Analysis Overview
score
10/10
SHA256
496449c0419c1eaa88f8063ef5e7ee98497a450c253d17a30ed8b69a229407f0
Threat Level: Known bad
The file WiseCare365_6.7.2.646.exe was found to be: Known bad.
Malicious Activity Summary
Modifies firewall policy service
Possible privilege escalation attempt
Checks computer location settings
Modifies file permissions
Reads user/profile data of web browsers
Executes dropped EXE
Loads dropped DLL
Writes to the Master Boot Record (MBR)
Enumerates connected drives
Checks for any installed AV software in registry
Drops desktop.ini file(s)
Checks installed software on the system
Drops file in System32 directory
Drops file in Windows directory
Drops file in Program Files directory
Enumerates physical storage devices
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Modifies registry class
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious behavior: EnumeratesProcesses
Modifies Control Panel
MITRE ATT&CK Matrix V13
Analysis: static1
Detonation Overview
Reported
2024-06-01 16:16
Signatures
N/A
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-01 16:16
Reported
2024-06-01 16:21
Platform
win10v2004-20240508-en
Max time kernel
91s
Max time network
203s
Command Line
"C:\Users\Admin\AppData\Local\Temp\WiseCare365_6.7.2.646.exe"
Signatures
Modifies firewall policy service
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\EnableFirewall = "1" | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| Key created | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| Key created | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\PublicProfile | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\EnableFirewall = "1" | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
Possible privilege escalation attempt
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SYSTEM32\icacls.exe | N/A |
| N/A | N/A | C:\Windows\SYSTEM32\icacls.exe | N/A |
| N/A | N/A | C:\Windows\SYSTEM32\icacls.exe | N/A |
| N/A | N/A | C:\Windows\SYSTEM32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\SYSTEM32\icacls.exe | N/A |
| N/A | N/A | C:\Windows\SYSTEM32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\SYSTEM32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\SYSTEM32\icacls.exe | N/A |
| N/A | N/A | C:\Windows\SYSTEM32\icacls.exe | N/A |
| N/A | N/A | C:\Windows\SYSTEM32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\SYSTEM32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\SYSTEM32\icacls.exe | N/A |
| N/A | N/A | C:\Windows\SYSTEM32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\SYSTEM32\icacls.exe | N/A |
| N/A | N/A | C:\Windows\SYSTEM32\icacls.exe | N/A |
| N/A | N/A | C:\Windows\SYSTEM32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\SYSTEM32\icacls.exe | N/A |
| N/A | N/A | C:\Windows\SYSTEM32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\SYSTEM32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\SYSTEM32\takeown.exe | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\is-6HA0B.tmp\WiseCare365_6.7.2.646.tmp | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-6HA0B.tmp\WiseCare365_6.7.2.646.tmp | N/A |
| N/A | N/A | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Wise\Wise Care 365\BootTime.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Wise\Wise Care 365\WiseTray.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
Modifies file permissions
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SYSTEM32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\SYSTEM32\icacls.exe | N/A |
| N/A | N/A | C:\Windows\SYSTEM32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\SYSTEM32\icacls.exe | N/A |
| N/A | N/A | C:\Windows\SYSTEM32\icacls.exe | N/A |
| N/A | N/A | C:\Windows\SYSTEM32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\SYSTEM32\icacls.exe | N/A |
| N/A | N/A | C:\Windows\SYSTEM32\icacls.exe | N/A |
| N/A | N/A | C:\Windows\SYSTEM32\icacls.exe | N/A |
| N/A | N/A | C:\Windows\SYSTEM32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\SYSTEM32\icacls.exe | N/A |
| N/A | N/A | C:\Windows\SYSTEM32\icacls.exe | N/A |
| N/A | N/A | C:\Windows\SYSTEM32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\SYSTEM32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\SYSTEM32\icacls.exe | N/A |
| N/A | N/A | C:\Windows\SYSTEM32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\SYSTEM32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\SYSTEM32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\SYSTEM32\icacls.exe | N/A |
| N/A | N/A | C:\Windows\SYSTEM32\takeown.exe | N/A |
Reads user/profile data of web browsers
Checks for any installed AV software in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\software\avira\antivir desktop | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| Key opened | \REGISTRY\MACHINE\software\WOW6432Node\avira\antivir desktop | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\software\avira\antivirus | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| Key opened | \REGISTRY\MACHINE\software\avast software\avast | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| Key opened | \REGISTRY\MACHINE\software\WOW6432Node\avast software\avast | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\software\avast software\avast | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
Checks installed software on the system
Drops desktop.ini file(s)
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\Downloaded Program Files\desktop.ini | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
Enumerates connected drives
Writes to the Master Boot Record (MBR)
| Description | Indicator | Process | Target |
| File opened for modification | \??\PhysicalDrive0 | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{bb55fe41-7643-448a-9641-9c2086808c73}\snapshot.etl | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| File opened for modification | C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157 | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\CLR_v2.0\UsageLogs\addinutil.exe.log | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| File opened for modification | C:\Windows\System32\LogFiles\Scm\SCM.EVM.3 | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| File opened for modification | C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{9daa2515-ee05-4dbd-a37a-4dc1e17921cd}\snapshot.etl | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| File opened for modification | C:\Windows\System32\SleepStudy\ScreenOn\ScreenOnPowerStudyTraceSession-2024-05-08-12-11-07.etl | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| File opened for modification | C:\Windows\System32\SleepStudy\ScreenOn\ScreenOnPowerStudyTraceSession-2024-05-08-12-08-24.etl | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| File opened for modification | C:\Windows\system32\FNTCACHE.DAT | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| File opened for modification | C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_6372E0472AFF76BB926C97818BC773B9 | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| File opened for modification | C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506 | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| File opened for modification | C:\Windows\System32\CatRoot2\dberr.txt | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| File opened for modification | C:\Windows\System32\SleepStudy\ScreenOn\ScreenOnPowerStudyTraceSession-2024-05-08-12-09-21.etl | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| File opened for modification | C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\FB0D848F74F70BB2EAA93746D24D9749 | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| File opened for modification | C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_CBDCCBFE4F7A916411C1E69BDD97BB04 | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| File opened for modification | C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_363582827213C09529A76F35FB615187 | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| File opened for modification | C:\Windows\System32\LogFiles\Scm\SCM.EVM.1 | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| File opened for modification | C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_0FB9553B978E7F00C6B2309507DEB64A | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| File opened for modification | C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776 | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| File opened for modification | C:\Windows\System32\LogFiles\Scm\SCM.EVM.2 | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files (x86)\Wise\Wise Care 365\Languages\is-7CIU5.tmp | C:\Users\Admin\AppData\Local\Temp\is-6HA0B.tmp\WiseCare365_6.7.2.646.tmp | N/A |
| File created | C:\Program Files (x86)\Wise\Wise Care 365\headers\is-QPPPV.tmp | C:\Users\Admin\AppData\Local\Temp\is-6HA0B.tmp\WiseCare365_6.7.2.646.tmp | N/A |
| File created | C:\Program Files (x86)\Wise\Wise Care 365\headers\is-DV0JJ.tmp | C:\Users\Admin\AppData\Local\Temp\is-6HA0B.tmp\WiseCare365_6.7.2.646.tmp | N/A |
| File created | C:\Program Files (x86)\Wise\Wise Care 365\headers\is-AL10D.tmp | C:\Users\Admin\AppData\Local\Temp\is-6HA0B.tmp\WiseCare365_6.7.2.646.tmp | N/A |
| File opened for modification | C:\Program Files (x86)\Wise\Wise Care 365\WiseDefrag.dll | C:\Users\Admin\AppData\Local\Temp\is-6HA0B.tmp\WiseCare365_6.7.2.646.tmp | N/A |
| File created | C:\Program Files (x86)\Wise\Wise Care 365\Languages\is-VLO42.tmp | C:\Users\Admin\AppData\Local\Temp\is-6HA0B.tmp\WiseCare365_6.7.2.646.tmp | N/A |
| File created | C:\Program Files (x86)\Wise\Wise Care 365\Languages\is-IRJ07.tmp | C:\Users\Admin\AppData\Local\Temp\is-6HA0B.tmp\WiseCare365_6.7.2.646.tmp | N/A |
| File created | C:\Program Files (x86)\Wise\Wise Care 365\headers\is-42QUN.tmp | C:\Users\Admin\AppData\Local\Temp\is-6HA0B.tmp\WiseCare365_6.7.2.646.tmp | N/A |
| File created | C:\Program Files (x86)\Wise\Wise Care 365\is-4BDE8.tmp | C:\Users\Admin\AppData\Local\Temp\is-6HA0B.tmp\WiseCare365_6.7.2.646.tmp | N/A |
| File created | C:\Program Files (x86)\Wise\Wise Care 365\tools\img\is-475A8.tmp | C:\Users\Admin\AppData\Local\Temp\is-6HA0B.tmp\WiseCare365_6.7.2.646.tmp | N/A |
| File created | C:\Program Files (x86)\Wise\Wise Care 365\is-U6TRE.tmp | C:\Users\Admin\AppData\Local\Temp\is-6HA0B.tmp\WiseCare365_6.7.2.646.tmp | N/A |
| File created | C:\Program Files (x86)\Wise\Wise Care 365\headers\is-10TOB.tmp | C:\Users\Admin\AppData\Local\Temp\is-6HA0B.tmp\WiseCare365_6.7.2.646.tmp | N/A |
| File created | C:\Program Files (x86)\Wise\Wise Care 365\headers\is-UA855.tmp | C:\Users\Admin\AppData\Local\Temp\is-6HA0B.tmp\WiseCare365_6.7.2.646.tmp | N/A |
| File created | C:\Program Files (x86)\Wise\Wise Care 365\headers\is-QB3BT.tmp | C:\Users\Admin\AppData\Local\Temp\is-6HA0B.tmp\WiseCare365_6.7.2.646.tmp | N/A |
| File created | C:\Program Files (x86)\Wise\Wise Care 365\Languages\is-L4HOO.tmp | C:\Users\Admin\AppData\Local\Temp\is-6HA0B.tmp\WiseCare365_6.7.2.646.tmp | N/A |
| File created | C:\Program Files (x86)\Wise\Wise Care 365\Languages\is-N8NK0.tmp | C:\Users\Admin\AppData\Local\Temp\is-6HA0B.tmp\WiseCare365_6.7.2.646.tmp | N/A |
| File created | C:\Program Files (x86)\Wise\Wise Care 365\Languages\is-3EBPN.tmp | C:\Users\Admin\AppData\Local\Temp\is-6HA0B.tmp\WiseCare365_6.7.2.646.tmp | N/A |
| File created | C:\Program Files (x86)\Wise\Wise Care 365\headers\is-6BMEM.tmp | C:\Users\Admin\AppData\Local\Temp\is-6HA0B.tmp\WiseCare365_6.7.2.646.tmp | N/A |
| File created | C:\Program Files (x86)\Wise\Wise Care 365\headers\is-G4S72.tmp | C:\Users\Admin\AppData\Local\Temp\is-6HA0B.tmp\WiseCare365_6.7.2.646.tmp | N/A |
| File opened for modification | C:\Program Files (x86)\Wise\Wise Care 365\libeay32.dll | C:\Users\Admin\AppData\Local\Temp\is-6HA0B.tmp\WiseCare365_6.7.2.646.tmp | N/A |
| File created | C:\Program Files (x86)\Wise\Wise Care 365\is-49QHM.tmp | C:\Users\Admin\AppData\Local\Temp\is-6HA0B.tmp\WiseCare365_6.7.2.646.tmp | N/A |
| File created | C:\Program Files (x86)\Wise\Wise Care 365\Languages\is-1NO4T.tmp | C:\Users\Admin\AppData\Local\Temp\is-6HA0B.tmp\WiseCare365_6.7.2.646.tmp | N/A |
| File created | C:\Program Files (x86)\Wise\Wise Care 365\tools\img\is-688PK.tmp | C:\Users\Admin\AppData\Local\Temp\is-6HA0B.tmp\WiseCare365_6.7.2.646.tmp | N/A |
| File created | C:\Program Files (x86)\Wise\Wise Care 365\tools\img\is-L85R1.tmp | C:\Users\Admin\AppData\Local\Temp\is-6HA0B.tmp\WiseCare365_6.7.2.646.tmp | N/A |
| File created | C:\Program Files (x86)\Wise\Wise Care 365\headers\is-MDT9F.tmp | C:\Users\Admin\AppData\Local\Temp\is-6HA0B.tmp\WiseCare365_6.7.2.646.tmp | N/A |
| File created | C:\Program Files (x86)\Wise\Wise Care 365\headers\is-JPMEU.tmp | C:\Users\Admin\AppData\Local\Temp\is-6HA0B.tmp\WiseCare365_6.7.2.646.tmp | N/A |
| File created | C:\Program Files (x86)\Wise\Wise Care 365\is-ARTBA.tmp | C:\Users\Admin\AppData\Local\Temp\is-6HA0B.tmp\WiseCare365_6.7.2.646.tmp | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\20240508120826.pma | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| File created | C:\Program Files (x86)\Wise\Wise Care 365\is-5F21P.tmp | C:\Users\Admin\AppData\Local\Temp\is-6HA0B.tmp\WiseCare365_6.7.2.646.tmp | N/A |
| File created | C:\Program Files (x86)\Wise\Wise Care 365\Languages\is-05Q43.tmp | C:\Users\Admin\AppData\Local\Temp\is-6HA0B.tmp\WiseCare365_6.7.2.646.tmp | N/A |
| File created | C:\Program Files (x86)\Wise\Wise Care 365\headers\is-URKHT.tmp | C:\Users\Admin\AppData\Local\Temp\is-6HA0B.tmp\WiseCare365_6.7.2.646.tmp | N/A |
| File created | C:\Program Files (x86)\Wise\Wise Care 365\is-1B9NM.tmp | C:\Users\Admin\AppData\Local\Temp\is-6HA0B.tmp\WiseCare365_6.7.2.646.tmp | N/A |
| File created | C:\Program Files (x86)\Wise\Wise Care 365\Languages\is-SECFO.tmp | C:\Users\Admin\AppData\Local\Temp\is-6HA0B.tmp\WiseCare365_6.7.2.646.tmp | N/A |
| File created | C:\Program Files (x86)\Wise\Wise Care 365\headers\is-KM32R.tmp | C:\Users\Admin\AppData\Local\Temp\is-6HA0B.tmp\WiseCare365_6.7.2.646.tmp | N/A |
| File created | C:\Program Files (x86)\Wise\Wise Care 365\headers\is-NHRPD.tmp | C:\Users\Admin\AppData\Local\Temp\is-6HA0B.tmp\WiseCare365_6.7.2.646.tmp | N/A |
| File opened for modification | C:\Program Files (x86)\Wise\Wise Care 365\BootTime.exe | C:\Users\Admin\AppData\Local\Temp\is-6HA0B.tmp\WiseCare365_6.7.2.646.tmp | N/A |
| File created | C:\Program Files (x86)\Wise\Wise Care 365\headers\is-2RAHM.tmp | C:\Users\Admin\AppData\Local\Temp\is-6HA0B.tmp\WiseCare365_6.7.2.646.tmp | N/A |
| File created | C:\Program Files (x86)\Wise\Wise Care 365\is-66ULC.tmp | C:\Users\Admin\AppData\Local\Temp\is-6HA0B.tmp\WiseCare365_6.7.2.646.tmp | N/A |
| File opened for modification | C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\chrome.7z | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| File created | C:\Program Files (x86)\Wise\Wise Care 365\Languages\is-NKQSB.tmp | C:\Users\Admin\AppData\Local\Temp\is-6HA0B.tmp\WiseCare365_6.7.2.646.tmp | N/A |
| File created | C:\Program Files (x86)\Wise\Wise Care 365\Languages\is-GG47L.tmp | C:\Users\Admin\AppData\Local\Temp\is-6HA0B.tmp\WiseCare365_6.7.2.646.tmp | N/A |
| File created | C:\Program Files (x86)\Wise\Wise Care 365\headers\is-31VRP.tmp | C:\Users\Admin\AppData\Local\Temp\is-6HA0B.tmp\WiseCare365_6.7.2.646.tmp | N/A |
| File created | C:\Program Files (x86)\Wise\Wise Care 365\headers\is-62A7H.tmp | C:\Users\Admin\AppData\Local\Temp\is-6HA0B.tmp\WiseCare365_6.7.2.646.tmp | N/A |
| File created | C:\Program Files (x86)\Wise\Wise Care 365\headers\is-D4I9U.tmp | C:\Users\Admin\AppData\Local\Temp\is-6HA0B.tmp\WiseCare365_6.7.2.646.tmp | N/A |
| File opened for modification | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | C:\Users\Admin\AppData\Local\Temp\is-6HA0B.tmp\WiseCare365_6.7.2.646.tmp | N/A |
| File created | C:\Program Files (x86)\Wise\Wise Care 365\headers\is-9J8QJ.tmp | C:\Users\Admin\AppData\Local\Temp\is-6HA0B.tmp\WiseCare365_6.7.2.646.tmp | N/A |
| File created | C:\Program Files (x86)\Wise\Wise Care 365\headers\is-F04V9.tmp | C:\Users\Admin\AppData\Local\Temp\is-6HA0B.tmp\WiseCare365_6.7.2.646.tmp | N/A |
| File created | C:\Program Files (x86)\Wise\Wise Care 365\Languages\is-VM2FL.tmp | C:\Users\Admin\AppData\Local\Temp\is-6HA0B.tmp\WiseCare365_6.7.2.646.tmp | N/A |
| File created | C:\Program Files (x86)\Wise\Wise Care 365\Languages\is-2GQJA.tmp | C:\Users\Admin\AppData\Local\Temp\is-6HA0B.tmp\WiseCare365_6.7.2.646.tmp | N/A |
