1df31957b1f42c7043f2f38be08950039d54138ca12abb666126cd8bb5d71bb9

Analysis

max time kernel
145s
max time network
146s
platform
windows7_x64
resource
win7v20210410
submitted
19-07-2021 06:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

WiseVector_Setup.exe
Size

33.4MB
MD5

dcc40be7f6bf04ef7c972ee1bc090a0c
SHA1

8758e593589acfa8948e3d89706f9556458eb83b
SHA256

1df31957b1f42c7043f2f38be08950039d54138ca12abb666126cd8bb5d71bb9
SHA512

9c8cc36359e85d271493adae88ce79227359ca65b9996d476f2eb087f574de8b7f0b4b39533d659cfeed77e4b1a7b2480a296c7a51f78a2b45f3918f2fabbe58

Score

10^/10

discovery macro persistence xlm

Malware Config

Signatures

Registers COM server for autorun 1 TTPs
persistence

Registry Run Keys / Startup Folder
T1060
Executes dropped EXE 5 IoCs

Processes:

vcredist_x86.exeinstall.exeWiseVectorService.exeWiseVectorSvc.exeWiseVector.exe

pid process

1184 vcredist_x86.exe
736 install.exe
1616 WiseVectorService.exe
2032 WiseVectorSvc.exe
740 WiseVector.exe

pid	process
1184	vcredist_x86.exe
736	install.exe
1616	WiseVectorService.exe
2032	WiseVectorSvc.exe
740	WiseVector.exe

Suspicious Office macro 1 IoCs

Office document equipped with 4.0 macros.

macro xlm

Processes:

resource	yara_rule
\??\c:\61558f471d565b5804dd\vc_red.msi	office_xlm_macros

Loads dropped DLL 36 IoCs

Processes:

WiseVector_Setup.exevcredist_x86.exeinstall.exeregsvr32.exeregsvr32.exeWiseVectorSvc.exeWiseVector.exe

pid	process
452	WiseVector_Setup.exe
452	WiseVector_Setup.exe
452	WiseVector_Setup.exe
452	WiseVector_Setup.exe
452	WiseVector_Setup.exe
452	WiseVector_Setup.exe
452	WiseVector_Setup.exe
452	WiseVector_Setup.exe
452	WiseVector_Setup.exe
452	WiseVector_Setup.exe
1184	vcredist_x86.exe
736	install.exe
452	WiseVector_Setup.exe
452	WiseVector_Setup.exe
452	WiseVector_Setup.exe
2044	regsvr32.exe
512	regsvr32.exe
452	WiseVector_Setup.exe
452	WiseVector_Setup.exe
452	WiseVector_Setup.exe
2032	WiseVectorSvc.exe
2032	WiseVectorSvc.exe
2032	WiseVectorSvc.exe
2032	WiseVectorSvc.exe
2032	WiseVectorSvc.exe
2032	WiseVectorSvc.exe
2032	WiseVectorSvc.exe
2032	WiseVectorSvc.exe
740	WiseVector.exe
740	WiseVector.exe
740	WiseVector.exe
740	WiseVector.exe
740	WiseVector.exe
740	WiseVector.exe
740	WiseVector.exe
740	WiseVector.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Enumerates connected drives 3 TTPs 24 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

msiexec.exe

description	ioc	process
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\F:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe

Drops file in Program Files directory 64 IoCs

Processes:

WiseVector_Setup.exeWiseVectorSvc.exeWiseVector.exe

description	ioc	process
File opened for modification	C:\Program Files (x86)\WiseVector\lib\_helper.pyh	WiseVector_Setup.exe
File opened for modification	C:\Program Files (x86)\WiseVector\update.ini	WiseVector_Setup.exe
File created	C:\Program Files (x86)\WiseVector\bait\sample.mdb	WiseVector_Setup.exe
File opened for modification	C:\Program Files (x86)\WiseVector\dat\local.de	WiseVector_Setup.exe
File opened for modification	C:\Program Files (x86)\WiseVector\dat\p.mtk	WiseVector_Setup.exe
File created	C:\Program Files (x86)\WiseVector\lib\_ctypes.pyd	WiseVector_Setup.exe
File opened for modification	C:\Program Files (x86)\WiseVector\cfg\rec.de-journal	WiseVectorSvc.exe
File created	C:\Program Files (x86)\WiseVector\tmp\dat-lh.de.rar	WiseVector.exe
File opened for modification	C:\Program Files (x86)\WiseVector\qua	WiseVector_Setup.exe
File created	C:\Program Files (x86)\WiseVector\dat\o.mtk	WiseVector_Setup.exe
File created	C:\Program Files (x86)\WiseVector\Eg.dll	WiseVector_Setup.exe
File opened for modification	C:\Program Files (x86)\WiseVector\WiseVectorExt_X64.dll	WiseVector_Setup.exe
File created	C:\Program Files (x86)\WiseVector\lib\select.pyd	WiseVector_Setup.exe
File opened for modification	C:\Program Files (x86)\WiseVector\libbz2.dll	WiseVector_Setup.exe
File opened for modification	C:\Program Files (x86)\WiseVector\vcomp120.dll	WiseVector_Setup.exe
File created	C:\Program Files (x86)\WiseVector\tmp\dat-me.de.rar	WiseVector.exe
File created	C:\Program Files (x86)\WiseVector\app.7z	WiseVector_Setup.exe
File opened for modification	C:\Program Files (x86)\WiseVector\dat	WiseVector_Setup.exe
File created	C:\Program Files (x86)\WiseVector\scan\scan.ini	WiseVector_Setup.exe
File created	C:\Program Files (x86)\WiseVector\dat\pa.ptk	WiseVector_Setup.exe
File opened for modification	C:\Program Files (x86)\WiseVector\lib\bz2.pyd	WiseVector_Setup.exe
File created	C:\Program Files (x86)\WiseVector\lib\helperoneo.pyd	WiseVector_Setup.exe
File opened for modification	C:\Program Files (x86)\WiseVector\lib\unicodedata.pyd	WiseVector_Setup.exe
File opened for modification	C:\Program Files (x86)\WiseVector\lib\_socket.pyd	WiseVector_Setup.exe
File opened for modification	C:\Program Files (x86)\WiseVector\cfg\set.de	WiseVector_Setup.exe
File created	C:\Program Files (x86)\WiseVector\dat\ppo.mtk	WiseVector_Setup.exe
File created	C:\Program Files (x86)\WiseVector\dat\uo.mtk	WiseVector_Setup.exe
File opened for modification	C:\Program Files (x86)\WiseVector\lang\chinese.dat	WiseVector_Setup.exe
File opened for modification	C:\Program Files (x86)\WiseVector\python27.dll	WiseVector_Setup.exe
File opened for modification	C:\Program Files (x86)\WiseVector\WiseVectorHelperOne_X64.dll	WiseVector_Setup.exe
File opened for modification	C:\Program Files (x86)\WiseVector\WiseVectorSvc.exe	WiseVector_Setup.exe
File opened for modification	C:\Program Files (x86)\WiseVector\update.ini	WiseVector.exe
File opened for modification	C:\Program Files (x86)\WiseVector\lang\english.dat	WiseVector_Setup.exe
File opened for modification	C:\Program Files (x86)\WiseVector\lib\select.pyd	WiseVector_Setup.exe
File opened for modification	C:\Program Files (x86)\WiseVector\lib\_ctypes.pyd	WiseVector_Setup.exe
File opened for modification	C:\Program Files (x86)\WiseVector\dat\local.de	WiseVector.exe
File opened for modification	C:\Program Files (x86)\WiseVector\cfg	WiseVector_Setup.exe
File created	C:\Program Files (x86)\WiseVector\bait\sample.doc	WiseVector_Setup.exe
File created	C:\Program Files (x86)\WiseVector\bait\sample.txt	WiseVector_Setup.exe
File created	C:\Program Files (x86)\WiseVector\dat\pa.mtk	WiseVector_Setup.exe
File opened for modification	C:\Program Files (x86)\WiseVector\lib\_hashlib.pyd	WiseVector_Setup.exe
File opened for modification	C:\Program Files (x86)\WiseVector\WiseVectorHelperFour.dll	WiseVector_Setup.exe
File created	C:\Program Files (x86)\WiseVector\dat\p.mtk	WiseVector_Setup.exe
File opened for modification	C:\Program Files (x86)\WiseVector\dat\pa.mtk	WiseVector_Setup.exe
File opened for modification	C:\Program Files (x86)\WiseVector\dat\po.mtk	WiseVector_Setup.exe
File created	C:\Program Files (x86)\WiseVector\dat\u.mtk	WiseVector_Setup.exe
File opened for modification	C:\Program Files (x86)\WiseVector\log\Monitor.log	WiseVector.exe
File opened for modification	C:\Program Files (x86)\WiseVector\dat\do.mtk	WiseVector_Setup.exe
File opened for modification	C:\Program Files (x86)\WiseVector\lib\_ssl.pyd	WiseVector_Setup.exe
File opened for modification	C:\Program Files (x86)\WiseVector\wvsetting.ini	WiseVector_Setup.exe
File opened for modification	C:\Program Files (x86)\WiseVector\WiseVectorService.exe	WiseVector_Setup.exe
File opened for modification	C:\Program Files (x86)\WiseVector\dat\lh.de	WiseVector_Setup.exe
File created	C:\Program Files (x86)\WiseVector\dat\local.de	WiseVector_Setup.exe
File created	C:\Program Files (x86)\WiseVector\wvsetting.ini	WiseVector_Setup.exe
File opened for modification	C:\Program Files (x86)\WiseVector\WiseVectorHIPS_X86.sys	WiseVector_Setup.exe
File opened for modification	C:\Program Files (x86)\WiseVector\scan	WiseVector_Setup.exe
File opened for modification	C:\Program Files (x86)\WiseVector\tmp	WiseVector_Setup.exe
File opened for modification	C:\Program Files (x86)\WiseVector\bait\sample.doc	WiseVector_Setup.exe
File created	C:\Program Files (x86)\WiseVector\dat\do.mtk	WiseVector_Setup.exe
File created	C:\Program Files (x86)\WiseVector\WiseVectorScan.dll	WiseVector_Setup.exe
File opened for modification	C:\Program Files (x86)\WiseVector\app.7z	WiseVector_Setup.exe
File opened for modification	C:\Program Files (x86)\WiseVector\log\Scan.log	WiseVector.exe
File created	C:\Program Files (x86)\WiseVector\bait\sample.sql	WiseVector_Setup.exe
File opened for modification	C:\Program Files (x86)\WiseVector\dat\pa.ptk	WiseVector_Setup.exe

