VMRay Analyzer Report for Sample #1110452
VMRay Analyzer
3.2.2
URI
cjto.top
Resolved_To
Address
188.68.221.29
URI
api.2ip.ua
Resolved_To
Address
77.123.139.189
URI
interludeeurope.com
Resolved_To
Address
176.123.8.59
URI
ip-api.com
Resolved_To
Address
208.95.112.1
Process
1
2876
70bc.tmp.exe
1108
70bc.tmp.exe
"C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\70BC.tmp.exe"
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\
c:\users\5p5nrgjn0js halpmcxz\desktop\70bc.tmp.exe
Child_Of
Child_Of
Child_Of
Child_Of
Created
Opened
Opened
Process
3
880
svchost.exe
472
svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\
c:\windows\system32\svchost.exe
Child_Of
Process
4
2560
icacls.exe
2876
icacls.exe
icacls "C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\57142790-ef94-42fb-ad53-61014451cde3" /deny *S-1-1-0:(OI)(CI)(DE,DC)
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\
c:\windows\syswow64\icacls.exe
Process
5
1416
taskeng.exe
880
taskeng.exe
taskeng.exe {4568F795-B030-4E70-B052-419BC1469E0B} S-1-5-21-3388679973-3930757225-3770151564-1000:XDUWTFONO\5p5NrGJn0jS HALPmcxz:Interactive:Highest[1]
C:\Windows\system32\
c:\windows\system32\taskeng.exe
Process
6
2492
70bc.tmp.exe
2876
70bc.tmp.exe
"C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\70BC.tmp.exe" --Admin IsNotAutoStart IsNotTask
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\
c:\users\5p5nrgjn0js halpmcxz\desktop\70bc.tmp.exe
Child_Of
Child_Of
Child_Of
Created
Created
Opened
Opened
Process
7
656
updatewin1.exe
2492
updatewin1.exe
"C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\a2d26e6d-7c69-44ba-86e0-72e933aca69b\updatewin1.exe"
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\
c:\users\5p5nrgjn0js halpmcxz\appdata\local\a2d26e6d-7c69-44ba-86e0-72e933aca69b\updatewin1.exe
Child_Of
Created
Process
8
2004
updatewin2.exe
2492
updatewin2.exe
"C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\a2d26e6d-7c69-44ba-86e0-72e933aca69b\updatewin2.exe"
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\
c:\users\5p5nrgjn0js halpmcxz\appdata\local\a2d26e6d-7c69-44ba-86e0-72e933aca69b\updatewin2.exe
Process
9
2068
updatewin1.exe
656
updatewin1.exe
"C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\a2d26e6d-7c69-44ba-86e0-72e933aca69b\updatewin1.exe" --Admin
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\a2d26e6d-7c69-44ba-86e0-72e933aca69b\
c:\users\5p5nrgjn0js halpmcxz\appdata\local\a2d26e6d-7c69-44ba-86e0-72e933aca69b\updatewin1.exe
Child_Of
Created
Process
10
2116
powershell.exe
2068
powershell.exe
powershell -Command Set-ExecutionPolicy -Scope CurrentUser RemoteSigned
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\a2d26e6d-7c69-44ba-86e0-72e933aca69b\
c:\windows\syswow64\windowspowershell\v1.0\powershell.exe
Opened
Opened
Opened
Process
11
2244
5.exe
2492
5.exe
"C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\a2d26e6d-7c69-44ba-86e0-72e933aca69b\5.exe"
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\
c:\users\5p5nrgjn0js halpmcxz\appdata\local\a2d26e6d-7c69-44ba-86e0-72e933aca69b\5.exe
Created
Opened
Opened
Opened
Opened
Opened
Opened
Opened
Opened
Opened
Opened
Opened
Opened
Opened
Opened
Opened
Opened
Opened
Opened
Opened
Opened
Opened
Opened
Opened
Opened
Opened
Opened
Opened
Opened
Opened
Opened
Opened
Opened
Opened
Opened
Opened
Opened
Opened
Opened
Opened
Opened
Opened
Opened
Opened
Opened
Opened
Opened
Opened
Opened
Opened
Opened
Opened
Opened
Opened
Process
12
2436
taskeng.exe
880
taskeng.exe
taskeng.exe {E8FA73C2-BEF6-441E-A397-9C5EF3D93701} S-1-5-21-3388679973-3930757225-3770151564-1000:XDUWTFONO\5p5NrGJn0jS HALPmcxz:Interactive:LUA[1]
C:\Windows\system32\
c:\windows\system32\taskeng.exe
Child_Of
Process
13
2676
70bc.tmp.exe
2436
70bc.tmp.exe
"C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\57142790-ef94-42fb-ad53-61014451cde3\70BC.tmp.exe" --Task
C:\Windows\system32\
c:\users\5p5nrgjn0js halpmcxz\appdata\local\57142790-ef94-42fb-ad53-61014451cde3\70bc.tmp.exe
WinRegistryKey
Software\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER
SysHelper
WinRegistryKey
Software\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER
SysHelper
"C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\57142790-ef94-42fb-ad53-61014451cde3\70BC.tmp.exe" --AutoStart
REG_EXPAND_SZ
Mutex
{1D6FC66E-D1F3-422C-8A53-C0BBCF3D900D}
WinRegistryKey
Software\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER
SysHelper
WinRegistryKey
Software\Microsoft\Windows\CurrentVersion
HKEY_CURRENT_USER
SysHelper
SysHelper
1
REG_DWORD_LITTLE_ENDIAN
WinRegistryKey
Software\Microsoft\PowerShell
HKEY_LOCAL_MACHINE
WinRegistryKey
Software\Microsoft\PowerShell\1
HKEY_LOCAL_MACHINE
WinRegistryKey
Software\Microsoft\PowerShell\1\PowerShellEngine
HKEY_LOCAL_MACHINE
ApplicationBase
ApplicationBase
Mutex
0303d5b4-ffe9-470e-9dd8-7d9ec416e53f{846ee340-7039-11de-9d20-806e6f6e6963}
WinRegistryKey
SOFTWARE\Microsoft\Cryptography
HKEY_LOCAL_MACHINE
MachineGuid
WinRegistryKey
Software\Martin Prikryl\WinSCP 2\Configuration
HKEY_CURRENT_USER
WinRegistryKey
SOFTWARE\Microsoft\Cryptography
HKEY_LOCAL_MACHINE
MachineGuid
WinRegistryKey
SOFTWARE\Microsoft\Windows NT\CurrentVersion
HKEY_LOCAL_MACHINE
ProductName
WinRegistryKey
HARDWARE\DESCRIPTION\System\CentralProcessor\0
HKEY_LOCAL_MACHINE
ProcessorNameString
WinRegistryKey
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
HKEY_LOCAL_MACHINE
WinRegistryKey
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AddressBook
HKEY_LOCAL_MACHINE
DisplayName
WinRegistryKey
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player Plugin
HKEY_LOCAL_MACHINE
DisplayName
DisplayVersion
WinRegistryKey
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Connection Manager
HKEY_LOCAL_MACHINE
DisplayName
WinRegistryKey
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DirectDrawEx
HKEY_LOCAL_MACHINE
DisplayName
WinRegistryKey
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Fontcore
HKEY_LOCAL_MACHINE
DisplayName
WinRegistryKey
