Technical Information
- [<HKLM>\System\CurrentControlSet\Services\pwdspio] 'ImagePath' = '<SYSTEM32>\pwdspio.sys'
- [<HKLM>\System\CurrentControlSet\Services\pwdrvio] 'Start' = '00000000'
- [<HKLM>\System\CurrentControlSet\Services\pwdrvio] 'ImagePath' = 'system32\pwdrvio.sys'
- 'pwdspio' <SYSTEM32>\pwdspio.sys
- 'pwdrvio' <SYSTEM32>\pwdrvio.sys
- %TEMP%\7zipsfx.000\appx\app\partitionwizard\petools\amd64\boot\bcd
- %TEMP%\7zipsfx.000\appx\app\partitionwizard\msvcp120.dll
- %TEMP%\7zipsfx.000\appx\app\partitionwizard\msvcr120.dll
- %TEMP%\7zipsfx.000\appx\app\partitionwizard\partitionwizard.dll
- %TEMP%\7zipsfx.000\appx\app\partitionwizard\powerdatarecoverycore.dll
- %TEMP%\7zipsfx.000\appx\app\partitionwizard\powerdatarecoveryui.dll
- %TEMP%\7zipsfx.000\appx\app\partitionwizard\imageformats\qdds.dll
- %TEMP%\7zipsfx.000\appx\app\partitionwizard\imageformats\qgif.dll
- %TEMP%\7zipsfx.000\appx\app\partitionwizard\imageformats\qicns.dll
- %TEMP%\7zipsfx.000\appx\app\partitionwizard\imageformats\qico.dll
- %TEMP%\7zipsfx.000\appx\app\partitionwizard\imageformats\qjpeg.dll
- %TEMP%\7zipsfx.000\appx\app\partitionwizard\imageformats\qsvg.dll
- %TEMP%\7zipsfx.000\appx\app\partitionwizard\iconengines\qsvgicon.dll
- %TEMP%\7zipsfx.000\appx\app\partitionwizard\qt5charts.dll
- %TEMP%\7zipsfx.000\appx\app\partitionwizard\qt5core.dll
- %TEMP%\7zipsfx.000\appx\app\partitionwizard\qt5gui.dll
- %TEMP%\7zipsfx.000\appx\app\partitionwizard\log4cpp.dll
- %TEMP%\7zipsfx.000\appx\minitool partition wizard.exe
- %TEMP%\7zipsfx.000\appx\app\partitionwizard\libeay32.dll
- %TEMP%\7zipsfx.000\appx\app\partitionwizard\ikernel.dll
- %TEMP%\7zipsfx.000\appx\app\partitionwizard\mtpeloader.exe
- %TEMP%\7zipsfx.000\appx\app\partitionwizard\oscdimg.exe
- %TEMP%\7zipsfx.000\appx\app\partitionwizard\partitionwizard.exe
- %TEMP%\7zipsfx.000\appx\app\partitionwizard\x64\pwnative.exe
- %TEMP%\7zipsfx.000\appx\admin\saa.exe
- %TEMP%\7zipsfx.000\appx\admin\sleep.exe
- %TEMP%\7zipsfx.000\start.exe
- %TEMP%\7zipsfx.000\appx\app\partitionwizard\x86\wimserv.exe
- %TEMP%\7zipsfx.000\appx\app\partitionwizard\x64\wimserv.exe
- %TEMP%\7zipsfx.000\appx\app\partitionwizard\7-zip.dll
- %TEMP%\7zipsfx.000\appx\app\partitionwizard\7z.dll
- %TEMP%\7zipsfx.000\appx\app\partitionwizard\dbghelp.dll
- %TEMP%\7zipsfx.000\appx\app\partitionwizard\efs.dll
- %TEMP%\7zipsfx.000\appx\app\partitionwizard\fvformatsupport.dll
- %TEMP%\7zipsfx.000\appx\app\partitionwizard\idriver.dll
- %TEMP%\7zipsfx.000\appx\app\partitionwizard\libcurl.dll
- %TEMP%\7zipsfx.000\appx\app\partitionwizard\mtmediabuilder.exe
- %TEMP%\7zipsfx.000\appx\app\partitionwizard\qt5network.dll
- %TEMP%\7zipsfx.000\appx\app\partitionwizard\imageformats\qwbmp.dll
