hxxps://github[.]com/doenerium69/doenerium

Resubmissions

13/10/2024, 22:32

241013-2f2ehasalc 10

13/10/2024, 22:25

241013-2b7qqa1hle 9

13/10/2024, 22:16

241013-16spls1fnf 9

Analysis

max time kernel
343s
max time network
346s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
13/10/2024, 22:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/doenerium69/doenerium

Score

9^/10

credential_access defense_evasion discovery persistence privilege_escalation ransomware spyware stealer

Malware Config

Signatures

Renames multiple (4137) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware
Downloads MZ/PE file
Credentials from Password Stores: Windows Credential Manager 1 TTPs
Suspicious access to Credentials History.
credential_access stealer

Windows Credential Manager
T1555.004
Event Triggered Execution: Component Object Model Hijacking 1 TTPs
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
persistence privilege_escalation

Component Object Model Hijacking
T1546.015

Executes dropped EXE 12 IoCs

pid	Process
4916	WiseVector_StopX.exe
4232	WiseVectorService.exe
848	WiseVectorService.exe
576	WiseVectorSvc.exe
2240	WiseVector.exe
780	WiseVector.exe
232	WiseVector.exe
5092	WiseVector.exe
3668	WiseVector.exe
2652	Conti.exe
2736	WiseVector.exe
1468	WiseVector.exe

Loads dropped DLL 64 IoCs

pid	Process
4916	WiseVector_StopX.exe
4916	WiseVector_StopX.exe
4916	WiseVector_StopX.exe
4916	WiseVector_StopX.exe
4916	WiseVector_StopX.exe
4916	WiseVector_StopX.exe
4916	WiseVector_StopX.exe
4916	WiseVector_StopX.exe
4916	WiseVector_StopX.exe
2020	regsvr32.exe
4412	regsvr32.exe
4916	WiseVector_StopX.exe
576	WiseVectorSvc.exe
576	WiseVectorSvc.exe
576	WiseVectorSvc.exe
576	WiseVectorSvc.exe
576	WiseVectorSvc.exe
576	WiseVectorSvc.exe
576	WiseVectorSvc.exe
576	WiseVectorSvc.exe
576	WiseVectorSvc.exe
2240	WiseVector.exe
2240	WiseVector.exe
2240	WiseVector.exe
2240	WiseVector.exe
2240	WiseVector.exe
2240	WiseVector.exe
2240	WiseVector.exe
2240	WiseVector.exe
2240	WiseVector.exe
780	WiseVector.exe
780	WiseVector.exe
780	WiseVector.exe
780	WiseVector.exe
2240	WiseVector.exe
2240	WiseVector.exe
3308	Process not Found
3308	Process not Found
232	WiseVector.exe
232	WiseVector.exe
232	WiseVector.exe
232	WiseVector.exe
576	WiseVectorSvc.exe
5092	WiseVector.exe
5092	WiseVector.exe
5092	WiseVector.exe
5092	WiseVector.exe
3668	WiseVector.exe
3668	WiseVector.exe
3668	WiseVector.exe
3668	WiseVector.exe
3668	WiseVector.exe
2736	WiseVector.exe
2736	WiseVector.exe
2736	WiseVector.exe
2736	WiseVector.exe
2736	WiseVector.exe
2736	WiseVector.exe
2736	WiseVector.exe
2736	WiseVector.exe
2736	WiseVector.exe
1468	WiseVector.exe
1468	WiseVector.exe
1468	WiseVector.exe

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops desktop.ini file(s) 27 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\desktop.ini	Conti.exe
File opened for modification	C:\Users\Admin\Videos\desktop.ini	Conti.exe
File opened for modification	C:\Users\Admin\Links\desktop.ini	Conti.exe
File opened for modification	C:\Users\Admin\Saved Games\desktop.ini	Conti.exe
File opened for modification	C:\Users\Admin\Pictures\Saved Pictures\desktop.ini	Conti.exe
File opened for modification	C:\Users\Public\desktop.ini	Conti.exe
File opened for modification	C:\Users\Admin\Pictures\desktop.ini	Conti.exe
File opened for modification	C:\Users\Admin\Searches\desktop.ini	Conti.exe
File opened for modification	C:\Users\Public\Downloads\desktop.ini	Conti.exe
File opened for modification	C:\Program Files\desktop.ini	Conti.exe
File opened for modification	C:\Users\Admin\Music\desktop.ini	Conti.exe
File opened for modification	C:\Users\Admin\OneDrive\desktop.ini	Conti.exe
File opened for modification	C:\Users\Admin\Documents\desktop.ini	Conti.exe
File opened for modification	C:\Users\Admin\Favorites\desktop.ini	Conti.exe
File opened for modification	C:\Users\Public\Documents\desktop.ini	Conti.exe
File opened for modification	C:\Users\Public\Libraries\desktop.ini	Conti.exe
File opened for modification	C:\Users\Admin\Contacts\desktop.ini	Conti.exe
File opened for modification	C:\Users\Public\Videos\desktop.ini	Conti.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\1033\DataServices\DESKTOP.INI	Conti.exe
File opened for modification	C:\Users\Public\Pictures\desktop.ini	Conti.exe
File opened for modification	C:\Program Files (x86)\desktop.ini	Conti.exe
File opened for modification	C:\Users\Admin\Desktop\desktop.ini	Conti.exe
File opened for modification	C:\Users\Public\Music\desktop.ini	Conti.exe
File opened for modification	C:\Users\Admin\Favorites\Links\desktop.ini	Conti.exe
File opened for modification	C:\Users\Admin\Pictures\Camera Roll\desktop.ini	Conti.exe
File opened for modification	C:\Users\Public\AccountPictures\desktop.ini	Conti.exe
File opened for modification	C:\Users\Public\Desktop\desktop.ini	Conti.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 9 IoCs

Web Service

T1102

flow	ioc
203	raw.githubusercontent.com
3	camo.githubusercontent.com
6	raw.githubusercontent.com
15	camo.githubusercontent.com
16	camo.githubusercontent.com
17	camo.githubusercontent.com
18	camo.githubusercontent.com
19	camo.githubusercontent.com
199	raw.githubusercontent.com

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\Fonts\private\ANTQUABI.TTF	Conti.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\pl\LC_MESSAGES\vlc.mo	Conti.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019VL_KMS_Client_AE-ppd.xrm-ms	Conti.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdCO365R_Subscription-ul-oob.xrm-ms	Conti.exe
File created	C:\Program Files\VideoLAN\VLC\locale\readme.txt	Conti.exe
File opened for modification	C:\Program Files (x86)\Common Files\System\Ole DB\oledbvbs.inc	Conti.exe
File opened for modification	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00A1-0409-1000-0000000FF1CE.xml	Conti.exe
File created	C:\Program Files\Common Files\System\it-IT\readme.txt	Conti.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentVNextR_Retail-ul-phn.xrm-ms	Conti.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\Microsoft.NETCore.App.deps.json	Conti.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Yellow.xml	Conti.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\1033\WordNaiveBayesCommandRanker.txt	Conti.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\lua\intf\modules\host.luac	Conti.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\Locales\bg.pak	Conti.exe
File opened for modification	C:\Program Files (x86)\WiseVector\bait\sample.txt	WiseVector_StopX.exe
File created	C:\Program Files (x86)\WiseVector\lib\_elementtree.pyd	WiseVector_StopX.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp2-ppd.xrm-ms	Conti.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTrial3-ul-oob.xrm-ms	Conti.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\PowerPointVL_KMS_Client-ul.xrm-ms	Conti.exe
File opened for modification	C:\Program Files\Java\jre-1.8\lib\ext\access-bridge-64.jar	Conti.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\freebxml.md	Conti.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\lo\LC_MESSAGES\vlc.mo	Conti.exe
File opened for modification	C:\Program Files (x86)\WiseVector\Eg.dll	WiseVector_StopX.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\AccessRuntimeR_PrepidBypass-ul-oob.xrm-ms	Conti.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\O365BusinessR_Subscription-ppd.xrm-ms	Conti.exe
File created	C:\Program Files\VideoLAN\VLC\locale\vi\LC_MESSAGES\readme.txt	Conti.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\90.0.818.66\ResiliencyLinks\Locales\uk.pak.DATA	Conti.exe
File created	C:\Program Files (x86)\WiseVector\dat\o.mtk	WiseVector_StopX.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019VL_KMS_Client_AE-ul-oob.xrm-ms	Conti.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\lib\management\jmxremote.access	Conti.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\lua\http\requests\vlm.xml	Conti.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\server\classes.jsa	Conti.exe
File opened for modification	C:\Program Files (x86)\Common Files\Adobe\HelpCfg\en_US\Reader_DC.helpcfg	Conti.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\jfr\readme.txt	Conti.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\OneNoteR_Retail-ul-oob.xrm-ms	Conti.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\90.0.818.66\Installer\msedge_7z.data	Conti.exe
File opened for modification	C:\Program Files\Java\jre-1.8\legal\jdk\thaidict.md	Conti.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL102.XML	Conti.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\Edge.dat	Conti.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\Locales\mk.pak	Conti.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\EURO\readme.txt	Conti.exe
File opened for modification	C:\Program Files\7-Zip\Lang\be.txt	Conti.exe
File created	C:\Program Files (x86)\Internet Explorer\es-ES\readme.txt	Conti.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019XC2RVL_KMS_ClientC2R-ul-oob.xrm-ms	Conti.exe
File opened for modification	C:\Program Files (x86)\WiseVector\cfg\rec.de	WiseVector.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Tracker\reviewers.gif	Conti.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\Bibliography\readme.txt	Conti.exe
File created	C:\Program Files\VideoLAN\VLC\locale\wa\LC_MESSAGES\readme.txt	Conti.exe
File opened for modification	C:\Program Files\Mozilla Firefox\browser\crashreporter-override.ini	Conti.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\McePerfCtr.man	Conti.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogoSmall.contrast-white_scale-140.png	Conti.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins3d\prcr.x3d	Conti.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\fr\readme.txt	Conti.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\90.0.818.66\Locales\devtools\zh-TW.pak	Conti.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\90.0.818.66\ResiliencyLinks\Locales\it.pak.DATA	Conti.exe
File opened for modification	C:\Program Files (x86)\WiseVector\bak\lh.de	Conti.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\StandardVL_MAK-ul-oob.xrm-ms	Conti.exe
File opened for modification	C:\Program Files\Java\jre-1.8\lib\deploy\messages_es.properties	Conti.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\AcroForm\adobepdf.xdc	Conti.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\90.0.818.66\ResiliencyLinks\Locales\te.pak.DATA	Conti.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\ICU\icudt26l.dat	Conti.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\ResiliencyLinks\Locales\ta.pak.DATA	Conti.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\legal\jdk\xmlresolver.md	Conti.exe
File created	C:\Program Files\Java\jre-1.8\legal\jdk\readme.txt	Conti.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Subvert Trust Controls: Mark-of-the-Web Bypass 1 TTPs 2 IoCs

When files are downloaded from the Internet, they are tagged with a hidden NTFS Alternate Data Stream (ADS) named Zone.Identifier with a specific value known as the MOTW.

defense_evasion

SIP and Trust Provider Hijacking

T1553.003

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\WiseVector_StopX.exe:Zone.Identifier	chrome.exe
File opened for modification	C:\Users\Admin\Downloads\Conti.exe:Zone.Identifier	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 12 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	WiseVectorService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	WiseVector.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	WiseVector.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	WiseVector.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	WiseVector.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	WiseVector_StopX.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	regsvr32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	WiseVectorService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	WiseVectorSvc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	WiseVector.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	WiseVector.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	WiseVector.exe

