35ae37f5...4835 | Files
Try VMRay Analyzer
VTI SCORE: 100/100
Dynamic Analysis Report
Classification: Wiper, Ransomware, Trojan

Remarks

(0x200001e): The maximum size of extracted files was exceeded. Some files may be missing in the report.

Filters:
Filename Category Type Severity Actions
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ContinuumLoosely.exe Sample File Binary
Malicious
»
Mime Type application/vnd.microsoft.portable-executable
File Size 849.00 KB
MD5 426e633db8d0f30d23bf17d65e64e818 Copy to Clipboard
SHA1 89dd9b1d28ab419ac5af7997dbd2fe8e0f682de4 Copy to Clipboard
SHA256 35ae37f5076806ff8d6d462477f011b1d373e2274fa92b2d3a46461332194835 Copy to Clipboard
SSDeep 24576:nzLNvFu1rSOzlgLKWMDozjXWpYFuu1Oh+n/:zLNvFu1rvOLCUDWyuuAo Copy to Clipboard
ImpHash 364af3abdef30c04992dd2274a5395c8 Copy to Clipboard
File Reputation Information
»
Severity
Blacklisted
First Seen 2019-12-20 11:38 (UTC+1)
Last Seen 2019-12-23 09:30 (UTC+1)
Names Win32.Trojan.Delshad
Families Delshad
Classification Trojan
PE Information
»
Image Base 0x400000
Entry Point 0x5c12f0
Size Of Code 0xc0000
Size Of Initialized Data 0x15000
Size Of Uninitialized Data 0x101000
File Type FileType.executable
Subsystem Subsystem.windows_gui
Machine Type MachineType.i386
Compile Timestamp 2019-12-20 08:16:59+00:00
Version Information (9)
»
Comments Altg Pbx Schoolsucks Burndown
CompanyName ActiveState Corporation
FileDescription Altg Pbx Schoolsucks Burndown
InternalName ContinuumLoosely
LegalCopyright Copyright (c) ActiveState Corporation
LegalTrademarks Copyright (c) ActiveState Corporation
PrivateBuild 1.5.7.5
ProductName ContinuumLoosely
ProductVersion 1.5.7.5
Sections (3)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
UPX0 0x401000 0x101000 0x0 0x400 IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.0
UPX1 0x502000 0xc0000 0xbf600 0x400 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 7.93
.rsrc 0x5c2000 0x15000 0x14a00 0xbfa00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 6.29
Imports (24)
»
KERNEL32.DLL (6)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
LoadLibraryA 0x0 0x5d658c 0x1d658c 0xd3f8c 0x0
GetProcAddress 0x0 0x5d6590 0x1d6590 0xd3f90 0x0
VirtualProtect 0x0 0x5d6594 0x1d6594 0xd3f94 0x0
VirtualAlloc 0x0 0x5d6598 0x1d6598 0xd3f98 0x0
VirtualFree 0x0 0x5d659c 0x1d659c 0xd3f9c 0x0
ExitProcess 0x0 0x5d65a0 0x1d65a0 0xd3fa0 0x0
ADVAPI32.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
CopySid 0x0 0x5d65a8 0x1d65a8 0xd3fa8 0x0
AVIFIL32.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
AVIFileInit 0x0 0x5d65b0 0x1d65b0 0xd3fb0 0x0
COMCTL32.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ImageList_GetIconSize 0x0 0x5d65b8 0x1d65b8 0xd3fb8 0x0
COMDLG32.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetFileTitleA 0x0 0x5d65c0 0x1d65c0 0xd3fc0 0x0
CRYPT32.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
CertGetNameStringA 0x0 0x5d65c8 0x1d65c8 0xd3fc8 0x0
GDI32.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
PatBlt 0x0 0x5d65d0 0x1d65d0 0xd3fd0 0x0
gdiplus.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GdipFree 0x0 0x5d65d8 0x1d65d8 0xd3fd8 0x0
IMM32.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ImmGetContext 0x0 0x5d65e0 0x1d65e0 0xd3fe0 0x0
MSIMG32.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
AlphaBlend 0x0 0x5d65e8 0x1d65e8 0xd3fe8 0x0
ODBC32.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
(by ordinal) 0x4b 0x5d65f0 0x1d65f0 0xd3ff0 -
ole32.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
DoDragDrop 0x0 0x5d65f8 0x1d65f8 0xd3ff8 0x0
OLEACC.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
LresultFromObject 0x0 0x5d6600 0x1d6600 0xd4000 0x0
OLEAUT32.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
SysAllocString 0x2 0x5d6608 0x1d6608 0xd4008 -
RASAPI32.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
RasDeleteSubEntryA 0x0 0x5d6610 0x1d6610 0xd4010 0x0
SETUPAPI.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
SetupDiGetClassDevsA 0x0 0x5d6618 0x1d6618 0xd4018 0x0
SHELL32.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
DragFinish 0x0 0x5d6620 0x1d6620 0xd4020 0x0
SHLWAPI.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
PathIsUNCA 0x0 0x5d6628 0x1d6628 0xd4028 0x0
USER32.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetDC 0x0 0x5d6630 0x1d6630 0xd4030 0x0
WININET.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
FtpSetCurrentDirectoryA 0x0 0x5d6638 0x1d6638 0xd4038 0x0
WINMM.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
PlaySoundA 0x0 0x5d6640 0x1d6640 0xd4040 0x0
WinSCard.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
SCardGetProviderIdW 0x0 0x5d6648 0x1d6648 0xd4048 0x0
WINSPOOL.DRV (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
OpenPrinterA 0x0 0x5d6650 0x1d6650 0xd4050 0x0
WS2_32.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ioctlsocket 0xa 0x5d6658 0x1d6658 0xd4058 -
Icons (1)
»
Memory Dumps (5)
»
Name Process ID Start VA End VA Dump Reason PE Rebuild Bitness Entry Points AV YARA Actions
continuumloosely.exe 1 0x00400000 0x005D6FFF Relevant Image - 32-bit - False False
buffer 1 0x02D40000 0x02D71FFF First Execution - 32-bit 0x02D40000 False False
buffer 1 0x02D40000 0x02D71FFF Content Changed - 32-bit 0x02D429BE False False
continuumloosely.exe 1 0x00400000 0x005D6FFF Content Changed - 32-bit - True False
continuumloosely.exe 1 0x00400000 0x005D6FFF Final Dump - 32-bit - True False
Local AV Matches (1)
»
Threat Name Severity
Trojan.GenericKD.32842449
Malicious
C:\Boot\BOOTSTAT.DAT.id-9C354B42.[admin@spacedatas.com].ROGER Dropped File Stream
Malicious
»
Mime Type application/octet-stream
File Size 64.25 KB
MD5 8a6bde3e8346d67d4e2eabd62d24083a Copy to Clipboard
SHA1 a5bc739e4e1fb35150f9c9d1a54cc93b41b2bbbf Copy to Clipboard
SHA256 1b9b5debf808b7ba37c7eebc8f887ee864ff1f0317028df18a8bbaebb70578e1 Copy to Clipboard
SSDeep 1536:BnJYMw84gHWvOu07Y0Ko+9BQwMTQWIsIGKhk+XzNEEFWKDs:9dw87Uy+9uwMTBpKhtzKEFWKY Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
5/5
C:\BOOTSECT.BAK.id-9C354B42.[admin@spacedatas.com].ROGER Dropped File Stream
Malicious
»
Mime Type application/octet-stream
File Size 8.25 KB
MD5 672c4c61bbfa4f4c9b5aec76db4142b3 Copy to Clipboard
SHA1 6de7b81fb498b15298ceb61f87a9009a4cfc19b6 Copy to Clipboard
SHA256 559ceda27dee637c60d5a632c1048e91b5114eb436e93cb248401068780ab1c9 Copy to Clipboard
SSDeep 192:EukUyqA85ktznbiZonYnQUGUohPnyba4lZwFWrWI1PqRxf/I:EGyHtfZnYnQUjoh/ybacZwylPl Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
5/5
C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[admin@spacedatas.com].ROGER Dropped File Stream
Malicious
»
Mime Type application/octet-stream
File Size 2.47 KB
MD5 05c04131cd393f2fe6361224fe663081 Copy to Clipboard
SHA1 ca61f2a9d08a0b905a016a317b7cabf46f824f2f Copy to Clipboard
SHA256 623d1cd23e9b32d0f42eba3dabbd53168bcd79e2c160459f0cbd16d0cbad7c1d Copy to Clipboard
SSDeep 48:bRsptWo0Mdg4jIk05IddZXRTRMKZCw6VCWcazrk69+i2K6vdig1CW/I8Zp2OjlA:FsptkMe40k05IdTBTlCwXdazwM+iHLgA Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
5/5
C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\PublisherMUI.xml.id-9C354B42.[admin@spacedatas.com].ROGER Dropped File Stream
Malicious
»
Mime Type application/octet-stream
File Size 1.66 KB
MD5 e76ab2bfcc83130b460bc8cb7b0c273b Copy to Clipboard
