Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6402	Oct. 3, 2023, 7:26 p.m.	Oct. 3, 2023, 7:29 p.m.

Size	4.1MB
Type	PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`089428711dddec20eabf7732eea8fb8d`
SHA256	`ce6716a18c07d64059b961034a2ca46b1cae66892885d9e63063a0726a391461`
CRC32	`6B6C9CC8`
ssdeep	`24576:qozi/cws4dKqNKN59W8JY/AJs8tpfL3ZBXNXBfllfXRzQHwzHwcMZ5sm/IRImfwE:EcGviAWzrN3rzjWAkHpxMjrD`
Yara	PE_Header_Zero - PE File Signature IsPE32 - (no description) Antivirus - Contains references to security software Is_DotNET_EXE - (no description) Win32_Trojan_PWS_Net_1_Zero - Win32 Trojan PWS .NET Azorult Generic_Malware_Zero - Generic Malware

UpdateSvc.exe "C:\Users\test22\AppData\Local\Temp\UpdateSvc.exe"
2984

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
164.124.101.2	Active	Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Queries for the computername (2 events)

Time & API	Arguments	Status	Return	Repeated
GetComputerNameA Oct. 3, 2023, 7:25 p.m.	computer_name: TEST22-PC	1	1	0
GetComputerNameW Oct. 3, 2023, 7:25 p.m.	computer_name: TEST22-PC	1	1	0

Checks if process is being debugged by a debugger (4 events)

Time & API	Arguments	Status	Return	Repeated
IsDebuggerPresent Oct. 3, 2023, 7:25 p.m.			0	0
IsDebuggerPresent Oct. 3, 2023, 7:25 p.m.			0	0
IsDebuggerPresent Oct. 3, 2023, 7:25 p.m.			0	0
IsDebuggerPresent Oct. 3, 2023, 7:25 p.m.			0	0

Command line console output was observed (50 out of 386 events)

