Dharma Ransomware won't run with hooks enabled

[blabla123sdfa]

About accounts on capesandbox.com

• Issues isn't the way to ask for account acctivation. Ping capesandbox in Twitter with your username

This is opensource and you getting free support so be friendly!

• Free support from doomedraven ended, no whiskey no support. For something he updated the documentation :)

Prerequisites

Please answer the following questions for yourself before submitting an issue.

• [x ] I am running the latest version
• [ x] I checked the documentation and found no answer
• [ x] I checked to make sure that this issue has not already been filed
• [ x] I'm reporting the issue to the correct repository (for multi-repository projects)
• [ x] I'm have read all configs with all optional parts

Expected Behavior

Running without concern and encrypt all the files.

Current Behavior

Dos device mode utility crash, if I disable hooks ( zerohooks=1) will run as expected. SHA256: b23eb66e588b47a73b393c87467b0b2b0431d9d346368efeaa36a76c7877cd27

[kevoreilly]

Runs ok for me and on public instance: https://capesandbox.com/analysis/186432/

[blabla123sdfa]

@kevoreilly if you disable hooks will encrypt all the files, in the public instance it didn't encrypt anything as you see, also if you connect through VNC you will see that it crashes. Files With Modified Attributes ( Redline Sandbox) C:\MSOCache\All Users{90140000-003D-0000-0000-0000000FF1CE}-C\SIWW.cab.id-EC07C162.[bitlocker@foxmail.com ].wiki C:\Program Files\Java\jre6\lib\zi\America\Lima.id-EC07C162.[bitlocker@foxmail.com ].wiki C:\Program Files\7-Zip\7zCon.sfx.id-EC07C162.[bitlocker@foxmail.com ].wiki C:\Program Files\Java\jre6\lib\fonts\LucidaSansRegular.ttf.id-EC07C162.[bitlocker@foxmail.com ].wiki C:\Program Files\Java\jre6\lib\zi\Asia\Yerevan.id-EC07C162.[bitlocker@foxmail.com ].wiki C:\Program Files\Java\jre6\lib\zi\America\Chihuahua.id-EC07C162.[bitlocker@foxmail.com ].wiki C:\Program Files\Java\jre6\bin\hprof.dll.id-EC07C162.[bitlocker@foxmail.com ].wiki C:\install.exe.id-EC07C162.[bitlocker@foxmail.com ].wiki C:\Program Files\Java\jre6\bin\msvcrt.dll.id-EC07C162.[bitlocker@foxmail.com ].wiki C:\Program Files\Java\jre6\lib\zi\Asia\Kuching.id-EC07C162.[bitlocker@foxmail.com ].wiki C:\Program Files\Java\jre6\lib\zi\Asia\Samarkand.id-EC07C162.[bitlocker@foxmail.com ].wiki C:\Program Files\7-Zip\Lang\az.txt.id-EC07C162.[bitlocker@foxmail.com ].wiki C:\Program Files\Java\jre6\lib\zi\Africa\Addis_Ababa.id-EC07C162.[bitlocker@foxmail.com ].wiki C:\Program Files\Java\jre6\lib\zi\Antarctica\Macquarie.id-EC07C162.[bitlocker@foxmail.com ].wiki C:\Program Files\Java\jre6\lib\content-types.properties.id-EC07C162.[bitlocker@foxmail.com ].wiki C:\Program Files\Java\jre6\bin\awt.dll.id-EC07C162.[bitlocker@foxmail.com ].wiki C:\Program Files\Java\jre6\bin\eula.dll.id-EC07C162.[bitlocker@foxmail.com ].wiki C:\Program Files\Java\jre6\lib\management\snmp.acl.template.id-EC07C162.[bitlocker@foxmail.com ].wiki C:\ed036e30937cf83f102d52b5e239\msiexec.exe.id-EC07C162.[bitlocker@foxmail.com ].wiki C:\Program Files\7-Zip\Lang\fi.txt.id-EC07C162.[bitlocker@foxmail.com ].wiki C:\Program Files\Java\jre6\lib\security\javaws.policy.id-EC07C162.[bitlocker@foxmail.com ].wiki C:\Program Files\Java\jre6\lib\zi\Asia\Pontianak.id-EC07C162.