SHA1 b95c1c5aebdaf3f99bf396af6e1fdfe387fae575 Copy to Clipboard
SHA256 138cdbba5c7cb5b0899fc1580f11cd5caec0d10df54a48e1c5443d405ca29244 Copy to Clipboard
SSDeep 48:br5S7euZm9cwC8UK/GC+CRg4GiiQ/O3CuXtpeYlS:wZm9VUOGbQPil3ttI Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
5/5
C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[admin@spacedatas.com].ROGER Dropped File Stream
Malicious
»
Mime Type application/octet-stream
File Size 1.80 KB
MD5 eba4dcae35c3b706a9f48ab34c5550dc Copy to Clipboard
SHA1 0e26657391ab8b2db69bd8a8500e3542e305a320 Copy to Clipboard
SHA256 ff954481f891ee77430ce51f199b142fdc12a3de6e1808a04550e5247a0dba29 Copy to Clipboard
SSDeep 48:wAWgpgNIb2C6ZriJHsSYxZjtT7nruKYWfkUDFa0lA:wAWgp8ENQri2SY7tT7nPVDE06 Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
5/5
C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[admin@spacedatas.com].ROGER Dropped File Stream
Malicious
»
Mime Type application/octet-stream
File Size 2.07 KB
MD5 a50991c429f65692d0184196e2d06b72 Copy to Clipboard
SHA1 4139f2c4b975a6209938abf2c987492e05275b3e Copy to Clipboard
SHA256 3e9a537774dff6ba42ec0ba5f871a08452c9f5aae499a129241951f25eaed4ff Copy to Clipboard
SSDeep 48:ojbcJ/20SNbIj4vIXOsmSM0SSWP/KYmFSKJ0ieWzT92XhlqCe/mlA:oHcJbSbIj4Q+nSMXP/KxcieC2t6m6 Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
5/5
C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[admin@spacedatas.com].ROGER Dropped File Stream
Malicious
»
Mime Type application/octet-stream
File Size 4.33 KB
MD5 a4ab7accbf83fc063b663dc9ac14657e Copy to Clipboard
SHA1 30084659c658d8ee8bbe7309df8184fa297883cc Copy to Clipboard
SHA256 0d654a5b1f9adac0fb788d35473e3d9a3cb12c56270c298e3821db46f7aa7842 Copy to Clipboard
SSDeep 96:sU2e0i/Zlgc3+LqYzKhqWPoKWixFEgk/qrisAoZ9PnrJs6:s9eMkgdOhqWPoUxFEpuPXfrJX Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
5/5
C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[admin@spacedatas.com].ROGER Dropped File Stream
Malicious
»
Mime Type application/octet-stream
File Size 2.60 KB
MD5 898d69b71d7258de5e86e51906e5b4b1 Copy to Clipboard
SHA1 b78a21b0cadb83fcf55906938039150c1fd46afa Copy to Clipboard
SHA256 410e2c653f1fdcafd3003874615c76b10a9d4f4279c32b27580eb8def316b2c8 Copy to Clipboard
SSDeep 48:ySg35GA2whJYUvZfBX0cbAAzzA4MN4tGG06PVJaN7sAlA:p2/WeBRbAE8ktGG06PTaiA6 Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
5/5
C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\PowerPointMUI.xml.id-9C354B42.[admin@spacedatas.com].ROGER Dropped File Stream
Malicious
»
Mime Type application/octet-stream
File Size 1.66 KB
MD5 38eb17d0fc55e68c4fe4b0f68191ae9d Copy to Clipboard
SHA1 2aa4db495ec637a0be66fa699f1d0e91f7781cd7 Copy to Clipboard
SHA256 54d7c92bf1a3029f7126dbbbcebdcf7b0a3338f4ff9807f37fc5c793ec3fe343 Copy to Clipboard
SSDeep 48:pVDaiPWVMg2oZtxdvOMlTUt4fW3IfBM4te84lQ:fDFqDlpU+fW36L4K Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
5/5
C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.en\Proof.xml.id-9C354B42.[admin@spacedatas.com].ROGER Dropped File Stream
Malicious
»
Mime Type application/octet-stream
File Size 1.55 KB
MD5 fc136165dc36d4098b8388aa202c6279 Copy to Clipboard
SHA1 a5218bd1ea4c3d25286bb10633db6f67239621e1 Copy to Clipboard
SHA256 030595cd8c0a9bfeb787f6c2c2b1b4aec7f545b3d42fdeccb08a541b7c0f7b99 Copy to Clipboard
SSDeep 24:PF+ZnN8Ux8lMne/3ka4iQYR9pduO/mngn26al69LkOIe4TOYLrcQHRjpWd9lA:IZnN5iMnevkViQ+MOe025l6k02zRUlA Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
5/5
C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\ExcelMUI.xml.id-9C354B42.[admin@spacedatas.com].ROGER Dropped File Stream
Malicious
»
Mime Type application/octet-stream
File Size 1.76 KB
MD5 1ba937e8f4aee7b44360462cce12531e Copy to Clipboard
SHA1 a486ca500e5f309660b50cf76d110b255b9bba97 Copy to Clipboard
SHA256 ac471d0df73361642a6e7edd76cdd1655de20601e698751f5924b1f7f7e2ccdc Copy to Clipboard
SSDeep 24:GKOT2Th9QBSTRARHZApiE9jynm1a4RI43+ObqrSVX7PMLk8Z2cE8lrl5GeGpWd9g:nu2Thj6Zef1L2ugP2/Gl5Gezla Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
5/5
C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.fr\Proof.xml.id-9C354B42.[admin@spacedatas.com].ROGER Dropped File Stream
Malicious
»
Mime Type application/octet-stream
File Size 1.66 KB
MD5 b9b64b30eb6545a72ea2d1bc92aa95d4 Copy to Clipboard
SHA1 b20c48f5eba79b1b908b85a5232682434b7497b1 Copy to Clipboard
SHA256 d80135c43cfb2479fd6aaad5ec9bb232be16402ca6e9e7b49606555ce6e16a90 Copy to Clipboard
SSDeep 24:WFTEWofEJ/M5A+J460R8ZXpF73IT1OOkweu1rXOA+OavbOI9AU3kLAbsapWd9lA:w/z/Mq+i/R853IT0wx5avD9K0bs/lA Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
5/5
C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proofing.xml.id-9C354B42.[admin@spacedatas.com].ROGER Dropped File Stream
Malicious
»
Mime Type application/octet-stream
File Size 1.03 KB
MD5 193e10c73df42e67ae310c0820052d65 Copy to Clipboard
SHA1 8c22f5cad3e138028b535bc149d37d52333bf65b Copy to Clipboard
SHA256 55228b3d020254f3ec8fa0f397b017f1605a0e8c9aae25b2e9b3774de661ee79 Copy to Clipboard
SSDeep 24:SjQvVg2FUt6xveIjMDGSCAk3qhO7hWo1Q2ypWd9la:s+Ret6xve0IG6StWoO2Xla Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
5/5
C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[admin@spacedatas.com].ROGER Dropped File Stream
Malicious
»
Mime Type application/octet-stream
File Size 5.97 KB
MD5 fa75de0002284aeac7dae471b6d679c8 Copy to Clipboard
SHA1 16649339f75137c7ef98c009be901c654b0aa1a8 Copy to Clipboard
SHA256 40f2a8d05ea6b44a5b334a45905f305262e68d4c0848e35cbe3fce3ff6fffd6f Copy to Clipboard
SSDeep 96:G3nYA1jiC0ONXKiGk2FB8ufyXnGXCn7vHQKu7ILpjgCFerSbdAQ6:PSjvNLngBNcoCnbwJclh42Sb Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
5/5
C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\OutlookMUI.xml.id-9C354B42.[admin@spacedatas.com].ROGER Dropped File Stream
Malicious
»
Mime Type application/octet-stream
File Size 3.36 KB
MD5 b6fc1d05bd823fed3fc116717cc22c57 Copy to Clipboard
SHA1 feb9f7c1165916398d3a9215495ceff281449b7e Copy to Clipboard
SHA256 c3804bd8da565f2550099215157e7a8e0762721b8df97ba5cf3fed62afbce971 Copy to Clipboard
SSDeep 96:SK3ERYAX8poq5Y4ypIIw5vHzGwrS3MS5z7vma3Z9omUPnq9IhZjXC+M:bjC8+q5PGw8F5z7vmaEmUS9Ii Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
5/5
C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[admin@spacedatas.com].ROGER Dropped File Stream
Malicious
»
Mime Type application/octet-stream
File Size 2.54 KB
MD5 459b8fd6587ec29c2793a0e7953c1321 Copy to Clipboard
SHA1 bf199ee4c1ca564a9f483a93983d650eb1b16b91 Copy to Clipboard
SHA256 d8068a0f46bed6027a2650fc6b1fb063e63b88eaa8c01ce1c4360f339c6ef081 Copy to Clipboard
SSDeep 48:tJ1Bcyl0a3Sod8MXC0YUy/HIGpxQKtl/BYIuXUNzo7lq0+oG+ROKdP4CJ2lsllA:lBcyviMShpxQA3P+0KaCclsl6 Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
5/5
C:\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\InfoPathMUI.xml.id-9C354B42.[admin@spacedatas.com].ROGER Dropped File Stream
Malicious
»
Mime Type application/octet-stream
File Size 1.44 KB
MD5 5852ea046cb947272bca4c516448a0a9 Copy to Clipboard
SHA1 54284e8b99c14f735fefd4ed094ab1a210b52e97 Copy to Clipboard
SHA256 13ff10678548b65f330e79d382d5748083239146327122ed8182a47f90780026 Copy to Clipboard
SSDeep 24:21frtPpd+z+rw+cGA2O0DvK5tytU3b5Aec9hSobEql3KbejhpWd9l8:Uf5pd+z+ioOtyt379hSob0beWl8 Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
