cb6a28f6848acc465fb118c2379cccf86f4605eb8d51f418d2c9e691a2679bd2

Analysis

max time kernel
122s
max time network
124s
platform
windows10-2004_x64
resource
win10v2004-20221111-es
resource tags

arch:x64arch:x86image:win10v2004-20221111-eslocale:es-esos:windows10-2004-x64systemwindows
submitted
02-01-2023 22:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

setup_wipe.exe
Size

6.3MB
MD5

6ecbef662a58fa79898c64dfe4aec8b0
SHA1

27f6facacf26773974f8a6a2c4fb929439d68c63
SHA256

cb6a28f6848acc465fb118c2379cccf86f4605eb8d51f418d2c9e691a2679bd2
SHA512

47e367ead641ef6c1f0ec28c715d70e257f3183e12a4d96f3cac61a0bcfa0e1de52c737d4c432f0c3ec993604ef5fdba9d186b3e52da29b8ce95210cc3e43a59
SSDEEP

98304:dktDam/Y6kgSRo5e6n0rCq7oF7ftzTACeDC+X0aj008fmMMN3S1cn/b73:u8AI9Rw02+oF7lzMCeDCTvYN7P3

Score

8^/10

discovery persistence

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 3 IoCs

pid	Process
1864	setup_wipe.tmp
4644	Wipe.exe
2028	Wipe.exe

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000\Control Panel\International\Geo\Nation	Wipe.exe

