b6c1a86d45d6f3c4ad75146d64e8d650de0449f2cb3ab280d62ecce86f07aff3

Analysis

max time kernel
150s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
13/05/2024, 19:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

sample.html
Size

19KB
MD5

20f94e0fec19560a3addbd00d6e74d47
SHA1

0e6216c71cfbdefb6f3c9980583cabcfc7df0619
SHA256

b6c1a86d45d6f3c4ad75146d64e8d650de0449f2cb3ab280d62ecce86f07aff3
SHA512

3e6f52b3c379335c41c15ae92ecbf809edf75640976457e075412db6d1b9802256fc6b1032bf7ef5862ca9cb798712f5d833c3b2abccc7c625b6fc2875c48ccd
SSDEEP

384:rY8DpmReVoOs4Xi9ylKeGMpU8HhhbVck7aJo2paWhOwob0Vnp2IJCgMmVn:rTBVoOs4XmyI1M9Bhb2yaIWhOwob0Vpt

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\Control Panel\International\Geo\Nation	imyfone-lockwiper_setup.exe

Executes dropped EXE 8 IoCs

pid	Process
6056	imyfone-lockwiper_setup.exe
5320	imyfone-lockwiper_setup.exe
4912	imyfone-download.exe
5996	imyfone-download.tmp
5136	LockWiper.exe
1104	DPInst64.exe
5844	appAutoUpdate.exe
6308	devcon_x64.exe

Loads dropped DLL 64 IoCs

pid	Process
5996	imyfone-download.tmp
5136	LockWiper.exe
5136	LockWiper.exe
5136	LockWiper.exe
5136	LockWiper.exe
5136	LockWiper.exe
5136	LockWiper.exe
5136	LockWiper.exe
5136	LockWiper.exe
5136	LockWiper.exe
5136	LockWiper.exe
5136	LockWiper.exe
5136	LockWiper.exe
5136	LockWiper.exe
5136	LockWiper.exe
5136	LockWiper.exe
5136	LockWiper.exe
5136	LockWiper.exe
5136	LockWiper.exe
5136	LockWiper.exe
5136	LockWiper.exe
5136	LockWiper.exe
5136	LockWiper.exe
5136	LockWiper.exe
5136	LockWiper.exe
5136	LockWiper.exe
5136	LockWiper.exe
5136	LockWiper.exe
5136	LockWiper.exe
5136	LockWiper.exe
5136	LockWiper.exe
5136	LockWiper.exe
5136	LockWiper.exe
5136	LockWiper.exe
5136	LockWiper.exe
5136	LockWiper.exe
5136	LockWiper.exe
5136	LockWiper.exe
5136	LockWiper.exe
5136	LockWiper.exe
5136	LockWiper.exe
5136	LockWiper.exe
5136	LockWiper.exe
5136	LockWiper.exe
5136	LockWiper.exe
5136	LockWiper.exe
5136	LockWiper.exe
5136	LockWiper.exe
5136	LockWiper.exe
5136	LockWiper.exe
5136	LockWiper.exe
5136	LockWiper.exe
5136	LockWiper.exe
5136	LockWiper.exe
5136	LockWiper.exe
5136	LockWiper.exe
5136	LockWiper.exe
5136	LockWiper.exe
5136	LockWiper.exe
5136	LockWiper.exe
5136	LockWiper.exe
5136	LockWiper.exe
5844	appAutoUpdate.exe
5844	appAutoUpdate.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Looks up external IP address via web service 1 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
372	ip-api.com

Drops file in System32 directory 33 IoCs

description	ioc	Process
File opened for modification	C:\Windows\System32\DriverStore\Temp\{0328194c-7f17-7043-a605-c886cbe8646b}\USBAAPL.CAT	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\usbaapl.inf_amd64_b11f4eb7484c8d3b\USBAAPL.CAT	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{3ade0d5e-58ff-e645-afda-cb3d90b2f086}\SET3456.tmp	DrvInst.exe
File created	C:\Windows\System32\DriverStore\Temp\{3ade0d5e-58ff-e645-afda-cb3d90b2f086}\SET3457.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\usbaapl64.inf_amd64_c0e4d8c2aef471b7\USBAAPL64.CAT	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{0328194c-7f17-7043-a605-c886cbe8646b}	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{3ade0d5e-58ff-e645-afda-cb3d90b2f086}\USBAAPL64.CAT	DrvInst.exe
File created	C:\Windows\System32\DriverStore\FileRepository\usbaapl64.inf_amd64_c0e4d8c2aef471b7\usbaapl64.PNF	DPInst64.exe
File created	C:\Windows\System32\DriverStore\Temp\{0328194c-7f17-7043-a605-c886cbe8646b}\SET3212.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\CatRoot2\dberr.txt	DrvInst.exe
File created	C:\Windows\System32\DriverStore\Temp\{3ade0d5e-58ff-e645-afda-cb3d90b2f086}\SET3445.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{3ade0d5e-58ff-e645-afda-cb3d90b2f086}\usbaapl64.sys	DrvInst.exe
File created	C:\Windows\System32\DriverStore\drvstore.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\usbaapl64.inf_amd64_c0e4d8c2aef471b7\usbaapl64.sys	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{0328194c-7f17-7043-a605-c886cbe8646b}\usbaapl.inf	DrvInst.exe
File opened for modification	C:\Windows\System32\CatRoot2\dberr.txt	DPInst64.exe
File created	C:\Windows\System32\DriverStore\Temp\{3ade0d5e-58ff-e645-afda-cb3d90b2f086}\SET3456.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{3ade0d5e-58ff-e645-afda-cb3d90b2f086}\SET3457.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{3ade0d5e-58ff-e645-afda-cb3d90b2f086}\usbaaplrc.dll	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{0328194c-7f17-7043-a605-c886cbe8646b}\SET3212.tmp	DrvInst.exe
File created	C:\Windows\System32\DriverStore\Temp\{0328194c-7f17-7043-a605-c886cbe8646b}\SET3213.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\usbaapl.inf_amd64_b11f4eb7484c8d3b\usbaapl.inf	DrvInst.exe
File created	C:\Windows\System32\DriverStore\Temp\{3ade0d5e-58ff-e645-afda-cb3d90b2f086}\SET3458.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{0328194c-7f17-7043-a605-c886cbe8646b}\SET3213.tmp	DrvInst.exe
File created	C:\Windows\System32\DriverStore\FileRepository\usbaapl.inf_amd64_b11f4eb7484c8d3b\usbaapl.PNF	DPInst64.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{3ade0d5e-58ff-e645-afda-cb3d90b2f086}\SET3445.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\usbaapl64.inf_amd64_c0e4d8c2aef471b7\usbaapl64.inf	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{3ade0d5e-58ff-e645-afda-cb3d90b2f086}	DrvInst.exe
File created	C:\Windows\System32\DriverStore\drvstore.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{3ade0d5e-58ff-e645-afda-cb3d90b2f086}\usbaapl64.inf	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{3ade0d5e-58ff-e645-afda-cb3d90b2f086}\SET3458.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\usbaapl64.inf_amd64_c0e4d8c2aef471b7\usbaaplrc.dll	DrvInst.exe
File opened for modification	C:\Windows\System32\CatRoot2\dberr.txt	DrvInst.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files (x86)\imyfone_down\imyfone-lockwiper_setup\language\Japanese\text.ini	imyfone-lockwiper_setup.exe
File created	C:\Program Files (x86)\iMyFone\iMyFone LockWiper\skin\PictureNormal\Application\is-12IJ5.tmp	imyfone-download.tmp
File created	C:\Program Files (x86)\iMyFone\iMyFone LockWiper\skin\PictureNormal\images\is-MBG9R.tmp	imyfone-download.tmp
File created	C:\Program Files (x86)\iMyFone\iMyFone LockWiper\skin\PictureNormal\Member\is-FR39U.tmp	imyfone-download.tmp
File created	C:\Program Files (x86)\iMyFone\iMyFone LockWiper\skin\PictureNormal\Member\trial_limit\is-FAVD3.tmp	imyfone-download.tmp
File opened for modification	C:\Program Files (x86)\iMyFone\iMyFone LockWiper\data\backup\1\514cdb66751229d146596937bbe4ecbbad90c028\0dc926a1810f7aee4e8f38793ed788701f93bf9d	LockWiper.exe
File created	C:\Program Files (x86)\iMyFone\iMyFone LockWiper\data\backup\1\514cdb66751229d146596937bbe4ecbbad90c028\ed248cf557df575f57718b98dc5008628bd47f65	LockWiper.exe
File opened for modification	C:\Program Files (x86)\iMyFone\iMyFone LockWiper\data\backup\2\b46ae678226f77a94fc94328f18e3872bdd6cf88\45b1a377feee16fa8e2fbf128469e2b9e5403e6f	LockWiper.exe
File created	C:\Program Files (x86)\iMyFone\iMyFone LockWiper\FeedbackRes\conf\is-BU2LQ.tmp	imyfone-download.tmp
File created	C:\Program Files (x86)\iMyFone\iMyFone LockWiper\platforms\is-QBG39.tmp	imyfone-download.tmp
File created	C:\Program Files (x86)\iMyFone\iMyFone LockWiper\skin\PictureNormal\Application\is-E1CHI.tmp	imyfone-download.tmp
File created	C:\Program Files (x86)\iMyFone\iMyFone LockWiper\skin\PictureNormal\mdm\is-O8N7J.tmp	imyfone-download.tmp
File created	C:\Program Files (x86)\iMyFone\iMyFone LockWiper\skin\PictureNormal\Member\is-MVMO2.tmp	imyfone-download.tmp
File created	C:\Program Files (x86)\iMyFone\iMyFone LockWiper\data\backup\1\514cdb66751229d146596937bbe4ecbbad90c028\876a63abe36aefe5888afe97a3d3fa5ff4786031	LockWiper.exe
File opened for modification	C:\Program Files (x86)\iMyFone\iMyFone LockWiper\FixOS\api-ms-win-core-processthreads-l1-1-1.dll	imyfone-download.tmp
File created	C:\Program Files (x86)\iMyFone\iMyFone LockWiper\is-GF03N.tmp	imyfone-download.tmp
File created	C:\Program Files (x86)\iMyFone\iMyFone LockWiper\skin\PictureNormal\ScreenTimePasscode\is-CF8US.tmp	imyfone-download.tmp
File created	C:\Program Files (x86)\iMyFone\iMyFone LockWiper\data\backup\1\514cdb66751229d146596937bbe4ecbbad90c028\2d7e06ba7194fdfcd2dd45548b39b1e477c9fd8d	LockWiper.exe
File opened for modification	C:\Program Files (x86)\iMyFone\iMyFone LockWiper\data\backup\1\514cdb66751229d146596937bbe4ecbbad90c028\64d0019cb3d46bfc8cce545a8ba54b93e7ea9347	LockWiper.exe
File opened for modification	C:\Program Files (x86)\imyfone_down\imyfone-lockwiper_setup\language\Arabic\text.ini	imyfone-lockwiper_setup.exe
File opened for modification	C:\Program Files (x86)\imyfone_down\imyfone-lockwiper_setup\language\German\UrlInfo.ini	imyfone-lockwiper_setup.exe
File created	C:\Program Files (x86)\iMyFone\iMyFone LockWiper\skin\PictureNormal\activation\is-KAOV5.tmp	imyfone-download.tmp
File created	C:\Program Files (x86)\iMyFone\iMyFone LockWiper\skin\PictureNormal\Application\is-7TE43.tmp	imyfone-download.tmp
File created	C:\Program Files (x86)\iMyFone\iMyFone LockWiper\skin\PictureNormal\MFCore\is-PMD52.tmp	imyfone-download.tmp
File created	C:\Program Files (x86)\iMyFone\iMyFone LockWiper\skin\PictureNormal\ReviewImage\is-5IUJ7.tmp	imyfone-download.tmp
File opened for modification	C:\Program Files (x86)\iMyFone\iMyFone LockWiper\data\backup\1\514cdb66751229d146596937bbe4ecbbad90c028\5a4935c78a5255723f707230a451d79c540d2741	LockWiper.exe
File created	C:\Program Files (x86)\iMyFone\iMyFone LockWiper\bearer\is-P536V.tmp	imyfone-download.tmp
File created	C:\Program Files (x86)\iMyFone\iMyFone LockWiper\Language\qm\is-CE2T0.tmp	imyfone-download.tmp
File created	C:\Program Files (x86)\iMyFone\iMyFone LockWiper\MFProductBox\MFProductBoxPlus\skin\ProductBox\Didlog\is-G2QO5.tmp	imyfone-download.tmp
File created	C:\Program Files (x86)\iMyFone\iMyFone LockWiper\skin\PictureNormal\EquityShowView\is-FRCK7.tmp	imyfone-download.tmp
File created	C:\Program Files (x86)\iMyFone\iMyFone LockWiper\skin\PictureNormal\mdm\is-EG35U.tmp	imyfone-download.tmp
File opened for modification	C:\Program Files (x86)\iMyFone\iMyFone LockWiper\data\backup\1\514cdb66751229d146596937bbe4ecbbad90c028\6241b2b9da35bc7ac51266cce64774fc975ccf00	LockWiper.exe
File created	C:\Program Files (x86)\iMyFone\iMyFone LockWiper\data\backup\1\514cdb66751229d146596937bbe4ecbbad90c028\7aa4f1ea9b839facc8ba40dfbec96d928a7659cb	LockWiper.exe
File opened for modification	C:\Program Files (x86)\iMyFone\iMyFone LockWiper\data\backup\1\514cdb66751229d146596937bbe4ecbbad90c028\ecb5489ac8284e6a5fd307eaff829497eeaf500b	LockWiper.exe
File created	C:\Program Files (x86)\imyfone_down\imyfone-lockwiper_setup\language\ChineseTW\text.ini	imyfone-lockwiper_setup.exe
File created	C:\Program Files (x86)\imyfone_down\imyfone-lockwiper_setup\language\Dutch\UrlInfo.ini	imyfone-lockwiper_setup.exe
File opened for modification	C:\Program Files (x86)\iMyFone\iMyFone LockWiper\data\backup\1\514cdb66751229d146596937bbe4ecbbad90c028\8d0167b67f664a3816b4c00115c2dfa6a8f81388	LockWiper.exe
File opened for modification	C:\Program Files (x86)\iMyFone\iMyFone LockWiper\data\backup\1\514cdb66751229d146596937bbe4ecbbad90c028\cab0fbe1d07b5a8af69c5c7488a883550d95fb05	LockWiper.exe
File created	C:\Program Files (x86)\iMyFone\iMyFone LockWiper\FeedbackRes\skin\gif\submitting\is-P0AS1.tmp	imyfone-download.tmp
File created	C:\Program Files (x86)\iMyFone\iMyFone LockWiper\Language\FixiTunesQM\is-FTQM9.tmp	imyfone-download.tmp
File created	C:\Program Files (x86)\iMyFone\iMyFone LockWiper\skin\PictureNormal\EquityShowView\is-OC92Q.tmp	imyfone-download.tmp
File created	C:\Program Files (x86)\iMyFone\iMyFone LockWiper\skin\PictureNormal\mutilanguage\is-PHHPR.tmp	imyfone-download.tmp
File opened for modification	C:\Program Files (x86)\iMyFone\iMyFone LockWiper\data\backup\1\514cdb66751229d146596937bbe4ecbbad90c028\8059d41620e0b064ec216d456c7fb5a02b701058	LockWiper.exe
File created	C:\Program Files (x86)\iMyFone\iMyFone LockWiper\skin\PictureNormal\mutilanguage\is-H64QK.tmp	imyfone-download.tmp
File created	C:\Program Files (x86)\iMyFone\iMyFone LockWiper\data\backup\1\514cdb66751229d146596937bbe4ecbbad90c028\1a300d26e5c2e033afdee82564c980fd161c17e8	LockWiper.exe
File opened for modification	C:\Program Files (x86)\iMyFone\iMyFone LockWiper\firmware_config_local.xml	LockWiper.exe
File opened for modification	C:\Program Files (x86)\imyfone_down\imyfone-lockwiper_setup\language\English\UrlInfo.ini	imyfone-lockwiper_setup.exe
File opened for modification	C:\Program Files (x86)\iMyFone\iMyFone LockWiper\FixOS\api-ms-win-crt-runtime-l1-1-0.dll	imyfone-download.tmp
File created	C:\Program Files (x86)\iMyFone\iMyFone LockWiper\is-8OLP0.tmp	imyfone-download.tmp
File created	C:\Program Files (x86)\iMyFone\iMyFone LockWiper\FeedbackRes\skin\gif\submitting\is-R0BEC.tmp	imyfone-download.tmp
File created	C:\Program Files (x86)\iMyFone\iMyFone LockWiper\skin\PictureNormal\images\is-UJCBC.tmp	imyfone-download.tmp
File opened for modification	C:\Program Files (x86)\iMyFone\iMyFone LockWiper\data\backup\2\b46ae678226f77a94fc94328f18e3872bdd6cf88\35bd84cceb82d804a3eefd3b9452fb49f5b05b9b	LockWiper.exe
File opened for modification	C:\Program Files (x86)\iMyFone\iMyFone LockWiper\MFProductBox\libMFCore.dll	imyfone-download.tmp
File created	C:\Program Files (x86)\iMyFone\iMyFone LockWiper\skin\PictureNormal\Application\is-RUKEI.tmp	imyfone-download.tmp
File created	C:\Program Files (x86)\iMyFone\iMyFone LockWiper\skin\PictureNormal\mutilanguage\is-HI5U6.tmp	imyfone-download.tmp
File created	C:\Program Files (x86)\iMyFone\iMyFone LockWiper\skin\PictureNormal\Two-Factor\is-C27NC.tmp	imyfone-download.tmp
File opened for modification	C:\Program Files (x86)\iMyFone\iMyFone LockWiper\MFProductBox\msvcr100.dll	imyfone-download.tmp
File created	C:\Program Files (x86)\iMyFone\iMyFone LockWiper\FeedbackRes\skin\gif\submitting\is-25S9R.tmp	imyfone-download.tmp
File created	C:\Program Files (x86)\iMyFone\iMyFone LockWiper\MFProductBox\imageformats\is-U6BU9.tmp	imyfone-download.tmp
File created	C:\Program Files (x86)\iMyFone\iMyFone LockWiper\skin\PictureNormal\mutilanguage\is-L6TUB.tmp	imyfone-download.tmp
File opened for modification	C:\Program Files (x86)\iMyFone\iMyFone LockWiper\data\backup\1\514cdb66751229d146596937bbe4ecbbad90c028\9329979c8298f9cd3fb110fa387570a8b957e912	LockWiper.exe
File created	C:\Program Files (x86)\iMyFone\iMyFone LockWiper\MFProductBox\MFProductBoxPlus\language\is-N0C7J.tmp	imyfone-download.tmp
File created	C:\Program Files (x86)\iMyFone\iMyFone LockWiper\MFProductBox\MFProductBoxPlus\skin\ProductBox\BgImg\is-5ENKC.tmp	imyfone-download.tmp
File created	C:\Program Files (x86)\iMyFone\iMyFone LockWiper\skin\PictureNormal\images\is-73JO2.tmp	imyfone-download.tmp

