SmartHawk

7.2

高危

59 个模型检测该样本为恶意！

重新分析

下载样本

60b28ad78be40bbc9d08b91b21c5d4e07c6952f5be5e32eacee6d055e0279b12

a0e495354a1e55ace1c808bf7b9539a2.exe

分析耗时

97s

最近分析

文件大小

53.5KB

静态报毒动态报毒 100% 5GKKDOE61IC A + TROJ AB@7L2S58 AGEN AI SCORE=100 AIDETECTVM ALI1000102 AUTO BSCOPE CBLHX CLASSIC CONFIDENCE CRYPTOLOCKER ELDORADO FAECQN FAKEGLOBE FILECODER GENASA GENASOM GENETIC GLOBEIMPOSTER GLOBELMPOSTER HIGH CONFIDENCE MALICIOUS PE MALWARE2 MAUVAISE NECNE R228072 RAAS RANSOMWARE RANSOMX SCORE STATIC AI UNSAFE 更多

未检测暂无鹰眼引擎检测结果

查杀引擎	查杀结果	查杀时间	查杀版本
McAfee	Globelmposter!A0E495354A1E	20201229	6.0.6.653
Alibaba	Ransom:Win32/Genasom.ali1000102	20190527	0.3.0.5
CrowdStrike	win/malicious_confidence_100% (W)	20190702	1.0
Baidu		20190318	1.0.0.2
Tencent	Win32.Trojan.Raas.Auto	20201229	1.0.0.1
Kingsoft		20201229	2017.9.26.565
Avast	Win32:RansomX-gen [Ransom]	20201229	21.1.5827.0

Creates (office) documents on the filesystem (7 个事件)

file	C:\Users\Administrator.Oskar-PC\Documents\WLsfzqeuZZnBCdm.doc
file	C:\Users\Administrator.Oskar-PC\Documents\gNXuHputGmI.doc
file	C:\Users\Administrator.Oskar-PC\Documents\GkGtzxOCYfFy.ppt
file	C:\Users\Administrator.Oskar-PC\Documents\hkcWceCgZqa.doc
file	C:\Users\Administrator.Oskar-PC\Documents\exkLAzLizit.ppt
file	C:\Users\Administrator.Oskar-PC\Documents\nXKcuvbZnwJS.ppt
file	C:\Users\Administrator.Oskar-PC\Documents\CIkOXJuIYvHGTIYU.doc

Creates executable files on the filesystem (18 个事件)

file	C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\VirtualBox Dropped Files\2021-04-11T13_03_23.134665700Z\vcredist_x64.exe
file	C:\Users\Administrator.Oskar-PC\Links\Desktop.lnk
file	C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\VirtualBox Dropped Files\2021-04-11T12_48_05.093039900Z\ChromeSetup.exe
file	C:\Users\Oskar\Links\Desktop.lnk
file	C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\VirtualBox Dropped Files\2021-04-11T12_55_56.358189200Z\dotNetFx40_Full_x86_x64.exe
file	C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\RarSFX1\Loader.exe
file	C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\VirtualBox Dropped Files\2021-04-11T13_04_00.550342800Z\python-2.7.18.amd64 (1).msi
file	C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\RarSFX0\Loader.exe
file	C:\Users\Administrator.Oskar-PC\Links\RecentPlaces.lnk
file	C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\RarSFX1\KMS2021.msi
file	C:\Users\Administrator.Oskar-PC\Links\Downloads.lnk
file	C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\RarSFX0\KMS2021.msi
file	C:\Users\Administrator.Oskar-PC\AppData\Roaming\Wintup.exe
file	C:\Users\Oskar\Links\Downloads.lnk
file	C:\Users\Oskar\Links\RecentPlaces.lnk
file	C:\Users\Administrator.Oskar-PC\AppData\Roaming\Windows_Activator\Windows Activator.exe
file	C:\Users\Public\Desktop\Google Chrome.lnk
file	C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\VirtualBox Dropped Files\2021-04-11T12_55_50.744383200Z\vcredist_x64.exe

Creates a shortcut to an executable file (7 个事件)

file	C:\Users\Administrator.Oskar-PC\Links\Desktop.lnk
file	C:\Users\Oskar\Links\Desktop.lnk
file	C:\Users\Administrator.Oskar-PC\Links\RecentPlaces.lnk
file	C:\Users\Administrator.Oskar-PC\Links\Downloads.lnk
file	C:\Users\Oskar\Links\Downloads.lnk
file	C:\Users\Public\Desktop\Google Chrome.lnk
file	C:\Users\Oskar\Links\RecentPlaces.lnk

Communicates with host for which no DNS query was performed (2 个事件)

host	113.108.239.196
host	172.217.24.14

Installs itself for autorun at Windows startup (1 个事件)

reg_key

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce\BrowserUpdateCheck

reg_value

C:\Users\Administrator.Oskar-PC\AppData\Local\a0e495354a1e55ace1c808bf7b9539a2.exe

Attempts to detect Cuckoo Sandbox through the presence of a file (2 个事件)

file	C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\VirtualBox Dropped Files\2021-04-11T13_11_43.130072200Z\agent.pyw
file	C:\tmpsij43m\analyzer.py

Performs 266 file moves indicative of a ransomware file encryption process (50 out of 266 个事件)

