afafb08014624a207962aa90ebe07e753259f32bbd4f593d3d29858d7699ba41

Analysis

max time kernel
166s
max time network
207s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
04/09/2024, 01:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

imyfone-lockwiper-android_setup-com_es.exe
Size

4.4MB
MD5

5db7070d89a51b9485e3e1015deb9880
SHA1

a5d337cc3bece4fafbf55a552bcdfb4ec499c317
SHA256

afafb08014624a207962aa90ebe07e753259f32bbd4f593d3d29858d7699ba41
SHA512

4fa728d50c62797766684f04e109d4e1191f7e59a3d37c4c493da266b8d54a8e48d45f50086e3fddf719f366ff74775c57c6ede226e646616db171e63e52fd02
SSDEEP

98304:NlMp7Y4RkGDYcwa49eY3SuOKoLSdILstIe7K9WOb7R:7Mp7Y4dCa493STBdsZeg4

Score

5^/10

discovery

Malware Config

Signatures

Drops file in System32 directory 1 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\iMyFone LockWiper (Android)\iMyFone LockWiper (Android).lnk	imyfone-download.tmp

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\iMyFone\iMyfone LockWiper (Android)\skin\PictureNormal\RemoveSreecnLock\is-8RMJJ.tmp	imyfone-download.tmp
File created	C:\Program Files (x86)\iMyFone\iMyfone LockWiper (Android)\skin\PictureNormal\RemoveSreecnLock\INFIINIX\Page1\is-NRASI.tmp	imyfone-download.tmp
File created	C:\Program Files (x86)\iMyFone\iMyfone LockWiper (Android)\FeedbackRes\skin\gif\is-VMPR3.tmp	imyfone-download.tmp
File created	C:\Program Files (x86)\iMyFone\iMyfone LockWiper (Android)\language\Feedback\is-2I210.tmp	imyfone-download.tmp
File created	C:\Program Files (x86)\iMyFone\iMyfone LockWiper (Android)\MFDriver\amd64\is-0V28U.tmp	imyfone-download.tmp
File created	C:\Program Files (x86)\iMyFone\iMyfone LockWiper (Android)\skin\PictureNormal\CDownloadDriverWidget\is-0KGKF.tmp	imyfone-download.tmp
File created	C:\Program Files (x86)\iMyFone\iMyfone LockWiper (Android)\skin\PictureNormal\gif\Activity\is-L2Q4K.tmp	imyfone-download.tmp
File created	C:\Program Files (x86)\iMyFone\iMyfone LockWiper (Android)\skin\PictureNormal\RemoveSreecnLock\VIVO\Page3\is-V2JBL.tmp	imyfone-download.tmp
File created	C:\Program Files (x86)\iMyFone\iMyfone LockWiper (Android)\Loaders\oppo\is-IGDJ2.tmp	imyfone-download.tmp
File created	C:\Program Files (x86)\iMyFone\iMyfone LockWiper (Android)\MFDriver\i386\is-KBOLO.tmp	imyfone-download.tmp
File created	C:\Program Files (x86)\iMyFone\iMyfone LockWiper (Android)\skin\Application\is-ADPM4.tmp	imyfone-download.tmp
File created	C:\Program Files (x86)\imyfone_down\imyfone-lockwiper-android_setup-com_es\language\Dutch\text.ini	imyfone-lockwiper-android_setup-com_es.exe
File created	C:\Program Files (x86)\imyfone_down\imyfone-lockwiper-android_setup-com_es\language\Portuguese\pr_1.png	imyfone-lockwiper-android_setup-com_es.exe
File opened for modification	C:\Program Files (x86)\iMyFone\iMyfone LockWiper (Android)\adk\drivers\x86\libusbK.dll	imyfone-download.tmp
File opened for modification	C:\Program Files (x86)\iMyFone\iMyfone LockWiper (Android)\MFDriver\amd64\WdfCoInstaller01009.dll	imyfone-download.tmp
File created	C:\Program Files (x86)\iMyFone\iMyfone LockWiper (Android)\adk\drivers\license\libusb0\is-D5BKN.tmp	imyfone-download.tmp
File created	C:\Program Files (x86)\iMyFone\iMyfone LockWiper (Android)\skin\PictureNormal\RemoveSreecnLock\SAMSUNG\WithBixby\Page3\is-5KTGJ.tmp	imyfone-download.tmp
File created	C:\Program Files (x86)\iMyFone\iMyfone LockWiper (Android)\skin\PictureNormal\Discount\GetDiscount\is-IGI1S.tmp	imyfone-download.tmp
File created	C:\Program Files (x86)\imyfone_down\imyfone-lockwiper-android_setup-com_es\language\English\pr_2.png	imyfone-lockwiper-android_setup-com_es.exe
File opened for modification	C:\Program Files (x86)\iMyFone\iMyfone LockWiper (Android)\FixAndroidSystem.dll	imyfone-download.tmp
File created	C:\Program Files (x86)\iMyFone\iMyfone LockWiper (Android)\is-S0HQU.tmp	imyfone-download.tmp
File created	C:\Program Files (x86)\iMyFone\iMyfone LockWiper (Android)\skin\PictureNormal\CSelectFrpTypeView\is-MEJ5E.tmp	imyfone-download.tmp
File created	C:\Program Files (x86)\iMyFone\iMyfone LockWiper (Android)\skin\PictureNormal\RemoveSreecnLock\is-KP565.tmp	imyfone-download.tmp
File created	C:\Program Files (x86)\iMyFone\iMyfone LockWiper (Android)\iMyFone_Unlock\is-AEOHQ.tmp	imyfone-download.tmp
File created	C:\Program Files (x86)\iMyFone\iMyfone LockWiper (Android)\Loaders\oppo\is-PVGH5.tmp	imyfone-download.tmp
File created	C:\Program Files (x86)\iMyFone\iMyfone LockWiper (Android)\skin\PictureNormal\CCustomTimerDlg\is-MUT7I.tmp	imyfone-download.tmp
File created	C:\Program Files (x86)\iMyFone\iMyfone LockWiper (Android)\skin\PictureNormal\Member\is-916A3.tmp	imyfone-download.tmp
File created	C:\Program Files (x86)\iMyFone\iMyfone LockWiper (Android)\FeedbackRes\skin\checkbox\is-GUAPC.tmp	imyfone-download.tmp
