VMRay Analyzer Report for Sample #531537
VMRay Analyzer
3.2.2
URI
nokd.top
Resolved_To
Address
5.53.124.118
URI
api.2ip.ua
Resolved_To
Address
77.123.139.189
Process
1
2816
h1rxxmjek7fnkhtt.exe
1108
h1rxxmjek7fnkhtt.exe
"C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\h1rxxmJek7fnkHTT.exe"
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\
c:\users\5p5nrgjn0js halpmcxz\desktop\h1rxxmjek7fnkhtt.exe
Child_Of
Child_Of
Child_Of
Created
Opened
Opened
Process
4
452
icacls.exe
2816
icacls.exe
icacls "C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\97f793e1-7a7e-4733-93ae-21a624f0cac5" /deny *S-1-1-0:(OI)(CI)(DE,DC)
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\
c:\windows\syswow64\icacls.exe
Process
5
1416
taskeng.exe
880
taskeng.exe
taskeng.exe {4568F795-B030-4E70-B052-419BC1469E0B} S-1-5-21-3388679973-3930757225-3770151564-1000:XDUWTFONO\5p5NrGJn0jS HALPmcxz:Interactive:Highest[1]
C:\Windows\system32\
c:\windows\system32\taskeng.exe
Process
6
2504
h1rxxmjek7fnkhtt.exe
2816
h1rxxmjek7fnkhtt.exe
"C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\h1rxxmJek7fnkHTT.exe" --Admin IsNotAutoStart IsNotTask
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\
c:\users\5p5nrgjn0js halpmcxz\desktop\h1rxxmjek7fnkhtt.exe
Child_Of
Child_Of
Child_Of
Created
Created
Opened
Opened
Opened
Process
7
2452
updatewin1.exe
2504
updatewin1.exe
"C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\1eed4f4c-ee3f-42d5-9fd1-74f531bda6b5\updatewin1.exe"
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\
c:\users\5p5nrgjn0js halpmcxz\appdata\local\1eed4f4c-ee3f-42d5-9fd1-74f531bda6b5\updatewin1.exe
Child_Of
Created
Process
8
2488
updatewin2.exe
2504
updatewin2.exe
"C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\1eed4f4c-ee3f-42d5-9fd1-74f531bda6b5\updatewin2.exe"
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\
c:\users\5p5nrgjn0js halpmcxz\appdata\local\1eed4f4c-ee3f-42d5-9fd1-74f531bda6b5\updatewin2.exe
Process
9
2624
5.exe
2504
5.exe
"C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\1eed4f4c-ee3f-42d5-9fd1-74f531bda6b5\5.exe"
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\
c:\users\5p5nrgjn0js halpmcxz\appdata\local\1eed4f4c-ee3f-42d5-9fd1-74f531bda6b5\5.exe
Created
Opened
Process
10
2672
updatewin1.exe
2452
updatewin1.exe
"C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\1eed4f4c-ee3f-42d5-9fd1-74f531bda6b5\updatewin1.exe" --Admin
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\1eed4f4c-ee3f-42d5-9fd1-74f531bda6b5\
c:\users\5p5nrgjn0js halpmcxz\appdata\local\1eed4f4c-ee3f-42d5-9fd1-74f531bda6b5\updatewin1.exe
Child_Of
Created
Process
11
2692
powershell.exe
2672
powershell.exe
powershell -Command Set-ExecutionPolicy -Scope CurrentUser RemoteSigned
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\1eed4f4c-ee3f-42d5-9fd1-74f531bda6b5\
c:\windows\syswow64\windowspowershell\v1.0\powershell.exe
Process
15
1372
h1rxxmjek7fnkhtt.exe
1176
h1rxxmjek7fnkhtt.exe
"C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\97f793e1-7a7e-4733-93ae-21a624f0cac5\h1rxxmJek7fnkHTT.exe" --AutoStart
C:\Windows\system32\
c:\users\5p5nrgjn0js halpmcxz\appdata\local\97f793e1-7a7e-4733-93ae-21a624f0cac5\h1rxxmjek7fnkhtt.exe
Created
Opened
Opened
WinRegistryKey
Software\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER
SysHelper
WinRegistryKey
Software\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER
SysHelper
"C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\97f793e1-7a7e-4733-93ae-21a624f0cac5\h1rxxmJek7fnkHTT.exe" --AutoStart
REG_EXPAND_SZ
Mutex
{1D6FC66E-D1F3-422C-8A53-C0BBCF3D900D}
WinRegistryKey
Software\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER
SysHelper
SysHelper
WinRegistryKey
Software\Microsoft\Windows\CurrentVersion
HKEY_CURRENT_USER
SysHelper
SysHelper
1
REG_DWORD_LITTLE_ENDIAN
WinRegistryKey
Software\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER
SysHelper
Mutex
0303d5b4-ffe9-470e-9dd8-7d9ec416e53f{846ee340-7039-11de-9d20-806e6f6e6963}
WinRegistryKey
SOFTWARE\Microsoft\Cryptography
HKEY_LOCAL_MACHINE
MachineGuid
Mutex
{1D6FC66E-D1F3-422C-8A53-C0BBCF3D900D}
WinRegistryKey
Software\Microsoft\Windows\CurrentVersion
HKEY_CURRENT_USER
SysHelper
Analyzed Sample #531537
Malware Artifacts
531537
Sample-ID: #531537
Job-ID: #1365534
This sample was analyzed by VMRay Analyzer 3.2.2 on a Windows 7 system
100
VTI Score based on VTI Database Version 3.6
Metadata of Sample File #531537
Submission-ID: #3845981
aa8c5d42026ac9a483f1984f762441d7f5805ef914819b473f9e15353995cc99exe
MD5
3880b3ff41deb92ebbdcbff5e5038921
SHA1
e2aaf9e85bb97ed07bb9c00321f244763037fb2c
SHA256
aa8c5d42026ac9a483f1984f762441d7f5805ef914819b473f9e15353995cc99
Opened_By
Metadata of Analysis for Job-ID #1365534
True
Timeout
True
240.1
XDUWTFONO
win7_64_sp1
x86 64-bit
Windows 7
6.1.7601.17514 (3844dbb9-2017-4967-be7a-a4a2c20430fa)
5p5NrGJn0jS HALPmcxz
XDUWTFONO
This is a property collection for additional information of VMRay analysis
VMRay Analyzer
Obfuscation
VTI rule match with VTI rule score 2/5
vmray_dynamic_api_usage_by_api
Resolves an unusually high number of APIs.