5/5
C:\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[admin@spacedatas.com].ROGER Dropped File Stream
Malicious
»
Mime Type application/octet-stream
File Size 2.04 KB
MD5 a10d3d4e71951039b09e5a42028b2a4b Copy to Clipboard
SHA1 6b120c0166d9ef7341a62af385a085ab055cbad1 Copy to Clipboard
SHA256 fe287933500e4beec5c215f1807b710ed276abfd8e082b79a40bfd5eefaf1f2b Copy to Clipboard
SSDeep 48:5qr1/zj7GDvS5PlDwQyRt4YL/iQyfJ4pf+1u4cxrCHFpSB+9RdlA:5qr1/COlRvI5L/iQi4tTP0HmE3d6 Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
5/5
C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\WordMUI.xml.id-9C354B42.[admin@spacedatas.com].ROGER Dropped File Stream
Malicious
»
Mime Type application/octet-stream
File Size 1.99 KB
MD5 f0bbd4662d6ef9e367ff49c22c62a96f Copy to Clipboard
SHA1 a9bfd819e6afdaa1186cef8cfc58ccf25f8e4ae9 Copy to Clipboard
SHA256 b49b7fa444e7c1087130d78b05271c5717965b5ed78b778a15c73fdf86b3b5f8 Copy to Clipboard
SSDeep 48:BN4IeKdtjtoqMOSxVRkXss10ljLnovlqRe6kllE:BNtHdtjGqMOQVq0vnklqzkl2 Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
5/5
C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\Office32MUI.xml.id-9C354B42.[admin@spacedatas.com].ROGER Dropped File Stream
Malicious
»
Mime Type application/octet-stream
File Size 1.60 KB
MD5 d475df2d77281eead86d6d4b9d680d8a Copy to Clipboard
SHA1 a6a2959495e7ba7fb30eb52a0e2b86a0020464ea Copy to Clipboard
SHA256 7a7d6898edef465eaa49b15a4ff381670618e87a38c6cfc7973064909a8b10ba Copy to Clipboard
SSDeep 24:JbiUXD3oRIMSCt8D1lecHa2W5+9PqAoWq6h7dtYpkkgcvRl3d/jdok2lemcFpWdM:J2UzUIMtS1Nykq6NdzpcvbdRo1exWl8 Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
5/5
C:\MSOCache\All Users\{90140000-0054-0409-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[admin@spacedatas.com].ROGER Dropped File Stream
Malicious
»
Mime Type application/octet-stream
File Size 6.33 KB
MD5 aa9637422bdb05d687ad228b579d3fb7 Copy to Clipboard
SHA1 e4c67d22495c34f0348b903b19ad02f9325797fe Copy to Clipboard
SHA256 b205e4cb5dbe77754b0f864257b38c33a0233367972e683274da2baf4c8f27dc Copy to Clipboard
SSDeep 192:hOwHE4QiWGL2prLT+0/8q5s/1HyfcgC/WmZDCO:3tR8vcq5M5yfo7DCO Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
5/5
C:\MSOCache\All Users\{90140000-0054-0409-1000-0000000FF1CE}-C\VisioMUI.xml.id-9C354B42.[admin@spacedatas.com].ROGER Dropped File Stream
Malicious
»
Mime Type application/octet-stream
File Size 9.51 KB
MD5 e223b9622140816165ea015f82a279e0 Copy to Clipboard
SHA1 2809d0fa6cf1f7f6f179b2875ef926d116866087 Copy to Clipboard
SHA256 bd54cb6e25fa1b66995f7e6901b62fd21df3f5f5027fd41608c8cfe7e5b393c4 Copy to Clipboard
SSDeep 192:Lw/hfDlffjCU2o5t+EPcGbjVza1aMJ/jzeAUgh:LkhrNbCUIE0GFza1lJ7zP Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
5/5
C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.es\Proof.xml.id-9C354B42.[admin@spacedatas.com].ROGER Dropped File Stream
Malicious
»
Mime Type application/octet-stream
File Size 1.66 KB
MD5 fa8ebf3570361ad33eb69b7ca050c264 Copy to Clipboard
SHA1 44ead6299908a94ea242da2277e971e51bfb37ca Copy to Clipboard
SHA256 c7fd11772d1886b7919807e3c6d98dc4819c2b4981ab602275effd9c6a784de6 Copy to Clipboard
SSDeep 24:o0Xp8+cHyCDz7aVSK62sqmnlHs2oAJq9InzcmH6a1RYpjhHNAjpWd9lA:oCp8ZHLac52To9s2oAJUycmH74tAUlA Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
5/5
C:\MSOCache\All Users\{90140000-00B4-0409-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[admin@spacedatas.com].ROGER Dropped File Stream
Malicious
»
Mime Type application/octet-stream
File Size 2.07 KB
MD5 48f00d61da74feef01e5ede83c683793 Copy to Clipboard
SHA1 05ead7f8817a8b4daa2e8739349b9139240c7eb8 Copy to Clipboard
SHA256 260d85b1f5ea81c692a4a064327f2a0447a3647ea146153a282185f5554505ab Copy to Clipboard
SSDeep 48:22BgGlprRODvUaty2k+Yi0jS3sSevS1lA:jJR6vUatys09Sx16 Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
5/5
C:\MSOCache\All Users\{90140000-00BA-0409-1000-0000000FF1CE}-C\GrooveMUI.xml.id-9C354B42.[admin@spacedatas.com].ROGER Dropped File Stream
Malicious
»
Mime Type application/octet-stream
File Size 1.14 KB
MD5 37bde0a53672a2b5c52b058aadbafa77 Copy to Clipboard
SHA1 e7670b6bf50b8dfcceb83164aba78d8533d4a703 Copy to Clipboard
SHA256 6f203c134f1cf9fe9305202eac1159a80cfe2c604d5e56f3988c81f8fda6aab3 Copy to Clipboard
SSDeep 24:e3S12pvB5Vc9BiDxsQnX2xLpS3HINtglfGE4yyTZmf3bfeQxpWd9lY:Ms2pvJH7Xw0uKfGE4LurfejlY Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
5/5
C:\MSOCache\All Users\{90140000-00BA-0409-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[admin@spacedatas.com].ROGER Dropped File Stream
Malicious
»
Mime Type application/octet-stream
File Size 1.65 KB
MD5 89694cc69bc9269a9048e982018a1d31 Copy to Clipboard
SHA1 9a82b82fea4cbc9318a8275ebb9503db78dad6d1 Copy to Clipboard
SHA256 4db8d83c1326aefaad628f3ac8ae783c7ca827d8d26e22ccafdb0fddfde08fee Copy to Clipboard
SSDeep 24:sX8UYgdXtYN2CbTaO+VDISEEZSeunS2T9nMfUUsduPcgxLTRWioW1s2pWd9lA:OsE9YlJwkSdZSe0v9jPy7J2jlA Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
5/5
C:\MSOCache\All Users\{90140000-00B4-0409-1000-0000000FF1CE}-C\ProjectMUI.xml.id-9C354B42.[admin@spacedatas.com].ROGER Dropped File Stream
Malicious
»
Mime Type application/octet-stream
File Size 1.66 KB
MD5 e5ff36df3bb0349c92a939f388ffa70e Copy to Clipboard
SHA1 f7149959ea4db0419130ddbd91bccd4d3aa38fe5 Copy to Clipboard
SHA256 8d51631db1f7c8fbf522876fd9dfc55bc9c2c7ba2da3fcd6be4e7c7720f72d8a Copy to Clipboard
SSDeep 48:onvzOnSrvFsW2mH/5MlhZ1b5oBNkVpXeFlu:onvCnQviW2QkhZ11okpUM Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
5/5
C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\OfficeMUI.xml.id-9C354B42.[admin@spacedatas.com].ROGER Dropped File Stream
Malicious
»
Mime Type application/octet-stream
File Size 5.67 KB
MD5 25679ec0bd86cd886bcb3343e8fc3675 Copy to Clipboard
SHA1 c9d61fd8b9ac37712f7bdd49bd71a15e35b5fa69 Copy to Clipboard
SHA256 3c799e87a0db5e5c0ff07aa1c782014bdf447198abcfeef30ea24c89a9fa1657 Copy to Clipboard
SSDeep 96:9nEb8NiVlniXzFVwLigq+UBQdFP+jF6LgD84FaGCdlWyZxoZjzmsi:968NqijFVGigqRBQnPJs9or4zG Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
5/5
C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\OfficeMUISet.xml.id-9C354B42.[admin@spacedatas.com].ROGER Dropped File Stream
Malicious
»
Mime Type application/octet-stream
File Size 1.05 KB
MD5 c0e00da3d2942a6bd4f060ec01a895d2 Copy to Clipboard
SHA1 be903e6a3e84200abd0e9e2c8746bf5297e7875d Copy to Clipboard
SHA256 149bff5a349a2781ea6a3818d09002c4e3354baa28412f128daf476a90d7545e Copy to Clipboard
SSDeep 24:KLRE8y70r2fDMEH7QBG+6kga1nUgMpoG1FapH3EJt7pS2UWpWd9lS:KlENI2rMEUBGunUgMxolkS2UlS Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
5/5
C:\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\OneNoteMUI.xml.id-9C354B42.[admin@spacedatas.com].ROGER Dropped File Stream
Malicious
»
Mime Type application/octet-stream
File Size 1.81 KB
MD5 342f5e1371fcea69ff62db02168eef4a Copy to Clipboard
SHA1 12511011523ed3f53af25cd7ee3d2ee19958d46b Copy to Clipboard
SHA256 5f3f20b4ef5aa0ca7099236d3eba38ad8fce5cc945c1a352a16ccc58c9c07382 Copy to Clipboard
SSDeep 48:cCTKgAPjXVeBDSLGYfex3dgzHNMn/Jesllu:BOFjfrffHm/JlM Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
5/5
C:\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[admin@spacedatas.com].ROGER Dropped File Stream
Malicious
»
