident/6.0; Avant Browser)",
10375	-	"HTTP Method Path 2": "/submit.php",
10375	+	"HTTP Method Path 2": "/submit.php",
10376	-	"Header1": "",
10376	+	"Header1": "",
10377	-	"Header2": "",
10377	+	"Header2": "",
10378	-	"PipeName": "",
10378	+	"PipeName": "",
10379	-	"DNS Idle": "\\x00\\x00\\x00\\x00",
10379	+	"DNS Idle": "\\x00\\x00\\x00\\x00",
10380	-	"DNS Sleep": "0",
10380	+	"DNS Sleep": "0",
10381	-	"Method1": "GET",
10381	+	"Method1": "GET",
10382	-	"Method2": "POST",
10382	+	"Method2": "POST",
10383	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
10383	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
10384	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
10384	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
10385	-	"Proxy_AccessType": "2 (Use IE settings)"
10385	+	"Proxy_AccessType": "2 (Use IE settings)"
10386	-	}
10386	+	}
10387	-	},
10387	+	},
10388	-	"46.166.162.97": {
10388	+	"46.166.162.97": {
10389	-	"x64": {
10389	+	"x64": {
10390	-	"BeaconType": "8 (HTTPS)",
10390	+	"BeaconType": "8 (HTTPS)",
10391	-	"Port": "443",
10391	+	"Port": "443",
10392	-	"Polling": "60000",
10392	+	"Polling": "60000",
10393	-	"Jitter": "0",
10393	+	"Jitter": "0",
10394	-	"Maxdns": "255",
10394	+	"Maxdns": "255",
10395	-	"C2 Server": "46.166.162.97,/cx",
10395	+	"C2 Server": "46.166.162.97,/cx",
10396	-	"User Agent": "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0)",
10396	+	"User Agent": "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0)",
10397	-	"HTTP Method Path 2": "/submit.php",
10397	+	"HTTP Method Path 2": "/submit.php",
10398	-	"Header1": "",
10398	+	"Header1": "",
10399	-	"Header2": "",
10399	+	"Header2": "",
10400	-	"PipeName": "",
10400	+	"PipeName": "",
10401	-	"DNS Idle": "\\x00\\x00\\x00\\x00",
10401	+	"DNS Idle": "\\x00\\x00\\x00\\x00",
10402	-	"DNS Sleep": "0",
10402	+	"DNS Sleep": "0",
10403	-	"Method1": "GET",
10403	+	"Method1": "GET",
10404	-	"Method2": "POST",
10404	+	"Method2": "POST",
10405	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
10405	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
10406	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
10406	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
10407	-	"Proxy_AccessType": "2 (Use IE settings)"
10407	+	"Proxy_AccessType": "2 (Use IE settings)"
10408	-	}
10408	+	}
10409	-	},
10409	+	},
10410	-	"46.30.189.89": {
10410	+	"46.30.189.89": {
10411	-	"x86": {
10411	+	"x86": {
10412	-	"BeaconType": "8 (HTTPS)",
10412	+	"BeaconType": "8 (HTTPS)",
10413	-	"Port": "443",
10413	+	"Port": "443",
10414	-	"Polling": "5000",
10414	+	"Polling": "5000",
10415	-	"Jitter": "0",
10415	+	"Jitter": "0",
10416	-	"Maxdns": "255",
10416	+	"Maxdns": "255",
10417	-	"C2 Server": "top.jimwilkens.com,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books",
10417	+	"C2 Server": "top.jimwilkens.com,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books",
10418	-	"User Agent": "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko",
10418	+	"User Agent": "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko",
10419	-	"HTTP Method Path 2": "/N4215/adj/amzn.us.sr.aps",
10419	+	"HTTP Method Path 2": "/N4215/adj/amzn.us.sr.aps",
10420	-	"Header1": "",
10420	+	"Header1": "",
10421	-	"Header2": "",
10421	+	"Header2": "",
10422	-	"PipeName": "",
10422	+	"PipeName": "",
10423	-	"DNS Idle": "\\x00\\x00\\x00\\x00",
10423	+	"DNS Idle": "\\x00\\x00\\x00\\x00",
10424	-	"DNS Sleep": "0",
10424	+	"DNS Sleep": "0",
10425	-	"Method1": "GET",
10425	+	"Method1": "GET",
10426	-	"Method2": "POST",
10426	+	"Method2": "POST",
10427	-	"Spawnto_x86": "%windir%\\syswow64\\mstsc.exe",
10427	+	"Spawnto_x86": "%windir%\\syswow64\\mstsc.exe",
10428	-	"Spawnto_x64": "%windir%\\sysnative\\mstsc.exe",
10428	+	"Spawnto_x64": "%windir%\\sysnative\\mstsc.exe",
10429	-	"Proxy_AccessType": "2 (Use IE settings)"
10429	+	"Proxy_AccessType": "2 (Use IE settings)"
10430	-	}
10430	+	}
10431	-	},
10431	+	},
10432	-	"46.8.180.147": {
10432	+	"46.8.180.147": {
10433	-	"x86": {
10433	+	"x86": {
10434	-	"BeaconType": "8 (HTTPS)",
10434	+	"BeaconType": "8 (HTTPS)",
10435	-	"Port": "443",
10435	+	"Port": "443",
10436	-	"Polling": "60000",
10436	+	"Polling": "60000",
10437	-	"Jitter": "0",
10437	+	"Jitter": "0",
10438	-	"Maxdns": "255",
10438	+	"Maxdns": "255",
10439	-	"C2 Server": "46.8.180.147,/visit.js",
10439	+	"C2 Server": "46.8.180.147,/visit.js",
10440	-	"User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.0; Trident/5.0)",
10440	+	"User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.0; Trident/5.0)",
10441	-	"HTTP Method Path 2": "/submit.php",
10441	+	"HTTP Method Path 2": "/submit.php",
10442	-	"Header1": "",
10442	+	"Header1": "",
10443	-	"Header2": "",
10443	+	"Header2": "",
10444	-	"PipeName": "",
10444	+	"PipeName": "",
10445	-	"DNS Idle": "\\x00\\x00\\x00\\x00",
10445	+	"DNS Idle": "\\x00\\x00\\x00\\x00",
10446	-	"DNS Sleep": "0",
10446	+	"DNS Sleep": "0",
10447	-	"Method1": "GET",
10447	+	"Method1": "GET",
10448	-	"Method2": "POST",
10448	+	"Method2": "POST",
10449	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
10449	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
10450	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
10450	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
10451	-	"Proxy_AccessType": "2 (Use IE settings)"
10451	+	"Proxy_AccessType": "2 (Use IE settings)"
10452	-	},
10452	+	},
10453	-	"x64": {
10453	+	"x64": {
10454	-	"BeaconType": "8 (HTTPS)",
10454	+	"BeaconType": "8 (HTTPS)",
10455	-	"Port": "443",
10455	+	"Port": "443",
10456	-	"Polling": "60000",
10456	+	"Polling": "60000",
10457	-	"Jitter": "0",
10457	+	"Jitter": "0",
10458	-	"Maxdns": "255",
10458	+	"Maxdns": "255",
10459	-	"C2 Server": "46.8.180.147,/cm",
10459	+	"C2 Server": "46.8.180.147,/cm",
10460	-	"User Agent": "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0)",
10460	+	"User Agent": "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0)",
10461	-	"HTTP Method Path 2": "/submit.php",
10461	+	"HTTP Method Path 2": "/submit.php",
10462	-	"Header1": "",
10462	+	"Header1": "",
10463	-	"Header2": "",
10463	+	"Header2": "",
10464	-	"PipeName": "",
10464	+	"PipeName": "",
10465	-	"DNS Idle": "\\x00\\x00\\x00\\x00",
10465	+	"DNS Idle": "\\x00\\x00\\x00\\x00",
10466	-	"DNS Sleep": "0",
10466	+	"DNS Sleep": "0",
10467	-	"Method1": "GET",
10467	+	"Method1": "GET",
10468	-	"Method2": "POST",
10468	+	"Method2": "POST",
10469	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
10469	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
10470	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
10470	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
10471	-	"Proxy_AccessType": "2 (Use IE settings)"
10471	+	"Proxy_AccessType": "2 (Use IE settings)"
10472	-	}
10472	+	}
10473	-	},
10473	+	},
10474	-	"47.101.214.85": {
10474	+	"47.101.214.85": {
10475	-	"x64": {
10475	+	"x64": {
10476	-	"BeaconType": "8 (HTTPS)",
10476	+	"BeaconType": "8 (HTTPS)",
10477	-	"Port": "443",
10477	+	"Port": "443",
10478	-	"Polling": "60000",
10478	+	"Polling": "60000",
10479	-	"Jitter": "0",
10479	+	"Jitter": "0",
10480	-	"Maxdns": "255",
10480	+	"Maxdns": "255",
10481	-	"C2 Server": "47.101.214.85,/dpixel",
10481	+	"C2 Server": "47.101.214.85,/dpixel",
10482	-	"User Agent": "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0)",
10482	+	"User Agent": "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0)",
10483	-	"HTTP Method Path 2": "/submit.php",
10483	+	"HTTP Method Path 2": "/submit.php",
10484	-	"Header1": "",
10484	+	"Header1": "",
10485	-	"Header2": "",
10485	+	"Header2": "",
10486	-	"PipeName": "",
10486	+	"PipeName": "",
10487	-	"DNS Idle": "\\x00\\x00\\x00\\x00",
10487	+	"DNS Idle": "\\x00\\x00\\x00\\x00",
10488	-	"DNS Sleep": "0",
10488	+	"DNS Sleep": "0",
10489	-	"Method1": "GET",
10489	+	"Method1": "GET",
10490	-	"Method2": "POST",
10490	+	"Method2": "POST",
10491	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
10491	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
10492	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
10492	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
10493	-	"Proxy_AccessType": "2 (Use IE settings)"
10493	+	"Proxy_AccessType": "2 (Use IE settings)"
10494	-	}
10494	+	}
10495	-	},
10495	+	},
10496	-	"47.104.11.169": {
10496	+	"47.104.11.169": {
10497	-	"x86": {
10497	+	"x86": {
10498	-	"BeaconType": "8 (HTTPS)",
10498	+	"BeaconType": "8 (HTTPS)",
10499	-	"Port": "443",
10499	+	"Port": "443",
10500	-	"Polling": "60000",
10500	+	"Polling": "60000",
10501	-	"Jitter": "0",
10501	+	"Jitter": "0",
10502	-	"Maxdns": "255",
10502	+	"Maxdns": "255",
10503	-	"C2 Server": "47.104.11.169,/pixel",
10503	+	"C2 Server": "47.104.11.169,/pixel",
10504	-	"User Agent": "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322)",
10504	+	"User Agent": "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322)",
10505	-	"HTTP Method Path 2": "/submit.php",
10505	+	"HTTP Method Path 2": "/submit.php",
10506	-	"Header1": "",
10506	+	"Header1": "",
10507	-	"Header2": "",
10507	+	"Header2": "",
10508	-	"PipeName": "",
10508	+	"PipeName": "",
10509	-	"DNS Idle": "\\x00\\x00\\x00\\x00",
10509	+	"DNS Idle": "\\x00\\x00\\x00\\x00",
10510	-	"DNS Sleep": "0",
10510	+	"DNS Sleep": "0",
10511	-	"Method1": "GET",
10511	+	"Method1": "GET",
10512	-	"Method2": "POST",
10512	+	"Method2": "POST",
10513	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
10513	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
10514	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
10514	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
10515	-	"Proxy_AccessType": "2 (Use IE settings)"
10515	+	"Proxy_AccessType": "2 (Use IE settings)"
10516	-	},
10516	+	},
10517	-	"x64": {
10517	+	"x64": {
10518	-	"BeaconType": "8 (HTTPS)",
10518	+	"BeaconType": "8 (HTTPS)",
10519	-	"Port": "443",
10519	+	"Port": "443",
10520	-	"Polling": "60000",
10520	+	"Polling": "60000",
10521	-	"Jitter": "0",
10521	+	"Jitter": "0",
10522	-	"Maxdns": "255",
10522	+	"Maxdns": "255",
10523	-	"C2 Server": "47.104.11.169,/cx",
10523	+	"C2 Server": "47.104.11.169,/cx",
10524	-	"User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; BOIE9;ENIN)",
10524	+	"User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; BOIE9;ENIN)",
10525	-	"HTTP Method Path 2": "/submit.php",
10525	+	"HTTP Method Path 2": "/submit.php",
10526	-	"Header1": "",
10526	+	"Header1": "",
10527	-	"Header2": "",
10527	+	"Header2": "",
10528	-	"PipeName": "",
10528	+	"PipeName": "",
10529	-	"DNS Idle": "\\x00\\x00\\x00\\x00",
10529	+	"DNS Idle": "\\x00\\x00\\x00\\x00",
10530	-	"DNS Sleep": "0",
10530	+	"DNS Sleep": "0",
10531	-	"Method1": "GET",
10531	+	"Method1": "GET",
10532	-	"Method2": "POST",
10532	+	"Method2": "POST",
10533	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
10533	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
10534	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
10534	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
10535	-	"Proxy_AccessType": "2 (Use IE settings)"
10535	+	"Proxy_AccessType": "2 (Use IE settings)"
10536	-	}
10536	+	}
10537	-	},
10537	+	},
10538	-	"47.104.156.242": {
10538	+	"47.104.156.242": {
10539	-	"x86": {
10539	+	"x86": {
10540	-	"BeaconType": "8 (HTTPS)",
10540	+	"BeaconType": "8 (HTTPS)",
10541	-	"Port": "443",
10541	+	"Port": "443",
10542	-	"Polling": "60000",
10542	+	"Polling": "60000",
10543	-	"Jitter": "50",
10543	+	"Jitter": "50",
10544	-	"Maxdns": "244",
10544	+	"Maxdns": "244",
10545	-	"C2 Server": "47.104.156.242,/v1/act",
10545	+	"C2 Server": "47.104.156.242,/v1/act",
10546	-	"User Agent": "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/82.0.4068.4 Safari/537.36",
10546	+	"User Agent": "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/82.0.4068.4 Safari/537.36",
10547	-	"HTTP Method Path 2": "/v2/api",
10547	+	"HTTP Method Path 2": "/v2/api",
10548	-	"Header1": "",
10548	+	"Header1": "",
10549	-	"Header2": "",
10549	+	"Header2": "",
10550	-	"PipeName": "",
10550	+	"PipeName": "",
10551	-	"DNS Idle": "\\x08\\x08\\x08\\x08",
10551	+	"DNS Idle": "\\x08\\x08\\x08\\x08",
10552	-	"DNS Sleep": "0",
10552	+	"DNS Sleep": "0",
10553	-	"Method1": "GET",
10553	+	"Method1": "GET",
10554	-	"Method2": "POST",
10554	+	"Method2": "POST",
10555	-	"Spawnto_x86": "%windir%\\syswow64\\WerFault.exe",
10555	+	"Spawnto_x86": "%windir%\\syswow64\\WerFault.exe",
10556	-	"Spawnto_x64": "%windir%\\sysnative\\WerFault.exe",
10556	+	"Spawnto_x64": "%windir%\\sysnative\\WerFault.exe",
10557	-	"Proxy_AccessType": "2 (Use IE settings)"
10557	+	"Proxy_AccessType": "2 (Use IE settings)"
10558	-	},
10558	+	},
10559	-	"x64": {
10559	+	"x64": {
10560	-	"BeaconType": "8 (HTTPS)",
10560	+	"BeaconType": "8 (HTTPS)",
10561	-	"Port": "443",
10561	+	"Port": "443",
10562	-	"Polling": "60000",
10562	+	"Polling": "60000",
10563	-	"Jitter": "50",
10563	+	"Jitter": "50",
10564	-	"Maxdns": "244",
10564	+	"Maxdns": "244",
10565	-	"C2 Server": "47.104.156.242,/v1/act",
10565	+	"C2 Server": "47.104.156.242,/v1/act",
10566	-	"User Agent": "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/82.0.4068.4 Safari/537.36",
10566	+	"User Agent": "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/82.0.4068.4 Safari/537.36",
10567	-	"HTTP Method Path 2": "/v2/do",
10567	+	"HTTP Method Path 2": "/v2/do",
10568	-	"Header1": "",
10568	+	"Header1": "",
10569	-	"Header2": "",
10569	+	"Header2": "",
10570	-	"PipeName": "",
10570	+	"PipeName": "",
10571	-	"DNS Idle": "\\x08\\x08\\x08\\x08",
10571	+	"DNS Idle": "\\x08\\x08\\x08\\x08",
10572	-	"DNS Sleep": "0",
10572	+	"DNS Sleep": "0",
10573	-	"Method1": "GET",
10573	+	"Method1": "GET",
10574	-	"Method2": "POST",
10574	+	"Method2": "POST",
10575	-	"Spawnto_x86": "%windir%\\syswow64\\WerFault.exe",
10575	+	"Spawnto_x86": "%windir%\\syswow64\\WerFault.exe",
10576	-	"Spawnto_x64": "%windir%\\sysnative\\WerFault.exe",
10576	+	"Spawnto_x64": "%windir%\\sysnative\\WerFault.exe",
10577	-	"Proxy_AccessType": "2 (Use IE settings)"
10577	+	"Proxy_AccessType": "2 (Use IE settings)"
10578	-	}
10578	+	}
10579	-	},
10579	+	},
10580	-	"47.111.134.70": {
10580	+	"47.111.134.70": {
10581	-	"x86": {
10581	+	"x86": {
10582	-	"BeaconType": "8 (HTTPS)",
10582	+	"BeaconType": "8 (HTTPS)",
10583	-	"Port": "443",
10583	+	"Port": "443",
10584	-	"Polling": "59768",
10584	+	"Polling": "59768",
10585	-	"Jitter": "41",
10585	+	"Jitter": "41",
10586	-	"Maxdns": "253",
10586	+	"Maxdns": "253",
10587	-	"C2 Server": "47.111.134.70,/mt",
10587	+	"C2 Server": "47.111.134.70,/mt",
10588	-	"User Agent": "Mozilla/5.0 (iPhone; CPU iPhone OS 12_0 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.0",
10588	+	"User Agent": "Mozilla/5.0 (iPhone; CPU iPhone OS 12_0 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.0",
10589	-	"HTTP Method Path 2": "/language",
10589	+	"HTTP Method Path 2": "/language",
10590	-	"Header1": "",
10590	+	"Header1": "",
10591	-	"Header2": "",
10591	+	"Header2": "",
10592	-	"PipeName": "",
10592	+	"PipeName": "",
10593	-	"DNS Idle": "d \\x8E\\x86",
10593	+	"DNS Idle": "d \\x8E\\x86",
10594	-	"DNS Sleep": "0",
10594	+	"DNS Sleep": "0",
10595	-	"Method1": "GET",
10595	+	"Method1": "GET",
10596	-	"Method2": "POST",
10596	+	"Method2": "POST",
10597	-	"Spawnto_x86": "%windir%\\syswow64\\regsvr32.exe",
10597	+	"Spawnto_x86": "%windir%\\syswow64\\regsvr32.exe",
10598	-	"Spawnto_x64": "%windir%\\sysnative\\regsvr32.exe",
10598	+	"Spawnto_x64": "%windir%\\sysnative\\regsvr32.exe",
10599	-	"Proxy_AccessType": "2 (Use IE settings)"
10599	+	"Proxy_AccessType": "2 (Use IE settings)"
10600	-	},
10600	+	},
10601	-	"x64": {
10601	+	"x64": {
10602	-	"BeaconType": "8 (HTTPS)",
10602	+	"BeaconType": "8 (HTTPS)",
10603	-	"Port": "443",
10603	+	"Port": "443",
10604	-	"Polling": "59768",
10604	+	"Polling": "59768",
10605	-	"Jitter": "41",
10605	+	"Jitter": "41",
10606	-	"Maxdns": "253",
10606	+	"Maxdns": "253",
10607	-	"C2 Server": "47.111.134.70,/eo",
10607	+	"C2 Server": "47.111.134.70,/eo",
10608	-	"User Agent": "Mozilla/5.0 (iPhone; CPU iPhone OS 12_0 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.0",
10608	+	"User Agent": "Mozilla/5.0 (iPhone; CPU iPhone OS 12_0 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.0",
10609	-	"HTTP Method Path 2": "/ny",
10609	+	"HTTP Method Path 2": "/ny",
10610	-	"Header1": "",
10610	+	"Header1": "",
10611	-	"Header2": "",
10611	+	"Header2": "",
10612	-	"PipeName": "",
10612	+	"PipeName": "",
10613	-	"DNS Idle": "d \\x8E\\x86",
10613	+	"DNS Idle": "d \\x8E\\x86",
10614	-	"DNS Sleep": "0",
10614	+	"DNS Sleep": "0",
10615	-	"Method1": "GET",
10615	+	"Method1": "GET",
10616	-	"Method2": "POST",
10616	+	"Method2": "POST",
10617	-	"Spawnto_x86": "%windir%\\syswow64\\regsvr32.exe",
10617	+	"Spawnto_x86": "%windir%\\syswow64\\regsvr32.exe",
10618	-	"Spawnto_x64": "%windir%\\sysnative\\regsvr32.exe",
10618	+	"Spawnto_x64": "%windir%\\sysnative\\regsvr32.exe",
10619	-	"Proxy_AccessType": "2 (Use IE settings)"
10619	+	"Proxy_AccessType": "2 (Use IE settings)"
10620	-	}
10620	+	}
10621	-	},
10621	+	},
10622	-	"47.114.35.225": {
10622	+	"47.114.35.225": {
10623	-	"x86": {
10623	+	"x86": {
10624	-	"BeaconType": "8 (HTTPS)",
10624	+	"BeaconType": "8 (HTTPS)",
10625	-	"Port": "443",
10625	+	"Port": "443",
10626	-	"Polling": "8658",
10626	+	"Polling": "8658",
10627	-	"Jitter": "37",
10627	+	"Jitter": "37",
10628	-	"Maxdns": "243",
10628	+	"Maxdns": "243",
10629	-	"C2 Server": "47.114.35.225,/gv",
10629	+	"C2 Server": "47.114.35.225,/gv",
10630	-	"User Agent": "Mozilla/5.0 (Linux; Android 8.0.0; SM-G960F Build/R16NW) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3202",
10630	+	"User Agent": "Mozilla/5.0 (Linux; Android 8.0.0; SM-G960F Build/R16NW) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3202",
10631	-	"HTTP Method Path 2": "/an",
10631	+	"HTTP Method Path 2": "/an",
10632	-	"Header1": "",
10632	+	"Header1": "",
10633	-	"Header2": "",
10633	+	"Header2": "",
10634	-	"PipeName": "",
10634	+	"PipeName": "",
10635	-	"DNS Idle": "\\xC1\\x19\\xB3p",
10635	+	"DNS Idle": "\\xC1\\x19\\xB3p",
10636	-	"DNS Sleep": "0",
10636	+	"DNS Sleep": "0",
10637	-	"Method1": "GET",
10637	+	"Method1": "GET",
10638	-	"Method2": "POST",
10638	+	"Method2": "POST",
10639	-	"Spawnto_x86": "%windir%\\syswow64\\WUAUCLT.exe",
10639	+	"Spawnto_x86": "%windir%\\syswow64\\WUAUCLT.exe",
10640	-	"Spawnto_x64": "%windir%\\sysnative\\WUAUCLT.exe",
10640	+	"Spawnto_x64": "%windir%\\sysnative\\WUAUCLT.exe",
10641	-	"Proxy_AccessType": "2 (Use IE settings)"
10641	+	"Proxy_AccessType": "2 (Use IE settings)"
10642	-	}
10642	+	}
10643	-	},
10643	+	},
10644	-	"47.242.140.1": {
10644	+	"47.242.140.1": {
10645	-	"x64": {
10645	+	"x64": {
10646	-	"BeaconType": "8 (HTTPS)",
10646	+	"BeaconType": "8 (HTTPS)",
10647	-	"Port": "443",
10647	+	"Port": "443",
10648	-	"Polling": "37500",
10648	+	"Polling": "37500",
10649	-	"Jitter": "33",
10649	+	"Jitter": "33",
10650	-	"Maxdns": "245",
10650	+	"Maxdns": "245",
10651	-	"C2 Server": "36.102.212.68,/modcp,221.236.11.67,/mobile-home,58.218.215.93,/mobile-home,118.123.241.208,/modcp,222.222.88.77,/mobile-home,121.9.212.217,/mt,175.6.235.200,/modcp,118.123.241.208,/mt,121.9.212.217,/modcp,125.37.206.224,/modcp,58.218.215.129,/mobile-home",
10651	+	"C2 Server": "36.102.212.68,/modcp,221.236.11.67,/mobile-home,58.218.215.93,/mobile-home,118.123.241.208,/modcp,222.222.88.77,/mobile-home,121.9.212.217,/mt,175.6.235.200,/modcp,118.123.241.208,/mt,121.9.212.217,/modcp,125.37.206.224,/modcp,58.218.215.129,/mobile-home",
10652	-	"User Agent": "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/587.38 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.36",
10652	+	"User Agent": "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/587.38 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.36",
10653	-	"HTTP Method Path 2": "/Admin",
10653	+	"HTTP Method Path 2": "/Admin",
10654	-	"Header1": "",
10654	+	"Header1": "",
10655	-	"Header2": "",
10655	+	"Header2": "",
10656	-	"PipeName": "",
10656	+	"PipeName": "",
10657	-	"DNS Idle": "rrrr",
10657	+	"DNS Idle": "rrrr",
10658	-	"DNS Sleep": "0",
10658	+	"DNS Sleep": "0",
10659	-	"Method1": "GET",
10659	+	"Method1": "GET",
10660	-	"Method2": "GET",
10660	+	"Method2": "GET",
10661	-	"Spawnto_x86": "%windir%\\syswow64\\gpupdate.exe",
10661	+	"Spawnto_x86": "%windir%\\syswow64\\gpupdate.exe",
10662	-	"Spawnto_x64": "%windir%\\sysnative\\gpupdate.exe",
10662	+	"Spawnto_x64": "%windir%\\sysnative\\gpupdate.exe",
10663	-	"Proxy_AccessType": "2 (Use IE settings)"
10663	+	"Proxy_AccessType": "2 (Use IE settings)"
10664	-	}
10664	+	}
10665	-	},
10665	+	},
10666	-	"47.56.144.122": {
10666	+	"47.56.144.122": {
10667	-	"x86": {
10667	+	"x86": {
10668	-	"BeaconType": "8 (HTTPS)",
10668	+	"BeaconType": "8 (HTTPS)",
10669	-	"Port": "443",
10669	+	"Port": "443",
10670	-	"Polling": "60000",
10670	+	"Polling": "60000",
10671	-	"Jitter": "0",
10671	+	"Jitter": "0",
10672	-	"Maxdns": "255",
10672	+	"Maxdns": "255",
10673	-	"C2 Server": "47.56.144.122,/visit.js",
10673	+	"C2 Server": "47.56.144.122,/visit.js",
10674	-	"User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; NP08; MAAU; NP08)",
10674	+	"User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; NP08; MAAU; NP08)",
10675	-	"HTTP Method Path 2": "/submit.php",
10675	+	"HTTP Method Path 2": "/submit.php",
10676	-	"Header1": "",
10676	+	"Header1": "",
10677	-	"Header2": "",
10677	+	"Header2": "",
10678	-	"PipeName": "",
10678	+	"PipeName": "",
10679	-	"DNS Idle": "\\x00\\x00\\x00\\x00",
10679	+	"DNS Idle": "\\x00\\x00\\x00\\x00",
10680	-	"DNS Sleep": "0",
10680	+	"DNS Sleep": "0",
10681	-	"Method1": "GET",
10681	+	"Method1": "GET",
10682	-	"Method2": "POST",
10682	+	"Method2": "POST",
10683	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
10683	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
10684	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
10684	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
10685	-	"Proxy_AccessType": "2 (Use IE settings)"
10685	+	"Proxy_AccessType": "2 (Use IE settings)"
10686	-	},
10686	+	},
10687	-	"x64": {
10687	+	"x64": {
10688	-	"BeaconType": "8 (HTTPS)",
10688	+	"BeaconType": "8 (HTTPS)",
10689	-	"Port": "443",
10689	+	"Port": "443",
10690	-	"Polling": "60000",
10690	+	"Polling": "60000",
10691	-	"Jitter": "0",
10691	+	"Jitter": "0",
10692	-	"Maxdns": "255",
10692	+	"Maxdns": "255",
10693	-	"C2 Server": "47.56.144.122,/updates.rss",
10693	+	"C2 Server": "47.56.144.122,/updates.rss",
10694	-	"User Agent": "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; WOW64; Trident/6.0; ASU2JS)",
10694	+	"User Agent": "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; WOW64; Trident/6.0; ASU2JS)",
10695	-	"HTTP Method Path 2": "/submit.php",
10695	+	"HTTP Method Path 2": "/submit.php",
10696	-	"Header1": "",
10696	+	"Header1": "",
10697	-	"Header2": "",
10697	+	"Header2": "",
10698	-	"PipeName": "",
10698	+	"PipeName": "",
10699	-	"DNS Idle": "\\x00\\x00\\x00\\x00",
10699	+	"DNS Idle": "\\x00\\x00\\x00\\x00",
10700	-	"DNS Sleep": "0",
10700	+	"DNS Sleep": "0",
10701	-	"Method1": "GET",
10701	+	"Method1": "GET",
10702	-	"Method2": "POST",
10702	+	"Method2": "POST",
10703	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
10703	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
10704	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
10704	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
10705	-	"Proxy_AccessType": "2 (Use IE settings)"
10705	+	"Proxy_AccessType": "2 (Use IE settings)"
10706	-	}
10706	+	}
10707	-	},
10707	+	},
10708	-	"47.95.37.84": {
10708	+	"47.95.37.84": {
10709	-	"x86": {
10709	+	"x86": {
10710	-	"BeaconType": "8 (HTTPS)",
10710	+	"BeaconType": "8 (HTTPS)",
10711	-	"Port": "443",
10711	+	"Port": "443",
10712	-	"Polling": "5000",
10712	+	"Polling": "5000",
10713	-	"Jitter": "50",
10713	+	"Jitter": "50",
10714	-	"Maxdns": "255",
10714	+	"Maxdns": "255",
10715	-	"C2 Server": "47.95.37.84,/jquery-3.3.1.min.js",
10715	+	"C2 Server": "47.95.37.84,/jquery-3.3.1.min.js",
10716	-	"User Agent": "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) WebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36",
10716	+	"User Agent": "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) WebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36",