[bitlocker@foxmail.com ].wiki C:\MSOCache\All Users{90140000-003D-0000-0000-0000000FF1CE}-C\ose.exe.id-EC07C162.[bitlocker@foxmail.com ].wiki C:\MSOCache\All Users{90140000-00A1-0409-0000-0000000FF1CE}-C\OneNoteMUI.msi.id-EC07C162.[bitlocker@foxmail.com ].wiki C:\ae3344fb8ad85fd283a4b243471b71\msimsg.dll.id-EC07C162.[bitlocker@foxmail.com ].wiki C:\Program Files\Java\jre6\lib\zi\America\Guadeloupe.id-EC07C162.[bitlocker@foxmail.com ].wiki C:\Program Files\Java\jre6\lib\zi\America\Rio_Branco.id-EC07C162.[bitlocker@foxmail.com ].wiki C:\Program Files\Java\jre6\lib\zi\Africa\Tripoli.id-EC07C162.[bitlocker@foxmail.com ].wiki C:\Program Files\Java\jre6\lib\zi\Atlantic\Canary.id-EC07C162.[bitlocker@foxmail.com ].wiki C:\Program Files\Java\jre6\lib\zi\Australia\Hobart.id-EC07C162.[bitlocker@foxmail.com ].wiki C:\Program Files\Java\jre6\lib\zi\Australia\Sydney.id-EC07C162.[bitlocker@foxmail.com ].wiki C:\Program Files\Java\jre6\lib\cmm\CIEXYZ.pf.id-EC07C162.[bitlocker@foxmail.com ].wiki C:\Program Files\Java\jre6\lib\zi\America\Resolute.id-EC07C162.[bitlocker@foxmail.com ].wiki C:\Program Files\Java\jre6\lib\zi\Asia\Krasnoyarsk.id-EC07C162.[bitlocker@foxmail.com ].wiki C:\Program Files\desktop.ini.id-EC07C162.[bitlocker@foxmail.com ].wiki C:\MSOCache\All Users{90140000-0116-0409-1000-0000000FF1CE}-C\Office64MUISet.xml.id-EC07C162.[bitlocker@foxmail.com ].wiki C:\Program Files\Java\jre6\bin\jdwp.dll.id-EC07C162.[bitlocker@foxmail.com ].wiki C:\MSOCache\All Users{90140000-0115-0409-0000-0000000FF1CE}-C\OfficeMUISet.xml.id-EC07C162.[bitlocker@foxmail.com ].wiki C:\Program Files\7-Zip\Lang\hy.txt.id-EC07C162.[bitlocker@foxmail.com ].wiki C:\Program Files\Java\jre6\bin\wsdetect.dll.id-EC07C162.[bitlocker@foxmail.com ].wiki C:\Program Files\Java\jre6\lib\zi\Asia\Qatar.id-EC07C162.[bitlocker@foxmail.com ].wiki C:\Program Files\Java\jre6\lib\resources.jar.id-EC07C162.[bitlocker@foxmail.com ].wiki C:\Program Files\7-Zip\Lang\uk.txt.id-EC07C162.[bitlocker@foxmail.com ].wiki C:\Program Files\Java\jre6\lib\zi\America\Paramaribo.id-EC07C162.[bitlocker@foxmail.com ].wiki C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\osppobjs-spp-plugin-manifest-signed.xrm-ms.id-EC07C162.[bitlocker@foxmail.com ].wiki C:\Program Files\7-Zip\Lang\gl.txt.id-EC07C162.[bitlocker@foxmail.com ].wiki C:\Program Files\Java\jre6\lib\plugin.jar.id-EC07C162.[bitlocker@foxmail.com ].wiki C:\Program Files\7-Zip\Lang\it.txt.id-EC07C162.[bitlocker@foxmail.com ].wiki C:\Program Files\Java\jre6\lib\zi\America\Managua.id-EC07C162.[bitlocker@foxmail.com ].wiki C:\Program Files\Java\jre6\lib\zi\Africa\Johannesburg.id-EC07C162.[bitlocker@foxmail.com ].wiki C:\Program Files\Java\jre6\lib\zi\Antarctica\McMurdo.id-EC07C162.[bitlocker@foxmail.com ].wiki C:\Program Files\Java\jre6\lib\zi\Antarctica\Syowa.id-EC07C162.[bitlocker@foxmail.com ].wiki C:\Program Files\Java\jre6\lib\zi\Etc\GMT+4.id-EC07C162.[bitlocker@foxmail.com ].wiki C:\Program Files\Java\jre6\lib\zi\America\Rainy_River.id-EC07C162.[bitlocker@foxmail.com ].wiki C:\ed036e30937cf83f102d52b5e239\update\update_w2k3.inf.id-EC07C162.[bitlocker@foxmail.com ].wiki C:\Program Files\Java\jre6\lib\zi\America\Chicago.id-EC07C162.[bitlocker@foxmail.com ].wiki C:\Program Files\Java\jre6\lib\zi\America\Yellowknife.id-EC07C162.[bitlocker@foxmail.com ].wiki C:\Program Files\Java\jre6\lib\zi\America\Fortaleza.id-EC07C162.