Mime Type application/octet-stream
File Size 2.18 KB
MD5 d839f4f51113269ca08a88d6281893d3 Copy to Clipboard
SHA1 62c14d6192d248441c0f1c280a099dce555f6762 Copy to Clipboard
SHA256 8d3a02efd5aa1b3eebaea6007bf6b35332438ae4e966259c10a11892a4877496 Copy to Clipboard
SSDeep 48:E2WofH4nhbqb0eJalYwHZUncvnU0FQxxgZgEFLuJjOlA:mofHgQQeJalbKncvnQxxeTENO6 Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
5/5
C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\branding.xml.id-9C354B42.[admin@spacedatas.com].ROGER Dropped File Stream
Malicious
»
Mime Type application/octet-stream
File Size 582.61 KB
MD5 e894adc5bb537223e14ce1dd97876a70 Copy to Clipboard
SHA1 977e73c061302a356594b4252aab6357e57daf7d Copy to Clipboard
SHA256 545bda2d594701429f4c8288011592a70fa0c1fda77eb5fbe9e7f787210b08d5 Copy to Clipboard
SSDeep 12288:kqYRCP7nVNL9aeJ1l/5JJ11GxsBYQDbm7ZNEI/CyTaL3A5VDRxH:mmnVTaeJ1lRmx0OfEuCyH5Fj Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
5/5
C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Access.en-us\AccessMUI.xml.id-9C354B42.[admin@spacedatas.com].ROGER Dropped File Stream
Malicious
»
Mime Type application/octet-stream
File Size 1.56 KB
MD5 5f74e68b814eebc0210ec210ca3c7992 Copy to Clipboard
SHA1 fed2f70d6811f6bb464b93352e00e63d6acdb004 Copy to Clipboard
SHA256 c53c442928727fa49deb0d9b4cf5c98caa58e8132c9c5145a98403cacceb3dee Copy to Clipboard
SSDeep 24:mKjZ4ADyjBg5bC24lqJrFeGy81EZhALogWJHhm27WALg9Sjfp99xFQWSeYbpWd9i:mKN2K5mt4JoK64R277nx6eYMlY Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
5/5
C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\pss10r.chm.id-9C354B42.[admin@spacedatas.com].ROGER Dropped File Stream
Malicious
»
Mime Type application/octet-stream
File Size 26.79 KB
MD5 9b69270fa99b0d3c233435ddfc364eb2 Copy to Clipboard
SHA1 17e9cc13cd804ce319b8bf9938dd6a6df68ddba3 Copy to Clipboard
SHA256 3e6b442c8c1f9b4b0e94dbda24c45756f3bfc2512862da27d7e692814e5b3ca0 Copy to Clipboard
SSDeep 768:VMBFZzYNAfjWbJFQAvyockFKJX4hNRhfdxa:VyYNejWNOIyockFsaha Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
5/5
C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[admin@spacedatas.com].ROGER Dropped File Stream
Malicious
»
Mime Type application/octet-stream
File Size 9.37 KB
MD5 b731c6544b608afc4583df268b1c18be Copy to Clipboard
SHA1 6fbc4dcf88488d653b7e1acedbb52ac5bde9e490 Copy to Clipboard
SHA256 cd714f245aa7814ff57d463cd2d46cf80836e8ad260bf0aed49284cb48955fba Copy to Clipboard
SSDeep 192:w5T3+s2Gy/3f9nl1fSiB6G4VemDz0LeSMpPO1uABs1:wd3kLZw3Dz0LBMp0Hs1 Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
5/5
C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\setup.chm.id-9C354B42.[admin@spacedatas.com].ROGER Dropped File Stream
Malicious
»
Mime Type application/octet-stream
File Size 65.85 KB
MD5 33da027ccd2b87dd28d0b69e99d3dba9 Copy to Clipboard
SHA1 58d1f44275f11a877e4f6582d2f7f211802835b0 Copy to Clipboard
SHA256 a29faad4de68ab7775b6f659874217939fed9fafaaf8a5dd6c9172959f91eb3f Copy to Clipboard
SSDeep 1536:q/teIHP/IPLAbWrIJiC0Sm7JUIWAy7ZoX5y4jeb0ctiO:q/YIHP/IPLAbHhbm7JnyKnjcQO Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
5/5
C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Access.en-us\branding.xml.id-9C354B42.[admin@spacedatas.com].ROGER Dropped File Stream
Malicious
»
Mime Type application/octet-stream
File Size 582.61 KB
MD5 724321318d87ba6a7d953e419ea92f8d Copy to Clipboard
SHA1 db928bd6d5139031234cd822bea1743350d37c7c Copy to Clipboard
SHA256 dab46722d3cf5dcfa975128207a93eb17a2fe3d008fb5b4ca39bb96de51ae17c Copy to Clipboard
SSDeep 12288:NkJdImbFvAnKE9BLAiOIjKN0de9MIurY/zoKwn+07x7xR1r9cB8JnpGrAaY:NohvnWlOIjy0kCnF5731R48CrtY Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
5/5
C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\AccessMUISet.xml.id-9C354B42.[admin@spacedatas.com].ROGER Dropped File Stream
Malicious
»
Mime Type application/octet-stream
File Size 1.05 KB
MD5 b056429aa6f1777879bf540ba0e652a0 Copy to Clipboard
SHA1 3802ea5485435a8d68a2bb1d57c07729bdac7c91 Copy to Clipboard
SHA256 025e0688329e14a91877196b14c49511c9e3a340dd0dbd773c6957abca888d24 Copy to Clipboard
SSDeep 24:amxDPa705rKSRHvlVuHGnj1Pt3SQp/AJnFir4WS255pWd9lS:amJPa70RKSRH9VKU5MQGFj28lS Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
5/5
C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[admin@spacedatas.com].ROGER Dropped File Stream
Malicious
»
Mime Type application/octet-stream
File Size 2.80 KB
MD5 30ea72272dec1d5f30c4c4e0dee83916 Copy to Clipboard
SHA1 4e5f7fff178f1f3357522d4844273f53681af963 Copy to Clipboard
SHA256 4248d661c1391920a07dbce3dba7b21e5a0dcef0158958a28366ac9e507d8be3 Copy to Clipboard
SSDeep 48:ofjYitEgFKcRAStSpugGGKzn1Roq/CkfCSQ1IU0Kgd6AzamQeczdW+IrqfA0IYlA:ofjDrFKLSt02PDCQC16BKtASFzdW+I+m Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
5/5
C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\Office32WW.xml.id-9C354B42.[admin@spacedatas.com].ROGER Dropped File Stream
Malicious
»
Mime Type application/octet-stream
File Size 4.42 KB
MD5 c06190eeb1c888bd9c73be2eec71d1df Copy to Clipboard
SHA1 bdf81251feaffe0142bc10bbdba462300584924d Copy to Clipboard
SHA256 a1004c085bc0b0ced90dea93c1723906f869ca4319fa9c88aea8472e1972a90d Copy to Clipboard
SSDeep 96:Qs26D5CgGuYDjQWC2gwmYmqwcODHJB00ewM:b26DyuYDjQvmRmVb1ep Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
5/5
C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\Office32WW.xml.id-9C354B42.[admin@spacedatas.com].ROGER Dropped File Stream
Malicious
»
Mime Type application/octet-stream
File Size 4.42 KB
MD5 0af1b4454592a0ccdf7f9415efd1dbf5 Copy to Clipboard
SHA1 06cab895c3c415ca1f6b5df96afb25b7f7bf07f4 Copy to Clipboard
SHA256 3cf126cfdb8b6a5fb995fad45d196815c37df2cfd374eb924756db1f84b362f9 Copy to Clipboard
SSDeep 96:jAuW/U2qnCguZJmf1kyMqPlVnWfAf/dprFAqg/OyLkaLc2SCHx0KM:EuWWn+ZCkyMFfY/Sr5LcRIu3 Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
5/5
C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[admin@spacedatas.com].ROGER Dropped File Stream
Malicious
»
Mime Type application/octet-stream
File Size 30.60 KB
MD5 d15c9486e7fd1e734e282ebabd7f527a Copy to Clipboard
SHA1 ce80225143037f3c43d69a7a9cbf2a652465eacd Copy to Clipboard
SHA256 d149d2b4b7781e87a5c8a1dddeb8615030576734e2c46f45784fe5ac1c21a5e6 Copy to Clipboard
SSDeep 768:Rp6rFrlosoDNCFWQeth/Xl4u5m50CrftShINmD64uC:RpyVlosodJtRqu5mXfGIN6uC Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
5/5
C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[admin@spacedatas.com].ROGER Dropped File Stream
Malicious
»
Mime Type application/octet-stream
File Size 16.52 KB
MD5 a2a665b594cd42c7a5c8ce27869ddfd8 Copy to Clipboard
SHA1 fc21f6dc7495e4d71b8bb5505d6258a180f63590 Copy to Clipboard
SHA256 f829c5813fb6d23645a6d7b6433ff30ce82fb2cf7e373a85007facdd33ed988a Copy to Clipboard
SSDeep 384:5yMSJFck07iJIY61KYx8P+kHhK7cvFNu8cfzzrnhh:5yMSJ+k8i561Tx8P+kH87cvHqfXDb Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
5/5
C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[admin@spacedatas.com].ROGER Dropped File Stream
Malicious
»
Mime Type application/octet-stream
File Size 20.33 KB
MD5 e68eb6ab0771a96fff80389840481147 Copy to Clipboard
SHA1 af9184ef91b025066ef676dcfc8df262e7e34ceb Copy to Clipboard
SHA256 6b958c7edb50c8809c80cc60deee4c14ceece82d9a36823d9a9aa41ad3387e19 Copy to Clipboard