10717	-	"HTTP Method Path 2": "/jquery-3.3.2.min.js",
10717	+	"HTTP Method Path 2": "/jquery-3.3.2.min.js",
10718	-	"Header1": "",
10718	+	"Header1": "",
10719	-	"Header2": "",
10719	+	"Header2": "",
10720	-	"PipeName": "",
10720	+	"PipeName": "",
10721	-	"DNS Idle": "\\x00\\x00\\x00\\x00",
10721	+	"DNS Idle": "\\x00\\x00\\x00\\x00",
10722	-	"DNS Sleep": "0",
10722	+	"DNS Sleep": "0",
10723	-	"Method1": "GET",
10723	+	"Method1": "GET",
10724	-	"Method2": "POST",
10724	+	"Method2": "POST",
10725	-	"Spawnto_x86": "%windir%\\syswow64\\notepad.exe",
10725	+	"Spawnto_x86": "%windir%\\syswow64\\notepad.exe",
10726	-	"Spawnto_x64": "%windir%\\sysnative\\notepad.exe",
10726	+	"Spawnto_x64": "%windir%\\sysnative\\notepad.exe",
10727	-	"Proxy_AccessType": "2 (Use IE settings)"
10727	+	"Proxy_AccessType": "2 (Use IE settings)"
10728	-	}
10728	+	}
10729	-	},
10729	+	},
10730	-	"47.97.65.242": {
10730	+	"47.97.65.242": {
10731	-	"x86": {
10731	+	"x86": {
10732	-	"BeaconType": "8 (HTTPS)",
10732	+	"BeaconType": "8 (HTTPS)",
10733	-	"Port": "443",
10733	+	"Port": "443",
10734	-	"Polling": "60000",
10734	+	"Polling": "60000",
10735	-	"Jitter": "0",
10735	+	"Jitter": "0",
10736	-	"Maxdns": "255",
10736	+	"Maxdns": "255",
10737	-	"C2 Server": "47.97.65.242,/ptj",
10737	+	"C2 Server": "47.97.65.242,/ptj",
10738	-	"User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; BOIE9;ENUS)",
10738	+	"User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; BOIE9;ENUS)",
10739	-	"HTTP Method Path 2": "/submit.php",
10739	+	"HTTP Method Path 2": "/submit.php",
10740	-	"Header1": "",
10740	+	"Header1": "",
10741	-	"Header2": "",
10741	+	"Header2": "",
10742	-	"PipeName": "",
10742	+	"PipeName": "",
10743	-	"DNS Idle": "\\x00\\x00\\x00\\x00",
10743	+	"DNS Idle": "\\x00\\x00\\x00\\x00",
10744	-	"DNS Sleep": "0",
10744	+	"DNS Sleep": "0",
10745	-	"Method1": "GET",
10745	+	"Method1": "GET",
10746	-	"Method2": "POST",
10746	+	"Method2": "POST",
10747	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
10747	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
10748	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
10748	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
10749	-	"Proxy_AccessType": "2 (Use IE settings)"
10749	+	"Proxy_AccessType": "2 (Use IE settings)"
10750	-	},
10750	+	},
10751	-	"x64": {
10751	+	"x64": {
10752	-	"BeaconType": "8 (HTTPS)",
10752	+	"BeaconType": "8 (HTTPS)",
10753	-	"Port": "443",
10753	+	"Port": "443",
10754	-	"Polling": "60000",
10754	+	"Polling": "60000",
10755	-	"Jitter": "0",
10755	+	"Jitter": "0",
10756	-	"Maxdns": "255",
10756	+	"Maxdns": "255",
10757	-	"C2 Server": "47.97.65.242,/ca",
10757	+	"C2 Server": "47.97.65.242,/ca",
10758	-	"User Agent": "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0)",
10758	+	"User Agent": "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0)",
10759	-	"HTTP Method Path 2": "/submit.php",
10759	+	"HTTP Method Path 2": "/submit.php",
10760	-	"Header1": "",
10760	+	"Header1": "",
10761	-	"Header2": "",
10761	+	"Header2": "",
10762	-	"PipeName": "",
10762	+	"PipeName": "",
10763	-	"DNS Idle": "\\x00\\x00\\x00\\x00",
10763	+	"DNS Idle": "\\x00\\x00\\x00\\x00",
10764	-	"DNS Sleep": "0",
10764	+	"DNS Sleep": "0",
10765	-	"Method1": "GET",
10765	+	"Method1": "GET",
10766	-	"Method2": "POST",
10766	+	"Method2": "POST",
10767	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
10767	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
10768	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
10768	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
10769	-	"Proxy_AccessType": "2 (Use IE settings)"
10769	+	"Proxy_AccessType": "2 (Use IE settings)"
10770	-	}
10770	+	}
10771	-	},
10771	+	},
10772	-	"50.116.12.237": {
10772	+	"50.116.12.237": {
10773	-	"x86": {
10773	+	"x86": {
10774	-	"BeaconType": "8 (HTTPS)",
10774	+	"BeaconType": "8 (HTTPS)",
10775	-	"Port": "443",
10775	+	"Port": "443",
10776	-	"Polling": "80000",
10776	+	"Polling": "80000",
10777	-	"Jitter": "32",
10777	+	"Jitter": "32",
10778	-	"Maxdns": "252",
10778	+	"Maxdns": "252",
10779	-	"C2 Server": "fonts.stata.buzz,/common/template/tabLib.php,cache.stata.buzz,/searchbox/res.php,static.stata.buzz,/worldindex/wp-includes/new.php",
10779	+	"C2 Server": "fonts.stata.buzz,/common/template/tabLib.php,cache.stata.buzz,/searchbox/res.php,static.stata.buzz,/worldindex/wp-includes/new.php",
10780	-	"User Agent": "Mozilla/5.0 (Windows; U; MSIE 8.1; Windows NT 5.2) Firefox/68.0",
10780	+	"User Agent": "Mozilla/5.0 (Windows; U; MSIE 8.1; Windows NT 5.2) Firefox/68.0",
10781	-	"HTTP Method Path 2": "/modules/recaptcha.php",
10781	+	"HTTP Method Path 2": "/modules/recaptcha.php",
10782	-	"Header1": "",
10782	+	"Header1": "",
10783	-	"Header2": "",
10783	+	"Header2": "",
10784	-	"PipeName": "",
10784	+	"PipeName": "",
10785	-	"DNS Idle": "\\x00\\x00\\x00\\x00",
10785	+	"DNS Idle": "\\x00\\x00\\x00\\x00",
10786	-	"DNS Sleep": "0",
10786	+	"DNS Sleep": "0",
10787	-	"Method1": "GET",
10787	+	"Method1": "GET",
10788	-	"Method2": "POST",
10788	+	"Method2": "POST",
10789	-	"Spawnto_x86": "%windir%\\syswow64\\dllhost.exe",
10789	+	"Spawnto_x86": "%windir%\\syswow64\\dllhost.exe",
10790	-	"Spawnto_x64": "%windir%\\sysnative\\dllhost.exe",
10790	+	"Spawnto_x64": "%windir%\\sysnative\\dllhost.exe",
10791	-	"Proxy_AccessType": "2 (Use IE settings)"
10791	+	"Proxy_AccessType": "2 (Use IE settings)"
10792	-	}
10792	+	}
10793	-	},
10793	+	},
10794	-	"51.178.83.41": {
10794	+	"51.178.83.41": {
10795	-	"x86": {
10795	+	"x86": {
10796	-	"BeaconType": "8 (HTTPS)",
10796	+	"BeaconType": "8 (HTTPS)",
10797	-	"Port": "443",
10797	+	"Port": "443",
10798	-	"Polling": "5000",
10798	+	"Polling": "5000",
10799	-	"Jitter": "0",
10799	+	"Jitter": "0",
10800	-	"Maxdns": "255",
10800	+	"Maxdns": "255",
10801	-	"C2 Server": "top.jimwilkens.com,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books",
10801	+	"C2 Server": "top.jimwilkens.com,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books",
10802	-	"User Agent": "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko",
10802	+	"User Agent": "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko",
10803	-	"HTTP Method Path 2": "/N4215/adj/amzn.us.sr.aps",
10803	+	"HTTP Method Path 2": "/N4215/adj/amzn.us.sr.aps",
10804	-	"Header1": "",
10804	+	"Header1": "",
10805	-	"Header2": "",
10805	+	"Header2": "",
10806	-	"PipeName": "",
10806	+	"PipeName": "",
10807	-	"DNS Idle": "\\x00\\x00\\x00\\x00",
10807	+	"DNS Idle": "\\x00\\x00\\x00\\x00",
10808	-	"DNS Sleep": "0",
10808	+	"DNS Sleep": "0",
10809	-	"Method1": "GET",
10809	+	"Method1": "GET",
10810	-	"Method2": "POST",
10810	+	"Method2": "POST",
10811	-	"Spawnto_x86": "%windir%\\syswow64\\mstsc.exe",
10811	+	"Spawnto_x86": "%windir%\\syswow64\\mstsc.exe",
10812	-	"Spawnto_x64": "%windir%\\sysnative\\mstsc.exe",
10812	+	"Spawnto_x64": "%windir%\\sysnative\\mstsc.exe",
10813	-	"Proxy_AccessType": "2 (Use IE settings)"
10813	+	"Proxy_AccessType": "2 (Use IE settings)"
10814	-	},
10814	+	},
10815	-	"x64": {
10815	+	"x64": {
10816	-	"BeaconType": "8 (HTTPS)",
10816	+	"BeaconType": "8 (HTTPS)",
10817	-	"Port": "443",
10817	+	"Port": "443",
10818	-	"Polling": "5000",
10818	+	"Polling": "5000",
10819	-	"Jitter": "0",
10819	+	"Jitter": "0",
10820	-	"Maxdns": "255",
10820	+	"Maxdns": "255",
10821	-	"C2 Server": "top.jimwilkens.com,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books",
10821	+	"C2 Server": "top.jimwilkens.com,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books",
10822	-	"User Agent": "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko",
10822	+	"User Agent": "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko",
10823	-	"HTTP Method Path 2": "/N4215/adj/amzn.us.sr.aps",
10823	+	"HTTP Method Path 2": "/N4215/adj/amzn.us.sr.aps",
10824	-	"Header1": "",
10824	+	"Header1": "",
10825	-	"Header2": "",
10825	+	"Header2": "",
10826	-	"PipeName": "",
10826	+	"PipeName": "",
10827	-	"DNS Idle": "\\x00\\x00\\x00\\x00",
10827	+	"DNS Idle": "\\x00\\x00\\x00\\x00",
10828	-	"DNS Sleep": "0",
10828	+	"DNS Sleep": "0",
10829	-	"Method1": "GET",
10829	+	"Method1": "GET",
10830	-	"Method2": "POST",
10830	+	"Method2": "POST",
10831	-	"Spawnto_x86": "%windir%\\syswow64\\mstsc.exe",
10831	+	"Spawnto_x86": "%windir%\\syswow64\\mstsc.exe",
10832	-	"Spawnto_x64": "%windir%\\sysnative\\mstsc.exe",
10832	+	"Spawnto_x64": "%windir%\\sysnative\\mstsc.exe",
10833	-	"Proxy_AccessType": "2 (Use IE settings)"
10833	+	"Proxy_AccessType": "2 (Use IE settings)"
10834	-	}
10834	+	}
10835	-	},
10835	+	},
10836	-	"51.195.35.0": {
10836	+	"51.195.35.0": {
10837	-	"x86": {
10837	+	"x86": {
10838	-	"BeaconType": "8 (HTTPS)",
10838	+	"BeaconType": "8 (HTTPS)",
10839	-	"Port": "443",
10839	+	"Port": "443",
10840	-	"Polling": "60000",
10840	+	"Polling": "60000",
10841	-	"Jitter": "0",
10841	+	"Jitter": "0",
10842	-	"Maxdns": "255",
10842	+	"Maxdns": "255",
10843	-	"C2 Server": "51.195.35.0,/ca",
10843	+	"C2 Server": "51.195.35.0,/ca",
10844	-	"User Agent": "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727)",
10844	+	"User Agent": "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727)",
10845	-	"HTTP Method Path 2": "/submit.php",
10845	+	"HTTP Method Path 2": "/submit.php",
10846	-	"Header1": "",
10846	+	"Header1": "",
10847	-	"Header2": "",
10847	+	"Header2": "",
10848	-	"PipeName": "",
10848	+	"PipeName": "",
10849	-	"DNS Idle": "\\x00\\x00\\x00\\x00",
10849	+	"DNS Idle": "\\x00\\x00\\x00\\x00",
10850	-	"DNS Sleep": "0",
10850	+	"DNS Sleep": "0",
10851	-	"Method1": "GET",
10851	+	"Method1": "GET",
10852	-	"Method2": "POST",
10852	+	"Method2": "POST",
10853	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
10853	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
10854	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
10854	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
10855	-	"Proxy_AccessType": "2 (Use IE settings)"
10855	+	"Proxy_AccessType": "2 (Use IE settings)"
10856	-	}
10856	+	}
10857	-	},
10857	+	},
10858	-	"51.210.138.71": {
10858	+	"51.210.138.71": {
10859	-	"x86": {
10859	+	"x86": {
10860	-	"BeaconType": "8 (HTTPS)",
10860	+	"BeaconType": "8 (HTTPS)",
10861	-	"Port": "443",
10861	+	"Port": "443",
10862	-	"Polling": "60000",
10862	+	"Polling": "60000",
10863	-	"Jitter": "0",
10863	+	"Jitter": "0",
10864	-	"Maxdns": "255",
10864	+	"Maxdns": "255",
10865	-	"C2 Server": "51.210.138.71,/__utm.gif",
10865	+	"C2 Server": "51.210.138.71,/__utm.gif",
10866	-	"User Agent": "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)",
10866	+	"User Agent": "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)",
10867	-	"HTTP Method Path 2": "/___utm.gif",
10867	+	"HTTP Method Path 2": "/___utm.gif",
10868	-	"Header1": "",
10868	+	"Header1": "",
10869	-	"Header2": "",
10869	+	"Header2": "",
10870	-	"PipeName": "",
10870	+	"PipeName": "",
10871	-	"DNS Idle": "\\x00\\x00\\x00\\x00",
10871	+	"DNS Idle": "\\x00\\x00\\x00\\x00",
10872	-	"DNS Sleep": "0",
10872	+	"DNS Sleep": "0",
10873	-	"Method1": "GET",
10873	+	"Method1": "GET",
10874	-	"Method2": "POST",
10874	+	"Method2": "POST",
10875	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
10875	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
10876	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
10876	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
10877	-	"Proxy_AccessType": "2 (Use IE settings)"
10877	+	"Proxy_AccessType": "2 (Use IE settings)"
10878	-	},
10878	+	},
10879	-	"x64": {
10879	+	"x64": {
10880	-	"BeaconType": "8 (HTTPS)",
10880	+	"BeaconType": "8 (HTTPS)",
10881	-	"Port": "443",
10881	+	"Port": "443",
10882	-	"Polling": "60000",
10882	+	"Polling": "60000",
10883	-	"Jitter": "0",
10883	+	"Jitter": "0",
10884	-	"Maxdns": "255",
10884	+	"Maxdns": "255",
10885	-	"C2 Server": "51.210.138.71,/__utm.gif",
10885	+	"C2 Server": "51.210.138.71,/__utm.gif",
10886	-	"User Agent": "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; InfoPath.2; .NET CLR 2.0.50727)",
10886	+	"User Agent": "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; InfoPath.2; .NET CLR 2.0.50727)",
10887	-	"HTTP Method Path 2": "/___utm.gif",
10887	+	"HTTP Method Path 2": "/___utm.gif",
10888	-	"Header1": "",
10888	+	"Header1": "",
10889	-	"Header2": "",
10889	+	"Header2": "",
10890	-	"PipeName": "",
10890	+	"PipeName": "",
10891	-	"DNS Idle": "\\x00\\x00\\x00\\x00",
10891	+	"DNS Idle": "\\x00\\x00\\x00\\x00",
10892	-	"DNS Sleep": "0",
10892	+	"DNS Sleep": "0",
10893	-	"Method1": "GET",
10893	+	"Method1": "GET",
10894	-	"Method2": "POST",
10894	+	"Method2": "POST",
10895	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
10895	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
10896	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
10896	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
10897	-	"Proxy_AccessType": "2 (Use IE settings)"
10897	+	"Proxy_AccessType": "2 (Use IE settings)"
10898	-	}
10898	+	}
10899	-	},
10899	+	},
10900	-	"51.210.41.37": {
10900	+	"51.210.41.37": {
10901	-	"x86": {
10901	+	"x86": {
10902	-	"BeaconType": "8 (HTTPS)",
10902	+	"BeaconType": "8 (HTTPS)",
10903	-	"Port": "443",
10903	+	"Port": "443",
10904	-	"Polling": "5000",
10904	+	"Polling": "5000",
10905	-	"Jitter": "37",
10905	+	"Jitter": "37",
10906	-	"C2 Server": "www.phpbasic.net,/scs/mail-static/js/",
10906	+	"C2 Server": "www.phpbasic.net,/scs/mail-static/js/",
10907	-	"HTTP Method Path 2": "/mail/u/_/1/",
10907	+	"HTTP Method Path 2": "/mail/u/_/1/",
10908	-	"Method1": "GET",
10908	+	"Method1": "GET",
10909	-	"Method2": "POST",
10909	+	"Method2": "POST",
10910	-	"Spawnto_x86": "%windir%\\syswow64\\dllhost.exe",
10910	+	"Spawnto_x86": "%windir%\\syswow64\\dllhost.exe",
10911	-	"Spawnto_x64": "%windir%\\sysnative\\dllhost.exe",
10911	+	"Spawnto_x64": "%windir%\\sysnative\\dllhost.exe",
10912	-	"Proxy_AccessType": "2 (Use IE settings)"
10912	+	"Proxy_AccessType": "2 (Use IE settings)"
10913	-	}
10913	+	}
10914	-	},
10914	+	},
10915	-	"5.149.254.28": {
10915	+	"5.149.254.28": {
10916	-	"x86": {
10916	+	"x86": {
10917	-	"BeaconType": "8 (HTTPS)",
10917	+	"BeaconType": "8 (HTTPS)",
10918	-	"Port": "443",
10918	+	"Port": "443",
10919	-	"Polling": "60000",
10919	+	"Polling": "60000",
10920	-	"Jitter": "0",
10920	+	"Jitter": "0",
10921	-	"C2 Server": "5.149.254.28,/__utm.gif",
10921	+	"C2 Server": "5.149.254.28,/__utm.gif",
10922	-	"HTTP Method Path 2": "/submit.php",
10922	+	"HTTP Method Path 2": "/submit.php",
10923	-	"Method1": "GET",
10923	+	"Method1": "GET",
10924	-	"Method2": "POST",
10924	+	"Method2": "POST",
10925	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
10925	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
10926	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
10926	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
10927	-	"Proxy_AccessType": "2 (Use IE settings)"
10927	+	"Proxy_AccessType": "2 (Use IE settings)"
10928	-	}
10928	+	}
10929	-	},
10929	+	},
10930	-	"51.75.255.58": {
10930	+	"51.75.255.58": {
10931	-	"x64": {
10931	+	"x64": {
10932	-	"BeaconType": "8 (HTTPS)",
10932	+	"BeaconType": "8 (HTTPS)",
10933	-	"Port": "443",
10933	+	"Port": "443",
10934	-	"Polling": "5000",
10934	+	"Polling": "5000",
10935	-	"Jitter": "37",
10935	+	"Jitter": "37",
10936	-	"C2 Server": "51.75.255.58,/scs/mail-static/js/",
10936	+	"C2 Server": "51.75.255.58,/scs/mail-static/js/",
10937	-	"HTTP Method Path 2": "/mail/u/_/1/",
10937	+	"HTTP Method Path 2": "/mail/u/_/1/",
10938	-	"Method1": "GET",
10938	+	"Method1": "GET",
10939	-	"Method2": "POST",
10939	+	"Method2": "POST",
10940	-	"Spawnto_x86": "%windir%\\syswow64\\dllhost.exe",
10940	+	"Spawnto_x86": "%windir%\\syswow64\\dllhost.exe",
10941	-	"Spawnto_x64": "%windir%\\sysnative\\dllhost.exe",
10941	+	"Spawnto_x64": "%windir%\\sysnative\\dllhost.exe",
10942	-	"Proxy_AccessType": "2 (Use IE settings)"
10942	+	"Proxy_AccessType": "2 (Use IE settings)"
10943	-	}
10943	+	}
10944	-	},
10944	+	},
10945	-	"51.81.140.156": {
10945	+	"51.81.140.156": {
10946	-	"x86": {
10946	+	"x86": {
10947	-	"BeaconType": "8 (HTTPS)",
10947	+	"BeaconType": "8 (HTTPS)",
10948	-	"Port": "443",
10948	+	"Port": "443",
10949	-	"Polling": "60733",
10949	+	"Polling": "60733",
10950	-	"Jitter": "43",
10950	+	"Jitter": "43",
10951	-	"Maxdns": "249",
10951	+	"Maxdns": "249",
10952	-	"C2 Server": "51.81.140.156,/rn.js",
10952	+	"C2 Server": "51.81.140.156,/rn.js",
10953	-	"User Agent": "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/47.0.2526.111 Safari/537.36",
10953	+	"User Agent": "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/47.0.2526.111 Safari/537.36",
10954	-	"HTTP Method Path 2": "/mobile-home",
10954	+	"HTTP Method Path 2": "/mobile-home",
10955	-	"Header1": "",
10955	+	"Header1": "",
10956	-	"Header2": "",
10956	+	"Header2": "",
10957	-	"PipeName": "",
10957	+	"PipeName": "",
10958	-	"DNS Idle": "\\x86\\x9F:\\xF9",
10958	+	"DNS Idle": "\\x86\\x9F:\\xF9",
10959	-	"DNS Sleep": "0",
10959	+	"DNS Sleep": "0",
10960	-	"Method1": "GET",
10960	+	"Method1": "GET",
10961	-	"Method2": "POST",
10961	+	"Method2": "POST",
10962	-	"Spawnto_x86": "%windir%\\syswow64\\regsvr32.exe",
10962	+	"Spawnto_x86": "%windir%\\syswow64\\regsvr32.exe",
10963	-	"Spawnto_x64": "%windir%\\sysnative\\regsvr32.exe",
10963	+	"Spawnto_x64": "%windir%\\sysnative\\regsvr32.exe",
10964	-	"Proxy_AccessType": "2 (Use IE settings)"
10964	+	"Proxy_AccessType": "2 (Use IE settings)"
10965	-	}
10965	+	}
10966	-	},
10966	+	},
10967	-	"5.181.156.49": {
10967	+	"5.181.156.49": {
10968	-	"x86": {
10968	+	"x86": {
10969	-	"BeaconType": "8 (HTTPS)",
10969	+	"BeaconType": "8 (HTTPS)",
10970	-	"Port": "443",
10970	+	"Port": "443",
10971	-	"Polling": "60000",
10971	+	"Polling": "60000",
10972	-	"Jitter": "37",
10972	+	"Jitter": "37",
10973	-	"Maxdns": "255",
10973	+	"Maxdns": "255",
10974	-	"C2 Server": "5.181.156.49,/jquery-3.3.1.min.js",
10974	+	"C2 Server": "5.181.156.49,/jquery-3.3.1.min.js",
10975	-	"User Agent": "Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko",
10975	+	"User Agent": "Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko",
10976	-	"HTTP Method Path 2": "/jquery-3.3.2.min.js",
10976	+	"HTTP Method Path 2": "/jquery-3.3.2.min.js",
10977	-	"Header1": "",
10977	+	"Header1": "",
10978	-	"Header2": "",
10978	+	"Header2": "",
10979	-	"PipeName": "",
10979	+	"PipeName": "",
10980	-	"DNS Idle": "J}\\xC4q",
10980	+	"DNS Idle": "J}\\xC4q",
10981	-	"DNS Sleep": "0",
10981	+	"DNS Sleep": "0",
10982	-	"Method1": "GET",
10982	+	"Method1": "GET",
10983	-	"Method2": "POST",
10983	+	"Method2": "POST",
10984	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
10984	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
10985	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
10985	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
10986	-	"Proxy_AccessType": "2 (Use IE settings)"
10986	+	"Proxy_AccessType": "2 (Use IE settings)"
10987	-	},
10987	+	},
10988	-	"x64": {
10988	+	"x64": {
10989	-	"BeaconType": "8 (HTTPS)",
10989	+	"BeaconType": "8 (HTTPS)",
10990	-	"Port": "443",
10990	+	"Port": "443",
10991	-	"Polling": "60000",
10991	+	"Polling": "60000",
10992	-	"Jitter": "37",
10992	+	"Jitter": "37",
10993	-	"Maxdns": "255",
10993	+	"Maxdns": "255",
10994	-	"C2 Server": "5.181.156.49,/jquery-3.3.1.min.js",
10994	+	"C2 Server": "5.181.156.49,/jquery-3.3.1.min.js",
10995	-	"User Agent": "Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko",
10995	+	"User Agent": "Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko",
10996	-	"HTTP Method Path 2": "/jquery-3.3.2.min.js",
10996	+	"HTTP Method Path 2": "/jquery-3.3.2.min.js",
10997	-	"Header1": "",
10997	+	"Header1": "",
10998	-	"Header2": "",
10998	+	"Header2": "",
10999	-	"PipeName": "",
10999	+	"PipeName": "",
11000	-	"DNS Idle": "J}\\xC4q",
11000	+	"DNS Idle": "J}\\xC4q",
11001	-	"DNS Sleep": "0",
11001	+	"DNS Sleep": "0",
11002	-	"Method1": "GET",
11002	+	"Method1": "GET",
11003	-	"Method2": "POST",
11003	+	"Method2": "POST",
11004	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
11004	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
11005	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
11005	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
11006	-	"Proxy_AccessType": "2 (Use IE settings)"
11006	+	"Proxy_AccessType": "2 (Use IE settings)"
11007	-	}
11007	+	}
11008	-	},
11008	+	},
11009	-	"51.83.180.153": {
11009	+	"51.83.180.153": {
11010	-	"x86": {
11010	+	"x86": {
11011	-	"BeaconType": "8 (HTTPS)",
11011	+	"BeaconType": "8 (HTTPS)",
11012	-	"Port": "443",
11012	+	"Port": "443",
11013	-	"Polling": "60000",
11013	+	"Polling": "60000",
11014	-	"Jitter": "0",
11014	+	"Jitter": "0",
11015	-	"Maxdns": "255",
11015	+	"Maxdns": "255",
11016	-	"C2 Server": "updatesourcehealth.com,/dot.gif",
11016	+	"C2 Server": "updatesourcehealth.com,/dot.gif",
11017	-	"User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)",
11017	+	"User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)",
11018	-	"HTTP Method Path 2": "/submit.php",
11018	+	"HTTP Method Path 2": "/submit.php",
11019	-	"Header1": "",
11019	+	"Header1": "",
11020	-	"Header2": "",
11020	+	"Header2": "",
11021	-	"PipeName": "",
11021	+	"PipeName": "",
11022	-	"DNS Idle": "\\x00\\x00\\x00\\x00",
11022	+	"DNS Idle": "\\x00\\x00\\x00\\x00",
11023	-	"DNS Sleep": "0",
11023	+	"DNS Sleep": "0",
11024	-	"Method1": "GET",
11024	+	"Method1": "GET",
11025	-	"Method2": "POST",
11025	+	"Method2": "POST",
11026	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
11026	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
11027	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
11027	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
11028	-	"Proxy_AccessType": "2 (Use IE settings)"
11028	+	"Proxy_AccessType": "2 (Use IE settings)"
11029	-	},
11029	+	},
11030	-	"x64": {
11030	+	"x64": {
11031	-	"BeaconType": "8 (HTTPS)",
11031	+	"BeaconType": "8 (HTTPS)",
11032	-	"Port": "443",
11032	+	"Port": "443",
11033	-	"Polling": "60000",
11033	+	"Polling": "60000",
11034	-	"Jitter": "0",
11034	+	"Jitter": "0",
11035	-	"Maxdns": "255",
11035	+	"Maxdns": "255",
11036	-	"C2 Server": "updatesourcehealth.com,/g.pixel",
11036	+	"C2 Server": "updatesourcehealth.com,/g.pixel",
11037	-	"User Agent": "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)",
11037	+	"User Agent": "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)",
11038	-	"HTTP Method Path 2": "/submit.php",
11038	+	"HTTP Method Path 2": "/submit.php",
11039	-	"Header1": "",
11039	+	"Header1": "",
11040	-	"Header2": "",
11040	+	"Header2": "",
11041	-	"PipeName": "",
11041	+	"PipeName": "",
11042	-	"DNS Idle": "\\x00\\x00\\x00\\x00",
11042	+	"DNS Idle": "\\x00\\x00\\x00\\x00",
11043	-	"DNS Sleep": "0",
11043	+	"DNS Sleep": "0",
11044	-	"Method1": "GET",
11044	+	"Method1": "GET",
11045	-	"Method2": "POST",
11045	+	"Method2": "POST",
11046	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
11046	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
11047	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
11047	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
11048	-	"Proxy_AccessType": "2 (Use IE settings)"
11048	+	"Proxy_AccessType": "2 (Use IE settings)"
11049	-	}
11049	+	}
11050	-	},
11050	+	},
11051	-	"5.189.184.60": {
11051	+	"5.189.184.60": {
11052	-	"x64": {
11052	+	"x64": {
11053	-	"BeaconType": "8 (HTTPS)",
11053	+	"BeaconType": "8 (HTTPS)",
11054	-	"Port": "443",
11054	+	"Port": "443",
11055	-	"Polling": "57697",
11055	+	"Polling": "57697",
11056	-	"Jitter": "39",
11056	+	"Jitter": "39",
11057	-	"Maxdns": "244",
11057	+	"Maxdns": "244",
11058	-	"C2 Server": "5.189.184.60,/fam_newspaper.css",
11058	+	"C2 Server": "5.189.184.60,/fam_newspaper.css",
11059	-	"User Agent": "Mozilla/5.0 (Linux; Android 7.0; Pixel C Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0",
11059	+	"User Agent": "Mozilla/5.0 (Linux; Android 7.0; Pixel C Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0",
11060	-	"HTTP Method Path 2": "/default",
11060	+	"HTTP Method Path 2": "/default",
11061	-	"Header1": "",
11061	+	"Header1": "",
11062	-	"Header2": "",
11062	+	"Header2": "",
11063	-	"PipeName": "",
11063	+	"PipeName": "",
11064	-	"DNS Idle": "(\\x91zb",
