VTI SCORE: 100/100
Dynamic Analysis Report |
Classification: Ransomware, Wiper, Trojan |
gjfkyfli;.exe
Windows Exe (x86-32)
Created at 2019-10-30T06:47:00
Remarks
(0x200001e): The maximum size of extracted files was exceeded. Some files may be missing in the report.
(0x200001d): The maximum number of extracted files was exceeded. Some files may be missing in the report.
(0x200001b): The maximum number of file reputation requests per analysis (150) was exceeded.
This is a filtered view
This list contains only the embedded files, downloaded files, and dropped files
Filters: |
There are no files for this filter
There are no files in this analysis
Filename | Category | Type | Severity | Actions |
---|
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\gjfkyfli;.exe | Sample File | Binary |
Malicious
|
...
|
»
File Reputation Information
»
Severity |
Suspicious
|
First Seen | 2019-10-29 18:22 (UTC+1) |
Last Seen | 2019-10-29 20:32 (UTC+1) |
Names | Win32.Trojan.Genkryptik |
Families | Genkryptik |
Classification | Trojan |
PE Information
»
Image Base | 0x400000 |
Entry Point | 0x402875 |
Size Of Code | 0xe600 |
Size Of Initialized Data | 0x74e3600 |
File Type | FileType.executable |
Subsystem | Subsystem.windows_gui |
Machine Type | MachineType.i386 |
Compile Timestamp | 2018-10-04 10:03:52+00:00 |
Version Information (2)
»
InternalName | gjfkyfli;.exe |
ProductVersion | 2.0.6.4 |
Sections (5)
»
Name | Virtual Address | Virtual Size | Raw Data Size | Raw Data Offset | Flags | Entropy |
---|---|---|---|---|---|---|
.text | 0x401000 | 0xe531 | 0xe600 | 0x400 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ | 6.73 |
.rdata | 0x410000 | 0x26d02 | 0x26e00 | 0xea00 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 5.48 |
.data | 0x437000 | 0x74b6f00 | 0x2800 | 0x35800 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 2.11 |
.rsrc | 0x78ee000 | 0x5128 | 0x5200 | 0x38000 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 5.3 |
.reloc | 0x78f4000 | 0x12d0 | 0x1400 | 0x3d200 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ | 6.39 |
Imports (3)
»
KERNEL32.dll (103)
»
API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
---|---|---|---|---|---|
GlobalAlloc | 0x0 | 0x410040 | 0x3624c | 0x34c4c | 0x2b3 |
VirtualFreeEx | 0x0 | 0x410044 | 0x36250 | 0x34c50 | 0x4ed |
LoadLibraryW | 0x0 | 0x410048 | 0x36254 | 0x34c54 | 0x33f |
_hread | 0x0 | 0x41004c | 0x36258 | 0x34c58 | 0x535 |
GetSystemPowerStatus | 0x0 | 0x410050 | 0x3625c | 0x34c5c | 0x274 |
LeaveCriticalSection | 0x0 | 0x410054 | 0x36260 | 0x34c60 | 0x339 |
GetFileAttributesA | 0x0 | 0x410058 | 0x36264 | 0x34c64 | 0x1e5 |
GetNamedPipeInfo | 0x0 | 0x41005c | 0x36268 | 0x34c68 | 0x222 |
FindNextVolumeW | 0x0 | 0x410060 | 0x3626c | 0x34c6c | 0x14a |
GetBinaryTypeA | 0x0 | 0x410064 | 0x36270 | 0x34c70 | 0x170 |
ReadFile | 0x0 | 0x410068 | 0x36274 | 0x34c74 | 0x3c0 |
CreateFileW | 0x0 | 0x41006c | 0x36278 | 0x34c78 | 0x8f |
CreateActCtxA | 0x0 | 0x410070 | 0x3627c | 0x34c7c | 0x77 |
lstrlenW | 0x0 | 0x410074 | 0x36280 | 0x34c80 | 0x54e |
SetConsoleTitleA | 0x0 | 0x410078 | 0x36284 | 0x34c84 | 0x447 |
FlushInstructionCache | 0x0 | 0x41007c | 0x36288 | 0x34c88 | 0x158 |
GetNamedPipeHandleStateW | 0x0 | 0x410080 | 0x3628c | 0x34c8c | 0x221 |
GetDriveTypeA | 0x0 | 0x410084 | 0x36290 | 0x34c90 | 0x1d2 |
PeekConsoleInputW | 0x0 | 0x410088 | 0x36294 | 0x34c94 | 0x38c |
GetLocalTime | 0x0 | 0x41008c | 0x36298 | 0x34c98 | 0x203 |
GetAtomNameA | 0x0 | 0x410090 | 0x3629c | 0x34c9c | 0x16d |
SetThreadPriorityBoost | 0x0 | 0x410094 | 0x362a0 | 0x34ca0 | 0x49a |
GetCommMask | 0x0 | 0x410098 | 0x362a4 | 0x34ca4 | 0x181 |
SetCommMask | 0x0 | 0x41009c | 0x362a8 | 0x34ca8 | 0x424 |
GlobalWire | 0x0 | 0x4100a0 | 0x362ac | 0x34cac | 0x2c6 |
GetModuleHandleA | 0x0 | 0x4100a4 | 0x362b0 | 0x34cb0 | 0x215 |
SetLocaleInfoW | 0x0 | 0x4100a8 | 0x362b4 | 0x34cb4 | 0x478 |
CompareStringA | 0x0 | 0x4100ac | 0x362b8 | 0x34cb8 | 0x61 |
GetCPInfoExA | 0x0 | 0x4100b0 | 0x362bc | 0x34cbc | 0x173 |
DeleteFileW | 0x0 | 0x4100b4 | 0x362c0 | 0x34cc0 | 0xd6 |
ReadConsoleOutputCharacterW | 0x0 | 0x4100b8 | 0x362c4 | 0x34cc4 | 0x3bc |
lstrcpyW | 0x0 | 0x4100bc | 0x362c8 | 0x34cc8 | 0x548 |
FlushFileBuffers | 0x0 | 0x4100c0 | 0x362cc | 0x34ccc | 0x157 |
GetStringTypeW | 0x0 | 0x4100c4 | 0x362d0 | 0x34cd0 | 0x269 |
FormatMessageA | 0x0 | 0x4100c8 | 0x362d4 | 0x34cd4 | 0x15d |
OutputDebugStringW | 0x0 | 0x4100cc | 0x362d8 | 0x34cd8 | 0x38a |
SleepEx | 0x0 | 0x4100d0 | 0x362dc | 0x34cdc | 0x4b5 |
SetConsoleActiveScreenBuffer | 0x0 | 0x4100d4 | 0x362e0 | 0x34ce0 | 0x42b |
SetMailslotInfo | 0x0 | 0x4100d8 | 0x362e4 | 0x34ce4 | 0x479 |
VerSetConditionMask | 0x0 | 0x4100dc | 0x362e8 | 0x34ce8 | 0x4e4 |
SetConsoleTextAttribute | 0x0 | 0x4100e0 | 0x362ec | 0x34cec | 0x446 |
LoadResource | 0x0 | 0x4100e4 | 0x362f0 | 0x34cf0 | 0x341 |
GetProfileIntW | 0x0 | 0x4100e8 | 0x362f4 | 0x34cf4 | 0x259 |
MoveFileExA | 0x0 | 0x4100ec | 0x362f8 | 0x34cf8 | 0x35f |
SetComputerNameExA | 0x0 | 0x4100f0 | 0x362fc | 0x34cfc | 0x428 |
GetLocaleInfoA | 0x0 | 0x4100f4 | 0x36300 | 0x34d00 | 0x204 |
GetNativeSystemInfo | 0x0 | 0x4100f8 | 0x36304 | 0x34d04 | 0x225 |
RemoveVectoredExceptionHandler | 0x0 | 0x4100fc | 0x36308 | 0x34d08 | 0x408 |
GetProcAddress | 0x0 | 0x410100 | 0x3630c | 0x34d0c | 0x245 |
ExitProcess | 0x0 | 0x410104 | 0x36310 | 0x34d10 | 0x119 |
EncodePointer | 0x0 | 0x410108 | 0x36314 | 0x34d14 | 0xea |
DecodePointer | 0x0 | 0x41010c | 0x36318 | 0x34d18 | 0xca |
GetCommandLineW | 0x0 | 0x410110 | 0x3631c | 0x34d1c | 0x187 |
RaiseException | 0x0 | 0x410114 | 0x36320 | 0x34d20 | 0x3b1 |