Drops file in Windows directory 9 IoCs

description	ioc	Process
File opened for modification	C:\Windows\INF\setupapi.dev.log	DPInst64.exe
File opened for modification	C:\Windows\inf\oem3.inf	DrvInst.exe
File created	C:\Windows\inf\oem3.inf	DrvInst.exe
File opened for modification	C:\Windows\DPINST.LOG	DPInst64.exe
File opened for modification	C:\Windows\INF\setupapi.dev.log	DrvInst.exe
File opened for modification	C:\Windows\INF\setupapi.dev.log	DrvInst.exe
File opened for modification	C:\Windows\inf\oem4.inf	DrvInst.exe
File created	C:\Windows\inf\oem4.inf	DrvInst.exe
File opened for modification	C:\Windows\INF\setupapi.dev.log	svchost.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks SCSI registry key(s) 3 TTPs 64 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\CompatibleIDs	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	DPInst64.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	LockWiper.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	LockWiper.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\DeviceDesc	LockWiper.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Phantom	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Phantom	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	DPInst64.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	LockWiper.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Phantom	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	DPInst64.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\FriendlyName	LockWiper.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\CompatibleIDs	DPInst64.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID	DPInst64.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\CompatibleIDs	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	LockWiper.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom	DPInst64.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\DeviceDesc	LockWiper.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom	DPInst64.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\CompatibleIDs	DPInst64.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	LockWiper.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\CompatibleIDs	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\CompatibleIDs	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001	DPInst64.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	DPInst64.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	DPInst64.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\CompatibleIDs	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002	DPInst64.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\CompatibleIDs	DPInst64.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\CompatibleIDs	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\CompatibleIDs	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\CompatibleIDs	DPInst64.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Phantom	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	DPInst64.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID	DPInst64.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\CompatibleIDs	DrvInst.exe

Enumerates system info in registry 2 TTPs 9 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 64 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs	DrvInst.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133601038610797281"	chrome.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	DrvInst.exe

Suspicious behavior: AddClipboardFormatListener 2 IoCs

pid	Process
5136	LockWiper.exe
5844	appAutoUpdate.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
4992	msedge.exe
4992	msedge.exe
1236	msedge.exe
1236	msedge.exe
1832	identity_helper.exe
1832	identity_helper.exe
1992	chrome.exe
1992	chrome.exe
6056	imyfone-lockwiper_setup.exe
6056	imyfone-lockwiper_setup.exe
6056	imyfone-lockwiper_setup.exe
6056	imyfone-lockwiper_setup.exe
5996	imyfone-download.tmp
5996	imyfone-download.tmp
5996	imyfone-download.tmp
5996	imyfone-download.tmp
6056	imyfone-lockwiper_setup.exe
6056	imyfone-lockwiper_setup.exe
4656	msedge.exe
4656	msedge.exe
1256	msedge.exe
1256	msedge.exe
5644	identity_helper.exe
5644	identity_helper.exe
6056	imyfone-lockwiper_setup.exe
6056	imyfone-lockwiper_setup.exe
5136	LockWiper.exe
5136	LockWiper.exe
5136	LockWiper.exe
5136	LockWiper.exe
5136	LockWiper.exe
5136	LockWiper.exe
5136	LockWiper.exe
5136	LockWiper.exe
5136	LockWiper.exe
5136	LockWiper.exe
5136	LockWiper.exe
5136	LockWiper.exe
5844	appAutoUpdate.exe
5844	appAutoUpdate.exe
5136	LockWiper.exe
5136	LockWiper.exe
5136	LockWiper.exe
5136	LockWiper.exe
5136	LockWiper.exe
5136	LockWiper.exe
5136	LockWiper.exe
5136	LockWiper.exe
5136	LockWiper.exe
5136	LockWiper.exe
5136	LockWiper.exe
5136	LockWiper.exe
6056	chrome.exe
6056	chrome.exe
5136	LockWiper.exe
5136	LockWiper.exe
5136	LockWiper.exe
5136	LockWiper.exe
5136	LockWiper.exe
5136	LockWiper.exe
5136	LockWiper.exe
5136	LockWiper.exe
5136	LockWiper.exe
5136	LockWiper.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
5136	LockWiper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 24 IoCs

pid	Process
1236	msedge.exe
1236	msedge.exe
1236	msedge.exe
1236	msedge.exe
1236	msedge.exe
1236	msedge.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1256	msedge.exe
1256	msedge.exe
1256	msedge.exe
1256	msedge.exe
1256	msedge.exe
1256	msedge.exe
1256	msedge.exe
1256	msedge.exe
1256	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1992	chrome.exe
Token: SeCreatePagefilePrivilege	1992	chrome.exe
Token: SeShutdownPrivilege	1992	chrome.exe
Token: SeCreatePagefilePrivilege	1992	chrome.exe
Token: SeShutdownPrivilege	1992	chrome.exe
Token: SeCreatePagefilePrivilege	1992	chrome.exe
Token: SeShutdownPrivilege	1992	chrome.exe
Token: SeCreatePagefilePrivilege	1992	chrome.exe
Token: SeShutdownPrivilege	1992	chrome.exe
Token: SeCreatePagefilePrivilege	1992	chrome.exe
Token: SeShutdownPrivilege	1992	chrome.exe
Token: SeCreatePagefilePrivilege	1992	chrome.exe
Token: SeShutdownPrivilege	1992	chrome.exe
Token: SeCreatePagefilePrivilege	1992	chrome.exe
Token: SeShutdownPrivilege	1992	chrome.exe
Token: SeCreatePagefilePrivilege	1992	chrome.exe
Token: SeShutdownPrivilege	1992	chrome.exe
Token: SeCreatePagefilePrivilege	1992	chrome.exe
Token: SeShutdownPrivilege	1992	chrome.exe
Token: SeCreatePagefilePrivilege	1992	chrome.exe
Token: SeShutdownPrivilege	1992	chrome.exe
Token: SeCreatePagefilePrivilege	1992	chrome.exe
Token: SeShutdownPrivilege	1992	chrome.exe
Token: SeCreatePagefilePrivilege	1992	chrome.exe
Token: SeShutdownPrivilege	1992	chrome.exe
Token: SeCreatePagefilePrivilege	1992	chrome.exe
Token: SeShutdownPrivilege	1992	chrome.exe
Token: SeCreatePagefilePrivilege	1992	chrome.exe
Token: SeShutdownPrivilege	1992	chrome.exe
Token: SeCreatePagefilePrivilege	1992	chrome.exe
Token: SeShutdownPrivilege	1992	chrome.exe
Token: SeCreatePagefilePrivilege	1992	chrome.exe
Token: SeShutdownPrivilege	1992	chrome.exe
Token: SeCreatePagefilePrivilege	1992	chrome.exe
Token: SeShutdownPrivilege	1992	chrome.exe
Token: SeCreatePagefilePrivilege	1992	chrome.exe
Token: SeShutdownPrivilege	1992	chrome.exe
Token: SeCreatePagefilePrivilege	1992	chrome.exe
Token: SeShutdownPrivilege	1992	chrome.exe
Token: SeCreatePagefilePrivilege	1992	chrome.exe
Token: SeShutdownPrivilege	1992	chrome.exe
Token: SeCreatePagefilePrivilege	1992	chrome.exe
Token: SeShutdownPrivilege	1992	chrome.exe
Token: SeCreatePagefilePrivilege	1992	chrome.exe
Token: SeShutdownPrivilege	1992	chrome.exe
Token: SeCreatePagefilePrivilege	1992	chrome.exe
Token: SeShutdownPrivilege	1992	chrome.exe
Token: SeCreatePagefilePrivilege	1992	chrome.exe
Token: SeShutdownPrivilege	1992	chrome.exe
Token: SeCreatePagefilePrivilege	1992	chrome.exe
Token: SeShutdownPrivilege	1992	chrome.exe
Token: SeCreatePagefilePrivilege	1992	chrome.exe
Token: SeShutdownPrivilege	1992	chrome.exe
Token: SeCreatePagefilePrivilege	1992	chrome.exe
Token: SeShutdownPrivilege	1992	chrome.exe
Token: SeCreatePagefilePrivilege	1992	chrome.exe
Token: SeShutdownPrivilege	1992	chrome.exe
Token: SeCreatePagefilePrivilege	1992	chrome.exe
Token: SeShutdownPrivilege	1992	chrome.exe
Token: SeCreatePagefilePrivilege	1992	chrome.exe
Token: SeShutdownPrivilege	1992	chrome.exe
Token: SeCreatePagefilePrivilege	1992	chrome.exe
Token: SeShutdownPrivilege	1992	chrome.exe
Token: SeCreatePagefilePrivilege	1992	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
1236	msedge.exe
1236	msedge.exe
1236	msedge.exe
1236	msedge.exe
1236	msedge.exe
1236	msedge.exe
1236	msedge.exe
1236	msedge.exe
1236	msedge.exe
1236	msedge.exe
1236	msedge.exe
1236	msedge.exe
1236	msedge.exe
1236	msedge.exe
1236	msedge.exe
1236	msedge.exe
1236	msedge.exe
1236	msedge.exe
1236	msedge.exe
1236	msedge.exe
1236	msedge.exe
1236	msedge.exe
1236	msedge.exe
1236	msedge.exe
1236	msedge.exe
1236	msedge.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
6056	imyfone-lockwiper_setup.exe
5996	imyfone-download.tmp
1256	msedge.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
1236	msedge.exe
1236	msedge.exe
1236	msedge.exe
1236	msedge.exe
1236	msedge.exe
1236	msedge.exe
1236	msedge.exe
1236	msedge.exe
1236	msedge.exe
1236	msedge.exe
1236	msedge.exe
1236	msedge.exe
1236	msedge.exe
1236	msedge.exe
1236	msedge.exe
1236	msedge.exe
1236	msedge.exe
1236	msedge.exe
1236	msedge.exe
1236	msedge.exe
1236	msedge.exe
1236	msedge.exe
1236	msedge.exe
1236	msedge.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1256	msedge.exe
1256	msedge.exe
1256	msedge.exe
1256	msedge.exe
1256	msedge.exe
1256	msedge.exe
1256	msedge.exe
1256	msedge.exe
1256	msedge.exe
1256	msedge.exe
1256	msedge.exe
1256	msedge.exe
1256	msedge.exe
1256	msedge.exe
1256	msedge.exe
1256	msedge.exe