11064	+	"DNS Idle": "(\\x91zb",
11065	-	"DNS Sleep": "0",
11065	+	"DNS Sleep": "0",
11066	-	"Method1": "GET",
11066	+	"Method1": "GET",
11067	-	"Method2": "POST",
11067	+	"Method2": "POST",
11068	-	"Spawnto_x86": "%windir%\\syswow64\\regsvr32.exe",
11068	+	"Spawnto_x86": "%windir%\\syswow64\\regsvr32.exe",
11069	-	"Spawnto_x64": "%windir%\\sysnative\\regsvr32.exe",
11069	+	"Spawnto_x64": "%windir%\\sysnative\\regsvr32.exe",
11070	-	"Proxy_AccessType": "2 (Use IE settings)"
11070	+	"Proxy_AccessType": "2 (Use IE settings)"
11071	-	}
11071	+	}
11072	-	},
11072	+	},
11073	-	"51.91.123.189": {
11073	+	"51.91.123.189": {
11074	-	"x86": {
11074	+	"x86": {
11075	-	"BeaconType": "8 (HTTPS)",
11075	+	"BeaconType": "8 (HTTPS)",
11076	-	"Port": "443",
11076	+	"Port": "443",
11077	-	"Polling": "5000",
11077	+	"Polling": "5000",
11078	-	"Jitter": "37",
11078	+	"Jitter": "37",
11079	-	"C2 Server": "CLIENT.ELISEA-MUTUELLE.fr,/jquery-3.3.1.min.js",
11079	+	"C2 Server": "CLIENT.ELISEA-MUTUELLE.fr,/jquery-3.3.1.min.js",
11080	-	"HTTP Method Path 2": "/jquery-3.3.2.min.js",
11080	+	"HTTP Method Path 2": "/jquery-3.3.2.min.js",
11081	-	"Method1": "GET",
11081	+	"Method1": "GET",
11082	-	"Method2": "POST",
11082	+	"Method2": "POST",
11083	-	"Spawnto_x86": "%windir%\\syswow64\\WerFault.exe -u -p 223",
11083	+	"Spawnto_x86": "%windir%\\syswow64\\WerFault.exe -u -p 223",
11084	-	"Spawnto_x64": "%windir%\\sysnative\\WerFault.exe -u -p 223",
11084	+	"Spawnto_x64": "%windir%\\sysnative\\WerFault.exe -u -p 223",
11085	-	"Proxy_AccessType": "2 (Use IE settings)"
11085	+	"Proxy_AccessType": "2 (Use IE settings)"
11086	-	}
11086	+	}
11087	-	},
11087	+	},
11088	-	"5.196.114.192": {
11088	+	"5.196.114.192": {
11089	-	"x86": {
11089	+	"x86": {
11090	-	"BeaconType": "8 (HTTPS)",
11090	+	"BeaconType": "8 (HTTPS)",
11091	-	"Port": "443",
11091	+	"Port": "443",
11092	-	"Polling": "60000",
11092	+	"Polling": "60000",
11093	-	"Jitter": "0",
11093	+	"Jitter": "0",
11094	-	"Maxdns": "255",
11094	+	"Maxdns": "255",
11095	-	"C2 Server": "amazoning.sytes.net,/dpixel",
11095	+	"C2 Server": "amazoning.sytes.net,/dpixel",
11096	-	"User Agent": "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; Win64; x64; Trident/6.0; ASU2JS)",
11096	+	"User Agent": "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; Win64; x64; Trident/6.0; ASU2JS)",
11097	-	"HTTP Method Path 2": "/submit.php",
11097	+	"HTTP Method Path 2": "/submit.php",
11098	-	"Header1": "",
11098	+	"Header1": "",
11099	-	"Header2": "",
11099	+	"Header2": "",
11100	-	"PipeName": "",
11100	+	"PipeName": "",
11101	-	"DNS Idle": "\\x00\\x00\\x00\\x00",
11101	+	"DNS Idle": "\\x00\\x00\\x00\\x00",
11102	-	"DNS Sleep": "0",
11102	+	"DNS Sleep": "0",
11103	-	"Method1": "GET",
11103	+	"Method1": "GET",
11104	-	"Method2": "POST",
11104	+	"Method2": "POST",
11105	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
11105	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
11106	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
11106	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
11107	-	"Proxy_AccessType": "2 (Use IE settings)"
11107	+	"Proxy_AccessType": "2 (Use IE settings)"
11108	-	}
11108	+	}
11109	-	},
11109	+	},
11110	-	"52.11.45.65": {
11110	+	"52.11.45.65": {
11111	-	"x64": {
11111	+	"x64": {
11112	-	"BeaconType": "8 (HTTPS)",
11112	+	"BeaconType": "8 (HTTPS)",
11113	-	"Port": "443",
11113	+	"Port": "443",
11114	-	"Polling": "5000",
11114	+	"Polling": "5000",
11115	-	"Jitter": "0",
11115	+	"Jitter": "0",
11116	-	"Maxdns": "255",
11116	+	"Maxdns": "255",
11117	-	"C2 Server": "52.11.45.65,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,rest.ehealthdiary.org ,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books",
11117	+	"C2 Server": "52.11.45.65,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,rest.ehealthdiary.org ,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books",
11118	-	"User Agent": "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko",
11118	+	"User Agent": "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko",
11119	-	"HTTP Method Path 2": "/N4215/adj/amzn.us.sr.aps",
11119	+	"HTTP Method Path 2": "/N4215/adj/amzn.us.sr.aps",
11120	-	"Header1": "",
11120	+	"Header1": "",
11121	-	"Header2": "",
11121	+	"Header2": "",
11122	-	"PipeName": "",
11122	+	"PipeName": "",
11123	-	"DNS Idle": "\\x00\\x00\\x00\\x00",
11123	+	"DNS Idle": "\\x00\\x00\\x00\\x00",
11124	-	"DNS Sleep": "0",
11124	+	"DNS Sleep": "0",
11125	-	"Method1": "GET",
11125	+	"Method1": "GET",
11126	-	"Method2": "POST",
11126	+	"Method2": "POST",
11127	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
11127	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
11128	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
11128	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
11129	-	"Proxy_AccessType": "2 (Use IE settings)"
11129	+	"Proxy_AccessType": "2 (Use IE settings)"
11130	-	}
11130	+	}
11131	-	},
11131	+	},
11132	-	"52.255.183.94": {
11132	+	"52.255.183.94": {
11133	-	"x86": {
11133	+	"x86": {
11134	-	"BeaconType": "8 (HTTPS)",
11134	+	"BeaconType": "8 (HTTPS)",
11135	-	"Port": "443",
11135	+	"Port": "443",
11136	-	"Polling": "37500",
11136	+	"Polling": "37500",
11137	-	"Jitter": "33",
11137	+	"Jitter": "33",
11138	-	"Maxdns": "245",
11138	+	"Maxdns": "245",
11139	-	"C2 Server": "red.therclegalgroup.com,/javascripts/jquery.foundation.navigation.js",
11139	+	"C2 Server": "red.therclegalgroup.com,/javascripts/jquery.foundation.navigation.js",
11140	-	"User Agent": "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; SLCC; .NET CLR 3.5.30729; .NET CLR 3.0.30729; MS-RTC LM 8)",
11140	+	"User Agent": "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; SLCC; .NET CLR 3.5.30729; .NET CLR 3.0.30729; MS-RTC LM 8)",
11141	-	"HTTP Method Path 2": "/jquery-3.3.2.min.js",
11141	+	"HTTP Method Path 2": "/jquery-3.3.2.min.js",
11142	-	"Header1": "",
11142	+	"Header1": "",
11143	-	"Header2": "",
11143	+	"Header2": "",
11144	-	"PipeName": "",
11144	+	"PipeName": "",
11145	-	"DNS Idle": "\\x08\\x08\\x08\\x08",
11145	+	"DNS Idle": "\\x08\\x08\\x08\\x08",
11146	-	"DNS Sleep": "0",
11146	+	"DNS Sleep": "0",
11147	-	"Method1": "GET",
11147	+	"Method1": "GET",
11148	-	"Method2": "POST",
11148	+	"Method2": "POST",
11149	-	"Spawnto_x86": "%windir%\\syswow64\\svchost.exe -k netsvcs",
11149	+	"Spawnto_x86": "%windir%\\syswow64\\svchost.exe -k netsvcs",
11150	-	"Spawnto_x64": "%windir%\\sysnative\\svchost.exe -k netsvcs",
11150	+	"Spawnto_x64": "%windir%\\sysnative\\svchost.exe -k netsvcs",
11151	-	"Proxy_AccessType": "2 (Use IE settings)"
11151	+	"Proxy_AccessType": "2 (Use IE settings)"
11152	-	}
11152	+	}
11153	-	},
11153	+	},
11154	-	"52.28.253.50": {
11154	+	"52.28.253.50": {
11155	-	"x86": {
11155	+	"x86": {
11156	-	"BeaconType": "8 (HTTPS)",
11156	+	"BeaconType": "8 (HTTPS)",
11157	-	"Port": "443",
11157	+	"Port": "443",
11158	-	"Polling": "5000",
11158	+	"Polling": "5000",
11159	-	"Jitter": "10",
11159	+	"Jitter": "10",
11160	-	"C2 Server": "rijkzijn.nl,/vlk/grants,uwprivatebank.nl,/vlk/grants,systest.nl,/vlk/grants",
11160	+	"C2 Server": "rijkzijn.nl,/vlk/grants,uwprivatebank.nl,/vlk/grants,systest.nl,/vlk/grants",
11161	-	"HTTP Method Path 2": "/vlk/xmlrpc/v2",
11161	+	"HTTP Method Path 2": "/vlk/xmlrpc/v2",
11162	-	"Method1": "GET",
11162	+	"Method1": "GET",
11163	-	"Method2": "POST",
11163	+	"Method2": "POST",
11164	-	"Spawnto_x86": "%windir%\\syswow64\\mavinject.exe",
11164	+	"Spawnto_x86": "%windir%\\syswow64\\mavinject.exe",
11165	-	"Spawnto_x64": "%windir%\\sysnative\\gpupdate.exe",
11165	+	"Spawnto_x64": "%windir%\\sysnative\\gpupdate.exe",
11166	-	"Proxy_AccessType": "2 (Use IE settings)"
11166	+	"Proxy_AccessType": "2 (Use IE settings)"
11167	-	},
11167	+	},
11168	-	"x64": {
11168	+	"x64": {
11169	-	"BeaconType": "8 (HTTPS)",
11169	+	"BeaconType": "8 (HTTPS)",
11170	-	"Port": "443",
11170	+	"Port": "443",
11171	-	"Polling": "5000",
11171	+	"Polling": "5000",
11172	-	"Jitter": "10",
11172	+	"Jitter": "10",
11173	-	"C2 Server": "rijkzijn.nl,/vlk/grants,uwprivatebank.nl,/vlk/grants,systest.nl,/vlk/grants",
11173	+	"C2 Server": "rijkzijn.nl,/vlk/grants,uwprivatebank.nl,/vlk/grants,systest.nl,/vlk/grants",
11174	-	"HTTP Method Path 2": "/vlk/xmlrpc/v2",
11174	+	"HTTP Method Path 2": "/vlk/xmlrpc/v2",
11175	-	"Method1": "GET",
11175	+	"Method1": "GET",
11176	-	"Method2": "POST",
11176	+	"Method2": "POST",
11177	-	"Spawnto_x86": "%windir%\\syswow64\\mavinject.exe",
11177	+	"Spawnto_x86": "%windir%\\syswow64\\mavinject.exe",
11178	-	"Spawnto_x64": "%windir%\\sysnative\\gpupdate.exe",
11178	+	"Spawnto_x64": "%windir%\\sysnative\\gpupdate.exe",
11179	-	"Proxy_AccessType": "2 (Use IE settings)"
11179	+	"Proxy_AccessType": "2 (Use IE settings)"
11180	-	}
11180	+	}
11181	-	},
11181	+	},
11182	-	"52.89.33.58": {
11182	+	"52.89.33.58": {
11183	-	"x86": {
11183	+	"x86": {
11184	-	"BeaconType": "8 (HTTPS)",
11184	+	"BeaconType": "8 (HTTPS)",
11185	-	"Port": "443",
11185	+	"Port": "443",
11186	-	"Polling": "60000",
11186	+	"Polling": "60000",
11187	-	"Jitter": "0",
11187	+	"Jitter": "0",
11188	-	"C2 Server": "secure.mllnm.com,/visit.js",
11188	+	"C2 Server": "secure.mllnm.com,/visit.js",
11189	-	"HTTP Method Path 2": "/submit.php",
11189	+	"HTTP Method Path 2": "/submit.php",
11190	-	"Method1": "GET",
11190	+	"Method1": "GET",
11191	-	"Method2": "POST",
11191	+	"Method2": "POST",
11192	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
11192	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
11193	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
11193	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
11194	-	"Proxy_AccessType": "2 (Use IE settings)"
11194	+	"Proxy_AccessType": "2 (Use IE settings)"
11195	-	}
11195	+	}
11196	-	},
11196	+	},
11197	-	"52.90.168.168": {
11197	+	"52.90.168.168": {
11198	-	"x86": {
11198	+	"x86": {
11199	-	"BeaconType": "8 (HTTPS)",
11199	+	"BeaconType": "8 (HTTPS)",
11200	-	"Port": "443",
11200	+	"Port": "443",
11201	-	"Polling": "5000",
11201	+	"Polling": "5000",
11202	-	"Jitter": "0",
11202	+	"Jitter": "0",
11203	-	"Maxdns": "255",
11203	+	"Maxdns": "255",
11204	-	"C2 Server": "m24.yourintrinsichealth.com,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books",
11204	+	"C2 Server": "m24.yourintrinsichealth.com,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books",
11205	-	"User Agent": "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko",
11205	+	"User Agent": "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko",
11206	-	"HTTP Method Path 2": "/N4215/adj/amzn.us.sr.aps",
11206	+	"HTTP Method Path 2": "/N4215/adj/amzn.us.sr.aps",
11207	-	"Header1": "",
11207	+	"Header1": "",
11208	-	"Header2": "",
11208	+	"Header2": "",
11209	-	"PipeName": "",
11209	+	"PipeName": "",
11210	-	"DNS Idle": "\\x00\\x00\\x00\\x00",
11210	+	"DNS Idle": "\\x00\\x00\\x00\\x00",
11211	-	"DNS Sleep": "0",
11211	+	"DNS Sleep": "0",
11212	-	"Method1": "GET",
11212	+	"Method1": "GET",
11213	-	"Method2": "POST",
11213	+	"Method2": "POST",
11214	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
11214	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
11215	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
11215	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
11216	-	"Proxy_AccessType": "2 (Use IE settings)"
11216	+	"Proxy_AccessType": "2 (Use IE settings)"
11217	-	}
11217	+	}
11218	-	},
11218	+	},
11219	-	"54.144.48.52": {
11219	+	"54.144.48.52": {
11220	-	"x86": {
11220	+	"x86": {
11221	-	"BeaconType": "8 (HTTPS)",
11221	+	"BeaconType": "8 (HTTPS)",
11222	-	"Port": "443",
11222	+	"Port": "443",
11223	-	"Polling": "5000",
11223	+	"Polling": "5000",
11224	-	"Jitter": "0",
11224	+	"Jitter": "0",
11225	-	"Maxdns": "255",
11225	+	"Maxdns": "255",
11226	-	"C2 Server": "m24.yourintrinsichealth.com,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books",
11226	+	"C2 Server": "m24.yourintrinsichealth.com,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books",
11227	-	"User Agent": "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko",
11227	+	"User Agent": "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko",
11228	-	"HTTP Method Path 2": "/N4215/adj/amzn.us.sr.aps",
11228	+	"HTTP Method Path 2": "/N4215/adj/amzn.us.sr.aps",
11229	-	"Header1": "",
11229	+	"Header1": "",
11230	-	"Header2": "",
11230	+	"Header2": "",
11231	-	"PipeName": "",
11231	+	"PipeName": "",
11232	-	"DNS Idle": "\\x00\\x00\\x00\\x00",
11232	+	"DNS Idle": "\\x00\\x00\\x00\\x00",
11233	-	"DNS Sleep": "0",
11233	+	"DNS Sleep": "0",
11234	-	"Method1": "GET",
11234	+	"Method1": "GET",
11235	-	"Method2": "POST",
11235	+	"Method2": "POST",
11236	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
11236	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
11237	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
11237	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
11238	-	"Proxy_AccessType": "2 (Use IE settings)"
11238	+	"Proxy_AccessType": "2 (Use IE settings)"
11239	-	},
11239	+	},
11240	-	"x64": {
11240	+	"x64": {
11241	-	"BeaconType": "8 (HTTPS)",
11241	+	"BeaconType": "8 (HTTPS)",
11242	-	"Port": "443",
11242	+	"Port": "443",
11243	-	"Polling": "5000",
11243	+	"Polling": "5000",
11244	-	"Jitter": "0",
11244	+	"Jitter": "0",
11245	-	"Maxdns": "255",
11245	+	"Maxdns": "255",
11246	-	"C2 Server": "m24.yourintrinsichealth.com,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books",
11246	+	"C2 Server": "m24.yourintrinsichealth.com,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books",
11247	-	"User Agent": "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko",
11247	+	"User Agent": "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko",
11248	-	"HTTP Method Path 2": "/N4215/adj/amzn.us.sr.aps",
11248	+	"HTTP Method Path 2": "/N4215/adj/amzn.us.sr.aps",
11249	-	"Header1": "",
11249	+	"Header1": "",
11250	-	"Header2": "",
11250	+	"Header2": "",
11251	-	"PipeName": "",
11251	+	"PipeName": "",
11252	-	"DNS Idle": "\\x00\\x00\\x00\\x00",
11252	+	"DNS Idle": "\\x00\\x00\\x00\\x00",
11253	-	"DNS Sleep": "0",
11253	+	"DNS Sleep": "0",
11254	-	"Method1": "GET",
11254	+	"Method1": "GET",
11255	-	"Method2": "POST",
11255	+	"Method2": "POST",
11256	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
11256	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
11257	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
11257	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
11258	-	"Proxy_AccessType": "2 (Use IE settings)"
11258	+	"Proxy_AccessType": "2 (Use IE settings)"
11259	-	}
11259	+	}
11260	-	},
11260	+	},
11261	-	"54.174.1.56": {
11261	+	"54.174.1.56": {
11262	-	"x86": {
11262	+	"x86": {
11263	-	"BeaconType": "8 (HTTPS)",
11263	+	"BeaconType": "8 (HTTPS)",
11264	-	"Port": "443",
11264	+	"Port": "443",
11265	-	"Polling": "6000000",
11265	+	"Polling": "6000000",
11266	-	"Jitter": "37",
11266	+	"Jitter": "37",
11267	-	"Maxdns": "255",
11267	+	"Maxdns": "255",
11268	-	"C2 Server": "917373240,/jquery-3.3.1.min.js,74736b2d677265656e656e657267792e636f6d,/jquery-3.3.1.min.js",
11268	+	"C2 Server": "917373240,/jquery-3.3.1.min.js,74736b2d677265656e656e657267792e636f6d,/jquery-3.3.1.min.js",
11269	-	"User Agent": "Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko",
11269	+	"User Agent": "Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko",
11270	-	"HTTP Method Path 2": "/jquery-3.3.2.min.js",
11270	+	"HTTP Method Path 2": "/jquery-3.3.2.min.js",
11271	-	"Header1": "",
11271	+	"Header1": "",
11272	-	"Header2": "",
11272	+	"Header2": "",
11273	-	"PipeName": "",
11273	+	"PipeName": "",
11274	-	"DNS Idle": "J}\\xC4q",
11274	+	"DNS Idle": "J}\\xC4q",
11275	-	"DNS Sleep": "0",
11275	+	"DNS Sleep": "0",
11276	-	"Method1": "GET",
11276	+	"Method1": "GET",
11277	-	"Method2": "POST",
11277	+	"Method2": "POST",
11278	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
11278	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
11279	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
11279	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
11280	-	"Proxy_Hostname": "socks=185.75.85.79:4145",
11280	+	"Proxy_Hostname": "socks=185.75.85.79:4145",
11281	-	"Proxy_AccessType": "0 (Unknown)"
11281	+	"Proxy_AccessType": "0 (Unknown)"
11282	-	}
11282	+	}
11283	-	},
11283	+	},
11284	-	"54.197.151.253": {
11284	+	"54.197.151.253": {
11285	-	"x86": {
11285	+	"x86": {
11286	-	"BeaconType": "8 (HTTPS)",
11286	+	"BeaconType": "8 (HTTPS)",
11287	-	"Port": "443",
11287	+	"Port": "443",
11288	-	"Polling": "48000",
11288	+	"Polling": "48000",
11289	-	"Jitter": "65",
11289	+	"Jitter": "65",
11290	-	"Maxdns": "235",
11290	+	"Maxdns": "235",
11291	-	"C2 Server": "54.197.151.253,/homes/for_sale/atlanta/",
11291	+	"C2 Server": "54.197.151.253,/homes/for_sale/atlanta/",
11292	-	"User Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36",
11292	+	"User Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36",
11293	-	"HTTP Method Path 2": "/homes/for_sale/Atlanta/",
11293	+	"HTTP Method Path 2": "/homes/for_sale/Atlanta/",
11294	-	"Header1": "",
11294	+	"Header1": "",
11295	-	"Header2": "",
11295	+	"Header2": "",
11296	-	"PipeName": "",
11296	+	"PipeName": "",
11297	-	"DNS Idle": "\\x01\\x01\\x01\\x01",
11297	+	"DNS Idle": "\\x01\\x01\\x01\\x01",
11298	-	"DNS Sleep": "0",
11298	+	"DNS Sleep": "0",
11299	-	"Method1": "GET",
11299	+	"Method1": "GET",
11300	-	"Method2": "GET",
11300	+	"Method2": "GET",
11301	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
11301	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
11302	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
11302	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
11303	-	"Proxy_AccessType": "2 (Use IE settings)"
11303	+	"Proxy_AccessType": "2 (Use IE settings)"
11304	-	}
11304	+	}
11305	-	},
11305	+	},
11306	-	"54.211.22.67": {
11306	+	"54.211.22.67": {
11307	-	"x86": {
11307	+	"x86": {
11308	-	"BeaconType": "8 (HTTPS)",
11308	+	"BeaconType": "8 (HTTPS)",
11309	-	"Port": "443",
11309	+	"Port": "443",
11310	-	"Polling": "45000",
11310	+	"Polling": "45000",
11311	-	"Jitter": "20",
11311	+	"Jitter": "20",
11312	-	"C2 Server": "www.amzn-solutions.com,/page.jsp,help.amzn-solutions.com,/page.jsp,forum.dmcseddebtservices.com,/index.jsp,www.dmcseddebtservices.com,/process.jsp",
11312	+	"C2 Server": "www.amzn-solutions.com,/page.jsp,help.amzn-solutions.com,/page.jsp,forum.dmcseddebtservices.com,/index.jsp,www.dmcseddebtservices.com,/process.jsp",
11313	-	"HTTP Method Path 2": "/search.jsp",
11313	+	"HTTP Method Path 2": "/search.jsp",
11314	-	"Method1": "GET",
11314	+	"Method1": "GET",
11315	-	"Method2": "POST",
11315	+	"Method2": "POST",
11316	-	"Spawnto_x86": "%windir%\\syswow64\\wecutil.exe",
11316	+	"Spawnto_x86": "%windir%\\syswow64\\wecutil.exe",
11317	-	"Spawnto_x64": "%windir%\\sysnative\\wecutil.exe",
11317	+	"Spawnto_x64": "%windir%\\sysnative\\wecutil.exe",
11318	-	"Proxy_AccessType": "2 (Use IE settings)"
11318	+	"Proxy_AccessType": "2 (Use IE settings)"
11319	-	},
11319	+	},
11320	-	"x64": {
11320	+	"x64": {
11321	-	"BeaconType": "8 (HTTPS)",
11321	+	"BeaconType": "8 (HTTPS)",
11322	-	"Port": "443",
11322	+	"Port": "443",
11323	-	"Polling": "45000",
11323	+	"Polling": "45000",
11324	-	"Jitter": "20",
11324	+	"Jitter": "20",
11325	-	"C2 Server": "www.amzn-solutions.com,/page.jsp,help.amzn-solutions.com,/process.jsp,forum.dmcseddebtservices.com,/index.jsp,www.dmcseddebtservices.com,/user.jsp",
11325	+	"C2 Server": "www.amzn-solutions.com,/page.jsp,help.amzn-solutions.com,/process.jsp,forum.dmcseddebtservices.com,/index.jsp,www.dmcseddebtservices.com,/user.jsp",
11326	-	"HTTP Method Path 2": "/parse.jsp",
11326	+	"HTTP Method Path 2": "/parse.jsp",
11327	-	"Method1": "GET",
11327	+	"Method1": "GET",
11328	-	"Method2": "POST",
11328	+	"Method2": "POST",
11329	-	"Spawnto_x86": "%windir%\\syswow64\\wecutil.exe",
11329	+	"Spawnto_x86": "%windir%\\syswow64\\wecutil.exe",
11330	-	"Spawnto_x64": "%windir%\\sysnative\\wecutil.exe",
11330	+	"Spawnto_x64": "%windir%\\sysnative\\wecutil.exe",
11331	-	"Proxy_AccessType": "2 (Use IE settings)"
11331	+	"Proxy_AccessType": "2 (Use IE settings)"
11332	-	}
11332	+	}
11333	-	},
11333	+	},
11334	-	"54.214.197.200": {
11334	+	"54.214.197.200": {
11335	-	"x86": {
11335	+	"x86": {
11336	-	"BeaconType": "8 (HTTPS)",
11336	+	"BeaconType": "8 (HTTPS)",
11337	-	"Port": "443",
11337	+	"Port": "443",
11338	-	"Polling": "60000",
11338	+	"Polling": "60000",
11339	-	"Jitter": "0",
11339	+	"Jitter": "0",
11340	-	"Maxdns": "255",
11340	+	"Maxdns": "255",
11341	-	"C2 Server": "pnwcontent-delivery.com,/updates.rss",
11341	+	"C2 Server": "pnwcontent-delivery.com,/updates.rss",
11342	-	"User Agent": "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0)",
11342	+	"User Agent": "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0)",
11343	-	"HTTP Method Path 2": "/submit.php",
11343	+	"HTTP Method Path 2": "/submit.php",
11344	-	"Header1": "",
11344	+	"Header1": "",
11345	-	"Header2": "",
11345	+	"Header2": "",
11346	-	"PipeName": "",
11346	+	"PipeName": "",
11347	-	"DNS Idle": "\\x00\\x00\\x00\\x00",
11347	+	"DNS Idle": "\\x00\\x00\\x00\\x00",
11348	-	"DNS Sleep": "0",
11348	+	"DNS Sleep": "0",
11349	-	"Method1": "GET",
11349	+	"Method1": "GET",
11350	-	"Method2": "POST",
11350	+	"Method2": "POST",
11351	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
11351	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
11352	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
11352	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
11353	-	"Proxy_AccessType": "2 (Use IE settings)"
11353	+	"Proxy_AccessType": "2 (Use IE settings)"
11354	-	},
11354	+	},
11355	-	"x64": {
11355	+	"x64": {
11356	-	"BeaconType": "8 (HTTPS)",
11356	+	"BeaconType": "8 (HTTPS)",
11357	-	"Port": "443",
11357	+	"Port": "443",
11358	-	"Polling": "60000",
11358	+	"Polling": "60000",
11359	-	"Jitter": "0",
11359	+	"Jitter": "0",
11360	-	"Maxdns": "255",
11360	+	"Maxdns": "255",
11361	-	"C2 Server": "pnwcontent-delivery.com,/pixel",
11361	+	"C2 Server": "pnwcontent-delivery.com,/pixel",
11362	-	"User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; BOIE9;ENUS)",
11362	+	"User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; BOIE9;ENUS)",
11363	-	"HTTP Method Path 2": "/submit.php",
11363	+	"HTTP Method Path 2": "/submit.php",
11364	-	"Header1": "",
11364	+	"Header1": "",
11365	-	"Header2": "",
11365	+	"Header2": "",
11366	-	"PipeName": "",
11366	+	"PipeName": "",
11367	-	"DNS Idle": "\\x00\\x00\\x00\\x00",
11367	+	"DNS Idle": "\\x00\\x00\\x00\\x00",
11368	-	"DNS Sleep": "0",
11368	+	"DNS Sleep": "0",
11369	-	"Method1": "GET",
11369	+	"Method1": "GET",
11370	-	"Method2": "POST",
11370	+	"Method2": "POST",
11371	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
11371	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
11372	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
11372	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
11373	-	"Proxy_AccessType": "2 (Use IE settings)"
11373	+	"Proxy_AccessType": "2 (Use IE settings)"
11374	-	}
11374	+	}
11375	-	},
11375	+	},
11376	-	"54.242.70.107": {
11376	+	"54.242.70.107": {
11377	-	"x86": {
11377	+	"x86": {
11378	-	"BeaconType": "8 (HTTPS)",
11378	+	"BeaconType": "8 (HTTPS)",
11379	-	"Port": "443",
11379	+	"Port": "443",
11380	-	"Polling": "60000",
11380	+	"Polling": "60000",
11381	-	"Jitter": "0",
11381	+	"Jitter": "0",
11382	-	"Maxdns": "255",
11382	+	"Maxdns": "255",
11383	-	"C2 Server": "54.242.70.107,/dpixel",
11383	+	"C2 Server": "54.242.70.107,/dpixel",
11384	-	"User Agent": "Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)",
11384	+	"User Agent": "Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)",
11385	-	"HTTP Method Path 2": "/submit.php",
11385	+	"HTTP Method Path 2": "/submit.php",
11386	-	"Header1": "",
11386	+	"Header1": "",
11387	-	"Header2": "",
11387	+	"Header2": "",
11388	-	"PipeName": "",
11388	+	"PipeName": "",
11389	-	"DNS Idle": "\\x00\\x00\\x00\\x00",
11389	+	"DNS Idle": "\\x00\\x00\\x00\\x00",
11390	-	"DNS Sleep": "0",
11390	+	"DNS Sleep": "0",
11391	-	"Method1": "GET",
11391	+	"Method1": "GET",
11392	-	"Method2": "POST",
11392	+	"Method2": "POST",
11393	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