RtlUnwind | 0x0 | 0x410118 | 0x36324 | 0x34d24 | 0x418 |
IsProcessorFeaturePresent | 0x0 | 0x41011c | 0x36328 | 0x34d28 | 0x304 |
IsDebuggerPresent | 0x0 | 0x410120 | 0x3632c | 0x34d2c | 0x300 |
GetLastError | 0x0 | 0x410124 | 0x36330 | 0x34d30 | 0x202 |
GetModuleHandleExW | 0x0 | 0x410128 | 0x36334 | 0x34d34 | 0x217 |
MultiByteToWideChar | 0x0 | 0x41012c | 0x36338 | 0x34d38 | 0x367 |
WideCharToMultiByte | 0x0 | 0x410130 | 0x3633c | 0x34d3c | 0x511 |
HeapSize | 0x0 | 0x410134 | 0x36340 | 0x34d40 | 0x2d4 |
HeapFree | 0x0 | 0x410138 | 0x36344 | 0x34d44 | 0x2cf |
HeapAlloc | 0x0 | 0x41013c | 0x36348 | 0x34d48 | 0x2cb |
SetLastError | 0x0 | 0x410140 | 0x3634c | 0x34d4c | 0x473 |
GetCurrentThreadId | 0x0 | 0x410144 | 0x36350 | 0x34d50 | 0x1c5 |
GetProcessHeap | 0x0 | 0x410148 | 0x36354 | 0x34d54 | 0x24a |
GetStdHandle | 0x0 | 0x41014c | 0x36358 | 0x34d58 | 0x264 |
GetFileType | 0x0 | 0x410150 | 0x3635c | 0x34d5c | 0x1f3 |
DeleteCriticalSection | 0x0 | 0x410154 | 0x36360 | 0x34d60 | 0xd1 |
GetStartupInfoW | 0x0 | 0x410158 | 0x36364 | 0x34d64 | 0x263 |
GetModuleFileNameW | 0x0 | 0x41015c | 0x36368 | 0x34d68 | 0x214 |
WriteFile | 0x0 | 0x410160 | 0x3636c | 0x34d6c | 0x525 |
QueryPerformanceCounter | 0x0 | 0x410164 | 0x36370 | 0x34d70 | 0x3a7 |
GetCurrentProcessId | 0x0 | 0x410168 | 0x36374 | 0x34d74 | 0x1c1 |
GetSystemTimeAsFileTime | 0x0 | 0x41016c | 0x36378 | 0x34d78 | 0x279 |
GetEnvironmentStringsW | 0x0 | 0x410170 | 0x3637c | 0x34d7c | 0x1da |
FreeEnvironmentStringsW | 0x0 | 0x410174 | 0x36380 | 0x34d80 | 0x161 |
UnhandledExceptionFilter | 0x0 | 0x410178 | 0x36384 | 0x34d84 | 0x4d3 |
SetUnhandledExceptionFilter | 0x0 | 0x41017c | 0x36388 | 0x34d88 | 0x4a5 |
InitializeCriticalSectionAndSpinCount | 0x0 | 0x410180 | 0x3638c | 0x34d8c | 0x2e3 |
Sleep | 0x0 | 0x410184 | 0x36390 | 0x34d90 | 0x4b2 |
GetCurrentProcess | 0x0 | 0x410188 | 0x36394 | 0x34d94 | 0x1c0 |
TerminateProcess | 0x0 | 0x41018c | 0x36398 | 0x34d98 | 0x4c0 |
TlsAlloc | 0x0 | 0x410190 | 0x3639c | 0x34d9c | 0x4c5 |
TlsGetValue | 0x0 | 0x410194 | 0x363a0 | 0x34da0 | 0x4c7 |
TlsSetValue | 0x0 | 0x410198 | 0x363a4 | 0x34da4 | 0x4c8 |
TlsFree | 0x0 | 0x41019c | 0x363a8 | 0x34da8 | 0x4c6 |
GetModuleHandleW | 0x0 | 0x4101a0 | 0x363ac | 0x34dac | 0x218 |
EnterCriticalSection | 0x0 | 0x4101a4 | 0x363b0 | 0x34db0 | 0xee |
GetConsoleCP | 0x0 | 0x4101a8 | 0x363b4 | 0x34db4 | 0x19a |
GetConsoleMode | 0x0 | 0x4101ac | 0x363b8 | 0x34db8 | 0x1ac |
SetFilePointerEx | 0x0 | 0x4101b0 | 0x363bc | 0x34dbc | 0x467 |
IsValidCodePage | 0x0 | 0x4101b4 | 0x363c0 | 0x34dc0 | 0x30a |
GetACP | 0x0 | 0x4101b8 | 0x363c4 | 0x34dc4 | 0x168 |
GetOEMCP | 0x0 | 0x4101bc | 0x363c8 | 0x34dc8 | 0x237 |
GetCPInfo | 0x0 | 0x4101c0 | 0x363cc | 0x34dcc | 0x172 |
LoadLibraryExW | 0x0 | 0x4101c4 | 0x363d0 | 0x34dd0 | 0x33e |
HeapReAlloc | 0x0 | 0x4101c8 | 0x363d4 | 0x34dd4 | 0x2d2 |
LCMapStringW | 0x0 | 0x4101cc | 0x363d8 | 0x34dd8 | 0x32d |
SetStdHandle | 0x0 | 0x4101d0 | 0x363dc | 0x34ddc | 0x487 |
WriteConsoleW | 0x0 | 0x4101d4 | 0x363e0 | 0x34de0 | 0x524 |
CloseHandle | 0x0 | 0x4101d8 | 0x363e4 | 0x34de4 | 0x52 |
USER32.dll (1)
»
API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
---|---|---|---|---|---|
GetMessageExtraInfo | 0x0 | 0x4101e0 | 0x363ec | 0x34dec | 0x15a |
ADVAPI32.dll (15)
»
API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
---|---|---|---|---|---|
BackupEventLogW | 0x0 | 0x410000 | 0x3620c | 0x34c0c | 0x3b |
SetFileSecurityA | 0x0 | 0x410004 | 0x36210 | 0x34c10 | 0x2a9 |
GetSecurityDescriptorSacl | 0x0 | 0x410008 | 0x36214 | 0x34c14 | 0x14d |
AddAce | 0x0 | 0x41000c | 0x36218 | 0x34c18 | 0x16 |
InitializeSid | 0x0 | 0x410010 | 0x3621c | 0x34c1c | 0x178 |
RegReplaceKeyA | 0x0 | 0x410014 | 0x36220 | 0x34c20 | 0x271 |
ObjectCloseAuditAlarmA | 0x0 | 0x410018 | 0x36224 | 0x34c24 | 0x1e9 |
SetSecurityDescriptorOwner | 0x0 | 0x41001c | 0x36228 | 0x34c28 | 0x2b8 |
RegQueryMultipleValuesA | 0x0 | 0x410020 | 0x3622c | 0x34c2c | 0x269 |
GetSecurityDescriptorControl | 0x0 | 0x410024 | 0x36230 | 0x34c30 | 0x147 |
GetSecurityDescriptorRMControl | 0x0 | 0x410028 | 0x36234 | 0x34c34 | 0x14c |
StartServiceCtrlDispatcherW | 0x0 | 0x41002c | 0x36238 | 0x34c38 | 0x2c8 |
OpenProcessToken | 0x0 | 0x410030 | 0x3623c | 0x34c3c | 0x1f7 |
OpenServiceA | 0x0 | 0x410034 | 0x36240 | 0x34c40 | 0x1fa |
AddAccessDeniedAceEx | 0x0 | 0x410038 | 0x36244 | 0x34c44 | 0x14 |
Memory Dumps (6)
»
Name | Process ID | Start VA | End VA | Dump Reason | PE Rebuild | Bitness | Entry Points | AV | YARA | Actions |
---|---|---|---|---|---|---|---|---|---|---|
buffer | 1 | 0x07DB67C0 | 0x07DCE90C | Marked Executable | - | 32-bit | 0x07DB67C0 |
...
|
||
buffer | 1 | 0x00210000 | 0x00228FFF | First Execution | - | 32-bit | 0x00210000 |
...
|
||
buffer | 7 | 0x07A06948 | 0x07A1EA94 | Marked Executable | - | 32-bit | 0x07A06948 |
...
|
||
buffer | 7 | 0x00210000 | 0x00228FFF | First Execution | - | 32-bit | 0x00210000 |
...
|
||
buffer | 8 | 0x07B06AD0 | 0x07B1EC1C | Marked Executable | - | 32-bit | 0x07B06AD0 |
...
|
||
buffer | 8 | 0x00210000 | 0x00228FFF | First Execution | - | 32-bit | 0x00210000 |
...
|
Local AV Matches (1)
»
Threat Name | Severity |
---|---|
Trojan.GenericKD.32658252 |
Malicious
|
C:\BOOTSECT.BAK.id-9C354B42.[admin@sectex.net].bot | Dropped File | Stream |
Malicious
|
...
|
»
YARA Matches (1)
»
Rule Name | Rule Description | Classification | Score | Actions |
---|---|---|---|---|
DharmaEncryptedFile | File encrypted by Dharma Ransomware | Ransomware |
5/5
|
...
|
C:\Boot\BOOTSTAT.DAT.id-9C354B42.[admin@sectex.net].bot | Dropped File | Stream |
Malicious
|
...
