<!DOCTYPE html>
<!-- saved from url=(0109)https://www.virustotal.com/gui/file/b424ad4b1f065fba66f242ddb4bfbbecdd491a8dc047705898aa97ef7b834ae1/behavior -->
<html lang="pl" data-bs-theme="dark" class="translated-ltr"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta http-equiv="origin-trial" content="3NNj0GXVktLOmVKwWUDendk4Vq2qgMVDBDX+Sni48ATJl9JBj+zF+9W2HGB3pvt6qowOihTbQgTeBm9SKbdTwYAAABfeyJvcmlnaW4iOiJodHRwczovL3JlY2FwdGNoYS5uZXQ6NDQzIiwiZmVhdHVyZSI6IlRwY2QiLCJleHBpcnkiOjE3MzUzNDM5OTksImlzVGhpcmRQYXJ0eSI6dHJ1ZX0="><meta http-equiv="origin-trial" content="A6iYDRdcg1LVww9DNZEU+JUx2g1IJxSxk4P6F+LimR0ElFa38FydBqtz/AmsKdGr11ZooRgDPCInHJfGzwtR+A4AAACXeyJvcmlnaW4iOiJodHRwczovL3d3dy5yZWNhcHRjaGEubmV0OjQ0MyIsImZlYXR1cmUiOiJEaXNhYmxlVGhpcmRQYXJ0eVN0b3JhZ2VQYXJ0aXRpb25pbmczIiwiZXhwaXJ5IjoxNzU3OTgwODAwLCJpc1N1YmRvbWFpbiI6dHJ1ZSwiaXNUaGlyZFBhcnR5Ijp0cnVlfQ=="><meta http-equiv="origin-trial" content="3NNj0GXVktLOmVKwWUDendk4Vq2qgMVDBDX+Sni48ATJl9JBj+zF+9W2HGB3pvt6qowOihTbQgTeBm9SKbdTwYAAABfeyJvcmlnaW4iOiJodHRwczovL3JlY2FwdGNoYS5uZXQ6NDQzIiwiZmVhdHVyZSI6IlRwY2QiLCJleHBpcnkiOjE3MzUzNDM5OTksImlzVGhpcmRQYXJ0eSI6dHJ1ZX0="><meta http-equiv="origin-tri
<link rel="stylesheet" href="./VirusTotal - File - b424ad4b1f065fba66f242ddb4bfbbecdd491a8dc047705898aa97ef7b834ae1_files/css">
<style>
:root {
--df-messenger-default-font-family: 'Google Sans', 'Helvetica Neue',
sans-serif;
--df-messenger-default-font-size: 14px;
--df-messenger-default-font-color: #1f1f1f;
--df-messenger-default-secondary-font-color: #757575;
--df-messenger-default-icon-font-color: #444746;
--df-messenger-default-primary-color: #0b57d0;
--df-messenger-default-link-font-color: #0b57d0;
--df-messenger-default-link-decoration: underline;
--df-messenger-default-focus-color: #1e88e5;
--df-messenger-default-focus-color-contrast: #fff;
--df-messenger-default-border-color: #e0e0e0;
--df-messenger-default-border: 1px solid
var(--df-messenger-default-border-color);
--df-messenger-default-border-radius: 8px;
--df-messenger-default-chat-border-radius: 0;
--df-messenger-default-box-shadow: 0 2px 2px 0 rgba(0, 0, 0, 0.24);
}
</style><link rel="icon" href="https://www.virustotal.com/gui/images/favicon.svg"><link rel="manifest" href="https://www.virustotal.com/gui/manifest.json"><meta name="theme-color" content="#3f51b5"><meta name="mobile-web-app-capable" content="yes"><meta name="application-name" content="VirusTotal"><meta name="apple-mobile-web-app-capable" content="yes"><meta name="apple-mobile-web-app-status-bar-style" content="black-translucent"><meta name="apple-mobile-web-app-title" content="VirusTotal"><link rel="apple-touch-icon" href="https://www.virustotal.com/gui/images/manifest/icon-48x48.png"><link rel="apple-touch-icon" sizes="72x72" href="https://www.virustotal.com/gui/images/manifest/icon-72x72.png"><link rel="apple-touch-icon" sizes="96x96" href="https://www.virustotal.com/gui/images/manifest/icon-96x96.png"><link rel="apple-touch-icon" sizes="144x144" href="https://www.virustotal.com/gui/images/manifest/icon-144x144.png"><link rel="apple-touch-icon" sizes="192x192" href="https://www.virustotal.com/gui/ima
<path d="M6.4 18.654 5.346 17.6l5.6-5.6-5.6-5.6L6.4 5.346l5.6 5.6 5.6-5.6L18.654 6.4l-5.6 5.6 5.6 5.6-1.054 1.054-5.6-5.6-5.6 5.6Z"></path>
</svg>
<!--?--> </button> </span> </span> <span slot="content" class="text-body-secondary"> <div class="vstack gap-3"> <span style="width:325px"><!--?lit$336419335$--></span> <!--?lit$336419335$--> <!--?lit$336419335$--> </div> </span> </vt-ui-popover> <!--?lit$336419335$--> <vt-modal-manager><template shadowrootmode="open"><!----></template></vt-modal-manager> <popover-manager><template shadowrootmode="open"><!----> <vt-ui-popover id="globalPopover" should-remain-open-on-hover=""><template shadowrootmode="open"><!----> <div class="popover bs-popover-auto shadow" role="tooltip" data-popper-reference-hidden="" data-popper-escaped="" data-popper-placement="right" style="position: absolute; inset: 0px auto auto 0px; margin: 0px; transform: translate3d(6.82261px, 0px, 0px);"> <div data-popper-arrow="" class="popover-arrow position-absolute" style="position: absolute; top: 0px; transform: translate3d(0px, 0px, 0px);"></div> <h3 class="popover-header d-none "> <slot name="header"></slot> </h3> <div class="popover-body" s
<path d="M6.4 18.654 5.346 17.6l5.6-5.6-5.6-5.6L6.4 5.346l5.6 5.6 5.6-5.6L18.654 6.4l-5.6 5.6 5.6 5.6-1.054 1.054-5.6-5.6-5.6 5.6Z"></path>
</svg>
<!--?--></a> </div> </div> </template></vt-ui-top-message> <uno-navbar><template shadowrootmode="open"><!----><div class="hstack bg-body-tertiary text-body-tertiary justify-content-between position-fixed w-100"> <div><slot></slot></div> <div class="hstack py-2 pe-3 w-100" style="gap:12px"> <div class="hstack gap-4 w-100 justify-content-end"> <!--?lit$336419335$--><input-autocomplete class="w-100"><template shadowrootmode="open"><!----> <div class="hstack gap-4"> <div class="input-placeholder-wrapper position-relative w-100"> <!--?lit$336419335$--> <div class="w-100 input-group bg-body-secondary rounded position-absolute"> <button class="btn btn-link py-1 rounded-start invisible" type="button"> <!--?lit$336419335$--><!--?lit$336419335$--><svg xmlns="http://www.w3.org/2000/svg" width="1em" height="1em" viewBox="0 0 24 24" fill="currentColor">
<path d="m19.441 20.403-6.197-6.2a5.386 5.386 0 0 1-1.707.955 5.993 5.993 0 0 1-1.981.336c-1.674 0-3.09-.578-4.245-1.734-1.155-1.156-1.733-2.568-1.733-4.237 0-1.67.577-3.083 1.731-4.24 1.155-1.158 2.567-1.737 4.238-1.737 1.67 0 3.085.579 4.242 1.736 1.158 1.157 1.737 2.57 1.737 4.241a5.88 5.88 0 0 1-.352 2.02 5.616 5.616 0 0 1-.94 1.681l6.2 6.186-.993.993Zm-9.89-6.308c1.281 0 2.364-.442 3.248-1.325.885-.884 1.328-1.967 1.328-3.25s-.443-2.366-1.328-3.25c-.884-.883-1.968-1.325-3.25-1.325-1.281 0-2.364.442-3.247 1.326-.883.883-1.325 1.967-1.325 3.25s.442 2.366 1.325 3.25c.884.882 1.967 1.324 3.25 1.324Z"></path>
</svg>
<!--?--> </button> <input tabindex="-1" id="placeholderInput" type="text" value="" class="form-control border-0 bg-body-secondary text-body-tertiary rounded py-1 ps-0 d-none "> </div> <div class="w-100 input-group bg-transparent position-relative"> <button class="btn btn-link py-1 rounded-start text-secondary" type="button"> <!--?lit$336419335$--><!--?lit$336419335$--><svg xmlns="http://www.w3.org/2000/svg" width="1em" height="1em" viewBox="0 0 24 24" fill="currentColor">
<path d="m19.441 20.403-6.197-6.2a5.386 5.386 0 0 1-1.707.955 5.993 5.993 0 0 1-1.981.336c-1.674 0-3.09-.578-4.245-1.734-1.155-1.156-1.733-2.568-1.733-4.237 0-1.67.577-3.083 1.731-4.24 1.155-1.158 2.567-1.737 4.238-1.737 1.67 0 3.085.579 4.242 1.736 1.158 1.157 1.737 2.57 1.737 4.241a5.88 5.88 0 0 1-.352 2.02 5.616 5.616 0 0 1-.94 1.681l6.2 6.186-.993.993Zm-9.89-6.308c1.281 0 2.364-.442 3.248-1.325.885-.884 1.328-1.967 1.328-3.25s-.443-2.366-1.328-3.25c-.884-.883-1.968-1.325-3.25-1.325-1.281 0-2.364.442-3.247 1.326-.883.883-1.325 1.967-1.325 3.25s.442 2.366 1.325 3.25c.884.882 1.967 1.324 3.25 1.324Z"></path>
</svg>
<!--?--> </button> <input class="form-control border-0 bg-transparent py-1 ps-0" type="text" id="searchInput" autocomplete="off" spellcheck="false" placeholder="Wyszukaj wska
niki IoC, aktor
w zagro
lub z
liwe oprogramowanie"> </div> <!--?lit$336419335$--> </div> <!--?lit$336419335$--> </div> </template></input-autocomplete> </div> <div class="vr"></div> <div class="hstack action-buttons gap-3 align-self-auto"> <!--?lit$336419335$--> <!--?lit$336419335$--> <span data-tooltip-text="Upload file" data-tooltip-position="bottom"> <a role="button" class="hstack link-secondary align-self-baseline" aria-label="Prze
lij plik"> <i class="hstack fs-4"><!--?lit$336419335$--><!--?lit$336419335$--><svg xmlns="http://www.w3.org/2000/svg" width="1em" height="1em" viewBox="0 0 24 24" fill="currentColor">
<path d="M11.25 15.789v-8.4L8.785 9.853 7.73 8.769 12 4.5l4.27 4.27-1.055 1.084-2.465-2.466v8.4h-1.5ZM6.308 19.5c-.505 0-.933-.175-1.283-.525a1.745 1.745 0 0 1-.525-1.283v-2.711H6v2.711c0 .077.032.148.096.212a.294.294 0 0 0 .212.096h11.384a.294.294 0 0 0 .212-.096.294.294 0 0 0 .096-.212v-2.711h1.5v2.711c0 .505-.175.933-.525 1.283-.35.35-.778.525-1.283.525H6.308Z"></path>
</svg>
<!--?--></i> </a> </span> <!--?lit$336419335$--> <vt-ui-menu class="position-relative align-self-baseline"><template shadowrootmode="open"><!----> <details> <summary tabindex="-1"> <slot name="trigger"></slot> </summary> <slot></slot> </details></template> <a role="button" class="fw-bold position-relative d-block link-secondary" slot="trigger" data-tooltip-text="View notifications" data-tooltip-position="bottom" aria-label="Powiadomienia"> <div class="hstack fs-4"> <!--?lit$336419335$--><!--?lit$336419335$--><svg xmlns="http://www.w3.org/2000/svg" width="1em" height="1em" viewBox="0 0 24 24" fill="currentColor">
<path d="M2.702 20.735V4.388c0-.474.166-.876.498-1.208a1.643 1.643 0 0 1 1.207-.498h15.186c.473 0 .875.166 1.207.498.332.332.498.734.498 1.207v11.226c0 .473-.166.875-.498 1.207a1.643 1.643 0 0 1-1.207.498H6.12l-3.417 3.417Zm2.832-4.816H19.59a.294.294 0 0 0 .212-.096.294.294 0 0 0 .096-.212V4.388a.294.294 0 0 0-.096-.211.294.294 0 0 0-.212-.096H4.41a.294.294 0 0 0-.212.096.294.294 0 0 0-.096.211v12.956l1.433-1.425Z"></path>
</svg>
<!--?--><!--?lit$336419335$--> <span data-testid="unread-notifications-indicator" class="notifications-badge position-absolute translate-middle p-1 bg-danger rounded-circle"> <span class="visually-hidden"><font style="vertical-align: inherit;"><font style="vertical-align: inherit;">Nieprzeczytane powiadomienia</font></font></span> </span> </div> </a> <vt-ui-submenu class="dropdown-menu show overflow-y-auto" name="notifications" role="menu" data-popper-placement="bottom-end" style="position: absolute; inset: 0px 0px auto auto; margin: 0px; transform: translate3d(0px, 25.3411px, 0px);"><template shadowrootmode="open"><!----><slot></slot></template> <slot name="notifications"></slot> </vt-ui-submenu> </vt-ui-menu> <!--?lit$336419335$--> <a role="button" class="fs-4 hstack link-secondary align-self-baseline" target="_blank" data-tooltip-text="Contact support" data-tooltip-position="bottom" aria-label="Skontaktuj si
z pomoc
techniczn
" href="https://www.virustotal.com/gui/contact-us"> <!--?lit$336419335$--><!--?lit$336419335$--><svg xmlns="http://www.w3.org/2000/svg" width="1em" height="1em" viewBox="0 0 24 24" fill="currentColor">
<path d="M12.008 17.474a.926.926 0 0 0 .681-.278.925.925 0 0 0 .278-.68.927.927 0 0 0-.278-.681.925.925 0 0 0-.68-.278.926.926 0 0 0-.68.278.924.924 0 0 0-.279.68c0 .268.093.495.278.68a.924.924 0 0 0 .68.279Zm-.687-3.48h1.327c.013-.473.087-.854.223-1.142.135-.287.445-.67.93-1.147.44-.426.77-.825.99-1.195.22-.37.331-.799.331-1.284 0-.842-.297-1.5-.891-1.972-.594-.472-1.303-.709-2.127-.709-.812 0-1.484.214-2.016.643a3.713 3.713 0 0 0-1.15 1.519l1.229.475c.119-.332.324-.649.617-.95.292-.302.724-.452 1.297-.452.59 0 1.028.162 1.31.485.283.324.424.68.424 1.069 0 .34-.095.648-.285.922-.19.275-.432.544-.725.807-.635.574-1.04 1.039-1.218 1.394-.177.355-.266.867-.266 1.537Zm.681 7.304a9.05 9.05 0 0 1-3.626-.733 9.395 9.395 0 0 1-2.954-1.99 9.407 9.407 0 0 1-1.988-2.951 9.034 9.034 0 0 1-.732-3.622 9.05 9.05 0 0 1 .733-3.626 9.394 9.394 0 0 1 1.99-2.954 9.406 9.406 0 0 1 2.951-1.988 9.034 9.034 0 0 1 3.622-.732 9.05 9.05 0 0 1 3.626.733 9.394 9.394 0 0 1 2.954 1.99 9.406 9.406 0 0 1 1.988 2.951 9.034 9.034 0 0 1 .732
</svg>
<!--?--> </a> <!--?lit$336419335$--> <a role="button" class="fs-4 hstack link-secondary"> <!--?lit$336419335$--><!--?lit$336419335$--><svg xmlns="http://www.w3.org/2000/svg" width="1em" height="1em" viewBox="0 0 24 24" fill="currentColor">
<path d="M12 15c.833 0 1.542-.292 2.125-.875A2.893 2.893 0 0 0 15 12c0-.833-.292-1.542-.875-2.125A2.893 2.893 0 0 0 12 9c-.833 0-1.542.292-2.125.875A2.893 2.893 0 0 0 9 12c0 .833.292 1.542.875 2.125A2.893 2.893 0 0 0 12 15Zm0 1.5c-1.249 0-2.31-.438-3.187-1.313C7.938 14.31 7.5 13.248 7.5 12c0-1.249.438-2.31 1.313-3.187C9.69 7.938 10.751 7.5 12 7.5c1.249 0 2.31.438 3.187 1.313.875.876 1.313 1.938 1.313 3.187 0 1.249-.438 2.31-1.313 3.187-.876.875-1.938 1.313-3.187 1.313Zm-7-3.75H1.25v-1.5H5v1.5Zm17.75 0H19v-1.5h3.75v1.5ZM11.25 5V1.25h1.5V5h-1.5Zm0 17.75V19h1.5v3.75h-1.5ZM6.573 7.577 4.231 5.315l1.06-1.11 2.255 2.318-.973 1.054ZM18.71 19.794l-2.271-2.332.988-1.039 2.342 2.262-1.06 1.11Zm-2.287-13.22 2.262-2.343 1.11 1.06-2.318 2.255-1.054-.973ZM4.206 18.709l2.332-2.271 1.02.988-2.252 2.352-1.1-1.07Z"></path>
</svg>
<!--?--> </a> </div> <div class="vr"></div> <uno-account-widget class="text-nowrap"><template shadowrootmode="open"><!----> <div class="hstack gap-4 main-container"> <!--?lit$336419335$--><div class="hstack gap-3"> <!--?lit$336419335$--> <!--?lit$336419335$--> <vt-ui-menu class="position-relative" id="userDropdown"><template shadowrootmode="open"><!----> <details> <summary tabindex="-1"> <slot name="trigger"></slot> </summary> <slot></slot> </details></template> <button type="button" slot="trigger" class="btn btn-link border-0 hstack p-0 text-nowrap link-secondary" style="gap:12px"> <span class="dropdown-toggle"><span class="text-truncate" style="max-width:150px"><!--?lit$336419335$--><!--?lit$336419335$--><!--?lit$336419335$--><font style="vertical-align: inherit;"><font style="vertical-align: inherit;">Arkadij </font></font> <!--?lit$336419335$--><font style="vertical-align: inherit;"><font style="vertical-align: inherit;">Kuli
ski</font></font><!--?--> </span></span> <vt-ui-avatar style="--vt-ui-avatar-size:32px"><template shadowrootmode="open"><!----> <div class="avatar"> <!--?lit$336419335$--> <figure class="avatar-picture-container"> <!--?lit$336419335$--> <!--?lit$336419335$--> <img id="avatar-picture" class="avatar-picture" loading="lazy" src="https://www.virustotal.com/ui/users/Arkadij_0/avatar"> <!--?lit$336419335$--> <vt-ui-tooltip for="avatar-picture" animated="" fit-to-visible-bounds=""><template shadowrootmode="open"><!----> <div class="tooltip bs-tooltip-auto" role="tooltip" data-popper-placement="left" style="position: absolute; inset: 0px 0px auto auto; margin: 0px; transform: translate3d(-51.6569px, 25.3411px, 0px);"> <div data-popper-arrow="" class="tooltip-arrow" style="position: absolute; top: 0px; transform: translate3d(0px, 0px, 0px);"></div> <div class="tooltip-inner"> <slot></slot> </div> </div> </template> <!--?lit$336419335$--><font style="vertical-align: inherit;"><font style="vertical-align: inherit;">Arka
</font></font></a> </vt-ui-submenu> <vt-ui-submenu class="dropdown-menu show tenants" name="tenants" role="menu" data-popper-placement="bottom-end" style="position: absolute; inset: 0px 0px auto auto; margin: 0px; transform: translate3d(0px, 36.0624px, 0px);"><template shadowrootmode="open"><!----><slot></slot></template> <h6 class="dropdown-header hstack gap-2"> <button class="btn-back" data-submenu-back="" aria-label="Menu g
wne"></button><font style="vertical-align: inherit;"><font style="vertical-align: inherit;">Menu g
wne</font></font></h6> <vt-ui-searchable-select no-border="" id="tenant-select" class="d-block border-bottom"><template shadowrootmode="open"><!----> <div class="dropdown-menu position-relative show border-0 "> <!--?lit$336419335$--> <slot name="search-input-field"> <div class="dropdown-item bg-body"> <vt-ui-text-input id="filterInput" placeholder="Wyszukaj najemc
" empty=""><template shadowrootmode="open"><!----> <slot name="left-wrapper"></slot> <!--?lit$336419335$--> <input name="input" id="input" type="text" placeholder="Wyszukaj najemc
" pattern=".*" minlength="" maxlength="" min="" max="" autocapitalize="off" autocomplete="off" spellcheck="false"> <div id="iconWrapper" class="iconWrapper" hidden=""> <span class="icon" id="inputIcon"><!--?lit$336419335$--></span> <vt-ui-tooltip for="inputIcon" hidden=""><template shadowrootmode="open"><!----> <div class="tooltip bs-tooltip-auto" role="tooltip" data-popper-reference-hidden="" data-popper-escaped="" data-popper-placement="right" style="position: absolute; inset: 0px auto auto 0px; margin: 0px; transform: translate3d(5.84795px, 0px, 0px);"> <div data-popper-arrow="" class="tooltip-arrow" style="position: absolute; top: 0px; transform: translate3d(0px, 0px, 0px);"></div> <div class="tooltip-inner"> <slot></slot> </div> </div> </template><!--?lit$336419335$--></vt-ui-tooltip> </div> <slot name="right-wrapper"></slot> </template></vt-ui-text-input> </div> </slot> <div class="list overflow-auto"> <!--?lit$336419335$--> <!--?lit$336419335$--> </div> </div></template> </vt-ui-searchable-select> <!--
enia z Google Threat Intelligence
odcinek 7</font></font></h5> <div class="notification-summary"> <!--?lit$336419335$--><font style="vertical-align: inherit;"><font style="vertical-align: inherit;">Do
cz do nas </font></font><b><font style="vertical-align: inherit;"><font style="vertical-align: inherit;">9 kwietnia o 17:00 CEST</font></font></b><font style="vertical-align: inherit;"><font style="vertical-align: inherit;"> na sesj
ywo krok po kroku na temat </font></font><b><font style="vertical-align: inherit;"><font style="vertical-align: inherit;">Google Threat Intelligence Threat Hunting!</font></font></b><font style="vertical-align: inherit;"><font style="vertical-align: inherit;">
Przejdziemy przez rzeczywiste kampanie
od og
lnego phishingu po wykorzystywanie luk
wimy najnowsz
aktywno
znanego aktora zagro
i przedstawimy przegl
d platformy.</font></font> </div> <div class="text-body-tertiary mt-1"> <vt-ui-time-ago unixtime="1743498209"><template shadowrootmode="open"><!----> <!--?lit$336419335$--><font style="vertical-align: inherit;"><font style="vertical-align: inherit;">24 dni temu</font></font> </template></vt-ui-time-ago> </div> </div> <div class="hstack align-items-center"> <!--?lit$336419335$--><span class="p-1 rounded-circle bg-primary" data-testid="unread-notification"><span class="visually-hidden"><font style="vertical-align: inherit;"><font style="vertical-align: inherit;">Nieprzeczytane powiadomienie</font></font></span></span> </div> </div> </a> <!----><!----> <a target="_blank" role="menuitem" href="https://www.googlecloudcommunity.com/gc/Community-Blog/Consuming-Backscatter-Information-to-Perform-Threat-Hunting/ba-p/863828" class="dropdown-item border-top"> <div class="hstack text-wrap"> <div class="vstack"> <h5 class="fw-bolder"><!--?lit$336419335$--><font style="vertical-align: inherit;"><font style="vertical-align:
enia z Backscatterem Mandiant FLARE</font></font></h5> <div class="notification-summary"> <!--?lit$336419335$--><font style="vertical-align: inherit;"><font style="vertical-align: inherit;">Cieszymy si
e zesp
Mandiant FLARE przyczynia si
do naszej misji. Niedawno rzucili
my nieco wi
a na to, jak u
ywamy </font></font><a href="https://www.virustotal.com/go/utm/bc4ce2c4dcd16783e667703b39bdbfca89d15d8e70775c859cb6d88291f202bd747fc2ab8c4afdb6de4b500a3ad45744ca09309d3e8cf4672fc20ddbe21932dcf2a2f090ebba386cde1c42888375811ffce5acd45ebff75ca079fb4eaa1715e7a442a3f34ac34445bf734948f50578c76d9338876c4bfcea79376ea1da9296475964808cda49707032fe48bc1d59c8995783c6f82e386c0472831fdd8094c582f1b9f1efd4e0816c980e2995722e7ace" target="_blank"><font style="vertical-align: inherit;"><font style="vertical-align: inherit;">Backscatter FLARE</font></font></a><font style="vertical-align: inherit;"><font style="vertical-align: inherit;"> do automatycznego wyodr
bniania konfiguracji z
liwego oprogramowania przetwarzanego przez platform
</font></font><br><font style="vertical-align: inherit;"><font style="vertical-align: inherit;">Dowiedz si
cej o tym, jak </font></font><a href="https://www.virustotal.com/go/utm/bc4ce2c4dcd16783e667703b39bdbfca89d15d8e70775c859cb6d88291f202bd747fc2ab8c4afdb6de4b500a3ad45744097eb28a837a8be9b47f00984252d099142947e61644f280dcf9d149edf2230ba2551606c9fdfa262c4707ba4d2fb151bbff9beaa70aaa38c7c91e7a205331f07a5dd078921917ba74725131f1f9b7de5e77219604438f035c3fe9baf2f47928a2de01e53aa5090258ed197e11b57bacd38991be4fbddcb26a5585a9aa6931002719e6b09bcd5636a936ea696592bb5e" target="_blank"><font style="vertical-align: inherit;"><font style="vertical-align: inherit;">wykorzysta
spostrze
enia Backscatter do polowania na zagro
enia</font></font></a><font style="vertical-align: inherit;"><font style="vertical-align: inherit;"> !</font></font> </div> <div class="text-body-tertiary mt-1"> <vt-ui-time-ago unixtime="1738936279"><template shadowrootmode="open"><!----> <!--?lit$336419335$--><font style="vertical-align: inherit;"><font style="vertical-align: inherit;">2 miesi
ce temu</font></font> </template></vt-ui-time-ago> </div> </div> <div class="hstack align-items-center"> <!--?lit$336419335$--><span class="p-1 rounded-circle bg-body-tertiary"><span class="visually-hidden"><font style="vertical-align: inherit;"><font style="vertical-align: inherit;">Powiadomienie ju
przeczytane</font></font></span></span> </div> </div> </a> <!----><!----> <a target="_blank" role="menuitem" href="https://www.brighttalk.com/webcast/7451/632810" class="dropdown-item border-top"> <div class="hstack text-wrap"> <div class="vstack"> <h5 class="fw-bolder"><!--?lit$336419335$--><font style="vertical-align: inherit;"><font style="vertical-align: inherit;">[Google TI] Informacje na temat strategicznych informacji dla instytucji finansowych</font></font></h5> <div class="notification-summary"> <!--?lit$336419335$--><font style="vertical-align: inherit;"><font style="vertical-align: inherit;">Do
cz do nas </font></font><b><font style="vertical-align: inherit;"><font style="vertical-align: inherit;">14 stycznia o 17:30 CEST</font></font></b><font style="vertical-align: inherit;"><font style="vertical-align: inherit;"> na sesj
YWO z jednym z naszych najlepszych badaczy Google Threat Intelligence, aby uzyska
cenne informacje na temat </font></font><b><font style="vertical-align: inherit;"><font style="vertical-align: inherit;">kontekstu instytucji finansowych</font></font></b><font style="vertical-align: inherit;"><font style="vertical-align: inherit;"> . Sesja b
dzie obejmowa
starannie wyselekcjonowane, bie
ce i wykonalne strategiczne informacje wywiadowcze z </font></font><b><font style="vertical-align: inherit;"><font style="vertical-align: inherit;">Google Threat Intelligence</font></font></b><font style="vertical-align: inherit;"><font style="vertical-align: inherit;"> .</font></font> </div> <div class="text-body-tertiary mt-1"> <vt-ui-time-ago unixtime="1736354075"><template shadowrootmode="open"><!----> <!--?lit$336419335$--><font style="vertical-align: inherit;"><font style="vertical-align: inherit;">3 miesi
ce temu</font></font> </template></vt-ui-time-ago> </div> </div> <div class="hstack align-items-center"> <!--?lit$336419335$--><span class="p-1 rounded-circle bg-body-tertiary"><span class="visually-hidden"><font style="vertical-align: inherit;"><font style="vertical-align: inherit;">Powiadomienie ju
przeczytane</font></font></span></span> </div> </div> </a> <!----><!----> <a target="_blank" role="menuitem" href="https://www.googlecloudcommunity.com/gc/Community-Blog/Using-Google-Threat-Intelligence-to-create-behavioral-detections/ba-p/844158" class="dropdown-item border-top"> <div class="hstack text-wrap"> <div class="vstack"> <h5 class="fw-bolder"><!--?lit$336419335$--><font style="vertical-align: inherit;"><font style="vertical-align: inherit;">Wzmocnij wykrywanie zagro
ki Google Threat Intelligence</font></font></h5> <div class="notification-summary"> <!--?lit$336419335$--><font style="vertical-align: inherit;"><font style="vertical-align: inherit;">Wykorzystaj </font></font><b><font style="vertical-align: inherit;"><font style="vertical-align: inherit;">Google Threat Intelligence,</font></font></b><font style="vertical-align: inherit;"><font style="vertical-align: inherit;"> aby tworzy
ne wykrywanie zachowa
i wyprzedza
rozwijaj
zagro
enia. Popraw swoj
zdolno
do przeprowadzania bada
w celu wykrywania zachowa
ITW.</font></font> </div> <div class="text-body-tertiary mt-1"> <vt-ui-time-ago unixtime="1734450385"><template shadowrootmode="open"><!----> <!--?lit$336419335$--><font style="vertical-align: inherit;"><font style="vertical-align: inherit;">4 miesi
ce temu</font></font> </template></vt-ui-time-ago> </div> </div> <div class="hstack align-items-center"> <!--?lit$336419335$--><span class="p-1 rounded-circle bg-body-tertiary"><span class="visually-hidden"><font style="vertical-align: inherit;"><font style="vertical-align: inherit;">Powiadomienie ju
przeczytane</font></font></span></span> </div> </div> </a> <!----><!----> <a target="_blank" role="menuitem" href="https://blog.virustotal.com/2024/11/important-update-ip-address-change-for.html" class="dropdown-item border-top"> <div class="hstack text-wrap"> <div class="vstack"> <h5 class="fw-bolder"><!--?lit$336419335$--><font style="vertical-align: inherit;"><font style="vertical-align: inherit;">Wa
na aktualizacja: zmiana adresu IP dla www.virustotal.com</font></font></h5> <div class="notification-summary"> <!--?lit$336419335$--><font style="vertical-align: inherit;"><font style="vertical-align: inherit;">Od 25 listopada b
dziemy stopniowo przenosi
rozdzielczo
www.virustotal.com na </font></font><b><font style="vertical-align: inherit;"><font style="vertical-align: inherit;">nowy adres IP: 34.54.88.138</font></font></b><font style="vertical-align: inherit;"><font style="vertical-align: inherit;"> . Je
ywasz zapory sieciowej lub filtrowania proxy, zaktualizuj swoje regu
cej szczeg
w </font></font><a href="https://blog.virustotal.com/2024/11/important-update-ip-address-change-for.html" target="_blank"><font style="vertical-align: inherit;"><font style="vertical-align: inherit;">tutaj</font></font></a><font style="vertical-align: inherit;"><font style="vertical-align: inherit;"> .</font></font> </div> <div class="text-body-tertiary mt-1"> <vt-ui-time-ago unixtime="1731424274"><template shadowrootmode="open"><!----> <!--?lit$336419335$--><font style="vertical-align: inherit;"><font style="vertical-align: inherit;">5 miesi
cy temu</font></font> </template></vt-ui-time-ago> </div> </div> <div class="hstack align-items-center"> <!--?lit$336419335$--><span class="p-1 rounded-circle bg-body-tertiary"><span class="visually-hidden"><font style="vertical-align: inherit;"><font style="vertical-align: inherit;">Powiadomienie ju
przeczytane</font></font></span></span> </div> </div> </a> <!----><!----> <a target="_blank" role="menuitem" href="https://www.brighttalk.com/webcast/18282/604369?utm_source=VirusTotal&utm_medium=brighttalk&utm_campaign=604369" class="dropdown-item border-top"> <div class="hstack text-wrap"> <div class="vstack"> <h5 class="fw-bolder"><!--?lit$336419335$--><font style="vertical-align: inherit;"><font style="vertical-align: inherit;">Otwarta sesja Threat Hunting
odcinek 5</font></font></h5> <div class="notification-summary"> <!--?lit$336419335$--><p><a href="https://www.brighttalk.com/webcast/18282/604369?utm_source=VirusTotal&utm_medium=brighttalk&utm_campaign=604369"><font style="vertical-align: inherit;"><font style="vertical-align: inherit;">Do
cz do nas</font></font></a><font style="vertical-align: inherit;"><font style="vertical-align: inherit;"> 11 </font></font><b><font style="vertical-align: inherit;"><font style="vertical-align: inherit;">stycznia</font></font></b><font style="vertical-align: inherit;"><font style="vertical-align: inherit;"> na now
</font></font><b><font style="vertical-align: inherit;"><font style="vertical-align: inherit;">sesj
ywo po
polowaniu na zagro
enia,</font></font></b><font style="vertical-align: inherit;"><font style="vertical-align: inherit;"> podczas kt
rej om
wimy, jak wyszukiwa
zagro
enia w ramach </font></font><b><font style="vertical-align: inherit;"><font style="vertical-align: inherit;">regu
Sigma</font></font></b><font style="vertical-align: inherit;"><font style="vertical-align: inherit;"> przy u
yciu najnowszych funkcji dodanych do system
w macOS i Linux, a tak
e sprawdzimy, w jaki spos
b analiza </font></font><b><font style="vertical-align: inherit;"><font style="vertical-align: inherit;">oparta na crowdsourcingu AI</font></font></b><font style="vertical-align: inherit;"><font style="vertical-align: inherit;"> wypada w por
wnaniu ze zidentyfikowanymi dopasowaniami do regu
Sigma i jak je uzupe
nia.</font></font></p> </div> <div class="text-body-tertiary mt-1"> <vt-ui-time-ago unixtime="1704879381"><template shadowrootmode="open"><!----> <!--?lit$336419335$--><font style="vertical-align: inherit;"><font style="vertical-align: inherit;">1 rok temu</font></font> </template></vt-ui-time-ago> </div> </div> <div class="hstack align-items-center"> <!--?lit$336419335$--><span class="p-1 rounded-circle bg-body-tertiary"><span class="visually-hidden"><font style="vertical-align: inherit;"><font style="vertical-align: inherit;">Powiadomienie ju
przeczytane</font></font></span></span> </div> </div> </a> <!----><!----> <a target="_blank" role="menuitem" href="https://blog.virustotal.com/2023/11/the-definitive-virustotals-admin-guide.html" class="dropdown-item border-top"> <div class="hstack text-wrap"> <div class="vstack"> <h5 class="fw-bolder"><!--?lit$336419335$--><font style="vertical-align: inherit;"><font style="vertical-align: inherit;">Przedstawiamy ostateczny przewodnik administratora VirusTotal</font></font></h5> <div class="notification-summary"> <!--?lit$336419335$--><font style="vertical-align: inherit;"><font style="vertical-align: inherit;">Sprawd
to! </font></font><a href="https://docs.virustotal.com/docs/admins-guide" target="_blank"><font style="vertical-align: inherit;"><font style="vertical-align: inherit;">Przewodnik dla administrator
w grup VirusTotal!</font></font></a> </div> <div class="text-body-tertiary mt-1"> <vt-ui-time-ago unixtime="1700651162"><template shadowrootmode="open"><!----> <!--?lit$336419335$--><font style="vertical-align: inherit;"><font style="vertical-align: inherit;">1 rok temu</font></font> </template></vt-ui-time-ago> </div> </div> <div class="hstack align-items-center"> <!--?lit$336419335$--><span class="p-1 rounded-circle bg-body-tertiary"><span class="visually-hidden"><font style="vertical-align: inherit;"><font style="vertical-align: inherit;">Powiadomienie ju
przeczytane</font></font></span></span> </div> </div> </a> <!----><!----> <a target="_blank" role="menuitem" href="https://www.youtube.com/playlist?list=PLO3ARB-zEuSOUZZkAd9r7PNXZagTQ6Y8x" class="dropdown-item border-top"> <div class="hstack text-wrap"> <div class="vstack"> <h5 class="fw-bolder"><!--?lit$336419335$--><font style="vertical-align: inherit;"><font style="vertical-align: inherit;">VT Academy - szkolenie analityk
w IR i SOC</font></font></h5> <div class="notification-summary"> <!--?lit$336419335$--><font style="vertical-align: inherit;"><font style="vertical-align: inherit;">Nasze nowe </font></font><a href="https://www.youtube.com/playlist?list=PLO3ARB-zEuSOUZZkAd9r7PNXZagTQ6Y8x" target="_blank"><font style="vertical-align: inherit;"><font style="vertical-align: inherit;">szkolenie VT Academy dla analityk
w SOC i IR</font></font></a><font style="vertical-align: inherit;"><font style="vertical-align: inherit;"> jest ju
pne!</font></font> </div> <div class="text-body-tertiary mt-1"> <vt-ui-time-ago unixtime="1698921360"><template shadowrootmode="open"><!----> <!--?lit$336419335$--><font style="vertical-align: inherit;"><font style="vertical-align: inherit;">1 rok temu</font></font> </template></vt-ui-time-ago> </div> </div> <div class="hstack align-items-center"> <!--?lit$336419335$--><span class="p-1 rounded-circle bg-body-tertiary"><span class="visually-hidden"><font style="vertical-align: inherit;"><font style="vertical-align: inherit;">Powiadomienie ju
przeczytane</font></font></span></span> </div> </div> </a> <!----><!----> <a target="_blank" role="menuitem" href="https://www.brighttalk.com/webcast/18282/592177?utm_source=VirusTotal&utm_medium=email&utm_campaign=592177" class="dropdown-item border-top"> <div class="hstack text-wrap"> <div class="vstack"> <h5 class="fw-bolder"><!--?lit$336419335$--><font style="vertical-align: inherit;"><font style="vertical-align: inherit;">Polowanie na zagro
enia z VirusTotal - odcinek 4</font></font></h5> <div class="notification-summary"> <!--?lit$336419335$--><div><a target="_blank" href="https://www.virustotal.com/go/utm/bcc22b65f194d5bbdbb0db988a9b6412c5467de3380bb834d4b83dafda20fd71cde84b6ae545fedf4519cd5a1627f86fa1b1101e4d9a0f5cc800aa2625210ace6e0fddb296a61f8fbeb3c0114f13d2fb6baa4466083d2916f058ea7eaf2ddd11fdece8ce419b7e37523d25d3d52df6e614a5cd17e0dcfe01664693b93323b840b4f58c4e51b093552813fc2f0af298aaac404a9d382a1d9879517b4689cb922987935957bb04d4c8c478d6ed18b505aa5d27ea5bff2b78939337fbdbdf555ccb"><font style="vertical-align: inherit;"><font style="vertical-align: inherit;">Do
cz do nas</font></font></a><font style="vertical-align: inherit;"><font style="vertical-align: inherit;"> 30 </font></font><b><font style="vertical-align: inherit;"><font style="vertical-align: inherit;">sierpnia</font></font></b><font style="vertical-align: inherit;"><font style="vertical-align: inherit;"> na now
ywo po
polowaniu na zagro
enia, podczas kt
rej poka
emy, jak korzysta
z nowych mo
ci </font></font><b><font style="vertical-align: inherit;"><font style="vertical-align: inherit;">YARA Netloc</font></font></b><font style="vertical-align: inherit;"><font style="vertical-align: inherit;"> do monitorowania infrastruktury i zasob
w pod k
tem najcz
ciej wyst
cych zagro
.</font></font></div> </div> <div class="text-body-tertiary mt-1"> <vt-ui-time-ago unixtime="1692349494"><template shadowrootmode="open"><!----> <!--?lit$336419335$--><font style="vertical-align: inherit;"><font style="vertical-align: inherit;">1 rok temu</font></font> </template></vt-ui-time-ago> </div> </div> <div class="hstack align-items-center"> <!--?lit$336419335$--><span class="p-1 rounded-circle bg-body-tertiary"><span class="visually-hidden"><font style="vertical-align: inherit;"><font style="vertical-align: inherit;">Powiadomienie ju
przeczytane</font></font></span></span> </div> </div> </a> <!----><!----> <a target="_blank" role="menuitem" href="https://blog.virustotal.com/2023/07/virustotal-malware-trends-report.html" class="dropdown-item border-top"> <div class="hstack text-wrap"> <div class="vstack"> <h5 class="fw-bolder"><!--?lit$336419335$--><font style="vertical-align: inherit;"><font style="vertical-align: inherit;">Raport o trendach w zakresie z
liwego oprogramowania w VT: Nowe formaty i techniki dostarczania</font></font></h5> <div class="notification-summary"> <!--?lit$336419335$--><font style="vertical-align: inherit;"><font style="vertical-align: inherit;">Nasz nowy </font></font><a href="https://blog.virustotal.com/2023/07/virustotal-malware-trends-report.html" target="_blank"><font style="vertical-align: inherit;"><font style="vertical-align: inherit;">raport VirusTotal Malware Trends: Emerging Formats and Delivery</font></font></a><font style="vertical-align: inherit;"><font style="vertical-align: inherit;"> jest ju
pny!</font></font> </div> <div class="text-body-tertiary mt-1"> <vt-ui-time-ago unixtime="1690461180"><template shadowrootmode="open"><!----> <!--?lit$336419335$--><font style="vertical-align: inherit;"><font style="vertical-align: inherit;">1 rok temu</font></font> </template></vt-ui-time-ago> </div> </div> <div class="hstack align-items-center"> <!--?lit$336419335$--><span class="p-1 rounded-circle bg-body-tertiary"><span class="visually-hidden"><font style="vertical-align: inherit;"><font style="vertical-align: inherit;">Powiadomienie ju
przeczytane</font></font></span></span> </div> </div> </a> <!----> </div> </uno-navbar> <!--?lit$336419335$--> <!--?lit$336419335$--> <div id="mainContent" class=""> <vt-ui-skeleton><template shadowrootmode="open"><!----><slot></slot></template></vt-ui-skeleton> <main class="p-md-5 p-2"> <slot></slot> </main> </div> <!--?lit$336419335$--> <div class=""> <!--?lit$336419335$--><vt-ui-main-footer class="border-top" navbar="omnibar"><template shadowrootmode="open"><!----> <footer id="main-footer"> <section class="footer-item"> <h2> <a target="_blank" id="virustotal-virustotal-footer" href="https://docs.virustotal.com/docs/how-it-works"><font style="vertical-align: inherit;"><font style="vertical-align: inherit;">Nasz produkt</font></font></a> </h2> <ul> <li class="highlighted"> <a target="_blank" id="contact-us-virustotal-footer" href="https://www.virustotal.com/gui/contact-us"><font style="vertical-align: inherit;"><font style="vertical-align: inherit;">Skontaktuj si
z nami</font></font></a> </li> <li> <a target="_blank" id="get-support-virustotal-footer" href="https://www.virustotal.com/gui/contact-us/technical-support"><font style="vertical-align: inherit;"><font style="vertical-align: inherit;">Uzyskaj wsparcie</font></font></a> </li> <li> <a target="_blank" id="how-it-works-virustotal-footer" href="https://docs.virustotal.com/docs/how-it-works"><font style="vertical-align: inherit;"><font style="vertical-align: inherit;">Jak to dzia
a</font></font></a> </li> <li> <a target="_blank" id="tos-virustotal-footer" href="https://cloud.google.com/terms/secops"><font style="vertical-align: inherit;"><font style="vertical-align: inherit;">Warunki korzystania z us
ugi</font></font></a><font style="vertical-align: inherit;"><font style="vertical-align: inherit;"> | </font></font><a target="_blank" id="privacy-policy-virustotal-footer" href="https://cloud.google.com/terms/secops/privacy-notice"><font style="vertical-align: inherit;"><font style="vertical-align: inherit;">Powiadomienie o ochronie prywatno
ci</font></font></a> </li> <li> <a target="_blank" id="blog-virustotal-footer" href="https://blog.virustotal.com/"><font style="vertical-align: inherit;"><font style="vertical-align: inherit;">Blog</font></font></a><font style="vertical-align: inherit;"><font style="vertical-align: inherit;"> | </font></font><a target="_blank" id="releases-virustotal-footer" href="https://releases.virustotal.com/"><font style="vertical-align: inherit;"><font style="vertical-align: inherit;">Wydania</font></font></a> </li> </ul> </section> <section class="footer-item"> <h2> <a target="_blank" id="community-community-footer" href="https://docs.virustotal.com/docs/community"><font style="vertical-align: inherit;"><font style="vertical-align: inherit;">Wsp
lnota</font></font></a> </h2> <ul> <li> <a id="join-community-community-footer" href="https://www.virustotal.com/gui/join-us"><font style="vertical-align: inherit;"><font style="vertical-align: inherit;">Do
cz do spo
ci</font></font></a> </li> <li> <a target="_blank" id="vote-and-comment-community-footer" href="https://docs.virustotal.com/docs/comments"><font style="vertical-align: inherit;"><font style="vertical-align: inherit;">G
osuj i komentuj</font></font></a> </li> <li> <a target="_blank" id="contributors-community-footer" href="https://docs.virustotal.com/docs/contributors"><font style="vertical-align: inherit;"><font style="vertical-align: inherit;">Wsp
pracownicy</font></font></a> </li> <li> <a id="top-users-community-footer" href="https://www.virustotal.com/gui/top-users"><font style="vertical-align: inherit;"><font style="vertical-align: inherit;">Najlepsi u
ytkownicy</font></font></a> </li> <li> <a id="community-buzz-community-footer" href="https://www.virustotal.com/gui/community-buzz"><font style="vertical-align: inherit;"><font style="vertical-align: inherit;">Spo
Buzz</font></font></a> </li> </ul> </section> <section class="footer-item"> <h2> <a target="_blank" id="tools-tools-footer" href="https://docs.virustotal.com/docs/tools-overview"><font style="vertical-align: inherit;"><font style="vertical-align: inherit;">Narz
dzia</font></font></a> </h2> <ul> <li> <a target="_blank" id="api-scripts-tools-footer" href="https://docs.virustotal.com/docs/api-scripts-and-client-libraries"><font style="vertical-align: inherit;"><font style="vertical-align: inherit;">Skrypty API</font></font></a> </li> <li> <a target="_blank" id="yara-tools-footer" href="https://docs.virustotal.com/docs/whats-vthunting"><font style="vertical-align: inherit;"><font style="vertical-align: inherit;">YARA</font></font></a> </li> <li> <a target="_blank" id="desktop-apps-tools-footer" href="https://docs.virustotal.com/docs/desktop-apps"><font style="vertical-align: inherit;"><font style="vertical-align: inherit;">Aplikacje na komputery stacjonarne</font></font></a> </li> <li> <a target="_blank" id="browser-extensions-tools-footer" href="https://docs.virustotal.com/docs/browser-extensions"><font style="vertical-align: inherit;"><font style="vertical-align: inherit;">Rozszerzenia przegl
darki</font></font></a> </li> <li> <a target="_blank" id="mobile-app-tools-footer" href="https://docs.virustotal.com/docs/mobile-apps"><font style="vertical-align: inherit;"><font style="vertical-align: inherit;">Aplikacja mobilna</font></font></a> </li> </ul> </section> <section class="footer-item"> <h2> <a id="premium-services-premium-footer" href="https://www.virustotal.com/gui/services-overview"><font style="vertical-align: inherit;"><font style="vertical-align: inherit;">Us
ugi Premium</font></font></a> </h2> <ul> <li class="highlighted"> <a target="_blank" id="get-a-demo-premium-footer" href="https://www.virustotal.com/gui/contact-us/premium-services"><font style="vertical-align: inherit;"><font style="vertical-align: inherit;">Pobierz demo</font></font></a> </li> <li> <a id="intelligence-premium-footer" href="https://www.virustotal.com/gui/intelligence-overview"><font style="vertical-align: inherit;"><font style="vertical-align: inherit;">Inteligencja</font></font></a> </li> <li> <a id="hunting-premium-footer" href="https://www.virustotal.com/gui/hunting-overview"><font style="vertical-align: inherit;"><font style="vertical-align: inherit;">Polowanie</font></font></a> </li> <li> <a id="graph-premium-footer" href="https://www.virustotal.com/gui/graph-overview"><font style="vertical-align: inherit;"><font style="vertical-align: inherit;">Wykres</font></font></a> </li> <li> <a target="_blank" id="api-premium-footer" href="https://docs.virustotal.com/reference/overview"><font styl
ady zastosowa
</font></font></a> </li> </ul> </section> <!--?lit$336419335$--> </footer> </template></vt-ui-main-footer> </div> <vt-ui-dialog id="uploadModal" with-backdrop=""><template shadowrootmode="open"><!----><!--?--></template> <div class="content upload-dialog"> <vt-ui-main-upload-form id="uploadModalForm"><template shadowrootmode="open"><!----><div class="vstack gap-4 align-items-center"> <!--?lit$336419335$--> <svg xmlns="http://www.w3.org/2000/svg" height="80" fill="currentColor" viewBox="0 0 256 170"> <g> <path style="fill:var(--bs-body-color)" d="M71 8h80.9v29.1c0 2.2 1.8 4 4 4h30V47h8v-9.1c0-1.6-.6-3.1-1.7-4.2L161.1 1.8C160 .6 158.4 0 156.8 0H68c-2.8 0-5 2.2-5 5v42h8V8Zm88.9 4 20.5 21h-20.5V12Z"></path> <path style="fill:var(--bs-tertiary-color)" fill-rule="evenodd" d="M185.9 161.9H71V59h-8v105.9c0 2.8 2.2 5 5 5h120.9c2.8 0 5-2.2 5-5V59h-8v102.9ZM103 63.3c.7.8 2 .9 2.8.2 1.8-1.6 4.6-3.2 8-4.5h-8.7c-.7.5-1.3 1-1.9 1.5-.9.7-.9 2-.2 2.8Zm49.5.1c.8-.8.7-2.1-.1-2.8l-1.8-1.5h-7.7c2.4 1.1 4.7 2.6 6.8 4.5.7.6 2 .6
c0-3.7-3-6.7-6.7-6.7s-6.7,3-6.7,6.7s3,6.7,6.7,6.7c0.8,0,1.5,0.7,1.5,1.5S12.8,21.7,12,21.7z"></path> </svg> </div> </template></vt-ui-loading> <a class="toast-close fs-4"> <!--?lit$336419335$--><!--?lit$336419335$--><svg xmlns="http://www.w3.org/2000/svg" width="1em" height="1em" viewBox="0 0 24 24" fill="currentColor">
<path d="M6.4 18.654 5.346 17.6l5.6-5.6-5.6-5.6L6.4 5.346l5.6 5.6 5.6-5.6L18.654 6.4l-5.6 5.6 5.6 5.6-1.054 1.054-5.6-5.6-5.6 5.6Z"></path>
</svg>
<!--?--> </a> </vt-ui-toast> <div class="footer-notifications"> <div class="disclaimers-container"> <vt-stateful-disclaimer><template shadowrootmode="open"><!----></template><font style="vertical-align: inherit;"><font style="vertical-align: inherit;">U
ywamy plik
w cookie i powi
zanych technologii, aby zapami
preferencje u
ytkownika, zapewni
bezpiecze
stwo, analizowa
ruch na naszej stronie i umo
jej dzia
anie. Dowiedz si
cej o plikach cookie w naszej </font></font><a href="https://cloud.google.com/terms/secops/privacy-notice"><font style="vertical-align: inherit;"><font style="vertical-align: inherit;">Polityce prywatno
ci</font></font></a><font style="vertical-align: inherit;"><font style="vertical-align: inherit;"> .</font></font></vt-stateful-disclaimer> </div> <vt-old-browser-toast><template shadowrootmode="open"><!----></template></vt-old-browser-toast> <vt-ui-sw-installer><template shadowrootmode="open"><!----></template></vt-ui-sw-installer> </div> <vt-ui-overlay-backdrop id="genericOverlay"><template shadowrootmode="open"><!----> <div id="overlay"> <slot></slot> </div> </template> </vt-ui-overlay-backdrop> <vt-ui-walkthrough id="walkthrough"></vt-ui-walkthrough> <div class="footer-action-icons hstack gap-3 position-fixed p-4 d-none d-md-flex z-3"> <!--?lit$336419335$--> <!--?lit$336419335$--> <vt-ui-bot><template shadowrootmode="open"><!----> <!--?lit$336419335$--> <df-messenger language-code="en" storage-option="none" agent-id="2166e570-8173-4c94-8270-6d559fed63b0" allow-feedback="" location="global" max-query-length="256"><template shadowrootmode="open"><!---->
<div class="wrapper">
<!--?lit$125307404$--> <!--?lit$125307404$-->
<slot></slot>
</div>
</template> <df-messenger-chat-bubble chat-title="Assistant Bot" bot-writing-text="..." bot-writing-image="static/img/sparkle_thinking_v1.gif" placeholder-text="Ask me anything related to VT" allow-fullscreen="small"><template shadowrootmode="open"><!---->
<div class="container">
<button class="close-button bubble focus-outline" aria-expanded="false" aria-label="Open Assistant Bot">
<!--?lit$125307404$--> <span class="icon ">
<!--?lit$125307404$-->
<svg width="36" height="36" viewBox="0 0 36 36" fill="none" xmlns="http://www.w3.org/2000/svg">
<mask id="mask0" mask-type="alpha" maskUnits="userSpaceOnUse" x="3" y="3" width="30" height="30">
<path fill-rule="evenodd" clip-rule="evenodd" d="M24.0001 19.5C24.8251 19.5 25.5001 18.825 25.5001 18V4.5C25.5001 3.675 24.8251 3 24.0001 3H4.50006C3.67506 3 3.00006 3.675 3.00006 4.5V25.5L9.00006 19.5H24.0001ZM22.5001 5.99999V16.5H9.00013H6.00013V5.99999H22.5001ZM28.5 9.00001H31.5C32.325 9.00001 33 9.67501 33 10.5V33L27 27H10.5C9.675 27 9 26.325 9 25.5V22.5H28.5V9.00001Z"></path>
</mask>
<g mask="url(#mask0)">
<rect width="36" height="36"></rect>
</g>
</svg>
</span>
<span class="close-icon ">
<!--?lit$125307404$--><svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24">
<path d="M19 6.41L17.59 5 12 10.59 6.41 5 5 6.41 10.59 12 5 17.59 6.41 19 12 13.41 17.59 19 19 17.59 13.41 12z"></path>
<path d="M0 0h24v24H0z" fill="none"></path>
</svg>
</span>
</button>
<!--?lit$125307404$-->
<div class="chat-wrapper
fullscreen-small">
<df-messenger-chat id="df-chat-wrapper"><template shadowrootmode="open"><!----> <div class="chat-wrapper" role="dialog" aria-label="Assistant Bot">
<!--?lit$125307404$--> <!--?lit$125307404$--> <slot name="titlebar">
<!--
Use default titlebar, used if nothing else specified for the slot.
-->
<df-messenger-titlebar><template shadowrootmode="open"><!---->
<div class="titlebar-wrapper">
<div id="titlebar-title" class="focus-outline-contrast focus-outset focus-box" tabindex="0">
<!--?lit$125307404$--> <!--?lit$125307404$--> <div class="title-text"> <!--?lit$125307404$--><h2 tabindex="-1"><!--?lit$125307404$-->Assistant Bot</h2> <!--?lit$125307404$--> </div>
</div>
<div class="actions">
<slot name="action"></slot>
<div class="offset"></div>
</div>
</div>
</template>
<slot name="titlebar-actions" slot="action"></slot>
</df-messenger-titlebar>
</slot>
<div class="message-list-wrapper">
<!--?lit$125307404$--> <div class="error ">
<!--?lit$125307404$-->Something went wrong, please try again.
</div> <!--?lit$125307404$--><df-messenger-message-list><template shadowrootmode="open"><!----> <style>
@import url(https://fonts.googleapis.com/icon?family=Material+Icons);
</style>
<div class="message-list-wrapper
">
<!--?lit$125307404$--> <div id="message-list" aria-live="polite">
<div class="content">
<!--?lit$125307404$--> <!--?lit$125307404$-->
</div>
</div> <!--?lit$125307404$--> <div class="scroll-to-bottom-legacy
">
<!--?lit$125307404$--> <button class="scroll-to-bottom-button focus-outline" aria-label="Jump to bottom">
<span class="material-icons icon">arrow_downward</span>
<span class="text"><!--?lit$125307404$-->Jump to bottom</span>
</button>
</div>
<div class="scroll-to-bottom ">
<!--?lit$125307404$--> <button class="scroll-to-bottom-button focus-outline" aria-label="Jump to bottom">
<span class="material-icons icon">arrow_downward</span>
<span class="text"><!--?lit$125307404$-->Jump to bottom</span>
</button>
</div>
</div></template></df-messenger-message-list>
<!--?lit$125307404$--><div class="function-call
">
<button>
<!--?lit$125307404$-->Cancel task
</button>
</div>
</div>
<df-messenger-user-input class="border-top"><template shadowrootmode="open"><!----> <style>
@import url(https://fonts.googleapis.com/icon?family=Material+Icons);
</style>
<div class="input-container">
<div class="popout-wrapper " aria-hidden="true">
<div class="popout error">
<span class="material-icons">warning_amber</span>
<div><!--?lit$125307404$--></div>
</div>
</div>
<div class="popout-wrapper
" aria-hidden="true">
<div class="popout warning">
<span class="material-icons">error_outline</span>
<div><!--?lit$125307404$-->You're writing a long input, which may result in a "no match" result. Shorten your query for a better response.</div>
</div>
</div>
<div class="input-box-wrapper ">
<!--?lit$125307404$-->
<div class="input-wrapper ">
<!--?lit$125307404$--> <div class="input-element-wrapper">
<div class="input-content-wrapper">
<!--?lit$125307404$--> <textarea class="input-box" rows="1" type="text" aria-label="Talk to Agent" placeholder="Ask me anything related to VT"></textarea>
<!-- Additional elements. -->
<!--?lit$125307404$--> <!--?lit$125307404$-->
</div>
<!--?lit$125307404$-->
</div>
</div>
<div class="send-icon-button-wrapper">
<button id="send-icon-button" class="focus-outline focus-inset
" disabled="" aria-label="Send">
<svg xmlns="http://www.w3.org/2000/svg" id="send-icon">
<path d="M2.01 21L23 12 2.01 3 2 10l15 2-15 2z"></path>
<path d="M0 0h24v24H0z" fill="none"></path>
</svg>
</button>
</div>
</div>
</div></template></df-messenger-user-input> <!--?lit$125307404$--> <!--?lit$125307404$--><div class="demo-banner">
UI Demo. Not connected to an agent.
</div>
</div></template>
<df-messenger-titlebar slot="titlebar"><template shadowrootmode="open"><!---->
<div class="titlebar-wrapper">
<div id="titlebar-title" class="focus-outline-contrast focus-outset focus-box" tabindex="0">
<!--?lit$125307404$--> <!--?lit$125307404$--> <div class="title-text"> <!--?lit$125307404$--><h2 tabindex="-1"><!--?lit$125307404$-->Assistant Bot</h2> <!--?lit$125307404$--> </div>
</div>
<div class="actions">
<slot name="action"></slot>
<div class="offset"></div>
</div>
</div>
</template>
<slot name="titlebar-actions" slot="action"></slot>
<!--?lit$125307404$--> <style>
@import url(https://fonts.googleapis.com/icon?family=Material+Icons);
.close-action {
margin: 0;
padding: 12px;
color: var(--df-messenger-titlebar-icon-font-color, inherit);
}
</style>
<button class="material-icons close-action focus-outline-contrast
action-button" slot="action" aria-label="Close Assistant Bot">
<!--?lit$125307404$-->south_east
</button>
</df-messenger-titlebar>
</df-messenger-chat>
</div>
<!--?lit$125307404$-->
</div>
</template> <!--?lit$336419335$--> <df-reset-session-button slot="titlebar-actions" title-text="Start new session"><template shadowrootmode="open"><!---->
<style>
@import url(https://fonts.googleapis.com/icon?family=Material+Icons);
</style>
<button class="title-button" title="Start new session">
<span class="material-icons">restart_alt</span>
</button>
</template> </df-reset-session-button> </df-messenger-chat-bubble> </df-messenger> </template></vt-ui-bot> </div> </template><div id="joinUsCaptchaContainer" class="captchaContainer"></div><div id="view-container"><file-view><template shadowrootmode="open"><!----> <!--?lit$336419335$--> <vt-ui-main-generic-report id="report"><template shadowrootmode="open"><!----> <div class="container "> <div class="row mb-4 d-none d-lg-flex"> <!--?lit$336419335$--> <!--?lit$336419335$--> <div class="col-auto"> <!--?lit$336419335$--> <vt-ioc-score-widget><template shadowrootmode="open"><!----> <div class="rounded py-3 px-4 h-100 vstack gap-2 justify-content-center align-items-center bg-body-secondary mx-auto mx-lg-0" style="width:180px"> <vt-ioc-score-widget-detections-chart><template shadowrootmode="open"><!----> <div class="rounded-circle bg-body-tertiary" style="padding:10px;width:100px;height:100px;"> <div class="w-100 h-100 rounded-circle bg-body-secondary text-body-tertiary text-center vstack justify-content-cent
ci</font></font></span> <span style="height:35px" class="badge rounded-pill fs-6 fw-normal hstack align-self-auto pe-2 bg-opacity-10 bg-danger "> <span class="ms-2 me-1 text-danger "><!--?lit$336419335$--><font style="vertical-align: inherit;"><font style="vertical-align: inherit;">-32</font></font> </span> <span class="vstack ms-1" data-tooltip-text="Only registered users can vote. Sign up, it is free." data-tooltip-position="bottom"> <button class="btn p-0 border-0 overflow-hidden hstack vote-icon vote-icon__up "> <!--?lit$336419335$--><!--?lit$336419335$--><svg xmlns="http://www.w3.org/2000/svg" width="1em" height="1em" viewBox="0 0 24 24" fill="currentColor">
<path d="M7.596 13.75 12 9.346l4.404 4.404H7.596Z"></path>
</svg>
<!--?--> </button> <button class="btn p-0 border-0 overflow-hidden hstack vote-icon vote-icon__down "> <!--?lit$336419335$--><!--?lit$336419335$--><svg xmlns="http://www.w3.org/2000/svg" width="1em" height="1em" viewBox="0 0 24 24" fill="currentColor">
<path d="M12 14.654 7.596 10.25h8.808L12 14.654Z"></path>
</svg>
<!--?--> </button> </span> </span> </span> </div> </template></vt-ioc-score-widget> </div> <div class="col" style="min-width:0"> <slot name="header"></slot> </div> </div> <div class="row"> <div class="col"><slot name="subheader"></slot></div> </div> <!--?lit$336419335$--> <div class="row mb-4"> <div class="col"><!--?lit$336419335$--> <ul class="nav nav-tabs flex-nowrap" role="tablist"> <!--?lit$336419335$--><!----> <li class="nav-item" role="presentation"> <a data-bs-toggle="tab" role="tab" no-history="" class="nav-link p-3 px-4 hstack gap-2" aria-selected="false" data-route="gti-summary" href="https://www.virustotal.com/gui/file/b424ad4b1f065fba66f242ddb4bfbbecdd491a8dc047705898aa97ef7b834ae1/gti-summary" hidden=""> <span><!--?lit$336419335$-->Summary</span> <!--?lit$336419335$--> </a> </li> <!----><!----> <li class="nav-item" role="presentation"> <a data-bs-toggle="tab" role="tab" no-history="" class="nav-link p-3 px-4 hstack gap-2" aria-selected="false" data-route="summary" href="https://www.viru
sze dane</font></font></span> <!--?lit$336419335$--> </a> </li> <!----><!----> <li class="nav-item" role="presentation"> <a data-bs-toggle="tab" role="tab" no-history="" class="nav-link p-3 px-4 hstack gap-2" aria-selected="false" data-route="relations" href="https://www.virustotal.com/gui/file/b424ad4b1f065fba66f242ddb4bfbbecdd491a8dc047705898aa97ef7b834ae1/relations"> <span><!--?lit$336419335$--><font style="vertical-align: inherit;"><font style="vertical-align: inherit;">Kontakty</font></font></span> <!--?lit$336419335$--> </a> </li> <!----><!----> <li class="nav-item" role="presentation"> <a data-bs-toggle="tab" role="tab" no-history="" class="nav-link p-3 px-4 hstack gap-2" aria-selected="false" data-route="associations" href="https://www.virustotal.com/gui/file/b424ad4b1f065fba66f242ddb4bfbbecdd491a8dc047705898aa97ef7b834ae1/associations" hidden=""> <span><!--?lit$336419335$-->Associations</span> <!--?lit$336419335$--> </a> </li> <!----><!----> <li class="nav-item" role="presentation"> <a data-bs-
lnota</font></font></span> <!--?lit$336419335$--> <span class="vt-x-visibility badge rounded-pill bg-body-tertiary text-body"><!--?lit$336419335$--><font style="vertical-align: inherit;"><font style="vertical-align: inherit;">2</font></font></span> </a> </li> <!----> </ul> </div> </div> <div class="row mb-4"> <!--?lit$336419335$--> <div class="col"> <!--?lit$336419335$--> <vt-ui-carousel id="carousel" class="mt-1" is-ready="true"><template shadowrootmode="open"><!----> <div id="frame"> <slot></slot> </div> </template> <!--?lit$336419335$--><!----> <div class="float-start w-100" id="summary"> <slot name="summary-tab"> <!--?lit$336419335$--> </slot> <!--?lit$336419335$--> </div> <!----><!----> <div class="float-start w-100" id="detection"> <slot name="detection-tab"> <!--?lit$336419335$--> </slot> <!--?lit$336419335$--> </div> <!----><!----> <div class="float-start w-100" id="details"> <slot name="details-tab"> <!--?lit$336419335$--> </slot> <!--?lit$336419335$--> </div> <!----><!----> <div class="float-start
<path d="M11.997 16.63c.22 0 .404-.073.55-.217a.738.738 0 0 0 .22-.548.751.751 0 0 0-.217-.55.738.738 0 0 0-.547-.22.751.751 0 0 0-.55.217.737.737 0 0 0-.22.548.75.75 0 0 0 .764.77Zm-.686-3.553h1.399v-5.92h-1.4v5.92Zm.691 8.221a9.05 9.05 0 0 1-3.626-.733 9.395 9.395 0 0 1-2.954-1.99 9.407 9.407 0 0 1-1.988-2.951 9.034 9.034 0 0 1-.732-3.622 9.05 9.05 0 0 1 .733-3.626 9.394 9.394 0 0 1 1.99-2.954 9.406 9.406 0 0 1 2.951-1.988 9.034 9.034 0 0 1 3.622-.732 9.05 9.05 0 0 1 3.626.733 9.394 9.394 0 0 1 2.954 1.99 9.406 9.406 0 0 1 1.988 2.951 9.034 9.034 0 0 1 .732 3.622 9.05 9.05 0 0 1-.733 3.626 9.394 9.394 0 0 1-1.99 2.954 9.405 9.405 0 0 1-2.951 1.988 9.033 9.033 0 0 1-3.622.732ZM12 19.9c2.198 0 4.064-.767 5.598-2.3 1.534-1.534 2.301-3.4 2.301-5.599 0-2.198-.767-4.064-2.3-5.598C16.064 4.868 14.198 4.1 12 4.1c-2.198 0-4.064.767-5.598 2.3C4.868 7.936 4.1 9.802 4.1 12c0 2.198.767 4.064 2.3 5.598C7.936 19.132 9.802 19.9 12 19.9Z"></path>
</svg>
<!--?--></i> <!--?lit$336419335$--><font style="vertical-align: inherit;"><font style="vertical-align: inherit;">56/72 dostawc
w zabezpiecze
oznaczy
o ten plik jako z
liwy</font></font> <vt-ui-popover id="detections-tooltip" hidden=""><template shadowrootmode="open"><!----> <div class="popover bs-popover-auto shadow" role="tooltip" data-popper-placement="right" style="position: absolute; inset: 0px auto auto 0px; margin: 0px; transform: translate3d(617.934px, 117.934px, 0px);"> <div data-popper-arrow="" class="popover-arrow position-absolute" style="position: absolute; top: 0px; transform: translate3d(0px, 0px, 0px);"></div> <h3 class="popover-header d-none "> <slot name="header"></slot> </h3> <div class="popover-body" style="max-height:calc(100vh - 50px);overflow-y:auto"> <slot name="content"></slot> </div> </div> </template> <span slot="header"> <!--?lit$336419335$--> </span> <span slot="content"> <div style="max-width:400px"> <!--?lit$336419335$--> </div> </span> </vt-ui-popover> </div> <!--?lit$336419335$--> <div class="hstack gap-4 fw-semibold ms-auto"> <!--?lit$336419335$--> <!--?lit$336419335$--> <!--?lit$336419335$--><a id="reanalize" role="button" class="hstack
<g clip-path="url(#a)">
<path d="M5.038 18.616a8.256 8.256 0 0 0 2.817 1.871 8.606 8.606 0 0 0 3.193.62 8.606 8.606 0 0 0 3.193-.62 8.256 8.256 0 0 0 2.817-1.87l-1.06-1.062c-1.379 1.38-3.029 2.069-4.95 2.069-1.92 0-3.57-.69-4.95-2.069-1.378-1.378-2.068-3.028-2.068-4.95 0-1.92.69-3.57 2.068-4.949 1.38-1.379 3.03-2.068 4.95-2.068 1.921 0 3.571.69 4.95 2.068l.188.188h-2.247l-.022 1.512 4.848-.007-.007-4.861-1.512.021v2.274l-.188-.188a8.256 8.256 0 0 0-2.817-1.87 8.607 8.607 0 0 0-3.193-.62 8.607 8.607 0 0 0-3.193.62 8.256 8.256 0 0 0-2.817 1.87 8.255 8.255 0 0 0-1.871 2.818 8.606 8.606 0 0 0-.62 3.193c0 1.084.206 2.148.62 3.193a8.256 8.256 0 0 0 1.87 2.817Z"></path>
</g>
<defs>
<clippath id="a">
<path d="M0 0h24v24H0z"></path>
</clippath>
</defs>
</svg>
<!--?--></i><font style="vertical-align: inherit;"><font style="vertical-align: inherit;">Przeanalizuj ponownie</font></font></a> <!--?lit$336419335$--> <!--?lit$336419335$--><vt-ui-menu id="main" class="position-relative"><template shadowrootmode="open"><!----> <details> <summary tabindex="-1"> <slot name="trigger"></slot> </summary> <slot></slot> </details></template> <slot name="trigger" slot="trigger"> <button type="button" class="btn btn-link p-0 dropdown-toggle fw-semibold hstack gap-1" aria-disabled="false"> <i class="hstack fs-5"><!--?lit$336419335$--><!--?lit$336419335$--><svg xmlns="http://www.w3.org/2000/svg" width="1em" height="1em" viewBox="0 0 24 24" fill="currentColor">
<path fill-rule="evenodd" d="M15.5 6.75c-1.722 0-3.082.625-4.287 1.179l-.032.015C9.942 8.513 8.865 9 7.52 9c-.8 0-1.354-.086-1.81-.215-.463-.13-.85-.313-1.343-.55l-.005-.002a7.041 7.041 0 0 1-.293-.152l-.04-.021a14.283 14.283 0 0 0-.33-.173 4.027 4.027 0 0 0-.415-.185 1.58 1.58 0 0 0-.535-.108v1.5c-.021 0-.035-.002-.039-.002a.556.556 0 0 1 .058.018c.065.024.15.063.257.117.094.047.19.098.294.154l.042.022c.113.061.239.128.357.184.486.234.981.471 1.584.642.61.173 1.305.271 2.218.271 1.69 0 3.034-.618 4.23-1.167l.056-.027C13.042 8.74 14.132 8.25 15.5 8.25c1.344 0 2.24.356 3.037.736l.318.155c.687.34 1.472.727 2.395.727v-1.5c-.549 0-.989-.214-1.696-.557l-.372-.18c-.9-.428-2.026-.881-3.682-.881Zm-.5 6.5c-1.739 0-2.983.637-4.074 1.195l-.024.012c-1.104.566-2.051 1.043-3.381 1.043-.8 0-1.354-.085-1.81-.215-.463-.13-.85-.313-1.343-.55l-.005-.002a6.995 6.995 0 0 1-.293-.152l-.04-.021c-.102-.055-.216-.117-.33-.173a4.027 4.027 0 0 0-.415-.185 1.581 1.581 0 0 0-.535-.108v1.5c-.021 0-.035-.002-.039-.002a.644.644 0 0 1 .058
</svg>
<!--?--></i><font style="vertical-align: inherit;"><font style="vertical-align: inherit;">Podobny</font></font></button> </slot> <vt-ui-submenu class="dropdown-menu show" name="tools" id="submenu" role="menu" data-popper-reference-hidden="" data-popper-escaped="" data-popper-placement="bottom-start" style="position: absolute; inset: 0px auto auto 0px; margin: 0px; transform: translate3d(0px, 3.89864px, 0px);"><template shadowrootmode="open"><!----><slot></slot></template> <a class="hstack gap-2 dropdown-item" target="_blank" data-submenu-close-on-click="" href="https://www.virustotal.com/gui/search/similar-to%253Ab424ad4b1f065fba66f242ddb4bfbbecdd491a8dc047705898aa97ef7b834ae1"><font style="vertical-align: inherit;"><font style="vertical-align: inherit;">Najlepsi kandydaci w pojedynczym wyszukiwaniu</font></font></a> <div class="dropdown-divider"></div> <!--?lit$336419335$--><!----><a class="hstack gap-2 dropdown-item" target="_blank" data-submenu-close-on-click="" href="https://www.virustotal.com/gui/search/
ug hasha funkcji</font></font> </a><!----><!----><a class="hstack gap-2 dropdown-item" target="_blank" data-submenu-close-on-click="" href="https://www.virustotal.com/gui/search/code-similar-to%253Ab424ad4b1f065fba66f242ddb4bfbbecdd491a8dc047705898aa97ef7b834ae1"> <!--?lit$336419335$--><font style="vertical-align: inherit;"><font style="vertical-align: inherit;">Podobne wed
ug blok
w kodu</font></font> </a><!----><!----><a class="hstack gap-2 dropdown-item" target="_blank" data-submenu-close-on-click="" href="https://www.virustotal.com/gui/search/imphash%253A0766f11ac9fb2b35dec02aa0639d9b13"> <!--?lit$336419335$--><font style="vertical-align: inherit;"><font style="vertical-align: inherit;">Podobne przez imphash</font></font> </a><!----><!----><a class="hstack gap-2 dropdown-item" target="_blank" data-submenu-close-on-click="" href="https://www.virustotal.com/gui/search/rich_pe_header_hash%253Aa6210202c07f746109491d417d5d3b71"> <!--?lit$336419335$--><font style="vertical-align: inherit;"><font style="vertical-align: inherit;">Podobne przez PE Rich hash</font></font> </a><!----><!----><a class="hstack gap-2 dropdown-item" target="_blank" data-submenu-close-on-click="" href="https://www.virustotal.com/gui/search/tlsh%253AT101945A047993C076D3E345F6C9AAA22306BE7D6593F545C7BFD9488C07E80E0AB7760A"> <!--?lit$336419335$--><font style="vertical-align: inherit;"><font style="vertical-align: inher
cej</font></font></button> </slot> <vt-ui-submenu class="dropdown-menu show" name="more" id="submenu" role="menu" data-popper-reference-hidden="" data-popper-escaped="" data-popper-placement="bottom-start" style="position: absolute; inset: 0px auto auto 0px; margin: 0px; transform: translate3d(0px, 3.89864px, 0px);"><template shadowrootmode="open"><!----><slot></slot></template> <!--?lit$336419335$--> <a class="dropdown-item" role="button" data-submenu-close-on-click=""><font style="vertical-align: inherit;"><font style="vertical-align: inherit;">Przegl
daj w Threat Graph</font></font></a> <a href="https://docs.virustotal.com/reference/file-info" target="_blank" class="dropdown-item" data-submenu-close-on-click=""><font style="vertical-align: inherit;"><font style="vertical-align: inherit;">Dowiedz si
, jak automatyzowa
za pomoc
API</font></font></a> </vt-ui-submenu> <!--?lit$336419335$--> </vt-ui-menu> </div> </div> <div class="card-body d-flex"><!--?lit$336419335$--> <div class="vstack gap-2 my-auto" style="min-width:0"> <div class="hstack gap-4"> <div class="vstack gap-2 align-self-center text-truncate"> <!--?lit$336419335$--><div class="file-id text-truncate"><!--?lit$336419335$--><font style="vertical-align: inherit;"><font style="vertical-align: inherit;">b424ad4b1f065fba66f242ddb4bfbbecdd491a8dc047705898aa97ef7b834ae1</font></font></div> <div class="file-name text-truncate"> <a><!--?lit$336419335$--><font style="vertical-align: inherit;"><font style="vertical-align: inherit;">Plik ghf3jv8kbnb0nvnompe.exe</font></font></a> </div> </div> <!--?lit$336419335$--> <div class="vr my-3"></div> <div> <div class="text-body-tertiary"><font style="vertical-align: inherit;"><font style="vertical-align: inherit;">Rozmiar</font></font></div> <a class="text-nowrap"> <!--?lit$336419335$--><font style="vertical-align: inherit;"><font style="v
</font></font> </a> <!----> <!--?lit$336419335$--> <!--?lit$336419335$--><!----> <a class="badge rounded-pill bg-body-tertiary text-body" href="https://www.virustotal.com/gui/search/entity%253Afile%2520tag%253Aspreader"> <!--?lit$336419335$--><font style="vertical-align: inherit;"><font style="vertical-align: inherit;">rozszerzacz</font></font> </a> <!----><!----> <a class="badge rounded-pill bg-body-tertiary text-body" href="https://www.virustotal.com/gui/search/entity%253Afile%2520tag%253Asuspicious-dns"> <!--?lit$336419335$--><font style="vertical-align: inherit;"><font style="vertical-align: inherit;">podejrzany-dns</font></font> </a> <!----><!----> <a class="badge rounded-pill bg-body-tertiary text-body" href="https://www.virustotal.com/gui/search/entity%253Afile%2520tag%253Amalware"> <!--?lit$336419335$--><font style="vertical-align: inherit;"><font style="vertical-align: inherit;">z
liwe oprogramowanie</font></font> </a> <!----><!----> <a class="badge rounded-pill bg-body-tertiary text-body" href="https://www.virustotal.com/gui/search/entity%253Afile%2520tag%253Achecks-user-input"> <!--?lit$336419335$--><font style="vertical-align: inherit;"><font style="vertical-align: inherit;">sprawdzanie danych wej
ciowych u
ytkownika</font></font> </a> <!----><!----> <a class="badge rounded-pill bg-body-tertiary text-body" href="https://www.virustotal.com/gui/search/entity%253Afile%2520tag%253Adetect-debug-environment"> <!--?lit$336419335$--><font style="vertical-align: inherit;"><font style="vertical-align: inherit;">wykryj-
rodowisko-debugowania</font></font> </a> <!----><!----> <a class="badge rounded-pill bg-body-tertiary text-body" href="https://www.virustotal.com/gui/search/entity%253Afile%2520tag%253Along-sleeps"> <!--?lit$336419335$--><font style="vertical-align: inherit;"><font style="vertical-align: inherit;">d
ugie sny</font></font> </a> <!----><!----> <a class="badge rounded-pill bg-body-tertiary text-body" href="https://www.virustotal.com/gui/search/entity%253Afile%2520tag%253Anxdomain"> <!--?lit$336419335$--><font style="vertical-align: inherit;"><font style="vertical-align: inherit;">domena nx</font></font> </a> <!----> </div> </div> </div> </div> </template> </vt-ui-file-card> <!--?lit$336419335$--> <!--?lit$336419335$--> <!--?lit$336419335$--> <!--?lit$336419335$--> <!--?lit$336419335$--> <!--?lit$336419335$--> <!--?lit$336419335$--><!----> <span class="tab-slot" slot="behavior-tab"> <!--?lit$336419335$--> <!--?lit$336419335$--><vt-ui-file-behaviours id="behaviourtab"><template shadowrootmode="open"><!----> <!--?lit$336419335$--> <div> <vt-ui-tooltip id="tooltip" class="d-block position-relative" delay="0"><template shadowrootmode="open"><!----> <div class="tooltip bs-tooltip-auto" role="tooltip" data-popper-placement="right" style="position: absolute; inset: 0px auto auto 0px; margin: 0px; transform: trans
wietlaj pogrupowane raporty piaskownicy</font></font></label> </div> </div> <div class="row"> <!--?lit$336419335$--><!----> <div class="sandbox-col col-lg-6 col-md-12 border-bottom"> <!--?lit$336419335$--> <div class="sandbox-line hstack p-3 gap-2"> <div class="form-check hstack gap-2 flex-grow-1 min-width-0 "> <!--?lit$336419335$--> <input type="checkbox" class="form-check-input flex-shrink-0 mt-0 gtm_sandbox_render_capa_false" data-behaviour-id="b424ad4b1f065fba66f242ddb4bfbbecdd491a8dc047705898aa97ef7b834ae1_CAPA" data-sandbox-name="CAPA" id="behaviour-b424ad4b1f065fba66f242ddb4bfbbecdd491a8dc047705898aa97ef7b834ae1_CAPA"> <div class="vstack text-truncate"> <label class="form-check-label hstack gap-1 min-width-0" data-tooltip-position="right" role="button" data-behaviour-id="b424ad4b1f065fba66f242ddb4bfbbecdd491a8dc047705898aa97ef7b834ae1_CAPA" data-sandbox-name="CAPA" data-tooltip-text="CAPA" for="behaviour-b424ad4b1f065fba66f242ddb4bfbbecdd491a8dc047705898aa97ef7b834ae1_CAPA"> <vt-ui-sandbox-icon-row cl
<g clip-path="url(#a)">
<path fill="#CBCBCB" fill-rule="evenodd" d="M13.86 3.22c-.399-.048-.603-.665-.676-1.024a.845.845 0 0 0-.024-.09.822.822 0 0 1 .47.579c.034.171.127.381.23.535Zm-3.595-.68c-.018-.018-.033-.033-.05-.046l.016.015c.011.01.022.021.034.03Zm6.928 2.218c-.08-.06-.159-.13-.233-.216V4.54c-.337-.387-.391-.742-.435-1.03-.013-.087-.025-.169-.045-.243.13-.01.212.05.282.213.043.1.06.219.081.352.04.262.088.58.35.926Zm3.48 3.84c.055-.084.11-.17.157-.276a.65.65 0 0 0 .066-.357c.356.13.379.382.25.678-.046.106-.101.191-.156.275-.133.202-.262.4-.246.88.013.359.108.665.261.9-.34-.225-.559-.66-.578-1.221-.015-.48.114-.677.246-.88ZM18.907 6.24c-.06.344.17.68.49.931-.137-.189-.212-.397-.174-.61.113-.634.135-1.065.135-1.065s0-.223-.323-.222c-.013.162-.048.51-.127.964l-.001.002ZM2.542 13.057c-.09-.036-.165-.149-.201-.277h.001c.208.077.553.223.776.553-.187-.131-.383-.204-.507-.25l-.07-.026Zm9.79 7.603c-1.006 0-1.312.68-1.312.68s-.088.286-.386.336c.074.193.142.314.293.324.287.02.469-.317.469-.317s.245-.703 1.253-.703c.432 0 .749.146.9
<path fill="#0094DD" fill-rule="evenodd" d="M9.335 20.297c-1.072-.25-1.744.784-1.744.784l.003.003c-.11.151-.537.03-.52-.336.002-.057.008-.123.016-.195.04-.393.102-.993-.389-1.566-.544-.635-1.264-.379-1.575-.269-.021.008-.04.015-.058.02-.27.092-.694-.203-.537-.588.157-.385.27-1.156-.044-1.472-.314-.316-.738-.7-1.253-.61-.515.089-.581-.43-.402-.703.031-.049.07-.098.112-.15.194-.246.454-.574.38-1.3-.082-.8-.734-1.042-1.021-1.148-.03-.01-.054-.02-.075-.029-.223-.091-.358-.655-.022-.747.336-.091.762-.43.873-1.132.11-.702-.18-1.132-.493-1.472-.314-.34-.112-.566.067-.68.053-.034.123-.043.209-.055.202-.028.495-.07.887-.466.559-.566.402-1.584.245-1.946-.157-.363.022-.634.604-.566.58.067.826-.047 1.184-.363l.024-.02c.344-.304.558-.493.513-1.18-.046-.702.334-.677.648-.543.314.135.895.318 1.498.045.604-.272.76-.771.805-1.11.046-.338.402-.588.694-.27.307.335.616.633 1.077.718.247.045.5.037.75.01.359-.04.49-.143.656-.448.012-.02.023-.041.034-.063.103-.192.229-.427.459-.45.3-.03.419.446.48.689l.01.04c.075.297.36.443.693
<path fill="#000" d="M21.568 11.582c.223-.27.134-.61-.336-.77-.469-.158-.783-.655-.805-1.335-.022-.68.246-.792.402-1.155.157-.362.09-.655-.536-.747-.626-.09-1.499-.702-1.386-1.335.112-.634.118-.974.118-.974s-.61.023-1.013 1.336c-.403 1.313 1.543 1.902 1.454 5.931-.089 4.03-4.226 6.294-5.3 6.542-1.026.238-2.645.66-4.698.024l4.03-4.26a.595.595 0 0 0 .155-.447l-.016-.218a.326.326 0 0 0-.33-.304l-2.717-.067a.117.117 0 0 1-.108-.164l1.606-3.643c.043-.096.071-.075.112.023l2.528 5.994c.111.267.376.437.662.425l1.796-.076a.418.418 0 0 0 .358-.595L12.666 4.968a.586.586 0 0 0-1.07.006L6.803 15.947a.308.308 0 0 0 .282.436l1.877-.024-1.893 4.387a.32.32 0 0 0 .095.372c.13.103.315.087.426-.035l.428-.452c.302-.24.754-.464 1.316-.334 1.074.249.852 1.33 1.275 1.38.306.04.469-.317.469-.317s.245-.702 1.253-.702c.735 0 1.137.423 1.299.65a.483.483 0 0 0 .426.214c.131-.011.261-.082.31-.298.113-.499.336-1.065.917-1.313a1.543 1.543 0 0 1 1.454.158c.268.204.738.137.672-.384-.067-.521.044-1.065.537-1.472.492-.408.827-.43 1.386-.408
</g>
<defs>
<clippath id="a">
<path fill="#fff" d="M2 2h20v20H2z"></path>
</clippath>
</defs>
</svg>
<!--?--><!--?--> </div><!----> </div><!--?--></template></vt-ui-sandbox-icon-row> <div class="text-truncate"> <span> <!--?lit$336419335$--><font style="vertical-align: inherit;"><font style="vertical-align: inherit;">Kapsu
a</font></font> </span> <!--?lit$336419335$--> </div> </label> </div> </div> <!--?lit$336419335$--> <!--?lit$336419335$--> <a role="button" class="sandbox-stat hstack flex-nowrap gtm_sandbox_stat_capa opacity-25" data-tooltip-position="right" data-tooltip-text="Detections" data-target-id="sandbox-verdicts" data-sandbox-name="CAPA"> <span class="hstack fs-6"><!--?lit$336419335$--><!--?lit$336419335$--><svg xmlns="http://www.w3.org/2000/svg" width="1em" height="1em" viewBox="0 0 24 24" fill="currentColor">
<path d="M2.128 20.318 12 3.283l9.872 17.035H2.128ZM4.55 18.92h14.898L12 6.081 4.55 18.919Zm7.446-1.212a.75.75 0 0 0 .55-.217.738.738 0 0 0 .22-.548.751.751 0 0 0-.217-.55.738.738 0 0 0-.547-.22.751.751 0 0 0-.55.217.737.737 0 0 0-.22.548.75.75 0 0 0 .764.77Zm-.686-2.515h1.399v-4.94h-1.4v4.94Z"></path>
</svg>
<!--?--></span> <span class="number fs-6 hstack ms-1"><!--?lit$336419335$--><font style="vertical-align: inherit;"><font style="vertical-align: inherit;">0</font></font></span> </a> <!--?lit$336419335$--> <a role="button" class="sandbox-stat hstack flex-nowrap gtm_sandbox_stat_capa " data-tooltip-position="right" data-tooltip-text="Mitre tactics" data-target-id="mitre-tree" data-sandbox-name="CAPA"> <span class="hstack fs-6"><!--?lit$336419335$--><!--?lit$336419335$--><svg xmlns="http://www.w3.org/2000/svg" width="1em" height="1em" fill="currentColor" viewBox="0 0 24 24">
<path fill-rule="evenodd" d="M6.02 5.492A.65.65 0 0 1 6.65 5h2a.65.65 0 0 1 .589.375l2.911 6.238 2.911-6.238A.65.65 0 0 1 15.65 5h2a.65.65 0 0 1 .63.492l3 12a.65.65 0 0 1-.63.808h-3a.65.65 0 0 1-.637-.523l-1.072-5.355-2.188 5.47a.65.65 0 0 1-.603.408h-2.5a.65.65 0 0 1-.617-.445L8.22 12.413l-1.44 5.404a.65.65 0 0 1-.629.483h-2.5a.65.65 0 0 1-.63-.808l3-12Zm1.138.808L4.483 17H5.65l1.871-7.017a.65.65 0 0 1 1.245-.039L11.118 17h1.592l2.836-7.091a.65.65 0 0 1 1.241.114L18.183 17h1.634L17.142 6.3h-1.078l-3.325 7.125a.65.65 0 0 1-1.178 0L8.236 6.3H7.158Z" clip-rule="evenodd"></path>
</svg>
<!--?--></span> <span class="number fs-6 hstack ms-1"><!--?lit$336419335$--><font style="vertical-align: inherit;"><font style="vertical-align: inherit;">2</font></font></span> </a> <!--?lit$336419335$--> <a role="button" class="sandbox-stat hstack flex-nowrap gtm_sandbox_stat_capa opacity-25" data-tooltip-position="right" data-tooltip-text="IDS rules" data-target-id="ids-alerts" data-sandbox-name="CAPA"> <span class="hstack fs-6"><!--?lit$336419335$--><!--?lit$336419335$--><svg xmlns="http://www.w3.org/2000/svg" width="1em" height="1em" viewBox="0 0 24 24" fill="currentColor">
<path fill-rule="evenodd" d="m5.698 2.363-3.326 4.03.006.005a.997.997 0 0 0-.3.714v9.732a1 1 0 0 0 1 1h.983v1.29h1.5v-1.29H16.24v1.29h1.5v-1.29h1.338a1 1 0 0 0 1-1V7.112c0-.273-.11-.52-.286-.7l-3.431-4.05H5.698Zm11.874 3.749-1.906-2.25h-9.26l-1.858 2.25h13.024ZM8.475 4.216a.75.75 0 0 0 0 1.5h.077a.75.75 0 1 0 0-1.5h-.077Zm.272 4.502h-1.94v.78h-.89v2.077h3.721V9.498h-.891v-.78Zm0 3.663h-1.94v.78h-.89v2.077h3.721V13.16h-.891v-.78Zm4.662 0h1.94v.78h.89v2.077h-3.72V13.16h.89v-.78Zm1.94-3.663h-1.94v.78h-.89v2.077h3.72V9.498h-.89v-.78Zm-5.06-3.752a.75.75 0 0 1 .75-.75h.077a.75.75 0 0 1 0 1.5h-.076a.75.75 0 0 1-.75-.75Zm3.316-.75a.75.75 0 0 0 0 1.5h.076a.75.75 0 1 0 0-1.5h-.076ZM3.578 7.612v8.732h15V7.612h-15Z" clip-rule="evenodd"></path>
</svg>
<!--?--></span> <span class="number fs-6 hstack ms-1"><!--?lit$336419335$--><font style="vertical-align: inherit;"><font style="vertical-align: inherit;">0</font></font></span> </a> <!--?lit$336419335$--> <a role="button" class="sandbox-stat hstack flex-nowrap gtm_sandbox_stat_capa opacity-25" data-tooltip-position="right" data-tooltip-text="Sigma rules" data-target-id="sigma-analysis" data-sandbox-name="CAPA"> <span class="hstack fs-6"><!--?lit$336419335$--><!--?lit$336419335$--><svg xmlns="http://www.w3.org/2000/svg" width="1em" height="1em" viewBox="0 0 24 24" fill="currentColor">
<path fill-rule="evenodd" d="M14.27 18v1.5h2.47c.77 0 1.422-.266 1.957-.798a2.625 2.625 0 0 0 .803-1.933v-2.057c0-.354.125-.651.374-.89.25-.24.554-.36.914-.36h.712v-2.923h-.712c-.36 0-.665-.12-.914-.36a1.186 1.186 0 0 1-.374-.89V7.23c0-.757-.268-1.4-.803-1.933-.535-.532-1.187-.798-1.957-.798h-2.47V6h2.47c.354 0 .653.12.896.36.242.24.364.53.364.87v2.058c0 .595.177 1.129.53 1.6.355.472.816.8 1.383.985v.254a2.749 2.749 0 0 0-1.382.984 2.599 2.599 0 0 0-.531 1.6v2.058c0 .341-.122.632-.364.871-.243.24-.542.36-.896.36h-2.47Zm-8.962.702a2.675 2.675 0 0 0 1.952.798h2.48V18H7.26a1.23 1.23 0 0 1-.89-.36c-.247-.24-.37-.53-.37-.87v-2.06c0-.594-.175-1.128-.526-1.6-.35-.471-.813-.8-1.387-.984v-.254a2.721 2.721 0 0 0 1.387-.984A2.62 2.62 0 0 0 6 9.288V7.23c0-.341.123-.632.37-.871.245-.24.542-.36.89-.36h2.48V4.5H7.26c-.763 0-1.414.266-1.952.798A2.617 2.617 0 0 0 4.5 7.231v2.057c0 .354-.125.651-.374.89-.25.24-.554.36-.914.36H2.5v2.923h.712c.36 0 .665.12.914.36.25.24.374.537.374.89v2.058c0 .757.27 1.4.808 1.933Zm4.807-3.223v
</svg>
<!--?--></span> <span class="number fs-6 hstack ms-1"><!--?lit$336419335$--><font style="vertical-align: inherit;"><font style="vertical-align: inherit;">0</font></font></span> </a> <!--?lit$336419335$--> <a role="button" class="sandbox-stat hstack flex-nowrap gtm_sandbox_stat_capa opacity-25" data-tooltip-position="right" data-tooltip-text="Dropped files" data-target-id="files-dropped" data-sandbox-name="CAPA"> <span class="hstack fs-6"><!--?lit$336419335$--><!--?lit$336419335$--><svg xmlns="http://www.w3.org/2000/svg" width="1em" height="1em" viewBox="0 0 24 24" fill="currentColor">
<path fill-rule="evenodd" d="m11.433 7.86.017-3.53h1.1l-.018 3.503 7.418 5.713L12 19.67l-7.95-6.123 7.383-5.686Zm-.009 1.78-5.08 3.906L12 17.896l5.662-4.35L12.524 9.6l-.024 4.78 1.717-1.333.783.783-3 2.5-3-2.5.783-.783L11.4 14.38l.023-4.74Z" clip-rule="evenodd"></path>
</svg>
<!--?--></span> <span class="number fs-6 hstack ms-1"><!--?lit$336419335$--><font style="vertical-align: inherit;"><font style="vertical-align: inherit;">0</font></font></span> </a> <!--?lit$336419335$--> <a role="button" class="sandbox-stat hstack flex-nowrap gtm_sandbox_stat_capa opacity-25" data-tooltip-position="left" data-tooltip-text="Network comms" data-target-id="network-comms" data-sandbox-name="CAPA"> <span class="hstack fs-6"><!--?lit$336419335$--><!--?lit$336419335$--><svg xmlns="http://www.w3.org/2000/svg" width="1em" height="1em" viewBox="0 0 24 24" fill="currentColor">
<path fill-rule="evenodd" d="M17.25 5a1.25 1.25 0 1 1 2.5 0 1.25 1.25 0 0 1-2.5 0Zm1.25-2.75a2.75 2.75 0 0 0-.783 5.387v3.614h-3.07a2.751 2.751 0 0 0-5.294 0h-4.57v4.093a2.751 2.751 0 1 0 1.5.02V12.75h3.07a2.751 2.751 0 0 0 5.293 0h4.571V7.657A2.751 2.751 0 0 0 18.5 2.25Zm-6.5 8.5a1.25 1.25 0 1 0 0 2.5 1.25 1.25 0 0 0 0-2.5Zm-6.5 6a1.25 1.25 0 1 0 0 2.5 1.25 1.25 0 0 0 0-2.5Z" clip-rule="evenodd"></path>
</svg>
<!--?--></span> <span class="number fs-6 hstack ms-1"><!--?lit$336419335$--><font style="vertical-align: inherit;"><font style="vertical-align: inherit;">0</font></font></span> </a> </div> </div> <!----><!----> <div class="sandbox-col col-lg-6 col-md-12 border-bottom"> <!--?lit$336419335$--> <div class="sandbox-line hstack p-3 gap-2"> <div class="form-check hstack gap-2 flex-grow-1 min-width-0 "> <!--?lit$336419335$--> <input type="checkbox" class="form-check-input flex-shrink-0 mt-0 gtm_sandbox_render_cape_sandbox_false" data-behaviour-id="b424ad4b1f065fba66f242ddb4bfbbecdd491a8dc047705898aa97ef7b834ae1_CAPE Sandbox" data-sandbox-name="CAPE Sandbox" id="behaviour-b424ad4b1f065fba66f242ddb4bfbbecdd491a8dc047705898aa97ef7b834ae1_CAPE Sandbox"> <div class="vstack text-truncate"> <label class="form-check-label hstack gap-1 min-width-0" data-tooltip-position="right" role="button" data-behaviour-id="b424ad4b1f065fba66f242ddb4bfbbecdd491a8dc047705898aa97ef7b834ae1_CAPE Sandbox" data-sandbox-name="CAPE Sandbox"
<path d="M6.18844 18.4529C6.18844 18.4529 4.13057 16.586 3.59932 12.5028C3.06807 8.41949 4.75523 5.8289 6.88217 3.82163C9.00912 1.81437 12.1772 1.27818 14.3732 3.16859C16.5692 5.05899 18.3264 8.44208 15.9913 10.7528C15.9913 10.7528 12.7084 7.08884 7.99138 10.6359C4.75426 13.366 6.18844 18.4529 6.18844 18.4529Z" fill="#FF001D"></path>
<path d="M13.009 22C13.009 22 8.61594 21.2998 7.38317 17.0997C6.1504 12.8995 8.06134 10.9237 10.6203 10.2078C10.6203 10.2078 9.69595 12.4173 11.6526 12.9771C13.6093 13.5369 15.7985 13.1018 17.3553 10.69C17.3553 10.6585 18.049 9.7099 17.7562 6.73828C17.7562 6.73828 18.7116 8.60511 20.5 9.44475C20.5 9.44475 19.3752 10.6271 20.4533 12.93C20.4533 12.93 18.6503 13.4593 18.7574 15.8859C18.7574 15.8859 16.6304 15.8083 16.1527 18.4843C16.1527 18.4843 12.4699 18.6709 13.009 22Z" fill="#222222"></path>
</svg>
<!--?--><!--?--> </div><!----> </div><!--?--></template></vt-ui-sandbox-icon-row> <div class="text-truncate"> <span> <!--?lit$336419335$--><font style="vertical-align: inherit;"><font style="vertical-align: inherit;">Piaskownica CAPE</font></font> </span> <!--?lit$336419335$--> </div> </label> </div> </div> <!--?lit$336419335$--> <!--?lit$336419335$--> <a role="button" class="sandbox-stat hstack flex-nowrap gtm_sandbox_stat_cape_sandbox opacity-25" data-tooltip-position="right" data-tooltip-text="Detections" data-target-id="sandbox-verdicts" data-sandbox-name="CAPE Sandbox"> <span class="hstack fs-6"><!--?lit$336419335$--><!--?lit$336419335$--><svg xmlns="http://www.w3.org/2000/svg" width="1em" height="1em" viewBox="0 0 24 24" fill="currentColor">
<path d="M2.128 20.318 12 3.283l9.872 17.035H2.128ZM4.55 18.92h14.898L12 6.081 4.55 18.919Zm7.446-1.212a.75.75 0 0 0 .55-.217.738.738 0 0 0 .22-.548.751.751 0 0 0-.217-.55.738.738 0 0 0-.547-.22.751.751 0 0 0-.55.217.737.737 0 0 0-.22.548.75.75 0 0 0 .764.77Zm-.686-2.515h1.399v-4.94h-1.4v4.94Z"></path>
</svg>
<!--?--></span> <span class="number fs-6 hstack ms-1"><!--?lit$336419335$--><font style="vertical-align: inherit;"><font style="vertical-align: inherit;">0</font></font></span> </a> <!--?lit$336419335$--> <a role="button" class="sandbox-stat hstack flex-nowrap gtm_sandbox_stat_cape_sandbox " data-tooltip-position="right" data-tooltip-text="Mitre tactics" data-target-id="mitre-tree" data-sandbox-name="CAPE Sandbox"> <span class="hstack fs-6"><!--?lit$336419335$--><!--?lit$336419335$--><svg xmlns="http://www.w3.org/2000/svg" width="1em" height="1em" fill="currentColor" viewBox="0 0 24 24">
<path fill-rule="evenodd" d="M6.02 5.492A.65.65 0 0 1 6.65 5h2a.65.65 0 0 1 .589.375l2.911 6.238 2.911-6.238A.65.65 0 0 1 15.65 5h2a.65.65 0 0 1 .63.492l3 12a.65.65 0 0 1-.63.808h-3a.65.65 0 0 1-.637-.523l-1.072-5.355-2.188 5.47a.65.65 0 0 1-.603.408h-2.5a.65.65 0 0 1-.617-.445L8.22 12.413l-1.44 5.404a.65.65 0 0 1-.629.483h-2.5a.65.65 0 0 1-.63-.808l3-12Zm1.138.808L4.483 17H5.65l1.871-7.017a.65.65 0 0 1 1.245-.039L11.118 17h1.592l2.836-7.091a.65.65 0 0 1 1.241.114L18.183 17h1.634L17.142 6.3h-1.078l-3.325 7.125a.65.65 0 0 1-1.178 0L8.236 6.3H7.158Z" clip-rule="evenodd"></path>
</svg>
<!--?--></span> <span class="number fs-6 hstack ms-1"><!--?lit$336419335$--><font style="vertical-align: inherit;"><font style="vertical-align: inherit;">7</font></font></span> </a> <!--?lit$336419335$--> <a role="button" class="sandbox-stat hstack flex-nowrap gtm_sandbox_stat_cape_sandbox " data-tooltip-position="right" data-tooltip-text="IDS rules" data-target-id="ids-alerts" data-sandbox-name="CAPE Sandbox"> <span class="hstack fs-6"><!--?lit$336419335$--><!--?lit$336419335$--><svg xmlns="http://www.w3.org/2000/svg" width="1em" height="1em" viewBox="0 0 24 24" fill="currentColor">
<path fill-rule="evenodd" d="m5.698 2.363-3.326 4.03.006.005a.997.997 0 0 0-.3.714v9.732a1 1 0 0 0 1 1h.983v1.29h1.5v-1.29H16.24v1.29h1.5v-1.29h1.338a1 1 0 0 0 1-1V7.112c0-.273-.11-.52-.286-.7l-3.431-4.05H5.698Zm11.874 3.749-1.906-2.25h-9.26l-1.858 2.25h13.024ZM8.475 4.216a.75.75 0 0 0 0 1.5h.077a.75.75 0 1 0 0-1.5h-.077Zm.272 4.502h-1.94v.78h-.89v2.077h3.721V9.498h-.891v-.78Zm0 3.663h-1.94v.78h-.89v2.077h3.721V13.16h-.891v-.78Zm4.662 0h1.94v.78h.89v2.077h-3.72V13.16h.89v-.78Zm1.94-3.663h-1.94v.78h-.89v2.077h3.72V9.498h-.89v-.78Zm-5.06-3.752a.75.75 0 0 1 .75-.75h.077a.75.75 0 0 1 0 1.5h-.076a.75.75 0 0 1-.75-.75Zm3.316-.75a.75.75 0 0 0 0 1.5h.076a.75.75 0 1 0 0-1.5h-.076ZM3.578 7.612v8.732h15V7.612h-15Z" clip-rule="evenodd"></path>
</svg>
<!--?--></span> <span class="number fs-6 hstack ms-1"><!--?lit$336419335$--><font style="vertical-align: inherit;"><font style="vertical-align: inherit;">2</font></font></span> </a> <!--?lit$336419335$--> <a role="button" class="sandbox-stat hstack flex-nowrap gtm_sandbox_stat_cape_sandbox opacity-25" data-tooltip-position="right" data-tooltip-text="Sigma rules" data-target-id="sigma-analysis" data-sandbox-name="CAPE Sandbox"> <span class="hstack fs-6"><!--?lit$336419335$--><!--?lit$336419335$--><svg xmlns="http://www.w3.org/2000/svg" width="1em" height="1em" viewBox="0 0 24 24" fill="currentColor">
<path fill-rule="evenodd" d="M14.27 18v1.5h2.47c.77 0 1.422-.266 1.957-.798a2.625 2.625 0 0 0 .803-1.933v-2.057c0-.354.125-.651.374-.89.25-.24.554-.36.914-.36h.712v-2.923h-.712c-.36 0-.665-.12-.914-.36a1.186 1.186 0 0 1-.374-.89V7.23c0-.757-.268-1.4-.803-1.933-.535-.532-1.187-.798-1.957-.798h-2.47V6h2.47c.354 0 .653.12.896.36.242.24.364.53.364.87v2.058c0 .595.177 1.129.53 1.6.355.472.816.8 1.383.985v.254a2.749 2.749 0 0 0-1.382.984 2.599 2.599 0 0 0-.531 1.6v2.058c0 .341-.122.632-.364.871-.243.24-.542.36-.896.36h-2.47Zm-8.962.702a2.675 2.675 0 0 0 1.952.798h2.48V18H7.26a1.23 1.23 0 0 1-.89-.36c-.247-.24-.37-.53-.37-.87v-2.06c0-.594-.175-1.128-.526-1.6-.35-.471-.813-.8-1.387-.984v-.254a2.721 2.721 0 0 0 1.387-.984A2.62 2.62 0 0 0 6 9.288V7.23c0-.341.123-.632.37-.871.245-.24.542-.36.89-.36h2.48V4.5H7.26c-.763 0-1.414.266-1.952.798A2.617 2.617 0 0 0 4.5 7.231v2.057c0 .354-.125.651-.374.89-.25.24-.554.36-.914.36H2.5v2.923h.712c.36 0 .665.12.914.36.25.24.374.537.374.89v2.058c0 .757.27 1.4.808 1.933Zm4.807-3.223v
</svg>
<!--?--></span> <span class="number fs-6 hstack ms-1"><!--?lit$336419335$--><font style="vertical-align: inherit;"><font style="vertical-align: inherit;">0</font></font></span> </a> <!--?lit$336419335$--> <a role="button" class="sandbox-stat hstack flex-nowrap gtm_sandbox_stat_cape_sandbox " data-tooltip-position="right" data-tooltip-text="Dropped files" data-target-id="files-dropped" data-sandbox-name="CAPE Sandbox"> <span class="hstack fs-6"><!--?lit$336419335$--><!--?lit$336419335$--><svg xmlns="http://www.w3.org/2000/svg" width="1em" height="1em" viewBox="0 0 24 24" fill="currentColor">
<path fill-rule="evenodd" d="m11.433 7.86.017-3.53h1.1l-.018 3.503 7.418 5.713L12 19.67l-7.95-6.123 7.383-5.686Zm-.009 1.78-5.08 3.906L12 17.896l5.662-4.35L12.524 9.6l-.024 4.78 1.717-1.333.783.783-3 2.5-3-2.5.783-.783L11.4 14.38l.023-4.74Z" clip-rule="evenodd"></path>
</svg>
<!--?--></span> <span class="number fs-6 hstack ms-1"><!--?lit$336419335$--><font style="vertical-align: inherit;"><font style="vertical-align: inherit;">3</font></font></span> </a> <!--?lit$336419335$--> <a role="button" class="sandbox-stat hstack flex-nowrap gtm_sandbox_stat_cape_sandbox " data-tooltip-position="left" data-tooltip-text="Network comms" data-target-id="network-comms" data-sandbox-name="CAPE Sandbox"> <span class="hstack fs-6"><!--?lit$336419335$--><!--?lit$336419335$--><svg xmlns="http://www.w3.org/2000/svg" width="1em" height="1em" viewBox="0 0 24 24" fill="currentColor">
<path fill-rule="evenodd" d="M17.25 5a1.25 1.25 0 1 1 2.5 0 1.25 1.25 0 0 1-2.5 0Zm1.25-2.75a2.75 2.75 0 0 0-.783 5.387v3.614h-3.07a2.751 2.751 0 0 0-5.294 0h-4.57v4.093a2.751 2.751 0 1 0 1.5.02V12.75h3.07a2.751 2.751 0 0 0 5.293 0h4.571V7.657A2.751 2.751 0 0 0 18.5 2.25Zm-6.5 8.5a1.25 1.25 0 1 0 0 2.5 1.25 1.25 0 0 0 0-2.5Zm-6.5 6a1.25 1.25 0 1 0 0 2.5 1.25 1.25 0 0 0 0-2.5Z" clip-rule="evenodd"></path>
</svg>
<!--?--></span> <span class="number fs-6 hstack ms-1"><!--?lit$336419335$--><font style="vertical-align: inherit;"><font style="vertical-align: inherit;">91</font></font></span> </a> </div> </div> <!----><!----> <div class="sandbox-col col-lg-6 col-md-12 border-bottom"> <!--?lit$336419335$--> <div class="sandbox-line hstack p-3 gap-2"> <div class="form-check hstack gap-2 flex-grow-1 min-width-0 "> <!--?lit$336419335$--> <input type="checkbox" class="form-check-input flex-shrink-0 mt-0 gtm_sandbox_render_virustotal_cuckoofork_false" data-behaviour-id="b424ad4b1f065fba66f242ddb4bfbbecdd491a8dc047705898aa97ef7b834ae1_VirusTotal Cuckoofork" data-sandbox-name="VirusTotal Cuckoofork" id="behaviour-b424ad4b1f065fba66f242ddb4bfbbecdd491a8dc047705898aa97ef7b834ae1_VirusTotal Cuckoofork"> <div class="vstack text-truncate"> <label class="form-check-label hstack gap-1 min-width-0" data-tooltip-position="right" role="button" data-behaviour-id="b424ad4b1f065fba66f242ddb4bfbbecdd491a8dc047705898aa97ef7b834ae1_VirusTotal
<path d="M17.1562 20.7656L6.1875 10.9844L5.71875 10.5312L11.0781 9.76562L15.2812 3.625L15.8594 4.45312L16.7344 4.82812L18.8281 11.2188L17.2344 13.625L17.1562 20.7656Z" fill="#CFDDFC"></path>
<path fill-rule="evenodd" clip-rule="evenodd" d="M15.625 2.14062L16.3906 4.09375L16.9363 3.32736L19.5882 11.2036L17.6256 14.3033L21 18.1061L20.1509 19.1647L17.8594 16.5V22L3.85938 10.2301L10.3521 8.99113L10.7344 9.34375L15.625 2.14062ZM15.5 4.5L11.5859 10.1094L12.3594 10.9531L16 5.5L15.5 4.5ZM11.7344 11.8125L10.1094 10.2301L6.71875 10.9531L10.3521 13.6562L11.7344 11.8125ZM16.7031 6.41157L11.1484 14.4922L14.1929 17.2212L18.3225 10.8363L16.7031 6.41157ZM15.2902 18.1061L16.8594 19.5V15.5L15.2902 18.1061Z" fill="#0B4DDA"></path>
</svg>
<!--?--><!--?--> </div><!----> </div><!--?--></template></vt-ui-sandbox-icon-row> <div class="text-truncate"> <span> <!--?lit$336419335$--><font style="vertical-align: inherit;"><font style="vertical-align: inherit;">WirusTotal Cuckoofork</font></font> </span> <!--?lit$336419335$--> </div> </label> </div> </div> <!--?lit$336419335$--> <!--?lit$336419335$--> <a role="button" class="sandbox-stat hstack flex-nowrap gtm_sandbox_stat_virustotal_cuckoofork opacity-25" data-tooltip-position="right" data-tooltip-text="Detections" data-target-id="sandbox-verdicts" data-sandbox-name="VirusTotal Cuckoofork"> <span class="hstack fs-6"><!--?lit$336419335$--><!--?lit$336419335$--><svg xmlns="http://www.w3.org/2000/svg" width="1em" height="1em" viewBox="0 0 24 24" fill="currentColor">
<path d="M2.128 20.318 12 3.283l9.872 17.035H2.128ZM4.55 18.92h14.898L12 6.081 4.55 18.919Zm7.446-1.212a.75.75 0 0 0 .55-.217.738.738 0 0 0 .22-.548.751.751 0 0 0-.217-.55.738.738 0 0 0-.547-.22.751.751 0 0 0-.55.217.737.737 0 0 0-.22.548.75.75 0 0 0 .764.77Zm-.686-2.515h1.399v-4.94h-1.4v4.94Z"></path>
</svg>
<!--?--></span> <span class="number fs-6 hstack ms-1"><!--?lit$336419335$--><font style="vertical-align: inherit;"><font style="vertical-align: inherit;">0</font></font></span> </a> <!--?lit$336419335$--> <a role="button" class="sandbox-stat hstack flex-nowrap gtm_sandbox_stat_virustotal_cuckoofork opacity-25" data-tooltip-position="right" data-tooltip-text="Mitre tactics" data-target-id="mitre-tree" data-sandbox-name="VirusTotal Cuckoofork"> <span class="hstack fs-6"><!--?lit$336419335$--><!--?lit$336419335$--><svg xmlns="http://www.w3.org/2000/svg" width="1em" height="1em" fill="currentColor" viewBox="0 0 24 24">
<path fill-rule="evenodd" d="M6.02 5.492A.65.65 0 0 1 6.65 5h2a.65.65 0 0 1 .589.375l2.911 6.238 2.911-6.238A.65.65 0 0 1 15.65 5h2a.65.65 0 0 1 .63.492l3 12a.65.65 0 0 1-.63.808h-3a.65.65 0 0 1-.637-.523l-1.072-5.355-2.188 5.47a.65.65 0 0 1-.603.408h-2.5a.65.65 0 0 1-.617-.445L8.22 12.413l-1.44 5.404a.65.65 0 0 1-.629.483h-2.5a.65.65 0 0 1-.63-.808l3-12Zm1.138.808L4.483 17H5.65l1.871-7.017a.65.65 0 0 1 1.245-.039L11.118 17h1.592l2.836-7.091a.65.65 0 0 1 1.241.114L18.183 17h1.634L17.142 6.3h-1.078l-3.325 7.125a.65.65 0 0 1-1.178 0L8.236 6.3H7.158Z" clip-rule="evenodd"></path>
</svg>
<!--?--></span> <span class="number fs-6 hstack ms-1"><!--?lit$336419335$--><font style="vertical-align: inherit;"><font style="vertical-align: inherit;">0</font></font></span> </a> <!--?lit$336419335$--> <a role="button" class="sandbox-stat hstack flex-nowrap gtm_sandbox_stat_virustotal_cuckoofork opacity-25" data-tooltip-position="right" data-tooltip-text="IDS rules" data-target-id="ids-alerts" data-sandbox-name="VirusTotal Cuckoofork"> <span class="hstack fs-6"><!--?lit$336419335$--><!--?lit$336419335$--><svg xmlns="http://www.w3.org/2000/svg" width="1em" height="1em" viewBox="0 0 24 24" fill="currentColor">
<path fill-rule="evenodd" d="m5.698 2.363-3.326 4.03.006.005a.997.997 0 0 0-.3.714v9.732a1 1 0 0 0 1 1h.983v1.29h1.5v-1.29H16.24v1.29h1.5v-1.29h1.338a1 1 0 0 0 1-1V7.112c0-.273-.11-.52-.286-.7l-3.431-4.05H5.698Zm11.874 3.749-1.906-2.25h-9.26l-1.858 2.25h13.024ZM8.475 4.216a.75.75 0 0 0 0 1.5h.077a.75.75 0 1 0 0-1.5h-.077Zm.272 4.502h-1.94v.78h-.89v2.077h3.721V9.498h-.891v-.78Zm0 3.663h-1.94v.78h-.89v2.077h3.721V13.16h-.891v-.78Zm4.662 0h1.94v.78h.89v2.077h-3.72V13.16h.89v-.78Zm1.94-3.663h-1.94v.78h-.89v2.077h3.72V9.498h-.89v-.78Zm-5.06-3.752a.75.75 0 0 1 .75-.75h.077a.75.75 0 0 1 0 1.5h-.076a.75.75 0 0 1-.75-.75Zm3.316-.75a.75.75 0 0 0 0 1.5h.076a.75.75 0 1 0 0-1.5h-.076ZM3.578 7.612v8.732h15V7.612h-15Z" clip-rule="evenodd"></path>
</svg>
<!--?--></span> <span class="number fs-6 hstack ms-1"><!--?lit$336419335$--><font style="vertical-align: inherit;"><font style="vertical-align: inherit;">0</font></font></span> </a> <!--?lit$336419335$--> <a role="button" class="sandbox-stat hstack flex-nowrap gtm_sandbox_stat_virustotal_cuckoofork opacity-25" data-tooltip-position="right" data-tooltip-text="Sigma rules" data-target-id="sigma-analysis" data-sandbox-name="VirusTotal Cuckoofork"> <span class="hstack fs-6"><!--?lit$336419335$--><!--?lit$336419335$--><svg xmlns="http://www.w3.org/2000/svg" width="1em" height="1em" viewBox="0 0 24 24" fill="currentColor">
<path fill-rule="evenodd" d="M14.27 18v1.5h2.47c.77 0 1.422-.266 1.957-.798a2.625 2.625 0 0 0 .803-1.933v-2.057c0-.354.125-.651.374-.89.25-.24.554-.36.914-.36h.712v-2.923h-.712c-.36 0-.665-.12-.914-.36a1.186 1.186 0 0 1-.374-.89V7.23c0-.757-.268-1.4-.803-1.933-.535-.532-1.187-.798-1.957-.798h-2.47V6h2.47c.354 0 .653.12.896.36.242.24.364.53.364.87v2.058c0 .595.177 1.129.53 1.6.355.472.816.8 1.383.985v.254a2.749 2.749 0 0 0-1.382.984 2.599 2.599 0 0 0-.531 1.6v2.058c0 .341-.122.632-.364.871-.243.24-.542.36-.896.36h-2.47Zm-8.962.702a2.675 2.675 0 0 0 1.952.798h2.48V18H7.26a1.23 1.23 0 0 1-.89-.36c-.247-.24-.37-.53-.37-.87v-2.06c0-.594-.175-1.128-.526-1.6-.35-.471-.813-.8-1.387-.984v-.254a2.721 2.721 0 0 0 1.387-.984A2.62 2.62 0 0 0 6 9.288V7.23c0-.341.123-.632.37-.871.245-.24.542-.36.89-.36h2.48V4.5H7.26c-.763 0-1.414.266-1.952.798A2.617 2.617 0 0 0 4.5 7.231v2.057c0 .354-.125.651-.374.89-.25.24-.554.36-.914.36H2.5v2.923h.712c.36 0 .665.12.914.36.25.24.374.537.374.89v2.058c0 .757.27 1.4.808 1.933Zm4.807-3.223v
</svg>
<!--?--></span> <span class="number fs-6 hstack ms-1"><!--?lit$336419335$--><font style="vertical-align: inherit;"><font style="vertical-align: inherit;">0</font></font></span> </a> <!--?lit$336419335$--> <a role="button" class="sandbox-stat hstack flex-nowrap gtm_sandbox_stat_virustotal_cuckoofork opacity-25" data-tooltip-position="right" data-tooltip-text="Dropped files" data-target-id="files-dropped" data-sandbox-name="VirusTotal Cuckoofork"> <span class="hstack fs-6"><!--?lit$336419335$--><!--?lit$336419335$--><svg xmlns="http://www.w3.org/2000/svg" width="1em" height="1em" viewBox="0 0 24 24" fill="currentColor">
<path fill-rule="evenodd" d="m11.433 7.86.017-3.53h1.1l-.018 3.503 7.418 5.713L12 19.67l-7.95-6.123 7.383-5.686Zm-.009 1.78-5.08 3.906L12 17.896l5.662-4.35L12.524 9.6l-.024 4.78 1.717-1.333.783.783-3 2.5-3-2.5.783-.783L11.4 14.38l.023-4.74Z" clip-rule="evenodd"></path>
</svg>
<!--?--></span> <span class="number fs-6 hstack ms-1"><!--?lit$336419335$--><font style="vertical-align: inherit;"><font style="vertical-align: inherit;">0</font></font></span> </a> <!--?lit$336419335$--> <a role="button" class="sandbox-stat hstack flex-nowrap gtm_sandbox_stat_virustotal_cuckoofork " data-tooltip-position="left" data-tooltip-text="Network comms" data-target-id="network-comms" data-sandbox-name="VirusTotal Cuckoofork"> <span class="hstack fs-6"><!--?lit$336419335$--><!--?lit$336419335$--><svg xmlns="http://www.w3.org/2000/svg" width="1em" height="1em" viewBox="0 0 24 24" fill="currentColor">
<path fill-rule="evenodd" d="M17.25 5a1.25 1.25 0 1 1 2.5 0 1.25 1.25 0 0 1-2.5 0Zm1.25-2.75a2.75 2.75 0 0 0-.783 5.387v3.614h-3.07a2.751 2.751 0 0 0-5.294 0h-4.57v4.093a2.751 2.751 0 1 0 1.5.02V12.75h3.07a2.751 2.751 0 0 0 5.293 0h4.571V7.657A2.751 2.751 0 0 0 18.5 2.25Zm-6.5 8.5a1.25 1.25 0 1 0 0 2.5 1.25 1.25 0 0 0 0-2.5Zm-6.5 6a1.25 1.25 0 1 0 0 2.5 1.25 1.25 0 0 0 0-2.5Z" clip-rule="evenodd"></path>
</svg>
<!--?--></span> <span class="number fs-6 hstack ms-1"><!--?lit$336419335$--><font style="vertical-align: inherit;"><font style="vertical-align: inherit;">99+</font></font></span> </a> </div> </div> <!----><!----> <div class="sandbox-col col-lg-6 col-md-12 border-bottom"> <!--?lit$336419335$--> <div class="sandbox-line hstack p-3 gap-2"> <div class="form-check hstack gap-2 flex-grow-1 min-width-0 "> <!--?lit$336419335$--> <input type="checkbox" class="form-check-input flex-shrink-0 mt-0 gtm_sandbox_render_virustotal_jujubox_false" data-behaviour-id="b424ad4b1f065fba66f242ddb4bfbbecdd491a8dc047705898aa97ef7b834ae1_VirusTotal Jujubox" data-sandbox-name="VirusTotal Jujubox" id="behaviour-b424ad4b1f065fba66f242ddb4bfbbecdd491a8dc047705898aa97ef7b834ae1_VirusTotal Jujubox"> <div class="vstack text-truncate"> <label class="form-check-label hstack gap-1 min-width-0" data-tooltip-position="right" role="button" data-behaviour-id="b424ad4b1f065fba66f242ddb4bfbbecdd491a8dc047705898aa97ef7b834ae1_VirusTotal Jujubox" d
<path fill-rule="evenodd" clip-rule="evenodd" d="M2.20001 7.7786V16.9904V17.0161L11.999 21.6219V12.2919L2.20001 7.6861V7.7786Z" fill="#EFD8CB"></path>
<path fill-rule="evenodd" clip-rule="evenodd" d="M2.38342 8.0387C2.38342 8.0387 9.02517 11.3267 10.4226 13.3924C11.8201 15.458 11.3187 21.3844 11.3187 21.3844L12.0351 21.6908L12.2567 12.4716L2.38342 8.0387Z" fill="#AB9B9B" fill-opacity="0.63"></path>
<path fill-rule="evenodd" clip-rule="evenodd" d="M5.21887 9.26135C5.21887 9.26135 4.89926 10.1313 5.0143 10.4881C5.12953 10.8448 5.48024 11.0283 5.48024 11.0283C5.48024 11.0283 5.29239 10.6439 5.69829 10.2843C5.91472 10.0927 6.01304 10.1425 6.01304 10.1425C6.01304 10.1425 5.89944 10.427 5.87697 10.6909C5.8412 11.1119 6.26561 11.4886 6.26561 11.4886C6.26561 11.4886 6.19352 10.8976 6.88596 10.6671C7.29329 10.5315 7.03336 10.9713 7.03336 10.9713C7.03336 10.9713 7.57461 10.6297 7.17807 11.1934C6.81747 11.706 7.65245 12.0263 7.65245 12.0263C7.65245 12.0263 7.45597 11.5911 7.91005 11.3959C8.75527 11.0327 9.34291 11.2618 9.34291 11.2618L5.21887 9.26135Z" fill="#444444"></path>
<path fill-rule="evenodd" clip-rule="evenodd" d="M5.83875 17.7814C5.83875 17.7814 6.2954 18.5724 5.30194 18.5733L6.66256 19.2172C6.66256 19.2172 6.12701 18.2939 6.52759 18.0519L5.83875 17.7814Z" fill="#444444"></path>
<path fill-rule="evenodd" clip-rule="evenodd" d="M4.22961 13C4.22961 13 3.90982 13.87 4.02504 14.2267C4.14027 14.5834 4.4908 14.7669 4.4908 14.7669C4.4908 14.7669 4.30313 14.3825 4.70903 14.0229C4.92546 13.8314 5.02379 13.8811 5.02379 13.8811C5.02379 13.8811 4.91018 14.1657 4.88771 14.4296C4.85194 14.8506 5.27635 15.2272 5.27635 15.2272C5.27635 15.2272 5.20426 14.6362 5.8967 14.4057C6.30403 14.2702 6.04392 14.71 6.04392 14.71C6.04392 14.71 6.58536 14.3684 6.18881 14.9321C5.82821 15.4446 6.66301 15.7649 6.66301 15.7649C6.66301 15.7649 6.46671 15.3297 6.92079 15.1346C7.76601 14.7714 8.35347 15.0005 8.35347 15.0005L4.22961 13Z" fill="#6D6D6D"></path>
<path fill-rule="evenodd" clip-rule="evenodd" d="M12.0351 12.4407L2.25061 7.81036L12.0351 3.18018L21.8196 7.81036L12.0351 12.4407Z" fill="#EDC7AE"></path>
<path fill-rule="evenodd" clip-rule="evenodd" d="M3.65948 7.14372C3.65948 7.14372 5.00265 7.05988 5.54282 7.54945C5.8308 7.81049 5.08498 9.0117 5.08498 9.0117C5.75602 9.44885 9.07312 10.9879 9.07312 10.9879C9.07312 10.9879 14.4087 8.39593 15.7255 9.35622C16.5173 9.93358 16.0756 10.5508 16.0756 10.5508L21.8197 7.81049L12.0681 3.2663L3.65948 7.14372Z" fill="#444444"></path>
<path fill-rule="evenodd" clip-rule="evenodd" d="M12.0352 21.6908L21.8196 17.319V8.00494L12.0352 12.3385V21.6908Z" fill="#BA9988"></path>
<path fill-rule="evenodd" clip-rule="evenodd" d="M21.7445 17.1639V7.90332L16.0756 10.5508C16.0756 10.5508 18.1254 13.1166 17.8775 14.6078C17.623 16.14 17.5225 16.9141 17.5225 16.9141L21.7445 17.1639Z" fill="#262626"></path>
<path fill-rule="evenodd" clip-rule="evenodd" d="M16.2933 13.8627L16.9243 13.2175C16.9243 13.2175 17.8586 13.1534 17.8759 14.2022C17.8932 15.2508 17.7409 16.7185 17.6658 16.8114C17.5907 16.9044 16.8341 17.1831 16.4736 17.061" fill="#EFD8CB"></path>
<path fill-rule="evenodd" clip-rule="evenodd" d="M12.0352 12.3385L21.8196 8.00488V17.3191C21.8196 17.3191 22.7975 12.7591 19.3003 11.8466C15.8027 10.934 12.0352 12.3385 12.0352 12.3385Z" fill="#6D6D6D"></path>
<path fill-rule="evenodd" clip-rule="evenodd" d="M12.0352 3.18018L21.8196 7.81054L13.6068 11.6969C13.6068 11.6969 19.6129 9.16741 17.877 7.39673C15.2207 4.68766 12.0352 3.18018 12.0352 3.18018Z" fill="#6D6D6D"></path>
<path fill-rule="evenodd" clip-rule="evenodd" d="M17.125 12.9297C17.125 12.9297 19.831 13.3546 20.1918 14.8479C20.5524 16.3412 20.6651 17.0611 20.6651 17.0611L17.7182 16.8213C17.7182 16.8213 17.9725 14.8992 17.8763 14.2021C17.7802 13.5049 17.125 12.9297 17.125 12.9297Z" fill="#6D6D6D"></path>
<path fill-rule="evenodd" clip-rule="evenodd" d="M10.8194 15.4863C10.8194 16.4271 10.3743 16.6558 9.43241 16.6558C8.49029 16.6558 7.52283 15.8055 7.52283 14.8648C7.52283 13.9239 8.24726 13.4879 9.18938 13.4879C10.1313 13.4879 10.8194 14.5454 10.8194 15.4863Z" fill="#F4F4F4"></path>
<path fill-rule="evenodd" clip-rule="evenodd" d="M6.53501 13.607C6.53501 14.5479 6.08993 14.7765 5.14799 14.7765C4.20587 14.7765 3.2384 13.9262 3.2384 12.9855C3.2384 12.0446 3.96283 11.6085 4.90495 11.6085C5.84689 11.6085 6.53501 12.6663 6.53501 13.607Z" fill="#F4F4F4"></path>
<path fill-rule="evenodd" clip-rule="evenodd" d="M5.72381 18.634L6.16627 18.8437C6.08612 18.613 6.03184 18.3414 6.11074 18.1323L5.9932 18.0858C6.00327 18.1994 5.98925 18.3231 5.92329 18.4375C5.87639 18.5183 5.80989 18.5841 5.72381 18.634ZM6.5345 19.3972C6.50844 19.3972 6.4822 19.3917 6.45758 19.38L5.09679 18.736C5.02041 18.6999 4.97944 18.6161 4.99795 18.5339C5.01646 18.4515 5.08942 18.3931 5.17353 18.3931C5.40536 18.3928 5.56063 18.3446 5.61113 18.2574C5.68014 18.1378 5.58399 17.9226 5.5547 17.8716C5.51642 17.805 5.52415 17.722 5.57411 17.6641C5.62425 17.6063 5.70548 17.587 5.77683 17.6138L6.46567 17.8842C6.52929 17.9095 6.57332 17.9685 6.57925 18.0368C6.585 18.1052 6.55157 18.1705 6.49299 18.2061C6.33304 18.3028 6.50844 18.812 6.69049 19.1272C6.73003 19.1954 6.72051 19.2812 6.66731 19.3392C6.63209 19.3773 6.58374 19.3972 6.5345 19.3972Z" fill="#35302C"></path>
<path fill-rule="evenodd" clip-rule="evenodd" d="M3.84828 12.7521C3.81234 12.7521 3.77819 12.7304 3.76435 12.695C3.7462 12.6485 3.76902 12.5963 3.81539 12.5781L4.74649 12.2137C4.79304 12.1954 4.84515 12.2184 4.8633 12.2649C4.88146 12.3112 4.85863 12.3634 4.81227 12.3816L3.88117 12.7458C3.87038 12.7501 3.85924 12.7521 3.84828 12.7521Z" fill="#35302C"></path>
<path fill-rule="evenodd" clip-rule="evenodd" d="M4.29011 13.1934C4.25417 13.1934 4.22003 13.1715 4.20619 13.1361C4.18804 13.09 4.21086 13.0375 4.25705 13.0196L4.7421 12.8295C4.78864 12.8113 4.84094 12.8341 4.85909 12.8805C4.87724 12.9268 4.85424 12.979 4.80805 12.9971L4.323 13.1871C4.31204 13.1912 4.30108 13.1934 4.29011 13.1934Z" fill="#35302C"></path>
<path fill-rule="evenodd" clip-rule="evenodd" d="M8.0226 14.6279C7.98665 14.6279 7.95251 14.606 7.93867 14.5706C7.92052 14.5245 7.94334 14.4721 7.98971 14.4541L8.92081 14.0897C8.96771 14.0719 9.01965 14.0944 9.03762 14.1409C9.05577 14.1868 9.03295 14.2392 8.98658 14.2572L8.05548 14.6216C8.0447 14.6258 8.03356 14.6279 8.0226 14.6279Z" fill="#35302C"></path>
<path fill-rule="evenodd" clip-rule="evenodd" d="M8.46435 15.0691C8.42822 15.0691 8.39426 15.0472 8.38042 15.0118C8.36227 14.9657 8.38527 14.9133 8.43146 14.8953L8.91651 14.7057C8.96341 14.6874 9.01499 14.7102 9.03332 14.7567C9.05147 14.8029 9.02865 14.8553 8.98228 14.8732L8.49741 15.0626C8.48645 15.0669 8.47531 15.0691 8.46435 15.0691Z" fill="#35302C"></path>
<path fill-rule="evenodd" clip-rule="evenodd" d="M2.67167 7.81052L12.035 12.2414L21.3986 7.81052L12.035 3.37943L2.67167 7.81052ZM2.43082 8.09491L11.8549 12.5546L11.8548 12.5595V15.7572L11.8408 15.7638L10.9997 15.4726C10.9933 14.4456 10.2516 13.3077 9.18938 13.3077C8.50487 13.3077 7.97614 13.523 7.66314 13.9034L6.71212 13.4879C6.65789 12.4902 5.93099 11.4285 4.90502 11.4285C4.20441 11.4285 3.66707 11.6541 3.35718 12.0513L2.49999 11.5C2.47791 11.4876 2.4544 11.4803 2.43082 11.4778V8.09491ZM6.7017 13.8762L7.47231 14.213C7.38725 14.4048 7.34253 14.6232 7.34253 14.8647C7.34253 15.878 8.35817 16.8357 9.43241 16.8357C10.2626 16.8357 10.8481 16.6568 10.9743 15.845L11.7925 16.1281C11.8115 16.1347 11.8315 16.138 11.8514 16.138L11.8548 16.1379V21.5352L2.43082 17.0758V11.8833L3.17577 12.3625C3.09874 12.5473 3.05835 12.756 3.05835 12.9855C3.05835 13.9988 4.07381 14.9565 5.14805 14.9565C6.00792 14.9565 6.60539 14.7647 6.7017 13.8762ZM6.35477 13.6127C6.35464 13.6088 6.35464 13.605 6.35477 13.6011C6.35199 12.7442 5.73293 11.