11393	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
11394	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
11394	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
11395	-	"Proxy_AccessType": "2 (Use IE settings)"
11395	+	"Proxy_AccessType": "2 (Use IE settings)"
11396	-	}
11396	+	}
11397	-	},
11397	+	},
11398	-	"54.93.130.9": {
11398	+	"54.93.130.9": {
11399	-	"x86": {
11399	+	"x86": {
11400	-	"BeaconType": "8 (HTTPS)",
11400	+	"BeaconType": "8 (HTTPS)",
11401	-	"Port": "443",
11401	+	"Port": "443",
11402	-	"Polling": "37500",
11402	+	"Polling": "37500",
11403	-	"Jitter": "33",
11403	+	"Jitter": "33",
11404	-	"Maxdns": "245",
11404	+	"Maxdns": "245",
11405	-	"C2 Server": "zliveaudio.com,/audio/",
11405	+	"C2 Server": "zliveaudio.com,/audio/",
11406	-	"User Agent": "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/587.38 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.36",
11406	+	"User Agent": "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/587.38 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.36",
11407	-	"HTTP Method Path 2": "/melody/",
11407	+	"HTTP Method Path 2": "/melody/",
11408	-	"Header1": "",
11408	+	"Header1": "",
11409	-	"Header2": "",
11409	+	"Header2": "",
11410	-	"PipeName": "",
11410	+	"PipeName": "",
11411	-	"DNS Idle": "\\x08\\x08\\x08\\x08",
11411	+	"DNS Idle": "\\x08\\x08\\x08\\x08",
11412	-	"DNS Sleep": "0",
11412	+	"DNS Sleep": "0",
11413	-	"Method1": "GET",
11413	+	"Method1": "GET",
11414	-	"Method2": "POST",
11414	+	"Method2": "POST",
11415	-	"Spawnto_x86": "%windir%\\syswow64\\gpupdate.exe",
11415	+	"Spawnto_x86": "%windir%\\syswow64\\gpupdate.exe",
11416	-	"Spawnto_x64": "%windir%\\sysnative\\gpupdate.exe",
11416	+	"Spawnto_x64": "%windir%\\sysnative\\gpupdate.exe",
11417	-	"Proxy_AccessType": "2 (Use IE settings)"
11417	+	"Proxy_AccessType": "2 (Use IE settings)"
11418	-	}
11418	+	}
11419	-	},
11419	+	},
11420	-	"60.205.220.98": {
11420	+	"60.205.220.98": {
11421	-	"x86": {
11421	+	"x86": {
11422	-	"BeaconType": "8 (HTTPS)",
11422	+	"BeaconType": "8 (HTTPS)",
11423	-	"Port": "443",
11423	+	"Port": "443",
11424	-	"Polling": "60000",
11424	+	"Polling": "60000",
11425	-	"Jitter": "20",
11425	+	"Jitter": "20",
11426	-	"Maxdns": "235",
11426	+	"Maxdns": "235",
11427	-	"C2 Server": "58.218.215.124,/search/,122.193.130.85,/search/,125.37.206.221,/search/,120.221.181.171,/search/",
11427	+	"C2 Server": "58.218.215.124,/search/,122.193.130.85,/search/,125.37.206.221,/search/,120.221.181.171,/search/",
11428	-	"User Agent": "Mozilla/5.0 (compatible, MSIE 11, Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko",
11428	+	"User Agent": "Mozilla/5.0 (compatible, MSIE 11, Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko",
11429	-	"HTTP Method Path 2": "/Search/",
11429	+	"HTTP Method Path 2": "/Search/",
11430	-	"Header1": "",
11430	+	"Header1": "",
11431	-	"Header2": "",
11431	+	"Header2": "",
11432	-	"PipeName": "",
11432	+	"PipeName": "",
11433	-	"DNS Idle": "\\x08\\x08\\x04\\x04",
11433	+	"DNS Idle": "\\x08\\x08\\x04\\x04",
11434	-	"DNS Sleep": "0",
11434	+	"DNS Sleep": "0",
11435	-	"Method1": "GET",
11435	+	"Method1": "GET",
11436	-	"Method2": "GET",
11436	+	"Method2": "GET",
11437	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
11437	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
11438	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
11438	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
11439	-	"Proxy_AccessType": "2 (Use IE settings)"
11439	+	"Proxy_AccessType": "2 (Use IE settings)"
11440	-	},
11440	+	},
11441	-	"x64": {
11441	+	"x64": {
11442	-	"BeaconType": "8 (HTTPS)",
11442	+	"BeaconType": "8 (HTTPS)",
11443	-	"Port": "443",
11443	+	"Port": "443",
11444	-	"Polling": "60000",
11444	+	"Polling": "60000",
11445	-	"Jitter": "20",
11445	+	"Jitter": "20",
11446	-	"Maxdns": "235",
11446	+	"Maxdns": "235",
11447	-	"C2 Server": "58.218.215.124,/search/,122.193.130.85,/search/,125.37.206.221,/search/,120.221.181.171,/search/",
11447	+	"C2 Server": "58.218.215.124,/search/,122.193.130.85,/search/,125.37.206.221,/search/,120.221.181.171,/search/",
11448	-	"User Agent": "Mozilla/5.0 (compatible, MSIE 11, Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko",
11448	+	"User Agent": "Mozilla/5.0 (compatible, MSIE 11, Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko",
11449	-	"HTTP Method Path 2": "/Search/",
11449	+	"HTTP Method Path 2": "/Search/",
11450	-	"Header1": "",
11450	+	"Header1": "",
11451	-	"Header2": "",
11451	+	"Header2": "",
11452	-	"PipeName": "",
11452	+	"PipeName": "",
11453	-	"DNS Idle": "\\x08\\x08\\x04\\x04",
11453	+	"DNS Idle": "\\x08\\x08\\x04\\x04",
11454	-	"DNS Sleep": "0",
11454	+	"DNS Sleep": "0",
11455	-	"Method1": "GET",
11455	+	"Method1": "GET",
11456	-	"Method2": "GET",
11456	+	"Method2": "GET",
11457	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
11457	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
11458	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
11458	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
11459	-	"Proxy_AccessType": "2 (Use IE settings)"
11459	+	"Proxy_AccessType": "2 (Use IE settings)"
11460	-	}
11460	+	}
11461	-	},
11461	+	},
11462	-	"63.34.20.87": {
11462	+	"63.34.20.87": {
11463	-	"x86": {
11463	+	"x86": {
11464	-	"BeaconType": "8 (HTTPS)",
11464	+	"BeaconType": "8 (HTTPS)",
11465	-	"Port": "443",
11465	+	"Port": "443",
11466	-	"Polling": "9700",
11466	+	"Polling": "9700",
11467	-	"Jitter": "12",
11467	+	"Jitter": "12",
11468	-	"Maxdns": "243",
11468	+	"Maxdns": "243",
11469	-	"C2 Server": "cehclient-canary.teams.microsoft.com,/s/ref=nb_sb_noss_1/404-17182125-2303392/field-keywords=group",
11469	+	"C2 Server": "cehclient-canary.teams.microsoft.com,/s/ref=nb_sb_noss_1/404-17182125-2303392/field-keywords=group",
11470	-	"User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)",
11470	+	"User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)",
11471	-	"HTTP Method Path 2": "/N2263/adj/amzn.us.sr.aps",
11471	+	"HTTP Method Path 2": "/N2263/adj/amzn.us.sr.aps",
11472	-	"Header1": "",
11472	+	"Header1": "",
11473	-	"Header2": "",
11473	+	"Header2": "",
11474	-	"PipeName": "",
11474	+	"PipeName": "",
11475	-	"DNS Idle": "\\x00\\x00\\x00\\x00",
11475	+	"DNS Idle": "\\x00\\x00\\x00\\x00",
11476	-	"DNS Sleep": "0",
11476	+	"DNS Sleep": "0",
11477	-	"Method1": "GET",
11477	+	"Method1": "GET",
11478	-	"Method2": "POST",
11478	+	"Method2": "POST",
11479	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
11479	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
11480	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
11480	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
11481	-	"Proxy_AccessType": "2 (Use IE settings)"
11481	+	"Proxy_AccessType": "2 (Use IE settings)"
11482	-	}
11482	+	}
11483	-	},
11483	+	},
11484	-	"64.187.238.138": {
11484	+	"64.187.238.138": {
11485	-	"x86": {
11485	+	"x86": {
11486	-	"BeaconType": "8 (HTTPS)",
11486	+	"BeaconType": "8 (HTTPS)",
11487	-	"Port": "443",
11487	+	"Port": "443",
11488	-	"Polling": "5000",
11488	+	"Polling": "5000",
11489	-	"Jitter": "10",
11489	+	"Jitter": "10",
11490	-	"Maxdns": "235",
11490	+	"Maxdns": "235",
11491	-	"C2 Server": "ramush.com,/us/ky/louisville/312-s-fourth-st.html,leepick.com,/us/ky/louisville/312-s-fourth-st.html",
11491	+	"C2 Server": "ramush.com,/us/ky/louisville/312-s-fourth-st.html,leepick.com,/us/ky/louisville/312-s-fourth-st.html",
11492	-	"User Agent": "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko)",
11492	+	"User Agent": "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko)",
11493	-	"HTTP Method Path 2": "/OrderEntryService.asmx/AddOrderLine",
11493	+	"HTTP Method Path 2": "/OrderEntryService.asmx/AddOrderLine",
11494	-	"Header1": "",
11494	+	"Header1": "",
11495	-	"Header2": "",
11495	+	"Header2": "",
11496	-	"PipeName": "",
11496	+	"PipeName": "",
11497	-	"DNS Idle": "\\x08\\x08\\x08\\x08",
11497	+	"DNS Idle": "\\x08\\x08\\x08\\x08",
11498	-	"DNS Sleep": "0",
11498	+	"DNS Sleep": "0",
11499	-	"Method1": "GET",
11499	+	"Method1": "GET",
11500	-	"Method2": "POST",
11500	+	"Method2": "POST",
11501	-	"Spawnto_x86": "%windir%\\syswow64\\mstsc.exe",
11501	+	"Spawnto_x86": "%windir%\\syswow64\\mstsc.exe",
11502	-	"Spawnto_x64": "%windir%\\sysnative\\mstsc.exe",
11502	+	"Spawnto_x64": "%windir%\\sysnative\\mstsc.exe",
11503	-	"Proxy_AccessType": "2 (Use IE settings)"
11503	+	"Proxy_AccessType": "2 (Use IE settings)"
11504	-	}
11504	+	}
11505	-	},
11505	+	},
11506	-	"64.187.239.138": {
11506	+	"64.187.239.138": {
11507	-	"x86": {
11507	+	"x86": {
11508	-	"BeaconType": "8 (HTTPS)",
11508	+	"BeaconType": "8 (HTTPS)",
11509	-	"Port": "443",
11509	+	"Port": "443",
11510	-	"Polling": "5000",
11510	+	"Polling": "5000",
11511	-	"Jitter": "10",
11511	+	"Jitter": "10",
11512	-	"Maxdns": "235",
11512	+	"Maxdns": "235",
11513	-	"C2 Server": "ballom.com,/us/ky/louisville/312-s-fourth-st.html",
11513	+	"C2 Server": "ballom.com,/us/ky/louisville/312-s-fourth-st.html",
11514	-	"User Agent": "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko)",
11514	+	"User Agent": "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko)",
11515	-	"HTTP Method Path 2": "/OrderEntryService.asmx/AddOrderLine",
11515	+	"HTTP Method Path 2": "/OrderEntryService.asmx/AddOrderLine",
11516	-	"Header1": "",
11516	+	"Header1": "",
11517	-	"Header2": "",
11517	+	"Header2": "",
11518	-	"PipeName": "",
11518	+	"PipeName": "",
11519	-	"DNS Idle": "\\x08\\x08\\x08\\x08",
11519	+	"DNS Idle": "\\x08\\x08\\x08\\x08",
11520	-	"DNS Sleep": "0",
11520	+	"DNS Sleep": "0",
11521	-	"Method1": "GET",
11521	+	"Method1": "GET",
11522	-	"Method2": "POST",
11522	+	"Method2": "POST",
11523	-	"Spawnto_x86": "%windir%\\syswow64\\mstsc.exe",
11523	+	"Spawnto_x86": "%windir%\\syswow64\\mstsc.exe",
11524	-	"Spawnto_x64": "%windir%\\sysnative\\mstsc.exe",
11524	+	"Spawnto_x64": "%windir%\\sysnative\\mstsc.exe",
11525	-	"Proxy_AccessType": "2 (Use IE settings)"
11525	+	"Proxy_AccessType": "2 (Use IE settings)"
11526	-	}
11526	+	}
11527	-	},
11527	+	},
11528	-	"64.225.114.162": {
11528	+	"64.225.114.162": {
11529	-	"x64": {
11529	+	"x64": {
11530	-	"BeaconType": "8 (HTTPS)",
11530	+	"BeaconType": "8 (HTTPS)",
11531	-	"Port": "443",
11531	+	"Port": "443",
11532	-	"Polling": "30000",
11532	+	"Polling": "30000",
11533	-	"Jitter": "50",
11533	+	"Jitter": "50",
11534	-	"Maxdns": "255",
11534	+	"Maxdns": "255",
11535	-	"C2 Server": "secure.viper-cdn.com,/__utm.gif",
11535	+	"C2 Server": "secure.viper-cdn.com,/__utm.gif",
11536	-	"User Agent": "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko",
11536	+	"User Agent": "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko",
11537	-	"HTTP Method Path 2": "/___utm.gif",
11537	+	"HTTP Method Path 2": "/___utm.gif",
11538	-	"Header1": "",
11538	+	"Header1": "",
11539	-	"Header2": "",
11539	+	"Header2": "",
11540	-	"PipeName": "",
11540	+	"PipeName": "",
11541	-	"DNS Idle": "\\x00\\x00\\x00\\x00",
11541	+	"DNS Idle": "\\x00\\x00\\x00\\x00",
11542	-	"DNS Sleep": "0",
11542	+	"DNS Sleep": "0",
11543	-	"Method1": "GET",
11543	+	"Method1": "GET",
11544	-	"Method2": "POST",
11544	+	"Method2": "POST",
11545	-	"Spawnto_x86": "%windir%\\syswow64\\svchost.exe -k netsvcs",
11545	+	"Spawnto_x86": "%windir%\\syswow64\\svchost.exe -k netsvcs",
11546	-	"Spawnto_x64": "%windir%\\sysnative\\svchost.exe -k netsvcs",
11546	+	"Spawnto_x64": "%windir%\\sysnative\\svchost.exe -k netsvcs",
11547	-	"Proxy_AccessType": "2 (Use IE settings)"
11547	+	"Proxy_AccessType": "2 (Use IE settings)"
11548	-	}
11548	+	}
11549	-	},
11549	+	},
11550	-	"64.227.24.12": {
11550	+	"64.227.24.12": {
11551	-	"x86": {
11551	+	"x86": {
11552	-	"BeaconType": "8 (HTTPS)",
11552	+	"BeaconType": "8 (HTTPS)",
11553	-	"Port": "443",
11553	+	"Port": "443",
11554	-	"Polling": "3000",
11554	+	"Polling": "3000",
11555	-	"Jitter": "0",
11555	+	"Jitter": "0",
11556	-	"C2 Server": "64.227.24.12,/wp08/wp-includes/dtcla.php",
11556	+	"C2 Server": "64.227.24.12,/wp08/wp-includes/dtcla.php",
11557	-	"HTTP Method Path 2": "/includes/phpmailer/class.pop3.php",
11557	+	"HTTP Method Path 2": "/includes/phpmailer/class.pop3.php",
11558	-	"Method1": "GET",
11558	+	"Method1": "GET",
11559	-	"Method2": "POST",
11559	+	"Method2": "POST",
11560	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
11560	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
11561	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
11561	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
11562	-	"Proxy_AccessType": "2 (Use IE settings)"
11562	+	"Proxy_AccessType": "2 (Use IE settings)"
11563	-	},
11563	+	},
11564	-	"x64": {
11564	+	"x64": {
11565	-	"BeaconType": "8 (HTTPS)",
11565	+	"BeaconType": "8 (HTTPS)",
11566	-	"Port": "443",
11566	+	"Port": "443",
11567	-	"Polling": "3000",
11567	+	"Polling": "3000",
11568	-	"Jitter": "0",
11568	+	"Jitter": "0",
11569	-	"C2 Server": "64.227.24.12,/wp06/wp-includes/po.php",
11569	+	"C2 Server": "64.227.24.12,/wp06/wp-includes/po.php",
11570	-	"HTTP Method Path 2": "/includes/phpmailer/class.pop3.php",
11570	+	"HTTP Method Path 2": "/includes/phpmailer/class.pop3.php",
11571	-	"Method1": "GET",
11571	+	"Method1": "GET",
11572	-	"Method2": "POST",
11572	+	"Method2": "POST",
11573	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
11573	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
11574	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
11574	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
11575	-	"Proxy_AccessType": "2 (Use IE settings)"
11575	+	"Proxy_AccessType": "2 (Use IE settings)"
11576	-	}
11576	+	}
11577	-	},
11577	+	},
11578	-	"64.227.45.20": {
11578	+	"64.227.45.20": {
11579	-	"x64": {
11579	+	"x64": {
11580	-	"BeaconType": "8 (HTTPS)",
11580	+	"BeaconType": "8 (HTTPS)",
11581	-	"Port": "443",
11581	+	"Port": "443",
11582	-	"Polling": "8000",
11582	+	"Polling": "8000",
11583	-	"Jitter": "30",
11583	+	"Jitter": "30",
11584	-	"Maxdns": "255",
11584	+	"Maxdns": "255",
11585	-	"C2 Server": "cob.wolt.services,/watch/",
11585	+	"C2 Server": "cob.wolt.services,/watch/",
11586	-	"User Agent": "Mozilla/5.0 (compatible, MSIE 11, Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko",
11586	+	"User Agent": "Mozilla/5.0 (compatible, MSIE 11, Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko",
11587	-	"HTTP Method Path 2": "/youtubei/v1/logevent",
11587	+	"HTTP Method Path 2": "/youtubei/v1/logevent",
11588	-	"Header1": "",
11588	+	"Header1": "",
11589	-	"Header2": "",
11589	+	"Header2": "",
11590	-	"PipeName": "",
11590	+	"PipeName": "",
11591	-	"DNS Idle": "\\xD8:\\xCE\\x0E",
11591	+	"DNS Idle": "\\xD8:\\xCE\\x0E",
11592	-	"DNS Sleep": "0",
11592	+	"DNS Sleep": "0",
11593	-	"Method1": "GET",
11593	+	"Method1": "GET",
11594	-	"Method2": "POST",
11594	+	"Method2": "POST",
11595	-	"Spawnto_x86": "%windir%\\syswow64\\svchost.exe -k netsvcs",
11595	+	"Spawnto_x86": "%windir%\\syswow64\\svchost.exe -k netsvcs",
11596	-	"Spawnto_x64": "%windir%\\sysnative\\svchost.exe -k netsvcs",
11596	+	"Spawnto_x64": "%windir%\\sysnative\\svchost.exe -k netsvcs",
11597	-	"Proxy_AccessType": "2 (Use IE settings)"
11597	+	"Proxy_AccessType": "2 (Use IE settings)"
11598	-	}
11598	+	}
11599	-	},
11599	+	},
11600	-	"64.64.243.42": {
11600	+	"64.64.243.42": {
11601	-	"x86": {
11601	+	"x86": {
11602	-	"BeaconType": "0 (HTTP)",
11602	+	"BeaconType": "0 (HTTP)",
11603	-	"Port": "443",
11603	+	"Port": "443",
11604	-	"Polling": "8658",
11604	+	"Polling": "8658",
11605	-	"Jitter": "39",
11605	+	"Jitter": "39",
11606	-	"Maxdns": "248",
11606	+	"Maxdns": "248",
11607	-	"C2 Server": "64.64.243.42,/fam_calendar",
11607	+	"C2 Server": "64.64.243.42,/fam_calendar",
11608	-	"User Agent": "Mozilla/5.0 (Linux; Android 7.0; Pixel C Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0",
11608	+	"User Agent": "Mozilla/5.0 (Linux; Android 7.0; Pixel C Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0",
11609	-	"HTTP Method Path 2": "/html",
11609	+	"HTTP Method Path 2": "/html",
11610	-	"Header1": "",
11610	+	"Header1": "",
11611	-	"Header2": "",
11611	+	"Header2": "",
11612	-	"PipeName": "",
11612	+	"PipeName": "",
11613	-	"DNS Idle": "Zo\\x8DO",
11613	+	"DNS Idle": "Zo\\x8DO",
11614	-	"DNS Sleep": "0",
11614	+	"DNS Sleep": "0",
11615	-	"Method1": "GET",
11615	+	"Method1": "GET",
11616	-	"Method2": "POST",
11616	+	"Method2": "POST",
11617	-	"Spawnto_x86": "%Systemroot%\\System32\\WUDFHost.exe",
11617	+	"Spawnto_x86": "%Systemroot%\\System32\\WUDFHost.exe",
11618	-	"Spawnto_x64": "%Systemroot%\\System32\\WUDFHost.exe",
11618	+	"Spawnto_x64": "%Systemroot%\\System32\\WUDFHost.exe",
11619	-	"Proxy_AccessType": "2 (Use IE settings)"
11619	+	"Proxy_AccessType": "2 (Use IE settings)"
11620	-	},
11620	+	},
11621	-	"x64": {
11621	+	"x64": {
11622	-	"BeaconType": "0 (HTTP)",
11622	+	"BeaconType": "0 (HTTP)",
11623	-	"Port": "443",
11623	+	"Port": "443",
11624	-	"Polling": "8658",
11624	+	"Polling": "8658",
11625	-	"Jitter": "39",
11625	+	"Jitter": "39",
11626	-	"Maxdns": "248",
11626	+	"Maxdns": "248",
11627	-	"C2 Server": "64.64.243.42,/mobile-home",
11627	+	"C2 Server": "64.64.243.42,/mobile-home",
11628	-	"User Agent": "Mozilla/5.0 (Linux; Android 7.0; Pixel C Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0",
11628	+	"User Agent": "Mozilla/5.0 (Linux; Android 7.0; Pixel C Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0",
11629	-	"HTTP Method Path 2": "/html",
11629	+	"HTTP Method Path 2": "/html",
11630	-	"Header1": "",
11630	+	"Header1": "",
11631	-	"Header2": "",
11631	+	"Header2": "",
11632	-	"PipeName": "",
11632	+	"PipeName": "",
11633	-	"DNS Idle": "Zo\\x8DO",
11633	+	"DNS Idle": "Zo\\x8DO",
11634	-	"DNS Sleep": "0",
11634	+	"DNS Sleep": "0",
11635	-	"Method1": "GET",
11635	+	"Method1": "GET",
11636	-	"Method2": "POST",
11636	+	"Method2": "POST",
11637	-	"Spawnto_x86": "%Systemroot%\\System32\\WUDFHost.exe",
11637	+	"Spawnto_x86": "%Systemroot%\\System32\\WUDFHost.exe",
11638	-	"Spawnto_x64": "%Systemroot%\\System32\\WUDFHost.exe",
11638	+	"Spawnto_x64": "%Systemroot%\\System32\\WUDFHost.exe",
11639	-	"Proxy_AccessType": "2 (Use IE settings)"
11639	+	"Proxy_AccessType": "2 (Use IE settings)"
11640	-	}
11640	+	}
11641	-	},
11641	+	},
11642	-	"64.73.162.13": {
11642	+	"64.73.162.13": {
11643	-	"x86": {
11643	+	"x86": {
11644	-	"BeaconType": "8 (HTTPS)",
11644	+	"BeaconType": "8 (HTTPS)",
11645	-	"Port": "443",
11645	+	"Port": "443",
11646	-	"Polling": "45000",
11646	+	"Polling": "45000",
11647	-	"Jitter": "37",
11647	+	"Jitter": "37",
11648	-	"C2 Server": "64.73.162.13,/jquery-3.3.1.min.js",
11648	+	"C2 Server": "64.73.162.13,/jquery-3.3.1.min.js",
11649	-	"HTTP Method Path 2": "/jquery-3.3.2.min.js",
11649	+	"HTTP Method Path 2": "/jquery-3.3.2.min.js",
11650	-	"Method1": "GET",
11650	+	"Method1": "GET",
11651	-	"Method2": "POST",
11651	+	"Method2": "POST",
11652	-	"Spawnto_x86": "%windir%\\syswow64\\svchost.exe -k LocalServiceNoNetwork",
11652	+	"Spawnto_x86": "%windir%\\syswow64\\svchost.exe -k LocalServiceNoNetwork",
11653	-	"Spawnto_x64": "%windir%\\sysnative\\svchost.exe -k LocalServiceNoNetwork",
11653	+	"Spawnto_x64": "%windir%\\sysnative\\svchost.exe -k LocalServiceNoNetwork",
11654	-	"Proxy_AccessType": "2 (Use IE settings)"
11654	+	"Proxy_AccessType": "2 (Use IE settings)"
11655	-	},
11655	+	},
11656	-	"x64": {
11656	+	"x64": {
11657	-	"BeaconType": "8 (HTTPS)",
11657	+	"BeaconType": "8 (HTTPS)",
11658	-	"Port": "443",
11658	+	"Port": "443",
11659	-	"Polling": "45000",
11659	+	"Polling": "45000",
11660	-	"Jitter": "37",
11660	+	"Jitter": "37",
11661	-	"C2 Server": "64.73.162.13,/jquery-3.3.1.min.js",
11661	+	"C2 Server": "64.73.162.13,/jquery-3.3.1.min.js",
11662	-	"HTTP Method Path 2": "/jquery-3.3.2.min.js",
11662	+	"HTTP Method Path 2": "/jquery-3.3.2.min.js",
11663	-	"Method1": "GET",
11663	+	"Method1": "GET",
11664	-	"Method2": "POST",
11664	+	"Method2": "POST",
11665	-	"Spawnto_x86": "%windir%\\syswow64\\svchost.exe -k LocalServiceNoNetwork",
11665	+	"Spawnto_x86": "%windir%\\syswow64\\svchost.exe -k LocalServiceNoNetwork",
11666	-	"Spawnto_x64": "%windir%\\sysnative\\svchost.exe -k LocalServiceNoNetwork",
11666	+	"Spawnto_x64": "%windir%\\sysnative\\svchost.exe -k LocalServiceNoNetwork",
11667	-	"Proxy_AccessType": "2 (Use IE settings)"
11667	+	"Proxy_AccessType": "2 (Use IE settings)"
11668	-	}
11668	+	}
11669	-	},
11669	+	},
11670	-	"65.207.115.215": {
11670	+	"65.207.115.215": {
11671	-	"x86": {
11671	+	"x86": {
11672	-	"BeaconType": "8 (HTTPS)",
11672	+	"BeaconType": "8 (HTTPS)",
11673	-	"Port": "443",
11673	+	"Port": "443",
11674	-	"Polling": "60000",
11674	+	"Polling": "60000",
11675	-	"Jitter": "20",
11675	+	"Jitter": "20",
11676	-	"C2 Server": "213.236.64.41,/preload",
11676	+	"C2 Server": "213.236.64.41,/preload",
11677	-	"HTTP Method Path 2": "/sa",
11677	+	"HTTP Method Path 2": "/sa",
11678	-	"Method1": "GET",
11678	+	"Method1": "GET",
11679	-	"Method2": "GET",
11679	+	"Method2": "GET",
11680	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
11680	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
11681	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
11681	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
11682	-	"Proxy_AccessType": "2 (Use IE settings)"
11682	+	"Proxy_AccessType": "2 (Use IE settings)"
11683	-	},
11683	+	},
11684	-	"x64": {
11684	+	"x64": {
11685	-	"BeaconType": "8 (HTTPS)",
11685	+	"BeaconType": "8 (HTTPS)",
11686	-	"Port": "443",
11686	+	"Port": "443",
11687	-	"Polling": "60000",
11687	+	"Polling": "60000",
11688	-	"Jitter": "20",
11688	+	"Jitter": "20",
11689	-	"C2 Server": "213.236.64.41,/preload",
11689	+	"C2 Server": "213.236.64.41,/preload",
11690	-	"HTTP Method Path 2": "/sa",
11690	+	"HTTP Method Path 2": "/sa",
11691	-	"Method1": "GET",
11691	+	"Method1": "GET",
11692	-	"Method2": "GET",
11692	+	"Method2": "GET",
11693	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
11693	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
11694	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
11694	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
11695	-	"Proxy_AccessType": "2 (Use IE settings)"
11695	+	"Proxy_AccessType": "2 (Use IE settings)"
11696	-	}
11696	+	}
11697	-	},
11697	+	},
11698	-	"66.42.40.220": {
11698	+	"66.42.40.220": {
11699	-	"x86": {
11699	+	"x86": {
11700	-	"BeaconType": "8 (HTTPS)",
11700	+	"BeaconType": "8 (HTTPS)",
11701	-	"Port": "443",
11701	+	"Port": "443",
11702	-	"Polling": "61779",
11702	+	"Polling": "61779",
11703	-	"Jitter": "37",
11703	+	"Jitter": "37",
11704	-	"Maxdns": "241",
11704	+	"Maxdns": "241",
11705	-	"C2 Server": "66.42.40.220,/toget",
11705	+	"C2 Server": "66.42.40.220,/toget",
11706	-	"User Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Safari/537.36 Edge/12.246",
11706	+	"User Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Safari/537.36 Edge/12.246",
11707	-	"HTTP Method Path 2": "/topost",
11707	+	"HTTP Method Path 2": "/topost",
11708	-	"Header1": "",
11708	+	"Header1": "",
11709	-	"Header2": "",
11709	+	"Header2": "",
11710	-	"PipeName": "",
11710	+	"PipeName": "",
11711	-	"DNS Idle": "r\\xDE\\x82.",
11711	+	"DNS Idle": "r\\xDE\\x82.",
11712	-	"DNS Sleep": "0",
11712	+	"DNS Sleep": "0",
11713	-	"Method1": "GET",
11713	+	"Method1": "GET",
11714	-	"Method2": "POST",
11714	+	"Method2": "POST",
11715	-	"Spawnto_x86": "%windir%\\syswow64\\runonce.exe",
11715	+	"Spawnto_x86": "%windir%\\syswow64\\runonce.exe",
11716	-	"Spawnto_x64": "%windir%\\sysnative\\runonce.exe",
11716	+	"Spawnto_x64": "%windir%\\sysnative\\runonce.exe",
11717	-	"Proxy_AccessType": "2 (Use IE settings)"
11717	+	"Proxy_AccessType": "2 (Use IE settings)"
11718	-	},
11718	+	},
11719	-	"x64": {
11719	+	"x64": {
11720	-	"BeaconType": "8 (HTTPS)",
11720	+	"BeaconType": "8 (HTTPS)",
11721	-	"Port": "443",
11721	+	"Port": "443",
11722	-	"Polling": "61779",
11722	+	"Polling": "61779",
11723	-	"Jitter": "37",
11723	+	"Jitter": "37",
11724	-	"Maxdns": "241",
11724	+	"Maxdns": "241",
11725	-	"C2 Server": "66.42.40.220,/toget",
11725	+	"C2 Server": "66.42.40.220,/toget",
11726	-	"User Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Safari/537.36 Edge/12.246",
11726	+	"User Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Safari/537.36 Edge/12.246",
11727	-	"HTTP Method Path 2": "/topost",