Checks SCSI registry key(s) 3 TTPs 8 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002	WiseVector.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom	WiseVector.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	WiseVector.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags	WiseVector.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	WiseVector.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	WiseVector.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001	WiseVector.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom	WiseVector.exe

Checks processor information in registry 2 TTPs 5 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	msedge.exe
Key opened	\Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0	WiseVector.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	WiseVector.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	msedge.exe

Enumerates system info in registry 2 TTPs 5 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	msedge.exe

Modifies data under HKEY_USERS 64 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs	WiseVectorSvc.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs	WiseVectorSvc.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	WiseVectorSvc.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPublisher\CRLs	WiseVectorSvc.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\OpenWithList	WiseVectorSvc.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wvx\OpenWithList	WiseVectorSvc.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates	WiseVectorSvc.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs	WiseVectorSvc.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs	WiseVectorSvc.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	WiseVectorSvc.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates	WiseVectorSvc.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif	WiseVectorSvc.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.WTV\OpenWithList	WiseVectorSvc.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wvx	WiseVectorSvc.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs	WiseVectorSvc.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs	WiseVectorSvc.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs	WiseVectorSvc.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPublisher\CTLs	WiseVectorSvc.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates	WiseVectorSvc.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPublisher\CTLs	WiseVectorSvc.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPublisher\Certificates	WiseVectorSvc.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	WiseVectorSvc.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs	WiseVectorSvc.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs	WiseVectorSvc.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPublisher	WiseVectorSvc.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion	WiseVectorSvc.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4v\OpenWithList	WiseVectorSvc.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	WiseVectorSvc.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs	WiseVectorSvc.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs	WiseVectorSvc.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPublisher\CRLs	WiseVectorSvc.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asf	WiseVectorSvc.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates	WiseVectorSvc.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gp\OpenWithList	WiseVectorSvc.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.WTV	WiseVectorSvc.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs	WiseVectorSvc.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates	WiseVectorSvc.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs	WiseVectorSvc.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	WiseVectorSvc.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates	WiseVectorSvc.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs	WiseVectorSvc.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gp	WiseVectorSvc.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates	WiseVectorSvc.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	WiseVectorSvc.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot	WiseVectorSvc.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPublisher	WiseVectorSvc.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	WiseVectorSvc.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc	WiseVectorSvc.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asf\OpenWithList	WiseVectorSvc.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs	WiseVectorSvc.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	WiseVectorSvc.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	WiseVectorSvc.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs	WiseVectorSvc.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	WiseVectorSvc.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts	WiseVectorSvc.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs	WiseVectorSvc.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs	WiseVectorSvc.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates	WiseVectorSvc.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\OpenWithList	WiseVectorSvc.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133733319663727598"	chrome.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates	WiseVectorSvc.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates	WiseVectorSvc.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	WiseVectorSvc.exe

Modifies registry class 52 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C49499AC-DC25-478B-B903-E005012B3DD1}\ = "WiseVectorScan Class"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C49499AC-DC25-478B-B903-E005012B3DD1}\ProgID	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\WiseVectorScan	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{60810F1E-B89C-4497-911F-4647F86F00F1}\1.0	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{60810F1E-B89C-4497-911F-4647F86F00F1}\1.0\FLAGS	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{24CF4FB6-2F9B-43CD-8B58-B9626AA5D593}\TypeLib\ = "{60810F1E-B89C-4497-911F-4647F86F00F1}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WiseVectorExt.WiseVectorScan.1\CLSID	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WiseVectorExt.WiseVectorScan\CLSID	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WiseVectorExt.WiseVectorScan\CurVer	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WiseVectorExt.WiseVectorScan\CurVer\ = "WiseVectorExt.WiseVectorScan.1"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C49499AC-DC25-478B-B903-E005012B3DD1}\ProgID\ = "WiseVectorExt.WiseVectorScan.1"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C49499AC-DC25-478B-B903-E005012B3DD1}\TypeLib	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{60810F1E-B89C-4497-911F-4647F86F00F1}\1.0\0\win64	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{24CF4FB6-2F9B-43CD-8B58-B9626AA5D593}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WiseVectorExt.WiseVectorScan.1\ = "WiseVectorScan Class"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WiseVectorExt.WiseVectorScan.1\CLSID\ = "{C49499AC-DC25-478B-B903-E005012B3DD1}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{24CF4FB6-2F9B-43CD-8B58-B9626AA5D593}\TypeLib	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{24CF4FB6-2F9B-43CD-8B58-B9626AA5D593}\TypeLib\ = "{60810F1E-B89C-4497-911F-4647F86F00F1}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{24CF4FB6-2F9B-43CD-8B58-B9626AA5D593}\TypeLib\Version = "1.0"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{24CF4FB6-2F9B-43CD-8B58-B9626AA5D593}\ = "IWiseVectorScan"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{24CF4FB6-2F9B-43CD-8B58-B9626AA5D593}\ProxyStubClsid32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{24CF4FB6-2F9B-43CD-8B58-B9626AA5D593}\TypeLib\Version = "1.0"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{24CF4FB6-2F9B-43CD-8B58-B9626AA5D593}\ = "IWiseVectorScan"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{24CF4FB6-2F9B-43CD-8B58-B9626AA5D593}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C49499AC-DC25-478B-B903-E005012B3DD1}\InprocServer32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{60810F1E-B89C-4497-911F-4647F86F00F1}\1.0\ = "WiseVector On-Demand Scan"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{60810F1E-B89C-4497-911F-4647F86F00F1}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{60810F1E-B89C-4497-911F-4647F86F00F1}\1.0\FLAGS\ = "0"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{60810F1E-B89C-4497-911F-4647F86F00F1}\1.0\0	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C49499AC-DC25-478B-B903-E005012B3DD1}\InprocServer32\ThreadingModel = "Apartment"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Folder\ShellEx\ContextMenuHandlers\WiseVectorScan	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{60810F1E-B89C-4497-911F-4647F86F00F1}\1.0\HELPDIR\ = "C:\\Program Files (x86)\\WiseVector"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{24CF4FB6-2F9B-43CD-8B58-B9626AA5D593}\TypeLib	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C49499AC-DC25-478B-B903-E005012B3DD1}\VersionIndependentProgID	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{60810F1E-B89C-4497-911F-4647F86F00F1}\1.0\HELPDIR	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WiseVectorExt.WiseVectorScan\CLSID\ = "{C49499AC-DC25-478B-B903-E005012B3DD1}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Folder\ShellEx\ContextMenuHandlers\WiseVectorScan\ = "{C49499AC-DC25-478B-B903-E005012B3DD1}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\WiseVectorScan\ = "{C49499AC-DC25-478B-B903-E005012B3DD1}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{60810F1E-B89C-4497-911F-4647F86F00F1}\1.0\0\win64\ = "C:\\Program Files (x86)\\WiseVector\\WiseVectorExt_X64.dll"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WiseVectorExt.WiseVectorScan.1	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WiseVectorExt.WiseVectorScan\ = "WiseVectorScan Class"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C49499AC-DC25-478B-B903-E005012B3DD1}\Programmable	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\WiseVectorScan	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\WiseVectorScan\ = "{C49499AC-DC25-478B-B903-E005012B3DD1}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{24CF4FB6-2F9B-43CD-8B58-B9626AA5D593}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WiseVectorExt.WiseVectorScan	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C49499AC-DC25-478B-B903-E005012B3DD1}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C49499AC-DC25-478B-B903-E005012B3DD1}\TypeLib\ = "{60810F1E-B89C-4497-911F-4647F86F00F1}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{24CF4FB6-2F9B-43CD-8B58-B9626AA5D593}\ProxyStubClsid32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{24CF4FB6-2F9B-43CD-8B58-B9626AA5D593}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C49499AC-DC25-478B-B903-E005012B3DD1}\VersionIndependentProgID\ = "WiseVectorExt.WiseVectorScan"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C49499AC-DC25-478B-B903-E005012B3DD1}\InprocServer32\ = "C:\\Program Files (x86)\\WiseVector\\WiseVectorExt_X64.dll"	regsvr32.exe

Modifies system certificate store 2 TTPs 6 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4	WiseVectorSvc.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 04000000010000001000000078f2fcaa601f2fb4ebc937ba532e75490f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e1996530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703080b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac89988140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f1d0000000100000010000000a86dc6a233eb339610f3ed414927c559030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e4190000000100000010000000ffac207997bb2cfe865570179ee037b92000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e	WiseVectorSvc.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 5c000000010000000400000000100000190000000100000010000000ffac207997bb2cfe865570179ee037b9030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e41d0000000100000010000000a86dc6a233eb339610f3ed414927c559140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac899880b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e199604000000010000001000000078f2fcaa601f2fb4ebc937ba532e75492000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e	WiseVectorSvc.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349	WiseVectorSvc.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 040000000100000010000000497904b0eb8719ac47b0bc11519b74d0030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e3491d00000001000000100000002e0d6875874a44c820912e85e964cfdb140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b40b000000010000001c0000005300650063007400690067006f002000280041004100410029000000620000000100000020000000d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef453000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d578112861900000001000000100000002aa1c05e2ae606f198c2c5e937c97aa2200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e	WiseVectorSvc.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 5c0000000100000004000000000800001900000001000000100000002aa1c05e2ae606f198c2c5e937c97aa20f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0620000000100000020000000d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef40b000000010000001c0000005300650063007400690067006f002000280041004100410029000000140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b41d00000001000000100000002e0d6875874a44c820912e85e964cfdb030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e349040000000100000010000000497904b0eb8719ac47b0bc11519b74d0200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e	WiseVectorSvc.exe

NTFS ADS 2 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\WiseVector_StopX.exe:Zone.Identifier	chrome.exe
File opened for modification	C:\Users\Admin\Downloads\Conti.exe:Zone.Identifier	chrome.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
4880	chrome.exe
4880	chrome.exe
4916	WiseVector_StopX.exe
4916	WiseVector_StopX.exe
4916	WiseVector_StopX.exe
4916	WiseVector_StopX.exe
4916	WiseVector_StopX.exe
4916	WiseVector_StopX.exe
4916	WiseVector_StopX.exe
4916	WiseVector_StopX.exe
4916	WiseVector_StopX.exe
4916	WiseVector_StopX.exe
4916	WiseVector_StopX.exe
4916	WiseVector_StopX.exe
2240	WiseVector.exe
2240	WiseVector.exe
2240	WiseVector.exe
2240	WiseVector.exe
2240	WiseVector.exe
2240	WiseVector.exe
576	WiseVectorSvc.exe
576	WiseVectorSvc.exe
576	WiseVectorSvc.exe
576	WiseVectorSvc.exe
2240	WiseVector.exe
2240	WiseVector.exe
2240	WiseVector.exe
2240	WiseVector.exe
2240	WiseVector.exe
2240	WiseVector.exe
576	WiseVectorSvc.exe
576	WiseVectorSvc.exe
2240	WiseVector.exe
2240	WiseVector.exe
780	WiseVector.exe
780	WiseVector.exe
780	WiseVector.exe
780	WiseVector.exe
576	WiseVectorSvc.exe
576	WiseVectorSvc.exe
576	WiseVectorSvc.exe
576	WiseVectorSvc.exe
576	WiseVectorSvc.exe
576	WiseVectorSvc.exe
576	WiseVectorSvc.exe
576	WiseVectorSvc.exe
2240	WiseVector.exe
2240	WiseVector.exe
576	WiseVectorSvc.exe
576	WiseVectorSvc.exe
576	WiseVectorSvc.exe
576	WiseVectorSvc.exe
576	WiseVectorSvc.exe
576	WiseVectorSvc.exe
576	WiseVectorSvc.exe
576	WiseVectorSvc.exe
576	WiseVectorSvc.exe
576	WiseVectorSvc.exe
2240	WiseVector.exe
2240	WiseVector.exe
576	WiseVectorSvc.exe
576	WiseVectorSvc.exe
576	WiseVectorSvc.exe
576	WiseVectorSvc.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2240	WiseVector.exe