| File created | C:\Program Files (x86)\Wise\Wise Care 365\is-62B75.tmp | C:\Users\Admin\AppData\Local\Temp\is-6HA0B.tmp\WiseCare365_6.7.2.646.tmp | N/A |
| File created | C:\Program Files (x86)\Wise\Wise Care 365\headers\is-5G0RL.tmp | C:\Users\Admin\AppData\Local\Temp\is-6HA0B.tmp\WiseCare365_6.7.2.646.tmp | N/A |
| File created | C:\Program Files (x86)\Wise\Wise Care 365\is-EA55F.tmp | C:\Users\Admin\AppData\Local\Temp\is-6HA0B.tmp\WiseCare365_6.7.2.646.tmp | N/A |
| File created | C:\Program Files (x86)\Wise\Wise Care 365\unins000.msg | C:\Users\Admin\AppData\Local\Temp\is-6HA0B.tmp\WiseCare365_6.7.2.646.tmp | N/A |
| File opened for modification | C:\Program Files (x86)\Wise\Wise Care 365\ssleay32.dll | C:\Users\Admin\AppData\Local\Temp\is-6HA0B.tmp\WiseCare365_6.7.2.646.tmp | N/A |
| File created | C:\Program Files (x86)\Wise\Wise Care 365\Languages\is-RE7K0.tmp | C:\Users\Admin\AppData\Local\Temp\is-6HA0B.tmp\WiseCare365_6.7.2.646.tmp | N/A |
| File created | C:\Program Files (x86)\Wise\Wise Care 365\Languages\is-9MNKU.tmp | C:\Users\Admin\AppData\Local\Temp\is-6HA0B.tmp\WiseCare365_6.7.2.646.tmp | N/A |
| File created | C:\Program Files (x86)\Wise\Wise Care 365\headers\is-U5CEM.tmp | C:\Users\Admin\AppData\Local\Temp\is-6HA0B.tmp\WiseCare365_6.7.2.646.tmp | N/A |
| File created | C:\Program Files (x86)\Wise\Wise Care 365\headers\is-FELML.tmp | C:\Users\Admin\AppData\Local\Temp\is-6HA0B.tmp\WiseCare365_6.7.2.646.tmp | N/A |
| File created | C:\Program Files (x86)\Wise\Wise Care 365\headers\is-23TS9.tmp | C:\Users\Admin\AppData\Local\Temp\is-6HA0B.tmp\WiseCare365_6.7.2.646.tmp | N/A |
| File created | C:\Program Files (x86)\Wise\Wise Care 365\headers\is-N51DO.tmp | C:\Users\Admin\AppData\Local\Temp\is-6HA0B.tmp\WiseCare365_6.7.2.646.tmp | N/A |
| File created | C:\Program Files (x86)\Wise\Wise Care 365\is-33HMI.tmp | C:\Users\Admin\AppData\Local\Temp\is-6HA0B.tmp\WiseCare365_6.7.2.646.tmp | N/A |
| File created | C:\Program Files (x86)\Wise\Wise Care 365\Languages\is-QAAM9.tmp | C:\Users\Admin\AppData\Local\Temp\is-6HA0B.tmp\WiseCare365_6.7.2.646.tmp | N/A |
| File created | C:\Program Files (x86)\Wise\Wise Care 365\headers\is-2RQ6S.tmp | C:\Users\Admin\AppData\Local\Temp\is-6HA0B.tmp\WiseCare365_6.7.2.646.tmp | N/A |
| File created | C:\Program Files (x86)\Wise\Wise Care 365\Languages\is-EKT7L.tmp | C:\Users\Admin\AppData\Local\Temp\is-6HA0B.tmp\WiseCare365_6.7.2.646.tmp | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744CAF070E41400\15.7.20033\AcroPDF.dll | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| File opened for modification | C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744CAF070E41400\15.7.20033\AGM.dll | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| File opened for modification | C:\Windows\SoftwareDistribution\DataStore\logs\edbres00002.jrs | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| File opened for modification | C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744CAF070E41400\15.7.20033\PPKLite.api | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| File opened for modification | C:\Windows\prefetch\SVCHOST.EXE-342BD74A.pf | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| File opened for modification | C:\Windows\prefetch\RUNDLL32.EXE-56E309E9.pf | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| File opened for modification | C:\Windows\prefetch\AgGlGlobalHistory.db | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| File opened for modification | C:\Windows\panther\cbs.log | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| File opened for modification | C:\Windows\SoftwareDistribution\DataStore\logs\edb00005.log | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| File opened for modification | C:\Windows\prefetch\RUNDLL32.EXE-0C84305E.pf | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| File opened for modification | C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744CAF070E41400\15.7.20033\info.plist | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| File opened for modification | C:\Windows\prefetch\TAKEOWN.EXE-A80759AD.pf | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| File opened for modification | C:\Windows\prefetch\DLLHOST.EXE-5E46FA0D.pf | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| File opened for modification | C:\Windows\prefetch\AgAppLaunch.db | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| File opened for modification | C:\Windows\prefetch\RUNDLL32.EXE-0A03C9B5.pf | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| File opened for modification | C:\Windows\panther\UnattendGC\setupact.log | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| File opened for modification | C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744CAF070E41400\15.7.20033\displaylanguagenames.en_ca.t | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| File opened for modification | C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744CAF070E41400\15.7.20033\Bib.dll_NON_OPT | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| File opened for modification | C:\Windows\prefetch\SPPSVC.EXE-B0F8131B.pf | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| File opened for modification | C:\Windows\prefetch\RUNDLL32.EXE-5B70F332.pf | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| File opened for modification | C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744CAF070E41400\15.7.20033\MakeAccessible.api_NON_OPT | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| File opened for modification | C:\Windows\Installer\$PatchCache$\Managed\1D5E3C0FEDA1E123187686FED06E995A\10.0.40219\F_CENTRAL_atl100_x86 | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| File opened for modification | C:\Windows\prefetch\RUNDLL32.EXE-D71F3FEA.pf | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| File opened for modification | C:\Windows\prefetch\APPLICATIONFRAMEHOST.EXE-CCEEF759.pf | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| File opened for modification | C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744CAF070E41400\15.7.20033\acrotextextractor.exe | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| File opened for modification | C:\Windows\prefetch\SHUTDOWN.EXE-E7D5C9CC.pf | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| File opened for modification | C:\Windows\prefetch\RUNDLL32.EXE-1463E66D.pf | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| File opened for modification | C:\Windows\prefetch\AgGlFgAppHistory.db | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| File opened for modification | C:\Windows\Logs\waasmedic\waasmedic.20240508_121045_217.etl | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| File opened for modification | C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744CAF070E41400\15.7.20033\ROMAN.TXT1 | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| File opened for modification | C:\Windows\Installer\$PatchCache$\Managed\1D5E3C0FEDA1E123187686FED06E995A\10.0.40219\F_CENTRAL_msvcr100_x86 | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| File opened for modification | C:\Windows\prefetch\SMCONFIGINSTALLER.EXE-039D5D2E.pf | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| File opened for modification | C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744CAF070E41400\15.7.20033\CoolType.dll_NON_OPT | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| File opened for modification | C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744CAF070E41400\15.7.20033\acrocef.exe.15EE1C08_ED51_465D_B6F3_FB152B1CC435 | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| File opened for modification | C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744CAF070E41400\15.7.20033\CP1253.TXT | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| File opened for modification | C:\Windows\Installer\$PatchCache$\Managed\1D5E3C0FEDA1E123187686FED06E995A\10.0.40219\F_CENTRAL_mfc100chs_x86 | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| File opened for modification | C:\Windows\Installer\$PatchCache$\Managed\00006109E70000000100000000F01FEC\16.0.12527\msvcp140.dll_x64 | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| File opened for modification | C:\Windows\ServiceProfiles\NetworkService\Appdata\Local\Microsoft\Windows\DeliveryOptimization\Logs\domgmt.20240508_190828_804.etl | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| File opened for modification | C:\Windows\prefetch\RUNDLL32.EXE-7C77C512.pf | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| File opened for modification | C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744CAF070E41400\15.7.20033\AcroRd32Info.exe | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| File opened for modification | C:\Windows\prefetch\RUNDLL32.EXE-6F2A95AF.pf | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| File opened for modification | C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744CAF070E41400\15.7.20033\reflow.api_NON_OPT | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| File opened for modification | C:\Windows\prefetch\RUNDLL32.EXE-7EF4A0DD.pf | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| File opened for modification | C:\Windows\prefetch\WLRMDR.EXE-C2B47318.pf | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| File opened for modification | C:\Windows\prefetch\RUNDLL32.EXE-FFCC5BB3.pf | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| File opened for modification | C:\Windows\prefetch\RUNDLL32.EXE-894C9E34.pf | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| File opened for modification | C:\Windows\Logs\DPX\setupact.log | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| File opened for modification | C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744CAF070E41400\15.7.20033\CP1250.TXT2 | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| File opened for modification | C:\Windows\prefetch\RUNDLL32.EXE-61696F68.pf | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| File opened for modification | C:\Windows\SoftwareDistribution\DataStore\logs\edb00010.log | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| File opened for modification | C:\Windows\prefetch\SVCHOST.EXE-033BBABB.pf | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| File opened for modification | C:\Windows\prefetch\RUNDLL32.EXE-E8196656.pf | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| File opened for modification | C:\Windows\prefetch\DLLHOST.EXE-A73FB9CB.pf | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| File opened for modification | C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744CAF070E41400\15.7.20033\ICELAND.TXT | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| File opened for modification | C:\Windows\Installer\$PatchCache$\Managed\1926E8D15D0BCE53481466615F760A7F\10.0.40219\F_CENTRAL_mfc100kor_x64 | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| File opened for modification | C:\Windows\Installer\$PatchCache$\Managed\00006109E70000000100000000F01FEC\16.0.12527\vccorlib140.dll_x64 | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| File opened for modification | C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744CAF070E41400\15.7.20033\AcroRd32.dll | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| File opened for modification | C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744CAF070E41400\15.7.20033\AiodLite.dll | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| File opened for modification | C:\Windows\Installer\$PatchCache$\Managed\00006109E70000000100000000F01FEC\16.0.12527\vcruntime140.dll_x86 | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| File opened for modification | C:\Windows\Logs\WindowsUpdate\WindowsUpdate.20240508.121237.743.1.etl | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| File opened for modification | C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744CAF070E41400\15.7.20033\plugin.x.manifest | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| File opened for modification | C:\Windows\prefetch\TIWORKER.EXE-C101ABCD.pf | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| File opened for modification | C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744CAF070E41400\15.7.20033\F_CENTRAL_vccorlib120_x86.194841A2_D0F2_3B96_9F71_05BA91BEA0FA | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| File opened for modification | C:\Windows\Installer\$PatchCache$\Managed\1D5E3C0FEDA1E123187686FED06E995A\10.0.40219\F_CENTRAL_vcomp100_x86 | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
Enumerates physical storage devices
Modifies Control Panel
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\Desktop\WindowMetrics | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\Desktop\LowLevelHooksTimeout = "4000" | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\Desktop\HungAppTimeout = "3000" | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\Desktop\WaitToKillAppTimeout = "10000" | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\Mouse\mousehovertime = "100" | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\Desktop\WindowMetrics\MinAnimate = "0" | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\Desktop | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\Mouse | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\Desktop\WaitToKillServiceTimeout = "5000" | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\Desktop\AutoEndTasks = "1" | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\Desktop\MenuShowDelay = "0" | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\Desktop\ForegroundLockTimeout = "0" | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key deleted | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\.rwz\OpenWithProgids | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\.m4r\OpenWithProgids | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\.xvid | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\.R3D | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\.fh\OpenWithProgids | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\*\shell\WShredFile\Command | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\.glb | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\.appx | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\.ply | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\.oxps | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\.m4r | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\.fbx | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\mssharepointclient\DefaultIcon | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\.thumb\OpenWithProgids | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\.R3D\OpenWithProgids | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\.gltf | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\.wsb | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\.thumb | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\application/x-mix-transfer | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\.xvid\OpenWithProgids | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\.msixbundle\OpenWithProgids | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\*\shell\WShredFile | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\folder\shell\WShredFile | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\.msix | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\.mdc | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\*\shell\WShredFile\ = "Shred file/folder" | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\.xps | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\.loop\shell\open\command | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\.appxbundle | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shell\WShredFile\Command\ = "C:\\Program Files (x86)\\Wise\\Wise Care 365\\WiseCare365.exe -shred \"%1\"" | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shell\WShredFile\ = "Shred file/folder" | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\mssharepointclient\shell\open\command | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\.ms-lockscreencomponent-primary | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\.mdc\OpenWithProgids | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\.appinstaller\OpenWithProgids | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shell\WShredFile\ICON = "C:\\Program Files (x86)\\Wise\\Wise Care 365\\fileshredder.ico" | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\folder\shell\WShredFile\Command | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\.fluid\shell\open\command | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\.appinstaller | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\.rwz | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\.msixbundle | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\.msix\OpenWithProgids | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\.ms-lockscreencomponent-primary\OpenWithProgids | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\.fh | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\.appxbundle\OpenWithProgids | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\.whiteboard\shell\open\command | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\.stl | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\*\shell\WShredFile\Command\ = "C:\\Program Files (x86)\\Wise\\Wise Care 365\\WiseCare365.exe -shred \"%1\"" | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\.appx\OpenWithProgids | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\application/vnd.adobe.xfd+xml | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\*\shell\WShredFile\ICON = "C:\\Program Files (x86)\\Wise\\Wise Care 365\\fileshredder.ico" | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\.note\shell\open\command | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-6HA0B.tmp\WiseCare365_6.7.2.646.tmp | N/A |