Time & API	Arguments	Status	Return
1619816853.1865 MoveFileWithProgressW	oldfilepath: C:\Users\desktop.ini newfilepath: C:\Users\desktop.ini.KENS@TUTA.IO newfilepath_r: C:\Users\desktop.ini.KENS@TUTA.IO flags: 1 oldfilepath_r: C:\Users\desktop.ini	success	1
1619816853.4985 MoveFileWithProgressW	oldfilepath: C:\Users\Public\desktop.ini newfilepath: C:\Users\Public\desktop.ini.KENS@TUTA.IO newfilepath_r: C:\Users\Public\desktop.ini.KENS@TUTA.IO flags: 1 oldfilepath_r: C:\Users\Public\desktop.ini	success	1
1619816853.7805 MoveFileWithProgressW	oldfilepath: C:\Users\Public\Videos\desktop.ini newfilepath: C:\Users\Public\Videos\desktop.ini.KENS@TUTA.IO newfilepath_r: C:\Users\Public\Videos\desktop.ini.KENS@TUTA.IO flags: 1 oldfilepath_r: C:\Users\Public\Videos\desktop.ini	success	1
1619816853.9365 MoveFileWithProgressW	oldfilepath: C:\Users\Public\Videos\Sample Videos\desktop.ini newfilepath: C:\Users\Public\Videos\Sample Videos\desktop.ini.KENS@TUTA.IO newfilepath_r: C:\Users\Public\Videos\Sample Videos\desktop.ini.KENS@TUTA.IO flags: 1 oldfilepath_r: C:\Users\Public\Videos\Sample Videos\desktop.ini	success	1
1619816858.3735 MoveFileWithProgressW	oldfilepath: C:\Users\Public\Videos\Sample Videos\Wildlife.wmv newfilepath: C:\Users\Public\Videos\Sample Videos\Wildlife.wmv.KENS@TUTA.IO newfilepath_r: C:\Users\Public\Videos\Sample Videos\Wildlife.wmv.KENS@TUTA.IO flags: 1 oldfilepath_r: C:\Users\Public\Videos\Sample Videos\Wildlife.wmv	success	1
1619816858.3735 MoveFileWithProgressW	oldfilepath: C:\Users\Public\Recorded TV\desktop.ini newfilepath: C:\Users\Public\Recorded TV\desktop.ini.KENS@TUTA.IO newfilepath_r: C:\Users\Public\Recorded TV\desktop.ini.KENS@TUTA.IO flags: 1 oldfilepath_r: C:\Users\Public\Recorded TV\desktop.ini	success	1
1619816858.6865 MoveFileWithProgressW	oldfilepath: C:\Users\Public\Recorded TV\Sample Media\desktop.ini newfilepath: C:\Users\Public\Recorded TV\Sample Media\desktop.ini.KENS@TUTA.IO newfilepath_r: C:\Users\Public\Recorded TV\Sample Media\desktop.ini.KENS@TUTA.IO flags: 1 oldfilepath_r: C:\Users\Public\Recorded TV\Sample Media\desktop.ini	success	1
1619816859.7805 MoveFileWithProgressW	oldfilepath: C:\Users\Public\Recorded TV\Sample Media\win7_scenic-demoshort_raw.wtv newfilepath: C:\Users\Public\Recorded TV\Sample Media\win7_scenic-demoshort_raw.wtv.KENS@TUTA.IO newfilepath_r: C:\Users\Public\Recorded TV\Sample Media\win7_scenic-demoshort_raw.wtv.KENS@TUTA.IO flags: 1 oldfilepath_r: C:\Users\Public\Recorded TV\Sample Media\win7_scenic-demoshort_raw.wtv	success	1
1619816859.7805 MoveFileWithProgressW	oldfilepath: C:\Users\Public\Pictures\desktop.ini newfilepath: C:\Users\Public\Pictures\desktop.ini.KENS@TUTA.IO newfilepath_r: C:\Users\Public\Pictures\desktop.ini.KENS@TUTA.IO flags: 1 oldfilepath_r: C:\Users\Public\Pictures\desktop.ini	success	1
1619816861.3275 MoveFileWithProgressW	oldfilepath: C:\Users\Public\Pictures\Sample Pictures\Chrysanthemum.jpg newfilepath: C:\Users\Public\Pictures\Sample Pictures\Chrysanthemum.jpg.KENS@TUTA.IO newfilepath_r: C:\Users\Public\Pictures\Sample Pictures\Chrysanthemum.jpg.KENS@TUTA.IO flags: 1 oldfilepath_r: C:\Users\Public\Pictures\Sample Pictures\Chrysanthemum.jpg	success	1
1619816861.7645 MoveFileWithProgressW	oldfilepath: C:\Users\Public\Pictures\Sample Pictures\Desert.jpg newfilepath: C:\Users\Public\Pictures\Sample Pictures\Desert.jpg.KENS@TUTA.IO newfilepath_r: C:\Users\Public\Pictures\Sample Pictures\Desert.jpg.KENS@TUTA.IO flags: 1 oldfilepath_r: C:\Users\Public\Pictures\Sample Pictures\Desert.jpg	success	1
1619816861.7805 MoveFileWithProgressW	oldfilepath: C:\Users\Public\Pictures\Sample Pictures\desktop.ini newfilepath: C:\Users\Public\Pictures\Sample Pictures\desktop.ini.KENS@TUTA.IO newfilepath_r: C:\Users\Public\Pictures\Sample Pictures\desktop.ini.KENS@TUTA.IO flags: 1 oldfilepath_r: C:\Users\Public\Pictures\Sample Pictures\desktop.ini	success	1
1619816861.9205 MoveFileWithProgressW	oldfilepath: C:\Users\Public\Pictures\Sample Pictures\Hydrangeas.jpg newfilepath: C:\Users\Public\Pictures\Sample Pictures\Hydrangeas.jpg.KENS@TUTA.IO newfilepath_r: C:\Users\Public\Pictures\Sample Pictures\Hydrangeas.jpg.KENS@TUTA.IO flags: 1 oldfilepath_r: C:\Users\Public\Pictures\Sample Pictures\Hydrangeas.jpg	success	1
1619816862.2175 MoveFileWithProgressW	oldfilepath: C:\Users\Public\Pictures\Sample Pictures\Jellyfish.jpg newfilepath: C:\Users\Public\Pictures\Sample Pictures\Jellyfish.jpg.KENS@TUTA.IO newfilepath_r: C:\Users\Public\Pictures\Sample Pictures\Jellyfish.jpg.KENS@TUTA.IO flags: 1 oldfilepath_r: C:\Users\Public\Pictures\Sample Pictures\Jellyfish.jpg	success	1
1619816862.3895 MoveFileWithProgressW	oldfilepath: C:\Users\Public\Pictures\Sample Pictures\Koala.jpg newfilepath: C:\Users\Public\Pictures\Sample Pictures\Koala.jpg.KENS@TUTA.IO newfilepath_r: C:\Users\Public\Pictures\Sample Pictures\Koala.jpg.KENS@TUTA.IO flags: 1 oldfilepath_r: C:\Users\Public\Pictures\Sample Pictures\Koala.jpg	success	1
1619816862.7485 MoveFileWithProgressW	oldfilepath: C:\Users\Public\Pictures\Sample Pictures\Lighthouse.jpg newfilepath: C:\Users\Public\Pictures\Sample Pictures\Lighthouse.jpg.KENS@TUTA.IO newfilepath_r: C:\Users\Public\Pictures\Sample Pictures\Lighthouse.jpg.KENS@TUTA.IO flags: 1 oldfilepath_r: C:\Users\Public\Pictures\Sample Pictures\Lighthouse.jpg	success	1
1619816862.7955 MoveFileWithProgressW	oldfilepath: C:\Users\Public\Pictures\Sample Pictures\Penguins.jpg newfilepath: C:\Users\Public\Pictures\Sample Pictures\Penguins.jpg.KENS@TUTA.IO newfilepath_r: C:\Users\Public\Pictures\Sample Pictures\Penguins.jpg.KENS@TUTA.IO flags: 1 oldfilepath_r: C:\Users\Public\Pictures\Sample Pictures\Penguins.jpg	success	1
1619816863.3425 MoveFileWithProgressW	oldfilepath: C:\Users\Public\Pictures\Sample Pictures\Tulips.jpg newfilepath: C:\Users\Public\Pictures\Sample Pictures\Tulips.jpg.KENS@TUTA.IO newfilepath_r: C:\Users\Public\Pictures\Sample Pictures\Tulips.jpg.KENS@TUTA.IO flags: 1 oldfilepath_r: C:\Users\Public\Pictures\Sample Pictures\Tulips.jpg	success	1
1619816863.3425 MoveFileWithProgressW	oldfilepath: C:\Users\Public\Music\desktop.ini newfilepath: C:\Users\Public\Music\desktop.ini.KENS@TUTA.IO newfilepath_r: C:\Users\Public\Music\desktop.ini.KENS@TUTA.IO flags: 1 oldfilepath_r: C:\Users\Public\Music\desktop.ini	success	1
1619816863.6395 MoveFileWithProgressW	oldfilepath: C:\Users\Public\Music\Sample Music\AlbumArt_{5FA05D35-A682-4AF6-96F7-0773E42D4D16}_Large.jpg newfilepath: C:\Users\Public\Music\Sample Music\AlbumArt_{5FA05D35-A682-4AF6-96F7-0773E42D4D16}_Large.jpg.KENS@TUTA.IO newfilepath_r: C:\Users\Public\Music\Sample Music\AlbumArt_{5FA05D35-A682-4AF6-96F7-0773E42D4D16}_Large.jpg.KENS@TUTA.IO flags: 1 oldfilepath_r: C:\Users\Public\Music\Sample Music\AlbumArt_{5FA05D35-A682-4AF6-96F7-0773E42D4D16}_Large.jpg	success	1
1619816863.9985 MoveFileWithProgressW	oldfilepath: C:\Users\Public\Music\Sample Music\AlbumArt_{5FA05D35-A682-4AF6-96F7-0773E42D4D16}_Small.jpg newfilepath: C:\Users\Public\Music\Sample Music\AlbumArt_{5FA05D35-A682-4AF6-96F7-0773E42D4D16}_Small.jpg.KENS@TUTA.IO newfilepath_r: C:\Users\Public\Music\Sample Music\AlbumArt_{5FA05D35-A682-4AF6-96F7-0773E42D4D16}_Small.jpg.KENS@TUTA.IO flags: 1 oldfilepath_r: C:\Users\Public\Music\Sample Music\AlbumArt_{5FA05D35-A682-4AF6-96F7-0773E42D4D16}_Small.jpg	success	1
1619816863.9985 MoveFileWithProgressW	oldfilepath: C:\Users\Public\Music\Sample Music\desktop.ini newfilepath: C:\Users\Public\Music\Sample Music\desktop.ini.KENS@TUTA.IO newfilepath_r: C:\Users\Public\Music\Sample Music\desktop.ini.KENS@TUTA.IO flags: 1 oldfilepath_r: C:\Users\Public\Music\Sample Music\desktop.ini	success	1
1619816865.7645 MoveFileWithProgressW	oldfilepath: C:\Users\Public\Music\Sample Music\Kalimba.mp3 newfilepath: C:\Users\Public\Music\Sample Music\Kalimba.mp3.KENS@TUTA.IO newfilepath_r: C:\Users\Public\Music\Sample Music\Kalimba.mp3.KENS@TUTA.IO flags: 1 oldfilepath_r: C:\Users\Public\Music\Sample Music\Kalimba.mp3	success	1
1619816866.4985 MoveFileWithProgressW	oldfilepath: C:\Users\Public\Music\Sample Music\Maid with the Flaxen Hair.mp3 newfilepath: C:\Users\Public\Music\Sample Music\Maid with the Flaxen Hair.mp3.KENS@TUTA.IO newfilepath_r: C:\Users\Public\Music\Sample Music\Maid with the Flaxen Hair.mp3.KENS@TUTA.IO flags: 1 oldfilepath_r: C:\Users\Public\Music\Sample Music\Maid with the Flaxen Hair.mp3	success	1
