Summary | ZeroBOX

UpdateSvc.exe

Generic Malware .NET framework(MSIL) Antivirus PE File PE32 .NET EXE
Category Machine Started Completed
FILE s1_win7_x6403_us Oct. 3, 2023, 7:27 p.m. Oct. 3, 2023, 7:28 p.m.
Size 4.1MB
Type PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
MD5 089428711dddec20eabf7732eea8fb8d
SHA256 ce6716a18c07d64059b961034a2ca46b1cae66892885d9e63063a0726a391461
CRC32 6B6C9CC8
ssdeep 24576:qozi/cws4dKqNKN59W8JY/AJs8tpfL3ZBXNXBfllfXRzQHwzHwcMZ5sm/IRImfwE:EcGviAWzrN3rzjWAkHpxMjrD
Yara
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)
  • Antivirus - Contains references to security software
  • Is_DotNET_EXE - (no description)
  • Win32_Trojan_PWS_Net_1_Zero - Win32 Trojan PWS .NET Azorult
  • Generic_Malware_Zero - Generic Malware

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Time & API Arguments Status Return Repeated

GetComputerNameA

computer_name: TEST22-PC
1 1 0

GetComputerNameW

computer_name: TEST22-PC
1 1 0
Time & API Arguments Status Return Repeated

IsDebuggerPresent

0 0

IsDebuggerPresent

0 0

IsDebuggerPresent

0 0

IsDebuggerPresent

0 0
Time & API Arguments Status Return Repeated

WriteConsoleA

buffer: [!] Recycle Bin Not Empty
console_handle: 0x00000007
1 1 0

WriteConsoleA

buffer: [+] Grabbed files in 98 ms
console_handle: 0x00000007
1 1 0

WriteConsoleA

buffer: System.IO.IOException: The process cannot access the file 'C:\Users\test22\NTUSER.DAT' because it is being used by another process. at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, Fil
console_handle: 0x00000007
1 1 0

WriteConsoleA

buffer: eMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy, Boolean useLongPath, Boolean checkHost) at System.IO.FileStream..c
console_handle: 0x00000007
1 1 0

WriteConsoleA

buffer: tor(String path, FileMode mode, FileAccess access, FileShare share) at 44G60M0MUBB0U7GE1Y53HTWNI5SG5706WRBJ70YDHRASKFTKQJLG340KH3Y54TRWKEDD66GA91VZSDCCLH0VWTD110BDC3JXAOHFCQNTDKGBJA2E1WTW35A1BLLG5D8GS7ZE67A54HSLMBS077MQJW4FNPD0EHX9LASLLYH3VY2WMYOA3UJ80
console_handle: 0x00000007
1 1 0

WriteConsoleA

buffer: S75CU0Q3K0XTTAMSGPI0S4V4I2YBD6U7ZJ3CXI180AL7FC3YCRWEAHIXMB41BP0NGZ3KGJ57YK9STXZF9A9VKP6RAF0VO96KK80PJTR2VZQ0HZEYLY1BQED12LJBTJSYNZIV7J6QSH9U8FJLACK0I53F48X7KQIMG1NSRT0B2LSJES2WB7BQ92QR5C08W8GC8XOH213QLI86MUBMGA5MO1NNK5WO32P3FQLRDU4KEUF04UFLBN2WD3XGKB76EPXT
console_handle: 0x00000007
1 1 0

WriteConsoleA

buffer: 3F15JUIVFUI4WWTZ0LNPA2ZL3EGCX8FZ6V7Z3JCREGQSV2TYSHG3CHTAPPCENG8HOS7BY36RJ5K3MHZAUSUP2MWYC7KOG7E8IJDC5S9YLYUG7ZXIZCT5VSPC5I80TSKL1MVCDXFCS6DD2Q1NJBYEOJMZ4BGWUJE3OJPVDVEC6RMZPMJPQUQR3F6S96ICQSRJ1KYTAGJY7WH66XKS11F92XAIM7WHMBVO9C8EX0OKL2UG8AVLW0LZMSREKQHDUCM5
console_handle: 0x00000007
1 1 0

WriteConsoleA

buffer: A363ZF4BM5Y9C3JMLKUV06BRV34GSLZIQYFED2WR5JMR3RBQG52KR0FE2PI5KYSBFPTOXFITXD0QUTYD1N9XSP00TBMXT0GH1LLN8X2BWJWNAYUI1ED7Y4S0Z34W2U967TZIHKEEU7BJ2NZ5RD6PWIS62VYF2GJBJZPR8LAQ99M03J7LD9FYYUKZA2PWV9MOY99C7I6FCQPX51DTXMB2AUNZP0QG5O4AW8C3J4O4DAVHEW3JY68J7TNEWJXG2ZJX
console_handle: 0x00000007
1 1 0

WriteConsoleA

buffer: VOA7YJK3.LC8QFDXS0POH2ASZMUTAO1W9IHIGAR4AW0QBFH51WEDKFCOLRE9NL1MTQ9I74RRJUNVBTRTFY1NJYL3G37Y5RRZ4N7VG876FX4Z1QN1AU3YUND5EFCE72W1DY0XW6NG04IW3VBZQFYKY2FRKBQA639MBCWD0ZFEHX8ZFQBSDMY2ELDKTJMUPMK655V198809UDB3PL4A76TFGIZ9LTRNVY4MB3J4KTEO72UHCQD7STSQ01YX51YPQNO
console_handle: 0x00000007
1 1 0

WriteConsoleA

buffer: 5IY2WC90O2FHOYR74PU4BFOWKEW8S5Z7UOY9NYR4S3EYVUK9O4396SMZ4CRRQBHSCHW99STF8ZMIB0AZ4WUYBZABC9FLGAORWVVN7L95KYAHFDYDB2W3QSRMGU6AMH88K5WPEW1TXYNNZ368KBKONUADDIHMO9SCZC6KRI8PADG1FEXNY7ZL7UVZ5SM6POEYGKYW6WRCD4NJOI79V3XQJHEFRGO86C9V9SV4QAQCQWHCGLLWUMLW0YO8GSF0HSGA
console_handle: 0x00000007
1 1 0

WriteConsoleA

buffer: 52K6XDTUMV9W9B8F52NT1N4KDWY75058QGHNBO9R20JFY18EUA4PEWJR793APWZVZBG24VDR261ADYWMYUN46Q337ZQCV9BGBYQWVGJ97NWI5JOINRM5J4ZJIM5EEB524U8PI90RKO7S3U8XLHZEXG6H8HOIKE45R3NKL8AN04U57GPYOI37M1FYX1RBVSGFTBBAGXMNHLO3VBJ2204CL7TZYZWUR82HXPL5FPR05QZANMDWRYJ5XE4WRLLRB26I
console_handle: 0x00000007
1 1 0

WriteConsoleA

buffer: TGFGZNXMIEG5HSMMVAC2Z6UTUZO4D9YDTQRHG76DB6WT79O9895AZDTWVWVA93JIPCL0BEFYD903JBVUKP5DEXOQ74VTL5DIWOD4YX.DFTAIHHYX7A6JEEH1YKO7WJ6KRTFOEFQNHU3KCUSRC4IPVZ37IQA8A0Q5X01YBKS2TSCUK7YE1642AQY10HFXERNQD7WL34P2MQ5DXIWL26GD5Y4GB983E4XCEVRNKMK7QCPUVVERU45IKKVOCPK36VXR
console_handle: 0x00000007
1 1 0

WriteConsoleA

buffer: 339B0JAPVJW3IKVP4QIK8O13ACL4CRA5P701WC1L3QXBY2F1448QMMTOCFBY8GMEJ1NLT332Z7RS10FI7T9HSUSCOLZRACNWDS26O4IBBG1P5BXLA31PGFWYJL6HDM1WU4OI8I3CK8GL3CGNYOQHL7Q86DXC8A7ZPE5BWON19YEH8K5GESTZ5TKWNPM4U1EKBR6YHF0JAZIX3JAVIR7PQI354IXHCSGIU3GROG892JZFLX3EP0WD3Y33XB49STHR
console_handle: 0x00000007
1 1 0

WriteConsoleA

buffer: SAC9DTHBT8XHSYTGPS2L6DO69M3MM8QIBHXLU3B6SUT5BWK9RXT915VOVGA0Z4ZUROFLAIVWR63LTT4NC45YORRFWIZO2LGX59NWQ88JB7S4CJ4CLXX49AFA69Z2SH3FZFQUFI6D5WXR9WCMNXDFYLY44N0RJG04EMF73K6D0T9MNYAJ6MO5EXRNQV02SO4Z63NXRFTD09PEMLRGMQU724ZQ42RHTDVLZKQTKN213KEEINAFDUPB476BD63YYLTX
console_handle: 0x00000007
1 1 0

WriteConsoleA

buffer: ODPC4859X2DR0UIQ1LD9XTR2NPPOUEDR1R0F88KFZQOB3PLSYM6MIU94VWZPSQPTZW0I4CS3A8KHFP87E60IH1JGS5TLI5XIB4MGYCYV3DLKJ2ZFY1KV0GM7NT08SHUFKBFLD(String JBIEODP96ZGNXRUBS4RO3FM0CVSG9IWNC5SJNV1ISOWA1EUDUJSK3Y9EYSB3UJ9YD3L19LY6CJ6OSM88BPVZ0LUO6OU4U8XIO87833DIUVIU1UVMTD2
console_handle: 0x00000007
1 1 0

WriteConsoleA

buffer: FXJ81I65V03MEVX9UO9EILNEEDAWL2HLQGSVEAG077SS1IE8EUB8U8U3KE3XHJT2TS67CC5UIJHK34N59BS01J0RWZL9GSSXO09JMG6BZQZK1KAP18XF12AJ1OLN15OZ1T5C5ET2FQAKUQZLY5II4M6VZZR75SK4C9THO7TXO59K10ZKY9Y5WG4OXJNGWV7XGGHU7R71MV39MV49AHJ53PI6EEUETNA37MEVSFNGC6TBM5BBPOGPLC307LP272H9
console_handle: 0x00000007
1 1 0

WriteConsoleA

buffer: U9CARIR43C365HTJDSZFGVR4SNXHZUJJZUQN2AUG7LVJJ6501FZOCC29RIRDVJEJ3THL0GRC8TI59IVWS6PU44HW2Q5UTQVXGMP0YT9UYXQT36AJW5VY4UO8LUTKK6SS7VZX2578645HOX35QW7Y463V7QODAZK1E8VIHNQ17W19YHUY1X4Y94XA2DZMQ37HUEDQBUYCGF0IE4706ZMN5W2JKUQDXDKEZUOUEEWG81R3EP68G9Q0RUL8L3FQEUPC
console_handle: 0x00000007
1 1 0

