Malware Analysis Report

2024-12-07 14:51

Sample ID 241011-stzy6avanm
Target WiseCare365Pro.exe
SHA256 c76662d698566d40aaebd0dcc176678cb2cb78a2b9b8d6fb270ffcb8b6301fb7
Tags
bootkit defense_evasion discovery evasion exploit persistence spyware stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

c76662d698566d40aaebd0dcc176678cb2cb78a2b9b8d6fb270ffcb8b6301fb7

Threat Level: Known bad

The file WiseCare365Pro.exe was found to be: Known bad.

Malicious Activity Summary

bootkit defense_evasion discovery evasion exploit persistence spyware stealer

Modifies firewall policy service

Possible privilege escalation attempt

Modifies file permissions

Executes dropped EXE

Reads user/profile data of web browsers

Checks computer location settings

Loads dropped DLL

Writes to the Master Boot Record (MBR)

Enumerates connected drives

File and Directory Permissions Modification: Windows File and Directory Permissions Modification

Drops desktop.ini file(s)

Checks installed software on the system

Checks for any installed AV software in registry

Drops file in System32 directory

Drops file in Windows directory

Drops file in Program Files directory

Browser Information Discovery

System Location Discovery: System Language Discovery

Enumerates physical storage devices

Modifies Control Panel

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

Suspicious behavior: EnumeratesProcesses

Modifies registry class

Suspicious use of SendNotifyMessage

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Enumerates system info in registry

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-11 15:25

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-11 15:25

Reported

2024-10-11 15:31

Platform

win10v2004-20241007-en

Max time kernel

299s

Max time network

203s

Command Line

"C:\Users\Admin\AppData\Local\Temp\WiseCare365Pro.exe"

Signatures

Modifies firewall policy service

evasion
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe N/A
Key created \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\PublicProfile C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe N/A
Set value (int) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\EnableFirewall = "1" C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe N/A
Set value (int) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\EnableFirewall = "1" C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\is-RD624.tmp\WiseCare365Pro.tmp N/A
Key value queried \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe N/A

Reads user/profile data of web browsers

spyware stealer

Checks for any installed AV software in registry

Description Indicator Process Target
Key opened \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\software\kasperskylab C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe N/A
Key opened \REGISTRY\MACHINE\software\avira\antivir desktop C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe N/A
Key opened \REGISTRY\MACHINE\software\WOW6432Node\avira\antivir desktop C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\software\avira\antivirus C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe N/A
Key opened \REGISTRY\MACHINE\software\avast software\avast C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe N/A
Key opened \REGISTRY\MACHINE\software\WOW6432Node\avast software\avast C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\software\avast software\avast C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe N/A

Checks installed software on the system

discovery

Drops desktop.ini file(s)

Description Indicator Process Target
File opened for modification C:\Windows\Downloaded Program Files\desktop.ini C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\N: C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe N/A
File opened (read-only) \??\R: C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe N/A
File opened (read-only) \??\U: C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe N/A
File opened (read-only) \??\Z: C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe N/A
File opened (read-only) \??\E: C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe N/A
File opened (read-only) \??\H: C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe N/A
File opened (read-only) \??\K: C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe N/A
File opened (read-only) \??\Q: C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe N/A
File opened (read-only) \??\V: C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe N/A
File opened (read-only) \??\W: C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe N/A
File opened (read-only) \??\Y: C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe N/A
File opened (read-only) \??\I: C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe N/A
File opened (read-only) \??\L: C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe N/A
File opened (read-only) \??\O: C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe N/A
File opened (read-only) \??\P: C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe N/A
File opened (read-only) \??\T: C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe N/A
File opened (read-only) \??\X: C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe N/A
File opened (read-only) \??\G: C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe N/A
File opened (read-only) \??\J: C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe N/A
File opened (read-only) \??\M: C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe N/A
File opened (read-only) \??\S: C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe N/A

File and Directory Permissions Modification: Windows File and Directory Permissions Modification

defense_evasion

Writes to the Master Boot Record (MBR)

