{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,10]],"date-time":"2026-01-10T03:17:40Z","timestamp":1768015060947,"version":"3.49.0"},"reference-count":64,"publisher":"Springer Science and Business Media LLC","issue":"4","license":[{"start":{"date-parts":[[2024,9,27]],"date-time":"2024-09-27T00:00:00Z","timestamp":1727395200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2024,9,27]],"date-time":"2024-09-27T00:00:00Z","timestamp":1727395200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["J Comput Virol Hack Tech"],"DOI":"10.1007\/s11416-024-00539-9","type":"journal-article","created":{"date-parts":[[2024,9,27]],"date-time":"2024-09-27T19:01:53Z","timestamp":1727463713000},"page":"867-884","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":7,"title":["RansomGuard: a framework for proactive detection and mitigation of cryptographic windows ransomware"],"prefix":"10.1007","volume":"20","author":[{"ORCID":"https:\/\/orcid.org\/0009-0005-8947-859X","authenticated-orcid":false,"given":"M Adnan","family":"Alvi","sequence":"first","affiliation":[]},{"given":"Zunera","family":"Jalil","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2024,9,27]]},"reference":[{"key":"539_CR1","unstructured":"Checkpoint. 2023\u2014The Year of Mega Ransomware Attacks (2024) URL https:\/\/blog.checkpoint.com\/research\/check-point-research-2023-the-year-of-mega-ransomware-attacks-with-unprecedented-impact-on-global-organizations\/"},{"key":"539_CR2","unstructured":"IBM. Cost of a data breach 2023 | IBM (2024). https:\/\/www.ibm.com\/reports\/data-breach"},{"key":"539_CR3","doi-asserted-by":"publisher","first-page":"61695","DOI":"10.1109\/ACCESS.2022.3181278","volume":"10","author":"F Aldauiji","year":"2022","unstructured":"Aldauiji, F., Batarfi, O., Bayousef, M.: Utilizing cyber threat hunting techniques to find ransomware attacks: a survey of the state of the art. IEEE Access 10, 61695\u201361706 (2022). https:\/\/doi.org\/10.1109\/ACCESS.2022.3181278","journal-title":"IEEE Access"},{"key":"539_CR4","doi-asserted-by":"publisher","first-page":"40698","DOI":"10.1109\/ACCESS.2023.3268535","volume":"11","author":"S Razaulla","year":"2023","unstructured":"Razaulla, S., Fachkha, C., Markarian, C., Gawanmeh, A., Mansoor, W., Fung, B.C., Assi, C.: the age of ransomware: a survey on the evolution, taxonomy, and research directions. IEEE Access 11, 40698\u201340723 (2023). https:\/\/doi.org\/10.1109\/ACCESS.2023.3268535","journal-title":"IEEE Access"},{"issue":"20","key":"539_CR5","doi-asserted-by":"publisher","first-page":"4299","DOI":"10.3390\/electronics12204299","volume":"12","author":"V Vasani","year":"2023","unstructured":"Vasani, V., Bairwa, A.K., Joshi, S., Pljonkin, A., Kaur, M., Amoon, M.: Comprehensive analysis of advanced techniques and vital tools for detecting malware intrusion. Electronics 12(20), 4299 (2023). https:\/\/doi.org\/10.3390\/electronics12204299","journal-title":"Electronics"},{"key":"539_CR6","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"254","DOI":"10.1007\/978-3-030-57878-7_13","volume-title":"Applied Cryptography and Network Security","author":"F De Gaspari","year":"2020","unstructured":"De Gaspari, F., Hitaj, D., Pagnotta, G., De Carli, L., Mancini, L.V.: The naked sun: malicious cooperation between benign-looking processes. In: Conti, M., Zhou, J., Casalicchio, E., Spognardi, A. (eds.) Applied