Suspicious behavior: LoadsDriver 3 IoCs

pid	Process
672	Process not Found
672	Process not Found
672	Process not Found

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 17 IoCs

pid	Process
4880	chrome.exe
4880	chrome.exe
4880	chrome.exe
4880	chrome.exe
4880	chrome.exe
4880	chrome.exe
4880	chrome.exe
4880	chrome.exe
4880	chrome.exe
4880	chrome.exe
4880	chrome.exe
4880	chrome.exe
4880	chrome.exe
4880	chrome.exe
4880	chrome.exe
4880	chrome.exe
4880	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4880	chrome.exe
Token: SeCreatePagefilePrivilege	4880	chrome.exe
Token: SeShutdownPrivilege	4880	chrome.exe
Token: SeCreatePagefilePrivilege	4880	chrome.exe
Token: SeShutdownPrivilege	4880	chrome.exe
Token: SeCreatePagefilePrivilege	4880	chrome.exe
Token: SeShutdownPrivilege	4880	chrome.exe
Token: SeCreatePagefilePrivilege	4880	chrome.exe
Token: SeShutdownPrivilege	4880	chrome.exe
Token: SeCreatePagefilePrivilege	4880	chrome.exe
Token: SeShutdownPrivilege	4880	chrome.exe
Token: SeCreatePagefilePrivilege	4880	chrome.exe
Token: SeShutdownPrivilege	4880	chrome.exe
Token: SeCreatePagefilePrivilege	4880	chrome.exe
Token: SeShutdownPrivilege	4880	chrome.exe
Token: SeCreatePagefilePrivilege	4880	chrome.exe
Token: SeShutdownPrivilege	4880	chrome.exe
Token: SeCreatePagefilePrivilege	4880	chrome.exe
Token: SeShutdownPrivilege	4880	chrome.exe
Token: SeCreatePagefilePrivilege	4880	chrome.exe
Token: SeShutdownPrivilege	4880	chrome.exe
Token: SeCreatePagefilePrivilege	4880	chrome.exe
Token: SeShutdownPrivilege	4880	chrome.exe
Token: SeCreatePagefilePrivilege	4880	chrome.exe
Token: SeShutdownPrivilege	4880	chrome.exe
Token: SeCreatePagefilePrivilege	4880	chrome.exe
Token: SeShutdownPrivilege	4880	chrome.exe
Token: SeCreatePagefilePrivilege	4880	chrome.exe
Token: SeShutdownPrivilege	4880	chrome.exe
Token: SeCreatePagefilePrivilege	4880	chrome.exe
Token: SeShutdownPrivilege	4880	chrome.exe
Token: SeCreatePagefilePrivilege	4880	chrome.exe
Token: SeShutdownPrivilege	4880	chrome.exe
Token: SeCreatePagefilePrivilege	4880	chrome.exe
Token: SeShutdownPrivilege	4880	chrome.exe
Token: SeCreatePagefilePrivilege	4880	chrome.exe
Token: SeShutdownPrivilege	4880	chrome.exe
Token: SeCreatePagefilePrivilege	4880	chrome.exe
Token: SeShutdownPrivilege	4880	chrome.exe
Token: SeCreatePagefilePrivilege	4880	chrome.exe
Token: SeShutdownPrivilege	4880	chrome.exe
Token: SeCreatePagefilePrivilege	4880	chrome.exe
Token: SeShutdownPrivilege	4880	chrome.exe
Token: SeCreatePagefilePrivilege	4880	chrome.exe
Token: SeShutdownPrivilege	4880	chrome.exe
Token: SeCreatePagefilePrivilege	4880	chrome.exe
Token: SeShutdownPrivilege	4880	chrome.exe
Token: SeCreatePagefilePrivilege	4880	chrome.exe
Token: SeShutdownPrivilege	4880	chrome.exe
Token: SeCreatePagefilePrivilege	4880	chrome.exe
Token: SeShutdownPrivilege	4880	chrome.exe
Token: SeCreatePagefilePrivilege	4880	chrome.exe
Token: SeShutdownPrivilege	4880	chrome.exe
Token: SeCreatePagefilePrivilege	4880	chrome.exe
Token: SeShutdownPrivilege	4880	chrome.exe
Token: SeCreatePagefilePrivilege	4880	chrome.exe
Token: SeShutdownPrivilege	4880	chrome.exe
Token: SeCreatePagefilePrivilege	4880	chrome.exe
Token: SeShutdownPrivilege	4880	chrome.exe
Token: SeCreatePagefilePrivilege	4880	chrome.exe
Token: SeShutdownPrivilege	4880	chrome.exe
Token: SeCreatePagefilePrivilege	4880	chrome.exe
Token: SeShutdownPrivilege	4880	chrome.exe
Token: SeCreatePagefilePrivilege	4880	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4880	chrome.exe
4880	chrome.exe
4880	chrome.exe
4880	chrome.exe
4880	chrome.exe
4880	chrome.exe
4880	chrome.exe
4880	chrome.exe
4880	chrome.exe
4880	chrome.exe
4880	chrome.exe
4880	chrome.exe
4880	chrome.exe
4880	chrome.exe
4880	chrome.exe
4880	chrome.exe
4880	chrome.exe
4880	chrome.exe
4880	chrome.exe
4880	chrome.exe
4880	chrome.exe
4880	chrome.exe
4880	chrome.exe
4880	chrome.exe
4880	chrome.exe
4880	chrome.exe
4880	chrome.exe
4880	chrome.exe
4880	chrome.exe
4880	chrome.exe
4880	chrome.exe
4880	chrome.exe
4880	chrome.exe
4880	chrome.exe
4880	chrome.exe
4880	chrome.exe
4880	chrome.exe
4880	chrome.exe
4880	chrome.exe
4880	chrome.exe
4880	chrome.exe
4880	chrome.exe
4880	chrome.exe
4880	chrome.exe
4880	chrome.exe
4880	chrome.exe
4880	chrome.exe
4880	chrome.exe
4880	chrome.exe
4880	chrome.exe
4880	chrome.exe
4880	chrome.exe
4880	chrome.exe
4880	chrome.exe
4880	chrome.exe
4880	chrome.exe
4880	chrome.exe
4880	chrome.exe
4880	chrome.exe
4880	chrome.exe
4880	chrome.exe
4880	chrome.exe
4880	chrome.exe
4880	chrome.exe

Suspicious use of SendNotifyMessage 41 IoCs

pid	Process
4880	chrome.exe
4880	chrome.exe
4880	chrome.exe
4880	chrome.exe
4880	chrome.exe
4880	chrome.exe
4880	chrome.exe
4880	chrome.exe
4880	chrome.exe
4880	chrome.exe
4880	chrome.exe
4880	chrome.exe
2240	WiseVector.exe
2240	WiseVector.exe
2240	WiseVector.exe
2240	WiseVector.exe
2240	WiseVector.exe
2240	WiseVector.exe
2240	WiseVector.exe
2240	WiseVector.exe
2240	WiseVector.exe
2240	WiseVector.exe
2240	WiseVector.exe
2240	WiseVector.exe
2240	WiseVector.exe
4880	chrome.exe
4880	chrome.exe
4880	chrome.exe
4880	chrome.exe
2240	WiseVector.exe
2240	WiseVector.exe
4880	chrome.exe
4880	chrome.exe
4880	chrome.exe
4880	chrome.exe
2736	WiseVector.exe
2736	WiseVector.exe
2736	WiseVector.exe
1468	WiseVector.exe
1468	WiseVector.exe
1468	WiseVector.exe

Suspicious use of SetWindowsHookEx 15 IoCs

pid	Process
4916	WiseVector_StopX.exe
4232	WiseVectorService.exe
2240	WiseVector.exe
2240	WiseVector.exe
2240	WiseVector.exe
780	WiseVector.exe
780	WiseVector.exe
232	WiseVector.exe
5092	WiseVector.exe
3668	WiseVector.exe
2736	WiseVector.exe
2736	WiseVector.exe
2736	WiseVector.exe
1468	WiseVector.exe
1468	WiseVector.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4880 wrote to memory of 2012	4880	chrome.exe	77
PID 4880 wrote to memory of 2012	4880	chrome.exe	77
PID 4880 wrote to memory of 3036	4880	chrome.exe	78
PID 4880 wrote to memory of 3036	4880	chrome.exe	78
PID 4880 wrote to memory of 3036	4880	chrome.exe	78
PID 4880 wrote to memory of 3036	4880	chrome.exe	78
PID 4880 wrote to memory of 3036	4880	chrome.exe	78
PID 4880 wrote to memory of 3036	4880	chrome.exe	78
PID 4880 wrote to memory of 3036	4880	chrome.exe	78
PID 4880 wrote to memory of 3036	4880	chrome.exe	78
PID 4880 wrote to memory of 3036	4880	chrome.exe	78
PID 4880 wrote to memory of 3036	4880	chrome.exe	78
PID 4880 wrote to memory of 3036	4880	chrome.exe	78
PID 4880 wrote to memory of 3036	4880	chrome.exe	78
PID 4880 wrote to memory of 3036	4880	chrome.exe	78
PID 4880 wrote to memory of 3036	4880	chrome.exe	78
PID 4880 wrote to memory of 3036	4880	chrome.exe	78
PID 4880 wrote to memory of 3036	4880	chrome.exe	78
PID 4880 wrote to memory of 3036	4880	chrome.exe	78
PID 4880 wrote to memory of 3036	4880	chrome.exe	78
PID 4880 wrote to memory of 3036	4880	chrome.exe	78
PID 4880 wrote to memory of 3036	4880	chrome.exe	78
PID 4880 wrote to memory of 3036	4880	chrome.exe	78
PID 4880 wrote to memory of 3036	4880	chrome.exe	78
PID 4880 wrote to memory of 3036	4880	chrome.exe	78
PID 4880 wrote to memory of 3036	4880	chrome.exe	78
PID 4880 wrote to memory of 3036	4880	chrome.exe	78
PID 4880 wrote to memory of 3036	4880	chrome.exe	78
PID 4880 wrote to memory of 3036	4880	chrome.exe	78
PID 4880 wrote to memory of 3036	4880	chrome.exe	78
PID 4880 wrote to memory of 3036	4880	chrome.exe	78
PID 4880 wrote to memory of 3036	4880	chrome.exe	78
PID 4880 wrote to memory of 4240	4880	chrome.exe	79
PID 4880 wrote to memory of 4240	4880	chrome.exe	79
PID 4880 wrote to memory of 2996	4880	chrome.exe	80
PID 4880 wrote to memory of 2996	4880	chrome.exe	80
PID 4880 wrote to memory of 2996	4880	chrome.exe	80
PID 4880 wrote to memory of 2996	4880	chrome.exe	80
PID 4880 wrote to memory of 2996	4880	chrome.exe	80
PID 4880 wrote to memory of 2996	4880	chrome.exe	80
PID 4880 wrote to memory of 2996	4880	chrome.exe	80
PID 4880 wrote to memory of 2996	4880	chrome.exe	80
PID 4880 wrote to memory of 2996	4880	chrome.exe	80
PID 4880 wrote to memory of 2996	4880	chrome.exe	80
PID 4880 wrote to memory of 2996	4880	chrome.exe	80
PID 4880 wrote to memory of 2996	4880	chrome.exe	80
PID 4880 wrote to memory of 2996	4880	chrome.exe	80
PID 4880 wrote to memory of 2996	4880	chrome.exe	80
PID 4880 wrote to memory of 2996	4880	chrome.exe	80
PID 4880 wrote to memory of 2996	4880	chrome.exe	80
PID 4880 wrote to memory of 2996	4880	chrome.exe	80
PID 4880 wrote to memory of 2996	4880	chrome.exe	80
PID 4880 wrote to memory of 2996	4880	chrome.exe	80
PID 4880 wrote to memory of 2996	4880	chrome.exe	80
PID 4880 wrote to memory of 2996	4880	chrome.exe	80
PID 4880 wrote to memory of 2996	4880	chrome.exe	80
PID 4880 wrote to memory of 2996	4880	chrome.exe	80
PID 4880 wrote to memory of 2996	4880	chrome.exe	80
PID 4880 wrote to memory of 2996	4880	chrome.exe	80
PID 4880 wrote to memory of 2996	4880	chrome.exe	80
PID 4880 wrote to memory of 2996	4880	chrome.exe	80
PID 4880 wrote to memory of 2996	4880	chrome.exe	80
PID 4880 wrote to memory of 2996	4880	chrome.exe	80
PID 4880 wrote to memory of 2996	4880	chrome.exe	80