SSDeep 384:FO2LuqPGIgG/Y0Hq+pakMEr72/kxkO7ZVYAq5mmWSzYuTiZcQQn:vDf/YOqA6E2Cxm3vIW Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
5/5
C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\VisiorWW.xml.id-9C354B42.[admin@spacedatas.com].ROGER Dropped File Stream
Malicious
»
Mime Type application/octet-stream
File Size 8.76 KB
MD5 5e88dc233efd721e48a72c03d7de4d28 Copy to Clipboard
SHA1 59ba8dab9110a0afecd0e2bd95e85fa6bd08beea Copy to Clipboard
SHA256 5f8d7f1e9d29ece3383c5fa241cb8c8197a6ccae0b786c40d666792632b1bf30 Copy to Clipboard
SSDeep 192:OvTRepQMH2rifZ04zzdGkl8BIGDliUhcG6qEif:OUpQMH2mZ3zdw1liU6G690 Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
5/5
C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.EPS.id-9C354B42.[admin@spacedatas.com].ROGER Dropped File Stream
Malicious
»
Mime Type application/octet-stream
File Size 14.94 KB
MD5 563490577a6313df38bd0c2f3a10fc91 Copy to Clipboard
SHA1 c44931a91a88e7489790991283f4acaf7ecb189c Copy to Clipboard
SHA256 95d113fc43d52875e865e485134ef84ae7cd1965ff282905dea98351988a15c2 Copy to Clipboard
SSDeep 192:1tqlzAJXroStGIV9ALaw0/a1g7SKWqnkxgWFA+tCgp9tPnUAf8xz+6tUdu3IUYUZ:WA3c+9Umeg7SWnkuQtFtPUE8iu4rNE Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
5/5
C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\Office32WW.xml.id-9C354B42.[admin@spacedatas.com].ROGER Dropped File Stream
Malicious
»
Mime Type application/octet-stream
File Size 4.42 KB
MD5 66a6e4cad82575792852335a9e6f43c5 Copy to Clipboard
SHA1 da16274ec7c7f604b0ba9b87fb3161031ff71743 Copy to Clipboard
SHA256 eaf09e1b735c707919cceed42cbb5dc93e753751a0db967c0b640cc6b325a460 Copy to Clipboard
SSDeep 96:4yXcm6DCceufYP05tIou1VMIHvna4PPFiR9NM:4ysmTuYM5tiVPva4PT Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
5/5
C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\ProPlusrWW.xml.id-9C354B42.[admin@spacedatas.com].ROGER Dropped File Stream
Malicious
»
Mime Type application/octet-stream
File Size 16.70 KB
MD5 a3ed16f645c6f74d9e61a54c4ffe85cb Copy to Clipboard
SHA1 8b3b78feda1acc4c9032047ecaec7227587ac148 Copy to Clipboard
SHA256 1b0ad1aecdfe326c657ee3ed54547ace1ff3a2e0667f1c67266bf38ae37d4e13 Copy to Clipboard
SSDeep 384:/XBP3nedtkkcIskVYsVDbhzJSyHL2np+ZDGw:fBP3nhIBPxTVopSZ Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
5/5
C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\PrjProrWW.xml.id-9C354B42.[admin@spacedatas.com].ROGER Dropped File Stream
Malicious
»
Mime Type application/octet-stream
File Size 6.51 KB
MD5 9d76e94dd0e44e2baf469ab2188b3a78 Copy to Clipboard
SHA1 80f2193bb5eb2bd353c9f1396f31877d0c150cc3 Copy to Clipboard
SHA256 9de00881d4c1c32feb4f088d35a43db87f31727c3cdfe0524cd2b4410b5b49e8 Copy to Clipboard
SSDeep 192:eRfdgQ0yr+jPjJOJsBriAqSX0eRnTKktvjCH:q2tI+BiAjEeRT3q Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
5/5
C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.JPG.id-9C354B42.[admin@spacedatas.com].ROGER Dropped File Stream
Malicious
»
Mime Type application/octet-stream
File Size 1.27 KB
MD5 2171a26f1bd467f0444f526ceca4cc66 Copy to Clipboard
SHA1 a3c3da441b0cb68fe3222db5fba112f42ffbe701 Copy to Clipboard
SHA256 2dab306325356ca02d44b9f67a396cd84ff62a0002424141102f0817931ff102 Copy to Clipboard
SSDeep 24:VgHV3wP5upE6poRl7oAWkbbCyV76kzaUhgJ2etpWd9le:+HrE62kAWkbbXJzat2fle Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
5/5
C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.PNG.id-9C354B42.[admin@spacedatas.com].ROGER Dropped File Stream
Malicious
»
Mime Type application/octet-stream
File Size 1.88 KB
MD5 11b0ed0681b78fd0ac321e74ac7ce1fc Copy to Clipboard
SHA1 99ddee2d35e58052dd3189fe3d300612b1d5fb75 Copy to Clipboard
SHA256 fd3bb6acaa25966bd049b1a4dfc1d6f531da36d9845900565dc1f48b5572c5ee Copy to Clipboard
SSDeep 48:dymm0Zg0FslawDosmt0699HkhzaaqyYCU3qhPDk2le:00ZdyL2rDHKaadsaRp8 Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
5/5
C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.GIF.id-9C354B42.[admin@spacedatas.com].ROGER Dropped File Stream
Malicious
»
Mime Type application/octet-stream
File Size 1.27 KB
MD5 a3379cad4819e9ab3c7d0522a874960b Copy to Clipboard
SHA1 f56124d5f3ff1744509ba7eab933d9f099597a2b Copy to Clipboard
SHA256 7b1a9ba67d9ce416a724a2ba7000d59bb1ea7735c7bb7f306a89461aa002c9f0 Copy to Clipboard
SSDeep 24:kTzFOK5gGrb1LSqGedqcH1CXlitwjD2kENzP73pWd9le:yOCRrRSN28stwj6xKle Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
5/5
C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.en\Proof.msi.id-9C354B42.[admin@spacedatas.com].ROGER Dropped File Stream
Malicious
»
Mime Type application/octet-stream
File Size 855.24 KB
MD5 e387ccd4dedd5688c7169c29fb2402df Copy to Clipboard
SHA1 95eb51a72335814c55b775b08680061b9b4c84dd Copy to Clipboard
SHA256 bbb8792b49773c1b2081c7f8421ad0a6b5db2670271c175954921be27024ee89 Copy to Clipboard
SSDeep 24576:Z8ymLy7io/kgSJ/Iemn7GMKfMKU88g/kXX9:Z8ymLA7jSJ5mnCT0188Ak9 Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
5/5
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\README.HTM.id-9C354B42.[admin@spacedatas.com].ROGER Dropped File Stream
Malicious
»
Mime Type application/octet-stream
File Size 2.13 KB
MD5 b7ec1f0823b355b2cec7260f7aa6ad21 Copy to Clipboard
SHA1 5915d8524bed6a5384ca3b231f9fee950bfbb81c Copy to Clipboard
SHA256 92526fdf04cf913f0ebc83a838338cc35375c113560008331faf7e334e183dbd Copy to Clipboard
SSDeep 48:xq52honvM1ZH1tpWyUlS4GKGUIIQ6FSpo6e+CFy4WDPuC3OShoySJlW:xk2meN5/lGInDppeByDjerywk Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
5/5
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Access.en-us\AccessMUI.XML.id-9C354B42.[admin@spacedatas.com].ROGER Dropped File Stream
Malicious
»
Mime Type application/octet-stream
File Size 1.56 KB
MD5 5b980dad36f1fff32ed32fbeeea635f3 Copy to Clipboard
SHA1 bced477d6c1ba5f0b5e91d8e783d0fd515d052b0 Copy to Clipboard
SHA256 0d7a9e7574856f82d026eab39069d0512059f48b322bec65cc0f95da883968b0 Copy to Clipboard
SSDeep 24:hhjM6akvTGZdDRcayRwPzDoN+igaozLiI6t9BKEhFbG1FDwqTsyWShpzpWd9lY:Pj53v6/1fXVigDwKEzq16Ss8YlY Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
5/5
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Access.en-us\AccessMUISet.XML.id-9C354B42.[admin@spacedatas.com].ROGER Dropped File Stream
Malicious
»
Mime Type application/octet-stream
File Size 1.05 KB
MD5 4e822818f6a93f45e1b76ae304ecadbd Copy to Clipboard
SHA1 145aa4ddb85287a251e9b0d3b03e71a6e5f25adb Copy to Clipboard
SHA256 68565dced4c2f86c964e5b323b1d8e29d184bcdb37013dc29b899ae7885ba091 Copy to Clipboard
SSDeep 24:dU0yixiQxRXuUrJkgeK2bnfcQTrfpNT4fuTPWS2OZpWd9lS:ONiPXuUtGK2cQfT42TF2rlS Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
5/5
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Excel.en-us\ExcelMUI.XML.id-9C354B42.[admin@spacedatas.com].ROGER Dropped File Stream
Malicious
»
Mime Type application/octet-stream
File Size 1.76 KB
MD5 9be6fd2d63d7151e84bc55c6a7afdcdd Copy to Clipboard
SHA1 ebdbc0d3d8e9cf3a55c4078f794c897d01873910 Copy to Clipboard
SHA256 ae9c409df110c00c7ea896779a8ee2c108b6925291f4e6996f97711cfb5768a1 Copy to Clipboard
SSDeep 48:89S6hCSb2m211CVklNl2c5PHVJK5vmyla:DEM11/zL53K5eyg Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
5/5
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Groove.en-us\GrooveMUI.XML.id-9C354B42.[admin@spacedatas.com].ROGER Dropped File Stream
Malicious