1619816867.8735 MoveFileWithProgressW	oldfilepath: C:\Users\Public\Music\Sample Music\Sleep Away.mp3 newfilepath: C:\Users\Public\Music\Sample Music\Sleep Away.mp3.KENS@TUTA.IO newfilepath_r: C:\Users\Public\Music\Sample Music\Sleep Away.mp3.KENS@TUTA.IO flags: 1 oldfilepath_r: C:\Users\Public\Music\Sample Music\Sleep Away.mp3	success	1
1619816867.8735 MoveFileWithProgressW	oldfilepath: C:\Users\Public\Libraries\desktop.ini newfilepath: C:\Users\Public\Libraries\desktop.ini.KENS@TUTA.IO newfilepath_r: C:\Users\Public\Libraries\desktop.ini.KENS@TUTA.IO flags: 1 oldfilepath_r: C:\Users\Public\Libraries\desktop.ini	success	1
1619816868.0455 MoveFileWithProgressW	oldfilepath: C:\Users\Public\Libraries\RecordedTV.library-ms newfilepath: C:\Users\Public\Libraries\RecordedTV.library-ms.KENS@TUTA.IO newfilepath_r: C:\Users\Public\Libraries\RecordedTV.library-ms.KENS@TUTA.IO flags: 1 oldfilepath_r: C:\Users\Public\Libraries\RecordedTV.library-ms	success	1
1619816868.0615 MoveFileWithProgressW	oldfilepath: C:\Users\Public\Downloads\desktop.ini newfilepath: C:\Users\Public\Downloads\desktop.ini.KENS@TUTA.IO newfilepath_r: C:\Users\Public\Downloads\desktop.ini.KENS@TUTA.IO flags: 1 oldfilepath_r: C:\Users\Public\Downloads\desktop.ini	success	1
1619816868.2335 MoveFileWithProgressW	oldfilepath: C:\Users\Public\Documents\desktop.ini newfilepath: C:\Users\Public\Documents\desktop.ini.KENS@TUTA.IO newfilepath_r: C:\Users\Public\Documents\desktop.ini.KENS@TUTA.IO flags: 1 oldfilepath_r: C:\Users\Public\Documents\desktop.ini	success	1
1619816868.3735 MoveFileWithProgressW	oldfilepath: C:\Users\Public\Desktop\desktop.ini newfilepath: C:\Users\Public\Desktop\desktop.ini.KENS@TUTA.IO newfilepath_r: C:\Users\Public\Desktop\desktop.ini.KENS@TUTA.IO flags: 1 oldfilepath_r: C:\Users\Public\Desktop\desktop.ini	success	1
1619816868.5615 MoveFileWithProgressW	oldfilepath: C:\Users\Public\Desktop\Google Chrome.lnk newfilepath: C:\Users\Public\Desktop\Google Chrome.lnk.KENS@TUTA.IO newfilepath_r: C:\Users\Public\Desktop\Google Chrome.lnk.KENS@TUTA.IO flags: 1 oldfilepath_r: C:\Users\Public\Desktop\Google Chrome.lnk	success	1
1619816868.8895 MoveFileWithProgressW	oldfilepath: C:\Users\Oskar\NTUSER.DAT newfilepath: C:\Users\Oskar\NTUSER.DAT.KENS@TUTA.IO newfilepath_r: C:\Users\Oskar\NTUSER.DAT.KENS@TUTA.IO flags: 1 oldfilepath_r: C:\Users\Oskar\NTUSER.DAT	success	1
1619816869.2175 MoveFileWithProgressW	oldfilepath: C:\Users\Oskar\ntuser.dat.LOG1 newfilepath: C:\Users\Oskar\ntuser.dat.LOG1.KENS@TUTA.IO newfilepath_r: C:\Users\Oskar\ntuser.dat.LOG1.KENS@TUTA.IO flags: 1 oldfilepath_r: C:\Users\Oskar\ntuser.dat.LOG1	success	1
1619816869.3275 MoveFileWithProgressW	oldfilepath: C:\Users\Oskar\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf newfilepath: C:\Users\Oskar\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf.KENS@TUTA.IO newfilepath_r: C:\Users\Oskar\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf.KENS@TUTA.IO flags: 1 oldfilepath_r: C:\Users\Oskar\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf	success	1
1619816869.4675 MoveFileWithProgressW	oldfilepath: C:\Users\Oskar\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms newfilepath: C:\Users\Oskar\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms.KENS@TUTA.IO newfilepath_r: C:\Users\Oskar\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms.KENS@TUTA.IO flags: 1 oldfilepath_r: C:\Users\Oskar\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms	success	1
1619816869.5775 MoveFileWithProgressW	oldfilepath: C:\Users\Oskar\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms newfilepath: C:\Users\Oskar\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms.KENS@TUTA.IO newfilepath_r: C:\Users\Oskar\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms.KENS@TUTA.IO flags: 1 oldfilepath_r: C:\Users\Oskar\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms	success	1
1619816869.6555 MoveFileWithProgressW	oldfilepath: C:\Users\Oskar\ntuser.ini newfilepath: C:\Users\Oskar\ntuser.ini.KENS@TUTA.IO newfilepath_r: C:\Users\Oskar\ntuser.ini.KENS@TUTA.IO flags: 1 oldfilepath_r: C:\Users\Oskar\ntuser.ini	success	1
1619816869.7955 MoveFileWithProgressW	oldfilepath: C:\Users\Oskar\Videos\desktop.ini newfilepath: C:\Users\Oskar\Videos\desktop.ini.KENS@TUTA.IO newfilepath_r: C:\Users\Oskar\Videos\desktop.ini.KENS@TUTA.IO flags: 1 oldfilepath_r: C:\Users\Oskar\Videos\desktop.ini	success	1
1619816870.1705 MoveFileWithProgressW	oldfilepath: C:\Users\Oskar\Searches\desktop.ini newfilepath: C:\Users\Oskar\Searches\desktop.ini.KENS@TUTA.IO newfilepath_r: C:\Users\Oskar\Searches\desktop.ini.KENS@TUTA.IO flags: 1 oldfilepath_r: C:\Users\Oskar\Searches\desktop.ini	success	1
1619816870.4985 MoveFileWithProgressW	oldfilepath: C:\Users\Oskar\Searches\Everywhere.search-ms newfilepath: C:\Users\Oskar\Searches\Everywhere.search-ms.KENS@TUTA.IO newfilepath_r: C:\Users\Oskar\Searches\Everywhere.search-ms.KENS@TUTA.IO flags: 1 oldfilepath_r: C:\Users\Oskar\Searches\Everywhere.search-ms	success	1
1619816870.5615 MoveFileWithProgressW	oldfilepath: C:\Users\Oskar\Searches\Indexed Locations.search-ms newfilepath: C:\Users\Oskar\Searches\Indexed Locations.search-ms.KENS@TUTA.IO newfilepath_r: C:\Users\Oskar\Searches\Indexed Locations.search-ms.KENS@TUTA.IO flags: 1 oldfilepath_r: C:\Users\Oskar\Searches\Indexed Locations.search-ms	success	1
1619816870.5615 MoveFileWithProgressW	oldfilepath: C:\Users\Oskar\Saved Games\desktop.ini newfilepath: C:\Users\Oskar\Saved Games\desktop.ini.KENS@TUTA.IO newfilepath_r: C:\Users\Oskar\Saved Games\desktop.ini.KENS@TUTA.IO flags: 1 oldfilepath_r: C:\Users\Oskar\Saved Games\desktop.ini	success	1
1619816870.9835 MoveFileWithProgressW	oldfilepath: C:\Users\Oskar\Pictures\desktop.ini newfilepath: C:\Users\Oskar\Pictures\desktop.ini.KENS@TUTA.IO newfilepath_r: C:\Users\Oskar\Pictures\desktop.ini.KENS@TUTA.IO flags: 1 oldfilepath_r: C:\Users\Oskar\Pictures\desktop.ini	success	1
1619816871.3425 MoveFileWithProgressW	oldfilepath: C:\Users\Oskar\Music\desktop.ini newfilepath: C:\Users\Oskar\Music\desktop.ini.KENS@TUTA.IO newfilepath_r: C:\Users\Oskar\Music\desktop.ini.KENS@TUTA.IO flags: 1 oldfilepath_r: C:\Users\Oskar\Music\desktop.ini	success	1
1619816871.6085 MoveFileWithProgressW	oldfilepath: C:\Users\Oskar\Links\desktop.ini newfilepath: C:\Users\Oskar\Links\desktop.ini.KENS@TUTA.IO newfilepath_r: C:\Users\Oskar\Links\desktop.ini.KENS@TUTA.IO flags: 1 oldfilepath_r: C:\Users\Oskar\Links\desktop.ini	success	1
1619816871.8735 MoveFileWithProgressW	oldfilepath: C:\Users\Oskar\Links\Desktop.lnk newfilepath: C:\Users\Oskar\Links\Desktop.lnk.KENS@TUTA.IO newfilepath_r: C:\Users\Oskar\Links\Desktop.lnk.KENS@TUTA.IO flags: 1 oldfilepath_r: C:\Users\Oskar\Links\Desktop.lnk	success	1
1619816871.9525 MoveFileWithProgressW	oldfilepath: C:\Users\Oskar\Links\Downloads.lnk newfilepath: C:\Users\Oskar\Links\Downloads.lnk.KENS@TUTA.IO newfilepath_r: C:\Users\Oskar\Links\Downloads.lnk.KENS@TUTA.IO flags: 1 oldfilepath_r: C:\Users\Oskar\Links\Downloads.lnk	success	1
1619816871.9675 MoveFileWithProgressW	oldfilepath: C:\Users\Oskar\Links\RecentPlaces.lnk newfilepath: C:\Users\Oskar\Links\RecentPlaces.lnk.KENS@TUTA.IO newfilepath_r: C:\Users\Oskar\Links\RecentPlaces.lnk.KENS@TUTA.IO flags: 1 oldfilepath_r: C:\Users\Oskar\Links\RecentPlaces.lnk	success	1
1619816872.0305 MoveFileWithProgressW	oldfilepath: C:\Users\Oskar\Favorites\desktop.ini newfilepath: C:\Users\Oskar\Favorites\desktop.ini.KENS@TUTA.IO newfilepath_r: C:\Users\Oskar\Favorites\desktop.ini.KENS@TUTA.IO flags: 1 oldfilepath_r: C:\Users\Oskar\Favorites\desktop.ini	success	1
1619816874.0615 MoveFileWithProgressW	oldfilepath: C:\Users\Oskar\Favorites\Windows Live\Windows Live Hotmail.url newfilepath: C:\Users\Oskar\Favorites\Windows Live\Windows Live Hotmail.url.KENS@TUTA.IO newfilepath_r: C:\Users\Oskar\Favorites\Windows Live\Windows Live Hotmail.url.KENS@TUTA.IO flags: 1 oldfilepath_r: C:\Users\Oskar\Favorites\Windows Live\Windows Live Hotmail.url	success	1