</svg>
<!--?--><!--?--> </div><!----> </div><!--?--></template></vt-ui-sandbox-icon-row> <div class="text-truncate"> <span> <!--?lit$336419335$--><font style="vertical-align: inherit;"><font style="vertical-align: inherit;">WirusTotal Jujubox</font></font> </span> <!--?lit$336419335$--> </div> </label> </div> </div> <!--?lit$336419335$--> <!--?lit$336419335$--> <a role="button" class="sandbox-stat hstack flex-nowrap gtm_sandbox_stat_virustotal_jujubox opacity-25" data-tooltip-position="right" data-tooltip-text="Detections" data-target-id="sandbox-verdicts" data-sandbox-name="VirusTotal Jujubox"> <span class="hstack fs-6"><!--?lit$336419335$--><!--?lit$336419335$--><svg xmlns="http://www.w3.org/2000/svg" width="1em" height="1em" viewBox="0 0 24 24" fill="currentColor">
<path d="M2.128 20.318 12 3.283l9.872 17.035H2.128ZM4.55 18.92h14.898L12 6.081 4.55 18.919Zm7.446-1.212a.75.75 0 0 0 .55-.217.738.738 0 0 0 .22-.548.751.751 0 0 0-.217-.55.738.738 0 0 0-.547-.22.751.751 0 0 0-.55.217.737.737 0 0 0-.22.548.75.75 0 0 0 .764.77Zm-.686-2.515h1.399v-4.94h-1.4v4.94Z"></path>
</svg>
<!--?--></span> <span class="number fs-6 hstack ms-1"><!--?lit$336419335$--><font style="vertical-align: inherit;"><font style="vertical-align: inherit;">0</font></font></span> </a> <!--?lit$336419335$--> <a role="button" class="sandbox-stat hstack flex-nowrap gtm_sandbox_stat_virustotal_jujubox opacity-25" data-tooltip-position="right" data-tooltip-text="Mitre tactics" data-target-id="mitre-tree" data-sandbox-name="VirusTotal Jujubox"> <span class="hstack fs-6"><!--?lit$336419335$--><!--?lit$336419335$--><svg xmlns="http://www.w3.org/2000/svg" width="1em" height="1em" fill="currentColor" viewBox="0 0 24 24">
<path fill-rule="evenodd" d="M6.02 5.492A.65.65 0 0 1 6.65 5h2a.65.65 0 0 1 .589.375l2.911 6.238 2.911-6.238A.65.65 0 0 1 15.65 5h2a.65.65 0 0 1 .63.492l3 12a.65.65 0 0 1-.63.808h-3a.65.65 0 0 1-.637-.523l-1.072-5.355-2.188 5.47a.65.65 0 0 1-.603.408h-2.5a.65.65 0 0 1-.617-.445L8.22 12.413l-1.44 5.404a.65.65 0 0 1-.629.483h-2.5a.65.65 0 0 1-.63-.808l3-12Zm1.138.808L4.483 17H5.65l1.871-7.017a.65.65 0 0 1 1.245-.039L11.118 17h1.592l2.836-7.091a.65.65 0 0 1 1.241.114L18.183 17h1.634L17.142 6.3h-1.078l-3.325 7.125a.65.65 0 0 1-1.178 0L8.236 6.3H7.158Z" clip-rule="evenodd"></path>
</svg>
<!--?--></span> <span class="number fs-6 hstack ms-1"><!--?lit$336419335$--><font style="vertical-align: inherit;"><font style="vertical-align: inherit;">0</font></font></span> </a> <!--?lit$336419335$--> <a role="button" class="sandbox-stat hstack flex-nowrap gtm_sandbox_stat_virustotal_jujubox " data-tooltip-position="right" data-tooltip-text="IDS rules" data-target-id="ids-alerts" data-sandbox-name="VirusTotal Jujubox"> <span class="hstack fs-6"><!--?lit$336419335$--><!--?lit$336419335$--><svg xmlns="http://www.w3.org/2000/svg" width="1em" height="1em" viewBox="0 0 24 24" fill="currentColor">
<path fill-rule="evenodd" d="m5.698 2.363-3.326 4.03.006.005a.997.997 0 0 0-.3.714v9.732a1 1 0 0 0 1 1h.983v1.29h1.5v-1.29H16.24v1.29h1.5v-1.29h1.338a1 1 0 0 0 1-1V7.112c0-.273-.11-.52-.286-.7l-3.431-4.05H5.698Zm11.874 3.749-1.906-2.25h-9.26l-1.858 2.25h13.024ZM8.475 4.216a.75.75 0 0 0 0 1.5h.077a.75.75 0 1 0 0-1.5h-.077Zm.272 4.502h-1.94v.78h-.89v2.077h3.721V9.498h-.891v-.78Zm0 3.663h-1.94v.78h-.89v2.077h3.721V13.16h-.891v-.78Zm4.662 0h1.94v.78h.89v2.077h-3.72V13.16h.89v-.78Zm1.94-3.663h-1.94v.78h-.89v2.077h3.72V9.498h-.89v-.78Zm-5.06-3.752a.75.75 0 0 1 .75-.75h.077a.75.75 0 0 1 0 1.5h-.076a.75.75 0 0 1-.75-.75Zm3.316-.75a.75.75 0 0 0 0 1.5h.076a.75.75 0 1 0 0-1.5h-.076ZM3.578 7.612v8.732h15V7.612h-15Z" clip-rule="evenodd"></path>
</svg>
<!--?--></span> <span class="number fs-6 hstack ms-1"><!--?lit$336419335$--><font style="vertical-align: inherit;"><font style="vertical-align: inherit;">2</font></font></span> </a> <!--?lit$336419335$--> <a role="button" class="sandbox-stat hstack flex-nowrap gtm_sandbox_stat_virustotal_jujubox opacity-25" data-tooltip-position="right" data-tooltip-text="Sigma rules" data-target-id="sigma-analysis" data-sandbox-name="VirusTotal Jujubox"> <span class="hstack fs-6"><!--?lit$336419335$--><!--?lit$336419335$--><svg xmlns="http://www.w3.org/2000/svg" width="1em" height="1em" viewBox="0 0 24 24" fill="currentColor">
<path fill-rule="evenodd" d="M14.27 18v1.5h2.47c.77 0 1.422-.266 1.957-.798a2.625 2.625 0 0 0 .803-1.933v-2.057c0-.354.125-.651.374-.89.25-.24.554-.36.914-.36h.712v-2.923h-.712c-.36 0-.665-.12-.914-.36a1.186 1.186 0 0 1-.374-.89V7.23c0-.757-.268-1.4-.803-1.933-.535-.532-1.187-.798-1.957-.798h-2.47V6h2.47c.354 0 .653.12.896.36.242.24.364.53.364.87v2.058c0 .595.177 1.129.53 1.6.355.472.816.8 1.383.985v.254a2.749 2.749 0 0 0-1.382.984 2.599 2.599 0 0 0-.531 1.6v2.058c0 .341-.122.632-.364.871-.243.24-.542.36-.896.36h-2.47Zm-8.962.702a2.675 2.675 0 0 0 1.952.798h2.48V18H7.26a1.23 1.23 0 0 1-.89-.36c-.247-.24-.37-.53-.37-.87v-2.06c0-.594-.175-1.128-.526-1.6-.35-.471-.813-.8-1.387-.984v-.254a2.721 2.721 0 0 0 1.387-.984A2.62 2.62 0 0 0 6 9.288V7.23c0-.341.123-.632.37-.871.245-.24.542-.36.89-.36h2.48V4.5H7.26c-.763 0-1.414.266-1.952.798A2.617 2.617 0 0 0 4.5 7.231v2.057c0 .354-.125.651-.374.89-.25.24-.554.36-.914.36H2.5v2.923h.712c.36 0 .665.12.914.36.25.24.374.537.374.89v2.058c0 .757.27 1.4.808 1.933Zm4.807-3.223v
</svg>
<!--?--></span> <span class="number fs-6 hstack ms-1"><!--?lit$336419335$--><font style="vertical-align: inherit;"><font style="vertical-align: inherit;">0</font></font></span> </a> <!--?lit$336419335$--> <a role="button" class="sandbox-stat hstack flex-nowrap gtm_sandbox_stat_virustotal_jujubox " data-tooltip-position="right" data-tooltip-text="Dropped files" data-target-id="files-dropped" data-sandbox-name="VirusTotal Jujubox"> <span class="hstack fs-6"><!--?lit$336419335$--><!--?lit$336419335$--><svg xmlns="http://www.w3.org/2000/svg" width="1em" height="1em" viewBox="0 0 24 24" fill="currentColor">
<path fill-rule="evenodd" d="m11.433 7.86.017-3.53h1.1l-.018 3.503 7.418 5.713L12 19.67l-7.95-6.123 7.383-5.686Zm-.009 1.78-5.08 3.906L12 17.896l5.662-4.35L12.524 9.6l-.024 4.78 1.717-1.333.783.783-3 2.5-3-2.5.783-.783L11.4 14.38l.023-4.74Z" clip-rule="evenodd"></path>
</svg>
<!--?--></span> <span class="number fs-6 hstack ms-1"><!--?lit$336419335$--><font style="vertical-align: inherit;"><font style="vertical-align: inherit;">1</font></font></span> </a> <!--?lit$336419335$--> <a role="button" class="sandbox-stat hstack flex-nowrap gtm_sandbox_stat_virustotal_jujubox " data-tooltip-position="left" data-tooltip-text="Network comms" data-target-id="network-comms" data-sandbox-name="VirusTotal Jujubox"> <span class="hstack fs-6"><!--?lit$336419335$--><!--?lit$336419335$--><svg xmlns="http://www.w3.org/2000/svg" width="1em" height="1em" viewBox="0 0 24 24" fill="currentColor">
<path fill-rule="evenodd" d="M17.25 5a1.25 1.25 0 1 1 2.5 0 1.25 1.25 0 0 1-2.5 0Zm1.25-2.75a2.75 2.75 0 0 0-.783 5.387v3.614h-3.07a2.751 2.751 0 0 0-5.294 0h-4.57v4.093a2.751 2.751 0 1 0 1.5.02V12.75h3.07a2.751 2.751 0 0 0 5.293 0h4.571V7.657A2.751 2.751 0 0 0 18.5 2.25Zm-6.5 8.5a1.25 1.25 0 1 0 0 2.5 1.25 1.25 0 0 0 0-2.5Zm-6.5 6a1.25 1.25 0 1 0 0 2.5 1.25 1.25 0 0 0 0-2.5Z" clip-rule="evenodd"></path>
</svg>
<!--?--></span> <span class="number fs-6 hstack ms-1"><!--?lit$336419335$--><font style="vertical-align: inherit;"><font style="vertical-align: inherit;">92</font></font></span> </a> </div> </div> <!----><!----> <div class="sandbox-col col-lg-6 col-md-12 border-bottom"> <!--?lit$336419335$--> <div class="sandbox-line hstack p-3 gap-2"> <div class="form-check hstack gap-2 flex-grow-1 min-width-0 "> <!--?lit$336419335$--> <input type="checkbox" class="form-check-input flex-shrink-0 mt-0 gtm_sandbox_render_virustotal_observer_false" data-behaviour-id="b424ad4b1f065fba66f242ddb4bfbbecdd491a8dc047705898aa97ef7b834ae1_VirusTotal Observer" data-sandbox-name="VirusTotal Observer" id="behaviour-b424ad4b1f065fba66f242ddb4bfbbecdd491a8dc047705898aa97ef7b834ae1_VirusTotal Observer"> <div class="vstack text-truncate"> <label class="form-check-label hstack gap-1 min-width-0" data-tooltip-position="right" role="button" data-behaviour-id="b424ad4b1f065fba66f242ddb4bfbbecdd491a8dc047705898aa97ef7b834ae1_VirusTotal Observe
<path fill-rule="evenodd" clip-rule="evenodd" d="M10.998 18.996C12.9374 18.996 14.7155 18.3058 16.1002 17.1575L19.7176 20.7763C20.0104 21.0692 20.4853 21.0693 20.7783 20.7765C21.0712 20.4837 21.0713 20.0088 20.7785 19.7158L17.1605 16.0966C18.307 14.7124 18.996 12.9357 18.996 10.998C18.996 6.58084 15.4152 3 10.998 3C6.58084 3 3 6.58084 3 10.998C3 15.4152 6.58084 18.996 10.998 18.996ZM10.998 17.496C14.5868 17.496 17.496 14.5868 17.496 10.998C17.496 7.40926 14.5868 4.5 10.998 4.5C7.40926 4.5 4.5 7.40926 4.5 10.998C4.5 14.5868 7.40926 17.496 10.998 17.496Z" fill="#0B4DDA"></path>
<path d="M10.998 17.496C14.5868 17.496 17.496 14.5868 17.496 10.998C17.496 7.40926 14.5868 4.5 10.998 4.5C7.40926 4.5 4.5 7.40926 4.5 10.998C4.5 14.5868 7.40926 17.496 10.998 17.496Z" fill="#CFDDFC"></path>
<path d="M9.48228 7.73794C9.37997 7.46193 9.12567 7.27129 8.83204 7.25048C8.53842 7.22967 8.25977 7.38256 8.11957 7.64138L6.42292 10.7735H5.99994C5.58573 10.7735 5.24994 11.1093 5.24994 11.5235C5.24994 11.9377 5.58573 12.2735 5.99994 12.2735H6.86962C7.14486 12.2735 7.39799 12.1228 7.52908 11.8808L8.65066 9.81023L10.3257 14.3294C10.4337 14.6208 10.7102 14.8154 11.0209 14.8187C11.3316 14.8221 11.6122 14.6335 11.7264 14.3446L13.3788 10.1662L14.4111 11.4982C14.5532 11.6815 14.772 11.7887 15.0039 11.7887H15.9975C16.4117 11.7887 16.7475 11.453 16.7475 11.0387C16.7475 10.6245 16.4117 10.2887 15.9975 10.2887H15.3716L13.7582 8.20699C13.5932 7.994 13.3265 7.88593 13.0598 7.92389C12.793 7.96185 12.5671 8.14001 12.468 8.39059L11.0517 11.972L9.48228 7.73794Z" fill="#0B4DDA"></path>
</svg>
<!--?--><!--?--> </div><!----> </div><!--?--></template></vt-ui-sandbox-icon-row> <div class="text-truncate"> <span> <!--?lit$336419335$--><font style="vertical-align: inherit;"><font style="vertical-align: inherit;">Obserwator wirusa Total</font></font> </span> <!--?lit$336419335$--> </div> </label> </div> </div> <!--?lit$336419335$--> <!--?lit$336419335$--> <a role="button" class="sandbox-stat hstack flex-nowrap gtm_sandbox_stat_virustotal_observer opacity-25" data-tooltip-position="right" data-tooltip-text="Detections" data-target-id="sandbox-verdicts" data-sandbox-name="VirusTotal Observer"> <span class="hstack fs-6"><!--?lit$336419335$--><!--?lit$336419335$--><svg xmlns="http://www.w3.org/2000/svg" width="1em" height="1em" viewBox="0 0 24 24" fill="currentColor">
<path d="M2.128 20.318 12 3.283l9.872 17.035H2.128ZM4.55 18.92h14.898L12 6.081 4.55 18.919Zm7.446-1.212a.75.75 0 0 0 .55-.217.738.738 0 0 0 .22-.548.751.751 0 0 0-.217-.55.738.738 0 0 0-.547-.22.751.751 0 0 0-.55.217.737.737 0 0 0-.22.548.75.75 0 0 0 .764.77Zm-.686-2.515h1.399v-4.94h-1.4v4.94Z"></path>
</svg>
<!--?--></span> <span class="number fs-6 hstack ms-1"><!--?lit$336419335$--><font style="vertical-align: inherit;"><font style="vertical-align: inherit;">0</font></font></span> </a> <!--?lit$336419335$--> <a role="button" class="sandbox-stat hstack flex-nowrap gtm_sandbox_stat_virustotal_observer opacity-25" data-tooltip-position="right" data-tooltip-text="Mitre tactics" data-target-id="mitre-tree" data-sandbox-name="VirusTotal Observer"> <span class="hstack fs-6"><!--?lit$336419335$--><!--?lit$336419335$--><svg xmlns="http://www.w3.org/2000/svg" width="1em" height="1em" fill="currentColor" viewBox="0 0 24 24">
<path fill-rule="evenodd" d="M6.02 5.492A.65.65 0 0 1 6.65 5h2a.65.65 0 0 1 .589.375l2.911 6.238 2.911-6.238A.65.65 0 0 1 15.65 5h2a.65.65 0 0 1 .63.492l3 12a.65.65 0 0 1-.63.808h-3a.65.65 0 0 1-.637-.523l-1.072-5.355-2.188 5.47a.65.65 0 0 1-.603.408h-2.5a.65.65 0 0 1-.617-.445L8.22 12.413l-1.44 5.404a.65.65 0 0 1-.629.483h-2.5a.65.65 0 0 1-.63-.808l3-12Zm1.138.808L4.483 17H5.65l1.871-7.017a.65.65 0 0 1 1.245-.039L11.118 17h1.592l2.836-7.091a.65.65 0 0 1 1.241.114L18.183 17h1.634L17.142 6.3h-1.078l-3.325 7.125a.65.65 0 0 1-1.178 0L8.236 6.3H7.158Z" clip-rule="evenodd"></path>
</svg>
<!--?--></span> <span class="number fs-6 hstack ms-1"><!--?lit$336419335$--><font style="vertical-align: inherit;"><font style="vertical-align: inherit;">0</font></font></span> </a> <!--?lit$336419335$--> <a role="button" class="sandbox-stat hstack flex-nowrap gtm_sandbox_stat_virustotal_observer opacity-25" data-tooltip-position="right" data-tooltip-text="IDS rules" data-target-id="ids-alerts" data-sandbox-name="VirusTotal Observer"> <span class="hstack fs-6"><!--?lit$336419335$--><!--?lit$336419335$--><svg xmlns="http://www.w3.org/2000/svg" width="1em" height="1em" viewBox="0 0 24 24" fill="currentColor">
<path fill-rule="evenodd" d="m5.698 2.363-3.326 4.03.006.005a.997.997 0 0 0-.3.714v9.732a1 1 0 0 0 1 1h.983v1.29h1.5v-1.29H16.24v1.29h1.5v-1.29h1.338a1 1 0 0 0 1-1V7.112c0-.273-.11-.52-.286-.7l-3.431-4.05H5.698Zm11.874 3.749-1.906-2.25h-9.26l-1.858 2.25h13.024ZM8.475 4.216a.75.75 0 0 0 0 1.5h.077a.75.75 0 1 0 0-1.5h-.077Zm.272 4.502h-1.94v.78h-.89v2.077h3.721V9.498h-.891v-.78Zm0 3.663h-1.94v.78h-.89v2.077h3.721V13.16h-.891v-.78Zm4.662 0h1.94v.78h.89v2.077h-3.72V13.16h.89v-.78Zm1.94-3.663h-1.94v.78h-.89v2.077h3.72V9.498h-.89v-.78Zm-5.06-3.752a.75.75 0 0 1 .75-.75h.077a.75.75 0 0 1 0 1.5h-.076a.75.75 0 0 1-.75-.75Zm3.316-.75a.75.75 0 0 0 0 1.5h.076a.75.75 0 1 0 0-1.5h-.076ZM3.578 7.612v8.732h15V7.612h-15Z" clip-rule="evenodd"></path>
</svg>
<!--?--></span> <span class="number fs-6 hstack ms-1"><!--?lit$336419335$--><font style="vertical-align: inherit;"><font style="vertical-align: inherit;">0</font></font></span> </a> <!--?lit$336419335$--> <a role="button" class="sandbox-stat hstack flex-nowrap gtm_sandbox_stat_virustotal_observer opacity-25" data-tooltip-position="right" data-tooltip-text="Sigma rules" data-target-id="sigma-analysis" data-sandbox-name="VirusTotal Observer"> <span class="hstack fs-6"><!--?lit$336419335$--><!--?lit$336419335$--><svg xmlns="http://www.w3.org/2000/svg" width="1em" height="1em" viewBox="0 0 24 24" fill="currentColor">
<path fill-rule="evenodd" d="M14.27 18v1.5h2.47c.77 0 1.422-.266 1.957-.798a2.625 2.625 0 0 0 .803-1.933v-2.057c0-.354.125-.651.374-.89.25-.24.554-.36.914-.36h.712v-2.923h-.712c-.36 0-.665-.12-.914-.36a1.186 1.186 0 0 1-.374-.89V7.23c0-.757-.268-1.4-.803-1.933-.535-.532-1.187-.798-1.957-.798h-2.47V6h2.47c.354 0 .653.12.896.36.242.24.364.53.364.87v2.058c0 .595.177 1.129.53 1.6.355.472.816.8 1.383.985v.254a2.749 2.749 0 0 0-1.382.984 2.599 2.599 0 0 0-.531 1.6v2.058c0 .341-.122.632-.364.871-.243.24-.542.36-.896.36h-2.47Zm-8.962.702a2.675 2.675 0 0 0 1.952.798h2.48V18H7.26a1.23 1.23 0 0 1-.89-.36c-.247-.24-.37-.53-.37-.87v-2.06c0-.594-.175-1.128-.526-1.6-.35-.471-.813-.8-1.387-.984v-.254a2.721 2.721 0 0 0 1.387-.984A2.62 2.62 0 0 0 6 9.288V7.23c0-.341.123-.632.37-.871.245-.24.542-.36.89-.36h2.48V4.5H7.26c-.763 0-1.414.266-1.952.798A2.617 2.617 0 0 0 4.5 7.231v2.057c0 .354-.125.651-.374.89-.25.24-.554.36-.914.36H2.5v2.923h.712c.36 0 .665.12.914.36.25.24.374.537.374.89v2.058c0 .757.27 1.4.808 1.933Zm4.807-3.223v
</svg>
<!--?--></span> <span class="number fs-6 hstack ms-1"><!--?lit$336419335$--><font style="vertical-align: inherit;"><font style="vertical-align: inherit;">0</font></font></span> </a> <!--?lit$336419335$--> <a role="button" class="sandbox-stat hstack flex-nowrap gtm_sandbox_stat_virustotal_observer opacity-25" data-tooltip-position="right" data-tooltip-text="Dropped files" data-target-id="files-dropped" data-sandbox-name="VirusTotal Observer"> <span class="hstack fs-6"><!--?lit$336419335$--><!--?lit$336419335$--><svg xmlns="http://www.w3.org/2000/svg" width="1em" height="1em" viewBox="0 0 24 24" fill="currentColor">
<path fill-rule="evenodd" d="m11.433 7.86.017-3.53h1.1l-.018 3.503 7.418 5.713L12 19.67l-7.95-6.123 7.383-5.686Zm-.009 1.78-5.08 3.906L12 17.896l5.662-4.35L12.524 9.6l-.024 4.78 1.717-1.333.783.783-3 2.5-3-2.5.783-.783L11.4 14.38l.023-4.74Z" clip-rule="evenodd"></path>
</svg>
<!--?--></span> <span class="number fs-6 hstack ms-1"><!--?lit$336419335$--><font style="vertical-align: inherit;"><font style="vertical-align: inherit;">0</font></font></span> </a> <!--?lit$336419335$--> <a role="button" class="sandbox-stat hstack flex-nowrap gtm_sandbox_stat_virustotal_observer opacity-25" data-tooltip-position="left" data-tooltip-text="Network comms" data-target-id="network-comms" data-sandbox-name="VirusTotal Observer"> <span class="hstack fs-6"><!--?lit$336419335$--><!--?lit$336419335$--><svg xmlns="http://www.w3.org/2000/svg" width="1em" height="1em" viewBox="0 0 24 24" fill="currentColor">
<path fill-rule="evenodd" d="M17.25 5a1.25 1.25 0 1 1 2.5 0 1.25 1.25 0 0 1-2.5 0Zm1.25-2.75a2.75 2.75 0 0 0-.783 5.387v3.614h-3.07a2.751 2.751 0 0 0-5.294 0h-4.57v4.093a2.751 2.751 0 1 0 1.5.02V12.75h3.07a2.751 2.751 0 0 0 5.293 0h4.571V7.657A2.751 2.751 0 0 0 18.5 2.25Zm-6.5 8.5a1.25 1.25 0 1 0 0 2.5 1.25 1.25 0 0 0 0-2.5Zm-6.5 6a1.25 1.25 0 1 0 0 2.5 1.25 1.25 0 0 0 0-2.5Z" clip-rule="evenodd"></path>
</svg>
<!--?--></span> <span class="number fs-6 hstack ms-1"><!--?lit$336419335$--><font style="vertical-align: inherit;"><font style="vertical-align: inherit;">0</font></font></span> </a> </div> </div> <!----><!----> <div class="sandbox-col col-lg-6 col-md-12 border-bottom"> <!--?lit$336419335$--> <div class="sandbox-line hstack p-3 gap-2"> <div class="form-check hstack gap-2 flex-grow-1 min-width-0 "> <!--?lit$336419335$--> <input type="checkbox" class="form-check-input flex-shrink-0 mt-0 gtm_sandbox_render_zenbox_false" data-behaviour-id="b424ad4b1f065fba66f242ddb4bfbbecdd491a8dc047705898aa97ef7b834ae1_Zenbox" data-sandbox-name="Zenbox" id="behaviour-b424ad4b1f065fba66f242ddb4bfbbecdd491a8dc047705898aa97ef7b834ae1_Zenbox"> <div class="vstack text-truncate"> <label class="form-check-label hstack gap-1 min-width-0" data-tooltip-position="right" role="button" data-behaviour-id="b424ad4b1f065fba66f242ddb4bfbbecdd491a8dc047705898aa97ef7b834ae1_Zenbox" data-sandbox-name="Zenbox" data-tooltip-text="Zenbox" for="beha
<path fill-rule="evenodd" clip-rule="evenodd" d="M11.8125 3.625V9.25L8.4375 10.8125L3.625 7.375L11.8125 3.625ZM15.8703 10.7525L12 12.8125L9.4375 10.75L12.4375 9.125L12.625 9.21364V3.625L20.8125 7.375L16 10.8125L15.8703 10.7525Z" fill="#86AAF9"></path>
<path fill-rule="evenodd" clip-rule="evenodd" d="M2.9375 8.125V16L11.875 20.9375V13L2.9375 8.125ZM21.6875 8.4375V16.3125L12.75 21.25V13.3125L21.6875 8.4375Z" fill="#CFDDFC"></path>
<path d="M21.7247 6.85182L12.9174 2.13603C12.6422 1.95466 12.367 1.95466 12.0917 2.13603L2.55046 6.85182C2.27522 7.0332 2.09174 7.30526 2 7.66801V15.9206C2 16.2834 2.18349 16.5555 2.45871 16.7368L11.5413 21.906C11.6821 21.9794 11.8414 22.0108 12 21.9967H12.2752C12.367 21.9967 12.4587 21.906 12.4587 21.906L21.5413 16.8275C21.8164 16.6461 22 16.374 22 16.0114V7.84939C22 7.3125 21.9778 7.01857 21.7247 6.85182ZM12.367 11.9304L10.8073 11.0235L12.4587 10.1166L14.0183 10.9328L12.367 11.9304ZM15.8531 9.84457L13.4679 8.57489V4.58462L19.3394 7.7587L15.8531 9.84457ZM11.633 4.31255V8.39352L8.97246 9.93524L4.93577 7.66801L11.633 4.31255ZM3.83485 9.20972L11.1743 13.2907V19.4575L3.83485 15.2858V9.20972ZM13.0092 19.4575V13.6535L20.3485 9.3004V15.3765L13.0092 19.4575Z" fill="#0B4DDA"></path>
</svg>
<!--?--><!--?--> </div><!----> </div><!--?--></template></vt-ui-sandbox-icon-row> <div class="text-truncate"> <span> <!--?lit$336419335$--><font style="vertical-align: inherit;"><font style="vertical-align: inherit;">Zenbox</font></font> </span> <!--?lit$336419335$--> </div> </label> </div> </div> <!--?lit$336419335$--> <!--?lit$336419335$--> <a role="button" class="sandbox-stat hstack flex-nowrap gtm_sandbox_stat_zenbox opacity-25" data-tooltip-position="right" data-tooltip-text="Detections" data-target-id="sandbox-verdicts" data-sandbox-name="Zenbox"> <span class="hstack fs-6"><!--?lit$336419335$--><!--?lit$336419335$--><svg xmlns="http://www.w3.org/2000/svg" width="1em" height="1em" viewBox="0 0 24 24" fill="currentColor">
<path d="M2.128 20.318 12 3.283l9.872 17.035H2.128ZM4.55 18.92h14.898L12 6.081 4.55 18.919Zm7.446-1.212a.75.75 0 0 0 .55-.217.738.738 0 0 0 .22-.548.751.751 0 0 0-.217-.55.738.738 0 0 0-.547-.22.751.751 0 0 0-.55.217.737.737 0 0 0-.22.548.75.75 0 0 0 .764.77Zm-.686-2.515h1.399v-4.94h-1.4v4.94Z"></path>
</svg>
<!--?--></span> <span class="number fs-6 hstack ms-1"><!--?lit$336419335$--><font style="vertical-align: inherit;"><font style="vertical-align: inherit;">0</font></font></span> </a> <!--?lit$336419335$--> <a role="button" class="sandbox-stat hstack flex-nowrap gtm_sandbox_stat_zenbox " data-tooltip-position="right" data-tooltip-text="Mitre tactics" data-target-id="mitre-tree" data-sandbox-name="Zenbox"> <span class="hstack fs-6"><!--?lit$336419335$--><!--?lit$336419335$--><svg xmlns="http://www.w3.org/2000/svg" width="1em" height="1em" fill="currentColor" viewBox="0 0 24 24">
<path fill-rule="evenodd" d="M6.02 5.492A.65.65 0 0 1 6.65 5h2a.65.65 0 0 1 .589.375l2.911 6.238 2.911-6.238A.65.65 0 0 1 15.65 5h2a.65.65 0 0 1 .63.492l3 12a.65.65 0 0 1-.63.808h-3a.65.65 0 0 1-.637-.523l-1.072-5.355-2.188 5.47a.65.65 0 0 1-.603.408h-2.5a.65.65 0 0 1-.617-.445L8.22 12.413l-1.44 5.404a.65.65 0 0 1-.629.483h-2.5a.65.65 0 0 1-.63-.808l3-12Zm1.138.808L4.483 17H5.65l1.871-7.017a.65.65 0 0 1 1.245-.039L11.118 17h1.592l2.836-7.091a.65.65 0 0 1 1.241.114L18.183 17h1.634L17.142 6.3h-1.078l-3.325 7.125a.65.65 0 0 1-1.178 0L8.236 6.3H7.158Z" clip-rule="evenodd"></path>
</svg>
<!--?--></span> <span class="number fs-6 hstack ms-1"><!--?lit$336419335$--><font style="vertical-align: inherit;"><font style="vertical-align: inherit;">7</font></font></span> </a> <!--?lit$336419335$--> <a role="button" class="sandbox-stat hstack flex-nowrap gtm_sandbox_stat_zenbox " data-tooltip-position="right" data-tooltip-text="IDS rules" data-target-id="ids-alerts" data-sandbox-name="Zenbox"> <span class="hstack fs-6"><!--?lit$336419335$--><!--?lit$336419335$--><svg xmlns="http://www.w3.org/2000/svg" width="1em" height="1em" viewBox="0 0 24 24" fill="currentColor">
<path fill-rule="evenodd" d="m5.698 2.363-3.326 4.03.006.005a.997.997 0 0 0-.3.714v9.732a1 1 0 0 0 1 1h.983v1.29h1.5v-1.29H16.24v1.29h1.5v-1.29h1.338a1 1 0 0 0 1-1V7.112c0-.273-.11-.52-.286-.7l-3.431-4.05H5.698Zm11.874 3.749-1.906-2.25h-9.26l-1.858 2.25h13.024ZM8.475 4.216a.75.75 0 0 0 0 1.5h.077a.75.75 0 1 0 0-1.5h-.077Zm.272 4.502h-1.94v.78h-.89v2.077h3.721V9.498h-.891v-.78Zm0 3.663h-1.94v.78h-.89v2.077h3.721V13.16h-.891v-.78Zm4.662 0h1.94v.78h.89v2.077h-3.72V13.16h.89v-.78Zm1.94-3.663h-1.94v.78h-.89v2.077h3.72V9.498h-.89v-.78Zm-5.06-3.752a.75.75 0 0 1 .75-.75h.077a.75.75 0 0 1 0 1.5h-.076a.75.75 0 0 1-.75-.75Zm3.316-.75a.75.75 0 0 0 0 1.5h.076a.75.75 0 1 0 0-1.5h-.076ZM3.578 7.612v8.732h15V7.612h-15Z" clip-rule="evenodd"></path>
</svg>
<!--?--></span> <span class="number fs-6 hstack ms-1"><!--?lit$336419335$--><font style="vertical-align: inherit;"><font style="vertical-align: inherit;">2</font></font></span> </a> <!--?lit$336419335$--> <a role="button" class="sandbox-stat hstack flex-nowrap gtm_sandbox_stat_zenbox opacity-25" data-tooltip-position="right" data-tooltip-text="Sigma rules" data-target-id="sigma-analysis" data-sandbox-name="Zenbox"> <span class="hstack fs-6"><!--?lit$336419335$--><!--?lit$336419335$--><svg xmlns="http://www.w3.org/2000/svg" width="1em" height="1em" viewBox="0 0 24 24" fill="currentColor">
<path fill-rule="evenodd" d="M14.27 18v1.5h2.47c.77 0 1.422-.266 1.957-.798a2.625 2.625 0 0 0 .803-1.933v-2.057c0-.354.125-.651.374-.89.25-.24.554-.36.914-.36h.712v-2.923h-.712c-.36 0-.665-.12-.914-.36a1.186 1.186 0 0 1-.374-.89V7.23c0-.757-.268-1.4-.803-1.933-.535-.532-1.187-.798-1.957-.798h-2.47V6h2.47c.354 0 .653.12.896.36.242.24.364.53.364.87v2.058c0 .595.177 1.129.53 1.6.355.472.816.8 1.383.985v.254a2.749 2.749 0 0 0-1.382.984 2.599 2.599 0 0 0-.531 1.6v2.058c0 .341-.122.632-.364.871-.243.24-.542.36-.896.36h-2.47Zm-8.962.702a2.675 2.675 0 0 0 1.952.798h2.48V18H7.26a1.23 1.23 0 0 1-.89-.36c-.247-.24-.37-.53-.37-.87v-2.06c0-.594-.175-1.128-.526-1.6-.35-.471-.813-.8-1.387-.984v-.254a2.721 2.721 0 0 0 1.387-.984A2.62 2.62 0 0 0 6 9.288V7.23c0-.341.123-.632.37-.871.245-.24.542-.36.89-.36h2.48V4.5H7.26c-.763 0-1.414.266-1.952.798A2.617 2.617 0 0 0 4.5 7.231v2.057c0 .354-.125.651-.374.89-.25.24-.554.36-.914.36H2.5v2.923h.712c.36 0 .665.12.914.36.25.24.374.537.374.89v2.058c0 .757.27 1.4.808 1.933Zm4.807-3.223v
</svg>
<!--?--></span> <span class="number fs-6 hstack ms-1"><!--?lit$336419335$--><font style="vertical-align: inherit;"><font style="vertical-align: inherit;">0</font></font></span> </a> <!--?lit$336419335$--> <a role="button" class="sandbox-stat hstack flex-nowrap gtm_sandbox_stat_zenbox " data-tooltip-position="right" data-tooltip-text="Dropped files" data-target-id="files-dropped" data-sandbox-name="Zenbox"> <span class="hstack fs-6"><!--?lit$336419335$--><!--?lit$336419335$--><svg xmlns="http://www.w3.org/2000/svg" width="1em" height="1em" viewBox="0 0 24 24" fill="currentColor">
<path fill-rule="evenodd" d="m11.433 7.86.017-3.53h1.1l-.018 3.503 7.418 5.713L12 19.67l-7.95-6.123 7.383-5.686Zm-.009 1.78-5.08 3.906L12 17.896l5.662-4.35L12.524 9.6l-.024 4.78 1.717-1.333.783.783-3 2.5-3-2.5.783-.783L11.4 14.38l.023-4.74Z" clip-rule="evenodd"></path>
</svg>
<!--?--></span> <span class="number fs-6 hstack ms-1"><!--?lit$336419335$--><font style="vertical-align: inherit;"><font style="vertical-align: inherit;">3</font></font></span> </a> <!--?lit$336419335$--> <a role="button" class="sandbox-stat hstack flex-nowrap gtm_sandbox_stat_zenbox " data-tooltip-position="left" data-tooltip-text="Network comms" data-target-id="network-comms" data-sandbox-name="Zenbox"> <span class="hstack fs-6"><!--?lit$336419335$--><!--?lit$336419335$--><svg xmlns="http://www.w3.org/2000/svg" width="1em" height="1em" viewBox="0 0 24 24" fill="currentColor">
<path fill-rule="evenodd" d="M17.25 5a1.25 1.25 0 1 1 2.5 0 1.25 1.25 0 0 1-2.5 0Zm1.25-2.75a2.75 2.75 0 0 0-.783 5.387v3.614h-3.07a2.751 2.751 0 0 0-5.294 0h-4.57v4.093a2.751 2.751 0 1 0 1.5.02V12.75h3.07a2.751 2.751 0 0 0 5.293 0h4.571V7.657A2.751 2.751 0 0 0 18.5 2.25Zm-6.5 8.5a1.25 1.25 0 1 0 0 2.5 1.25 1.25 0 0 0 0-2.5Zm-6.5 6a1.25 1.25 0 1 0 0 2.5 1.25 1.25 0 0 0 0-2.5Z" clip-rule="evenodd"></path>
</svg>
<!--?--></span> <span class="number fs-6 hstack ms-1"><!--?lit$336419335$--><font style="vertical-align: inherit;"><font style="vertical-align: inherit;">91</font></font></span> </a> </div> </div> <!----> </div> </div> <!--?lit$336419335$--> <!--?lit$336419335$--> <div class="container mb-4 sticky-top "> <div class="activity-summary mb-2"> <div class="header border-bottom hstack justify-content-between px-3 row"> <div class="col-lg-auto col-md-12 mr-auto"> <h3 class="fs-5 my-3 ps-4 ps-lg-0"><font style="vertical-align: inherit;"><font style="vertical-align: inherit;">Podsumowanie aktywno
ci</font></font></h3> </div> <div class="col-lg-auto col-md-12 hstack"> <!--?lit$336419335$--> <vt-ui-menu class="position-relative"><template shadowrootmode="open"><!----> <details> <summary tabindex="-1"> <slot name="trigger"></slot> </summary> <slot></slot> </details></template> <button class="btn btn-link dropdown-toggle fw-semibold gtm_sandbox_download_artifacts" slot="trigger"><font style="vertical-align: inherit;"><font style="vertical-align: inherit;">Pobierz artefakty</font></font></button> <vt-ui-submenu class="dropdown-menu show " role="menu" data-popper-reference-hidden="" data-popper-escaped="" data-popper-placement="bottom-start" style="position: absolute; inset: 0px auto auto 0px; margin: 0px; transform: translate3d(0px, 3.89864px, 0px);"><template shadowrootmode="open"><!----><slot></slot></template> <!--?lit$336419335$--> <!--?lit$336419335$--> <!--?lit$336419335$--><h6 class="dropdown-header"><!--?lit$336419335$--><font style="vertical-align: inherit;"><font style="vertical-align: inherit;
ci</font></font></h6> <!--?lit$336419335$--><!----><!----><!----> <a class="dropdown-item" target="_blank" href="https://www.virustotal.com/ui/file_behaviours/b424ad4b1f065fba66f242ddb4bfbbecdd491a8dc047705898aa97ef7b834ae1_CAPE%20Sandbox/memdump"><!--?lit$336419335$--><font style="vertical-align: inherit;"><font style="vertical-align: inherit;">Piaskownica CAPE</font></font></a> <!----><!----><!----><!----><!----><!----><!----><!----> <a class="dropdown-item" target="_blank" href="https://www.virustotal.com/ui/file_behaviours/b424ad4b1f065fba66f242ddb4bfbbecdd491a8dc047705898aa97ef7b834ae1_Zenbox/memdump"><!--?lit$336419335$--><font style="vertical-align: inherit;"><font style="vertical-align: inherit;">Zenbox</font></font></a> <!----> <!--?lit$336419335$--> <!--?lit$336419335$--><h6 class="dropdown-header"><!--?lit$336419335$--><font style="vertical-align: inherit;"><font style="vertical-align: inherit;">MITRA</font></font></h6> <!--?lit$336419335$--><a class="dropdown-item text-nowrap" data-submenu-close-
ne raporty</font></font></button> <vt-ui-submenu class="dropdown-menu show w-100 " role="menu" data-popper-reference-hidden="" data-popper-escaped="" data-popper-placement="bottom-start" style="position: absolute; inset: 0px auto auto 0px; margin: 0px; transform: translate3d(0px, 3.89864px, 0px);"><template shadowrootmode="open"><!----><slot></slot></template> <!--?lit$336419335$--> <!--?lit$336419335$--><!----> <a class="dropdown-item" target="_blank" href="https://www.virustotal.com/ui/file_behaviours/b424ad4b1f065fba66f242ddb4bfbbecdd491a8dc047705898aa97ef7b834ae1_CAPE%20Sandbox/html"><!--?lit$336419335$--><font style="vertical-align: inherit;"><font style="vertical-align: inherit;">Piaskownica CAPE</font></font></a> <!----><!----> <a class="dropdown-item" target="_blank" href="https://www.virustotal.com/ui/file_behaviours/b424ad4b1f065fba66f242ddb4bfbbecdd491a8dc047705898aa97ef7b834ae1_VirusTotal%20Cuckoofork/html"><!--?lit$336419335$--><font style="vertical-align: inherit;"><font style="vertical-align:
cej o naszym sandboxingu</font></font></a> <a class="dropdown-item" target="_blank" href="https://docs.virustotal.com/reference/file-behaviour-summary"><font style="vertical-align: inherit;"><font style="vertical-align: inherit;">Dokumentacja API</font></font></a> </vt-ui-submenu> </vt-ui-menu> </div> </div> </div> </div> <div class="container mb-4"> <div class="activity-summary mb-2"> <!--?lit$336419335$--> <div class="container"> <div class="summary-row row"> <div class="summary-box col-xl-2 col-md-6 col-sm-12 pt-2 mt-2 fw-bold"> <!--?lit$336419335$--> <a role="button" data-target-id="sandbox-verdicts"> <div class="hstack gap-2"> <div class="fs-5 hstack"><!--?lit$336419335$--><!--?lit$336419335$--><svg xmlns="http://www.w3.org/2000/svg" width="1em" height="1em" viewBox="0 0 24 24" fill="currentColor">
<path d="M2.128 20.318 12 3.283l9.872 17.035H2.128ZM4.55 18.92h14.898L12 6.081 4.55 18.919Zm7.446-1.212a.75.75 0 0 0 .55-.217.738.738 0 0 0 .22-.548.751.751 0 0 0-.217-.55.738.738 0 0 0-.547-.22.751.751 0 0 0-.55.217.737.737 0 0 0-.22.548.75.75 0 0 0 .764.77Zm-.686-2.515h1.399v-4.94h-1.4v4.94Z"></path>
</svg>
<!--?--></div> <div class="summary-title fs-5"><!--?lit$336419335$--><font style="vertical-align: inherit;"><font style="vertical-align: inherit;">Wykrycia</font></font></div> </div></a> <div><!--?lit$336419335$--> <div> <span class="ellipsis-pill badge rounded-pill bg-light-subtle text-light-emphasis outlined border"><font style="vertical-align: inherit;"><font style="vertical-align: inherit;">NIE ZNALEZIONO</font></font></span> </div></div> </div> <div class="summary-box col-xl-2 col-md-6 col-sm-12 pt-2 mt-2 fw-bold border-start"> <!--?lit$336419335$--> <a role="button" data-target-id="mitre-tree"> <div class="hstack gap-2"> <div class="fs-5 hstack"><!--?lit$336419335$--><!--?lit$336419335$--><svg xmlns="http://www.w3.org/2000/svg" width="1em" height="1em" fill="currentColor" viewBox="0 0 24 24">
<path fill-rule="evenodd" d="M6.02 5.492A.65.65 0 0 1 6.65 5h2a.65.65 0 0 1 .589.375l2.911 6.238 2.911-6.238A.65.65 0 0 1 15.65 5h2a.65.65 0 0 1 .63.492l3 12a.65.65 0 0 1-.63.808h-3a.65.65 0 0 1-.637-.523l-1.072-5.355-2.188 5.47a.65.65 0 0 1-.603.408h-2.5a.65.65 0 0 1-.617-.445L8.22 12.413l-1.44 5.404a.65.65 0 0 1-.629.483h-2.5a.65.65 0 0 1-.63-.808l3-12Zm1.138.808L4.483 17H5.65l1.871-7.017a.65.65 0 0 1 1.245-.039L11.118 17h1.592l2.836-7.091a.65.65 0 0 1 1.241.114L18.183 17h1.634L17.142 6.3h-1.078l-3.325 7.125a.65.65 0 0 1-1.178 0L8.236 6.3H7.158Z" clip-rule="evenodd"></path>
</svg>
<!--?--></div> <div class="summary-title fs-5"><!--?lit$336419335$--><font style="vertical-align: inherit;"><font style="vertical-align: inherit;">Podpisy Mitre</font></font></div> </div></a> <!--?lit$336419335$--> <div> <!--?lit$336419335$--><!----><!----><!----><!----><!----><!----><!----> <span class="ellipsis-pill badge rounded-pill bg-light-subtle text-light-emphasis " title="INFO"> <!--?lit$336419335$--><font style="vertical-align: inherit;"><font style="vertical-align: inherit;">25 </font></font> <!--?lit$336419335$--><font style="vertical-align: inherit;"><font style="vertical-align: inherit;">INFORMACJI</font></font> </span> <!----> </div> </div> <div class="summary-box col-xl-2 col-md-6 col-sm-12 pt-2 mt-2 fw-bold border-start"> <!--?lit$336419335$--> <a role="button" data-target-id="ids-alerts"> <div class="hstack gap-2"> <div class="fs-5 hstack"><!--?lit$336419335$--><!--?lit$336419335$--><svg xmlns="http://www.w3.org/2000/svg" width="1em" height="1em" viewBox="0 0 24 24" fill="currentColor">
<path fill-rule="evenodd" d="m5.698 2.363-3.326 4.03.006.005a.997.997 0 0 0-.3.714v9.732a1 1 0 0 0 1 1h.983v1.29h1.5v-1.29H16.24v1.29h1.5v-1.29h1.338a1 1 0 0 0 1-1V7.112c0-.273-.11-.52-.286-.7l-3.431-4.05H5.698Zm11.874 3.749-1.906-2.25h-9.26l-1.858 2.25h13.024ZM8.475 4.216a.75.75 0 0 0 0 1.5h.077a.75.75 0 1 0 0-1.5h-.077Zm.272 4.502h-1.94v.78h-.89v2.077h3.721V9.498h-.891v-.78Zm0 3.663h-1.94v.78h-.89v2.077h3.721V13.16h-.891v-.78Zm4.662 0h1.94v.78h.89v2.077h-3.72V13.16h.89v-.78Zm1.94-3.663h-1.94v.78h-.89v2.077h3.72V9.498h-.89v-.78Zm-5.06-3.752a.75.75 0 0 1 .75-.75h.077a.75.75 0 0 1 0 1.5h-.076a.75.75 0 0 1-.75-.75Zm3.316-.75a.75.75 0 0 0 0 1.5h.076a.75.75 0 1 0 0-1.5h-.076ZM3.578 7.612v8.732h15V7.612h-15Z" clip-rule="evenodd"></path>
</svg>
<!--?--></div> <div class="summary-title fs-5"><!--?lit$336419335$--><font style="vertical-align: inherit;"><font style="vertical-align: inherit;">Zasady IDS</font></font></div> </div></a> <!--?lit$336419335$--> <div> <!--?lit$336419335$--><!----> <span class="ellipsis-pill badge rounded-pill bg-danger-subtle text-danger-emphasis " title="high"> <!--?lit$336419335$--><font style="vertical-align: inherit;"><font style="vertical-align: inherit;">2 </font></font> <!--?lit$336419335$--><font style="vertical-align: inherit;"><font style="vertical-align: inherit;">wysokie</font></font> </span> <!----><!----><!----><!----><!----><!----><!----> </div> </div> <div class="summary-box col-xl-2 col-md-6 col-sm-12 pt-2 mt-2 fw-bold border-start"> <!--?lit$336419335$--> <a role="button" data-target-id="sigma-analysis"> <div class="hstack gap-2"> <div class="fs-5 hstack"><!--?lit$336419335$--><!--?lit$336419335$--><svg xmlns="http://www.w3.org/2000/svg" width="1em" height="1em" viewBox="0 0 24 24" fill="currentColor">
<path fill-rule="evenodd" d="M14.27 18v1.5h2.47c.77 0 1.422-.266 1.957-.798a2.625 2.625 0 0 0 .803-1.933v-2.057c0-.354.125-.651.374-.89.25-.24.554-.36.914-.36h.712v-2.923h-.712c-.36 0-.665-.12-.914-.36a1.186 1.186 0 0 1-.374-.89V7.23c0-.757-.268-1.4-.803-1.933-.535-.532-1.187-.798-1.957-.798h-2.47V6h2.47c.354 0 .653.12.896.36.242.24.364.53.364.87v2.058c0 .595.177 1.129.53 1.6.355.472.816.8 1.383.985v.254a2.749 2.749 0 0 0-1.382.984 2.599 2.599 0 0 0-.531 1.6v2.058c0 .341-.122.632-.364.871-.243.24-.542.36-.896.36h-2.47Zm-8.962.702a2.675 2.675 0 0 0 1.952.798h2.48V18H7.26a1.23 1.23 0 0 1-.89-.36c-.247-.24-.37-.53-.37-.87v-2.06c0-.594-.175-1.128-.526-1.6-.35-.471-.813-.8-1.387-.984v-.254a2.721 2.721 0 0 0 1.387-.984A2.62 2.62 0 0 0 6 9.288V7.23c0-.341.123-.632.37-.871.245-.24.542-.36.89-.36h2.48V4.5H7.26c-.763 0-1.414.266-1.952.798A2.617 2.617 0 0 0 4.5 7.231v2.057c0 .354-.125.651-.374.89-.25.24-.554.36-.914.36H2.5v2.923h.712c.36 0 .665.12.914.36.25.24.374.537.374.89v2.058c0 .757.27 1.4.808 1.933Zm4.807-3.223v
</svg>
<!--?--></div> <div class="summary-title fs-5"><!--?lit$336419335$--><font style="vertical-align: inherit;"><font style="vertical-align: inherit;">Zasady Sigmy</font></font></div> </div></a> <!--?lit$336419335$--> <div> <span class="ellipsis-pill badge rounded-pill bg-light-subtle text-light-emphasis outlined border"><font style="vertical-align: inherit;"><font style="vertical-align: inherit;">NIE ZNALEZIONO</font></font></span> </div> </div> <div class="summary-box col-xl-2 col-md-6 col-sm-12 pt-2 mt-2 fw-bold border-start"> <!--?lit$336419335$--> <a role="button" data-target-id="files-dropped"> <div class="hstack gap-2"> <div class="fs-5 hstack"><!--?lit$336419335$--><!--?lit$336419335$--><svg xmlns="http://www.w3.org/2000/svg" width="1em" height="1em" viewBox="0 0 24 24" fill="currentColor">
<path fill-rule="evenodd" d="m11.433 7.86.017-3.53h1.1l-.018 3.503 7.418 5.713L12 19.67l-7.95-6.123 7.383-5.686Zm-.009 1.78-5.08 3.906L12 17.896l5.662-4.35L12.524 9.6l-.024 4.78 1.717-1.333.783.783-3 2.5-3-2.5.783-.783L11.4 14.38l.023-4.74Z" clip-rule="evenodd"></path>
</svg>
<!--?--></div> <div class="summary-title fs-5"><!--?lit$336419335$--><font style="vertical-align: inherit;"><font style="vertical-align: inherit;">Upuszczone pliki</font></font></div> </div></a> <!--?lit$336419335$--> <div> <!--?lit$336419335$--><!----> <span class="ellipsis-pill badge rounded-pill bg-light-subtle text-light-emphasis" title="OTHER"> <!--?lit$336419335$--><font style="vertical-align: inherit;"><font style="vertical-align: inherit;">4 </font></font> <!--?lit$336419335$--><font style="vertical-align: inherit;"><font style="vertical-align: inherit;">INNE</font></font> </span> <!----><!----> <span class="ellipsis-pill badge rounded-pill bg-light-subtle text-light-emphasis" title="PE_EXE"> <!--?lit$336419335$--><font style="vertical-align: inherit;"><font style="vertical-align: inherit;">1 </font></font> <!--?lit$336419335$--><font style="vertical-align: inherit;"><font style="vertical-align: inherit;">PE_EXE</font></font> </span> <!----> </div> </div> <div class="summary-box col-xl-2 col-md-6 col
<path fill-rule="evenodd" d="M17.25 5a1.25 1.25 0 1 1 2.5 0 1.25 1.25 0 0 1-2.5 0Zm1.25-2.75a2.75 2.75 0 0 0-.783 5.387v3.614h-3.07a2.751 2.751 0 0 0-5.294 0h-4.57v4.093a2.751 2.751 0 1 0 1.5.02V12.75h3.07a2.751 2.751 0 0 0 5.293 0h4.571V7.657A2.751 2.751 0 0 0 18.5 2.25Zm-6.5 8.5a1.25 1.25 0 1 0 0 2.5 1.25 1.25 0 0 0 0-2.5Zm-6.5 6a1.25 1.25 0 1 0 0 2.5 1.25 1.25 0 0 0 0-2.5Z" clip-rule="evenodd"></path>
</svg>
<!--?--></div> <div class="summary-title fs-5"><!--?lit$336419335$--><font style="vertical-align: inherit;"><font style="vertical-align: inherit;">Komunikacja sieciowa</font></font></div> </div></a> <!--?lit$336419335$--> <div> <!--?lit$336419335$--><!----> <span class="ellipsis-pill badge rounded-pill bg-light-subtle text-light-emphasis" title="HTTP"> <!--?lit$336419335$--><font style="vertical-align: inherit;"><font style="vertical-align: inherit;">19 </font></font> <!--?lit$336419335$--><font style="vertical-align: inherit;"><font style="vertical-align: inherit;">HTTP</font></font> </span> <!----><!----> <span class="ellipsis-pill badge rounded-pill bg-light-subtle text-light-emphasis" title="DNS"> <!--?lit$336419335$--><font style="vertical-align: inherit;"><font style="vertical-align: inherit;">255 </font></font> <!--?lit$336419335$--><font style="vertical-align: inherit;"><font style="vertical-align: inherit;">Serwer DNS</font></font> </span> <!----><!----> <span class="ellipsis-pill badge rounded-pill
</font></font> <!--?lit$336419335$--> </div> <!--?lit$336419335$--> <a id="info" role="button" class="hstack"> <!--?lit$336419335$--><!--?lit$336419335$--><svg xmlns="http://www.w3.org/2000/svg" width="1em" height="1em" viewBox="0 0 24 24" fill="currentColor">
<path d="M11.31 16.649h1.4V11.02h-1.4v5.629Zm.687-7.28a.75.75 0 0 0 .55-.217.738.738 0 0 0 .22-.547.751.751 0 0 0-.217-.55.738.738 0 0 0-.547-.22.75.75 0 0 0-.55.217.738.738 0 0 0-.22.547.75.75 0 0 0 .764.77Zm.005 11.93a9.05 9.05 0 0 1-3.626-.734 9.395 9.395 0 0 1-2.954-1.99 9.407 9.407 0 0 1-1.988-2.951 9.034 9.034 0 0 1-.732-3.622 9.05 9.05 0 0 1 .733-3.626 9.394 9.394 0 0 1 1.99-2.954 9.406 9.406 0 0 1 2.951-1.988 9.034 9.034 0 0 1 3.622-.732 9.05 9.05 0 0 1 3.626.733 9.394 9.394 0 0 1 2.954 1.99 9.406 9.406 0 0 1 1.988 2.951 9.034 9.034 0 0 1 .732 3.622 9.05 9.05 0 0 1-.733 3.626 9.394 9.394 0 0 1-1.99 2.954 9.405 9.405 0 0 1-2.951 1.988 9.033 9.033 0 0 1-3.622.732Zm-.002-1.4c2.198 0 4.064-.767 5.598-2.3 1.534-1.534 2.301-3.4 2.301-5.599 0-2.198-.767-4.064-2.3-5.598C16.064 4.868 14.198 4.1 12 4.1c-2.198 0-4.064.767-5.598 2.3C4.868 7.936 4.1 9.802 4.1 12c0 2.198.767 4.064 2.3 5.598C7.936 19.132 9.802 19.9 12 19.9Z"></path>
</svg>
<!--?--> </a> <vt-ui-tooltip for="info" position="right" animation-delay="0" class="tooltip-info" noink=""><template shadowrootmode="open"><!----> <div class="tooltip bs-tooltip-auto" role="tooltip" data-popper-reference-hidden="" data-popper-escaped="" data-popper-placement="right" style="position: absolute; inset: 0px auto auto 0px; margin: 0px; transform: translate3d(5.84795px, 0px, 0px);"> <div data-popper-arrow="" class="tooltip-arrow" style="position: absolute; top: 0px; transform: translate3d(0px, 0px, 0px);"></div> <div class="tooltip-inner"> <slot></slot> </div> </div> </template><!--?lit$336419335$--><font style="vertical-align: inherit;"><font style="vertical-align: inherit;">Podsumowanie najwa
niejszych wzorc
w zachowa
, na kt
re warto zwr
.</font></font> </vt-ui-tooltip> <!--?lit$336419335$--> <!--?lit$336419335$--> <span class="ms-auto"><!--?lit$336419335$--></span> <!--?lit$336419335$--> <slot name="header-right-side"></slot> <!--?lit$336419335$--> </slot> <!--?lit$336419335$--> <a role="button" class="hstack"><!--?lit$336419335$--><!--?lit$336419335$--><svg xmlns="http://www.w3.org/2000/svg" width="1em" height="1em" viewBox="0 0 24 24" fill="currentColor">
<path d="m7.4 15.038-1.054-1.053L12 8.33l5.654 5.654-1.054 1.053-4.6-4.6-4.6 4.6Z"></path>
</svg>
<!--?--></a> </div> <div class="details "> <!--?lit$336419335$--> <!--?lit$336419335$--> <slot name="content"></slot> </div> </div> </template> <span slot="content"> <vt-ui-chips id="tag-chips" class="small grey filled behavior-chips"><template shadowrootmode="open"><!----> <!--?lit$336419335$--><!----> <a class="chip" id="chip-0"> <!--?lit$336419335$--><font style="vertical-align: inherit;"><font style="vertical-align: inherit;">sprawdzanie danych wej
ciowych u
ytkownika</font></font> <!--?lit$336419335$--> </a> <!----><!----> <a class="chip" id="chip-1"> <!--?lit$336419335$--><font style="vertical-align: inherit;"><font style="vertical-align: inherit;">wykryj-
rodowisko-debugowania</font></font> <!--?lit$336419335$--> </a> <!----><!----> <a class="chip" id="chip-2"> <!--?lit$336419335$--><font style="vertical-align: inherit;"><font style="vertical-align: inherit;">d
ugie sny</font></font> <!--?lit$336419335$--> </a> <!----><!----> <a class="chip" id="chip-3"> <!--?lit$336419335$--><font style="vertical-align: inherit;"><font style="vertical-align: inherit;">trwa
</font></font> <!--?lit$336419335$--> </a> <!----><!----> <a class="chip" id="chip-4"> <!--?lit$336419335$--><font style="vertical-align: inherit;"><font style="vertical-align: inherit;">samoczynne usuni
cie</font></font> <!--?lit$336419335$--> </a> <!----><!----> <a class="chip" id="chip-5"> <!--?lit$336419335$--><font style="vertical-align: inherit;"><font style="vertical-align: inherit;">podejrzany-dns</font></font> <!--?lit$336419335$--> </a> <!----> </template></vt-ui-chips> </span> </vt-ui-expandable> <!--?lit$336419335$--> <!--?lit$336419335$--> <vt-ui-mitre-tree id="mitre-tree"><template shadowrootmode="open"><!----> <vt-ui-expandable collapsable="" style="position:initial" statekey="mitre-tree"><template shadowrootmode="open"><!----> <div id="wrapper"> <!--?lit$336419335$--> <div class="section-header hstack gap-2 position-relative"> <slot name="header" class="hstack gap-2 w-100"> <div class="title hstack gap-2"> <!--?lit$336419335$--> <!--?lit$336419335$-->MITRE ATT&CK Tactics and Techniques <!--?lit$336419335$--> </div> <!--?lit$336419335$--> <a id="info" role="button" class="hstack"> <!--?lit$336419335$--><!--?lit$336419335$--><svg xmlns="http://www.w3.org/2000/svg" width="1em" height="1em
<path d="M11.31 16.649h1.4V11.02h-1.4v5.629Zm.687-7.28a.75.75 0 0 0 .55-.217.738.738 0 0 0 .22-.547.751.751 0 0 0-.217-.55.738.738 0 0 0-.547-.22.75.75 0 0 0-.55.217.738.738 0 0 0-.22.547.75.75 0 0 0 .764.77Zm.005 11.93a9.05 9.05 0 0 1-3.626-.734 9.395 9.395 0 0 1-2.954-1.99 9.407 9.407 0 0 1-1.988-2.951 9.034 9.034 0 0 1-.732-3.622 9.05 9.05 0 0 1 .733-3.626 9.394 9.394 0 0 1 1.99-2.954 9.406 9.406 0 0 1 2.951-1.988 9.034 9.034 0 0 1 3.622-.732 9.05 9.05 0 0 1 3.626.733 9.394 9.394 0 0 1 2.954 1.99 9.406 9.406 0 0 1 1.988 2.951 9.034 9.034 0 0 1 .732 3.622 9.05 9.05 0 0 1-.733 3.626 9.394 9.394 0 0 1-1.99 2.954 9.405 9.405 0 0 1-2.951 1.988 9.033 9.033 0 0 1-3.622.732Zm-.002-1.4c2.198 0 4.064-.767 5.598-2.3 1.534-1.534 2.301-3.4 2.301-5.599 0-2.198-.767-4.064-2.3-5.598C16.064 4.868 14.198 4.1 12 4.1c-2.198 0-4.064.767-5.598 2.3C4.868 7.936 4.1 9.802 4.1 12c0 2.198.767 4.064 2.3 5.598C7.936 19.132 9.802 19.9 12 19.9Z"></path>
</svg>
<!--?--> </a> <vt-ui-tooltip for="info" position="right" animation-delay="0" class="tooltip-info" noink=""><template shadowrootmode="open"><!----> <div class="tooltip bs-tooltip-auto" role="tooltip" data-popper-reference-hidden="" data-popper-escaped="" data-popper-placement="right" style="position: absolute; inset: 0px auto auto 0px; margin: 0px; transform: translate3d(5.84795px, 0px, 0px);"> <div data-popper-arrow="" class="tooltip-arrow" style="position: absolute; top: 0px; transform: translate3d(0px, 0px, 0px);"></div> <div class="tooltip-inner"> <slot></slot> </div> </div> </template><!--?lit$336419335$-->MITRE ATT&CK
is a globally-accessible knowledge base of adversary tactics and techniques based on real-world observations. </vt-ui-tooltip> <!--?lit$336419335$--> <!--?lit$336419335$--> <span class="ms-auto"><!--?lit$336419335$--></span> <!--?lit$336419335$--> <slot name="header-right-side"></slot> <!--?lit$336419335$--> </slot> <!--?lit$336419335$--> <a role="button" class="hstack"><!--?lit$336419335$--><!--?lit$336419335$--><svg xmlns="http://www.w3.org/2000/svg" width="1em" height="1em" viewBox="0 0 24 24" fill="currentColor">
<path d="m7.4 15.038-1.054-1.053L12 8.33l5.654 5.654-1.054 1.053-4.6-4.6-4.6 4.6Z"></path>
</svg>
<!--?--></a> </div> <div class="details "> <!--?lit$336419335$--> <!--?lit$336419335$--> <slot name="content"></slot> </div> </div> </template> <span slot="header" class="hstack gap-2 w-100 justify-content-between"> <div class="fs-6 fw-bold"><!--?lit$336419335$--><font style="vertical-align: inherit;"><font style="vertical-align: inherit;">Taktyka i techniki MITRE ATT&CK</font></font></div> <!--?lit$336419335$--> </span> <span slot="content"> <div class="position-relative pb-3"> <!--?lit$336419335$--><!----> <vt-ui-expandable-detail><template shadowrootmode="open"><!----> <div id="labelWrapper"> <vt-ui-button icon="" class="icon" is-expandable-control=""><template shadowrootmode="open"><!----> <!--?lit$336419335$--> <span id="wrapperLink" class=" wrapperLink--no-empty-start-space gtm_mitre_tree " tabindex="0"> <!--?lit$336419335$--> <!--?lit$336419335$--> <span class="wrapper gtm_mitre_tree"> <!--?lit$336419335$--><!--?lit$336419335$--><svg xmlns="http://www.w3.org/2000/svg" width="1em" height="1em"
<path d="M11.35 12.636H5.703V11.34h5.649V5.69h1.298v5.65h5.649v1.297H12.65v5.65h-1.298v-5.65Z"></path>
</svg>
<!--?--> <span id="slot"><slot></slot></span> <!--?lit$336419335$--> </span> </span> <div class="spinner"> <div class="bounce1"></div> <div class="bounce2"></div> <div class="bounce3"></div> </div> </template></vt-ui-button> <div id="label"> <slot name="label-content"> <!--?lit$336419335$--> </slot> </div> </div> <div id="content" hidden=""> <slot name="content"></slot> </div> </template> <span slot="label-content"> <h5 class="fs-6 fw-bold my-1 d-flex w-100 align-items-center"> <!--?lit$336419335$--> <div class="hstack"> <!--?lit$336419335$--> <a target="_blank" href="https://www.virustotal.com/gui/search/attack_tactic%253ATA0002"> <!--?lit$336419335$--><font style="vertical-align: inherit;"><font style="vertical-align: inherit;">Wykonanie</font></font> </a> <span role="button" class="badge rounded-pill bg-body-tertiary text-body-tertiary ms-2"> <!--?lit$336419335$--><font style="vertical-align: inherit;"><font style="vertical-align: inherit;">TA0002</font></font> <vt-ui-popover><template shadowrootmode="op
<path d="M9.058 17.5c-.505 0-.933-.175-1.283-.525a1.745 1.745 0 0 1-.525-1.283V4.308c0-.505.175-.933.525-1.283.35-.35.778-.525 1.283-.525h8.384c.505 0 .933.175 1.283.525.35.35.525.778.525 1.283v11.384c0 .505-.175.933-.525 1.283-.35.35-.778.525-1.283.525H9.058Zm0-1.5h8.384a.294.294 0 0 0 .212-.096.294.294 0 0 0 .096-.212V4.308a.294.294 0 0 0-.096-.212.294.294 0 0 0-.212-.096H9.058a.294.294 0 0 0-.212.096.294.294 0 0 0-.096.212v11.384c0 .077.032.148.096.212a.294.294 0 0 0 .212.096Zm-3.5 5c-.505 0-.933-.175-1.283-.525a1.745 1.745 0 0 1-.525-1.283V6.308h1.5v12.884c0 .077.032.148.096.212a.294.294 0 0 0 .212.096h9.884V21H5.558Z"></path>
</svg>
<!--?--> </a> </div> </span> <span slot="content"> <p><!--?lit$336419335$-->The adversary is trying to run malicious code.
Execution consists of techniques that result in adversary-controlled code running on a local or remote system. Techniques that run malicious code are often paired with techniques from all other tactics to achieve broader goals, like exploring a network or stealing data. For example, an adversary might use a remote access tool to run a PowerShell script that does Remote System Discovery. </p> <a target="_blank" class="btn btn-primary" href="https://attack.mitre.org/tactics/TA0002/"> View on mitre </a> </span> </vt-ui-popover> </span> </div> </h5> </span> <span slot="content"> <table class="table table-borderless table-sm w-auto fs-6 ms-2 mb-0"> <!--?lit$336419335$--><!----> <tr> <!--?lit$336419335$--> <td class="py-2 px-0"> <span class="p-0"> <!--?lit$336419335$--> <div class="hstack"> <!--?lit$336419335$--><vt-ui-sandbox-icon-row class="me-2"><template shadowrootmode="open"><!----> <!--?lit$336419335$--><div class="hstack icons-row"> <!--?lit$336419335$--><!----><div class="box rounded-circle d-inline-flex al
<path d="M6.18844 18.4529C6.18844 18.4529 4.13057 16.586 3.59932 12.5028C3.06807 8.41949 4.75523 5.8289 6.88217 3.82163C9.00912 1.81437 12.1772 1.27818 14.3732 3.16859C16.5692 5.05899 18.3264 8.44208 15.9913 10.7528C15.9913 10.7528 12.7084 7.08884 7.99138 10.6359C4.75426 13.366 6.18844 18.4529 6.18844 18.4529Z" fill="#FF001D"></path>
<path d="M13.009 22C13.009 22 8.61594 21.2998 7.38317 17.0997C6.1504 12.8995 8.06134 10.9237 10.6203 10.2078C10.6203 10.2078 9.69595 12.4173 11.6526 12.9771C13.6093 13.5369 15.7985 13.1018 17.3553 10.69C17.3553 10.6585 18.049 9.7099 17.7562 6.73828C17.7562 6.73828 18.7116 8.60511 20.5 9.44475C20.5 9.44475 19.3752 10.6271 20.4533 12.93C20.4533 12.93 18.6503 13.4593 18.7574 15.8859C18.7574 15.8859 16.6304 15.8083 16.1527 18.4843C16.1527 18.4843 12.4699 18.6709 13.009 22Z" fill="#222222"></path>
</svg>
<!--?--> </div> </div><!----> </div><!--?--></template></vt-ui-sandbox-icon-row> <a target="_blank" href="https://www.virustotal.com/gui/search/attack_technique%253AT1053"> <!--?lit$336419335$-->Scheduled Task/Job </a> <span role="button" class="badge rounded-pill bg-body-tertiary text-body-tertiary ms-2"> <!--?lit$336419335$-->T1053 <vt-ui-popover><template shadowrootmode="open"><!----> <div class="popover bs-popover-auto shadow" role="tooltip" data-popper-reference-hidden="" data-popper-escaped="" data-popper-placement="right" style="position: absolute; inset: 0px auto auto 0px; margin: 0px; transform: translate3d(6.82261px, 0px, 0px);"> <div data-popper-arrow="" class="popover-arrow position-absolute" style="position: absolute; top: 0px; transform: translate3d(0px, 0px, 0px);"></div> <h3 class="popover-header d-none "> <slot name="header"></slot> </h3> <div class="popover-body" style="max-height:calc(100vh - 50px);overflow-y:auto"> <slot name="content"></slot> </div> </div> </template> <span slot="header"
<path d="M9.058 17.5c-.505 0-.933-.175-1.283-.525a1.745 1.745 0 0 1-.525-1.283V4.308c0-.505.175-.933.525-1.283.35-.35.778-.525 1.283-.525h8.384c.505 0 .933.175 1.283.525.35.35.525.778.525 1.283v11.384c0 .505-.175.933-.525 1.283-.35.35-.778.525-1.283.525H9.058Zm0-1.5h8.384a.294.294 0 0 0 .212-.096.294.294 0 0 0 .096-.212V4.308a.294.294 0 0 0-.096-.212.294.294 0 0 0-.212-.096H9.058a.294.294 0 0 0-.212.096.294.294 0 0 0-.096.212v11.384c0 .077.032.148.096.212a.294.294 0 0 0 .212.096Zm-3.5 5c-.505 0-.933-.175-1.283-.525a1.745 1.745 0 0 1-.525-1.283V6.308h1.5v12.884c0 .077.032.148.096.212a.294.294 0 0 0 .212.096h9.884V21H5.558Z"></path>
</svg>
<!--?--> </a> </div> </span> <span slot="content"> <p><!--?lit$336419335$-->Adversaries may abuse task scheduling functionality to facilitate initial or recurring execution of malicious code. Utilities exist within all major operating systems to schedule programs or scripts to be executed at a specified date and time. A task can also be scheduled on a remote system, provided the proper authentication is met (ex: RPC and file and printer sharing in Windows environments). Scheduling a task on a remote system typically may require being a member of an admin or otherwise privileged group on the remote system.
Adversaries may use task scheduling to execute programs at system startup or on a scheduled basis for persistence. These mechanisms can also be abused to run a process under the context of a specified account (such as one with elevated permissions/privileges). Similar to System Binary Proxy Execution, adversaries have also abused task scheduling to potentially mask one-time execution under a trusted system process.</p> <a target="_blank" class="btn btn-primary" href="https://attack.mitre.org/techniques/T1053/"> View on mitre </a> </span> </vt-ui-popover> </span> </div> <!--?lit$336419335$--> <div class="table-responsive"> <table class="table"> <thead> <tr> <th scope="col" class="fw-bold px-3">Severity</th> <th scope="col" class="fw-bold px-3">Description</th> <th scope="col" class="fw-bold px-3">Match</th> </tr> </thead> <tbody> <!--?lit$336419335$--><!----> <tr> <td><!--?lit$336419335$-->UNKNOWN</td> <td class="col-6"> <!--?lit$336419335$--><a href="https://www.virustotal.com/gui/search/behaviour%253A%2522Ad
<g clip-path="url(#a)">
<path fill="#CBCBCB" fill-rule="evenodd" d="M13.86 3.22c-.399-.048-.603-.665-.676-1.024a.845.845 0 0 0-.024-.09.822.822 0 0 1 .47.579c.034.171.127.381.23.535Zm-3.595-.68c-.018-.018-.033-.033-.05-.046l.016.015c.011.01.022.021.034.03Zm6.928 2.218c-.08-.06-.159-.13-.233-.216V4.54c-.337-.387-.391-.742-.435-1.03-.013-.087-.025-.169-.045-.243.13-.01.212.05.282.213.043.1.06.219.081.352.04.262.088.58.35.926Zm3.48 3.84c.055-.084.11-.17.157-.276a.65.65 0 0 0 .066-.357c.356.13.379.382.25.678-.046.106-.101.191-.156.275-.133.202-.262.4-.246.88.013.359.108.665.261.9-.34-.225-.559-.66-.578-1.221-.015-.48.114-.677.246-.88ZM18.907 6.24c-.06.344.17.68.49.931-.137-.189-.212-.397-.174-.61.113-.634.135-1.065.135-1.065s0-.223-.323-.222c-.013.162-.048.51-.127.964l-.001.002ZM2.542 13.057c-.09-.036-.165-.149-.201-.277h.001c.208.077.553.223.776.553-.187-.131-.383-.204-.507-.25l-.07-.026Zm9.79 7.603c-1.006 0-1.312.68-1.312.68s-.088.286-.386.336c.074.193.142.314.293.324.287.02.469-.317.469-.317s.245-.703 1.253-.703c.432 0 .749.146.9
<path fill="#0094DD" fill-rule="evenodd" d="M9.335 20.297c-1.072-.25-1.744.784-1.744.784l.003.003c-.11.151-.537.03-.52-.336.002-.057.008-.123.016-.195.04-.393.102-.993-.389-1.566-.544-.635-1.264-.379-1.575-.269-.021.008-.04.015-.058.02-.27.092-.694-.203-.537-.588.157-.385.27-1.156-.044-1.472-.314-.316-.738-.7-1.253-.61-.515.089-.581-.43-.402-.703.031-.049.07-.098.112-.15.194-.246.454-.574.38-1.3-.082-.8-.734-1.042-1.021-1.148-.03-.01-.054-.02-.075-.029-.223-.091-.358-.655-.022-.747.336-.091.762-.43.873-1.132.11-.702-.18-1.132-.493-1.472-.314-.34-.112-.566.067-.68.053-.034.123-.043.209-.055.202-.028.495-.07.887-.466.559-.566.402-1.584.245-1.946-.157-.363.022-.634.604-.566.58.067.826-.047 1.184-.363l.024-.02c.344-.304.558-.493.513-1.18-.046-.702.334-.677.648-.543.314.135.895.318 1.498.045.604-.272.76-.771.805-1.11.046-.338.402-.588.694-.27.307.335.616.633 1.077.718.247.045.5.037.75.01.359-.04.49-.143.656-.448.012-.02.023-.041.034-.063.103-.192.229-.427.459-.45.3-.03.419.446.48.689l.01.04c.075.297.36.443.693
<path fill="#000" d="M21.568 11.582c.223-.27.134-.61-.336-.77-.469-.158-.783-.655-.805-1.335-.022-.68.246-.792.402-1.155.157-.362.09-.655-.536-.747-.626-.09-1.499-.702-1.386-1.335.112-.634.118-.974.118-.974s-.61.023-1.013 1.336c-.403 1.313 1.543 1.902 1.454 5.931-.089 4.03-4.226 6.294-5.3 6.542-1.026.238-2.645.66-4.698.024l4.03-4.26a.595.595 0 0 0 .155-.447l-.016-.218a.326.326 0 0 0-.33-.304l-2.717-.067a.117.117 0 0 1-.108-.164l1.606-3.643c.043-.096.071-.075.112.023l2.528 5.994c.111.267.376.437.662.425l1.796-.076a.418.418 0 0 0 .358-.595L12.666 4.968a.586.586 0 0 0-1.07.006L6.803 15.947a.308.308 0 0 0 .282.436l1.877-.024-1.893 4.387a.32.32 0 0 0 .095.372c.13.103.315.087.426-.035l.428-.452c.302-.24.754-.464 1.316-.334 1.074.249.852 1.33 1.275 1.38.306.04.469-.317.469-.317s.245-.702 1.253-.702c.735 0 1.137.423 1.299.65a.483.483 0 0 0 .426.214c.131-.011.261-.082.31-.298.113-.499.336-1.065.917-1.313a1.543 1.543 0 0 1 1.454.158c.268.204.738.137.672-.384-.067-.521.044-1.065.537-1.472.492-.408.827-.43 1.386-.408
</g>
<defs>
<clippath id="a">
<path fill="#fff" d="M2 2h20v20H2z"></path>
</clippath>
</defs>
</svg>
<!--?--> </div> </div><!----> </div><!--?--></template></vt-ui-sandbox-icon-row> <a target="_blank" href="https://www.virustotal.com/gui/search/attack_technique%253AT1129"> <!--?lit$336419335$-->Shared Modules </a> <span role="button" class="badge rounded-pill bg-body-tertiary text-body-tertiary ms-2"> <!--?lit$336419335$-->T1129 <vt-ui-popover><template shadowrootmode="open"><!----> <div class="popover bs-popover-auto shadow" role="tooltip" data-popper-reference-hidden="" data-popper-escaped="" data-popper-placement="right" style="position: absolute; inset: 0px auto auto 0px; margin: 0px; transform: translate3d(6.82261px, 0px, 0px);"> <div data-popper-arrow="" class="popover-arrow position-absolute" style="position: absolute; top: 0px; transform: translate3d(0px, 0px, 0px);"></div> <h3 class="popover-header d-none "> <slot name="header"></slot> </h3> <div class="popover-body" style="max-height:calc(100vh - 50px);overflow-y:auto"> <slot name="content"></slot> </div> </div> </template> <span slot="header"> <d
<path d="M9.058 17.5c-.505 0-.933-.175-1.283-.525a1.745 1.745 0 0 1-.525-1.283V4.308c0-.505.175-.933.525-1.283.35-.35.778-.525 1.283-.525h8.384c.505 0 .933.175 1.283.525.35.35.525.778.525 1.283v11.384c0 .505-.175.933-.525 1.283-.35.35-.778.525-1.283.525H9.058Zm0-1.5h8.384a.294.294 0 0 0 .212-.096.294.294 0 0 0 .096-.212V4.308a.294.294 0 0 0-.096-.212.294.294 0 0 0-.212-.096H9.058a.294.294 0 0 0-.212.096.294.294 0 0 0-.096.212v11.384c0 .077.032.148.096.212a.294.294 0 0 0 .212.096Zm-3.5 5c-.505 0-.933-.175-1.283-.525a1.745 1.745 0 0 1-.525-1.283V6.308h1.5v12.884c0 .077.032.148.096.212a.294.294 0 0 0 .212.096h9.884V21H5.558Z"></path>
</svg>
<!--?--> </a> </div> </span> <span slot="content"> <p><!--?lit$336419335$-->Adversaries may execute malicious payloads via loading shared modules. Shared modules are executable files that are loaded into processes to provide access to reusable code, such as specific custom functions or invoking OS API functions (i.e., Native API).
Adversaries may use this functionality as a way to execute arbitrary payloads on a victim system. For example, adversaries can modularize functionality of their malware into shared objects that perform various functions such as managing C2 network communications or execution of specific actions on objective.
The Linux & macOS module loader can load and execute shared objects from arbitrary local paths. This functionality resides in dlfcn.h in functions such as dlopen and dlsym. Although macOS can execute .so files, common practice uses .dylib files.
The Windows module loader can be instructed to load DLLs from arbitrary local paths and arbitrary Universal Naming Convention (UNC) network paths. This functionality resides in NTDLL.dll and is part of the Windows Native API which is called from functions like LoadLibrary at run time.</p> <a target="_blank" class="btn btn-primary" href="https://attack.mitre.org/techniques/T1129/"> View on mitre </a> </span> </vt-ui-popover> </span> </div> <!--?lit$336419335$--> <div class="table-responsive"> <table class="table"> <thead> <tr> <th scope="col" class="fw-bold px-3">Severity</th> <th scope="col" class="fw-bold px-3">Description</th> <th scope="col" class="fw-bold px-3">Match</th> </tr> </thead> <tbody> <!--?lit$336419335$--><!----> <tr> <td><!--?lit$336419335$-->INFO</td> <td class="col-6"> <!--?lit$336419335$--><a href="https://www.virustotal.com/gui/search/behaviour%253A%2522link%2520many%2520functions%2520at%2520runtime%2522"><!--?lit$336419335$-->link many functions at runtime</a> </td> <td class="col-6" styl
<path d="M11.35 12.636H5.703V11.34h5.649V5.69h1.298v5.65h5.649v1.297H12.65v5.65h-1.298v-5.65Z"></path>
</svg>
<!--?--> <span id="slot"><slot></slot></span> <!--?lit$336419335$--> </span> </span> <div class="spinner"> <div class="bounce1"></div> <div class="bounce2"></div> <div class="bounce3"></div> </div> </template></vt-ui-button> <div id="label"> <slot name="label-content"> <!--?lit$336419335$--> </slot> </div> </div> <div id="content" hidden=""> <slot name="content"></slot> </div> </template> <span slot="label-content"> <h5 class="fs-6 fw-bold my-1 d-flex w-100 align-items-center"> <!--?lit$336419335$--> <div class="hstack"> <!--?lit$336419335$--> <a target="_blank" href="https://www.virustotal.com/gui/search/attack_tactic%253ATA0003"> <!--?lit$336419335$-->Persistence </a> <span role="button" class="badge rounded-pill bg-body-tertiary text-body-tertiary ms-2"> <!--?lit$336419335$-->TA0003 <vt-ui-popover><template shadowrootmode="open"><!----> <div class="popover bs-popover-auto shadow" role="tooltip" data-popper-reference-hidden="" data-popper-escaped="" data-popper-placement="top" style="position: absolute; i
<path d="M9.058 17.5c-.505 0-.933-.175-1.283-.525a1.745 1.745 0 0 1-.525-1.283V4.308c0-.505.175-.933.525-1.283.35-.35.778-.525 1.283-.525h8.384c.505 0 .933.175 1.283.525.35.35.525.778.525 1.283v11.384c0 .505-.175.933-.525 1.283-.35.35-.778.525-1.283.525H9.058Zm0-1.5h8.384a.294.294 0 0 0 .212-.096.294.294 0 0 0 .096-.212V4.308a.294.294 0 0 0-.096-.212.294.294 0 0 0-.212-.096H9.058a.294.294 0 0 0-.212.096.294.294 0 0 0-.096.212v11.384c0 .077.032.148.096.212a.294.294 0 0 0 .212.096Zm-3.5 5c-.505 0-.933-.175-1.283-.525a1.745 1.745 0 0 1-.525-1.283V6.308h1.5v12.884c0 .077.032.148.096.212a.294.294 0 0 0 .212.096h9.884V21H5.558Z"></path>
</svg>
<!--?--> </a> </div> </span> <span slot="content"> <p><!--?lit$336419335$-->The adversary is trying to maintain their foothold.
Persistence consists of techniques that adversaries use to keep access to systems across restarts, changed credentials, and other interruptions that could cut off their access. Techniques used for persistence include any access, action, or configuration changes that let them maintain their foothold on systems, such as replacing or hijacking legitimate code or adding startup code. </p> <a target="_blank" class="btn btn-primary" href="https://attack.mitre.org/tactics/TA0003/"> View on mitre </a> </span> </vt-ui-popover> </span> </div> </h5> </span> <span slot="content"> <table class="table table-borderless table-sm w-auto fs-6 ms-2 mb-0"> <!--?lit$336419335$--><!----> <tr> <!--?lit$336419335$--> <td class="py-2 px-0"> <span class="p-0"> <!--?lit$336419335$--> <div class="hstack"> <!--?lit$336419335$--><vt-ui-sandbox-icon-row class="me-2"><template shadowrootmode="open"><!----> <!--?lit$336419335$--><div class="hstack icons-row"> <!--?lit$336419335$--><!----><div class="box rounded-circle d-inline-flex align-mid
<path d="M6.18844 18.4529C6.18844 18.4529 4.13057 16.586 3.59932 12.5028C3.06807 8.41949 4.75523 5.8289 6.88217 3.82163C9.00912 1.81437 12.1772 1.27818 14.3732 3.16859C16.5692 5.05899 18.3264 8.44208 15.9913 10.7528C15.9913 10.7528 12.7084 7.08884 7.99138 10.6359C4.75426 13.366 6.18844 18.4529 6.18844 18.4529Z" fill="#FF001D"></path>
<path d="M13.009 22C13.009 22 8.61594 21.2998 7.38317 17.0997C6.1504 12.8995 8.06134 10.9237 10.6203 10.2078C10.6203 10.2078 9.69595 12.4173 11.6526 12.9771C13.6093 13.5369 15.7985 13.1018 17.3553 10.69C17.3553 10.6585 18.049 9.7099 17.7562 6.73828C17.7562 6.73828 18.7116 8.60511 20.5 9.44475C20.5 9.44475 19.3752 10.6271 20.4533 12.93C20.4533 12.93 18.6503 13.4593 18.7574 15.8859C18.7574 15.8859 16.6304 15.8083 16.1527 18.4843C16.1527 18.4843 12.4699 18.6709 13.009 22Z" fill="#222222"></path>
</svg>
<!--?--> </div> </div><!----> </div><!--?--></template></vt-ui-sandbox-icon-row> <a target="_blank" href="https://www.virustotal.com/gui/search/attack_technique%253AT1053"> <!--?lit$336419335$-->Scheduled Task/Job </a> <span role="button" class="badge rounded-pill bg-body-tertiary text-body-tertiary ms-2"> <!--?lit$336419335$-->T1053 <vt-ui-popover><template shadowrootmode="open"><!----> <div class="popover bs-popover-auto shadow" role="tooltip" data-popper-reference-hidden="" data-popper-escaped="" data-popper-placement="right" style="position: absolute; inset: 0px auto auto 0px; margin: 0px; transform: translate3d(6.82261px, 0px, 0px);"> <div data-popper-arrow="" class="popover-arrow position-absolute" style="position: absolute; top: 0px; transform: translate3d(0px, 0px, 0px);"></div> <h3 class="popover-header d-none "> <slot name="header"></slot> </h3> <div class="popover-body" style="max-height:calc(100vh - 50px);overflow-y:auto"> <slot name="content"></slot> </div> </div> </template> <span slot="header"
<path d="M9.058 17.5c-.505 0-.933-.175-1.283-.525a1.745 1.745 0 0 1-.525-1.283V4.308c0-.505.175-.933.525-1.283.35-.35.778-.525 1.283-.525h8.384c.505 0 .933.175 1.283.525.35.35.525.778.525 1.283v11.384c0 .505-.175.933-.525 1.283-.35.35-.778.525-1.283.525H9.058Zm0-1.5h8.384a.294.294 0 0 0 .212-.096.294.294 0 0 0 .096-.212V4.308a.294.294 0 0 0-.096-.212.294.294 0 0 0-.212-.096H9.058a.294.294 0 0 0-.212.096.294.294 0 0 0-.096.212v11.384c0 .077.032.148.096.212a.294.294 0 0 0 .212.096Zm-3.5 5c-.505 0-.933-.175-1.283-.525a1.745 1.745 0 0 1-.525-1.283V6.308h1.5v12.884c0 .077.032.148.096.212a.294.294 0 0 0 .212.096h9.884V21H5.558Z"></path>
</svg>
<!--?--> </a> </div> </span> <span slot="content"> <p><!--?lit$336419335$-->Adversaries may abuse task scheduling functionality to facilitate initial or recurring execution of malicious code. Utilities exist within all major operating systems to schedule programs or scripts to be executed at a specified date and time. A task can also be scheduled on a remote system, provided the proper authentication is met (ex: RPC and file and printer sharing in Windows environments). Scheduling a task on a remote system typically may require being a member of an admin or otherwise privileged group on the remote system.
Adversaries may use task scheduling to execute programs at system startup or on a scheduled basis for persistence. These mechanisms can also be abused to run a process under the context of a specified account (such as one with elevated permissions/privileges). Similar to System Binary Proxy Execution, adversaries have also abused task scheduling to potentially mask one-time execution under a trusted system process.</p> <a target="_blank" class="btn btn-primary" href="https://attack.mitre.org/techniques/T1053/"> View on mitre </a> </span> </vt-ui-popover> </span> </div> <!--?lit$336419335$--> <div class="table-responsive"> <table class="table"> <thead> <tr> <th scope="col" class="fw-bold px-3">Severity</th> <th scope="col" class="fw-bold px-3">Description</th> <th scope="col" class="fw-bold px-3">Match</th> </tr> </thead> <tbody> <!--?lit$336419335$--><!----> <tr> <td><!--?lit$336419335$-->UNKNOWN</td> <td class="col-6"> <!--?lit$336419335$--><a href="https://www.virustotal.com/gui/search/behaviour%253A%2522Ad
<path d="M6.18844 18.4529C6.18844 18.4529 4.13057 16.586 3.59932 12.5028C3.06807 8.41949 4.75523 5.8289 6.88217 3.82163C9.00912 1.81437 12.1772 1.27818 14.3732 3.16859C16.5692 5.05899 18.3264 8.44208 15.9913 10.7528C15.9913 10.7528 12.7084 7.08884 7.99138 10.6359C4.75426 13.366 6.18844 18.4529 6.18844 18.4529Z" fill="#FF001D"></path>
<path d="M13.009 22C13.009 22 8.61594 21.2998 7.38317 17.0997C6.1504 12.8995 8.06134 10.9237 10.6203 10.2078C10.6203 10.2078 9.69595 12.4173 11.6526 12.9771C13.6093 13.5369 15.7985 13.1018 17.3553 10.69C17.3553 10.6585 18.049 9.7099 17.7562 6.73828C17.7562 6.73828 18.7116 8.60511 20.5 9.44475C20.5 9.44475 19.3752 10.6271 20.4533 12.93C20.4533 12.93 18.6503 13.4593 18.7574 15.8859C18.7574 15.8859 16.6304 15.8083 16.1527 18.4843C16.1527 18.4843 12.4699 18.6709 13.009 22Z" fill="#222222"></path>
</svg>
<!--?--> </div> </div><!----> </div><!--?--></template></vt-ui-sandbox-icon-row> <a target="_blank" href="https://www.virustotal.com/gui/search/attack_technique%253AT1112"> <!--?lit$336419335$-->Modify Registry </a> <span role="button" class="badge rounded-pill bg-body-tertiary text-body-tertiary ms-2"> <!--?lit$336419335$-->T1112 <vt-ui-popover><template shadowrootmode="open"><!----> <div class="popover bs-popover-auto shadow" role="tooltip" data-popper-reference-hidden="" data-popper-escaped="" data-popper-placement="right" style="position: absolute; inset: 0px auto auto 0px; margin: 0px; transform: translate3d(6.82261px, 0px, 0px);"> <div data-popper-arrow="" class="popover-arrow position-absolute" style="position: absolute; top: 0px; transform: translate3d(0px, 0px, 0px);"></div> <h3 class="popover-header d-none "> <slot name="header"></slot> </h3> <div class="popover-body" style="max-height:calc(100vh - 50px);overflow-y:auto"> <slot name="content"></slot> </div> </div> </template> <span slot="header"> <
<path d="M9.058 17.5c-.505 0-.933-.175-1.283-.525a1.745 1.745 0 0 1-.525-1.283V4.308c0-.505.175-.933.525-1.283.35-.35.778-.525 1.283-.525h8.384c.505 0 .933.175 1.283.525.35.35.525.778.525 1.283v11.384c0 .505-.175.933-.525 1.283-.35.35-.778.525-1.283.525H9.058Zm0-1.5h8.384a.294.294 0 0 0 .212-.096.294.294 0 0 0 .096-.212V4.308a.294.294 0 0 0-.096-.212.294.294 0 0 0-.212-.096H9.058a.294.294 0 0 0-.212.096.294.294 0 0 0-.096.212v11.384c0 .077.032.148.096.212a.294.294 0 0 0 .212.096Zm-3.5 5c-.505 0-.933-.175-1.283-.525a1.745 1.745 0 0 1-.525-1.283V6.308h1.5v12.884c0 .077.032.148.096.212a.294.294 0 0 0 .212.096h9.884V21H5.558Z"></path>
</svg>
<!--?--> </a> </div> </span> <span slot="content"> <p><!--?lit$336419335$-->Adversaries may interact with the Windows Registry as part of a variety of other techniques to aid in defense evasion, persistence, and execution.
Access to specific areas of the Registry depends on account permissions, with some keys requiring administrator-level access. The built-in Windows command-line utility Reg may be used for local or remote Registry modification. Other tools, such as remote access tools, may also contain functionality to interact with the Registry through the Windows API.
The Registry may be modified in order to hide configuration information or malicious payloads via Obfuscated Files or Information. The Registry may also be modified to Impair Defenses, such as by enabling macros for all Microsoft Office products, allowing privilege escalation without alerting the user, increasing the maximum number of allowed outbound requests, and/or modifying systems to store plaintext credentials in memory.
The Registry of a remote system may be modified to aid in execution of files as part of lateral movement. It requires the remote Registry service to be running on the target system. Often Valid Accounts are required, along with access to the remote system's SMB/Windows Admin Shares for RPC communication.
Finally, Registry modifications may also include actions to hide keys, such as prepending key names with a null character, which will cause an error and/or be ignored when read via Reg or other utilities using the Win32 API. Adversaries may abuse these pseudo-hidden keys to conceal payloads/commands used to maintain persistence.</p> <a target="_blank" class="btn btn-primary" href="https://attack.mitre.org/techniques/T1112/"> View on mitre </a> </span> </vt-ui-popover> </span> </div> <!--?lit$336419335$--> <div class="table-responsive"> <table class="table"> <thead> <tr> <th scope="col" class="fw-bold px-3">Severity</th> <th scope="col" class="fw-bold px-3">Description</th> <th scope="col" class="fw-bold px-3">Match</th> </tr> </thead> <tbody> <!--?lit$336419335$--><!----> <tr> <td><!--?lit$336419335$-->UNKNOWN</td> <td class="col-6"> <!--?lit$336419335$--><a href="https://www.virustotal.com/gui/search/behaviour%253A%2522Adversaries%2520may%2520interact%2520with%2520the%2520Windows%2520Registry%2520to%2520hide
<path d="M6.18844 18.4529C6.18844 18.4529 4.13057 16.586 3.59932 12.5028C3.06807 8.41949 4.75523 5.8289 6.88217 3.82163C9.00912 1.81437 12.1772 1.27818 14.3732 3.16859C16.5692 5.05899 18.3264 8.44208 15.9913 10.7528C15.9913 10.7528 12.7084 7.08884 7.99138 10.6359C4.75426 13.366 6.18844 18.4529 6.18844 18.4529Z" fill="#FF001D"></path>
<path d="M13.009 22C13.009 22 8.61594 21.2998 7.38317 17.0997C6.1504 12.8995 8.06134 10.9237 10.6203 10.2078C10.6203 10.2078 9.69595 12.4173 11.6526 12.9771C13.6093 13.5369 15.7985 13.1018 17.3553 10.69C17.3553 10.6585 18.049 9.7099 17.7562 6.73828C17.7562 6.73828 18.7116 8.60511 20.5 9.44475C20.5 9.44475 19.3752 10.6271 20.4533 12.93C20.4533 12.93 18.6503 13.4593 18.7574 15.8859C18.7574 15.8859 16.6304 15.8083 16.1527 18.4843C16.1527 18.4843 12.4699 18.6709 13.009 22Z" fill="#222222"></path>
</svg>
<!--?--> </div> </div><!----> </div><!--?--></template></vt-ui-sandbox-icon-row> <a target="_blank" href="https://www.virustotal.com/gui/search/attack_technique%253AT1542"> <!--?lit$336419335$-->Pre-OS Boot </a> <span role="button" class="badge rounded-pill bg-body-tertiary text-body-tertiary ms-2"> <!--?lit$336419335$-->T1542 <vt-ui-popover><template shadowrootmode="open"><!----> <div class="popover bs-popover-auto shadow" role="tooltip" data-popper-reference-hidden="" data-popper-escaped="" data-popper-placement="right" style="position: absolute; inset: 0px auto auto 0px; margin: 0px; transform: translate3d(6.82261px, 0px, 0px);"> <div data-popper-arrow="" class="popover-arrow position-absolute" style="position: absolute; top: 0px; transform: translate3d(0px, 0px, 0px);"></div> <h3 class="popover-header d-none "> <slot name="header"></slot> </h3> <div class="popover-body" style="max-height:calc(100vh - 50px);overflow-y:auto"> <slot name="content"></slot> </div> </div> </template> <span slot="header"> <div
<path d="M9.058 17.5c-.505 0-.933-.175-1.283-.525a1.745 1.745 0 0 1-.525-1.283V4.308c0-.505.175-.933.525-1.283.35-.35.778-.525 1.283-.525h8.384c.505 0 .933.175 1.283.525.35.35.525.778.525 1.283v11.384c0 .505-.175.933-.525 1.283-.35.35-.778.525-1.283.525H9.058Zm0-1.5h8.384a.294.294 0 0 0 .212-.096.294.294 0 0 0 .096-.212V4.308a.294.294 0 0 0-.096-.212.294.294 0 0 0-.212-.096H9.058a.294.294 0 0 0-.212.096.294.294 0 0 0-.096.212v11.384c0 .077.032.148.096.212a.294.294 0 0 0 .212.096Zm-3.5 5c-.505 0-.933-.175-1.283-.525a1.745 1.745 0 0 1-.525-1.283V6.308h1.5v12.884c0 .077.032.148.096.212a.294.294 0 0 0 .212.096h9.884V21H5.558Z"></path>
</svg>
<!--?--> </a> </div> </span> <span slot="content"> <p><!--?lit$336419335$-->Adversaries may abuse Pre-OS Boot mechanisms as a way to establish persistence on a system. During the booting process of a computer, firmware and various startup services are loaded before the operating system. These programs control flow of execution before the operating system takes control.
Adversaries may overwrite data in boot drivers or firmware such as BIOS (Basic Input/Output System) and The Unified Extensible Firmware Interface (UEFI) to persist on systems at a layer below the operating system. This can be particularly difficult to detect as malware at this level will not be detected by host software-based defenses.</p> <a target="_blank" class="btn btn-primary" href="https://attack.mitre.org/techniques/T1542/"> View on mitre </a> </span> </vt-ui-popover> </span> </div> <!--?lit$336419335$--> <div class="table-responsive"> <table class="table"> <thead> <tr> <th scope="col" class="fw-bold px-3">Severity</th> <th scope="col" class="fw-bold px-3">Description</th> <th scope="col" class="fw-bold px-3">Match</th> </tr> </thead> <tbody> <!--?lit$336419335$--><!----> <tr> <td><!--?lit$336419335$-->UNKNOWN</td> <td class="col-6"> <!--?lit$336419335$--><a href="https://www.virustotal.com/gui/search/behaviour%253A%2522Adversaries%2520may%2520abuse%2520Pre-OS%2520Boot%2520mechanisms%2520as%2520a%2520w
<path d="M6.18844 18.4529C6.18844 18.4529 4.13057 16.586 3.59932 12.5028C3.06807 8.41949 4.75523 5.8289 6.88217 3.82163C9.00912 1.81437 12.1772 1.27818 14.3732 3.16859C16.5692 5.05899 18.3264 8.44208 15.9913 10.7528C15.9913 10.7528 12.7084 7.08884 7.99138 10.6359C4.75426 13.366 6.18844 18.4529 6.18844 18.4529Z" fill="#FF001D"></path>
<path d="M13.009 22C13.009 22 8.61594 21.2998 7.38317 17.0997C6.1504 12.8995 8.06134 10.9237 10.6203 10.2078C10.6203 10.2078 9.69595 12.4173 11.6526 12.9771C13.6093 13.5369 15.7985 13.1018 17.3553 10.69C17.3553 10.6585 18.049 9.7099 17.7562 6.73828C17.7562 6.73828 18.7116 8.60511 20.5 9.44475C20.5 9.44475 19.3752 10.6271 20.4533 12.93C20.4533 12.93 18.6503 13.4593 18.7574 15.8859C18.7574 15.8859 16.6304 15.8083 16.1527 18.4843C16.1527 18.4843 12.4699 18.6709 13.009 22Z" fill="#222222"></path>
</svg>
<!--?--> </div> </div><!----> </div><!--?--></template></vt-ui-sandbox-icon-row> <a target="_blank" href="https://www.virustotal.com/gui/search/attack_technique%253AT1542.003"> <!--?lit$336419335$-->Bootkit </a> <span role="button" class="badge rounded-pill bg-body-tertiary text-body-tertiary ms-2"> <!--?lit$336419335$-->T1542.003 <vt-ui-popover><template shadowrootmode="open"><!----> <div class="popover bs-popover-auto shadow" role="tooltip" data-popper-reference-hidden="" data-popper-escaped="" data-popper-placement="right" style="position: absolute; inset: 0px auto auto 0px; margin: 0px; transform: translate3d(6.82261px, 0px, 0px);"> <div data-popper-arrow="" class="popover-arrow position-absolute" style="position: absolute; top: 0px; transform: translate3d(0px, 0px, 0px);"></div> <h3 class="popover-header d-none "> <slot name="header"></slot> </h3> <div class="popover-body" style="max-height:calc(100vh - 50px);overflow-y:auto"> <slot name="content"></slot> </div> </div> </template> <span slot="header"> <
<path d="M9.058 17.5c-.505 0-.933-.175-1.283-.525a1.745 1.745 0 0 1-.525-1.283V4.308c0-.505.175-.933.525-1.283.35-.35.778-.525 1.283-.525h8.384c.505 0 .933.175 1.283.525.35.35.525.778.525 1.283v11.384c0 .505-.175.933-.525 1.283-.35.35-.778.525-1.283.525H9.058Zm0-1.5h8.384a.294.294 0 0 0 .212-.096.294.294 0 0 0 .096-.212V4.308a.294.294 0 0 0-.096-.212.294.294 0 0 0-.212-.096H9.058a.294.294 0 0 0-.212.096.294.294 0 0 0-.096.212v11.384c0 .077.032.148.096.212a.294.294 0 0 0 .212.096Zm-3.5 5c-.505 0-.933-.175-1.283-.525a1.745 1.745 0 0 1-.525-1.283V6.308h1.5v12.884c0 .077.032.148.096.212a.294.294 0 0 0 .212.096h9.884V21H5.558Z"></path>
</svg>
<!--?--> </a> </div> </span> <span slot="content"> <p><!--?lit$336419335$-->Adversaries may use bootkits to persist on systems. A bootkit is a malware variant that modifies the boot sectors of a hard drive, allowing malicious code to execute before a computer's operating system has loaded. Bootkits reside at a layer below the operating system and may make it difficult to perform full remediation unless an organization suspects one was used and can act accordingly.