11727	+	"HTTP Method Path 2": "/topost",
11728	-	"Header1": "",
11728	+	"Header1": "",
11729	-	"Header2": "",
11729	+	"Header2": "",
11730	-	"PipeName": "",
11730	+	"PipeName": "",
11731	-	"DNS Idle": "r\\xDE\\x82.",
11731	+	"DNS Idle": "r\\xDE\\x82.",
11732	-	"DNS Sleep": "0",
11732	+	"DNS Sleep": "0",
11733	-	"Method1": "GET",
11733	+	"Method1": "GET",
11734	-	"Method2": "POST",
11734	+	"Method2": "POST",
11735	-	"Spawnto_x86": "%windir%\\syswow64\\runonce.exe",
11735	+	"Spawnto_x86": "%windir%\\syswow64\\runonce.exe",
11736	-	"Spawnto_x64": "%windir%\\sysnative\\runonce.exe",
11736	+	"Spawnto_x64": "%windir%\\sysnative\\runonce.exe",
11737	-	"Proxy_AccessType": "2 (Use IE settings)"
11737	+	"Proxy_AccessType": "2 (Use IE settings)"
11738	-	}
11738	+	}
11739	-	},
11739	+	},
11740	-	"66.42.59.57": {
11740	+	"66.42.59.57": {
11741	-	"x64": {
11741	+	"x64": {
11742	-	"BeaconType": "8 (HTTPS)",
11742	+	"BeaconType": "8 (HTTPS)",
11743	-	"Port": "443",
11743	+	"Port": "443",
11744	-	"Polling": "5000",
11744	+	"Polling": "5000",
11745	-	"Jitter": "15",
11745	+	"Jitter": "15",
11746	-	"Maxdns": "255",
11746	+	"Maxdns": "255",
11747	-	"C2 Server": "help.office-books.com,/wp-admin/admin-ajax.php",
11747	+	"C2 Server": "help.office-books.com,/wp-admin/admin-ajax.php",
11748	-	"User Agent": "Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.163 Safari/537.36",
11748	+	"User Agent": "Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.163 Safari/537.36",
11749	-	"HTTP Method Path 2": "/wp-admin/api.php",
11749	+	"HTTP Method Path 2": "/wp-admin/api.php",
11750	-	"Header1": "",
11750	+	"Header1": "",
11751	-	"Header2": "",
11751	+	"Header2": "",
11752	-	"PipeName": "",
11752	+	"PipeName": "",
11753	-	"DNS Idle": "\\x08\\x08\\x04\\x04",
11753	+	"DNS Idle": "\\x08\\x08\\x04\\x04",
11754	-	"DNS Sleep": "0",
11754	+	"DNS Sleep": "0",
11755	-	"Method1": "GET",
11755	+	"Method1": "GET",
11756	-	"Method2": "GET",
11756	+	"Method2": "GET",
11757	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
11757	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
11758	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
11758	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
11759	-	"Proxy_AccessType": "2 (Use IE settings)"
11759	+	"Proxy_AccessType": "2 (Use IE settings)"
11760	-	}
11760	+	}
11761	-	},
11761	+	},
11762	-	"68.183.85.105": {
11762	+	"68.183.85.105": {
11763	-	"x86": {
11763	+	"x86": {
11764	-	"BeaconType": "8 (HTTPS)",
11764	+	"BeaconType": "8 (HTTPS)",
11765	-	"Port": "443",
11765	+	"Port": "443",
11766	-	"Polling": "15000",
11766	+	"Polling": "15000",
11767	-	"Jitter": "90",
11767	+	"Jitter": "90",
11768	-	"Maxdns": "225",
11768	+	"Maxdns": "225",
11769	-	"C2 Server": "iecvlist.microsoft.com,/en-us/p/onerf/MeSilentPassport,cdnppe.vsassets.io,/gp/aj/private/reviewsGallery/get-application-resources,cdnads.msads.net,/api2/json/cluster/tasks,global.asazure.windows.net,/v3/links/ping-centre",
11769	+	"C2 Server": "iecvlist.microsoft.com,/en-us/p/onerf/MeSilentPassport,cdnppe.vsassets.io,/gp/aj/private/reviewsGallery/get-application-resources,cdnads.msads.net,/api2/json/cluster/tasks,global.asazure.windows.net,/v3/links/ping-centre",
11770	-	"User Agent": "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko",
11770	+	"User Agent": "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko",
11771	-	"HTTP Method Path 2": "/gql",
11771	+	"HTTP Method Path 2": "/gql",
11772	-	"Header1": "",
11772	+	"Header1": "",
11773	-	"Header2": "",
11773	+	"Header2": "",
11774	-	"PipeName": "",
11774	+	"PipeName": "",
11775	-	"DNS Idle": "h\\xD8<\\x84",
11775	+	"DNS Idle": "h\\xD8<\\x84",
11776	-	"DNS Sleep": "0",
11776	+	"DNS Sleep": "0",
11777	-	"Method1": "GET",
11777	+	"Method1": "GET",
11778	-	"Method2": "POST",
11778	+	"Method2": "POST",
11779	-	"Spawnto_x86": "%windir%\\syswow64\\WerFault.exe",
11779	+	"Spawnto_x86": "%windir%\\syswow64\\WerFault.exe",
11780	-	"Spawnto_x64": "%windir%\\sysnative\\WerFault.exe",
11780	+	"Spawnto_x64": "%windir%\\sysnative\\WerFault.exe",
11781	-	"Proxy_AccessType": "2 (Use IE settings)"
11781	+	"Proxy_AccessType": "2 (Use IE settings)"
11782	-	}
11782	+	}
11783	-	},
11783	+	},
11784	-	"74.118.138.108": {
11784	+	"74.118.138.108": {
11785	-	"x64": {
11785	+	"x64": {
11786	-	"BeaconType": "8 (HTTPS)",
11786	+	"BeaconType": "8 (HTTPS)",
11787	-	"Port": "443",
11787	+	"Port": "443",
11788	-	"Polling": "5000",
11788	+	"Polling": "5000",
11789	-	"Jitter": "10",
11789	+	"Jitter": "10",
11790	-	"Maxdns": "235",
11790	+	"Maxdns": "235",
11791	-	"C2 Server": "wolfnew.com,/us/ky/louisville/312-s-fourth-st.html",
11791	+	"C2 Server": "wolfnew.com,/us/ky/louisville/312-s-fourth-st.html",
11792	-	"User Agent": "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko)",
11792	+	"User Agent": "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko)",
11793	-	"HTTP Method Path 2": "/OrderEntryService.asmx/AddOrderLine",
11793	+	"HTTP Method Path 2": "/OrderEntryService.asmx/AddOrderLine",
11794	-	"Header1": "",
11794	+	"Header1": "",
11795	-	"Header2": "",
11795	+	"Header2": "",
11796	-	"PipeName": "",
11796	+	"PipeName": "",
11797	-	"DNS Idle": "\\x08\\x08\\x08\\x08",
11797	+	"DNS Idle": "\\x08\\x08\\x08\\x08",
11798	-	"DNS Sleep": "0",
11798	+	"DNS Sleep": "0",
11799	-	"Method1": "GET",
11799	+	"Method1": "GET",
11800	-	"Method2": "POST",
11800	+	"Method2": "POST",
11801	-	"Spawnto_x86": "%windir%\\syswow64\\mstsc.exe",
11801	+	"Spawnto_x86": "%windir%\\syswow64\\mstsc.exe",
11802	-	"Spawnto_x64": "%windir%\\sysnative\\mstsc.exe",
11802	+	"Spawnto_x64": "%windir%\\sysnative\\mstsc.exe",
11803	-	"Proxy_AccessType": "2 (Use IE settings)"
11803	+	"Proxy_AccessType": "2 (Use IE settings)"
11804	-	}
11804	+	}
11805	-	},
11805	+	},
11806	-	"74.118.138.144": {
11806	+	"74.118.138.144": {
11807	-	"x64": {
11807	+	"x64": {
11808	-	"BeaconType": "8 (HTTPS)",
11808	+	"BeaconType": "8 (HTTPS)",
11809	-	"Port": "443",
11809	+	"Port": "443",
11810	-	"Polling": "5000",
11810	+	"Polling": "5000",
11811	-	"Jitter": "10",
11811	+	"Jitter": "10",
11812	-	"Maxdns": "235",
11812	+	"Maxdns": "235",
11813	-	"C2 Server": "geotry.com,/us/ky/louisville/312-s-fourth-st.html",
11813	+	"C2 Server": "geotry.com,/us/ky/louisville/312-s-fourth-st.html",
11814	-	"User Agent": "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko)",
11814	+	"User Agent": "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko)",
11815	-	"HTTP Method Path 2": "/OrderEntryService.asmx/AddOrderLine",
11815	+	"HTTP Method Path 2": "/OrderEntryService.asmx/AddOrderLine",
11816	-	"Header1": "",
11816	+	"Header1": "",
11817	-	"Header2": "",
11817	+	"Header2": "",
11818	-	"PipeName": "",
11818	+	"PipeName": "",
11819	-	"DNS Idle": "\\x08\\x08\\x08\\x08",
11819	+	"DNS Idle": "\\x08\\x08\\x08\\x08",
11820	-	"DNS Sleep": "0",
11820	+	"DNS Sleep": "0",
11821	-	"Method1": "GET",
11821	+	"Method1": "GET",
11822	-	"Method2": "POST",
11822	+	"Method2": "POST",
11823	-	"Spawnto_x86": "%windir%\\syswow64\\mstsc.exe",
11823	+	"Spawnto_x86": "%windir%\\syswow64\\mstsc.exe",
11824	-	"Spawnto_x64": "%windir%\\sysnative\\mstsc.exe",
11824	+	"Spawnto_x64": "%windir%\\sysnative\\mstsc.exe",
11825	-	"Proxy_AccessType": "2 (Use IE settings)"
11825	+	"Proxy_AccessType": "2 (Use IE settings)"
11826	-	}
11826	+	}
11827	-	},
11827	+	},
11828	-	"74.118.138.25": {
11828	+	"74.118.138.25": {
11829	-	"x86": {
11829	+	"x86": {
11830	-	"BeaconType": "8 (HTTPS)",
11830	+	"BeaconType": "8 (HTTPS)",
11831	-	"Port": "443",
11831	+	"Port": "443",
11832	-	"Polling": "5000",
11832	+	"Polling": "5000",
11833	-	"Jitter": "10",
11833	+	"Jitter": "10",
11834	-	"Maxdns": "235",
11834	+	"Maxdns": "235",
11835	-	"C2 Server": "domways.com,/us/ky/louisville/312-s-fourth-st.html",
11835	+	"C2 Server": "domways.com,/us/ky/louisville/312-s-fourth-st.html",
11836	-	"User Agent": "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko)",
11836	+	"User Agent": "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko)",
11837	-	"HTTP Method Path 2": "/OrderEntryService.asmx/AddOrderLine",
11837	+	"HTTP Method Path 2": "/OrderEntryService.asmx/AddOrderLine",
11838	-	"Header1": "",
11838	+	"Header1": "",
11839	-	"Header2": "",
11839	+	"Header2": "",
11840	-	"PipeName": "",
11840	+	"PipeName": "",
11841	-	"DNS Idle": "\\x08\\x08\\x08\\x08",
11841	+	"DNS Idle": "\\x08\\x08\\x08\\x08",
11842	-	"DNS Sleep": "0",
11842	+	"DNS Sleep": "0",
11843	-	"Method1": "GET",
11843	+	"Method1": "GET",
11844	-	"Method2": "POST",
11844	+	"Method2": "POST",
11845	-	"Spawnto_x86": "%windir%\\syswow64\\mstsc.exe",
11845	+	"Spawnto_x86": "%windir%\\syswow64\\mstsc.exe",
11846	-	"Spawnto_x64": "%windir%\\sysnative\\mstsc.exe",
11846	+	"Spawnto_x64": "%windir%\\sysnative\\mstsc.exe",
11847	-	"Proxy_AccessType": "2 (Use IE settings)"
11847	+	"Proxy_AccessType": "2 (Use IE settings)"
11848	-	},
11848	+	},
11849	-	"x64": {
11849	+	"x64": {
11850	-	"BeaconType": "8 (HTTPS)",
11850	+	"BeaconType": "8 (HTTPS)",
11851	-	"Port": "443",
11851	+	"Port": "443",
11852	-	"Polling": "5000",
11852	+	"Polling": "5000",
11853	-	"Jitter": "10",
11853	+	"Jitter": "10",
11854	-	"Maxdns": "235",
11854	+	"Maxdns": "235",
11855	-	"C2 Server": "domways.com,/us/ky/louisville/312-s-fourth-st.html",
11855	+	"C2 Server": "domways.com,/us/ky/louisville/312-s-fourth-st.html",
11856	-	"User Agent": "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko)",
11856	+	"User Agent": "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko)",
11857	-	"HTTP Method Path 2": "/OrderEntryService.asmx/AddOrderLine",
11857	+	"HTTP Method Path 2": "/OrderEntryService.asmx/AddOrderLine",
11858	-	"Header1": "",
11858	+	"Header1": "",
11859	-	"Header2": "",
11859	+	"Header2": "",
11860	-	"PipeName": "",
11860	+	"PipeName": "",
11861	-	"DNS Idle": "\\x08\\x08\\x08\\x08",
11861	+	"DNS Idle": "\\x08\\x08\\x08\\x08",
11862	-	"DNS Sleep": "0",
11862	+	"DNS Sleep": "0",
11863	-	"Method1": "GET",
11863	+	"Method1": "GET",
11864	-	"Method2": "POST",
11864	+	"Method2": "POST",
11865	-	"Spawnto_x86": "%windir%\\syswow64\\mstsc.exe",
11865	+	"Spawnto_x86": "%windir%\\syswow64\\mstsc.exe",
11866	-	"Spawnto_x64": "%windir%\\sysnative\\mstsc.exe",
11866	+	"Spawnto_x64": "%windir%\\sysnative\\mstsc.exe",
11867	-	"Proxy_AccessType": "2 (Use IE settings)"
11867	+	"Proxy_AccessType": "2 (Use IE settings)"
11868	-	}
11868	+	}
11869	-	},
11869	+	},
11870	-	"74.121.151.174": {
11870	+	"74.121.151.174": {
11871	-	"x86": {
11871	+	"x86": {
11872	-	"BeaconType": "8 (HTTPS)",
11872	+	"BeaconType": "8 (HTTPS)",
11873	-	"Port": "443",
11873	+	"Port": "443",
11874	-	"Polling": "6",
11874	+	"Polling": "6",
11875	-	"Jitter": "37",
11875	+	"Jitter": "37",
11876	-	"Maxdns": "255",
11876	+	"Maxdns": "255",
11877	-	"C2 Server": "74.121.151.174,/jquery-3.3.1.min.js",
11877	+	"C2 Server": "74.121.151.174,/jquery-3.3.1.min.js",
11878	-	"User Agent": "Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko",
11878	+	"User Agent": "Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko",
11879	-	"HTTP Method Path 2": "/jquery-3.3.2.min.js",
11879	+	"HTTP Method Path 2": "/jquery-3.3.2.min.js",
11880	-	"Header1": "",
11880	+	"Header1": "",
11881	-	"Header2": "",
11881	+	"Header2": "",
11882	-	"PipeName": "",
11882	+	"PipeName": "",
11883	-	"DNS Idle": "J}\\xC4q",
11883	+	"DNS Idle": "J}\\xC4q",
11884	-	"DNS Sleep": "0",
11884	+	"DNS Sleep": "0",
11885	-	"Method1": "GET",
11885	+	"Method1": "GET",
11886	-	"Method2": "POST",
11886	+	"Method2": "POST",
11887	-	"Spawnto_x86": "%windir%\\syswow64\\dllhost.exe",
11887	+	"Spawnto_x86": "%windir%\\syswow64\\dllhost.exe",
11888	-	"Spawnto_x64": "%windir%\\sysnative\\dllhost.exe",
11888	+	"Spawnto_x64": "%windir%\\sysnative\\dllhost.exe",
11889	-	"Proxy_AccessType": "2 (Use IE settings)"
11889	+	"Proxy_AccessType": "2 (Use IE settings)"
11890	-	},
11890	+	},
11891	-	"x64": {
11891	+	"x64": {
11892	-	"BeaconType": "8 (HTTPS)",
11892	+	"BeaconType": "8 (HTTPS)",
11893	-	"Port": "443",
11893	+	"Port": "443",
11894	-	"Polling": "6",
11894	+	"Polling": "6",
11895	-	"Jitter": "37",
11895	+	"Jitter": "37",
11896	-	"Maxdns": "255",
11896	+	"Maxdns": "255",
11897	-	"C2 Server": "74.121.151.174,/jquery-3.3.1.min.js",
11897	+	"C2 Server": "74.121.151.174,/jquery-3.3.1.min.js",
11898	-	"User Agent": "Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko",
11898	+	"User Agent": "Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko",
11899	-	"HTTP Method Path 2": "/jquery-3.3.2.min.js",
11899	+	"HTTP Method Path 2": "/jquery-3.3.2.min.js",
11900	-	"Header1": "",
11900	+	"Header1": "",
11901	-	"Header2": "",
11901	+	"Header2": "",
11902	-	"PipeName": "",
11902	+	"PipeName": "",
11903	-	"DNS Idle": "J}\\xC4q",
11903	+	"DNS Idle": "J}\\xC4q",
11904	-	"DNS Sleep": "0",
11904	+	"DNS Sleep": "0",
11905	-	"Method1": "GET",
11905	+	"Method1": "GET",
11906	-	"Method2": "POST",
11906	+	"Method2": "POST",
11907	-	"Spawnto_x86": "%windir%\\syswow64\\dllhost.exe",
11907	+	"Spawnto_x86": "%windir%\\syswow64\\dllhost.exe",
11908	-	"Spawnto_x64": "%windir%\\sysnative\\dllhost.exe",
11908	+	"Spawnto_x64": "%windir%\\sysnative\\dllhost.exe",
11909	-	"Proxy_AccessType": "2 (Use IE settings)"
11909	+	"Proxy_AccessType": "2 (Use IE settings)"
11910	-	}
11910	+	}
11911	-	},
11911	+	},
11912	-	"77.123.155.74": {
11912	+	"77.123.155.74": {
11913	-	"x86": {
11913	+	"x86": {
11914	-	"BeaconType": "8 (HTTPS)",
11914	+	"BeaconType": "8 (HTTPS)",
11915	-	"Port": "443",
11915	+	"Port": "443",
11916	-	"Polling": "30000",
11916	+	"Polling": "30000",
11917	-	"Jitter": "20",
11917	+	"Jitter": "20",
11918	-	"Maxdns": "235",
11918	+	"Maxdns": "235",
11919	-	"C2 Server": "77.123.155.74,/owa/",
11919	+	"C2 Server": "77.123.155.74,/owa/",
11920	-	"User Agent": "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko)",
11920	+	"User Agent": "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko)",
11921	-	"HTTP Method Path 2": "/OWA/",
11921	+	"HTTP Method Path 2": "/OWA/",
11922	-	"Header1": "",
11922	+	"Header1": "",
11923	-	"Header2": "",
11923	+	"Header2": "",
11924	-	"PipeName": "",
11924	+	"PipeName": "",
11925	-	"DNS Idle": "\\x08\\x08\\x08\\x08",
11925	+	"DNS Idle": "\\x08\\x08\\x08\\x08",
11926	-	"DNS Sleep": "0",
11926	+	"DNS Sleep": "0",
11927	-	"Method1": "GET",
11927	+	"Method1": "GET",
11928	-	"Method2": "GET",
11928	+	"Method2": "GET",
11929	-	"Spawnto_x86": "%windir%\\syswow64\\gpupdate.exe",
11929	+	"Spawnto_x86": "%windir%\\syswow64\\gpupdate.exe",
11930	-	"Spawnto_x64": "%windir%\\sysnative\\gpupdate.exe",
11930	+	"Spawnto_x64": "%windir%\\sysnative\\gpupdate.exe",
11931	-	"Proxy_AccessType": "2 (Use IE settings)"
11931	+	"Proxy_AccessType": "2 (Use IE settings)"
11932	-	},
11932	+	},
11933	-	"x64": {
11933	+	"x64": {
11934	-	"BeaconType": "8 (HTTPS)",
11934	+	"BeaconType": "8 (HTTPS)",
11935	-	"Port": "443",
11935	+	"Port": "443",
11936	-	"Polling": "30000",
11936	+	"Polling": "30000",
11937	-	"Jitter": "20",
11937	+	"Jitter": "20",
11938	-	"Maxdns": "235",
11938	+	"Maxdns": "235",
11939	-	"C2 Server": "77.123.155.74,/owa/",
11939	+	"C2 Server": "77.123.155.74,/owa/",
11940	-	"User Agent": "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko)",
11940	+	"User Agent": "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko)",
11941	-	"HTTP Method Path 2": "/OWA/",
11941	+	"HTTP Method Path 2": "/OWA/",
11942	-	"Header1": "",
11942	+	"Header1": "",
11943	-	"Header2": "",
11943	+	"Header2": "",
11944	-	"PipeName": "",
11944	+	"PipeName": "",
11945	-	"DNS Idle": "\\x08\\x08\\x08\\x08",
11945	+	"DNS Idle": "\\x08\\x08\\x08\\x08",
11946	-	"DNS Sleep": "0",
11946	+	"DNS Sleep": "0",
11947	-	"Method1": "GET",
11947	+	"Method1": "GET",
11948	-	"Method2": "GET",
11948	+	"Method2": "GET",
11949	-	"Spawnto_x86": "%windir%\\syswow64\\gpupdate.exe",
11949	+	"Spawnto_x86": "%windir%\\syswow64\\gpupdate.exe",
11950	-	"Spawnto_x64": "%windir%\\sysnative\\gpupdate.exe",
11950	+	"Spawnto_x64": "%windir%\\sysnative\\gpupdate.exe",
11951	-	"Proxy_AccessType": "2 (Use IE settings)"
11951	+	"Proxy_AccessType": "2 (Use IE settings)"
11952	-	}
11952	+	}
11953	-	},
11953	+	},
11954	-	"78.108.180.43": {
11954	+	"78.108.180.43": {
11955	-	"x64": {
11955	+	"x64": {
11956	-	"BeaconType": "8 (HTTPS)",
11956	+	"BeaconType": "8 (HTTPS)",
11957	-	"Port": "443",
11957	+	"Port": "443",
11958	-	"Polling": "38310",
11958	+	"Polling": "38310",
11959	-	"Jitter": "35",
11959	+	"Jitter": "35",
11960	-	"Maxdns": "245",
11960	+	"Maxdns": "245",
11961	-	"C2 Server": "chromeupdates.best,/admin",
11961	+	"C2 Server": "chromeupdates.best,/admin",
11962	-	"User Agent": "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/587.38 (KHTML, like Gecko) Chrome/41.0.227.0 Safari/536.3",
11962	+	"User Agent": "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/587.38 (KHTML, like Gecko) Chrome/41.0.227.0 Safari/536.3",
11963	-	"HTTP Method Path 2": "/Login",
11963	+	"HTTP Method Path 2": "/Login",
11964	-	"Header1": "",
11964	+	"Header1": "",
11965	-	"Header2": "",
11965	+	"Header2": "",
11966	-	"PipeName": "",
11966	+	"PipeName": "",
11967	-	"DNS Idle": "\\x00\\x00\\x00\\x00",
11967	+	"DNS Idle": "\\x00\\x00\\x00\\x00",
11968	-	"DNS Sleep": "0",
11968	+	"DNS Sleep": "0",
11969	-	"Method1": "GET",
11969	+	"Method1": "GET",
11970	-	"Method2": "GET",
11970	+	"Method2": "GET",
11971	-	"Spawnto_x86": "%windir%\\syswow64\\gpupdate.exe",
11971	+	"Spawnto_x86": "%windir%\\syswow64\\gpupdate.exe",
11972	-	"Spawnto_x64": "%windir%\\sysnative\\gpupdate.exe",
11972	+	"Spawnto_x64": "%windir%\\sysnative\\gpupdate.exe",
11973	-	"Proxy_AccessType": "2 (Use IE settings)"
11973	+	"Proxy_AccessType": "2 (Use IE settings)"
11974	-	}
11974	+	}
11975	-	},
11975	+	},
11976	-	"78.128.113.14": {
11976	+	"78.128.113.14": {
11977	-	"x64": {
11977	+	"x64": {
11978	-	"BeaconType": "8 (HTTPS)",
11978	+	"BeaconType": "8 (HTTPS)",
11979	-	"Port": "443",
11979	+	"Port": "443",
11980	-	"Polling": "60000",
11980	+	"Polling": "60000",
11981	-	"Jitter": "0",
11981	+	"Jitter": "0",
11982	-	"Maxdns": "255",
11982	+	"Maxdns": "255",
11983	-	"C2 Server": "78.128.113.14,/j.ad",
11983	+	"C2 Server": "78.128.113.14,/j.ad",
11984	-	"User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; BOIE9;ENUSMSE)",
11984	+	"User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; BOIE9;ENUSMSE)",
11985	-	"HTTP Method Path 2": "/submit.php",
11985	+	"HTTP Method Path 2": "/submit.php",
11986	-	"Header1": "",
11986	+	"Header1": "",
11987	-	"Header2": "",
11987	+	"Header2": "",
11988	-	"PipeName": "",
11988	+	"PipeName": "",
11989	-	"DNS Idle": "\\x00\\x00\\x00\\x00",
11989	+	"DNS Idle": "\\x00\\x00\\x00\\x00",
11990	-	"DNS Sleep": "0",
11990	+	"DNS Sleep": "0",
11991	-	"Method1": "GET",
11991	+	"Method1": "GET",
11992	-	"Method2": "POST",
11992	+	"Method2": "POST",
11993	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
11993	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
11994	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
11994	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
11995	-	"Proxy_AccessType": "2 (Use IE settings)"
11995	+	"Proxy_AccessType": "2 (Use IE settings)"
11996	-	}
11996	+	}
11997	-	},
11997	+	},
11998	-	"78.129.165.207": {
11998	+	"78.129.165.207": {
11999	-	"x86": {
11999	+	"x86": {
12000	-	"BeaconType": "8 (HTTPS)",
12000	+	"BeaconType": "8 (HTTPS)",
12001	-	"Port": "443",
12001	+	"Port": "443",
12002	-	"Polling": "55007",
12002	+	"Polling": "55007",
12003	-	"Jitter": "37",
12003	+	"Jitter": "37",
12004	-	"C2 Server": "s91-update.mala7at.com,/lu",
12004	+	"C2 Server": "s91-update.mala7at.com,/lu",
12005	-	"HTTP Method Path 2": "/dhl",
12005	+	"HTTP Method Path 2": "/dhl",
12006	-	"Method1": "GET",
12006	+	"Method1": "GET",
12007	-	"Method2": "POST",
12007	+	"Method2": "POST",
12008	-	"Spawnto_x86": "%windir%\\syswow64\\regsvr32.exe",
12008	+	"Spawnto_x86": "%windir%\\syswow64\\regsvr32.exe",
12009	-	"Spawnto_x64": "%windir%\\sysnative\\regsvr32.exe",
12009	+	"Spawnto_x64": "%windir%\\sysnative\\regsvr32.exe",
12010	-	"Proxy_AccessType": "2 (Use IE settings)"
12010	+	"Proxy_AccessType": "2 (Use IE settings)"
12011	-	}
12011	+	}
12012	-	},
12012	+	},
12013	-	"79.141.160.16": {
12013	+	"79.141.160.16": {
12014	-	"x86": {
12014	+	"x86": {
12015	-	"BeaconType": "8 (HTTPS)",
12015	+	"BeaconType": "8 (HTTPS)",
12016	-	"Port": "443",
12016	+	"Port": "443",
12017	-	"Polling": "55000",
12017	+	"Polling": "55000",
12018	-	"Jitter": "20",
12018	+	"Jitter": "20",
12019	-	"Maxdns": "61",
12019	+	"Maxdns": "61",
12020	-	"C2 Server": "zerocdn.net,/static/fetch.umd.min.js",
12020	+	"C2 Server": "zerocdn.net,/static/fetch.umd.min.js",
12021	-	"User Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4147.89 Safari/537.36",
12021	+	"User Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4147.89 Safari/537.36",
12022	-	"HTTP Method Path 2": "/submit/analytics/fetch.js",
12022	+	"HTTP Method Path 2": "/submit/analytics/fetch.js",
12023	-	"Header1": "",
12023	+	"Header1": "",
12024	-	"Header2": "",
12024	+	"Header2": "",
12025	-	"PipeName": "",
12025	+	"PipeName": "",
12026	-	"DNS Idle": "J}\\x15\\x8A",
12026	+	"DNS Idle": "J}\\x15\\x8A",
12027	-	"DNS Sleep": "0",
12027	+	"DNS Sleep": "0",
12028	-	"Method1": "GET",
12028	+	"Method1": "GET",
12029	-	"Method2": "POST",
12029	+	"Method2": "POST",
12030	-	"Spawnto_x86": "%windir%\\syswow64\\dllhost.exe",
12030	+	"Spawnto_x86": "%windir%\\syswow64\\dllhost.exe",
12031	-	"Spawnto_x64": "%windir%\\sysnative\\dllhost.exe",
12031	+	"Spawnto_x64": "%windir%\\sysnative\\dllhost.exe",
12032	-	"Proxy_AccessType": "2 (Use IE settings)"
12032	+	"Proxy_AccessType": "2 (Use IE settings)"
12033	-	}
12033	+	}
12034	-	},
12034	+	},
12035	-	"79.141.160.21": {
12035	+	"79.141.160.21": {
12036	-	"x86": {
12036	+	"x86": {
12037	-	"BeaconType": "8 (HTTPS)",
12037	+	"BeaconType": "8 (HTTPS)",
12038	-	"Port": "443",
12038	+	"Port": "443",
12039	-	"Polling": "55000",
12039	+	"Polling": "55000",
12040	-	"Jitter": "20",
12040	+	"Jitter": "20",
12041	-	"Maxdns": "61",
12041	+	"Maxdns": "61",
12042	-	"C2 Server": "zerocdn.net,/static/fetch.umd.min.js",
12042	+	"C2 Server": "zerocdn.net,/static/fetch.umd.min.js",
12043	-	"User Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4147.89 Safari/537.36",
12043	+	"User Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4147.89 Safari/537.36",
12044	-	"HTTP Method Path 2": "/submit/analytics/fetch.js",
12044	+	"HTTP Method Path 2": "/submit/analytics/fetch.js",
12045	-	"Header1": "",
12045	+	"Header1": "",
12046	-	"Header2": "",
12046	+	"Header2": "",
12047	-	"PipeName": "",
12047	+	"PipeName": "",
12048	-	"DNS Idle": "J}\\x15\\x8A",
12048	+	"DNS Idle": "J}\\x15\\x8A",
12049	-	"DNS Sleep": "0",
12049	+	"DNS Sleep": "0",
12050	-	"Method1": "GET",
12050	+	"Method1": "GET",
12051	-	"Method2": "POST",
12051	+	"Method2": "POST",
12052	-	"Spawnto_x86": "%windir%\\syswow64\\dllhost.exe",
12052	+	"Spawnto_x86": "%windir%\\syswow64\\dllhost.exe",
12053	-	"Spawnto_x64": "%windir%\\sysnative\\dllhost.exe",
12053	+	"Spawnto_x64": "%windir%\\sysnative\\dllhost.exe",
12054	-	"Proxy_AccessType": "2 (Use IE settings)"
12054	+	"Proxy_AccessType": "2 (Use IE settings)"
12055	-	}
12055	+	}
12056	-	},
12056	+	},
12057	-	"79.141.164.206": {
12057	+	"79.141.164.206": {
12058	-	"x86": {
12058	+	"x86": {
12059	-	"BeaconType": "8 (HTTPS)",
12059	+	"BeaconType": "8 (HTTPS)",
12060	-	"Port": "443",
12060	+	"Port": "443",
12061	-	"Polling": "60000",
12061	+	"Polling": "60000",
12062	-	"Jitter": "0",
12062	+	"Jitter": "0",
12063	-	"Maxdns": "255",
12063	+	"Maxdns": "255",
12064	-	"C2 Server": "79.141.164.206,/IE9CompatViewList.xml",
12064	+	"C2 Server": "79.141.164.206,/IE9CompatViewList.xml",
12065	-	"User Agent": "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; QQDownload 733; .NET CLR 2.0.50727)",
12065	+	"User Agent": "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; QQDownload 733; .NET CLR 2.0.50727)",
12066	-	"HTTP Method Path 2": "/submit.php",
12066	+	"HTTP Method Path 2": "/submit.php",
12067	-	"Header1": "",
12067	+	"Header1": "",
12068	-	"Header2": "",
12068	+	"Header2": "",
12069	-	"PipeName": "",
12069	+	"PipeName": "",
12070	-	"DNS Idle": "\\x00\\x00\\x00\\x00",
12070	+	"DNS Idle": "\\x00\\x00\\x00\\x00",
12071	-	"DNS Sleep": "0",