|
»
YARA Matches (1)
»
Rule Name | Rule Description | Classification | Score | Actions |
---|---|---|---|---|
DharmaEncryptedFile | File encrypted by Dharma Ransomware | Ransomware |
5/5
|
...
|
C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\ExcelMUI.xml.id-9C354B42.[admin@sectex.net].bot | Dropped File | Stream |
Malicious
|
...
|
»
YARA Matches (1)
»
Rule Name | Rule Description | Classification | Score | Actions |
---|---|---|---|---|
DharmaEncryptedFile | File encrypted by Dharma Ransomware | Ransomware |
5/5
|
...
|
C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\PowerPointMUI.xml.id-9C354B42.[admin@sectex.net].bot | Dropped File | Stream |
Malicious
|
...
|
»
YARA Matches (1)
»
Rule Name | Rule Description | Classification | Score | Actions |
---|---|---|---|---|
DharmaEncryptedFile | File encrypted by Dharma Ransomware | Ransomware |
5/5
|
...
|
C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[admin@sectex.net].bot | Dropped File | Stream |
Malicious
|
...
|
»
YARA Matches (1)
»
Rule Name | Rule Description | Classification | Score | Actions |
---|---|---|---|---|
DharmaEncryptedFile | File encrypted by Dharma Ransomware | Ransomware |
5/5
|
...
|
C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\PublisherMUI.xml.id-9C354B42.[admin@sectex.net].bot | Dropped File | Stream |
Malicious
|
...
|
»
YARA Matches (1)
»
Rule Name | Rule Description | Classification | Score | Actions |
---|---|---|---|---|
DharmaEncryptedFile | File encrypted by Dharma Ransomware | Ransomware |
5/5
|
...
|
C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\OutlookMUI.xml.id-9C354B42.[admin@sectex.net].bot | Dropped File | Stream |
Malicious
|
...
|
»
YARA Matches (1)
»
Rule Name | Rule Description | Classification | Score | Actions |
---|---|---|---|---|
DharmaEncryptedFile | File encrypted by Dharma Ransomware | Ransomware |
5/5
|
...
|
C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[admin@sectex.net].bot | Dropped File | Stream |
Malicious
|
...
|
»
YARA Matches (1)
»
Rule Name | Rule Description | Classification | Score | Actions |
---|---|---|---|---|
DharmaEncryptedFile | File encrypted by Dharma Ransomware | Ransomware |
5/5
|
...
|
C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[admin@sectex.net].bot | Dropped File | Stream |
Malicious
|
...
|
»
YARA Matches (1)
»
Rule Name | Rule Description | Classification | Score | Actions |
---|---|---|---|---|
DharmaEncryptedFile | File encrypted by Dharma Ransomware | Ransomware |
5/5
|
...
|
C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\WordMUI.xml.id-9C354B42.[admin@sectex.net].bot | Dropped File | Stream |
Malicious
|
...
|
»
YARA Matches (1)
»
Rule Name | Rule Description | Classification | Score | Actions |
---|---|---|---|---|
DharmaEncryptedFile | File encrypted by Dharma Ransomware | Ransomware |
5/5
|
...
|
C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[admin@sectex.net].bot | Dropped File | Stream |
Malicious
|
...
|
»
YARA Matches (1)
»
Rule Name | Rule Description | Classification | Score | Actions |
---|---|---|---|---|
DharmaEncryptedFile | File encrypted by Dharma Ransomware | Ransomware |
5/5
|
...
|
C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.fr\Proof.xml.id-9C354B42.[admin@sectex.net].bot | Dropped File | Stream |
Malicious
|
...
|
»
YARA Matches (1)
»
Rule Name | Rule Description | Classification | Score | Actions |
---|---|---|---|---|
DharmaEncryptedFile | File encrypted by Dharma Ransomware | Ransomware |
5/5
|
...
|
C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proofing.xml.id-9C354B42.[admin@sectex.net].bot | Dropped File | Stream |
Malicious
|
...
|
»
YARA Matches (1)
»
Rule Name | Rule Description | Classification | Score | Actions |
---|---|---|---|---|
DharmaEncryptedFile | File encrypted by Dharma Ransomware | Ransomware |
5/5
|
...
|
C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[admin@sectex.net].bot | Dropped File | Stream |
Malicious
|
...
|
»
YARA Matches (1)
»
Rule Name | Rule Description | Classification | Score | Actions |
---|---|---|---|---|
DharmaEncryptedFile | File encrypted by Dharma Ransomware | Ransomware |
5/5
|
...
|
C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.en\Proof.xml.id-9C354B42.[admin@sectex.net].bot | Dropped File | Stream |
Malicious
|
...
|
»
YARA Matches (1)
»
Rule Name | Rule Description | Classification | Score | Actions |
---|---|---|---|---|
DharmaEncryptedFile | File encrypted by Dharma Ransomware | Ransomware |
5/5
|
...
|
C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[admin@sectex.net].bot | Dropped File | Stream |
Malicious
|
...
|
»
YARA Matches (1)
»
Rule Name | Rule Description | Classification | Score | Actions |
---|---|---|---|---|
DharmaEncryptedFile | File encrypted by Dharma Ransomware | Ransomware |
5/5
|
...
|
C:\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\InfoPathMUI.xml.id-9C354B42.[admin@sectex.net].bot | Dropped File | Stream |
Malicious
|
...
|
»
YARA Matches (1)
»
Rule Name | Rule Description | Classification | Score | Actions |
---|---|---|---|---|
DharmaEncryptedFile | File encrypted by Dharma Ransomware | Ransomware |
5/5
|
...
|
C:\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[admin@sectex.net].bot | Dropped File | Stream |
Malicious
|
...
|
»
YARA Matches (1)
»
Rule Name | Rule Description | Classification | Score | Actions |
---|---|---|---|---|
DharmaEncryptedFile | File encrypted by Dharma Ransomware | Ransomware |
5/5
|
...
|
C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.es\Proof.xml.id-9C354B42.[admin@sectex.net].bot | Dropped File | Stream |
Malicious
|
...
|
»
YARA Matches (1)
»
Rule Name | Rule Description | Classification | Score | Actions |
---|---|---|---|---|
DharmaEncryptedFile | File encrypted by Dharma Ransomware | Ransomware |
5/5
|
...
|
C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\Office32MUI.xml.id-9C354B42.[admin@sectex.net].bot | Dropped File | Stream |
Malicious
|
...
|
»
YARA Matches (1)
»
Rule Name | Rule Description | Classification | Score | Actions |
---|---|---|---|---|
DharmaEncryptedFile | File encrypted by Dharma Ransomware | Ransomware |
5/5
|
...
|
C:\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\OneNoteMUI.xml.id-9C354B42.[admin@sectex.net].bot | Dropped File | Stream |
Malicious
|
...
|
»
YARA Matches (1)
»
Rule Name | Rule Description | Classification | Score | Actions |
---|---|---|---|---|
DharmaEncryptedFile | File encrypted by Dharma Ransomware | Ransomware |
5/5
|
...
|
C:\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[admin@sectex.net].bot | Dropped File | Stream |
Malicious
|
...
|
»
YARA Matches (1)
»
Rule Name | Rule Description | Classification | Score | Actions |
---|---|---|---|---|
DharmaEncryptedFile | File encrypted by Dharma Ransomware | Ransomware |
5/5
|
...
|
C:\MSOCache\All Users\{90140000-00B4-0409-1000-0000000FF1CE}-C\ProjectMUI.xml.id-9C354B42.[admin@sectex.net].bot | Dropped File | Stream |
Malicious
|
...
|
»
YARA Matches (1)
»
Rule Name | Rule Description | Classification | Score | Actions |
---|---|---|---|---|
DharmaEncryptedFile | File encrypted by Dharma Ransomware | Ransomware |
5/5
|
...
|
C:\MSOCache\All Users\{90140000-0054-0409-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[admin@sectex.net].bot | Dropped File | Stream |
Malicious
|
...
|
»
YARA Matches (1)
»
Rule Name | Rule Description | Classification | Score | Actions |
---|---|---|---|---|
DharmaEncryptedFile | File encrypted by Dharma Ransomware | Ransomware |
5/5
|
...
|
C:\MSOCache\All Users\{90140000-00BA-0409-1000-0000000FF1CE}-C\GrooveMUI.xml.id-9C354B42.[admin@sectex.net].bot | Dropped File | Stream |
Malicious
|
...
|
»
YARA Matches (1)
»
Rule Name | Rule Description | Classification | Score | Actions |
---|---|---|---|---|
DharmaEncryptedFile | File encrypted by Dharma Ransomware | Ransomware |
5/5
|
...
|
C:\MSOCache\All Users\{90140000-00BA-0409-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[admin@sectex.net].bot | Dropped File | Stream |
Malicious
|
...
|
»
YARA Matches (1)
»
Rule Name | Rule Description | Classification | Score | Actions |
---|---|---|---|---|
DharmaEncryptedFile | File encrypted by Dharma Ransomware | Ransomware |
5/5
|
...