- %TEMP%\c754.tmp\pw1.vbs
- %APPDATA%\microsoft\speech\files\userlexicons\sp_0d21429c1dba4ccb8dad6c48029b109b.dat
- %TEMP%\p2.dkc
- %TEMP%\nshec04.tmp
- %TEMP%\nsmec24.tmp\system.dll
- %TEMP%\nsmec24.tmp\uac.dll
- %TEMP%\7zipsfx.000\appx\app\partitionwizard\x86\wimmount.inf
- %TEMP%\nsmec24.tmp\launcher.ini
- %TEMP%\7zipsfx.000\appx\data\portableapps.comlauncherruntimedata-minitool partition wizard.ini
- %TEMP%\nsmec24.tmp\runtimedata.ini
- <SYSTEM32>\pwdspio.sys
- <SYSTEM32>\pwdrvio.sys
- %WINDIR%\temp\udd68e0.tmp
- %WINDIR%\temp\udd6900.tmp
- %TEMP%\c754.tmp\w1.wav
- %TEMP%\c754.tmp\w2.wav
- %TEMP%\7zipsfx.000\appx\app\partitionwizard\imageformats\qtga.dll
- %TEMP%\7zipsfx.000\appx\app\partitionwizard\qt5widgets.dll
- %TEMP%\bff4.tmp\aslxa.bat
- %TEMP%\7zipsfx.000\appx\app\partitionwizard\imageformats\qwebp.dll
- %TEMP%\7zipsfx.000\appx\app\partitionwizard\platforms\qwindows.dll
- %TEMP%\7zipsfx.000\appx\app\partitionwizard\rawobject.dll
- %TEMP%\7zipsfx.000\appx\app\partitionwizard\ssleay32.dll
- %TEMP%\7zipsfx.000\appx\app\partitionwizard\wimgapi.dll
- %TEMP%\7zipsfx.000\appx\app\partitionwizard\pedrivers\x86\f6flpy-x86\iastora.sys
- %TEMP%\7zipsfx.000\appx\app\partitionwizard\pedrivers\x64\f6flpy-x64\iastora.sys
- %TEMP%\7zipsfx.000\appx\app\partitionwizard\pedrivers\x86\f6flpy-x86\iastorf.sys
- %TEMP%\7zipsfx.000\appx\app\partitionwizard\pedrivers\x64\f6flpy-x64\iastorf.sys
- %TEMP%\7zipsfx.000\appx\app\partitionwizard\x64\pwdrvio.sys
- %TEMP%\7zipsfx.000\appx\app\partitionwizard\x64\pwdspio.sys
- %TEMP%\7zipsfx.000\appx\app\partitionwizard\x64\wimmount.sys
- %TEMP%\7zipsfx.000\appx\app\partitionwizard\x86\wimmount.sys
- %TEMP%\c754.tmp\saaud.bat
- %TEMP%\7zipsfx.000\appx\app\partitionwizard\imageformats\qtiff.dll
- %TEMP%\c754.tmp\pw2.vbs
- %TEMP%\7zipsfx.000\appx\app\partitionwizard\experience.exe
- %TEMP%\7zipsfx.000\appx\app\partitionwizard\dism.exe
- %TEMP%\7zipsfx.000\appx\app\partitionwizard\diskspd\diskspd64.exe
- %TEMP%\7zipsfx.000\appx\app\partitionwizard\builder_config.ini
- %TEMP%\7zipsfx.000\appx\app\partitionwizard\ceip.ini
- %TEMP%\7zipsfx.000\appx\app\partitionwizard\pedrivers\x64\drivers_config.ini
- %TEMP%\7zipsfx.000\appx\app\partitionwizard\lang.ini
- %TEMP%\7zipsfx.000\appx\app\appinfo\launcher\minitool partition wizard.ini
- %TEMP%\7zipsfx.000\appx\data\settings\minitool partition wizardsettings.ini
- %TEMP%\7zipsfx.000\appx\app\partitionwizard\winpeshl.ini
- %TEMP%\7zipsfx.000\appx\app\partitionwizard\petools\amd64\boot\etfsboot.com
- %TEMP%\7zipsfx.000\appx\app\partitionwizard\petools\x86\boot\etfsboot.com
- %TEMP%\7zipsfx.000\appx\app\partitionwizard\pedrivers\x86\f6flpy-x86\iaahcic.cat