Suspicious use of SetWindowsHookEx 36 IoCs

pid	Process
5136	LockWiper.exe
5136	LockWiper.exe
5136	LockWiper.exe
5136	LockWiper.exe
5136	LockWiper.exe
5136	LockWiper.exe
5136	LockWiper.exe
5136	LockWiper.exe
5136	LockWiper.exe
5136	LockWiper.exe
5136	LockWiper.exe
5136	LockWiper.exe
5136	LockWiper.exe
5136	LockWiper.exe
5136	LockWiper.exe
5136	LockWiper.exe
5136	LockWiper.exe
5136	LockWiper.exe
5136	LockWiper.exe
5136	LockWiper.exe
5136	LockWiper.exe
5136	LockWiper.exe
5136	LockWiper.exe
5136	LockWiper.exe
5136	LockWiper.exe
5136	LockWiper.exe
5136	LockWiper.exe
5136	LockWiper.exe
5136	LockWiper.exe
5844	appAutoUpdate.exe
5844	appAutoUpdate.exe
5844	appAutoUpdate.exe
5844	appAutoUpdate.exe
5844	appAutoUpdate.exe
5136	LockWiper.exe
5136	LockWiper.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1236 wrote to memory of 1588	1236	msedge.exe	83
PID 1236 wrote to memory of 1588	1236	msedge.exe	83
PID 1236 wrote to memory of 1700	1236	msedge.exe	84
PID 1236 wrote to memory of 1700	1236	msedge.exe	84
PID 1236 wrote to memory of 1700	1236	msedge.exe	84
PID 1236 wrote to memory of 1700	1236	msedge.exe	84
PID 1236 wrote to memory of 1700	1236	msedge.exe	84
PID 1236 wrote to memory of 1700	1236	msedge.exe	84
PID 1236 wrote to memory of 1700	1236	msedge.exe	84
PID 1236 wrote to memory of 1700	1236	msedge.exe	84
PID 1236 wrote to memory of 1700	1236	msedge.exe	84
PID 1236 wrote to memory of 1700	1236	msedge.exe	84
PID 1236 wrote to memory of 1700	1236	msedge.exe	84
PID 1236 wrote to memory of 1700	1236	msedge.exe	84
PID 1236 wrote to memory of 1700	1236	msedge.exe	84
PID 1236 wrote to memory of 1700	1236	msedge.exe	84
PID 1236 wrote to memory of 1700	1236	msedge.exe	84
PID 1236 wrote to memory of 1700	1236	msedge.exe	84
PID 1236 wrote to memory of 1700	1236	msedge.exe	84
PID 1236 wrote to memory of 1700	1236	msedge.exe	84
PID 1236 wrote to memory of 1700	1236	msedge.exe	84
PID 1236 wrote to memory of 1700	1236	msedge.exe	84
PID 1236 wrote to memory of 1700	1236	msedge.exe	84
PID 1236 wrote to memory of 1700	1236	msedge.exe	84
PID 1236 wrote to memory of 1700	1236	msedge.exe	84
PID 1236 wrote to memory of 1700	1236	msedge.exe	84
PID 1236 wrote to memory of 1700	1236	msedge.exe	84
PID 1236 wrote to memory of 1700	1236	msedge.exe	84
PID 1236 wrote to memory of 1700	1236	msedge.exe	84
PID 1236 wrote to memory of 1700	1236	msedge.exe	84
PID 1236 wrote to memory of 1700	1236	msedge.exe	84
PID 1236 wrote to memory of 1700	1236	msedge.exe	84
PID 1236 wrote to memory of 1700	1236	msedge.exe	84
PID 1236 wrote to memory of 1700	1236	msedge.exe	84
PID 1236 wrote to memory of 1700	1236	msedge.exe	84
PID 1236 wrote to memory of 1700	1236	msedge.exe	84
PID 1236 wrote to memory of 1700	1236	msedge.exe	84
PID 1236 wrote to memory of 1700	1236	msedge.exe	84
PID 1236 wrote to memory of 1700	1236	msedge.exe	84
PID 1236 wrote to memory of 1700	1236	msedge.exe	84
PID 1236 wrote to memory of 1700	1236	msedge.exe	84
PID 1236 wrote to memory of 1700	1236	msedge.exe	84
PID 1236 wrote to memory of 4992	1236	msedge.exe	85
PID 1236 wrote to memory of 4992	1236	msedge.exe	85
PID 1236 wrote to memory of 4024	1236	msedge.exe	86
PID 1236 wrote to memory of 4024	1236	msedge.exe	86
PID 1236 wrote to memory of 4024	1236	msedge.exe	86
PID 1236 wrote to memory of 4024	1236	msedge.exe	86
PID 1236 wrote to memory of 4024	1236	msedge.exe	86
PID 1236 wrote to memory of 4024	1236	msedge.exe	86
PID 1236 wrote to memory of 4024	1236	msedge.exe	86
PID 1236 wrote to memory of 4024	1236	msedge.exe	86
PID 1236 wrote to memory of 4024	1236	msedge.exe	86
PID 1236 wrote to memory of 4024	1236	msedge.exe	86
PID 1236 wrote to memory of 4024	1236	msedge.exe	86
PID 1236 wrote to memory of 4024	1236	msedge.exe	86
PID 1236 wrote to memory of 4024	1236	msedge.exe	86
PID 1236 wrote to memory of 4024	1236	msedge.exe	86
PID 1236 wrote to memory of 4024	1236	msedge.exe	86
PID 1236 wrote to memory of 4024	1236	msedge.exe	86
PID 1236 wrote to memory of 4024	1236	msedge.exe	86
PID 1236 wrote to memory of 4024	1236	msedge.exe	86
PID 1236 wrote to memory of 4024	1236	msedge.exe	86
PID 1236 wrote to memory of 4024	1236	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\sample.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8f78446f8,0x7ff8f7844708,0x7ff8f7844718
  2⤵
  PID:1588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,12480289336680155658,7252883365083591301,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2112 /prefetch:2
  2⤵
  PID:1700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2084,12480289336680155658,7252883365083591301,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2392 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2084,12480289336680155658,7252883365083591301,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2872 /prefetch:8
  2⤵
  PID:4024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,12480289336680155658,7252883365083591301,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:1
  2⤵
  PID:5108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,12480289336680155658,7252883365083591301,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
  2⤵
  PID:4076
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,12480289336680155658,7252883365083591301,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5132 /prefetch:8
  2⤵
  PID:1276
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,12480289336680155658,7252883365083591301,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5132 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,12480289336680155658,7252883365083591301,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5220 /prefetch:1
  2⤵
  PID:3840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,12480289336680155658,7252883365083591301,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5236 /prefetch:1
  2⤵
  PID:872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,12480289336680155658,7252883365083591301,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5584 /prefetch:1
  2⤵
  PID:5056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,12480289336680155658,7252883365083591301,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5580 /prefetch:1
  2⤵
  PID:3348

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1816

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2004

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8e955ab58,0x7ff8e955ab68,0x7ff8e955ab78
  2⤵
  PID:3956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=556 --field-trial-handle=1892,i,3644680790091819256,16077189861215902246,131072 /prefetch:2
  2⤵
  PID:4860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1968 --field-trial-handle=1892,i,3644680790091819256,16077189861215902246,131072 /prefetch:8
  2⤵
  PID:224
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2248 --field-trial-handle=1892,i,3644680790091819256,16077189861215902246,131072 /prefetch:8
  2⤵
  PID:5040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3032 --field-trial-handle=1892,i,3644680790091819256,16077189861215902246,131072 /prefetch:1
  2⤵
  PID:872
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3048 --field-trial-handle=1892,i,3644680790091819256,16077189861215902246,131072 /prefetch:1
  2⤵
  PID:4704
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3588 --field-trial-handle=1892,i,3644680790091819256,16077189861215902246,131072 /prefetch:1
  2⤵
  PID:4548
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4532 --field-trial-handle=1892,i,3644680790091819256,16077189861215902246,131072 /prefetch:8
  2⤵
  PID:2700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4644 --field-trial-handle=1892,i,3644680790091819256,16077189861215902246,131072 /prefetch:8
  2⤵
  PID:832
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4908 --field-trial-handle=1892,i,3644680790091819256,16077189861215902246,131072 /prefetch:8
  2⤵
  PID:3592
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5080 --field-trial-handle=1892,i,3644680790091819256,16077189861215902246,131072 /prefetch:8
  2⤵
  PID:5124
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5112 --field-trial-handle=1892,i,3644680790091819256,16077189861215902246,131072 /prefetch:8
  2⤵
  PID:5164
- C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe
  "C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe" --reenable-autoupdates --system-level
  2⤵
  PID:5180
- - C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe
    "C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x23c,0x240,0x244,0x218,0x248,0x7ff73518ae48,0x7ff73518ae58,0x7ff73518ae68
    3⤵
    PID:5244
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5108 --field-trial-handle=1892,i,3644680790091819256,16077189861215902246,131072 /prefetch:1
  2⤵
  PID:5420
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3364 --field-trial-handle=1892,i,3644680790091819256,16077189861215902246,131072 /prefetch:1
  2⤵
  PID:5784
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3152 --field-trial-handle=1892,i,3644680790091819256,16077189861215902246,131072 /prefetch:8
  2⤵
  PID:3548
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5172 --field-trial-handle=1892,i,3644680790091819256,16077189861215902246,131072 /prefetch:8
  2⤵
  PID:684
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5192 --field-trial-handle=1892,i,3644680790091819256,16077189861215902246,131072 /prefetch:8
  2⤵
  PID:3768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5300 --field-trial-handle=1892,i,3644680790091819256,16077189861215902246,131072 /prefetch:8
  2⤵
  PID:5676
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5564 --field-trial-handle=1892,i,3644680790091819256,16077189861215902246,131072 /prefetch:8
  2⤵
  PID:2432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5548 --field-trial-handle=1892,i,3644680790091819256,16077189861215902246,131072 /prefetch:8
  2⤵
  PID:5772
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5932 --field-trial-handle=1892,i,3644680790091819256,16077189861215902246,131072 /prefetch:8
  2⤵
  PID:6012
- C:\Users\Admin\Downloads\imyfone-lockwiper_setup.exe
  "C:\Users\Admin\Downloads\imyfone-lockwiper_setup.exe"
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Drops file in Program Files directory
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of FindShellTrayWindow
  PID:6056
- - C:\Program Files (x86)\imyfone_down\imyfone-lockwiper_setup\imyfone-download.exe
    /verysilent /imyfone_down /wait_run /path="C:\Program Files (x86)\" /progress="C:\Program Files (x86)\imyfone_down\imyfone-lockwiper_setup\temp.progress"
    3⤵
    - Executes dropped EXE
    PID:4912
  - - C:\Users\Admin\AppData\Local\Temp\is-R913L.tmp\imyfone-download.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-R913L.tmp\imyfone-download.tmp" /SL5="$9004A,126394065,123904,C:\Program Files (x86)\imyfone_down\imyfone-lockwiper_setup\imyfone-download.exe" /verysilent /imyfone_down /wait_run /path="C:\Program Files (x86)\" /progress="C:\Program Files (x86)\imyfone_down\imyfone-lockwiper_setup\temp.progress"
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Drops file in Program Files directory
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of FindShellTrayWindow
      PID:5996
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://apipdm.imyfone.club/producturl?key=installed&lang=english&pid=91&custom=com_english
    3⤵
    - Enumerates system info in registry
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    PID:1256
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8f78446f8,0x7ff8f7844708,0x7ff8f7844718
      4⤵
      PID:4980
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,239615148349437207,3136344989780103771,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2104 /prefetch:2
      4⤵
      PID:464
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2060,239615148349437207,3136344989780103771,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2328 /prefetch:3
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:4656
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2060,239615148349437207,3136344989780103771,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2844 /prefetch:8
      4⤵
      PID:1480
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,239615148349437207,3136344989780103771,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3376 /prefetch:1
      4⤵
      PID:4760
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,239615148349437207,3136344989780103771,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3396 /prefetch:1
      4⤵
      PID:548
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,239615148349437207,3136344989780103771,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5076 /prefetch:1
      4⤵
      PID:5724
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,239615148349437207,3136344989780103771,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5452 /prefetch:8
      4⤵
      PID:4864
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,239615148349437207,3136344989780103771,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5452 /prefetch:8
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:5644
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,239615148349437207,3136344989780103771,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3936 /prefetch:1
      4⤵
      PID:5372
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,239615148349437207,3136344989780103771,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2692 /prefetch:1
      4⤵
      PID:4028
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,239615148349437207,3136344989780103771,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4356 /prefetch:1
      4⤵
      PID:4408
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,239615148349437207,3136344989780103771,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5044 /prefetch:1
      4⤵
      PID:3920
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,239615148349437207,3136344989780103771,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5940 /prefetch:1
      4⤵
      PID:6616
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2060,239615148349437207,3136344989780103771,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=4104 /prefetch:8
      4⤵
      PID:6984
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,239615148349437207,3136344989780103771,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3700 /prefetch:1
      4⤵
      PID:5984
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2060,239615148349437207,3136344989780103771,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6268 /prefetch:8
      4⤵
      PID:6272
- - C:\Program Files (x86)\iMyFone\iMyFone LockWiper\LockWiper.exe
    "C:\Program Files (x86)\iMyFone\iMyFone LockWiper\LockWiper.exe"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Drops file in Program Files directory
    - Checks SCSI registry key(s)
    - Suspicious behavior: AddClipboardFormatListener
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious behavior: GetForegroundWindowSpam
    - Suspicious use of SetWindowsHookEx
    PID:5136
  - - C:\Program Files (x86)\iMyFone\iMyFone LockWiper\apple_driver\DPInst64.exe
      "C:\Program Files (x86)\iMyFone\iMyFone LockWiper\apple_driver\DPInst64.exe" /F /D /SW /PATH "C:\Program Files (x86)\iMyFone\iMyFone LockWiper\apple_driver"
      4⤵
      Executes dropped EXE
      Drops file in System32 directory
      Drops file in Windows directory
      Checks SCSI registry key(s)
      PID:1104
  - - C:\Program Files (x86)\iMyFone\iMyFone LockWiper\appAutoUpdate.exe
      "C:\Program Files (x86)\iMyFone\iMyFone LockWiper\appAutoUpdate.exe" --autoInstall=true --updateURL=https://apipdm.imyfone.club/v2/verinfo?bit=2& --silent=true
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious behavior: AddClipboardFormatListener
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of SetWindowsHookEx
      PID:5844
  - - C:\Program Files (x86)\iMyFone\iMyFone LockWiper\apple_driver\devcon_x64.exe
      "C:\Program Files (x86)\iMyFone\iMyFone LockWiper\apple_driver\devcon_x64.exe" rescan
      4⤵
      Executes dropped EXE
      PID:6308
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.imyfone.com/unlock-iphone/how-to-bypass-iphone-11-passcode/?utm_medium=message_center&utm_source=mc_lockwiperios&utm_campaign=lockwiperios&utm_term=24050803
      4⤵
      PID:6488
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8f78446f8,0x7ff8f7844708,0x7ff8f7844718
        5⤵
        
