Analysis Overview
SHA256
a8f51dceb27d5b564450d66b5c80b43c1301bc3e804fa4cfac4fdd8dff057234
Threat Level: Known bad
The file WiseCare365_6.7.2.645.exe was found to be: Known bad.
Malicious Activity Summary
Modifies firewall policy service
Possible privilege escalation attempt
Downloads MZ/PE file
Stops running service(s)
Executes dropped EXE
Reads user/profile data of web browsers
Loads dropped DLL
Modifies file permissions
Checks computer location settings
Checks installed software on the system
Checks for any installed AV software in registry
Writes to the Master Boot Record (MBR)
Enumerates connected drives
Drops desktop.ini file(s)
Drops file in System32 directory
Drops file in Program Files directory
Launches sc.exe
Drops file in Windows directory
Enumerates physical storage devices
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Enumerates processes with tasklist
Enumerates system info in registry
Suspicious behavior: LoadsDriver
Checks SCSI registry key(s)
Uses Volume Shadow Copy service COM API
Modifies Internet Explorer settings
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Suspicious use of SetWindowsHookEx
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Modifies registry class
Modifies Control Panel
Suspicious use of FindShellTrayWindow
MITRE ATT&CK Matrix V13
Analysis: static1
Detonation Overview
Reported
2024-06-01 16:32
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-01 16:32
Reported
2024-06-01 16:50
Platform
win10v2004-20240426-de
Max time kernel
956s
Max time network
710s
Command Line
Signatures
Modifies firewall policy service
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\EnableFirewall = "1" | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| Key created | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| Key created | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\PublicProfile | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\EnableFirewall = "1" | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
Downloads MZ/PE file
Possible privilege escalation attempt
Stops running service(s)
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\is-23MAB.tmp\WPUSetup.tmp | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\Control Panel\International\Geo\Nation | C:\Program Files (x86)\Wise\Wise Program Uninstaller\WiseProgramUninstaller.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\Control Panel\International\Geo\Nation | C:\Program Files (x86)\Wise\Wise JetSearch\WiseJetSearch.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\is-JEHPV.tmp\WiseCare365_6.7.2.645.tmp | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\Control Panel\International\Geo\Nation | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\Control Panel\International\Geo\Nation | C:\Program Files (x86)\Wise\Wise Folder Hider\WiseFolderHider.exe | N/A |
Executes dropped EXE
Loads dropped DLL
Modifies file permissions
Reads user/profile data of web browsers
Checks for any installed AV software in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\software\WOW6432Node\avira\antivir desktop | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\software\avira\antivirus | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| Key opened | \REGISTRY\MACHINE\software\avast software\avast | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| Key opened | \REGISTRY\MACHINE\software\WOW6432Node\avast software\avast | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\software\avast software\avast | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| Key opened | \REGISTRY\MACHINE\software\avira\antivir desktop | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
Checks installed software on the system
Drops desktop.ini file(s)
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\Downloaded Program Files\desktop.ini | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Local\Microsoft\Windows\History\desktop.ini | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
Enumerates connected drives
Writes to the Master Boot Record (MBR)
| Description | Indicator | Process | Target |
| File opened for modification | \??\PHYSICALDRIVE0 | C:\Program Files (x86)\Wise\Wise Data Recovery\WiseDataRecovery.exe | N/A |
| File opened for modification | \??\PhysicalDrive0 | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157 | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| File opened for modification | C:\Windows\System32\config\DEFAULT.rhk | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| File opened for modification | C:\Windows\System32\config\SAM.rhk | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| File opened for modification | C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_CBDCCBFE4F7A916411C1E69BDD97BB04 | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| File opened for modification | C:\Windows\System32\CatRoot2\dberr.txt | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| File opened for modification | C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{2ffd02c8-ed74-48e5-8c9f-17f93f6be724}\snapshot.etl | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| File opened for modification | C:\Windows\System32\SleepStudy\ScreenOn\ScreenOnPowerStudyTraceSession-2024-04-26-12-36-55.etl | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| File opened for modification | C:\Windows\System32\SleepStudy\ScreenOn\ScreenOnPowerStudyTraceSession-2024-04-26-12-34-19.etl | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| File opened for modification | C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776 | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| File created | C:\Windows\System32\config\SOFTWARE.rhk | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| File created | C:\Windows\System32\config\SECURITY.rhk | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| File opened for modification | C:\Windows\System32\LogFiles\Scm\SCM.EVM.2 | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| File opened for modification | C:\Windows\system32\FNTCACHE.DAT | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| File opened for modification | C:\Windows\System32\LogFiles\Scm\SCM.EVM.3 | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| File opened for modification | C:\Windows\System32\LogFiles\Scm\SCM.EVM.1 | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| File opened for modification | C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{440d086f-2e23-4ef5-b8f9-ecc87bfc3dc7}\snapshot.etl | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| File opened for modification | C:\Windows\System32\SleepStudy\ScreenOn\ScreenOnPowerStudyTraceSession-2024-04-26-12-35-12.etl | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| File opened for modification | C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\FB0D848F74F70BB2EAA93746D24D9749 | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| File opened for modification | C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506 | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| File opened for modification | C:\Windows\System32\config\SOFTWARE.rhk | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| File created | C:\Windows\System32\config\DEFAULT.rhk | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\CLR_v2.0\UsageLogs\addinutil.exe.log | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| File created | C:\Windows\System32\config\SAM.rhk | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| File opened for modification | C:\Windows\System32\config\SECURITY.rhk | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files (x86)\Wise\Wise Data Recovery\Languages\is-919IR.tmp | C:\Users\Admin\AppData\Local\Temp\is-38TLB.tmp\WDRSetup.tmp | N/A |
| File created | C:\Program Files (x86)\Wise\Wise Folder Hider\is-LL41O.tmp | C:\Users\Admin\AppData\Local\Temp\is-VR3L3.tmp\WFHSetup.tmp | N/A |
| File created | C:\Program Files (x86)\Wise\Wise Auto Shutdown\is-H1V84.tmp | C:\Users\Admin\AppData\Local\Temp\is-3LQQV.tmp\WASSetup.tmp | N/A |
| File created | C:\Program Files\Wise\Wise Memory Optimizer\is-GMEB2.tmp | C:\Users\Admin\AppData\Local\Temp\is-VGVMT.tmp\WMOSetup.tmp | N/A |
| File created | C:\Program Files (x86)\Wise\Wise JetSearch\Languages\is-SBPLK.tmp | C:\Users\Admin\AppData\Local\Temp\is-PV9CF.tmp\WJSSetup.tmp | N/A |
| File created | C:\Program Files (x86)\Wise\Wise ImageX\data\flutter_assets\assets\svg\is-7FERE.tmp | C:\Users\Admin\AppData\Local\Temp\is-QUOI6.tmp\ImageXSetup.tmp | N/A |
| File opened for modification | C:\Program Files (x86)\Wise\Wise Data Recovery\msvcp100.dll | C:\Users\Admin\AppData\Local\Temp\is-38TLB.tmp\WDRSetup.tmp | N/A |
| File created | C:\Program Files (x86)\Wise\Wise JetSearch\Languages\is-D6UHK.tmp | C:\Users\Admin\AppData\Local\Temp\is-PV9CF.tmp\WJSSetup.tmp | N/A |
| File created | C:\Program Files (x86)\Wise\Wise Care 365\is-K8TJU.tmp | C:\Users\Admin\AppData\Local\Temp\is-JEHPV.tmp\WiseCare365_6.7.2.645.tmp | N/A |
| File created | C:\Program Files (x86)\Wise\Wise Care 365\is-246F8.tmp | C:\Users\Admin\AppData\Local\Temp\is-JEHPV.tmp\WiseCare365_6.7.2.645.tmp | N/A |
| File created | C:\Program Files (x86)\Wise\Wise ImageX\data\flutter_assets\packages\window_manager\images\is-9S3RL.tmp | C:\Users\Admin\AppData\Local\Temp\is-QUOI6.tmp\ImageXSetup.tmp | N/A |
| File created | C:\Program Files\Wise\Wise Memory Optimizer\Languages\is-99P6N.tmp | C:\Users\Admin\AppData\Local\Temp\is-VGVMT.tmp\WMOSetup.tmp | N/A |
| File created | C:\Program Files (x86)\Wise\Wise Care 365\headers\is-BO3AI.tmp | C:\Users\Admin\AppData\Local\Temp\is-JEHPV.tmp\WiseCare365_6.7.2.645.tmp | N/A |
| File created | C:\Program Files (x86)\Wise\Wise Data Recovery\is-7K9OB.tmp | C:\Users\Admin\AppData\Local\Temp\is-38TLB.tmp\WDRSetup.tmp | N/A |
| File opened for modification | C:\Program Files (x86)\Wise\Wise Care 365\WiseBootBooster.exe | C:\Users\Admin\AppData\Local\Temp\is-JEHPV.tmp\WiseCare365_6.7.2.645.tmp | N/A |
| File opened for modification | C:\Program Files (x86)\Wise\Wise Care 365\libeay32.dll | C:\Users\Admin\AppData\Local\Temp\is-JEHPV.tmp\WiseCare365_6.7.2.645.tmp | N/A |
| File created | C:\Program Files (x86)\Wise\Wise ImageX\data\flutter_assets\assets\svg\is-LF0NT.tmp | C:\Users\Admin\AppData\Local\Temp\is-QUOI6.tmp\ImageXSetup.tmp | N/A |
| File created | C:\Program Files (x86)\Wise\Wise Auto Shutdown\Languages\is-O6NFA.tmp | C:\Users\Admin\AppData\Local\Temp\is-3LQQV.tmp\WASSetup.tmp | N/A |
| File created | C:\Program Files\Wise\Wise Memory Optimizer\Languages\is-37OTN.tmp | C:\Users\Admin\AppData\Local\Temp\is-VGVMT.tmp\WMOSetup.tmp | N/A |
| File created | C:\Program Files (x86)\Wise\Wise Program Uninstaller\Languages\is-HP7DP.tmp | C:\Users\Admin\AppData\Local\Temp\is-23MAB.tmp\WPUSetup.tmp | N/A |
| File opened for modification | C:\Program Files (x86)\Wise\Wise Care 365\WiseDefrag.dll | C:\Users\Admin\AppData\Local\Temp\is-JEHPV.tmp\WiseCare365_6.7.2.645.tmp | N/A |
| File created | C:\Program Files (x86)\Wise\Wise Data Recovery\is-I1RSC.tmp | C:\Users\Admin\AppData\Local\Temp\is-38TLB.tmp\WDRSetup.tmp | N/A |
| File opened for modification | C:\Program Files (x86)\Wise\Wise Force Deleter\DManager.dll | C:\Users\Admin\AppData\Local\Temp\is-T6N3S.tmp\WFDSetup.tmp | N/A |
| File created | C:\Program Files (x86)\Wise\Wise Force Deleter\Languages\is-7O0JH.tmp | C:\Users\Admin\AppData\Local\Temp\is-T6N3S.tmp\WFDSetup.tmp | N/A |
| File created | C:\Program Files (x86)\Wise\Wise Auto Shutdown\Languages\is-OU3D3.tmp | C:\Users\Admin\AppData\Local\Temp\is-3LQQV.tmp\WASSetup.tmp | N/A |
| File created | C:\Program Files\Wise\Wise Memory Optimizer\Languages\is-DU0NN.tmp | C:\Users\Admin\AppData\Local\Temp\is-VGVMT.tmp\WMOSetup.tmp | N/A |
| File created | C:\Program Files\Wise\Wise Memory Optimizer\Languages\is-HOG5H.tmp | C:\Users\Admin\AppData\Local\Temp\is-VGVMT.tmp\WMOSetup.tmp | N/A |
| File created | C:\Program Files (x86)\Wise\Wise Duplicate Finder\Languages\is-373C2.tmp | C:\Users\Admin\AppData\Local\Temp\is-GSD5K.tmp\WDFSetup.tmp | N/A |
| File created | C:\Program Files (x86)\Wise\Wise Folder Hider\Languages\is-0UR3G.tmp | C:\Users\Admin\AppData\Local\Temp\is-VR3L3.tmp\WFHSetup.tmp | N/A |
| File created | C:\Program Files (x86)\Wise\Wise Folder Hider\Languages\is-QQVRC.tmp | C:\Users\Admin\AppData\Local\Temp\is-VR3L3.tmp\WFHSetup.tmp | N/A |