Resolves APIs dynamically to possibly evade static detection
Discovery
VTI rule match with VTI rule score 0/5
vmray_enumerate_processes
Enumerates running processes.
Enumerates running processes
Hide Tracks
VTI rule match with VTI rule score 2/5
vmray_delete_executed_executable
Deletes executed executable "c:\users\5p5nrgjn0js halpmcxz\appdata\local\97f793e1-7a7e-4733-93ae-21a624f0cac5\h1rxxmjek7fnkhtt.exe".
Deletes file after execution
Persistence
VTI rule match with VTI rule score 1/5
vmray_install_startup_script_by_registry
Adds ""C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\97f793e1-7a7e-4733-93ae-21a624f0cac5\h1rxxmJek7fnkHTT.exe" --AutoStart" to Windows startup via registry.
Installs system startup script or application
Hide Tracks
VTI rule match with VTI rule score 1/5
vmray_create_process_with_hidden_window
The process "icacls" starts with hidden window.
Creates process with hidden window
Mutex
VTI rule match with VTI rule score 1/5
vmray_create_named_mutex
Creates mutex with name "{1D6FC66E-D1F3-422C-8A53-C0BBCF3D900D}".
Creates mutex
System Modification
VTI rule match with VTI rule score 1/5
vmray_overwrite_file_in_os_dir
Modifies file "C:\Windows\System32\drivers\etc\hosts" in the OS directory.
Modifies operating system directory
System Modification
VTI rule match with VTI rule score 4/5
vmray_modify_network_configuration_by_file
Modifies the host.conf file, probably to redirect network traffic.
Modifies network configuration
Hide Tracks
VTI rule match with VTI rule score 1/5
vmray_create_process_with_hidden_window
The process "powershell" starts with hidden window.
Creates process with hidden window
Discovery
VTI rule match with VTI rule score 1/5
vmray_read_machine_guid
Reads the cryptographic machine GUID from registry.
Reads system data
Mutex
VTI rule match with VTI rule score 1/5
vmray_create_named_mutex
Creates mutex with name "0303d5b4-ffe9-470e-9dd8-7d9ec416e53f{846ee340-7039-11de-9d20-806e6f6e6963}".
Creates mutex
Discovery
VTI rule match with VTI rule score 1/5
vmray_get_network_stats_by_api
Gets network statistics by API.
Tries to get network statistics
User Data Modification
VTI rule match with VTI rule score 4/5
vmray_modify_user_files
Modifies the content of multiple user files. This is an indicator for an encryption attempt.
Modifies content of user files
User Data Modification
VTI rule match with VTI rule score 4/5
vmray_rename_user_files
Renames multiple user files. This is an indicator for an encryption attempt.
Renames user files
System Modification
VTI rule match with VTI rule score 1/5
vmray_create_many_files
Creates above average number of files.
Creates an unusually large number of files
Antivirus
VTI rule match with VTI rule score 5/5
vmray_av_malicious_match
Local AV detected "Trojan.GenericKD.42856061" in the response data of URL "http://nokd.top/files/penelop/5.exe".
Malicious content was detected by heuristic scan
Antivirus
VTI rule match with VTI rule score 5/5
vmray_av_malicious_match
Local AV detected "Trojan.GenericKD.31534187" in the response data of URL "http://nokd.top/files/penelop/updatewin1.exe".
Malicious content was detected by heuristic scan
Antivirus
VTI rule match with VTI rule score 5/5
vmray_av_malicious_match
Local AV detected "Trojan.AgentWDCR.SVC" in the response data of URL "http://nokd.top/files/penelop/updatewin2.exe".
Malicious content was detected by heuristic scan
Antivirus
VTI rule match with VTI rule score 5/5
vmray_av_malicious_match
Local AV detected the downloaded file "C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\1eed4f4c-ee3f-42d5-9fd1-74f531bda6b5\updatewin1.exe" as "Trojan.GenericKD.31534187".
Malicious content was detected by heuristic scan
Antivirus
VTI rule match with VTI rule score 5/5
vmray_av_malicious_match
Local AV detected the downloaded file "C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\1eed4f4c-ee3f-42d5-9fd1-74f531bda6b5\updatewin2.exe" as "Trojan.AgentWDCR.SVC".
Malicious content was detected by heuristic scan
Antivirus
VTI rule match with VTI rule score 5/5
vmray_av_malicious_match
Local AV detected the downloaded file "C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\1eed4f4c-ee3f-42d5-9fd1-74f531bda6b5\5.exe" as "Trojan.GenericKD.42856061".
Malicious content was detected by heuristic scan
Antivirus
VTI rule match with VTI rule score 5/5
vmray_av_malicious_match
Local AV detected the modified file "C:\Windows\System32\drivers\etc\hosts" as "Gen:Trojan.Qhost.1".
Malicious content was detected by heuristic scan
Antivirus
VTI rule match with VTI rule score 5/5
vmray_av_malicious_match
Local AV detected a memory dump of process "h1rxxmjek7fnkhtt.exe" as "DeepScan:Generic.Ransom.Stop.415573D1".
Malicious content was detected by heuristic scan
Antivirus
VTI rule match with VTI rule score 5/5
vmray_av_malicious_match
Local AV detected a memory dump of process "updatewin1.exe" as "Trojan.Brsecmon.1".
Malicious content was detected by heuristic scan
Antivirus
VTI rule match with VTI rule score 5/5
vmray_av_malicious_match
Local AV detected a memory dump of process "updatewin2.exe" as "Trojan.Brsecmon.1".
Malicious content was detected by heuristic scan
Antivirus
VTI rule match with VTI rule score 5/5
vmray_av_malicious_match
Local AV detected a memory dump of process "updatewin1.exe" as "Gen:Trojan.TaskDisabler.tuZ@aetvCLhk".
Malicious content was detected by heuristic scan
Antivirus
VTI rule match with VTI rule score 5/5
vmray_av_malicious_match
Local AV detected a memory dump of process "updatewin2.exe" as "DeepScan:Generic.Malware.V!Qw.EE8544F2".