        PID:6520
- C:\Users\Admin\Downloads\imyfone-lockwiper_setup.exe
  "C:\Users\Admin\Downloads\imyfone-lockwiper_setup.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  PID:5320
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=1612 --field-trial-handle=1892,i,3644680790091819256,16077189861215902246,131072 /prefetch:1
  2⤵
  PID:4028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=5896 --field-trial-handle=1892,i,3644680790091819256,16077189861215902246,131072 /prefetch:1
  2⤵
  PID:2180
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3224 --field-trial-handle=1892,i,3644680790091819256,16077189861215902246,131072 /prefetch:8
  2⤵
  PID:6096
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5168 --field-trial-handle=1892,i,3644680790091819256,16077189861215902246,131072 /prefetch:8
  2⤵
  PID:6020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=5764 --field-trial-handle=1892,i,3644680790091819256,16077189861215902246,131072 /prefetch:1
  2⤵
  PID:5744
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=3228 --field-trial-handle=1892,i,3644680790091819256,16077189861215902246,131072 /prefetch:1
  2⤵
  PID:1200
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5880 --field-trial-handle=1892,i,3644680790091819256,16077189861215902246,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:6056

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:5112

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5168

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5888

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch -p -s DeviceInstall
1⤵
- Drops file in Windows directory
- Checks SCSI registry key(s)
PID:7020
- C:\Windows\system32\DrvInst.exe
  DrvInst.exe "4" "0" "C:\Users\Admin\AppData\Local\Temp\{9ca82924-68b6-3e4e-8e94-5bdb7cb426d5}\usbaapl.inf" "9" "4363f9d6b" "0000000000000148" "WinSta0\Default" "0000000000000158" "208" "c:\program files (x86)\imyfone\imyfone lockwiper\apple_driver"
  2⤵
  - Drops file in System32 directory
  - Drops file in Windows directory
  - Checks SCSI registry key(s)
  - Modifies data under HKEY_USERS
  PID:7052
- C:\Windows\system32\DrvInst.exe
  DrvInst.exe "4" "0" "C:\Users\Admin\AppData\Local\Temp\{5bdbfb72-8d80-964b-96a4-d9fe14c1b0e9}\usbaapl64.inf" "9" "4d473d5eb" "0000000000000158" "WinSta0\Default" "000000000000015C" "208" "c:\program files (x86)\imyfone\imyfone lockwiper\apple_driver"
  2⤵
  - Drops file in System32 directory
  - Drops file in Windows directory
  - Checks SCSI registry key(s)
  - Modifies data under HKEY_USERS
  PID:5828

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\iMyFone\iMyFone LockWiper\Feedback.exe

Filesize
587KB

MD5
9a625cf6713d3db5274cf5b4ec314a78

SHA1
3273049ca503650c85d31f241abc4773268b538e

SHA256
8bbf4670b7568ecb407795ef7927eaa7ea94b0b889e0a0c1ca3b5bf2395e4501

SHA512
b90bf43d1da8024542a4ee2e2a5cf4b3b2fd47e47f613987239f7da7b0f4c6cb281743fd40fbd4998510484fc4456ad56447ed0b689cf3f8b07b9eaaab2687e8

Download Submit
C:\Program Files (x86)\iMyFone\iMyFone LockWiper\LockWiper.exe

Filesize
4.6MB

MD5
77dafb2b58578825701e07b8d152a4d8

SHA1
87c863774b19006dba58faf807135922f83d3626

SHA256
cf8c509517b7ff79320b59310b7ac800dcdc0446f2ee87ab167c8d27929e08d5

SHA512
f5736744537fe02f06fe77c4fcfe02b9d2746f12ee865c617a70a5abcc0749caf564c0ddc26e698b5bd6034bb071c0240b11036cdfae1f5ace3aff789cfd3ec1

Download Submit
C:\Program Files (x86)\iMyFone\iMyFone LockWiper\RegisterRes\skin\Application\is-L28C0.tmp

Filesize
1KB

MD5
13e32ba5a597fe34bf1b9b6ffd1a1721

SHA1
510545840e5d5ab769de857c8545c50a29b9dcee

SHA256
101ec8141fbaad7ea1fb83fdf3763d4ca864d728c9d3e6e041457dee70f5c371

SHA512
c1f926db7461b473b33a2f60f0f56e1d3a38f97c4e1861c9d6da6df6e0aff354b7dcf1feb786e5ca29ab43b257677c2597c2b208721efc20adada733a5b480a7

Download Submit
C:\Program Files (x86)\iMyFone\iMyFone LockWiper\RegisterRes\skin\Application\is-N8E4C.tmp

Filesize
1KB

MD5
23290fcdf5a282379e144811a57061c4

SHA1
8c0398c66770a554867d1084f1db15fee9909423

SHA256
161ec8d08165819fcef909588c0a46d1458d9e74a03bd43b588d711fab4ff210

SHA512
8ab21e2e8ef68d2e9c864adb820bb0e4f7892e2f963cb800ef3aacd26a40f2f597a589c35f78850b993ab42af8b2ae1dcbc6abb5ecf2b6695e71ec83a7a99147

Download Submit
C:\Program Files (x86)\iMyFone\iMyFone LockWiper\ServiceManagerDll.dll

Filesize
111KB

MD5
e3c27da442fda709671cc166a03166cd

SHA1
3c38092bdaa04b7473bc0b9534e3a95273c952d7

SHA256
34558b7aad9e8d5ca19f6797c53869f32a25b9a3cf72ffd594de926f22af51cf

SHA512
485dbd266b738cd0b773298d2d8a0c2b15ffb5ee00de890cb33612daa6b0c954ba6db8234ba8854b9ac0d5ee1e74221e8d4eadbe31af0f79dd7f6181ac5c9e91

Download Submit
C:\Program Files (x86)\iMyFone\iMyFone LockWiper\Setup.ico

Filesize
9KB

MD5
00d39d6f4e6625ebf207eb1019c0c2b8

SHA1
580a396b5e07c436e80c3e15ca27eb7ff0bb1189

SHA256
5c6c587a8c75c152e7581cf85d4f8c2c95c0bdf28b1069e7837484c77a436ff1

SHA512
407339f636554ae7466908211ae91e4d570be1c4f872c9017adb53301a4959a3b1bf4e5bfb5c5e6b1878f567e5751d95d3954d23d49847aaa5e1656902a79dce

Download Submit
C:\Program Files (x86)\iMyFone\iMyFone LockWiper\code.txt

Filesize
17KB

MD5
f577bcce5d69c35a92b9d4c69e9e90a7

SHA1
55724dede9e79195bcb22fb9bf2b526b6d2da8d6

SHA256
878b1a03e9818261f8309f62c6a2484e1b3900eb7a1e959fb9f51d6f496a4fec

SHA512
f19a067901d6aff309568ffbf6ba6b4a6e212b7aa8b16b75176ee1be1536b703d6424106625fb9d957b62d44071b5b846d303e4f08c12e761382c2b5d9b338df

Download Submit
C:\Program Files (x86)\iMyFone\iMyFone LockWiper\data\backup\1\514cdb66751229d146596937bbe4ecbbad90c028\550a09c4f8c4d89df203ab615ffc979d3c56f613

Filesize
181B

MD5
2de6a04cdba79ed13580c47dfd70cc5f

SHA1
bcefe0558555914d731c16b1778c49e77fe06b99

SHA256
97704a8960b4facceef54397a08fb5d0a456247c3627359215aa2a27df22656c

SHA512
605dc81b28c530fc8ebcf3c5a28486af8bbd3303ee5df53b5424e492e5dbe01baa0468fa4da1398451a62dff4d45067a2bf765f7def9ca0890883484de38a13b

Download Submit
C:\Program Files (x86)\iMyFone\iMyFone LockWiper\data\backup\1\514cdb66751229d146596937bbe4ecbbad90c028\5c00d54c39e7cdfe6419d9583dd973a9223f545a

Filesize
42B

MD5
ce7f5b3d4bfc7b4b0da6a06dccc515f2

SHA1
ce657a52a052a3aaf534ecfbf7cbdde4ee334c10

SHA256
9261ecceda608ef174256e5fdc774c1e6e3dcf533409c1bc393d490d01c713f1

SHA512
db9de6afa0e14c347aa0988a985b8a453ef133a2413c03bae0fab48bda34d4f9a488db104837a386bb65c393e8f11b1ed4856b211c1c186423649c147d6aabfb

Download Submit
C:\Program Files (x86)\iMyFone\iMyFone LockWiper\data\backup\1\514cdb66751229d146596937bbe4ecbbad90c028\c857040ce4ce8654af495a2f04da92a0a5111fac

Filesize
12KB

MD5
5b57d8e657ab7bf235384444df0823dc

SHA1
abfe83404433c545b8024b6a783d10154dcdee58

SHA256
71188953f865f356b6ba07566e7b705dd2f020bf70745d556de9f2dfd35f167c

SHA512
d4d8ca27d7666f0b09457949bf10e5707dca0faf84fe557492277f05103ddf7d9dadfc4e48b588b74421952216fba6d11a919a4f36ebdb8c41124df4cc627dec

Download Submit
C:\Program Files (x86)\iMyFone\iMyFone LockWiper\data\backup\2\b46ae678226f77a94fc94328f18e3872bdd6cf88\45b1a377feee16fa8e2fbf128469e2b9e5403e6f

Filesize
263B

MD5
bf84313b2c72824e6b6bfc387b6cfe53

SHA1
1740a29efab5a611a554b7b7464ac7466e7fa61d

SHA256
7728c4a1ade18218c4301c1fe971f2df8deded0fcd045ce7525116e2908c6350

SHA512
597aff1bc81320466fee66655d03e0342e73d77970cce8322baacc6ac8c364eb6080c320684f4f05f36384eb3956e0c718988ee28a97bc4ba258ea1e161ade2b

Download Submit
C:\Program Files (x86)\iMyFone\iMyFone LockWiper\skin\PictureNormal\EquityShowView\button\is-H4CU4.tmp