| N/A | N/A | C:\Program Files (x86)\Wise\Wise Care 365\WiseTray.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Wise\Wise Care 365\WiseTray.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
Suspicious use of SendNotifyMessage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Wise\Wise Care 365\WiseTray.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Wise\Wise Care 365\WiseTray.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\WiseCare365_6.7.2.646.exe
"C:\Users\Admin\AppData\Local\Temp\WiseCare365_6.7.2.646.exe"
C:\Users\Admin\AppData\Local\Temp\is-6HA0B.tmp\WiseCare365_6.7.2.646.tmp
"C:\Users\Admin\AppData\Local\Temp\is-6HA0B.tmp\WiseCare365_6.7.2.646.tmp" /SL5="$401E6,18617679,249856,C:\Users\Admin\AppData\Local\Temp\WiseCare365_6.7.2.646.exe"
C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe
"C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe"
C:\Program Files (x86)\Wise\Wise Care 365\BootTime.exe
"C:\Program Files (x86)\Wise\Wise Care 365\BootTime.exe"
C:\Program Files (x86)\Wise\Wise Care 365\WiseTray.exe
"C:\Program Files (x86)\Wise\Wise Care 365\WiseTray.exe"
C:\Windows\SYSTEM32\takeown.exe
takeown.exe /F "C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\*" /R /A /D Y
C:\Windows\SYSTEM32\icacls.exe
icacls.exe "C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\*.*" /T /grant administrators:F
C:\Windows\SYSTEM32\takeown.exe
takeown.exe /F "C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\*" /R /A /D Y
C:\Windows\SYSTEM32\icacls.exe
icacls.exe "C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\*.*" /T /grant administrators:F
C:\Windows\SYSTEM32\takeown.exe
takeown.exe /F "C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\*" /R /A /D Y
C:\Windows\SYSTEM32\icacls.exe
icacls.exe "C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\*.*" /T /grant administrators:F
C:\Windows\SYSTEM32\takeown.exe
takeown.exe /F "C:\Windows\ServiceProfiles\NetworkService\Appdata\Local\Microsoft\Windows\DeliveryOptimization\Cache\*" /R /A /D Y
C:\Windows\SYSTEM32\icacls.exe
icacls.exe "C:\Windows\ServiceProfiles\NetworkService\Appdata\Local\Microsoft\Windows\DeliveryOptimization\Cache\*.*" /T /grant administrators:F
C:\Windows\SYSTEM32\takeown.exe
takeown.exe /F "C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\*" /R /A /D Y
C:\Windows\SYSTEM32\icacls.exe
icacls.exe "C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\*.*" /T /grant administrators:F
C:\Windows\SYSTEM32\takeown.exe
takeown.exe /F "C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\*" /R /A /D Y
C:\Windows\SYSTEM32\icacls.exe
icacls.exe "C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\*.*" /T /grant administrators:F
C:\Windows\SYSTEM32\takeown.exe
takeown.exe /F "C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\*" /R /A /D Y
C:\Windows\SYSTEM32\icacls.exe
icacls.exe "C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\*.*" /T /grant administrators:F
C:\Windows\SYSTEM32\takeown.exe
takeown.exe /F "C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\*" /R /A /D Y
C:\Windows\SYSTEM32\icacls.exe
icacls.exe "C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\*.*" /T /grant administrators:F
C:\Windows\SYSTEM32\takeown.exe
takeown.exe /F "C:\Windows\ServiceProfiles\NetworkService\Appdata\Local\Microsoft\Windows\DeliveryOptimization\Cache\*" /R /A /D Y
C:\Windows\SYSTEM32\icacls.exe
icacls.exe "C:\Windows\ServiceProfiles\NetworkService\Appdata\Local\Microsoft\Windows\DeliveryOptimization\Cache\*.*" /T /grant administrators:F
C:\Windows\SYSTEM32\takeown.exe
takeown.exe /F "C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\*" /R /A /D Y
C:\Windows\SYSTEM32\icacls.exe
icacls.exe "C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\*.*" /T /grant administrators:F
C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 28.118.140.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.wisecleaner.net | udp |
| US | 8.8.8.8:53 | info.wisecleaner.com | udp |
| US | 8.8.8.8:53 | www.wisecleaner.com | udp |
| US | 104.26.2.143:80 | www.wisecleaner.com | tcp |
| US | 104.26.2.143:443 | www.wisecleaner.com | tcp |
| US | 104.26.3.143:443 | www.wisecleaner.com | tcp |
| US | 104.26.3.143:443 | www.wisecleaner.com | tcp |
| US | 23.224.25.138:80 | www.wisecleaner.net | tcp |
| US | 23.224.25.138:80 | www.wisecleaner.net | tcp |
| US | 8.8.8.8:53 | 143.2.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 143.3.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 138.25.224.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 58.99.105.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.94.73.104.in-addr.arpa | udp |
Files
memory/4372-0-0x0000000000400000-0x0000000000447000-memory.dmp
memory/4372-2-0x0000000000401000-0x0000000000410000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\is-6HA0B.tmp\WiseCare365_6.7.2.646.tmp
| MD5 | 6d32e755caeb53a104a113957898bd1e |
| SHA1 | 98dce00fa766152ef53cc10b73757cccafc40ded |
| SHA256 | b0faa80eabd1ff7fad06fe66370aba24aa724b2f6e338f6957c2edf426326b7a |
| SHA512 | fd845d031144e0dd7573f25d12580f1e54c831cbede3379cf6a0122589d6e3f8415e97e070e40353713e87f3c312d25e929f1901d03e1f8d166b98af35227ac7 |
memory/3364-7-0x0000000000400000-0x000000000054A000-memory.dmp
C:\Program Files (x86)\Wise\Wise Care 365\WiseDefrag.dll
| MD5 | f8e1ed1b455716402a50aa9da2c105b1 |
| SHA1 | fa8e08ef16af64255259a6d4d8ae61b82396e178 |
| SHA256 | 138d2f3cff88404660701e5936f0c3fa389622d1987a63514bff22524c975e2b |
| SHA512 | ca46b3fb918614ab4f1aec2bcd6fa0eb7f69d1e2e4d6192700443c22c8044b532fb5aff8e910f2811f1ff3d45b871e5a4a042d6d4973409a063745da4f9285e4 |
C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe
| MD5 | aea1568f17a578b04327a6ca3200f3a4 |
| SHA1 | 4a3c91f2b135b5b93c4318ee22742bb09085f5bd |
| SHA256 | 89baf0f6fd8b2201e9114d9277aafe150c070db1d701965d13804ff09c38596e |
| SHA512 | 0f663cdd8da2df3cc5c22e0f247022b291c651a6249829ad8d9d2c7a1d172741a02d4549d92edf2883ce9416ace561f13167f99f04dea0e2cb33f3370118ce40 |
memory/4372-293-0x0000000000400000-0x0000000000447000-memory.dmp
C:\Program Files (x86)\Wise\Wise Care 365\WJSLib.dll
| MD5 | 47a72ff4aa7df3bb5b29ada4b6a5eaed |
| SHA1 | 134f00b03c38f9ac2e2549b39b31f62a1c871b9d |
| SHA256 | 18b7f367d8ec6bdaa6618744051e5ff25ba317d2731c2706dc7b5dfde296e37f |
| SHA512 | 6a5036a9205d6ec1b493cdacad78fbd86e4b7f1319776ea64867c1208daf2c0f103b20c1f0fdc511ab7b999393aa87b66ace8d529e95a95a5958117fc2d18054 |
C:\Program Files (x86)\Wise\Wise Care 365\sqlite3.dll
| MD5 | 6c4cdeeb711d06134b8dff91bc6539f1 |
| SHA1 | e240c89f75213a81db75d410555da4610cc7e386 |
| SHA256 | 1bce42e18b135c8c69759d137355813728c560fcad02fd6ccc3a60fa42e744fc |
| SHA512 | 162132bdcd1531b11011ea15ddc73cb8516b34a6d5fb9f178a8ca670327e87a64bdf94a1d54d180cdc8e4e7627211275b5a49c528660c997b10b2bfb950c1aac |
memory/3364-311-0x0000000000400000-0x000000000054A000-memory.dmp
memory/4372-312-0x0000000000400000-0x0000000000447000-memory.dmp
C:\Program Files (x86)\Wise\Wise Care 365\Languages\Abkhazian.ini
| MD5 | 96016297354c26e4c37bc8cb353d43e0 |
| SHA1 | 37f84ab3cfdcf0c8e52b1b5c215cfbc55412d007 |
| SHA256 | 96269630bb90765c4b7f350a0195f389849eff8159f6b990ad71e2b11e9c3fac |
| SHA512 | ff391cb285e01fdc4e9adc1dde6a643304bca06326c48c0b6f2eeb817a1be8a5012707fbbc4b3d54fad3250c6b46a6bea75406547c5ecda13ab3b72376ffe2fd |
C:\Program Files (x86)\Wise\Wise Care 365\Languages\Chinese(Simplified).ini
| MD5 | ca174b54c9933f13845c4111f8814554 |
| SHA1 | 9f962bfbf17dd270e346a39ba9ab883b557dc2ed |
| SHA256 | 6e8326514857b7ee04ff41d3848f604bac12ffc7471fc115f21a09d039735a4e |
| SHA512 | 4b9520f4281501947e2b881bdcbdc1baf1d9739595273529c410b083e25044f369fe35ba14098d78a4fb6754a639e7ec1a462a64b3d9a628ad7da745dad7285a |
C:\Program Files (x86)\Wise\Wise Care 365\Languages\Vietnamese.ini
| MD5 | 9909cb62969f4c239a80275d2004401e |
| SHA1 | 6bfe7a104032dc4f634b1fe62df3083e7a29998a |
| SHA256 | 439d463293a0538499e262234d8138ea14543aa6c0436c9e4735f67c1fe37a41 |
| SHA512 | da514e212a709b005d1ae2f4be431a7e5b329d78373e2eea02f0c2fc2691ba771d58e2a05fb0628fc359e5ea39fc05d1f6673910889c883cd45c2f6145e43fe9 |
C:\Program Files (x86)\Wise\Wise Care 365\Languages\Catalan.ini
| MD5 | 6b5456078e9c427e5bdf4d134bef4064 |
| SHA1 | 2d11ecec4cfc9462018222bdbbaedede10267567 |
| SHA256 | 1f4bdce8d7d124caae785f35fe9d9f8941e7d0bf8d4100ab1fca0139a8b38b1b |
| SHA512 | 6b1da28a13314909e7b21b580c6724b0526d9d13029409df8e5c52c9bf65912ef9bad6d78aee96ef3d054858cc1a8940ad6848a324a9bf32acf55882f1647af5 |
C:\Program Files (x86)\Wise\Wise Care 365\Languages\Ukrainian.ini
| MD5 | f540fdb67042a5697f6972c487a24d17 |
| SHA1 | add7f944e0a1d863218f1c7329f03c2bdd97deba |
| SHA256 | d910929e0336c6c3fa2af83f304e25ca8f0b8a459546318e45f0dae4d5ee14d0 |
| SHA512 | 8d0825bef80ba3c8fb7e2ea82b15a9bc81b81a690071230c2c00ea8e5a5651def5c5c3f0b244cfd43dcfb8fa3d43e736167ced39c274c392a0ca53cc65a2cf83 |
C:\Program Files (x86)\Wise\Wise Care 365\Languages\Turkish.ini
| MD5 | 6d637a166009ba4277ab756125378399 |
| SHA1 | bb09f3b2f4887ec8838f90a9c158211c7399625f |
| SHA256 | 027547c123adae7887c3560433195ba795b27bb118532e8fc0316ea8a6123050 |
| SHA512 | e93867c4ceaea4cdec5b843f7add98495cf823794044cf0cca6a263b31e010cb590ae4fe8fc8bd4247643178234e433abbd7d125c17dfa11efe8e9e992a3e804 |
C:\Program Files (x86)\Wise\Wise Care 365\Languages\Thai.ini
| MD5 | b59a60bd8cd1ac8c82c5abfd992755a9 |
| SHA1 | 164dfa21eb511683692ca461bd3c4e3f6e8567bf |
| SHA256 | b919ff7a0e25d812c9d4e87ebfc028cd5beccc4fc8f48ea7ef274c1f17a8472c |
| SHA512 | 0b0561c5b973fc3db1f4d85908e4aca64dbe23dc0ef02e5caf588517e84af5e708530c660ffe4305b64fe658c0dba5e9c86bd21af1a4f6968e65aded70ce71ac |
C:\Program Files (x86)\Wise\Wise Care 365\Languages\Swedish(Sweden).ini
| MD5 | 68384ccd192503db3b90a7ef754b0c86 |
| SHA1 | 45212337774a7b15e2da9962f40739810c9c7897 |
| SHA256 | 01b6897229d66816964460af1c89a11862406b81a870f793992ce7a8f23968ea |
| SHA512 | 2771091e6ebff577d3423df4f737bdd20cf86f6333d28fe954e3919139f73449d0314d79e55e9e0e2849d8cf34790bff8e56be689b7ea855b8f260b5e845a964 |
C:\Program Files (x86)\Wise\Wise Care 365\Languages\Spanish(Spain).ini
| MD5 | 12c69bc8dd88673ea49a4330dcf416d7 |
| SHA1 | 2f09da8f61a8551ce7e5f42610e782bd3645c0cf |
| SHA256 | 01ac799555a57ab90ac2b562aed8af6182f108c398d1f606f2ba0a04f2357b58 |
| SHA512 | 6485d5969ac9319d7b6aeb86bbea9abd4ab3516dd32d2d9c2b1eae3a5797c4a11340e30d0017ce0a5dd429431ec3eb42cd950bac8d6f95bb0dce6dd7f9a1961c |
C:\Program Files (x86)\Wise\Wise Care 365\Languages\Slovenian.ini
| MD5 | e3c886bf083fbd36c07b67d512c30ba3 |
| SHA1 | 5097f0430ba45b461b38112d5831455a0e0b51ee |
| SHA256 | b5dd72550e83675f21716d064c985d5c49f970d6cea7708f84f06be9f8288d58 |
| SHA512 | 3fa8d0081814e433cd14b28b780c1add5215e98b4fe236c1b7482679effd9ca7d29c329f0f170f1f32361effc99f293dd2ac2019abe1293feda5eed9e5197555 |
C:\Program Files (x86)\Wise\Wise Care 365\Languages\Slovak.ini
| MD5 | d522b5844611d8193ef248f6224611a4 |
| SHA1 | f6c3b22450cd27e90549e8260e1bf08bb6f91fe1 |
| SHA256 | 14beeb5e32dbcea8842a3a818f4c8157180c6fd96baee8cba20e33ed8f5ec51c |
| SHA512 | dccb6bd3c34c557962c74702c3a06be808b04bd81ab76ebd682dcbc85c1a00709774a56052814ae710044193609cdecf63be771d2a84846ca0ed11e2a59387f6 |
C:\Program Files (x86)\Wise\Wise Care 365\Languages\Serbian(Cyrillic).ini
| MD5 | 93b189a428afd5673180630e28e414f0 |
| SHA1 | 4ddd7e00d480ffa70bf15c4026c72e340cd15418 |
| SHA256 | 3381ae9ea468495d9dda9082a220c9b7183e366616311d6bb0e66ac54f48f777 |
| SHA512 | f077bc96f0092e424b3bbfe62d4fb36a14f2508e04f20d9bbef2a163fa673cf204f574df08b3ebbc4343556bfc0430b6d0d4b82817c377c2ce7b4e6ad17bd2c2 |
C:\Program Files (x86)\Wise\Wise Care 365\Languages\Russian.ini
| MD5 | 4d1dac632b021c60096e9861c150287e |
| SHA1 | d56a98798c11350b90bbc96e73a244031dd8d8fa |
| SHA256 | 14c5b587122c9ef2a21e8c6b002dc1f12395daa8b91af13085dabd1373df1323 |
| SHA512 | f36673c6f57427900c68ef37d36b3d446ffc1738e3da2b2a47611a68cbc1a5f2e1e0b8d449c767433d2ec632ddde3e710d92e90c7e7ec27f66fdd5f65aadd987 |
C:\Program Files (x86)\Wise\Wise Care 365\Languages\Romanian.ini
| MD5 | 00ceec40d9631c3bc5297d2be4a5f184 |
| SHA1 | 70dbf3280c7920245837de6c9acb6ee4e5547945 |
| SHA256 | 2f0bf590db93a179a09ced1d1906bce64ee4bfe2e3a1774180da7d12a412e2db |
| SHA512 | 9b9f7be81cd9dcbdaafbb11e823e2d026aa00d463dc58a312cdc2e3b3a585369dc5f1245c2912bc054e4b3a9c23d9e5cda22df130429218f2454905ed9f1847f |
C:\Program Files (x86)\Wise\Wise Care 365\Languages\Portuguese(Portugal).ini
| MD5 | 84eee762f1f5c5a43c7edd13ee6b0712 |
| SHA1 | 6a837e2a0a50fe949dcc4eb700daea2e46dec74b |
| SHA256 | e9e9bd58cc343d15c840f2ae50d86a7e3ca6c2c69f07755ffa5c3f3e51efe39a |
| SHA512 | 6d9e02e6acd463298bd107ce3dd511e590cd6b7cc482bc03aa05bc1f154e262623052edeee880b0fe5c3b4b8cdeaadb20dbeaa052aa25d2a95cb3a60b67b7c81 |
C:\Program Files (x86)\Wise\Wise Care 365\Languages\Portuguese(Brazil).ini
| MD5 | 10403abf5f76d57cbc42b7cda162ccf3 |
| SHA1 | 3e649f426ab22767e69f595343edfb3711643325 |
| SHA256 | ac58818fe66b6f40bc2267419c6a0ae17d773c69462ef5ae926cb6bc350bf59f |
| SHA512 | c50a30aa7cc203eb18d04923ed9ad4dbf342e4c42cdfb58d4152ff6d3013c20faba95203248d08ae5153885cfba55b8ca3f6548460daee4d35ce4e088d0c5b68 |
C:\Program Files (x86)\Wise\Wise Care 365\Languages\Polish.ini
| MD5 | c152777ba323c1778d8ee52b964b437a |
| SHA1 | f1ee3b54a35767526fe53fe7ff95fe65b0011336 |
| SHA256 | 0eb1b9c20677c401847e4864015e7e5689815022ad7d97fe83d52feafcffe113 |
| SHA512 | fd7509913c007150b5a4546c16c473fc1d9e6237e9d593bc8cf332cb4334f6c809d18659d7ac201975f5d26e4da386bbb241205eecbad7393daf7261f2890c56 |
C:\Program Files (x86)\Wise\Wise Care 365\Languages\Persian.ini
| MD5 | 9bc326e267cd4fe166fe07ffd29ee4da |
| SHA1 | e1747c4264a0ee73718575525aed075a5f890762 |
| SHA256 | f2e08fdcffe13c1fb46e2ba510e56a504b8226e24476909afbfe3414a73b7adb |
| SHA512 | f1ba6c5c2855ad36e0828583cd06e4ad51e98ee4fe1ba4fd0d05e1a6a7cb3974cc613c415dc8d517162eb78280b3cb277c42a99bdf11ac36e63ed5e6c1b4db37 |
C:\Program Files (x86)\Wise\Wise Care 365\Languages\Norwegian(Nynorsk).ini
| MD5 | dc82d14f05b1bc2db6b88b405583ea66 |
| SHA1 | ad5bf79024c14f0f2df5f782a68fcb62e2c34fa9 |
| SHA256 | 2dc8f11a8f5744aee78c40f7faee8ba0057f4f2b807690a1c8d47ce7dc9a5632 |
| SHA512 | fb9a932198e19470c764be7d7cefb3762a1445024c11a79b3ce95a6c8469762d42122fc3ad3cc265a3b6f3b80130a8956a1064519b8e15f7c438df17c51b8b20 |
C:\Program Files (x86)\Wise\Wise Care 365\Languages\Norwegian(Bokmal).ini
| MD5 | f684e0491103575d2d18acffcf58044e |
| SHA1 | 4e94b717ed5f068258daf7193fc93cd0747d91c0 |
| SHA256 | 045318c2477572f8353d5ef1ff6a69327a940af4d85902cc2c8483c0f0d0605f |
| SHA512 | 9b8ceec4159d40e8065742c595aa1d336db416e1e690ee6274b4d5c1cb4b636088f246c718ea96a79a6d630775a564564757bb388fda2169b95c44eefd1ca203 |
C:\Program Files (x86)\Wise\Wise Care 365\Languages\Nepali.ini
| MD5 | f1fddda8f5f8f6fc59692dcd9797a838 |
| SHA1 | 4861919b97e500900512b99cdda3204b0607d3a6 |
| SHA256 | 1dcbd5bc18720f3dc4175256ab26bc537402b9e84fedec60581b85c7fe946d81 |
| SHA512 | 505532bea964485bb23eb2fc93f5355c13cab3e76ea9198e6692a16f1c3db4242a892abbe53961bee9ba0a81b1bba58ed2a5d5d6009de28d8fe4573ee145d290 |