Time & API	Arguments	Status	Return
WriteConsoleA Oct. 3, 2023, 7:25 p.m.	buffer: [!] Recycle Bin Not Empty console_handle: 0x00000007	1	1
WriteConsoleA Oct. 3, 2023, 7:25 p.m.	buffer: [+] Grabbed files in 110 ms console_handle: 0x00000007	1	1
WriteConsoleA Oct. 3, 2023, 7:25 p.m.	buffer: System.IO.IOException: 'C:\Users\test22\ntuser.dat.LOG1' ??? ?? ?????? ?? ???? ?????? ???? ? ????. ??: System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath) ??: System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, console_handle: 0x00000007	1	1
WriteConsoleA Oct. 3, 2023, 7:25 p.m.	buffer: Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy, Boolean useLongPath, Boolean checkHost) ??: System.IO.FileStream..ctor(String path, FileMode mode console_handle: 0x00000007	1	1
WriteConsoleA Oct. 3, 2023, 7:25 p.m.	buffer: , FileAccess access, FileShare share) ??: 44G60M0MUBB0U7GE1Y53HTWNI5SG5706WRBJ70YDHRASKFTKQJLG340KH3Y54TRWKEDD66GA91VZSDCCLH0VWTD110BDC3JXAOHFCQNTDKGBJA2E1WTW35A1BLLG5D8GS7ZE67A54HSLMBS077MQJW4FNPD0EHX9LASLLYH3VY2WMYOA3UJ80S75CU0Q3K0XTTAMSGPI0S4V4I2YBD console_handle: 0x00000007	1	1
WriteConsoleA Oct. 3, 2023, 7:25 p.m.	buffer: 6U7ZJ3CXI180AL7FC3YCRWEAHIXMB41BP0NGZ3KGJ57YK9STXZF9A9VKP6RAF0VO96KK80PJTR2VZQ0HZEYLY1BQED12LJBTJSYNZIV7J6QSH9U8FJLACK0I53F48X7KQIMG1NSRT0B2LSJES2WB7BQ92QR5C08W8GC8XOH213QLI86MUBMGA5MO1NNK5WO32P3FQLRDU4KEUF04UFLBN2WD3XGKB76EPXT3F15JUIVFUI4WWTZ0LNPA2ZL3EGCX console_handle: 0x00000007	1	1
WriteConsoleA Oct. 3, 2023, 7:25 p.m.	buffer: 8FZ6V7Z3JCREGQSV2TYSHG3CHTAPPCENG8HOS7BY36RJ5K3MHZAUSUP2MWYC7KOG7E8IJDC5S9YLYUG7ZXIZCT5VSPC5I80TSKL1MVCDXFCS6DD2Q1NJBYEOJMZ4BGWUJE3OJPVDVEC6RMZPMJPQUQR3F6S96ICQSRJ1KYTAGJY7WH66XKS11F92XAIM7WHMBVO9C8EX0OKL2UG8AVLW0LZMSREKQHDUCM5A363ZF4BM5Y9C3JMLKUV06BRV34GS console_handle: 0x00000007	1	1
WriteConsoleA Oct. 3, 2023, 7:25 p.m.	buffer: LZIQYFED2WR5JMR3RBQG52KR0FE2PI5KYSBFPTOXFITXD0QUTYD1N9XSP00TBMXT0GH1LLN8X2BWJWNAYUI1ED7Y4S0Z34W2U967TZIHKEEU7BJ2NZ5RD6PWIS62VYF2GJBJZPR8LAQ99M03J7LD9FYYUKZA2PWV9MOY99C7I6FCQPX51DTXMB2AUNZP0QG5O4AW8C3J4O4DAVHEW3JY68J7TNEWJXG2ZJXVOA7YJK3.LC8QFDXS0POH2ASZMUTA console_handle: 0x00000007	1	1
WriteConsoleA Oct. 3, 2023, 7:25 p.m.	buffer: O1W9IHIGAR4AW0QBFH51WEDKFCOLRE9NL1MTQ9I74RRJUNVBTRTFY1NJYL3G37Y5RRZ4N7VG876FX4Z1QN1AU3YUND5EFCE72W1DY0XW6NG04IW3VBZQFYKY2FRKBQA639MBCWD0ZFEHX8ZFQBSDMY2ELDKTJMUPMK655V198809UDB3PL4A76TFGIZ9LTRNVY4MB3J4KTEO72UHCQD7STSQ01YX51YPQNO5IY2WC90O2FHOYR74PU4BFOWKEW8S console_handle: 0x00000007	1	1
WriteConsoleA Oct. 3, 2023, 7:25 p.m.	buffer: 5Z7UOY9NYR4S3EYVUK9O4396SMZ4CRRQBHSCHW99STF8ZMIB0AZ4WUYBZABC9FLGAORWVVN7L95KYAHFDYDB2W3QSRMGU6AMH88K5WPEW1TXYNNZ368KBKONUADDIHMO9SCZC6KRI8PADG1FEXNY7ZL7UVZ5SM6POEYGKYW6WRCD4NJOI79V3XQJHEFRGO86C9V9SV4QAQCQWHCGLLWUMLW0YO8GSF0HSGA52K6XDTUMV9W9B8F52NT1N4KDWY75 console_handle: 0x00000007	1	1
WriteConsoleA Oct. 3, 2023, 7:25 p.m.	buffer: 058QGHNBO9R20JFY18EUA4PEWJR793APWZVZBG24VDR261ADYWMYUN46Q337ZQCV9BGBYQWVGJ97NWI5JOINRM5J4ZJIM5EEB524U8PI90RKO7S3U8XLHZEXG6H8HOIKE45R3NKL8AN04U57GPYOI37M1FYX1RBVSGFTBBAGXMNHLO3VBJ2204CL7TZYZWUR82HXPL5FPR05QZANMDWRYJ5XE4WRLLRB26ITGFGZNXMIEG5HSMMVAC2Z6UTUZO4D console_handle: 0x00000007	1	1
WriteConsoleA Oct. 3, 2023, 7:25 p.m.	buffer: 9YDTQRHG76DB6WT79O9895AZDTWVWVA93JIPCL0BEFYD903JBVUKP5DEXOQ74VTL5DIWOD4YX.DFTAIHHYX7A6JEEH1YKO7WJ6KRTFOEFQNHU3KCUSRC4IPVZ37IQA8A0Q5X01YBKS2TSCUK7YE1642AQY10HFXERNQD7WL34P2MQ5DXIWL26GD5Y4GB983E4XCEVRNKMK7QCPUVVERU45IKKVOCPK36VXR339B0JAPVJW3IKVP4QIK8O13ACL4C console_handle: 0x00000007	1	1
WriteConsoleA Oct. 3, 2023, 7:25 p.m.	buffer: RA5P701WC1L3QXBY2F1448QMMTOCFBY8GMEJ1NLT332Z7RS10FI7T9HSUSCOLZRACNWDS26O4IBBG1P5BXLA31PGFWYJL6HDM1WU4OI8I3CK8GL3CGNYOQHL7Q86DXC8A7ZPE5BWON19YEH8K5GESTZ5TKWNPM4U1EKBR6YHF0JAZIX3JAVIR7PQI354IXHCSGIU3GROG892JZFLX3EP0WD3Y33XB49STHRSAC9DTHBT8XHSYTGPS2L6DO69M3MM console_handle: 0x00000007	1	1
WriteConsoleA Oct. 3, 2023, 7:25 p.m.	buffer: 8QIBHXLU3B6SUT5BWK9RXT915VOVGA0Z4ZUROFLAIVWR63LTT4NC45YORRFWIZO2LGX59NWQ88JB7S4CJ4CLXX49AFA69Z2SH3FZFQUFI6D5WXR9WCMNXDFYLY44N0RJG04EMF73K6D0T9MNYAJ6MO5EXRNQV02SO4Z63NXRFTD09PEMLRGMQU724ZQ42RHTDVLZKQTKN213KEEINAFDUPB476BD63YYLTXODPC4859X2DR0UIQ1LD9XTR2NPPOU console_handle: 0x00000007	1	1
WriteConsoleA Oct. 3, 2023, 7:25 p.m.	buffer: EDR1R0F88KFZQOB3PLSYM6MIU94VWZPSQPTZW0I4CS3A8KHFP87E60IH1JGS5TLI5XIB4MGYCYV3DLKJ2ZFY1KV0GM7NT08SHUFKBFLD(String JBIEODP96ZGNXRUBS4RO3FM0CVSG9IWNC5SJNV1ISOWA1EUDUJSK3Y9EYSB3UJ9YD3L19LY6CJ6OSM88BPVZ0LUO6OU4U8XIO87833DIUVIU1UVMTD2FXJ81I65V03MEVX9UO9EILNEEDAWL console_handle: 0x00000007	1	1
WriteConsoleA Oct. 3, 2023, 7:25 p.m.	buffer: 2HLQGSVEAG077SS1IE8EUB8U8U3KE3XHJT2TS67CC5UIJHK34N59BS01J0RWZL9GSSXO09JMG6BZQZK1KAP18XF12AJ1OLN15OZ1T5C5ET2FQAKUQZLY5II4M6VZZR75SK4C9THO7TXO59K10ZKY9Y5WG4OXJNGWV7XGGHU7R71MV39MV49AHJ53PI6EEUETNA37MEVSFNGC6TBM5BBPOGPLC307LP272H9U9CARIR43C365HTJDSZFGVR4SNXHZ console_handle: 0x00000007	1	1
WriteConsoleA Oct. 3, 2023, 7:25 p.m.	buffer: UJJZUQN2AUG7LVJJ6501FZOCC29RIRDVJEJ3THL0GRC8TI59IVWS6PU44HW2Q5UTQVXGMP0YT9UYXQT36AJW5VY4UO8LUTKK6SS7VZX2578645HOX35QW7Y463V7QODAZK1E8VIHNQ17W19YHUY1X4Y94XA2DZMQ37HUEDQBUYCGF0IE4706ZMN5W2JKUQDXDKEZUOUEEWG81R3EP68G9Q0RUL8L3FQEUPC4WSUPMW1DFOEE9E5YS7YXTWEJPJK8 console_handle: 0x00000007	1	1
WriteConsoleA Oct. 3, 2023, 7:25 p.m.	buffer: FBNMO8S6MS3NYXMFH3MYJ1WX1OL9NKADL37DB20BW9M9DK96K9BV6VZNP0U9XSSBS0B50IEPDLCJPXTQPOZOJOG0DTYKH0NERLRNJEGB5WRVSP82HEUI2D2DTK1GU3IN781DFFHKIXSW7UHYU6DCGFLNTO48N9RBOEYUX5WB7JAEVFG8DDWX0FH2WNU1LI7IGRI36XAZJBF6EG2NI55KN3KI, Int32 57JL50YM18D7NBQC6OZ9LXQVGSPMX5NG console_handle: 0x00000007	1	1
WriteConsoleA Oct. 3, 2023, 7:25 p.m.	buffer: 96AZ0NNLQUNIYQ44PHQPVJVIRYEMKMY6U77QB0MSANT0KH6ZYV7PO8U0L2IBIBAE5QX0TO3Y47OHZ48J2PYZOJRWNGFISLK9NO53UFGJ2IVQTMAQ48I3MKZW9ANMIUGTXP4L9EYXJO7GXADAFYOUCQWCZI4T13AHCB3ERZQZJVU7NS887MHUFWQH21V0KE5QOZEWH8SQHZKQ6ZZGK6WPVQCQVWL0D0PE0DTXOM0831MQLAKDCPQNSQ47XXAVX2MR console_handle: 0x00000007	1	1
WriteConsoleA Oct. 3, 2023, 7:25 p.m.	buffer: JF02FC18FXV4EVEVLHYYJBWKJV90LELAO4GGJS79YSH4493BTPKPEYHISQTTCAWBMUPJP7L3JYA131PJ28H54560X8X38O7X5GSKTTWWERFQYPO1AJ1E31GRYZWQJR451M6XJEZILV0NZPCHU62ZW23D9AW47GMXWKZLT1R6TS2IA31IWP6NYEI8T2XIS4KFID0P01Y2O6FEAUDFIOISJ98SB110EINYHXA7DMR50D818E79ZR9EW25JFIO997YF console_handle: 0x00000007	1	1
WriteConsoleA Oct. 3, 2023, 7:25 p.m.	buffer: TR6MUFC66M1FBGT632AWJJBP10148S53P2IRIVOTODHKA0I8ZRFH7B6JPQV3OH8NR80I7BYINQHFB1PBS2FQNX5N59C19UFHE42C99BX274Q40HXBTLVCRA3CMN896I2KABH8MBT1SYP3PTE1O0PJTFW499XWDY5ZBF3ZAYYS24T3U9X3IGUG2T05ON9NO6Y4201J0P1ZB7RZV2J9L4N7DZ6SO7KXZLE5GZB4HOD3O4E5CBKVD9BUT00D3J42EEA console_handle: 0x00000007	1	1
WriteConsoleA Oct. 3, 2023, 7:25 p.m.	buffer: 03VT51P171TSIUBQNXYT0JULP87A8UKZK4OBQRO4YHD39IRT22QFPUJQJJE64P3NQ4HOF9A6I45SF0MGROIGDFJZU72GNR9JO0MFADN22U6VZ0KS77PQGXJLVR3HG3S14WEPOGGNAPNS) ??: 44G60M0MUBB0U7GE1Y53HTWNI5SG5706WRBJ70YDHRASKFTKQJLG340KH3Y54TRWKEDD66GA91VZSDCCLH0VWTD110BDC3JXAOHFCQNTDK console_handle: 0x00000007	1	1
WriteConsoleA Oct. 3, 2023, 7:25 p.m.	buffer: GBJA2E1WTW35A1BLLG5D8GS7ZE67A54HSLMBS077MQJW4FNPD0EHX9LASLLYH3VY2WMYOA3UJ80S75CU0Q3K0XTTAMSGPI0S4V4I2YBD6U7ZJ3CXI180AL7FC3YCRWEAHIXMB41BP0NGZ3KGJ57YK9STXZF9A9VKP6RAF0VO96KK80PJTR2VZQ0HZEYLY1BQED12LJBTJSYNZIV7J6QSH9U8FJLACK0I53F48X7KQIMG1NSRT0B2LSJES2WB7BQ9 console_handle: 0x00000007	1	1
WriteConsoleA Oct. 3, 2023, 7:25 p.m.	buffer: 2QR5C08W8GC8XOH213QLI86MUBMGA5MO1NNK5WO32P3FQLRDU4KEUF04UFLBN2WD3XGKB76EPXT3F15JUIVFUI4WWTZ0LNPA2ZL3EGCX8FZ6V7Z3JCREGQSV2TYSHG3CHTAPPCENG8HOS7BY36RJ5K3MHZAUSUP2MWYC7KOG7E8IJDC5S9YLYUG7ZXIZCT5VSPC5I80TSKL1MVCDXFCS6DD2Q1NJBYEOJMZ4BGWUJE3OJPVDVEC6RMZPMJPQUQR3 console_handle: 0x00000007	1	1
WriteConsoleA Oct. 3, 2023, 7:25 p.m.	buffer: F6S96ICQSRJ1KYTAGJY7WH66XKS11F92XAIM7WHMBVO9C8EX0OKL2UG8AVLW0LZMSREKQHDUCM5A363ZF4BM5Y9C3JMLKUV06BRV34GSLZIQYFED2WR5JMR3RBQG52KR0FE2PI5KYSBFPTOXFITXD0QUTYD1N9XSP00TBMXT0GH1LLN8X2BWJWNAYUI1ED7Y4S0Z34W2U967TZIHKEEU7BJ2NZ5RD6PWIS62VYF2GJBJZPR8LAQ99M03J7LD9FYY console_handle: 0x00000007	1	1
WriteConsoleA Oct. 3, 2023, 7:25 p.m.	buffer: UKZA2PWV9MOY99C7I6FCQPX51DTXMB2AUNZP0QG5O4AW8C3J4O4DAVHEW3JY68J7TNEWJXG2ZJXVOA7YJK3.LC8QFDXS0POH2ASZMUTAO1W9IHIGAR4AW0QBFH51WEDKFCOLRE9NL1MTQ9I74RRJUNVBTRTFY1NJYL3G37Y5RRZ4N7VG876FX4Z1QN1AU3YUND5EFCE72W1DY0XW6NG04IW3VBZQFYKY2FRKBQA639MBCWD0ZFEHX8ZFQBSDMY2E console_handle: 0x00000007	1	1