Appends a new file extension or content to 266 files indicative of a ransomware file encryption process (50 out of 266 个事件)

Time & API	Arguments	Status	Return
1619816853.1865 MoveFileWithProgressW	oldfilepath: C:\Users\desktop.ini newfilepath: C:\Users\desktop.ini.KENS@TUTA.IO newfilepath_r: C:\Users\desktop.ini.KENS@TUTA.IO flags: 1 oldfilepath_r: C:\Users\desktop.ini	success	1
1619816853.4985 MoveFileWithProgressW	oldfilepath: C:\Users\Public\desktop.ini newfilepath: C:\Users\Public\desktop.ini.KENS@TUTA.IO newfilepath_r: C:\Users\Public\desktop.ini.KENS@TUTA.IO flags: 1 oldfilepath_r: C:\Users\Public\desktop.ini	success	1
1619816853.7805 MoveFileWithProgressW	oldfilepath: C:\Users\Public\Videos\desktop.ini newfilepath: C:\Users\Public\Videos\desktop.ini.KENS@TUTA.IO newfilepath_r: C:\Users\Public\Videos\desktop.ini.KENS@TUTA.IO flags: 1 oldfilepath_r: C:\Users\Public\Videos\desktop.ini	success	1
1619816853.9365 MoveFileWithProgressW	oldfilepath: C:\Users\Public\Videos\Sample Videos\desktop.ini newfilepath: C:\Users\Public\Videos\Sample Videos\desktop.ini.KENS@TUTA.IO newfilepath_r: C:\Users\Public\Videos\Sample Videos\desktop.ini.KENS@TUTA.IO flags: 1 oldfilepath_r: C:\Users\Public\Videos\Sample Videos\desktop.ini	success	1
1619816858.3735 MoveFileWithProgressW	oldfilepath: C:\Users\Public\Videos\Sample Videos\Wildlife.wmv newfilepath: C:\Users\Public\Videos\Sample Videos\Wildlife.wmv.KENS@TUTA.IO newfilepath_r: C:\Users\Public\Videos\Sample Videos\Wildlife.wmv.KENS@TUTA.IO flags: 1 oldfilepath_r: C:\Users\Public\Videos\Sample Videos\Wildlife.wmv	success	1
1619816858.3735 MoveFileWithProgressW	oldfilepath: C:\Users\Public\Recorded TV\desktop.ini newfilepath: C:\Users\Public\Recorded TV\desktop.ini.KENS@TUTA.IO newfilepath_r: C:\Users\Public\Recorded TV\desktop.ini.KENS@TUTA.IO flags: 1 oldfilepath_r: C:\Users\Public\Recorded TV\desktop.ini	success	1
1619816858.6865 MoveFileWithProgressW	oldfilepath: C:\Users\Public\Recorded TV\Sample Media\desktop.ini newfilepath: C:\Users\Public\Recorded TV\Sample Media\desktop.ini.KENS@TUTA.IO newfilepath_r: C:\Users\Public\Recorded TV\Sample Media\desktop.ini.KENS@TUTA.IO flags: 1 oldfilepath_r: C:\Users\Public\Recorded TV\Sample Media\desktop.ini	success	1
1619816859.7805 MoveFileWithProgressW	oldfilepath: C:\Users\Public\Recorded TV\Sample Media\win7_scenic-demoshort_raw.wtv newfilepath: C:\Users\Public\Recorded TV\Sample Media\win7_scenic-demoshort_raw.wtv.KENS@TUTA.IO newfilepath_r: C:\Users\Public\Recorded TV\Sample Media\win7_scenic-demoshort_raw.wtv.KENS@TUTA.IO flags: 1 oldfilepath_r: C:\Users\Public\Recorded TV\Sample Media\win7_scenic-demoshort_raw.wtv	success	1
1619816859.7805 MoveFileWithProgressW	oldfilepath: C:\Users\Public\Pictures\desktop.ini newfilepath: C:\Users\Public\Pictures\desktop.ini.KENS@TUTA.IO newfilepath_r: C:\Users\Public\Pictures\desktop.ini.KENS@TUTA.IO flags: 1 oldfilepath_r: C:\Users\Public\Pictures\desktop.ini	success	1
1619816861.3275 MoveFileWithProgressW	oldfilepath: C:\Users\Public\Pictures\Sample Pictures\Chrysanthemum.jpg newfilepath: C:\Users\Public\Pictures\Sample Pictures\Chrysanthemum.jpg.KENS@TUTA.IO newfilepath_r: C:\Users\Public\Pictures\Sample Pictures\Chrysanthemum.jpg.KENS@TUTA.IO flags: 1 oldfilepath_r: C:\Users\Public\Pictures\Sample Pictures\Chrysanthemum.jpg	success	1
1619816861.7645 MoveFileWithProgressW	oldfilepath: C:\Users\Public\Pictures\Sample Pictures\Desert.jpg newfilepath: C:\Users\Public\Pictures\Sample Pictures\Desert.jpg.KENS@TUTA.IO newfilepath_r: C:\Users\Public\Pictures\Sample Pictures\Desert.jpg.KENS@TUTA.IO flags: 1 oldfilepath_r: C:\Users\Public\Pictures\Sample Pictures\Desert.jpg	success	1
1619816861.7805 MoveFileWithProgressW	oldfilepath: C:\Users\Public\Pictures\Sample Pictures\desktop.ini newfilepath: C:\Users\Public\Pictures\Sample Pictures\desktop.ini.KENS@TUTA.IO newfilepath_r: C:\Users\Public\Pictures\Sample Pictures\desktop.ini.KENS@TUTA.IO flags: 1 oldfilepath_r: C:\Users\Public\Pictures\Sample Pictures\desktop.ini	success	1
1619816861.9205 MoveFileWithProgressW	oldfilepath: C:\Users\Public\Pictures\Sample Pictures\Hydrangeas.jpg newfilepath: C:\Users\Public\Pictures\Sample Pictures\Hydrangeas.jpg.KENS@TUTA.IO newfilepath_r: C:\Users\Public\Pictures\Sample Pictures\Hydrangeas.jpg.KENS@TUTA.IO flags: 1 oldfilepath_r: C:\Users\Public\Pictures\Sample Pictures\Hydrangeas.jpg	success	1
1619816862.2175 MoveFileWithProgressW	oldfilepath: C:\Users\Public\Pictures\Sample Pictures\Jellyfish.jpg newfilepath: C:\Users\Public\Pictures\Sample Pictures\Jellyfish.jpg.KENS@TUTA.IO newfilepath_r: C:\Users\Public\Pictures\Sample Pictures\Jellyfish.jpg.KENS@TUTA.IO flags: 1 oldfilepath_r: C:\Users\Public\Pictures\Sample Pictures\Jellyfish.jpg	success	1
1619816862.3895 MoveFileWithProgressW	oldfilepath: C:\Users\Public\Pictures\Sample Pictures\Koala.jpg newfilepath: C:\Users\Public\Pictures\Sample Pictures\Koala.jpg.KENS@TUTA.IO newfilepath_r: C:\Users\Public\Pictures\Sample Pictures\Koala.jpg.KENS@TUTA.IO flags: 1 oldfilepath_r: C:\Users\Public\Pictures\Sample Pictures\Koala.jpg	success	1
1619816862.7485 MoveFileWithProgressW	oldfilepath: C:\Users\Public\Pictures\Sample Pictures\Lighthouse.jpg newfilepath: C:\Users\Public\Pictures\Sample Pictures\Lighthouse.jpg.KENS@TUTA.IO newfilepath_r: C:\Users\Public\Pictures\Sample Pictures\Lighthouse.jpg.KENS@TUTA.IO flags: 1 oldfilepath_r: C:\Users\Public\Pictures\Sample Pictures\Lighthouse.jpg	success	1
