5a612b52...9af3 | Files
Try VMRay Analyzer
VTI SCORE: 100/100
Dynamic Analysis Report
Classification: Ransomware, Wiper, Trojan

Remarks

(0x200001e): The maximum size of extracted files was exceeded. Some files may be missing in the report.

(0x200001d): The maximum number of extracted files was exceeded. Some files may be missing in the report.

Master Boot Record Changes
»
Sector Number Sector Size Actions
2063 512 bytes
Filters:
Filename Category Type Severity Actions
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\rruzcj.exe Sample File Binary
Malicious
»
Mime Type application/vnd.microsoft.portable-executable
File Size 306.50 KB
MD5 de1e6f096dab622d280201d90ac06a3c Copy to Clipboard
SHA1 eb3898cbca533474d44f24564b8512ee2f8d4859 Copy to Clipboard
SHA256 5a612b52f7180a4ba37ae9dd2998a02f34939730bd60b5f2753137a0a4a69af3 Copy to Clipboard
SSDeep 6144:HL5vL7aTExxjYvPFP7chX8hJ+nelBpVFCaxw5O5K1EMfLd4Wsmw:HLla8JYPFPu8J+enpqaPK1EMfLd4W5 Copy to Clipboard
ImpHash 7876ea88c3b4ba2071eec952b61634d0 Copy to Clipboard
File Reputation Information
»
Severity
Suspicious
First Seen 2019-06-09 11:06 (UTC+2)
Last Seen 2019-06-09 11:12 (UTC+2)
Names Win32.Trojan.Kryptik
Families Kryptik
Classification Trojan
PE Information
»
Image Base 0x400000
Entry Point 0x406d18
Size Of Code 0x23a00
Size Of Initialized Data 0x77a00
File Type FileType.executable
Subsystem Subsystem.windows_gui
Machine Type MachineType.i386
Compile Timestamp 2018-01-07 09:53:17+00:00
Version Information (1)
»
FileVersion 1.0.0.1
Sections (5)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x401000 0x23870 0x23a00 0x400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.86
.rdata 0x425000 0x258a 0x2600 0x23e00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 5.55
.data 0x428000 0x50b78 0x1000 0x26400 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 2.13
.rsrc 0x479000 0x23810 0x23a00 0x27400 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 6.41
.reloc 0x49d000 0x1abc 0x1c00 0x4ae00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ 2.71
Imports (4)
»
KERNEL32.dll (68)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetThreadPriority 0x0 0x425014 0x26e0c 0x25c0c 0x261
GetModuleHandleA 0x0 0x425018 0x26e10 0x25c10 0x1f6
GetThreadTimes 0x0 0x42501c 0x26e14 0x25c14 0x264
SetCommMask 0x0 0x425020 0x26e18 0x25c18 0x39e
LCMapStringA 0x0 0x425024 0x26e1c 0x25c1c 0x2e1
GetStringTypeW 0x0 0x425028 0x26e20 0x25c20 0x240
MultiByteToWideChar 0x0 0x42502c 0x26e24 0x25c24 0x31a
GetStringTypeA 0x0 0x425030 0x26e28 0x25c28 0x23d
TransmitCommChar 0x0 0x425034 0x26e2c 0x25c2c 0x438
GetProcAddress 0x0 0x425038 0x26e30 0x25c30 0x220
GetStdHandle 0x0 0x42503c 0x26e34 0x25c34 0x23b
GetFileAttributesW 0x0 0x425040 0x26e38 0x25c38 0x1ce
TerminateProcess 0x0 0x425044 0x26e3c 0x25c3c 0x42d
TerminateThread 0x0 0x425048 0x26e40 0x25c40 0x42e
GlobalAlloc 0x0 0x42504c 0x26e44 0x25c44 0x285
OpenProcess 0x0 0x425050 0x26e48 0x25c48 0x333
GetModuleHandleW 0x0 0x425054 0x26e4c 0x25c4c 0x1f9
GetCurrentProcess 0x0 0x425058 0x26e50 0x25c50 0x1a9
GetDriveTypeW 0x0 0x42505c 0x26e54 0x25c54 0x1bb
GetModuleHandleExA 0x0 0x425060 0x26e58 0x25c58 0x1f7
LCMapStringW 0x0 0x425064 0x26e5c 0x25c5c 0x2e3
ExitProcess 0x0 0x425068 0x26e60 0x25c60 0x104
GetLocaleInfoA 0x0 0x42506c 0x26e64 0x25c64 0x1e8
HeapSize 0x0 0x425070 0x26e68 0x25c68 0x2a6
IsValidCodePage 0x0 0x425074 0x26e6c 0x25c6c 0x2db
GetOEMCP 0x0 0x425078 0x26e70 0x25c70 0x213
GetACP 0x0 0x42507c 0x26e74 0x25c74 0x152
GetCPInfo 0x0 0x425080 0x26e78 0x25c78 0x15b
GetLastError 0x0 0x425084 0x26e7c 0x25c7c 0x1e6
HeapFree 0x0 0x425088 0x26e80 0x25c80 0x2a1
HeapReAlloc 0x0 0x42508c 0x26e84 0x25c84 0x2a4
HeapAlloc 0x0 0x425090 0x26e88 0x25c88 0x29d
Sleep 0x0 0x425094 0x26e8c 0x25c8c 0x421
GetCommandLineA 0x0 0x425098 0x26e90 0x25c90 0x16f
GetStartupInfoA 0x0 0x42509c 0x26e94 0x25c94 0x239
RtlUnwind 0x0 0x4250a0 0x26e98 0x25c98 0x392
UnhandledExceptionFilter 0x0 0x4250a4 0x26e9c 0x25c9c 0x43e
SetUnhandledExceptionFilter 0x0 0x4250a8 0x26ea0 0x25ca0 0x415
IsDebuggerPresent 0x0 0x4250ac 0x26ea4 0x25ca4 0x2d1
HeapCreate 0x0 0x4250b0 0x26ea8 0x25ca8 0x29f
VirtualFree 0x0 0x4250b4 0x26eac 0x25cac 0x457
DeleteCriticalSection 0x0 0x4250b8 0x26eb0 0x25cb0 0xbe
LeaveCriticalSection 0x0 0x4250bc 0x26eb4 0x25cb4 0x2ef
EnterCriticalSection 0x0 0x4250c0 0x26eb8 0x25cb8 0xd9
VirtualAlloc 0x0 0x4250c4 0x26ebc 0x25cbc 0x454
TlsGetValue 0x0 0x4250c8 0x26ec0 0x25cc0 0x434
TlsAlloc 0x0 0x4250cc 0x26ec4 0x25cc4 0x432
TlsSetValue 0x0 0x4250d0 0x26ec8 0x25cc8 0x435
TlsFree 0x0 0x4250d4 0x26ecc 0x25ccc 0x433
InterlockedIncrement 0x0 0x4250d8 0x26ed0 0x25cd0 0x2c0
SetLastError 0x0 0x4250dc 0x26ed4 0x25cd4 0x3ec
GetCurrentThreadId 0x0 0x4250e0 0x26ed8 0x25cd8 0x1ad
InterlockedDecrement 0x0 0x4250e4 0x26edc 0x25cdc 0x2bc
WriteFile 0x0 0x4250e8 0x26ee0 0x25ce0 0x48d
GetModuleFileNameA 0x0 0x4250ec 0x26ee4 0x25ce4 0x1f4
LoadLibraryA 0x0 0x4250f0 0x26ee8 0x25ce8 0x2f1
InitializeCriticalSectionAndSpinCount 0x0 0x4250f4 0x26eec 0x25cec 0x2b5
FreeEnvironmentStringsA 0x0 0x4250f8 0x26ef0 0x25cf0 0x14a
GetEnvironmentStrings 0x0 0x4250fc 0x26ef4 0x25cf4 0x1bf
FreeEnvironmentStringsW 0x0 0x425100 0x26ef8 0x25cf8 0x14b
WideCharToMultiByte 0x0 0x425104 0x26efc 0x25cfc 0x47a
GetEnvironmentStringsW 0x0 0x425108 0x26f00 0x25d00 0x1c1
SetHandleCount 0x0 0x42510c 0x26f04 0x25d04 0x3e8
GetFileType 0x0 0x425110 0x26f08 0x25d08 0x1d7
QueryPerformanceCounter 0x0 0x425114 0x26f0c 0x25d0c 0x354
GetTickCount 0x0 0x425118 0x26f10 0x25d10 0x266
GetCurrentProcessId 0x0 0x42511c 0x26f14 0x25d14 0x1aa
GetSystemTimeAsFileTime 0x0 0x425120 0x26f18 0x25d18 0x24f
USER32.dll (6)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ShowScrollBar 0x0 0x425138 0x26f30 0x25d30 0x2b5
LoadImageA 0x0 0x42513c 0x26f34 0x25d34 0x1d8
EndPaint 0x0 0x425140 0x26f38 0x25d38 0xd5
IsIconic 0x0 0x425144 0x26f3c 0x25d3c 0x1bd
GetFocus 0x0 0x425148 0x26f40 0x25d40 0x124
SetPropA 0x0 0x42514c 0x26f44 0x25d44 0x28f
GDI32.dll (4)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetEnhMetaFileHeader 0x0 0x425000 0x26df8 0x25bf8 0x1be
GetMapMode 0x0 0x425004 0x26dfc 0x25bfc 0x1d7
SetMapperFlags 0x0 0x425008 0x26e00 0x25c00 0x27c
AnimatePalette 0x0 0x42500c 0x26e04 0x25c04 0x9
SHELL32.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ShellExecuteW 0x0 0x425128 0x26f20 0x25d20 0x118
Shell_NotifyIconA 0x0 0x42512c 0x26f24 0x25d24 0x122
ShellExecuteExA 0x0 0x425130 0x26f28 0x25d28 0x116
Exports (2)
»
Api name EAT Address Ordinal
MyFunc31 0x1280 0x1
MyFunc32 0x1290 0x2
Icons (4)
»
Memory Dumps (1)
»
Name Process ID Start VA End VA Dump Reason PE Rebuilds Bitness Entry Points AV YARA Actions
rruzcj.exe 1 0x00400000 0x0049EFFF Relevant Image - 32-bit - False False
Local AV Matches (1)
»
Threat Name Severity
Gen:Variant.Ulise.37281
Malicious
C:\Boot\BOOTSTAT.DAT.id-9C354B42.[restdoc@protonmail.com].zoh Dropped File Stream
Malicious
»
Mime Type application/octet-stream
File Size 64.25 KB
MD5 d7e4ca859665f98e6b5b7c37bc882447 Copy to Clipboard
SHA1 f2156875ff17dd0eff8a861b8112775a170776ab Copy to Clipboard
SHA256 71d94ffacd765d3f6be031a048addcef8791edcf13a552df8dc939d206be14b3 Copy to Clipboard
SSDeep 1536:oGQCRIAzvTMyGE6jsM4zvCkdNaeAqR0MisowkbokV2XwX5OkuCC:oiRn4FI/zaCaefRzishk0ksAxC Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Severity Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
Malicious
C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[restdoc@protonmail.com].zoh Dropped File Stream
Malicious
»
Mime Type application/octet-stream
File Size 2.47 KB
MD5 feb3ca09030e0df4130dadd400f1da49 Copy to Clipboard
SHA1 213782dfb7a3fcdbcfa129173f1c9280ce5a232e Copy to Clipboard
SHA256 0aa0cf62c19156dfa608b98a1d6e69929fc3ae20bdd4ccf8f30b3567d5367f7d Copy to Clipboard
SSDeep 48:pM+7I3nhd0LThqqS6xMst9Li9dgcp3xmD7T1K98Cnae4Q/UKaY27F:a+KURS6xMsbC3xAT1W8s4Q/UKaf5 Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Severity Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
Malicious
C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[restdoc@protonmail.com].zoh Dropped File Stream
Malicious
»
Mime Type application/octet-stream
File Size 2.07 KB
MD5 051708c219c52186069332b2ed443a62 Copy to Clipboard
SHA1 4a62e223204d7647eb56189993d2fe16e7b68798 Copy to Clipboard
SHA256 e2b4e6120d4322dc8e7b585769968d31f1788883712f0be0e0193437d118889b Copy to Clipboard
SSDeep 48:U5TBW26PcOxaZv40MEbqu1nvnKNZN+rZLfSmbIfZLj2ViYv7F:Axh1winvnKNZMFSNLzK5 Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Severity Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
Malicious
C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\PowerPointMUI.xml.id-9C354B42.[restdoc@protonmail.com].zoh Dropped File Stream
Malicious
»
Mime Type application/octet-stream
File Size 1.66 KB
MD5 41cab2ab83296b372279af5d47e0c361 Copy to Clipboard
SHA1 de0ceef3c1eddb7a086e9352367b1580092ee803 Copy to Clipboard
SHA256 a786eaa36f68236f52e838be48cff88defbb791a44f4291096ba650b7eb7a828 Copy to Clipboard
SSDeep 48:OY7Ks8GAAIEdLFM1EnuxUaNVqMBnCZ9FFgriv/jKte2m7V:8sOn3kkn6juiv/ZJ Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Severity Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
Malicious
C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\ExcelMUI.xml.id-9C354B42.[restdoc@protonmail.com].zoh Dropped File Stream
Malicious
»
Mime Type application/octet-stream
File Size 1.76 KB
MD5 d23822e197b42b74d057d5488e35a412 Copy to Clipboard
SHA1 8acf16d953773a37d23d552518332b1259c636e1 Copy to Clipboard
SHA256 91ec3901d6730e7b05dd7b0f7b867b5f235fb40192e7c944d51cbdcc4fdecb85 Copy to Clipboard
SSDeep 48:MH2Zy/niu6Q3Hb8uEA/f0RmYpUubUe2GF7r:sow6QiFmvubX3 Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Severity Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
Malicious
C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\OutlookMUI.xml.id-9C354B42.[restdoc@protonmail.com].zoh Dropped File Stream
Malicious
»
Mime Type application/octet-stream
File Size 3.36 KB
MD5 02fefcc423b586e09844f51252be04af Copy to Clipboard
SHA1 d186955a8a8d3430452704c8ff294c04607284ed Copy to Clipboard
SHA256 a53193c57fa15bc410b5ac3aed6105195dd11f19894fecbb70181357a3a0c070 Copy to Clipboard
SSDeep 96:ft9ebYbgX/W93OwtmeuzMOdlc7uS8QmcnLvEAL:6bYb0gXXWDKt Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Severity Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
Malicious
C:\BOOTSECT.BAK.id-9C354B42.[restdoc@protonmail.com].zoh Dropped File Stream
Malicious
»
Mime Type application/octet-stream