Malicious content was detected by heuristic scan
Network Connection
VTI rule match with VTI rule score 1/5
vmray_download_file_by_http_full
Downloads file via http from "http://nokd.top/ydtftysdtyftysdfsdpen3/get.php?pid=DACB005FB0EA0FDF6F3682FBFC1290D7&first=true".
Downloads file
Network Connection
VTI rule match with VTI rule score 1/5
vmray_download_exe_by_http_full
Downloads executable via http from "http://nokd.top/files/penelop/updatewin1.exe".
Downloads executable
Network Connection
VTI rule match with VTI rule score 1/5
vmray_download_exe_by_http_full
Downloads executable via http from "http://nokd.top/files/penelop/updatewin2.exe".
Downloads executable
Network Connection
VTI rule match with VTI rule score 1/5
vmray_download_exe_by_http_full
Downloads executable via http from "http://nokd.top/files/penelop/5.exe".
Downloads executable
Network Connection
VTI rule match with VTI rule score 1/5
vmray_establish_http_connection
URL "http://nokd.top/files/penelop/updatewin1.exe".
Connects to HTTP server
Network Connection
VTI rule match with VTI rule score 1/5
vmray_establish_http_connection
URL "http://nokd.top/ydtftysdtyftysdfsdpen3/get.php?pid=DACB005FB0EA0FDF6F3682FBFC1290D7&first=true".
Connects to HTTP server
Network Connection
VTI rule match with VTI rule score 1/5
vmray_establish_http_connection
URL "http://nokd.top/files/penelop/updatewin2.exe".
Connects to HTTP server
Network Connection
VTI rule match with VTI rule score 1/5
vmray_establish_http_connection
URL "http://nokd.top/files/penelop/updatewin.exe".
Connects to HTTP server
Network Connection
VTI rule match with VTI rule score 1/5
vmray_establish_http_connection
URL "http://nokd.top/files/penelop/3.exe".
Connects to HTTP server
Network Connection
VTI rule match with VTI rule score 1/5
vmray_establish_http_connection
URL "http://nokd.top/files/penelop/4.exe".
Connects to HTTP server
Network Connection
VTI rule match with VTI rule score 1/5
vmray_establish_http_connection
URL "http://nokd.top/files/penelop/5.exe".
Connects to HTTP server
Network Connection
VTI rule match with VTI rule score 1/5
vmray_establish_http_connection
URL "archessee.com/517".
Connects to HTTP server
Network Connection
VTI rule match with VTI rule score 1/5
vmray_establish_https_connection
URL "https://api.2ip.ua/geo.json".
Connects to HTTPS server
Reputation
VTI rule match with VTI rule score 5/5
vmray_known_malicious_file
Reputation data labels file "C:\Windows\System32\drivers\etc\hosts" as "Mal/Generic-S".
Known malicious file
Reputation
VTI rule match with VTI rule score 5/5
vmray_known_malicious_file
Reputation data labels file "C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\1eed4f4c-ee3f-42d5-9fd1-74f531bda6b5\updatewin1.exe" as "Mal/Generic-S".
Known malicious file
Reputation
VTI rule match with VTI rule score 5/5
vmray_known_malicious_file
File "C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\1eed4f4c-ee3f-42d5-9fd1-74f531bda6b5\updatewin2.exe" is a known malicious file.
Known malicious file
Reputation
VTI rule match with VTI rule score 4/5
vmray_known_malicious_url_traffic
Contacted URL "http://nokd.top/files/penelop/updatewin1.exe" is a known malicious URL.
Contacts known malicious URL
Reputation
VTI rule match with VTI rule score 4/5
vmray_known_malicious_url_traffic
Contacted URL "http://nokd.top/ydtftysdtyftysdfsdpen3/get.php?pid=DACB005FB0EA0FDF6F3682FBFC1290D7&first=true" is a known malicious URL.
Contacts known malicious URL
Reputation
VTI rule match with VTI rule score 4/5
vmray_known_malicious_url_traffic
Contacted URL "http://nokd.top/files/penelop/updatewin2.exe" is a known malicious URL.
Contacts known malicious URL
Reputation
VTI rule match with VTI rule score 4/5
vmray_known_malicious_url_traffic
Contacted URL "http://nokd.top/files/penelop/updatewin.exe" is a known malicious URL.
Contacts known malicious URL
Reputation
VTI rule match with VTI rule score 4/5
vmray_known_malicious_url_traffic
Contacted URL "http://nokd.top/files/penelop/3.exe" is a known malicious URL.
Contacts known malicious URL
Reputation
VTI rule match with VTI rule score 4/5
vmray_known_malicious_url_traffic
Contacted URL "http://nokd.top/files/penelop/4.exe" is a known malicious URL.
Contacts known malicious URL
Reputation
VTI rule match with VTI rule score 4/5
vmray_known_malicious_url_traffic
Contacted URL "http://nokd.top/files/penelop/5.exe" is a known malicious URL.
Contacts known malicious URL
Reputation
VTI rule match with VTI rule score 4/5
vmray_known_malicious_url_traffic
Contacted URL "archessee.com/517" is a known malicious URL.
Contacts known malicious URL
Task Scheduling
VTI rule match with VTI rule score 2/5
vmray_delay_by_scheduled_task_delayed
Schedules task for command "C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\97f793e1-7a7e-4733-93ae-21a624f0cac5\h1rxxmJek7fnkHTT.exe", to be triggered by Time. Task has been rescheduled by the analyzer.
Schedules task
YARA
VTI rule match with VTI rule score 3/5
vmray_yara_match_mid
Rule "PDF_Missing_startxref" from ruleset "Malicious-Documents" has matched on the dropped file "C:\Users\5p5NrGJn0jS HALPmcxz\Documents\X0h6NwRPaRX5m\eBkpfXutqqrq6h\t648 Z2T0mST-97jBqS\RVx8gh-an-F-.pdf.remk".
Suspicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 3/5
vmray_yara_match_mid
Rule "PDF_Missing_EOF" from ruleset "Malicious-Documents" has matched on the dropped file "C:\Users\5p5NrGJn0jS HALPmcxz\Documents\X0h6NwRPaRX5m\eBkpfXutqqrq6h\t648 Z2T0mST-97jBqS\RVx8gh-an-F-.pdf.remk".
Suspicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\Aclviho ASldjfl.contact.remk".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the modified file "C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\Administrator.contact".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\asdlfk poopvy.contact.remk".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the modified file "C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\chucu jadnvk.contact".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\lulcit amkdfe.contact.remk".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the modified file "C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\sikvnb huvuib.contact".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the modified file "C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\-ZkT JS.bmp".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\7GTeFnWqgS9ZSpp-9d.png.remk".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\AwaZ_7Drvt.mkv.remk".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\AzVzcW.mp4.remk".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the modified file "C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\bi2gofC9nKVEjCY.png".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\cYR-e.avi.remk".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the modified file "C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\d24F8YNCqwI.png".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\dbj5OVvUTa4bloIz9N.flv.remk".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the modified file "C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\e6zU.xlsx".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the modified file "C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\h1rxxmJek7fnkHTT.exe".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Hl4GPoq4aN.flv.remk".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the modified file "C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\irDzr_W5E9Ov4Y9L.mp3".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the modified file "C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\kcgsXO3.gif".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the modified file "C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\KlHpA7bv.wav".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the modified file "C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\LVyvDGQMzfnGN8ouyoSW.gif".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\mnMSRkjKAAPEI.mkv.remk".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the modified file "C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\nJnoBRDZOm.mkv".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the modified file "C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\O50 BhA.wav".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\p6ekR 2Fq3NJCopO9.jpg.remk".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Pqz2j.flv.remk".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\QJ1Ktf1WXPHih.rtf.remk".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Rr0jcSeUO8zIEq.wav.remk".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the modified file "C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\rx5o5BD4nL.mp3".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\UKwmzFKk1.mp3.remk".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the modified file "C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\w4-qqXV2ZOEYBvDS5I.avi".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the modified file "C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\YArHu1.avi".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the modified file "C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\zftDypyr-e.pps".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the modified file "C:\Users\5p5NrGJn0jS HALPmcxz\Documents\-t95GiOnGNPstm-E.docx".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the modified file "C:\Users\5p5NrGJn0jS HALPmcxz\Documents\2Tp_ LqkBdu-05P.doc".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Users\5p5NrGJn0jS HALPmcxz\Documents\2UWCg-ihWXmwSV 3j.docx.remk".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Users\5p5NrGJn0jS HALPmcxz\Documents\7usc5a5L9F_yM.xlsx.remk".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the modified file "C:\Users\5p5NrGJn0jS HALPmcxz\Documents\C-gP led9.docx".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the modified file "C:\Users\5p5NrGJn0jS HALPmcxz\Documents\eJqlwVHiXQsxuhdL3.xlsx".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Users\5p5NrGJn0jS HALPmcxz\Documents\F8JB21XeX O.pptx.remk".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Users\5p5NrGJn0jS HALPmcxz\Documents\fcB8QhTtALgAbgf6S.xlsx.remk".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the modified file "C:\Users\5p5NrGJn0jS HALPmcxz\Documents\HqNUeHlIrV_.docx".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Users\5p5NrGJn0jS HALPmcxz\Documents\htMWWgLGJ_E.xlsx.remk".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Users\5p5NrGJn0jS HALPmcxz\Documents\ijWUr.docx.remk".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Users\5p5NrGJn0jS HALPmcxz\Documents\JuCdXLzZPfwzlrM0D9FT.docx.remk".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the modified file "C:\Users\5p5NrGJn0jS HALPmcxz\Documents\ku2O6ZGXRTMM-OBcr5.xlsx".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the modified file "C:\Users\5p5NrGJn0jS HALPmcxz\Documents\NjadnpP4bXfTr.csv".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Users\5p5NrGJn0jS HALPmcxz\Documents\sRPKAC_i-r0gSL30it1J.docx.remk".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the modified file "C:\Users\5p5NrGJn0jS HALPmcxz\Documents\sv6Gg5.pptx".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the modified file "C:\Users\5p5NrGJn0jS HALPmcxz\Documents\tTI9VeuENe.pptx".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the modified file "C:\Users\5p5NrGJn0jS HALPmcxz\Documents\Uq-Qf59QnD_.pptx".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Users\5p5NrGJn0jS HALPmcxz\Documents\WsiU9HhiMmh5taXUMi.odp.remk".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the modified file "C:\Users\5p5NrGJn0jS HALPmcxz\Documents\zc2zwOgAl9dWZ8.pptx".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the modified file "C:\Users\5p5NrGJn0jS HALPmcxz\Documents\Zp4bSgmkw1VmD6V.pptx".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the modified file "C:\Users\5p5NrGJn0jS HALPmcxz\Documents\_33tr7aCFWUbIhs9iqCR.xlsx".