Cryptography and Network Security. Lecture Notes in Computer Science, pp. 254\u2013274. Springer International Publishing, Cham (2020). https:\/\/doi.org\/10.1007\/978-3-030-57878-7_13"},{"key":"539_CR7","doi-asserted-by":"publisher","first-page":"211","DOI":"10.1007\/978-981-97-1260-1_18","volume-title":"Intelligent Strategies for ICT","author":"R Dalal","year":"2024","unstructured":"Dalal, R., Goel, N., Darbari, R., Chauhan, O., Samal, S., Khari, M.: 0A comprehensive review on anomaly detection techniques for web data logging. In: Shamim Kaiser, M., Xie, J., Rathore, V.S. (eds.) Intelligent Strategies for ICT, pp. 211\u2013230. Springer, Singapore (2024). https:\/\/doi.org\/10.1007\/978-981-97-1260-1_18"},{"key":"539_CR8","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2023.103349","volume":"132","author":"K Begovic","year":"2023","unstructured":"Begovic, K., Al-Ali, A., Malluhi, Q.: Cryptographic ransomware encryption detection: survey. Comput. Secur. 132, 103349 (2023). https:\/\/doi.org\/10.1016\/j.cose.2023.103349","journal-title":"Comput. Secur."},{"key":"539_CR9","unstructured":"lorihollasch. Filter Manager Concepts\u2014Windows drivers (2023). https:\/\/learn.microsoft.com\/en-us\/windows-hardware\/drivers\/ifs\/filter-manager-concepts"},{"key":"539_CR10","unstructured":"Raymond McIntosh, Timothy: RanDeter: using novel statistical and physical controls to deter ransomware attacks. Massey University (2018)"},{"issue":"1","key":"539_CR11","doi-asserted-by":"publisher","first-page":"1167","DOI":"10.12785\/ijcds\/110195","volume":"11","author":"S Malik","year":"2022","unstructured":"Malik, S., Shanmugam, B., Kannorpatti, K., Azam, S.: Critical feature selection for machine learning approaches to detect ransomware. Int. J. Comput. Digit. Syst. 11(1), 1167\u20131176 (2022). https:\/\/doi.org\/10.12785\/ijcds\/110195","journal-title":"Int. J. Comput. Digit. Syst."},{"key":"539_CR12","unstructured":"Kharaz, A., Arshad, S., Mulliner, C., Robertson, W., Kirda, E.: UNVEIL: a Large-scale, automated approach to detecting ransomware. In 25th USENIX Security Symposium (USENIX Security 16). p. 17 (2016)"},{"key":"539_CR13","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"98","DOI":"10.1007\/978-3-319-66332-6_5","volume-title":"Research in Attacks, Intrusions, and Defenses","author":"A Kharraz","year":"2017","unstructured":"Kharraz, A., Kirda, E.: Redemption: real-time protection against ransomware at end-hosts. In: Dacier, M., Bailey, M., Polychronakis, M., Antonakakis, M. (eds.) Research in Attacks, Intrusions, and Defenses. Lecture Notes in Computer Science, pp. 98\u2013119. Springer, Cham (2017). https:\/\/doi.org\/10.1007\/978-3-319-66332-6_5"},{"key":"539_CR14","doi-asserted-by":"publisher","first-page":"389","DOI":"10.1016\/j.cose.2017.11.019","volume":"73","author":"JA G\u00f3mez-Hern\u00e1ndez","year":"2018","unstructured":"G\u00f3mez-Hern\u00e1ndez, J.A., \u00c1lvarez Gonz\u00e1lez, L., Garc\u00eda-Teodoro, P.: R-locker: thwarting ransomware action through a Honeyfile-based approach. Comput. Secur. 73, 389\u2013398 (2018). https:\/\/doi.org\/10.1016\/j.cose.2017.11.019","journal-title":"Comput. Secur."},{"key":"539_CR15","doi-asserted-by":"publisher","first-page":"289","DOI":"10.1016\/j.procs.2020.02.249","volume":"168","author":"A Arabo","year":"2020","unstructured":"Arabo, A., Dijoux, R., Poulain, T., Chevalier, G.: Detecting ransomware using process behavior analysis. Procedia Comput. Sci. 168, 289\u2013296 (2020). https:\/\/doi.org\/10.1016\/j.procs.2020.02.249","journal-title":"Procedia Comput. Sci."