12071	+	"DNS Sleep": "0",
12072	-	"Method1": "GET",
12072	+	"Method1": "GET",
12073	-	"Method2": "POST",
12073	+	"Method2": "POST",
12074	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
12074	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
12075	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
12075	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
12076	-	"Proxy_AccessType": "2 (Use IE settings)"
12076	+	"Proxy_AccessType": "2 (Use IE settings)"
12077	-	}
12077	+	}
12078	-	},
12078	+	},
12079	-	"80.209.241.7": {
12079	+	"80.209.241.7": {
12080	-	"x86": {
12080	+	"x86": {
12081	-	"BeaconType": "8 (HTTPS)",
12081	+	"BeaconType": "8 (HTTPS)",
12082	-	"Port": "443",
12082	+	"Port": "443",
12083	-	"Polling": "30000",
12083	+	"Polling": "30000",
12084	-	"Jitter": "0",
12084	+	"Jitter": "0",
12085	-	"Maxdns": "255",
12085	+	"Maxdns": "255",
12086	-	"C2 Server": "94.140.114.160,/include/template/isx.php",
12086	+	"C2 Server": "94.140.114.160,/include/template/isx.php",
12087	-	"User Agent": "Mozilla/5.0 (Windows; U; MSIE 7.0; Windows NT 5.2) Java/1.5.0_08",
12087	+	"User Agent": "Mozilla/5.0 (Windows; U; MSIE 7.0; Windows NT 5.2) Java/1.5.0_08",
12088	-	"HTTP Method Path 2": "/blog/wp-includes/pomo/src.php",
12088	+	"HTTP Method Path 2": "/blog/wp-includes/pomo/src.php",
12089	-	"Header1": "",
12089	+	"Header1": "",
12090	-	"Header2": "",
12090	+	"Header2": "",
12091	-	"PipeName": "",
12091	+	"PipeName": "",
12092	-	"DNS Idle": "\\x00\\x00\\x00\\x00",
12092	+	"DNS Idle": "\\x00\\x00\\x00\\x00",
12093	-	"DNS Sleep": "0",
12093	+	"DNS Sleep": "0",
12094	-	"Method1": "GET",
12094	+	"Method1": "GET",
12095	-	"Method2": "POST",
12095	+	"Method2": "POST",
12096	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
12096	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
12097	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
12097	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
12098	-	"Proxy_AccessType": "2 (Use IE settings)"
12098	+	"Proxy_AccessType": "2 (Use IE settings)"
12099	-	}
12099	+	}
12100	-	},
12100	+	},
12101	-	"80.82.77.164": {
12101	+	"80.82.77.164": {
12102	-	"x86": {
12102	+	"x86": {
12103	-	"BeaconType": "8 (HTTPS)",
12103	+	"BeaconType": "8 (HTTPS)",
12104	-	"Port": "443",
12104	+	"Port": "443",
12105	-	"Polling": "60000",
12105	+	"Polling": "60000",
12106	-	"Jitter": "0",
12106	+	"Jitter": "0",
12107	-	"Maxdns": "255",
12107	+	"Maxdns": "255",
12108	-	"C2 Server": "80.82.77.164,/load",
12108	+	"C2 Server": "80.82.77.164,/load",
12109	-	"User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows Phone OS 7.5; Trident/5.0; IEMobile/9.0; LG; LG-E906)",
12109	+	"User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows Phone OS 7.5; Trident/5.0; IEMobile/9.0; LG; LG-E906)",
12110	-	"HTTP Method Path 2": "/submit.php",
12110	+	"HTTP Method Path 2": "/submit.php",
12111	-	"Header1": "",
12111	+	"Header1": "",
12112	-	"Header2": "",
12112	+	"Header2": "",
12113	-	"PipeName": "",
12113	+	"PipeName": "",
12114	-	"DNS Idle": "\\x00\\x00\\x00\\x00",
12114	+	"DNS Idle": "\\x00\\x00\\x00\\x00",
12115	-	"DNS Sleep": "0",
12115	+	"DNS Sleep": "0",
12116	-	"Method1": "GET",
12116	+	"Method1": "GET",
12117	-	"Method2": "POST",
12117	+	"Method2": "POST",
12118	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
12118	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
12119	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
12119	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
12120	-	"Proxy_AccessType": "2 (Use IE settings)"
12120	+	"Proxy_AccessType": "2 (Use IE settings)"
12121	-	},
12121	+	},
12122	-	"x64": {
12122	+	"x64": {
12123	-	"BeaconType": "8 (HTTPS)",
12123	+	"BeaconType": "8 (HTTPS)",
12124	-	"Port": "443",
12124	+	"Port": "443",
12125	-	"Polling": "60000",
12125	+	"Polling": "60000",
12126	-	"Jitter": "0",
12126	+	"Jitter": "0",
12127	-	"Maxdns": "255",
12127	+	"Maxdns": "255",
12128	-	"C2 Server": "80.82.77.164,/fwlink",
12128	+	"C2 Server": "80.82.77.164,/fwlink",
12129	-	"User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; BOIE9;ENUS)",
12129	+	"User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; BOIE9;ENUS)",
12130	-	"HTTP Method Path 2": "/submit.php",
12130	+	"HTTP Method Path 2": "/submit.php",
12131	-	"Header1": "",
12131	+	"Header1": "",
12132	-	"Header2": "",
12132	+	"Header2": "",
12133	-	"PipeName": "",
12133	+	"PipeName": "",
12134	-	"DNS Idle": "\\x00\\x00\\x00\\x00",
12134	+	"DNS Idle": "\\x00\\x00\\x00\\x00",
12135	-	"DNS Sleep": "0",
12135	+	"DNS Sleep": "0",
12136	-	"Method1": "GET",
12136	+	"Method1": "GET",
12137	-	"Method2": "POST",
12137	+	"Method2": "POST",
12138	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
12138	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
12139	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
12139	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
12140	-	"Proxy_AccessType": "2 (Use IE settings)"
12140	+	"Proxy_AccessType": "2 (Use IE settings)"
12141	-	}
12141	+	}
12142	-	},
12142	+	},
12143	-	"81.17.16.106": {
12143	+	"81.17.16.106": {
12144	-	"x64": {
12144	+	"x64": {
12145	-	"BeaconType": "8 (HTTPS)",
12145	+	"BeaconType": "8 (HTTPS)",
12146	-	"Port": "443",
12146	+	"Port": "443",
12147	-	"Polling": "60000",
12147	+	"Polling": "60000",
12148	-	"Jitter": "0",
12148	+	"Jitter": "0",
12149	-	"Maxdns": "255",
12149	+	"Maxdns": "255",
12150	-	"C2 Server": "81.17.16.106,/IE9CompatViewList.xml",
12150	+	"C2 Server": "81.17.16.106,/IE9CompatViewList.xml",
12151	-	"User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; UHS)",
12151	+	"User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; UHS)",
12152	-	"HTTP Method Path 2": "/submit.php",
12152	+	"HTTP Method Path 2": "/submit.php",
12153	-	"Header1": "",
12153	+	"Header1": "",
12154	-	"Header2": "",
12154	+	"Header2": "",
12155	-	"PipeName": "",
12155	+	"PipeName": "",
12156	-	"DNS Idle": "\\x00\\x00\\x00\\x00",
12156	+	"DNS Idle": "\\x00\\x00\\x00\\x00",
12157	-	"DNS Sleep": "0",
12157	+	"DNS Sleep": "0",
12158	-	"Method1": "GET",
12158	+	"Method1": "GET",
12159	-	"Method2": "POST",
12159	+	"Method2": "POST",
12160	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
12160	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
12161	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
12161	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
12162	-	"Proxy_AccessType": "2 (Use IE settings)"
12162	+	"Proxy_AccessType": "2 (Use IE settings)"
12163	-	}
12163	+	}
12164	-	},
12164	+	},
12165	-	"8.129.133.18": {
12165	+	"8.129.133.18": {
12166	-	"x64": {
12166	+	"x64": {
12167	-	"BeaconType": "8 (HTTPS)",
12167	+	"BeaconType": "8 (HTTPS)",
12168	-	"Port": "443",
12168	+	"Port": "443",
12169	-	"Polling": "8658",
12169	+	"Polling": "8658",
12170	-	"Jitter": "37",
12170	+	"Jitter": "37",
12171	-	"Maxdns": "243",
12171	+	"Maxdns": "243",
12172	-	"C2 Server": "8.129.133.18,/lu.js",
12172	+	"C2 Server": "8.129.133.18,/lu.js",
12173	-	"User Agent": "Mozilla/5.0 (Linux; Android 8.0.0; SM-G960F Build/R16NW) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3202",
12173	+	"User Agent": "Mozilla/5.0 (Linux; Android 8.0.0; SM-G960F Build/R16NW) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3202",
12174	-	"HTTP Method Path 2": "/html",
12174	+	"HTTP Method Path 2": "/html",
12175	-	"Header1": "",
12175	+	"Header1": "",
12176	-	"Header2": "",
12176	+	"Header2": "",
12177	-	"PipeName": "",
12177	+	"PipeName": "",
12178	-	"DNS Idle": "\\xC1\\x19\\xB3p",
12178	+	"DNS Idle": "\\xC1\\x19\\xB3p",
12179	-	"DNS Sleep": "0",
12179	+	"DNS Sleep": "0",
12180	-	"Method1": "GET",
12180	+	"Method1": "GET",
12181	-	"Method2": "POST",
12181	+	"Method2": "POST",
12182	-	"Spawnto_x86": "%windir%\\syswow64\\WUAUCLT.exe",
12182	+	"Spawnto_x86": "%windir%\\syswow64\\WUAUCLT.exe",
12183	-	"Spawnto_x64": "%windir%\\sysnative\\WUAUCLT.exe",
12183	+	"Spawnto_x64": "%windir%\\sysnative\\WUAUCLT.exe",
12184	-	"Proxy_AccessType": "2 (Use IE settings)"
12184	+	"Proxy_AccessType": "2 (Use IE settings)"
12185	-	}
12185	+	}
12186	-	},
12186	+	},
12187	-	"8.131.60.36": {
12187	+	"8.131.60.36": {
12188	-	"x86": {
12188	+	"x86": {
12189	-	"BeaconType": "8 (HTTPS)",
12189	+	"BeaconType": "8 (HTTPS)",
12190	-	"Port": "443",
12190	+	"Port": "443",
12191	-	"Polling": "1500",
12191	+	"Polling": "1500",
12192	-	"Jitter": "0",
12192	+	"Jitter": "0",
12193	-	"Maxdns": "235",
12193	+	"Maxdns": "235",
12194	-	"C2 Server": "8.131.60.36,/live-txy/check",
12194	+	"C2 Server": "8.131.60.36,/live-txy/check",
12195	-	"User Agent": "Shockwave Flash",
12195	+	"User Agent": "Shockwave Flash",
12196	-	"HTTP Method Path 2": "/live-txy/",
12196	+	"HTTP Method Path 2": "/live-txy/",
12197	-	"Header1": "",
12197	+	"Header1": "",
12198	-	"Header2": "",
12198	+	"Header2": "",
12199	-	"PipeName": "",
12199	+	"PipeName": "",
12200	-	"DNS Idle": "\\x08\\x08\\x04\\x04",
12200	+	"DNS Idle": "\\x08\\x08\\x04\\x04",
12201	-	"DNS Sleep": "0",
12201	+	"DNS Sleep": "0",
12202	-	"Method1": "GET",
12202	+	"Method1": "GET",
12203	-	"Method2": "POST",
12203	+	"Method2": "POST",
12204	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
12204	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
12205	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
12205	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
12206	-	"Proxy_AccessType": "2 (Use IE settings)"
12206	+	"Proxy_AccessType": "2 (Use IE settings)"
12207	-	}
12207	+	}
12208	-	},
12208	+	},
12209	-	"81.70.155.208": {
12209	+	"81.70.155.208": {
12210	-	"x64": {
12210	+	"x64": {
12211	-	"BeaconType": "8 (HTTPS)",
12211	+	"BeaconType": "8 (HTTPS)",
12212	-	"Port": "443",
12212	+	"Port": "443",
12213	-	"Polling": "60000",
12213	+	"Polling": "60000",
12214	-	"Jitter": "0",
12214	+	"Jitter": "0",
12215	-	"Maxdns": "255",
12215	+	"Maxdns": "255",
12216	-	"C2 Server": "81.70.155.208,/ga.js",
12216	+	"C2 Server": "81.70.155.208,/ga.js",
12217	-	"User Agent": "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; WOW64; Trident/6.0; MASAJS)",
12217	+	"User Agent": "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; WOW64; Trident/6.0; MASAJS)",
12218	-	"HTTP Method Path 2": "/submit.php",
12218	+	"HTTP Method Path 2": "/submit.php",
12219	-	"Header1": "",
12219	+	"Header1": "",
12220	-	"Header2": "",
12220	+	"Header2": "",
12221	-	"PipeName": "",
12221	+	"PipeName": "",
12222	-	"DNS Idle": "\\x00\\x00\\x00\\x00",
12222	+	"DNS Idle": "\\x00\\x00\\x00\\x00",
12223	-	"DNS Sleep": "0",
12223	+	"DNS Sleep": "0",
12224	-	"Method1": "GET",
12224	+	"Method1": "GET",
12225	-	"Method2": "POST",
12225	+	"Method2": "POST",
12226	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
12226	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
12227	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
12227	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
12228	-	"Proxy_AccessType": "2 (Use IE settings)"
12228	+	"Proxy_AccessType": "2 (Use IE settings)"
12229	-	}
12229	+	}
12230	-	},
12230	+	},
12231	-	"81.70.213.71": {
12231	+	"81.70.213.71": {
12232	-	"x86": {
12232	+	"x86": {
12233	-	"BeaconType": "8 (HTTPS)",
12233	+	"BeaconType": "8 (HTTPS)",
12234	-	"Port": "443",
12234	+	"Port": "443",
12235	-	"Polling": "10000",
12235	+	"Polling": "10000",
12236	-	"Jitter": "0",
12236	+	"Jitter": "0",
12237	-	"Maxdns": "235",
12237	+	"Maxdns": "235",
12238	-	"C2 Server": "81.70.213.71,/wp-content/themes/calliope/wp_data.php",
12238	+	"C2 Server": "81.70.213.71,/wp-content/themes/calliope/wp_data.php",
12239	-	"User Agent": "Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36",
12239	+	"User Agent": "Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36",
12240	-	"HTTP Method Path 2": "/jquery-3.3.2.min.js",
12240	+	"HTTP Method Path 2": "/jquery-3.3.2.min.js",
12241	-	"Header1": "",
12241	+	"Header1": "",
12242	-	"Header2": "",
12242	+	"Header2": "",
12243	-	"PipeName": "",
12243	+	"PipeName": "",
12244	-	"DNS Idle": "\\x08\\x08\\x04\\x04",
12244	+	"DNS Idle": "\\x08\\x08\\x04\\x04",
12245	-	"DNS Sleep": "0",
12245	+	"DNS Sleep": "0",
12246	-	"Method1": "GET",
12246	+	"Method1": "GET",
12247	-	"Method2": "POST",
12247	+	"Method2": "POST",
12248	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
12248	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
12249	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
12249	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
12250	-	"Proxy_AccessType": "2 (Use IE settings)"
12250	+	"Proxy_AccessType": "2 (Use IE settings)"
12251	-	}
12251	+	}
12252	-	},
12252	+	},
12253	-	"8.210.253.122": {
12253	+	"8.210.253.122": {
12254	-	"x86": {
12254	+	"x86": {
12255	-	"BeaconType": "8 (HTTPS)",
12255	+	"BeaconType": "8 (HTTPS)",
12256	-	"Port": "443",
12256	+	"Port": "443",
12257	-	"Polling": "60000",
12257	+	"Polling": "60000",
12258	-	"Jitter": "0",
12258	+	"Jitter": "0",
12259	-	"Maxdns": "255",
12259	+	"Maxdns": "255",
12260	-	"C2 Server": "8.210.253.122,/IE9CompatViewList.xml",
12260	+	"C2 Server": "8.210.253.122,/IE9CompatViewList.xml",
12261	-	"User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; ; NCLIENT50_AAPCDA5841E333)",
12261	+	"User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; ; NCLIENT50_AAPCDA5841E333)",
12262	-	"HTTP Method Path 2": "/submit.php",
12262	+	"HTTP Method Path 2": "/submit.php",
12263	-	"Header1": "",
12263	+	"Header1": "",
12264	-	"Header2": "",
12264	+	"Header2": "",
12265	-	"PipeName": "",
12265	+	"PipeName": "",
12266	-	"DNS Idle": "\\x00\\x00\\x00\\x00",
12266	+	"DNS Idle": "\\x00\\x00\\x00\\x00",
12267	-	"DNS Sleep": "0",
12267	+	"DNS Sleep": "0",
12268	-	"Method1": "GET",
12268	+	"Method1": "GET",
12269	-	"Method2": "POST",
12269	+	"Method2": "POST",
12270	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
12270	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
12271	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
12271	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
12272	-	"Proxy_AccessType": "2 (Use IE settings)"
12272	+	"Proxy_AccessType": "2 (Use IE settings)"
12273	-	}
12273	+	}
12274	-	},
12274	+	},
12275	-	"87.120.254.113": {
12275	+	"87.120.254.113": {
12276	-	"x86": {
12276	+	"x86": {
12277	-	"BeaconType": "8 (HTTPS)",
12277	+	"BeaconType": "8 (HTTPS)",
12278	-	"Port": "443",
12278	+	"Port": "443",
12279	-	"Polling": "5000",
12279	+	"Polling": "5000",
12280	-	"Jitter": "0",
12280	+	"Jitter": "0",
12281	-	"Maxdns": "255",
12281	+	"Maxdns": "255",
12282	-	"C2 Server": "h22.club,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books",
12282	+	"C2 Server": "h22.club,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books",
12283	-	"User Agent": "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko",
12283	+	"User Agent": "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko",
12284	-	"HTTP Method Path 2": "/N4215/adj/amzn.us.sr.aps",
12284	+	"HTTP Method Path 2": "/N4215/adj/amzn.us.sr.aps",
12285	-	"Header1": "",
12285	+	"Header1": "",
12286	-	"Header2": "",
12286	+	"Header2": "",
12287	-	"PipeName": "",
12287	+	"PipeName": "",
12288	-	"DNS Idle": "\\x00\\x00\\x00\\x00",
12288	+	"DNS Idle": "\\x00\\x00\\x00\\x00",
12289	-	"DNS Sleep": "0",
12289	+	"DNS Sleep": "0",
12290	-	"Method1": "GET",
12290	+	"Method1": "GET",
12291	-	"Method2": "POST",
12291	+	"Method2": "POST",
12292	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
12292	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
12293	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
12293	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
12294	-	"Proxy_AccessType": "2 (Use IE settings)"
12294	+	"Proxy_AccessType": "2 (Use IE settings)"
12295	-	},
12295	+	},
12296	-	"x64": {
12296	+	"x64": {
12297	-	"BeaconType": "8 (HTTPS)",
12297	+	"BeaconType": "8 (HTTPS)",
12298	-	"Port": "443",
12298	+	"Port": "443",
12299	-	"Polling": "5000",
12299	+	"Polling": "5000",
12300	-	"Jitter": "0",
12300	+	"Jitter": "0",
12301	-	"Maxdns": "255",
12301	+	"Maxdns": "255",
12302	-	"C2 Server": "h22.club,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books",
12302	+	"C2 Server": "h22.club,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books",
12303	-	"User Agent": "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko",
12303	+	"User Agent": "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko",
12304	-	"HTTP Method Path 2": "/N4215/adj/amzn.us.sr.aps",
12304	+	"HTTP Method Path 2": "/N4215/adj/amzn.us.sr.aps",
12305	-	"Header1": "",
12305	+	"Header1": "",
12306	-	"Header2": "",
12306	+	"Header2": "",
12307	-	"PipeName": "",
12307	+	"PipeName": "",
12308	-	"DNS Idle": "\\x00\\x00\\x00\\x00",
12308	+	"DNS Idle": "\\x00\\x00\\x00\\x00",
12309	-	"DNS Sleep": "0",
12309	+	"DNS Sleep": "0",
12310	-	"Method1": "GET",
12310	+	"Method1": "GET",
12311	-	"Method2": "POST",
12311	+	"Method2": "POST",
12312	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
12312	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
12313	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
12313	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
12314	-	"Proxy_AccessType": "2 (Use IE settings)"
12314	+	"Proxy_AccessType": "2 (Use IE settings)"
12315	-	}
12315	+	}
12316	-	},
12316	+	},
12317	-	"87.120.8.249": {
12317	+	"87.120.8.249": {
12318	-	"x86": {
12318	+	"x86": {
12319	-	"BeaconType": "8 (HTTPS)",
12319	+	"BeaconType": "8 (HTTPS)",
12320	-	"Port": "443",
12320	+	"Port": "443",
12321	-	"Polling": "45000",
12321	+	"Polling": "45000",
12322	-	"Jitter": "37",
12322	+	"Jitter": "37",
12323	-	"Maxdns": "255",
12323	+	"Maxdns": "255",
12324	-	"C2 Server": "87.120.8.249,/jquery-3.3.1.min.js",
12324	+	"C2 Server": "87.120.8.249,/jquery-3.3.1.min.js",
12325	-	"User Agent": "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.85 Safari/537.36",
12325	+	"User Agent": "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.85 Safari/537.36",
12326	-	"HTTP Method Path 2": "/jquery-3.3.2.min.js",
12326	+	"HTTP Method Path 2": "/jquery-3.3.2.min.js",
12327	-	"Header1": "",
12327	+	"Header1": "",
12328	-	"Header2": "",
12328	+	"Header2": "",
12329	-	"PipeName": "",
12329	+	"PipeName": "",
12330	-	"DNS Idle": "J}\\xC4q",
12330	+	"DNS Idle": "J}\\xC4q",
12331	-	"DNS Sleep": "0",
12331	+	"DNS Sleep": "0",
12332	-	"Method1": "GET",
12332	+	"Method1": "GET",
12333	-	"Method2": "POST",
12333	+	"Method2": "POST",
12334	-	"Spawnto_x86": "%windir%\\syswow64\\dllhost.exe",
12334	+	"Spawnto_x86": "%windir%\\syswow64\\dllhost.exe",
12335	-	"Spawnto_x64": "%windir%\\sysnative\\dllhost.exe",
12335	+	"Spawnto_x64": "%windir%\\sysnative\\dllhost.exe",
12336	-	"Proxy_AccessType": "2 (Use IE settings)"
12336	+	"Proxy_AccessType": "2 (Use IE settings)"
12337	-	}
12337	+	}
12338	-	},
12338	+	},
12339	-	"87.248.0.216": {
12339	+	"87.248.0.216": {
12340	-	"x86": {
12340	+	"x86": {
12341	-	"BeaconType": "8 (HTTPS)",
12341	+	"BeaconType": "8 (HTTPS)",
12342	-	"Port": "443",
12342	+	"Port": "443",
12343	-	"Polling": "5000",
12343	+	"Polling": "5000",
12344	-	"Jitter": "0",
12344	+	"Jitter": "0",
12345	-	"Maxdns": "255",
12345	+	"Maxdns": "255",
12346	-	"C2 Server": "ebs.awsedge.net,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books",
12346	+	"C2 Server": "ebs.awsedge.net,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books",
12347	-	"User Agent": "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko",
12347	+	"User Agent": "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko",
12348	-	"HTTP Method Path 2": "/N4215/adj/amzn.us.sr.aps",
12348	+	"HTTP Method Path 2": "/N4215/adj/amzn.us.sr.aps",
12349	-	"Header1": "",
12349	+	"Header1": "",
12350	-	"Header2": "",
12350	+	"Header2": "",
12351	-	"PipeName": "",
12351	+	"PipeName": "",
12352	-	"DNS Idle": "\\x00\\x00\\x00\\x00",
12352	+	"DNS Idle": "\\x00\\x00\\x00\\x00",
12353	-	"DNS Sleep": "0",
12353	+	"DNS Sleep": "0",
12354	-	"Method1": "GET",
12354	+	"Method1": "GET",
12355	-	"Method2": "POST",
12355	+	"Method2": "POST",
12356	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
12356	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
12357	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
12357	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
12358	-	"Proxy_AccessType": "2 (Use IE settings)"
12358	+	"Proxy_AccessType": "2 (Use IE settings)"
12359	-	}
12359	+	}
12360	-	},
12360	+	},
12361	-	"87.251.70.12": {
12361	+	"87.251.70.12": {
12362	-	"x86": {
12362	+	"x86": {
12363	-	"BeaconType": "8 (HTTPS)",
12363	+	"BeaconType": "8 (HTTPS)",
12364	-	"Port": "443",
12364	+	"Port": "443",
12365	-	"Polling": "60000",
12365	+	"Polling": "60000",
12366	-	"Jitter": "0",
12366	+	"Jitter": "0",
12367	-	"Maxdns": "255",
12367	+	"Maxdns": "255",
12368	-	"C2 Server": "supercombinating.com,/visit.js",
12368	+	"C2 Server": "supercombinating.com,/visit.js",
12369	-	"User Agent": "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)",
12369	+	"User Agent": "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)",
12370	-	"HTTP Method Path 2": "/submit.php",
12370	+	"HTTP Method Path 2": "/submit.php",
12371	-	"Header1": "",
12371	+	"Header1": "",
12372	-	"Header2": "",
12372	+	"Header2": "",
12373	-	"PipeName": "",
12373	+	"PipeName": "",
12374	-	"DNS Idle": "\\x00\\x00\\x00\\x00",
12374	+	"DNS Idle": "\\x00\\x00\\x00\\x00",
12375	-	"DNS Sleep": "0",
12375	+	"DNS Sleep": "0",
12376	-	"Method1": "GET",
12376	+	"Method1": "GET",
12377	-	"Method2": "POST",
12377	+	"Method2": "POST",
12378	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
12378	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
12379	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
12379	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
12380	-	"Proxy_AccessType": "2 (Use IE settings)"
12380	+	"Proxy_AccessType": "2 (Use IE settings)"
12381	-	}
12381	+	}
12382	-	},
12382	+	},
12383	-	"88.119.171.55": {
12383	+	"88.119.171.55": {
12384	-	"x86": {
12384	+	"x86": {
12385	-	"BeaconType": "8 (HTTPS)",
12385	+	"BeaconType": "8 (HTTPS)",
12386	-	"Port": "443",
12386	+	"Port": "443",
12387	-	"Polling": "55867",
12387	+	"Polling": "55867",
12388	-	"Jitter": "43",
12388	+	"Jitter": "43",
12389	-	"Maxdns": "253",
12389	+	"Maxdns": "253",
12390	-	"C2 Server": "88.119.171.55,/lv.html",
12390	+	"C2 Server": "88.119.171.55,/lv.html",
12391	-	"User Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Safari/537.36 Edge/12.246",
12391	+	"User Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Safari/537.36 Edge/12.246",
12392	-	"HTTP Method Path 2": "/dz",
12392	+	"HTTP Method Path 2": "/dz",
12393	-	"Header1": "",
12393	+	"Header1": "",
12394	-	"Header2": "",
12394	+	"Header2": "",
12395	-	"PipeName": "",
12395	+	"PipeName": "",
12396	-	"DNS Idle": "\\xB1\\x985\\xD4",
12396	+	"DNS Idle": "\\xB1\\x985\\xD4",
12397	-	"DNS Sleep": "0",
12397	+	"DNS Sleep": "0",
12398	-	"Method1": "GET",
12398	+	"Method1": "GET",
12399	-	"Method2": "POST",
12399	+	"Method2": "POST",
12400	-	"Spawnto_x86": "%windir%\\syswow64\\runonce.exe",
12400	+	"Spawnto_x86": "%windir%\\syswow64\\runonce.exe",
12401	-	"Spawnto_x64": "%windir%\\sysnative\\runonce.exe",
12401	+	"Spawnto_x64": "%windir%\\sysnative\\runonce.exe",
12402	-	"Proxy_AccessType": "2 (Use IE settings)"
12402	+	"Proxy_AccessType": "2 (Use IE settings)"
12403	-	}
12403	+	}
12404	-	},
12404	+	},
12405	-	"88.119.174.135": {
12405	+	"88.119.174.135": {
12406	-	"x86": {
12406	+	"x86": {
12407	-	"BeaconType": "8 (HTTPS)",
12407	+	"BeaconType": "8 (HTTPS)",
12408	-	"Port": "443",
12408	+	"Port": "443",
12409	-	"Polling": "64699",
12409	+	"Polling": "64699",
12410	-	"Jitter": "37",
12410	+	"Jitter": "37",
12411	-	"Maxdns": "250",
12411	+	"Maxdns": "250",
12412	-	"C2 Server": "yh.htpdomrtx.com,/be,yg.htpdomrtx.com,/be,yf.htpdomrtx.com,/be",
12412	+	"C2 Server": "yh.htpdomrtx.com,/be,yg.htpdomrtx.com,/be,yf.htpdomrtx.com,/be",
12413	-	"User Agent": "Mozilla/5.0 (Linux; Android 7.0; Pixel C Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0",
12413	+	"User Agent": "Mozilla/5.0 (Linux; Android 7.0; Pixel C Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0",
12414	-	"HTTP Method Path 2": "/search",
12414	+	"HTTP Method Path 2": "/search",
12415	-	"Header1": "",
12415	+	"Header1": "",
12416	-	"Header2": "",
12416	+	"Header2": "",
12417	-	"PipeName": "",
12417	+	"PipeName": "",
12418	-	"DNS Idle": "U\\xF9C>",