Drops file in Windows directory 57 IoCs

Processes:

msiexec.exe

description	ioc	process
File created	C:\Windows\WinSxS\InstallTemp\20210719061323118.2\mfc90rus.dll	msiexec.exe
File created	C:\Windows\WinSxS\InstallTemp\20210719061323118.1\mfcm90.dll	msiexec.exe
File opened for modification	C:\Windows\WinSxS\InstallTemp\20210719061323134.0	msiexec.exe
File created	C:\Windows\WinSxS\InstallTemp\20210719061323118.2\mfc90esp.dll	msiexec.exe
File created	C:\Windows\WinSxS\InstallTemp\20210719061323118.2\mfc90fra.dll	msiexec.exe
File created	C:\Windows\WinSxS\InstallTemp\20210719061323134.0\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_4ddc769f.cat	msiexec.exe
File created	C:\Windows\WinSxS\InstallTemp\20210719061323228.0\9.0.30729.6161.policy	msiexec.exe
File created	C:\Windows\WinSxS\InstallTemp\20210719061323134.0\vcomp90.dll	msiexec.exe
File opened for modification	C:\Windows\WinSxS\InstallTemp\20210719061323118.0	msiexec.exe
File created	C:\Windows\WinSxS\InstallTemp\20210719061323118.0\msvcr90.dll	msiexec.exe
File created	C:\Windows\WinSxS\InstallTemp\20210719061323118.1\mfc90.dll	msiexec.exe
File created	C:\Windows\WinSxS\InstallTemp\20210719061323118.2\mfc90kor.dll	msiexec.exe
File created	C:\Windows\WinSxS\InstallTemp\20210719061323118.1\mfcm90u.dll	msiexec.exe
File created	C:\Windows\WinSxS\InstallTemp\20210719061323196.0\9.0.30729.6161.policy	msiexec.exe
File created	C:\Windows\WinSxS\InstallTemp\20210719061323212.0\9.0.30729.6161.policy	msiexec.exe
File created	C:\Windows\WinSxS\InstallTemp\20210719061323212.0\9.0.30729.6161.cat	msiexec.exe
File created	C:\Windows\WinSxS\InstallTemp\20210719061323118.0\msvcp90.dll	msiexec.exe
File opened for modification	C:\Windows\WinSxS\InstallTemp\20210719061323009.0	msiexec.exe
File opened for modification	C:\Windows\WinSxS\InstallTemp\20210719061323118.2	msiexec.exe
File created	C:\Windows\WinSxS\InstallTemp\20210719061323009.0\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_92453bb7.manifest	msiexec.exe
File created	C:\Windows\WinSxS\InstallTemp\20210719061323118.0\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43.manifest	msiexec.exe
File created	C:\Windows\WinSxS\InstallTemp\20210719061323118.1\mfc90u.dll	msiexec.exe
File created	\??\c:\Windows\Installer\f74cc39.msi	msiexec.exe
File created	C:\Windows\WinSxS\InstallTemp\20210719061323118.1\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_028bc148.cat	msiexec.exe
File opened for modification	\??\c:\Windows\Installer\f74cc37.ipi	msiexec.exe
File created	C:\Windows\WinSxS\InstallTemp\20210719061323009.0\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_92453bb7.cat	msiexec.exe
File created	C:\Windows\WinSxS\InstallTemp\20210719061323118.2\mfc90chs.dll	msiexec.exe
File created	C:\Windows\WinSxS\InstallTemp\20210719061323118.2\mfc90esn.dll	msiexec.exe
File created	C:\Windows\WinSxS\InstallTemp\20210719061323118.0\msvcm90.dll	msiexec.exe
File created	C:\Windows\WinSxS\InstallTemp\20210719061323181.0\9.0.30729.6161.policy	msiexec.exe
File opened for modification	C:\Windows\WinSxS\InstallTemp\20210719061323212.0	msiexec.exe
File opened for modification	C:\Windows\WinSxS\InstallTemp\20210719061323228.0	msiexec.exe
File created	\??\c:\Windows\Installer\f74cc37.ipi	msiexec.exe
File created	C:\Windows\WinSxS\InstallTemp\20210719061323212.1\9.0.30729.6161.cat	msiexec.exe
File opened for modification	\??\c:\Windows\Installer\	msiexec.exe
File created	C:\Windows\WinSxS\InstallTemp\20210719061323118.2\mfc90cht.dll	msiexec.exe
File opened for modification	C:\Windows\WinSxS\InstallTemp\20210719061323181.0	msiexec.exe
File created	C:\Windows\WinSxS\InstallTemp\20210719061323009.0\atl90.dll	msiexec.exe
File created	C:\Windows\WinSxS\InstallTemp\20210719061323118.2\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508.cat	msiexec.exe
File created	C:\Windows\WinSxS\InstallTemp\20210719061323196.0\9.0.30729.6161.cat	msiexec.exe
File created	C:\Windows\WinSxS\InstallTemp\20210719061323118.2\mfc90jpn.dll	msiexec.exe
File opened for modification	C:\Windows\WinSxS\InstallTemp\20210719061323196.0	msiexec.exe
File opened for modification	C:\Windows\WinSxS\InstallTemp\20210719061323118.1	msiexec.exe
File opened for modification	C:\Windows\WinSxS\InstallTemp\20210719061323212.1	msiexec.exe
File created	C:\Windows\WinSxS\InstallTemp\20210719061323118.0\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43.cat	msiexec.exe
File created	C:\Windows\WinSxS\InstallTemp\20210719061323118.2\mfc90ita.dll	msiexec.exe
File created	C:\Windows\WinSxS\InstallTemp\20210719061323118.1\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_028bc148.manifest	msiexec.exe
File created	C:\Windows\WinSxS\InstallTemp\20210719061323118.2\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508.manifest	msiexec.exe
File created	C:\Windows\WinSxS\InstallTemp\20210719061323118.2\mfc90enu.dll	msiexec.exe
File created	C:\Windows\WinSxS\InstallTemp\20210719061323181.0\9.0.30729.6161.cat	msiexec.exe
File opened for modification	C:\Windows\Installer\MSID01D.tmp	msiexec.exe
File created	C:\Windows\WinSxS\InstallTemp\20210719061323228.0\9.0.30729.6161.cat	msiexec.exe
File opened for modification	\??\c:\Windows\Installer\f74cc35.msi	msiexec.exe
File created	C:\Windows\WinSxS\InstallTemp\20210719061323212.1\9.0.30729.6161.policy	msiexec.exe
File created	C:\Windows\WinSxS\InstallTemp\20210719061323134.0\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_4ddc769f.manifest	msiexec.exe
File created	C:\Windows\WinSxS\InstallTemp\20210719061323118.2\mfc90deu.dll	msiexec.exe
File created	\??\c:\Windows\Installer\f74cc35.msi	msiexec.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Modifies data under HKEY_USERS 3 IoCs

Processes:

msiexec.exe

description	ioc	process
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\25\52C64B7E	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\25	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26	msiexec.exe

Modifies registry class 64 IoCs

Processes:

