VMRay Analyzer Report for Sample #609232 VMRay Analyzer 1.11.0 Process 3212 249bebc650b7160cfeee41d08bc61dc220ecb740.malware.exe 2044 249bebc650b7160cfeee41d08bc61dc220ecb740.malware.exe "C:\Users\WI2yhmtI onvScY7Pe\Desktop\249bebc650b7160cfeee41d08bc61dc220ecb740.malware.exe" C:\Users\WI2yhmtI onvScY7Pe\Desktop c:\users\wi2yhmti onvscy7pe\desktop\249bebc650b7160cfeee41d08bc61dc220ecb740.malware.exe Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Opened Opened Opened Modified_Properties_Of Opened Opened Process 3448 xumiasww.exe 3212 xumiasww.exe "C:\Users\WI2yhmtI onvScY7Pe\ayooEMEE\XuMIAsww.exe" C:\Users\WI2yhmtI onvScY7Pe\Desktop c:\users\wi2yhmti onvscy7pe\ayooemee\xumiasww.exe Process 3512 yoummieo.exe 3212 yoummieo.exe "C:\ProgramData\VmYMsIgM\YOUMMIEo.exe" C:\Users\WI2yhmtI onvScY7Pe\Desktop c:\programdata\vmymsigm\yoummieo.exe Process 3640 cmd.exe 3212 cmd.exe C:\Windows\system32\cmd.exe /c "C:\Users\WI2yhmtI onvScY7Pe\Desktop\249bebc650b7160cfeee41d08bc61dc220ecb740.malware" C:\Users\WI2yhmtI onvScY7Pe\Desktop c:\windows\syswow64\cmd.exe Process reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1 None Process reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2 None Process reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f None File users\wi2yhmti onvscy7pe\desktop\jflcfzpjeknoja users\wi2yhmti onvscy7pe\desktop\jflcfzpjeknoja c:\ c:\users\wi2yhmti onvscy7pe\desktop\jflcfzpjeknoja File users\wi2yhmti onvscy7pe\desktop\edyqopp users\wi2yhmti onvscy7pe\desktop\edyqopp c:\ c:\users\wi2yhmti onvscy7pe\desktop\edyqopp File users\wi2yhmti onvscy7pe\desktop\vije users\wi2yhmti onvscy7pe\desktop\vije c:\ c:\users\wi2yhmti onvscy7pe\desktop\vije File users\wi2yhmti onvscy7pe\desktop\skqngilsj users\wi2yhmti onvscy7pe\desktop\skqngilsj c:\ c:\users\wi2yhmti onvscy7pe\desktop\skqngilsj File users\wi2yhmti onvscy7pe\desktop\rorln users\wi2yhmti onvscy7pe\desktop\rorln c:\ c:\users\wi2yhmti onvscy7pe\desktop\rorln File users\wi2yhmti onvscy7pe\desktop\ikbh users\wi2yhmti onvscy7pe\desktop\ikbh c:\ c:\users\wi2yhmti onvscy7pe\desktop\ikbh File users\wi2yhmti onvscy7pe\desktop\evywvrrs users\wi2yhmti onvscy7pe\desktop\evywvrrs c:\ c:\users\wi2yhmti onvscy7pe\desktop\evywvrrs File users\wi2yhmti onvscy7pe\desktop\rtobnpdljgwwngd users\wi2yhmti onvscy7pe\desktop\rtobnpdljgwwngd c:\ c:\users\wi2yhmti onvscy7pe\desktop\rtobnpdljgwwngd File users\wi2yhmti onvscy7pe\desktop\wqrqtgk users\wi2yhmti onvscy7pe\desktop\wqrqtgk c:\ c:\users\wi2yhmti onvscy7pe\desktop\wqrqtgk File users\wi2yhmti onvscy7pe\desktop\agdb users\wi2yhmti onvscy7pe\desktop\agdb c:\ c:\users\wi2yhmti onvscy7pe\desktop\agdb File users\wi2yhmti onvscy7pe\desktop\igvsjvpdqbzchuq users\wi2yhmti onvscy7pe\desktop\igvsjvpdqbzchuq c:\ c:\users\wi2yhmti onvscy7pe\desktop\igvsjvpdqbzchuq File users\wi2yhmti onvscy7pe\desktop\kgefqqjfdydaway users\wi2yhmti onvscy7pe\desktop\kgefqqjfdydaway c:\ c:\users\wi2yhmti onvscy7pe\desktop\kgefqqjfdydaway File users\wi2yhmti onvscy7pe\desktop\vvjmrgfdiuwazeb users\wi2yhmti onvscy7pe\desktop\vvjmrgfdiuwazeb c:\ c:\users\wi2yhmti onvscy7pe\desktop\vvjmrgfdiuwazeb File users\wi2yhmti onvscy7pe\desktop\lhmk users\wi2yhmti onvscy7pe\desktop\lhmk c:\ c:\users\wi2yhmti onvscy7pe\desktop\lhmk File users\wi2yhmti onvscy7pe\desktop\exfda users\wi2yhmti onvscy7pe\desktop\exfda c:\ c:\users\wi2yhmti onvscy7pe\desktop\exfda File users\wi2yhmti onvscy7pe\desktop\dxfpcywdygfese users\wi2yhmti onvscy7pe\desktop\dxfpcywdygfese c:\ c:\users\wi2yhmti onvscy7pe\desktop\dxfpcywdygfese File users\wi2yhmti onvscy7pe\desktop\bolwkhjyxgq users\wi2yhmti onvscy7pe\desktop\bolwkhjyxgq c:\ c:\users\wi2yhmti onvscy7pe\desktop\bolwkhjyxgq File users\wi2yhmti onvscy7pe\desktop\gfysb users\wi2yhmti onvscy7pe\desktop\gfysb c:\ c:\users\wi2yhmti onvscy7pe\desktop\gfysb File users\wi2yhmti onvscy7pe\ayooemee\xumiasww users\wi2yhmti onvscy7pe\ayooemee\xumiasww c:\ c:\users\wi2yhmti onvscy7pe\ayooemee\xumiasww MD5 d41d8cd98f00b204e9800998ecf8427e SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 File users\wi2yhmti