1619816862.7955 MoveFileWithProgressW	oldfilepath: C:\Users\Public\Pictures\Sample Pictures\Penguins.jpg newfilepath: C:\Users\Public\Pictures\Sample Pictures\Penguins.jpg.KENS@TUTA.IO newfilepath_r: C:\Users\Public\Pictures\Sample Pictures\Penguins.jpg.KENS@TUTA.IO flags: 1 oldfilepath_r: C:\Users\Public\Pictures\Sample Pictures\Penguins.jpg	success	1
1619816863.3425 MoveFileWithProgressW	oldfilepath: C:\Users\Public\Pictures\Sample Pictures\Tulips.jpg newfilepath: C:\Users\Public\Pictures\Sample Pictures\Tulips.jpg.KENS@TUTA.IO newfilepath_r: C:\Users\Public\Pictures\Sample Pictures\Tulips.jpg.KENS@TUTA.IO flags: 1 oldfilepath_r: C:\Users\Public\Pictures\Sample Pictures\Tulips.jpg	success	1
1619816863.3425 MoveFileWithProgressW	oldfilepath: C:\Users\Public\Music\desktop.ini newfilepath: C:\Users\Public\Music\desktop.ini.KENS@TUTA.IO newfilepath_r: C:\Users\Public\Music\desktop.ini.KENS@TUTA.IO flags: 1 oldfilepath_r: C:\Users\Public\Music\desktop.ini	success	1
1619816863.6395 MoveFileWithProgressW	oldfilepath: C:\Users\Public\Music\Sample Music\AlbumArt_{5FA05D35-A682-4AF6-96F7-0773E42D4D16}_Large.jpg newfilepath: C:\Users\Public\Music\Sample Music\AlbumArt_{5FA05D35-A682-4AF6-96F7-0773E42D4D16}_Large.jpg.KENS@TUTA.IO newfilepath_r: C:\Users\Public\Music\Sample Music\AlbumArt_{5FA05D35-A682-4AF6-96F7-0773E42D4D16}_Large.jpg.KENS@TUTA.IO flags: 1 oldfilepath_r: C:\Users\Public\Music\Sample Music\AlbumArt_{5FA05D35-A682-4AF6-96F7-0773E42D4D16}_Large.jpg	success	1
1619816863.9985 MoveFileWithProgressW	oldfilepath: C:\Users\Public\Music\Sample Music\AlbumArt_{5FA05D35-A682-4AF6-96F7-0773E42D4D16}_Small.jpg newfilepath: C:\Users\Public\Music\Sample Music\AlbumArt_{5FA05D35-A682-4AF6-96F7-0773E42D4D16}_Small.jpg.KENS@TUTA.IO newfilepath_r: C:\Users\Public\Music\Sample Music\AlbumArt_{5FA05D35-A682-4AF6-96F7-0773E42D4D16}_Small.jpg.KENS@TUTA.IO flags: 1 oldfilepath_r: C:\Users\Public\Music\Sample Music\AlbumArt_{5FA05D35-A682-4AF6-96F7-0773E42D4D16}_Small.jpg	success	1
1619816863.9985 MoveFileWithProgressW	oldfilepath: C:\Users\Public\Music\Sample Music\desktop.ini newfilepath: C:\Users\Public\Music\Sample Music\desktop.ini.KENS@TUTA.IO newfilepath_r: C:\Users\Public\Music\Sample Music\desktop.ini.KENS@TUTA.IO flags: 1 oldfilepath_r: C:\Users\Public\Music\Sample Music\desktop.ini	success	1
1619816865.7645 MoveFileWithProgressW	oldfilepath: C:\Users\Public\Music\Sample Music\Kalimba.mp3 newfilepath: C:\Users\Public\Music\Sample Music\Kalimba.mp3.KENS@TUTA.IO newfilepath_r: C:\Users\Public\Music\Sample Music\Kalimba.mp3.KENS@TUTA.IO flags: 1 oldfilepath_r: C:\Users\Public\Music\Sample Music\Kalimba.mp3	success	1
1619816866.4985 MoveFileWithProgressW	oldfilepath: C:\Users\Public\Music\Sample Music\Maid with the Flaxen Hair.mp3 newfilepath: C:\Users\Public\Music\Sample Music\Maid with the Flaxen Hair.mp3.KENS@TUTA.IO newfilepath_r: C:\Users\Public\Music\Sample Music\Maid with the Flaxen Hair.mp3.KENS@TUTA.IO flags: 1 oldfilepath_r: C:\Users\Public\Music\Sample Music\Maid with the Flaxen Hair.mp3	success	1
1619816867.8735 MoveFileWithProgressW	oldfilepath: C:\Users\Public\Music\Sample Music\Sleep Away.mp3 newfilepath: C:\Users\Public\Music\Sample Music\Sleep Away.mp3.KENS@TUTA.IO newfilepath_r: C:\Users\Public\Music\Sample Music\Sleep Away.mp3.KENS@TUTA.IO flags: 1 oldfilepath_r: C:\Users\Public\Music\Sample Music\Sleep Away.mp3	success	1
1619816867.8735 MoveFileWithProgressW	oldfilepath: C:\Users\Public\Libraries\desktop.ini newfilepath: C:\Users\Public\Libraries\desktop.ini.KENS@TUTA.IO newfilepath_r: C:\Users\Public\Libraries\desktop.ini.KENS@TUTA.IO flags: 1 oldfilepath_r: C:\Users\Public\Libraries\desktop.ini	success	1
1619816868.0455 MoveFileWithProgressW	oldfilepath: C:\Users\Public\Libraries\RecordedTV.library-ms newfilepath: C:\Users\Public\Libraries\RecordedTV.library-ms.KENS@TUTA.IO newfilepath_r: C:\Users\Public\Libraries\RecordedTV.library-ms.KENS@TUTA.IO flags: 1 oldfilepath_r: C:\Users\Public\Libraries\RecordedTV.library-ms	success	1
1619816868.0615 MoveFileWithProgressW	oldfilepath: C:\Users\Public\Downloads\desktop.ini newfilepath: C:\Users\Public\Downloads\desktop.ini.KENS@TUTA.IO newfilepath_r: C:\Users\Public\Downloads\desktop.ini.KENS@TUTA.IO flags: 1 oldfilepath_r: C:\Users\Public\Downloads\desktop.ini	success	1
1619816868.2335 MoveFileWithProgressW	oldfilepath: C:\Users\Public\Documents\desktop.ini newfilepath: C:\Users\Public\Documents\desktop.ini.KENS@TUTA.IO newfilepath_r: C:\Users\Public\Documents\desktop.ini.KENS@TUTA.IO flags: 1 oldfilepath_r: C:\Users\Public\Documents\desktop.ini	success	1
1619816868.3735 MoveFileWithProgressW	oldfilepath: C:\Users\Public\Desktop\desktop.ini newfilepath: C:\Users\Public\Desktop\desktop.ini.KENS@TUTA.IO newfilepath_r: C:\Users\Public\Desktop\desktop.ini.KENS@TUTA.IO flags: 1 oldfilepath_r: C:\Users\Public\Desktop\desktop.ini	success	1
1619816868.5615 MoveFileWithProgressW	oldfilepath: C:\Users\Public\Desktop\Google Chrome.lnk newfilepath: C:\Users\Public\Desktop\Google Chrome.lnk.KENS@TUTA.IO newfilepath_r: C:\Users\Public\Desktop\Google Chrome.lnk.KENS@TUTA.IO flags: 1 oldfilepath_r: C:\Users\Public\Desktop\Google Chrome.lnk	success	1
1619816868.8895 MoveFileWithProgressW	oldfilepath: C:\Users\Oskar\NTUSER.DAT newfilepath: C:\Users\Oskar\NTUSER.DAT.KENS@TUTA.IO newfilepath_r: C:\Users\Oskar\NTUSER.DAT.KENS@TUTA.IO flags: 1 oldfilepath_r: C:\Users\Oskar\NTUSER.DAT	success	1