bootkit persistence
Description Indicator Process Target
File opened for modification \??\PhysicalDrive0 C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\System32\LogFiles\Scm\SCM.EVM.1 C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe N/A
File opened for modification C:\Windows\System32\SleepStudy\ScreenOn\ScreenOnPowerStudyTraceSession-2024-10-07-09-17-29.etl C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe N/A
File opened for modification C:\Windows\System32\SleepStudy\ScreenOn\ScreenOnPowerStudyTraceSession-2024-10-07-09-15-27.etl C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe N/A
File opened for modification C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157 C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\CLR_v2.0\UsageLogs\addinutil.exe.log C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe N/A
File opened for modification C:\Windows\System32\LogFiles\Scm\SCM.EVM.2 C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe N/A
File opened for modification C:\Windows\system32\FNTCACHE.DAT C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe N/A
File opened for modification C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\FB0D848F74F70BB2EAA93746D24D9749 C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe N/A
File opened for modification C:\Windows\System32\CatRoot2\dberr.txt C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe N/A
File opened for modification C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{dbcf7e15-0859-4bb3-a910-094c550917fa}\snapshot.etl C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe N/A
File opened for modification C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{c277c2e3-bfd8-43cb-b2a5-1cc16ba2fef0}\snapshot.etl C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe N/A
File opened for modification C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_0FB9553B978E7F00C6B2309507DEB64A C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe N/A
File opened for modification C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776 C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe N/A
File opened for modification C:\Windows\System32\LogFiles\Scm\SCM.EVM.3 C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe N/A
File opened for modification C:\Windows\System32\SleepStudy\ScreenOn\ScreenOnPowerStudyTraceSession-2024-10-07-09-14-17.etl C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe N/A
File opened for modification C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_6372E0472AFF76BB926C97818BC773B9 C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe N/A
File opened for modification C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506 C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files (x86)\Wise\Wise Care 365\DManager.dll C:\Users\Admin\AppData\Local\Temp\is-RD624.tmp\WiseCare365Pro.tmp N/A
File created C:\Program Files (x86)\Wise\Wise Care 365\headers\is-63MOV.tmp C:\Users\Admin\AppData\Local\Temp\is-RD624.tmp\WiseCare365Pro.tmp N/A
File created C:\Program Files (x86)\Wise\Wise Care 365\headers\is-EIFOS.tmp C:\Users\Admin\AppData\Local\Temp\is-RD624.tmp\WiseCare365Pro.tmp N/A
File created C:\Program Files (x86)\Wise\Wise Care 365\headers\is-93ISQ.tmp C:\Users\Admin\AppData\Local\Temp\is-RD624.tmp\WiseCare365Pro.tmp N/A
File created C:\Program Files (x86)\Wise\Wise Care 365\Languages\is-24DOG.tmp C:\Users\Admin\AppData\Local\Temp\is-RD624.tmp\WiseCare365Pro.tmp N/A
File created C:\Program Files (x86)\Wise\Wise Care 365\is-L5NTJ.tmp C:\Users\Admin\AppData\Local\Temp\is-RD624.tmp\WiseCare365Pro.tmp N/A
File created C:\Program Files (x86)\Wise\Wise Care 365\headers\is-HIKEG.tmp C:\Users\Admin\AppData\Local\Temp\is-RD624.tmp\WiseCare365Pro.tmp N/A
File created C:\Program Files (x86)\Wise\Wise Care 365\Languages\is-ODC8R.tmp C:\Users\Admin\AppData\Local\Temp\is-RD624.tmp\WiseCare365Pro.tmp N/A
File created C:\Program Files (x86)\Wise\Wise Care 365\tools\img\is-4OC6M.tmp C:\Users\Admin\AppData\Local\Temp\is-RD624.tmp\WiseCare365Pro.tmp N/A
File created C:\Program Files (x86)\Wise\Wise Care 365\is-VU6P5.tmp C:\Users\Admin\AppData\Local\Temp\is-RD624.tmp\WiseCare365Pro.tmp N/A
File created C:\Program Files (x86)\Wise\Wise Care 365\is-PEHLB.tmp C:\Users\Admin\AppData\Local\Temp\is-RD624.tmp\WiseCare365Pro.tmp N/A
File opened for modification C:\Program Files (x86)\Wise\Wise Care 365\BootTime.exe C:\Users\Admin\AppData\Local\Temp\is-RD624.tmp\WiseCare365Pro.tmp N/A
File opened for modification C:\Program Files (x86)\Wise\Wise Care 365\WndMonitor_x64.dll C:\Users\Admin\AppData\Local\Temp\is-RD624.tmp\WiseCare365Pro.tmp N/A
File created C:\Program Files (x86)\Wise\Wise Care 365\headers\is-RGPRC.tmp C:\Users\Admin\AppData\Local\Temp\is-RD624.tmp\WiseCare365Pro.tmp N/A
File created C:\Program Files (x86)\Wise\Wise Care 365\is-MI2TS.tmp C:\Users\Admin\AppData\Local\Temp\is-RD624.tmp\WiseCare365Pro.tmp N/A
File created C:\Program Files (x86)\Wise\Wise Care 365\Languages\is-1PUN7.tmp C:\Users\Admin\AppData\Local\Temp\is-RD624.tmp\WiseCare365Pro.tmp N/A
File opened for modification C:\Program Files (x86)\Wise\Wise Care 365\WiseDefrag.dll C:\Users\Admin\AppData\Local\Temp\is-RD624.tmp\WiseCare365Pro.tmp N/A
File created C:\Program Files (x86)\Wise\Wise Care 365\headers\is-PB8CA.tmp C:\Users\Admin\AppData\Local\Temp\is-RD624.tmp\WiseCare365Pro.tmp N/A
File created C:\Program Files (x86)\Wise\Wise Care 365\headers\is-L01L1.tmp C:\Users\Admin\AppData\Local\Temp\is-RD624.tmp\WiseCare365Pro.tmp N/A
File created C:\Program Files (x86)\Wise\Wise Care 365\headers\is-KBJAS.tmp C:\Users\Admin\AppData\Local\Temp\is-RD624.tmp\WiseCare365Pro.tmp N/A
File created C:\Program Files (x86)\Wise\Wise Care 365\Languages\is-1DO9M.tmp C:\Users\Admin\AppData\Local\Temp\is-RD624.tmp\WiseCare365Pro.tmp N/A
File created C:\Program Files (x86)\Wise\Wise Care 365\Languages\is-KQ111.tmp C:\Users\Admin\AppData\Local\Temp\is-RD624.tmp\WiseCare365Pro.tmp N/A
File created C:\Program Files (x86)\Wise\Wise Care 365\Languages\is-18B6Q.tmp C:\Users\Admin\AppData\Local\Temp\is-RD624.tmp\WiseCare365Pro.tmp N/A
File opened for modification C:\Program Files (x86)\Wise\Wise Care 365\WndMonitor.dll C:\Users\Admin\AppData\Local\Temp\is-RD624.tmp\WiseCare365Pro.tmp N/A
File created C:\Program Files (x86)\Wise\Wise Care 365\headers\is-5I9N5.tmp C:\Users\Admin\AppData\Local\Temp\is-RD624.tmp\WiseCare365Pro.tmp N/A
File created C:\Program Files (x86)\Wise\Wise Care 365\Languages\is-JIIAC.tmp C:\Users\Admin\AppData\Local\Temp\is-RD624.tmp\WiseCare365Pro.tmp N/A
File created C:\Program Files (x86)\Wise\Wise Care 365\Languages\is-098P2.tmp C:\Users\Admin\AppData\Local\Temp\is-RD624.tmp\WiseCare365Pro.tmp N/A
File created C:\Program Files (x86)\Wise\Wise Care 365\tools\img\is-7CAS7.tmp C:\Users\Admin\AppData\Local\Temp\is-RD624.tmp\WiseCare365Pro.tmp N/A
File created C:\Program Files (x86)\Wise\Wise Care 365\is-6DTLK.tmp C:\Users\Admin\AppData\Local\Temp\is-RD624.tmp\WiseCare365Pro.tmp N/A
File opened for modification C:\Program Files (x86)\Wise\Wise Care 365\unins000.dat C:\Users\Admin\AppData\Local\Temp\is-RD624.tmp\WiseCare365Pro.tmp N/A
File opened for modification C:\Program Files (x86)\Wise\Wise Care 365\WiseBootBooster.exe C:\Users\Admin\AppData\Local\Temp\is-RD624.tmp\WiseCare365Pro.tmp N/A
File opened for modification C:\Program Files (x86)\Wise\Wise Care 365\WiseTray.exe C:\Users\Admin\AppData\Local\Temp\is-RD624.tmp\WiseCare365Pro.tmp N/A
File created C:\Program Files (x86)\Wise\Wise Care 365\headers\is-T41RD.tmp C:\Users\Admin\AppData\Local\Temp\is-RD624.tmp\WiseCare365Pro.tmp N/A
File created C:\Program Files (x86)\Wise\Wise Care 365\Languages\is-QE844.tmp C:\Users\Admin\AppData\Local\Temp\is-RD624.tmp\WiseCare365Pro.tmp N/A
File created C:\Program Files (x86)\Wise\Wise Care 365\Languages\is-BOOQB.tmp C:\Users\Admin\AppData\Local\Temp\is-RD624.tmp\WiseCare365Pro.tmp N/A
File opened for modification C:\Program Files (x86)\Wise\Wise Care 365\libeay32.dll C:\Users\Admin\AppData\Local\Temp\is-RD624.tmp\WiseCare365Pro.tmp N/A
File created C:\Program Files (x86)\Wise\Wise Care 365\headers\is-PL39R.tmp C:\Users\Admin\AppData\Local\Temp\is-RD624.tmp\WiseCare365Pro.tmp N/A
File created C:\Program Files (x86)\Wise\Wise Care 365\headers\is-7P5DQ.tmp C:\Users\Admin\AppData\Local\Temp\is-RD624.tmp\WiseCare365Pro.tmp N/A
File created C:\Program Files (x86)\Wise\Wise Care 365\headers\is-55TFJ.tmp C:\Users\Admin\AppData\Local\Temp\is-RD624.tmp\WiseCare365Pro.tmp N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\20241007091431.pma C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe N/A
File created C:\Program Files (x86)\Wise\Wise Care 365\is-RVI4Q.tmp C:\Users\Admin\AppData\Local\Temp\is-RD624.tmp\WiseCare365Pro.tmp N/A
File opened for modification C:\Program Files (x86)\Wise\Wise Care 365\WJSLib.dll C:\Users\Admin\AppData\Local\Temp\is-RD624.tmp\WiseCare365Pro.tmp N/A
File created C:\Program Files (x86)\Wise\Wise Care 365\headers\is-5DS7N.tmp C:\Users\Admin\AppData\Local\Temp\is-RD624.tmp\WiseCare365Pro.tmp N/A
File created C:\Program Files (x86)\Wise\Wise Care 365\headers\is-7SH8P.tmp C:\Users\Admin\AppData\Local\Temp\is-RD624.tmp\WiseCare365Pro.tmp N/A
File created C:\Program Files (x86)\Wise\Wise Care 365\headers\is-JIDSO.tmp C:\Users\Admin\AppData\Local\Temp\is-RD624.tmp\WiseCare365Pro.tmp N/A
File created C:\Program Files (x86)\Wise\Wise Care 365\Languages\is-B8DL6.tmp C:\Users\Admin\AppData\Local\Temp\is-RD624.tmp\WiseCare365Pro.tmp N/A
File created C:\Program Files (x86)\Wise\Wise Care 365\tools\img\is-49DEQ.tmp C:\Users\Admin\AppData\Local\Temp\is-RD624.tmp\WiseCare365Pro.tmp N/A
File created C:\Program Files (x86)\Wise\Wise Care 365\is-DFM36.tmp C:\Users\Admin\AppData\Local\Temp\is-RD624.tmp\WiseCare365Pro.tmp N/A
File created C:\Program Files (x86)\Wise\Wise Care 365\is-RD6QU.tmp C:\Users\Admin\AppData\Local\Temp\is-RD624.tmp\WiseCare365Pro.tmp N/A
File created C:\Program Files (x86)\Wise\Wise Care 365\headers\is-4FJ0J.tmp C:\Users\Admin\AppData\Local\Temp\is-RD624.tmp\WiseCare365Pro.tmp N/A
File created C:\Program Files (x86)\Wise\Wise Care 365\headers\is-0T9G6.tmp C:\Users\Admin\AppData\Local\Temp\is-RD624.tmp\WiseCare365Pro.tmp N/A
File created C:\Program Files (x86)\Wise\Wise Care 365\headers\is-4CGHV.tmp C:\Users\Admin\AppData\Local\Temp\is-RD624.tmp\WiseCare365Pro.tmp N/A
File created C:\Program Files (x86)\Wise\Wise Care 365\headers\is-4TOO6.tmp C:\Users\Admin\AppData\Local\Temp\is-RD624.tmp\WiseCare365Pro.tmp N/A
File created C:\Program Files (x86)\Wise\Wise Care 365\is-19UHP.tmp C:\Users\Admin\AppData\Local\Temp\is-RD624.tmp\WiseCare365Pro.tmp N/A
File created C:\Program Files (x86)\Wise\Wise Care 365\is-EV01P.tmp C:\Users\Admin\AppData\Local\Temp\is-RD624.tmp\WiseCare365Pro.tmp N/A
File created C:\Program Files (x86)\Wise\Wise Care 365\unins000.dat C:\Users\Admin\AppData\Local\Temp\is-RD624.tmp\WiseCare365Pro.tmp N/A
File created C:\Program Files (x86)\Wise\Wise Care 365\headers\is-FPPEL.tmp C:\Users\Admin\AppData\Local\Temp\is-RD624.tmp\WiseCare365Pro.tmp N/A
File created C:\Program Files (x86)\Wise\Wise Care 365\headers\is-3OGL3.tmp C:\Users\Admin\AppData\Local\Temp\is-RD624.tmp\WiseCare365Pro.tmp N/A
File created C:\Program Files (x86)\Wise\Wise Care 365\Languages\is-GF444.tmp C:\Users\Admin\AppData\Local\Temp\is-RD624.tmp\WiseCare365Pro.tmp N/A
File created C:\Program Files (x86)\Wise\Wise Care 365\Languages\is-S9STT.tmp C:\Users\Admin\AppData\Local\Temp\is-RD624.tmp\WiseCare365Pro.tmp N/A
File created C:\Program Files (x86)\Wise\Wise Care 365\Languages\is-TBU72.tmp C:\Users\Admin\AppData\Local\Temp\is-RD624.tmp\WiseCare365Pro.tmp N/A
File created C:\Program Files (x86)\Wise\Wise Care 365\Languages\is-DATEQ.tmp C:\Users\Admin\AppData\Local\Temp\is-RD624.tmp\WiseCare365Pro.tmp N/A