In BIOS systems, a bootkit may modify the Master Boot Record (MBR) and/or Volume Boot Record (VBR). The MBR is the section of disk that is first loaded after completing hardware initialization by the BIOS. It is the location of the boot loader. An adversary who has raw access to the boot drive may overwrite this area, diverting execution during startup from the normal boot loader to adversary code.
The MBR passes control of the boot process to the VBR. Similar to the case of MBR, an adversary who has raw access to the boot drive may overwrite the VBR to divert execution during startup to adversary code.
In UEFI (Unified Extensible Firmware Interface) systems, a bootkit may instead create or modify files in the EFI system partition (ESP). The ESP is a partition on data storage used by devices containing UEFI that allows the system to boot the OS and other utilities used by the system. An adversary can use the newly created or patched files in the ESP to run malicious kernel code.</p> <a target="_blank" class="btn btn-primary" href="https://attack.mitre.org/techniques/T1542/003/"> View on mitre </a> </span> </vt-ui-popover> </span> </div> <!--?lit$336419335$--> <div class="table-responsive"> <table class="table"> <thead> <tr> <th scope="col" class="fw-bold px-3">Severity</th> <th scope="col" class="fw-bold px-3">Description</th> <th scope="col" class="fw-bold px-3">Match</th> </tr> </thead> <tbody> <!--?lit$336419335$--><!----> <tr> <td><!--?lit$336419335$-->UNKNOWN</td> <td class="col-6"> <!--?lit$336419335$--><a href="https://www.virustotal.com/gui/search/behaviour%253A%2522Adversaries%2520may%2520use%2520bo
<path d="M6.18844 18.4529C6.18844 18.4529 4.13057 16.586 3.59932 12.5028C3.06807 8.41949 4.75523 5.8289 6.88217 3.82163C9.00912 1.81437 12.1772 1.27818 14.3732 3.16859C16.5692 5.05899 18.3264 8.44208 15.9913 10.7528C15.9913 10.7528 12.7084 7.08884 7.99138 10.6359C4.75426 13.366 6.18844 18.4529 6.18844 18.4529Z" fill="#FF001D"></path>
<path d="M13.009 22C13.009 22 8.61594 21.2998 7.38317 17.0997C6.1504 12.8995 8.06134 10.9237 10.6203 10.2078C10.6203 10.2078 9.69595 12.4173 11.6526 12.9771C13.6093 13.5369 15.7985 13.1018 17.3553 10.69C17.3553 10.6585 18.049 9.7099 17.7562 6.73828C17.7562 6.73828 18.7116 8.60511 20.5 9.44475C20.5 9.44475 19.3752 10.6271 20.4533 12.93C20.4533 12.93 18.6503 13.4593 18.7574 15.8859C18.7574 15.8859 16.6304 15.8083 16.1527 18.4843C16.1527 18.4843 12.4699 18.6709 13.009 22Z" fill="#222222"></path>
</svg>
<!--?--> </div> </div><!----> </div><!--?--></template></vt-ui-sandbox-icon-row> <a target="_blank" href="https://www.virustotal.com/gui/search/attack_technique%253AT1547"> <!--?lit$336419335$-->Boot or Logon Autostart Execution </a> <span role="button" class="badge rounded-pill bg-body-tertiary text-body-tertiary ms-2"> <!--?lit$336419335$-->T1547 <vt-ui-popover><template shadowrootmode="open"><!----> <div class="popover bs-popover-auto shadow" role="tooltip" data-popper-reference-hidden="" data-popper-escaped="" data-popper-placement="right" style="position: absolute; inset: 0px auto auto 0px; margin: 0px; transform: translate3d(6.82261px, 0px, 0px);"> <div data-popper-arrow="" class="popover-arrow position-absolute" style="position: absolute; top: 0px; transform: translate3d(0px, 0px, 0px);"></div> <h3 class="popover-header d-none "> <slot name="header"></slot> </h3> <div class="popover-body" style="max-height:calc(100vh - 50px);overflow-y:auto"> <slot name="content"></slot> </div> </div> </template> <spa
<path d="M9.058 17.5c-.505 0-.933-.175-1.283-.525a1.745 1.745 0 0 1-.525-1.283V4.308c0-.505.175-.933.525-1.283.35-.35.778-.525 1.283-.525h8.384c.505 0 .933.175 1.283.525.35.35.525.778.525 1.283v11.384c0 .505-.175.933-.525 1.283-.35.35-.778.525-1.283.525H9.058Zm0-1.5h8.384a.294.294 0 0 0 .212-.096.294.294 0 0 0 .096-.212V4.308a.294.294 0 0 0-.096-.212.294.294 0 0 0-.212-.096H9.058a.294.294 0 0 0-.212.096.294.294 0 0 0-.096.212v11.384c0 .077.032.148.096.212a.294.294 0 0 0 .212.096Zm-3.5 5c-.505 0-.933-.175-1.283-.525a1.745 1.745 0 0 1-.525-1.283V6.308h1.5v12.884c0 .077.032.148.096.212a.294.294 0 0 0 .212.096h9.884V21H5.558Z"></path>
</svg>
<!--?--> </a> </div> </span> <span slot="content"> <p><!--?lit$336419335$-->Adversaries may configure system settings to automatically execute a program during system boot or logon to maintain persistence or gain higher-level privileges on compromised systems. Operating systems may have mechanisms for automatically running a program on system boot or account logon. These mechanisms may include automatically executing programs that are placed in specially designated directories or are referenced by repositories that store configuration information, such as the Windows Registry. An adversary may achieve the same goal by modifying or extending features of the kernel.
Since some boot or logon autostart programs run with higher privileges, an adversary may leverage these to elevate privileges.</p> <a target="_blank" class="btn btn-primary" href="https://attack.mitre.org/techniques/T1547/"> View on mitre </a> </span> </vt-ui-popover> </span> </div> <!--?lit$336419335$--> <div class="table-responsive"> <table class="table"> <thead> <tr> <th scope="col" class="fw-bold px-3">Severity</th> <th scope="col" class="fw-bold px-3">Description</th> <th scope="col" class="fw-bold px-3">Match</th> </tr> </thead> <tbody> <!--?lit$336419335$--><!----> <tr> <td><!--?lit$336419335$-->UNKNOWN</td> <td class="col-6"> <!--?lit$336419335$--><a href="https://www.virustotal.com/gui/search/behaviour%253A%2522Adversaries%2520may%2520configure%2520system%2520settings%2520to%2520automatically%2520execute%2520a%2520program%2520during%2520system%2520boot%2520or%2520logon%2520to%2520maintain%2520persistence%2520or%2520gain%2520higher-level%2520privileges%2520on%2520compromised%2520systems.%2522"><!--?li
<path d="M6.18844 18.4529C6.18844 18.4529 4.13057 16.586 3.59932 12.5028C3.06807 8.41949 4.75523 5.8289 6.88217 3.82163C9.00912 1.81437 12.1772 1.27818 14.3732 3.16859C16.5692 5.05899 18.3264 8.44208 15.9913 10.7528C15.9913 10.7528 12.7084 7.08884 7.99138 10.6359C4.75426 13.366 6.18844 18.4529 6.18844 18.4529Z" fill="#FF001D"></path>
<path d="M13.009 22C13.009 22 8.61594 21.2998 7.38317 17.0997C6.1504 12.8995 8.06134 10.9237 10.6203 10.2078C10.6203 10.2078 9.69595 12.4173 11.6526 12.9771C13.6093 13.5369 15.7985 13.1018 17.3553 10.69C17.3553 10.6585 18.049 9.7099 17.7562 6.73828C17.7562 6.73828 18.7116 8.60511 20.5 9.44475C20.5 9.44475 19.3752 10.6271 20.4533 12.93C20.4533 12.93 18.6503 13.4593 18.7574 15.8859C18.7574 15.8859 16.6304 15.8083 16.1527 18.4843C16.1527 18.4843 12.4699 18.6709 13.009 22Z" fill="#222222"></path>
</svg>
<!--?--> </div> </div><!----> </div><!--?--></template></vt-ui-sandbox-icon-row> <a target="_blank" href="https://www.virustotal.com/gui/search/attack_technique%253AT1547.001"> <!--?lit$336419335$-->Registry Run Keys / Startup Folder </a> <span role="button" class="badge rounded-pill bg-body-tertiary text-body-tertiary ms-2"> <!--?lit$336419335$-->T1547.001 <vt-ui-popover><template shadowrootmode="open"><!----> <div class="popover bs-popover-auto shadow" role="tooltip" data-popper-reference-hidden="" data-popper-escaped="" data-popper-placement="right" style="position: absolute; inset: 0px auto auto 0px; margin: 0px; transform: translate3d(6.82261px, 0px, 0px);"> <div data-popper-arrow="" class="popover-arrow position-absolute" style="position: absolute; top: 0px; transform: translate3d(0px, 0px, 0px);"></div> <h3 class="popover-header d-none "> <slot name="header"></slot> </h3> <div class="popover-body" style="max-height:calc(100vh - 50px);overflow-y:auto"> <slot name="content"></slot> </div> </div> </templ
<path d="M9.058 17.5c-.505 0-.933-.175-1.283-.525a1.745 1.745 0 0 1-.525-1.283V4.308c0-.505.175-.933.525-1.283.35-.35.778-.525 1.283-.525h8.384c.505 0 .933.175 1.283.525.35.35.525.778.525 1.283v11.384c0 .505-.175.933-.525 1.283-.35.35-.778.525-1.283.525H9.058Zm0-1.5h8.384a.294.294 0 0 0 .212-.096.294.294 0 0 0 .096-.212V4.308a.294.294 0 0 0-.096-.212.294.294 0 0 0-.212-.096H9.058a.294.294 0 0 0-.212.096.294.294 0 0 0-.096.212v11.384c0 .077.032.148.096.212a.294.294 0 0 0 .212.096Zm-3.5 5c-.505 0-.933-.175-1.283-.525a1.745 1.745 0 0 1-.525-1.283V6.308h1.5v12.884c0 .077.032.148.096.212a.294.294 0 0 0 .212.096h9.884V21H5.558Z"></path>
</svg>
<!--?--> </a> </div> </span> <span slot="content"> <p><!--?lit$336419335$-->Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in. These programs will be executed under the context of the user and will have the account's associated permissions level.
The following run keys are created by default on Windows systems:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce
Run keys may exist under multiple hives. The HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnceEx is also available but is not created by default on Windows Vista and newer. Registry run key entries can reference programs directly or list them as a dependency. For example, it is possible to load a DLL at logon using a "Depend" key with RunOnceEx: reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx\0001\Depend /v 1 /d "C:\temp\evil[.]dll"
Placing a program within a startup folder will also cause that program to execute when a user logs in. There is a startup folder location for individual user accounts as well as a system-wide startup folder that will be checked regardless of which user account logs in. The startup folder path for the current user is C:\Users\[Username]\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup. The startup folder path for all users is C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp.
The following Registry keys can be used to set startup folder items for persistence:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
The following Registry keys can control automatic startup of services during boot:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunServices
Using policy settings to specify startup programs creates corresponding values in either of two Registry keys:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
Programs listed in the load value of the registry key HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows run automatically for the currently logged-on user.
By default, the multistring BootExecute value of the registry key HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager is set to autocheck autochk *. This value causes Windows, at startup, to check the file-system integrity of the hard disks if the system has been shut down abnormally. Adversaries can add other programs or processes to this registry value which will automatically launch at boot.
Adversaries can use these configuration locations to execute malware, such as remote access tools, to maintain persistence through system reboots. Adversaries may also use Masquerading to make the Registry entries look as if they are associated with legitimate programs.</p> <a target="_blank" class="btn btn-primary" href="https://attack.mitre.org/techniques/T1547/001/"> View on mitre </a> </span> </vt-ui-popover> </span> </div> <!--?lit$336419335$--> <div class="table-responsive"> <table class="table"> <thead> <tr> <th scope="col" class="fw-bold px-3">Severity</th> <th scope="col" class="fw-bold px-3">Description</th> <th scope="col" class="fw-bold px-3">Match</th> </tr> </thead> <tbody> <!--?lit$336419335$--><!----> <tr> <td><!--?lit$336419335$-->UNKNOWN</td> <td class="col-6"> <!--?lit$336419335$--><a href="https://www.virustotal.com/gui/search/behaviour%253A%2522Adversaries%2520may%2520achieve%2520persistence%2520by%2520adding%2520a%2520program%2520to%2520a%2520startup%2520folder%2520or%2520referencing%252
<path fill-rule="evenodd" clip-rule="evenodd" d="M11.8125 3.625V9.25L8.4375 10.8125L3.625 7.375L11.8125 3.625ZM15.8703 10.7525L12 12.8125L9.4375 10.75L12.4375 9.125L12.625 9.21364V3.625L20.8125 7.375L16 10.8125L15.8703 10.7525Z" fill="#86AAF9"></path>
<path fill-rule="evenodd" clip-rule="evenodd" d="M2.9375 8.125V16L11.875 20.9375V13L2.9375 8.125ZM21.6875 8.4375V16.3125L12.75 21.25V13.3125L21.6875 8.4375Z" fill="#CFDDFC"></path>
<path d="M21.7247 6.85182L12.9174 2.13603C12.6422 1.95466 12.367 1.95466 12.0917 2.13603L2.55046 6.85182C2.27522 7.0332 2.09174 7.30526 2 7.66801V15.9206C2 16.2834 2.18349 16.5555 2.45871 16.7368L11.5413 21.906C11.6821 21.9794 11.8414 22.0108 12 21.9967H12.2752C12.367 21.9967 12.4587 21.906 12.4587 21.906L21.5413 16.8275C21.8164 16.6461 22 16.374 22 16.0114V7.84939C22 7.3125 21.9778 7.01857 21.7247 6.85182ZM12.367 11.9304L10.8073 11.0235L12.4587 10.1166L14.0183 10.9328L12.367 11.9304ZM15.8531 9.84457L13.4679 8.57489V4.58462L19.3394 7.7587L15.8531 9.84457ZM11.633 4.31255V8.39352L8.97246 9.93524L4.93577 7.66801L11.633 4.31255ZM3.83485 9.20972L11.1743 13.2907V19.4575L3.83485 15.2858V9.20972ZM13.0092 19.4575V13.6535L20.3485 9.3004V15.3765L13.0092 19.4575Z" fill="#0B4DDA"></path>
</svg>
<!--?--> </div> </div><!----> </div><!--?--></template></vt-ui-sandbox-icon-row> <a target="_blank" href="https://www.virustotal.com/gui/search/attack_technique%253AT1574"> <!--?lit$336419335$-->Hijack Execution Flow </a> <span role="button" class="badge rounded-pill bg-body-tertiary text-body-tertiary ms-2"> <!--?lit$336419335$-->T1574 <vt-ui-popover><template shadowrootmode="open"><!----> <div class="popover bs-popover-auto shadow" role="tooltip" data-popper-reference-hidden="" data-popper-escaped="" data-popper-placement="right" style="position: absolute; inset: 0px auto auto 0px; margin: 0px; transform: translate3d(6.82261px, 0px, 0px);"> <div data-popper-arrow="" class="popover-arrow position-absolute" style="position: absolute; top: 0px; transform: translate3d(0px, 0px, 0px);"></div> <h3 class="popover-header d-none "> <slot name="header"></slot> </h3> <div class="popover-body" style="max-height:calc(100vh - 50px);overflow-y:auto"> <slot name="content"></slot> </div> </div> </template> <span slot="head
<path d="M9.058 17.5c-.505 0-.933-.175-1.283-.525a1.745 1.745 0 0 1-.525-1.283V4.308c0-.505.175-.933.525-1.283.35-.35.778-.525 1.283-.525h8.384c.505 0 .933.175 1.283.525.35.35.525.778.525 1.283v11.384c0 .505-.175.933-.525 1.283-.35.35-.778.525-1.283.525H9.058Zm0-1.5h8.384a.294.294 0 0 0 .212-.096.294.294 0 0 0 .096-.212V4.308a.294.294 0 0 0-.096-.212.294.294 0 0 0-.212-.096H9.058a.294.294 0 0 0-.212.096.294.294 0 0 0-.096.212v11.384c0 .077.032.148.096.212a.294.294 0 0 0 .212.096Zm-3.5 5c-.505 0-.933-.175-1.283-.525a1.745 1.745 0 0 1-.525-1.283V6.308h1.5v12.884c0 .077.032.148.096.212a.294.294 0 0 0 .212.096h9.884V21H5.558Z"></path>
</svg>
<!--?--> </a> </div> </span> <span slot="content"> <p><!--?lit$336419335$-->Adversaries may execute their own malicious payloads by hijacking the way operating systems run programs. Hijacking execution flow can be for the purposes of persistence, since this hijacked execution may reoccur over time. Adversaries may also use these mechanisms to elevate privileges or evade defenses, such as application control or other restrictions on execution.
There are many ways an adversary may hijack the flow of execution, including by manipulating how the operating system locates programs to be executed. How the operating system locates libraries to be used by a program can also be intercepted. Locations where the operating system looks for programs/resources, such as file directories and in the case of Windows the Registry, could also be poisoned to include malicious payloads.</p> <a target="_blank" class="btn btn-primary" href="https://attack.mitre.org/techniques/T1574/"> View on mitre </a> </span> </vt-ui-popover> </span> </div> <!--?lit$336419335$--> </span> </td> </tr> <!----><!----> <tr> <!--?lit$336419335$--> <td class="py-2 px-0"> <span class="p-0"> <!--?lit$336419335$--> <div class="hstack"> <!--?lit$336419335$--><vt-ui-sandbox-icon-row class="me-2"><template shadowrootmode="open"><!----> <!--?lit$336419335$--><div class="hstack icons-row"> <!--?lit$336419335$--><!----><div class="box rounded-circle d-inline-flex align-middle bg-body attributed border
<path fill-rule="evenodd" clip-rule="evenodd" d="M11.8125 3.625V9.25L8.4375 10.8125L3.625 7.375L11.8125 3.625ZM15.8703 10.7525L12 12.8125L9.4375 10.75L12.4375 9.125L12.625 9.21364V3.625L20.8125 7.375L16 10.8125L15.8703 10.7525Z" fill="#86AAF9"></path>
<path fill-rule="evenodd" clip-rule="evenodd" d="M2.9375 8.125V16L11.875 20.9375V13L2.9375 8.125ZM21.6875 8.4375V16.3125L12.75 21.25V13.3125L21.6875 8.4375Z" fill="#CFDDFC"></path>
<path d="M21.7247 6.85182L12.9174 2.13603C12.6422 1.95466 12.367 1.95466 12.0917 2.13603L2.55046 6.85182C2.27522 7.0332 2.09174 7.30526 2 7.66801V15.9206C2 16.2834 2.18349 16.5555 2.45871 16.7368L11.5413 21.906C11.6821 21.9794 11.8414 22.0108 12 21.9967H12.2752C12.367 21.9967 12.4587 21.906 12.4587 21.906L21.5413 16.8275C21.8164 16.6461 22 16.374 22 16.0114V7.84939C22 7.3125 21.9778 7.01857 21.7247 6.85182ZM12.367 11.9304L10.8073 11.0235L12.4587 10.1166L14.0183 10.9328L12.367 11.9304ZM15.8531 9.84457L13.4679 8.57489V4.58462L19.3394 7.7587L15.8531 9.84457ZM11.633 4.31255V8.39352L8.97246 9.93524L4.93577 7.66801L11.633 4.31255ZM3.83485 9.20972L11.1743 13.2907V19.4575L3.83485 15.2858V9.20972ZM13.0092 19.4575V13.6535L20.3485 9.3004V15.3765L13.0092 19.4575Z" fill="#0B4DDA"></path>
</svg>
<!--?--> </div> </div><!----> </div><!--?--></template></vt-ui-sandbox-icon-row> <a target="_blank" href="https://www.virustotal.com/gui/search/attack_technique%253AT1574.002"> <!--?lit$336419335$-->DLL Side-Loading </a> <span role="button" class="badge rounded-pill bg-body-tertiary text-body-tertiary ms-2"> <!--?lit$336419335$-->T1574.002 <vt-ui-popover><template shadowrootmode="open"><!----> <div class="popover bs-popover-auto shadow" role="tooltip" data-popper-reference-hidden="" data-popper-escaped="" data-popper-placement="right" style="position: absolute; inset: 0px auto auto 0px; margin: 0px; transform: translate3d(6.82261px, 0px, 0px);"> <div data-popper-arrow="" class="popover-arrow position-absolute" style="position: absolute; top: 0px; transform: translate3d(0px, 0px, 0px);"></div> <h3 class="popover-header d-none "> <slot name="header"></slot> </h3> <div class="popover-body" style="max-height:calc(100vh - 50px);overflow-y:auto"> <slot name="content"></slot> </div> </div> </template> <span slot="h
<path d="M9.058 17.5c-.505 0-.933-.175-1.283-.525a1.745 1.745 0 0 1-.525-1.283V4.308c0-.505.175-.933.525-1.283.35-.35.778-.525 1.283-.525h8.384c.505 0 .933.175 1.283.525.35.35.525.778.525 1.283v11.384c0 .505-.175.933-.525 1.283-.35.35-.778.525-1.283.525H9.058Zm0-1.5h8.384a.294.294 0 0 0 .212-.096.294.294 0 0 0 .096-.212V4.308a.294.294 0 0 0-.096-.212.294.294 0 0 0-.212-.096H9.058a.294.294 0 0 0-.212.096.294.294 0 0 0-.096.212v11.384c0 .077.032.148.096.212a.294.294 0 0 0 .212.096Zm-3.5 5c-.505 0-.933-.175-1.283-.525a1.745 1.745 0 0 1-.525-1.283V6.308h1.5v12.884c0 .077.032.148.096.212a.294.294 0 0 0 .212.096h9.884V21H5.558Z"></path>
</svg>
<!--?--> </a> </div> </span> <span slot="content"> <p><!--?lit$336419335$-->Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL, side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Side-loading takes advantage of the DLL search order used by the loader by positioning both the victim application and malicious payload(s) alongside each other. Adversaries likely use side-loading as a means of masking actions they perform under a legitimate, trusted, and potentially elevated system or software process. Benign executables used to side-load payloads may not be flagged during delivery and/or execution. Adversary payloads may also be encrypted/packed or otherwise obfuscated until loaded into the memory of the trusted process.</p> <a target="_blank" class="btn btn-primary" href="https://attack.mitre.org/techniques/T1574/002/"> View on mitre </a> </span> </vt-ui-popover> </span> </div> <!--?lit$336419335$--> <div class="table-responsive"> <table class="table"> <thead> <tr> <th scope="col" class="fw-bold px-3">Severity</th> <th scope="col" class="fw-bold px-3">Description</th> <th scope="col" class="fw-bold px-3">Match</th> </tr> </thead> <tbody> <!--?lit$336419335$--><!----> <tr> <td><!--?lit$336
<path d="M11.35 12.636H5.703V11.34h5.649V5.69h1.298v5.65h5.649v1.297H12.65v5.65h-1.298v-5.65Z"></path>
</svg>
<!--?--> <span id="slot"><slot></slot></span> <!--?lit$336419335$--> </span> </span> <div class="spinner"> <div class="bounce1"></div> <div class="bounce2"></div> <div class="bounce3"></div> </div> </template></vt-ui-button> <div id="label"> <slot name="label-content"> <!--?lit$336419335$--> </slot> </div> </div> <div id="content" hidden=""> <slot name="content"></slot> </div> </template> <span slot="label-content"> <h5 class="fs-6 fw-bold my-1 d-flex w-100 align-items-center"> <!--?lit$336419335$--> <div class="hstack"> <!--?lit$336419335$--> <a target="_blank" href="https://www.virustotal.com/gui/search/attack_tactic%253ATA0004"> <!--?lit$336419335$-->Privilege Escalation </a> <span role="button" class="badge rounded-pill bg-body-tertiary text-body-tertiary ms-2"> <!--?lit$336419335$-->TA0004 <vt-ui-popover><template shadowrootmode="open"><!----> <div class="popover bs-popover-auto shadow" role="tooltip" data-popper-reference-hidden="" data-popper-escaped="" data-popper-placement="top" style="position: ab
<path d="M9.058 17.5c-.505 0-.933-.175-1.283-.525a1.745 1.745 0 0 1-.525-1.283V4.308c0-.505.175-.933.525-1.283.35-.35.778-.525 1.283-.525h8.384c.505 0 .933.175 1.283.525.35.35.525.778.525 1.283v11.384c0 .505-.175.933-.525 1.283-.35.35-.778.525-1.283.525H9.058Zm0-1.5h8.384a.294.294 0 0 0 .212-.096.294.294 0 0 0 .096-.212V4.308a.294.294 0 0 0-.096-.212.294.294 0 0 0-.212-.096H9.058a.294.294 0 0 0-.212.096.294.294 0 0 0-.096.212v11.384c0 .077.032.148.096.212a.294.294 0 0 0 .212.096Zm-3.5 5c-.505 0-.933-.175-1.283-.525a1.745 1.745 0 0 1-.525-1.283V6.308h1.5v12.884c0 .077.032.148.096.212a.294.294 0 0 0 .212.096h9.884V21H5.558Z"></path>
</svg>
<!--?--> </a> </div> </span> <span slot="content"> <p><!--?lit$336419335$-->The adversary is trying to gain higher-level permissions.
Privilege Escalation consists of techniques that adversaries use to gain higher-level permissions on a system or network. Adversaries can often enter and explore a network with unprivileged access but require elevated permissions to follow through on their objectives. Common approaches are to take advantage of system weaknesses, misconfigurations, and vulnerabilities. Examples of elevated access include:
* SYSTEM/root level
* local administrator
* user account with admin-like access
* user accounts with access to specific system or perform specific function
These techniques often overlap with Persistence techniques, as OS features that let an adversary persist can execute in an elevated context. </p> <a target="_blank" class="btn btn-primary" href="https://attack.mitre.org/tactics/TA0004/"> View on mitre </a> </span> </vt-ui-popover> </span> </div> </h5> </span> <span slot="content"> <table class="table table-borderless table-sm w-auto fs-6 ms-2 mb-0"> <!--?lit$336419335$--><!----> <tr> <!--?lit$336419335$--> <td class="py-2 px-0"> <span class="p-0"> <!--?lit$336419335$--> <div class="hstack"> <!--?lit$336419335$--><vt-ui-sandbox-icon-row class="me-2"><template shadowrootmode="open"><!----> <!--?lit$336419335$--><div class="hstack icons-row"> <!--?lit$336419335$--><!----><div class="box rounded-circle d-inline-flex align-middle bg-body attributed border "> <!--?lit$336419335$--><div data-tooltip-position="right" data-tooltip-text="CAPE Sandbox"> <!--?lit$336419335$--><!--?lit$336419335$--><svg width="1em" height="1em" viewBox="0 0 24 24" fill="none" xmlns="htt
<path d="M6.18844 18.4529C6.18844 18.4529 4.13057 16.586 3.59932 12.5028C3.06807 8.41949 4.75523 5.8289 6.88217 3.82163C9.00912 1.81437 12.1772 1.27818 14.3732 3.16859C16.5692 5.05899 18.3264 8.44208 15.9913 10.7528C15.9913 10.7528 12.7084 7.08884 7.99138 10.6359C4.75426 13.366 6.18844 18.4529 6.18844 18.4529Z" fill="#FF001D"></path>
<path d="M13.009 22C13.009 22 8.61594 21.2998 7.38317 17.0997C6.1504 12.8995 8.06134 10.9237 10.6203 10.2078C10.6203 10.2078 9.69595 12.4173 11.6526 12.9771C13.6093 13.5369 15.7985 13.1018 17.3553 10.69C17.3553 10.6585 18.049 9.7099 17.7562 6.73828C17.7562 6.73828 18.7116 8.60511 20.5 9.44475C20.5 9.44475 19.3752 10.6271 20.4533 12.93C20.4533 12.93 18.6503 13.4593 18.7574 15.8859C18.7574 15.8859 16.6304 15.8083 16.1527 18.4843C16.1527 18.4843 12.4699 18.6709 13.009 22Z" fill="#222222"></path>
</svg>
<!--?--> </div> </div><!----> </div><!--?--></template></vt-ui-sandbox-icon-row> <a target="_blank" href="https://www.virustotal.com/gui/search/attack_technique%253AT1053"> <!--?lit$336419335$-->Scheduled Task/Job </a> <span role="button" class="badge rounded-pill bg-body-tertiary text-body-tertiary ms-2"> <!--?lit$336419335$-->T1053 <vt-ui-popover><template shadowrootmode="open"><!----> <div class="popover bs-popover-auto shadow" role="tooltip" data-popper-reference-hidden="" data-popper-escaped="" data-popper-placement="right" style="position: absolute; inset: 0px auto auto 0px; margin: 0px; transform: translate3d(6.82261px, 0px, 0px);"> <div data-popper-arrow="" class="popover-arrow position-absolute" style="position: absolute; top: 0px; transform: translate3d(0px, 0px, 0px);"></div> <h3 class="popover-header d-none "> <slot name="header"></slot> </h3> <div class="popover-body" style="max-height:calc(100vh - 50px);overflow-y:auto"> <slot name="content"></slot> </div> </div> </template> <span slot="header"
<path d="M9.058 17.5c-.505 0-.933-.175-1.283-.525a1.745 1.745 0 0 1-.525-1.283V4.308c0-.505.175-.933.525-1.283.35-.35.778-.525 1.283-.525h8.384c.505 0 .933.175 1.283.525.35.35.525.778.525 1.283v11.384c0 .505-.175.933-.525 1.283-.35.35-.778.525-1.283.525H9.058Zm0-1.5h8.384a.294.294 0 0 0 .212-.096.294.294 0 0 0 .096-.212V4.308a.294.294 0 0 0-.096-.212.294.294 0 0 0-.212-.096H9.058a.294.294 0 0 0-.212.096.294.294 0 0 0-.096.212v11.384c0 .077.032.148.096.212a.294.294 0 0 0 .212.096Zm-3.5 5c-.505 0-.933-.175-1.283-.525a1.745 1.745 0 0 1-.525-1.283V6.308h1.5v12.884c0 .077.032.148.096.212a.294.294 0 0 0 .212.096h9.884V21H5.558Z"></path>
</svg>
<!--?--> </a> </div> </span> <span slot="content"> <p><!--?lit$336419335$-->Adversaries may abuse task scheduling functionality to facilitate initial or recurring execution of malicious code. Utilities exist within all major operating systems to schedule programs or scripts to be executed at a specified date and time. A task can also be scheduled on a remote system, provided the proper authentication is met (ex: RPC and file and printer sharing in Windows environments). Scheduling a task on a remote system typically may require being a member of an admin or otherwise privileged group on the remote system.
Adversaries may use task scheduling to execute programs at system startup or on a scheduled basis for persistence. These mechanisms can also be abused to run a process under the context of a specified account (such as one with elevated permissions/privileges). Similar to System Binary Proxy Execution, adversaries have also abused task scheduling to potentially mask one-time execution under a trusted system process.</p> <a target="_blank" class="btn btn-primary" href="https://attack.mitre.org/techniques/T1053/"> View on mitre </a> </span> </vt-ui-popover> </span> </div> <!--?lit$336419335$--> <div class="table-responsive"> <table class="table"> <thead> <tr> <th scope="col" class="fw-bold px-3">Severity</th> <th scope="col" class="fw-bold px-3">Description</th> <th scope="col" class="fw-bold px-3">Match</th> </tr> </thead> <tbody> <!--?lit$336419335$--><!----> <tr> <td><!--?lit$336419335$-->UNKNOWN</td> <td class="col-6"> <!--?lit$336419335$--><a href="https://www.virustotal.com/gui/search/behaviour%253A%2522Ad
<path d="M6.18844 18.4529C6.18844 18.4529 4.13057 16.586 3.59932 12.5028C3.06807 8.41949 4.75523 5.8289 6.88217 3.82163C9.00912 1.81437 12.1772 1.27818 14.3732 3.16859C16.5692 5.05899 18.3264 8.44208 15.9913 10.7528C15.9913 10.7528 12.7084 7.08884 7.99138 10.6359C4.75426 13.366 6.18844 18.4529 6.18844 18.4529Z" fill="#FF001D"></path>
<path d="M13.009 22C13.009 22 8.61594 21.2998 7.38317 17.0997C6.1504 12.8995 8.06134 10.9237 10.6203 10.2078C10.6203 10.2078 9.69595 12.4173 11.6526 12.9771C13.6093 13.5369 15.7985 13.1018 17.3553 10.69C17.3553 10.6585 18.049 9.7099 17.7562 6.73828C17.7562 6.73828 18.7116 8.60511 20.5 9.44475C20.5 9.44475 19.3752 10.6271 20.4533 12.93C20.4533 12.93 18.6503 13.4593 18.7574 15.8859C18.7574 15.8859 16.6304 15.8083 16.1527 18.4843C16.1527 18.4843 12.4699 18.6709 13.009 22Z" fill="#222222"></path>
</svg>
<!--?--> </div> </div><!----> </div><!--?--></template></vt-ui-sandbox-icon-row> <a target="_blank" href="https://www.virustotal.com/gui/search/attack_technique%253AT1055"> <!--?lit$336419335$-->Process Injection </a> <span role="button" class="badge rounded-pill bg-body-tertiary text-body-tertiary ms-2"> <!--?lit$336419335$-->T1055 <vt-ui-popover><template shadowrootmode="open"><!----> <div class="popover bs-popover-auto shadow" role="tooltip" data-popper-reference-hidden="" data-popper-escaped="" data-popper-placement="right" style="position: absolute; inset: 0px auto auto 0px; margin: 0px; transform: translate3d(6.82261px, 0px, 0px);"> <div data-popper-arrow="" class="popover-arrow position-absolute" style="position: absolute; top: 0px; transform: translate3d(0px, 0px, 0px);"></div> <h3 class="popover-header d-none "> <slot name="header"></slot> </h3> <div class="popover-body" style="max-height:calc(100vh - 50px);overflow-y:auto"> <slot name="content"></slot> </div> </div> </template> <span slot="header">
<path d="M9.058 17.5c-.505 0-.933-.175-1.283-.525a1.745 1.745 0 0 1-.525-1.283V4.308c0-.505.175-.933.525-1.283.35-.35.778-.525 1.283-.525h8.384c.505 0 .933.175 1.283.525.35.35.525.778.525 1.283v11.384c0 .505-.175.933-.525 1.283-.35.35-.778.525-1.283.525H9.058Zm0-1.5h8.384a.294.294 0 0 0 .212-.096.294.294 0 0 0 .096-.212V4.308a.294.294 0 0 0-.096-.212.294.294 0 0 0-.212-.096H9.058a.294.294 0 0 0-.212.096.294.294 0 0 0-.096.212v11.384c0 .077.032.148.096.212a.294.294 0 0 0 .212.096Zm-3.5 5c-.505 0-.933-.175-1.283-.525a1.745 1.745 0 0 1-.525-1.283V6.308h1.5v12.884c0 .077.032.148.096.212a.294.294 0 0 0 .212.096h9.884V21H5.558Z"></path>
</svg>
<!--?--> </a> </div> </span> <span slot="content"> <p><!--?lit$336419335$-->Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
There are many different ways to inject code into a process, many of which abuse legitimate functionalities. These implementations exist for every major OS but are typically platform specific.
More sophisticated samples may perform multiple process injections to segment modules and further evade detection, utilizing named pipes or other inter-process communication (IPC) mechanisms as a communication channel. </p> <a target="_blank" class="btn btn-primary" href="https://attack.mitre.org/techniques/T1055/"> View on mitre </a> </span> </vt-ui-popover> </span> </div> <!--?lit$336419335$--> <div class="table-responsive"> <table class="table"> <thead> <tr> <th scope="col" class="fw-bold px-3">Severity</th> <th scope="col" class="fw-bold px-3">Description</th> <th scope="col" class="fw-bold px-3">Match</th> </tr> </thead> <tbody> <!--?lit$336419335$--><!----> <tr> <td><!--?lit$336419335$-->UNKNOWN</td> <td class="col-6"> <!--?lit$336419335$--><a href="https://www.virustotal.com/gui/search/behaviour%253A%2522Adversaries%2520may%2520inject%2520code%2520into%2520processes%2520in%2520order%2520to%2520evade%2520process-based%2520defenses%2520as%2520well%2520as%2520possibly%2520elevate%2520privileges.%2522"><!-
<path d="M6.18844 18.4529C6.18844 18.4529 4.13057 16.586 3.59932 12.5028C3.06807 8.41949 4.75523 5.8289 6.88217 3.82163C9.00912 1.81437 12.1772 1.27818 14.3732 3.16859C16.5692 5.05899 18.3264 8.44208 15.9913 10.7528C15.9913 10.7528 12.7084 7.08884 7.99138 10.6359C4.75426 13.366 6.18844 18.4529 6.18844 18.4529Z" fill="#FF001D"></path>
<path d="M13.009 22C13.009 22 8.61594 21.2998 7.38317 17.0997C6.1504 12.8995 8.06134 10.9237 10.6203 10.2078C10.6203 10.2078 9.69595 12.4173 11.6526 12.9771C13.6093 13.5369 15.7985 13.1018 17.3553 10.69C17.3553 10.6585 18.049 9.7099 17.7562 6.73828C17.7562 6.73828 18.7116 8.60511 20.5 9.44475C20.5 9.44475 19.3752 10.6271 20.4533 12.93C20.4533 12.93 18.6503 13.4593 18.7574 15.8859C18.7574 15.8859 16.6304 15.8083 16.1527 18.4843C16.1527 18.4843 12.4699 18.6709 13.009 22Z" fill="#222222"></path>
</svg>
<!--?--> </div> </div><!----> </div><!--?--></template></vt-ui-sandbox-icon-row> <a target="_blank" href="https://www.virustotal.com/gui/search/attack_technique%253AT1547"> <!--?lit$336419335$-->Boot or Logon Autostart Execution </a> <span role="button" class="badge rounded-pill bg-body-tertiary text-body-tertiary ms-2"> <!--?lit$336419335$-->T1547 <vt-ui-popover><template shadowrootmode="open"><!----> <div class="popover bs-popover-auto shadow" role="tooltip" data-popper-reference-hidden="" data-popper-escaped="" data-popper-placement="right" style="position: absolute; inset: 0px auto auto 0px; margin: 0px; transform: translate3d(6.82261px, 0px, 0px);"> <div data-popper-arrow="" class="popover-arrow position-absolute" style="position: absolute; top: 0px; transform: translate3d(0px, 0px, 0px);"></div> <h3 class="popover-header d-none "> <slot name="header"></slot> </h3> <div class="popover-body" style="max-height:calc(100vh - 50px);overflow-y:auto"> <slot name="content"></slot> </div> </div> </template> <spa
<path d="M9.058 17.5c-.505 0-.933-.175-1.283-.525a1.745 1.745 0 0 1-.525-1.283V4.308c0-.505.175-.933.525-1.283.35-.35.778-.525 1.283-.525h8.384c.505 0 .933.175 1.283.525.35.35.525.778.525 1.283v11.384c0 .505-.175.933-.525 1.283-.35.35-.778.525-1.283.525H9.058Zm0-1.5h8.384a.294.294 0 0 0 .212-.096.294.294 0 0 0 .096-.212V4.308a.294.294 0 0 0-.096-.212.294.294 0 0 0-.212-.096H9.058a.294.294 0 0 0-.212.096.294.294 0 0 0-.096.212v11.384c0 .077.032.148.096.212a.294.294 0 0 0 .212.096Zm-3.5 5c-.505 0-.933-.175-1.283-.525a1.745 1.745 0 0 1-.525-1.283V6.308h1.5v12.884c0 .077.032.148.096.212a.294.294 0 0 0 .212.096h9.884V21H5.558Z"></path>
</svg>
<!--?--> </a> </div> </span> <span slot="content"> <p><!--?lit$336419335$-->Adversaries may configure system settings to automatically execute a program during system boot or logon to maintain persistence or gain higher-level privileges on compromised systems. Operating systems may have mechanisms for automatically running a program on system boot or account logon. These mechanisms may include automatically executing programs that are placed in specially designated directories or are referenced by repositories that store configuration information, such as the Windows Registry. An adversary may achieve the same goal by modifying or extending features of the kernel.
Since some boot or logon autostart programs run with higher privileges, an adversary may leverage these to elevate privileges.</p> <a target="_blank" class="btn btn-primary" href="https://attack.mitre.org/techniques/T1547/"> View on mitre </a> </span> </vt-ui-popover> </span> </div> <!--?lit$336419335$--> <div class="table-responsive"> <table class="table"> <thead> <tr> <th scope="col" class="fw-bold px-3">Severity</th> <th scope="col" class="fw-bold px-3">Description</th> <th scope="col" class="fw-bold px-3">Match</th> </tr> </thead> <tbody> <!--?lit$336419335$--><!----> <tr> <td><!--?lit$336419335$-->UNKNOWN</td> <td class="col-6"> <!--?lit$336419335$--><a href="https://www.virustotal.com/gui/search/behaviour%253A%2522Adversaries%2520may%2520configure%2520system%2520settings%2520to%2520automatically%2520execute%2520a%2520program%2520during%2520system%2520boot%2520or%2520logon%2520to%2520maintain%2520persistence%2520or%2520gain%2520higher-level%2520privileges%2520on%2520compromised%2520systems.%2522"><!--?li
<path d="M6.18844 18.4529C6.18844 18.4529 4.13057 16.586 3.59932 12.5028C3.06807 8.41949 4.75523 5.8289 6.88217 3.82163C9.00912 1.81437 12.1772 1.27818 14.3732 3.16859C16.5692 5.05899 18.3264 8.44208 15.9913 10.7528C15.9913 10.7528 12.7084 7.08884 7.99138 10.6359C4.75426 13.366 6.18844 18.4529 6.18844 18.4529Z" fill="#FF001D"></path>
<path d="M13.009 22C13.009 22 8.61594 21.2998 7.38317 17.0997C6.1504 12.8995 8.06134 10.9237 10.6203 10.2078C10.6203 10.2078 9.69595 12.4173 11.6526 12.9771C13.6093 13.5369 15.7985 13.1018 17.3553 10.69C17.3553 10.6585 18.049 9.7099 17.7562 6.73828C17.7562 6.73828 18.7116 8.60511 20.5 9.44475C20.5 9.44475 19.3752 10.6271 20.4533 12.93C20.4533 12.93 18.6503 13.4593 18.7574 15.8859C18.7574 15.8859 16.6304 15.8083 16.1527 18.4843C16.1527 18.4843 12.4699 18.6709 13.009 22Z" fill="#222222"></path>
</svg>
<!--?--> </div> </div><!----> </div><!--?--></template></vt-ui-sandbox-icon-row> <a target="_blank" href="https://www.virustotal.com/gui/search/attack_technique%253AT1547.001"> <!--?lit$336419335$-->Registry Run Keys / Startup Folder </a> <span role="button" class="badge rounded-pill bg-body-tertiary text-body-tertiary ms-2"> <!--?lit$336419335$-->T1547.001 <vt-ui-popover><template shadowrootmode="open"><!----> <div class="popover bs-popover-auto shadow" role="tooltip" data-popper-reference-hidden="" data-popper-escaped="" data-popper-placement="right" style="position: absolute; inset: 0px auto auto 0px; margin: 0px; transform: translate3d(6.82261px, 0px, 0px);"> <div data-popper-arrow="" class="popover-arrow position-absolute" style="position: absolute; top: 0px; transform: translate3d(0px, 0px, 0px);"></div> <h3 class="popover-header d-none "> <slot name="header"></slot> </h3> <div class="popover-body" style="max-height:calc(100vh - 50px);overflow-y:auto"> <slot name="content"></slot> </div> </div> </templ
<path d="M9.058 17.5c-.505 0-.933-.175-1.283-.525a1.745 1.745 0 0 1-.525-1.283V4.308c0-.505.175-.933.525-1.283.35-.35.778-.525 1.283-.525h8.384c.505 0 .933.175 1.283.525.35.35.525.778.525 1.283v11.384c0 .505-.175.933-.525 1.283-.35.35-.778.525-1.283.525H9.058Zm0-1.5h8.384a.294.294 0 0 0 .212-.096.294.294 0 0 0 .096-.212V4.308a.294.294 0 0 0-.096-.212.294.294 0 0 0-.212-.096H9.058a.294.294 0 0 0-.212.096.294.294 0 0 0-.096.212v11.384c0 .077.032.148.096.212a.294.294 0 0 0 .212.096Zm-3.5 5c-.505 0-.933-.175-1.283-.525a1.745 1.745 0 0 1-.525-1.283V6.308h1.5v12.884c0 .077.032.148.096.212a.294.294 0 0 0 .212.096h9.884V21H5.558Z"></path>
</svg>
<!--?--> </a> </div> </span> <span slot="content"> <p><!--?lit$336419335$-->Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in. These programs will be executed under the context of the user and will have the account's associated permissions level.
The following run keys are created by default on Windows systems:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce
Run keys may exist under multiple hives. The HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnceEx is also available but is not created by default on Windows Vista and newer. Registry run key entries can reference programs directly or list them as a dependency. For example, it is possible to load a DLL at logon using a "Depend" key with RunOnceEx: reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx\0001\Depend /v 1 /d "C:\temp\evil[.]dll"
Placing a program within a startup folder will also cause that program to execute when a user logs in. There is a startup folder location for individual user accounts as well as a system-wide startup folder that will be checked regardless of which user account logs in. The startup folder path for the current user is C:\Users\[Username]\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup. The startup folder path for all users is C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp.
The following Registry keys can be used to set startup folder items for persistence:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
The following Registry keys can control automatic startup of services during boot:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunServices
Using policy settings to specify startup programs creates corresponding values in either of two Registry keys:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
Programs listed in the load value of the registry key HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows run automatically for the currently logged-on user.
By default, the multistring BootExecute value of the registry key HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager is set to autocheck autochk *. This value causes Windows, at startup, to check the file-system integrity of the hard disks if the system has been shut down abnormally. Adversaries can add other programs or processes to this registry value which will automatically launch at boot.
Adversaries can use these configuration locations to execute malware, such as remote access tools, to maintain persistence through system reboots. Adversaries may also use Masquerading to make the Registry entries look as if they are associated with legitimate programs.</p> <a target="_blank" class="btn btn-primary" href="https://attack.mitre.org/techniques/T1547/001/"> View on mitre </a> </span> </vt-ui-popover> </span> </div> <!--?lit$336419335$--> <div class="table-responsive"> <table class="table"> <thead> <tr> <th scope="col" class="fw-bold px-3">Severity</th> <th scope="col" class="fw-bold px-3">Description</th> <th scope="col" class="fw-bold px-3">Match</th> </tr> </thead> <tbody> <!--?lit$336419335$--><!----> <tr> <td><!--?lit$336419335$-->UNKNOWN</td> <td class="col-6"> <!--?lit$336419335$--><a href="https://www.virustotal.com/gui/search/behaviour%253A%2522Adversaries%2520may%2520achieve%2520persistence%2520by%2520adding%2520a%2520program%2520to%2520a%2520startup%2520folder%2520or%2520referencing%252
<path fill-rule="evenodd" clip-rule="evenodd" d="M11.8125 3.625V9.25L8.4375 10.8125L3.625 7.375L11.8125 3.625ZM15.8703 10.7525L12 12.8125L9.4375 10.75L12.4375 9.125L12.625 9.21364V3.625L20.8125 7.375L16 10.8125L15.8703 10.7525Z" fill="#86AAF9"></path>
<path fill-rule="evenodd" clip-rule="evenodd" d="M2.9375 8.125V16L11.875 20.9375V13L2.9375 8.125ZM21.6875 8.4375V16.3125L12.75 21.25V13.3125L21.6875 8.4375Z" fill="#CFDDFC"></path>
<path d="M21.7247 6.85182L12.9174 2.13603C12.6422 1.95466 12.367 1.95466 12.0917 2.13603L2.55046 6.85182C2.27522 7.0332 2.09174 7.30526 2 7.66801V15.9206C2 16.2834 2.18349 16.5555 2.45871 16.7368L11.5413 21.906C11.6821 21.9794 11.8414 22.0108 12 21.9967H12.2752C12.367 21.9967 12.4587 21.906 12.4587 21.906L21.5413 16.8275C21.8164 16.6461 22 16.374 22 16.0114V7.84939C22 7.3125 21.9778 7.01857 21.7247 6.85182ZM12.367 11.9304L10.8073 11.0235L12.4587 10.1166L14.0183 10.9328L12.367 11.9304ZM15.8531 9.84457L13.4679 8.57489V4.58462L19.3394 7.7587L15.8531 9.84457ZM11.633 4.31255V8.39352L8.97246 9.93524L4.93577 7.66801L11.633 4.31255ZM3.83485 9.20972L11.1743 13.2907V19.4575L3.83485 15.2858V9.20972ZM13.0092 19.4575V13.6535L20.3485 9.3004V15.3765L13.0092 19.4575Z" fill="#0B4DDA"></path>
</svg>
<!--?--> </div> </div><!----> </div><!--?--></template></vt-ui-sandbox-icon-row> <a target="_blank" href="https://www.virustotal.com/gui/search/attack_technique%253AT1574"> <!--?lit$336419335$-->Hijack Execution Flow </a> <span role="button" class="badge rounded-pill bg-body-tertiary text-body-tertiary ms-2"> <!--?lit$336419335$-->T1574 <vt-ui-popover><template shadowrootmode="open"><!----> <div class="popover bs-popover-auto shadow" role="tooltip" data-popper-reference-hidden="" data-popper-escaped="" data-popper-placement="right" style="position: absolute; inset: 0px auto auto 0px; margin: 0px; transform: translate3d(6.82261px, 0px, 0px);"> <div data-popper-arrow="" class="popover-arrow position-absolute" style="position: absolute; top: 0px; transform: translate3d(0px, 0px, 0px);"></div> <h3 class="popover-header d-none "> <slot name="header"></slot> </h3> <div class="popover-body" style="max-height:calc(100vh - 50px);overflow-y:auto"> <slot name="content"></slot> </div> </div> </template> <span slot="head
<path d="M9.058 17.5c-.505 0-.933-.175-1.283-.525a1.745 1.745 0 0 1-.525-1.283V4.308c0-.505.175-.933.525-1.283.35-.35.778-.525 1.283-.525h8.384c.505 0 .933.175 1.283.525.35.35.525.778.525 1.283v11.384c0 .505-.175.933-.525 1.283-.35.35-.778.525-1.283.525H9.058Zm0-1.5h8.384a.294.294 0 0 0 .212-.096.294.294 0 0 0 .096-.212V4.308a.294.294 0 0 0-.096-.212.294.294 0 0 0-.212-.096H9.058a.294.294 0 0 0-.212.096.294.294 0 0 0-.096.212v11.384c0 .077.032.148.096.212a.294.294 0 0 0 .212.096Zm-3.5 5c-.505 0-.933-.175-1.283-.525a1.745 1.745 0 0 1-.525-1.283V6.308h1.5v12.884c0 .077.032.148.096.212a.294.294 0 0 0 .212.096h9.884V21H5.558Z"></path>
</svg>
<!--?--> </a> </div> </span> <span slot="content"> <p><!--?lit$336419335$-->Adversaries may execute their own malicious payloads by hijacking the way operating systems run programs. Hijacking execution flow can be for the purposes of persistence, since this hijacked execution may reoccur over time. Adversaries may also use these mechanisms to elevate privileges or evade defenses, such as application control or other restrictions on execution.
There are many ways an adversary may hijack the flow of execution, including by manipulating how the operating system locates programs to be executed. How the operating system locates libraries to be used by a program can also be intercepted. Locations where the operating system looks for programs/resources, such as file directories and in the case of Windows the Registry, could also be poisoned to include malicious payloads.</p> <a target="_blank" class="btn btn-primary" href="https://attack.mitre.org/techniques/T1574/"> View on mitre </a> </span> </vt-ui-popover> </span> </div> <!--?lit$336419335$--> </span> </td> </tr> <!----><!----> <tr> <!--?lit$336419335$--> <td class="py-2 px-0"> <span class="p-0"> <!--?lit$336419335$--> <div class="hstack"> <!--?lit$336419335$--><vt-ui-sandbox-icon-row class="me-2"><template shadowrootmode="open"><!----> <!--?lit$336419335$--><div class="hstack icons-row"> <!--?lit$336419335$--><!----><div class="box rounded-circle d-inline-flex align-middle bg-body attributed border
<path fill-rule="evenodd" clip-rule="evenodd" d="M11.8125 3.625V9.25L8.4375 10.8125L3.625 7.375L11.8125 3.625ZM15.8703 10.7525L12 12.8125L9.4375 10.75L12.4375 9.125L12.625 9.21364V3.625L20.8125 7.375L16 10.8125L15.8703 10.7525Z" fill="#86AAF9"></path>
<path fill-rule="evenodd" clip-rule="evenodd" d="M2.9375 8.125V16L11.875 20.9375V13L2.9375 8.125ZM21.6875 8.4375V16.3125L12.75 21.25V13.3125L21.6875 8.4375Z" fill="#CFDDFC"></path>
<path d="M21.7247 6.85182L12.9174 2.13603C12.6422 1.95466 12.367 1.95466 12.0917 2.13603L2.55046 6.85182C2.27522 7.0332 2.09174 7.30526 2 7.66801V15.9206C2 16.2834 2.18349 16.5555 2.45871 16.7368L11.5413 21.906C11.6821 21.9794 11.8414 22.0108 12 21.9967H12.2752C12.367 21.9967 12.4587 21.906 12.4587 21.906L21.5413 16.8275C21.8164 16.6461 22 16.374 22 16.0114V7.84939C22 7.3125 21.9778 7.01857 21.7247 6.85182ZM12.367 11.9304L10.8073 11.0235L12.4587 10.1166L14.0183 10.9328L12.367 11.9304ZM15.8531 9.84457L13.4679 8.57489V4.58462L19.3394 7.7587L15.8531 9.84457ZM11.633 4.31255V8.39352L8.97246 9.93524L4.93577 7.66801L11.633 4.31255ZM3.83485 9.20972L11.1743 13.2907V19.4575L3.83485 15.2858V9.20972ZM13.0092 19.4575V13.6535L20.3485 9.3004V15.3765L13.0092 19.4575Z" fill="#0B4DDA"></path>
</svg>
<!--?--> </div> </div><!----> </div><!--?--></template></vt-ui-sandbox-icon-row> <a target="_blank" href="https://www.virustotal.com/gui/search/attack_technique%253AT1574.002"> <!--?lit$336419335$-->DLL Side-Loading </a> <span role="button" class="badge rounded-pill bg-body-tertiary text-body-tertiary ms-2"> <!--?lit$336419335$-->T1574.002 <vt-ui-popover><template shadowrootmode="open"><!----> <div class="popover bs-popover-auto shadow" role="tooltip" data-popper-reference-hidden="" data-popper-escaped="" data-popper-placement="right" style="position: absolute; inset: 0px auto auto 0px; margin: 0px; transform: translate3d(6.82261px, 0px, 0px);"> <div data-popper-arrow="" class="popover-arrow position-absolute" style="position: absolute; top: 0px; transform: translate3d(0px, 0px, 0px);"></div> <h3 class="popover-header d-none "> <slot name="header"></slot> </h3> <div class="popover-body" style="max-height:calc(100vh - 50px);overflow-y:auto"> <slot name="content"></slot> </div> </div> </template> <span slot="h
<path d="M9.058 17.5c-.505 0-.933-.175-1.283-.525a1.745 1.745 0 0 1-.525-1.283V4.308c0-.505.175-.933.525-1.283.35-.35.778-.525 1.283-.525h8.384c.505 0 .933.175 1.283.525.35.35.525.778.525 1.283v11.384c0 .505-.175.933-.525 1.283-.35.35-.778.525-1.283.525H9.058Zm0-1.5h8.384a.294.294 0 0 0 .212-.096.294.294 0 0 0 .096-.212V4.308a.294.294 0 0 0-.096-.212.294.294 0 0 0-.212-.096H9.058a.294.294 0 0 0-.212.096.294.294 0 0 0-.096.212v11.384c0 .077.032.148.096.212a.294.294 0 0 0 .212.096Zm-3.5 5c-.505 0-.933-.175-1.283-.525a1.745 1.745 0 0 1-.525-1.283V6.308h1.5v12.884c0 .077.032.148.096.212a.294.294 0 0 0 .212.096h9.884V21H5.558Z"></path>
</svg>
<!--?--> </a> </div> </span> <span slot="content"> <p><!--?lit$336419335$-->Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL, side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Side-loading takes advantage of the DLL search order used by the loader by positioning both the victim application and malicious payload(s) alongside each other. Adversaries likely use side-loading as a means of masking actions they perform under a legitimate, trusted, and potentially elevated system or software process. Benign executables used to side-load payloads may not be flagged during delivery and/or execution. Adversary payloads may also be encrypted/packed or otherwise obfuscated until loaded into the memory of the trusted process.</p> <a target="_blank" class="btn btn-primary" href="https://attack.mitre.org/techniques/T1574/002/"> View on mitre </a> </span> </vt-ui-popover> </span> </div> <!--?lit$336419335$--> <div class="table-responsive"> <table class="table"> <thead> <tr> <th scope="col" class="fw-bold px-3">Severity</th> <th scope="col" class="fw-bold px-3">Description</th> <th scope="col" class="fw-bold px-3">Match</th> </tr> </thead> <tbody> <!--?lit$336419335$--><!----> <tr> <td><!--?lit$336
<path d="M11.35 12.636H5.703V11.34h5.649V5.69h1.298v5.65h5.649v1.297H12.65v5.65h-1.298v-5.65Z"></path>
</svg>
<!--?--> <span id="slot"><slot></slot></span> <!--?lit$336419335$--> </span> </span> <div class="spinner"> <div class="bounce1"></div> <div class="bounce2"></div> <div class="bounce3"></div> </div> </template></vt-ui-button> <div id="label"> <slot name="label-content"> <!--?lit$336419335$--> </slot> </div> </div> <div id="content" hidden=""> <slot name="content"></slot> </div> </template> <span slot="label-content"> <h5 class="fs-6 fw-bold my-1 d-flex w-100 align-items-center"> <!--?lit$336419335$--> <div class="hstack"> <!--?lit$336419335$--> <a target="_blank" href="https://www.virustotal.com/gui/search/attack_tactic%253ATA0005"> <!--?lit$336419335$-->Defense Evasion </a> <span role="button" class="badge rounded-pill bg-body-tertiary text-body-tertiary ms-2"> <!--?lit$336419335$-->TA0005 <vt-ui-popover><template shadowrootmode="open"><!----> <div class="popover bs-popover-auto shadow" role="tooltip" data-popper-reference-hidden="" data-popper-escaped="" data-popper-placement="top" style="position: absolut
<path d="M9.058 17.5c-.505 0-.933-.175-1.283-.525a1.745 1.745 0 0 1-.525-1.283V4.308c0-.505.175-.933.525-1.283.35-.35.778-.525 1.283-.525h8.384c.505 0 .933.175 1.283.525.35.35.525.778.525 1.283v11.384c0 .505-.175.933-.525 1.283-.35.35-.778.525-1.283.525H9.058Zm0-1.5h8.384a.294.294 0 0 0 .212-.096.294.294 0 0 0 .096-.212V4.308a.294.294 0 0 0-.096-.212.294.294 0 0 0-.212-.096H9.058a.294.294 0 0 0-.212.096.294.294 0 0 0-.096.212v11.384c0 .077.032.148.096.212a.294.294 0 0 0 .212.096Zm-3.5 5c-.505 0-.933-.175-1.283-.525a1.745 1.745 0 0 1-.525-1.283V6.308h1.5v12.884c0 .077.032.148.096.212a.294.294 0 0 0 .212.096h9.884V21H5.558Z"></path>
</svg>
<!--?--> </a> </div> </span> <span slot="content"> <p><!--?lit$336419335$-->The adversary is trying to avoid being detected.
Defense Evasion consists of techniques that adversaries use to avoid detection throughout their compromise. Techniques used for defense evasion include uninstalling/disabling security software or obfuscating/encrypting data and scripts. Adversaries also leverage and abuse trusted processes to hide and masquerade their malware. Other tactics
techniques are cross-listed here when those techniques include the added benefit of subverting defenses. </p> <a target="_blank" class="btn btn-primary" href="https://attack.mitre.org/tactics/TA0005/"> View on mitre </a> </span> </vt-ui-popover> </span> </div> </h5> </span> <span slot="content"> <table class="table table-borderless table-sm w-auto fs-6 ms-2 mb-0"> <!--?lit$336419335$--><!----> <tr> <!--?lit$336419335$--> <td class="py-2 px-0"> <span class="p-0"> <!--?lit$336419335$--> <div class="hstack"> <!--?lit$336419335$--><vt-ui-sandbox-icon-row class="me-2"><template shadowrootmode="open"><!----> <!--?lit$336419335$--><div class="hstack icons-row"> <!--?lit$336419335$--><!----><div class="box rounded-circle d-inline-flex align-middle bg-body attributed border "> <!--?lit$336419335$--><div data-tooltip-position="right" data-tooltip-text="CAPE Sandbox"> <!--?lit$336419335$--><!--?lit$336419335$--><svg width="1em" height="1em" viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg">
<path d="M6.18844 18.4529C6.18844 18.4529 4.13057 16.586 3.59932 12.5028C3.06807 8.41949 4.75523 5.8289 6.88217 3.82163C9.00912 1.81437 12.1772 1.27818 14.3732 3.16859C16.5692 5.05899 18.3264 8.44208 15.9913 10.7528C15.9913 10.7528 12.7084 7.08884 7.99138 10.6359C4.75426 13.366 6.18844 18.4529 6.18844 18.4529Z" fill="#FF001D"></path>
<path d="M13.009 22C13.009 22 8.61594 21.2998 7.38317 17.0997C6.1504 12.8995 8.06134 10.9237 10.6203 10.2078C10.6203 10.2078 9.69595 12.4173 11.6526 12.9771C13.6093 13.5369 15.7985 13.1018 17.3553 10.69C17.3553 10.6585 18.049 9.7099 17.7562 6.73828C17.7562 6.73828 18.7116 8.60511 20.5 9.44475C20.5 9.44475 19.3752 10.6271 20.4533 12.93C20.4533 12.93 18.6503 13.4593 18.7574 15.8859C18.7574 15.8859 16.6304 15.8083 16.1527 18.4843C16.1527 18.4843 12.4699 18.6709 13.009 22Z" fill="#222222"></path>
</svg>
<!--?--> </div> </div><!----> </div><!--?--></template></vt-ui-sandbox-icon-row> <a target="_blank" href="https://www.virustotal.com/gui/search/attack_technique%253AT1014"> <!--?lit$336419335$-->Rootkit </a> <span role="button" class="badge rounded-pill bg-body-tertiary text-body-tertiary ms-2"> <!--?lit$336419335$-->T1014 <vt-ui-popover><template shadowrootmode="open"><!----> <div class="popover bs-popover-auto shadow" role="tooltip" data-popper-reference-hidden="" data-popper-escaped="" data-popper-placement="right" style="position: absolute; inset: 0px auto auto 0px; margin: 0px; transform: translate3d(6.82261px, 0px, 0px);"> <div data-popper-arrow="" class="popover-arrow position-absolute" style="position: absolute; top: 0px; transform: translate3d(0px, 0px, 0px);"></div> <h3 class="popover-header d-none "> <slot name="header"></slot> </h3> <div class="popover-body" style="max-height:calc(100vh - 50px);overflow-y:auto"> <slot name="content"></slot> </div> </div> </template> <span slot="header"> <div clas
<path d="M9.058 17.5c-.505 0-.933-.175-1.283-.525a1.745 1.745 0 0 1-.525-1.283V4.308c0-.505.175-.933.525-1.283.35-.35.778-.525 1.283-.525h8.384c.505 0 .933.175 1.283.525.35.35.525.778.525 1.283v11.384c0 .505-.175.933-.525 1.283-.35.35-.778.525-1.283.525H9.058Zm0-1.5h8.384a.294.294 0 0 0 .212-.096.294.294 0 0 0 .096-.212V4.308a.294.294 0 0 0-.096-.212.294.294 0 0 0-.212-.096H9.058a.294.294 0 0 0-.212.096.294.294 0 0 0-.096.212v11.384c0 .077.032.148.096.212a.294.294 0 0 0 .212.096Zm-3.5 5c-.505 0-.933-.175-1.283-.525a1.745 1.745 0 0 1-.525-1.283V6.308h1.5v12.884c0 .077.032.148.096.212a.294.294 0 0 0 .212.096h9.884V21H5.558Z"></path>
</svg>
<!--?--> </a> </div> </span> <span slot="content"> <p><!--?lit$336419335$-->Adversaries may use rootkits to hide the presence of programs, files, network connections, services, drivers, and other system components. Rootkits are programs that hide the existence of malware by intercepting/hooking and modifying operating system API calls that supply system information.
Rootkits or rootkit enabling functionality may reside at the user or kernel level in the operating system or lower, to include a hypervisor, Master Boot Record, or System Firmware. Rootkits have been seen for Windows, Linux, and Mac OS X systems. </p> <a target="_blank" class="btn btn-primary" href="https://attack.mitre.org/techniques/T1014/"> View on mitre </a> </span> </vt-ui-popover> </span> </div> <!--?lit$336419335$--> <div class="table-responsive"> <table class="table"> <thead> <tr> <th scope="col" class="fw-bold px-3">Severity</th> <th scope="col" class="fw-bold px-3">Description</th> <th scope="col" class="fw-bold px-3">Match</th> </tr> </thead> <tbody> <!--?lit$336419335$--><!----> <tr> <td><!--?lit$336419335$-->UNKNOWN</td> <td class="col-6"> <!--?lit$336419335$--><a href="https://www.virustotal.com/gui/search/behaviour%253A%2522Adversaries%2520may%2520use%2520rootkits%2520to%2520hide%2520the%2520presence%2520of%2520programs%252C%2520files%252C%2520network%2520connections%252C%2520services%252C%25
<g clip-path="url(#a)">
<path fill="#CBCBCB" fill-rule="evenodd" d="M13.86 3.22c-.399-.048-.603-.665-.676-1.024a.845.845 0 0 0-.024-.09.822.822 0 0 1 .47.579c.034.171.127.381.23.535Zm-3.595-.68c-.018-.018-.033-.033-.05-.046l.016.015c.011.01.022.021.034.03Zm6.928 2.218c-.08-.06-.159-.13-.233-.216V4.54c-.337-.387-.391-.742-.435-1.03-.013-.087-.025-.169-.045-.243.13-.01.212.05.282.213.043.1.06.219.081.352.04.262.088.58.35.926Zm3.48 3.84c.055-.084.11-.17.157-.276a.65.65 0 0 0 .066-.357c.356.13.379.382.25.678-.046.106-.101.191-.156.275-.133.202-.262.4-.246.88.013.359.108.665.261.9-.34-.225-.559-.66-.578-1.221-.015-.48.114-.677.246-.88ZM18.907 6.24c-.06.344.17.68.49.931-.137-.189-.212-.397-.174-.61.113-.634.135-1.065.135-1.065s0-.223-.323-.222c-.013.162-.048.51-.127.964l-.001.002ZM2.542 13.057c-.09-.036-.165-.149-.201-.277h.001c.208.077.553.223.776.553-.187-.131-.383-.204-.507-.25l-.07-.026Zm9.79 7.603c-1.006 0-1.312.68-1.312.68s-.088.286-.386.336c.074.193.142.314.293.324.287.02.469-.317.469-.317s.245-.703 1.253-.703c.432 0 .749.146.9
<path fill="#0094DD" fill-rule="evenodd" d="M9.335 20.297c-1.072-.25-1.744.784-1.744.784l.003.003c-.11.151-.537.03-.52-.336.002-.057.008-.123.016-.195.04-.393.102-.993-.389-1.566-.544-.635-1.264-.379-1.575-.269-.021.008-.04.015-.058.02-.27.092-.694-.203-.537-.588.157-.385.27-1.156-.044-1.472-.314-.316-.738-.7-1.253-.61-.515.089-.581-.43-.402-.703.031-.049.07-.098.112-.15.194-.246.454-.574.38-1.3-.082-.8-.734-1.042-1.021-1.148-.03-.01-.054-.02-.075-.029-.223-.091-.358-.655-.022-.747.336-.091.762-.43.873-1.132.11-.702-.18-1.132-.493-1.472-.314-.34-.112-.566.067-.68.053-.034.123-.043.209-.055.202-.028.495-.07.887-.466.559-.566.402-1.584.245-1.946-.157-.363.022-.634.604-.566.58.067.826-.047 1.184-.363l.024-.02c.344-.304.558-.493.513-1.18-.046-.702.334-.677.648-.543.314.135.895.318 1.498.045.604-.272.76-.771.805-1.11.046-.338.402-.588.694-.27.307.335.616.633 1.077.718.247.045.5.037.75.01.359-.04.49-.143.656-.448.012-.02.023-.041.034-.063.103-.192.229-.427.459-.45.3-.03.419.446.48.689l.01.04c.075.297.36.443.693
<path fill="#000" d="M21.568 11.582c.223-.27.134-.61-.336-.77-.469-.158-.783-.655-.805-1.335-.022-.68.246-.792.402-1.155.157-.362.09-.655-.536-.747-.626-.09-1.499-.702-1.386-1.335.112-.634.118-.974.118-.974s-.61.023-1.013 1.336c-.403 1.313 1.543 1.902 1.454 5.931-.089 4.03-4.226 6.294-5.3 6.542-1.026.238-2.645.66-4.698.024l4.03-4.26a.595.595 0 0 0 .155-.447l-.016-.218a.326.326 0 0 0-.33-.304l-2.717-.067a.117.117 0 0 1-.108-.164l1.606-3.643c.043-.096.071-.075.112.023l2.528 5.994c.111.267.376.437.662.425l1.796-.076a.418.418 0 0 0 .358-.595L12.666 4.968a.586.586 0 0 0-1.07.006L6.803 15.947a.308.308 0 0 0 .282.436l1.877-.024-1.893 4.387a.32.32 0 0 0 .095.372c.13.103.315.087.426-.035l.428-.452c.302-.24.754-.464 1.316-.334 1.074.249.852 1.33 1.275 1.38.306.04.469-.317.469-.317s.245-.702 1.253-.702c.735 0 1.137.423 1.299.65a.483.483 0 0 0 .426.214c.131-.011.261-.082.31-.298.113-.499.336-1.065.917-1.313a1.543 1.543 0 0 1 1.454.158c.268.204.738.137.672-.384-.067-.521.044-1.065.537-1.472.492-.408.827-.43 1.386-.408
</g>
<defs>
<clippath id="a">
<path fill="#fff" d="M2 2h20v20H2z"></path>
</clippath>
</defs>
</svg>
<!--?--> </div> </div><!----> </div><!--?--></template></vt-ui-sandbox-icon-row> <a target="_blank" href="https://www.virustotal.com/gui/search/attack_technique%253AT1027"> <!--?lit$336419335$-->Obfuscated Files or Information </a> <span role="button" class="badge rounded-pill bg-body-tertiary text-body-tertiary ms-2"> <!--?lit$336419335$-->T1027 <vt-ui-popover><template shadowrootmode="open"><!----> <div class="popover bs-popover-auto shadow" role="tooltip" data-popper-reference-hidden="" data-popper-escaped="" data-popper-placement="right" style="position: absolute; inset: 0px auto auto 0px; margin: 0px; transform: translate3d(6.82261px, 0px, 0px);"> <div data-popper-arrow="" class="popover-arrow position-absolute" style="position: absolute; top: 0px; transform: translate3d(0px, 0px, 0px);"></div> <h3 class="popover-header d-none "> <slot name="header"></slot> </h3> <div class="popover-body" style="max-height:calc(100vh - 50px);overflow-y:auto"> <slot name="content"></slot> </div> </div> </template> <span
<path d="M9.058 17.5c-.505 0-.933-.175-1.283-.525a1.745 1.745 0 0 1-.525-1.283V4.308c0-.505.175-.933.525-1.283.35-.35.778-.525 1.283-.525h8.384c.505 0 .933.175 1.283.525.35.35.525.778.525 1.283v11.384c0 .505-.175.933-.525 1.283-.35.35-.778.525-1.283.525H9.058Zm0-1.5h8.384a.294.294 0 0 0 .212-.096.294.294 0 0 0 .096-.212V4.308a.294.294 0 0 0-.096-.212.294.294 0 0 0-.212-.096H9.058a.294.294 0 0 0-.212.096.294.294 0 0 0-.096.212v11.384c0 .077.032.148.096.212a.294.294 0 0 0 .212.096Zm-3.5 5c-.505 0-.933-.175-1.283-.525a1.745 1.745 0 0 1-.525-1.283V6.308h1.5v12.884c0 .077.032.148.096.212a.294.294 0 0 0 .212.096h9.884V21H5.558Z"></path>
</svg>
<!--?--> </a> </div> </span> <span slot="content"> <p><!--?lit$336419335$-->Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Payloads may be compressed, archived, or encrypted in order to avoid detection. These payloads may be used during Initial Access or later to mitigate detection. Sometimes a user's action may be required to open and Deobfuscate/Decode Files or Information for User Execution. The user may also be required to input a password to open a password protected compressed/encrypted file that was provided by the adversary. Adversaries may also use compressed or archived scripts, such as JavaScript.
Portions of files can also be encoded to hide the plain-text strings that would otherwise help defenders with discovery. Payloads may also be split into separate, seemingly benign files that only reveal malicious functionality when reassembled.
Adversaries may also abuse Command Obfuscation to obscure commands executed from payloads or directly via Command and Scripting Interpreter. Environment variables, aliases, characters, and other platform/language specific semantics can be used to evade signature based detections and application control mechanisms. </p> <a target="_blank" class="btn btn-primary" href="https://attack.mitre.org/techniques/T1027/"> View on mitre </a> </span> </vt-ui-popover> </span> </div> <!--?lit$336419335$--> <div class="table-responsive"> <table class="table"> <thead> <tr> <th scope="col" class="fw-bold px-3">Severity</th> <th scope="col" class="fw-bold px-3">Description</th> <th scope="col" class="fw-bold px-3">Match</th> </tr> </thead> <tbody> <!--?lit$336419335$--><!----> <tr> <td><!--?lit$336419335$-->INFO</td> <td class="col-6"> <!--?lit$336419335$--><a href="https://www.virustotal.com/gui/search/behaviour%253A%2522encrypt%2520data%2520using%2520RC4%2520PRGA%2522"><!--?lit$336419335$-->encrypt data using RC4 PRGA</a> <
<path fill-rule="evenodd" clip-rule="evenodd" d="M11.8125 3.625V9.25L8.4375 10.8125L3.625 7.375L11.8125 3.625ZM15.8703 10.7525L12 12.8125L9.4375 10.75L12.4375 9.125L12.625 9.21364V3.625L20.8125 7.375L16 10.8125L15.8703 10.7525Z" fill="#86AAF9"></path>
<path fill-rule="evenodd" clip-rule="evenodd" d="M2.9375 8.125V16L11.875 20.9375V13L2.9375 8.125ZM21.6875 8.4375V16.3125L12.75 21.25V13.3125L21.6875 8.4375Z" fill="#CFDDFC"></path>
<path d="M21.7247 6.85182L12.9174 2.13603C12.6422 1.95466 12.367 1.95466 12.0917 2.13603L2.55046 6.85182C2.27522 7.0332 2.09174 7.30526 2 7.66801V15.9206C2 16.2834 2.18349 16.5555 2.45871 16.7368L11.5413 21.906C11.6821 21.9794 11.8414 22.0108 12 21.9967H12.2752C12.367 21.9967 12.4587 21.906 12.4587 21.906L21.5413 16.8275C21.8164 16.6461 22 16.374 22 16.0114V7.84939C22 7.3125 21.9778 7.01857 21.7247 6.85182ZM12.367 11.9304L10.8073 11.0235L12.4587 10.1166L14.0183 10.9328L12.367 11.9304ZM15.8531 9.84457L13.4679 8.57489V4.58462L19.3394 7.7587L15.8531 9.84457ZM11.633 4.31255V8.39352L8.97246 9.93524L4.93577 7.66801L11.633 4.31255ZM3.83485 9.20972L11.1743 13.2907V19.4575L3.83485 15.2858V9.20972ZM13.0092 19.4575V13.6535L20.3485 9.3004V15.3765L13.0092 19.4575Z" fill="#0B4DDA"></path>
</svg>
<!--?--> </div> </div><!----> </div><!--?--></template></vt-ui-sandbox-icon-row> <a target="_blank" href="https://www.virustotal.com/gui/search/attack_technique%253AT1036"> <!--?lit$336419335$-->Masquerading </a> <span role="button" class="badge rounded-pill bg-body-tertiary text-body-tertiary ms-2"> <!--?lit$336419335$-->T1036 <vt-ui-popover><template shadowrootmode="open"><!----> <div class="popover bs-popover-auto shadow" role="tooltip" data-popper-reference-hidden="" data-popper-escaped="" data-popper-placement="right" style="position: absolute; inset: 0px auto auto 0px; margin: 0px; transform: translate3d(6.82261px, 0px, 0px);"> <div data-popper-arrow="" class="popover-arrow position-absolute" style="position: absolute; top: 0px; transform: translate3d(0px, 0px, 0px);"></div> <h3 class="popover-header d-none "> <slot name="header"></slot> </h3> <div class="popover-body" style="max-height:calc(100vh - 50px);overflow-y:auto"> <slot name="content"></slot> </div> </div> </template> <span slot="header"> <div
<path d="M9.058 17.5c-.505 0-.933-.175-1.283-.525a1.745 1.745 0 0 1-.525-1.283V4.308c0-.505.175-.933.525-1.283.35-.35.778-.525 1.283-.525h8.384c.505 0 .933.175 1.283.525.35.35.525.778.525 1.283v11.384c0 .505-.175.933-.525 1.283-.35.35-.778.525-1.283.525H9.058Zm0-1.5h8.384a.294.294 0 0 0 .212-.096.294.294 0 0 0 .096-.212V4.308a.294.294 0 0 0-.096-.212.294.294 0 0 0-.212-.096H9.058a.294.294 0 0 0-.212.096.294.294 0 0 0-.096.212v11.384c0 .077.032.148.096.212a.294.294 0 0 0 .212.096Zm-3.5 5c-.505 0-.933-.175-1.283-.525a1.745 1.745 0 0 1-.525-1.283V6.308h1.5v12.884c0 .077.032.148.096.212a.294.294 0 0 0 .212.096h9.884V21H5.558Z"></path>
</svg>
<!--?--> </a> </div> </span> <span slot="content"> <p><!--?lit$336419335$-->Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Renaming abusable system utilities to evade security monitoring is also a form of Masquerading.</p> <a target="_blank" class="btn btn-primary" href="https://attack.mitre.org/techniques/T1036/"> View on mitre </a> </span> </vt-ui-popover> </span> </div> <!--?lit$336419335$--> <div class="table-responsive"> <table class="table"> <thead> <tr> <th scope="col" class="fw-bold px-3">Severity</th> <th scope="col" class="fw-bold px-3">Description</th> <th scope="col" class="fw-bold px-3">Match</th> </tr> </thead> <tbody> <!--?lit$336419335$--><!----> <tr> <td><!--?lit$336419335$-->INFO</td> <td class="col-6"> <!--?lit$336419335$--><a href="https://www.virustotal.com/gui/search/behaviour%253A%2522Creates%2520files%2520inside%2520the%2520system%2520directory%2522"><!--?lit$336419335$-->Creates files inside the system directory</a> </td> <td class="col-6" style="max-width:0"> <!--?lit$336419335$--> <div class="vstack"> <!--?lit$336419335$--><!----><a class="text-truncate" title="C:\Windows\jikdfcd\" href="https://www.vir
<path d="M6.18844 18.4529C6.18844 18.4529 4.13057 16.586 3.59932 12.5028C3.06807 8.41949 4.75523 5.8289 6.88217 3.82163C9.00912 1.81437 12.1772 1.27818 14.3732 3.16859C16.5692 5.05899 18.3264 8.44208 15.9913 10.7528C15.9913 10.7528 12.7084 7.08884 7.99138 10.6359C4.75426 13.366 6.18844 18.4529 6.18844 18.4529Z" fill="#FF001D"></path>
<path d="M13.009 22C13.009 22 8.61594 21.2998 7.38317 17.0997C6.1504 12.8995 8.06134 10.9237 10.6203 10.2078C10.6203 10.2078 9.69595 12.4173 11.6526 12.9771C13.6093 13.5369 15.7985 13.1018 17.3553 10.69C17.3553 10.6585 18.049 9.7099 17.7562 6.73828C17.7562 6.73828 18.7116 8.60511 20.5 9.44475C20.5 9.44475 19.3752 10.6271 20.4533 12.93C20.4533 12.93 18.6503 13.4593 18.7574 15.8859C18.7574 15.8859 16.6304 15.8083 16.1527 18.4843C16.1527 18.4843 12.4699 18.6709 13.009 22Z" fill="#222222"></path>
</svg>
<!--?--> </div> </div><!----> </div><!--?--></template></vt-ui-sandbox-icon-row> <a target="_blank" href="https://www.virustotal.com/gui/search/attack_technique%253AT1055"> <!--?lit$336419335$-->Process Injection </a> <span role="button" class="badge rounded-pill bg-body-tertiary text-body-tertiary ms-2"> <!--?lit$336419335$-->T1055 <vt-ui-popover><template shadowrootmode="open"><!----> <div class="popover bs-popover-auto shadow" role="tooltip" data-popper-reference-hidden="" data-popper-escaped="" data-popper-placement="right" style="position: absolute; inset: 0px auto auto 0px; margin: 0px; transform: translate3d(6.82261px, 0px, 0px);"> <div data-popper-arrow="" class="popover-arrow position-absolute" style="position: absolute; top: 0px; transform: translate3d(0px, 0px, 0px);"></div> <h3 class="popover-header d-none "> <slot name="header"></slot> </h3> <div class="popover-body" style="max-height:calc(100vh - 50px);overflow-y:auto"> <slot name="content"></slot> </div> </div> </template> <span slot="header">
<path d="M9.058 17.5c-.505 0-.933-.175-1.283-.525a1.745 1.745 0 0 1-.525-1.283V4.308c0-.505.175-.933.525-1.283.35-.35.778-.525 1.283-.525h8.384c.505 0 .933.175 1.283.525.35.35.525.778.525 1.283v11.384c0 .505-.175.933-.525 1.283-.35.35-.778.525-1.283.525H9.058Zm0-1.5h8.384a.294.294 0 0 0 .212-.096.294.294 0 0 0 .096-.212V4.308a.294.294 0 0 0-.096-.212.294.294 0 0 0-.212-.096H9.058a.294.294 0 0 0-.212.096.294.294 0 0 0-.096.212v11.384c0 .077.032.148.096.212a.294.294 0 0 0 .212.096Zm-3.5 5c-.505 0-.933-.175-1.283-.525a1.745 1.745 0 0 1-.525-1.283V6.308h1.5v12.884c0 .077.032.148.096.212a.294.294 0 0 0 .212.096h9.884V21H5.558Z"></path>
</svg>
<!--?--> </a> </div> </span> <span slot="content"> <p><!--?lit$336419335$-->Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
There are many different ways to inject code into a process, many of which abuse legitimate functionalities. These implementations exist for every major OS but are typically platform specific.
More sophisticated samples may perform multiple process injections to segment modules and further evade detection, utilizing named pipes or other inter-process communication (IPC) mechanisms as a communication channel. </p> <a target="_blank" class="btn btn-primary" href="https://attack.mitre.org/techniques/T1055/"> View on mitre </a> </span> </vt-ui-popover> </span> </div> <!--?lit$336419335$--> <div class="table-responsive"> <table class="table"> <thead> <tr> <th scope="col" class="fw-bold px-3">Severity</th> <th scope="col" class="fw-bold px-3">Description</th> <th scope="col" class="fw-bold px-3">Match</th> </tr> </thead> <tbody> <!--?lit$336419335$--><!----> <tr> <td><!--?lit$336419335$-->UNKNOWN</td> <td class="col-6"> <!--?lit$336419335$--><a href="https://www.virustotal.com/gui/search/behaviour%253A%2522Adversaries%2520may%2520inject%2520code%2520into%2520processes%2520in%2520order%2520to%2520evade%2520process-based%2520defenses%2520as%2520well%2520as%2520possibly%2520elevate%2520privileges.%2522"><!-
<path d="M6.18844 18.4529C6.18844 18.4529 4.13057 16.586 3.59932 12.5028C3.06807 8.41949 4.75523 5.8289 6.88217 3.82163C9.00912 1.81437 12.1772 1.27818 14.3732 3.16859C16.5692 5.05899 18.3264 8.44208 15.9913 10.7528C15.9913 10.7528 12.7084 7.08884 7.99138 10.6359C4.75426 13.366 6.18844 18.4529 6.18844 18.4529Z" fill="#FF001D"></path>
<path d="M13.009 22C13.009 22 8.61594 21.2998 7.38317 17.0997C6.1504 12.8995 8.06134 10.9237 10.6203 10.2078C10.6203 10.2078 9.69595 12.4173 11.6526 12.9771C13.6093 13.5369 15.7985 13.1018 17.3553 10.69C17.3553 10.6585 18.049 9.7099 17.7562 6.73828C17.7562 6.73828 18.7116 8.60511 20.5 9.44475C20.5 9.44475 19.3752 10.6271 20.4533 12.93C20.4533 12.93 18.6503 13.4593 18.7574 15.8859C18.7574 15.8859 16.6304 15.8083 16.1527 18.4843C16.1527 18.4843 12.4699 18.6709 13.009 22Z" fill="#222222"></path>
</svg>
<!--?--> </div> </div><!----><!----><div class="box rounded-circle d-inline-flex align-middle bg-body attributed border icon-margin "> <!--?lit$336419335$--><div data-tooltip-position="right" data-tooltip-text="Zenbox"> <!--?lit$336419335$--><!--?lit$336419335$--><svg width="1em" height="1em" viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg">
<path fill-rule="evenodd" clip-rule="evenodd" d="M11.8125 3.625V9.25L8.4375 10.8125L3.625 7.375L11.8125 3.625ZM15.8703 10.7525L12 12.8125L9.4375 10.75L12.4375 9.125L12.625 9.21364V3.625L20.8125 7.375L16 10.8125L15.8703 10.7525Z" fill="#86AAF9"></path>
<path fill-rule="evenodd" clip-rule="evenodd" d="M2.9375 8.125V16L11.875 20.9375V13L2.9375 8.125ZM21.6875 8.4375V16.3125L12.75 21.25V13.3125L21.6875 8.4375Z" fill="#CFDDFC"></path>
<path d="M21.7247 6.85182L12.9174 2.13603C12.6422 1.95466 12.367 1.95466 12.0917 2.13603L2.55046 6.85182C2.27522 7.0332 2.09174 7.30526 2 7.66801V15.9206C2 16.2834 2.18349 16.5555 2.45871 16.7368L11.5413 21.906C11.6821 21.9794 11.8414 22.0108 12 21.9967H12.2752C12.367 21.9967 12.4587 21.906 12.4587 21.906L21.5413 16.8275C21.8164 16.6461 22 16.374 22 16.0114V7.84939C22 7.3125 21.9778 7.01857 21.7247 6.85182ZM12.367 11.9304L10.8073 11.0235L12.4587 10.1166L14.0183 10.9328L12.367 11.9304ZM15.8531 9.84457L13.4679 8.57489V4.58462L19.3394 7.7587L15.8531 9.84457ZM11.633 4.31255V8.39352L8.97246 9.93524L4.93577 7.66801L11.633 4.31255ZM3.83485 9.20972L11.1743 13.2907V19.4575L3.83485 15.2858V9.20972ZM13.0092 19.4575V13.6535L20.3485 9.3004V15.3765L13.0092 19.4575Z" fill="#0B4DDA"></path>
</svg>
<!--?--> </div> </div><!----> </div><!--?--></template></vt-ui-sandbox-icon-row> <a target="_blank" href="https://www.virustotal.com/gui/search/attack_technique%253AT1070"> <!--?lit$336419335$-->Indicator Removal </a> <span role="button" class="badge rounded-pill bg-body-tertiary text-body-tertiary ms-2"> <!--?lit$336419335$-->T1070 <vt-ui-popover><template shadowrootmode="open"><!----> <div class="popover bs-popover-auto shadow" role="tooltip" data-popper-reference-hidden="" data-popper-escaped="" data-popper-placement="right" style="position: absolute; inset: 0px auto auto 0px; margin: 0px; transform: translate3d(6.82261px, 0px, 0px);"> <div data-popper-arrow="" class="popover-arrow position-absolute" style="position: absolute; top: 0px; transform: translate3d(0px, 0px, 0px);"></div> <h3 class="popover-header d-none "> <slot name="header"></slot> </h3> <div class="popover-body" style="max-height:calc(100vh - 50px);overflow-y:auto"> <slot name="content"></slot> </div> </div> </template> <span slot="header">
<path d="M9.058 17.5c-.505 0-.933-.175-1.283-.525a1.745 1.745 0 0 1-.525-1.283V4.308c0-.505.175-.933.525-1.283.35-.35.778-.525 1.283-.525h8.384c.505 0 .933.175 1.283.525.35.35.525.778.525 1.283v11.384c0 .505-.175.933-.525 1.283-.35.35-.778.525-1.283.525H9.058Zm0-1.5h8.384a.294.294 0 0 0 .212-.096.294.294 0 0 0 .096-.212V4.308a.294.294 0 0 0-.096-.212.294.294 0 0 0-.212-.096H9.058a.294.294 0 0 0-.212.096.294.294 0 0 0-.096.212v11.384c0 .077.032.148.096.212a.294.294 0 0 0 .212.096Zm-3.5 5c-.505 0-.933-.175-1.283-.525a1.745 1.745 0 0 1-.525-1.283V6.308h1.5v12.884c0 .077.032.148.096.212a.294.294 0 0 0 .212.096h9.884V21H5.558Z"></path>
</svg>
<!--?--> </a> </div> </span> <span slot="content"> <p><!--?lit$336419335$-->Adversaries may delete or modify artifacts generated within systems to remove evidence of their presence or hinder defenses. Various artifacts may be created by an adversary or something that can be attributed to an adversary
s actions. Typically these artifacts are used as defensive indicators related to monitored events, such as strings from downloaded files, logs that are generated from user actions, and other data analyzed by defenders. Location, format, and type of artifact (such as command or login history) are often specific to each platform.
Removal of these indicators may interfere with event collection, reporting, or other processes used to detect intrusion activity. This may compromise the integrity of security solutions by causing notable events to go unreported. This activity may also impede forensic analysis and incident response, due to lack of sufficient data to determine what occurred.</p> <a target="_blank" class="btn btn-primary" href="https://attack.mitre.org/techniques/T1070/"> View on mitre </a> </span> </vt-ui-popover> </span> </div> <!--?lit$336419335$--> <div class="table-responsive"> <table class="table"> <thead> <tr> <th scope="col" class="fw-bold px-3">Severity</th> <th scope="col" class="fw-bold px-3">Description</th> <th scope="col" class="fw-bold px-3">Match</th> </tr> </thead> <tbody> <!--?lit$336419335$--><!----> <tr> <td><!--?lit$336419335$-->UNKNOWN</td> <td class="col-6"> <!--?lit$336419335$--><a href="https://www.virustotal.com/gui/search/behaviour%253A%2522Adversaries%2520may%2520delete%2520or%2520modify%2520artifact
<path fill-rule="evenodd" clip-rule="evenodd" d="M11.8125 3.625V9.25L8.4375 10.8125L3.625 7.375L11.8125 3.625ZM15.8703 10.7525L12 12.8125L9.4375 10.75L12.4375 9.125L12.625 9.21364V3.625L20.8125 7.375L16 10.8125L15.8703 10.7525Z" fill="#86AAF9"></path>
<path fill-rule="evenodd" clip-rule="evenodd" d="M2.9375 8.125V16L11.875 20.9375V13L2.9375 8.125ZM21.6875 8.4375V16.3125L12.75 21.25V13.3125L21.6875 8.4375Z" fill="#CFDDFC"></path>
<path d="M21.7247 6.85182L12.9174 2.13603C12.6422 1.95466 12.367 1.95466 12.0917 2.13603L2.55046 6.85182C2.27522 7.0332 2.09174 7.30526 2 7.66801V15.9206C2 16.2834 2.18349 16.5555 2.45871 16.7368L11.5413 21.906C11.6821 21.9794 11.8414 22.0108 12 21.9967H12.2752C12.367 21.9967 12.4587 21.906 12.4587 21.906L21.5413 16.8275C21.8164 16.6461 22 16.374 22 16.0114V7.84939C22 7.3125 21.9778 7.01857 21.7247 6.85182ZM12.367 11.9304L10.8073 11.0235L12.4587 10.1166L14.0183 10.9328L12.367 11.9304ZM15.8531 9.84457L13.4679 8.57489V4.58462L19.3394 7.7587L15.8531 9.84457ZM11.633 4.31255V8.39352L8.97246 9.93524L4.93577 7.66801L11.633 4.31255ZM3.83485 9.20972L11.1743 13.2907V19.4575L3.83485 15.2858V9.20972ZM13.0092 19.4575V13.6535L20.3485 9.3004V15.3765L13.0092 19.4575Z" fill="#0B4DDA"></path>
</svg>
<!--?--> </div> </div><!----> </div><!--?--></template></vt-ui-sandbox-icon-row> <a target="_blank" href="https://www.virustotal.com/gui/search/attack_technique%253AT1070.004"> <!--?lit$336419335$-->File Deletion </a> <span role="button" class="badge rounded-pill bg-body-tertiary text-body-tertiary ms-2"> <!--?lit$336419335$-->T1070.004 <vt-ui-popover><template shadowrootmode="open"><!----> <div class="popover bs-popover-auto shadow" role="tooltip" data-popper-reference-hidden="" data-popper-escaped="" data-popper-placement="right" style="position: absolute; inset: 0px auto auto 0px; margin: 0px; transform: translate3d(6.82261px, 0px, 0px);"> <div data-popper-arrow="" class="popover-arrow position-absolute" style="position: absolute; top: 0px; transform: translate3d(0px, 0px, 0px);"></div> <h3 class="popover-header d-none "> <slot name="header"></slot> </h3> <div class="popover-body" style="max-height:calc(100vh - 50px);overflow-y:auto"> <slot name="content"></slot> </div> </div> </template> <span slot="head
<path d="M9.058 17.5c-.505 0-.933-.175-1.283-.525a1.745 1.745 0 0 1-.525-1.283V4.308c0-.505.175-.933.525-1.283.35-.35.778-.525 1.283-.525h8.384c.505 0 .933.175 1.283.525.35.35.525.778.525 1.283v11.384c0 .505-.175.933-.525 1.283-.35.35-.778.525-1.283.525H9.058Zm0-1.5h8.384a.294.294 0 0 0 .212-.096.294.294 0 0 0 .096-.212V4.308a.294.294 0 0 0-.096-.212.294.294 0 0 0-.212-.096H9.058a.294.294 0 0 0-.212.096.294.294 0 0 0-.096.212v11.384c0 .077.032.148.096.212a.294.294 0 0 0 .212.096Zm-3.5 5c-.505 0-.933-.175-1.283-.525a1.745 1.745 0 0 1-.525-1.283V6.308h1.5v12.884c0 .077.032.148.096.212a.294.294 0 0 0 .212.096h9.884V21H5.558Z"></path>
</svg>
<!--?--> </a> </div> </span> <span slot="content"> <p><!--?lit$336419335$-->Adversaries may delete files left behind by the actions of their intrusion activity. Malware, tools, or other non-native files dropped or created on a system by an adversary (ex: Ingress Tool Transfer) may leave traces to indicate to what was done within a network and how. Removal of these files can occur during an intrusion, or as part of a post-intrusion process to minimize the adversary's footprint.
There are tools available from the host operating system to perform cleanup, but adversaries may use other tools as well. Examples of built-in Command and Scripting Interpreter functions include del on Windows, rm or unlink on Linux and macOS, and rm on ESXi.</p> <a target="_blank" class="btn btn-primary" href="https://attack.mitre.org/techniques/T1070/004/"> View on mitre </a> </span> </vt-ui-popover> </span> </div> <!--?lit$336419335$--> <div class="table-responsive"> <table class="table"> <thead> <tr> <th scope="col" class="fw-bold px-3">Severity</th> <th scope="col" class="fw-bold px-3">Description</th> <th scope="col" class="fw-bold px-3">Match</th> </tr> </thead> <tbody> <!--?lit$336419335$--><!----> <tr> <td><!--?lit$336419335$-->INFO</td> <td class="col-6"> <!--?lit$336419335$--><a href="https://www.virustotal.com/gui/search/behaviour%253A%2522Deletes%2520files%2520inside%2520the%2520Windows%2520folder%2522"><!--?lit$336419335$-->Deletes files inside the Windows folder</a> </td> <td class="col-6" styl
<path d="M6.18844 18.4529C6.18844 18.4529 4.13057 16.586 3.59932 12.5028C3.06807 8.41949 4.75523 5.8289 6.88217 3.82163C9.00912 1.81437 12.1772 1.27818 14.3732 3.16859C16.5692 5.05899 18.3264 8.44208 15.9913 10.7528C15.9913 10.7528 12.7084 7.08884 7.99138 10.6359C4.75426 13.366 6.18844 18.4529 6.18844 18.4529Z" fill="#FF001D"></path>
<path d="M13.009 22C13.009 22 8.61594 21.2998 7.38317 17.0997C6.1504 12.8995 8.06134 10.9237 10.6203 10.2078C10.6203 10.2078 9.69595 12.4173 11.6526 12.9771C13.6093 13.5369 15.7985 13.1018 17.3553 10.69C17.3553 10.6585 18.049 9.7099 17.7562 6.73828C17.7562 6.73828 18.7116 8.60511 20.5 9.44475C20.5 9.44475 19.3752 10.6271 20.4533 12.93C20.4533 12.93 18.6503 13.4593 18.7574 15.8859C18.7574 15.8859 16.6304 15.8083 16.1527 18.4843C16.1527 18.4843 12.4699 18.6709 13.009 22Z" fill="#222222"></path>
</svg>
<!--?--> </div> </div><!----> </div><!--?--></template></vt-ui-sandbox-icon-row> <a target="_blank" href="https://www.virustotal.com/gui/search/attack_technique%253AT1112"> <!--?lit$336419335$-->Modify Registry </a> <span role="button" class="badge rounded-pill bg-body-tertiary text-body-tertiary ms-2"> <!--?lit$336419335$-->T1112 <vt-ui-popover><template shadowrootmode="open"><!----> <div class="popover bs-popover-auto shadow" role="tooltip" data-popper-reference-hidden="" data-popper-escaped="" data-popper-placement="right" style="position: absolute; inset: 0px auto auto 0px; margin: 0px; transform: translate3d(6.82261px, 0px, 0px);"> <div data-popper-arrow="" class="popover-arrow position-absolute" style="position: absolute; top: 0px; transform: translate3d(0px, 0px, 0px);"></div> <h3 class="popover-header d-none "> <slot name="header"></slot> </h3> <div class="popover-body" style="max-height:calc(100vh - 50px);overflow-y:auto"> <slot name="content"></slot> </div> </div> </template> <span slot="header"> <
<path d="M9.058 17.5c-.505 0-.933-.175-1.283-.525a1.745 1.745 0 0 1-.525-1.283V4.308c0-.505.175-.933.525-1.283.35-.35.778-.525 1.283-.525h8.384c.505 0 .933.175 1.283.525.35.35.525.778.525 1.283v11.384c0 .505-.175.933-.525 1.283-.35.35-.778.525-1.283.525H9.058Zm0-1.5h8.384a.294.294 0 0 0 .212-.096.294.294 0 0 0 .096-.212V4.308a.294.294 0 0 0-.096-.212.294.294 0 0 0-.212-.096H9.058a.294.294 0 0 0-.212.096.294.294 0 0 0-.096.212v11.384c0 .077.032.148.096.212a.294.294 0 0 0 .212.096Zm-3.5 5c-.505 0-.933-.175-1.283-.525a1.745 1.745 0 0 1-.525-1.283V6.308h1.5v12.884c0 .077.032.148.096.212a.294.294 0 0 0 .212.096h9.884V21H5.558Z"></path>
</svg>
<!--?--> </a> </div> </span> <span slot="content"> <p><!--?lit$336419335$-->Adversaries may interact with the Windows Registry as part of a variety of other techniques to aid in defense evasion, persistence, and execution.
Access to specific areas of the Registry depends on account permissions, with some keys requiring administrator-level access. The built-in Windows command-line utility Reg may be used for local or remote Registry modification. Other tools, such as remote access tools, may also contain functionality to interact with the Registry through the Windows API.
The Registry may be modified in order to hide configuration information or malicious payloads via Obfuscated Files or Information. The Registry may also be modified to Impair Defenses, such as by enabling macros for all Microsoft Office products, allowing privilege escalation without alerting the user, increasing the maximum number of allowed outbound requests, and/or modifying systems to store plaintext credentials in memory.
The Registry of a remote system may be modified to aid in execution of files as part of lateral movement. It requires the remote Registry service to be running on the target system. Often Valid Accounts are required, along with access to the remote system's SMB/Windows Admin Shares for RPC communication.
Finally, Registry modifications may also include actions to hide keys, such as prepending key names with a null character, which will cause an error and/or be ignored when read via Reg or other utilities using the Win32 API. Adversaries may abuse these pseudo-hidden keys to conceal payloads/commands used to maintain persistence.</p> <a target="_blank" class="btn btn-primary" href="https://attack.mitre.org/techniques/T1112/"> View on mitre </a> </span> </vt-ui-popover> </span> </div> <!--?lit$336419335$--> <div class="table-responsive"> <table class="table"> <thead> <tr> <th scope="col" class="fw-bold px-3">Severity</th> <th scope="col" class="fw-bold px-3">Description</th> <th scope="col" class="fw-bold px-3">Match</th> </tr> </thead> <tbody> <!--?lit$336419335$--><!----> <tr> <td><!--?lit$336419335$-->UNKNOWN</td> <td class="col-6"> <!--?lit$336419335$--><a href="https://www.virustotal.com/gui/search/behaviour%253A%2522Adversaries%2520may%2520interact%2520with%2520the%2520Windows%2520Registry%2520to%2520hide
<path fill-rule="evenodd" clip-rule="evenodd" d="M11.8125 3.625V9.25L8.4375 10.8125L3.625 7.375L11.8125 3.625ZM15.8703 10.7525L12 12.8125L9.4375 10.75L12.4375 9.125L12.625 9.21364V3.625L20.8125 7.375L16 10.8125L15.8703 10.7525Z" fill="#86AAF9"></path>
<path fill-rule="evenodd" clip-rule="evenodd" d="M2.9375 8.125V16L11.875 20.9375V13L2.9375 8.125ZM21.6875 8.4375V16.3125L12.75 21.25V13.3125L21.6875 8.4375Z" fill="#CFDDFC"></path>
<path d="M21.7247 6.85182L12.9174 2.13603C12.6422 1.95466 12.367 1.95466 12.0917 2.13603L2.55046 6.85182C2.27522 7.0332 2.09174 7.30526 2 7.66801V15.9206C2 16.2834 2.18349 16.5555 2.45871 16.7368L11.5413 21.906C11.6821 21.9794 11.8414 22.0108 12 21.9967H12.2752C12.367 21.9967 12.4587 21.906 12.4587 21.906L21.5413 16.8275C21.8164 16.6461 22 16.374 22 16.0114V7.84939C22 7.3125 21.9778 7.01857 21.7247 6.85182ZM12.367 11.9304L10.8073 11.0235L12.4587 10.1166L14.0183 10.9328L12.367 11.9304ZM15.8531 9.84457L13.4679 8.57489V4.58462L19.3394 7.7587L15.8531 9.84457ZM11.633 4.31255V8.39352L8.97246 9.93524L4.93577 7.66801L11.633 4.31255ZM3.83485 9.20972L11.1743 13.2907V19.4575L3.83485 15.2858V9.20972ZM13.0092 19.4575V13.6535L20.3485 9.3004V15.3765L13.0092 19.4575Z" fill="#0B4DDA"></path>
</svg>
<!--?--> </div> </div><!----> </div><!--?--></template></vt-ui-sandbox-icon-row> <a target="_blank" href="https://www.virustotal.com/gui/search/attack_technique%253AT1497"> <!--?lit$336419335$-->Virtualization/Sandbox Evasion </a> <span role="button" class="badge rounded-pill bg-body-tertiary text-body-tertiary ms-2"> <!--?lit$336419335$-->T1497 <vt-ui-popover><template shadowrootmode="open"><!----> <div class="popover bs-popover-auto shadow" role="tooltip" data-popper-reference-hidden="" data-popper-escaped="" data-popper-placement="right" style="position: absolute; inset: 0px auto auto 0px; margin: 0px; transform: translate3d(6.82261px, 0px, 0px);"> <div data-popper-arrow="" class="popover-arrow position-absolute" style="position: absolute; top: 0px; transform: translate3d(0px, 0px, 0px);"></div> <h3 class="popover-header d-none "> <slot name="header"></slot> </h3> <div class="popover-body" style="max-height:calc(100vh - 50px);overflow-y:auto"> <slot name="content"></slot> </div> </div> </template> <span s
<path d="M9.058 17.5c-.505 0-.933-.175-1.283-.525a1.745 1.745 0 0 1-.525-1.283V4.308c0-.505.175-.933.525-1.283.35-.35.778-.525 1.283-.525h8.384c.505 0 .933.175 1.283.525.35.35.525.778.525 1.283v11.384c0 .505-.175.933-.525 1.283-.35.35-.778.525-1.283.525H9.058Zm0-1.5h8.384a.294.294 0 0 0 .212-.096.294.294 0 0 0 .096-.212V4.308a.294.294 0 0 0-.096-.212.294.294 0 0 0-.212-.096H9.058a.294.294 0 0 0-.212.096.294.294 0 0 0-.096.212v11.384c0 .077.032.148.096.212a.294.294 0 0 0 .212.096Zm-3.5 5c-.505 0-.933-.175-1.283-.525a1.745 1.745 0 0 1-.525-1.283V6.308h1.5v12.884c0 .077.032.148.096.212a.294.294 0 0 0 .212.096h9.884V21H5.558Z"></path>
</svg>
<!--?--> </a> </div> </span> <span slot="content"> <p><!--?lit$336419335$-->Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from Virtualization/Sandbox Evasion during automated discovery to shape follow-on behaviors.
Adversaries may use several methods to accomplish Virtualization/Sandbox Evasion such as checking for security monitoring tools (e.g., Sysinternals, Wireshark, etc.) or other system artifacts associated with analysis or virtualization. Adversaries may also check for legitimate user activity to help determine if it is in an analysis environment. Additional methods include use of sleep timers or loops within malware code to avoid operating within a temporary sandbox.</p> <a target="_blank" class="btn btn-primary" href="https://attack.mitre.org/techniques/T1497/"> View on mitre </a> </span> </vt-ui-popover> </span> </div> <!--?lit$336419335$--> <div class="table-responsive"> <table class="table"> <thead> <tr> <th scope="col" class="fw-bold px-3">Severity</th> <th scope="col" class="fw-bold px-3">Description</th> <th scope="col" class="fw-bold px-3">Match</th> </tr> </thead> <tbody> <!--?lit$336419335$--><!----> <tr> <td><!--?lit$336419335$-->INFO</td> <td class="col-6"> <!--?lit$336419335$--><a href="https://www
<path d="M6.18844 18.4529C6.18844 18.4529 4.13057 16.586 3.59932 12.5028C3.06807 8.41949 4.75523 5.8289 6.88217 3.82163C9.00912 1.81437 12.1772 1.27818 14.3732 3.16859C16.5692 5.05899 18.3264 8.44208 15.9913 10.7528C15.9913 10.7528 12.7084 7.08884 7.99138 10.6359C4.75426 13.366 6.18844 18.4529 6.18844 18.4529Z" fill="#FF001D"></path>
<path d="M13.009 22C13.009 22 8.61594 21.2998 7.38317 17.0997C6.1504 12.8995 8.06134 10.9237 10.6203 10.2078C10.6203 10.2078 9.69595 12.4173 11.6526 12.9771C13.6093 13.5369 15.7985 13.1018 17.3553 10.69C17.3553 10.6585 18.049 9.7099 17.7562 6.73828C17.7562 6.73828 18.7116 8.60511 20.5 9.44475C20.5 9.44475 19.3752 10.6271 20.4533 12.93C20.4533 12.93 18.6503 13.4593 18.7574 15.8859C18.7574 15.8859 16.6304 15.8083 16.1527 18.4843C16.1527 18.4843 12.4699 18.6709 13.009 22Z" fill="#222222"></path>
</svg>
<!--?--> </div> </div><!----> </div><!--?--></template></vt-ui-sandbox-icon-row> <a target="_blank" href="https://www.virustotal.com/gui/search/attack_technique%253AT1542"> <!--?lit$336419335$-->Pre-OS Boot </a> <span role="button" class="badge rounded-pill bg-body-tertiary text-body-tertiary ms-2"> <!--?lit$336419335$-->T1542 <vt-ui-popover><template shadowrootmode="open"><!----> <div class="popover bs-popover-auto shadow" role="tooltip" data-popper-reference-hidden="" data-popper-escaped="" data-popper-placement="right" style="position: absolute; inset: 0px auto auto 0px; margin: 0px; transform: translate3d(6.82261px, 0px, 0px);"> <div data-popper-arrow="" class="popover-arrow position-absolute" style="position: absolute; top: 0px; transform: translate3d(0px, 0px, 0px);"></div> <h3 class="popover-header d-none "> <slot name="header"></slot> </h3> <div class="popover-body" style="max-height:calc(100vh - 50px);overflow-y:auto"> <slot name="content"></slot> </div> </div> </template> <span slot="header"> <div
<path d="M9.058 17.5c-.505 0-.933-.175-1.283-.525a1.745 1.745 0 0 1-.525-1.283V4.308c0-.505.175-.933.525-1.283.35-.35.778-.525 1.283-.525h8.384c.505 0 .933.175 1.283.525.35.35.525.778.525 1.283v11.384c0 .505-.175.933-.525 1.283-.35.35-.778.525-1.283.525H9.058Zm0-1.5h8.384a.294.294 0 0 0 .212-.096.294.294 0 0 0 .096-.212V4.308a.294.294 0 0 0-.096-.212.294.294 0 0 0-.212-.096H9.058a.294.294 0 0 0-.212.096.294.294 0 0 0-.096.212v11.384c0 .077.032.148.096.212a.294.294 0 0 0 .212.096Zm-3.5 5c-.505 0-.933-.175-1.283-.525a1.745 1.745 0 0 1-.525-1.283V6.308h1.5v12.884c0 .077.032.148.096.212a.294.294 0 0 0 .212.096h9.884V21H5.558Z"></path>
</svg>
<!--?--> </a> </div> </span> <span slot="content"> <p><!--?lit$336419335$-->Adversaries may abuse Pre-OS Boot mechanisms as a way to establish persistence on a system. During the booting process of a computer, firmware and various startup services are loaded before the operating system. These programs control flow of execution before the operating system takes control.
Adversaries may overwrite data in boot drivers or firmware such as BIOS (Basic Input/Output System) and The Unified Extensible Firmware Interface (UEFI) to persist on systems at a layer below the operating system. This can be particularly difficult to detect as malware at this level will not be detected by host software-based defenses.</p> <a target="_blank" class="btn btn-primary" href="https://attack.mitre.org/techniques/T1542/"> View on mitre </a> </span> </vt-ui-popover> </span> </div> <!--?lit$336419335$--> <div class="table-responsive"> <table class="table"> <thead> <tr> <th scope="col" class="fw-bold px-3">Severity</th> <th scope="col" class="fw-bold px-3">Description</th> <th scope="col" class="fw-bold px-3">Match</th> </tr> </thead> <tbody> <!--?lit$336419335$--><!----> <tr> <td><!--?lit$336419335$-->UNKNOWN</td> <td class="col-6"> <!--?lit$336419335$--><a href="https://www.virustotal.com/gui/search/behaviour%253A%2522Adversaries%2520may%2520abuse%2520Pre-OS%2520Boot%2520mechanisms%2520as%2520a%2520w
<path d="M6.18844 18.4529C6.18844 18.4529 4.13057 16.586 3.59932 12.5028C3.06807 8.41949 4.75523 5.8289 6.88217 3.82163C9.00912 1.81437 12.1772 1.27818 14.3732 3.16859C16.5692 5.05899 18.3264 8.44208 15.9913 10.7528C15.9913 10.7528 12.7084 7.08884 7.99138 10.6359C4.75426 13.366 6.18844 18.4529 6.18844 18.4529Z" fill="#FF001D"></path>
<path d="M13.009 22C13.009 22 8.61594 21.2998 7.38317 17.0997C6.1504 12.8995 8.06134 10.9237 10.6203 10.2078C10.6203 10.2078 9.69595 12.4173 11.6526 12.9771C13.6093 13.5369 15.7985 13.1018 17.3553 10.69C17.3553 10.6585 18.049 9.7099 17.7562 6.73828C17.7562 6.73828 18.7116 8.60511 20.5 9.44475C20.5 9.44475 19.3752 10.6271 20.4533 12.93C20.4533 12.93 18.6503 13.4593 18.7574 15.8859C18.7574 15.8859 16.6304 15.8083 16.1527 18.4843C16.1527 18.4843 12.4699 18.6709 13.009 22Z" fill="#222222"></path>
</svg>
<!--?--> </div> </div><!----> </div><!--?--></template></vt-ui-sandbox-icon-row> <a target="_blank" href="https://www.virustotal.com/gui/search/attack_technique%253AT1542.003"> <!--?lit$336419335$-->Bootkit </a> <span role="button" class="badge rounded-pill bg-body-tertiary text-body-tertiary ms-2"> <!--?lit$336419335$-->T1542.003 <vt-ui-popover><template shadowrootmode="open"><!----> <div class="popover bs-popover-auto shadow" role="tooltip" data-popper-reference-hidden="" data-popper-escaped="" data-popper-placement="right" style="position: absolute; inset: 0px auto auto 0px; margin: 0px; transform: translate3d(6.82261px, 0px, 0px);"> <div data-popper-arrow="" class="popover-arrow position-absolute" style="position: absolute; top: 0px; transform: translate3d(0px, 0px, 0px);"></div> <h3 class="popover-header d-none "> <slot name="header"></slot> </h3> <div class="popover-body" style="max-height:calc(100vh - 50px);overflow-y:auto"> <slot name="content"></slot> </div> </div> </template> <span slot="header"> <
<path d="M9.058 17.5c-.505 0-.933-.175-1.283-.525a1.745 1.745 0 0 1-.525-1.283V4.308c0-.505.175-.933.525-1.283.35-.35.778-.525 1.283-.525h8.384c.505 0 .933.175 1.283.525.35.35.525.778.525 1.283v11.384c0 .505-.175.933-.525 1.283-.35.35-.778.525-1.283.525H9.058Zm0-1.5h8.384a.294.294 0 0 0 .212-.096.294.294 0 0 0 .096-.212V4.308a.294.294 0 0 0-.096-.212.294.294 0 0 0-.212-.096H9.058a.294.294 0 0 0-.212.096.294.294 0 0 0-.096.212v11.384c0 .077.032.148.096.212a.294.294 0 0 0 .212.096Zm-3.5 5c-.505 0-.933-.175-1.283-.525a1.745 1.745 0 0 1-.525-1.283V6.308h1.5v12.884c0 .077.032.148.096.212a.294.294 0 0 0 .212.096h9.884V21H5.558Z"></path>
</svg>
<!--?--> </a> </div> </span> <span slot="content"> <p><!--?lit$336419335$-->Adversaries may use bootkits to persist on systems. A bootkit is a malware variant that modifies the boot sectors of a hard drive, allowing malicious code to execute before a computer's operating system has loaded. Bootkits reside at a layer below the operating system and may make it difficult to perform full remediation unless an organization suspects one was used and can act accordingly.
In BIOS systems, a bootkit may modify the Master Boot Record (MBR) and/or Volume Boot Record (VBR). The MBR is the section of disk that is first loaded after completing hardware initialization by the BIOS. It is the location of the boot loader. An adversary who has raw access to the boot drive may overwrite this area, diverting execution during startup from the normal boot loader to adversary code.
The MBR passes control of the boot process to the VBR. Similar to the case of MBR, an adversary who has raw access to the boot drive may overwrite the VBR to divert execution during startup to adversary code.