WriteConsoleA

buffer: 4WSUPMW1DFOEE9E5YS7YXTWEJPJK8FBNMO8S6MS3NYXMFH3MYJ1WX1OL9NKADL37DB20BW9M9DK96K9BV6VZNP0U9XSSBS0B50IEPDLCJPXTQPOZOJOG0DTYKH0NERLRNJEGB5WRVSP82HEUI2D2DTK1GU3IN781DFFHKIXSW7UHYU6DCGFLNTO48N9RBOEYUX5WB7JAEVFG8DDWX0FH2WNU1LI7IGRI36XAZJBF6EG2NI55KN3KI, Int32 57J
console_handle: 0x00000007
1 1 0

WriteConsoleA

buffer: L50YM18D7NBQC6OZ9LXQVGSPMX5NG96AZ0NNLQUNIYQ44PHQPVJVIRYEMKMY6U77QB0MSANT0KH6ZYV7PO8U0L2IBIBAE5QX0TO3Y47OHZ48J2PYZOJRWNGFISLK9NO53UFGJ2IVQTMAQ48I3MKZW9ANMIUGTXP4L9EYXJO7GXADAFYOUCQWCZI4T13AHCB3ERZQZJVU7NS887MHUFWQH21V0KE5QOZEWH8SQHZKQ6ZZGK6WPVQCQVWL0D0PE0DT
console_handle: 0x00000007
1 1 0

WriteConsoleA

buffer: XOM0831MQLAKDCPQNSQ47XXAVX2MRJF02FC18FXV4EVEVLHYYJBWKJV90LELAO4GGJS79YSH4493BTPKPEYHISQTTCAWBMUPJP7L3JYA131PJ28H54560X8X38O7X5GSKTTWWERFQYPO1AJ1E31GRYZWQJR451M6XJEZILV0NZPCHU62ZW23D9AW47GMXWKZLT1R6TS2IA31IWP6NYEI8T2XIS4KFID0P01Y2O6FEAUDFIOISJ98SB110EINYHXA
console_handle: 0x00000007
1 1 0

WriteConsoleA

buffer: 7DMR50D818E79ZR9EW25JFIO997YFTR6MUFC66M1FBGT632AWJJBP10148S53P2IRIVOTODHKA0I8ZRFH7B6JPQV3OH8NR80I7BYINQHFB1PBS2FQNX5N59C19UFHE42C99BX274Q40HXBTLVCRA3CMN896I2KABH8MBT1SYP3PTE1O0PJTFW499XWDY5ZBF3ZAYYS24T3U9X3IGUG2T05ON9NO6Y4201J0P1ZB7RZV2J9L4N7DZ6SO7KXZLE5GZ
console_handle: 0x00000007
1 1 0

WriteConsoleA

buffer: B4HOD3O4E5CBKVD9BUT00D3J42EEA03VT51P171TSIUBQNXYT0JULP87A8UKZK4OBQRO4YHD39IRT22QFPUJQJJE64P3NQ4HOF9A6I45SF0MGROIGDFJZU72GNR9JO0MFADN22U6VZ0KS77PQGXJLVR3HG3S14WEPOGGNAPNS) at 44G60M0MUBB0U7GE1Y53HTWNI5SG5706WRBJ70YDHRASKFTKQJLG340KH3Y54TRWKEDD66GA91VZSD
console_handle: 0x00000007
1 1 0

WriteConsoleA

buffer: CCLH0VWTD110BDC3JXAOHFCQNTDKGBJA2E1WTW35A1BLLG5D8GS7ZE67A54HSLMBS077MQJW4FNPD0EHX9LASLLYH3VY2WMYOA3UJ80S75CU0Q3K0XTTAMSGPI0S4V4I2YBD6U7ZJ3CXI180AL7FC3YCRWEAHIXMB41BP0NGZ3KGJ57YK9STXZF9A9VKP6RAF0VO96KK80PJTR2VZQ0HZEYLY1BQED12LJBTJSYNZIV7J6QSH9U8FJLACK0I53F4
console_handle: 0x00000007
1 1 0

WriteConsoleA

buffer: 8X7KQIMG1NSRT0B2LSJES2WB7BQ92QR5C08W8GC8XOH213QLI86MUBMGA5MO1NNK5WO32P3FQLRDU4KEUF04UFLBN2WD3XGKB76EPXT3F15JUIVFUI4WWTZ0LNPA2ZL3EGCX8FZ6V7Z3JCREGQSV2TYSHG3CHTAPPCENG8HOS7BY36RJ5K3MHZAUSUP2MWYC7KOG7E8IJDC5S9YLYUG7ZXIZCT5VSPC5I80TSKL1MVCDXFCS6DD2Q1NJBYEOJMZ4
console_handle: 0x00000007
1 1 0

WriteConsoleA

buffer: BGWUJE3OJPVDVEC6RMZPMJPQUQR3F6S96ICQSRJ1KYTAGJY7WH66XKS11F92XAIM7WHMBVO9C8EX0OKL2UG8AVLW0LZMSREKQHDUCM5A363ZF4BM5Y9C3JMLKUV06BRV34GSLZIQYFED2WR5JMR3RBQG52KR0FE2PI5KYSBFPTOXFITXD0QUTYD1N9XSP00TBMXT0GH1LLN8X2BWJWNAYUI1ED7Y4S0Z34W2U967TZIHKEEU7BJ2NZ5RD6PWIS62
console_handle: 0x00000007
1 1 0

WriteConsoleA

buffer: VYF2GJBJZPR8LAQ99M03J7LD9FYYUKZA2PWV9MOY99C7I6FCQPX51DTXMB2AUNZP0QG5O4AW8C3J4O4DAVHEW3JY68J7TNEWJXG2ZJXVOA7YJK3.LC8QFDXS0POH2ASZMUTAO1W9IHIGAR4AW0QBFH51WEDKFCOLRE9NL1MTQ9I74RRJUNVBTRTFY1NJYL3G37Y5RRZ4N7VG876FX4Z1QN1AU3YUND5EFCE72W1DY0XW6NG04IW3VBZQFYKY2FRK
console_handle: 0x00000007
1 1 0

WriteConsoleA

buffer: BQA639MBCWD0ZFEHX8ZFQBSDMY2ELDKTJMUPMK655V198809UDB3PL4A76TFGIZ9LTRNVY4MB3J4KTEO72UHCQD7STSQ01YX51YPQNO5IY2WC90O2FHOYR74PU4BFOWKEW8S5Z7UOY9NYR4S3EYVUK9O4396SMZ4CRRQBHSCHW99STF8ZMIB0AZ4WUYBZABC9FLGAORWVVN7L95KYAHFDYDB2W3QSRMGU6AMH88K5WPEW1TXYNNZ368KBKONUADD
console_handle: 0x00000007
1 1 0

WriteConsoleA

buffer: IHMO9SCZC6KRI8PADG1FEXNY7ZL7UVZ5SM6POEYGKYW6WRCD4NJOI79V3XQJHEFRGO86C9V9SV4QAQCQWHCGLLWUMLW0YO8GSF0HSGA52K6XDTUMV9W9B8F52NT1N4KDWY75058QGHNBO9R20JFY18EUA4PEWJR793APWZVZBG24VDR261ADYWMYUN46Q337ZQCV9BGBYQWVGJ97NWI5JOINRM5J4ZJIM5EEB524U8PI90RKO7S3U8XLHZEXG6H8
console_handle: 0x00000007
1 1 0

WriteConsoleA

buffer: HOIKE45R3NKL8AN04U57GPYOI37M1FYX1RBVSGFTBBAGXMNHLO3VBJ2204CL7TZYZWUR82HXPL5FPR05QZANMDWRYJ5XE4WRLLRB26ITGFGZNXMIEG5HSMMVAC2Z6UTUZO4D9YDTQRHG76DB6WT79O9895AZDTWVWVA93JIPCL0BEFYD903JBVUKP5DEXOQ74VTL5DIWOD4YX.KRRGT86J778MFW6RK8D1YMA3ZKRV5T0N16487IUHINLBKGXPHA
console_handle: 0x00000007
1 1 0

WriteConsoleA

buffer: 48PCT7QXQIQLONHVUI17TBO5TKB8TSXCN4Y17YM6RJ1L06874YVOXKQ3UTSJ6SE8VO8TZQX554PKKCEXLDE47IPDO5GNFDA9F3ZM8PIOBZS24GTRO573OKAM95E3JJZ14QEQM2Y64Z3H0WIIMZ9KGGV42NNDKOF1907OBCEWGA8YR3WMW6RTKPVY4KY9PVVQUBH9Y4GJUMDFI7N80AQN7VQUFJT1NFHVPSDPWXY2ZH98MPQ76ZJOEHS9UX3OKP6O
console_handle: 0x00000007
1 1 0

WriteConsoleA

buffer: FS0Z37MCMYYZVSI03V4Y53QH9D494JRKLU24Y0D9MGBQT3OCPDVYVHTMBTZ0DNIDGNNAZNBDS5LY19XFZ2T1Y2ZEBQ2FBN6988JFQOMBBSGZ64UB5TBK3QPOYJ8IV6BE9MZ20RZLPSZFV9HH50JRLVFST5RHPDPFQB0UE2LN405L0J2ZB1N5WU3OGHJ4AS5LCUZUIXCDO5XVZ41JC1FX0US5IMN6SQNL4(String IGTIROYJQ07HYMQ91JNIUSB
console_handle: 0x00000007
1 1 0

WriteConsoleA

buffer: 4L6JGV7SL1FWU04K08RD28BYBQSYD8W9ZFZ6UFSYSHVQSZ5J78WJDOJ5KIHZCIPNEG6PA7ZVQ2VUNUFLUJ1ELN6K53WM72WJ2HLM3PI9JA3K3YSZC5F2RKB1KVTHLMYXGL1FI3SEA25LTVRHL6KBX32SFUBH6BX6MGDS6MQINA2YP0HYEM5OCW9NSJ9Y1KI9E89NS9K8QBYXAEDPMNDTFJ4ZGZ9XN2RC13TQ14GEB78A8LMOGUMOHY35EJH29XVY
console_handle: 0x00000007
1 1 0