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the modified file "C:\Users\5p5NrGJn0jS HALPmcxz\Music\1W7m6.mp3".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the modified file "C:\Users\5p5NrGJn0jS HALPmcxz\Music\4KMSMI.mp3".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Users\5p5NrGJn0jS HALPmcxz\Music\DOr_ T9_U6.mp3.remk".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the modified file "C:\Users\5p5NrGJn0jS HALPmcxz\Music\erxVno osH7s5.mp3".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Users\5p5NrGJn0jS HALPmcxz\Music\nZea.m4a.remk".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Users\5p5NrGJn0jS HALPmcxz\Music\OVbE.m4a.remk".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the modified file "C:\Users\5p5NrGJn0jS HALPmcxz\Music\qIBVS54In6hNtRDm0Wt.m4a".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the modified file "C:\Users\5p5NrGJn0jS HALPmcxz\Music\uahnmRfbMfNimbLS.m4a".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the modified file "C:\Users\5p5NrGJn0jS HALPmcxz\Music\UIIE3qr3SE h.m4a".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the modified file "C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\6XlUusTFEgTQeKIoy7.jpg".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\9420IVPIIMe9R.png.remk".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the modified file "C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\bQeuq f926D_hucx2X.png".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\LsuBcnzVDaw5Lq.jpg.remk".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the modified file "C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\uNclF6hauoNOJdN8.png".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\YyKbPUy.jpg.remk".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the modified file "C:\Users\5p5NrGJn0jS HALPmcxz\Videos\8RYL8Xv3gwr89piN.flv".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\0wlw97NT\-RvZ.flv.remk".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\0wlw97NT\4jworgauj.bmp.remk".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the modified file "C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\0wlw97NT\iICxrqLlbVh.m4a".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\0wlw97NT\JnCykkanbvIZuzN.gif.remk".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\74 ZPVMU\0FzPFdGAHuuuKllKc sv.flv.remk".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the modified file "C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\74 ZPVMU\HfHAO43nG1N.ppt".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\wzVrnoY3pfgm5\e8KJIm_.wav.remk".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the modified file "C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\wzVrnoY3pfgm5\j2ptz8I.pptx".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the modified file "C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\wzVrnoY3pfgm5\K151dM.swf".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the modified file "C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\wzVrnoY3pfgm5\WOO6cFBQofqEBI.m4a".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\wzVrnoY3pfgm5\XOigXkWrr1j.mp3.remk".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the modified file "C:\Users\5p5NrGJn0jS HALPmcxz\Documents\Outlook Files\voeimd@djhreuu.uhd.pst".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the modified file "C:\Users\5p5NrGJn0jS HALPmcxz\Documents\X0h6NwRPaRX5m\-I-Xy5gtCCf2anzAp.ods".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Users\5p5NrGJn0jS HALPmcxz\Documents\X0h6NwRPaRX5m\ffz SFjC.ots.remk".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Users\5p5NrGJn0jS HALPmcxz\Documents\X0h6NwRPaRX5m\FHmONqV v2JkG3.ots.remk".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Users\5p5NrGJn0jS HALPmcxz\Documents\X0h6NwRPaRX5m\grljDT8nx55.pps.remk".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Users\5p5NrGJn0jS HALPmcxz\Documents\X0h6NwRPaRX5m\HHueX3S0ibdFq.odt.remk".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the modified file "C:\Users\5p5NrGJn0jS HALPmcxz\Documents\X0h6NwRPaRX5m\p2Sojk8t7gJih823M5.pptx".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Users\5p5NrGJn0jS HALPmcxz\Documents\X0h6NwRPaRX5m\UUwhrC FoVL4PsJ.ppt.remk".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Links\Suggested Sites.url.remk".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Links\Web Slice Gallery.url.remk".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the modified file "C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Microsoft Websites\IE Add-on site.url".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Microsoft Websites\IE site on Microsoft.com.url.remk".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the modified file "C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Microsoft Websites\Microsoft At Home.url".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the modified file "C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Microsoft Websites\Microsoft At Work.url".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the modified file "C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Microsoft Websites\Microsoft Store.url".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the modified file "C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\MSN Autos.url".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the modified file "C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\MSN Entertainment.url".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the modified file "C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\MSN Money.url".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the modified file "C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\MSN Sports.url".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\MSN.url.remk".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the modified file "C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\MSNBC News.url".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the modified file "C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Windows Live\Get Windows Live.url".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the modified file "C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Windows Live\Windows Live Gallery.url".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Windows Live\Windows Live Mail.url.remk".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the modified file "C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Windows Live\Windows Live Spaces.url".