},{"key":"539_CR16","doi-asserted-by":"publisher","unstructured":"Ayub, M.A., Continella, A., Siraj, A.: An I\/O request packet (IRP) driven effective ransomware detection scheme using artificial neural network. In 2020 IEEE 21st International Conference on Information Reuse and Integration for Data Science (IRI), pp. 319\u2013324. IEEE, Las Vegas (2020). https:\/\/doi.org\/10.1109\/IRI49571.2020.00053","DOI":"10.1109\/IRI49571.2020.00053"},{"issue":"1","key":"539_CR17","doi-asserted-by":"publisher","first-page":"533","DOI":"10.1007\/s10207-023-00758-z","volume":"23","author":"MA Ayub","year":"2024","unstructured":"Ayub, M.A., Siraj, A., Filar, B., Gupta, M.: RWArmor: a static-informed dynamic analysis approach for early detection of cryptographic windows ransomware. Int J Inf Secur 23(1), 533\u2013556 (2024). https:\/\/doi.org\/10.1007\/s10207-023-00758-z","journal-title":"Int J Inf Secur"},{"key":"539_CR18","doi-asserted-by":"publisher","unstructured":"Shaukat, S.K., Ribeiro, V.J.: RansomWall: a layered defense system against cryptographic ransomware attacks using machine learning. In 2018 10th International Conference on Communication Systems & Networks (COMSNETS), pp. 356\u2013363. IEEE, Bengaluru (2018). https:\/\/doi.org\/10.1109\/COMSNETS.2018.8328219","DOI":"10.1109\/COMSNETS.2018.8328219"},{"key":"539_CR19","doi-asserted-by":"publisher","unstructured":"Continella, A., Guagnelli, A., Zingaro, G., De Pasquale, G., Barenghi, A., Zanero, S., Maggi, F.: ShieldFS: a self-healing, ransomware-aware filesystem. In Proceedings of the 32nd Annual Conference on Computer Security Applications, pp. 336\u2013347. ACM, Los Angeles (2016). https:\/\/doi.org\/10.1145\/2991079.2991110","DOI":"10.1145\/2991079.2991110"},{"key":"539_CR20","doi-asserted-by":"publisher","unstructured":"Nalinipriya, G., Govarthini, V., Kayalvizhi, S., Christika, S., Vishvaja, J., Amara, K.R.: Royal: DefendR\u2014an advanced security model using mini filter in unix multi-operating system. In 2022 8th International Conference on Smart Structures and Systems (ICSSS), pp. 1\u20136 (2022). https:\/\/doi.org\/10.1109\/ICSSS54381.2022.9782248","DOI":"10.1109\/ICSSS54381.2022.9782248"},{"key":"539_CR21","unstructured":"Morris, J., Lin, D., Smith, M.: Marcellus: fight virus like a virus: a new defense method against file-encrypting ransomware (2021). http:\/\/arxiv.org\/abs\/2103.11014. arXiv:2103.11014 [cs]"},{"key":"539_CR22","doi-asserted-by":"publisher","unstructured":"Bailluet, N., Le Bouder, H., Lubicz, D.: Ransomware detection using markov chain models over file headers. In Proceedings of the 18th International Conference on Security and Cryptography, pp. 403\u2013411. SCITEPRESS\u2014Science and Technology Publications (2021). https:\/\/doi.org\/10.5220\/0010513100002998","DOI":"10.5220\/0010513100002998"},{"key":"539_CR23","unstructured":"Bottazzi, G., Italiano, G.F., Spera, D.: Preventing ransomware attacks through file system filter drivers. In Conference: Proceedings of the Second Italian Conference on Cyber Security (ITASEC18) At: Milan, p. 1 (2018)"},{"issue":"5","key":"539_CR24","doi-asserted-by":"publisher","first-page":"1837","DOI":"10.3390\/s22051837","volume":"22","author":"A