File created	C:\Program Files (x86)\iMyFone\iMyfone LockWiper (Android)\skin\PictureNormal\gif\Gift2\is-8KL7Q.tmp	imyfone-download.tmp
File created	C:\Program Files (x86)\iMyFone\iMyfone LockWiper (Android)\skin\qss\is-OJ1QH.tmp	imyfone-download.tmp
File created	C:\Program Files (x86)\iMyFone\iMyfone LockWiper (Android)\skin\PictureNormal\MFCore\is-BFI88.tmp	imyfone-download.tmp
File created	C:\Program Files (x86)\iMyFone\iMyfone LockWiper (Android)\skin\PictureNormal\RemoveSreecnLock\MOTOROLA\Page3\is-BJQVU.tmp	imyfone-download.tmp
File created	C:\Program Files (x86)\iMyFone\iMyfone LockWiper (Android)\is-IQA86.tmp	imyfone-download.tmp
File created	C:\Program Files (x86)\iMyFone\iMyfone LockWiper (Android)\adk\drivers\amd64\is-I333D.tmp	imyfone-download.tmp
File created	C:\Program Files (x86)\iMyFone\iMyfone LockWiper (Android)\Config\Config_Local\is-3MSBO.tmp	imyfone-download.tmp
File created	C:\Program Files (x86)\iMyFone\iMyfone LockWiper (Android)\Config\Config_Local\is-QDIIE.tmp	imyfone-download.tmp
File created	C:\Program Files (x86)\iMyFone\iMyfone LockWiper (Android)\skin\PictureNormal\Member\is-TMN0Q.tmp	imyfone-download.tmp
File opened for modification	C:\Program Files (x86)\iMyFone\iMyfone LockWiper (Android)\adk\cert\cewmdm.dll	imyfone-download.tmp
File created	C:\Program Files (x86)\iMyFone\iMyfone LockWiper (Android)\skin\PictureNormal\gif\Activity\is-G3HDM.tmp	imyfone-download.tmp
File created	C:\Program Files (x86)\iMyFone\iMyfone LockWiper (Android)\skin\PictureNormal\Member\is-7OFLJ.tmp	imyfone-download.tmp
File created	C:\Program Files (x86)\iMyFone\iMyfone LockWiper (Android)\skin\PictureNormal\Member\trial_limit\is-C81IF.tmp	imyfone-download.tmp
File opened for modification	C:\Program Files (x86)\iMyFone\iMyfone LockWiper (Android)\9008\amd64\libusb0_x86.dll	imyfone-download.tmp
File created	C:\Program Files (x86)\iMyFone\iMyfone LockWiper (Android)\is-OFLML.tmp	imyfone-download.tmp
File created	C:\Program Files (x86)\iMyFone\iMyfone LockWiper (Android)\FeedbackRes\skin\button\is-4T7E8.tmp	imyfone-download.tmp
File created	C:\Program Files (x86)\iMyFone\iMyfone LockWiper (Android)\skin\Application\is-8PH7G.tmp	imyfone-download.tmp
File created	C:\Program Files (x86)\iMyFone\iMyfone LockWiper (Android)\skin\PictureNormal\RemoveSreecnLock\SAMSUNG\WithBixby\Page2\is-5QUIR.tmp	imyfone-download.tmp
File created	C:\Program Files (x86)\iMyFone\iMyfone LockWiper (Android)\skin\PictureNormal\RemoveSreecnLock\MOTOROLA\Page1\is-AFU88.tmp	imyfone-download.tmp
File created	C:\Program Files (x86)\iMyFone\iMyfone LockWiper (Android)\is-U0EMF.tmp	imyfone-download.tmp
File created	C:\Program Files (x86)\iMyFone\iMyfone LockWiper (Android)\adk\cert\is-A9H4G.tmp	imyfone-download.tmp
File created	C:\Program Files (x86)\iMyFone\iMyfone LockWiper (Android)\FeedbackRes\skin\Application\is-4HO8C.tmp	imyfone-download.tmp
File created	C:\Program Files (x86)\iMyFone\iMyfone LockWiper (Android)\skin\PictureNormal\gif\Gift2\is-3H3F6.tmp	imyfone-download.tmp
File created	C:\Program Files (x86)\iMyFone\iMyfone LockWiper (Android)\skin\PictureNormal\Member\is-58PV0.tmp	imyfone-download.tmp
File created	C:\Program Files (x86)\iMyFone\iMyfone LockWiper (Android)\9008\amd64\is-KS6CQ.tmp	imyfone-download.tmp
File created	C:\Program Files (x86)\iMyFone\iMyfone LockWiper (Android)\Review\language\is-U64CG.tmp	imyfone-download.tmp
File created	C:\Program Files (x86)\iMyFone\iMyfone LockWiper (Android)\skin\button\is-5UP7F.tmp	imyfone-download.tmp
File created	C:\Program Files (x86)\iMyFone\iMyfone LockWiper (Android)\skin\PictureNormal\gif\Gift1\is-QHJ3T.tmp	imyfone-download.tmp
File created	C:\Program Files (x86)\iMyFone\iMyfone LockWiper (Android)\skin\PictureNormal\RemoveSreecnLock\MORE\WithOutBixby\Page2\is-PS822.tmp	imyfone-download.tmp
File created	C:\Program Files (x86)\iMyFone\iMyfone LockWiper (Android)\skin\PictureNormal\RemoveSreecnLock\VIVO\Page1\is-5D7F0.tmp	imyfone-download.tmp
File created	C:\Program Files (x86)\iMyFone\iMyfone LockWiper (Android)\skin\PictureNormal\gif\Gift1\is-CF1NK.tmp	imyfone-download.tmp
File created	C:\Program Files (x86)\iMyFone\iMyfone LockWiper (Android)\skin\PictureNormal\gif\Gift2\is-D152F.tmp	imyfone-download.tmp
File created	C:\Program Files (x86)\iMyFone\iMyfone LockWiper (Android)\skin\PictureNormal\MFCore\is-EV9BI.tmp	imyfone-download.tmp
File created	C:\Program Files (x86)\iMyFone\iMyfone LockWiper (Android)\skin\PictureNormal\RemoveSreecnLock\HUAWEI\Page1\is-NR70H.tmp	imyfone-download.tmp
File created	C:\Program Files (x86)\iMyFone\iMyfone LockWiper (Android)\skin\PictureNormal\RemoveSreecnLock\LG\Page2\is-861IA.tmp	imyfone-download.tmp
File created	C:\Program Files (x86)\iMyFone\iMyfone LockWiper (Android)\skin\PictureNormal\EquityBuyView\icon\is-K2K1V.tmp	imyfone-download.tmp