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://github.com/doenerium69/doenerium
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4880
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8f42bcc40,0x7ff8f42bcc4c,0x7ff8f42bcc58
  2⤵
  PID:2012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1812,i,4819249829105085049,10268057762396771101,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1804 /prefetch:2
  2⤵
  PID:3036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2072,i,4819249829105085049,10268057762396771101,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2080 /prefetch:3
  2⤵
  PID:4240
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2164,i,4819249829105085049,10268057762396771101,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2136 /prefetch:8
  2⤵
  PID:2996
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3056,i,4819249829105085049,10268057762396771101,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3104 /prefetch:1
  2⤵
  PID:3836
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3064,i,4819249829105085049,10268057762396771101,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3276 /prefetch:1
  2⤵
  PID:4184
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4548,i,4819249829105085049,10268057762396771101,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4556 /prefetch:8
  2⤵
  PID:3296
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4796,i,4819249829105085049,10268057762396771101,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4864 /prefetch:1
  2⤵
  PID:660
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=4944,i,4819249829105085049,10268057762396771101,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4904 /prefetch:1
  2⤵
  PID:2820
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4800,i,4819249829105085049,10268057762396771101,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5100 /prefetch:1
  2⤵
  PID:3316
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=5256,i,4819249829105085049,10268057762396771101,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5280 /prefetch:1
  2⤵
  PID:4676
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=5388,i,4819249829105085049,10268057762396771101,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5380 /prefetch:1
  2⤵
  PID:4556
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=5652,i,4819249829105085049,10268057762396771101,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5672 /prefetch:1
  2⤵
  PID:244
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5048,i,4819249829105085049,10268057762396771101,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5316 /prefetch:1
  2⤵
  PID:2708
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5752,i,4819249829105085049,10268057762396771101,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5820 /prefetch:8
  2⤵
  PID:3616
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5800,i,4819249829105085049,10268057762396771101,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5940 /prefetch:8
  2⤵
  PID:3300
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=3300,i,4819249829105085049,10268057762396771101,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3420 /prefetch:1
  2⤵
  PID:4640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=5024,i,4819249829105085049,10268057762396771101,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3440 /prefetch:1
  2⤵
  PID:4488
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4304,i,4819249829105085049,10268057762396771101,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5844 /prefetch:8
  2⤵
  - Subvert Trust Controls: Mark-of-the-Web Bypass
  - NTFS ADS
  PID:2712
- C:\Users\Admin\Downloads\WiseVector_StopX.exe
  "C:\Users\Admin\Downloads\WiseVector_StopX.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of SetWindowsHookEx
  PID:4916
- - C:\Windows\SysWOW64\regsvr32.exe
    "C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\WiseVector\WiseVectorExt_X64.dll"
    3⤵
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    PID:2020
  - - C:\Windows\system32\regsvr32.exe
      /s "C:\Program Files (x86)\WiseVector\WiseVectorExt_X64.dll"
      4⤵
      Loads dropped DLL
      Modifies registry class
      PID:4412
- - C:\Program Files (x86)\WiseVector\WiseVectorService.exe
    "C:\Program Files (x86)\WiseVector\WiseVectorService.exe" -i
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:4232
- - C:\Program Files (x86)\WiseVector\WiseVector.exe
    "C:\Program Files (x86)\WiseVector\WiseVector.exe"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Checks SCSI registry key(s)
    - Checks processor information in registry
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious behavior: GetForegroundWindowSpam
    - Suspicious use of SendNotifyMessage
    - Suspicious use of SetWindowsHookEx
    PID:2240
- - C:\Program Files (x86)\WiseVector\WiseVector.exe
    "C:\Program Files (x86)\WiseVector\WiseVector.exe"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of SetWindowsHookEx
    PID:780
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=976,i,4819249829105085049,10268057762396771101,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6104 /prefetch:8
  2⤵
  PID:2132
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=4680,i,4819249829105085049,10268057762396771101,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6220 /prefetch:8
  2⤵
  PID:3776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=6212,i,4819249829105085049,10268057762396771101,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5804 /prefetch:8
  2⤵
  PID:1468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=6236,i,4819249829105085049,10268057762396771101,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5848 /prefetch:8
  2⤵
  PID:3680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=6640,i,4819249829105085049,10268057762396771101,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6092 /prefetch:8
  2⤵
  PID:436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=6380,i,4819249829105085049,10268057762396771101,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6784 /prefetch:8
  2⤵
  PID:2288
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=6200,i,4819249829105085049,10268057762396771101,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6280 /prefetch:8
  2⤵
  - Subvert Trust Controls: Mark-of-the-Web Bypass
  - NTFS ADS
  PID:5012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --field-trial-handle=5804,i,4819249829105085049,10268057762396771101,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6232 /prefetch:1
  2⤵
  PID:756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --field-trial-handle=4580,i,4819249829105085049,10268057762396771101,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6396 /prefetch:1
  2⤵
  PID:4248
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --field-trial-handle=6284,i,4819249829105085049,10268057762396771101,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6920 /prefetch:1
  2⤵
  PID:5068
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --field-trial-handle=4336,i,4819249829105085049,10268057762396771101,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6256 /prefetch:1
  2⤵
  PID:1324
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=6264,i,4819249829105085049,10268057762396771101,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=7088 /prefetch:8
  2⤵
  PID:3768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --field-trial-handle=6300,i,4819249829105085049,10268057762396771101,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3468 /prefetch:1
  2⤵
  PID:1128
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --field-trial-handle=6484,i,4819249829105085049,10268057762396771101,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5712 /prefetch:1
  2⤵
  PID:1964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=6496,i,4819249829105085049,10268057762396771101,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6020 /prefetch:8
  2⤵
  PID:1496
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=7068,i,4819249829105085049,10268057762396771101,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5980 /prefetch:8
  2⤵
  PID:2008

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:2308

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4872

C:\Program Files (x86)\WiseVector\WiseVectorService.exe
"C:\Program Files (x86)\WiseVector\WiseVectorService.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:848
- C:\Program Files (x86)\WiseVector\WiseVectorSvc.exe
  "C:\Program Files (x86)\WiseVector\WiseVectorSvc.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Modifies data under HKEY_USERS
  - Modifies system certificate store
  - Suspicious behavior: EnumeratesProcesses
  PID:576

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4532

C:\Windows\System32\DataExchangeHost.exe
C:\Windows\System32\DataExchangeHost.exe -Embedding
1⤵
PID:2736

C:\Program Files (x86)\WiseVector\WiseVector.exe
"C:\Program Files (x86)\WiseVector\WiseVector.exe" C:\Users\Admin\Desktop\Conti.exe
1⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:232

C:\Program Files (x86)\WiseVector\WiseVector.exe
"C:\Program Files (x86)\WiseVector\WiseVector.exe" C:\Users\Admin\Desktop\Conti.exe
1⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:5092

C:\Program Files (x86)\WiseVector\WiseVector.exe
"C:\Program Files (x86)\WiseVector\WiseVector.exe" C:\Users\Admin\Desktop\Conti.exe
1⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:3668

C:\Users\Admin\Desktop\Conti.exe
"C:\Users\Admin\Desktop\Conti.exe"
1⤵
- Executes dropped EXE
- Drops desktop.ini file(s)
- Drops file in Program Files directory
PID:2652

C:\Program Files (x86)\WiseVector\WiseVector.exe
"C:\Program Files (x86)\WiseVector\WiseVector.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:2736

C:\Program Files (x86)\WiseVector\WiseVector.exe
"C:\Program Files (x86)\WiseVector\WiseVector.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:1468

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
PID:1800
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8f42bcc40,0x7ff8f42bcc4c,0x7ff8f42bcc58
  2⤵
  PID:2356

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:3248
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  PID:4844

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
PID:236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x104,0x108,0x10c,0xe0,0x110,0x7ff8f3b03cb8,0x7ff8f3b03cc8,0x7ff8f3b03cd8
  2⤵
  - Checks processor information in registry
  - Enumerates system info in registry
  PID:4408

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Privilege Escalation

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

SIP and Trust Provider Hijacking

T1553.003

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Windows Credential Manager

T1555.004

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\3O3wNN8mS\3O3wNN8mS.doc

Filesize
91KB

MD5
73d1c2fac9138fe0199b52b1a13ee9e5

SHA1
9c177e51f154b2078de673027b653d62fa0ee121

SHA256
d55994846075d1b25c74397900c63f7d51a9e83c3944bfab0c0530ca9727e316

SHA512
7e46e5b9f4e91cfb10b74be4a76639cf07b382a05858792f246ba1dd27392bb8cb4e281f283c29fe43d981f4485cd8ea13adddbc6085cd18a76936ad27405096

Download Submit
C:\3O3wNN8mS\3O3wNN8mS.jpg

Filesize
59KB

MD5
340dc4cece659502060d48bf8c7c55b5

SHA1
c0cce25b06f18a55dfd89369fd34c4a40d1ca594

SHA256
42e271b2b7fbdd8f19dd6521163cb694ea5605441eff8e2d6d7d0807adba32d5

SHA512
905a5a627e4521f30d011310f1fbd07ef93df09b8856b5644467147bdeafbd374c8410a048cc7d17f4e803ba53dd3743938cba4624b3030116493407238dd9c8

Download Submit
C:\3O3wNN8mS\3O3wNN8mS.sql

Filesize
84KB

MD5
e6561335125958dbe4c98e9eb50ca611

SHA1
9a0a46494a2b37ab2e9f5ff7bd1db23a5caca875

SHA256
e497991c8ac6ff00d402001bd10f91e5e9721375eae098ea5f4d3028eb5e280e

SHA512
2e805e8690aee7d31b6998386b6c3aba58a7c51497aeb77dd3d2e3c24333bc93e703d2c328650cd47354dabdec4de119cc96c81fa4bc8a99ac687f37bc23f872

Download Submit
C:\3O3wNN8mS\3O3wNN8mS.xls

Filesize
106KB

MD5
46c740a689fb7dec01283a7eeae812e3

SHA1
6a78932b9fd079c9d4dd062c9859b8f024d49d62

SHA256
167abb27e9b7e1b3eefc6d30206b47b224ceed11854579dbd30f20f98c08397e

SHA512
9d87247faf1f9d37b5cd2be080201820d04b36191f90c1b527d4abe4429402aafc0fa850adfdaa2c9e017f1c3a1f318fbe14b6ce35184125f4015ba9f2e0e25e

Download Submit
C:\3O3wNN8mS\ZO3wNN8mS.mdb

Filesize
318KB

MD5
728ce2ad1037c6a2d88486a4ad777335

SHA1
746ad6ea0a4f955f517fe9725a80f508a4fca5dc

SHA256
94378b1befdf32e16ca217c721e973e56370927a6da21b31ea9df61bfdfa2945

SHA512
86d0024b019e64dbcffbcf2e0f344ba198707bf0d01044e9d9551cdf8a8c89cf57229908fb50da3da4450d1b76bc047bd18ddfdb15c2c7a52e5d6d7ae5a84afa