| File created | C:\Program Files (x86)\Wise\Wise Force Deleter\Languages\is-CFIOT.tmp | C:\Users\Admin\AppData\Local\Temp\is-T6N3S.tmp\WFDSetup.tmp | N/A |
| File created | C:\Program Files (x86)\Wise\Wise Program Uninstaller\is-L9574.tmp | C:\Users\Admin\AppData\Local\Temp\is-23MAB.tmp\WPUSetup.tmp | N/A |
| File created | C:\Program Files (x86)\Wise\Wise JetSearch\Languages\is-43A7M.tmp | C:\Users\Admin\AppData\Local\Temp\is-PV9CF.tmp\WJSSetup.tmp | N/A |
| File created | C:\Program Files (x86)\Wise\Wise JetSearch\Languages\is-KUOHL.tmp | C:\Users\Admin\AppData\Local\Temp\is-PV9CF.tmp\WJSSetup.tmp | N/A |
| File opened for modification | C:\Program Files (x86)\Wise\Wise Care 365\WiseEraser.dll | C:\Users\Admin\AppData\Local\Temp\is-JEHPV.tmp\WiseCare365_6.7.2.645.tmp | N/A |
| File created | C:\Program Files (x86)\Wise\Wise Folder Hider\Languages\is-HBH9H.tmp | C:\Users\Admin\AppData\Local\Temp\is-VR3L3.tmp\WFHSetup.tmp | N/A |
| File created | C:\Program Files (x86)\Wise\Wise Auto Shutdown\Languages\is-6I0G2.tmp | C:\Users\Admin\AppData\Local\Temp\is-3LQQV.tmp\WASSetup.tmp | N/A |
| File created | C:\Program Files\Wise\Wise Memory Optimizer\Languages\is-FR5R7.tmp | C:\Users\Admin\AppData\Local\Temp\is-VGVMT.tmp\WMOSetup.tmp | N/A |
| File created | C:\Program Files (x86)\Wise\Wise Program Uninstaller\is-L56NO.tmp | C:\Users\Admin\AppData\Local\Temp\is-23MAB.tmp\WPUSetup.tmp | N/A |
| File created | C:\Program Files (x86)\Wise\Wise Program Uninstaller\Languages\is-B41D1.tmp | C:\Users\Admin\AppData\Local\Temp\is-23MAB.tmp\WPUSetup.tmp | N/A |
| File created | C:\Program Files (x86)\Wise\Wise JetSearch\Languages\is-RPUPU.tmp | C:\Users\Admin\AppData\Local\Temp\is-PV9CF.tmp\WJSSetup.tmp | N/A |
| File created | C:\Program Files (x86)\Wise\Wise Care 365\tools\img\is-JSHQU.tmp | C:\Users\Admin\AppData\Local\Temp\is-JEHPV.tmp\WiseCare365_6.7.2.645.tmp | N/A |
| File opened for modification | C:\Program Files (x86)\Wise\Wise ImageX\url_launcher_windows_plugin.dll | C:\Users\Admin\AppData\Local\Temp\is-QUOI6.tmp\ImageXSetup.tmp | N/A |
| File created | C:\Program Files (x86)\Wise\Wise ImageX\unins000.msg | C:\Users\Admin\AppData\Local\Temp\is-QUOI6.tmp\ImageXSetup.tmp | N/A |
| File created | C:\Program Files (x86)\Wise\Wise Auto Shutdown\Languages\is-0A67J.tmp | C:\Users\Admin\AppData\Local\Temp\is-3LQQV.tmp\WASSetup.tmp | N/A |
| File created | C:\Program Files (x86)\Wise\Wise Program Uninstaller\is-314UE.tmp | C:\Users\Admin\AppData\Local\Temp\is-23MAB.tmp\WPUSetup.tmp | N/A |
| File created | C:\Program Files (x86)\Wise\Wise Care 365\Languages\is-2B6CD.tmp | C:\Users\Admin\AppData\Local\Temp\is-JEHPV.tmp\WiseCare365_6.7.2.645.tmp | N/A |
| File created | C:\Program Files (x86)\Wise\Wise ImageX\data\flutter_assets\assets\images\is-4B618.tmp | C:\Users\Admin\AppData\Local\Temp\is-QUOI6.tmp\ImageXSetup.tmp | N/A |
| File created | C:\Program Files (x86)\Wise\Wise ImageX\Languages\is-8SK9C.tmp | C:\Users\Admin\AppData\Local\Temp\is-QUOI6.tmp\ImageXSetup.tmp | N/A |
| File created | C:\Program Files (x86)\Wise\Wise Folder Hider\Languages\is-7RR61.tmp | C:\Users\Admin\AppData\Local\Temp\is-VR3L3.tmp\WFHSetup.tmp | N/A |
| File created | C:\Program Files (x86)\Wise\Wise Folder Hider\Languages\is-D1VAD.tmp | C:\Users\Admin\AppData\Local\Temp\is-VR3L3.tmp\WFHSetup.tmp | N/A |
| File created | C:\Program Files (x86)\Wise\Wise Auto Shutdown\Languages\is-SNKAP.tmp | C:\Users\Admin\AppData\Local\Temp\is-3LQQV.tmp\WASSetup.tmp | N/A |
| File opened for modification | C:\Program Files (x86)\Wise\Wise Program Uninstaller\sqlite3.dll | C:\Users\Admin\AppData\Local\Temp\is-23MAB.tmp\WPUSetup.tmp | N/A |
| File created | C:\Program Files (x86)\Wise\Wise Care 365\Languages\is-JGPMN.tmp | C:\Users\Admin\AppData\Local\Temp\is-JEHPV.tmp\WiseCare365_6.7.2.645.tmp | N/A |
| File created | C:\Program Files (x86)\Wise\Wise Care 365\is-D7A8J.tmp | C:\Users\Admin\AppData\Local\Temp\is-JEHPV.tmp\WiseCare365_6.7.2.645.tmp | N/A |
| File created | C:\Program Files (x86)\Wise\Wise Duplicate Finder\Languages\is-8FQTO.tmp | C:\Users\Admin\AppData\Local\Temp\is-GSD5K.tmp\WDFSetup.tmp | N/A |
| File created | C:\Program Files\Wise\Wise Memory Optimizer\Languages\is-POPPD.tmp | C:\Users\Admin\AppData\Local\Temp\is-VGVMT.tmp\WMOSetup.tmp | N/A |
| File created | C:\Program Files\Wise\Wise Memory Optimizer\Languages\is-27P5H.tmp | C:\Users\Admin\AppData\Local\Temp\is-VGVMT.tmp\WMOSetup.tmp | N/A |
| File created | C:\Program Files (x86)\Wise\Wise Program Uninstaller\Languages\is-GFQ1J.tmp | C:\Users\Admin\AppData\Local\Temp\is-23MAB.tmp\WPUSetup.tmp | N/A |
| File created | C:\Program Files (x86)\Wise\Wise JetSearch\Languages\is-D48OB.tmp | C:\Users\Admin\AppData\Local\Temp\is-PV9CF.tmp\WJSSetup.tmp | N/A |
| File created | C:\Program Files (x86)\Wise\Wise Program Uninstaller\unins000.msg | C:\Users\Admin\AppData\Local\Temp\is-23MAB.tmp\WPUSetup.tmp | N/A |
| File created | C:\Program Files (x86)\Wise\Wise Care 365\Languages\is-K38VM.tmp | C:\Users\Admin\AppData\Local\Temp\is-JEHPV.tmp\WiseCare365_6.7.2.645.tmp | N/A |
| File created | C:\Program Files (x86)\Wise\Wise Care 365\Languages\is-SS0BS.tmp | C:\Users\Admin\AppData\Local\Temp\is-JEHPV.tmp\WiseCare365_6.7.2.645.tmp | N/A |
| File created | C:\Program Files (x86)\Wise\Wise Care 365\tools\img\is-EGLBH.tmp | C:\Users\Admin\AppData\Local\Temp\is-JEHPV.tmp\WiseCare365_6.7.2.645.tmp | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\prefetch\MOBSYNC.EXE-C5E2284F.pf | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| File opened for modification | C:\Windows\prefetch\ASPNET_REGIIS.EXE-945CDB73.pf | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| File opened for modification | C:\Windows\prefetch\AgRobust.db | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| File opened for modification | C:\Windows\SoftwareDistribution\DataStore\logs\edb00008.log | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| File opened for modification | C:\Windows\SoftwareDistribution\DataStore\logs\edb.log | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| File opened for modification | C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744CAF070E41400\15.7.20033\F_CENTRAL_msvcr120_x86.194841A2_D0F2_3B96_9F71_05BA91BEA0FA | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| File opened for modification | C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744CAF070E41400\15.7.20033\EScript.api | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| File opened for modification | C:\Windows\prefetch\RUNTIMEBROKER.EXE-C4B5739C.pf | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| File opened for modification | C:\Windows\DtcInstall.log | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| File opened for modification | C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744CAF070E41400\15.7.20033\QRCode.pmp | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| File opened for modification | C:\Windows\prefetch\SHUTDOWN.EXE-E7D5C9CC.pf | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| File opened for modification | C:\Windows\prefetch\SVCHOST.EXE-7CFEDEA3.pf | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| File opened for modification | C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744CAF070E41400\15.7.20033\Flash.mpp | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| File opened for modification | C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744CAF070E41400\15.7.20033\Accessibility.api_NON_OPT | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| File opened for modification | C:\Windows\prefetch\RUNDLL32.EXE-7EF4A0DD.pf | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| File opened for modification | C:\Windows\prefetch\RUNDLL32.EXE-0521102C.pf | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| File opened for modification | C:\Windows\Panther\_s_39A0.tmp | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| File opened for modification | C:\Windows\SoftwareDistribution\DataStore\logs\edb0000E.log | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| File opened for modification | C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744CAF070E41400\15.7.20033\JP2KLib.dll | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| File opened for modification | C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744CAF070E41400\15.7.20033\libcef.dll.15EE1C08_ED51_465D_B6F3_FB152B1CC435 | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| File opened for modification | C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744CAF070E41400\15.7.20033\ICELAND.TXT | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| File opened for modification | C:\Windows\prefetch\AgAppLaunch.db | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| File opened for modification | C:\Windows\Logs\MoSetup\UpdateAgent.log | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| File opened for modification | C:\Windows\Panther\unattend.xml | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| File opened for modification | C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744CAF070E41400\15.7.20033\F_CENTRAL_vccorlib120_x86.194841A2_D0F2_3B96_9F71_05BA91BEA0FA | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| File opened for modification | C:\Windows\prefetch\SVCHOST.EXE-9F4DB6F5.pf | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| File opened for modification | C:\Windows\prefetch\RUNDLL32.EXE-373C0EED.pf | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| File opened for modification | C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744CAF070E41400\15.7.20033\Edit_R_RHP.aapp | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| File opened for modification | C:\Windows\prefetch\RUNDLL32.EXE-6F2A95AF.pf | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| File opened for modification | C:\Windows\debug\PASSWD.LOG | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| File opened for modification | C:\Windows\panther\cbs_unattend.log | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| File opened for modification | C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744CAF070E41400\15.7.20033\DigSig.api | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| File opened for modification | C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744CAF070E41400\15.7.20033\ccme_asym.dll | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| File opened for modification | C:\Windows\Downloaded Program Files\desktop.ini | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| File opened for modification | C:\Windows\prefetch\ONEDRIVESETUP.EXE-8CE5A462.pf | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| File opened for modification | C:\Windows\prefetch\CJMMCO.EXE-5AADD81D.pf | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| File opened for modification | C:\Windows\SoftwareDistribution\ReportingEvents.log | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| File opened for modification | C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744CAF070E41400\15.7.20033\CYRILLIC.TXT | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| File opened for modification | C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744CAF070E41400\15.7.20033\acrosup64.dll | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| File opened for modification | C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744CAF070E41400\15.7.20033\AcroRd32Info.exe | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| File opened for modification | C:\Windows\prefetch\BACKGROUNDTASKHOST.EXE-ACEF2FA2.pf | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| File opened for modification | C:\Windows\prefetch\APPLICATIONFRAMEHOST.EXE-CCEEF759.pf | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| File opened for modification | C:\Windows\Panther\_s_3856.tmp | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| File created | C:\Windows\WiseFs64.sys | C:\Program Files (x86)\Wise\Wise Folder Hider\WiseFolderHider.exe | N/A |