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Wipe Updates = "\"C:\\Program Files (x86)\\Wipe\\Wipe.exe\" uf_sub_winStartup"	Wipe.exe
Key created	\REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000\Software\Microsoft\Windows\CurrentVersion\Run	msedge.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Wipe\Application\Plugins\is-7HNMP.tmp	setup_wipe.tmp
File created	C:\Program Files (x86)\Wipe\Framework\Languages\is-MR6H4.tmp	setup_wipe.tmp
File created	C:\Program Files (x86)\Wipe\Application\FunStarts\is-S0L1M.tmp	setup_wipe.tmp
File created	C:\Program Files (x86)\Wipe\Application\Plugins\is-50DKS.tmp	setup_wipe.tmp
File created	C:\Program Files (x86)\Wipe\Framework\Languages\is-99SJ7.tmp	setup_wipe.tmp
File created	C:\Program Files (x86)\Wipe\x64\is-M3A90.tmp	setup_wipe.tmp
File created	C:\Program Files (x86)\Wipe\Application\Plugins\is-5S7JT.tmp	setup_wipe.tmp
File created	C:\Program Files (x86)\Wipe\Application\Plugins\is-I5EBM.tmp	setup_wipe.tmp
File created	C:\Program Files (x86)\Wipe\Application\Plugins\is-QHQ4G.tmp	setup_wipe.tmp
File created	C:\Program Files (x86)\Wipe\Application\Plugins\is-AE931.tmp	setup_wipe.tmp
File created	C:\Program Files (x86)\Wipe\Application\Plugins\is-0CO61.tmp	setup_wipe.tmp
File created	C:\Program Files (x86)\Wipe\Application\Plugins\is-VPEDG.tmp	setup_wipe.tmp
File created	C:\Program Files (x86)\Wipe\Application\is-PJPDP.tmp	setup_wipe.tmp
File created	C:\Program Files (x86)\Wipe\Application\Languages\is-5TVD7.tmp	setup_wipe.tmp
File created	C:\Program Files (x86)\Wipe\Application\Plugins\is-N8302.tmp	setup_wipe.tmp
File created	C:\Program Files (x86)\Wipe\is-G1654.tmp	setup_wipe.tmp
File created	C:\Program Files (x86)\Wipe\Application\Plugins\is-IMJUD.tmp	setup_wipe.tmp
File created	C:\Program Files (x86)\Wipe\Framework\UForms\is-TO2GD.tmp	setup_wipe.tmp
File created	C:\Program Files (x86)\Wipe\Application\Plugins\is-EDQ4U.tmp	setup_wipe.tmp
File created	C:\Program Files (x86)\Wipe\Application\FunStarts\is-KIKVV.tmp	setup_wipe.tmp
File created	C:\Program Files (x86)\Wipe\Application\Languages\is-NK9SH.tmp	setup_wipe.tmp
File created	C:\Program Files (x86)\Wipe\Application\PluginsEmbed\is-T4R85.tmp	setup_wipe.tmp
File created	C:\Program Files (x86)\Wipe\Application\Plugins\is-IUQDM.tmp	setup_wipe.tmp
File created	C:\Program Files (x86)\Wipe\Application\Plugins\is-QQU5G.tmp	setup_wipe.tmp
File created	C:\Program Files (x86)\Wipe\Application\Plugins\is-BJS9C.tmp	setup_wipe.tmp
File created	C:\Program Files (x86)\Wipe\Application\Plugins\is-LBL7P.tmp	setup_wipe.tmp
File created	C:\Program Files (x86)\Wipe\Application\Plugins\is-1VPLT.tmp	setup_wipe.tmp
File created	C:\Program Files (x86)\Wipe\Application\Plugins\is-FSPR1.tmp	setup_wipe.tmp
File opened for modification	C:\Program Files (x86)\Wipe\System.Data.SQLite.Linq.dll	setup_wipe.tmp
File created	C:\Program Files (x86)\Wipe\Application\FunStarts\is-6KTLF.tmp	setup_wipe.tmp
File created	C:\Program Files (x86)\Wipe\Framework\FunProMessages\is-1G4A0.tmp	setup_wipe.tmp
File created	C:\Program Files (x86)\Wipe\Framework\Interface\is-0RQ9E.tmp	setup_wipe.tmp
File created	C:\Program Files (x86)\Wipe\Framework\Languages\is-B3PKC.tmp	setup_wipe.tmp
File created	C:\Program Files (x86)\Wipe\Application\Plugins\is-H0VCI.tmp	setup_wipe.tmp
File created	C:\Program Files (x86)\Wipe\Application\Plugins\is-IAN3G.tmp	setup_wipe.tmp
File created	C:\Program Files (x86)\Wipe\Application\Plugins\is-F6L82.tmp	setup_wipe.tmp
File created	C:\Program Files (x86)\Wipe\Framework\Languages-flags\is-4M3MQ.tmp	setup_wipe.tmp
File created	C:\Program Files (x86)\Wipe\Application\Plugins\is-T4PAT.tmp	setup_wipe.tmp
File created	C:\Program Files (x86)\Wipe\Application\Plugins\is-PRT6O.tmp	setup_wipe.tmp
File created	C:\Program Files (x86)\Wipe\Application\Plugins\is-5KCP1.tmp	setup_wipe.tmp
File created	C:\Program Files (x86)\Wipe\Application\Plugins\is-43LBV.tmp	setup_wipe.tmp
File created	C:\Program Files (x86)\Wipe\Application\Plugins\is-GEDM7.tmp	setup_wipe.tmp
File created	C:\Program Files (x86)\Wipe\Application\Plugins\is-8F7RS.tmp	setup_wipe.tmp
File created	C:\Program Files (x86)\Wipe\Application\Plugins\is-L346M.tmp	setup_wipe.tmp
File created	C:\Program Files (x86)\Wipe\Application\Plugins\is-JVE04.tmp	setup_wipe.tmp
File created	C:\Program Files (x86)\Wipe\Framework\Interface\is-64FRB.tmp	setup_wipe.tmp
File created	C:\Program Files (x86)\Wipe\Application\Plugins\is-SUVE0.tmp	setup_wipe.tmp
File created	C:\Program Files (x86)\Wipe\Application\Plugins\is-85COC.tmp	setup_wipe.tmp
File created	C:\Program Files (x86)\Wipe\is-LA599.tmp	setup_wipe.tmp
File created	C:\Program Files (x86)\Wipe\Application\Plugins\is-33I5N.tmp	setup_wipe.tmp
File created	C:\Program Files (x86)\Wipe\Application\Plugins\is-HTFD3.tmp	setup_wipe.tmp
File created	C:\Program Files (x86)\Wipe\Application\Plugins\is-B3P0V.tmp	setup_wipe.tmp
File created	C:\Program Files (x86)\Wipe\Application\Plugins\is-LKCQE.tmp	setup_wipe.tmp
File created	C:\Program Files (x86)\Wipe\Application\Plugins\is-SHH2O.tmp	setup_wipe.tmp
File opened for modification	C:\Program Files (x86)\Wipe\Newtonsoft.Json.dll	setup_wipe.tmp
File opened for modification	C:\Program Files (x86)\Wipe\EntityFramework.dll	setup_wipe.tmp
File created	C:\Program Files (x86)\Wipe\Application\Plugins\is-V7QEB.tmp	setup_wipe.tmp
File created	C:\Program Files (x86)\Wipe\Application\Plugins\is-J7965.tmp	setup_wipe.tmp
File created	C:\Program Files (x86)\Wipe\Application\PluginsEmbed\is-TQ4OH.tmp	setup_wipe.tmp
File created	C:\Program Files (x86)\Wipe\Framework\Languages\is-1SB61.tmp	setup_wipe.tmp
File created	C:\Program Files (x86)\Wipe\Application\Plugins\is-J7T5S.tmp	setup_wipe.tmp
File created	C:\Program Files (x86)\Wipe\Application\Plugins\is-J89QP.tmp	setup_wipe.tmp
File created	C:\Program Files (x86)\Wipe\Framework\Interface\is-Q2ESM.tmp	setup_wipe.tmp
File created	C:\Program Files (x86)\Wipe\Framework\UForms\is-20OFG.tmp	setup_wipe.tmp

