History

avast-ti c0d31d6c24 Update README.md		2022-04-21 17:00:06 +02:00
..
README.md	Update README.md	2022-04-21 17:00:06 +02:00
network.txt	Add files via upload	2022-04-21 16:57:20 +02:00
samples.md5	Add files via upload	2022-04-21 16:57:20 +02:00
samples.sha1	Add files via upload	2022-04-21 16:57:20 +02:00
samples.sha256	Add files via upload	2022-04-21 16:57:20 +02:00

README.md

IOC for Certishell

Malware analysis and more technical informations at https://decoded.avast.io/danielbenes/warez-users-fell-for-certishell/

Samples (SHA-256)
Network indicators
File names

Samples (SHA-256)

Downloader

02ee7232c3a5760888236ef67dbe23d1c743a211c1fc7ba4bc62850770a99b04
02f8912e7c1a14a0e973c373369e2a7a56bbf458d29a8aa4a08fc432d25b63a1
030218d021d558e44a78f51132aac42157811bc4418ca8d9af9515647c3314ef
03062b0ac29169a2838f86c8e50544e9110dd05b5ed23aad9bf0027a77a7c6ce
03cf154366b1ae24067b1344e4afa09e744851568fb117b8381ebe262f9f9cb9
077253173f4dbfb921d42ed10abff674df5b01bf0f4359a9b7c6433647a3c542
09a727a045a3b4ac913025fc88375c23e0a4839f163371793799f61e603fb424
0ab12e9621d7fe66bf706344dbea8a6aa3af8df4f9241e71ca2ba9a72731d57e
0b00f9341bd6e33c2177eb95d21cd615b58530813ee50b0d684b6260d18923ce
0e37f0a08f5562249ed60a4fd38ebcb9b3cd7dfd224f5fa344251ef12fe8a689
0f100cd7f7efcb92266b4b58049969214603c0c49d3ec6c2447b92a05299f88b
0f3f04207d2db90fdaa9e17228bdd39f247f290492f431e32813def2cd03a2c7
107f74d90e2d91b47e5a4d6d149131aa1dcecebd951f6858ae450c059ea8e393
119b28ae734b833033aa469cf208c5ba0b3375b0128a3203cff429ff15071c5b
1340742505ef6d84cb19ba78bb9e4869d9beded4c339c3d6b22dcfae55ec2400
13e362623b468318b31a78e046fc25552ae23d8b9ae6a797455a5ae29dae4554
15c9eeaa398153adba089a7cb4785544c8dd4fbce73b012a3a59dd53682b10d3
170f81b02548f8e444046ab6edaf0773e963faa987d3af5e6f627154d710676a
176d837453286ad96b22f41b8b6882e0e4eca4cedfe461d2819ac6768512f1fa
1a3cd50fcc7a454025a641ffcc941353b4a7998c36066b399c72cb8cbff61071
1abe7314357a74089f40ee39bebc2e6f885479aa64656a092e5a9b48c4484b95
1b430d8d917387918837918c251156aa066b308561a87a780c6509877970f326
1be3c89172bb43c0a3b36d55499616f73fb7721e7b06f14bbdbfb6a08875d3b3
1c9447ee8e2f9fb78e9f161641db6db6f9e2493298c59a26316a39730c6b618e
1cc16fe69d0ca914927687157a4eae95d2c48122cbb2a429b36300f3ec10f3d3
1d2b9e048c5a12336c8e3b3c824700c0915d82c2d01e71a62b5cc719d5b414a7
1dccfbf7f7bbfed1dfac32ed9961ddac4a2a43d0debccb4c9f06747c1edd15a7
1e912ce0779e71102d730d2a2203d1479218828feeaccb6b5a9e269ffb988356
1f537518869589f02148dc446d1effa92da1c0e3ae5034c4334f671b0c38b2b7
20d8322d7d83eb84ebec0b20369fdfafe8e60fcc04a21337b2cce7ad1f56d135
22e83fac923bc3ffd0d0d637354191ea24e8e56b258b7395d4e564f2a837e002
2384f3c03fa7649091746b54cdd8d153383d71aa0d08ba13f487b86159c41752
253609d8b625dd6045311321b492a045b1b39350870430a03751f89c04629ae9
2551815542ba5df0456f35f7ac56f1c87916fcf3f28ebfd8bafe06d2344d382d
2633c6492bbaffb23f9883dc3f8de0bf873b331fda5f644e650444ac005e1a02
26beffec6061bc9e85feed145dd3bd59751eb201d4288607965cff71c1fca9fc
26e6c917d377003f4ad808eee329bb688701d3f3a77c602ddc79ae88619a3835
29dfff866e92d3485e709d8fe7f1f49958a7283ef38e706fb30be8d1fadd7371
2bcf22db17ae940255849b43ba4bb7775750512e7e0c0740c3788608ae317c56
2eb3e5b33216e80d408db18b5810ab91840974db92fa4f68e7a578f4124e8757
318ad653203299c42d3f144d046a8f1d150d20499d4d9cda364193c3af5ff980
32564d465639f97369abec8fdb4d07958aaacb8da6575c37759e63aa336a7669
349e144c236d3f92075c0df3f0d58152ebb99e0fc359b1ec7036020714620eee
38cb20f81f6b716a80dad31244458dd4831d1d8a85022f5a552b5dac2961da37
390a126d8faee9b164325b4c90dfa51ef164fd8c21ea30fe49e78c75c19e1d20
3c5707e2e2ce2061a1fa50c465b630dd9788ad81e265d5d96c7d044ebdc2e3ee
3dd177cef0a29c2ceec5224ed05595c4057fb427a9d8ad1a57f738d11033beca
4067f5174ad1a5e49f358c8a75c5df1c99ad50e2b3ea7b8050864d335fa5b91f
4084fc0d3ca5affeb277adddcc012217fe80470814e79bfc1150d338dc4891ed
4206c1a4f6421b6118724ad12d58bb264bbc2c6332a45d2188cf35bb9775d378
425b25d6875eca1c8800e0c31c5fd39ae59fbe8f778f78ca2c9d4aa559001c69
42b5dfb9c89e5926e5735faa785e9c1a9942974055028a7576ba99395c056d25
43d7de0c6a83c1f2a4d4f384c2b5a4397757cd32b46b4233894657b74618b5e8
44ea7093858ee30272ffc3b90ed77765fcca6eccc8b1488fb77b981d0f9c526e
48231119b7b8043370179b5fe56cf7c53615cba5158be3cb2a78c350b34bb76d
4984ffdd13b35b0989720b95a16e14e741b59fd452d75d166f68b25fd0aca0b1
49c3158e280090ab8016a956b70fe3e6c0f016ad8b6852eb666f77c8f768d0d7
4b770e190f12bf58a481bbfad9f7e273ac8e70bef3ea02e895fad160ad9871c4
4c87e8d3e657ea269940d79255b5e87c289a856db18ebfd1b3bb8ce99559cadf
4d9c7815261985a921e74a38fd97158df28e4650ea6fe0c1b214db72dc3287fd
4e1ce0e353c519a4e40237151b0fdb882b32efa4d143dd102f1e555a27fc55ed
4e86e7d7b14c1c16a0eeffd1ff6c0f01ed5dfc774c4a7e411e3a82b347dd58b1
4eadbc3348fc21c490baaa22ea58ad9ac4dc85d15071b3df287b82a6ed1ee1a0
5349d7db65457865b17529f9abe911f098eb39c4c3a56b0d9776e6d6fd1eda2b
59fa5534c392bbfbc55c8ee79bb6ef9170ede6fae42febcae2355c914c1ec71a
5b2ef77ec4a7e791f9f473556e12a42f6e0ed231cf4f0c7940f9b0a65c6d775a
5bce2cce9b75e300f4631c90505a48baed2ff974b332130074f75414ffe02d77
5bdc77bb6e9cffdb348fd4b0c96a9f366e968584fb788add0b65d7c861baf803
5cec65c366c46518c66e658f584d4859027dc1fd70df9f7b708113ff4dfe1418
5dc810a8273afe8b5e8f540ae7228a977222f22f24a823c4dc6c032275902de7
5f7c505317042e6e49dd25a22a304518160404379187a88dd8fbef468dc47a28
61d708a16214db20aac7ec14e1bf2d240f29de43d2534183207ee293aae61402
6206a2adaea7d425ca785555e6116b2d73e88b7800b7ae826edee9f599020b30
621d68956dba3626e119f52541e94ccd0e6184533567d7db534cfda6b4d3d6b7
62ec6b442308cf7ccafc1a3d867d886fa952ebd1e89db67c37c9d50ea3f780b3
658caac91de408a9f1c9fcc2a7248638a085641402ee70e860fbc90055e30f8e
67cf56d28665ac0d0379e0e7170a5cc413377bfa6f4883e112c7def005d50fb5
691093a71b46e30b5143ec4f46d1cbcc03525a0be4363008fd50c145b88b5389
6d491fa1366bb946d5c58e87c334212c0edec83d1fd5099a8a7a5fbd964eccd8
6d97202eb303e74906773f45341b9c4d42f899071ae87ef67b051833f81a67cc
6dd78b12878ee0dd95b414e2e31f8a4ba3bdbf31f60c29ebb2eac026b1ffd892
6f2b7a24229d0c9c4a487e0cad53b5c0dd67ad058bcce27b59beac86eed37fba
6f64d3ce3168c45990ea934abc357ad153ebec3db675a82fbc934546a6eea502
6fb0bfac3bbfa8a17142234110f0377caae0652531dc4f9e9f925d6f43012713
702aae18a969d9248228da862480db594fd0883c382fe2410b360ad78e559b3b
70c6d92a293dce3c49d77914ffc95512b5582ef125040074fef153ed9ee93044
70cd105447217c48394b2957b512280c44e032ed8e4199f720d94a73b5894204
70d3346eac88b94d5825176aa5c926ec53bd360cc9d7a3db7cf2c99d1cff6457
71fb80785680e192b58223b035343109b6c963092298689ca58ae776180bd5cd
72084605302fe041f5afc0bc857617be7953cf7bf49dc723b494e42f9b640374
74f947d3061038ccc5c28be621a4d0d53251fc252b88bfce63a138f725e2f235
75e61b5fd2d8f6f646d89c36ee07b53199cffc24569f02ce3746401451fade4a
76679f56dca2a9afb6713bf84f1241fc7e46ea15fe9431bea51ca31a86e8d22d
768b61b47ef555bda586d0c07bb2b64a1bb8afefd3a3812dc3a7619fb1caabfe
7742925c05255a894524109f952822ded28101040c14a47255a1fa7ff5e27601
7870372f654953a828f9bb387c7e527a9968ebecff4dfeeb9f4a858f09a02303
79d9690d4d28a94494bf8974f19f4bf3d3097a00429fdc8139467d4c55bfbc7e
79db6fc0502a88e930924358f073030c09a9b66305c432e332f812f3a491f359
7a14322ddefc22f4b5007e1522cece4b16004d64eeb7598febe3f312a1a33498
7af2359d5179a6607528a03e31606b2558db27bcac145be7c6622dfcdfa83fe9
7b817448d19698c202004805fc304026f04202c7f78629b926ff2ebdf175dbfa
7c540107fb8491aabb73871e26b21bc2fe4d5d0fc77ae70d740781e9c69b5ae7
7dfaec2d207105960d58562a97a80f24723271e04be2bfb764f559b904378bed
7e131c46afc48f8a1b424d4eedbfb970693c95acde28e9a357734acf277e5a27
7e94a61d187e3cbb768a04361ccfd5bb61f6059dbaf5f88fa067ae0715236e96
80689ffe8c405fbab3414a0032eeeb434446223c6aa02e7dc4c3eabd4febb757
807dfbb3e05e82af48b7f9147289f150adab7f88c3aef4a7729870e3a7ad51d3
8186059e717fe6bdc4d3f44eda9e5198102f660fb378e0fd1ca6bb83c4845839