In UEFI (Unified Extensible Firmware Interface) systems, a bootkit may instead create or modify files in the EFI system partition (ESP). The ESP is a partition on data storage used by devices containing UEFI that allows the system to boot the OS and other utilities used by the system. An adversary can use the newly created or patched files in the ESP to run malicious kernel code.</p> <a target="_blank" class="btn btn-primary" href="https://attack.mitre.org/techniques/T1542/003/"> View on mitre </a> </span> </vt-ui-popover> </span> </div> <!--?lit$336419335$--> <div class="table-responsive"> <table class="table"> <thead> <tr> <th scope="col" class="fw-bold px-3">Severity</th> <th scope="col" class="fw-bold px-3">Description</th> <th scope="col" class="fw-bold px-3">Match</th> </tr> </thead> <tbody> <!--?lit$336419335$--><!----> <tr> <td><!--?lit$336419335$-->UNKNOWN</td> <td class="col-6"> <!--?lit$336419335$--><a href="https://www.virustotal.com/gui/search/behaviour%253A%2522Adversaries%2520may%2520use%2520bo
<path d="M6.18844 18.4529C6.18844 18.4529 4.13057 16.586 3.59932 12.5028C3.06807 8.41949 4.75523 5.8289 6.88217 3.82163C9.00912 1.81437 12.1772 1.27818 14.3732 3.16859C16.5692 5.05899 18.3264 8.44208 15.9913 10.7528C15.9913 10.7528 12.7084 7.08884 7.99138 10.6359C4.75426 13.366 6.18844 18.4529 6.18844 18.4529Z" fill="#FF001D"></path>
<path d="M13.009 22C13.009 22 8.61594 21.2998 7.38317 17.0997C6.1504 12.8995 8.06134 10.9237 10.6203 10.2078C10.6203 10.2078 9.69595 12.4173 11.6526 12.9771C13.6093 13.5369 15.7985 13.1018 17.3553 10.69C17.3553 10.6585 18.049 9.7099 17.7562 6.73828C17.7562 6.73828 18.7116 8.60511 20.5 9.44475C20.5 9.44475 19.3752 10.6271 20.4533 12.93C20.4533 12.93 18.6503 13.4593 18.7574 15.8859C18.7574 15.8859 16.6304 15.8083 16.1527 18.4843C16.1527 18.4843 12.4699 18.6709 13.009 22Z" fill="#222222"></path>
</svg>
<!--?--> </div> </div><!----> </div><!--?--></template></vt-ui-sandbox-icon-row> <a target="_blank" href="https://www.virustotal.com/gui/search/attack_technique%253AT1564"> <!--?lit$336419335$-->Hide Artifacts </a> <span role="button" class="badge rounded-pill bg-body-tertiary text-body-tertiary ms-2"> <!--?lit$336419335$-->T1564 <vt-ui-popover><template shadowrootmode="open"><!----> <div class="popover bs-popover-auto shadow" role="tooltip" data-popper-reference-hidden="" data-popper-escaped="" data-popper-placement="right" style="position: absolute; inset: 0px auto auto 0px; margin: 0px; transform: translate3d(6.82261px, 0px, 0px);"> <div data-popper-arrow="" class="popover-arrow position-absolute" style="position: absolute; top: 0px; transform: translate3d(0px, 0px, 0px);"></div> <h3 class="popover-header d-none "> <slot name="header"></slot> </h3> <div class="popover-body" style="max-height:calc(100vh - 50px);overflow-y:auto"> <slot name="content"></slot> </div> </div> </template> <span slot="header"> <d
<path d="M9.058 17.5c-.505 0-.933-.175-1.283-.525a1.745 1.745 0 0 1-.525-1.283V4.308c0-.505.175-.933.525-1.283.35-.35.778-.525 1.283-.525h8.384c.505 0 .933.175 1.283.525.35.35.525.778.525 1.283v11.384c0 .505-.175.933-.525 1.283-.35.35-.778.525-1.283.525H9.058Zm0-1.5h8.384a.294.294 0 0 0 .212-.096.294.294 0 0 0 .096-.212V4.308a.294.294 0 0 0-.096-.212.294.294 0 0 0-.212-.096H9.058a.294.294 0 0 0-.212.096.294.294 0 0 0-.096.212v11.384c0 .077.032.148.096.212a.294.294 0 0 0 .212.096Zm-3.5 5c-.505 0-.933-.175-1.283-.525a1.745 1.745 0 0 1-.525-1.283V6.308h1.5v12.884c0 .077.032.148.096.212a.294.294 0 0 0 .212.096h9.884V21H5.558Z"></path>
</svg>
<!--?--> </a> </div> </span> <span slot="content"> <p><!--?lit$336419335$-->Adversaries may attempt to hide artifacts associated with their behaviors to evade detection. Operating systems may have features to hide various artifacts, such as important system files and administrative task execution, to avoid disrupting user work environments and prevent users from changing files or features on the system. Adversaries may abuse these features to hide artifacts such as files, directories, user accounts, or other system activity to evade detection.
Adversaries may also attempt to hide artifacts associated with malicious behavior by creating computing regions that are isolated from common security instrumentation, such as through the use of virtualization technology.</p> <a target="_blank" class="btn btn-primary" href="https://attack.mitre.org/techniques/T1564/"> View on mitre </a> </span> </vt-ui-popover> </span> </div> <!--?lit$336419335$--> <div class="table-responsive"> <table class="table"> <thead> <tr> <th scope="col" class="fw-bold px-3">Severity</th> <th scope="col" class="fw-bold px-3">Description</th> <th scope="col" class="fw-bold px-3">Match</th> </tr> </thead> <tbody> <!--?lit$336419335$--><!----> <tr> <td><!--?lit$336419335$-->UNKNOWN</td> <td class="col-6"> <!--?lit$336419335$--><a href="https://www.virustotal.com/gui/search/behaviour%253A%2522Adversaries%2520may%2520attempt%2520to%2520hide%2520artifacts%2520associated%2520with%2520their%2520behaviors%2520to%2520evade%2520detection.%2522"><!--?lit$336419335$-->Adversaries may attempt to hi
<path d="M6.18844 18.4529C6.18844 18.4529 4.13057 16.586 3.59932 12.5028C3.06807 8.41949 4.75523 5.8289 6.88217 3.82163C9.00912 1.81437 12.1772 1.27818 14.3732 3.16859C16.5692 5.05899 18.3264 8.44208 15.9913 10.7528C15.9913 10.7528 12.7084 7.08884 7.99138 10.6359C4.75426 13.366 6.18844 18.4529 6.18844 18.4529Z" fill="#FF001D"></path>
<path d="M13.009 22C13.009 22 8.61594 21.2998 7.38317 17.0997C6.1504 12.8995 8.06134 10.9237 10.6203 10.2078C10.6203 10.2078 9.69595 12.4173 11.6526 12.9771C13.6093 13.5369 15.7985 13.1018 17.3553 10.69C17.3553 10.6585 18.049 9.7099 17.7562 6.73828C17.7562 6.73828 18.7116 8.60511 20.5 9.44475C20.5 9.44475 19.3752 10.6271 20.4533 12.93C20.4533 12.93 18.6503 13.4593 18.7574 15.8859C18.7574 15.8859 16.6304 15.8083 16.1527 18.4843C16.1527 18.4843 12.4699 18.6709 13.009 22Z" fill="#222222"></path>
</svg>
<!--?--> </div> </div><!----> </div><!--?--></template></vt-ui-sandbox-icon-row> <a target="_blank" href="https://www.virustotal.com/gui/search/attack_technique%253AT1564.001"> <!--?lit$336419335$-->Hidden Files and Directories </a> <span role="button" class="badge rounded-pill bg-body-tertiary text-body-tertiary ms-2"> <!--?lit$336419335$-->T1564.001 <vt-ui-popover><template shadowrootmode="open"><!----> <div class="popover bs-popover-auto shadow" role="tooltip" data-popper-reference-hidden="" data-popper-escaped="" data-popper-placement="right" style="position: absolute; inset: 0px auto auto 0px; margin: 0px; transform: translate3d(6.82261px, 0px, 0px);"> <div data-popper-arrow="" class="popover-arrow position-absolute" style="position: absolute; top: 0px; transform: translate3d(0px, 0px, 0px);"></div> <h3 class="popover-header d-none "> <slot name="header"></slot> </h3> <div class="popover-body" style="max-height:calc(100vh - 50px);overflow-y:auto"> <slot name="content"></slot> </div> </div> </template> <
<path d="M9.058 17.5c-.505 0-.933-.175-1.283-.525a1.745 1.745 0 0 1-.525-1.283V4.308c0-.505.175-.933.525-1.283.35-.35.778-.525 1.283-.525h8.384c.505 0 .933.175 1.283.525.35.35.525.778.525 1.283v11.384c0 .505-.175.933-.525 1.283-.35.35-.778.525-1.283.525H9.058Zm0-1.5h8.384a.294.294 0 0 0 .212-.096.294.294 0 0 0 .096-.212V4.308a.294.294 0 0 0-.096-.212.294.294 0 0 0-.212-.096H9.058a.294.294 0 0 0-.212.096.294.294 0 0 0-.096.212v11.384c0 .077.032.148.096.212a.294.294 0 0 0 .212.096Zm-3.5 5c-.505 0-.933-.175-1.283-.525a1.745 1.745 0 0 1-.525-1.283V6.308h1.5v12.884c0 .077.032.148.096.212a.294.294 0 0 0 .212.096h9.884V21H5.558Z"></path>
</svg>
<!--?--> </a> </div> </span> <span slot="content"> <p><!--?lit$336419335$-->Adversaries may set files and directories to be hidden to evade detection mechanisms. To prevent normal users from accidentally changing special files on a system, most operating systems have the concept of a
hidden
file. These files don
t show up when a user browses the file system with a GUI or when using normal commands on the command line. Users must explicitly ask to show the hidden files either via a series of Graphical User Interface (GUI) prompts or with command line switches (dir /a for Windows and ls
a for Linux and macOS).
On Linux and Mac, users can mark specific files as hidden simply by putting a
as the first character in the file or folder name . Files and folders that start with a period,
, are by default hidden from being viewed in the Finder application and standard command-line utilities like
. Users must specifically change settings to have these files viewable.
Files on macOS can also be marked with the UF_HIDDEN flag which prevents them from being seen in Finder.app, but still allows them to be seen in Terminal.app . On Windows, users can mark specific files as hidden by using the attrib.exe binary. Many applications create these hidden files and folders to store information so that it doesn
t clutter up the user
s workspace. For example, SSH utilities create a .ssh folder that
s hidden and contains the user
s known hosts and keys.
Adversaries can use this to their advantage to hide files and folders anywhere on the system and evading a typical user or system analysis that does not incorporate investigation of hidden files.</p> <a target="_blank" class="btn btn-primary" href="https://attack.mitre.org/techniques/T1564/001/"> View on mitre </a> </span> </vt-ui-popover> </span> </div> <!--?lit$336419335$--> <div class="table-responsive"> <table class="table"> <thead> <tr> <th scope="col" class="fw-bold px-3">Severity</th> <th scope="col" class="fw-bold px-3">Description</th> <th scope="col" class="fw-bold px-3">Match</th> </tr> </thead> <tbody> <!--?lit$336419335$--><!----> <tr> <td><!--?lit$336419335$-->UNKNOWN</td> <td class="col-6"> <!--?lit$336419335$--><a href="https://www.virustotal.com/gui/search/behaviour%253A%2522Adversaries%2520may%2520set%2520files%2520and%2520directories%2520to%2520be%2520hidden%2520to%2520evade%2520detection%2520mechanisms.%2522"><!--?lit$336419335$-->Adversaries may set files and directories to be hidden to e
<path fill-rule="evenodd" clip-rule="evenodd" d="M11.8125 3.625V9.25L8.4375 10.8125L3.625 7.375L11.8125 3.625ZM15.8703 10.7525L12 12.8125L9.4375 10.75L12.4375 9.125L12.625 9.21364V3.625L20.8125 7.375L16 10.8125L15.8703 10.7525Z" fill="#86AAF9"></path>
<path fill-rule="evenodd" clip-rule="evenodd" d="M2.9375 8.125V16L11.875 20.9375V13L2.9375 8.125ZM21.6875 8.4375V16.3125L12.75 21.25V13.3125L21.6875 8.4375Z" fill="#CFDDFC"></path>
<path d="M21.7247 6.85182L12.9174 2.13603C12.6422 1.95466 12.367 1.95466 12.0917 2.13603L2.55046 6.85182C2.27522 7.0332 2.09174 7.30526 2 7.66801V15.9206C2 16.2834 2.18349 16.5555 2.45871 16.7368L11.5413 21.906C11.6821 21.9794 11.8414 22.0108 12 21.9967H12.2752C12.367 21.9967 12.4587 21.906 12.4587 21.906L21.5413 16.8275C21.8164 16.6461 22 16.374 22 16.0114V7.84939C22 7.3125 21.9778 7.01857 21.7247 6.85182ZM12.367 11.9304L10.8073 11.0235L12.4587 10.1166L14.0183 10.9328L12.367 11.9304ZM15.8531 9.84457L13.4679 8.57489V4.58462L19.3394 7.7587L15.8531 9.84457ZM11.633 4.31255V8.39352L8.97246 9.93524L4.93577 7.66801L11.633 4.31255ZM3.83485 9.20972L11.1743 13.2907V19.4575L3.83485 15.2858V9.20972ZM13.0092 19.4575V13.6535L20.3485 9.3004V15.3765L13.0092 19.4575Z" fill="#0B4DDA"></path>
</svg>
<!--?--> </div> </div><!----> </div><!--?--></template></vt-ui-sandbox-icon-row> <a target="_blank" href="https://www.virustotal.com/gui/search/attack_technique%253AT1574"> <!--?lit$336419335$-->Hijack Execution Flow </a> <span role="button" class="badge rounded-pill bg-body-tertiary text-body-tertiary ms-2"> <!--?lit$336419335$-->T1574 <vt-ui-popover><template shadowrootmode="open"><!----> <div class="popover bs-popover-auto shadow" role="tooltip" data-popper-reference-hidden="" data-popper-escaped="" data-popper-placement="right" style="position: absolute; inset: 0px auto auto 0px; margin: 0px; transform: translate3d(6.82261px, 0px, 0px);"> <div data-popper-arrow="" class="popover-arrow position-absolute" style="position: absolute; top: 0px; transform: translate3d(0px, 0px, 0px);"></div> <h3 class="popover-header d-none "> <slot name="header"></slot> </h3> <div class="popover-body" style="max-height:calc(100vh - 50px);overflow-y:auto"> <slot name="content"></slot> </div> </div> </template> <span slot="head
<path d="M9.058 17.5c-.505 0-.933-.175-1.283-.525a1.745 1.745 0 0 1-.525-1.283V4.308c0-.505.175-.933.525-1.283.35-.35.778-.525 1.283-.525h8.384c.505 0 .933.175 1.283.525.35.35.525.778.525 1.283v11.384c0 .505-.175.933-.525 1.283-.35.35-.778.525-1.283.525H9.058Zm0-1.5h8.384a.294.294 0 0 0 .212-.096.294.294 0 0 0 .096-.212V4.308a.294.294 0 0 0-.096-.212.294.294 0 0 0-.212-.096H9.058a.294.294 0 0 0-.212.096.294.294 0 0 0-.096.212v11.384c0 .077.032.148.096.212a.294.294 0 0 0 .212.096Zm-3.5 5c-.505 0-.933-.175-1.283-.525a1.745 1.745 0 0 1-.525-1.283V6.308h1.5v12.884c0 .077.032.148.096.212a.294.294 0 0 0 .212.096h9.884V21H5.558Z"></path>
</svg>
<!--?--> </a> </div> </span> <span slot="content"> <p><!--?lit$336419335$-->Adversaries may execute their own malicious payloads by hijacking the way operating systems run programs. Hijacking execution flow can be for the purposes of persistence, since this hijacked execution may reoccur over time. Adversaries may also use these mechanisms to elevate privileges or evade defenses, such as application control or other restrictions on execution.
There are many ways an adversary may hijack the flow of execution, including by manipulating how the operating system locates programs to be executed. How the operating system locates libraries to be used by a program can also be intercepted. Locations where the operating system looks for programs/resources, such as file directories and in the case of Windows the Registry, could also be poisoned to include malicious payloads.</p> <a target="_blank" class="btn btn-primary" href="https://attack.mitre.org/techniques/T1574/"> View on mitre </a> </span> </vt-ui-popover> </span> </div> <!--?lit$336419335$--> </span> </td> </tr> <!----><!----> <tr> <!--?lit$336419335$--> <td class="py-2 px-0"> <span class="p-0"> <!--?lit$336419335$--> <div class="hstack"> <!--?lit$336419335$--><vt-ui-sandbox-icon-row class="me-2"><template shadowrootmode="open"><!----> <!--?lit$336419335$--><div class="hstack icons-row"> <!--?lit$336419335$--><!----><div class="box rounded-circle d-inline-flex align-middle bg-body attributed border
<path fill-rule="evenodd" clip-rule="evenodd" d="M11.8125 3.625V9.25L8.4375 10.8125L3.625 7.375L11.8125 3.625ZM15.8703 10.7525L12 12.8125L9.4375 10.75L12.4375 9.125L12.625 9.21364V3.625L20.8125 7.375L16 10.8125L15.8703 10.7525Z" fill="#86AAF9"></path>
<path fill-rule="evenodd" clip-rule="evenodd" d="M2.9375 8.125V16L11.875 20.9375V13L2.9375 8.125ZM21.6875 8.4375V16.3125L12.75 21.25V13.3125L21.6875 8.4375Z" fill="#CFDDFC"></path>
<path d="M21.7247 6.85182L12.9174 2.13603C12.6422 1.95466 12.367 1.95466 12.0917 2.13603L2.55046 6.85182C2.27522 7.0332 2.09174 7.30526 2 7.66801V15.9206C2 16.2834 2.18349 16.5555 2.45871 16.7368L11.5413 21.906C11.6821 21.9794 11.8414 22.0108 12 21.9967H12.2752C12.367 21.9967 12.4587 21.906 12.4587 21.906L21.5413 16.8275C21.8164 16.6461 22 16.374 22 16.0114V7.84939C22 7.3125 21.9778 7.01857 21.7247 6.85182ZM12.367 11.9304L10.8073 11.0235L12.4587 10.1166L14.0183 10.9328L12.367 11.9304ZM15.8531 9.84457L13.4679 8.57489V4.58462L19.3394 7.7587L15.8531 9.84457ZM11.633 4.31255V8.39352L8.97246 9.93524L4.93577 7.66801L11.633 4.31255ZM3.83485 9.20972L11.1743 13.2907V19.4575L3.83485 15.2858V9.20972ZM13.0092 19.4575V13.6535L20.3485 9.3004V15.3765L13.0092 19.4575Z" fill="#0B4DDA"></path>
</svg>
<!--?--> </div> </div><!----> </div><!--?--></template></vt-ui-sandbox-icon-row> <a target="_blank" href="https://www.virustotal.com/gui/search/attack_technique%253AT1574.002"> <!--?lit$336419335$-->DLL Side-Loading </a> <span role="button" class="badge rounded-pill bg-body-tertiary text-body-tertiary ms-2"> <!--?lit$336419335$-->T1574.002 <vt-ui-popover><template shadowrootmode="open"><!----> <div class="popover bs-popover-auto shadow" role="tooltip" data-popper-reference-hidden="" data-popper-escaped="" data-popper-placement="right" style="position: absolute; inset: 0px auto auto 0px; margin: 0px; transform: translate3d(6.82261px, 0px, 0px);"> <div data-popper-arrow="" class="popover-arrow position-absolute" style="position: absolute; top: 0px; transform: translate3d(0px, 0px, 0px);"></div> <h3 class="popover-header d-none "> <slot name="header"></slot> </h3> <div class="popover-body" style="max-height:calc(100vh - 50px);overflow-y:auto"> <slot name="content"></slot> </div> </div> </template> <span slot="h
<path d="M9.058 17.5c-.505 0-.933-.175-1.283-.525a1.745 1.745 0 0 1-.525-1.283V4.308c0-.505.175-.933.525-1.283.35-.35.778-.525 1.283-.525h8.384c.505 0 .933.175 1.283.525.35.35.525.778.525 1.283v11.384c0 .505-.175.933-.525 1.283-.35.35-.778.525-1.283.525H9.058Zm0-1.5h8.384a.294.294 0 0 0 .212-.096.294.294 0 0 0 .096-.212V4.308a.294.294 0 0 0-.096-.212.294.294 0 0 0-.212-.096H9.058a.294.294 0 0 0-.212.096.294.294 0 0 0-.096.212v11.384c0 .077.032.148.096.212a.294.294 0 0 0 .212.096Zm-3.5 5c-.505 0-.933-.175-1.283-.525a1.745 1.745 0 0 1-.525-1.283V6.308h1.5v12.884c0 .077.032.148.096.212a.294.294 0 0 0 .212.096h9.884V21H5.558Z"></path>
</svg>
<!--?--> </a> </div> </span> <span slot="content"> <p><!--?lit$336419335$-->Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL, side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Side-loading takes advantage of the DLL search order used by the loader by positioning both the victim application and malicious payload(s) alongside each other. Adversaries likely use side-loading as a means of masking actions they perform under a legitimate, trusted, and potentially elevated system or software process. Benign executables used to side-load payloads may not be flagged during delivery and/or execution. Adversary payloads may also be encrypted/packed or otherwise obfuscated until loaded into the memory of the trusted process.</p> <a target="_blank" class="btn btn-primary" href="https://attack.mitre.org/techniques/T1574/002/"> View on mitre </a> </span> </vt-ui-popover> </span> </div> <!--?lit$336419335$--> <div class="table-responsive"> <table class="table"> <thead> <tr> <th scope="col" class="fw-bold px-3">Severity</th> <th scope="col" class="fw-bold px-3">Description</th> <th scope="col" class="fw-bold px-3">Match</th> </tr> </thead> <tbody> <!--?lit$336419335$--><!----> <tr> <td><!--?lit$336
<path d="M11.35 12.636H5.703V11.34h5.649V5.69h1.298v5.65h5.649v1.297H12.65v5.65h-1.298v-5.65Z"></path>
</svg>
<!--?--> <span id="slot"><slot></slot></span> <!--?lit$336419335$--> </span> </span> <div class="spinner"> <div class="bounce1"></div> <div class="bounce2"></div> <div class="bounce3"></div> </div> </template></vt-ui-button> <div id="label"> <slot name="label-content"> <!--?lit$336419335$--> </slot> </div> </div> <div id="content" hidden=""> <slot name="content"></slot> </div> </template> <span slot="label-content"> <h5 class="fs-6 fw-bold my-1 d-flex w-100 align-items-center"> <!--?lit$336419335$--> <div class="hstack"> <!--?lit$336419335$--> <a target="_blank" href="https://www.virustotal.com/gui/search/attack_tactic%253ATA0006"> <!--?lit$336419335$-->Credential Access </a> <span role="button" class="badge rounded-pill bg-body-tertiary text-body-tertiary ms-2"> <!--?lit$336419335$-->TA0006 <vt-ui-popover><template shadowrootmode="open"><!----> <div class="popover bs-popover-auto shadow" role="tooltip" data-popper-reference-hidden="" data-popper-escaped="" data-popper-placement="top" style="position: absol
<path d="M9.058 17.5c-.505 0-.933-.175-1.283-.525a1.745 1.745 0 0 1-.525-1.283V4.308c0-.505.175-.933.525-1.283.35-.35.778-.525 1.283-.525h8.384c.505 0 .933.175 1.283.525.35.35.525.778.525 1.283v11.384c0 .505-.175.933-.525 1.283-.35.35-.778.525-1.283.525H9.058Zm0-1.5h8.384a.294.294 0 0 0 .212-.096.294.294 0 0 0 .096-.212V4.308a.294.294 0 0 0-.096-.212.294.294 0 0 0-.212-.096H9.058a.294.294 0 0 0-.212.096.294.294 0 0 0-.096.212v11.384c0 .077.032.148.096.212a.294.294 0 0 0 .212.096Zm-3.5 5c-.505 0-.933-.175-1.283-.525a1.745 1.745 0 0 1-.525-1.283V6.308h1.5v12.884c0 .077.032.148.096.212a.294.294 0 0 0 .212.096h9.884V21H5.558Z"></path>
</svg>
<!--?--> </a> </div> </span> <span slot="content"> <p><!--?lit$336419335$-->The adversary is trying to steal account names and passwords.
Credential Access consists of techniques for stealing credentials like account names and passwords. Techniques used to get credentials include keylogging or credential dumping. Using legitimate credentials can give adversaries access to systems, make them harder to detect, and provide the opportunity to create more accounts to help achieve their goals.</p> <a target="_blank" class="btn btn-primary" href="https://attack.mitre.org/tactics/TA0006/"> View on mitre </a> </span> </vt-ui-popover> </span> </div> </h5> </span> <span slot="content"> <table class="table table-borderless table-sm w-auto fs-6 ms-2 mb-0"> <!--?lit$336419335$--><!----> <tr> <!--?lit$336419335$--> <td class="py-2 px-0"> <span class="p-0"> <!--?lit$336419335$--> <div class="hstack"> <!--?lit$336419335$--><vt-ui-sandbox-icon-row class="me-2"><template shadowrootmode="open"><!----> <!--?lit$336419335$--><div class="hstack icons-row"> <!--?lit$336419335$--><!----><div class="box rounded-circle d-inline-flex align-middle bg-body attributed borde
<path fill-rule="evenodd" clip-rule="evenodd" d="M11.8125 3.625V9.25L8.4375 10.8125L3.625 7.375L11.8125 3.625ZM15.8703 10.7525L12 12.8125L9.4375 10.75L12.4375 9.125L12.625 9.21364V3.625L20.8125 7.375L16 10.8125L15.8703 10.7525Z" fill="#86AAF9"></path>
<path fill-rule="evenodd" clip-rule="evenodd" d="M2.9375 8.125V16L11.875 20.9375V13L2.9375 8.125ZM21.6875 8.4375V16.3125L12.75 21.25V13.3125L21.6875 8.4375Z" fill="#CFDDFC"></path>
<path d="M21.7247 6.85182L12.9174 2.13603C12.6422 1.95466 12.367 1.95466 12.0917 2.13603L2.55046 6.85182C2.27522 7.0332 2.09174 7.30526 2 7.66801V15.9206C2 16.2834 2.18349 16.5555 2.45871 16.7368L11.5413 21.906C11.6821 21.9794 11.8414 22.0108 12 21.9967H12.2752C12.367 21.9967 12.4587 21.906 12.4587 21.906L21.5413 16.8275C21.8164 16.6461 22 16.374 22 16.0114V7.84939C22 7.3125 21.9778 7.01857 21.7247 6.85182ZM12.367 11.9304L10.8073 11.0235L12.4587 10.1166L14.0183 10.9328L12.367 11.9304ZM15.8531 9.84457L13.4679 8.57489V4.58462L19.3394 7.7587L15.8531 9.84457ZM11.633 4.31255V8.39352L8.97246 9.93524L4.93577 7.66801L11.633 4.31255ZM3.83485 9.20972L11.1743 13.2907V19.4575L3.83485 15.2858V9.20972ZM13.0092 19.4575V13.6535L20.3485 9.3004V15.3765L13.0092 19.4575Z" fill="#0B4DDA"></path>
</svg>
<!--?--> </div> </div><!----> </div><!--?--></template></vt-ui-sandbox-icon-row> <a target="_blank" href="https://www.virustotal.com/gui/search/attack_technique%253AT1056"> <!--?lit$336419335$-->Input Capture </a> <span role="button" class="badge rounded-pill bg-body-tertiary text-body-tertiary ms-2"> <!--?lit$336419335$-->T1056 <vt-ui-popover><template shadowrootmode="open"><!----> <div class="popover bs-popover-auto shadow" role="tooltip" data-popper-reference-hidden="" data-popper-escaped="" data-popper-placement="right" style="position: absolute; inset: 0px auto auto 0px; margin: 0px; transform: translate3d(6.82261px, 0px, 0px);"> <div data-popper-arrow="" class="popover-arrow position-absolute" style="position: absolute; top: 0px; transform: translate3d(0px, 0px, 0px);"></div> <h3 class="popover-header d-none "> <slot name="header"></slot> </h3> <div class="popover-body" style="max-height:calc(100vh - 50px);overflow-y:auto"> <slot name="content"></slot> </div> </div> </template> <span slot="header"> <di
<path d="M9.058 17.5c-.505 0-.933-.175-1.283-.525a1.745 1.745 0 0 1-.525-1.283V4.308c0-.505.175-.933.525-1.283.35-.35.778-.525 1.283-.525h8.384c.505 0 .933.175 1.283.525.35.35.525.778.525 1.283v11.384c0 .505-.175.933-.525 1.283-.35.35-.778.525-1.283.525H9.058Zm0-1.5h8.384a.294.294 0 0 0 .212-.096.294.294 0 0 0 .096-.212V4.308a.294.294 0 0 0-.096-.212.294.294 0 0 0-.212-.096H9.058a.294.294 0 0 0-.212.096.294.294 0 0 0-.096.212v11.384c0 .077.032.148.096.212a.294.294 0 0 0 .212.096Zm-3.5 5c-.505 0-.933-.175-1.283-.525a1.745 1.745 0 0 1-.525-1.283V6.308h1.5v12.884c0 .077.032.148.096.212a.294.294 0 0 0 .212.096h9.884V21H5.558Z"></path>
</svg>
<!--?--> </a> </div> </span> <span slot="content"> <p><!--?lit$336419335$-->Adversaries may use methods of capturing user input to obtain credentials or collect information. During normal system usage, users often provide credentials to various different locations, such as login pages/portals or system dialog boxes. Input capture mechanisms may be transparent to the user (e.g. Credential API Hooking) or rely on deceiving the user into providing input into what they believe to be a genuine service (e.g. Web Portal Capture).</p> <a target="_blank" class="btn btn-primary" href="https://attack.mitre.org/techniques/T1056/"> View on mitre </a> </span> </vt-ui-popover> </span> </div> <!--?lit$336419335$--> <div class="table-responsive"> <table class="table"> <thead> <tr> <th scope="col" class="fw-bold px-3">Severity</th> <th scope="col" class="fw-bold px-3">Description</th> <th scope="col" class="fw-bold px-3">Match</th> </tr> </thead> <tbody> <!--?lit$336419335$--><!----> <tr> <td><!--?lit$336419335$-->INFO</td> <t
<path d="M11.35 12.636H5.703V11.34h5.649V5.69h1.298v5.65h5.649v1.297H12.65v5.65h-1.298v-5.65Z"></path>
</svg>
<!--?--> <span id="slot"><slot></slot></span> <!--?lit$336419335$--> </span> </span> <div class="spinner"> <div class="bounce1"></div> <div class="bounce2"></div> <div class="bounce3"></div> </div> </template></vt-ui-button> <div id="label"> <slot name="label-content"> <!--?lit$336419335$--> </slot> </div> </div> <div id="content" hidden=""> <slot name="content"></slot> </div> </template> <span slot="label-content"> <h5 class="fs-6 fw-bold my-1 d-flex w-100 align-items-center"> <!--?lit$336419335$--> <div class="hstack"> <!--?lit$336419335$--> <a target="_blank" href="https://www.virustotal.com/gui/search/attack_tactic%253ATA0007"> <!--?lit$336419335$-->Discovery </a> <span role="button" class="badge rounded-pill bg-body-tertiary text-body-tertiary ms-2"> <!--?lit$336419335$-->TA0007 <vt-ui-popover><template shadowrootmode="open"><!----> <div class="popover bs-popover-auto shadow" role="tooltip" data-popper-reference-hidden="" data-popper-escaped="" data-popper-placement="top" style="position: absolute; ins
<path d="M9.058 17.5c-.505 0-.933-.175-1.283-.525a1.745 1.745 0 0 1-.525-1.283V4.308c0-.505.175-.933.525-1.283.35-.35.778-.525 1.283-.525h8.384c.505 0 .933.175 1.283.525.35.35.525.778.525 1.283v11.384c0 .505-.175.933-.525 1.283-.35.35-.778.525-1.283.525H9.058Zm0-1.5h8.384a.294.294 0 0 0 .212-.096.294.294 0 0 0 .096-.212V4.308a.294.294 0 0 0-.096-.212.294.294 0 0 0-.212-.096H9.058a.294.294 0 0 0-.212.096.294.294 0 0 0-.096.212v11.384c0 .077.032.148.096.212a.294.294 0 0 0 .212.096Zm-3.5 5c-.505 0-.933-.175-1.283-.525a1.745 1.745 0 0 1-.525-1.283V6.308h1.5v12.884c0 .077.032.148.096.212a.294.294 0 0 0 .212.096h9.884V21H5.558Z"></path>
</svg>
<!--?--> </a> </div> </span> <span slot="content"> <p><!--?lit$336419335$-->The adversary is trying to figure out your environment.
Discovery consists of techniques an adversary may use to gain knowledge about the system and internal network. These techniques help adversaries observe the environment and orient themselves before deciding how to act. They also allow adversaries to explore what they can control and what
s around their entry point in order to discover how it could benefit their current objective. Native operating system tools are often used toward this post-compromise information-gathering objective. </p> <a target="_blank" class="btn btn-primary" href="https://attack.mitre.org/tactics/TA0007/"> View on mitre </a> </span> </vt-ui-popover> </span> </div> </h5> </span> <span slot="content"> <table class="table table-borderless table-sm w-auto fs-6 ms-2 mb-0"> <!--?lit$336419335$--><!----> <tr> <!--?lit$336419335$--> <td class="py-2 px-0"> <span class="p-0"> <!--?lit$336419335$--> <div class="hstack"> <!--?lit$336419335$--><vt-ui-sandbox-icon-row class="me-2"><template shadowrootmode="open"><!----> <!--?lit$336419335$--><div class="hstack icons-row"> <!--?lit$336419335$--><!----><div class="box rounded-circle d-inline-flex align-middle bg-body attributed border "> <!--?lit$336419335$--><div data-tooltip-position="right" data-tooltip-text="Zenbox"> <!--?lit$336419335$--><!--?lit$336419335$--><svg width="1em" hei
<path fill-rule="evenodd" clip-rule="evenodd" d="M11.8125 3.625V9.25L8.4375 10.8125L3.625 7.375L11.8125 3.625ZM15.8703 10.7525L12 12.8125L9.4375 10.75L12.4375 9.125L12.625 9.21364V3.625L20.8125 7.375L16 10.8125L15.8703 10.7525Z" fill="#86AAF9"></path>
<path fill-rule="evenodd" clip-rule="evenodd" d="M2.9375 8.125V16L11.875 20.9375V13L2.9375 8.125ZM21.6875 8.4375V16.3125L12.75 21.25V13.3125L21.6875 8.4375Z" fill="#CFDDFC"></path>
<path d="M21.7247 6.85182L12.9174 2.13603C12.6422 1.95466 12.367 1.95466 12.0917 2.13603L2.55046 6.85182C2.27522 7.0332 2.09174 7.30526 2 7.66801V15.9206C2 16.2834 2.18349 16.5555 2.45871 16.7368L11.5413 21.906C11.6821 21.9794 11.8414 22.0108 12 21.9967H12.2752C12.367 21.9967 12.4587 21.906 12.4587 21.906L21.5413 16.8275C21.8164 16.6461 22 16.374 22 16.0114V7.84939C22 7.3125 21.9778 7.01857 21.7247 6.85182ZM12.367 11.9304L10.8073 11.0235L12.4587 10.1166L14.0183 10.9328L12.367 11.9304ZM15.8531 9.84457L13.4679 8.57489V4.58462L19.3394 7.7587L15.8531 9.84457ZM11.633 4.31255V8.39352L8.97246 9.93524L4.93577 7.66801L11.633 4.31255ZM3.83485 9.20972L11.1743 13.2907V19.4575L3.83485 15.2858V9.20972ZM13.0092 19.4575V13.6535L20.3485 9.3004V15.3765L13.0092 19.4575Z" fill="#0B4DDA"></path>
</svg>
<!--?--> </div> </div><!----> </div><!--?--></template></vt-ui-sandbox-icon-row> <a target="_blank" href="https://www.virustotal.com/gui/search/attack_technique%253AT1010"> <!--?lit$336419335$-->Application Window Discovery </a> <span role="button" class="badge rounded-pill bg-body-tertiary text-body-tertiary ms-2"> <!--?lit$336419335$-->T1010 <vt-ui-popover><template shadowrootmode="open"><!----> <div class="popover bs-popover-auto shadow" role="tooltip" data-popper-reference-hidden="" data-popper-escaped="" data-popper-placement="right" style="position: absolute; inset: 0px auto auto 0px; margin: 0px; transform: translate3d(6.82261px, 0px, 0px);"> <div data-popper-arrow="" class="popover-arrow position-absolute" style="position: absolute; top: 0px; transform: translate3d(0px, 0px, 0px);"></div> <h3 class="popover-header d-none "> <slot name="header"></slot> </h3> <div class="popover-body" style="max-height:calc(100vh - 50px);overflow-y:auto"> <slot name="content"></slot> </div> </div> </template> <span slo
<path d="M9.058 17.5c-.505 0-.933-.175-1.283-.525a1.745 1.745 0 0 1-.525-1.283V4.308c0-.505.175-.933.525-1.283.35-.35.778-.525 1.283-.525h8.384c.505 0 .933.175 1.283.525.35.35.525.778.525 1.283v11.384c0 .505-.175.933-.525 1.283-.35.35-.778.525-1.283.525H9.058Zm0-1.5h8.384a.294.294 0 0 0 .212-.096.294.294 0 0 0 .096-.212V4.308a.294.294 0 0 0-.096-.212.294.294 0 0 0-.212-.096H9.058a.294.294 0 0 0-.212.096.294.294 0 0 0-.096.212v11.384c0 .077.032.148.096.212a.294.294 0 0 0 .212.096Zm-3.5 5c-.505 0-.933-.175-1.283-.525a1.745 1.745 0 0 1-.525-1.283V6.308h1.5v12.884c0 .077.032.148.096.212a.294.294 0 0 0 .212.096h9.884V21H5.558Z"></path>
</svg>
<!--?--> </a> </div> </span> <span slot="content"> <p><!--?lit$336419335$-->Adversaries may attempt to get a listing of open application windows. Window listings could convey information about how the system is used. For example, information about application windows could be used identify potential data to collect as well as identifying security tooling (Security Software Discovery) to evade.
Adversaries typically abuse system features for this type of enumeration. For example, they may gather information through native system features such as Command and Scripting Interpreter commands and Native API functions.</p> <a target="_blank" class="btn btn-primary" href="https://attack.mitre.org/techniques/T1010/"> View on mitre </a> </span> </vt-ui-popover> </span> </div> <!--?lit$336419335$--> <div class="table-responsive"> <table class="table"> <thead> <tr> <th scope="col" class="fw-bold px-3">Severity</th> <th scope="col" class="fw-bold px-3">Description</th> <th scope="col" class="fw-bold px-3">Match</th> </tr> </thead> <tbody> <!--?lit$336419335$--><!----> <tr> <td><!--?lit$336419335$-->INFO</td> <td class="col-6"> <!--?lit$336419335$--><a href="https://www.virustotal.com/gui/search/behaviour%253A%2522Sample%2520monitors%2520Window%2520changes%2520(e.g.%2520starting%2520applications)%252C%2520analyze%2520the%2520sample%2520with%2520the%2520simulation%2520cookbook%2522"><!--?lit$336419335$-->Sample m
<path fill-rule="evenodd" clip-rule="evenodd" d="M11.8125 3.625V9.25L8.4375 10.8125L3.625 7.375L11.8125 3.625ZM15.8703 10.7525L12 12.8125L9.4375 10.75L12.4375 9.125L12.625 9.21364V3.625L20.8125 7.375L16 10.8125L15.8703 10.7525Z" fill="#86AAF9"></path>
<path fill-rule="evenodd" clip-rule="evenodd" d="M2.9375 8.125V16L11.875 20.9375V13L2.9375 8.125ZM21.6875 8.4375V16.3125L12.75 21.25V13.3125L21.6875 8.4375Z" fill="#CFDDFC"></path>
<path d="M21.7247 6.85182L12.9174 2.13603C12.6422 1.95466 12.367 1.95466 12.0917 2.13603L2.55046 6.85182C2.27522 7.0332 2.09174 7.30526 2 7.66801V15.9206C2 16.2834 2.18349 16.5555 2.45871 16.7368L11.5413 21.906C11.6821 21.9794 11.8414 22.0108 12 21.9967H12.2752C12.367 21.9967 12.4587 21.906 12.4587 21.906L21.5413 16.8275C21.8164 16.6461 22 16.374 22 16.0114V7.84939C22 7.3125 21.9778 7.01857 21.7247 6.85182ZM12.367 11.9304L10.8073 11.0235L12.4587 10.1166L14.0183 10.9328L12.367 11.9304ZM15.8531 9.84457L13.4679 8.57489V4.58462L19.3394 7.7587L15.8531 9.84457ZM11.633 4.31255V8.39352L8.97246 9.93524L4.93577 7.66801L11.633 4.31255ZM3.83485 9.20972L11.1743 13.2907V19.4575L3.83485 15.2858V9.20972ZM13.0092 19.4575V13.6535L20.3485 9.3004V15.3765L13.0092 19.4575Z" fill="#0B4DDA"></path>
</svg>
<!--?--> </div> </div><!----> </div><!--?--></template></vt-ui-sandbox-icon-row> <a target="_blank" href="https://www.virustotal.com/gui/search/attack_technique%253AT1018"> <!--?lit$336419335$-->Remote System Discovery </a> <span role="button" class="badge rounded-pill bg-body-tertiary text-body-tertiary ms-2"> <!--?lit$336419335$-->T1018 <vt-ui-popover><template shadowrootmode="open"><!----> <div class="popover bs-popover-auto shadow" role="tooltip" data-popper-reference-hidden="" data-popper-escaped="" data-popper-placement="right" style="position: absolute; inset: 0px auto auto 0px; margin: 0px; transform: translate3d(6.82261px, 0px, 0px);"> <div data-popper-arrow="" class="popover-arrow position-absolute" style="position: absolute; top: 0px; transform: translate3d(0px, 0px, 0px);"></div> <h3 class="popover-header d-none "> <slot name="header"></slot> </h3> <div class="popover-body" style="max-height:calc(100vh - 50px);overflow-y:auto"> <slot name="content"></slot> </div> </div> </template> <span slot="he
<path d="M9.058 17.5c-.505 0-.933-.175-1.283-.525a1.745 1.745 0 0 1-.525-1.283V4.308c0-.505.175-.933.525-1.283.35-.35.778-.525 1.283-.525h8.384c.505 0 .933.175 1.283.525.35.35.525.778.525 1.283v11.384c0 .505-.175.933-.525 1.283-.35.35-.778.525-1.283.525H9.058Zm0-1.5h8.384a.294.294 0 0 0 .212-.096.294.294 0 0 0 .096-.212V4.308a.294.294 0 0 0-.096-.212.294.294 0 0 0-.212-.096H9.058a.294.294 0 0 0-.212.096.294.294 0 0 0-.096.212v11.384c0 .077.032.148.096.212a.294.294 0 0 0 .212.096Zm-3.5 5c-.505 0-.933-.175-1.283-.525a1.745 1.745 0 0 1-.525-1.283V6.308h1.5v12.884c0 .077.032.148.096.212a.294.294 0 0 0 .212.096h9.884V21H5.558Z"></path>
</svg>
<!--?--> </a> </div> </span> <span slot="content"> <p><!--?lit$336419335$-->Adversaries may attempt to get a listing of other systems by IP address, hostname, or other logical identifier on a network that may be used for Lateral Movement from the current system. Functionality could exist within remote access tools to enable this, but utilities available on the operating system could also be used such as Ping, net view using Net, or, on ESXi servers, esxcli network diag ping.
Adversaries may also analyze data from local host files (ex: C:\Windows\System32\Drivers\etc\hosts or /etc/hosts) or other passive means (such as local Arp cache entries) in order to discover the presence of remote systems in an environment.
Adversaries may also target discovery of network infrastructure as well as leverage Network Device CLI commands on network devices to gather detailed information about systems within a network (e.g. show cdp neighbors, show arp). </p> <a target="_blank" class="btn btn-primary" href="https://attack.mitre.org/techniques/T1018/"> View on mitre </a> </span> </vt-ui-popover> </span> </div> <!--?lit$336419335$--> <div class="table-responsive"> <table class="table"> <thead> <tr> <th scope="col" class="fw-bold px-3">Severity</th> <th scope="col" class="fw-bold px-3">Description</th> <th scope="col" class="fw-bold px-3">Match</th> </tr> </thead> <tbody> <!--?lit$336419335$--><!----> <tr> <td><!--?lit$336419335$-->INFO</td> <td class="col-6"> <!--?lit$336419335$--><a href="https://www.virustotal.com/gui/search/behaviour%253A%2522Reads%2520the%2520hosts%2520file%2522"><!--?lit$336419335$-->Reads the hosts file</a> </td> <td class="col-6" style="max-width:0"> <!--?lit$336419335$--> <div class="vstack"> <!--?lit$33641933
<path d="M6.18844 18.4529C6.18844 18.4529 4.13057 16.586 3.59932 12.5028C3.06807 8.41949 4.75523 5.8289 6.88217 3.82163C9.00912 1.81437 12.1772 1.27818 14.3732 3.16859C16.5692 5.05899 18.3264 8.44208 15.9913 10.7528C15.9913 10.7528 12.7084 7.08884 7.99138 10.6359C4.75426 13.366 6.18844 18.4529 6.18844 18.4529Z" fill="#FF001D"></path>
<path d="M13.009 22C13.009 22 8.61594 21.2998 7.38317 17.0997C6.1504 12.8995 8.06134 10.9237 10.6203 10.2078C10.6203 10.2078 9.69595 12.4173 11.6526 12.9771C13.6093 13.5369 15.7985 13.1018 17.3553 10.69C17.3553 10.6585 18.049 9.7099 17.7562 6.73828C17.7562 6.73828 18.7116 8.60511 20.5 9.44475C20.5 9.44475 19.3752 10.6271 20.4533 12.93C20.4533 12.93 18.6503 13.4593 18.7574 15.8859C18.7574 15.8859 16.6304 15.8083 16.1527 18.4843C16.1527 18.4843 12.4699 18.6709 13.009 22Z" fill="#222222"></path>
</svg>
<!--?--> </div> </div><!----><!----><div class="box rounded-circle d-inline-flex align-middle bg-body attributed border icon-margin "> <!--?lit$336419335$--><div data-tooltip-position="right" data-tooltip-text="Zenbox"> <!--?lit$336419335$--><!--?lit$336419335$--><svg width="1em" height="1em" viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg">
<path fill-rule="evenodd" clip-rule="evenodd" d="M11.8125 3.625V9.25L8.4375 10.8125L3.625 7.375L11.8125 3.625ZM15.8703 10.7525L12 12.8125L9.4375 10.75L12.4375 9.125L12.625 9.21364V3.625L20.8125 7.375L16 10.8125L15.8703 10.7525Z" fill="#86AAF9"></path>
<path fill-rule="evenodd" clip-rule="evenodd" d="M2.9375 8.125V16L11.875 20.9375V13L2.9375 8.125ZM21.6875 8.4375V16.3125L12.75 21.25V13.3125L21.6875 8.4375Z" fill="#CFDDFC"></path>
<path d="M21.7247 6.85182L12.9174 2.13603C12.6422 1.95466 12.367 1.95466 12.0917 2.13603L2.55046 6.85182C2.27522 7.0332 2.09174 7.30526 2 7.66801V15.9206C2 16.2834 2.18349 16.5555 2.45871 16.7368L11.5413 21.906C11.6821 21.9794 11.8414 22.0108 12 21.9967H12.2752C12.367 21.9967 12.4587 21.906 12.4587 21.906L21.5413 16.8275C21.8164 16.6461 22 16.374 22 16.0114V7.84939C22 7.3125 21.9778 7.01857 21.7247 6.85182ZM12.367 11.9304L10.8073 11.0235L12.4587 10.1166L14.0183 10.9328L12.367 11.9304ZM15.8531 9.84457L13.4679 8.57489V4.58462L19.3394 7.7587L15.8531 9.84457ZM11.633 4.31255V8.39352L8.97246 9.93524L4.93577 7.66801L11.633 4.31255ZM3.83485 9.20972L11.1743 13.2907V19.4575L3.83485 15.2858V9.20972ZM13.0092 19.4575V13.6535L20.3485 9.3004V15.3765L13.0092 19.4575Z" fill="#0B4DDA"></path>
</svg>
<!--?--> </div> </div><!----> </div><!--?--></template></vt-ui-sandbox-icon-row> <a target="_blank" href="https://www.virustotal.com/gui/search/attack_technique%253AT1057"> <!--?lit$336419335$-->Process Discovery </a> <span role="button" class="badge rounded-pill bg-body-tertiary text-body-tertiary ms-2"> <!--?lit$336419335$-->T1057 <vt-ui-popover><template shadowrootmode="open"><!----> <div class="popover bs-popover-auto shadow" role="tooltip" data-popper-reference-hidden="" data-popper-escaped="" data-popper-placement="right" style="position: absolute; inset: 0px auto auto 0px; margin: 0px; transform: translate3d(6.82261px, 0px, 0px);"> <div data-popper-arrow="" class="popover-arrow position-absolute" style="position: absolute; top: 0px; transform: translate3d(0px, 0px, 0px);"></div> <h3 class="popover-header d-none "> <slot name="header"></slot> </h3> <div class="popover-body" style="max-height:calc(100vh - 50px);overflow-y:auto"> <slot name="content"></slot> </div> </div> </template> <span slot="header">
<path d="M9.058 17.5c-.505 0-.933-.175-1.283-.525a1.745 1.745 0 0 1-.525-1.283V4.308c0-.505.175-.933.525-1.283.35-.35.778-.525 1.283-.525h8.384c.505 0 .933.175 1.283.525.35.35.525.778.525 1.283v11.384c0 .505-.175.933-.525 1.283-.35.35-.778.525-1.283.525H9.058Zm0-1.5h8.384a.294.294 0 0 0 .212-.096.294.294 0 0 0 .096-.212V4.308a.294.294 0 0 0-.096-.212.294.294 0 0 0-.212-.096H9.058a.294.294 0 0 0-.212.096.294.294 0 0 0-.096.212v11.384c0 .077.032.148.096.212a.294.294 0 0 0 .212.096Zm-3.5 5c-.505 0-.933-.175-1.283-.525a1.745 1.745 0 0 1-.525-1.283V6.308h1.5v12.884c0 .077.032.148.096.212a.294.294 0 0 0 .212.096h9.884V21H5.558Z"></path>
</svg>
<!--?--> </a> </div> </span> <span slot="content"> <p><!--?lit$336419335$-->Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Administrator or otherwise elevated access may provide better process details. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
In Windows environments, adversaries could obtain details on running processes using the Tasklist utility via cmd or Get-Process via PowerShell. Information about processes can also be extracted from the output of Native API calls such as CreateToolhelp32Snapshot. In Mac and Linux, this is accomplished with the ps command. Adversaries may also opt to enumerate processes via /proc. ESXi also supports use of the ps command, as well as esxcli system process list.
On network devices, Network Device CLI commands such as show processes can be used to display current running processes.</p> <a target="_blank" class="btn btn-primary" href="https://attack.mitre.org/techniques/T1057/"> View on mitre </a> </span> </vt-ui-popover> </span> </div> <!--?lit$336419335$--> <div class="table-responsive"> <table class="table"> <thead> <tr> <th scope="col" class="fw-bold px-3">Severity</th> <th scope="col" class="fw-bold px-3">Description</th> <th scope="col" class="fw-bold px-3">Match</th> </tr> </thead> <tbody> <!--?lit$336419335$--><!----> <tr> <td><!--?lit$336419335$-->INFO</td> <td class="col-6"> <!--?lit$336419335$--><a href="https://www.virustotal.com/gui/search/behaviour%253A%2522Queries%2520a%2520list%2520of%2520all%2520running%2520processes%2522"><!--?lit$336419335$-->Queries a list of all running processes</a> </td> <td class="col-6" style="max-width:0"> <!--?lit$336419335$--> <div class="vstack"> <!--?lit$336419335$--><!----><a class="text-truncate" title="ProcessInformatio
<path d="M6.18844 18.4529C6.18844 18.4529 4.13057 16.586 3.59932 12.5028C3.06807 8.41949 4.75523 5.8289 6.88217 3.82163C9.00912 1.81437 12.1772 1.27818 14.3732 3.16859C16.5692 5.05899 18.3264 8.44208 15.9913 10.7528C15.9913 10.7528 12.7084 7.08884 7.99138 10.6359C4.75426 13.366 6.18844 18.4529 6.18844 18.4529Z" fill="#FF001D"></path>
<path d="M13.009 22C13.009 22 8.61594 21.2998 7.38317 17.0997C6.1504 12.8995 8.06134 10.9237 10.6203 10.2078C10.6203 10.2078 9.69595 12.4173 11.6526 12.9771C13.6093 13.5369 15.7985 13.1018 17.3553 10.69C17.3553 10.6585 18.049 9.7099 17.7562 6.73828C17.7562 6.73828 18.7116 8.60511 20.5 9.44475C20.5 9.44475 19.3752 10.6271 20.4533 12.93C20.4533 12.93 18.6503 13.4593 18.7574 15.8859C18.7574 15.8859 16.6304 15.8083 16.1527 18.4843C16.1527 18.4843 12.4699 18.6709 13.009 22Z" fill="#222222"></path>
</svg>
<!--?--> </div> </div><!----><!----><div class="box rounded-circle d-inline-flex align-middle bg-body attributed border icon-margin "> <!--?lit$336419335$--><div data-tooltip-position="right" data-tooltip-text="Zenbox"> <!--?lit$336419335$--><!--?lit$336419335$--><svg width="1em" height="1em" viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg">
<path fill-rule="evenodd" clip-rule="evenodd" d="M11.8125 3.625V9.25L8.4375 10.8125L3.625 7.375L11.8125 3.625ZM15.8703 10.7525L12 12.8125L9.4375 10.75L12.4375 9.125L12.625 9.21364V3.625L20.8125 7.375L16 10.8125L15.8703 10.7525Z" fill="#86AAF9"></path>
<path fill-rule="evenodd" clip-rule="evenodd" d="M2.9375 8.125V16L11.875 20.9375V13L2.9375 8.125ZM21.6875 8.4375V16.3125L12.75 21.25V13.3125L21.6875 8.4375Z" fill="#CFDDFC"></path>
<path d="M21.7247 6.85182L12.9174 2.13603C12.6422 1.95466 12.367 1.95466 12.0917 2.13603L2.55046 6.85182C2.27522 7.0332 2.09174 7.30526 2 7.66801V15.9206C2 16.2834 2.18349 16.5555 2.45871 16.7368L11.5413 21.906C11.6821 21.9794 11.8414 22.0108 12 21.9967H12.2752C12.367 21.9967 12.4587 21.906 12.4587 21.906L21.5413 16.8275C21.8164 16.6461 22 16.374 22 16.0114V7.84939C22 7.3125 21.9778 7.01857 21.7247 6.85182ZM12.367 11.9304L10.8073 11.0235L12.4587 10.1166L14.0183 10.9328L12.367 11.9304ZM15.8531 9.84457L13.4679 8.57489V4.58462L19.3394 7.7587L15.8531 9.84457ZM11.633 4.31255V8.39352L8.97246 9.93524L4.93577 7.66801L11.633 4.31255ZM3.83485 9.20972L11.1743 13.2907V19.4575L3.83485 15.2858V9.20972ZM13.0092 19.4575V13.6535L20.3485 9.3004V15.3765L13.0092 19.4575Z" fill="#0B4DDA"></path>
</svg>
<!--?--> </div> </div><!----> </div><!--?--></template></vt-ui-sandbox-icon-row> <a target="_blank" href="https://www.virustotal.com/gui/search/attack_technique%253AT1082"> <!--?lit$336419335$-->System Information Discovery </a> <span role="button" class="badge rounded-pill bg-body-tertiary text-body-tertiary ms-2"> <!--?lit$336419335$-->T1082 <vt-ui-popover><template shadowrootmode="open"><!----> <div class="popover bs-popover-auto shadow" role="tooltip" data-popper-reference-hidden="" data-popper-escaped="" data-popper-placement="right" style="position: absolute; inset: 0px auto auto 0px; margin: 0px; transform: translate3d(6.82261px, 0px, 0px);"> <div data-popper-arrow="" class="popover-arrow position-absolute" style="position: absolute; top: 0px; transform: translate3d(0px, 0px, 0px);"></div> <h3 class="popover-header d-none "> <slot name="header"></slot> </h3> <div class="popover-body" style="max-height:calc(100vh - 50px);overflow-y:auto"> <slot name="content"></slot> </div> </div> </template> <span slo
<path d="M9.058 17.5c-.505 0-.933-.175-1.283-.525a1.745 1.745 0 0 1-.525-1.283V4.308c0-.505.175-.933.525-1.283.35-.35.778-.525 1.283-.525h8.384c.505 0 .933.175 1.283.525.35.35.525.778.525 1.283v11.384c0 .505-.175.933-.525 1.283-.35.35-.778.525-1.283.525H9.058Zm0-1.5h8.384a.294.294 0 0 0 .212-.096.294.294 0 0 0 .096-.212V4.308a.294.294 0 0 0-.096-.212.294.294 0 0 0-.212-.096H9.058a.294.294 0 0 0-.212.096.294.294 0 0 0-.096.212v11.384c0 .077.032.148.096.212a.294.294 0 0 0 .212.096Zm-3.5 5c-.505 0-.933-.175-1.283-.525a1.745 1.745 0 0 1-.525-1.283V6.308h1.5v12.884c0 .077.032.148.096.212a.294.294 0 0 0 .212.096h9.884V21H5.558Z"></path>
</svg>
<!--?--> </a> </div> </span> <span slot="content"> <p><!--?lit$336419335$-->An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tools such as Systeminfo can be used to gather detailed system information. If running with privileged access, a breakdown of system data can be gathered through the systemsetup configuration tool on macOS. As an example, adversaries with user-level access can execute the df -aH command to obtain currently mounted disks and associated freely available space. Adversaries may also leverage a Network Device CLI on network devices to gather detailed system information (e.g. show version). On ESXi servers, threat actors may gather system information from various esxcli utilities, such as system hostname get, system version get, and storage filesystem list (to list storage volumes).
Infrastructure as a Service (IaaS) cloud providers such as AWS, GCP, and Azure allow access to instance and virtual machine information via APIs. Successful authenticated API calls can return data such as the operating system platform and status of a particular instance or the model view of a virtual machine.
System Information Discovery combined with information gathered from other forms of discovery and reconnaissance can drive payload development and concealment. </p> <a target="_blank" class="btn btn-primary" href="https://attack.mitre.org/techniques/T1082/"> View on mitre </a> </span> </vt-ui-popover> </span> </div> <!--?lit$336419335$--> <div class="table-responsive"> <table class="table"> <thead> <tr> <th scope="col" class="fw-bold px-3">Severity</th> <th scope="col" class="fw-bold px-3">Description</th> <th scope="col" class="fw-bold px-3">Match</th> </tr> </thead> <tbody> <!--?lit$336419335$--><!----> <tr> <td><!--?lit$336419335$-->INFO</td> <td class="col-6"> <!--?lit$336419335$--><a href="https://www.virustotal.com/gui/search/behaviour%253A%2522Queries%2520the%2520cryptographic%2520machine%2520GUID%2522"><!--?lit$336419335$-->Queries the cryptographic machine GUID</a> </td> <td class="col-6" style="max-width:0"> <!--?lit$336419335$--> <div class="vstack"> <!--?lit$336419335$--><!----><a class="text-trun
<path fill-rule="evenodd" clip-rule="evenodd" d="M11.8125 3.625V9.25L8.4375 10.8125L3.625 7.375L11.8125 3.625ZM15.8703 10.7525L12 12.8125L9.4375 10.75L12.4375 9.125L12.625 9.21364V3.625L20.8125 7.375L16 10.8125L15.8703 10.7525Z" fill="#86AAF9"></path>
<path fill-rule="evenodd" clip-rule="evenodd" d="M2.9375 8.125V16L11.875 20.9375V13L2.9375 8.125ZM21.6875 8.4375V16.3125L12.75 21.25V13.3125L21.6875 8.4375Z" fill="#CFDDFC"></path>
<path d="M21.7247 6.85182L12.9174 2.13603C12.6422 1.95466 12.367 1.95466 12.0917 2.13603L2.55046 6.85182C2.27522 7.0332 2.09174 7.30526 2 7.66801V15.9206C2 16.2834 2.18349 16.5555 2.45871 16.7368L11.5413 21.906C11.6821 21.9794 11.8414 22.0108 12 21.9967H12.2752C12.367 21.9967 12.4587 21.906 12.4587 21.906L21.5413 16.8275C21.8164 16.6461 22 16.374 22 16.0114V7.84939C22 7.3125 21.9778 7.01857 21.7247 6.85182ZM12.367 11.9304L10.8073 11.0235L12.4587 10.1166L14.0183 10.9328L12.367 11.9304ZM15.8531 9.84457L13.4679 8.57489V4.58462L19.3394 7.7587L15.8531 9.84457ZM11.633 4.31255V8.39352L8.97246 9.93524L4.93577 7.66801L11.633 4.31255ZM3.83485 9.20972L11.1743 13.2907V19.4575L3.83485 15.2858V9.20972ZM13.0092 19.4575V13.6535L20.3485 9.3004V15.3765L13.0092 19.4575Z" fill="#0B4DDA"></path>
</svg>
<!--?--> </div> </div><!----> </div><!--?--></template></vt-ui-sandbox-icon-row> <a target="_blank" href="https://www.virustotal.com/gui/search/attack_technique%253AT1497"> <!--?lit$336419335$-->Virtualization/Sandbox Evasion </a> <span role="button" class="badge rounded-pill bg-body-tertiary text-body-tertiary ms-2"> <!--?lit$336419335$-->T1497 <vt-ui-popover><template shadowrootmode="open"><!----> <div class="popover bs-popover-auto shadow" role="tooltip" data-popper-reference-hidden="" data-popper-escaped="" data-popper-placement="right" style="position: absolute; inset: 0px auto auto 0px; margin: 0px; transform: translate3d(6.82261px, 0px, 0px);"> <div data-popper-arrow="" class="popover-arrow position-absolute" style="position: absolute; top: 0px; transform: translate3d(0px, 0px, 0px);"></div> <h3 class="popover-header d-none "> <slot name="header"></slot> </h3> <div class="popover-body" style="max-height:calc(100vh - 50px);overflow-y:auto"> <slot name="content"></slot> </div> </div> </template> <span s
<path d="M9.058 17.5c-.505 0-.933-.175-1.283-.525a1.745 1.745 0 0 1-.525-1.283V4.308c0-.505.175-.933.525-1.283.35-.35.778-.525 1.283-.525h8.384c.505 0 .933.175 1.283.525.35.35.525.778.525 1.283v11.384c0 .505-.175.933-.525 1.283-.35.35-.778.525-1.283.525H9.058Zm0-1.5h8.384a.294.294 0 0 0 .212-.096.294.294 0 0 0 .096-.212V4.308a.294.294 0 0 0-.096-.212.294.294 0 0 0-.212-.096H9.058a.294.294 0 0 0-.212.096.294.294 0 0 0-.096.212v11.384c0 .077.032.148.096.212a.294.294 0 0 0 .212.096Zm-3.5 5c-.505 0-.933-.175-1.283-.525a1.745 1.745 0 0 1-.525-1.283V6.308h1.5v12.884c0 .077.032.148.096.212a.294.294 0 0 0 .212.096h9.884V21H5.558Z"></path>
</svg>
<!--?--> </a> </div> </span> <span slot="content"> <p><!--?lit$336419335$-->Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from Virtualization/Sandbox Evasion during automated discovery to shape follow-on behaviors.
Adversaries may use several methods to accomplish Virtualization/Sandbox Evasion such as checking for security monitoring tools (e.g., Sysinternals, Wireshark, etc.) or other system artifacts associated with analysis or virtualization. Adversaries may also check for legitimate user activity to help determine if it is in an analysis environment. Additional methods include use of sleep timers or loops within malware code to avoid operating within a temporary sandbox.</p> <a target="_blank" class="btn btn-primary" href="https://attack.mitre.org/techniques/T1497/"> View on mitre </a> </span> </vt-ui-popover> </span> </div> <!--?lit$336419335$--> <div class="table-responsive"> <table class="table"> <thead> <tr> <th scope="col" class="fw-bold px-3">Severity</th> <th scope="col" class="fw-bold px-3">Description</th> <th scope="col" class="fw-bold px-3">Match</th> </tr> </thead> <tbody> <!--?lit$336419335$--><!----> <tr> <td><!--?lit$336419335$-->INFO</td> <td class="col-6"> <!--?lit$336419335$--><a href="https://www
<path fill-rule="evenodd" clip-rule="evenodd" d="M11.8125 3.625V9.25L8.4375 10.8125L3.625 7.375L11.8125 3.625ZM15.8703 10.7525L12 12.8125L9.4375 10.75L12.4375 9.125L12.625 9.21364V3.625L20.8125 7.375L16 10.8125L15.8703 10.7525Z" fill="#86AAF9"></path>
<path fill-rule="evenodd" clip-rule="evenodd" d="M2.9375 8.125V16L11.875 20.9375V13L2.9375 8.125ZM21.6875 8.4375V16.3125L12.75 21.25V13.3125L21.6875 8.4375Z" fill="#CFDDFC"></path>
<path d="M21.7247 6.85182L12.9174 2.13603C12.6422 1.95466 12.367 1.95466 12.0917 2.13603L2.55046 6.85182C2.27522 7.0332 2.09174 7.30526 2 7.66801V15.9206C2 16.2834 2.18349 16.5555 2.45871 16.7368L11.5413 21.906C11.6821 21.9794 11.8414 22.0108 12 21.9967H12.2752C12.367 21.9967 12.4587 21.906 12.4587 21.906L21.5413 16.8275C21.8164 16.6461 22 16.374 22 16.0114V7.84939C22 7.3125 21.9778 7.01857 21.7247 6.85182ZM12.367 11.9304L10.8073 11.0235L12.4587 10.1166L14.0183 10.9328L12.367 11.9304ZM15.8531 9.84457L13.4679 8.57489V4.58462L19.3394 7.7587L15.8531 9.84457ZM11.633 4.31255V8.39352L8.97246 9.93524L4.93577 7.66801L11.633 4.31255ZM3.83485 9.20972L11.1743 13.2907V19.4575L3.83485 15.2858V9.20972ZM13.0092 19.4575V13.6535L20.3485 9.3004V15.3765L13.0092 19.4575Z" fill="#0B4DDA"></path>
</svg>
<!--?--> </div> </div><!----> </div><!--?--></template></vt-ui-sandbox-icon-row> <a target="_blank" href="https://www.virustotal.com/gui/search/attack_technique%253AT1518"> <!--?lit$336419335$-->Software Discovery </a> <span role="button" class="badge rounded-pill bg-body-tertiary text-body-tertiary ms-2"> <!--?lit$336419335$-->T1518 <vt-ui-popover><template shadowrootmode="open"><!----> <div class="popover bs-popover-auto shadow" role="tooltip" data-popper-reference-hidden="" data-popper-escaped="" data-popper-placement="right" style="position: absolute; inset: 0px auto auto 0px; margin: 0px; transform: translate3d(6.82261px, 0px, 0px);"> <div data-popper-arrow="" class="popover-arrow position-absolute" style="position: absolute; top: 0px; transform: translate3d(0px, 0px, 0px);"></div> <h3 class="popover-header d-none "> <slot name="header"></slot> </h3> <div class="popover-body" style="max-height:calc(100vh - 50px);overflow-y:auto"> <slot name="content"></slot> </div> </div> </template> <span slot="header"
<path d="M9.058 17.5c-.505 0-.933-.175-1.283-.525a1.745 1.745 0 0 1-.525-1.283V4.308c0-.505.175-.933.525-1.283.35-.35.778-.525 1.283-.525h8.384c.505 0 .933.175 1.283.525.35.35.525.778.525 1.283v11.384c0 .505-.175.933-.525 1.283-.35.35-.778.525-1.283.525H9.058Zm0-1.5h8.384a.294.294 0 0 0 .212-.096.294.294 0 0 0 .096-.212V4.308a.294.294 0 0 0-.096-.212.294.294 0 0 0-.212-.096H9.058a.294.294 0 0 0-.212.096.294.294 0 0 0-.096.212v11.384c0 .077.032.148.096.212a.294.294 0 0 0 .212.096Zm-3.5 5c-.505 0-.933-.175-1.283-.525a1.745 1.745 0 0 1-.525-1.283V6.308h1.5v12.884c0 .077.032.148.096.212a.294.294 0 0 0 .212.096h9.884V21H5.558Z"></path>
</svg>
<!--?--> </a> </div> </span> <span slot="content"> <p><!--?lit$336419335$-->Adversaries may attempt to get a listing of software and software versions that are installed on a system or in a cloud environment. Adversaries may use the information from Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Such software may be deployed widely across the environment for configuration management or security reasons, such as Software Deployment Tools, and may allow adversaries broad access to infect devices or move laterally.
Adversaries may attempt to enumerate software for a variety of reasons, such as figuring out what security measures are present or if the compromised system has a version of software that is vulnerable to Exploitation for Privilege Escalation.</p> <a target="_blank" class="btn btn-primary" href="https://attack.mitre.org/techniques/T1518/"> View on mitre </a> </span> </vt-ui-popover> </span> </div> <!--?lit$336419335$--> </span> </td> </tr> <!----><!----> <tr> <!--?lit$336419335$--> <td class="py-2 px-0"> <span class="p-0"> <!--?lit$336419335$--> <div class="hstack"> <!--?lit$336419335$--><vt-ui-sandbox-icon-row class="me-2"><template shadowrootmode="open"><!----> <!--?lit$336419335$--><div class="hstack icons-row"> <!--?lit$336419335$--><!----><div class="box rounded-circle d-inline-flex align-middle bg-body attributed border "> <!--?lit$336419335$--><div data-tooltip-position="right" data-tooltip-text="Zenbox"> <!--?lit$336419335$--><!--?lit$336419335$--><svg width="1em" height="1em" viewBox="0 0 24 24" fil
<path fill-rule="evenodd" clip-rule="evenodd" d="M11.8125 3.625V9.25L8.4375 10.8125L3.625 7.375L11.8125 3.625ZM15.8703 10.7525L12 12.8125L9.4375 10.75L12.4375 9.125L12.625 9.21364V3.625L20.8125 7.375L16 10.8125L15.8703 10.7525Z" fill="#86AAF9"></path>
<path fill-rule="evenodd" clip-rule="evenodd" d="M2.9375 8.125V16L11.875 20.9375V13L2.9375 8.125ZM21.6875 8.4375V16.3125L12.75 21.25V13.3125L21.6875 8.4375Z" fill="#CFDDFC"></path>
<path d="M21.7247 6.85182L12.9174 2.13603C12.6422 1.95466 12.367 1.95466 12.0917 2.13603L2.55046 6.85182C2.27522 7.0332 2.09174 7.30526 2 7.66801V15.9206C2 16.2834 2.18349 16.5555 2.45871 16.7368L11.5413 21.906C11.6821 21.9794 11.8414 22.0108 12 21.9967H12.2752C12.367 21.9967 12.4587 21.906 12.4587 21.906L21.5413 16.8275C21.8164 16.6461 22 16.374 22 16.0114V7.84939C22 7.3125 21.9778 7.01857 21.7247 6.85182ZM12.367 11.9304L10.8073 11.0235L12.4587 10.1166L14.0183 10.9328L12.367 11.9304ZM15.8531 9.84457L13.4679 8.57489V4.58462L19.3394 7.7587L15.8531 9.84457ZM11.633 4.31255V8.39352L8.97246 9.93524L4.93577 7.66801L11.633 4.31255ZM3.83485 9.20972L11.1743 13.2907V19.4575L3.83485 15.2858V9.20972ZM13.0092 19.4575V13.6535L20.3485 9.3004V15.3765L13.0092 19.4575Z" fill="#0B4DDA"></path>
</svg>
<!--?--> </div> </div><!----> </div><!--?--></template></vt-ui-sandbox-icon-row> <a target="_blank" href="https://www.virustotal.com/gui/search/attack_technique%253AT1518.001"> <!--?lit$336419335$-->Security Software Discovery </a> <span role="button" class="badge rounded-pill bg-body-tertiary text-body-tertiary ms-2"> <!--?lit$336419335$-->T1518.001 <vt-ui-popover><template shadowrootmode="open"><!----> <div class="popover bs-popover-auto shadow" role="tooltip" data-popper-reference-hidden="" data-popper-escaped="" data-popper-placement="right" style="position: absolute; inset: 0px auto auto 0px; margin: 0px; transform: translate3d(6.82261px, 0px, 0px);"> <div data-popper-arrow="" class="popover-arrow position-absolute" style="position: absolute; top: 0px; transform: translate3d(0px, 0px, 0px);"></div> <h3 class="popover-header d-none "> <slot name="header"></slot> </h3> <div class="popover-body" style="max-height:calc(100vh - 50px);overflow-y:auto"> <slot name="content"></slot> </div> </div> </template> <s
<path d="M9.058 17.5c-.505 0-.933-.175-1.283-.525a1.745 1.745 0 0 1-.525-1.283V4.308c0-.505.175-.933.525-1.283.35-.35.778-.525 1.283-.525h8.384c.505 0 .933.175 1.283.525.35.35.525.778.525 1.283v11.384c0 .505-.175.933-.525 1.283-.35.35-.778.525-1.283.525H9.058Zm0-1.5h8.384a.294.294 0 0 0 .212-.096.294.294 0 0 0 .096-.212V4.308a.294.294 0 0 0-.096-.212.294.294 0 0 0-.212-.096H9.058a.294.294 0 0 0-.212.096.294.294 0 0 0-.096.212v11.384c0 .077.032.148.096.212a.294.294 0 0 0 .212.096Zm-3.5 5c-.505 0-.933-.175-1.283-.525a1.745 1.745 0 0 1-.525-1.283V6.308h1.5v12.884c0 .077.032.148.096.212a.294.294 0 0 0 .212.096h9.884V21H5.558Z"></path>
</svg>
<!--?--> </a> </div> </span> <span slot="content"> <p><!--?lit$336419335$-->Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as cloud monitoring agents and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Example commands that can be used to obtain security software information are netsh, reg query with Reg, dir with cmd, and Tasklist, but other indicators of discovery behavior may be more specific to the type of software or security system the adversary is looking for. It is becoming more common to see macOS malware perform checks for LittleSnitch and KnockKnock software.
Adversaries may also utilize the Cloud API to discover cloud-native security software installed on compute infrastructure, such as the AWS CloudWatch agent, Azure VM Agent, and Google Cloud Monitor agent. These agents may collect metrics and logs from the VM, which may be centrally aggregated in a cloud-based monitoring platform.</p> <a target="_blank" class="btn btn-primary" href="https://attack.mitre.org/techniques/T1518/001/"> View on mitre </a> </span> </vt-ui-popover> </span> </div> <!--?lit$336419335$--> <div class="table-responsive"> <table class="table"> <thead> <tr> <th scope="col" class="fw-bold px-3">Severity</th> <th scope="col" class="fw-bold px-3">Description</th> <th scope="col" class="fw-bold px-3">Match</th> </tr> </thead> <tbody> <!--?lit$336419335$--><!----> <tr> <td><!--?lit$336419335$-->INFO</td> <td class="col-6"> <!--?lit$336419335$--><a href="https://www.virustotal.com/gui/search/behaviour%253A%2522May%2520try%2520to%2520detect%2520the%2520virtual%2520machine%2520to%2520hinder%2520an
<path d="M11.35 12.636H5.703V11.34h5.649V5.69h1.298v5.65h5.649v1.297H12.65v5.65h-1.298v-5.65Z"></path>
</svg>
<!--?--> <span id="slot"><slot></slot></span> <!--?lit$336419335$--> </span> </span> <div class="spinner"> <div class="bounce1"></div> <div class="bounce2"></div> <div class="bounce3"></div> </div> </template></vt-ui-button> <div id="label"> <slot name="label-content"> <!--?lit$336419335$--> </slot> </div> </div> <div id="content" hidden=""> <slot name="content"></slot> </div> </template> <span slot="label-content"> <h5 class="fs-6 fw-bold my-1 d-flex w-100 align-items-center"> <!--?lit$336419335$--> <div class="hstack"> <!--?lit$336419335$--> <a target="_blank" href="https://www.virustotal.com/gui/search/attack_tactic%253ATA0009"> <!--?lit$336419335$-->Collection </a> <span role="button" class="badge rounded-pill bg-body-tertiary text-body-tertiary ms-2"> <!--?lit$336419335$-->TA0009 <vt-ui-popover><template shadowrootmode="open"><!----> <div class="popover bs-popover-auto shadow" role="tooltip" data-popper-reference-hidden="" data-popper-escaped="" data-popper-placement="top" style="position: absolute; in
<path d="M9.058 17.5c-.505 0-.933-.175-1.283-.525a1.745 1.745 0 0 1-.525-1.283V4.308c0-.505.175-.933.525-1.283.35-.35.778-.525 1.283-.525h8.384c.505 0 .933.175 1.283.525.35.35.525.778.525 1.283v11.384c0 .505-.175.933-.525 1.283-.35.35-.778.525-1.283.525H9.058Zm0-1.5h8.384a.294.294 0 0 0 .212-.096.294.294 0 0 0 .096-.212V4.308a.294.294 0 0 0-.096-.212.294.294 0 0 0-.212-.096H9.058a.294.294 0 0 0-.212.096.294.294 0 0 0-.096.212v11.384c0 .077.032.148.096.212a.294.294 0 0 0 .212.096Zm-3.5 5c-.505 0-.933-.175-1.283-.525a1.745 1.745 0 0 1-.525-1.283V6.308h1.5v12.884c0 .077.032.148.096.212a.294.294 0 0 0 .212.096h9.884V21H5.558Z"></path>
</svg>
<!--?--> </a> </div> </span> <span slot="content"> <p><!--?lit$336419335$-->The adversary is trying to gather data of interest to their goal.
Collection consists of techniques adversaries may use to gather information and the sources information is collected from that are relevant to following through on the adversary's objectives. Frequently, the next goal after collecting data is to either steal (exfiltrate) the data or to use the data to gain more information about the target environment. Common target sources include various drive types, browsers, audio, video, and email. Common collection methods include capturing screenshots and keyboard input.</p> <a target="_blank" class="btn btn-primary" href="https://attack.mitre.org/tactics/TA0009/"> View on mitre </a> </span> </vt-ui-popover> </span> </div> </h5> </span> <span slot="content"> <table class="table table-borderless table-sm w-auto fs-6 ms-2 mb-0"> <!--?lit$336419335$--><!----> <tr> <!--?lit$336419335$--> <td class="py-2 px-0"> <span class="p-0"> <!--?lit$336419335$--> <div class="hstack"> <!--?lit$336419335$--><vt-ui-sandbox-icon-row class="me-2"><template shadowrootmode="open"><!----> <!-
<path fill-rule="evenodd" clip-rule="evenodd" d="M11.8125 3.625V9.25L8.4375 10.8125L3.625 7.375L11.8125 3.625ZM15.8703 10.7525L12 12.8125L9.4375 10.75L12.4375 9.125L12.625 9.21364V3.625L20.8125 7.375L16 10.8125L15.8703 10.7525Z" fill="#86AAF9"></path>
<path fill-rule="evenodd" clip-rule="evenodd" d="M2.9375 8.125V16L11.875 20.9375V13L2.9375 8.125ZM21.6875 8.4375V16.3125L12.75 21.25V13.3125L21.6875 8.4375Z" fill="#CFDDFC"></path>
<path d="M21.7247 6.85182L12.9174 2.13603C12.6422 1.95466 12.367 1.95466 12.0917 2.13603L2.55046 6.85182C2.27522 7.0332 2.09174 7.30526 2 7.66801V15.9206C2 16.2834 2.18349 16.5555 2.45871 16.7368L11.5413 21.906C11.6821 21.9794 11.8414 22.0108 12 21.9967H12.2752C12.367 21.9967 12.4587 21.906 12.4587 21.906L21.5413 16.8275C21.8164 16.6461 22 16.374 22 16.0114V7.84939C22 7.3125 21.9778 7.01857 21.7247 6.85182ZM12.367 11.9304L10.8073 11.0235L12.4587 10.1166L14.0183 10.9328L12.367 11.9304ZM15.8531 9.84457L13.4679 8.57489V4.58462L19.3394 7.7587L15.8531 9.84457ZM11.633 4.31255V8.39352L8.97246 9.93524L4.93577 7.66801L11.633 4.31255ZM3.83485 9.20972L11.1743 13.2907V19.4575L3.83485 15.2858V9.20972ZM13.0092 19.4575V13.6535L20.3485 9.3004V15.3765L13.0092 19.4575Z" fill="#0B4DDA"></path>
</svg>
<!--?--> </div> </div><!----> </div><!--?--></template></vt-ui-sandbox-icon-row> <a target="_blank" href="https://www.virustotal.com/gui/search/attack_technique%253AT1056"> <!--?lit$336419335$-->Input Capture </a> <span role="button" class="badge rounded-pill bg-body-tertiary text-body-tertiary ms-2"> <!--?lit$336419335$-->T1056 <vt-ui-popover><template shadowrootmode="open"><!----> <div class="popover bs-popover-auto shadow" role="tooltip" data-popper-reference-hidden="" data-popper-escaped="" data-popper-placement="right" style="position: absolute; inset: 0px auto auto 0px; margin: 0px; transform: translate3d(6.82261px, 0px, 0px);"> <div data-popper-arrow="" class="popover-arrow position-absolute" style="position: absolute; top: 0px; transform: translate3d(0px, 0px, 0px);"></div> <h3 class="popover-header d-none "> <slot name="header"></slot> </h3> <div class="popover-body" style="max-height:calc(100vh - 50px);overflow-y:auto"> <slot name="content"></slot> </div> </div> </template> <span slot="header"> <di
<path d="M9.058 17.5c-.505 0-.933-.175-1.283-.525a1.745 1.745 0 0 1-.525-1.283V4.308c0-.505.175-.933.525-1.283.35-.35.778-.525 1.283-.525h8.384c.505 0 .933.175 1.283.525.35.35.525.778.525 1.283v11.384c0 .505-.175.933-.525 1.283-.35.35-.778.525-1.283.525H9.058Zm0-1.5h8.384a.294.294 0 0 0 .212-.096.294.294 0 0 0 .096-.212V4.308a.294.294 0 0 0-.096-.212.294.294 0 0 0-.212-.096H9.058a.294.294 0 0 0-.212.096.294.294 0 0 0-.096.212v11.384c0 .077.032.148.096.212a.294.294 0 0 0 .212.096Zm-3.5 5c-.505 0-.933-.175-1.283-.525a1.745 1.745 0 0 1-.525-1.283V6.308h1.5v12.884c0 .077.032.148.096.212a.294.294 0 0 0 .212.096h9.884V21H5.558Z"></path>
</svg>
<!--?--> </a> </div> </span> <span slot="content"> <p><!--?lit$336419335$-->Adversaries may use methods of capturing user input to obtain credentials or collect information. During normal system usage, users often provide credentials to various different locations, such as login pages/portals or system dialog boxes. Input capture mechanisms may be transparent to the user (e.g. Credential API Hooking) or rely on deceiving the user into providing input into what they believe to be a genuine service (e.g. Web Portal Capture).</p> <a target="_blank" class="btn btn-primary" href="https://attack.mitre.org/techniques/T1056/"> View on mitre </a> </span> </vt-ui-popover> </span> </div> <!--?lit$336419335$--> <div class="table-responsive"> <table class="table"> <thead> <tr> <th scope="col" class="fw-bold px-3">Severity</th> <th scope="col" class="fw-bold px-3">Description</th> <th scope="col" class="fw-bold px-3">Match</th> </tr> </thead> <tbody> <!--?lit$336419335$--><!----> <tr> <td><!--?lit$336419335$-->INFO</td> <t
<path d="M11.35 12.636H5.703V11.34h5.649V5.69h1.298v5.65h5.649v1.297H12.65v5.65h-1.298v-5.65Z"></path>
</svg>
<!--?--> <span id="slot"><slot></slot></span> <!--?lit$336419335$--> </span> </span> <div class="spinner"> <div class="bounce1"></div> <div class="bounce2"></div> <div class="bounce3"></div> </div> </template></vt-ui-button> <div id="label"> <slot name="label-content"> <!--?lit$336419335$--> </slot> </div> </div> <div id="content" hidden=""> <slot name="content"></slot> </div> </template> <span slot="label-content"> <h5 class="fs-6 fw-bold my-1 d-flex w-100 align-items-center"> <!--?lit$336419335$--> <div class="hstack"> <!--?lit$336419335$--> <a target="_blank" href="https://www.virustotal.com/gui/search/attack_tactic%253ATA0011"> <!--?lit$336419335$-->Command and Control </a> <span role="button" class="badge rounded-pill bg-body-tertiary text-body-tertiary ms-2"> <!--?lit$336419335$-->TA0011 <vt-ui-popover><template shadowrootmode="open"><!----> <div class="popover bs-popover-auto shadow" role="tooltip" data-popper-reference-hidden="" data-popper-escaped="" data-popper-placement="top" style="position: abs
<path d="M9.058 17.5c-.505 0-.933-.175-1.283-.525a1.745 1.745 0 0 1-.525-1.283V4.308c0-.505.175-.933.525-1.283.35-.35.778-.525 1.283-.525h8.384c.505 0 .933.175 1.283.525.35.35.525.778.525 1.283v11.384c0 .505-.175.933-.525 1.283-.35.35-.778.525-1.283.525H9.058Zm0-1.5h8.384a.294.294 0 0 0 .212-.096.294.294 0 0 0 .096-.212V4.308a.294.294 0 0 0-.096-.212.294.294 0 0 0-.212-.096H9.058a.294.294 0 0 0-.212.096.294.294 0 0 0-.096.212v11.384c0 .077.032.148.096.212a.294.294 0 0 0 .212.096Zm-3.5 5c-.505 0-.933-.175-1.283-.525a1.745 1.745 0 0 1-.525-1.283V6.308h1.5v12.884c0 .077.032.148.096.212a.294.294 0 0 0 .212.096h9.884V21H5.558Z"></path>
</svg>
<!--?--> </a> </div> </span> <span slot="content"> <p><!--?lit$336419335$-->The adversary is trying to communicate with compromised systems to control them.
Command and Control consists of techniques that adversaries may use to communicate with systems under their control within a victim network. Adversaries commonly attempt to mimic normal, expected traffic to avoid detection. There are many ways an adversary can establish command and control with various levels of stealth depending on the victim
s network structure and defenses.</p> <a target="_blank" class="btn btn-primary" href="https://attack.mitre.org/tactics/TA0011/"> View on mitre </a> </span> </vt-ui-popover> </span> </div> </h5> </span> <span slot="content"> <table class="table table-borderless table-sm w-auto fs-6 ms-2 mb-0"> <!--?lit$336419335$--><!----> <tr> <!--?lit$336419335$--> <td class="py-2 px-0"> <span class="p-0"> <!--?lit$336419335$--> <div class="hstack"> <!--?lit$336419335$--><vt-ui-sandbox-icon-row class="me-2"><template shadowrootmode="open"><!----> <!--?lit$336419335$--><div class="hstack icons-row"> <!--?lit$336419335$--><!----><div class="box rounded-circle d-inline-flex align-middle bg-body attributed border "> <!--?lit$336419335$--><div data-tooltip-position="right" data-tooltip-text="CAPE Sandbox"> <!--?lit$336419335$--><!--?lit$336419335$--><svg width="1em" height="1em" viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg">
<path d="M6.18844 18.4529C6.18844 18.4529 4.13057 16.586 3.59932 12.5028C3.06807 8.41949 4.75523 5.8289 6.88217 3.82163C9.00912 1.81437 12.1772 1.27818 14.3732 3.16859C16.5692 5.05899 18.3264 8.44208 15.9913 10.7528C15.9913 10.7528 12.7084 7.08884 7.99138 10.6359C4.75426 13.366 6.18844 18.4529 6.18844 18.4529Z" fill="#FF001D"></path>
<path d="M13.009 22C13.009 22 8.61594 21.2998 7.38317 17.0997C6.1504 12.8995 8.06134 10.9237 10.6203 10.2078C10.6203 10.2078 9.69595 12.4173 11.6526 12.9771C13.6093 13.5369 15.7985 13.1018 17.3553 10.69C17.3553 10.6585 18.049 9.7099 17.7562 6.73828C17.7562 6.73828 18.7116 8.60511 20.5 9.44475C20.5 9.44475 19.3752 10.6271 20.4533 12.93C20.4533 12.93 18.6503 13.4593 18.7574 15.8859C18.7574 15.8859 16.6304 15.8083 16.1527 18.4843C16.1527 18.4843 12.4699 18.6709 13.009 22Z" fill="#222222"></path>
</svg>
<!--?--> </div> </div><!----><!----><div class="box rounded-circle d-inline-flex align-middle bg-body attributed border icon-margin "> <!--?lit$336419335$--><div data-tooltip-position="right" data-tooltip-text="Zenbox"> <!--?lit$336419335$--><!--?lit$336419335$--><svg width="1em" height="1em" viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg">
<path fill-rule="evenodd" clip-rule="evenodd" d="M11.8125 3.625V9.25L8.4375 10.8125L3.625 7.375L11.8125 3.625ZM15.8703 10.7525L12 12.8125L9.4375 10.75L12.4375 9.125L12.625 9.21364V3.625L20.8125 7.375L16 10.8125L15.8703 10.7525Z" fill="#86AAF9"></path>
<path fill-rule="evenodd" clip-rule="evenodd" d="M2.9375 8.125V16L11.875 20.9375V13L2.9375 8.125ZM21.6875 8.4375V16.3125L12.75 21.25V13.3125L21.6875 8.4375Z" fill="#CFDDFC"></path>
<path d="M21.7247 6.85182L12.9174 2.13603C12.6422 1.95466 12.367 1.95466 12.0917 2.13603L2.55046 6.85182C2.27522 7.0332 2.09174 7.30526 2 7.66801V15.9206C2 16.2834 2.18349 16.5555 2.45871 16.7368L11.5413 21.906C11.6821 21.9794 11.8414 22.0108 12 21.9967H12.2752C12.367 21.9967 12.4587 21.906 12.4587 21.906L21.5413 16.8275C21.8164 16.6461 22 16.374 22 16.0114V7.84939C22 7.3125 21.9778 7.01857 21.7247 6.85182ZM12.367 11.9304L10.8073 11.0235L12.4587 10.1166L14.0183 10.9328L12.367 11.9304ZM15.8531 9.84457L13.4679 8.57489V4.58462L19.3394 7.7587L15.8531 9.84457ZM11.633 4.31255V8.39352L8.97246 9.93524L4.93577 7.66801L11.633 4.31255ZM3.83485 9.20972L11.1743 13.2907V19.4575L3.83485 15.2858V9.20972ZM13.0092 19.4575V13.6535L20.3485 9.3004V15.3765L13.0092 19.4575Z" fill="#0B4DDA"></path>
</svg>
<!--?--> </div> </div><!----> </div><!--?--></template></vt-ui-sandbox-icon-row> <a target="_blank" href="https://www.virustotal.com/gui/search/attack_technique%253AT1071"> <!--?lit$336419335$-->Application Layer Protocol </a> <span role="button" class="badge rounded-pill bg-body-tertiary text-body-tertiary ms-2"> <!--?lit$336419335$-->T1071 <vt-ui-popover><template shadowrootmode="open"><!----> <div class="popover bs-popover-auto shadow" role="tooltip" data-popper-reference-hidden="" data-popper-escaped="" data-popper-placement="right" style="position: absolute; inset: 0px auto auto 0px; margin: 0px; transform: translate3d(6.82261px, 0px, 0px);"> <div data-popper-arrow="" class="popover-arrow position-absolute" style="position: absolute; top: 0px; transform: translate3d(0px, 0px, 0px);"></div> <h3 class="popover-header d-none "> <slot name="header"></slot> </h3> <div class="popover-body" style="max-height:calc(100vh - 50px);overflow-y:auto"> <slot name="content"></slot> </div> </div> </template> <span slot=
<path d="M9.058 17.5c-.505 0-.933-.175-1.283-.525a1.745 1.745 0 0 1-.525-1.283V4.308c0-.505.175-.933.525-1.283.35-.35.778-.525 1.283-.525h8.384c.505 0 .933.175 1.283.525.35.35.525.778.525 1.283v11.384c0 .505-.175.933-.525 1.283-.35.35-.778.525-1.283.525H9.058Zm0-1.5h8.384a.294.294 0 0 0 .212-.096.294.294 0 0 0 .096-.212V4.308a.294.294 0 0 0-.096-.212.294.294 0 0 0-.212-.096H9.058a.294.294 0 0 0-.212.096.294.294 0 0 0-.096.212v11.384c0 .077.032.148.096.212a.294.294 0 0 0 .212.096Zm-3.5 5c-.505 0-.933-.175-1.283-.525a1.745 1.745 0 0 1-.525-1.283V6.308h1.5v12.884c0 .077.032.148.096.212a.294.294 0 0 0 .212.096h9.884V21H5.558Z"></path>
</svg>
<!--?--> </a> </div> </span> <span slot="content"> <p><!--?lit$336419335$-->Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Adversaries may utilize many different protocols, including those used for web browsing, transferring files, electronic mail, DNS, or publishing/subscribing. For connections that occur internally within an enclave (such as those between a proxy or pivot node and other nodes), commonly used protocols are SMB, SSH, or RDP. </p> <a target="_blank" class="btn btn-primary" href="https://attack.mitre.org/techniques/T1071/"> View on mitre </a> </span> </vt-ui-popover> </span> </div> <!--?lit$336419335$--> <div class="table-responsive"> <table class="table"> <thead> <tr> <th scope="col" class="fw-bold px-3">Severity</th> <th scope="col" class="fw-bold px-3">Description</th> <th scope="col" class="fw-bold px-3">Match</th> </tr> </thead> <tbody> <!--?lit$336419335$--><!----> <tr> <td><!--?lit$336419335$-->INFO</td> <td class="col-6"> <!--?lit$336419335$--><a href="https://www.virustotal.com/gui/search/behaviour%253A%2522Downloads%2520files%2520from%2520webservers%2520via%2520HTTP%2522"><!--?lit$336419335$-->Downloads f
<path fill-rule="evenodd" clip-rule="evenodd" d="M11.8125 3.625V9.25L8.4375 10.8125L3.625 7.375L11.8125 3.625ZM15.8703 10.7525L12 12.8125L9.4375 10.75L12.4375 9.125L12.625 9.21364V3.625L20.8125 7.375L16 10.8125L15.8703 10.7525Z" fill="#86AAF9"></path>
<path fill-rule="evenodd" clip-rule="evenodd" d="M2.9375 8.125V16L11.875 20.9375V13L2.9375 8.125ZM21.6875 8.4375V16.3125L12.75 21.25V13.3125L21.6875 8.4375Z" fill="#CFDDFC"></path>
<path d="M21.7247 6.85182L12.9174 2.13603C12.6422 1.95466 12.367 1.95466 12.0917 2.13603L2.55046 6.85182C2.27522 7.0332 2.09174 7.30526 2 7.66801V15.9206C2 16.2834 2.18349 16.5555 2.45871 16.7368L11.5413 21.906C11.6821 21.9794 11.8414 22.0108 12 21.9967H12.2752C12.367 21.9967 12.4587 21.906 12.4587 21.906L21.5413 16.8275C21.8164 16.6461 22 16.374 22 16.0114V7.84939C22 7.3125 21.9778 7.01857 21.7247 6.85182ZM12.367 11.9304L10.8073 11.0235L12.4587 10.1166L14.0183 10.9328L12.367 11.9304ZM15.8531 9.84457L13.4679 8.57489V4.58462L19.3394 7.7587L15.8531 9.84457ZM11.633 4.31255V8.39352L8.97246 9.93524L4.93577 7.66801L11.633 4.31255ZM3.83485 9.20972L11.1743 13.2907V19.4575L3.83485 15.2858V9.20972ZM13.0092 19.4575V13.6535L20.3485 9.3004V15.3765L13.0092 19.4575Z" fill="#0B4DDA"></path>
</svg>
<!--?--> </div> </div><!----> </div><!--?--></template></vt-ui-sandbox-icon-row> <a target="_blank" href="https://www.virustotal.com/gui/search/attack_technique%253AT1095"> <!--?lit$336419335$-->Non-Application Layer Protocol </a> <span role="button" class="badge rounded-pill bg-body-tertiary text-body-tertiary ms-2"> <!--?lit$336419335$-->T1095 <vt-ui-popover><template shadowrootmode="open"><!----> <div class="popover bs-popover-auto shadow" role="tooltip" data-popper-reference-hidden="" data-popper-escaped="" data-popper-placement="right" style="position: absolute; inset: 0px auto auto 0px; margin: 0px; transform: translate3d(6.82261px, 0px, 0px);"> <div data-popper-arrow="" class="popover-arrow position-absolute" style="position: absolute; top: 0px; transform: translate3d(0px, 0px, 0px);"></div> <h3 class="popover-header d-none "> <slot name="header"></slot> </h3> <div class="popover-body" style="max-height:calc(100vh - 50px);overflow-y:auto"> <slot name="content"></slot> </div> </div> </template> <span s
<path d="M9.058 17.5c-.505 0-.933-.175-1.283-.525a1.745 1.745 0 0 1-.525-1.283V4.308c0-.505.175-.933.525-1.283.35-.35.778-.525 1.283-.525h8.384c.505 0 .933.175 1.283.525.35.35.525.778.525 1.283v11.384c0 .505-.175.933-.525 1.283-.35.35-.778.525-1.283.525H9.058Zm0-1.5h8.384a.294.294 0 0 0 .212-.096.294.294 0 0 0 .096-.212V4.308a.294.294 0 0 0-.096-.212.294.294 0 0 0-.212-.096H9.058a.294.294 0 0 0-.212.096.294.294 0 0 0-.096.212v11.384c0 .077.032.148.096.212a.294.294 0 0 0 .212.096Zm-3.5 5c-.505 0-.933-.175-1.283-.525a1.745 1.745 0 0 1-.525-1.283V6.308h1.5v12.884c0 .077.032.148.096.212a.294.294 0 0 0 .212.096h9.884V21H5.558Z"></path>
</svg>
<!--?--> </a> </div> </span> <span slot="content"> <p><!--?lit$336419335$-->Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive. Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
ICMP communication between hosts is one example. Because ICMP is part of the Internet Protocol Suite, it is required to be implemented by all IP-compatible hosts. However, it is not as commonly monitored as other Internet Protocols such as TCP or UDP and may be used by adversaries to hide communications.
In ESXi environments, adversaries may leverage the Virtual Machine Communication Interface (VMCI) for communication between guest virtual machines and the ESXi host. This traffic is similar to client-server communications on traditional network sockets but is localized to the physical machine running the ESXi host, meaning it does not traverse external networks (routers, switches). This results in communications that are invisible to external monitoring and standard networking tools like tcpdump, netstat, nmap, and Wireshark. By adding a VMCI backdoor to a compromised ESXi host, adversaries may persistently regain access from any guest VM to the compromised ESXi host
s backdoor, regardless of network segmentation or firewall rules in place.</p> <a target="_blank" class="btn btn-primary" href="https://attack.mitre.org/techniques/T1095/"> View on mitre </a> </span> </vt-ui-popover> </span> </div> <!--?lit$336419335$--> <div class="table-responsive"> <table class="table"> <thead> <tr> <th scope="col" class="fw-bold px-3">Severity</th> <th scope="col" class="fw-bold px-3">Description</th> <th scope="col" class="fw-bold px-3">Match</th> </tr> </thead> <tbody> <!--?lit$336419335$--><!----> <tr> <td><!--?lit$336419335$-->INFO</td> <td class="col-6"> <!--?lit$336419335$--><a href="https://www.virustotal.com/gui/search/behaviour%253A%2522Downloads%2520files%2520from%2520webservers%2520via%2520HTTP%2522"><!--?lit$336419335$-->Downloads files from webservers via HTTP</a> </td> <td class="col-6" style="max-width:0"> <!--?lit$336419335$--> <div class="vstack"> <!--?lit$336419335$--><!----><a class="text-truncate" title="GET /index.php HTTP/1.0Accept: */*Connection: closeHost: chairclo
<path fill-rule="evenodd" clip-rule="evenodd" d="M11.8125 3.625V9.25L8.4375 10.8125L3.625 7.375L11.8125 3.625ZM15.8703 10.7525L12 12.8125L9.4375 10.75L12.4375 9.125L12.625 9.21364V3.625L20.8125 7.375L16 10.8125L15.8703 10.7525Z" fill="#86AAF9"></path>
<path fill-rule="evenodd" clip-rule="evenodd" d="M2.9375 8.125V16L11.875 20.9375V13L2.9375 8.125ZM21.6875 8.4375V16.3125L12.75 21.25V13.3125L21.6875 8.4375Z" fill="#CFDDFC"></path>
<path d="M21.7247 6.85182L12.9174 2.13603C12.6422 1.95466 12.367 1.95466 12.0917 2.13603L2.55046 6.85182C2.27522 7.0332 2.09174 7.30526 2 7.66801V15.9206C2 16.2834 2.18349 16.5555 2.45871 16.7368L11.5413 21.906C11.6821 21.9794 11.8414 22.0108 12 21.9967H12.2752C12.367 21.9967 12.4587 21.906 12.4587 21.906L21.5413 16.8275C21.8164 16.6461 22 16.374 22 16.0114V7.84939C22 7.3125 21.9778 7.01857 21.7247 6.85182ZM12.367 11.9304L10.8073 11.0235L12.4587 10.1166L14.0183 10.9328L12.367 11.9304ZM15.8531 9.84457L13.4679 8.57489V4.58462L19.3394 7.7587L15.8531 9.84457ZM11.633 4.31255V8.39352L8.97246 9.93524L4.93577 7.66801L11.633 4.31255ZM3.83485 9.20972L11.1743 13.2907V19.4575L3.83485 15.2858V9.20972ZM13.0092 19.4575V13.6535L20.3485 9.3004V15.3765L13.0092 19.4575Z" fill="#0B4DDA"></path>
</svg>
<!--?--> </div> </div><!----> </div><!--?--></template></vt-ui-sandbox-icon-row> <a target="_blank" href="https://www.virustotal.com/gui/search/attack_technique%253AT1105"> <!--?lit$336419335$-->Ingress Tool Transfer </a> <span role="button" class="badge rounded-pill bg-body-tertiary text-body-tertiary ms-2"> <!--?lit$336419335$-->T1105 <vt-ui-popover><template shadowrootmode="open"><!----> <div class="popover bs-popover-auto shadow" role="tooltip" data-popper-reference-hidden="" data-popper-escaped="" data-popper-placement="right" style="position: absolute; inset: 0px auto auto 0px; margin: 0px; transform: translate3d(6.82261px, 0px, 0px);"> <div data-popper-arrow="" class="popover-arrow position-absolute" style="position: absolute; top: 0px; transform: translate3d(0px, 0px, 0px);"></div> <h3 class="popover-header d-none "> <slot name="header"></slot> </h3> <div class="popover-body" style="max-height:calc(100vh - 50px);overflow-y:auto"> <slot name="content"></slot> </div> </div> </template> <span slot="head
<path d="M9.058 17.5c-.505 0-.933-.175-1.283-.525a1.745 1.745 0 0 1-.525-1.283V4.308c0-.505.175-.933.525-1.283.35-.35.778-.525 1.283-.525h8.384c.505 0 .933.175 1.283.525.35.35.525.778.525 1.283v11.384c0 .505-.175.933-.525 1.283-.35.35-.778.525-1.283.525H9.058Zm0-1.5h8.384a.294.294 0 0 0 .212-.096.294.294 0 0 0 .096-.212V4.308a.294.294 0 0 0-.096-.212.294.294 0 0 0-.212-.096H9.058a.294.294 0 0 0-.212.096.294.294 0 0 0-.096.212v11.384c0 .077.032.148.096.212a.294.294 0 0 0 .212.096Zm-3.5 5c-.505 0-.933-.175-1.283-.525a1.745 1.745 0 0 1-.525-1.283V6.308h1.5v12.884c0 .077.032.148.096.212a.294.294 0 0 0 .212.096h9.884V21H5.558Z"></path>
</svg>
<!--?--> </a> </div> </span> <span slot="content"> <p><!--?lit$336419335$-->Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp. Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer).
On Windows, adversaries may use various utilities to download tools, such as copy, finger, certutil, and PowerShell commands such as IEX(New-Object Net.WebClient).downloadString() and Invoke-WebRequest. On Linux and macOS systems, a variety of utilities also exist, such as curl, scp, sftp, tftp, rsync, finger, and wget. A number of these tools, such as wget, curl, and scp, also exist on ESXi. After downloading a file, a threat actor may attempt to verify its integrity by checking its hash value (e.g., via certutil -hashfile).
Adversaries may also abuse installers and package managers, such as yum or winget, to download tools to victim hosts. Adversaries have also abused file application features, such as the Windows search-ms protocol handler, to deliver malicious files to victims through remote file searches invoked by User Execution (typically after interacting with Phishing lures).
Files can also be transferred using various Web Services as well as native or otherwise present tools on the victim system. In some cases, adversaries may be able to leverage services that sync between a web-based and an on-premises client, such as Dropbox or OneDrive, to transfer files onto victim systems. For example, by compromising a cloud account and logging into the service's web portal, an adversary may be able to trigger an automatic syncing process that transfers the file onto the victim's machine.</p> <a target="_blank" class="btn btn-primary" href="https://attack.mitre.org/techniques/T1105/"> View on mitre </a> </span> </vt-ui-popover> </span> </div> <!--?lit$336419335$--> <div class="table-responsive"> <table class="table"> <thead> <tr> <th scope="col" class="fw-bold px-3">Severity</th> <th scope="col" class="fw-bold px-3">Description</th> <th scope="col" class="fw-bold px-3">Match</th> </tr> </thead> <tbody> <!--?lit$336419335$--><!----> <tr> <td><!--?lit$336419335$-->INFO</td> <td class="col-6">
<path d="M11.35 12.636H5.703V11.34h5.649V5.69h1.298v5.65h5.649v1.297H12.65v5.65h-1.298v-5.65Z"></path>
</svg>
<!--?--> <span id="slot"><slot></slot></span> <!--?lit$336419335$--> </span> </span> <div class="spinner"> <div class="bounce1"></div> <div class="bounce2"></div> <div class="bounce3"></div> </div> </template></vt-ui-button> <div id="label"> <slot name="label-content"> <!--?lit$336419335$--> </slot> </div> </div> <div id="content" hidden=""> <slot name="content"></slot> </div> </template> <span slot="label-content"> <h5 class="fs-6 fw-bold my-1 d-flex w-100 align-items-center"> <!--?lit$336419335$--> <div class="hstack"> <!--?lit$336419335$--> <a target="_blank" href="https://www.virustotal.com/gui/search/attack_tactic%253ATA0040"> <!--?lit$336419335$-->Impact </a> <span role="button" class="badge rounded-pill bg-body-tertiary text-body-tertiary ms-2"> <!--?lit$336419335$-->TA0040 <vt-ui-popover><template shadowrootmode="open"><!----> <div class="popover bs-popover-auto shadow" role="tooltip" data-popper-reference-hidden="" data-popper-escaped="" data-popper-placement="top" style="position: absolute; inset:
<path d="M9.058 17.5c-.505 0-.933-.175-1.283-.525a1.745 1.745 0 0 1-.525-1.283V4.308c0-.505.175-.933.525-1.283.35-.35.778-.525 1.283-.525h8.384c.505 0 .933.175 1.283.525.35.35.525.778.525 1.283v11.384c0 .505-.175.933-.525 1.283-.35.35-.778.525-1.283.525H9.058Zm0-1.5h8.384a.294.294 0 0 0 .212-.096.294.294 0 0 0 .096-.212V4.308a.294.294 0 0 0-.096-.212.294.294 0 0 0-.212-.096H9.058a.294.294 0 0 0-.212.096.294.294 0 0 0-.096.212v11.384c0 .077.032.148.096.212a.294.294 0 0 0 .212.096Zm-3.5 5c-.505 0-.933-.175-1.283-.525a1.745 1.745 0 0 1-.525-1.283V6.308h1.5v12.884c0 .077.032.148.096.212a.294.294 0 0 0 .212.096h9.884V21H5.558Z"></path>
</svg>
<!--?--> </a> </div> </span> <span slot="content"> <p><!--?lit$336419335$-->The adversary is trying to manipulate, interrupt, or destroy your systems and data.
Impact consists of techniques that adversaries use to disrupt availability or compromise integrity by manipulating business and operational processes. Techniques used for impact can include destroying or tampering with data. In some cases, business processes can look fine, but may have been altered to benefit the adversaries
goals. These techniques might be used by adversaries to follow through on their end goal or to provide cover for a confidentiality breach.</p> <a target="_blank" class="btn btn-primary" href="https://attack.mitre.org/tactics/TA0040/"> View on mitre </a> </span> </vt-ui-popover> </span> </div> </h5> </span> <span slot="content"> <table class="table table-borderless table-sm w-auto fs-6 ms-2 mb-0"> <!--?lit$336419335$--><!----> <tr> <!--?lit$336419335$--> <td class="py-2 px-0"> <span class="p-0"> <!--?lit$336419335$--> <div class="hstack"> <!--?lit$336419335$--><vt-ui-sandbox-icon-row class="me-2"><template shadowrootmode="open"><!----> <!--?lit$336419335$--><div class="hstack icons-row"> <!--?lit$336419335$--><!----><div class="box rounded-circle d-inline-flex align-middle bg-body attributed border "> <!--?lit$336419335$--><div data-tooltip-position="right" data-tooltip-text="CAPE Sandbox"> <!--?lit$336419335$--><!--?lit$336419335$--><svg width="1em" height="1em" viewBox="0 0 24 24" fill="none" xmlns="http:/
<path d="M6.18844 18.4529C6.18844 18.4529 4.13057 16.586 3.59932 12.5028C3.06807 8.41949 4.75523 5.8289 6.88217 3.82163C9.00912 1.81437 12.1772 1.27818 14.3732 3.16859C16.5692 5.05899 18.3264 8.44208 15.9913 10.7528C15.9913 10.7528 12.7084 7.08884 7.99138 10.6359C4.75426 13.366 6.18844 18.4529 6.18844 18.4529Z" fill="#FF001D"></path>
<path d="M13.009 22C13.009 22 8.61594 21.2998 7.38317 17.0997C6.1504 12.8995 8.06134 10.9237 10.6203 10.2078C10.6203 10.2078 9.69595 12.4173 11.6526 12.9771C13.6093 13.5369 15.7985 13.1018 17.3553 10.69C17.3553 10.6585 18.049 9.7099 17.7562 6.73828C17.7562 6.73828 18.7116 8.60511 20.5 9.44475C20.5 9.44475 19.3752 10.6271 20.4533 12.93C20.4533 12.93 18.6503 13.4593 18.7574 15.8859C18.7574 15.8859 16.6304 15.8083 16.1527 18.4843C16.1527 18.4843 12.4699 18.6709 13.009 22Z" fill="#222222"></path>
</svg>
<!--?--> </div> </div><!----> </div><!--?--></template></vt-ui-sandbox-icon-row> <a target="_blank" href="https://www.virustotal.com/gui/search/attack_technique%253AT1485"> <!--?lit$336419335$-->Data Destruction </a> <span role="button" class="badge rounded-pill bg-body-tertiary text-body-tertiary ms-2"> <!--?lit$336419335$-->T1485 <vt-ui-popover><template shadowrootmode="open"><!----> <div class="popover bs-popover-auto shadow" role="tooltip" data-popper-reference-hidden="" data-popper-escaped="" data-popper-placement="right" style="position: absolute; inset: 0px auto auto 0px; margin: 0px; transform: translate3d(6.82261px, 0px, 0px);"> <div data-popper-arrow="" class="popover-arrow position-absolute" style="position: absolute; top: 0px; transform: translate3d(0px, 0px, 0px);"></div> <h3 class="popover-header d-none "> <slot name="header"></slot> </h3> <div class="popover-body" style="max-height:calc(100vh - 50px);overflow-y:auto"> <slot name="content"></slot> </div> </div> </template> <span slot="header">
<path d="M9.058 17.5c-.505 0-.933-.175-1.283-.525a1.745 1.745 0 0 1-.525-1.283V4.308c0-.505.175-.933.525-1.283.35-.35.778-.525 1.283-.525h8.384c.505 0 .933.175 1.283.525.35.35.525.778.525 1.283v11.384c0 .505-.175.933-.525 1.283-.35.35-.778.525-1.283.525H9.058Zm0-1.5h8.384a.294.294 0 0 0 .212-.096.294.294 0 0 0 .096-.212V4.308a.294.294 0 0 0-.096-.212.294.294 0 0 0-.212-.096H9.058a.294.294 0 0 0-.212.096.294.294 0 0 0-.096.212v11.384c0 .077.032.148.096.212a.294.294 0 0 0 .212.096Zm-3.5 5c-.505 0-.933-.175-1.283-.525a1.745 1.745 0 0 1-.525-1.283V6.308h1.5v12.884c0 .077.032.148.096.212a.294.294 0 0 0 .212.096h9.884V21H5.558Z"></path>
</svg>
<!--?--> </a> </div> </span> <span slot="content"> <p><!--?lit$336419335$-->Adversaries may destroy data and files on specific systems or in large numbers on a network to interrupt availability to systems, services, and network resources. Data destruction is likely to render stored data irrecoverable by forensic techniques through overwriting files or data on local and remote drives. Common operating system file deletion commands such as del and rm often only remove pointers to files without wiping the contents of the files themselves, making the files recoverable by proper forensic methodology. This behavior is distinct from Disk Content Wipe and Disk Structure Wipe because individual files are destroyed rather than sections of a storage disk or the disk's logical structure.
Adversaries may attempt to overwrite files and directories with randomly generated data to make it irrecoverable. In some cases politically oriented image files have been used to overwrite data.
To maximize impact on the target organization in operations where network-wide availability interruption is the goal, malware designed for destroying data may have worm-like features to propagate across a network by leveraging additional techniques like Valid Accounts, OS Credential Dumping, and SMB/Windows Admin Shares..
In cloud environments, adversaries may leverage access to delete cloud storage objects, machine images, database instances, and other infrastructure crucial to operations to damage an organization or their customers. Similarly, they may delete virtual machines from on-prem virtualized environments.</p> <a target="_blank" class="btn btn-primary" href="https://attack.mitre.org/techniques/T1485/"> View on mitre </a> </span> </vt-ui-popover> </span> </div> <!--?lit$336419335$--> <div class="table-responsive"> <table class="table"> <thead> <tr> <th scope="col" class="fw-bold px-3">Severity</th> <th scope="col" class="fw-bold px-3">Description</th> <th scope="col" class="fw-bold px-3">Match</th> </tr> </thead> <tbody> <!--?lit$336419335$--><!----> <tr> <td><!--?lit$336419335$-->UNKNOWN</td> <td class="col-6"> <!--?lit$336419335$--><a href="https://www.virustotal.com/gui/search/behaviour%253A%2522Adversaries%2520may%2520destroy%2520data%2520and%2520files%2520on%2520specific%2520systems%2520or%2520in%2520large%2520nu
<path d="M6.18844 18.4529C6.18844 18.4529 4.13057 16.586 3.59932 12.5028C3.06807 8.41949 4.75523 5.8289 6.88217 3.82163C9.00912 1.81437 12.1772 1.27818 14.3732 3.16859C16.5692 5.05899 18.3264 8.44208 15.9913 10.7528C15.9913 10.7528 12.7084 7.08884 7.99138 10.6359C4.75426 13.366 6.18844 18.4529 6.18844 18.4529Z" fill="#FF001D"></path>
<path d="M13.009 22C13.009 22 8.61594 21.2998 7.38317 17.0997C6.1504 12.8995 8.06134 10.9237 10.6203 10.2078C10.6203 10.2078 9.69595 12.4173 11.6526 12.9771C13.6093 13.5369 15.7985 13.1018 17.3553 10.69C17.3553 10.6585 18.049 9.7099 17.7562 6.73828C17.7562 6.73828 18.7116 8.60511 20.5 9.44475C20.5 9.44475 19.3752 10.6271 20.4533 12.93C20.4533 12.93 18.6503 13.4593 18.7574 15.8859C18.7574 15.8859 16.6304 15.8083 16.1527 18.4843C16.1527 18.4843 12.4699 18.6709 13.009 22Z" fill="#222222"></path>
</svg>
<!--?--> </div> </div><!----> </div><!--?--></template></vt-ui-sandbox-icon-row> <a target="_blank" href="https://www.virustotal.com/gui/search/attack_technique%253AT1496"> <!--?lit$336419335$-->Resource Hijacking </a> <span role="button" class="badge rounded-pill bg-body-tertiary text-body-tertiary ms-2"> <!--?lit$336419335$-->T1496 <vt-ui-popover><template shadowrootmode="open"><!----> <div class="popover bs-popover-auto shadow" role="tooltip" data-popper-reference-hidden="" data-popper-escaped="" data-popper-placement="right" style="position: absolute; inset: 0px auto auto 0px; margin: 0px; transform: translate3d(6.82261px, 0px, 0px);"> <div data-popper-arrow="" class="popover-arrow position-absolute" style="position: absolute; top: 0px; transform: translate3d(0px, 0px, 0px);"></div> <h3 class="popover-header d-none "> <slot name="header"></slot> </h3> <div class="popover-body" style="max-height:calc(100vh - 50px);overflow-y:auto"> <slot name="content"></slot> </div> </div> </template> <span slot="header"
<path d="M9.058 17.5c-.505 0-.933-.175-1.283-.525a1.745 1.745 0 0 1-.525-1.283V4.308c0-.505.175-.933.525-1.283.35-.35.778-.525 1.283-.525h8.384c.505 0 .933.175 1.283.525.35.35.525.778.525 1.283v11.384c0 .505-.175.933-.525 1.283-.35.35-.778.525-1.283.525H9.058Zm0-1.5h8.384a.294.294 0 0 0 .212-.096.294.294 0 0 0 .096-.212V4.308a.294.294 0 0 0-.096-.212.294.294 0 0 0-.212-.096H9.058a.294.294 0 0 0-.212.096.294.294 0 0 0-.096.212v11.384c0 .077.032.148.096.212a.294.294 0 0 0 .212.096Zm-3.5 5c-.505 0-.933-.175-1.283-.525a1.745 1.745 0 0 1-.525-1.283V6.308h1.5v12.884c0 .077.032.148.096.212a.294.294 0 0 0 .212.096h9.884V21H5.558Z"></path>
</svg>
<!--?--> </a> </div> </span> <span slot="content"> <p><!--?lit$336419335$-->Adversaries may leverage the resources of co-opted systems to complete resource-intensive tasks, which may impact system and/or hosted service availability.