WriteConsoleA Oct. 3, 2023, 7:25 p.m.	buffer: LDKTJMUPMK655V198809UDB3PL4A76TFGIZ9LTRNVY4MB3J4KTEO72UHCQD7STSQ01YX51YPQNO5IY2WC90O2FHOYR74PU4BFOWKEW8S5Z7UOY9NYR4S3EYVUK9O4396SMZ4CRRQBHSCHW99STF8ZMIB0AZ4WUYBZABC9FLGAORWVVN7L95KYAHFDYDB2W3QSRMGU6AMH88K5WPEW1TXYNNZ368KBKONUADDIHMO9SCZC6KRI8PADG1FEXNY7ZL7 console_handle: 0x00000007	1	1
WriteConsoleA Oct. 3, 2023, 7:25 p.m.	buffer: UVZ5SM6POEYGKYW6WRCD4NJOI79V3XQJHEFRGO86C9V9SV4QAQCQWHCGLLWUMLW0YO8GSF0HSGA52K6XDTUMV9W9B8F52NT1N4KDWY75058QGHNBO9R20JFY18EUA4PEWJR793APWZVZBG24VDR261ADYWMYUN46Q337ZQCV9BGBYQWVGJ97NWI5JOINRM5J4ZJIM5EEB524U8PI90RKO7S3U8XLHZEXG6H8HOIKE45R3NKL8AN04U57GPYOI37M console_handle: 0x00000007	1	1
WriteConsoleA Oct. 3, 2023, 7:25 p.m.	buffer: 1FYX1RBVSGFTBBAGXMNHLO3VBJ2204CL7TZYZWUR82HXPL5FPR05QZANMDWRYJ5XE4WRLLRB26ITGFGZNXMIEG5HSMMVAC2Z6UTUZO4D9YDTQRHG76DB6WT79O9895AZDTWVWVA93JIPCL0BEFYD903JBVUKP5DEXOQ74VTL5DIWOD4YX.KRRGT86J778MFW6RK8D1YMA3ZKRV5T0N16487IUHINLBKGXPHA48PCT7QXQIQLONHVUI17TBO5TKB8 console_handle: 0x00000007	1	1
WriteConsoleA Oct. 3, 2023, 7:25 p.m.	buffer: TSXCN4Y17YM6RJ1L06874YVOXKQ3UTSJ6SE8VO8TZQX554PKKCEXLDE47IPDO5GNFDA9F3ZM8PIOBZS24GTRO573OKAM95E3JJZ14QEQM2Y64Z3H0WIIMZ9KGGV42NNDKOF1907OBCEWGA8YR3WMW6RTKPVY4KY9PVVQUBH9Y4GJUMDFI7N80AQN7VQUFJT1NFHVPSDPWXY2ZH98MPQ76ZJOEHS9UX3OKP6OFS0Z37MCMYYZVSI03V4Y53QH9D49 console_handle: 0x00000007	1	1
WriteConsoleA Oct. 3, 2023, 7:25 p.m.	buffer: 4JRKLU24Y0D9MGBQT3OCPDVYVHTMBTZ0DNIDGNNAZNBDS5LY19XFZ2T1Y2ZEBQ2FBN6988JFQOMBBSGZ64UB5TBK3QPOYJ8IV6BE9MZ20RZLPSZFV9HH50JRLVFST5RHPDPFQB0UE2LN405L0J2ZB1N5WU3OGHJ4AS5LCUZUIXCDO5XVZ41JC1FX0US5IMN6SQNL4(String IGTIROYJQ07HYMQ91JNIUSB4L6JGV7SL1FWU04K08RD28BYBQSY console_handle: 0x00000007	1	1
WriteConsoleA Oct. 3, 2023, 7:25 p.m.	buffer: D8W9ZFZ6UFSYSHVQSZ5J78WJDOJ5KIHZCIPNEG6PA7ZVQ2VUNUFLUJ1ELN6K53WM72WJ2HLM3PI9JA3K3YSZC5F2RKB1KVTHLMYXGL1FI3SEA25LTVRHL6KBX32SFUBH6BX6MGDS6MQINA2YP0HYEM5OCW9NSJ9Y1KI9E89NS9K8QBYXAEDPMNDTFJ4ZGZ9XN2RC13TQ14GEB78A8LMOGUMOHY35EJH29XVYUW5HUWYSG8RIL314NVR2PC4CAYMR console_handle: 0x00000007	1	1
WriteConsoleA Oct. 3, 2023, 7:25 p.m.	buffer: WOFOMKQMQF3T63HIHUTLSMONF2IR12H5KH523D6BMPOI286W4W5PEB8K92JTB8UX78IY8PPEYS8D8GVH5WXF610JIU3B3M9N40K3ZHXPG11WC4M2GBXPLP0FH8QNVOKLTUJH51RY8H8FAEHNIA42YUBO9FW01K42RPDRVE6PU9QERVED1CFUUSW9S4H0F06YNGXVAZ2DEPIYD77OAS8YEJI92D817FK3D21L7TCCKBQEK75V630W1HTE7Y270AG8 console_handle: 0x00000007	1	1
WriteConsoleA Oct. 3, 2023, 7:25 p.m.	buffer: EOVKGWQQP6OD2DZ4HN4DPXB5IXNI1FMJ5SA5MVPKMKH53QL497ZMGCTRNZCTJHYKUFIJD4SW8T1EQFC2LSJ3Q9C29SRWS6BEV7LYHC1FPCOWLOBIXJH0843UCPJVM5EBSWTT4OUJ1EOOUQQVQJ9IYKF0D0V12G2T8MEY5SNIZ8, String 4QPAV9YED65NHQ2PE22QVL5QHM20750TZMLKYZA2DBZXC96HCDJP6RNSV82JG8GHFLX5FS1O29NTV console_handle: 0x00000007	1	1
WriteConsoleA Oct. 3, 2023, 7:25 p.m.	buffer: HNIPUX4WKWH82ZZ70VF4SR0LACUM4X6E36NVU3WKMU4ZQ6M3BRCNIZDZW7ORDS2XZDE5LEN694S7WB5D01KNUT6E3X8XOEH32H9M2QR7EFONGFDVBL1MHOCGHACXG0R4WYFPCSLKJNJPES7XUNVDN5WNE2F1N30NYT0SAXTS9RC4FXBYCPD3ENR1C2LJNT6PW50V1OX73CE621IQ0QZ807JKB9QHLJFPUXHJ6Q7X1F9CJV8KT4S647ZZWQT28PVU console_handle: 0x00000007	1	1
WriteConsoleA Oct. 3, 2023, 7:25 p.m.	buffer: 6ZLFT8UKTBHU8GBQAFYR1IUW7SXQ6EZLUPFTK30VJIN30E1PPD221D2YEYHBKENOL5ASBRFHOCHT41531IB3M7UQWRPVVZLF49S5EIO77VNY5J3N2OKCDTBOKT6UCTVZ1CY5J9YS3D51U5UMXB3GPICK7EVVL45O9X73U8E2Z1I9YK3O8U6A0OKSAN7FODH9IR26811Y7ARXACWXKGW174XUNO3GB8OWUJ1HR7QH2HCZ7WS71J4IQPBO3HST7UX9 console_handle: 0x00000007	1	1
WriteConsoleA Oct. 3, 2023, 7:25 p.m.	buffer: W5D1LOGMZP8Z28W165P2DGFEHNNJP7JHUDDCS0WMCSSARLV5V0WCF45QZ8T8B672G0FY5UIFJCZVXEX51SYYKGCZIWMTHYLGUZ40G79ARR3DFJ2VLYHSHJR9YPQIHZ8V0SB8K7Z4SYG3N9U831ITQ39KH4C0Q132SIMWI4KN8M9SCYWY5SOPQPE6T00Q59N14NKFW709Q4UE4QITHN48MNMDDPDSD4S98HYZNQC81P9V4ACCSHISEPPRBHBG3H5V console_handle: 0x00000007	1	1
WriteConsoleA Oct. 3, 2023, 7:25 p.m.	buffer: MUFX2SF0L6G7N0IDNAA6WA5T2GXFP5EUTNJK4PK9BRGHJRDL9722H99LZV4V5ALP2WOAQ8J80A5E3XJKCMFRCLMUN8UIUYEAG1PXDD4BY4CGD4RCLUTS43NQJ3WSNAOC648CIWH9) ??: MJDHO2NBWZFZ43MOB225J6R6SX5QJ3FW3VDKJG171GULG8DUEDNYCZVQ2HY06723UT6JZBF5B4ECMFZTTLLGPQTE9XSBRAB3O00XC45D8SXHVS console_handle: 0x00000007	1	1
WriteConsoleA Oct. 3, 2023, 7:25 p.m.	buffer: EWRFHUWVOD91JCSDNB3KYVOBQZQHI73LTQT6UM3QH2MXYLV2U4FVOK4THPYREONRJXI2TWTAHMC5I1NFEXXN1H7IVAYEYLL2P5NAD2J8LEOBH9KPBTNR1AZB09GT7OM6BKQMONBLNYCX35AWZICE74BPGLKDV0A62RA7T8BYRBDC7BH49U3YMH8HIAFCD80XYF5M5CD0HOW609REDPEB6MUUS2YS38UTLQO2G586QDR7UCRJTA9X4Y0MVL3COU7I console_handle: 0x00000007	1	1
WriteConsoleA Oct. 3, 2023, 7:25 p.m.	buffer: 3DUJUY8HQIU35W9QLO8296ZW0CH5C6R5GIERRHY4C1HVE7Q8MM19WEJ6O8SSRDFU0YXWSR8EZE0HZDS3VITZESJB8HCTYGN9WW5PK3Q4OXJROCHLPZ7ITQPIOVYKPOPT11VCICT11ZLRI2W691D9IEPGGXBYFFO9HZ0XQECNGGR4E79W91KXKPLWLP6VB5VWKLKTB9P5Y03CXUBJYOZN51Y2ODLBIRMKU4U3XPV9MP8UWI91OX6WFH0SXRE7XOXG console_handle: 0x00000007	1	1
WriteConsoleA Oct. 3, 2023, 7:25 p.m.	buffer: NSR29IVI3ZBP2EGFDTXVUZFNEBFFLXM722GD1H1FBY3QGL0TL83D0BWYNEY8CP7FNDXA7CO62RT65ZG2LW4M3IH0GR0WT3DW1YCCX0VJU7LJSZ2Y75WPVUMF674PM1N8O7EHWEFVBU1667HQZCZYGXAGL7FZ5F62UN4VUVB2ZBOA2QI8ZO0KCZ10685Z9PZ5Y9LTDW5DA68FJAN5YG9RPW05VEYWZM3KMSM3EZ5DSWJF0VR5U9A2PHQBIQ797INY console_handle: 0x00000007	1	1
WriteConsoleA Oct. 3, 2023, 7:25 p.m.	buffer: CX30YT19K692NUE9W3CZLB4EBLVX16FJIVDD20HAIBRTIYXXM7ME.QYW3VGV0USOE7RX8JCTB8XA8CQIZE3LUX7AK12JQELV344QZBS2YLB93XY0E86V0H3QAQMGR3C6XBGDIASYVBWJV8GWDCESHZ4WBNQJYLK4IEM2QUREPI9ZUU5BJ0COZUY7GUB4UJ9K01AQWOFSUAC9ZEBRSO97J5FYQOV6SWUFIZ93TOP4VU4YRYHBTUMFKBB4VMAH2J97 console_handle: 0x00000007	1	1
WriteConsoleA Oct. 3, 2023, 7:25 p.m.	buffer: Q61AFI7E8EMYBQG1GTN8KO5GYFHGNHBMU6IU7H6KXHHFYM2EGJBJ5BWBBUL9B111CAEEHW39XCLCH0SMMCADG2QSJHTM66J5QQCXHX7TQCV20T4LC8W80XUKUV4ACQC03PW1X4FZFQXEGX1ZMHK7KKE252DV26Q9959L7DXI373KAQD73FY5GFQSK4540T6J9XFLXQ2IUBDMR41PZG1XIV33PRADH3RKBUKNL1JNMPKECDAPCQFU1IBN3L5GPZA1 console_handle: 0x00000007	1	1
WriteConsoleA Oct. 3, 2023, 7:25 p.m.	buffer: U3L7UOE76OL2KZ0LRVB1X7S2T6U96D7XOTUJ2C5YMHXN7IDDUTY4YJDWKSOX3EB3QXO1FRTOZMOQJE5K3QOMOC9EQ78JYI4HG46J4L8DAKFL4XMGXD4NZZONYJKITKZRSHJPHWQRSLMD7YK3U2VVNQSRQTUUBZUZVY2XN78BWM5ONKQA8RX0ZEDCY29YB5Q21WSJ5WPW3U8AUDDFCTVTC3ARU08V8J916DW01GFMCB7EFCRUY3VRJ6Z8WBYEX4XT console_handle: 0x00000007	1	1
WriteConsoleA Oct. 3, 2023, 7:25 p.m.	buffer: UHERRNN6OJRA65LSJN6FYRRANYE0SAYHNNU889DLQZD9OZB0ZG5J8S5CZDD2IWNOVKXSLNUJKUY8ORVYWNALFOJ4RRI45LC3LZOECSOMWV9N46YHSPF4VCIGB2B4EZO9R5WYDRWE8YZTO5AU2AMPFHHJQHDJRUH6HA58K9EA3B57NZ2F1QBDN83KYNI5OMWOQ2MO9CK36LWELJ61P7RBSETIHVK61JVQORQUMNFZFIHBMY8OQRPQ4V.VTYHANN0Y console_handle: 0x00000007	1	1
WriteConsoleA Oct. 3, 2023, 7:25 p.m.	buffer: H11L7QP4LSAIII828NMCCN3JALY9H7K1ZZBZEL7LKHPYTXNK0OC9AYW38RKV1QXNHITSHIYWQA248E0N8OI24L0BDI0XBLU3UCRKE5DRZQTA515416XMH4S6SRP8SBVEQ8K5WPJDL1CO10FLN66EYHWZUV2WQE9Y4PT7Q9HLXUAQ1DE2MDVVFQPIMVLBXXWH2OTMGI5NZUQEGG7QQAKNTNTN9KU5XFYA73YNT2VDHH5UALBGX5VXNJYO4FM5XA0U console_handle: 0x00000007	1	1
WriteConsoleA Oct. 3, 2023, 7:25 p.m.	buffer: 6QGNSU6XOGFLS9NXJOH2UAWXFJTOP0QHRLXTEYYD87JHEM651ZWJ27964THIBSIY074GL4SUZE3W1PS3NXW0DGOTL1YVRQCQZUQHRZU7GCTYDNEOAO4N6SUTSL4TF7CJBN6G8LMXDZTBX0P8XKUDVZUHA7YG5A1J9JW0Q7PZBGJG8S625665M9YM2ZGBXF2D8KCNDZRZ45BPPNIRB5K8E569VK701OB6NGIYQSZFOGBR8J6PRZA1448COC22218Q console_handle: 0x00000007	1	1
WriteConsoleA Oct. 3, 2023, 7:25 p.m.	buffer: 3FBJFUASGFU84OBMNRJCNKBTHGKOZ6MXHUX2HXK6YRVZJAI9AQPKR6CTERB8KV3J261J0IEZHMN6YLJH7KNIRCGKSEYZWLWCYL6MI8I1MZCETG42I3B9IU200Q1WUOD60LHNO789CW619B1LJ5R2KX4DTGV2GVH8VGOI8ROK5B6VXA0ZZPNY6LWCQD4ILG2RO8F3XTN1RH7I0IQSQ6D1HSCKTL14XF9YJPHZ46BFCVHZNNLIXL2ODBJ665JL1SDL console_handle: 0x00000007	1	1
WriteConsoleA Oct. 3, 2023, 7:25 p.m.	buffer: HI9LB0XT47YWLM6F9TGMNUVHGL39XZNTR5RFOAH7XIUGMXUT8DMIM17WX1EZ6Y5ETFEQ4118MIYEAP5T0KBTNFH075SW5RA9MQWHSEYGMN6DD2WH6V9WXM0O7NS9JFD5IZ1U2YAWV4G9IEWEIK0KROMAZIJFW.JEANZ5NM2WVAI59ZKW3N5LNJLU8AQN0HUJ39KN70QO8JL7L0U2O8OK1810CE6N6P5OP8CAP7YD6QND7OJHQX922KS5HTL33DST console_handle: 0x00000007	1	1
WriteConsoleA Oct. 3, 2023, 7:25 p.m.	buffer: N7RMYUNQJLOKUX3Y4Y7IPDWEQG25W5J283ZA67T5KSSR6HKU0W8FGJDKLM5R2R4OBVM17317FB77UFII6IF97EVYZPYTCBC2XDPK5TW75AAEMG0GEWVUM5R79XBSEH5D8EJQZ7NNVHE6DRMSYSPPPSQ2WRKHRD3XF6FH7KQGJI8E1V3SLS4V2QXQYQ4IWF5SOQ0HLFVOCIFHUMBBX269JH4ZIZSRQHTENQ0K4WGG7PTUKQ6MO2U4I6IGWB8WWD84 console_handle: 0x00000007	1	1

Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 event)

Time & API	Arguments	Status	Return	Repeated
GlobalMemoryStatusEx Oct. 3, 2023, 7:25 p.m.		1	1	0

Allocates read-write-execute memory (usually to unpack itself) (20 events)

Time & API	Arguments	Status
NtAllocateVirtualMemory Oct. 3, 2023, 7:25 p.m.	process_identifier: 2984 region_size: 1114112 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00770000 allocation_type: 8192 (MEM_RESERVE) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Oct. 3, 2023, 7:25 p.m.	process_identifier: 2984 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00840000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtProtectVirtualMemory Oct. 3, 2023, 7:25 p.m.	process_identifier: 2984 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73dc1000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Oct. 3, 2023, 7:25 p.m.	process_identifier: 2984 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73dc2000 process_handle: 0xffffffff	1
NtAllocateVirtualMemory Oct. 3, 2023, 7:25 p.m.	process_identifier: 2984 region_size: 393216 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x004e0000 allocation_type: 8192 (MEM_RESERVE) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Oct. 3, 2023, 7:25 p.m.	process_identifier: 2984 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00500000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Oct. 3, 2023, 7:25 p.m.	process_identifier: 2984 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00402000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Oct. 3, 2023, 7:25 p.m.	process_identifier: 2984 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x004b5000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Oct. 3, 2023, 7:25 p.m.	process_identifier: 2984 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x004bb000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Oct. 3, 2023, 7:25 p.m.	process_identifier: 2984 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x004b7000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Oct. 3, 2023, 7:25 p.m.	process_identifier: 2984 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0041c000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Oct. 3, 2023, 7:25 p.m.	process_identifier: 2984 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x007b0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Oct. 3, 2023, 7:25 p.m.	process_identifier: 2984 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0041a000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Oct. 3, 2023, 7:25 p.m.	process_identifier: 2984 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0040c000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Oct. 3, 2023, 7:25 p.m.	process_identifier: 2984 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00426000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Oct. 3, 2023, 7:25 p.m.	process_identifier: 2984 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0042a000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Oct. 3, 2023, 7:25 p.m.	process_identifier: 2984 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00427000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Oct. 3, 2023, 7:25 p.m.	process_identifier: 2984 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0040a000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Oct. 3, 2023, 7:25 p.m.	process_identifier: 2984 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x007b1000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Oct. 3, 2023, 7:25 p.m.	process_identifier: 2984 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x007b2000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1

Creates (office) documents on the filesystem (16 events)

file	C:\Users\test22\Documents\NLyIsaaxJX.doc
file	C:\Users\test22\Documents\wAEtAKIJFX.pptx
file	C:\Users\test22\Documents\VRLvOcnesjV.ppt
file	C:\Users\test22\Documents\readme.doc
file	C:\Users\test22\Documents\EefiECbiAmdELjIw.ppt
file	C:\Users\test22\Documents\yOHImvILFezWCCIzAF.doc
file	C:\Users\test22\Documents\OHegRhAjkJThZ.docm
file	C:\Users\test22\Documents\HCiXgCpXSEYfu.ppt
file	C:\Users\test22\Documents\aMRQkjesns.docx
file	C:\Users\test22\Documents\GYItCWVMWNA.docm
file	C:\Users\test22\Documents\readme.xls
file	C:\Users\test22\Documents\phishing_file.pdf
file	C:\Users\test22\Documents\UhtRyoVgpZRxxtmYHK.docx
file	C:\Users\test22\Documents\alGoBaZiKf.docm
file	C:\Users\test22\Documents\nXetSfHUOyG.docm
file	C:\Users\test22\Documents\HlUnDYTbaG.pptx

Checks for the Locally Unique Identifier on the system for a suspicious privilege (1 event)

Time & API	Arguments	Status	Return	Repeated
LookupPrivilegeValueW Oct. 3, 2023, 7:25 p.m.	system_name: privilege_name: SeDebugPrivilege	1	1	0

Looks for the Windows Idle Time to determine the uptime (1 event)

Time & API	Arguments	Status	Return	Repeated
NtQuerySystemInformation Oct. 3, 2023, 7:25 p.m.	information_class: 8 (SystemProcessorPerformanceInformation)	1	0	0

Performs 84 file moves indicative of a ransomware file encryption process (50 out of 84 events)

