VMRay Analyzer Report for Sample #20109 VMRay Analyzer 2.2.0 Process 1 2472 cscript.exe 1372 cscript.exe "C:\Windows\System32\CScript.exe" "C:\Users\5P5NRG~1\Desktop\MYOBSU~1.JS" C:\Windows\system32\ c:\windows\system32\cscript.exe Child_Of Child_Of Created Created Created Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Connected_To Connected_To Process 2 984 svchost.exe 472 svchost.exe C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\ c:\windows\system32\svchost.exe Process 3 2728 pst790mv.exe 2472 pst790mv.exe "C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Temp\pST790mv.exe" C:\Windows\system32\ c:\users\5p5nrgjn0js halpmcxz\appdata\local\temp\pst790mv.exe Child_Of Child_Of Created Copied Opened Opened Opened Created Created Created Created Created Created Created Created Created Created Created Created Created Opened Created Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Connected_To Connected_To Connected_To Process 4 1140 dllhost.exe 2728 dllhost.exe "C:\Windows\system32\dllhost.exe" C:\Windows\system32\ c:\windows\syswow64\dllhost.exe Process 5 1212 dllhost.exe 2728 dllhost.exe "C:\Windows\system32\dllhost.exe" C:\Windows\system32\ c:\windows\syswow64\dllhost.exe File users\5p5nrg~1\desktop\myobsu~1.js users\5p5nrg~1\desktop\myobsu~1.js c:\ c:\users\5p5nrg~1\desktop\myobsu~1.js js File pST790mv.exe Users\5P5NRG~1\AppData\Local\Temp/pST790mv.exe C:\ C:\Users\5P5NRG~1\AppData\Local\Temp/pST790mv.exe exe File STD_OUTPUT_HANDLE WinRegistryKey Software\Microsoft\Windows Script Host\Settings HKEY_CURRENT_USER Enabled WinRegistryKey Software\Microsoft\Windows Script Host\Settings HKEY_LOCAL_MACHINE IgnoreUserSettings Enabled WinRegistryKey Software\Microsoft\Windows Script Host\Settings HKEY_LOCAL_MACHINE IgnoreUserSettings TrustPolicy UseWINSAFER WinRegistryKey Software\Microsoft\Windows Script Host\Settings HKEY_CURRENT_USER TrustPolicy UseWINSAFER WinRegistryKey .JS HKEY_CLASSES_ROOT WinRegistryKey JSFile\ScriptEngine HKEY_CLASSES_ROOT WinRegistryKey SOFTWARE\Microsoft\Windows Script\Features HKEY_LOCAL_MACHINE WinRegistryKey Software\Microsoft\COM3 HKEY_LOCAL_MACHINE COM+Enabled WinRegistryKey Software\Microsoft\Windows Script Host\Settings HKEY_LOCAL_MACHINE IgnoreUserSettings LogSecuritySuccesses WinRegistryKey Software\Microsoft\Windows Script Host\Settings HKEY_CURRENT_USER LogSecuritySuccesses WinRegistryKey Software\Microsoft\Windows Script Host\Settings HKEY_LOCAL_MACHINE Timeout DisplayLogo WinRegistryKey Software\Microsoft\Windows Script Host\Settings HKEY_CURRENT_USER Timeout DisplayLogo SocketAddress moranaccountants-my.sharepoint.com 443 NetworkConnection HTTP moranaccountants-my.sharepoint.com 443 URI https://moranaccountants-my.sharepoint.com/personal/lily_moranaccountants_com_au/_layouts/15/guestaccess.aspx?docid=03559bd7bd473450fab4c679cae4be913&authkey=AXWiRPNRVvwj9BsVKKyrAsc&e=259ca72ab9534857b5c3964310916b09 Contains URI moranaccountants-my.sharepoint.com File users\5p5nrgjn0js halpmcxz\appdata\local\454ae93e901dbdaa6732f2a7c8a0c95fc3e0c1b4\container.dat users\5p5nrgjn0js halpmcxz\appdata\local\454ae93e901dbdaa6732f2a7c8a0c95fc3e0c1b4\container.dat c:\ c:\users\5p5nrgjn0js halpmcxz\appdata\local\454ae93e901dbdaa6732f2a7c8a0c95fc3e0c1b4\container.dat dat MD5 7c71ee83af910dec760c54b96ae19f9a SHA1 ebd9fd4c6cb4c2a99fd486a0f2ce01daa256e5c8 SHA256 33f1cf8ae4f821e1688f8de8463bae342c550cbd6eb667b370bab71bc22f9282 Copied_To File users\5p5nrgjn0js halpmcxz\appdata\local\454ae93e901dbdaa6732f2a7c8a0c95fc3e0c1b4\container.dat.tmp users\5p5nrgjn0js halpmcxz\appdata\local\454ae93e901dbdaa6732f2a7c8a0c95fc3e0c1b4\container.dat.tmp c:\ c:\users\5p5nrgjn0js halpmcxz\appdata\local\454ae93e901dbdaa6732f2a7c8a0c95fc3e0c1b4\container.dat.tmp tmp MD5 7c71ee83af910dec760c54b96ae19f9a SHA1 ebd9fd4c6cb4c2a99fd486a0f2ce01daa256e5c8 SHA256 33f1cf8ae4f821e1688f8de8463bae342c550cbd6eb667b370bab71bc22f9282 