|
C:\MSOCache\All Users\{90140000-00B4-0409-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[admin@sectex.net].bot | Dropped File | Stream |
Malicious
|
...
|
»
YARA Matches (1)
»
Rule Name | Rule Description | Classification | Score | Actions |
---|---|---|---|---|
DharmaEncryptedFile | File encrypted by Dharma Ransomware | Ransomware |
5/5
|
...
|
C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\OfficeMUI.xml.id-9C354B42.[admin@sectex.net].bot | Dropped File | Stream |
Malicious
|
...
|
»
YARA Matches (1)
»
Rule Name | Rule Description | Classification | Score | Actions |
---|---|---|---|---|
DharmaEncryptedFile | File encrypted by Dharma Ransomware | Ransomware |
5/5
|
...
|
C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\OfficeMUISet.xml.id-9C354B42.[admin@sectex.net].bot | Dropped File | Stream |
Malicious
|
...
|
»
YARA Matches (1)
»
Rule Name | Rule Description | Classification | Score | Actions |
---|---|---|---|---|
DharmaEncryptedFile | File encrypted by Dharma Ransomware | Ransomware |
5/5
|
...
|
C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\pss10r.chm.id-9C354B42.[admin@sectex.net].bot | Dropped File | Stream |
Malicious
|
...
|
»
YARA Matches (1)
»
Rule Name | Rule Description | Classification | Score | Actions |
---|---|---|---|---|
DharmaEncryptedFile | File encrypted by Dharma Ransomware | Ransomware |
5/5
|
...
|
C:\MSOCache\All Users\{90140000-0054-0409-1000-0000000FF1CE}-C\VisioMUI.xml.id-9C354B42.[admin@sectex.net].bot | Dropped File | Stream |
Malicious
|
...
|
»
YARA Matches (1)
»
Rule Name | Rule Description | Classification | Score | Actions |
---|---|---|---|---|
DharmaEncryptedFile | File encrypted by Dharma Ransomware | Ransomware |
5/5
|
...
|
C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[admin@sectex.net].bot | Dropped File | Stream |
Malicious
|
...
|
»
YARA Matches (1)
»
Rule Name | Rule Description | Classification | Score | Actions |
---|---|---|---|---|
DharmaEncryptedFile | File encrypted by Dharma Ransomware | Ransomware |
5/5
|
...
|
C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Access.en-us\AccessMUI.xml.id-9C354B42.[admin@sectex.net].bot | Dropped File | Stream |
Malicious
|
...
|
»
YARA Matches (1)
»
Rule Name | Rule Description | Classification | Score | Actions |
---|---|---|---|---|
DharmaEncryptedFile | File encrypted by Dharma Ransomware | Ransomware |
5/5
|
...
|
C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Access.en-us\branding.xml.id-9C354B42.[admin@sectex.net].bot | Dropped File | Stream |
Malicious
|
...
|
»
YARA Matches (1)
»
Rule Name | Rule Description | Classification | Score | Actions |
---|---|---|---|---|
DharmaEncryptedFile | File encrypted by Dharma Ransomware | Ransomware |
5/5
|
...
|
C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\branding.xml.id-9C354B42.[admin@sectex.net].bot | Dropped File | Stream |
Malicious
|
...
|
»
YARA Matches (1)
»
Rule Name | Rule Description | Classification | Score | Actions |
---|---|---|---|---|
DharmaEncryptedFile | File encrypted by Dharma Ransomware | Ransomware |
5/5
|
...
|
C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\setup.chm.id-9C354B42.[admin@sectex.net].bot | Dropped File | Stream |
Malicious
|
...
|
»
YARA Matches (1)
»
Rule Name | Rule Description | Classification | Score | Actions |
---|---|---|---|---|
DharmaEncryptedFile | File encrypted by Dharma Ransomware | Ransomware |
5/5
|
...
|
C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[admin@sectex.net].bot | Dropped File | Stream |
Malicious
|
...
|
»
YARA Matches (1)
»
Rule Name | Rule Description | Classification | Score | Actions |
---|---|---|---|---|
DharmaEncryptedFile | File encrypted by Dharma Ransomware | Ransomware |
5/5
|
...
|
C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\AccessMUISet.xml.id-9C354B42.[admin@sectex.net].bot | Dropped File | Stream |
Malicious
|
...
|
»
YARA Matches (1)
»
Rule Name | Rule Description | Classification | Score | Actions |
---|---|---|---|---|
DharmaEncryptedFile | File encrypted by Dharma Ransomware | Ransomware |
5/5
|
...
|
C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[admin@sectex.net].bot | Dropped File | Stream |
Malicious
|
...
|
»
YARA Matches (1)
»
Rule Name | Rule Description | Classification | Score | Actions |
---|---|---|---|---|
DharmaEncryptedFile | File encrypted by Dharma Ransomware | Ransomware |
5/5
|
...
|
C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\Office32WW.xml.id-9C354B42.[admin@sectex.net].bot | Dropped File | Stream |
Malicious
|
...
|
»
YARA Matches (1)
»
Rule Name | Rule Description | Classification | Score | Actions |
---|---|---|---|---|
DharmaEncryptedFile | File encrypted by Dharma Ransomware | Ransomware |
5/5
|
...
|
C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\PrjProrWW.xml.id-9C354B42.[admin@sectex.net].bot | Dropped File | Stream |
Malicious
|
...
|
»
YARA Matches (1)
»
Rule Name | Rule Description | Classification | Score | Actions |
---|---|---|---|---|
DharmaEncryptedFile | File encrypted by Dharma Ransomware | Ransomware |
5/5
|
...
|
C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[admin@sectex.net].bot | Dropped File | Stream |
Malicious
|
...
|
»
YARA Matches (1)
»
Rule Name | Rule Description | Classification | Score | Actions |
---|---|---|---|---|
DharmaEncryptedFile | File encrypted by Dharma Ransomware | Ransomware |
5/5
|
...
|
C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\Office32WW.xml.id-9C354B42.[admin@sectex.net].bot | Dropped File | Stream |
Malicious
|
...
|
»
YARA Matches (1)
»
Rule Name | Rule Description | Classification | Score | Actions |
---|---|---|---|---|
DharmaEncryptedFile | File encrypted by Dharma Ransomware | Ransomware |
5/5
|
...
|
C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\ProPlusrWW.xml.id-9C354B42.[admin@sectex.net].bot | Dropped File | Stream |
Malicious
|
...
|
»
YARA Matches (1)
»
Rule Name | Rule Description | Classification | Score | Actions |
---|---|---|---|---|
DharmaEncryptedFile | File encrypted by Dharma Ransomware | Ransomware |
5/5
|
...
|
C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[admin@sectex.net].bot | Dropped File | Stream |
Malicious
|
...
|
»
YARA Matches (1)
»
Rule Name | Rule Description | Classification | Score | Actions |
---|---|---|---|---|
DharmaEncryptedFile | File encrypted by Dharma Ransomware | Ransomware |
5/5
|
...
|
C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.EPS.id-9C354B42.[admin@sectex.net].bot | Dropped File | Stream |
Malicious
|
...
|
»
YARA Matches (1)
»
Rule Name | Rule Description | Classification | Score | Actions |
---|---|---|---|---|
DharmaEncryptedFile | File encrypted by Dharma Ransomware | Ransomware |
5/5
|
...
|
C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.GIF.id-9C354B42.[admin@sectex.net].bot | Dropped File | Stream |
Malicious
|
...
|
»
YARA Matches (1)
»
Rule Name | Rule Description | Classification | Score | Actions |
---|---|---|---|---|
DharmaEncryptedFile | File encrypted by Dharma Ransomware | Ransomware |
5/5
|
...
|
C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.JPG.id-9C354B42.[admin@sectex.net].bot | Dropped File | Stream |
Malicious
|
...
|
»
YARA Matches (1)
»
Rule Name | Rule Description | Classification | Score | Actions |
---|---|---|---|---|
DharmaEncryptedFile | File encrypted by Dharma Ransomware | Ransomware |
5/5
|
...
|
C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.PNG.id-9C354B42.[admin@sectex.net].bot | Dropped File | Stream |
Malicious
|
...
|
»
YARA Matches (1)
»
Rule Name | Rule Description | Classification | Score | Actions |
---|---|---|---|---|
DharmaEncryptedFile | File encrypted by Dharma Ransomware | Ransomware |
5/5
|
...
|
C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\VisiorWW.xml.id-9C354B42.[admin@sectex.net].bot | Dropped File | Stream |
Malicious
|
...
|
»
YARA Matches (1)
»
Rule Name | Rule Description | Classification | Score | Actions |
---|---|---|---|---|
DharmaEncryptedFile | File encrypted by Dharma Ransomware | Ransomware |
5/5
|
...
|
C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\Office32WW.xml.id-9C354B42.[admin@sectex.net].bot | Dropped File | Stream |
Malicious
|
...
