afafb08014624a207962aa90ebe07e753259f32bbd4f593d3d29858d7699ba41

Analysis

max time kernel
270s
max time network
276s
platform
windows10-1703_x64
resource
win10-20240611-en
resource tags

arch:x64arch:x86image:win10-20240611-enlocale:en-usos:windows10-1703-x64system
submitted
04/09/2024, 01:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

imyfone-lockwiper-android_setup-com_es.exe
Size

4.4MB
MD5

5db7070d89a51b9485e3e1015deb9880
SHA1

a5d337cc3bece4fafbf55a552bcdfb4ec499c317
SHA256

afafb08014624a207962aa90ebe07e753259f32bbd4f593d3d29858d7699ba41
SHA512

4fa728d50c62797766684f04e109d4e1191f7e59a3d37c4c493da266b8d54a8e48d45f50086e3fddf719f366ff74775c57c6ede226e646616db171e63e52fd02
SSDEEP

98304:NlMp7Y4RkGDYcwa49eY3SuOKoLSdILstIe7K9WOb7R:7Mp7Y4dCa493STBdsZeg4

Score

8^/10

discovery

Malware Config

Signatures

Manipulates Digital Signatures 1 TTPs 4 IoCs

Attackers can apply techniques such as changing the registry keys of authenticode & Cryptography to obtain their binary as valid.

SIP and Trust Provider Hijacking

T1553.003

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDInfo\1.3.6.1.4.1.311.60.3.1!7\Name = "szOID_ROOT_PROGRAM_AUTO_UPDATE_CA_REVOCATION"	certutil.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDInfo\1.3.6.1.4.1.311.60.3.2!7\Name = "szOID_ROOT_PROGRAM_AUTO_UPDATE_END_REVOCATION"	certutil.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDInfo\1.3.6.1.4.1.311.60.3.3!7\Name = "szOID_ROOT_PROGRAM_NO_OCSP_FAILOVER_TO_CRL"	certutil.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\0D845AA0916DA3D5731CE67C0818C12BC7A9C2A8\Blob = 0300000001000000140000000d845aa0916da3d5731ce67c0818c12bc7a9c2a82000000001000000420300003082033e3082022aa00302010202107d1929a78310c1a34c9b8b62ec30c450300906052b0e03021d0500302d312b3029060355040313225368656e7a68656e20694d79466f6e6520546563686e6f6c6f677920436f204c7464301e170d3231313130323035353732395a170d3339313233313233353935395a302d312b3029060355040313225368656e7a68656e20694d79466f6e6520546563686e6f6c6f677920436f204c746430820122300d06092a864886f70d01010105000382010f003082010a0282010100bf58628c08ded874b8d6e78c9a5d6e77fbe583ce169354cda85aa259cbc6e8126875cc47bbdd7b48a7da6e21ad400fb870c15f952450c26b0e7929be145f92541c15f788e27bdce2471d3ad2e946724ee146cb8f4dbbd417f15890a188a7af74233afdaa8d4c15e259ccbc0992aff156e60a7bb536a121d008ba15d3ca2ba1cf831b580eb581c280e2d79cac2a73bc177d3d5c6647e15675dc4c9ca2c4feb9fa23396f0d9758deba6551da2a428e0acfac80aac3649f7f105453470faf41929358441b1a6ddd5387eccdc88a5d77d2aed45b1f235c6ff624c168b35e4399ce578b1a9c644b8b0dec421417cd2ff1558c1c4c4c7753d9ee31998a42886bc349090203010001a3623060305e0603551d01045730558010e1e58e12be7794e0e44e143f8997e6e1a12f302d312b3029060355040313225368656e7a68656e20694d79466f6e6520546563686e6f6c6f677920436f204c746482107d1929a78310c1a34c9b8b62ec30c450300906052b0e03021d050003820101003c746e938bf186fd7d81daad6c692c32a589980c52f133c00e1f776493faa535c9af841e414bf63f3b76a038b31da7175ecb45747eefc416acb6d57ae5c6953d13a0c3c515a52b2f39c0810dcf514a6e1f3583067af0b5b1826464d0648cb90101baa8317181a6110be319caa987c6228f2f94f8e3ccef2ab2e785cb3574406049c825681a4a3c32e3fa0373fa4b6725e397a6374503efad00e6eb1246f841dec623f9a8203c4a71eba43801fd976daf8c1afa2181382e398126988a0e4d0c650687358878da41b10e0d8f16c7effd24b0ee4d379cfe8831416bcba47ae3d0eb9ad4da35a3176608c69a4d6aab418c6c633a5a394cc5a49e354e54553a289616	certutil.exe

Looks up external IP address via web service 1 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
197	ip-api.com

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000\Control Panel\International\Geo\Nation	imyfone-lockwiper-android_setup-com_es.exe

Drops file in System32 directory 1 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\iMyFone LockWiper (Android)\iMyFone LockWiper (Android).lnk	imyfone-download.tmp

Enumerates processes with tasklist 1 TTPs 1 IoCs

discovery

Process Discovery

T1057

pid	Process
5928	tasklist.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\iMyFone\iMyfone LockWiper (Android)\skin\PictureNormal\RemoveSreecnLock\TECNO\Page1\is-B4PRE.tmp	imyfone-download.tmp
File created	C:\Program Files (x86)\iMyFone\iMyfone LockWiper (Android)\edlclient\Windows\is-A4CB8.tmp	imyfone-download.tmp
File created	C:\Program Files (x86)\iMyFone\iMyfone LockWiper (Android)\skin\PictureNormal\MFCore\is-49P0N.tmp	imyfone-download.tmp
File created	C:\Program Files (x86)\iMyFone\iMyfone LockWiper (Android)\skin\PictureNormal\gif\Activity\is-2T7O5.tmp	imyfone-download.tmp
File created	C:\Program Files (x86)\iMyFone\iMyfone LockWiper (Android)\language\qm\Register\is-QTLSM.tmp	imyfone-download.tmp
File created	C:\Program Files (x86)\iMyFone\iMyfone LockWiper (Android)\skin\gif\is-U19MI.tmp	imyfone-download.tmp
File created	C:\Program Files (x86)\iMyFone\iMyfone LockWiper (Android)\skin\Application\is-427IT.tmp	imyfone-download.tmp
File created	C:\Program Files (x86)\iMyFone\iMyfone LockWiper (Android)\skin\PictureNormal\gif\Gift2\is-UMV5H.tmp	imyfone-download.tmp
File created	C:\Program Files (x86)\iMyFone\iMyfone LockWiper (Android)\skin\PictureNormal\Member\is-5RI3B.tmp	imyfone-download.tmp
File created	C:\Program Files (x86)\iMyFone\iMyfone LockWiper (Android)\adk\drivers\amd64\is-4E2BJ.tmp	imyfone-download.tmp
File created	C:\Program Files (x86)\iMyFone\iMyfone LockWiper (Android)\MFADB\is-2K9B5.tmp	imyfone-download.tmp
File created	C:\Program Files (x86)\iMyFone\iMyfone LockWiper (Android)\skin\l1\is-LV25T.tmp	imyfone-download.tmp
File created	C:\Program Files (x86)\iMyFone\iMyfone LockWiper (Android)\skin\PictureNormal\gif\Gift1\is-E3CUE.tmp	imyfone-download.tmp
File created	C:\Program Files (x86)\iMyFone\iMyfone LockWiper (Android)\skin\PictureNormal\gif\Gift2\is-46V9P.tmp	imyfone-download.tmp
File created	C:\Program Files (x86)\iMyFone\iMyfone LockWiper (Android)\skin\PictureNormal\RemoveSreecnLock\GuideIndex\is-GE1DH.tmp	imyfone-download.tmp
File opened for modification	C:\Program Files (x86)\iMyFone\iMyfone LockWiper (Android)\api-ms-win-crt-string-l1-1-0.dll	imyfone-download.tmp
File created	C:\Program Files (x86)\iMyFone\iMyfone LockWiper (Android)\skin\downloading6\is-QKM9N.tmp	imyfone-download.tmp
File created	C:\Program Files (x86)\iMyFone\iMyfone LockWiper (Android)\skin\PictureNormal\RemoveSreecnLock\HONOR\Page1\is-BOPRJ.tmp	imyfone-download.tmp
File created	C:\Program Files (x86)\iMyFone\iMyfone LockWiper (Android)\skin\PictureNormal\RemoveSreecnLock\OPPO\Page1\is-44P4D.tmp	imyfone-download.tmp
File opened for modification	C:\Program Files (x86)\iMyFone\iMyfone LockWiper (Android)\DPInst64.exe	imyfone-download.tmp
File created	C:\Program Files (x86)\iMyFone\iMyfone LockWiper (Android)\skin\PictureNormal\gif\Gift2\is-83Q4K.tmp	imyfone-download.tmp
File created	C:\Program Files (x86)\iMyFone\iMyfone LockWiper (Android)\skin\button\is-08B43.tmp	imyfone-download.tmp
File created	C:\Program Files (x86)\iMyFone\iMyfone LockWiper (Android)\skin\PictureNormal\gif\Activity\is-HFQV3.tmp	imyfone-download.tmp
File created	C:\Program Files (x86)\iMyFone\iMyfone LockWiper (Android)\skin\PictureNormal\gif\Gift1\is-RHPLQ.tmp	imyfone-download.tmp
File opened for modification	C:\Program Files (x86)\iMyFone\iMyfone LockWiper (Android)\imageformats\qtiff.dll	imyfone-download.tmp
File created	C:\Program Files (x86)\iMyFone\iMyfone LockWiper (Android)\is-U5T7I.tmp	imyfone-download.tmp
File created	C:\Program Files (x86)\iMyFone\iMyfone LockWiper (Android)\FeedbackRes\QM\is-0J6VV.tmp	imyfone-download.tmp
File created	C:\Program Files (x86)\iMyFone\iMyfone LockWiper (Android)\skin\PictureNormal\RemoveSreecnLock\GOOGLE\Page1\is-FALHD.tmp	imyfone-download.tmp
File created	C:\Program Files (x86)\iMyFone\iMyfone LockWiper (Android)\skin\Application\is-O3PLM.tmp	imyfone-download.tmp
File created	C:\Program Files (x86)\iMyFone\iMyfone LockWiper (Android)\skin\PictureNormal\CToolBoxView\Details\is-TEHAC.tmp	imyfone-download.tmp
File created	C:\Program Files (x86)\iMyFone\iMyfone LockWiper (Android)\skin\PictureNormal\CSelectFrpTypeView\is-F7GI0.tmp	imyfone-download.tmp
File created	C:\Program Files (x86)\iMyFone\iMyfone LockWiper (Android)\skin\PictureNormal\Member\is-5CQGS.tmp	imyfone-download.tmp
File created	C:\Program Files (x86)\iMyFone\iMyfone LockWiper (Android)\imageformats\is-OMDEV.tmp	imyfone-download.tmp
File created	C:\Program Files (x86)\iMyFone\iMyfone LockWiper (Android)\skin\downloading3\is-RNNN8.tmp	imyfone-download.tmp
File created	C:\Program Files (x86)\iMyFone\iMyfone LockWiper (Android)\FeedbackRes\skin\gif\submitting\is-ION5T.tmp	imyfone-download.tmp
File created	C:\Program Files (x86)\iMyFone\iMyfone LockWiper (Android)\MessageCenter\data\is-4ED7Q.tmp	imyfone-download.tmp
File created	C:\Program Files (x86)\iMyFone\iMyfone LockWiper (Android)\skin\Application\is-GUUQK.tmp	imyfone-download.tmp
File created	C:\Program Files (x86)\iMyFone\iMyfone LockWiper (Android)\skin\PictureNormal\RemoveSreecnLock\is-9KJ15.tmp	imyfone-download.tmp
File created	C:\Program Files (x86)\iMyFone\iMyfone LockWiper (Android)\is-9U1JF.tmp	imyfone-download.tmp
File created	C:\Program Files (x86)\iMyFone\iMyfone LockWiper (Android)\9008\amd64\is-NVDK0.tmp	imyfone-download.tmp
File created	C:\Program Files (x86)\iMyFone\iMyfone LockWiper (Android)\skin\button\is-JIAVE.tmp	imyfone-download.tmp
File created	C:\Program Files (x86)\iMyFone\iMyfone LockWiper (Android)\skin\PictureNormal\gif\Gift2\is-3TU16.tmp	imyfone-download.tmp
File created	C:\Program Files (x86)\iMyFone\iMyfone LockWiper (Android)\skin\PictureNormal\Member\is-7RT02.tmp	imyfone-download.tmp
File created	C:\Program Files (x86)\iMyFone\iMyfone LockWiper (Android)\skin\PictureNormal\Member\is-KSODO.tmp	imyfone-download.tmp
File created	C:\Program Files (x86)\iMyFone\iMyfone LockWiper (Android)\9008\x86\is-06EJS.tmp	imyfone-download.tmp
File created	C:\Program Files (x86)\iMyFone\iMyfone LockWiper (Android)\adk\drivers\amd64\is-UMD5H.tmp	imyfone-download.tmp
File created	C:\Program Files (x86)\iMyFone\iMyfone LockWiper (Android)\Loaders\oppo\is-EJMA3.tmp	imyfone-download.tmp
File created	C:\Program Files (x86)\iMyFone\iMyfone LockWiper (Android)\skin\PictureNormal\RemoveSreecnLock\OPPO\Page2\is-F35BQ.tmp	imyfone-download.tmp
File created	C:\Program Files (x86)\iMyFone\iMyfone LockWiper (Android)\skin\PictureNormal\Member\is-C0L36.tmp	imyfone-download.tmp
File created	C:\Program Files (x86)\iMyFone\iMyfone LockWiper (Android)\skin\gif\is-5BQVL.tmp	imyfone-download.tmp
File created	C:\Program Files (x86)\iMyFone\iMyfone LockWiper (Android)\skin\PictureNormal\gif\Gift1\is-JQJ5B.tmp	imyfone-download.tmp
File created	C:\Program Files (x86)\iMyFone\iMyfone LockWiper (Android)\skin\PictureNormal\ReviewImage\is-9RI4R.tmp	imyfone-download.tmp
File created	C:\Program Files (x86)\iMyFone\iMyfone LockWiper (Android)\Member\language\is-31PBD.tmp	imyfone-download.tmp
File created	C:\Program Files (x86)\iMyFone\iMyfone LockWiper (Android)\skin\PictureNormal\RemoveSreecnLock\is-87AIF.tmp	imyfone-download.tmp
File created	C:\Program Files (x86)\iMyFone\iMyfone LockWiper (Android)\FeedbackRes\skin\gif\submitting\is-BM5C1.tmp	imyfone-download.tmp
File created	C:\Program Files (x86)\iMyFone\iMyfone LockWiper (Android)\language\qm\Register\is-2ORS2.tmp	imyfone-download.tmp
File created	C:\Program Files (x86)\iMyFone\iMyfone LockWiper (Android)\skin\PictureNormal\CToolBoxView\Details\is-NJLLQ.tmp	imyfone-download.tmp
File created	C:\Program Files (x86)\iMyFone\iMyfone LockWiper (Android)\skin\PictureNormal\Discount\GetDiscount\is-NOGJJ.tmp	imyfone-download.tmp
File created	C:\Program Files (x86)\iMyFone\iMyfone LockWiper (Android)\skin\s8\is-B3LN5.tmp	imyfone-download.tmp
File opened for modification	C:\Program Files (x86)\iMyFone\iMyfone LockWiper (Android)\quazip.dll	imyfone-download.tmp
File created	C:\Program Files (x86)\iMyFone\iMyfone LockWiper (Android)\FeedbackRes\skin\Application\is-66IUG.tmp	imyfone-download.tmp
File created	C:\Program Files (x86)\iMyFone\iMyfone LockWiper (Android)\FeedbackRes\skin\Application\is-2VL7I.tmp	imyfone-download.tmp
File created	C:\Program Files (x86)\iMyFone\iMyfone LockWiper (Android)\skin\PictureNormal\CLackDevicesDlg\is-GTRVE.tmp	imyfone-download.tmp
File created	C:\Program Files (x86)\iMyFone\iMyfone LockWiper (Android)\skin\PictureNormal\gif\Activity\is-ROJFQ.tmp	imyfone-download.tmp