Executes dropped EXE 2 IoCs

pid	Process
1244	imyfone-download.exe
2840	imyfone-download.tmp

Loads dropped DLL 12 IoCs

pid	Process
1868	imyfone-lockwiper-android_setup-com_es.exe
1244	imyfone-download.exe
2840	imyfone-download.tmp
2840	imyfone-download.tmp
2840	imyfone-download.tmp
2840	imyfone-download.tmp
2840	imyfone-download.tmp
2840	imyfone-download.tmp
2840	imyfone-download.tmp
2840	imyfone-download.tmp
2840	imyfone-download.tmp
2840	imyfone-download.tmp

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 13 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	sdiagnhost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	imyfone-download.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	sdiagnhost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	imyfone-lockwiper-android_setup-com_es.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	imyfone-download.tmp
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	msdt.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe

Kills process with taskkill 3 IoCs

evasion

pid	Process
1692	taskkill.exe
1804	taskkill.exe
2060	taskkill.exe

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{0601CC91-6A5E-11EF-9204-FE6EB537C9A6} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = b09020e06afeda01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "431575620"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d793ad506ece624c80bd99362738d9070000000002000000000010660000000100002000000030ddbebb79ec2d854a100fe159de54a67bf19e2b16839a49081426ba27cb584e000000000e80000000020000200000002d12d0832505888d444a849163d68870718579e66500ee67d31d662ba3e4322c200000002d0eb35a0272f10dc9745fd46f9a4b0a2a4c678ad5a1065594d6b2ff09f9bef44000000088ee19a20eb797ccd7d8d791327ded55d2be1810659bea190a1d0c9e125f8348760161bef244b6db69e38fff12cb66ba951a482cefca155992435de8843dac3f	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d793ad506ece624c80bd99362738d907000000000200000000001066000000010000200000004f4cc94429e71606a2e2613614eb6ce7d7569a281eb0a8f03bc37190a7dca19a000000000e800000000200002000000041a433293451be6280a01a41ce07df5621444e1578f7a68215387380bf440bd8900000001d8ec5584deedf6e23338086ea62fd1451e909f24ba0a441663d877c403e2e5948378c628c61cd0f55514da797d698dd94456243528cacbcb8de5466ee26778267ff583164cd77d82a91eafde0bc162cdc13f21956a2398c33536998ba2c5ef874a531fd41c0490e4fc31007dee44bc57ac5ba30a8e2cf9ba0e77bb9c940bc5cbdec415452c6ffb849e132fad77571b540000000a6aa16a50fc8921fa5da673e60a041e17484b8a67ba10e54b9237e9b44c5eb5941647b9977a324db98803a704f72c1b6f86b6541f32b325ea4889a5d31c5d9bb	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
1868	imyfone-lockwiper-android_setup-com_es.exe
1868	imyfone-lockwiper-android_setup-com_es.exe
2840	imyfone-download.tmp
2840	imyfone-download.tmp
2840	imyfone-download.tmp
1868	imyfone-lockwiper-android_setup-com_es.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeDebugPrivilege	1692	taskkill.exe
Token: SeDebugPrivilege	1804	taskkill.exe
Token: SeDebugPrivilege	2060	taskkill.exe

Suspicious use of FindShellTrayWindow 4 IoCs

pid	Process
1868	imyfone-lockwiper-android_setup-com_es.exe
2840	imyfone-download.tmp
2564	iexplore.exe
1656	msdt.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2564	iexplore.exe
2564	iexplore.exe
2656	IEXPLORE.EXE
2656	IEXPLORE.EXE
2656	IEXPLORE.EXE
2656	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 47 IoCs