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome
HKEY_LOCAL_MACHINE
DisplayName
DisplayVersion
WinRegistryKey
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE40
HKEY_LOCAL_MACHINE
DisplayName
WinRegistryKey
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE4Data
HKEY_LOCAL_MACHINE
DisplayName
WinRegistryKey
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE5BAKEX
HKEY_LOCAL_MACHINE
DisplayName
WinRegistryKey
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IEData
HKEY_LOCAL_MACHINE
DisplayName
WinRegistryKey
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MobileOptionPack
HKEY_LOCAL_MACHINE
DisplayName
WinRegistryKey
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Mozilla Firefox 25.0 (x86 en-US)
HKEY_LOCAL_MACHINE
DisplayName
DisplayVersion
WinRegistryKey
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MozillaMaintenanceService
HKEY_LOCAL_MACHINE
DisplayName
DisplayVersion
WinRegistryKey
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SchedulingAgent
HKEY_LOCAL_MACHINE
DisplayName
WinRegistryKey
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WIC
HKEY_LOCAL_MACHINE
DisplayName
WinRegistryKey
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}
HKEY_LOCAL_MACHINE
DisplayName
DisplayVersion
WinRegistryKey
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2151757
HKEY_LOCAL_MACHINE
DisplayName
WinRegistryKey
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2467173
HKEY_LOCAL_MACHINE
DisplayName
WinRegistryKey
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2524860
HKEY_LOCAL_MACHINE
DisplayName
WinRegistryKey
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2544655
HKEY_LOCAL_MACHINE
DisplayName
WinRegistryKey
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2549743
HKEY_LOCAL_MACHINE
DisplayName
WinRegistryKey
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2565063
HKEY_LOCAL_MACHINE
DisplayName
WinRegistryKey
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB982573
HKEY_LOCAL_MACHINE
DisplayName
WinRegistryKey
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F83217045FF}
HKEY_LOCAL_MACHINE
DisplayName
DisplayVersion
WinRegistryKey
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}
HKEY_LOCAL_MACHINE
DisplayName
DisplayVersion
WinRegistryKey
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3c3aafc8-d898-43ec-998f-965ffdae065a}
HKEY_LOCAL_MACHINE
DisplayName
DisplayVersion
WinRegistryKey
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4A03706F-666A-4037-7777-5F2748764D10}
HKEY_LOCAL_MACHINE
DisplayName
DisplayVersion
WinRegistryKey
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{582EA838-9199-3518-A05C-DB09462F68EC}
HKEY_LOCAL_MACHINE
DisplayName
DisplayVersion
WinRegistryKey
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{68306422-7C57-373F-8860-D26CE4BA2A15}
HKEY_LOCAL_MACHINE
DisplayName
DisplayVersion
WinRegistryKey
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}
HKEY_LOCAL_MACHINE
DisplayName
DisplayVersion
WinRegistryKey
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{9BE518E6-ECC6-35A9-88E4-87755C07200F}
HKEY_LOCAL_MACHINE
DisplayName
DisplayVersion
WinRegistryKey
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}
HKEY_LOCAL_MACHINE
DisplayName
DisplayVersion
WinRegistryKey
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B175520C-86A2-35A7-8619-86DC379688B9}
HKEY_LOCAL_MACHINE
DisplayName
DisplayVersion
WinRegistryKey
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}
HKEY_LOCAL_MACHINE
DisplayName
DisplayVersion
WinRegistryKey
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}
HKEY_LOCAL_MACHINE
DisplayName
DisplayVersion
WinRegistryKey
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{e52a6842-b0ac-476e-b48f-378a97a67346}
HKEY_LOCAL_MACHINE
DisplayName
DisplayVersion
WinRegistryKey
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{e6e75766-da0f-4ba2-9788-6ea593ce702d}
HKEY_LOCAL_MACHINE
DisplayName
DisplayVersion
WinRegistryKey
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}
HKEY_LOCAL_MACHINE
DisplayName
DisplayVersion
WinRegistryKey
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2151757
HKEY_LOCAL_MACHINE
DisplayName
WinRegistryKey
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2467173
HKEY_LOCAL_MACHINE
DisplayName
WinRegistryKey
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2524860
HKEY_LOCAL_MACHINE
DisplayName
WinRegistryKey
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2544655
HKEY_LOCAL_MACHINE
DisplayName
WinRegistryKey
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2549743
HKEY_LOCAL_MACHINE
DisplayName
WinRegistryKey
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2565063
HKEY_LOCAL_MACHINE
DisplayName
WinRegistryKey
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB982573
HKEY_LOCAL_MACHINE
DisplayName
WinRegistryKey
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{f325f05b-f963-4640-a43b-c8a494cdda0f}
HKEY_LOCAL_MACHINE
DisplayName
DisplayVersion
WinRegistryKey
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}
HKEY_LOCAL_MACHINE
DisplayName
DisplayVersion
Analyzed Sample #1110452
Malware Artifacts
1110452
Sample-ID: #1110452
Job-ID: #3106993
This sample was analyzed by VMRay Analyzer 3.2.2 on a Windows 7 system
100
VTI Score based on VTI Database Version 3.6
Metadata of Sample File #1110452
Submission-ID: #4685229
6eb60af3c1f6688fee7286b384fd107552bdf95dc951101df4a1d4f861623134exe
MD5
07566fb66073abafbd438f08fa1c7245
SHA1
e73eed815412a3cb1929add64b3ba7639006eb2e
SHA256
6eb60af3c1f6688fee7286b384fd107552bdf95dc951101df4a1d4f861623134
Opened_By
Metadata of Analysis for Job-ID #3106993
True
Timeout
True
240.049
XDUWTFONO
win7_64_sp1
x86 64-bit
Windows 7
6.1.7601.17514 (3844dbb9-2017-4967-be7a-a4a2c20430fa)
5p5NrGJn0jS HALPmcxz
XDUWTFONO
This is a property collection for additional information of VMRay analysis
VMRay Analyzer
Obfuscation
VTI rule match with VTI rule score 2/5
vmray_dynamic_api_usage_by_api
Resolves an unusually high number of APIs.