- %TEMP%\7zipsfx.000\appx\app\partitionwizard\pedrivers\x64\f6flpy-x64\iaahcic.cat
- %TEMP%\7zipsfx.000\appx\app\partitionwizard\pedrivers\x86\f6flpy-x86\iastorac.cat
- %TEMP%\7zipsfx.000\appx\app\partitionwizard\pedrivers\x64\f6flpy-x64\iastorac.cat
- %TEMP%\7zipsfx.000\appx\app\partitionwizard\pas.cnf
- %TEMP%\7zipsfx.000\appx\app\partitionwizard\log.txt
- %TEMP%\7zipsfx.000\appx\app\partitionwizard\qt.conf
- %TEMP%\7zipsfx.000\appx\app\partitionwizard\diskspd\license.txt
- %TEMP%\7zipsfx.000\appx\app\partitionwizard\mtpeloader.exe.manifest
- %TEMP%\7zipsfx.000\appx\app\partitionwizard\petools\amd64\efi\microsoft\boot\bcd
- %TEMP%\7zipsfx.000\appx\app\partitionwizard\petools\x86\boot\bcd
- %TEMP%\7zipsfx.000\appx\app\partitionwizard\petools\x86\efi\microsoft\boot\bcd
- %TEMP%\7zipsfx.000\appx\app\partitionwizard\petools\amd64\bootmgr
- %TEMP%\7zipsfx.000\appx\app\partitionwizard\petools\x86\bootmgr
- %TEMP%\7zipsfx.000\appx\app\partitionwizard\pxeboot\pxebcd
- %TEMP%\7zipsfx.000\appx\app\appinfo\launcher\splash.jpg
- %TEMP%\7zipsfx.000\appx\app\partitionwizard\winpe.jpg
- %TEMP%\7zipsfx.000\appx\app\partitionwizard\winpe.bmp
- %TEMP%\7zipsfx.000\appx\app\appinfo\appicon.ico
- %TEMP%\7zipsfx.000\appx\app\partitionwizard\petools\amd64\boot\bootfix.bin
- %TEMP%\7zipsfx.000\appx\app\partitionwizard\petools\x86\boot\bootfix.bin
- %TEMP%\7zipsfx.000\appx\app\partitionwizard\petools\amd64\boot\efisys.bin
- %TEMP%\7zipsfx.000\appx\app\partitionwizard\petools\x86\boot\efisys.bin
- %TEMP%\7zipsfx.000\appx\app\partitionwizard\mtmediabuilder.exe.manifest
- %TEMP%\7zipsfx.000\appx\app\partitionwizard\error.html
- %TEMP%\7zipsfx.000\appx\admin\appx.dkc
- %TEMP%\7zipsfx.000\appx\app\appinfo\appinfo.ini
- %TEMP%\7zipsfx.000\appx\app\partitionwizard\petools\x86\efi\boot\bootia32.efi
- %TEMP%\7zipsfx.000\appx\app\partitionwizard\en-us\x64\iscsilog.dll.mui
- %TEMP%\7zipsfx.000\appx\app\appinfo\launcher\custom.nsh
- %TEMP%\7zipsfx.000\appx\app\partitionwizard\mtmediabuilder_de.qm
- %TEMP%\7zipsfx.000\appx\app\partitionwizard\mtpeloader_de.qm
- %TEMP%\7zipsfx.000\appx\app\partitionwizard\pw_de.qm
- %TEMP%\7zipsfx.000\appx\app\partitionwizard\pw_pdr_de.qm
- %TEMP%\7zipsfx.000\appx\app\partitionwizard\pw_pdr_en.qm
- %TEMP%\7zipsfx.000\appx\app\partitionwizard\qtbase_de.qm
- %TEMP%\7zipsfx.000\appx\app\partitionwizard\qt_de.qm
- %TEMP%\7zipsfx.000\appx\app\partitionwizard\petools\x86\boot\boot.sdi
- %TEMP%\7zipsfx.000\appx\app\partitionwizard\pxeboot\boot.sdi
- %TEMP%\7zipsfx.000\appx\app\partitionwizard\7z.exe
- %TEMP%\7zipsfx.000\appx\app\partitionwizard\bootsect.exe
- %TEMP%\7zipsfx.000\appx\app\partitionwizard\diskspd\diskspd32.exe