File Size 8.25 KB
MD5 f73044504780f881566f23c4dda97461 Copy to Clipboard
SHA1 f1becafb0753d2f65ffeb9ef018ba64049e378d6 Copy to Clipboard
SHA256 c7caee26d95f30b0f0c9fad78eec899512696ffbf4fa185cbc1ff1ff9fb46f11 Copy to Clipboard
SSDeep 192:3n3EjNDCRcDgq3XhnFmGUvoR1XNoGfGhHOP4xUZpArvdpE9C:nEFCRcf3Rn0GUmdo5dyPAhi9C Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Severity Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
Malicious
C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[restdoc@protonmail.com].zoh Dropped File Stream
Malicious
»
Mime Type application/octet-stream
File Size 1.80 KB
MD5 add512e5d8f4129381110a52bca41467 Copy to Clipboard
SHA1 a646ea6928e37be937b243429b3f8144ef15c0a4 Copy to Clipboard
SHA256 7474f0d90c772bdbd0b91e295c7732d542dedcbca89e186a14b87717c80315d7 Copy to Clipboard
SSDeep 48:1XNp2renuFyWEqcCFf1g+2cU8O9rItCQK4+venMV0XWgNihYE7F:ZSeulOEU8GItCQKvveMVUV8hN5 Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Severity Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
Malicious
C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\PublisherMUI.xml.id-9C354B42.[restdoc@protonmail.com].zoh Dropped File Stream
Malicious
»
Mime Type application/octet-stream
File Size 1.66 KB
MD5 c4c931c955ce08333e258d642041cc43 Copy to Clipboard
SHA1 11ba660a585901aaab8f3c6dc23f3b23ea87a419 Copy to Clipboard
SHA256 996b40bc6ea015fbe4f709ef511ecac7789186a2d8da4abe4010453876f4cdae Copy to Clipboard
SSDeep 48:e6ljXFPs2G8EYulru4yBueZyRmABJfqLUnHe2x7T:e6lJPsQUlq9lyRm4JfgI3f Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Severity Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
Malicious
C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.en\Proof.xml.id-9C354B42.[restdoc@protonmail.com].zoh Dropped File Stream
Malicious
»
Mime Type application/octet-stream
File Size 1.55 KB
MD5 d907f6915bad4bb9dd7d5837e5a21ddf Copy to Clipboard
SHA1 4838da4dcd534ee68969b2c547ca6a75e6b60d3f Copy to Clipboard
SHA256 ff5e30940363d8d42be4d9f677d66db5d8754f031081ce5bdad614364ac5c853 Copy to Clipboard
SSDeep 24:1IcFajqub+mf02/OCjID2XdoBJxyArRIknllk+/6rF8a5CckI9cd+yXeoF:1xOCmf0244gJxymISlvyt5C8P27F Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Severity Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
Malicious
C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.es\Proof.xml.id-9C354B42.[restdoc@protonmail.com].zoh Dropped File Stream
Malicious
»
Mime Type application/octet-stream
File Size 1.66 KB
MD5 e15e397c51d3baf101e4c99d5a664e72 Copy to Clipboard
SHA1 ca0a1b38ca4fe44f6f2e7c784323718e91f01270 Copy to Clipboard
SHA256 8ab23ad6ab46915ddbd5ad4f4db9143647fb69f8983bef5d714a745f72c8b827 Copy to Clipboard
SSDeep 48:2so8JYjNi+b1CVkda3iWVSUKRHP9w7N2pi7F:2sVeNfh5a3iMS5q95 Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Severity Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
Malicious
C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.fr\Proof.xml.id-9C354B42.[restdoc@protonmail.com].zoh Dropped File Stream
Malicious
»
Mime Type application/octet-stream
File Size 1.66 KB
MD5 dd9a22eeacee7f785b3138a2f0d7c99a Copy to Clipboard
SHA1 47708aa6374f457c2c1a1c146c9ec5395e3bf7a0 Copy to Clipboard
SHA256 bc422763817b07ce483c74f9c6c988e744acebbd4f259faa65912c3f3fdfc3c8 Copy to Clipboard
SSDeep 48:LNiAVapbXy0SN1nXrIekCkHGF3x3Hsw+MAwMel87F:L4AcpJQVrTkmFhcwNQeq5 Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Severity Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
Malicious
C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[restdoc@protonmail.com].zoh Dropped File Stream
Malicious
»
Mime Type application/octet-stream
File Size 4.33 KB
MD5 e6ea9ba7b57669775220743b0759bdcc Copy to Clipboard
SHA1 9b13e8624ecc3f390da2e1b42c5409ae6093cc1f Copy to Clipboard
SHA256 369a3f7a632006005401095545999bd3c36508f5b1ef61f35ac1c846301cabdb Copy to Clipboard
SSDeep 96:Zk6ZvMKdjRQMwlt5ZAoJacn+T4e/gDP7640xevXdpb5:ZDUWWJ5ZjZ+T1/EPqmtD Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Severity Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
Malicious
C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[restdoc@protonmail.com].zoh Dropped File Stream
Malicious
»
Mime Type application/octet-stream
File Size 5.97 KB
MD5 5f9f105b1348a389b831ddc56dc596ae Copy to Clipboard
SHA1 09241f32c85d36d24b5ab663e2fb578d6965382e Copy to Clipboard
SHA256 92f6ad561ac06793c08e24040cf45cec413af0e5d22fadbb930473e8b250d704 Copy to Clipboard
SSDeep 96:9A4ecTIUmCfcEnxFKC0FxqInlHo6NfNvsHOiIgPBQHRlcpvlsLq/4jEu5:5Rm4ccKBnZnlHo6N1vsHyeBARlcpvCmW Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Severity Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
Malicious
C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\Office32MUI.xml.id-9C354B42.[restdoc@protonmail.com].zoh Dropped File Stream
Malicious
»
Mime Type application/octet-stream
File Size 1.60 KB
MD5 6386baaa734730045cbbd4b2dbf74a23 Copy to Clipboard
SHA1 0a5e7d24f0b3e9a29780309b2646511ab16376f4 Copy to Clipboard
SHA256 0f0e45c22a98bfd9ffb6e15a967339a21c3d3a4b3591a2ab5e8be62a07bbebef Copy to Clipboard
SSDeep 24:fm3W92/gi1w6BI5yD3d3HpXEKu8df+GU9mIZCS5Apnk2le2yoM7eop:RtQGiVJUwV3IZls1e2BI7p Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Severity Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
Malicious
C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[restdoc@protonmail.com].zoh Dropped File Stream
Malicious
»
Mime Type application/octet-stream
File Size 2.54 KB
MD5 0450846d0ec59bb14407055ab32f944b Copy to Clipboard
SHA1 5afd1a886c03c8bb12588638d9bfd8acb1c8a9aa Copy to Clipboard
SHA256 b2544a1f72ea35a328633c1679b74e94468a0b0b496a3b55cc55c8d34cad660a Copy to Clipboard
SSDeep 48:SJ1cJXU073f5S3VCZdwf6eq2YeycQ9yO1o/j9KdQP/1lAMYL7F:SDcX73fpwf6TkOS79jX1KMm5 Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Severity Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
Malicious
C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\WordMUI.xml.id-9C354B42.[restdoc@protonmail.com].zoh Dropped File Stream
Malicious
»
Mime Type application/octet-stream
File Size 1.99 KB
MD5 c1ede5b2eae5cf0211859492ad7bece3 Copy to Clipboard
SHA1 70c863bf3e7a7de5dc32b5463ab320faa06071d7 Copy to Clipboard
SHA256 34a946dca9020a823c6119816a18c59e54ca96aaf362c5d797df240de8a586ff Copy to Clipboard
SSDeep 48:rXbfT6Z71OJtchYMUKd7W28DoyulzvT9Ze2WYj7B:brT6JIJtbMbo2EoyyvTvjN Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Severity Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
Malicious
C:\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[restdoc@protonmail.com].zoh Dropped File Stream
Malicious
»
Mime Type application/octet-stream
File Size 2.04 KB
MD5 20a18d4805cc80225c1959daf68e2cab Copy to Clipboard
SHA1 32e3f4769ead56f0d434ad4be7cb02e5d30cac02 Copy to Clipboard
SHA256 c593e86e6bd4e619e5ed10fe1cf78e52b67f685dacbf5d4210abf21ec7cb3c4f Copy to Clipboard
SSDeep 24:ix6KaqXBTs7GyAWQWJQg+LiW/sC26Zk7Q0W4T87f3fd1cZ7V7MryY1E5AkdtQito:jmlMvYLQIN0H8zfEvMxEeQjYj7F Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Severity Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
Malicious
C:\MSOCache\All Users\{90140000-0054-0409-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[restdoc@protonmail.com].zoh Dropped File Stream
Malicious
»
Mime Type application/octet-stream
File Size 6.33 KB
MD5 f2f1013e533749af281bd818218f879a Copy to Clipboard
SHA1 5b4d6f60a6afd38fb2a666380f7b12bc36ae1967 Copy to Clipboard
SHA256 01036affebf0e303a6aaaa45642741d3efc16f9256866abf843633fd3f04d3a9 Copy to Clipboard
SSDeep 192:T2XHWwwJt9nEV9t+sSFDe+/dOYTYKRh68c:SHNwj9nEEFNEY8OVc Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Severity Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
Malicious
C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[restdoc@protonmail.com].zoh Dropped File Stream
Malicious
»
Mime Type application/octet-stream
File Size 2.60 KB
MD5 1fa173d736a69cdbe9a3ac02c4b886b3 Copy to Clipboard
SHA1 0f4e6521ee089e4bfd79e3e6f643c678b4a7b176 Copy to Clipboard
SHA256 b1aaa9aa80062af1fafb08ab099bbf21f6ece989281551c63d3d2ae156c93266 Copy to Clipboard
SSDeep 48:Y+d1+rGbt+EInNeQyraPFUk7s2quylRePs95Nx3+ytqOW/7Y57F:Yy+rGbDIsQFtU+byreU95Nh+KW/7Q5 Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Severity Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
Malicious
C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proofing.xml.id-9C354B42.[restdoc@protonmail.com].zoh Dropped File Stream
Malicious
»
Mime Type application/octet-stream
File Size 1.03 KB
MD5 dca0db349280d700d4c72ecfef8f046a Copy to Clipboard
SHA1 6f7434383abc2d3480195ca073429d5a3d158ef7 Copy to Clipboard
SHA256 ebf44eb8e9d0c6dc1d442ec97c9a8cd2c0fd747b53bc656fc819c949e0647db8 Copy to Clipboard
SSDeep 24:zoLkP0llPbDoLoguQxneybrK33CCCjHy/eor:zYP79GbrK33CCSHq7r Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Severity Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
Malicious
C:\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\InfoPathMUI.xml.id-9C354B42.[restdoc@protonmail.com].zoh Dropped File Stream
Malicious
»
Mime Type application/octet-stream
File Size 1.44 KB
MD5 dd27ae5cef303fb03213a6145b1efce2 Copy to Clipboard
SHA1 faf932465d87e86c8979833350941a97ef01e8da Copy to Clipboard
SHA256 5e2a26476e6147bbeb2915bcc6980ff6442c0753295b9361251a635b29a55948 Copy to Clipboard
SSDeep 24:/XidIQyMS2Js6nzKDIQ5IPk7J4jRM0VvrLFtzEg45iSUwt57VX9vQe2yzSeop:/APRjLQiM7J4jRM0hBWgLarX9oe2r7p Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Severity Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
Malicious
C:\MSOCache\All Users\{90140000-0054-0409-1000-0000000FF1CE}-C\VisioMUI.xml.id-9C354B42.[restdoc@protonmail.com].zoh Dropped File Stream
Malicious
»
Mime Type application/octet-stream
File Size 9.51 KB
MD5 04b0bd67825cd8bcd805c0b21016253a Copy to Clipboard
SHA1 3232b67dc2bea6360e534f1017d647dc58765afa Copy to Clipboard
SHA256 000fa95e4336c04f8bfc9715a2f5d3f9c4af4266a34b68af760b522c0f8cbffc Copy to Clipboard
SSDeep 192:pHrq0VRZ3zwVdaKjoijLtEL0mqxNUfD/8oS+X5WSlvzHqWW:pLq0VR1I9joij+i2j9xlvzKWW Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Severity Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
Malicious
C:\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\OneNoteMUI.xml.id-9C354B42.[restdoc@protonmail.com].zoh Dropped File Stream
Malicious
»
Mime Type application/octet-stream
File Size 1.81 KB
MD5 6be9201489b7194cc443cfc29c747a23 Copy to Clipboard
SHA1 da4f0939244969c3ed2b8142dc50f1ed6fef4a30 Copy to Clipboard