Resolves APIs dynamically to possibly evade static detection
Discovery
VTI rule match with VTI rule score 0/5
vmray_enumerate_processes
Enumerates running processes.
Enumerates running processes
Hide Tracks
VTI rule match with VTI rule score 2/5
vmray_delete_executed_executable
Deletes executed executable "c:\users\5p5nrgjn0js halpmcxz\appdata\local\57142790-ef94-42fb-ad53-61014451cde3\70bc.tmp.exe".
Deletes file after execution
Persistence
VTI rule match with VTI rule score 1/5
vmray_install_startup_script_by_registry
Adds ""C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\57142790-ef94-42fb-ad53-61014451cde3\70BC.tmp.exe" --AutoStart" to Windows startup via registry.
Installs system startup script or application
Hide Tracks
VTI rule match with VTI rule score 1/5
vmray_create_process_with_hidden_window
The process "icacls" starts with hidden window.
Creates process with hidden window
Mutex
VTI rule match with VTI rule score 1/5
vmray_create_named_mutex
Creates mutex with name "{1D6FC66E-D1F3-422C-8A53-C0BBCF3D900D}".
Creates mutex
System Modification
VTI rule match with VTI rule score 1/5
vmray_overwrite_file_in_os_dir
Modifies file "C:\Windows\System32\drivers\etc\hosts" in the OS directory.
Modifies operating system directory
System Modification
VTI rule match with VTI rule score 4/5
vmray_modify_network_configuration_by_file
Modifies the host.conf file, probably to redirect network traffic.
Modifies network configuration
Hide Tracks
VTI rule match with VTI rule score 1/5
vmray_create_process_with_hidden_window
The process "powershell" starts with hidden window.
Creates process with hidden window
Discovery
VTI rule match with VTI rule score 1/5
vmray_read_machine_guid
Reads the cryptographic machine GUID from registry.
Reads system data
Mutex
VTI rule match with VTI rule score 1/5
vmray_create_named_mutex
Creates mutex with name "0303d5b4-ffe9-470e-9dd8-7d9ec416e53f{846ee340-7039-11de-9d20-806e6f6e6963}".
Creates mutex
Data Collection
VTI rule match with VTI rule score 2/5
vmray_read_browser_creds_by_file
Trying to read sensitive data of web browser "Mozilla Firefox" by file.
Reads sensitive browser data
Discovery
VTI rule match with VTI rule score 1/5
vmray_recon_app_data_by_file
Tries to gather information about application "Mozilla Firefox" by file.
Possibly does reconnaissance
Discovery
VTI rule match with VTI rule score 1/5
vmray_get_network_stats_by_api
Gets network statistics by API.
Tries to get network statistics
User Data Modification
VTI rule match with VTI rule score 4/5
vmray_modify_user_files
Modifies the content of multiple user files. This is an indicator for an encryption attempt.
Modifies content of user files
User Data Modification
VTI rule match with VTI rule score 4/5
vmray_rename_user_files
Renames multiple user files. This is an indicator for an encryption attempt.
Renames user files
Data Collection
VTI rule match with VTI rule score 2/5
vmray_read_browser_creds_by_file
Trying to read sensitive data of web browser "Google Chrome" by file.
Reads sensitive browser data
Data Collection
VTI rule match with VTI rule score 2/5
vmray_read_vaulted_ie_creds_by_api
Trying to read credentials of web browser "Internet Explorer" by reading from the system's credential vault.
Reads sensitive browser data
Data Collection
VTI rule match with VTI rule score 2/5
vmray_read_browser_creds_by_file
Trying to read sensitive data of web browser "Internet Explorer / Edge" by file.
Reads sensitive browser data
Data Collection
VTI rule match with VTI rule score 2/5
vmray_read_ftp_creds_by_file
Trying to read sensitive data of ftp application "FileZilla" by file.
Reads sensitive ftp data
Discovery
VTI rule match with VTI rule score 1/5
vmray_recon_app_data_by_file
Tries to gather information about application "FileZilla" by file.
Possibly does reconnaissance
Discovery
VTI rule match with VTI rule score 1/5
vmray_recon_app_data_by_registry
Tries to gather information about application "WinSCP" by registry.
Possibly does reconnaissance
Data Collection
VTI rule match with VTI rule score 2/5
vmray_read_other_app_creds_by_file
Trying to read sensitive data of application "Pidgin" by file.
Reads sensitive application data
Discovery
VTI rule match with VTI rule score 1/5
vmray_recon_app_data_by_file
Tries to gather information about application "Pidgin" by file.
Possibly does reconnaissance
System Modification
VTI rule match with VTI rule score 1/5
vmray_create_many_files
Creates above average number of files.
Creates an unusually large number of files
Antivirus
VTI rule match with VTI rule score 5/5
vmray_av_malicious_match
Local AV detected the sample itself as "Trojan.GenericKDZ.68641".
Malicious content was detected by heuristic scan
Antivirus
VTI rule match with VTI rule score 5/5
vmray_av_malicious_match
Local AV detected "Trojan.GenericKD.31534187" in the response data of URL "http://cjto.top/files/penelop/updatewin1.exe".
Malicious content was detected by heuristic scan
Antivirus
VTI rule match with VTI rule score 5/5
vmray_av_malicious_match
Local AV detected "Trojan.AgentWDCR.SVC" in the response data of URL "http://cjto.top/files/penelop/updatewin2.exe".
Malicious content was detected by heuristic scan
Antivirus
VTI rule match with VTI rule score 5/5
vmray_av_malicious_match
Local AV detected "Trojan.GenericKD.34161206" in the response data of URL "http://cjto.top/files/penelop/5.exe".
Malicious content was detected by heuristic scan
Antivirus
VTI rule match with VTI rule score 5/5
vmray_av_malicious_match
Local AV detected the downloaded file "C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\a2d26e6d-7c69-44ba-86e0-72e933aca69b\updatewin1.exe" as "Trojan.GenericKD.31534187".
Malicious content was detected by heuristic scan
Antivirus
VTI rule match with VTI rule score 5/5
vmray_av_malicious_match
Local AV detected the downloaded file "C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\a2d26e6d-7c69-44ba-86e0-72e933aca69b\updatewin2.exe" as "Trojan.AgentWDCR.SVC".
Malicious content was detected by heuristic scan
Antivirus
VTI rule match with VTI rule score 5/5
vmray_av_malicious_match
Local AV detected the modified file "C:\Windows\System32\drivers\etc\hosts" as "Gen:Trojan.Qhost.1".
Malicious content was detected by heuristic scan
Antivirus
VTI rule match with VTI rule score 5/5
vmray_av_malicious_match
Local AV detected the downloaded file "C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\a2d26e6d-7c69-44ba-86e0-72e933aca69b\5.exe" as "Trojan.GenericKD.34161206".