Download Submit
C:\3O3wNN8mS\ZO3wNN8mS.txt

Filesize
956B

MD5
4e91f848a0b63efabe594bfc1cb7e174

SHA1
7828c58cf96791d8d57c1c7160cb575bf8d65621

SHA256
978a1c917e10c396a26a9b75d99a097a9b116a49a4be4d65090cb44899ddfa9d

SHA512
dbd5de8efb378f9fdb368e2ef48f4ef2a364a2e4290e679b5d6876d0e6902b60b4508aa6513f17523c28f218aeac256798355f81c5ca17791f9d2775b4b2c449

Download Submit
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\ResiliencyLinks\icudtl.dat.DATA

Filesize
11.9MB

MD5
94fd09db32b8ead34a11704dad7598ff

SHA1
4f56aa677b47f92ee70ff13b1784174bce4494b2

SHA256
8825de2a0bcbad27e5422e60dfcc9f7c3492986a2a4c90a8eb82e3c3445e6378

SHA512
53efece312cf845c6212b57091149d8456ff5fb36dc2396de81003ab826598629096f36a41e4b100cd1bbfc605b6da2812b2a8c28484c24e2eac744a7fea6ad5

Download Submit
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\ResiliencyLinks\resources.pak.DATA

Filesize
14.2MB

MD5
5eddfff00890cff246d916c077b9f8bc

SHA1
aac0261fae04299e0e19f269f4666f2fa64853c6

SHA256
8f4e7e2fde8610459b7f688854ec721d41fe4d43b081c71fe642c65a9ef7bfff

SHA512
d4e732530a0b9304fe54181b8c519bdb1ea07dbb34edbe077426511ff768dbbd131cea9d816ba04b8ae8e1402e1fd1e99e7da18eb077d2e93c999e244fad404d

Download Submit
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\ResiliencyLinks\v8_context_snapshot.bin.DATA

Filesize
162KB

MD5
4a37d86c8421403cea0a3c62a23981a5

SHA1
a990fc8f26deef207fedd9647ec84ab1754a11b7

SHA256
66dfe35b445aa95a292acf5f5f05c892c1bcecb82f1f22b6a87e17e2bbac6c14

SHA512
4b4df24a2a7c28f21953741955cc9e955f7e29ef9c9848b9b2b820c802a94c0408adab62a435de260b33765d9207cbb12acb60c22c385d006faaf2937dc8adf2

Download Submit
C:\Program Files (x86)\WiseVector\Eg.dll

Filesize
1.2MB

MD5
443383d3b5bd9957a3cfeb50442562ef

SHA1
0952bc7884f7b8d2f2a611b5c28c273ee9190d9a

SHA256
3dac7f7afc7fb390879bfb463a30f81ecb9892560d8370046c3de1d6aff150b3

SHA512
3d80a7a912bfca696431dd3ef573588ce733dd227e50bbf877626426a2279a45c4e0e0488f6221a48de9ad9bccd5ce4a273795bfb897951aed75c47b17d8073b

Download Submit
C:\Program Files (x86)\WiseVector\EgAddtionalHelper.dll

Filesize
1.7MB

MD5
b486326f7d16c0373fee6e7a20cf2b15

SHA1
03bfdea3bb892a00ac75153d946902b7908f16d0

SHA256
43a6e1c08964e709d934192d8485609922abe9772424ecac9c7ec451b3ea7cbd

SHA512
f3d715306b91b667ecd7c45855739b03ecfd924ff0bdfa188d5a8bbdd6ca73d273afb3de6d9585eaddb6d4159eeb43114b5ac0f0ea0aea2cbf0c08e63df46322

Download Submit
C:\Program Files (x86)\WiseVector\EgHelperOne.dll

Filesize
755KB

MD5
7a452382477b84ce4f9312b362700eaa

SHA1
9c8b726fa45fa543721003934f91d97aaa70a8cc

SHA256
4f97f0d1f90f63825c0e70f0fca5e4c9ecf4c0250c5354ee1b272a0a6204ab65

SHA512
dab998f88490c20b7abcd4c5a4254bcf0c967d50b911965e17a5c23a81db0b3e5aa1da86a7fec3bfe8891c367afd930bdafae6fd2c6cf858c96224f799d516db

Download Submit
C:\Program Files (x86)\WiseVector\EgHelperThree.dll

Filesize
205KB

MD5
d1bbbb3ab51049deb5143aaa593131bb

SHA1
0d7a2812e258ffd6585982350e1246382dd86463

SHA256
47afad03a77ec17621fd688ecc4d160347363adf9890f98db90a3057005568dc

SHA512
5ee3d453ccaf822a23227782c85573feed84c2276e5cb2c46cf4dfa727a21f8286c53984a7905eee54feefeffa59b668edd09e3a275588ba031ae4526ef09121

Download Submit
C:\Program Files (x86)\WiseVector\EgHelperTwo.dll

Filesize
202KB

MD5
ee10816a9b0e6fe7c504e59c5e01c947

SHA1
a8de2dc9fec813cfedecff0431ba64666aed7a8f

SHA256
3ceb8aeaa245fbf1c6afa10bf0362f1c0ddb178e9a592eb2ccb81919728a5061

SHA512
548e23b359784ffe3232e69894ebc6b8d63062c96931b4e6fa3a1565e75424aaaa6a30ec487aff9b5b74e194d866bdc35ba554dc82d6b29a6e5299df1168db33

Download Submit
C:\Program Files (x86)\WiseVector\WiseVector.exe

Filesize
7.3MB

MD5
be08ae0bbc95a6a336af2658bd814f42

SHA1
b158af97db766d86f45b55560a49d38e571747df

SHA256
f870de431bbc5b87044e87b9288a87c78b0d0e2ebdcf24077734e8bab8acf42e

SHA512
34c7c1650a1dec2e6da88d5e5b6c1b87d0cd040405788e313285ed2f7fff1c7ba7c8b6f0312f8475a75fb5cbc86c1683cdd99c3acebba3d7c2605a8ff5765b5d

Download Submit
C:\Program Files (x86)\WiseVector\WiseVectorCommu.dll

Filesize
85KB

MD5
3f75ff6c1a3fdd1c5bbe37d838af73ed

SHA1
fc2e25d963684cb362a37633c6c8cec7d5fc8f58

SHA256
003eda9a93fdf1f5f270e982b46b9272290e9260330fb818ac076ebef8b10577

SHA512
679d84bc256ee6552684d3a9c8041f5e2acc46e2a165fd6e77be47ac5ccef6b4a8e926b87bd97e9eb15cc2a7ccd9d0f4b73b45b70ee578cc5e563fbf1644e142

Download Submit
C:\Program Files (x86)\WiseVector\WiseVectorExt_X64.dll

Filesize
154KB

MD5
fdea85a1f81fee19e6481060757e0d4e

SHA1
9d6b99d75873f44bb155db3a3ec50a1f66cf6fd4

SHA256
dd2a3b68994ffb5b5e84d2cf9171ada5d0be41f49ae756f7f08c7285c1ff3e8d

SHA512
2474bed7a5890d9746c664916cf756d022373351ac7ae994d3601ca902be9ceda454c56a97c11824c2891d4e08214b2df85cf830298da0a0d690bc46872582db

Download Submit
C:\Program Files (x86)\WiseVector\WiseVectorHelperFive.dll

Filesize
393KB

MD5
e8defd5392924cfe4704aae3adec9470

SHA1
29874ac497c947a111cb23b1927688b5af27b840

SHA256
0af3a56535902e8d76bb74bf56c10c3c93cab783c66f6fcd48f49e829d5c07ac

SHA512
24ceabfb0f6e21b57cb0d62811afd2bd21a3a1b21765216814941f8764c0f6e5fe34e3f29833dd0dd2e1866b45f58a3ab203c7fc2ad611364d0cd66c35464228

Download Submit
C:\Program Files (x86)\WiseVector\WiseVectorScan.dll

Filesize
215KB

MD5
4bdafe7a62eef087343a5a8d606cb5f0

SHA1
38726a2224b84316bcee8ec0617a9398a6dcab9a

SHA256
0a199a15a6b5289aff529703caba2f57a101c097d40880753f7c21dbff72873d

SHA512
b323508cdc330e9d8b2e863edbe6b40b6eb5bdbb17f2319f7455ddc3851bf6447daddd7221604105265d3f255011f7ce2f801924200d55a5f189452c1ab104f4

Download Submit
C:\Program Files (x86)\WiseVector\WiseVectorService.exe

Filesize
1.6MB

MD5
e88d240c740727714b5d7439700c0f24

SHA1
1e5407bafc6079065965888e820e76f26ac2b7c3

SHA256
79b22bca302ea4deee74d8bb748f1330a18ff14f9bab53375a293d19375fc3cc

SHA512
ded0952807433a5750f12aaf29d0a94acfe45d412c0103f401f3e153dcd5cdf51ec220ab55710e15395d77c7381f2c07ad6335e9dd03aeb7250ae0fffce305f9

Download Submit
C:\Program Files (x86)\WiseVector\WiseVectorSvc.exe

Filesize
102KB

MD5
bdf9eca4f00cd36a4a91b5be82950912

SHA1
59a90d1b8369d3c95d4fdeefc27c4b5af6f9412d

SHA256
4e4b6e7e1fc47e0a7a29cca24ecbc8f923e5966801e1645987954a9a4fe39b4f

SHA512
77f46afdea39f1ddd46cde4f13868df27852f739377977496ee1035eeefde5b6288ea45ca0f9c311fc4c77c370bc07721ad2c7f2d4291bf3e56af84c7984a64b

Download Submit
C:\Program Files (x86)\WiseVector\cfg\r.cfg

Filesize
260B

MD5
a274525584cfb331672a305cb0dcad5e

SHA1
ee934112a5355f8c5c487545eb7af2486320da00

SHA256
001ea282eda4917e5f3df2ec8b06473bdc2bccec74793614d42adf86cde3ecc8

SHA512
f771041e8abf0b6c3291f91243d8e6b9371deeba185bc08503613292a82cbfb65dc763a243e861f5b1ff4588dc484e64d02d64b405e0992c35f1b30a8df4e627

Download Submit
C:\Program Files (x86)\WiseVector\lang\english.dat

Filesize
181B

MD5
1a7da7e2c4824f86017afb49548ee113

SHA1
79f78d895a3151973b5a6b7ba0d39234896f6eaa

SHA256
e616a32ca4a81baa3158746c4bfcd6c631697afc77af537dd1bb461ab40e97b0

SHA512
e096c6c2a821dea3f557a6e9eb82814bbadc01c88fb4004f959cafde653b417ff7865f4ca734bac04e43e23d52d0c9c2c6a54464a6e42cda3e105972915a1391

Download Submit
C:\Program Files (x86)\WiseVector\libcrypto-1_1.dll

Filesize
2.2MB

MD5
07827fe7caab1fe3afef23cda7b51478

SHA1
6618cccbda50c921260eaa56afe502153156bcfe

SHA256
16be78b4ebaa90cd1ee7f18983fef4e7a81910d63e34afc66fa877d72f510501

SHA512
8366ccda02e43d953248bb04388ecc283911ebd857a6d1bd0eafde615890660eff48988882ec3d7044b70c2f2919b3ad9e9243d0884d03e27e1a4c9121e7b706