Drops file in Windows directory 6 IoCs

description	ioc	Process
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdge.exe
File opened for modification	C:\Windows\Debug\ESE.TXT	MicrosoftEdge.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe

Executes dropped EXE 6 IoCs

pid	Process
716	imyfone-download.exe
4196	imyfone-download.tmp
5832	LockWiperForAndroid.exe
5908	adb.exe
4204	appAutoUpdate.exe
5204	adb.exe

Loads dropped DLL 64 IoCs

pid	Process
4196	imyfone-download.tmp
5832	LockWiperForAndroid.exe
5832	LockWiperForAndroid.exe
5832	LockWiperForAndroid.exe
5832	LockWiperForAndroid.exe
5832	LockWiperForAndroid.exe
5832	LockWiperForAndroid.exe
5832	LockWiperForAndroid.exe
5832	LockWiperForAndroid.exe
5832	LockWiperForAndroid.exe
5832	LockWiperForAndroid.exe
5832	LockWiperForAndroid.exe
5832	LockWiperForAndroid.exe
5832	LockWiperForAndroid.exe
5832	LockWiperForAndroid.exe
5832	LockWiperForAndroid.exe
5832	LockWiperForAndroid.exe
5832	LockWiperForAndroid.exe
5832	LockWiperForAndroid.exe
5832	LockWiperForAndroid.exe
5832	LockWiperForAndroid.exe
5832	LockWiperForAndroid.exe
5832	LockWiperForAndroid.exe
5832	LockWiperForAndroid.exe
5832	LockWiperForAndroid.exe
5832	LockWiperForAndroid.exe
5832	LockWiperForAndroid.exe
5832	LockWiperForAndroid.exe
5832	LockWiperForAndroid.exe
5832	LockWiperForAndroid.exe
5832	LockWiperForAndroid.exe
5832	LockWiperForAndroid.exe
5832	LockWiperForAndroid.exe
5832	LockWiperForAndroid.exe
5832	LockWiperForAndroid.exe
5832	LockWiperForAndroid.exe
5832	LockWiperForAndroid.exe
5832	LockWiperForAndroid.exe
5832	LockWiperForAndroid.exe
5832	LockWiperForAndroid.exe
5832	LockWiperForAndroid.exe
5832	LockWiperForAndroid.exe
5832	LockWiperForAndroid.exe
5832	LockWiperForAndroid.exe
5832	LockWiperForAndroid.exe
5832	LockWiperForAndroid.exe
5908	adb.exe
5908	adb.exe
4204	appAutoUpdate.exe
4204	appAutoUpdate.exe
4204	appAutoUpdate.exe
4204	appAutoUpdate.exe
4204	appAutoUpdate.exe
4204	appAutoUpdate.exe
4204	appAutoUpdate.exe
4204	appAutoUpdate.exe
4204	appAutoUpdate.exe
4204	appAutoUpdate.exe
4204	appAutoUpdate.exe
4204	appAutoUpdate.exe
4204	appAutoUpdate.exe
4204	appAutoUpdate.exe
4204	appAutoUpdate.exe
4204	appAutoUpdate.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 20 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	LockWiperForAndroid.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	certutil.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	adb.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	imyfone-download.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	NETSTAT.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	findstr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	certutil.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	appAutoUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	imyfone-lockwiper-android_setup-com_es.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	imyfone-download.tmp
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	tasklist.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	adb.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	findstr.exe

System Network Connections Discovery 1 TTPs 2 IoCs

Attempt to get a listing of network connections.

discovery

System Network Connections Discovery

T1049

pid	Process
5600	cmd.exe
5416	NETSTAT.EXE

Gathers network information 2 TTPs 1 IoCs

Uses commandline utility to view network configuration.

System Information Discovery

T1082

Command and Scripting Interpreter

T1059

pid	Process
5416	NETSTAT.EXE

Kills process with taskkill 3 IoCs

evasion

pid	Process
2332	taskkill.exe
3436	taskkill.exe
4464	taskkill.exe

Modifies Internet Explorer settings 1 TTPs 2 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000\Software\Microsoft\Internet Explorer\Main	browser_broker.exe
Key created	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000\Software\Microsoft\Internet Explorer\Main	MicrosoftEdgeCP.exe

Modifies registry class 64 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\ACGStatus	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\Zones\3\{AEBA21FA-782A-4A90-978D-B72164 = 1a3761592352350c7a5f20172f1e1a190e2b017313371312141a152a	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\ACGStatus\ACGPolicyState = "8"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\Main	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DataStore	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\imyfone.com\NumberOfSubdomain = "1"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modify	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\CIStatus\SignaturePolicy = 06000000	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\ACGStatus	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\ACGStatus\ACGPolicyState = "6"	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Content\CachePrefix	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\CIStatus\SignaturePolicy = 06000000	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.imyfone.com	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DummyPath\dummySetting = "1"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total\ = "39"	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 49a473d16afeda01	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\www.msn.com\ = "101"	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Content\CachePrefix	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Extensible Cache	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\imyfone.com\Total = "0"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\ACGPolicyState = "8"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\EdpDomStorage\msn.com	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\SignaturePolicy = 06000000	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FavOrder\SyncIEFirstTimeFullScan = "1"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\CIStatus	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FavOrder\TreeView = "1"	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modify = 010000000d1f62fd9db56675f7ed0309f6501bbae5033806215729da62192f729e9e8078f5aa939ce6b1b3641919f8a23b2463311af08debdcdb70313825	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\ACGStatus\ACGPolicyState = "8"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\msn.com	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DataStore\OneTimeCleanup = "1"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total\ = "79"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.imyfone.com\ = "79"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\CIStatus	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\CIPolicyState = "0"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Content\CacheLimit = "256000"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\ReadingStorePending = "1"	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 9300ffc16afeda01	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\www.msn.com	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\ACGStatus\ACGPolicyState = "8"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-DXFeatureLevel = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.imyfone.com\ = "0"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\imyfone.com\Total = "0"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\Total	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\SignaturePolicy = 06000000	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\History\CachePrefix = "Visited:"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Revision = "0"	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\History\CachePrefix = "Visited:"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Rating\NextPromptBuild = "15063"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\CIStatus\CIPolicyState = "0"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Explorer	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\CIStatus	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\CIStatus\CIPolicyState = "0"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\VendorId = "0"	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\ACGStatus\DynamicCodePolicy = 05000000	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Explorer\Main	MicrosoftEdgeCP.exe