Alqahtani","year":"2022","unstructured":"Alqahtani, A., Sheldon, F.T.: A survey of crypto ransomware attack detection methodologies: an evolving outlook. Sensors 22(5), 1837 (2022). https:\/\/doi.org\/10.3390\/s22051837","journal-title":"Sensors"},{"issue":"4","key":"539_CR25","doi-asserted-by":"publisher","first-page":"299","DOI":"10.1007\/s11416-021-00384-0","volume":"17","author":"YS Joshi","year":"2021","unstructured":"Joshi, Y.S., Mahajan, H., Joshi, S.N., Gupta, K.P., Agarkar, A.A.: Signature-less ransomware detection and mitigation. J. Comput. Virol. Hacking Tech. 17(4), 299\u2013306 (2021). https:\/\/doi.org\/10.1007\/s11416-021-00384-0","journal-title":"J. Comput. Virol. Hacking Tech."},{"issue":"20","key":"539_CR26","doi-asserted-by":"publisher","first-page":"6731","DOI":"10.1007\/s00500-018-3257-z","volume":"22","author":"S Jung","year":"2018","unstructured":"Jung, S., Won, Y.: Ransomware detection method based on context-aware entropy analysis. Soft Comput. 22(20), 6731\u20136740 (2018). https:\/\/doi.org\/10.1007\/s00500-018-3257-z","journal-title":"Soft Comput."},{"key":"539_CR27","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"199","DOI":"10.1007\/978-3-030-62974-8_12","volume-title":"Information Security","author":"J Pont","year":"2020","unstructured":"Pont, J., Arief, B., Hernandez-Castro, J.: Why current statistical approaches to ransomware detection fail. In: Susilo, W., Deng, R.H., Guo, F., Li, Y., Intan, R. (eds.) Information Security. Lecture Notes in Computer Science, pp. 199\u2013216. Cham, Springer (2020). https:\/\/doi.org\/10.1007\/978-3-030-62974-8_12"},{"key":"539_CR28","doi-asserted-by":"publisher","unstructured":"Morato Oses, D., Berrueta, E., Maga\u00f1a, E., Izal, M.: A chronological evolution model for crypto-ransomware detection based on encrypted file-sharing traffic. SSRN Electronic Journal (2022). https:\/\/doi.org\/10.2139\/ssrn.4074557","DOI":"10.2139\/ssrn.4074557"},{"key":"539_CR29","doi-asserted-by":"publisher","DOI":"10.1016\/j.eswa.2022.118299","volume":"209","author":"E Berrueta","year":"2022","unstructured":"Berrueta, E., Morato, D., Maga\u00f1a, E., Izal, M.: Crypto-ransomware detection using machine learning models in file-sharing network scenarios with encrypted traffic. Expert Syst. Appl. 209, 118299 (2022). https:\/\/doi.org\/10.1016\/j.eswa.2022.118299","journal-title":"Expert Syst. Appl."},{"key":"539_CR30","doi-asserted-by":"publisher","DOI":"10.4108\/eai.28-1-2021.168506","author":"T Xia","year":"2021","unstructured":"Xia, T., Sun, Y., Zhu, S., Rasheed, Z., Shafique, K.: Toward a network-assisted approach for effective ransomware detection. EAI Endorsed Trans. Secur. Saf. (2021). https:\/\/doi.org\/10.4108\/eai.28-1-2021.168506","journal-title":"EAI Endorsed Trans. Secur. Saf."},{"key":"539_CR31","doi-asserted-by":"publisher","DOI":"10.1016\/j.fsidi.2021.301314","volume":"40","author":"M Hirano","year":"2022","unstructured":"Hirano, M., Hodota, R., Kobayashi, R.: RanSAP: an open dataset of ransomware storage access patterns for training machine learning models. Forensic Sci. Int. Digit. Investig. 40, 301314 (2022). https:\/\/doi.org\/10.1016\/j.fsidi.2021.301314","journal-title":"Forensic Sci. Int. Digit. Investig."