84560cb69279e3a68729b94c4f113fee9033c31640720a41daf1701b554ad45c
847c2d6c29486849ddb3ce25b79e03400c932c4662045a33b0f5b14f900efb8e
888ef2f60b9857aa1e8e14fbb444741168f05f99bcf0d4710d24c30db5c07b2c
8893259bee7cf0ad8ba1297a528cac780b74c92efaad2a3d8a717ac152544cc5
8a50fb67c30f21628695fd14c154f290433ec632b7f525cb10a6fc6379a85399
8b3241f4bfb8747fb0eba0b5efbf966fb1e0f02c270f70f8a9028aa14d8fbf72
8bb202225a1e579b3d7e11d896a20e911984e8f818e97b84deaab32d0ec662b7
8c6c71529d1a5131c7c6600d9e7495e298e1d87c0ab8d67108af4c35ddd546b2
8c924660439a5323c8658d618a05621bc2ad103a0091c9af6f1ff65592f49ddb
8dae0367b2f4594048a690f51c2bd34295f2f5cf53d34cd6d440bd7500d0d511
8f3841be15f592cc827d00ca3c0ed56ba0ead18cabc021784f045de42e984729
8fd5a091c53b4579d7ff43e2c20877042a4ee0a3f51c567a88225e81d3a3f2bf
911309d8719a3c906b5a6a85053d5df6398ce31f5bdbfdef4110bfcc0091ec88
9283b62dabebb69eaed8b9661bfc773a5fc7d6d821e18c0c50a497155a7ed2df
96cd6bcd2f1e9289a5ad8f1cfc6b6b338901a23b09f94cff6130a7e308e07587
96ef060cbeddd4f9d19c502d1380ef30cb9dfd62244e4689d489c5471feb23e6
975f4c4f60754a16cb4c0e23385e8ff0401e33d9aa267ea51956e6b109de4f85
99e98479f708ab8ca6b5b43f47483647fbe9261e6a192cfacc3f5f531171e999
9a610ab3af463c2612b877a04b4f05864a06ecbc7409d43b52bf69aa1fd24b9e
9bb75fda93ba942ca257cfe1a5a001e567f855717c9dae29e001af6679bf455e
9c02c72f6bb589d1a18eaa07a5c866468a5cea030b1ac31adbc7d47d03cb80e8
9d422e1673b34525efadd343b30fc4458cbd1833a6911b79c1f29345d0766915
9dad8480dd0ff55458a4066ecc490b5074e95697c394ba859a3a0193bdbf57cf
9dd955276f68faa0cdcf06a34bffe279ebd1114c5d506e7e1c921cee4672deb3
9eb9796acf55e03a2025a6c9415975e538dedcc657ff5328097e3d217fa16a9b
a32e6f888918b00e9307f67aaf0561cce633feb5d032ada71b92536ddbc3c7db
a381ce7c3235a7f507e57cefab5967719a01bb542ae8f9df34607271135728bf
a3e27fc41a5646505b0d5190ad9ead12c20a91198e5bad9d5ee1f6055255208f
a49c6766af7d1edf261f7951dc4f1a2a2fd8b7b0698cd69254703a87c1929496
a710383753792c77cc71dda4ceecf51d96434945de5cb5c77a9a93d8f5414df2
a711d7b79a8fd9c865bbbf80d68757ce22940aeaf6a25e23d2b72912b66bc6fe
a76cdee4b1e952384e6586cc44efb09753e6b844fffd3a33cd5a383e017e13c6
a8183e57e294d3e44c15f0adad1c174bef5245336b738d88c40494024b2d4b01
a8c94f25db90da8590737467a47372021362005a883bfe6be42fe8c1faa1402e
a9576e6d709922d1cda4fc14745b60f8139e64e01d99ce3f9a7be30d1ebcb1f4
a9878e30b32410bf62c411baeab317abdd9e900ea5ffb00f74e6255c96d00963
a9e032adc9f081d06d5a1f99c5473687ddcb334bda48d2e1a83327fd632e2bf0
aa0c4796c7b849451d62ae66abbfc40f809a45a51803c0cd84390c6f9022e7ac
aa176fd9a8f013fafd35983e18a58ae908d55b6cd54543a142248e98aeebe815
ab0d9c10ff715599458dd2257ec65f0c790547f7fb4c5307f0031f24c0443338
ab25b61bdf1d7d2aa772062556d0ae5b513bea73a5fdba850f6aa38e393c9ab9
ac445caf5fec4af3ee1a5ffa4ea2fc5fe218563b14b3911507c927fd279eff9e
ac6e137d1b26b49686f17dbb683918cdedc66cfa2fd6cef781492382294017cc
ac864cd152ced132eddf28b6698e41072b9e1cd3d102c23cadf0e90a278293a3
ad978cdae7e3fd471f47c2271eb55776bdde5a4cf2ba6b9e838f223b5cf4308e
ae31616cffaf25a8e24f2fecb559ebde74edeff8ee735406476a88329669b86e
ae947a6c136371da8c219b9084776127aacdd6b2f43f983633bd6a8c230ac2b7
afc7128f6d8c551b3c20641d38a3a3b7ebe3249b343aef810e436bddf0ce0c15
afe9f8e4b7835b2341adefc2943bb311242451051f16c72d79b7a8b67988e43b
b01fad54ecfd23f80fcb070f89c13659af62e557cc7c90c50362b67b7916a38d
b078668aad2843738f13830af0162df240b9b685d0cc43d229b77bab2fef7e30
b3ef90d24391dfb2f8419df1c4a31dd9743ffd069905abe3f4e31d9cf0974360
b457584ce6ff144578132024e80e833cac870ed717230ffdcd70c1f426c29090
b520e4bcb6f006082b22dac481fac39adb772fee28b170d6cdf22b47b240cbc7
b7eec8cc2f8b28a3e6f04a4cc6c8ce03ab427f12494f76db755871a147e7b70f
bb74bc51247eb8304b13b5e31933a392b64d1db2387566a37d9d84852457793e
be48f060cbd4513f31d185c986918661619a917cef54b3597b7329e30cd1ce83
beff610548b20b1e007f298bfa47a3c91185cbb1886f1cdeb4f0c8ec332a5a3b
c040d13f37ea5e29da2cf5e89f247021f5a8eac352cceef450ea655344614340
c1084aa9ce0870432b9b53e4cf049306fdf4dc5eba473db13938e2d0a3ce2059
c1cd4df8fa99ee7806bb4348ce06c8ab753d8ee6763a719311fec4b644b4e446
c2524c5b4a7abeab72d2a28d52021be85617a352025a2d853414955843d5c8b5
c2922b54ad86671faad7a90bb75109fa5b8fc2910a6f178a2c42bbebe7d57156
c4e44829b726c321c426e7003be1ae4e95027a72790136aac1658804a09f605d
c4f4e40a895812058c52b7ba3c0b08d8c914b94aaad1c49042766796a5f41831
c910c66e9847b521d32ba97e03b137d78d2a0809c5f76c5098a187b1534596b5
c925d0c62d105a1594147ac8801ecaef39a892cfba43c68a49aa5df3d6074c5d
cb56967953a21f9ac618fef62551561a0e04eb9c5dcaa5e7890afd85dd1eb4e8
cd0922cee1c90c638bc69866f8f8264c94d5797514517ab81cdcb59a89cec665
ce7acbd88c9b1ca816c73c74ce354bc100f591a8cf6eb42eeeadf66dda402642
cee9791f53189259bbdc5ecbe267c2264d674873e0f165741bd02c4021ecc396
d03973313121edc09403c24183eaf627470bcc2b76e3054327b67ae9e8f0e9ff
d0732449ce11a185d586522bb2f26848b85f047e814e9882b529eb26183e7d3a
d09ce1f9785ee17700d0350e0dfc70b9cd0756cf64908db339e391f0339acfec
d1376af9faf592a054ff2ec1aa614842da1789d3b988c60c30c58c924e82ac02
d237fb6a176313bf4765f5b979c35dd1afea52deef91d7ed200ec74852cb1c6e
d3dc9e4ed43b356f8d6d1ed93f21b47dacf377395a7b662bc520075077661371
d4d7da33cb238f7c3dbd53fa882e27e0a4123f19025e272b8cc7673a31bc99ee
d5532ccbefaefcd2dd8d9e239d9b55bd6cd30863d27473be7d6782d0dce8d7ca
d559b3fb46b5b173bb2f3203e10fb2d7da32dbd327fe344b34d80fb2ebe00773
d6f0cbb8c86f01a7b936e17107dd8c5b13838107d8be3f5195cf54ef27f1ec30
d8702a293e23f3aad504231d9fe4508c7a669ad7438dcbfe6bfa77b6cdf041cc
d8797cf8a11373c15132fe0c71ef1294642d482f708410153a5fb14967c2a11d
d9902a158d8310a4dcd77f3bb585a1d05da6180ebc231f12aff199d8b5fdcd56
db9dd4222434ae73e3cd6b69710d70cd60417cc764be81d88a42208c5c5598cb
dd4ed076efb77d40bb2fe053860ac7b7c1c486220e4d5a36439bf0ba92293902
de3d9dca19b6eef49ea8b4542dc86e58f96a34332fb7828abbeb3738eb559d31
dec629fcee6210e9f6e5b2cf067e3c493aef44bbec71b7d3e156e770b894c48d
df48d01fa5724fbfc1c98d551a31db30c148f2547dfd81094c53ab1228b1d8b2
e1241a441dfaf0b84ab6017e6211355298ce676575c9808fe614a51e17adeec5
e37cc7cb3c62e109a885ee63c1ae560cb187cf383e3ffd67339bd155a5db3137
e465d81106d8f776e0e412fb72eb38895b53f821dee61ed25e69dd429c3b5ac0
e48ec3dd1732301a1f576c59699b5fd23cb34206e44f2e9de226252eafc5e476
e68828d898f8c5a534b6b57432bb787616b59ee36c44da9bd19d8f6e6db0fe4e
e6f6b02b4ffeb19bed2e86cba2b66ac2292ea00a5db8c1ddb64f430f96d3fc54
e769761549985d318b2c48219523b82de5dd9fc01160611d2fcd796ff8efec8f
e78ed12382dad9cb3b226e5508c1b9a0bb3b3ccb39adca4563d6941e358ecc24
e809ea3be40cda445fd591d3613c4db5e8be0133e6d14518795eaebcef5b767c
e8c2ff8c247f296bf4ab69fcf35132a299a46db1f1eb8a8b7270b76e8281c01a
e958bee53a1071500d6d7359f548b28c376acb6917ee4a88359f8a5730a4ce7c
ea1ae76f00243cc86bb37c4b2cf0148a4d2a233007cb4940f285251024abf4bf
ea96150b3aae6425abeceeb612ce1e412e80ac67abbddf57394cbcc70a8cf101
eb397a1f61b0d758d99126cf89246699092a3425d7341a9d2563bf29e7cb0d80
ec9d40b1d0f5e553f224d452dafa948b2fcec48a8a2e73ba86666795f0abd131
ed51025530d536f2ebc28ca989f3080ca19e508dfdf9c3f29a622c270a19d035
ee4ea763555ceac21e7dd7ce73a87da547f47795001e68a44bc33180f06f8013
ef250afecc703cb32b03c669b1bd8e419e7cfbbd0053e19f2763ce573119cf40
f3f7107cdf44c274a08904326c09ef00239a0c5b0918b7dfc42e96692552e833
f42c7ee9df94fb66999cbdd5c8585010ee4a7b549f88c17caab55d8ee7b1436f
f598adc5375a079c3186420de336ef8f2370e663c09d14698266aebef03302ba
f5a23ac71f14e96b62d46b28278bbfc56c88379de19eecb9002365934dfdbfad
f80ca9fa939a955fe77ff44c34f7d63b89da60be6dab157740186a61fd859a8a
f8f88d80d200630db07d09d3ab336888be42142a9dc2d10ee7dfc5b4fb212c3c
fbeb4044402e63e91f1621e3c457d16b7d11959f22e968176ae8e5add54b3a90
fc155b2cb9dc86c582b4aa317174306432a4d41c65f37f827db504a781b55ff5
fe2779b7b09460127869836454f03dd0e54e0fcbfa17b84eb48262e338e9867f
fe5c658d972f4289c79307768ef0c15a84ead7d0ed617b51fe090d248e712c1a
ff66c5315d6bd05db1bf8ef8e1a377d111a90626d06edabbf44bbc544aa6fb96