Copied_From File STD_INPUT_HANDLE File STD_OUTPUT_HANDLE File STD_ERROR_HANDLE File c: File users users c:\ c:\users File users\5p5nrgjn0js halpmcxz users\5p5nrgjn0js halpmcxz c:\ c:\users\5p5nrgjn0js halpmcxz File users\5p5nrgjn0js halpmcxz\appdata users\5p5nrgjn0js halpmcxz\appdata c:\ c:\users\5p5nrgjn0js halpmcxz\appdata File users\5p5nrgjn0js halpmcxz\appdata\local users\5p5nrgjn0js halpmcxz\appdata\local c:\ c:\users\5p5nrgjn0js halpmcxz\appdata\local File users\5p5nrgjn0js halpmcxz\appdata\local\454ae93e901dbdaa6732f2a7c8a0c95fc3e0c1b4 users\5p5nrgjn0js halpmcxz\appdata\local\454ae93e901dbdaa6732f2a7c8a0c95fc3e0c1b4 c:\ c:\users\5p5nrgjn0js halpmcxz\appdata\local\454ae93e901dbdaa6732f2a7c8a0c95fc3e0c1b4 File users\5p5nrgjn0js halpmcxz\appdata\local\454ae93e901dbdaa6732f2a7c8a0c95fc3e0c1b4\8054e6dc-e4db-4147-9938-ada26bf04150 users\5p5nrgjn0js halpmcxz\appdata\local\454ae93e901dbdaa6732f2a7c8a0c95fc3e0c1b4\8054e6dc-e4db-4147-9938-ada26bf04150 c:\ c:\users\5p5nrgjn0js halpmcxz\appdata\local\454ae93e901dbdaa6732f2a7c8a0c95fc3e0c1b4\8054e6dc-e4db-4147-9938-ada26bf04150 File users\5p5nrgjn0js halpmcxz\appdata\local\454ae93e901dbdaa6732f2a7c8a0c95fc3e0c1b4\8054e6dc-e4db-4147-9938-ada26bf04150\38e5d161-f6c8-43ba-9fe8-f1301b7b08b6 users\5p5nrgjn0js halpmcxz\appdata\local\454ae93e901dbdaa6732f2a7c8a0c95fc3e0c1b4\8054e6dc-e4db-4147-9938-ada26bf04150\38e5d161-f6c8-43ba-9fe8-f1301b7b08b6 c:\ c:\users\5p5nrgjn0js halpmcxz\appdata\local\454ae93e901dbdaa6732f2a7c8a0c95fc3e0c1b4\8054e6dc-e4db-4147-9938-ada26bf04150\38e5d161-f6c8-43ba-9fe8-f1301b7b08b6 File users\5p5nrgjn0js halpmcxz\appdata\local\temp\pst790mv.exe users\5p5nrgjn0js halpmcxz\appdata\local\temp\pst790mv.exe c:\ c:\users\5p5nrgjn0js halpmcxz\appdata\local\temp\pst790mv.exe exe File npf_ndiswanip File programdata\252e9d6f-46f0-4cf5-8686-f2a673c579a2\1.dat programdata\252e9d6f-46f0-4cf5-8686-f2a673c579a2\1.dat c:\ c:\programdata\252e9d6f-46f0-4cf5-8686-f2a673c579a2\1.dat dat MD5 c18642c37123dd9520efa18db227cba1 SHA1 961fe841ad06e3d18495ecd3c7c1f90250f4363a SHA256 4d4c440ee23a5e4a5c03928c7085c8bcea0d3b8d78c53c9e03970152064c83ce File programdata\252e9d6f-46f0-4cf5-8686-f2a673c579a2\af77746e-8a65-4302-8042-f6017918c669.dll programdata\252e9d6f-46f0-4cf5-8686-f2a673c579a2\af77746e-8a65-4302-8042-f6017918c669.dll c:\ c:\programdata\252e9d6f-46f0-4cf5-8686-f2a673c579a2\af77746e-8a65-4302-8042-f6017918c669.dll dll MD5 ca98762b43ad6d6e4147089cae636fd5 SHA1 a8fb38628d6a0e3cbf3b593fdb16fba59ddbb04a SHA256 d36bca25ec22d09410b4432fcc65fca29ac1101953dabd8be67598e8bb603210 Mutex df7689e6-c49f-4a86-82e8-6809a406872a Mutex df7689e6-c49f-4a86-82e8-6809a406872a WinRegistryKey Software\Microsoft\Windows NT\CurrentVersion HKEY_LOCAL_MACHINE CurrentMajorVersionNumber CurrentVersion ProductName CSDVersion CurrentBuildNumber WinRegistryKey HARDWARE\DESCRIPTION\System\CentralProcessor\0 HKEY_LOCAL_MACHINE ProcessorNameString VendorIdentifier ~MHz WinRegistryKey SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall HKEY_LOCAL_MACHINE WinRegistryKey SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AddressBook HKEY_LOCAL_MACHINE DisplayName WinRegistryKey SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player Plugin HKEY_LOCAL_MACHINE DisplayName DisplayName WinRegistryKey SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Connection Manager HKEY_LOCAL_MACHINE DisplayName WinRegistryKey SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DirectDrawEx HKEY_LOCAL_MACHINE DisplayName WinRegistryKey SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Fontcore HKEY_LOCAL_MACHINE DisplayName WinRegistryKey SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome HKEY_LOCAL_MACHINE DisplayName DisplayName WinRegistryKey SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE40 HKEY_LOCAL_MACHINE DisplayName WinRegistryKey SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE4Data HKEY_LOCAL_MACHINE DisplayName WinRegistryKey SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE5BAKEX HKEY_LOCAL_MACHINE DisplayName WinRegistryKey SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IEData HKEY_LOCAL_MACHINE DisplayName WinRegistryKey SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MobileOptionPack HKEY_LOCAL_MACHINE DisplayName WinRegistryKey SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Mozilla Firefox 25.0 (x86 en-US) HKEY_LOCAL_MACHINE DisplayName DisplayName WinRegistryKey SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MozillaMaintenanceService HKEY_LOCAL_MACHINE DisplayName DisplayName WinRegistryKey SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SchedulingAgent HKEY_LOCAL_MACHINE DisplayName WinRegistryKey SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WIC HKEY_LOCAL_MACHINE DisplayName WinRegistryKey SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E} HKEY_LOCAL_MACHINE DisplayName DisplayName WinRegistryKey SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2151757 HKEY_LOCAL_MACHINE DisplayName WinRegistryKey SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2467173 HKEY_LOCAL_MACHINE DisplayName WinRegistryKey SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2524860 HKEY_LOCAL_MACHINE DisplayName WinRegistryKey SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2544655 HKEY_LOCAL_MACHINE DisplayName WinRegistryKey SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2549743 HKEY_LOCAL_MACHINE DisplayName WinRegistryKey SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2565063 HKEY_LOCAL_MACHINE DisplayName WinRegistryKey SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB982573 HKEY_LOCAL_MACHINE DisplayName WinRegistryKey SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F83217045FF} HKEY_LOCAL_MACHINE DisplayName DisplayName WinRegistryKey SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f} HKEY_LOCAL_MACHINE DisplayName DisplayName WinRegistryKey SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3c3aafc8-d898-43ec-998f-965ffdae065a} HKEY_LOCAL_MACHINE DisplayName DisplayName WinRegistryKey SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4A03706F-666A-4037-7777-5F2748764D10} HKEY_LOCAL_MACHINE DisplayName DisplayName WinRegistryKey SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{582EA838-9199-3518-A05C-DB09462F68EC} HKEY_LOCAL_MACHINE DisplayName DisplayName WinRegistryKey SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{68306422-7C57-373F-8860-D26CE4BA2A15} HKEY_LOCAL_MACHINE DisplayName DisplayName WinRegistryKey SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2} HKEY_LOCAL_MACHINE DisplayName DisplayName WinRegistryKey SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{9BE518E6-ECC6-35A9-88E4-87755C07200F} HKEY_LOCAL_MACHINE DisplayName DisplayName WinRegistryKey SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-FFFF-7B44-AA0000000001} HKEY_LOCAL_MACHINE DisplayName DisplayName WinRegistryKey SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B175520C-86A2-35A7-8619-86DC379688B9} HKEY_LOCAL_MACHINE DisplayName DisplayName WinRegistryKey SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB} HKEY_LOCAL_MACHINE DisplayName DisplayName WinRegistryKey SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6} HKEY_LOCAL_MACHINE DisplayName DisplayName WinRegistryKey SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{e52a6842-b0ac-476e-b48f-378a97a67346} HKEY_LOCAL_MACHINE DisplayName DisplayName WinRegistryKey SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{e6e75766-da0f-4ba2-9788-6ea593ce702d} HKEY_LOCAL_MACHINE DisplayName DisplayName WinRegistryKey SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5} HKEY_LOCAL_MACHINE DisplayName DisplayName WinRegistryKey SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2151757 