function Ransomware.ProcessData()

in ransomware/artifact.lua [2364:2401]

• 32 lines of code
• 1 McCabe index (conditional complexity)

function Ransomware.ProcessData(processId, parentProcessId)
    local obj = {}
    obj.events = {}
    obj.headerMismatchExtensions = {}
    obj.numHeaderMismatchExtensions = 0
    obj.entropyMismatchExtensions = {}
    obj.numEntropyMismatchExtensions = 0

    obj.createExtensions = {}
    obj.modifyExtensions = {}
    obj.deleteExtensions = {}
    obj.renameExtensions = {}
    obj.renamePreviousExtensions = {}
    obj.overwriteExtensions = {}

    obj.subExtensions = {}
    obj.longExtensions = {}
    obj.appendedPaths = {}

    
    
    obj.uniqueDirectoriesByResponsibility = {}
    obj.createFileNames = {}

    obj.totalEventScore = 0.0
    obj.trendScore = 0.0
    obj.totalScore = 0.0
    obj.processId = processId
    obj.parentProcessId = parentProcessId
    obj.children = {}
    obj.childScore = 0.0
    obj.diagnosticAlerted = false
    obj.diagnosticAlertQueued = false
    obj.alerted = false
    obj.activeAnalysis = true
    obj.eventThresholdExtended = false
    return obj
end