Scripts

06bcf9c8eabeb9f8aeb0201f86ee39bbbc33153d7935a3f2f4033ee8083ae379
0b88fc29106525d1258619312921dc632bb52c03551096b8e5a29eac39f4bc4f
10725595d3e3b08fe4fb7cc9c2967841c50257666c0a50ba442abdbd343a6f91
12dd1291a294e9224bc6385564b50e82ce56a2f836a461fc07afea3fb35777e9
15ac85da91030dcb1cf1a3440e2830f66ef67de335af11daa16b10cecfa9591b
18ed2be794eab8ba558f3494b47b445e65af15c94dd52de6f6f59034b2ce8738
2c137cf407a687742cf9335b8e5287d783aee0df1581d883bb1ed93ab36a24f9
395408a3dc9c3db2b5c200b8722a13a60898c861633b99e6e250186adffd1370
3df31ad99add1def136f2423399fc8dcc035fbf9fc1ac4d8d327d7bea4acbf05
606872b05ddf3893e3d96bb198021fdbc6e78dad33106c7a1754b6bd4de6232a
6f2efc19263a3f4b4f8ea8d9fd643260dce5bef599940dae02b4689862bbb362
a2584bff16599c8215b20c973ebf519ddd34cec9e99179b20f7c94fae7d17207
76457f18bbc52ef06ca8df4315db16deaf0ed7414471c741aec33de3ffc7265d
ca6b2d71f0060ab5c380b4fc0aa05758e0b97da2255b7acd72c2a1c0ef06de63
cff0c75c887519069b490a1df5ec4ba9e75a6c2e99cb1ae57ec60089408e29e8
d60f2a447080d56f40b27fef61e2353bda2d695d63006cf4a47b77994f7b987e

RAT

07e7e77a0913143582e21912d560fb980cc9b4179bfaeb1e8e4b4d293c03a368
362add17b841930fdc82ff7d46e87e64c2fe0f485eae490604c819a31e95a830
601a61dabb82d61bd2f6ea720a1f6d7ac07844ff7d294d46d1ffc7a833ee72ed
75ad3dfa482b08cc98c2027fb858282c6080c54bdec4a59b7677925f7fd7f368
7cd5ad44bc40bc4b7dd151097679712ec8f92e7fb99a0bab41e96a31f7346475
7d343186306bb40792048e875b6a722dce3a2111c7d55f81389a9359222926e3
7d58128ab90266c020867093e155ba96d6dd804f7c5887409b582a475a02dcc4
841c9582360f71c95baf1b77b5cb373add88e38d822b5e8e008def57118e318f
997e503035119819ebe498a26f6bcc54cd429fe82c552199016643ee0abf6462
99c4b48eb7d5535e49ea5c287876c14ce0fa5a9e2e1b660b933b16d4305cb0bf
9e29e488482acea69ba409966493d3e014ac312ce905cbd628c5e1036ce1ebe4
9f4f133db9070427b115ce6bbedb26583685fad2896120675d18ff50899a7919
aa5f3773dde334bcfa1b2eee2b4744911f716e2a71f9c2ca266d193e564a267b
b95818468eb5c611f57b596e79944bdd89da628dc5db69265f3208a64fb40e5e
bbbe4d754069bfe0856d36a89f28e50f49834b92c4300bc7882b69266a53fb0d
bc65db6a5c329c99e46d1855972f73669bd9684dbc24e002ed739651a80b2958
cf035bc0712e85ece6a16620701c3f1e25b4ccb38825e927d06c6d48e95b49ec
d82a741758d3a9345993850ae86689a1894860e8f9873758bbd5f82799c2d82f
ddff62c4136331493a8af3c3beca0be91ecc8aa8b80658f10a26e44e37bc3ef1
e1d9f043db7b135397ab3bfea8bafe538607f62ac5e595ca587d56e95175bffd
fd03d7fdcb00ee2d897ffffdfc6d1ca90cf03d38f26dd586cc7d22f0f65d97c6
febb693e4934b968868b2588b3a5a3d2c2afd0040f1857c00d8a625bb6c4d869