1619816869.2175 MoveFileWithProgressW	oldfilepath: C:\Users\Oskar\ntuser.dat.LOG1 newfilepath: C:\Users\Oskar\ntuser.dat.LOG1.KENS@TUTA.IO newfilepath_r: C:\Users\Oskar\ntuser.dat.LOG1.KENS@TUTA.IO flags: 1 oldfilepath_r: C:\Users\Oskar\ntuser.dat.LOG1	success	1
1619816869.3275 MoveFileWithProgressW	oldfilepath: C:\Users\Oskar\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf newfilepath: C:\Users\Oskar\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf.KENS@TUTA.IO newfilepath_r: C:\Users\Oskar\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf.KENS@TUTA.IO flags: 1 oldfilepath_r: C:\Users\Oskar\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf	success	1
1619816869.4675 MoveFileWithProgressW	oldfilepath: C:\Users\Oskar\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms newfilepath: C:\Users\Oskar\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms.KENS@TUTA.IO newfilepath_r: C:\Users\Oskar\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms.KENS@TUTA.IO flags: 1 oldfilepath_r: C:\Users\Oskar\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms	success	1
1619816869.5775 MoveFileWithProgressW	oldfilepath: C:\Users\Oskar\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms newfilepath: C:\Users\Oskar\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms.KENS@TUTA.IO newfilepath_r: C:\Users\Oskar\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms.KENS@TUTA.IO flags: 1 oldfilepath_r: C:\Users\Oskar\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms	success	1
1619816869.6555 MoveFileWithProgressW	oldfilepath: C:\Users\Oskar\ntuser.ini newfilepath: C:\Users\Oskar\ntuser.ini.KENS@TUTA.IO newfilepath_r: C:\Users\Oskar\ntuser.ini.KENS@TUTA.IO flags: 1 oldfilepath_r: C:\Users\Oskar\ntuser.ini	success	1
1619816869.7955 MoveFileWithProgressW	oldfilepath: C:\Users\Oskar\Videos\desktop.ini newfilepath: C:\Users\Oskar\Videos\desktop.ini.KENS@TUTA.IO newfilepath_r: C:\Users\Oskar\Videos\desktop.ini.KENS@TUTA.IO flags: 1 oldfilepath_r: C:\Users\Oskar\Videos\desktop.ini	success	1
1619816870.1705 MoveFileWithProgressW	oldfilepath: C:\Users\Oskar\Searches\desktop.ini newfilepath: C:\Users\Oskar\Searches\desktop.ini.KENS@TUTA.IO newfilepath_r: C:\Users\Oskar\Searches\desktop.ini.KENS@TUTA.IO flags: 1 oldfilepath_r: C:\Users\Oskar\Searches\desktop.ini	success	1
1619816870.4985 MoveFileWithProgressW	oldfilepath: C:\Users\Oskar\Searches\Everywhere.search-ms newfilepath: C:\Users\Oskar\Searches\Everywhere.search-ms.KENS@TUTA.IO newfilepath_r: C:\Users\Oskar\Searches\Everywhere.search-ms.KENS@TUTA.IO flags: 1 oldfilepath_r: C:\Users\Oskar\Searches\Everywhere.search-ms	success	1
1619816870.5615 MoveFileWithProgressW	oldfilepath: C:\Users\Oskar\Searches\Indexed Locations.search-ms newfilepath: C:\Users\Oskar\Searches\Indexed Locations.search-ms.KENS@TUTA.IO newfilepath_r: C:\Users\Oskar\Searches\Indexed Locations.search-ms.KENS@TUTA.IO flags: 1 oldfilepath_r: C:\Users\Oskar\Searches\Indexed Locations.search-ms	success	1
1619816870.5615 MoveFileWithProgressW	oldfilepath: C:\Users\Oskar\Saved Games\desktop.ini newfilepath: C:\Users\Oskar\Saved Games\desktop.ini.KENS@TUTA.IO newfilepath_r: C:\Users\Oskar\Saved Games\desktop.ini.KENS@TUTA.IO flags: 1 oldfilepath_r: C:\Users\Oskar\Saved Games\desktop.ini	success	1
1619816870.9835 MoveFileWithProgressW	oldfilepath: C:\Users\Oskar\Pictures\desktop.ini newfilepath: C:\Users\Oskar\Pictures\desktop.ini.KENS@TUTA.IO newfilepath_r: C:\Users\Oskar\Pictures\desktop.ini.KENS@TUTA.IO flags: 1 oldfilepath_r: C:\Users\Oskar\Pictures\desktop.ini	success	1
1619816871.3425 MoveFileWithProgressW	oldfilepath: C:\Users\Oskar\Music\desktop.ini newfilepath: C:\Users\Oskar\Music\desktop.ini.KENS@TUTA.IO newfilepath_r: C:\Users\Oskar\Music\desktop.ini.KENS@TUTA.IO flags: 1 oldfilepath_r: C:\Users\Oskar\Music\desktop.ini	success	1
1619816871.6085 MoveFileWithProgressW	oldfilepath: C:\Users\Oskar\Links\desktop.ini newfilepath: C:\Users\Oskar\Links\desktop.ini.KENS@TUTA.IO newfilepath_r: C:\Users\Oskar\Links\desktop.ini.KENS@TUTA.IO flags: 1 oldfilepath_r: C:\Users\Oskar\Links\desktop.ini	success	1
1619816871.8735 MoveFileWithProgressW	oldfilepath: C:\Users\Oskar\Links\Desktop.lnk newfilepath: C:\Users\Oskar\Links\Desktop.lnk.KENS@TUTA.IO newfilepath_r: C:\Users\Oskar\Links\Desktop.lnk.KENS@TUTA.IO flags: 1 oldfilepath_r: C:\Users\Oskar\Links\Desktop.lnk	success	1
1619816871.9525 MoveFileWithProgressW	oldfilepath: C:\Users\Oskar\Links\Downloads.lnk newfilepath: C:\Users\Oskar\Links\Downloads.lnk.KENS@TUTA.IO newfilepath_r: C:\Users\Oskar\Links\Downloads.lnk.KENS@TUTA.IO flags: 1 oldfilepath_r: C:\Users\Oskar\Links\Downloads.lnk	success	1
1619816871.9675 MoveFileWithProgressW	oldfilepath: C:\Users\Oskar\Links\RecentPlaces.lnk newfilepath: C:\Users\Oskar\Links\RecentPlaces.lnk.KENS@TUTA.IO newfilepath_r: C:\Users\Oskar\Links\RecentPlaces.lnk.KENS@TUTA.IO flags: 1 oldfilepath_r: C:\Users\Oskar\Links\RecentPlaces.lnk	success	1
1619816872.0305 MoveFileWithProgressW	oldfilepath: C:\Users\Oskar\Favorites\desktop.ini newfilepath: C:\Users\Oskar\Favorites\desktop.ini.KENS@TUTA.IO newfilepath_r: C:\Users\Oskar\Favorites\desktop.ini.KENS@TUTA.IO flags: 1 oldfilepath_r: C:\Users\Oskar\Favorites\desktop.ini	success	1
1619816874.0615 MoveFileWithProgressW	oldfilepath: C:\Users\Oskar\Favorites\Windows Live\Windows Live Hotmail.url newfilepath: C:\Users\Oskar\Favorites\Windows Live\Windows Live Hotmail.url.KENS@TUTA.IO newfilepath_r: C:\Users\Oskar\Favorites\Windows Live\Windows Live Hotmail.url.KENS@TUTA.IO flags: 1 oldfilepath_r: C:\Users\Oskar\Favorites\Windows Live\Windows Live Hotmail.url	success	1