SHA256 313c2288cc20d84b98bd22856e35780064a4d411b53b81bf6599b0a694d56846 Copy to Clipboard
SSDeep 48:cUhl9Fu65C4IsQjvCoN2WMh2KTJb5PDY1Ne2F7X:cg/bLhuvCoMh2UJbJDY1JL Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Severity Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
Malicious
C:\MSOCache\All Users\{90140000-00BA-0409-1000-0000000FF1CE}-C\GrooveMUI.xml.id-9C354B42.[restdoc@protonmail.com].zoh Dropped File Stream
Malicious
»
Mime Type application/octet-stream
File Size 1.14 KB
MD5 2fab7c85a5ff496d20dca01640d61f36 Copy to Clipboard
SHA1 65ecb06bb8397adb6bb68a66712431762c6c4fac Copy to Clipboard
SHA256 17dcdd78222ea3ee77d13ba4d0f15933d443992b64e72f9337b09fee057fc6cd Copy to Clipboard
SSDeep 24:x9AFKhEcqp02ePePayytpNhAppU2W5evFBM1eWH1VC0A7rUe2yFFeot:x3udZePeSyybfAbUCEekO0qUe2G7t Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Severity Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
Malicious
C:\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[restdoc@protonmail.com].zoh Dropped File Stream
Malicious
»
Mime Type application/octet-stream
File Size 2.18 KB
MD5 c368fe553689cd8754a434822e88d2b7 Copy to Clipboard
SHA1 6fb7415da0d3164bff086bda82f1f3657c1951ee Copy to Clipboard
SHA256 47c19426fdee05b2468792fa1b63e49ac8185ae4f66197e705047fb96c2b5014 Copy to Clipboard
SSDeep 48:xYrL4xQ1dDdx5+OEFcJEwCik/GyE7YZX4oYH7F:xYfo2Ddr+aJrCUCXjq5 Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Severity Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
Malicious
C:\MSOCache\All Users\{90140000-00B4-0409-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[restdoc@protonmail.com].zoh Dropped File Stream
Malicious
»
Mime Type application/octet-stream
File Size 2.07 KB
MD5 51ede0585aa232a35be55174f7d67aad Copy to Clipboard
SHA1 9c03d5088158fcffec3d04966e47dcd7877b4e1c Copy to Clipboard
SHA256 7b6adca605e80d48d12c56bfbb434348ce29c7bb390bcbdc53949111d24e92f5 Copy to Clipboard
SSDeep 48:4659Szd/r0nT9yVnenlYRp3NbD+pKihrn9BL5FqPLPWWCkkY17F:465wzh0nTI1/+pRr7dFqSkkc5 Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Severity Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
Malicious
C:\MSOCache\All Users\{90140000-00B4-0409-1000-0000000FF1CE}-C\ProjectMUI.xml.id-9C354B42.[restdoc@protonmail.com].zoh Dropped File Stream
Malicious
»
Mime Type application/octet-stream
File Size 1.66 KB
MD5 18efa07eafff0c270111888e03d26ab1 Copy to Clipboard
SHA1 2a161e8c3cf352081c199d54591d760f6d889597 Copy to Clipboard
SHA256 8360c9d6853bf298a066ad1e4c2821440c5354a55bd14ec4885448b1382f2729 Copy to Clipboard
SSDeep 48:jgXH+0YjgsAln6pTvHUt7yoaAmPYuCe2i7X:Uu0YjtSnUvH3XPYuDL Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Severity Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
Malicious
C:\MSOCache\All Users\{90140000-00BA-0409-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[restdoc@protonmail.com].zoh Dropped File Stream
Malicious
»
Mime Type application/octet-stream
File Size 1.65 KB
MD5 504a07a58b2fdaf3331ed3299894798d Copy to Clipboard
SHA1 6159083e799e931a29bfecaf9de7d9bebdfd0103 Copy to Clipboard
SHA256 7dfcb2d43223d06ab442d3f40f179caea6732995c5a7a6bda5d0314fa8ac9d28 Copy to Clipboard
SSDeep 48:nI0zC8o0pY9y/Z41rLP4xC686IBfSzPMEYHaE7F:nIACRYYQZ4dLP4YuIB6zMEWp5 Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Severity Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
Malicious
C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\OfficeMUISet.xml.id-9C354B42.[restdoc@protonmail.com].zoh Dropped File Stream
Malicious
»
Mime Type application/octet-stream
File Size 1.05 KB
MD5 f3abb450e51eaf175f5296d091fa007a Copy to Clipboard
SHA1 7ab2b2e0f63d4a6940ea4e48e87437f94d33d09d Copy to Clipboard
SHA256 d7da0d9a61007c3644f9e99cf919f17ac6ef19128d627424d73fc497adb3d81b Copy to Clipboard
SSDeep 24:H8U80hSWRGOiM09aCSnGWWlOHS2QyFeoT:H8WUWRPM9azklGS2Qw7T Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Severity Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
Malicious
C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\setup.chm.id-9C354B42.[restdoc@protonmail.com].zoh Dropped File Stream
Malicious
»
Mime Type application/octet-stream
File Size 65.85 KB
MD5 7ee2256cc1bb722ea02b096d28dea276 Copy to Clipboard
SHA1 da99aca9265b0c5ed4b85f45e7cd481acd7695ca Copy to Clipboard
SHA256 24f9dfe7da491d3daba8f70e5df8fe57a974a926c57d657832943cf2badd2d0a Copy to Clipboard
SSDeep 1536:2oOmaME8biOgMcEKmtL7z2VGoLrN7OXKcwYhFD8gude1zdP:2hvZ82CcEDSGo3NqXKcwYhFx1V Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Severity Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
Malicious
C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[restdoc@protonmail.com].zoh Dropped File Stream
Malicious
»
Mime Type application/octet-stream
File Size 9.37 KB
MD5 b3154e79df44417501d694cd6fc88898 Copy to Clipboard
SHA1 317ebcebff5cf777079cdd6de9d876075eecbf82 Copy to Clipboard
SHA256 0b2010753b15dcbc08539b4fdc75b1c6135c908b0a67f73c9c075d212cff7b48 Copy to Clipboard
SSDeep 192:Azp+hSvYa7Nhwd4nhG/UvoYJcIBm288Lrd50pvEJPzO:8kSZn/nhVvoYJBmcLrdipv+O Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Severity Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
Malicious
C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\branding.xml.id-9C354B42.[restdoc@protonmail.com].zoh Dropped File Stream
Malicious
»
Mime Type application/octet-stream
File Size 582.61 KB
MD5 2e8d2e6ffe943ab29c71c241bced4827 Copy to Clipboard
SHA1 479546afe1f3762f1a9771ad594a050fa3ed2378 Copy to Clipboard
SHA256 dd6fc006d5b44ed48c5f8ee5dee5b492eed866a1548e91db378dd020975dae52 Copy to Clipboard
SSDeep 12288:mH9y739x+Ut1v72c5sj5Qy5zkg4McMAIGMiovCZPSYB5Aw:ey736UTCcCj5Qy5ggURIGMiovCZPSYBV Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Severity Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
Malicious
C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Access.en-us\branding.xml.id-9C354B42.[restdoc@protonmail.com].zoh Dropped File Stream
Malicious
»
Mime Type application/octet-stream
File Size 582.61 KB
MD5 3ce7d780308a217a5ff811f20401b7e3 Copy to Clipboard
SHA1 9d31dd268616f812f91df64ca509e42174ae0e01 Copy to Clipboard
SHA256 222c33d92c357a50711e757aa462cc4a2764c079ded58d70ee89768ac521f30a Copy to Clipboard
SSDeep 12288:80ZWz2sPY8xx/bw492NXP2W8rQSMrxd9C16ASxl/u+4CbPUa77Fsu5:8ukog2YiNxI+4CbP9t Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Severity Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
Malicious
C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Access.en-us\AccessMUI.xml.id-9C354B42.[restdoc@protonmail.com].zoh Dropped File Stream
Malicious
»
Mime Type application/octet-stream
File Size 1.56 KB
MD5 6f1a34b063e8338d10cc8266d9f5a370 Copy to Clipboard
SHA1 12d87b4313b979038a6a89f650cf46e248d02fb9 Copy to Clipboard
SHA256 42d7adc8a571328b67e120304256f79acd16c6dcfa1e1a322d32ba990d0db168 Copy to Clipboard
SSDeep 48:KK8dSE5lfwMmjgjtVktfXSNvmL014w2vhe227t:v8dbTogjtVAXA+A1f7h Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Severity Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
Malicious
C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[restdoc@protonmail.com].zoh Dropped File Stream
Malicious
»
Mime Type application/octet-stream
File Size 2.80 KB
MD5 87d584746d13e44e03dc9ea9b32edb51 Copy to Clipboard
SHA1 c9ec70a66a70ed8e737519bd4119db67407284e9 Copy to Clipboard
SHA256 1061aed32414d1fc1d1be8eb81ebeb97cc485f7c512f2912e5e1c7a4ad18b4c9 Copy to Clipboard
SSDeep 48:1qStdFoSULqECXwRT21dDor1bQl+C9QjNh5KOEe8izEcPYr17F:w62LqtA12bDor1Ul+hNhdwcP615 Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Severity Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
Malicious
C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\OfficeMUI.xml.id-9C354B42.[restdoc@protonmail.com].zoh Dropped File Stream
Malicious
»
Mime Type application/octet-stream
File Size 5.67 KB
MD5 d1d78dd2f62411a2aff597e4b27e2cfc Copy to Clipboard
SHA1 2f374cd0d4e6a22e1bd2aaea050c5e26d528559e Copy to Clipboard
SHA256 56e8f0fe070ff7852b85f6cf674f030a250c263014ea8bd84ba741a999a80278 Copy to Clipboard
SSDeep 96:IDD/V0q/y015eHrNdOmZ5FQ9dJ48PFWhNXtTH2FlTKzImjlh:IPtsuyrNYmZcyN9LMmZ Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Severity Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
Malicious
C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\Office32WW.xml.id-9C354B42.[restdoc@protonmail.com].zoh Dropped File Stream
Malicious
»
Mime Type application/octet-stream
File Size 4.42 KB
MD5 44eb42090084a1bc966602e2f7e35282 Copy to Clipboard
SHA1 a14d057f5290ad89dd70ae86936422741905ba93 Copy to Clipboard
SHA256 fa775d29a32c62aed448c35ccdc565ae3e5cd9cc0d1c1c77f0dfce3570b271b1 Copy to Clipboard
SSDeep 96:keV8l+z790Kk6iAJPsROmRMfgXZ+df0By6Ud3ADCLNw3O0L:kaLfJOABsROmagXZ+fN3ADCxw3V Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Severity Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
Malicious
C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\pss10r.chm.id-9C354B42.[restdoc@protonmail.com].zoh Dropped File Stream
Malicious
»
Mime Type application/octet-stream
File Size 26.79 KB
MD5 88d01273c2056f13d57bac57544f1c1b Copy to Clipboard
SHA1 7d3197386e81438e2b916c56f465d2c9238f0e85 Copy to Clipboard
SHA256 ac0b3880fb2c1ceb460b9a26c4cf701f0807724f4c9d2ed501ae1ecf359a70b1 Copy to Clipboard
SSDeep 768:krPDsgnW9x5McMopIbM2EOCu9BUSo4JEcmuu:kVW9nMRopI42vFn1JEzuu Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Severity Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
Malicious
C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\AccessMUISet.xml.id-9C354B42.[restdoc@protonmail.com].zoh Dropped File Stream
Malicious
»
Mime Type application/octet-stream
File Size 1.05 KB
MD5 d8555506f951f689c9ce913a5e9ca02e Copy to Clipboard
SHA1 f6f8609bd0650554ec9ca74f8e14b6fa45a7db1d Copy to Clipboard
SHA256 df3a34c75a2eab22eadd2869ed673ab93a8801112be83a52f965b735efd64f34 Copy to Clipboard
SSDeep 24:6C82zZYc0FOmUswREnT2V0LvseCdxhbE56WS2QyM3eoT:dhfsDnHv0xq5E2Qx37T Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Severity Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
Malicious
C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\Office32WW.xml.id-9C354B42.[restdoc@protonmail.com].zoh Dropped File Stream
Malicious
»
Mime Type application/octet-stream
File Size 4.42 KB
MD5 eb6f404c201e1873784f4e9a8ed82fad Copy to Clipboard
SHA1 f55cd7cacfe7d6f2d8037a1e1818cdc70b80d947 Copy to Clipboard
SHA256 43a0a570ee3e4e6e675133c8317eb457f2f860c091bc734da3c1fb7cb3b88751 Copy to Clipboard