description	pid	Process	procid_target
PID 1868 wrote to memory of 1244	1868	imyfone-lockwiper-android_setup-com_es.exe	31
PID 1868 wrote to memory of 1244	1868	imyfone-lockwiper-android_setup-com_es.exe	31
PID 1868 wrote to memory of 1244	1868	imyfone-lockwiper-android_setup-com_es.exe	31
PID 1868 wrote to memory of 1244	1868	imyfone-lockwiper-android_setup-com_es.exe	31
PID 1244 wrote to memory of 2840	1244	imyfone-download.exe	32
PID 1244 wrote to memory of 2840	1244	imyfone-download.exe	32
PID 1244 wrote to memory of 2840	1244	imyfone-download.exe	32
PID 1244 wrote to memory of 2840	1244	imyfone-download.exe	32
PID 1244 wrote to memory of 2840	1244	imyfone-download.exe	32
PID 1244 wrote to memory of 2840	1244	imyfone-download.exe	32
PID 1244 wrote to memory of 2840	1244	imyfone-download.exe	32
PID 2840 wrote to memory of 2716	2840	imyfone-download.tmp	34
PID 2840 wrote to memory of 2716	2840	imyfone-download.tmp	34
PID 2840 wrote to memory of 2716	2840	imyfone-download.tmp	34
PID 2840 wrote to memory of 2716	2840	imyfone-download.tmp	34
PID 2716 wrote to memory of 1692	2716	cmd.exe	36
PID 2716 wrote to memory of 1692	2716	cmd.exe	36
PID 2716 wrote to memory of 1692	2716	cmd.exe	36
PID 2716 wrote to memory of 1692	2716	cmd.exe	36
PID 2840 wrote to memory of 1300	2840	imyfone-download.tmp	37
PID 2840 wrote to memory of 1300	2840	imyfone-download.tmp	37
PID 2840 wrote to memory of 1300	2840	imyfone-download.tmp	37
PID 2840 wrote to memory of 1300	2840	imyfone-download.tmp	37
PID 1300 wrote to memory of 1804	1300	cmd.exe	39
PID 1300 wrote to memory of 1804	1300	cmd.exe	39
PID 1300 wrote to memory of 1804	1300	cmd.exe	39
PID 1300 wrote to memory of 1804	1300	cmd.exe	39
PID 2840 wrote to memory of 828	2840	imyfone-download.tmp	40
PID 2840 wrote to memory of 828	2840	imyfone-download.tmp	40
PID 2840 wrote to memory of 828	2840	imyfone-download.tmp	40
PID 2840 wrote to memory of 828	2840	imyfone-download.tmp	40
PID 828 wrote to memory of 2060	828	cmd.exe	42
PID 828 wrote to memory of 2060	828	cmd.exe	42
PID 828 wrote to memory of 2060	828	cmd.exe	42
PID 828 wrote to memory of 2060	828	cmd.exe	42
PID 1868 wrote to memory of 2564	1868	imyfone-lockwiper-android_setup-com_es.exe	44
PID 1868 wrote to memory of 2564	1868	imyfone-lockwiper-android_setup-com_es.exe	44
PID 1868 wrote to memory of 2564	1868	imyfone-lockwiper-android_setup-com_es.exe	44
PID 1868 wrote to memory of 2564	1868	imyfone-lockwiper-android_setup-com_es.exe	44
PID 2564 wrote to memory of 2656	2564	iexplore.exe	45
PID 2564 wrote to memory of 2656	2564	iexplore.exe	45
PID 2564 wrote to memory of 2656	2564	iexplore.exe	45
PID 2564 wrote to memory of 2656	2564	iexplore.exe	45
PID 2656 wrote to memory of 1656	2656	IEXPLORE.EXE	48
PID 2656 wrote to memory of 1656	2656	IEXPLORE.EXE	48
PID 2656 wrote to memory of 1656	2656	IEXPLORE.EXE	48
PID 2656 wrote to memory of 1656	2656	IEXPLORE.EXE	48

C:\Users\Admin\AppData\Local\Temp\imyfone-lockwiper-android_setup-com_es.exe
"C:\Users\Admin\AppData\Local\Temp\imyfone-lockwiper-android_setup-com_es.exe"
1⤵
- Drops file in Program Files directory
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:1868
- C:\Program Files (x86)\imyfone_down\imyfone-lockwiper-android_setup-com_es\imyfone-download.exe
  /verysilent /imyfone_down /wait_run /path="C:\Program Files (x86)\" /progress="C:\Program Files (x86)\imyfone_down\imyfone-lockwiper-android_setup-com_es\temp.progress"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:1244
- - C:\Users\Admin\AppData\Local\Temp\is-O6OSN.tmp\imyfone-download.tmp
    "C:\Users\Admin\AppData\Local\Temp\is-O6OSN.tmp\imyfone-download.tmp" /SL5="$8001C,211903884,214016,C:\Program Files (x86)\imyfone_down\imyfone-lockwiper-android_setup-com_es\imyfone-download.exe" /verysilent /imyfone_down /wait_run /path="C:\Program Files (x86)\" /progress="C:\Program Files (x86)\imyfone_down\imyfone-lockwiper-android_setup-com_es\temp.progress"
    3⤵
    - Drops file in System32 directory
    - Drops file in Program Files directory
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of WriteProcessMemory
    PID:2840
  - - C:\Windows\SysWOW64\cmd.exe
      "cmd.exe" /c taskkill /f /t /im adb.exe
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious use of WriteProcessMemory
      PID:2716
    - - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /f /t /im adb.exe
        5⤵
        System Location Discovery: System Language Discovery
        Kills process with taskkill
        Suspicious use of AdjustPrivilegeToken
        
        PID:1692
  - - C:\Windows\SysWOW64\cmd.exe
      "cmd.exe" /c taskkill /f /t /im appAutoUpdate.exe
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious use of WriteProcessMemory
      PID:1300
    - - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /f /t /im appAutoUpdate.exe
        5⤵
        System Location Discovery: System Language Discovery
        Kills process with taskkill
        Suspicious use of AdjustPrivilegeToken
        
        PID:1804
  - - C:\Windows\SysWOW64\cmd.exe
      "cmd.exe" /c taskkill /f /t /im Feedback.exe
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious use of WriteProcessMemory
      PID:828
    - - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /f /t /im Feedback.exe
        5⤵
        System Location Discovery: System Language Discovery
        Kills process with taskkill
        Suspicious use of AdjustPrivilegeToken
        
        PID:2060
- C:\Program Files\Internet Explorer\iexplore.exe
  "C:\Program Files\Internet Explorer\iexplore.exe" https://apipdm.imyfone.club/producturl?key=installed&lang=english&pid=36&custom=com_es
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2564
- - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2564 CREDAT:275457 /prefetch:2
    3⤵
    - System Location Discovery: System Language Discovery
    - Modifies Internet Explorer settings
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2656
  - - C:\Windows\SysWOW64\msdt.exe
      -modal 262606 -skip TRUE -path C:\Windows\diagnostics\system\networking -af C:\Users\Admin\AppData\Local\Temp\NDFFCFD.tmp -ep NetworkDiagnosticsWeb
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious use of FindShellTrayWindow
      PID:1656

C:\Windows\SysWOW64\sdiagnhost.exe
C:\Windows\SysWOW64\sdiagnhost.exe -Embedding
1⤵
- System Location Discovery: System Language Discovery
PID:292

C:\Windows\SysWOW64\sdiagnhost.exe
C:\Windows\SysWOW64\sdiagnhost.exe -Embedding
1⤵
- System Location Discovery: System Language Discovery
PID:1188

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\iMyFone\iMyfone LockWiper (Android)\9008\x86\is-5LPD9.tmp