| File opened for modification | C:\Windows\lsasetup.log | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| File opened for modification | C:\Windows\SoftwareDistribution\DataStore\logs\edb00009.log | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| File opened for modification | C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\FontCache-S-1-5-18.dat | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| File opened for modification | C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744CAF070E41400\15.7.20033\TrackedSend.aapp | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| File opened for modification | C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744CAF070E41400\15.7.20033\SendMail.api | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| File opened for modification | C:\Windows\prefetch\SGRMBROKER.EXE-0CA31CC6.pf | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| File opened for modification | C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744CAF070E41400\15.7.20033\ReadOutLoud.api | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| File opened for modification | C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744CAF070E41400\15.7.20033\logsession.dll | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| File opened for modification | C:\Windows\security\logs\scesetup.log | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| File opened for modification | C:\Windows\Logs\CBS\CbsPersist_20240601163407.log | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| File opened for modification | C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744CAF070E41400\15.7.20033\EPDF_Full.aapp | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| File opened for modification | C:\Windows\prefetch\RUNTIMEBROKER.EXE-06226CEB.pf | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| File opened for modification | C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744CAF070E41400\15.7.20033\Edit_R_Full.aapp | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| File opened for modification | C:\Windows\prefetch\SETTINGSYNCHOST.EXE-2521C7ED.pf | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| File opened for modification | C:\Windows\ServiceProfiles\NetworkService\Appdata\Local\Microsoft\Windows\DeliveryOptimization\Logs\domgmt.20240426_193420_239.etl | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| File opened for modification | C:\Windows\ServiceProfiles\NetworkService\Appdata\Local\Microsoft\Windows\DeliveryOptimization\State\migration.dat.LOG2 | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| File opened for modification | C:\Windows\prefetch\RUNDLL32.EXE-2C52326A.pf | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| File opened for modification | C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744CAF070E41400\15.7.20033\Updater.api_NON_OPT | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| File opened for modification | C:\Windows\Installer\$PatchCache$\Managed\1D5E3C0FEDA1E123187686FED06E995A\10.0.40219\F_CENTRAL_mfc100u_x86 | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| File opened for modification | C:\Windows\Logs\MoSetup\ActionList.xml | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
Launches sc.exe
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\sc.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\sc.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\sc.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\sc.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\sc.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\sc.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\sc.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\sc.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\sc.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\sc.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\sc.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\sc.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\sc.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\sc.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\sc.exe | N/A |
Enumerates physical storage devices
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters | C:\Windows\system32\vssvc.exe | N/A |
| Key created | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr | C:\Windows\system32\vssvc.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr\PartitionTableCache = 000000000400000081a0e6b9f9d406b40000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000c01200000000ffffffff00000000270101000008000081a0e6b90000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d01200000000000020ed3a000000ffffffff00000000070001000068090081a0e6b9000000000000d012000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f0ff3a0000000000000005000000ffffffff000000000700010000f87f1d81a0e6b9000000000000f0ff3a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff00000000000000000000000081a0e6b900000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 | C:\Windows\system32\vssvc.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr\SnapshotDataCache = 534e41505041525401000000700000008ec7416a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 | C:\Windows\system32\vssvc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 | C:\Windows\system32\taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\system32\taskmgr.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName | C:\Windows\system32\taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters | C:\Windows\system32\vssvc.exe | N/A |
Enumerates processes with tasklist
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\tasklist.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies Control Panel
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\Control Panel\Desktop | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\Control Panel\Mouse | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\Control Panel\Desktop\WaitToKillServiceTimeout = "5000" | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\Control Panel\Desktop\WaitToKillAppTimeout = "10000" | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\Control Panel\Desktop\AutoEndTasks = "1" | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\Control Panel\Mouse\mousehovertime = "100" | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\Control Panel\Desktop\ForegroundLockTimeout = "0" | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\Control Panel\Desktop\WindowMetrics\MinAnimate = "0" | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\Control Panel\Desktop\WindowMetrics | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\Control Panel\Desktop\LowLevelHooksTimeout = "4000" | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\Control Panel\Desktop\HungAppTimeout = "3000" | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\Control Panel\Desktop\MenuShowDelay = "0" | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\WiseJetSearch.exe = "11000" | C:\Program Files (x86)\Wise\Wise JetSearch\WiseJetSearch.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION | C:\Program Files (x86)\Wise\Wise JetSearch\WiseJetSearch.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key deleted | \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\.xps | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\.msixbundle | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\.ms-lockscreencomponent-primary\OpenWithProgids | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\.fluid\shell\open\command | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\.loop | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\*\shell\WForceDelete\Command | C:\Program Files (x86)\Wise\Wise Force Deleter\WiseDeleter.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shell\WShredFile\Command\ = "C:\\Program Files (x86)\\Wise\\Wise Care 365\\WiseCare365.exe -shred \"%1\"" | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\.whiteboard\shell\open\command | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\.m4r | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\mssharepointclient\shell\open\command | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\.fh | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\.fbx | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wise Folder Hider\shell\open\command | C:\Users\Admin\AppData\Local\Temp\is-VR3L3.tmp\WFHSetup.tmp | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\.fh\OpenWithProgids | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\.thumb\OpenWithProgids | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\.m4r\OpenWithProgids | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\.whiteboard | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shell\WFH | C:\Users\Admin\AppData\Local\Temp\is-VR3L3.tmp\WFHSetup.tmp | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\*\shell\WForceDelete\Command | C:\Program Files (x86)\Wise\Wise Force Deleter\WiseDeleter.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F2E13DF2-260E-4E58-A072-E7D11ABA1B9E}\WJS = "{C76A9A33-4C38-40B3-93A2-AAF717026175}" | C:\Program Files (x86)\Wise\Wise JetSearch\WiseJetSearch.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\.xvid\OpenWithProgids | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wise Folder Hider\shell\open\command\ = "\"C:\\Program Files (x86)\\Wise\\Wise Folder Hider\\WiseFolderHider.exe\" \"%1\"" | C:\Users\Admin\AppData\Local\Temp\is-VR3L3.tmp\WFHSetup.tmp | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EE870F5E-1575-4DB2-A27D-AC87CED37F3D}\License Key | C:\Program Files (x86)\Wise\Wise Folder Hider\WiseFolderHider.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\.loop\shell\open\command | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shell\WFH\ICON = "C:\\Program Files (x86)\\Wise\\Wise Folder Hider\\WiseFolderHider.exe" | C:\Users\Admin\AppData\Local\Temp\is-VR3L3.tmp\WFHSetup.tmp | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wise Folder Hider\DefaultIcon | C:\Users\Admin\AppData\Local\Temp\is-VR3L3.tmp\WFHSetup.tmp | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{AD33D42D-8FBB-455C-9440-DB8752967108} | C:\Program Files (x86)\Wise\Wise Folder Hider\WiseFolderHider.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\*\shell\WForceDelete | C:\Users\Admin\AppData\Local\Temp\is-T6N3S.tmp\WFDSetup.tmp | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\application/vnd.adobe.xfd+xml | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wise Folder Hider\shell | C:\Users\Admin\AppData\Local\Temp\is-VR3L3.tmp\WFHSetup.tmp | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EE870F5E-1575-4DB2-A27D-AC87CED37F3D}\User Email | C:\Program Files (x86)\Wise\Wise Folder Hider\WiseFolderHider.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\.tgz\PersistentHandler | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\.tar\PersistentHandler | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\application/x-tar | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\.fluid\shell\open | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\.note\shell | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\*\shell\WShredFile\ = "Datei/Ordner vernichten" | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\.xvid | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\.mdc\OpenWithProgids | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wise Folder Hider\ = "Program Wise Folder Hider" | C:\Users\Admin\AppData\Local\Temp\is-VR3L3.tmp\WFHSetup.tmp | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F2E13DF2-260E-4E58-A072-E7D11ABA1B9E} | C:\Program Files (x86)\Wise\Wise JetSearch\WiseJetSearch.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\application/x-gzip | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\*\shell\WShredFile | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\.gltf | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\.appx | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\.appinstaller | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shell\WFH\command\ = "C:\\Program Files (x86)\\Wise\\Wise Folder Hider\\WiseFolderHider.exe \"%1\"" | C:\Users\Admin\AppData\Local\Temp\is-VR3L3.tmp\WFHSetup.tmp | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\*\shell\WForceDelete\ICON = "C:\\Program Files (x86)\\Wise\\Wise Force Deleter\\WiseDeleter.exe" | C:\Users\Admin\AppData\Local\Temp\is-T6N3S.tmp\WFDSetup.tmp | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\.R3D\OpenWithProgids | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\.appxbundle | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\.R3D | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\mssharepointclient\DefaultIcon | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\.ply | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\.appxbundle\OpenWithProgids | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\.whiteboard\shell\open | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{01C286AF-AB1F-4872-8A6D-66C90CA40F00}\WDFFT = 37a56d429630e640 | C:\Program Files (x86)\Wise\Wise Duplicate Finder\WiseDuplicateFinder.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\*\shell\WForceDelete\ = "Löschen erzwingen" | C:\Program Files (x86)\Wise\Wise Force Deleter\WiseDeleter.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\*\shell\WForceDelete\command\ = "C:\\Program Files (x86)\\Wise\\Wise Force Deleter\\WiseDeleter.exe -force \"%1\"" | C:\Program Files (x86)\Wise\Wise Force Deleter\WiseDeleter.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\*\shell\WShredFile\Command | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shell\WFH\ = "Hide Folder With Wise Folder Hider" | C:\Users\Admin\AppData\Local\Temp\is-VR3L3.tmp\WFHSetup.tmp | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\.bz2 | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\.7z | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\.msix | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\.bzip2 | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: LoadsDriver