C:\Program Files (x86)\Wise\Wise Care 365\Languages\Lithuanian.ini
| MD5 | d4deacaaace10e243f3c689b2c75190e |
| SHA1 | 65a8e8d0a81f8916cb269f801ed2966c3be709ee |
| SHA256 | 29463e1fe8e16310db1f35bf8aaad23c11c27c92d8b30ab6aba335e792c7efbd |
| SHA512 | aa018a4a8f4d58ee8ffdbb6fb0570e3ff1d7391ac85af6d4f1427f6c50401d6a8f924a8ca2f0e38585b5cfff65899fa821164120ec005edbfb6cac2cd458081c |
C:\Program Files (x86)\Wise\Wise Care 365\Languages\Kurdish.ini
| MD5 | 318ce206932c7a37516bf78d00b5bc22 |
| SHA1 | 8c352f223950a492013ba40f5992b1dd6702d729 |
| SHA256 | 38e180f9431281f28780727497b7904fdfc1063defebd0c0bdaded337477fd84 |
| SHA512 | aefa5ee88d44e6524bcd9c1e2ee2fbb516ade33fef856fb6f1ac6c150d1f960d87bf55848fa5a47ee593e0a5c80003e9a86d3724a38c8e252e1a0294208184bf |
C:\Program Files (x86)\Wise\Wise Care 365\Languages\Korean.ini
| MD5 | 5dcd5f4ab5b4f59a35edabe9f3e7ac76 |
| SHA1 | c23d909c561867653ed7fc2bb2b6807b360547ec |
| SHA256 | 4ea4cb02abb676a2b07b7f225823ed14bd82c40e4edbfa7e8cfbfabedacc9e95 |
| SHA512 | e2d0553d7980703bfba54a72bc5691dd2503adaebe8a86727569694c25e98933cf6ff29e93611035241ae5412179e322d34ad24ed099aacaade1d0b479a437fb |
C:\Program Files (x86)\Wise\Wise Care 365\Languages\Japanese.ini
| MD5 | cf86e45a33896d9772a500be49995f54 |
| SHA1 | e557e101bbaf05e20a6d48c2eb23d1e1accc2442 |
| SHA256 | 0893af7ba38c94d03ac2674125354d5e8e9fc0e63cb5adc5d73dcee41dd0e22f |
| SHA512 | e5f8562cafbfd81e36da1c21a40e552433a7ba6f9fc47bc501c9115188a552cae6c04f95404aa8927c18631f6cd66a564ec5d21d54d1644e02b06d97929bcfeb |
C:\Program Files (x86)\Wise\Wise Care 365\Languages\Italian.ini
| MD5 | 5bd5118c83649f22a2a3171186dae333 |
| SHA1 | ac2cd2512765a3004d04a9c696eb8b21e2cd7b31 |
| SHA256 | f46773479f38bf8121a9ff360419da7108594d80a2a80b047ec49e7a6b834009 |
| SHA512 | 9ab6e11ed83807775e5e545a5abfa45a40cf3f8d597a4c51717abc131072cf219c5e3fdc7beb91c93b57ebbe4423e920e63f15d4707592830300071ac93eee7a |
C:\Program Files (x86)\Wise\Wise Care 365\Languages\Indonesian.ini
| MD5 | b4c12bbe4de6c3883bbb980236e0b011 |
| SHA1 | a1af06beccb560093d0367d105b73f6e107edff3 |
| SHA256 | 81e06a5f1e7364e5de7c587701cb5a5da7052149e5575e20889f0a58400334d4 |
| SHA512 | ea8b5dfb84e7830e026b182cd95570865a4a0ef90dfe2f0f6a93d205155c3766cebd36c8077aa31ae5c1d542d9a3a8fcdb4e8536890c070d7e243958e65044c4 |
C:\Program Files (x86)\Wise\Wise Care 365\Languages\Hungarian.ini
| MD5 | e17d24f672a27425b05ef4e2124e8aa6 |
| SHA1 | 0764c1e3e4a9703dba335cfe8b8e4f8191012134 |
| SHA256 | da032cb20c4a5cc984ed3777e52f3d289e85a7e43d67c8b9707202feaf784f05 |
| SHA512 | 5d60c9221be1752bbd848de32b1558fe0c87dd6dbe2c701b107bb1cea3b3d1324a13c117c8a9acb8cb871bfbc058aca00f7fffe93312a7dbf99e3f83507e8c50 |
C:\Program Files (x86)\Wise\Wise Care 365\Languages\Hebrew.ini
| MD5 | 056a7e88d49779de4809f26f8867ec9d |
| SHA1 | 6e1bd6349599b21d0a16e9b8db6d2abb37af8539 |
| SHA256 | 4087f0aadf7f189f04572b7702a629188806e54d3f244f917e7ad21fe4cd5d7e |
| SHA512 | a1503ba91f94b2df3b5d7993e8fb47ab73be37fb4ee7dad9580e2a9afa0ef4d76c2309b9c5a7429f72fb2ab08edd5af54b331a4e6ccdf0c07d57a25ee70e5a54 |
C:\Program Files (x86)\Wise\Wise Care 365\Languages\Greek.ini
| MD5 | ddf806595b80fb23a81b1be514d273b2 |
| SHA1 | 6fb3e50569e889cc37d9382bdf4d9a814faf14f6 |
| SHA256 | 75aa252adf64f17203d7b7f8bc6ff10d22fccad186cf10c191fd50d711f0a5d5 |
| SHA512 | dcda4c3d2b06bf7e2676531459f9011d2b13689a8fbb566a2dc93f11b8ea8021ec57c24c239b0f6a685ccffd5c444abbfa86864329d382fabd9a3a7f3890c064 |
C:\Program Files (x86)\Wise\Wise Care 365\Languages\German.ini
| MD5 | 010818027866cfab96764812b869c93f |
| SHA1 | 30c38f55e28ad41a59c42f9dc4f030b69ebabc73 |
| SHA256 | 1fb0cd6cc4561ec6bd3b55be3dfb16696eacdc6a941dcde037171647af71cbf5 |
| SHA512 | fd42367f3777ced8e02d3ffc63b00c5ba42555b1f17102f6b2c1236800db48435f5558e37c01c35877bbad2ece6ffb5905f170a4644ff57cd86a831c14569928 |
C:\Program Files (x86)\Wise\Wise Care 365\Languages\Georgian.ini
| MD5 | aead043775de8d9264bd0c9d0f760a49 |
| SHA1 | 633bdad33d805e447059a713b1fc27589b5513c9 |
| SHA256 | 864e149b47991bb9844d058fb036a4f9fd874a69ca2752816c75f5970e36b3b9 |
| SHA512 | 3b1a3dfc9ba485f69779637954af5613b51145acf529c10e376965c2285c023b694c0b18c237d017aed38fc508d8b53523e1bb2889dc0b7f53d4f6ee6bba7e77 |
C:\Program Files (x86)\Wise\Wise Care 365\Languages\French.ini
| MD5 | bb257cb07c24272b69f2eb73fc5765b8 |
| SHA1 | 8a30bfbfbdd796c5f83e9ed047c72b6eaedfc0ca |
| SHA256 | 94d9dc830526955d037dc578d8401bd4617e1ea3a4ed1ff03df7ae442741386a |
| SHA512 | 5817c19a87a4382bdcb955f79b76d18d5c86a1eb5f1ea140110d72f27b2d3731587871c15d87832cb76ed423f0b740beb1b86fd834f7c15f7e9b5def96fe0175 |
C:\Program Files (x86)\Wise\Wise Care 365\Languages\Finnish.ini
| MD5 | 5f894bb9de5369e2d9bd328156c6c74a |
| SHA1 | b28d3ca4056821869568feda4c7ff4d088502631 |
| SHA256 | 9fc6235ce5102528286046a4ee3dad7ec3bbc52bad376c1f2242262c93f198d6 |
| SHA512 | 1ca15130fa01ddec49ed97f60895c4b8853c41fca15deeba576a72d9bd9e603666d435d928f256e74650df2cc3ede65535ac4fd61cbbf7c685345fef7328d6b8 |
C:\Program Files (x86)\Wise\Wise Care 365\Languages\English.ini
| MD5 | 8c6cd1f827b2fb33a5735f168e058923 |
| SHA1 | 978cc495846484174292416e6a536f29f10a71de |
| SHA256 | 5a4b82ce7dc97f30f08d75c1782f7d3e28301c8e39f7fbb55cdaf89d73129566 |
| SHA512 | 3492ff124825f27091a3bae5243c0da49516fd9005ec40b0d38388677a8bb7cf44c2b79df8756e2be9420b5c29f0b260dc9a149b0ecce2f1e4def867677923da |
C:\Program Files (x86)\Wise\Wise Care 365\Languages\Dutch(Nederlands).ini
| MD5 | 846b5698b0a34e399d7d41f9e5cd11e5 |
| SHA1 | 998269d8d0d5da58611b193e803f603dc4f702e0 |
| SHA256 | df0fc37735b0aad791496f9047d7840e2680507e7f744462b3bb04d9740b02e3 |
| SHA512 | dfe102e5764bbdd7179eed364cee8a611470475a97a48ee4af65254a3b4cf1f7fafa6ff8698cc0089e5756ec480b757c0b272792300f658b10468fa79f02ee82 |
C:\Program Files (x86)\Wise\Wise Care 365\Languages\Dutch(Belgium).ini
| MD5 | 91aa6f0e76b13cddec7b7e9f30f009cb |
| SHA1 | df2d8925b2e707cbc605fb5a48663758d0038bfa |
| SHA256 | 34d910c75ffe79a352dce6ed0140dcf395a8f052dbb433a42838b7850c9e8513 |
| SHA512 | dce3324b1541350114db7583e168041e167a46b6134fd0e7d55aec24bdfc2011a0e1f03eb45b0751b8c87047f4448f811a64ceced398eadcbbd7b2268af6da3c |
C:\Program Files (x86)\Wise\Wise Care 365\Languages\Danish.ini
| MD5 | 987278e1926115fb34817fd94857a4cc |
| SHA1 | d32caea78d9b14e5dd6e1c9b932e8e68e8a1ac6b |
| SHA256 | 58b2a68f2e382eb5a7d36427dbf0cb43bde5cf63745210118d8d7019ce9d6975 |
| SHA512 | 797cb2c2d478f43d8cde97a9bee87e426f7d9ecc33155e3722a4da3e57cd4bf93a871478343f56725fe09c9e04af1f1be5611a132ff03adb49e48be7bead3a1f |
C:\Program Files (x86)\Wise\Wise Care 365\Languages\Czech.ini
| MD5 | fcaef23e20da0067a90796853f511e40 |
| SHA1 | d8bdf749e6a136801a8c1f89df26f1d9a700ac83 |
| SHA256 | 6fd2a57d180f80f1396772d30a74252ed716deb4e960a1ce03e56fcc8234989a |
| SHA512 | 6240dc01fd7f0584dd544f3bd6732fce6f5da700628dd519a376dbfd646a8f12433df84811ee78c1c4d67185e2cb8b0ce983cab8858a0ba5e5e612ea160bf507 |
C:\Program Files (x86)\Wise\Wise Care 365\Languages\Croatian.ini
| MD5 | 4cbad66305ad232f96b5725350ff4d55 |
| SHA1 | 42f3a680ae26c003d53e99fa591ec3a5a87ae20d |
| SHA256 | f099655cdab65a2bd39ce2efb296c05e484b53ca9146dbdd99d0a7db4593f8d8 |
| SHA512 | 04c6e9ef19d2dcb4cf87facfa99c914625b23f021aff07c6686e378ab8e9bc4ebabdf99de9c66d608ff283ee42688b04bcea4d693c5fcf18b67339661803b7cb |
C:\Program Files (x86)\Wise\Wise Care 365\Languages\Chinese(Traditional).ini
| MD5 | c97bb0747d1736efbe825d70b856912a |
| SHA1 | a98ad2b85f79b0c192d2751fdcdc1f5f5b552430 |
| SHA256 | b9fe20321407de13953150e79bbf20a1f94f5f62184bdb9f09ecf66c11a8c8c2 |
| SHA512 | ca5f310a0d987b012d62b875ae1c3357a1114b46fa223996bfe9451bc7f6b60208b4244ab7730319af1862be1928ba715e63879777bb477c3dd01c23eb1bbdae |
C:\Program Files (x86)\Wise\Wise Care 365\Languages\Bulgarian.ini
| MD5 | e4dc1b86b3661fea7258d100b8ade7ce |
| SHA1 | e14c695c7898b9dfc3af1d8652f1b2b9ecbe7745 |
| SHA256 | 46e76156b175d81666eb7f2e62c018dc11c9992fc3e956aeef3bea2f11cabdae |
| SHA512 | 5d51a47e8f3ba0f8369798ff217477d495cf4334a796128c9ac8bf068181fadfd550d2d34340d40488ddc53b1b4ee8336a6819905f51c17f22799d0a52c37e00 |
C:\Program Files (x86)\Wise\Wise Care 365\Languages\Belarusian.ini
| MD5 | 2bb8c96c5947bf56961a77301bf8abd7 |
| SHA1 | b279b072a9f90d7ddcaa9b9d100be0df8406d703 |
| SHA256 | f6b767f35b3bb389950a993737fdcae26e722373f0f8c20d0300b8cd267a324f |
| SHA512 | 26c488f53dda7d03da8bd6ddb085c5a0247ab0879d139a467e568cfe3093e7aaaf9e3953028aa067c45b13022625b8f36888428b9b151c17cde3d72559ade355 |
C:\Program Files (x86)\Wise\Wise Care 365\Languages\Azerbaijani(Latin).ini
| MD5 | feacb1fc644f947e69b9286db1f486c3 |
| SHA1 | bf5c00be0753b5b94c9c5d93000f5d2d1c1cacd6 |
| SHA256 | 5982ae68cde547dbde027b9fae189758877709bc42a5f266f580dfe0bbc4c236 |
| SHA512 | fdb9cc4a64a018ece27e0c7ae894b42ae1b1fe7c1694ee253eb0520b8c65a5b28fce202278d07899df32b5b2c5298c354051d19a1f8c4e562cab93f52fe94a8a |
C:\Program Files (x86)\Wise\Wise Care 365\Languages\Arabic.ini
| MD5 | d5dfe4f85a192bf151551ab58141831a |
| SHA1 | 1de8e24f0e8b7cbc95bc8812272fa298b3067ffd |
| SHA256 | 3afe3f78ec6379fcf58067bcfaffcb46687e49bfd35139356523025339179f61 |
| SHA512 | f7fd1bcca40aabc27895f2ae165f8cd5a4e9be8f0ddf012de663aad5059f2b05e19b11dc24562594276ee25f0a7ac739382094d4a516beae2ae11c66e56f8f93 |
C:\Program Files (x86)\Wise\Wise Care 365\Tools\img\DateRecovery.svg
| MD5 | d96c9920a33db25880c12cafa8dd83ca |
| SHA1 | 05c22e14a9f9024e6b89723fdb92a180f3355b2e |
| SHA256 | e302398c76130026f3fa76131672b9479d88f2a119075d2c723a928ea4bd90c0 |
| SHA512 | d8dccdda1c20a11864374678530a77d2efbf3e96bfb1ab13bd53c8946b0b2a52344727d07aafe566f9db080524d9fef940cd3ca98c1a38ec336bfc5a37d3b003 |
C:\Program Files (x86)\Wise\Wise Care 365\Tools\img\Imagex.svg
| MD5 | 985f50e6d67b62606ef43d97e17f0a55 |
| SHA1 | 84732d132cae14c7fe05e178a93a5306049a86c3 |
| SHA256 | effaa815cbf591bc3914d0212d93a948d8424d4a9f5ca2f3cd751b9ae0e9c24d |
| SHA512 | 1ae737a38a86d05da64b3bd9f561d1484dfca2d35fbd4353ed333d2fb4b8b56928817e0127577dd6449d35124680a67b2b3cfdaf56d899a6f329dca67be947cf |
C:\Program Files (x86)\Wise\Wise Care 365\tools\toolsv6.ini
| MD5 | bfb30cc36790491cdab86bacd19f88cd |
| SHA1 | 7557fa345eb96b0eefd78f0473ba9ed44f66a717 |
| SHA256 | d779a7f700f3ac6128bb023a520371e9de751578e9fd9445669713c310488ae3 |
| SHA512 | 77421ff796f98d052efd7b0b7dd1e3c8dbbc0b07410ec1fd54970a9fb42d272299426f3cb032834af8bb7795ec4ea0bcd212e3b467040bf88535be5eca2f1f26 |
C:\Program Files (x86)\Wise\Wise Care 365\Tools\img\ForceDeleter.svg
| MD5 | 61db297b0f6565b4a555824ea5be93bf |
| SHA1 | e17bbd1db8b1cedc611250ddd6b31496e17a0ad2 |
| SHA256 | 4750e9b9b8962a4035e6e492a0c6dcfd7bf5a0cf717cd1a720318e44130a63cb |
| SHA512 | 798c7ca4ea4a9b23235f1f4772649fe2f71a9551eece67550b6bd559fdc8c73f2ca51c18453730cbd0ed46cc877926cab72fa17ee1e8332f40e9cf0f541367f0 |
C:\Program Files (x86)\Wise\Wise Care 365\Tools\img\Reminder.svg
| MD5 | d4ad51dc2849dcb314f3ca8ac7757143 |
| SHA1 | e9dd1ef3d6a0573aaf8b9c453bc32c0ee71bf5a9 |
| SHA256 | 8890a391d09d4c1b73913a65e6db9e40f7c06f1ca8c2f1cf0aa94f19731d9783 |
| SHA512 | 12ddd5389c2a371826eb50d6099c6649c3260e82d24b85393086c92c2049c5deaf45182d7c4113468836fc6e1c76b500af8b0defdfaf6c4412120a2620083faa |
C:\Program Files (x86)\Wise\Wise Care 365\Tools\img\FastSearch.svg
| MD5 | 7d5d197f5cb0611cc75dda197ae8eba0 |
| SHA1 | a5b2a943cdd3bf9ae423b6adce10e0a238169a14 |
| SHA256 | f8e59d250e4af0261e549a79d5282f838fb816ad2dcc219ef309177958106e09 |
| SHA512 | 7b8f29d4157fdd439681649061a6722a0c16f865f0f53d22a401ee712f240a5d48b528ac29a005bb8d2de6d3f8191b693bcf2db86ccc041b69bbe2debb0ca7ae |
C:\Program Files (x86)\Wise\Wise Care 365\Tools\img\MemoryOptimizer.svg
| MD5 | 8fa2ac19f7b58047168d471dd809208a |
| SHA1 | 525c94b68003b81b27bd691a629063dcca35012b |
| SHA256 | 2368ee864828d106fc092d1250360a1f784d28f1be38805d9071690651035607 |
| SHA512 | cb4adfe349512486273cf7721a7981f57a6439de118aea49d96c07a7000b2fd34d43b6ce7d76ead5a0a39526a9cc74c50cdd3bc5ccc9305b3bce88a7334406ba |
C:\Program Files (x86)\Wise\Wise Care 365\Tools\img\AutoShutdown.svg
| MD5 | 2b3100bbbccf5dd9fbd6e51848765db8 |
| SHA1 | 77655ec4f57c7f960849242ee3ca47f4792b156a |
| SHA256 | 6cc9ae74eebf468be9689ec0b3c0d68384b4cab3242ffcc0892fd4aa3a55578a |
| SHA512 | aef6bfa3320307e58159478c13696a7fe614b147679a315592a1af04be2d74fa83c464da23e246b3760a32506514b9d64e3f97cbe033818509ab3815089823af |
C:\Program Files (x86)\Wise\Wise Care 365\Tools\img\ProgramUninstaller.svg
| MD5 | 7cf723171dcbd35b029a20668106ead0 |
| SHA1 | 66dca7371442e11080badd4410c38e35fd93fe75 |
| SHA256 | a440591f2638a1c8ac09d00df87b428bf5d34b74108658bef8e70b831084f001 |
| SHA512 | 779790d605a11a820c28fdd88601ce51b9f49b02d2404046e2d90996af05557fd86f021eb3b1d562bef7f51c852f75e7a3b692714992a318050f1b1677ffa859 |
C:\Program Files (x86)\Wise\Wise Care 365\Tools\img\FolderHider.svg
| MD5 | 0f9e7177f0cb1ec8a45208be94aede13 |
| SHA1 | 453b1c0208e3cf4f5f64fc8d66320f3dee879848 |
| SHA256 | cbaffc932a05d28f6032c31d3cf5817d23e3fc5492fec0f6cb0db1458c0c0662 |
| SHA512 | ec0738341b18d0d042a07319a6790ad6604983e09ccd2972967d016f3392f744345657cc2988ce3a81682cb3aa748e5db76917e42e2a3ae1c92f1385394c4f15 |
C:\Program Files (x86)\Wise\Wise Care 365\Tools\img\DuplicateFinder.svg
| MD5 | 170a4b795cef3e2b5e6184e6fca4a698 |
| SHA1 | e84fb034745e424cd4783ee603829f4c6ac4703e |
| SHA256 | a3dbdbb4e21a9a54b256dd8c7f1f17459463de6a63754e8726fea13cd39374cd |
| SHA512 | 5f0920a0fba30daf377a8f03678f2a4e1d35dd4d583dc469bbb50a95d55dbb90923e6314855b2df1a01695fbd6704c8671a2f567a314e80e9dd94cd47165f753 |
C:\Users\Admin\AppData\Roaming\Wise Care 365\CheckupExclude.lst
| MD5 | 48b520aa27908468d82a940f5b157e0a |
| SHA1 | 1e4ff4c71885ad086f138dbb3c558d854eeef03d |
| SHA256 | 8c89156201204b23a6c36731b6c566d014c66f6631accee9b3a78b6951bb5bd1 |
| SHA512 | e2a36deced2278a9fd0fc5f2282273888238f0db0276099a3d70500826b0b3a0d609320a582c7313b561f933f6b631612af2dfca321d30bb9030806027951f86 |
memory/1912-530-0x0000000000400000-0x0000000001679000-memory.dmp
memory/4448-531-0x0000000000400000-0x00000000004A9000-memory.dmp
memory/4176-532-0x0000000000400000-0x0000000000C62000-memory.dmp
memory/1912-533-0x0000000000400000-0x0000000001679000-memory.dmp
memory/4176-535-0x0000000000400000-0x0000000000C62000-memory.dmp
memory/1912-538-0x0000000000400000-0x0000000001679000-memory.dmp
memory/4176-540-0x0000000000400000-0x0000000000C62000-memory.dmp
memory/1912-541-0x0000000000400000-0x0000000001679000-memory.dmp
memory/4176-543-0x0000000000400000-0x0000000000C62000-memory.dmp
memory/1912-544-0x0000000000400000-0x0000000001679000-memory.dmp
memory/4176-546-0x0000000000400000-0x0000000000C62000-memory.dmp
memory/1912-547-0x0000000000400000-0x0000000001679000-memory.dmp
memory/4176-549-0x0000000000400000-0x0000000000C62000-memory.dmp
memory/1912-550-0x0000000000400000-0x0000000001679000-memory.dmp
memory/4176-552-0x0000000000400000-0x0000000000C62000-memory.dmp
memory/1912-553-0x0000000000400000-0x0000000001679000-memory.dmp
memory/4176-555-0x0000000000400000-0x0000000000C62000-memory.dmp
memory/1912-556-0x0000000000400000-0x0000000001679000-memory.dmp
memory/4176-558-0x0000000000400000-0x0000000000C62000-memory.dmp
memory/1912-560-0x0000000000400000-0x0000000001679000-memory.dmp
memory/4176-562-0x0000000000400000-0x0000000000C62000-memory.dmp
memory/1912-563-0x0000000000400000-0x0000000001679000-memory.dmp
memory/4176-566-0x0000000000400000-0x0000000000C62000-memory.dmp
memory/1912-568-0x0000000000400000-0x0000000001679000-memory.dmp
memory/4176-570-0x0000000000400000-0x0000000000C62000-memory.dmp
memory/1912-571-0x0000000000400000-0x0000000001679000-memory.dmp
memory/4176-573-0x0000000000400000-0x0000000000C62000-memory.dmp
memory/1912-574-0x0000000000400000-0x0000000001679000-memory.dmp
memory/4176-576-0x0000000000400000-0x0000000000C62000-memory.dmp
memory/4176-579-0x0000000000400000-0x0000000000C62000-memory.dmp
memory/1912-581-0x0000000000400000-0x0000000001679000-memory.dmp
memory/4176-583-0x0000000000400000-0x0000000000C62000-memory.dmp
memory/4176-586-0x0000000000400000-0x0000000000C62000-memory.dmp
memory/1912-587-0x0000000000400000-0x0000000001679000-memory.dmp
memory/4176-589-0x0000000000400000-0x0000000000C62000-memory.dmp
memory/4176-593-0x0000000000400000-0x0000000000C62000-memory.dmp
memory/1912-595-0x0000000000400000-0x0000000001679000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-01 16:16
Reported
2024-06-01 16:20
Platform
win11-20240426-en
Max time kernel
107s
Max time network
253s
Command Line
"C:\Users\Admin\AppData\Local\Temp\WiseCare365_6.7.2.646.exe"
Signatures
Modifies firewall policy service