onvscy7pe\desktop\uhnm users\wi2yhmti onvscy7pe\desktop\uhnm c:\ c:\users\wi2yhmti onvscy7pe\desktop\uhnm File users\wi2yhmti onvscy7pe\desktop\rpevkxqtrvzngt users\wi2yhmti onvscy7pe\desktop\rpevkxqtrvzngt c:\ c:\users\wi2yhmti onvscy7pe\desktop\rpevkxqtrvzngt File users\wi2yhmti onvscy7pe\desktop\qmufpu users\wi2yhmti onvscy7pe\desktop\qmufpu c:\ c:\users\wi2yhmti onvscy7pe\desktop\qmufpu File users\wi2yhmti onvscy7pe\desktop\sukproak users\wi2yhmti onvscy7pe\desktop\sukproak c:\ c:\users\wi2yhmti onvscy7pe\desktop\sukproak File users\wi2yhmti onvscy7pe\desktop\gziysukvx users\wi2yhmti onvscy7pe\desktop\gziysukvx c:\ c:\users\wi2yhmti onvscy7pe\desktop\gziysukvx File users\wi2yhmti onvscy7pe\desktop\qraq users\wi2yhmti onvscy7pe\desktop\qraq c:\ c:\users\wi2yhmti onvscy7pe\desktop\qraq File users\wi2yhmti onvscy7pe\desktop\bqnm users\wi2yhmti onvscy7pe\desktop\bqnm c:\ c:\users\wi2yhmti onvscy7pe\desktop\bqnm File users\wi2yhmti onvscy7pe\desktop\gzwkvrzheieagd users\wi2yhmti onvscy7pe\desktop\gzwkvrzheieagd c:\ c:\users\wi2yhmti onvscy7pe\desktop\gzwkvrzheieagd File users\wi2yhmti onvscy7pe\desktop\vyqoon users\wi2yhmti onvscy7pe\desktop\vyqoon c:\ c:\users\wi2yhmti onvscy7pe\desktop\vyqoon File users\wi2yhmti onvscy7pe\desktop\okjjjhibzy users\wi2yhmti onvscy7pe\desktop\okjjjhibzy c:\ c:\users\wi2yhmti onvscy7pe\desktop\okjjjhibzy File programdata\vmymsigm\yoummieo programdata\vmymsigm\yoummieo c:\ c:\programdata\vmymsigm\yoummieo MD5 d41d8cd98f00b204e9800998ecf8427e SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 File users\wi2yhmti onvscy7pe\desktop\jadccbxzcopys users\wi2yhmti onvscy7pe\desktop\jadccbxzcopys c:\ c:\users\wi2yhmti onvscy7pe\desktop\jadccbxzcopys File users\wi2yhmti onvscy7pe\desktop\vabnhssjqi users\wi2yhmti onvscy7pe\desktop\vabnhssjqi c:\ c:\users\wi2yhmti onvscy7pe\desktop\vabnhssjqi File users\wi2yhmti onvscy7pe\desktop\sfxs users\wi2yhmti onvscy7pe\desktop\sfxs c:\ c:\users\wi2yhmti onvscy7pe\desktop\sfxs File users\wi2yhmti onvscy7pe\desktop\dvrkttxonuvxxo users\wi2yhmti onvscy7pe\desktop\dvrkttxonuvxxo c:\ c:\users\wi2yhmti onvscy7pe\desktop\dvrkttxonuvxxo File users\wi2yhmti onvscy7pe\desktop\zbchwzxtu users\wi2yhmti onvscy7pe\desktop\zbchwzxtu c:\ c:\users\wi2yhmti onvscy7pe\desktop\zbchwzxtu File users\wi2yhmti onvscy7pe\desktop\fgvyusstvvsmett users\wi2yhmti onvscy7pe\desktop\fgvyusstvvsmett c:\ c:\users\wi2yhmti onvscy7pe\desktop\fgvyusstvvsmett File users\wi2yhmti onvscy7pe\desktop\eygoj users\wi2yhmti onvscy7pe\desktop\eygoj c:\ c:\users\wi2yhmti onvscy7pe\desktop\eygoj File users\wi2yhmti onvscy7pe\desktop\fyqyrfypw users\wi2yhmti onvscy7pe\desktop\fyqyrfypw c:\ c:\users\wi2yhmti onvscy7pe\desktop\fyqyrfypw File users\wi2yhmti onvscy7pe\desktop\kdfsxqp users\wi2yhmti onvscy7pe\desktop\kdfsxqp c:\ c:\users\wi2yhmti onvscy7pe\desktop\kdfsxqp File users\wi2yhmti onvscy7pe\desktop\ifdaysdzm users\wi2yhmti onvscy7pe\desktop\ifdaysdzm c:\ c:\users\wi2yhmti onvscy7pe\desktop\ifdaysdzm File users\wi2yhmti onvscy7pe\desktop\bwxt users\wi2yhmti onvscy7pe\desktop\bwxt c:\ c:\users\wi2yhmti onvscy7pe\desktop\bwxt File users\wi2yhmti onvscy7pe\desktop\mbpi users\wi2yhmti onvscy7pe\desktop\mbpi c:\ c:\users\wi2yhmti onvscy7pe\desktop\mbpi File users\wi2yhmti onvscy7pe\desktop\qfpfeev users\wi2yhmti onvscy7pe\desktop\qfpfeev c:\ c:\users\wi2yhmti onvscy7pe\desktop\qfpfeev File users\wi2yhmti onvscy7pe\desktop\sjnrb users\wi2yhmti onvscy7pe\desktop\sjnrb c:\ c:\users\wi2yhmti onvscy7pe\desktop\sjnrb File users\wi2yhmti onvscy7pe\desktop\zfcdvoztqqsqssn users\wi2yhmti onvscy7pe\desktop\zfcdvoztqqsqssn c:\ c:\users\wi2yhmti onvscy7pe\desktop\zfcdvoztqqsqssn File users\wi2yhmti onvscy7pe\desktop\adrlcrwowsouok users\wi2yhmti onvscy7pe\desktop\adrlcrwowsouok c:\ c:\users\wi2yhmti onvscy7pe\desktop\adrlcrwowsouok File users\wi2yhmti onvscy7pe\desktop\sjfffxwsv users\wi2yhmti onvscy7pe\desktop\sjfffxwsv c:\ c:\users\wi2yhmti onvscy7pe\desktop\sjfffxwsv File users\wi2yhmti onvscy7pe\desktop\eutwzrkvmoo users\wi2yhmti onvscy7pe\desktop\eutwzrkvmoo c:\ c:\users\wi2yhmti onvscy7pe\desktop\eutwzrkvmoo File users\wi2yhmti onvscy7pe\desktop\fazehwvdxqq users\wi2yhmti onvscy7pe\desktop\fazehwvdxqq c:\ c:\users\wi2yhmti onvscy7pe\desktop\fazehwvdxqq File users\wi2yhmti onvscy7pe\desktop\pllm users\wi2yhmti onvscy7pe\desktop\pllm c:\ c:\users\wi2yhmti onvscy7pe\desktop\pllm File users\wi2yhmti onvscy7pe\desktop\ajazmxx users\wi2yhmti onvscy7pe\desktop\ajazmxx c:\ c:\users\wi2yhmti onvscy7pe\desktop\ajazmxx File users\wi2yhmti onvscy7pe\desktop\tynjyraljh users\wi2yhmti onvscy7pe\desktop\tynjyraljh c:\ c:\users\wi2yhmti onvscy7pe\desktop\tynjyraljh File users\wi2yhmti onvscy7pe\desktop\nocgllgflajyn users\wi2yhmti onvscy7pe\desktop\nocgllgflajyn c:\ c:\users\wi2yhmti onvscy7pe\desktop\nocgllgflajyn File users\wi2yhmti onvscy7pe\desktop\udlg users\wi2yhmti onvscy7pe\desktop\udlg c:\ c:\users\wi2yhmti onvscy7pe\desktop\udlg File users\wi2yhmti onvscy7pe\desktop\psejm users\wi2yhmti onvscy7pe\desktop\psejm c:\ c:\users\wi2yhmti onvscy7pe\desktop\psejm File users\wi2yhmti onvscy7pe\desktop\gsxqdtmlmrr users\wi2yhmti onvscy7pe\desktop\gsxqdtmlmrr c:\ c:\users\wi2yhmti onvscy7pe\desktop\gsxqdtmlmrr File users\wi2yhmti onvscy7pe\desktop\deaczjoevu users\wi2yhmti onvscy7pe\desktop\deaczjoevu c:\ c:\users\wi2yhmti onvscy7pe\desktop\deaczjoevu File users\wi2yhmti onvscy7pe\desktop\nsjgfcryrfzr users\wi2yhmti onvscy7pe\desktop\nsjgfcryrfzr c:\ c:\users\wi2yhmti onvscy7pe\desktop\nsjgfcryrfzr File users\wi2yhmti onvscy7pe\desktop\wsjaxpyhq users\wi2yhmti onvscy7pe\desktop\wsjaxpyhq c:\ c:\users\wi2yhmti onvscy7pe\desktop\wsjaxpyhq File users\wi2yhmti onvscy7pe\desktop\ijzo users\wi2yhmti onvscy7pe\desktop\ijzo c:\ c:\users\wi2yhmti onvscy7pe\desktop\ijzo File users\wi2yhmti onvscy7pe\desktop\rzwdstazova users\wi2yhmti onvscy7pe\desktop\rzwdstazova c:\ c:\users\wi2yhmti onvscy7pe\desktop\rzwdstazova File users\wi2yhmti onvscy7pe\desktop\tcqrwftqbypivum users\wi2yhmti onvscy7pe\desktop\tcqrwftqbypivum c:\ c:\users\wi2yhmti onvscy7pe\desktop\tcqrwftqbypivum File users\wi2yhmti onvscy7pe\desktop\vcbnbq users\wi2yhmti onvscy7pe\desktop\vcbnbq c:\ c:\users\wi2yhmti onvscy7pe\desktop\vcbnbq File users\wi2yhmti onvscy7pe\desktop\rxnvrdscfofjr users\wi2yhmti onvscy7pe\desktop\rxnvrdscfofjr c:\ c:\users\wi2yhmti onvscy7pe\desktop\rxnvrdscfofjr File users\wi2yhmti onvscy7pe\desktop\yawlipagrm users\wi2yhmti onvscy7pe\desktop\yawlipagrm c:\ c:\users\wi2yhmti onvscy7pe\desktop\yawlipagrm File users\wi2yhmti onvscy7pe\desktop\ucsfzlbaezn users\wi2yhmti onvscy7pe\desktop\ucsfzlbaezn c:\ c:\users\wi2yhmti onvscy7pe\desktop\ucsfzlbaezn File users\wi2yhmti onvscy7pe\desktop\zcgwzmuzzmzip users\wi2yhmti onvscy7pe\desktop\zcgwzmuzzmzip c:\ c:\users\wi2yhmti onvscy7pe\desktop\zcgwzmuzzmzip File users\wi2yhmti onvscy7pe\desktop\ciotal users\wi2yhmti onvscy7pe\desktop\ciotal c:\ c:\users\wi2yhmti onvscy7pe\desktop\ciotal File users\wi2yhmti onvscy7pe\desktop\dodoqeqrbwahtjq users\wi2yhmti onvscy7pe\desktop\dodoqeqrbwahtjq c:\ c:\users\wi2yhmti onvscy7pe\desktop\dodoqeqrbwahtjq File users\wi2yhmti onvscy7pe\desktop\swudqd users\wi2yhmti onvscy7pe\desktop\swudqd c:\ c:\users\wi2yhmti onvscy7pe\desktop\swudqd File users\wi2yhmti onvscy7pe\desktop\jrtgquwkyvanvbi users\wi2yhmti onvscy7pe\desktop\jrtgquwkyvanvbi c:\ c:\users\wi2yhmti onvscy7pe\desktop\jrtgquwkyvanvbi File users\wi2yhmti onvscy7pe\desktop\hhqjokypw users\wi2yhmti onvscy7pe\desktop\hhqjokypw c:\ c:\users\wi2yhmti onvscy7pe\desktop\hhqjokypw File users\wi2yhmti onvscy7pe\desktop\bnvwlppbnnua users\wi2yhmti onvscy7pe\desktop\bnvwlppbnnua c:\ c:\users\wi2yhmti onvscy7pe\desktop\bnvwlppbnnua File users\wi2yhmti onvscy7pe\ayooemee\xumiasww.exe users\wi2yhmti onvscy7pe\ayooemee\xumiasww.exe c:\ c:\users\wi2yhmti onvscy7pe\ayooemee\xumiasww.exe exe MD5 e8b81e4a627a9f9a772b6d42d9bb3a3c SHA1 08cdff2e0e82651cde54a58eca4747aadc940a53 SHA256 0fbd214902a4b12b22dd57fc04449cf9642a220d2cc5c0cd274013131446c899 File users\wi2yhmti onvscy7pe\desktop\cfkdoo users\wi2yhmti onvscy7pe\desktop\cfkdoo c:\ c:\users\wi2yhmti onvscy7pe\desktop\cfkdoo