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
1864	setup_wipe.tmp
1864	setup_wipe.tmp
4336	msedge.exe
4336	msedge.exe
1628	msedge.exe
1628	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
1628	msedge.exe
1628	msedge.exe
1628	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	4644	Wipe.exe
Token: SeDebugPrivilege	2028	Wipe.exe

Suspicious use of FindShellTrayWindow 5 IoCs

pid	Process
1864	setup_wipe.tmp
1628	msedge.exe
1628	msedge.exe
1628	msedge.exe
1628	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2452 wrote to memory of 1864	2452	setup_wipe.exe	81
PID 2452 wrote to memory of 1864	2452	setup_wipe.exe	81
PID 2452 wrote to memory of 1864	2452	setup_wipe.exe	81
PID 1864 wrote to memory of 4644	1864	setup_wipe.tmp	90
PID 1864 wrote to memory of 4644	1864	setup_wipe.tmp	90
PID 4644 wrote to memory of 1628	4644	Wipe.exe	93
PID 4644 wrote to memory of 1628	4644	Wipe.exe	93
PID 1628 wrote to memory of 3992	1628	msedge.exe	94
PID 1628 wrote to memory of 3992	1628	msedge.exe	94
PID 1628 wrote to memory of 2440	1628	msedge.exe	96
PID 1628 wrote to memory of 2440	1628	msedge.exe	96
PID 1628 wrote to memory of 2440	1628	msedge.exe	96
PID 1628 wrote to memory of 2440	1628	msedge.exe	96
PID 1628 wrote to memory of 2440	1628	msedge.exe	96
PID 1628 wrote to memory of 2440	1628	msedge.exe	96
PID 1628 wrote to memory of 2440	1628	msedge.exe	96
PID 1628 wrote to memory of 2440	1628	msedge.exe	96
PID 1628 wrote to memory of 2440	1628	msedge.exe	96
PID 1628 wrote to memory of 2440	1628	msedge.exe	96
PID 1628 wrote to memory of 2440	1628	msedge.exe	96
PID 1628 wrote to memory of 2440	1628	msedge.exe	96
PID 1628 wrote to memory of 2440	1628	msedge.exe	96
PID 1628 wrote to memory of 2440	1628	msedge.exe	96
PID 1628 wrote to memory of 2440	1628	msedge.exe	96
PID 1628 wrote to memory of 2440	1628	msedge.exe	96
PID 1628 wrote to memory of 2440	1628	msedge.exe	96
PID 1628 wrote to memory of 2440	1628	msedge.exe	96
PID 1628 wrote to memory of 2440	1628	msedge.exe	96
PID 1628 wrote to memory of 2440	1628	msedge.exe	96
PID 1628 wrote to memory of 2440	1628	msedge.exe	96
PID 1628 wrote to memory of 2440	1628	msedge.exe	96
PID 1628 wrote to memory of 2440	1628	msedge.exe	96
PID 1628 wrote to memory of 2440	1628	msedge.exe	96
PID 1628 wrote to memory of 2440	1628	msedge.exe	96
PID 1628 wrote to memory of 2440	1628	msedge.exe	96
PID 1628 wrote to memory of 2440	1628	msedge.exe	96
PID 1628 wrote to memory of 2440	1628	msedge.exe	96
PID 1628 wrote to memory of 2440	1628	msedge.exe	96
PID 1628 wrote to memory of 2440	1628	msedge.exe	96
PID 1628 wrote to memory of 2440	1628	msedge.exe	96
PID 1628 wrote to memory of 2440	1628	msedge.exe	96
PID 1628 wrote to memory of 2440	1628	msedge.exe	96
PID 1628 wrote to memory of 2440	1628	msedge.exe	96
PID 1628 wrote to memory of 2440	1628	msedge.exe	96
PID 1628 wrote to memory of 2440	1628	msedge.exe	96
PID 1628 wrote to memory of 2440	1628	msedge.exe	96
PID 1628 wrote to memory of 2440	1628	msedge.exe	96
PID 1628 wrote to memory of 2440	1628	msedge.exe	96
PID 1628 wrote to memory of 2440	1628	msedge.exe	96
PID 1628 wrote to memory of 4336	1628	msedge.exe	97
PID 1628 wrote to memory of 4336	1628	msedge.exe	97
PID 1628 wrote to memory of 1292	1628	msedge.exe	98
PID 1628 wrote to memory of 1292	1628	msedge.exe	98
PID 1628 wrote to memory of 1292	1628	msedge.exe	98
PID 1628 wrote to memory of 1292	1628	msedge.exe	98
PID 1628 wrote to memory of 1292	1628	msedge.exe	98
PID 1628 wrote to memory of 1292	1628	msedge.exe	98
PID 1628 wrote to memory of 1292	1628	msedge.exe	98
PID 1628 wrote to memory of 1292	1628	msedge.exe	98
PID 1628 wrote to memory of 1292	1628	msedge.exe	98
PID 1628 wrote to memory of 1292	1628	msedge.exe	98
PID 1628 wrote to memory of 1292	1628	msedge.exe	98
PID 1628 wrote to memory of 1292	1628	msedge.exe	98
PID 1628 wrote to memory of 1292	1628	msedge.exe	98