Miner

0259c9a2138a3b02e8e2ebed2c02b691b14dc9e162c47b722e2c00fb3b8f677c
039f83e7f88d6191ab0cda1012c969802708fcd7ba3c0bf53ac1e9596c18cdfc
04d0c393856a98a14ce9dd7ab8bf0e59edb450a95b27ce632febb7e8c2ee5334
04e7e84376997dd12536305646dbce28fd4f6c7ccc6ddebf413ef02e98b373d6
0a39c9a5809da37a69d30063ab266dd6fac3172fdd4c3fb42f95e102bb4cb88d
0bb11e8ba20ed0a54cb28e60bbc54a319f7845ea4d93cc42f0224559925ec8b3
12f57084fb102e26e0ace749bddbbc5f7dd9deeb88aed408655c906955bc5f84
13c043cdcf0e04297ec63d8cb79d6c0baf3e7b0dc0b28b140303e99518d6561a
13da533a99c97a7d63301333e246300fcc0275c53ae90a4b1db66d70e41d390d
163fd711582b50e9772aebc73a3ef28414ab0642eb83e0b9001307e78049d068
197b8fead9fe6690914b8f84672b5d35502f494b9e697eb9cfe90aa5e3c29c89
1cc9850ea5cb237fdd2ba7c544a9619e95d67a571abe1c973874348ddc46a702
1d1e1384e5dd1f4ee509e4bfebba72e0ef7cd99ab60659efa95b4d3050c42c01
20a19d8bd093c4cbed6bfd4b36accb46442c18bf102d4c3368a632bde9de79b8
20da8fe7d3ce9ab71ce68adaab1511617fdc1ab738ff683e2e3d3c498bceb3c3
2387e137ebdde1ef6433daba69f34b015f4a4d4f510da3c1c5a17b92d298c533
24c694cba5fc70592361eaca822307585585eb0478abcb07241ec641584ac425
25021a2a0d94c30a2878a2a15fd82a599e298c22283ee2d4039f2eb72570912c
267292664f7404b229cfd241fa7e2bac844fa088d31176ed47b70cea62af55ce
2672b17b3be94ebd44f6def876e89af3f2d7d5f80a8bebcc0e390d6a3c13585a
29cd8d667e5f7aa680b64bf3beb57f2614cdca72f40a8e39e3a36ac21e0350a6
2a0f2c1507a5d31822b2c720b899c3d3b02722304c0d16e08b57c221ae98fec6
2b2f938a58dcf45dfff64289c11da005af2a11ff404b3d12e06c6153126771fe
2cc6eb5c474e4e0eb8570599a1f7fa27592c5b7e6d518e3089c128baeda103ad
2ee1eb88559caf3b4416bc8243e862b0913418bd09027697674cb9685c213976
30920409b91ca55a9afb924047056154b2e153efbeb5e6d664a978ef1e4ec413
30fa6c229662acd4b44d07fc0a0483db65cafa9d4f1bb9edc8618dbf3eccf089
3384149b269996e6d1c28c298993ffbb9e5442833a3dd0ba3a18e583c11ba7cd
346ed6e003a08356d3b1af12f62ef07a27600ac7ebb48745fbe88ee97eb80b5e
36231056cc7613302a749cca2a4b4cd7e3b1b6f35a0aef31861ac48a2b508390
363d513036958865961198ae7517c3ae2d497d8115cad7a91d2dc287606ff93d
3657e02874bf34d53239c9c13d714601a1f4565359be0e3a657679d5e0eaead2
3717c1f811bbfd6bf402c877e445051a749c0bd7ecc65a589db75bf74d4220fa
397c1ee1e75e49020be8ef9107bf74a7bda15fd98fbb568f11b7eddb59306039
3a0873f84c6f2d44fe84c6f019fb5907ba3a46a522d0ca2eb27210084ee0e1f6
3a100b52be5177a890f9e946b6216f15bed6faa5b271c6afb9797d1494ef3a57
3ae9886c70cc8677d1776b78a21e4f10616064b702c902b25fde48e6b2fbede5
3eabec52d002e058cdd19c75de7b12c805969c806bee0e6f3d0f2c58e7af96c2
3ff0b624cc0ad8e927cab2f4271e4dfb9f5b3731a7c2cb3d17510029f89fd7f2
41428c16e247f552f792b65bf44a6f1e8f5848ad2ef820c181ada51714265038
4373deb2ec7b1e9224b1df7aed47dfbfa0e412bd928bb134631e3f4de77a14fe
4718c7f551a6e99f3e98a1a6ab71e3c1adaef245c52d2aa2eaafa752803ae757
4a9b799182456cb38ef77138866d5548c9c3168f2fb9076ebb684d6587647168
4bdcdd2cba5f5a9400b5774bb16eb2c1030588421c54ecad63e439ca4b510f55
4e25074f974f918f32e0983508cd38724fdf44173929bde96073f089f1791169
4e8faaf20e9ade18a40cb9f252278bbf0c12f0ac18011e7055504ae403d0facd
4ef99f675aeb6e6b96361b9c4c7dda58639a5d088056b3d2d9a965caae905f4c
5030cb070bbded3aac6eee617951af291e10ec86de0da8775b8c577dda25cc0d
540f94079171f895711429afd1ddc53ba62a880bcf7a7a893e057a52fde1dfbd
5452fc4d4f4ca48fd1711c4c6f76990608b0308fa96d38abf5988072e3fd768f
59291a84406f7d2d7309506aa1a30f2512ee34aa23cb823f760fd93c90e7e876
5955f0441e3b414fe1f1b055693cfb7569d944ad357459b9e269409f8f8e1807
5a2ebfdaf3f3ef314b9a17f496641406b05d69d4c670634c8161fde32f9dfd31
5c7b58174db92b113c01bf3753977f3b57f0e5283a6d28e375db49c7890d5c13
612c0b40e04db7954c6fa5de1dc53ac8096f18a8f78f906df7fdb02e76c5f258
6313d35f7a7fa4d68c71eff2eb4f146cae29e6c88f1b38d7e71064eefdcfce57
63b27e99156449bd6b607992f8007a3098228502a3d202051aedf980a4675b1d
64780900abd97a8ffd03c980df67a30156de7bd5de942d1ce7d3928187ec62be
67443b15c2fef9834c49d2d76f03a61e26ac9a90a981e153d4208669c915a154
67ce1e552b53a57d27376659dff39eec5b1dac7e5057ac2bebe9d6e71ebd48cf
693c0d2548d7034924a6a0e30ca5c1d05f4a331389e7b90ebd788d51cd1f34f5
6a10bc9d497dc7a1515350382943b9b13552284080fb340a6e9ace3051f4d19f
6a51c03cdf6b4e5a2a5aa376a951e6e6ba091f644740917a9212d84e30529870
6acdf49d4f02b1ac63749792561cdff7ea890c4e7f1b35d0f9793e9759108277
6c6bdb8634ef93b42d5d963e0ab1fe717d9933f020f0ea87a84e962b1df3de2f
6ca85f0e38d65344c314413eea9e7357f0bfee162b3c70cab7079bdb7b195e12
743082801f07e2d7fc6d6a4d868321c4a298518c1cf18541f0944a68de187c78
763ce539bf99449f94a6e4e1c1e715852327688531d64261d429cc8560157be4
773d43156127f51e62fe637670941230edd1bc575874abd6e7f983188672c86b
79e7987ba0db387b8f76f1ea1967b0f645bcc304cf19df6ee33925f310fc35d8