File created C:\Program Files (x86)\Wise\Wise Care 365\is-B6B0O.tmp C:\Users\Admin\AppData\Local\Temp\is-RD624.tmp\WiseCare365Pro.tmp N/A
File opened for modification C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe C:\Users\Admin\AppData\Local\Temp\is-RD624.tmp\WiseCare365Pro.tmp N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\Logs\CBS\CBS.log C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe N/A
File opened for modification C:\Windows\Installer\$PatchCache$\Managed\B61D15F98E24A4A42882574055142AEA\56.64.8781\fileCoreHostExe C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe N/A
File opened for modification C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744CAF070E41400\15.7.20033\acrosup64.dll C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe N/A
File opened for modification C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744CAF070E41400\15.7.20033\wow_helper.exe C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe N/A
File opened for modification C:\Windows\Installer\$PatchCache$\Managed\00006109E70000000100000000F01FEC\16.0.12527\msvcp140_1.dll_x86 C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe N/A
File opened for modification C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744CAF070E41400\15.7.20033\zdingbat.txt C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe N/A
File opened for modification C:\Windows\Installer\$PatchCache$\Managed\1D5E3C0FEDA1E123187686FED06E995A\10.0.40219\F_CENTRAL_atl100_x86 C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe N/A
File opened for modification C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744CAF070E41400\15.7.20033\AcroRd32.exe C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe N/A
File opened for modification C:\Windows\lsasetup.log C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe N/A
File opened for modification C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744CAF070E41400\15.7.20033\ROMANIAN.TXT C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe N/A
File opened for modification C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744CAF070E41400\15.7.20033\dummy.aff C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe N/A
File opened for modification C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744CAF070E41400\15.7.20033\AXSLE.dll C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe N/A
File opened for modification C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744CAF070E41400\15.7.20033\adoberfp.dll C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe N/A
File opened for modification C:\Windows\Logs\NetSetup\service.0.etl C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe N/A
File opened for modification C:\Windows\Logs\MoSetup\UpdateAgent.log C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe N/A
File opened for modification C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744CAF070E41400\15.7.20033\symbol.txt2 C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe N/A
File opened for modification C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744CAF070E41400\15.7.20033\acropdf64.dll C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe N/A
File opened for modification C:\Windows\SoftwareDistribution\DataStore\logs\edbres00001.jrs C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe N/A
File opened for modification C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744CAF070E41400\15.7.20033\DisplayLanguageNames.en_US.t C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe N/A
File opened for modification C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744CAF070E41400\15.7.20033\AiodLite.dll C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe N/A
File opened for modification C:\Windows\Installer\$PatchCache$\Managed\00006109E70000000100000000F01FEC\16.0.12527\vccorlib140.dll_x64 C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe N/A
File opened for modification C:\Windows\ServiceProfiles\NetworkService\Appdata\Local\Microsoft\Windows\DeliveryOptimization\Cache\abfc9659683fa5cd2867fe6923a3a71430bd6a7c\content.bin C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe N/A
File opened for modification C:\Windows\ServiceProfiles\NetworkService\Appdata\Local\Microsoft\Windows\DeliveryOptimization\State\migration.dat.LOG1 C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe N/A
File opened for modification C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744CAF070E41400\15.7.20033\CORPCHAR.TXT2 C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe N/A
File opened for modification C:\Windows\Installer\$PatchCache$\Managed\1926E8D15D0BCE53481466615F760A7F\10.0.40219\F_CENTRAL_mfc100enu_x64 C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe N/A
File opened for modification C:\Windows\Installer\$PatchCache$\Managed\1926E8D15D0BCE53481466615F760A7F\10.0.40219\F_CENTRAL_atl100_x64 C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe N/A
File opened for modification C:\Windows\Installer\$PatchCache$\Managed\00006109E70000000100000000F01FEC\16.0.12527\vccorlib140.dll_x86 C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe N/A
File opened for modification C:\Windows\SoftwareDistribution\DataStore\logs\edb0000D.log C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe N/A
File opened for modification C:\Windows\SoftwareDistribution\DataStore\logs\edb.log C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe N/A
File opened for modification C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744CAF070E41400\15.7.20033\CP1253.TXT C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe N/A
File opened for modification C:\Windows\Installer\$PatchCache$\Managed\1D5E3C0FEDA1E123187686FED06E995A\10.0.40219\F_CENTRAL_mfc100chs_x86 C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe N/A
File opened for modification C:\Windows\Installer\$PatchCache$\Managed\00006109E70000000100000000F01FEC\16.0.12527\vcruntime140.dll_x64 C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe N/A
File opened for modification C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744CAF070E41400\15.7.20033\weblink.api C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe N/A
File opened for modification C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744CAF070E41400\15.7.20033\ICELAND.TXT C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe N/A
File opened for modification C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744CAF070E41400\15.7.20033\ccme_base.dll C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe N/A
File opened for modification C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744CAF070E41400\15.7.20033\adobearmhelper.exe.BDCA7721_F290_4124_BBED_7A15FE7694EB C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe N/A
File opened for modification C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744CAF070E41400\15.7.20033\Annots.api C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe N/A
File opened for modification C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744CAF070E41400\15.7.20033\adobearm.exe.BDCA7721_F290_4124_BBED_7A15FE7694EB C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe N/A
File opened for modification C:\Windows\Installer\$PatchCache$\Managed\1926E8D15D0BCE53481466615F760A7F\10.0.40219\F_CENTRAL_mfc100rus_x64 C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe N/A
File opened for modification C:\Windows\panther\DDACLSys.log C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe N/A
File opened for modification C:\Windows\SoftwareDistribution\DataStore\logs\edb0000A.log C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe N/A
File opened for modification C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\FontCache-S-1-5-18.dat C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe N/A
File opened for modification C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744CAF070E41400\15.7.20033\displaylanguagenames.en_gb_e C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe N/A
File opened for modification C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744CAF070E41400\15.7.20033\CYRILLIC.TXT C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe N/A
File opened for modification C:\Windows\ServiceProfiles\NetworkService\Appdata\Local\Microsoft\Windows\DeliveryOptimization\Cache\5b548026ad8af293154aa355baf0c86fb7651d6e\content.phf C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe N/A
File opened for modification C:\Windows\inf\setupapi.offline.20191207_091437.log C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe N/A
File opened for modification C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744CAF070E41400\15.7.20033\prcr.x3d C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe N/A
File opened for modification C:\Windows\Installer\$PatchCache$\Managed\1926E8D15D0BCE53481466615F760A7F\10.0.40219\F_CENTRAL_mfcm100_x64 C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe N/A
File opened for modification C:\Windows\Installer\$PatchCache$\Managed\00006109E70000000100000000F01FEC\16.0.12527\msvcp140.dll_x64 C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe N/A
File opened for modification C:\Windows\Logs\DISM\dism.log C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe N/A
File opened for modification C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ngen.log C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe N/A
File opened for modification C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744CAF070E41400\15.7.20033\home.aapp C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe N/A
File opened for modification C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744CAF070E41400\15.7.20033\comdll.x.manifest C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe N/A
File opened for modification C:\Windows\Installer\$PatchCache$\Managed\1D5E3C0FEDA1E123187686FED06E995A\10.0.40219\F_CENTRAL_mfc100esn_x86 C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe N/A
File opened for modification C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744CAF070E41400\15.7.20033\_4bitmapibroker.exe C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe N/A
File opened for modification C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744CAF070E41400\15.7.20033\Edit_R_Full.aapp C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe N/A
File opened for modification C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744CAF070E41400\15.7.20033\CoolType.dll_NON_OPT C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe N/A
File opened for modification C:\Windows\Installer\$PatchCache$\Managed\00006109E70000000100000000F01FEC\16.0.12527\concrt140.dll_x64 C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe N/A
File opened for modification C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744CAF070E41400\15.7.20033\Spelling.api C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe N/A
File opened for modification C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744CAF070E41400\15.7.20033\libcef.dll.15EE1C08_ED51_465D_B6F3_FB152B1CC435 C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe N/A
File opened for modification C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744CAF070E41400\15.7.20033\IA32.api C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe N/A
File opened for modification C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744CAF070E41400\15.7.20033\CP1258.TXT C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe N/A
File opened for modification C:\Windows\Installer\$PatchCache$\Managed\1D5E3C0FEDA1E123187686FED06E995A\10.0.40219\F_CENTRAL_vcomp100_x86 C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe N/A
File opened for modification C:\Windows\Installer\$PatchCache$\Managed\1D5E3C0FEDA1E123187686FED06E995A\10.0.40219\F_CENTRAL_mfc100fra_x86 C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe N/A