Filesize
18KB

MD5
e2bcb6c8b94370b03fd92eab1c7423ca

SHA1
224aedffed6d36e902d7db3a8cfc85b6e512de6a

SHA256
eb64e1ec1fc8d8aec9a892bdb93b6522c9f3ce10bd8c2045282256f083983e79

SHA512
a88772c9800fbd408ad45849feb0cb94ac528f58af47ffe70a06042be3dac7a8d1890d0f005f40cee2b4e3da144f5269a943ddfd82d24bece7d5360c813e24d2

Download Submit
C:\Program Files (x86)\iMyFone\iMyFone LockWiper\skin\PictureNormal\MFCore\is-3EC71.tmp

Filesize
939B

MD5
19b7d9b8add3aeb363e8f791c9f579ad

SHA1
44ef61c5be7b2a7d1f55ae9ff16ccf587732a4a9

SHA256
893929d0ed5a21b030e17a9480dc0284fb855af6349ab7d9a59e44e2db992a06

SHA512
03a03d64096c8b43d50b1c8ceb43980679442f4c5ba2a0e4ae02887026f6f25ec02acb18f8c811645dfa19178352f4dc05053cca1a65e60b473cd2ac1c78f545

Download Submit
C:\Program Files (x86)\iMyFone\iMyFone LockWiper\skin\PictureNormal\MFCore\is-BOE2M.tmp

Filesize
2KB

MD5
1cf76fb23ab1348760a1beed374b38af

SHA1
505cf19886426dbef4cc13d8ef68fccf319db162

SHA256
bec67f6eb864c8a1430be3a470969924b07aeea7d4b75677aa98157be1b10209

SHA512
e6cb12d623ff7926872530ceecbc83cdf19492fdf0cdd5f4d7f56e03a4bb7a42f57b5230ebf0b21c442c183daeec0e0202bb4cab731f57f394a8f1c24186c491

Download Submit
C:\Program Files (x86)\iMyFone\iMyFone LockWiper\skin\PictureNormal\MFCore\is-HVKD1.tmp

Filesize
1KB

MD5
9e3afcdf352206204c79398e00e326cc

SHA1
a7d0a821cc85d9df470e9ff42b3f24052d105a5a

SHA256
3365aaf1ed950a3965da198bf400fbaeabf6d3655e994000225896a9eb827d93

SHA512
f16e8cd05cff7e99dcf2e66e55674108cb1a95dd721290e1b318357201dbb87ea7cf6f3f8c8338edf335413c715ff7ae8434e698f8af5e4de5b9edcc8789a84e

Download Submit
C:\Program Files (x86)\iMyFone\iMyFone LockWiper\skin\PictureNormal\MFCore\is-KD4O7.tmp

Filesize
933B

MD5
1cdf2a0526603369869410fe69bf452b

SHA1
4b01d0d66f2eb5a7daf1ce0813994278a25d8d8b

SHA256
1df070f2ac1770cbdbaee4a866740594361710eb49cb78f1cf28ac6b35b8b064

SHA512
0a3080892b1e01fee07633f28ff2f82d488e0a00cfac042f7d43d5ccfbba8a11886cca518c656c8eac2c6b1deb2ce08e448ea691d3e285aa65ebaa46aaf5b889

Download Submit
C:\Program Files (x86)\iMyFone\iMyFone LockWiper\skin\PictureNormal\MFCore\is-NGBBL.tmp

Filesize
1KB

MD5
b0fa5e062b6987d675fb81c51c9d3e5e

SHA1
8d0ff4b9d729bb3f659329355df1df9111282fc4

SHA256
9e82b7d987b636edc1681481e79cd557e3f5451433bcfd81b409b1d53b233a01

SHA512
10469624fcce0d11db084c546699eef1727ad953dbc7a87faf402ea2567f7d7ecfc99051b99379960d93e1582cc12d9bf2032b20b71f82648e181478941ecc35

Download Submit
C:\Program Files (x86)\iMyFone\iMyFone LockWiper\skin\PictureNormal\Svg\is-1F8L3.tmp

Filesize
1KB

MD5
605bc66bf18e0d8b50a15a18a3bf5f75

SHA1
3a38c50d189e29cfc761842c33245372a20c9e44

SHA256
4eb9afe3a1681ce344a83f61c3868a1e79b9d1a40f6cbbaa143de03119ee6666

SHA512
bd6373532c7b6d3920fb0107db6edfb6b99d0019392bace717def43c74461c06a5581c2284eb1878173156f40e46086845bf90d19d08e0f4f7850877ca024426

Download Submit
C:\Program Files (x86)\imyfone_down\imyfone-lockwiper_setup\Log\imyfone_down.log

Filesize
494B

MD5
f6cef86677293af4a7eb5be0e979474c

SHA1
85edcfad9afe923982ce43e52d3addb613c7c26c

SHA256
3fb6a4689f109136b121d091ac9eccdd886a042244b1e42f47df2f9387b4fe8b

SHA512
9277287e1f63bb0fa78098edad7ac9aecd0770092787f29e5722b9d6f28a81b62780647fc011f13c7b83e98d1cc2dc2dabda529b16cc9316acb13815abae0abb

Download Submit
C:\Program Files (x86)\imyfone_down\imyfone-lockwiper_setup\language\Arabic\UrlInfo.ini

Filesize
696B

MD5
67eb180d656ca017b51bc788b35d549e

SHA1
9e7a528e5f1e4f4dff0c75aa82a14f39f1f1132a

SHA256
0a47a9c1fafa1c24589be0c7cd0ade8f7f37d65bb463d85297c586e140195659

SHA512
ae59f3521c348e4c89eb10a8760abc14015c4395bde6da6fd632995adcf9c87810eae70819be791c3a4451727580f86a54e27c043ae7e1d4bef9d287e49087a5

Download Submit
C:\Program Files (x86)\imyfone_down\imyfone-lockwiper_setup\language\Arabic\text.ini

Filesize
1KB

MD5
18f0a45b8fee05f2ad547d483acf16a6

SHA1
4cee35f5357f7912991b04b5f0b3c646c5985e25

SHA256
bc4a609a31234a066b449b780b9e0eb2f0b29aa08651191e5dad98378fcb148c

SHA512
f59e1d5f47d32b95a26d1f443a1d107fe9aa37fa3c26fb3ec70db27f1f86468fc491a69a4b78d94cb462cbadb96649ffcc0e768248e6770cb4273aa4c213ddb5

Download Submit
C:\Program Files (x86)\imyfone_down\imyfone-lockwiper_setup\language\ChineseTW\UrlInfo.ini

Filesize
708B

MD5
18bb65f6fcc782c55221bc4b5de0430e

SHA1
0e4c357dbcf019d63590bbe1c12a95be330ee2bf

SHA256
adcd206bb482fdfcbd0adb724a8bf3ced40fd7f39e6244212c23cc345e38bf6d

SHA512
cfbebf037f1138ceaa0c4f9df3e19ebca336415c8bb209b1a0cb6121fd0defdece65faa266bfde42e753ef941eee91b61b8438f1315054ed5dff2b777f61f100

Download Submit
C:\Program Files (x86)\imyfone_down\imyfone-lockwiper_setup\language\ChineseTW\text.ini

Filesize
1008B

MD5
ca3a0f1453f6210b9d87e1b4c2febd86

SHA1
67a691bde4160bfd58c1513a32976c2acf7a8b91

SHA256
51c9132da03d5acbd8cc641680adf41e8e9e962766873b52e08a3238e683614b

SHA512
495a7f78810d84cfa5566b58ad9de309937030b0750bb97edf3ce194520139a76d3100451bbd7ec5d533bcc2b61a3ea120f15fcbf63b5eabf83b5218db288c3b

Download Submit
C:\Program Files (x86)\imyfone_down\imyfone-lockwiper_setup\language\Chinese\UrlInfo.ini

Filesize
700B

MD5
5e5d81628d22e8ca00fc7a4e47a8020b

SHA1
95b793a83415d03284076278e2356c1ba75f6030

SHA256
098e6e3012a7dff43d503c791698fef1d159bc0c39e2c48a485f7ecc07dcf25b

SHA512
7349c83640b98f9e39f646b2a43c070e5ebb5dfc94ed0caa83af832ce8a565ac0d771886e93fa52601a46497df5b412f6286c041414211a1577e9df8d9aee270

Download Submit
C:\Program Files (x86)\imyfone_down\imyfone-lockwiper_setup\language\Chinese\text.ini

Filesize
1000B

MD5
ffaa64827526f852271561edb07f4231

SHA1
110eca00b123718ab9da3895e4e4eff092676234

SHA256
c423b0871c13a26dce9d179090c9acc4ee48b24f17e8c3d1380d7bf4c63b0c6e

SHA512
387496fed615a5f85a8db15c77ccc5126e8707051f0ac206860ee51b0d64021560a19d8dae9286595e73588028f74090e9223d7951fcf085e03a709f544d2cfc

Download Submit
C:\Program Files (x86)\imyfone_down\imyfone-lockwiper_setup\language\Dutch\UrlInfo.ini

Filesize
688B

MD5
a871167f09ad28431d1a25ffbc393f4f

SHA1
c26ef861af5f3951227f0a1e23e3d320010c8dde

SHA256
e9fc2a994fc5c27e70c9c06f8ab4bb4708eca1e6e17841feb6dc4984b84fc5e0

SHA512
79eb23a3e3c2d371900e221ca96c45da4c400823fc83a1cee703478201ce0ede8d2b984efd50d7111e4a9a71250d781509d32369d6181a919fab863ff467b59d

Download Submit
C:\Program Files (x86)\imyfone_down\imyfone-lockwiper_setup\language\Dutch\text.ini

Filesize
2KB

MD5
e91527fa739430a527c4780939287038

SHA1
88447ed28fc2a22bc3aea4908c5296e757ccbac9

SHA256
ebb37e16a4a0a8e6e9b6e56938d2fc5bc80426a31d417e5955a599d24ac7e375

SHA512
cadd82b3bc4fb556195307723fc046e2b0d2da8224de87489b866ac805da124904f97cbc7598e7ec0d844333232bf27eafb8db6ee9cf8b93f3c08ed87192b54c

Download Submit
C:\Program Files (x86)\imyfone_down\imyfone-lockwiper_setup\language\English\UrlInfo.ini

Filesize
700B

MD5
707bd8fffb4c8c478fe774fa10434107

SHA1
89f75de54c965d59b7fb6c8b82aeb282e471c8b7

SHA256
9779c14c2d4f149c441590442067694d76c80eeffdc433bca8a5a5d46037c38f

SHA512
263d00833e3460acb52d10e9183971ee095ee5944e85057d16007739b6ea5e5c9d9fde2ca602f7c00474527353888ccad8bc4c91805081a5bc0feb520c6f6621

Download Submit
C:\Program Files (x86)\imyfone_down\imyfone-lockwiper_setup\language\English\pr_1.png

Filesize
41KB

MD5
f7cfbbcbe185ef17d4268b37b0b3d9d3

SHA1
fcf776ee58487d8a63d239313064a7aa8c343d36

SHA256
7d4a696750ec3de141bd5c2afa1986cdf5f2323114ac22b79be23f8e58a42c88

SHA512
0b44da8cd8481022e5349fc1f1797ef2092d29ce9a0f73f0f84b519758fc2512c75a166cb5d9436507271a1479ca6a0580a09c0bfeefeb99521b8d7b99e31ee4

Download Submit
C:\Program Files (x86)\imyfone_down\imyfone-lockwiper_setup\language\English\pr_2.png

Filesize
42KB

MD5
b9cc25aadb9a2c6ca64464a18ca5aeb1

SHA1
a7f05cea21219b5a365f2a842b34910082d0b919

SHA256
9e68e6576f8baf1fc8c7d8b84198d652e8327ee07ad2b2bbb09703d12ba9d04a

SHA512
914a6564e827eb9f76aee3eba56dac19b9ac29addf4ace708c8d830f481d08469db3fa795e40828e4053319e086b4904174db1fe114aff78f45fdd047901d6ec

Download Submit
C:\Program Files (x86)\imyfone_down\imyfone-lockwiper_setup\language\English\pr_3.png

Filesize
40KB

MD5
5b31079e5eb5a1d0b9a405d3e447b3e0

SHA1
ebb567d11de87baba4c582615eaad9f89045eee2

SHA256
775209b895933670c3f2b8f5d96ae1765478db159d8617a26fe145778a7f6837

SHA512
39f7e1ebd49c485a5c5e856d70024206e26c4e52cf93f45efba4a4ce2c98cf09b3db1fffe90894d17a1fa9aa01b7670715bb363645abb2356da9b7f565208a5b

Download Submit
C:\Program Files (x86)\imyfone_down\imyfone-lockwiper_setup\language\English\text.ini

Filesize
1KB

MD5
5b689680607828af706a76bd4c9bc67a

SHA1
1ca94cbafc785ff368179adb7ea91b27116a9bff

SHA256
6f57fd7e3ecee7f32497e376eead707c9f0f1554b606d451a11e455e2c404459

SHA512
f3d084cf7f2adb41e80dee86a38e639fe4f69720b11234233a8fb402d082070998a6d2f84f4a3d3aab613709e782b9fa28ef5b41dd752b921c4466d624f30c7d

Download Submit
C:\Program Files (x86)\imyfone_down\imyfone-lockwiper_setup\language\French\text.ini

Filesize
1KB

MD5
5b481fcd2e2045210424633ea9a7e44c

SHA1
7b496ece11dda17b0d2f4d3df135514a734ea5f7

SHA256
cda82c8b37dd69987c6ee26fd6f3969f5e6fc17d97315e5bf88386216ef6bb47

SHA512
d213cf0b664a63cc44c7de54d56f7b5a7bff571b7783334615f486ea9d886ca3c8381025d6aa96e66ff45306004ffb5c68abebbb2cf053927937eaa63e4efe7b

Download Submit
C:\Program Files (x86)\imyfone_down\imyfone-lockwiper_setup\language\Italian\UrlInfo.ini