7a64445bb7ccf5bc05b4137152ff13a4fa6b7b57d3d2204d69124829c58f3e23
7ad5adc36ac0ad9f41cdfa63921392b011acf9cee88809aceebea8329a2add8f
7bd66c660aee93ab0c21201520716bf04b5ea7982052ad20ad0669b3d2c2a960
7db958a2830c1c51f35c93d45b166365a231a1e82401f32e20b4086b77883e74
81fee9c033ffad6741d0cef3a8a261fd5b38a35411cd21bdc648bb8df6de7683
84858a853ea440f59c2ff8b9e9817d13aa80e79adcc5c485e3433369dd84367e
85fab29e88fb9ef6127aab421e9ab7b23dacbf827ea6dbc0981e39f713f6cd2f
8b268d577b4f339329aff53552c88a57e0b0b6b3f552e12383a3f53cc538a9c0
8c077731edbe878819c1b77f4e9d90e7506792eb8fd0f44cc34167d947d770c7
8cb4a580c4fca8c4a4109313881a7976ed06617c5a1bbfcf76cd8236f4f7aa30
917c7785a06d9d11e50eb9a351d28fb807c4db7eed85cfa2b0d4e9b5cc1cb91d
923897da554be735d673eb0d8f3f0c2ca33758a5967a50f01a57146c056ef51a
92fd75355599f3f79e47c9d26719597ce52c46983f305e03795c4232400e00f5
934c1c5ec0a16bbdda3b79dc1b593c900fdfbc300883ea8cb6eb530395f11460
975351d986c06e37ef6bad4d3d61319a4326d783d5eae3beb5e3435833572164
98ee696012e6b90ea680614d2a6986323fb0e1da6a2aa4ec41867ae346c30914
996238aa8028d0ab695d6c1178e087b4758998177836d3153a6fee12a14fdb2c
9a475a3bdde125d77abaf63afd58f726661fe257d26a7e55d12a2bc272332ec2
9a8c69d77a15ccf95f541ddb6d667059d3e0f6ffc9d0778c3a9e286926461e64
9bab3432b648c568b251584cbe90ff7301334c3815081915173eea938a66fe5a
a00349384667b1f5b5654f940dfcb32d0a73f29283262d04c380a4515c7fab27
a08eba952a17bfe9a5e2151e30e741bbb3c98adcb0313f0c45914b45352b41bf
a22039f0ec7ab5549b52b48ba187242081475fbf9ce1537a3c1ca874181436c2
a41ffadf398232995b3d91ea98991f4b676759a068c45e182187a98677a57ece
a7a93acac1b0dd09f6261aa0eddefa9e530b0d5926f2023c868166635b1c9e79
b1eba3848e95f6722b5dc71fc98eb6da318b5be4119189f6f90d8c742bb0d3f2
b2312239134694b01342e692da931dc4c3f593eb4eb8ca2bd0625cafd93bb978
b2c3406d3b6e4776bde7c99ba3341551c1a25f3a684d5bac76ec5e58b9f40379
b33d9c6b74d54c13172caeb2a75d5e8d37b2e8c4f35eea81996a0ec945429d74
b62f92c30e67e068100031bddeb7df00d19d719cbffa545015a7593b28e995ec
b743765f551d984d4fb83f545df466c54475dbc494781ecc0f67f1502a781938
ba23819247d37dee1120941c0c4e59d9398c602c1b217e7e8c82f46d372e458d
ba4dac0221140f8eae91503afbefcdbcba1f4c078695c128ca29064d4f09f951
bba50f78b059beae0335b03b9c43b0259863dd4c782e06bec6518cce72dd5a24
bbac3e209ef0016e9e6b0c9bb110ea8eac46ab261fda31e996a09124fedb25e5
bcea5cf3cb4509e93dbb1138348b95dbde38e4f2fbcc20ee24799871d3dc009b
c099d9e1d7e0881536170ede0defc3f1091c32f3387a300a6e257e8f9f6cced5
c0e447442dc21edeab790cfd09c7e1a0ce34f7599fe06740cf4e331137975127
c136ac23444861e774f13c9820a17adf2e909458f98a9fa61e9ae345d3d5f3ae
c1d3c14017f53ec93387ea89b26fd5d1d61c57ba95de9b327f74b3976a798c71
c7b45851d0edef348be3f858b9d04733264378b3c57ad9f2dbd6c789eaca8af4
c9fa6619ea959ca652ac18bd9e22c9efbe17102602dd2a8d00b2421c82e707b3
d14cc5fd27881c959b5f4bc3d209cfb03019fa6d661bf437285e2b9b91b2840b
d76ba5bfab7a3a0ccdc64055ff123bee2bd17637bea77b6ecf5561d065f52ffb
dbc5bc34918500aa96332f20808357743a461244f753bbc0aaf89ad644278345
dcdcda68a32d7b485f6a32b8413dab8b55cb8df6ee6cb08aed05922a7896f2c9
dd26af04f7784822d7411f2082d2743cd71c8e7b35394732f3ffa33af4d36069
de7463917a5e115b50a8ea56ea1182fdd07e7c2a22b5a4d06b278176d60d4da7
e13291fee4df454250f02f8c6d57624ed973fa14038aab1e38c64e4f8e7ca445
e2051b89dc237e8bbeb86c417f97abcfdd2f0c9dc9a5c3d6c28484d49503242e
e45380b895777e4591cd27c1480e0c82de8607f27847886c966b0fbb57bfc10f
e4f90ff09655525f62f08a676cd551d0157663477354cfdd4058dfef81ffed5f
e572189dd54eae176c3e0766542be48aa54cd600f6fc54d0457855fde5429e27
e78d14446baefc898d16b3c2669741b1e7635e9bea1a17c53f7a53f9e9890fed
e792669e66e701c08233f73c25959b39f3ffeb452e0fff1dba856f83649a530f
e8d4b29a9a3de648e6b943999da70d18f35248a025da42508463e2d3328e58e5
ec9b0bb58d6956ed5f838aa427a48ba88888c492344bed01635637529b2dedaa
f0bd9ae386f2f53f33a4fc43cbd94ad89a5a6d400104aade04595de10d3d2169
f0d28e799998a0b011bff0087d83906e94a338ff12995f33bb036e781139e4ff
f14dccbc43733babc7a2828e074213b53f8003ee2800eac4db456775f4a4f92d
f1c1de4a3534cbadc2a3b9d0c40afa711ffffff4bc7f6fa8db7bb32f84ac6487
f2caa2d0bb73e2aa1fe9a7fa3dca3b2a413faeaa2a70530c20bdbcf98494dfd1
f2d5a74c8f5c6937ea7cded3fc7f2406e807f5d622f79ad923c0a0beecf74e3d
f5c43565e5a89c15a7d8a92160653b17c52cc8c91cbeca08a1747795eb5f395a
f7686fb9daa07e9f14eff3d3b803ce16fa2c16bb8d2e8e0bc51af5b6b3e0188a
f7b3eb1faf2bf2dd9b66ad45cd20adb04d3e75a3d6c28e9095b1ecb42f571570
f84d82b8f85865f1e62023979afaa1e87c3a9664a7d1a32fe54c6bb95045fe56
faf68526a3497a00f114841d4326bea6c4a5291ad2c862ec6165b54d1761713b
fce9242e38aead8835056e2a70a8d1b409dd8257eb05c9acff99c82d634c6fe3
fe11b61d96e1d1a763ddb87da2b1a1c75e6add454cd51655b2d1c2ac6e566510
feffec832bb73142d5be90526516a64738c284bf0b51f148632aadcccefa83f6