WriteConsoleA

buffer: UW5HUWYSG8RIL314NVR2PC4CAYMRWOFOMKQMQF3T63HIHUTLSMONF2IR12H5KH523D6BMPOI286W4W5PEB8K92JTB8UX78IY8PPEYS8D8GVH5WXF610JIU3B3M9N40K3ZHXPG11WC4M2GBXPLP0FH8QNVOKLTUJH51RY8H8FAEHNIA42YUBO9FW01K42RPDRVE6PU9QERVED1CFUUSW9S4H0F06YNGXVAZ2DEPIYD77OAS8YEJI92D817FK3D21L
console_handle: 0x00000007
1 1 0

WriteConsoleA

buffer: 7TCCKBQEK75V630W1HTE7Y270AG8EOVKGWQQP6OD2DZ4HN4DPXB5IXNI1FMJ5SA5MVPKMKH53QL497ZMGCTRNZCTJHYKUFIJD4SW8T1EQFC2LSJ3Q9C29SRWS6BEV7LYHC1FPCOWLOBIXJH0843UCPJVM5EBSWTT4OUJ1EOOUQQVQJ9IYKF0D0V12G2T8MEY5SNIZ8, String 4QPAV9YED65NHQ2PE22QVL5QHM20750TZMLKYZA2DBZXC96HC
console_handle: 0x00000007
1 1 0

WriteConsoleA

buffer: DJP6RNSV82JG8GHFLX5FS1O29NTVHNIPUX4WKWH82ZZ70VF4SR0LACUM4X6E36NVU3WKMU4ZQ6M3BRCNIZDZW7ORDS2XZDE5LEN694S7WB5D01KNUT6E3X8XOEH32H9M2QR7EFONGFDVBL1MHOCGHACXG0R4WYFPCSLKJNJPES7XUNVDN5WNE2F1N30NYT0SAXTS9RC4FXBYCPD3ENR1C2LJNT6PW50V1OX73CE621IQ0QZ807JKB9QHLJFPUXHJ
console_handle: 0x00000007
1 1 0

WriteConsoleA

buffer: 6Q7X1F9CJV8KT4S647ZZWQT28PVU6ZLFT8UKTBHU8GBQAFYR1IUW7SXQ6EZLUPFTK30VJIN30E1PPD221D2YEYHBKENOL5ASBRFHOCHT41531IB3M7UQWRPVVZLF49S5EIO77VNY5J3N2OKCDTBOKT6UCTVZ1CY5J9YS3D51U5UMXB3GPICK7EVVL45O9X73U8E2Z1I9YK3O8U6A0OKSAN7FODH9IR26811Y7ARXACWXKGW174XUNO3GB8OWUJ1H
console_handle: 0x00000007
1 1 0

WriteConsoleA

buffer: R7QH2HCZ7WS71J4IQPBO3HST7UX9W5D1LOGMZP8Z28W165P2DGFEHNNJP7JHUDDCS0WMCSSARLV5V0WCF45QZ8T8B672G0FY5UIFJCZVXEX51SYYKGCZIWMTHYLGUZ40G79ARR3DFJ2VLYHSHJR9YPQIHZ8V0SB8K7Z4SYG3N9U831ITQ39KH4C0Q132SIMWI4KN8M9SCYWY5SOPQPE6T00Q59N14NKFW709Q4UE4QITHN48MNMDDPDSD4S98HYZ
console_handle: 0x00000007
1 1 0

WriteConsoleA

buffer: NQC81P9V4ACCSHISEPPRBHBG3H5VMUFX2SF0L6G7N0IDNAA6WA5T2GXFP5EUTNJK4PK9BRGHJRDL9722H99LZV4V5ALP2WOAQ8J80A5E3XJKCMFRCLMUN8UIUYEAG1PXDD4BY4CGD4RCLUTS43NQJ3WSNAOC648CIWH9) at MJDHO2NBWZFZ43MOB225J6R6SX5QJ3FW3VDKJG171GULG8DUEDNYCZVQ2HY06723UT6JZBF5B4ECMFZTTLL
console_handle: 0x00000007
1 1 0

WriteConsoleA

buffer: GPQTE9XSBRAB3O00XC45D8SXHVSEWRFHUWVOD91JCSDNB3KYVOBQZQHI73LTQT6UM3QH2MXYLV2U4FVOK4THPYREONRJXI2TWTAHMC5I1NFEXXN1H7IVAYEYLL2P5NAD2J8LEOBH9KPBTNR1AZB09GT7OM6BKQMONBLNYCX35AWZICE74BPGLKDV0A62RA7T8BYRBDC7BH49U3YMH8HIAFCD80XYF5M5CD0HOW609REDPEB6MUUS2YS38UTLQO2G
console_handle: 0x00000007
1 1 0

WriteConsoleA

buffer: 586QDR7UCRJTA9X4Y0MVL3COU7I3DUJUY8HQIU35W9QLO8296ZW0CH5C6R5GIERRHY4C1HVE7Q8MM19WEJ6O8SSRDFU0YXWSR8EZE0HZDS3VITZESJB8HCTYGN9WW5PK3Q4OXJROCHLPZ7ITQPIOVYKPOPT11VCICT11ZLRI2W691D9IEPGGXBYFFO9HZ0XQECNGGR4E79W91KXKPLWLP6VB5VWKLKTB9P5Y03CXUBJYOZN51Y2ODLBIRMKU4U3X
console_handle: 0x00000007
1 1 0

WriteConsoleA

buffer: PV9MP8UWI91OX6WFH0SXRE7XOXGNSR29IVI3ZBP2EGFDTXVUZFNEBFFLXM722GD1H1FBY3QGL0TL83D0BWYNEY8CP7FNDXA7CO62RT65ZG2LW4M3IH0GR0WT3DW1YCCX0VJU7LJSZ2Y75WPVUMF674PM1N8O7EHWEFVBU1667HQZCZYGXAGL7FZ5F62UN4VUVB2ZBOA2QI8ZO0KCZ10685Z9PZ5Y9LTDW5DA68FJAN5YG9RPW05VEYWZM3KMSM3E
console_handle: 0x00000007
1 1 0

WriteConsoleA

buffer: Z5DSWJF0VR5U9A2PHQBIQ797INYCX30YT19K692NUE9W3CZLB4EBLVX16FJIVDD20HAIBRTIYXXM7ME.QYW3VGV0USOE7RX8JCTB8XA8CQIZE3LUX7AK12JQELV344QZBS2YLB93XY0E86V0H3QAQMGR3C6XBGDIASYVBWJV8GWDCESHZ4WBNQJYLK4IEM2QUREPI9ZUU5BJ0COZUY7GUB4UJ9K01AQWOFSUAC9ZEBRSO97J5FYQOV6SWUFIZ93T
console_handle: 0x00000007
1 1 0

WriteConsoleA

buffer: OP4VU4YRYHBTUMFKBB4VMAH2J97Q61AFI7E8EMYBQG1GTN8KO5GYFHGNHBMU6IU7H6KXHHFYM2EGJBJ5BWBBUL9B111CAEEHW39XCLCH0SMMCADG2QSJHTM66J5QQCXHX7TQCV20T4LC8W80XUKUV4ACQC03PW1X4FZFQXEGX1ZMHK7KKE252DV26Q9959L7DXI373KAQD73FY5GFQSK4540T6J9XFLXQ2IUBDMR41PZG1XIV33PRADH3RKBUKNL
console_handle: 0x00000007
1 1 0

WriteConsoleA

buffer: 1JNMPKECDAPCQFU1IBN3L5GPZA1U3L7UOE76OL2KZ0LRVB1X7S2T6U96D7XOTUJ2C5YMHXN7IDDUTY4YJDWKSOX3EB3QXO1FRTOZMOQJE5K3QOMOC9EQ78JYI4HG46J4L8DAKFL4XMGXD4NZZONYJKITKZRSHJPHWQRSLMD7YK3U2VVNQSRQTUUBZUZVY2XN78BWM5ONKQA8RX0ZEDCY29YB5Q21WSJ5WPW3U8AUDDFCTVTC3ARU08V8J916DW01
console_handle: 0x00000007
1 1 0

WriteConsoleA

buffer: GFMCB7EFCRUY3VRJ6Z8WBYEX4XTUHERRNN6OJRA65LSJN6FYRRANYE0SAYHNNU889DLQZD9OZB0ZG5J8S5CZDD2IWNOVKXSLNUJKUY8ORVYWNALFOJ4RRI45LC3LZOECSOMWV9N46YHSPF4VCIGB2B4EZO9R5WYDRWE8YZTO5AU2AMPFHHJQHDJRUH6HA58K9EA3B57NZ2F1QBDN83KYNI5OMWOQ2MO9CK36LWELJ61P7RBSETIHVK61JVQORQUM
console_handle: 0x00000007
1 1 0

WriteConsoleA

buffer: NFZFIHBMY8OQRPQ4V.VTYHANN0YH11L7QP4LSAIII828NMCCN3JALY9H7K1ZZBZEL7LKHPYTXNK0OC9AYW38RKV1QXNHITSHIYWQA248E0N8OI24L0BDI0XBLU3UCRKE5DRZQTA515416XMH4S6SRP8SBVEQ8K5WPJDL1CO10FLN66EYHWZUV2WQE9Y4PT7Q9HLXUAQ1DE2MDVVFQPIMVLBXXWH2OTMGI5NZUQEGG7QQAKNTNTN9KU5XFYA73YNT
console_handle: 0x00000007
1 1 0

WriteConsoleA

buffer: 2VDHH5UALBGX5VXNJYO4FM5XA0U6QGNSU6XOGFLS9NXJOH2UAWXFJTOP0QHRLXTEYYD87JHEM651ZWJ27964THIBSIY074GL4SUZE3W1PS3NXW0DGOTL1YVRQCQZUQHRZU7GCTYDNEOAO4N6SUTSL4TF7CJBN6G8LMXDZTBX0P8XKUDVZUHA7YG5A1J9JW0Q7PZBGJG8S625665M9YM2ZGBXF2D8KCNDZRZ45BPPNIRB5K8E569VK701OB6NGIYQ
console_handle: 0x00000007
1 1 0

WriteConsoleA

buffer: SZFOGBR8J6PRZA1448COC22218Q3FBJFUASGFU84OBMNRJCNKBTHGKOZ6MXHUX2HXK6YRVZJAI9AQPKR6CTERB8KV3J261J0IEZHMN6YLJH7KNIRCGKSEYZWLWCYL6MI8I1MZCETG42I3B9IU200Q1WUOD60LHNO789CW619B1LJ5R2KX4DTGV2GVH8VGOI8ROK5B6VXA0ZZPNY6LWCQD4ILG2RO8F3XTN1RH7I0IQSQ6D1HSCKTL14XF9YJPHZ4
console_handle: 0x00000007
1 1 0