Browser Information Discovery

discovery

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\WiseCare365Pro.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\is-RD624.tmp\WiseCare365Pro.tmp N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Wise\Wise Care 365\BootTime.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Wise\Wise Care 365\WiseTray.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Modifies Control Panel

evasion
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\Control Panel\Mouse C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\Control Panel\Desktop\LowLevelHooksTimeout = "4000" C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\Control Panel\Desktop\WaitToKillAppTimeout = "10000" C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\Control Panel\Desktop\MenuShowDelay = "0" C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\Control Panel\Desktop\ForegroundLockTimeout = "0" C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\Control Panel\Desktop C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\Control Panel\Desktop\WindowMetrics C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\Control Panel\Desktop\WaitToKillServiceTimeout = "5000" C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\Control Panel\Desktop\HungAppTimeout = "3000" C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\Control Panel\Desktop\AutoEndTasks = "1" C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\Control Panel\Mouse\mousehovertime = "100" C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\Control Panel\Desktop\WindowMetrics\MinAnimate = "0" C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\W365.SkinFile\Shell\Open\Command\ = "\"C:\\Program Files (x86)\\Wise\\Wise Care 365\\WiseCare365.exe\" /skn \"%1\"" C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\.thumb C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\.fh\OpenWithProgids C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\.rwz\OpenWithProgids C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.wskn C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\*\shell\WShredFile\Command\ = "C:\\Program Files (x86)\\Wise\\Wise Care 365\\WiseCare365.exe -shred \"%1\"" C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\.appx\OpenWithProgids C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\.mdc C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\.appxbundle C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\.note\shell\open\command C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\.msix\OpenWithProgids C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\mssharepointclient\DefaultIcon C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\.appinstaller C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\application/vnd.adobe.xfd+xml C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\W365.SkinFile\Shell C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\*\shell\WShredFile\ = "Shred file/folder" C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\mssharepointclient\shell\open\command C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\.loop\shell\open\command C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shell\WShredFile\ = "Shred file/folder" C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\.ply C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\W365.SkinFile\Shell\Open\Command C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\.stl C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\.mdc\OpenWithProgids C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\.fh C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\.fbx C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\application/x-mix-transfer C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\W365.SkinFile C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\.xps C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\.whiteboard\shell\open\command C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\W365.SkinFile\DefaultIcon C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\W365.SkinFile\Shell\Open C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\.rwz C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.wskn\ = "W365.SkinFile" C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\.wsb C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\.thumb\OpenWithProgids C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\.m4r\OpenWithProgids C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{7BEFAB15-7B27-4361-80E1-3B61C9E06392} C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{7BEFAB15-7B27-4361-80E1-3B61C9E06392}\WC365 = "{E3B12E19-8ADB-4A8C-83AC-6DBC9BF61568}" C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\*\shell\WShredFile C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shell\WShredFile\ICON = "C:\\Program Files (x86)\\Wise\\Wise Care 365\\fileshredder.ico" C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\.appx C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\.ms-lockscreencomponent-primary\OpenWithProgids C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\.appxbundle\OpenWithProgids C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\.m4r C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\.appinstaller\OpenWithProgids C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\.msixbundle C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\.msix C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\folder\shell\WShredFile\Command C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\.xvid\OpenWithProgids C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\.fluid\shell\open\command C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\*\shell\WShredFile\ICON = "C:\\Program Files (x86)\\Wise\\Wise Care 365\\fileshredder.ico" C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\*\shell\WShredFile\Command C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\.oxps C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\.msixbundle\OpenWithProgids C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\.ms-lockscreencomponent-primary C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\.glb C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\W365.SkinFile\DefaultIcon\ = "\"C:\\Program Files (x86)\\Wise\\Wise Care 365\\Skin.ico\"" C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\folder\shell\WShredFile C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shell\WShredFile\Command\ = "C:\\Program Files (x86)\\Wise\\Wise Care 365\\WiseCare365.exe -shred \"%1\"" C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\.R3D\OpenWithProgids C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\.gltf C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\.xvid C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\.R3D C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-RD624.tmp\WiseCare365Pro.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-RD624.tmp\WiseCare365Pro.tmp N/A
N/A N/A C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe N/A
N/A N/A C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Wise\Wise Care 365\WiseTray.exe N/A
N/A N/A C:\Program Files (x86)\Wise\Wise Care 365\WiseTray.exe N/A
N/A N/A C:\Program Files (x86)\Wise\Wise Care 365\WiseTray.exe N/A
N/A N/A C:\Program Files (x86)\Wise\Wise Care 365\WiseTray.exe N/A
N/A N/A C:\Program Files (x86)\Wise\Wise Care 365\WiseTray.exe N/A
N/A N/A C:\Program Files (x86)\Wise\Wise Care 365\WiseTray.exe N/A
N/A N/A C:\Program Files (x86)\Wise\Wise Care 365\WiseTray.exe N/A
N/A N/A C:\Program Files (x86)\Wise\Wise Care 365\WiseTray.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Wise\Wise Care 365\WiseTray.exe N/A
N/A N/A C:\Program Files (x86)\Wise\Wise Care 365\WiseTray.exe N/A
N/A N/A C:\Program Files (x86)\Wise\Wise Care 365\WiseTray.exe N/A
N/A N/A C:\Program Files (x86)\Wise\Wise Care 365\WiseTray.exe N/A
N/A N/A C:\Program Files (x86)\Wise\Wise Care 365\WiseTray.exe N/A
N/A N/A C:\Program Files (x86)\Wise\Wise Care 365\WiseTray.exe N/A
N/A N/A C:\Program Files (x86)\Wise\Wise Care 365\WiseTray.exe N/A
N/A N/A C:\Program Files (x86)\Wise\Wise Care 365\WiseTray.exe N/A
N/A N/A C:\Program Files (x86)\Wise\Wise Care 365\WiseTray.exe N/A
N/A N/A C:\Program Files (x86)\Wise\Wise Care 365\WiseTray.exe N/A
N/A N/A C:\Program Files (x86)\Wise\Wise Care 365\WiseTray.exe N/A
N/A N/A C:\Program Files (x86)\Wise\Wise Care 365\WiseTray.exe N/A
N/A N/A C:\Program Files (x86)\Wise\Wise Care 365\WiseTray.exe N/A
N/A N/A C:\Program Files (x86)\Wise\Wise Care 365\WiseTray.exe N/A
N/A N/A C:\Program Files (x86)\Wise\Wise Care 365\WiseTray.exe N/A
N/A N/A C:\Program Files (x86)\Wise\Wise Care 365\WiseTray.exe N/A
N/A N/A C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe N/A
N/A N/A C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe N/A
N/A N/A C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe N/A
N/A N/A C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe N/A
N/A N/A C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe N/A
N/A N/A C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe N/A
N/A N/A C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe N/A
N/A N/A C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe N/A
N/A N/A C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe N/A
N/A N/A C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe N/A
N/A N/A C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe N/A
N/A N/A C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe N/A
N/A N/A C:\Program Files (x86)\Wise\Wise Care 365\WiseTray.exe N/A
N/A N/A C:\Program Files (x86)\Wise\Wise Care 365\WiseTray.exe N/A
N/A N/A C:\Program Files (x86)\Wise\Wise Care 365\WiseTray.exe N/A
N/A N/A C:\Program Files (x86)\Wise\Wise Care 365\WiseTray.exe N/A
N/A N/A C:\Program Files (x86)\Wise\Wise Care 365\WiseTray.exe N/A
N/A N/A C:\Program Files (x86)\Wise\Wise Care 365\WiseTray.exe N/A
N/A N/A C:\Program Files (x86)\Wise\Wise Care 365\WiseTray.exe N/A
N/A N/A C:\Program Files (x86)\Wise\Wise Care 365\WiseTray.exe N/A
N/A N/A C:\Program Files (x86)\Wise\Wise Care 365\WiseTray.exe N/A
N/A N/A C:\Program Files (x86)\Wise\Wise Care 365\WiseTray.exe N/A
N/A N/A C:\Program Files (x86)\Wise\Wise Care 365\WiseTray.exe N/A
N/A N/A C:\Program Files (x86)\Wise\Wise Care 365\WiseTray.exe N/A
N/A N/A C:\Program Files (x86)\Wise\Wise Care 365\WiseTray.exe N/A
N/A N/A C:\Program Files (x86)\Wise\Wise Care 365\WiseTray.exe N/A
N/A N/A C:\Program Files (x86)\Wise\Wise Care 365\WiseTray.exe N/A
N/A N/A C:\Program Files (x86)\Wise\Wise Care 365\WiseTray.exe N/A
N/A N/A C:\Program Files (x86)\Wise\Wise Care 365\WiseTray.exe N/A
N/A N/A C:\Program Files (x86)\Wise\Wise Care 365\WiseTray.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe N/A
Token: 33 N/A C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe N/A
Token: SeBackupPrivilege N/A C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe N/A
Token: SeRestorePrivilege N/A C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe N/A
Token: 33 N/A C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe N/A
Token: 33 N/A C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe N/A
Token: 33 N/A C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe N/A
Token: 33 N/A C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe N/A
Token: 33 N/A C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe N/A
Token: 33 N/A C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe N/A
Token: 33 N/A C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-RD624.tmp\WiseCare365Pro.tmp N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Wise\Wise Care 365\WiseTray.exe N/A
N/A N/A C:\Program Files (x86)\Wise\Wise Care 365\WiseTray.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Wise\Wise Care 365\WiseTray.exe N/A
N/A N/A C:\Program Files (x86)\Wise\Wise Care 365\WiseTray.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3492 wrote to memory of 2852 N/A C:\Users\Admin\AppData\Local\Temp\WiseCare365Pro.exe C:\Users\Admin\AppData\Local\Temp\is-RD624.tmp\WiseCare365Pro.tmp
PID 3492 wrote to memory of 2852 N/A C:\Users\Admin\AppData\Local\Temp\WiseCare365Pro.exe C:\Users\Admin\AppData\Local\Temp\is-RD624.tmp\WiseCare365Pro.tmp
PID 3492 wrote to memory of 2852 N/A C:\Users\Admin\AppData\Local\Temp\WiseCare365Pro.exe C:\Users\Admin\AppData\Local\Temp\is-RD624.tmp\WiseCare365Pro.tmp
PID 2852 wrote to memory of 1904 N/A C:\Users\Admin\AppData\Local\Temp\is-RD624.tmp\WiseCare365Pro.tmp C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2852 wrote to memory of 1904 N/A C:\Users\Admin\AppData\Local\Temp\is-RD624.tmp\WiseCare365Pro.tmp C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1904 wrote to memory of 3932 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1904 wrote to memory of 3932 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2852 wrote to memory of 1624 N/A C:\Users\Admin\AppData\Local\Temp\is-RD624.tmp\WiseCare365Pro.tmp C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe
PID 2852 wrote to memory of 1624 N/A C:\Users\Admin\AppData\Local\Temp\is-RD624.tmp\WiseCare365Pro.tmp C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe
PID 2852 wrote to memory of 1624 N/A C:\Users\Admin\AppData\Local\Temp\is-RD624.tmp\WiseCare365Pro.tmp C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe
PID 1904 wrote to memory of 948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1904 wrote to memory of 948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1904 wrote to memory of 948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1904 wrote to memory of 948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1904 wrote to memory of 948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1904 wrote to memory of 948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1904 wrote to memory of 948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1904 wrote to memory of 948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1904 wrote to memory of 948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1904 wrote to memory of 948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1904 wrote to memory of 948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1904 wrote to memory of 948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1904 wrote to memory of 948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1904 wrote to memory of 948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1904 wrote to memory of 948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1904 wrote to memory of 948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1904 wrote to memory of 948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1904 wrote to memory of 948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1904 wrote to memory of 948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1904 wrote to memory of 948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1904 wrote to memory of 948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1904 wrote to memory of 948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1904 wrote to memory of 948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1904 wrote to memory of 948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1904 wrote to memory of 948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1904 wrote to memory of 948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1904 wrote to memory of 948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1904 wrote to memory of 948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1904 wrote to memory of 948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1904 wrote to memory of 948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1904 wrote to memory of 948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1904 wrote to memory of 948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1904 wrote to memory of 948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1904 wrote to memory of 948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1904 wrote to memory of 948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1904 wrote to memory of 948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1904 wrote to memory of 948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1904 wrote to memory of 948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1904 wrote to memory of 948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1904 wrote to memory of 948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1904 wrote to memory of 4524 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1904 wrote to memory of 4524 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1904 wrote to memory of 2856 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1904 wrote to memory of 2856 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1904 wrote to memory of 2856 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1904 wrote to memory of 2856 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1904 wrote to memory of 2856 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1904 wrote to memory of 2856 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1904 wrote to memory of 2856 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1904 wrote to memory of 2856 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1904 wrote to memory of 2856 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1904 wrote to memory of 2856 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1904 wrote to memory of 2856 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1904 wrote to memory of 2856 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Users\Admin\AppData\Local\Temp\WiseCare365Pro.exe

"C:\Users\Admin\AppData\Local\Temp\WiseCare365Pro.exe"

C:\Users\Admin\AppData\Local\Temp\is-RD624.tmp\WiseCare365Pro.tmp

"C:\Users\Admin\AppData\Local\Temp\is-RD624.tmp\WiseCare365Pro.tmp" /SL5="$901FC,16038125,257024,C:\Users\Admin\AppData\Local\Temp\WiseCare365Pro.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.wisecleaner.com/thanks-for-choosing-WiseCare365.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff91e1a46f8,0x7ff91e1a4708,0x7ff91e1a4718

C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe

"C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,17990395400509052912,16150412145447328873,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2156 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2144,17990395400509052912,16150412145447328873,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2144,17990395400509052912,16150412145447328873,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2796 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,17990395400509052912,16150412145447328873,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,17990395400509052912,16150412145447328873,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,17990395400509052912,16150412145447328873,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4980 /prefetch:1

C:\Program Files (x86)\Wise\Wise Care 365\BootTime.exe

"C:\Program Files (x86)\Wise\Wise Care 365\BootTime.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,17990395400509052912,16150412145447328873,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5136 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,17990395400509052912,16150412145447328873,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5084 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,17990395400509052912,16150412145447328873,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5176 /prefetch:1

C:\Program Files (x86)\Wise\Wise Care 365\WiseTray.exe

"C:\Program Files (x86)\Wise\Wise Care 365\WiseTray.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,17990395400509052912,16150412145447328873,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5844 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,17990395400509052912,16150412145447328873,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5844 /prefetch:8

C:\Windows\SYSTEM32\takeown.exe

takeown.exe /F "C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\*" /R /A /D Y

C:\Windows\SYSTEM32\icacls.exe

icacls.exe "C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\*.*" /T /grant administrators:F

C:\Windows\SYSTEM32\takeown.exe

takeown.exe /F "C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\*" /R /A /D Y

C:\Windows\SYSTEM32\icacls.exe

icacls.exe "C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\*.*" /T /grant administrators:F

C:\Windows\SYSTEM32\takeown.exe

takeown.exe /F "C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\*" /R /A /D Y

C:\Windows\SYSTEM32\icacls.exe

icacls.exe "C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\*.*" /T /grant administrators:F

C:\Windows\SYSTEM32\takeown.exe

takeown.exe /F "C:\Windows\ServiceProfiles\NetworkService\Appdata\Local\Microsoft\Windows\DeliveryOptimization\Cache\*" /R /A /D Y

C:\Windows\SYSTEM32\icacls.exe

icacls.exe "C:\Windows\ServiceProfiles\NetworkService\Appdata\Local\Microsoft\Windows\DeliveryOptimization\Cache\*.*" /T /grant administrators:F

C:\Windows\SYSTEM32\takeown.exe

takeown.exe /F "C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\*" /R /A /D Y

C:\Windows\SYSTEM32\icacls.exe

icacls.exe "C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\*.*" /T /grant administrators:F