Filesize
45KB

MD5
7adf671e367a345905efb078985e18ab

SHA1
ec18e4253e8d283b5605061777a867d0d9d622ac

SHA256
a706653edddb4837b798b1f6f44fcd4cc4e75827a08f0336cbc713e468a4a5a4

SHA512
e6b1c4b65264e2653bf5ddca350b5c523cff0ee57e2550170f718f817b08dcef074aa6a5dee7167abcf089ecd6a717fa1dc4a9fac8d20035c8b9f5a24991e8bc

Download Submit
C:\Program Files (x86)\iMyFone\iMyfone LockWiper (Android)\FeedbackRes\skin\checkbox\is-B9O9N.tmp

Filesize
1KB

MD5
0477fc5c12416aec453923c43ec88f8a

SHA1
715c2ab6451fd3645d6ef37d64e9b719e73edc93

SHA256
d89fde6f6ab2654952f13443c17de79994e9b09bed46d4cc0ad72fb671fcd226

SHA512
af0f18d951e3a4fd1730478860df64bf985f35f2fecdff9e2f8770f671cebc4b3d5416afd97eacd908e3fdb9e9d445c736be07969c66bb33fe22b9f41a2830a8

Download Submit
C:\Program Files (x86)\iMyFone\iMyfone LockWiper (Android)\FeedbackRes\skin\checkbox\is-GUAPC.tmp

Filesize
1002B

MD5
5685d26630c6bfcd3d9cc50f119cd6cb

SHA1
1bf92368209ebc7bd053568f383a6f2d8a24c3dc

SHA256
fd71375897871b53f4f31b8818e3a4dd1ad7fde4d3ec7aa4e71230907d115dfe

SHA512
1cd9677942e98a5418405382b8923d5a2e2064ec079a6f1477094609c5497f7de36f0a55be7926546ec4b89c99bb420be0f8ec54d08ed81b5761d5f5f65a4ed0

Download Submit
C:\Program Files (x86)\iMyFone\iMyfone LockWiper (Android)\MFDriver\amd64\is-FQUKO.tmp

Filesize
979KB

MD5
246900ce6474718730ecd4f873234cf5

SHA1
0c84b56c82e4624824154d27926ded1c45f4b331

SHA256
981a17effddbc20377512ddaec9f22c2b7067e17a3e2a8ccf82bb7bb7b2420b6

SHA512
6a9e305bfbfb57d8f8fd16edabef9291a8a97e4b9c2ae90622f6c056e518a0a731fbb3e33a2591d87c8e4293d0f983ec515e6a241792962257b82401a8811d5c

Download Submit
C:\Program Files (x86)\iMyFone\iMyfone LockWiper (Android)\MFDriver\i386\is-29QR6.tmp

Filesize
831KB

MD5
8e7b9f81e8823fee2d82f7de3a44300b

SHA1
1633b3715014c90d1c552cd757ef5de33c161dee

SHA256
ebe3b7708dd974ee87efed3113028d266af87ca8dbae77c47c6f7612824d3d6c

SHA512
9ae37b2747589a0eb312473d895ef87404f4a395a27e15855826a75b4711ea934ca9a2b289df0abe0a8825dec2d5654a0b1603cf0b039fe25662359b730ce1a9

Download Submit
C:\Program Files (x86)\iMyFone\iMyfone LockWiper (Android)\adk\drivers\x86\is-6BFTM.tmp

Filesize
166KB

MD5
3935ec3158d0e488da1929b77edd1633

SHA1
bd6d94704b29b6cef3927796bfe22a2d09ee4fe7

SHA256
87cbd1f3bf5ab72089a879df110263784602a574c0ae83f428df57ae2f8115db

SHA512
5173891b1dfad2298910236a786c7b9bbcfce641491a25f933022088c81465fb93fd2385d270e9a0632f674355538da464d1edacf511140d6f31d91d1afe64fc

Download Submit
C:\Program Files (x86)\iMyFone\iMyfone LockWiper (Android)\code.txt

Filesize
17KB

MD5
e6dbed317bb14c9192cf283761a61366

SHA1
656e2530c4acbe1c5e170aaa387a767ffd10e933

SHA256
f9d340d02832ffcdeb372519f8acc0ddf25c77d22770f1d3b562483f699903e7

SHA512
9402dc71c33fa0018ec292accdcb1e65a3f55950fd0e1bbae737a5c0f720f8d7e0781caa772d66dbb121badf5b81c46d76b0c546715913d2698a9fe6fa50f474

Download Submit
C:\Program Files (x86)\iMyFone\iMyfone LockWiper (Android)\language\main\is-FLS40.tmp

Filesize
6KB

MD5
c54165a5be80a02ccbe804b7f371b745

SHA1
3c90025f06e7dbccf1ec5898973bbcd11083fb38

SHA256
e48d00382640bd79a47d3b12c3fec25cd798b511abe4c137c0a291c6c149900d

SHA512
21d59f2fbe77e9dc1ed0591312dd31a1eacfc54a71d784e4f9f1c98f354367c421fd2d676c5c63a25acecd8d4244fcc3dc56c8b862a2519bed45f01e4ef46fc1

Download Submit
C:\Program Files (x86)\iMyFone\iMyfone LockWiper (Android)\skin\Application\is-CPMGA.tmp

Filesize
12KB

MD5
31ff5be8b666d0d82b0baa2febf0fab5

SHA1
fcfec80ebea0879dcba65af67065c501745ffdc2

SHA256
22f65e8e6d073b77d707a78ce8aa9e9e515a991e676a1db1119a5e55daf0e325

SHA512
d7ab30096a29a89d54802471d5abd9d9a4483e90c260f1e19e9523135f1cc80aec7b7c48b8cff6d001e5e9c65c2996837b1cf5babcbed6fb960d813482568fde

Download Submit
C:\Program Files (x86)\iMyFone\iMyfone LockWiper (Android)\skin\Application\is-I3ARF.tmp

Filesize
1KB

MD5
3bb382dae5481ea4f4b8dd85b6ef90e4

SHA1
308762f19e465a2d88ff297b015d8136e2d14ba1

SHA256
371f095cf8cfdf56629b4d91eb6151a73341b42714a4e338087387d30789e3f5

SHA512
a4897c55782e329af5177380f0600c2ddb8e77556a2226e03334f0e209a6965374c889a5b412814a7b5f75554840a818cb5caa769174332a9498b1a2c50bd8d3