Time & API	Arguments	Status	Return
MoveFileWithProgressW Oct. 3, 2023, 7:25 p.m.	newfilepath_r: C:\Users\test22\Documents\OHegRhAjkJThZ.docm.Payola flags: 2 oldfilepath_r: C:\Users\test22\Documents\OHegRhAjkJThZ.docm newfilepath: C:\Users\test22\Documents\OHegRhAjkJThZ.docm.Payola oldfilepath: C:\Users\test22\Documents\OHegRhAjkJThZ.docm	1	1
MoveFileWithProgressW Oct. 3, 2023, 7:25 p.m.	newfilepath_r: C:\Users\test22\Videos\desktop.ini.Payola flags: 2 oldfilepath_r: C:\Users\test22\Videos\desktop.ini newfilepath: C:\Users\test22\Videos\desktop.ini.Payola oldfilepath: C:\Users\test22\Videos\desktop.ini	1	1
MoveFileWithProgressW Oct. 3, 2023, 7:25 p.m.	newfilepath_r: C:\Users\test22\Documents\phishing_file.pdf.Payola flags: 2 oldfilepath_r: C:\Users\test22\Documents\phishing_file.pdf newfilepath: C:\Users\test22\Documents\phishing_file.pdf.Payola oldfilepath: C:\Users\test22\Documents\phishing_file.pdf	1	1
MoveFileWithProgressW Oct. 3, 2023, 7:25 p.m.	newfilepath_r: C:\Users\test22\Documents\readme.bmp.Payola flags: 2 oldfilepath_r: C:\Users\test22\Documents\readme.bmp newfilepath: C:\Users\test22\Documents\readme.bmp.Payola oldfilepath: C:\Users\test22\Documents\readme.bmp	1	1
MoveFileWithProgressW Oct. 3, 2023, 7:25 p.m.	newfilepath_r: C:\Users\test22\Documents\readme.c.Payola flags: 2 oldfilepath_r: C:\Users\test22\Documents\readme.c newfilepath: C:\Users\test22\Documents\readme.c.Payola oldfilepath: C:\Users\test22\Documents\readme.c	1	1
MoveFileWithProgressW Oct. 3, 2023, 7:25 p.m.	newfilepath_r: C:\Users\test22\Documents\readme.cpp.Payola flags: 2 oldfilepath_r: C:\Users\test22\Documents\readme.cpp newfilepath: C:\Users\test22\Documents\readme.cpp.Payola oldfilepath: C:\Users\test22\Documents\readme.cpp	1	1
MoveFileWithProgressW Oct. 3, 2023, 7:25 p.m.	newfilepath_r: C:\Users\test22\Documents\readme.doc.Payola flags: 2 oldfilepath_r: C:\Users\test22\Documents\readme.doc newfilepath: C:\Users\test22\Documents\readme.doc.Payola oldfilepath: C:\Users\test22\Documents\readme.doc	1	1
MoveFileWithProgressW Oct. 3, 2023, 7:25 p.m.	newfilepath_r: C:\Users\test22\Documents\readme.hwp.Payola flags: 2 oldfilepath_r: C:\Users\test22\Documents\readme.hwp newfilepath: C:\Users\test22\Documents\readme.hwp.Payola oldfilepath: C:\Users\test22\Documents\readme.hwp	1	1
MoveFileWithProgressW Oct. 3, 2023, 7:25 p.m.	newfilepath_r: C:\Users\test22\.idlerc\recent-files.lst.Payola flags: 2 oldfilepath_r: C:\Users\test22\.idlerc\recent-files.lst newfilepath: C:\Users\test22\.idlerc\recent-files.lst.Payola oldfilepath: C:\Users\test22\.idlerc\recent-files.lst	1	1
MoveFileWithProgressW Oct. 3, 2023, 7:25 p.m.	newfilepath_r: C:\Users\test22\Documents\readme.ini.Payola flags: 2 oldfilepath_r: C:\Users\test22\Documents\readme.ini newfilepath: C:\Users\test22\Documents\readme.ini.Payola oldfilepath: C:\Users\test22\Documents\readme.ini	1	1
MoveFileWithProgressW Oct. 3, 2023, 7:25 p.m.	newfilepath_r: C:\Users\test22\ntuser.ini.Payola flags: 2 oldfilepath_r: C:\Users\test22\ntuser.ini newfilepath: C:\Users\test22\ntuser.ini.Payola oldfilepath: C:\Users\test22\ntuser.ini	1	1
MoveFileWithProgressW Oct. 3, 2023, 7:25 p.m.	newfilepath_r: C:\Users\test22\Documents\readme.txt.Payola flags: 2 oldfilepath_r: C:\Users\test22\Documents\readme.txt newfilepath: C:\Users\test22\Documents\readme.txt.Payola oldfilepath: C:\Users\test22\Documents\readme.txt	1	1
MoveFileWithProgressW Oct. 3, 2023, 7:25 p.m.	newfilepath_r: C:\Users\test22\AppData\Local\GDIPFONTCACHEV1.DAT.Payola flags: 2 oldfilepath_r: C:\Users\test22\AppData\Local\GDIPFONTCACHEV1.DAT newfilepath: C:\Users\test22\AppData\Local\GDIPFONTCACHEV1.DAT.Payola oldfilepath: C:\Users\test22\AppData\Local\GDIPFONTCACHEV1.DAT	1	1
MoveFileWithProgressW Oct. 3, 2023, 7:25 p.m.	newfilepath_r: C:\Users\test22\Documents\readme.xls.Payola flags: 2 oldfilepath_r: C:\Users\test22\Documents\readme.xls newfilepath: C:\Users\test22\Documents\readme.xls.Payola oldfilepath: C:\Users\test22\Documents\readme.xls	1	1
MoveFileWithProgressW Oct. 3, 2023, 7:25 p.m.	newfilepath_r: C:\Users\test22\AppData\Local\IconCache.db.Payola flags: 2 oldfilepath_r: C:\Users\test22\AppData\Local\IconCache.db newfilepath: C:\Users\test22\AppData\Local\IconCache.db.Payola oldfilepath: C:\Users\test22\AppData\Local\IconCache.db	1	1
MoveFileWithProgressW Oct. 3, 2023, 7:25 p.m.	newfilepath_r: C:\Users\test22\Documents\UhtRyoVgpZRxxtmYHK.docx.Payola flags: 2 oldfilepath_r: C:\Users\test22\Documents\UhtRyoVgpZRxxtmYHK.docx newfilepath: C:\Users\test22\Documents\UhtRyoVgpZRxxtmYHK.docx.Payola oldfilepath: C:\Users\test22\Documents\UhtRyoVgpZRxxtmYHK.docx	1	1
MoveFileWithProgressW Oct. 3, 2023, 7:25 p.m.	newfilepath_r: C:\Users\test22\AppData\Local\resmon.resmoncfg.Payola flags: 2 oldfilepath_r: C:\Users\test22\AppData\Local\resmon.resmoncfg newfilepath: C:\Users\test22\AppData\Local\resmon.resmoncfg.Payola oldfilepath: C:\Users\test22\AppData\Local\resmon.resmoncfg	1	1
MoveFileWithProgressW Oct. 3, 2023, 7:25 p.m.	newfilepath_r: C:\Users\test22\Documents\VRLvOcnesjV.ppt.Payola flags: 2 oldfilepath_r: C:\Users\test22\Documents\VRLvOcnesjV.ppt newfilepath: C:\Users\test22\Documents\VRLvOcnesjV.ppt.Payola oldfilepath: C:\Users\test22\Documents\VRLvOcnesjV.ppt	1	1
MoveFileWithProgressW Oct. 3, 2023, 7:25 p.m.	newfilepath_r: C:\Users\test22\AppData\Local\Adobe\Acrobat\9.0\Cache\AcroFnt09.lst.Payola flags: 2 oldfilepath_r: C:\Users\test22\AppData\Local\Adobe\Acrobat\9.0\Cache\AcroFnt09.lst newfilepath: C:\Users\test22\AppData\Local\Adobe\Acrobat\9.0\Cache\AcroFnt09.lst.Payola oldfilepath: C:\Users\test22\AppData\Local\Adobe\Acrobat\9.0\Cache\AcroFnt09.lst	1	1
MoveFileWithProgressW Oct. 3, 2023, 7:25 p.m.	newfilepath_r: C:\Users\test22\Documents\wAEtAKIJFX.pptx.Payola flags: 2 oldfilepath_r: C:\Users\test22\Documents\wAEtAKIJFX.pptx newfilepath: C:\Users\test22\Documents\wAEtAKIJFX.pptx.Payola oldfilepath: C:\Users\test22\Documents\wAEtAKIJFX.pptx	1	1
MoveFileWithProgressW Oct. 3, 2023, 7:25 p.m.	newfilepath_r: C:\Users\test22\.idlerc\breakpoints.lst.Payola flags: 2 oldfilepath_r: C:\Users\test22\.idlerc\breakpoints.lst newfilepath: C:\Users\test22\.idlerc\breakpoints.lst.Payola oldfilepath: C:\Users\test22\.idlerc\breakpoints.lst	1	1
MoveFileWithProgressW Oct. 3, 2023, 7:25 p.m.	newfilepath_r: C:\Users\test22\Documents\XeLnlraOiYrWBufH.rtf.Payola flags: 2 oldfilepath_r: C:\Users\test22\Documents\XeLnlraOiYrWBufH.rtf newfilepath: C:\Users\test22\Documents\XeLnlraOiYrWBufH.rtf.Payola oldfilepath: C:\Users\test22\Documents\XeLnlraOiYrWBufH.rtf	1	1
MoveFileWithProgressW Oct. 3, 2023, 7:25 p.m.	newfilepath_r: C:\Users\test22\AppData\Local\Adobe\Acrobat\9.0\Updater\updater.log.Payola flags: 2 oldfilepath_r: C:\Users\test22\AppData\Local\Adobe\Acrobat\9.0\Updater\updater.log newfilepath: C:\Users\test22\AppData\Local\Adobe\Acrobat\9.0\Updater\updater.log.Payola oldfilepath: C:\Users\test22\AppData\Local\Adobe\Acrobat\9.0\Updater\updater.log	1	1
MoveFileWithProgressW Oct. 3, 2023, 7:25 p.m.	newfilepath_r: C:\Users\test22\Documents\yOHImvILFezWCCIzAF.doc.Payola flags: 2 oldfilepath_r: C:\Users\test22\Documents\yOHImvILFezWCCIzAF.doc newfilepath: C:\Users\test22\Documents\yOHImvILFezWCCIzAF.doc.Payola oldfilepath: C:\Users\test22\Documents\yOHImvILFezWCCIzAF.doc	1	1
MoveFileWithProgressW Oct. 3, 2023, 7:25 p.m.	newfilepath_r: C:\Users\test22\AppData\Local\Adobe\Color\ACECache10.lst.Payola flags: 2 oldfilepath_r: C:\Users\test22\AppData\Local\Adobe\Color\ACECache10.lst newfilepath: C:\Users\test22\AppData\Local\Adobe\Color\ACECache10.lst.Payola oldfilepath: C:\Users\test22\AppData\Local\Adobe\Color\ACECache10.lst	1	1
MoveFileWithProgressW Oct. 3, 2023, 7:25 p.m.	newfilepath_r: C:\Users\test22\AppData\Local\Adobe\Color\ACECache11.lst.Payola flags: 2 oldfilepath_r: C:\Users\test22\AppData\Local\Adobe\Color\ACECache11.lst newfilepath: C:\Users\test22\AppData\Local\Adobe\Color\ACECache11.lst.Payola oldfilepath: C:\Users\test22\AppData\Local\Adobe\Color\ACECache11.lst	1	1
MoveFileWithProgressW Oct. 3, 2023, 7:25 p.m.	newfilepath_r: C:\Users\test22\Favorites\desktop.ini.Payola flags: 2 oldfilepath_r: C:\Users\test22\Favorites\desktop.ini newfilepath: C:\Users\test22\Favorites\desktop.ini.Payola oldfilepath: C:\Users\test22\Favorites\desktop.ini	1	1
MoveFileWithProgressW Oct. 3, 2023, 7:25 p.m.	newfilepath_r: C:\Users\test22\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Reader\Files\TESTING.Payola flags: 2 oldfilepath_r: C:\Users\test22\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Reader\Files\TESTING newfilepath: C:\Users\test22\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Reader\Files\TESTING.Payola oldfilepath: C:\Users\test22\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Reader\Files\TESTING	1	1
MoveFileWithProgressW Oct. 3, 2023, 7:25 p.m.	newfilepath_r: C:\Users\test22\AppData\Local\Adobe\Acrobat\DC\AdobeCMapFnt20.lst.Payola flags: 2 oldfilepath_r: C:\Users\test22\AppData\Local\Adobe\Acrobat\DC\AdobeCMapFnt20.lst newfilepath: C:\Users\test22\AppData\Local\Adobe\Acrobat\DC\AdobeCMapFnt20.lst.Payola oldfilepath: C:\Users\test22\AppData\Local\Adobe\Acrobat\DC\AdobeCMapFnt20.lst	1	1
MoveFileWithProgressW Oct. 3, 2023, 7:25 p.m.	newfilepath_r: C:\Users\test22\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt20.lst.Payola flags: 2 oldfilepath_r: C:\Users\test22\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt20.lst newfilepath: C:\Users\test22\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt20.lst.Payola oldfilepath: C:\Users\test22\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt20.lst	1	1
MoveFileWithProgressW Oct. 3, 2023, 7:25 p.m.	newfilepath_r: C:\Users\test22\Favorites\Links\desktop.ini.Payola flags: 2 oldfilepath_r: C:\Users\test22\Favorites\Links\desktop.ini newfilepath: C:\Users\test22\Favorites\Links\desktop.ini.Payola oldfilepath: C:\Users\test22\Favorites\Links\desktop.ini	1	1
MoveFileWithProgressW Oct. 3, 2023, 7:25 p.m.	newfilepath_r: C:\Users\test22\AppData\Local\Adobe\Color\Profiles\wscRGB.icc.Payola flags: 2 oldfilepath_r: C:\Users\test22\AppData\Local\Adobe\Color\Profiles\wscRGB.icc newfilepath: C:\Users\test22\AppData\Local\Adobe\Color\Profiles\wscRGB.icc.Payola oldfilepath: C:\Users\test22\AppData\Local\Adobe\Color\Profiles\wscRGB.icc	1	1
MoveFileWithProgressW Oct. 3, 2023, 7:25 p.m.	newfilepath_r: C:\Users\test22\AppData\Local\Adobe\Acrobat\DC\IconCacheRdr65536.dat.Payola flags: 2 oldfilepath_r: C:\Users\test22\AppData\Local\Adobe\Acrobat\DC\IconCacheRdr65536.dat newfilepath: C:\Users\test22\AppData\Local\Adobe\Acrobat\DC\IconCacheRdr65536.dat.Payola oldfilepath: C:\Users\test22\AppData\Local\Adobe\Acrobat\DC\IconCacheRdr65536.dat	1	1
MoveFileWithProgressW Oct. 3, 2023, 7:25 p.m.	newfilepath_r: C:\Users\test22\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents.Payola flags: 2 oldfilepath_r: C:\Users\test22\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents newfilepath: C:\Users\test22\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents.Payola oldfilepath: C:\Users\test22\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents	1	1
MoveFileWithProgressW Oct. 3, 2023, 7:25 p.m.	newfilepath_r: C:\Users\test22\AppData\Local\Adobe\Color\Profiles\wsRGB.icc.Payola flags: 2 oldfilepath_r: C:\Users\test22\AppData\Local\Adobe\Color\Profiles\wsRGB.icc newfilepath: C:\Users\test22\AppData\Local\Adobe\Color\Profiles\wsRGB.icc.Payola oldfilepath: C:\Users\test22\AppData\Local\Adobe\Color\Profiles\wsRGB.icc	1	1
MoveFileWithProgressW Oct. 3, 2023, 7:25 p.m.	newfilepath_r: C:\Users\test22\Favorites\Links\웹 조각 갤러리.url.Payola flags: 2 oldfilepath_r: C:\Users\test22\Favorites\Links\웹 조각 갤러리.url newfilepath: C:\Users\test22\Favorites\Links\웹 조각 갤러리.url.Payola oldfilepath: C:\Users\test22\Favorites\Links\웹 조각 갤러리.url	1	1
MoveFileWithProgressW Oct. 3, 2023, 7:25 p.m.	newfilepath_r: C:\Users\test22\Desktop\desktop.ini.Payola flags: 2 oldfilepath_r: C:\Users\test22\Desktop\desktop.ini newfilepath: C:\Users\test22\Desktop\desktop.ini.Payola oldfilepath: C:\Users\test22\Desktop\desktop.ini	1	1
MoveFileWithProgressW Oct. 3, 2023, 7:25 p.m.	newfilepath_r: C:\Users\test22\AppData\Local\Adobe\Acrobat\DC\Cache\AcroFnt20.lst.Payola flags: 2 oldfilepath_r: C:\Users\test22\AppData\Local\Adobe\Acrobat\DC\Cache\AcroFnt20.lst newfilepath: C:\Users\test22\AppData\Local\Adobe\Acrobat\DC\Cache\AcroFnt20.lst.Payola oldfilepath: C:\Users\test22\AppData\Local\Adobe\Acrobat\DC\Cache\AcroFnt20.lst	1	1
MoveFileWithProgressW Oct. 3, 2023, 7:25 p.m.	newfilepath_r: C:\Users\test22\Favorites\Links\추천 사이트.url.Payola flags: 2 oldfilepath_r: C:\Users\test22\Favorites\Links\추천 사이트.url newfilepath: C:\Users\test22\Favorites\Links\추천 사이트.url.Payola oldfilepath: C:\Users\test22\Favorites\Links\추천 사이트.url	1	1
MoveFileWithProgressW Oct. 3, 2023, 7:25 p.m.	newfilepath_r: C:\Users\test22\AppData\Local\Adobe\Updater6\aum.log.Payola flags: 2 oldfilepath_r: C:\Users\test22\AppData\Local\Adobe\Updater6\aum.log newfilepath: C:\Users\test22\AppData\Local\Adobe\Updater6\aum.log.Payola oldfilepath: C:\Users\test22\AppData\Local\Adobe\Updater6\aum.log	1	1
MoveFileWithProgressW Oct. 3, 2023, 7:25 p.m.	newfilepath_r: C:\Users\test22\Favorites\Links for 대한민국\desktop.ini.Payola flags: 2 oldfilepath_r: C:\Users\test22\Favorites\Links for 대한민국\desktop.ini newfilepath: C:\Users\test22\Favorites\Links for 대한민국\desktop.ini.Payola oldfilepath: C:\Users\test22\Favorites\Links for 대한민국\desktop.ini	1	1
MoveFileWithProgressW Oct. 3, 2023, 7:25 p.m.	newfilepath_r: C:\Users\test22\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Reader\SOPHIA.json.Payola flags: 2 oldfilepath_r: C:\Users\test22\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Reader\SOPHIA.json newfilepath: C:\Users\test22\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Reader\SOPHIA.json.Payola oldfilepath: C:\Users\test22\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Reader\SOPHIA.json	1	1
MoveFileWithProgressW Oct. 3, 2023, 7:25 p.m.	newfilepath_r: C:\Users\test22\Favorites\Links for 대한민국\e뮤지엄.url.Payola flags: 2 oldfilepath_r: C:\Users\test22\Favorites\Links for 대한민국\e뮤지엄.url newfilepath: C:\Users\test22\Favorites\Links for 대한민국\e뮤지엄.url.Payola oldfilepath: C:\Users\test22\Favorites\Links for 대한민국\e뮤지엄.url	1	1
MoveFileWithProgressW Oct. 3, 2023, 7:25 p.m.	newfilepath_r: C:\Users\test22\Desktop\readme.txt.Payola flags: 2 oldfilepath_r: C:\Users\test22\Desktop\readme.txt newfilepath: C:\Users\test22\Desktop\readme.txt.Payola oldfilepath: C:\Users\test22\Desktop\readme.txt	1	1
MoveFileWithProgressW Oct. 3, 2023, 7:25 p.m.	newfilepath_r: C:\Users\test22\AppData\Local\Adobe\Updater6\aumLib.log.Payola flags: 2 oldfilepath_r: C:\Users\test22\AppData\Local\Adobe\Updater6\aumLib.log newfilepath: C:\Users\test22\AppData\Local\Adobe\Updater6\aumLib.log.Payola oldfilepath: C:\Users\test22\AppData\Local\Adobe\Updater6\aumLib.log	1	1
MoveFileWithProgressW Oct. 3, 2023, 7:25 p.m.	newfilepath_r: C:\Users\test22\Favorites\Links for 대한민국\대한민국 구석구석.url.Payola flags: 2 oldfilepath_r: C:\Users\test22\Favorites\Links for 대한민국\대한민국 구석구석.url newfilepath: C:\Users\test22\Favorites\Links for 대한민국\대한민국 구석구석.url.Payola oldfilepath: C:\Users\test22\Favorites\Links for 대한민국\대한민국 구석구석.url	1	1
MoveFileWithProgressW Oct. 3, 2023, 7:25 p.m.	newfilepath_r: C:\Users\test22\Documents\alGoBaZiKf.docm.Payola flags: 2 oldfilepath_r: C:\Users\test22\Documents\alGoBaZiKf.docm newfilepath: C:\Users\test22\Documents\alGoBaZiKf.docm.Payola oldfilepath: C:\Users\test22\Documents\alGoBaZiKf.docm	1	1
MoveFileWithProgressW Oct. 3, 2023, 7:25 p.m.	newfilepath_r: C:\Users\test22\Favorites\Links for 대한민국\대한민국 전자정부.url.Payola flags: 2 oldfilepath_r: C:\Users\test22\Favorites\Links for 대한민국\대한민국 전자정부.url newfilepath: C:\Users\test22\Favorites\Links for 대한민국\대한민국 전자정부.url.Payola oldfilepath: C:\Users\test22\Favorites\Links for 대한민국\대한민국 전자정부.url	1	1
MoveFileWithProgressW Oct. 3, 2023, 7:25 p.m.	newfilepath_r: C:\Users\test22\Contacts\desktop.ini.Payola flags: 2 oldfilepath_r: C:\Users\test22\Contacts\desktop.ini newfilepath: C:\Users\test22\Contacts\desktop.ini.Payola oldfilepath: C:\Users\test22\Contacts\desktop.ini	1	1
MoveFileWithProgressW Oct. 3, 2023, 7:25 p.m.	newfilepath_r: C:\Users\test22\Favorites\Links for 대한민국\에듀넷.url.Payola flags: 2 oldfilepath_r: C:\Users\test22\Favorites\Links for 대한민국\에듀넷.url newfilepath: C:\Users\test22\Favorites\Links for 대한민국\에듀넷.url.Payola oldfilepath: C:\Users\test22\Favorites\Links for 대한민국\에듀넷.url	1	1