- %TEMP%\7zipsfx.000\appx\app\partitionwizard\en-us\win8_x86\iscsilog.dll.mui
- %TEMP%\7zipsfx.000\appx\app\partitionwizard\en-us\x86\iscsicpl.exe.mui
- %TEMP%\7zipsfx.000\appx\app\partitionwizard\en-us\x86\iscsilog.dll.mui
- %TEMP%\7zipsfx.000\appx\app\partitionwizard\en-us\win8_x64\iscsilog.dll.mui
- %TEMP%\7zipsfx.000\appx\app\partitionwizard\en-us\x64\iscsicpl.exe.mui
- %TEMP%\7zipsfx.000\appx\app\partitionwizard\petools\x86\bootmgr.efi
- %TEMP%\7zipsfx.000\appx\app\partitionwizard\petools\amd64\efi\boot\bootx64.efi
- %TEMP%\7zipsfx.000\appx\app\partitionwizard\petools\x86\efi\microsoft\boot\memtest.efi
- %TEMP%\7zipsfx.000\appx\app\partitionwizard\pedrivers\x64\f6flpy-x64\iaahcic.inf
- %TEMP%\7zipsfx.000\appx\app\partitionwizard\pedrivers\x86\f6flpy-x86\iaahcic.inf
- %TEMP%\7zipsfx.000\appx\app\partitionwizard\pedrivers\x64\f6flpy-x64\iastorac.inf
- %TEMP%\7zipsfx.000\appx\app\partitionwizard\pedrivers\x86\f6flpy-x86\iastorac.inf
- <SYSTEM32>\pwnative.exe
- %TEMP%\nsmec24.tmp\newadvsplash.dll
- %TEMP%\7zipsfx.000\appx\app\partitionwizard\x64\wimmount.inf
- %TEMP%\7zipsfx.000\appx\app\partitionwizard\en-us\win8_x64\iscsicpl.dll.mui
- %TEMP%\7zipsfx.000\appx\app\partitionwizard\en-us\win8_x86\iscsicpl.dll.mui
- %TEMP%\7zipsfx.000\appx\app\partitionwizard\en-us\x64\iscsicpl.dll.mui
- %TEMP%\7zipsfx.000\appx\app\partitionwizard\en-us\x86\iscsicpl.dll.mui
- %TEMP%\7zipsfx.000\appx\app\partitionwizard\en-us\win8_x64\iscsicpl.exe.mui
- %TEMP%\7zipsfx.000\appx\app\partitionwizard\en-us\win8_x86\iscsicpl.exe.mui
- %TEMP%\7zipsfx.000\appx\app\partitionwizard\petools\amd64\bootmgr.efi
- %TEMP%\7zipsfx.000\appx\app\partitionwizard\partitionwizard.exe.mfh
- C:\pw12-debug.dmp
- %TEMP%\c754.tmp\pw2.vbs
- %TEMP%\c754.tmp\w1.wav
- %TEMP%\c754.tmp\w2.wav
- %TEMP%\c754.tmp\pw1.vbs
- %TEMP%\c754.tmp\saaud.bat
- %WINDIR%\temp\udd68e0.tmp
- %WINDIR%\temp\udd6900.tmp
- from %TEMP%\7zipsfx.000\appx\admin\appx.dkc to %TEMP%\7zipsfx.000\appx\admin\appx.bat
- '%TEMP%\7zipsfx.000\start.exe'
- '%TEMP%\7zipsfx.000\appx\admin\saa.exe'
- '%WINDIR%\syswow64\wscript.exe' "%TEMP%\C754.tmp\pw1.vbs"
- '%TEMP%\7zipsfx.000\appx\minitool partition wizard.exe'
- '%TEMP%\7zipsfx.000\appx\app\partitionwizard\partitionwizard.exe'
- '%WINDIR%\syswow64\cmd.exe' /c ""%TEMP%\BFF4.tmp\aslxa.bat" "' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c ""%TEMP%\C754.tmp\saaud.bat" "' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c ""%TEMP%\BFF4.tmp\aslxa.bat" "
- '%WINDIR%\syswow64\cmd.exe' /c ""%TEMP%\C754.tmp\saaud.bat" "
- '%WINDIR%\syswow64\cmd.exe' /K appx.bat
- '%WINDIR%\syswow64\reg.exe' export "HKCU\SOFTWARE\MiniTool Software Limited" save.reg
- '<SYSTEM32>\vds.exe'