Ransomware

f0d462d26e81c8c722201b0571786674ecd2d84356cd5a85f42a0a6ada2aa1b6

Other

0137295f7a0e13bbc6afa77ce691a975c3040b470f6f7d107b148a2776e53b4b
017ba41f0b389da113620b55d019b9163cfbc113e4c489d1dca4b3abf5df3af3
040e39b722d54dba6067ad75a0ce82b24d73608589110baa99039e77d1355593
0537c7e0c143a2026ef39d548e8b01131138bd5c0bf9463ac7e5de5d03a22f91
0700281d7cf08b94477f0309b588e17f06413441b1f14f3bc525bcbb51ddb86d
0ca27d9488a1243cc1d3b64c5ef8835d206cf9278ccc74e26bcdd3f2522211ad
0ca27d9488a1243cc1d3b64c5ef8835d206cf9278ccc74e26bcdd3f2522211ad
0fcc8e861b658d36e3196e547336dca45358264155765d270ed176f08197f89e
104ecbedf85b5cd68321543b45a760d49bf22bec1201790618dc752eb0bc7392
18a3cfd94c5771e7e0e90e0855113f976f67916e16123ff91fe2bdb3ac557e2f
19eb823df5290954fffb042fbbb22c1bc2f39c0f5cfb4fa3d91c4379129d6ae3
20da4ef07c0ca7034059e91be4fc959e2482e49d35bcc3c5d8cc2c6eb8ff3872
2308fe1f76556f13a1b86ef5753d87ad003811182ea71fa8d7671b00acab3fe2
23767b596588065c92b2715d67826ab1a77de030c6cf2cd32d0be1c346ec4dea
25ebf580c5d0526ba8ab474d1f737daa194837181527ea1d3ab4bf3c367973e5
25f437a4ad4f3a9a7107c5c7deecd1b4818460081f87bd5ecb8012049d3b921e
282a7c371eb85f05b19dd6d3321b6cbd1a3379b59bd13586ff0772b0b5c23f13
2b5008cbc15c9f8dc181e810e8cc97383ee022aee051323e7998af006c5800f2
2fa94d9be6a64af6be1b8f91ceda086b009b17b10738e0061747f5763929cbe3
306f3b0272edc1b5d61d9ccc89e56df057b6be405fad257e391da2c475793450
3183c107a901c9a1b4b6b2e02fc6bc32a68a5119c1d3a79cbd58b9f3f9d83ac3
31a43f11f6db69e470e8f655fce48f104028a8be7cac3284a91e9438fa6f37ab
34843eeedb893d52f3ab3c7c6c8178428bf2216b0501661988c1c0afbb18ac97
356b27fc3eb01320ad5fbcfbce6c8d4f0cf4ad0818f9420c8e5143972c2fd116
35bb5d7b48509deef31f52e3f02e136db5a63049184f7c03e0f9e11c1e2959fc
374b366c066b8af8811c81e468236c88a2be5a3993fb52a1430834db41a99513
39ba0b6ea7e0f1a74daa34808a73379dd52629e681b7ab7dde2eb08b97274a35
3ba2e031c578053524f73dfe6d9b8564488190f87d4d00a440ee3b8355b32380
3f01d57868cde950ab7a9e44b96b62de7dba60ab5a91da271ed14b93337125df
3f090a1647f5c551c723049655de8bddafe377f06041ba26092ac91084f12d80
402fb75265ec6aca9a59df5926663a9fc95c196ea2365d4df5a01cfcad899398
403145f82c8321a7c10fab5f5316407629b9d79dd2b5ed5885ad2211fd232b3e
406dced7558f43819c1d9c3308b522f04a284cfefb7f6c52a723e39fd189ffc3
40e56dcbf41123c408fb50473698e68cf63db81a9a507aa664695ba430eee1c3
424cd059cca3f9723ef0d7335dd8c8779b2223c2e48ddf835541a17b88c2a2ab
446b2a6f4b9c65f66b5ed66fd15c27383b92dc74eb8b9b1fe847b2b15ca73c98
4561bc7857fd5f409c1061eeeace3928274537e9823ec5f06e9986217fa7c431
4668bddb4dc6a17e1e5903fdaad7c4cb61a43d4ee5c7b4c0ad4be44b81ba99fd
4b7d28d6049eaec2c6d8d9be9fcc89a2dca0bc8e5c1d4ad668a4887d80258a4f
4ccef5a4a55d9c1a85aa11074a6c28deef2b4a1ab65eba1c9b804707e84f675e
4da48bed69ee5ebd8376d488cfab33a683cc02eab914f3c2faa3b6460cf7c65c
4dd6009b00e8bbe74f2d8e4835c66d31977c77db270911e7303d2072dd439930
52f1d923029ca9fa313c2fdf668f11e9e8e174cfbd9bcd31875088ffb7e2cea1
5440fe58c317f457984dd63bfed1c856937da4ef0b47e613a2e9e996b1faaad8
548690765c5a9e1399e17c67498f9abc1a2d83ac05228da2608d64cfb1a78c34
58a06d85fb7e76cdf369a1cef81aa9d9f0b14f59969981dc282b523d734752c1
59c4c6a64afe5ddfc3a01126cc13d8f5b9c49bb1cd8aaea39e68e59d084d4d6c
5a7dad5547cdc0c10bb8ce12973e90fc8588bcef929573ac659ac418fabb273f
5ba79c89ff7826f9231a90c16d8f379ffd4d5c9258ea6ac8bb87e67abcedba2d
5c79247469a66ade7107ae34d9cf97dc45a87e90b33fd1847b3588bcb5f46740
638ca1c87b51c14f578ab99890a02bdf845fff2c46a7cc07d3ba9116d7e82611
6489db8b735cd228061c8685b0d76f1b8bafce1b1de68b6dd49e8b2af2a0c8d3
675cd571b9368b5add676aba6072411f06e8370e3825e126918479c454bf868b
67dc2b39546bc8a296485377239b0cf6d3d140094c66c0fdc4e5ad5fcb64ce27
6bb662a1041b3c71095e51f6fcf477e7156e4bb6c1e21e9b0b89fae8f46b195d
6c3fe66b10dad5e952924426f07ff8a5b3677131609235f34a1ccfcc65fb494b
6c557ceeb23ca5c619789a1add805f8bf1dd212179abb720e6b9520277e9e370
6eb039013ba3814e12ea9ff69511ece9b11b79c31a2d8a88135a7a516b21432c
727e19b8752f465f8650918ee5054a09d6e8165ef55353ddbedaa1fec2c3a91f
770b470f0e610c34f2107eae9da52885451df9eac2052292a54f478970714faf
79153a07a3ef16514b33df72bf285160bbc9f6d85fad838ed95ee02b2a206f08
7a92be34fbf59ea3ebac78dd3db006ace5aa425705b2517816c617f2d67e4798
7adce716de79e1117bd358c7e1cc74f0ecac8d7801703f45440ab797d7b6ae83
7b3012f0e375e1ef3698f4a1d6c3045ff4b6571752314a406c3c776c16cf16bd
7b836823b2791585a2dff04bd4f12b1f80814e9ec41ad06cde7e07cd95db3c68
7f20f9a5e222af3505f1f543e18671eadf26a4034296f2096a648217738e6f70
801353c2aba115c8968e6298029c9d258ed9a1d4ef7f1337148aee1a4fe964e8
80a208c755442f6efb093d18a445986966c78a30d6de83b8e39e2be2437692dd
80e63ce879171118e29b43e50a1427d992f65f0b5261623108660439a17032ce
828c7d06df7500f894fe90a13aab1507f165be6f4b7358cab18406e205031cad
853c5a7f6306612b5d45b61e058ad4cebfa45cbfa03ae179691392681478954d
856e56e0daddba8f49328e770be4a3030cad0a76528e9315b6f4384d3491ca82
86dccfa7f0fe49f9543aef32c7230b0b6a8485bba0f7e8ab5daed03ec5ba3220
8c5cc3994d53355d3bb4cd6254eb27850039dc22a1e635e015d31e47f6024077
90a90a802f112860ff4ebda5891518ab87ca27d86b2092f246574e5bf5940907
90d99c4fe7f81533fb02cf0f1ff296cc1b2d88ea5c4c8567142bb455f435ee5b
926b3e9e896b276129a1b1776c76bcc9e375ed9bbf64fb243fc8733484da85ea
9566bf83714e92605b02582a7b76c0de779347776fcb3ad04d9739c979990377
96d0627778557a700bee8602feaefda4f1060ccff01f21b5e42deabf7b8348d1
97df0b0742c86700da189a09727670eeb2fd99ec6675d055b84130a1724962da
9808ba1cb36324f7810c70d37289564e39ffda8eb724a1a402d9d70d7926c507
984ab25d624089df44436608f1248f5afc7809968e0a873447c84ca82c5ece9c
9d9b2062e5089eca0a97df4fb5ad59c1b613c8d81813974e6d498ac2d0769f2c
9fe8de052af5dd1f5992c4a662d10f665565826bf42bc5332f294ed818adf2e9
a08c77a8edae6aeb20efa5b628b6d285769fd638efe8f91d8c8a8f32ba5302f2
a4a49f26d812c8b893e694f5875b57f1d6dc81f87b648c06dc9559039844906c
a51d8f194a3bfa57a54c2a0fb5a025c140b6b7ba8f82c2f12bebee56459156d9
a56a982a4309a0fa6b49b6667c5a8fea4f289f4cdcec5408d8ab3229d0f3676c
a8bc77ef6ac7f061fd5e97dc42bd8813a407a024ed39e1b248b0b3bad26f163c
aadb4b9b439abd1f187cdfa1267da24d6d62ca717b862f2e1e22a017f2f18f03
ac1f0c683b9a362e78f19deccf7be97a59dc4bdf4e0b38239b9bd5aa65b3aba3
ae9eefb23146e284231c1c6fa8c238ee727544a08dc6fe89c327088883875823
aeb0653a1cfb8dbac243a24ad3cde49988bc4e91b0d4c702434e8891550835ee
b19b672d90fc6b5ee2c376cfdbe2dd88244947bde9431a59f2c5f9e582e32d69
b362f5becd8f51a50c5d046c1a526d0219b7515184e5915cccd7fd12f262bb5b
b37498785b28b74c8382ad6844ba225a07a51cf0d86a29337e33791a799a2f16
b41700b4ea74bccb13ce1e012b7ff5da75912ab4740d0c12ccf8fa1dd0178779
b51648585e0a8a080704d5127705c2a892b3e9bcafeb81a2cdb3d19e94e949fd
b53c4f24671b6c443b258059cb6a967c9faec37fc3c4608c7c73916e3e730eb8
bd23d1c4ffa6933eb033679a1e80f06e533cf135bdfbf3a07a7cc4ee2cc1936c
c03221159312c258039b582c86da75d2a7886f9ed6c50f89b0a77c978ff8d2f6
c5f501390cb200b8c83dc54c802899588ef5cabd4fe5bc214b7141e55df6ded7
c7fd47eb3d68bbc4ed276a243749adbcad44673771e76ff330c26569a0f9ffe8
caed637e6fff01b4e6ac2902aedddf8a4892d78d34100e719831975883213006
cbf2b90b23292c8be834533a76e30a723ab4505f445526fcd9314b9fff0b12c1
cc1d36842e989c1cae247135b678baaac00733c05a6a96140ea8021b25cee610
ce349aa87e11fa344693631f2bfdcfe71bf849edd53b2d108bb1a4f95fcc9a1a
cee9e0ff7d09a779bfeece7690c59e70df7b9a30f42cc4f51ec3926ca860db4c
d12aeef005b6f850fe2a862fedafccb547ad9fb5f7b3211515f8f58ccc56e763
d268fb658b98e8a04c9824070c7038293f55f8932c6f8ba1d35616dcd75c5f87
d5f34df6fc0ae17db1bfe28f9f3d7780120605b1187d66e50225b46627c73603
d7993a2a0b0c2c446f0181d1d9ec16bd7d74379b70db0657fa5ca3e5798054d9
d998c59b820ca788d1340858f0f2a6273712807ae484037aa2f8bb710c926948
dd2c0086324f608f2339307ce1879c864bbb566832c73f727b40052d59a23f45
dd38683a38292f52939561a99e15526fe6242da8115a2425acb7d570951336a7
df4a836231bda4ed4bf4d7889d9bcfd2377983c165f95cdb7a70c1dcb566e44e
e02ffe184563d4038ba8c6f3dcc41e3851f55fc24d0ee049a0ee862921c2975e
e06ac82b81b6939a9e0d61309246ab987025c8ffeefc41954541ef1091fb9835
e0e4616816b0b687603b8ebb701fd264762c30cdb19d090a2bcc758f82db2758
e14adfff41d3507f72740df74adc8033bee96b2f33df143385ee0a24e5bbbc33
e2549beecf5a60bd1454cf25d28052800d8540f438b80e0b0437938acb382d7f
e3f787750d440e81b77d07ac6998c0801fa4b31663eeb946505f1417978ac3c5
ea2dd27e82392779300204ea96c84e900466280abfe5720e8ea8cc3745bcaf54
ea87687c219f0193e73adaa2c07c434ebe04b174461178d3a59e0514b6954d1f
ea8bf10a6c8f9e14c5b31eda8f5d7d31885db4fab920fe243d9ac6132974cd61
eacb028944a872cf5d583384051bb4013418c1288d763db72405dc76b2ffb92a
ec8fcdc6b1958cff27a30e700578a94c40b6b1e0f6f97a618cfe8a90059eb412
ec9c841e3424c5a779bf8c7e5ea44dac82c916d4cd677829036ae024097d61bc
f2dbe50bb12d940fb78a59bf895618ab22171f3096ef0913e5cd98835bcd72e6
f449daab9dfe9fa74c4bb47faa99a3dacc6eaeb57f2a85e11bb69e8677ac1f05
f535af2d7d6ac43caa97886b7d5c91048a06e6f04b12033712109c8635e3df4e
fa533c189c526536ce19874ca102579e82ad5340e0f24881777ce781639a5742
fc359fa5ee75da87cdb7d7fd4d9c8995fd53c9379b331d3947e3155153ff90d8
fd59bf3d43b578f4a7c69e56af4f2bbd502c658aa7995cd860b01cab154181bd
fe8a475b55e0b79d8b8c96d06b2b1a7ae1ff4161ff8bd9a565175e56364fe22c
ff061a6c192e45823c2f199ccce176afc9f83e65c644e4f8bbd74ff6649b4d72