Malicious content was detected by heuristic scan
Antivirus
VTI rule match with VTI rule score 5/5
vmray_av_malicious_match
Local AV detected a memory dump of process "updatewin1.exe" as "Trojan.Brsecmon.1".
Malicious content was detected by heuristic scan
Antivirus
VTI rule match with VTI rule score 5/5
vmray_av_malicious_match
Local AV detected a memory dump of process "updatewin1.exe" as "Gen:Trojan.TaskDisabler.tuZ@aetvCLhk".
Malicious content was detected by heuristic scan
Antivirus
VTI rule match with VTI rule score 5/5
vmray_av_malicious_match
Local AV detected a memory dump of process "updatewin2.exe" as "Trojan.Brsecmon.1".
Malicious content was detected by heuristic scan
Antivirus
VTI rule match with VTI rule score 5/5
vmray_av_malicious_match
Local AV detected a memory dump of process "updatewin2.exe" as "DeepScan:Generic.Malware.V!Qw.EE8544F2".
Malicious content was detected by heuristic scan
Network Connection
VTI rule match with VTI rule score 1/5
vmray_download_file_by_http_full
Downloads file via http from "http://cjto.top/sgfjsgdfgsgddagdpen4/get.php?pid=7D14E3BF7C8F056B5C98BAB6C3273458&first=true".
Downloads file
Network Connection
VTI rule match with VTI rule score 1/5
vmray_download_file_by_http_full
Downloads file via http from "interludeeurope.com/517".
Downloads file
Network Connection
VTI rule match with VTI rule score 1/5
vmray_download_file_by_http_full
Downloads file via http from "ip-api.com/line/".
Downloads file
Network Connection
VTI rule match with VTI rule score 1/5
vmray_download_exe_by_http_full
Downloads executable via http from "http://cjto.top/files/penelop/updatewin1.exe".
Downloads executable
Network Connection
VTI rule match with VTI rule score 1/5
vmray_download_exe_by_http_full
Downloads executable via http from "http://cjto.top/files/penelop/updatewin2.exe".
Downloads executable
Network Connection
VTI rule match with VTI rule score 1/5
vmray_download_exe_by_http_full
Downloads executable via http from "http://cjto.top/files/penelop/5.exe".
Downloads executable
Network Connection
VTI rule match with VTI rule score 1/5
vmray_download_exe_by_http_full
Downloads executable via http from "interludeeurope.com/mozglue.dll".
Downloads executable
Network Connection
VTI rule match with VTI rule score 1/5
vmray_download_exe_by_http_full
Downloads executable via http from "interludeeurope.com/softokn3.dll".
Downloads executable
Network Connection
VTI rule match with VTI rule score 1/5
vmray_download_exe_by_http_full
Downloads executable via http from "interludeeurope.com/vcruntime140.dll".
Downloads executable
Network Connection
VTI rule match with VTI rule score 1/5
vmray_establish_http_connection
URL "http://cjto.top/files/penelop/updatewin1.exe".
Connects to HTTP server
Network Connection
VTI rule match with VTI rule score 1/5
vmray_establish_http_connection
URL "http://cjto.top/sgfjsgdfgsgddagdpen4/get.php?pid=7D14E3BF7C8F056B5C98BAB6C3273458&first=true".
Connects to HTTP server
Network Connection
VTI rule match with VTI rule score 1/5
vmray_establish_http_connection
URL "http://cjto.top/files/penelop/updatewin2.exe".
Connects to HTTP server
Network Connection
VTI rule match with VTI rule score 1/5
vmray_establish_http_connection
URL "http://cjto.top/files/penelop/updatewin.exe".
Connects to HTTP server
Network Connection
VTI rule match with VTI rule score 1/5
vmray_establish_http_connection
URL "http://cjto.top/files/penelop/3.exe".
Connects to HTTP server
Network Connection
VTI rule match with VTI rule score 1/5
vmray_establish_http_connection
URL "http://cjto.top/files/penelop/4.exe".
Connects to HTTP server
Network Connection
VTI rule match with VTI rule score 1/5
vmray_establish_http_connection
URL "http://cjto.top/files/penelop/5.exe".
Connects to HTTP server
Network Connection
VTI rule match with VTI rule score 1/5
vmray_establish_http_connection
URL "interludeeurope.com/517".
Connects to HTTP server
Network Connection
VTI rule match with VTI rule score 1/5
vmray_establish_http_connection
URL "interludeeurope.com/freebl3.dll".
Connects to HTTP server
Network Connection
VTI rule match with VTI rule score 1/5
vmray_establish_http_connection
URL "interludeeurope.com/mozglue.dll".
Connects to HTTP server
Network Connection
VTI rule match with VTI rule score 1/5
vmray_establish_http_connection
URL "interludeeurope.com/msvcp140.dll".
Connects to HTTP server
Network Connection
VTI rule match with VTI rule score 1/5
vmray_establish_http_connection
URL "interludeeurope.com/nss3.dll".
Connects to HTTP server
Network Connection
VTI rule match with VTI rule score 1/5
vmray_establish_http_connection
URL "interludeeurope.com/softokn3.dll".
Connects to HTTP server
Network Connection
VTI rule match with VTI rule score 1/5
vmray_establish_http_connection
URL "interludeeurope.com/vcruntime140.dll".
Connects to HTTP server
Network Connection
VTI rule match with VTI rule score 1/5
vmray_establish_http_connection
URL "ip-api.com/line/".
Connects to HTTP server
Network Connection
VTI rule match with VTI rule score 1/5
vmray_establish_https_connection
URL "https://api.2ip.ua/geo.json".
Connects to HTTPS server
Reputation
VTI rule match with VTI rule score 5/5
vmray_known_malicious_file
Reputation data labels the sample itself as "Mal/Generic-S".
Known malicious file
Reputation
VTI rule match with VTI rule score 5/5
vmray_known_malicious_file
Reputation data labels file "C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\a2d26e6d-7c69-44ba-86e0-72e933aca69b\updatewin1.exe" as "Mal/Generic-S".
Known malicious file
Reputation
VTI rule match with VTI rule score 5/5
vmray_known_malicious_file
File "C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\a2d26e6d-7c69-44ba-86e0-72e933aca69b\updatewin2.exe" is a known malicious file.
Known malicious file
Reputation
VTI rule match with VTI rule score 5/5
vmray_known_malicious_file
Reputation data labels file "C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\a2d26e6d-7c69-44ba-86e0-72e933aca69b\5.exe" as "Mal/Generic-S".
Known malicious file
Task Scheduling
VTI rule match with VTI rule score 2/5
vmray_delay_by_scheduled_task_delayed
Schedules task for command "C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\57142790-ef94-42fb-ad53-61014451cde3\70BC.tmp.exe", to be triggered by Time. Task has been rescheduled by the analyzer.