[bitlocker@foxmail.com ].wiki C:\ae3344fb8ad85fd283a4b243471b71\update\spcustom.dll.id-EC07C162.[bitlocker@foxmail.com ].wiki C:\Program Files\Java\jre6\lib\zi\Africa\Khartoum.id-EC07C162.[bitlocker@foxmail.com ].wiki C:\Program Files\Java\jre6\bin\java_crw_demo.dll.id-EC07C162.[bitlocker@foxmail.com ].wiki C:\Program Files\Java\jre6\lib\zi\Asia\Amman.id-EC07C162.[bitlocker@foxmail.com ].wiki C:\Program Files\Java\jre6\lib\zi\America\Argentina\San_Juan.id-EC07C162.[bitlocker@foxmail.com ].wiki C:\Program Files\Java\jre6\lib\zi\Atlantic\Stanley.id-EC07C162.[bitlocker@foxmail.com ].wiki C:\Program Files\Java\jre6\bin\JdbcOdbc.dll.id-EC07C162.[bitlocker@foxmail.com ].wiki C:\Program Files\Java\jre6\lib\zi\America\Cayenne.id-EC07C162.[bitlocker@foxmail.com ].wiki C:\ed036e30937cf83f102d52b5e239\update\kb893803v2_wxp.cat.id-EC07C162.[bitlocker@foxmail.com ].wiki C:\Program Files\Java\jre6\lib\zi\Africa\Cairo.id-EC07C162.[bitlocker@foxmail.com ].wiki C:\Program Files\Java\jre6\lib\zi\America\Belem.id-EC07C162.[bitlocker@foxmail.com ].wiki C:\Program Files\7-Zip\Lang\fur.txt.id-EC07C162.[bitlocker@foxmail.com ].wiki C:\Program Files\7-Zip\Lang\hu.txt.id-EC07C162.[bitlocker@foxmail.com ].wiki C:\Program Files\Java\jre6\lib\zi\America\Glace_Bay.id-EC07C162.[bitlocker@foxmail.com ].wiki C:\Program Files\Java\jre6\bin\jp2native.dll.id-EC07C162.[bitlocker@foxmail.com ].wiki C:\Program Files\Java\jre6\lib\zi\Asia\Dili.id-EC07C162.[bitlocker@foxmail.com ].wiki C:\Program Files\Java\jre6\lib\alt-string.jar.id-EC07C162.[bitlocker@foxmail.com ].wiki C:\Program Files\7-Zip\Lang\ro.txt.id-EC07C162.[bitlocker@foxmail.com ].wiki C:\Program Files\Common Files\Microsoft Shared\VSTO\vstoee90.tlb.id-EC07C162.[bitlocker@foxmail.com ].wiki C:\Program Files\Java\jre6\lib\zi\Asia\Chongqing.id-EC07C162.[bitlocker@foxmail.com ].wiki C:\Program Files\Java\jre6\lib\zi\Asia\Aqtobe.id-EC07C162.[bitlocker@foxmail.com ].wiki C:\Program Files\Java\jre6\lib\zi\America\Araguaina.id-EC07C162.[bitlocker@foxmail.com ].wiki C:\MSOCache\All Users{90140000-0115-0409-0000-0000000FF1CE}-C\osetupui.dll.id-EC07C162.[bitlocker@foxmail.com ].wiki C:\ae3344fb8ad85fd283a4b243471b71\update\update_wxp.inf.id-EC07C162.[bitlocker@foxmail.com ].wiki C:\MSOCache\All Users{90140000-002C-0409-0000-0000000FF1CE}-C\Proof.es\Proof.msi.id-EC07C162.[bitlocker@foxmail.com ].wiki C:\Program Files\Java\jre6\lib\zi\Asia\Qyzylorda.id-EC07C162.[bitlocker@foxmail.com ].wiki C:\Program Files\7-Zip\Lang\nn.txt.id-EC07C162.[bitlocker@foxmail.com ].wiki C:\Program Files\Java\jre6\lib\zi\Etc\GMT-5.id-EC07C162.[bitlocker@foxmail.com ].wiki C:\Program Files\Java\jre6\bin\jp2launcher.exe.id-EC07C162.[bitlocker@foxmail.com ].wiki C:\Program Files\Java\jre6\lib\zi\Africa\Nairobi.id-EC07C162.[bitlocker@foxmail.com ].wiki C:\Program Files\Common Files\Microsoft Shared\VC\msdia90.dll.id-EC07C162.[bitlocker@foxmail.com ].wiki C:\Program Files\Common Files\Microsoft Shared\VC\msdia100.dll.id-EC07C162.[bitlocker@foxmail.com ].wiki C:\MSOCache\All Users{90140000-0116-0409-1000-0000000FF1CE}-C\Office64MUI.xml.id-EC07C162.[bitlocker@foxmail.com ].wiki C:\Program Files\7-Zip\License.txt.id-EC07C162.[bitlocker@foxmail.com ].wiki C:\Program Files\Java\jre6\lib\zi\America\Sao_Paulo.id-EC07C162.[bitlocker@foxmail.com ].wiki C:\Program Files\7-Zip\Lang\kk.txt.id-EC07C162.