SSDeep 96:Nc/XNeRIXPTSkI5dWUVKNZXB4ZJ4gwHF5KL:NM/HI5dWnZUXwl5w Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Severity Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
Malicious
C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\PrjProrWW.xml.id-9C354B42.[restdoc@protonmail.com].zoh Dropped File Stream
Malicious
»
Mime Type application/octet-stream
File Size 6.51 KB
MD5 8b6bd0bb9c7dabf1c70e91bd2d6cbe83 Copy to Clipboard
SHA1 56a80c753017f8cc192b5c6757da64d034d8fe50 Copy to Clipboard
SHA256 17ebf33a85787ae62d82530581742225fb2f6a03e86d6d1386310d29a9d8a7d7 Copy to Clipboard
SSDeep 96:cV7ZM0uYHPD3N7/zbS3Ss9cuK/MOqdSaSIJWa28c+J/KuS5FR8cwsn9VdtU5h:cV70cPTN3q59A3qdSwxc+J/RyXdtUL Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Severity Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
Malicious
C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[restdoc@protonmail.com].zoh Dropped File Stream
Malicious
»
Mime Type application/octet-stream
File Size 16.52 KB
MD5 abb11ef437bab1173febde3915782539 Copy to Clipboard
SHA1 4978dd582d51a16c052a4a9a908f362704d3b422 Copy to Clipboard
SHA256 108136617fca9f8f111e2183bdf825b1e40023a6d6d19d94799a17e255d99eef Copy to Clipboard
SSDeep 384:HMJnhzYcEdfx5HAs5T46SElFsh8Hm8ijCwKLIRu8r1:inh0cyfvHHTiEQITijCLcRu8p Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Severity Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
Malicious
C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\ProPlusrWW.xml.id-9C354B42.[restdoc@protonmail.com].zoh Dropped File Stream
Malicious
»
Mime Type application/octet-stream
File Size 16.70 KB
MD5 1bc41fd277eb7ba2f530be281bf92493 Copy to Clipboard
SHA1 4ea6910bd5a5ec9ac3e2f240ee4848806e89fd01 Copy to Clipboard
SHA256 cdeacd97c338b17cf49a38e53a87a5c8bc5bf7491a88769f365f0e897b4365f0 Copy to Clipboard
SSDeep 384:rDVEqtnS05mhWo4w9TXR+6AyNd8CxdfFjhzDPQQ:tE6XVYVvrffFtYQ Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Severity Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
Malicious
C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[restdoc@protonmail.com].zoh Dropped File Stream
Malicious
»
Mime Type application/octet-stream
File Size 20.33 KB
MD5 018d7e744bff1df6529ac5842fa5e3fb Copy to Clipboard
SHA1 012b472793e68b38042b66fb4fae52b3192a070a Copy to Clipboard
SHA256 ac8f23d7b23b55c3355887e97f5a0e07c783fb623b4387ae02d86e4fd9c16726 Copy to Clipboard
SSDeep 384:NHqMJFdiyc2cPNwkEbOYg9A9r2c1lCcpR222o+BwNW/E3pmij:NHqMJFdzc2cSpgaFPr22oF2m8 Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Severity Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
Malicious
C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\VisiorWW.xml.id-9C354B42.[restdoc@protonmail.com].zoh Dropped File Stream
Malicious
»
Mime Type application/octet-stream
File Size 8.76 KB
MD5 7a545094c369c49474a5152ebf225a18 Copy to Clipboard
SHA1 368c63c2a4036c65fafeed3d633158a4c33a9248 Copy to Clipboard
SHA256 823b1ceb6e3a9acd7ee860b446208e40319669ea2f74ea9bbb06962df28aa4f9 Copy to Clipboard
SSDeep 192:We/059SoTQxRtUjND+zT8HiIf75Dfp5G4Ed97I2:DnROd+/5IDRW1r02 Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Severity Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
Malicious
C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.EPS.id-9C354B42.[restdoc@protonmail.com].zoh Dropped File Stream
Malicious
»
Mime Type application/octet-stream
File Size 14.94 KB
MD5 b514d8766ea81dbd16b83e6399e5049b Copy to Clipboard
SHA1 91ad1225131cdcfb7e2d2e109ba499c3b40d1eed Copy to Clipboard
SHA256 84ace4e0b5fa1a0a1cb2ca4fb3ab822ab89811d46f1660bdcf117f15fad995bd Copy to Clipboard
SSDeep 384:WlINV8A7bN6Ykelk20UwRQ8ld3Q9UW/MsjDZdob9qpFCqvBj:WlINJJk2a7W/McdaqpMm Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Severity Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
Malicious
C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[restdoc@protonmail.com].zoh Dropped File Stream
Malicious
»
Mime Type application/octet-stream
File Size 30.60 KB
MD5 f42e040e2c744a05f2bf965a9147f4a6 Copy to Clipboard
SHA1 ef75d06a9dbce472c4a18363cd39fa98c056fa15 Copy to Clipboard
SHA256 e444894fd672022e618be8388c7813a776fa1623ae765dc80986102a03ebc184 Copy to Clipboard
SSDeep 768:XeVNiwhdn4Uu17nxDNErukGSQnIYas3auA1MucVUme9FnWvIYLX1e:2j4Uu17Z+MFx/aF1Vpo1e Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Severity Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
Malicious
C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.JPG.id-9C354B42.[restdoc@protonmail.com].zoh Dropped File Stream
Malicious
»
Mime Type application/octet-stream
File Size 1.27 KB
MD5 7f07aeadb18ba6405a7dcec5a98401b4 Copy to Clipboard
SHA1 4bee1674f256a6d3f35aa07c94bc57d049cd0d8b Copy to Clipboard
SHA256 fc718c5e9cd20fecc176603004f464c387e1e73095bf32d3927c91b9069e43f6 Copy to Clipboard
SSDeep 24:eFIEDDIxrmDranhlbxc2274+P2uCu3p/NqDk/ENBEQZbypeoH:eFIFxWmhldS4+P2uCuFIBHbc7H Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Severity Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
Malicious
C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.PNG.id-9C354B42.[restdoc@protonmail.com].zoh Dropped File Stream
Malicious
»
Mime Type application/octet-stream
File Size 1.88 KB
MD5 41f901096a554368619fc6a9e11c13ac Copy to Clipboard
SHA1 3dcb4e68009da94da049dc719a9110030cd2d013 Copy to Clipboard
SHA256 2c37a721eef54b3322729e97d60da99d9041578a983c0d960765bb62020ed8cb Copy to Clipboard
SSDeep 48:ZXpb2AteulhVU5E2tpYgCQf8Uf2ORBDeky27H:vbB9I5EHIEU+ODl7 Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Severity Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
Malicious
C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\Office32WW.xml.id-9C354B42.[restdoc@protonmail.com].zoh Dropped File Stream
Malicious
»
Mime Type application/octet-stream
File Size 4.42 KB
MD5 f2f6584793869f11d772af3dba953b31 Copy to Clipboard
SHA1 c437aaa1040f2b4595db5eb423f7e5a12e50c362 Copy to Clipboard
SHA256 277354983ef6843822019cf62ea7671d8b6944ff1e27e89d2b9e9cecff2a7472 Copy to Clipboard
SSDeep 96:/6fjeH/J1oQjo7tE3rekLrl+d6qYGpcMO4tkqRL8ZLseL:/ijeH/J1bj8bkLrqYP34tkB Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Severity Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
Malicious
C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.GIF.id-9C354B42.[restdoc@protonmail.com].zoh Dropped File Stream
Malicious
»
Mime Type application/octet-stream
File Size 1.27 KB
MD5 10423f776463bf7d6ae7c4ab9cf98a3e Copy to Clipboard
SHA1 1123eea06de7d22050a2762f490871a50eb4e97e Copy to Clipboard
SHA256 d5e18119d2a1c90ce8ef7b4b19a8bb8c3f32f9b401d9344628fc61bef4bc650a Copy to Clipboard
SSDeep 24:bvU7tZmTeZVI8w34393qyxHJ28m4MEKa6xMNrF2ltzW+jUZyFFeoH:bvA+JsxlG/JEKa2orUHjQYF7H Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Severity Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
Malicious
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Access.en-us\AccessMUI.XML.id-9C354B42.[restdoc@protonmail.com].zoh Dropped File Stream
Malicious
»
Mime Type application/octet-stream
File Size 1.56 KB
MD5 a4601843dc7e2c8a5b7752b7f841ec9b Copy to Clipboard
SHA1 e3392419b0f5617dc95cf8170f6676d7452856ff Copy to Clipboard
SHA256 451044a715f36b2560f045bb527649a7be831771928337b5089a32670010d475 Copy to Clipboard
SSDeep 24:A0h32f9BApsaB0AezHRKljZioc3ssUZ7LitMYWSpyRaeot:AbBSWAeAZioc3sZdLiCOpZ7t Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Severity Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
Malicious
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Access.en-us\AccessMUISet.XML.id-9C354B42.[restdoc@protonmail.com].zoh Dropped File Stream
Malicious
»
Mime Type application/octet-stream
File Size 1.05 KB
MD5 0cce90ab2fe7abb4cb726c2d751f115e Copy to Clipboard
SHA1 70455e809148820803d2b56b7a794b73dd061ac8 Copy to Clipboard
SHA256 7b57b1c85022e83ae16442b053d1e51021e0b5f0e347d599b9e42d7ffb41efcb Copy to Clipboard
SSDeep 24:RHdfjhvX0GpZj5QWzg30eOguDzbao86A6lFFSwo3WS2wyj4neoT:RHd665Q0gv+Xj86A6lFow62wLn7T Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Severity Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
Malicious
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Access.en-us\SETUP.XML.id-9C354B42.[restdoc@protonmail.com].zoh Dropped File Stream
Malicious
»
Mime Type application/octet-stream
File Size 2.80 KB
MD5 56d43958a6f7dbdf9b25cea52b98d768 Copy to Clipboard
SHA1 cc092d185bbcc958cf971c88ca3b978e1e595304 Copy to Clipboard
SHA256 83108aa8e23e4f2b357d9f2e182970e9787c4bc037372975a8dea5a7de315398 Copy to Clipboard
SSDeep 48:uPbbE2ndEbinHgVHU7hG9Zj/6jRVBG/RdDZlrYQe5jKwD2i4dPE9QsulI9pYN7F:pcmsgVHUVGjz6jRfwtlrYQvwiiIE2sHQ Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Severity Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
Malicious
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Excel.en-us\ExcelMUI.XML.id-9C354B42.[restdoc@protonmail.com].zoh Dropped File Stream
Malicious
»
Mime Type application/octet-stream
File Size 1.76 KB
MD5 6c12e4676b2509d0e1c55bdb8261362a Copy to Clipboard
SHA1 e51f5dc0ab2e19c6fe82abc61f26527d3d283826 Copy to Clipboard
SHA256 1bf14f3d076bd98871f4e1ba4099e23a93d12f1855a9b5e3794f36e0ab85310d Copy to Clipboard
SSDeep 48:ejxbY2DCwq6vgHRN7ZbOQEoRl0MOlnUFmQpmmmp2F7r:8fqVZqEwpFWpma3 Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Severity Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
Malicious
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Excel.en-us\SETUP.XML.id-9C354B42.[restdoc@protonmail.com].zoh Dropped File Stream
Malicious
»
Mime Type application/octet-stream
File Size 2.47 KB
MD5 1848aa0095e50c81a2d7764810fc0235 Copy to Clipboard
SHA1 84699c6121279295c67167504531c4946ac59118 Copy to Clipboard
SHA256 9b73586179f0d069d0d8751cde8cd04f19b3c3f0d2efb9f595abb08aada4e8e2 Copy to Clipboard
SSDeep 48:EH0wI/LwxHTRko6LJGxwL5nWoF5uKiv5PvZsyulHRTqYA07F:EUwITwhCoCJGxA5nW4uDvtvqzHhqT05 Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Severity Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
Malicious
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Groove.en-us\GrooveMUI.XML.id-9C354B42.[restdoc@protonmail.com].zoh Dropped File Stream
Malicious
»
Mime Type application/octet-stream
File Size 1.14 KB
MD5 eccc5325e15867d1dd56c0a2e829dcf7 Copy to Clipboard
SHA1 d4029d01290ffd6cffb4eb3b3a7fe667d7857964 Copy to Clipboard
SHA256 1cf7d12e1d11f7367d552f2d516259803cb455c910a91453ce42336d8da2da32 Copy to Clipboard