Schedules task
YARA
VTI rule match with VTI rule score 3/5
vmray_yara_match_mid
Rule "PDF_Missing_startxref" from ruleset "Malicious-Documents" has matched on the dropped file "C:\Users\5p5NrGJn0jS HALPmcxz\Documents\7cikxEG7myp3KU2u3I.pdf.repl".
Suspicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 3/5
vmray_yara_match_mid
Rule "PDF_Missing_EOF" from ruleset "Malicious-Documents" has matched on the dropped file "C:\Users\5p5NrGJn0jS HALPmcxz\Documents\7cikxEG7myp3KU2u3I.pdf.repl".
Suspicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 3/5
vmray_yara_match_mid
Rule "PDF_Missing_startxref" from ruleset "Malicious-Documents" has matched on the modified file "C:\Users\5p5NrGJn0jS HALPmcxz\Documents\V9ZBzXb5FgUpi086o.pdf".
Suspicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 3/5
vmray_yara_match_mid
Rule "PDF_Missing_EOF" from ruleset "Malicious-Documents" has matched on the modified file "C:\Users\5p5NrGJn0jS HALPmcxz\Documents\V9ZBzXb5FgUpi086o.pdf".
Suspicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 3/5
vmray_yara_match_mid
Rule "PDF_Missing_startxref" from ruleset "Malicious-Documents" has matched on the modified file "C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\biXR7AllJ9HthLB32m\Qu 6rIbEs-9HuA-A9.pdf".
Suspicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 3/5
vmray_yara_match_mid
Rule "PDF_Missing_EOF" from ruleset "Malicious-Documents" has matched on the modified file "C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\biXR7AllJ9HthLB32m\Qu 6rIbEs-9HuA-A9.pdf".
Suspicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the modified file "C:\Boot\BOOTSTAT.DAT".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\Aclviho ASldjfl.contact.repl".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\Administrator.contact.repl".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the modified file "C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\asdlfk poopvy.contact".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the modified file "C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\chucu jadnvk.contact".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\lulcit amkdfe.contact.repl".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\sikvnb huvuib.contact.repl".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\5KZXkheM5u5uJU.docx.repl".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\7PDLT4L1wrFURbYKVTu.png.repl".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\8ESof6tzke.mp4.repl".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\8HZd5l1MKRPrQ8d.jpg.repl".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the modified file "C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\fDZ9awc93MQLgEO8t87e.gif".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the modified file "C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\FZBFvINOyKGsj.mp3".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the modified file "C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\IFdec.gif".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the modified file "C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\iN81Pym54.bmp".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\I_-Oy17ss1 r1N6B.wav.repl".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Ks MmS9s2g.jpg.repl".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\o obKkxAbP4tov.flv.repl".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the modified file "C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\RLkPQX.odt".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\sQcOvoYYaqJiy6k8f.m4a.repl".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the modified file "C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\tJ0J74Cg.jpg".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\UerI2Ovi.mp4.repl".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the modified file "C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\vVdxe58tScghewQG.wav".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\xwqDVNq1vxP500uetnb.mp3.repl".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\zKtRD2FcPd_l.docx.repl".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the modified file "C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ZR4E7I.mp4".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\_BZNAkuYTK75Y.mkv.repl".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the modified file "C:\Users\5p5NrGJn0jS HALPmcxz\Documents\3ojIp-zQraSdlH4NT.xlsx".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the modified file "C:\Users\5p5NrGJn0jS HALPmcxz\Documents\4G-DNoMCC5W0VK1r2qe.docx".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 4/5
vmray_yara_match_high
Rule "PDF_Invalid_version" from ruleset "Malicious-Documents" has matched on the dropped file "C:\Users\5p5NrGJn0jS HALPmcxz\Documents\7cikxEG7myp3KU2u3I.pdf.repl".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Users\5p5NrGJn0jS HALPmcxz\Documents\7cikxEG7myp3KU2u3I.pdf.repl".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the modified file "C:\Users\5p5NrGJn0jS HALPmcxz\Documents\811nLd y_6sdBYiu.xlsx".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Users\5p5NrGJn0jS HALPmcxz\Documents\c_9nl6avRr.docx.repl".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Users\5p5NrGJn0jS HALPmcxz\Documents\DxFDv-dD7DQ.xlsx.repl".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the modified file "C:\Users\5p5NrGJn0jS HALPmcxz\Documents\eKXCBeD31lK FufivsAa.docx".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the modified file "C:\Users\5p5NrGJn0jS HALPmcxz\Documents\gQLD cjqv-EBw.xls".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Users\5p5NrGJn0jS HALPmcxz\Documents\k32QjmEIvaP.pptx.repl".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Users\5p5NrGJn0jS HALPmcxz\Documents\kjoL.pptx.repl".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Users\5p5NrGJn0jS HALPmcxz\Documents\kOvbGuNIR.docx.repl".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the modified file "C:\Users\5p5NrGJn0jS HALPmcxz\Documents\KZCIoiKWonMlw8t_.xlsx".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Users\5p5NrGJn0jS HALPmcxz\Documents\l3rhRr0T125Xoyj.doc.repl".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Users\5p5NrGJn0jS HALPmcxz\Documents\O7xE1CB.pptx.repl".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the modified file "C:\Users\5p5NrGJn0jS HALPmcxz\Documents\RdNn4YPOcR.pptx".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Users\5p5NrGJn0jS HALPmcxz\Documents\rG_0w6nNmNx5.pptx.repl".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the modified file "C:\Users\5p5NrGJn0jS HALPmcxz\Documents\T8aU_OjDOmwiDdj.docx".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Users\5p5NrGJn0jS HALPmcxz\Documents\uyCD 0zgT.docx.repl".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 4/5
vmray_yara_match_high