[bitlocker@foxmail.com ].wiki C:\Program Files\Java\jre6\bin\java.dll.id-EC07C162.[bitlocker@foxmail.com ].wiki C:\Program Files\Java\jre6\lib\security\local_policy.jar.id-EC07C162.[bitlocker@foxmail.com ].wiki C:\Program Files\7-Zip\Lang\el.txt.id-EC07C162.[bitlocker@foxmail.com ].wiki C:\ed036e30937cf83f102d52b5e239\update\update_win2k.inf.id-EC07C162.[bitlocker@foxmail.com ].wiki C:\Program Files\Java\jre6\lib\zi\Africa\Maputo.id-EC07C162.[bitlocker@foxmail.com ].wiki C:\Program Files\Java\jre6\bin\splashscreen.dll.id-EC07C162.[bitlocker@foxmail.com ].wiki C:\Program Files\Java\jre6\lib\zi\Africa\Maseru.id-EC07C162.[bitlocker@foxmail.com ].wiki C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF.id-EC07C162.[bitlocker@foxmail.com ].wiki C:\Program Files\Java\jre6\lib\security\cacerts.id-EC07C162.[bitlocker@foxmail.com ].wiki C:\Program Files\7-Zip\Lang\be.txt.id-EC07C162.[bitlocker@foxmail.com ].wiki C:\Program Files\Java\jre6\lib\zi\Africa\Brazzaville.id-EC07C162.[bitlocker@foxmail.com ].wiki C:\MSOCache\All Users{90140000-001B-0409-0000-0000000FF1CE}-C\WordMUI.msi.id-EC07C162.[bitlocker@foxmail.com ].wiki C:\Program Files\Java\jre6\lib\zi\Africa\Bujumbura.id-EC07C162.[bitlocker@foxmail.com ].wiki C:\Program Files\Java\jre6\lib\zi\Etc\GMT-6.id-EC07C162.[bitlocker@foxmail.com ].wiki C:\Program Files\Java\jre6\lib\zi\America\Grand_Turk.id-EC07C162.[bitlocker@foxmail.com ].wiki C:\MSOCache\All Users{90140000-0116-0409-1000-0000000FF1CE}-C\OWOW64LR.cab.id-EC07C162.[bitlocker@foxmail.com ].wiki C:\Program Files\Java\jre6\lib\zi\America\Boise.id-EC07C162.[bitlocker@foxmail.com ].wiki C:\Program Files\Java\jre6\lib\deploy\messages.properties.id-EC07C162.[bitlocker@foxmail.com ].wiki C:\install.res.1028.dll.id-EC07C162.[bitlocker@foxmail.com ].wiki C:\MSOCache\All Users{90140000-002C-0409-0000-0000000FF1CE}-C\Proofing.msi.id-EC07C162.[bitlocker@foxmail.com ].wiki C:\Program Files\Java\jre6\lib\zi\America\Danmarkshavn.id-EC07C162.[bitlocker@foxmail.com ].wiki C:\Program Files\Java\jre6\lib\zi\EST5EDT.id-EC07C162.[bitlocker@foxmail.com ].wiki C:\Program Files\Java\jre6\bin\klist.exe.id-EC07C162.[bitlocker@foxmail.com ].wiki C:\Program Files\Java\jre6\lib\zi\Asia\Urumqi.id-EC07C162.[bitlocker@foxmail.com ].wiki C:\Program Files\Java\jre6\lib\zi\America\Nipigon.id-EC07C162.[bitlocker@foxmail.com ].wiki C:\eula.3082.txt.id-EC07C162.[bitlocker@foxmail.com ].wiki C:\Program Files\7-Zip\Lang\sa.txt.id-EC07C162.[bitlocker@foxmail.com ].wiki C:\Program Files\Java\jre6\lib\zi\America\Indiana\Knox.id-EC07C162.[bitlocker@foxmail.com ].wiki C:\Program Files\7-Zip\Lang\ar.txt.id-EC07C162.[bitlocker@foxmail.com ].wiki C:\Program Files\7-Zip\Lang\pt-br.txt.id-EC07C162.[bitlocker@foxmail.com ].wiki C:\Program Files\7-Zip\Lang\sq.txt.id-EC07C162.[bitlocker@foxmail.com ].wiki C:\Program Files\7-Zip\readme.txt.id-EC07C162.[bitlocker@foxmail.com ].wiki C:\Program Files\Java\jre6\lib\zi\Etc\GMT-3.id-EC07C162.[bitlocker@foxmail.com ].wiki C:\Program Files\Java\jre6\lib\zi\Asia\Kamchatka.id-EC07C162.[bitlocker@foxmail.com ].wiki C:\Program Files\Common Files\Microsoft Shared\OFFICE14\msoshext.dll.id-EC07C162.[bitlocker@foxmail.com ].wiki C:\Program Files\Java\jre6\lib\zi\Africa\Dar_es_Salaam.id-EC07C162.[bitlocker@foxmail.com ].wiki C:\Program Files\Java\jre6\lib\zi\Asia\Macau.id-EC07C162.