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Wise\Wise Duplicate Finder\WiseDuplicateFinder.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Wise\Wise Duplicate Finder\WiseDuplicateFinder.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Wise\Wise ImageX\imagex.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Wise\Wise ImageX\imagex.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Wise\Wise Force Deleter\WiseDeleter.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Wise\Wise Force Deleter\WiseDeleter.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Wise\Wise JetSearch\WiseJetSearch.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Wise\Wise JetSearch\WiseJetSearch.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Uses Volume Shadow Copy service COM API
Processes
C:\Users\Admin\AppData\Local\Temp\WiseCare365_6.7.2.645.exe
"C:\Users\Admin\AppData\Local\Temp\WiseCare365_6.7.2.645.exe"
C:\Users\Admin\AppData\Local\Temp\is-JEHPV.tmp\WiseCare365_6.7.2.645.tmp
"C:\Users\Admin\AppData\Local\Temp\is-JEHPV.tmp\WiseCare365_6.7.2.645.tmp" /SL5="$80060,19213852,857088,C:\Users\Admin\AppData\Local\Temp\WiseCare365_6.7.2.645.exe"
C:\Windows\SysWOW64\schtasks.exe
"schtasks.exe" /delete /tn \WiseCleaner\W365SkipUAC /f
C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe
"C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe"
C:\Program Files (x86)\Wise\Wise Care 365\BootTime.exe
"C:\Program Files (x86)\Wise\Wise Care 365\BootTime.exe"
C:\Program Files (x86)\Wise\Wise Care 365\WiseTray.exe
"C:\Program Files (x86)\Wise\Wise Care 365\WiseTray.exe"
C:\Windows\SYSTEM32\takeown.exe
takeown.exe /F "C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\*" /R /A /D Y
C:\Windows\SYSTEM32\icacls.exe
icacls.exe "C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\*.*" /T /grant administrators:F
C:\Windows\SYSTEM32\takeown.exe
takeown.exe /F "C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\*" /R /A /D Y
C:\Windows\SYSTEM32\icacls.exe
icacls.exe "C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\*.*" /T /grant administrators:F
C:\Windows\SYSTEM32\takeown.exe
takeown.exe /F "C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\*" /R /A /D Y
C:\Windows\SYSTEM32\icacls.exe
icacls.exe "C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\*.*" /T /grant administrators:F
C:\Windows\SYSTEM32\takeown.exe
takeown.exe /F "C:\Windows\ServiceProfiles\NetworkService\Appdata\Local\Microsoft\Windows\DeliveryOptimization\Cache\*" /R /A /D Y
C:\Windows\SYSTEM32\icacls.exe
icacls.exe "C:\Windows\ServiceProfiles\NetworkService\Appdata\Local\Microsoft\Windows\DeliveryOptimization\Cache\*.*" /T /grant administrators:F
C:\Windows\SYSTEM32\takeown.exe
takeown.exe /F "C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\*" /R /A /D Y
C:\Windows\SYSTEM32\icacls.exe
icacls.exe "C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\*.*" /T /grant administrators:F
C:\Windows\SYSTEM32\takeown.exe
takeown.exe /F "C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\*" /R /A /D Y
C:\Windows\SYSTEM32\icacls.exe
icacls.exe "C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\*.*" /T /grant administrators:F
C:\Windows\SYSTEM32\takeown.exe
takeown.exe /F "C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\*" /R /A /D Y
C:\Windows\SYSTEM32\icacls.exe
icacls.exe "C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\*.*" /T /grant administrators:F
C:\Windows\SYSTEM32\takeown.exe
takeown.exe /F "C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\*" /R /A /D Y
C:\Windows\SYSTEM32\icacls.exe
icacls.exe "C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\*.*" /T /grant administrators:F
C:\Windows\SYSTEM32\takeown.exe
takeown.exe /F "C:\Windows\ServiceProfiles\NetworkService\Appdata\Local\Microsoft\Windows\DeliveryOptimization\Cache\*" /R /A /D Y
C:\Windows\SYSTEM32\icacls.exe
icacls.exe "C:\Windows\ServiceProfiles\NetworkService\Appdata\Local\Microsoft\Windows\DeliveryOptimization\Cache\*.*" /T /grant administrators:F
C:\Windows\SYSTEM32\takeown.exe
takeown.exe /F "C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\*" /R /A /D Y
C:\Windows\SYSTEM32\icacls.exe
icacls.exe "C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\*.*" /T /grant administrators:F
C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
C:\Windows\SYSTEM32\takeown.exe
takeown.exe /F "C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\*" /R /A /D Y
C:\Windows\SYSTEM32\icacls.exe
icacls.exe "C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\*.*" /T /grant administrators:F
C:\Windows\SYSTEM32\takeown.exe
takeown.exe /F "C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\*" /R /A /D Y
C:\Windows\SYSTEM32\icacls.exe
icacls.exe "C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\*.*" /T /grant administrators:F
C:\Windows\SYSTEM32\takeown.exe
takeown.exe /F "C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\*" /R /A /D Y
C:\Windows\SYSTEM32\icacls.exe
icacls.exe "C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\*.*" /T /grant administrators:F
C:\Windows\SYSTEM32\takeown.exe
takeown.exe /F "C:\Windows\ServiceProfiles\NetworkService\Appdata\Local\Microsoft\Windows\DeliveryOptimization\Cache\*" /R /A /D Y
C:\Windows\SYSTEM32\icacls.exe
icacls.exe "C:\Windows\ServiceProfiles\NetworkService\Appdata\Local\Microsoft\Windows\DeliveryOptimization\Cache\*.*" /T /grant administrators:F
C:\Windows\SYSTEM32\takeown.exe
takeown.exe /F "C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\*" /R /A /D Y
C:\Windows\SYSTEM32\icacls.exe
icacls.exe "C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\*.*" /T /grant administrators:F
C:\Users\Admin\AppData\Roaming\Wise Care 365\tools\WDFSetup.exe
"C:\Users\Admin\AppData\Roaming\Wise Care 365\tools\WDFSetup.exe" /VERYSILENT
C:\Users\Admin\AppData\Local\Temp\is-GSD5K.tmp\WDFSetup.tmp
"C:\Users\Admin\AppData\Local\Temp\is-GSD5K.tmp\WDFSetup.tmp" /SL5="$20392,9009422,911360,C:\Users\Admin\AppData\Roaming\Wise Care 365\tools\WDFSetup.exe" /VERYSILENT
C:\Program Files (x86)\Wise\Wise Duplicate Finder\WiseDuplicateFinder.exe
"C:\Program Files (x86)\Wise\Wise Duplicate Finder\WiseDuplicateFinder.exe"
C:\Users\Admin\AppData\Roaming\Wise Care 365\tools\ImageXSetup.exe
"C:\Users\Admin\AppData\Roaming\Wise Care 365\tools\ImageXSetup.exe" /VERYSILENT
C:\Users\Admin\AppData\Local\Temp\is-QUOI6.tmp\ImageXSetup.tmp
"C:\Users\Admin\AppData\Local\Temp\is-QUOI6.tmp\ImageXSetup.tmp" /SL5="$D0064,12182235,769024,C:\Users\Admin\AppData\Roaming\Wise Care 365\tools\ImageXSetup.exe" /VERYSILENT
C:\Program Files (x86)\Wise\Wise ImageX\imagex.exe
"C:\Program Files (x86)\Wise\Wise ImageX\imagex.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.wisecleaner.com/wise-imagex.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa17f446f8,0x7ffa17f44708,0x7ffa17f44718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,5610040568430089385,12469795625314499195,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2180 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2132,5610040568430089385,12469795625314499195,131072 --lang=de --service-sandbox-type=none --mojo-platform-channel-handle=2472 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2132,5610040568430089385,12469795625314499195,131072 --lang=de --service-sandbox-type=utility --mojo-platform-channel-handle=2720 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,5610040568430089385,12469795625314499195,131072 --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,5610040568430089385,12469795625314499195,131072 --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1
C:\Users\Admin\AppData\Roaming\Wise Care 365\tools\WDRSetup.exe
"C:\Users\Admin\AppData\Roaming\Wise Care 365\tools\WDRSetup.exe" /VERYSILENT
C:\Users\Admin\AppData\Local\Temp\is-38TLB.tmp\WDRSetup.tmp
"C:\Users\Admin\AppData\Local\Temp\is-38TLB.tmp\WDRSetup.tmp" /SL5="$50396,11425089,744448,C:\Users\Admin\AppData\Roaming\Wise Care 365\tools\WDRSetup.exe" /VERYSILENT
C:\Program Files (x86)\Wise\Wise Data Recovery\WiseDataRecovery.exe
"C:\Program Files (x86)\Wise\Wise Data Recovery\WiseDataRecovery.exe"
C:\Users\Admin\AppData\Roaming\Wise Care 365\tools\WFHSetup.exe
"C:\Users\Admin\AppData\Roaming\Wise Care 365\tools\WFHSetup.exe" /VERYSILENT
C:\Users\Admin\AppData\Local\Temp\is-VR3L3.tmp\WFHSetup.tmp
"C:\Users\Admin\AppData\Local\Temp\is-VR3L3.tmp\WFHSetup.tmp" /SL5="$C03AA,5967459,789504,C:\Users\Admin\AppData\Roaming\Wise Care 365\tools\WFHSetup.exe" /VERYSILENT
C:\Windows\SysWOW64\sc.exe
"sc.exe" start wisefs
C:\Program Files (x86)\Wise\Wise Folder Hider\WiseFolderHider.exe
"C:\Program Files (x86)\Wise\Wise Folder Hider\WiseFolderHider.exe"
C:\Program Files (x86)\Wise\Wise Folder Hider\WFHChecker.exe
"C:\Program Files (x86)\Wise\Wise Folder Hider\WFHChecker.exe" -Helper
C:\Users\Admin\AppData\Roaming\Wise Care 365\tools\WFDSetup.exe
"C:\Users\Admin\AppData\Roaming\Wise Care 365\tools\WFDSetup.exe" /VERYSILENT
C:\Users\Admin\AppData\Local\Temp\is-T6N3S.tmp\WFDSetup.tmp
"C:\Users\Admin\AppData\Local\Temp\is-T6N3S.tmp\WFDSetup.tmp" /SL5="$803EA,3100428,148480,C:\Users\Admin\AppData\Roaming\Wise Care 365\tools\WFDSetup.exe" /VERYSILENT
C:\Program Files (x86)\Wise\Wise Force Deleter\WiseDeleter.exe
"C:\Program Files (x86)\Wise\Wise Force Deleter\WiseDeleter.exe"
C:\Program Files (x86)\Wise\Wise Force Deleter\WiseDeleter.exe
"C:\Program Files (x86)\Wise\Wise Force Deleter\WiseDeleter.exe"
C:\Users\Admin\AppData\Roaming\Wise Care 365\tools\WASSetup.exe
"C:\Users\Admin\AppData\Roaming\Wise Care 365\tools\WASSetup.exe" /VERYSILENT
C:\Users\Admin\AppData\Local\Temp\is-3LQQV.tmp\WASSetup.tmp
"C:\Users\Admin\AppData\Local\Temp\is-3LQQV.tmp\WASSetup.tmp" /SL5="$80406,2739975,188928,C:\Users\Admin\AppData\Roaming\Wise Care 365\tools\WASSetup.exe" /VERYSILENT
C:\Program Files (x86)\Wise\Wise Auto Shutdown\WiseAutoShutdown.exe
"C:\Program Files (x86)\Wise\Wise Auto Shutdown\WiseAutoShutdown.exe"
C:\Users\Admin\AppData\Roaming\Wise Care 365\tools\WMOSetup.exe
"C:\Users\Admin\AppData\Roaming\Wise Care 365\tools\WMOSetup.exe" /VERYSILENT
C:\Users\Admin\AppData\Local\Temp\is-VGVMT.tmp\WMOSetup.tmp
"C:\Users\Admin\AppData\Local\Temp\is-VGVMT.tmp\WMOSetup.tmp" /SL5="$9039C,5112892,186880,C:\Users\Admin\AppData\Roaming\Wise Care 365\tools\WMOSetup.exe" /VERYSILENT
C:\Program Files\Wise\Wise Memory Optimizer\WiseMemoryOptimzer.exe
"C:\Program Files\Wise\Wise Memory Optimizer\WiseMemoryOptimzer.exe"
C:\Users\Admin\AppData\Roaming\Wise Care 365\tools\WPUSetup.exe
"C:\Users\Admin\AppData\Roaming\Wise Care 365\tools\WPUSetup.exe" /VERYSILENT
C:\Users\Admin\AppData\Local\Temp\is-23MAB.tmp\WPUSetup.tmp
"C:\Users\Admin\AppData\Local\Temp\is-23MAB.tmp\WPUSetup.tmp" /SL5="$903BA,9641043,789504,C:\Users\Admin\AppData\Roaming\Wise Care 365\tools\WPUSetup.exe" /VERYSILENT
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\system32\cmd.exe" /c tasklist /nh|find /c /i "UnMonitor.exe" > "C:\Users\Admin\AppData\Local\Temp\findSoftRes.txt"