},{"key":"539_CR32","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2020.101997","volume":"97","author":"F Tang","year":"2020","unstructured":"Tang, F., Ma, B., Li, J., Zhang, F., Su, J., Ma, J.: RansomSpector: an introspection-based approach to detect crypto ransomware. Comput. Secur. 97, 101997 (2020). https:\/\/doi.org\/10.1016\/j.cose.2020.101997","journal-title":"Comput. Secur."},{"issue":"3","key":"539_CR33","doi-asserted-by":"publisher","first-page":"143","DOI":"10.3390\/bdcc7030143","volume":"7","author":"A Alraizza","year":"2023","unstructured":"Alraizza, A., Algarni, A.: Ransomware detection using machine learning: a survey. Big Data Cogn. Comput. 7(3), 143 (2023). https:\/\/doi.org\/10.3390\/bdcc7030143","journal-title":"Big Data Cogn. Comput."},{"key":"539_CR34","doi-asserted-by":"publisher","first-page":"53","DOI":"10.5121\/ijans.2012.2206","volume":"2","author":"R Dalal","year":"2012","unstructured":"Dalal, R.: Different ways to achieve trust in MANET. Int. J. AdHoc Netw. Syst. 2, 53\u201364 (2012). https:\/\/doi.org\/10.5121\/ijans.2012.2206","journal-title":"Int. J. AdHoc Netw. Syst."},{"issue":"4","key":"539_CR35","doi-asserted-by":"publisher","first-page":"2039","DOI":"10.1007\/s11277-024-11064-9","volume":"135","author":"R Dalal","year":"2024","unstructured":"Dalal, R., Khari, M., Misra, S.: Speculative analysis of wireless network by bibliometrics tool. Wirel. Pers. Commun. 135(4), 2039\u20132059 (2024). https:\/\/doi.org\/10.1007\/s11277-024-11064-9","journal-title":"Wirel. Pers. Commun."},{"key":"539_CR36","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2021.3136927","author":"R Dalal","year":"2021","unstructured":"Dalal, R., Khari, M., Anzola, J.P., Garc\u00eda, V.: Proliferation of opportunistic routing: a systematic review. IEEE Access (2021). https:\/\/doi.org\/10.1109\/ACCESS.2021.3136927","journal-title":"IEEE Access"},{"key":"539_CR37","doi-asserted-by":"publisher","first-page":"51395","DOI":"10.1109\/ACCESS.2023.3279819","volume":"11","author":"K Thummapudi","year":"2023","unstructured":"Thummapudi, K., Lama, P., Boppana, R.V.: Detection of ransomware attacks using processor and disk usage data. IEEE Access 11, 51395\u201351407 (2023). https:\/\/doi.org\/10.1109\/ACCESS.2023.3279819","journal-title":"IEEE Access"},{"key":"539_CR38","doi-asserted-by":"publisher","DOI":"10.1109\/TC.2022.3173149","author":"GO Ganfure","year":"2022","unstructured":"Ganfure, G.O., Wu, C.F., Chang, Y.H., Shih, W.K.: DeepWare: imaging performance counters with deep learning to detect ransomware. IEEE Trans. Comput. (2022). https:\/\/doi.org\/10.1109\/TC.2022.3173149","journal-title":"IEEE Trans. Comput."},{"key":"539_CR39","doi-asserted-by":"publisher","DOI":"10.7717\/peerj-cs.361","author":"S Aurangzeb","year":"2021","unstructured":"Aurangzeb, S., Rais, R.N., Aleem, M., Islam, M.A., Iqbal, M.A.: On the classification of microsoft-windows ransomware using hardware profile. PeerJ Comput. Sci. (2021). https:\/\/doi.org\/10.7717\/peerj-cs.361","journal-title":"PeerJ Comput. Sci."