[bitlocker@foxmail.com ].wiki C:\Program Files\Java\jre6\lib\zi\Asia\Riyadh.id-EC07C162.[bitlocker@foxmail.com ].wiki C:\Program Files\Java\jre6\lib\zi\America\Anchorage.id-EC07C162.[bitlocker@foxmail.com ].wiki C:\MSOCache\All Users{90140000-0115-0409-0000-0000000FF1CE}-C\setup.chm.id-EC07C162.[bitlocker@foxmail.com ].wiki C:\Program Files\Java\jre6\lib\zi\Asia\Ulaanbaatar.id-EC07C162.[bitlocker@foxmail.com ].wiki C:\Program Files\Java\jre6\lib\zi\Asia\Tokyo.id-EC07C162.[bitlocker@foxmail.com ].wiki C:\Program Files\7-Zip\7-zip.chm.id-EC07C162.[bitlocker@foxmail.com ].wiki C:\Program Files\Java\jre6\lib\zi\America\St_Lucia.id-EC07C162.[bitlocker@foxmail.com ].wiki C:\Program Files\7-Zip\Lang\ne.txt.id-EC07C162.[bitlocker@foxmail.com ].wiki C:\Program Files\7-Zip\Lang\sl.txt.id-EC07C162.[bitlocker@foxmail.com ].wiki C:\Program Files\7-Zip\Lang\pa-in.txt.id-EC07C162.[bitlocker@foxmail.com ].wiki C:\Program Files\Java\jre6\lib\zi\Africa\Algiers.id-EC07C162.[bitlocker@foxmail.com ].wiki C:\Program Files\Java\jre6\lib\zi\America\Argentina\Catamarca.id-EC07C162.[bitlocker@foxmail.com ].wiki C:\Program Files\7-Zip\Lang\hr.txt.id-EC07C162.[bitlocker@foxmail.com ].wiki C:\Program Files\7-Zip\Lang\va.txt.id-EC07C162.[bitlocker@foxmail.com ].wiki C:\Program Files\7-Zip\Lang\th.txt.id-EC07C162.[bitlocker@foxmail.com ].wiki C:\Program Files\7-Zip\Lang\lv.txt.id-EC07C162.[bitlocker@foxmail.com ].wiki C:\Program Files\7-Zip\Lang\uz.txt.id-EC07C162.[bitlocker@foxmail.com ].wiki C:\Program Files\Java\jre6\lib\zi\Africa\Lagos.id-EC07C162.[bitlocker@foxmail.com ].wiki C:\ae3344fb8ad85fd283a4b243471b71\msi.dll.id-EC07C162.[bitlocker@foxmail.com ].wiki C:\Program Files\Java\jre6\lib\zi\Asia\Kathmandu.id-EC07C162.[bitlocker@foxmail.com ].wiki C:\install.ini.id-EC07C162.[bitlocker@foxmail.com ].wiki C:\Program Files\Java\jre6\bin\deploy.dll.id-EC07C162.[bitlocker@foxmail.com ].wiki C:\Program Files\Java\jre6\lib\management\management.properties.id-EC07C162.[bitlocker@foxmail.com ].wiki C:\Program Files\7-Zip\Lang\ug.txt.id-EC07C162.[bitlocker@foxmail.com ].wiki C:\Program Files\Java\jre6\lib\images\cursors\cursors.properties.id-EC07C162.[bitlocker@foxmail.com ].wiki C:\Program Files\Java\jre6\lib\zi\America\Vancouver.id-EC07C162.[bitlocker@foxmail.com ].wiki C:\MSOCache\All Users{90140000-0016-0409-0000-0000000FF1CE}-C\ExcelMUI.xml.id-EC07C162.[bitlocker@foxmail.com ].wiki C:\Program Files\Java\jre6\lib\zi\Africa\Lusaka.id-EC07C162.[bitlocker@foxmail.com ].wiki C:\Program Files\7-Zip\Lang\io.txt.id-EC07C162.[bitlocker@foxmail.com ].wiki C:\Program Files\Java\jre6\lib\zi\Africa\Ndjamena.id-EC07C162.[bitlocker@foxmail.com ].wiki C:\Program Files\Java\jre6\lib\zi\Asia\Ho_Chi_Minh.id-EC07C162.[bitlocker@foxmail.com ].wiki C:\Program Files\Java\jre6\bin\tnameserv.exe.id-EC07C162.[bitlocker@foxmail.com ].wiki C:\Program Files\Java\jre6\lib\zi\Asia\Phnom_Penh.id-EC07C162.[bitlocker@foxmail.com ].wiki C:\Program Files\Java\jre6\lib\zi\America\Hermosillo.id-EC07C162.[bitlocker@foxmail.com ].wiki C:\Program Files\7-Zip\Lang\mk.txt.id-EC07C162.[bitlocker@foxmail.com ].wiki C:\Program Files\Common Files\Microsoft Shared\Filters\msgfilt.dll.id-EC07C162.[bitlocker@foxmail.com ].wiki C:\MSOCache\All Users{90140000-00A1-0409-0000-0000000FF1CE}-C\OnoteLR.cab.id-EC07C162.