WriteConsoleA

buffer: 6BFCVHZNNLIXL2ODBJ665JL1SDLHI9LB0XT47YWLM6F9TGMNUVHGL39XZNTR5RFOAH7XIUGMXUT8DMIM17WX1EZ6Y5ETFEQ4118MIYEAP5T0KBTNFH075SW5RA9MQWHSEYGMN6DD2WH6V9WXM0O7NS9JFD5IZ1U2YAWV4G9IEWEIK0KROMAZIJFW.JEANZ5NM2WVAI59ZKW3N5LNJLU8AQN0HUJ39KN70QO8JL7L0U2O8OK1810CE6N6P5OP8CAP
console_handle: 0x00000007
1 1 0

WriteConsoleA

buffer: 7YD6QND7OJHQX922KS5HTL33DSTN7RMYUNQJLOKUX3Y4Y7IPDWEQG25W5J283ZA67T5KSSR6HKU0W8FGJDKLM5R2R4OBVM17317FB77UFII6IF97EVYZPYTCBC2XDPK5TW75AAEMG0GEWVUM5R79XBSEH5D8EJQZ7NNVHE6DRMSYSPPPSQ2WRKHRD3XF6FH7KQGJI8E1V3SLS4V2QXQYQ4IWF5SOQ0HLFVOCIFHUMBBX269JH4ZIZSRQHTENQ0K4
console_handle: 0x00000007
1 1 0
Time & API Arguments Status Return Repeated

GlobalMemoryStatusEx

1 1 0
Time & API Arguments Status Return Repeated

NtAllocateVirtualMemory

process_identifier: 1608
region_size: 1048576
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00a00000
allocation_type: 8192 (MEM_RESERVE)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

process_identifier: 1608
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00ac0000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

process_identifier: 1608
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x73f31000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

process_identifier: 1608
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x73f32000
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

process_identifier: 1608
region_size: 1441792
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x022b0000
allocation_type: 8192 (MEM_RESERVE)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

process_identifier: 1608
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x023d0000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

process_identifier: 1608
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00952000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

process_identifier: 1608
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00985000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

process_identifier: 1608
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0098b000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

process_identifier: 1608
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00987000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

process_identifier: 1608
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0096c000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

process_identifier: 1608
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00ab0000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

process_identifier: 1608
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0096a000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

process_identifier: 1608
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0095c000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

process_identifier: 1608
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00976000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

process_identifier: 1608
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0097a000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

process_identifier: 1608
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00977000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

process_identifier: 1608
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0095a000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

process_identifier: 1608
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00ab1000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

process_identifier: 1608
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00ab2000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0
file C:\Users\test22\Documents\readme.xls
file C:\Users\test22\Documents\readme.doc
file C:\Users\test22\Documents\BhZSeqLSZpM.pptx
file C:\Users\test22\Documents\bVRefnYHuM.pptx
file C:\Users\test22\Documents\pkEQhIYeMF.docm
file C:\Users\test22\Documents\rfmkQPmZTB.docm
file C:\Users\test22\Documents\qOODpdgxYb.docm
file C:\Users\test22\Documents\phishing_file.pdf
file C:\Users\test22\Documents\rLMWKWnBLt.docm
file C:\Users\test22\Documents\FqTBgQBiom.docm
file C:\Users\test22\Documents\DwcfZjjeIPC.ppt
file C:\Users\test22\Documents\QLzXTwpCruiaQFO.docm
file C:\Users\test22\Documents\okbhzofvbu.doc
Time & API Arguments Status Return Repeated

LookupPrivilegeValueW

system_name:
privilege_name: SeDebugPrivilege
1 1 0
Time & API Arguments Status Return Repeated

NtQuerySystemInformation

information_class: 8 (SystemProcessorPerformanceInformation)
1 0 0
Time & API Arguments Status Return Repeated

MoveFileWithProgressW

newfilepath_r: C:\Users\test22\Videos\desktop.ini.Payola
flags: 2
oldfilepath_r: C:\Users\test22\Videos\desktop.ini
newfilepath: C:\Users\test22\Videos\desktop.ini.Payola
oldfilepath: C:\Users\test22\Videos\desktop.ini
1 1 0

MoveFileWithProgressW

newfilepath_r: C:\Users\test22\Documents\PsaNJusCgINdoOeEc.rtf.Payola
flags: 2
oldfilepath_r: C:\Users\test22\Documents\PsaNJusCgINdoOeEc.rtf
newfilepath: C:\Users\test22\Documents\PsaNJusCgINdoOeEc.rtf.Payola
oldfilepath: C:\Users\test22\Documents\PsaNJusCgINdoOeEc.rtf
1 1 0

MoveFileWithProgressW

newfilepath_r: C:\Users\test22\Documents\pTCCkSolPbOS.txt.Payola
flags: 2
oldfilepath_r: C:\Users\test22\Documents\pTCCkSolPbOS.txt
newfilepath: C:\Users\test22\Documents\pTCCkSolPbOS.txt.Payola
oldfilepath: C:\Users\test22\Documents\pTCCkSolPbOS.txt
1 1 0

MoveFileWithProgressW

newfilepath_r: C:\Users\test22\Documents\QLzXTwpCruiaQFO.docm.Payola
flags: 2
oldfilepath_r: C:\Users\test22\Documents\QLzXTwpCruiaQFO.docm
newfilepath: C:\Users\test22\Documents\QLzXTwpCruiaQFO.docm.Payola
oldfilepath: C:\Users\test22\Documents\QLzXTwpCruiaQFO.docm
1 1 0

MoveFileWithProgressW

newfilepath_r: C:\Users\test22\Documents\qOODpdgxYb.docm.Payola
flags: 2
oldfilepath_r: C:\Users\test22\Documents\qOODpdgxYb.docm
newfilepath: C:\Users\test22\Documents\qOODpdgxYb.docm.Payola
oldfilepath: C:\Users\test22\Documents\qOODpdgxYb.docm
1 1 0

MoveFileWithProgressW

newfilepath_r: C:\Users\test22\.idlerc\breakpoints.lst.Payola
flags: 2
oldfilepath_r: C:\Users\test22\.idlerc\breakpoints.lst
newfilepath: C:\Users\test22\.idlerc\breakpoints.lst.Payola
oldfilepath: C:\Users\test22\.idlerc\breakpoints.lst
1 1 0

MoveFileWithProgressW

newfilepath_r: C:\Users\test22\.idlerc\recent-files.lst.Payola
flags: 2
oldfilepath_r: C:\Users\test22\.idlerc\recent-files.lst
newfilepath: C:\Users\test22\.idlerc\recent-files.lst.Payola
oldfilepath: C:\Users\test22\.idlerc\recent-files.lst
1 1 0

MoveFileWithProgressW

newfilepath_r: C:\Users\test22\Documents\readme.bmp.Payola
flags: 2
oldfilepath_r: C:\Users\test22\Documents\readme.bmp
newfilepath: C:\Users\test22\Documents\readme.bmp.Payola
oldfilepath: C:\Users\test22\Documents\readme.bmp
1 1 0

MoveFileWithProgressW

newfilepath_r: C:\Users\test22\ntuser.ini.Payola
flags: 2
oldfilepath_r: C:\Users\test22\ntuser.ini
newfilepath: C:\Users\test22\ntuser.ini.Payola
oldfilepath: C:\Users\test22\ntuser.ini
1 1 0

MoveFileWithProgressW

newfilepath_r: C:\Users\test22\AppData\Local\GDIPFONTCACHEV1.DAT.Payola
flags: 2
oldfilepath_r: C:\Users\test22\AppData\Local\GDIPFONTCACHEV1.DAT
newfilepath: C:\Users\test22\AppData\Local\GDIPFONTCACHEV1.DAT.Payola
oldfilepath: C:\Users\test22\AppData\Local\GDIPFONTCACHEV1.DAT
1 1 0

MoveFileWithProgressW

newfilepath_r: C:\Users\test22\Documents\readme.c.Payola
flags: 2
oldfilepath_r: C:\Users\test22\Documents\readme.c
newfilepath: C:\Users\test22\Documents\readme.c.Payola
oldfilepath: C:\Users\test22\Documents\readme.c
1 1 0

MoveFileWithProgressW

newfilepath_r: C:\Users\test22\AppData\Local\Adobe\Acrobat\9.0\Cache\AcroFnt09.lst.Payola
flags: 2
oldfilepath_r: C:\Users\test22\AppData\Local\Adobe\Acrobat\9.0\Cache\AcroFnt09.lst
newfilepath: C:\Users\test22\AppData\Local\Adobe\Acrobat\9.0\Cache\AcroFnt09.lst.Payola
oldfilepath: C:\Users\test22\AppData\Local\Adobe\Acrobat\9.0\Cache\AcroFnt09.lst
1 1 0

MoveFileWithProgressW

newfilepath_r: C:\Users\test22\Documents\readme.cpp.Payola
flags: 2
oldfilepath_r: C:\Users\test22\Documents\readme.cpp
newfilepath: C:\Users\test22\Documents\readme.cpp.Payola
oldfilepath: C:\Users\test22\Documents\readme.cpp
1 1 0

MoveFileWithProgressW

newfilepath_r: C:\Users\test22\AppData\Local\IconCache.db.Payola
flags: 2
oldfilepath_r: C:\Users\test22\AppData\Local\IconCache.db
newfilepath: C:\Users\test22\AppData\Local\IconCache.db.Payola
oldfilepath: C:\Users\test22\AppData\Local\IconCache.db
1 1 0

MoveFileWithProgressW

newfilepath_r: C:\Users\test22\AppData\Local\Adobe\Acrobat\9.0\Updater\updater.log.Payola
flags: 2
oldfilepath_r: C:\Users\test22\AppData\Local\Adobe\Acrobat\9.0\Updater\updater.log
newfilepath: C:\Users\test22\AppData\Local\Adobe\Acrobat\9.0\Updater\updater.log.Payola
oldfilepath: C:\Users\test22\AppData\Local\Adobe\Acrobat\9.0\Updater\updater.log
1 1 0

MoveFileWithProgressW

newfilepath_r: C:\Users\test22\AppData\Local\resmon.resmoncfg.Payola
flags: 2
oldfilepath_r: C:\Users\test22\AppData\Local\resmon.resmoncfg
newfilepath: C:\Users\test22\AppData\Local\resmon.resmoncfg.Payola
oldfilepath: C:\Users\test22\AppData\Local\resmon.resmoncfg
1 1 0