HKEY_LOCAL_MACHINE DisplayName WinRegistryKey SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2467173 HKEY_LOCAL_MACHINE DisplayName WinRegistryKey SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2524860 HKEY_LOCAL_MACHINE DisplayName WinRegistryKey SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2544655 HKEY_LOCAL_MACHINE DisplayName WinRegistryKey SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2549743 HKEY_LOCAL_MACHINE DisplayName WinRegistryKey SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2565063 HKEY_LOCAL_MACHINE DisplayName WinRegistryKey SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB982573 HKEY_LOCAL_MACHINE DisplayName WinRegistryKey SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{f325f05b-f963-4640-a43b-c8a494cdda0f} HKEY_LOCAL_MACHINE DisplayName DisplayName WinRegistryKey SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185} HKEY_LOCAL_MACHINE DisplayName DisplayName WinRegistryKey SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DXM_Runtime HKEY_LOCAL_MACHINE DisplayName WinRegistryKey SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MPlayer2 HKEY_LOCAL_MACHINE DisplayName WinRegistryKey SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Office14.PRJPROR HKEY_LOCAL_MACHINE DisplayName DisplayName WinRegistryKey SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Office14.PROPLUSR HKEY_LOCAL_MACHINE DisplayName DisplayName WinRegistryKey SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Office14.VISIOR HKEY_LOCAL_MACHINE DisplayName DisplayName WinRegistryKey SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7} HKEY_LOCAL_MACHINE DisplayName DisplayName WinRegistryKey SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{37B8F9C7-03FB-3253-8781-2517C99D7C00} HKEY_LOCAL_MACHINE DisplayName DisplayName WinRegistryKey SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4} HKEY_LOCAL_MACHINE DisplayName DisplayName WinRegistryKey SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727} HKEY_LOCAL_MACHINE DisplayName DisplayName WinRegistryKey SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0015-0409-1000-0000000FF1CE} HKEY_LOCAL_MACHINE DisplayName DisplayName WinRegistryKey SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0016-0409-1000-0000000FF1CE} HKEY_LOCAL_MACHINE DisplayName DisplayName WinRegistryKey SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0018-0409-1000-0000000FF1CE} HKEY_LOCAL_MACHINE DisplayName DisplayName WinRegistryKey SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0019-0409-1000-0000000FF1CE} HKEY_LOCAL_MACHINE DisplayName DisplayName WinRegistryKey SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-001A-0409-1000-0000000FF1CE} HKEY_LOCAL_MACHINE DisplayName DisplayName WinRegistryKey SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-001B-0409-1000-0000000FF1CE} HKEY_LOCAL_MACHINE DisplayName DisplayName WinRegistryKey SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-001F-0409-1000-0000000FF1CE} HKEY_LOCAL_MACHINE DisplayName DisplayName WinRegistryKey SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-001F-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{0242505C-4E90-407F-9299-B5B275F50D86} HKEY_LOCAL_MACHINE DisplayName DisplayName WinRegistryKey SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-001F-0409-1000-0000000FF1CE}_Office14.VISIOR_{0242505C-4E90-407F-9299-B5B275F50D86} HKEY_LOCAL_MACHINE DisplayName DisplayName WinRegistryKey SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-001F-040C-1000-0000000FF1CE} HKEY_LOCAL_MACHINE DisplayName DisplayName WinRegistryKey SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-001F-040C-1000-0000000FF1CE}_Office14.PROPLUSR_{B51389C8-2890-4633-81D8-47D2A7402274} HKEY_LOCAL_MACHINE DisplayName DisplayName WinRegistryKey SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-001F-040C-1000-0000000FF1CE}_Office14.VISIOR_{B51389C8-2890-4633-81D8-47D2A7402274} HKEY_LOCAL_MACHINE DisplayName DisplayName WinRegistryKey SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-001F-0C0A-1000-0000000FF1CE} HKEY_LOCAL_MACHINE DisplayName DisplayName WinRegistryKey SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-001F-0C0A-1000-0000000FF1CE}_Office14.PROPLUSR_{1779650B-2E44-4A19-8DF6-3866D645764A} HKEY_LOCAL_MACHINE DisplayName DisplayName WinRegistryKey SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-001F-0C0A-1000-0000000FF1CE}_Office14.VISIOR_{1779650B-2E44-4A19-8DF6-3866D645764A} HKEY_LOCAL_MACHINE DisplayName DisplayName WinRegistryKey SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-002C-0409-1000-0000000FF1CE} HKEY_LOCAL_MACHINE DisplayName DisplayName WinRegistryKey SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-002C-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{270CA0B9-9881-44DB-BC3B-37C7E66A044A} HKEY_LOCAL_MACHINE DisplayName DisplayName WinRegistryKey SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-002C-0409-1000-0000000FF1CE}_Office14.VISIOR_{270CA0B9-9881-44DB-BC3B-37C7E66A044A} HKEY_LOCAL_MACHINE DisplayName DisplayName WinRegistryKey SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0043-0000-1000-0000000FF1CE} HKEY_LOCAL_MACHINE DisplayName DisplayName WinRegistryKey SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{E8B6D35B-0B6F-4DCE-9493-859BF3809A7F} HKEY_LOCAL_MACHINE DisplayName DisplayName WinRegistryKey SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0043-0000-1000-0000000FF1CE}_Office14.VISIOR_{E8B6D35B-0B6F-4DCE-9493-859BF3809A7F} HKEY_LOCAL_MACHINE DisplayName DisplayName WinRegistryKey SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0043-0409-1000-0000000FF1CE} HKEY_LOCAL_MACHINE DisplayName DisplayName WinRegistryKey SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0043-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{FCD1C311-8B02-4DBD-BA46-1079C629577E} HKEY_LOCAL_MACHINE DisplayName DisplayName WinRegistryKey SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0043-0409-1000-0000000FF1CE}_Office14.VISIOR_{FCD1C311-8B02-4DBD-BA46-1079C629577E} HKEY_LOCAL_MACHINE DisplayName DisplayName WinRegistryKey SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0044-0409-1000-0000000FF1CE} HKEY_LOCAL_MACHINE DisplayName DisplayName WinRegistryKey SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0054-0409-1000-0000000FF1CE} HKEY_LOCAL_MACHINE DisplayName DisplayName WinRegistryKey SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0054-0409-1000-0000000FF1CE}_Office14.VISIOR_{7DC2B20B-31B9-4C7C-B8DC-8492A9A3095E} HKEY_LOCAL_MACHINE DisplayName DisplayName WinRegistryKey SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-006E-0409-1000-0000000FF1CE} HKEY_LOCAL_MACHINE DisplayName DisplayName WinRegistryKey SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-006E-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{516CA4A9-98E6-4F77-A863-CBD8487368E4} HKEY_LOCAL_MACHINE DisplayName DisplayName WinRegistryKey SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-006E-0409-1000-0000000FF1CE}_Office14.VISIOR_{516CA4A9-98E6-4F77-A863-CBD8487368E4} HKEY_LOCAL_MACHINE DisplayName DisplayName WinRegistryKey SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-00A1-0409-1000-0000000FF1CE} HKEY_LOCAL_MACHINE DisplayName DisplayName WinRegistryKey SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-00B4-0409-1000-0000000FF1CE} HKEY_LOCAL_MACHINE DisplayName DisplayName WinRegistryKey SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-00B4-0409-1000-0000000FF1CE}_Office14.PRJPROR_{316A864B-0547-40CE-B136-B02B4D18BF09} HKEY_LOCAL_MACHINE DisplayName DisplayName WinRegistryKey SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-00BA-0409-1000-0000000FF1CE} HKEY_LOCAL_MACHINE