|
»
YARA Matches (1)
»
Rule Name | Rule Description | Classification | Score | Actions |
---|---|---|---|---|
DharmaEncryptedFile | File encrypted by Dharma Ransomware | Ransomware |
5/5
|
...
|
C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[admin@sectex.net].bot | Dropped File | Stream |
Malicious
|
...
|
»
YARA Matches (1)
»
Rule Name | Rule Description | Classification | Score | Actions |
---|---|---|---|---|
DharmaEncryptedFile | File encrypted by Dharma Ransomware | Ransomware |
5/5
|
...
|
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Access.en-us\AccessMUI.XML.id-9C354B42.[admin@sectex.net].bot | Dropped File | Stream |
Malicious
|
...
|
»
YARA Matches (1)
»
Rule Name | Rule Description | Classification | Score | Actions |
---|---|---|---|---|
DharmaEncryptedFile | File encrypted by Dharma Ransomware | Ransomware |
5/5
|
...
|
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Access.en-us\AccessMUISet.XML.id-9C354B42.[admin@sectex.net].bot | Dropped File | Stream |
Malicious
|
...
|
»
YARA Matches (1)
»
Rule Name | Rule Description | Classification | Score | Actions |
---|---|---|---|---|
DharmaEncryptedFile | File encrypted by Dharma Ransomware | Ransomware |
5/5
|
...
|
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Access.en-us\SETUP.XML.id-9C354B42.[admin@sectex.net].bot | Dropped File | Stream |
Malicious
|
...
|
»
YARA Matches (1)
»
Rule Name | Rule Description | Classification | Score | Actions |
---|---|---|---|---|
DharmaEncryptedFile | File encrypted by Dharma Ransomware | Ransomware |
5/5
|
...
|
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Excel.en-us\ExcelMUI.XML.id-9C354B42.[admin@sectex.net].bot | Dropped File | Stream |
Malicious
|
...
|
»
YARA Matches (1)
»
Rule Name | Rule Description | Classification | Score | Actions |
---|---|---|---|---|
DharmaEncryptedFile | File encrypted by Dharma Ransomware | Ransomware |
5/5
|
...
|
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Groove.en-us\GrooveMUI.XML.id-9C354B42.[admin@sectex.net].bot | Dropped File | Stream |
Malicious
|
...
|
»
YARA Matches (1)
»
Rule Name | Rule Description | Classification | Score | Actions |
---|---|---|---|---|
DharmaEncryptedFile | File encrypted by Dharma Ransomware | Ransomware |
5/5
|
...
|
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\README.HTM.id-9C354B42.[admin@sectex.net].bot | Dropped File | Stream |
Malicious
|
...
|
»
YARA Matches (1)
»
Rule Name | Rule Description | Classification | Score | Actions |
---|---|---|---|---|
DharmaEncryptedFile | File encrypted by Dharma Ransomware | Ransomware |
5/5
|
...
|
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Groove.en-us\SETUP.XML.id-9C354B42.[admin@sectex.net].bot | Dropped File | Stream |
Malicious
|
...
|
»
YARA Matches (1)
»
Rule Name | Rule Description | Classification | Score | Actions |
---|---|---|---|---|
DharmaEncryptedFile | File encrypted by Dharma Ransomware | Ransomware |
5/5
|
...
|
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\InfoPath.en-us\InfoPathMUI.XML.id-9C354B42.[admin@sectex.net].bot | Dropped File | Stream |
Malicious
|
...
|
»
YARA Matches (1)
»
Rule Name | Rule Description | Classification | Score | Actions |
---|---|---|---|---|
DharmaEncryptedFile | File encrypted by Dharma Ransomware | Ransomware |
5/5
|
...
|
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\InfoPath.en-us\SETUP.XML.id-9C354B42.[admin@sectex.net].bot | Dropped File | Stream |
Malicious
|
...
|
»
YARA Matches (1)
»
Rule Name | Rule Description | Classification | Score | Actions |
---|---|---|---|---|
DharmaEncryptedFile | File encrypted by Dharma Ransomware | Ransomware |
5/5
|
...
|
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\OCT.CHM.id-9C354B42.[admin@sectex.net].bot | Dropped File | Stream |
Malicious
|
...
|
»
YARA Matches (1)
»
Rule Name | Rule Description | Classification | Score | Actions |
---|---|---|---|---|
DharmaEncryptedFile | File encrypted by Dharma Ransomware | Ransomware |
5/5
|
...
|
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\OfficeMUI.XML.id-9C354B42.[admin@sectex.net].bot | Dropped File | Stream |
Malicious
|
...
|
»
YARA Matches (1)
»
Rule Name | Rule Description | Classification | Score | Actions |
---|---|---|---|---|
DharmaEncryptedFile | File encrypted by Dharma Ransomware | Ransomware |
5/5
|
...
|
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\OfficeMUISet.XML.id-9C354B42.[admin@sectex.net].bot | Dropped File | Stream |
Malicious
|
...
|
»
YARA Matches (1)
»
Rule Name | Rule Description | Classification | Score | Actions |
---|---|---|---|---|
DharmaEncryptedFile | File encrypted by Dharma Ransomware | Ransomware |
5/5
|
...
|
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\PSCONFIG.CHM.id-9C354B42.[admin@sectex.net].bot | Dropped File | Stream |
Malicious
|
...
|
»
YARA Matches (1)
»
Rule Name | Rule Description | Classification | Score | Actions |
---|---|---|---|---|
DharmaEncryptedFile | File encrypted by Dharma Ransomware | Ransomware |
5/5
|
...
|
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Excel.en-us\SETUP.XML.id-9C354B42.[admin@sectex.net].bot | Dropped File | Stream |
Malicious
|
...
|
»
YARA Matches (1)
»
Rule Name | Rule Description | Classification | Score | Actions |
---|---|---|---|---|
DharmaEncryptedFile | File encrypted by Dharma Ransomware | Ransomware |
5/5
|
...
|
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\BRANDING.XML.id-9C354B42.[admin@sectex.net].bot | Dropped File | Stream |
Malicious
|
...
|
»
YARA Matches (1)
»
Rule Name | Rule Description | Classification | Score | Actions |
---|---|---|---|---|
DharmaEncryptedFile | File encrypted by Dharma Ransomware | Ransomware |
5/5
|
...
|
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\PSS10R.CHM.id-9C354B42.[admin@sectex.net].bot | Dropped File | Stream |
Malicious
|
...
|
»
YARA Matches (1)
»
Rule Name | Rule Description | Classification | Score | Actions |
---|---|---|---|---|
DharmaEncryptedFile | File encrypted by Dharma Ransomware | Ransomware |
5/5
|
...
|
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\SETUP.XML.id-9C354B42.[admin@sectex.net].bot | Dropped File | Stream |
Malicious
|
...
|
»
YARA Matches (1)
»
Rule Name | Rule Description | Classification | Score | Actions |
---|---|---|---|---|
DharmaEncryptedFile | File encrypted by Dharma Ransomware | Ransomware |
5/5
|
...
|
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\SETUP.CHM.id-9C354B42.[admin@sectex.net].bot | Dropped File | Stream |
Malicious
|
...
|
»
YARA Matches (1)
»
Rule Name | Rule Description | Classification | Score | Actions |
---|---|---|---|---|
DharmaEncryptedFile | File encrypted by Dharma Ransomware | Ransomware |
5/5
|
...
|
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\PSS10O.CHM.id-9C354B42.[admin@sectex.net].bot | Dropped File | Stream |
Malicious
|
...
|
»
YARA Matches (1)
»
Rule Name | Rule Description | Classification | Score | Actions |
---|---|---|---|---|
DharmaEncryptedFile | File encrypted by Dharma Ransomware | Ransomware |
5/5
|
...
|
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office32.WW\Office32WW.XML.id-9C354B42.[admin@sectex.net].bot | Dropped File | Stream |
Malicious
|
...
|
»
YARA Matches (1)
»
Rule Name | Rule Description | Classification | Score | Actions |
---|---|---|---|---|
DharmaEncryptedFile | File encrypted by Dharma Ransomware | Ransomware |
5/5
|
...
|
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\OneNote.en-us\OneNoteMUI.XML.id-9C354B42.[admin@sectex.net].bot | Dropped File | Stream |
Malicious
|
...
|
»
YARA Matches (1)
»
Rule Name | Rule Description | Classification | Score | Actions |
---|---|---|---|---|
DharmaEncryptedFile | File encrypted by Dharma Ransomware | Ransomware |
5/5
|
...
|
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Outlook.en-us\OutlookMUI.XML.id-9C354B42.[admin@sectex.net].bot | Dropped File | Stream |
Malicious
|
...
|
»
YARA Matches (1)
»
Rule Name | Rule Description | Classification | Score | Actions |
---|---|---|---|---|
DharmaEncryptedFile | File encrypted by Dharma Ransomware | Ransomware |
5/5
|
...