12418	+	"DNS Idle": "U\\xF9C>",
12419	-	"DNS Sleep": "0",
12419	+	"DNS Sleep": "0",
12420	-	"Method1": "GET",
12420	+	"Method1": "GET",
12421	-	"Method2": "POST",
12421	+	"Method2": "POST",
12422	-	"Spawnto_x86": "%windir%\\syswow64\\WUAUCLT.exe",
12422	+	"Spawnto_x86": "%windir%\\syswow64\\WUAUCLT.exe",
12423	-	"Spawnto_x64": "%windir%\\sysnative\\WUAUCLT.exe",
12423	+	"Spawnto_x64": "%windir%\\sysnative\\WUAUCLT.exe",
12424	-	"Proxy_AccessType": "2 (Use IE settings)"
12424	+	"Proxy_AccessType": "2 (Use IE settings)"
12425	-	},
12425	+	},
12426	-	"x64": {
12426	+	"x64": {
12427	-	"BeaconType": "8 (HTTPS)",
12427	+	"BeaconType": "8 (HTTPS)",
12428	-	"Port": "443",
12428	+	"Port": "443",
12429	-	"Polling": "64699",
12429	+	"Polling": "64699",
12430	-	"Jitter": "37",
12430	+	"Jitter": "37",
12431	-	"Maxdns": "250",
12431	+	"Maxdns": "250",
12432	-	"C2 Server": "yh.htpdomrtx.com,/be,yg.htpdomrtx.com,/be,yf.htpdomrtx.com,/be",
12432	+	"C2 Server": "yh.htpdomrtx.com,/be,yg.htpdomrtx.com,/be,yf.htpdomrtx.com,/be",
12433	-	"User Agent": "Mozilla/5.0 (Linux; Android 7.0; Pixel C Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0",
12433	+	"User Agent": "Mozilla/5.0 (Linux; Android 7.0; Pixel C Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0",
12434	-	"HTTP Method Path 2": "/search",
12434	+	"HTTP Method Path 2": "/search",
12435	-	"Header1": "",
12435	+	"Header1": "",
12436	-	"Header2": "",
12436	+	"Header2": "",
12437	-	"PipeName": "",
12437	+	"PipeName": "",
12438	-	"DNS Idle": "U\\xF9C>",
12438	+	"DNS Idle": "U\\xF9C>",
12439	-	"DNS Sleep": "0",
12439	+	"DNS Sleep": "0",
12440	-	"Method1": "GET",
12440	+	"Method1": "GET",
12441	-	"Method2": "POST",
12441	+	"Method2": "POST",
12442	-	"Spawnto_x86": "%windir%\\syswow64\\WUAUCLT.exe",
12442	+	"Spawnto_x86": "%windir%\\syswow64\\WUAUCLT.exe",
12443	-	"Spawnto_x64": "%windir%\\sysnative\\WUAUCLT.exe",
12443	+	"Spawnto_x64": "%windir%\\sysnative\\WUAUCLT.exe",
12444	-	"Proxy_AccessType": "2 (Use IE settings)"
12444	+	"Proxy_AccessType": "2 (Use IE settings)"
12445	-	}
12445	+	}
12446	-	},
12446	+	},
12447	-	"88.119.175.104": {
12447	+	"88.119.175.104": {
12448	-	"x86": {
12448	+	"x86": {
12449	-	"BeaconType": "8 (HTTPS)",
12449	+	"BeaconType": "8 (HTTPS)",
12450	-	"Port": "443",
12450	+	"Port": "443",
12451	-	"Polling": "5000",
12451	+	"Polling": "5000",
12452	-	"Jitter": "0",
12452	+	"Jitter": "0",
12453	-	"Maxdns": "255",
12453	+	"Maxdns": "255",
12454	-	"C2 Server": "dlubfrhtekkjxdhy.com,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books",
12454	+	"C2 Server": "dlubfrhtekkjxdhy.com,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books",
12455	-	"User Agent": "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko",
12455	+	"User Agent": "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko",
12456	-	"HTTP Method Path 2": "/N4215/adj/amzn.us.sr.aps",
12456	+	"HTTP Method Path 2": "/N4215/adj/amzn.us.sr.aps",
12457	-	"Header1": "",
12457	+	"Header1": "",
12458	-	"Header2": "",
12458	+	"Header2": "",
12459	-	"PipeName": "",
12459	+	"PipeName": "",
12460	-	"DNS Idle": "\\x00\\x00\\x00\\x00",
12460	+	"DNS Idle": "\\x00\\x00\\x00\\x00",
12461	-	"DNS Sleep": "0",
12461	+	"DNS Sleep": "0",
12462	-	"Method1": "GET",
12462	+	"Method1": "GET",
12463	-	"Method2": "POST",
12463	+	"Method2": "POST",
12464	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
12464	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
12465	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
12465	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
12466	-	"Proxy_AccessType": "2 (Use IE settings)"
12466	+	"Proxy_AccessType": "2 (Use IE settings)"
12467	-	}
12467	+	}
12468	-	},
12468	+	},
12469	-	"88.119.175.132": {
12469	+	"88.119.175.132": {
12470	-	"x86": {
12470	+	"x86": {
12471	-	"BeaconType": "8 (HTTPS)",
12471	+	"BeaconType": "8 (HTTPS)",
12472	-	"Port": "443",
12472	+	"Port": "443",
12473	-	"Polling": "57568",
12473	+	"Polling": "57568",
12474	-	"Jitter": "43",
12474	+	"Jitter": "43",
12475	-	"Maxdns": "255",
12475	+	"Maxdns": "255",
12476	-	"C2 Server": "hf.livehealths.com,/default,fh.livehealths.com,/default,ff.livehealths.com,/default",
12476	+	"C2 Server": "hf.livehealths.com,/default,fh.livehealths.com,/default,ff.livehealths.com,/default",
12477	-	"User Agent": "Mozilla/5.0 (Linux; Android 6.0; HTC One X10 Build/MRA58K; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0",
12477	+	"User Agent": "Mozilla/5.0 (Linux; Android 6.0; HTC One X10 Build/MRA58K; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0",
12478	-	"HTTP Method Path 2": "/profile",
12478	+	"HTTP Method Path 2": "/profile",
12479	-	"Header1": "",
12479	+	"Header1": "",
12480	-	"Header2": "",
12480	+	"Header2": "",
12481	-	"PipeName": "",
12481	+	"PipeName": "",
12482	-	"DNS Idle": "\\xDF\"M2",
12482	+	"DNS Idle": "\\xDF\"M2",
12483	-	"DNS Sleep": "0",
12483	+	"DNS Sleep": "0",
12484	-	"Method1": "GET",
12484	+	"Method1": "GET",
12485	-	"Method2": "POST",
12485	+	"Method2": "POST",
12486	-	"Spawnto_x86": "%windir%\\syswow64\\svchost.exe",
12486	+	"Spawnto_x86": "%windir%\\syswow64\\svchost.exe",
12487	-	"Spawnto_x64": "%windir%\\sysnative\\svchost.exe",
12487	+	"Spawnto_x64": "%windir%\\sysnative\\svchost.exe",
12488	-	"Proxy_AccessType": "2 (Use IE settings)"
12488	+	"Proxy_AccessType": "2 (Use IE settings)"
12489	-	},
12489	+	},
12490	-	"x64": {
12490	+	"x64": {
12491	-	"BeaconType": "8 (HTTPS)",
12491	+	"BeaconType": "8 (HTTPS)",
12492	-	"Port": "443",
12492	+	"Port": "443",
12493	-	"Polling": "57568",
12493	+	"Polling": "57568",
12494	-	"Jitter": "43",
12494	+	"Jitter": "43",
12495	-	"Maxdns": "255",
12495	+	"Maxdns": "255",
12496	-	"C2 Server": "hf.livehealths.com,/default,fh.livehealths.com,/r-arrow,ff.livehealths.com,/styles",
12496	+	"C2 Server": "hf.livehealths.com,/default,fh.livehealths.com,/r-arrow,ff.livehealths.com,/styles",
12497	-	"User Agent": "Mozilla/5.0 (Linux; Android 6.0; HTC One X10 Build/MRA58K; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0",
12497	+	"User Agent": "Mozilla/5.0 (Linux; Android 6.0; HTC One X10 Build/MRA58K; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0",
12498	-	"HTTP Method Path 2": "/ml",
12498	+	"HTTP Method Path 2": "/ml",
12499	-	"Header1": "",
12499	+	"Header1": "",
12500	-	"Header2": "",
12500	+	"Header2": "",
12501	-	"PipeName": "",
12501	+	"PipeName": "",
12502	-	"DNS Idle": "\\xDF\"M2",
12502	+	"DNS Idle": "\\xDF\"M2",
12503	-	"DNS Sleep": "0",
12503	+	"DNS Sleep": "0",
12504	-	"Method1": "GET",
12504	+	"Method1": "GET",
12505	-	"Method2": "POST",
12505	+	"Method2": "POST",
12506	-	"Spawnto_x86": "%windir%\\syswow64\\svchost.exe",
12506	+	"Spawnto_x86": "%windir%\\syswow64\\svchost.exe",
12507	-	"Spawnto_x64": "%windir%\\sysnative\\svchost.exe",
12507	+	"Spawnto_x64": "%windir%\\sysnative\\svchost.exe",
12508	-	"Proxy_AccessType": "2 (Use IE settings)"
12508	+	"Proxy_AccessType": "2 (Use IE settings)"
12509	-	}
12509	+	}
12510	-	},
12510	+	},
12511	-	"88.119.175.250": {
12511	+	"88.119.175.250": {
12512	-	"x86": {
12512	+	"x86": {
12513	-	"BeaconType": "8 (HTTPS)",
12513	+	"BeaconType": "8 (HTTPS)",
12514	-	"Port": "443",
12514	+	"Port": "443",
12515	-	"Polling": "59183",
12515	+	"Polling": "59183",
12516	-	"Jitter": "43",
12516	+	"Jitter": "43",
12517	-	"Maxdns": "240",
12517	+	"Maxdns": "240",
12518	-	"C2 Server": "domnasemg.com,/da.css",
12518	+	"C2 Server": "domnasemg.com,/da.css",
12519	-	"User Agent": "Mozilla/5.0 (iPhone; CPU iPhone OS 12_0 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.0",
12519	+	"User Agent": "Mozilla/5.0 (iPhone; CPU iPhone OS 12_0 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.0",
12520	-	"HTTP Method Path 2": "/ms",
12520	+	"HTTP Method Path 2": "/ms",
12521	-	"Header1": "",
12521	+	"Header1": "",
12522	-	"Header2": "",
12522	+	"Header2": "",
12523	-	"PipeName": "",
12523	+	"PipeName": "",
12524	-	"DNS Idle": "\\xCC\\xB0V\\xA0",
12524	+	"DNS Idle": "\\xCC\\xB0V\\xA0",
12525	-	"DNS Sleep": "0",
12525	+	"DNS Sleep": "0",
12526	-	"Method1": "GET",
12526	+	"Method1": "GET",
12527	-	"Method2": "POST",
12527	+	"Method2": "POST",
12528	-	"Spawnto_x86": "%windir%\\syswow64\\svchost.exe",
12528	+	"Spawnto_x86": "%windir%\\syswow64\\svchost.exe",
12529	-	"Spawnto_x64": "%windir%\\sysnative\\svchost.exe",
12529	+	"Spawnto_x64": "%windir%\\sysnative\\svchost.exe",
12530	-	"Proxy_AccessType": "2 (Use IE settings)"
12530	+	"Proxy_AccessType": "2 (Use IE settings)"
12531	-	}
12531	+	}
12532	-	},
12532	+	},
12533	-	"88.119.175.54": {
12533	+	"88.119.175.54": {
12534	-	"x86": {
12534	+	"x86": {
12535	-	"BeaconType": "8 (HTTPS)",
12535	+	"BeaconType": "8 (HTTPS)",
12536	-	"Port": "443",
12536	+	"Port": "443",
12537	-	"Polling": "5000",
12537	+	"Polling": "5000",
12538	-	"Jitter": "0",
12538	+	"Jitter": "0",
12539	-	"Maxdns": "255",
12539	+	"Maxdns": "255",
12540	-	"C2 Server": "hjdytrgfoljgdyoxfa.com,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books",
12540	+	"C2 Server": "hjdytrgfoljgdyoxfa.com,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books",
12541	-	"User Agent": "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko",
12541	+	"User Agent": "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko",
12542	-	"HTTP Method Path 2": "/N4215/adj/amzn.us.sr.aps",
12542	+	"HTTP Method Path 2": "/N4215/adj/amzn.us.sr.aps",
12543	-	"Header1": "",
12543	+	"Header1": "",
12544	-	"Header2": "",
12544	+	"Header2": "",
12545	-	"PipeName": "",
12545	+	"PipeName": "",
12546	-	"DNS Idle": "\\x00\\x00\\x00\\x00",
12546	+	"DNS Idle": "\\x00\\x00\\x00\\x00",
12547	-	"DNS Sleep": "0",
12547	+	"DNS Sleep": "0",
12548	-	"Method1": "GET",
12548	+	"Method1": "GET",
12549	-	"Method2": "POST",
12549	+	"Method2": "POST",
12550	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
12550	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
12551	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
12551	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
12552	-	"Proxy_AccessType": "2 (Use IE settings)"
12552	+	"Proxy_AccessType": "2 (Use IE settings)"
12553	-	},
12553	+	},
12554	-	"x64": {
12554	+	"x64": {
12555	-	"BeaconType": "8 (HTTPS)",
12555	+	"BeaconType": "8 (HTTPS)",
12556	-	"Port": "443",
12556	+	"Port": "443",
12557	-	"Polling": "5000",
12557	+	"Polling": "5000",
12558	-	"Jitter": "0",
12558	+	"Jitter": "0",
12559	-	"Maxdns": "255",
12559	+	"Maxdns": "255",
12560	-	"C2 Server": "hjdytrgfoljgdyoxfa.com,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books",
12560	+	"C2 Server": "hjdytrgfoljgdyoxfa.com,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books",
12561	-	"User Agent": "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko",
12561	+	"User Agent": "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko",
12562	-	"HTTP Method Path 2": "/N4215/adj/amzn.us.sr.aps",
12562	+	"HTTP Method Path 2": "/N4215/adj/amzn.us.sr.aps",
12563	-	"Header1": "",
12563	+	"Header1": "",
12564	-	"Header2": "",
12564	+	"Header2": "",
12565	-	"PipeName": "",
12565	+	"PipeName": "",
12566	-	"DNS Idle": "\\x00\\x00\\x00\\x00",
12566	+	"DNS Idle": "\\x00\\x00\\x00\\x00",
12567	-	"DNS Sleep": "0",
12567	+	"DNS Sleep": "0",
12568	-	"Method1": "GET",
12568	+	"Method1": "GET",
12569	-	"Method2": "POST",
12569	+	"Method2": "POST",
12570	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
12570	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
12571	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
12571	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
12572	-	"Proxy_AccessType": "2 (Use IE settings)"
12572	+	"Proxy_AccessType": "2 (Use IE settings)"
12573	-	}
12573	+	}
12574	-	},
12574	+	},
12575	-	"88.151.99.149": {
12575	+	"88.151.99.149": {
12576	-	"x86": {
12576	+	"x86": {
12577	-	"BeaconType": "8 (HTTPS)",
12577	+	"BeaconType": "8 (HTTPS)",
12578	-	"Port": "443",
12578	+	"Port": "443",
12579	-	"Polling": "30000",
12579	+	"Polling": "30000",
12580	-	"Jitter": "23",
12580	+	"Jitter": "23",
12581	-	"Maxdns": "255",
12581	+	"Maxdns": "255",
12582	-	"C2 Server": "emcor-services.com,/jquery-3.3.1.min.js",
12582	+	"C2 Server": "emcor-services.com,/jquery-3.3.1.min.js",
12583	-	"User Agent": "Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko",
12583	+	"User Agent": "Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko",
12584	-	"HTTP Method Path 2": "/jquery-3.3.2.min.js",
12584	+	"HTTP Method Path 2": "/jquery-3.3.2.min.js",
12585	-	"Header1": "",
12585	+	"Header1": "",
12586	-	"Header2": "",
12586	+	"Header2": "",
12587	-	"PipeName": "",
12587	+	"PipeName": "",
12588	-	"DNS Idle": "J}\\xC4q",
12588	+	"DNS Idle": "J}\\xC4q",
12589	-	"DNS Sleep": "0",
12589	+	"DNS Sleep": "0",
12590	-	"Method1": "GET",
12590	+	"Method1": "GET",
12591	-	"Method2": "POST",
12591	+	"Method2": "POST",
12592	-	"Spawnto_x86": "%windir%\\syswow64\\dllhost.exe",
12592	+	"Spawnto_x86": "%windir%\\syswow64\\dllhost.exe",
12593	-	"Spawnto_x64": "%windir%\\sysnative\\dllhost.exe",
12593	+	"Spawnto_x64": "%windir%\\sysnative\\dllhost.exe",
12594	-	"Proxy_AccessType": "2 (Use IE settings)"
12594	+	"Proxy_AccessType": "2 (Use IE settings)"
12595	-	},
12595	+	},
12596	-	"x64": {
12596	+	"x64": {
12597	-	"BeaconType": "8 (HTTPS)",
12597	+	"BeaconType": "8 (HTTPS)",
12598	-	"Port": "443",
12598	+	"Port": "443",
12599	-	"Polling": "30000",
12599	+	"Polling": "30000",
12600	-	"Jitter": "23",
12600	+	"Jitter": "23",
12601	-	"Maxdns": "255",
12601	+	"Maxdns": "255",
12602	-	"C2 Server": "emcor-services.com,/jquery-3.3.1.min.js",
12602	+	"C2 Server": "emcor-services.com,/jquery-3.3.1.min.js",
12603	-	"User Agent": "Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko",
12603	+	"User Agent": "Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko",
12604	-	"HTTP Method Path 2": "/jquery-3.3.2.min.js",
12604	+	"HTTP Method Path 2": "/jquery-3.3.2.min.js",
12605	-	"Header1": "",
12605	+	"Header1": "",
12606	-	"Header2": "",
12606	+	"Header2": "",
12607	-	"PipeName": "",
12607	+	"PipeName": "",
12608	-	"DNS Idle": "J}\\xC4q",
12608	+	"DNS Idle": "J}\\xC4q",
12609	-	"DNS Sleep": "0",
12609	+	"DNS Sleep": "0",
12610	-	"Method1": "GET",
12610	+	"Method1": "GET",
12611	-	"Method2": "POST",
12611	+	"Method2": "POST",
12612	-	"Spawnto_x86": "%windir%\\syswow64\\dllhost.exe",
12612	+	"Spawnto_x86": "%windir%\\syswow64\\dllhost.exe",
12613	-	"Spawnto_x64": "%windir%\\sysnative\\dllhost.exe",
12613	+	"Spawnto_x64": "%windir%\\sysnative\\dllhost.exe",
12614	-	"Proxy_AccessType": "2 (Use IE settings)"
12614	+	"Proxy_AccessType": "2 (Use IE settings)"
12615	-	}
12615	+	}
12616	-	},
12616	+	},
12617	-	"88.218.92.19": {
12617	+	"88.218.92.19": {
12618	-	"x86": {
12618	+	"x86": {
12619	-	"BeaconType": "8 (HTTPS)",
12619	+	"BeaconType": "8 (HTTPS)",
12620	-	"Port": "443",
12620	+	"Port": "443",
12621	-	"Polling": "5000",
12621	+	"Polling": "5000",
12622	-	"Jitter": "0",
12622	+	"Jitter": "0",
12623	-	"C2 Server": "88.218.92.19,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books",
12623	+	"C2 Server": "88.218.92.19,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books",
12624	-	"HTTP Method Path 2": "/N4215/adj/amzn.us.sr.aps",
12624	+	"HTTP Method Path 2": "/N4215/adj/amzn.us.sr.aps",
12625	-	"Method1": "GET",
12625	+	"Method1": "GET",
12626	-	"Method2": "POST",
12626	+	"Method2": "POST",
12627	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
12627	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
12628	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
12628	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
12629	-	"Proxy_AccessType": "2 (Use IE settings)"
12629	+	"Proxy_AccessType": "2 (Use IE settings)"
12630	-	}
12630	+	}
12631	-	},
12631	+	},
12632	-	"88.85.122.220": {
12632	+	"88.85.122.220": {
12633	-	"x86": {
12633	+	"x86": {
12634	-	"BeaconType": "8 (HTTPS)",
12634	+	"BeaconType": "8 (HTTPS)",
12635	-	"Port": "443",
12635	+	"Port": "443",
12636	-	"Polling": "60000",
12636	+	"Polling": "60000",
12637	-	"Jitter": "0",
12637	+	"Jitter": "0",
12638	-	"Maxdns": "255",
12638	+	"Maxdns": "255",
12639	-	"C2 Server": "datacatapult.sytes.net,/ga.js",
12639	+	"C2 Server": "datacatapult.sytes.net,/ga.js",
12640	-	"User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MATP; MATP)",
12640	+	"User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MATP; MATP)",
12641	-	"HTTP Method Path 2": "/submit.php",
12641	+	"HTTP Method Path 2": "/submit.php",
12642	-	"Header1": "",
12642	+	"Header1": "",
12643	-	"Header2": "",
12643	+	"Header2": "",
12644	-	"Injection Process": "rundll32.exe",
12644	+	"Injection Process": "rundll32.exe",
12645	-	"PipeName": "\\\\%s\\pipe\\msagent_%x",
12645	+	"PipeName": "\\\\%s\\pipe\\msagent_%x",
12646	-	"Year": "0",
12646	+	"Year": "0",
12647	-	"Month": "0",
12647	+	"Month": "0",
12648	-	"Day": "0",
12648	+	"Day": "0",
12649	-	"DNS Idle": "\\x00\\x00\\x00\\x00",
12649	+	"DNS Idle": "\\x00\\x00\\x00\\x00",
12650	-	"DNS Sleep": "0"
12650	+	"DNS Sleep": "0"
12651	-	}
12651	+	}
12652	-	},
12652	+	},
12653	-	"89.38.226.218": {
12653	+	"89.38.226.218": {
12654	-	"x64": {
12654	+	"x64": {
12655	-	"BeaconType": "8 (HTTPS)",
12655	+	"BeaconType": "8 (HTTPS)",
12656	-	"Port": "443",
12656	+	"Port": "443",
12657	-	"Polling": "5000",
12657	+	"Polling": "5000",
12658	-	"Jitter": "37",
12658	+	"Jitter": "37",
12659	-	"C2 Server": "www.phpbasic.net,/scs/mail-static/js/",
12659	+	"C2 Server": "www.phpbasic.net,/scs/mail-static/js/",
12660	-	"HTTP Method Path 2": "/mail/u/_/1/",
12660	+	"HTTP Method Path 2": "/mail/u/_/1/",
12661	-	"Method1": "GET",
12661	+	"Method1": "GET",
12662	-	"Method2": "POST",
12662	+	"Method2": "POST",
12663	-	"Spawnto_x86": "%windir%\\syswow64\\dllhost.exe",
12663	+	"Spawnto_x86": "%windir%\\syswow64\\dllhost.exe",
12664	-	"Spawnto_x64": "%windir%\\sysnative\\dllhost.exe",
12664	+	"Spawnto_x64": "%windir%\\sysnative\\dllhost.exe",
12665	-	"Proxy_AccessType": "2 (Use IE settings)"
12665	+	"Proxy_AccessType": "2 (Use IE settings)"
12666	-	}
12666	+	}
12667	-	},
12667	+	},
12668	-	"91.229.77.41": {
12668	+	"91.229.77.41": {
12669	-	"x86": {
12669	+	"x86": {
12670	-	"BeaconType": "8 (HTTPS)",
12670	+	"BeaconType": "8 (HTTPS)",
12671	-	"Port": "443",
12671	+	"Port": "443",
12672	-	"Polling": "60000",
12672	+	"Polling": "60000",
12673	-	"Jitter": "0",
12673	+	"Jitter": "0",
12674	-	"Maxdns": "255",
12674	+	"Maxdns": "255",
12675	-	"C2 Server": "bdiaccs.global.ssl.fastly.net,/ptj",
12675	+	"C2 Server": "bdiaccs.global.ssl.fastly.net,/ptj",
12676	-	"User Agent": "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727)",
12676	+	"User Agent": "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727)",
12677	-	"HTTP Method Path 2": "/submit.php",
12677	+	"HTTP Method Path 2": "/submit.php",
12678	-	"Header1": "",
12678	+	"Header1": "",
12679	-	"Header2": "",
12679	+	"Header2": "",
12680	-	"PipeName": "",
12680	+	"PipeName": "",
12681	-	"DNS Idle": "\\x00\\x00\\x00\\x00",
12681	+	"DNS Idle": "\\x00\\x00\\x00\\x00",
12682	-	"DNS Sleep": "0",
12682	+	"DNS Sleep": "0",
12683	-	"Method1": "GET",
12683	+	"Method1": "GET",
12684	-	"Method2": "POST",
12684	+	"Method2": "POST",
12685	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
12685	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
12686	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
12686	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
12687	-	"Proxy_AccessType": "2 (Use IE settings)"
12687	+	"Proxy_AccessType": "2 (Use IE settings)"
12688	-	},
12688	+	},
12689	-	"x64": {
12689	+	"x64": {
12690	-	"BeaconType": "8 (HTTPS)",
12690	+	"BeaconType": "8 (HTTPS)",
12691	-	"Port": "443",
12691	+	"Port": "443",
12692	-	"Polling": "60000",
12692	+	"Polling": "60000",
12693	-	"Jitter": "0",
12693	+	"Jitter": "0",
12694	-	"Maxdns": "255",
12694	+	"Maxdns": "255",
12695	-	"C2 Server": "bdiaccs.global.ssl.fastly.net,/IE9CompatViewList.xml",
12695	+	"C2 Server": "bdiaccs.global.ssl.fastly.net,/IE9CompatViewList.xml",
12696	-	"User Agent": "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)",
12696	+	"User Agent": "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)",
12697	-	"HTTP Method Path 2": "/submit.php",
12697	+	"HTTP Method Path 2": "/submit.php",
12698	-	"Header1": "",
12698	+	"Header1": "",
12699	-	"Header2": "",
12699	+	"Header2": "",
12700	-	"PipeName": "",
12700	+	"PipeName": "",
12701	-	"DNS Idle": "\\x00\\x00\\x00\\x00",
12701	+	"DNS Idle": "\\x00\\x00\\x00\\x00",
12702	-	"DNS Sleep": "0",
12702	+	"DNS Sleep": "0",
12703	-	"Method1": "GET",
12703	+	"Method1": "GET",
12704	-	"Method2": "POST",
12704	+	"Method2": "POST",
12705	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
12705	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
12706	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
12706	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
12707	-	"Proxy_AccessType": "2 (Use IE settings)"
12707	+	"Proxy_AccessType": "2 (Use IE settings)"
12708	-	}
12708	+	}
12709	-	},
12709	+	},
12710	-	"92.42.14.133": {
12710	+	"92.42.14.133": {
12711	-	"x86": {
12711	+	"x86": {
12712	-	"BeaconType": "8 (HTTPS)",
12712	+	"BeaconType": "8 (HTTPS)",
12713	-	"Port": "443",
12713	+	"Port": "443",
12714	-	"Polling": "60000",
12714	+	"Polling": "60000",
12715	-	"Jitter": "0",
12715	+	"Jitter": "0",
12716	-	"Maxdns": "255",
12716	+	"Maxdns": "255",
12717	-	"C2 Server": "92.42.14.133,/activity",
12717	+	"C2 Server": "92.42.14.133,/activity",
12718	-	"User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; BOIE9;ENUS)",
12718	+	"User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; BOIE9;ENUS)",
12719	-	"HTTP Method Path 2": "/submit.php",
12719	+	"HTTP Method Path 2": "/submit.php",
12720	-	"Header1": "",
12720	+	"Header1": "",
12721	-	"Header2": "",
12721	+	"Header2": "",
12722	-	"PipeName": "",
12722	+	"PipeName": "",
12723	-	"DNS Idle": "\\x00\\x00\\x00\\x00",
12723	+	"DNS Idle": "\\x00\\x00\\x00\\x00",
12724	-	"DNS Sleep": "0",
12724	+	"DNS Sleep": "0",
12725	-	"Method1": "GET",
12725	+	"Method1": "GET",
12726	-	"Method2": "POST",
12726	+	"Method2": "POST",
12727	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
12727	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
12728	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
12728	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
12729	-	"Proxy_AccessType": "2 (Use IE settings)"
12729	+	"Proxy_AccessType": "2 (Use IE settings)"
12730	-	},
12730	+	},
12731	-	"x64": {
12731	+	"x64": {
12732	-	"BeaconType": "8 (HTTPS)",
12732	+	"BeaconType": "8 (HTTPS)",
12733	-	"Port": "443",
12733	+	"Port": "443",
12734	-	"Polling": "60000",
12734	+	"Polling": "60000",
12735	-	"Jitter": "0",
12735	+	"Jitter": "0",
12736	-	"Maxdns": "255",
12736	+	"Maxdns": "255",
12737	-	"C2 Server": "92.42.14.133,/IE9CompatViewList.xml",
12737	+	"C2 Server": "92.42.14.133,/IE9CompatViewList.xml",
12738	-	"User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MALC)",
12738	+	"User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MALC)",
12739	-	"HTTP Method Path 2": "/submit.php",
12739	+	"HTTP Method Path 2": "/submit.php",
12740	-	"Header1": "",
12740	+	"Header1": "",
12741	-	"Header2": "",
12741	+	"Header2": "",
12742	-	"PipeName": "",
12742	+	"PipeName": "",
12743	-	"DNS Idle": "\\x00\\x00\\x00\\x00",
12743	+	"DNS Idle": "\\x00\\x00\\x00\\x00",
12744	-	"DNS Sleep": "0",
12744	+	"DNS Sleep": "0",
12745	-	"Method1": "GET",
12745	+	"Method1": "GET",
12746	-	"Method2": "POST",
12746	+	"Method2": "POST",
12747	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
12747	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
12748	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
12748	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
12749	-	"Proxy_AccessType": "2 (Use IE settings)"
12749	+	"Proxy_AccessType": "2 (Use IE settings)"
12750	-	}
12750	+	}
12751	-	},
12751	+	},
12752	-	"94.140.115.165": {
12752	+	"94.140.115.165": {
12753	-	"x64": {
12753	+	"x64": {
12754	-	"BeaconType": "8 (HTTPS)",
12754	+	"BeaconType": "8 (HTTPS)",
12755	-	"Port": "443",
12755	+	"Port": "443",
12756	-	"Polling": "60000",
12756	+	"Polling": "60000",
12757	-	"Jitter": "15",
12757	+	"Jitter": "15",
12758	-	"Maxdns": "255",
12758	+	"Maxdns": "255",
12759	-	"C2 Server": "94.140.115.165,/_/scs/mail-static/_/js/",