MoveFileWithProgressW

newfilepath_r: C:\Users\test22\Documents\readme.doc.Payola
flags: 2
oldfilepath_r: C:\Users\test22\Documents\readme.doc
newfilepath: C:\Users\test22\Documents\readme.doc.Payola
oldfilepath: C:\Users\test22\Documents\readme.doc
1 1 0

MoveFileWithProgressW

newfilepath_r: C:\Users\test22\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Reader\Files\TESTING.Payola
flags: 2
oldfilepath_r: C:\Users\test22\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Reader\Files\TESTING
newfilepath: C:\Users\test22\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Reader\Files\TESTING.Payola
oldfilepath: C:\Users\test22\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Reader\Files\TESTING
1 1 0

MoveFileWithProgressW

newfilepath_r: C:\Users\test22\Documents\readme.hwp.Payola
flags: 2
oldfilepath_r: C:\Users\test22\Documents\readme.hwp
newfilepath: C:\Users\test22\Documents\readme.hwp.Payola
oldfilepath: C:\Users\test22\Documents\readme.hwp
1 1 0

MoveFileWithProgressW

newfilepath_r: C:\Users\test22\AppData\Local\Adobe\Acrobat\DC\AdobeCMapFnt20.lst.Payola
flags: 2
oldfilepath_r: C:\Users\test22\AppData\Local\Adobe\Acrobat\DC\AdobeCMapFnt20.lst
newfilepath: C:\Users\test22\AppData\Local\Adobe\Acrobat\DC\AdobeCMapFnt20.lst.Payola
oldfilepath: C:\Users\test22\AppData\Local\Adobe\Acrobat\DC\AdobeCMapFnt20.lst
1 1 0

MoveFileWithProgressW

newfilepath_r: C:\Users\test22\AppData\Local\Adobe\Color\ACECache10.lst.Payola
flags: 2
oldfilepath_r: C:\Users\test22\AppData\Local\Adobe\Color\ACECache10.lst
newfilepath: C:\Users\test22\AppData\Local\Adobe\Color\ACECache10.lst.Payola
oldfilepath: C:\Users\test22\AppData\Local\Adobe\Color\ACECache10.lst
1 1 0

MoveFileWithProgressW

newfilepath_r: C:\Users\test22\Documents\readme.ini.Payola
flags: 2
oldfilepath_r: C:\Users\test22\Documents\readme.ini
newfilepath: C:\Users\test22\Documents\readme.ini.Payola
oldfilepath: C:\Users\test22\Documents\readme.ini
1 1 0

MoveFileWithProgressW

newfilepath_r: C:\Users\test22\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt20.lst.Payola
flags: 2
oldfilepath_r: C:\Users\test22\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt20.lst
newfilepath: C:\Users\test22\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt20.lst.Payola
oldfilepath: C:\Users\test22\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt20.lst
1 1 0

MoveFileWithProgressW

newfilepath_r: C:\Users\test22\AppData\Local\Adobe\Color\ACECache11.lst.Payola
flags: 2
oldfilepath_r: C:\Users\test22\AppData\Local\Adobe\Color\ACECache11.lst
newfilepath: C:\Users\test22\AppData\Local\Adobe\Color\ACECache11.lst.Payola
oldfilepath: C:\Users\test22\AppData\Local\Adobe\Color\ACECache11.lst
1 1 0

MoveFileWithProgressW

newfilepath_r: C:\Users\test22\Documents\readme.txt.Payola
flags: 2
oldfilepath_r: C:\Users\test22\Documents\readme.txt
newfilepath: C:\Users\test22\Documents\readme.txt.Payola
oldfilepath: C:\Users\test22\Documents\readme.txt
1 1 0

MoveFileWithProgressW

newfilepath_r: C:\Users\test22\AppData\Local\Adobe\Color\Profiles\wscRGB.icc.Payola
flags: 2
oldfilepath_r: C:\Users\test22\AppData\Local\Adobe\Color\Profiles\wscRGB.icc
newfilepath: C:\Users\test22\AppData\Local\Adobe\Color\Profiles\wscRGB.icc.Payola
oldfilepath: C:\Users\test22\AppData\Local\Adobe\Color\Profiles\wscRGB.icc
1 1 0

MoveFileWithProgressW

newfilepath_r: C:\Users\test22\AppData\Local\Adobe\Acrobat\DC\IconCacheRdr65536.dat.Payola
flags: 2
oldfilepath_r: C:\Users\test22\AppData\Local\Adobe\Acrobat\DC\IconCacheRdr65536.dat
newfilepath: C:\Users\test22\AppData\Local\Adobe\Acrobat\DC\IconCacheRdr65536.dat.Payola
oldfilepath: C:\Users\test22\AppData\Local\Adobe\Acrobat\DC\IconCacheRdr65536.dat
1 1 0

MoveFileWithProgressW

newfilepath_r: C:\Users\test22\AppData\Local\Adobe\Color\Profiles\wsRGB.icc.Payola
flags: 2
oldfilepath_r: C:\Users\test22\AppData\Local\Adobe\Color\Profiles\wsRGB.icc
newfilepath: C:\Users\test22\AppData\Local\Adobe\Color\Profiles\wsRGB.icc.Payola
oldfilepath: C:\Users\test22\AppData\Local\Adobe\Color\Profiles\wsRGB.icc
1 1 0

MoveFileWithProgressW

newfilepath_r: C:\Users\test22\Documents\readme.xls.Payola
flags: 2
oldfilepath_r: C:\Users\test22\Documents\readme.xls
newfilepath: C:\Users\test22\Documents\readme.xls.Payola
oldfilepath: C:\Users\test22\Documents\readme.xls
1 1 0

MoveFileWithProgressW

newfilepath_r: C:\Users\test22\AppData\Local\Adobe\Updater6\aum.log.Payola
flags: 2
oldfilepath_r: C:\Users\test22\AppData\Local\Adobe\Updater6\aum.log
newfilepath: C:\Users\test22\AppData\Local\Adobe\Updater6\aum.log.Payola
oldfilepath: C:\Users\test22\AppData\Local\Adobe\Updater6\aum.log
1 1 0

MoveFileWithProgressW

newfilepath_r: C:\Users\test22\Documents\rfmkQPmZTB.docm.Payola
flags: 2
oldfilepath_r: C:\Users\test22\Documents\rfmkQPmZTB.docm
newfilepath: C:\Users\test22\Documents\rfmkQPmZTB.docm.Payola
oldfilepath: C:\Users\test22\Documents\rfmkQPmZTB.docm
1 1 0

MoveFileWithProgressW

newfilepath_r: C:\Users\test22\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents.Payola
flags: 2
oldfilepath_r: C:\Users\test22\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents
newfilepath: C:\Users\test22\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents.Payola
oldfilepath: C:\Users\test22\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents
1 1 0

MoveFileWithProgressW

newfilepath_r: C:\Users\test22\AppData\Local\Adobe\Updater6\aumLib.log.Payola
flags: 2
oldfilepath_r: C:\Users\test22\AppData\Local\Adobe\Updater6\aumLib.log
newfilepath: C:\Users\test22\AppData\Local\Adobe\Updater6\aumLib.log.Payola
oldfilepath: C:\Users\test22\AppData\Local\Adobe\Updater6\aumLib.log
1 1 0

MoveFileWithProgressW

newfilepath_r: C:\Users\test22\Documents\rLMWKWnBLt.docm.Payola
flags: 2
oldfilepath_r: C:\Users\test22\Documents\rLMWKWnBLt.docm
newfilepath: C:\Users\test22\Documents\rLMWKWnBLt.docm.Payola
oldfilepath: C:\Users\test22\Documents\rLMWKWnBLt.docm
1 1 0

MoveFileWithProgressW

newfilepath_r: C:\Users\test22\Contacts\desktop.ini.Payola
flags: 2
oldfilepath_r: C:\Users\test22\Contacts\desktop.ini
newfilepath: C:\Users\test22\Contacts\desktop.ini.Payola
oldfilepath: C:\Users\test22\Contacts\desktop.ini
1 1 0

MoveFileWithProgressW

newfilepath_r: C:\Users\test22\AppData\Local\Adobe\Acrobat\DC\Cache\AcroFnt20.lst.Payola
flags: 2
oldfilepath_r: C:\Users\test22\AppData\Local\Adobe\Acrobat\DC\Cache\AcroFnt20.lst
newfilepath: C:\Users\test22\AppData\Local\Adobe\Acrobat\DC\Cache\AcroFnt20.lst.Payola
oldfilepath: C:\Users\test22\AppData\Local\Adobe\Acrobat\DC\Cache\AcroFnt20.lst
1 1 0

MoveFileWithProgressW

newfilepath_r: C:\Users\test22\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Reader\SOPHIA.json.Payola
flags: 2
oldfilepath_r: C:\Users\test22\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Reader\SOPHIA.json
newfilepath: C:\Users\test22\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Reader\SOPHIA.json.Payola
oldfilepath: C:\Users\test22\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Reader\SOPHIA.json
1 1 0

MoveFileWithProgressW

newfilepath_r: C:\Users\test22\Contacts\test22.contact.Payola
flags: 2
oldfilepath_r: C:\Users\test22\Contacts\test22.contact
newfilepath: C:\Users\test22\Contacts\test22.contact.Payola
oldfilepath: C:\Users\test22\Contacts\test22.contact
1 1 0

MoveFileWithProgressW

newfilepath_r: C:\Users\test22\Documents\tWhvkSpzYWlhxfJs.txt.Payola
flags: 2
oldfilepath_r: C:\Users\test22\Documents\tWhvkSpzYWlhxfJs.txt
newfilepath: C:\Users\test22\Documents\tWhvkSpzYWlhxfJs.txt.Payola
oldfilepath: C:\Users\test22\Documents\tWhvkSpzYWlhxfJs.txt
1 1 0

MoveFileWithProgressW

newfilepath_r: C:\Users\test22\Favorites\MSN 웹 사이트\MSN 연예.url.Payola
flags: 2
oldfilepath_r: C:\Users\test22\Favorites\MSN 웹 사이트\MSN 연예.url
newfilepath: C:\Users\test22\Favorites\MSN 웹 사이트\MSN 연예.url.Payola
oldfilepath: C:\Users\test22\Favorites\MSN 웹 사이트\MSN 연예.url
1 1 0

MoveFileWithProgressW

newfilepath_r: C:\Users\test22\Desktop\desktop.ini.Payola
flags: 2
oldfilepath_r: C:\Users\test22\Desktop\desktop.ini
newfilepath: C:\Users\test22\Desktop\desktop.ini.Payola
oldfilepath: C:\Users\test22\Desktop\desktop.ini
1 1 0