|
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Outlook.en-us\SETUP.XML.id-9C354B42.[admin@sectex.net].bot | Dropped File | Stream |
Malicious
|
...
|
»
YARA Matches (1)
»
Rule Name | Rule Description | Classification | Score | Actions |
---|---|---|---|---|
DharmaEncryptedFile | File encrypted by Dharma Ransomware | Ransomware |
5/5
|
...
|
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\OneNote.en-us\SETUP.XML.id-9C354B42.[admin@sectex.net].bot | Dropped File | Stream |
Malicious
|
...
|
»
YARA Matches (1)
»
Rule Name | Rule Description | Classification | Score | Actions |
---|---|---|---|---|
DharmaEncryptedFile | File encrypted by Dharma Ransomware | Ransomware |
5/5
|
...
|
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office32.en-us\SETUP.XML.id-9C354B42.[admin@sectex.net].bot | Dropped File | Stream |
Malicious
|
...
|
»
YARA Matches (1)
»
Rule Name | Rule Description | Classification | Score | Actions |
---|---|---|---|---|
DharmaEncryptedFile | File encrypted by Dharma Ransomware | Ransomware |
5/5
|
...
|
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\PRJPROR\PrjProrWW.XML.id-9C354B42.[admin@sectex.net].bot | Dropped File | Stream |
Malicious
|
...
|
»
YARA Matches (1)
»
Rule Name | Rule Description | Classification | Score | Actions |
---|---|---|---|---|
DharmaEncryptedFile | File encrypted by Dharma Ransomware | Ransomware |
5/5
|
...
|
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\PRJPROR\SETUP.XML.id-9C354B42.[admin@sectex.net].bot | Dropped File | Stream |
Malicious
|
...
|
»
YARA Matches (1)
»
Rule Name | Rule Description | Classification | Score | Actions |
---|---|---|---|---|
DharmaEncryptedFile | File encrypted by Dharma Ransomware | Ransomware |
5/5
|
...
|
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Project.en-us\ProjectMUI.XML.id-9C354B42.[admin@sectex.net].bot | Dropped File | Stream |
Malicious
|
...
|
»
YARA Matches (1)
»
Rule Name | Rule Description | Classification | Score | Actions |
---|---|---|---|---|
DharmaEncryptedFile | File encrypted by Dharma Ransomware | Ransomware |
5/5
|
...
|
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office32.en-us\Office32MUI.XML.id-9C354B42.[admin@sectex.net].bot | Dropped File | Stream |
Malicious
|
...
|
»
YARA Matches (1)
»
Rule Name | Rule Description | Classification | Score | Actions |
---|---|---|---|---|
DharmaEncryptedFile | File encrypted by Dharma Ransomware | Ransomware |
5/5
|
...
|
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Proof.en\Proof.XML.id-9C354B42.[admin@sectex.net].bot | Dropped File | Stream |
Malicious
|
...
|
»
YARA Matches (1)
»
Rule Name | Rule Description | Classification | Score | Actions |
---|---|---|---|---|
DharmaEncryptedFile | File encrypted by Dharma Ransomware | Ransomware |
5/5
|
...
|
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Proof.es\Proof.XML.id-9C354B42.[admin@sectex.net].bot | Dropped File | Stream |
Malicious
|
...
|
»
YARA Matches (1)
»
Rule Name | Rule Description | Classification | Score | Actions |
---|---|---|---|---|
DharmaEncryptedFile | File encrypted by Dharma Ransomware | Ransomware |
5/5
|
...
|
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Proof.fr\Proof.XML.id-9C354B42.[admin@sectex.net].bot | Dropped File | Stream |
Malicious
|
...
|
»
YARA Matches (1)
»
Rule Name | Rule Description | Classification | Score | Actions |
---|---|---|---|---|
DharmaEncryptedFile | File encrypted by Dharma Ransomware | Ransomware |
5/5
|
...
|
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Project.en-us\SETUP.XML.id-9C354B42.[admin@sectex.net].bot | Dropped File | Stream |
Malicious
|
...
|
»
YARA Matches (1)
»
Rule Name | Rule Description | Classification | Score | Actions |
---|---|---|---|---|
DharmaEncryptedFile | File encrypted by Dharma Ransomware | Ransomware |
5/5
|
...
|
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Proofing.en-us\Proofing.XML.id-9C354B42.[admin@sectex.net].bot | Dropped File | Stream |
Malicious
|
...
|
»
YARA Matches (1)
»
Rule Name | Rule Description | Classification | Score | Actions |
---|---|---|---|---|
DharmaEncryptedFile | File encrypted by Dharma Ransomware | Ransomware |
5/5
|
...
|
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\PROPLUSR\ProPlusrWW.XML.id-9C354B42.[admin@sectex.net].bot | Dropped File | Stream |
Malicious
|
...
|
»
YARA Matches (1)
»
Rule Name | Rule Description | Classification | Score | Actions |
---|---|---|---|---|
DharmaEncryptedFile | File encrypted by Dharma Ransomware | Ransomware |
5/5
|
...
|
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\PROPLUSR\SETUP.XML.id-9C354B42.[admin@sectex.net].bot | Dropped File | Stream |
Malicious
|
...
|
»
YARA Matches (1)
»
Rule Name | Rule Description | Classification | Score | Actions |
---|---|---|---|---|
DharmaEncryptedFile | File encrypted by Dharma Ransomware | Ransomware |
5/5
|
...
|
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\PowerPoint.en-us\PowerPointMUI.XML.id-9C354B42.[admin@sectex.net].bot | Dropped File | Stream |
Malicious
|
...
|
»
YARA Matches (1)
»
Rule Name | Rule Description | Classification | Score | Actions |
---|---|---|---|---|
DharmaEncryptedFile | File encrypted by Dharma Ransomware | Ransomware |
5/5
|
...
|
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\PowerPoint.en-us\SETUP.XML.id-9C354B42.[admin@sectex.net].bot | Dropped File | Stream |
Malicious
|
...
|
»
YARA Matches (1)
»
Rule Name | Rule Description | Classification | Score | Actions |
---|---|---|---|---|
DharmaEncryptedFile | File encrypted by Dharma Ransomware | Ransomware |
5/5
|
...
|
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Visio.en-us\SETUP.XML.id-9C354B42.[admin@sectex.net].bot | Dropped File | Stream |
Malicious
|
...
|
»
YARA Matches (1)
»
Rule Name | Rule Description | Classification | Score | Actions |
---|---|---|---|---|
DharmaEncryptedFile | File encrypted by Dharma Ransomware | Ransomware |
5/5
|
...
|
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Visio.en-us\VisioMUI.XML.id-9C354B42.[admin@sectex.net].bot | Dropped File | Stream |
Malicious
|
...
|
»
YARA Matches (1)
»
Rule Name | Rule Description | Classification | Score | Actions |
---|---|---|---|---|
DharmaEncryptedFile | File encrypted by Dharma Ransomware | Ransomware |
5/5
|
...
|
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\VISIOR\SETUP.XML.id-9C354B42.[admin@sectex.net].bot | Dropped File | Stream |
Malicious
|
...
|
»
YARA Matches (1)
»
Rule Name | Rule Description | Classification | Score | Actions |
---|---|---|---|---|
DharmaEncryptedFile | File encrypted by Dharma Ransomware | Ransomware |
5/5
|
...
|
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Proofing.en-us\SETUP.XML.id-9C354B42.[admin@sectex.net].bot | Dropped File | Stream |
Malicious
|
...
|
»
YARA Matches (1)
»
Rule Name | Rule Description | Classification | Score | Actions |
---|---|---|---|---|
DharmaEncryptedFile | File encrypted by Dharma Ransomware | Ransomware |
5/5
|
...
|
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\VISIOR\VisiorWW.XML.id-9C354B42.[admin@sectex.net].bot | Dropped File | Stream |
Malicious
|
...
|
»
YARA Matches (1)
»
Rule Name | Rule Description | Classification | Score | Actions |
---|---|---|---|---|
DharmaEncryptedFile | File encrypted by Dharma Ransomware | Ransomware |
5/5
|
...
|
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Publisher.en-us\PublisherMUI.XML.id-9C354B42.[admin@sectex.net].bot | Dropped File | Stream |
Malicious
|
...
|
»
YARA Matches (1)
»
Rule Name | Rule Description | Classification | Score | Actions |
---|---|---|---|---|
DharmaEncryptedFile | File encrypted by Dharma Ransomware | Ransomware |
5/5
|
...
|
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Word.en-us\WordMUI.XML.id-9C354B42.[admin@sectex.net].bot | Dropped File | Stream |
Malicious
|
...
|
»
YARA Matches (1)
»
Rule Name | Rule Description | Classification | Score | Actions |
---|---|---|---|---|
DharmaEncryptedFile | File encrypted by Dharma Ransomware | Ransomware |
5/5
|
...