File has been identified by 59 AntiVirus engines on VirusTotal as malicious (50 out of 59 个事件)

Bkav	W32.AIDetectVM.malware2
Elastic	malicious (high confidence)
MicroWorld-eScan	Generic.Ransom.GlobeImposter.57B14D3D
FireEye	Generic.mg.a0e495354a1e55ac
CAT-QuickHeal	Trojan.Mauvaise.SL1
McAfee	Globelmposter!A0E495354A1E
Cylance	Unsafe
SUPERAntiSpyware	Ransom.FileCoder/Variant
Sangfor	Malware
K7AntiVirus	Trojan ( 00502c261 )
Alibaba	Ransom:Win32/Genasom.ali1000102
K7GW	Trojan ( 00502c261 )
CrowdStrike	win/malicious_confidence_100% (W)
Arcabit	Generic.Ransom.GlobeImposter.57B14D3D
BitDefenderTheta	AI:Packer.D56EFFC61E
Cyren	W32/S-0a10191d!Eldorado
Symantec	Ransom.Cryptolocker
TrendMicro-HouseCall	Ransom_FAKEGLOBE.SMB
Paloalto	generic.ml
ClamAV	Win.Ransomware.Globeimposter-6991673-1
Kaspersky	HEUR:Trojan.Win32.Generic
BitDefender	Generic.Ransom.GlobeImposter.57B14D3D
NANO-Antivirus	Trojan.Win32.Encoder.faecqn
AegisLab	Trojan.Win32.Generic.4!c
Tencent	Win32.Trojan.Raas.Auto
Ad-Aware	Generic.Ransom.GlobeImposter.57B14D3D
Sophos	ML/PE-A + Troj/Ransom-EVE
Comodo	TrojWare.Win32.Necne.AB@7l2s58
DrWeb	Trojan.Encoder.11539
TrendMicro	Ransom_FAKEGLOBE.SMB
McAfee-GW-Edition	BehavesLike.Win32.Globelmposter.qh
Emsisoft	Generic.Ransom.GlobeImposter.57B14D3D (B)
SentinelOne	Static AI - Malicious PE
Jiangmin	Trojan.Generic.cblhx
Avira	HEUR/AGEN.1117723
MAX	malware (ai score=100)
Antiy-AVL	Trojan[Ransom]/Win32.GlobeImposter
Microsoft	Ransom:Win32/Filecoder.RB!MSR
ViRobot	Trojan.Win32.Ransom.75776.B
ZoneAlarm	HEUR:Trojan.Win32.Generic
GData	Generic.Ransom.GlobeImposter.57B14D3D
Cynet	Malicious (score: 100)
AhnLab-V3	Trojan/Win32.FileCoder.R228072
Acronis	suspicious
ALYac	Trojan.Ransom.GlobeImposter
TACHYON	Ransom/W32.GlobeImposter.54784.O
VBA32	BScope.Trojan.Encoder
Malwarebytes	Ransom.GlobeImposter
Panda	Trj/Genetic.gen
APEX	Malicious