Registry key payload

14c8f7010713a4049f4768ff2cc0e7b1e807d293c37b3f533fef910181deceaf
2aa29699b1aab3ec67bc492815419d99d79fe70a31eb80a9807119e1511af462
2e096197157b0efb432d1f72b8745464749b2716dc22019cdb1cf0374099094d
4544a7ab364605a7a5c9bbf20544560704e9137f09dc2ac1a457d208123b99c2
7488eae6bb27a394d7e2c013754419db86001b99f5f5d8ff3c7cee01f669571e
7a9a8544e262e0b1b3b3a6640e71422f9904e1342f6dd166bd80511929902fc2
89140ebd34526cc6b123fc59019da40e88e99d60d153df060540825d31742e75
b5d5ec3a4f0004a05baaaa1de6ed230a774baa8431093d7c160ae5e02d198591
d3c64b3921348137514904dc9bb43df450b12c814c722178177143c0ba8cebb0
d9104dcf9d530d58b5bf40de5d0e2f6b2b7712135215b6d7e9016ed3c643e62c
db0077b69ef592bebf14d024e701997ed1c3798bd569fd8184dc652f6a0adae0
e12790b44975b2bc3a1570e28553139ccd9756eca42cc90122fbf2d654b3d8bb
e3180121af943fb12ec2a66d162eb9b9d6d174e54d4115055ac95ea2b3518be3
f59696d113bb36d5448280093136d296f86e2e5060f03b494be2a831e285e58d
fe603ec5d190ab5688ca9e922e2c8808f639bd68e447725fd10f974744149626

Network indicators

Downloader urls

http://165[.]227[.]157[.]168/que.vbs
http://165[.]227[.]157[.]168/run.bat
http://165[.]227[.]157[.]168/winscrpt.bat
http://forummanazera[.]sk/GO/32.ps1
http://forummanazera[.]sk/GO/64.ps1
http://forummanazera[.]sk/GO/Cine.ps1
http://forummanazera[.]sk/GO/FL32.ps1
http://forummanazera[.]sk/GO/Filma.ps1
http://forummanazera[.]sk/GO/Gta.ps1
http://forummanazera[.]sk/GO/Mincr32.ps1
http://forummanazera[.]sk/GO/Passes.ps1
http://forummanazera[.]sk/GO/UP.ps1
http://forummanazera[.]sk/GO/Update.ps1
http://forummanazera[.]sk/PPP.ps1
http://forummanazera[.]sk/aktivator.ps1
http://forummanazera[.]sk/cms/Cache.ps1
http://forummanazera[.]sk/cms/DED.ps1
http://forummanazera[.]sk/cms/ERR.ps1
http://forummanazera[.]sk/cms/INSTALL.ps1
http://forummanazera[.]sk/cms/Off.ps1
http://forummanazera[.]sk/cms/Pass.ps1
http://forummanazera[.]sk/cms/data_script/Data/Dpool32.ps1
http://forummanazera[.]sk/cms/data_script/Data/Dpool64.ps1
http://forummanazera[.]sk/cms/data_script/Data/Fi32.ps1
http://forummanazera[.]sk/cms/data_script/Data/Fi64.ps1
http://forummanazera[.]sk/cms/data_script/Data/LA.ps1
http://forummanazera[.]sk/cms/data_script/Data/faq.ps1
http://forummanazera[.]sk/cms/data_script/Data/hes.ps1
http://forummanazera[.]sk/cms/data_script/Data/m.ps1
http://forummanazera[.]sk/cms/data_script/Data/ma.ps1
http://forummanazera[.]sk/cms/data_script/Data/mc.ps1
http://forummanazera[.]sk/cms/data_script/Data/pwsd.ps1
http://forummanazera[.]sk/cms/data_script/Data/xHESLA.ps1
http://forummanazera[.]sk/mafia.ps1
http://forummanazera[.]sk/mic.ps1
http://forummanazera[.]sk/nove.ps1
http://forummanazera[.]sk/pay.ps1
http://forummanazera[.]sk/pokemon.ps1
http://forummanazera[.]sk/test.ps1
http://forummanazera[.]sk/toaletak.ps1
http://forummanazera[.]sk/toaletak3.ps1
http://forummanazera[.]sk/toaletak4.ps1
http://forummanazera[.]sk/toaletak5.ps1
http://forummanazera[.]sk/totolast.ps1
http://forummanazera[.]sk/wallpaper.bmp
http://forummanazera[.]sk/xxs.ps1
http://forummanazera[.]sk/xxss.ps1
http://googleprovider[.]ru/que.vbs
http://googleprovider[.]ru/winscrpt.bat
http://limousine-service[.]cz/include/AAA.ps1
http://limousine-service[.]cz/include/CICKA.ps1
http://limousine-service[.]cz/include/Game.ps1
http://limousine-service[.]cz/include/III.ps1
http://limousine-service[.]cz/include/MMM.ps1
http://limousine-service[.]cz/include/film.ps1
http://limousine-service[.]cz/include/filmo2.ps1
http://limousine-service[.]cz/include/hrom.ps1
http://limousine-service[.]cz/include/hrom3.ps1
http://limousine-service[.]cz/include/jes.ps1
http://limousine-service[.]cz/include/super.ps1
http://limousine-service[.]cz/templates/winscrpt.bat
http://limousine-service[.]cz/tinymce/super.ps1
http://limousine-service[.]cz/tinymce/winscrpt.bat
http://ms[.]rousinov[.]cz/js/winscrpt.bat
http://msrousinov[.]cz/bam.oo
http://profiit[.]fiit[.]stuba[.]sk/problems/chucknorris.bat
http://reality[.]skarabeus[.]sk/admin/sub/css/GT.ps1
http://reality[.]skarabeus[.]sk/admin/sub/css/chujo.ps1
http://reality[.]skarabeus[.]sk/admin/sub/css/hls.ps1
http://reality[.]skarabeus[.]sk/admin/sub/css/jozo.ps1
http://reality[.]skarabeus[.]sk/admin/sub/css/pista.ps1
http://reality[.]skarabeus[.]sk/admin/sub/css/prj.ps1
http://vavave[.]xf[.]cz/Gete.ps1
http://vavave[.]xf[.]cz/H.ps1
http://vavave[.]xf[.]cz/HD.ps1
http://vavave[.]xf[.]cz/Hallowi.ps1
http://vavave[.]xf[.]cz/KAlia.ps1
http://vavave[.]xf[.]cz/KKali.ps1
http://vavave[.]xf[.]cz/KaLIU.ps1
http://vavave[.]xf[.]cz/Kali.ps1
http://vavave[.]xf[.]cz/Kuli.ps1
http://vavave[.]xf[.]cz/MSro.ps1
http://vavave[.]xf[.]cz/Minc.ps1
http://vavave[.]xf[.]cz/Sestra.ps1
http://vavave[.]xf[.]cz/VEN.ps1
http://vavave[.]xf[.]cz/VEN2.ps1
http://vavave[.]xf[.]cz/VENN.ps1
http://vavave[.]xf[.]cz/VENO.ps1
http://vavave[.]xf[.]cz/VENSOB.ps1
http://vavave[.]xf[.]cz/VENW.ps1
http://vavave[.]xf[.]cz/VENc.ps1
http://vavave[.]xf[.]cz/VENss.ps1
http://vavave[.]xf[.]cz/VENu.ps1
http://vavave[.]xf[.]cz/VNEM.ps1
http://vavave[.]xf[.]cz/VNM.ps1
http://vavave[.]xf[.]cz/VNMM.ps1
http://vavave[.]xf[.]cz/VNMs.ps1
http://vavave[.]xf[.]cz/YEYHUDBA.ps1
http://vavave[.]xf[.]cz/eVEN.ps1
http://vavave[.]xf[.]cz/hotels.ps1
http://vavave[.]xf[.]cz/lastVN.ps1
http://vavave[.]xf[.]cz/new.ps1
http://vavave[.]xf[.]cz/ses.ps1
http://www[.]forummanazera[.]sk//cms//PAU.vbs
http://www[.]forummanazera[.]sk//cms//q.vbs
http://www[.]forummanazera[.]sk/cms/123.ps1
http://www[.]forummanazera[.]sk/cms/CINEMA.ps1
http://www[.]forummanazera[.]sk/cms/DD.ps1
http://www[.]forummanazera[.]sk/cms/Deadpools.ps1
http://www[.]forummanazera[.]sk/cms/Office.ps1
http://www[.]forummanazera[.]sk/cms/dead.ps1
http://www[.]forummanazera[.]sk/cms/heslo.ps1
http://www[.]reality[.]skarabeus[.]sk/admin/sub/css/Data.ps1
http://www[.]reality[.]skarabeus[.]sk/admin/sub/css/toj.ps1
http://www[.]reality[.]skarabeus[.]sk/lib/winscrpt.bat
http://www[.]reality[.]skarabeus[.]sk/zal.txt
https://hotel-boss[.]eu/fonts/hba.ps1
https://hotel-boss[.]eu/fonts/rar.ps1
https://hotel-boss[.]eu/img/BBKali.ps1
https://hotel-boss[.]eu/img/restika/KALI.ps1
https://hotel-boss[.]eu/img/restika/KULI.ps1
https://hotel-boss[.]eu/img/restika/MEG.ps1
https://hotel-boss[.]eu/img/restika/SIM.ps1
https://hotel-boss[.]eu/img/restika/SPI.ps1
https://hotel-boss[.]eu/img/restika/VEN.ps1