Download Submit
C:\Program Files (x86)\iMyFone\iMyfone LockWiper (Android)\skin\PictureNormal\RemoveSreecnLock\GOOGLE\Page3\4.png

Filesize
23KB

MD5
5c88dda9e31ec3d8bf9af0658bf95ba7

SHA1
f03bd0811239d20189cd35507944f9e3afa0403e

SHA256
35ab8c0017ce61106e66809a0201361024c0be9514bd0379cbcc7570eb243aad

SHA512
0fe9739031cb4d4014323b21bcf4b92f4d80011e37de8234cac6449353504bb91abda55c1e4c64692f3332a74a695643272fba1252c226e7471c6d4fc1920e21

Download Submit
C:\Program Files (x86)\iMyFone\iMyfone LockWiper (Android)\skin\PictureNormal\RemoveSreecnLock\GOOGLE\Page3\is-N9CDA.tmp

Filesize
24KB

MD5
cd3434e370fe655d55d78e3d01559bfb

SHA1
44cb5bef8d61373cb59816ad433d5b33747e6edc

SHA256
d246f38887873ec7bb5dbfeb0e359edc7992da480c6f04dd784fa0d32937fb28

SHA512
a7626ea59a70df3fb32c2c90c248679e7531c3306c8ef1296e9b81699b6687c5ae6f137f8b498c50692790e1a1414f5a66ac0fd5bc4110880df527856481a45f

Download Submit
C:\Program Files (x86)\iMyFone\iMyfone LockWiper (Android)\skin\PictureNormal\RemoveSreecnLock\HUAWEI\Page1\is-NR70H.tmp

Filesize
17KB

MD5
94ed32273c88108e984dc103a87e2231

SHA1
7113c6b305f32decfacf53bfba8ce854cf4c4d3b

SHA256
5d2227d47fedf38abcd9191f1c380a817ae8eaf80c1c63ebecbf34a9dddeab12

SHA512
410315b251a7a1b63e4094185e147789aa229e5412e5b263905ddee8bd854c0164d2801bf52262ca386c314d51221f9c91ce0166b4d5e3197ca60884727093dd

Download Submit
C:\Program Files (x86)\iMyFone\iMyfone LockWiper (Android)\skin\PictureNormal\RemoveSreecnLock\INFIINIX\Page1\is-SM5QI.tmp

Filesize
8KB

MD5
3d3de7d1bb59cb1cf36cbf510ba9b5d8

SHA1
63e4a41c1e0d555d5369cc7fd8a3374ce7bfc6a1

SHA256
42b75244805c62c141033ee7c74ab572f3b3eac0f4b1a160f71aca775cc1f9a3

SHA512
b301e998e7cb2992322e35fac834f4b393463d9e35d242f3fcabd39a048d42e71cfa468ad13347acedb996c2524ae05164f8c6bf630ccc59b84b87df69e7c6a5

Download Submit
C:\Program Files (x86)\iMyFone\iMyfone LockWiper (Android)\skin\PictureNormal\RemoveSreecnLock\INFIINIX\Page2\is-8OPKF.tmp

Filesize
23KB

MD5
4e23976bc7cc785d678d106d33672320

SHA1
e5fc9964c89a60006830fbbec09cf36b630e799b

SHA256
0826ae26ff430b3cb46f5db123c10c1e020d14c15b3151c68320f1a9e362a988

SHA512
281192096f5a376dcf7a77ffba7fd93982f7767f9d98c1d0d16c22e358e58280e1e898db04567a3ca49c0aeb3f35e6cad2f2307aebf215d59d91fead77364786

Download Submit
C:\Program Files (x86)\iMyFone\iMyfone LockWiper (Android)\skin\PictureNormal\RemoveSreecnLock\INFIINIX\Page2\is-A0ACG.tmp

Filesize
18KB

MD5
a618c67ccbb2b56be2baec639ef5c7d7

SHA1
16de3f742ecdf59180c21ce2ed6ab80ebc1107d4

SHA256
7c447590270682a9176360e2a35a92c26d1ace4447847989e3af3b7bc4410e40

SHA512
2dcdc028645e768c351a69708da8c18c2dfcc6e2755c624bc009f2fc7c7a6b10720d5e2eb94ec43f929c423af613f3c6ccfa82b9417eac62c8efe01ddd125f70

Download Submit
C:\Program Files (x86)\iMyFone\iMyfone LockWiper (Android)\skin\PictureNormal\RemoveSreecnLock\MEIZU\Page1\is-ANFTQ.tmp

Filesize
8KB

MD5
d81ee08391a0c5aaa68cdf260d919440

SHA1
b499d90b2669f12d81eef4a4f3eecdbcfa94b7a4

SHA256
9850a3e6cff8d95800ca5a16394862a3416a951fb64a05bcdcc9a5609fbe6847

SHA512
2bfe3edcc8a60eb69ed73562bae62eee8f54defe429407c0e9f89702bf5a26ba5c866c6da4ad82e7ac795bd3b6843451fe91156fb02fe3976b621039d23fc947

Download Submit
C:\Program Files (x86)\iMyFone\iMyfone LockWiper (Android)\skin\PictureNormal\RemoveSreecnLock\MEIZU\Page1\is-DU48E.tmp

Filesize
11KB

MD5
36595dde336e3099b45f0f45e757d66c

SHA1
e08f888aadfae7fc76226d6e3b0ef164bd38a12e

SHA256
a89b4190ac22ce1a25def80beb94c506bab4d2ba403c0fd99f8683e87be58d81

SHA512
743999f3fe672a3907218a41848ae35a9fd70c9ed68c9e405cfd454870b5fa64e0b8aab8077e755678ee79e87dc18aea625ade1e7496534eda79926ba4881dfc

Download Submit
C:\Program Files (x86)\iMyFone\iMyfone LockWiper (Android)\skin\PictureNormal\RemoveSreecnLock\MORE\WithOutBixby\Page1\is-9GQ9E.tmp