Filesize
700B

MD5
0ed4473fa631800b2de7cd31f256bd7e

SHA1
c5c8ef44b10f0432ac6d0c95721582fa799ac56c

SHA256
83f25816914b6ae0b571af321a58644914b0464626a800babb58fb968edc570d

SHA512
6f8553619df740e36a23ad05f94d37111be73107f5481312a32d52cb4fe496254dcdcee3404323aab049e60de05e184d1bca06f5a2c01165abb6a4d78762a638

Download Submit
C:\Program Files (x86)\imyfone_down\imyfone-lockwiper_setup\language\Italian\text.ini

Filesize
1KB

MD5
1d10791096c4d9211ada1d7aa3e11345

SHA1
140321ea681e0b9a5f1f3b07e00ff45ecaa6bb36

SHA256
5c24f85c9ef109cd72f8aa4f56cd1722a47bb556d67a420c8d406b1de57e1a59

SHA512
d4edfb5713b7558d21de6e8b30fe9ea6de0f2d775582bb2351f3717fce2223eb8f29df62d32cdc0669d6b253f9a42241188508c787805e9cb398c7922c4f27a9

Download Submit
C:\Program Files (x86)\imyfone_down\imyfone-lockwiper_setup\language\Japanese\UrlInfo.ini

Filesize
704B

MD5
09232a3c5e3d7f6b678bcfdcd21db741

SHA1
bcaa3955768261d4fa1acfab9129c77e5cd249c5

SHA256
ee4e51062e6efdb09ed67843bff788010b08cdcc51a8ff9b6c0c31903b953808

SHA512
a6199424228d1b93912b718f8295ea5ba5d3e662de55f46e2b90cf16a5cde45d06f3c519902389df7a8049f3ee37c8ecb76cd95a6350e37ca8740f7593cbe18d

Download Submit
C:\Program Files (x86)\imyfone_down\imyfone-lockwiper_setup\language\Japanese\text.ini

Filesize
1KB

MD5
dfc72f0ee32637e03e86b817c385f3d9

SHA1
d68ca391d540d8365fc87536e3912cad990d960d

SHA256
3e5af3fec8cc15a23faf94b1ab51f3e4d2436129b825a2aa9081637d9c50518f

SHA512
18e18da666ad201bfd176db6889b2d3dbca0b2455340d3ed35e630e5803354778c046b70eaeccd517b8be94da26d1e04f1628950f6947fcee9005412c03bc634

Download Submit
C:\Program Files (x86)\imyfone_down\imyfone-lockwiper_setup\language\Korean\UrlInfo.ini

Filesize
692B

MD5
89d0e646010160215757174b5cf54473

SHA1
6d2ad122856e72c401a942f9ff4804f24971b084

SHA256
ae672a65f3fb9f33a60364bf8ba702ff0f6f74935867ea826a45a3a6d0913777

SHA512
dba0401404560d672b63ed28e1bc62762c6e0d533cc71844016ca907af8ea26c68c0f43594d9a77d766d3c36af2efa7cd88d712d24bdd4e5b8f73d0f5075f419

Download Submit
C:\Program Files (x86)\imyfone_down\imyfone-lockwiper_setup\language\Korean\text.ini

Filesize
1KB

MD5
598e400f947cd8dd8a5701f19b9c089a

SHA1
09abc787e71b5e6a5a4798db4c59297cc3ef8b46

SHA256
94b0a528ab76773e3efac758fdbf171513d6c635bfc9d8ec2f7d65245972d12c

SHA512
e4d197527766df896429f436e57e3a7328b5b400efb0e65704a5ee1318724a971a7685be7f52ec1d8ae424ff603a13919265ef537aa6f13e581ccad0dd4fcf3b

Download Submit
C:\Program Files (x86)\imyfone_down\imyfone-lockwiper_setup\language\Malaysian\UrlInfo.ini

Filesize
708B

MD5
d1ec8bc790fe163d5991ac6382901b19

SHA1
0d7661920b6daef3507bb23eff5ccdce28e4a5ee

SHA256
7f1d755bfd0016bbccb6f88d66d5d486fa04008534ae1b6697b0254d8eccb01d

SHA512
48e5177d71f76ba9ca90a95ea7891f86b401030b5bc1b20e5b7025410b78fad641040e64b6c0d2444a293993e93fddf055875ab5095190729e3d1d6e5483d620

Download Submit
C:\Program Files (x86)\imyfone_down\imyfone-lockwiper_setup\language\Malaysian\text.ini

Filesize
1KB

MD5
adb5608b9e7c301b816ca5d0e30d8433

SHA1
572f273593fccec17834f58f22112f4bc6146c42

SHA256
3856eaa9ec718403a7308349c23ba307b9e547e49c78331544a9ab0940289c4a

SHA512
b9db5e6ba0fd96999edf251f22263dcaaa87a4e97e7d5fbed79c6b712be60c3cb5e52301cf776de20af0ec0a15c823fb0d398583e0d76c5fdf514fb01d7f29df

Download Submit
C:\Program Files (x86)\imyfone_down\imyfone-lockwiper_setup\language\Polish\UrlInfo.ini

Filesize
696B

MD5
707f2b0e0b750dd0855727154223d7e0

SHA1
90132c7ee52384be31d408b334855e5537e3ce1f

SHA256
e58f7d0f58b50ea8590765bdfcd1c310f06064f40c64a51c1f3609625498a788

SHA512
3f4dade3b0ef252e585430e8a19de84b3fb72d106a1f08749831c1f9c4f8bea462d999687b341fb2ebe8b370decef64f159fe4f5052eb65f76c3e1bd43e4a7a7

Download Submit
C:\Program Files (x86)\imyfone_down\imyfone-lockwiper_setup\language\Polish\text.ini

Filesize
2KB

MD5
83c35af75fe6b5f47feac01371eb6ee8

SHA1
f97fbb7a71a02516ccca966ad0d78165d3657c8b

SHA256
d0824575219bb7d80c5e5c025956ea61e62ae0abcc117c140e831c86038caba7

SHA512
c0b407cc247311e600fd6c24293bcc83d1dec1ca7e95e2b2ed17e2f16f492a309173f2ce4ebe75206d3bc7946b9c909af1b16728d7b875b1ca523629e9e243dd

Download Submit
C:\Program Files (x86)\imyfone_down\imyfone-lockwiper_setup\language\Portuguese\UrlInfo.ini

Filesize
708B

MD5
b96953c71264cddfee42c2767f751606

SHA1
ca121b73a6f5b213a353c795e55f5f5c560f06b0

SHA256
75f53b82357c10f911b6dc233feb01c9f3775cbe185b748bff39a0f0a9d81394

SHA512
42253f9154fac44a06a57797631782bf23ec405e18ac684437134561d23043b351f1dca019312335b50d8a1e00bf38f90ce5e9cdedec0fb6886693906b3272d4

Download Submit
C:\Program Files (x86)\imyfone_down\imyfone-lockwiper_setup\language\Portuguese\text.ini

Filesize
1KB

MD5
4c1b582dc789a97bc07ce8b9377f09bb

SHA1
b0438034545e7cb14847971e6af4cc8738f79fef

SHA256
1db44e1a5345705a823dee710769075f2e393c84b3bbdc6ed97adc24331cae51

SHA512
f0fdab86c5d98155b91d9f2b055ef7137229c8923d777ce6f9ddc9bf7f14156ef2c8089a313084e84efbf7ab37659ada42b2b06f6911cedddb86e13cce245d49

Download Submit
C:\Program Files (x86)\imyfone_down\imyfone-lockwiper_setup\language\Spanish\UrlInfo.ini

Filesize
696B

MD5
72acca6e6bde98dda94ddd43226f1fb5

SHA1
d39f2b9e829a873903c0ad9afbbd2d382f35372e

SHA256
46cb311de4658c589919c92033faa799f7d6ffd8b985b86c3a72b9edbfebfdfd

SHA512
3d3c24291624e04e5a9423c25060776b7e022acea03737e71b3748498a23fb4f9767db91697afb2515b860a4d53f2e661fea39d17b21748d7ba8bdfcce45dba1

Download Submit
C:\Program Files (x86)\imyfone_down\imyfone-lockwiper_setup\language\Spanish\text.ini

Filesize
1KB

MD5
fcd0e9b41df6b626d418d19e371a35be

SHA1
601015c204f7ffa88b6ceefabfe58742a3b8bfb6

SHA256
54fde96bea542a332d69f9607fb334ea0bf17363ee9a730c8dfafa372d2cb6c3

SHA512
1b76fb462b28448e5cbf7746ad66d264a0aaaf00b48db82f4744cc545e651fb8527bfcbb02ad60ccc7aa9a9f46eb224c3144cd5b4db60c00938b99a1adc2bd65

Download Submit
C:\Program Files (x86)\imyfone_down\imyfone-lockwiper_setup\language\Swedish\UrlInfo.ini

Filesize
696B

MD5
33fc1562c2e675f9da6a0b32271184a3

SHA1
35e62bbad1bae3813e63cf2491ca8320d1c9013f

SHA256
abab75eef455c026e7fdb69b33fd886f71830701cf6fea8be59db8a3c83cd377

SHA512
fa7325dbca02ca5814c6ffb6494e555046b5eea51181145e67c917f207995e4d3347ccdc76e18bf495e7b014b2aec13689ba7c6f38dd54a890ea4e19cfe06835

Download Submit
C:\Program Files (x86)\imyfone_down\imyfone-lockwiper_setup\language\Swedish\text.ini

Filesize
2KB

MD5
ac5fa119e8fa1a49ce8b3ec3b52840a0

SHA1
50260d6858e2f0ff8b5df972bb8cc29222949d1e

SHA256
47bdb514ea5ceca2aa51397c66867870f88e77f9664ce16e1d44a735da65bd15

SHA512
586bb2012d10a7525905978c80f226b5abea704ba3f1b94d4bd8725a20623fa272996c86787230d42b2124a6e3b52149d9444fa2b62c6accb568ba2e4625974d

Download Submit
C:\Program Files (x86)\imyfone_down\imyfone-lockwiper_setup\language\Thai\UrlInfo.ini

Filesize
688B

MD5
9d56db3c07fa98ecbbb331c1361a026b

SHA1
08f9c0b18ddc9ccd448026238433885a09675129

SHA256
ddb0af19c201a4a2cd7337d76e5d36753627a9c0df225589cd8ff38d33f28726

SHA512
c3c4ef01d70c48510e909258d4013f9fe6591c8ff0d6271a4be0ecf7250cfc6fb4dc4cc5f55a3ae2c29914572be663ec17ed85f87ebcbd884e71bdb6f5f5b076

Download Submit
C:\Program Files (x86)\imyfone_down\imyfone-lockwiper_setup\language\Thai\text.ini

Filesize
1KB

MD5
4aa6337bd1466bbbba73589dd5f92afb

SHA1
0825870dffe249afa8b5fd0c291313e51c18ff13

SHA256
44cc521cb78dc20ed220579e99efade442d6e06eca478ff2ea46f961a3939610

SHA512
9b4611c91c60199038e22e6c905da453d587ce2176474427b1e95d8f3d2b76816a493c105e77d377d6d521285443c97eb94de53d031f20d7acd7fb889d0c8424

Download Submit
C:\Program Files (x86)\imyfone_down\imyfone-lockwiper_setup\language\language.ini

Filesize
249B

MD5
b19e1d1f513eab05c7430ee91cc9de5b

SHA1
b305197f44428b33d4517f773b388181dc6905bc

SHA256
a798b38f71dd83022b0eb77ef01d57990bbe460796f0d3c1595b6e09a4d40cc5

SHA512
67ddedea9db82026ca80f886c76f2eaa3f9500cb93acb750021eb37e0f7160fb50c7979f051dee909b74cbf06541d496dcfa6ac6387e6950707525824ec9c521

Download Submit
C:\Program Files (x86)\imyfone_down\imyfone-lockwiper_setup\language\productInfo.ini

Filesize
490B

MD5
12844e6a68b5ef70050ea506b6ce0799

SHA1
d58b6c16e4d557e08758f4dec5a1e7544f72569b

SHA256
8cb9eb8227e7c34b64374efa6c9e5906ea3e451bb7c4cf7d63fe8a2c7b80777c

SHA512
6a4be6a575e81afc4016d26e310caf8002a407620c8e7c4061693f54faa68d277be135baa8c100a124c4dcd43fdb744769f335d72fee84f0f1807366d4076479

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
3fb190bc77d05dd98684ac7fa3d4cd6e

SHA1
eca7cc0cc4456d1e901668ea71c9ac3107da3a39

SHA256
61dde0ad47687f9ed16ddc4da3e9995f5bc714e7888e6cb4e7cc0b620f04d9c9

SHA512
e900c2e61d5fea453e27eaf7e2851011efd11c4764aa825a7aacec706b5ec9d5b5d8af3b26d5df4c5923ffa5793822d396195c56197d9e5f815bfc66b8a9997f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
efd6fce92f5680aafbcb468386a2b867

SHA1
da4c8e21dc69afbe3abdc423f923075ca109a8e0

SHA256
8df2b64b864d7c2112a5b4d85ae5f4c349abd786cc1b38cbc171b78efc9ce592

SHA512
cdcef20fc4cb678094c8528831a8641da956a5f4e95aa4a91b2a3ee713750588c73cf59b014243ad7daf6322005ddeb102f799e035053ad9ad1c6cf070c57459

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
451e416c103f8e8d6eb8a4b611e5df0f