msiexec.exeregsvr32.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\6E815EB96CCE9A53884E7857C57002F0\Servicing_Key	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\6E815EB96CCE9A53884E7857C57002F0\SourceList\LastUsedSource = "n;1;c:\\61558f471d565b5804dd\\"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{60810F1E-B89C-4497-911F-4647F86F00F1}\1.0\FLAGS	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\F603C2ED760AFE838BC630EDB430219F\6E815EB96CCE9A53884E7857C57002F0	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Installer\Products\6E815EB96CCE9A53884E7857C57002F0\SourceList	msiexec.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\6E815EB96CCE9A53884E7857C57002F0\SourceList\Net	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Installer\Features\6E815EB96CCE9A53884E7857C57002F0	msiexec.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Win32Assemblies\Global\Microsoft.VC90.ATL,version="9.0.30729.6161",publicKeyToken="1fc8b3b9a1e18e3b",processorArchitecture="x86",type="win32" = 5300530073002b005a0066007a00250039003500390027006e006a004d0066002c00350072002700460054005f00560043005f005200650064006900730074005f00410054004c005f007800380036003e00550029004600250024002a0025005a00370038002c005d007b002d007400430064004f003700310000000000	msiexec.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Win32Assemblies\Global\policy.9.0.Microsoft.VC90.ATL,version="9.0.30729.6161",publicKeyToken="1fc8b3b9a1e18e3b",processorArchitecture="x86",type="win32-policy" = 5300530073002b005a0066007a00250039003500390027006e006a004d0066002c00350072002700460054005f00560043005f005200650064006900730074005f00410054004c005f007800380036003e004e002e004b004300300068004d0064007b00340060006d002b00380039004f002e002e003100540000000000	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\6E815EB96CCE9A53884E7857C57002F0\VC_RED_enu_x86_net_SETUP	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\6E815EB96CCE9A53884E7857C57002F0\PackageCode = "B4E370007AE0BD84C914DF7A9EBB8493"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WiseVectorExt.WiseVectorScan.1\CLSID	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C49499AC-DC25-478B-B903-E005012B3DD1}\InprocServer32\ThreadingModel = "Apartment"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{24CF4FB6-2F9B-43CD-8B58-B9626AA5D593}\TypeLib	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{60810F1E-B89C-4497-911F-4647F86F00F1}\1.0\HELPDIR	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{60810F1E-B89C-4497-911F-4647F86F00F1}\1.0\HELPDIR\ = "C:\\Program Files (x86)\\WiseVector"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{24CF4FB6-2F9B-43CD-8B58-B9626AA5D593}\TypeLib	regsvr32.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\6E815EB96CCE9A53884E7857C57002F0\InstanceType = "0"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\6E815EB96CCE9A53884E7857C57002F0\AuthorizedLUAApp = "1"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\6E815EB96CCE9A53884E7857C57002F0\SourceList\Media	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{60810F1E-B89C-4497-911F-4647F86F00F1}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\WiseVectorScan\ = "{C49499AC-DC25-478B-B903-E005012B3DD1}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{24CF4FB6-2F9B-43CD-8B58-B9626AA5D593}\TypeLib\ = "{60810F1E-B89C-4497-911F-4647F86F00F1}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{24CF4FB6-2F9B-43CD-8B58-B9626AA5D593}\TypeLib\Version = "1.0"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\6E815EB96CCE9A53884E7857C57002F0\SourceList\Media\DiskPrompt = "[1]"	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Installer\Products\6E815EB96CCE9A53884E7857C57002F0	msiexec.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\6E815EB96CCE9A53884E7857C57002F0\SourceList	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C49499AC-DC25-478B-B903-E005012B3DD1}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{24CF4FB6-2F9B-43CD-8B58-B9626AA5D593}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\6E815EB96CCE9A53884E7857C57002F0\FT_VC_Redist_MFC_x86 = "VC_Redist_12222_x86_enu"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\6E815EB96CCE9A53884E7857C57002F0\FT_VC_Redist_MFCLOC_x86 = "VC_Redist_12222_x86_enu"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{24CF4FB6-2F9B-43CD-8B58-B9626AA5D593}\ProxyStubClsid32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{24CF4FB6-2F9B-43CD-8B58-B9626AA5D593}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C49499AC-DC25-478B-B903-E005012B3DD1}\ = "WiseVectorScan Class"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C49499AC-DC25-478B-B903-E005012B3DD1}\VersionIndependentProgID	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C49499AC-DC25-478B-B903-E005012B3DD1}\TypeLib	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\WiseVectorScan	regsvr32.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Win32Assemblies\Global\policy.9.0.Microsoft.VC90.MFCLOC,version="9.0.30729.6161",publicKeyToken="1fc8b3b9a1e18e3b",processorArchitecture="x86",type="win32-policy" = 5300530073002b005a0066007a00250039003500390027006e006a004d0066002c00350072002700460054005f00560043005f005200650064006900730074005f004d00460043004c004f0043005f007800380036003e0042005b00240070007200510032006f004d003800720048007b00720067003d00320065006e002e0000000000	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\6E815EB96CCE9A53884E7857C57002F0\Version = "151025673"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WiseVectorExt.WiseVectorScan.1	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WiseVectorExt.WiseVectorScan\CLSID\ = "{C49499AC-DC25-478B-B903-E005012B3DD1}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\WiseVectorScan\ = "{C49499AC-DC25-478B-B903-E005012B3DD1}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{24CF4FB6-2F9B-43CD-8B58-B9626AA5D593}\ = "IWiseVectorScan"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WiseVectorExt.WiseVectorScan\CurVer	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C49499AC-DC25-478B-B903-E005012B3DD1}\Programmable	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C49499AC-DC25-478B-B903-E005012B3DD1}\InprocServer32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C49499AC-DC25-478B-B903-E005012B3DD1}\InprocServer32\ = "C:\\Program Files (x86)\\WiseVector\\WiseVectorExt_X64.dll"	regsvr32.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Win32Assemblies\Global\Microsoft.VC90.CRT,version="9.0.30729.6161",publicKeyToken="1fc8b3b9a1e18e3b",processorArchitecture="x86",type="win32" = 5300530073002b005a0066007a00250039003500390027006e006a004d0066002c00350072002700460054005f00560043005f005200650064006900730074005f004300520054005f007800380036003e004b00520050005200400047006b006e005d0033003d002b004c00380047003600210061002e00490000000000	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\6E815EB96CCE9A53884E7857C57002F0\FT_VC_Redist_ATL_x86 = "VC_Redist_12222_x86_enu"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\6E815EB96CCE9A53884E7857C57002F0\AdvertiseFlags = "388"	msiexec.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\6E815EB96CCE9A53884E7857C57002F0\SourceList\Media	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{24CF4FB6-2F9B-43CD-8B58-B9626AA5D593}\ = "IWiseVectorScan"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{24CF4FB6-2F9B-43CD-8B58-B9626AA5D593}\ProxyStubClsid32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{24CF4FB6-2F9B-43CD-8B58-B9626AA5D593}\TypeLib\Version = "1.0"	regsvr32.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Win32Assemblies\Global\policy.9.0.Microsoft.VC90.OpenMP,version="9.0.30729.6161",publicKeyToken="1fc8b3b9a1e18e3b",processorArchitecture="x86",type="win32-policy" = 5300530073002b005a0066007a00250039003500390027006e006a004d0066002c00350072002700460054005f00560043005f005200650064006900730074005f004f00700065006e004d0050005f007800380036003e00690060003700480050004400240062002400350035007e004a007b00730074007e0029006200780000000000	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\6E815EB96CCE9A53884E7857C57002F0\DeploymentFlags = "3"	msiexec.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\6E815EB96CCE9A53884E7857C57002F0	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Folder\ShellEx\ContextMenuHandlers\WiseVectorScan\ = "{C49499AC-DC25-478B-B903-E005012B3DD1}"	regsvr32.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\F603C2ED760AFE838BC630EDB430219F	msiexec.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\6E815EB96CCE9A53884E7857C57002F0	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\WiseVectorScan	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\6E815EB96CCE9A53884E7857C57002F0\SourceList\Net	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\6E815EB96CCE9A53884E7857C57002F0\SourceList\Net\1 = "c:\\61558f471d565b5804dd\\"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C49499AC-DC25-478B-B903-E005012B3DD1}\VersionIndependentProgID\ = "WiseVectorExt.WiseVectorScan"	regsvr32.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

Processes:

WiseVector_Setup.exemsiexec.exeWiseVector.exeWiseVectorSvc.exe

pid	process
452	WiseVector_Setup.exe
452	WiseVector_Setup.exe
452	WiseVector_Setup.exe
452	WiseVector_Setup.exe
452	WiseVector_Setup.exe
452	WiseVector_Setup.exe
452	WiseVector_Setup.exe
452	WiseVector_Setup.exe
452	WiseVector_Setup.exe
1016	msiexec.exe
1016	msiexec.exe
740	WiseVector.exe
740	WiseVector.exe
740	WiseVector.exe
2032	WiseVectorSvc.exe
2032	WiseVectorSvc.exe
2032	WiseVectorSvc.exe
2032	WiseVectorSvc.exe
740	WiseVector.exe
2032	WiseVectorSvc.exe
2032	WiseVectorSvc.exe
2032	WiseVectorSvc.exe
2032	WiseVectorSvc.exe
2032	WiseVectorSvc.exe
740	WiseVector.exe
2032	WiseVectorSvc.exe
2032	WiseVectorSvc.exe
2032	WiseVectorSvc.exe
2032	WiseVectorSvc.exe
740	WiseVector.exe
2032	WiseVectorSvc.exe
2032	WiseVectorSvc.exe
2032	WiseVectorSvc.exe
2032	WiseVectorSvc.exe
2032	WiseVectorSvc.exe
740	WiseVector.exe
2032	WiseVectorSvc.exe
2032	WiseVectorSvc.exe
2032	WiseVectorSvc.exe
2032	WiseVectorSvc.exe
2032	WiseVectorSvc.exe
740	WiseVector.exe
2032	WiseVectorSvc.exe
2032	WiseVectorSvc.exe
2032	WiseVectorSvc.exe
2032	WiseVectorSvc.exe
740	WiseVector.exe
2032	WiseVectorSvc.exe
2032	WiseVectorSvc.exe
740	WiseVector.exe
2032	WiseVectorSvc.exe
2032	WiseVectorSvc.exe
2032	WiseVectorSvc.exe
740	WiseVector.exe
2032	WiseVectorSvc.exe
2032	WiseVectorSvc.exe
2032	WiseVectorSvc.exe
2032	WiseVectorSvc.exe
2032	WiseVectorSvc.exe
740	WiseVector.exe
2032	WiseVectorSvc.exe
2032	WiseVectorSvc.exe
2032	WiseVectorSvc.exe
2032	WiseVectorSvc.exe