MoveFileWithProgressW

newfilepath_r: C:\Users\test22\Favorites\Links\desktop.ini.Payola
flags: 2
oldfilepath_r: C:\Users\test22\Favorites\Links\desktop.ini
newfilepath: C:\Users\test22\Favorites\Links\desktop.ini.Payola
oldfilepath: C:\Users\test22\Favorites\Links\desktop.ini
1 1 0

MoveFileWithProgressW

newfilepath_r: C:\Users\test22\Favorites\desktop.ini.Payola
flags: 2
oldfilepath_r: C:\Users\test22\Favorites\desktop.ini
newfilepath: C:\Users\test22\Favorites\desktop.ini.Payola
oldfilepath: C:\Users\test22\Favorites\desktop.ini
1 1 0

MoveFileWithProgressW

newfilepath_r: C:\Users\test22\Favorites\Links\웹 조각 갤러리.url.Payola
flags: 2
oldfilepath_r: C:\Users\test22\Favorites\Links\웹 조각 갤러리.url
newfilepath: C:\Users\test22\Favorites\Links\웹 조각 갤러리.url.Payola
oldfilepath: C:\Users\test22\Favorites\Links\웹 조각 갤러리.url
1 1 0

MoveFileWithProgressW

newfilepath_r: C:\Users\test22\Favorites\MSN 웹 사이트\MSN.url.Payola
flags: 2
oldfilepath_r: C:\Users\test22\Favorites\MSN 웹 사이트\MSN.url
newfilepath: C:\Users\test22\Favorites\MSN 웹 사이트\MSN.url.Payola
oldfilepath: C:\Users\test22\Favorites\MSN 웹 사이트\MSN.url
1 1 0

MoveFileWithProgressW

newfilepath_r: C:\Users\test22\Desktop\readme.txt.Payola
flags: 2
oldfilepath_r: C:\Users\test22\Desktop\readme.txt
newfilepath: C:\Users\test22\Desktop\readme.txt.Payola
oldfilepath: C:\Users\test22\Desktop\readme.txt
1 1 0

MoveFileWithProgressW

newfilepath_r: C:\Users\test22\Favorites\Links\추천 사이트.url.Payola
flags: 2
oldfilepath_r: C:\Users\test22\Favorites\Links\추천 사이트.url
newfilepath: C:\Users\test22\Favorites\Links\추천 사이트.url.Payola
oldfilepath: C:\Users\test22\Favorites\Links\추천 사이트.url
1 1 0

MoveFileWithProgressW

newfilepath_r: C:\Users\test22\Favorites\Windows Live\Windows Live 갤러리.url.Payola
flags: 2
oldfilepath_r: C:\Users\test22\Favorites\Windows Live\Windows Live 갤러리.url
newfilepath: C:\Users\test22\Favorites\Windows Live\Windows Live 갤러리.url.Payola
oldfilepath: C:\Users\test22\Favorites\Windows Live\Windows Live 갤러리.url
1 1 0

MoveFileWithProgressW

newfilepath_r: C:\Users\test22\Favorites\Links for 대한민국\desktop.ini.Payola
flags: 2
oldfilepath_r: C:\Users\test22\Favorites\Links for 대한민국\desktop.ini
newfilepath: C:\Users\test22\Favorites\Links for 대한민국\desktop.ini.Payola
oldfilepath: C:\Users\test22\Favorites\Links for 대한민국\desktop.ini
1 1 0

MoveFileWithProgressW

newfilepath_r: C:\Users\test22\Favorites\Links for 대한민국\e뮤지엄.url.Payola
flags: 2
oldfilepath_r: C:\Users\test22\Favorites\Links for 대한민국\e뮤지엄.url
newfilepath: C:\Users\test22\Favorites\Links for 대한민국\e뮤지엄.url.Payola
oldfilepath: C:\Users\test22\Favorites\Links for 대한민국\e뮤지엄.url
1 1 0
Time & API Arguments Status Return Repeated

MoveFileWithProgressW

newfilepath_r: C:\Users\test22\Videos\desktop.ini.Payola
flags: 2
oldfilepath_r: C:\Users\test22\Videos\desktop.ini
newfilepath: C:\Users\test22\Videos\desktop.ini.Payola
oldfilepath: C:\Users\test22\Videos\desktop.ini
1 1 0

MoveFileWithProgressW

newfilepath_r: C:\Users\test22\Documents\PsaNJusCgINdoOeEc.rtf.Payola
flags: 2
oldfilepath_r: C:\Users\test22\Documents\PsaNJusCgINdoOeEc.rtf
newfilepath: C:\Users\test22\Documents\PsaNJusCgINdoOeEc.rtf.Payola
oldfilepath: C:\Users\test22\Documents\PsaNJusCgINdoOeEc.rtf
1 1 0

MoveFileWithProgressW

newfilepath_r: C:\Users\test22\Documents\pTCCkSolPbOS.txt.Payola
flags: 2
oldfilepath_r: C:\Users\test22\Documents\pTCCkSolPbOS.txt
newfilepath: C:\Users\test22\Documents\pTCCkSolPbOS.txt.Payola
oldfilepath: C:\Users\test22\Documents\pTCCkSolPbOS.txt
1 1 0

MoveFileWithProgressW

newfilepath_r: C:\Users\test22\Documents\QLzXTwpCruiaQFO.docm.Payola
flags: 2
oldfilepath_r: C:\Users\test22\Documents\QLzXTwpCruiaQFO.docm
newfilepath: C:\Users\test22\Documents\QLzXTwpCruiaQFO.docm.Payola
oldfilepath: C:\Users\test22\Documents\QLzXTwpCruiaQFO.docm
1 1 0

MoveFileWithProgressW

newfilepath_r: C:\Users\test22\Documents\qOODpdgxYb.docm.Payola
flags: 2
oldfilepath_r: C:\Users\test22\Documents\qOODpdgxYb.docm
newfilepath: C:\Users\test22\Documents\qOODpdgxYb.docm.Payola
oldfilepath: C:\Users\test22\Documents\qOODpdgxYb.docm
1 1 0

MoveFileWithProgressW

newfilepath_r: C:\Users\test22\.idlerc\breakpoints.lst.Payola
flags: 2
oldfilepath_r: C:\Users\test22\.idlerc\breakpoints.lst
newfilepath: C:\Users\test22\.idlerc\breakpoints.lst.Payola
oldfilepath: C:\Users\test22\.idlerc\breakpoints.lst
1 1 0

MoveFileWithProgressW

newfilepath_r: C:\Users\test22\.idlerc\recent-files.lst.Payola
flags: 2
oldfilepath_r: C:\Users\test22\.idlerc\recent-files.lst
newfilepath: C:\Users\test22\.idlerc\recent-files.lst.Payola
oldfilepath: C:\Users\test22\.idlerc\recent-files.lst
1 1 0

MoveFileWithProgressW

newfilepath_r: C:\Users\test22\Documents\readme.bmp.Payola
flags: 2
oldfilepath_r: C:\Users\test22\Documents\readme.bmp
newfilepath: C:\Users\test22\Documents\readme.bmp.Payola
oldfilepath: C:\Users\test22\Documents\readme.bmp
1 1 0

MoveFileWithProgressW

newfilepath_r: C:\Users\test22\ntuser.ini.Payola
flags: 2
oldfilepath_r: C:\Users\test22\ntuser.ini
newfilepath: C:\Users\test22\ntuser.ini.Payola
oldfilepath: C:\Users\test22\ntuser.ini
1 1 0

MoveFileWithProgressW

newfilepath_r: C:\Users\test22\AppData\Local\GDIPFONTCACHEV1.DAT.Payola
flags: 2
oldfilepath_r: C:\Users\test22\AppData\Local\GDIPFONTCACHEV1.DAT
newfilepath: C:\Users\test22\AppData\Local\GDIPFONTCACHEV1.DAT.Payola
oldfilepath: C:\Users\test22\AppData\Local\GDIPFONTCACHEV1.DAT
1 1 0

MoveFileWithProgressW

newfilepath_r: C:\Users\test22\Documents\readme.c.Payola
flags: 2
oldfilepath_r: C:\Users\test22\Documents\readme.c
newfilepath: C:\Users\test22\Documents\readme.c.Payola
oldfilepath: C:\Users\test22\Documents\readme.c
1 1 0

MoveFileWithProgressW

newfilepath_r: C:\Users\test22\AppData\Local\Adobe\Acrobat\9.0\Cache\AcroFnt09.lst.Payola
flags: 2
oldfilepath_r: C:\Users\test22\AppData\Local\Adobe\Acrobat\9.0\Cache\AcroFnt09.lst
newfilepath: C:\Users\test22\AppData\Local\Adobe\Acrobat\9.0\Cache\AcroFnt09.lst.Payola
oldfilepath: C:\Users\test22\AppData\Local\Adobe\Acrobat\9.0\Cache\AcroFnt09.lst
1 1 0

MoveFileWithProgressW

newfilepath_r: C:\Users\test22\Documents\readme.cpp.Payola
flags: 2
oldfilepath_r: C:\Users\test22\Documents\readme.cpp
newfilepath: C:\Users\test22\Documents\readme.cpp.Payola
oldfilepath: C:\Users\test22\Documents\readme.cpp
1 1 0

MoveFileWithProgressW

newfilepath_r: C:\Users\test22\AppData\Local\IconCache.db.Payola
flags: 2
oldfilepath_r: C:\Users\test22\AppData\Local\IconCache.db
newfilepath: C:\Users\test22\AppData\Local\IconCache.db.Payola
oldfilepath: C:\Users\test22\AppData\Local\IconCache.db
1 1 0

MoveFileWithProgressW

newfilepath_r: C:\Users\test22\AppData\Local\Adobe\Acrobat\9.0\Updater\updater.log.Payola
flags: 2
oldfilepath_r: C:\Users\test22\AppData\Local\Adobe\Acrobat\9.0\Updater\updater.log
newfilepath: C:\Users\test22\AppData\Local\Adobe\Acrobat\9.0\Updater\updater.log.Payola
oldfilepath: C:\Users\test22\AppData\Local\Adobe\Acrobat\9.0\Updater\updater.log
1 1 0

MoveFileWithProgressW

newfilepath_r: C:\Users\test22\AppData\Local\resmon.resmoncfg.Payola
flags: 2
oldfilepath_r: C:\Users\test22\AppData\Local\resmon.resmoncfg
newfilepath: C:\Users\test22\AppData\Local\resmon.resmoncfg.Payola
oldfilepath: C:\Users\test22\AppData\Local\resmon.resmoncfg
1 1 0