Resource hijacking may take a number of different forms. For example, adversaries may:
Leverage compute resources in order to mine cryptocurrency
Sell network bandwidth to proxy networks
Generate SMS traffic for profit
Abuse cloud-based messaging services to send large quantities of spam messages
In some cases, adversaries may leverage multiple types of Resource Hijacking at once.</p> <a target="_blank" class="btn btn-primary" href="https://attack.mitre.org/techniques/T1496/"> View on mitre </a> </span> </vt-ui-popover> </span> </div> <!--?lit$336419335$--> <div class="table-responsive"> <table class="table"> <thead> <tr> <th scope="col" class="fw-bold px-3">Severity</th> <th scope="col" class="fw-bold px-3">Description</th> <th scope="col" class="fw-bold px-3">Match</th> </tr> </thead> <tbody> <!--?lit$336419335$--><!----> <tr> <td><!--?lit$336419335$-->UNKNOWN</td> <td class="col-6"> <!--?lit$336419335$--><a href="https://www.virustotal.com/gui/search/behaviour%253A%2522Adversaries%2520may%2520leverage%2520the%2520resources%2520of%2520co-opted%2520systems%2520in%2520order%2520to%2520solve%2520resource%2520intensive%2520problems%252C%2520which%2520may%2520impact%2520system%2520and%252For%2520hosted%2520service%2520availability.%2522"><!--?lit$336419335$-->Adversaries may leverage the resources of co-
<path d="M6.4 18.654 5.346 17.6l5.6-5.6-5.6-5.6L6.4 5.346l5.6 5.6 5.6-5.6L18.654 6.4l-5.6 5.6 5.6 5.6-1.054 1.054-5.6-5.6-5.6 5.6Z"></path>
</svg>
<!--?--> </button> </div> <div class="body"> <slot name="body"></slot> </div> </div> </vt-click-away-listener> </template> <div slot="header"> <h2 class="mb-0 mt-2"><!--?lit$336419335$--></h2> <div class="text-body-tertiary mb-2"> <!--?lit$336419335$--> </div> </div> <div slot="body"> <vt-ui-expandable description="Matched items within this behavior." expanded="" class="match-contexts"><template shadowrootmode="open"><!----> <div id="wrapper"> <!--?lit$336419335$--> <div class="section-header hstack gap-2 position-relative"> <slot name="header" class="hstack gap-2 w-100"> <div class="title hstack gap-2"> <!--?lit$336419335$--> <!--?lit$336419335$-->Matching items <!--?lit$336419335$--> </div> <!--?lit$336419335$--> <a id="info" role="button" class="hstack"> <!--?lit$336419335$--><!--?lit$336419335$--><svg xmlns="http://www.w3.org/2000/svg" width="1em" height="1em" viewBox="0 0 24 24" fill="currentColor">
<path d="M11.31 16.649h1.4V11.02h-1.4v5.629Zm.687-7.28a.75.75 0 0 0 .55-.217.738.738 0 0 0 .22-.547.751.751 0 0 0-.217-.55.738.738 0 0 0-.547-.22.75.75 0 0 0-.55.217.738.738 0 0 0-.22.547.75.75 0 0 0 .764.77Zm.005 11.93a9.05 9.05 0 0 1-3.626-.734 9.395 9.395 0 0 1-2.954-1.99 9.407 9.407 0 0 1-1.988-2.951 9.034 9.034 0 0 1-.732-3.622 9.05 9.05 0 0 1 .733-3.626 9.394 9.394 0 0 1 1.99-2.954 9.406 9.406 0 0 1 2.951-1.988 9.034 9.034 0 0 1 3.622-.732 9.05 9.05 0 0 1 3.626.733 9.394 9.394 0 0 1 2.954 1.99 9.406 9.406 0 0 1 1.988 2.951 9.034 9.034 0 0 1 .732 3.622 9.05 9.05 0 0 1-.733 3.626 9.394 9.394 0 0 1-1.99 2.954 9.405 9.405 0 0 1-2.951 1.988 9.033 9.033 0 0 1-3.622.732Zm-.002-1.4c2.198 0 4.064-.767 5.598-2.3 1.534-1.534 2.301-3.4 2.301-5.599 0-2.198-.767-4.064-2.3-5.598C16.064 4.868 14.198 4.1 12 4.1c-2.198 0-4.064.767-5.598 2.3C4.868 7.936 4.1 9.802 4.1 12c0 2.198.767 4.064 2.3 5.598C7.936 19.132 9.802 19.9 12 19.9Z"></path>
</svg>
<!--?--> </a> <vt-ui-tooltip for="info" position="right" animation-delay="0" class="tooltip-info" noink=""><template shadowrootmode="open"><!----> <div class="tooltip bs-tooltip-auto" role="tooltip" data-popper-reference-hidden="" data-popper-escaped="" data-popper-placement="right" style="position: absolute; inset: 0px auto auto 0px; margin: 0px; transform: translate3d(5.84795px, 0px, 0px);"> <div data-popper-arrow="" class="tooltip-arrow" style="position: absolute; top: 0px; transform: translate3d(0px, 0px, 0px);"></div> <div class="tooltip-inner"> <slot></slot> </div> </div> </template><!--?lit$336419335$-->Matched items within this behavior. </vt-ui-tooltip> <!--?lit$336419335$--> <!--?lit$336419335$--> <span class="ms-auto"><!--?lit$336419335$--></span> <!--?lit$336419335$--> <slot name="header-right-side"></slot> <!--?lit$336419335$--> </slot> <!--?lit$336419335$--> </div> <div class="details "> <!--?lit$336419335$--> <!--?lit$336419335$--> <slot name="content"></slot> </div> </div> </template> <s
<path d="M11.31 16.649h1.4V11.02h-1.4v5.629Zm.687-7.28a.75.75 0 0 0 .55-.217.738.738 0 0 0 .22-.547.751.751 0 0 0-.217-.55.738.738 0 0 0-.547-.22.75.75 0 0 0-.55.217.738.738 0 0 0-.22.547.75.75 0 0 0 .764.77Zm.005 11.93a9.05 9.05 0 0 1-3.626-.734 9.395 9.395 0 0 1-2.954-1.99 9.407 9.407 0 0 1-1.988-2.951 9.034 9.034 0 0 1-.732-3.622 9.05 9.05 0 0 1 .733-3.626 9.394 9.394 0 0 1 1.99-2.954 9.406 9.406 0 0 1 2.951-1.988 9.034 9.034 0 0 1 3.622-.732 9.05 9.05 0 0 1 3.626.733 9.394 9.394 0 0 1 2.954 1.99 9.406 9.406 0 0 1 1.988 2.951 9.034 9.034 0 0 1 .732 3.622 9.05 9.05 0 0 1-.733 3.626 9.394 9.394 0 0 1-1.99 2.954 9.405 9.405 0 0 1-2.951 1.988 9.033 9.033 0 0 1-3.622.732Zm-.002-1.4c2.198 0 4.064-.767 5.598-2.3 1.534-1.534 2.301-3.4 2.301-5.599 0-2.198-.767-4.064-2.3-5.598C16.064 4.868 14.198 4.1 12 4.1c-2.198 0-4.064.767-5.598 2.3C4.868 7.936 4.1 9.802 4.1 12c0 2.198.767 4.064 2.3 5.598C7.936 19.132 9.802 19.9 12 19.9Z"></path>
</svg>
<!--?--> </a> <vt-ui-tooltip for="info" position="right" animation-delay="0" class="tooltip-info" noink=""><template shadowrootmode="open"><!----> <div class="tooltip bs-tooltip-auto" role="tooltip" data-popper-reference-hidden="" data-popper-escaped="" data-popper-placement="right" style="position: absolute; inset: 0px auto auto 0px; margin: 0px; transform: translate3d(5.84795px, 0px, 0px);"> <div data-popper-arrow="" class="tooltip-arrow" style="position: absolute; top: 0px; transform: translate3d(0px, 0px, 0px);"></div> <div class="tooltip-inner"> <slot></slot> </div> </div> </template><!--?lit$336419335$-->Malware Behavior Catalog Tree. </vt-ui-tooltip> <!--?lit$336419335$--> <!--?lit$336419335$--> <span class="ms-auto"><!--?lit$336419335$--></span> <!--?lit$336419335$--> <slot name="header-right-side"></slot> <!--?lit$336419335$--> </slot> <!--?lit$336419335$--> <a role="button" class="hstack"><!--?lit$336419335$--><!--?lit$336419335$--><svg xmlns="http://www.w3.org/2000/svg" width="1em" height="1em" v
<path d="m7.4 15.038-1.054-1.053L12 8.33l5.654 5.654-1.054 1.053-4.6-4.6-4.6 4.6Z"></path>
</svg>
<!--?--></a> </div> <div class="details "> <!--?lit$336419335$--> <!--?lit$336419335$--> <slot name="content"></slot> </div> </div> </template> <span slot="header" class="hstack gap-2 w-100 justify-content-between"> <div class="fs-6 fw-bold"><!--?lit$336419335$-->Malware Behavior Catalog Tree</div> </span> <span slot="content"> <div class="position-relative pb-3"> <!--?lit$336419335$--><!----> <vt-ui-expandable-detail><template shadowrootmode="open"><!----> <div id="labelWrapper"> <vt-ui-button icon="" class="icon" is-expandable-control=""><template shadowrootmode="open"><!----> <!--?lit$336419335$--> <span id="wrapperLink" class=" wrapperLink--no-empty-start-space " tabindex="0"> <!--?lit$336419335$--> <!--?lit$336419335$--> <span class="wrapper "> <!--?lit$336419335$--><!--?lit$336419335$--><svg xmlns="http://www.w3.org/2000/svg" width="1em" height="1em" viewBox="0 0 24 24" fill="currentColor">
<path d="M11.35 12.636H5.703V11.34h5.649V5.69h1.298v5.65h5.649v1.297H12.65v5.65h-1.298v-5.65Z"></path>
</svg>
<!--?--> <span id="slot"><slot></slot></span> <!--?lit$336419335$--> </span> </span> <div class="spinner"> <div class="bounce1"></div> <div class="bounce2"></div> <div class="bounce3"></div> </div> </template></vt-ui-button> <div id="label"> <slot name="label-content"> <!--?lit$336419335$--> </slot> </div> </div> <div id="content" hidden=""> <slot name="content"></slot> </div> </template> <span slot="label-content"> <h5 class="fs-6 fw-bold my-1 d-flex w-100 align-items-center"> <!--?lit$336419335$--> <div class="hstack"> <!--?lit$336419335$--> <a target="_blank" href="https://www.virustotal.com/gui/search/mbc%253AOB0001"><!--?lit$336419335$-->Anti-Behavioral Analysis</a> <span role="button" class="badge rounded-pill bg-body-tertiary text-body-tertiary ms-2"> <!--?lit$336419335$-->OB0001 <vt-ui-popover><template shadowrootmode="open"><!----> <div class="popover bs-popover-auto shadow" role="tooltip" data-popper-reference-hidden="" data-popper-escaped="" data-popper-placement="top" style="position: absolute;
<path d="M9.058 17.5c-.505 0-.933-.175-1.283-.525a1.745 1.745 0 0 1-.525-1.283V4.308c0-.505.175-.933.525-1.283.35-.35.778-.525 1.283-.525h8.384c.505 0 .933.175 1.283.525.35.35.525.778.525 1.283v11.384c0 .505-.175.933-.525 1.283-.35.35-.778.525-1.283.525H9.058Zm0-1.5h8.384a.294.294 0 0 0 .212-.096.294.294 0 0 0 .096-.212V4.308a.294.294 0 0 0-.096-.212.294.294 0 0 0-.212-.096H9.058a.294.294 0 0 0-.212.096.294.294 0 0 0-.096.212v11.384c0 .077.032.148.096.212a.294.294 0 0 0 .212.096Zm-3.5 5c-.505 0-.933-.175-1.283-.525a1.745 1.745 0 0 1-.525-1.283V6.308h1.5v12.884c0 .077.032.148.096.212a.294.294 0 0 0 .212.096h9.884V21H5.558Z"></path>
</svg>
<!--?--> </a> </div> </span> <span slot="content"> <p><!--?lit$336419335$-->Behaviors that prevent, obstruct, or evade behavioral analysis of malware--for example, analysis done using a sandbox or debugger. Because the underlying methods differ, separate "detection" and "evasion" behaviors are defined for some anti-behavioral analysis areas.</p> <a target="_blank" class="btn btn-primary" href="https://github.com/MBCProject/mbc-markdown/blob/main/anti-behavioral-analysis/README.md"> View on MBC Project </a> </span> </vt-ui-popover> </span> </div> </h5> </span> <span slot="content"> <table class="table table-borderless table-sm w-auto fs-6 ms-2 mb-0"> <!--?lit$336419335$--><!----> <tr> <td class="py-2 px-0"> <span class="vstack gap-1 p-0"> <!--?lit$336419335$--> <div class="hstack"> <!--?lit$336419335$--><vt-ui-sandbox-icon-row class="me-2"><template shadowrootmode="open"><!----> <!--?lit$336419335$--><div class="hstack icons-row"> <!--?lit$336419335$--><!----><div class="box rounded-circle d-inline-flex align-
<path d="M6.18844 18.4529C6.18844 18.4529 4.13057 16.586 3.59932 12.5028C3.06807 8.41949 4.75523 5.8289 6.88217 3.82163C9.00912 1.81437 12.1772 1.27818 14.3732 3.16859C16.5692 5.05899 18.3264 8.44208 15.9913 10.7528C15.9913 10.7528 12.7084 7.08884 7.99138 10.6359C4.75426 13.366 6.18844 18.4529 6.18844 18.4529Z" fill="#FF001D"></path>
<path d="M13.009 22C13.009 22 8.61594 21.2998 7.38317 17.0997C6.1504 12.8995 8.06134 10.9237 10.6203 10.2078C10.6203 10.2078 9.69595 12.4173 11.6526 12.9771C13.6093 13.5369 15.7985 13.1018 17.3553 10.69C17.3553 10.6585 18.049 9.7099 17.7562 6.73828C17.7562 6.73828 18.7116 8.60511 20.5 9.44475C20.5 9.44475 19.3752 10.6271 20.4533 12.93C20.4533 12.93 18.6503 13.4593 18.7574 15.8859C18.7574 15.8859 16.6304 15.8083 16.1527 18.4843C16.1527 18.4843 12.4699 18.6709 13.009 22Z" fill="#222222"></path>
</svg>
<!--?--> </div> </div><!----> </div><!--?--></template></vt-ui-sandbox-icon-row> <a target="_blank" href="https://www.virustotal.com/gui/search/mbc%253AB0007"><!--?lit$336419335$-->Sandbox Detection</a> <span role="button" class="badge rounded-pill bg-body-tertiary text-body-tertiary ms-2"> <!--?lit$336419335$-->B0007 <vt-ui-popover><template shadowrootmode="open"><!----> <div class="popover bs-popover-auto shadow" role="tooltip" data-popper-reference-hidden="" data-popper-escaped="" data-popper-placement="right" style="position: absolute; inset: 0px auto auto 0px; margin: 0px; transform: translate3d(6.82261px, 0px, 0px);"> <div data-popper-arrow="" class="popover-arrow position-absolute" style="position: absolute; top: 0px; transform: translate3d(0px, 0px, 0px);"></div> <h3 class="popover-header d-none "> <slot name="header"></slot> </h3> <div class="popover-body" style="max-height:calc(100vh - 50px);overflow-y:auto"> <slot name="content"></slot> </div> </div> </template> <span slot="header"> <div class="hs
<path d="M9.058 17.5c-.505 0-.933-.175-1.283-.525a1.745 1.745 0 0 1-.525-1.283V4.308c0-.505.175-.933.525-1.283.35-.35.778-.525 1.283-.525h8.384c.505 0 .933.175 1.283.525.35.35.525.778.525 1.283v11.384c0 .505-.175.933-.525 1.283-.35.35-.778.525-1.283.525H9.058Zm0-1.5h8.384a.294.294 0 0 0 .212-.096.294.294 0 0 0 .096-.212V4.308a.294.294 0 0 0-.096-.212.294.294 0 0 0-.212-.096H9.058a.294.294 0 0 0-.212.096.294.294 0 0 0-.096.212v11.384c0 .077.032.148.096.212a.294.294 0 0 0 .212.096Zm-3.5 5c-.505 0-.933-.175-1.283-.525a1.745 1.745 0 0 1-.525-1.283V6.308h1.5v12.884c0 .077.032.148.096.212a.294.294 0 0 0 .212.096h9.884V21H5.558Z"></path>
</svg>
<!--?--> </a> </div> </span> <span slot="content"> <p><!--?lit$336419335$-->Malware checks whether it is being executed inside an instrumented and isolated sandbox (test) environment. In performing reconnaissance of its environment, the malware will check a variety of user or system based artifacts. Examples include monitoring for user action as reflected by mouse clicks or timing checks [1], [2]. Upon detection of the sandbox, conditional execution will change the malware
s behavior. For example, execution may terminate, or activity may appear benign, e.g., connecting to a benign domain.
The related **Virtualization/Sandbox Evasion ([T1497](https://attack.mitre.org/techniques/T1497/), [T1633](https://attack.mitre.org/techniques/T1633/))** ATT&CK techniques were defined subsequent to this MBC behavior.</p> <a target="_blank" class="btn btn-primary" href="https://github.com/MBCProject/mbc-markdown/blob/main/anti-behavioral-analysis/sandbox-detection.md"> View on MBC Project </a> </span> </vt-ui-popover> </span> </div> <div class="vstack gap-1 ps-4"> <!--?lit$336419335$--><!----> <div class="hstack"> <!--?lit$336419335$--> <a target="_blank" href="https://www.virustotal.com/gui/search/mbc%253AB0007.008"><!--?lit$336419335$-->Timing/Date Check</a> <span role="button" class="badge rounded-pill bg-body-tertiary text-body-tertiary ms-2"> <!--?lit$336419335$-->B0007.008 <vt-ui-popover><template shadowrootmode="open"><!----> <div class="popover bs-popover-auto shadow" role="tooltip" data-popper-reference-hidden="" data-popper-escaped="" data-popper-placement="right" style="position: absolute; inse
<path d="M9.058 17.5c-.505 0-.933-.175-1.283-.525a1.745 1.745 0 0 1-.525-1.283V4.308c0-.505.175-.933.525-1.283.35-.35.778-.525 1.283-.525h8.384c.505 0 .933.175 1.283.525.35.35.525.778.525 1.283v11.384c0 .505-.175.933-.525 1.283-.35.35-.778.525-1.283.525H9.058Zm0-1.5h8.384a.294.294 0 0 0 .212-.096.294.294 0 0 0 .096-.212V4.308a.294.294 0 0 0-.096-.212.294.294 0 0 0-.212-.096H9.058a.294.294 0 0 0-.212.096.294.294 0 0 0-.096.212v11.384c0 .077.032.148.096.212a.294.294 0 0 0 .212.096Zm-3.5 5c-.505 0-.933-.175-1.283-.525a1.745 1.745 0 0 1-.525-1.283V6.308h1.5v12.884c0 .077.032.148.096.212a.294.294 0 0 0 .212.096h9.884V21H5.558Z"></path>
</svg>
<!--?--> </a> </div> </span> <span slot="content"> <p><!--?lit$336419335$-->Calling GetSystemTime or equiv and only executing code if the current date/hour/minute/second passes some check. Often this is for running only after or only until a specific date. This behavior can be mitigated in non-automated analysis environments. This method is related to Unprotect technique U1005.</p> <a target="_blank" class="btn btn-primary" href="https://github.com/MBCProject/mbc-markdown/blob/main/anti-behavioral-analysis/sandbox-detection.md#methods"> View on MBC Project </a> </span> </vt-ui-popover> </span> </div><!----> </div> </span> </td> </tr> <!----> </table> </span> </vt-ui-expandable-detail> <!----><!----> <vt-ui-expandable-detail><template shadowrootmode="open"><!----> <div id="labelWrapper"> <vt-ui-button icon="" class="icon" is-expandable-control=""><template shadowrootmode="open"><!----> <!--?lit$336419335$--> <span id="wrapperLink" class=" wrapperLink--no-empty-start-space " tabindex="0"> <!--?lit$336419335$-->
<path d="M11.35 12.636H5.703V11.34h5.649V5.69h1.298v5.65h5.649v1.297H12.65v5.65h-1.298v-5.65Z"></path>
</svg>
<!--?--> <span id="slot"><slot></slot></span> <!--?lit$336419335$--> </span> </span> <div class="spinner"> <div class="bounce1"></div> <div class="bounce2"></div> <div class="bounce3"></div> </div> </template></vt-ui-button> <div id="label"> <slot name="label-content"> <!--?lit$336419335$--> </slot> </div> </div> <div id="content" hidden=""> <slot name="content"></slot> </div> </template> <span slot="label-content"> <h5 class="fs-6 fw-bold my-1 d-flex w-100 align-items-center"> <!--?lit$336419335$--> <div class="hstack"> <!--?lit$336419335$--> <a target="_blank" href="https://www.virustotal.com/gui/search/mbc%253AOB0004"><!--?lit$336419335$-->Command and Control</a> <span role="button" class="badge rounded-pill bg-body-tertiary text-body-tertiary ms-2"> <!--?lit$336419335$-->OB0004 <vt-ui-popover><template shadowrootmode="open"><!----> <div class="popover bs-popover-auto shadow" role="tooltip" data-popper-reference-hidden="" data-popper-escaped="" data-popper-placement="top" style="position: absolute; inset
<path d="M9.058 17.5c-.505 0-.933-.175-1.283-.525a1.745 1.745 0 0 1-.525-1.283V4.308c0-.505.175-.933.525-1.283.35-.35.778-.525 1.283-.525h8.384c.505 0 .933.175 1.283.525.35.35.525.778.525 1.283v11.384c0 .505-.175.933-.525 1.283-.35.35-.778.525-1.283.525H9.058Zm0-1.5h8.384a.294.294 0 0 0 .212-.096.294.294 0 0 0 .096-.212V4.308a.294.294 0 0 0-.096-.212.294.294 0 0 0-.212-.096H9.058a.294.294 0 0 0-.212.096.294.294 0 0 0-.096.212v11.384c0 .077.032.148.096.212a.294.294 0 0 0 .212.096Zm-3.5 5c-.505 0-.933-.175-1.283-.525a1.745 1.745 0 0 1-.525-1.283V6.308h1.5v12.884c0 .077.032.148.096.212a.294.294 0 0 0 .212.096h9.884V21H5.558Z"></path>
</svg>
<!--?--> </a> </div> </span> <span slot="content"> <p><!--?lit$336419335$-->Behaviors that enable malware to communicate with systems such as C2 servers or bots. Malware can establish command and control with various levels of covertness, depending on system configuration and network topology.</p> <a target="_blank" class="btn btn-primary" href="https://github.com/MBCProject/mbc-markdown/blob/main/command-and-control/README.md"> View on MBC Project </a> </span> </vt-ui-popover> </span> </div> </h5> </span> <span slot="content"> <table class="table table-borderless table-sm w-auto fs-6 ms-2 mb-0"> <!--?lit$336419335$--> </table> </span> </vt-ui-expandable-detail> <!----><!----> <vt-ui-expandable-detail><template shadowrootmode="open"><!----> <div id="labelWrapper"> <vt-ui-button icon="" class="icon" is-expandable-control=""><template shadowrootmode="open"><!----> <!--?lit$336419335$--> <span id="wrapperLink" class=" wrapperLink--no-empty-start-space " tabindex="0"> <!--?lit$336419335$--> <!--?lit$336419335$-->
<path d="M11.35 12.636H5.703V11.34h5.649V5.69h1.298v5.65h5.649v1.297H12.65v5.65h-1.298v-5.65Z"></path>
</svg>
<!--?--> <span id="slot"><slot></slot></span> <!--?lit$336419335$--> </span> </span> <div class="spinner"> <div class="bounce1"></div> <div class="bounce2"></div> <div class="bounce3"></div> </div> </template></vt-ui-button> <div id="label"> <slot name="label-content"> <!--?lit$336419335$--> </slot> </div> </div> <div id="content" hidden=""> <slot name="content"></slot> </div> </template> <span slot="label-content"> <h5 class="fs-6 fw-bold my-1 d-flex w-100 align-items-center"> <!--?lit$336419335$--> <div class="hstack"> <!--?lit$336419335$--> <a target="_blank" href="https://www.virustotal.com/gui/search/mbc%253AOB0006"><!--?lit$336419335$-->Defense Evasion</a> <span role="button" class="badge rounded-pill bg-body-tertiary text-body-tertiary ms-2"> <!--?lit$336419335$-->OB0006 <vt-ui-popover><template shadowrootmode="open"><!----> <div class="popover bs-popover-auto shadow" role="tooltip" data-popper-reference-hidden="" data-popper-escaped="" data-popper-placement="top" style="position: absolute; inset: au
<path d="M9.058 17.5c-.505 0-.933-.175-1.283-.525a1.745 1.745 0 0 1-.525-1.283V4.308c0-.505.175-.933.525-1.283.35-.35.778-.525 1.283-.525h8.384c.505 0 .933.175 1.283.525.35.35.525.778.525 1.283v11.384c0 .505-.175.933-.525 1.283-.35.35-.778.525-1.283.525H9.058Zm0-1.5h8.384a.294.294 0 0 0 .212-.096.294.294 0 0 0 .096-.212V4.308a.294.294 0 0 0-.096-.212.294.294 0 0 0-.212-.096H9.058a.294.294 0 0 0-.212.096.294.294 0 0 0-.096.212v11.384c0 .077.032.148.096.212a.294.294 0 0 0 .212.096Zm-3.5 5c-.505 0-.933-.175-1.283-.525a1.745 1.745 0 0 1-.525-1.283V6.308h1.5v12.884c0 .077.032.148.096.212a.294.294 0 0 0 .212.096h9.884V21H5.558Z"></path>
</svg>
<!--?--> </a> </div> </span> <span slot="content"> <p><!--?lit$336419335$-->Behaviors that enable malware to evade detection.</p> <a target="_blank" class="btn btn-primary" href="https://github.com/MBCProject/mbc-markdown/blob/main/defense-evasion/README.md"> View on MBC Project </a> </span> </vt-ui-popover> </span> </div> </h5> </span> <span slot="content"> <table class="table table-borderless table-sm w-auto fs-6 ms-2 mb-0"> <!--?lit$336419335$--><!----> <tr> <td class="py-2 px-0"> <span class="vstack gap-1 p-0"> <!--?lit$336419335$--> <div class="hstack"> <!--?lit$336419335$--><vt-ui-sandbox-icon-row class="me-2"><template shadowrootmode="open"><!----> <!--?lit$336419335$--><div class="hstack icons-row"> <!--?lit$336419335$--><!----><div class="box rounded-circle d-inline-flex align-middle bg-body attributed border "> <!--?lit$336419335$--><div data-tooltip-position="right" data-tooltip-text="CAPE Sandbox"> <!--?lit$336419335$--><!--?lit$336419335$--><svg width="1em" height="1em" viewBox="0 0 24 24" fill=
<path d="M6.18844 18.4529C6.18844 18.4529 4.13057 16.586 3.59932 12.5028C3.06807 8.41949 4.75523 5.8289 6.88217 3.82163C9.00912 1.81437 12.1772 1.27818 14.3732 3.16859C16.5692 5.05899 18.3264 8.44208 15.9913 10.7528C15.9913 10.7528 12.7084 7.08884 7.99138 10.6359C4.75426 13.366 6.18844 18.4529 6.18844 18.4529Z" fill="#FF001D"></path>
<path d="M13.009 22C13.009 22 8.61594 21.2998 7.38317 17.0997C6.1504 12.8995 8.06134 10.9237 10.6203 10.2078C10.6203 10.2078 9.69595 12.4173 11.6526 12.9771C13.6093 13.5369 15.7985 13.1018 17.3553 10.69C17.3553 10.6585 18.049 9.7099 17.7562 6.73828C17.7562 6.73828 18.7116 8.60511 20.5 9.44475C20.5 9.44475 19.3752 10.6271 20.4533 12.93C20.4533 12.93 18.6503 13.4593 18.7574 15.8859C18.7574 15.8859 16.6304 15.8083 16.1527 18.4843C16.1527 18.4843 12.4699 18.6709 13.009 22Z" fill="#222222"></path>
</svg>
<!--?--> </div> </div><!----> </div><!--?--></template></vt-ui-sandbox-icon-row> <a target="_blank" href="https://www.virustotal.com/gui/search/mbc%253AE1014"><!--?lit$336419335$-->Rootkit</a> <span role="button" class="badge rounded-pill bg-body-tertiary text-body-tertiary ms-2"> <!--?lit$336419335$-->E1014 <vt-ui-popover><template shadowrootmode="open"><!----> <div class="popover bs-popover-auto shadow" role="tooltip" data-popper-reference-hidden="" data-popper-escaped="" data-popper-placement="right" style="position: absolute; inset: 0px auto auto 0px; margin: 0px; transform: translate3d(6.82261px, 0px, 0px);"> <div data-popper-arrow="" class="popover-arrow position-absolute" style="position: absolute; top: 0px; transform: translate3d(0px, 0px, 0px);"></div> <h3 class="popover-header d-none "> <slot name="header"></slot> </h3> <div class="popover-body" style="max-height:calc(100vh - 50px);overflow-y:auto"> <slot name="content"></slot> </div> </div> </template> <span slot="header"> <div class="hstack justi
<path d="M9.058 17.5c-.505 0-.933-.175-1.283-.525a1.745 1.745 0 0 1-.525-1.283V4.308c0-.505.175-.933.525-1.283.35-.35.778-.525 1.283-.525h8.384c.505 0 .933.175 1.283.525.35.35.525.778.525 1.283v11.384c0 .505-.175.933-.525 1.283-.35.35-.778.525-1.283.525H9.058Zm0-1.5h8.384a.294.294 0 0 0 .212-.096.294.294 0 0 0 .096-.212V4.308a.294.294 0 0 0-.096-.212.294.294 0 0 0-.212-.096H9.058a.294.294 0 0 0-.212.096.294.294 0 0 0-.096.212v11.384c0 .077.032.148.096.212a.294.294 0 0 0 .212.096Zm-3.5 5c-.505 0-.933-.175-1.283-.525a1.745 1.745 0 0 1-.525-1.283V6.308h1.5v12.884c0 .077.032.148.096.212a.294.294 0 0 0 .212.096h9.884V21H5.558Z"></path>
</svg>
<!--?--> </a> </div> </span> <span slot="content"> <p><!--?lit$336419335$-->Behaviors of a rootkit: "A rootkit is a collection of computer software, typically malicious, designed to enable access to a computer or areas of its software that is not otherwise allowed and often masks its existence or the existence of other software." [1]
See ATT&CK: **Rootkit ([T1014](https://attack.mitre.org/techniques/T1014/))**.
Rootkits may hide artifacts (kernel modules, services, threads, userspace libraries), prevent actions, API unhooking (prevents API hooks installed by the malware instance from being removed), file access (prevents access to the file system, including specific files and/or directories associated with the malware instance), file deletion (prevents files and/or directories associated with the malware instance from being deleted), memory access (prevents access to system memory where the malware instance stores code or data), native API hooking (prevents other software from hooking native system APIs), registry access (prevents access to the Windows registry, either entire registry or particular registry keys/values), and registry deletion (prevents deletion of registry keys and/or values associated with the malware instance).</p> <a target="_blank" class="btn btn-primary" href="https://github.com/MBCProject/mbc-markdown/blob/main/defense-evasion/rootkit.md"> View on MBC Project </a> </span> </vt-ui-popover> </sp
<path d="M6.18844 18.4529C6.18844 18.4529 4.13057 16.586 3.59932 12.5028C3.06807 8.41949 4.75523 5.8289 6.88217 3.82163C9.00912 1.81437 12.1772 1.27818 14.3732 3.16859C16.5692 5.05899 18.3264 8.44208 15.9913 10.7528C15.9913 10.7528 12.7084 7.08884 7.99138 10.6359C4.75426 13.366 6.18844 18.4529 6.18844 18.4529Z" fill="#FF001D"></path>
<path d="M13.009 22C13.009 22 8.61594 21.2998 7.38317 17.0997C6.1504 12.8995 8.06134 10.9237 10.6203 10.2078C10.6203 10.2078 9.69595 12.4173 11.6526 12.9771C13.6093 13.5369 15.7985 13.1018 17.3553 10.69C17.3553 10.6585 18.049 9.7099 17.7562 6.73828C17.7562 6.73828 18.7116 8.60511 20.5 9.44475C20.5 9.44475 19.3752 10.6271 20.4533 12.93C20.4533 12.93 18.6503 13.4593 18.7574 15.8859C18.7574 15.8859 16.6304 15.8083 16.1527 18.4843C16.1527 18.4843 12.4699 18.6709 13.009 22Z" fill="#222222"></path>
</svg>
<!--?--> </div> </div><!----> </div><!--?--></template></vt-ui-sandbox-icon-row> <a target="_blank" href="https://www.virustotal.com/gui/search/mbc%253AE1112"><!--?lit$336419335$-->Modify Registry</a> <span role="button" class="badge rounded-pill bg-body-tertiary text-body-tertiary ms-2"> <!--?lit$336419335$-->E1112 <vt-ui-popover><template shadowrootmode="open"><!----> <div class="popover bs-popover-auto shadow" role="tooltip" data-popper-reference-hidden="" data-popper-escaped="" data-popper-placement="right" style="position: absolute; inset: 0px auto auto 0px; margin: 0px; transform: translate3d(6.82261px, 0px, 0px);"> <div data-popper-arrow="" class="popover-arrow position-absolute" style="position: absolute; top: 0px; transform: translate3d(0px, 0px, 0px);"></div> <h3 class="popover-header d-none "> <slot name="header"></slot> </h3> <div class="popover-body" style="max-height:calc(100vh - 50px);overflow-y:auto"> <slot name="content"></slot> </div> </div> </template> <span slot="header"> <div class="hsta
<path d="M9.058 17.5c-.505 0-.933-.175-1.283-.525a1.745 1.745 0 0 1-.525-1.283V4.308c0-.505.175-.933.525-1.283.35-.35.778-.525 1.283-.525h8.384c.505 0 .933.175 1.283.525.35.35.525.778.525 1.283v11.384c0 .505-.175.933-.525 1.283-.35.35-.778.525-1.283.525H9.058Zm0-1.5h8.384a.294.294 0 0 0 .212-.096.294.294 0 0 0 .096-.212V4.308a.294.294 0 0 0-.096-.212.294.294 0 0 0-.212-.096H9.058a.294.294 0 0 0-.212.096.294.294 0 0 0-.096.212v11.384c0 .077.032.148.096.212a.294.294 0 0 0 .212.096Zm-3.5 5c-.505 0-.933-.175-1.283-.525a1.745 1.745 0 0 1-.525-1.283V6.308h1.5v12.884c0 .077.032.148.096.212a.294.294 0 0 0 .212.096h9.884V21H5.558Z"></path>
</svg>
<!--?--> </a> </div> </span> <span slot="content"> <p><!--?lit$336419335$-->Malware may make changes to the Windows Registry to hide execution or to persist on the system (note that ATT&CK does not extend this behavior to the Persistence objective). The Windows registry is a database that stores low-level settings for the operating system and for applications that opt to use the registry. Malware may create, delete, or modify registry keys and values to change the behavior of the system or certain applications. For instance, malware may modify registry keys to enable remote desktop connections, disable security features, or to automatically start the malware whenever the system boots. This technique is commonly used by various types of malware, including ransomware, trojans, and worms.
See ATT&CK: **Modify Registry ([T1112](https://attack.mitre.org/techniques/T1112/))**.</p> <a target="_blank" class="btn btn-primary" href="https://github.com/MBCProject/mbc-markdown/blob/main/defense-evasion/modify-registry.md"> View on MBC Project </a> </span> </vt-ui-popover> </span> </div> <div class="vstack gap-1 ps-4"> <!--?lit$336419335$--> </div> </span> </td> </tr> <!----><!----> <tr> <td class="py-2 px-0"> <span class="vstack gap-1 p-0"> <!--?lit$336419335$--> <div class="hstack"> <!--?lit$336419335$--><vt-ui-sandbox-icon-row class="me-2"><template shadowrootmode="open"><!----> <!--?lit$336419335$--><div class="hstack icons-row"> <!--?lit$336419335$--><!----><div class="box rounded-circle d-inline-flex align-middle bg-body attributed border "> <!--?lit$336419335$--><div data-tooltip-position="right" data-tooltip-text="CAPE Sandbox"> <!--?lit$336419335$--><!--?lit$336419335$--><svg width="1em" height="1em" viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg">
<path d="M6.18844 18.4529C6.18844 18.4529 4.13057 16.586 3.59932 12.5028C3.06807 8.41949 4.75523 5.8289 6.88217 3.82163C9.00912 1.81437 12.1772 1.27818 14.3732 3.16859C16.5692 5.05899 18.3264 8.44208 15.9913 10.7528C15.9913 10.7528 12.7084 7.08884 7.99138 10.6359C4.75426 13.366 6.18844 18.4529 6.18844 18.4529Z" fill="#FF001D"></path>
<path d="M13.009 22C13.009 22 8.61594 21.2998 7.38317 17.0997C6.1504 12.8995 8.06134 10.9237 10.6203 10.2078C10.6203 10.2078 9.69595 12.4173 11.6526 12.9771C13.6093 13.5369 15.7985 13.1018 17.3553 10.69C17.3553 10.6585 18.049 9.7099 17.7562 6.73828C17.7562 6.73828 18.7116 8.60511 20.5 9.44475C20.5 9.44475 19.3752 10.6271 20.4533 12.93C20.4533 12.93 18.6503 13.4593 18.7574 15.8859C18.7574 15.8859 16.6304 15.8083 16.1527 18.4843C16.1527 18.4843 12.4699 18.6709 13.009 22Z" fill="#222222"></path>
</svg>
<!--?--> </div> </div><!----> </div><!--?--></template></vt-ui-sandbox-icon-row> <a target="_blank" href="https://www.virustotal.com/gui/search/mbc%253AF0005"><!--?lit$336419335$-->Hidden Files and Directories</a> <span role="button" class="badge rounded-pill bg-body-tertiary text-body-tertiary ms-2"> <!--?lit$336419335$-->F0005 <vt-ui-popover><template shadowrootmode="open"><!----> <div class="popover bs-popover-auto shadow" role="tooltip" data-popper-reference-hidden="" data-popper-escaped="" data-popper-placement="right" style="position: absolute; inset: 0px auto auto 0px; margin: 0px; transform: translate3d(6.82261px, 0px, 0px);"> <div data-popper-arrow="" class="popover-arrow position-absolute" style="position: absolute; top: 0px; transform: translate3d(0px, 0px, 0px);"></div> <h3 class="popover-header d-none "> <slot name="header"></slot> </h3> <div class="popover-body" style="max-height:calc(100vh - 50px);overflow-y:auto"> <slot name="content"></slot> </div> </div> </template> <span slot="header"> <di
<path d="M9.058 17.5c-.505 0-.933-.175-1.283-.525a1.745 1.745 0 0 1-.525-1.283V4.308c0-.505.175-.933.525-1.283.35-.35.778-.525 1.283-.525h8.384c.505 0 .933.175 1.283.525.35.35.525.778.525 1.283v11.384c0 .505-.175.933-.525 1.283-.35.35-.778.525-1.283.525H9.058Zm0-1.5h8.384a.294.294 0 0 0 .212-.096.294.294 0 0 0 .096-.212V4.308a.294.294 0 0 0-.096-.212.294.294 0 0 0-.212-.096H9.058a.294.294 0 0 0-.212.096.294.294 0 0 0-.096.212v11.384c0 .077.032.148.096.212a.294.294 0 0 0 .212.096Zm-3.5 5c-.505 0-.933-.175-1.283-.525a1.745 1.745 0 0 1-.525-1.283V6.308h1.5v12.884c0 .077.032.148.096.212a.294.294 0 0 0 .212.096h9.884V21H5.558Z"></path>
</svg>
<!--?--> </a> </div> </span> <span slot="content"> <p><!--?lit$336419335$-->Malware may hide files and folders to avoid detection and/or to persist on the system. See potential methods below. This is achieved by marking files or directories as hidden or by using special characters in file names to prevent them from being displayed in standard directory listings. By hiding files or directories, malware can evade detection from users and some security software.
This behavior is related to Unprotect technique U1230.
See ATT&CK: **Hide Artifacts: Hidden Files and Directories ([T1564.001](https://attack.mitre.org/techniques/T1564/001/))**.</p> <a target="_blank" class="btn btn-primary" href="https://github.com/MBCProject/mbc-markdown/blob/main/defense-evasion/hidden-files-and-directories.md"> View on MBC Project </a> </span> </vt-ui-popover> </span> </div> <div class="vstack gap-1 ps-4"> <!--?lit$336419335$--> </div> </span> </td> </tr> <!----><!----> <tr> <td class="py-2 px-0"> <span class="vstack gap-1 p-0"> <!--?lit$336419335$--> <div class="hstack"> <!--?lit$336419335$--><vt-ui-sandbox-icon-row class="me-2"><template shadowrootmode="open"><!----> <!--?lit$336419335$--><div class="hstack icons-row"> <!--?lit$336419335$--><!----><div class="box rounded-circle d-inline-flex align-middle bg-body attributed border "> <!--?lit$336419335$--><div data-tooltip-position="right" data-tooltip-text="CAPE Sandbox"> <!--?lit$336419335$--><!--?lit$336419335$--><svg width="1em" height="1em" viewBox="0 0 24 24" fill="none" xmlns="h
<path d="M6.18844 18.4529C6.18844 18.4529 4.13057 16.586 3.59932 12.5028C3.06807 8.41949 4.75523 5.8289 6.88217 3.82163C9.00912 1.81437 12.1772 1.27818 14.3732 3.16859C16.5692 5.05899 18.3264 8.44208 15.9913 10.7528C15.9913 10.7528 12.7084 7.08884 7.99138 10.6359C4.75426 13.366 6.18844 18.4529 6.18844 18.4529Z" fill="#FF001D"></path>
<path d="M13.009 22C13.009 22 8.61594 21.2998 7.38317 17.0997C6.1504 12.8995 8.06134 10.9237 10.6203 10.2078C10.6203 10.2078 9.69595 12.4173 11.6526 12.9771C13.6093 13.5369 15.7985 13.1018 17.3553 10.69C17.3553 10.6585 18.049 9.7099 17.7562 6.73828C17.7562 6.73828 18.7116 8.60511 20.5 9.44475C20.5 9.44475 19.3752 10.6271 20.4533 12.93C20.4533 12.93 18.6503 13.4593 18.7574 15.8859C18.7574 15.8859 16.6304 15.8083 16.1527 18.4843C16.1527 18.4843 12.4699 18.6709 13.009 22Z" fill="#222222"></path>
</svg>
<!--?--> </div> </div><!----> </div><!--?--></template></vt-ui-sandbox-icon-row> <a target="_blank" href="https://www.virustotal.com/gui/search/mbc%253AF0007"><!--?lit$336419335$-->Self Deletion</a> <span role="button" class="badge rounded-pill bg-body-tertiary text-body-tertiary ms-2"> <!--?lit$336419335$-->F0007 <vt-ui-popover><template shadowrootmode="open"><!----> <div class="popover bs-popover-auto shadow" role="tooltip" data-popper-reference-hidden="" data-popper-escaped="" data-popper-placement="right" style="position: absolute; inset: 0px auto auto 0px; margin: 0px; transform: translate3d(6.82261px, 0px, 0px);"> <div data-popper-arrow="" class="popover-arrow position-absolute" style="position: absolute; top: 0px; transform: translate3d(0px, 0px, 0px);"></div> <h3 class="popover-header d-none "> <slot name="header"></slot> </h3> <div class="popover-body" style="max-height:calc(100vh - 50px);overflow-y:auto"> <slot name="content"></slot> </div> </div> </template> <span slot="header"> <div class="hstack
<path d="M9.058 17.5c-.505 0-.933-.175-1.283-.525a1.745 1.745 0 0 1-.525-1.283V4.308c0-.505.175-.933.525-1.283.35-.35.778-.525 1.283-.525h8.384c.505 0 .933.175 1.283.525.35.35.525.778.525 1.283v11.384c0 .505-.175.933-.525 1.283-.35.35-.778.525-1.283.525H9.058Zm0-1.5h8.384a.294.294 0 0 0 .212-.096.294.294 0 0 0 .096-.212V4.308a.294.294 0 0 0-.096-.212.294.294 0 0 0-.212-.096H9.058a.294.294 0 0 0-.212.096.294.294 0 0 0-.096.212v11.384c0 .077.032.148.096.212a.294.294 0 0 0 .212.096Zm-3.5 5c-.505 0-.933-.175-1.283-.525a1.745 1.745 0 0 1-.525-1.283V6.308h1.5v12.884c0 .077.032.148.096.212a.294.294 0 0 0 .212.096h9.884V21H5.558Z"></path>
</svg>
<!--?--> </a> </div> </span> <span slot="content"> <p><!--?lit$336419335$-->Malware may remove itself from an infected system, typically after it has achieved its primary objective. This is done to evade detection, remove evidence of its presence, and make forensic analysis more difficult. The malware may use built-in commands, scripts, or other methods to delete its files, processes, or registry entries.
See ATT&CK: **Indicator Removal on Host: Uninstall Malicious Application ([T1630.001](https://attack.mitre.org/techniques/T1630/001/)), Indicator Removal on Host: File Deletion ([T1070.004](https://attack.mitre.org/techniques/T1070/004/))**.</p> <a target="_blank" class="btn btn-primary" href="https://github.com/MBCProject/mbc-markdown/blob/main/defense-evasion/self-deletion.md"> View on MBC Project </a> </span> </vt-ui-popover> </span> </div> <div class="vstack gap-1 ps-4"> <!--?lit$336419335$--> </div> </span> </td> </tr> <!----><!----> <tr> <td class="py-2 px-0"> <span class="vstack gap-1 p-0"> <!--?lit$336419335$--> <div class="hstack"> <!--?lit$336419335$--><vt-ui-sandbox-icon-row class="me-2"><template shadowrootmode="open"><!----> <!--?lit$336419335$--><div class="hstack icons-row"> <!--?lit$336419335$--><!----><div class="box rounded-circle d-inline-flex align-middle bg-body attributed border "> <!--?lit$336419335$--><div data-tooltip-position="right" data-tooltip-text="CAPE Sandbox"> <!--?lit$33
<path d="M6.18844 18.4529C6.18844 18.4529 4.13057 16.586 3.59932 12.5028C3.06807 8.41949 4.75523 5.8289 6.88217 3.82163C9.00912 1.81437 12.1772 1.27818 14.3732 3.16859C16.5692 5.05899 18.3264 8.44208 15.9913 10.7528C15.9913 10.7528 12.7084 7.08884 7.99138 10.6359C4.75426 13.366 6.18844 18.4529 6.18844 18.4529Z" fill="#FF001D"></path>
<path d="M13.009 22C13.009 22 8.61594 21.2998 7.38317 17.0997C6.1504 12.8995 8.06134 10.9237 10.6203 10.2078C10.6203 10.2078 9.69595 12.4173 11.6526 12.9771C13.6093 13.5369 15.7985 13.1018 17.3553 10.69C17.3553 10.6585 18.049 9.7099 17.7562 6.73828C17.7562 6.73828 18.7116 8.60511 20.5 9.44475C20.5 9.44475 19.3752 10.6271 20.4533 12.93C20.4533 12.93 18.6503 13.4593 18.7574 15.8859C18.7574 15.8859 16.6304 15.8083 16.1527 18.4843C16.1527 18.4843 12.4699 18.6709 13.009 22Z" fill="#222222"></path>
</svg>
<!--?--> </div> </div><!----> </div><!--?--></template></vt-ui-sandbox-icon-row> <a target="_blank" href="https://www.virustotal.com/gui/search/mbc%253AF0013"><!--?lit$336419335$-->Bootkit</a> <span role="button" class="badge rounded-pill bg-body-tertiary text-body-tertiary ms-2"> <!--?lit$336419335$-->F0013 <vt-ui-popover><template shadowrootmode="open"><!----> <div class="popover bs-popover-auto shadow" role="tooltip" data-popper-reference-hidden="" data-popper-escaped="" data-popper-placement="right" style="position: absolute; inset: 0px auto auto 0px; margin: 0px; transform: translate3d(6.82261px, 0px, 0px);"> <div data-popper-arrow="" class="popover-arrow position-absolute" style="position: absolute; top: 0px; transform: translate3d(0px, 0px, 0px);"></div> <h3 class="popover-header d-none "> <slot name="header"></slot> </h3> <div class="popover-body" style="max-height:calc(100vh - 50px);overflow-y:auto"> <slot name="content"></slot> </div> </div> </template> <span slot="header"> <div class="hstack justi
<path d="M9.058 17.5c-.505 0-.933-.175-1.283-.525a1.745 1.745 0 0 1-.525-1.283V4.308c0-.505.175-.933.525-1.283.35-.35.778-.525 1.283-.525h8.384c.505 0 .933.175 1.283.525.35.35.525.778.525 1.283v11.384c0 .505-.175.933-.525 1.283-.35.35-.778.525-1.283.525H9.058Zm0-1.5h8.384a.294.294 0 0 0 .212-.096.294.294 0 0 0 .096-.212V4.308a.294.294 0 0 0-.096-.212.294.294 0 0 0-.212-.096H9.058a.294.294 0 0 0-.212.096.294.294 0 0 0-.096.212v11.384c0 .077.032.148.096.212a.294.294 0 0 0 .212.096Zm-3.5 5c-.505 0-.933-.175-1.283-.525a1.745 1.745 0 0 1-.525-1.283V6.308h1.5v12.884c0 .077.032.148.096.212a.294.294 0 0 0 .212.096h9.884V21H5.558Z"></path>
</svg>
<!--?--> </a> </div> </span> <span slot="content"> <p><!--?lit$336419335$-->The boot sectors of a hard drive are modified (e.g., Master Boot Record (MBR)). ATT&CK associates bootkits with the Persistence. See ATT&CK: **Pre-OS Boot: Bootkit ([T1542.003](https://attack.mitre.org/techniques/T1542/003/))**.
The MBC also associates the Bootkit behavior with Defense Evasion because the malware may execute before or external to the system's kernel or hypervisor (e.g., through the BIOS), making it more difficult to detect. (As of 2020, ATT&CK also associates the technique with Persistence.)</p> <a target="_blank" class="btn btn-primary" href="https://github.com/MBCProject/mbc-markdown/blob/main/defense-evasion/bootkit.md"> View on MBC Project </a> </span> </vt-ui-popover> </span> </div> <div class="vstack gap-1 ps-4"> <!--?lit$336419335$--> </div> </span> </td> </tr> <!----> </table> </span> </vt-ui-expandable-detail> <!----><!----> <vt-ui-expandable-detail><template shadowrootmode="open"><!----> <div id="labelWrapper"> <vt-ui-button icon="" class="icon" is-expandable-control=""><template shadowrootmode="open"><!----> <!--?lit$336419335$--> <span id="wrapperLink" class=" wrapperLink--no-empty-start-space " tabindex="0"> <!--?lit$336419335$--> <!--?lit$336419335$--> <span class="wrapper "> <!--?lit$336419335$--><
<path d="M11.35 12.636H5.703V11.34h5.649V5.69h1.298v5.65h5.649v1.297H12.65v5.65h-1.298v-5.65Z"></path>
</svg>
<!--?--> <span id="slot"><slot></slot></span> <!--?lit$336419335$--> </span> </span> <div class="spinner"> <div class="bounce1"></div> <div class="bounce2"></div> <div class="bounce3"></div> </div> </template></vt-ui-button> <div id="label"> <slot name="label-content"> <!--?lit$336419335$--> </slot> </div> </div> <div id="content" hidden=""> <slot name="content"></slot> </div> </template> <span slot="label-content"> <h5 class="fs-6 fw-bold my-1 d-flex w-100 align-items-center"> <!--?lit$336419335$--> <div class="hstack"> <!--?lit$336419335$--> <a target="_blank" href="https://www.virustotal.com/gui/search/mbc%253AOB0007"><!--?lit$336419335$-->Discovery</a> <span role="button" class="badge rounded-pill bg-body-tertiary text-body-tertiary ms-2"> <!--?lit$336419335$-->OB0007 <vt-ui-popover><template shadowrootmode="open"><!----> <div class="popover bs-popover-auto shadow" role="tooltip" data-popper-reference-hidden="" data-popper-escaped="" data-popper-placement="top" style="position: absolute; inset: auto aut
<path d="M9.058 17.5c-.505 0-.933-.175-1.283-.525a1.745 1.745 0 0 1-.525-1.283V4.308c0-.505.175-.933.525-1.283.35-.35.778-.525 1.283-.525h8.384c.505 0 .933.175 1.283.525.35.35.525.778.525 1.283v11.384c0 .505-.175.933-.525 1.283-.35.35-.778.525-1.283.525H9.058Zm0-1.5h8.384a.294.294 0 0 0 .212-.096.294.294 0 0 0 .096-.212V4.308a.294.294 0 0 0-.096-.212.294.294 0 0 0-.212-.096H9.058a.294.294 0 0 0-.212.096.294.294 0 0 0-.096.212v11.384c0 .077.032.148.096.212a.294.294 0 0 0 .212.096Zm-3.5 5c-.505 0-.933-.175-1.283-.525a1.745 1.745 0 0 1-.525-1.283V6.308h1.5v12.884c0 .077.032.148.096.212a.294.294 0 0 0 .212.096h9.884V21H5.558Z"></path>
</svg>
<!--?--> </a> </div> </span> <span slot="content"> <p><!--?lit$336419335$-->Behaviors that enable malware to gain knowledge about the system and network.</p> <a target="_blank" class="btn btn-primary" href="https://github.com/MBCProject/mbc-markdown/blob/main/discovery/README.md"> View on MBC Project </a> </span> </vt-ui-popover> </span> </div> </h5> </span> <span slot="content"> <table class="table table-borderless table-sm w-auto fs-6 ms-2 mb-0"> <!--?lit$336419335$--> </table> </span> </vt-ui-expandable-detail> <!----><!----> <vt-ui-expandable-detail><template shadowrootmode="open"><!----> <div id="labelWrapper"> <vt-ui-button icon="" class="icon" is-expandable-control=""><template shadowrootmode="open"><!----> <!--?lit$336419335$--> <span id="wrapperLink" class=" wrapperLink--no-empty-start-space " tabindex="0"> <!--?lit$336419335$--> <!--?lit$336419335$--> <span class="wrapper "> <!--?lit$336419335$--><!--?lit$336419335$--><svg xmlns="http://www.w3.org/2000/svg" width="1em" height="1em" viewBox="0 0 24 2
<path d="M11.35 12.636H5.703V11.34h5.649V5.69h1.298v5.65h5.649v1.297H12.65v5.65h-1.298v-5.65Z"></path>
</svg>
<!--?--> <span id="slot"><slot></slot></span> <!--?lit$336419335$--> </span> </span> <div class="spinner"> <div class="bounce1"></div> <div class="bounce2"></div> <div class="bounce3"></div> </div> </template></vt-ui-button> <div id="label"> <slot name="label-content"> <!--?lit$336419335$--> </slot> </div> </div> <div id="content" hidden=""> <slot name="content"></slot> </div> </template> <span slot="label-content"> <h5 class="fs-6 fw-bold my-1 d-flex w-100 align-items-center"> <!--?lit$336419335$--> <div class="hstack"> <!--?lit$336419335$--> <a target="_blank" href="https://www.virustotal.com/gui/search/mbc%253AOB0008"><!--?lit$336419335$-->Impact</a> <span role="button" class="badge rounded-pill bg-body-tertiary text-body-tertiary ms-2"> <!--?lit$336419335$-->OB0008 <vt-ui-popover><template shadowrootmode="open"><!----> <div class="popover bs-popover-auto shadow" role="tooltip" data-popper-reference-hidden="" data-popper-escaped="" data-popper-placement="top" style="position: absolute; inset: auto auto 0
<path d="M9.058 17.5c-.505 0-.933-.175-1.283-.525a1.745 1.745 0 0 1-.525-1.283V4.308c0-.505.175-.933.525-1.283.35-.35.778-.525 1.283-.525h8.384c.505 0 .933.175 1.283.525.35.35.525.778.525 1.283v11.384c0 .505-.175.933-.525 1.283-.35.35-.778.525-1.283.525H9.058Zm0-1.5h8.384a.294.294 0 0 0 .212-.096.294.294 0 0 0 .096-.212V4.308a.294.294 0 0 0-.096-.212.294.294 0 0 0-.212-.096H9.058a.294.294 0 0 0-.212.096.294.294 0 0 0-.096.212v11.384c0 .077.032.148.096.212a.294.294 0 0 0 .212.096Zm-3.5 5c-.505 0-.933-.175-1.283-.525a1.745 1.745 0 0 1-.525-1.283V6.308h1.5v12.884c0 .077.032.148.096.212a.294.294 0 0 0 .212.096h9.884V21H5.558Z"></path>
</svg>
<!--?--> </a> </div> </span> <span slot="content"> <p><!--?lit$336419335$-->Behaviors that enable malware to manipulate, interrupt, or destroy systems and data.</p> <a target="_blank" class="btn btn-primary" href="https://github.com/MBCProject/mbc-markdown/blob/main/impact/README.md"> View on MBC Project </a> </span> </vt-ui-popover> </span> </div> </h5> </span> <span slot="content"> <table class="table table-borderless table-sm w-auto fs-6 ms-2 mb-0"> <!--?lit$336419335$--><!----> <tr> <td class="py-2 px-0"> <span class="vstack gap-1 p-0"> <!--?lit$336419335$--> <div class="hstack"> <!--?lit$336419335$--><vt-ui-sandbox-icon-row class="me-2"><template shadowrootmode="open"><!----> <!--?lit$336419335$--><div class="hstack icons-row"> <!--?lit$336419335$--><!----><div class="box rounded-circle d-inline-flex align-middle bg-body attributed border "> <!--?lit$336419335$--><div data-tooltip-position="right" data-tooltip-text="CAPE Sandbox"> <!--?lit$336419335$--><!--?lit$336419335$--><svg width="1em" height="1em"
<path d="M6.18844 18.4529C6.18844 18.4529 4.13057 16.586 3.59932 12.5028C3.06807 8.41949 4.75523 5.8289 6.88217 3.82163C9.00912 1.81437 12.1772 1.27818 14.3732 3.16859C16.5692 5.05899 18.3264 8.44208 15.9913 10.7528C15.9913 10.7528 12.7084 7.08884 7.99138 10.6359C4.75426 13.366 6.18844 18.4529 6.18844 18.4529Z" fill="#FF001D"></path>
<path d="M13.009 22C13.009 22 8.61594 21.2998 7.38317 17.0997C6.1504 12.8995 8.06134 10.9237 10.6203 10.2078C10.6203 10.2078 9.69595 12.4173 11.6526 12.9771C13.6093 13.5369 15.7985 13.1018 17.3553 10.69C17.3553 10.6585 18.049 9.7099 17.7562 6.73828C17.7562 6.73828 18.7116 8.60511 20.5 9.44475C20.5 9.44475 19.3752 10.6271 20.4533 12.93C20.4533 12.93 18.6503 13.4593 18.7574 15.8859C18.7574 15.8859 16.6304 15.8083 16.1527 18.4843C16.1527 18.4843 12.4699 18.6709 13.009 22Z" fill="#222222"></path>
</svg>
<!--?--> </div> </div><!----> </div><!--?--></template></vt-ui-sandbox-icon-row> <a target="_blank" href="https://www.virustotal.com/gui/search/mbc%253AB0018"><!--?lit$336419335$-->Resource Hijacking</a> <span role="button" class="badge rounded-pill bg-body-tertiary text-body-tertiary ms-2"> <!--?lit$336419335$-->B0018 <vt-ui-popover><template shadowrootmode="open"><!----> <div class="popover bs-popover-auto shadow" role="tooltip" data-popper-reference-hidden="" data-popper-escaped="" data-popper-placement="right" style="position: absolute; inset: 0px auto auto 0px; margin: 0px; transform: translate3d(6.82261px, 0px, 0px);"> <div data-popper-arrow="" class="popover-arrow position-absolute" style="position: absolute; top: 0px; transform: translate3d(0px, 0px, 0px);"></div> <h3 class="popover-header d-none "> <slot name="header"></slot> </h3> <div class="popover-body" style="max-height:calc(100vh - 50px);overflow-y:auto"> <slot name="content"></slot> </div> </div> </template> <span slot="header"> <div class="h
<path d="M9.058 17.5c-.505 0-.933-.175-1.283-.525a1.745 1.745 0 0 1-.525-1.283V4.308c0-.505.175-.933.525-1.283.35-.35.778-.525 1.283-.525h8.384c.505 0 .933.175 1.283.525.35.35.525.778.525 1.283v11.384c0 .505-.175.933-.525 1.283-.35.35-.778.525-1.283.525H9.058Zm0-1.5h8.384a.294.294 0 0 0 .212-.096.294.294 0 0 0 .096-.212V4.308a.294.294 0 0 0-.096-.212.294.294 0 0 0-.212-.096H9.058a.294.294 0 0 0-.212.096.294.294 0 0 0-.096.212v11.384c0 .077.032.148.096.212a.294.294 0 0 0 .212.096Zm-3.5 5c-.505 0-.933-.175-1.283-.525a1.745 1.745 0 0 1-.525-1.283V6.308h1.5v12.884c0 .077.032.148.096.212a.294.294 0 0 0 .212.096h9.884V21H5.558Z"></path>
</svg>
<!--?--> </a> </div> </span> <span slot="content"> <p><!--?lit$336419335$-->Malware uses system resources for other than intended purposes, negatively impacting availability as well as performance, whether user endpoint or cloud-based. Digital currency mining, e.g., bitcoin, exemplifies this behavior: malicious actors infect systems with malware, taking control of system resources for purposes of verifying new transactions to the blockchain and earning new currency/coins. Cloud-based systems, e.g., Kubernetes clusters, are not immune to infection and are attractive targets for resource hijacking, given their substantial computing power [1],[2].
The related **Resource Hijacking ([T1496](https://attack.mitre.org/techniques/T1496/))** ATT&CK technique was defined subsequent to this MBC behavior.</p> <a target="_blank" class="btn btn-primary" href="https://github.com/MBCProject/mbc-markdown/blob/main/impact/resource-hijacking.md"> View on MBC Project </a> </span> </vt-ui-popover> </span> </div> <div class="vstack gap-1 ps-4"> <!--?lit$336419335$--> </div> </span> </td> </tr> <!----><!----> <tr> <td class="py-2 px-0"> <span class="vstack gap-1 p-0"> <!--?lit$336419335$--> <div class="hstack"> <!--?lit$336419335$--><vt-ui-sandbox-icon-row class="me-2"><template shadowrootmode="open"><!----> <!--?lit$336419335$--><div class="hstack icons-row"> <!--?lit$336419335$--><!----><div class="box rounded-circle d-inline-flex align-middle bg-body attributed border "> <!--?lit$336419335$--><div data-tooltip-position="right" data-tooltip-text="CAPE Sandbox"> <!--?lit$336419335$--><!--?lit$336419335$--><svg width="1em" height="1em" viewBox="0 0 24 24" fill="none"
<path d="M6.18844 18.4529C6.18844 18.4529 4.13057 16.586 3.59932 12.5028C3.06807 8.41949 4.75523 5.8289 6.88217 3.82163C9.00912 1.81437 12.1772 1.27818 14.3732 3.16859C16.5692 5.05899 18.3264 8.44208 15.9913 10.7528C15.9913 10.7528 12.7084 7.08884 7.99138 10.6359C4.75426 13.366 6.18844 18.4529 6.18844 18.4529Z" fill="#FF001D"></path>
<path d="M13.009 22C13.009 22 8.61594 21.2998 7.38317 17.0997C6.1504 12.8995 8.06134 10.9237 10.6203 10.2078C10.6203 10.2078 9.69595 12.4173 11.6526 12.9771C13.6093 13.5369 15.7985 13.1018 17.3553 10.69C17.3553 10.6585 18.049 9.7099 17.7562 6.73828C17.7562 6.73828 18.7116 8.60511 20.5 9.44475C20.5 9.44475 19.3752 10.6271 20.4533 12.93C20.4533 12.93 18.6503 13.4593 18.7574 15.8859C18.7574 15.8859 16.6304 15.8083 16.1527 18.4843C16.1527 18.4843 12.4699 18.6709 13.009 22Z" fill="#222222"></path>
</svg>
<!--?--> </div> </div><!----> </div><!--?--></template></vt-ui-sandbox-icon-row> <a target="_blank" href="https://www.virustotal.com/gui/search/mbc%253AB0033"><!--?lit$336419335$-->Denial of Service</a> <span role="button" class="badge rounded-pill bg-body-tertiary text-body-tertiary ms-2"> <!--?lit$336419335$-->B0033 <vt-ui-popover><template shadowrootmode="open"><!----> <div class="popover bs-popover-auto shadow" role="tooltip" data-popper-reference-hidden="" data-popper-escaped="" data-popper-placement="right" style="position: absolute; inset: 0px auto auto 0px; margin: 0px; transform: translate3d(6.82261px, 0px, 0px);"> <div data-popper-arrow="" class="popover-arrow position-absolute" style="position: absolute; top: 0px; transform: translate3d(0px, 0px, 0px);"></div> <h3 class="popover-header d-none "> <slot name="header"></slot> </h3> <div class="popover-body" style="max-height:calc(100vh - 50px);overflow-y:auto"> <slot name="content"></slot> </div> </div> </template> <span slot="header"> <div class="hs
<path d="M9.058 17.5c-.505 0-.933-.175-1.283-.525a1.745 1.745 0 0 1-.525-1.283V4.308c0-.505.175-.933.525-1.283.35-.35.778-.525 1.283-.525h8.384c.505 0 .933.175 1.283.525.35.35.525.778.525 1.283v11.384c0 .505-.175.933-.525 1.283-.35.35-.778.525-1.283.525H9.058Zm0-1.5h8.384a.294.294 0 0 0 .212-.096.294.294 0 0 0 .096-.212V4.308a.294.294 0 0 0-.096-.212.294.294 0 0 0-.212-.096H9.058a.294.294 0 0 0-.212.096.294.294 0 0 0-.096.212v11.384c0 .077.032.148.096.212a.294.294 0 0 0 .212.096Zm-3.5 5c-.505 0-.933-.175-1.283-.525a1.745 1.745 0 0 1-.525-1.283V6.308h1.5v12.884c0 .077.032.148.096.212a.294.294 0 0 0 .212.096h9.884V21H5.558Z"></path>
</svg>
<!--?--> </a> </div> </span> <span slot="content"> <p><!--?lit$336419335$-->Malware may make a network unavailable, for example, by launching a network-based denial of service (DoS) attack.
Endpoint denial of service behaviors are captured by the **Endpoint Denial of Service ([T1499](https://attack.mitre.org/techniques/T1499/))** technique.
The related **Network Denial of Service ([T1498](https://attack.mitre.org/techniques/T1498/))** ATT&CK technique was defined subsequent to this MBC behavior.</p> <a target="_blank" class="btn btn-primary" href="https://github.com/MBCProject/mbc-markdown/blob/main/impact/denial-of-service.md"> View on MBC Project </a> </span> </vt-ui-popover> </span> </div> <div class="vstack gap-1 ps-4"> <!--?lit$336419335$--> </div> </span> </td> </tr> <!----><!----> <tr> <td class="py-2 px-0"> <span class="vstack gap-1 p-0"> <!--?lit$336419335$--> <div class="hstack"> <!--?lit$336419335$--><vt-ui-sandbox-icon-row class="me-2"><template shadowrootmode="open"><!----> <!--?lit$336419335$--><div class="hstack icons-row"> <!--?lit$336419335$--><!----><div class="box rounded-circle d-inline-flex align-middle bg-body attributed border "> <!--?lit$336419335$--><div data-tooltip-position="right" data-tooltip-text="CAPE Sandbox"> <!--?lit$336419335$--><!--?lit$336419335$--><svg width="1em" height="1em" viewBox="0 0 24 24" fill="
<path d="M6.18844 18.4529C6.18844 18.4529 4.13057 16.586 3.59932 12.5028C3.06807 8.41949 4.75523 5.8289 6.88217 3.82163C9.00912 1.81437 12.1772 1.27818 14.3732 3.16859C16.5692 5.05899 18.3264 8.44208 15.9913 10.7528C15.9913 10.7528 12.7084 7.08884 7.99138 10.6359C4.75426 13.366 6.18844 18.4529 6.18844 18.4529Z" fill="#FF001D"></path>
<path d="M13.009 22C13.009 22 8.61594 21.2998 7.38317 17.0997C6.1504 12.8995 8.06134 10.9237 10.6203 10.2078C10.6203 10.2078 9.69595 12.4173 11.6526 12.9771C13.6093 13.5369 15.7985 13.1018 17.3553 10.69C17.3553 10.6585 18.049 9.7099 17.7562 6.73828C17.7562 6.73828 18.7116 8.60511 20.5 9.44475C20.5 9.44475 19.3752 10.6271 20.4533 12.93C20.4533 12.93 18.6503 13.4593 18.7574 15.8859C18.7574 15.8859 16.6304 15.8083 16.1527 18.4843C16.1527 18.4843 12.4699 18.6709 13.009 22Z" fill="#222222"></path>
</svg>
<!--?--> </div> </div><!----> </div><!--?--></template></vt-ui-sandbox-icon-row> <a target="_blank" href="https://www.virustotal.com/gui/search/mbc%253AE1485"><!--?lit$336419335$-->Data Destruction</a> <span role="button" class="badge rounded-pill bg-body-tertiary text-body-tertiary ms-2"> <!--?lit$336419335$-->E1485 <vt-ui-popover><template shadowrootmode="open"><!----> <div class="popover bs-popover-auto shadow" role="tooltip" data-popper-reference-hidden="" data-popper-escaped="" data-popper-placement="right" style="position: absolute; inset: 0px auto auto 0px; margin: 0px; transform: translate3d(6.82261px, 0px, 0px);"> <div data-popper-arrow="" class="popover-arrow position-absolute" style="position: absolute; top: 0px; transform: translate3d(0px, 0px, 0px);"></div> <h3 class="popover-header d-none "> <slot name="header"></slot> </h3> <div class="popover-body" style="max-height:calc(100vh - 50px);overflow-y:auto"> <slot name="content"></slot> </div> </div> </template> <span slot="header"> <div class="hst
<path d="M9.058 17.5c-.505 0-.933-.175-1.283-.525a1.745 1.745 0 0 1-.525-1.283V4.308c0-.505.175-.933.525-1.283.35-.35.778-.525 1.283-.525h8.384c.505 0 .933.175 1.283.525.35.35.525.778.525 1.283v11.384c0 .505-.175.933-.525 1.283-.35.35-.778.525-1.283.525H9.058Zm0-1.5h8.384a.294.294 0 0 0 .212-.096.294.294 0 0 0 .096-.212V4.308a.294.294 0 0 0-.096-.212.294.294 0 0 0-.212-.096H9.058a.294.294 0 0 0-.212.096.294.294 0 0 0-.096.212v11.384c0 .077.032.148.096.212a.294.294 0 0 0 .212.096Zm-3.5 5c-.505 0-.933-.175-1.283-.525a1.745 1.745 0 0 1-.525-1.283V6.308h1.5v12.884c0 .077.032.148.096.212a.294.294 0 0 0 .212.096h9.884V21H5.558Z"></path>
</svg>
<!--?--> </a> </div> </span> <span slot="content"> <p><!--?lit$336419335$-->Malware may deliberately delete or otherwise render inaccessible data on a compromised system. This is often done to disrupt the victim's operations, cover the attacker's tracks, or exert pressure on the victim.
See ATT&CK: **Data Destruction ([T1485](https://attack.mitre.org/techniques/T1485/))**.</p> <a target="_blank" class="btn btn-primary" href="https://github.com/MBCProject/mbc-markdown/blob/main/impact/data-destruction.md"> View on MBC Project </a> </span> </vt-ui-popover> </span> </div> <div class="vstack gap-1 ps-4"> <!--?lit$336419335$--> </div> </span> </td> </tr> <!----> </table> </span> </vt-ui-expandable-detail> <!----><!----> <vt-ui-expandable-detail><template shadowrootmode="open"><!----> <div id="labelWrapper"> <vt-ui-button icon="" class="icon" is-expandable-control=""><template shadowrootmode="open"><!----> <!--?lit$336419335$--> <span id="wrapperLink" class=" wrapperLink--no-empty-start-space " tabindex="0"> <!--?lit$336419335$--> <!--?lit$336419335$--> <span class="wrapper "> <!--?lit$336419335$--><!--?lit$336419335$--><svg xmlns="http://www.w3.org/2000/svg" width="1em" height="1em" viewBox="0 0 24 24" fill="currentColor">
<path d="M11.35 12.636H5.703V11.34h5.649V5.69h1.298v5.65h5.649v1.297H12.65v5.65h-1.298v-5.65Z"></path>
</svg>
<!--?--> <span id="slot"><slot></slot></span> <!--?lit$336419335$--> </span> </span> <div class="spinner"> <div class="bounce1"></div> <div class="bounce2"></div> <div class="bounce3"></div> </div> </template></vt-ui-button> <div id="label"> <slot name="label-content"> <!--?lit$336419335$--> </slot> </div> </div> <div id="content" hidden=""> <slot name="content"></slot> </div> </template> <span slot="label-content"> <h5 class="fs-6 fw-bold my-1 d-flex w-100 align-items-center"> <!--?lit$336419335$--> <div class="hstack"> <!--?lit$336419335$--> <a target="_blank" href="https://www.virustotal.com/gui/search/mbc%253AOB0012"><!--?lit$336419335$-->Persistence</a> <span role="button" class="badge rounded-pill bg-body-tertiary text-body-tertiary ms-2"> <!--?lit$336419335$-->OB0012 <vt-ui-popover><template shadowrootmode="open"><!----> <div class="popover bs-popover-auto shadow" role="tooltip" data-popper-reference-hidden="" data-popper-escaped="" data-popper-placement="top" style="position: absolute; inset: auto a
<path d="M9.058 17.5c-.505 0-.933-.175-1.283-.525a1.745 1.745 0 0 1-.525-1.283V4.308c0-.505.175-.933.525-1.283.35-.35.778-.525 1.283-.525h8.384c.505 0 .933.175 1.283.525.35.35.525.778.525 1.283v11.384c0 .505-.175.933-.525 1.283-.35.35-.778.525-1.283.525H9.058Zm0-1.5h8.384a.294.294 0 0 0 .212-.096.294.294 0 0 0 .096-.212V4.308a.294.294 0 0 0-.096-.212.294.294 0 0 0-.212-.096H9.058a.294.294 0 0 0-.212.096.294.294 0 0 0-.096.212v11.384c0 .077.032.148.096.212a.294.294 0 0 0 .212.096Zm-3.5 5c-.505 0-.933-.175-1.283-.525a1.745 1.745 0 0 1-.525-1.283V6.308h1.5v12.884c0 .077.032.148.096.212a.294.294 0 0 0 .212.096h9.884V21H5.558Z"></path>
</svg>
<!--?--> </a> </div> </span> <span slot="content"> <p><!--?lit$336419335$-->Behaviors that enable malware to remain on a system regardless of system events, such as reboots.</p> <a target="_blank" class="btn btn-primary" href="https://github.com/MBCProject/mbc-markdown/blob/main/persistence/README.md"> View on MBC Project </a> </span> </vt-ui-popover> </span> </div> </h5> </span> <span slot="content"> <table class="table table-borderless table-sm w-auto fs-6 ms-2 mb-0"> <!--?lit$336419335$--><!----> <tr> <td class="py-2 px-0"> <span class="vstack gap-1 p-0"> <!--?lit$336419335$--> <div class="hstack"> <!--?lit$336419335$--><vt-ui-sandbox-icon-row class="me-2"><template shadowrootmode="open"><!----> <!--?lit$336419335$--><div class="hstack icons-row"> <!--?lit$336419335$--><!----><div class="box rounded-circle d-inline-flex align-middle bg-body attributed border "> <!--?lit$336419335$--><div data-tooltip-position="right" data-tooltip-text="CAPE Sandbox"> <!--?lit$336419335$--><!--?lit$336419335$--><svg width=
<path d="M6.18844 18.4529C6.18844 18.4529 4.13057 16.586 3.59932 12.5028C3.06807 8.41949 4.75523 5.8289 6.88217 3.82163C9.00912 1.81437 12.1772 1.27818 14.3732 3.16859C16.5692 5.05899 18.3264 8.44208 15.9913 10.7528C15.9913 10.7528 12.7084 7.08884 7.99138 10.6359C4.75426 13.366 6.18844 18.4529 6.18844 18.4529Z" fill="#FF001D"></path>
<path d="M13.009 22C13.009 22 8.61594 21.2998 7.38317 17.0997C6.1504 12.8995 8.06134 10.9237 10.6203 10.2078C10.6203 10.2078 9.69595 12.4173 11.6526 12.9771C13.6093 13.5369 15.7985 13.1018 17.3553 10.69C17.3553 10.6585 18.049 9.7099 17.7562 6.73828C17.7562 6.73828 18.7116 8.60511 20.5 9.44475C20.5 9.44475 19.3752 10.6271 20.4533 12.93C20.4533 12.93 18.6503 13.4593 18.7574 15.8859C18.7574 15.8859 16.6304 15.8083 16.1527 18.4843C16.1527 18.4843 12.4699 18.6709 13.009 22Z" fill="#222222"></path>
</svg>
<!--?--> </div> </div><!----> </div><!--?--></template></vt-ui-sandbox-icon-row> <a target="_blank" href="https://www.virustotal.com/gui/search/mbc%253AE1112"><!--?lit$336419335$-->Modify Registry</a> <span role="button" class="badge rounded-pill bg-body-tertiary text-body-tertiary ms-2"> <!--?lit$336419335$-->E1112 <vt-ui-popover><template shadowrootmode="open"><!----> <div class="popover bs-popover-auto shadow" role="tooltip" data-popper-reference-hidden="" data-popper-escaped="" data-popper-placement="right" style="position: absolute; inset: 0px auto auto 0px; margin: 0px; transform: translate3d(6.82261px, 0px, 0px);"> <div data-popper-arrow="" class="popover-arrow position-absolute" style="position: absolute; top: 0px; transform: translate3d(0px, 0px, 0px);"></div> <h3 class="popover-header d-none "> <slot name="header"></slot> </h3> <div class="popover-body" style="max-height:calc(100vh - 50px);overflow-y:auto"> <slot name="content"></slot> </div> </div> </template> <span slot="header"> <div class="hsta
<path d="M9.058 17.5c-.505 0-.933-.175-1.283-.525a1.745 1.745 0 0 1-.525-1.283V4.308c0-.505.175-.933.525-1.283.35-.35.778-.525 1.283-.525h8.384c.505 0 .933.175 1.283.525.35.35.525.778.525 1.283v11.384c0 .505-.175.933-.525 1.283-.35.35-.778.525-1.283.525H9.058Zm0-1.5h8.384a.294.294 0 0 0 .212-.096.294.294 0 0 0 .096-.212V4.308a.294.294 0 0 0-.096-.212.294.294 0 0 0-.212-.096H9.058a.294.294 0 0 0-.212.096.294.294 0 0 0-.096.212v11.384c0 .077.032.148.096.212a.294.294 0 0 0 .212.096Zm-3.5 5c-.505 0-.933-.175-1.283-.525a1.745 1.745 0 0 1-.525-1.283V6.308h1.5v12.884c0 .077.032.148.096.212a.294.294 0 0 0 .212.096h9.884V21H5.558Z"></path>
</svg>
<!--?--> </a> </div> </span> <span slot="content"> <p><!--?lit$336419335$-->Malware may make changes to the Windows Registry to hide execution or to persist on the system (note that ATT&CK does not extend this behavior to the Persistence objective). The Windows registry is a database that stores low-level settings for the operating system and for applications that opt to use the registry. Malware may create, delete, or modify registry keys and values to change the behavior of the system or certain applications. For instance, malware may modify registry keys to enable remote desktop connections, disable security features, or to automatically start the malware whenever the system boots. This technique is commonly used by various types of malware, including ransomware, trojans, and worms.
See ATT&CK: **Modify Registry ([T1112](https://attack.mitre.org/techniques/T1112/))**.</p> <a target="_blank" class="btn btn-primary" href="https://github.com/MBCProject/mbc-markdown/blob/main/defense-evasion/modify-registry.md"> View on MBC Project </a> </span> </vt-ui-popover> </span> </div> <div class="vstack gap-1 ps-4"> <!--?lit$336419335$--> </div> </span> </td> </tr> <!----><!----> <tr> <td class="py-2 px-0"> <span class="vstack gap-1 p-0"> <!--?lit$336419335$--> <div class="hstack"> <!--?lit$336419335$--><vt-ui-sandbox-icon-row class="me-2"><template shadowrootmode="open"><!----> <!--?lit$336419335$--><div class="hstack icons-row"> <!--?lit$336419335$--><!----><div class="box rounded-circle d-inline-flex align-middle bg-body attributed border "> <!--?lit$336419335$--><div data-tooltip-position="right" data-tooltip-text="CAPE Sandbox"> <!--?lit$336419335$--><!--?lit$336419335$--><svg width="1em" height="1em" viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg">
<path d="M6.18844 18.4529C6.18844 18.4529 4.13057 16.586 3.59932 12.5028C3.06807 8.41949 4.75523 5.8289 6.88217 3.82163C9.00912 1.81437 12.1772 1.27818 14.3732 3.16859C16.5692 5.05899 18.3264 8.44208 15.9913 10.7528C15.9913 10.7528 12.7084 7.08884 7.99138 10.6359C4.75426 13.366 6.18844 18.4529 6.18844 18.4529Z" fill="#FF001D"></path>
<path d="M13.009 22C13.009 22 8.61594 21.2998 7.38317 17.0997C6.1504 12.8995 8.06134 10.9237 10.6203 10.2078C10.6203 10.2078 9.69595 12.4173 11.6526 12.9771C13.6093 13.5369 15.7985 13.1018 17.3553 10.69C17.3553 10.6585 18.049 9.7099 17.7562 6.73828C17.7562 6.73828 18.7116 8.60511 20.5 9.44475C20.5 9.44475 19.3752 10.6271 20.4533 12.93C20.4533 12.93 18.6503 13.4593 18.7574 15.8859C18.7574 15.8859 16.6304 15.8083 16.1527 18.4843C16.1527 18.4843 12.4699 18.6709 13.009 22Z" fill="#222222"></path>
</svg>
<!--?--> </div> </div><!----> </div><!--?--></template></vt-ui-sandbox-icon-row> <a target="_blank" href="https://www.virustotal.com/gui/search/mbc%253AF0005"><!--?lit$336419335$-->Hidden Files and Directories</a> <span role="button" class="badge rounded-pill bg-body-tertiary text-body-tertiary ms-2"> <!--?lit$336419335$-->F0005 <vt-ui-popover><template shadowrootmode="open"><!----> <div class="popover bs-popover-auto shadow" role="tooltip" data-popper-reference-hidden="" data-popper-escaped="" data-popper-placement="right" style="position: absolute; inset: 0px auto auto 0px; margin: 0px; transform: translate3d(6.82261px, 0px, 0px);"> <div data-popper-arrow="" class="popover-arrow position-absolute" style="position: absolute; top: 0px; transform: translate3d(0px, 0px, 0px);"></div> <h3 class="popover-header d-none "> <slot name="header"></slot> </h3> <div class="popover-body" style="max-height:calc(100vh - 50px);overflow-y:auto"> <slot name="content"></slot> </div> </div> </template> <span slot="header"> <di
<path d="M9.058 17.5c-.505 0-.933-.175-1.283-.525a1.745 1.745 0 0 1-.525-1.283V4.308c0-.505.175-.933.525-1.283.35-.35.778-.525 1.283-.525h8.384c.505 0 .933.175 1.283.525.35.35.525.778.525 1.283v11.384c0 .505-.175.933-.525 1.283-.35.35-.778.525-1.283.525H9.058Zm0-1.5h8.384a.294.294 0 0 0 .212-.096.294.294 0 0 0 .096-.212V4.308a.294.294 0 0 0-.096-.212.294.294 0 0 0-.212-.096H9.058a.294.294 0 0 0-.212.096.294.294 0 0 0-.096.212v11.384c0 .077.032.148.096.212a.294.294 0 0 0 .212.096Zm-3.5 5c-.505 0-.933-.175-1.283-.525a1.745 1.745 0 0 1-.525-1.283V6.308h1.5v12.884c0 .077.032.148.096.212a.294.294 0 0 0 .212.096h9.884V21H5.558Z"></path>
</svg>
<!--?--> </a> </div> </span> <span slot="content"> <p><!--?lit$336419335$-->Malware may hide files and folders to avoid detection and/or to persist on the system. See potential methods below. This is achieved by marking files or directories as hidden or by using special characters in file names to prevent them from being displayed in standard directory listings. By hiding files or directories, malware can evade detection from users and some security software.
This behavior is related to Unprotect technique U1230.
See ATT&CK: **Hide Artifacts: Hidden Files and Directories ([T1564.001](https://attack.mitre.org/techniques/T1564/001/))**.</p> <a target="_blank" class="btn btn-primary" href="https://github.com/MBCProject/mbc-markdown/blob/main/defense-evasion/hidden-files-and-directories.md"> View on MBC Project </a> </span> </vt-ui-popover> </span> </div> <div class="vstack gap-1 ps-4"> <!--?lit$336419335$--> </div> </span> </td> </tr> <!----><!----> <tr> <td class="py-2 px-0"> <span class="vstack gap-1 p-0"> <!--?lit$336419335$--> <div class="hstack"> <!--?lit$336419335$--><vt-ui-sandbox-icon-row class="me-2"><template shadowrootmode="open"><!----> <!--?lit$336419335$--><div class="hstack icons-row"> <!--?lit$336419335$--><!----><div class="box rounded-circle d-inline-flex align-middle bg-body attributed border "> <!--?lit$336419335$--><div data-tooltip-position="right" data-tooltip-text="CAPE Sandbox"> <!--?lit$336419335$--><!--?lit$336419335$--><svg width="1em" height="1em" viewBox="0 0 24 24" fill="none" xmlns="h
<path d="M6.18844 18.4529C6.18844 18.4529 4.13057 16.586 3.59932 12.5028C3.06807 8.41949 4.75523 5.8289 6.88217 3.82163C9.00912 1.81437 12.1772 1.27818 14.3732 3.16859C16.5692 5.05899 18.3264 8.44208 15.9913 10.7528C15.9913 10.7528 12.7084 7.08884 7.99138 10.6359C4.75426 13.366 6.18844 18.4529 6.18844 18.4529Z" fill="#FF001D"></path>
<path d="M13.009 22C13.009 22 8.61594 21.2998 7.38317 17.0997C6.1504 12.8995 8.06134 10.9237 10.6203 10.2078C10.6203 10.2078 9.69595 12.4173 11.6526 12.9771C13.6093 13.5369 15.7985 13.1018 17.3553 10.69C17.3553 10.6585 18.049 9.7099 17.7562 6.73828C17.7562 6.73828 18.7116 8.60511 20.5 9.44475C20.5 9.44475 19.3752 10.6271 20.4533 12.93C20.4533 12.93 18.6503 13.4593 18.7574 15.8859C18.7574 15.8859 16.6304 15.8083 16.1527 18.4843C16.1527 18.4843 12.4699 18.6709 13.009 22Z" fill="#222222"></path>
</svg>
<!--?--> </div> </div><!----> </div><!--?--></template></vt-ui-sandbox-icon-row> <a target="_blank" href="https://www.virustotal.com/gui/search/mbc%253AF0012"><!--?lit$336419335$-->Registry Run Keys / Startup Folder</a> <span role="button" class="badge rounded-pill bg-body-tertiary text-body-tertiary ms-2"> <!--?lit$336419335$-->F0012 <vt-ui-popover><template shadowrootmode="open"><!----> <div class="popover bs-popover-auto shadow" role="tooltip" data-popper-reference-hidden="" data-popper-escaped="" data-popper-placement="right" style="position: absolute; inset: 0px auto auto 0px; margin: 0px; transform: translate3d(6.82261px, 0px, 0px);"> <div data-popper-arrow="" class="popover-arrow position-absolute" style="position: absolute; top: 0px; transform: translate3d(0px, 0px, 0px);"></div> <h3 class="popover-header d-none "> <slot name="header"></slot> </h3> <div class="popover-body" style="max-height:calc(100vh - 50px);overflow-y:auto"> <slot name="content"></slot> </div> </div> </template> <span slot="header
<path d="M9.058 17.5c-.505 0-.933-.175-1.283-.525a1.745 1.745 0 0 1-.525-1.283V4.308c0-.505.175-.933.525-1.283.35-.35.778-.525 1.283-.525h8.384c.505 0 .933.175 1.283.525.35.35.525.778.525 1.283v11.384c0 .505-.175.933-.525 1.283-.35.35-.778.525-1.283.525H9.058Zm0-1.5h8.384a.294.294 0 0 0 .212-.096.294.294 0 0 0 .096-.212V4.308a.294.294 0 0 0-.096-.212.294.294 0 0 0-.212-.096H9.058a.294.294 0 0 0-.212.096.294.294 0 0 0-.096.212v11.384c0 .077.032.148.096.212a.294.294 0 0 0 .212.096Zm-3.5 5c-.505 0-.933-.175-1.283-.525a1.745 1.745 0 0 1-.525-1.283V6.308h1.5v12.884c0 .077.032.148.096.212a.294.294 0 0 0 .212.096h9.884V21H5.558Z"></path>
</svg>
<!--?--> </a> </div> </span> <span slot="content"> <p><!--?lit$336419335$-->Malware may add an entry to the Windows Registry run keys or startup folder to enable persistence. [1]
See ATT&CK: **Boot or Logon Autostart Execution: Registry Run Keys / Startup Folder ([T1547.001](https://attack.mitre.org/techniques/T1547/001/))**.</p> <a target="_blank" class="btn btn-primary" href="https://github.com/MBCProject/mbc-markdown/blob/main/persistence/registry-run-keys-startup-folder.md"> View on MBC Project </a> </span> </vt-ui-popover> </span> </div> <div class="vstack gap-1 ps-4"> <!--?lit$336419335$--> </div> </span> </td> </tr> <!----><!----> <tr> <td class="py-2 px-0"> <span class="vstack gap-1 p-0"> <!--?lit$336419335$--> <div class="hstack"> <!--?lit$336419335$--><vt-ui-sandbox-icon-row class="me-2"><template shadowrootmode="open"><!----> <!--?lit$336419335$--><div class="hstack icons-row"> <!--?lit$336419335$--><!----><div class="box rounded-circle d-inline-flex align-middle bg-body attributed border "> <!--?lit$336419335$--><div data-tooltip-position="right" data-tooltip-text="CAPE Sandbox"> <!--?lit$336419335$--><!--?lit$336419335$--><svg width="1em" height="1em" viewBox="0 0 24
<path d="M6.18844 18.4529C6.18844 18.4529 4.13057 16.586 3.59932 12.5028C3.06807 8.41949 4.75523 5.8289 6.88217 3.82163C9.00912 1.81437 12.1772 1.27818 14.3732 3.16859C16.5692 5.05899 18.3264 8.44208 15.9913 10.7528C15.9913 10.7528 12.7084 7.08884 7.99138 10.6359C4.75426 13.366 6.18844 18.4529 6.18844 18.4529Z" fill="#FF001D"></path>
<path d="M13.009 22C13.009 22 8.61594 21.2998 7.38317 17.0997C6.1504 12.8995 8.06134 10.9237 10.6203 10.2078C10.6203 10.2078 9.69595 12.4173 11.6526 12.9771C13.6093 13.5369 15.7985 13.1018 17.3553 10.69C17.3553 10.6585 18.049 9.7099 17.7562 6.73828C17.7562 6.73828 18.7116 8.60511 20.5 9.44475C20.5 9.44475 19.3752 10.6271 20.4533 12.93C20.4533 12.93 18.6503 13.4593 18.7574 15.8859C18.7574 15.8859 16.6304 15.8083 16.1527 18.4843C16.1527 18.4843 12.4699 18.6709 13.009 22Z" fill="#222222"></path>
</svg>
<!--?--> </div> </div><!----> </div><!--?--></template></vt-ui-sandbox-icon-row> <a target="_blank" href="https://www.virustotal.com/gui/search/mbc%253AF0013"><!--?lit$336419335$-->Bootkit</a> <span role="button" class="badge rounded-pill bg-body-tertiary text-body-tertiary ms-2"> <!--?lit$336419335$-->F0013 <vt-ui-popover><template shadowrootmode="open"><!----> <div class="popover bs-popover-auto shadow" role="tooltip" data-popper-reference-hidden="" data-popper-escaped="" data-popper-placement="right" style="position: absolute; inset: 0px auto auto 0px; margin: 0px; transform: translate3d(6.82261px, 0px, 0px);"> <div data-popper-arrow="" class="popover-arrow position-absolute" style="position: absolute; top: 0px; transform: translate3d(0px, 0px, 0px);"></div> <h3 class="popover-header d-none "> <slot name="header"></slot> </h3> <div class="popover-body" style="max-height:calc(100vh - 50px);overflow-y:auto"> <slot name="content"></slot> </div> </div> </template> <span slot="header"> <div class="hstack justi
<path d="M9.058 17.5c-.505 0-.933-.175-1.283-.525a1.745 1.745 0 0 1-.525-1.283V4.308c0-.505.175-.933.525-1.283.35-.35.778-.525 1.283-.525h8.384c.505 0 .933.175 1.283.525.35.35.525.778.525 1.283v11.384c0 .505-.175.933-.525 1.283-.35.35-.778.525-1.283.525H9.058Zm0-1.5h8.384a.294.294 0 0 0 .212-.096.294.294 0 0 0 .096-.212V4.308a.294.294 0 0 0-.096-.212.294.294 0 0 0-.212-.096H9.058a.294.294 0 0 0-.212.096.294.294 0 0 0-.096.212v11.384c0 .077.032.148.096.212a.294.294 0 0 0 .212.096Zm-3.5 5c-.505 0-.933-.175-1.283-.525a1.745 1.745 0 0 1-.525-1.283V6.308h1.5v12.884c0 .077.032.148.096.212a.294.294 0 0 0 .212.096h9.884V21H5.558Z"></path>
</svg>
<!--?--> </a> </div> </span> <span slot="content"> <p><!--?lit$336419335$-->The boot sectors of a hard drive are modified (e.g., Master Boot Record (MBR)). ATT&CK associates bootkits with the Persistence. See ATT&CK: **Pre-OS Boot: Bootkit ([T1542.003](https://attack.mitre.org/techniques/T1542/003/))**.