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the modified file "C:\Users\5p5NrGJn0jS HALPmcxz\Music\Gg6LaR4dxDzOQomZJ1UL\3557nrWiSL8Oztuk2v.mp3".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Users\5p5NrGJn0jS HALPmcxz\Music\Gg6LaR4dxDzOQomZJ1UL\6E50reyJxYm.wav.remk".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Users\5p5NrGJn0jS HALPmcxz\Music\Gg6LaR4dxDzOQomZJ1UL\dbHnWPIPAcwCYg3Bdmu.mp3.remk".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Users\5p5NrGJn0jS HALPmcxz\Music\Gg6LaR4dxDzOQomZJ1UL\j-9 8ML8KY7J4.mp3.remk".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the modified file "C:\Users\5p5NrGJn0jS HALPmcxz\Music\Gg6LaR4dxDzOQomZJ1UL\M19pxLEndmqvY AcHQ.mp3".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Users\5p5NrGJn0jS HALPmcxz\Music\Gg6LaR4dxDzOQomZJ1UL\rM_fq7OOza3eITH8.m4a.remk".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Users\5p5NrGJn0jS HALPmcxz\Music\Gg6LaR4dxDzOQomZJ1UL\Y1jISSChT2WEecUSrE0s.m4a.remk".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the modified file "C:\Users\5p5NrGJn0jS HALPmcxz\Music\vbTY960\5vtSd.wav".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Users\5p5NrGJn0jS HALPmcxz\Music\vbTY960\H1p6Q94-hZHIiHNtL.m4a.remk".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the modified file "C:\Users\5p5NrGJn0jS HALPmcxz\Music\vbTY960\L70E2.m4a".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the modified file "C:\Users\5p5NrGJn0jS HALPmcxz\Music\Xb4anhaDsw_nEnBFeS\0IVabRQYVPOOzITA.m4a".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the modified file "C:\Users\5p5NrGJn0jS HALPmcxz\Music\Xb4anhaDsw_nEnBFeS\542fVbx-Nb5SSv6oh8A5.m4a".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Users\5p5NrGJn0jS HALPmcxz\Music\Xb4anhaDsw_nEnBFeS\91vVO4gMJf8R.m4a.remk".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the modified file "C:\Users\5p5NrGJn0jS HALPmcxz\Music\Xb4anhaDsw_nEnBFeS\BQcrUevf.wav".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the modified file "C:\Users\5p5NrGJn0jS HALPmcxz\Music\Xb4anhaDsw_nEnBFeS\C_5lQ-Upo7x8z.wav".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Users\5p5NrGJn0jS HALPmcxz\Music\Xb4anhaDsw_nEnBFeS\iGbC-X.wav.remk".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the modified file "C:\Users\5p5NrGJn0jS HALPmcxz\Music\Xb4anhaDsw_nEnBFeS\j8VGyPK3jrNNvLRuL67g.wav".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the modified file "C:\Users\5p5NrGJn0jS HALPmcxz\Music\Xb4anhaDsw_nEnBFeS\JJIlS8u_6kS2VPu.m4a".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the modified file "C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\_dqq7i08G7zkmy4eWB\55dO.jpg".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the modified file "C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\_dqq7i08G7zkmy4eWB\I1U5Uwz D.jpg".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\_dqq7i08G7zkmy4eWB\ivWs qFi.bmp.remk".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the modified file "C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\_dqq7i08G7zkmy4eWB\_UQ7F5NbCFJ6.jpg".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Users\5p5NrGJn0jS HALPmcxz\Videos\g1CuCps yZIAOwjCa\6lJNlbKyK354Qa0.flv.remk".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the modified file "C:\Users\5p5NrGJn0jS HALPmcxz\Videos\g1CuCps yZIAOwjCa\JTSMdg7_.avi".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Users\5p5NrGJn0jS HALPmcxz\Videos\g1CuCps yZIAOwjCa\kaWqD.avi.remk".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the modified file "C:\Users\5p5NrGJn0jS HALPmcxz\Videos\g1CuCps yZIAOwjCa\rw 5imJ8K8cEClnKzuF.flv".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Users\5p5NrGJn0jS HALPmcxz\Videos\g1CuCps yZIAOwjCa\uWd 0nDi4nHu_OcIzO.swf.remk".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the modified file "C:\Users\5p5NrGJn0jS HALPmcxz\Videos\PCPKs0u\4WiEyq TSCYneVBnG4.flv".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the modified file "C:\Users\5p5NrGJn0jS HALPmcxz\Videos\PCPKs0u\BP1P5M5rRgJVJ_zFpje.swf".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the modified file "C:\Users\5p5NrGJn0jS HALPmcxz\Videos\PCPKs0u\IBFomAmOPzHP.mp4".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the modified file "C:\Users\5p5NrGJn0jS HALPmcxz\Videos\PCPKs0u\KpWw7pD9YBx.mkv".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the modified file "C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\wzVrnoY3pfgm5\iIWj9EjHStmpO_L\kIgwk9vBXkfQWoRq4O4.swf".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\wzVrnoY3pfgm5\iIWj9EjHStmpO_L\MR bG63x.gif.remk".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\wzVrnoY3pfgm5\iIWj9EjHStmpO_L\WOsa73cE3Ci.docx.remk".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the modified file "C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\wzVrnoY3pfgm5\iIWj9EjHStmpO_L\_1Lysnpm8u.bmp".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Users\5p5NrGJn0jS HALPmcxz\Documents\My Shapes\_private\folder.ico.remk".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the modified file "C:\Users\5p5NrGJn0jS HALPmcxz\Documents\X0h6NwRPaRX5m\eBkpfXutqqrq6h\9bzSIvv8A.xlsx".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the modified file "C:\Users\5p5NrGJn0jS HALPmcxz\Documents\X0h6NwRPaRX5m\eBkpfXutqqrq6h\BokYvvAfU.ppt".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Users\5p5NrGJn0jS HALPmcxz\Documents\X0h6NwRPaRX5m\eBkpfXutqqrq6h\cbSmrZ3jMzQOa6ad6 s.xls.remk".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the modified file "C:\Users\5p5NrGJn0jS HALPmcxz\Documents\X0h6NwRPaRX5m\eBkpfXutqqrq6h\e5Z-XK7-M2.odp".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Users\5p5NrGJn0jS HALPmcxz\Documents\X0h6NwRPaRX5m\eBkpfXutqqrq6h\i_O0aoNt9QXx75 z.pps.remk".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the modified file "C:\Users\5p5NrGJn0jS HALPmcxz\Documents\X0h6NwRPaRX5m\eBkpfXutqqrq6h\RDDJdUb3KAo.xls".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Users\5p5NrGJn0jS HALPmcxz\Documents\X0h6NwRPaRX5m\eBkpfXutqqrq6h\rDvHm1Gu.xlsx.remk".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the modified file "C:\Users\5p5NrGJn0jS HALPmcxz\Documents\X0h6NwRPaRX5m\eBkpfXutqqrq6h\tK5rfTr5kIZSRi.pptx".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the modified file "C:\Users\5p5NrGJn0jS HALPmcxz\Documents\X0h6NwRPaRX5m\eBkpfXutqqrq6h\ypHLBtyzIYe9W.xlsx".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Users\5p5NrGJn0jS HALPmcxz\Documents\X0h6NwRPaRX5m\eBkpfXutqqrq6h\ZsUtmR05.pptx.remk".