Network

Country Destination Domain Proto
US 8.8.8.8:53 140.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 88.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 www.wisecleaner.com udp
US 104.26.3.143:443 www.wisecleaner.com tcp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 pdf.wisecleaner.com udp
GB 163.70.147.35:443 www.facebook.com tcp
US 8.8.8.8:53 143.3.26.104.in-addr.arpa udp
US 8.8.8.8:53 cse.google.com udp
US 8.8.8.8:53 platform.twitter.com udp
US 8.8.8.8:53 apis.google.com udp
GB 146.75.72.157:443 platform.twitter.com tcp
GB 142.250.200.46:443 apis.google.com tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.179.228:443 www.google.com tcp
GB 142.250.179.228:443 www.google.com tcp
US 8.8.8.8:53 region1.google-analytics.com udp
GB 142.250.179.228:443 www.google.com tcp
US 8.8.8.8:53 212.20.149.52.in-addr.arpa udp
US 8.8.8.8:53 35.147.70.163.in-addr.arpa udp
US 8.8.8.8:53 8.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 206.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 157.72.75.146.in-addr.arpa udp
US 8.8.8.8:53 46.200.250.142.in-addr.arpa udp
US 216.239.32.36:443 region1.google-analytics.com tcp
US 8.8.8.8:53 www.adsensecustomsearchads.com udp
GB 142.250.200.46:443 apis.google.com udp
US 8.8.8.8:53 ai.wisecleaner.com udp
US 8.8.8.8:53 www.youtube.com udp
GB 142.250.200.14:443 www.youtube.com tcp
US 23.224.25.138:443 ai.wisecleaner.com tcp
US 8.8.8.8:53 clients1.google.com udp
GB 142.250.200.14:443 clients1.google.com tcp
US 8.8.8.8:53 accounts.google.com udp
NL 173.194.69.84:443 accounts.google.com tcp
US 8.8.8.8:53 syndicatedsearch.goog udp
GB 216.58.204.78:443 syndicatedsearch.goog tcp
US 8.8.8.8:53 ssl.gstatic.com udp
US 8.8.8.8:53 syndication.twitter.com udp
GB 142.250.187.227:443 ssl.gstatic.com tcp
GB 142.250.187.227:443 ssl.gstatic.com tcp
GB 142.250.187.227:443 ssl.gstatic.com tcp
GB 142.250.187.227:443 ssl.gstatic.com tcp
GB 142.250.187.227:443 ssl.gstatic.com tcp
GB 142.250.187.227:443 ssl.gstatic.com tcp
US 104.244.42.72:443 syndication.twitter.com tcp
US 8.8.8.8:53 36.32.239.216.in-addr.arpa udp
US 8.8.8.8:53 14.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 138.25.224.23.in-addr.arpa udp
US 8.8.8.8:53 84.69.194.173.in-addr.arpa udp
US 8.8.8.8:53 227.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 78.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 72.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 twitter.com udp
US 8.8.8.8:53 info.wisecleaner.com udp
US 8.8.8.8:53 www.wisecleaner.net udp
US 172.67.68.11:80 info.wisecleaner.com tcp
US 172.67.68.11:443 info.wisecleaner.com tcp
US 8.8.8.8:53 www.wisecleaner.com udp
US 23.224.25.138:80 www.wisecleaner.net tcp
US 104.26.2.143:443 www.wisecleaner.com tcp
US 8.8.8.8:53 11.68.67.172.in-addr.arpa udp
US 8.8.8.8:53 143.2.26.104.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 75.117.19.2.in-addr.arpa udp
US 216.239.32.36:443 region1.google-analytics.com udp
US 8.8.8.8:53 48.229.111.52.in-addr.arpa udp

Files

memory/3492-0-0x0000000000400000-0x0000000000449000-memory.dmp

memory/3492-2-0x0000000000401000-0x0000000000412000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\is-RD624.tmp\WiseCare365Pro.tmp

MD5 79053c2596cd684408eda3be78d06c4d
SHA1 6544603ffc5aae3caf0158ecfccd36c269ca49df
SHA256 dec2efd3ed318a0525ed87fc2ec9d0fa52011e9512e979c78fb2b6ebc92db969
SHA512 795875cec4d15e1bfb8dc9adef163cda12359943bae5ae64df07afed44181ab6a7f976b7516584b635ff240bcffe708fbf2a0d9355e771fe926fd222dc4d230f

memory/2852-6-0x0000000000400000-0x000000000054E000-memory.dmp

memory/3492-8-0x0000000000400000-0x0000000000449000-memory.dmp

memory/2852-10-0x0000000000400000-0x000000000054E000-memory.dmp

memory/2852-12-0x0000000000400000-0x000000000054E000-memory.dmp

C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe

MD5 b79b2294a85d7272089182c7e2bedf4e
SHA1 b26b3ad26cea287f9a257917eb4160cd22417b3d
SHA256 113e6a9c29f6cc4d2a61e8636590a457d3a6a54a3cc0f24efda04299dbf79ee9
SHA512 497a0f9b7096ab8b963bfea6c3b0f2e1a579ad9f2fb0366347083f0755bd7b38ee37898390763d6a2496027bc824d55c03f975b193cf58b0c6bd542c7eef19b9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 443a627d539ca4eab732bad0cbe7332b
SHA1 86b18b906a1acd2a22f4b2c78ac3564c394a9569
SHA256 1e1ad9dce141f5f17ea07c7e9c2a65e707c9943f172b9134b0daf9eef25f0dc9
SHA512 923b86d75a565c91250110162ce13dd3ef3f6bdde1a83f7af235ed302d4a96b8c9ed722e2152781e699dfcb26bb98afc73f5adb298f8fd673f14c9f28b5f764d

C:\Program Files (x86)\Wise\Wise Care 365\sqlite3.dll

MD5 6c4cdeeb711d06134b8dff91bc6539f1
SHA1 e240c89f75213a81db75d410555da4610cc7e386
SHA256 1bce42e18b135c8c69759d137355813728c560fcad02fd6ccc3a60fa42e744fc
SHA512 162132bdcd1531b11011ea15ddc73cb8516b34a6d5fb9f178a8ca670327e87a64bdf94a1d54d180cdc8e4e7627211275b5a49c528660c997b10b2bfb950c1aac

C:\Program Files (x86)\Wise\Wise Care 365\WJSLib.dll

MD5 47a72ff4aa7df3bb5b29ada4b6a5eaed
SHA1 134f00b03c38f9ac2e2549b39b31f62a1c871b9d
SHA256 18b7f367d8ec6bdaa6618744051e5ff25ba317d2731c2706dc7b5dfde296e37f
SHA512 6a5036a9205d6ec1b493cdacad78fbd86e4b7f1319776ea64867c1208daf2c0f103b20c1f0fdc511ab7b999393aa87b66ace8d529e95a95a5958117fc2d18054

memory/2852-326-0x0000000000400000-0x000000000054E000-memory.dmp

memory/3492-327-0x0000000000400000-0x0000000000449000-memory.dmp

C:\Program Files (x86)\Wise\Wise Care 365\Languages\Azerbaijani(Latin).ini

MD5 feacb1fc644f947e69b9286db1f486c3
SHA1 bf5c00be0753b5b94c9c5d93000f5d2d1c1cacd6
SHA256 5982ae68cde547dbde027b9fae189758877709bc42a5f266f580dfe0bbc4c236
SHA512 fdb9cc4a64a018ece27e0c7ae894b42ae1b1fe7c1694ee253eb0520b8c65a5b28fce202278d07899df32b5b2c5298c354051d19a1f8c4e562cab93f52fe94a8a

C:\Program Files (x86)\Wise\Wise Care 365\Languages\Arabic.ini

MD5 d5dfe4f85a192bf151551ab58141831a
SHA1 1de8e24f0e8b7cbc95bc8812272fa298b3067ffd
SHA256 3afe3f78ec6379fcf58067bcfaffcb46687e49bfd35139356523025339179f61
SHA512 f7fd1bcca40aabc27895f2ae165f8cd5a4e9be8f0ddf012de663aad5059f2b05e19b11dc24562594276ee25f0a7ac739382094d4a516beae2ae11c66e56f8f93

C:\Program Files (x86)\Wise\Wise Care 365\Languages\Vietnamese.ini

MD5 9909cb62969f4c239a80275d2004401e
SHA1 6bfe7a104032dc4f634b1fe62df3083e7a29998a
SHA256 439d463293a0538499e262234d8138ea14543aa6c0436c9e4735f67c1fe37a41
SHA512 da514e212a709b005d1ae2f4be431a7e5b329d78373e2eea02f0c2fc2691ba771d58e2a05fb0628fc359e5ea39fc05d1f6673910889c883cd45c2f6145e43fe9

C:\Program Files (x86)\Wise\Wise Care 365\Languages\Ukrainian.ini

MD5 f540fdb67042a5697f6972c487a24d17
SHA1 add7f944e0a1d863218f1c7329f03c2bdd97deba
SHA256 d910929e0336c6c3fa2af83f304e25ca8f0b8a459546318e45f0dae4d5ee14d0
SHA512 8d0825bef80ba3c8fb7e2ea82b15a9bc81b81a690071230c2c00ea8e5a5651def5c5c3f0b244cfd43dcfb8fa3d43e736167ced39c274c392a0ca53cc65a2cf83

C:\Program Files (x86)\Wise\Wise Care 365\Languages\Turkish.ini

MD5 6d637a166009ba4277ab756125378399
SHA1 bb09f3b2f4887ec8838f90a9c158211c7399625f
SHA256 027547c123adae7887c3560433195ba795b27bb118532e8fc0316ea8a6123050
SHA512 e93867c4ceaea4cdec5b843f7add98495cf823794044cf0cca6a263b31e010cb590ae4fe8fc8bd4247643178234e433abbd7d125c17dfa11efe8e9e992a3e804

\??\pipe\LOCAL\crashpad_1904_HLUNEXAXZSJSKNQS

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Program Files (x86)\Wise\Wise Care 365\Languages\Thai.ini

MD5 b59a60bd8cd1ac8c82c5abfd992755a9
SHA1 164dfa21eb511683692ca461bd3c4e3f6e8567bf
SHA256 b919ff7a0e25d812c9d4e87ebfc028cd5beccc4fc8f48ea7ef274c1f17a8472c
SHA512 0b0561c5b973fc3db1f4d85908e4aca64dbe23dc0ef02e5caf588517e84af5e708530c660ffe4305b64fe658c0dba5e9c86bd21af1a4f6968e65aded70ce71ac

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 99afa4934d1e3c56bbce114b356e8a99
SHA1 3f0e7a1a28d9d9c06b6663df5d83a65c84d52581
SHA256 08e098bb97fd91d815469cdfd5568607a3feca61f18b6b5b9c11b531fde206c8
SHA512 76686f30ed68144cf943b80ac10b52c74eee84f197cee3c24ef7845ef44bdb5586b6e530824543deeed59417205ac0e2559808bcb46450504106ac8f4c95b9da

C:\Program Files (x86)\Wise\Wise Care 365\Languages\Swedish(Sweden).ini

MD5 b446bc10b43a98975c2db76d3d0b370a
SHA1 4d4ebf8823ed113a4c9cce16d8fcf0f66bca143d
SHA256 8675c0fa0f04bd0358ee5d64985e7567a93133686166c21bbea39751dd9e8ef6
SHA512 53770afd70ad2ff504df559c783ed1e6d2b8a42c7b8625c52dacb3bc0ea5a55367df1e510af39bcedbb6d776dbc9aa8f11d0fd39179a4a7941a665ce4be92129