Download Submit
C:\Program Files (x86)\WiseVector\python27.dll

Filesize
2.5MB

MD5
ffc6f8636ed28f50b4a509f21658dfb2

SHA1
b302af28714af84a498e14fa61e1173008245c6b

SHA256
58159c2b3b27e60a533401b516b0f4f71bab420f2650cfc620a5134209106787

SHA512
d795f52ccb6e949da5455cee4a5f763ca64de9472a1a1e87a3c80e611c2393762ec74107aac85e3fa9660d547d6b1afe281da286abe4fc7de3607fea420b09a6

Download Submit
C:\Program Files (x86)\WiseVector\vcomp120.dll

Filesize
116KB

MD5
27bc360d67f269a61bb052e10c9fceeb

SHA1
8d81406c8dd3ed8894d8aee07dd718dcfd2035c5

SHA256
fc12360ff09830bf08b7a2a238016eea2b9e9475cbea4c22043b264e76b3420c

SHA512
2807af25e00ea11c0acfae20d44ee0f02b2331c469f14f5d42814805ae16b7b2a11fbcd7f9046f3e11adc434133057dadab62beca63eb70793fd755f3f827755

Download Submit
C:\Program Files (x86)\WiseVector\wvsetting.ini

Filesize
718B

MD5
28cd019b072e33c2a2427ea8d8baa32b

SHA1
e782f50cc5d3b10f4466681f0502809e828eddc3

SHA256
8c171786b70136d35bfbf1a82171b40f58d304d4e20e82b3811a9e8adb4e91e0

SHA512
ae79ba58c0f39d0fd5496fd8bd7a822cf694cde3e7a9aaa4a452cd5433bf5ad9baf3b9df28a90ce3bca5270325156d1e345cd060ce023c7143d0358a17a58026

Download Submit
C:\Program Files (x86)\WiseVector\wvsetting.ini

Filesize
718B

MD5
46a23a646c909e78f674794554581ecf

SHA1
17343a5e8b752494cc31e858c744501231d06bb1

SHA256
00ceda0af5480cde8f96f5c3c7c4a48a9909ead666f6dea43b03d710537de291

SHA512
bfec9c80a659a2b06f46c07db0301b36f28e2c38ebd7c6a5ff3906b3a60f176a5196009cf86d1fffc8d541c1bb7e5cd35984e354c22f5875bc240f9aaba4d76d

Download Submit
C:\Program Files (x86)\WiseVector\wvsetting.ini

Filesize
718B

MD5
02a90b79dffb445c7ec5919544e6c505

SHA1
00a86448c0070edfb7cab2346e72c89bba198efe

SHA256
73bd38f74a1611a77813ffc5673a4c9bfdd6d6e6ddf1dd777ce21a48ccbd0058

SHA512
f785b9acfdc9a6c6ec4946385e5efd619837dd85939d72d4e0e0de549ef02d5008b93c2d7f4fa85d4ef5ade94a4371e49c31bead023920699f76efc83888240c

Download Submit
C:\Program Files (x86)\WiseVector\wvsetting.ini

Filesize
718B

MD5
452ed61e05e6655bcdbbe9e5f01356b3

SHA1
097b7711f11b1ca586fbb16536407be7c2282e10

SHA256
ac91ac79413681dc06786694aff2bf26f424460adebe43df2d1a93a403e9b42b

SHA512
a4affc2d9ba21937a310ae3b63667f0bc97f1caaacc54addaf9577a7dc85d5dbd4a638e1643cebba885e7ba8ae963b8caf97b61ee28505c48bc4575d259a865d

Download Submit
C:\Program Files (x86)\WiseVector\wvsetting.ini

Filesize
718B

MD5
423f63c3b8d1c4a66aea7e9576ff5c98

SHA1
bb5081a2dfaf396aab0a58ddef19b54002742ee1

SHA256
364f51c205eeac7d3ba821c48b1d4a72d5975360c05df6f6194ee6d088ce206f

SHA512
952fc19dfd74145fb3215d8032d3ee588ea1082ab71d65335e047474bb4b9581d00c61ea66b53ceaa31ce5653f1deb3cc76fbdf29ef54f57a01b8071d430ad69

Download Submit
C:\Program Files (x86)\WiseVector\wvsetting.ini

Filesize
718B

MD5
992811403dda0ac252075ff8c1d19431

SHA1
b9d938fc287215551c1c8bed7a0a55697a664756

SHA256
92234d313316127eb62528c5331948bf50a2a5560cbed27fbd76066c93c6b5b4

SHA512
ddd636b94d4791a66bffb5afcc77a7539aad1d92ac3e6a6d23b7aff9612eaadbe9130e133649ce448ad77e474dc7afe5e87446c7024c24b174c599fc39ca40bf

Download Submit
C:\Program Files (x86)\WiseVector\wvsetting.ini

Filesize
718B

MD5
c1802b5d8a3e065bf5338bc038bdbe40

SHA1
60a3bb9e9c60dc93d795510ee0e20711dae523e2

SHA256
2ccb17bb5949d19b2158ff439f9930f0ab4f43c0f05d69a7824ebaf440570412

SHA512
c8f9a570e5caee2c6280c8de9ea6cc38fb663590d2b0f7f4798015e92a183d17523cf3e0903687817a32070e9195b199f00bfdb8bc86bd6fddd479292129e479

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

Filesize
64KB

MD5
b5ad5caaaee00cb8cf445427975ae66c

SHA1
dcde6527290a326e048f9c3a85280d3fa71e1e22

SHA256
b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8

SHA512
92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

Filesize
4B

MD5
f49655f856acb8884cc0ace29216f511

SHA1
cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

SHA256
7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

SHA512
599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

Filesize
1008B

MD5
d222b77a61527f2c177b0869e7babc24

SHA1
3f23acb984307a4aeba41ebbb70439c97ad1f268

SHA256
80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747

SHA512
d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000020

Filesize
70KB

MD5
a8bc992bad7bae98e96d1c839fc939e0

SHA1
83c183c786ee2952427db80c6e91de04d800b3de

SHA256
6e7da6e50ed27be4e94e33192e0cc7b6c71570a360054a35786b7a8c36f94567

SHA512
3cb4d5b9bffdf5a8471e278693ae9f5121cf976ed4e431f7f8fea5bfb7e783c44ad8f5309f986e3badacbefc1704cb2ef611da0ef06ebbe7d56fe74afea5597c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000030

Filesize
111KB

MD5
2d26d1d5b72745ac6fd54fbbf373e246

SHA1
19644ba6fe374438271b1f8e54002ee578b207b6

SHA256
25cbe14928afbb2a5e64866f69d5ac6860d19e17432573f0047a9c51de2b7a9f

SHA512
e8870706ed4b03a07091b3842400e7b923b4ed18f3f761fed8254af1d6bc69b714ffb23046e6813c967dca461e309044decb9f926d1266e362f018981dd6f537

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000032

Filesize
45KB

MD5
f95a0faf6629fe55dba24478808491ac

SHA1
c91fbfa760c6642f522038a7e90b9445cf8c762f

SHA256
3401a6c618e31c817b75f603ff2ecfd83b8b75e4309aa09007cad5e98878f1f9

SHA512
06f2e5329db17deb104bd106cfc84ea2b321a4ddf64d6d4acf37462cc0d898530b3d913f2c48c7cc29063bb22430e9d12ebd6c9f8e32a2e980cd985a40923673

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000056

Filesize
32KB

MD5
90af67e8fd4d5ab0d104b28b82a5f9e3

SHA1
0172e38010ebd25ebcb3f0a4094be0e20f72ac48

SHA256
971b268c15450ab1dded5c1e8e7875660b086b2ca6c45a31ddfa82486b1d06d3

SHA512
ab10e3bd86abf1ae574133f34e7d5a8bff59f3bd003ba42da7e6b3b8744abc59df74b7b71b5c83537a2342adff2aa175caa0db5e5ba7f3a3e480820ef52b4672

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00006e

Filesize
215KB

MD5
1585c4c0ffdb55b2a4fdc0b0f5c317be

SHA1
aac0e0f12332063c75c690458b2cfe5acb800d0a

SHA256
18a1cfc3b339903a71e6a68791cde83fca626a4c1a22be5cb7755c9f2343e2a5

SHA512
7021ed87f0c97edc3a8ff838202fa444841eafcbfa4e00e722b723393a1ac679279aa744e8edde237a05be6060527a0c7e64a36148bd2d1316d5589d78d08e23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
f349bb95f8d338e29e9625680029dc9a

SHA1
3cbf73950230f914e8cd7cdd95932d045d38766f

SHA256
ba6f36eba6d80958868b572958fef8bd128c2e50bc38dafbc5846069cd50d3b0

SHA512
b6d4bc33c90d67021919557d1c225911ed178a2d56941b8ade6432cf128733ad7b77915676520a7ed11ed7d3134c3f696e453ba452edd9c7df61b1e78d2db48d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
77d0bd41a7fb6d31bbdb8ec7a11129c7

SHA1
2af08162383845e3c3c139b0bc721ededc7428bb

SHA256
258f0de298e315950bd7b9ee6047a00b1a19e65fd30d47a88184107500ec87d7

SHA512
9b3313ddfdcf40ff7b2f855a8277fca5f831510a0de43fe5d2ebaa4554e9115820f31ff370584b8d2c807bbdd181a76b88dbf2a520067b303665dbce934cc3b1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
0dee923d60c2a4807b6d6bbcb1c6a60c

SHA1
18d915d4d1169449a70f3e6d76105f4ffa298a44

SHA256
532772e80567eb0a8d09180fe41d40c96c4ab810c3c964e98caf56116a49b7f9

SHA512
859347d30d45f92883f57d4aff57b645b8f7312a5deebfdfdfa1601e097a2c4ab5d2634e433d41fe4bff444813079121130c1b32908282e7d262c93409831961

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
15KB

MD5
6d35a865f97459a7389763e9f69d6b6e

SHA1
27746e54b57884c9c61c9ce0b0eab41e7c407286

SHA256
1fa35308a929e25ba526e43693238c4ff7b434e9a692eb398f071a9c4f29055b

SHA512
19548cd6e03267c0b2f8d60b70f16ce0bffbf3c838bf314728033ace174307a52bfa2714a6ff112e203922294f8b5bafdf16a11bc924f85eebb1fad630d803d9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
16KB

MD5
e5022a0c07bf1412426141c671fa80b0

SHA1
72055300a533bbb90e0538275434ea5cff327639

SHA256
fd47df479e43265b29e821dfec68cc9e1d1988f8c0411fd25d960d0844338730

SHA512
a1b8f615845b689927098754c1ffd4fba02a4548c8d9bd5250752abcc0597367ed187ff1c9fc7731582b4919dc6dc881f6a86b1e7ee4e681cc9cb644c3941713

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
21KB

MD5
6f8c57d83a14b2adb3192370cf0cad33

SHA1
0b0c96595554e0e4cd97fa5b7e8793237d7062a8

SHA256
a23533675a0b564c953527f3a2edb7894acd13df5fd7d8e192c993e71c029abb

SHA512
80e38794c07b86a52f2f542c1f03c41c9bad5e74651a01086590b7721f86a66df41e96cd1dc4d88b38461767fc0e8a09cf7f4b28895976f79bc74828246583f8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
f418a2b173b934428d320fd61332ee7b

SHA1
363b015c1a9a06599b3c0f86a8e10aa251245b94

SHA256
237cc7852bc30c3205ee3c65a4d9d08d739de53e9c72f439bf16ca243044fa2c

SHA512
e7e3e77a65ca7dde11950a4c84c3e1e714ef4298bf4618355d0bc4eb94b04d514400404c362fa554ca1f3e985833df0dd812fa50ce558d4fe7e59e9f55e899a3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
b0017fb45fbabc0ecde8ca8d956281aa