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| Key created | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\PublicProfile | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\EnableFirewall = "1" | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\EnableFirewall = "1" | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
Possible privilege escalation attempt
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SYSTEM32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\SYSTEM32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\SYSTEM32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\SYSTEM32\icacls.exe | N/A |
| N/A | N/A | C:\Windows\SYSTEM32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\SYSTEM32\icacls.exe | N/A |
| N/A | N/A | C:\Windows\SYSTEM32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\SYSTEM32\icacls.exe | N/A |
| N/A | N/A | C:\Windows\SYSTEM32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\SYSTEM32\icacls.exe | N/A |
| N/A | N/A | C:\Windows\SYSTEM32\icacls.exe | N/A |
| N/A | N/A | C:\Windows\SYSTEM32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\SYSTEM32\icacls.exe | N/A |
| N/A | N/A | C:\Windows\SYSTEM32\icacls.exe | N/A |
| N/A | N/A | C:\Windows\SYSTEM32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\SYSTEM32\icacls.exe | N/A |
| N/A | N/A | C:\Windows\SYSTEM32\icacls.exe | N/A |
| N/A | N/A | C:\Windows\SYSTEM32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\SYSTEM32\icacls.exe | N/A |
| N/A | N/A | C:\Windows\SYSTEM32\takeown.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-03UKS.tmp\WiseCare365_6.7.2.646.tmp | N/A |
| N/A | N/A | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Wise\Wise Care 365\BootTime.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Wise\Wise Care 365\WiseTray.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
Modifies file permissions
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SYSTEM32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\SYSTEM32\icacls.exe | N/A |
| N/A | N/A | C:\Windows\SYSTEM32\icacls.exe | N/A |
| N/A | N/A | C:\Windows\SYSTEM32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\SYSTEM32\icacls.exe | N/A |
| N/A | N/A | C:\Windows\SYSTEM32\icacls.exe | N/A |
| N/A | N/A | C:\Windows\SYSTEM32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\SYSTEM32\icacls.exe | N/A |
| N/A | N/A | C:\Windows\SYSTEM32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\SYSTEM32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\SYSTEM32\icacls.exe | N/A |
| N/A | N/A | C:\Windows\SYSTEM32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\SYSTEM32\icacls.exe | N/A |
| N/A | N/A | C:\Windows\SYSTEM32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\SYSTEM32\icacls.exe | N/A |
| N/A | N/A | C:\Windows\SYSTEM32\icacls.exe | N/A |
| N/A | N/A | C:\Windows\SYSTEM32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\SYSTEM32\icacls.exe | N/A |
| N/A | N/A | C:\Windows\SYSTEM32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\SYSTEM32\takeown.exe | N/A |
Reads user/profile data of web browsers
Checks for any installed AV software in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\software\avira\antivir desktop | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| Key opened | \REGISTRY\MACHINE\software\WOW6432Node\avira\antivir desktop | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000\software\avira\antivirus | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| Key opened | \REGISTRY\MACHINE\software\avast software\avast | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| Key opened | \REGISTRY\MACHINE\software\WOW6432Node\avast software\avast | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000\software\avast software\avast | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
Checks installed software on the system
Drops desktop.ini file(s)
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\Downloaded Program Files\desktop.ini | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
Enumerates connected drives
Writes to the Master Boot Record (MBR)
| Description | Indicator | Process | Target |
| File opened for modification | \??\PhysicalDrive0 | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\FB0D848F74F70BB2EAA93746D24D9749 | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| File opened for modification | C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_CBDCCBFE4F7A916411C1E69BDD97BB04 | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\CLR_v2.0\UsageLogs\addinutil.exe.log | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| File opened for modification | C:\Windows\System32\LogFiles\Scm\SCM.EVM.1 | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| File opened for modification | C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{aaa4d2af-33c4-4801-91e5-4ffbfcad15f3}\snapshot.etl | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| File opened for modification | C:\Windows\System32\SleepStudy\ScreenOn\ScreenOnPowerStudyTraceSession-2024-04-26-15-02-13.etl | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| File opened for modification | C:\Windows\System32\LogFiles\Scm\SCM.EVM.3 | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| File opened for modification | C:\Windows\System32\LogFiles\Scm\SCM.EVM.2 | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| File opened for modification | C:\Windows\System32\SleepStudy\ScreenOn\ScreenOnPowerStudyTraceSession-2024-04-26-15-00-24.etl | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| File opened for modification | C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_363582827213C09529A76F35FB615187 | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| File opened for modification | C:\Windows\System32\CatRoot2\dberr.txt | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| File opened for modification | C:\Windows\system32\FNTCACHE.DAT | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| File opened for modification | C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506 | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| File opened for modification | C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157 | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| File opened for modification | C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{64e320da-55a7-408a-9fcb-81e42e3e254e}\snapshot.etl | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| File opened for modification | C:\Windows\System32\SleepStudy\ScreenOn\ScreenOnPowerStudyTraceSession-2024-04-26-14-59-40.etl | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| File opened for modification | C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_6372E0472AFF76BB926C97818BC773B9 | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| File opened for modification | C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776 | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files (x86)\Wise\Wise Care 365\headers\is-ITATH.tmp | C:\Users\Admin\AppData\Local\Temp\is-03UKS.tmp\WiseCare365_6.7.2.646.tmp | N/A |
| File created | C:\Program Files (x86)\Wise\Wise Care 365\tools\img\is-MGE8F.tmp | C:\Users\Admin\AppData\Local\Temp\is-03UKS.tmp\WiseCare365_6.7.2.646.tmp | N/A |
| File created | C:\Program Files (x86)\Wise\Wise Care 365\tools\img\is-RH6HO.tmp | C:\Users\Admin\AppData\Local\Temp\is-03UKS.tmp\WiseCare365_6.7.2.646.tmp | N/A |
| File created | C:\Program Files (x86)\Wise\Wise Care 365\unins000.dat | C:\Users\Admin\AppData\Local\Temp\is-03UKS.tmp\WiseCare365_6.7.2.646.tmp | N/A |
| File created | C:\Program Files (x86)\Wise\Wise Care 365\Languages\is-N6OM3.tmp | C:\Users\Admin\AppData\Local\Temp\is-03UKS.tmp\WiseCare365_6.7.2.646.tmp | N/A |
| File created | C:\Program Files (x86)\Wise\Wise Care 365\headers\is-S8DME.tmp | C:\Users\Admin\AppData\Local\Temp\is-03UKS.tmp\WiseCare365_6.7.2.646.tmp | N/A |
| File created | C:\Program Files (x86)\Wise\Wise Care 365\headers\is-U5F9C.tmp | C:\Users\Admin\AppData\Local\Temp\is-03UKS.tmp\WiseCare365_6.7.2.646.tmp | N/A |
| File created | C:\Program Files (x86)\Wise\Wise Care 365\headers\is-QA63A.tmp | C:\Users\Admin\AppData\Local\Temp\is-03UKS.tmp\WiseCare365_6.7.2.646.tmp | N/A |
| File created | C:\Program Files (x86)\Wise\Wise Care 365\is-36BP9.tmp | C:\Users\Admin\AppData\Local\Temp\is-03UKS.tmp\WiseCare365_6.7.2.646.tmp | N/A |
| File created | C:\Program Files (x86)\Wise\Wise Care 365\tools\img\is-G2414.tmp | C:\Users\Admin\AppData\Local\Temp\is-03UKS.tmp\WiseCare365_6.7.2.646.tmp | N/A |
| File created | C:\Program Files (x86)\Wise\Wise Care 365\Languages\is-LLVPP.tmp | C:\Users\Admin\AppData\Local\Temp\is-03UKS.tmp\WiseCare365_6.7.2.646.tmp | N/A |
| File created | C:\Program Files (x86)\Wise\Wise Care 365\headers\is-5S5OD.tmp | C:\Users\Admin\AppData\Local\Temp\is-03UKS.tmp\WiseCare365_6.7.2.646.tmp | N/A |
| File created | C:\Program Files (x86)\Wise\Wise Care 365\headers\is-HLLUH.tmp | C:\Users\Admin\AppData\Local\Temp\is-03UKS.tmp\WiseCare365_6.7.2.646.tmp | N/A |
| File created | C:\Program Files (x86)\Wise\Wise Care 365\headers\is-I86HI.tmp | C:\Users\Admin\AppData\Local\Temp\is-03UKS.tmp\WiseCare365_6.7.2.646.tmp | N/A |
| File created | C:\Program Files (x86)\Wise\Wise Care 365\Languages\is-5I0FM.tmp | C:\Users\Admin\AppData\Local\Temp\is-03UKS.tmp\WiseCare365_6.7.2.646.tmp | N/A |
| File created | C:\Program Files (x86)\Wise\Wise Care 365\headers\is-LON09.tmp | C:\Users\Admin\AppData\Local\Temp\is-03UKS.tmp\WiseCare365_6.7.2.646.tmp | N/A |
| File created | C:\Program Files (x86)\Wise\Wise Care 365\headers\is-AEHGU.tmp | C:\Users\Admin\AppData\Local\Temp\is-03UKS.tmp\WiseCare365_6.7.2.646.tmp | N/A |
| File created | C:\Program Files (x86)\Wise\Wise Care 365\headers\is-9B1AL.tmp | C:\Users\Admin\AppData\Local\Temp\is-03UKS.tmp\WiseCare365_6.7.2.646.tmp | N/A |
| File created | C:\Program Files (x86)\Wise\Wise Care 365\is-988BF.tmp | C:\Users\Admin\AppData\Local\Temp\is-03UKS.tmp\WiseCare365_6.7.2.646.tmp | N/A |
| File created | C:\Program Files (x86)\Wise\Wise Care 365\Languages\is-EP23N.tmp | C:\Users\Admin\AppData\Local\Temp\is-03UKS.tmp\WiseCare365_6.7.2.646.tmp | N/A |
| File created | C:\Program Files (x86)\Wise\Wise Care 365\Languages\is-FAE4P.tmp | C:\Users\Admin\AppData\Local\Temp\is-03UKS.tmp\WiseCare365_6.7.2.646.tmp | N/A |
| File created | C:\Program Files (x86)\Wise\Wise Care 365\Languages\is-6MDNP.tmp | C:\Users\Admin\AppData\Local\Temp\is-03UKS.tmp\WiseCare365_6.7.2.646.tmp | N/A |
| File created | C:\Program Files (x86)\Wise\Wise Care 365\headers\is-6CV9J.tmp | C:\Users\Admin\AppData\Local\Temp\is-03UKS.tmp\WiseCare365_6.7.2.646.tmp | N/A |
| File created | C:\Program Files (x86)\Wise\Wise Care 365\headers\is-DH2OV.tmp | C:\Users\Admin\AppData\Local\Temp\is-03UKS.tmp\WiseCare365_6.7.2.646.tmp | N/A |
| File opened for modification | C:\Program Files (x86)\Wise\Wise Care 365\unins000.dat | C:\Users\Admin\AppData\Local\Temp\is-03UKS.tmp\WiseCare365_6.7.2.646.tmp | N/A |
| File opened for modification | C:\Program Files (x86)\Wise\Wise Care 365\WiseDefrag.dll | C:\Users\Admin\AppData\Local\Temp\is-03UKS.tmp\WiseCare365_6.7.2.646.tmp | N/A |
| File created | C:\Program Files (x86)\Wise\Wise Care 365\Languages\is-6M18J.tmp | C:\Users\Admin\AppData\Local\Temp\is-03UKS.tmp\WiseCare365_6.7.2.646.tmp | N/A |
| File created | C:\Program Files (x86)\Wise\Wise Care 365\headers\is-T71VN.tmp | C:\Users\Admin\AppData\Local\Temp\is-03UKS.tmp\WiseCare365_6.7.2.646.tmp | N/A |
| File created | C:\Program Files (x86)\Wise\Wise Care 365\headers\is-ABI7L.tmp | C:\Users\Admin\AppData\Local\Temp\is-03UKS.tmp\WiseCare365_6.7.2.646.tmp | N/A |
| File created | C:\Program Files (x86)\Wise\Wise Care 365\Languages\is-O7665.tmp | C:\Users\Admin\AppData\Local\Temp\is-03UKS.tmp\WiseCare365_6.7.2.646.tmp | N/A |
| File created | C:\Program Files (x86)\Wise\Wise Care 365\Languages\is-EKSS0.tmp | C:\Users\Admin\AppData\Local\Temp\is-03UKS.tmp\WiseCare365_6.7.2.646.tmp | N/A |
| File created | C:\Program Files (x86)\Wise\Wise Care 365\headers\is-EPLI8.tmp | C:\Users\Admin\AppData\Local\Temp\is-03UKS.tmp\WiseCare365_6.7.2.646.tmp | N/A |
| File opened for modification | C:\Program Files (x86)\Wise\Wise Care 365\DManager.dll | C:\Users\Admin\AppData\Local\Temp\is-03UKS.tmp\WiseCare365_6.7.2.646.tmp | N/A |
| File created | C:\Program Files (x86)\Wise\Wise Care 365\Languages\is-CM3NL.tmp | C:\Users\Admin\AppData\Local\Temp\is-03UKS.tmp\WiseCare365_6.7.2.646.tmp | N/A |
| File created | C:\Program Files (x86)\Wise\Wise Care 365\headers\is-VHSDV.tmp | C:\Users\Admin\AppData\Local\Temp\is-03UKS.tmp\WiseCare365_6.7.2.646.tmp | N/A |
| File opened for modification | C:\Program Files (x86)\Wise\Wise Care 365\ssleay32.dll | C:\Users\Admin\AppData\Local\Temp\is-03UKS.tmp\WiseCare365_6.7.2.646.tmp | N/A |
| File created | C:\Program Files (x86)\Wise\Wise Care 365\Languages\is-36VGJ.tmp | C:\Users\Admin\AppData\Local\Temp\is-03UKS.tmp\WiseCare365_6.7.2.646.tmp | N/A |
| File created | C:\Program Files (x86)\Wise\Wise Care 365\headers\is-HJQSN.tmp | C:\Users\Admin\AppData\Local\Temp\is-03UKS.tmp\WiseCare365_6.7.2.646.tmp | N/A |
| File created | C:\Program Files (x86)\Wise\Wise Care 365\is-UGMAO.tmp | C:\Users\Admin\AppData\Local\Temp\is-03UKS.tmp\WiseCare365_6.7.2.646.tmp | N/A |
| File created | C:\Program Files (x86)\Wise\Wise Care 365\Languages\is-DR80R.tmp | C:\Users\Admin\AppData\Local\Temp\is-03UKS.tmp\WiseCare365_6.7.2.646.tmp | N/A |
| File created | C:\Program Files (x86)\Wise\Wise Care 365\Languages\is-DESG5.tmp | C:\Users\Admin\AppData\Local\Temp\is-03UKS.tmp\WiseCare365_6.7.2.646.tmp | N/A |
| File created | C:\Program Files (x86)\Wise\Wise Care 365\Languages\is-VI9F9.tmp | C:\Users\Admin\AppData\Local\Temp\is-03UKS.tmp\WiseCare365_6.7.2.646.tmp | N/A |
| File created | C:\Program Files (x86)\Wise\Wise Care 365\headers\is-74MKI.tmp | C:\Users\Admin\AppData\Local\Temp\is-03UKS.tmp\WiseCare365_6.7.2.646.tmp | N/A |
| File created | C:\Program Files (x86)\Wise\Wise Care 365\headers\is-M5MKP.tmp | C:\Users\Admin\AppData\Local\Temp\is-03UKS.tmp\WiseCare365_6.7.2.646.tmp | N/A |
| File created | C:\Program Files (x86)\Wise\Wise Care 365\headers\is-M7C1F.tmp | C:\Users\Admin\AppData\Local\Temp\is-03UKS.tmp\WiseCare365_6.7.2.646.tmp | N/A |
| File created | C:\Program Files (x86)\Wise\Wise Care 365\headers\is-VUDQ9.tmp | C:\Users\Admin\AppData\Local\Temp\is-03UKS.tmp\WiseCare365_6.7.2.646.tmp | N/A |
| File opened for modification | C:\Program Files (x86)\Wise\Wise Care 365\sqlite3.dll | C:\Users\Admin\AppData\Local\Temp\is-03UKS.tmp\WiseCare365_6.7.2.646.tmp | N/A |
| File created | C:\Program Files (x86)\Wise\Wise Care 365\is-2EBV3.tmp | C:\Users\Admin\AppData\Local\Temp\is-03UKS.tmp\WiseCare365_6.7.2.646.tmp | N/A |
| File created | C:\Program Files (x86)\Wise\Wise Care 365\Languages\is-AJ8EO.tmp | C:\Users\Admin\AppData\Local\Temp\is-03UKS.tmp\WiseCare365_6.7.2.646.tmp | N/A |
| File created | C:\Program Files (x86)\Wise\Wise Care 365\Languages\is-KM08K.tmp | C:\Users\Admin\AppData\Local\Temp\is-03UKS.tmp\WiseCare365_6.7.2.646.tmp | N/A |
| File created | C:\Program Files (x86)\Wise\Wise Care 365\is-871UF.tmp | C:\Users\Admin\AppData\Local\Temp\is-03UKS.tmp\WiseCare365_6.7.2.646.tmp | N/A |
| File created | C:\Program Files (x86)\Wise\Wise Care 365\tools\img\is-6RD8T.tmp | C:\Users\Admin\AppData\Local\Temp\is-03UKS.tmp\WiseCare365_6.7.2.646.tmp | N/A |
| File created | C:\Program Files (x86)\Wise\Wise Care 365\tools\img\is-4B34R.tmp | C:\Users\Admin\AppData\Local\Temp\is-03UKS.tmp\WiseCare365_6.7.2.646.tmp | N/A |
| File created | C:\Program Files (x86)\Wise\Wise Care 365\is-SC4B4.tmp | C:\Users\Admin\AppData\Local\Temp\is-03UKS.tmp\WiseCare365_6.7.2.646.tmp | N/A |
| File opened for modification | C:\Program Files (x86)\Wise\Wise Care 365\BootTime.exe | C:\Users\Admin\AppData\Local\Temp\is-03UKS.tmp\WiseCare365_6.7.2.646.tmp | N/A |
| File opened for modification | C:\Program Files (x86)\Wise\Wise Care 365\WiseTurbo.exe | C:\Users\Admin\AppData\Local\Temp\is-03UKS.tmp\WiseCare365_6.7.2.646.tmp | N/A |
| File created | C:\Program Files (x86)\Wise\Wise Care 365\Languages\is-F4Q5V.tmp | C:\Users\Admin\AppData\Local\Temp\is-03UKS.tmp\WiseCare365_6.7.2.646.tmp | N/A |
| File created | C:\Program Files (x86)\Wise\Wise Care 365\headers\is-R8BPG.tmp | C:\Users\Admin\AppData\Local\Temp\is-03UKS.tmp\WiseCare365_6.7.2.646.tmp | N/A |