DisplayName DisplayName WinRegistryKey SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0115-0409-1000-0000000FF1CE} HKEY_LOCAL_MACHINE DisplayName DisplayName WinRegistryKey SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0115-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{516CA4A9-98E6-4F77-A863-CBD8487368E4} HKEY_LOCAL_MACHINE DisplayName DisplayName WinRegistryKey SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0115-0409-1000-0000000FF1CE}_Office14.VISIOR_{516CA4A9-98E6-4F77-A863-CBD8487368E4} HKEY_LOCAL_MACHINE DisplayName DisplayName WinRegistryKey SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0117-0409-1000-0000000FF1CE} HKEY_LOCAL_MACHINE DisplayName DisplayName WinRegistryKey SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{91140000-0011-0000-1000-0000000FF1CE} HKEY_LOCAL_MACHINE DisplayName DisplayName WinRegistryKey SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{91140000-003B-0000-1000-0000000FF1CE} HKEY_LOCAL_MACHINE DisplayName DisplayName WinRegistryKey SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{91140000-003B-0000-1000-0000000FF1CE}_Office14.PRJPROR_{E6F88893-86F0-4CFB-B7E0-733575D1DEB4} HKEY_LOCAL_MACHINE DisplayName DisplayName WinRegistryKey SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{91140000-0057-0000-1000-0000000FF1CE} HKEY_LOCAL_MACHINE DisplayName DisplayName WinRegistryKey SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{91140000-0057-0000-1000-0000000FF1CE}_Office14.VISIOR_{9081486B-B26D-42DB-8D31-81C525A9526A} HKEY_LOCAL_MACHINE DisplayName DisplayName WinRegistryKey SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{929FBD26-9020-399B-9A7A-751D61F0B942} HKEY_LOCAL_MACHINE DisplayName DisplayName WinRegistryKey SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033 HKEY_LOCAL_MACHINE DisplayName DisplayName WinRegistryKey SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{94A631D5-B30A-3DD8-B65C-1117C09DA73E} HKEY_LOCAL_MACHINE DisplayName DisplayName WinRegistryKey SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B} HKEY_LOCAL_MACHINE DisplayName DisplayName WinRegistryKey SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028} HKEY_LOCAL_MACHINE DisplayName DisplayName WinRegistryKey SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97} HKEY_LOCAL_MACHINE DisplayName DisplayName WinRegistryKey SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E512788E-C50B-3858-A4B9-73AD5F3F9E93} HKEY_LOCAL_MACHINE DisplayName DisplayName SocketAddress 192.99.181.10 443 TCP NetworkSocket 192.99.181.10 443 TCP Contains SocketAddress httpbin.org 80 NetworkConnection HTTP httpbin.org 80 URI httpbin.org/ip Contains URI None Analyzed Sample #20109 Malware Artifacts 20109 Sample-ID: #20109 Job-ID: #13345 This sample was analyzed by VMRay Analyzer 2.2.0 on a Windows 7 system 0 VTI Score based on VTI Database Version 2.6 Metadata of Sample File #20109 Submission-ID: #20311 C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\MYOB Supply Order.js js MD5 a91f4575d5270ccb1257c5328bdadc3a SHA1 29b7ca174c735c54ea1e1aedbc98517e75f8cead SHA256 24139566e338de0e3c54fba4668eab701caa9ee7c8853b2ab2e2746277c57857 Opened_By Metadata of Analysis for Job-ID #13345 Timeout False x86 64-bit 6.1.7601.17514 (3844dbb9-2017-4967-be7a-a4a2c20430fa) win7_64_sp1 True 615.657 Windows 7 This is a property collection for additional information of VMRay analysis VMRay Analyzer Process VTI rule match with VTI rule score 1/5 vmray_install_ipc_endpoint Create mutex with name "df7689e6-c49f-4a86-82e8-6809a406872a". Create system object Anti Analysis VTI rule match with VTI rule score 5/5 vmray_detect_generic_vm_by_registry Readout system information, commonly used to detect VMs via registry. (Value "VendorIdentifier" in key "HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0"). Try to detect virtual machine