C:\Windows\SysWOW64\tasklist.exe
tasklist /nh
C:\Windows\SysWOW64\find.exe
find /c /i "UnMonitor.exe"
C:\Program Files (x86)\Wise\Wise Program Uninstaller\WiseProgramUninstaller.exe
"C:\Program Files (x86)\Wise\Wise Program Uninstaller\WiseProgramUninstaller.exe"
C:\Program Files (x86)\Wise\Wise Program Uninstaller\messages.exe
"C:\Program Files (x86)\Wise\Wise Program Uninstaller\messages.exe" to=get_ad pid=6 isRegister=0 lang=German
C:\Users\Admin\AppData\Roaming\Wise Care 365\tools\WJSSetup.exe
"C:\Users\Admin\AppData\Roaming\Wise Care 365\tools\WJSSetup.exe" /VERYSILENT
C:\Users\Admin\AppData\Local\Temp\is-PV9CF.tmp\WJSSetup.tmp
"C:\Users\Admin\AppData\Local\Temp\is-PV9CF.tmp\WJSSetup.tmp" /SL5="$60424,6311180,857088,C:\Users\Admin\AppData\Roaming\Wise Care 365\tools\WJSSetup.exe" /VERYSILENT
C:\Program Files (x86)\Wise\Wise JetSearch\WiseJetSearch.exe
"C:\Program Files (x86)\Wise\Wise JetSearch\WiseJetSearch.exe"
C:\Program Files (x86)\Wise\Wise JetSearch\WiseJetHelp.exe
"C:\Program Files (x86)\Wise\Wise JetSearch\WiseJetHelp.exe"
C:\Windows\SYSTEM32\takeown.exe
takeown.exe /F "C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\*" /R /A /D Y
C:\Windows\SYSTEM32\icacls.exe
icacls.exe "C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\*.*" /T /grant administrators:F
C:\Windows\SYSTEM32\takeown.exe
takeown.exe /F "C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\*" /R /A /D Y
C:\Windows\SYSTEM32\icacls.exe
icacls.exe "C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\*.*" /T /grant administrators:F
C:\Windows\SYSTEM32\takeown.exe
takeown.exe /F "C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\*" /R /A /D Y
C:\Windows\SYSTEM32\icacls.exe
icacls.exe "C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\*.*" /T /grant administrators:F
C:\Windows\SYSTEM32\takeown.exe
takeown.exe /F "C:\Windows\ServiceProfiles\NetworkService\Appdata\Local\Microsoft\Windows\DeliveryOptimization\Cache\*" /R /A /D Y
C:\Windows\SYSTEM32\icacls.exe
icacls.exe "C:\Windows\ServiceProfiles\NetworkService\Appdata\Local\Microsoft\Windows\DeliveryOptimization\Cache\*.*" /T /grant administrators:F
C:\Windows\SYSTEM32\takeown.exe
takeown.exe /F "C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\*" /R /A /D Y
C:\Windows\SYSTEM32\icacls.exe
icacls.exe "C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\*.*" /T /grant administrators:F
C:\Windows\SYSTEM32\takeown.exe
takeown.exe /F "C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\*" /R /A /D Y
C:\Windows\SYSTEM32\icacls.exe
icacls.exe "C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\*.*" /T /grant administrators:F
C:\Windows\SYSTEM32\takeown.exe
takeown.exe /F "C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\*" /R /A /D Y
C:\Windows\SYSTEM32\icacls.exe
icacls.exe "C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\*.*" /T /grant administrators:F
C:\Windows\SYSTEM32\takeown.exe
takeown.exe /F "C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\*" /R /A /D Y
C:\Windows\SYSTEM32\icacls.exe
icacls.exe "C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\*.*" /T /grant administrators:F
C:\Windows\SYSTEM32\takeown.exe
takeown.exe /F "C:\Windows\ServiceProfiles\NetworkService\Appdata\Local\Microsoft\Windows\DeliveryOptimization\Cache\*" /R /A /D Y
C:\Windows\SYSTEM32\icacls.exe
icacls.exe "C:\Windows\ServiceProfiles\NetworkService\Appdata\Local\Microsoft\Windows\DeliveryOptimization\Cache\*.*" /T /grant administrators:F
C:\Windows\SYSTEM32\takeown.exe
takeown.exe /F "C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\*" /R /A /D Y
C:\Windows\SYSTEM32\icacls.exe
icacls.exe "C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\*.*" /T /grant administrators:F
C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
C:\Windows\SYSTEM32\takeown.exe
takeown.exe /F "C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\*" /R /A /D Y
C:\Windows\SYSTEM32\icacls.exe
icacls.exe "C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\*.*" /T /grant administrators:F
C:\Windows\SYSTEM32\takeown.exe
takeown.exe /F "C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\*" /R /A /D Y
C:\Windows\SYSTEM32\icacls.exe
icacls.exe "C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\*.*" /T /grant administrators:F
C:\Windows\SYSTEM32\takeown.exe
takeown.exe /F "C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\*" /R /A /D Y
C:\Windows\SYSTEM32\icacls.exe
icacls.exe "C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\*.*" /T /grant administrators:F
C:\Windows\SYSTEM32\takeown.exe
takeown.exe /F "C:\Windows\ServiceProfiles\NetworkService\Appdata\Local\Microsoft\Windows\DeliveryOptimization\Cache\*" /R /A /D Y
C:\Windows\SYSTEM32\icacls.exe
icacls.exe "C:\Windows\ServiceProfiles\NetworkService\Appdata\Local\Microsoft\Windows\DeliveryOptimization\Cache\*.*" /T /grant administrators:F
C:\Windows\SYSTEM32\takeown.exe
takeown.exe /F "C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\*" /R /A /D Y
C:\Windows\SYSTEM32\icacls.exe
icacls.exe "C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\*.*" /T /grant administrators:F
C:\Windows\SysWOW64\sc.exe
sc stop WiseHDInfo
C:\Windows\SysWOW64\sc.exe
sc stop WiseHDInfo
C:\Windows\SysWOW64\sc.exe
sc stop WiseHDInfo
C:\Windows\SysWOW64\sc.exe
sc stop WiseHDInfo
C:\Windows\SysWOW64\sc.exe
sc stop WiseHDInfo
C:\Windows\SysWOW64\sc.exe
sc stop WiseHDInfo
C:\Windows\SysWOW64\sc.exe
sc stop WiseHDInfo
C:\Windows\SysWOW64\sc.exe
sc stop WiseHDInfo
C:\Windows\SysWOW64\sc.exe
sc stop WiseHDInfo
C:\Windows\SysWOW64\sc.exe
sc stop WiseHDInfo
C:\Windows\SysWOW64\sc.exe
sc stop WiseHDInfo
C:\Windows\SysWOW64\sc.exe
sc stop WiseHDInfo
C:\Windows\SysWOW64\sc.exe
sc stop WiseHDInfo
C:\Windows\SysWOW64\sc.exe
sc stop WiseHDInfo
C:\Program Files\Wise\Wise Memory Optimizer\WiseMemoryOptimzer.exe
"C:\Program Files\Wise\Wise Memory Optimizer\WiseMemoryOptimzer.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 241.150.49.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 25.140.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.wisecleaner.net | udp |
| US | 8.8.8.8:53 | info.wisecleaner.com | udp |
| US | 8.8.8.8:53 | www.wisecleaner.com | udp |
| US | 104.26.3.143:80 | www.wisecleaner.com | tcp |
| US | 104.26.3.143:443 | www.wisecleaner.com | tcp |
| US | 172.67.68.11:443 | www.wisecleaner.com | tcp |
| US | 172.67.68.11:443 | www.wisecleaner.com | tcp |
| US | 23.224.25.138:80 | www.wisecleaner.net | tcp |
| US | 23.224.25.138:80 | www.wisecleaner.net | tcp |
| US | 8.8.8.8:53 | 143.3.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.68.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 138.25.224.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 233.143.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 145.83.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 164.189.21.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | wisecleaner.net | udp |
| US | 23.224.25.138:443 | www.wisecleaner.net | tcp |
| US | 23.224.25.141:443 | wisecleaner.net | tcp |
| US | 8.8.8.8:53 | 141.25.224.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 94.65.42.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | downloads.wisecleaner.com | udp |
| US | 142.171.175.146:443 | downloads.wisecleaner.com | tcp |
| US | 8.8.8.8:53 | 146.175.171.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | static.wisecleaner.net | udp |
| US | 23.224.25.141:443 | static.wisecleaner.net | tcp |
| US | 23.224.25.138:80 | www.wisecleaner.net | tcp |
| US | 8.8.8.8:53 | info.wisecleaner.com | udp |
| US | 8.8.8.8:53 | www.wisecleaner.com | udp |
| US | 104.26.2.143:80 | www.wisecleaner.com | tcp |
| US | 172.67.68.11:443 | www.wisecleaner.com | tcp |
| US | 8.8.8.8:53 | 143.2.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ai.wisecleaner.com | udp |
| US | 8.8.8.8:53 | ai.wisecleaner.com | udp |
| US | 23.224.25.138:443 | ai.wisecleaner.com | tcp |
| US | 8.8.8.8:53 | www.wisecleaner.com | udp |
| US | 8.8.8.8:53 | www.wisecleaner.com | udp |
| US | 172.67.68.11:443 | www.wisecleaner.com | tcp |
| US | 104.26.2.143:443 | www.wisecleaner.com | tcp |
| US | 8.8.8.8:53 | www.wisecleaner.com | udp |
| US | 104.26.2.143:443 | www.wisecleaner.com | tcp |
| US | 104.26.2.143:443 | www.wisecleaner.com | tcp |
| US | 8.8.8.8:53 | 4.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | pdf.wisecleaner.com | udp |
| US | 8.8.8.8:53 | a.nel.cloudflare.com | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| US | 8.8.8.8:53 | 1.80.190.35.in-addr.arpa | udp |
| US | 23.224.25.141:443 | static.wisecleaner.net | tcp |
| US | 172.67.68.11:443 | pdf.wisecleaner.com | tcp |
| US | 23.224.25.138:80 | ai.wisecleaner.com | tcp |
| US | 23.224.25.141:443 | static.wisecleaner.net | tcp |
| US | 23.224.25.141:443 | static.wisecleaner.net | tcp |
| US | 172.67.68.11:443 | pdf.wisecleaner.com | tcp |
| US | 23.224.25.138:80 | ai.wisecleaner.com | tcp |
| US | 104.26.2.143:443 | pdf.wisecleaner.com | tcp |
| US | 172.67.68.11:443 | pdf.wisecleaner.com | tcp |
| US | 23.224.25.138:80 | ai.wisecleaner.com | tcp |
| US | 104.26.2.143:443 | pdf.wisecleaner.com | tcp |
| US | 23.224.25.141:443 | static.wisecleaner.net | tcp |
| US | 172.67.68.11:443 | pdf.wisecleaner.com | tcp |
| US | 23.224.25.138:80 | ai.wisecleaner.com | tcp |
| US | 104.26.2.143:80 | pdf.wisecleaner.com | tcp |
| US | 172.67.68.11:443 | pdf.wisecleaner.com | tcp |
| US | 23.224.25.141:443 | static.wisecleaner.net | tcp |
| US | 172.67.68.11:443 | pdf.wisecleaner.com | tcp |
| US | 104.26.2.143:443 | pdf.wisecleaner.com | tcp |
| US | 23.224.25.141:443 | static.wisecleaner.net | tcp |
| US | 23.224.25.141:443 | static.wisecleaner.net | tcp |
| US | 23.224.25.138:80 | ai.wisecleaner.com | tcp |
| US | 23.224.25.141:443 | static.wisecleaner.net | tcp |
| US | 172.67.68.11:80 | pdf.wisecleaner.com | tcp |
| US | 23.224.25.138:443 | ai.wisecleaner.com | tcp |
| US | 104.26.2.143:443 | pdf.wisecleaner.com | tcp |
| US | 8.8.8.8:53 | www.wisecleaner.net | udp |
| US | 23.224.25.138:80 | www.wisecleaner.net | tcp |
| US | 8.8.8.8:53 | www.wisecleaner.net | udp |
| US | 172.67.68.11:80 | pdf.wisecleaner.com | tcp |
| US | 23.224.25.138:80 | www.wisecleaner.net | tcp |
| US | 104.26.2.143:80 | pdf.wisecleaner.com | tcp |
Files
memory/3328-1-0x0000000000400000-0x00000000004DF000-memory.dmp
memory/3328-2-0x0000000000401000-0x00000000004A9000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\is-JEHPV.tmp\WiseCare365_6.7.2.645.tmp
| MD5 | a7f5051b66ad0d9965c6dc9df8955ed4 |
| SHA1 | 36eb44deb6abbb0a3105f652d003ab0942618ff9 |
| SHA256 | 30f85d8f31a30be60c53cbdceee0bac067e2664bbb090cb102975d8eb8847072 |
| SHA512 | bae4526b493b353f0dcd3d5712e3161d3bf025f215fba9a61c2c6aa0aa11f4f60aa46132cc28731c1a8560e4ef00168e998ccc889a15aba2c69157d316b7e6a8 |
memory/3268-6-0x0000000000400000-0x000000000069A000-memory.dmp
memory/3328-12-0x0000000000400000-0x00000000004DF000-memory.dmp
memory/3268-13-0x0000000000400000-0x000000000069A000-memory.dmp
C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe
| MD5 | 4fa8a29dc8a9f3bc3d828bb9dca3e8f4 |
| SHA1 | 697bcb9215b033d26efdece4089f9a6cd5fb8d16 |
| SHA256 | 42dcd4a41efa992a6cac9d3c95c0d2994a0339752c7587fb4dc5fa7c882840e2 |
| SHA512 | 10ac123c83826a571d87911c47630f4615d18c4bfc045e5e4b97c07d3e5197b82c89722c13b129f5169ac79dc4e2453881d33ccf8c80c77f3a4ec0c36c40e16b |
memory/3268-302-0x0000000000400000-0x000000000069A000-memory.dmp
C:\Program Files (x86)\Wise\Wise Care 365\sqlite3.dll
| MD5 | 6c4cdeeb711d06134b8dff91bc6539f1 |
| SHA1 | e240c89f75213a81db75d410555da4610cc7e386 |
| SHA256 | 1bce42e18b135c8c69759d137355813728c560fcad02fd6ccc3a60fa42e744fc |
| SHA512 | 162132bdcd1531b11011ea15ddc73cb8516b34a6d5fb9f178a8ca670327e87a64bdf94a1d54d180cdc8e4e7627211275b5a49c528660c997b10b2bfb950c1aac |
C:\Program Files (x86)\Wise\Wise Care 365\WJSLib.dll
| MD5 | 47a72ff4aa7df3bb5b29ada4b6a5eaed |
| SHA1 | 134f00b03c38f9ac2e2549b39b31f62a1c871b9d |
| SHA256 | 18b7f367d8ec6bdaa6618744051e5ff25ba317d2731c2706dc7b5dfde296e37f |
| SHA512 | 6a5036a9205d6ec1b493cdacad78fbd86e4b7f1319776ea64867c1208daf2c0f103b20c1f0fdc511ab7b999393aa87b66ace8d529e95a95a5958117fc2d18054 |
C:\Program Files (x86)\Wise\Wise Care 365\Languages\Abkhazian.ini
| MD5 | 96016297354c26e4c37bc8cb353d43e0 |
| SHA1 | 37f84ab3cfdcf0c8e52b1b5c215cfbc55412d007 |
| SHA256 | 96269630bb90765c4b7f350a0195f389849eff8159f6b990ad71e2b11e9c3fac |