|
C:\Program Files\Common Files\Microsoft Shared\Smart Tag\LISTS\1033\DATES.XML.id-9C354B42.[admin@sectex.net].bot | Dropped File | Stream |
Malicious
|
...
|
»
YARA Matches (1)
»
Rule Name | Rule Description | Classification | Score | Actions |
---|---|---|---|---|
DharmaEncryptedFile | File encrypted by Dharma Ransomware | Ransomware |
5/5
|
...
|
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Word.en-us\SETUP.XML.id-9C354B42.[admin@sectex.net].bot | Dropped File | Stream |
Malicious
|
...
|
»
YARA Matches (1)
»
Rule Name | Rule Description | Classification | Score | Actions |
---|---|---|---|---|
DharmaEncryptedFile | File encrypted by Dharma Ransomware | Ransomware |
5/5
|
...
|
C:\Program Files\Common Files\Microsoft Shared\Smart Tag\LISTS\1033\PHONE.XML.id-9C354B42.[admin@sectex.net].bot | Dropped File | Stream |
Malicious
|
...
|
»
YARA Matches (1)
»
Rule Name | Rule Description | Classification | Score | Actions |
---|---|---|---|---|
DharmaEncryptedFile | File encrypted by Dharma Ransomware | Ransomware |
5/5
|
...
|
C:\Program Files\Common Files\Microsoft Shared\Smart Tag\1033\MCABOUT.HTM.id-9C354B42.[admin@sectex.net].bot | Dropped File | Stream |
Malicious
|
...
|
»
YARA Matches (1)
»
Rule Name | Rule Description | Classification | Score | Actions |
---|---|---|---|---|
DharmaEncryptedFile | File encrypted by Dharma Ransomware | Ransomware |
5/5
|
...
|
C:\Program Files\Common Files\Microsoft Shared\Smart Tag\LISTS\1033\STOCKS.DAT.id-9C354B42.[admin@sectex.net].bot | Dropped File | Stream |
Malicious
|
...
|
»
YARA Matches (1)
»
Rule Name | Rule Description | Classification | Score | Actions |
---|---|---|---|---|
DharmaEncryptedFile | File encrypted by Dharma Ransomware | Ransomware |
5/5
|
...
|
C:\Program Files\Common Files\Microsoft Shared\Smart Tag\LISTS\1033\TIME.XML.id-9C354B42.[admin@sectex.net].bot | Dropped File | Stream |
Malicious
|
...
|
»
YARA Matches (1)
»
Rule Name | Rule Description | Classification | Score | Actions |
---|---|---|---|---|
DharmaEncryptedFile | File encrypted by Dharma Ransomware | Ransomware |
5/5
|
...
|
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Publisher.en-us\SETUP.XML.id-9C354B42.[admin@sectex.net].bot | Dropped File | Stream |
Malicious
|
...
|
»
YARA Matches (1)
»
Rule Name | Rule Description | Classification | Score | Actions |
---|---|---|---|---|
DharmaEncryptedFile | File encrypted by Dharma Ransomware | Ransomware |
5/5
|
...
|
C:\Program Files\Common Files\Microsoft Shared\Smart Tag\METCONV.TXT.id-9C354B42.[admin@sectex.net].bot | Dropped File | Stream |
Malicious
|
...
|
»
YARA Matches (1)
»
Rule Name | Rule Description | Classification | Score | Actions |
---|---|---|---|---|
DharmaEncryptedFile | File encrypted by Dharma Ransomware | Ransomware |
5/5
|
...
|
C:\Program Files\Common Files\Microsoft Shared\Stationery\Desktop.ini.id-9C354B42.[admin@sectex.net].bot | Dropped File | Stream |
Malicious
|
...
|
»
YARA Matches (1)
»
Rule Name | Rule Description | Classification | Score | Actions |
---|---|---|---|---|
DharmaEncryptedFile | File encrypted by Dharma Ransomware | Ransomware |
5/5
|
...
|
C:\Program Files\Common Files\Microsoft Shared\Smart Tag\LISTS\1033\STOCKS.XML.id-9C354B42.[admin@sectex.net].bot | Dropped File | Stream |
Malicious
|
...
|
»
YARA Matches (1)
»
Rule Name | Rule Description | Classification | Score | Actions |
---|---|---|---|---|
DharmaEncryptedFile | File encrypted by Dharma Ransomware | Ransomware |
5/5
|
...
|
C:\Program Files\Common Files\Microsoft Shared\Smart Tag\LISTS\BASMLA.XSL.id-9C354B42.[admin@sectex.net].bot | Dropped File | Stream |
Malicious
|
...
|
»
YARA Matches (1)
»
Rule Name | Rule Description | Classification | Score | Actions |
---|---|---|---|---|
DharmaEncryptedFile | File encrypted by Dharma Ransomware | Ransomware |
5/5
|
...
|
C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.en\Proof.msi.id-9C354B42.[admin@sectex.net].bot | Dropped File | Stream |
Malicious
|
...
|
»
YARA Matches (1)
»
Rule Name | Rule Description | Classification | Score | Actions |
---|---|---|---|---|
DharmaEncryptedFile | File encrypted by Dharma Ransomware | Ransomware |
5/5
|
...
|
C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.es\Proof.msi.id-9C354B42.[admin@sectex.net].bot | Dropped File | Stream |
Malicious
|
...
|
»
YARA Matches (1)
»
Rule Name | Rule Description | Classification | Score | Actions |
---|---|---|---|---|
DharmaEncryptedFile | File encrypted by Dharma Ransomware | Ransomware |
5/5
|
...
|
C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.fr\Proof.msi.id-9C354B42.[admin@sectex.net].bot | Dropped File | Stream |
Malicious
|
...
|
»
YARA Matches (1)
»
Rule Name | Rule Description | Classification | Score | Actions |
---|---|---|---|---|
DharmaEncryptedFile | File encrypted by Dharma Ransomware | Ransomware |
5/5
|
...
|
C:\Program Files\Common Files\Microsoft Shared\THEMES14\AFTRNOON\PREVIEW.GIF.id-9C354B42.[admin@sectex.net].bot | Dropped File | Stream |
Malicious
|
...
|
»
YARA Matches (1)
»
Rule Name | Rule Description | Classification | Score | Actions |
---|---|---|---|---|
DharmaEncryptedFile | File encrypted by Dharma Ransomware | Ransomware |
5/5
|
...
|
C:\Program Files\Common Files\Microsoft Shared\THEMES14\AFTRNOON\THMBNAIL.PNG.id-9C354B42.[admin@sectex.net].bot | Dropped File | Stream |
Malicious
|
...
|
»
YARA Matches (1)
»
Rule Name | Rule Description | Classification | Score | Actions |
---|---|---|---|---|
DharmaEncryptedFile | File encrypted by Dharma Ransomware | Ransomware |
5/5
|
...
|
C:\Program Files\Common Files\Microsoft Shared\THEMES14\ARCTIC\PREVIEW.GIF.id-9C354B42.[admin@sectex.net].bot | Dropped File | Stream |
Malicious
|
...
|
»
YARA Matches (1)
»
Rule Name | Rule Description | Classification | Score | Actions |
---|---|---|---|---|
DharmaEncryptedFile | File encrypted by Dharma Ransomware | Ransomware |
5/5
|
...
|
C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proofing.msi.id-9C354B42.[admin@sectex.net].bot | Dropped File | Stream |
Malicious
|
...
|
»
YARA Matches (1)
»
Rule Name | Rule Description | Classification | Score | Actions |
---|---|---|---|---|
DharmaEncryptedFile | File encrypted by Dharma Ransomware | Ransomware |
5/5
|
...
|
C:\Program Files\Common Files\Microsoft Shared\THEMES14\AXIS\PREVIEW.GIF.id-9C354B42.[admin@sectex.net].bot | Dropped File | Stream |
Malicious
|
...
|
»
YARA Matches (1)
»
Rule Name | Rule Description | Classification | Score | Actions |
---|---|---|---|---|
DharmaEncryptedFile | File encrypted by Dharma Ransomware | Ransomware |
5/5
|
...
|
C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLENDS\THMBNAIL.PNG.id-9C354B42.[admin@sectex.net].bot | Dropped File | Stream |
Malicious
|
...
|
»
YARA Matches (1)
»
Rule Name | Rule Description | Classification | Score | Actions |
---|---|---|---|---|
DharmaEncryptedFile | File encrypted by Dharma Ransomware | Ransomware |
5/5
|
...
|
C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLUECALM\PREVIEW.GIF.id-9C354B42.[admin@sectex.net].bot | Dropped File | Stream |
Malicious
|
...
|
»
YARA Matches (1)
»
Rule Name | Rule Description | Classification | Score | Actions |
---|---|---|---|---|
DharmaEncryptedFile | File encrypted by Dharma Ransomware | Ransomware |
5/5
|
...
|
C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLUECALM\THMBNAIL.PNG.id-9C354B42.[admin@sectex.net].bot | Dropped File | Stream |
Malicious
|
...