SSDeep 24:7/qCzF0MQ+Nf4RLteSlFMKTSDo7ifsabBjsbpzRiQP24GDEpygKFeot:mCzFWEIrlFMKTSDocTFCzRiQxDpXg7t Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Severity Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
Malicious
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\README.HTM.id-9C354B42.[restdoc@protonmail.com].zoh Dropped File Stream
Malicious
»
Mime Type application/octet-stream
File Size 2.13 KB
MD5 9e76696ec36651567552406d1261c31f Copy to Clipboard
SHA1 a02aac4ff86748f010f3e2398663472e2bbde828 Copy to Clipboard
SHA256 f99fbac37641fd981dd76d12145b2e81301745699db3f2fff3189246143db3e8 Copy to Clipboard
SSDeep 48:P6LJJxG28P6zmsQpwWitwW5Ooxy+cpZWrtNXG16g900zikjHuIN0y4W7v:AJJu+BQUFQCyJpsxUzBn9vj Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Severity Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
Malicious
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Groove.en-us\SETUP.XML.id-9C354B42.[restdoc@protonmail.com].zoh Dropped File Stream
Malicious
»
Mime Type application/octet-stream
File Size 1.65 KB
MD5 6b028371d5007262d8ade0481d13e87a Copy to Clipboard
SHA1 2ce0ccc0e5f955f53ba6982d26984fe6ae48de69 Copy to Clipboard
SHA256 ae0924238b809c78e1c0878d990c6cc301e4e3f88f04e51405ac451dfcc9a508 Copy to Clipboard
SSDeep 24:Gt0VHuTmPoznemWe9VzfFtcQ1yOEqRBCKLbT+xCu94YM5AgK6y4Srv1DfwYyvjeW:C0VOhqqt3fE2CKLbT2CuCAT6ynx4YK7F Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Severity Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
Malicious
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\BRANDING.XML.id-9C354B42.[restdoc@protonmail.com].zoh Dropped File Stream
Malicious
»
Mime Type application/octet-stream
File Size 582.61 KB
MD5 36da7abcf32422d28b1db851efeedaea Copy to Clipboard
SHA1 8c2935dde2c7fb1833b356c69c90a08ae59eec60 Copy to Clipboard
SHA256 eb363c74cb8643d047392bc16e6732eb26c6fd621e5e33f358479cf0988522c8 Copy to Clipboard
SSDeep 12288:1li52uRD8deRNhcJUbYZPS7uUJAOLKz6yKCSLUG4Vptv818aV6tB658W:1lRud4iIdoNLKWyKQztv8yaI3dW Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Severity Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
Malicious
C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.en\Proof.msi.id-9C354B42.[restdoc@protonmail.com].zoh Dropped File Stream
Malicious
»
Mime Type application/octet-stream
File Size 855.24 KB
MD5 3fbc779122a22a3eaaa65047f5e4f5e1 Copy to Clipboard
SHA1 97c4f1040ef7e9a5c12be1516c0fdcd6d227aede Copy to Clipboard
SHA256 3f1f34d3d4951b630785e095e8a1ff7e00b53ffdced34058d61d00930bb3c292 Copy to Clipboard
SSDeep 24576:x2Chz44LFB/DmCXmVm/FB84brhciYeo6TNgwtf:x2044LFtvXmVY84bq4gwtf Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Severity Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
Malicious
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\InfoPath.en-us\InfoPathMUI.XML.id-9C354B42.[restdoc@protonmail.com].zoh Dropped File Stream
Malicious
»
Mime Type application/octet-stream
File Size 1.44 KB
MD5 c259a5b3432d608248af1e5178bcf158 Copy to Clipboard
SHA1 ec28d79165cc0550f311a17443b6fc3d0aa10e93 Copy to Clipboard
SHA256 1a776aefdb99ee8d58a84daeb59837dbd06f11b9f190e07a2b332940242db600 Copy to Clipboard
SSDeep 24:cecO8U/xXwlGyz/N1tl3FLSaK6JaJqAYqcckXq0T+TMPho87oTDdDe/eIpyleop:lxX4z/T/FLSCJCqFccZxPXEDdDupQ7p Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Severity Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
Malicious
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\OfficeMUI.XML.id-9C354B42.[restdoc@protonmail.com].zoh Dropped File Stream
Malicious
»
Mime Type application/octet-stream
File Size 5.67 KB
MD5 52e3d0eb903300c4b354d18347dcacae Copy to Clipboard
SHA1 14fc14a1a46d07e945f6f8e65d964be6530ab0d6 Copy to Clipboard
SHA256 843067e8dee07352563d2e920b4633c7f0c9db99c4bbbf515fddd059544f6967 Copy to Clipboard
SSDeep 96:KPY0b//GcXacd48Xe9+QrIpb5xV1kyWhtCrDEdUFKGsxbK4QbxpwkGxMqalwh:SBb/Xf489QEpbdCyWh0EdUFjstK4Q7wB Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Severity Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
Malicious
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\OfficeMUISet.XML.id-9C354B42.[restdoc@protonmail.com].zoh Dropped File Stream
Malicious
»
Mime Type application/octet-stream
File Size 1.05 KB
MD5 9a0f82224c5a1616be1af366952b5107 Copy to Clipboard
SHA1 a404e6706ad0f69170cb95b3dbf8994777ce935b Copy to Clipboard
SHA256 e9dc8c0699e7f27c9ec20932c45533e5ca34dde75cc6b2eb76527c7c4895e4fd Copy to Clipboard
SSDeep 24:TWd4KuM11688S06R15Ud2kVmcHlVTgBRM7GS2wyjeoT:TWdcnbwkVmcFpy5S2wG7T Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Severity Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
Malicious
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\PSCONFIG.CHM.id-9C354B42.[restdoc@protonmail.com].zoh Dropped File Stream
Malicious
»
Mime Type application/octet-stream
File Size 37.04 KB
MD5 f8076b73bd141a56941d29c8d4ef75a3 Copy to Clipboard
SHA1 5f5094c03daab9a56379729acdab7637deecba4e Copy to Clipboard
SHA256 637f20f572c247fc16519d055228f43fa48794e204241169dab4c683f726aace Copy to Clipboard
SSDeep 768:HrcjaLhcQzfz2NqkeGdM30ZupNRUR23NN2gNlg:HrcmLhcQrSN2GdM3JfthNO Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Severity Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
Malicious
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\InfoPath.en-us\SETUP.XML.id-9C354B42.[restdoc@protonmail.com].zoh Dropped File Stream
Malicious
»
Mime Type application/octet-stream
File Size 2.04 KB
MD5 4d326dbe625a15505b26cf306c1da336 Copy to Clipboard
SHA1 d5df82973aed29baad47caad90916caf3d64665f Copy to Clipboard
SHA256 9b9249c88cf684f2ce7a841026539e2c6c6f77edcfd569e43064750d334ed09d Copy to Clipboard
SSDeep 48:8Fo2ufJhJ7nSc07qDhXzZEUST/WE7RI7+4Yp7F:WufJhlnf0+Dh21T/27H05 Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Severity Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
Malicious
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\OCT.CHM.id-9C354B42.[restdoc@protonmail.com].zoh Dropped File Stream
Malicious
»
Mime Type application/octet-stream
File Size 69.80 KB
MD5 57ec3f547cd4cd2873ae733668caa167 Copy to Clipboard
SHA1 e053106b7b8dfb39ec33ff37c95dd763fda7745d Copy to Clipboard
SHA256 b67f06ecef52288f512d72471aaa9425e4a3fb1ddf0f5d4b9536c81da7a544a5 Copy to Clipboard
SSDeep 1536:jq9awp14DRvP2MvcFFBvFoK9pIb6T9DJVJKls8E:W46sRvPNsMK9089Dcls8E Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Severity Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
Malicious
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\SETUP.CHM.id-9C354B42.[restdoc@protonmail.com].zoh Dropped File Stream
Malicious
»
Mime Type application/octet-stream
File Size 65.85 KB
MD5 e6fd30b421de0f75c234d380193fa8c4 Copy to Clipboard
SHA1 fdc0862038089ed17fbfbdf616ba60238985a7d3 Copy to Clipboard
SHA256 cd2dbbf63f6be804de152e3e92e12f7fddf12f53e3109149e92ffb7d11dda8cb Copy to Clipboard
SSDeep 1536:cEU4KzqskSQRxOAw0miRIN19siqtBz0u7VHU+sX/oI:cX4KFQRxON0VyEiqTgi5sX/x Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Severity Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
Malicious
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\PSS10R.CHM.id-9C354B42.[restdoc@protonmail.com].zoh Dropped File Stream
Malicious
»
Mime Type application/octet-stream
File Size 26.79 KB
MD5 bec1904ca0d9743da129314c61d991b3 Copy to Clipboard
SHA1 6a95585106d5d4d9f42e62200f7d0ca1f42a6e76 Copy to Clipboard
SHA256 c3c82d84752917a93c6f0b72b416fe31db0bbbd9a5a90ab91e9035de64e73720 Copy to Clipboard
SSDeep 768:GH7LYVao2MdS4I+nkVFnpQFMkL2z9ZT5OzSxY1ZXO:Gbaa6SZ+enpLk09F4fo Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Severity Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
Malicious
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\SETUP.XML.id-9C354B42.[restdoc@protonmail.com].zoh Dropped File Stream
Malicious
»
Mime Type application/octet-stream
File Size 9.37 KB
MD5 098f430d14f8400e2f83571cf69767e8 Copy to Clipboard
SHA1 9a6b358c883a1609d38feea439ad44b2efbdcd0d Copy to Clipboard
SHA256 8415f84d430c92af16dc3128969fd7697ff311b224d83014358b4d48503fbce8 Copy to Clipboard
SSDeep 192:8GduUUWykk79Qv/SYFfm1mQo06grfMdR+ZEfoHtA2+COaySkL/RFyxDU:8GdunWyX79BYJOw06/ct4CTkLZFT Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Severity Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
Malicious
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office32.en-us\SETUP.XML.id-9C354B42.[restdoc@protonmail.com].zoh Dropped File Stream
Malicious
»
Mime Type application/octet-stream
File Size 2.54 KB
MD5 cb5721e9f1d14d787f6831adb1ebebd8 Copy to Clipboard
SHA1 31281b89997e7b9ab2693f606ce7e372da42a844 Copy to Clipboard
SHA256 be1bf0fb417221490058b00d7566e32b4715e5c75702f66c29c4f13aedb88377 Copy to Clipboard
SSDeep 48:Ldp2e+TVn2O2KWINP+AoBORKeJU4okDTCEf33I6PcdVqIAaYN7F:LzH+TV2NUdJtokDT5/bPuc5ag5 Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Severity Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
Malicious
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\OneNote.en-us\OneNoteMUI.XML.id-9C354B42.[restdoc@protonmail.com].zoh Dropped File Stream
Malicious
»
Mime Type application/octet-stream
File Size 1.81 KB
MD5 bcc9ec22efc20f67e3cd724dbd610094 Copy to Clipboard
SHA1 5f1afa794aa8f47a3e9fbcc9cd20719c285d098c Copy to Clipboard
SHA256 58740175315db73b7e11ad5cdb22d4888fcbc5b6e05243dd0247f8cf717c514d Copy to Clipboard
SSDeep 48:1OxuB3hzKtItUwhH7nSW2x3G8NJZpwf7X:ExY3kOtUy43tJuL Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Severity Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
Malicious
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\OneNote.en-us\SETUP.XML.id-9C354B42.[restdoc@protonmail.com].zoh Dropped File Stream
Malicious
»
Mime Type application/octet-stream
File Size 2.18 KB
MD5 ee81381068d922dd5ac09d0e52c7b787 Copy to Clipboard
SHA1 6e6094fd8df9d92995e8908b4424d48c9bf04edb Copy to Clipboard
SHA256 9df934d2d6543983be513de20da41d27642d096b71d5dd384548f42d3c4368b9 Copy to Clipboard
SSDeep 48:xEYakURFRj0IEDOof9XXfZAvRVK3uUv+m8Deiu5TmgqY7n7F:SYakiFRDIOof9XvC71y+m8dwmgqC5 Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Severity Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
Malicious
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office32.WW\Office32WW.XML.id-9C354B42.[restdoc@protonmail.com].zoh Dropped File Stream
Malicious
»
Mime Type application/octet-stream
File Size 4.42 KB
MD5 0f6dffbbe19c10ed727a34aad715ce14 Copy to Clipboard
SHA1 7a41027fe79c91398b60dfb336a0b39616c1338c Copy to Clipboard
SHA256 afa881e281c9b1921dc0c05c2644184c7858c5284a9fc52952e92fa260c1cd4b Copy to Clipboard