File users\wi2yhmti onvscy7pe\desktop\ivio users\wi2yhmti onvscy7pe\desktop\ivio c:\ c:\users\wi2yhmti onvscy7pe\desktop\ivio File users\wi2yhmti onvscy7pe\desktop\okroak users\wi2yhmti onvscy7pe\desktop\okroak c:\ c:\users\wi2yhmti onvscy7pe\desktop\okroak File users\wi2yhmti onvscy7pe\desktop\woghlxmtdopva users\wi2yhmti onvscy7pe\desktop\woghlxmtdopva c:\ c:\users\wi2yhmti onvscy7pe\desktop\woghlxmtdopva File users\wi2yhmti onvscy7pe\desktop\okooeoueted users\wi2yhmti onvscy7pe\desktop\okooeoueted c:\ c:\users\wi2yhmti onvscy7pe\desktop\okooeoueted File users\wi2yhmti onvscy7pe\desktop\eqdzfvvf users\wi2yhmti onvscy7pe\desktop\eqdzfvvf c:\ c:\users\wi2yhmti onvscy7pe\desktop\eqdzfvvf File users\wi2yhmti onvscy7pe\desktop\dyfwoqbh users\wi2yhmti onvscy7pe\desktop\dyfwoqbh c:\ c:\users\wi2yhmti onvscy7pe\desktop\dyfwoqbh File users\wi2yhmti onvscy7pe\desktop\ipplbhxcuc users\wi2yhmti onvscy7pe\desktop\ipplbhxcuc c:\ c:\users\wi2yhmti onvscy7pe\desktop\ipplbhxcuc File users\wi2yhmti onvscy7pe\desktop\pkkpenkyse users\wi2yhmti onvscy7pe\desktop\pkkpenkyse c:\ c:\users\wi2yhmti onvscy7pe\desktop\pkkpenkyse File users\wi2yhmti onvscy7pe\desktop\ucpgdjptbnw users\wi2yhmti onvscy7pe\desktop\ucpgdjptbnw c:\ c:\users\wi2yhmti onvscy7pe\desktop\ucpgdjptbnw File users\wi2yhmti onvscy7pe\desktop\ckuhxlydmvbcgt users\wi2yhmti onvscy7pe\desktop\ckuhxlydmvbcgt c:\ c:\users\wi2yhmti onvscy7pe\desktop\ckuhxlydmvbcgt File users\wi2yhmti onvscy7pe\desktop\lzzjxhcku users\wi2yhmti onvscy7pe\desktop\lzzjxhcku c:\ c:\users\wi2yhmti onvscy7pe\desktop\lzzjxhcku File users\wi2yhmti onvscy7pe\desktop\rocpuxh users\wi2yhmti onvscy7pe\desktop\rocpuxh c:\ c:\users\wi2yhmti onvscy7pe\desktop\rocpuxh File users\wi2yhmti onvscy7pe\desktop\pjrrdbkpxxp users\wi2yhmti onvscy7pe\desktop\pjrrdbkpxxp c:\ c:\users\wi2yhmti onvscy7pe\desktop\pjrrdbkpxxp File users\wi2yhmti onvscy7pe\desktop\ddahqzxmaggrzgk users\wi2yhmti onvscy7pe\desktop\ddahqzxmaggrzgk c:\ c:\users\wi2yhmti onvscy7pe\desktop\ddahqzxmaggrzgk File users\wi2yhmti onvscy7pe\desktop\zgspcrdzmbdlll users\wi2yhmti onvscy7pe\desktop\zgspcrdzmbdlll c:\ c:\users\wi2yhmti onvscy7pe\desktop\zgspcrdzmbdlll File users\wi2yhmti onvscy7pe\desktop\tqfrvevei users\wi2yhmti onvscy7pe\desktop\tqfrvevei c:\ c:\users\wi2yhmti onvscy7pe\desktop\tqfrvevei File users\wi2yhmti onvscy7pe\desktop\fcjudzpy users\wi2yhmti onvscy7pe\desktop\fcjudzpy c:\ c:\users\wi2yhmti onvscy7pe\desktop\fcjudzpy File users\wi2yhmti onvscy7pe\desktop\efrhdichi users\wi2yhmti onvscy7pe\desktop\efrhdichi c:\ c:\users\wi2yhmti onvscy7pe\desktop\efrhdichi File users\wi2yhmti onvscy7pe\desktop\okpzlttkzghsb users\wi2yhmti onvscy7pe\desktop\okpzlttkzghsb c:\ c:\users\wi2yhmti onvscy7pe\desktop\okpzlttkzghsb File users\wi2yhmti onvscy7pe\desktop\qsltlfjc users\wi2yhmti onvscy7pe\desktop\qsltlfjc c:\ c:\users\wi2yhmti onvscy7pe\desktop\qsltlfjc File users\wi2yhmti onvscy7pe\desktop\dvdlznyxdqejop users\wi2yhmti onvscy7pe\desktop\dvdlznyxdqejop c:\ c:\users\wi2yhmti onvscy7pe\desktop\dvdlznyxdqejop File users\wi2yhmti onvscy7pe\desktop\wnnum users\wi2yhmti onvscy7pe\desktop\wnnum c:\ c:\users\wi2yhmti onvscy7pe\desktop\wnnum File users\wi2yhmti onvscy7pe\desktop\faqybxahlcc users\wi2yhmti onvscy7pe\desktop\faqybxahlcc c:\ c:\users\wi2yhmti onvscy7pe\desktop\faqybxahlcc File users\wi2yhmti onvscy7pe\desktop\gqazpanrzp users\wi2yhmti onvscy7pe\desktop\gqazpanrzp c:\ c:\users\wi2yhmti onvscy7pe\desktop\gqazpanrzp File users\wi2yhmti onvscy7pe\desktop\gnzdojblzdltdv users\wi2yhmti onvscy7pe\desktop\gnzdojblzdltdv c:\ c:\users\wi2yhmti onvscy7pe\desktop\gnzdojblzdltdv File users\wi2yhmti onvscy7pe\desktop\bdvmlsjpvlusc users\wi2yhmti onvscy7pe\desktop\bdvmlsjpvlusc c:\ c:\users\wi2yhmti onvscy7pe\desktop\bdvmlsjpvlusc File users\wi2yhmti onvscy7pe\desktop\shxkod users\wi2yhmti onvscy7pe\desktop\shxkod c:\ c:\users\wi2yhmti onvscy7pe\desktop\shxkod File users\wi2yhmti onvscy7pe\desktop\eqnahklzvzrkra users\wi2yhmti onvscy7pe\desktop\eqnahklzvzrkra c:\ c:\users\wi2yhmti onvscy7pe\desktop\eqnahklzvzrkra File