C:\Program Files (x86)\Wise\Wise Care 365\Languages\Spanish(Spain).ini

MD5 b8833076e100e2b4265eb21714824a72
SHA1 0811fc527a5c094db94df685f20b471575ada6ed
SHA256 cead0b60892f67299abcb72545affcb45b8d44ed699da8c2dc518759cc4362ce
SHA512 d324ab4e08d9d838000b8e4f0e7b810b983a9cc9528b1617f666f7e59916829dfd82c1a25cd85b469562b389f56b7c98ad36ddd07d993dfc2617bf23a18712e9

C:\Program Files (x86)\Wise\Wise Care 365\Languages\Slovenian.ini

MD5 e3c886bf083fbd36c07b67d512c30ba3
SHA1 5097f0430ba45b461b38112d5831455a0e0b51ee
SHA256 b5dd72550e83675f21716d064c985d5c49f970d6cea7708f84f06be9f8288d58
SHA512 3fa8d0081814e433cd14b28b780c1add5215e98b4fe236c1b7482679effd9ca7d29c329f0f170f1f32361effc99f293dd2ac2019abe1293feda5eed9e5197555

C:\Program Files (x86)\Wise\Wise Care 365\Languages\Slovak.ini

MD5 80156d3417262bd0f68a562ee23e1134
SHA1 b5bc3dd99dc94bc785e35d20dd995b413332185b
SHA256 8d9fd3025076d8f3cb08e5e63b90df4fd9228da1adb21994a86e9bb6bcea3ed2
SHA512 869984ee213f7b93f74ed3708a2a1bfec46b7954ed0bcb652b38b33fbd2411843f768c7f7174976aa109e4acaaf4f60273a90b2f494bbb455b6cf8b21f6830d4

C:\Program Files (x86)\Wise\Wise Care 365\Languages\Serbian(Cyrillic).ini

MD5 93b189a428afd5673180630e28e414f0
SHA1 4ddd7e00d480ffa70bf15c4026c72e340cd15418
SHA256 3381ae9ea468495d9dda9082a220c9b7183e366616311d6bb0e66ac54f48f777
SHA512 f077bc96f0092e424b3bbfe62d4fb36a14f2508e04f20d9bbef2a163fa673cf204f574df08b3ebbc4343556bfc0430b6d0d4b82817c377c2ce7b4e6ad17bd2c2

C:\Program Files (x86)\Wise\Wise Care 365\Languages\Romanian.ini

MD5 30069f094461a69e9bb37cdfc4f4d40b
SHA1 ae95b0de28101d81f37db9d1e6d8cffc71141902
SHA256 a19f51ec8ada2e79cf2fbba6465822ee478300534b2d99f7350aab769b066bfa
SHA512 79e261d39f6340bbafe3d60760ed0ef7659208d65300a51985567e73653c8590493130ea852baec579d8d6d82876c94d33bf55660d210930a8bb35dae4270301

C:\Program Files (x86)\Wise\Wise Care 365\Languages\Portuguese(Portugal).ini

MD5 84eee762f1f5c5a43c7edd13ee6b0712
SHA1 6a837e2a0a50fe949dcc4eb700daea2e46dec74b
SHA256 e9e9bd58cc343d15c840f2ae50d86a7e3ca6c2c69f07755ffa5c3f3e51efe39a
SHA512 6d9e02e6acd463298bd107ce3dd511e590cd6b7cc482bc03aa05bc1f154e262623052edeee880b0fe5c3b4b8cdeaadb20dbeaa052aa25d2a95cb3a60b67b7c81

C:\Program Files (x86)\Wise\Wise Care 365\Languages\Portuguese(Brazil).ini

MD5 10403abf5f76d57cbc42b7cda162ccf3
SHA1 3e649f426ab22767e69f595343edfb3711643325
SHA256 ac58818fe66b6f40bc2267419c6a0ae17d773c69462ef5ae926cb6bc350bf59f
SHA512 c50a30aa7cc203eb18d04923ed9ad4dbf342e4c42cdfb58d4152ff6d3013c20faba95203248d08ae5153885cfba55b8ca3f6548460daee4d35ce4e088d0c5b68

C:\Program Files (x86)\Wise\Wise Care 365\Languages\Polish.ini

MD5 c152777ba323c1778d8ee52b964b437a
SHA1 f1ee3b54a35767526fe53fe7ff95fe65b0011336
SHA256 0eb1b9c20677c401847e4864015e7e5689815022ad7d97fe83d52feafcffe113
SHA512 fd7509913c007150b5a4546c16c473fc1d9e6237e9d593bc8cf332cb4334f6c809d18659d7ac201975f5d26e4da386bbb241205eecbad7393daf7261f2890c56

C:\Program Files (x86)\Wise\Wise Care 365\Languages\Persian.ini

MD5 9bc326e267cd4fe166fe07ffd29ee4da
SHA1 e1747c4264a0ee73718575525aed075a5f890762
SHA256 f2e08fdcffe13c1fb46e2ba510e56a504b8226e24476909afbfe3414a73b7adb
SHA512 f1ba6c5c2855ad36e0828583cd06e4ad51e98ee4fe1ba4fd0d05e1a6a7cb3974cc613c415dc8d517162eb78280b3cb277c42a99bdf11ac36e63ed5e6c1b4db37

C:\Program Files (x86)\Wise\Wise Care 365\Languages\Norwegian(Nynorsk).ini

MD5 dc82d14f05b1bc2db6b88b405583ea66
SHA1 ad5bf79024c14f0f2df5f782a68fcb62e2c34fa9
SHA256 2dc8f11a8f5744aee78c40f7faee8ba0057f4f2b807690a1c8d47ce7dc9a5632
SHA512 fb9a932198e19470c764be7d7cefb3762a1445024c11a79b3ce95a6c8469762d42122fc3ad3cc265a3b6f3b80130a8956a1064519b8e15f7c438df17c51b8b20

C:\Program Files (x86)\Wise\Wise Care 365\Languages\Norwegian(Bokmal).ini

MD5 0074d78295c8f5275c7df3a970124bf0
SHA1 3bb7d058eb8e61038e9c5ca325c76e4fcbce04cd
SHA256 9cb1e00e2387d34104d1f132b756c4b0b80380d37dac7afbf9ba9d85c8295910
SHA512 7d132be4e543a6f384a9476f1ecd574bd5194fcc6220ff58c4bfd86dc8564bab9296ce0cb2a8eef997518e23f048450903aa37e1bd40ee7e66d99148b0e8f217

C:\Program Files (x86)\Wise\Wise Care 365\Languages\Nepali.ini

MD5 f1fddda8f5f8f6fc59692dcd9797a838
SHA1 4861919b97e500900512b99cdda3204b0607d3a6
SHA256 1dcbd5bc18720f3dc4175256ab26bc537402b9e84fedec60581b85c7fe946d81
SHA512 505532bea964485bb23eb2fc93f5355c13cab3e76ea9198e6692a16f1c3db4242a892abbe53961bee9ba0a81b1bba58ed2a5d5d6009de28d8fe4573ee145d290

C:\Program Files (x86)\Wise\Wise Care 365\Languages\Lithuanian.ini

MD5 d4deacaaace10e243f3c689b2c75190e
SHA1 65a8e8d0a81f8916cb269f801ed2966c3be709ee
SHA256 29463e1fe8e16310db1f35bf8aaad23c11c27c92d8b30ab6aba335e792c7efbd
SHA512 aa018a4a8f4d58ee8ffdbb6fb0570e3ff1d7391ac85af6d4f1427f6c50401d6a8f924a8ca2f0e38585b5cfff65899fa821164120ec005edbfb6cac2cd458081c

C:\Program Files (x86)\Wise\Wise Care 365\Languages\Kurdish.ini

MD5 318ce206932c7a37516bf78d00b5bc22
SHA1 8c352f223950a492013ba40f5992b1dd6702d729
SHA256 38e180f9431281f28780727497b7904fdfc1063defebd0c0bdaded337477fd84
SHA512 aefa5ee88d44e6524bcd9c1e2ee2fbb516ade33fef856fb6f1ac6c150d1f960d87bf55848fa5a47ee593e0a5c80003e9a86d3724a38c8e252e1a0294208184bf

C:\Program Files (x86)\Wise\Wise Care 365\Languages\Korean.ini

MD5 571cc5a0978b6e5e9e6d186877afdebe
SHA1 98db711508272e9f8bf67b69e6f388436be0fd82
SHA256 af9614aa5e31a323fb8ead693d66250d6f8f2e4b143cef85b3a3fd889a1bbefc
SHA512 1a9721bc4413ee2efe67b5b53945dc0e2fc322915d4d6c2c2ce88db4243b630a0bc435fc58d9432992995bcf61538f1b07ba6670ae0a394f8fa9433eca2f9a35

C:\Program Files (x86)\Wise\Wise Care 365\Languages\Japanese.ini

MD5 15b3f723fc655591dc20d05795332bfb
SHA1 6b8a2fed7e6417336de1cd5bd74e772780b5c58e
SHA256 92b4cc271b22532bf3bfba239b1b93e420f14370d1318ac2885c9f104bf49278
SHA512 b7c10ff203d6f25446b7028afc959a7aa8c6691493464adbe1f58df2bebc20eff589df2af38dbb0e8c7c61767b291fca415ac3775837192c77ca920ce39c2429

C:\Program Files (x86)\Wise\Wise Care 365\Languages\Italian.ini

MD5 3e30dd40da0fb27ecad0d3744948951c
SHA1 b4e047e60ad1fd82c4e8dcea817a971aebde97d8
SHA256 e3addf0e0926dd3999ad090f66ee641a5a0a24ee9ca957fb0bf54211dff6d37e
SHA512 e0ec0b92159d62fd89b58401c3fe8f5a50f6539b68b90f139399946e4497628fd418d689e94f43238d280dc7d63ba0d55358de1d81649069336f1247c706b132

C:\Program Files (x86)\Wise\Wise Care 365\Languages\Indonesian.ini

MD5 b4c12bbe4de6c3883bbb980236e0b011
SHA1 a1af06beccb560093d0367d105b73f6e107edff3
SHA256 81e06a5f1e7364e5de7c587701cb5a5da7052149e5575e20889f0a58400334d4
SHA512 ea8b5dfb84e7830e026b182cd95570865a4a0ef90dfe2f0f6a93d205155c3766cebd36c8077aa31ae5c1d542d9a3a8fcdb4e8536890c070d7e243958e65044c4