Suspicious behavior: AddClipboardFormatListener 2 IoCs

pid	Process
5832	LockWiperForAndroid.exe
4204	appAutoUpdate.exe

Suspicious behavior: EnumeratesProcesses 16 IoCs

pid	Process
2376	imyfone-lockwiper-android_setup-com_es.exe
2376	imyfone-lockwiper-android_setup-com_es.exe
2376	imyfone-lockwiper-android_setup-com_es.exe
2376	imyfone-lockwiper-android_setup-com_es.exe
4196	imyfone-download.tmp
4196	imyfone-download.tmp
4196	imyfone-download.tmp
4196	imyfone-download.tmp
2376	imyfone-lockwiper-android_setup-com_es.exe
2376	imyfone-lockwiper-android_setup-com_es.exe
2376	imyfone-lockwiper-android_setup-com_es.exe
2376	imyfone-lockwiper-android_setup-com_es.exe
5832	LockWiperForAndroid.exe
5832	LockWiperForAndroid.exe
4204	appAutoUpdate.exe
4204	appAutoUpdate.exe

Suspicious behavior: MapViewOfSection 8 IoCs

pid	Process
2536	MicrosoftEdgeCP.exe
2536	MicrosoftEdgeCP.exe
2536	MicrosoftEdgeCP.exe
2536	MicrosoftEdgeCP.exe
2536	MicrosoftEdgeCP.exe
2536	MicrosoftEdgeCP.exe
2536	MicrosoftEdgeCP.exe
2536	MicrosoftEdgeCP.exe

Suspicious use of AdjustPrivilegeToken 13 IoCs

description	pid	Process
Token: SeDebugPrivilege	2332	taskkill.exe
Token: SeDebugPrivilege	3436	taskkill.exe
Token: SeDebugPrivilege	4464	taskkill.exe
Token: SeDebugPrivilege	2060	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	2060	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	2060	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	2060	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	4328	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	4328	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	1408	MicrosoftEdge.exe
Token: SeDebugPrivilege	1408	MicrosoftEdge.exe
Token: SeDebugPrivilege	5416	NETSTAT.EXE
Token: SeDebugPrivilege	5928	tasklist.exe

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
2376	imyfone-lockwiper-android_setup-com_es.exe
4196	imyfone-download.tmp

Suspicious use of SetWindowsHookEx 37 IoCs

pid	Process
1408	MicrosoftEdge.exe
2536	MicrosoftEdgeCP.exe
2060	MicrosoftEdgeCP.exe
2536	MicrosoftEdgeCP.exe
3192	MicrosoftEdgeCP.exe
5832	LockWiperForAndroid.exe
5832	LockWiperForAndroid.exe
5832	LockWiperForAndroid.exe
5832	LockWiperForAndroid.exe
5832	LockWiperForAndroid.exe
5832	LockWiperForAndroid.exe
5832	LockWiperForAndroid.exe
5832	LockWiperForAndroid.exe
5832	LockWiperForAndroid.exe
5832	LockWiperForAndroid.exe
5832	LockWiperForAndroid.exe
5832	LockWiperForAndroid.exe
5832	LockWiperForAndroid.exe
5908	adb.exe
5832	LockWiperForAndroid.exe
5832	LockWiperForAndroid.exe
5832	LockWiperForAndroid.exe
5832	LockWiperForAndroid.exe
5832	LockWiperForAndroid.exe
5832	LockWiperForAndroid.exe
5832	LockWiperForAndroid.exe
5832	LockWiperForAndroid.exe
4204	appAutoUpdate.exe
4204	appAutoUpdate.exe
4204	appAutoUpdate.exe
4204	appAutoUpdate.exe
5204	adb.exe
5832	LockWiperForAndroid.exe
5832	LockWiperForAndroid.exe
4204	appAutoUpdate.exe
5832	LockWiperForAndroid.exe
5832	LockWiperForAndroid.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2376 wrote to memory of 716	2376	imyfone-lockwiper-android_setup-com_es.exe	71
PID 2376 wrote to memory of 716	2376	imyfone-lockwiper-android_setup-com_es.exe	71
PID 2376 wrote to memory of 716	2376	imyfone-lockwiper-android_setup-com_es.exe	71
PID 716 wrote to memory of 4196	716	imyfone-download.exe	72
PID 716 wrote to memory of 4196	716	imyfone-download.exe	72
PID 716 wrote to memory of 4196	716	imyfone-download.exe	72
PID 4196 wrote to memory of 1980	4196	imyfone-download.tmp	74
PID 4196 wrote to memory of 1980	4196	imyfone-download.tmp	74
PID 4196 wrote to memory of 1980	4196	imyfone-download.tmp	74
PID 1980 wrote to memory of 2332	1980	cmd.exe	76
PID 1980 wrote to memory of 2332	1980	cmd.exe	76
PID 1980 wrote to memory of 2332	1980	cmd.exe	76
PID 4196 wrote to memory of 4836	4196	imyfone-download.tmp	77
PID 4196 wrote to memory of 4836	4196	imyfone-download.tmp	77
PID 4196 wrote to memory of 4836	4196	imyfone-download.tmp	77
PID 4836 wrote to memory of 3436	4836	cmd.exe	79
PID 4836 wrote to memory of 3436	4836	cmd.exe	79
PID 4836 wrote to memory of 3436	4836	cmd.exe	79
PID 4196 wrote to memory of 4612	4196	imyfone-download.tmp	80
PID 4196 wrote to memory of 4612	4196	imyfone-download.tmp	80
PID 4196 wrote to memory of 4612	4196	imyfone-download.tmp	80
PID 4612 wrote to memory of 4464	4612	cmd.exe	82
PID 4612 wrote to memory of 4464	4612	cmd.exe	82
PID 4612 wrote to memory of 4464	4612	cmd.exe	82
PID 2536 wrote to memory of 2828	2536	MicrosoftEdgeCP.exe	88
PID 2536 wrote to memory of 2828	2536	MicrosoftEdgeCP.exe	88
PID 2536 wrote to memory of 2828	2536	MicrosoftEdgeCP.exe	88
PID 2536 wrote to memory of 2828	2536	MicrosoftEdgeCP.exe	88
PID 2536 wrote to memory of 2828	2536	MicrosoftEdgeCP.exe	88
PID 2536 wrote to memory of 2828	2536	MicrosoftEdgeCP.exe	88
PID 2536 wrote to memory of 2828	2536	MicrosoftEdgeCP.exe	88
PID 2536 wrote to memory of 2828	2536	MicrosoftEdgeCP.exe	88
PID 2536 wrote to memory of 2828	2536	MicrosoftEdgeCP.exe	88
PID 2536 wrote to memory of 2828	2536	MicrosoftEdgeCP.exe	88
PID 2536 wrote to memory of 2828	2536	MicrosoftEdgeCP.exe	88
PID 2536 wrote to memory of 2828	2536	MicrosoftEdgeCP.exe	88
PID 2536 wrote to memory of 2828	2536	MicrosoftEdgeCP.exe	88
PID 2536 wrote to memory of 2828	2536	MicrosoftEdgeCP.exe	88
PID 2536 wrote to memory of 2828	2536	MicrosoftEdgeCP.exe	88
PID 2536 wrote to memory of 2828	2536	MicrosoftEdgeCP.exe	88
PID 2536 wrote to memory of 2828	2536	MicrosoftEdgeCP.exe	88
PID 2536 wrote to memory of 2828	2536	MicrosoftEdgeCP.exe	88
PID 2536 wrote to memory of 2828	2536	MicrosoftEdgeCP.exe	88
PID 2536 wrote to memory of 2828	2536	MicrosoftEdgeCP.exe	88
PID 2536 wrote to memory of 2828	2536	MicrosoftEdgeCP.exe	88
PID 2536 wrote to memory of 2828	2536	MicrosoftEdgeCP.exe	88
PID 2536 wrote to memory of 2828	2536	MicrosoftEdgeCP.exe	88
PID 2536 wrote to memory of 2828	2536	MicrosoftEdgeCP.exe	88
PID 2536 wrote to memory of 2828	2536	MicrosoftEdgeCP.exe	88
PID 2536 wrote to memory of 2828	2536	MicrosoftEdgeCP.exe	88
PID 2536 wrote to memory of 2828	2536	MicrosoftEdgeCP.exe	88
PID 2536 wrote to memory of 2828	2536	MicrosoftEdgeCP.exe	88
PID 2536 wrote to memory of 2828	2536	MicrosoftEdgeCP.exe	88
PID 2536 wrote to memory of 2828	2536	MicrosoftEdgeCP.exe	88
PID 2536 wrote to memory of 2828	2536	MicrosoftEdgeCP.exe	88
PID 2536 wrote to memory of 2828	2536	MicrosoftEdgeCP.exe	88
PID 2536 wrote to memory of 2828	2536	MicrosoftEdgeCP.exe	88
PID 2536 wrote to memory of 2828	2536	MicrosoftEdgeCP.exe	88
PID 2536 wrote to memory of 2828	2536	MicrosoftEdgeCP.exe	88
PID 2536 wrote to memory of 4396	2536	MicrosoftEdgeCP.exe	94
PID 2536 wrote to memory of 4396	2536	MicrosoftEdgeCP.exe	94
PID 2536 wrote to memory of 4396	2536	MicrosoftEdgeCP.exe	94
PID 2536 wrote to memory of 4396	2536	MicrosoftEdgeCP.exe	94
PID 2536 wrote to memory of 4396	2536	MicrosoftEdgeCP.exe	94

C:\Users\Admin\AppData\Local\Temp\imyfone-lockwiper-android_setup-com_es.exe
"C:\Users\Admin\AppData\Local\Temp\imyfone-lockwiper-android_setup-com_es.exe"
1⤵
- Checks computer location settings
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:2376
- C:\Program Files (x86)\imyfone_down\imyfone-lockwiper-android_setup-com_es\imyfone-download.exe
  /verysilent /imyfone_down /wait_run /path="C:\Program Files (x86)\" /progress="C:\Program Files (x86)\imyfone_down\imyfone-lockwiper-android_setup-com_es\temp.progress"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:716
- - C:\Users\Admin\AppData\Local\Temp\is-33DP4.tmp\imyfone-download.tmp
    "C:\Users\Admin\AppData\Local\Temp\is-33DP4.tmp\imyfone-download.tmp" /SL5="$B01F8,211903884,214016,C:\Program Files (x86)\imyfone_down\imyfone-lockwiper-android_setup-com_es\imyfone-download.exe" /verysilent /imyfone_down /wait_run /path="C:\Program Files (x86)\" /progress="C:\Program Files (x86)\imyfone_down\imyfone-lockwiper-android_setup-com_es\temp.progress"
    3⤵
    - Drops file in System32 directory
    - Drops file in Program Files directory
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of WriteProcessMemory
    PID:4196
  - - C:\Windows\SysWOW64\cmd.exe
      "cmd.exe" /c taskkill /f /t /im adb.exe
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious use of WriteProcessMemory
      PID:1980
    - - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /f /t /im adb.exe
        5⤵
        System Location Discovery: System Language Discovery
        Kills process with taskkill
        Suspicious use of AdjustPrivilegeToken
        