Appends a new file extension or content to 84 files indicative of a ransomware file encryption process (50 out of 84 events)

Time & API	Arguments	Status	Return
MoveFileWithProgressW Oct. 3, 2023, 7:25 p.m.	newfilepath_r: C:\Users\test22\Documents\OHegRhAjkJThZ.docm.Payola flags: 2 oldfilepath_r: C:\Users\test22\Documents\OHegRhAjkJThZ.docm newfilepath: C:\Users\test22\Documents\OHegRhAjkJThZ.docm.Payola oldfilepath: C:\Users\test22\Documents\OHegRhAjkJThZ.docm	1	1
MoveFileWithProgressW Oct. 3, 2023, 7:25 p.m.	newfilepath_r: C:\Users\test22\Videos\desktop.ini.Payola flags: 2 oldfilepath_r: C:\Users\test22\Videos\desktop.ini newfilepath: C:\Users\test22\Videos\desktop.ini.Payola oldfilepath: C:\Users\test22\Videos\desktop.ini	1	1
MoveFileWithProgressW Oct. 3, 2023, 7:25 p.m.	newfilepath_r: C:\Users\test22\Documents\phishing_file.pdf.Payola flags: 2 oldfilepath_r: C:\Users\test22\Documents\phishing_file.pdf newfilepath: C:\Users\test22\Documents\phishing_file.pdf.Payola oldfilepath: C:\Users\test22\Documents\phishing_file.pdf	1	1
MoveFileWithProgressW Oct. 3, 2023, 7:25 p.m.	newfilepath_r: C:\Users\test22\Documents\readme.bmp.Payola flags: 2 oldfilepath_r: C:\Users\test22\Documents\readme.bmp newfilepath: C:\Users\test22\Documents\readme.bmp.Payola oldfilepath: C:\Users\test22\Documents\readme.bmp	1	1
MoveFileWithProgressW Oct. 3, 2023, 7:25 p.m.	newfilepath_r: C:\Users\test22\Documents\readme.c.Payola flags: 2 oldfilepath_r: C:\Users\test22\Documents\readme.c newfilepath: C:\Users\test22\Documents\readme.c.Payola oldfilepath: C:\Users\test22\Documents\readme.c	1	1
MoveFileWithProgressW Oct. 3, 2023, 7:25 p.m.	newfilepath_r: C:\Users\test22\Documents\readme.cpp.Payola flags: 2 oldfilepath_r: C:\Users\test22\Documents\readme.cpp newfilepath: C:\Users\test22\Documents\readme.cpp.Payola oldfilepath: C:\Users\test22\Documents\readme.cpp	1	1
MoveFileWithProgressW Oct. 3, 2023, 7:25 p.m.	newfilepath_r: C:\Users\test22\Documents\readme.doc.Payola flags: 2 oldfilepath_r: C:\Users\test22\Documents\readme.doc newfilepath: C:\Users\test22\Documents\readme.doc.Payola oldfilepath: C:\Users\test22\Documents\readme.doc	1	1
MoveFileWithProgressW Oct. 3, 2023, 7:25 p.m.	newfilepath_r: C:\Users\test22\Documents\readme.hwp.Payola flags: 2 oldfilepath_r: C:\Users\test22\Documents\readme.hwp newfilepath: C:\Users\test22\Documents\readme.hwp.Payola oldfilepath: C:\Users\test22\Documents\readme.hwp	1	1
MoveFileWithProgressW Oct. 3, 2023, 7:25 p.m.	newfilepath_r: C:\Users\test22\.idlerc\recent-files.lst.Payola flags: 2 oldfilepath_r: C:\Users\test22\.idlerc\recent-files.lst newfilepath: C:\Users\test22\.idlerc\recent-files.lst.Payola oldfilepath: C:\Users\test22\.idlerc\recent-files.lst	1	1
MoveFileWithProgressW Oct. 3, 2023, 7:25 p.m.	newfilepath_r: C:\Users\test22\Documents\readme.ini.Payola flags: 2 oldfilepath_r: C:\Users\test22\Documents\readme.ini newfilepath: C:\Users\test22\Documents\readme.ini.Payola oldfilepath: C:\Users\test22\Documents\readme.ini	1	1
MoveFileWithProgressW Oct. 3, 2023, 7:25 p.m.	newfilepath_r: C:\Users\test22\ntuser.ini.Payola flags: 2 oldfilepath_r: C:\Users\test22\ntuser.ini newfilepath: C:\Users\test22\ntuser.ini.Payola oldfilepath: C:\Users\test22\ntuser.ini	1	1
MoveFileWithProgressW Oct. 3, 2023, 7:25 p.m.	newfilepath_r: C:\Users\test22\Documents\readme.txt.Payola flags: 2 oldfilepath_r: C:\Users\test22\Documents\readme.txt newfilepath: C:\Users\test22\Documents\readme.txt.Payola oldfilepath: C:\Users\test22\Documents\readme.txt	1	1
MoveFileWithProgressW Oct. 3, 2023, 7:25 p.m.	newfilepath_r: C:\Users\test22\AppData\Local\GDIPFONTCACHEV1.DAT.Payola flags: 2 oldfilepath_r: C:\Users\test22\AppData\Local\GDIPFONTCACHEV1.DAT newfilepath: C:\Users\test22\AppData\Local\GDIPFONTCACHEV1.DAT.Payola oldfilepath: C:\Users\test22\AppData\Local\GDIPFONTCACHEV1.DAT	1	1
MoveFileWithProgressW Oct. 3, 2023, 7:25 p.m.	newfilepath_r: C:\Users\test22\Documents\readme.xls.Payola flags: 2 oldfilepath_r: C:\Users\test22\Documents\readme.xls newfilepath: C:\Users\test22\Documents\readme.xls.Payola oldfilepath: C:\Users\test22\Documents\readme.xls	1	1
MoveFileWithProgressW Oct. 3, 2023, 7:25 p.m.	newfilepath_r: C:\Users\test22\AppData\Local\IconCache.db.Payola flags: 2 oldfilepath_r: C:\Users\test22\AppData\Local\IconCache.db newfilepath: C:\Users\test22\AppData\Local\IconCache.db.Payola oldfilepath: C:\Users\test22\AppData\Local\IconCache.db	1	1
MoveFileWithProgressW Oct. 3, 2023, 7:25 p.m.	newfilepath_r: C:\Users\test22\Documents\UhtRyoVgpZRxxtmYHK.docx.Payola flags: 2 oldfilepath_r: C:\Users\test22\Documents\UhtRyoVgpZRxxtmYHK.docx newfilepath: C:\Users\test22\Documents\UhtRyoVgpZRxxtmYHK.docx.Payola oldfilepath: C:\Users\test22\Documents\UhtRyoVgpZRxxtmYHK.docx	1	1
MoveFileWithProgressW Oct. 3, 2023, 7:25 p.m.	newfilepath_r: C:\Users\test22\AppData\Local\resmon.resmoncfg.Payola flags: 2 oldfilepath_r: C:\Users\test22\AppData\Local\resmon.resmoncfg newfilepath: C:\Users\test22\AppData\Local\resmon.resmoncfg.Payola oldfilepath: C:\Users\test22\AppData\Local\resmon.resmoncfg	1	1
MoveFileWithProgressW Oct. 3, 2023, 7:25 p.m.	newfilepath_r: C:\Users\test22\Documents\VRLvOcnesjV.ppt.Payola flags: 2 oldfilepath_r: C:\Users\test22\Documents\VRLvOcnesjV.ppt newfilepath: C:\Users\test22\Documents\VRLvOcnesjV.ppt.Payola oldfilepath: C:\Users\test22\Documents\VRLvOcnesjV.ppt	1	1
MoveFileWithProgressW Oct. 3, 2023, 7:25 p.m.	newfilepath_r: C:\Users\test22\AppData\Local\Adobe\Acrobat\9.0\Cache\AcroFnt09.lst.Payola flags: 2 oldfilepath_r: C:\Users\test22\AppData\Local\Adobe\Acrobat\9.0\Cache\AcroFnt09.lst newfilepath: C:\Users\test22\AppData\Local\Adobe\Acrobat\9.0\Cache\AcroFnt09.lst.Payola oldfilepath: C:\Users\test22\AppData\Local\Adobe\Acrobat\9.0\Cache\AcroFnt09.lst	1	1
MoveFileWithProgressW Oct. 3, 2023, 7:25 p.m.	newfilepath_r: C:\Users\test22\Documents\wAEtAKIJFX.pptx.Payola flags: 2 oldfilepath_r: C:\Users\test22\Documents\wAEtAKIJFX.pptx newfilepath: C:\Users\test22\Documents\wAEtAKIJFX.pptx.Payola oldfilepath: C:\Users\test22\Documents\wAEtAKIJFX.pptx	1	1
MoveFileWithProgressW Oct. 3, 2023, 7:25 p.m.	newfilepath_r: C:\Users\test22\.idlerc\breakpoints.lst.Payola flags: 2 oldfilepath_r: C:\Users\test22\.idlerc\breakpoints.lst newfilepath: C:\Users\test22\.idlerc\breakpoints.lst.Payola oldfilepath: C:\Users\test22\.idlerc\breakpoints.lst	1	1
MoveFileWithProgressW Oct. 3, 2023, 7:25 p.m.	newfilepath_r: C:\Users\test22\Documents\XeLnlraOiYrWBufH.rtf.Payola flags: 2 oldfilepath_r: C:\Users\test22\Documents\XeLnlraOiYrWBufH.rtf newfilepath: C:\Users\test22\Documents\XeLnlraOiYrWBufH.rtf.Payola oldfilepath: C:\Users\test22\Documents\XeLnlraOiYrWBufH.rtf	1	1
MoveFileWithProgressW Oct. 3, 2023, 7:25 p.m.	newfilepath_r: C:\Users\test22\AppData\Local\Adobe\Acrobat\9.0\Updater\updater.log.Payola flags: 2 oldfilepath_r: C:\Users\test22\AppData\Local\Adobe\Acrobat\9.0\Updater\updater.log newfilepath: C:\Users\test22\AppData\Local\Adobe\Acrobat\9.0\Updater\updater.log.Payola oldfilepath: C:\Users\test22\AppData\Local\Adobe\Acrobat\9.0\Updater\updater.log	1	1
MoveFileWithProgressW Oct. 3, 2023, 7:25 p.m.	newfilepath_r: C:\Users\test22\Documents\yOHImvILFezWCCIzAF.doc.Payola flags: 2 oldfilepath_r: C:\Users\test22\Documents\yOHImvILFezWCCIzAF.doc newfilepath: C:\Users\test22\Documents\yOHImvILFezWCCIzAF.doc.Payola oldfilepath: C:\Users\test22\Documents\yOHImvILFezWCCIzAF.doc	1	1
MoveFileWithProgressW Oct. 3, 2023, 7:25 p.m.	newfilepath_r: C:\Users\test22\AppData\Local\Adobe\Color\ACECache10.lst.Payola flags: 2 oldfilepath_r: C:\Users\test22\AppData\Local\Adobe\Color\ACECache10.lst newfilepath: C:\Users\test22\AppData\Local\Adobe\Color\ACECache10.lst.Payola oldfilepath: C:\Users\test22\AppData\Local\Adobe\Color\ACECache10.lst	1	1
MoveFileWithProgressW Oct. 3, 2023, 7:25 p.m.	newfilepath_r: C:\Users\test22\AppData\Local\Adobe\Color\ACECache11.lst.Payola flags: 2 oldfilepath_r: C:\Users\test22\AppData\Local\Adobe\Color\ACECache11.lst newfilepath: C:\Users\test22\AppData\Local\Adobe\Color\ACECache11.lst.Payola oldfilepath: C:\Users\test22\AppData\Local\Adobe\Color\ACECache11.lst	1	1
MoveFileWithProgressW Oct. 3, 2023, 7:25 p.m.	newfilepath_r: C:\Users\test22\Favorites\desktop.ini.Payola flags: 2 oldfilepath_r: C:\Users\test22\Favorites\desktop.ini newfilepath: C:\Users\test22\Favorites\desktop.ini.Payola oldfilepath: C:\Users\test22\Favorites\desktop.ini	1	1