Rule "PDF_Invalid_version" from ruleset "Malicious-Documents" has matched on the modified file "C:\Users\5p5NrGJn0jS HALPmcxz\Documents\V9ZBzXb5FgUpi086o.pdf".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the modified file "C:\Users\5p5NrGJn0jS HALPmcxz\Documents\V9ZBzXb5FgUpi086o.pdf".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Users\5p5NrGJn0jS HALPmcxz\Documents\XCqG1hz1hGPh_.xlsx.repl".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Users\5p5NrGJn0jS HALPmcxz\Music\X4X8e v2jF382WRo8WV8.m4a.repl".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the modified file "C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\-No--h4Bje.jpg".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the modified file "C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\-o3Rx9Lk.png".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the modified file "C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\03m1qAOY0VKs2L8 5b.gif".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\30WZEWuTnF.png.repl".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the modified file "C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\4I21p2CSR.png".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\4l3VmSgkSeNnZaxnn.png.repl".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\8_urrW33DsqW1w8IOIWM.bmp.repl".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\9 9Bj.jpg.repl".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the modified file "C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\96t5T4tZg_j1JLU.gif".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\akAdGjAzRbOX.gif.repl".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\B xNx9IC44Hm4.png.repl".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\cl8Q2gv0Ec.gif.repl".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the modified file "C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\DPzKzoA.bmp".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the modified file "C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\fcBf3kIvVJ77kI-H5x.png".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the modified file "C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\FKEduRWo9V_vK.png".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\HetrB02gG.png.repl".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the modified file "C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\iqlcViYF9Ud.gif".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the modified file "C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\j1wSX.png".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the modified file "C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\KD3OMmO EX.png".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the modified file "C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\kN--uzKXC2Q.bmp".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\Likad.gif.repl".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the modified file "C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\LqaDZxKfuwXuTsSahQQ.png".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the modified file "C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\m9mdu0MSKmx8.jpg".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\mHB1QJmrRIH.gif.repl".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\ND-tz3HIE.jpg.repl".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the modified file "C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\PBze-pOFU dYzmpvWSfM.png".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\pNhT.bmp.repl".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the modified file "C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\ppX0qTD.gif".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the modified file "C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\pS3MdK XbiU.png".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\QA97.png.repl".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\Qzu0l97jXRI.jpg.repl".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the modified file "C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\s5Mzvcxx0O.bmp".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\SSfEvNye4NlL.jpg.repl".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\T-2qBXOV3.gif.repl".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\tWTpaAmsYh5BlN0.png.repl".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\UxpVY.png.repl".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the modified file "C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\vv4Xo7hKuykkeOgyzcT.bmp".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\YnL1TGco0IVcVk.bmp.repl".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\Z-GecH_xFLU.png.repl".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the modified file "C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\_uZ5 Tt q_VhaeH.png".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Users\5p5NrGJn0jS HALPmcxz\Videos\8v43LtFZhOP0vJ9gX4d.mp4.repl".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the modified file "C:\Users\5p5NrGJn0jS HALPmcxz\Videos\A04E1CJ-T.swf".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Users\5p5NrGJn0jS HALPmcxz\Videos\Cbs7tdit.mkv.repl".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Users\5p5NrGJn0jS HALPmcxz\Videos\cICb7BwwT2Ld58-Ud.flv.repl".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Users\5p5NrGJn0jS HALPmcxz\Videos\LI2h-.avi.repl".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the modified file "C:\Users\5p5NrGJn0jS HALPmcxz\Videos\lNV1_65oJY8WzmIgZAl.flv".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the modified file "C:\Users\5p5NrGJn0jS HALPmcxz\Videos\s7OhMohIJWDUjxG.flv".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the modified file "C:\Users\5p5NrGJn0jS HALPmcxz\Videos\UnozTLP O.mkv".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the modified file "C:\Users\5p5NrGJn0jS HALPmcxz\Videos\VruruVOMmhPSNLKf.swf".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the modified file "C:\Users\5p5NrGJn0jS HALPmcxz\Videos\ZPC2xACdyKE2zX.mkv".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the modified file "C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\9Yuo r8z5793\Dc4lg5.doc".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the modified file "C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\9Yuo r8z5793\FJTV4cB_atzt.mkv".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the modified file "C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\9Yuo r8z5793\Fknzw.jpg".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the modified file "C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\9Yuo r8z5793\LPM6xPutxFopX8.flv".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\9Yuo r8z5793\PT5bIBaH458TzgUtJTt.gif.repl".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\9Yuo r8z5793\qFvwyqOSzOKGs9wKMZ.gif.repl".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\9Yuo r8z5793\Su7IjIqoyHUs.m4a.repl".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the modified file "C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\9Yuo r8z5793\vGG0gXByyUrfJNMeaT.png".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\biXR7AllJ9HthLB32m\dxiua8xlatMU.mp3.repl".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 4/5
vmray_yara_match_high