Connects to IP addresses that are no longer responding to requests (legitimate services will remain up-and-running usually) (2 个事件)

dead_host	172.217.24.14:443
dead_host	172.217.160.78:443

暂无二进制图像该样本未生成二进制可视化图像

暂无运行截图该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手，可以帮您分析和解读恶意软件报告。请随时向我提问！

🔍 主要威胁分析

⚡ 行为特征

🛡️ 防护建议

🔧 技术手段

🎯 检测方法

🤖

Static Analysis
Strings

PE Compile Time

2018-04-03 00:47:20

Imports

Library KERNEL32.dll:

• 0x401024 SetFilePointerEx

• 0x401028 CloseHandle

• 0x40102c lstrlenW

• 0x401030 CreateFileW

• 0x401034 HeapCreate

• 0x401038 GetCurrentProcess

• 0x40103c ExitProcess

• 0x401040 CreateThread

• 0x401044 GetCurrentThread

• 0x401048 SetThreadPriority

• 0x40104c WaitForMultipleObjects

• 0x401050 Sleep

• 0x401054 GetLogicalDrives

• 0x401058 SetFilePointer

• 0x40105c FindClose

• 0x401060 lstrcmpiA

• 0x401064 lstrcmpiW

• 0x401068 lstrcpyA

• 0x40106c ReadFile

• 0x401070 lstrcatW

• 0x401074 GetModuleFileNameW

• 0x401078 CreateProcessW

• 0x40107c GetEnvironmentVariableW

• 0x401080 GetDriveTypeA

• 0x401084 GetTempPathW

• 0x401088 GetTempFileNameW

• 0x40108c SetFileAttributesW

• 0x401090 GetFileAttributesW

• 0x401094 FindFirstFileW

• 0x401098 FindNextFileW

• 0x40109c CopyFileW

• 0x4010a0 MoveFileExW

• 0x4010a4 SetPriorityClass

• 0x4010a8 MultiByteToWideChar

• 0x4010ac WideCharToMultiByte

• 0x4010b0 CompareStringA

• 0x4010b4 WriteFile

• 0x4010b8 GetFileSizeEx

• 0x4010bc GetLastError

• 0x4010c0 lstrlenA

• 0x4010c4 GetProcessHeap

• 0x4010c8 HeapFree

• 0x4010cc HeapReAlloc

• 0x4010d0 lstrcpyW

• 0x4010d4 HeapAlloc

Library ADVAPI32.dll:

• 0x401000 RegQueryValueExW

• 0x401004 RegOpenKeyExW

• 0x401008 RegCreateKeyExW

• 0x40100c RegCloseKey

• 0x401010 CryptGenRandom

• 0x401014 CryptReleaseContext

• 0x401018 CryptAcquireContextW

• 0x40101c RegSetValueExW

Library SHELL32.dll:

• 0x4010dc SHChangeNotify

• 0x4010e0 ShellExecuteExW

Library SHLWAPI.dll:

• 0x4010e8 PathFindFileNameW

• 0x4010ec PathRemoveFileSpecW

• 0x4010f0 PathAddBackslashW

Library ntdll.dll:

• 0x4010f8 _aulldiv

• 0x4010fc _alldiv

• 0x401100 _allrem

• 0x401104 _chkstk

• 0x401108 RtlUnwind

• 0x40110c NtQueryVirtualMemory

Hosts

No hosts contacted.

DNS

Name	Response	Post-Analysis Lookup
time.windows.com	A 20.189.79.72 CNAME time.microsoft.akadns.net
clients2.google.com	A 172.217.160.78 CNAME clients.l.google.com	172.217.160.78
dns.msftncsi.com	AAAA fd3e:4f5a:5b81::1	131.107.255.255
dns.msftncsi.com	A 131.107.255.255	131.107.255.255
teredo.ipv6.microsoft.com		127.0.0.1

TCP

No TCP connections recorded.

UDP

Source	Source Port	Destination	Destination Port
192.168.56.101	51808	114.114.114.114	53
192.168.56.101	51963	114.114.114.114	53
192.168.56.101	55368	114.114.114.114	53
192.168.56.101	60123	114.114.114.114	53
192.168.56.101	60384	114.114.114.114	53
192.168.56.101	137	192.168.56.255	137
192.168.56.101	138	192.168.56.255	138
192.168.56.101	123	20.189.79.72 time.windows.com	123
192.168.56.101	49713	224.0.0.252	5355
192.168.56.101	51378	224.0.0.252	5355
192.168.56.101	53237	224.0.0.252	5355
192.168.56.101	56804	224.0.0.252	5355
192.168.56.101	58367	224.0.0.252	5355
192.168.56.101	61680	224.0.0.252	5355
192.168.56.101	62191	224.0.0.252	5355
192.168.56.101	62318	224.0.0.252	5355
192.168.56.101	63429	224.0.0.252	5355
192.168.56.101	65004	224.0.0.252	5355
192.168.56.101	1900	239.255.255.250	1900
192.168.56.101	51379	239.255.255.250	3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.

Sorry! No dropped buffers.