Filesize
24KB

MD5
0d9529813a83c25ac28b64e0e0efcaec

SHA1
0b62ca4d39437a5ec0d1689c2f983b5bcf2d6dc6

SHA256
cf0d585c0157d746bbebb0b67013f9425588a5a1ebe655d6a1a696610930b8eb

SHA512
c77790ca1fa54d0db8c00eecdf9a0efc5ada8e6bcd428f38b9d4ffbdc68f157e10975671847331963e9ba261c3a62ebcf1788445638c254d014b6561069f030b

Download Submit
C:\Program Files (x86)\iMyFone\iMyfone LockWiper (Android)\skin\PictureNormal\RemoveSreecnLock\SAMSUNG\HomeButton\Page3\is-1DN0S.tmp

Filesize
24KB

MD5
15dcd8dccf8ce0cac5bd5c5e8321a190

SHA1
2d6d01e4765cc3170c71211fb45a6a1d1860b276

SHA256
a67147b6f190b64b790671c75afbfa32987bf6c27e25fd27899dc16cc3acf305

SHA512
4c5a980b26b2daacd21b1e804c8a874d53d3f0057b238b9d596fe533caf161d701b1a78f6ac7633fed5afffab9ea458718f85fd5e6fab19a635bf9be42e38aa9

Download Submit
C:\Program Files (x86)\iMyFone\iMyfone LockWiper (Android)\skin\PictureNormal\RemoveSreecnLock\SAMSUNG\HomeButton\Page3\is-2GC6S.tmp

Filesize
24KB

MD5
c837d307f1c84c2c60f1b3ebc3d19002

SHA1
4a37b641d58f31cfbf1ccedba78db9d64c220451

SHA256
adffb31bee7ea242745cccb5bcce1b402be9e95ccb7ccc97667ad4f74270829c

SHA512
b7b7598ceea56521a7ea188a31cdf6e43947712178be8aa1c0804792806c9e271e4a01356d91d16c24864d9a93e53e13055e1fc2f8927c8136fd8c8c9248e678

Download Submit
C:\Program Files (x86)\iMyFone\iMyfone LockWiper (Android)\skin\PictureNormal\RemoveSreecnLock\SAMSUNG\HomeButton\Page3\is-VEL6R.tmp

Filesize
19KB

MD5
f37585c4fa14dea2b735bae1233a3e99

SHA1
93f1bce4edf0ba42dcd92f5d935b036346ef12b1

SHA256
69ccd5eba0c59aef2e1815b587872f80fc8014484d1ff70bd9ecf848228c32fa

SHA512
ee894367be6e980111576431562f45ccebff1669c8403914ad398eee0a09a70cc942ca2f7bdd707042c4571c1f2c33007060b962c50b620d7057a85559ef0f71

Download Submit
C:\Program Files (x86)\iMyFone\iMyfone LockWiper (Android)\skin\PictureNormal\RemoveSreecnLock\SONY\Page1\is-4VHRA.tmp

Filesize
10KB

MD5
ba0021e18bd6bc6a56a1f3e1527fe44f

SHA1
af40cbf67c0dc11aea81ae3991b19f4fa6b8bb26

SHA256
7a044f96aff2d6d1120fbd3b2a370d51b21e541a446ec8124d35c707a190476a

SHA512
c24c76d6847e3bb46432494547e0857d6bad31921f2928282a27a821f2d7d4c77d162b6bf5ac9b50d07add59f3d6c2d0d25eb7c8d6cf980f4a7c21db601d5796

Download Submit
C:\Program Files (x86)\iMyFone\iMyfone LockWiper (Android)\skin\PictureNormal\RemoveSreecnLock\XIAOMI\Page1\is-LPOMB.tmp

Filesize
10KB

MD5
05ebb2515445233b33676c55e2515129

SHA1
e7cf12141785acead302f56446775f5f9de68daa

SHA256
442511999e0afbafb7d700106ba77fba14c4c071be22fd83685695a34855eccf

SHA512
66af9da877cff7b440fe8e16aa5f769fbd939a1e5c4735bf2598000a9adeda36464ac2042489a0d7798cff587bbcab0d3b7065908a9429a471b67e1b75dfa44a

Download Submit
C:\Program Files (x86)\iMyFone\iMyfone LockWiper (Android)\skin\PictureNormal\RemoveSreecnLock\ZTE\Page1\is-CPSE8.tmp

Filesize
10KB

MD5
017d83a49b94d01c7076397270a375a8

SHA1
5ee90c9319293a26fae18811508157cc6974ba7c

SHA256
d61aabe396d1a1af847e79239e78371bee86a8acd737b87bf438f0c509ec28ec

SHA512
13a1f5143f5ab429a3daeb28f7025deaf9aad7c5e09de150646e82e36f1988601ce88dd86373c30471f3a70c9e5075dc194c7d84ca8e2764d171087d87591a4a

Download Submit
C:\Program Files (x86)\imyfone_down\imyfone-lockwiper-android_setup-com_es\language\English\pr_1.png

Filesize
32KB

MD5
ec84b98b5366976f23d02e24468cbf8a

SHA1
412af591cb4d33fb6877360910cedbcfb22d74fc

SHA256
60cdaa366a05a8dd43d91f89d5e06b3e8991b4b42af0acee769fc2720a3c92c6

SHA512
265d60ea5f2d736c3417bee74bd8972f4e795aeb8083e6a67fbd2adc3e9c681a7c3c64d3cdda960bc8a784403313fc2fd7482c580d8226cbcbc3d08abc88c7b4

Download Submit
C:\Program Files (x86)\imyfone_down\imyfone-lockwiper-android_setup-com_es\language\English\pr_2.png

Filesize
33KB

MD5
5d5084b0ab189eb3be78a8cd4b145cec

SHA1
6fa7e8234b60182fd0ace7f66290306542e8bc9e

SHA256
04f85b78440f8b4b3ea44254bfeed298b367fd6c4ba8b5a0a2aec551427f4d00

SHA512
0a3e5b34174aecfd5377fbe98d267fde0c18eed1ffd77a811c1d10f09e6b352c76b5f3e50150a80d938c41b6862bb07001240be3e9aa44c87c406a05e5ce423a