Rule "PDF_Invalid_version" from ruleset "Malicious-Documents" has matched on the modified file "C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\biXR7AllJ9HthLB32m\Qu 6rIbEs-9HuA-A9.pdf".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the modified file "C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\biXR7AllJ9HthLB32m\Qu 6rIbEs-9HuA-A9.pdf".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the modified file "C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\biXR7AllJ9HthLB32m\Uc56 VWDU.wav".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Users\5p5NrGJn0jS HALPmcxz\Documents\J2SXxcKn6PSfjMwPvJ3\b2VL5_nb6VZP.pptx.repl".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Users\5p5NrGJn0jS HALPmcxz\Documents\J2SXxcKn6PSfjMwPvJ3\m0dvClBD B.odt.repl".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Users\5p5NrGJn0jS HALPmcxz\Documents\J2SXxcKn6PSfjMwPvJ3\Nj6wn36PdC.odt.repl".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the modified file "C:\Users\5p5NrGJn0jS HALPmcxz\Documents\J2SXxcKn6PSfjMwPvJ3\X_N nO5YLJ.xls".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the modified file "C:\Users\5p5NrGJn0jS HALPmcxz\Documents\Outlook Files\voeimd@djhreuu.uhd.pst".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Links\Suggested Sites.url.repl".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the modified file "C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Links\Web Slice Gallery.url".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the modified file "C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Microsoft Websites\IE Add-on site.url".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Microsoft Websites\IE site on Microsoft.com.url.repl".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Microsoft Websites\Microsoft At Home.url.repl".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the modified file "C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Microsoft Websites\Microsoft At Work.url".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the modified file "C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Microsoft Websites\Microsoft Store.url".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\MSN Autos.url.repl".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\MSN Entertainment.url.repl".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the modified file "C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\MSN Money.url".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the modified file "C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\MSN Sports.url".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\MSN.url.repl".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\MSNBC News.url.repl".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Windows Live\Get Windows Live.url.repl".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Windows Live\Windows Live Gallery.url.repl".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Windows Live\Windows Live Mail.url.repl".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the modified file "C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Windows Live\Windows Live Spaces.url".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Users\5p5NrGJn0jS HALPmcxz\Music\7-YHpmtbF c\orB8Hi.wav.repl".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the modified file "C:\Users\5p5NrGJn0jS HALPmcxz\Music\oyx1Rv0d\0cbs_tof9ny.m4a".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Users\5p5NrGJn0jS HALPmcxz\Music\oyx1Rv0d\6B16eKhFQhAr33T.mp3.repl".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Users\5p5NrGJn0jS HALPmcxz\Music\oyx1Rv0d\Cv4yZ3zSYCyBmJ.wav.repl".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the modified file "C:\Users\5p5NrGJn0jS HALPmcxz\Music\oyx1Rv0d\Ehpc.m4a".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the modified file "C:\Users\5p5NrGJn0jS HALPmcxz\Music\oyx1Rv0d\IXoJ.m4a".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the modified file "C:\Users\5p5NrGJn0jS HALPmcxz\Videos\AzA1dyndRqFT\17u1J9qDlqHacF.swf".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Users\5p5NrGJn0jS HALPmcxz\Videos\AzA1dyndRqFT\7B8KcaT04GW9kX4g.mkv.repl".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Users\5p5NrGJn0jS HALPmcxz\Videos\AzA1dyndRqFT\aX2VCqIAoGU0T.avi.repl".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the modified file "C:\Users\5p5NrGJn0jS HALPmcxz\Videos\AzA1dyndRqFT\eoqQbvfm-.flv".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the modified file "C:\Users\5p5NrGJn0jS HALPmcxz\Videos\AzA1dyndRqFT\F2PyUAjL.mkv".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the modified file "C:\Users\5p5NrGJn0jS HALPmcxz\Videos\AzA1dyndRqFT\HDox.mp4".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Users\5p5NrGJn0jS HALPmcxz\Videos\AzA1dyndRqFT\IgLn.avi.repl".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Users\5p5NrGJn0jS HALPmcxz\Videos\AzA1dyndRqFT\j6NCN22grbrrKbI.avi.repl".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the modified file "C:\Users\5p5NrGJn0jS HALPmcxz\Videos\AzA1dyndRqFT\mETxq1dgTcN_06c9Wh.swf".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Users\5p5NrGJn0jS HALPmcxz\Videos\AzA1dyndRqFT\NBpanjvhyGXD.mp4.repl".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the modified file "C:\Users\5p5NrGJn0jS HALPmcxz\Videos\AzA1dyndRqFT\rpmN8.mp4".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Users\5p5NrGJn0jS HALPmcxz\Videos\AzA1dyndRqFT\tFioJ0WOk7l.mp4.repl".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the modified file "C:\Users\5p5NrGJn0jS HALPmcxz\Videos\AzA1dyndRqFT\uSrxwTp4eKX6h3Tg.swf".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the modified file "C:\Users\5p5NrGJn0jS HALPmcxz\Videos\AzA1dyndRqFT\VDPS.swf".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the modified file "C:\Users\5p5NrGJn0jS HALPmcxz\Videos\AzA1dyndRqFT\Xvde5r-.avi".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the modified file "C:\Users\5p5NrGJn0jS HALPmcxz\Videos\cu9Yw eEse\NPqcPmvT6u.mp4".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Users\5p5NrGJn0jS HALPmcxz\Videos\cu9Yw eEse\VUaJjfNHka8B.mkv.repl".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Users\5p5NrGJn0jS HALPmcxz\Videos\cu9Yw eEse\wLJDF.mkv.repl".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the modified file "C:\Users\5p5NrGJn0jS HALPmcxz\Videos\cu9Yw eEse\xKapeK.avi".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the modified file "C:\Users\5p5NrGJn0jS HALPmcxz\Videos\cu9Yw eEse\xW6EwsoRu9gGGV7iOt-D.flv".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Users\5p5NrGJn0jS HALPmcxz\Videos\cu9Yw eEse\zrORtIE5EYdIHmERw.swf.repl".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the modified file "C:\Users\5p5NrGJn0jS HALPmcxz\Documents\J2SXxcKn6PSfjMwPvJ3\C_Vh1fV\9Zt2ouw0ImVMhgH2NY.ots".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the modified file "C:\Users\5p5NrGJn0jS HALPmcxz\Documents\J2SXxcKn6PSfjMwPvJ3\C_Vh1fV\dPeqb5qc.pps".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Users\5p5NrGJn0jS HALPmcxz\Documents\J2SXxcKn6PSfjMwPvJ3\C_Vh1fV\Mybosdj5X5h iLc.ots.repl".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Users\5p5NrGJn0jS HALPmcxz\Documents\J2SXxcKn6PSfjMwPvJ3\C_Vh1fV\or1WZCJ6s.ods.repl".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the modified file "C:\Users\5p5NrGJn0jS HALPmcxz\Documents\J2SXxcKn6PSfjMwPvJ3\C_Vh1fV\Q2OOR.ppt".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Users\5p5NrGJn0jS HALPmcxz\Documents\My Shapes\_private\folder.ico.repl".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Users\5p5NrGJn0jS HALPmcxz\Music\7-YHpmtbF c\YKx0r-4xIL\ddbuPnuJkir.m4a.repl".