[bitlocker@foxmail.com ].wiki C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPOBJS.DLL.id-EC07C162.[bitlocker@foxmail.com ].wiki C:\MSOCache\All Users{90140000-0117-0409-0000-0000000FF1CE}-C\Access.en-us\AccessMUI.xml.id-EC07C162.[bitlocker@foxmail.com ].wiki C:\Program Files\Java\jre6\lib\deploy\messages_zh_TW.properties.id-EC07C162.[bitlocker@foxmail.com ].wiki C:\Program Files\Java\jre6\bin\javacpl.exe.id-EC07C162.[bitlocker@foxmail.com ].wiki C:\Program Files\7-Zip\descript.ion.id-EC07C162.[bitlocker@foxmail.com ].wiki C:\eula.1031.txt.id-EC07C162.[bitlocker@foxmail.com ].wiki C:\MSOCache\All Users{90140000-003D-0000-0000-0000000FF1CE}-C\Office64WW.msi.id-EC07C162.[bitlocker@foxmail.com ].wiki C:\MSOCache\All Users{90140000-003D-0000-0000-0000000FF1CE}-C\PidGenX.dll.id-EC07C162.[bitlocker@foxmail.com ].wiki C:\Program Files\7-Zip\Lang\he.txt.id-EC07C162.[bitlocker@foxmail.com ].wiki C:\Program Files\Java\jre6\lib\zi\America\Costa_Rica.id-EC07C162.[bitlocker@foxmail.com ].wiki C:\install.res.1031.dll.id-EC07C162.[bitlocker@foxmail.com ].wiki C:\Program Files\Java\jre6\lib\zi\America\Caracas.id-EC07C162.[bitlocker@foxmail.com ].wiki C:\Program Files\7-Zip\Lang\br.txt.id-EC07C162.[bitlocker@foxmail.com ].wiki C:\Program Files\Java\jre6\lib\zi\Etc\GMT-8.id-EC07C162.[bitlocker@foxmail.com ].wiki C:\Program Files\7-Zip\Lang\mr.txt.id-EC07C162.[bitlocker@foxmail.com ].wiki C:\Program Files\Java\jre6\lib\zi\America\Tortola.id-EC07C162.[bitlocker@foxmail.com ].wiki C:\Program Files\Java\jre6\lib\calendars.properties.id-EC07C162.[bitlocker@foxmail.com ].wiki C:\Program Files\Common Files\Microsoft Shared\Filters\odffilt.dll.id-EC07C162.[bitlocker@foxmail.com ].wiki C:\ed036e30937cf83f102d52b5e239\update\updspapi.dll.id-EC07C162.[bitlocker@foxmail.com ].wiki C:\MSOCache\All Users{90140000-0115-0409-0000-0000000FF1CE}-C\dwdcw20.dll.id-EC07C162.[bitlocker@foxmail.com ].wiki C:\Program Files\Java\jre6\bin\regutils.dll.id-EC07C162.[bitlocker@foxmail.com ].wiki C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\1033\VSTOInstallerUI.dll.id-EC07C162.[bitlocker@foxmail.com ].wiki C:\Program Files\Common Files\Microsoft Shared\VSTO\vstoee100.tlb.id-EC07C162.[bitlocker@foxmail.com ].wiki C:\Program Files\Java\jre6\lib\zi\America\St_Thomas.id-EC07C162.[bitlocker@foxmail.com ].wiki C:\Program Files\Java\jre6\lib\zi\Africa\Lome.id-EC07C162.[bitlocker@foxmail.com ].wiki C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL.id-EC07C162.[bitlocker@foxmail.com ].wiki C:\Program Files\Java\jre6\lib\zi\Antarctica\Casey.id-EC07C162.[bitlocker@foxmail.com ].wiki C:\Program Files\Java\jre6\lib\zi\America\Martinique.id-EC07C162.[bitlocker@foxmail.com ].wiki C:\Program Files\Java\jre6\lib\deploy\messages_ja.properties.id-EC07C162.[bitlocker@foxmail.com ].wiki C:\Program Files\Java\jre6\lib\zi\America\St_Johns.id-EC07C162.[bitlocker@foxmail.com ].wiki C:\ae3344fb8ad85fd283a4b243471b71\update\updatebr.inf.id-EC07C162.[bitlocker@foxmail.com ].wiki C:\Program Files\7-Zip\Lang\et.txt.id-EC07C162.[bitlocker@foxmail.com ].wiki C:\Program Files\Java\jre6\lib\zi\Asia\Hovd.id-EC07C162.[bitlocker@foxmail.com ].wiki C:\Program Files\Java\jre6\lib\zi\Asia\Harbin.id-EC07C162.[bitlocker@foxmail.com ].wiki C:\Program Files\Java\jre6\lib\zi\Atlantic\Bermuda.id-EC07C162.