SHA1
69fa61257672bffc64f532a753cc2f95d0cbbd62

SHA256
4263ac1d5bc2f7b0e3ff7a78c0c6ccae0c378264e6e060670de60fde74145561

SHA512
e95bb1cea59b5edc5a5fbd65473a7ee983d65fe7f671665df6b833a188b1d879cc83e7c829b66915da274b1d63241c1aaa4a4830a635b153fa7143a44599f3e4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
60be287b5d865a5e81cc7da30ff8e3b2

SHA1
aa5a3498f6fdcd096598e4bfff990db84076f974

SHA256
48018db9788a38c7a40d2a81d318d88d395bc5afaa5630b4393bd7661b0fbe33

SHA512
ebc32dc65caa43677295e24a0d3a2d4407d561e7db882dc2657697feb24f0bf15094c8c913064ab42c8f94ccd14708ab762b64340dbe37d32be62d2cd2c5b41d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
9f597d1804d2ca9b60cb738908de9ba5

SHA1
6dd9a129cdf401ae773e005c9f4e8c51e42cf82f

SHA256
944217ec556f707d6bb4d660f7bcaee6cc9b6eed7537da74e3d1cae66d85ced0

SHA512
97159615c70a30fd8101d5cf3d7313fbc7e3e4fe640865c2209e117027abeca712783ce069a1eb1f3b6f8afb98eeb93f08349ec0acb00eb9e3af1e26adeb2830

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
354B

MD5
725692140151cd5ba9d3073afd85ffa9

SHA1
f997911ee1e6a1bea6367a3956b94185089aeea7

SHA256
9cb9cc77126d2f96aa95571bb0398fe9dd8b381a166a760665b414f2d02b9c48

SHA512
6b38356e428541e2250762eb6f5e84041d0aa7ef429a42a13b5d2b750ce2395fa08a892d5cbb0442d0ded1bbc2a7f09b2d79c9987c5cab074066d776df947e1f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
1deb31bd77b557bb171755123851c2a3

SHA1
d4677dc2c2aed91dcc91e193ce6779270580947b

SHA256
c492eb216a623a64e0f8de5bc84d7c023eefd82c292a28df1fabac10318038e6

SHA512
c1a346deb1af004d8afce1705d98fc6c504c48b5c9b2b51526d6bafa3a12c37cd87d8a24f5e81d60cf3a5bd74be08e6cb460c2f7d5cfa76a62f0797b6e93af35

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
09e9271d6a4dfa9f043a898667298417

SHA1
747222b33df2411b7ec3d2257c31fbb346e49d04

SHA256
c4ca5c9f0491c703e8f6b90539436dd569baf754ab1d688a385b72009ff81d46

SHA512
414af2b822b038dc3f9939219f2ad7a8c26eda67f2a49f21cb27d5c63af9e84ad4f83d32ef05a83c06dd51ff58f2072adbf827946f7c3f9197fbd24c3a0cfa67

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
962b8b25b351444e234af7e50bc6b537

SHA1
2352054d2b2fff5944a550ce425cb1287ac622d7

SHA256
a3851d4d612b962552620c04edbe81e6c6870d8f7e28373b85afaff44810ae7c

SHA512
b87b239de7adc279d605b8552c96feecb219916f66d5586c36cd45bb9f9b02063f406189a7f5d13cb7c04278928c86ec131dfa731ad0ce0971f6c05350bd8fa0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
67cd0dc35901e6409adad1d35139491c

SHA1
e054e81595aeb227c3ec033852e724bb86ac83c8

SHA256
5b05eb557ab943eb2dbb385a812af2d6575e53d28ca3482da085fb25b4d9e43a

SHA512
c5a2b8dba31b9687e59219f90719465c88948d9c6e1b4da304262c523ad7fd2b1519ffd617adc8c3ad0fc48df9cbc9cc2b85578480d8283bc571164d86506858

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
b1aa8af923c003bc86c561ad588d9a7a

SHA1
cd01dd01ecf18f0c699071189d74724432abb797

SHA256
a124c416357d1f49ea7f6195dbb152c928552bde59fb5796b9c9ff3b88d177b8

SHA512
658986de0f25ca441d99efb8f7d92b8f391a3b7c52e96af13d31079c1af42af7392bcca3b0df4edecdb1fc399e5b7bf494fe0de57c48577418cc25204bc14bdb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
4612b05b6e3c4402e3c5fcc40ca3599c

SHA1
a5f53d77e38a175b051c162694736dd289a6c98a

SHA256
d6e65c2088989bcc30db6f1aff0b95fad701f96f4dc7e1295d6d539d87745461

SHA512
e77313bddec60175f65945d1ec2ad7a631ee00d9ef4116606221384d57c4b0f935d4a24d00096f3639a3776b00beac4a2687088251a9fe3eed40cb21df3d4c6a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
d254ba219cfc770e076b713923224702

SHA1
93cca75567ffb024470eed991606509e6504fae2

SHA256
31fbcc93cfb067fd582181a1fdb10b2ed345d97cda8f7ef67f48ad94e7f4d953

SHA512
b7f007c06c60da4c8b5def6359819c5cb97fe76292da1b893b14829c2ea6f9024e01772e28c963971f13165187c0f5f56a86c469dad0687a70671a3361ed8063

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
42e9859bc6780100ba7383691d730528

SHA1
522f0f2e5d05a80bf2b56ebcafccbb812ca4e972

SHA256
7645e8f6af3a35fed63088978debd2e04cc0049322cbc0562753f058d003eed3

SHA512
da02da90254016b853a7da40ec541b80a6b223a21790e8d49bc262f45f77f8c3153cbff58410f3f080e068ecadb4d55dfc23d64125ded5401ad1d9fe0fdce2f7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
16KB

MD5
4d5a6fb9f08343952647ad9ab91d5df9

SHA1
e67c0d6e94a9f890b3198a57048aeb37bd253ca2

SHA256
5b1ed18be8b22bc4e39d26f2aaf32e6556589d89560ece9d4fa72f38be0e7400

SHA512
2033ac3e25048ad8acad70e02ef81b2e24493816dd6ca4307b8411272e78e8be404ed21a890e98439e83245bafd8d3e6ea963f99e61747eb53298c71064cc721

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
56B

MD5
94275bde03760c160b707ba8806ef545

SHA1
aad8d87b0796de7baca00ab000b2b12a26427859

SHA256
c58cb79fa4a9ade48ed821dd9f98957b0adfda7c2d267e3d07951c2d371aa968

SHA512
2aabd49bc9f0ed3a5c690773f48a92dbbbd60264090a0db2fe0f166f8c20c767a74d1e1d7cc6a46c34cfbd1587ddb565e791d494cd0d2ca375ab8cc11cd8f930

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe58a4d6.TMP

Filesize
120B

MD5
59b9ffd6fc23b61e40fa3a633e7c3946

SHA1
4ea0c8a87aa5efbba2ae261b64aaf723c451e160

SHA256
0c1b1a6e2dfc999e16688ff08cc4286b9d6abe7f779baa85ee4be5df7b74f0b8

SHA512
f630b499d4cd39389b69098c1635ab6d4b8b7fd0f5d0e4f0397bf92c1b2c455591d595f5e325862e1690161c3a1c92813780a3a9d80827445baea2c3a4d55dec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
258KB

MD5
16d1fa782c298dc2798c4231ce2a455e

SHA1
79b6e49a732997b0803cc111ff11cf64f2b16ed5

SHA256
bb02fe4f546382fbc7d009b88cb003ba2db91b4f875824bc5a32dcea697826e5

SHA512
a82535e4bb488d29c18fdbffd7fc710249c94ee0fa2d23bb7e4a01a7d962d8a911b96a801583744cb1ff2c590abb52def10011d8b083d728569a57f2c183c160

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
258KB

MD5
f0ce063d61f6b8dcb3f853a8867473e2

SHA1
295dbeab9750bab3961d36a4d98bd753ececff5c

SHA256
b7fb2983fd24dcaf9a552481b6bb67159dacb517eaeaff6ab82d2b09877b2883

SHA512
d916e86cf660fdca558e48b908aaae232e20c542167e911b6cf58c2612384ef6876ae0fb5aa9d32007f6056abb36612505802b54a2c192f649651c1c93bc2a41

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
101KB

MD5
d7bb06947b905f3cb50759a26300c9f8

SHA1
bc49f10b2c20523617c892dd1887592bfcd450ca

SHA256
4bf8e3ebac6fbc88e042c892f31ada668de9ef8411d484923b012433a1296984

SHA512
ab9d84f9e232462957dce4dac786496f49356adfa035eb8ce417b7001ff29aa65468a24b9891823641b1312b4c59aad7d7d3da8ab353ed055799ecfe5d969e4f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe581ece.TMP

Filesize
89KB

MD5
a8acaef62c756f1578bccea92c0edee8

SHA1
12a5ddc3106dfd188aa2d98bccfa0341d238f4cb

SHA256
f5c7dd776c8c31893c79babfa0fab326f2c4fd799b99d8b9edd19f3b83e65a8a

SHA512
a2d51f2da218c1507c18158f859577da30e07801ebda12dad57a99aae61cfa3cff1595347937acfc62c4cae2d2b14d858032b05e53d7901f10b48a406ed87f40

Download Submit
C:\Users\Admin\AppData\Local\LockWiper\MessageCenter\data\version.ini

Filesize
56B

MD5
f6b787c54515a805fe43647e6b4863dc

SHA1
e4bf79815d31bb10ee72e3d83876d34b10c03fee

SHA256
5b69d41e43be71b3851d87593a0aaa88898e87854ef7ed07e5269be75e8063d9

SHA512
9eee1977183d3bb28d4f1db7dc71f1a8dadeaf6a7a5ffd10d0b8b7e64da2f986d188549c2a4e60681129ae6ed5d3fc4d046dd94ca67f38ec1d7d02be8af15a16

Download Submit
C:\Users\Admin\AppData\Local\LockWiper\MessageCenter\data\version.ini.lock

Filesize
24B

MD5
cdc1b12bb308b5f05a6a29431ba9a694

SHA1
c2ee429f6f719614fc98256a7b1d9dca8b9603bc

SHA256
734e8484314470038836a3a4485e60d053d029dba9bf1c96060d407c3f6ec773

SHA512
2e8daacfc0ef1b48a6c5dfb5ac016a6321573f8b0f1ea92f0d239b9ea3535cb9eab42f9418600e47aa157f1cdc559cca86592f7dd54d144b90174d41312c925a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c9c4c494f8fba32d95ba2125f00586a3

SHA1
8a600205528aef7953144f1cf6f7a5115e3611de

SHA256
a0ca609205813c307df9122c0c5b0967c5472755700f615b0033129cf7d6b35b

SHA512
9d30cea6cfc259e97b0305f8b5cd19774044fb78feedfcef2014b2947f2e6a101273bc4ad30db9cc1724e62eb441266d7df376e28ac58693f128b9cce2c7d20d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
0e036cec9d02b1c8192eca37345d8926

SHA1
faa5f87cb45e00b36ea7263cf0baa05bcb3b3ac1

SHA256
14dd25e59519b9c1604e5ecc5bc16d2e44225838ced3dc2067df67b991851ed4

SHA512
3850a7a2711b5bc4da5ecc6dd452f6201cc0c450fa4bff3ab655f6f43beb38a5dd5089535db0e24d25fd74a7ad032a2577230efc9b6de5c3b3f1b143de0a9d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
efccc7faf9d35f6829425651cf800edd

SHA1
0d7ada221f33b53d7d6a3671ffa9f3532694f1fe

SHA256
1fc2038b3cc76c3889043ea19543733a2f20387f340a371ae2027460e9c3a090

SHA512
0dbbd194c34f16a7355d93cdc47c646947e5d4671dc8931b364e1f42493c5b664a2d3b802663479eae3e26b17a4991f6600711593a54863d9b00d8e75552eafd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4dc6fc5e708279a3310fe55d9c44743d

SHA1
a42e8bdf9d1c25ef3e223d59f6b1d16b095f46d2

SHA256
a1c5f48659d4b3af960971b3a0f433a95fee5bfafe5680a34110c68b342377d8

SHA512
5874b2310187f242b852fa6dcded244cc860abb2be4f6f5a6a1db8322e12e1fef8f825edc0aae75adbb7284a2cd64730650d0643b1e2bb7ead9350e50e1d8c13

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\4284626f-81db-42d0-abcb-80ace395cfae.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
34KB

MD5
ed0e26e8cdc9637521def921ae7c4074

SHA1
22cda6530468efc2f55819a334abb67a9073cd8e

SHA256
23a248c718130e27a2a8dcd0567535c8260572838036af3dc8a35cdd9865886a

SHA512
5505d6bf085bb1a373e9ec0d402c58eb3bc4e14a0b352a3e9f6a31c7d1d32838eb4f772f7fe0c336407c784fddb201c443a3a715b2a0d823925f80baf6302b30

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
36KB

MD5
45abd5b23b21d4d347ba4e69b8265d03

SHA1
6c5928d8ac2f8fe8c77b145869238dec02db60a0

SHA256
8e25efa5b1d5da25a3394fc692fcb8463bf1c5f9612cf839018bfc070963a11f

SHA512
02e7cca0a390eb0db57442cccdf494be95e30276209e6e28189499245b200358bbf4a0aa85ce349660b0ab14877538f3482955abad5614540d7648bcadbba85f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
18KB

MD5
4b3cf7a8b2bbd66994d32869972bcd28

SHA1
fdb6d370091552dc1a86891963a0fe4597a7dee3

SHA256
28b89127d0143c4886e9fde861e0fd4c8b1e2aaca8cca2a55fa51cc451898256

SHA512
4a9ea037f96ec90420e8c8f3b1be59303d4fa88ba6f6f703b7309de44f07a58e4adc67cecad1d49a19ad9188a05db7ffcb45fb5cac59baeb01f2aea8084cbec3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
31KB