        PID:2332
  - - C:\Windows\SysWOW64\cmd.exe
      "cmd.exe" /c taskkill /f /t /im appAutoUpdate.exe
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious use of WriteProcessMemory
      PID:4836
    - - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /f /t /im appAutoUpdate.exe
        5⤵
        System Location Discovery: System Language Discovery
        Kills process with taskkill
        Suspicious use of AdjustPrivilegeToken
        
        PID:3436
  - - C:\Windows\SysWOW64\cmd.exe
      "cmd.exe" /c taskkill /f /t /im Feedback.exe
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious use of WriteProcessMemory
      PID:4612
    - - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /f /t /im Feedback.exe
        5⤵
        System Location Discovery: System Language Discovery
        Kills process with taskkill
        Suspicious use of AdjustPrivilegeToken
        
        PID:4464
- C:\Program Files (x86)\iMyFone\iMyfone LockWiper (Android)\LockWiperForAndroid.exe
  "C:\Program Files (x86)\iMyFone\iMyfone LockWiper (Android)\LockWiperForAndroid.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: AddClipboardFormatListener
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of SetWindowsHookEx
  PID:5832
- - C:\WINDOWS\SysWOW64\cmd.exe
    C:\WINDOWS\system32\cmd.exe /c netstat -ano | findstr "5037" | findstr LISTENING
    3⤵
    - System Location Discovery: System Language Discovery
    - System Network Connections Discovery
    PID:5600
  - - C:\Windows\SysWOW64\NETSTAT.EXE
      netstat -ano
      4⤵
      System Location Discovery: System Language Discovery
      System Network Connections Discovery
      Gathers network information
      Suspicious use of AdjustPrivilegeToken
      PID:5416
  - - C:\Windows\SysWOW64\findstr.exe
      findstr "5037"
      4⤵
      System Location Discovery: System Language Discovery
      PID:5320
  - - C:\Windows\SysWOW64\findstr.exe
      findstr LISTENING
      4⤵
      System Location Discovery: System Language Discovery
      PID:5256
- - C:\Windows\SysWOW64\certutil.exe
    C:\Windows\System32\certutil.exe -addstore TrustedPublisher "C:\Program Files (x86)\iMyFone\iMyfone LockWiper (Android)\adk\cert\LockwiperAndroid.cer"
    3⤵
    - Manipulates Digital Signatures
    - System Location Discovery: System Language Discovery
    PID:4516
- - C:\Windows\SysWOW64\tasklist.exe
    tasklist /FI "imagename eq adb.exe"
    3⤵
    - Enumerates processes with tasklist
    - System Location Discovery: System Language Discovery
    - Suspicious use of AdjustPrivilegeToken
    PID:5928
- - C:\Windows\SysWOW64\certutil.exe
    C:\Windows\System32\certutil.exe -addstore root "C:\Program Files (x86)\iMyFone\iMyfone LockWiper (Android)\adk\cert\LockwiperAndroid.cer"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3356
- - C:\Program Files (x86)\iMyFone\iMyfone LockWiper (Android)\MFADB\adb.exe
    "C:/Program Files (x86)/iMyFone/iMyfone LockWiper (Android)/MFADB/adb.exe" start-server
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:5908
  - - C:\Program Files (x86)\iMyFone\iMyfone LockWiper (Android)\MFADB\adb.exe
      adb -L tcp:5037 fork-server server --reply-fd 648
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:5204
- - C:\Program Files (x86)\iMyFone\iMyfone LockWiper (Android)\appAutoUpdate.exe
    "C:\Program Files (x86)\iMyFone\iMyfone LockWiper (Android)\appAutoUpdate.exe" --autoInstall=true --silent=true
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: AddClipboardFormatListener
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of SetWindowsHookEx
    PID:4204

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:1408

C:\Windows\system32\browser_broker.exe
C:\Windows\system32\browser_broker.exe -Embedding
1⤵
- Modifies Internet Explorer settings
PID:1256

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
- Suspicious behavior: MapViewOfSection
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2536

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:2060

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:2828

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
PID:4328

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:3192

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
PID:3892

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:4396

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
PID:2284

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

SIP and Trust Provider Hijacking

T1553.003

Credential Access

Discovery

Process Discovery

T1057

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

System Network Connections Discovery

T1049

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\iMyFone\iMyfone LockWiper (Android)\9008\x86\is-7OPPT.tmp

Filesize
45KB

MD5
7adf671e367a345905efb078985e18ab

SHA1
ec18e4253e8d283b5605061777a867d0d9d622ac

SHA256
a706653edddb4837b798b1f6f44fcd4cc4e75827a08f0336cbc713e468a4a5a4

SHA512
e6b1c4b65264e2653bf5ddca350b5c523cff0ee57e2550170f718f817b08dcef074aa6a5dee7167abcf089ecd6a717fa1dc4a9fac8d20035c8b9f5a24991e8bc

Download Submit
C:\Program Files (x86)\iMyFone\iMyfone LockWiper (Android)\FeedbackRes\skin\checkbox\is-3BIT2.tmp

Filesize
1002B

MD5
5685d26630c6bfcd3d9cc50f119cd6cb

SHA1
1bf92368209ebc7bd053568f383a6f2d8a24c3dc

SHA256
fd71375897871b53f4f31b8818e3a4dd1ad7fde4d3ec7aa4e71230907d115dfe

SHA512
1cd9677942e98a5418405382b8923d5a2e2064ec079a6f1477094609c5497f7de36f0a55be7926546ec4b89c99bb420be0f8ec54d08ed81b5761d5f5f65a4ed0

Download Submit
C:\Program Files (x86)\iMyFone\iMyfone LockWiper (Android)\FeedbackRes\skin\checkbox\is-QMF4R.tmp

Filesize
1KB

MD5
0477fc5c12416aec453923c43ec88f8a

SHA1
715c2ab6451fd3645d6ef37d64e9b719e73edc93

SHA256
d89fde6f6ab2654952f13443c17de79994e9b09bed46d4cc0ad72fb671fcd226

SHA512
af0f18d951e3a4fd1730478860df64bf985f35f2fecdff9e2f8770f671cebc4b3d5416afd97eacd908e3fdb9e9d445c736be07969c66bb33fe22b9f41a2830a8

Download Submit
C:\Program Files (x86)\iMyFone\iMyfone LockWiper (Android)\LockWiperForAndroid.exe

Filesize
3.5MB

MD5
cd12f6712a4003fa187b82747e554e1c

SHA1
c0966ddd48fcc9367900808835b680a023f9c738

SHA256
656a875c223c7f638b9509308dca1c2509820cdc299d3d52f6d129662ef6b9c7

SHA512
23b18e2733d6734eea7042359b702196ec3888458c1539da68d4a6d6d5321055027ae6a6e427b6f1ff356c350e8e22dfc6ea1b00f9f0d934de0ca77b3b178207

Download Submit
C:\Program Files (x86)\iMyFone\iMyfone LockWiper (Android)\MFDriver\amd64\is-6UJRG.tmp

Filesize
979KB

MD5
246900ce6474718730ecd4f873234cf5

SHA1
0c84b56c82e4624824154d27926ded1c45f4b331

SHA256
981a17effddbc20377512ddaec9f22c2b7067e17a3e2a8ccf82bb7bb7b2420b6

SHA512
6a9e305bfbfb57d8f8fd16edabef9291a8a97e4b9c2ae90622f6c056e518a0a731fbb3e33a2591d87c8e4293d0f983ec515e6a241792962257b82401a8811d5c

Download Submit
C:\Program Files (x86)\iMyFone\iMyfone LockWiper (Android)\MFDriver\i386\is-QM5S6.tmp

Filesize
831KB

MD5
8e7b9f81e8823fee2d82f7de3a44300b

SHA1
1633b3715014c90d1c552cd757ef5de33c161dee

SHA256
ebe3b7708dd974ee87efed3113028d266af87ca8dbae77c47c6f7612824d3d6c

SHA512
9ae37b2747589a0eb312473d895ef87404f4a395a27e15855826a75b4711ea934ca9a2b289df0abe0a8825dec2d5654a0b1603cf0b039fe25662359b730ce1a9

Download Submit
C:\Program Files (x86)\iMyFone\iMyfone LockWiper (Android)\Qt5Xml.dll

Filesize
149KB

MD5
b75ab9629e0a692366e8392ef997eb36

SHA1
34f6cf74bbd5aed14daebd5bdefc98051e99f91b

SHA256
9a8f9d1cef7c692bd3cdf069b02687965a0ed178eb6f46d35041b6ee62e61209

SHA512
6b2a7a3f04bd0e0518f514b0b986b45bd78604d924653cf1257f337d982afa394484c3d312ce9ff8380727549c94368f97d451e899b9a2523ac05ee2e903df5f

Download Submit
C:\Program Files (x86)\iMyFone\iMyfone LockWiper (Android)\adk\drivers\x86\is-QBTKM.tmp

Filesize
166KB

MD5
3935ec3158d0e488da1929b77edd1633

SHA1
bd6d94704b29b6cef3927796bfe22a2d09ee4fe7

SHA256
87cbd1f3bf5ab72089a879df110263784602a574c0ae83f428df57ae2f8115db

SHA512
5173891b1dfad2298910236a786c7b9bbcfce641491a25f933022088c81465fb93fd2385d270e9a0632f674355538da464d1edacf511140d6f31d91d1afe64fc

Download Submit
C:\Program Files (x86)\iMyFone\iMyfone LockWiper (Android)\code.txt

Filesize
17KB

MD5
e6dbed317bb14c9192cf283761a61366

SHA1
656e2530c4acbe1c5e170aaa387a767ffd10e933

SHA256
f9d340d02832ffcdeb372519f8acc0ddf25c77d22770f1d3b562483f699903e7

SHA512
9402dc71c33fa0018ec292accdcb1e65a3f55950fd0e1bbae737a5c0f720f8d7e0781caa772d66dbb121badf5b81c46d76b0c546715913d2698a9fe6fa50f474

Download Submit
C:\Program Files (x86)\iMyFone\iMyfone LockWiper (Android)\domain

Filesize
6B

MD5
0105fea143c5cddb7855a29e700c7eed

SHA1
d267186d5b48ae34937736a4e204d8f624e4b5c5

SHA256
9a141828a0b109fdd05e03ec42e38b0280949dfaf3aef19fc36039edd2b7a40b

SHA512
cb7a1932fd3a1d23184f9ed82852e0f0d44819befef5f4d45a2aec7b5aeb731ad4e0e70f2693869c306119d3e75556c56c2eacec5bb03fdbe56af80715cbe0cb