[bitlocker@foxmail.com ].wiki C:\ae3344fb8ad85fd283a4b243471b71\spuninst.exe.id-EC07C162.[bitlocker@foxmail.com ].wiki C:\Program Files\Java\jre6\lib\zi\America\Whitehorse.id-EC07C162.[bitlocker@foxmail.com ].wiki C:\Program Files\Java\jre6\lib\zi\America\St_Vincent.id-EC07C162.[bitlocker@foxmail.com ].wiki C:\Program Files\Java\jre6\lib\deploy\messages_fr.properties.id-EC07C162.[bitlocker@foxmail.com ].wiki C:\Program Files\Java\jre6\lib\security\blacklist.id-EC07C162.[bitlocker@foxmail.com ].wiki C:\ae3344fb8ad85fd283a4b243471b71\spmsg.dll.id-EC07C162.[bitlocker@foxmail.com ].wiki C:\Program Files\Java\jre6\lib\zi\Africa\Bangui.id-EC07C162.[bitlocker@foxmail.com ].wiki C:\MSOCache\All Users{90140000-003D-0000-0000-0000000FF1CE}-C\pkeyconfig-office.xrm-ms.id-EC07C162.[bitlocker@foxmail.com ].wiki C:\Program Files\Java\jre6\lib\zi\America\Anguilla.id-EC07C162.[bitlocker@foxmail.com ].wiki C:\Program Files\Java\jre6\lib\zi\Antarctica\Vostok.id-EC07C162.[bitlocker@foxmail.com ].wiki C:\Program Files\Java\jre6\lib\zi\America\Tijuana.id-EC07C162.[bitlocker@foxmail.com ].wiki C:\MSOCache\All Users{90140000-0019-0409-0000-0000000FF1CE}-C\PubLR.cab.id-EC07C162.[bitlocker@foxmail.com ].wiki C:\Program Files\Java\jre6\lib\zi\America\Metlakatla.id-EC07C162.[bitlocker@foxmail.com ].wiki C:\MSOCache\All Users{90140000-0115-0409-0000-0000000FF1CE}-C\pss10r.chm.id-EC07C162.[bitlocker@foxmail.com ].wiki C:\Program Files\Java\jre6\lib\management-agent.jar.id-EC07C162.[bitlocker@foxmail.com ].wiki C:\MSOCache\All Users{90140000-0115-0409-0000-0000000FF1CE}-C\msvcr90.dll.id-EC07C162.[bitlocker@foxmail.com ].wiki C:\Program Files\Java\jre6\bin\dcpr.dll.id-EC07C162.[bitlocker@foxmail.com ].wiki C:\Program Files\Java\jre6\bin\server\classes.jsa C:\Program Files\Java\jre6\lib\deploy\messages_de.properties.id-EC07C162.[bitlocker@foxmail.com ].wiki C:\Program Files\Java\jre6\lib\zi\Asia\Bahrain.id-EC07C162.[bitlocker@foxmail.com ].wiki C:\Program Files\Java\jre6\lib\deploy\messages_sv.properties.id-EC07C162.[bitlocker@foxmail.com ].wiki C:\Program Files\Java\jre6\lib\meta-index.id-EC07C162.[bitlocker@foxmail.com ].wiki C:\Program Files\Java\jre6\lib\zi\America\Dawson_Creek.id-EC07C162.[bitlocker@foxmail.com ].wiki C:\Program Files\Java\jre6\lib\zi\Etc\GMT+10.id-EC07C162.[bitlocker@foxmail.com ].wiki C:\Program Files\Java\jre6\lib\zi\Africa\Tunis.id-EC07C162.[bitlocker@foxmail.com ].wiki C:\Program Files\Java\jre6\lib\zi\Asia\Thimphu.id-EC07C162.[bitlocker@foxmail.com ].wiki C:\Program Files\Java\jre6\lib\zi\America\Blanc-Sablon.id-EC07C162.[bitlocker@foxmail.com ].wiki C:\MSOCache\All Users{90140000-0115-0409-0000-0000000FF1CE}-C\branding.xml.id-EC07C162.[bitlocker@foxmail.com ].wiki C:\Program Files\Java\jre6\lib\zi\Australia\Broken_Hill.id-EC07C162.[bitlocker@foxmail.com ].wiki C:\Program Files\Java\jre6\lib\zi\Etc\GMT-7.id-EC07C162.[bitlocker@foxmail.com ].wiki C:\Program Files\Java\jre6\lib\zi\America\North_Dakota\Center.id-EC07C162.[bitlocker@foxmail.com ].wiki C:\install.res.1040.dll.id-EC07C162.[bitlocker@foxmail.com ].wiki C:\Program Files\Java\jre6\lib\fontconfig.properties.src.id-EC07C162.[bitlocker@foxmail.com ].wiki C:\Program Files\Java\jre6\lib\zi\America\Port_of_Spain.id-EC07C162.[bitlocker@foxmail.com ].wiki C:\Program Files\Java\jre6\lib\zi\America\Grenada.id-EC07C162.