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Users\5p5NrGJn0jS HALPmcxz\Documents\X0h6NwRPaRX5m\R3pat\JsGQxG.ots.remk".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the modified file "C:\Users\5p5NrGJn0jS HALPmcxz\Documents\X0h6NwRPaRX5m\R3pat\Lfe5b.xlsx".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Users\5p5NrGJn0jS HALPmcxz\Documents\X0h6NwRPaRX5m\R3pat\yjx2jpn3OrZ-WfDHJ.pps.remk".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the modified file "C:\Users\5p5NrGJn0jS HALPmcxz\Music\Xb4anhaDsw_nEnBFeS\-wYl9Wxaf_FQLu8dRQB5\8zc5gaDVdZR.wav".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Users\5p5NrGJn0jS HALPmcxz\Music\Xb4anhaDsw_nEnBFeS\-wYl9Wxaf_FQLu8dRQB5\BLoYkmvVlNGLNVl9j.m4a.remk".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the modified file "C:\Users\5p5NrGJn0jS HALPmcxz\Music\Xb4anhaDsw_nEnBFeS\-wYl9Wxaf_FQLu8dRQB5\Hh6wUmsTzjoH.wav".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the modified file "C:\Users\5p5NrGJn0jS HALPmcxz\Music\Xb4anhaDsw_nEnBFeS\-wYl9Wxaf_FQLu8dRQB5\hj_q0gZo.mp3".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the modified file "C:\Users\5p5NrGJn0jS HALPmcxz\Music\Xb4anhaDsw_nEnBFeS\-wYl9Wxaf_FQLu8dRQB5\j1d_K7qJp6wY.wav".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the modified file "C:\Users\5p5NrGJn0jS HALPmcxz\Music\Xb4anhaDsw_nEnBFeS\-wYl9Wxaf_FQLu8dRQB5\P0oF.mp3".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Users\5p5NrGJn0jS HALPmcxz\Music\Xb4anhaDsw_nEnBFeS\-wYl9Wxaf_FQLu8dRQB5\PlRTanSu8y.mp3.remk".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Users\5p5NrGJn0jS HALPmcxz\Music\Xb4anhaDsw_nEnBFeS\-wYl9Wxaf_FQLu8dRQB5\q4aLH-FAjevoeH6I.mp3.remk".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\_dqq7i08G7zkmy4eWB\4HUb e9qKHwuKHz-\F4YbH 8XORnU4B2.png.remk".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\_dqq7i08G7zkmy4eWB\4HUb e9qKHwuKHz-\Fh-vCljTYvw.gif.remk".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\_dqq7i08G7zkmy4eWB\4HUb e9qKHwuKHz-\hRaN7dOcX1AmD.gif.remk".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the modified file "C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\_dqq7i08G7zkmy4eWB\4HUb e9qKHwuKHz-\QAq-Frb.bmp".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Users\5p5NrGJn0jS HALPmcxz\Videos\PCPKs0u\CSFg h-wcbKcac\677G8npInpXtd35QrCL.mkv.remk".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the modified file "C:\Users\5p5NrGJn0jS HALPmcxz\Videos\PCPKs0u\CSFg h-wcbKcac\e0OK1KsDLkbK.swf".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the modified file "C:\Users\5p5NrGJn0jS HALPmcxz\Videos\PCPKs0u\CSFg h-wcbKcac\v0svWrNd01t99.swf".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the modified file "C:\Users\5p5NrGJn0jS HALPmcxz\Documents\X0h6NwRPaRX5m\eBkpfXutqqrq6h\OSDzZr1qU8Y-\6cca_ ZmPO.ods".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Users\5p5NrGJn0jS HALPmcxz\Documents\X0h6NwRPaRX5m\eBkpfXutqqrq6h\OSDzZr1qU8Y-\6jPQDPh.ods.remk".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the modified file "C:\Users\5p5NrGJn0jS HALPmcxz\Documents\X0h6NwRPaRX5m\eBkpfXutqqrq6h\OSDzZr1qU8Y-\d8nRRAoPzta8W1z.ods".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Users\5p5NrGJn0jS HALPmcxz\Documents\X0h6NwRPaRX5m\eBkpfXutqqrq6h\OSDzZr1qU8Y-\E76DZy.csv.remk".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the modified file "C:\Users\5p5NrGJn0jS HALPmcxz\Documents\X0h6NwRPaRX5m\eBkpfXutqqrq6h\OSDzZr1qU8Y-\pP1VM-.odt".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the modified file "C:\Users\5p5NrGJn0jS HALPmcxz\Documents\X0h6NwRPaRX5m\eBkpfXutqqrq6h\OSDzZr1qU8Y-\q6Xn7lmS sN.doc".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Users\5p5NrGJn0jS HALPmcxz\Documents\X0h6NwRPaRX5m\eBkpfXutqqrq6h\OSDzZr1qU8Y-\vES6q7o6drzmc2wswqv.csv.remk".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Users\5p5NrGJn0jS HALPmcxz\Documents\X0h6NwRPaRX5m\eBkpfXutqqrq6h\t648 Z2T0mST-97jBqS\1Usub D99LlYwn35U.doc.remk".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Users\5p5NrGJn0jS HALPmcxz\Documents\X0h6NwRPaRX5m\eBkpfXutqqrq6h\t648 Z2T0mST-97jBqS\5tUVR.doc.remk".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Users\5p5NrGJn0jS HALPmcxz\Documents\X0h6NwRPaRX5m\eBkpfXutqqrq6h\t648 Z2T0mST-97jBqS\aYykKL9sNmuS205lNQxb.xlsx.remk".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the modified file "C:\Users\5p5NrGJn0jS HALPmcxz\Documents\X0h6NwRPaRX5m\eBkpfXutqqrq6h\t648 Z2T0mST-97jBqS\GHrUuVSNZ.ods".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the modified file "C:\Users\5p5NrGJn0jS HALPmcxz\Documents\X0h6NwRPaRX5m\eBkpfXutqqrq6h\t648 Z2T0mST-97jBqS\i2qLmECFmP.xls".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 4/5
vmray_yara_match_high
Rule "PDF_Invalid_version" from ruleset "Malicious-Documents" has matched on the dropped file "C:\Users\5p5NrGJn0jS HALPmcxz\Documents\X0h6NwRPaRX5m\eBkpfXutqqrq6h\t648 Z2T0mST-97jBqS\RVx8gh-an-F-.pdf.remk".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Users\5p5NrGJn0jS HALPmcxz\Documents\X0h6NwRPaRX5m\eBkpfXutqqrq6h\t648 Z2T0mST-97jBqS\RVx8gh-an-F-.pdf.remk".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the modified file "C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\_dqq7i08G7zkmy4eWB\4HUb e9qKHwuKHz-\2kWa8l\8PkInFTYY.gif".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the modified file "C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\_dqq7i08G7zkmy4eWB\4HUb e9qKHwuKHz-\2kWa8l\b1oXySBs7FK.jpg".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\_dqq7i08G7zkmy4eWB\4HUb e9qKHwuKHz-\2kWa8l\NfB4BN1dcg.bmp.remk".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\_dqq7i08G7zkmy4eWB\4HUb e9qKHwuKHz-\2kWa8l\UzP92EkXV9tzwch.png.remk".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the modified file "C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\_dqq7i08G7zkmy4eWB\4HUb e9qKHwuKHz-\2kWa8l\WJGbtDRaJ_I.gif".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the modified file "C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\_dqq7i08G7zkmy4eWB\4HUb e9qKHwuKHz-\2kWa8l\wUkuHtHCChC.png".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\_dqq7i08G7zkmy4eWB\4HUb e9qKHwuKHz-\2kWa8l\Y3yQ_2 wT.gif.remk".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\_dqq7i08G7zkmy4eWB\4HUb e9qKHwuKHz-\FzGfdyB6\1Zf e6GVWkTdL6S3dtG.jpg.remk".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the modified file "C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\_dqq7i08G7zkmy4eWB\4HUb e9qKHwuKHz-\FzGfdyB6\5aUm.png".