SHA1
c42e5d7aed8485bfce6a4fe163236b8f650c5bfe

SHA256
a52a23d8487202d600d24ed2103dddf6ddfb18c21176e428d82c55a8551fbed4

SHA512
abe32d70e2e8b783696a2988cf8cb3a0e2322534c815195662f46611210a9fb5b47d5d569cf936f093c0340679c92dec6103dc4f6240036bfef4516ec7ce81be

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
fcde441b54149dede02442d3f6e19cc4

SHA1
28691c49a6c36ca813a143065373384f9c63ba0d

SHA256
1958e317838ae56f33ccb84857def7e5198b6e7b0cf13ce7c4a5a166db81517e

SHA512
de17f5f9be27b6527cd91762f7c5c1d0fcf856e08a473d4392df7f4020fc28ea6ecd2bccb23683a857499480c4259f36194075d77f277dd1eeeef40d265887ee

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
6c01f768ce9b97bbb327285a1ff9d2ad

SHA1
4e63a146fa8bc405371df76f84fd1a4197b23e58

SHA256
6f672eb39720d578abe0f627c758bb450dbf5c854cb2981157fae8778084d555

SHA512
639b791ec5bc26f6f6e3c0a9b042ad98c08342594ce8cd2e846cf2b578344c4d69ada87356b8735c1f1016f09ac1ecd80ded95fa50a628ae7da5ae8ddab159fc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
ca31c644c6297f669f6e619d384bae17

SHA1
cd721049d277e2773eb3f436aaa4c8f9c065c5d2

SHA256
f15f201b50b5246b7f5b7cd50b0dc9f618bf670f252e67a9d603d95c1b98389e

SHA512
36cebb5fe820add41be18631342e871c806c75e06fb62c1b26e9379361f63c93d4855aba75a064b5ac317592eefda81c4c0de473007fde6bb1e1a44ebf18ec97

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
27845d1b54b36cc81da3625ba8e15797

SHA1
ee770dddfda8c30be5cf9134867d26ef64aa5307

SHA256
4243af5caf76622b0b14ea87a808bc5e3b91d25703f138e9917846de62c63fec

SHA512
1793aee05fdcf0c546ba343b66e74c20770644a8dc25def30dd96e5c17516157fccef31632e3357d5d3393957e3954e8c7e6caafe647adb2144bec93fcac5fec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
e876863478874ba053218ace7cf6a663

SHA1
45d5bd95dc05c1946902f6d9a4a98a51fe200e5c

SHA256
ffc29872727aa164b9ad420f7b1873f0ebd6e8943b7be6216b98333da5763f1e

SHA512
342d2c089fe44fa49a981c2d581d24b4a0294e4a42c4603a1f4dce7de8af9bcbead3585521ef617990649fa4695d3bc2c7ce38dc090789284e219662f6378d4d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
b926d2676d341f4aeaa9b7bdbda645b6

SHA1
4d319e49dcbe171717278e7d1ed91a6413f0c68f

SHA256
02cf6f6d76527a8eee99d2fd50ff7b1571adb7956cd7fb66245e842965cc1c97

SHA512
028399c7aa6dc79319cf175ac3d5bf881c1ca8d32a7bc4f1063017664ad91c8727a02f18dfb444bd80726a0caef5f289be13297b1a2a5a3b3a7b3e6af8ce30d0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
8477bb8c21d67524d81a7828bacbbe9d

SHA1
98100596fd38ecb5ce89bc98eaf96bf09948316e

SHA256
cad6d6c957906c155946323a431106431c7a445806764789a5d2c296a30ac229

SHA512
842445e55e8c53cb3353d8cd8b28eed239d600c193765040b2dd8c138ad521024edee10f9723b364a2f32899219dcb4ff89144df446875824994b5fec24f0cad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
7f78f605e07cfb56b819fa553fcbdf0d

SHA1
2cc8125997a4035de8d12e48846a0526c21a6b7e

SHA256
835c02bac835eff1a419e449cc863a06f363795c0f48356b5181e287044331c4

SHA512
750c21e776a505eddc2a3b733f40ec474c23597401d38ea32b7b6d0abcd18ee053e3a3c01f33df30fc6fd8b7d7c67431168c046c529b4b253b16d08f27c6bc19

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
114224b309f48f442ac41334c9798f56

SHA1
1cac161f96cbfccec3a63665a7e030ba6181a926

SHA256
700ec369f6e75995553897fa685798c8fe3c476e23890bd3d35411865d9e3837

SHA512
a5bc401600da3ad4254caa29a863f248fcfc35c9f5fbcac5c929c84b0a81d4d2e384c7925ea2a26681fc3f040e4305da8444dff6cc6f65d5e5302e7a96cf1175

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
6199da55c1d1b11047954c356dbbb2d8

SHA1
6bdd4bb1569d95cb490e644cb27bbf163a8171f1

SHA256
33fc7659a324bdc8d2790008e3b3e847ceeb51d2619b862e51bb43dbeb150c43

SHA512
20ddded6cf7a8bf10327c64271312d383f57b200bccee7cc9906eedd55373bc6d73de065dadf174cb0ac6cc4c958ca30cf60914dcf901b887d456240c5acd768

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
59984fd145b08462a36d35b24ed1446f

SHA1
5f97ed56a6d0c3cd29af9f3b0070628902972402

SHA256
7de07c71443cc6f1a58b1e5bd12bf333ad232117a9d6f724b195b616f3d5e0ba

SHA512
5447a9c27d74c25e03e33ed16eff68d3255709554a7ffc442bb8eea26a1b02adadbdcb3a681a8a5dcc9726c519eee8c24109aff59526329f003c506f633dec52

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
9121197a0a73d3b0073cbbd5ff7260c5

SHA1
d80359b157be6b6e3505239ad0efec7b952e887e

SHA256
9849a8e1d98036d98f38787a4196a0cff0fabe85c63e244fa3550cefa67349be

SHA512
5341f1fd3b8bd454895ceef44dcaca91595f4ee70bc1128aca8a3c919ad5ccd351515160397205a85316641eb9ab2184a98fe1ce5a7cee96e88482142361eb0b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
00f1a3baec031cf6e3363b8de46f58a3

SHA1
03775d76247d9640bd2886eeabaed2d1ae34b0dc

SHA256
3a63e270fa6ea973e8e2ff4d3c453cbb081d11b08183c8c186fe18698b75c79d

SHA512
2131b9331e8ea81281b4324da39a21ac223861d1eff51c1ef8e451933b319829cd88079fa99aadc1cf4d4c5a92ba7acf05586ad202c330b8dddffef0dd00530e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
0c73bc6df935f86d105280be3487aad3

SHA1
071fbb0570463f59f0eaadefa16661bc5a7a5ea7

SHA256
185b875dd11c939bc23c42dc9bde9a171583456be82eea379039c6ce8a510ec3

SHA512
67f3d81856a5eb950550dfccff24c358eb4313e5359446cd290f952343a1915b7eae7d10e4e5003a0f29e8b2801bbeac6152e8559aa32989fd1bbdaa813fc621

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
67075eaa1a98acd92febe33e5587ab24

SHA1
f9301482cf5547c475fa4725618e1d2b564db98e

SHA256
66aab108248d90680cc0827f437e49fa958defcfb231f9085a991a7711b90e8f

SHA512
4778ad74a1f21087e02e6daf14931efe4586dd1b383e04306ce8032881841f262ed2670f00dc2fc27cb32e9066495b772d205733339174626d713f0fa745b3b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
ff17f8d8ca6c3ed66dedc94c76d552b2

SHA1
669e2f0d2e7ee96cd6ab1f728f639bdc9ef94099

SHA256
471c1e922ef68cf2ae770942fc6d489b53b2dc3ea84e3889de9c0be18fe8b366

SHA512
d8951f3d80fe829512cc04068d3006a03a556cc688eaa9b1823359f3e9c50ec3dbdff980d12c4b00785fa7ede3f07058d4e4205551f32a1cea085427160fe5b1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
ba4a8efd7aa24fde9c724f8c99760874

SHA1
f32df3b22725ef2ce7e372280e360395a292f26f

SHA256
6a82213e8c43fe4daa5971722e58a1a8366c27b09d6d8ee2f5d9a43ebc736908

SHA512
96c921d2f20971c6e349366885fe1ca98a67b7ae4b6cdbd070eec5b30cd992929bae5aa6167c801f4940c8f46b0bf8cc5c919ba1d951eb3c1956a1f97534db03

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
c2542f1b914b43ad870b39acbb674a5b

SHA1
a59b06ee7b4b266198d150e108eba2200150930b

SHA256
1d01494b0625aa3d665c2d8089b2768a271aa83be3c5e53d45b9911c64303c20

SHA512
b8cf8d8befe99705ec1250db1c4326bae00f7b5a743f0e56ba7543d7c74c06d44a9374bc66652ff827d68b1ac45835e28eba14a0ae96d8f11a40f28d1df11a56

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
9d881a2c2f2e338c261916075c56f8b6

SHA1
3229ab763ae038457f3ed26c0dbd0befc483f7a3

SHA256
6e486fe78b02c5dd66241b438175f66bedd0fd3139f787fd196b7f712efa8e46

SHA512
d552c2eddaea594f35a9f99ebb37534d8bb6f1ce0112f3fa83a79c28a55b23418e2d84acb4745f4c28046cf9f2962d8540101da2b4cea71d034ce0849ad83758

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
6f0b15718c53ce97906e35d0fbd02c4d

SHA1
fbdb7f99dec89221900afc9fc1e2ed91ced335da

SHA256
099313eff88457a94a3c0a69c004040bfea25c80bff1649eadbfffda9821bae7

SHA512
7e63be634866a9a6c8f0c72781c9c44e6ca67db81de2c4f455823be0247ea26e1cf107b473ca00514b30dfbc6e42786bd77aa6c52df4a98de84e033a84b8832e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
3fb0f00ac9790116d5ab7de9c40b916e

SHA1
efd324c0c321908078b48498d742befc5cf0bfbb

SHA256
f544275c39e5f5efcb535f78ec074d19fc6a7dcf1046ac57c24e2c3a6f7f50da

SHA512
eb59fe2de7cfbe9f1062482949fc0cf19df400885b4c1be5ba29bbe8e13d76067b22eb45861a5c78352dc17418477f1f91f11f01d8ced5d2958a153ff82ec2bf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
48e229cf65280bdba739c0668cabae53

SHA1
1098de15a4cd46bb773d6818b696f5d01b80e292

SHA256
e416f9966eba716f35e64b4949af2a535408a640e0cd9c85466780060b5f2faa

SHA512
a0ebcd4ffd0177208ca649649aebae90ca16b381af6b3caaca2f680be7bc91f60aa959e7341b511f824d30c7d72f80d50f32c8ba1434c097789172a64a354193

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
d2bad496bec7e51aec9332b338cc1286

SHA1
b9c276d7da723a43d90b44af6a65c0302f1a44d0

SHA256
676901b2e50e7131f0bfb55ac9ea8c555c5898710ff545fe073434d67389a444

SHA512
258db7b47563b72f5e17ac03f488bd5bde6967de40130048be4bf07e7846be9483d96c88a05f4ec85ec44299350167fafc7b865e1ce1d35b02e65880c815c25f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
908964787d2677da25b39a4689203a96

SHA1
6acbaf13b4ac577b1fbeb0fd34c047e2650b5e83

SHA256
3dc8f752477e6f3ed33dd3fafe4017b16f13c2740f3ad742786dc9592b3d1ac4

SHA512
437d71d5b415a0cf2672ea9ecebc8d6cd7e9e2ac844697e69244c750e6c9eb9d9dc057d9a40f6a41574c705b2eae9fa00b9b94840bcc6beeb8d821576534ed0a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
f3cea7146274fca8fa35ccebb95b8561