»
Mime Type application/octet-stream
File Size 1.14 KB
MD5 60375591d43e044d4e3c3355a7f958ce Copy to Clipboard
SHA1 bbe8bef205f4cae5549877ed9ced198380d5c1fa Copy to Clipboard
SHA256 e2ff93e72972a820a99eef5316d7a7337ec975ce3e54d34fdecf4caed4f41447 Copy to Clipboard
SSDeep 12:wbxbusIk8Rez6BEmMsgsjUUy+dj/LZ724vljjVdj1s/qX6VKQRa0Gjoh3PAWs3jf:wTZZ6BEmMIjdycLflfdEa0i/LpWd9lY Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
5/5
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Groove.en-us\SETUP.XML.id-9C354B42.[admin@spacedatas.com].ROGER Dropped File Stream
Malicious
»
Mime Type application/octet-stream
File Size 1.65 KB
MD5 9ae857abef046808afa57fa3a6999b25 Copy to Clipboard
SHA1 03b0809c239004e0e51cbb810690fb19c2c12173 Copy to Clipboard
SHA256 8db20258eb3054a2f405ff341e8ce2089447e5acf0b137245b56a21741508555 Copy to Clipboard
SSDeep 48:AdG3EYNb01t065XJAz8loxSsFA/ogppu3GunIhSqGcHclA:A43BwztWwl4/soN3fpqt86 Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
5/5
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\InfoPath.en-us\InfoPathMUI.XML.id-9C354B42.[admin@spacedatas.com].ROGER Dropped File Stream
Malicious
»
Mime Type application/octet-stream
File Size 1.44 KB
MD5 4e5d9238b2ab4eb1812c2fe2a2ce672f Copy to Clipboard
SHA1 a8a1769f92a50f88a0b912694daa985d8a8ea20d Copy to Clipboard
SHA256 4d5c408a3fe85c457b9ea186a6edddb0ed14052c18c5dc683269e7a2ef8fa345 Copy to Clipboard
SSDeep 24:azXZIPl07AUL09W3MSYM/w+iFa5knpTHbDg5hyuypWd9l8:azCW7RKW36nBBnRbEyOl8 Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
5/5
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Access.en-us\SETUP.XML.id-9C354B42.[admin@spacedatas.com].ROGER Dropped File Stream
Malicious
»
Mime Type application/octet-stream
File Size 2.80 KB
MD5 e58e08cd66aea8ed925cd738b74ae7fc Copy to Clipboard
SHA1 bc67fc4b7b6190a25d2a1690d56a184a8609df62 Copy to Clipboard
SHA256 d7acb0613745fb0e5c91b7c9b9328373ef0e9a05cf2054b0a79fdb607cc49cef Copy to Clipboard
SSDeep 48:9xTAk7EgtjB23EWWGOU0nKSwHFkQ4s/agDEOrMpXTOPgf+ozTT5v7LPUNdrH5VST:bf7EgtjA3E6OBK1Os/a2EOrMpjOIf+oL Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
5/5
C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.es\Proof.msi.id-9C354B42.[admin@spacedatas.com].ROGER Dropped File Stream
Malicious
»
Mime Type application/octet-stream
File Size 860.74 KB
MD5 d36073fe91a52f9a91536749d036ed16 Copy to Clipboard
SHA1 4fef859a4c4def417eda442266c6de0ef11f13d1 Copy to Clipboard
SHA256 df8971fc8804ecbbb85f6232be3007de1ab7c1dcef31e89742180c73ad6d6f68 Copy to Clipboard
SSDeep 24576:8oiv38Oa+4yoZbMB5AMnXXoUKSmbj6JmvRn3fJ2fcMuS:8fzFoxK7XXocmy0YkMZ Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
5/5
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\InfoPath.en-us\SETUP.XML.id-9C354B42.[admin@spacedatas.com].ROGER Dropped File Stream
Malicious
»
Mime Type application/octet-stream
File Size 2.04 KB
MD5 489283ab29582e1d3517e1df7380f3b6 Copy to Clipboard
SHA1 7b3cdb6f20b1c6280ba766a287622c5b066cafff Copy to Clipboard
SHA256 3ad4bea896e510bb206082bb8641829f6dff59aa99698f453a40535644852c02 Copy to Clipboard
SSDeep 48:emZIcESXbi/JxE+cncRVKIsLabNdwJ5Cd4dClA:eOIcP+/bE+cn5G2c4w6 Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
5/5
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\OCT.CHM.id-9C354B42.[admin@spacedatas.com].ROGER Dropped File Stream
Malicious
»
Mime Type application/octet-stream
File Size 69.80 KB
MD5 9e27a40dfd08324d6f56976e89129fca Copy to Clipboard
SHA1 84cc72a1a3f4aa1112b9be086f6debc4de7bacba Copy to Clipboard
SHA256 4d3177b4f360368caaadc1035b0b8e6f28eeeabdf2c4951b4c318e3df1b08e03 Copy to Clipboard
SSDeep 1536:b60pBpqCNl1v4xfYbdlh7rGNcau8FfYfEDid6ZqCB1YLgL5ijUubU:O0hROYbRoY8FVZaErcU Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
5/5
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\OfficeMUI.XML.id-9C354B42.[admin@spacedatas.com].ROGER Dropped File Stream
Malicious
»
Mime Type application/octet-stream
File Size 5.67 KB
MD5 81064195b621f3188fcef8ccec9d943e Copy to Clipboard
SHA1 25910711bcf108ddcf7859dd41093a3bab2141a6 Copy to Clipboard
SHA256 655a94f5edecbcafad8f14ee94f183b551ce3e942d6b98cbb78f177fad028136 Copy to Clipboard
SSDeep 96:MHrVMOww083smFT9qihenk26nqDGt8ACEXjv9FU1e0muMnUIeNYsWSwdf1VWhvF3:MHHb08lFTUNtACETVFioUZYhzdjWVFco Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
5/5
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\OfficeMUISet.XML.id-9C354B42.[admin@spacedatas.com].ROGER Dropped File Stream
Malicious
»
Mime Type application/octet-stream
File Size 1.05 KB
MD5 c2cd7fb62bd21323e5416bb8b4d42f45 Copy to Clipboard
SHA1 02b50aafd5356baa9b1fcbb644b51885eb0c3c57 Copy to Clipboard
SHA256 a8e970bb3b6e6951ef35d328198b333fb15a281716bae9e32b483976c5c6ccc8 Copy to Clipboard
SSDeep 24:wEb755dusegUMEIO+c9QSUoxQITjKtv+Qfz7cRS21sb3pWd9lS:ws7fje5ME+c9QQTGtvnWS2CbglS Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
5/5
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\PSCONFIG.CHM.id-9C354B42.[admin@spacedatas.com].ROGER Dropped File Stream
Malicious
»
Mime Type application/octet-stream
File Size 37.04 KB
MD5 1d048e423fe6ce2e08f495238cc9f9f3 Copy to Clipboard
SHA1 3a0cf192c9f14d4fdbdc53c888ba673e419b826b Copy to Clipboard
SHA256 1b7d965dba194111f11dfab18f2517850b89bd3d9b892ff59b5cb501cb1a310d Copy to Clipboard
SSDeep 768:d2cPC/GMPZgcCXmmFJUYWSe470ipXUs/4e2ghUYmLjvJfWUNC4mF:dNP4bEmmTWckIq3LFP8h Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
5/5
C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proofing.msi.id-9C354B42.[admin@spacedatas.com].ROGER Dropped File Stream
Malicious
»
Mime Type application/octet-stream
File Size 848.75 KB
MD5 4660e5e0d73f8022ff623f5567873f0e Copy to Clipboard
SHA1 1de8f4e8002a8b6545bf8073abdb9bd62ea2a4ee Copy to Clipboard
SHA256 eb85704f48fcb48bbd0bf89c7bc0c584334471e542e8172ac9e0d61525afc805 Copy to Clipboard
SSDeep 24576:uOnx29m9QqG4cmOOdepR08HVZNRigtH3umDpfyicjA:uqx2AaqGAOOdUR0UxR5B3umDpGM Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
5/5
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\PSS10O.CHM.id-9C354B42.[admin@spacedatas.com].ROGER Dropped File Stream
Malicious
»
Mime Type application/octet-stream
File Size 26.54 KB
MD5 309c005b149e9acb28f43f804a7fb764 Copy to Clipboard
SHA1 9ece53e64a321b4f5e80f471f07e07d46d75c896 Copy to Clipboard
SHA256 8b7a0708ef83006d3da8c986dbe16413d7a14e3bbe2a9d01c6e9aaa0d6c34a7e Copy to Clipboard
SSDeep 768:J2MjjJU1QOxhM0gcQsctRNphSJFYOR7SCQ2RSs:TNcQOxqcQsmLphSAOROs Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
5/5
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\BRANDING.XML.id-9C354B42.[admin@spacedatas.com].ROGER Dropped File Stream
Malicious
»
Mime Type application/octet-stream
File Size 582.61 KB
MD5 fc53ca6e9b50e47847b9a487f42cc064 Copy to Clipboard
SHA1 beb8c730257ba901a53b2e9223ad865bcb0b705b Copy to Clipboard
SHA256 fbba94a6175c6450fbbdc729f07c1d448a5cb4a8f01c96be35e130030e2b6a6e Copy to Clipboard
SSDeep 12288:vqTrXFjuQY+aRGT0Anr8NKcoesUZaChPt0jpY040AzaFM/jNfUC5X:vQDs7cJr0KpesUZpUu0Xa/jJ Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
5/5
C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.fr\Proof.msi.id-9C354B42.[admin@spacedatas.com].ROGER Dropped File Stream
Malicious
»
Mime Type application/octet-stream
File Size 865.24 KB
MD5 f72cd2d77f45aa041cc9b46c23ccfa9b Copy to Clipboard