| File created | C:\Program Files (x86)\Wise\Wise Care 365\Languages\is-98R8L.tmp | C:\Users\Admin\AppData\Local\Temp\is-03UKS.tmp\WiseCare365_6.7.2.646.tmp | N/A |
| File created | C:\Program Files (x86)\Wise\Wise Care 365\is-JN8QN.tmp | C:\Users\Admin\AppData\Local\Temp\is-03UKS.tmp\WiseCare365_6.7.2.646.tmp | N/A |
| File created | C:\Program Files (x86)\Wise\Wise Care 365\is-R84B4.tmp | C:\Users\Admin\AppData\Local\Temp\is-03UKS.tmp\WiseCare365_6.7.2.646.tmp | N/A |
| File created | C:\Program Files (x86)\Wise\Wise Care 365\headers\is-R6EOS.tmp | C:\Users\Admin\AppData\Local\Temp\is-03UKS.tmp\WiseCare365_6.7.2.646.tmp | N/A |
| File created | C:\Program Files (x86)\Wise\Wise Care 365\is-BQ2UK.tmp | C:\Users\Admin\AppData\Local\Temp\is-03UKS.tmp\WiseCare365_6.7.2.646.tmp | N/A |
| File opened for modification | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | C:\Users\Admin\AppData\Local\Temp\is-03UKS.tmp\WiseCare365_6.7.2.646.tmp | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744CAF070E41400\15.7.20033\adoberfp.dll | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| File opened for modification | C:\Windows\Installer\$PatchCache$\Managed\00006109E70000000100000000F01FEC\16.0.12527\vcruntime140.dll_x64 | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| File opened for modification | C:\Windows\panther\setupact.log | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| File opened for modification | C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744CAF070E41400\15.7.20033\Spelling.api | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| File opened for modification | C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744CAF070E41400\15.7.20033\fillsign.aapp | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| File opened for modification | C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744CAF070E41400\15.7.20033\CYRILLIC.TXT | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| File opened for modification | C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744CAF070E41400\15.7.20033\CP1252.TXT1 | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| File opened for modification | C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744CAF070E41400\15.7.20033\acrotextextractor.exe | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| File opened for modification | C:\Windows\prefetch\TASKKILL.EXE-8F5B2253.pf | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| File opened for modification | C:\Windows\prefetch\RUNDLL32.EXE-C8D69DC6.pf | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| File opened for modification | C:\Windows\lsasetup.log | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| File opened for modification | C:\Windows\SoftwareDistribution\DataStore\logs\edb.chk | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| File opened for modification | C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744CAF070E41400\15.7.20033\F_CENTRAL_msvcp120_x86.194841A2_D0F2_3B96_9F71_05BA91BEA0FA | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| File opened for modification | C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744CAF070E41400\15.7.20033\ccme_base.dll | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| File opened for modification | C:\Windows\Installer\$PatchCache$\Managed\1D5E3C0FEDA1E123187686FED06E995A\10.0.40219\F_CENTRAL_vcomp100_x86 | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| File opened for modification | C:\Windows\Installer\$PatchCache$\Managed\1D5E3C0FEDA1E123187686FED06E995A\10.0.40219\F_CENTRAL_mfcm100_x86 | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| File opened for modification | C:\Windows\Installer\$PatchCache$\Managed\00006109E70000000100000000F01FEC\16.0.12527\msvcp140_1.dll_x86 | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| File opened for modification | C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744CAF070E41400\15.7.20033\SYMBOL.TXT | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| File opened for modification | C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744CAF070E41400\15.7.20033\nppdf32.dll_Apollo | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| File opened for modification | C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744CAF070E41400\15.7.20033\MCIMPP.mpp | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| File opened for modification | C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744CAF070E41400\15.7.20033\adobehunspellplugin.dll | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| File opened for modification | C:\Windows\Installer\$PatchCache$\Managed\1926E8D15D0BCE53481466615F760A7F\10.0.40219\F_CENTRAL_mfc100esn_x64 | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| File opened for modification | C:\Windows\SoftwareDistribution\DataStore\logs\edb0000A.log | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| File opened for modification | C:\Windows\Installer\$PatchCache$\Managed\1926E8D15D0BCE53481466615F760A7F\10.0.40219\F_CENTRAL_mfc100fra_x64 | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| File opened for modification | C:\Windows\prefetch\SVCHOST.EXE-F027B880.pf | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| File opened for modification | C:\Windows\prefetch\RUNDLL32.EXE-7194EF5E.pf | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| File opened for modification | C:\Windows\prefetch\FILESYNCCONFIG.EXE-CB60E6FA.pf | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| File opened for modification | C:\Windows\panther\UnattendGC\setuperr.log | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| File opened for modification | C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744CAF070E41400\15.7.20033\TURKISH.TXT | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| File opened for modification | C:\Windows\Installer\$PatchCache$\Managed\1D5E3C0FEDA1E123187686FED06E995A\10.0.40219\F_CENTRAL_mfc100fra_x86 | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| File opened for modification | C:\Windows\prefetch\WLRMDR.EXE-C2B47318.pf | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| File opened for modification | C:\Windows\Prefetch\ReadyBoot\Trace1.fx | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| File opened for modification | C:\Windows\panther\UnattendGC\setupact.log | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| File opened for modification | C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744CAF070E41400\15.7.20033\AcroForm.api__NON_OPT | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| File opened for modification | C:\Windows\Installer\$PatchCache$\Managed\00006109E70000000100000000F01FEC\16.0.12527\vccorlib140.dll_x86 | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| File opened for modification | C:\Windows\prefetch\SEARCHPROTOCOLHOST.EXE-0CB8CADE.pf | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| File opened for modification | C:\Windows\panther\DDACLSys.log | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| File opened for modification | C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744CAF070E41400\15.7.20033\ICELAND.TXT | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| File opened for modification | C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744CAF070E41400\15.7.20033\EPDF_RHP.aapp | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| File opened for modification | C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744CAF070E41400\15.7.20033\ccme_asym.dll | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| File opened for modification | C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744CAF070E41400\15.7.20033\appcenter_r.aapp | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| File opened for modification | C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744CAF070E41400\15.7.20033\Acrofx32.dll | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| File opened for modification | C:\Windows\Installer\$PatchCache$\Managed\1D5E3C0FEDA1E123187686FED06E995A\10.0.40219\F_CENTRAL_mfcm100u_x86 | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| File opened for modification | C:\Windows\Installer\$PatchCache$\Managed\00006109E70000000100000000F01FEC\16.0.12527\msvcp140.dll_x64 | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| File opened for modification | C:\Windows\prefetch\RUNDLL32.EXE-6F2A95AF.pf | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| File opened for modification | C:\Windows\prefetch\AgRobust.db | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| File opened for modification | C:\Windows\debug\sammui.log | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| File opened for modification | C:\Windows\SoftwareDistribution\DataStore\logs\edb00005.log | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| File opened for modification | C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744CAF070E41400\15.7.20033\_difr.x3d | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| File opened for modification | C:\Windows\prefetch\TASKHOSTW.EXE-3E0B74C8.pf | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| File opened for modification | C:\Windows\prefetch\SVCHOST.EXE-7CFEDEA3.pf | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| File opened for modification | C:\Windows\prefetch\RUNTIMEBROKER.EXE-B8EF7F74.pf | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| File opened for modification | C:\Windows\SoftwareDistribution\DataStore\logs\edb00006.log | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| File opened for modification | C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744CAF070E41400\15.7.20033\drvSOFT.x3d | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| File opened for modification | C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744CAF070E41400\15.7.20033\acropdf64.dll | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| File opened for modification | C:\Windows\Installer\$PatchCache$\Managed\00006109E70000000100000000F01FEC\16.0.12527\msvcp140_1.dll_x64 | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| File opened for modification | C:\Windows\prefetch\RUNDLL32.EXE-6F670F94.pf | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| File opened for modification | C:\Windows\prefetch\RCY5HW.EXE-32E18D8A.pf | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| File opened for modification | C:\Windows\Microsoft.NET\Framework\v2.0.50727\ngen.log | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| File opened for modification | C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744CAF070E41400\15.7.20033\TrackedSend.aapp | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| File opened for modification | C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744CAF070E41400\15.7.20033\rt3d.dll | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| File opened for modification | C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744CAF070E41400\15.7.20033\DisplayLanguageNames.en_US.t | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| File opened for modification | C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744CAF070E41400\15.7.20033\adobearm.exe.BDCA7721_F290_4124_BBED_7A15FE7694EB | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| File opened for modification | C:\Windows\Prefetch\ReadyBoot\ReadyBoot.etl | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
Enumerates physical storage devices
Modifies Control Panel
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000\Control Panel\Desktop\LowLevelHooksTimeout = "4000" | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000\Control Panel\Desktop\WaitToKillServiceTimeout = "5000" | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000\Control Panel\Desktop\AutoEndTasks = "1" | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000\Control Panel\Mouse\mousehovertime = "100" | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000\Control Panel\Desktop\WindowMetrics\MinAnimate = "0" | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000\Control Panel\Desktop | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000\Control Panel\Mouse | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000\Control Panel\Desktop\WindowMetrics | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000\Control Panel\Desktop\HungAppTimeout = "3000" | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000\Control Panel\Desktop\WaitToKillAppTimeout = "10000" | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000\Control Panel\Desktop\MenuShowDelay = "0" | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000\Control Panel\Desktop\ForegroundLockTimeout = "0" | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key deleted | \REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\.R3D\OpenWithProgids | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\*\shell\WShredFile\ = "Shred file/folder" | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\*\shell\WShredFile\Command | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\folder\shell\WShredFile | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\.xvid\OpenWithProgids | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\.log\OpenWithProgids | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\.R3D | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\.ply | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\.mdc\OpenWithProgids | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\.loop\shell | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\.wsb | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\.note\shell\open\command | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\.ms-lockscreencomponent-primary\OpenWithProgids | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\.m4r | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\.loop\shell\open | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\.note | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\mssharepointclient\shell\open\command | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\.scp\OpenWithProgids | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\.psd1\OpenWithProgids | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\.gltf | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\.note\shell\open | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shell\WShredFile\ICON = "C:\\Program Files (x86)\\Wise\\Wise Care 365\\fileshredder.ico" | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\folder\shell\WShredFile\Command | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\.ps1\OpenWithProgids | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\.ms-lockscreencomponent-primary | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\.glb | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\application/x-mix-transfer | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\*\shell\WShredFile\ICON = "C:\\Program Files (x86)\\Wise\\Wise Care 365\\fileshredder.ico" | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\.thumb | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\.ps1 | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\.loop\shell\open\command | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\.log | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\.whiteboard\shell | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\*\shell\WShredFile | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shell\WShredFile\ = "Shred file/folder" | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\.xvid | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\.rwz\OpenWithProgids | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\.psm1 | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\*\shell\WShredFile\Command\ = "C:\\Program Files (x86)\\Wise\\Wise Care 365\\WiseCare365.exe -shred \"%1\"" | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\mssharepointclient\DefaultIcon | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\.stl | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\.whiteboard\shell\open | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\.loop | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\.thumb\OpenWithProgids | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\.psm1\OpenWithProgids | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\.psd1 | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\.mdc | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\.fbx | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\.whiteboard | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\.scp | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\.rwz | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\.note\shell | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\.oxps | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\application/vnd.adobe.xfd+xml | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shell\WShredFile\Command\ = "C:\\Program Files (x86)\\Wise\\Wise Care 365\\WiseCare365.exe -shred \"%1\"" | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\.xps | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\.whiteboard\shell\open\command | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-03UKS.tmp\WiseCare365_6.7.2.646.tmp | N/A |
