Execution
T1204 suspicious_lnk: LNK file with suspicious content
T1059 suspicious_cmd_arguments: Cmd.exe uses file as a data source for the standard input stream
Defense Evasion
T1027.002 unnamed_memory_regions: Code was executed in unnamed regions
Other
unexpected_exception: Unexpected exception
no_graphical_activity: No graphic activity
creates_suspended_process: Creates suspended process
yara_rules: Static rules