C:\Program Files (x86)\Wise\Wise Care 365\Languages\Hungarian.ini

MD5 bf45345e2cbdc76e2efd15e01cdaa41b
SHA1 acc373d43f303665025127513cd1e609531733e0
SHA256 c82751f18f445ca797f0b6984867bce58fe965a3c94035c383e207825fb951e5
SHA512 8b814cf031acb54d235c64fc788252910441746b63e5047a36e0d8e85b2968ce1efe377024882a511a37bd19c95f73a55a274e6379eacc107faba739497d0ef8

C:\Program Files (x86)\Wise\Wise Care 365\Languages\Hebrew.ini

MD5 056a7e88d49779de4809f26f8867ec9d
SHA1 6e1bd6349599b21d0a16e9b8db6d2abb37af8539
SHA256 4087f0aadf7f189f04572b7702a629188806e54d3f244f917e7ad21fe4cd5d7e
SHA512 a1503ba91f94b2df3b5d7993e8fb47ab73be37fb4ee7dad9580e2a9afa0ef4d76c2309b9c5a7429f72fb2ab08edd5af54b331a4e6ccdf0c07d57a25ee70e5a54

C:\Program Files (x86)\Wise\Wise Care 365\Languages\Greek.ini

MD5 ddf806595b80fb23a81b1be514d273b2
SHA1 6fb3e50569e889cc37d9382bdf4d9a814faf14f6
SHA256 75aa252adf64f17203d7b7f8bc6ff10d22fccad186cf10c191fd50d711f0a5d5
SHA512 dcda4c3d2b06bf7e2676531459f9011d2b13689a8fbb566a2dc93f11b8ea8021ec57c24c239b0f6a685ccffd5c444abbfa86864329d382fabd9a3a7f3890c064

C:\Program Files (x86)\Wise\Wise Care 365\Languages\German.ini

MD5 49573d3a927570f538188e240f9b47d2
SHA1 15d7c386bcba1753cd2f14c84cdff9c37d76426a
SHA256 46a1b842b5db960e19460ce5b1b1f14ce3c6655c118bbd3457241f20358d6348
SHA512 e20ef017a3552be222987579c0c73bc347199567a50292dc10b47fbbe6d717de9687bb9512a6f4be8adde1284c6e4be45a3a46fa70585f204f83199ae9392c5d

C:\Program Files (x86)\Wise\Wise Care 365\Languages\Georgian.ini

MD5 aead043775de8d9264bd0c9d0f760a49
SHA1 633bdad33d805e447059a713b1fc27589b5513c9
SHA256 864e149b47991bb9844d058fb036a4f9fd874a69ca2752816c75f5970e36b3b9
SHA512 3b1a3dfc9ba485f69779637954af5613b51145acf529c10e376965c2285c023b694c0b18c237d017aed38fc508d8b53523e1bb2889dc0b7f53d4f6ee6bba7e77

C:\Program Files (x86)\Wise\Wise Care 365\Languages\French.ini

MD5 22370594c82d334b04fea9f176c7379e
SHA1 fcad67dafae843ac88559ad6199a16411c5fdb47
SHA256 12cb4fd714c5781575d63390d1e67c7e05d324267cabd68cf44b9c1e7ba1a89e
SHA512 1b90a1118b3b09a674af42b761807d89d08183dcaa39b407a508f4dbf5a1b3205a9e899a2a27d2b3ede57bb0f71c8132b609ddd1fc994ab0740c378a6f6e749b

C:\Program Files (x86)\Wise\Wise Care 365\Languages\Finnish.ini

MD5 ac408556c1b48c50810128e085b3d840
SHA1 cf6bd6d032bcf8395753552ee63f094e241a7324
SHA256 834319e3e2d90e5c4c987dc0d7cbeeefe52489bb8c825e652d2d539cdccc29e6
SHA512 073b7e94c5dee1456a79fec727f7d4777ce5de71c6782beeb215255da07a63e07369510205b0285c48e5766c0f35cca06f1c0fececf392b0ff7dcfdc89ea87e1

C:\Program Files (x86)\Wise\Wise Care 365\Languages\English.ini

MD5 ad71b445cbd3401454b730b6c587eda6
SHA1 bf7986d95ece96d51ef5b5439551205f5142c386
SHA256 38aee24211916e63bd0f44cb9bc72747f7be47a2dc2de023590a00293ba9c9d6
SHA512 0aa5606564698ccc3db0b646b1a206007139590551ea885c960638166119182c8432b74f743c5cb2cecb28c99fed201fa1690478a5dc2e581c2dde9ce81d9025

C:\Program Files (x86)\Wise\Wise Care 365\Languages\Dutch(Nederlands).ini

MD5 398c78753d5f63343c3fdd9613fac14c
SHA1 782afebe2d597f8d75ae3c6935bffc08d5a26090
SHA256 2c4e1091e7269f70d11350702976269d4e0483198d508d2c27f5844b84905989
SHA512 7e95d1cfcdab24c584630cb7f9fc598d65f49b7ee545ac90268dfa20355806f6335287d136ef86aebbdfe9d017e88366aab3d6c8ed7a325e83d2c89a9549218a

C:\Program Files (x86)\Wise\Wise Care 365\Languages\Dutch(Belgium).ini

MD5 91aa6f0e76b13cddec7b7e9f30f009cb
SHA1 df2d8925b2e707cbc605fb5a48663758d0038bfa
SHA256 34d910c75ffe79a352dce6ed0140dcf395a8f052dbb433a42838b7850c9e8513
SHA512 dce3324b1541350114db7583e168041e167a46b6134fd0e7d55aec24bdfc2011a0e1f03eb45b0751b8c87047f4448f811a64ceced398eadcbbd7b2268af6da3c

C:\Program Files (x86)\Wise\Wise Care 365\Languages\Danish.ini

MD5 987278e1926115fb34817fd94857a4cc
SHA1 d32caea78d9b14e5dd6e1c9b932e8e68e8a1ac6b
SHA256 58b2a68f2e382eb5a7d36427dbf0cb43bde5cf63745210118d8d7019ce9d6975
SHA512 797cb2c2d478f43d8cde97a9bee87e426f7d9ecc33155e3722a4da3e57cd4bf93a871478343f56725fe09c9e04af1f1be5611a132ff03adb49e48be7bead3a1f

C:\Program Files (x86)\Wise\Wise Care 365\Languages\Czech.ini

MD5 fcaef23e20da0067a90796853f511e40
SHA1 d8bdf749e6a136801a8c1f89df26f1d9a700ac83
SHA256 6fd2a57d180f80f1396772d30a74252ed716deb4e960a1ce03e56fcc8234989a
SHA512 6240dc01fd7f0584dd544f3bd6732fce6f5da700628dd519a376dbfd646a8f12433df84811ee78c1c4d67185e2cb8b0ce983cab8858a0ba5e5e612ea160bf507

C:\Program Files (x86)\Wise\Wise Care 365\Languages\Croatian.ini

MD5 4cbad66305ad232f96b5725350ff4d55
SHA1 42f3a680ae26c003d53e99fa591ec3a5a87ae20d
SHA256 f099655cdab65a2bd39ce2efb296c05e484b53ca9146dbdd99d0a7db4593f8d8
SHA512 04c6e9ef19d2dcb4cf87facfa99c914625b23f021aff07c6686e378ab8e9bc4ebabdf99de9c66d608ff283ee42688b04bcea4d693c5fcf18b67339661803b7cb

C:\Program Files (x86)\Wise\Wise Care 365\Languages\Chinese(Traditional).ini

MD5 2198b8ac57365399d62099a242f25cfd
SHA1 7388c1ab34b502150c8baf58deda158fce19fd02
SHA256 83e27de8da96fda72aff40c01541e5379f0717bc287e8cad2d3fa92ebffb0eec
SHA512 0e02db62b66d437a640f91cc5730a8dbb92064f7934d4937a9ef245f53773260cf171b40d30a745ed68d59334a24b29135349284ea391c2d7dfee6369999c318

C:\Program Files (x86)\Wise\Wise Care 365\Languages\Chinese(Simplified).ini

MD5 39d660140dcbb597f6269978cfe3ba85
SHA1 97c024c5d064106ccde511846572b8cd435c653c
SHA256 5802429c9ccea75b74f919997f38e2669d0ac917794dff7229f6d568e9ef0ecb
SHA512 ad51520baf69a90827b82fd13bdfbb194381caebd3f00ff7ff10933d8275ca8a15ca5df7b13e2a20459c66234bd8698524b1702b7b05a0dda52f1940291b4890

C:\Program Files (x86)\Wise\Wise Care 365\Languages\Catalan.ini

MD5 6b5456078e9c427e5bdf4d134bef4064
SHA1 2d11ecec4cfc9462018222bdbbaedede10267567
SHA256 1f4bdce8d7d124caae785f35fe9d9f8941e7d0bf8d4100ab1fca0139a8b38b1b
SHA512 6b1da28a13314909e7b21b580c6724b0526d9d13029409df8e5c52c9bf65912ef9bad6d78aee96ef3d054858cc1a8940ad6848a324a9bf32acf55882f1647af5

C:\Program Files (x86)\Wise\Wise Care 365\Languages\Bulgarian.ini

MD5 e4dc1b86b3661fea7258d100b8ade7ce
SHA1 e14c695c7898b9dfc3af1d8652f1b2b9ecbe7745
SHA256 46e76156b175d81666eb7f2e62c018dc11c9992fc3e956aeef3bea2f11cabdae
SHA512 5d51a47e8f3ba0f8369798ff217477d495cf4334a796128c9ac8bf068181fadfd550d2d34340d40488ddc53b1b4ee8336a6819905f51c17f22799d0a52c37e00

C:\Program Files (x86)\Wise\Wise Care 365\Languages\Belarusian.ini

MD5 2bb8c96c5947bf56961a77301bf8abd7
SHA1 b279b072a9f90d7ddcaa9b9d100be0df8406d703
SHA256 f6b767f35b3bb389950a993737fdcae26e722373f0f8c20d0300b8cd267a324f
SHA512 26c488f53dda7d03da8bd6ddb085c5a0247ab0879d139a467e568cfe3093e7aaaf9e3953028aa067c45b13022625b8f36888428b9b151c17cde3d72559ade355

C:\Program Files (x86)\Wise\Wise Care 365\Languages\Russian.ini

MD5 4d1dac632b021c60096e9861c150287e
SHA1 d56a98798c11350b90bbc96e73a244031dd8d8fa
SHA256 14c5b587122c9ef2a21e8c6b002dc1f12395daa8b91af13085dabd1373df1323
SHA512 f36673c6f57427900c68ef37d36b3d446ffc1738e3da2b2a47611a68cbc1a5f2e1e0b8d449c767433d2ec632ddde3e710d92e90c7e7ec27f66fdd5f65aadd987