| SHA512 | ff391cb285e01fdc4e9adc1dde6a643304bca06326c48c0b6f2eeb817a1be8a5012707fbbc4b3d54fad3250c6b46a6bea75406547c5ecda13ab3b72376ffe2fd |
C:\Program Files (x86)\Wise\Wise Care 365\Languages\Chinese(Simplified).ini
| MD5 | ca174b54c9933f13845c4111f8814554 |
| SHA1 | 9f962bfbf17dd270e346a39ba9ab883b557dc2ed |
| SHA256 | 6e8326514857b7ee04ff41d3848f604bac12ffc7471fc115f21a09d039735a4e |
| SHA512 | 4b9520f4281501947e2b881bdcbdc1baf1d9739595273529c410b083e25044f369fe35ba14098d78a4fb6754a639e7ec1a462a64b3d9a628ad7da745dad7285a |
C:\Program Files (x86)\Wise\Wise Care 365\Languages\French.ini
| MD5 | bb257cb07c24272b69f2eb73fc5765b8 |
| SHA1 | 8a30bfbfbdd796c5f83e9ed047c72b6eaedfc0ca |
| SHA256 | 94d9dc830526955d037dc578d8401bd4617e1ea3a4ed1ff03df7ae442741386a |
| SHA512 | 5817c19a87a4382bdcb955f79b76d18d5c86a1eb5f1ea140110d72f27b2d3731587871c15d87832cb76ed423f0b740beb1b86fd834f7c15f7e9b5def96fe0175 |
C:\Program Files (x86)\Wise\Wise Care 365\Languages\Vietnamese.ini
| MD5 | 9909cb62969f4c239a80275d2004401e |
| SHA1 | 6bfe7a104032dc4f634b1fe62df3083e7a29998a |
| SHA256 | 439d463293a0538499e262234d8138ea14543aa6c0436c9e4735f67c1fe37a41 |
| SHA512 | da514e212a709b005d1ae2f4be431a7e5b329d78373e2eea02f0c2fc2691ba771d58e2a05fb0628fc359e5ea39fc05d1f6673910889c883cd45c2f6145e43fe9 |
C:\Program Files (x86)\Wise\Wise Care 365\Languages\Ukrainian.ini
| MD5 | f540fdb67042a5697f6972c487a24d17 |
| SHA1 | add7f944e0a1d863218f1c7329f03c2bdd97deba |
| SHA256 | d910929e0336c6c3fa2af83f304e25ca8f0b8a459546318e45f0dae4d5ee14d0 |
| SHA512 | 8d0825bef80ba3c8fb7e2ea82b15a9bc81b81a690071230c2c00ea8e5a5651def5c5c3f0b244cfd43dcfb8fa3d43e736167ced39c274c392a0ca53cc65a2cf83 |
C:\Program Files (x86)\Wise\Wise Care 365\Languages\Turkish.ini
| MD5 | 6d637a166009ba4277ab756125378399 |
| SHA1 | bb09f3b2f4887ec8838f90a9c158211c7399625f |
| SHA256 | 027547c123adae7887c3560433195ba795b27bb118532e8fc0316ea8a6123050 |
| SHA512 | e93867c4ceaea4cdec5b843f7add98495cf823794044cf0cca6a263b31e010cb590ae4fe8fc8bd4247643178234e433abbd7d125c17dfa11efe8e9e992a3e804 |
C:\Program Files (x86)\Wise\Wise Care 365\Languages\Thai.ini
| MD5 | b59a60bd8cd1ac8c82c5abfd992755a9 |
| SHA1 | 164dfa21eb511683692ca461bd3c4e3f6e8567bf |
| SHA256 | b919ff7a0e25d812c9d4e87ebfc028cd5beccc4fc8f48ea7ef274c1f17a8472c |
| SHA512 | 0b0561c5b973fc3db1f4d85908e4aca64dbe23dc0ef02e5caf588517e84af5e708530c660ffe4305b64fe658c0dba5e9c86bd21af1a4f6968e65aded70ce71ac |
C:\Program Files (x86)\Wise\Wise Care 365\Languages\Swedish(Sweden).ini
| MD5 | 68384ccd192503db3b90a7ef754b0c86 |
| SHA1 | 45212337774a7b15e2da9962f40739810c9c7897 |
| SHA256 | 01b6897229d66816964460af1c89a11862406b81a870f793992ce7a8f23968ea |
| SHA512 | 2771091e6ebff577d3423df4f737bdd20cf86f6333d28fe954e3919139f73449d0314d79e55e9e0e2849d8cf34790bff8e56be689b7ea855b8f260b5e845a964 |
C:\Program Files (x86)\Wise\Wise Care 365\Languages\Spanish(Spain).ini
| MD5 | 12c69bc8dd88673ea49a4330dcf416d7 |
| SHA1 | 2f09da8f61a8551ce7e5f42610e782bd3645c0cf |
| SHA256 | 01ac799555a57ab90ac2b562aed8af6182f108c398d1f606f2ba0a04f2357b58 |
| SHA512 | 6485d5969ac9319d7b6aeb86bbea9abd4ab3516dd32d2d9c2b1eae3a5797c4a11340e30d0017ce0a5dd429431ec3eb42cd950bac8d6f95bb0dce6dd7f9a1961c |
C:\Program Files (x86)\Wise\Wise Care 365\Languages\Slovenian.ini
| MD5 | e3c886bf083fbd36c07b67d512c30ba3 |
| SHA1 | 5097f0430ba45b461b38112d5831455a0e0b51ee |
| SHA256 | b5dd72550e83675f21716d064c985d5c49f970d6cea7708f84f06be9f8288d58 |
| SHA512 | 3fa8d0081814e433cd14b28b780c1add5215e98b4fe236c1b7482679effd9ca7d29c329f0f170f1f32361effc99f293dd2ac2019abe1293feda5eed9e5197555 |
C:\Program Files (x86)\Wise\Wise Care 365\Languages\Slovak.ini
| MD5 | d522b5844611d8193ef248f6224611a4 |
| SHA1 | f6c3b22450cd27e90549e8260e1bf08bb6f91fe1 |
| SHA256 | 14beeb5e32dbcea8842a3a818f4c8157180c6fd96baee8cba20e33ed8f5ec51c |
| SHA512 | dccb6bd3c34c557962c74702c3a06be808b04bd81ab76ebd682dcbc85c1a00709774a56052814ae710044193609cdecf63be771d2a84846ca0ed11e2a59387f6 |
C:\Program Files (x86)\Wise\Wise Care 365\Languages\Serbian(Cyrillic).ini
| MD5 | 93b189a428afd5673180630e28e414f0 |
| SHA1 | 4ddd7e00d480ffa70bf15c4026c72e340cd15418 |
| SHA256 | 3381ae9ea468495d9dda9082a220c9b7183e366616311d6bb0e66ac54f48f777 |
| SHA512 | f077bc96f0092e424b3bbfe62d4fb36a14f2508e04f20d9bbef2a163fa673cf204f574df08b3ebbc4343556bfc0430b6d0d4b82817c377c2ce7b4e6ad17bd2c2 |
C:\Program Files (x86)\Wise\Wise Care 365\Languages\Russian.ini
| MD5 | 4d1dac632b021c60096e9861c150287e |
| SHA1 | d56a98798c11350b90bbc96e73a244031dd8d8fa |
| SHA256 | 14c5b587122c9ef2a21e8c6b002dc1f12395daa8b91af13085dabd1373df1323 |
| SHA512 | f36673c6f57427900c68ef37d36b3d446ffc1738e3da2b2a47611a68cbc1a5f2e1e0b8d449c767433d2ec632ddde3e710d92e90c7e7ec27f66fdd5f65aadd987 |
C:\Program Files (x86)\Wise\Wise Care 365\Languages\Romanian.ini
| MD5 | 00ceec40d9631c3bc5297d2be4a5f184 |
| SHA1 | 70dbf3280c7920245837de6c9acb6ee4e5547945 |
| SHA256 | 2f0bf590db93a179a09ced1d1906bce64ee4bfe2e3a1774180da7d12a412e2db |
| SHA512 | 9b9f7be81cd9dcbdaafbb11e823e2d026aa00d463dc58a312cdc2e3b3a585369dc5f1245c2912bc054e4b3a9c23d9e5cda22df130429218f2454905ed9f1847f |
C:\Program Files (x86)\Wise\Wise Care 365\Languages\Portuguese(Portugal).ini
| MD5 | 84eee762f1f5c5a43c7edd13ee6b0712 |
| SHA1 | 6a837e2a0a50fe949dcc4eb700daea2e46dec74b |
| SHA256 | e9e9bd58cc343d15c840f2ae50d86a7e3ca6c2c69f07755ffa5c3f3e51efe39a |
| SHA512 | 6d9e02e6acd463298bd107ce3dd511e590cd6b7cc482bc03aa05bc1f154e262623052edeee880b0fe5c3b4b8cdeaadb20dbeaa052aa25d2a95cb3a60b67b7c81 |
C:\Program Files (x86)\Wise\Wise Care 365\Languages\Portuguese(Brazil).ini
| MD5 | 10403abf5f76d57cbc42b7cda162ccf3 |
| SHA1 | 3e649f426ab22767e69f595343edfb3711643325 |
| SHA256 | ac58818fe66b6f40bc2267419c6a0ae17d773c69462ef5ae926cb6bc350bf59f |
| SHA512 | c50a30aa7cc203eb18d04923ed9ad4dbf342e4c42cdfb58d4152ff6d3013c20faba95203248d08ae5153885cfba55b8ca3f6548460daee4d35ce4e088d0c5b68 |
C:\Program Files (x86)\Wise\Wise Care 365\Languages\Polish.ini
| MD5 | c152777ba323c1778d8ee52b964b437a |
| SHA1 | f1ee3b54a35767526fe53fe7ff95fe65b0011336 |
| SHA256 | 0eb1b9c20677c401847e4864015e7e5689815022ad7d97fe83d52feafcffe113 |
| SHA512 | fd7509913c007150b5a4546c16c473fc1d9e6237e9d593bc8cf332cb4334f6c809d18659d7ac201975f5d26e4da386bbb241205eecbad7393daf7261f2890c56 |
C:\Program Files (x86)\Wise\Wise Care 365\Languages\Persian.ini
| MD5 | 9bc326e267cd4fe166fe07ffd29ee4da |
| SHA1 | e1747c4264a0ee73718575525aed075a5f890762 |
| SHA256 | f2e08fdcffe13c1fb46e2ba510e56a504b8226e24476909afbfe3414a73b7adb |
| SHA512 | f1ba6c5c2855ad36e0828583cd06e4ad51e98ee4fe1ba4fd0d05e1a6a7cb3974cc613c415dc8d517162eb78280b3cb277c42a99bdf11ac36e63ed5e6c1b4db37 |
C:\Program Files (x86)\Wise\Wise Care 365\Languages\Norwegian(Nynorsk).ini
| MD5 | dc82d14f05b1bc2db6b88b405583ea66 |
| SHA1 | ad5bf79024c14f0f2df5f782a68fcb62e2c34fa9 |
| SHA256 | 2dc8f11a8f5744aee78c40f7faee8ba0057f4f2b807690a1c8d47ce7dc9a5632 |
| SHA512 | fb9a932198e19470c764be7d7cefb3762a1445024c11a79b3ce95a6c8469762d42122fc3ad3cc265a3b6f3b80130a8956a1064519b8e15f7c438df17c51b8b20 |
C:\Program Files (x86)\Wise\Wise Care 365\Languages\Norwegian(Bokmal).ini
| MD5 | f684e0491103575d2d18acffcf58044e |
| SHA1 | 4e94b717ed5f068258daf7193fc93cd0747d91c0 |
| SHA256 | 045318c2477572f8353d5ef1ff6a69327a940af4d85902cc2c8483c0f0d0605f |
| SHA512 | 9b8ceec4159d40e8065742c595aa1d336db416e1e690ee6274b4d5c1cb4b636088f246c718ea96a79a6d630775a564564757bb388fda2169b95c44eefd1ca203 |
C:\Program Files (x86)\Wise\Wise Care 365\Languages\Nepali.ini
| MD5 | f1fddda8f5f8f6fc59692dcd9797a838 |
| SHA1 | 4861919b97e500900512b99cdda3204b0607d3a6 |
| SHA256 | 1dcbd5bc18720f3dc4175256ab26bc537402b9e84fedec60581b85c7fe946d81 |
| SHA512 | 505532bea964485bb23eb2fc93f5355c13cab3e76ea9198e6692a16f1c3db4242a892abbe53961bee9ba0a81b1bba58ed2a5d5d6009de28d8fe4573ee145d290 |
C:\Program Files (x86)\Wise\Wise Care 365\Languages\Lithuanian.ini
| MD5 | d4deacaaace10e243f3c689b2c75190e |
| SHA1 | 65a8e8d0a81f8916cb269f801ed2966c3be709ee |
| SHA256 | 29463e1fe8e16310db1f35bf8aaad23c11c27c92d8b30ab6aba335e792c7efbd |
| SHA512 | aa018a4a8f4d58ee8ffdbb6fb0570e3ff1d7391ac85af6d4f1427f6c50401d6a8f924a8ca2f0e38585b5cfff65899fa821164120ec005edbfb6cac2cd458081c |
C:\Program Files (x86)\Wise\Wise Care 365\Languages\Kurdish.ini
| MD5 | 318ce206932c7a37516bf78d00b5bc22 |
| SHA1 | 8c352f223950a492013ba40f5992b1dd6702d729 |
| SHA256 | 38e180f9431281f28780727497b7904fdfc1063defebd0c0bdaded337477fd84 |
| SHA512 | aefa5ee88d44e6524bcd9c1e2ee2fbb516ade33fef856fb6f1ac6c150d1f960d87bf55848fa5a47ee593e0a5c80003e9a86d3724a38c8e252e1a0294208184bf |
C:\Program Files (x86)\Wise\Wise Care 365\Languages\Korean.ini
| MD5 | 5dcd5f4ab5b4f59a35edabe9f3e7ac76 |
| SHA1 | c23d909c561867653ed7fc2bb2b6807b360547ec |
| SHA256 | 4ea4cb02abb676a2b07b7f225823ed14bd82c40e4edbfa7e8cfbfabedacc9e95 |
| SHA512 | e2d0553d7980703bfba54a72bc5691dd2503adaebe8a86727569694c25e98933cf6ff29e93611035241ae5412179e322d34ad24ed099aacaade1d0b479a437fb |
C:\Program Files (x86)\Wise\Wise Care 365\Languages\Japanese.ini
| MD5 | cf86e45a33896d9772a500be49995f54 |
| SHA1 | e557e101bbaf05e20a6d48c2eb23d1e1accc2442 |
| SHA256 | 0893af7ba38c94d03ac2674125354d5e8e9fc0e63cb5adc5d73dcee41dd0e22f |
| SHA512 | e5f8562cafbfd81e36da1c21a40e552433a7ba6f9fc47bc501c9115188a552cae6c04f95404aa8927c18631f6cd66a564ec5d21d54d1644e02b06d97929bcfeb |
C:\Program Files (x86)\Wise\Wise Care 365\Languages\Italian.ini
| MD5 | 5bd5118c83649f22a2a3171186dae333 |
| SHA1 | ac2cd2512765a3004d04a9c696eb8b21e2cd7b31 |
| SHA256 | f46773479f38bf8121a9ff360419da7108594d80a2a80b047ec49e7a6b834009 |
| SHA512 | 9ab6e11ed83807775e5e545a5abfa45a40cf3f8d597a4c51717abc131072cf219c5e3fdc7beb91c93b57ebbe4423e920e63f15d4707592830300071ac93eee7a |
C:\Program Files (x86)\Wise\Wise Care 365\Languages\Indonesian.ini
| MD5 | b4c12bbe4de6c3883bbb980236e0b011 |
| SHA1 | a1af06beccb560093d0367d105b73f6e107edff3 |
| SHA256 | 81e06a5f1e7364e5de7c587701cb5a5da7052149e5575e20889f0a58400334d4 |
| SHA512 | ea8b5dfb84e7830e026b182cd95570865a4a0ef90dfe2f0f6a93d205155c3766cebd36c8077aa31ae5c1d542d9a3a8fcdb4e8536890c070d7e243958e65044c4 |
C:\Program Files (x86)\Wise\Wise Care 365\Languages\Hungarian.ini
| MD5 | e17d24f672a27425b05ef4e2124e8aa6 |
| SHA1 | 0764c1e3e4a9703dba335cfe8b8e4f8191012134 |
| SHA256 | da032cb20c4a5cc984ed3777e52f3d289e85a7e43d67c8b9707202feaf784f05 |
| SHA512 | 5d60c9221be1752bbd848de32b1558fe0c87dd6dbe2c701b107bb1cea3b3d1324a13c117c8a9acb8cb871bfbc058aca00f7fffe93312a7dbf99e3f83507e8c50 |
C:\Program Files (x86)\Wise\Wise Care 365\Languages\Hebrew.ini
| MD5 | 056a7e88d49779de4809f26f8867ec9d |
| SHA1 | 6e1bd6349599b21d0a16e9b8db6d2abb37af8539 |
| SHA256 | 4087f0aadf7f189f04572b7702a629188806e54d3f244f917e7ad21fe4cd5d7e |
| SHA512 | a1503ba91f94b2df3b5d7993e8fb47ab73be37fb4ee7dad9580e2a9afa0ef4d76c2309b9c5a7429f72fb2ab08edd5af54b331a4e6ccdf0c07d57a25ee70e5a54 |
C:\Program Files (x86)\Wise\Wise Care 365\Languages\Greek.ini
| MD5 | ddf806595b80fb23a81b1be514d273b2 |
| SHA1 | 6fb3e50569e889cc37d9382bdf4d9a814faf14f6 |
| SHA256 | 75aa252adf64f17203d7b7f8bc6ff10d22fccad186cf10c191fd50d711f0a5d5 |
| SHA512 | dcda4c3d2b06bf7e2676531459f9011d2b13689a8fbb566a2dc93f11b8ea8021ec57c24c239b0f6a685ccffd5c444abbfa86864329d382fabd9a3a7f3890c064 |
C:\Program Files (x86)\Wise\Wise Care 365\Languages\German.ini
| MD5 | 010818027866cfab96764812b869c93f |
| SHA1 | 30c38f55e28ad41a59c42f9dc4f030b69ebabc73 |
| SHA256 | 1fb0cd6cc4561ec6bd3b55be3dfb16696eacdc6a941dcde037171647af71cbf5 |
| SHA512 | fd42367f3777ced8e02d3ffc63b00c5ba42555b1f17102f6b2c1236800db48435f5558e37c01c35877bbad2ece6ffb5905f170a4644ff57cd86a831c14569928 |
C:\Program Files (x86)\Wise\Wise Care 365\Languages\Georgian.ini
| MD5 | aead043775de8d9264bd0c9d0f760a49 |
| SHA1 | 633bdad33d805e447059a713b1fc27589b5513c9 |
| SHA256 | 864e149b47991bb9844d058fb036a4f9fd874a69ca2752816c75f5970e36b3b9 |
| SHA512 | 3b1a3dfc9ba485f69779637954af5613b51145acf529c10e376965c2285c023b694c0b18c237d017aed38fc508d8b53523e1bb2889dc0b7f53d4f6ee6bba7e77 |
C:\Program Files (x86)\Wise\Wise Care 365\Languages\Finnish.ini
| MD5 | 5f894bb9de5369e2d9bd328156c6c74a |
| SHA1 | b28d3ca4056821869568feda4c7ff4d088502631 |
| SHA256 | 9fc6235ce5102528286046a4ee3dad7ec3bbc52bad376c1f2242262c93f198d6 |
| SHA512 | 1ca15130fa01ddec49ed97f60895c4b8853c41fca15deeba576a72d9bd9e603666d435d928f256e74650df2cc3ede65535ac4fd61cbbf7c685345fef7328d6b8 |