MoveFileWithProgressW Oct. 3, 2023, 7:25 p.m.	newfilepath_r: C:\Users\test22\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Reader\Files\TESTING.Payola flags: 2 oldfilepath_r: C:\Users\test22\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Reader\Files\TESTING newfilepath: C:\Users\test22\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Reader\Files\TESTING.Payola oldfilepath: C:\Users\test22\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Reader\Files\TESTING	1	1
MoveFileWithProgressW Oct. 3, 2023, 7:25 p.m.	newfilepath_r: C:\Users\test22\AppData\Local\Adobe\Acrobat\DC\AdobeCMapFnt20.lst.Payola flags: 2 oldfilepath_r: C:\Users\test22\AppData\Local\Adobe\Acrobat\DC\AdobeCMapFnt20.lst newfilepath: C:\Users\test22\AppData\Local\Adobe\Acrobat\DC\AdobeCMapFnt20.lst.Payola oldfilepath: C:\Users\test22\AppData\Local\Adobe\Acrobat\DC\AdobeCMapFnt20.lst	1	1
MoveFileWithProgressW Oct. 3, 2023, 7:25 p.m.	newfilepath_r: C:\Users\test22\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt20.lst.Payola flags: 2 oldfilepath_r: C:\Users\test22\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt20.lst newfilepath: C:\Users\test22\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt20.lst.Payola oldfilepath: C:\Users\test22\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt20.lst	1	1
MoveFileWithProgressW Oct. 3, 2023, 7:25 p.m.	newfilepath_r: C:\Users\test22\Favorites\Links\desktop.ini.Payola flags: 2 oldfilepath_r: C:\Users\test22\Favorites\Links\desktop.ini newfilepath: C:\Users\test22\Favorites\Links\desktop.ini.Payola oldfilepath: C:\Users\test22\Favorites\Links\desktop.ini	1	1
MoveFileWithProgressW Oct. 3, 2023, 7:25 p.m.	newfilepath_r: C:\Users\test22\AppData\Local\Adobe\Color\Profiles\wscRGB.icc.Payola flags: 2 oldfilepath_r: C:\Users\test22\AppData\Local\Adobe\Color\Profiles\wscRGB.icc newfilepath: C:\Users\test22\AppData\Local\Adobe\Color\Profiles\wscRGB.icc.Payola oldfilepath: C:\Users\test22\AppData\Local\Adobe\Color\Profiles\wscRGB.icc	1	1
MoveFileWithProgressW Oct. 3, 2023, 7:25 p.m.	newfilepath_r: C:\Users\test22\AppData\Local\Adobe\Acrobat\DC\IconCacheRdr65536.dat.Payola flags: 2 oldfilepath_r: C:\Users\test22\AppData\Local\Adobe\Acrobat\DC\IconCacheRdr65536.dat newfilepath: C:\Users\test22\AppData\Local\Adobe\Acrobat\DC\IconCacheRdr65536.dat.Payola oldfilepath: C:\Users\test22\AppData\Local\Adobe\Acrobat\DC\IconCacheRdr65536.dat	1	1
MoveFileWithProgressW Oct. 3, 2023, 7:25 p.m.	newfilepath_r: C:\Users\test22\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents.Payola flags: 2 oldfilepath_r: C:\Users\test22\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents newfilepath: C:\Users\test22\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents.Payola oldfilepath: C:\Users\test22\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents	1	1
MoveFileWithProgressW Oct. 3, 2023, 7:25 p.m.	newfilepath_r: C:\Users\test22\AppData\Local\Adobe\Color\Profiles\wsRGB.icc.Payola flags: 2 oldfilepath_r: C:\Users\test22\AppData\Local\Adobe\Color\Profiles\wsRGB.icc newfilepath: C:\Users\test22\AppData\Local\Adobe\Color\Profiles\wsRGB.icc.Payola oldfilepath: C:\Users\test22\AppData\Local\Adobe\Color\Profiles\wsRGB.icc	1	1
MoveFileWithProgressW Oct. 3, 2023, 7:25 p.m.	newfilepath_r: C:\Users\test22\Favorites\Links\웹 조각 갤러리.url.Payola flags: 2 oldfilepath_r: C:\Users\test22\Favorites\Links\웹 조각 갤러리.url newfilepath: C:\Users\test22\Favorites\Links\웹 조각 갤러리.url.Payola oldfilepath: C:\Users\test22\Favorites\Links\웹 조각 갤러리.url	1	1
MoveFileWithProgressW Oct. 3, 2023, 7:25 p.m.	newfilepath_r: C:\Users\test22\Desktop\desktop.ini.Payola flags: 2 oldfilepath_r: C:\Users\test22\Desktop\desktop.ini newfilepath: C:\Users\test22\Desktop\desktop.ini.Payola oldfilepath: C:\Users\test22\Desktop\desktop.ini	1	1
MoveFileWithProgressW Oct. 3, 2023, 7:25 p.m.	newfilepath_r: C:\Users\test22\AppData\Local\Adobe\Acrobat\DC\Cache\AcroFnt20.lst.Payola flags: 2 oldfilepath_r: C:\Users\test22\AppData\Local\Adobe\Acrobat\DC\Cache\AcroFnt20.lst newfilepath: C:\Users\test22\AppData\Local\Adobe\Acrobat\DC\Cache\AcroFnt20.lst.Payola oldfilepath: C:\Users\test22\AppData\Local\Adobe\Acrobat\DC\Cache\AcroFnt20.lst	1	1
MoveFileWithProgressW Oct. 3, 2023, 7:25 p.m.	newfilepath_r: C:\Users\test22\Favorites\Links\추천 사이트.url.Payola flags: 2 oldfilepath_r: C:\Users\test22\Favorites\Links\추천 사이트.url newfilepath: C:\Users\test22\Favorites\Links\추천 사이트.url.Payola oldfilepath: C:\Users\test22\Favorites\Links\추천 사이트.url	1	1
MoveFileWithProgressW Oct. 3, 2023, 7:25 p.m.	newfilepath_r: C:\Users\test22\AppData\Local\Adobe\Updater6\aum.log.Payola flags: 2 oldfilepath_r: C:\Users\test22\AppData\Local\Adobe\Updater6\aum.log newfilepath: C:\Users\test22\AppData\Local\Adobe\Updater6\aum.log.Payola oldfilepath: C:\Users\test22\AppData\Local\Adobe\Updater6\aum.log	1	1
MoveFileWithProgressW Oct. 3, 2023, 7:25 p.m.	newfilepath_r: C:\Users\test22\Favorites\Links for 대한민국\desktop.ini.Payola flags: 2 oldfilepath_r: C:\Users\test22\Favorites\Links for 대한민국\desktop.ini newfilepath: C:\Users\test22\Favorites\Links for 대한민국\desktop.ini.Payola oldfilepath: C:\Users\test22\Favorites\Links for 대한민국\desktop.ini	1	1
MoveFileWithProgressW Oct. 3, 2023, 7:25 p.m.	newfilepath_r: C:\Users\test22\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Reader\SOPHIA.json.Payola flags: 2 oldfilepath_r: C:\Users\test22\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Reader\SOPHIA.json newfilepath: C:\Users\test22\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Reader\SOPHIA.json.Payola oldfilepath: C:\Users\test22\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Reader\SOPHIA.json	1	1
MoveFileWithProgressW Oct. 3, 2023, 7:25 p.m.	newfilepath_r: C:\Users\test22\Favorites\Links for 대한민국\e뮤지엄.url.Payola flags: 2 oldfilepath_r: C:\Users\test22\Favorites\Links for 대한민국\e뮤지엄.url newfilepath: C:\Users\test22\Favorites\Links for 대한민국\e뮤지엄.url.Payola oldfilepath: C:\Users\test22\Favorites\Links for 대한민국\e뮤지엄.url	1	1
MoveFileWithProgressW Oct. 3, 2023, 7:25 p.m.	newfilepath_r: C:\Users\test22\Desktop\readme.txt.Payola flags: 2 oldfilepath_r: C:\Users\test22\Desktop\readme.txt newfilepath: C:\Users\test22\Desktop\readme.txt.Payola oldfilepath: C:\Users\test22\Desktop\readme.txt	1	1
MoveFileWithProgressW Oct. 3, 2023, 7:25 p.m.	newfilepath_r: C:\Users\test22\AppData\Local\Adobe\Updater6\aumLib.log.Payola flags: 2 oldfilepath_r: C:\Users\test22\AppData\Local\Adobe\Updater6\aumLib.log newfilepath: C:\Users\test22\AppData\Local\Adobe\Updater6\aumLib.log.Payola oldfilepath: C:\Users\test22\AppData\Local\Adobe\Updater6\aumLib.log	1	1
MoveFileWithProgressW Oct. 3, 2023, 7:25 p.m.	newfilepath_r: C:\Users\test22\Favorites\Links for 대한민국\대한민국 구석구석.url.Payola flags: 2 oldfilepath_r: C:\Users\test22\Favorites\Links for 대한민국\대한민국 구석구석.url newfilepath: C:\Users\test22\Favorites\Links for 대한민국\대한민국 구석구석.url.Payola oldfilepath: C:\Users\test22\Favorites\Links for 대한민국\대한민국 구석구석.url	1	1
MoveFileWithProgressW Oct. 3, 2023, 7:25 p.m.	newfilepath_r: C:\Users\test22\Documents\alGoBaZiKf.docm.Payola flags: 2 oldfilepath_r: C:\Users\test22\Documents\alGoBaZiKf.docm newfilepath: C:\Users\test22\Documents\alGoBaZiKf.docm.Payola oldfilepath: C:\Users\test22\Documents\alGoBaZiKf.docm	1	1
MoveFileWithProgressW Oct. 3, 2023, 7:25 p.m.	newfilepath_r: C:\Users\test22\Favorites\Links for 대한민국\대한민국 전자정부.url.Payola flags: 2 oldfilepath_r: C:\Users\test22\Favorites\Links for 대한민국\대한민국 전자정부.url newfilepath: C:\Users\test22\Favorites\Links for 대한민국\대한민국 전자정부.url.Payola oldfilepath: C:\Users\test22\Favorites\Links for 대한민국\대한민국 전자정부.url	1	1
MoveFileWithProgressW Oct. 3, 2023, 7:25 p.m.	newfilepath_r: C:\Users\test22\Contacts\desktop.ini.Payola flags: 2 oldfilepath_r: C:\Users\test22\Contacts\desktop.ini newfilepath: C:\Users\test22\Contacts\desktop.ini.Payola oldfilepath: C:\Users\test22\Contacts\desktop.ini	1	1
MoveFileWithProgressW Oct. 3, 2023, 7:25 p.m.	newfilepath_r: C:\Users\test22\Favorites\Links for 대한민국\에듀넷.url.Payola flags: 2 oldfilepath_r: C:\Users\test22\Favorites\Links for 대한민국\에듀넷.url newfilepath: C:\Users\test22\Favorites\Links for 대한민국\에듀넷.url.Payola oldfilepath: C:\Users\test22\Favorites\Links for 대한민국\에듀넷.url	1	1