12759	+	"C2 Server": "94.140.115.165,/_/scs/mail-static/_/js/",
12760	-	"User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; LBBROWSER)",
12760	+	"User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; LBBROWSER)",
12761	-	"HTTP Method Path 2": "/mail/u/0/",
12761	+	"HTTP Method Path 2": "/mail/u/0/",
12762	-	"Header1": "",
12762	+	"Header1": "",
12763	-	"Header2": "",
12763	+	"Header2": "",
12764	-	"PipeName": "",
12764	+	"PipeName": "",
12765	-	"DNS Idle": "\\x08\\x08\\x04\\x04",
12765	+	"DNS Idle": "\\x08\\x08\\x04\\x04",
12766	-	"DNS Sleep": "0",
12766	+	"DNS Sleep": "0",
12767	-	"Method1": "GET",
12767	+	"Method1": "GET",
12768	-	"Method2": "POST",
12768	+	"Method2": "POST",
12769	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
12769	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
12770	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
12770	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
12771	-	"Proxy_AccessType": "2 (Use IE settings)"
12771	+	"Proxy_AccessType": "2 (Use IE settings)"
12772	-	}
12772	+	}
12773	-	},
12773	+	},
12774	-	"95.179.190.111": {
12774	+	"95.179.190.111": {
12775	-	"x86": {
12775	+	"x86": {
12776	-	"BeaconType": "8 (HTTPS)",
12776	+	"BeaconType": "8 (HTTPS)",
12777	-	"Port": "443",
12777	+	"Port": "443",
12778	-	"Polling": "5000",
12778	+	"Polling": "5000",
12779	-	"Jitter": "0",
12779	+	"Jitter": "0",
12780	-	"Maxdns": "255",
12780	+	"Maxdns": "255",
12781	-	"C2 Server": "securityreserch86.net,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books",
12781	+	"C2 Server": "securityreserch86.net,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books",
12782	-	"User Agent": "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko",
12782	+	"User Agent": "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko",
12783	-	"HTTP Method Path 2": "/N4215/adj/amzn.us.sr.aps",
12783	+	"HTTP Method Path 2": "/N4215/adj/amzn.us.sr.aps",
12784	-	"Header1": "",
12784	+	"Header1": "",
12785	-	"Header2": "",
12785	+	"Header2": "",
12786	-	"PipeName": "",
12786	+	"PipeName": "",
12787	-	"DNS Idle": "\\x00\\x00\\x00\\x00",
12787	+	"DNS Idle": "\\x00\\x00\\x00\\x00",
12788	-	"DNS Sleep": "0",
12788	+	"DNS Sleep": "0",
12789	-	"Method1": "GET",
12789	+	"Method1": "GET",
12790	-	"Method2": "POST",
12790	+	"Method2": "POST",
12791	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
12791	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
12792	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
12792	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
12793	-	"Proxy_AccessType": "2 (Use IE settings)"
12793	+	"Proxy_AccessType": "2 (Use IE settings)"
12794	-	}
12794	+	}
12795	-	},
12795	+	},
12796	-	"95.179.247.174": {
12796	+	"95.179.247.174": {
12797	-	"x86": {
12797	+	"x86": {
12798	-	"BeaconType": "8 (HTTPS)",
12798	+	"BeaconType": "8 (HTTPS)",
12799	-	"Port": "443",
12799	+	"Port": "443",
12800	-	"Polling": "5000",
12800	+	"Polling": "5000",
12801	-	"Jitter": "0",
12801	+	"Jitter": "0",
12802	-	"Maxdns": "255",
12802	+	"Maxdns": "255",
12803	-	"C2 Server": "testginwebsite.tk,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books",
12803	+	"C2 Server": "testginwebsite.tk,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books",
12804	-	"User Agent": "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko",
12804	+	"User Agent": "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko",
12805	-	"HTTP Method Path 2": "/N4215/adj/amzn.us.sr.aps",
12805	+	"HTTP Method Path 2": "/N4215/adj/amzn.us.sr.aps",
12806	-	"Header1": "",
12806	+	"Header1": "",
12807	-	"Header2": "",
12807	+	"Header2": "",
12808	-	"PipeName": "",
12808	+	"PipeName": "",
12809	-	"DNS Idle": "\\x00\\x00\\x00\\x00",
12809	+	"DNS Idle": "\\x00\\x00\\x00\\x00",
12810	-	"DNS Sleep": "0",
12810	+	"DNS Sleep": "0",
12811	-	"Method1": "GET",
12811	+	"Method1": "GET",
12812	-	"Method2": "POST",
12812	+	"Method2": "POST",
12813	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
12813	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
12814	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
12814	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
12815	-	"Proxy_AccessType": "2 (Use IE settings)"
12815	+	"Proxy_AccessType": "2 (Use IE settings)"
12816	-	}
12816	+	}
12817	-	},
12817	+	},
12818	-	"95.217.197.124": {
12818	+	"95.217.197.124": {
12819	-	"x86": {
12819	+	"x86": {
12820	-	"BeaconType": "8 (HTTPS)",
12820	+	"BeaconType": "8 (HTTPS)",
12821	-	"Port": "443",
12821	+	"Port": "443",
12822	-	"Polling": "60000",
12822	+	"Polling": "60000",
12823	-	"Jitter": "0",
12823	+	"Jitter": "0",
12824	-	"Maxdns": "255",
12824	+	"Maxdns": "255",
12825	-	"C2 Server": "oomdatacollect.global.ssl.fastly.net,/pixel.gif",
12825	+	"C2 Server": "oomdatacollect.global.ssl.fastly.net,/pixel.gif",
12826	-	"User Agent": "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)",
12826	+	"User Agent": "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)",
12827	-	"HTTP Method Path 2": "/submit.php",
12827	+	"HTTP Method Path 2": "/submit.php",
12828	-	"Header1": "",
12828	+	"Header1": "",
12829	-	"Header2": "",
12829	+	"Header2": "",
12830	-	"PipeName": "",
12830	+	"PipeName": "",
12831	-	"DNS Idle": "\\x00\\x00\\x00\\x00",
12831	+	"DNS Idle": "\\x00\\x00\\x00\\x00",
12832	-	"DNS Sleep": "0",
12832	+	"DNS Sleep": "0",
12833	-	"Method1": "GET",
12833	+	"Method1": "GET",
12834	-	"Method2": "POST",
12834	+	"Method2": "POST",
12835	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
12835	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
12836	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
12836	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
12837	-	"Proxy_AccessType": "2 (Use IE settings)"
12837	+	"Proxy_AccessType": "2 (Use IE settings)"
12838	-	},
12838	+	},
12839	-	"x64": {
12839	+	"x64": {
12840	-	"BeaconType": "8 (HTTPS)",
12840	+	"BeaconType": "8 (HTTPS)",
12841	-	"Port": "443",
12841	+	"Port": "443",
12842	-	"Polling": "60000",
12842	+	"Polling": "60000",
12843	-	"Jitter": "0",
12843	+	"Jitter": "0",
12844	-	"Maxdns": "255",
12844	+	"Maxdns": "255",
12845	-	"C2 Server": "oomdatacollect.global.ssl.fastly.net,/push",
12845	+	"C2 Server": "oomdatacollect.global.ssl.fastly.net,/push",
12846	-	"User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; UHS)",
12846	+	"User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; UHS)",
12847	-	"HTTP Method Path 2": "/submit.php",
12847	+	"HTTP Method Path 2": "/submit.php",
12848	-	"Header1": "",
12848	+	"Header1": "",
12849	-	"Header2": "",
12849	+	"Header2": "",
12850	-	"PipeName": "",
12850	+	"PipeName": "",
12851	-	"DNS Idle": "\\x00\\x00\\x00\\x00",
12851	+	"DNS Idle": "\\x00\\x00\\x00\\x00",
12852	-	"DNS Sleep": "0",
12852	+	"DNS Sleep": "0",
12853	-	"Method1": "GET",
12853	+	"Method1": "GET",
12854	-	"Method2": "POST",
12854	+	"Method2": "POST",
12855	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
12855	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
12856	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
12856	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
12857	-	"Proxy_AccessType": "2 (Use IE settings)"
12857	+	"Proxy_AccessType": "2 (Use IE settings)"
12858	-	}
12858	+	}
12859	-	},
12859	+	},
12860	-	"95.217.197.66": {
12860	+	"95.217.197.66": {
12861	-	"x64": {
12861	+	"x64": {
12862	-	"BeaconType": "8 (HTTPS)",
12862	+	"BeaconType": "8 (HTTPS)",
12863	-	"Port": "443",
12863	+	"Port": "443",
12864	-	"Polling": "60000",
12864	+	"Polling": "60000",
12865	-	"Jitter": "0",
12865	+	"Jitter": "0",
12866	-	"Maxdns": "255",
12866	+	"Maxdns": "255",
12867	-	"C2 Server": "oomdatacollect.global.ssl.fastly.net,/push",
12867	+	"C2 Server": "oomdatacollect.global.ssl.fastly.net,/push",
12868	-	"User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; UHS)",
12868	+	"User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; UHS)",
12869	-	"HTTP Method Path 2": "/submit.php",
12869	+	"HTTP Method Path 2": "/submit.php",
12870	-	"Header1": "",
12870	+	"Header1": "",
12871	-	"Header2": "",
12871	+	"Header2": "",
12872	-	"PipeName": "",
12872	+	"PipeName": "",
12873	-	"DNS Idle": "\\x00\\x00\\x00\\x00",
12873	+	"DNS Idle": "\\x00\\x00\\x00\\x00",
12874	-	"DNS Sleep": "0",
12874	+	"DNS Sleep": "0",
12875	-	"Method1": "GET",
12875	+	"Method1": "GET",
12876	-	"Method2": "POST",
12876	+	"Method2": "POST",
12877	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
12877	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
12878	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
12878	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
12879	-	"Proxy_AccessType": "2 (Use IE settings)"
12879	+	"Proxy_AccessType": "2 (Use IE settings)"
12880	-	}
12880	+	}
12881	-	},
12881	+	},
12882	-	"95.217.197.67": {
12882	+	"95.217.197.67": {
12883	-	"x86": {
12883	+	"x86": {
12884	-	"BeaconType": "8 (HTTPS)",
12884	+	"BeaconType": "8 (HTTPS)",
12885	-	"Port": "443",
12885	+	"Port": "443",
12886	-	"Polling": "60000",
12886	+	"Polling": "60000",
12887	-	"Jitter": "0",
12887	+	"Jitter": "0",
12888	-	"Maxdns": "255",
12888	+	"Maxdns": "255",
12889	-	"C2 Server": "oomdatacollect.global.ssl.fastly.net,/pixel.gif",
12889	+	"C2 Server": "oomdatacollect.global.ssl.fastly.net,/pixel.gif",
12890	-	"User Agent": "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)",
12890	+	"User Agent": "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)",
12891	-	"HTTP Method Path 2": "/submit.php",
12891	+	"HTTP Method Path 2": "/submit.php",
12892	-	"Header1": "",
12892	+	"Header1": "",
12893	-	"Header2": "",
12893	+	"Header2": "",
12894	-	"PipeName": "",
12894	+	"PipeName": "",
12895	-	"DNS Idle": "\\x00\\x00\\x00\\x00",
12895	+	"DNS Idle": "\\x00\\x00\\x00\\x00",
12896	-	"DNS Sleep": "0",
12896	+	"DNS Sleep": "0",
12897	-	"Method1": "GET",
12897	+	"Method1": "GET",
12898	-	"Method2": "POST",
12898	+	"Method2": "POST",
12899	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
12899	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
12900	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
12900	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
12901	-	"Proxy_AccessType": "2 (Use IE settings)"
12901	+	"Proxy_AccessType": "2 (Use IE settings)"
12902	-	},
12902	+	},
12903	-	"x64": {
12903	+	"x64": {
12904	-	"BeaconType": "8 (HTTPS)",
12904	+	"BeaconType": "8 (HTTPS)",
12905	-	"Port": "443",
12905	+	"Port": "443",
12906	-	"Polling": "60000",
12906	+	"Polling": "60000",
12907	-	"Jitter": "0",
12907	+	"Jitter": "0",
12908	-	"Maxdns": "255",
12908	+	"Maxdns": "255",
12909	-	"C2 Server": "oomdatacollect.global.ssl.fastly.net,/push",
12909	+	"C2 Server": "oomdatacollect.global.ssl.fastly.net,/push",
12910	-	"User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; UHS)",
12910	+	"User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; UHS)",
12911	-	"HTTP Method Path 2": "/submit.php",
12911	+	"HTTP Method Path 2": "/submit.php",
12912	-	"Header1": "",
12912	+	"Header1": "",
12913	-	"Header2": "",
12913	+	"Header2": "",
12914	-	"PipeName": "",
12914	+	"PipeName": "",
12915	-	"DNS Idle": "\\x00\\x00\\x00\\x00",
12915	+	"DNS Idle": "\\x00\\x00\\x00\\x00",
12916	-	"DNS Sleep": "0",
12916	+	"DNS Sleep": "0",
12917	-	"Method1": "GET",
12917	+	"Method1": "GET",
12918	-	"Method2": "POST",
12918	+	"Method2": "POST",
12919	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
12919	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
12920	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
12920	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
12921	-	"Proxy_AccessType": "2 (Use IE settings)"
12921	+	"Proxy_AccessType": "2 (Use IE settings)"
12922	-	}
12922	+	}
12923	-	},
12923	+	},
12924	-	"95.217.197.78": {
12924	+	"95.217.197.78": {
12925	-	"x86": {
12925	+	"x86": {
12926	-	"BeaconType": "8 (HTTPS)",
12926	+	"BeaconType": "8 (HTTPS)",
12927	-	"Port": "443",
12927	+	"Port": "443",
12928	-	"Polling": "60000",
12928	+	"Polling": "60000",
12929	-	"Jitter": "0",
12929	+	"Jitter": "0",
12930	-	"Maxdns": "255",
12930	+	"Maxdns": "255",
12931	-	"C2 Server": "oomdatacollect.global.ssl.fastly.net,/pixel.gif",
12931	+	"C2 Server": "oomdatacollect.global.ssl.fastly.net,/pixel.gif",
12932	-	"User Agent": "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)",
12932	+	"User Agent": "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)",
12933	-	"HTTP Method Path 2": "/submit.php",
12933	+	"HTTP Method Path 2": "/submit.php",
12934	-	"Header1": "",
12934	+	"Header1": "",
12935	-	"Header2": "",
12935	+	"Header2": "",
12936	-	"PipeName": "",
12936	+	"PipeName": "",
12937	-	"DNS Idle": "\\x00\\x00\\x00\\x00",
12937	+	"DNS Idle": "\\x00\\x00\\x00\\x00",
12938	-	"DNS Sleep": "0",
12938	+	"DNS Sleep": "0",
12939	-	"Method1": "GET",
12939	+	"Method1": "GET",
12940	-	"Method2": "POST",
12940	+	"Method2": "POST",
12941	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
12941	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
12942	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
12942	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
12943	-	"Proxy_AccessType": "2 (Use IE settings)"
12943	+	"Proxy_AccessType": "2 (Use IE settings)"
12944	-	},
12944	+	},
12945	-	"x64": {
12945	+	"x64": {
12946	-	"BeaconType": "8 (HTTPS)",
12946	+	"BeaconType": "8 (HTTPS)",
12947	-	"Port": "443",
12947	+	"Port": "443",
12948	-	"Polling": "60000",
12948	+	"Polling": "60000",
12949	-	"Jitter": "0",
12949	+	"Jitter": "0",
12950	-	"Maxdns": "255",
12950	+	"Maxdns": "255",
12951	-	"C2 Server": "oomdatacollect.global.ssl.fastly.net,/push",
12951	+	"C2 Server": "oomdatacollect.global.ssl.fastly.net,/push",
12952	-	"User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; UHS)",
12952	+	"User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; UHS)",
12953	-	"HTTP Method Path 2": "/submit.php",
12953	+	"HTTP Method Path 2": "/submit.php",
12954	-	"Header1": "",
12954	+	"Header1": "",
12955	-	"Header2": "",
12955	+	"Header2": "",
12956	-	"PipeName": "",
12956	+	"PipeName": "",
12957	-	"DNS Idle": "\\x00\\x00\\x00\\x00",
12957	+	"DNS Idle": "\\x00\\x00\\x00\\x00",
12958	-	"DNS Sleep": "0",
12958	+	"DNS Sleep": "0",
12959	-	"Method1": "GET",
12959	+	"Method1": "GET",
12960	-	"Method2": "POST",
12960	+	"Method2": "POST",
12961	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
12961	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
12962	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
12962	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
12963	-	"Proxy_AccessType": "2 (Use IE settings)"
12963	+	"Proxy_AccessType": "2 (Use IE settings)"
12964	-	}
12964	+	}
12965	-	},
12965	+	},
12966	-	"95.217.197.85": {
12966	+	"95.217.197.85": {
12967	-	"x86": {
12967	+	"x86": {
12968	-	"BeaconType": "8 (HTTPS)",
12968	+	"BeaconType": "8 (HTTPS)",
12969	-	"Port": "443",
12969	+	"Port": "443",
12970	-	"Polling": "60000",
12970	+	"Polling": "60000",
12971	-	"Jitter": "0",
12971	+	"Jitter": "0",
12972	-	"Maxdns": "255",
12972	+	"Maxdns": "255",
12973	-	"C2 Server": "oomdatacollect.global.ssl.fastly.net,/pixel.gif",
12973	+	"C2 Server": "oomdatacollect.global.ssl.fastly.net,/pixel.gif",
12974	-	"User Agent": "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)",
12974	+	"User Agent": "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)",
12975	-	"HTTP Method Path 2": "/submit.php",
12975	+	"HTTP Method Path 2": "/submit.php",
12976	-	"Header1": "",
12976	+	"Header1": "",
12977	-	"Header2": "",
12977	+	"Header2": "",
12978	-	"PipeName": "",
12978	+	"PipeName": "",
12979	-	"DNS Idle": "\\x00\\x00\\x00\\x00",
12979	+	"DNS Idle": "\\x00\\x00\\x00\\x00",
12980	-	"DNS Sleep": "0",
12980	+	"DNS Sleep": "0",
12981	-	"Method1": "GET",
12981	+	"Method1": "GET",
12982	-	"Method2": "POST",
12982	+	"Method2": "POST",
12983	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
12983	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
12984	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
12984	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
12985	-	"Proxy_AccessType": "2 (Use IE settings)"
12985	+	"Proxy_AccessType": "2 (Use IE settings)"
12986	-	}
12986	+	}
12987	-	},
12987	+	},
12988	-	"98.142.141.43": {
12988	+	"98.142.141.43": {
12989	-	"x86": {
12989	+	"x86": {
12990	-	"BeaconType": "8 (HTTPS)",
12990	+	"BeaconType": "8 (HTTPS)",
12991	-	"Port": "443",
12991	+	"Port": "443",
12992	-	"Polling": "45000",
12992	+	"Polling": "45000",
12993	-	"Jitter": "37",
12993	+	"Jitter": "37",
12994	-	"Maxdns": "255",
12994	+	"Maxdns": "255",
12995	-	"C2 Server": "www.nameshow.site,/jquery-3.3.1.min.js",
12995	+	"C2 Server": "www.nameshow.site,/jquery-3.3.1.min.js",
12996	-	"User Agent": "Mozilla/5.1 (Windows NT 6.4; Trident/7.1; rv:12.0) like Gecko",
12996	+	"User Agent": "Mozilla/5.1 (Windows NT 6.4; Trident/7.1; rv:12.0) like Gecko",
12997	-	"HTTP Method Path 2": "/jquery-3.3.2.min.js",
12997	+	"HTTP Method Path 2": "/jquery-3.3.2.min.js",
12998	-	"Header1": "",
12998	+	"Header1": "",
12999	-	"Header2": "",
12999	+	"Header2": "",
13000	-	"PipeName": "",
13000	+	"PipeName": "",
13001	-	"DNS Idle": "J}\\xC4r",
13001	+	"DNS Idle": "J}\\xC4r",
13002	-	"DNS Sleep": "0",
13002	+	"DNS Sleep": "0",
13003	-	"Method1": "GET",
13003	+	"Method1": "GET",
13004	-	"Method2": "POST",
13004	+	"Method2": "POST",
13005	-	"Spawnto_x86": "%windir%\\syswow64\\dllhost.exe",
13005	+	"Spawnto_x86": "%windir%\\syswow64\\dllhost.exe",
13006	-	"Spawnto_x64": "%windir%\\sysnative\\dllhost.exe",
13006	+	"Spawnto_x64": "%windir%\\sysnative\\dllhost.exe",
13007	-	"Proxy_AccessType": "2 (Use IE settings)"
13007	+	"Proxy_AccessType": "2 (Use IE settings)"
13008	-	}
13008	+	}
13009	-	},
13009	+	},
13010	-	"98.142.143.100": {
13010	+	"98.142.143.100": {
13011	-	"x86": {
13011	+	"x86": {
13012	-	"BeaconType": "8 (HTTPS)",
13012	+	"BeaconType": "8 (HTTPS)",
13013	-	"Port": "443",
13013	+	"Port": "443",
13014	-	"Polling": "980",
13014	+	"Polling": "980",
13015	-	"Jitter": "0",
13015	+	"Jitter": "0",
13016	-	"Maxdns": "243",
13016	+	"Maxdns": "243",
13017	-	"C2 Server": "d3kgm44zuz83i3.cloudfront.net,/access/",
13017	+	"C2 Server": "d3kgm44zuz83i3.cloudfront.net,/access/",
13018	-	"User Agent": "Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.115 Safari/537.36",
13018	+	"User Agent": "Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.115 Safari/537.36",
13019	-	"HTTP Method Path 2": "/radio/xmlrpc/v35",
13019	+	"HTTP Method Path 2": "/radio/xmlrpc/v35",
13020	-	"Header1": "",
13020	+	"Header1": "",
13021	-	"Header2": "",
13021	+	"Header2": "",
13022	-	"PipeName": "",
13022	+	"PipeName": "",
13023	-	"DNS Idle": "\\x00\\x00\\x00\\x00",
13023	+	"DNS Idle": "\\x00\\x00\\x00\\x00",
13024	-	"DNS Sleep": "0",
13024	+	"DNS Sleep": "0",
13025	-	"Method1": "GET",
13025	+	"Method1": "GET",
13026	-	"Method2": "POST",
13026	+	"Method2": "POST",
13027	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
13027	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
13028	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
13028	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
13029	-	"Proxy_AccessType": "2 (Use IE settings)"
13029	+	"Proxy_AccessType": "2 (Use IE settings)"
13030	-	},
13030	+	},
13031	-	"x64": {
13031	+	"x64": {
13032	-	"BeaconType": "8 (HTTPS)",
13032	+	"BeaconType": "8 (HTTPS)",
13033	-	"Port": "443",
13033	+	"Port": "443",
13034	-	"Polling": "980",
13034	+	"Polling": "980",
13035	-	"Jitter": "0",
13035	+	"Jitter": "0",
13036	-	"Maxdns": "243",
13036	+	"Maxdns": "243",
13037	-	"C2 Server": "d3kgm44zuz83i3.cloudfront.net,/access/",
13037	+	"C2 Server": "d3kgm44zuz83i3.cloudfront.net,/access/",
13038	-	"User Agent": "Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.115 Safari/537.36",
13038	+	"User Agent": "Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.115 Safari/537.36",
13039	-	"HTTP Method Path 2": "/radio/xmlrpc/v35",
13039	+	"HTTP Method Path 2": "/radio/xmlrpc/v35",
13040	-	"Header1": "",
13040	+	"Header1": "",
13041	-	"Header2": "",
13041	+	"Header2": "",
13042	-	"PipeName": "",
13042	+	"PipeName": "",
13043	-	"DNS Idle": "\\x00\\x00\\x00\\x00",
13043	+	"DNS Idle": "\\x00\\x00\\x00\\x00",
13044	-	"DNS Sleep": "0",
13044	+	"DNS Sleep": "0",
13045	-	"Method1": "GET",
13045	+	"Method1": "GET",
13046	-	"Method2": "POST",
13046	+	"Method2": "POST",
13047	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
13047	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
13048	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
13048	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
13049	-	"Proxy_AccessType": "2 (Use IE settings)"
13049	+	"Proxy_AccessType": "2 (Use IE settings)"
13050	-	}
13050	+	}
13051	-	},
13051	+	},
13052	-	"99.79.101.225": {
13052	+	"99.79.101.225": {
13053	-	"x86": {
13053	+	"x86": {
13054	-	"BeaconType": "8 (HTTPS)",
13054	+	"BeaconType": "8 (HTTPS)",
13055	-	"Port": "443",
13055	+	"Port": "443",
13056	-	"Polling": "60000",
13056	+	"Polling": "60000",
13057	-	"Jitter": "20",
13057	+	"Jitter": "20",
13058	-	"Maxdns": "235",
13058	+	"Maxdns": "235",
13059	-	"C2 Server": "ajax.microsoft.com,/c/msdownload/update/1930155_",
13059	+	"C2 Server": "ajax.microsoft.com,/c/msdownload/update/1930155_",
13060	-	"User Agent": "Windows-Update-Agent/10.0.10011.16384 Client-Protocol/1.40",
13060	+	"User Agent": "Windows-Update-Agent/10.0.10011.16384 Client-Protocol/1.40",
13061	-	"HTTP Method Path 2": "/c/msdownload/update/1534335_",
13061	+	"HTTP Method Path 2": "/c/msdownload/update/1534335_",
13062	-	"Header1": "",
13062	+	"Header1": "",
13063	-	"Header2": "",
13063	+	"Header2": "",
13064	-	"PipeName": "",
13064	+	"PipeName": "",
13065	-	"DNS Idle": "\\x08\\x08\\x04\\x04",
13065	+	"DNS Idle": "\\x08\\x08\\x04\\x04",
13066	-	"DNS Sleep": "0",
13066	+	"DNS Sleep": "0",
13067	-	"Method1": "POST",
13067	+	"Method1": "POST",
13068	-	"Method2": "POST",
13068	+	"Method2": "POST",
13069	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
13069	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
13070	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
13070	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
13071	-	"Proxy_AccessType": "2 (Use IE settings)"
13071	+	"Proxy_AccessType": "2 (Use IE settings)"
13072	-	},
13072	+	},
13073	-	"x64": {
13073	+	"x64": {
13074	-	"BeaconType": "8 (HTTPS)",
13074	+	"BeaconType": "8 (HTTPS)",
13075	-	"Port": "443",
13075	+	"Port": "443",
13076	-	"Polling": "60000",
13076	+	"Polling": "60000",
13077	-	"Jitter": "20",
13077	+	"Jitter": "20",
13078	-	"Maxdns": "235",
13078	+	"Maxdns": "235",
13079	-	"C2 Server": "ajax.microsoft.com,/c/msdownload/update/1930155_",
13079	+	"C2 Server": "ajax.microsoft.com,/c/msdownload/update/1930155_",
13080	-	"User Agent": "Windows-Update-Agent/10.0.10011.16384 Client-Protocol/1.40",
13080	+	"User Agent": "Windows-Update-Agent/10.0.10011.16384 Client-Protocol/1.40",
13081	-	"HTTP Method Path 2": "/c/msdownload/update/1534335_",
13081	+	"HTTP Method Path 2": "/c/msdownload/update/1534335_",
13082	-	"Header1": "",
13082	+	"Header1": "",
13083	-	"Header2": "",
13083	+	"Header2": "",
13084	-	"PipeName": "",
13084	+	"PipeName": "",
13085	-	"DNS Idle": "\\x08\\x08\\x04\\x04",
13085	+	"DNS Idle": "\\x08\\x08\\x04\\x04",
13086	-	"DNS Sleep": "0",
13086	+	"DNS Sleep": "0",
13087	-	"Method1": "POST",
13087	+	"Method1": "POST",
13088	-	"Method2": "POST",
13088	+	"Method2": "POST",
13089	-	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
13089	+	"Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
13090	-	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
13090	+	"Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
13091	-	"Proxy_AccessType": "2 (Use IE settings)"
13091	+	"Proxy_AccessType": "2 (Use IE settings)"
13092	-	}
13092	+	}
13093	-	}
13093	+	}
13094	-	}
13094	+	}
13095

Public Pastes

📌 Crypto Swap Glitch ✅ Still works 💎 💵
JavaScript | 3 min ago | 0.20 KB
Juicy X Hub | Adopt Me Script
Lua | 12 min ago | 0.61 KB
⭐ 💎 Exchange profit method 🚨 🔥
JavaScript | 24 min ago | 0.20 KB
Untitled
Lua | 31 min ago | 9.82 KB
✅ 💎 Free BTC method 🚨 🔥
JavaScript | 44 min ago | 0.20 KB
ALPHA STEVE ONE PIECE
C++ | 45 min ago | 0.13 KB
STEAL A BRAINROT SCRIPT 2025
C++ | 46 min ago | 0.14 KB
SWORD BURST 2 SCRIPT 2025
C++ | 48 min ago | 0.22 KB