C&C servers

sivpici[.]php5[.]sk
freetips[.]php5[.]sk

bitly shortened addresses

https://bit[.]ly/2AA0okr
https://bit[.]ly/2AIyPVY
https://bit[.]ly/2AxcFG9
https://bit[.]ly/2BAnbev
https://bit[.]ly/2BBbeoJ
https://bit[.]ly/2Cg0VZH
https://bit[.]ly/2CoWoko
https://bit[.]ly/2D7O4aQ
https://bit[.]ly/2DIClj8
https://bit[.]ly/2DR1t8r
https://bit[.]ly/2Ed5vYI
https://bit[.]ly/2Ed5vYI
https://bit[.]ly/2FofLii
https://bit[.]ly/2FtdTEZ
https://bit[.]ly/2HiqL1u
https://bit[.]ly/2Isx7qo
https://bit[.]ly/2J8MBjA
https://bit[.]ly/2JeXF3T
https://bit[.]ly/2Jgq1up
https://bit[.]ly/2Ji6K6W
https://bit[.]ly/2Jslkcc
https://bit[.]ly/2K2SIbA
https://bit[.]ly/2KAAphm
https://bit[.]ly/2KDrxYl
https://bit[.]ly/2KHUGOZ
https://bit[.]ly/2KSbLZG
https://bit[.]ly/2KV1MBZ
https://bit[.]ly/2KVGHVu
https://bit[.]ly/2KvacAC
https://bit[.]ly/2L10rK7
https://bit[.]ly/2L6WVuv
https://bit[.]ly/2LIMehK
https://bit[.]ly/2LR0cP3
https://bit[.]ly/2LXRIZD
https://bit[.]ly/2LcXIhq
https://bit[.]ly/2LiYtBJ
https://bit[.]ly/2LoD12n
https://bit[.]ly/2LpEssd
https://bit[.]ly/2LvJuHL
https://bit[.]ly/2Lxp94O
https://bit[.]ly/2MGXOe1
https://bit[.]ly/2MLfx76
https://bit[.]ly/2MV5oBn
https://bit[.]ly/2MfIEMt
https://bit[.]ly/2MfqEWw
https://bit[.]ly/2N1VZwm
https://bit[.]ly/2N1VZwm
https://bit[.]ly/2N6Qp8v
https://bit[.]ly/2N7TlRr
https://bit[.]ly/2NEYsML
https://bit[.]ly/2NEYsML
https://bit[.]ly/2NGW2dy
https://bit[.]ly/2NR0dmw
https://bit[.]ly/2Nb4VLE
https://bit[.]ly/2NdOvCU
https://bit[.]ly/2NkWkXH
https://bit[.]ly/2O2jX6z
https://bit[.]ly/2O3p5Mi
https://bit[.]ly/2O3p5Mi
https://bit[.]ly/2OKw4Fi
https://bit[.]ly/2ONnQwb
https://bit[.]ly/2OWNYF2
https://bit[.]ly/2Om0ejp
https://bit[.]ly/2OsT8Jx
https://bit[.]ly/2OsT8Jx
https://bit[.]ly/2OwoqP8
https://bit[.]ly/2OxrI4s
https://bit[.]ly/2P1RKNn
https://bit[.]ly/2P3SNwq
https://bit[.]ly/2P3SjX4
https://bit[.]ly/2PDerg4
https://bit[.]ly/2PXL9bi
https://bit[.]ly/2Pi69oX
https://bit[.]ly/2PmsEKx
https://bit[.]ly/2Pp4Kho
https://bit[.]ly/2Q7SpBG
https://bit[.]ly/2QKhzmQ
https://bit[.]ly/2Qc8FyT
https://bit[.]ly/2Qc8FyT
https://bit[.]ly/2QdSCDc
https://bit[.]ly/2QewcC5
https://bit[.]ly/2QgKHoK
https://bit[.]ly/2QnDaRC
https://bit[.]ly/2QnDaRC
https://bit[.]ly/2R14vcM
https://bit[.]ly/2R9fbWR
https://bit[.]ly/2RjnhAF
https://bit[.]ly/2RozhNx
https://bit[.]ly/2RozhNx
https://bit[.]ly/2S0ZbGw
https://bit[.]ly/2S1y7XJ
https://bit[.]ly/2S5QPO6
https://bit[.]ly/2SVxNuX
https://bit[.]ly/2TIPuOI
https://bit[.]ly/2TgriDl
https://bit[.]ly/2lUs35q
https://bit[.]ly/2m5GvaT
https://bit[.]ly/2m7jV1G
https://bit[.]ly/2mMiXI8
https://bit[.]ly/2oijToM
https://bit[.]ly/2qEbJIh
https://bit[.]ly/2qStyU6
https://bit[.]ly/2tsFOfM
https://bit[.]ly/2txxnPB
https://bit[.]ly/2u1UNwP
https://bit[.]ly/2u5mK7J
https://bit[.]ly/2u6FEuI
https://bit[.]ly/2u9Tdsv
https://bit[.]ly/2uZCEkn
https://bit[.]ly/2vIq4FB
https://bit[.]ly/2vc0yJz
https://bit[.]ly/2vtq8cq
https://bit[.]ly/2w9yKWE
https://bit[.]ly/2xGU068
https://bit[.]ly/2xGU068
https://bit[.]ly/2zWFycw
https://bit[.]ly/2zdzwDs
https://bit[.]ly/2zqKAg7
https://bit[.]ly/2zwnOqg

Pastebin

http://www.pastebin[.]com/raw/1k1xrKgs
http://www.pastebin[.]com/raw/2BeLa7RC
http://www.pastebin[.]com/raw/6BK3PR97
http://www.pastebin[.]com/raw/75nDnviA
http://www.pastebin[.]com/raw/7dn45mLd
http://www.pastebin[.]com/raw/8HxEjmYV
http://www.pastebin[.]com/raw/902bqY73
http://www.pastebin[.]com/raw/9vKHWY7h
http://www.pastebin[.]com/raw/a343jaFg
http://www.pastebin[.]com/raw/a343jaFg
http://www.pastebin[.]com/raw/A3UBQqpH
http://www.pastebin[.]com/raw/By9L8vyJ
http://www.pastebin[.]com/raw/cMUPysgX
http://www.pastebin[.]com/raw/d246jUuz
http://www.pastebin[.]com/raw/d5kLWCQJ
http://www.pastebin[.]com/raw/DsBtQDAk
http://www.pastebin[.]com/raw/fbjVgC2h
http://www.pastebin[.]com/raw/FPGA4vnC
http://www.pastebin[.]com/raw/grhF53LK
http://www.pastebin[.]com/raw/HCHEayBg
http://www.pastebin[.]com/raw/hYxfatwT
http://www.pastebin[.]com/raw/iJd5TEfk
http://www.pastebin[.]com/raw/jgC53t5k
http://www.pastebin[.]com/raw/JiYcHk0i
http://www.pastebin[.]com/raw/LQ9zmMZW
http://www.pastebin[.]com/raw/mEKEuSv2
http://www.pastebin[.]com/raw/n5n9zAvR
http://www.pastebin[.]com/raw/NcLXBfcP
http://www.pastebin[.]com/raw/nPLQwN65
http://www.pastebin[.]com/raw/nUdpeyHp
http://www.pastebin[.]com/raw/q8BZkUSv
http://www.pastebin[.]com/raw/r8X9aefh
http://www.pastebin[.]com/raw/tGUAH7Kh
http://www.pastebin[.]com/raw/uqRVD0MV
http://www.pastebin[.]com/raw/vuc8Hc1f
http://www.pastebin[.]com/raw/WXe1rFi6
http://www.pastebin[.]com/raw/xMeawvC3

File names

Downloader

1.exe
Adobe Photoshop Lightroom 6.2 + Crack (upload H0rs3)\patch.exe
Archiv.exe
Auto-Unzip.exe
Citaj.exe
Crack.exe
Extract.exe
Extracter.exe
FarCry.EXE
GivePass2.exe
Heslo.exe
KEY.exe
LegoStarwars.EXE
List.exe
Mafia 1
Multiplayer.exe
NFSUnderground2.WidescreenFix.rar
Password.exe
R.exe
ROzbalMA.rar
Ranzip.exe
Rozbalit.EXE
Setup.exe
SimsPS.EXE
Sphere.exe
Sphere.zip
Steam Giver V2.exe
SteamCDKeys
SteamKeys Generator by W33.exe
SteamListCDkeys
TipNumber.exe
TrialMode.exe
Unrar  v 1.4a.exe
Unrarer.zip
Unzip.exe
Webcam Show.exe
WebcamShow.exe
WinUpda.exe
WindowsUpdate.exe
crack.exe
extd.exe
fifa14.exe
gta_original.exe
gta_sa.exe
heslo.txt.exe
lister.exe
nhl2009.EXE
packed.rar
sound.exe

Other stages

%userprofile%\.win\Athos.exe
%userprofile%\.win\begin.rar
%userprofile%\.win\dwms.exe
%userprofile%\.win\que.vbs
%userprofile%\.win\run.bat
%userprofile%\.win\start.bat
%userprofile%\.win\WUDFHost.exe
IECache.exe
start.bat
TestDll.bin
whats.txt
winhost.exe
WUDFHost_NEW.exe
WUDFHost.exe

README.md

IOC for Certishell

Table of Contents

Samples (SHA-256)

Downloader

Scripts

RAT

Miner

Ransomware

Other

Registry key payload

Network indicators

Downloader urls

C&C servers

bitly shortened addresses

Pastebin

File names

Downloader

Other stages