programdata\vmymsigm\yoummieo.exe programdata\vmymsigm\yoummieo.exe c:\ c:\programdata\vmymsigm\yoummieo.exe exe MD5 25081af7955ff8b96260f64cc3c76bcb SHA1 e02b4eab3fe752312aadd58de8a2e3558aebe12d SHA256 c7c619989c3733e37fa0b40b0e606cd0f6b3711378cbffd4908c4364fbf1e18c File users\wi2yhmti onvscy7pe\desktop\rdotrvcpth users\wi2yhmti onvscy7pe\desktop\rdotrvcpth c:\ c:\users\wi2yhmti onvscy7pe\desktop\rdotrvcpth File users\wi2yhmti onvscy7pe\desktop\olxnxq users\wi2yhmti onvscy7pe\desktop\olxnxq c:\ c:\users\wi2yhmti onvscy7pe\desktop\olxnxq File users\wi2yhmti onvscy7pe\desktop\awwilildhk users\wi2yhmti onvscy7pe\desktop\awwilildhk c:\ c:\users\wi2yhmti onvscy7pe\desktop\awwilildhk File users\wi2yhmti onvscy7pe\desktop\dlpdjbpebpqqrvh users\wi2yhmti onvscy7pe\desktop\dlpdjbpebpqqrvh c:\ c:\users\wi2yhmti onvscy7pe\desktop\dlpdjbpebpqqrvh File users\wi2yhmti onvscy7pe\desktop\nyfha users\wi2yhmti onvscy7pe\desktop\nyfha c:\ c:\users\wi2yhmti onvscy7pe\desktop\nyfha File users\wi2yhmti onvscy7pe\desktop\ibkfdojf users\wi2yhmti onvscy7pe\desktop\ibkfdojf c:\ c:\users\wi2yhmti onvscy7pe\desktop\ibkfdojf File users\wi2yhmti onvscy7pe\desktop\mocdpjij users\wi2yhmti onvscy7pe\desktop\mocdpjij c:\ c:\users\wi2yhmti onvscy7pe\desktop\mocdpjij File users\wi2yhmti onvscy7pe\desktop\fziqk users\wi2yhmti onvscy7pe\desktop\fziqk c:\ c:\users\wi2yhmti onvscy7pe\desktop\fziqk File users\wi2yhmti onvscy7pe\desktop\uqktfecidxwd users\wi2yhmti onvscy7pe\desktop\uqktfecidxwd c:\ c:\users\wi2yhmti onvscy7pe\desktop\uqktfecidxwd File users\wi2yhmti onvscy7pe\desktop\svgrat users\wi2yhmti onvscy7pe\desktop\svgrat c:\ c:\users\wi2yhmti onvscy7pe\desktop\svgrat File users\wi2yhmti onvscy7pe\desktop\jtylyxjwqnhb users\wi2yhmti onvscy7pe\desktop\jtylyxjwqnhb c:\ c:\users\wi2yhmti onvscy7pe\desktop\jtylyxjwqnhb File users\wi2yhmti onvscy7pe\desktop\sfqevzfusjwkcq users\wi2yhmti onvscy7pe\desktop\sfqevzfusjwkcq c:\ c:\users\wi2yhmti onvscy7pe\desktop\sfqevzfusjwkcq File users\wi2yhmti onvscy7pe\desktop\ckdfgwhy users\wi2yhmti onvscy7pe\desktop\ckdfgwhy c:\ c:\users\wi2yhmti onvscy7pe\desktop\ckdfgwhy File users\wi2yhmti onvscy7pe\desktop\nctequiorzziw users\wi2yhmti onvscy7pe\desktop\nctequiorzziw c:\ c:\users\wi2yhmti onvscy7pe\desktop\nctequiorzziw File users\wi2yhmti onvscy7pe\desktop\aibxxn users\wi2yhmti onvscy7pe\desktop\aibxxn c:\ c:\users\wi2yhmti onvscy7pe\desktop\aibxxn File programdata\baieaacu\xuaecwog.exe programdata\baieaacu\xuaecwog.exe c:\ c:\programdata\baieaacu\xuaecwog.exe exe MD5 958a7f26c423db4ed7c1caafc0dda8e9 SHA1 0af04b61a579c82fe3a4b06a62fc4d3cd0e2c571 SHA256 b9796040e89f3877c538a338d75bab2beeec94a720571f3d5df08e019cff3380 File users\wi2yhmti onvscy7pe\desktop\wmsxkoocwjp users\wi2yhmti onvscy7pe\desktop\wmsxkoocwjp c:\ c:\users\wi2yhmti onvscy7pe\desktop\wmsxkoocwjp File users\wi2yhmti onvscy7pe\desktop\gdrfmasuc users\wi2yhmti onvscy7pe\desktop\gdrfmasuc c:\ c:\users\wi2yhmti onvscy7pe\desktop\gdrfmasuc File users\wi2yhmti onvscy7pe\desktop\kdynuec users\wi2yhmti onvscy7pe\desktop\kdynuec c:\ c:\users\wi2yhmti onvscy7pe\desktop\kdynuec File users\wi2yhmti onvscy7pe\desktop\hzcmrmznnnvhv users\wi2yhmti onvscy7pe\desktop\hzcmrmznnnvhv c:\ c:\users\wi2yhmti onvscy7pe\desktop\hzcmrmznnnvhv File users\wi2yhmti onvscy7pe\desktop\kmzszjjabixrvi users\wi2yhmti onvscy7pe\desktop\kmzszjjabixrvi c:\ c:\users\wi2yhmti onvscy7pe\desktop\kmzszjjabixrvi File users\wi2yhmti onvscy7pe\desktop\mukdnyiwku users\wi2yhmti onvscy7pe\desktop\mukdnyiwku c:\ c:\users\wi2yhmti onvscy7pe\desktop\mukdnyiwku File users\wi2yhmti onvscy7pe\desktop\xggwdb users\wi2yhmti onvscy7pe\desktop\xggwdb c:\ c:\users\wi2yhmti onvscy7pe\desktop\xggwdb File users\wi2yhmti onvscy7pe\desktop\zzge users\wi2yhmti onvscy7pe\desktop\zzge c:\ c:\users\wi2yhmti onvscy7pe\desktop\zzge File users\wi2yhmti onvscy7pe\desktop\vkiqloxayyohc users\wi2yhmti onvscy7pe\desktop\vkiqloxayyohc c:\ c:\users\wi2yhmti onvscy7pe\desktop\vkiqloxayyohc File users\wi2yhmti onvscy7pe\desktop\dddpavcirmvvqqk users\wi2yhmti onvscy7pe\desktop\dddpavcirmvvqqk c:\ c:\users\wi2yhmti onvscy7pe\desktop\dddpavcirmvvqqk File users\wi2yhmti onvscy7pe\desktop\auiwcdd users\wi2yhmti onvscy7pe\desktop\auiwcdd c:\ c:\users\wi2yhmti onvscy7pe\desktop\auiwcdd File users\wi2yhmti onvscy7pe\desktop\sudgniklyefz users\wi2yhmti onvscy7pe\desktop\sudgniklyefz c:\ c:\users\wi2yhmti onvscy7pe\desktop\sudgniklyefz File users\wi2yhmti onvscy7pe\desktop\vvxuzzh users\wi2yhmti onvscy7pe\desktop\vvxuzzh c:\ c:\users\wi2yhmti onvscy7pe\desktop\vvxuzzh File users\wi2yhmti onvscy7pe\desktop\pkqljphz users\wi2yhmti onvscy7pe\desktop\pkqljphz c:\ c:\users\wi2yhmti onvscy7pe\desktop\pkqljphz File users\wi2yhmti onvscy7pe\desktop\quxgkeota users\wi2yhmti onvscy7pe\desktop\quxgkeota c:\ c:\users\wi2yhmti onvscy7pe\desktop\quxgkeota File users\wi2yhmti onvscy7pe\desktop\pagooqzsdxipqlp users\wi2yhmti onvscy7pe\desktop\pagooqzsdxipqlp c:\ c:\users\wi2yhmti onvscy7pe\desktop\pagooqzsdxipqlp File users\wi2yhmti onvscy7pe\desktop\cptlucmcnk users\wi2yhmti onvscy7pe\desktop\cptlucmcnk c:\ c:\users\wi2yhmti onvscy7pe\desktop\cptlucmcnk File users\wi2yhmti onvscy7pe\desktop\mpio users\wi2yhmti onvscy7pe\desktop\mpio c:\ c:\users\wi2yhmti onvscy7pe\desktop\mpio File users\wi2yhmti onvscy7pe\desktop\syndenps users\wi2yhmti onvscy7pe\desktop\syndenps c:\ c:\users\wi2yhmti onvscy7pe\desktop\syndenps File users\wi2yhmti onvscy7pe\desktop\iiroxzogklx users\wi2yhmti onvscy7pe\desktop\iiroxzogklx c:\ c:\users\wi2yhmti onvscy7pe\desktop\iiroxzogklx File users\wi2yhmti onvscy7pe\desktop\mdmogm users\wi2yhmti onvscy7pe\desktop\mdmogm c:\ c:\users\wi2yhmti onvscy7pe\desktop\mdmogm File users\wi2yhmti onvscy7pe\desktop\rllub users\wi2yhmti onvscy7pe\desktop\rllub c:\ c:\users\wi2yhmti onvscy7pe\desktop\rllub File users\wi2yhmti onvscy7pe\desktop\ugpf users\wi2yhmti onvscy7pe\desktop\ugpf c:\ c:\users\wi2yhmti onvscy7pe\desktop\ugpf File users\wi2yhmti onvscy7pe\desktop\fzoyzhgob users\wi2yhmti onvscy7pe\desktop\fzoyzhgob c:\ c:\users\wi2yhmti onvscy7pe\desktop\fzoyzhgob File users\wi2yhmti onvscy7pe\desktop\ddjphthbrquss users\wi2yhmti onvscy7pe\desktop\ddjphthbrquss c:\ c:\users\wi2yhmti onvscy7pe\desktop\ddjphthbrquss File users\wi2yhmti onvscy7pe\desktop\ubupjnawu users\wi2yhmti onvscy7pe\desktop\ubupjnawu c:\ c:\users\wi2yhmti onvscy7pe\desktop\ubupjnawu File users\wi2yhmti onvscy7pe\desktop\jujdff users\wi2yhmti onvscy7pe\desktop\jujdff c:\ c:\users\wi2yhmti onvscy7pe\desktop\jujdff File users\wi2yhmti onvscy7pe\desktop\aavbijipezbv users\wi2yhmti onvscy7pe\desktop\aavbijipezbv c:\ c:\users\wi2yhmti onvscy7pe\desktop\aavbijipezbv File users\wi2yhmti onvscy7pe\desktop\qeqnpyjjjr users\wi2yhmti onvscy7pe\desktop\qeqnpyjjjr c:\ c:\users\wi2yhmti onvscy7pe\desktop\qeqnpyjjjr File users\wi2yhmti onvscy7pe\desktop\qspglilvvmd users\wi2yhmti onvscy7pe\desktop\qspglilvvmd c:\ c:\users\wi2yhmti onvscy7pe\desktop\qspglilvvmd File users\wi2yhmti onvscy7pe\desktop\vzsussoabf users\wi2yhmti onvscy7pe\desktop\vzsussoabf c:\ c:\users\wi2yhmti onvscy7pe\desktop\vzsussoabf File users\wi2yhmti onvscy7pe\desktop\uwog users\wi2yhmti onvscy7pe\desktop\uwog c:\ c:\users\wi2yhmti onvscy7pe\desktop\uwog File users\wi2yhmti onvscy7pe\desktop\spuonpilxjekiro users\wi2yhmti onvscy7pe\desktop\spuonpilxjekiro c:\ c:\users\wi2yhmti onvscy7pe\desktop\spuonpilxjekiro File users\wi2yhmti onvscy7pe\desktop\tzvwiy users\wi2yhmti onvscy7pe\desktop\tzvwiy c:\ c:\users\wi2yhmti onvscy7pe\desktop\tzvwiy File users\wi2yhmti onvscy7pe\desktop\ogrzajo users\wi2yhmti onvscy7pe\desktop\ogrzajo c:\ c:\users\wi2yhmti onvscy7pe\desktop\ogrzajo File users\wi2yhmti onvscy7pe\desktop\puovwjl users\wi2yhmti onvscy7pe\desktop\puovwjl c:\ c:\users\wi2yhmti onvscy7pe\desktop\puovwjl File users\wi2yhm~1\appdata\local\temp\dwaaskwo.bat users\wi2yhm~1\appdata\local\temp\dwaaskwo.bat c:\ c:\users\wi2yhm~1\appdata\local\temp\dwaaskwo.bat bat MD5 f6f0aa95187fb1682cfbee02e3348d4f SHA1 46c7c7331f30edf31b3308f077cb583ec37a68be SHA256 b9c68ec4d2854ae3bc968140b7c9ceefb21f5dd73365d16590741bce796ec459 File users\wi2yhmti onvscy7pe\desktop\ftpjwfw users\wi2yhmti