Suspicious behavior: LoadsDriver 1 IoCs

Processes:

pid process

460

pid	process
460

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

install.exemsiexec.exe

description	pid	process
Token: SeShutdownPrivilege	736	install.exe
Token: SeIncreaseQuotaPrivilege	736	install.exe
Token: SeRestorePrivilege	1016	msiexec.exe
Token: SeTakeOwnershipPrivilege	1016	msiexec.exe
Token: SeSecurityPrivilege	1016	msiexec.exe
Token: SeCreateTokenPrivilege	736	install.exe
Token: SeAssignPrimaryTokenPrivilege	736	install.exe
Token: SeLockMemoryPrivilege	736	install.exe
Token: SeIncreaseQuotaPrivilege	736	install.exe
Token: SeMachineAccountPrivilege	736	install.exe
Token: SeTcbPrivilege	736	install.exe
Token: SeSecurityPrivilege	736	install.exe
Token: SeTakeOwnershipPrivilege	736	install.exe
Token: SeLoadDriverPrivilege	736	install.exe
Token: SeSystemProfilePrivilege	736	install.exe
Token: SeSystemtimePrivilege	736	install.exe
Token: SeProfSingleProcessPrivilege	736	install.exe
Token: SeIncBasePriorityPrivilege	736	install.exe
Token: SeCreatePagefilePrivilege	736	install.exe
Token: SeCreatePermanentPrivilege	736	install.exe
Token: SeBackupPrivilege	736	install.exe
Token: SeRestorePrivilege	736	install.exe
Token: SeShutdownPrivilege	736	install.exe
Token: SeDebugPrivilege	736	install.exe
Token: SeAuditPrivilege	736	install.exe
Token: SeSystemEnvironmentPrivilege	736	install.exe
Token: SeChangeNotifyPrivilege	736	install.exe
Token: SeRemoteShutdownPrivilege	736	install.exe
Token: SeUndockPrivilege	736	install.exe
Token: SeSyncAgentPrivilege	736	install.exe
Token: SeEnableDelegationPrivilege	736	install.exe
Token: SeManageVolumePrivilege	736	install.exe
Token: SeImpersonatePrivilege	736	install.exe
Token: SeCreateGlobalPrivilege	736	install.exe
Token: SeRestorePrivilege	1016	msiexec.exe
Token: SeTakeOwnershipPrivilege	1016	msiexec.exe
Token: SeRestorePrivilege	1016	msiexec.exe
Token: SeTakeOwnershipPrivilege	1016	msiexec.exe
Token: SeRestorePrivilege	1016	msiexec.exe
Token: SeTakeOwnershipPrivilege	1016	msiexec.exe
Token: SeRestorePrivilege	1016	msiexec.exe
Token: SeTakeOwnershipPrivilege	1016	msiexec.exe
Token: SeRestorePrivilege	1016	msiexec.exe
Token: SeTakeOwnershipPrivilege	1016	msiexec.exe
Token: SeRestorePrivilege	1016	msiexec.exe
Token: SeTakeOwnershipPrivilege	1016	msiexec.exe
Token: SeRestorePrivilege	1016	msiexec.exe
Token: SeTakeOwnershipPrivilege	1016	msiexec.exe
Token: SeRestorePrivilege	1016	msiexec.exe
Token: SeTakeOwnershipPrivilege	1016	msiexec.exe
Token: SeRestorePrivilege	1016	msiexec.exe
Token: SeTakeOwnershipPrivilege	1016	msiexec.exe
Token: SeRestorePrivilege	1016	msiexec.exe
Token: SeTakeOwnershipPrivilege	1016	msiexec.exe
Token: SeRestorePrivilege	1016	msiexec.exe
Token: SeTakeOwnershipPrivilege	1016	msiexec.exe
Token: SeRestorePrivilege	1016	msiexec.exe
Token: SeTakeOwnershipPrivilege	1016	msiexec.exe
Token: SeRestorePrivilege	1016	msiexec.exe
Token: SeTakeOwnershipPrivilege	1016	msiexec.exe
Token: SeRestorePrivilege	1016	msiexec.exe
Token: SeTakeOwnershipPrivilege	1016	msiexec.exe
Token: SeRestorePrivilege	1016	msiexec.exe
Token: SeTakeOwnershipPrivilege	1016	msiexec.exe

Suspicious use of FindShellTrayWindow 17 IoCs

Processes:

WiseVector.exe

pid	process
740	WiseVector.exe
740	WiseVector.exe
740	WiseVector.exe
740	WiseVector.exe
740	WiseVector.exe
740	WiseVector.exe
740	WiseVector.exe
740	WiseVector.exe
740	WiseVector.exe
740	WiseVector.exe
740	WiseVector.exe
740	WiseVector.exe
740	WiseVector.exe
740	WiseVector.exe
740	WiseVector.exe
740	WiseVector.exe
740	WiseVector.exe

Suspicious use of SendNotifyMessage 16 IoCs

Processes:

WiseVector.exe

pid	process
740	WiseVector.exe
740	WiseVector.exe
740	WiseVector.exe
740	WiseVector.exe
740	WiseVector.exe
740	WiseVector.exe
740	WiseVector.exe
740	WiseVector.exe
740	WiseVector.exe
740	WiseVector.exe
740	WiseVector.exe
740	WiseVector.exe
740	WiseVector.exe
740	WiseVector.exe
740	WiseVector.exe
740	WiseVector.exe

Suspicious use of SetWindowsHookEx 2 IoCs

Processes:

WiseVector.exe

pid process

740 WiseVector.exe
740 WiseVector.exe

Suspicious use of WriteProcessMemory 40 IoCs

Processes:

WiseVector_Setup.exevcredist_x86.exeregsvr32.exe

description	pid	process	target process
PID 452 wrote to memory of 1184	452	WiseVector_Setup.exe	vcredist_x86.exe
PID 452 wrote to memory of 1184	452	WiseVector_Setup.exe	vcredist_x86.exe
PID 452 wrote to memory of 1184	452	WiseVector_Setup.exe	vcredist_x86.exe
PID 452 wrote to memory of 1184	452	WiseVector_Setup.exe	vcredist_x86.exe
PID 452 wrote to memory of 1184	452	WiseVector_Setup.exe	vcredist_x86.exe
PID 452 wrote to memory of 1184	452	WiseVector_Setup.exe	vcredist_x86.exe
PID 452 wrote to memory of 1184	452	WiseVector_Setup.exe	vcredist_x86.exe
PID 1184 wrote to memory of 736	1184	vcredist_x86.exe	install.exe
PID 1184 wrote to memory of 736	1184	vcredist_x86.exe	install.exe
PID 1184 wrote to memory of 736	1184	vcredist_x86.exe	install.exe
PID 1184 wrote to memory of 736	1184	vcredist_x86.exe	install.exe
PID 1184 wrote to memory of 736	1184	vcredist_x86.exe	install.exe
PID 1184 wrote to memory of 736	1184	vcredist_x86.exe	install.exe
PID 1184 wrote to memory of 736	1184	vcredist_x86.exe	install.exe
PID 452 wrote to memory of 2044	452	WiseVector_Setup.exe	regsvr32.exe
PID 452 wrote to memory of 2044	452	WiseVector_Setup.exe	regsvr32.exe
PID 452 wrote to memory of 2044	452	WiseVector_Setup.exe	regsvr32.exe
PID 452 wrote to memory of 2044	452	WiseVector_Setup.exe	regsvr32.exe
PID 452 wrote to memory of 2044	452	WiseVector_Setup.exe	regsvr32.exe
PID 452 wrote to memory of 2044	452	WiseVector_Setup.exe	regsvr32.exe
PID 452 wrote to memory of 2044	452	WiseVector_Setup.exe	regsvr32.exe
PID 2044 wrote to memory of 512	2044	regsvr32.exe	regsvr32.exe
PID 2044 wrote to memory of 512	2044	regsvr32.exe	regsvr32.exe
PID 2044 wrote to memory of 512	2044	regsvr32.exe	regsvr32.exe
PID 2044 wrote to memory of 512	2044	regsvr32.exe	regsvr32.exe
PID 2044 wrote to memory of 512	2044	regsvr32.exe	regsvr32.exe
PID 2044 wrote to memory of 512	2044	regsvr32.exe	regsvr32.exe
PID 2044 wrote to memory of 512	2044	regsvr32.exe	regsvr32.exe
PID 452 wrote to memory of 1616	452	WiseVector_Setup.exe	WiseVectorService.exe
PID 452 wrote to memory of 1616	452	WiseVector_Setup.exe	WiseVectorService.exe
PID 452 wrote to memory of 1616	452	WiseVector_Setup.exe	WiseVectorService.exe
PID 452 wrote to memory of 1616	452	WiseVector_Setup.exe	WiseVectorService.exe
PID 452 wrote to memory of 2032	452	WiseVector_Setup.exe	WiseVectorSvc.exe
PID 452 wrote to memory of 2032	452	WiseVector_Setup.exe	WiseVectorSvc.exe
PID 452 wrote to memory of 2032	452	WiseVector_Setup.exe	WiseVectorSvc.exe
PID 452 wrote to memory of 2032	452	WiseVector_Setup.exe	WiseVectorSvc.exe
PID 452 wrote to memory of 740	452	WiseVector_Setup.exe	WiseVector.exe
PID 452 wrote to memory of 740	452	WiseVector_Setup.exe	WiseVector.exe
PID 452 wrote to memory of 740	452	WiseVector_Setup.exe	WiseVector.exe
PID 452 wrote to memory of 740	452	WiseVector_Setup.exe	WiseVector.exe

C:\Users\Admin\AppData\Local\Temp\WiseVector_Setup.exe
"C:\Users\Admin\AppData\Local\Temp\WiseVector_Setup.exe"
1⤵
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:452

C:\Program Files (x86)\WiseVector\tmp\vcredist_x86.exe
"C:\Program Files (x86)\WiseVector\tmp\vcredist_x86.exe" /q
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1184

\??\c:\61558f471d565b5804dd\install.exe
c:\61558f471d565b5804dd\.\install.exe /q
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of AdjustPrivilegeToken
PID:736

C:\Windows\SysWOW64\regsvr32.exe
"C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\WiseVector\WiseVectorExt_X64.dll"
2⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2044