The MBC also associates the Bootkit behavior with Defense Evasion because the malware may execute before or external to the system's kernel or hypervisor (e.g., through the BIOS), making it more difficult to detect. (As of 2020, ATT&CK also associates the technique with Persistence.)</p> <a target="_blank" class="btn btn-primary" href="https://github.com/MBCProject/mbc-markdown/blob/main/defense-evasion/bootkit.md"> View on MBC Project </a> </span> </vt-ui-popover> </span> </div> <div class="vstack gap-1 ps-4"> <!--?lit$336419335$--> </div> </span> </td> </tr> <!----> </table> </span> </vt-ui-expandable-detail> <!----><!----> <vt-ui-expandable-detail><template shadowrootmode="open"><!----> <div id="labelWrapper"> <vt-ui-button icon="" class="icon" is-expandable-control=""><template shadowrootmode="open"><!----> <!--?lit$336419335$--> <span id="wrapperLink" class=" wrapperLink--no-empty-start-space " tabindex="0"> <!--?lit$336419335$--> <!--?lit$336419335$--> <span class="wrapper "> <!--?lit$336419335$--><
<path d="M11.35 12.636H5.703V11.34h5.649V5.69h1.298v5.65h5.649v1.297H12.65v5.65h-1.298v-5.65Z"></path>
</svg>
<!--?--> <span id="slot"><slot></slot></span> <!--?lit$336419335$--> </span> </span> <div class="spinner"> <div class="bounce1"></div> <div class="bounce2"></div> <div class="bounce3"></div> </div> </template></vt-ui-button> <div id="label"> <slot name="label-content"> <!--?lit$336419335$--> </slot> </div> </div> <div id="content" hidden=""> <slot name="content"></slot> </div> </template> <span slot="label-content"> <h5 class="fs-6 fw-bold my-1 d-flex w-100 align-items-center"> <!--?lit$336419335$--> <div class="hstack"> <!--?lit$336419335$--> <a target="_blank" href="https://www.virustotal.com/gui/search/mbc%253AOC0001"><!--?lit$336419335$-->File System</a> <span role="button" class="badge rounded-pill bg-body-tertiary text-body-tertiary ms-2"> <!--?lit$336419335$-->OC0001 <vt-ui-popover><template shadowrootmode="open"><!----> <div class="popover bs-popover-auto shadow" role="tooltip" data-popper-reference-hidden="" data-popper-escaped="" data-popper-placement="top" style="position: absolute; inset: auto a
<path d="M9.058 17.5c-.505 0-.933-.175-1.283-.525a1.745 1.745 0 0 1-.525-1.283V4.308c0-.505.175-.933.525-1.283.35-.35.778-.525 1.283-.525h8.384c.505 0 .933.175 1.283.525.35.35.525.778.525 1.283v11.384c0 .505-.175.933-.525 1.283-.35.35-.778.525-1.283.525H9.058Zm0-1.5h8.384a.294.294 0 0 0 .212-.096.294.294 0 0 0 .096-.212V4.308a.294.294 0 0 0-.096-.212.294.294 0 0 0-.212-.096H9.058a.294.294 0 0 0-.212.096.294.294 0 0 0-.096.212v11.384c0 .077.032.148.096.212a.294.294 0 0 0 .212.096Zm-3.5 5c-.505 0-.933-.175-1.283-.525a1.745 1.745 0 0 1-.525-1.283V6.308h1.5v12.884c0 .077.032.148.096.212a.294.294 0 0 0 .212.096h9.884V21H5.558Z"></path>
</svg>
<!--?--> </a> </div> </span> <span slot="content"> <p><!--?lit$336419335$-->Micro-behaviors related to file manipulation.</p> <a target="_blank" class="btn btn-primary" href="https://github.com/MBCProject/mbc-markdown/blob/main/micro-behaviors/file-system/README.md"> View on MBC Project </a> </span> </vt-ui-popover> </span> </div> </h5> </span> <span slot="content"> <table class="table table-borderless table-sm w-auto fs-6 ms-2 mb-0"> <!--?lit$336419335$--><!----> <tr> <td class="py-2 px-0"> <span class="vstack gap-1 p-0"> <!--?lit$336419335$--> <div class="hstack"> <!--?lit$336419335$--><vt-ui-sandbox-icon-row class="me-2"><template shadowrootmode="open"><!----> <!--?lit$336419335$--><div class="hstack icons-row"> <!--?lit$336419335$--><!----><div class="box rounded-circle d-inline-flex align-middle bg-body attributed border "> <!--?lit$336419335$--><div data-tooltip-position="right" data-tooltip-text="CAPE Sandbox"> <!--?lit$336419335$--><!--?lit$336419335$--><svg width="1em" height="1em" viewBox="0 0 24 2
<path d="M6.18844 18.4529C6.18844 18.4529 4.13057 16.586 3.59932 12.5028C3.06807 8.41949 4.75523 5.8289 6.88217 3.82163C9.00912 1.81437 12.1772 1.27818 14.3732 3.16859C16.5692 5.05899 18.3264 8.44208 15.9913 10.7528C15.9913 10.7528 12.7084 7.08884 7.99138 10.6359C4.75426 13.366 6.18844 18.4529 6.18844 18.4529Z" fill="#FF001D"></path>
<path d="M13.009 22C13.009 22 8.61594 21.2998 7.38317 17.0997C6.1504 12.8995 8.06134 10.9237 10.6203 10.2078C10.6203 10.2078 9.69595 12.4173 11.6526 12.9771C13.6093 13.5369 15.7985 13.1018 17.3553 10.69C17.3553 10.6585 18.049 9.7099 17.7562 6.73828C17.7562 6.73828 18.7116 8.60511 20.5 9.44475C20.5 9.44475 19.3752 10.6271 20.4533 12.93C20.4533 12.93 18.6503 13.4593 18.7574 15.8859C18.7574 15.8859 16.6304 15.8083 16.1527 18.4843C16.1527 18.4843 12.4699 18.6709 13.009 22Z" fill="#222222"></path>
</svg>
<!--?--> </div> </div><!----> </div><!--?--></template></vt-ui-sandbox-icon-row> <a target="_blank" href="https://www.virustotal.com/gui/search/mbc%253AC0016"><!--?lit$336419335$-->Create File</a> <span role="button" class="badge rounded-pill bg-body-tertiary text-body-tertiary ms-2"> <!--?lit$336419335$-->C0016 <vt-ui-popover><template shadowrootmode="open"><!----> <div class="popover bs-popover-auto shadow" role="tooltip" data-popper-reference-hidden="" data-popper-escaped="" data-popper-placement="right" style="position: absolute; inset: 0px auto auto 0px; margin: 0px; transform: translate3d(6.82261px, 0px, 0px);"> <div data-popper-arrow="" class="popover-arrow position-absolute" style="position: absolute; top: 0px; transform: translate3d(0px, 0px, 0px);"></div> <h3 class="popover-header d-none "> <slot name="header"></slot> </h3> <div class="popover-body" style="max-height:calc(100vh - 50px);overflow-y:auto"> <slot name="content"></slot> </div> </div> </template> <span slot="header"> <div class="hstack j
<path d="M9.058 17.5c-.505 0-.933-.175-1.283-.525a1.745 1.745 0 0 1-.525-1.283V4.308c0-.505.175-.933.525-1.283.35-.35.778-.525 1.283-.525h8.384c.505 0 .933.175 1.283.525.35.35.525.778.525 1.283v11.384c0 .505-.175.933-.525 1.283-.35.35-.778.525-1.283.525H9.058Zm0-1.5h8.384a.294.294 0 0 0 .212-.096.294.294 0 0 0 .096-.212V4.308a.294.294 0 0 0-.096-.212.294.294 0 0 0-.212-.096H9.058a.294.294 0 0 0-.212.096.294.294 0 0 0-.096.212v11.384c0 .077.032.148.096.212a.294.294 0 0 0 .212.096Zm-3.5 5c-.505 0-.933-.175-1.283-.525a1.745 1.745 0 0 1-.525-1.283V6.308h1.5v12.884c0 .077.032.148.096.212a.294.294 0 0 0 .212.096h9.884V21H5.558Z"></path>
</svg>
<!--?--> </a> </div> </span> <span slot="content"> <p><!--?lit$336419335$-->Malware creates a file.</p> <a target="_blank" class="btn btn-primary" href="https://github.com/MBCProject/mbc-markdown/blob/main/micro-behaviors/file-system/create-file.md"> View on MBC Project </a> </span> </vt-ui-popover> </span> </div> <div class="vstack gap-1 ps-4"> <!--?lit$336419335$--> </div> </span> </td> </tr> <!----><!----> <tr> <td class="py-2 px-0"> <span class="vstack gap-1 p-0"> <!--?lit$336419335$--> <div class="hstack"> <!--?lit$336419335$--><vt-ui-sandbox-icon-row class="me-2"><template shadowrootmode="open"><!----> <!--?lit$336419335$--><div class="hstack icons-row"> <!--?lit$336419335$--><!----><div class="box rounded-circle d-inline-flex align-middle bg-body attributed border "> <!--?lit$336419335$--><div data-tooltip-position="right" data-tooltip-text="CAPE Sandbox"> <!--?lit$336419335$--><!--?lit$336419335$--><svg width="1em" height="1em" viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg">
<path d="M6.18844 18.4529C6.18844 18.4529 4.13057 16.586 3.59932 12.5028C3.06807 8.41949 4.75523 5.8289 6.88217 3.82163C9.00912 1.81437 12.1772 1.27818 14.3732 3.16859C16.5692 5.05899 18.3264 8.44208 15.9913 10.7528C15.9913 10.7528 12.7084 7.08884 7.99138 10.6359C4.75426 13.366 6.18844 18.4529 6.18844 18.4529Z" fill="#FF001D"></path>
<path d="M13.009 22C13.009 22 8.61594 21.2998 7.38317 17.0997C6.1504 12.8995 8.06134 10.9237 10.6203 10.2078C10.6203 10.2078 9.69595 12.4173 11.6526 12.9771C13.6093 13.5369 15.7985 13.1018 17.3553 10.69C17.3553 10.6585 18.049 9.7099 17.7562 6.73828C17.7562 6.73828 18.7116 8.60511 20.5 9.44475C20.5 9.44475 19.3752 10.6271 20.4533 12.93C20.4533 12.93 18.6503 13.4593 18.7574 15.8859C18.7574 15.8859 16.6304 15.8083 16.1527 18.4843C16.1527 18.4843 12.4699 18.6709 13.009 22Z" fill="#222222"></path>
</svg>
<!--?--> </div> </div><!----> </div><!--?--></template></vt-ui-sandbox-icon-row> <a target="_blank" href="https://www.virustotal.com/gui/search/mbc%253AC0047"><!--?lit$336419335$-->Delete File</a> <span role="button" class="badge rounded-pill bg-body-tertiary text-body-tertiary ms-2"> <!--?lit$336419335$-->C0047 <vt-ui-popover><template shadowrootmode="open"><!----> <div class="popover bs-popover-auto shadow" role="tooltip" data-popper-reference-hidden="" data-popper-escaped="" data-popper-placement="right" style="position: absolute; inset: 0px auto auto 0px; margin: 0px; transform: translate3d(6.82261px, 0px, 0px);"> <div data-popper-arrow="" class="popover-arrow position-absolute" style="position: absolute; top: 0px; transform: translate3d(0px, 0px, 0px);"></div> <h3 class="popover-header d-none "> <slot name="header"></slot> </h3> <div class="popover-body" style="max-height:calc(100vh - 50px);overflow-y:auto"> <slot name="content"></slot> </div> </div> </template> <span slot="header"> <div class="hstack j
<path d="M9.058 17.5c-.505 0-.933-.175-1.283-.525a1.745 1.745 0 0 1-.525-1.283V4.308c0-.505.175-.933.525-1.283.35-.35.778-.525 1.283-.525h8.384c.505 0 .933.175 1.283.525.35.35.525.778.525 1.283v11.384c0 .505-.175.933-.525 1.283-.35.35-.778.525-1.283.525H9.058Zm0-1.5h8.384a.294.294 0 0 0 .212-.096.294.294 0 0 0 .096-.212V4.308a.294.294 0 0 0-.096-.212.294.294 0 0 0-.212-.096H9.058a.294.294 0 0 0-.212.096.294.294 0 0 0-.096.212v11.384c0 .077.032.148.096.212a.294.294 0 0 0 .212.096Zm-3.5 5c-.505 0-.933-.175-1.283-.525a1.745 1.745 0 0 1-.525-1.283V6.308h1.5v12.884c0 .077.032.148.096.212a.294.294 0 0 0 .212.096h9.884V21H5.558Z"></path>
</svg>
<!--?--> </a> </div> </span> <span slot="content"> <p><!--?lit$336419335$-->Malware deletes a file.</p> <a target="_blank" class="btn btn-primary" href="https://github.com/MBCProject/mbc-markdown/blob/main/micro-behaviors/file-system/delete-file.md"> View on MBC Project </a> </span> </vt-ui-popover> </span> </div> <div class="vstack gap-1 ps-4"> <!--?lit$336419335$--> </div> </span> </td> </tr> <!----><!----> <tr> <td class="py-2 px-0"> <span class="vstack gap-1 p-0"> <!--?lit$336419335$--> <div class="hstack"> <!--?lit$336419335$--><vt-ui-sandbox-icon-row class="me-2"><template shadowrootmode="open"><!----> <!--?lit$336419335$--><div class="hstack icons-row"> <!--?lit$336419335$--><!----><div class="box rounded-circle d-inline-flex align-middle bg-body attributed border "> <!--?lit$336419335$--><div data-tooltip-position="right" data-tooltip-text="CAPE Sandbox"> <!--?lit$336419335$--><!--?lit$336419335$--><svg width="1em" height="1em" viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg">
<path d="M6.18844 18.4529C6.18844 18.4529 4.13057 16.586 3.59932 12.5028C3.06807 8.41949 4.75523 5.8289 6.88217 3.82163C9.00912 1.81437 12.1772 1.27818 14.3732 3.16859C16.5692 5.05899 18.3264 8.44208 15.9913 10.7528C15.9913 10.7528 12.7084 7.08884 7.99138 10.6359C4.75426 13.366 6.18844 18.4529 6.18844 18.4529Z" fill="#FF001D"></path>
<path d="M13.009 22C13.009 22 8.61594 21.2998 7.38317 17.0997C6.1504 12.8995 8.06134 10.9237 10.6203 10.2078C10.6203 10.2078 9.69595 12.4173 11.6526 12.9771C13.6093 13.5369 15.7985 13.1018 17.3553 10.69C17.3553 10.6585 18.049 9.7099 17.7562 6.73828C17.7562 6.73828 18.7116 8.60511 20.5 9.44475C20.5 9.44475 19.3752 10.6271 20.4533 12.93C20.4533 12.93 18.6503 13.4593 18.7574 15.8859C18.7574 15.8859 16.6304 15.8083 16.1527 18.4843C16.1527 18.4843 12.4699 18.6709 13.009 22Z" fill="#222222"></path>
</svg>
<!--?--> </div> </div><!----> </div><!--?--></template></vt-ui-sandbox-icon-row> <a target="_blank" href="https://www.virustotal.com/gui/search/mbc%253AC0051"><!--?lit$336419335$-->Read File</a> <span role="button" class="badge rounded-pill bg-body-tertiary text-body-tertiary ms-2"> <!--?lit$336419335$-->C0051 <vt-ui-popover><template shadowrootmode="open"><!----> <div class="popover bs-popover-auto shadow" role="tooltip" data-popper-reference-hidden="" data-popper-escaped="" data-popper-placement="right" style="position: absolute; inset: 0px auto auto 0px; margin: 0px; transform: translate3d(6.82261px, 0px, 0px);"> <div data-popper-arrow="" class="popover-arrow position-absolute" style="position: absolute; top: 0px; transform: translate3d(0px, 0px, 0px);"></div> <h3 class="popover-header d-none "> <slot name="header"></slot> </h3> <div class="popover-body" style="max-height:calc(100vh - 50px);overflow-y:auto"> <slot name="content"></slot> </div> </div> </template> <span slot="header"> <div class="hstack jus
<path d="M9.058 17.5c-.505 0-.933-.175-1.283-.525a1.745 1.745 0 0 1-.525-1.283V4.308c0-.505.175-.933.525-1.283.35-.35.778-.525 1.283-.525h8.384c.505 0 .933.175 1.283.525.35.35.525.778.525 1.283v11.384c0 .505-.175.933-.525 1.283-.35.35-.778.525-1.283.525H9.058Zm0-1.5h8.384a.294.294 0 0 0 .212-.096.294.294 0 0 0 .096-.212V4.308a.294.294 0 0 0-.096-.212.294.294 0 0 0-.212-.096H9.058a.294.294 0 0 0-.212.096.294.294 0 0 0-.096.212v11.384c0 .077.032.148.096.212a.294.294 0 0 0 .212.096Zm-3.5 5c-.505 0-.933-.175-1.283-.525a1.745 1.745 0 0 1-.525-1.283V6.308h1.5v12.884c0 .077.032.148.096.212a.294.294 0 0 0 .212.096h9.884V21H5.558Z"></path>
</svg>
<!--?--> </a> </div> </span> <span slot="content"> <p><!--?lit$336419335$-->Malware reads a file.</p> <a target="_blank" class="btn btn-primary" href="https://github.com/MBCProject/mbc-markdown/blob/main/micro-behaviors/file-system/read-file.md"> View on MBC Project </a> </span> </vt-ui-popover> </span> </div> <div class="vstack gap-1 ps-4"> <!--?lit$336419335$--> </div> </span> </td> </tr> <!----><!----> <tr> <td class="py-2 px-0"> <span class="vstack gap-1 p-0"> <!--?lit$336419335$--> <div class="hstack"> <!--?lit$336419335$--><vt-ui-sandbox-icon-row class="me-2"><template shadowrootmode="open"><!----> <!--?lit$336419335$--><div class="hstack icons-row"> <!--?lit$336419335$--><!----><div class="box rounded-circle d-inline-flex align-middle bg-body attributed border "> <!--?lit$336419335$--><div data-tooltip-position="right" data-tooltip-text="CAPA"> <!--?lit$336419335$--><!--?lit$336419335$--><svg xmlns="http://www.w3.org/2000/svg" fill="none" viewBox="0 0 24 24" width="1em" height="1em">
<g clip-path="url(#a)">
<path fill="#CBCBCB" fill-rule="evenodd" d="M13.86 3.22c-.399-.048-.603-.665-.676-1.024a.845.845 0 0 0-.024-.09.822.822 0 0 1 .47.579c.034.171.127.381.23.535Zm-3.595-.68c-.018-.018-.033-.033-.05-.046l.016.015c.011.01.022.021.034.03Zm6.928 2.218c-.08-.06-.159-.13-.233-.216V4.54c-.337-.387-.391-.742-.435-1.03-.013-.087-.025-.169-.045-.243.13-.01.212.05.282.213.043.1.06.219.081.352.04.262.088.58.35.926Zm3.48 3.84c.055-.084.11-.17.157-.276a.65.65 0 0 0 .066-.357c.356.13.379.382.25.678-.046.106-.101.191-.156.275-.133.202-.262.4-.246.88.013.359.108.665.261.9-.34-.225-.559-.66-.578-1.221-.015-.48.114-.677.246-.88ZM18.907 6.24c-.06.344.17.68.49.931-.137-.189-.212-.397-.174-.61.113-.634.135-1.065.135-1.065s0-.223-.323-.222c-.013.162-.048.51-.127.964l-.001.002ZM2.542 13.057c-.09-.036-.165-.149-.201-.277h.001c.208.077.553.223.776.553-.187-.131-.383-.204-.507-.25l-.07-.026Zm9.79 7.603c-1.006 0-1.312.68-1.312.68s-.088.286-.386.336c.074.193.142.314.293.324.287.02.469-.317.469-.317s.245-.703 1.253-.703c.432 0 .749.146.9
<path fill="#0094DD" fill-rule="evenodd" d="M9.335 20.297c-1.072-.25-1.744.784-1.744.784l.003.003c-.11.151-.537.03-.52-.336.002-.057.008-.123.016-.195.04-.393.102-.993-.389-1.566-.544-.635-1.264-.379-1.575-.269-.021.008-.04.015-.058.02-.27.092-.694-.203-.537-.588.157-.385.27-1.156-.044-1.472-.314-.316-.738-.7-1.253-.61-.515.089-.581-.43-.402-.703.031-.049.07-.098.112-.15.194-.246.454-.574.38-1.3-.082-.8-.734-1.042-1.021-1.148-.03-.01-.054-.02-.075-.029-.223-.091-.358-.655-.022-.747.336-.091.762-.43.873-1.132.11-.702-.18-1.132-.493-1.472-.314-.34-.112-.566.067-.68.053-.034.123-.043.209-.055.202-.028.495-.07.887-.466.559-.566.402-1.584.245-1.946-.157-.363.022-.634.604-.566.58.067.826-.047 1.184-.363l.024-.02c.344-.304.558-.493.513-1.18-.046-.702.334-.677.648-.543.314.135.895.318 1.498.045.604-.272.76-.771.805-1.11.046-.338.402-.588.694-.27.307.335.616.633 1.077.718.247.045.5.037.75.01.359-.04.49-.143.656-.448.012-.02.023-.041.034-.063.103-.192.229-.427.459-.45.3-.03.419.446.48.689l.01.04c.075.297.36.443.693
<path fill="#000" d="M21.568 11.582c.223-.27.134-.61-.336-.77-.469-.158-.783-.655-.805-1.335-.022-.68.246-.792.402-1.155.157-.362.09-.655-.536-.747-.626-.09-1.499-.702-1.386-1.335.112-.634.118-.974.118-.974s-.61.023-1.013 1.336c-.403 1.313 1.543 1.902 1.454 5.931-.089 4.03-4.226 6.294-5.3 6.542-1.026.238-2.645.66-4.698.024l4.03-4.26a.595.595 0 0 0 .155-.447l-.016-.218a.326.326 0 0 0-.33-.304l-2.717-.067a.117.117 0 0 1-.108-.164l1.606-3.643c.043-.096.071-.075.112.023l2.528 5.994c.111.267.376.437.662.425l1.796-.076a.418.418 0 0 0 .358-.595L12.666 4.968a.586.586 0 0 0-1.07.006L6.803 15.947a.308.308 0 0 0 .282.436l1.877-.024-1.893 4.387a.32.32 0 0 0 .095.372c.13.103.315.087.426-.035l.428-.452c.302-.24.754-.464 1.316-.334 1.074.249.852 1.33 1.275 1.38.306.04.469-.317.469-.317s.245-.702 1.253-.702c.735 0 1.137.423 1.299.65a.483.483 0 0 0 .426.214c.131-.011.261-.082.31-.298.113-.499.336-1.065.917-1.313a1.543 1.543 0 0 1 1.454.158c.268.204.738.137.672-.384-.067-.521.044-1.065.537-1.472.492-.408.827-.43 1.386-.408
</g>
<defs>
<clippath id="a">
<path fill="#fff" d="M2 2h20v20H2z"></path>
</clippath>
</defs>
</svg>
<!--?--> </div> </div><!----> </div><!--?--></template></vt-ui-sandbox-icon-row> <a target="_blank" href="https://www.virustotal.com/gui/search/mbc%253AC0052"><!--?lit$336419335$-->Writes File</a> <span role="button" class="badge rounded-pill bg-body-tertiary text-body-tertiary ms-2"> <!--?lit$336419335$-->C0052 <vt-ui-popover><template shadowrootmode="open"><!----> <div class="popover bs-popover-auto shadow" role="tooltip" data-popper-reference-hidden="" data-popper-escaped="" data-popper-placement="right" style="position: absolute; inset: 0px auto auto 0px; margin: 0px; transform: translate3d(6.82261px, 0px, 0px);"> <div data-popper-arrow="" class="popover-arrow position-absolute" style="position: absolute; top: 0px; transform: translate3d(0px, 0px, 0px);"></div> <h3 class="popover-header d-none "> <slot name="header"></slot> </h3> <div class="popover-body" style="max-height:calc(100vh - 50px);overflow-y:auto"> <slot name="content"></slot> </div> </div> </template> <span slot="header"> <div class="hstack j
<path d="M9.058 17.5c-.505 0-.933-.175-1.283-.525a1.745 1.745 0 0 1-.525-1.283V4.308c0-.505.175-.933.525-1.283.35-.35.778-.525 1.283-.525h8.384c.505 0 .933.175 1.283.525.35.35.525.778.525 1.283v11.384c0 .505-.175.933-.525 1.283-.35.35-.778.525-1.283.525H9.058Zm0-1.5h8.384a.294.294 0 0 0 .212-.096.294.294 0 0 0 .096-.212V4.308a.294.294 0 0 0-.096-.212.294.294 0 0 0-.212-.096H9.058a.294.294 0 0 0-.212.096.294.294 0 0 0-.096.212v11.384c0 .077.032.148.096.212a.294.294 0 0 0 .212.096Zm-3.5 5c-.505 0-.933-.175-1.283-.525a1.745 1.745 0 0 1-.525-1.283V6.308h1.5v12.884c0 .077.032.148.096.212a.294.294 0 0 0 .212.096h9.884V21H5.558Z"></path>
</svg>
<!--?--> </a> </div> </span> <span slot="content"> <p><!--?lit$336419335$-->Malware writes to a file.</p> <a target="_blank" class="btn btn-primary" href="https://github.com/MBCProject/mbc-markdown/blob/main/micro-behaviors/file-system/writes-file.md"> View on MBC Project </a> </span> </vt-ui-popover> </span> </div> <div class="vstack gap-1 ps-4"> <!--?lit$336419335$--> </div> </span> </td> </tr> <!----> </table> </span> </vt-ui-expandable-detail> <!----><!----> <vt-ui-expandable-detail><template shadowrootmode="open"><!----> <div id="labelWrapper"> <vt-ui-button icon="" class="icon" is-expandable-control=""><template shadowrootmode="open"><!----> <!--?lit$336419335$--> <span id="wrapperLink" class=" wrapperLink--no-empty-start-space " tabindex="0"> <!--?lit$336419335$--> <!--?lit$336419335$--> <span class="wrapper "> <!--?lit$336419335$--><!--?lit$336419335$--><svg xmlns="http://www.w3.org/2000/svg" width="1em" height="1em" viewBox="0 0 24 24" fill="currentColor">
<path d="M11.35 12.636H5.703V11.34h5.649V5.69h1.298v5.65h5.649v1.297H12.65v5.65h-1.298v-5.65Z"></path>
</svg>
<!--?--> <span id="slot"><slot></slot></span> <!--?lit$336419335$--> </span> </span> <div class="spinner"> <div class="bounce1"></div> <div class="bounce2"></div> <div class="bounce3"></div> </div> </template></vt-ui-button> <div id="label"> <slot name="label-content"> <!--?lit$336419335$--> </slot> </div> </div> <div id="content" hidden=""> <slot name="content"></slot> </div> </template> <span slot="label-content"> <h5 class="fs-6 fw-bold my-1 d-flex w-100 align-items-center"> <!--?lit$336419335$--> <div class="hstack"> <!--?lit$336419335$--> <a target="_blank" href="https://www.virustotal.com/gui/search/mbc%253AOC0003"><!--?lit$336419335$-->Process</a> <span role="button" class="badge rounded-pill bg-body-tertiary text-body-tertiary ms-2"> <!--?lit$336419335$-->OC0003 <vt-ui-popover><template shadowrootmode="open"><!----> <div class="popover bs-popover-auto shadow" role="tooltip" data-popper-reference-hidden="" data-popper-escaped="" data-popper-placement="top" style="position: absolute; inset: auto auto
<path d="M9.058 17.5c-.505 0-.933-.175-1.283-.525a1.745 1.745 0 0 1-.525-1.283V4.308c0-.505.175-.933.525-1.283.35-.35.778-.525 1.283-.525h8.384c.505 0 .933.175 1.283.525.35.35.525.778.525 1.283v11.384c0 .505-.175.933-.525 1.283-.35.35-.778.525-1.283.525H9.058Zm0-1.5h8.384a.294.294 0 0 0 .212-.096.294.294 0 0 0 .096-.212V4.308a.294.294 0 0 0-.096-.212.294.294 0 0 0-.212-.096H9.058a.294.294 0 0 0-.212.096.294.294 0 0 0-.096.212v11.384c0 .077.032.148.096.212a.294.294 0 0 0 .212.096Zm-3.5 5c-.505 0-.933-.175-1.283-.525a1.745 1.745 0 0 1-.525-1.283V6.308h1.5v12.884c0 .077.032.148.096.212a.294.294 0 0 0 .212.096h9.884V21H5.558Z"></path>
</svg>
<!--?--> </a> </div> </span> <span slot="content"> <p><!--?lit$336419335$-->Micro-behaviors related to processes.</p> <a target="_blank" class="btn btn-primary" href="https://github.com/MBCProject/mbc-markdown/blob/main/micro-behaviors/process/README.md"> View on MBC Project </a> </span> </vt-ui-popover> </span> </div> </h5> </span> <span slot="content"> <table class="table table-borderless table-sm w-auto fs-6 ms-2 mb-0"> <!--?lit$336419335$--><!----> <tr> <td class="py-2 px-0"> <span class="vstack gap-1 p-0"> <!--?lit$336419335$--> <div class="hstack"> <!--?lit$336419335$--><vt-ui-sandbox-icon-row class="me-2"><template shadowrootmode="open"><!----> <!--?lit$336419335$--><div class="hstack icons-row"> <!--?lit$336419335$--><!----><div class="box rounded-circle d-inline-flex align-middle bg-body attributed border "> <!--?lit$336419335$--><div data-tooltip-position="right" data-tooltip-text="CAPA"> <!--?lit$336419335$--><!--?lit$336419335$--><svg xmlns="http://www.w3.org/2000/svg" fill="none" viewBox="0 0 24
<g clip-path="url(#a)">
<path fill="#CBCBCB" fill-rule="evenodd" d="M13.86 3.22c-.399-.048-.603-.665-.676-1.024a.845.845 0 0 0-.024-.09.822.822 0 0 1 .47.579c.034.171.127.381.23.535Zm-3.595-.68c-.018-.018-.033-.033-.05-.046l.016.015c.011.01.022.021.034.03Zm6.928 2.218c-.08-.06-.159-.13-.233-.216V4.54c-.337-.387-.391-.742-.435-1.03-.013-.087-.025-.169-.045-.243.13-.01.212.05.282.213.043.1.06.219.081.352.04.262.088.58.35.926Zm3.48 3.84c.055-.084.11-.17.157-.276a.65.65 0 0 0 .066-.357c.356.13.379.382.25.678-.046.106-.101.191-.156.275-.133.202-.262.4-.246.88.013.359.108.665.261.9-.34-.225-.559-.66-.578-1.221-.015-.48.114-.677.246-.88ZM18.907 6.24c-.06.344.17.68.49.931-.137-.189-.212-.397-.174-.61.113-.634.135-1.065.135-1.065s0-.223-.323-.222c-.013.162-.048.51-.127.964l-.001.002ZM2.542 13.057c-.09-.036-.165-.149-.201-.277h.001c.208.077.553.223.776.553-.187-.131-.383-.204-.507-.25l-.07-.026Zm9.79 7.603c-1.006 0-1.312.68-1.312.68s-.088.286-.386.336c.074.193.142.314.293.324.287.02.469-.317.469-.317s.245-.703 1.253-.703c.432 0 .749.146.9
<path fill="#0094DD" fill-rule="evenodd" d="M9.335 20.297c-1.072-.25-1.744.784-1.744.784l.003.003c-.11.151-.537.03-.52-.336.002-.057.008-.123.016-.195.04-.393.102-.993-.389-1.566-.544-.635-1.264-.379-1.575-.269-.021.008-.04.015-.058.02-.27.092-.694-.203-.537-.588.157-.385.27-1.156-.044-1.472-.314-.316-.738-.7-1.253-.61-.515.089-.581-.43-.402-.703.031-.049.07-.098.112-.15.194-.246.454-.574.38-1.3-.082-.8-.734-1.042-1.021-1.148-.03-.01-.054-.02-.075-.029-.223-.091-.358-.655-.022-.747.336-.091.762-.43.873-1.132.11-.702-.18-1.132-.493-1.472-.314-.34-.112-.566.067-.68.053-.034.123-.043.209-.055.202-.028.495-.07.887-.466.559-.566.402-1.584.245-1.946-.157-.363.022-.634.604-.566.58.067.826-.047 1.184-.363l.024-.02c.344-.304.558-.493.513-1.18-.046-.702.334-.677.648-.543.314.135.895.318 1.498.045.604-.272.76-.771.805-1.11.046-.338.402-.588.694-.27.307.335.616.633 1.077.718.247.045.5.037.75.01.359-.04.49-.143.656-.448.012-.02.023-.041.034-.063.103-.192.229-.427.459-.45.3-.03.419.446.48.689l.01.04c.075.297.36.443.693
<path fill="#000" d="M21.568 11.582c.223-.27.134-.61-.336-.77-.469-.158-.783-.655-.805-1.335-.022-.68.246-.792.402-1.155.157-.362.09-.655-.536-.747-.626-.09-1.499-.702-1.386-1.335.112-.634.118-.974.118-.974s-.61.023-1.013 1.336c-.403 1.313 1.543 1.902 1.454 5.931-.089 4.03-4.226 6.294-5.3 6.542-1.026.238-2.645.66-4.698.024l4.03-4.26a.595.595 0 0 0 .155-.447l-.016-.218a.326.326 0 0 0-.33-.304l-2.717-.067a.117.117 0 0 1-.108-.164l1.606-3.643c.043-.096.071-.075.112.023l2.528 5.994c.111.267.376.437.662.425l1.796-.076a.418.418 0 0 0 .358-.595L12.666 4.968a.586.586 0 0 0-1.07.006L6.803 15.947a.308.308 0 0 0 .282.436l1.877-.024-1.893 4.387a.32.32 0 0 0 .095.372c.13.103.315.087.426-.035l.428-.452c.302-.24.754-.464 1.316-.334 1.074.249.852 1.33 1.275 1.38.306.04.469-.317.469-.317s.245-.702 1.253-.702c.735 0 1.137.423 1.299.65a.483.483 0 0 0 .426.214c.131-.011.261-.082.31-.298.113-.499.336-1.065.917-1.313a1.543 1.543 0 0 1 1.454.158c.268.204.738.137.672-.384-.067-.521.044-1.065.537-1.472.492-.408.827-.43 1.386-.408
</g>
<defs>
<clippath id="a">
<path fill="#fff" d="M2 2h20v20H2z"></path>
</clippath>
</defs>
</svg>
<!--?--> </div> </div><!----><!----><div class="box rounded-circle d-inline-flex align-middle bg-body attributed border icon-margin "> <!--?lit$336419335$--><div data-tooltip-position="right" data-tooltip-text="CAPE Sandbox"> <!--?lit$336419335$--><!--?lit$336419335$--><svg width="1em" height="1em" viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg">
<path d="M6.18844 18.4529C6.18844 18.4529 4.13057 16.586 3.59932 12.5028C3.06807 8.41949 4.75523 5.8289 6.88217 3.82163C9.00912 1.81437 12.1772 1.27818 14.3732 3.16859C16.5692 5.05899 18.3264 8.44208 15.9913 10.7528C15.9913 10.7528 12.7084 7.08884 7.99138 10.6359C4.75426 13.366 6.18844 18.4529 6.18844 18.4529Z" fill="#FF001D"></path>
<path d="M13.009 22C13.009 22 8.61594 21.2998 7.38317 17.0997C6.1504 12.8995 8.06134 10.9237 10.6203 10.2078C10.6203 10.2078 9.69595 12.4173 11.6526 12.9771C13.6093 13.5369 15.7985 13.1018 17.3553 10.69C17.3553 10.6585 18.049 9.7099 17.7562 6.73828C17.7562 6.73828 18.7116 8.60511 20.5 9.44475C20.5 9.44475 19.3752 10.6271 20.4533 12.93C20.4533 12.93 18.6503 13.4593 18.7574 15.8859C18.7574 15.8859 16.6304 15.8083 16.1527 18.4843C16.1527 18.4843 12.4699 18.6709 13.009 22Z" fill="#222222"></path>
</svg>
<!--?--> </div> </div><!----> </div><!--?--></template></vt-ui-sandbox-icon-row> <a target="_blank" href="https://www.virustotal.com/gui/search/mbc%253AC0018"><!--?lit$336419335$-->Terminate Process</a> <span role="button" class="badge rounded-pill bg-body-tertiary text-body-tertiary ms-2"> <!--?lit$336419335$-->C0018 <vt-ui-popover><template shadowrootmode="open"><!----> <div class="popover bs-popover-auto shadow" role="tooltip" data-popper-reference-hidden="" data-popper-escaped="" data-popper-placement="right" style="position: absolute; inset: 0px auto auto 0px; margin: 0px; transform: translate3d(6.82261px, 0px, 0px);"> <div data-popper-arrow="" class="popover-arrow position-absolute" style="position: absolute; top: 0px; transform: translate3d(0px, 0px, 0px);"></div> <h3 class="popover-header d-none "> <slot name="header"></slot> </h3> <div class="popover-body" style="max-height:calc(100vh - 50px);overflow-y:auto"> <slot name="content"></slot> </div> </div> </template> <span slot="header"> <div class="hs
<path d="M9.058 17.5c-.505 0-.933-.175-1.283-.525a1.745 1.745 0 0 1-.525-1.283V4.308c0-.505.175-.933.525-1.283.35-.35.778-.525 1.283-.525h8.384c.505 0 .933.175 1.283.525.35.35.525.778.525 1.283v11.384c0 .505-.175.933-.525 1.283-.35.35-.778.525-1.283.525H9.058Zm0-1.5h8.384a.294.294 0 0 0 .212-.096.294.294 0 0 0 .096-.212V4.308a.294.294 0 0 0-.096-.212.294.294 0 0 0-.212-.096H9.058a.294.294 0 0 0-.212.096.294.294 0 0 0-.096.212v11.384c0 .077.032.148.096.212a.294.294 0 0 0 .212.096Zm-3.5 5c-.505 0-.933-.175-1.283-.525a1.745 1.745 0 0 1-.525-1.283V6.308h1.5v12.884c0 .077.032.148.096.212a.294.294 0 0 0 .212.096h9.884V21H5.558Z"></path>
</svg>
<!--?--> </a> </div> </span> <span slot="content"> <p><!--?lit$336419335$-->Malware terminates a process.</p> <a target="_blank" class="btn btn-primary" href="https://github.com/MBCProject/mbc-markdown/blob/main/micro-behaviors/process/terminate-process.md"> View on MBC Project </a> </span> </vt-ui-popover> </span> </div> <div class="vstack gap-1 ps-4"> <!--?lit$336419335$--> </div> </span> </td> </tr> <!----> </table> </span> </vt-ui-expandable-detail> <!----><!----> <vt-ui-expandable-detail><template shadowrootmode="open"><!----> <div id="labelWrapper"> <vt-ui-button icon="" class="icon" is-expandable-control=""><template shadowrootmode="open"><!----> <!--?lit$336419335$--> <span id="wrapperLink" class=" wrapperLink--no-empty-start-space " tabindex="0"> <!--?lit$336419335$--> <!--?lit$336419335$--> <span class="wrapper "> <!--?lit$336419335$--><!--?lit$336419335$--><svg xmlns="http://www.w3.org/2000/svg" width="1em" height="1em" viewBox="0 0 24 24" fill="currentColor">
<path d="M11.35 12.636H5.703V11.34h5.649V5.69h1.298v5.65h5.649v1.297H12.65v5.65h-1.298v-5.65Z"></path>
</svg>
<!--?--> <span id="slot"><slot></slot></span> <!--?lit$336419335$--> </span> </span> <div class="spinner"> <div class="bounce1"></div> <div class="bounce2"></div> <div class="bounce3"></div> </div> </template></vt-ui-button> <div id="label"> <slot name="label-content"> <!--?lit$336419335$--> </slot> </div> </div> <div id="content" hidden=""> <slot name="content"></slot> </div> </template> <span slot="label-content"> <h5 class="fs-6 fw-bold my-1 d-flex w-100 align-items-center"> <!--?lit$336419335$--> <div class="hstack"> <!--?lit$336419335$--> <a target="_blank" href="https://www.virustotal.com/gui/search/mbc%253AOC0005"><!--?lit$336419335$-->Cryptography</a> <span role="button" class="badge rounded-pill bg-body-tertiary text-body-tertiary ms-2"> <!--?lit$336419335$-->OC0005 <vt-ui-popover><template shadowrootmode="open"><!----> <div class="popover bs-popover-auto shadow" role="tooltip" data-popper-reference-hidden="" data-popper-escaped="" data-popper-placement="top" style="position: absolute; inset: auto
<path d="M9.058 17.5c-.505 0-.933-.175-1.283-.525a1.745 1.745 0 0 1-.525-1.283V4.308c0-.505.175-.933.525-1.283.35-.35.778-.525 1.283-.525h8.384c.505 0 .933.175 1.283.525.35.35.525.778.525 1.283v11.384c0 .505-.175.933-.525 1.283-.35.35-.778.525-1.283.525H9.058Zm0-1.5h8.384a.294.294 0 0 0 .212-.096.294.294 0 0 0 .096-.212V4.308a.294.294 0 0 0-.096-.212.294.294 0 0 0-.212-.096H9.058a.294.294 0 0 0-.212.096.294.294 0 0 0-.096.212v11.384c0 .077.032.148.096.212a.294.294 0 0 0 .212.096Zm-3.5 5c-.505 0-.933-.175-1.283-.525a1.745 1.745 0 0 1-.525-1.283V6.308h1.5v12.884c0 .077.032.148.096.212a.294.294 0 0 0 .212.096h9.884V21H5.558Z"></path>
</svg>
<!--?--> </a> </div> </span> <span slot="content"> <p><!--?lit$336419335$-->Micro-behaviors that enable malware to use crypto.</p> <a target="_blank" class="btn btn-primary" href="https://github.com/MBCProject/mbc-markdown/blob/main/micro-behaviors/cryptography/README.md"> View on MBC Project </a> </span> </vt-ui-popover> </span> </div> </h5> </span> <span slot="content"> <table class="table table-borderless table-sm w-auto fs-6 ms-2 mb-0"> <!--?lit$336419335$--><!----> <tr> <td class="py-2 px-0"> <span class="vstack gap-1 p-0"> <!--?lit$336419335$--> <div class="hstack"> <!--?lit$336419335$--><vt-ui-sandbox-icon-row class="me-2"><template shadowrootmode="open"><!----> <!--?lit$336419335$--><div class="hstack icons-row"> <!--?lit$336419335$--><!----><div class="box rounded-circle d-inline-flex align-middle bg-body attributed border "> <!--?lit$336419335$--><div data-tooltip-position="right" data-tooltip-text="CAPA"> <!--?lit$336419335$--><!--?lit$336419335$--><svg xmlns="http://www.w3.org/2000/svg" fill="non
<g clip-path="url(#a)">
<path fill="#CBCBCB" fill-rule="evenodd" d="M13.86 3.22c-.399-.048-.603-.665-.676-1.024a.845.845 0 0 0-.024-.09.822.822 0 0 1 .47.579c.034.171.127.381.23.535Zm-3.595-.68c-.018-.018-.033-.033-.05-.046l.016.015c.011.01.022.021.034.03Zm6.928 2.218c-.08-.06-.159-.13-.233-.216V4.54c-.337-.387-.391-.742-.435-1.03-.013-.087-.025-.169-.045-.243.13-.01.212.05.282.213.043.1.06.219.081.352.04.262.088.58.35.926Zm3.48 3.84c.055-.084.11-.17.157-.276a.65.65 0 0 0 .066-.357c.356.13.379.382.25.678-.046.106-.101.191-.156.275-.133.202-.262.4-.246.88.013.359.108.665.261.9-.34-.225-.559-.66-.578-1.221-.015-.48.114-.677.246-.88ZM18.907 6.24c-.06.344.17.68.49.931-.137-.189-.212-.397-.174-.61.113-.634.135-1.065.135-1.065s0-.223-.323-.222c-.013.162-.048.51-.127.964l-.001.002ZM2.542 13.057c-.09-.036-.165-.149-.201-.277h.001c.208.077.553.223.776.553-.187-.131-.383-.204-.507-.25l-.07-.026Zm9.79 7.603c-1.006 0-1.312.68-1.312.68s-.088.286-.386.336c.074.193.142.314.293.324.287.02.469-.317.469-.317s.245-.703 1.253-.703c.432 0 .749.146.9
<path fill="#0094DD" fill-rule="evenodd" d="M9.335 20.297c-1.072-.25-1.744.784-1.744.784l.003.003c-.11.151-.537.03-.52-.336.002-.057.008-.123.016-.195.04-.393.102-.993-.389-1.566-.544-.635-1.264-.379-1.575-.269-.021.008-.04.015-.058.02-.27.092-.694-.203-.537-.588.157-.385.27-1.156-.044-1.472-.314-.316-.738-.7-1.253-.61-.515.089-.581-.43-.402-.703.031-.049.07-.098.112-.15.194-.246.454-.574.38-1.3-.082-.8-.734-1.042-1.021-1.148-.03-.01-.054-.02-.075-.029-.223-.091-.358-.655-.022-.747.336-.091.762-.43.873-1.132.11-.702-.18-1.132-.493-1.472-.314-.34-.112-.566.067-.68.053-.034.123-.043.209-.055.202-.028.495-.07.887-.466.559-.566.402-1.584.245-1.946-.157-.363.022-.634.604-.566.58.067.826-.047 1.184-.363l.024-.02c.344-.304.558-.493.513-1.18-.046-.702.334-.677.648-.543.314.135.895.318 1.498.045.604-.272.76-.771.805-1.11.046-.338.402-.588.694-.27.307.335.616.633 1.077.718.247.045.5.037.75.01.359-.04.49-.143.656-.448.012-.02.023-.041.034-.063.103-.192.229-.427.459-.45.3-.03.419.446.48.689l.01.04c.075.297.36.443.693
<path fill="#000" d="M21.568 11.582c.223-.27.134-.61-.336-.77-.469-.158-.783-.655-.805-1.335-.022-.68.246-.792.402-1.155.157-.362.09-.655-.536-.747-.626-.09-1.499-.702-1.386-1.335.112-.634.118-.974.118-.974s-.61.023-1.013 1.336c-.403 1.313 1.543 1.902 1.454 5.931-.089 4.03-4.226 6.294-5.3 6.542-1.026.238-2.645.66-4.698.024l4.03-4.26a.595.595 0 0 0 .155-.447l-.016-.218a.326.326 0 0 0-.33-.304l-2.717-.067a.117.117 0 0 1-.108-.164l1.606-3.643c.043-.096.071-.075.112.023l2.528 5.994c.111.267.376.437.662.425l1.796-.076a.418.418 0 0 0 .358-.595L12.666 4.968a.586.586 0 0 0-1.07.006L6.803 15.947a.308.308 0 0 0 .282.436l1.877-.024-1.893 4.387a.32.32 0 0 0 .095.372c.13.103.315.087.426-.035l.428-.452c.302-.24.754-.464 1.316-.334 1.074.249.852 1.33 1.275 1.38.306.04.469-.317.469-.317s.245-.702 1.253-.702c.735 0 1.137.423 1.299.65a.483.483 0 0 0 .426.214c.131-.011.261-.082.31-.298.113-.499.336-1.065.917-1.313a1.543 1.543 0 0 1 1.454.158c.268.204.738.137.672-.384-.067-.521.044-1.065.537-1.472.492-.408.827-.43 1.386-.408
</g>
<defs>
<clippath id="a">
<path fill="#fff" d="M2 2h20v20H2z"></path>
</clippath>
</defs>
</svg>
<!--?--> </div> </div><!----> </div><!--?--></template></vt-ui-sandbox-icon-row> <a target="_blank" href="https://www.virustotal.com/gui/search/mbc%253AC0021"><!--?lit$336419335$-->Generate Pseudo-random Sequence</a> <span role="button" class="badge rounded-pill bg-body-tertiary text-body-tertiary ms-2"> <!--?lit$336419335$-->C0021 <vt-ui-popover><template shadowrootmode="open"><!----> <div class="popover bs-popover-auto shadow" role="tooltip" data-popper-reference-hidden="" data-popper-escaped="" data-popper-placement="right" style="position: absolute; inset: 0px auto auto 0px; margin: 0px; transform: translate3d(6.82261px, 0px, 0px);"> <div data-popper-arrow="" class="popover-arrow position-absolute" style="position: absolute; top: 0px; transform: translate3d(0px, 0px, 0px);"></div> <h3 class="popover-header d-none "> <slot name="header"></slot> </h3> <div class="popover-body" style="max-height:calc(100vh - 50px);overflow-y:auto"> <slot name="content"></slot> </div> </div> </template> <span slot="header">
<path d="M9.058 17.5c-.505 0-.933-.175-1.283-.525a1.745 1.745 0 0 1-.525-1.283V4.308c0-.505.175-.933.525-1.283.35-.35.778-.525 1.283-.525h8.384c.505 0 .933.175 1.283.525.35.35.525.778.525 1.283v11.384c0 .505-.175.933-.525 1.283-.35.35-.778.525-1.283.525H9.058Zm0-1.5h8.384a.294.294 0 0 0 .212-.096.294.294 0 0 0 .096-.212V4.308a.294.294 0 0 0-.096-.212.294.294 0 0 0-.212-.096H9.058a.294.294 0 0 0-.212.096.294.294 0 0 0-.096.212v11.384c0 .077.032.148.096.212a.294.294 0 0 0 .212.096Zm-3.5 5c-.505 0-.933-.175-1.283-.525a1.745 1.745 0 0 1-.525-1.283V6.308h1.5v12.884c0 .077.032.148.096.212a.294.294 0 0 0 .212.096h9.884V21H5.558Z"></path>
</svg>
<!--?--> </a> </div> </span> <span slot="content"> <p><!--?lit$336419335$-->The Generate Pseudo-random Sequence micro-behavior can be used for a number of purposes. The methods below include specific functions, as well as pseudo-random number generators (PRNG).</p> <a target="_blank" class="btn btn-primary" href="https://github.com/MBCProject/mbc-markdown/blob/main/micro-behaviors/cryptography/generate-pseudorandom-sequence.md"> View on MBC Project </a> </span> </vt-ui-popover> </span> </div> <div class="vstack gap-1 ps-4"> <!--?lit$336419335$--><!----> <div class="hstack"> <!--?lit$336419335$--> <a target="_blank" href="https://www.virustotal.com/gui/search/mbc%253AC0021.004"><!--?lit$336419335$-->RC4 PRGA</a> <span role="button" class="badge rounded-pill bg-body-tertiary text-body-tertiary ms-2"> <!--?lit$336419335$-->C0021.004 <vt-ui-popover><template shadowrootmode="open"><!----> <div class="popover bs-popover-auto shadow" role="tooltip" data-popper-reference-hidden="" data-popper-escaped="" data-popper-p
<path d="M9.058 17.5c-.505 0-.933-.175-1.283-.525a1.745 1.745 0 0 1-.525-1.283V4.308c0-.505.175-.933.525-1.283.35-.35.778-.525 1.283-.525h8.384c.505 0 .933.175 1.283.525.35.35.525.778.525 1.283v11.384c0 .505-.175.933-.525 1.283-.35.35-.778.525-1.283.525H9.058Zm0-1.5h8.384a.294.294 0 0 0 .212-.096.294.294 0 0 0 .096-.212V4.308a.294.294 0 0 0-.096-.212.294.294 0 0 0-.212-.096H9.058a.294.294 0 0 0-.212.096.294.294 0 0 0-.096.212v11.384c0 .077.032.148.096.212a.294.294 0 0 0 .212.096Zm-3.5 5c-.505 0-.933-.175-1.283-.525a1.745 1.745 0 0 1-.525-1.283V6.308h1.5v12.884c0 .077.032.148.096.212a.294.294 0 0 0 .212.096h9.884V21H5.558Z"></path>
</svg>
<!--?--> </a> </div> </span> <span slot="content"> <p><!--?lit$336419335$-->Malware generates a pseudo-random sequence using the RC4 Pseudo Random (Byte) Generation Algorithm (PRGA).</p> <a target="_blank" class="btn btn-primary" href="https://github.com/MBCProject/mbc-markdown/blob/main/micro-behaviors/cryptography/generate-pseudorandom-sequence.md#methods"> View on MBC Project </a> </span> </vt-ui-popover> </span> </div><!----> </div> </span> </td> </tr> <!----><!----> <tr> <td class="py-2 px-0"> <span class="vstack gap-1 p-0"> <!--?lit$336419335$--> <div class="hstack"> <!--?lit$336419335$--><vt-ui-sandbox-icon-row class="me-2"><template shadowrootmode="open"><!----> <!--?lit$336419335$--><div class="hstack icons-row"> <!--?lit$336419335$--><!----><div class="box rounded-circle d-inline-flex align-middle bg-body attributed border "> <!--?lit$336419335$--><div data-tooltip-position="right" data-tooltip-text="CAPA"> <!--?lit$336419335$--><!--?lit$336419335$--><svg xmlns="http://www.w3.org/2000/svg" fill="no
<g clip-path="url(#a)">
<path fill="#CBCBCB" fill-rule="evenodd" d="M13.86 3.22c-.399-.048-.603-.665-.676-1.024a.845.845 0 0 0-.024-.09.822.822 0 0 1 .47.579c.034.171.127.381.23.535Zm-3.595-.68c-.018-.018-.033-.033-.05-.046l.016.015c.011.01.022.021.034.03Zm6.928 2.218c-.08-.06-.159-.13-.233-.216V4.54c-.337-.387-.391-.742-.435-1.03-.013-.087-.025-.169-.045-.243.13-.01.212.05.282.213.043.1.06.219.081.352.04.262.088.58.35.926Zm3.48 3.84c.055-.084.11-.17.157-.276a.65.65 0 0 0 .066-.357c.356.13.379.382.25.678-.046.106-.101.191-.156.275-.133.202-.262.4-.246.88.013.359.108.665.261.9-.34-.225-.559-.66-.578-1.221-.015-.48.114-.677.246-.88ZM18.907 6.24c-.06.344.17.68.49.931-.137-.189-.212-.397-.174-.61.113-.634.135-1.065.135-1.065s0-.223-.323-.222c-.013.162-.048.51-.127.964l-.001.002ZM2.542 13.057c-.09-.036-.165-.149-.201-.277h.001c.208.077.553.223.776.553-.187-.131-.383-.204-.507-.25l-.07-.026Zm9.79 7.603c-1.006 0-1.312.68-1.312.68s-.088.286-.386.336c.074.193.142.314.293.324.287.02.469-.317.469-.317s.245-.703 1.253-.703c.432 0 .749.146.9
<path fill="#0094DD" fill-rule="evenodd" d="M9.335 20.297c-1.072-.25-1.744.784-1.744.784l.003.003c-.11.151-.537.03-.52-.336.002-.057.008-.123.016-.195.04-.393.102-.993-.389-1.566-.544-.635-1.264-.379-1.575-.269-.021.008-.04.015-.058.02-.27.092-.694-.203-.537-.588.157-.385.27-1.156-.044-1.472-.314-.316-.738-.7-1.253-.61-.515.089-.581-.43-.402-.703.031-.049.07-.098.112-.15.194-.246.454-.574.38-1.3-.082-.8-.734-1.042-1.021-1.148-.03-.01-.054-.02-.075-.029-.223-.091-.358-.655-.022-.747.336-.091.762-.43.873-1.132.11-.702-.18-1.132-.493-1.472-.314-.34-.112-.566.067-.68.053-.034.123-.043.209-.055.202-.028.495-.07.887-.466.559-.566.402-1.584.245-1.946-.157-.363.022-.634.604-.566.58.067.826-.047 1.184-.363l.024-.02c.344-.304.558-.493.513-1.18-.046-.702.334-.677.648-.543.314.135.895.318 1.498.045.604-.272.76-.771.805-1.11.046-.338.402-.588.694-.27.307.335.616.633 1.077.718.247.045.5.037.75.01.359-.04.49-.143.656-.448.012-.02.023-.041.034-.063.103-.192.229-.427.459-.45.3-.03.419.446.48.689l.01.04c.075.297.36.443.693
<path fill="#000" d="M21.568 11.582c.223-.27.134-.61-.336-.77-.469-.158-.783-.655-.805-1.335-.022-.68.246-.792.402-1.155.157-.362.09-.655-.536-.747-.626-.09-1.499-.702-1.386-1.335.112-.634.118-.974.118-.974s-.61.023-1.013 1.336c-.403 1.313 1.543 1.902 1.454 5.931-.089 4.03-4.226 6.294-5.3 6.542-1.026.238-2.645.66-4.698.024l4.03-4.26a.595.595 0 0 0 .155-.447l-.016-.218a.326.326 0 0 0-.33-.304l-2.717-.067a.117.117 0 0 1-.108-.164l1.606-3.643c.043-.096.071-.075.112.023l2.528 5.994c.111.267.376.437.662.425l1.796-.076a.418.418 0 0 0 .358-.595L12.666 4.968a.586.586 0 0 0-1.07.006L6.803 15.947a.308.308 0 0 0 .282.436l1.877-.024-1.893 4.387a.32.32 0 0 0 .095.372c.13.103.315.087.426-.035l.428-.452c.302-.24.754-.464 1.316-.334 1.074.249.852 1.33 1.275 1.38.306.04.469-.317.469-.317s.245-.702 1.253-.702c.735 0 1.137.423 1.299.65a.483.483 0 0 0 .426.214c.131-.011.261-.082.31-.298.113-.499.336-1.065.917-1.313a1.543 1.543 0 0 1 1.454.158c.268.204.738.137.672-.384-.067-.521.044-1.065.537-1.472.492-.408.827-.43 1.386-.408
</g>
<defs>
<clippath id="a">
<path fill="#fff" d="M2 2h20v20H2z"></path>
</clippath>
</defs>
</svg>
<!--?--> </div> </div><!----> </div><!--?--></template></vt-ui-sandbox-icon-row> <a target="_blank" href="https://www.virustotal.com/gui/search/mbc%253AC0027"><!--?lit$336419335$-->Encrypt Data</a> <span role="button" class="badge rounded-pill bg-body-tertiary text-body-tertiary ms-2"> <!--?lit$336419335$-->C0027 <vt-ui-popover><template shadowrootmode="open"><!----> <div class="popover bs-popover-auto shadow" role="tooltip" data-popper-reference-hidden="" data-popper-escaped="" data-popper-placement="right" style="position: absolute; inset: 0px auto auto 0px; margin: 0px; transform: translate3d(6.82261px, 0px, 0px);"> <div data-popper-arrow="" class="popover-arrow position-absolute" style="position: absolute; top: 0px; transform: translate3d(0px, 0px, 0px);"></div> <h3 class="popover-header d-none "> <slot name="header"></slot> </h3> <div class="popover-body" style="max-height:calc(100vh - 50px);overflow-y:auto"> <slot name="content"></slot> </div> </div> </template> <span slot="header"> <div class="hstack
<path d="M9.058 17.5c-.505 0-.933-.175-1.283-.525a1.745 1.745 0 0 1-.525-1.283V4.308c0-.505.175-.933.525-1.283.35-.35.778-.525 1.283-.525h8.384c.505 0 .933.175 1.283.525.35.35.525.778.525 1.283v11.384c0 .505-.175.933-.525 1.283-.35.35-.778.525-1.283.525H9.058Zm0-1.5h8.384a.294.294 0 0 0 .212-.096.294.294 0 0 0 .096-.212V4.308a.294.294 0 0 0-.096-.212.294.294 0 0 0-.212-.096H9.058a.294.294 0 0 0-.212.096.294.294 0 0 0-.096.212v11.384c0 .077.032.148.096.212a.294.294 0 0 0 .212.096Zm-3.5 5c-.505 0-.933-.175-1.283-.525a1.745 1.745 0 0 1-.525-1.283V6.308h1.5v12.884c0 .077.032.148.096.212a.294.294 0 0 0 .212.096h9.884V21H5.558Z"></path>
</svg>
<!--?--> </a> </div> </span> <span slot="content"> <p><!--?lit$336419335$-->Malware may encrypt data.</p> <a target="_blank" class="btn btn-primary" href="https://github.com/MBCProject/mbc-markdown/blob/main/micro-behaviors/cryptography/encrypt-data.md"> View on MBC Project </a> </span> </vt-ui-popover> </span> </div> <div class="vstack gap-1 ps-4"> <!--?lit$336419335$--><!----> <div class="hstack"> <!--?lit$336419335$--> <a target="_blank" href="https://www.virustotal.com/gui/search/mbc%253AC0027.009"><!--?lit$336419335$-->RC4</a> <span role="button" class="badge rounded-pill bg-body-tertiary text-body-tertiary ms-2"> <!--?lit$336419335$-->C0027.009 <vt-ui-popover><template shadowrootmode="open"><!----> <div class="popover bs-popover-auto shadow" role="tooltip" data-popper-reference-hidden="" data-popper-escaped="" data-popper-placement="right" style="position: absolute; inset: 0px auto auto 0px; margin: 0px; transform: translate3d(6.82261px, 0px, 0px);"> <div data-popper-arrow="" class="popover-arrow positi
<path d="M9.058 17.5c-.505 0-.933-.175-1.283-.525a1.745 1.745 0 0 1-.525-1.283V4.308c0-.505.175-.933.525-1.283.35-.35.778-.525 1.283-.525h8.384c.505 0 .933.175 1.283.525.35.35.525.778.525 1.283v11.384c0 .505-.175.933-.525 1.283-.35.35-.778.525-1.283.525H9.058Zm0-1.5h8.384a.294.294 0 0 0 .212-.096.294.294 0 0 0 .096-.212V4.308a.294.294 0 0 0-.096-.212.294.294 0 0 0-.212-.096H9.058a.294.294 0 0 0-.212.096.294.294 0 0 0-.096.212v11.384c0 .077.032.148.096.212a.294.294 0 0 0 .212.096Zm-3.5 5c-.505 0-.933-.175-1.283-.525a1.745 1.745 0 0 1-.525-1.283V6.308h1.5v12.884c0 .077.032.148.096.212a.294.294 0 0 0 .212.096h9.884V21H5.558Z"></path>
</svg>
<!--?--> </a> </div> </span> <span slot="content"> <p><!--?lit$336419335$-->Malware encrypts with the RC4 algorithm.</p> <a target="_blank" class="btn btn-primary" href="https://github.com/MBCProject/mbc-markdown/blob/main/micro-behaviors/cryptography/encrypt-data.md#methods"> View on MBC Project </a> </span> </vt-ui-popover> </span> </div><!----> </div> </span> </td> </tr> <!----><!----> <tr> <td class="py-2 px-0"> <span class="vstack gap-1 p-0"> <!--?lit$336419335$--> <div class="hstack"> <!--?lit$336419335$--><vt-ui-sandbox-icon-row class="me-2"><template shadowrootmode="open"><!----> <!--?lit$336419335$--><div class="hstack icons-row"> <!--?lit$336419335$--><!----><div class="box rounded-circle d-inline-flex align-middle bg-body attributed border "> <!--?lit$336419335$--><div data-tooltip-position="right" data-tooltip-text="CAPA"> <!--?lit$336419335$--><!--?lit$336419335$--><svg xmlns="http://www.w3.org/2000/svg" fill="none" viewBox="0 0 24 24" width="1em" height="1em">
<g clip-path="url(#a)">
<path fill="#CBCBCB" fill-rule="evenodd" d="M13.86 3.22c-.399-.048-.603-.665-.676-1.024a.845.845 0 0 0-.024-.09.822.822 0 0 1 .47.579c.034.171.127.381.23.535Zm-3.595-.68c-.018-.018-.033-.033-.05-.046l.016.015c.011.01.022.021.034.03Zm6.928 2.218c-.08-.06-.159-.13-.233-.216V4.54c-.337-.387-.391-.742-.435-1.03-.013-.087-.025-.169-.045-.243.13-.01.212.05.282.213.043.1.06.219.081.352.04.262.088.58.35.926Zm3.48 3.84c.055-.084.11-.17.157-.276a.65.65 0 0 0 .066-.357c.356.13.379.382.25.678-.046.106-.101.191-.156.275-.133.202-.262.4-.246.88.013.359.108.665.261.9-.34-.225-.559-.66-.578-1.221-.015-.48.114-.677.246-.88ZM18.907 6.24c-.06.344.17.68.49.931-.137-.189-.212-.397-.174-.61.113-.634.135-1.065.135-1.065s0-.223-.323-.222c-.013.162-.048.51-.127.964l-.001.002ZM2.542 13.057c-.09-.036-.165-.149-.201-.277h.001c.208.077.553.223.776.553-.187-.131-.383-.204-.507-.25l-.07-.026Zm9.79 7.603c-1.006 0-1.312.68-1.312.68s-.088.286-.386.336c.074.193.142.314.293.324.287.02.469-.317.469-.317s.245-.703 1.253-.703c.432 0 .749.146.9
<path fill="#0094DD" fill-rule="evenodd" d="M9.335 20.297c-1.072-.25-1.744.784-1.744.784l.003.003c-.11.151-.537.03-.52-.336.002-.057.008-.123.016-.195.04-.393.102-.993-.389-1.566-.544-.635-1.264-.379-1.575-.269-.021.008-.04.015-.058.02-.27.092-.694-.203-.537-.588.157-.385.27-1.156-.044-1.472-.314-.316-.738-.7-1.253-.61-.515.089-.581-.43-.402-.703.031-.049.07-.098.112-.15.194-.246.454-.574.38-1.3-.082-.8-.734-1.042-1.021-1.148-.03-.01-.054-.02-.075-.029-.223-.091-.358-.655-.022-.747.336-.091.762-.43.873-1.132.11-.702-.18-1.132-.493-1.472-.314-.34-.112-.566.067-.68.053-.034.123-.043.209-.055.202-.028.495-.07.887-.466.559-.566.402-1.584.245-1.946-.157-.363.022-.634.604-.566.58.067.826-.047 1.184-.363l.024-.02c.344-.304.558-.493.513-1.18-.046-.702.334-.677.648-.543.314.135.895.318 1.498.045.604-.272.76-.771.805-1.11.046-.338.402-.588.694-.27.307.335.616.633 1.077.718.247.045.5.037.75.01.359-.04.49-.143.656-.448.012-.02.023-.041.034-.063.103-.192.229-.427.459-.45.3-.03.419.446.48.689l.01.04c.075.297.36.443.693
<path fill="#000" d="M21.568 11.582c.223-.27.134-.61-.336-.77-.469-.158-.783-.655-.805-1.335-.022-.68.246-.792.402-1.155.157-.362.09-.655-.536-.747-.626-.09-1.499-.702-1.386-1.335.112-.634.118-.974.118-.974s-.61.023-1.013 1.336c-.403 1.313 1.543 1.902 1.454 5.931-.089 4.03-4.226 6.294-5.3 6.542-1.026.238-2.645.66-4.698.024l4.03-4.26a.595.595 0 0 0 .155-.447l-.016-.218a.326.326 0 0 0-.33-.304l-2.717-.067a.117.117 0 0 1-.108-.164l1.606-3.643c.043-.096.071-.075.112.023l2.528 5.994c.111.267.376.437.662.425l1.796-.076a.418.418 0 0 0 .358-.595L12.666 4.968a.586.586 0 0 0-1.07.006L6.803 15.947a.308.308 0 0 0 .282.436l1.877-.024-1.893 4.387a.32.32 0 0 0 .095.372c.13.103.315.087.426-.035l.428-.452c.302-.24.754-.464 1.316-.334 1.074.249.852 1.33 1.275 1.38.306.04.469-.317.469-.317s.245-.702 1.253-.702c.735 0 1.137.423 1.299.65a.483.483 0 0 0 .426.214c.131-.011.261-.082.31-.298.113-.499.336-1.065.917-1.313a1.543 1.543 0 0 1 1.454.158c.268.204.738.137.672-.384-.067-.521.044-1.065.537-1.472.492-.408.827-.43 1.386-.408
</g>
<defs>
<clippath id="a">
<path fill="#fff" d="M2 2h20v20H2z"></path>
</clippath>
</defs>
</svg>
<!--?--> </div> </div><!----> </div><!--?--></template></vt-ui-sandbox-icon-row> <a target="_blank" href="https://www.virustotal.com/gui/search/mbc%253AC0029"><!--?lit$336419335$-->Cryptographic Hash</a> <span role="button" class="badge rounded-pill bg-body-tertiary text-body-tertiary ms-2"> <!--?lit$336419335$-->C0029 <vt-ui-popover><template shadowrootmode="open"><!----> <div class="popover bs-popover-auto shadow" role="tooltip" data-popper-reference-hidden="" data-popper-escaped="" data-popper-placement="right" style="position: absolute; inset: 0px auto auto 0px; margin: 0px; transform: translate3d(6.82261px, 0px, 0px);"> <div data-popper-arrow="" class="popover-arrow position-absolute" style="position: absolute; top: 0px; transform: translate3d(0px, 0px, 0px);"></div> <h3 class="popover-header d-none "> <slot name="header"></slot> </h3> <div class="popover-body" style="max-height:calc(100vh - 50px);overflow-y:auto"> <slot name="content"></slot> </div> </div> </template> <span slot="header"> <div class="h
<path d="M9.058 17.5c-.505 0-.933-.175-1.283-.525a1.745 1.745 0 0 1-.525-1.283V4.308c0-.505.175-.933.525-1.283.35-.35.778-.525 1.283-.525h8.384c.505 0 .933.175 1.283.525.35.35.525.778.525 1.283v11.384c0 .505-.175.933-.525 1.283-.35.35-.778.525-1.283.525H9.058Zm0-1.5h8.384a.294.294 0 0 0 .212-.096.294.294 0 0 0 .096-.212V4.308a.294.294 0 0 0-.096-.212.294.294 0 0 0-.212-.096H9.058a.294.294 0 0 0-.212.096.294.294 0 0 0-.096.212v11.384c0 .077.032.148.096.212a.294.294 0 0 0 .212.096Zm-3.5 5c-.505 0-.933-.175-1.283-.525a1.745 1.745 0 0 1-.525-1.283V6.308h1.5v12.884c0 .077.032.148.096.212a.294.294 0 0 0 .212.096h9.884V21H5.558Z"></path>
</svg>
<!--?--> </a> </div> </span> <span slot="content"> <p><!--?lit$336419335$-->Malware may use a cryptographic hash.</p> <a target="_blank" class="btn btn-primary" href="https://github.com/MBCProject/mbc-markdown/blob/main/micro-behaviors/cryptography/cryptographic-hash.md"> View on MBC Project </a> </span> </vt-ui-popover> </span> </div> <div class="vstack gap-1 ps-4"> <!--?lit$336419335$--><!----> <div class="hstack"> <!--?lit$336419335$--> <a target="_blank" href="https://www.virustotal.com/gui/search/mbc%253AC0029.001"><!--?lit$336419335$-->MD5</a> <span role="button" class="badge rounded-pill bg-body-tertiary text-body-tertiary ms-2"> <!--?lit$336419335$-->C0029.001 <vt-ui-popover><template shadowrootmode="open"><!----> <div class="popover bs-popover-auto shadow" role="tooltip" data-popper-reference-hidden="" data-popper-escaped="" data-popper-placement="right" style="position: absolute; inset: 0px auto auto 0px; margin: 0px; transform: translate3d(6.82261px, 0px, 0px);"> <div data-popper-arrow="" class="po
<path d="M9.058 17.5c-.505 0-.933-.175-1.283-.525a1.745 1.745 0 0 1-.525-1.283V4.308c0-.505.175-.933.525-1.283.35-.35.778-.525 1.283-.525h8.384c.505 0 .933.175 1.283.525.35.35.525.778.525 1.283v11.384c0 .505-.175.933-.525 1.283-.35.35-.778.525-1.283.525H9.058Zm0-1.5h8.384a.294.294 0 0 0 .212-.096.294.294 0 0 0 .096-.212V4.308a.294.294 0 0 0-.096-.212.294.294 0 0 0-.212-.096H9.058a.294.294 0 0 0-.212.096.294.294 0 0 0-.096.212v11.384c0 .077.032.148.096.212a.294.294 0 0 0 .212.096Zm-3.5 5c-.505 0-.933-.175-1.283-.525a1.745 1.745 0 0 1-.525-1.283V6.308h1.5v12.884c0 .077.032.148.096.212a.294.294 0 0 0 .212.096h9.884V21H5.558Z"></path>
</svg>
<!--?--> </a> </div> </span> <span slot="content"> <p><!--?lit$336419335$-->Malware uses an MD5 hash.</p> <a target="_blank" class="btn btn-primary" href="https://github.com/MBCProject/mbc-markdown/blob/main/micro-behaviors/cryptography/cryptographic-hash.md#methods"> View on MBC Project </a> </span> </vt-ui-popover> </span> </div><!----> </div> </span> </td> </tr> <!----> </table> </span> </vt-ui-expandable-detail> <!----><!----> <vt-ui-expandable-detail><template shadowrootmode="open"><!----> <div id="labelWrapper"> <vt-ui-button icon="" class="icon" is-expandable-control=""><template shadowrootmode="open"><!----> <!--?lit$336419335$--> <span id="wrapperLink" class=" wrapperLink--no-empty-start-space " tabindex="0"> <!--?lit$336419335$--> <!--?lit$336419335$--> <span class="wrapper "> <!--?lit$336419335$--><!--?lit$336419335$--><svg xmlns="http://www.w3.org/2000/svg" width="1em" height="1em" viewBox="0 0 24 24" fill="currentColor">
<path d="M11.35 12.636H5.703V11.34h5.649V5.69h1.298v5.65h5.649v1.297H12.65v5.65h-1.298v-5.65Z"></path>
</svg>
<!--?--> <span id="slot"><slot></slot></span> <!--?lit$336419335$--> </span> </span> <div class="spinner"> <div class="bounce1"></div> <div class="bounce2"></div> <div class="bounce3"></div> </div> </template></vt-ui-button> <div id="label"> <slot name="label-content"> <!--?lit$336419335$--> </slot> </div> </div> <div id="content" hidden=""> <slot name="content"></slot> </div> </template> <span slot="label-content"> <h5 class="fs-6 fw-bold my-1 d-flex w-100 align-items-center"> <!--?lit$336419335$--> <div class="hstack"> <!--?lit$336419335$--> <a target="_blank" href="https://www.virustotal.com/gui/search/mbc%253AOC0006"><!--?lit$336419335$-->Communication</a> <span role="button" class="badge rounded-pill bg-body-tertiary text-body-tertiary ms-2"> <!--?lit$336419335$-->OC0006 <vt-ui-popover><template shadowrootmode="open"><!----> <div class="popover bs-popover-auto shadow" role="tooltip" data-popper-reference-hidden="" data-popper-escaped="" data-popper-placement="top" style="position: absolute; inset: auto
<path d="M9.058 17.5c-.505 0-.933-.175-1.283-.525a1.745 1.745 0 0 1-.525-1.283V4.308c0-.505.175-.933.525-1.283.35-.35.778-.525 1.283-.525h8.384c.505 0 .933.175 1.283.525.35.35.525.778.525 1.283v11.384c0 .505-.175.933-.525 1.283-.35.35-.778.525-1.283.525H9.058Zm0-1.5h8.384a.294.294 0 0 0 .212-.096.294.294 0 0 0 .096-.212V4.308a.294.294 0 0 0-.096-.212.294.294 0 0 0-.212-.096H9.058a.294.294 0 0 0-.212.096.294.294 0 0 0-.096.212v11.384c0 .077.032.148.096.212a.294.294 0 0 0 .212.096Zm-3.5 5c-.505 0-.933-.175-1.283-.525a1.745 1.745 0 0 1-.525-1.283V6.308h1.5v12.884c0 .077.032.148.096.212a.294.294 0 0 0 .212.096h9.884V21H5.558Z"></path>
</svg>
<!--?--> </a> </div> </span> <span slot="content"> <p><!--?lit$336419335$-->Micro-behaviors that enable malware to communicate.</p> <a target="_blank" class="btn btn-primary" href="https://github.com/MBCProject/mbc-markdown/blob/main/micro-behaviors/communication/README.md"> View on MBC Project </a> </span> </vt-ui-popover> </span> </div> </h5> </span> <span slot="content"> <table class="table table-borderless table-sm w-auto fs-6 ms-2 mb-0"> <!--?lit$336419335$--><!----> <tr> <td class="py-2 px-0"> <span class="vstack gap-1 p-0"> <!--?lit$336419335$--> <div class="hstack"> <!--?lit$336419335$--><vt-ui-sandbox-icon-row class="me-2"><template shadowrootmode="open"><!----> <!--?lit$336419335$--><div class="hstack icons-row"> <!--?lit$336419335$--><!----><div class="box rounded-circle d-inline-flex align-middle bg-body attributed border "> <!--?lit$336419335$--><div data-tooltip-position="right" data-tooltip-text="CAPE Sandbox"> <!--?lit$336419335$--><!--?lit$336419335$--><svg width="1em" height="1em" viewBox="
<path d="M6.18844 18.4529C6.18844 18.4529 4.13057 16.586 3.59932 12.5028C3.06807 8.41949 4.75523 5.8289 6.88217 3.82163C9.00912 1.81437 12.1772 1.27818 14.3732 3.16859C16.5692 5.05899 18.3264 8.44208 15.9913 10.7528C15.9913 10.7528 12.7084 7.08884 7.99138 10.6359C4.75426 13.366 6.18844 18.4529 6.18844 18.4529Z" fill="#FF001D"></path>
<path d="M13.009 22C13.009 22 8.61594 21.2998 7.38317 17.0997C6.1504 12.8995 8.06134 10.9237 10.6203 10.2078C10.6203 10.2078 9.69595 12.4173 11.6526 12.9771C13.6093 13.5369 15.7985 13.1018 17.3553 10.69C17.3553 10.6585 18.049 9.7099 17.7562 6.73828C17.7562 6.73828 18.7116 8.60511 20.5 9.44475C20.5 9.44475 19.3752 10.6271 20.4533 12.93C20.4533 12.93 18.6503 13.4593 18.7574 15.8859C18.7574 15.8859 16.6304 15.8083 16.1527 18.4843C16.1527 18.4843 12.4699 18.6709 13.009 22Z" fill="#222222"></path>
</svg>
<!--?--> </div> </div><!----> </div><!--?--></template></vt-ui-sandbox-icon-row> <a target="_blank" href="https://www.virustotal.com/gui/search/mbc%253AC0002"><!--?lit$336419335$-->HTTP Communication</a> <span role="button" class="badge rounded-pill bg-body-tertiary text-body-tertiary ms-2"> <!--?lit$336419335$-->C0002 <vt-ui-popover><template shadowrootmode="open"><!----> <div class="popover bs-popover-auto shadow" role="tooltip" data-popper-reference-hidden="" data-popper-escaped="" data-popper-placement="right" style="position: absolute; inset: 0px auto auto 0px; margin: 0px; transform: translate3d(6.82261px, 0px, 0px);"> <div data-popper-arrow="" class="popover-arrow position-absolute" style="position: absolute; top: 0px; transform: translate3d(0px, 0px, 0px);"></div> <h3 class="popover-header d-none "> <slot name="header"></slot> </h3> <div class="popover-body" style="max-height:calc(100vh - 50px);overflow-y:auto"> <slot name="content"></slot> </div> </div> </template> <span slot="header"> <div class="h
<path d="M9.058 17.5c-.505 0-.933-.175-1.283-.525a1.745 1.745 0 0 1-.525-1.283V4.308c0-.505.175-.933.525-1.283.35-.35.778-.525 1.283-.525h8.384c.505 0 .933.175 1.283.525.35.35.525.778.525 1.283v11.384c0 .505-.175.933-.525 1.283-.35.35-.778.525-1.283.525H9.058Zm0-1.5h8.384a.294.294 0 0 0 .212-.096.294.294 0 0 0 .096-.212V4.308a.294.294 0 0 0-.096-.212.294.294 0 0 0-.212-.096H9.058a.294.294 0 0 0-.212.096.294.294 0 0 0-.096.212v11.384c0 .077.032.148.096.212a.294.294 0 0 0 .212.096Zm-3.5 5c-.505 0-.933-.175-1.283-.525a1.745 1.745 0 0 1-.525-1.283V6.308h1.5v12.884c0 .077.032.148.096.212a.294.294 0 0 0 .212.096h9.884V21H5.558Z"></path>
</svg>
<!--?--> </a> </div> </span> <span slot="content"> <p><!--?lit$336419335$-->This micro-behavior is related to HTTP communication.
Instead of being listed alphabetically, methods have been grouped to better faciliate labeling and mapping.</p> <a target="_blank" class="btn btn-primary" href="https://github.com/MBCProject/mbc-markdown/blob/main/micro-behaviors/communication/http-communication.md"> View on MBC Project </a> </span> </vt-ui-popover> </span> </div> <div class="vstack gap-1 ps-4"> <!--?lit$336419335$--> </div> </span> </td> </tr> <!----> </table> </span> </vt-ui-expandable-detail> <!----> </div> </span> </vt-ui-expandable> </template></mbc-tree> <!--?lit$336419335$--> <vt-ui-capa-signature-matches><template shadowrootmode="open"><!----> <vt-ui-expandable id="capabilities" collapsable="" statekey="capabilities"><template shadowrootmode="open"><!----> <div id="wrapper"> <!--?lit$336419335$--> <div class="section-header hstack gap-2 position-relative"> <slot name="header" class="hstack gap-2 w-100"> <div class="title hstack gap-2"> <!--?lit$336419335$--> <!--?lit$336419335$-->Capabilities <!--?lit$336419335$--> </div> <!--?lit
<path d="M11.31 16.649h1.4V11.02h-1.4v5.629Zm.687-7.28a.75.75 0 0 0 .55-.217.738.738 0 0 0 .22-.547.751.751 0 0 0-.217-.55.738.738 0 0 0-.547-.22.75.75 0 0 0-.55.217.738.738 0 0 0-.22.547.75.75 0 0 0 .764.77Zm.005 11.93a9.05 9.05 0 0 1-3.626-.734 9.395 9.395 0 0 1-2.954-1.99 9.407 9.407 0 0 1-1.988-2.951 9.034 9.034 0 0 1-.732-3.622 9.05 9.05 0 0 1 .733-3.626 9.394 9.394 0 0 1 1.99-2.954 9.406 9.406 0 0 1 2.951-1.988 9.034 9.034 0 0 1 3.622-.732 9.05 9.05 0 0 1 3.626.733 9.394 9.394 0 0 1 2.954 1.99 9.406 9.406 0 0 1 1.988 2.951 9.034 9.034 0 0 1 .732 3.622 9.05 9.05 0 0 1-.733 3.626 9.394 9.394 0 0 1-1.99 2.954 9.405 9.405 0 0 1-2.951 1.988 9.033 9.033 0 0 1-3.622.732Zm-.002-1.4c2.198 0 4.064-.767 5.598-2.3 1.534-1.534 2.301-3.4 2.301-5.599 0-2.198-.767-4.064-2.3-5.598C16.064 4.868 14.198 4.1 12 4.1c-2.198 0-4.064.767-5.598 2.3C4.868 7.936 4.1 9.802 4.1 12c0 2.198.767 4.064 2.3 5.598C7.936 19.132 9.802 19.9 12 19.9Z"></path>
</svg>
<!--?--> </a> <vt-ui-tooltip for="info" position="right" animation-delay="0" class="tooltip-info" noink=""><template shadowrootmode="open"><!----> <div class="tooltip bs-tooltip-auto" role="tooltip" data-popper-reference-hidden="" data-popper-escaped="" data-popper-placement="right" style="position: absolute; inset: 0px auto auto 0px; margin: 0px; transform: translate3d(5.84795px, 0px, 0px);"> <div data-popper-arrow="" class="tooltip-arrow" style="position: absolute; top: 0px; transform: translate3d(0px, 0px, 0px);"></div> <div class="tooltip-inner"> <slot></slot> </div> </div> </template><!--?lit$336419335$-->Specific functionalities and features of malware (and more broadly software) that could enable malware to perform various unauthorized and harmful activities on a targeted computer, network, or device. </vt-ui-tooltip> <!--?lit$336419335$--> <!--?lit$336419335$--> <span class="ms-auto"><!--?lit$336419335$--></span> <!--?lit$336419335$--> <slot name="header-right-side"></slot> <!--?lit$336419335$--> </
<path d="m7.4 15.038-1.054-1.053L12 8.33l5.654 5.654-1.054 1.053-4.6-4.6-4.6 4.6Z"></path>
</svg>
<!--?--></a> </div> <div class="details "> <!--?lit$336419335$--> <!--?lit$336419335$--> <slot name="content"></slot> </div> </div> </template> <span slot="header" class="hstack gap-2 w-100 justify-content-between"> <div class="fs-6 fw-bold">Capabilities</div> <!--?lit$336419335$--> </span> <span slot="content"> <!--?lit$336419335$--><!----> <vt-ui-expandable-detail><template shadowrootmode="open"><!----> <div id="labelWrapper"> <vt-ui-button icon="" class="icon" is-expandable-control=""><template shadowrootmode="open"><!----> <!--?lit$336419335$--> <span id="wrapperLink" class=" wrapperLink--no-empty-start-space " tabindex="0"> <!--?lit$336419335$--> <!--?lit$336419335$--> <span class="wrapper "> <!--?lit$336419335$--><!--?lit$336419335$--><svg xmlns="http://www.w3.org/2000/svg" width="1em" height="1em" viewBox="0 0 24 24" fill="currentColor">
<path d="M11.35 12.636H5.703V11.34h5.649V5.69h1.298v5.65h5.649v1.297H12.65v5.65h-1.298v-5.65Z"></path>
</svg>
<!--?--> <span id="slot"><slot></slot></span> <!--?lit$336419335$--> </span> </span> <div class="spinner"> <div class="bounce1"></div> <div class="bounce2"></div> <div class="bounce3"></div> </div> </template></vt-ui-button> <div id="label"> <slot name="label-content"> <!--?lit$336419335$--> </slot> </div> </div> <div id="content" hidden=""> <slot name="content"></slot> </div> </template> <span slot="label-content" class="fw-bold text-capitalize"> <!--?lit$336419335$-->host-interaction </span> <span slot="content"> <ul class="list-unstyled ms-3 capitalize-first-letter"> <!--?lit$336419335$--><!----> <li><!--?lit$336419335$-->print debug messages</li> <!----><!----> <li><!--?lit$336419335$-->write file on Windows</li> <!----><!----> <li><!--?lit$336419335$-->terminate process</li> <!----><!----> <li><!--?lit$336419335$-->get thread local storage value</li> <!----> </ul> </span> </vt-ui-expandable-detail> <!----><!----> <vt-ui-expandable-detail><template shadowrootmode="open"><!----> <div id="labelWrapper"> <
<path d="M11.35 12.636H5.703V11.34h5.649V5.69h1.298v5.65h5.649v1.297H12.65v5.65h-1.298v-5.65Z"></path>
</svg>
<!--?--> <span id="slot"><slot></slot></span> <!--?lit$336419335$--> </span> </span> <div class="spinner"> <div class="bounce1"></div> <div class="bounce2"></div> <div class="bounce3"></div> </div> </template></vt-ui-button> <div id="label"> <slot name="label-content"> <!--?lit$336419335$--> </slot> </div> </div> <div id="content" hidden=""> <slot name="content"></slot> </div> </template> <span slot="label-content" class="fw-bold text-capitalize"> <!--?lit$336419335$-->data-manipulation </span> <span slot="content"> <ul class="list-unstyled ms-3 capitalize-first-letter"> <!--?lit$336419335$--><!----> <li><!--?lit$336419335$-->hash data with MD5</li> <!----><!----> <li><!--?lit$336419335$-->encrypt data using RC4 PRGA</li> <!----> </ul> </span> </vt-ui-expandable-detail> <!----><!----> <vt-ui-expandable-detail><template shadowrootmode="open"><!----> <div id="labelWrapper"> <vt-ui-button icon="" class="icon" is-expandable-control=""><template shadowrootmode="open"><!----> <!--?lit$336419335$--> <span id="wrap
<path d="M11.35 12.636H5.703V11.34h5.649V5.69h1.298v5.65h5.649v1.297H12.65v5.65h-1.298v-5.65Z"></path>
</svg>
<!--?--> <span id="slot"><slot></slot></span> <!--?lit$336419335$--> </span> </span> <div class="spinner"> <div class="bounce1"></div> <div class="bounce2"></div> <div class="bounce3"></div> </div> </template></vt-ui-button> <div id="label"> <slot name="label-content"> <!--?lit$336419335$--> </slot> </div> </div> <div id="content" hidden=""> <slot name="content"></slot> </div> </template> <span slot="label-content" class="fw-bold text-capitalize"> <!--?lit$336419335$-->linking </span> <span slot="content"> <ul class="list-unstyled ms-3 capitalize-first-letter"> <!--?lit$336419335$--><!----> <li><!--?lit$336419335$-->link many functions at runtime</li> <!----><!----> <li><!--?lit$336419335$-->linked against CPP regex library</li> <!----><!----> <li><!--?lit$336419335$-->link function at runtime on Windows</li> <!----> </ul> </span> </vt-ui-expandable-detail> <!----> <!--?lit$336419335$--> </span> </vt-ui-expandable> </template></vt-ui-capa-signature-matches> <!--?lit$336419335$--> <!--?lit$336419335$--> <vt
<path d="M11.31 16.649h1.4V11.02h-1.4v5.629Zm.687-7.28a.75.75 0 0 0 .55-.217.738.738 0 0 0 .22-.547.751.751 0 0 0-.217-.55.738.738 0 0 0-.547-.22.75.75 0 0 0-.55.217.738.738 0 0 0-.22.547.75.75 0 0 0 .764.77Zm.005 11.93a9.05 9.05 0 0 1-3.626-.734 9.395 9.395 0 0 1-2.954-1.99 9.407 9.407 0 0 1-1.988-2.951 9.034 9.034 0 0 1-.732-3.622 9.05 9.05 0 0 1 .733-3.626 9.394 9.394 0 0 1 1.99-2.954 9.406 9.406 0 0 1 2.951-1.988 9.034 9.034 0 0 1 3.622-.732 9.05 9.05 0 0 1 3.626.733 9.394 9.394 0 0 1 2.954 1.99 9.406 9.406 0 0 1 1.988 2.951 9.034 9.034 0 0 1 .732 3.622 9.05 9.05 0 0 1-.733 3.626 9.394 9.394 0 0 1-1.99 2.954 9.405 9.405 0 0 1-2.951 1.988 9.033 9.033 0 0 1-3.622.732Zm-.002-1.4c2.198 0 4.064-.767 5.598-2.3 1.534-1.534 2.301-3.4 2.301-5.599 0-2.198-.767-4.064-2.3-5.598C16.064 4.868 14.198 4.1 12 4.1c-2.198 0-4.064.767-5.598 2.3C4.868 7.936 4.1 9.802 4.1 12c0 2.198.767 4.064 2.3 5.598C7.936 19.132 9.802 19.9 12 19.9Z"></path>
</svg>
<!--?--> </a> <vt-ui-tooltip for="info" position="right" animation-delay="0" class="tooltip-info" noink=""><template shadowrootmode="open"><!----> <div class="tooltip bs-tooltip-auto" role="tooltip" data-popper-reference-hidden="" data-popper-escaped="" data-popper-placement="right" style="position: absolute; inset: 0px auto auto 0px; margin: 0px; transform: translate3d(5.84795px, 0px, 0px);"> <div data-popper-arrow="" class="tooltip-arrow" style="position: absolute; top: 0px; transform: translate3d(0px, 0px, 0px);"></div> <div class="tooltip-inner"> <slot></slot> </div> </div> </template><!--?lit$336419335$-->List of intrusion detection system rules that matched against the network traffic generated by the file under scrutiny when executed in dynamic analysis sandboxes. </vt-ui-tooltip> <!--?lit$336419335$--> <!--?lit$336419335$--> <span class="ms-auto"><!--?lit$336419335$--></span> <!--?lit$336419335$--> <slot name="header-right-side"></slot> <!--?lit$336419335$--> </slot> <!--?lit$336419335$--> <a role="
<path d="m7.4 15.038-1.054-1.053L12 8.33l5.654 5.654-1.054 1.053-4.6-4.6-4.6 4.6Z"></path>
</svg>
<!--?--></a> </div> <div class="details "> <!--?lit$336419335$--> <!--?lit$336419335$--> <slot name="content"></slot> </div> </div> </template> <span slot="content"> <vt-ui-crowdsourced-rules-scaffold><template shadowrootmode="open"><!----> <div class="p-0 m-0 border "> <!--?lit$336419335$--> <ul class="nav nav-tabs border-bottom-0" role="tablist"> <!--?lit$336419335$--><!----> <!--?lit$336419335$--> <li class="nav-item" role="presentation"><!--?lit$336419335$--> <a data-bs-toggle="tab" aria-selected="true" href="https://www.virustotal.com/gui/" role="tab" class="nav-link fw-bold link-danger "><!--?lit$336419335$-->HIGH <!--?lit$336419335$-->2</a></li><!--?--><!----><!----> <!--?lit$336419335$--> <li class="nav-item" role="presentation"><!--?lit$336419335$--><a class="nav-link fw-bold disabled" data-bs-toggle="tab" aria-selected="true" href="https://www.virustotal.com/gui/" role="tab"><!--?lit$336419335$-->MEDIUM <!--?lit$336419335$-->0</a></li><!--?--><!----><!----> <!--?lit$336419335$--> <li class="
<path d="M2.128 20.318 12 3.283l9.872 17.035H2.128ZM4.55 18.92h14.898L12 6.081 4.55 18.919Zm7.446-1.212a.75.75 0 0 0 .55-.217.738.738 0 0 0 .22-.548.751.751 0 0 0-.217-.55.738.738 0 0 0-.547-.22.751.751 0 0 0-.55.217.737.737 0 0 0-.22.548.75.75 0 0 0 .764.77Zm-.686-2.515h1.399v-4.94h-1.4v4.94Z"></path>
</svg>
<!--?--> </div> <vt-ui-sandbox-icon-row><template shadowrootmode="open"><!----> <!--?lit$336419335$--><div class="hstack icons-row"> <!--?lit$336419335$--><!----><div class="box rounded-circle d-inline-flex align-middle bg-body attributed border "> <!--?lit$336419335$--><div data-tooltip-position="right" data-tooltip-text="CAPE Sandbox"> <!--?lit$336419335$--><!--?lit$336419335$--><svg width="1em" height="1em" viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg">
<path d="M6.18844 18.4529C6.18844 18.4529 4.13057 16.586 3.59932 12.5028C3.06807 8.41949 4.75523 5.8289 6.88217 3.82163C9.00912 1.81437 12.1772 1.27818 14.3732 3.16859C16.5692 5.05899 18.3264 8.44208 15.9913 10.7528C15.9913 10.7528 12.7084 7.08884 7.99138 10.6359C4.75426 13.366 6.18844 18.4529 6.18844 18.4529Z" fill="#FF001D"></path>
<path d="M13.009 22C13.009 22 8.61594 21.2998 7.38317 17.0997C6.1504 12.8995 8.06134 10.9237 10.6203 10.2078C10.6203 10.2078 9.69595 12.4173 11.6526 12.9771C13.6093 13.5369 15.7985 13.1018 17.3553 10.69C17.3553 10.6585 18.049 9.7099 17.7562 6.73828C17.7562 6.73828 18.7116 8.60511 20.5 9.44475C20.5 9.44475 19.3752 10.6271 20.4533 12.93C20.4533 12.93 18.6503 13.4593 18.7574 15.8859C18.7574 15.8859 16.6304 15.8083 16.1527 18.4843C16.1527 18.4843 12.4699 18.6709 13.009 22Z" fill="#222222"></path>
</svg>
<!--?--> </div> </div><!----><!----><div class="box rounded-circle d-inline-flex align-middle bg-body attributed border icon-margin "> <!--?lit$336419335$--><div data-tooltip-position="right" data-tooltip-text="VirusTotal Jujubox"> <!--?lit$336419335$--><!--?lit$336419335$--><svg width="1em" height="1em" viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg">
<path fill-rule="evenodd" clip-rule="evenodd" d="M2.20001 7.7786V16.9904V17.0161L11.999 21.6219V12.2919L2.20001 7.6861V7.7786Z" fill="#EFD8CB"></path>
<path fill-rule="evenodd" clip-rule="evenodd" d="M2.38342 8.0387C2.38342 8.0387 9.02517 11.3267 10.4226 13.3924C11.8201 15.458 11.3187 21.3844 11.3187 21.3844L12.0351 21.6908L12.2567 12.4716L2.38342 8.0387Z" fill="#AB9B9B" fill-opacity="0.63"></path>
<path fill-rule="evenodd" clip-rule="evenodd" d="M5.21887 9.26135C5.21887 9.26135 4.89926 10.1313 5.0143 10.4881C5.12953 10.8448 5.48024 11.0283 5.48024 11.0283C5.48024 11.0283 5.29239 10.6439 5.69829 10.2843C5.91472 10.0927 6.01304 10.1425 6.01304 10.1425C6.01304 10.1425 5.89944 10.427 5.87697 10.6909C5.8412 11.1119 6.26561 11.4886 6.26561 11.4886C6.26561 11.4886 6.19352 10.8976 6.88596 10.6671C7.29329 10.5315 7.03336 10.9713 7.03336 10.9713C7.03336 10.9713 7.57461 10.6297 7.17807 11.1934C6.81747 11.706 7.65245 12.0263 7.65245 12.0263C7.65245 12.0263 7.45597 11.5911 7.91005 11.3959C8.75527 11.0327 9.34291 11.2618 9.34291 11.2618L5.21887 9.26135Z" fill="#444444"></path>
<path fill-rule="evenodd" clip-rule="evenodd" d="M5.83875 17.7814C5.83875 17.7814 6.2954 18.5724 5.30194 18.5733L6.66256 19.2172C6.66256 19.2172 6.12701 18.2939 6.52759 18.0519L5.83875 17.7814Z" fill="#444444"></path>
<path fill-rule="evenodd" clip-rule="evenodd" d="M4.22961 13C4.22961 13 3.90982 13.87 4.02504 14.2267C4.14027 14.5834 4.4908 14.7669 4.4908 14.7669C4.4908 14.7669 4.30313 14.3825 4.70903 14.0229C4.92546 13.8314 5.02379 13.8811 5.02379 13.8811C5.02379 13.8811 4.91018 14.1657 4.88771 14.4296C4.85194 14.8506 5.27635 15.2272 5.27635 15.2272C5.27635 15.2272 5.20426 14.6362 5.8967 14.4057C6.30403 14.2702 6.04392 14.71 6.04392 14.71C6.04392 14.71 6.58536 14.3684 6.18881 14.9321C5.82821 15.4446 6.66301 15.7649 6.66301 15.7649C6.66301 15.7649 6.46671 15.3297 6.92079 15.1346C7.76601 14.7714 8.35347 15.0005 8.35347 15.0005L4.22961 13Z" fill="#6D6D6D"></path>
<path fill-rule="evenodd" clip-rule="evenodd" d="M12.0351 12.4407L2.25061 7.81036L12.0351 3.18018L21.8196 7.81036L12.0351 12.4407Z" fill="#EDC7AE"></path>
<path fill-rule="evenodd" clip-rule="evenodd" d="M3.65948 7.14372C3.65948 7.14372 5.00265 7.05988 5.54282 7.54945C5.8308 7.81049 5.08498 9.0117 5.08498 9.0117C5.75602 9.44885 9.07312 10.9879 9.07312 10.9879C9.07312 10.9879 14.4087 8.39593 15.7255 9.35622C16.5173 9.93358 16.0756 10.5508 16.0756 10.5508L21.8197 7.81049L12.0681 3.2663L3.65948 7.14372Z" fill="#444444"></path>
<path fill-rule="evenodd" clip-rule="evenodd" d="M12.0352 21.6908L21.8196 17.319V8.00494L12.0352 12.3385V21.6908Z" fill="#BA9988"></path>
<path fill-rule="evenodd" clip-rule="evenodd" d="M21.7445 17.1639V7.90332L16.0756 10.5508C16.0756 10.5508 18.1254 13.1166 17.8775 14.6078C17.623 16.14 17.5225 16.9141 17.5225 16.9141L21.7445 17.1639Z" fill="#262626"></path>
<path fill-rule="evenodd" clip-rule="evenodd" d="M16.2933 13.8627L16.9243 13.2175C16.9243 13.2175 17.8586 13.1534 17.8759 14.2022C17.8932 15.2508 17.7409 16.7185 17.6658 16.8114C17.5907 16.9044 16.8341 17.1831 16.4736 17.061" fill="#EFD8CB"></path>
<path fill-rule="evenodd" clip-rule="evenodd" d="M12.0352 12.3385L21.8196 8.00488V17.3191C21.8196 17.3191 22.7975 12.7591 19.3003 11.8466C15.8027 10.934 12.0352 12.3385 12.0352 12.3385Z" fill="#6D6D6D"></path>
<path fill-rule="evenodd" clip-rule="evenodd" d="M12.0352 3.18018L21.8196 7.81054L13.6068 11.6969C13.6068 11.6969 19.6129 9.16741 17.877 7.39673C15.2207 4.68766 12.0352 3.18018 12.0352 3.18018Z" fill="#6D6D6D"></path>
<path fill-rule="evenodd" clip-rule="evenodd" d="M17.125 12.9297C17.125 12.9297 19.831 13.3546 20.1918 14.8479C20.5524 16.3412 20.6651 17.0611 20.6651 17.0611L17.7182 16.8213C17.7182 16.8213 17.9725 14.8992 17.8763 14.2021C17.7802 13.5049 17.125 12.9297 17.125 12.9297Z" fill="#6D6D6D"></path>
<path fill-rule="evenodd" clip-rule="evenodd" d="M10.8194 15.4863C10.8194 16.4271 10.3743 16.6558 9.43241 16.6558C8.49029 16.6558 7.52283 15.8055 7.52283 14.8648C7.52283 13.9239 8.24726 13.4879 9.18938 13.4879C10.1313 13.4879 10.8194 14.5454 10.8194 15.4863Z" fill="#F4F4F4"></path>
<path fill-rule="evenodd" clip-rule="evenodd" d="M6.53501 13.607C6.53501 14.5479 6.08993 14.7765 5.14799 14.7765C4.20587 14.7765 3.2384 13.9262 3.2384 12.9855C3.2384 12.0446 3.96283 11.6085 4.90495 11.6085C5.84689 11.6085 6.53501 12.6663 6.53501 13.607Z" fill="#F4F4F4"></path>
<path fill-rule="evenodd" clip-rule="evenodd" d="M5.72381 18.634L6.16627 18.8437C6.08612 18.613 6.03184 18.3414 6.11074 18.1323L5.9932 18.0858C6.00327 18.1994 5.98925 18.3231 5.92329 18.4375C5.87639 18.5183 5.80989 18.5841 5.72381 18.634ZM6.5345 19.3972C6.50844 19.3972 6.4822 19.3917 6.45758 19.38L5.09679 18.736C5.02041 18.6999 4.97944 18.6161 4.99795 18.5339C5.01646 18.4515 5.08942 18.3931 5.17353 18.3931C5.40536 18.3928 5.56063 18.3446 5.61113 18.2574C5.68014 18.1378 5.58399 17.9226 5.5547 17.8716C5.51642 17.805 5.52415 17.722 5.57411 17.6641C5.62425 17.6063 5.70548 17.587 5.77683 17.6138L6.46567 17.8842C6.52929 17.9095 6.57332 17.9685 6.57925 18.0368C6.585 18.1052 6.55157 18.1705 6.49299 18.2061C6.33304 18.3028 6.50844 18.812 6.69049 19.1272C6.73003 19.1954 6.72051 19.2812 6.66731 19.3392C6.63209 19.3773 6.58374 19.3972 6.5345 19.3972Z" fill="#35302C"></path>
<path fill-rule="evenodd" clip-rule="evenodd" d="M3.84828 12.7521C3.81234 12.7521 3.77819 12.7304 3.76435 12.695C3.7462 12.6485 3.76902 12.5963 3.81539 12.5781L4.74649 12.2137C4.79304 12.1954 4.84515 12.2184 4.8633 12.2649C4.88146 12.3112 4.85863 12.3634 4.81227 12.3816L3.88117 12.7458C3.87038 12.7501 3.85924 12.7521 3.84828 12.7521Z" fill="#35302C"></path>
<path fill-rule="evenodd" clip-rule="evenodd" d="M4.29011 13.1934C4.25417 13.1934 4.22003 13.1715 4.20619 13.1361C4.18804 13.09 4.21086 13.0375 4.25705 13.0196L4.7421 12.8295C4.78864 12.8113 4.84094 12.8341 4.85909 12.8805C4.87724 12.9268 4.85424 12.979 4.80805 12.9971L4.323 13.1871C4.31204 13.1912 4.30108 13.1934 4.29011 13.1934Z" fill="#35302C"></path>
<path fill-rule="evenodd" clip-rule="evenodd" d="M8.0226 14.6279C7.98665 14.6279 7.95251 14.606 7.93867 14.5706C7.92052 14.5245 7.94334 14.4721 7.98971 14.4541L8.92081 14.0897C8.96771 14.0719 9.01965 14.0944 9.03762 14.1409C9.05577 14.1868 9.03295 14.2392 8.98658 14.2572L8.05548 14.6216C8.0447 14.6258 8.03356 14.6279 8.0226 14.6279Z" fill="#35302C"></path>
<path fill-rule="evenodd" clip-rule="evenodd" d="M8.46435 15.0691C8.42822 15.0691 8.39426 15.0472 8.38042 15.0118C8.36227 14.9657 8.38527 14.9133 8.43146 14.8953L8.91651 14.7057C8.96341 14.6874 9.01499 14.7102 9.03332 14.7567C9.05147 14.8029 9.02865 14.8553 8.98228 14.8732L8.49741 15.0626C8.48645 15.0669 8.47531 15.0691 8.46435 15.0691Z" fill="#35302C"></path>
<path fill-rule="evenodd" clip-rule="evenodd" d="M2.67167 7.81052L12.035 12.2414L21.3986 7.81052L12.035 3.37943L2.67167 7.81052ZM2.43082 8.09491L11.8549 12.5546L11.8548 12.5595V15.7572L11.8408 15.7638L10.9997 15.4726C10.9933 14.4456 10.2516 13.3077 9.18938 13.3077C8.50487 13.3077 7.97614 13.523 7.66314 13.9034L6.71212 13.4879C6.65789 12.4902 5.93099 11.4285 4.90502 11.4285C4.20441 11.4285 3.66707 11.6541 3.35718 12.0513L2.49999 11.5C2.47791 11.4876 2.4544 11.4803 2.43082 11.4778V8.09491ZM6.7017 13.8762L7.47231 14.213C7.38725 14.4048 7.34253 14.6232 7.34253 14.8647C7.34253 15.878 8.35817 16.8357 9.43241 16.8357C10.2626 16.8357 10.8481 16.6568 10.9743 15.845L11.7925 16.1281C11.8115 16.1347 11.8315 16.138 11.8514 16.138L11.8548 16.1379V21.5352L2.43082 17.0758V11.8833L3.17577 12.3625C3.09874 12.5473 3.05835 12.756 3.05835 12.9855C3.05835 13.9988 4.07381 14.9565 5.14805 14.9565C6.00792 14.9565 6.60539 14.7647 6.7017 13.8762ZM6.35477 13.6127C6.35464 13.6088 6.35464 13.605 6.35477 13.6011C6.35199 12.7442 5.73293 11.
</svg>
<!--?--> </div> </div><!----><!----><div class="box rounded-circle d-inline-flex align-middle bg-body attributed border icon-margin "> <!--?lit$336419335$--><div data-tooltip-position="right" data-tooltip-text="Zenbox"> <!--?lit$336419335$--><!--?lit$336419335$--><svg width="1em" height="1em" viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg">
<path fill-rule="evenodd" clip-rule="evenodd" d="M11.8125 3.625V9.25L8.4375 10.8125L3.625 7.375L11.8125 3.625ZM15.8703 10.7525L12 12.8125L9.4375 10.75L12.4375 9.125L12.625 9.21364V3.625L20.8125 7.375L16 10.8125L15.8703 10.7525Z" fill="#86AAF9"></path>
<path fill-rule="evenodd" clip-rule="evenodd" d="M2.9375 8.125V16L11.875 20.9375V13L2.9375 8.125ZM21.6875 8.4375V16.3125L12.75 21.25V13.3125L21.6875 8.4375Z" fill="#CFDDFC"></path>
<path d="M21.7247 6.85182L12.9174 2.13603C12.6422 1.95466 12.367 1.95466 12.0917 2.13603L2.55046 6.85182C2.27522 7.0332 2.09174 7.30526 2 7.66801V15.9206C2 16.2834 2.18349 16.5555 2.45871 16.7368L11.5413 21.906C11.6821 21.9794 11.8414 22.0108 12 21.9967H12.2752C12.367 21.9967 12.4587 21.906 12.4587 21.906L21.5413 16.8275C21.8164 16.6461 22 16.374 22 16.0114V7.84939C22 7.3125 21.9778 7.01857 21.7247 6.85182ZM12.367 11.9304L10.8073 11.0235L12.4587 10.1166L14.0183 10.9328L12.367 11.9304ZM15.8531 9.84457L13.4679 8.57489V4.58462L19.3394 7.7587L15.8531 9.84457ZM11.633 4.31255V8.39352L8.97246 9.93524L4.93577 7.66801L11.633 4.31255ZM3.83485 9.20972L11.1743 13.2907V19.4575L3.83485 15.2858V9.20972ZM13.0092 19.4575V13.6535L20.3485 9.3004V15.3765L13.0092 19.4575Z" fill="#0B4DDA"></path>
</svg>
<!--?--> </div> </div><!----> </div><!--?--></template></vt-ui-sandbox-icon-row> </div> <div class="flex-grow-1"> <slot name="title"></slot> <!--?lit$336419335$--> <div class="hstack gap-1"> <div class="hstack align-self-start fs-6"> <!--?lit$336419335$--><!--?lit$336419335$--><svg xmlns="http://www.w3.org/2000/svg" width="1em" height="1em" viewBox="0 0 24 24" fill="currentColor">
<path d="M5.24 5.346v8.442c0 .5.177.925.53 1.278.353.353.78.53 1.278.53h8.594l-1.85 1.85 1.054 1.054 3.654-3.654-3.654-3.654-1.054 1.054 1.85 1.85H7.048a.3.3 0 0 1-.221-.086.3.3 0 0 1-.087-.222V5.346h-1.5Z"></path>
</svg>
<!--?--> </div> <slot name="details"></slot> </div> </div> </div> <!--?lit$336419335$--> <div class="matches-actions position-absolute bg-body hstack top-0 bottom-0 end-0"> <slot name="actions"></slot> </div> </div></template> <span slot="title"> <!--?lit$336419335$--> <!--?lit$336419335$--> <!--?lit$336419335$-->Matches <span> rule</span> <span class=" text-danger "> <!--?lit$336419335$-->ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz</span> <span> at <!--?lit$336419335$-->Proofpoint Emerging Threats Open </span> </span> <span slot="details" class="match-description"> <!--?lit$336419335$-->A Network Trojan was detected </span> <span slot="actions" class="hstack flex-nowrap"> <!--?lit$336419335$--> <vt-ui-button icon="" target="_blank" data-rule-index="0"><template shadowrootmode="open"><!----> <!--?lit$336419335$--> <span id="wrapperLink" class=" " tabindex="0"> <!--?lit$336419335$--> <!--?lit$336419335$--> <span class="wrapper "> <!--?lit$336419335$--><!--?lit$336419335$--><
<path d="M12.002 15.577c1.133 0 2.096-.397 2.887-1.19.792-.793 1.188-1.756 1.188-2.89 0-1.132-.397-2.095-1.19-2.886-.793-.792-1.756-1.188-2.89-1.188-1.132 0-2.095.397-2.886 1.19-.792.793-1.188 1.756-1.188 2.89 0 1.132.397 2.095 1.19 2.886.793.792 1.756 1.188 2.89 1.188ZM12 14.2c-.75 0-1.387-.262-1.912-.787A2.604 2.604 0 0 1 9.3 11.5c0-.75.262-1.387.787-1.912A2.604 2.604 0 0 1 12 8.8c.75 0 1.387.262 1.912.787.525.526.788 1.163.788 1.913s-.262 1.387-.787 1.912A2.604 2.604 0 0 1 12 14.2Zm.001 4.3c-2.3 0-4.395-.634-6.286-1.903-1.89-1.269-3.283-2.968-4.177-5.097.894-2.13 2.286-3.829 4.176-5.097C7.604 5.134 9.699 4.5 11.999 4.5c2.3 0 4.394.634 6.286 1.903 1.89 1.268 3.283 2.968 4.177 5.097-.894 2.13-2.286 3.829-4.176 5.097C16.396 17.866 14.3 18.5 12 18.5ZM12 17a9.544 9.544 0 0 0 5.188-1.488A9.774 9.774 0 0 0 20.8 11.5a9.773 9.773 0 0 0-3.613-4.013A9.545 9.545 0 0 0 12 6a9.545 9.545 0 0 0-5.188 1.487A9.773 9.773 0 0 0 3.2 11.5a9.773 9.773 0 0 0 3.612 4.012A9.544 9.544 0 0 0 12 17Z"></path>
</svg>
<!--?--> <span id="slot"><slot></slot></span> <!--?lit$336419335$--> </span> </span> <div class="spinner"> <div class="bounce1"></div> <div class="bounce2"></div> <div class="bounce3"></div> </div> </template><span><!--?lit$336419335$-->View rule</span></vt-ui-button> <!--?lit$336419335$--> <vt-ui-button icon="" target="_blank" data-rule-index="0"><template shadowrootmode="open"><!----> <!--?lit$336419335$--> <span id="wrapperLink" class=" " tabindex="0"> <!--?lit$336419335$--> <!--?lit$336419335$--> <span class="wrapper "> <!--?lit$336419335$--><!--?lit$336419335$--><svg xmlns="http://www.w3.org/2000/svg" width="1em" height="1em" viewBox="0 0 24 24" fill="currentColor">
<path fill-rule="evenodd" d="M11.31 20.337v1.67h1.4v-1.67c2.064-.203 3.792-1.005 5.184-2.403 1.392-1.398 2.19-3.13 2.393-5.195h1.67V11.34h-1.67c-.203-2.064-1.001-3.793-2.393-5.184-1.392-1.392-3.12-2.19-5.184-2.393v-1.67h-1.4v1.67c-2.064.203-3.796 1.001-5.194 2.393-1.399 1.391-2.2 3.12-2.404 5.184h-1.67v1.4h1.67c.204 2.064 1.005 3.796 2.404 5.194 1.398 1.398 3.13 2.2 5.194 2.403Zm5.596-3.401c-1.342 1.355-2.97 2.033-4.886 2.033-1.915 0-3.55-.678-4.906-2.033-1.138-1.139-1.799-2.474-1.981-4.007a7.905 7.905 0 0 0 2.46 2.646A7.667 7.667 0 0 0 12 16.924a7.67 7.67 0 0 0 4.408-1.349 7.904 7.904 0 0 0 2.46-2.646c-.181 1.532-.835 2.868-1.962 4.007Zm1.952-5.881a7.905 7.905 0 0 0-2.45-2.63A7.667 7.667 0 0 0 12 7.076a7.67 7.67 0 0 0-4.408 1.349 7.904 7.904 0 0 0-2.45 2.63c.196-1.5.853-2.803 1.972-3.911 1.356-1.342 2.991-2.013 4.906-2.013 1.915 0 3.544.67 4.886 2.013 1.108 1.108 1.759 2.412 1.952 3.911Zm-4.875 2.928A2.7 2.7 0 0 1 12 14.8a2.7 2.7 0 0 1-1.983-.817A2.7 2.7 0 0 1 9.2 12a2.7 2.7 0 0 1 .817-1.983A2.7 2.7 0 0 1
</svg>
<!--?--> <span id="slot"><slot></slot></span> <!--?lit$336419335$--> </span> </span> <div class="spinner"> <div class="bounce1"></div> <div class="bounce2"></div> <div class="bounce3"></div> </div> </template><span><!--?lit$336419335$-->View matches</span></vt-ui-button> <!--?lit$336419335$--> </span> </vt-ui-crowdsourced-rules-row> </div> <!----><!----> <div class="matches-row"> <vt-ui-crowdsourced-rules-row><template shadowrootmode="open"><!----> <div class="border-top position-relative matches-row"> <div class="hstack gap-2 p-2"> <div class="align-self-baseline hstack gap-1 align-self-start "> <div class="fs-4 hstack align-self-start text-danger "> <!--?lit$336419335$--><!--?lit$336419335$--><svg xmlns="http://www.w3.org/2000/svg" width="1em" height="1em" viewBox="0 0 24 24" fill="currentColor">
<path d="M2.128 20.318 12 3.283l9.872 17.035H2.128ZM4.55 18.92h14.898L12 6.081 4.55 18.919Zm7.446-1.212a.75.75 0 0 0 .55-.217.738.738 0 0 0 .22-.548.751.751 0 0 0-.217-.55.738.738 0 0 0-.547-.22.751.751 0 0 0-.55.217.737.737 0 0 0-.22.548.75.75 0 0 0 .764.77Zm-.686-2.515h1.399v-4.94h-1.4v4.94Z"></path>
</svg>
<!--?--> </div> <vt-ui-sandbox-icon-row><template shadowrootmode="open"><!----> <!--?lit$336419335$--><div class="hstack icons-row"> <!--?lit$336419335$--><!----><div class="box rounded-circle d-inline-flex align-middle bg-body attributed border "> <!--?lit$336419335$--><div data-tooltip-position="right" data-tooltip-text="CAPE Sandbox"> <!--?lit$336419335$--><!--?lit$336419335$--><svg width="1em" height="1em" viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg">
<path d="M6.18844 18.4529C6.18844 18.4529 4.13057 16.586 3.59932 12.5028C3.06807 8.41949 4.75523 5.8289 6.88217 3.82163C9.00912 1.81437 12.1772 1.27818 14.3732 3.16859C16.5692 5.05899 18.3264 8.44208 15.9913 10.7528C15.9913 10.7528 12.7084 7.08884 7.99138 10.6359C4.75426 13.366 6.18844 18.4529 6.18844 18.4529Z" fill="#FF001D"></path>
<path d="M13.009 22C13.009 22 8.61594 21.2998 7.38317 17.0997C6.1504 12.8995 8.06134 10.9237 10.6203 10.2078C10.6203 10.2078 9.69595 12.4173 11.6526 12.9771C13.6093 13.5369 15.7985 13.1018 17.3553 10.69C17.3553 10.6585 18.049 9.7099 17.7562 6.73828C17.7562 6.73828 18.7116 8.60511 20.5 9.44475C20.5 9.44475 19.3752 10.6271 20.4533 12.93C20.4533 12.93 18.6503 13.4593 18.7574 15.8859C18.7574 15.8859 16.6304 15.8083 16.1527 18.4843C16.1527 18.4843 12.4699 18.6709 13.009 22Z" fill="#222222"></path>
</svg>
<!--?--> </div> </div><!----><!----><div class="box rounded-circle d-inline-flex align-middle bg-body attributed border icon-margin "> <!--?lit$336419335$--><div data-tooltip-position="right" data-tooltip-text="VirusTotal Jujubox"> <!--?lit$336419335$--><!--?lit$336419335$--><svg width="1em" height="1em" viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg">
<path fill-rule="evenodd" clip-rule="evenodd" d="M2.20001 7.7786V16.9904V17.0161L11.999 21.6219V12.2919L2.20001 7.6861V7.7786Z" fill="#EFD8CB"></path>
<path fill-rule="evenodd" clip-rule="evenodd" d="M2.38342 8.0387C2.38342 8.0387 9.02517 11.3267 10.4226 13.3924C11.8201 15.458 11.3187 21.3844 11.3187 21.3844L12.0351 21.6908L12.2567 12.4716L2.38342 8.0387Z" fill="#AB9B9B" fill-opacity="0.63"></path>
<path fill-rule="evenodd" clip-rule="evenodd" d="M5.21887 9.26135C5.21887 9.26135 4.89926 10.1313 5.0143 10.4881C5.12953 10.8448 5.48024 11.0283 5.48024 11.0283C5.48024 11.0283 5.29239 10.6439 5.69829 10.2843C5.91472 10.0927 6.01304 10.1425 6.01304 10.1425C6.01304 10.1425 5.89944 10.427 5.87697 10.6909C5.8412 11.1119 6.26561 11.4886 6.26561 11.4886C6.26561 11.4886 6.19352 10.8976 6.88596 10.6671C7.29329 10.5315 7.03336 10.9713 7.03336 10.9713C7.03336 10.9713 7.57461 10.6297 7.17807 11.1934C6.81747 11.706 7.65245 12.0263 7.65245 12.0263C7.65245 12.0263 7.45597 11.5911 7.91005 11.3959C8.75527 11.0327 9.34291 11.2618 9.34291 11.2618L5.21887 9.26135Z" fill="#444444"></path>
<path fill-rule="evenodd" clip-rule="evenodd" d="M5.83875 17.7814C5.83875 17.7814 6.2954 18.5724 5.30194 18.5733L6.66256 19.2172C6.66256 19.2172 6.12701 18.2939 6.52759 18.0519L5.83875 17.7814Z" fill="#444444"></path>
<path fill-rule="evenodd" clip-rule="evenodd" d="M4.22961 13C4.22961 13 3.90982 13.87 4.02504 14.2267C4.14027 14.5834 4.4908 14.7669 4.4908 14.7669C4.4908 14.7669 4.30313 14.3825 4.70903 14.0229C4.92546 13.8314 5.02379 13.8811 5.02379 13.8811C5.02379 13.8811 4.91018 14.1657 4.88771 14.4296C4.85194 14.8506 5.27635 15.2272 5.27635 15.2272C5.27635 15.2272 5.20426 14.6362 5.8967 14.4057C6.30403 14.2702 6.04392 14.71 6.04392 14.71C6.04392 14.71 6.58536 14.3684 6.18881 14.9321C5.82821 15.4446 6.66301 15.7649 6.66301 15.7649C6.66301 15.7649 6.46671 15.3297 6.92079 15.1346C7.76601 14.7714 8.35347 15.0005 8.35347 15.0005L4.22961 13Z" fill="#6D6D6D"></path>
<path fill-rule="evenodd" clip-rule="evenodd" d="M12.0351 12.4407L2.25061 7.81036L12.0351 3.18018L21.8196 7.81036L12.0351 12.4407Z" fill="#EDC7AE"></path>
<path fill-rule="evenodd" clip-rule="evenodd" d="M3.65948 7.14372C3.65948 7.14372 5.00265 7.05988 5.54282 7.54945C5.8308 7.81049 5.08498 9.0117 5.08498 9.0117C5.75602 9.44885 9.07312 10.9879 9.07312 10.9879C9.07312 10.9879 14.4087 8.39593 15.7255 9.35622C16.5173 9.93358 16.0756 10.5508 16.0756 10.5508L21.8197 7.81049L12.0681 3.2663L3.65948 7.14372Z" fill="#444444"></path>
<path fill-rule="evenodd" clip-rule="evenodd" d="M12.0352 21.6908L21.8196 17.319V8.00494L12.0352 12.3385V21.6908Z" fill="#BA9988"></path>
<path fill-rule="evenodd" clip-rule="evenodd" d="M21.7445 17.1639V7.90332L16.0756 10.5508C16.0756 10.5508 18.1254 13.1166 17.8775 14.6078C17.623 16.14 17.5225 16.9141 17.5225 16.9141L21.7445 17.1639Z" fill="#262626"></path>
<path fill-rule="evenodd" clip-rule="evenodd" d="M16.2933 13.8627L16.9243 13.2175C16.9243 13.2175 17.8586 13.1534 17.8759 14.2022C17.8932 15.2508 17.7409 16.7185 17.6658 16.8114C17.5907 16.9044 16.8341 17.1831 16.4736 17.061" fill="#EFD8CB"></path>
<path fill-rule="evenodd" clip-rule="evenodd" d="M12.0352 12.3385L21.8196 8.00488V17.3191C21.8196 17.3191 22.7975 12.7591 19.3003 11.8466C15.8027 10.934 12.0352 12.3385 12.0352 12.3385Z" fill="#6D6D6D"></path>
<path fill-rule="evenodd" clip-rule="evenodd" d="M12.0352 3.18018L21.8196 7.81054L13.6068 11.6969C13.6068 11.6969 19.6129 9.16741 17.877 7.39673C15.2207 4.68766 12.0352 3.18018 12.0352 3.18018Z" fill="#6D6D6D"></path>
<path fill-rule="evenodd" clip-rule="evenodd" d="M17.125 12.9297C17.125 12.9297 19.831 13.3546 20.1918 14.8479C20.5524 16.3412 20.6651 17.0611 20.6651 17.0611L17.7182 16.8213C17.7182 16.8213 17.9725 14.8992 17.8763 14.2021C17.7802 13.5049 17.125 12.9297 17.125 12.9297Z" fill="#6D6D6D"></path>
<path fill-rule="evenodd" clip-rule="evenodd" d="M10.8194 15.4863C10.8194 16.4271 10.3743 16.6558 9.43241 16.6558C8.49029 16.6558 7.52283 15.8055 7.52283 14.8648C7.52283 13.9239 8.24726 13.4879 9.18938 13.4879C10.1313 13.4879 10.8194 14.5454 10.8194 15.4863Z" fill="#F4F4F4"></path>
<path fill-rule="evenodd" clip-rule="evenodd" d="M6.53501 13.607C6.53501 14.5479 6.08993 14.7765 5.14799 14.7765C4.20587 14.7765 3.2384 13.9262 3.2384 12.9855C3.2384 12.0446 3.96283 11.6085 4.90495 11.6085C5.84689 11.6085 6.53501 12.6663 6.53501 13.607Z" fill="#F4F4F4"></path>
<path fill-rule="evenodd" clip-rule="evenodd" d="M5.72381 18.634L6.16627 18.8437C6.08612 18.613 6.03184 18.3414 6.11074 18.1323L5.9932 18.0858C6.00327 18.1994 5.98925 18.3231 5.92329 18.4375C5.87639 18.5183 5.80989 18.5841 5.72381 18.634ZM6.5345 19.3972C6.50844 19.3972 6.4822 19.3917 6.45758 19.38L5.09679 18.736C5.02041 18.6999 4.97944 18.6161 4.99795 18.5339C5.01646 18.4515 5.08942 18.3931 5.17353 18.3931C5.40536 18.3928 5.56063 18.3446 5.61113 18.2574C5.68014 18.1378 5.58399 17.9226 5.5547 17.8716C5.51642 17.805 5.52415 17.722 5.57411 17.6641C5.62425 17.6063 5.70548 17.587 5.77683 17.6138L6.46567 17.8842C6.52929 17.9095 6.57332 17.9685 6.57925 18.0368C6.585 18.1052 6.55157 18.1705 6.49299 18.2061C6.33304 18.3028 6.50844 18.812 6.69049 19.1272C6.73003 19.1954 6.72051 19.2812 6.66731 19.3392C6.63209 19.3773 6.58374 19.3972 6.5345 19.3972Z" fill="#35302C"></path>
<path fill-rule="evenodd" clip-rule="evenodd" d="M3.84828 12.7521C3.81234 12.7521 3.77819 12.7304 3.76435 12.695C3.7462 12.6485 3.76902 12.5963 3.81539 12.5781L4.74649 12.2137C4.79304 12.1954 4.84515 12.2184 4.8633 12.2649C4.88146 12.3112 4.85863 12.3634 4.81227 12.3816L3.88117 12.7458C3.87038 12.7501 3.85924 12.7521 3.84828 12.7521Z" fill="#35302C"></path>
<path fill-rule="evenodd" clip-rule="evenodd" d="M4.29011 13.1934C4.25417 13.1934 4.22003 13.1715 4.20619 13.1361C4.18804 13.09 4.21086 13.0375 4.25705 13.0196L4.7421 12.8295C4.78864 12.8113 4.84094 12.8341 4.85909 12.8805C4.87724 12.9268 4.85424 12.979 4.80805 12.9971L4.323 13.1871C4.31204 13.1912 4.30108 13.1934 4.29011 13.1934Z" fill="#35302C"></path>
<path fill-rule="evenodd" clip-rule="evenodd" d="M8.0226 14.6279C7.98665 14.6279 7.95251 14.606 7.93867 14.5706C7.92052 14.5245 7.94334 14.4721 7.98971 14.4541L8.92081 14.0897C8.96771 14.0719 9.01965 14.0944 9.03762 14.1409C9.05577 14.1868 9.03295 14.2392 8.98658 14.2572L8.05548 14.6216C8.0447 14.6258 8.03356 14.6279 8.0226 14.6279Z" fill="#35302C"></path>
<path fill-rule="evenodd" clip-rule="evenodd" d="M8.46435 15.0691C8.42822 15.0691 8.39426 15.0472 8.38042 15.0118C8.36227 14.9657 8.38527 14.9133 8.43146 14.8953L8.91651 14.7057C8.96341 14.6874 9.01499 14.7102 9.03332 14.7567C9.05147 14.8029 9.02865 14.8553 8.98228 14.8732L8.49741 15.0626C8.48645 15.0669 8.47531 15.0691 8.46435 15.0691Z" fill="#35302C"></path>
<path fill-rule="evenodd" clip-rule="evenodd" d="M2.67167 7.81052L12.035 12.2414L21.3986 7.81052L12.035 3.37943L2.67167 7.81052ZM2.43082 8.09491L11.8549 12.5546L11.8548 12.5595V15.7572L11.8408 15.7638L10.9997 15.4726C10.9933 14.4456 10.2516 13.3077 9.18938 13.3077C8.50487 13.3077 7.97614 13.523 7.66314 13.9034L6.71212 13.4879C6.65789 12.4902 5.93099 11.4285 4.90502 11.4285C4.20441 11.4285 3.66707 11.6541 3.35718 12.0513L2.49999 11.5C2.47791 11.4876 2.4544 11.4803 2.43082 11.4778V8.09491ZM6.7017 13.8762L7.47231 14.213C7.38725 14.4048 7.34253 14.6232 7.34253 14.8647C7.34253 15.878 8.35817 16.8357 9.43241 16.8357C10.2626 16.8357 10.8481 16.6568 10.9743 15.845L11.7925 16.1281C11.8115 16.1347 11.8315 16.138 11.8514 16.138L11.8548 16.1379V21.5352L2.43082 17.0758V11.8833L3.17577 12.3625C3.09874 12.5473 3.05835 12.756 3.05835 12.9855C3.05835 13.9988 4.07381 14.9565 5.14805 14.9565C6.00792 14.9565 6.60539 14.7647 6.7017 13.8762ZM6.35477 13.6127C6.35464 13.6088 6.35464 13.605 6.35477 13.6011C6.35199 12.7442 5.73293 11.