|
»
YARA Matches (1)
»
Rule Name | Rule Description | Classification | Score | Actions |
---|---|---|---|---|
DharmaEncryptedFile | File encrypted by Dharma Ransomware | Ransomware |
5/5
|
...
|
C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLENDS\PREVIEW.GIF.id-9C354B42.[admin@sectex.net].bot | Dropped File | Stream |
Malicious
|
...
|
»
YARA Matches (1)
»
Rule Name | Rule Description | Classification | Score | Actions |
---|---|---|---|---|
DharmaEncryptedFile | File encrypted by Dharma Ransomware | Ransomware |
5/5
|
...
|
C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\Office32MUI.msi.id-9C354B42.[admin@sectex.net].bot | Dropped File | Stream |
Malicious
|
...
|
»
YARA Matches (1)
»
Rule Name | Rule Description | Classification | Score | Actions |
---|---|---|---|---|
DharmaEncryptedFile | File encrypted by Dharma Ransomware | Ransomware |
5/5
|
...
|
C:\Program Files\Common Files\Microsoft Shared\THEMES14\AXIS\THMBNAIL.PNG.id-9C354B42.[admin@sectex.net].bot | Dropped File | Stream |
Malicious
|
...
|
»
YARA Matches (1)
»
Rule Name | Rule Description | Classification | Score | Actions |
---|---|---|---|---|
DharmaEncryptedFile | File encrypted by Dharma Ransomware | Ransomware |
5/5
|
...
|
C:\Program Files\Common Files\Microsoft Shared\THEMES14\BOLDSTRI\PREVIEW.GIF.id-9C354B42.[admin@sectex.net].bot | Dropped File | Stream |
Malicious
|
...
|
»
YARA Matches (1)
»
Rule Name | Rule Description | Classification | Score | Actions |
---|---|---|---|---|
DharmaEncryptedFile | File encrypted by Dharma Ransomware | Ransomware |
5/5
|
...
|
C:\Program Files\Common Files\Microsoft Shared\THEMES14\BOLDSTRI\THMBNAIL.PNG.id-9C354B42.[admin@sectex.net].bot | Dropped File | Stream |
Malicious
|
...
|
»
YARA Matches (1)
»
Rule Name | Rule Description | Classification | Score | Actions |
---|---|---|---|---|
DharmaEncryptedFile | File encrypted by Dharma Ransomware | Ransomware |
5/5
|
...
|
C:\Program Files\Common Files\Microsoft Shared\THEMES14\BREEZE\PREVIEW.GIF.id-9C354B42.[admin@sectex.net].bot | Dropped File | Stream |
Malicious
|
...
|
»
YARA Matches (1)
»
Rule Name | Rule Description | Classification | Score | Actions |
---|---|---|---|---|
DharmaEncryptedFile | File encrypted by Dharma Ransomware | Ransomware |
5/5
|
...
|
C:\Program Files\Common Files\Microsoft Shared\THEMES14\ARCTIC\THMBNAIL.PNG.id-9C354B42.[admin@sectex.net].bot | Dropped File | Stream |
Malicious
|
...
|
»
YARA Matches (1)
»
Rule Name | Rule Description | Classification | Score | Actions |
---|---|---|---|---|
DharmaEncryptedFile | File encrypted by Dharma Ransomware | Ransomware |
5/5
|
...
|
C:\Program Files\Common Files\Microsoft Shared\THEMES14\BREEZE\THMBNAIL.PNG.id-9C354B42.[admin@sectex.net].bot | Dropped File | Stream |
Malicious
|
...
|
»
YARA Matches (1)
»
Rule Name | Rule Description | Classification | Score | Actions |
---|---|---|---|---|
DharmaEncryptedFile | File encrypted by Dharma Ransomware | Ransomware |
5/5
|
...
|
C:\Program Files\Common Files\Microsoft Shared\THEMES14\CANYON\PREVIEW.GIF.id-9C354B42.[admin@sectex.net].bot | Dropped File | Stream |
Malicious
|
...
|
»
YARA Matches (1)
»
Rule Name | Rule Description | Classification | Score | Actions |
---|---|---|---|---|
DharmaEncryptedFile | File encrypted by Dharma Ransomware | Ransomware |
5/5
|
...
|
C:\Program Files\Common Files\Microsoft Shared\THEMES14\CANYON\THMBNAIL.PNG.id-9C354B42.[admin@sectex.net].bot | Dropped File | Stream |
Malicious
|
...
|
»
YARA Matches (1)
»
Rule Name | Rule Description | Classification | Score | Actions |
---|---|---|---|---|
DharmaEncryptedFile | File encrypted by Dharma Ransomware | Ransomware |
5/5
|
...
|
C:\Program Files\Common Files\Microsoft Shared\THEMES14\CAPSULES\THMBNAIL.PNG.id-9C354B42.[admin@sectex.net].bot | Dropped File | Stream |
Malicious
|
...
|
»
YARA Matches (1)
»
Rule Name | Rule Description | Classification | Score | Actions |
---|---|---|---|---|
DharmaEncryptedFile | File encrypted by Dharma Ransomware | Ransomware |
5/5
|
...
|
C:\Program Files\Common Files\Microsoft Shared\THEMES14\CASCADE\PREVIEW.GIF.id-9C354B42.[admin@sectex.net].bot | Dropped File | Stream |
Malicious
|
...
|
»
YARA Matches (1)
»
Rule Name | Rule Description | Classification | Score | Actions |
---|---|---|---|---|
DharmaEncryptedFile | File encrypted by Dharma Ransomware | Ransomware |
5/5
|
...
|
C:\Program Files\Common Files\Microsoft Shared\THEMES14\CAPSULES\PREVIEW.GIF.id-9C354B42.[admin@sectex.net].bot | Dropped File | Stream |
Malicious
|
...
|
»
YARA Matches (1)
»
Rule Name | Rule Description | Classification | Score | Actions |
---|---|---|---|---|
DharmaEncryptedFile | File encrypted by Dharma Ransomware | Ransomware |
5/5
|
...
|
C:\Program Files\Common Files\Microsoft Shared\THEMES14\COMPASS\PREVIEW.GIF.id-9C354B42.[admin@sectex.net].bot | Dropped File | Stream |
Malicious
|
...
|
»
YARA Matches (1)
»
Rule Name | Rule Description | Classification | Score | Actions |
---|---|---|---|---|
DharmaEncryptedFile | File encrypted by Dharma Ransomware | Ransomware |
5/5
|
...
|
C:\$Recycle.Bin\S-1-5-21-3388679973-3930757225-3770151564-1000\desktop.ini.id-9C354B42.[admin@sectex.net].bot | Dropped File | Stream |
Unknown
|
...
|
»
C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\PowerPointMUI.msi.id-9C354B42.[admin@sectex.net].bot | Dropped File | Stream |
Unknown
|
...
|
»
C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\PptLR.cab.id-9C354B42.[admin@sectex.net].bot | Dropped File | Stream |
Unknown
|
...
|
»
C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\ExcelMUI.msi.id-9C354B42.[admin@sectex.net].bot | Dropped File | Stream |
Unknown
|
...
|
»
C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\PublisherMUI.msi.id-9C354B42.[admin@sectex.net].bot | Dropped File | Stream |
Unknown
|
...
|
»
C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\ExcelLR.cab.id-9C354B42.[admin@sectex.net].bot | Dropped File | Stream |
Unknown
|
...
|
»
C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\PubLR.cab.id-9C354B42.[admin@sectex.net].bot | Dropped File | Stream |
Unknown
|
...
|
»
C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\OutlkLR.cab.id-9C354B42.[admin@sectex.net].bot | Dropped File | Stream |
Unknown
|
...
|
»
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\ADO210.CHM.id-9C354B42.[admin@sectex.net].bot | Dropped File | Stream |
Unknown
|
...
|
»
C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\OutlookMUI.msi.id-9C354B42.[admin@sectex.net].bot | Dropped File | Stream |
Unknown
|
...
|
»
C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\WordLR.cab.id-9C354B42.[admin@sectex.net].bot | Dropped File | Stream |
Unknown
|
...
|
»
C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\WordMUI.msi.id-9C354B42.[admin@sectex.net].bot | Dropped File | Stream |
Unknown
|
...
|
»
C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.es\Proof.cab.id-9C354B42.[admin@sectex.net].bot | Dropped File | Stream |
Unknown
|
...
|
»
C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.en\Proof.cab.id-9C354B42.[admin@sectex.net].bot | Dropped File | Stream |
Unknown
|
...
|
»
C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.fr\Proof.cab.id-9C354B42.[admin@sectex.net].bot | Dropped File | Stream |
Unknown
|
...
|
»
C:\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\InfLR.cab.id-9C354B42.[admin@sectex.net].bot | Dropped File | Stream |
Unknown
|
...
|
»
C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\OWOW32LR.cab.id-9C354B42.[admin@sectex.net].bot | Dropped File | Stream |
Unknown
|
...
|
»