SHA1
c0a0fbb7d4f96856537390e6e01fe46047cfc038

SHA256
3c2d46bba8da36da319ddafd0c19a799de095ad66ec34cb73e12d1c77f2964d3

SHA512
efb25eea220da23d8243ddba2be973e0ffcf8b7db67a4d0e542f310feee718c81674b2edeabc94a6f59ce0a0d214e2b5047da0fdc517c1ceebc8d26cbd471952

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
5436faa3e7f74879eda221bcca65d3bc

SHA1
bb6f1f4017a0fdc45b4a05fc07c736586ab14533

SHA256
9846c52ff57e98344129226e3728c9ec164b9e594916b64f49719c3904fddb1c

SHA512
384d53abddeafb7306e89cd9627f444d47abf18593124bcaaf39163ac8cc7b79b413a06405eaec421844f5e5cd98696f6ba930c57101a3ab7ea1428e0092d9cf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
04a2c147dc0bcef69752683642c87f51

SHA1
57195b4ce9696d6f2091efa466b2d3588f2ab235

SHA256
8523fce63f59de5ce3606bc6703f59a238792d1423fe49b7c6a0f570279480d7

SHA512
2253bc18d6d0f66adb58349dc494b63ed41dce7e33158843dcca4a16f19bbc1ca6165203ae80c932da57e70e8e24a6059a73b9d7118a31860ecf592e7a0833a6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
1799871d24973af9bdab17c8b0856168

SHA1
d788cc3bcb270a7f701baf79d79674c8e3fd8668

SHA256
8e7e84d6ddd45c567d998899ee5ea0fbaf128dbde0ca085d76d125e9856fc330

SHA512
3bb76832c36018fd993c220ad7643542244ab61471f17d9749946041a876a1e91558e1718ebb684691f41b8bbfb6de6adcc1fb0db6a2debc6a83922ccfb2c66c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
b77b3260e019dc20f2e76d5c6cf12046

SHA1
44d50ee8542bd31eebf8fc17e5dcd02cc57ee7c1

SHA256
5e065d1f6afcf9a1b843c036d212cccf0800d50c5d5892aa1d98f3d7eadcc203

SHA512
5327e6e7847d618fa853c5473df1b457a718912628faa9fad35afe17520bf53e2e90b7ad10b8522c397f27b9f8260f43b17cb0b5e7a65bf289cf0d1932313331

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
7c50b8d6688944899f833ce744cfa49b

SHA1
a11781b50e7414eab4f16300d88f51625fff628e

SHA256
3fb388fd55368ce7edd9f2000b4eef7a1487be7c9ca8075cde4470bca5b3ee68

SHA512
88cded9413eb93404de62ae70f4042cff8374ccea239c3534eab06788ef51667b4a7fa9dc4b754b63ca444140ffcf504346c7cf02e4d38f8490a2ac629eda97f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
44ebfda951550eeb8dc6c598cfb5a835

SHA1
4883730536544c131cb0644a00efcf5d9b619e88

SHA256
c535e90cb13b5b7981f49dd95d1f52bc0bed1363b0048e68e000adfbbed388d9

SHA512
be9851b3abf41073333bbe33681e065f31f617bcc48ba1a1945aa41d76687c9dbcc4d4e23f8503c3385fe0f3e3ae433fbb7dfbaad9f1cd61b045ffea1f9b6293

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
3beeb64054dfe5c5c32238a1dde7c2aa

SHA1
22459644ce7d969d2c153da401949e1f76b056a3

SHA256
504193911b502e3de920e69be538c3fb399716fbf1939a43f7694abdc7e3fc08

SHA512
941fb26a57d95da2e8fda466c6dafb9bb87ac9c7e7b0d3bc40e88e736121d976b407474910d55043f58e8b8b6f7fa8f3e4c8f6a024678453e9667be462fbeec8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
b931f20c135e0803c6dbbe9e18444a56

SHA1
7bac3806785655467f69ce7e950c66e5000c7668

SHA256
0d3e50402cd4579af0096d29b0378cc94cc772d2bf9938c52d4365873c0950ca

SHA512
c2c3960af9faf32eda19ef2cd1ddb5055e89d53bf5c233b6be5a2bbf7b829debf1f85c755f83a930be0401edac1ed7f12d53a7967ea615fead3028c94b3747a3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
dc88133313c379ae4ea03249f51f5242

SHA1
47c309f8aef8c23629f3e5e61720ee1daee55adf

SHA256
91fab0ce1cd8b9edda6803e145e49a1bec743e9ded770092669e383a6c177fd4

SHA512
52c5af1ee5ce19dac3734d3ab9718fc921d8b7c7f11c21c49853a05ea2ef2be039479e92e7d406b77f4415ed2f9172090e0b4d7b6917ff4b551941dae4724d7a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports\bd693061-5173-4c64-8d62-e86823c0700e.dmp

Filesize
3.7MB

MD5
e32a3ec5282e410e37d8811a2495ec16

SHA1
8f77416ecb94f0fd652a6182f81355303ed70cd9

SHA256
f4cbf2ba4465241822f86cb8fd1257b331e934993e10bd9391c1333046effbd5

SHA512
133c3aa5156cbf905b4009650a2f0bd736cd988945d329e5a0668554ebad291e070e293fdfdb7d497c4cd69bea6966bc3961476cb4fc5fee56516fb6c760c99b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e11c77d0fa99af6b1b282a22dcb1cf4a

SHA1
2593a41a6a63143d837700d01aa27b1817d17a4d

SHA256
d96f9bfcc81ba66db49a3385266a631899a919ed802835e6fb6b9f7759476ea0

SHA512
c8f69f503ab070a758e8e3ae57945c0172ead1894fdbfa2d853e5bb976ed3817ecc8f188eefd5092481effd4ef650788c8ff9a8d9a5ee4526f090952d7c859f3

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsjCDBC.tmp\BgWorker.dll

Filesize
2KB

MD5
33ec04738007e665059cf40bc0f0c22b

SHA1
4196759a922e333d9b17bda5369f14c33cd5e3bc

SHA256
50f735ab8f3473423e6873d628150bbc0777be7b4f6405247cddf22bb00fb6be

SHA512
2318b01f0c2f2f021a618ca3e6e5c24a94df5d00154766b77160203b8b0a177c8581c7b688ffe69be93a69bc7fd06b8a589844d42447f5060fb4bcf94d8a9aef

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsjCDBC.tmp\System.dll

Filesize
11KB

MD5
bf712f32249029466fa86756f5546950

SHA1
75ac4dc4808ac148ddd78f6b89a51afbd4091c2e

SHA256
7851cb12fa4131f1fee5de390d650ef65cac561279f1cfe70ad16cc9780210af

SHA512
13f69959b28416e0b8811c962a49309dca3f048a165457051a28a3eb51377dcaf99a15e86d7eee8f867a9e25ecf8c44da370ac8f530eeae7b5252eaba64b96f4

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsjCDBC.tmp\nsNiuniuSkin.dll

Filesize
904KB

MD5
00b5a327b44faaaf7fc373176cd454ed

SHA1
e58ea8e7de259f5d577c01eeac28cc8f72b65094

SHA256
f125ed6489f16f1681ea92e30f6670f72e0951cd7948df9a043e04ee512ccbeb

SHA512
a7c5955652e1dd6f33e6596f0861a2127e4a259ae7abd256a44b3ffc36c1861e29fe3e9a2b60aa5a0230430411c737ef2b2e9170e4f0f42f737039451326340a

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsjCDBC.tmp\nsProcess.dll

Filesize
4KB

MD5
88d3e48d1c1a051c702d47046ade7b4c

SHA1
8fc805a8b7900b6ba895d1b809a9f3ad4c730d23

SHA256
51da07da18a5486b11e0d51ebff77a3f2fcbb4d66b5665d212cc6bda480c4257

SHA512
83299dd948b40b4e2c226256d018716dbacfa739d8e882131c7f4c028c0913bc4ed9d770deb252931f3d4890f8f385bd43dcf2a5bfe5b922ec35f4b3144247a7

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsjCDBC.tmp\nsis7zU.dll

Filesize
313KB

MD5
06a47571ac922f82c098622b2f5f6f63

SHA1
8a581c33b7f2029c41edaad55d024fc0d2d7c427

SHA256
e4ab3064f2e094910ae80104ef9d371ccb74ebbeeed592582cf099acd83f5fe9

SHA512
04b3d18042f1faa536e1393179f412a5644d2cf691fbc14970f79df5c0594eeedb0826b495807a3243f27aaa0380423c1f975fe857f32e057309bb3f2a529a83

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsjCDBC.tmp\skin.zip

Filesize
105KB

MD5
c3b9f10b4af875b7138a39457a9e0505

SHA1
1024522f141dd5e163160c44d964097aa37c7800

SHA256
428bb7bff14ec54436dc993276cb51da0be0d63b8773bfc627bcdec51af5dd2d

SHA512
bc1f38580c702ffe4d16a26cd5d99f3822672fad85c17457e9115e1520a690a4fe3cc24f21a7f61a52bb96affa04b192caff72225769de4ef7fee893d386413a

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 197193.crdownload

Filesize
56KB

MD5
1dee922fe62638c78c9cedb46dbeba2d

SHA1
c85f75cc9a37f190fe242e5c6f518be46ee66361

SHA256
fe08a3036d6573fb430a69485ebfe405aad2cffef415c6f0a82e1704abb1f801

SHA512
bc3e29e92a4e52d452b6d5bcca7c15f9e27157cd00c2ed2fcdc91f4b15dbb5748016e0e742ce71b825872e0b0fb41595ce41288542589340a86bc61c9a36b7ef

Download Submit
C:\Users\Admin\Downloads\WiseVector_StopX.exe

Filesize
50.0MB

MD5
58e84b8a668d9a2a720ab58a753dd266

SHA1
97fd328e3533cba34cb17cd7ecee6e30f4d39b8c

SHA256
1a60b743b79c688c04f51195f64887f3399c59a94251e4e74fbb6c919fb9756d

SHA512
f0e85e45a8023580d6cef3afcb6583993a65ab840735542f6d4bb7519ea375c0c7f87b23487d8511ef78c614c5a000db470c72eccf2bedf985a662375d3cce89

Download Submit
C:\Users\Admin\Downloads\WiseVector_StopX.exe:Zone.Identifier

Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit
memory/232-1916-0x0000000069510000-0x00000000695F2000-memory.dmp

Filesize
904KB

Download
memory/576-1185-0x0000000069A70000-0x0000000069AD2000-memory.dmp

Filesize
392KB

Download
memory/576-1182-0x0000000069D30000-0x000000006AD30000-memory.dmp

Filesize
16.0MB

Download
memory/576-1184-0x00000000704E0000-0x0000000073A14000-memory.dmp

Filesize
53.2MB

Download
memory/576-1187-0x0000000069A00000-0x0000000069A61000-memory.dmp

Filesize
388KB

Download
memory/576-1199-0x00000000704E0000-0x0000000073A14000-memory.dmp

Filesize
53.2MB

Download
memory/576-1295-0x00000000704E0000-0x0000000073A14000-memory.dmp

Filesize
53.2MB

Download
memory/780-1284-0x0000000069510000-0x00000000695F2000-memory.dmp

Filesize
904KB

Download
memory/1468-11828-0x0000000075640000-0x0000000075722000-memory.dmp

Filesize
904KB

Download
memory/2240-1198-0x0000000069510000-0x00000000695F2000-memory.dmp

Filesize
904KB

Download
memory/2736-10978-0x0000000075640000-0x0000000075722000-memory.dmp

Filesize
904KB

Download
memory/3668-2040-0x0000000069510000-0x00000000695F2000-memory.dmp

Filesize
904KB

Download
memory/5092-2029-0x0000000069510000-0x00000000695F2000-memory.dmp

Filesize
904KB

Download