</svg>
<!--?--> </div> </div><!----><!----><div class="box rounded-circle d-inline-flex align-middle bg-body attributed border icon-margin "> <!--?lit$336419335$--><div data-tooltip-position="right" data-tooltip-text="Zenbox"> <!--?lit$336419335$--><!--?lit$336419335$--><svg width="1em" height="1em" viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg">
<path fill-rule="evenodd" clip-rule="evenodd" d="M11.8125 3.625V9.25L8.4375 10.8125L3.625 7.375L11.8125 3.625ZM15.8703 10.7525L12 12.8125L9.4375 10.75L12.4375 9.125L12.625 9.21364V3.625L20.8125 7.375L16 10.8125L15.8703 10.7525Z" fill="#86AAF9"></path>
<path fill-rule="evenodd" clip-rule="evenodd" d="M2.9375 8.125V16L11.875 20.9375V13L2.9375 8.125ZM21.6875 8.4375V16.3125L12.75 21.25V13.3125L21.6875 8.4375Z" fill="#CFDDFC"></path>
<path d="M21.7247 6.85182L12.9174 2.13603C12.6422 1.95466 12.367 1.95466 12.0917 2.13603L2.55046 6.85182C2.27522 7.0332 2.09174 7.30526 2 7.66801V15.9206C2 16.2834 2.18349 16.5555 2.45871 16.7368L11.5413 21.906C11.6821 21.9794 11.8414 22.0108 12 21.9967H12.2752C12.367 21.9967 12.4587 21.906 12.4587 21.906L21.5413 16.8275C21.8164 16.6461 22 16.374 22 16.0114V7.84939C22 7.3125 21.9778 7.01857 21.7247 6.85182ZM12.367 11.9304L10.8073 11.0235L12.4587 10.1166L14.0183 10.9328L12.367 11.9304ZM15.8531 9.84457L13.4679 8.57489V4.58462L19.3394 7.7587L15.8531 9.84457ZM11.633 4.31255V8.39352L8.97246 9.93524L4.93577 7.66801L11.633 4.31255ZM3.83485 9.20972L11.1743 13.2907V19.4575L3.83485 15.2858V9.20972ZM13.0092 19.4575V13.6535L20.3485 9.3004V15.3765L13.0092 19.4575Z" fill="#0B4DDA"></path>
</svg>
<!--?--> </div> </div><!----> </div><!--?--></template></vt-ui-sandbox-icon-row> </div> <div class="flex-grow-1"> <slot name="title"></slot> <!--?lit$336419335$--> <div class="hstack gap-1"> <div class="hstack align-self-start fs-6"> <!--?lit$336419335$--><!--?lit$336419335$--><svg xmlns="http://www.w3.org/2000/svg" width="1em" height="1em" viewBox="0 0 24 24" fill="currentColor">
<path d="M5.24 5.346v8.442c0 .5.177.925.53 1.278.353.353.78.53 1.278.53h8.594l-1.85 1.85 1.054 1.054 3.654-3.654-3.654-3.654-1.054 1.054 1.85 1.85H7.048a.3.3 0 0 1-.221-.086.3.3 0 0 1-.087-.222V5.346h-1.5Z"></path>
</svg>
<!--?--> </div> <slot name="details"></slot> </div> </div> </div> <!--?lit$336419335$--> <div class="matches-actions position-absolute bg-body hstack top-0 bottom-0 end-0"> <slot name="actions"></slot> </div> </div></template> <span slot="title"> <!--?lit$336419335$--> <!--?lit$336419335$--> <!--?lit$336419335$-->Matches <span> rule</span> <span class=" text-danger "> <!--?lit$336419335$-->ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst</span> <span> at <!--?lit$336419335$-->Proofpoint Emerging Threats Open </span> </span> <span slot="details" class="match-description"> <!--?lit$336419335$-->A Network Trojan was detected </span> <span slot="actions" class="hstack flex-nowrap"> <!--?lit$336419335$--> <vt-ui-button icon="" target="_blank" data-rule-index="1"><template shadowrootmode="open"><!----> <!--?lit$336419335$--> <span id="wrapperLink" class=" " tabindex="0"> <!--?lit$336419335$--> <!--?lit$336419335$--> <span class="wrapper "> <!--?lit$336419335$--><!--?lit$336419335$--><
<path d="M12.002 15.577c1.133 0 2.096-.397 2.887-1.19.792-.793 1.188-1.756 1.188-2.89 0-1.132-.397-2.095-1.19-2.886-.793-.792-1.756-1.188-2.89-1.188-1.132 0-2.095.397-2.886 1.19-.792.793-1.188 1.756-1.188 2.89 0 1.132.397 2.095 1.19 2.886.793.792 1.756 1.188 2.89 1.188ZM12 14.2c-.75 0-1.387-.262-1.912-.787A2.604 2.604 0 0 1 9.3 11.5c0-.75.262-1.387.787-1.912A2.604 2.604 0 0 1 12 8.8c.75 0 1.387.262 1.912.787.525.526.788 1.163.788 1.913s-.262 1.387-.787 1.912A2.604 2.604 0 0 1 12 14.2Zm.001 4.3c-2.3 0-4.395-.634-6.286-1.903-1.89-1.269-3.283-2.968-4.177-5.097.894-2.13 2.286-3.829 4.176-5.097C7.604 5.134 9.699 4.5 11.999 4.5c2.3 0 4.394.634 6.286 1.903 1.89 1.268 3.283 2.968 4.177 5.097-.894 2.13-2.286 3.829-4.176 5.097C16.396 17.866 14.3 18.5 12 18.5ZM12 17a9.544 9.544 0 0 0 5.188-1.488A9.774 9.774 0 0 0 20.8 11.5a9.773 9.773 0 0 0-3.613-4.013A9.545 9.545 0 0 0 12 6a9.545 9.545 0 0 0-5.188 1.487A9.773 9.773 0 0 0 3.2 11.5a9.773 9.773 0 0 0 3.612 4.012A9.544 9.544 0 0 0 12 17Z"></path>
</svg>
<!--?--> <span id="slot"><slot></slot></span> <!--?lit$336419335$--> </span> </span> <div class="spinner"> <div class="bounce1"></div> <div class="bounce2"></div> <div class="bounce3"></div> </div> </template><span><!--?lit$336419335$-->View rule</span></vt-ui-button> <!--?lit$336419335$--> <vt-ui-button icon="" target="_blank" data-rule-index="1"><template shadowrootmode="open"><!----> <!--?lit$336419335$--> <span id="wrapperLink" class=" " tabindex="0"> <!--?lit$336419335$--> <!--?lit$336419335$--> <span class="wrapper "> <!--?lit$336419335$--><!--?lit$336419335$--><svg xmlns="http://www.w3.org/2000/svg" width="1em" height="1em" viewBox="0 0 24 24" fill="currentColor">
<path fill-rule="evenodd" d="M11.31 20.337v1.67h1.4v-1.67c2.064-.203 3.792-1.005 5.184-2.403 1.392-1.398 2.19-3.13 2.393-5.195h1.67V11.34h-1.67c-.203-2.064-1.001-3.793-2.393-5.184-1.392-1.392-3.12-2.19-5.184-2.393v-1.67h-1.4v1.67c-2.064.203-3.796 1.001-5.194 2.393-1.399 1.391-2.2 3.12-2.404 5.184h-1.67v1.4h1.67c.204 2.064 1.005 3.796 2.404 5.194 1.398 1.398 3.13 2.2 5.194 2.403Zm5.596-3.401c-1.342 1.355-2.97 2.033-4.886 2.033-1.915 0-3.55-.678-4.906-2.033-1.138-1.139-1.799-2.474-1.981-4.007a7.905 7.905 0 0 0 2.46 2.646A7.667 7.667 0 0 0 12 16.924a7.67 7.67 0 0 0 4.408-1.349 7.904 7.904 0 0 0 2.46-2.646c-.181 1.532-.835 2.868-1.962 4.007Zm1.952-5.881a7.905 7.905 0 0 0-2.45-2.63A7.667 7.667 0 0 0 12 7.076a7.67 7.67 0 0 0-4.408 1.349 7.904 7.904 0 0 0-2.45 2.63c.196-1.5.853-2.803 1.972-3.911 1.356-1.342 2.991-2.013 4.906-2.013 1.915 0 3.544.67 4.886 2.013 1.108 1.108 1.759 2.412 1.952 3.911Zm-4.875 2.928A2.7 2.7 0 0 1 12 14.8a2.7 2.7 0 0 1-1.983-.817A2.7 2.7 0 0 1 9.2 12a2.7 2.7 0 0 1 .817-1.983A2.7 2.7 0 0 1
</svg>
<!--?--> <span id="slot"><slot></slot></span> <!--?lit$336419335$--> </span> </span> <div class="spinner"> <div class="bounce1"></div> <div class="bounce2"></div> <div class="bounce3"></div> </div> </template><span><!--?lit$336419335$-->View matches</span></vt-ui-button> <!--?lit$336419335$--> </span> </vt-ui-crowdsourced-rules-row> </div> <!----> <div class="see-all-action" hidden=""> <vt-ui-button icon=""><template shadowrootmode="open"><!----> <!--?lit$336419335$--> <span id="wrapperLink" class=" " tabindex="0"> <!--?lit$336419335$--> <!--?lit$336419335$--> <span class="wrapper "> <!--?lit$336419335$--><!--?lit$336419335$--><svg xmlns="http://www.w3.org/2000/svg" width="1em" height="1em" viewBox="0 0 24 24" fill="currentColor">
<path d="M12 15.038 6.346 9.385 7.4 8.33l4.6 4.6 4.6-4.6 1.054 1.054L12 15.038Z"></path>
</svg>
<!--?--> <span id="slot"><slot></slot></span> <!--?lit$336419335$--> </span> </span> <div class="spinner"> <div class="bounce1"></div> <div class="bounce2"></div> <div class="bounce3"></div> </div> </template>See all</vt-ui-button> </div> </div> </span> </vt-ui-crowdsourced-rules-scaffold> </span> </vt-ui-expandable> <!--?lit$336419335$--> <div> <!--?lit$336419335$--> <vt-ui-sliding-panel id="idsAlertRuleDrawer" class="drawer"><template shadowrootmode="open"><!----> <vt-click-away-listener><template shadowrootmode="open"><!----> <slot></slot> </template><!--?lit$336419335$--> <div class="container"> <div class="header"> <!--?lit$336419335$--> <slot name="header"></slot> <button class="btn btn-link hstack fs-5"> <!--?lit$336419335$--><!--?lit$336419335$--><svg xmlns="http://www.w3.org/2000/svg" width="1em" height="1em" viewBox="0 0 24 24" fill="currentColor">
<path d="M6.4 18.654 5.346 17.6l5.6-5.6-5.6-5.6L6.4 5.346l5.6 5.6 5.6-5.6L18.654 6.4l-5.6 5.6 5.6 5.6-1.054 1.054-5.6-5.6-5.6 5.6Z"></path>
</svg>
<!--?--> </button> </div> <div class="body"> <slot name="body"></slot> </div> </div> </vt-click-away-listener> </template> <div slot="header"> <h2><!--?lit$336419335$--></h2> <div class="rule-description"> Unique rule identifier: <!--?lit$336419335$--> </div> <div> <a target="_blank" rel="noopener noreferrer"> <!--?lit$336419335$--> </a> </div> </div> <div slot="body"> <div class="code-header flex"> <div class="code-header__actions" hidden=""> <div> <vt-ui-button icon=""><template shadowrootmode="open"><!----> <!--?lit$336419335$--> <span id="wrapperLink" class=" " tabindex="0"> <!--?lit$336419335$--> <!--?lit$336419335$--> <span class="wrapper "> <!--?lit$336419335$--><!--?lit$336419335$--><svg xmlns="http://www.w3.org/2000/svg" width="1em" height="1em" viewBox="0 0 24 24" fill="currentColor">
<path d="M9.058 17.5c-.505 0-.933-.175-1.283-.525a1.745 1.745 0 0 1-.525-1.283V4.308c0-.505.175-.933.525-1.283.35-.35.778-.525 1.283-.525h8.384c.505 0 .933.175 1.283.525.35.35.525.778.525 1.283v11.384c0 .505-.175.933-.525 1.283-.35.35-.778.525-1.283.525H9.058Zm0-1.5h8.384a.294.294 0 0 0 .212-.096.294.294 0 0 0 .096-.212V4.308a.294.294 0 0 0-.096-.212.294.294 0 0 0-.212-.096H9.058a.294.294 0 0 0-.212.096.294.294 0 0 0-.096.212v11.384c0 .077.032.148.096.212a.294.294 0 0 0 .212.096Zm-3.5 5c-.505 0-.933-.175-1.283-.525a1.745 1.745 0 0 1-.525-1.283V6.308h1.5v12.884c0 .077.032.148.096.212a.294.294 0 0 0 .212.096h9.884V21H5.558Z"></path>
</svg>
<!--?--> <span id="slot"><slot></slot></span> <!--?lit$336419335$--> </span> </span> <div class="spinner"> <div class="bounce1"></div> <div class="bounce2"></div> <div class="bounce3"></div> </div> </template>Copy rule </vt-ui-button> </div> <div> <vt-ui-button icon=""><template shadowrootmode="open"><!----> <!--?lit$336419335$--> <span id="wrapperLink" class=" " tabindex="0"> <!--?lit$336419335$--> <!--?lit$336419335$--> <span class="wrapper "> <!--?lit$336419335$--><!--?lit$336419335$--><svg xmlns="http://www.w3.org/2000/svg" width="1em" height="1em" viewBox="0 0 24 24" fill="currentColor">
<path d="M12 15.788 7.73 11.52l1.055-1.084L11.25 12.9V4.5h1.5v8.4l2.465-2.465 1.054 1.084L12 15.79ZM6.308 19.5c-.505 0-.933-.175-1.283-.525a1.745 1.745 0 0 1-.525-1.283v-2.711H6v2.711c0 .077.032.148.096.212a.294.294 0 0 0 .212.096h11.384a.294.294 0 0 0 .212-.096.294.294 0 0 0 .096-.212v-2.711h1.5v2.711c0 .505-.175.933-.525 1.283-.35.35-.778.525-1.283.525H6.308Z"></path>
</svg>
<!--?--> <span id="slot"><slot></slot></span> <!--?lit$336419335$--> </span> </span> <div class="spinner"> <div class="bounce1"></div> <div class="bounce2"></div> <div class="bounce3"></div> </div> </template>Download </vt-ui-button> </div> </div> <div> This rule belongs to a private collection. </div> </div> <vt-ui-code-highlighter id="code-editor"><template shadowrootmode="open"><!----><div class="vstack gap-2 w-100"> <!--?lit$336419335$--> <pre class="fs-6 mh-100 overflow-auto m-0 d-flex"><!--?lit$336419335$--><div class="CodeMirror cm-s-solarized CodeMirror-wrap" translate="no" style="clip-path: inset(0px);"><div style="overflow: hidden; position: relative; width: 3px; height: 0px;"><textarea autocorrect="off" autocapitalize="off" spellcheck="false" readonly="" tabindex="0" style="position: absolute; bottom: -1em; padding: 0px; width: 1000px; height: 1em; min-height: 1em; outline: none;"></textarea></div><div class="CodeMirror-vscrollbar" tabindex="-1" cm-not-content="true"><div style="min-width: 1px;">
<path d="M11.31 16.649h1.4V11.02h-1.4v5.629Zm.687-7.28a.75.75 0 0 0 .55-.217.738.738 0 0 0 .22-.547.751.751 0 0 0-.217-.55.738.738 0 0 0-.547-.22.75.75 0 0 0-.55.217.738.738 0 0 0-.22.547.75.75 0 0 0 .764.77Zm.005 11.93a9.05 9.05 0 0 1-3.626-.734 9.395 9.395 0 0 1-2.954-1.99 9.407 9.407 0 0 1-1.988-2.951 9.034 9.034 0 0 1-.732-3.622 9.05 9.05 0 0 1 .733-3.626 9.394 9.394 0 0 1 1.99-2.954 9.406 9.406 0 0 1 2.951-1.988 9.034 9.034 0 0 1 3.622-.732 9.05 9.05 0 0 1 3.626.733 9.394 9.394 0 0 1 2.954 1.99 9.406 9.406 0 0 1 1.988 2.951 9.034 9.034 0 0 1 .732 3.622 9.05 9.05 0 0 1-.733 3.626 9.394 9.394 0 0 1-1.99 2.954 9.405 9.405 0 0 1-2.951 1.988 9.033 9.033 0 0 1-3.622.732Zm-.002-1.4c2.198 0 4.064-.767 5.598-2.3 1.534-1.534 2.301-3.4 2.301-5.599 0-2.198-.767-4.064-2.3-5.598C16.064 4.868 14.198 4.1 12 4.1c-2.198 0-4.064.767-5.598 2.3C4.868 7.936 4.1 9.802 4.1 12c0 2.198.767 4.064 2.3 5.598C7.936 19.132 9.802 19.9 12 19.9Z"></path>
</svg>
<!--?--> </a> <vt-ui-tooltip for="info" position="right" animation-delay="0" class="tooltip-info" noink=""><template shadowrootmode="open"><!----> <div class="tooltip bs-tooltip-auto" role="tooltip" data-popper-reference-hidden="" data-popper-escaped="" data-popper-placement="right" style="position: absolute; inset: 0px auto auto 0px; margin: 0px; transform: translate3d(5.84795px, 0px, 0px);"> <div data-popper-arrow="" class="tooltip-arrow" style="position: absolute; top: 0px; transform: translate3d(0px, 0px, 0px);"></div> <div class="tooltip-inner"> <slot></slot> </div> </div> </template><!--?lit$336419335$-->When executing the file being studied, the following network communications were observed. </vt-ui-tooltip> <!--?lit$336419335$--> <!--?lit$336419335$--> <span class="ms-auto"><!--?lit$336419335$--></span> <!--?lit$336419335$--> <slot name="header-right-side"></slot> <!--?lit$336419335$--> </slot> <!--?lit$336419335$--> <a role="button" class="hstack"><!--?lit$336419335$--><!--?lit$336419335$--><svg x
<path d="m7.4 15.038-1.054-1.053L12 8.33l5.654 5.654-1.054 1.053-4.6-4.6-4.6 4.6Z"></path>
</svg>
<!--?--></a> </div> <div class="details "> <!--?lit$336419335$--> <!--?lit$336419335$--> <slot name="content"></slot> </div> </div> </template> <div slot="content" class="vstack gap-2"> <!--?lit$336419335$--> <vt-ui-expandable-entry description="When executing the file being studied, it performed the following HTTP requests." id="http-convs"><template shadowrootmode="open"><!----> <section> <!--?lit$336419335$--> <!--?lit$336419335$--><h4 id="section-title"> <!--?lit$336419335$-->HTTP requests <!--?lit$336419335$--> </h4> <!--?lit$336419335$--> <!--?lit$336419335$--><vt-ui-tooltip for="section-title" position="right"><template shadowrootmode="open"><!----> <div class="tooltip bs-tooltip-auto" role="tooltip" data-popper-reference-hidden="" data-popper-escaped="" data-popper-placement="right" style="position: absolute; inset: 0px auto auto 0px; margin: 0px; transform: translate3d(5.84795px, 0px, 0px);"> <div data-popper-arrow="" class="tooltip-arrow" style="position: absolute; top: 0px; transform: translat
<path d="M11.35 12.636H5.703V11.34h5.649V5.69h1.298v5.65h5.649v1.297H12.65v5.65h-1.298v-5.65Z"></path>
</svg>
<!--?--> <span id="slot"><slot></slot></span> <!--?lit$336419335$--> </span> </span> <div class="spinner"> <div class="bounce1"></div> <div class="bounce2"></div> <div class="bounce3"></div> </div> </template></vt-ui-button> <div id="label"> <slot name="label-content"> <!--?lit$336419335$-->GET http://chairclose.net/index.php </slot> </div> </div> <div id="content" hidden=""> <slot name="content"></slot> </div> </template> <span slot="label-content"> <div class="hstack"> <vt-ui-sandbox-icon-row class="me-2"><template shadowrootmode="open"><!----> <!--?lit$336419335$--><div class="hstack icons-row"> <!--?lit$336419335$--><!----><div class="box rounded-circle d-inline-flex align-middle bg-body attributed border "> <!--?lit$336419335$--><div data-tooltip-position="right" data-tooltip-text="CAPE Sandbox"> <!--?lit$336419335$--><!--?lit$336419335$--><svg width="1em" height="1em" viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg">
<path d="M6.18844 18.4529C6.18844 18.4529 4.13057 16.586 3.59932 12.5028C3.06807 8.41949 4.75523 5.8289 6.88217 3.82163C9.00912 1.81437 12.1772 1.27818 14.3732 3.16859C16.5692 5.05899 18.3264 8.44208 15.9913 10.7528C15.9913 10.7528 12.7084 7.08884 7.99138 10.6359C4.75426 13.366 6.18844 18.4529 6.18844 18.4529Z" fill="#FF001D"></path>
<path d="M13.009 22C13.009 22 8.61594 21.2998 7.38317 17.0997C6.1504 12.8995 8.06134 10.9237 10.6203 10.2078C10.6203 10.2078 9.69595 12.4173 11.6526 12.9771C13.6093 13.5369 15.7985 13.1018 17.3553 10.69C17.3553 10.6585 18.049 9.7099 17.7562 6.73828C17.7562 6.73828 18.7116 8.60511 20.5 9.44475C20.5 9.44475 19.3752 10.6271 20.4533 12.93C20.4533 12.93 18.6503 13.4593 18.7574 15.8859C18.7574 15.8859 16.6304 15.8083 16.1527 18.4843C16.1527 18.4843 12.4699 18.6709 13.009 22Z" fill="#222222"></path>
</svg>
<!--?--> </div> </div><!----> </div><!--?--></template></vt-ui-sandbox-icon-row> <!--?lit$336419335$--> <!--?lit$336419335$-->GET http://chairclose.net/index.php </div> </span> <span slot="content"> <!--?lit$336419335$--><!--?lit$336419335$--><!--?--> <!--?lit$336419335$--><!--?lit$336419335$--><!--?--> <!--?lit$336419335$--> </span> </vt-ui-expandable-detail> <!----><!----> <vt-ui-expandable-detail class="segments-info" label="GET http://pleasantforever.net/index.php" hide-icon=""><template shadowrootmode="open"><!----> <div id="labelWrapper"> <vt-ui-button icon="" class="icon" is-expandable-control="" hidden=""><template shadowrootmode="open"><!----> <!--?lit$336419335$--> <span id="wrapperLink" class=" wrapperLink--no-empty-start-space " tabindex="0"> <!--?lit$336419335$--> <!--?lit$336419335$--> <span class="wrapper "> <!--?lit$336419335$--><!--?lit$336419335$--><svg xmlns="http://www.w3.org/2000/svg" width="1em" height="1em" viewBox="0 0 24 24" fill="currentColor">
<path d="M11.35 12.636H5.703V11.34h5.649V5.69h1.298v5.65h5.649v1.297H12.65v5.65h-1.298v-5.65Z"></path>
</svg>
<!--?--> <span id="slot"><slot></slot></span> <!--?lit$336419335$--> </span> </span> <div class="spinner"> <div class="bounce1"></div> <div class="bounce2"></div> <div class="bounce3"></div> </div> </template></vt-ui-button> <div id="label"> <slot name="label-content"> <!--?lit$336419335$-->GET http://pleasantforever.net/index.php </slot> </div> </div> <div id="content" hidden=""> <slot name="content"></slot> </div> </template> <span slot="label-content"> <div class="hstack"> <vt-ui-sandbox-icon-row class="me-2"><template shadowrootmode="open"><!----> <!--?lit$336419335$--><div class="hstack icons-row"> <!--?lit$336419335$--><!----><div class="box rounded-circle d-inline-flex align-middle bg-body attributed border "> <!--?lit$336419335$--><div data-tooltip-position="right" data-tooltip-text="CAPE Sandbox"> <!--?lit$336419335$--><!--?lit$336419335$--><svg width="1em" height="1em" viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg">
<path d="M6.18844 18.4529C6.18844 18.4529 4.13057 16.586 3.59932 12.5028C3.06807 8.41949 4.75523 5.8289 6.88217 3.82163C9.00912 1.81437 12.1772 1.27818 14.3732 3.16859C16.5692 5.05899 18.3264 8.44208 15.9913 10.7528C15.9913 10.7528 12.7084 7.08884 7.99138 10.6359C4.75426 13.366 6.18844 18.4529 6.18844 18.4529Z" fill="#FF001D"></path>
<path d="M13.009 22C13.009 22 8.61594 21.2998 7.38317 17.0997C6.1504 12.8995 8.06134 10.9237 10.6203 10.2078C10.6203 10.2078 9.69595 12.4173 11.6526 12.9771C13.6093 13.5369 15.7985 13.1018 17.3553 10.69C17.3553 10.6585 18.049 9.7099 17.7562 6.73828C17.7562 6.73828 18.7116 8.60511 20.5 9.44475C20.5 9.44475 19.3752 10.6271 20.4533 12.93C20.4533 12.93 18.6503 13.4593 18.7574 15.8859C18.7574 15.8859 16.6304 15.8083 16.1527 18.4843C16.1527 18.4843 12.4699 18.6709 13.009 22Z" fill="#222222"></path>
</svg>
<!--?--> </div> </div><!----> </div><!--?--></template></vt-ui-sandbox-icon-row> <!--?lit$336419335$--> <!--?lit$336419335$-->GET http://pleasantforever.net/index.php </div> </span> <span slot="content"> <!--?lit$336419335$--><!--?lit$336419335$--><!--?--> <!--?lit$336419335$--><!--?lit$336419335$--><!--?--> <!--?lit$336419335$--> </span> </vt-ui-expandable-detail> <!----><!----> <vt-ui-expandable-detail class="segments-info" label="GET http://withinclose.net/index.php" hide-icon=""><template shadowrootmode="open"><!----> <div id="labelWrapper"> <vt-ui-button icon="" class="icon" is-expandable-control="" hidden=""><template shadowrootmode="open"><!----> <!--?lit$336419335$--> <span id="wrapperLink" class=" wrapperLink--no-empty-start-space " tabindex="0"> <!--?lit$336419335$--> <!--?lit$336419335$--> <span class="wrapper "> <!--?lit$336419335$--><!--?lit$336419335$--><svg xmlns="http://www.w3.org/2000/svg" width="1em" height="1em" viewBox="0 0 24 24" fill="currentColor">
<path d="M11.35 12.636H5.703V11.34h5.649V5.69h1.298v5.65h5.649v1.297H12.65v5.65h-1.298v-5.65Z"></path>
</svg>
<!--?--> <span id="slot"><slot></slot></span> <!--?lit$336419335$--> </span> </span> <div class="spinner"> <div class="bounce1"></div> <div class="bounce2"></div> <div class="bounce3"></div> </div> </template></vt-ui-button> <div id="label"> <slot name="label-content"> <!--?lit$336419335$-->GET http://withinclose.net/index.php </slot> </div> </div> <div id="content" hidden=""> <slot name="content"></slot> </div> </template> <span slot="label-content"> <div class="hstack"> <vt-ui-sandbox-icon-row class="me-2"><template shadowrootmode="open"><!----> <!--?lit$336419335$--><div class="hstack icons-row"> <!--?lit$336419335$--><!----><div class="box rounded-circle d-inline-flex align-middle bg-body attributed border "> <!--?lit$336419335$--><div data-tooltip-position="right" data-tooltip-text="CAPE Sandbox"> <!--?lit$336419335$--><!--?lit$336419335$--><svg width="1em" height="1em" viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg">
<path d="M6.18844 18.4529C6.18844 18.4529 4.13057 16.586 3.59932 12.5028C3.06807 8.41949 4.75523 5.8289 6.88217 3.82163C9.00912 1.81437 12.1772 1.27818 14.3732 3.16859C16.5692 5.05899 18.3264 8.44208 15.9913 10.7528C15.9913 10.7528 12.7084 7.08884 7.99138 10.6359C4.75426 13.366 6.18844 18.4529 6.18844 18.4529Z" fill="#FF001D"></path>
<path d="M13.009 22C13.009 22 8.61594 21.2998 7.38317 17.0997C6.1504 12.8995 8.06134 10.9237 10.6203 10.2078C10.6203 10.2078 9.69595 12.4173 11.6526 12.9771C13.6093 13.5369 15.7985 13.1018 17.3553 10.69C17.3553 10.6585 18.049 9.7099 17.7562 6.73828C17.7562 6.73828 18.7116 8.60511 20.5 9.44475C20.5 9.44475 19.3752 10.6271 20.4533 12.93C20.4533 12.93 18.6503 13.4593 18.7574 15.8859C18.7574 15.8859 16.6304 15.8083 16.1527 18.4843C16.1527 18.4843 12.4699 18.6709 13.009 22Z" fill="#222222"></path>
</svg>
<!--?--> </div> </div><!----> </div><!--?--></template></vt-ui-sandbox-icon-row> <!--?lit$336419335$--> <!--?lit$336419335$-->GET http://withinclose.net/index.php </div> </span> <span slot="content"> <!--?lit$336419335$--><!--?lit$336419335$--><!--?--> <!--?lit$336419335$--><!--?lit$336419335$--><!--?--> <!--?lit$336419335$--> </span> </vt-ui-expandable-detail> <!----><!----> <vt-ui-expandable-detail class="segments-info" label="GET http://alonecatch.net/index.php" hide-icon=""><template shadowrootmode="open"><!----> <div id="labelWrapper"> <vt-ui-button icon="" class="icon" is-expandable-control="" hidden=""><template shadowrootmode="open"><!----> <!--?lit$336419335$--> <span id="wrapperLink" class=" wrapperLink--no-empty-start-space " tabindex="0"> <!--?lit$336419335$--> <!--?lit$336419335$--> <span class="wrapper "> <!--?lit$336419335$--><!--?lit$336419335$--><svg xmlns="http://www.w3.org/2000/svg" width="1em" height="1em" viewBox="0 0 24 24" fill="currentColor">
<path d="M11.35 12.636H5.703V11.34h5.649V5.69h1.298v5.65h5.649v1.297H12.65v5.65h-1.298v-5.65Z"></path>
</svg>
<!--?--> <span id="slot"><slot></slot></span> <!--?lit$336419335$--> </span> </span> <div class="spinner"> <div class="bounce1"></div> <div class="bounce2"></div> <div class="bounce3"></div> </div> </template></vt-ui-button> <div id="label"> <slot name="label-content"> <!--?lit$336419335$-->GET http://alonecatch.net/index.php </slot> </div> </div> <div id="content" hidden=""> <slot name="content"></slot> </div> </template> <span slot="label-content"> <div class="hstack"> <vt-ui-sandbox-icon-row class="me-2"><template shadowrootmode="open"><!----> <!--?lit$336419335$--><div class="hstack icons-row"> <!--?lit$336419335$--><!----><div class="box rounded-circle d-inline-flex align-middle bg-body attributed border "> <!--?lit$336419335$--><div data-tooltip-position="right" data-tooltip-text="VirusTotal Cuckoofork"> <!--?lit$336419335$--><!--?lit$336419335$--><svg width="1em" height="1em" viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg">
<path d="M17.1562 20.7656L6.1875 10.9844L5.71875 10.5312L11.0781 9.76562L15.2812 3.625L15.8594 4.45312L16.7344 4.82812L18.8281 11.2188L17.2344 13.625L17.1562 20.7656Z" fill="#CFDDFC"></path>
<path fill-rule="evenodd" clip-rule="evenodd" d="M15.625 2.14062L16.3906 4.09375L16.9363 3.32736L19.5882 11.2036L17.6256 14.3033L21 18.1061L20.1509 19.1647L17.8594 16.5V22L3.85938 10.2301L10.3521 8.99113L10.7344 9.34375L15.625 2.14062ZM15.5 4.5L11.5859 10.1094L12.3594 10.9531L16 5.5L15.5 4.5ZM11.7344 11.8125L10.1094 10.2301L6.71875 10.9531L10.3521 13.6562L11.7344 11.8125ZM16.7031 6.41157L11.1484 14.4922L14.1929 17.2212L18.3225 10.8363L16.7031 6.41157ZM15.2902 18.1061L16.8594 19.5V15.5L15.2902 18.1061Z" fill="#0B4DDA"></path>
</svg>
<!--?--> </div> </div><!----> </div><!--?--></template></vt-ui-sandbox-icon-row> <!--?lit$336419335$--> <!--?lit$336419335$-->GET http://alonecatch.net/index.php </div> </span> <span slot="content"> <!--?lit$336419335$--><!--?lit$336419335$--><!--?--> <!--?lit$336419335$--><!--?lit$336419335$--><!--?--> <!--?lit$336419335$--> </span> </vt-ui-expandable-detail> <!----><!----> <vt-ui-expandable-detail class="segments-info" label="GET http://classhealth.net/index.php" hide-icon=""><template shadowrootmode="open"><!----> <div id="labelWrapper"> <vt-ui-button icon="" class="icon" is-expandable-control="" hidden=""><template shadowrootmode="open"><!----> <!--?lit$336419335$--> <span id="wrapperLink" class=" wrapperLink--no-empty-start-space " tabindex="0"> <!--?lit$336419335$--> <!--?lit$336419335$--> <span class="wrapper "> <!--?lit$336419335$--><!--?lit$336419335$--><svg xmlns="http://www.w3.org/2000/svg" width="1em" height="1em" viewBox="0 0 24 24" fill="currentColor">
<path d="M11.35 12.636H5.703V11.34h5.649V5.69h1.298v5.65h5.649v1.297H12.65v5.65h-1.298v-5.65Z"></path>
</svg>
<!--?--> <span id="slot"><slot></slot></span> <!--?lit$336419335$--> </span> </span> <div class="spinner"> <div class="bounce1"></div> <div class="bounce2"></div> <div class="bounce3"></div> </div> </template></vt-ui-button> <div id="label"> <slot name="label-content"> <!--?lit$336419335$-->GET http://classhealth.net/index.php </slot> </div> </div> <div id="content" hidden=""> <slot name="content"></slot> </div> </template> <span slot="label-content"> <div class="hstack"> <vt-ui-sandbox-icon-row class="me-2"><template shadowrootmode="open"><!----> <!--?lit$336419335$--><div class="hstack icons-row"> <!--?lit$336419335$--><!----><div class="box rounded-circle d-inline-flex align-middle bg-body attributed border "> <!--?lit$336419335$--><div data-tooltip-position="right" data-tooltip-text="VirusTotal Cuckoofork"> <!--?lit$336419335$--><!--?lit$336419335$--><svg width="1em" height="1em" viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg">
<path d="M17.1562 20.7656L6.1875 10.9844L5.71875 10.5312L11.0781 9.76562L15.2812 3.625L15.8594 4.45312L16.7344 4.82812L18.8281 11.2188L17.2344 13.625L17.1562 20.7656Z" fill="#CFDDFC"></path>
<path fill-rule="evenodd" clip-rule="evenodd" d="M15.625 2.14062L16.3906 4.09375L16.9363 3.32736L19.5882 11.2036L17.6256 14.3033L21 18.1061L20.1509 19.1647L17.8594 16.5V22L3.85938 10.2301L10.3521 8.99113L10.7344 9.34375L15.625 2.14062ZM15.5 4.5L11.5859 10.1094L12.3594 10.9531L16 5.5L15.5 4.5ZM11.7344 11.8125L10.1094 10.2301L6.71875 10.9531L10.3521 13.6562L11.7344 11.8125ZM16.7031 6.41157L11.1484 14.4922L14.1929 17.2212L18.3225 10.8363L16.7031 6.41157ZM15.2902 18.1061L16.8594 19.5V15.5L15.2902 18.1061Z" fill="#0B4DDA"></path>
</svg>
<!--?--> </div> </div><!----> </div><!--?--></template></vt-ui-sandbox-icon-row> <!--?lit$336419335$--> <!--?lit$336419335$-->GET http://classhealth.net/index.php </div> </span> <span slot="content"> <!--?lit$336419335$--><!--?lit$336419335$--><!--?--> <!--?lit$336419335$--><!--?lit$336419335$--><!--?--> <!--?lit$336419335$--> </span> </vt-ui-expandable-detail> <!----> </div> <vt-ui-expand-button initial-count="5"><template shadowrootmode="open"><!----> <!--?lit$336419335$--> <svg xmlns="http://www.w3.org/2000/svg" fill="currentColor"> <g> <path stroke-miterlimit="10" d="M18.9,3.5"></path> <path d="M12,14.9L12,14.9c-0.1,0-0.3-0.1-0.4-0.1L7.9,11c-0.2-0.2-0.2-0.5,0-0.7s0.5-0.2,0.7,0l3.4,3.4l3.4-3.4 c0.2-0.2,0.5-0.2,0.7,0s0.2,0.5,0,0.7l-3.7,3.7C12.3,14.8,12.1,14.9,12,14.9z"></path> </g> </svg> </template> </vt-ui-expand-button> </span> </vt-ui-expandable-entry> <!--?lit$336419335$--> <!--?lit$336419335$--> <vt-ui-expandable-entry description="When executing the file being studied, it performed the following
<path d="M11.35 12.636H5.703V11.34h5.649V5.69h1.298v5.65h5.649v1.297H12.65v5.65h-1.298v-5.65Z"></path>
</svg>
<!--?--> <span id="slot"><slot></slot></span> <!--?lit$336419335$--> </span> </span> <div class="spinner"> <div class="bounce1"></div> <div class="bounce2"></div> <div class="bounce3"></div> </div> </template></vt-ui-button> <div id="label"> <slot name="label-content"> <!--?lit$336419335$-->answerbeing.net </slot> </div> </div> <div id="content" hidden=""> <slot name="content"></slot> </div> </template> <span slot="label-content"> <div class="hstack"> <vt-ui-sandbox-icon-row class="me-2"><template shadowrootmode="open"><!----> <!--?lit$336419335$--><div class="hstack icons-row"> <!--?lit$336419335$--><!----><div class="box rounded-circle d-inline-flex align-middle bg-body attributed border "> <!--?lit$336419335$--><div data-tooltip-position="right" data-tooltip-text="CAPE Sandbox"> <!--?lit$336419335$--><!--?lit$336419335$--><svg width="1em" height="1em" viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg">
<path d="M6.18844 18.4529C6.18844 18.4529 4.13057 16.586 3.59932 12.5028C3.06807 8.41949 4.75523 5.8289 6.88217 3.82163C9.00912 1.81437 12.1772 1.27818 14.3732 3.16859C16.5692 5.05899 18.3264 8.44208 15.9913 10.7528C15.9913 10.7528 12.7084 7.08884 7.99138 10.6359C4.75426 13.366 6.18844 18.4529 6.18844 18.4529Z" fill="#FF001D"></path>
<path d="M13.009 22C13.009 22 8.61594 21.2998 7.38317 17.0997C6.1504 12.8995 8.06134 10.9237 10.6203 10.2078C10.6203 10.2078 9.69595 12.4173 11.6526 12.9771C13.6093 13.5369 15.7985 13.1018 17.3553 10.69C17.3553 10.6585 18.049 9.7099 17.7562 6.73828C17.7562 6.73828 18.7116 8.60511 20.5 9.44475C20.5 9.44475 19.3752 10.6271 20.4533 12.93C20.4533 12.93 18.6503 13.4593 18.7574 15.8859C18.7574 15.8859 16.6304 15.8083 16.1527 18.4843C16.1527 18.4843 12.4699 18.6709 13.009 22Z" fill="#222222"></path>
</svg>
<!--?--> </div> </div><!----><!----><div class="box rounded-circle d-inline-flex align-middle bg-body attributed border icon-margin "> <!--?lit$336419335$--><div data-tooltip-position="right" data-tooltip-text="Zenbox"> <!--?lit$336419335$--><!--?lit$336419335$--><svg width="1em" height="1em" viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg">
<path fill-rule="evenodd" clip-rule="evenodd" d="M11.8125 3.625V9.25L8.4375 10.8125L3.625 7.375L11.8125 3.625ZM15.8703 10.7525L12 12.8125L9.4375 10.75L12.4375 9.125L12.625 9.21364V3.625L20.8125 7.375L16 10.8125L15.8703 10.7525Z" fill="#86AAF9"></path>
<path fill-rule="evenodd" clip-rule="evenodd" d="M2.9375 8.125V16L11.875 20.9375V13L2.9375 8.125ZM21.6875 8.4375V16.3125L12.75 21.25V13.3125L21.6875 8.4375Z" fill="#CFDDFC"></path>
<path d="M21.7247 6.85182L12.9174 2.13603C12.6422 1.95466 12.367 1.95466 12.0917 2.13603L2.55046 6.85182C2.27522 7.0332 2.09174 7.30526 2 7.66801V15.9206C2 16.2834 2.18349 16.5555 2.45871 16.7368L11.5413 21.906C11.6821 21.9794 11.8414 22.0108 12 21.9967H12.2752C12.367 21.9967 12.4587 21.906 12.4587 21.906L21.5413 16.8275C21.8164 16.6461 22 16.374 22 16.0114V7.84939C22 7.3125 21.9778 7.01857 21.7247 6.85182ZM12.367 11.9304L10.8073 11.0235L12.4587 10.1166L14.0183 10.9328L12.367 11.9304ZM15.8531 9.84457L13.4679 8.57489V4.58462L19.3394 7.7587L15.8531 9.84457ZM11.633 4.31255V8.39352L8.97246 9.93524L4.93577 7.66801L11.633 4.31255ZM3.83485 9.20972L11.1743 13.2907V19.4575L3.83485 15.2858V9.20972ZM13.0092 19.4575V13.6535L20.3485 9.3004V15.3765L13.0092 19.4575Z" fill="#0B4DDA"></path>
</svg>
<!--?--> </div> </div><!----> </div><!--?--></template></vt-ui-sandbox-icon-row> <!--?lit$336419335$--> <!--?lit$336419335$-->answerbeing.net </div> </span> <span slot="content"> <!--?lit$336419335$--> <!--?lit$336419335$--> </span> </vt-ui-expandable-detail> <!----><!----> <vt-ui-expandable-detail hide-icon="" label="answerbeyond.net"><template shadowrootmode="open"><!----> <div id="labelWrapper"> <vt-ui-button icon="" class="icon" is-expandable-control="" hidden=""><template shadowrootmode="open"><!----> <!--?lit$336419335$--> <span id="wrapperLink" class=" wrapperLink--no-empty-start-space gtm_sandbox_dns_lookups " tabindex="0"> <!--?lit$336419335$--> <!--?lit$336419335$--> <span class="wrapper gtm_sandbox_dns_lookups"> <!--?lit$336419335$--><!--?lit$336419335$--><svg xmlns="http://www.w3.org/2000/svg" width="1em" height="1em" viewBox="0 0 24 24" fill="currentColor">
<path d="M11.35 12.636H5.703V11.34h5.649V5.69h1.298v5.65h5.649v1.297H12.65v5.65h-1.298v-5.65Z"></path>
</svg>
<!--?--> <span id="slot"><slot></slot></span> <!--?lit$336419335$--> </span> </span> <div class="spinner"> <div class="bounce1"></div> <div class="bounce2"></div> <div class="bounce3"></div> </div> </template></vt-ui-button> <div id="label"> <slot name="label-content"> <!--?lit$336419335$-->answerbeyond.net </slot> </div> </div> <div id="content" hidden=""> <slot name="content"></slot> </div> </template> <span slot="label-content"> <div class="hstack"> <vt-ui-sandbox-icon-row class="me-2"><template shadowrootmode="open"><!----> <!--?lit$336419335$--><div class="hstack icons-row"> <!--?lit$336419335$--><!----><div class="box rounded-circle d-inline-flex align-middle bg-body attributed border "> <!--?lit$336419335$--><div data-tooltip-position="right" data-tooltip-text="CAPE Sandbox"> <!--?lit$336419335$--><!--?lit$336419335$--><svg width="1em" height="1em" viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg">
<path d="M6.18844 18.4529C6.18844 18.4529 4.13057 16.586 3.59932 12.5028C3.06807 8.41949 4.75523 5.8289 6.88217 3.82163C9.00912 1.81437 12.1772 1.27818 14.3732 3.16859C16.5692 5.05899 18.3264 8.44208 15.9913 10.7528C15.9913 10.7528 12.7084 7.08884 7.99138 10.6359C4.75426 13.366 6.18844 18.4529 6.18844 18.4529Z" fill="#FF001D"></path>
<path d="M13.009 22C13.009 22 8.61594 21.2998 7.38317 17.0997C6.1504 12.8995 8.06134 10.9237 10.6203 10.2078C10.6203 10.2078 9.69595 12.4173 11.6526 12.9771C13.6093 13.5369 15.7985 13.1018 17.3553 10.69C17.3553 10.6585 18.049 9.7099 17.7562 6.73828C17.7562 6.73828 18.7116 8.60511 20.5 9.44475C20.5 9.44475 19.3752 10.6271 20.4533 12.93C20.4533 12.93 18.6503 13.4593 18.7574 15.8859C18.7574 15.8859 16.6304 15.8083 16.1527 18.4843C16.1527 18.4843 12.4699 18.6709 13.009 22Z" fill="#222222"></path>
</svg>
<!--?--> </div> </div><!----><!----><div class="box rounded-circle d-inline-flex align-middle bg-body attributed border icon-margin "> <!--?lit$336419335$--><div data-tooltip-position="right" data-tooltip-text="Zenbox"> <!--?lit$336419335$--><!--?lit$336419335$--><svg width="1em" height="1em" viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg">
<path fill-rule="evenodd" clip-rule="evenodd" d="M11.8125 3.625V9.25L8.4375 10.8125L3.625 7.375L11.8125 3.625ZM15.8703 10.7525L12 12.8125L9.4375 10.75L12.4375 9.125L12.625 9.21364V3.625L20.8125 7.375L16 10.8125L15.8703 10.7525Z" fill="#86AAF9"></path>
<path fill-rule="evenodd" clip-rule="evenodd" d="M2.9375 8.125V16L11.875 20.9375V13L2.9375 8.125ZM21.6875 8.4375V16.3125L12.75 21.25V13.3125L21.6875 8.4375Z" fill="#CFDDFC"></path>
<path d="M21.7247 6.85182L12.9174 2.13603C12.6422 1.95466 12.367 1.95466 12.0917 2.13603L2.55046 6.85182C2.27522 7.0332 2.09174 7.30526 2 7.66801V15.9206C2 16.2834 2.18349 16.5555 2.45871 16.7368L11.5413 21.906C11.6821 21.9794 11.8414 22.0108 12 21.9967H12.2752C12.367 21.9967 12.4587 21.906 12.4587 21.906L21.5413 16.8275C21.8164 16.6461 22 16.374 22 16.0114V7.84939C22 7.3125 21.9778 7.01857 21.7247 6.85182ZM12.367 11.9304L10.8073 11.0235L12.4587 10.1166L14.0183 10.9328L12.367 11.9304ZM15.8531 9.84457L13.4679 8.57489V4.58462L19.3394 7.7587L15.8531 9.84457ZM11.633 4.31255V8.39352L8.97246 9.93524L4.93577 7.66801L11.633 4.31255ZM3.83485 9.20972L11.1743 13.2907V19.4575L3.83485 15.2858V9.20972ZM13.0092 19.4575V13.6535L20.3485 9.3004V15.3765L13.0092 19.4575Z" fill="#0B4DDA"></path>
</svg>
<!--?--> </div> </div><!----> </div><!--?--></template></vt-ui-sandbox-icon-row> <!--?lit$336419335$--> <!--?lit$336419335$-->answerbeyond.net </div> </span> <span slot="content"> <!--?lit$336419335$--> <!--?lit$336419335$--> </span> </vt-ui-expandable-detail> <!----><!----> <vt-ui-expandable-detail hide-icon="" label="answerbottom.net"><template shadowrootmode="open"><!----> <div id="labelWrapper"> <vt-ui-button icon="" class="icon" is-expandable-control="" hidden=""><template shadowrootmode="open"><!----> <!--?lit$336419335$--> <span id="wrapperLink" class=" wrapperLink--no-empty-start-space gtm_sandbox_dns_lookups " tabindex="0"> <!--?lit$336419335$--> <!--?lit$336419335$--> <span class="wrapper gtm_sandbox_dns_lookups"> <!--?lit$336419335$--><!--?lit$336419335$--><svg xmlns="http://www.w3.org/2000/svg" width="1em" height="1em" viewBox="0 0 24 24" fill="currentColor">
<path d="M11.35 12.636H5.703V11.34h5.649V5.69h1.298v5.65h5.649v1.297H12.65v5.65h-1.298v-5.65Z"></path>
</svg>
<!--?--> <span id="slot"><slot></slot></span> <!--?lit$336419335$--> </span> </span> <div class="spinner"> <div class="bounce1"></div> <div class="bounce2"></div> <div class="bounce3"></div> </div> </template></vt-ui-button> <div id="label"> <slot name="label-content"> <!--?lit$336419335$-->answerbottom.net </slot> </div> </div> <div id="content" hidden=""> <slot name="content"></slot> </div> </template> <span slot="label-content"> <div class="hstack"> <vt-ui-sandbox-icon-row class="me-2"><template shadowrootmode="open"><!----> <!--?lit$336419335$--><div class="hstack icons-row"> <!--?lit$336419335$--><!----><div class="box rounded-circle d-inline-flex align-middle bg-body attributed border "> <!--?lit$336419335$--><div data-tooltip-position="right" data-tooltip-text="CAPE Sandbox"> <!--?lit$336419335$--><!--?lit$336419335$--><svg width="1em" height="1em" viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg">
<path d="M6.18844 18.4529C6.18844 18.4529 4.13057 16.586 3.59932 12.5028C3.06807 8.41949 4.75523 5.8289 6.88217 3.82163C9.00912 1.81437 12.1772 1.27818 14.3732 3.16859C16.5692 5.05899 18.3264 8.44208 15.9913 10.7528C15.9913 10.7528 12.7084 7.08884 7.99138 10.6359C4.75426 13.366 6.18844 18.4529 6.18844 18.4529Z" fill="#FF001D"></path>
<path d="M13.009 22C13.009 22 8.61594 21.2998 7.38317 17.0997C6.1504 12.8995 8.06134 10.9237 10.6203 10.2078C10.6203 10.2078 9.69595 12.4173 11.6526 12.9771C13.6093 13.5369 15.7985 13.1018 17.3553 10.69C17.3553 10.6585 18.049 9.7099 17.7562 6.73828C17.7562 6.73828 18.7116 8.60511 20.5 9.44475C20.5 9.44475 19.3752 10.6271 20.4533 12.93C20.4533 12.93 18.6503 13.4593 18.7574 15.8859C18.7574 15.8859 16.6304 15.8083 16.1527 18.4843C16.1527 18.4843 12.4699 18.6709 13.009 22Z" fill="#222222"></path>
</svg>
<!--?--> </div> </div><!----><!----><div class="box rounded-circle d-inline-flex align-middle bg-body attributed border icon-margin "> <!--?lit$336419335$--><div data-tooltip-position="right" data-tooltip-text="Zenbox"> <!--?lit$336419335$--><!--?lit$336419335$--><svg width="1em" height="1em" viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg">
<path fill-rule="evenodd" clip-rule="evenodd" d="M11.8125 3.625V9.25L8.4375 10.8125L3.625 7.375L11.8125 3.625ZM15.8703 10.7525L12 12.8125L9.4375 10.75L12.4375 9.125L12.625 9.21364V3.625L20.8125 7.375L16 10.8125L15.8703 10.7525Z" fill="#86AAF9"></path>
<path fill-rule="evenodd" clip-rule="evenodd" d="M2.9375 8.125V16L11.875 20.9375V13L2.9375 8.125ZM21.6875 8.4375V16.3125L12.75 21.25V13.3125L21.6875 8.4375Z" fill="#CFDDFC"></path>
<path d="M21.7247 6.85182L12.9174 2.13603C12.6422 1.95466 12.367 1.95466 12.0917 2.13603L2.55046 6.85182C2.27522 7.0332 2.09174 7.30526 2 7.66801V15.9206C2 16.2834 2.18349 16.5555 2.45871 16.7368L11.5413 21.906C11.6821 21.9794 11.8414 22.0108 12 21.9967H12.2752C12.367 21.9967 12.4587 21.906 12.4587 21.906L21.5413 16.8275C21.8164 16.6461 22 16.374 22 16.0114V7.84939C22 7.3125 21.9778 7.01857 21.7247 6.85182ZM12.367 11.9304L10.8073 11.0235L12.4587 10.1166L14.0183 10.9328L12.367 11.9304ZM15.8531 9.84457L13.4679 8.57489V4.58462L19.3394 7.7587L15.8531 9.84457ZM11.633 4.31255V8.39352L8.97246 9.93524L4.93577 7.66801L11.633 4.31255ZM3.83485 9.20972L11.1743 13.2907V19.4575L3.83485 15.2858V9.20972ZM13.0092 19.4575V13.6535L20.3485 9.3004V15.3765L13.0092 19.4575Z" fill="#0B4DDA"></path>
</svg>
<!--?--> </div> </div><!----> </div><!--?--></template></vt-ui-sandbox-icon-row> <!--?lit$336419335$--> <!--?lit$336419335$-->answerbottom.net </div> </span> <span slot="content"> <!--?lit$336419335$--> <!--?lit$336419335$--> </span> </vt-ui-expandable-detail> <!----><!----> <vt-ui-expandable-detail hide-icon="" label="answerforever.net"><template shadowrootmode="open"><!----> <div id="labelWrapper"> <vt-ui-button icon="" class="icon" is-expandable-control="" hidden=""><template shadowrootmode="open"><!----> <!--?lit$336419335$--> <span id="wrapperLink" class=" wrapperLink--no-empty-start-space gtm_sandbox_dns_lookups " tabindex="0"> <!--?lit$336419335$--> <!--?lit$336419335$--> <span class="wrapper gtm_sandbox_dns_lookups"> <!--?lit$336419335$--><!--?lit$336419335$--><svg xmlns="http://www.w3.org/2000/svg" width="1em" height="1em" viewBox="0 0 24 24" fill="currentColor">
<path d="M11.35 12.636H5.703V11.34h5.649V5.69h1.298v5.65h5.649v1.297H12.65v5.65h-1.298v-5.65Z"></path>
</svg>
<!--?--> <span id="slot"><slot></slot></span> <!--?lit$336419335$--> </span> </span> <div class="spinner"> <div class="bounce1"></div> <div class="bounce2"></div> <div class="bounce3"></div> </div> </template></vt-ui-button> <div id="label"> <slot name="label-content"> <!--?lit$336419335$-->answerforever.net </slot> </div> </div> <div id="content" hidden=""> <slot name="content"></slot> </div> </template> <span slot="label-content"> <div class="hstack"> <vt-ui-sandbox-icon-row class="me-2"><template shadowrootmode="open"><!----> <!--?lit$336419335$--><div class="hstack icons-row"> <!--?lit$336419335$--><!----><div class="box rounded-circle d-inline-flex align-middle bg-body attributed border "> <!--?lit$336419335$--><div data-tooltip-position="right" data-tooltip-text="CAPE Sandbox"> <!--?lit$336419335$--><!--?lit$336419335$--><svg width="1em" height="1em" viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg">
<path d="M6.18844 18.4529C6.18844 18.4529 4.13057 16.586 3.59932 12.5028C3.06807 8.41949 4.75523 5.8289 6.88217 3.82163C9.00912 1.81437 12.1772 1.27818 14.3732 3.16859C16.5692 5.05899 18.3264 8.44208 15.9913 10.7528C15.9913 10.7528 12.7084 7.08884 7.99138 10.6359C4.75426 13.366 6.18844 18.4529 6.18844 18.4529Z" fill="#FF001D"></path>
<path d="M13.009 22C13.009 22 8.61594 21.2998 7.38317 17.0997C6.1504 12.8995 8.06134 10.9237 10.6203 10.2078C10.6203 10.2078 9.69595 12.4173 11.6526 12.9771C13.6093 13.5369 15.7985 13.1018 17.3553 10.69C17.3553 10.6585 18.049 9.7099 17.7562 6.73828C17.7562 6.73828 18.7116 8.60511 20.5 9.44475C20.5 9.44475 19.3752 10.6271 20.4533 12.93C20.4533 12.93 18.6503 13.4593 18.7574 15.8859C18.7574 15.8859 16.6304 15.8083 16.1527 18.4843C16.1527 18.4843 12.4699 18.6709 13.009 22Z" fill="#222222"></path>
</svg>
<!--?--> </div> </div><!----><!----><div class="box rounded-circle d-inline-flex align-middle bg-body attributed border icon-margin "> <!--?lit$336419335$--><div data-tooltip-position="right" data-tooltip-text="Zenbox"> <!--?lit$336419335$--><!--?lit$336419335$--><svg width="1em" height="1em" viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg">
<path fill-rule="evenodd" clip-rule="evenodd" d="M11.8125 3.625V9.25L8.4375 10.8125L3.625 7.375L11.8125 3.625ZM15.8703 10.7525L12 12.8125L9.4375 10.75L12.4375 9.125L12.625 9.21364V3.625L20.8125 7.375L16 10.8125L15.8703 10.7525Z" fill="#86AAF9"></path>
<path fill-rule="evenodd" clip-rule="evenodd" d="M2.9375 8.125V16L11.875 20.9375V13L2.9375 8.125ZM21.6875 8.4375V16.3125L12.75 21.25V13.3125L21.6875 8.4375Z" fill="#CFDDFC"></path>
<path d="M21.7247 6.85182L12.9174 2.13603C12.6422 1.95466 12.367 1.95466 12.0917 2.13603L2.55046 6.85182C2.27522 7.0332 2.09174 7.30526 2 7.66801V15.9206C2 16.2834 2.18349 16.5555 2.45871 16.7368L11.5413 21.906C11.6821 21.9794 11.8414 22.0108 12 21.9967H12.2752C12.367 21.9967 12.4587 21.906 12.4587 21.906L21.5413 16.8275C21.8164 16.6461 22 16.374 22 16.0114V7.84939C22 7.3125 21.9778 7.01857 21.7247 6.85182ZM12.367 11.9304L10.8073 11.0235L12.4587 10.1166L14.0183 10.9328L12.367 11.9304ZM15.8531 9.84457L13.4679 8.57489V4.58462L19.3394 7.7587L15.8531 9.84457ZM11.633 4.31255V8.39352L8.97246 9.93524L4.93577 7.66801L11.633 4.31255ZM3.83485 9.20972L11.1743 13.2907V19.4575L3.83485 15.2858V9.20972ZM13.0092 19.4575V13.6535L20.3485 9.3004V15.3765L13.0092 19.4575Z" fill="#0B4DDA"></path>
</svg>
<!--?--> </div> </div><!----> </div><!--?--></template></vt-ui-sandbox-icon-row> <!--?lit$336419335$--> <!--?lit$336419335$-->answerforever.net </div> </span> <span slot="content"> <!--?lit$336419335$--> <!--?lit$336419335$--> </span> </vt-ui-expandable-detail> <!----><!----> <vt-ui-expandable-detail label="chairclose.net"><template shadowrootmode="open"><!----> <div id="labelWrapper"> <vt-ui-button icon="" class="icon" is-expandable-control=""><template shadowrootmode="open"><!----> <!--?lit$336419335$--> <span id="wrapperLink" class=" wrapperLink--no-empty-start-space gtm_sandbox_dns_lookups " tabindex="0"> <!--?lit$336419335$--> <!--?lit$336419335$--> <span class="wrapper gtm_sandbox_dns_lookups"> <!--?lit$336419335$--><!--?lit$336419335$--><svg xmlns="http://www.w3.org/2000/svg" width="1em" height="1em" viewBox="0 0 24 24" fill="currentColor">
<path d="M11.35 12.636H5.703V11.34h5.649V5.69h1.298v5.65h5.649v1.297H12.65v5.65h-1.298v-5.65Z"></path>
</svg>
<!--?--> <span id="slot"><slot></slot></span> <!--?lit$336419335$--> </span> </span> <div class="spinner"> <div class="bounce1"></div> <div class="bounce2"></div> <div class="bounce3"></div> </div> </template></vt-ui-button> <div id="label"> <slot name="label-content"> <!--?lit$336419335$-->chairclose.net </slot> </div> </div> <div id="content" hidden=""> <slot name="content"></slot> </div> </template> <span slot="label-content"> <div class="hstack"> <vt-ui-sandbox-icon-row class="me-2"><template shadowrootmode="open"><!----> <!--?lit$336419335$--><div class="hstack icons-row"> <!--?lit$336419335$--><!----><div class="box rounded-circle d-inline-flex align-middle bg-body attributed border "> <!--?lit$336419335$--><div data-tooltip-position="right" data-tooltip-text="CAPE Sandbox"> <!--?lit$336419335$--><!--?lit$336419335$--><svg width="1em" height="1em" viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg">
<path d="M6.18844 18.4529C6.18844 18.4529 4.13057 16.586 3.59932 12.5028C3.06807 8.41949 4.75523 5.8289 6.88217 3.82163C9.00912 1.81437 12.1772 1.27818 14.3732 3.16859C16.5692 5.05899 18.3264 8.44208 15.9913 10.7528C15.9913 10.7528 12.7084 7.08884 7.99138 10.6359C4.75426 13.366 6.18844 18.4529 6.18844 18.4529Z" fill="#FF001D"></path>
<path d="M13.009 22C13.009 22 8.61594 21.2998 7.38317 17.0997C6.1504 12.8995 8.06134 10.9237 10.6203 10.2078C10.6203 10.2078 9.69595 12.4173 11.6526 12.9771C13.6093 13.5369 15.7985 13.1018 17.3553 10.69C17.3553 10.6585 18.049 9.7099 17.7562 6.73828C17.7562 6.73828 18.7116 8.60511 20.5 9.44475C20.5 9.44475 19.3752 10.6271 20.4533 12.93C20.4533 12.93 18.6503 13.4593 18.7574 15.8859C18.7574 15.8859 16.6304 15.8083 16.1527 18.4843C16.1527 18.4843 12.4699 18.6709 13.009 22Z" fill="#222222"></path>
</svg>
<!--?--> </div> </div><!----><!----><div class="box rounded-circle d-inline-flex align-middle bg-body attributed border icon-margin "> <!--?lit$336419335$--><div data-tooltip-position="right" data-tooltip-text="Zenbox"> <!--?lit$336419335$--><!--?lit$336419335$--><svg width="1em" height="1em" viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg">
<path fill-rule="evenodd" clip-rule="evenodd" d="M11.8125 3.625V9.25L8.4375 10.8125L3.625 7.375L11.8125 3.625ZM15.8703 10.7525L12 12.8125L9.4375 10.75L12.4375 9.125L12.625 9.21364V3.625L20.8125 7.375L16 10.8125L15.8703 10.7525Z" fill="#86AAF9"></path>
<path fill-rule="evenodd" clip-rule="evenodd" d="M2.9375 8.125V16L11.875 20.9375V13L2.9375 8.125ZM21.6875 8.4375V16.3125L12.75 21.25V13.3125L21.6875 8.4375Z" fill="#CFDDFC"></path>
<path d="M21.7247 6.85182L12.9174 2.13603C12.6422 1.95466 12.367 1.95466 12.0917 2.13603L2.55046 6.85182C2.27522 7.0332 2.09174 7.30526 2 7.66801V15.9206C2 16.2834 2.18349 16.5555 2.45871 16.7368L11.5413 21.906C11.6821 21.9794 11.8414 22.0108 12 21.9967H12.2752C12.367 21.9967 12.4587 21.906 12.4587 21.906L21.5413 16.8275C21.8164 16.6461 22 16.374 22 16.0114V7.84939C22 7.3125 21.9778 7.01857 21.7247 6.85182ZM12.367 11.9304L10.8073 11.0235L12.4587 10.1166L14.0183 10.9328L12.367 11.9304ZM15.8531 9.84457L13.4679 8.57489V4.58462L19.3394 7.7587L15.8531 9.84457ZM11.633 4.31255V8.39352L8.97246 9.93524L4.93577 7.66801L11.633 4.31255ZM3.83485 9.20972L11.1743 13.2907V19.4575L3.83485 15.2858V9.20972ZM13.0092 19.4575V13.6535L20.3485 9.3004V15.3765L13.0092 19.4575Z" fill="#0B4DDA"></path>
</svg>
<!--?--> </div> </div><!----> </div><!--?--></template></vt-ui-sandbox-icon-row> <!--?lit$336419335$--> <!--?lit$336419335$-->chairclose.net </div> </span> <span slot="content"> <!--?lit$336419335$--><span class="fw-bold">Resolved Ips</span> <div class="container my-1"> <!--?lit$336419335$--><!----> <div class="row"> <!--?lit$336419335$--><span><!--?lit$336419335$-->13.214.182.154</span> </div> <!----> </div> <!--?lit$336419335$--> </span> </vt-ui-expandable-detail> <!----> <vt-ui-expand-button initial-count="5"><template shadowrootmode="open"><!----> <!--?lit$336419335$--> <svg xmlns="http://www.w3.org/2000/svg" fill="currentColor"> <g> <path stroke-miterlimit="10" d="M18.9,3.5"></path> <path d="M12,14.9L12,14.9c-0.1,0-0.3-0.1-0.4-0.1L7.9,11c-0.2-0.2-0.2-0.5,0-0.7s0.5-0.2,0.7,0l3.4,3.4l3.4-3.4 c0.2-0.2,0.5-0.2,0.7,0s0.2,0.5,0,0.7l-3.7,3.7C12.3,14.8,12.1,14.9,12,14.9z"></path> </g> </svg> </template> </vt-ui-expand-button> </span> </vt-ui-expandable-entry> <!--?lit$336419335$--> <vt-ui-expandable-entry d
<path d="M6.18844 18.4529C6.18844 18.4529 4.13057 16.586 3.59932 12.5028C3.06807 8.41949 4.75523 5.8289 6.88217 3.82163C9.00912 1.81437 12.1772 1.27818 14.3732 3.16859C16.5692 5.05899 18.3264 8.44208 15.9913 10.7528C15.9913 10.7528 12.7084 7.08884 7.99138 10.6359C4.75426 13.366 6.18844 18.4529 6.18844 18.4529Z" fill="#FF001D"></path>
<path d="M13.009 22C13.009 22 8.61594 21.2998 7.38317 17.0997C6.1504 12.8995 8.06134 10.9237 10.6203 10.2078C10.6203 10.2078 9.69595 12.4173 11.6526 12.9771C13.6093 13.5369 15.7985 13.1018 17.3553 10.69C17.3553 10.6585 18.049 9.7099 17.7562 6.73828C17.7562 6.73828 18.7116 8.60511 20.5 9.44475C20.5 9.44475 19.3752 10.6271 20.4533 12.93C20.4533 12.93 18.6503 13.4593 18.7574 15.8859C18.7574 15.8859 16.6304 15.8083 16.1527 18.4843C16.1527 18.4843 12.4699 18.6709 13.009 22Z" fill="#222222"></path>
</svg>
<!--?--> </div> </div><!----><!----><div class="box rounded-circle d-inline-flex align-middle bg-body attributed border icon-margin "> <!--?lit$336419335$--><div data-tooltip-position="right" data-tooltip-text="Zenbox"> <!--?lit$336419335$--><!--?lit$336419335$--><svg width="1em" height="1em" viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg">
<path fill-rule="evenodd" clip-rule="evenodd" d="M11.8125 3.625V9.25L8.4375 10.8125L3.625 7.375L11.8125 3.625ZM15.8703 10.7525L12 12.8125L9.4375 10.75L12.4375 9.125L12.625 9.21364V3.625L20.8125 7.375L16 10.8125L15.8703 10.7525Z" fill="#86AAF9"></path>
<path fill-rule="evenodd" clip-rule="evenodd" d="M2.9375 8.125V16L11.875 20.9375V13L2.9375 8.125ZM21.6875 8.4375V16.3125L12.75 21.25V13.3125L21.6875 8.4375Z" fill="#CFDDFC"></path>
<path d="M21.7247 6.85182L12.9174 2.13603C12.6422 1.95466 12.367 1.95466 12.0917 2.13603L2.55046 6.85182C2.27522 7.0332 2.09174 7.30526 2 7.66801V15.9206C2 16.2834 2.18349 16.5555 2.45871 16.7368L11.5413 21.906C11.6821 21.9794 11.8414 22.0108 12 21.9967H12.2752C12.367 21.9967 12.4587 21.906 12.4587 21.906L21.5413 16.8275C21.8164 16.6461 22 16.374 22 16.0114V7.84939C22 7.3125 21.9778 7.01857 21.7247 6.85182ZM12.367 11.9304L10.8073 11.0235L12.4587 10.1166L14.0183 10.9328L12.367 11.9304ZM15.8531 9.84457L13.4679 8.57489V4.58462L19.3394 7.7587L15.8531 9.84457ZM11.633 4.31255V8.39352L8.97246 9.93524L4.93577 7.66801L11.633 4.31255ZM3.83485 9.20972L11.1743 13.2907V19.4575L3.83485 15.2858V9.20972ZM13.0092 19.4575V13.6535L20.3485 9.3004V15.3765L13.0092 19.4575Z" fill="#0B4DDA"></path>
</svg>
<!--?--> </div> </div><!----> </div><!--?--></template></vt-ui-sandbox-icon-row> <div class="icon " id="item-0" hidden=""> <!--?lit$336419335$--> </div> <!--?lit$336419335$--><span><!--?lit$336419335$-->TCP 13.214.182.154:80 (chairclose.net)</span> </li> <!----><!----> <li class="hstack"> <vt-ui-sandbox-icon-row class="me-2"><template shadowrootmode="open"><!----> <!--?lit$336419335$--><div class="hstack icons-row"> <!--?lit$336419335$--><!----><div class="box rounded-circle d-inline-flex align-middle bg-body attributed border "> <!--?lit$336419335$--><div data-tooltip-position="right" data-tooltip-text="CAPE Sandbox"> <!--?lit$336419335$--><!--?lit$336419335$--><svg width="1em" height="1em" viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg">
<path d="M6.18844 18.4529C6.18844 18.4529 4.13057 16.586 3.59932 12.5028C3.06807 8.41949 4.75523 5.8289 6.88217 3.82163C9.00912 1.81437 12.1772 1.27818 14.3732 3.16859C16.5692 5.05899 18.3264 8.44208 15.9913 10.7528C15.9913 10.7528 12.7084 7.08884 7.99138 10.6359C4.75426 13.366 6.18844 18.4529 6.18844 18.4529Z" fill="#FF001D"></path>
<path d="M13.009 22C13.009 22 8.61594 21.2998 7.38317 17.0997C6.1504 12.8995 8.06134 10.9237 10.6203 10.2078C10.6203 10.2078 9.69595 12.4173 11.6526 12.9771C13.6093 13.5369 15.7985 13.1018 17.3553 10.69C17.3553 10.6585 18.049 9.7099 17.7562 6.73828C17.7562 6.73828 18.7116 8.60511 20.5 9.44475C20.5 9.44475 19.3752 10.6271 20.4533 12.93C20.4533 12.93 18.6503 13.4593 18.7574 15.8859C18.7574 15.8859 16.6304 15.8083 16.1527 18.4843C16.1527 18.4843 12.4699 18.6709 13.009 22Z" fill="#222222"></path>
</svg>
<!--?--> </div> </div><!----><!----><div class="box rounded-circle d-inline-flex align-middle bg-body attributed border icon-margin "> <!--?lit$336419335$--><div data-tooltip-position="right" data-tooltip-text="VirusTotal Jujubox"> <!--?lit$336419335$--><!--?lit$336419335$--><svg width="1em" height="1em" viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg">
<path fill-rule="evenodd" clip-rule="evenodd" d="M2.20001 7.7786V16.9904V17.0161L11.999 21.6219V12.2919L2.20001 7.6861V7.7786Z" fill="#EFD8CB"></path>
<path fill-rule="evenodd" clip-rule="evenodd" d="M2.38342 8.0387C2.38342 8.0387 9.02517 11.3267 10.4226 13.3924C11.8201 15.458 11.3187 21.3844 11.3187 21.3844L12.0351 21.6908L12.2567 12.4716L2.38342 8.0387Z" fill="#AB9B9B" fill-opacity="0.63"></path>
<path fill-rule="evenodd" clip-rule="evenodd" d="M5.21887 9.26135C5.21887 9.26135 4.89926 10.1313 5.0143 10.4881C5.12953 10.8448 5.48024 11.0283 5.48024 11.0283C5.48024 11.0283 5.29239 10.6439 5.69829 10.2843C5.91472 10.0927 6.01304 10.1425 6.01304 10.1425C6.01304 10.1425 5.89944 10.427 5.87697 10.6909C5.8412 11.1119 6.26561 11.4886 6.26561 11.4886C6.26561 11.4886 6.19352 10.8976 6.88596 10.6671C7.29329 10.5315 7.03336 10.9713 7.03336 10.9713C7.03336 10.9713 7.57461 10.6297 7.17807 11.1934C6.81747 11.706 7.65245 12.0263 7.65245 12.0263C7.65245 12.0263 7.45597 11.5911 7.91005 11.3959C8.75527 11.0327 9.34291 11.2618 9.34291 11.2618L5.21887 9.26135Z" fill="#444444"></path>
<path fill-rule="evenodd" clip-rule="evenodd" d="M5.83875 17.7814C5.83875 17.7814 6.2954 18.5724 5.30194 18.5733L6.66256 19.2172C6.66256 19.2172 6.12701 18.2939 6.52759 18.0519L5.83875 17.7814Z" fill="#444444"></path>
<path fill-rule="evenodd" clip-rule="evenodd" d="M4.22961 13C4.22961 13 3.90982 13.87 4.02504 14.2267C4.14027 14.5834 4.4908 14.7669 4.4908 14.7669C4.4908 14.7669 4.30313 14.3825 4.70903 14.0229C4.92546 13.8314 5.02379 13.8811 5.02379 13.8811C5.02379 13.8811 4.91018 14.1657 4.88771 14.4296C4.85194 14.8506 5.27635 15.2272 5.27635 15.2272C5.27635 15.2272 5.20426 14.6362 5.8967 14.4057C6.30403 14.2702 6.04392 14.71 6.04392 14.71C6.04392 14.71 6.58536 14.3684 6.18881 14.9321C5.82821 15.4446 6.66301 15.7649 6.66301 15.7649C6.66301 15.7649 6.46671 15.3297 6.92079 15.1346C7.76601 14.7714 8.35347 15.0005 8.35347 15.0005L4.22961 13Z" fill="#6D6D6D"></path>
<path fill-rule="evenodd" clip-rule="evenodd" d="M12.0351 12.4407L2.25061 7.81036L12.0351 3.18018L21.8196 7.81036L12.0351 12.4407Z" fill="#EDC7AE"></path>
<path fill-rule="evenodd" clip-rule="evenodd" d="M3.65948 7.14372C3.65948 7.14372 5.00265 7.05988 5.54282 7.54945C5.8308 7.81049 5.08498 9.0117 5.08498 9.0117C5.75602 9.44885 9.07312 10.9879 9.07312 10.9879C9.07312 10.9879 14.4087 8.39593 15.7255 9.35622C16.5173 9.93358 16.0756 10.5508 16.0756 10.5508L21.8197 7.81049L12.0681 3.2663L3.65948 7.14372Z" fill="#444444"></path>
<path fill-rule="evenodd" clip-rule="evenodd" d="M12.0352 21.6908L21.8196 17.319V8.00494L12.0352 12.3385V21.6908Z" fill="#BA9988"></path>
<path fill-rule="evenodd" clip-rule="evenodd" d="M21.7445 17.1639V7.90332L16.0756 10.5508C16.0756 10.5508 18.1254 13.1166 17.8775 14.6078C17.623 16.14 17.5225 16.9141 17.5225 16.9141L21.7445 17.1639Z" fill="#262626"></path>
<path fill-rule="evenodd" clip-rule="evenodd" d="M16.2933 13.8627L16.9243 13.2175C16.9243 13.2175 17.8586 13.1534 17.8759 14.2022C17.8932 15.2508 17.7409 16.7185 17.6658 16.8114C17.5907 16.9044 16.8341 17.1831 16.4736 17.061" fill="#EFD8CB"></path>
<path fill-rule="evenodd" clip-rule="evenodd" d="M12.0352 12.3385L21.8196 8.00488V17.3191C21.8196 17.3191 22.7975 12.7591 19.3003 11.8466C15.8027 10.934 12.0352 12.3385 12.0352 12.3385Z" fill="#6D6D6D"></path>
<path fill-rule="evenodd" clip-rule="evenodd" d="M12.0352 3.18018L21.8196 7.81054L13.6068 11.6969C13.6068 11.6969 19.6129 9.16741 17.877 7.39673C15.2207 4.68766 12.0352 3.18018 12.0352 3.18018Z" fill="#6D6D6D"></path>
<path fill-rule="evenodd" clip-rule="evenodd" d="M17.125 12.9297C17.125 12.9297 19.831 13.3546 20.1918 14.8479C20.5524 16.3412 20.6651 17.0611 20.6651 17.0611L17.7182 16.8213C17.7182 16.8213 17.9725 14.8992 17.8763 14.2021C17.7802 13.5049 17.125 12.9297 17.125 12.9297Z" fill="#6D6D6D"></path>
<path fill-rule="evenodd" clip-rule="evenodd" d="M10.8194 15.4863C10.8194 16.4271 10.3743 16.6558 9.43241 16.6558C8.49029 16.6558 7.52283 15.8055 7.52283 14.8648C7.52283 13.9239 8.24726 13.4879 9.18938 13.4879C10.1313 13.4879 10.8194 14.5454 10.8194 15.4863Z" fill="#F4F4F4"></path>
<path fill-rule="evenodd" clip-rule="evenodd" d="M6.53501 13.607C6.53501 14.5479 6.08993 14.7765 5.14799 14.7765C4.20587 14.7765 3.2384 13.9262 3.2384 12.9855C3.2384 12.0446 3.96283 11.6085 4.90495 11.6085C5.84689 11.6085 6.53501 12.6663 6.53501 13.607Z" fill="#F4F4F4"></path>
<path fill-rule="evenodd" clip-rule="evenodd" d="M5.72381 18.634L6.16627 18.8437C6.08612 18.613 6.03184 18.3414 6.11074 18.1323L5.9932 18.0858C6.00327 18.1994 5.98925 18.3231 5.92329 18.4375C5.87639 18.5183 5.80989 18.5841 5.72381 18.634ZM6.5345 19.3972C6.50844 19.3972 6.4822 19.3917 6.45758 19.38L5.09679 18.736C5.02041 18.6999 4.97944 18.6161 4.99795 18.5339C5.01646 18.4515 5.08942 18.3931 5.17353 18.3931C5.40536 18.3928 5.56063 18.3446 5.61113 18.2574C5.68014 18.1378 5.58399 17.9226 5.5547 17.8716C5.51642 17.805 5.52415 17.722 5.57411 17.6641C5.62425 17.6063 5.70548 17.587 5.77683 17.6138L6.46567 17.8842C6.52929 17.9095 6.57332 17.9685 6.57925 18.0368C6.585 18.1052 6.55157 18.1705 6.49299 18.2061C6.33304 18.3028 6.50844 18.812 6.69049 19.1272C6.73003 19.1954 6.72051 19.2812 6.66731 19.3392C6.63209 19.3773 6.58374 19.3972 6.5345 19.3972Z" fill="#35302C"></path>
<path fill-rule="evenodd" clip-rule="evenodd" d="M3.84828 12.7521C3.81234 12.7521 3.77819 12.7304 3.76435 12.695C3.7462 12.6485 3.76902 12.5963 3.81539 12.5781L4.74649 12.2137C4.79304 12.1954 4.84515 12.2184 4.8633 12.2649C4.88146 12.3112 4.85863 12.3634 4.81227 12.3816L3.88117 12.7458C3.87038 12.7501 3.85924 12.7521 3.84828 12.7521Z" fill="#35302C"></path>
<path fill-rule="evenodd" clip-rule="evenodd" d="M4.29011 13.1934C4.25417 13.1934 4.22003 13.1715 4.20619 13.1361C4.18804 13.09 4.21086 13.0375 4.25705 13.0196L4.7421 12.8295C4.78864 12.8113 4.84094 12.8341 4.85909 12.8805C4.87724 12.9268 4.85424 12.979 4.80805 12.9971L4.323 13.1871C4.31204 13.1912 4.30108 13.1934 4.29011 13.1934Z" fill="#35302C"></path>
<path fill-rule="evenodd" clip-rule="evenodd" d="M8.0226 14.6279C7.98665 14.6279 7.95251 14.606 7.93867 14.5706C7.92052 14.5245 7.94334 14.4721 7.98971 14.4541L8.92081 14.0897C8.96771 14.0719 9.01965 14.0944 9.03762 14.1409C9.05577 14.1868 9.03295 14.2392 8.98658 14.2572L8.05548 14.6216C8.0447 14.6258 8.03356 14.6279 8.0226 14.6279Z" fill="#35302C"></path>
<path fill-rule="evenodd" clip-rule="evenodd" d="M8.46435 15.0691C8.42822 15.0691 8.39426 15.0472 8.38042 15.0118C8.36227 14.9657 8.38527 14.9133 8.43146 14.8953L8.91651 14.7057C8.96341 14.6874 9.01499 14.7102 9.03332 14.7567C9.05147 14.8029 9.02865 14.8553 8.98228 14.8732L8.49741 15.0626C8.48645 15.0669 8.47531 15.0691 8.46435 15.0691Z" fill="#35302C"></path>
<path fill-rule="evenodd" clip-rule="evenodd" d="M2.67167 7.81052L12.035 12.2414L21.3986 7.81052L12.035 3.37943L2.67167 7.81052ZM2.43082 8.09491L11.8549 12.5546L11.8548 12.5595V15.7572L11.8408 15.7638L10.9997 15.4726C10.9933 14.4456 10.2516 13.3077 9.18938 13.3077C8.50487 13.3077 7.97614 13.523 7.66314 13.9034L6.71212 13.4879C6.65789 12.4902 5.93099 11.4285 4.90502 11.4285C4.20441 11.4285 3.66707 11.6541 3.35718 12.0513L2.49999 11.5C2.47791 11.4876 2.4544 11.4803 2.43082 11.4778V8.09491ZM6.7017 13.8762L7.47231 14.213C7.38725 14.4048 7.34253 14.6232 7.34253 14.8647C7.34253 15.878 8.35817 16.8357 9.43241 16.8357C10.2626 16.8357 10.8481 16.6568 10.9743 15.845L11.7925 16.1281C11.8115 16.1347 11.8315 16.138 11.8514 16.138L11.8548 16.1379V21.5352L2.43082 17.0758V11.8833L3.17577 12.3625C3.09874 12.5473 3.05835 12.756 3.05835 12.9855C3.05835 13.9988 4.07381 14.9565 5.14805 14.9565C6.00792 14.9565 6.60539 14.7647 6.7017 13.8762ZM6.35477 13.6127C6.35464 13.6088 6.35464 13.605 6.35477 13.6011C6.35199 12.7442 5.73293 11.
</svg>
<!--?--> </div> </div><!----><!----><div class="box rounded-circle d-inline-flex align-middle bg-body attributed border icon-margin "> <!--?lit$336419335$--><div data-tooltip-position="right" data-tooltip-text="Zenbox"> <!--?lit$336419335$--><!--?lit$336419335$--><svg width="1em" height="1em" viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg">
<path fill-rule="evenodd" clip-rule="evenodd" d="M11.8125 3.625V9.25L8.4375 10.8125L3.625 7.375L11.8125 3.625ZM15.8703 10.7525L12 12.8125L9.4375 10.75L12.4375 9.125L12.625 9.21364V3.625L20.8125 7.375L16 10.8125L15.8703 10.7525Z" fill="#86AAF9"></path>
<path fill-rule="evenodd" clip-rule="evenodd" d="M2.9375 8.125V16L11.875 20.9375V13L2.9375 8.125ZM21.6875 8.4375V16.3125L12.75 21.25V13.3125L21.6875 8.4375Z" fill="#CFDDFC"></path>
<path d="M21.7247 6.85182L12.9174 2.13603C12.6422 1.95466 12.367 1.95466 12.0917 2.13603L2.55046 6.85182C2.27522 7.0332 2.09174 7.30526 2 7.66801V15.9206C2 16.2834 2.18349 16.5555 2.45871 16.7368L11.5413 21.906C11.6821 21.9794 11.8414 22.0108 12 21.9967H12.2752C12.367 21.9967 12.4587 21.906 12.4587 21.906L21.5413 16.8275C21.8164 16.6461 22 16.374 22 16.0114V7.84939C22 7.3125 21.9778 7.01857 21.7247 6.85182ZM12.367 11.9304L10.8073 11.0235L12.4587 10.1166L14.0183 10.9328L12.367 11.9304ZM15.8531 9.84457L13.4679 8.57489V4.58462L19.3394 7.7587L15.8531 9.84457ZM11.633 4.31255V8.39352L8.97246 9.93524L4.93577 7.66801L11.633 4.31255ZM3.83485 9.20972L11.1743 13.2907V19.4575L3.83485 15.2858V9.20972ZM13.0092 19.4575V13.6535L20.3485 9.3004V15.3765L13.0092 19.4575Z" fill="#0B4DDA"></path>
</svg>
<!--?--> </div> </div><!----> </div><!--?--></template></vt-ui-sandbox-icon-row> <div class="icon " id="item-1" hidden=""> <!--?lit$336419335$--> </div> <!--?lit$336419335$--><span><!--?lit$336419335$-->TCP 75.2.18.233:80 (littlethird.net)</span> </li> <!----><!----> <li class="hstack"> <vt-ui-sandbox-icon-row class="me-2"><template shadowrootmode="open"><!----> <!--?lit$336419335$--><div class="hstack icons-row"> <!--?lit$336419335$--><!----><div class="box rounded-circle d-inline-flex align-middle bg-body attributed border "> <!--?lit$336419335$--><div data-tooltip-position="right" data-tooltip-text="CAPE Sandbox"> <!--?lit$336419335$--><!--?lit$336419335$--><svg width="1em" height="1em" viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg">
<path d="M6.18844 18.4529C6.18844 18.4529 4.13057 16.586 3.59932 12.5028C3.06807 8.41949 4.75523 5.8289 6.88217 3.82163C9.00912 1.81437 12.1772 1.27818 14.3732 3.16859C16.5692 5.05899 18.3264 8.44208 15.9913 10.7528C15.9913 10.7528 12.7084 7.08884 7.99138 10.6359C4.75426 13.366 6.18844 18.4529 6.18844 18.4529Z" fill="#FF001D"></path>
<path d="M13.009 22C13.009 22 8.61594 21.2998 7.38317 17.0997C6.1504 12.8995 8.06134 10.9237 10.6203 10.2078C10.6203 10.2078 9.69595 12.4173 11.6526 12.9771C13.6093 13.5369 15.7985 13.1018 17.3553 10.69C17.3553 10.6585 18.049 9.7099 17.7562 6.73828C17.7562 6.73828 18.7116 8.60511 20.5 9.44475C20.5 9.44475 19.3752 10.6271 20.4533 12.93C20.4533 12.93 18.6503 13.4593 18.7574 15.8859C18.7574 15.8859 16.6304 15.8083 16.1527 18.4843C16.1527 18.4843 12.4699 18.6709 13.009 22Z" fill="#222222"></path>
</svg>
<!--?--> </div> </div><!----><!----><div class="box rounded-circle d-inline-flex align-middle bg-body attributed border icon-margin "> <!--?lit$336419335$--><div data-tooltip-position="right" data-tooltip-text="Zenbox"> <!--?lit$336419335$--><!--?lit$336419335$--><svg width="1em" height="1em" viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg">
<path fill-rule="evenodd" clip-rule="evenodd" d="M11.8125 3.625V9.25L8.4375 10.8125L3.625 7.375L11.8125 3.625ZM15.8703 10.7525L12 12.8125L9.4375 10.75L12.4375 9.125L12.625 9.21364V3.625L20.8125 7.375L16 10.8125L15.8703 10.7525Z" fill="#86AAF9"></path>
<path fill-rule="evenodd" clip-rule="evenodd" d="M2.9375 8.125V16L11.875 20.9375V13L2.9375 8.125ZM21.6875 8.4375V16.3125L12.75 21.25V13.3125L21.6875 8.4375Z" fill="#CFDDFC"></path>
<path d="M21.7247 6.85182L12.9174 2.13603C12.6422 1.95466 12.367 1.95466 12.0917 2.13603L2.55046 6.85182C2.27522 7.0332 2.09174 7.30526 2 7.66801V15.9206C2 16.2834 2.18349 16.5555 2.45871 16.7368L11.5413 21.906C11.6821 21.9794 11.8414 22.0108 12 21.9967H12.2752C12.367 21.9967 12.4587 21.906 12.4587 21.906L21.5413 16.8275C21.8164 16.6461 22 16.374 22 16.0114V7.84939C22 7.3125 21.9778 7.01857 21.7247 6.85182ZM12.367 11.9304L10.8073 11.0235L12.4587 10.1166L14.0183 10.9328L12.367 11.9304ZM15.8531 9.84457L13.4679 8.57489V4.58462L19.3394 7.7587L15.8531 9.84457ZM11.633 4.31255V8.39352L8.97246 9.93524L4.93577 7.66801L11.633 4.31255ZM3.83485 9.20972L11.1743 13.2907V19.4575L3.83485 15.2858V9.20972ZM13.0092 19.4575V13.6535L20.3485 9.3004V15.3765L13.0092 19.4575Z" fill="#0B4DDA"></path>
</svg>
<!--?--> </div> </div><!----> </div><!--?--></template></vt-ui-sandbox-icon-row> <div class="icon " id="item-2" hidden=""> <!--?lit$336419335$--> </div> <!--?lit$336419335$--><span><!--?lit$336419335$-->TCP 85.214.228.140:80 (pleasantforever.net)</span> </li> <!----><!----> <li class="hstack"> <vt-ui-sandbox-icon-row class="me-2"><template shadowrootmode="open"><!----> <!--?lit$336419335$--><div class="hstack icons-row"> <!--?lit$336419335$--><!----><div class="box rounded-circle d-inline-flex align-middle bg-body attributed border "> <!--?lit$336419335$--><div data-tooltip-position="right" data-tooltip-text="VirusTotal Cuckoofork"> <!--?lit$336419335$--><!--?lit$336419335$--><svg width="1em" height="1em" viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg">
<path d="M17.1562 20.7656L6.1875 10.9844L5.71875 10.5312L11.0781 9.76562L15.2812 3.625L15.8594 4.45312L16.7344 4.82812L18.8281 11.2188L17.2344 13.625L17.1562 20.7656Z" fill="#CFDDFC"></path>
<path fill-rule="evenodd" clip-rule="evenodd" d="M15.625 2.14062L16.3906 4.09375L16.9363 3.32736L19.5882 11.2036L17.6256 14.3033L21 18.1061L20.1509 19.1647L17.8594 16.5V22L3.85938 10.2301L10.3521 8.99113L10.7344 9.34375L15.625 2.14062ZM15.5 4.5L11.5859 10.1094L12.3594 10.9531L16 5.5L15.5 4.5ZM11.7344 11.8125L10.1094 10.2301L6.71875 10.9531L10.3521 13.6562L11.7344 11.8125ZM16.7031 6.41157L11.1484 14.4922L14.1929 17.2212L18.3225 10.8363L16.7031 6.41157ZM15.2902 18.1061L16.8594 19.5V15.5L15.2902 18.1061Z" fill="#0B4DDA"></path>
</svg>
<!--?--> </div> </div><!----> </div><!--?--></template></vt-ui-sandbox-icon-row> <div class="icon " id="item-3" hidden=""> <!--?lit$336419335$--> </div> <!--?lit$336419335$--><span><!--?lit$336419335$-->TCP 195.22.28.199:80</span> </li> <!----><!----> <li class="hstack"> <vt-ui-sandbox-icon-row class="me-2"><template shadowrootmode="open"><!----> <!--?lit$336419335$--><div class="hstack icons-row"> <!--?lit$336419335$--><!----><div class="box rounded-circle d-inline-flex align-middle bg-body attributed border "> <!--?lit$336419335$--><div data-tooltip-position="right" data-tooltip-text="VirusTotal Cuckoofork"> <!--?lit$336419335$--><!--?lit$336419335$--><svg width="1em" height="1em" viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg">
<path d="M17.1562 20.7656L6.1875 10.9844L5.71875 10.5312L11.0781 9.76562L15.2812 3.625L15.8594 4.45312L16.7344 4.82812L18.8281 11.2188L17.2344 13.625L17.1562 20.7656Z" fill="#CFDDFC"></path>
<path fill-rule="evenodd" clip-rule="evenodd" d="M15.625 2.14062L16.3906 4.09375L16.9363 3.32736L19.5882 11.2036L17.6256 14.3033L21 18.1061L20.1509 19.1647L17.8594 16.5V22L3.85938 10.2301L10.3521 8.99113L10.7344 9.34375L15.625 2.14062ZM15.5 4.5L11.5859 10.1094L12.3594 10.9531L16 5.5L15.5 4.5ZM11.7344 11.8125L10.1094 10.2301L6.71875 10.9531L10.3521 13.6562L11.7344 11.8125ZM16.7031 6.41157L11.1484 14.4922L14.1929 17.2212L18.3225 10.8363L16.7031 6.41157ZM15.2902 18.1061L16.8594 19.5V15.5L15.2902 18.1061Z" fill="#0B4DDA"></path>
</svg>
<!--?--> </div> </div><!----> </div><!--?--></template></vt-ui-sandbox-icon-row> <div class="icon " id="item-4" hidden=""> <!--?lit$336419335$--> </div> <!--?lit$336419335$--><span><!--?lit$336419335$-->TCP 203.151.233.116:80 (morninghealth.net)</span> </li> <!----><!----> <li class="hstack"> <vt-ui-sandbox-icon-row class="me-2"><template shadowrootmode="open"><!----> <!--?lit$336419335$--><div class="hstack icons-row"> <!--?lit$336419335$--><!----><div class="box rounded-circle d-inline-flex align-middle bg-body attributed border "> <!--?lit$336419335$--><div data-tooltip-position="right" data-tooltip-text="VirusTotal Cuckoofork"> <!--?lit$336419335$--><!--?lit$336419335$--><svg width="1em" height="1em" viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg">
<path d="M17.1562 20.7656L6.1875 10.9844L5.71875 10.5312L11.0781 9.76562L15.2812 3.625L15.8594 4.45312L16.7344 4.82812L18.8281 11.2188L17.2344 13.625L17.1562 20.7656Z" fill="#CFDDFC"></path>
<path fill-rule="evenodd" clip-rule="evenodd" d="M15.625 2.14062L16.3906 4.09375L16.9363 3.32736L19.5882 11.2036L17.6256 14.3033L21 18.1061L20.1509 19.1647L17.8594 16.5V22L3.85938 10.2301L10.3521 8.99113L10.7344 9.34375L15.625 2.14062ZM15.5 4.5L11.5859 10.1094L12.3594 10.9531L16 5.5L15.5 4.5ZM11.7344 11.8125L10.1094 10.2301L6.71875 10.9531L10.3521 13.6562L11.7344 11.8125ZM16.7031 6.41157L11.1484 14.4922L14.1929 17.2212L18.3225 10.8363L16.7031 6.41157ZM15.2902 18.1061L16.8594 19.5V15.5L15.2902 18.1061Z" fill="#0B4DDA"></path>
</svg>
<!--?--> </div> </div><!----> </div><!--?--></template></vt-ui-sandbox-icon-row> <div class="icon " id="item-5" hidden=""> <!--?lit$336419335$--> </div> <!--?lit$336419335$--><span><!--?lit$336419335$-->TCP 208.100.26.234:80 (strangeseparate.net)</span> </li> <!----><!----> <li class="hstack"> <vt-ui-sandbox-icon-row class="me-2"><template shadowrootmode="open"><!----> <!--?lit$336419335$--><div class="hstack icons-row"> <!--?lit$336419335$--><!----><div class="box rounded-circle d-inline-flex align-middle bg-body attributed border "> <!--?lit$336419335$--><div data-tooltip-position="right" data-tooltip-text="VirusTotal Cuckoofork"> <!--?lit$336419335$--><!--?lit$336419335$--><svg width="1em" height="1em" viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg">
<path d="M17.1562 20.7656L6.1875 10.9844L5.71875 10.5312L11.0781 9.76562L15.2812 3.625L15.8594 4.45312L16.7344 4.82812L18.8281 11.2188L17.2344 13.625L17.1562 20.7656Z" fill="#CFDDFC"></path>
<path fill-rule="evenodd" clip-rule="evenodd" d="M15.625 2.14062L16.3906 4.09375L16.9363 3.32736L19.5882 11.2036L17.6256 14.3033L21 18.1061L20.1509 19.1647L17.8594 16.5V22L3.85938 10.2301L10.3521 8.99113L10.7344 9.34375L15.625 2.14062ZM15.5 4.5L11.5859 10.1094L12.3594 10.9531L16 5.5L15.5 4.5ZM11.7344 11.8125L10.1094 10.2301L6.71875 10.9531L10.3521 13.6562L11.7344 11.8125ZM16.7031 6.41157L11.1484 14.4922L14.1929 17.2212L18.3225 10.8363L16.7031 6.41157ZM15.2902 18.1061L16.8594 19.5V15.5L15.2902 18.1061Z" fill="#0B4DDA"></path>
</svg>
<!--?--> </div> </div><!----> </div><!--?--></template></vt-ui-sandbox-icon-row> <div class="icon " id="item-6" hidden=""> <!--?lit$336419335$--> </div> <!--?lit$336419335$--><span><!--?lit$336419335$-->TCP 8.5.1.16:80 (strangedistant.net)</span> </li> <!----><!----> <li class="hstack"> <vt-ui-sandbox-icon-row class="me-2"><template shadowrootmode="open"><!----> <!--?lit$336419335$--><div class="hstack icons-row"> <!--?lit$336419335$--><!----><div class="box rounded-circle d-inline-flex align-middle bg-body attributed border "> <!--?lit$336419335$--><div data-tooltip-position="right" data-tooltip-text="VirusTotal Cuckoofork"> <!--?lit$336419335$--><!--?lit$336419335$--><svg width="1em" height="1em" viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg">
<path d="M17.1562 20.7656L6.1875 10.9844L5.71875 10.5312L11.0781 9.76562L15.2812 3.625L15.8594 4.45312L16.7344 4.82812L18.8281 11.2188L17.2344 13.625L17.1562 20.7656Z" fill="#CFDDFC"></path>
<path fill-rule="evenodd" clip-rule="evenodd" d="M15.625 2.14062L16.3906 4.09375L16.9363 3.32736L19.5882 11.2036L17.6256 14.3033L21 18.1061L20.1509 19.1647L17.8594 16.5V22L3.85938 10.2301L10.3521 8.99113L10.7344 9.34375L15.625 2.14062ZM15.5 4.5L11.5859 10.1094L12.3594 10.9531L16 5.5L15.5 4.5ZM11.7344 11.8125L10.1094 10.2301L6.71875 10.9531L10.3521 13.6562L11.7344 11.8125ZM16.7031 6.41157L11.1484 14.4922L14.1929 17.2212L18.3225 10.8363L16.7031 6.41157ZM15.2902 18.1061L16.8594 19.5V15.5L15.2902 18.1061Z" fill="#0B4DDA"></path>
</svg>
<!--?--> </div> </div><!----> </div><!--?--></template></vt-ui-sandbox-icon-row> <div class="icon " id="item-7" hidden=""> <!--?lit$336419335$--> </div> <!--?lit$336419335$--><span><!--?lit$336419335$-->TCP 58.158.177.102:80 (classhealth.net)</span> </li> <!----><!----> <li class="hstack"> <vt-ui-sandbox-icon-row class="me-2"><template shadowrootmode="open"><!----> <!--?lit$336419335$--><div class="hstack icons-row"> <!--?lit$336419335$--><!----><div class="box rounded-circle d-inline-flex align-middle bg-body attributed border "> <!--?lit$336419335$--><div data-tooltip-position="right" data-tooltip-text="VirusTotal Cuckoofork"> <!--?lit$336419335$--><!--?lit$336419335$--><svg width="1em" height="1em" viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg">
<path d="M17.1562 20.7656L6.1875 10.9844L5.71875 10.5312L11.0781 9.76562L15.2812 3.625L15.8594 4.45312L16.7344 4.82812L18.8281 11.2188L17.2344 13.625L17.1562 20.7656Z" fill="#CFDDFC"></path>
<path fill-rule="evenodd" clip-rule="evenodd" d="M15.625 2.14062L16.3906 4.09375L16.9363 3.32736L19.5882 11.2036L17.6256 14.3033L21 18.1061L20.1509 19.1647L17.8594 16.5V22L3.85938 10.2301L10.3521 8.99113L10.7344 9.34375L15.625 2.14062ZM15.5 4.5L11.5859 10.1094L12.3594 10.9531L16 5.5L15.5 4.5ZM11.7344 11.8125L10.1094 10.2301L6.71875 10.9531L10.3521 13.6562L11.7344 11.8125ZM16.7031 6.41157L11.1484 14.4922L14.1929 17.2212L18.3225 10.8363L16.7031 6.41157ZM15.2902 18.1061L16.8594 19.5V15.5L15.2902 18.1061Z" fill="#0B4DDA"></path>
</svg>
<!--?--> </div> </div><!----> </div><!--?--></template></vt-ui-sandbox-icon-row> <div class="icon " id="item-8" hidden=""> <!--?lit$336419335$--> </div> <!--?lit$336419335$--><span><!--?lit$336419335$-->TCP 66.147.244.125:80 (thinkpublic.net)</span> </li> <!----><!----> <li class="hstack"> <vt-ui-sandbox-icon-row class="me-2"><template shadowrootmode="open"><!----> <!--?lit$336419335$--><div class="hstack icons-row"> <!--?lit$336419335$--><!----><div class="box rounded-circle d-inline-flex align-middle bg-body attributed border "> <!--?lit$336419335$--><div data-tooltip-position="right" data-tooltip-text="VirusTotal Cuckoofork"> <!--?lit$336419335$--><!--?lit$336419335$--><svg width="1em" height="1em" viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg">
<path d="M17.1562 20.7656L6.1875 10.9844L5.71875 10.5312L11.0781 9.76562L15.2812 3.625L15.8594 4.45312L16.7344 4.82812L18.8281 11.2188L17.2344 13.625L17.1562 20.7656Z" fill="#CFDDFC"></path>
<path fill-rule="evenodd" clip-rule="evenodd" d="M15.625 2.14062L16.3906 4.09375L16.9363 3.32736L19.5882 11.2036L17.6256 14.3033L21 18.1061L20.1509 19.1647L17.8594 16.5V22L3.85938 10.2301L10.3521 8.99113L10.7344 9.34375L15.625 2.14062ZM15.5 4.5L11.5859 10.1094L12.3594 10.9531L16 5.5L15.5 4.5ZM11.7344 11.8125L10.1094 10.2301L6.71875 10.9531L10.3521 13.6562L11.7344 11.8125ZM16.7031 6.41157L11.1484 14.4922L14.1929 17.2212L18.3225 10.8363L16.7031 6.41157ZM15.2902 18.1061L16.8594 19.5V15.5L15.2902 18.1061Z" fill="#0B4DDA"></path>
</svg>
<!--?--> </div> </div><!----> </div><!--?--></template></vt-ui-sandbox-icon-row> <div class="icon " id="item-9" hidden=""> <!--?lit$336419335$--> </div> <!--?lit$336419335$--><span><!--?lit$336419335$-->TCP 195.22.28.198:80 (alonecatch.net)</span> </li> <!----> </ul> <vt-ui-expand-button initial-count="10"><template shadowrootmode="open"><!----> <!--?lit$336419335$--> <svg xmlns="http://www.w3.org/2000/svg" fill="currentColor"> <g> <path stroke-miterlimit="10" d="M18.9,3.5"></path> <path d="M12,14.9L12,14.9c-0.1,0-0.3-0.1-0.4-0.1L7.9,11c-0.2-0.2-0.2-0.5,0-0.7s0.5-0.2,0.7,0l3.4,3.4l3.4-3.4 c0.2-0.2,0.5-0.2,0.7,0s0.2,0.5,0,0.7l-3.7,3.7C12.3,14.8,12.1,14.9,12,14.9z"></path> </g> </svg> </template> </vt-ui-expand-button> </template> </vt-ui-simple-multipivots-expandable-list> </vt-ui-expandable-entry> <!--?lit$336419335$--> <!--?lit$336419335$--> <!--?lit$336419335$--> <!--?lit$336419335$--> <!--?lit$336419335$--> <!--?lit$336419335$--> </div> </vt-ui-expandable> </template></network-communication> <!--?lit$
<path d="M11.31 16.649h1.4V11.02h-1.4v5.629Zm.687-7.28a.75.75 0 0 0 .55-.217.738.738 0 0 0 .22-.547.751.751 0 0 0-.217-.55.738.738 0 0 0-.547-.22.75.75 0 0 0-.55.217.738.738 0 0 0-.22.547.75.75 0 0 0 .764.77Zm.005 11.93a9.05 9.05 0 0 1-3.626-.734 9.395 9.395 0 0 1-2.954-1.99 9.407 9.407 0 0 1-1.988-2.951 9.034 9.034 0 0 1-.732-3.622 9.05 9.05 0 0 1 .733-3.626 9.394 9.394 0 0 1 1.99-2.954 9.406 9.406 0 0 1 2.951-1.988 9.034 9.034 0 0 1 3.622-.732 9.05 9.05 0 0 1 3.626.733 9.394 9.394 0 0 1 2.954 1.99 9.406 9.406 0 0 1 1.988 2.951 9.034 9.034 0 0 1 .732 3.622 9.05 9.05 0 0 1-.733 3.626 9.394 9.394 0 0 1-1.99 2.954 9.405 9.405 0 0 1-2.951 1.988 9.033 9.033 0 0 1-3.622.732Zm-.002-1.4c2.198 0 4.064-.767 5.598-2.3 1.534-1.534 2.301-3.4 2.301-5.599 0-2.198-.767-4.064-2.3-5.598C16.064 4.868 14.198 4.1 12 4.1c-2.198 0-4.064.767-5.598 2.3C4.868 7.936 4.1 9.802 4.1 12c0 2.198.767 4.064 2.3 5.598C7.936 19.132 9.802 19.9 12 19.9Z"></path>
</svg>
<!--?--> </a> <vt-ui-tooltip for="info" position="right" animation-delay="0" class="tooltip-info" noink=""><template shadowrootmode="open"><!----> <div class="tooltip bs-tooltip-auto" role="tooltip" data-popper-reference-hidden="" data-popper-escaped="" data-popper-placement="right" style="position: absolute; inset: 0px auto auto 0px; margin: 0px; transform: translate3d(5.84795px, 0px, 0px);"> <div data-popper-arrow="" class="tooltip-arrow" style="position: absolute; top: 0px; transform: translate3d(0px, 0px, 0px);"></div> <div class="tooltip-inner"> <slot></slot> </div> </div> </template><!--?lit$336419335$-->Identifiers that cluster similar entities. </vt-ui-tooltip> <!--?lit$336419335$--> <!--?lit$336419335$--> <span class="ms-auto"><!--?lit$336419335$--></span> <!--?lit$336419335$--> <slot name="header-right-side"></slot> <!--?lit$336419335$--> </slot> <!--?lit$336419335$--> <a role="button" class="hstack"><!--?lit$336419335$--><!--?lit$336419335$--><svg xmlns="http://www.w3.org/2000/svg" width="1em" he
<path d="m7.4 15.038-1.054-1.053L12 8.33l5.654 5.654-1.054 1.053-4.6-4.6-4.6 4.6Z"></path>
</svg>
<!--?--></a> </div> <div class="details "> <!--?lit$336419335$--> <!--?lit$336419335$--> <slot name="content"></slot> </div> </div> </template> <span slot="content"> <vt-ui-key-val-table class="mb-4"><template shadowrootmode="open"><!----> <div class="properties"> <div class="property-list" style="width:100%"> <!--?lit$336419335$--><!----> <div class="hstack gap-2" style="width:100%"> <!--?lit$336419335$--><div class="text-truncate" style="flex:0 1 20%"> <!--?lit$336419335$--> <span class="label text-truncate" title="CAPA"><!--?lit$336419335$-->CAPA</span> </div> <div style="flex:0 1 80%" class="value text-truncate"> <!--?lit$336419335$--> <vt-ui-sandbox-icon-row class="me-2"><template shadowrootmode="open"><!----> <!--?lit$336419335$--><div class="hstack icons-row"> <!--?lit$336419335$--> </div><!--?--></template></vt-ui-sandbox-icon-row> <!--?lit$336419335$--> <a class="styled-link text-truncate" href="https://www.virustotal.com/gui/search/behash%253Aa9b83c48f651f7ebc1455ce01badf108" target="_blank">
<path d="M11.31 16.649h1.4V11.02h-1.4v5.629Zm.687-7.28a.75.75 0 0 0 .55-.217.738.738 0 0 0 .22-.547.751.751 0 0 0-.217-.55.738.738 0 0 0-.547-.22.75.75 0 0 0-.55.217.738.738 0 0 0-.22.547.75.75 0 0 0 .764.77Zm.005 11.93a9.05 9.05 0 0 1-3.626-.734 9.395 9.395 0 0 1-2.954-1.99 9.407 9.407 0 0 1-1.988-2.951 9.034 9.034 0 0 1-.732-3.622 9.05 9.05 0 0 1 .733-3.626 9.394 9.394 0 0 1 1.99-2.954 9.406 9.406 0 0 1 2.951-1.988 9.034 9.034 0 0 1 3.622-.732 9.05 9.05 0 0 1 3.626.733 9.394 9.394 0 0 1 2.954 1.99 9.406 9.406 0 0 1 1.988 2.951 9.034 9.034 0 0 1 .732 3.622 9.05 9.05 0 0 1-.733 3.626 9.394 9.394 0 0 1-1.99 2.954 9.405 9.405 0 0 1-2.951 1.988 9.033 9.033 0 0 1-3.622.732Zm-.002-1.4c2.198 0 4.064-.767 5.598-2.3 1.534-1.534 2.301-3.4 2.301-5.599 0-2.198-.767-4.064-2.3-5.598C16.064 4.868 14.198 4.1 12 4.1c-2.198 0-4.064.767-5.598 2.3C4.868 7.936 4.1 9.802 4.1 12c0 2.198.767 4.064 2.3 5.598C7.936 19.132 9.802 19.9 12 19.9Z"></path>
</svg>
<!--?--> </a> <vt-ui-tooltip for="info" position="right" animation-delay="0" class="tooltip-info" noink=""><template shadowrootmode="open"><!----> <div class="tooltip bs-tooltip-auto" role="tooltip" data-popper-reference-hidden="" data-popper-escaped="" data-popper-placement="right" style="position: absolute; inset: 0px auto auto 0px; margin: 0px; transform: translate3d(5.84795px, 0px, 0px);"> <div data-popper-arrow="" class="tooltip-arrow" style="position: absolute; top: 0px; transform: translate3d(0px, 0px, 0px);"></div> <div class="tooltip-inner"> <slot></slot> </div> </div> </template><!--?lit$336419335$-->When executing the file being studied, it performed the following actions on the file system of the sandbox environment. </vt-ui-tooltip> <!--?lit$336419335$--> <!--?lit$336419335$--> <span class="ms-auto"><!--?lit$336419335$--></span> <!--?lit$336419335$--> <slot name="header-right-side"></slot> <!--?lit$336419335$--> </slot> <!--?lit$336419335$--> <a role="button" class="hstack"><!--?lit$336419335$-
<path d="m7.4 15.038-1.054-1.053L12 8.33l5.654 5.654-1.054 1.053-4.6-4.6-4.6 4.6Z"></path>
</svg>
<!--?--></a> </div> <div class="details "> <!--?lit$336419335$--> <!--?lit$336419335$--> <slot name="content"></slot> </div> </div> </template> <div slot="content" class="vstack gap-2"> <!--?lit$336419335$--> <vt-ui-expandable-entry description="When executing the file being studied, it opened the following files. Opening a file does not necessarily mean writing to it or modifying it." id="files-opened"><template shadowrootmode="open"><!----> <section> <!--?lit$336419335$--> <!--?lit$336419335$--><h4 id="section-title"> <!--?lit$336419335$-->Files opened <!--?lit$336419335$--> </h4> <!--?lit$336419335$--> <!--?lit$336419335$--><vt-ui-tooltip for="section-title" position="right"><template shadowrootmode="open"><!----> <div class="tooltip bs-tooltip-auto" role="tooltip" data-popper-reference-hidden="" data-popper-escaped="" data-popper-placement="right" style="position: absolute; inset: 0px auto auto 0px; margin: 0px; transform: translate3d(5.84795px, 0px, 0px);"> <div data-popper-arrow="" class="tooltip-a
<path d="M6.18844 18.4529C6.18844 18.4529 4.13057 16.586 3.59932 12.5028C3.06807 8.41949 4.75523 5.8289 6.88217 3.82163C9.00912 1.81437 12.1772 1.27818 14.3732 3.16859C16.5692 5.05899 18.3264 8.44208 15.9913 10.7528C15.9913 10.7528 12.7084 7.08884 7.99138 10.6359C4.75426 13.366 6.18844 18.4529 6.18844 18.4529Z" fill="#FF001D"></path>
<path d="M13.009 22C13.009 22 8.61594 21.2998 7.38317 17.0997C6.1504 12.8995 8.06134 10.9237 10.6203 10.2078C10.6203 10.2078 9.69595 12.4173 11.6526 12.9771C13.6093 13.5369 15.7985 13.1018 17.3553 10.69C17.3553 10.6585 18.049 9.7099 17.7562 6.73828C17.7562 6.73828 18.7116 8.60511 20.5 9.44475C20.5 9.44475 19.3752 10.6271 20.4533 12.93C20.4533 12.93 18.6503 13.4593 18.7574 15.8859C18.7574 15.8859 16.6304 15.8083 16.1527 18.4843C16.1527 18.4843 12.4699 18.6709 13.009 22Z" fill="#222222"></path>
</svg>
<!--?--> </div> </div><!----> </div><!--?--></template></vt-ui-sandbox-icon-row> <div class="icon " id="item-0" hidden=""> <!--?lit$336419335$--> </div> <!--?lit$336419335$--> <span><!--?lit$336419335$-->C:\ProgramData</span> <span hidden=""> <a href="https://www.virustotal.com/gui/" class="overflow-wrap-anywhere "><!--?lit$336419335$-->C:\ProgramData</a> </span> </li> <!----><!----> <li class="hstack"> <!--?lit$336419335$--> <vt-ui-sandbox-icon-row class="me-2"><template shadowrootmode="open"><!----> <!--?lit$336419335$--><div class="hstack icons-row"> <!--?lit$336419335$--><!----><div class="box rounded-circle d-inline-flex align-middle bg-body attributed border "> <!--?lit$336419335$--><div data-tooltip-position="right" data-tooltip-text="CAPE Sandbox"> <!--?lit$336419335$--><!--?lit$336419335$--><svg width="1em" height="1em" viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg">
<path d="M6.18844 18.4529C6.18844 18.4529 4.13057 16.586 3.59932 12.5028C3.06807 8.41949 4.75523 5.8289 6.88217 3.82163C9.00912 1.81437 12.1772 1.27818 14.3732 3.16859C16.5692 5.05899 18.3264 8.44208 15.9913 10.7528C15.9913 10.7528 12.7084 7.08884 7.99138 10.6359C4.75426 13.366 6.18844 18.4529 6.18844 18.4529Z" fill="#FF001D"></path>
<path d="M13.009 22C13.009 22 8.61594 21.2998 7.38317 17.0997C6.1504 12.8995 8.06134 10.9237 10.6203 10.2078C10.6203 10.2078 9.69595 12.4173 11.6526 12.9771C13.6093 13.5369 15.7985 13.1018 17.3553 10.69C17.3553 10.6585 18.049 9.7099 17.7562 6.73828C17.7562 6.73828 18.7116 8.60511 20.5 9.44475C20.5 9.44475 19.3752 10.6271 20.4533 12.93C20.4533 12.93 18.6503 13.4593 18.7574 15.8859C18.7574 15.8859 16.6304 15.8083 16.1527 18.4843C16.1527 18.4843 12.4699 18.6709 13.009 22Z" fill="#222222"></path>
</svg>
<!--?--> </div> </div><!----> </div><!--?--></template></vt-ui-sandbox-icon-row> <div class="icon " id="item-1" hidden=""> <!--?lit$336419335$--> </div> <!--?lit$336419335$--> <span><!--?lit$336419335$-->C:\ProgramData\</span> <span hidden=""> <a href="https://www.virustotal.com/gui/" class="overflow-wrap-anywhere "><!--?lit$336419335$-->C:\ProgramData\</a> </span> </li> <!----><!----> <li class="hstack"> <!--?lit$336419335$--> <vt-ui-sandbox-icon-row class="me-2"><template shadowrootmode="open"><!----> <!--?lit$336419335$--><div class="hstack icons-row"> <!--?lit$336419335$--><!----><div class="box rounded-circle d-inline-flex align-middle bg-body attributed border "> <!--?lit$336419335$--><div data-tooltip-position="right" data-tooltip-text="CAPE Sandbox"> <!--?lit$336419335$--><!--?lit$336419335$--><svg width="1em" height="1em" viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg">
<path d="M6.18844 18.4529C6.18844 18.4529 4.13057 16.586 3.59932 12.5028C3.06807 8.41949 4.75523 5.8289 6.88217 3.82163C9.00912 1.81437 12.1772 1.27818 14.3732 3.16859C16.5692 5.05899 18.3264 8.44208 15.9913 10.7528C15.9913 10.7528 12.7084 7.08884 7.99138 10.6359C4.75426 13.366 6.18844 18.4529 6.18844 18.4529Z" fill="#FF001D"></path>
<path d="M13.009 22C13.009 22 8.61594 21.2998 7.38317 17.0997C6.1504 12.8995 8.06134 10.9237 10.6203 10.2078C10.6203 10.2078 9.69595 12.4173 11.6526 12.9771C13.6093 13.5369 15.7985 13.1018 17.3553 10.69C17.3553 10.6585 18.049 9.7099 17.7562 6.73828C17.7562 6.73828 18.7116 8.60511 20.5 9.44475C20.5 9.44475 19.3752 10.6271 20.4533 12.93C20.4533 12.93 18.6503 13.4593 18.7574 15.8859C18.7574 15.8859 16.6304 15.8083 16.1527 18.4843C16.1527 18.4843 12.4699 18.6709 13.009 22Z" fill="#222222"></path>
</svg>
<!--?--> </div> </div><!----> </div><!--?--></template></vt-ui-sandbox-icon-row> <div class="icon " id="item-2" hidden=""> <!--?lit$336419335$--> </div> <!--?lit$336419335$--> <span><!--?lit$336419335$-->C:\ProgramData\Microsoft</span> <span hidden=""> <a href="https://www.virustotal.com/gui/" class="overflow-wrap-anywhere "><!--?lit$336419335$-->C:\ProgramData\Microsoft</a> </span> </li> <!----><!----> <li class="hstack"> <!--?lit$336419335$--> <vt-ui-sandbox-icon-row class="me-2"><template shadowrootmode="open"><!----> <!--?lit$336419335$--><div class="hstack icons-row"> <!--?lit$336419335$--><!----><div class="box rounded-circle d-inline-flex align-middle bg-body attributed border "> <!--?lit$336419335$--><div data-tooltip-position="right" data-tooltip-text="CAPE Sandbox"> <!--?lit$336419335$--><!--?lit$336419335$--><svg width="1em" height="1em" viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg">
<path d="M6.18844 18.4529C6.18844 18.4529 4.13057 16.586 3.59932 12.5028C3.06807 8.41949 4.75523 5.8289 6.88217 3.82163C9.00912 1.81437 12.1772 1.27818 14.3732 3.16859C16.5692 5.05899 18.3264 8.44208 15.9913 10.7528C15.9913 10.7528 12.7084 7.08884 7.99138 10.6359C4.75426 13.366 6.18844 18.4529 6.18844 18.4529Z" fill="#FF001D"></path>
<path d="M13.009 22C13.009 22 8.61594 21.2998 7.38317 17.0997C6.1504 12.8995 8.06134 10.9237 10.6203 10.2078C10.6203 10.2078 9.69595 12.4173 11.6526 12.9771C13.6093 13.5369 15.7985 13.1018 17.3553 10.69C17.3553 10.6585 18.049 9.7099 17.7562 6.73828C17.7562 6.73828 18.7116 8.60511 20.5 9.44475C20.5 9.44475 19.3752 10.6271 20.4533 12.93C20.4533 12.93 18.6503 13.4593 18.7574 15.8859C18.7574 15.8859 16.6304 15.8083 16.1527 18.4843C16.1527 18.4843 12.4699 18.6709 13.009 22Z" fill="#222222"></path>
</svg>
<!--?--> </div> </div><!----> </div><!--?--></template></vt-ui-sandbox-icon-row> <div class="icon " id="item-3" hidden=""> <!--?lit$336419335$--> </div> <!--?lit$336419335$--> <span><!--?lit$336419335$-->C:\ProgramData\Microsoft\</span> <span hidden=""> <a href="https://www.virustotal.com/gui/" class="overflow-wrap-anywhere "><!--?lit$336419335$-->C:\ProgramData\Microsoft\</a> </span> </li> <!----><!----> <li class="hstack"> <!--?lit$336419335$--> <vt-ui-sandbox-icon-row class="me-2"><template shadowrootmode="open"><!----> <!--?lit$336419335$--><div class="hstack icons-row"> <!--?lit$336419335$--><!----><div class="box rounded-circle d-inline-flex align-middle bg-body attributed border "> <!--?lit$336419335$--><div data-tooltip-position="right" data-tooltip-text="CAPE Sandbox"> <!--?lit$336419335$--><!--?lit$336419335$--><svg width="1em" height="1em" viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg">
<path d="M6.18844 18.4529C6.18844 18.4529 4.13057 16.586 3.59932 12.5028C3.06807 8.41949 4.75523 5.8289 6.88217 3.82163C9.00912 1.81437 12.1772 1.27818 14.3732 3.16859C16.5692 5.05899 18.3264 8.44208 15.9913 10.7528C15.9913 10.7528 12.7084 7.08884 7.99138 10.6359C4.75426 13.366 6.18844 18.4529 6.18844 18.4529Z" fill="#FF001D"></path>
<path d="M13.009 22C13.009 22 8.61594 21.2998 7.38317 17.0997C6.1504 12.8995 8.06134 10.9237 10.6203 10.2078C10.6203 10.2078 9.69595 12.4173 11.6526 12.9771C13.6093 13.5369 15.7985 13.1018 17.3553 10.69C17.3553 10.6585 18.049 9.7099 17.7562 6.73828C17.7562 6.73828 18.7116 8.60511 20.5 9.44475C20.5 9.44475 19.3752 10.6271 20.4533 12.93C20.4533 12.93 18.6503 13.4593 18.7574 15.8859C18.7574 15.8859 16.6304 15.8083 16.1527 18.4843C16.1527 18.4843 12.4699 18.6709 13.009 22Z" fill="#222222"></path>
</svg>
<!--?--> </div> </div><!----> </div><!--?--></template></vt-ui-sandbox-icon-row> <div class="icon " id="item-4" hidden=""> <!--?lit$336419335$--> </div> <!--?lit$336419335$--> <span><!--?lit$336419335$-->C:\ProgramData\Microsoft\MapData\diskcache</span> <span hidden=""> <a href="https://www.virustotal.com/gui/" class="overflow-wrap-anywhere "><!--?lit$336419335$-->C:\ProgramData\Microsoft\MapData\diskcache</a> </span> </li> <!----><!----> <li class="hstack"> <!--?lit$336419335$--> <vt-ui-sandbox-icon-row class="me-2"><template shadowrootmode="open"><!----> <!--?lit$336419335$--><div class="hstack icons-row"> <!--?lit$336419335$--><!----><div class="box rounded-circle d-inline-flex align-middle bg-body attributed border "> <!--?lit$336419335$--><div data-tooltip-position="right" data-tooltip-text="CAPE Sandbox"> <!--?lit$336419335$--><!--?lit$336419335$--><svg width="1em" height="1em" viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg">
<path d="M6.18844 18.4529C6.18844 18.4529 4.13057 16.586 3.59932 12.5028C3.06807 8.41949 4.75523 5.8289 6.88217 3.82163C9.00912 1.81437 12.1772 1.27818 14.3732 3.16859C16.5692 5.05899 18.3264 8.44208 15.9913 10.7528C15.9913 10.7528 12.7084 7.08884 7.99138 10.6359C4.75426 13.366 6.18844 18.4529 6.18844 18.4529Z" fill="#FF001D"></path>
<path d="M13.009 22C13.009 22 8.61594 21.2998 7.38317 17.0997C6.1504 12.8995 8.06134 10.9237 10.6203 10.2078C10.6203 10.2078 9.69595 12.4173 11.6526 12.9771C13.6093 13.5369 15.7985 13.1018 17.3553 10.69C17.3553 10.6585 18.049 9.7099 17.7562 6.73828C17.7562 6.73828 18.7116 8.60511 20.5 9.44475C20.5 9.44475 19.3752 10.6271 20.4533 12.93C20.4533 12.93 18.6503 13.4593 18.7574 15.8859C18.7574 15.8859 16.6304 15.8083 16.1527 18.4843C16.1527 18.4843 12.4699 18.6709 13.009 22Z" fill="#222222"></path>
</svg>
<!--?--> </div> </div><!----> </div><!--?--></template></vt-ui-sandbox-icon-row> <div class="icon " id="item-5" hidden=""> <!--?lit$336419335$--> </div> <!--?lit$336419335$--> <span><!--?lit$336419335$-->C:\ProgramData\Microsoft\MapData\mapscache</span> <span hidden=""> <a href="https://www.virustotal.com/gui/" class="overflow-wrap-anywhere "><!--?lit$336419335$-->C:\ProgramData\Microsoft\MapData\mapscache</a> </span> </li> <!----><!----> <li class="hstack"> <!--?lit$336419335$--> <vt-ui-sandbox-icon-row class="me-2"><template shadowrootmode="open"><!----> <!--?lit$336419335$--><div class="hstack icons-row"> <!--?lit$336419335$--><!----><div class="box rounded-circle d-inline-flex align-middle bg-body attributed border "> <!--?lit$336419335$--><div data-tooltip-position="right" data-tooltip-text="CAPE Sandbox"> <!--?lit$336419335$--><!--?lit$336419335$--><svg width="1em" height="1em" viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg">
<path d="M6.18844 18.4529C6.18844 18.4529 4.13057 16.586 3.59932 12.5028C3.06807 8.41949 4.75523 5.8289 6.88217 3.82163C9.00912 1.81437 12.1772 1.27818 14.3732 3.16859C16.5692 5.05899 18.3264 8.44208 15.9913 10.7528C15.9913 10.7528 12.7084 7.08884 7.99138 10.6359C4.75426 13.366 6.18844 18.4529 6.18844 18.4529Z" fill="#FF001D"></path>
<path d="M13.009 22C13.009 22 8.61594 21.2998 7.38317 17.0997C6.1504 12.8995 8.06134 10.9237 10.6203 10.2078C10.6203 10.2078 9.69595 12.4173 11.6526 12.9771C13.6093 13.5369 15.7985 13.1018 17.3553 10.69C17.3553 10.6585 18.049 9.7099 17.7562 6.73828C17.7562 6.73828 18.7116 8.60511 20.5 9.44475C20.5 9.44475 19.3752 10.6271 20.4533 12.93C20.4533 12.93 18.6503 13.4593 18.7574 15.8859C18.7574 15.8859 16.6304 15.8083 16.1527 18.4843C16.1527 18.4843 12.4699 18.6709 13.009 22Z" fill="#222222"></path>
</svg>
<!--?--> </div> </div><!----> </div><!--?--></template></vt-ui-sandbox-icon-row> <div class="icon " id="item-6" hidden=""> <!--?lit$336419335$--> </div> <!--?lit$336419335$--> <span><!--?lit$336419335$-->C:\ProgramData\Microsoft\Network</span> <span hidden=""> <a href="https://www.virustotal.com/gui/" class="overflow-wrap-anywhere "><!--?lit$336419335$-->C:\ProgramData\Microsoft\Network</a> </span> </li> <!----><!----> <li class="hstack"> <!--?lit$336419335$--> <vt-ui-sandbox-icon-row class="me-2"><template shadowrootmode="open"><!----> <!--?lit$336419335$--><div class="hstack icons-row"> <!--?lit$336419335$--><!----><div class="box rounded-circle d-inline-flex align-middle bg-body attributed border "> <!--?lit$336419335$--><div data-tooltip-position="right" data-tooltip-text="CAPE Sandbox"> <!--?lit$336419335$--><!--?lit$336419335$--><svg width="1em" height="1em" viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg">
<path d="M6.18844 18.4529C6.18844 18.4529 4.13057 16.586 3.59932 12.5028C3.06807 8.41949 4.75523 5.8289 6.88217 3.82163C9.00912 1.81437 12.1772 1.27818 14.3732 3.16859C16.5692 5.05899 18.3264 8.44208 15.9913 10.7528C15.9913 10.7528 12.7084 7.08884 7.99138 10.6359C4.75426 13.366 6.18844 18.4529 6.18844 18.4529Z" fill="#FF001D"></path>
<path d="M13.009 22C13.009 22 8.61594 21.2998 7.38317 17.0997C6.1504 12.8995 8.06134 10.9237 10.6203 10.2078C10.6203 10.2078 9.69595 12.4173 11.6526 12.9771C13.6093 13.5369 15.7985 13.1018 17.3553 10.69C17.3553 10.6585 18.049 9.7099 17.7562 6.73828C17.7562 6.73828 18.7116 8.60511 20.5 9.44475C20.5 9.44475 19.3752 10.6271 20.4533 12.93C20.4533 12.93 18.6503 13.4593 18.7574 15.8859C18.7574 15.8859 16.6304 15.8083 16.1527 18.4843C16.1527 18.4843 12.4699 18.6709 13.009 22Z" fill="#222222"></path>
</svg>
<!--?--> </div> </div><!----> </div><!--?--></template></vt-ui-sandbox-icon-row> <div class="icon " id="item-7" hidden=""> <!--?lit$336419335$--> </div> <!--?lit$336419335$--> <span><!--?lit$336419335$-->C:\ProgramData\Microsoft\Network\</span> <span hidden=""> <a href="https://www.virustotal.com/gui/" class="overflow-wrap-anywhere "><!--?lit$336419335$-->C:\ProgramData\Microsoft\Network\</a> </span> </li> <!----><!----> <li class="hstack"> <!--?lit$336419335$--> <vt-ui-sandbox-icon-row class="me-2"><template shadowrootmode="open"><!----> <!--?lit$336419335$--><div class="hstack icons-row"> <!--?lit$336419335$--><!----><div class="box rounded-circle d-inline-flex align-middle bg-body attributed border "> <!--?lit$336419335$--><div data-tooltip-position="right" data-tooltip-text="CAPE Sandbox"> <!--?lit$336419335$--><!--?lit$336419335$--><svg width="1em" height="1em" viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg">
<path d="M6.18844 18.4529C6.18844 18.4529 4.13057 16.586 3.59932 12.5028C3.06807 8.41949 4.75523 5.8289 6.88217 3.82163C9.00912 1.81437 12.1772 1.27818 14.3732 3.16859C16.5692 5.05899 18.3264 8.44208 15.9913 10.7528C15.9913 10.7528 12.7084 7.08884 7.99138 10.6359C4.75426 13.366 6.18844 18.4529 6.18844 18.4529Z" fill="#FF001D"></path>
<path d="M13.009 22C13.009 22 8.61594 21.2998 7.38317 17.0997C6.1504 12.8995 8.06134 10.9237 10.6203 10.2078C10.6203 10.2078 9.69595 12.4173 11.6526 12.9771C13.6093 13.5369 15.7985 13.1018 17.3553 10.69C17.3553 10.6585 18.049 9.7099 17.7562 6.73828C17.7562 6.73828 18.7116 8.60511 20.5 9.44475C20.5 9.44475 19.3752 10.6271 20.4533 12.93C20.4533 12.93 18.6503 13.4593 18.7574 15.8859C18.7574 15.8859 16.6304 15.8083 16.1527 18.4843C16.1527 18.4843 12.4699 18.6709 13.009 22Z" fill="#222222"></path>
</svg>
<!--?--> </div> </div><!----> </div><!--?--></template></vt-ui-sandbox-icon-row> <div class="icon " id="item-8" hidden=""> <!--?lit$336419335$--> </div> <!--?lit$336419335$--> <span><!--?lit$336419335$-->C:\ProgramData\Microsoft\Network\Downloader</span> <span hidden=""> <a href="https://www.virustotal.com/gui/" class="overflow-wrap-anywhere "><!--?lit$336419335$-->C:\ProgramData\Microsoft\Network\Downloader</a> </span> </li> <!----><!----> <li class="hstack"> <!--?lit$336419335$--> <vt-ui-sandbox-icon-row class="me-2"><template shadowrootmode="open"><!----> <!--?lit$336419335$--><div class="hstack icons-row"> <!--?lit$336419335$--><!----><div class="box rounded-circle d-inline-flex align-middle bg-body attributed border "> <!--?lit$336419335$--><div data-tooltip-position="right" data-tooltip-text="CAPE Sandbox"> <!--?lit$336419335$--><!--?lit$336419335$--><svg width="1em" height="1em" viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg">
<path d="M6.18844 18.4529C6.18844 18.4529 4.13057 16.586 3.59932 12.5028C3.06807 8.41949 4.75523 5.8289 6.88217 3.82163C9.00912 1.81437 12.1772 1.27818 14.3732 3.16859C16.5692 5.05899 18.3264 8.44208 15.9913 10.7528C15.9913 10.7528 12.7084 7.08884 7.99138 10.6359C4.75426 13.366 6.18844 18.4529 6.18844 18.4529Z" fill="#FF001D"></path>
<path d="M13.009 22C13.009 22 8.61594 21.2998 7.38317 17.0997C6.1504 12.8995 8.06134 10.9237 10.6203 10.2078C10.6203 10.2078 9.69595 12.4173 11.6526 12.9771C13.6093 13.5369 15.7985 13.1018 17.3553 10.69C17.3553 10.6585 18.049 9.7099 17.7562 6.73828C17.7562 6.73828 18.7116 8.60511 20.5 9.44475C20.5 9.44475 19.3752 10.6271 20.4533 12.93C20.4533 12.93 18.6503 13.4593 18.7574 15.8859C18.7574 15.8859 16.6304 15.8083 16.1527 18.4843C16.1527 18.4843 12.4699 18.6709 13.009 22Z" fill="#222222"></path>
</svg>
<!--?--> </div> </div><!----> </div><!--?--></template></vt-ui-sandbox-icon-row> <div class="icon " id="item-9" hidden=""> <!--?lit$336419335$--> </div> <!--?lit$336419335$--> <span><!--?lit$336419335$-->C:\ProgramData\Microsoft\Windows\Caches</span> <span hidden=""> <a href="https://www.virustotal.com/gui/" class="overflow-wrap-anywhere "><!--?lit$336419335$-->C:\ProgramData\Microsoft\Windows\Caches</a> </span> </li> <!----> </ul> <vt-ui-expand-button initial-count="10"><template shadowrootmode="open"><!----> <!--?lit$336419335$--> <svg xmlns="http://www.w3.org/2000/svg" fill="currentColor"> <g> <path stroke-miterlimit="10" d="M18.9,3.5"></path> <path d="M12,14.9L12,14.9c-0.1,0-0.3-0.1-0.4-0.1L7.9,11c-0.2-0.2-0.2-0.5,0-0.7s0.5-0.2,0.7,0l3.4,3.4l3.4-3.4 c0.2-0.2,0.5-0.2,0.7,0s0.2,0.5,0,0.7l-3.7,3.7C12.3,14.8,12.1,14.9,12,14.9z"></path> </g> </svg> </template> </vt-ui-expand-button> </template></vt-ui-simple-expandable-list> </vt-ui-expandable-entry> <!--?lit$336419335$--> <vt-ui-expandable-entry descrip
<path d="M11.35 12.636H5.703V11.34h5.649V5.69h1.298v5.65h5.649v1.297H12.65v5.65h-1.298v-5.65Z"></path>
</svg>
<!--?--> <span id="slot"><slot></slot></span> <!--?lit$336419335$--> </span> </span> <div class="spinner"> <div class="bounce1"></div> <div class="bounce2"></div> <div class="bounce3"></div> </div> </template></vt-ui-button> <div id="label"> <slot name="label-content"> <!--?lit$336419335$-->C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp </slot> </div> </div> <div id="content" hidden=""> <slot name="content"></slot> </div> </template> <!--?lit$336419335$--> <span slot="content"> <vt-ui-key-val-table><template shadowrootmode="open"><!----> <div class="properties"> <div class="property-list" style="width:100%"> <!--?lit$336419335$--><!----> <div class="hstack gap-2" style="width:100%"> <!--?lit$336419335$--><div class="text-truncate" style="flex:0 1 20%"> <!--?lit$336419335$--> <span class="label text-truncate" title="command line"><!--?lit$336419335$-->command line</span> </div> <div style="flex:0 1 80%" class="value text-truncate"> <!--?lit$336419335$--> <vt-ui-sandbox-
<path d="M11.35 12.636H5.703V11.34h5.649V5.69h1.298v5.65h5.649v1.297H12.65v5.65h-1.298v-5.65Z"></path>
</svg>
<!--?--> <span id="slot"><slot></slot></span> <!--?lit$336419335$--> </span> </span> <div class="spinner"> <div class="bounce1"></div> <div class="bounce2"></div> <div class="bounce3"></div> </div> </template></vt-ui-button> <div id="label"> <slot name="label-content"> <!--?lit$336419335$-->C:\Windows\jikdfcd\wpmrjco </slot> </div> </div> <div id="content" hidden=""> <slot name="content"></slot> </div> </template> <!--?lit$336419335$--> <span slot="content"> <vt-ui-key-val-table><template shadowrootmode="open"><!----> <div class="properties"> <div class="property-list" style="width:100%"> <!--?lit$336419335$--><!----> <div class="hstack gap-2" style="width:100%"> <!--?lit$336419335$--><div class="text-truncate" style="flex:0 1 20%"> <!--?lit$336419335$--> <span class="label text-truncate" title="command line"><!--?lit$336419335$-->command line</span> </div> <div style="flex:0 1 80%" class="value text-truncate"> <!--?lit$336419335$--> <vt-ui-sandbox-icon-row class="me-2"><template shadowrootmode="open"><!--
<path d="M11.35 12.636H5.703V11.34h5.649V5.69h1.298v5.65h5.649v1.297H12.65v5.65h-1.298v-5.65Z"></path>
</svg>
<!--?--> <span id="slot"><slot></slot></span> <!--?lit$336419335$--> </span> </span> <div class="spinner"> <div class="bounce1"></div> <div class="bounce2"></div> <div class="bounce3"></div> </div> </template></vt-ui-button> <div id="label"> <slot name="label-content"> <!--?lit$336419335$-->C:\jikdfcd\ghf6ggvibnb0nvnompe.exe </slot> </div> </div> <div id="content" hidden=""> <slot name="content"></slot> </div> </template> <!--?lit$336419335$--> <span slot="content"> <vt-ui-key-val-table><template shadowrootmode="open"><!----> <div class="properties"> <div class="property-list" style="width:100%"> <!--?lit$336419335$--><!----> <div class="hstack gap-2" style="width:100%"> <!--?lit$336419335$--><div class="text-truncate" style="flex:0 1 20%"> <!--?lit$336419335$--> <span class="label text-truncate" title="command line"><!--?lit$336419335$-->command line</span> </div> <div style="flex:0 1 80%" class="value text-truncate"> <!--?lit$336419335$--> <vt-ui-sandbox-icon-row class="me-2"><template shadowrootmode="op
<path d="M11.35 12.636H5.703V11.34h5.649V5.69h1.298v5.65h5.649v1.297H12.65v5.65h-1.298v-5.65Z"></path>
</svg>
<!--?--> <span id="slot"><slot></slot></span> <!--?lit$336419335$--> </span> </span> <div class="spinner"> <div class="bounce1"></div> <div class="bounce2"></div> <div class="bounce3"></div> </div> </template></vt-ui-button> <div id="label"> <slot name="label-content"> <!--?lit$336419335$-->C:\jikdfcd\gnw3wntk </slot> </div> </div> <div id="content" hidden=""> <slot name="content"></slot> </div> </template> <!--?lit$336419335$--> <span slot="content"> <vt-ui-key-val-table><template shadowrootmode="open"><!----> <div class="properties"> <div class="property-list" style="width:100%"> <!--?lit$336419335$--><!----> <div class="hstack gap-2" style="width:100%"> <!--?lit$336419335$--><div class="text-truncate" style="flex:0 1 20%"> <!--?lit$336419335$--> <span class="label text-truncate" title="command line"><!--?lit$336419335$-->command line</span> </div> <div style="flex:0 1 80%" class="value text-truncate"> <!--?lit$336419335$--> <vt-ui-sandbox-icon-row class="me-2"><template shadowrootmode="open"><!----> <!-
<path d="M11.35 12.636H5.703V11.34h5.649V5.69h1.298v5.65h5.649v1.297H12.65v5.65h-1.298v-5.65Z"></path>
</svg>
<!--?--> <span id="slot"><slot></slot></span> <!--?lit$336419335$--> </span> </span> <div class="spinner"> <div class="bounce1"></div> <div class="bounce2"></div> <div class="bounce3"></div> </div> </template></vt-ui-button> <div id="label"> <slot name="label-content"> <!--?lit$336419335$-->C:\jikdfcd\icdpsugdtfd </slot> </div> </div> <div id="content" hidden=""> <slot name="content"></slot> </div> </template> <!--?lit$336419335$--> <span slot="content"> <vt-ui-key-val-table><template shadowrootmode="open"><!----> <div class="properties"> <div class="property-list" style="width:100%"> <!--?lit$336419335$--><!----> <div class="hstack gap-2" style="width:100%"> <!--?lit$336419335$--><div class="text-truncate" style="flex:0 1 20%"> <!--?lit$336419335$--> <span class="label text-truncate" title="command line"><!--?lit$336419335$-->command line</span> </div> <div style="flex:0 1 80%" class="value text-truncate"> <!--?lit$336419335$--> <vt-ui-sandbox-icon-row class="me-2"><template shadowrootmode="open"><!---->
<path d="M11.35 12.636H5.703V11.34h5.649V5.69h1.298v5.65h5.649v1.297H12.65v5.65h-1.298v-5.65Z"></path>
</svg>
<!--?--> <span id="slot"><slot></slot></span> <!--?lit$336419335$--> </span> </span> <div class="spinner"> <div class="bounce1"></div> <div class="bounce2"></div> <div class="bounce3"></div> </div> </template></vt-ui-button> <div id="label"> <slot name="label-content"> <!--?lit$336419335$-->C:\jikdfcd\jvkhijxqnrz.exe </slot> </div> </div> <div id="content" hidden=""> <slot name="content"></slot> </div> </template> <!--?lit$336419335$--> <span slot="content"> <vt-ui-key-val-table><template shadowrootmode="open"><!----> <div class="properties"> <div class="property-list" style="width:100%"> <!--?lit$336419335$--><!----> <div class="hstack gap-2" style="width:100%"> <!--?lit$336419335$--><div class="text-truncate" style="flex:0 1 20%"> <!--?lit$336419335$--> <span class="label text-truncate" title="command line"><!--?lit$336419335$-->command line</span> </div> <div style="flex:0 1 80%" class="value text-truncate"> <!--?lit$336419335$--> <vt-ui-sandbox-icon-row class="me-2"><template shadowrootmode="open"><!--
<path d="M11.35 12.636H5.703V11.34h5.649V5.69h1.298v5.65h5.649v1.297H12.65v5.65h-1.298v-5.65Z"></path>
</svg>
<!--?--> <span id="slot"><slot></slot></span> <!--?lit$336419335$--> </span> </span> <div class="spinner"> <div class="bounce1"></div> <div class="bounce2"></div> <div class="bounce3"></div> </div> </template></vt-ui-button> <div id="label"> <slot name="label-content"> <!--?lit$336419335$-->C:\jikdfcd\wibmcmzur.exe </slot> </div> </div> <div id="content" hidden=""> <slot name="content"></slot> </div> </template> <!--?lit$336419335$--> <span slot="content"> <vt-ui-key-val-table><template shadowrootmode="open"><!----> <div class="properties"> <div class="property-list" style="width:100%"> <!--?lit$336419335$--><!----> <div class="hstack gap-2" style="width:100%"> <!--?lit$336419335$--><div class="text-truncate" style="flex:0 1 20%"> <!--?lit$336419335$--> <span class="label text-truncate" title="command line"><!--?lit$336419335$-->command line</span> </div> <div style="flex:0 1 80%" class="value text-truncate"> <!--?lit$336419335$--> <vt-ui-sandbox-icon-row class="me-2"><template shadowrootmode="open"><!----
<path d="M11.35 12.636H5.703V11.34h5.649V5.69h1.298v5.65h5.649v1.297H12.65v5.65h-1.298v-5.65Z"></path>
</svg>
<!--?--> <span id="slot"><slot></slot></span> <!--?lit$336419335$--> </span> </span> <div class="spinner"> <div class="bounce1"></div> <div class="bounce2"></div> <div class="bounce3"></div> </div> </template></vt-ui-button> <div id="label"> <slot name="label-content"> <!--?lit$336419335$-->C:\jikdfcd\wpmrjco </slot> </div> </div> <div id="content" hidden=""> <slot name="content"></slot> </div> </template> <!--?lit$336419335$--> <span slot="content"> <vt-ui-key-val-table><template shadowrootmode="open"><!----> <div class="properties"> <div class="property-list" style="width:100%"> <!--?lit$336419335$--><!----> <div class="hstack gap-2" style="width:100%"> <!--?lit$336419335$--><div class="text-truncate" style="flex:0 1 20%"> <!--?lit$336419335$--> <span class="label text-truncate" title="command line"><!--?lit$336419335$-->command line</span> </div> <div style="flex:0 1 80%" class="value text-truncate"> <!--?lit$336419335$--> <vt-ui-sandbox-icon-row class="me-2"><template shadowrootmode="open"><!----> <!--
<path d="M11.35 12.636H5.703V11.34h5.649V5.69h1.298v5.65h5.649v1.297H12.65v5.65h-1.298v-5.65Z"></path>
</svg>
<!--?--> <span id="slot"><slot></slot></span> <!--?lit$336419335$--> </span> </span> <div class="spinner"> <div class="bounce1"></div> <div class="bounce2"></div> <div class="bounce3"></div> </div> </template></vt-ui-button> <div id="label"> <slot name="label-content"> <!--?lit$336419335$-->C:\WINDOWS\jikdfcd\wpmrjco </slot> </div> </div> <div id="content" hidden=""> <slot name="content"></slot> </div> </template> <!--?lit$336419335$--> <span slot="content"> <vt-ui-key-val-table><template shadowrootmode="open"><!----> <div class="properties"> <div class="property-list" style="width:100%"> <!--?lit$336419335$--> </div> <!--?lit$336419335$--> </div> </template></vt-ui-key-val-table> </span> </vt-ui-expandable-detail> <!----><!----> <vt-ui-expandable-detail hide-icon=""><template shadowrootmode="open"><!----> <div id="labelWrapper"> <vt-ui-button icon="" class="icon" is-expandable-control="" hidden=""><template shadowrootmode="open"><!----> <!--?lit$336419335$--> <span id="wrapperLink" class=" wrapperLink--no-
<path d="M11.35 12.636H5.703V11.34h5.649V5.69h1.298v5.65h5.649v1.297H12.65v5.65h-1.298v-5.65Z"></path>
</svg>
<!--?--> <span id="slot"><slot></slot></span> <!--?lit$336419335$--> </span> </span> <div class="spinner"> <div class="bounce1"></div> <div class="bounce2"></div> <div class="bounce3"></div> </div> </template></vt-ui-button> <div id="label"> <slot name="label-content"> <!--?lit$336419335$-->C:\jikdfcd\ghf1l5ebnb0nvnompe.exe </slot> </div> </div> <div id="content" hidden=""> <slot name="content"></slot> </div> </template> <!--?lit$336419335$--> <span slot="content"> <vt-ui-key-val-table><template shadowrootmode="open"><!----> <div class="properties"> <div class="property-list" style="width:100%"> <!--?lit$336419335$--> </div> <!--?lit$336419335$--> </div> </template></vt-ui-key-val-table> </span> </vt-ui-expandable-detail> <!----> <vt-ui-expand-button initial-count="10"><template shadowrootmode="open"><!----> <!--?lit$336419335$--> <svg xmlns="http://www.w3.org/2000/svg" fill="currentColor"> <g> <path stroke-miterlimit="10" d="M18.9,3.5"></path> <path d="M12,14.9L12,14.9c-0.1,0-0.3-0.1-0.4-0.1L7.9,11c-0.2-0.