Download Submit
C:\Program Files (x86)\iMyFone\iMyfone LockWiper (Android)\language\main\is-1N4P7.tmp

Filesize
6KB

MD5
c54165a5be80a02ccbe804b7f371b745

SHA1
3c90025f06e7dbccf1ec5898973bbcd11083fb38

SHA256
e48d00382640bd79a47d3b12c3fec25cd798b511abe4c137c0a291c6c149900d

SHA512
21d59f2fbe77e9dc1ed0591312dd31a1eacfc54a71d784e4f9f1c98f354367c421fd2d676c5c63a25acecd8d4244fcc3dc56c8b862a2519bed45f01e4ef46fc1

Download Submit
C:\Program Files (x86)\iMyFone\iMyfone LockWiper (Android)\platforms\qminimal.dll

Filesize
28KB

MD5
31e67d3543ebd5c3aea412066a1375e8

SHA1
5c165903afa3e7203d73da6820898f42aaffca6a

SHA256
b251822f0b8e4a0fb154143a3077d9b63341ccdb21a9da7d990a4db3d64ae4c2

SHA512
345c4bd0e82df2b2ab873a04d0152276ca551b3c9efe93d259123e4163ed0a3fb73c69081081e219df039f0c50ca6ae73f5b5ff511c5a79257ce0b7699f28190

Download Submit
C:\Program Files (x86)\iMyFone\iMyfone LockWiper (Android)\platforms\qoffscreen.dll

Filesize
522KB

MD5
b8f8dc44473416adc925160eed1536e6

SHA1
c5d4802013db6beaf71d19c3f55603da7bf03b5e

SHA256
e38bcc29aef1e7e19c0ff2a9e27f01bd10f7c772d99a811b0e1bae39e0919226

SHA512
4b76e548d19d3bba94820fda3c40b94b8b37cfb70b78df062b9e629a48eaefb0951d28995f096ba77b1e3e17dfa575dea9fd268807c879047b1c1ccdbcb8be65

Download Submit
C:\Program Files (x86)\iMyFone\iMyfone LockWiper (Android)\productInfo.xml

Filesize
432B

MD5
f9cda192da5bbb2419f1f76080386f9c

SHA1
f61d76189d4bbdeeee4515f87ab9ffc427a1f9b7

SHA256
2ee2b0427ea0621b6459069f7c050fc4b55bc1d56484014af8e2b226637167d0

SHA512
e293780687a48d47e4d8777d0c0b828c8f0a433e8ef03db4750c7ef725534ee5ff48335333f0c47182dca15562f6ca5b910832d31b07efaeba6dda2828d87e92

Download Submit
C:\Program Files (x86)\iMyFone\iMyfone LockWiper (Android)\skin\Application\is-HIM30.tmp

Filesize
12KB

MD5
31ff5be8b666d0d82b0baa2febf0fab5

SHA1
fcfec80ebea0879dcba65af67065c501745ffdc2

SHA256
22f65e8e6d073b77d707a78ce8aa9e9e515a991e676a1db1119a5e55daf0e325

SHA512
d7ab30096a29a89d54802471d5abd9d9a4483e90c260f1e19e9523135f1cc80aec7b7c48b8cff6d001e5e9c65c2996837b1cf5babcbed6fb960d813482568fde

Download Submit
C:\Program Files (x86)\iMyFone\iMyfone LockWiper (Android)\skin\Application\is-TF944.tmp

Filesize
1KB

MD5
3bb382dae5481ea4f4b8dd85b6ef90e4

SHA1
308762f19e465a2d88ff297b015d8136e2d14ba1

SHA256
371f095cf8cfdf56629b4d91eb6151a73341b42714a4e338087387d30789e3f5

SHA512
a4897c55782e329af5177380f0600c2ddb8e77556a2226e03334f0e209a6965374c889a5b412814a7b5f75554840a818cb5caa769174332a9498b1a2c50bd8d3

Download Submit
C:\Program Files (x86)\iMyFone\iMyfone LockWiper (Android)\skin\PictureNormal\RemoveSreecnLock\GOOGLE\Page3\is-6EK0I.tmp

Filesize
23KB

MD5
5c88dda9e31ec3d8bf9af0658bf95ba7

SHA1
f03bd0811239d20189cd35507944f9e3afa0403e

SHA256
35ab8c0017ce61106e66809a0201361024c0be9514bd0379cbcc7570eb243aad

SHA512
0fe9739031cb4d4014323b21bcf4b92f4d80011e37de8234cac6449353504bb91abda55c1e4c64692f3332a74a695643272fba1252c226e7471c6d4fc1920e21

Download Submit
C:\Program Files (x86)\iMyFone\iMyfone LockWiper (Android)\skin\PictureNormal\RemoveSreecnLock\GOOGLE\Page3\is-9VTCM.tmp

Filesize
24KB

MD5
cd3434e370fe655d55d78e3d01559bfb

SHA1
44cb5bef8d61373cb59816ad433d5b33747e6edc

SHA256
d246f38887873ec7bb5dbfeb0e359edc7992da480c6f04dd784fa0d32937fb28

SHA512
a7626ea59a70df3fb32c2c90c248679e7531c3306c8ef1296e9b81699b6687c5ae6f137f8b498c50692790e1a1414f5a66ac0fd5bc4110880df527856481a45f

Download Submit
C:\Program Files (x86)\iMyFone\iMyfone LockWiper (Android)\skin\PictureNormal\RemoveSreecnLock\HUAWEI\Page1\is-LB4A1.tmp

Filesize
17KB

MD5
94ed32273c88108e984dc103a87e2231

SHA1
7113c6b305f32decfacf53bfba8ce854cf4c4d3b

SHA256
5d2227d47fedf38abcd9191f1c380a817ae8eaf80c1c63ebecbf34a9dddeab12

SHA512
410315b251a7a1b63e4094185e147789aa229e5412e5b263905ddee8bd854c0164d2801bf52262ca386c314d51221f9c91ce0166b4d5e3197ca60884727093dd

Download Submit
C:\Program Files (x86)\iMyFone\iMyfone LockWiper (Android)\skin\PictureNormal\RemoveSreecnLock\INFIINIX\Page1\is-RA6DJ.tmp

Filesize
8KB

MD5
3d3de7d1bb59cb1cf36cbf510ba9b5d8

SHA1
63e4a41c1e0d555d5369cc7fd8a3374ce7bfc6a1

SHA256
42b75244805c62c141033ee7c74ab572f3b3eac0f4b1a160f71aca775cc1f9a3

SHA512
b301e998e7cb2992322e35fac834f4b393463d9e35d242f3fcabd39a048d42e71cfa468ad13347acedb996c2524ae05164f8c6bf630ccc59b84b87df69e7c6a5

Download Submit
C:\Program Files (x86)\iMyFone\iMyfone LockWiper (Android)\skin\PictureNormal\RemoveSreecnLock\INFIINIX\Page2\is-J7J7U.tmp

Filesize
18KB

MD5
a618c67ccbb2b56be2baec639ef5c7d7

SHA1
16de3f742ecdf59180c21ce2ed6ab80ebc1107d4

SHA256
7c447590270682a9176360e2a35a92c26d1ace4447847989e3af3b7bc4410e40

SHA512
2dcdc028645e768c351a69708da8c18c2dfcc6e2755c624bc009f2fc7c7a6b10720d5e2eb94ec43f929c423af613f3c6ccfa82b9417eac62c8efe01ddd125f70

Download Submit
C:\Program Files (x86)\iMyFone\iMyfone LockWiper (Android)\skin\PictureNormal\RemoveSreecnLock\INFIINIX\Page2\is-S7UG5.tmp

Filesize
23KB

MD5
4e23976bc7cc785d678d106d33672320

SHA1
e5fc9964c89a60006830fbbec09cf36b630e799b

SHA256
0826ae26ff430b3cb46f5db123c10c1e020d14c15b3151c68320f1a9e362a988

SHA512
281192096f5a376dcf7a77ffba7fd93982f7767f9d98c1d0d16c22e358e58280e1e898db04567a3ca49c0aeb3f35e6cad2f2307aebf215d59d91fead77364786

Download Submit
C:\Program Files (x86)\iMyFone\iMyfone LockWiper (Android)\skin\PictureNormal\RemoveSreecnLock\MEIZU\Page1\is-OCQGD.tmp

Filesize
11KB

MD5
36595dde336e3099b45f0f45e757d66c

SHA1
e08f888aadfae7fc76226d6e3b0ef164bd38a12e

SHA256
a89b4190ac22ce1a25def80beb94c506bab4d2ba403c0fd99f8683e87be58d81

SHA512
743999f3fe672a3907218a41848ae35a9fd70c9ed68c9e405cfd454870b5fa64e0b8aab8077e755678ee79e87dc18aea625ade1e7496534eda79926ba4881dfc

Download Submit
C:\Program Files (x86)\iMyFone\iMyfone LockWiper (Android)\skin\PictureNormal\RemoveSreecnLock\MEIZU\Page1\is-TFC2T.tmp

Filesize
8KB

MD5
d81ee08391a0c5aaa68cdf260d919440

SHA1
b499d90b2669f12d81eef4a4f3eecdbcfa94b7a4

SHA256
9850a3e6cff8d95800ca5a16394862a3416a951fb64a05bcdcc9a5609fbe6847

SHA512
2bfe3edcc8a60eb69ed73562bae62eee8f54defe429407c0e9f89702bf5a26ba5c866c6da4ad82e7ac795bd3b6843451fe91156fb02fe3976b621039d23fc947

Download Submit
C:\Program Files (x86)\iMyFone\iMyfone LockWiper (Android)\skin\PictureNormal\RemoveSreecnLock\MORE\WithOutBixby\Page1\is-IVE9I.tmp

Filesize
24KB

MD5
0d9529813a83c25ac28b64e0e0efcaec

SHA1
0b62ca4d39437a5ec0d1689c2f983b5bcf2d6dc6

SHA256
cf0d585c0157d746bbebb0b67013f9425588a5a1ebe655d6a1a696610930b8eb

SHA512
c77790ca1fa54d0db8c00eecdf9a0efc5ada8e6bcd428f38b9d4ffbdc68f157e10975671847331963e9ba261c3a62ebcf1788445638c254d014b6561069f030b

Download Submit
C:\Program Files (x86)\iMyFone\iMyfone LockWiper (Android)\skin\PictureNormal\RemoveSreecnLock\SAMSUNG\HomeButton\Page3\is-09MAC.tmp

Filesize
24KB

MD5
c837d307f1c84c2c60f1b3ebc3d19002

SHA1
4a37b641d58f31cfbf1ccedba78db9d64c220451

SHA256
adffb31bee7ea242745cccb5bcce1b402be9e95ccb7ccc97667ad4f74270829c

SHA512
b7b7598ceea56521a7ea188a31cdf6e43947712178be8aa1c0804792806c9e271e4a01356d91d16c24864d9a93e53e13055e1fc2f8927c8136fd8c8c9248e678