SSDeep 96:OMLTIvhhqKcW6jIp0veDCqPakQFUBO7WBtVewqyvgL:OrvhhDcRIHDbzRBvBe66 Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Severity Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
Malicious
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\PSS10O.CHM.id-9C354B42.[restdoc@protonmail.com].zoh Dropped File Stream
Malicious
»
Mime Type application/octet-stream
File Size 26.54 KB
MD5 924bb4eece1dbc72784d2331536a0298 Copy to Clipboard
SHA1 ac6a6ebc81baa68c3ae10ff42e63646687388c1d Copy to Clipboard
SHA256 01c0b882b7b10f11b819a82303ccdbd00e46438e17c1e6018ca6178f3648dc39 Copy to Clipboard
SSDeep 768:OsOCQQf3jQ0MCiCKSci3F0aSYHEo2xRVRxnV2QQnmwf:7HPjQ0sSzSYHR2xRTxV2Qamo Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Severity Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
Malicious
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office32.en-us\Office32MUI.XML.id-9C354B42.[restdoc@protonmail.com].zoh Dropped File Stream
Malicious
»
Mime Type application/octet-stream
File Size 1.60 KB
MD5 f1b2edfc9793904f1e0fb1b701247c46 Copy to Clipboard
SHA1 21fc35f6704de5780a0ef980e2eb5c7741e3712f Copy to Clipboard
SHA256 9648c7d50aca1432e65426da4beb2f598d95ef7b36c54e0595b0246b6da4823f Copy to Clipboard
SSDeep 48:jrdR2ZFc5LN0fswSt2mmBK/ODS0CQyxVvH1pR7p:j5R2ZFc5LNYM2NBtDS7RxVF1 Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Severity Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
Malicious
C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.es\Proof.msi.id-9C354B42.[restdoc@protonmail.com].zoh Dropped File Stream
Malicious
»
Mime Type application/octet-stream
File Size 860.74 KB
MD5 15ad1657ad91f8bd9da1185eccbde0eb Copy to Clipboard
SHA1 a410ec500f4b5c736144a987deee8bd5f7164f31 Copy to Clipboard
SHA256 47bdfc77e236149ceb5770754e431b1824174fbf57f799191fe4d0fb9cb1dedb Copy to Clipboard
SSDeep 24576:JReLKEpBvNtHV/pg+xv+tc5d6N6M1nQz/9z0p0v:bMdr/jvQ31Q7+pe Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Severity Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
Malicious
C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proofing.msi.id-9C354B42.[restdoc@protonmail.com].zoh Dropped File Stream
Malicious
»
Mime Type application/octet-stream
File Size 848.75 KB
MD5 6eb23adde6aca840b7e2b8024f35b89d Copy to Clipboard
SHA1 54e2d658781a80f20ab07c15a62f914464fdc0cd Copy to Clipboard
SHA256 53d86505f0478d3fbbc9309a92e4167af4fe2932d1ed6db8e9065d7c29afe5da Copy to Clipboard
SSDeep 24576:jLQ+VUbQvcI3Gbb46XinLK9z+M7MzPX7RmWtQUqe:XQ+ybQkiGbhiIz+QgPLRVpqe Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Severity Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
Malicious
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\PowerPoint.en-us\PowerPointMUI.XML.id-9C354B42.[restdoc@protonmail.com].zoh Dropped File Stream
Malicious
»
Mime Type application/octet-stream
File Size 1.66 KB
MD5 250e149f4a77e1bb292d7350125c6c0b Copy to Clipboard
SHA1 9503967f2c6594b3c77b6927809edc1d45e1369f Copy to Clipboard
SHA256 e0552d8149ebdbd3fe22b423cefd94d747f459d3925cf956a9c40bd6acdcb924 Copy to Clipboard
SSDeep 48:zJ/Dg4rRkjxx7nvcuAaqe5oieLCtda+3iJzKjLtpRB7V:9M4Vkjf8aqSolYdzyJiBJ Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Severity Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
Malicious
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\PRJPROR\PrjProrWW.XML.id-9C354B42.[restdoc@protonmail.com].zoh Dropped File Stream
Malicious
»
Mime Type application/octet-stream
File Size 6.51 KB
MD5 71d6428169c1452ccad9b4edb6208f32 Copy to Clipboard
SHA1 5df93b60bd22b6f8be6ab1e78211cc66b1cbea3a Copy to Clipboard
SHA256 e3dc638679a69edfadd9d3fbf17422381282a8fbebe20619a257629274bd99e9 Copy to Clipboard
SSDeep 96:FJ9j+0mzyHsZY2AvedZ4skkqmrhE9t1x0V9yiIMv48Cp7tWdGqEvivbndch:DVmzyHsvs+a7mru10R4bpQBEvEdo Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Severity Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
Malicious
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\PRJPROR\SETUP.XML.id-9C354B42.[restdoc@protonmail.com].zoh Dropped File Stream
Malicious
»
Mime Type application/octet-stream
File Size 16.52 KB
MD5 62b9c9c20a7254741215fa06e5bab796 Copy to Clipboard
SHA1 50431c473832a8db9c22f101c2cb17468a0ee457 Copy to Clipboard
SHA256 50f3705e174ab4511ca20ef7b3b0e9b12607979f80d95bb13165dd854de70f9e Copy to Clipboard
SSDeep 384:2/Ikm8loFoxmVEmFQ6ycIq3+mD7lCMForQ2G9y:WI1hyKFQVO++Groy Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Severity Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
Malicious
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Project.en-us\ProjectMUI.XML.id-9C354B42.[restdoc@protonmail.com].zoh Dropped File Stream
Malicious
»
Mime Type application/octet-stream
File Size 1.66 KB
MD5 2e5d8ef7e2a29d831596b3d0b5ecbfa8 Copy to Clipboard
SHA1 4eafb9871299914e571c48160fcc6afba4fef41b Copy to Clipboard
SHA256 9be1cc2bc1a7511bc5392f0cd3d382d84c88339055dbf8cacb873f30124b7dae Copy to Clipboard
SSDeep 24:CbtEEkGoamx069c0YruQ0Mx/CAwB88xpfeX8P4oYgKZ0170snMkIjQpyAyeoX:C6Ha6Nm0YrSfp88OgKUYQppy7X Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Severity Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
Malicious
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Outlook.en-us\OutlookMUI.XML.id-9C354B42.[restdoc@protonmail.com].zoh Dropped File Stream
Malicious
»
Mime Type application/octet-stream
File Size 3.36 KB
MD5 e76784e5f1a61f34bb0e2803c724bc89 Copy to Clipboard
SHA1 90c9c82706225493555eb5a984c53cd390a9cd2a Copy to Clipboard
SHA256 f4e923b0fc27af101aa59206d6efb6be6337190a27c097cb68447c19f177a680 Copy to Clipboard
SSDeep 96:df7Pg9wS+EFVSNkajaedBl2PGDLNbIIcdcswKz0MUdjL:dEK4VKkaW8BcPGDLCPmsKx Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Severity Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
Malicious
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Proof.en\Proof.XML.id-9C354B42.[restdoc@protonmail.com].zoh Dropped File Stream
Malicious
»
Mime Type application/octet-stream
File Size 1.55 KB
MD5 01b5bc734787b834542ce14154d4d40d Copy to Clipboard
SHA1 69fbf013679bc2220af4224ef1b5312b8e6460cd Copy to Clipboard
SHA256 95af48ff6b4f44643ff9987d97df67df3e490425640db91b84d68ea61a3ef2fe Copy to Clipboard
SSDeep 24:Hs7SM83TCK2bDt+Kp3TBJARenBm6HGISj35YBO4KUYy5TBIXMsl4KFLNv7bQyaeW:pM8jsbDhQenBS5YBO47fpBoHFpT8L7F Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Severity Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
Malicious
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Proof.es\Proof.XML.id-9C354B42.[restdoc@protonmail.com].zoh Dropped File Stream
Malicious
»
Mime Type application/octet-stream
File Size 1.66 KB
MD5 3c394dcae69f3af7cac4f8224136b244 Copy to Clipboard
SHA1 ae713da87e775dda55e50ec641903bd9ab446431 Copy to Clipboard
SHA256 2364908eec7f62fbb714ae89fc4ed95038d6d381d4e729ac34449555d2e3da17 Copy to Clipboard
SSDeep 48:7gKDt2shnYCKICFcokvZk6iXw95JPCfEeqz7F:75tYCKFFNkW0JPOEe45 Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Severity Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
Malicious
C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\Office32MUI.msi.id-9C354B42.[restdoc@protonmail.com].zoh Dropped File Stream
Malicious
»
Mime Type application/octet-stream
File Size 853.75 KB
MD5 a2741c43719794177b557d4ae71cbbc8 Copy to Clipboard
SHA1 fd7e9ffdbf7cbe3975539e5b206a0c1816c67171 Copy to Clipboard
SHA256 aaa10c1564b2e837e32c2776bbd3f6d8ec2e48b940aa5be288ed4159f5204950 Copy to Clipboard
SSDeep 24576:U3a5Zow9A+ExeOvNHdRwuHimi5a3EZntkI:Ua5vEkOvN9axw30R Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Severity Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
Malicious
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\PowerPoint.en-us\SETUP.XML.id-9C354B42.[restdoc@protonmail.com].zoh Dropped File Binary
Malicious
»
Mime Type application/x-dosexec
File Size 2.07 KB
MD5 05ecb5032e2ec4548428cb191f8dfe2b Copy to Clipboard
SHA1 1db499c8f18261aff4a5b267ec42d67c7ad129bb Copy to Clipboard
SHA256 43675de2f03c2aff1a470351bbb11e77148263c34f8ca5b7bd4f7f78e84eebd7 Copy to Clipboard
SSDeep 48:DLu67D5OKPFlywRQrwOEZrHnrZeiP86noHIhpsPvN/kN7OcYz7F:WcOKPFowWEZrH9eA1nowmPvFktlS5 Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Severity Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
Malicious
C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.fr\Proof.msi.id-9C354B42.[restdoc@protonmail.com].zoh Dropped File Stream
Malicious
»
Mime Type application/octet-stream
File Size 865.24 KB
MD5 7989a32854b80401b95864dc7dfd3d39 Copy to Clipboard
SHA1 7397fda8a5c257d874c69367ef1514c54fff203e Copy to Clipboard
SHA256 4890762de6cd260ca5f61f965c6af83636967be8056e81f8823f6dda48ac6b58 Copy to Clipboard
SSDeep 24576:UJlz17UJy0QXblOF8a3BHs0R7/49DkGWos:s6J/Qxa3BMu7/494Gm Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Severity Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
Malicious
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Outlook.en-us\SETUP.XML.id-9C354B42.[restdoc@protonmail.com].zoh Dropped File Stream
Malicious
»
Mime Type application/octet-stream
File Size 4.33 KB
MD5 9e35b4b7bdd64800861fb1f3a6c257e7 Copy to Clipboard
SHA1 291e19a8bfb88de95e79e6f9ab9b5258a5dde849 Copy to Clipboard
SHA256 513528656ca41b22d39a27bd37f8fd98dc2088ffde1c4b534a62f1ecaeb6228e Copy to Clipboard
SSDeep 96:DQ7YsiqIw+h2J1YNqLakOZmDpw6UXueNJySCKBQg14fdOFUB6Brezx5:D4rjb7xDpud/9FCfO86Br4 Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Severity Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
Malicious
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Proof.fr\Proof.XML.id-9C354B42.[restdoc@protonmail.com].zoh Dropped File Stream
Malicious
»
Mime Type application/octet-stream
File Size 1.66 KB
MD5 7ffe53fa9da8fb54caddab0f6f606871 Copy to Clipboard
SHA1 e1000a7edf3f965dae53948f7a1ab2ade6595350 Copy to Clipboard
SHA256 278ddf632ae615bfcba1e11be26ac544dfefd06bd81776206854b793be034bb2 Copy to Clipboard
SSDeep 48:Q+WLs4H9y29fILggoRJ8FeewEeAu9W4s9Dwo+S7F:hP4d1QcJiiEv4FYDPR5 Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Severity Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
Malicious
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Project.en-us\SETUP.XML.id-9C354B42.[restdoc@protonmail.com].zoh Dropped File Binary
Malicious
»
Mime Type application/x-dosexec
File Size 2.07 KB
MD5 39adb6a374ad97797d5f876c85725a36 Copy to Clipboard
SHA1 cf5c0f3c7614a01ae4f371539e625fb0e0049e2c Copy to Clipboard
SHA256 8af041d9ad9e0197b02def12e4d7b1729c864c6af7329d9f2d495b722d6d649f Copy to Clipboard