<path d="M11.35 12.636H5.703V11.34h5.649V5.69h1.298v5.65h5.649v1.297H12.65v5.65h-1.298v-5.65Z"></path>
</svg>
<!--?--> <span id="slot"><slot></slot></span> <!--?lit$336419335$--> </span> </span> <div class="spinner"> <div class="bounce1"></div> <div class="bounce2"></div> <div class="bounce3"></div> </div> </template></vt-ui-button> <div id="label"> <slot name="label-content"> <!--?lit$336419335$-->C:\Windows\jikdfcd\wpmrjco </slot> </div> </div> <div id="content" hidden=""> <slot name="content"></slot> </div> </template> <!--?lit$336419335$--> <span slot="content"> <vt-ui-key-val-table><template shadowrootmode="open"><!----> <div class="properties"> <div class="property-list" style="width:100%"> <!--?lit$336419335$--><!----> <div class="hstack gap-2" style="width:100%"> <!--?lit$336419335$--><div class="text-truncate" style="flex:0 1 20%"> <!--?lit$336419335$--> <span class="label text-truncate" title="command line"><!--?lit$336419335$-->command line</span> </div> <div style="flex:0 1 80%" class="value text-truncate"> <!--?lit$336419335$--> <vt-ui-sandbox-icon-row class="me-2"><template shadowrootmode="open"><!--
<path d="M11.35 12.636H5.703V11.34h5.649V5.69h1.298v5.65h5.649v1.297H12.65v5.65h-1.298v-5.65Z"></path>
</svg>
<!--?--> <span id="slot"><slot></slot></span> <!--?lit$336419335$--> </span> </span> <div class="spinner"> <div class="bounce1"></div> <div class="bounce2"></div> <div class="bounce3"></div> </div> </template></vt-ui-button> <div id="label"> <slot name="label-content"> <!--?lit$336419335$-->C:\jikdfcd\ghf6ggvibnb0nvnompe.exe </slot> </div> </div> <div id="content" hidden=""> <slot name="content"></slot> </div> </template> <!--?lit$336419335$--> <span slot="content"> <vt-ui-key-val-table><template shadowrootmode="open"><!----> <div class="properties"> <div class="property-list" style="width:100%"> <!--?lit$336419335$--><!----> <div class="hstack gap-2" style="width:100%"> <!--?lit$336419335$--><div class="text-truncate" style="flex:0 1 20%"> <!--?lit$336419335$--> <span class="label text-truncate" title="command line"><!--?lit$336419335$-->command line</span> </div> <div style="flex:0 1 80%" class="value text-truncate"> <!--?lit$336419335$--> <vt-ui-sandbox-icon-row class="me-2"><template shadowrootmode="op
<path d="M11.35 12.636H5.703V11.34h5.649V5.69h1.298v5.65h5.649v1.297H12.65v5.65h-1.298v-5.65Z"></path>
</svg>
<!--?--> <span id="slot"><slot></slot></span> <!--?lit$336419335$--> </span> </span> <div class="spinner"> <div class="bounce1"></div> <div class="bounce2"></div> <div class="bounce3"></div> </div> </template></vt-ui-button> <div id="label"> <slot name="label-content"> <!--?lit$336419335$-->C:\WINDOWS\jikdfcd\wpmrjco </slot> </div> </div> <div id="content" hidden=""> <slot name="content"></slot> </div> </template> <!--?lit$336419335$--> <span slot="content"> <vt-ui-key-val-table><template shadowrootmode="open"><!----> <div class="properties"> <div class="property-list" style="width:100%"> <!--?lit$336419335$--> </div> <!--?lit$336419335$--> </div> </template></vt-ui-key-val-table> </span> </vt-ui-expandable-detail> <!----><!----> <vt-ui-expandable-detail hide-icon=""><template shadowrootmode="open"><!----> <div id="labelWrapper"> <vt-ui-button icon="" class="icon" is-expandable-control="" hidden=""><template shadowrootmode="open"><!----> <!--?lit$336419335$--> <span id="wrapperLink" class=" wrapperLink--no-
<path d="M11.35 12.636H5.703V11.34h5.649V5.69h1.298v5.65h5.649v1.297H12.65v5.65h-1.298v-5.65Z"></path>
</svg>
<!--?--> <span id="slot"><slot></slot></span> <!--?lit$336419335$--> </span> </span> <div class="spinner"> <div class="bounce1"></div> <div class="bounce2"></div> <div class="bounce3"></div> </div> </template></vt-ui-button> <div id="label"> <slot name="label-content"> <!--?lit$336419335$-->C:\jikdfcd\ghf1l5ebnb0nvnompe.exe </slot> </div> </div> <div id="content" hidden=""> <slot name="content"></slot> </div> </template> <!--?lit$336419335$--> <span slot="content"> <vt-ui-key-val-table><template shadowrootmode="open"><!----> <div class="properties"> <div class="property-list" style="width:100%"> <!--?lit$336419335$--> </div> <!--?lit$336419335$--> </div> </template></vt-ui-key-val-table> </span> </vt-ui-expandable-detail> <!----><!----> <vt-ui-expandable-detail><template shadowrootmode="open"><!----> <div id="labelWrapper"> <vt-ui-button icon="" class="icon" is-expandable-control=""><template shadowrootmode="open"><!----> <!--?lit$336419335$--> <span id="wrapperLink" class=" wrapperLink--no-empty-start-spac
<path d="M11.35 12.636H5.703V11.34h5.649V5.69h1.298v5.65h5.649v1.297H12.65v5.65h-1.298v-5.65Z"></path>
</svg>
<!--?--> <span id="slot"><slot></slot></span> <!--?lit$336419335$--> </span> </span> <div class="spinner"> <div class="bounce1"></div> <div class="bounce2"></div> <div class="bounce3"></div> </div> </template></vt-ui-button> <div id="label"> <slot name="label-content"> <!--?lit$336419335$-->C:\jikdfcd\ghf5hz6bnb0nvnompe.exe </slot> </div> </div> <div id="content" hidden=""> <slot name="content"></slot> </div> </template> <!--?lit$336419335$--> <span slot="content"> <vt-ui-key-val-table><template shadowrootmode="open"><!----> <div class="properties"> <div class="property-list" style="width:100%"> <!--?lit$336419335$--><!----> <div class="hstack gap-2" style="width:100%"> <!--?lit$336419335$--><div class="text-truncate" style="flex:0 1 20%"> <!--?lit$336419335$--> <span class="label text-truncate" title="command line"><!--?lit$336419335$-->command line</span> </div> <div style="flex:0 1 80%" class="value text-truncate"> <!--?lit$336419335$--> <vt-ui-sandbox-icon-row class="me-2"><template shadowrootmode="ope
<path d="M11.35 12.636H5.703V11.34h5.649V5.69h1.298v5.65h5.649v1.297H12.65v5.65h-1.298v-5.65Z"></path>
</svg>
<!--?--> <span id="slot"><slot></slot></span> <!--?lit$336419335$--> </span> </span> <div class="spinner"> <div class="bounce1"></div> <div class="bounce2"></div> <div class="bounce3"></div> </div> </template></vt-ui-button> <div id="label"> <slot name="label-content"> <!--?lit$336419335$-->C:\jikdfcd\ghf3jv8kbnb0nvnompe.exe </slot> </div> </div> <div id="content" hidden=""> <slot name="content"></slot> </div> </template> <!--?lit$336419335$--> <span slot="content"> <vt-ui-key-val-table><template shadowrootmode="open"><!----> <div class="properties"> <div class="property-list" style="width:100%"> <!--?lit$336419335$--><!----> <div class="hstack gap-2" style="width:100%"> <!--?lit$336419335$--><div class="text-truncate" style="flex:0 1 20%"> <!--?lit$336419335$--> <span class="label text-truncate" title="command line"><!--?lit$336419335$-->command line</span> </div> <div style="flex:0 1 80%" class="value text-truncate"> <!--?lit$336419335$--> <vt-ui-sandbox-icon-row class="me-2"><template shadowrootmode="op
<path d="M11.35 12.636H5.703V11.34h5.649V5.69h1.298v5.65h5.649v1.297H12.65v5.65h-1.298v-5.65Z"></path>
</svg>
<!--?--> <span id="slot"><slot></slot></span> <!--?lit$336419335$--> </span> </span> <div class="spinner"> <div class="bounce1"></div> <div class="bounce2"></div> <div class="bounce3"></div> </div> </template></vt-ui-button> <div id="label"> <slot name="label-content"> <!--?lit$336419335$-->c:\jikdfcd\ghf1l5ebnb0nvnompe.exe </slot> </div> </div> <div id="content" hidden=""> <slot name="content"></slot> </div> </template> <span slot="label-content"> <div class="hstack"> <vt-ui-sandbox-icon-row class="me-2"><template shadowrootmode="open"><!----> <!--?lit$336419335$--><div class="hstack icons-row"> <!--?lit$336419335$--><!----><div class="box rounded-circle d-inline-flex align-middle bg-body attributed border "> <!--?lit$336419335$--><div data-tooltip-position="right" data-tooltip-text="VirusTotal Cuckoofork"> <!--?lit$336419335$--><!--?lit$336419335$--><svg width="1em" height="1em" viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg">
<path d="M17.1562 20.7656L6.1875 10.9844L5.71875 10.5312L11.0781 9.76562L15.2812 3.625L15.8594 4.45312L16.7344 4.82812L18.8281 11.2188L17.2344 13.625L17.1562 20.7656Z" fill="#CFDDFC"></path>
<path fill-rule="evenodd" clip-rule="evenodd" d="M15.625 2.14062L16.3906 4.09375L16.9363 3.32736L19.5882 11.2036L17.6256 14.3033L21 18.1061L20.1509 19.1647L17.8594 16.5V22L3.85938 10.2301L10.3521 8.99113L10.7344 9.34375L15.625 2.14062ZM15.5 4.5L11.5859 10.1094L12.3594 10.9531L16 5.5L15.5 4.5ZM11.7344 11.8125L10.1094 10.2301L6.71875 10.9531L10.3521 13.6562L11.7344 11.8125ZM16.7031 6.41157L11.1484 14.4922L14.1929 17.2212L18.3225 10.8363L16.7031 6.41157ZM15.2902 18.1061L16.8594 19.5V15.5L15.2902 18.1061Z" fill="#0B4DDA"></path>
</svg>
<!--?--> </div> </div><!----> </div><!--?--></template></vt-ui-sandbox-icon-row> <!--?lit$336419335$--><!--?lit$336419335$-->c:\jikdfcd\ghf1l5ebnb0nvnompe.exe<!--?--> </div> </span> <span slot="content"> <!--?lit$336419335$--> <!--?lit$336419335$--><!---->C:\jikdfcd\jvkhijxqnrz.exe<!----> </span> </vt-ui-expandable-detail> <!----><!----> <vt-ui-expandable-detail><template shadowrootmode="open"><!----> <div id="labelWrapper"> <vt-ui-button icon="" class="icon" is-expandable-control=""><template shadowrootmode="open"><!----> <!--?lit$336419335$--> <span id="wrapperLink" class=" wrapperLink--no-empty-start-space " tabindex="0"> <!--?lit$336419335$--> <!--?lit$336419335$--> <span class="wrapper "> <!--?lit$336419335$--><!--?lit$336419335$--><svg xmlns="http://www.w3.org/2000/svg" width="1em" height="1em" viewBox="0 0 24 24" fill="currentColor">
<path d="M11.35 12.636H5.703V11.34h5.649V5.69h1.298v5.65h5.649v1.297H12.65v5.65h-1.298v-5.65Z"></path>
</svg>
<!--?--> <span id="slot"><slot></slot></span> <!--?lit$336419335$--> </span> </span> <div class="spinner"> <div class="bounce1"></div> <div class="bounce2"></div> <div class="bounce3"></div> </div> </template></vt-ui-button> <div id="label"> <slot name="label-content"> <!--?lit$336419335$-->c:\jikdfcd\ghf5hz6bnb0nvnompe.exe </slot> </div> </div> <div id="content" hidden=""> <slot name="content"></slot> </div> </template> <span slot="label-content"> <div class="hstack"> <vt-ui-sandbox-icon-row class="me-2"><template shadowrootmode="open"><!----> <!--?lit$336419335$--><div class="hstack icons-row"> <!--?lit$336419335$--><!----><div class="box rounded-circle d-inline-flex align-middle bg-body attributed border "> <!--?lit$336419335$--><div data-tooltip-position="right" data-tooltip-text="VirusTotal Jujubox"> <!--?lit$336419335$--><!--?lit$336419335$--><svg width="1em" height="1em" viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg">
<path fill-rule="evenodd" clip-rule="evenodd" d="M2.20001 7.7786V16.9904V17.0161L11.999 21.6219V12.2919L2.20001 7.6861V7.7786Z" fill="#EFD8CB"></path>
<path fill-rule="evenodd" clip-rule="evenodd" d="M2.38342 8.0387C2.38342 8.0387 9.02517 11.3267 10.4226 13.3924C11.8201 15.458 11.3187 21.3844 11.3187 21.3844L12.0351 21.6908L12.2567 12.4716L2.38342 8.0387Z" fill="#AB9B9B" fill-opacity="0.63"></path>
<path fill-rule="evenodd" clip-rule="evenodd" d="M5.21887 9.26135C5.21887 9.26135 4.89926 10.1313 5.0143 10.4881C5.12953 10.8448 5.48024 11.0283 5.48024 11.0283C5.48024 11.0283 5.29239 10.6439 5.69829 10.2843C5.91472 10.0927 6.01304 10.1425 6.01304 10.1425C6.01304 10.1425 5.89944 10.427 5.87697 10.6909C5.8412 11.1119 6.26561 11.4886 6.26561 11.4886C6.26561 11.4886 6.19352 10.8976 6.88596 10.6671C7.29329 10.5315 7.03336 10.9713 7.03336 10.9713C7.03336 10.9713 7.57461 10.6297 7.17807 11.1934C6.81747 11.706 7.65245 12.0263 7.65245 12.0263C7.65245 12.0263 7.45597 11.5911 7.91005 11.3959C8.75527 11.0327 9.34291 11.2618 9.34291 11.2618L5.21887 9.26135Z" fill="#444444"></path>
<path fill-rule="evenodd" clip-rule="evenodd" d="M5.83875 17.7814C5.83875 17.7814 6.2954 18.5724 5.30194 18.5733L6.66256 19.2172C6.66256 19.2172 6.12701 18.2939 6.52759 18.0519L5.83875 17.7814Z" fill="#444444"></path>
<path fill-rule="evenodd" clip-rule="evenodd" d="M4.22961 13C4.22961 13 3.90982 13.87 4.02504 14.2267C4.14027 14.5834 4.4908 14.7669 4.4908 14.7669C4.4908 14.7669 4.30313 14.3825 4.70903 14.0229C4.92546 13.8314 5.02379 13.8811 5.02379 13.8811C5.02379 13.8811 4.91018 14.1657 4.88771 14.4296C4.85194 14.8506 5.27635 15.2272 5.27635 15.2272C5.27635 15.2272 5.20426 14.6362 5.8967 14.4057C6.30403 14.2702 6.04392 14.71 6.04392 14.71C6.04392 14.71 6.58536 14.3684 6.18881 14.9321C5.82821 15.4446 6.66301 15.7649 6.66301 15.7649C6.66301 15.7649 6.46671 15.3297 6.92079 15.1346C7.76601 14.7714 8.35347 15.0005 8.35347 15.0005L4.22961 13Z" fill="#6D6D6D"></path>
<path fill-rule="evenodd" clip-rule="evenodd" d="M12.0351 12.4407L2.25061 7.81036L12.0351 3.18018L21.8196 7.81036L12.0351 12.4407Z" fill="#EDC7AE"></path>
<path fill-rule="evenodd" clip-rule="evenodd" d="M3.65948 7.14372C3.65948 7.14372 5.00265 7.05988 5.54282 7.54945C5.8308 7.81049 5.08498 9.0117 5.08498 9.0117C5.75602 9.44885 9.07312 10.9879 9.07312 10.9879C9.07312 10.9879 14.4087 8.39593 15.7255 9.35622C16.5173 9.93358 16.0756 10.5508 16.0756 10.5508L21.8197 7.81049L12.0681 3.2663L3.65948 7.14372Z" fill="#444444"></path>
<path fill-rule="evenodd" clip-rule="evenodd" d="M12.0352 21.6908L21.8196 17.319V8.00494L12.0352 12.3385V21.6908Z" fill="#BA9988"></path>
<path fill-rule="evenodd" clip-rule="evenodd" d="M21.7445 17.1639V7.90332L16.0756 10.5508C16.0756 10.5508 18.1254 13.1166 17.8775 14.6078C17.623 16.14 17.5225 16.9141 17.5225 16.9141L21.7445 17.1639Z" fill="#262626"></path>
<path fill-rule="evenodd" clip-rule="evenodd" d="M16.2933 13.8627L16.9243 13.2175C16.9243 13.2175 17.8586 13.1534 17.8759 14.2022C17.8932 15.2508 17.7409 16.7185 17.6658 16.8114C17.5907 16.9044 16.8341 17.1831 16.4736 17.061" fill="#EFD8CB"></path>
<path fill-rule="evenodd" clip-rule="evenodd" d="M12.0352 12.3385L21.8196 8.00488V17.3191C21.8196 17.3191 22.7975 12.7591 19.3003 11.8466C15.8027 10.934 12.0352 12.3385 12.0352 12.3385Z" fill="#6D6D6D"></path>
<path fill-rule="evenodd" clip-rule="evenodd" d="M12.0352 3.18018L21.8196 7.81054L13.6068 11.6969C13.6068 11.6969 19.6129 9.16741 17.877 7.39673C15.2207 4.68766 12.0352 3.18018 12.0352 3.18018Z" fill="#6D6D6D"></path>
<path fill-rule="evenodd" clip-rule="evenodd" d="M17.125 12.9297C17.125 12.9297 19.831 13.3546 20.1918 14.8479C20.5524 16.3412 20.6651 17.0611 20.6651 17.0611L17.7182 16.8213C17.7182 16.8213 17.9725 14.8992 17.8763 14.2021C17.7802 13.5049 17.125 12.9297 17.125 12.9297Z" fill="#6D6D6D"></path>
<path fill-rule="evenodd" clip-rule="evenodd" d="M10.8194 15.4863C10.8194 16.4271 10.3743 16.6558 9.43241 16.6558C8.49029 16.6558 7.52283 15.8055 7.52283 14.8648C7.52283 13.9239 8.24726 13.4879 9.18938 13.4879C10.1313 13.4879 10.8194 14.5454 10.8194 15.4863Z" fill="#F4F4F4"></path>
<path fill-rule="evenodd" clip-rule="evenodd" d="M6.53501 13.607C6.53501 14.5479 6.08993 14.7765 5.14799 14.7765C4.20587 14.7765 3.2384 13.9262 3.2384 12.9855C3.2384 12.0446 3.96283 11.6085 4.90495 11.6085C5.84689 11.6085 6.53501 12.6663 6.53501 13.607Z" fill="#F4F4F4"></path>
<path fill-rule="evenodd" clip-rule="evenodd" d="M5.72381 18.634L6.16627 18.8437C6.08612 18.613 6.03184 18.3414 6.11074 18.1323L5.9932 18.0858C6.00327 18.1994 5.98925 18.3231 5.92329 18.4375C5.87639 18.5183 5.80989 18.5841 5.72381 18.634ZM6.5345 19.3972C6.50844 19.3972 6.4822 19.3917 6.45758 19.38L5.09679 18.736C5.02041 18.6999 4.97944 18.6161 4.99795 18.5339C5.01646 18.4515 5.08942 18.3931 5.17353 18.3931C5.40536 18.3928 5.56063 18.3446 5.61113 18.2574C5.68014 18.1378 5.58399 17.9226 5.5547 17.8716C5.51642 17.805 5.52415 17.722 5.57411 17.6641C5.62425 17.6063 5.70548 17.587 5.77683 17.6138L6.46567 17.8842C6.52929 17.9095 6.57332 17.9685 6.57925 18.0368C6.585 18.1052 6.55157 18.1705 6.49299 18.2061C6.33304 18.3028 6.50844 18.812 6.69049 19.1272C6.73003 19.1954 6.72051 19.2812 6.66731 19.3392C6.63209 19.3773 6.58374 19.3972 6.5345 19.3972Z" fill="#35302C"></path>
<path fill-rule="evenodd" clip-rule="evenodd" d="M3.84828 12.7521C3.81234 12.7521 3.77819 12.7304 3.76435 12.695C3.7462 12.6485 3.76902 12.5963 3.81539 12.5781L4.74649 12.2137C4.79304 12.1954 4.84515 12.2184 4.8633 12.2649C4.88146 12.3112 4.85863 12.3634 4.81227 12.3816L3.88117 12.7458C3.87038 12.7501 3.85924 12.7521 3.84828 12.7521Z" fill="#35302C"></path>
<path fill-rule="evenodd" clip-rule="evenodd" d="M4.29011 13.1934C4.25417 13.1934 4.22003 13.1715 4.20619 13.1361C4.18804 13.09 4.21086 13.0375 4.25705 13.0196L4.7421 12.8295C4.78864 12.8113 4.84094 12.8341 4.85909 12.8805C4.87724 12.9268 4.85424 12.979 4.80805 12.9971L4.323 13.1871C4.31204 13.1912 4.30108 13.1934 4.29011 13.1934Z" fill="#35302C"></path>
<path fill-rule="evenodd" clip-rule="evenodd" d="M8.0226 14.6279C7.98665 14.6279 7.95251 14.606 7.93867 14.5706C7.92052 14.5245 7.94334 14.4721 7.98971 14.4541L8.92081 14.0897C8.96771 14.0719 9.01965 14.0944 9.03762 14.1409C9.05577 14.1868 9.03295 14.2392 8.98658 14.2572L8.05548 14.6216C8.0447 14.6258 8.03356 14.6279 8.0226 14.6279Z" fill="#35302C"></path>
<path fill-rule="evenodd" clip-rule="evenodd" d="M8.46435 15.0691C8.42822 15.0691 8.39426 15.0472 8.38042 15.0118C8.36227 14.9657 8.38527 14.9133 8.43146 14.8953L8.91651 14.7057C8.96341 14.6874 9.01499 14.7102 9.03332 14.7567C9.05147 14.8029 9.02865 14.8553 8.98228 14.8732L8.49741 15.0626C8.48645 15.0669 8.47531 15.0691 8.46435 15.0691Z" fill="#35302C"></path>
<path fill-rule="evenodd" clip-rule="evenodd" d="M2.67167 7.81052L12.035 12.2414L21.3986 7.81052L12.035 3.37943L2.67167 7.81052ZM2.43082 8.09491L11.8549 12.5546L11.8548 12.5595V15.7572L11.8408 15.7638L10.9997 15.4726C10.9933 14.4456 10.2516 13.3077 9.18938 13.3077C8.50487 13.3077 7.97614 13.523 7.66314 13.9034L6.71212 13.4879C6.65789 12.4902 5.93099 11.4285 4.90502 11.4285C4.20441 11.4285 3.66707 11.6541 3.35718 12.0513L2.49999 11.5C2.47791 11.4876 2.4544 11.4803 2.43082 11.4778V8.09491ZM6.7017 13.8762L7.47231 14.213C7.38725 14.4048 7.34253 14.6232 7.34253 14.8647C7.34253 15.878 8.35817 16.8357 9.43241 16.8357C10.2626 16.8357 10.8481 16.6568 10.9743 15.845L11.7925 16.1281C11.8115 16.1347 11.8315 16.138 11.8514 16.138L11.8548 16.1379V21.5352L2.43082 17.0758V11.8833L3.17577 12.3625C3.09874 12.5473 3.05835 12.756 3.05835 12.9855C3.05835 13.9988 4.07381 14.9565 5.14805 14.9565C6.00792 14.9565 6.60539 14.7647 6.7017 13.8762ZM6.35477 13.6127C6.35464 13.6088 6.35464 13.605 6.35477 13.6011C6.35199 12.7442 5.73293 11.
</svg>
<!--?--> </div> </div><!----> </div><!--?--></template></vt-ui-sandbox-icon-row> <!--?lit$336419335$--><!--?lit$336419335$-->c:\jikdfcd\ghf5hz6bnb0nvnompe.exe<!--?--> </div> </span> <span slot="content"> <!--?lit$336419335$--> <!--?lit$336419335$--><!---->C:\jikdfcd\jvkhijxqnrz.exe<!----> </span> </vt-ui-expandable-detail> <!----> <vt-ui-expand-button initial-count="10" hidden=""><template shadowrootmode="open"><!----> <!--?lit$336419335$--> <svg xmlns="http://www.w3.org/2000/svg" fill="currentColor"> <g> <path stroke-miterlimit="10" d="M18.9,3.5"></path> <path d="M12,14.9L12,14.9c-0.1,0-0.3-0.1-0.4-0.1L7.9,11c-0.2-0.2-0.2-0.5,0-0.7s0.5-0.2,0.7,0l3.4,3.4l3.4-3.4 c0.2-0.2,0.5-0.2,0.7,0s0.2,0.5,0,0.7l-3.7,3.7C12.3,14.8,12.1,14.9,12,14.9z"></path> </g> </svg> </template> </vt-ui-expand-button> </template></vt-ui-expandable-detail-list> </vt-ui-expandable-entry> <!--?lit$336419335$--> <!--?lit$336419335$--> <vt-ui-expandable-entry description="When executing the file being studied, it dropped the following f
<path d="M11.35 12.636H5.703V11.34h5.649V5.69h1.298v5.65h5.649v1.297H12.65v5.65h-1.298v-5.65Z"></path>
</svg>
<!--?--> <span id="slot"><slot></slot></span> <!--?lit$336419335$--> </span> </span> <div class="spinner"> <div class="bounce1"></div> <div class="bounce2"></div> <div class="bounce3"></div> </div> </template></vt-ui-button> <div id="label"> <slot name="label-content"> <!--?lit$336419335$-->edb.chk </slot> </div> </div> <div id="content" hidden=""> <slot name="content"></slot> </div> </template> <!--?lit$336419335$--> <span slot="content"> <vt-ui-key-val-table><template shadowrootmode="open"><!----> <div class="properties"> <div class="property-list" style="width:100%"> <!--?lit$336419335$--><!----> <div class="hstack gap-2" style="width:100%"> <!--?lit$336419335$--><div class="text-truncate" style="flex:0 1 20%"> <!--?lit$336419335$--> <span class="label text-truncate" title="sha256"><!--?lit$336419335$-->sha256</span> </div> <div style="flex:0 1 80%" class="value text-truncate"> <!--?lit$336419335$--> <vt-ui-sandbox-icon-row class="me-2"><template shadowrootmode="open"><!----> <!--?lit$336419335$--><div
<path d="M11.35 12.636H5.703V11.34h5.649V5.69h1.298v5.65h5.649v1.297H12.65v5.65h-1.298v-5.65Z"></path>
</svg>
<!--?--> <span id="slot"><slot></slot></span> <!--?lit$336419335$--> </span> </span> <div class="spinner"> <div class="bounce1"></div> <div class="bounce2"></div> <div class="bounce3"></div> </div> </template></vt-ui-button> <div id="label"> <slot name="label-content"> <!--?lit$336419335$-->icdpsugdtfd </slot> </div> </div> <div id="content" hidden=""> <slot name="content"></slot> </div> </template> <!--?lit$336419335$--> <span slot="content"> <vt-ui-key-val-table><template shadowrootmode="open"><!----> <div class="properties"> <div class="property-list" style="width:100%"> <!--?lit$336419335$--><!----> <div class="hstack gap-2" style="width:100%"> <!--?lit$336419335$--><div class="text-truncate" style="flex:0 1 20%"> <!--?lit$336419335$--> <span class="label text-truncate" title="sha256"><!--?lit$336419335$-->sha256</span> </div> <div style="flex:0 1 80%" class="value text-truncate"> <!--?lit$336419335$--> <vt-ui-sandbox-icon-row class="me-2"><template shadowrootmode="open"><!----> <!--?lit$336419335$--><
<path d="M11.35 12.636H5.703V11.34h5.649V5.69h1.298v5.65h5.649v1.297H12.65v5.65h-1.298v-5.65Z"></path>
</svg>
<!--?--> <span id="slot"><slot></slot></span> <!--?lit$336419335$--> </span> </span> <div class="spinner"> <div class="bounce1"></div> <div class="bounce2"></div> <div class="bounce3"></div> </div> </template></vt-ui-button> <div id="label"> <slot name="label-content"> <!--?lit$336419335$-->wpmrjco </slot> </div> </div> <div id="content" hidden=""> <slot name="content"></slot> </div> </template> <!--?lit$336419335$--> <span slot="content"> <vt-ui-key-val-table><template shadowrootmode="open"><!----> <div class="properties"> <div class="property-list" style="width:100%"> <!--?lit$336419335$--><!----> <div class="hstack gap-2" style="width:100%"> <!--?lit$336419335$--><div class="text-truncate" style="flex:0 1 20%"> <!--?lit$336419335$--> <span class="label text-truncate" title="sha256"><!--?lit$336419335$-->sha256</span> </div> <div style="flex:0 1 80%" class="value text-truncate"> <!--?lit$336419335$--> <vt-ui-sandbox-icon-row class="me-2"><template shadowrootmode="open"><!----> <!--?lit$336419335$--><div
<path d="M11.35 12.636H5.703V11.34h5.649V5.69h1.298v5.65h5.649v1.297H12.65v5.65h-1.298v-5.65Z"></path>
</svg>
<!--?--> <span id="slot"><slot></slot></span> <!--?lit$336419335$--> </span> </span> <div class="spinner"> <div class="bounce1"></div> <div class="bounce2"></div> <div class="bounce3"></div> </div> </template></vt-ui-button> <div id="label"> <slot name="label-content"> <!--?lit$336419335$-->C:\jikdfcd\wpmrjco </slot> </div> </div> <div id="content" hidden=""> <slot name="content"></slot> </div> </template> <!--?lit$336419335$--> <span slot="content"> <vt-ui-key-val-table><template shadowrootmode="open"><!----> <div class="properties"> <div class="property-list" style="width:100%"> <!--?lit$336419335$--><!----> <div class="hstack gap-2" style="width:100%"> <!--?lit$336419335$--><div class="text-truncate" style="flex:0 1 20%"> <!--?lit$336419335$--> <span class="label text-truncate" title="sha256"><!--?lit$336419335$-->sha256</span> </div> <div style="flex:0 1 80%" class="value text-truncate"> <!--?lit$336419335$--> <vt-ui-sandbox-icon-row class="me-2"><template shadowrootmode="open"><!----> <!--?lit$3364193
<path d="M11.35 12.636H5.703V11.34h5.649V5.69h1.298v5.65h5.649v1.297H12.65v5.65h-1.298v-5.65Z"></path>
</svg>
<!--?--> <span id="slot"><slot></slot></span> <!--?lit$336419335$--> </span> </span> <div class="spinner"> <div class="bounce1"></div> <div class="bounce2"></div> <div class="bounce3"></div> </div> </template></vt-ui-button> <div id="label"> <slot name="label-content"> <!--?lit$336419335$-->C:\jikdfcd\ghf3jv8kbnb0nvnompe.exe </slot> </div> </div> <div id="content" hidden=""> <slot name="content"></slot> </div> </template> <!--?lit$336419335$--> <span slot="content"> <vt-ui-key-val-table><template shadowrootmode="open"><!----> <div class="properties"> <div class="property-list" style="width:100%"> <!--?lit$336419335$--><!----> <div class="hstack gap-2" style="width:100%"> <!--?lit$336419335$--><div class="text-truncate" style="flex:0 1 20%"> <!--?lit$336419335$--> <span class="label text-truncate" title="sha256"><!--?lit$336419335$-->sha256</span> </div> <div style="flex:0 1 80%" class="value text-truncate"> <!--?lit$336419335$--> <vt-ui-sandbox-icon-row class="me-2"><template shadowrootmode="open"><!---->
<path d="M11.35 12.636H5.703V11.34h5.649V5.69h1.298v5.65h5.649v1.297H12.65v5.65h-1.298v-5.65Z"></path>
</svg>
<!--?--> <span id="slot"><slot></slot></span> <!--?lit$336419335$--> </span> </span> <div class="spinner"> <div class="bounce1"></div> <div class="bounce2"></div> <div class="bounce3"></div> </div> </template></vt-ui-button> <div id="label"> <slot name="label-content"> <!--?lit$336419335$-->C:\jikdfcd\jvkhijxqnrz.exe </slot> </div> </div> <div id="content" hidden=""> <slot name="content"></slot> </div> </template> <!--?lit$336419335$--> <span slot="content"> <vt-ui-key-val-table><template shadowrootmode="open"><!----> <div class="properties"> <div class="property-list" style="width:100%"> <!--?lit$336419335$--><!----> <div class="hstack gap-2" style="width:100%"> <!--?lit$336419335$--><div class="text-truncate" style="flex:0 1 20%"> <!--?lit$336419335$--> <span class="label text-truncate" title="sha256"><!--?lit$336419335$-->sha256</span> </div> <div style="flex:0 1 80%" class="value text-truncate"> <!--?lit$336419335$--> <vt-ui-sandbox-icon-row class="me-2"><template shadowrootmode="open"><!----> <!--?lit
<path d="M11.35 12.636H5.703V11.34h5.649V5.69h1.298v5.65h5.649v1.297H12.65v5.65h-1.298v-5.65Z"></path>
</svg>
<!--?--> <span id="slot"><slot></slot></span> <!--?lit$336419335$--> </span> </span> <div class="spinner"> <div class="bounce1"></div> <div class="bounce2"></div> <div class="bounce3"></div> </div> </template></vt-ui-button> <div id="label"> <slot name="label-content"> <!--?lit$336419335$-->C:\jikdfcd\wibmcmzur.exe </slot> </div> </div> <div id="content" hidden=""> <slot name="content"></slot> </div> </template> <!--?lit$336419335$--> <span slot="content"> <vt-ui-key-val-table><template shadowrootmode="open"><!----> <div class="properties"> <div class="property-list" style="width:100%"> <!--?lit$336419335$--><!----> <div class="hstack gap-2" style="width:100%"> <!--?lit$336419335$--><div class="text-truncate" style="flex:0 1 20%"> <!--?lit$336419335$--> <span class="label text-truncate" title="sha256"><!--?lit$336419335$-->sha256</span> </div> <div style="flex:0 1 80%" class="value text-truncate"> <!--?lit$336419335$--> <vt-ui-sandbox-icon-row class="me-2"><template shadowrootmode="open"><!----> <!--?lit$3
<path d="M11.31 16.649h1.4V11.02h-1.4v5.629Zm.687-7.28a.75.75 0 0 0 .55-.217.738.738 0 0 0 .22-.547.751.751 0 0 0-.217-.55.738.738 0 0 0-.547-.22.75.75 0 0 0-.55.217.738.738 0 0 0-.22.547.75.75 0 0 0 .764.77Zm.005 11.93a9.05 9.05 0 0 1-3.626-.734 9.395 9.395 0 0 1-2.954-1.99 9.407 9.407 0 0 1-1.988-2.951 9.034 9.034 0 0 1-.732-3.622 9.05 9.05 0 0 1 .733-3.626 9.394 9.394 0 0 1 1.99-2.954 9.406 9.406 0 0 1 2.951-1.988 9.034 9.034 0 0 1 3.622-.732 9.05 9.05 0 0 1 3.626.733 9.394 9.394 0 0 1 2.954 1.99 9.406 9.406 0 0 1 1.988 2.951 9.034 9.034 0 0 1 .732 3.622 9.05 9.05 0 0 1-.733 3.626 9.394 9.394 0 0 1-1.99 2.954 9.405 9.405 0 0 1-2.951 1.988 9.033 9.033 0 0 1-3.622.732Zm-.002-1.4c2.198 0 4.064-.767 5.598-2.3 1.534-1.534 2.301-3.4 2.301-5.599 0-2.198-.767-4.064-2.3-5.598C16.064 4.868 14.198 4.1 12 4.1c-2.198 0-4.064.767-5.598 2.3C4.868 7.936 4.1 9.802 4.1 12c0 2.198.767 4.064 2.3 5.598C7.936 19.132 9.802 19.9 12 19.9Z"></path>
</svg>
<!--?--> </a> <vt-ui-tooltip for="info" position="right" animation-delay="0" class="tooltip-info" noink=""><template shadowrootmode="open"><!----> <div class="tooltip bs-tooltip-auto" role="tooltip" data-popper-reference-hidden="" data-popper-escaped="" data-popper-placement="right" style="position: absolute; inset: 0px auto auto 0px; margin: 0px; transform: translate3d(5.84795px, 0px, 0px);"> <div data-popper-arrow="" class="tooltip-arrow" style="position: absolute; top: 0px; transform: translate3d(0px, 0px, 0px);"></div> <div class="tooltip-inner"> <slot></slot> </div> </div> </template><!--?lit$336419335$-->When executing the file being studied, it performed the following actions on the registry of the sandbox environment. </vt-ui-tooltip> <!--?lit$336419335$--> <!--?lit$336419335$--> <span class="ms-auto"><!--?lit$336419335$--></span> <!--?lit$336419335$--> <slot name="header-right-side"></slot> <!--?lit$336419335$--> </slot> <!--?lit$336419335$--> <a role="button" class="hstack"><!--?lit$336419335$--><
<path d="m7.4 15.038-1.054-1.053L12 8.33l5.654 5.654-1.054 1.053-4.6-4.6-4.6 4.6Z"></path>
</svg>
<!--?--></a> </div> <div class="details "> <!--?lit$336419335$--> <!--?lit$336419335$--> <slot name="content"></slot> </div> </div> </template> <div slot="content" class="vstack gap-2"> <!--?lit$336419335$--> <vt-ui-expandable-entry description="When executing the file being studied, it opened the following registry keys." id="reg-keys-opened" expanded=""><template shadowrootmode="open"><!----> <section> <!--?lit$336419335$--> <!--?lit$336419335$--><h4 id="section-title"> <!--?lit$336419335$-->Registry keys opened <!--?lit$336419335$--> </h4> <!--?lit$336419335$--> <!--?lit$336419335$--><vt-ui-tooltip for="section-title" position="right"><template shadowrootmode="open"><!----> <div class="tooltip bs-tooltip-auto" role="tooltip" data-popper-reference-hidden="" data-popper-escaped="" data-popper-placement="right" style="position: absolute; inset: 0px auto auto 0px; margin: 0px; transform: translate3d(5.84795px, 0px, 0px);"> <div data-popper-arrow="" class="tooltip-arrow" style="position: absolute; top: 0px
<path d="M6.18844 18.4529C6.18844 18.4529 4.13057 16.586 3.59932 12.5028C3.06807 8.41949 4.75523 5.8289 6.88217 3.82163C9.00912 1.81437 12.1772 1.27818 14.3732 3.16859C16.5692 5.05899 18.3264 8.44208 15.9913 10.7528C15.9913 10.7528 12.7084 7.08884 7.99138 10.6359C4.75426 13.366 6.18844 18.4529 6.18844 18.4529Z" fill="#FF001D"></path>
<path d="M13.009 22C13.009 22 8.61594 21.2998 7.38317 17.0997C6.1504 12.8995 8.06134 10.9237 10.6203 10.2078C10.6203 10.2078 9.69595 12.4173 11.6526 12.9771C13.6093 13.5369 15.7985 13.1018 17.3553 10.69C17.3553 10.6585 18.049 9.7099 17.7562 6.73828C17.7562 6.73828 18.7116 8.60511 20.5 9.44475C20.5 9.44475 19.3752 10.6271 20.4533 12.93C20.4533 12.93 18.6503 13.4593 18.7574 15.8859C18.7574 15.8859 16.6304 15.8083 16.1527 18.4843C16.1527 18.4843 12.4699 18.6709 13.009 22Z" fill="#222222"></path>
</svg>
<!--?--> </div> </div><!----> </div><!--?--></template></vt-ui-sandbox-icon-row> <div class="icon " id="item-0" hidden=""> <!--?lit$336419335$--> </div> <!--?lit$336419335$--> <span><!--?lit$336419335$-->HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\svchost.exe</span> <span hidden=""> <a href="https://www.virustotal.com/gui/" class="overflow-wrap-anywhere "><!--?lit$336419335$-->HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\svchost.exe</a> </span> </li> <!----><!----> <li class="hstack"> <!--?lit$336419335$--> <vt-ui-sandbox-icon-row class="me-2"><template shadowrootmode="open"><!----> <!--?lit$336419335$--><div class="hstack icons-row"> <!--?lit$336419335$--><!----><div class="box rounded-circle d-inline-flex align-middle bg-body attributed border "> <!--?lit$336419335$--><div data-tooltip-position="right" data-tooltip-text="CAPE Sandbox"> <!--?lit$336419335$--><!--?lit$336419335$--><svg width="1em" height="1em" viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg">
<path d="M6.18844 18.4529C6.18844 18.4529 4.13057 16.586 3.59932 12.5028C3.06807 8.41949 4.75523 5.8289 6.88217 3.82163C9.00912 1.81437 12.1772 1.27818 14.3732 3.16859C16.5692 5.05899 18.3264 8.44208 15.9913 10.7528C15.9913 10.7528 12.7084 7.08884 7.99138 10.6359C4.75426 13.366 6.18844 18.4529 6.18844 18.4529Z" fill="#FF001D"></path>
<path d="M13.009 22C13.009 22 8.61594 21.2998 7.38317 17.0997C6.1504 12.8995 8.06134 10.9237 10.6203 10.2078C10.6203 10.2078 9.69595 12.4173 11.6526 12.9771C13.6093 13.5369 15.7985 13.1018 17.3553 10.69C17.3553 10.6585 18.049 9.7099 17.7562 6.73828C17.7562 6.73828 18.7116 8.60511 20.5 9.44475C20.5 9.44475 19.3752 10.6271 20.4533 12.93C20.4533 12.93 18.6503 13.4593 18.7574 15.8859C18.7574 15.8859 16.6304 15.8083 16.1527 18.4843C16.1527 18.4843 12.4699 18.6709 13.009 22Z" fill="#222222"></path>
</svg>
<!--?--> </div> </div><!----> </div><!--?--></template></vt-ui-sandbox-icon-row> <div class="icon " id="item-1" hidden=""> <!--?lit$336419335$--> </div> <!--?lit$336419335$--> <span><!--?lit$336419335$-->HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C03E1B1-EB13-4DF1-8943-2FE8E7D5F309}</span> <span hidden=""> <a href="https://www.virustotal.com/gui/" class="overflow-wrap-anywhere "><!--?lit$336419335$-->HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C03E1B1-EB13-4DF1-8943-2FE8E7D5F309}</a> </span> </li> <!----><!----> <li class="hstack"> <!--?lit$336419335$--> <vt-ui-sandbox-icon-row class="me-2"><template shadowrootmode="open"><!----> <!--?lit$336419335$--><div class="hstack icons-row"> <!--?lit$336419335$--><!----><div class="box rounded-circle d-inline-flex align-middle bg-body attributed border "> <!--?lit$336419335$--><div data-tooltip-position="right" data-tooltip-text="CAPE Sandbox"> <!--?lit$336419335$--><!--?lit$336419335$--><svg width="1em" height="1em" viewBox="0 0 24 24" fill="none" xmlns="http://ww
<path d="M6.18844 18.4529C6.18844 18.4529 4.13057 16.586 3.59932 12.5028C3.06807 8.41949 4.75523 5.8289 6.88217 3.82163C9.00912 1.81437 12.1772 1.27818 14.3732 3.16859C16.5692 5.05899 18.3264 8.44208 15.9913 10.7528C15.9913 10.7528 12.7084 7.08884 7.99138 10.6359C4.75426 13.366 6.18844 18.4529 6.18844 18.4529Z" fill="#FF001D"></path>
<path d="M13.009 22C13.009 22 8.61594 21.2998 7.38317 17.0997C6.1504 12.8995 8.06134 10.9237 10.6203 10.2078C10.6203 10.2078 9.69595 12.4173 11.6526 12.9771C13.6093 13.5369 15.7985 13.1018 17.3553 10.69C17.3553 10.6585 18.049 9.7099 17.7562 6.73828C17.7562 6.73828 18.7116 8.60511 20.5 9.44475C20.5 9.44475 19.3752 10.6271 20.4533 12.93C20.4533 12.93 18.6503 13.4593 18.7574 15.8859C18.7574 15.8859 16.6304 15.8083 16.1527 18.4843C16.1527 18.4843 12.4699 18.6709 13.009 22Z" fill="#222222"></path>
</svg>
<!--?--> </div> </div><!----> </div><!--?--></template></vt-ui-sandbox-icon-row> <div class="icon " id="item-2" hidden=""> <!--?lit$336419335$--> </div> <!--?lit$336419335$--> <span><!--?lit$336419335$-->HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C03E1B1-EB13-4DF1-8943-2FE8E7D5F309}\(Default)</span> <span hidden=""> <a href="https://www.virustotal.com/gui/" class="overflow-wrap-anywhere "><!--?lit$336419335$-->HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C03E1B1-EB13-4DF1-8943-2FE8E7D5F309}\(Default)</a> </span> </li> <!----><!----> <li class="hstack"> <!--?lit$336419335$--> <vt-ui-sandbox-icon-row class="me-2"><template shadowrootmode="open"><!----> <!--?lit$336419335$--><div class="hstack icons-row"> <!--?lit$336419335$--><!----><div class="box rounded-circle d-inline-flex align-middle bg-body attributed border "> <!--?lit$336419335$--><div data-tooltip-position="right" data-tooltip-text="CAPE Sandbox"> <!--?lit$336419335$--><!--?lit$336419335$--><svg width="1em" height="1em" viewBox="0 0 24 24" fill="no
<path d="M6.18844 18.4529C6.18844 18.4529 4.13057 16.586 3.59932 12.5028C3.06807 8.41949 4.75523 5.8289 6.88217 3.82163C9.00912 1.81437 12.1772 1.27818 14.3732 3.16859C16.5692 5.05899 18.3264 8.44208 15.9913 10.7528C15.9913 10.7528 12.7084 7.08884 7.99138 10.6359C4.75426 13.366 6.18844 18.4529 6.18844 18.4529Z" fill="#FF001D"></path>
<path d="M13.009 22C13.009 22 8.61594 21.2998 7.38317 17.0997C6.1504 12.8995 8.06134 10.9237 10.6203 10.2078C10.6203 10.2078 9.69595 12.4173 11.6526 12.9771C13.6093 13.5369 15.7985 13.1018 17.3553 10.69C17.3553 10.6585 18.049 9.7099 17.7562 6.73828C17.7562 6.73828 18.7116 8.60511 20.5 9.44475C20.5 9.44475 19.3752 10.6271 20.4533 12.93C20.4533 12.93 18.6503 13.4593 18.7574 15.8859C18.7574 15.8859 16.6304 15.8083 16.1527 18.4843C16.1527 18.4843 12.4699 18.6709 13.009 22Z" fill="#222222"></path>
</svg>
<!--?--> </div> </div><!----> </div><!--?--></template></vt-ui-sandbox-icon-row> <div class="icon " id="item-3" hidden=""> <!--?lit$336419335$--> </div> <!--?lit$336419335$--> <span><!--?lit$336419335$-->HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C03E1B1-EB13-4DF1-8943-2FE8E7D5F309}\ActivateOnHostFlags</span> <span hidden=""> <a href="https://www.virustotal.com/gui/" class="overflow-wrap-anywhere "><!--?lit$336419335$-->HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C03E1B1-EB13-4DF1-8943-2FE8E7D5F309}\ActivateOnHostFlags</a> </span> </li> <!----><!----> <li class="hstack"> <!--?lit$336419335$--> <vt-ui-sandbox-icon-row class="me-2"><template shadowrootmode="open"><!----> <!--?lit$336419335$--><div class="hstack icons-row"> <!--?lit$336419335$--><!----><div class="box rounded-circle d-inline-flex align-middle bg-body attributed border "> <!--?lit$336419335$--><div data-tooltip-position="right" data-tooltip-text="CAPE Sandbox"> <!--?lit$336419335$--><!--?lit$336419335$--><svg width="1em" height="1em" viewBox=
<path d="M6.18844 18.4529C6.18844 18.4529 4.13057 16.586 3.59932 12.5028C3.06807 8.41949 4.75523 5.8289 6.88217 3.82163C9.00912 1.81437 12.1772 1.27818 14.3732 3.16859C16.5692 5.05899 18.3264 8.44208 15.9913 10.7528C15.9913 10.7528 12.7084 7.08884 7.99138 10.6359C4.75426 13.366 6.18844 18.4529 6.18844 18.4529Z" fill="#FF001D"></path>
<path d="M13.009 22C13.009 22 8.61594 21.2998 7.38317 17.0997C6.1504 12.8995 8.06134 10.9237 10.6203 10.2078C10.6203 10.2078 9.69595 12.4173 11.6526 12.9771C13.6093 13.5369 15.7985 13.1018 17.3553 10.69C17.3553 10.6585 18.049 9.7099 17.7562 6.73828C17.7562 6.73828 18.7116 8.60511 20.5 9.44475C20.5 9.44475 19.3752 10.6271 20.4533 12.93C20.4533 12.93 18.6503 13.4593 18.7574 15.8859C18.7574 15.8859 16.6304 15.8083 16.1527 18.4843C16.1527 18.4843 12.4699 18.6709 13.009 22Z" fill="#222222"></path>
</svg>
<!--?--> </div> </div><!----> </div><!--?--></template></vt-ui-sandbox-icon-row> <div class="icon " id="item-4" hidden=""> <!--?lit$336419335$--> </div> <!--?lit$336419335$--> <span><!--?lit$336419335$-->HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C03E1B1-EB13-4DF1-8943-2FE8E7D5F309}\InprocHandler</span> <span hidden=""> <a href="https://www.virustotal.com/gui/" class="overflow-wrap-anywhere "><!--?lit$336419335$-->HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C03E1B1-EB13-4DF1-8943-2FE8E7D5F309}\InprocHandler</a> </span> </li> <!----><!----> <li class="hstack"> <!--?lit$336419335$--> <vt-ui-sandbox-icon-row class="me-2"><template shadowrootmode="open"><!----> <!--?lit$336419335$--><div class="hstack icons-row"> <!--?lit$336419335$--><!----><div class="box rounded-circle d-inline-flex align-middle bg-body attributed border "> <!--?lit$336419335$--><div data-tooltip-position="right" data-tooltip-text="CAPE Sandbox"> <!--?lit$336419335$--><!--?lit$336419335$--><svg width="1em" height="1em" viewBox="0 0 24 24"
<path d="M6.18844 18.4529C6.18844 18.4529 4.13057 16.586 3.59932 12.5028C3.06807 8.41949 4.75523 5.8289 6.88217 3.82163C9.00912 1.81437 12.1772 1.27818 14.3732 3.16859C16.5692 5.05899 18.3264 8.44208 15.9913 10.7528C15.9913 10.7528 12.7084 7.08884 7.99138 10.6359C4.75426 13.366 6.18844 18.4529 6.18844 18.4529Z" fill="#FF001D"></path>
<path d="M13.009 22C13.009 22 8.61594 21.2998 7.38317 17.0997C6.1504 12.8995 8.06134 10.9237 10.6203 10.2078C10.6203 10.2078 9.69595 12.4173 11.6526 12.9771C13.6093 13.5369 15.7985 13.1018 17.3553 10.69C17.3553 10.6585 18.049 9.7099 17.7562 6.73828C17.7562 6.73828 18.7116 8.60511 20.5 9.44475C20.5 9.44475 19.3752 10.6271 20.4533 12.93C20.4533 12.93 18.6503 13.4593 18.7574 15.8859C18.7574 15.8859 16.6304 15.8083 16.1527 18.4843C16.1527 18.4843 12.4699 18.6709 13.009 22Z" fill="#222222"></path>
</svg>
<!--?--> </div> </div><!----> </div><!--?--></template></vt-ui-sandbox-icon-row> <div class="icon " id="item-5" hidden=""> <!--?lit$336419335$--> </div> <!--?lit$336419335$--> <span><!--?lit$336419335$-->HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C03E1B1-EB13-4DF1-8943-2FE8E7D5F309}\InprocHandler32</span> <span hidden=""> <a href="https://www.virustotal.com/gui/" class="overflow-wrap-anywhere "><!--?lit$336419335$-->HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C03E1B1-EB13-4DF1-8943-2FE8E7D5F309}\InprocHandler32</a> </span> </li> <!----><!----> <li class="hstack"> <!--?lit$336419335$--> <vt-ui-sandbox-icon-row class="me-2"><template shadowrootmode="open"><!----> <!--?lit$336419335$--><div class="hstack icons-row"> <!--?lit$336419335$--><!----><div class="box rounded-circle d-inline-flex align-middle bg-body attributed border "> <!--?lit$336419335$--><div data-tooltip-position="right" data-tooltip-text="CAPE Sandbox"> <!--?lit$336419335$--><!--?lit$336419335$--><svg width="1em" height="1em" viewBox="0 0 24
<path d="M6.18844 18.4529C6.18844 18.4529 4.13057 16.586 3.59932 12.5028C3.06807 8.41949 4.75523 5.8289 6.88217 3.82163C9.00912 1.81437 12.1772 1.27818 14.3732 3.16859C16.5692 5.05899 18.3264 8.44208 15.9913 10.7528C15.9913 10.7528 12.7084 7.08884 7.99138 10.6359C4.75426 13.366 6.18844 18.4529 6.18844 18.4529Z" fill="#FF001D"></path>
<path d="M13.009 22C13.009 22 8.61594 21.2998 7.38317 17.0997C6.1504 12.8995 8.06134 10.9237 10.6203 10.2078C10.6203 10.2078 9.69595 12.4173 11.6526 12.9771C13.6093 13.5369 15.7985 13.1018 17.3553 10.69C17.3553 10.6585 18.049 9.7099 17.7562 6.73828C17.7562 6.73828 18.7116 8.60511 20.5 9.44475C20.5 9.44475 19.3752 10.6271 20.4533 12.93C20.4533 12.93 18.6503 13.4593 18.7574 15.8859C18.7574 15.8859 16.6304 15.8083 16.1527 18.4843C16.1527 18.4843 12.4699 18.6709 13.009 22Z" fill="#222222"></path>
</svg>
<!--?--> </div> </div><!----> </div><!--?--></template></vt-ui-sandbox-icon-row> <div class="icon " id="item-6" hidden=""> <!--?lit$336419335$--> </div> <!--?lit$336419335$--> <span><!--?lit$336419335$-->HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C03E1B1-EB13-4DF1-8943-2FE8E7D5F309}\TreatAs</span> <span hidden=""> <a href="https://www.virustotal.com/gui/" class="overflow-wrap-anywhere "><!--?lit$336419335$-->HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C03E1B1-EB13-4DF1-8943-2FE8E7D5F309}\TreatAs</a> </span> </li> <!----><!----> <li class="hstack"> <!--?lit$336419335$--> <vt-ui-sandbox-icon-row class="me-2"><template shadowrootmode="open"><!----> <!--?lit$336419335$--><div class="hstack icons-row"> <!--?lit$336419335$--><!----><div class="box rounded-circle d-inline-flex align-middle bg-body attributed border "> <!--?lit$336419335$--><div data-tooltip-position="right" data-tooltip-text="CAPE Sandbox"> <!--?lit$336419335$--><!--?lit$336419335$--><svg width="1em" height="1em" viewBox="0 0 24 24" fill="none"
<path d="M6.18844 18.4529C6.18844 18.4529 4.13057 16.586 3.59932 12.5028C3.06807 8.41949 4.75523 5.8289 6.88217 3.82163C9.00912 1.81437 12.1772 1.27818 14.3732 3.16859C16.5692 5.05899 18.3264 8.44208 15.9913 10.7528C15.9913 10.7528 12.7084 7.08884 7.99138 10.6359C4.75426 13.366 6.18844 18.4529 6.18844 18.4529Z" fill="#FF001D"></path>
<path d="M13.009 22C13.009 22 8.61594 21.2998 7.38317 17.0997C6.1504 12.8995 8.06134 10.9237 10.6203 10.2078C10.6203 10.2078 9.69595 12.4173 11.6526 12.9771C13.6093 13.5369 15.7985 13.1018 17.3553 10.69C17.3553 10.6585 18.049 9.7099 17.7562 6.73828C17.7562 6.73828 18.7116 8.60511 20.5 9.44475C20.5 9.44475 19.3752 10.6271 20.4533 12.93C20.4533 12.93 18.6503 13.4593 18.7574 15.8859C18.7574 15.8859 16.6304 15.8083 16.1527 18.4843C16.1527 18.4843 12.4699 18.6709 13.009 22Z" fill="#222222"></path>
</svg>
<!--?--> </div> </div><!----> </div><!--?--></template></vt-ui-sandbox-icon-row> <div class="icon " id="item-7" hidden=""> <!--?lit$336419335$--> </div> <!--?lit$336419335$--> <span><!--?lit$336419335$-->HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{00000134-0000-0000-C000-000000000046}</span> <span hidden=""> <a href="https://www.virustotal.com/gui/" class="overflow-wrap-anywhere "><!--?lit$336419335$-->HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{00000134-0000-0000-C000-000000000046}</a> </span> </li> <!----><!----> <li class="hstack"> <!--?lit$336419335$--> <vt-ui-sandbox-icon-row class="me-2"><template shadowrootmode="open"><!----> <!--?lit$336419335$--><div class="hstack icons-row"> <!--?lit$336419335$--><!----><div class="box rounded-circle d-inline-flex align-middle bg-body attributed border "> <!--?lit$336419335$--><div data-tooltip-position="right" data-tooltip-text="CAPE Sandbox"> <!--?lit$336419335$--><!--?lit$336419335$--><svg width="1em" height="1em" viewBox="0 0 24 24" fill="none" xmlns="h
<path d="M6.18844 18.4529C6.18844 18.4529 4.13057 16.586 3.59932 12.5028C3.06807 8.41949 4.75523 5.8289 6.88217 3.82163C9.00912 1.81437 12.1772 1.27818 14.3732 3.16859C16.5692 5.05899 18.3264 8.44208 15.9913 10.7528C15.9913 10.7528 12.7084 7.08884 7.99138 10.6359C4.75426 13.366 6.18844 18.4529 6.18844 18.4529Z" fill="#FF001D"></path>
<path d="M13.009 22C13.009 22 8.61594 21.2998 7.38317 17.0997C6.1504 12.8995 8.06134 10.9237 10.6203 10.2078C10.6203 10.2078 9.69595 12.4173 11.6526 12.9771C13.6093 13.5369 15.7985 13.1018 17.3553 10.69C17.3553 10.6585 18.049 9.7099 17.7562 6.73828C17.7562 6.73828 18.7116 8.60511 20.5 9.44475C20.5 9.44475 19.3752 10.6271 20.4533 12.93C20.4533 12.93 18.6503 13.4593 18.7574 15.8859C18.7574 15.8859 16.6304 15.8083 16.1527 18.4843C16.1527 18.4843 12.4699 18.6709 13.009 22Z" fill="#222222"></path>
</svg>
<!--?--> </div> </div><!----> </div><!--?--></template></vt-ui-sandbox-icon-row> <div class="icon " id="item-8" hidden=""> <!--?lit$336419335$--> </div> <!--?lit$336419335$--> <span><!--?lit$336419335$-->HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32</span> <span hidden=""> <a href="https://www.virustotal.com/gui/" class="overflow-wrap-anywhere "><!--?lit$336419335$-->HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32</a> </span> </li> <!----><!----> <li class="hstack"> <!--?lit$336419335$--> <vt-ui-sandbox-icon-row class="me-2"><template shadowrootmode="open"><!----> <!--?lit$336419335$--><div class="hstack icons-row"> <!--?lit$336419335$--><!----><div class="box rounded-circle d-inline-flex align-middle bg-body attributed border "> <!--?lit$336419335$--><div data-tooltip-position="right" data-tooltip-text="CAPE Sandbox"> <!--?lit$336419335$--><!--?lit$336419335$--><svg width="1em" height="1em" viewBo
<path d="M6.18844 18.4529C6.18844 18.4529 4.13057 16.586 3.59932 12.5028C3.06807 8.41949 4.75523 5.8289 6.88217 3.82163C9.00912 1.81437 12.1772 1.27818 14.3732 3.16859C16.5692 5.05899 18.3264 8.44208 15.9913 10.7528C15.9913 10.7528 12.7084 7.08884 7.99138 10.6359C4.75426 13.366 6.18844 18.4529 6.18844 18.4529Z" fill="#FF001D"></path>
<path d="M13.009 22C13.009 22 8.61594 21.2998 7.38317 17.0997C6.1504 12.8995 8.06134 10.9237 10.6203 10.2078C10.6203 10.2078 9.69595 12.4173 11.6526 12.9771C13.6093 13.5369 15.7985 13.1018 17.3553 10.69C17.3553 10.6585 18.049 9.7099 17.7562 6.73828C17.7562 6.73828 18.7116 8.60511 20.5 9.44475C20.5 9.44475 19.3752 10.6271 20.4533 12.93C20.4533 12.93 18.6503 13.4593 18.7574 15.8859C18.7574 15.8859 16.6304 15.8083 16.1527 18.4843C16.1527 18.4843 12.4699 18.6709 13.009 22Z" fill="#222222"></path>
</svg>
<!--?--> </div> </div><!----> </div><!--?--></template></vt-ui-sandbox-icon-row> <div class="icon " id="item-9" hidden=""> <!--?lit$336419335$--> </div> <!--?lit$336419335$--> <span><!--?lit$336419335$-->HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32\(Default)</span> <span hidden=""> <a href="https://www.virustotal.com/gui/" class="overflow-wrap-anywhere "><!--?lit$336419335$-->HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32\(Default)</a> </span> </li> <!----> </ul> <vt-ui-expand-button initial-count="10"><template shadowrootmode="open"><!----> <!--?lit$336419335$--> <svg xmlns="http://www.w3.org/2000/svg" fill="currentColor"> <g> <path stroke-miterlimit="10" d="M18.9,3.5"></path> <path d="M12,14.9L12,14.9c-0.1,0-0.3-0.1-0.4-0.1L7.9,11c-0.2-0.2-0.2-0.5,0-0.7s0.5-0.2,0.7,0l3.4,3.4l3.4-3.4 c0.2-0.2,0.5-0.2,0.7,0s0.2,0.5,0,0.7l-3.7,3.7C12.3,14.8,12.1,14.9,12,14.9z"></path> </g> </svg> </template> </
<path d="M11.35 12.636H5.703V11.34h5.649V5.69h1.298v5.65h5.649v1.297H12.65v5.65h-1.298v-5.65Z"></path>
</svg>
<!--?--> <span id="slot"><slot></slot></span> <!--?lit$336419335$--> </span> </span> <div class="spinner"> <div class="bounce1"></div> <div class="bounce2"></div> <div class="bounce3"></div> </div> </template></vt-ui-button> <div id="label"> <slot name="label-content"> <!--?lit$336419335$-->HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\W32Time\Config\LastKnownGoodTime </slot> </div> </div> <div id="content" hidden=""> <slot name="content"></slot> </div> </template> <span slot="label-content"> <div class="hstack"> <vt-ui-sandbox-icon-row class="me-2"><template shadowrootmode="open"><!----> <!--?lit$336419335$--><div class="hstack icons-row"> <!--?lit$336419335$--><!----><div class="box rounded-circle d-inline-flex align-middle bg-body attributed border "> <!--?lit$336419335$--><div data-tooltip-position="right" data-tooltip-text="CAPE Sandbox"> <!--?lit$336419335$--><!--?lit$336419335$--><svg width="1em" height="1em" viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg">
<path d="M6.18844 18.4529C6.18844 18.4529 4.13057 16.586 3.59932 12.5028C3.06807 8.41949 4.75523 5.8289 6.88217 3.82163C9.00912 1.81437 12.1772 1.27818 14.3732 3.16859C16.5692 5.05899 18.3264 8.44208 15.9913 10.7528C15.9913 10.7528 12.7084 7.08884 7.99138 10.6359C4.75426 13.366 6.18844 18.4529 6.18844 18.4529Z" fill="#FF001D"></path>
<path d="M13.009 22C13.009 22 8.61594 21.2998 7.38317 17.0997C6.1504 12.8995 8.06134 10.9237 10.6203 10.2078C10.6203 10.2078 9.69595 12.4173 11.6526 12.9771C13.6093 13.5369 15.7985 13.1018 17.3553 10.69C17.3553 10.6585 18.049 9.7099 17.7562 6.73828C17.7562 6.73828 18.7116 8.60511 20.5 9.44475C20.5 9.44475 19.3752 10.6271 20.4533 12.93C20.4533 12.93 18.6503 13.4593 18.7574 15.8859C18.7574 15.8859 16.6304 15.8083 16.1527 18.4843C16.1527 18.4843 12.4699 18.6709 13.009 22Z" fill="#222222"></path>
</svg>
<!--?--> </div> </div><!----> </div><!--?--></template></vt-ui-sandbox-icon-row> <!--?lit$336419335$--><!--?lit$336419335$-->HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\W32Time\Config\LastKnownGoodTime<!--?--> </div> </span> <span slot="content"> <!--?lit$336419335$--> <!--?lit$336419335$--><!---->\x19\xa5\xcd)9\xb6\xdb\x01<!----> </span> </vt-ui-expandable-detail> <!----><!----> <vt-ui-expandable-detail><template shadowrootmode="open"><!----> <div id="labelWrapper"> <vt-ui-button icon="" class="icon" is-expandable-control=""><template shadowrootmode="open"><!----> <!--?lit$336419335$--> <span id="wrapperLink" class=" wrapperLink--no-empty-start-space " tabindex="0"> <!--?lit$336419335$--> <!--?lit$336419335$--> <span class="wrapper "> <!--?lit$336419335$--><!--?lit$336419335$--><svg xmlns="http://www.w3.org/2000/svg" width="1em" height="1em" viewBox="0 0 24 24" fill="currentColor">
<path d="M11.35 12.636H5.703V11.34h5.649V5.69h1.298v5.65h5.649v1.297H12.65v5.65h-1.298v-5.65Z"></path>
</svg>
<!--?--> <span id="slot"><slot></slot></span> <!--?lit$336419335$--> </span> </span> <div class="spinner"> <div class="bounce1"></div> <div class="bounce2"></div> <div class="bounce3"></div> </div> </template></vt-ui-button> <div id="label"> <slot name="label-content"> <!--?lit$336419335$-->HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\System DHCP Thread Panel Agent\ImagePath </slot> </div> </div> <div id="content" hidden=""> <slot name="content"></slot> </div> </template> <span slot="label-content"> <div class="hstack"> <vt-ui-sandbox-icon-row class="me-2"><template shadowrootmode="open"><!----> <!--?lit$336419335$--><div class="hstack icons-row"> <!--?lit$336419335$--><!----><div class="box rounded-circle d-inline-flex align-middle bg-body attributed border "> <!--?lit$336419335$--><div data-tooltip-position="right" data-tooltip-text="VirusTotal Observer"> <!--?lit$336419335$--><!--?lit$336419335$--><svg width="1em" height="1em" viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg">
<path fill-rule="evenodd" clip-rule="evenodd" d="M10.998 18.996C12.9374 18.996 14.7155 18.3058 16.1002 17.1575L19.7176 20.7763C20.0104 21.0692 20.4853 21.0693 20.7783 20.7765C21.0712 20.4837 21.0713 20.0088 20.7785 19.7158L17.1605 16.0966C18.307 14.7124 18.996 12.9357 18.996 10.998C18.996 6.58084 15.4152 3 10.998 3C6.58084 3 3 6.58084 3 10.998C3 15.4152 6.58084 18.996 10.998 18.996ZM10.998 17.496C14.5868 17.496 17.496 14.5868 17.496 10.998C17.496 7.40926 14.5868 4.5 10.998 4.5C7.40926 4.5 4.5 7.40926 4.5 10.998C4.5 14.5868 7.40926 17.496 10.998 17.496Z" fill="#0B4DDA"></path>
<path d="M10.998 17.496C14.5868 17.496 17.496 14.5868 17.496 10.998C17.496 7.40926 14.5868 4.5 10.998 4.5C7.40926 4.5 4.5 7.40926 4.5 10.998C4.5 14.5868 7.40926 17.496 10.998 17.496Z" fill="#CFDDFC"></path>
<path d="M9.48228 7.73794C9.37997 7.46193 9.12567 7.27129 8.83204 7.25048C8.53842 7.22967 8.25977 7.38256 8.11957 7.64138L6.42292 10.7735H5.99994C5.58573 10.7735 5.24994 11.1093 5.24994 11.5235C5.24994 11.9377 5.58573 12.2735 5.99994 12.2735H6.86962C7.14486 12.2735 7.39799 12.1228 7.52908 11.8808L8.65066 9.81023L10.3257 14.3294C10.4337 14.6208 10.7102 14.8154 11.0209 14.8187C11.3316 14.8221 11.6122 14.6335 11.7264 14.3446L13.3788 10.1662L14.4111 11.4982C14.5532 11.6815 14.772 11.7887 15.0039 11.7887H15.9975C16.4117 11.7887 16.7475 11.453 16.7475 11.0387C16.7475 10.6245 16.4117 10.2887 15.9975 10.2887H15.3716L13.7582 8.20699C13.5932 7.994 13.3265 7.88593 13.0598 7.92389C12.793 7.96185 12.5671 8.14001 12.468 8.39059L11.0517 11.972L9.48228 7.73794Z" fill="#0B4DDA"></path>
</svg>
<!--?--> </div> </div><!----> </div><!--?--></template></vt-ui-sandbox-icon-row> <!--?lit$336419335$--><!--?lit$336419335$-->HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\System DHCP Thread Panel Agent\ImagePath<!--?--> </div> </span> <span slot="content"> <!--?lit$336419335$--> <!--?lit$336419335$--><!---->C:\jikdfcd\jvkhijxqnrz.exe<!----> </span> </vt-ui-expandable-detail> <!----><!----> <vt-ui-expandable-detail><template shadowrootmode="open"><!----> <div id="labelWrapper"> <vt-ui-button icon="" class="icon" is-expandable-control=""><template shadowrootmode="open"><!----> <!--?lit$336419335$--> <span id="wrapperLink" class=" wrapperLink--no-empty-start-space " tabindex="0"> <!--?lit$336419335$--> <!--?lit$336419335$--> <span class="wrapper "> <!--?lit$336419335$--><!--?lit$336419335$--><svg xmlns="http://www.w3.org/2000/svg" width="1em" height="1em" viewBox="0 0 24 24" fill="currentColor">
<path d="M11.35 12.636H5.703V11.34h5.649V5.69h1.298v5.65h5.649v1.297H12.65v5.65h-1.298v-5.65Z"></path>
</svg>
<!--?--> <span id="slot"><slot></slot></span> <!--?lit$336419335$--> </span> </span> <div class="spinner"> <div class="bounce1"></div> <div class="bounce2"></div> <div class="bounce3"></div> </div> </template></vt-ui-button> <div id="label"> <slot name="label-content"> <!--?lit$336419335$-->HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\System DHCP Thread Panel Agent\Start </slot> </div> </div> <div id="content" hidden=""> <slot name="content"></slot> </div> </template> <span slot="label-content"> <div class="hstack"> <vt-ui-sandbox-icon-row class="me-2"><template shadowrootmode="open"><!----> <!--?lit$336419335$--><div class="hstack icons-row"> <!--?lit$336419335$--><!----><div class="box rounded-circle d-inline-flex align-middle bg-body attributed border "> <!--?lit$336419335$--><div data-tooltip-position="right" data-tooltip-text="VirusTotal Observer"> <!--?lit$336419335$--><!--?lit$336419335$--><svg width="1em" height="1em" viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg">
<path fill-rule="evenodd" clip-rule="evenodd" d="M10.998 18.996C12.9374 18.996 14.7155 18.3058 16.1002 17.1575L19.7176 20.7763C20.0104 21.0692 20.4853 21.0693 20.7783 20.7765C21.0712 20.4837 21.0713 20.0088 20.7785 19.7158L17.1605 16.0966C18.307 14.7124 18.996 12.9357 18.996 10.998C18.996 6.58084 15.4152 3 10.998 3C6.58084 3 3 6.58084 3 10.998C3 15.4152 6.58084 18.996 10.998 18.996ZM10.998 17.496C14.5868 17.496 17.496 14.5868 17.496 10.998C17.496 7.40926 14.5868 4.5 10.998 4.5C7.40926 4.5 4.5 7.40926 4.5 10.998C4.5 14.5868 7.40926 17.496 10.998 17.496Z" fill="#0B4DDA"></path>
<path d="M10.998 17.496C14.5868 17.496 17.496 14.5868 17.496 10.998C17.496 7.40926 14.5868 4.5 10.998 4.5C7.40926 4.5 4.5 7.40926 4.5 10.998C4.5 14.5868 7.40926 17.496 10.998 17.496Z" fill="#CFDDFC"></path>
<path d="M9.48228 7.73794C9.37997 7.46193 9.12567 7.27129 8.83204 7.25048C8.53842 7.22967 8.25977 7.38256 8.11957 7.64138L6.42292 10.7735H5.99994C5.58573 10.7735 5.24994 11.1093 5.24994 11.5235C5.24994 11.9377 5.58573 12.2735 5.99994 12.2735H6.86962C7.14486 12.2735 7.39799 12.1228 7.52908 11.8808L8.65066 9.81023L10.3257 14.3294C10.4337 14.6208 10.7102 14.8154 11.0209 14.8187C11.3316 14.8221 11.6122 14.6335 11.7264 14.3446L13.3788 10.1662L14.4111 11.4982C14.5532 11.6815 14.772 11.7887 15.0039 11.7887H15.9975C16.4117 11.7887 16.7475 11.453 16.7475 11.0387C16.7475 10.6245 16.4117 10.2887 15.9975 10.2887H15.3716L13.7582 8.20699C13.5932 7.994 13.3265 7.88593 13.0598 7.92389C12.793 7.96185 12.5671 8.14001 12.468 8.39059L11.0517 11.972L9.48228 7.73794Z" fill="#0B4DDA"></path>
</svg>
<!--?--> </div> </div><!----> </div><!--?--></template></vt-ui-sandbox-icon-row> <!--?lit$336419335$--><!--?lit$336419335$-->HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\System DHCP Thread Panel Agent\Start<!--?--> </div> </span> <span slot="content"> <!--?lit$336419335$--> <!--?lit$336419335$--><!---->DWORD (0x00000002)<!----> </span> </vt-ui-expandable-detail> <!----><!----> <vt-ui-expandable-detail><template shadowrootmode="open"><!----> <div id="labelWrapper"> <vt-ui-button icon="" class="icon" is-expandable-control=""><template shadowrootmode="open"><!----> <!--?lit$336419335$--> <span id="wrapperLink" class=" wrapperLink--no-empty-start-space " tabindex="0"> <!--?lit$336419335$--> <!--?lit$336419335$--> <span class="wrapper "> <!--?lit$336419335$--><!--?lit$336419335$--><svg xmlns="http://www.w3.org/2000/svg" width="1em" height="1em" viewBox="0 0 24 24" fill="currentColor">
<path d="M11.35 12.636H5.703V11.34h5.649V5.69h1.298v5.65h5.649v1.297H12.65v5.65h-1.298v-5.65Z"></path>
</svg>
<!--?--> <span id="slot"><slot></slot></span> <!--?lit$336419335$--> </span> </span> <div class="spinner"> <div class="bounce1"></div> <div class="bounce2"></div> <div class="bounce3"></div> </div> </template></vt-ui-button> <div id="label"> <slot name="label-content"> <!--?lit$336419335$-->\REGISTRY\A\{57F832A5-2E69-29EA-5795-84C49ABBB267}\Root\InventoryApplicationFile\addinprocess.exe|313edc2dd92685a6\BinProductVersion </slot> </div> </div> <div id="content" hidden=""> <slot name="content"></slot> </div> </template> <span slot="label-content"> <div class="hstack"> <vt-ui-sandbox-icon-row class="me-2"><template shadowrootmode="open"><!----> <!--?lit$336419335$--><div class="hstack icons-row"> <!--?lit$336419335$--><!----><div class="box rounded-circle d-inline-flex align-middle bg-body attributed border "> <!--?lit$336419335$--><div data-tooltip-position="right" data-tooltip-text="VirusTotal Observer"> <!--?lit$336419335$--><!--?lit$336419335$--><svg width="1em" height="1em" viewBox="0 0 24 24" fill="none
<path fill-rule="evenodd" clip-rule="evenodd" d="M10.998 18.996C12.9374 18.996 14.7155 18.3058 16.1002 17.1575L19.7176 20.7763C20.0104 21.0692 20.4853 21.0693 20.7783 20.7765C21.0712 20.4837 21.0713 20.0088 20.7785 19.7158L17.1605 16.0966C18.307 14.7124 18.996 12.9357 18.996 10.998C18.996 6.58084 15.4152 3 10.998 3C6.58084 3 3 6.58084 3 10.998C3 15.4152 6.58084 18.996 10.998 18.996ZM10.998 17.496C14.5868 17.496 17.496 14.5868 17.496 10.998C17.496 7.40926 14.5868 4.5 10.998 4.5C7.40926 4.5 4.5 7.40926 4.5 10.998C4.5 14.5868 7.40926 17.496 10.998 17.496Z" fill="#0B4DDA"></path>
<path d="M10.998 17.496C14.5868 17.496 17.496 14.5868 17.496 10.998C17.496 7.40926 14.5868 4.5 10.998 4.5C7.40926 4.5 4.5 7.40926 4.5 10.998C4.5 14.5868 7.40926 17.496 10.998 17.496Z" fill="#CFDDFC"></path>
<path d="M9.48228 7.73794C9.37997 7.46193 9.12567 7.27129 8.83204 7.25048C8.53842 7.22967 8.25977 7.38256 8.11957 7.64138L6.42292 10.7735H5.99994C5.58573 10.7735 5.24994 11.1093 5.24994 11.5235C5.24994 11.9377 5.58573 12.2735 5.99994 12.2735H6.86962C7.14486 12.2735 7.39799 12.1228 7.52908 11.8808L8.65066 9.81023L10.3257 14.3294C10.4337 14.6208 10.7102 14.8154 11.0209 14.8187C11.3316 14.8221 11.6122 14.6335 11.7264 14.3446L13.3788 10.1662L14.4111 11.4982C14.5532 11.6815 14.772 11.7887 15.0039 11.7887H15.9975C16.4117 11.7887 16.7475 11.453 16.7475 11.0387C16.7475 10.6245 16.4117 10.2887 15.9975 10.2887H15.3716L13.7582 8.20699C13.5932 7.994 13.3265 7.88593 13.0598 7.92389C12.793 7.96185 12.5671 8.14001 12.468 8.39059L11.0517 11.972L9.48228 7.73794Z" fill="#0B4DDA"></path>
</svg>
<!--?--> </div> </div><!----> </div><!--?--></template></vt-ui-sandbox-icon-row> <!--?lit$336419335$--><!--?lit$336419335$-->\REGISTRY\A\{57F832A5-2E69-29EA-5795-84C49ABBB267}\Root\InventoryApplicationFile\addinprocess.exe|313edc2dd92685a6\BinProductVersion<!--?--> </div> </span> <span slot="content"> <!--?lit$336419335$--> <!--?lit$336419335$--><!---->4.0.30319.0<!----> </span> </vt-ui-expandable-detail> <!----><!----> <vt-ui-expandable-detail><template shadowrootmode="open"><!----> <div id="labelWrapper"> <vt-ui-button icon="" class="icon" is-expandable-control=""><template shadowrootmode="open"><!----> <!--?lit$336419335$--> <span id="wrapperLink" class=" wrapperLink--no-empty-start-space " tabindex="0"> <!--?lit$336419335$--> <!--?lit$336419335$--> <span class="wrapper "> <!--?lit$336419335$--><!--?lit$336419335$--><svg xmlns="http://www.w3.org/2000/svg" width="1em" height="1em" viewBox="0 0 24 24" fill="currentColor">
<path d="M11.35 12.636H5.703V11.34h5.649V5.69h1.298v5.65h5.649v1.297H12.65v5.65h-1.298v-5.65Z"></path>
</svg>
<!--?--> <span id="slot"><slot></slot></span> <!--?lit$336419335$--> </span> </span> <div class="spinner"> <div class="bounce1"></div> <div class="bounce2"></div> <div class="bounce3"></div> </div> </template></vt-ui-button> <div id="label"> <slot name="label-content"> <!--?lit$336419335$-->\REGISTRY\A\{57F832A5-2E69-29EA-5795-84C49ABBB267}\Root\InventoryApplicationFile\addinprocess.exe|313edc2dd92685a6\LinkDate </slot> </div> </div> <div id="content" hidden=""> <slot name="content"></slot> </div> </template> <span slot="label-content"> <div class="hstack"> <vt-ui-sandbox-icon-row class="me-2"><template shadowrootmode="open"><!----> <!--?lit$336419335$--><div class="hstack icons-row"> <!--?lit$336419335$--><!----><div class="box rounded-circle d-inline-flex align-middle bg-body attributed border "> <!--?lit$336419335$--><div data-tooltip-position="right" data-tooltip-text="VirusTotal Observer"> <!--?lit$336419335$--><!--?lit$336419335$--><svg width="1em" height="1em" viewBox="0 0 24 24" fill="none" xmlns="
<path fill-rule="evenodd" clip-rule="evenodd" d="M10.998 18.996C12.9374 18.996 14.7155 18.3058 16.1002 17.1575L19.7176 20.7763C20.0104 21.0692 20.4853 21.0693 20.7783 20.7765C21.0712 20.4837 21.0713 20.0088 20.7785 19.7158L17.1605 16.0966C18.307 14.7124 18.996 12.9357 18.996 10.998C18.996 6.58084 15.4152 3 10.998 3C6.58084 3 3 6.58084 3 10.998C3 15.4152 6.58084 18.996 10.998 18.996ZM10.998 17.496C14.5868 17.496 17.496 14.5868 17.496 10.998C17.496 7.40926 14.5868 4.5 10.998 4.5C7.40926 4.5 4.5 7.40926 4.5 10.998C4.5 14.5868 7.40926 17.496 10.998 17.496Z" fill="#0B4DDA"></path>
<path d="M10.998 17.496C14.5868 17.496 17.496 14.5868 17.496 10.998C17.496 7.40926 14.5868 4.5 10.998 4.5C7.40926 4.5 4.5 7.40926 4.5 10.998C4.5 14.5868 7.40926 17.496 10.998 17.496Z" fill="#CFDDFC"></path>
<path d="M9.48228 7.73794C9.37997 7.46193 9.12567 7.27129 8.83204 7.25048C8.53842 7.22967 8.25977 7.38256 8.11957 7.64138L6.42292 10.7735H5.99994C5.58573 10.7735 5.24994 11.1093 5.24994 11.5235C5.24994 11.9377 5.58573 12.2735 5.99994 12.2735H6.86962C7.14486 12.2735 7.39799 12.1228 7.52908 11.8808L8.65066 9.81023L10.3257 14.3294C10.4337 14.6208 10.7102 14.8154 11.0209 14.8187C11.3316 14.8221 11.6122 14.6335 11.7264 14.3446L13.3788 10.1662L14.4111 11.4982C14.5532 11.6815 14.772 11.7887 15.0039 11.7887H15.9975C16.4117 11.7887 16.7475 11.453 16.7475 11.0387C16.7475 10.6245 16.4117 10.2887 15.9975 10.2887H15.3716L13.7582 8.20699C13.5932 7.994 13.3265 7.88593 13.0598 7.92389C12.793 7.96185 12.5671 8.14001 12.468 8.39059L11.0517 11.972L9.48228 7.73794Z" fill="#0B4DDA"></path>
</svg>
<!--?--> </div> </div><!----> </div><!--?--></template></vt-ui-sandbox-icon-row> <!--?lit$336419335$--><!--?lit$336419335$-->\REGISTRY\A\{57F832A5-2E69-29EA-5795-84C49ABBB267}\Root\InventoryApplicationFile\addinprocess.exe|313edc2dd92685a6\LinkDate<!--?--> </div> </span> <span slot="content"> <!--?lit$336419335$--> <!--?lit$336419335$--><!---->03/28/2019 06:56:01<!----> </span> </vt-ui-expandable-detail> <!----><!----> <vt-ui-expandable-detail><template shadowrootmode="open"><!----> <div id="labelWrapper"> <vt-ui-button icon="" class="icon" is-expandable-control=""><template shadowrootmode="open"><!----> <!--?lit$336419335$--> <span id="wrapperLink" class=" wrapperLink--no-empty-start-space " tabindex="0"> <!--?lit$336419335$--> <!--?lit$336419335$--> <span class="wrapper "> <!--?lit$336419335$--><!--?lit$336419335$--><svg xmlns="http://www.w3.org/2000/svg" width="1em" height="1em" viewBox="0 0 24 24" fill="currentColor">
<path d="M11.35 12.636H5.703V11.34h5.649V5.69h1.298v5.65h5.649v1.297H12.65v5.65h-1.298v-5.65Z"></path>
</svg>
<!--?--> <span id="slot"><slot></slot></span> <!--?lit$336419335$--> </span> </span> <div class="spinner"> <div class="bounce1"></div> <div class="bounce2"></div> <div class="bounce3"></div> </div> </template></vt-ui-button> <div id="label"> <slot name="label-content"> <!--?lit$336419335$-->\REGISTRY\A\{57F832A5-2E69-29EA-5795-84C49ABBB267}\Root\InventoryApplicationFile\addinprocess.exe|313edc2dd92685a6\LowerCaseLongPath </slot> </div> </div> <div id="content" hidden=""> <slot name="content"></slot> </div> </template> <span slot="label-content"> <div class="hstack"> <vt-ui-sandbox-icon-row class="me-2"><template shadowrootmode="open"><!----> <!--?lit$336419335$--><div class="hstack icons-row"> <!--?lit$336419335$--><!----><div class="box rounded-circle d-inline-flex align-middle bg-body attributed border "> <!--?lit$336419335$--><div data-tooltip-position="right" data-tooltip-text="VirusTotal Observer"> <!--?lit$336419335$--><!--?lit$336419335$--><svg width="1em" height="1em" viewBox="0 0 24 24" fill="none
<path fill-rule="evenodd" clip-rule="evenodd" d="M10.998 18.996C12.9374 18.996 14.7155 18.3058 16.1002 17.1575L19.7176 20.7763C20.0104 21.0692 20.4853 21.0693 20.7783 20.7765C21.0712 20.4837 21.0713 20.0088 20.7785 19.7158L17.1605 16.0966C18.307 14.7124 18.996 12.9357 18.996 10.998C18.996 6.58084 15.4152 3 10.998 3C6.58084 3 3 6.58084 3 10.998C3 15.4152 6.58084 18.996 10.998 18.996ZM10.998 17.496C14.5868 17.496 17.496 14.5868 17.496 10.998C17.496 7.40926 14.5868 4.5 10.998 4.5C7.40926 4.5 4.5 7.40926 4.5 10.998C4.5 14.5868 7.40926 17.496 10.998 17.496Z" fill="#0B4DDA"></path>
<path d="M10.998 17.496C14.5868 17.496 17.496 14.5868 17.496 10.998C17.496 7.40926 14.5868 4.5 10.998 4.5C7.40926 4.5 4.5 7.40926 4.5 10.998C4.5 14.5868 7.40926 17.496 10.998 17.496Z" fill="#CFDDFC"></path>
<path d="M9.48228 7.73794C9.37997 7.46193 9.12567 7.27129 8.83204 7.25048C8.53842 7.22967 8.25977 7.38256 8.11957 7.64138L6.42292 10.7735H5.99994C5.58573 10.7735 5.24994 11.1093 5.24994 11.5235C5.24994 11.9377 5.58573 12.2735 5.99994 12.2735H6.86962C7.14486 12.2735 7.39799 12.1228 7.52908 11.8808L8.65066 9.81023L10.3257 14.3294C10.4337 14.6208 10.7102 14.8154 11.0209 14.8187C11.3316 14.8221 11.6122 14.6335 11.7264 14.3446L13.3788 10.1662L14.4111 11.4982C14.5532 11.6815 14.772 11.7887 15.0039 11.7887H15.9975C16.4117 11.7887 16.7475 11.453 16.7475 11.0387C16.7475 10.6245 16.4117 10.2887 15.9975 10.2887H15.3716L13.7582 8.20699C13.5932 7.994 13.3265 7.88593 13.0598 7.92389C12.793 7.96185 12.5671 8.14001 12.468 8.39059L11.0517 11.972L9.48228 7.73794Z" fill="#0B4DDA"></path>
</svg>
<!--?--> </div> </div><!----> </div><!--?--></template></vt-ui-sandbox-icon-row> <!--?lit$336419335$--><!--?lit$336419335$-->\REGISTRY\A\{57F832A5-2E69-29EA-5795-84C49ABBB267}\Root\InventoryApplicationFile\addinprocess.exe|313edc2dd92685a6\LowerCaseLongPath<!--?--> </div> </span> <span slot="content"> <!--?lit$336419335$--> <!--?lit$336419335$--><!---->c:\windows\microsoft.net\framework\v4.0.30319\addinprocess.exe<!----> </span> </vt-ui-expandable-detail> <!----><!----> <vt-ui-expandable-detail><template shadowrootmode="open"><!----> <div id="labelWrapper"> <vt-ui-button icon="" class="icon" is-expandable-control=""><template shadowrootmode="open"><!----> <!--?lit$336419335$--> <span id="wrapperLink" class=" wrapperLink--no-empty-start-space " tabindex="0"> <!--?lit$336419335$--> <!--?lit$336419335$--> <span class="wrapper "> <!--?lit$336419335$--><!--?lit$336419335$--><svg xmlns="http://www.w3.org/2000/svg" width="1em" height="1em" viewBox="0 0 24 24" fill="currentColor">
<path d="M11.35 12.636H5.703V11.34h5.649V5.69h1.298v5.65h5.649v1.297H12.65v5.65h-1.298v-5.65Z"></path>
</svg>
<!--?--> <span id="slot"><slot></slot></span> <!--?lit$336419335$--> </span> </span> <div class="spinner"> <div class="bounce1"></div> <div class="bounce2"></div> <div class="bounce3"></div> </div> </template></vt-ui-button> <div id="label"> <slot name="label-content"> <!--?lit$336419335$-->\REGISTRY\A\{57F832A5-2E69-29EA-5795-84C49ABBB267}\Root\InventoryApplicationFile\addinprocess.exe|313edc2dd92685a6\Publisher </slot> </div> </div> <div id="content" hidden=""> <slot name="content"></slot> </div> </template> <span slot="label-content"> <div class="hstack"> <vt-ui-sandbox-icon-row class="me-2"><template shadowrootmode="open"><!----> <!--?lit$336419335$--><div class="hstack icons-row"> <!--?lit$336419335$--><!----><div class="box rounded-circle d-inline-flex align-middle bg-body attributed border "> <!--?lit$336419335$--><div data-tooltip-position="right" data-tooltip-text="VirusTotal Observer"> <!--?lit$336419335$--><!--?lit$336419335$--><svg width="1em" height="1em" viewBox="0 0 24 24" fill="none" xmlns=
<path fill-rule="evenodd" clip-rule="evenodd" d="M10.998 18.996C12.9374 18.996 14.7155 18.3058 16.1002 17.1575L19.7176 20.7763C20.0104 21.0692 20.4853 21.0693 20.7783 20.7765C21.0712 20.4837 21.0713 20.0088 20.7785 19.7158L17.1605 16.0966C18.307 14.7124 18.996 12.9357 18.996 10.998C18.996 6.58084 15.4152 3 10.998 3C6.58084 3 3 6.58084 3 10.998C3 15.4152 6.58084 18.996 10.998 18.996ZM10.998 17.496C14.5868 17.496 17.496 14.5868 17.496 10.998C17.496 7.40926 14.5868 4.5 10.998 4.5C7.40926 4.5 4.5 7.40926 4.5 10.998C4.5 14.5868 7.40926 17.496 10.998 17.496Z" fill="#0B4DDA"></path>
<path d="M10.998 17.496C14.5868 17.496 17.496 14.5868 17.496 10.998C17.496 7.40926 14.5868 4.5 10.998 4.5C7.40926 4.5 4.5 7.40926 4.5 10.998C4.5 14.5868 7.40926 17.496 10.998 17.496Z" fill="#CFDDFC"></path>
<path d="M9.48228 7.73794C9.37997 7.46193 9.12567 7.27129 8.83204 7.25048C8.53842 7.22967 8.25977 7.38256 8.11957 7.64138L6.42292 10.7735H5.99994C5.58573 10.7735 5.24994 11.1093 5.24994 11.5235C5.24994 11.9377 5.58573 12.2735 5.99994 12.2735H6.86962C7.14486 12.2735 7.39799 12.1228 7.52908 11.8808L8.65066 9.81023L10.3257 14.3294C10.4337 14.6208 10.7102 14.8154 11.0209 14.8187C11.3316 14.8221 11.6122 14.6335 11.7264 14.3446L13.3788 10.1662L14.4111 11.4982C14.5532 11.6815 14.772 11.7887 15.0039 11.7887H15.9975C16.4117 11.7887 16.7475 11.453 16.7475 11.0387C16.7475 10.6245 16.4117 10.2887 15.9975 10.2887H15.3716L13.7582 8.20699C13.5932 7.994 13.3265 7.88593 13.0598 7.92389C12.793 7.96185 12.5671 8.14001 12.468 8.39059L11.0517 11.972L9.48228 7.73794Z" fill="#0B4DDA"></path>
</svg>
<!--?--> </div> </div><!----> </div><!--?--></template></vt-ui-sandbox-icon-row> <!--?lit$336419335$--><!--?lit$336419335$-->\REGISTRY\A\{57F832A5-2E69-29EA-5795-84C49ABBB267}\Root\InventoryApplicationFile\addinprocess.exe|313edc2dd92685a6\Publisher<!--?--> </div> </span> <span slot="content"> <!--?lit$336419335$--> <!--?lit$336419335$--><!---->microsoft corporation<!----> </span> </vt-ui-expandable-detail> <!----><!----> <vt-ui-expandable-detail><template shadowrootmode="open"><!----> <div id="labelWrapper"> <vt-ui-button icon="" class="icon" is-expandable-control=""><template shadowrootmode="open"><!----> <!--?lit$336419335$--> <span id="wrapperLink" class=" wrapperLink--no-empty-start-space " tabindex="0"> <!--?lit$336419335$--> <!--?lit$336419335$--> <span class="wrapper "> <!--?lit$336419335$--><!--?lit$336419335$--><svg xmlns="http://www.w3.org/2000/svg" width="1em" height="1em" viewBox="0 0 24 24" fill="currentColor">
<path d="M11.35 12.636H5.703V11.34h5.649V5.69h1.298v5.65h5.649v1.297H12.65v5.65h-1.298v-5.65Z"></path>
</svg>
<!--?--> <span id="slot"><slot></slot></span> <!--?lit$336419335$--> </span> </span> <div class="spinner"> <div class="bounce1"></div> <div class="bounce2"></div> <div class="bounce3"></div> </div> </template></vt-ui-button> <div id="label"> <slot name="label-content"> <!--?lit$336419335$-->\REGISTRY\A\{57F832A5-2E69-29EA-5795-84C49ABBB267}\Root\InventoryApplicationFile\addinprocess.exe|31487d5668d38eef\BinProductVersion </slot> </div> </div> <div id="content" hidden=""> <slot name="content"></slot> </div> </template> <span slot="label-content"> <div class="hstack"> <vt-ui-sandbox-icon-row class="me-2"><template shadowrootmode="open"><!----> <!--?lit$336419335$--><div class="hstack icons-row"> <!--?lit$336419335$--><!----><div class="box rounded-circle d-inline-flex align-middle bg-body attributed border "> <!--?lit$336419335$--><div data-tooltip-position="right" data-tooltip-text="VirusTotal Observer"> <!--?lit$336419335$--><!--?lit$336419335$--><svg width="1em" height="1em" viewBox="0 0 24 24" fill="none
<path fill-rule="evenodd" clip-rule="evenodd" d="M10.998 18.996C12.9374 18.996 14.7155 18.3058 16.1002 17.1575L19.7176 20.7763C20.0104 21.0692 20.4853 21.0693 20.7783 20.7765C21.0712 20.4837 21.0713 20.0088 20.7785 19.7158L17.1605 16.0966C18.307 14.7124 18.996 12.9357 18.996 10.998C18.996 6.58084 15.4152 3 10.998 3C6.58084 3 3 6.58084 3 10.998C3 15.4152 6.58084 18.996 10.998 18.996ZM10.998 17.496C14.5868 17.496 17.496 14.5868 17.496 10.998C17.496 7.40926 14.5868 4.5 10.998 4.5C7.40926 4.5 4.5 7.40926 4.5 10.998C4.5 14.5868 7.40926 17.496 10.998 17.496Z" fill="#0B4DDA"></path>
<path d="M10.998 17.496C14.5868 17.496 17.496 14.5868 17.496 10.998C17.496 7.40926 14.5868 4.5 10.998 4.5C7.40926 4.5 4.5 7.40926 4.5 10.998C4.5 14.5868 7.40926 17.496 10.998 17.496Z" fill="#CFDDFC"></path>
<path d="M9.48228 7.73794C9.37997 7.46193 9.12567 7.27129 8.83204 7.25048C8.53842 7.22967 8.25977 7.38256 8.11957 7.64138L6.42292 10.7735H5.99994C5.58573 10.7735 5.24994 11.1093 5.24994 11.5235C5.24994 11.9377 5.58573 12.2735 5.99994 12.2735H6.86962C7.14486 12.2735 7.39799 12.1228 7.52908 11.8808L8.65066 9.81023L10.3257 14.3294C10.4337 14.6208 10.7102 14.8154 11.0209 14.8187C11.3316 14.8221 11.6122 14.6335 11.7264 14.3446L13.3788 10.1662L14.4111 11.4982C14.5532 11.6815 14.772 11.7887 15.0039 11.7887H15.9975C16.4117 11.7887 16.7475 11.453 16.7475 11.0387C16.7475 10.6245 16.4117 10.2887 15.9975 10.2887H15.3716L13.7582 8.20699C13.5932 7.994 13.3265 7.88593 13.0598 7.92389C12.793 7.96185 12.5671 8.14001 12.468 8.39059L11.0517 11.972L9.48228 7.73794Z" fill="#0B4DDA"></path>
</svg>
<!--?--> </div> </div><!----> </div><!--?--></template></vt-ui-sandbox-icon-row> <!--?lit$336419335$--><!--?lit$336419335$-->\REGISTRY\A\{57F832A5-2E69-29EA-5795-84C49ABBB267}\Root\InventoryApplicationFile\addinprocess.exe|31487d5668d38eef\BinProductVersion<!--?--> </div> </span> <span slot="content"> <!--?lit$336419335$--> <!--?lit$336419335$--><!---->4.0.30319.0<!----> </span> </vt-ui-expandable-detail> <!----><!----> <vt-ui-expandable-detail><template shadowrootmode="open"><!----> <div id="labelWrapper"> <vt-ui-button icon="" class="icon" is-expandable-control=""><template shadowrootmode="open"><!----> <!--?lit$336419335$--> <span id="wrapperLink" class=" wrapperLink--no-empty-start-space " tabindex="0"> <!--?lit$336419335$--> <!--?lit$336419335$--> <span class="wrapper "> <!--?lit$336419335$--><!--?lit$336419335$--><svg xmlns="http://www.w3.org/2000/svg" width="1em" height="1em" viewBox="0 0 24 24" fill="currentColor">
<path d="M11.35 12.636H5.703V11.34h5.649V5.69h1.298v5.65h5.649v1.297H12.65v5.65h-1.298v-5.65Z"></path>
</svg>
<!--?--> <span id="slot"><slot></slot></span> <!--?lit$336419335$--> </span> </span> <div class="spinner"> <div class="bounce1"></div> <div class="bounce2"></div> <div class="bounce3"></div> </div> </template></vt-ui-button> <div id="label"> <slot name="label-content"> <!--?lit$336419335$-->\REGISTRY\A\{57F832A5-2E69-29EA-5795-84C49ABBB267}\Root\InventoryApplicationFile\addinprocess.exe|31487d5668d38eef\LinkDate </slot> </div> </div> <div id="content" hidden=""> <slot name="content"></slot> </div> </template> <span slot="label-content"> <div class="hstack"> <vt-ui-sandbox-icon-row class="me-2"><template shadowrootmode="open"><!----> <!--?lit$336419335$--><div class="hstack icons-row"> <!--?lit$336419335$--><!----><div class="box rounded-circle d-inline-flex align-middle bg-body attributed border "> <!--?lit$336419335$--><div data-tooltip-position="right" data-tooltip-text="VirusTotal Observer"> <!--?lit$336419335$--><!--?lit$336419335$--><svg width="1em" height="1em" viewBox="0 0 24 24" fill="none" xmlns="
<path fill-rule="evenodd" clip-rule="evenodd" d="M10.998 18.996C12.9374 18.996 14.7155 18.3058 16.1002 17.1575L19.7176 20.7763C20.0104 21.0692 20.4853 21.0693 20.7783 20.7765C21.0712 20.4837 21.0713 20.0088 20.7785 19.7158L17.1605 16.0966C18.307 14.7124 18.996 12.9357 18.996 10.998C18.996 6.58084 15.4152 3 10.998 3C6.58084 3 3 6.58084 3 10.998C3 15.4152 6.58084 18.996 10.998 18.996ZM10.998 17.496C14.5868 17.496 17.496 14.5868 17.496 10.998C17.496 7.40926 14.5868 4.5 10.998 4.5C7.40926 4.5 4.5 7.40926 4.5 10.998C4.5 14.5868 7.40926 17.496 10.998 17.496Z" fill="#0B4DDA"></path>
<path d="M10.998 17.496C14.5868 17.496 17.496 14.5868 17.496 10.998C17.496 7.40926 14.5868 4.5 10.998 4.5C7.40926 4.5 4.5 7.40926 4.5 10.998C4.5 14.5868 7.40926 17.496 10.998 17.496Z" fill="#CFDDFC"></path>
<path d="M9.48228 7.73794C9.37997 7.46193 9.12567 7.27129 8.83204 7.25048C8.53842 7.22967 8.25977 7.38256 8.11957 7.64138L6.42292 10.7735H5.99994C5.58573 10.7735 5.24994 11.1093 5.24994 11.5235C5.24994 11.9377 5.58573 12.2735 5.99994 12.2735H6.86962C7.14486 12.2735 7.39799 12.1228 7.52908 11.8808L8.65066 9.81023L10.3257 14.3294C10.4337 14.6208 10.7102 14.8154 11.0209 14.8187C11.3316 14.8221 11.6122 14.6335 11.7264 14.3446L13.3788 10.1662L14.4111 11.4982C14.5532 11.6815 14.772 11.7887 15.0039 11.7887H15.9975C16.4117 11.7887 16.7475 11.453 16.7475 11.0387C16.7475 10.6245 16.4117 10.2887 15.9975 10.2887H15.3716L13.7582 8.20699C13.5932 7.994 13.3265 7.88593 13.0598 7.92389C12.793 7.96185 12.5671 8.14001 12.468 8.39059L11.0517 11.972L9.48228 7.73794Z" fill="#0B4DDA"></path>
</svg>