C:\Windows\system32\regsvr32.exe
/s "C:\Program Files (x86)\WiseVector\WiseVectorExt_X64.dll"
3⤵
- Loads dropped DLL
- Modifies registry class
PID:512

C:\Program Files (x86)\WiseVector\WiseVectorService.exe
"C:\Program Files (x86)\WiseVector\WiseVectorService.exe" -i
2⤵
- Executes dropped EXE
PID:1616

C:\Program Files (x86)\WiseVector\WiseVectorSvc.exe
"C:\Program Files (x86)\WiseVector\WiseVectorSvc.exe"
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious behavior: EnumeratesProcesses
PID:2032

C:\Program Files (x86)\WiseVector\WiseVector.exe
"C:\Program Files (x86)\WiseVector\WiseVector.exe"
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:740

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
- Enumerates connected drives
- Drops file in Windows directory
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:1016

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\61558f471d565b5804dd\install.exe
MD5
4138c31964fbcb3b7418e086933324c3

SHA1
97cc6f58fb064ab6c4a2f02fb665fef77d30532f

SHA256
b72056fc3df6f46069294c243fe5006879bf4a9d8eef388369a590ca41745f29

SHA512
40cf2f35c3a944fca93d58d66465f0308197f5485381ff07d3065e0f59e94fc3834313068e4e5e5da395413ff2d3d1c3ff6fa050f2256e118972bf21a5643557

Download Submit
C:\Program Files (x86)\WiseVector\Eg.dll
MD5
ad34d70217e3bd890f485ccea872ed9b

SHA1
aa8531c8a83a3298c2c6792ad826d67ef5f79950

SHA256
2125c35ead9281b8d1ce475abd89fe5a9bd108720f3ee2318d904fdac26d5d38

SHA512
09e05b7f62826bfcd6b4eeecd5c84f5675d4b887a538ecadbed24e1cd2fb4363f7dc87eba6959648c4d4d17dfb89e5d8c8c25ed81fd768d2f9a9740c8925aaea

Download Submit
C:\Program Files (x86)\WiseVector\EgAddtionalHelper.dll
MD5
b486326f7d16c0373fee6e7a20cf2b15

SHA1
03bfdea3bb892a00ac75153d946902b7908f16d0

SHA256
43a6e1c08964e709d934192d8485609922abe9772424ecac9c7ec451b3ea7cbd

SHA512
f3d715306b91b667ecd7c45855739b03ecfd924ff0bdfa188d5a8bbdd6ca73d273afb3de6d9585eaddb6d4159eeb43114b5ac0f0ea0aea2cbf0c08e63df46322

Download Submit
C:\Program Files (x86)\WiseVector\EgHelperOne.dll
MD5
72ed5b0c1fd49dbe441b8f3c76b34271

SHA1
40091faf48b0f174936b2d942862a509d62e28e8

SHA256
8cfb6a5677b0b012fd0bbac8acacc98e097853c26a64547888c762ff70179b6f

SHA512
14bc13c95e85802861220a06fd3fe861028f777c8536ad460c0622a389b045e9bac6d6241113a304396fe861805affa18637a91fd029de54895ec90dea50dd91

Download Submit
C:\Program Files (x86)\WiseVector\EgHelperThree.dll
MD5
d1bbbb3ab51049deb5143aaa593131bb

SHA1
0d7a2812e258ffd6585982350e1246382dd86463

SHA256
47afad03a77ec17621fd688ecc4d160347363adf9890f98db90a3057005568dc

SHA512
5ee3d453ccaf822a23227782c85573feed84c2276e5cb2c46cf4dfa727a21f8286c53984a7905eee54feefeffa59b668edd09e3a275588ba031ae4526ef09121

Download Submit
C:\Program Files (x86)\WiseVector\EgHelperTwo.dll
MD5
ee10816a9b0e6fe7c504e59c5e01c947

SHA1
a8de2dc9fec813cfedecff0431ba64666aed7a8f

SHA256
3ceb8aeaa245fbf1c6afa10bf0362f1c0ddb178e9a592eb2ccb81919728a5061

SHA512
548e23b359784ffe3232e69894ebc6b8d63062c96931b4e6fa3a1565e75424aaaa6a30ec487aff9b5b74e194d866bdc35ba554dc82d6b29a6e5299df1168db33

Download Submit
C:\Program Files (x86)\WiseVector\VCOMP120.DLL
MD5
27bc360d67f269a61bb052e10c9fceeb

SHA1
8d81406c8dd3ed8894d8aee07dd718dcfd2035c5

SHA256
fc12360ff09830bf08b7a2a238016eea2b9e9475cbea4c22043b264e76b3420c

SHA512
2807af25e00ea11c0acfae20d44ee0f02b2331c469f14f5d42814805ae16b7b2a11fbcd7f9046f3e11adc434133057dadab62beca63eb70793fd755f3f827755

Download Submit
C:\Program Files (x86)\WiseVector\WiseVectorExt_X64.dll
MD5
fdea85a1f81fee19e6481060757e0d4e

SHA1
9d6b99d75873f44bb155db3a3ec50a1f66cf6fd4

SHA256
dd2a3b68994ffb5b5e84d2cf9171ada5d0be41f49ae756f7f08c7285c1ff3e8d

SHA512
2474bed7a5890d9746c664916cf756d022373351ac7ae994d3601ca902be9ceda454c56a97c11824c2891d4e08214b2df85cf830298da0a0d690bc46872582db

Download Submit
C:\Program Files (x86)\WiseVector\WiseVectorService.exe
MD5
5d60ea055299fa16d6b19d28e486796d

SHA1
f8f8e509b0dabf2840e0b76dfcbf21dd481b1148

SHA256
bdf797a309e2323efe4ae8177a7f80892e66a85c406b7316012076a9da6069d0

SHA512
421f21e0afe090ee8788cb28ecb4fa238f2accf01e4c2da1ac12a0c0b796a92fec3339c977bf6564366ab1816708d708826c4c2ec774fde736c28ae4128e4a45

Download Submit
C:\Program Files (x86)\WiseVector\WiseVectorSvc.exe
MD5
acbbe91e9e827ac17787c59bcc279a87

SHA1
ffd2d339fad34bbea0291ce4990f62c2037cdcec

SHA256
13b1a4819e7e448ff87661be094c7858f1ff45ac2268c7ce5916f82879ca723e

SHA512
7c299096ff3c5c69931bb6dcc3323bd90424316a363e0f27f1fe4025edc61121765c8a4a40270ad4619a0038ec03f505b7ae834471f3794db502bcec2e8d3abc

Download Submit
C:\Program Files (x86)\WiseVector\cfg\rec.de
MD5
71dcc3adca18496aeb2e770892059d3b

SHA1
ea9ef2e41fbf8c65d76ce800f6ab3b17d0204d99

SHA256
e672e13d4530d1dc4c1ba6d470fc0815147e7b2082a4a576af62451c7d65081f

SHA512
5c76b3a787bddef00cbce3de407d24705aab34c30420bc088877b30298f52ef1fd23ab35708bdce39e6199f039c26f24b453f3b640911e14f8b96df2eea90635

Download Submit
C:\Program Files (x86)\WiseVector\dat\a.mtk
MD5
8ec853391f698d49bca55ffde2e27332

SHA1
acb3f75b295bbaa701143140bb35875dd9881617

SHA256
f3fde2d39a173be70743ad179305a593b22b31fdf41ed66e0c2fec8a9e4ef5e0

SHA512
e769d1f63a72acd0a9df2059d2c3b49495cd2745df693e8de0947c9b69f88c465865f4765e95ed2352e9f044d94d14f6a78458028c3b91a9ba07c26efd220cbd

Download Submit
C:\Program Files (x86)\WiseVector\dat\d.mtk
MD5
1eb4b566b37402fa85e80c35130e1ac1

SHA1
a4288a77f7c95aca52d7bb73fe1aac71adf1e4e9

SHA256
76b198ff9e6f8467023f5a46a5f0e56434843988b842a95c9ef40defbc2796e5

SHA512
77ea8945f50abfbbc7d5279fc3c20d8faa255adbb9ddac1d2d8454cb6fa46b2d67b67a71d09f1b75c31ada0b95fd75253b66b7a237166f4ccabdb0fb0cbb61d4

Download Submit
C:\Program Files (x86)\WiseVector\dat\do.mtk
MD5
1ab96f2c85f9b09b9052507999278a59

SHA1
589ce154db55f89aab5f79581dc8f4a3fed1cc9a

SHA256
f2c389e56af07aa77d8d2cafbba294c1691a7d4a307d67bbcabe2c06a21c8330

SHA512
b3a131240af357fb7bd50f4a8ed34b878ed30c6347e31bdbfcf0676b37f55c8a76990fc44f7274dbb0be813ae04742c66a8140b99a2f4a1abc148696ea3efe1f

Download Submit
C:\Program Files (x86)\WiseVector\dat\local.de
MD5
e18b45a7e66ffaeeec0d311b281d110c

SHA1
0c5668cc4d55f243744c32ce7b697a6ff57e1a3a

SHA256
d147de634fcf976d5c88c16721f5862f5fcd897a24b3f9b3d2ec90d38b213fc6

SHA512
2dcad1b7f6972d42e2d32177cc9d669f8e74d25130420fa97de2c6e2c6fd83af08c0d58accd3245f8231435a36dff67cbfacf6b1b9df9a8077cbb2f0f65f44d0

Download Submit
C:\Program Files (x86)\WiseVector\dat\o.mtk
MD5
6676d658477e2011da62b54baca85c62