Download Submit
C:\Program Files (x86)\iMyFone\iMyfone LockWiper (Android)\skin\PictureNormal\RemoveSreecnLock\SAMSUNG\HomeButton\Page3\is-4IMPH.tmp

Filesize
24KB

MD5
15dcd8dccf8ce0cac5bd5c5e8321a190

SHA1
2d6d01e4765cc3170c71211fb45a6a1d1860b276

SHA256
a67147b6f190b64b790671c75afbfa32987bf6c27e25fd27899dc16cc3acf305

SHA512
4c5a980b26b2daacd21b1e804c8a874d53d3f0057b238b9d596fe533caf161d701b1a78f6ac7633fed5afffab9ea458718f85fd5e6fab19a635bf9be42e38aa9

Download Submit
C:\Program Files (x86)\iMyFone\iMyfone LockWiper (Android)\skin\PictureNormal\RemoveSreecnLock\SAMSUNG\HomeButton\Page3\is-K46ES.tmp

Filesize
19KB

MD5
f37585c4fa14dea2b735bae1233a3e99

SHA1
93f1bce4edf0ba42dcd92f5d935b036346ef12b1

SHA256
69ccd5eba0c59aef2e1815b587872f80fc8014484d1ff70bd9ecf848228c32fa

SHA512
ee894367be6e980111576431562f45ccebff1669c8403914ad398eee0a09a70cc942ca2f7bdd707042c4571c1f2c33007060b962c50b620d7057a85559ef0f71

Download Submit
C:\Program Files (x86)\iMyFone\iMyfone LockWiper (Android)\skin\PictureNormal\RemoveSreecnLock\SONY\Page1\is-3U5JA.tmp

Filesize
10KB

MD5
ba0021e18bd6bc6a56a1f3e1527fe44f

SHA1
af40cbf67c0dc11aea81ae3991b19f4fa6b8bb26

SHA256
7a044f96aff2d6d1120fbd3b2a370d51b21e541a446ec8124d35c707a190476a

SHA512
c24c76d6847e3bb46432494547e0857d6bad31921f2928282a27a821f2d7d4c77d162b6bf5ac9b50d07add59f3d6c2d0d25eb7c8d6cf980f4a7c21db601d5796

Download Submit
C:\Program Files (x86)\iMyFone\iMyfone LockWiper (Android)\skin\PictureNormal\RemoveSreecnLock\XIAOMI\Page1\is-R5RR6.tmp

Filesize
10KB

MD5
05ebb2515445233b33676c55e2515129

SHA1
e7cf12141785acead302f56446775f5f9de68daa

SHA256
442511999e0afbafb7d700106ba77fba14c4c071be22fd83685695a34855eccf

SHA512
66af9da877cff7b440fe8e16aa5f769fbd939a1e5c4735bf2598000a9adeda36464ac2042489a0d7798cff587bbcab0d3b7065908a9429a471b67e1b75dfa44a

Download Submit
C:\Program Files (x86)\iMyFone\iMyfone LockWiper (Android)\skin\PictureNormal\RemoveSreecnLock\ZTE\Page1\is-SLN44.tmp

Filesize
10KB

MD5
017d83a49b94d01c7076397270a375a8

SHA1
5ee90c9319293a26fae18811508157cc6974ba7c

SHA256
d61aabe396d1a1af847e79239e78371bee86a8acd737b87bf438f0c509ec28ec

SHA512
13a1f5143f5ab429a3daeb28f7025deaf9aad7c5e09de150646e82e36f1988601ce88dd86373c30471f3a70c9e5075dc194c7d84ca8e2764d171087d87591a4a

Download Submit
C:\Program Files (x86)\iMyFone\iMyfone LockWiper (Android)\skin\qss\Discount.qss

Filesize
5KB

MD5
1945bb7d91082b81194037370d09dff5

SHA1
ba93880e044f732adf2e23c66623b9eb79fe6efa

SHA256
def6924dbcd22cf1e0fca67d8ae8d1d45001330bdd7e53e8d995dfcc64912335

SHA512
73020fcee16337a902ab6d7b0e6ff0f1aa982b798e653607ad73ce7e820a003f98eda1c016c2d29062a8184094442ad1f386e306fe979a5262c0944d5e478c36

Download Submit
C:\Program Files (x86)\iMyFone\iMyfone LockWiper (Android)\skin\qss\EquityBuyView.qss

Filesize
1KB

MD5
24ed487bedad50069c5747eb87d6e26a

SHA1
6acf0d996db28b5a96a1d3fc88fe02dbaec8aee4

SHA256
4f708e42a174013124f725250a0e7a92b8d976de645facbb3a655cfe69db2a4f

SHA512
272b5286361db0f12cf19627e8402004d2f56fdef2a938042aa2ac8383c125c7cd31b3602278c667eb9566eb784a790e53dabc11efa168506c0860eac13cf7f7

Download Submit
C:\Program Files (x86)\iMyFone\iMyfone LockWiper (Android)\skin\qss\EquityShowView.qss

Filesize
4KB

MD5
6eab7e052d738fd3d1a161b72a037873

SHA1
f4d303892a07987ad63dc971ad6e70cc6c66d1ca

SHA256
8582fb6d1ccff14b73b152ab3d1b4596046d994bcc6d296b8aaa548f944def4f

SHA512
ca4c38bf886f98784f39f60a58696a097b1ce632be1832dea30aadc4718251998d41cfcdd796b2e4827b8219ad1c7c48d04a791c442efe19c867bbc3613c6636

Download Submit
C:\Program Files (x86)\imyfone_down\imyfone-lockwiper-android_setup-com_es\language\English\pr_1.png

Filesize
32KB

MD5
ec84b98b5366976f23d02e24468cbf8a

SHA1
412af591cb4d33fb6877360910cedbcfb22d74fc

SHA256
60cdaa366a05a8dd43d91f89d5e06b3e8991b4b42af0acee769fc2720a3c92c6

SHA512
265d60ea5f2d736c3417bee74bd8972f4e795aeb8083e6a67fbd2adc3e9c681a7c3c64d3cdda960bc8a784403313fc2fd7482c580d8226cbcbc3d08abc88c7b4

Download Submit
C:\Program Files (x86)\imyfone_down\imyfone-lockwiper-android_setup-com_es\language\English\pr_2.png

Filesize
33KB

MD5
5d5084b0ab189eb3be78a8cd4b145cec

SHA1
6fa7e8234b60182fd0ace7f66290306542e8bc9e

SHA256
04f85b78440f8b4b3ea44254bfeed298b367fd6c4ba8b5a0a2aec551427f4d00

SHA512
0a3e5b34174aecfd5377fbe98d267fde0c18eed1ffd77a811c1d10f09e6b352c76b5f3e50150a80d938c41b6862bb07001240be3e9aa44c87c406a05e5ce423a

Download Submit
C:\Program Files (x86)\imyfone_down\imyfone-lockwiper-android_setup-com_es\language\English\pr_3.png

Filesize
59KB

MD5
a56ab015e87698ac32143fde4acfab79

SHA1
8e7bcfff55c7309918ad234cb5b0d6925105a451

SHA256
daf13da1c4d4c31c0ab87a1b5da348dbf52e861d6c3b795234b1f9c5d2c4b4cc

SHA512
d3ed8d53a26f0e5ccc0cfadc6cf49e1a45b76c331bd43db93c2c3e658a29e1455a4013647d5910673fa99957f9d9a464900018f3a7039eb9c394821a148483b5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157

Filesize
4KB

MD5
1bfe591a4fe3d91b03cdf26eaacd8f89

SHA1
719c37c320f518ac168c86723724891950911cea

SHA256
9cf94355051bf0f4a45724ca20d1cc02f76371b963ab7d1e38bd8997737b13d8

SHA512
02f88da4b610678c31664609bcfa9d61db8d0b0617649981af948f670f41a6207b4ec19fecce7385a24e0c609cbbf3f2b79a8acaf09a03c2c432cc4dce75e9db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\ZVQ9VIUB\edgecompatviewlist[1].xml

Filesize
74KB

MD5
d4fc49dc14f63895d997fa4940f24378

SHA1
3efb1437a7c5e46034147cbbc8db017c69d02c31

SHA256
853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1

SHA512
cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\HX2ROP11\485737454198830[1].js

Filesize
22KB

MD5
5bfa6b9cf2fa488a0ee6b665f429e5a6

SHA1
9d2de006a7d0d36d4a9ef916e5cfc6307c2b56c4

SHA256
ee1a895d165853bfab95777fb9b15f717e115a69f22e50fc07ccc2e7894005ea

SHA512
54b2645523180ab4d40ac34377bc135d55aa882ac86c0765bfde0a099d34428f9778fcff054733fcd1a6ac6cd2db825dad05eb93a2c0b2ac1e4861ee1cc6e146

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\W7YADOP5\clarity[1].js

Filesize
63KB

MD5
49357bd476bf9e4bf2a6992ab7374f1f

SHA1
5d75e26d106ad28b5700fe46e13c2ea4bd467ad8

SHA256
264532af47b2cfb6620970592478c442a0cd429beccead9d062ff5a91284dc15

SHA512
622a895fa8e419d80d2eb6ef6d310897c303e1226d7b83f78fdf19dbecdabadee9d54bffb7dff4cf325dfb385ef44fa6c5d6407b86c9f5b3d04e3eda31eadd41

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\TQN7TA8H\favicon[1].ico

Filesize
758B

MD5
84cc977d0eb148166481b01d8418e375

SHA1
00e2461bcd67d7ba511db230415000aefbd30d2d

SHA256
bbf8da37d92138cc08ffeec8e3379c334988d5ae99f4415579999bfbbb57a66c

SHA512
f47a507077f9173fb07ec200c2677ba5f783d645be100f12efe71f701a74272a98e853c4fab63740d685853935d545730992d0004c9d2fe8e1965445cab509c3

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\WX7X2JQR\favicon[1].ico

Filesize
1KB

MD5
30c415219ffad57c1ae0ea91759c07c6

SHA1
bcb9e799c72c6ca1ce6299df93713f107ffe3b4b

SHA256
de9b65e00243fb763118d9b0552f3395038031b20566f7a3adf7751cba044add

SHA512
33cff6011983803ad6cced46aa73c413b5d18828c3160e47f1d5cf3271183e7ad258c354399e5368e54e717f4e0d644edb5cfb502fd997644e3aab2968a895e0

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\XALRPTXT\favicon[2].png

Filesize
7KB

MD5
9e3fe8db4c9f34d785a3064c7123a480

SHA1
0f77f9aa982c19665c642fa9b56b9b20c44983b6

SHA256
4d755ac02a070a1b4bb1b6f1c88ab493440109a8ac1e314aaced92f94cdc98e9

SHA512
20d8b416bd34f3d80a77305c6fcd597e9c2d92ab1db3f46ec5ac84f5cc6fb55dfcdccd03ffdc5d5de146d0add6d19064662ac3c83a852f3be8b8f650998828d1

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\Temp\~DFF570447A1169CB51.TMP