| N/A | N/A | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Wise\Wise Care 365\WiseTray.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Wise\Wise Care 365\WiseTray.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe | N/A |
Suspicious use of SendNotifyMessage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Wise\Wise Care 365\WiseTray.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Wise\Wise Care 365\WiseTray.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\WiseCare365_6.7.2.646.exe
"C:\Users\Admin\AppData\Local\Temp\WiseCare365_6.7.2.646.exe"
C:\Users\Admin\AppData\Local\Temp\is-03UKS.tmp\WiseCare365_6.7.2.646.tmp
"C:\Users\Admin\AppData\Local\Temp\is-03UKS.tmp\WiseCare365_6.7.2.646.tmp" /SL5="$801F8,18617679,249856,C:\Users\Admin\AppData\Local\Temp\WiseCare365_6.7.2.646.exe"
C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe
"C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe"
C:\Program Files (x86)\Wise\Wise Care 365\BootTime.exe
"C:\Program Files (x86)\Wise\Wise Care 365\BootTime.exe"
C:\Program Files (x86)\Wise\Wise Care 365\WiseTray.exe
"C:\Program Files (x86)\Wise\Wise Care 365\WiseTray.exe"
C:\Windows\SYSTEM32\takeown.exe
takeown.exe /F "C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\*" /R /A /D Y
C:\Windows\SYSTEM32\icacls.exe
icacls.exe "C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\*.*" /T /grant administrators:F
C:\Windows\SYSTEM32\takeown.exe
takeown.exe /F "C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\*" /R /A /D Y
C:\Windows\SYSTEM32\icacls.exe
icacls.exe "C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\*.*" /T /grant administrators:F
C:\Windows\SYSTEM32\takeown.exe
takeown.exe /F "C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\*" /R /A /D Y
C:\Windows\SYSTEM32\icacls.exe
icacls.exe "C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\*.*" /T /grant administrators:F
C:\Windows\SYSTEM32\takeown.exe
takeown.exe /F "C:\Windows\ServiceProfiles\NetworkService\Appdata\Local\Microsoft\Windows\DeliveryOptimization\Cache\*" /R /A /D Y
C:\Windows\SYSTEM32\icacls.exe
icacls.exe "C:\Windows\ServiceProfiles\NetworkService\Appdata\Local\Microsoft\Windows\DeliveryOptimization\Cache\*.*" /T /grant administrators:F
C:\Windows\SYSTEM32\takeown.exe
takeown.exe /F "C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\*" /R /A /D Y
C:\Windows\SYSTEM32\icacls.exe
icacls.exe "C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\*.*" /T /grant administrators:F
C:\Windows\SYSTEM32\takeown.exe
takeown.exe /F "C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\*" /R /A /D Y
C:\Windows\SYSTEM32\icacls.exe
icacls.exe "C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\*.*" /T /grant administrators:F
C:\Windows\SYSTEM32\takeown.exe
takeown.exe /F "C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\*" /R /A /D Y
C:\Windows\SYSTEM32\icacls.exe
icacls.exe "C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\*.*" /T /grant administrators:F
C:\Windows\SYSTEM32\takeown.exe
takeown.exe /F "C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\*" /R /A /D Y
C:\Windows\SYSTEM32\icacls.exe
icacls.exe "C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\*.*" /T /grant administrators:F
C:\Windows\SYSTEM32\takeown.exe
takeown.exe /F "C:\Windows\ServiceProfiles\NetworkService\Appdata\Local\Microsoft\Windows\DeliveryOptimization\Cache\*" /R /A /D Y
C:\Windows\SYSTEM32\icacls.exe
icacls.exe "C:\Windows\ServiceProfiles\NetworkService\Appdata\Local\Microsoft\Windows\DeliveryOptimization\Cache\*.*" /T /grant administrators:F
C:\Windows\SYSTEM32\takeown.exe
takeown.exe /F "C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\*" /R /A /D Y
C:\Windows\SYSTEM32\icacls.exe
icacls.exe "C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\*.*" /T /grant administrators:F
C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x4 /state0:0xa3a20855 /state1:0x41c64e6d
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.wisecleaner.net | udp |
| US | 8.8.8.8:53 | info.wisecleaner.com | udp |
| US | 8.8.8.8:53 | www.wisecleaner.com | udp |
| US | 23.224.25.138:80 | www.wisecleaner.net | tcp |
| US | 23.224.25.138:80 | www.wisecleaner.net | tcp |
| US | 104.26.3.143:443 | www.wisecleaner.com | tcp |
| US | 172.67.68.11:443 | www.wisecleaner.com | tcp |
| US | 104.26.3.143:80 | www.wisecleaner.com | tcp |
| US | 172.67.68.11:443 | www.wisecleaner.com | tcp |
| NL | 52.111.243.31:443 | tcp |
Files
memory/4132-0-0x0000000000400000-0x0000000000447000-memory.dmp
memory/4132-2-0x0000000000401000-0x0000000000410000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\is-03UKS.tmp\WiseCare365_6.7.2.646.tmp
| MD5 | 6d32e755caeb53a104a113957898bd1e |
| SHA1 | 98dce00fa766152ef53cc10b73757cccafc40ded |
| SHA256 | b0faa80eabd1ff7fad06fe66370aba24aa724b2f6e338f6957c2edf426326b7a |
| SHA512 | fd845d031144e0dd7573f25d12580f1e54c831cbede3379cf6a0122589d6e3f8415e97e070e40353713e87f3c312d25e929f1901d03e1f8d166b98af35227ac7 |
memory/3308-7-0x0000000000400000-0x000000000054A000-memory.dmp
memory/4132-12-0x0000000000400000-0x0000000000447000-memory.dmp
memory/3308-13-0x0000000000400000-0x000000000054A000-memory.dmp
memory/3308-15-0x0000000000400000-0x000000000054A000-memory.dmp
C:\Program Files (x86)\Wise\Wise Care 365\WiseDefrag.dll
| MD5 | f8e1ed1b455716402a50aa9da2c105b1 |
| SHA1 | fa8e08ef16af64255259a6d4d8ae61b82396e178 |
| SHA256 | 138d2f3cff88404660701e5936f0c3fa389622d1987a63514bff22524c975e2b |
| SHA512 | ca46b3fb918614ab4f1aec2bcd6fa0eb7f69d1e2e4d6192700443c22c8044b532fb5aff8e910f2811f1ff3d45b871e5a4a042d6d4973409a063745da4f9285e4 |
C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe
| MD5 | aea1568f17a578b04327a6ca3200f3a4 |
| SHA1 | 4a3c91f2b135b5b93c4318ee22742bb09085f5bd |
| SHA256 | 89baf0f6fd8b2201e9114d9277aafe150c070db1d701965d13804ff09c38596e |
| SHA512 | 0f663cdd8da2df3cc5c22e0f247022b291c651a6249829ad8d9d2c7a1d172741a02d4549d92edf2883ce9416ace561f13167f99f04dea0e2cb33f3370118ce40 |
C:\Program Files (x86)\Wise\Wise Care 365\sqlite3.dll
| MD5 | 6c4cdeeb711d06134b8dff91bc6539f1 |
| SHA1 | e240c89f75213a81db75d410555da4610cc7e386 |
| SHA256 | 1bce42e18b135c8c69759d137355813728c560fcad02fd6ccc3a60fa42e744fc |
| SHA512 | 162132bdcd1531b11011ea15ddc73cb8516b34a6d5fb9f178a8ca670327e87a64bdf94a1d54d180cdc8e4e7627211275b5a49c528660c997b10b2bfb950c1aac |
C:\Program Files (x86)\Wise\Wise Care 365\WJSLib.dll
| MD5 | 47a72ff4aa7df3bb5b29ada4b6a5eaed |
| SHA1 | 134f00b03c38f9ac2e2549b39b31f62a1c871b9d |
| SHA256 | 18b7f367d8ec6bdaa6618744051e5ff25ba317d2731c2706dc7b5dfde296e37f |
| SHA512 | 6a5036a9205d6ec1b493cdacad78fbd86e4b7f1319776ea64867c1208daf2c0f103b20c1f0fdc511ab7b999393aa87b66ace8d529e95a95a5958117fc2d18054 |
C:\Program Files (x86)\Wise\Wise Care 365\Languages\Slovenian.ini
| MD5 | e3c886bf083fbd36c07b67d512c30ba3 |
| SHA1 | 5097f0430ba45b461b38112d5831455a0e0b51ee |
| SHA256 | b5dd72550e83675f21716d064c985d5c49f970d6cea7708f84f06be9f8288d58 |
| SHA512 | 3fa8d0081814e433cd14b28b780c1add5215e98b4fe236c1b7482679effd9ca7d29c329f0f170f1f32361effc99f293dd2ac2019abe1293feda5eed9e5197555 |
C:\Program Files (x86)\Wise\Wise Care 365\Languages\Vietnamese.ini
| MD5 | 9909cb62969f4c239a80275d2004401e |
| SHA1 | 6bfe7a104032dc4f634b1fe62df3083e7a29998a |
| SHA256 | 439d463293a0538499e262234d8138ea14543aa6c0436c9e4735f67c1fe37a41 |
| SHA512 | da514e212a709b005d1ae2f4be431a7e5b329d78373e2eea02f0c2fc2691ba771d58e2a05fb0628fc359e5ea39fc05d1f6673910889c883cd45c2f6145e43fe9 |
C:\Program Files (x86)\Wise\Wise Care 365\Languages\Ukrainian.ini
| MD5 | f540fdb67042a5697f6972c487a24d17 |
| SHA1 | add7f944e0a1d863218f1c7329f03c2bdd97deba |
| SHA256 | d910929e0336c6c3fa2af83f304e25ca8f0b8a459546318e45f0dae4d5ee14d0 |
| SHA512 | 8d0825bef80ba3c8fb7e2ea82b15a9bc81b81a690071230c2c00ea8e5a5651def5c5c3f0b244cfd43dcfb8fa3d43e736167ced39c274c392a0ca53cc65a2cf83 |
memory/1948-356-0x0000000000400000-0x0000000001679000-memory.dmp
C:\Program Files (x86)\Wise\Wise Care 365\Languages\Turkish.ini
| MD5 | 6d637a166009ba4277ab756125378399 |
| SHA1 | bb09f3b2f4887ec8838f90a9c158211c7399625f |
| SHA256 | 027547c123adae7887c3560433195ba795b27bb118532e8fc0316ea8a6123050 |
| SHA512 | e93867c4ceaea4cdec5b843f7add98495cf823794044cf0cca6a263b31e010cb590ae4fe8fc8bd4247643178234e433abbd7d125c17dfa11efe8e9e992a3e804 |
C:\Program Files (x86)\Wise\Wise Care 365\Languages\Thai.ini
| MD5 | b59a60bd8cd1ac8c82c5abfd992755a9 |
| SHA1 | 164dfa21eb511683692ca461bd3c4e3f6e8567bf |
| SHA256 | b919ff7a0e25d812c9d4e87ebfc028cd5beccc4fc8f48ea7ef274c1f17a8472c |
| SHA512 | 0b0561c5b973fc3db1f4d85908e4aca64dbe23dc0ef02e5caf588517e84af5e708530c660ffe4305b64fe658c0dba5e9c86bd21af1a4f6968e65aded70ce71ac |
C:\Program Files (x86)\Wise\Wise Care 365\Languages\Swedish(Sweden).ini
| MD5 | 68384ccd192503db3b90a7ef754b0c86 |
| SHA1 | 45212337774a7b15e2da9962f40739810c9c7897 |
| SHA256 | 01b6897229d66816964460af1c89a11862406b81a870f793992ce7a8f23968ea |
| SHA512 | 2771091e6ebff577d3423df4f737bdd20cf86f6333d28fe954e3919139f73449d0314d79e55e9e0e2849d8cf34790bff8e56be689b7ea855b8f260b5e845a964 |
C:\Program Files (x86)\Wise\Wise Care 365\Languages\Spanish(Spain).ini
| MD5 | 12c69bc8dd88673ea49a4330dcf416d7 |
| SHA1 | 2f09da8f61a8551ce7e5f42610e782bd3645c0cf |
| SHA256 | 01ac799555a57ab90ac2b562aed8af6182f108c398d1f606f2ba0a04f2357b58 |
| SHA512 | 6485d5969ac9319d7b6aeb86bbea9abd4ab3516dd32d2d9c2b1eae3a5797c4a11340e30d0017ce0a5dd429431ec3eb42cd950bac8d6f95bb0dce6dd7f9a1961c |
C:\Program Files (x86)\Wise\Wise Care 365\Languages\Kurdish.ini
| MD5 | 318ce206932c7a37516bf78d00b5bc22 |
| SHA1 | 8c352f223950a492013ba40f5992b1dd6702d729 |
| SHA256 | 38e180f9431281f28780727497b7904fdfc1063defebd0c0bdaded337477fd84 |
| SHA512 | aefa5ee88d44e6524bcd9c1e2ee2fbb516ade33fef856fb6f1ac6c150d1f960d87bf55848fa5a47ee593e0a5c80003e9a86d3724a38c8e252e1a0294208184bf |
C:\Program Files (x86)\Wise\Wise Care 365\Languages\Korean.ini
| MD5 | 5dcd5f4ab5b4f59a35edabe9f3e7ac76 |
| SHA1 | c23d909c561867653ed7fc2bb2b6807b360547ec |
| SHA256 | 4ea4cb02abb676a2b07b7f225823ed14bd82c40e4edbfa7e8cfbfabedacc9e95 |
| SHA512 | e2d0553d7980703bfba54a72bc5691dd2503adaebe8a86727569694c25e98933cf6ff29e93611035241ae5412179e322d34ad24ed099aacaade1d0b479a437fb |
C:\Program Files (x86)\Wise\Wise Care 365\Languages\Japanese.ini
| MD5 | cf86e45a33896d9772a500be49995f54 |
| SHA1 | e557e101bbaf05e20a6d48c2eb23d1e1accc2442 |
| SHA256 | 0893af7ba38c94d03ac2674125354d5e8e9fc0e63cb5adc5d73dcee41dd0e22f |
| SHA512 | e5f8562cafbfd81e36da1c21a40e552433a7ba6f9fc47bc501c9115188a552cae6c04f95404aa8927c18631f6cd66a564ec5d21d54d1644e02b06d97929bcfeb |
C:\Program Files (x86)\Wise\Wise Care 365\Languages\Italian.ini
| MD5 | 5bd5118c83649f22a2a3171186dae333 |
| SHA1 | ac2cd2512765a3004d04a9c696eb8b21e2cd7b31 |
| SHA256 | f46773479f38bf8121a9ff360419da7108594d80a2a80b047ec49e7a6b834009 |
| SHA512 | 9ab6e11ed83807775e5e545a5abfa45a40cf3f8d597a4c51717abc131072cf219c5e3fdc7beb91c93b57ebbe4423e920e63f15d4707592830300071ac93eee7a |
C:\Program Files (x86)\Wise\Wise Care 365\Languages\Indonesian.ini
| MD5 | b4c12bbe4de6c3883bbb980236e0b011 |
| SHA1 | a1af06beccb560093d0367d105b73f6e107edff3 |
| SHA256 | 81e06a5f1e7364e5de7c587701cb5a5da7052149e5575e20889f0a58400334d4 |
| SHA512 | ea8b5dfb84e7830e026b182cd95570865a4a0ef90dfe2f0f6a93d205155c3766cebd36c8077aa31ae5c1d542d9a3a8fcdb4e8536890c070d7e243958e65044c4 |
C:\Program Files (x86)\Wise\Wise Care 365\Languages\Hungarian.ini
| MD5 | e17d24f672a27425b05ef4e2124e8aa6 |
| SHA1 | 0764c1e3e4a9703dba335cfe8b8e4f8191012134 |
| SHA256 | da032cb20c4a5cc984ed3777e52f3d289e85a7e43d67c8b9707202feaf784f05 |
| SHA512 | 5d60c9221be1752bbd848de32b1558fe0c87dd6dbe2c701b107bb1cea3b3d1324a13c117c8a9acb8cb871bfbc058aca00f7fffe93312a7dbf99e3f83507e8c50 |
C:\Program Files (x86)\Wise\Wise Care 365\Languages\German.ini
| MD5 | 010818027866cfab96764812b869c93f |
| SHA1 | 30c38f55e28ad41a59c42f9dc4f030b69ebabc73 |
| SHA256 | 1fb0cd6cc4561ec6bd3b55be3dfb16696eacdc6a941dcde037171647af71cbf5 |
| SHA512 | fd42367f3777ced8e02d3ffc63b00c5ba42555b1f17102f6b2c1236800db48435f5558e37c01c35877bbad2ece6ffb5905f170a4644ff57cd86a831c14569928 |
C:\Program Files (x86)\Wise\Wise Care 365\Languages\Georgian.ini
| MD5 | aead043775de8d9264bd0c9d0f760a49 |
| SHA1 | 633bdad33d805e447059a713b1fc27589b5513c9 |
| SHA256 | 864e149b47991bb9844d058fb036a4f9fd874a69ca2752816c75f5970e36b3b9 |
| SHA512 | 3b1a3dfc9ba485f69779637954af5613b51145acf529c10e376965c2285c023b694c0b18c237d017aed38fc508d8b53523e1bb2889dc0b7f53d4f6ee6bba7e77 |
C:\Program Files (x86)\Wise\Wise Care 365\Languages\French.ini
| MD5 | bb257cb07c24272b69f2eb73fc5765b8 |
| SHA1 | 8a30bfbfbdd796c5f83e9ed047c72b6eaedfc0ca |
| SHA256 | 94d9dc830526955d037dc578d8401bd4617e1ea3a4ed1ff03df7ae442741386a |
| SHA512 | 5817c19a87a4382bdcb955f79b76d18d5c86a1eb5f1ea140110d72f27b2d3731587871c15d87832cb76ed423f0b740beb1b86fd834f7c15f7e9b5def96fe0175 |
C:\Program Files (x86)\Wise\Wise Care 365\Languages\Finnish.ini
| MD5 | 5f894bb9de5369e2d9bd328156c6c74a |
| SHA1 | b28d3ca4056821869568feda4c7ff4d088502631 |
| SHA256 | 9fc6235ce5102528286046a4ee3dad7ec3bbc52bad376c1f2242262c93f198d6 |
| SHA512 | 1ca15130fa01ddec49ed97f60895c4b8853c41fca15deeba576a72d9bd9e603666d435d928f256e74650df2cc3ede65535ac4fd61cbbf7c685345fef7328d6b8 |
C:\Program Files (x86)\Wise\Wise Care 365\Languages\English.ini
| MD5 | 8c6cd1f827b2fb33a5735f168e058923 |
| SHA1 | 978cc495846484174292416e6a536f29f10a71de |
| SHA256 | 5a4b82ce7dc97f30f08d75c1782f7d3e28301c8e39f7fbb55cdaf89d73129566 |
| SHA512 | 3492ff124825f27091a3bae5243c0da49516fd9005ec40b0d38388677a8bb7cf44c2b79df8756e2be9420b5c29f0b260dc9a149b0ecce2f1e4def867677923da |
C:\Program Files (x86)\Wise\Wise Care 365\Languages\Dutch(Nederlands).ini
| MD5 | 846b5698b0a34e399d7d41f9e5cd11e5 |
| SHA1 | 998269d8d0d5da58611b193e803f603dc4f702e0 |
| SHA256 | df0fc37735b0aad791496f9047d7840e2680507e7f744462b3bb04d9740b02e3 |
| SHA512 | dfe102e5764bbdd7179eed364cee8a611470475a97a48ee4af65254a3b4cf1f7fafa6ff8698cc0089e5756ec480b757c0b272792300f658b10468fa79f02ee82 |
C:\Program Files (x86)\Wise\Wise Care 365\Languages\Dutch(Belgium).ini
| MD5 | 91aa6f0e76b13cddec7b7e9f30f009cb |
| SHA1 | df2d8925b2e707cbc605fb5a48663758d0038bfa |
| SHA256 | 34d910c75ffe79a352dce6ed0140dcf395a8f052dbb433a42838b7850c9e8513 |
| SHA512 | dce3324b1541350114db7583e168041e167a46b6134fd0e7d55aec24bdfc2011a0e1f03eb45b0751b8c87047f4448f811a64ceced398eadcbbd7b2268af6da3c |
C:\Program Files (x86)\Wise\Wise Care 365\Languages\Danish.ini
| MD5 | 987278e1926115fb34817fd94857a4cc |
| SHA1 | d32caea78d9b14e5dd6e1c9b932e8e68e8a1ac6b |
| SHA256 | 58b2a68f2e382eb5a7d36427dbf0cb43bde5cf63745210118d8d7019ce9d6975 |
| SHA512 | 797cb2c2d478f43d8cde97a9bee87e426f7d9ecc33155e3722a4da3e57cd4bf93a871478343f56725fe09c9e04af1f1be5611a132ff03adb49e48be7bead3a1f |
C:\Program Files (x86)\Wise\Wise Care 365\Languages\Czech.ini
| MD5 | fcaef23e20da0067a90796853f511e40 |
| SHA1 | d8bdf749e6a136801a8c1f89df26f1d9a700ac83 |
| SHA256 | 6fd2a57d180f80f1396772d30a74252ed716deb4e960a1ce03e56fcc8234989a |
| SHA512 | 6240dc01fd7f0584dd544f3bd6732fce6f5da700628dd519a376dbfd646a8f12433df84811ee78c1c4d67185e2cb8b0ce983cab8858a0ba5e5e612ea160bf507 |
C:\Program Files (x86)\Wise\Wise Care 365\Languages\Croatian.ini
| MD5 | 4cbad66305ad232f96b5725350ff4d55 |
| SHA1 | 42f3a680ae26c003d53e99fa591ec3a5a87ae20d |
| SHA256 | f099655cdab65a2bd39ce2efb296c05e484b53ca9146dbdd99d0a7db4593f8d8 |
| SHA512 | 04c6e9ef19d2dcb4cf87facfa99c914625b23f021aff07c6686e378ab8e9bc4ebabdf99de9c66d608ff283ee42688b04bcea4d693c5fcf18b67339661803b7cb |
C:\Program Files (x86)\Wise\Wise Care 365\Languages\Chinese(Traditional).ini