C:\Users\Admin\AppData\Local\Temp\setup_wipe.exe
"C:\Users\Admin\AppData\Local\Temp\setup_wipe.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2452
- C:\Users\Admin\AppData\Local\Temp\is-EP272.tmp\setup_wipe.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-EP272.tmp\setup_wipe.tmp" /SL5="$6011C,6101741,185344,C:\Users\Admin\AppData\Local\Temp\setup_wipe.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of WriteProcessMemory
  PID:1864
- - C:\Program Files (x86)\Wipe\Wipe.exe
    "C:\Program Files (x86)\Wipe\Wipe.exe" uf_sub_runonsetup
    3⤵
    - Executes dropped EXE
    - Checks computer location settings
    - Adds Run key to start application
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of WriteProcessMemory
    PID:4644
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://privacyroot.com/apps/scripts/uframework-web.pl?scn=wipe&version=2227.00&fipr=5c7bbf2aa3a79e1a512b20488d008ceb&pcid=1d1512f3e64bf85a6508f034b38b37c3&location=appInstalled&iso2=es&iso2ui=es&lang_wipe=es
      4⤵
      Adds Run key to start application
      Enumerates system info in registry
      Modifies registry class
      Suspicious behavior: EnumeratesProcesses
      Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      Suspicious use of FindShellTrayWindow
      Suspicious use of WriteProcessMemory
      PID:1628
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffbb50c46f8,0x7ffbb50c4708,0x7ffbb50c4718
        5⤵
        
        PID:3992
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,3912226508840265292,1728069402510593869,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2168 /prefetch:2
        5⤵
        
        PID:2440
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2132,3912226508840265292,1728069402510593869,131072 --lang=es --service-sandbox-type=none --mojo-platform-channel-handle=2388 /prefetch:3
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:4336
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2132,3912226508840265292,1728069402510593869,131072 --lang=es --service-sandbox-type=utility --mojo-platform-channel-handle=2684 /prefetch:8
        5⤵
        
        PID:1292
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,3912226508840265292,1728069402510593869,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3864 /prefetch:1
        5⤵
        
        PID:5076
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,3912226508840265292,1728069402510593869,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3984 /prefetch:1
        5⤵
        
        PID:260
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2132,3912226508840265292,1728069402510593869,131072 --lang=es --service-sandbox-type=service --mojo-platform-channel-handle=5276 /prefetch:8
        5⤵
        
        PID:3332
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,3912226508840265292,1728069402510593869,131072 --disable-gpu-compositing --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5308 /prefetch:1
        5⤵
        