SSDeep 48:noujXqf6JAt81Wqe4E9KHGV0Bpi+5f1YZ7F:zIBov9lA+5f1k5 Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Severity Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
Malicious
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Proofing.en-us\Proofing.XML.id-9C354B42.[restdoc@protonmail.com].zoh Dropped File Stream
Malicious
»
Mime Type application/octet-stream
File Size 1.03 KB
MD5 822d6ffb94e8b3311c4eb71193a429e8 Copy to Clipboard
SHA1 fe525d7104dfb58801579eac2e4319610bdbe453 Copy to Clipboard
SHA256 6d2d8a95380817670737bea798208061f658b95904e015816340483c4d1aee8a Copy to Clipboard
SSDeep 24:Kx3nAbkKugaCN+3DPJOp9oEdmaoOgv4W0EAuGF3qnyA4Teor:KukKY6+3DPJOkI2v8EAUnZ27r Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Severity Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
Malicious
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Publisher.en-us\PublisherMUI.XML.id-9C354B42.[restdoc@protonmail.com].zoh Dropped File Stream
Malicious
»
Mime Type application/octet-stream
File Size 1.66 KB
MD5 399fec3358286e8eb981837cbe4ebf46 Copy to Clipboard
SHA1 4343fc3dfaf27259448d59247f6086d706ee4705 Copy to Clipboard
SHA256 0b0c27640a1fc0e1db10c23407243b58469777b01bf6784e3219512ca1ef42dd Copy to Clipboard
SSDeep 48:EzVVPwpIj0/PkZDxlBLLgVzEoE6TI/oSp+47T:wVMZPk5xXLgOo1I/oyf Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Severity Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
Malicious
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Publisher.en-us\SETUP.XML.id-9C354B42.[restdoc@protonmail.com].zoh Dropped File Stream
Malicious
»
Mime Type application/octet-stream
File Size 1.80 KB
MD5 cc4eb5914c5f3613a4c11da6269e8f60 Copy to Clipboard
SHA1 9106edcdadbdf17542188c4b2a85dd7b277a0cca Copy to Clipboard
SHA256 0c25db7e2724493e9673d7fab338666d34d1eb94f925ec29f27e08c5d095b73b Copy to Clipboard
SSDeep 48:qN2/x1KXTLzlQz0yI5yxhmgcwH3oMr1fN/WYBE7F:qN2/x1KvBQzvG6dcOZxN/Wr5 Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Severity Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
Malicious
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\PROPLUSR\SETUP.XML.id-9C354B42.[restdoc@protonmail.com].zoh Dropped File Stream
Malicious
»
Mime Type application/octet-stream
File Size 30.60 KB
MD5 a0ce0fbb48a4df4423638ff6282076e1 Copy to Clipboard
SHA1 d95889e221d2fa797a219842ba2e0f233e244d56 Copy to Clipboard
SHA256 484c88d497983645f9f3d73ac2cdbb1f0b5672aaf649849c7a0a3e85a98ea415 Copy to Clipboard
SSDeep 768:+nf8P3Q21Vn4B8tWHPJys3HD61MxJAaqDCWQxTDd:+nf8/X1B4B8tiyCjnJAaG7MN Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Severity Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
Malicious
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Proofing.en-us\SETUP.XML.id-9C354B42.[restdoc@protonmail.com].zoh Dropped File Stream
Malicious
»
Mime Type application/octet-stream
File Size 5.97 KB
MD5 431378b54938c0658265b6948806c249 Copy to Clipboard
SHA1 875eb96a157307d9f2adc9a0b287f0f17903c5ea Copy to Clipboard
SHA256 740494bf3ad98bd2b6880d9840c0d27376f1b410f2d0092ddb70dd049e376dc8 Copy to Clipboard
SSDeep 96:wiOdi+IfoVqnIjh3IiydTMboEuqYFj6r/aOMPH3g2wIsHPrnwmJP4nWuAF56/13C:wiFdngBIztMrbYFO/aOC3g2wJTnj/F5Z Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Severity Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
Malicious
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\PROPLUSR\ProPlusrWW.XML.id-9C354B42.[restdoc@protonmail.com].zoh Dropped File Stream
Malicious
»
Mime Type application/octet-stream
File Size 16.70 KB
MD5 6dc8970659d8e3efca8fc899b9380251 Copy to Clipboard
SHA1 2b99b28bb72e8a118bc3e598c05e9010d3464375 Copy to Clipboard
SHA256 99f4410cc99c9ca3a8f7ae4fde58cbf5484e379baefa837078ab70354064e096 Copy to Clipboard
SSDeep 384:y03eowzNTXw3yyrwVb+rNC39Jiv3dDPCUHzdcmuEXe42:5IG3yyrwh+ro83dxhKge42 Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Severity Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
Malicious
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\VISIOR\VisiorWW.XML.id-9C354B42.[restdoc@protonmail.com].zoh Dropped File Stream
Malicious
»
Mime Type application/octet-stream
File Size 8.76 KB
MD5 32daa87a61ba69df189849a51bc7693b Copy to Clipboard
SHA1 d3e240b972a8fa8669fff893e19451aab982872d Copy to Clipboard
SHA256 20b4069e9a29c272922b4c86bda57a2dde03c11356bcde0da49bbeb4a1e13740 Copy to Clipboard
SSDeep 192:jpl7QV3j9MTJ+fTgwaCyZbcnKE3eqt1cdgvhdIs70s3OOtXQItA:juMTJ+Mwav4KEdCdMhdgPOtXQItA Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Severity Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
Malicious
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Word.en-us\SETUP.XML.id-9C354B42.[restdoc@protonmail.com].zoh Dropped File Stream
Malicious
»
Mime Type application/octet-stream
File Size 2.60 KB
MD5 e164dfedbe6b9d400d23078afc014759 Copy to Clipboard
SHA1 36eeea3234b0090f3598b32a1d7298353df381bf Copy to Clipboard
SHA256 a03e10d636b544652dda62b120a964319142cfce0a9106d4b979a1570eefe6ce Copy to Clipboard
SSDeep 48:bmsuH04KauH6mkmHQL3boqVNm9nbNcl0hBTop25YexRRpVjL33YcaE7F:qBU4RmkmStmFNY07J5YeD1ncE5 Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Severity Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
Malicious
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\VISIOR\SETUP.XML.id-9C354B42.[restdoc@protonmail.com].zoh Dropped File Stream
Malicious
»
Mime Type application/octet-stream
File Size 20.33 KB
MD5 6b18b54221b5a6bced60f0ce8b9d9614 Copy to Clipboard
SHA1 d6bb1bfc8140493ae485f89d28663cd01f398539 Copy to Clipboard
SHA256 25b9d1c3b7cf81f486ad1767ee96430d193d9c46485be945915964c61ac3cc16 Copy to Clipboard
SSDeep 384:iEqPYsGK7PNttMhnQLvw0rum5LsrfXYqg27T26ygtsT36qRous6uf2:ZqAsGKJMhnkvwvmybzgA25q6Touge Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Severity Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
Malicious
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Word.en-us\WordMUI.XML.id-9C354B42.[restdoc@protonmail.com].zoh Dropped File Stream
Malicious
»
Mime Type application/octet-stream
File Size 1.99 KB
MD5 d3cd2ceae63535914c1e3c419f3b12fb Copy to Clipboard
SHA1 95d9e3d80f680b48b7dba79b90f1c8cc1a18158b Copy to Clipboard
SHA256 03098385ed0c2034ebcf50e142e07c40efcdfb5fa3d7f226fd71c5be90e56179 Copy to Clipboard
SSDeep 48:tC6Gwdnl2JBSwn3OIPwBpAqr8sT/tEKZa24RH/t+pS7B:3l2JBr3OxpASbb2xN Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Severity Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
Malicious
C:\Program Files\Common Files\Microsoft Shared\Smart Tag\LISTS\1033\DATES.XML.id-9C354B42.[restdoc@protonmail.com].zoh Dropped File Stream
Malicious
»
Mime Type application/octet-stream
File Size 8.94 KB
MD5 dd8652df0f90f1bcfe4abb5578ed8dbf Copy to Clipboard
SHA1 86b2fe0db9713282255c900416324a132bb0e550 Copy to Clipboard
SHA256 29e6bda8e77a198bbbc73f2b7dd3f9a0a0f5571e294fcc7a83ef69057e7ca461 Copy to Clipboard
SSDeep 192:LG9esN/l9HMk+e2xGjWe0QIW+tWQ7x3gS8QXBw37yM2mXrmPG:LU/GbGj10QI9WagnQxM7yMHXS+ Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Severity Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
Malicious
C:\Program Files\Common Files\Microsoft Shared\Smart Tag\LISTS\1033\PHONE.XML.id-9C354B42.[restdoc@protonmail.com].zoh Dropped File Stream
Malicious
»
Mime Type application/octet-stream
File Size 2.04 KB
MD5 be8aebb2d147ff48d2f7f215cd274cdb Copy to Clipboard
SHA1 b4c402837fb1c20c8b2e910cdd1795b67504e694 Copy to Clipboard
SHA256 7328608b7c4abcff0da97c4202cbadf73a6a4555cfacaef6e6c238cd872a9a5a Copy to Clipboard
SSDeep 48:dyy54LEJJX9ouNURc5tLgltFgGVTX0zVIQ7F:dyy54L21NKAa1gGW5d5 Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Severity Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
Malicious
C:\Program Files\Common Files\Microsoft Shared\Smart Tag\LISTS\1033\STOCKS.DAT.id-9C354B42.[restdoc@protonmail.com].zoh Dropped File Stream
Malicious
»
Mime Type application/octet-stream
File Size 38.34 KB
MD5 3121f0bb8cf7ac63973384bbe411b352 Copy to Clipboard
SHA1 f5fd0d2076430e6d122756e3049f11d0eed61347 Copy to Clipboard
SHA256 6a039ce1892d1c10c72bc49a202c93f0932dd19a12fcc4b3ea92e4495939dec1 Copy to Clipboard
SSDeep 768:TNL5mSO8/n64PEJN7FhF5BudunR48lW2fNMHtLNmPZuh01PJD/UFO7p:95mtj7FhjnR4wfwtLNmBKiKFOV Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Severity Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
Malicious
C:\Program Files\Common Files\Microsoft Shared\Smart Tag\1033\MCABOUT.HTM.id-9C354B42.[restdoc@protonmail.com].zoh Dropped File Stream
Malicious
»
Mime Type application/octet-stream
File Size 11.43 KB
MD5 4c7a289e2ffad2f0a7de3484d2f362ab Copy to Clipboard
SHA1 07e59fdfa436b94b91c774bea76ba07f48a3ac91 Copy to Clipboard
SHA256 e38a4cd6687d0c6eec552de0312f0b50091bd2ee2d2e8c53c4b7b302308e840f Copy to Clipboard
SSDeep 192:dbj24JPaVH9An+KQwVMeihkHiNmsnPas+TLc+Ld/yqLx7MUfHUd4LBrR6SL:Jj2uWC+3heimC+cm/yqLx7MU84RHL Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Severity Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
Malicious
C:\Program Files\Common Files\Microsoft Shared\Smart Tag\LISTS\1033\TIME.XML.id-9C354B42.[restdoc@protonmail.com].zoh Dropped File Stream
Malicious
»
Mime Type application/octet-stream
File Size 8.60 KB
MD5 2e776cbc430c959f52da06b63caf90ef Copy to Clipboard
SHA1 4e0df10685554fe598e42b82b9b9134b2422cc2f Copy to Clipboard
SHA256 59b15781caf1ec4761cc0795e28d6aca02f427e5ff45097e3b01b6384056268f Copy to Clipboard
SSDeep 192:KKHGFZMQJ08tYpcY8fP1qlqUiSKKOtAn+p/89AgJcNJ22+KA:KKHG75tYpcxP0DKKf+K9NgQ Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Severity Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
Malicious
C:\Program Files\Common Files\Microsoft Shared\Smart Tag\LISTS\BASMLA.XSL.id-9C354B42.[restdoc@protonmail.com].zoh Dropped File Stream
Malicious
»
Mime Type application/octet-stream
File Size 222.21 KB
MD5 e8586a3123dfb0ef94f82ced15293b15 Copy to Clipboard
SHA1 cd1b52e1b9595f2aa335b379db0739ef97a1ffbf Copy to Clipboard
SHA256 697c476c979e636c93ae68ce471820cd2e10f96c5167ff74b6d42f00edc0bbcb Copy to Clipboard
SSDeep 6144:hM6TH9rAJ52IU5tOqTkaHwjj06Ywx+3ubB6ufS:hMmdcJF7qTkaHwf0rReN6ufS Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Severity Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
Malicious
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Visio.en-us\VisioMUI.XML.id-9C354B42.[restdoc@protonmail.com].zoh Dropped File Stream
Malicious
»
Mime Type application/octet-stream
File Size 9.51 KB
MD5 b13c968fe1479a527ad24686ee75465c Copy to Clipboard