SHA1 83703ee03e71b86c9b94552f1b5f33d3dc9d62e4 Copy to Clipboard
SHA256 a9f155ff077518f754f9915317422812111ab3f482659d5d37cf3f5ae47e41a5 Copy to Clipboard
SSDeep 24576:7kp03ZvTteq1dsIdzyzfXsrpMjOcbwW58tasRq09u8tKox:7+03zeXCMsr9i+a1Iuc Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
5/5
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Excel.en-us\SETUP.XML.id-9C354B42.[admin@spacedatas.com].ROGER Dropped File Stream
Malicious
»
Mime Type application/octet-stream
File Size 2.47 KB
MD5 2a19c16008cb3226a6364f102ba71ef0 Copy to Clipboard
SHA1 d9d899c474a273d9623d6e0e6259df2afd88e288 Copy to Clipboard
SHA256 3ae5a5c03d701076f3124f230aea154aa4f3934d9bd79ac53d00f09b4d2645c2 Copy to Clipboard
SSDeep 48:BgXPyvORnRX7FbSDb4vZf7bmrI8w+DMx87p8QcQ/3SUlA:2XqvORnJU7rpw+p98Fwr6 Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
5/5
C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\Office32MUI.msi.id-9C354B42.[admin@spacedatas.com].ROGER Dropped File Stream
Malicious
»
Mime Type application/octet-stream
File Size 853.75 KB
MD5 fce7247895fd6156ef16f30efcff9fd3 Copy to Clipboard
SHA1 dda73e5a9a50d2357801c2bde93f057ea658e19d Copy to Clipboard
SHA256 6c4e6c48e61e78ada64512fdc995fbaf7e0e0e5ac28396b943167084e14218df Copy to Clipboard
SSDeep 24576:FhdN8RKbJPFWRRms5rQlkXCftZpzIW73JUN:jdNRbJgTpQlkX0XkSUN Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
5/5
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\SETUP.XML.id-9C354B42.[admin@spacedatas.com].ROGER Dropped File Stream
Malicious
»
Mime Type application/octet-stream
File Size 9.37 KB
MD5 a05099f36332a8382dc31a708187948e Copy to Clipboard
SHA1 d5b4a0d8d14e8a046a1085d67461172bca1001df Copy to Clipboard
SHA256 e71aa9a8e1d42a60404766408262974628daf17f48624921cc25eb865ae6d026 Copy to Clipboard
SSDeep 192:Ka/Q7/CBpX7wn+WNOUdLndc+1euIkgV+xoV9G3AJcG3k2cIA4:KuCqjX7w2CzdzEuIkgV+WkAJchI Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
5/5
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office32.en-us\Office32MUI.XML.id-9C354B42.[admin@spacedatas.com].ROGER Dropped File Stream
Malicious
»
Mime Type application/octet-stream
File Size 1.60 KB
MD5 e5bdb6189978c3205bacbb62b7f92b51 Copy to Clipboard
SHA1 ef0d0eef10162b600b3b6472c6c8bd1dd76e47ee Copy to Clipboard
SHA256 240390cbc59939544af923c16e6bf0c9b33c52ed621cdbf9057316e227c6fa73 Copy to Clipboard
SSDeep 48:HZZE8Z4/TlYjz90H+q6ty5jj2++AhV81Nl8:5xG/Tlo86MpVce Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
5/5
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office32.WW\Office32WW.XML.id-9C354B42.[admin@spacedatas.com].ROGER Dropped File Stream
Malicious
»
Mime Type application/octet-stream
File Size 4.42 KB
MD5 7ddb20b36685ea4a7070b2f579564e29 Copy to Clipboard
SHA1 09038a3898ceff49363899a06259622380241e3b Copy to Clipboard
SHA256 accb0d4e1438419c2a5523c3717465482c3af4da30b911631cacfd9d03e50019 Copy to Clipboard
SSDeep 96:8bhEDv6k4kosWYN3oit4uAQ+mC27HR4anB6PCGV4zBxhBLx/WEzp7bKM:8dELIkosWYNtevQ+w7PvGV8BxhBdH Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
5/5
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\OneNote.en-us\OneNoteMUI.XML.id-9C354B42.[admin@spacedatas.com].ROGER Dropped File Stream
Malicious
»
Mime Type application/octet-stream
File Size 1.81 KB
MD5 68471b00b431322ac3630f47f5d38503 Copy to Clipboard
SHA1 d15936f5d7c8c2f4ac4490b8b133b67fc6fb12e4 Copy to Clipboard
SHA256 48f5a00fcedc1bf57d71cae643168ece230e88230cdcccc795be27830d4d9c20 Copy to Clipboard
SSDeep 48:K1DHH5Q+k1o+Jktfduey49YdIuihcD1BfpS11lu:K1Dn5jk1dJxey6Puih6HwM Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
5/5
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\OneNote.en-us\SETUP.XML.id-9C354B42.[admin@spacedatas.com].ROGER Dropped File Stream
Malicious
»
Mime Type application/octet-stream
File Size 2.18 KB
MD5 db5bd5887894d1b69900fe494813c655 Copy to Clipboard
SHA1 86080950ab8bcf827921ccc5ac0ced2a53d00f20 Copy to Clipboard
SHA256 d63bd153693a6a6ca52457e2fa71d0f45baa03938a12d6fbc6a8eafcc48bc3ac Copy to Clipboard
SSDeep 48:K0YLA3+5GHvZvYKu2H3DWux09zZEPDdjTKKseZcHlA:nYs3l+iHTWWIZajWHeZcH6 Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
5/5
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\SETUP.CHM.id-9C354B42.[admin@spacedatas.com].ROGER Dropped File Stream
Malicious
»
Mime Type application/octet-stream
File Size 65.85 KB
MD5 57f80053241f877ab5d109bdc487871f Copy to Clipboard
SHA1 a741606f8297b44f6abf789c41c7a9ae206c761e Copy to Clipboard
SHA256 ed01dd283e5f5834afc855e92fab9344613491e8ed1571a35758991d0d66e8b3 Copy to Clipboard
SSDeep 1536:U+1oKRr1htfRD/Pok5htOjaPU8+Vw86GISmFg:z1oIVRD/PX5htOjaPYyE5mO Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
5/5
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\PSS10R.CHM.id-9C354B42.[admin@spacedatas.com].ROGER Dropped File Stream
Malicious
»
Mime Type application/octet-stream
File Size 26.79 KB
MD5 f32062e2afb280fb5ffedc801dc11783 Copy to Clipboard
SHA1 49a7976e8e28e826aa20c97026dc73264d85d615 Copy to Clipboard
SHA256 f4de03a462561df841c6c95e7d70737758621d1c97b2a0ac98d140e7214fe66a Copy to Clipboard
SSDeep 768:gKDcS0klDFClsDVCB4gkbU7COkCvSfgOoZcs2z:tcwFDkB44/kCqfg1ZI Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
5/5
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office32.en-us\SETUP.XML.id-9C354B42.[admin@spacedatas.com].ROGER Dropped File Stream
Malicious
»
Mime Type application/octet-stream
File Size 2.54 KB
MD5 63cf9f949f14cf78c0ce68d4116f8efd Copy to Clipboard
SHA1 ad1fe9a3579a827e4e7f3d9bb6381f1c0c0bcc92 Copy to Clipboard
SHA256 db420c32f707c28d6945d323de4ce0ad91552a3373a84f81c195b68aaf8a5058 Copy to Clipboard
SSDeep 48:n0yvv/3r9+HOtjLdK4zqdZT5GhnJwdnWNcSiqp9gLcEKtm3f3FUc8wlA:n/vXBtjLg34F+dnWlpeLcgUpw6 Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
5/5
C:\$Recycle.Bin\S-1-5-21-3388679973-3930757225-3770151564-1000\desktop.ini.id-9C354B42.[admin@spacedatas.com].ROGER Dropped File Stream
Unknown
»
Mime Type application/octet-stream
File Size 378 bytes
MD5 ab4c2930d5d4bc306c293a3757dcc60e Copy to Clipboard
SHA1 749989fc5fa82efd348f8afa1d5ed7718f73e2d4 Copy to Clipboard
SHA256 5517ddd7f3986e05132e9911e18190e8ce35822de1c86e5b6631188dece41806 Copy to Clipboard
SSDeep 6:KXBFoNB+nfmua7sbvtnc6WC7gT2Ke6lkoi10HWP9pd9Rb9S7D:qk+C7sLV3s2ojU0HWd9l9S7D Copy to Clipboard
C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\ExcelMUI.msi.id-9C354B42.[admin@spacedatas.com].ROGER Dropped File Stream
Unknown
»
Mime Type application/octet-stream
File Size 3.14 MB
MD5 39df7949462f9c6811ee281e0435be62 Copy to Clipboard
SHA1 10f88819e3dc394d2d8959e31c28ddd0d8967a1c Copy to Clipboard
SHA256 6649552ecb237f67d812852d5e05a1ac07481aca928f58d137cb2c869fe47a99 Copy to Clipboard
SSDeep 49152:zDxL8QBo0Tex4S120ytJyqpm8iwiQdZky9Mqf:zR89t1SpDisj9Mc Copy to Clipboard
C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\PowerPointMUI.msi.id-9C354B42.[admin@spacedatas.com].ROGER Dropped File Stream
Unknown
»
Mime Type application/octet-stream
File Size 3.14 MB
MD5 c95d12ef8df958fa20c613db64ba60e6 Copy to Clipboard
SHA1 b927cec6a8107aceb4a6c5a94682f050349dd691 Copy to Clipboard
SHA256 3808520df56c0e00e2b2cd36bba895ed69914a85393f2c8cede9b7bcbeefa068 Copy to Clipboard
SSDeep 49152:zDxL8QBo6Tex4S120ytJyWgc88OCYtHeoh1ccZYG/3:zR89j1ugvyCN5f Copy to Clipboard