Filesize
20KB

MD5
e1edf1870d7cd255f4a535001bc2ac8e

SHA1
6bd3463ceebd76c632e3c25212f0fb883d554f2a

SHA256
05637cabc6fbc6a9d761abf6e7d47b5e6371384ee88a36aecd7fe0923cc909e8

SHA512
2a78fa6716bf939c5d7698f8d596062f8f411263b3a0a31c44ea89be701e64816d4d660d0173b6e0c7d7d6f3263e84f9ae4270c3ba4f513429949b2f331278f4

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_0FB9553B978E7F00C6B2309507DEB64A

Filesize
471B

MD5
da3ae4d432c8b6a6338fab5ecd3e2cd7

SHA1
e5a825572bca3e058f5c84888f55249dcbddc466

SHA256
9d6311415821bb4a20c7a82f321135ca6c068f955d4037bc48565ada9293e083

SHA512
949cc621f01988443f7baeddcf0db70bf557a2e7c6996d7d72fab5995d4bc4e2227508ac7fd34a8395da37a0e9a60a924c8c62dfa29bf90df176096e52d3d5c0

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_0FB9553B978E7F00C6B2309507DEB64A

Filesize
412B

MD5
200ffb09a58bcbe6c20967381be941ed

SHA1
f7f494cfa7593bac94a0e4dd77a678488c658dc5

SHA256
5798bd748fd1c0dcde74f982da67b249e564952ca9ffaa10d31297afe0b36e8d

SHA512
f0c50de6c6cb19705aeea2235d1392e4cfa6c32989791dd991c2e3c68087425d2865ff5effd226eb0d4ab1f0af2c97663795da67826748ad31ef7b7ed2e25707

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-33DP4.tmp\imyfone-download.tmp

Filesize
1.2MB

MD5
bc9be66f43b6806de2e0fb438657a1ac

SHA1
e75f252b02fcd7aa519708cfc8dda6b60a9aa4dc

SHA256
5d126f24e0d90d5869fd2482ebe9608d129c4ac0e1dc2c5556f8c5f5aff4aa57

SHA512
7d8d885abfe084de183f30ae6708c0088eed2f2d02134ca1b1c077b9dee21905aa0aa1377ec4cb60287d84a23872882e9f52debc01a5970dd16d65f1987adf62

Download Submit
C:\iMyfone\Lockwiper Android\drivers\amd64\WdfCoInstaller01009.dll

Filesize
1.6MB

MD5
4da5da193e0e4f86f6f8fd43ef25329a

SHA1
68a44d37ff535a2c454f2440e1429833a1c6d810

SHA256
18487b4ff94edccc98ed59d9fca662d4a1331c5f1e14df8db3093256dd9f1c3e

SHA512
b3d73ed5e45d6f2908b2f3086390dd28c1631e298756cee9bdf26b185f0b77d1b8c03ad55e0495dba982c5bed4a03337b130c76f7112f3e19821127d2cf36853

Download Submit
C:\iMyfone\Lockwiper Android\drivers\amd64\libusb0_x86.dll

Filesize
45KB

MD5
8574627d4a5415c36176bf4ab9058183

SHA1
a50ab8e8983ce2afa54cb23e4629c83889cd0c56

SHA256
3b8c37db1af7f30a2baff39b587ecf7edd30027ee3e91d5e596e39dd0f0e3908

SHA512
ea27c071f047d200f45c5c82943e39df05bf5755aa72c44983ed367fc1d2ba30781cd24a0ff4e4da6224106d9f639f0872848d0fa7058f088467d1b4b5205954

Download Submit
C:\iMyfone\Lockwiper Android\drivers\license\libusb0\installer_license.txt

Filesize
43KB

MD5
3f886ccce73c834d0ba9a07b89a5adad

SHA1
9a88c6dcf2d6c77cb13da92c956cc0fd23882e7d

SHA256
49a8af4fc09a41b51744b936c9e7700001020f3c5ac4476d87767c6fc3ca2a1c

SHA512
12e2de91ea28d09db246d22a0fc9c8ba04c6a1af6722c8a933556ad9ec6200770dfd828b6e43f4821afb258e9122de41d4aa42ad912b4e0c7f26101a1115b94e

Download Submit
C:\iMyfone\Lockwiper Android\drivers\x86\WdfCoInstaller01009.dll

Filesize
1.4MB

MD5
a9970042be512c7981b36e689c5f3f9f

SHA1
b0ba0de22ade0ee5324eaa82e179f41d2c67b63e

SHA256
7a6bf1f950684381205c717a51af2d9c81b203cb1f3db0006a4602e2df675c77

SHA512
8377049f0aaef7ffcb86d40e22ce8aa16e24cad78da1fb9b24edfbc7561e3d4fd220d19414fa06964692c54e5cbc47ec87b1f3e2e63440c6986cb985a65ce27d

Download Submit
\Program Files (x86)\iMyFone\iMyfone LockWiper (Android)\MFControl.dll

Filesize
702KB

MD5
6c1663ed17873a7662c465bb435931f5

SHA1
9732500ad27d076d39b9f1b30b342540ab6ef30a

SHA256
d38b345e9e77d45106307060d2c6e9a35bc4e2e155c3034eb54e3516d19c8657

SHA512
96c058a99b03fc2d015ff6a00013345af9843ade96136a5878dd385b95216232ddc34f190439c5b97f0e55a72278f7b5983abd7c138e41aeedb9159628e64c24

Download Submit
\Program Files (x86)\iMyFone\iMyfone LockWiper (Android)\MFFoundation.dll

Filesize
1.8MB

MD5
b8781686549f4ae43b9fceaa63f0b287

SHA1
9739bd21f8552280d0a0037f04aba607cdeb3799

SHA256
97abe09e1ca0c32113d47e7768c3145977c9ec41634785d2b6f49b47be014949

SHA512
abbb2fdc23158fdc1f651c212eae46adbd7ae117d7ead076f9d638f0f1f35871f4756f8649e1022ff168e0931e9b6b1d1ad24d7f8bea58e379214dcfaf7432fe

Download Submit
\Program Files (x86)\iMyFone\iMyfone LockWiper (Android)\MFMember.dll

Filesize
1.6MB

MD5
f417aef9e64715e0d832d0b9eac08eab

SHA1
76c2c0bae9d548f2e29be786695ec22afb0ec132

SHA256
0850623a6d0b3150563772f5d85ecb677a594cac06bddbd6ab2427c847be3231

SHA512
94b292aa88bedd0d84988d196c9c4cb2cec6dccc0c8860999e6f0fd445a3b2cf86af015ccffc096826064c4d8845ecd219463592e5cddb3d6c0cfa5fb29f93e1

Download Submit
\Program Files (x86)\iMyFone\iMyfone LockWiper (Android)\MFReview.dll

Filesize
447KB

MD5
f8f62014ee9ab3476aa3cee87e740542

SHA1
9716afded46f46a5a374d9b581350d39b94c7527

SHA256
b74eefd3abc2307d2a564e0f49fed6300ece8563486a463f4309b64306321417

SHA512
2a196819f5f408f3231145d43bf1692bc7863819d56cef7a88ea16a6abcc43b6a2f224b3eca8ca42d3a03355afe1c5973143b9e9e20e2e4de921b0b14a15d441

Download Submit
\Program Files (x86)\iMyFone\iMyfone LockWiper (Android)\Qt5Core.dll

Filesize
4.5MB

MD5
4ab074cf76b2f7808fc80b7905cb4381

SHA1
e6fe2fbeaecece166e3e01d6412b0ba7c3949d34

SHA256
c608dc1ad8fd6ee34dbae6a8fd4bfc63dac6b3df99a5206cc146ced9bdfddfb6

SHA512
dbb9b0b3a0b6e88c075c9f5401642f2a9621388c7f9fb720e2431ce306702cec9a526f150061e9735ebc09595b73cdfc1026379e8a72701cc1bfe6701c08275f

Download Submit
\Program Files (x86)\iMyFone\iMyfone LockWiper (Android)\Qt5Gui.dll

Filesize
4.8MB

MD5
e5b3e66b27fae7c7b809de70c672819a

SHA1
0ee01ea5015c68ded568172ed3cd5a8fa55fccaa

SHA256
a85a88cd2c305f02bcca17efee78482e8ae0bd4ab53d21cae52f8ca54b2fa1ee

SHA512
60db69657514a5e76ea784575ee3400722cef46ce75320cf0a2bc660f25ec47b8d5dad9c35852fd636461622f85146a456a48029b2aed7e14eb7a9debe1564ba

Download Submit
\Program Files (x86)\iMyFone\iMyfone LockWiper (Android)\Qt5Network.dll

Filesize
836KB

MD5
010303c7a8a1c4655aa8287d3cf8f895

SHA1
f69f4c168c49818d05ee2a488df1690c91174a31

SHA256
6afe3c87df10640e6bd5079f7fb0125d11aee1f5bef33b19c2e9e978f36a3ec4

SHA512
06f9852859ec23f4109add1a37d815012b284aab40733d3810bbccec88f238070870aa2c6133fdc627ff550034371fc26899058e160f5d068bcf60fdb27cf247

Download Submit
\Program Files (x86)\iMyFone\iMyfone LockWiper (Android)\Qt5SerialPort.dll

Filesize
58KB

MD5
c5613cc6e4a39b08351ac90eaa76295d

SHA1
0c3c049c8fd5fb1bcd2d51c705572206e5824584

SHA256
60cafbb82a0966db4b17924bb0d6c56007cbbd5ee42e3281003f7d2b38c7762c

SHA512
6159081c89f392d3ca471887390894aa37e73abbedde7f4d21930f8e6205671a9069dc6d12aba2d44ed7f83f7be28f3db0b9618b928b341e99d65212711efee6

Download Submit
\Program Files (x86)\iMyFone\iMyfone LockWiper (Android)\Qt5Svg.dll

Filesize
245KB

MD5
faf85bc6b186d37751136d99a0ec520c

SHA1
91cf9427dfe5c75789db9c11df1636f9c3945044

SHA256
9437207d582952544abfc93967a67ede098bad1188d639891506ef4714ec9d0d

SHA512
9f489b565b63d82a9257d10f9b2fc7075b52d22adc33e2cdfc3e0da0ab147f0cd089490f2fbf1aff8b16b53c8b21d672ccb4a439350dccea23200b9170b8e042

Download Submit
\Program Files (x86)\iMyFone\iMyfone LockWiper (Android)\Qt5Widgets.dll

Filesize
4.3MB

MD5
9e537342ce77c05d1ee899bdf3205905

SHA1
502289a117c44082d61d07916bc21ef43cf88e73

SHA256
7faabdc43c77c54c023011c84e1cca9fdf8851c654875170457341a8ef55f362

SHA512
a0334e753c4fad7692e521ed4925fb098c6c0fd0e7d6d03424276c8e4d18d862f80e1a4e7bd709b959b123d71018e330fa7096a743148a57f6ec52b405af1215

Download Submit
\Program Files (x86)\iMyFone\iMyfone LockWiper (Android)\ServerZip.dll