Drops 56 unknown file mime types indicative of ransomware writing encrypted files back to disk (50 out of 56 events)

file	c:\users\test22\favorites\msn 웹 사이트\msn.url.payola
file	c:\users\test22\.idlerc\recent-files.lst.payola
file	c:\users\test22\documents\eefiecbiamdeljiw.ppt.payola
file	c:\users\test22\appdata\local\adobe\color\profiles\wscrgb.icc.payola
file	c:\users\test22\appdata\local\adobe\acrobat\dc\shareddataevents.payola
file	c:\users\test22\documents\hkdjtmjphb.txt.payola
file	c:\users\test22\appdata\local\gdipfontcachev1.dat.payola
file	c:\users\test22\appdata\local\adobe\acrobat\dc\adobesysfnt20.lst.payola
file	c:\users\test22\.idlerc\breakpoints.lst.payola
file	c:\users\test22\documents\nlyisaaxjx.doc.payola
file	c:\users\test22\appdata\local\adobe\acrobat\dc\iconcacherdr65536.dat.payola
file	c:\users\test22\appdata\local\adobe\acrobat\dc\cache\acrofnt20.lst.payola
file	c:\users\test22\appdata\local\adobe\acrobat\dc\sophia\reader\sophia.json.payola
file	c:\users\test22\documents\amrqkjesns.docx.payola
file	c:\users\test22\documents\ohegrhajkjthz.docm.payola
file	c:\users\test22\favorites\microsoft 웹 사이트\microsoft store.url.payola
file	c:\users\test22\appdata\local\adobe\acrobat\dc\sophia\reader\files\testing.payola
file	c:\users\test22\searches\microsoft outlook.searchconnector-ms.payola
file	c:\users\test22\appdata\local\adobe\updater6\aumlib.log.payola
file	c:\users\test22\appdata\local\adobe\acrobat\9.0\updater\updater.log.payola
file	c:\users\test22\documents\nsaxdkdjsx.rtf.payola
file	c:\users\test22\appdata\local\resmon.resmoncfg.payola
file	c:\users\test22\documents\xelnlraoiyrwbufh.rtf.payola
file	c:\users\test22\desktop\desktop.ini.payola
file	c:\users\test22\documents\yohimvilfezwccizaf.doc.payola
file	c:\users\test22\documents\hlundytbag.pptx.payola
file	c:\users\test22\appdata\local\adobe\updater6\aum.log.payola
file	c:\users\test22\contacts\desktop.ini.payola
file	c:\users\test22\documents\desktop.ini.payola
file	c:\users\test22\music\desktop.ini.payola
file	c:\users\test22\saved games\desktop.ini.payola
file	c:\users\test22\appdata\local\adobe\color\acecache11.lst.payola
file	c:\users\test22\appdata\local\adobe\color\acecache10.lst.payola
file	c:\users\test22\videos\desktop.ini.payola
file	c:\users\test22\searches\desktop.ini.payola
file	c:\users\test22\favorites\links\desktop.ini.payola
file	c:\users\test22\contacts\test22.contact.payola
file	c:\users\test22\ntuser.ini.payola
file	c:\users\test22\documents\algobazikf.docm.payola
file	c:\users\test22\favorites\links for 대한민국\desktop.ini.payola
file	c:\users\test22\documents\vrlvocnesjv.ppt.payola
file	c:\users\test22\documents\phishing_file.pdf.payola
file	c:\users\test22\appdata\local\iconcache.db.payola
file	c:\users\test22\appdata\local\adobe\color\profiles\wsrgb.icc.payola
file	c:\users\test22\appdata\local\adobe\acrobat\dc\adobecmapfnt20.lst.payola
file	c:\users\test22\appdata\local\adobe\acrobat\9.0\cache\acrofnt09.lst.payola
file	c:\users\test22\documents\readme.xls.payola
file	c:\users\test22\documents\bouzykzttq.txt.payola
file	c:\users\test22\documents\nxetsfhuoyg.docm.payola
file	c:\users\test22\links\desktop.ini.payola

File has been identified by 53 AntiVirus engines on VirusTotal as malicious (50 out of 53 events)

Lionic	Trojan.Win32.Mardom.4!c
Elastic	malicious (high confidence)
MicroWorld-eScan	IL:Trojan.MSILMamut.11966
McAfee	Artemis!089428711DDD
Malwarebytes	Ransom.Payola
VIPRE	IL:Trojan.MSILMamut.11966
Sangfor	Ransom.Msil.Encoder.Vghu
K7AntiVirus	Trojan ( 005a9c781 )
Alibaba	Ransom:MSIL/Encoder.9d358b05
K7GW	Trojan ( 005a9c781 )
Cybereason	malicious.71d513
VirIT	Trojan.Win32.Genus.SRA
Cyren	W32/ABRisk.UXGS-2043
Symantec	Trojan.Gen.MBT
ESET-NOD32	MSIL/Filecoder.AZS
APEX	Malicious
Kaspersky	HEUR:Trojan-Ransom.MSIL.Encoder.gen
BitDefender	IL:Trojan.MSILMamut.11966
NANO-Antivirus	Trojan.Win32.Ransom.jymssw
Avast	Win32:RansomX-gen [Ransom]
Tencent	Malware.Win32.Gencirc.13ebf6a1
Emsisoft	IL:Trojan.MSILMamut.11966 (B)
DrWeb	Trojan.Encoder.37804
Zillya	Trojan.Encoder.Win32.3551
TrendMicro	Ransom.MSIL.PAYOLA.THHBIBC
McAfee-GW-Edition	BehavesLike.Win32.Downloader.rt
FireEye	Generic.mg.089428711dddec20
Sophos	Mal/Generic-S
SentinelOne	Static AI - Malicious PE
Jiangmin	Trojan.MSIL.aoplu
Google	Detected
Antiy-AVL	Trojan[Ransom]/MSIL.Encoder
Microsoft	Trojan:Win32/Malgent!MSR
Xcitium	Malware@#1rq9h18y4yut4
Arcabit	IL:Trojan.MSILMamut.D2EBE
ZoneAlarm	HEUR:Trojan-Ransom.MSIL.Encoder.gen
GData	IL:Trojan.MSILMamut.11966
Cynet	Malicious (score: 100)
AhnLab-V3	Trojan/Win.Generic.C5468587
ALYac	Trojan.Ransom.Filecoder
MAX	malware (ai score=83)
VBA32	Trojan.MSIL.Autorave.Heur
Cylance	unsafe
TrendMicro-HouseCall	Ransom.MSIL.PAYOLA.THHBIBC
Rising	Ransom.Agent!1.E971 (CLASSIC)
Yandex	Trojan.Filecoder!vVdQeSDy+2E
Ikarus	Trojan-Ransom.FileCrypter
MaxSecure	Trojan.Malware.73702460.susgen
Fortinet	PossibleThreat.ZDS
BitDefenderTheta	Gen:NN.ZemsilF.36662.@p0@a8k!dQo

UpdateSvc.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All