SHA1
6b1d88f2e9a9e066a61c0ce65a4d8b472f9d5790

SHA256
2e82c55879fc3191be182c00c7cb2532728e67c3ae661dbc40ec86578ab97128

SHA512
4a550bbf86f82d831cdfe289b4f9d2f82773d085c4b069f7df4636558a5a865e310fe81f61c35d5135c1dae01cc32fcfeff830facac7e1fcc9f79014e5917b30

Download Submit
C:\Program Files (x86)\WiseVector\dat\p.mtk
MD5
f1d812e92896e3f29ee47f097c61a51c

SHA1
b498ab3791c5d79b0e033ab2b198f93ea59f6c10

SHA256
f43c9799d596b7cffdf26383480381c034d6752f0da45cbca7d4069e50383e85

SHA512
d0345004b8e6403626539eaa8f2a429695a6b716d2f77516c11c57fdbda4d668dc06ea9e11351abadee7f353e6a860e3a819f5697a8b992debf810ff1171eb95

Download Submit
C:\Program Files (x86)\WiseVector\dat\pa.mtk
MD5
a281e612c64c95de03865021b25104e8

SHA1
301a42a48f275f0b510f7ff20667114e2388ce66

SHA256
00c23cd7d99fccca5c949b76f1396f18f4d2cc7c7e1e8ccf1c99761f8f0f2b37

SHA512
5afac30495139af018a6545eb35ec37e7bbd901041a0fc92292a87374e8a30c22636f9434b9e9e05bca606ca0328171ed5d2fb87aab6e4509740ef7b3bd9cdbd

Download Submit
C:\Program Files (x86)\WiseVector\dat\po.mtk
MD5
c296ef53886e8df8bc93fa628b654754

SHA1
5ca45ea0a963e3ffc2698f86b64d2efb7d0ef789

SHA256
d2274d141c6fd564fbbff99ac3b2b0f3888516213dbf3fbfb2fcda7f7b732c99

SHA512
7eb4e491cf8fb90046f82f09bddb6f0e28a2d18fb1bd0d0da0fc04ee4890a23d0c0e112945ad774f2d8b7d5bd76aeb992dca2887f7dad07a1ec4a12649278e58

Download Submit
C:\Program Files (x86)\WiseVector\dat\pp.mtk
MD5
2c029b9b0bfc0955100072feb6604ebf

SHA1
935597fae028ec34d63ea9164f85a6d6984e6add

SHA256
d1b1bab1b8daab5b176b762a636b9f639bb19b479e15d4d1e5acd8e634ff54ff

SHA512
30d665e8e6743ecb30b01c02f766e4f26a195498acd6cd941b585e4da15e17d758f36c7b59bff2099651cdcccb38bce08a5c1c5155702bf552919053647067a4

Download Submit
C:\Program Files (x86)\WiseVector\dat\ppo.mtk
MD5
8483251df503bd8cad884e424d813484

SHA1
5703ac913fde03fecb943c029e83c78a5ca84e9d

SHA256
548ee6916c1b3f1d9ebb40b5f0c27e2c329d55f8732b2d39cf025656798193fa

SHA512
d9f9e7b2fba244a4eedbe266690797ef1942e6802e5eddee447963a05915a671c2465f781387b0ea642ea7503d824fbf5d911a824768e430d38162619475ea7e

Download Submit
C:\Program Files (x86)\WiseVector\dat\u.mtk
MD5
4b5aebe2237fd3db2b1fa5c3b933c659

SHA1
f0fbe47df03cb2489fcf41838724612739a06529

SHA256
0333b6b24cc47f4422d95678495147b35f3cc437e8f92b27a5205ddb7e4aa2b9

SHA512
a3a10c2b770137c777ae844861f557b2212c5193e45d3e5bb994fda1b640240ac2c214c1369d9104ee42012b2e6549f215b8b2cb48b2a9241164aeea5a508571

Download Submit
C:\Program Files (x86)\WiseVector\dat\uo.mtk
MD5
d0cc9439ba0e94e6f8c896a11897f14d

SHA1
3a165afc71a89e895b41c565abf10d90728f41a5

SHA256
066a74d9728fb7b5f1572b07bd33261891b71625662540e827115d5538a04f61

SHA512
6c5a7d23c14bdf2b4e0b07d65734dcba44a31ec588f0c7007a58e72b9eb02fa87786beb62beaaedc4c845851b0c8286c0ad9551c0540b2772afc2762d802b22b

Download Submit
C:\Program Files (x86)\WiseVector\dat\v.mtk
MD5
d3ba7a8a65e44af5a9080adbcfb2ba10

SHA1
4381a16cb618266475bb21ab2e2c11e7e6ac3df1

SHA256
461c634ff8e26ad9b42e10075713dae9906fcefbb2266a33a2774fcbd96b84ce

SHA512
e344085d11cef587e6ea9aa3b1d9a24751ee188422ecf3b964aa1019af70be03d2a3112bb4d4e0428da7aae352a659d6bcad84179015806cb1223b99185878a9

Download Submit
C:\Program Files (x86)\WiseVector\lang\english.dat
MD5
1a7da7e2c4824f86017afb49548ee113

SHA1
79f78d895a3151973b5a6b7ba0d39234896f6eaa

SHA256
e616a32ca4a81baa3158746c4bfcd6c631697afc77af537dd1bb461ab40e97b0

SHA512
e096c6c2a821dea3f557a6e9eb82814bbadc01c88fb4004f959cafde653b417ff7865f4ca734bac04e43e23d52d0c9c2c6a54464a6e42cda3e105972915a1391

Download Submit
C:\Program Files (x86)\WiseVector\libcrypto-1_1.dll
MD5
07827fe7caab1fe3afef23cda7b51478

SHA1
6618cccbda50c921260eaa56afe502153156bcfe

SHA256
16be78b4ebaa90cd1ee7f18983fef4e7a81910d63e34afc66fa877d72f510501

SHA512
8366ccda02e43d953248bb04388ecc283911ebd857a6d1bd0eafde615890660eff48988882ec3d7044b70c2f2919b3ad9e9243d0884d03e27e1a4c9121e7b706

Download Submit
C:\Program Files (x86)\WiseVector\python27.dll
MD5
ffc6f8636ed28f50b4a509f21658dfb2

SHA1
b302af28714af84a498e14fa61e1173008245c6b

SHA256
58159c2b3b27e60a533401b516b0f4f71bab420f2650cfc620a5134209106787

SHA512
d795f52ccb6e949da5455cee4a5f763ca64de9472a1a1e87a3c80e611c2393762ec74107aac85e3fa9660d547d6b1afe281da286abe4fc7de3607fea420b09a6

Download Submit
C:\Program Files (x86)\WiseVector\tmp\vcredist_x86.exe
MD5
35da2bf2befd998980a495b6f4f55e60

SHA1
470640aa4bb7db8e69196b5edb0010933569e98d

SHA256
6b3e4c51c6c0e5f68c8a72b497445af3dbf976394cbb62aa23569065c28deeb6

SHA512
bf630667c87b8f10ef85b61f2f379d7ce24124618b999babfec8e2df424eb494b8f1bf0977580810dff5124d4dbdec9539ff53e0dc14625c076fa34dfe44e3f2

Download Submit
C:\Program Files (x86)\WiseVector\tmp\vcredist_x86.exe
MD5
35da2bf2befd998980a495b6f4f55e60

SHA1
470640aa4bb7db8e69196b5edb0010933569e98d

SHA256
6b3e4c51c6c0e5f68c8a72b497445af3dbf976394cbb62aa23569065c28deeb6

SHA512
bf630667c87b8f10ef85b61f2f379d7ce24124618b999babfec8e2df424eb494b8f1bf0977580810dff5124d4dbdec9539ff53e0dc14625c076fa34dfe44e3f2

Download Submit
C:\Program Files (x86)\WiseVector\wvsetting.ini
MD5
a5672147ae13c18bf0b31873a2828f55

SHA1
38e89d83a9d74513c501b97b138fcfafa23ec226

SHA256
65f85908095b37a852d69bd279d1ad73141400cd7bceee131ce9a1bbe6dce40f

SHA512
bb210cf7d377a787990f61b1dc988f40cb591d0a230c4b2c2215850a75f4e1173cc3f10aba1bb57329865512f61e9575eee2b057c8c473e33a42e9904ca71bf1

Download Submit
C:\Users\Admin\AppData\Local\Temp\dd_vcredistMSI3FA7.txt
MD5
cfe496f83789c6e78fafb41d70eb2d70

SHA1
f816a1f5608df533663875c6f6495ec5aa7db99d

SHA256
df2faef28af01133c05d1c687c694e1cf11ba21e924de4b57fb0e430bb20e6c4

SHA512
c9a4410c8a36137400532ecf391698c7123f326e4845806e15dfdfaee9a6839531663000040d7632445ea9a2b22c91e80f9b9060aeaacf943f86a13a2f5791ca

Download Submit
\61558f471d565b5804dd\install.exe
MD5
4138c31964fbcb3b7418e086933324c3

SHA1
97cc6f58fb064ab6c4a2f02fb665fef77d30532f

SHA256
b72056fc3df6f46069294c243fe5006879bf4a9d8eef388369a590ca41745f29

SHA512
40cf2f35c3a944fca93d58d66465f0308197f5485381ff07d3065e0f59e94fc3834313068e4e5e5da395413ff2d3d1c3ff6fa050f2256e118972bf21a5643557

Download Submit
\61558f471d565b5804dd\install.res.1033.dll
MD5
ff6003014eefc9c30abe20e3e1f5fbe8