SHA1 67add21708c37b6ebf6cfae7f4aaf8c6c874353d Copy to Clipboard
SHA256 8e9780807647af177390ad534abff04d6e91d9fbee2cfd5e786843a45cc56314 Copy to Clipboard
SSDeep 192:4dEPiaXW6uCQhAU+a8NG21SudNlWLtDHkZD48g6Iy0mgv:47aXWWwAU+a8E2hnWBDHkbrQv Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Severity Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
Malicious
C:\Program Files\Common Files\Microsoft Shared\Smart Tag\LISTS\1033\STOCKS.XML.id-9C354B42.[restdoc@protonmail.com].zoh Dropped File Stream
Malicious
»
Mime Type application/octet-stream
File Size 2.85 KB
MD5 2697b6b4a4de35809881eac3381bbfaf Copy to Clipboard
SHA1 2f4d60fd437358d8fa6f71202ccd7f4b81568dd2 Copy to Clipboard
SHA256 271b217d2d32e829f8fa4224fc8f0c2ea2f44715c79f06525d7c211f53e24d0d Copy to Clipboard
SSDeep 48:l/2SGt0kQk3OQTtxTT9hO3636CY7hD9cFQWvfRqvA5a2vIAgx76IV77v:l/8cktXPDY67Yd4fqvcg/j Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Severity Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
Malicious
C:\Program Files\Common Files\Microsoft Shared\Smart Tag\METCONV.TXT.id-9C354B42.[restdoc@protonmail.com].zoh Dropped File Stream
Malicious
»
Mime Type application/octet-stream
File Size 1.13 MB
MD5 9f3185ead4c1cb944fe7c922b8e20283 Copy to Clipboard
SHA1 00d10c00b265a4635410ac838357f008ff633238 Copy to Clipboard
SHA256 adee49dac519697ea5d1ab5856b9c111bfc581c8c26f1a9b506cefab85ef466a Copy to Clipboard
SSDeep 24576:OXexiINwGxYfkZzDx4Kpb4ukcw9VpkKHfQGosjuo:IKxYsZVR4NHBYmP Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Severity Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
Malicious
C:\$Recycle.Bin\S-1-5-21-3388679973-3930757225-3770151564-1000\desktop.ini.id-9C354B42.[restdoc@protonmail.com].zoh Dropped File Stream
Unknown
»
Mime Type application/octet-stream
File Size 378 bytes
MD5 6a043bbdf4457fedfa49467fd0d387d4 Copy to Clipboard
SHA1 004d8f0151b5fd90b1125050c9fc98d31e7d106c Copy to Clipboard
SHA256 44af49d9b71188ac8c0e5cdafa85225d6d7f73fa4df543921346007f8ebdaa6d Copy to Clipboard
SSDeep 6:Bm0LOJvj1c+SI5s6WCiUyaZD6YisVbUpu275iB:wzhcDk1yaZDqsVbUpP5iB Copy to Clipboard
C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\ExcelLR.cab.id-9C354B42.[restdoc@protonmail.com].zoh Dropped File Stream
Unknown
»
Mime Type application/octet-stream
File Size 16.94 MB
MD5 2fb10a322517f7cbfb3a6cfe3f7ec571 Copy to Clipboard
SHA1 f50dbea0bf05e4a4f73abb265fef52fa43db4e07 Copy to Clipboard
SHA256 5ef870f132dab830dd5380a5f66f2db9ead790ee6610fc191c638c2aecd616a4 Copy to Clipboard
SSDeep 196608:6a8A7fKP0ReD0wXKLUEfRrDXP2ifogB2jHcSBLWiyvyWJRMLhdPWfi:6aRDKP0q0wM9JrL2ifJcjhW/6vL3Ai Copy to Clipboard
C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\ExcelMUI.msi.id-9C354B42.[restdoc@protonmail.com].zoh Dropped File Stream
Unknown
»
Mime Type application/octet-stream
File Size 3.14 MB
MD5 c4dfabdfc43665ddd61217b2ec822620 Copy to Clipboard
SHA1 d851ce0d88417c77a3514e2b8c2a02ae1398bece Copy to Clipboard
SHA256 7448dbfe6a40133de18e6bb89c8b76935041bdcdd2b3f474c4dbe4d3664fb93c Copy to Clipboard
SSDeep 49152:zDxL8QBo0Tex4S120ytJyrvzYoT6874hHVO:zR89t1QIlsH4 Copy to Clipboard
C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\PowerPointMUI.msi.id-9C354B42.[restdoc@protonmail.com].zoh Dropped File Stream
Unknown
»
Mime Type application/octet-stream
File Size 3.14 MB
MD5 532b9761f6153639179d987c746de5d7 Copy to Clipboard
SHA1 763ca17072638a5589bf029abed76a10f43bc860 Copy to Clipboard
SHA256 4ae97fc7d95c1005a0a302c819b46d29eaee2629a37399930c4ceb4206ee0e1f Copy to Clipboard
SSDeep 49152:zDxL8QBo6Tex4S120ytJyNwSvgs25XdC3ZoSToWXX:zR89j1llnWXCowoOX Copy to Clipboard
C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\PptLR.cab.id-9C354B42.[restdoc@protonmail.com].zoh Dropped File Stream
Unknown
»
Mime Type application/octet-stream
File Size 67.85 MB
MD5 6b078cbccbab0d5edeaa1d85f11ba58a Copy to Clipboard
SHA1 66820f091ea72f244d2d2019748cbda0b7b9702d Copy to Clipboard
SHA256 7597007b7fd82fa6fc079ad255cc80561c20be4bc515df7968b4b0e377292774 Copy to Clipboard
SSDeep 196608:H4KKCX5FvaeoDcBdxmOJR7nxOKOmE7dzaNQwr:H4KKCX5FvaVczxmUJnYSE7dzAT Copy to Clipboard
C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\PublisherMUI.msi.id-9C354B42.[restdoc@protonmail.com].zoh Dropped File Stream
Unknown
»
Mime Type application/octet-stream
File Size 3.15 MB
MD5 8189358a89bd2e27ec4e20ca8e69f3ac Copy to Clipboard
SHA1 8786f8cb6194516e05218e6ce3e1d434cbaf41b1 Copy to Clipboard
SHA256 ffcd7aa125ad2151d1fd4a2cb112ccbc0f95b2620a9d31ddb66619192a3dc5c2 Copy to Clipboard
SSDeep 49152:zDxL8QBonTex4S120ytJyINVNfv4xo/H+qUZxQ:zR89K1uVNfQo/HLUZxQ Copy to Clipboard
C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\PubLR.cab.id-9C354B42.[restdoc@protonmail.com].zoh Dropped File Stream
Unknown
»
Mime Type application/octet-stream
File Size 10.25 MB
MD5 91b6a024fb0a49196044309d3308ba19 Copy to Clipboard
SHA1 2b1f2ea3ff6382fbb5a15bfe0cd5492f4332cffb Copy to Clipboard
SHA256 68b4a1876b8fb4a05d62f4781b37bd322443600ab239773c2790d7c0f980399f Copy to Clipboard
SSDeep 196608:aPUvTYpH9RBl/tus7o4L7tZiTnp/jE4U/bxlLRx+Fx1:MUvTiNhU4L7tZiTnprP0txRsT1 Copy to Clipboard
C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\OutlkLR.cab.id-9C354B42.[restdoc@protonmail.com].zoh Dropped File Stream
Unknown
»
Mime Type application/octet-stream
File Size 14.88 MB
MD5 0132354deb06c352353675fce278a129 Copy to Clipboard
SHA1 82f447263c0d4d83d398af15034413083edcbc35 Copy to Clipboard
SHA256 8e5451128ff68d309300dd54c2a3bb83f196e6fefb39f1e8d6b7c24b8a6f7307 Copy to Clipboard
SSDeep 196608:TIwm3nNVAl+ig71eZ8FclBElWHEbyLbyo9crpLlR8ioLO0ZF9CrpbQ:OL71eiFge/GHyo2rpLkcoCrpbQ Copy to Clipboard
C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\OutlookMUI.msi.id-9C354B42.[restdoc@protonmail.com].zoh Dropped File Stream
Unknown
»
Mime Type application/octet-stream
File Size 3.48 MB
MD5 c9d53821b87f71c45e6a33a4a39589c7 Copy to Clipboard
SHA1 3be8fc59677f39ad9c0191daceeccabd9275f7d3 Copy to Clipboard
SHA256 f732efca2e4768b67e403defc83599d5734e6eafcc78dd1f00b370e6949a9019 Copy to Clipboard
SSDeep 49152:fHYLL/WoWLljb1R6rOSN20yRJ6RjCo9C2e0wALZyn9r7Od5xIa:fqLVW6v99CylK9rKd5xIa Copy to Clipboard
C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\WordLR.cab.id-9C354B42.[restdoc@protonmail.com].zoh Dropped File Stream
Unknown
»
Mime Type application/octet-stream
File Size 42.53 MB
MD5 4fb6c079967f604d4b8cdf477caf6de0 Copy to Clipboard
SHA1 a8777ca0e49e5d98d01a6b007c7b62b5dffb5b63 Copy to Clipboard
SHA256 9fac05c1ffc4b8060b0a5b942d35cc90c0bff012af1a00a6712c6d03018b083f Copy to Clipboard
SSDeep 196608:MaurJM4k8IMj3kMxfGbWaxJMKMA4JxuiNQG3A2r7rfiSFhysD8uxDxKj:EOn8IQkM2BFEx96G3AUf7FnzKj Copy to Clipboard
C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.en\Proof.cab.id-9C354B42.[restdoc@protonmail.com].zoh Dropped File Stream
Unknown
»
Mime Type application/octet-stream
File Size 11.70 MB
MD5 052b4a3aaf24e1879297e0f1408c7662 Copy to Clipboard
SHA1 ccf2d2087988828f8117c27f1ec3ccaf4b5b926d Copy to Clipboard
SHA256 6c23fd16b44e1eefdf52ac7ad99a1fc46a9b4b3e77c6643dd26d1ad79a2d1021 Copy to Clipboard
SSDeep 196608:Vf1gRyjQR9g8YYIcjfXontQdQGzFZaGkGdN7p06H1JX/WanfW/OIV0h:V1WbR9YY5AJGBZWGRz1kaza0h Copy to Clipboard
C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\WordMUI.msi.id-9C354B42.[restdoc@protonmail.com].zoh Dropped File Stream
Unknown
»
Mime Type application/octet-stream
File Size 3.16 MB
MD5 e4b7c6986f435ecb20414ab436d6862f Copy to Clipboard
SHA1 78db27caa954a265f97fc1c1db650c403a82d8a6 Copy to Clipboard
SHA256 dc904166cd86152417b1ad207c783a9385d0f559a5893ae449b0e0dcfb43d29f Copy to Clipboard
SSDeep 49152:zDxL8QBoSTex4S120ytJycSkCP1JfXsG5Bq:zR89r1ESkC9Jfs Copy to Clipboard
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\ADO210.CHM.id-9C354B42.[restdoc@protonmail.com].zoh Dropped File Stream
Unknown
»
Mime Type application/octet-stream
File Size 2.35 MB
MD5 a6d16d93afa24e626217d262f995b799 Copy to Clipboard
SHA1 25ae879ffc34b9c16d33498cc26dae2ade586478 Copy to Clipboard
SHA256 02a1fe83adbfe2a86390106b9ff13df79e0f1fa3cb495380c06730b6ba4fc81b Copy to Clipboard
SSDeep 49152:R0opH/cgHa3HRxz+4gDYpsoBbNzVjMhB7jpE/WvU:R0op1Har+MjzV46/v Copy to Clipboard
C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.es\Proof.cab.id-9C354B42.[restdoc@protonmail.com].zoh Dropped File Stream
Unknown
»
Mime Type application/octet-stream
File Size 13.76 MB
MD5 42ac6eff5aa1dad153cb32ec3d616e43 Copy to Clipboard
SHA1 8d8693b1d4aa27f2f48345e6f2e760c5f205d163 Copy to Clipboard
SHA256 b8984acb419b90aab0f7fd9addaa90b10847e75aeaabfde74fc133085adf3455 Copy to Clipboard
SSDeep 196608:Yu6eDsIwHBL4B9lCzT2bOgcDuihGYrLpVUBJ/7HAFGtNy6aMhnRTU+:WqsIwHNB26gVE7e/7JNMM5RTU+ Copy to Clipboard
C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.fr\Proof.cab.id-9C354B42.[restdoc@protonmail.com].zoh Dropped File Stream
Unknown
»
Mime Type application/octet-stream
File Size 20.84 MB
MD5 3d0e1f18676626331ffefafe53b18248 Copy to Clipboard
SHA1 80d370bf723a4b00b769c1a7266d63de82280ab0 Copy to Clipboard
SHA256 9ceac29cec7a9772266c3c6ed68bc7f25dcb38c12c388fe9f21e58890e9cf26f Copy to Clipboard
SSDeep 196608:PFNUxdiOm1j3/abCsYwFOSQo2pWDOQs4hW6s63HS:qPmN3/abtYIQoROQ93RS Copy to Clipboard
C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\OWOW32LR.cab.id-9C354B42.[restdoc@protonmail.com].zoh Dropped File Stream
Unknown
»
Mime Type application/octet-stream
File Size 3.54 MB
MD5 4f53ff74aafdb4425312ef71911a5c9c Copy to Clipboard
SHA1 d50d94f1cbf5c9c583c01bd4887ff60bb937dff4 Copy to Clipboard
SHA256 13fa32b69aad5e02c3e49fbfcc0f828641e6e7832abe573aee42efb33290ed12 Copy to Clipboard
SSDeep 98304:zDMUwxyODPFhbY12HLodiF4+5rifL8Qdgif:z4UwVthio4/pP Copy to Clipboard
C:\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\InfLR.cab.id-9C354B42.[restdoc@protonmail.com].zoh Dropped File Stream
Unknown
»
Mime Type application/octet-stream
File Size 18.75 MB
MD5 06e69471c0bb81eb102e539f0a04490d Copy to Clipboard
SHA1 e0e8dbed58bcba38c03ab546d7753d1f973df44f Copy to Clipboard
SHA256 b53484f0eccebe76bbdf0262097d8f747d5a05d0e569a544452eb328aada91bc Copy to Clipboard
SSDeep 196608:iaDH9F7/iHXDI2CPKBUq6qMuGm9vqExoi93nnedBwzSlmKwDhANZbPhn:DDdFDX2J5uuGyCfi9uIQmlANRh Copy to Clipboard
Function Logfile
Exit-Icon

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".


    
Before

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".


    
After

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".


    
Screenshot
Expand-Icon
Exit-Icon
icon_left
icon_left
image