| MD5 | c97bb0747d1736efbe825d70b856912a |
| SHA1 | a98ad2b85f79b0c192d2751fdcdc1f5f5b552430 |
| SHA256 | b9fe20321407de13953150e79bbf20a1f94f5f62184bdb9f09ecf66c11a8c8c2 |
| SHA512 | ca5f310a0d987b012d62b875ae1c3357a1114b46fa223996bfe9451bc7f6b60208b4244ab7730319af1862be1928ba715e63879777bb477c3dd01c23eb1bbdae |
C:\Program Files (x86)\Wise\Wise Care 365\Languages\Chinese(Simplified).ini
| MD5 | ca174b54c9933f13845c4111f8814554 |
| SHA1 | 9f962bfbf17dd270e346a39ba9ab883b557dc2ed |
| SHA256 | 6e8326514857b7ee04ff41d3848f604bac12ffc7471fc115f21a09d039735a4e |
| SHA512 | 4b9520f4281501947e2b881bdcbdc1baf1d9739595273529c410b083e25044f369fe35ba14098d78a4fb6754a639e7ec1a462a64b3d9a628ad7da745dad7285a |
C:\Program Files (x86)\Wise\Wise Care 365\Languages\Catalan.ini
| MD5 | 6b5456078e9c427e5bdf4d134bef4064 |
| SHA1 | 2d11ecec4cfc9462018222bdbbaedede10267567 |
| SHA256 | 1f4bdce8d7d124caae785f35fe9d9f8941e7d0bf8d4100ab1fca0139a8b38b1b |
| SHA512 | 6b1da28a13314909e7b21b580c6724b0526d9d13029409df8e5c52c9bf65912ef9bad6d78aee96ef3d054858cc1a8940ad6848a324a9bf32acf55882f1647af5 |
C:\Program Files (x86)\Wise\Wise Care 365\Languages\Bulgarian.ini
| MD5 | e4dc1b86b3661fea7258d100b8ade7ce |
| SHA1 | e14c695c7898b9dfc3af1d8652f1b2b9ecbe7745 |
| SHA256 | 46e76156b175d81666eb7f2e62c018dc11c9992fc3e956aeef3bea2f11cabdae |
| SHA512 | 5d51a47e8f3ba0f8369798ff217477d495cf4334a796128c9ac8bf068181fadfd550d2d34340d40488ddc53b1b4ee8336a6819905f51c17f22799d0a52c37e00 |
C:\Program Files (x86)\Wise\Wise Care 365\Languages\Belarusian.ini
| MD5 | 2bb8c96c5947bf56961a77301bf8abd7 |
| SHA1 | b279b072a9f90d7ddcaa9b9d100be0df8406d703 |
| SHA256 | f6b767f35b3bb389950a993737fdcae26e722373f0f8c20d0300b8cd267a324f |
| SHA512 | 26c488f53dda7d03da8bd6ddb085c5a0247ab0879d139a467e568cfe3093e7aaaf9e3953028aa067c45b13022625b8f36888428b9b151c17cde3d72559ade355 |
C:\Program Files (x86)\Wise\Wise Care 365\Languages\Azerbaijani(Latin).ini
| MD5 | feacb1fc644f947e69b9286db1f486c3 |
| SHA1 | bf5c00be0753b5b94c9c5d93000f5d2d1c1cacd6 |
| SHA256 | 5982ae68cde547dbde027b9fae189758877709bc42a5f266f580dfe0bbc4c236 |
| SHA512 | fdb9cc4a64a018ece27e0c7ae894b42ae1b1fe7c1694ee253eb0520b8c65a5b28fce202278d07899df32b5b2c5298c354051d19a1f8c4e562cab93f52fe94a8a |
C:\Program Files (x86)\Wise\Wise Care 365\Languages\Arabic.ini
| MD5 | d5dfe4f85a192bf151551ab58141831a |
| SHA1 | 1de8e24f0e8b7cbc95bc8812272fa298b3067ffd |
| SHA256 | 3afe3f78ec6379fcf58067bcfaffcb46687e49bfd35139356523025339179f61 |
| SHA512 | f7fd1bcca40aabc27895f2ae165f8cd5a4e9be8f0ddf012de663aad5059f2b05e19b11dc24562594276ee25f0a7ac739382094d4a516beae2ae11c66e56f8f93 |
C:\Program Files (x86)\Wise\Wise Care 365\Languages\Abkhazian.ini
| MD5 | 96016297354c26e4c37bc8cb353d43e0 |
| SHA1 | 37f84ab3cfdcf0c8e52b1b5c215cfbc55412d007 |
| SHA256 | 96269630bb90765c4b7f350a0195f389849eff8159f6b990ad71e2b11e9c3fac |
| SHA512 | ff391cb285e01fdc4e9adc1dde6a643304bca06326c48c0b6f2eeb817a1be8a5012707fbbc4b3d54fad3250c6b46a6bea75406547c5ecda13ab3b72376ffe2fd |
C:\Program Files (x86)\Wise\Wise Care 365\Languages\Slovak.ini
| MD5 | d522b5844611d8193ef248f6224611a4 |
| SHA1 | f6c3b22450cd27e90549e8260e1bf08bb6f91fe1 |
| SHA256 | 14beeb5e32dbcea8842a3a818f4c8157180c6fd96baee8cba20e33ed8f5ec51c |
| SHA512 | dccb6bd3c34c557962c74702c3a06be808b04bd81ab76ebd682dcbc85c1a00709774a56052814ae710044193609cdecf63be771d2a84846ca0ed11e2a59387f6 |
C:\Program Files (x86)\Wise\Wise Care 365\Languages\Serbian(Cyrillic).ini
| MD5 | 93b189a428afd5673180630e28e414f0 |
| SHA1 | 4ddd7e00d480ffa70bf15c4026c72e340cd15418 |
| SHA256 | 3381ae9ea468495d9dda9082a220c9b7183e366616311d6bb0e66ac54f48f777 |
| SHA512 | f077bc96f0092e424b3bbfe62d4fb36a14f2508e04f20d9bbef2a163fa673cf204f574df08b3ebbc4343556bfc0430b6d0d4b82817c377c2ce7b4e6ad17bd2c2 |
C:\Program Files (x86)\Wise\Wise Care 365\Languages\Russian.ini
| MD5 | 4d1dac632b021c60096e9861c150287e |
| SHA1 | d56a98798c11350b90bbc96e73a244031dd8d8fa |
| SHA256 | 14c5b587122c9ef2a21e8c6b002dc1f12395daa8b91af13085dabd1373df1323 |
| SHA512 | f36673c6f57427900c68ef37d36b3d446ffc1738e3da2b2a47611a68cbc1a5f2e1e0b8d449c767433d2ec632ddde3e710d92e90c7e7ec27f66fdd5f65aadd987 |
C:\Program Files (x86)\Wise\Wise Care 365\Languages\Romanian.ini
| MD5 | 00ceec40d9631c3bc5297d2be4a5f184 |
| SHA1 | 70dbf3280c7920245837de6c9acb6ee4e5547945 |
| SHA256 | 2f0bf590db93a179a09ced1d1906bce64ee4bfe2e3a1774180da7d12a412e2db |
| SHA512 | 9b9f7be81cd9dcbdaafbb11e823e2d026aa00d463dc58a312cdc2e3b3a585369dc5f1245c2912bc054e4b3a9c23d9e5cda22df130429218f2454905ed9f1847f |
C:\Program Files (x86)\Wise\Wise Care 365\Languages\Portuguese(Portugal).ini
| MD5 | 84eee762f1f5c5a43c7edd13ee6b0712 |
| SHA1 | 6a837e2a0a50fe949dcc4eb700daea2e46dec74b |
| SHA256 | e9e9bd58cc343d15c840f2ae50d86a7e3ca6c2c69f07755ffa5c3f3e51efe39a |
| SHA512 | 6d9e02e6acd463298bd107ce3dd511e590cd6b7cc482bc03aa05bc1f154e262623052edeee880b0fe5c3b4b8cdeaadb20dbeaa052aa25d2a95cb3a60b67b7c81 |
C:\Program Files (x86)\Wise\Wise Care 365\Languages\Portuguese(Brazil).ini
| MD5 | 10403abf5f76d57cbc42b7cda162ccf3 |
| SHA1 | 3e649f426ab22767e69f595343edfb3711643325 |
| SHA256 | ac58818fe66b6f40bc2267419c6a0ae17d773c69462ef5ae926cb6bc350bf59f |
| SHA512 | c50a30aa7cc203eb18d04923ed9ad4dbf342e4c42cdfb58d4152ff6d3013c20faba95203248d08ae5153885cfba55b8ca3f6548460daee4d35ce4e088d0c5b68 |
C:\Program Files (x86)\Wise\Wise Care 365\Languages\Polish.ini
| MD5 | c152777ba323c1778d8ee52b964b437a |
| SHA1 | f1ee3b54a35767526fe53fe7ff95fe65b0011336 |
| SHA256 | 0eb1b9c20677c401847e4864015e7e5689815022ad7d97fe83d52feafcffe113 |
| SHA512 | fd7509913c007150b5a4546c16c473fc1d9e6237e9d593bc8cf332cb4334f6c809d18659d7ac201975f5d26e4da386bbb241205eecbad7393daf7261f2890c56 |
C:\Program Files (x86)\Wise\Wise Care 365\Languages\Persian.ini
| MD5 | 9bc326e267cd4fe166fe07ffd29ee4da |
| SHA1 | e1747c4264a0ee73718575525aed075a5f890762 |
| SHA256 | f2e08fdcffe13c1fb46e2ba510e56a504b8226e24476909afbfe3414a73b7adb |
| SHA512 | f1ba6c5c2855ad36e0828583cd06e4ad51e98ee4fe1ba4fd0d05e1a6a7cb3974cc613c415dc8d517162eb78280b3cb277c42a99bdf11ac36e63ed5e6c1b4db37 |
C:\Program Files (x86)\Wise\Wise Care 365\Languages\Norwegian(Nynorsk).ini
| MD5 | dc82d14f05b1bc2db6b88b405583ea66 |
| SHA1 | ad5bf79024c14f0f2df5f782a68fcb62e2c34fa9 |
| SHA256 | 2dc8f11a8f5744aee78c40f7faee8ba0057f4f2b807690a1c8d47ce7dc9a5632 |
| SHA512 | fb9a932198e19470c764be7d7cefb3762a1445024c11a79b3ce95a6c8469762d42122fc3ad3cc265a3b6f3b80130a8956a1064519b8e15f7c438df17c51b8b20 |
C:\Program Files (x86)\Wise\Wise Care 365\Languages\Norwegian(Bokmal).ini
| MD5 | f684e0491103575d2d18acffcf58044e |
| SHA1 | 4e94b717ed5f068258daf7193fc93cd0747d91c0 |
| SHA256 | 045318c2477572f8353d5ef1ff6a69327a940af4d85902cc2c8483c0f0d0605f |
| SHA512 | 9b8ceec4159d40e8065742c595aa1d336db416e1e690ee6274b4d5c1cb4b636088f246c718ea96a79a6d630775a564564757bb388fda2169b95c44eefd1ca203 |
C:\Program Files (x86)\Wise\Wise Care 365\Languages\Nepali.ini
| MD5 | f1fddda8f5f8f6fc59692dcd9797a838 |
| SHA1 | 4861919b97e500900512b99cdda3204b0607d3a6 |
| SHA256 | 1dcbd5bc18720f3dc4175256ab26bc537402b9e84fedec60581b85c7fe946d81 |
| SHA512 | 505532bea964485bb23eb2fc93f5355c13cab3e76ea9198e6692a16f1c3db4242a892abbe53961bee9ba0a81b1bba58ed2a5d5d6009de28d8fe4573ee145d290 |
C:\Program Files (x86)\Wise\Wise Care 365\Languages\Lithuanian.ini
| MD5 | d4deacaaace10e243f3c689b2c75190e |
| SHA1 | 65a8e8d0a81f8916cb269f801ed2966c3be709ee |
| SHA256 | 29463e1fe8e16310db1f35bf8aaad23c11c27c92d8b30ab6aba335e792c7efbd |
| SHA512 | aa018a4a8f4d58ee8ffdbb6fb0570e3ff1d7391ac85af6d4f1427f6c50401d6a8f924a8ca2f0e38585b5cfff65899fa821164120ec005edbfb6cac2cd458081c |
C:\Program Files (x86)\Wise\Wise Care 365\Languages\Hebrew.ini
| MD5 | 056a7e88d49779de4809f26f8867ec9d |
| SHA1 | 6e1bd6349599b21d0a16e9b8db6d2abb37af8539 |
| SHA256 | 4087f0aadf7f189f04572b7702a629188806e54d3f244f917e7ad21fe4cd5d7e |
| SHA512 | a1503ba91f94b2df3b5d7993e8fb47ab73be37fb4ee7dad9580e2a9afa0ef4d76c2309b9c5a7429f72fb2ab08edd5af54b331a4e6ccdf0c07d57a25ee70e5a54 |
C:\Program Files (x86)\Wise\Wise Care 365\Languages\Greek.ini
| MD5 | ddf806595b80fb23a81b1be514d273b2 |
| SHA1 | 6fb3e50569e889cc37d9382bdf4d9a814faf14f6 |
| SHA256 | 75aa252adf64f17203d7b7f8bc6ff10d22fccad186cf10c191fd50d711f0a5d5 |
| SHA512 | dcda4c3d2b06bf7e2676531459f9011d2b13689a8fbb566a2dc93f11b8ea8021ec57c24c239b0f6a685ccffd5c444abbfa86864329d382fabd9a3a7f3890c064 |
memory/3308-360-0x0000000000400000-0x000000000054A000-memory.dmp
C:\Program Files (x86)\Wise\Wise Care 365\Tools\img\DuplicateFinder.svg
| MD5 | 170a4b795cef3e2b5e6184e6fca4a698 |
| SHA1 | e84fb034745e424cd4783ee603829f4c6ac4703e |
| SHA256 | a3dbdbb4e21a9a54b256dd8c7f1f17459463de6a63754e8726fea13cd39374cd |
| SHA512 | 5f0920a0fba30daf377a8f03678f2a4e1d35dd4d583dc469bbb50a95d55dbb90923e6314855b2df1a01695fbd6704c8671a2f567a314e80e9dd94cd47165f753 |
C:\Program Files (x86)\Wise\Wise Care 365\Tools\img\FastSearch.svg
| MD5 | 7d5d197f5cb0611cc75dda197ae8eba0 |
| SHA1 | a5b2a943cdd3bf9ae423b6adce10e0a238169a14 |
| SHA256 | f8e59d250e4af0261e549a79d5282f838fb816ad2dcc219ef309177958106e09 |
| SHA512 | 7b8f29d4157fdd439681649061a6722a0c16f865f0f53d22a401ee712f240a5d48b528ac29a005bb8d2de6d3f8191b693bcf2db86ccc041b69bbe2debb0ca7ae |
C:\Program Files (x86)\Wise\Wise Care 365\Tools\img\Reminder.svg
| MD5 | d4ad51dc2849dcb314f3ca8ac7757143 |
| SHA1 | e9dd1ef3d6a0573aaf8b9c453bc32c0ee71bf5a9 |
| SHA256 | 8890a391d09d4c1b73913a65e6db9e40f7c06f1ca8c2f1cf0aa94f19731d9783 |
| SHA512 | 12ddd5389c2a371826eb50d6099c6649c3260e82d24b85393086c92c2049c5deaf45182d7c4113468836fc6e1c76b500af8b0defdfaf6c4412120a2620083faa |
C:\Program Files (x86)\Wise\Wise Care 365\Tools\img\ProgramUninstaller.svg
| MD5 | 7cf723171dcbd35b029a20668106ead0 |
| SHA1 | 66dca7371442e11080badd4410c38e35fd93fe75 |
| SHA256 | a440591f2638a1c8ac09d00df87b428bf5d34b74108658bef8e70b831084f001 |
| SHA512 | 779790d605a11a820c28fdd88601ce51b9f49b02d2404046e2d90996af05557fd86f021eb3b1d562bef7f51c852f75e7a3b692714992a318050f1b1677ffa859 |
C:\Program Files (x86)\Wise\Wise Care 365\Tools\img\MemoryOptimizer.svg
| MD5 | 8fa2ac19f7b58047168d471dd809208a |
| SHA1 | 525c94b68003b81b27bd691a629063dcca35012b |
| SHA256 | 2368ee864828d106fc092d1250360a1f784d28f1be38805d9071690651035607 |
| SHA512 | cb4adfe349512486273cf7721a7981f57a6439de118aea49d96c07a7000b2fd34d43b6ce7d76ead5a0a39526a9cc74c50cdd3bc5ccc9305b3bce88a7334406ba |
memory/4132-368-0x0000000000400000-0x0000000000447000-memory.dmp
C:\Program Files (x86)\Wise\Wise Care 365\Tools\img\AutoShutdown.svg
| MD5 | 2b3100bbbccf5dd9fbd6e51848765db8 |
| SHA1 | 77655ec4f57c7f960849242ee3ca47f4792b156a |
| SHA256 | 6cc9ae74eebf468be9689ec0b3c0d68384b4cab3242ffcc0892fd4aa3a55578a |
| SHA512 | aef6bfa3320307e58159478c13696a7fe614b147679a315592a1af04be2d74fa83c464da23e246b3760a32506514b9d64e3f97cbe033818509ab3815089823af |
C:\Program Files (x86)\Wise\Wise Care 365\Tools\img\DateRecovery.svg
| MD5 | d96c9920a33db25880c12cafa8dd83ca |
| SHA1 | 05c22e14a9f9024e6b89723fdb92a180f3355b2e |
| SHA256 | e302398c76130026f3fa76131672b9479d88f2a119075d2c723a928ea4bd90c0 |
| SHA512 | d8dccdda1c20a11864374678530a77d2efbf3e96bfb1ab13bd53c8946b0b2a52344727d07aafe566f9db080524d9fef940cd3ca98c1a38ec336bfc5a37d3b003 |
C:\Program Files (x86)\Wise\Wise Care 365\tools\toolsv6.ini
| MD5 | bfb30cc36790491cdab86bacd19f88cd |
| SHA1 | 7557fa345eb96b0eefd78f0473ba9ed44f66a717 |
| SHA256 | d779a7f700f3ac6128bb023a520371e9de751578e9fd9445669713c310488ae3 |
| SHA512 | 77421ff796f98d052efd7b0b7dd1e3c8dbbc0b07410ec1fd54970a9fb42d272299426f3cb032834af8bb7795ec4ea0bcd212e3b467040bf88535be5eca2f1f26 |
C:\Program Files (x86)\Wise\Wise Care 365\Tools\img\Imagex.svg
| MD5 | 985f50e6d67b62606ef43d97e17f0a55 |
| SHA1 | 84732d132cae14c7fe05e178a93a5306049a86c3 |
| SHA256 | effaa815cbf591bc3914d0212d93a948d8424d4a9f5ca2f3cd751b9ae0e9c24d |
| SHA512 | 1ae737a38a86d05da64b3bd9f561d1484dfca2d35fbd4353ed333d2fb4b8b56928817e0127577dd6449d35124680a67b2b3cfdaf56d899a6f329dca67be947cf |
C:\Program Files (x86)\Wise\Wise Care 365\Tools\img\ForceDeleter.svg
| MD5 | 61db297b0f6565b4a555824ea5be93bf |
| SHA1 | e17bbd1db8b1cedc611250ddd6b31496e17a0ad2 |
| SHA256 | 4750e9b9b8962a4035e6e492a0c6dcfd7bf5a0cf717cd1a720318e44130a63cb |
| SHA512 | 798c7ca4ea4a9b23235f1f4772649fe2f71a9551eece67550b6bd559fdc8c73f2ca51c18453730cbd0ed46cc877926cab72fa17ee1e8332f40e9cf0f541367f0 |
C:\Program Files (x86)\Wise\Wise Care 365\Tools\img\FolderHider.svg
| MD5 | 0f9e7177f0cb1ec8a45208be94aede13 |
| SHA1 | 453b1c0208e3cf4f5f64fc8d66320f3dee879848 |
| SHA256 | cbaffc932a05d28f6032c31d3cf5817d23e3fc5492fec0f6cb0db1458c0c0662 |
| SHA512 | ec0738341b18d0d042a07319a6790ad6604983e09ccd2972967d016f3392f744345657cc2988ce3a81682cb3aa748e5db76917e42e2a3ae1c92f1385394c4f15 |
C:\Users\Admin\AppData\Roaming\Wise Care 365\CheckupExclude.lst
| MD5 | 48b520aa27908468d82a940f5b157e0a |
| SHA1 | 1e4ff4c71885ad086f138dbb3c558d854eeef03d |
| SHA256 | 8c89156201204b23a6c36731b6c566d014c66f6631accee9b3a78b6951bb5bd1 |
| SHA512 | e2a36deced2278a9fd0fc5f2282273888238f0db0276099a3d70500826b0b3a0d609320a582c7313b561f933f6b631612af2dfca321d30bb9030806027951f86 |
memory/1948-534-0x0000000000400000-0x0000000001679000-memory.dmp
memory/1512-535-0x0000000000400000-0x00000000004A9000-memory.dmp
memory/3352-536-0x0000000000400000-0x0000000000C62000-memory.dmp
memory/1948-538-0x0000000000400000-0x0000000001679000-memory.dmp
memory/3352-541-0x0000000000400000-0x0000000000C62000-memory.dmp
memory/1948-542-0x0000000000400000-0x0000000001679000-memory.dmp
memory/1948-543-0x0000000000400000-0x0000000001679000-memory.dmp
memory/3352-545-0x0000000000400000-0x0000000000C62000-memory.dmp
memory/3352-548-0x0000000000400000-0x0000000000C62000-memory.dmp
memory/1948-546-0x0000000000400000-0x0000000001679000-memory.dmp
memory/1948-549-0x0000000000400000-0x0000000001679000-memory.dmp
memory/3352-551-0x0000000000400000-0x0000000000C62000-memory.dmp
memory/3352-555-0x0000000000400000-0x0000000000C62000-memory.dmp
memory/1948-556-0x0000000000400000-0x0000000001679000-memory.dmp
memory/3352-558-0x0000000000400000-0x0000000000C62000-memory.dmp
memory/1948-559-0x0000000000400000-0x0000000001679000-memory.dmp
memory/3352-562-0x0000000000400000-0x0000000000C62000-memory.dmp
memory/3352-565-0x0000000000400000-0x0000000000C62000-memory.dmp
memory/1948-563-0x0000000000400000-0x0000000001679000-memory.dmp
memory/3352-568-0x0000000000400000-0x0000000000C62000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\gqgwlhqhkp.dat
| MD5 | e7740e7b46566f9c727217343cc338b6 |
| SHA1 | 84aa115d362dceabc01f202cece79947846a7152 |
| SHA256 | 8520156f6513ea698001be40333ca918189b79e0e323ef92859603f7ad618864 |
| SHA512 | 745297d650fbf9ac491073db46a3ca6cb4f14e2cdf96625e0ec416b5c20ccf3373a6ff010fbc25b9cdbe779aaafa5f80de7c18a8b9c6009fd0ae43ea19134bbb |
memory/1948-787-0x0000000000400000-0x0000000001679000-memory.dmp
memory/3352-789-0x0000000000400000-0x0000000000C62000-memory.dmp
memory/3352-793-0x0000000000400000-0x0000000000C62000-memory.dmp
memory/1948-794-0x0000000000400000-0x0000000001679000-memory.dmp
memory/3352-796-0x0000000000400000-0x0000000000C62000-memory.dmp
memory/3352-799-0x0000000000400000-0x0000000000C62000-memory.dmp
memory/1948-797-0x0000000000400000-0x0000000001679000-memory.dmp
memory/3352-802-0x0000000000400000-0x0000000000C62000-memory.dmp
memory/1948-800-0x0000000000400000-0x0000000001679000-memory.dmp
memory/1948-803-0x0000000000400000-0x0000000001679000-memory.dmp
memory/3352-805-0x0000000000400000-0x0000000000C62000-memory.dmp
memory/3352-810-0x0000000000400000-0x0000000000C62000-memory.dmp
memory/3352-813-0x0000000000400000-0x0000000000C62000-memory.dmp
memory/3352-820-0x0000000000400000-0x0000000000C62000-memory.dmp
C:\Users\Admin\AppData\Roaming\Wise Care 365\config_tray.ini
| MD5 | e182e7930e5eabb51c78c4d9ffa66589 |
| SHA1 | 9beb0084b120ffd6542a59ba209b10d0d04f303d |
| SHA256 | 0f5ef77c50df7603f329fd088eb18ce6f75b725d7ee3958a46a937335dcd0101 |
| SHA512 | 97f5ab81f94f45c325600b823d98be72b8c3303c642df34a08b42c9341dad296c0bcd61d3bdb83277c4334da2459f00d2b108d6ec63758f08a2347b614661af7 |
C:\Users\Admin\AppData\Roaming\Wise Care 365\Types.lst
| MD5 | 2fafac4fa0fefe91de0b3049ac53e210 |
| SHA1 | b8033bf320aa6017019f537e64f2f7f666f89bde |
| SHA256 | 9f934b22270557e0837ab2326ffcbe93cdf9454d22834d2dd774c7c6cadecb57 |
| SHA512 | c8cf545e499a75b119a5a74d2f53d29444e68b4b637f99a0de98af98cbdc0162dcd72e50d56516b22d96309e4aad4dff0d7362a3cec02d9a4b371f012d4dd3e9 |
memory/1948-1129-0x0000000000400000-0x0000000001679000-memory.dmp