},{"key":"539_CR40","unstructured":"Pundir, N., Tehranipoor, M., Rahman, F.: RanStop: a hardware-assisted runtime crypto-ransomware detection technique (2020). http:\/\/arxiv.org\/abs\/2011.12248. arXiv:2011.12248 [cs]"},{"key":"539_CR41","unstructured":"MSDN. ETW framework conceptual tutorial\u2014message analyzer (2020). https:\/\/learn.microsoft.com\/en-us\/message-analyzer\/etw-framework-conceptual-tutorial"},{"key":"539_CR42","unstructured":"Blake. Monitoring file mods through ETW and velociraptor (2024). https:\/\/bmcder.com\/blog\/event-tracing-for-windows-monitoring-file-and-process-interactions"},{"key":"539_CR43","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"240","DOI":"10.1007\/978-3-030-88418-5_12","volume-title":"Computer Security - ESORICS 2021","author":"ME Ahmed","year":"2021","unstructured":"Ahmed, M.E., Kim, H., Camtepe, S., Nepal, S.: Peeler: profiling kernel-level events to detect ransomware. In: Bertino, E., Shulman, H., Waidner, M. (eds.) Computer Security - ESORICS 2021. Lecture Notes in Computer Science, pp. 240\u2013260. Cham, Springer (2021). https:\/\/doi.org\/10.1007\/978-3-030-88418-5_12"},{"issue":"6","key":"539_CR44","doi-asserted-by":"publisher","DOI":"10.1002\/spy2.253","volume":"5","author":"S Rana","year":"2022","unstructured":"Rana, S., Kumar, N., Handa, A., Shukla, S.K.: Automated windows behavioral tracing for malware analysis. Secur. Priv. 5(6), e253 (2022). https:\/\/doi.org\/10.1002\/spy2.253","journal-title":"Secur. Priv."},{"key":"539_CR45","doi-asserted-by":"publisher","unstructured":"Mavroeidis, V., J\u00f8sang, A.: Data-driven threat hunting using sysmon. In Proceedings of the 2nd International Conference on Cryptography, Security and Privacy, ICCSP, pp. 82\u201388. Association for Computing Machinery, New York (2018). https:\/\/doi.org\/10.1145\/3199478.3199490","DOI":"10.1145\/3199478.3199490"},{"key":"539_CR46","doi-asserted-by":"publisher","unstructured":"Moussaileb, R., Cuppens, N., Lanet, J.-L., Le Bouder, H.: A survey on windows-based ransomware taxonomy and detection mechanisms. ACM Comput. Surv. 54(6), 117 (2021). https:\/\/doi.org\/10.1145\/3453153","DOI":"10.1145\/3453153"},{"key":"539_CR47","doi-asserted-by":"publisher","unstructured":"Moussaileb, R., Cuppens, N., Lanet, J.L., Bouder, H.L.: Ransomware detection using the dynamic analysis and machine learning: a survey and research directions. Appl. Sci. 12(1), 172 (2022). https:\/\/doi.org\/10.3390\/app12010172","DOI":"10.3390\/app12010172"},{"issue":"2","key":"539_CR48","doi-asserted-by":"publisher","first-page":"165","DOI":"10.1007\/s11416-022-00434-1","volume":"19","author":"AG Masid","year":"2023","unstructured":"Masid, A.G., Higuera, J.B., Higuera, J.R., Montalvo, J.A.: Application of the SAMA methodology to Ryuk malware. J. Comput. Virol. Hacking Tech. 19(2), 165\u2013198 (2023). https:\/\/doi.org\/10.1007\/s11416-022-00434-1","journal-title":"J. Comput. Virol. Hacking Tech."},{"key":"539_CR49","unstructured":"logman. logman (2023). https:\/\/learn.microsoft.com\/en-us\/windows-server\/administration\/windows-commands\/logman"},{"key":"539_CR50","unstructured":"tracerpt. tracerpt (2023). https:\/\/learn.microsoft.com\/en-us\/windows-server\/administration\/windows-commands\/tracerpt"},{"key":"539_CR51","unstructured":"perfview. microsoft\/perfview (2024). https:\/\/github.com\/microsoft\/perfview. original-date: 2015-03-27T21:48:45Z"},{"key":"539_CR52","unstructured":"krabsetw. microsoft\/krabsetw (2024). https:\/\/github.com\/microsoft\/krabsetw. original-date: 2016-10-24T17:38:49Z"},{"key":"539_CR53","unstructured":"SilkETW. mandiant\/SilkETW (2024). https:\/\/github.com\/mandiant\/SilkETW. original-date: 2019-03-19T14:35:48Z"},{"key":"539_CR54","unstructured":"Sealighter. pathtofile\/Sealighter (2024). https:\/\/github.com\/pathtofile\/Sealighter. original-date: 