        PID:4724
  - - C:\Program Files (x86)\Wipe\Wipe.exe
      "C:\Program Files (x86)\Wipe\Wipe.exe" uf_sub_downloadSetup
      4⤵
      Executes dropped EXE
      Suspicious use of AdjustPrivilegeToken
      PID:2028

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5012

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Wipe\Framework\Interface\colors.ini

Filesize
605B

MD5
7083a2accda7fe7348e732bd46ecb25b

SHA1
727af15ff453cb6e164f94326baa9640e6f50150

SHA256
25e63e1d0be2bfaec6966c0df046a2c3f0c1ba69702745e3a7ffdf3507dc3661

SHA512
4e0a366b712405756cde465c5f48e0501549586fda73e2e30c252a50663a2f80de06d9ff3df43a45f52cfad6af8356e39bda0deb937c8c6c85fbefe770cf4e1a

Download Submit
C:\Program Files (x86)\Wipe\Wipe.exe

Filesize
527KB

MD5
2d13fbc9e0a20399cdc992ecb622d0d0

SHA1
1e2cf017df1a2a68de5c89f4178c09f39bc434f6

SHA256
72222e082056c5347be18d714fd9afd6ff70dc4f412743e8355734fddf1ac485

SHA512
922487f6bd1fb7399239abdd3039b1e7aff99793f14beb1def716a0e5e0a0856d933cdf63cfb20d4660aa482ae1270c5b57d54e27a113c094a3149da86fe00ec

Download Submit
C:\Program Files (x86)\Wipe\Wipe.exe

Filesize
527KB

MD5
2d13fbc9e0a20399cdc992ecb622d0d0

SHA1
1e2cf017df1a2a68de5c89f4178c09f39bc434f6

SHA256
72222e082056c5347be18d714fd9afd6ff70dc4f412743e8355734fddf1ac485

SHA512
922487f6bd1fb7399239abdd3039b1e7aff99793f14beb1def716a0e5e0a0856d933cdf63cfb20d4660aa482ae1270c5b57d54e27a113c094a3149da86fe00ec

Download Submit
C:\Program Files (x86)\Wipe\Wipe.exe

Filesize
527KB

MD5
2d13fbc9e0a20399cdc992ecb622d0d0

SHA1
1e2cf017df1a2a68de5c89f4178c09f39bc434f6

SHA256
72222e082056c5347be18d714fd9afd6ff70dc4f412743e8355734fddf1ac485

SHA512
922487f6bd1fb7399239abdd3039b1e7aff99793f14beb1def716a0e5e0a0856d933cdf63cfb20d4660aa482ae1270c5b57d54e27a113c094a3149da86fe00ec

Download Submit
C:\Program Files (x86)\Wipe\Wipe.exe.config

Filesize
1KB

MD5
93fd560b744390a798012730cf2b1648

SHA1
8a83bcfdf630bd1ceda69daf3d5af421cea95af3

SHA256
368f802cc75af22a2928278367450d712db9807c4ef41c37707ba52d72354841

SHA512
09f699d80001a68f9f63c316c765cd9a40c6bd516830ae511ced17ee6e2c4d6e25a2447427e888577495e0960d27cf4b40ff95db84ed96fcf367c19541e8fa69

Download Submit
C:\ProgramData\WindowsHardwareTelemetry.ini

Filesize
1KB

MD5
e27f11a1a16c279530e7eaa3915a64f5

SHA1
1317da1de1dae71b1e436c425014152be9f89b6b

SHA256
41db09f3a1d402c05582ce12e78e7340d2f1da21cb41dbcb47f9568a1fa8ab30

SHA512
f3d0cbd0f16eb8b85e9fa888f0a2a81fc880185aa0f5474b31be13e38c860d793c63270d792cc302d595c95e04bf84e97c4c4d80ec7b7fbf88e458c1166cc065

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\Wipe.exe.log

Filesize
1KB

MD5
a9141ed1837f780cf691c7ce790db9c5

SHA1
86d5a6683a0031226f8477cb2d60edf65325f1ec

SHA256
cf428d3c771587984baaea34a2f01139009f4493431db844f2114daff8f958f0

SHA512
c573c632ab243eb226a878e67c03b328f341ccd8c8696c0f0b6ef7bf6cbc1ae72a1444fa4ac831547590b9420092b4a43528bcffc5ddeeaca071cdb951fa4bd3