SHA1
4a5bd05f94545f01efc10232385b8fecad300678

SHA256
a522c5ea3250cdd538a9ce7b4a06dfd5123e7eb05eef67509f2b975a8e1d3067

SHA512
3adc5c705bab7fa7b50517a5eb3301491f5150b56e1088ed436590458e963da204cd1875af75db89742403476a56a94c3f425c05327767bdb4bbee4859667ac2

Download Submit
\??\c:\61558f471d565b5804dd\globdata.ini
MD5
0a6b586fabd072bd7382b5e24194eac7

SHA1
60e3c7215c1a40fbfb3016d52c2de44592f8ca95

SHA256
7912e3fcf2698cf4f8625e563cd8215c6668739cae18bd6f27af2d25bec5c951

SHA512
b96b0448e9f0e94a7867b6bb103979e9ef2c0e074bcb85988d450d63de6edcf21dc83bb154aafb7de524af3c3734f0bb1ba649db0408612479322e1aa85be9f4

Download Submit
\??\c:\61558f471d565b5804dd\install.ini
MD5
f8f6c0e030cb622f065fe47d61da91d7

SHA1
cf6fa99747de8f35c6aea52df234c9c57583baa3

SHA256
c16727881c47a40077dc5a1f1ea71cbb28e3f4e156c0ae7074c6d7f5ecece21d

SHA512
b70c6d67dac5e6a0dbd17e3bcf570a95914482abad20d0304c02da22231070b4bc887720dbae972bc5066457e1273b68fde0805f1c1791e9466a5ca343485cde

Download Submit
\??\c:\61558f471d565b5804dd\install.res.1033.dll
MD5
ff6003014eefc9c30abe20e3e1f5fbe8

SHA1
4a5bd05f94545f01efc10232385b8fecad300678

SHA256
a522c5ea3250cdd538a9ce7b4a06dfd5123e7eb05eef67509f2b975a8e1d3067

SHA512
3adc5c705bab7fa7b50517a5eb3301491f5150b56e1088ed436590458e963da204cd1875af75db89742403476a56a94c3f425c05327767bdb4bbee4859667ac2

Download Submit
\??\c:\61558f471d565b5804dd\vc_red.cab
MD5
0ee84ab717bc400c5e96c8d9d329fbb0

SHA1
be4ba7bbb068c7256b70f4fd7634eaeb2ad04d0a

SHA256
461d575bc1a07f64c14f1da885d2f310bd282cbbedcd0a5cf8ffa7057411805d

SHA512
4a6b0619f471a51df09fb6c1eff4ed166cdb7ef57f79ffdf709fa952a7c2a176c338084689c8ace1a94024a24579e9ee0ab6d411c25a1b42b0f517c57749d1a2

Download Submit
\??\c:\61558f471d565b5804dd\vc_red.msi
MD5
7e641e6a0b456271745c20c3bb8a18f9

SHA1
ae6cedcb81dc443611a310140ae4671789dbbf3a

SHA256
34c5e7d7ea270ee67f92d34843d89603d6d3b6d9ef5247b43ae3c59c909d380d

SHA512
f67d6bf69d094edcc93541332f31b326131ff89672edb30fd349def6952ad8bfd07dc2f0ca5967b48a7589eee5b7a14b9a2c1ebe0cba4ae2324f7957090ea903

Download Submit
\Program Files (x86)\WiseVector\Eg.dll
MD5
ad34d70217e3bd890f485ccea872ed9b

SHA1
aa8531c8a83a3298c2c6792ad826d67ef5f79950

SHA256
2125c35ead9281b8d1ce475abd89fe5a9bd108720f3ee2318d904fdac26d5d38

SHA512
09e05b7f62826bfcd6b4eeecd5c84f5675d4b887a538ecadbed24e1cd2fb4363f7dc87eba6959648c4d4d17dfb89e5d8c8c25ed81fd768d2f9a9740c8925aaea

Download Submit
\Program Files (x86)\WiseVector\EgAddtionalHelper.dll
MD5
b486326f7d16c0373fee6e7a20cf2b15

SHA1
03bfdea3bb892a00ac75153d946902b7908f16d0

SHA256
43a6e1c08964e709d934192d8485609922abe9772424ecac9c7ec451b3ea7cbd

SHA512
f3d715306b91b667ecd7c45855739b03ecfd924ff0bdfa188d5a8bbdd6ca73d273afb3de6d9585eaddb6d4159eeb43114b5ac0f0ea0aea2cbf0c08e63df46322

Download Submit
\Program Files (x86)\WiseVector\EgHelperOne.dll
MD5
72ed5b0c1fd49dbe441b8f3c76b34271

SHA1
40091faf48b0f174936b2d942862a509d62e28e8

SHA256
8cfb6a5677b0b012fd0bbac8acacc98e097853c26a64547888c762ff70179b6f

SHA512
14bc13c95e85802861220a06fd3fe861028f777c8536ad460c0622a389b045e9bac6d6241113a304396fe861805affa18637a91fd029de54895ec90dea50dd91

Download Submit
\Program Files (x86)\WiseVector\EgHelperThree.dll
MD5
d1bbbb3ab51049deb5143aaa593131bb

SHA1
0d7a2812e258ffd6585982350e1246382dd86463

SHA256
47afad03a77ec17621fd688ecc4d160347363adf9890f98db90a3057005568dc

SHA512
5ee3d453ccaf822a23227782c85573feed84c2276e5cb2c46cf4dfa727a21f8286c53984a7905eee54feefeffa59b668edd09e3a275588ba031ae4526ef09121

Download Submit
\Program Files (x86)\WiseVector\EgHelperTwo.dll
MD5
ee10816a9b0e6fe7c504e59c5e01c947

SHA1
a8de2dc9fec813cfedecff0431ba64666aed7a8f

SHA256
3ceb8aeaa245fbf1c6afa10bf0362f1c0ddb178e9a592eb2ccb81919728a5061

SHA512
548e23b359784ffe3232e69894ebc6b8d63062c96931b4e6fa3a1565e75424aaaa6a30ec487aff9b5b74e194d866bdc35ba554dc82d6b29a6e5299df1168db33

Download Submit
\Program Files (x86)\WiseVector\WiseVector.exe
MD5
18f3ce450380813b10d86dff2281c610

SHA1
c692e9171ada19cbcbed162e81b988d5dc5f35a3

SHA256
a1e0b7611255d8ab251246ead6a7449ffdffdf85c296c62d62870e749d2772c7

SHA512
3945d5fce2a59f8ce0f9125b9ce83f13187cd3c5a45ef38ca9c5a8d4e07ae6e9c7fa6beb36a6e68f6fc232e82793c0aeebe3821f56fc8184888b50204372d595

Download Submit
\Program Files (x86)\WiseVector\WiseVector.exe
MD5
18f3ce450380813b10d86dff2281c610

SHA1
c692e9171ada19cbcbed162e81b988d5dc5f35a3

SHA256
a1e0b7611255d8ab251246ead6a7449ffdffdf85c296c62d62870e749d2772c7

SHA512
3945d5fce2a59f8ce0f9125b9ce83f13187cd3c5a45ef38ca9c5a8d4e07ae6e9c7fa6beb36a6e68f6fc232e82793c0aeebe3821f56fc8184888b50204372d595

Download Submit
\Program Files (x86)\WiseVector\WiseVectorExt_X64.dll
MD5
fdea85a1f81fee19e6481060757e0d4e

SHA1
9d6b99d75873f44bb155db3a3ec50a1f66cf6fd4

SHA256
dd2a3b68994ffb5b5e84d2cf9171ada5d0be41f49ae756f7f08c7285c1ff3e8d

SHA512
2474bed7a5890d9746c664916cf756d022373351ac7ae994d3601ca902be9ceda454c56a97c11824c2891d4e08214b2df85cf830298da0a0d690bc46872582db

Download Submit
\Program Files (x86)\WiseVector\WiseVectorExt_X64.dll
MD5
fdea85a1f81fee19e6481060757e0d4e

SHA1
9d6b99d75873f44bb155db3a3ec50a1f66cf6fd4

SHA256
dd2a3b68994ffb5b5e84d2cf9171ada5d0be41f49ae756f7f08c7285c1ff3e8d

SHA512
2474bed7a5890d9746c664916cf756d022373351ac7ae994d3601ca902be9ceda454c56a97c11824c2891d4e08214b2df85cf830298da0a0d690bc46872582db

Download Submit
\Program Files (x86)\WiseVector\WiseVectorService.exe
MD5
5d60ea055299fa16d6b19d28e486796d

SHA1
f8f8e509b0dabf2840e0b76dfcbf21dd481b1148

SHA256
bdf797a309e2323efe4ae8177a7f80892e66a85c406b7316012076a9da6069d0

SHA512
421f21e0afe090ee8788cb28ecb4fa238f2accf01e4c2da1ac12a0c0b796a92fec3339c977bf6564366ab1816708d708826c4c2ec774fde736c28ae4128e4a45

Download Submit
\Program Files (x86)\WiseVector\WiseVectorSvc.exe
MD5
acbbe91e9e827ac17787c59bcc279a87

SHA1
ffd2d339fad34bbea0291ce4990f62c2037cdcec

SHA256
13b1a4819e7e448ff87661be094c7858f1ff45ac2268c7ce5916f82879ca723e

SHA512
7c299096ff3c5c69931bb6dcc3323bd90424316a363e0f27f1fe4025edc61121765c8a4a40270ad4619a0038ec03f505b7ae834471f3794db502bcec2e8d3abc

Download Submit
\Program Files (x86)\WiseVector\libcrypto-1_1.dll
MD5
07827fe7caab1fe3afef23cda7b51478