onvscy7pe\desktop\ftpjwfw c:\ c:\users\wi2yhmti onvscy7pe\desktop\ftpjwfw File users\wi2yhmti onvscy7pe\desktop\249bebc650b7160cfeee41d08bc61dc220ecb740.malware users\wi2yhmti onvscy7pe\desktop\249bebc650b7160cfeee41d08bc61dc220ecb740.malware c:\ c:\users\wi2yhmti onvscy7pe\desktop\249bebc650b7160cfeee41d08bc61dc220ecb740.malware malware MD5 672a1f1de82c3076688c129d2c89d0e2 SHA1 02e8f06ad6888c9fb28059f5eac065b7bbfdd365 SHA256 1d8a8607dd5b6aa413649cd3dc7187497e6a7fcb616e56c980fcfb682ee8c363 File users\wi2yhmti onvscy7pe\desktop\twdznhht users\wi2yhmti onvscy7pe\desktop\twdznhht c:\ c:\users\wi2yhmti onvscy7pe\desktop\twdznhht File users\wi2yhmti onvscy7pe\desktop\dlksr users\wi2yhmti onvscy7pe\desktop\dlksr c:\ c:\users\wi2yhmti onvscy7pe\desktop\dlksr File users\wi2yhmti onvscy7pe\desktop\ozbllmpyu users\wi2yhmti onvscy7pe\desktop\ozbllmpyu c:\ c:\users\wi2yhmti onvscy7pe\desktop\ozbllmpyu File users\wi2yhmti onvscy7pe\ayooemee users\wi2yhmti onvscy7pe\ayooemee c:\ c:\users\wi2yhmti onvscy7pe\ayooemee File programdata\vmymsigm programdata\vmymsigm c:\ c:\programdata\vmymsigm File programdata\baieaacu programdata\baieaacu c:\ c:\programdata\baieaacu Mutex AsEwIwsA Mutex TYAckMgs WinRegistryKey software\microsoft\windows\currentversion\run HKEY_CURRENT_USER XuMIAsww.exe C:\Users\WI2yhmtI onvScY7Pe\ayooEMEE\XuMIAsww.exe REG_SZ WinRegistryKey software\microsoft\windows\currentversion\run HKEY_LOCAL_MACHINE YOUMMIEo.exe C:\ProgramData\VmYMsIgM\YOUMMIEo.exe REG_SZ WinRegistryKey SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon HKEY_LOCAL_MACHINE Userinit C:\Windows\system32\userinit.exe,C:\ProgramData\VmYMsIgM\YOUMMIEo.exe, REG_SZ Userinit WinRegistryKey SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon HKEY_LOCAL_MACHINE Userinit C:\ProgramData\VmYMsIgM\YOUMMIEo.exe, REG_SZ Userinit Process 3212 249bebc650b7160cfeee41d08bc61dc220ecb740.malware.exe 2044 249bebc650b7160cfeee41d08bc61dc220ecb740.malware.exe "C:\Users\WI2yhmtI onvScY7Pe\Desktop\249bebc650b7160cfeee41d08bc61dc220ecb740.malware.exe" C:\Users\WI2yhmtI onvScY7Pe\Desktop c:\users\wi2yhmti onvscy7pe\desktop\249bebc650b7160cfeee41d08bc61dc220ecb740.malware.exe WinService cEMAEwpb cEMAEwpb C:\ProgramData\BAIEAAcU\xUAEcwog.exe SERVICE_AUTO_START SERVICE_WIN32_OWN_PROCESS WinRegistryKey Software\Policies\Microsoft\Windows\System HKEY_CURRENT_USER Process 3640 cmd.exe 3212 cmd.exe C:\Windows\system32\cmd.exe /c "C:\Users\WI2yhmtI onvScY7Pe\Desktop\249bebc650b7160cfeee41d08bc61dc220ecb740.malware" C:\Users\WI2yhmtI onvScY7Pe\Desktop c:\windows\syswow64\cmd.exe Opened File STD_OUTPUT_HANDLE Process 3680 reg.exe 3212 reg.exe reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2 C:\Users\WI2yhmtI onvScY7Pe\Desktop c:\windows\syswow64\reg.exe Opened Opened Created WinRegistryKey Software\Microsoft\Windows\CurrentVersion\Policies\System HKEY_CURRENT_USER WinRegistryKey Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced HKEY_CURRENT_USER Hidden Hidden 2 REG_DWORD_LITTLE_ENDIAN File STD_OUTPUT_HANDLE Process 3688 reg.exe 3212 reg.exe reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f C:\Users\WI2yhmtI onvScY7Pe\Desktop c:\windows\syswow64\reg.exe Opened Opened Created WinRegistryKey Software\Microsoft\Windows\CurrentVersion\Policies\System HKEY_CURRENT_USER WinRegistryKey SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System HKEY_LOCAL_MACHINE EnableLUA EnableLUA 0 REG_DWORD_LITTLE_ENDIAN Analyzed Sample #609232 Malware Artifacts 609232 Sample-ID: #609232 Job-ID: #661725 Example C This sample was analyzed by VMRay Analyzer 1.11.0 on a Windows 10 system 75 VTI Score based on VTI Database Version 2.2 Metadata of Sample File #609232 Submission-ID: #609232 C:\Users\WI2yhmtI onvScY7Pe\Desktop\249bebc650b7160cfeee41d08bc61dc220ecb740.malware.exe exe MD5 a66df34f40f1345861846918f4f8f56d SHA1 249bebc650b7160cfeee41d08bc61dc220ecb740 SHA256 91de42dda9985493ed08b1e6b7f5c3931135189a5455a3afb9bac8cc8d7c0870 Opened_By VMRay Analyzer Process VTI rule match with VTI rule score 1/5 vmray_allocate_wx_page Allocate a page with "PAGE_EXECUTE_READWRITE" permissions, often used to dynamically unpack code. Allocate a page with write and execute permissions Process VTI rule match with VTI rule score 1/5 vmray_install_ipc_endpoint Create mutex with name "AsEwIwsA". Create system object Process VTI rule match with VTI rule score 1/5 vmray_install_ipc_endpoint Create mutex with name "TYAckMgs". Create system object Process VTI rule match with VTI rule score 1/5 vmray_create_process_with_hidden_window The process "C:\Users\WI2yhmtI onvScY7Pe\ayooEMEE\XuMIAsww.exe" starts with hidden window. Create process with hidden window Persistence VTI rule match with VTI rule score 1/5 vmray_install_startup_script_by_registry Add "C:\Users\WI2yhmtI onvScY7Pe\ayooEMEE\XuMIAsww.exe" to windows startup via registry. Install system startup script or application Process VTI rule match with VTI rule score 1/5 vmray_create_process_with_hidden_window The process "C:\ProgramData\VmYMsIgM\YOUMMIEo.exe" starts with hidden window. Create process with hidden window Persistence VTI rule match with VTI rule score 1/5 vmray_install_startup_script_by_registry Add "C:\ProgramData\VmYMsIgM\YOUMMIEo.exe" to windows startup via registry. Install system startup script or application Persistence VTI rule match with VTI rule score 1/5 vmray_install_startup_script_by_registry Add "C:\Windows\system32\userinit.exe,C:\ProgramData\VmYMsIgM\YOUMMIEo.exe," to windows startup via registry. Install system startup script or application Persistence VTI rule match with VTI rule score 1/5 vmray_install_startup_script_by_registry Add "C:\ProgramData\VmYMsIgM\YOUMMIEo.exe," to windows startup via registry. Install system startup script or application Persistence VTI rule match with VTI rule score 1/5 vmray_install_service_by_api Install service "cEMAEwpb" by CreateServiceW. Install system service Process VTI rule match with VTI rule score 1/5 vmray_create_process_with_hidden_window The process "C:\Users\WI2YHM~1\AppData\Local\Temp\dWAAskwo.bat" starts with hidden window. Create process with hidden window Process VTI rule match with VTI rule score 1/5 vmray_create_process_with_hidden_window The process "reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1" starts with hidden window. Create process with hidden window Process VTI rule match with VTI rule score 1/5 vmray_create_process_with_hidden_window The process "reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2" starts with hidden window. Create process with hidden window Process VTI rule match with VTI rule score 1/5 vmray_create_process_with_hidden_window The process "reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f" starts with hidden window. Create process with hidden window OS VTI rule match with VTI rule score 3/5 vmray_disable_display_of_hidden_files_and_folders_by_registry Disable the display of hidden files and folders. Modify system configuration OS VTI rule match with VTI rule score 3/5 vmray_disable_uac_notification_by_registry Disable UAC notification. Modfiy system security configuration Anti Analysis VTI rule match with VTI rule score 3/5 vmray_detect_vm_by_rdtsc Possibly trying to detect VM via rdtsc. Try to detect virtual machine PE VTI rule match with VTI rule score 1/5 vmray_drop_pe_file Drop file "c:\users\wi2yhmti onvscy7pe\ayooemee\xumiasww.exe". Drop PE file PE VTI rule match with VTI rule score 1/5 vmray_drop_pe_file Drop file "c:\programdata\vmymsigm\yoummieo.exe". Drop PE file PE VTI rule match with VTI rule score 1/5 vmray_drop_pe_file Drop file "c:\programdata\baieaacu\xuaecwog.exe". Drop PE file PE VTI rule match with VTI rule score 1/5 vmray_execute_dropped_pe_file Execute dropped file "c:\users\wi2yhmti onvscy7pe\ayooemee\xumiasww.exe". Execute dropped PE file PE VTI rule match with VTI rule score 1/5 vmray_execute_dropped_pe_file Execute dropped file "c:\programdata\vmymsigm\yoummieo.exe". Execute dropped PE file PE VTI rule match with VTI rule score 1/5 vmray_execute_dropped_pe_file Execute dropped file "c:\programdata\baieaacu\xuaecwog.exe". Execute dropped PE file