C:\Program Files (x86)\Wise\Wise Care 365\Languages\Abkhazian.ini

MD5 96016297354c26e4c37bc8cb353d43e0
SHA1 37f84ab3cfdcf0c8e52b1b5c215cfbc55412d007
SHA256 96269630bb90765c4b7f350a0195f389849eff8159f6b990ad71e2b11e9c3fac
SHA512 ff391cb285e01fdc4e9adc1dde6a643304bca06326c48c0b6f2eeb817a1be8a5012707fbbc4b3d54fad3250c6b46a6bea75406547c5ecda13ab3b72376ffe2fd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 c2d840dff87548ca16c34ce0a5a518d4
SHA1 f2562c2a05bb6bf6f27990027a996ee6af5bab6c
SHA256 dffa22867c0ad1bca01bcee2545bc25da58da5b9f33b05ee56aa6067729874ec
SHA512 abf0fdb66cc4edfeb7eb77e9b1e3c61816dd46718d2d88ed742a5c8f05fcc0d12fb72cf104878670259ca98e7e412ff4bc5d4346028884c483cec5e1260b93b8

C:\Program Files (x86)\Wise\Wise Care 365\Tools\img\AutoShutdown.svg

MD5 2b3100bbbccf5dd9fbd6e51848765db8
SHA1 77655ec4f57c7f960849242ee3ca47f4792b156a
SHA256 6cc9ae74eebf468be9689ec0b3c0d68384b4cab3242ffcc0892fd4aa3a55578a
SHA512 aef6bfa3320307e58159478c13696a7fe614b147679a315592a1af04be2d74fa83c464da23e246b3760a32506514b9d64e3f97cbe033818509ab3815089823af

C:\Program Files (x86)\Wise\Wise Care 365\Tools\img\ForceDeleter.svg

MD5 61db297b0f6565b4a555824ea5be93bf
SHA1 e17bbd1db8b1cedc611250ddd6b31496e17a0ad2
SHA256 4750e9b9b8962a4035e6e492a0c6dcfd7bf5a0cf717cd1a720318e44130a63cb
SHA512 798c7ca4ea4a9b23235f1f4772649fe2f71a9551eece67550b6bd559fdc8c73f2ca51c18453730cbd0ed46cc877926cab72fa17ee1e8332f40e9cf0f541367f0

C:\Program Files (x86)\Wise\Wise Care 365\Tools\img\FolderHider.svg

MD5 0f9e7177f0cb1ec8a45208be94aede13
SHA1 453b1c0208e3cf4f5f64fc8d66320f3dee879848
SHA256 cbaffc932a05d28f6032c31d3cf5817d23e3fc5492fec0f6cb0db1458c0c0662
SHA512 ec0738341b18d0d042a07319a6790ad6604983e09ccd2972967d016f3392f744345657cc2988ce3a81682cb3aa748e5db76917e42e2a3ae1c92f1385394c4f15

C:\Program Files (x86)\Wise\Wise Care 365\Tools\img\DuplicateFinder.svg

MD5 170a4b795cef3e2b5e6184e6fca4a698
SHA1 e84fb034745e424cd4783ee603829f4c6ac4703e
SHA256 a3dbdbb4e21a9a54b256dd8c7f1f17459463de6a63754e8726fea13cd39374cd
SHA512 5f0920a0fba30daf377a8f03678f2a4e1d35dd4d583dc469bbb50a95d55dbb90923e6314855b2df1a01695fbd6704c8671a2f567a314e80e9dd94cd47165f753

C:\Program Files (x86)\Wise\Wise Care 365\Tools\img\DateRecovery.svg

MD5 d96c9920a33db25880c12cafa8dd83ca
SHA1 05c22e14a9f9024e6b89723fdb92a180f3355b2e
SHA256 e302398c76130026f3fa76131672b9479d88f2a119075d2c723a928ea4bd90c0
SHA512 d8dccdda1c20a11864374678530a77d2efbf3e96bfb1ab13bd53c8946b0b2a52344727d07aafe566f9db080524d9fef940cd3ca98c1a38ec336bfc5a37d3b003

C:\Program Files (x86)\Wise\Wise Care 365\Tools\img\Imagex.svg

MD5 3b9d90f6649ea313a3ccc153c2de813b
SHA1 323e7b27efb459456ff916fc6fffd6a565235c32
SHA256 2cda4a9dc739e143588b0af65ad6a22a25ee88a8276d0b8c53932cf0939e0030
SHA512 91026f994b1917d31b0a984bd139f4783a286709a946823aa9fec1a0f6f6eb287c2df59baeb3b7a06781498c504d383e8f9d887c2f551b89a7b70a97cf24531d

C:\Program Files (x86)\Wise\Wise Care 365\tools\toolsv6.ini

MD5 6fa64079bf4b052e043021190150400f
SHA1 fbabfce6b5db3a91c252bddf5793fe749f5eca4c
SHA256 5008b42ff935c3378956c6024f3ea201c625bdf572aeb7399e1e368bc515e4d9
SHA512 3b80e89fdac00467f4166d52bf9d84d47553cddf973ee54ff2e78ca47fc91038a2b05cc41922e216d06d72826e3196f14196c483b189ef7403ae29a2a0094a7b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e

MD5 2f24e0f5d2c2997a89fb4a8d943c141f
SHA1 99515bde1a5bf72105116ac902ccf3db1dd3df29
SHA256 60c9ecaf27ba56d7c35aa78c329aa7dfa586e6c71ed3cdd0019ba7e767b18aaf
SHA512 0f4c5508dfdcf0ef63141df8d29c76e219d2ec433d59d37d7f17e110b455f24235fd0bc4f539ad5adc368285536d73f57dc4e21e3201dfd5753e76789208989d

C:\Users\Admin\AppData\Roaming\Wise Care 365\toolsv6.ini

MD5 054c570b61444144ad548196f17861be
SHA1 2a4c2103677615f3f5ed24befe0f9c84e1176656
SHA256 8c7c05f4106156208f836a1e5956cc52edd16d2e609f789a78ed6a24ea5774c3
SHA512 af52cba1b4a601ba78451eb1278328b0de55152f4557494648e48c829ec7b190935876da5f0d1de2fa3e62495401eba96fe844e76eff65d8808fc74d84909842

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 da80d58f55bc59f3f13cc8e7c0d32089
SHA1 6e62a874e458ede06894e523e964ead69e313def
SHA256 cf670217c6365ad14d7b2a8eb80c6e9698846ff4e2965a2ec6c992e99178d2a5
SHA512 859ce75666fa76feec5eb36298427154c7756a504388e91bc8ac27b7d90b5c73eac0ad615c585d073fb15370674e8eb38571fbb7e69452bfb52c54ebac00bc0b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 f09b330314268dcc5ba3fecf403ad5c3
SHA1 e7f392c10d42ee5ca433877e36fa7ccf266476d1
SHA256 b53673f7063e773e979932d60180d435952653bb993db86e1219c524ac94e469
SHA512 009755d0117776a407dee0652556e33647cce3e90639e8b179c7097a7d07c40f7367973c31d9beb17122199b181ac085f06632c916f49424b8302e4c93325e79

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 1b22b60e3adce40bc2765b9a09eb0fdf
SHA1 0b30f8d2666617c00cd151140640a466c2162687
SHA256 5e1f5638caf89cf24e85060d51dd593291ebf5ba5dc39baba6144c10120f4898
SHA512 0a87b18662095a8e5405c5a1807a9a71fb9a1c8855f407d031a3fd7e39b1fd747f01dd8d8824478e1c1d142a519f80e3df86c4e344703501f360db4d3717f8d3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 9eaa26a555b29634e3f6517805deaa82
SHA1 e3ba1e191c929e7e4158bf5c5e1cd7d10b2d43c1
SHA256 aaa7d6dae1f8188a64369a7ce2be1255c7c94e7d02d77e21dd6089c9c3c696b5
SHA512 c42cd6cc387e1175213eee4da60ad92b7e089073853bd764ac79b8c623670731f7e3109618813a26b201ca67b5366e7d0dd17eb6cd6e6e2b43e298595b57f979

memory/1624-723-0x0000000000400000-0x00000000013F6000-memory.dmp

C:\Users\Admin\AppData\Roaming\Wise Care 365\CheckupExclude.lst

MD5 48b520aa27908468d82a940f5b157e0a
SHA1 1e4ff4c71885ad086f138dbb3c558d854eeef03d
SHA256 8c89156201204b23a6c36731b6c566d014c66f6631accee9b3a78b6951bb5bd1
SHA512 e2a36deced2278a9fd0fc5f2282273888238f0db0276099a3d70500826b0b3a0d609320a582c7313b561f933f6b631612af2dfca321d30bb9030806027951f86

memory/816-748-0x0000000000400000-0x00000000004A9000-memory.dmp

memory/1764-749-0x0000000000400000-0x0000000000C14000-memory.dmp

memory/1624-750-0x0000000000400000-0x00000000013F6000-memory.dmp

memory/1764-754-0x0000000000400000-0x0000000000C14000-memory.dmp

memory/1624-755-0x0000000000400000-0x00000000013F6000-memory.dmp

memory/1764-757-0x0000000000400000-0x0000000000C14000-memory.dmp

memory/1624-758-0x0000000000400000-0x00000000013F6000-memory.dmp

memory/1764-760-0x0000000000400000-0x0000000000C14000-memory.dmp

memory/1764-763-0x0000000000400000-0x0000000000C14000-memory.dmp

memory/1624-765-0x0000000000400000-0x00000000013F6000-memory.dmp

memory/1764-767-0x0000000000400000-0x0000000000C14000-memory.dmp

memory/1624-768-0x0000000000400000-0x00000000013F6000-memory.dmp

memory/1764-770-0x0000000000400000-0x0000000000C14000-memory.dmp

memory/1624-771-0x0000000000400000-0x00000000013F6000-memory.dmp

memory/1624-801-0x0000000000400000-0x00000000013F6000-memory.dmp

memory/1764-803-0x0000000000400000-0x0000000000C14000-memory.dmp

memory/1764-805-0x0000000000400000-0x0000000000C14000-memory.dmp

memory/1764-807-0x0000000000400000-0x0000000000C14000-memory.dmp

memory/1764-809-0x0000000000400000-0x0000000000C14000-memory.dmp

memory/1764-811-0x0000000000400000-0x0000000000C14000-memory.dmp

memory/1764-813-0x0000000000400000-0x0000000000C14000-memory.dmp

memory/1764-815-0x0000000000400000-0x0000000000C14000-memory.dmp

memory/1764-817-0x0000000000400000-0x0000000000C14000-memory.dmp

memory/1764-819-0x0000000000400000-0x0000000000C14000-memory.dmp

memory/1764-821-0x0000000000400000-0x0000000000C14000-memory.dmp

memory/1764-823-0x0000000000400000-0x0000000000C14000-memory.dmp

memory/1764-825-0x0000000000400000-0x0000000000C14000-memory.dmp

memory/1764-827-0x0000000000400000-0x0000000000C14000-memory.dmp

memory/1764-829-0x0000000000400000-0x0000000000C14000-memory.dmp

memory/1764-831-0x0000000000400000-0x0000000000C14000-memory.dmp

memory/1764-833-0x0000000000400000-0x0000000000C14000-memory.dmp