SHA1
6618cccbda50c921260eaa56afe502153156bcfe

SHA256
16be78b4ebaa90cd1ee7f18983fef4e7a81910d63e34afc66fa877d72f510501

SHA512
8366ccda02e43d953248bb04388ecc283911ebd857a6d1bd0eafde615890660eff48988882ec3d7044b70c2f2919b3ad9e9243d0884d03e27e1a4c9121e7b706

Download Submit
\Program Files (x86)\WiseVector\python27.dll
MD5
ffc6f8636ed28f50b4a509f21658dfb2

SHA1
b302af28714af84a498e14fa61e1173008245c6b

SHA256
58159c2b3b27e60a533401b516b0f4f71bab420f2650cfc620a5134209106787

SHA512
d795f52ccb6e949da5455cee4a5f763ca64de9472a1a1e87a3c80e611c2393762ec74107aac85e3fa9660d547d6b1afe281da286abe4fc7de3607fea420b09a6

Download Submit
\Program Files (x86)\WiseVector\tmp\vcredist_x86.exe
MD5
35da2bf2befd998980a495b6f4f55e60

SHA1
470640aa4bb7db8e69196b5edb0010933569e98d

SHA256
6b3e4c51c6c0e5f68c8a72b497445af3dbf976394cbb62aa23569065c28deeb6

SHA512
bf630667c87b8f10ef85b61f2f379d7ce24124618b999babfec8e2df424eb494b8f1bf0977580810dff5124d4dbdec9539ff53e0dc14625c076fa34dfe44e3f2

Download Submit
\Program Files (x86)\WiseVector\uninst.exe
MD5
7d0b6973dfd947bdb577223bef9d9ca0

SHA1
64ed03b0d022964514ff08c4959b65a65c9ce2cc

SHA256
da94db2ecb78d0d0e9073597e4582051bd3ab278eb646bf20e15609561f79ecb

SHA512
50b934d26f149dddfb2a72b91bc8f12e1a5303e2adfee39f24121f379b88c6e827ba86af37f042e4fb4c182eca0f0d326c0e2e79f827c1573e10e73be9724f4a

Download Submit
\Program Files (x86)\WiseVector\vcomp120.dll
MD5
27bc360d67f269a61bb052e10c9fceeb

SHA1
8d81406c8dd3ed8894d8aee07dd718dcfd2035c5

SHA256
fc12360ff09830bf08b7a2a238016eea2b9e9475cbea4c22043b264e76b3420c

SHA512
2807af25e00ea11c0acfae20d44ee0f02b2331c469f14f5d42814805ae16b7b2a11fbcd7f9046f3e11adc434133057dadab62beca63eb70793fd755f3f827755

Download Submit
\Users\Admin\AppData\Local\Temp\nsc983.tmp\BgWorker.dll
MD5
33ec04738007e665059cf40bc0f0c22b

SHA1
4196759a922e333d9b17bda5369f14c33cd5e3bc

SHA256
50f735ab8f3473423e6873d628150bbc0777be7b4f6405247cddf22bb00fb6be

SHA512
2318b01f0c2f2f021a618ca3e6e5c24a94df5d00154766b77160203b8b0a177c8581c7b688ffe69be93a69bc7fd06b8a589844d42447f5060fb4bcf94d8a9aef

Download Submit
\Users\Admin\AppData\Local\Temp\nsc983.tmp\BgWorker.dll
MD5
33ec04738007e665059cf40bc0f0c22b

SHA1
4196759a922e333d9b17bda5369f14c33cd5e3bc

SHA256
50f735ab8f3473423e6873d628150bbc0777be7b4f6405247cddf22bb00fb6be

SHA512
2318b01f0c2f2f021a618ca3e6e5c24a94df5d00154766b77160203b8b0a177c8581c7b688ffe69be93a69bc7fd06b8a589844d42447f5060fb4bcf94d8a9aef

Download Submit
\Users\Admin\AppData\Local\Temp\nsc983.tmp\BgWorker.dll
MD5
33ec04738007e665059cf40bc0f0c22b

SHA1
4196759a922e333d9b17bda5369f14c33cd5e3bc

SHA256
50f735ab8f3473423e6873d628150bbc0777be7b4f6405247cddf22bb00fb6be

SHA512
2318b01f0c2f2f021a618ca3e6e5c24a94df5d00154766b77160203b8b0a177c8581c7b688ffe69be93a69bc7fd06b8a589844d42447f5060fb4bcf94d8a9aef

Download Submit
\Users\Admin\AppData\Local\Temp\nsc983.tmp\System.dll
MD5
bf712f32249029466fa86756f5546950

SHA1
75ac4dc4808ac148ddd78f6b89a51afbd4091c2e

SHA256
7851cb12fa4131f1fee5de390d650ef65cac561279f1cfe70ad16cc9780210af

SHA512
13f69959b28416e0b8811c962a49309dca3f048a165457051a28a3eb51377dcaf99a15e86d7eee8f867a9e25ecf8c44da370ac8f530eeae7b5252eaba64b96f4

Download Submit
\Users\Admin\AppData\Local\Temp\nsc983.tmp\System.dll
MD5
bf712f32249029466fa86756f5546950

SHA1
75ac4dc4808ac148ddd78f6b89a51afbd4091c2e

SHA256
7851cb12fa4131f1fee5de390d650ef65cac561279f1cfe70ad16cc9780210af

SHA512
13f69959b28416e0b8811c962a49309dca3f048a165457051a28a3eb51377dcaf99a15e86d7eee8f867a9e25ecf8c44da370ac8f530eeae7b5252eaba64b96f4

Download Submit
\Users\Admin\AppData\Local\Temp\nsc983.tmp\nsNiuniuSkin.dll
MD5
00b5a327b44faaaf7fc373176cd454ed

SHA1
e58ea8e7de259f5d577c01eeac28cc8f72b65094

SHA256
f125ed6489f16f1681ea92e30f6670f72e0951cd7948df9a043e04ee512ccbeb

SHA512
a7c5955652e1dd6f33e6596f0861a2127e4a259ae7abd256a44b3ffc36c1861e29fe3e9a2b60aa5a0230430411c737ef2b2e9170e4f0f42f737039451326340a

Download Submit
\Users\Admin\AppData\Local\Temp\nsc983.tmp\nsProcess.dll
MD5
88d3e48d1c1a051c702d47046ade7b4c

SHA1
8fc805a8b7900b6ba895d1b809a9f3ad4c730d23

SHA256
51da07da18a5486b11e0d51ebff77a3f2fcbb4d66b5665d212cc6bda480c4257

SHA512
83299dd948b40b4e2c226256d018716dbacfa739d8e882131c7f4c028c0913bc4ed9d770deb252931f3d4890f8f385bd43dcf2a5bfe5b922ec35f4b3144247a7

Download Submit
\Users\Admin\AppData\Local\Temp\nsc983.tmp\nsProcess.dll
MD5
88d3e48d1c1a051c702d47046ade7b4c

SHA1
8fc805a8b7900b6ba895d1b809a9f3ad4c730d23

SHA256
51da07da18a5486b11e0d51ebff77a3f2fcbb4d66b5665d212cc6bda480c4257

SHA512
83299dd948b40b4e2c226256d018716dbacfa739d8e882131c7f4c028c0913bc4ed9d770deb252931f3d4890f8f385bd43dcf2a5bfe5b922ec35f4b3144247a7

Download Submit
\Users\Admin\AppData\Local\Temp\nsc983.tmp\nsProcess.dll
MD5
88d3e48d1c1a051c702d47046ade7b4c

SHA1
8fc805a8b7900b6ba895d1b809a9f3ad4c730d23

SHA256
51da07da18a5486b11e0d51ebff77a3f2fcbb4d66b5665d212cc6bda480c4257

SHA512
83299dd948b40b4e2c226256d018716dbacfa739d8e882131c7f4c028c0913bc4ed9d770deb252931f3d4890f8f385bd43dcf2a5bfe5b922ec35f4b3144247a7

Download Submit
\Users\Admin\AppData\Local\Temp\nsc983.tmp\nsis7zU.dll
MD5
06a47571ac922f82c098622b2f5f6f63

SHA1
8a581c33b7f2029c41edaad55d024fc0d2d7c427

SHA256
e4ab3064f2e094910ae80104ef9d371ccb74ebbeeed592582cf099acd83f5fe9

SHA512
04b3d18042f1faa536e1393179f412a5644d2cf691fbc14970f79df5c0594eeedb0826b495807a3243f27aaa0380423c1f975fe857f32e057309bb3f2a529a83

Download Submit
memory/452-60-0x00000000753E1000-0x00000000753E3000-memory.dmp

Filesize
8KB

Download
memory/512-94-0x0000000000000000-mapping.dmp

Download
memory/736-76-0x0000000000000000-mapping.dmp

Download
memory/740-142-0x0000000000000000-mapping.dmp

Download
memory/740-144-0x0000000068E10000-0x0000000068EEF000-memory.dmp

Filesize
892KB

Download
memory/1016-84-0x000007FEFBEF1000-0x000007FEFBEF3000-memory.dmp

Filesize
8KB

Download
memory/1184-71-0x0000000000000000-mapping.dmp

Download
memory/1616-99-0x0000000000000000-mapping.dmp

Download
memory/2032-126-0x000000006F940000-0x0000000072E71000-memory.dmp

Filesize
53.2MB

Download
memory/2032-125-0x0000000073F70000-0x0000000073FD1000-memory.dmp

Filesize
388KB

Download
memory/2032-124-0x0000000074410000-0x0000000074472000-memory.dmp

Filesize
392KB

Download
memory/2032-123-0x0000000069190000-0x000000006F779000-memory.dmp

Filesize
101.9MB

Download
memory/2032-104-0x0000000000000000-mapping.dmp

Download
memory/2044-90-0x0000000000000000-mapping.dmp

Download