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the modified file "C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\_dqq7i08G7zkmy4eWB\4HUb e9qKHwuKHz-\FzGfdyB6\eoDi5iM0Omq.jpg".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\_dqq7i08G7zkmy4eWB\4HUb e9qKHwuKHz-\FzGfdyB6\EOkvXHoEt.gif.remk".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the modified file "C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\_dqq7i08G7zkmy4eWB\4HUb e9qKHwuKHz-\FzGfdyB6\GNzXqDyxgLyC07.bmp".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the modified file "C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\_dqq7i08G7zkmy4eWB\4HUb e9qKHwuKHz-\FzGfdyB6\ogT6-r28SnPPl.jpg".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\_dqq7i08G7zkmy4eWB\4HUb e9qKHwuKHz-\FzGfdyB6\UxHea_1OLD4fGeysQVZ.png.remk".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\_dqq7i08G7zkmy4eWB\4HUb e9qKHwuKHz-\MJpyx6aDoSvpIH\94ufH0b5CBCbVk2g4.bmp.remk".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the modified file "C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\_dqq7i08G7zkmy4eWB\4HUb e9qKHwuKHz-\MJpyx6aDoSvpIH\ayZ1BTswz7VJrGpFc2.gif".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\_dqq7i08G7zkmy4eWB\4HUb e9qKHwuKHz-\MJpyx6aDoSvpIH\cO_.png.remk".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the modified file "C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\_dqq7i08G7zkmy4eWB\4HUb e9qKHwuKHz-\MJpyx6aDoSvpIH\ku5zMZBRK.png".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\_dqq7i08G7zkmy4eWB\4HUb e9qKHwuKHz-\MJpyx6aDoSvpIH\M3CaFNSYagYb6MmIK-.bmp.remk".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\_dqq7i08G7zkmy4eWB\4HUb e9qKHwuKHz-\MJpyx6aDoSvpIH\PSEVjAP5aE JA4lRFb.png.remk".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\_dqq7i08G7zkmy4eWB\4HUb e9qKHwuKHz-\MJpyx6aDoSvpIH\rtW3JtBFakvqy.png.remk".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the modified file "C:\Users\5p5NrGJn0jS HALPmcxz\Videos\PCPKs0u\CSFg h-wcbKcac\xB0W_x\dg1ZR5LE5.mkv".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Users\5p5NrGJn0jS HALPmcxz\Videos\PCPKs0u\CSFg h-wcbKcac\xB0W_x\GodaZbgKBQyE.flv.remk".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the modified file "C:\Users\5p5NrGJn0jS HALPmcxz\Videos\PCPKs0u\CSFg h-wcbKcac\xB0W_x\LJecWOah9kPE.mp4".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Users\5p5NrGJn0jS HALPmcxz\Videos\PCPKs0u\CSFg h-wcbKcac\Xq9EY6lNcW89ESh\WuazV8l9ZPKR2hR.flv.remk".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Users\5p5NrGJn0jS HALPmcxz\Videos\PCPKs0u\CSFg h-wcbKcac\ZCC-nq6c5y\4vcFIzQn6R7Uez.mp4.remk".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Users\5p5NrGJn0jS HALPmcxz\Videos\PCPKs0u\CSFg h-wcbKcac\ZCC-nq6c5y\9L8GIzDkh2buC.mp4.remk".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Users\5p5NrGJn0jS HALPmcxz\Videos\PCPKs0u\CSFg h-wcbKcac\ZCC-nq6c5y\cd1puEdABr.mp4.remk".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Users\5p5NrGJn0jS HALPmcxz\Videos\PCPKs0u\CSFg h-wcbKcac\_2KhhEZ4Uf5pHRY\2yWm8WTEQIQtOzFejH.avi.remk".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the modified file "C:\Users\5p5NrGJn0jS HALPmcxz\Videos\PCPKs0u\CSFg h-wcbKcac\_2KhhEZ4Uf5pHRY\nXQHuyqoJra2B.avi".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the modified file "C:\Users\5p5NrGJn0jS HALPmcxz\Videos\PCPKs0u\CSFg h-wcbKcac\_2KhhEZ4Uf5pHRY\sSO7KsP.avi".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Adobe\Acrobat\10.0\rdrmessage.zip.remk".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the modified file "C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\index.dat".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the modified file "C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Sun\Java\AU\au.cab".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the modified file "C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Sun\Java\AU\au.msi".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Sun\Java\Deployment\deployment.properties.remk".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the modified file "C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Sun\Java\jre1.7.0_45\jre1.7.0_45.msi".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the modified file "C:\Users\5p5NrGJn0jS HALPmcxz\Videos\PCPKs0u\CSFg h-wcbKcac\xB0W_x\dcR8Wn\MMNB3DGmP9H.flv".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the modified file "C:\Users\5p5NrGJn0jS HALPmcxz\Videos\PCPKs0u\CSFg h-wcbKcac\xB0W_x\dcR8Wn\WGem6pJWFmMLh_CSjVJ.swf".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Users\5p5NrGJn0jS HALPmcxz\Videos\PCPKs0u\CSFg h-wcbKcac\xB0W_x\dcR8Wn\XoMJ508kaZydeC8l.flv.remk".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the modified file "C:\Users\5p5NrGJn0jS HALPmcxz\Videos\PCPKs0u\CSFg h-wcbKcac\xB0W_x\TNlwUISWdF VQwLUr\35fwF Y81hH3FH.mkv".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Users\5p5NrGJn0jS HALPmcxz\Videos\PCPKs0u\CSFg h-wcbKcac\xB0W_x\TNlwUISWdF VQwLUr\cnAJanV1kmNfWz8.swf.remk".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the modified file "C:\Users\5p5NrGJn0jS HALPmcxz\Videos\PCPKs0u\CSFg h-wcbKcac\xB0W_x\TNlwUISWdF VQwLUr\pEQk.flv".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Users\5p5NrGJn0jS HALPmcxz\Videos\PCPKs0u\CSFg h-wcbKcac\ZCC-nq6c5y\S Vy53\f8B4p09.swf.remk".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Users\5p5NrGJn0jS HALPmcxz\Videos\PCPKs0u\CSFg h-wcbKcac\ZCC-nq6c5y\S Vy53\iCzLPFif.flv.remk".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Users\5p5NrGJn0jS HALPmcxz\Videos\PCPKs0u\CSFg h-wcbKcac\ZCC-nq6c5y\S Vy53\KqR1qrw6aoyjKfrEgvI.flv.remk".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the modified file "C:\Users\5p5NrGJn0jS HALPmcxz\Videos\PCPKs0u\CSFg h-wcbKcac\ZCC-nq6c5y\S Vy53\YBiLRAZYH9yEkpgFaG.swf".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\36USA68T\imagesrv.adition[1].xml.remk".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the modified file "C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\3O75JDME\www.google[1].xml".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "DjvuEncryptedFile" from ruleset "Ransomware" has matched on the dropped file "C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\VGMTOI09\www.msn[1].xml.remk".
Malicious content matched by YARA rules
YARA
VTI rule match with VTI rule score 5/5
vmray_yara_match_high
Rule "Djvu" from ruleset "Ransomware" has matched on a memory dump for process "h1rxxmjek7fnkhtt.exe".
Malicious content matched by YARA rules