2020-02-22T00:36:39Z"},{"key":"539_CR55","unstructured":"pywintrace. fireeye\/pywintrace (2024). https:\/\/github.com\/fireeye\/pywintrace. original-date: 2017-09-08T14:27:01Z"},{"key":"539_CR56","unstructured":"UIforETW. google\/UIforETW (2024). https:\/\/github.com\/google\/UIforETW. original-date: 2015-04-09T21:46:04Z"},{"key":"539_CR57","unstructured":"MITRE. Process Injection: Process Hollowing, Sub-technique T1055.012 - Enterprise | MITRE ATT &CK\u00ae (2024). https:\/\/attack.mitre.org\/techniques\/T1055\/012\/"},{"key":"539_CR58","doi-asserted-by":"publisher","DOI":"10.1016\/j.comnet.2023.110138","volume":"239","author":"M Cen","year":"2024","unstructured":"Cen, M., Jiang, F., Qin, X., Jiang, Q., Doss, R.: Ransomware early detection: a survey. Comput. Netw. 239, 110138 (2024). https:\/\/doi.org\/10.1016\/j.comnet.2023.110138","journal-title":"Comput. Netw."},{"key":"539_CR59","unstructured":"virustotal. VirusTotal - Home (2024). https:\/\/www.virustotal.com\/gui\/home\/upload"},{"key":"539_CR60","unstructured":"malwarebazaar. MalwareBazaar | Malware sample exchange (2024). https:\/\/bazaar.abuse.ch\/"},{"key":"539_CR61","unstructured":"Monaco. fabrimagic72\/malware-samples (2024). https:\/\/github.com\/fabrimagic72\/malware-samples. original-date: 2017-04-27T13:13:15Z"},{"key":"539_CR62","unstructured":"theZoo. ytisf\/theZoo: A repository of LIVE malwares for your own joy and pleasure. theZoo is a project created to make the possibility of malware analysis open and available to the public (2024). https:\/\/github.com\/ytisf\/theZoo"},{"key":"539_CR63","unstructured":"NapierOne. simonrdavies\/NapierOne (2024). https:\/\/github.com\/simonrdavies\/NapierOne. original-date: 2021-08-09T09:03:15Z"},{"key":"539_CR64","unstructured":"Govdocs1. Govdocs1 - Digital Corpora (2010). https:\/\/digitalcorpora.org\/corpora\/file-corpora\/files\/"}],"container-title":["Journal of Computer Virology and Hacking Techniques"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s11416-024-00539-9.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/article\/10.1007\/s11416-024-00539-9\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s11416-024-00539-9.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,10,15]],"date-time":"2024-10-15T15:14:49Z","timestamp":1729005289000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/s11416-024-00539-9"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024,9,27]]},"references-count":64,"journal-issue":{"issue":"4","published-online":{"date-parts":[[2024,11]]}},"alternative-id":["539"],"URL":"https:\/\/doi.org\/10.1007\/s11416-024-00539-9","relation":{},"ISSN":["2263-8733"],"issn-type":[{"value":"2263-8733","type":"electronic"}],"subject":[],"published":{"date-parts":[[2024,9,27]]},"assertion":[{"value":"31 May 2024","order":1,"name":"received","label":"Received","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"10 September 2024","order":2,"name":"accepted","label":"Accepted","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"27 September 2024","order":3,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}},{"order":1,"name":"Ethics","group":{"name":"EthicsHeading","label":"Declarations"}},{"value":"The authors declare that they have no conflicts of interest to report regarding the present study.","order":2,"name":"Ethics","group":{"name":"EthicsHeading","label":"Conflict of interest"}}]}}