Filesize
57KB

MD5
ae42ee4968ba402481cb887ae170abf1

SHA1
13866658f61759175f352ce412f167226974c6a7

SHA256
a0ad0adc9cfb6bbc5ccc1b5a14a034416fe1baaf46f2ac18e82a615fb2745080

SHA512
649f4259a95618da6718dc7e97248333020311a76b1220b028471abb9663875e102bbbf6fdf900c9518286b5187acfee397bb74ac1753caea7d90a804073ed94

Download Submit
\Program Files (x86)\iMyFone\iMyfone LockWiper (Android)\SoftMgr.dll

Filesize
251KB

MD5
f54567a91299f2bfec09f1a6573b7c9b

SHA1
6cda6974692dafe566963dced4798b2623315057

SHA256
2f5edfc184930b53457298460180d72f9d54a044d6ee5c8f936e6276a1419696

SHA512
d97f05f61a6aaf550f0d08e3c1a2aacca237e53800dfdce881f0baa757f06476795ce120c60e6bd39987e3ab0328565bbec917bf1c1b48f54e940bb86dd6ea30

Download Submit
\Program Files (x86)\iMyFone\iMyfone LockWiper (Android)\dbghelp.dll

Filesize
488KB

MD5
e84c4d2d6b9db024ca81926b97da29a4

SHA1
c87a10ac99004548e1c45ade9198ac426bd10857

SHA256
b3043e2c7041959541d3ca57e7a5f5def0579233082f69c5148dcdba3083c4a7

SHA512
b7b9e5073b86b8108672735a03899ed308a1a3f9da2276bc3abddd2acadc911764f5ef69f368697643059a1939ae7dc65fe45c39cb5b2e3e4b8eea9b9d42c675

Download Submit
\Program Files (x86)\iMyFone\iMyfone LockWiper (Android)\libMFCore.dll

Filesize
389KB

MD5
52031b41fd6c04d41cc48ff6798f5b1f

SHA1
e01fc319e79cc1831684f09941cf1246efb9c98d

SHA256
e64184d641e8cc82fa9ebea5065c732a134f415af5f80690b86c7d12c8b50acb

SHA512
3d1908c298f6fddb4f1888d5ec648f788fdb2fe607f16e0d83ce1849d8fff3bb6a3d8d9ac7886db4b84c2e801f7b9085924528f691ecb72b042f850b84c07d39

Download Submit
\Program Files (x86)\iMyFone\iMyfone LockWiper (Android)\libeay32.dll

Filesize
1.2MB

MD5
ba3b4f2441902051a36d254c5c6b8579

SHA1
9bf6f9f0ff11a64c665f21c66ace8050edd4044d

SHA256
57f88903c1aa7a6be11f20b81434cfca113ecbe3b94f97d4494a7328103b49de

SHA512
6c8204b5d58e2b1dc4e1b3991633f4eec31600468c2bdfe2f0ffded12621e8c7e2fa19c95057876abdde01ce9cd2a4cc4cb5888741b73582a362f8070ab56ee8

Download Submit
\Program Files (x86)\iMyFone\iMyfone LockWiper (Android)\libwdi.dll

Filesize
6.5MB

MD5
409305d809c6b85ee68b822f24b205a1

SHA1
850fcc2c40d88e3ea3f24099a186b59595ce95dc

SHA256
21fc014f29221a3d07d4ee4b54a4e99b718bd65da9e2def7f488ce9d12e65c72

SHA512
5c1e5726fe0a4a15917655201b3af7396f963a85c2f326873cadbff39b5d97a5d6b6313f26062a66c89b19d6529e75944009c1dc60780331c87733c6f2da0b36

Download Submit
\Program Files (x86)\iMyFone\iMyfone LockWiper (Android)\msvcp120.dll

Filesize
444KB

MD5
fd5cabbe52272bd76007b68186ebaf00

SHA1
efd1e306c1092c17f6944cc6bf9a1bfad4d14613

SHA256
87c42ca155473e4e71857d03497c8cbc28fa8ff7f2c8d72e8a1f39b71078f608

SHA512
1563c8257d85274267089cd4aeac0884a2a300ff17f84bdb64d567300543aa9cd57101d8408d0077b01a600ddf2e804f7890902c2590af103d2c53ff03d9e4a5

Download Submit
\Program Files (x86)\iMyFone\iMyfone LockWiper (Android)\msvcr120.dll

Filesize
948KB

MD5
034ccadc1c073e4216e9466b720f9849

SHA1
f19e9d8317161edc7d3e963cc0fc46bd5e4a55a1

SHA256
86e39b5995af0e042fcdaa85fe2aefd7c9ddc7ad65e6327bd5e7058bc3ab615f

SHA512
5f11ef92d936669ee834a5cef5c7d0e7703bf05d03dc4f09b9dcfe048d7d5adfaab6a9c7f42e8080a5e9aad44a35f39f3940d5cca20623d9cafe373c635570f7

Download Submit
\Program Files (x86)\iMyFone\iMyfone LockWiper (Android)\platforms\qwindows.dll

Filesize
988KB

MD5
3d376b01b31ee624dc3a74080dfb6d85

SHA1
d9d58d2a4be67932604950ad41f821f64ffdc23c

SHA256
b361e735ad7c73205de022dd7c3cc360b3cc0a4355b1dd5d893d574130ae080b

SHA512
4b6fb6c760929f17679d7e002d7673a2d0cc07a29959702face04e8422fffd536311edf5d6c15ec8c7bbf785fa79dc742433c3570445316bf680a1a5d6cdc010

Download Submit
\Program Files (x86)\iMyFone\iMyfone LockWiper (Android)\quazip.dll

Filesize
133KB

MD5
722a6e521dc180a294468e88a8309cf6

SHA1
4d21ede36576ecf85ca75f75c391f8919561a223

SHA256
2d62133e7005988a787d4c27877af405a22b17b25e5c4ccedda9bb3da86d9fff

SHA512
e936111aec6a43a584820a253d9ccdacbd2caf964400800ae23f192721382081be0876c512a57204b866fe511f6deb5b29906c0e8f60f0411d9d1de934260245

Download Submit
\Program Files (x86)\iMyFone\iMyfone LockWiper (Android)\ssleay32.dll

Filesize
285KB

MD5
8395b7476bff99ed1d0e3ecf193daa73

SHA1
e277a19b1cf2b99c6c795d98974903b023284611

SHA256
68888761306a2eefa9908f25290c95f79974af3744c9e7c3955f1c780b808f07

SHA512
226c26ad3b833ea44c7506200d494ceb406f9d1563719c54488b95304f6569b830a175e01143c3507d0822dfd301f4b5220c3c54aafd66746ab146d582a503b1

Download Submit
\Program Files (x86)\iMyFone\iMyfone LockWiper (Android)\vcruntime140.dll

Filesize
81KB

MD5
8e65e033799eb9fd46bc5c184e7d1b85

SHA1
e1cc5313be1f7df4c43697f8f701305585fe4e71

SHA256
be38a38e22128af9a529af33d1f02dd24b2a344d29175939e229cf3a280673e4

SHA512
e0207fe2c327e7a66c42f23b3cbabc771d3819275dc970a9fa82d7af5f26606685644b8ea511f87ec511eb3a086a9506adec96c01c1b80b788c253bd0d459fbd

Download Submit
\Program Files (x86)\iMyFone\iMyfone LockWiper (Android)\zlib1.dll

Filesize
105KB

MD5
b8a9e91134e7c89440a0f95470d5e47b

SHA1
3cbcee30fc0a7e9807931bc0dafceb627042bfc9

SHA256
42967a768f341d9ce5174eb38a4d63754c3c41739e7d88f4e39cd7354c1fac71

SHA512
e8583ea94b9d1321889359317e367abc88e90e96d0d9243258244a527ffa2b13ab97d0787693ca328960ceb934ea11eefd14abafd640a654473c26e420d2ec54

Download Submit
\Users\Admin\AppData\Local\Temp\is-63GSR.tmp\ServiceManagerDll.dll

Filesize
121KB

MD5
e3347b84ba64c587c0d9d0c9774269e1

SHA1
52a7cbce91be484e8a6bd47db807187205e945fc

SHA256
14509c05b0701f8646ee1ab4c7714256ce50eb874348965cd6f90a7955c410e3

SHA512
69317ff80e983157740ebc5f01edab7f0331b467015e2fd10e027b0b01d1082437d2a1911efd33d7f9be356a73d948632bc1a409c522d88ff1b9b2b9dbdb7854

Download Submit
memory/716-3763-0x0000000000400000-0x000000000043F000-memory.dmp

Filesize
252KB

Download
memory/716-175-0x0000000000400000-0x000000000043F000-memory.dmp

Filesize
252KB

Download
memory/716-93-0x0000000000400000-0x000000000043F000-memory.dmp

Filesize
252KB

Download
memory/716-95-0x0000000000401000-0x0000000000412000-memory.dmp

Filesize
68KB

Download
memory/1408-3764-0x000001AEF0220000-0x000001AEF0230000-memory.dmp

Filesize
64KB

Download
memory/1408-3780-0x000001AEF0320000-0x000001AEF0330000-memory.dmp

Filesize
64KB

Download
memory/1408-3799-0x000001AEED4D0000-0x000001AEED4D2000-memory.dmp

Filesize
8KB

Download
memory/2060-3808-0x00000272E6220000-0x00000272E6320000-memory.dmp

Filesize
1024KB

Download
memory/2060-3807-0x00000272E6220000-0x00000272E6320000-memory.dmp

Filesize
1024KB

Download
memory/2828-3830-0x00000125B9170000-0x00000125B9172000-memory.dmp

Filesize
8KB

Download
memory/2828-3827-0x00000125B9140000-0x00000125B9142000-memory.dmp

Filesize
8KB

Download
memory/2828-3832-0x00000125B9190000-0x00000125B9192000-memory.dmp

Filesize
8KB

Download
memory/2828-3928-0x00000125CACC0000-0x00000125CACC2000-memory.dmp

Filesize
8KB

Download
memory/2828-3975-0x00000125CACF0000-0x00000125CACF2000-memory.dmp

Filesize
8KB

Download
memory/2828-3977-0x00000125CB7D0000-0x00000125CB7D2000-memory.dmp

Filesize
8KB

Download
memory/4196-2048-0x0000000000400000-0x0000000000543000-memory.dmp

Filesize
1.3MB

Download
memory/4196-236-0x0000000000400000-0x0000000000543000-memory.dmp

Filesize
1.3MB

Download
memory/4196-3762-0x0000000000400000-0x0000000000543000-memory.dmp

Filesize
1.3MB

Download
memory/4196-287-0x0000000000400000-0x0000000000543000-memory.dmp

Filesize
1.3MB

Download
memory/4196-415-0x0000000000400000-0x0000000000543000-memory.dmp

Filesize
1.3MB

Download
memory/4196-872-0x0000000000400000-0x0000000000543000-memory.dmp

Filesize
1.3MB

Download
memory/4196-3558-0x0000000000400000-0x0000000000543000-memory.dmp

Filesize
1.3MB

Download
memory/4196-893-0x0000000000400000-0x0000000000543000-memory.dmp

Filesize
1.3MB

Download