C:\Program Files (x86)\Wise\Wise Care 365\Languages\English.ini
| MD5 | 8c6cd1f827b2fb33a5735f168e058923 |
| SHA1 | 978cc495846484174292416e6a536f29f10a71de |
| SHA256 | 5a4b82ce7dc97f30f08d75c1782f7d3e28301c8e39f7fbb55cdaf89d73129566 |
| SHA512 | 3492ff124825f27091a3bae5243c0da49516fd9005ec40b0d38388677a8bb7cf44c2b79df8756e2be9420b5c29f0b260dc9a149b0ecce2f1e4def867677923da |
C:\Program Files (x86)\Wise\Wise Care 365\Languages\Dutch(Nederlands).ini
| MD5 | 846b5698b0a34e399d7d41f9e5cd11e5 |
| SHA1 | 998269d8d0d5da58611b193e803f603dc4f702e0 |
| SHA256 | df0fc37735b0aad791496f9047d7840e2680507e7f744462b3bb04d9740b02e3 |
| SHA512 | dfe102e5764bbdd7179eed364cee8a611470475a97a48ee4af65254a3b4cf1f7fafa6ff8698cc0089e5756ec480b757c0b272792300f658b10468fa79f02ee82 |
C:\Program Files (x86)\Wise\Wise Care 365\Languages\Dutch(Belgium).ini
| MD5 | 91aa6f0e76b13cddec7b7e9f30f009cb |
| SHA1 | df2d8925b2e707cbc605fb5a48663758d0038bfa |
| SHA256 | 34d910c75ffe79a352dce6ed0140dcf395a8f052dbb433a42838b7850c9e8513 |
| SHA512 | dce3324b1541350114db7583e168041e167a46b6134fd0e7d55aec24bdfc2011a0e1f03eb45b0751b8c87047f4448f811a64ceced398eadcbbd7b2268af6da3c |
C:\Program Files (x86)\Wise\Wise Care 365\Languages\Danish.ini
| MD5 | 987278e1926115fb34817fd94857a4cc |
| SHA1 | d32caea78d9b14e5dd6e1c9b932e8e68e8a1ac6b |
| SHA256 | 58b2a68f2e382eb5a7d36427dbf0cb43bde5cf63745210118d8d7019ce9d6975 |
| SHA512 | 797cb2c2d478f43d8cde97a9bee87e426f7d9ecc33155e3722a4da3e57cd4bf93a871478343f56725fe09c9e04af1f1be5611a132ff03adb49e48be7bead3a1f |
C:\Program Files (x86)\Wise\Wise Care 365\Languages\Czech.ini
| MD5 | fcaef23e20da0067a90796853f511e40 |
| SHA1 | d8bdf749e6a136801a8c1f89df26f1d9a700ac83 |
| SHA256 | 6fd2a57d180f80f1396772d30a74252ed716deb4e960a1ce03e56fcc8234989a |
| SHA512 | 6240dc01fd7f0584dd544f3bd6732fce6f5da700628dd519a376dbfd646a8f12433df84811ee78c1c4d67185e2cb8b0ce983cab8858a0ba5e5e612ea160bf507 |
C:\Program Files (x86)\Wise\Wise Care 365\Languages\Croatian.ini
| MD5 | 4cbad66305ad232f96b5725350ff4d55 |
| SHA1 | 42f3a680ae26c003d53e99fa591ec3a5a87ae20d |
| SHA256 | f099655cdab65a2bd39ce2efb296c05e484b53ca9146dbdd99d0a7db4593f8d8 |
| SHA512 | 04c6e9ef19d2dcb4cf87facfa99c914625b23f021aff07c6686e378ab8e9bc4ebabdf99de9c66d608ff283ee42688b04bcea4d693c5fcf18b67339661803b7cb |
C:\Program Files (x86)\Wise\Wise Care 365\Languages\Chinese(Traditional).ini
| MD5 | c97bb0747d1736efbe825d70b856912a |
| SHA1 | a98ad2b85f79b0c192d2751fdcdc1f5f5b552430 |
| SHA256 | b9fe20321407de13953150e79bbf20a1f94f5f62184bdb9f09ecf66c11a8c8c2 |
| SHA512 | ca5f310a0d987b012d62b875ae1c3357a1114b46fa223996bfe9451bc7f6b60208b4244ab7730319af1862be1928ba715e63879777bb477c3dd01c23eb1bbdae |
C:\Program Files (x86)\Wise\Wise Care 365\Languages\Catalan.ini
| MD5 | 6b5456078e9c427e5bdf4d134bef4064 |
| SHA1 | 2d11ecec4cfc9462018222bdbbaedede10267567 |
| SHA256 | 1f4bdce8d7d124caae785f35fe9d9f8941e7d0bf8d4100ab1fca0139a8b38b1b |
| SHA512 | 6b1da28a13314909e7b21b580c6724b0526d9d13029409df8e5c52c9bf65912ef9bad6d78aee96ef3d054858cc1a8940ad6848a324a9bf32acf55882f1647af5 |
C:\Program Files (x86)\Wise\Wise Care 365\Languages\Bulgarian.ini
| MD5 | e4dc1b86b3661fea7258d100b8ade7ce |
| SHA1 | e14c695c7898b9dfc3af1d8652f1b2b9ecbe7745 |
| SHA256 | 46e76156b175d81666eb7f2e62c018dc11c9992fc3e956aeef3bea2f11cabdae |
| SHA512 | 5d51a47e8f3ba0f8369798ff217477d495cf4334a796128c9ac8bf068181fadfd550d2d34340d40488ddc53b1b4ee8336a6819905f51c17f22799d0a52c37e00 |
C:\Program Files (x86)\Wise\Wise Care 365\Languages\Belarusian.ini
| MD5 | 2bb8c96c5947bf56961a77301bf8abd7 |
| SHA1 | b279b072a9f90d7ddcaa9b9d100be0df8406d703 |
| SHA256 | f6b767f35b3bb389950a993737fdcae26e722373f0f8c20d0300b8cd267a324f |
| SHA512 | 26c488f53dda7d03da8bd6ddb085c5a0247ab0879d139a467e568cfe3093e7aaaf9e3953028aa067c45b13022625b8f36888428b9b151c17cde3d72559ade355 |
C:\Program Files (x86)\Wise\Wise Care 365\Languages\Azerbaijani(Latin).ini
| MD5 | feacb1fc644f947e69b9286db1f486c3 |
| SHA1 | bf5c00be0753b5b94c9c5d93000f5d2d1c1cacd6 |
| SHA256 | 5982ae68cde547dbde027b9fae189758877709bc42a5f266f580dfe0bbc4c236 |
| SHA512 | fdb9cc4a64a018ece27e0c7ae894b42ae1b1fe7c1694ee253eb0520b8c65a5b28fce202278d07899df32b5b2c5298c354051d19a1f8c4e562cab93f52fe94a8a |
C:\Program Files (x86)\Wise\Wise Care 365\Languages\Arabic.ini
| MD5 | d5dfe4f85a192bf151551ab58141831a |
| SHA1 | 1de8e24f0e8b7cbc95bc8812272fa298b3067ffd |
| SHA256 | 3afe3f78ec6379fcf58067bcfaffcb46687e49bfd35139356523025339179f61 |
| SHA512 | f7fd1bcca40aabc27895f2ae165f8cd5a4e9be8f0ddf012de663aad5059f2b05e19b11dc24562594276ee25f0a7ac739382094d4a516beae2ae11c66e56f8f93 |
C:\Program Files (x86)\Wise\Wise Care 365\Tools\img\FastSearch.svg
| MD5 | 7d5d197f5cb0611cc75dda197ae8eba0 |
| SHA1 | a5b2a943cdd3bf9ae423b6adce10e0a238169a14 |
| SHA256 | f8e59d250e4af0261e549a79d5282f838fb816ad2dcc219ef309177958106e09 |
| SHA512 | 7b8f29d4157fdd439681649061a6722a0c16f865f0f53d22a401ee712f240a5d48b528ac29a005bb8d2de6d3f8191b693bcf2db86ccc041b69bbe2debb0ca7ae |
C:\Program Files (x86)\Wise\Wise Care 365\Tools\img\ProgramUninstaller.svg
| MD5 | 7cf723171dcbd35b029a20668106ead0 |
| SHA1 | 66dca7371442e11080badd4410c38e35fd93fe75 |
| SHA256 | a440591f2638a1c8ac09d00df87b428bf5d34b74108658bef8e70b831084f001 |
| SHA512 | 779790d605a11a820c28fdd88601ce51b9f49b02d2404046e2d90996af05557fd86f021eb3b1d562bef7f51c852f75e7a3b692714992a318050f1b1677ffa859 |
C:\Program Files (x86)\Wise\Wise Care 365\Tools\img\MemoryOptimizer.svg
| MD5 | 8fa2ac19f7b58047168d471dd809208a |
| SHA1 | 525c94b68003b81b27bd691a629063dcca35012b |
| SHA256 | 2368ee864828d106fc092d1250360a1f784d28f1be38805d9071690651035607 |
| SHA512 | cb4adfe349512486273cf7721a7981f57a6439de118aea49d96c07a7000b2fd34d43b6ce7d76ead5a0a39526a9cc74c50cdd3bc5ccc9305b3bce88a7334406ba |
C:\Program Files (x86)\Wise\Wise Care 365\Tools\img\AutoShutdown.svg
| MD5 | 2b3100bbbccf5dd9fbd6e51848765db8 |
| SHA1 | 77655ec4f57c7f960849242ee3ca47f4792b156a |
| SHA256 | 6cc9ae74eebf468be9689ec0b3c0d68384b4cab3242ffcc0892fd4aa3a55578a |
| SHA512 | aef6bfa3320307e58159478c13696a7fe614b147679a315592a1af04be2d74fa83c464da23e246b3760a32506514b9d64e3f97cbe033818509ab3815089823af |
C:\Program Files (x86)\Wise\Wise Care 365\Tools\img\Reminder.svg
| MD5 | d4ad51dc2849dcb314f3ca8ac7757143 |
| SHA1 | e9dd1ef3d6a0573aaf8b9c453bc32c0ee71bf5a9 |
| SHA256 | 8890a391d09d4c1b73913a65e6db9e40f7c06f1ca8c2f1cf0aa94f19731d9783 |
| SHA512 | 12ddd5389c2a371826eb50d6099c6649c3260e82d24b85393086c92c2049c5deaf45182d7c4113468836fc6e1c76b500af8b0defdfaf6c4412120a2620083faa |
memory/3268-373-0x0000000000400000-0x000000000069A000-memory.dmp
C:\Program Files (x86)\Wise\Wise Care 365\Tools\img\ForceDeleter.svg
| MD5 | 61db297b0f6565b4a555824ea5be93bf |
| SHA1 | e17bbd1db8b1cedc611250ddd6b31496e17a0ad2 |
| SHA256 | 4750e9b9b8962a4035e6e492a0c6dcfd7bf5a0cf717cd1a720318e44130a63cb |
| SHA512 | 798c7ca4ea4a9b23235f1f4772649fe2f71a9551eece67550b6bd559fdc8c73f2ca51c18453730cbd0ed46cc877926cab72fa17ee1e8332f40e9cf0f541367f0 |
C:\Program Files (x86)\Wise\Wise Care 365\Tools\img\FolderHider.svg
| MD5 | 0f9e7177f0cb1ec8a45208be94aede13 |
| SHA1 | 453b1c0208e3cf4f5f64fc8d66320f3dee879848 |
| SHA256 | cbaffc932a05d28f6032c31d3cf5817d23e3fc5492fec0f6cb0db1458c0c0662 |
| SHA512 | ec0738341b18d0d042a07319a6790ad6604983e09ccd2972967d016f3392f744345657cc2988ce3a81682cb3aa748e5db76917e42e2a3ae1c92f1385394c4f15 |
C:\Program Files (x86)\Wise\Wise Care 365\Tools\img\DuplicateFinder.svg
| MD5 | 170a4b795cef3e2b5e6184e6fca4a698 |
| SHA1 | e84fb034745e424cd4783ee603829f4c6ac4703e |
| SHA256 | a3dbdbb4e21a9a54b256dd8c7f1f17459463de6a63754e8726fea13cd39374cd |
| SHA512 | 5f0920a0fba30daf377a8f03678f2a4e1d35dd4d583dc469bbb50a95d55dbb90923e6314855b2df1a01695fbd6704c8671a2f567a314e80e9dd94cd47165f753 |
C:\Program Files (x86)\Wise\Wise Care 365\Tools\img\DateRecovery.svg
| MD5 | d96c9920a33db25880c12cafa8dd83ca |
| SHA1 | 05c22e14a9f9024e6b89723fdb92a180f3355b2e |
| SHA256 | e302398c76130026f3fa76131672b9479d88f2a119075d2c723a928ea4bd90c0 |
| SHA512 | d8dccdda1c20a11864374678530a77d2efbf3e96bfb1ab13bd53c8946b0b2a52344727d07aafe566f9db080524d9fef940cd3ca98c1a38ec336bfc5a37d3b003 |
C:\Program Files (x86)\Wise\Wise Care 365\Tools\img\Imagex.svg
| MD5 | 985f50e6d67b62606ef43d97e17f0a55 |
| SHA1 | 84732d132cae14c7fe05e178a93a5306049a86c3 |
| SHA256 | effaa815cbf591bc3914d0212d93a948d8424d4a9f5ca2f3cd751b9ae0e9c24d |
| SHA512 | 1ae737a38a86d05da64b3bd9f561d1484dfca2d35fbd4353ed333d2fb4b8b56928817e0127577dd6449d35124680a67b2b3cfdaf56d899a6f329dca67be947cf |
C:\Program Files (x86)\Wise\Wise Care 365\tools\toolsv6.ini
| MD5 | bfb30cc36790491cdab86bacd19f88cd |
| SHA1 | 7557fa345eb96b0eefd78f0473ba9ed44f66a717 |
| SHA256 | d779a7f700f3ac6128bb023a520371e9de751578e9fd9445669713c310488ae3 |
| SHA512 | 77421ff796f98d052efd7b0b7dd1e3c8dbbc0b07410ec1fd54970a9fb42d272299426f3cb032834af8bb7795ec4ea0bcd212e3b467040bf88535be5eca2f1f26 |
memory/3328-379-0x0000000000400000-0x00000000004DF000-memory.dmp
memory/3612-518-0x0000000000400000-0x0000000001679000-memory.dmp
C:\Users\Admin\AppData\Roaming\Wise Care 365\CheckupExclude.lst
| MD5 | 48b520aa27908468d82a940f5b157e0a |
| SHA1 | 1e4ff4c71885ad086f138dbb3c558d854eeef03d |
| SHA256 | 8c89156201204b23a6c36731b6c566d014c66f6631accee9b3a78b6951bb5bd1 |
| SHA512 | e2a36deced2278a9fd0fc5f2282273888238f0db0276099a3d70500826b0b3a0d609320a582c7313b561f933f6b631612af2dfca321d30bb9030806027951f86 |
memory/740-542-0x0000000000400000-0x00000000004A9000-memory.dmp
memory/804-543-0x0000000000400000-0x0000000000C62000-memory.dmp
memory/3612-544-0x0000000000400000-0x0000000001679000-memory.dmp
memory/804-546-0x0000000000400000-0x0000000000C62000-memory.dmp
memory/3612-547-0x0000000000400000-0x0000000001679000-memory.dmp
memory/804-550-0x0000000000400000-0x0000000000C62000-memory.dmp
memory/3612-552-0x0000000000400000-0x0000000001679000-memory.dmp
memory/804-554-0x0000000000400000-0x0000000000C62000-memory.dmp
memory/3612-555-0x0000000000400000-0x0000000001679000-memory.dmp
memory/804-557-0x0000000000400000-0x0000000000C62000-memory.dmp
memory/3612-558-0x0000000000400000-0x0000000001679000-memory.dmp
memory/804-560-0x0000000000400000-0x0000000000C62000-memory.dmp
memory/3612-561-0x0000000000400000-0x0000000001679000-memory.dmp
memory/804-563-0x0000000000400000-0x0000000000C62000-memory.dmp
memory/3612-564-0x0000000000400000-0x0000000001679000-memory.dmp
memory/804-566-0x0000000000400000-0x0000000000C62000-memory.dmp
memory/3612-567-0x0000000000400000-0x0000000001679000-memory.dmp
memory/804-570-0x0000000000400000-0x0000000000C62000-memory.dmp
memory/3612-571-0x0000000000400000-0x0000000001679000-memory.dmp
memory/804-573-0x0000000000400000-0x0000000000C62000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\vzqsncyjod.dat
| MD5 | e7740e7b46566f9c727217343cc338b6 |
| SHA1 | 84aa115d362dceabc01f202cece79947846a7152 |
| SHA256 | 8520156f6513ea698001be40333ca918189b79e0e323ef92859603f7ad618864 |
| SHA512 | 745297d650fbf9ac491073db46a3ca6cb4f14e2cdf96625e0ec416b5c20ccf3373a6ff010fbc25b9cdbe779aaafa5f80de7c18a8b9c6009fd0ae43ea19134bbb |
memory/3612-791-0x0000000000400000-0x0000000001679000-memory.dmp
memory/804-793-0x0000000000400000-0x0000000000C62000-memory.dmp
memory/804-796-0x0000000000400000-0x0000000000C62000-memory.dmp
memory/3612-794-0x0000000000400000-0x0000000001679000-memory.dmp
memory/804-799-0x0000000000400000-0x0000000000C62000-memory.dmp
memory/804-803-0x0000000000400000-0x0000000000C62000-memory.dmp
memory/3612-801-0x0000000000400000-0x0000000001679000-memory.dmp
memory/804-806-0x0000000000400000-0x0000000000C62000-memory.dmp
memory/3612-804-0x0000000000400000-0x0000000001679000-memory.dmp
memory/3612-807-0x0000000000400000-0x0000000001679000-memory.dmp
memory/804-809-0x0000000000400000-0x0000000000C62000-memory.dmp
memory/804-812-0x0000000000400000-0x0000000000C62000-memory.dmp
C:\Program Files (x86)\Wise\Wise Duplicate Finder\is-AOIHN.tmp
| MD5 | 4a0f1a666912e64f1ba811fc24d7135f |
| SHA1 | dcbadd9698e306f0cd6e80737fc44f53336cf36c |
| SHA256 | d6b418c619ba7456b594dff10c3face4ac28609a64f2bf5e635292d7ff4f57e5 |
| SHA512 | 36eba1cc1c0ac8d5fee7e88fd90b01ee800945ebed45ef92adf64e4aa356a2afe9acc6b07cae478cc467ca62b4a7895cecc3af9bbdf93c2a9c2271253ed00342 |
C:\Program Files (x86)\Wise\Wise Duplicate Finder\WiseDuplicateFinder.exe
| MD5 | 6e23ddeaadc1d0ec99128498cc5df0ee |
| SHA1 | 88370f7e9e3b4a231fc87099e1b1023daccedf62 |