MoveFileWithProgressW

newfilepath_r: C:\Users\test22\Documents\readme.doc.Payola
flags: 2
oldfilepath_r: C:\Users\test22\Documents\readme.doc
newfilepath: C:\Users\test22\Documents\readme.doc.Payola
oldfilepath: C:\Users\test22\Documents\readme.doc
1 1 0

MoveFileWithProgressW

newfilepath_r: C:\Users\test22\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Reader\Files\TESTING.Payola
flags: 2
oldfilepath_r: C:\Users\test22\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Reader\Files\TESTING
newfilepath: C:\Users\test22\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Reader\Files\TESTING.Payola
oldfilepath: C:\Users\test22\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Reader\Files\TESTING
1 1 0

MoveFileWithProgressW

newfilepath_r: C:\Users\test22\Documents\readme.hwp.Payola
flags: 2
oldfilepath_r: C:\Users\test22\Documents\readme.hwp
newfilepath: C:\Users\test22\Documents\readme.hwp.Payola
oldfilepath: C:\Users\test22\Documents\readme.hwp
1 1 0

MoveFileWithProgressW

newfilepath_r: C:\Users\test22\AppData\Local\Adobe\Acrobat\DC\AdobeCMapFnt20.lst.Payola
flags: 2
oldfilepath_r: C:\Users\test22\AppData\Local\Adobe\Acrobat\DC\AdobeCMapFnt20.lst
newfilepath: C:\Users\test22\AppData\Local\Adobe\Acrobat\DC\AdobeCMapFnt20.lst.Payola
oldfilepath: C:\Users\test22\AppData\Local\Adobe\Acrobat\DC\AdobeCMapFnt20.lst
1 1 0

MoveFileWithProgressW

newfilepath_r: C:\Users\test22\AppData\Local\Adobe\Color\ACECache10.lst.Payola
flags: 2
oldfilepath_r: C:\Users\test22\AppData\Local\Adobe\Color\ACECache10.lst
newfilepath: C:\Users\test22\AppData\Local\Adobe\Color\ACECache10.lst.Payola
oldfilepath: C:\Users\test22\AppData\Local\Adobe\Color\ACECache10.lst
1 1 0

MoveFileWithProgressW

newfilepath_r: C:\Users\test22\Documents\readme.ini.Payola
flags: 2
oldfilepath_r: C:\Users\test22\Documents\readme.ini
newfilepath: C:\Users\test22\Documents\readme.ini.Payola
oldfilepath: C:\Users\test22\Documents\readme.ini
1 1 0

MoveFileWithProgressW

newfilepath_r: C:\Users\test22\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt20.lst.Payola
flags: 2
oldfilepath_r: C:\Users\test22\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt20.lst
newfilepath: C:\Users\test22\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt20.lst.Payola
oldfilepath: C:\Users\test22\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt20.lst
1 1 0

MoveFileWithProgressW

newfilepath_r: C:\Users\test22\AppData\Local\Adobe\Color\ACECache11.lst.Payola
flags: 2
oldfilepath_r: C:\Users\test22\AppData\Local\Adobe\Color\ACECache11.lst
newfilepath: C:\Users\test22\AppData\Local\Adobe\Color\ACECache11.lst.Payola
oldfilepath: C:\Users\test22\AppData\Local\Adobe\Color\ACECache11.lst
1 1 0

MoveFileWithProgressW

newfilepath_r: C:\Users\test22\Documents\readme.txt.Payola
flags: 2
oldfilepath_r: C:\Users\test22\Documents\readme.txt
newfilepath: C:\Users\test22\Documents\readme.txt.Payola
oldfilepath: C:\Users\test22\Documents\readme.txt
1 1 0

MoveFileWithProgressW

newfilepath_r: C:\Users\test22\AppData\Local\Adobe\Color\Profiles\wscRGB.icc.Payola
flags: 2
oldfilepath_r: C:\Users\test22\AppData\Local\Adobe\Color\Profiles\wscRGB.icc
newfilepath: C:\Users\test22\AppData\Local\Adobe\Color\Profiles\wscRGB.icc.Payola
oldfilepath: C:\Users\test22\AppData\Local\Adobe\Color\Profiles\wscRGB.icc
1 1 0

MoveFileWithProgressW

newfilepath_r: C:\Users\test22\AppData\Local\Adobe\Acrobat\DC\IconCacheRdr65536.dat.Payola
flags: 2
oldfilepath_r: C:\Users\test22\AppData\Local\Adobe\Acrobat\DC\IconCacheRdr65536.dat
newfilepath: C:\Users\test22\AppData\Local\Adobe\Acrobat\DC\IconCacheRdr65536.dat.Payola
oldfilepath: C:\Users\test22\AppData\Local\Adobe\Acrobat\DC\IconCacheRdr65536.dat
1 1 0

MoveFileWithProgressW

newfilepath_r: C:\Users\test22\AppData\Local\Adobe\Color\Profiles\wsRGB.icc.Payola
flags: 2
oldfilepath_r: C:\Users\test22\AppData\Local\Adobe\Color\Profiles\wsRGB.icc
newfilepath: C:\Users\test22\AppData\Local\Adobe\Color\Profiles\wsRGB.icc.Payola
oldfilepath: C:\Users\test22\AppData\Local\Adobe\Color\Profiles\wsRGB.icc
1 1 0

MoveFileWithProgressW

newfilepath_r: C:\Users\test22\Documents\readme.xls.Payola
flags: 2
oldfilepath_r: C:\Users\test22\Documents\readme.xls
newfilepath: C:\Users\test22\Documents\readme.xls.Payola
oldfilepath: C:\Users\test22\Documents\readme.xls
1 1 0

MoveFileWithProgressW

newfilepath_r: C:\Users\test22\AppData\Local\Adobe\Updater6\aum.log.Payola
flags: 2
oldfilepath_r: C:\Users\test22\AppData\Local\Adobe\Updater6\aum.log
newfilepath: C:\Users\test22\AppData\Local\Adobe\Updater6\aum.log.Payola
oldfilepath: C:\Users\test22\AppData\Local\Adobe\Updater6\aum.log
1 1 0

MoveFileWithProgressW

newfilepath_r: C:\Users\test22\Documents\rfmkQPmZTB.docm.Payola
flags: 2
oldfilepath_r: C:\Users\test22\Documents\rfmkQPmZTB.docm
newfilepath: C:\Users\test22\Documents\rfmkQPmZTB.docm.Payola
oldfilepath: C:\Users\test22\Documents\rfmkQPmZTB.docm
1 1 0

MoveFileWithProgressW

newfilepath_r: C:\Users\test22\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents.Payola
flags: 2
oldfilepath_r: C:\Users\test22\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents
newfilepath: C:\Users\test22\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents.Payola
oldfilepath: C:\Users\test22\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents
1 1 0

MoveFileWithProgressW

newfilepath_r: C:\Users\test22\AppData\Local\Adobe\Updater6\aumLib.log.Payola
flags: 2
oldfilepath_r: C:\Users\test22\AppData\Local\Adobe\Updater6\aumLib.log
newfilepath: C:\Users\test22\AppData\Local\Adobe\Updater6\aumLib.log.Payola
oldfilepath: C:\Users\test22\AppData\Local\Adobe\Updater6\aumLib.log
1 1 0

MoveFileWithProgressW

newfilepath_r: C:\Users\test22\Documents\rLMWKWnBLt.docm.Payola
flags: 2
oldfilepath_r: C:\Users\test22\Documents\rLMWKWnBLt.docm
newfilepath: C:\Users\test22\Documents\rLMWKWnBLt.docm.Payola
oldfilepath: C:\Users\test22\Documents\rLMWKWnBLt.docm
1 1 0

MoveFileWithProgressW

newfilepath_r: C:\Users\test22\Contacts\desktop.ini.Payola
flags: 2
oldfilepath_r: C:\Users\test22\Contacts\desktop.ini
newfilepath: C:\Users\test22\Contacts\desktop.ini.Payola
oldfilepath: C:\Users\test22\Contacts\desktop.ini
1 1 0

MoveFileWithProgressW

newfilepath_r: C:\Users\test22\AppData\Local\Adobe\Acrobat\DC\Cache\AcroFnt20.lst.Payola
flags: 2
oldfilepath_r: C:\Users\test22\AppData\Local\Adobe\Acrobat\DC\Cache\AcroFnt20.lst
newfilepath: C:\Users\test22\AppData\Local\Adobe\Acrobat\DC\Cache\AcroFnt20.lst.Payola
oldfilepath: C:\Users\test22\AppData\Local\Adobe\Acrobat\DC\Cache\AcroFnt20.lst
1 1 0

MoveFileWithProgressW

newfilepath_r: C:\Users\test22\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Reader\SOPHIA.json.Payola
flags: 2
oldfilepath_r: C:\Users\test22\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Reader\SOPHIA.json
newfilepath: C:\Users\test22\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Reader\SOPHIA.json.Payola
oldfilepath: C:\Users\test22\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Reader\SOPHIA.json
1 1 0

MoveFileWithProgressW

newfilepath_r: C:\Users\test22\Contacts\test22.contact.Payola
flags: 2
oldfilepath_r: C:\Users\test22\Contacts\test22.contact
newfilepath: C:\Users\test22\Contacts\test22.contact.Payola
oldfilepath: C:\Users\test22\Contacts\test22.contact
1 1 0

MoveFileWithProgressW

newfilepath_r: C:\Users\test22\Documents\tWhvkSpzYWlhxfJs.txt.Payola
flags: 2
oldfilepath_r: C:\Users\test22\Documents\tWhvkSpzYWlhxfJs.txt
newfilepath: C:\Users\test22\Documents\tWhvkSpzYWlhxfJs.txt.Payola
oldfilepath: C:\Users\test22\Documents\tWhvkSpzYWlhxfJs.txt
1 1 0

MoveFileWithProgressW

newfilepath_r: C:\Users\test22\Favorites\MSN 웹 사이트\MSN 연예.url.Payola
flags: 2
oldfilepath_r: C:\Users\test22\Favorites\MSN 웹 사이트\MSN 연예.url
newfilepath: C:\Users\test22\Favorites\MSN 웹 사이트\MSN 연예.url.Payola
oldfilepath: C:\Users\test22\Favorites\MSN 웹 사이트\MSN 연예.url
1 1 0