MD5
79fe0e131a4cc65885a1dbaf99e652e4

SHA1
93b8f7fd6774eb01db623329386b74a211e0e83a

SHA256
7a778efb56907b1f3a584574ca7cc1c3e601a187e3e48e52e82a8b1c19730b37

SHA512
ee3a0fc7c8018bcf9548c121a41bc3a42466a932cff9ad6cfd47fa331843c863f178fe91bfaab4f0271b5c22e7b445bd19ea0d2bc8a67175379aaffa6536c6cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e

Filesize
35KB

MD5
ad1070cc665efdecddb66e1b130e0366

SHA1
bf1f1ca3afb9da2f6b2c8de6a312c5b7f7c4702c

SHA256
c571d0acb296a2aff799fec9f7631a286193c67b1ab42ba1ed22739844c04ada

SHA512
37771077e08bc098be87939cc58d88b938900e7632b32e864c528943ff913cbbbd42c66032535674dfc43c2b67c27371e84a60534ef81e20cbe98ef2a9c83eac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f

Filesize
32KB

MD5
a477486f53eaef0d2a664705420d8b6e

SHA1
effc4a0f82c93fc924388d62abbea60941b48373

SHA256
e629e31867edcf611a9effbc311e04860481c66a38fecb755e339e2ba2d348f6

SHA512
a41394d1d2ab2d363af57ad5a218a7da5ff22e9a3df6e78b116b4cc2715c7705b3de4f897213de3f9bbcae086f8d9bd5214b255e9bdd1e5bb8bb6d191d4c20bc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012

Filesize
60KB

MD5
55e5c56092c8fe74fe91b7312807a330

SHA1
38739b16fcfb7c47f38f87f981e45342b3e613d0

SHA256
3aff8d124d071910b2bb4f740c0f496c2d0c1638ab718b274539d9b9bd2fbb85

SHA512
353dd8674264972660e17ff6a14c266fdf4a4afeb0f505e50f084b099aa1864cf8401f4004411f91f27b597e460010f2d2c33eb18eba3be73a178518645fd971

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000016

Filesize
128KB

MD5
1ad34c6449ff5e7062322e4826a794c4

SHA1
3969a57faab23e708e77a8d91394e3285afee3be

SHA256
3187c908309531e08a686a88b0907955df89a2d1d3074507ee02a53dbee6f1b7

SHA512
604c76ef2864aa5d2140b5bb07c4ef713d57760fcacd9bef433184247ef4848aa6aab8833eff26a8790b869d1a31d2ed80511823f0f33e44c1b93f0b992c026b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001a

Filesize
82KB

MD5
69ea46a7cb02dfc8f379e0aff2e723c2

SHA1
d35dbda96830cbcef98de5b34ae438c71d23c8f2

SHA256
d3c8f86e763085ec64b53baa75a3fff134ab7149ad51ab7a51d1aaf025704513

SHA512
dc5d948d9a39b0c68a0be62c788b0e55ed8695f088c2135ec25a3178753e09680818d14cc69550d0a0b3e190de0ab3f2ec4cb844e072f89ca5f937ca1759b8a2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001e

Filesize
82KB

MD5
414a1b5e8bf4311e0743560b0c02b588

SHA1
556e4bbc1c40e42f81c6f6fe251e9e176066f86f

SHA256
1a6e1d226541cb5e9f7f0f0e81db712df4b50c84c10d274e0084ad6194df4c22

SHA512
a4789b8124065e4c1ad8803b66cb125c0522d895c9b097fa979d7bb52766e212c51bf85483888a4ef0e8057f31be97b07da76bcacb3883fb7f44b0f5f4a7b13f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001f

Filesize
20KB

MD5
87e8230a9ca3f0c5ccfa56f70276e2f2

SHA1
eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7

SHA256
e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9

SHA512
37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000021

Filesize
66KB

MD5
98c4bf16f55aa4138effd446e4c73c19

SHA1
9a84f990cd42cc550e43034f8b0533940c47726d

SHA256
a23988894bd7faa26deebc5d01dde15a04997207ea4f666367fdc3468a1479b3

SHA512
2b5162f3e3ee631115ae8312ab39f8d0e7c0872e69c9f0a9d0197f1fb82995649b90afdefaa3eeb3b7eb1a2ae5c92b5602b3404226a67113d3a26ee23c670892

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000022

Filesize
25KB

MD5
1b7ac631e480d5308443e58ad1392c3d

SHA1
95f148383063ad9a5dff765373a78ce219d94cd7

SHA256
7fb66071ac6c7cfff583072c47bc255706222c2a4672c75400893f4993c31738

SHA512
15134314dfd36247db86f9b3d4dcb637e162f8fd87c0ce73492ffdb73a87492fc80330655617f165dd969812ed2ebcc42503f632d757bb89ba9116137882119d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
936B

MD5
a1e87511bd60ed9d6d953dd7b0e5346f

SHA1
4aa65a6a42d5b9d201c439a13cfa0cad9e1fa2a3

SHA256
2471698071ee479641a5552bf848114ee3a9de75e3d7ebdf850a909d058f09c1

SHA512
500fdc190444d2b7a591fdb811c7f84a4b92d711973a633396feea0ad70f7c99a34787630e4b6c1689d684716960d1edd08f610e78b9a6057b328f6ae4812162

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
b5a315443f51ab87b6e80117b04b3843

SHA1
5bae0c22fc17a4e1269af8627bdeeafc91f2fdf1

SHA256
6c9b8d5a93d6445ecba73cc61984911e642e5555c9ca1a98a9af979dc53b4883

SHA512
17f4ee7bd3131178f6074f6a1747f17c459ba28bf4ac260bfdacdf6afefdd0d7643541ceb909df0a0c502722ada248c84d60ee087774f23f40c4f80b1da377d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
aef4226d57fab18e3fbe60997e498caa

SHA1
ff9704d384a591a637862f9fc71383a891cca7ee

SHA256
01cdd4b0ae614ecc94b7238bad0d7839edffcc3ae28818f8c46ea077b7950741

SHA512
64cc3a109fe31689fc4c8a4dde06401ff0e30cff8768d32dba7d8a6a1a0f2e36f0decf268d61ebee5a5655a0b49168722abc0dacab1f0fe8c9864eaf384f639d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
bcce1951ecd413cd12c862a1731420a0

SHA1
f11d8b50ece820c5f8be6ef680ec0850f071946b

SHA256
651c763156c4231b4601bb7756005a0f64feb48c6c947b5aa072ea2eaf713453

SHA512
79a30a353aa8e74e2b81775d5aac9aa0c12e8bfd959aebb3211b4152189053ca6c066785ca9d038e620117db6dbf55865aa03e4214de48d17281ca4e484fea4b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
dbf0e8f86a9cbfb682147af1e24d9376

SHA1
9352dfecd2182c7f3d3782204f82e8334a2b02d5

SHA256
73a455d610528db6589eb1017a1bcfd6337eb4cc138823bb108df8a11648cdc0

SHA512
531ddd75a3d15dcaade930acf65a0ae9750517e7ec14dc227316d8a0886f2c582ec14c617f868aaeb0c5b99422b7e5440c44cba25ea6b883838c48bb28d445b9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
bf7c8c2ea33e2ad6e82963960a7c4974

SHA1
6450a64df2bbd4af446f0ab8dace29ca39e5f54e

SHA256
c9e2bdaa0334d51e6c415d47d5fc3b7a9a1ba1dc47c659265ceb9e8931432582

SHA512
a114cfd682df6d81d704370c01953960a45451f1f6708574e59b9671529bf7b1587333078c8dcdf09a26b86312979ad06b655db79bad64013d4e2ebab6663f2e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
9e55506979db9f5668be29381345c373

SHA1
fd690c0b0db4c7d7b7f2c7218f9d53e0f75e8650

SHA256
395baf1edcf0a28356736575e5362bfec00f7075f02827760d6479625e606161

SHA512
876368ce16256388e5dbc16e8581fbd2c7021777896bf7a20cb0e320447ef3dbe2159777b00ae2ac4c83f4e220f837a403df6d97d882c56e04c5510454455db1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
996441122608dbf8c5f1c8f036f37da3

SHA1
789d9f7a143d3e271c386b53cbe18a68c1d01695

SHA256
7080d5793a2fd775cc05cf6453e72b23b576ee93d69f978597a545c8ae49792a

SHA512
1cba1b68b8889f257d153d38a74f13f18b4607dbddab29c549b0b572b37842fee2e14b04beea72c691cea83561745bc8349fe24d3b968d9afa13eab7d0b8d9d3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Temp\{5bdbfb72-8d80-964b-96a4-d9fe14c1b0e9}\USBAAPL64.CAT

Filesize
14KB

MD5
26eee7af8aa1ef8c1bd7c9327c602844

SHA1
990a56215aac7000eac9371f489a0fc57d560078

SHA256
946b0a8150213d6a4dd3aef6248ebb923f8167c84c7ff1b10137e5030ec8bf30

SHA512
1cce53edb09f449720005ee9ca013fabb0be498991adf38ce738330a02b336790cb835e235e097c57a7cf983b4bf18664bc113b074cd94f9118901565d83e24d

Download Submit
C:\Users\Admin\AppData\Local\Temp\{5bdbfb72-8d80-964b-96a4-d9fe14c1b0e9}\usbaapl64.inf

Filesize
5KB

MD5
2da3a91b71919d035d8fd17b6b90bbc2

SHA1
c2c6a29f3abc80fd992777a92df30699124d37c5

SHA256
edea577e694efceec5b26d745fff8125e9fc8a78cacd7365e77ef35031ebc49b

SHA512
71b98c884c338902110c83f6c858b906bd8d63e09e5f92d3e019f586d82961fdc71a459e6456a3e9a56b9b109838b4556aee91e0befb68c2ae505c93a41fe56b

Download Submit
C:\Users\Admin\AppData\Local\Temp\{5bdbfb72-8d80-964b-96a4-d9fe14c1b0e9}\usbaapl64.sys

Filesize
53KB

MD5
f957092c63cd71d85903ca0d8370f473

SHA1
9d76d3df84ca8b3b384577cb87b7aba0ee33f08d

SHA256
4dec2fc20329f248135da24cb6694fd972dcce8b1bbea8d872fde41939e96aaf

SHA512
a43ca7f24281f67c63c54037fa9c02220cd0fa34a10b1658bae7e544236b939f26a1972513f392a5555dd97077bba91bbe920d41b19737f9960ef427599622bc

Download Submit
C:\Users\Admin\AppData\Local\Temp\{5bdbfb72-8d80-964b-96a4-d9fe14c1b0e9}\usbaaplrc.dll

Filesize
5.8MB

MD5
1428a8b3dbf4f73b257c4a461df9b996

SHA1
0fe85ab508bd44dfb2fa9830f98de4714dfce4fa

SHA256
5ed0d8f2066dd19d5aec42c5498fdd1db9cefab4d024a1015c707dfd0cfd5b20

SHA512
916a61feb9a36872a7c1adece8933599e55b46f7d113966ec4ad2af0e2568f1a339629ec48eca10bd1e071c88171fe88292dab27ce509ceea42afbd049599cc7

Download Submit
C:\Users\Admin\AppData\Local\Temp\{9ca82924-68b6-3e4e-8e94-5bdb7cb426d5}\USBAAPL.CAT

Filesize
14KB

MD5
97f4158a43852869de6ba9f1c754bbc8

SHA1
0565f0874d623268529b86967b93a7ae8d57dab5

SHA256
1daa9a80eaf692e1c1490afafcc435e37cafa94e9a9dfe453a82b1b472f3b1ba

SHA512
ba75a483ac75deab29c4174f1991dbcf4a76857dac23c99065e07585a5958e49f1ade0133fabdb3c8a28ba35e8df06fb529f81c756ae549b35543ad39817a44e

Download Submit
C:\Users\Admin\AppData\Local\Temp\{9ca82924-68b6-3e4e-8e94-5bdb7cb426d5}\usbaapl.inf

Filesize
5KB

MD5
ca3a369e3993295e11d5fb6b7663f3b9

SHA1
7771a0176a543725d7bbf70a546c096a4ee2dd40

SHA256
4494c8af156d9dc7deea76491d73716e16b42e3e8b5b4555b0fd247b6cacab8b

SHA512
650b0f23b6470ad84a001821bd5ba6fc906db0e6fd616d734a87b9777ac1f5f6d6d0dc52f5aef223bf362109b77cd89c5b4e93562c1168fbd049756d714b64cf

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 153896.crdownload

Filesize
2.9MB

MD5
f8b32e204dbf81a53f7af8049816e25f

SHA1
1d29574d0d26523b3eb394342e3ac3bc3ebb0abb

SHA256
7a06bf10a4e8cc07674e6ed620fbc8dda4b91565d7c62ff8a255688bb9b4d4c4

SHA512
f3190da71c180f896111efcc77d489b1ce454a2ed99477ca940a08bb48cd983b2dea0b23fe5690f9e799f6fa6bddb7bc7054e7c87783544a942380c0202f17bb

Download Submit
memory/4912-600-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/4912-3970-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/4912-1316-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/5136-4120-0x0000000062040000-0x000000006258A000-memory.dmp

Filesize
5.3MB

Download
memory/5844-4611-0x0000000062040000-0x000000006258A000-memory.dmp

Filesize
5.3MB

Download
memory/5996-2374-0x0000000000400000-0x000000000052D000-memory.dmp

Filesize
1.2MB

Download
memory/5996-3969-0x0000000000400000-0x000000000052D000-memory.dmp

Filesize
1.2MB

Download
memory/5996-1361-0x0000000000400000-0x000000000052D000-memory.dmp

Filesize
1.2MB

Download
memory/5996-1444-0x0000000000400000-0x000000000052D000-memory.dmp

Filesize
1.2MB

Download