| SHA256 | b620b05aeae294774014fe4437106d605d93e70575cb227d99d1ddeeb4ffbb62 |
| SHA512 | 7d9bcdc366fd22a5694c19cd1cd12b598bae1730a623db7e427620afc843af20fff79858931bb7a7b4dbc87301e8323bae16dc1a96f8d23a3ee21045c94897b1 |
C:\Users\Admin\AppData\Roaming\Wise Duplicate Finder\Config.ini
| MD5 | ce980221e90de3a56b9e2f798e18e135 |
| SHA1 | 2eb508b1e3e16279a461105cff5e5d9169f0ebe7 |
| SHA256 | 4472182014ef24f8939415fc2d94ea7195df5a25e2f37f730957458347626dc8 |
| SHA512 | f7afdfe3cceed96e7bbf107ccbab7ecf5c48238e2f689f38c3ac37b3e82d74d6fd5bae65486c2a8ec8a73e02fc5f9c1e419cbb3fd303337287ec83717a00b710 |
C:\Program Files (x86)\Wise\Wise ImageX\imagex.exe
| MD5 | a13b67ff4866f5ab548a539e2b95d51a |
| SHA1 | 95a6f11732d51ce201975f7f724cabf38008a76f |
| SHA256 | d110121598561ccc99902512f474aaea2d7eb5d7b7634f0e88bf1258cea04870 |
| SHA512 | ea2d30932a3ec0767cf4573b0c095d3ce4b4a9861b26b752862ffeb1ef5d6b9e20fa3268c57502997374439384b17a237aceb0462b8ab8a0bb7039fe1b156f24 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | ea98e583ad99df195d29aa066204ab56 |
| SHA1 | f89398664af0179641aa0138b337097b617cb2db |
| SHA256 | a7abb51435909fa2d75c6f2ff5c69a93d4a0ab276ed579e7d8733b2a63ffbee6 |
| SHA512 | e109be3466e653e5d310b3e402e1626298b09205d223722a82344dd78504f3c33e1e24e8402a02f38cd2c9c50d96a303ce4846bea5a583423937ab018cd5782f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 4f7152bc5a1a715ef481e37d1c791959 |
| SHA1 | c8a1ed674c62ae4f45519f90a8cc5a81eff3a6d7 |
| SHA256 | 704dd4f98d8ca34ec421f23ba1891b178c23c14b3301e4655efc5c02d356c2bc |
| SHA512 | 2e6b02ca35d76a655a17a5f3e9dbd8d7517c7dae24f0095c7350eb9e7bdf9e1256a7009aa8878f96c89d1ea4fe5323a41f72b8c551806dda62880d7ff231ff5c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 3b6e70c37f0e6b6425cce131675ec29a |
| SHA1 | b9f6f5b03b3296673822184b1af0aa8fbd242b9a |
| SHA256 | 9c62379d8cd909b7ab602e5a973874a511bfdc0f5444cd11722700c6710c4a65 |
| SHA512 | 819a85b1906157dc4877cfea84388ebe6a398554297f5ce78975f51fb09b116cde077add59993a0d7eff1b1d105993586b1185e84186cd613590303c73794680 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | db3192e11ef359fe013f7df9e13f4100 |
| SHA1 | bc0df448fadd7e0dd8122f8191a722ca9e84ac65 |
| SHA256 | 8d815fcb06abc574405006c458a15087a63136fbf8d8aa033e53068a245ec137 |
| SHA512 | 09daf363c37833c5ba12672062c2e92ab8fdec17e7a8d41bff56ac98a9abf48624f969ea403e6f7ef955befefaf2c09f2a6ec6358221383a30503ee4e0817dc6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 0bc3d8def2bb0d92b4899817910a9dc3 |
| SHA1 | b3f1503c11c8f80cd3a7d27950249f09177674c4 |
| SHA256 | 8c3575899b4ba35793c9f8c3a48972f479662438ce66f960458784318b380343 |
| SHA512 | 808b7da8706ac3b674681f06ae7c455ab2b400ad1ceb9fb99d906d2e4b9c22d42efe98f2eb84afb47560684a8c8a78a18abe84071f969d48e11bce5716b004a1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | ed043e458f02fbe570d6dc22547e1cf0 |
| SHA1 | 0aed01597b2a4456203f4245e09ec89f04950ea3 |
| SHA256 | 26cacfda8491bb81359a10d23fa480bec340df16906b0666c4729a1468d4df81 |
| SHA512 | 0ce7626e7709999a0b632c580b5a520c962b05e79963bc5c8737ac0f1971e9739d4f7012cec1567c3c1c822ba28c3bbcc6d6a1d568cdb4213ccaf80229115781 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 283fd4b0e37cda3456a5aff4d75fa54c |
| SHA1 | 6a4f57ab7bb3323a1227cce1429e204476c8b964 |
| SHA256 | 2d2531a1d1cd5bea568e07498941aa7f9bc44c8efaeabd59194242a6f71db2a2 |
| SHA512 | bcacae57abbbc547c9f8f718456a4442044a87448973277aa1b29498d49f3596bc7fb68aaab9f686e90c4f7bc3ca67b9eb5c806863d406c15ca94fe0ff343a2c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_0
| MD5 | cf89d16bb9107c631daabf0c0ee58efb |
| SHA1 | 3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b |
| SHA256 | d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e |
| SHA512 | 8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1
| MD5 | f50f89a0a91564d0b8a211f8921aa7de |
| SHA1 | 112403a17dd69d5b9018b8cede023cb3b54eab7d |
| SHA256 | b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec |
| SHA512 | bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_3
| MD5 | 41876349cb12d6db992f1309f22df3f0 |
| SHA1 | 5cf26b3420fc0302cd0a71e8d029739b8765be27 |
| SHA256 | e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c |
| SHA512 | e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_2
| MD5 | 0962291d6d367570bee5454721c17e11 |
| SHA1 | 59d10a893ef321a706a9255176761366115bedcb |
| SHA256 | ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7 |
| SHA512 | f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed |
C:\Program Files (x86)\Wise\Wise Data Recovery\WiseDataRecovery.exe
| MD5 | 5964421c5d76a5b6d495f493ff95aba6 |
| SHA1 | 93ee0671b34f4d1d61a89db012eb48e0b3b9dbbd |
| SHA256 | 8b51ee743141d6e4746537eac56162c4418b2e289678bf954b7b5695b288412e |
| SHA512 | 8e9a32a1d8e8b5ec36da9eb3017bb263ca0390bf3a04f62f1a194ce63bc83f4ad896ccc4904a0fe8c6bffaa2d074995d9e09ed96ac8aa56440f679057148d60f |
C:\Users\Admin\AppData\Roaming\Wise Data Recovery\Config.ini
| MD5 | 037ace80367759b041cbf2eac003be73 |
| SHA1 | 0adaba0539af04d1f8042eeab769d0b428bdd1f6 |
| SHA256 | e873c0ff4be08f261237d9bef96cc62bc82161e99f83dfebfc83f5e09276a0c0 |
| SHA512 | 9eb9f15c60ba273a2f44b98ad4f1b3d9e3bbbed4be1bc04d249fa5dd43cc3c6e25eddb6f36ec9366161546484c2182632d26feb773ab4ca00c6217eab53136ce |
C:\Users\Admin\AppData\Roaming\Wise Data Recovery\Config.ini
| MD5 | 7561d6b6f380984ed68933fdc67b4064 |
| SHA1 | e5046ef8d4e46bef0b8ff8607ba7563f062ef11d |
| SHA256 | 728740127d3f3040b8ec35a8c93d81adff68b212cdfdfdec21437164b33bd603 |
| SHA512 | f70d1811ef08682f9a445bdea521a272c33268e5a5d553bb43254863cb120eba156b59a3ea7bebaee98f5b73245f427257d1af9d350395f93afd69b430dcafca |
C:\Users\Admin\AppData\Local\Temp\is-O5MCA.tmp\_isetup\_setup64.tmp
| MD5 | e4211d6d009757c078a9fac7ff4f03d4 |
| SHA1 | 019cd56ba687d39d12d4b13991c9a42ea6ba03da |
| SHA256 | 388a796580234efc95f3b1c70ad4cb44bfddc7ba0f9203bf4902b9929b136f95 |
| SHA512 | 17257f15d843e88bb78adcfb48184b8ce22109cc2c99e709432728a392afae7b808ed32289ba397207172de990a354f15c2459b6797317da8ea18b040c85787e |
C:\Program Files (x86)\Wise\Wise Folder Hider\WiseFolderHider.exe
| MD5 | 7a92dd4144b6f2c2c74e8a82de5e8b57 |
| SHA1 | e470c922a3984750c558731007a5448c084a4f77 |
| SHA256 | 23a933c5fd595ed93c3c290266199dcc4920b08a8637745698c116a230854da5 |
| SHA512 | 322f5bc8ef748fce32c7a53d8fbfa48ab737dd5b67585ab3346aadfed52e044cbb5d60139a88099751c02875abfc03bd71f55e3c4b258b1db46c6880a358236d |
C:\Program Files (x86)\Wise\Wise Folder Hider\unins000.msg
| MD5 | 4fbbe2a8a4b021880baf5c79fad03f5d |
| SHA1 | 1127e554d25135e786c4f011537007c57859eeeb |
| SHA256 | 2be4a237e289e4120326d4bca13bd7283bc779baa185d34b29e0391d752c743a |
| SHA512 | c17393fe7af9b618e499b1a598d71334e6bd332e5f88dff773427709cd1feae00f923cf8560c9cdf134fc7f9aff8e1775e716ffb315fc0e3a2075430ee412ae8 |
C:\Users\Admin\AppData\Local\Temp\FILE_S64.sys
| MD5 | 78306ee86c50d5755f429ece04b8d371 |
| SHA1 | 4272724b9b54ac861889663ae81f105eaed34dc5 |
| SHA256 | b59d184ec1a345fdb35c3650f5a4042043b166d0551ca35524b4fa8dab387600 |
| SHA512 | 9f8483cf9fe941cdb72fea29ea5d51cf82a9e37c26134a5ae0253f0b31805884d1c4dd20bde5035135ea4798adc53a88510011c7b4ddbe3ac81680cd66b9243f |
C:\Program Files (x86)\Wise\Wise Force Deleter\WiseDeleter.exe
| MD5 | 17534ab01db7d7a868d49c1c8926bbdf |
| SHA1 | 1fed0ad387ea8095be4263b26e33eb0a756cf031 |
| SHA256 | ff3591af14655e8b424dc00d96e32166ab92941fcab0f6246b0c5dda01ca3992 |
| SHA512 | a01e6c6ad1a86eabbbd604643a5413dc91c3ca9c329802669d640b846974084d7273760355f962767e45d0dafe13a4ae4c1e3c8317b5dcb7f491b8c08cc25e9c |
C:\Users\Admin\AppData\Local\Temp\UNLOCK64.sys
| MD5 | 3a876b31c94f7782eb9de06f8abdc9e6 |
| SHA1 | 92a8a21b89a0f692d7c847de483cc3114478a478 |
| SHA256 | 8c4c6cc6685a719ac4e6119e1dac4ba029eba21720d5c3ca340006c9113cc6df |
| SHA512 | 97c22a6d971fbc9f09cf2304cf26737119a91c5e5e2ca8b7d40a76b2f55c24005eb7350fc868be800da02248dd40dfe8af580a2c11fadc3a9eaebfee75325197 |
C:\Users\Admin\AppData\Roaming\Wise Force Deleter\config.ini
| MD5 | 2229302c02d94d08236205b72179ae2a |
| SHA1 | 228023cbfb65d6e66bc379598c93570867614b7c |
| SHA256 | a68624fe610428d12b947b379fd7d974900bc9c6722d2c74c31ddb365935500f |
| SHA512 | 4f5224a184f1539d9aea65adc2bbf55cd26c8aa7e66f3ae68b55a7159b6819f8f55a5357c3c334eea58a6137ad3aa3c36e9e3be0df41e0c17117d2626e37d9ca |
C:\Program Files (x86)\Wise\Wise Auto Shutdown\WiseAutoShutdown.exe
| MD5 | 22b42434adc082d55b97a6a3ef2df422 |
| SHA1 | 25cfae40c9d0eea99b0c7737e2f3b04b13d864d8 |
| SHA256 | ad34423f57efb5a70cedf25829a0674b2c2ea0687a1b9be86df045fd17dfa0ca |
| SHA512 | 725cc1ece547c827ef9d8d1cd9557e814f3697ba0288c75ff48735f351b1778ef702996eee8bc63c1bdaa1045f39722eb43391374f2f30e20aba7ea5752493bc |
C:\Users\Admin\AppData\Roaming\Wise Auto Shutdown\config.ini
| MD5 | 440a93314b43872d4ad732ef0c2007e3 |
| SHA1 | 46f1a7d80d8fe3b3c911549c4579be1364b46564 |
| SHA256 | 04fbfe7942affa06942f21519f69df4b02a930fc37dbc60a02ed045295978e41 |
| SHA512 | 9f709a4432612f11ff9dee9e105227591fe8560965a4c4d20d011ab52f66e8d8b8ca9f10b9c505e4cd277c89c89e274e8aa42eebb0b91f58b7e103ec650c53af |
C:\Program Files\Wise\Wise Memory Optimizer\WiseMemoryOptimzer.exe
| MD5 | 64358eaaf5982167143fca896eed7945 |
| SHA1 | f054b4f8d0171adc370d0c0eb6daede6b993ba87 |
| SHA256 | b0f798c11f6a77e3b7e707261abe35a1ea84efb362ae9eeb16f91cfbee2a6b04 |
| SHA512 | 21548d330123f4d5b09e065cdd12f0930c1466a85ee30145f355280c50995ac1c479e89815cb9c634b9408a9f12ae8b2cce7befc69cd48494b4622f58813d787 |
C:\Program Files (x86)\Wise\Wise Program Uninstaller\WiseProgramUninstaller.exe
| MD5 | 9fc3bfa5d2f440efd67041aa6a516bbd |
| SHA1 | 1303b05ad230cd52a2fb0406e35e565e5362b891 |
| SHA256 | d4d86f80a0b3c7593b9a19f4ecf633e02d5c02cc8f8cd2e9b802bb2d99187df5 |
| SHA512 | 62097fce5fd4cfe0910ffba4da2eff12f81b6b4028e410bacc71e3e25ca731c43a76c50aa53ac96f03361954a4df893bbaa3f297cc9e6a450f6a7cbbbfe88e3b |
C:\Users\Admin\AppData\Roaming\Wise Uninstaller\SoftwareRateInfo.info
| MD5 | 214f4311069ce7a110b71cc7252925f7 |
| SHA1 | 9aa882e1c876d1e2b2081b33596b5b7f15681bf6 |
| SHA256 | 123782c8534c9d585a6962fe7c2a075db8d5a95ddb4598cf8da3743fc37f3abc |
| SHA512 | 1b8e162909bb8df1fce27c0db14157cb43d8c514913dc9ef4afd21e002ebc4e13d8b3adc0e62888457a95f7bdb3a375ddd4a353ea3f8907883ee4a659881c4c1 |
C:\Users\Admin\AppData\Roaming\Wise Uninstaller\Config.ini
| MD5 | 7024d1592ee42accc1697c4a35b18d55 |
| SHA1 | a0b763b0e68105e64ffed1f1ae4df22c04df4357 |
| SHA256 | f42957181c1f0b180137ae59f9017055a48a839322d15672f9d8df8293c1541f |
| SHA512 | 91711975c9935ba4746eb6e02d49961a900bd3b79983d80ecefb1fe208bd52cb11a1ad3a63f8a47fe1ac9a08b4e656f41b1a790e92c07aee223802ee1db48f7e |
C:\Program Files (x86)\Wise\Wise JetSearch\WiseJetSearch.exe
| MD5 | 9ec640669a0b639f72aea7c85e98573c |
| SHA1 | b13645bd248c97710354e8dcc332b882d8aafffa |
| SHA256 | 7516edf8997e562e75007c7d73cc7e40d67e660509ffebd166e478cb9bef83f4 |
| SHA512 | 9963a9734f50d5976ad0e1e661b262e200658de8a096248529ccdfb90426090cdeb04e0fef5c9e0f63629945c911e13143428e45343795d499d6595cd3e27337 |
C:\Users\Admin\AppData\Roaming\Wise JetSearch\Config.ini
| MD5 | 28e173a001042d52497ab6f03b45872e |
| SHA1 | 939b706c3a42135dcad5c2fa9dd17413f58ed129 |
| SHA256 | 90073ace6d915985a199f49d7f19a61a990eeb422c73b80874dd7f6d5f883dfc |
| SHA512 | fa9d828cf5bf8565f756201c2e2316ba68cd00e096a9caf83edd992bdc40854ad854f7d635ee05906695396853d93f768120643901a7877ea083c3e5711e47c0 |
C:\Users\Admin\AppData\Roaming\Wise JetSearch\Config.ini
| MD5 | f5dd645ff132696239665c9667d59ca8 |
| SHA1 | ba7e39ab9afe525edbb80e146d94298a84a530c1 |
| SHA256 | d84cb9f398b8a8b12c2470a54eeb0c7a6849d059e890f3b0e5f2f918b0148807 |
| SHA512 | 26bf26a5328637149017a06cf08476a15f8896f47fea99123ea3a1cb70801d75bdebb363b11935a7ee911fdfaeeb4083dbc6fe50ede5d473b3542391c3116303 |
C:\Users\Admin\AppData\Roaming\Wise Memory Optimzer\MemoryConfig.ini
| MD5 | 2a441d5c80a435d28bca38925a0e7add |
| SHA1 | 22e1092fa2e1e8da929b478f74d5ed3e5298ea48 |
| SHA256 | fb2e16b3dc0e1a724e855fe2a78f3017548f3cc44f646d2372edc4d4dd0f0a95 |
| SHA512 | e319646c9f0e652bed2344e715e09d9842475f64fd4fcf293168de27459c228382f2a1f576da8b319ea9d54b65fa817948bf775fdcf717ad43b3dda4db43d571 |
C:\Users\Admin\AppData\Local\Temp\HARD_INFO64.sys
| MD5 | b28f9f83f7bb4583877893ee9179ced1 |
| SHA1 | 1eae81c529461cb865674d3a7e053ccf894a0457 |
| SHA256 | 399d61cc6362562f507bfde44caf2461b98a7b406ac203f136f6f3a9cfaeba9b |
| SHA512 | c8c5fb4371fc23220056960f1b04effdc508513400304c0232a238059148c4de1e18dcb009e5d45c866d4a956b1b4abbbbda2bde875588796a9a63057b203feb |