MoveFileWithProgressW

newfilepath_r: C:\Users\test22\Desktop\desktop.ini.Payola
flags: 2
oldfilepath_r: C:\Users\test22\Desktop\desktop.ini
newfilepath: C:\Users\test22\Desktop\desktop.ini.Payola
oldfilepath: C:\Users\test22\Desktop\desktop.ini
1 1 0

MoveFileWithProgressW

newfilepath_r: C:\Users\test22\Favorites\Links\desktop.ini.Payola
flags: 2
oldfilepath_r: C:\Users\test22\Favorites\Links\desktop.ini
newfilepath: C:\Users\test22\Favorites\Links\desktop.ini.Payola
oldfilepath: C:\Users\test22\Favorites\Links\desktop.ini
1 1 0

MoveFileWithProgressW

newfilepath_r: C:\Users\test22\Favorites\desktop.ini.Payola
flags: 2
oldfilepath_r: C:\Users\test22\Favorites\desktop.ini
newfilepath: C:\Users\test22\Favorites\desktop.ini.Payola
oldfilepath: C:\Users\test22\Favorites\desktop.ini
1 1 0

MoveFileWithProgressW

newfilepath_r: C:\Users\test22\Favorites\Links\웹 조각 갤러리.url.Payola
flags: 2
oldfilepath_r: C:\Users\test22\Favorites\Links\웹 조각 갤러리.url
newfilepath: C:\Users\test22\Favorites\Links\웹 조각 갤러리.url.Payola
oldfilepath: C:\Users\test22\Favorites\Links\웹 조각 갤러리.url
1 1 0

MoveFileWithProgressW

newfilepath_r: C:\Users\test22\Favorites\MSN 웹 사이트\MSN.url.Payola
flags: 2
oldfilepath_r: C:\Users\test22\Favorites\MSN 웹 사이트\MSN.url
newfilepath: C:\Users\test22\Favorites\MSN 웹 사이트\MSN.url.Payola
oldfilepath: C:\Users\test22\Favorites\MSN 웹 사이트\MSN.url
1 1 0

MoveFileWithProgressW

newfilepath_r: C:\Users\test22\Desktop\readme.txt.Payola
flags: 2
oldfilepath_r: C:\Users\test22\Desktop\readme.txt
newfilepath: C:\Users\test22\Desktop\readme.txt.Payola
oldfilepath: C:\Users\test22\Desktop\readme.txt
1 1 0

MoveFileWithProgressW

newfilepath_r: C:\Users\test22\Favorites\Links\추천 사이트.url.Payola
flags: 2
oldfilepath_r: C:\Users\test22\Favorites\Links\추천 사이트.url
newfilepath: C:\Users\test22\Favorites\Links\추천 사이트.url.Payola
oldfilepath: C:\Users\test22\Favorites\Links\추천 사이트.url
1 1 0

MoveFileWithProgressW

newfilepath_r: C:\Users\test22\Favorites\Windows Live\Windows Live 갤러리.url.Payola
flags: 2
oldfilepath_r: C:\Users\test22\Favorites\Windows Live\Windows Live 갤러리.url
newfilepath: C:\Users\test22\Favorites\Windows Live\Windows Live 갤러리.url.Payola
oldfilepath: C:\Users\test22\Favorites\Windows Live\Windows Live 갤러리.url
1 1 0

MoveFileWithProgressW

newfilepath_r: C:\Users\test22\Favorites\Links for 대한민국\desktop.ini.Payola
flags: 2
oldfilepath_r: C:\Users\test22\Favorites\Links for 대한민국\desktop.ini
newfilepath: C:\Users\test22\Favorites\Links for 대한민국\desktop.ini.Payola
oldfilepath: C:\Users\test22\Favorites\Links for 대한민국\desktop.ini
1 1 0

MoveFileWithProgressW

newfilepath_r: C:\Users\test22\Favorites\Links for 대한민국\e뮤지엄.url.Payola
flags: 2
oldfilepath_r: C:\Users\test22\Favorites\Links for 대한민국\e뮤지엄.url
newfilepath: C:\Users\test22\Favorites\Links for 대한민국\e뮤지엄.url.Payola
oldfilepath: C:\Users\test22\Favorites\Links for 대한민국\e뮤지엄.url
1 1 0
file c:\users\test22\favorites\microsoft 웹 사이트\microsoft store.url.payola
file c:\users\test22\documents\rlmwkwnblt.docm.payola
file c:\users\test22\contacts\test22.contact.payola
file c:\users\test22\documents\bvrefnyhum.pptx.payola
file c:\users\test22\documents\phishing_file.pdf.payola
file c:\users\test22\music\desktop.ini.payola
file c:\users\test22\appdata\local\adobe\acrobat\dc\cache\acrofnt20.lst.payola
file c:\users\test22\appdata\local\adobe\acrobat\dc\adobesysfnt20.lst.payola
file c:\users\test22\ntuser.ini.payola
file c:\users\test22\appdata\local\adobe\acrobat\dc\adobecmapfnt20.lst.payola
file c:\users\test22\favorites\links for 대한민국\desktop.ini.payola
file c:\users\test22\saved games\desktop.ini.payola
file c:\users\test22\appdata\local\adobe\acrobat\dc\iconcacherdr65536.dat.payola
file c:\users\test22\appdata\local\adobe\acrobat\dc\shareddataevents.payola
file c:\users\test22\favorites\desktop.ini.payola
file c:\users\test22\appdata\local\resmon.resmoncfg.payola
file c:\users\test22\appdata\local\adobe\acrobat\dc\sophia\reader\sophia.json.payola
file c:\users\test22\documents\dwcfzjjeipc.ppt.payola
file c:\users\test22\links\desktop.ini.payola
file c:\users\test22\documents\qoodpdgxyb.docm.payola
file c:\users\test22\favorites\links\desktop.ini.payola
file c:\users\test22\appdata\local\adobe\color\profiles\wsrgb.icc.payola
file c:\users\test22\documents\readme.xls.payola
file c:\users\test22\documents\desktop.ini.payola
file c:\users\test22\appdata\local\gdipfontcachev1.dat.payola
file c:\users\test22\pictures\desktop.ini.payola
file c:\users\test22\documents\fqtbgqbiom.docm.payola
file c:\users\test22\appdata\local\adobe\color\profiles\wscrgb.icc.payola
file c:\users\test22\appdata\local\iconcache.db.payola
file c:\users\test22\favorites\msn 웹 사이트\msn.url.payola
file c:\users\test22\contacts\desktop.ini.payola
file c:\users\test22\appdata\local\adobe\color\acecache10.lst.payola
file c:\users\test22\searches\desktop.ini.payola
file c:\users\test22\appdata\local\adobe\updater6\aum.log.payola
file c:\users\test22\documents\dblgxszqkqyquqgf.txt.payola
file c:\users\test22\appdata\local\adobe\color\acecache11.lst.payola
file c:\users\test22\documents\ejzekyqnqgx.txt.payola
file c:\users\test22\videos\desktop.ini.payola
file c:\users\test22\documents\bhzseqlszpm.pptx.payola
file c:\users\test22\documents\qlzxtwpcruiaqfo.docm.payola
file c:\users\test22\documents\okbhzofvbu.doc.payola
file c:\users\test22\appdata\local\adobe\updater6\aumlib.log.payola
file c:\users\test22\appdata\local\adobe\acrobat\9.0\cache\acrofnt09.lst.payola
file c:\users\test22\documents\psanjuscgindooeec.rtf.payola
file c:\users\test22\appdata\local\adobe\acrobat\9.0\updater\updater.log.payola
file c:\users\test22\documents\aqfxzwbmzrgky.rtf.payola
file c:\users\test22\documents\database1.accdb.payola
file c:\users\test22\documents\twhvkspzywlhxfjs.txt.payola
file c:\users\test22\.idlerc\recent-files.lst.payola
file c:\users\test22\appdata\local\adobe\acrobat\dc\sophia\reader\files\testing.payola
Lionic Trojan.Win32.Mardom.4!c
Elastic malicious (high confidence)
MicroWorld-eScan IL:Trojan.MSILMamut.11966
McAfee Artemis!089428711DDD
Malwarebytes Ransom.Payola
VIPRE IL:Trojan.MSILMamut.11966
Sangfor Ransom.Msil.Encoder.Vghu
K7AntiVirus Trojan ( 005a9c781 )
Alibaba Ransom:MSIL/Encoder.9d358b05
K7GW Trojan ( 005a9c781 )
Cybereason malicious.71d513
VirIT Trojan.Win32.Genus.SRA
Cyren W32/ABRisk.UXGS-2043
Symantec Trojan.Gen.MBT
ESET-NOD32 MSIL/Filecoder.AZS
APEX Malicious
Kaspersky HEUR:Trojan-Ransom.MSIL.Encoder.gen
BitDefender IL:Trojan.MSILMamut.11966
NANO-Antivirus Trojan.Win32.Ransom.jymssw
Avast Win32:RansomX-gen [Ransom]
Tencent Malware.Win32.Gencirc.13ebf6a1
Emsisoft IL:Trojan.MSILMamut.11966 (B)
DrWeb Trojan.Encoder.37804
Zillya Trojan.Encoder.Win32.3551
TrendMicro Ransom.MSIL.PAYOLA.THHBIBC
McAfee-GW-Edition BehavesLike.Win32.Downloader.rt
FireEye Generic.mg.089428711dddec20
Sophos Mal/Generic-S
SentinelOne Static AI - Malicious PE
Jiangmin Trojan.MSIL.aoplu
Google Detected
Antiy-AVL Trojan[Ransom]/MSIL.Encoder
Microsoft Trojan:Win32/Malgent!MSR
Xcitium Malware@#1rq9h18y4yut4
Arcabit IL:Trojan.MSILMamut.D2EBE
ZoneAlarm HEUR:Trojan-Ransom.MSIL.Encoder.gen
GData IL:Trojan.MSILMamut.11966
Cynet Malicious (score: 100)
AhnLab-V3 Trojan/Win.Generic.C5468587
ALYac Trojan.Ransom.Filecoder
MAX malware (ai score=83)
VBA32 Trojan.MSIL.Autorave.Heur
Cylance unsafe
TrendMicro-HouseCall Ransom.MSIL.PAYOLA.THHBIBC
Rising Ransom.Agent!1.E971 (CLASSIC)
Yandex Trojan.Filecoder!vVdQeSDy+2E
Ikarus Trojan-Ransom.FileCrypter
MaxSecure Trojan.Malware.73702460.susgen
Fortinet PossibleThreat.ZDS
BitDefenderTheta Gen:NN.ZemsilF.36662.@p0@a8k!dQo