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the modified file "C:\Users\5p5NrGJn0jS HALPmcxz\Music\7-YHpmtbF c\YKx0r-4xIL\YM9tGHWt.m4a".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Users\5p5NrGJn0jS HALPmcxz\Music\7-YHpmtbF c\YKx0r-4xIL\zQ2ExRA2Rfn9v6K.wav.repl".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Users\5p5NrGJn0jS HALPmcxz\Music\tOXeI\e4yCT6OSRW\6sLBC9YfizkyX0e.m4a.repl".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the modified file "C:\Users\5p5NrGJn0jS HALPmcxz\Documents\J2SXxcKn6PSfjMwPvJ3\C_Vh1fV\0qcKdfLawjYERrz\DgX7YulACWHq.xlsx".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Users\5p5NrGJn0jS HALPmcxz\Documents\J2SXxcKn6PSfjMwPvJ3\C_Vh1fV\0qcKdfLawjYERrz\JCD3YFoLiMJOl.ods.repl".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Users\5p5NrGJn0jS HALPmcxz\Documents\J2SXxcKn6PSfjMwPvJ3\C_Vh1fV\0qcKdfLawjYERrz\tLv7.rtf.repl".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the modified file "C:\Users\5p5NrGJn0jS HALPmcxz\Documents\J2SXxcKn6PSfjMwPvJ3\C_Vh1fV\0qcKdfLawjYERrz\XoCJBYRKDf1YU.odt".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Users\5p5NrGJn0jS HALPmcxz\Documents\J2SXxcKn6PSfjMwPvJ3\C_Vh1fV\0qcKdfLawjYERrz\yISpR1r.pps.repl".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the modified file "C:\Users\5p5NrGJn0jS HALPmcxz\Documents\J2SXxcKn6PSfjMwPvJ3\C_Vh1fV\koar3GHvHdsyUhhV\2V0TxGm.docx".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the modified file "C:\Users\5p5NrGJn0jS HALPmcxz\Documents\J2SXxcKn6PSfjMwPvJ3\C_Vh1fV\koar3GHvHdsyUhhV\BCI8ZZ6lWbHNabt6.ods".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Users\5p5NrGJn0jS HALPmcxz\Documents\J2SXxcKn6PSfjMwPvJ3\C_Vh1fV\koar3GHvHdsyUhhV\jqtLjUSLrz2QIygk_E.xlsx.repl".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Users\5p5NrGJn0jS HALPmcxz\Documents\J2SXxcKn6PSfjMwPvJ3\C_Vh1fV\Rl1SQL0tjY2TWI_CL\dj0KcToR.xls.repl".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Users\5p5NrGJn0jS HALPmcxz\Documents\J2SXxcKn6PSfjMwPvJ3\C_Vh1fV\Rl1SQL0tjY2TWI_CL\iEmY2qOb63ReU.ods.repl".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Users\5p5NrGJn0jS HALPmcxz\Documents\J2SXxcKn6PSfjMwPvJ3\C_Vh1fV\Rl1SQL0tjY2TWI_CL\iYlo0g9fJ.pptx.repl".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the modified file "C:\Users\5p5NrGJn0jS HALPmcxz\Documents\J2SXxcKn6PSfjMwPvJ3\C_Vh1fV\Rl1SQL0tjY2TWI_CL\qwxZJ.ppt".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Users\5p5NrGJn0jS HALPmcxz\Music\tOXeI\e4yCT6OSRW\1RSeC-NlkkIYaj Bti\2tdd8N.wav.repl".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the modified file "C:\Users\5p5NrGJn0jS HALPmcxz\Music\tOXeI\e4yCT6OSRW\1RSeC-NlkkIYaj Bti\CLYghnHOUqM1L.mp3".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Users\5p5NrGJn0jS HALPmcxz\Music\tOXeI\e4yCT6OSRW\1RSeC-NlkkIYaj Bti\cVAZ3IGpvTw.m4a.repl".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the modified file "C:\Users\5p5NrGJn0jS HALPmcxz\Music\tOXeI\e4yCT6OSRW\1RSeC-NlkkIYaj Bti\FkdS0iHVyfULnSUP9.m4a".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Users\5p5NrGJn0jS HALPmcxz\Music\tOXeI\e4yCT6OSRW\1RSeC-NlkkIYaj Bti\HB469mIvMKCb.m4a.repl".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the modified file "C:\Users\5p5NrGJn0jS HALPmcxz\Music\tOXeI\e4yCT6OSRW\a7SoU 0uYT\2eUawrNtZSSLtr_hLI.m4a".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the modified file "C:\Users\5p5NrGJn0jS HALPmcxz\Music\tOXeI\e4yCT6OSRW\a7SoU 0uYT\2LeWeVQQj4S3Cog6.wav".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Users\5p5NrGJn0jS HALPmcxz\Music\tOXeI\e4yCT6OSRW\a7SoU 0uYT\o3gcNdl F.mp3.repl".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Users\5p5NrGJn0jS HALPmcxz\Music\tOXeI\e4yCT6OSRW\a7SoU 0uYT\UOR-x4BusWSWpU0NkJ9Q.m4a.repl".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Users\5p5NrGJn0jS HALPmcxz\Music\tOXeI\e4yCT6OSRW\a7SoU 0uYT\Y0op76.m4a.repl".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the modified file "C:\Users\5p5NrGJn0jS HALPmcxz\Music\tOXeI\W1Ob72Blm\FFsw4l1B6\cDwoYkArYm0.m4a".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the modified file "C:\Users\5p5NrGJn0jS HALPmcxz\Music\tOXeI\W1Ob72Blm\FFsw4l1B6\PmiHCLKSHJ.m4a".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the modified file "C:\Users\5p5NrGJn0jS HALPmcxz\Music\tOXeI\W1Ob72Blm\FFsw4l1B6\TlnJBlwRvkVGJNY.wav".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Adobe\Acrobat\10.0\rdrmessage.zip.repl".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the modified file "C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\index.dat".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the modified file "C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Sun\Java\AU\au.cab".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the modified file "C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Sun\Java\AU\au.msi".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Sun\Java\Deployment\deployment.properties.repl".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Sun\Java\jre1.7.0_45\jre1.7.0_45.msi.repl".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the modified file "C:\Users\5p5NrGJn0jS HALPmcxz\Documents\J2SXxcKn6PSfjMwPvJ3\C_Vh1fV\koar3GHvHdsyUhhV\n3oStUhXaOQ\ALPNwFj-1OZducX.docx".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the modified file "C:\Users\5p5NrGJn0jS HALPmcxz\Documents\J2SXxcKn6PSfjMwPvJ3\C_Vh1fV\koar3GHvHdsyUhhV\n3oStUhXaOQ\HPgg1EDGsK5lUH.csv".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Users\5p5NrGJn0jS HALPmcxz\Music\tOXeI\e4yCT6OSRW\1RSeC-NlkkIYaj Bti\K9Mf5J\Bke2Oa8_K.wav.repl".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the modified file "C:\Users\5p5NrGJn0jS HALPmcxz\Music\tOXeI\e4yCT6OSRW\1RSeC-NlkkIYaj Bti\K9Mf5J\fg2Zna4xNXpaDG5wSJZq.m4a".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Users\5p5NrGJn0jS HALPmcxz\Music\tOXeI\e4yCT6OSRW\1RSeC-NlkkIYaj Bti\K9Mf5J\juju3-1.wav.repl".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Users\5p5NrGJn0jS HALPmcxz\Music\tOXeI\e4yCT6OSRW\1RSeC-NlkkIYaj Bti\K9Mf5J\NrdinMVSA-25RdHWYwM.wav.repl".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Users\5p5NrGJn0jS HALPmcxz\Music\tOXeI\e4yCT6OSRW\1RSeC-NlkkIYaj Bti\K9Mf5J\UR1rUJ9AJQklUdDrj.mp3.repl".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the modified file "C:\Users\5p5NrGJn0jS HALPmcxz\Music\tOXeI\e4yCT6OSRW\1RSeC-NlkkIYaj Bti\K9Mf5J\vYNjHvJV5.wav".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\36USA68T\imagesrv.adition[1].xml.repl".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\3O75JDME\www.google[1].xml.repl".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the modified file "C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\VGMTOI09\www.msn[1].xml".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "Djvu" from ruleset "Ransomware" has matched on a memory dump for process "70bc.tmp.exe".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "Djvu" from ruleset "Ransomware" has matched on the extracted function string file "function_strings_process_6.txt".
Malicious content matched by YARA rules
Data Collection
VTI rule match with VTI rule score 4/5
vmray_meta_classify_spyware_for_excessive_infosteal
Tries to read sensitive data of: Internet Explorer / Edge, FileZilla, Internet Explorer, Google Chrome, Pidgin, Mozilla Firefox.
Exhibits Spyware behavior