[bitlocker@foxmail.com ].wiki C:\Program Files\Java\jre6\lib\zi\Etc\GMT-2.id-EC07C162.[bitlocker@foxmail.com ].wiki C:\Program Files\Java\jre6\lib\zi\Asia\Nicosia.id-EC07C162.[bitlocker@foxmail.com ].wiki C:\Program Files\Java\jre6\lib\zi\America\Monterrey.id-EC07C162.[bitlocker@foxmail.com ].wiki C:\Program Files\7-Zip\Lang\ko.txt.id-EC07C162.[bitlocker@foxmail.com ].wiki C:\Program Files\Java\jre6\lib\zi\America\Cuiaba.id-EC07C162.[bitlocker@foxmail.com ].wiki C:\Program Files\7-Zip\Lang\zh-cn.txt.id-EC07C162.[bitlocker@foxmail.com ].wiki C:\Program Files\Java\jre6\lib\zi\Asia\Muscat.id-EC07C162.[bitlocker@foxmail.com ].wiki C:\Program Files\Java\jre6\lib\zi\Africa\Mbabane.id-EC07C162.[bitlocker@foxmail.com ].wiki C:\Program Files\7-Zip\Lang\ka.txt.id-EC07C162.[bitlocker@foxmail.com ].wiki C:\MSOCache\All Users{90140000-003D-0000-0000-0000000FF1CE}-C\OWOW64WW.cab.id-EC07C162.[bitlocker@foxmail.com ].wiki C:\Program Files\Java\jre6\lib\zi\Etc\GMT+3.id-EC07C162.[bitlocker@foxmail.com ].wiki C:\Program Files\Java\jre6\lib\zi\America\Yakutat.id-EC07C162.[bitlocker@foxmail.com ].wiki C:\Program Files\Java\jre6\bin\server\jvm.dll.id-EC07C162.[bitlocker@foxmail.com ].wiki C:\Program Files\Java\jre6\lib\zi\Africa\Kigali.id-EC07C162.[bitlocker@foxmail.com ].wiki C:\Program Files\Java\jre6\lib\zi\Asia\Gaza.id-EC07C162.[bitlocker@foxmail.com ].wiki C:\Program Files\Java\jre6\lib\zi\America\Nassau.id-EC07C162.[bitlocker@foxmail.com ].wiki C:\Program Files\Java\jre6\lib\zi\Asia\Almaty.id-EC07C162.[bitlocker@foxmail.com ].wiki C:\Program Files\Java\jre6\lib\zi\America\Rankin_Inlet.id-EC07C162.[bitlocker@foxmail.com ].wiki C:\Program Files\Java\jre6\lib\zi\America\Swift_Current.id-EC07C162.[bitlocker@foxmail.com ].wiki C:\Program Files\Java\jre6\lib\zi\Asia\Jayapura.id-EC07C162.[bitlocker@foxmail.com ].wiki C:\Program Files\Java\jre6\lib\zi\Etc\GMT-13.id-EC07C162.[bitlocker@foxmail.com ].wiki C:\ed036e30937cf83f102d52b5e239\update\eula.txt.id-EC07C162.[bitlocker@foxmail.com ].wiki C:\Program Files\Common Files\Microsoft Shared\Stationery\Desktop.ini.id-EC07C162.[bitlocker@foxmail.com ].wiki C:\Program Files\Java\jre6\bin\jbroker.exe.id-EC07C162.[bitlocker@foxmail.com ].wiki C:\Program Files\7-Zip\Lang\ps.txt.id-EC07C162.[bitlocker@foxmail.com ].wiki C:\Program Files\Java\jre6\lib\zi\America\Antigua.id-EC07C162.[bitlocker@foxmail.com ].wiki C:\Program Files\Java\jre6\lib\zi\America\El_Salvador.id-EC07C162.[bitlocker@foxmail.com ].wiki C:\ae3344fb8ad85fd283a4b243471b71\update\kb893803v2_w2k.cat.id-EC07C162.[bitlocker@foxmail.com ].wiki C:\Program Files\Internet Explorer\SIGNUP\install.ins.id-EC07C162.[bitlocker@foxmail.com ].wiki C:\Program Files\7-Zip\Lang\cs.txt.id-EC07C162.[bitlocker@foxmail.com ].wiki Source: https://www.virustotal.com/gui/file/b23eb66e588b47a73b393c87467b0b2b0431d9d346368efeaa36a76c7877cd27/behavior/Lastline

[kevoreilly]

No need for all that - I get the idea. I was thrown off by your initial 'won't run'. It will run, but crashes before encryption due to some hook issue.

Thanks for the report - I had it encrypting with minhook but not every time. Will try and perform instruction trace to find crash.

[doomedraven]

Kevin any update here? i just tested it and still doesn't work https://capesandbox.com/analysis/268118/

[kevoreilly]

Well it only took 3 years to fix... but at least it's working now!