C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\ExcelLR.cab.id-9C354B42.[admin@spacedatas.com].ROGER Dropped File Stream
Unknown
»
Mime Type application/octet-stream
File Size 16.94 MB
MD5 2fb10a322517f7cbfb3a6cfe3f7ec571 Copy to Clipboard
SHA1 f50dbea0bf05e4a4f73abb265fef52fa43db4e07 Copy to Clipboard
SHA256 5ef870f132dab830dd5380a5f66f2db9ead790ee6610fc191c638c2aecd616a4 Copy to Clipboard
SSDeep 196608:6a8A7fKP0ReD0wXKLUEfRrDXP2ifogB2jHcSBLWiyvyWJRMLhdPWfi:6aRDKP0q0wM9JrL2ifJcjhW/6vL3Ai Copy to Clipboard
C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\PptLR.cab.id-9C354B42.[admin@spacedatas.com].ROGER Dropped File Stream
Unknown
»
Mime Type application/octet-stream
File Size 67.85 MB
MD5 6b078cbccbab0d5edeaa1d85f11ba58a Copy to Clipboard
SHA1 66820f091ea72f244d2d2019748cbda0b7b9702d Copy to Clipboard
SHA256 7597007b7fd82fa6fc079ad255cc80561c20be4bc515df7968b4b0e377292774 Copy to Clipboard
SSDeep 196608:H4KKCX5FvaeoDcBdxmOJR7nxOKOmE7dzaNQwr:H4KKCX5FvaVczxmUJnYSE7dzAT Copy to Clipboard
C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\PublisherMUI.msi.id-9C354B42.[admin@spacedatas.com].ROGER Dropped File Stream
Unknown
»
Mime Type application/octet-stream
File Size 3.15 MB
MD5 c55c9fd2a997f1566ea490bbe98f2180 Copy to Clipboard
SHA1 fa8110e4d5398d3a22f497dfb6b938c8d8dd7779 Copy to Clipboard
SHA256 e735d5eb6192ab56095fc846efd3b24d5b9c68459fcb2270a07eddb13108994e Copy to Clipboard
SSDeep 49152:zDxL8QBonTex4S120ytJydHkaRYjOaGgDmm+wEY:zR89K1VEpjtPFEY Copy to Clipboard
C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\PubLR.cab.id-9C354B42.[admin@spacedatas.com].ROGER Dropped File Stream
Unknown
»
Mime Type application/octet-stream
File Size 10.25 MB
MD5 c95888a2fe0683155efe70b4f5c99f31 Copy to Clipboard
SHA1 17c48a137328082c4864256218c1b88a84b0bb4f Copy to Clipboard
SHA256 9282d48d712e3cad74b423d4a6dfe205e240b9d850312fb1d816330ec9031088 Copy to Clipboard
SSDeep 196608:aPUvTYpH9RBl/tus7o4L7tZiTnp/jE4U/bxlLRx+gU:MUvTiNhU4L7tZiTnprP0txRsgU Copy to Clipboard
C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\OutlkLR.cab.id-9C354B42.[admin@spacedatas.com].ROGER Dropped File Stream
Unknown
»
Mime Type application/octet-stream
File Size 14.88 MB
MD5 0132354deb06c352353675fce278a129 Copy to Clipboard
SHA1 82f447263c0d4d83d398af15034413083edcbc35 Copy to Clipboard
SHA256 8e5451128ff68d309300dd54c2a3bb83f196e6fefb39f1e8d6b7c24b8a6f7307 Copy to Clipboard
SSDeep 196608:TIwm3nNVAl+ig71eZ8FclBElWHEbyLbyo9crpLlR8ioLO0ZF9CrpbQ:OL71eiFge/GHyo2rpLkcoCrpbQ Copy to Clipboard
C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\WordLR.cab.id-9C354B42.[admin@spacedatas.com].ROGER Dropped File Stream
Unknown
»
Mime Type application/octet-stream
File Size 42.53 MB
MD5 4fb6c079967f604d4b8cdf477caf6de0 Copy to Clipboard
SHA1 a8777ca0e49e5d98d01a6b007c7b62b5dffb5b63 Copy to Clipboard
SHA256 9fac05c1ffc4b8060b0a5b942d35cc90c0bff012af1a00a6712c6d03018b083f Copy to Clipboard
SSDeep 196608:MaurJM4k8IMj3kMxfGbWaxJMKMA4JxuiNQG3A2r7rfiSFhysD8uxDxKj:EOn8IQkM2BFEx96G3AUf7FnzKj Copy to Clipboard
C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\OutlookMUI.msi.id-9C354B42.[admin@spacedatas.com].ROGER Dropped File Stream
Unknown
»
Mime Type application/octet-stream
File Size 3.48 MB
MD5 b21c9a8c55d397351918f59113484fe8 Copy to Clipboard
SHA1 2a3e973f4f69fd01b7f5b914c33f33bd71476734 Copy to Clipboard
SHA256 20dcf2036ecc4e6b420123b2512154d8149fde08f39e9043e15a42ef90d9a93e Copy to Clipboard
SSDeep 49152:fHYLL/WoWLljb1R6rOSN20yRJ6Jb6iVIfDcnY:fqLVW6vFbxVI7cnY Copy to Clipboard
C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\WordMUI.msi.id-9C354B42.[admin@spacedatas.com].ROGER Dropped File Stream
Unknown
»
Mime Type application/octet-stream
File Size 3.16 MB
MD5 50ac83a61ae3d057b23787762876feb7 Copy to Clipboard
SHA1 0146eb89c47a927453d5027e323555839c6ac92d Copy to Clipboard
SHA256 496e8584470ba27d207a8b047c1d54c1000ff38469d7cdad9adcb73b2256b2d8 Copy to Clipboard
SSDeep 49152:zDxL8QBoSTex4S120ytJy88YQZfx4w4Jta8oS:zR89r105QQlgS Copy to Clipboard
C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.en\Proof.cab.id-9C354B42.[admin@spacedatas.com].ROGER Dropped File Stream
Unknown
»
Mime Type application/octet-stream
File Size 11.70 MB
MD5 052b4a3aaf24e1879297e0f1408c7662 Copy to Clipboard
SHA1 ccf2d2087988828f8117c27f1ec3ccaf4b5b926d Copy to Clipboard
SHA256 6c23fd16b44e1eefdf52ac7ad99a1fc46a9b4b3e77c6643dd26d1ad79a2d1021 Copy to Clipboard
SSDeep 196608:Vf1gRyjQR9g8YYIcjfXontQdQGzFZaGkGdN7p06H1JX/WanfW/OIV0h:V1WbR9YY5AJGBZWGRz1kaza0h Copy to Clipboard
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\ADO210.CHM.id-9C354B42.[admin@spacedatas.com].ROGER Dropped File Stream
Unknown
»
Mime Type application/octet-stream
File Size 2.35 MB
MD5 865a1b94163a97d81d4b424ef53cd9ce Copy to Clipboard
SHA1 242a2a72b0313b8ad8ab11387d9c99924da576a4 Copy to Clipboard
SHA256 4b08451e13fb41add6efd14576b3f62a952d6ef4685b742c4239265e35bc818d Copy to Clipboard
SSDeep 49152:R0opH/cgHa3HRxz+4g6QWWC+uFKMizmd3DolFnh:R0op1Har+LNlMoeoh Copy to Clipboard
C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.fr\Proof.cab.id-9C354B42.[admin@spacedatas.com].ROGER Dropped File Stream
Unknown
»
Mime Type application/octet-stream
File Size 20.84 MB
MD5 3d0e1f18676626331ffefafe53b18248 Copy to Clipboard
SHA1 80d370bf723a4b00b769c1a7266d63de82280ab0 Copy to Clipboard
SHA256 9ceac29cec7a9772266c3c6ed68bc7f25dcb38c12c388fe9f21e58890e9cf26f Copy to Clipboard
SSDeep 196608:PFNUxdiOm1j3/abCsYwFOSQo2pWDOQs4hW6s63HS:qPmN3/abtYIQoROQ93RS Copy to Clipboard
C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.es\Proof.cab.id-9C354B42.[admin@spacedatas.com].ROGER Dropped File Stream
Unknown
»
Mime Type application/octet-stream
File Size 13.76 MB
MD5 42ac6eff5aa1dad153cb32ec3d616e43 Copy to Clipboard
SHA1 8d8693b1d4aa27f2f48345e6f2e760c5f205d163 Copy to Clipboard
SHA256 b8984acb419b90aab0f7fd9addaa90b10847e75aeaabfde74fc133085adf3455 Copy to Clipboard
SSDeep 196608:Yu6eDsIwHBL4B9lCzT2bOgcDuihGYrLpVUBJ/7HAFGtNy6aMhnRTU+:WqsIwHNB26gVE7e/7JNMM5RTU+ Copy to Clipboard
C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\OWOW32LR.cab.id-9C354B42.[admin@spacedatas.com].ROGER Dropped File Stream
Unknown
»
Mime Type application/octet-stream
File Size 3.54 MB
MD5 cd91bbb2814f85a02c94404c92a68b11 Copy to Clipboard
SHA1 a565e7897c2aae2ba7ff8d1ee88680299fe693b6 Copy to Clipboard
SHA256 427784bda24b9cd73b4ef53b2940f8ebfafd27e1d958d65d875bab480ea50a39 Copy to Clipboard
SSDeep 98304:zDMUwxyODPFhbY12HLodiF4+5rivqk2wy8NAhv:z4UwVthio4iJwy8N0 Copy to Clipboard
C:\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\InfLR.cab.id-9C354B42.[admin@spacedatas.com].ROGER Dropped File Stream
Unknown
»
Mime Type application/octet-stream
File Size 18.75 MB
MD5 52565d61713eb85013a2391d497a3f47 Copy to Clipboard
SHA1 a95bbf3a149e577114490960b0e09d488ca29d78 Copy to Clipboard
SHA256 5d859fc00e09dbebac9809b009b34ebb0f1302f9f7e96738c943aa66a28773b8 Copy to Clipboard
SSDeep 12288:oJ8DOp5OZKel2D/3cFTU4D/iB0QN0YYp06hSjR68:C4OpUKelCYTtDq/xYpl8Fh Copy to Clipboard
Function Logfile
Exit-Icon

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".


    
Before

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".


    
After

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".


    
Screenshot
Expand-Icon
Exit-Icon
icon_left
icon_left
image