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-EP272.tmp\setup_wipe.tmp

Filesize
1.2MB

MD5
ff41bdabba2dc4bab5bde486732632ed

SHA1
fae533b1f212eeec14fa0a27f3ab3d48ab5188f1

SHA256
d0f36ddae627a2b437586c9b81d4a1821e5721c2a1aeb1eadc5bafc6ad238fa1

SHA512
312f02c2faca4c8a771513fdd1804fd38da44b021aaa0e09d6d33bddd0120e77a4af9b525d331748788592d10d6187f0e453e9dedc2a23bbd40c05200035d45f

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-EP272.tmp\setup_wipe.tmp

Filesize
1.2MB

MD5
ff41bdabba2dc4bab5bde486732632ed

SHA1
fae533b1f212eeec14fa0a27f3ab3d48ab5188f1

SHA256
d0f36ddae627a2b437586c9b81d4a1821e5721c2a1aeb1eadc5bafc6ad238fa1

SHA512
312f02c2faca4c8a771513fdd1804fd38da44b021aaa0e09d6d33bddd0120e77a4af9b525d331748788592d10d6187f0e453e9dedc2a23bbd40c05200035d45f

Download Submit
C:\Users\Admin\AppData\Roaming\wipe2021\Settings\ServerResponse.ini

Filesize
214B

MD5
481f1d3104f2f3cefb4e6b94f5fa8bb6

SHA1
8fb84f3ca8c4012d7df69f6b1b192a1929ffdb21

SHA256
cfca478468088d215cc3874654e5f2961560f7fd197573a1b284f10d886f2f04

SHA512
e57cc307d9f2629d062593dcb9cb9be7246970553000e63fa471be323738eeb2d89c7cd9334e35cd818041d68854d7523ea14d74d8d597da1a1e2ade8c6ad410

Download Submit
C:\Users\Admin\AppData\Roaming\wipe2021\Settings\UF.ini

Filesize
84B

MD5
a237204b4f606c4ab7080adfe7a88b94

SHA1
9705842f53aed053da7b4afaf16cdd98e4f9119b

SHA256
fc845adb659cdd7ac3a89272c5f6664053bf9fdd8b0e79c8a730a53f5283179b

SHA512
6e20618d5d3ae3ef5c63cc292d266ec7708a07c7a8f37a3956279c5b33e0aa777cc708a8204fd6aaa14416aebbcc04e2818e94cd2844262bec5430cd005b4754

Download Submit
C:\Users\Admin\AppData\Roaming\wipe2021\Settings\UsageV4.ini

Filesize
84B

MD5
7cb762ecbb3c368739bc5aead5a9f41c

SHA1
eb3b4712d7d9fe32d4859b80837cc0680eff5886

SHA256
e53d5e09ccbd863cf930be41d020108c62532d25f4827992612d7d3e869f5482

SHA512
0842a371c223a6cdfd43aa45575ce1e3817430ff85944d08b7aec21bd73f76de81cab1f7a130af03b99cee6bf4baa8038b0059f4e1a81d6256ef02f5fafac1a1

Download Submit
memory/2028-162-0x00007FFBB9680000-0x00007FFBBA141000-memory.dmp

Filesize
10.8MB

Download
memory/2028-170-0x00007FFBB9680000-0x00007FFBBA141000-memory.dmp

Filesize
10.8MB

Download
memory/2452-134-0x0000000000400000-0x0000000000437000-memory.dmp

Filesize
220KB

Download
memory/2452-137-0x0000000000400000-0x0000000000437000-memory.dmp

Filesize
220KB

Download
memory/2452-132-0x0000000000400000-0x0000000000437000-memory.dmp

Filesize
220KB

Download
memory/2452-173-0x0000000000400000-0x0000000000437000-memory.dmp

Filesize
220KB

Download
memory/4644-161-0x00007FFBB9680000-0x00007FFBBA141000-memory.dmp

Filesize
10.8MB

Download
memory/4644-143-0x0000018DE2AB0000-0x0000018DE2B34000-memory.dmp

Filesize
528KB

Download
memory/4644-145-0x00007FFBB9680000-0x00007FFBBA141000-memory.dmp

Filesize
10.8MB

Download
memory/4644-144-0x0000018DFFA70000-0x0000018DFFB72000-memory.dmp

Filesize
1.0MB

Download