Download Submit
C:\Program Files (x86)\imyfone_down\imyfone-lockwiper-android_setup-com_es\language\English\pr_3.png

Filesize
59KB

MD5
a56ab015e87698ac32143fde4acfab79

SHA1
8e7bcfff55c7309918ad234cb5b0d6925105a451

SHA256
daf13da1c4d4c31c0ab87a1b5da348dbf52e861d6c3b795234b1f9c5d2c4b4cc

SHA512
d3ed8d53a26f0e5ccc0cfadc6cf49e1a45b76c331bd43db93c2c3e658a29e1455a4013647d5910673fa99957f9d9a464900018f3a7039eb9c394821a148483b5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6574731ef3d3b3c30742d7d67f0b6862

SHA1
183f55c5b5c3bc371fb29d0a8cdb9b7a634af41c

SHA256
d3520355dd47bf846d766e7edec5b58bd4102067de825f2188e9cf1be4447830

SHA512
a4e51ee3307b13dd9e42675f8da3de57ba345e1f8aed939d1253c8fbb8aee5710c7ebe31ebb615a6e3e448769646ee624a3145b825daad5b51a3da097e1cb1b1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b15833beeadb0731dfeb3a75c2e5f90b

SHA1
5f717c664f55a0608c52c1d2906196fbcc6402f9

SHA256
d0c23bbb3f25cc0ebc7b57863ceedcab9e6f117d2df7d4451877ce9b0d01d959

SHA512
6e584bc046ddfb42a47a696b0b5d2e78e84d36d929cb539d9945a575009e32e4aba358e7068b9917bc869758843c52a51b95d76191c68e8dfbcba0870730f399

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0ad1b509b427630fa5756b43ef187a5a

SHA1
43bd633244e7acbb002d81309575466fdf360620

SHA256
c1752efeecfb6b86fd5c539075e08c72ead16d40a9aa6a98085438f1a7502365

SHA512
3d50213b7a335e25edacfe95768f5e264c2197c9c671d5c80088c0005e4234d075dac8ed4a7963c2970c8e02bada5a0abb8339b23e1df0cf37bc0d66dabbf73e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2d8ed0ca3ac6bd0f45f1c4f576d4ee45

SHA1
7b8ba77727bbcf5d1d7248974ce93d2cf3af9831

SHA256
a8434acf7ed45b24b0e9dd97300b537bcadeb3cea754c32ea3b9401933e1ce13

SHA512
bc5a3edc269c714ca96be821a498e1bb0cbcf1cff2df6edcc496228457522a5d2b90bf2349a08c50552b1706ac68b6da624767570d8af13a9565c8a6706d7692

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4b18fa290b7bd0b484ea92639dd04fe7

SHA1
e7f16b4e5621fc6cb5ee2f35bd6a904fb1f83796

SHA256
f2c910f4c1f10f8f431d49099d58f416f42011cbc15ca1a594735dca4fb4ca56

SHA512
4aab141658368fa5ebad33c3b5e81ea96b2a924dcff5598a378364b0e7234ff45e87bebe4261d8866a2fab49415b3b9da7513ac9bc4b2a3dfeabe5c4000be7c3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3a9df2b12502e4c1c9f459e6eecf1285

SHA1
e003605a88ffa881dc89c8af611a5ba36d5ef2bf

SHA256
fd60f37522fbac05b5d6eea9dab639957c4969fdee288fd47748ca112c250634

SHA512
f2b3f6fcbf33b801b6dd93932cc819f9d51fbbd0853293dfb931d15c2581dfd27d0ff7a013426df3e85bb4cc645e0a8ba4d054138fc6aa446557f053f9a7c770

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
12d4ab29c613525e61503104bdde04f2

SHA1
d528f008f737409f408cd8d00c339ba07bfc2ad1

SHA256
5e1bdad4e9359aabe0f61a8288ab59d0419eea1060786bceec6afe4566053986

SHA512
85e5ea0f427a5ffcde7cb87ed60aa5ee79e51a339e56aee3da1800e89338eff76ebbca1f4fa377d7c3d997dc88b45745f4ff59a0ab1271f4ff6507a995580f0a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
80238fc8d3afad22325e2c3358eedba2

SHA1
06e4425bc44061cccc401f3c97e3c85ea9accd8e

SHA256
94515b06ee54bd5bfd4e170120e326dcfe1a3463b5e5446833dc237ec3cc86d5

SHA512
6780181c1f3d708e6037c588f6796c89f285b3ff7a7457a1a1fea8ef157b5291c948e908ead00a37ecbcf79960b65e3eb1907eb47351e4564c12d3a9badb97ce

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c3e3a0f1ce339578a93f9fbe38b18e1e

SHA1
976a19f50c3f7f40a6c947ec5d904b780261466f

SHA256
e902491f4d832920c25d3fec2cb77b3cbe648b38549e130f17e5be8035aa9db3

SHA512
e3be6dc22c3545c4ed12e7b7fee804edc099324ddc7d65b18a5f6feef8c4948fa905360b352a7f99837a90429662923e74b3a347893b034d7a9a247c56ddc04a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
19db42a8553576110f592f8c6ed346ce

SHA1
a63b930dd12a9f3f8022ce7ae9d7b8db0c3f8e99

SHA256
28ce9815bc932b67e6f14ec0be8511a8abc7c0c335063ecbb49b339c0e2ff367

SHA512
575ffc4789ff7fec3ec14da8184bd32a67bbe09075b41ca525d332cc7ae6795f60996ef5e29bd67e6e953c662d494a5765932267a85b7f73eeb87dae3a3ce393

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2d1a9a197d7f046ea201a0833383d8aa

SHA1
7da0611cdb72c542ea7fb58db2eacc0a3c9dc15d

SHA256
bd36b67fd36911e1b48edef8027a71fb17c61578470dca5bf04f44740c7165a5

SHA512
cbdfaebb468b4bdb016587d5139fc7604446c5df3e4303311635ede80202115efc1d32454ca06267647799fd2c6bf7de7db93052d1d6cfd7e43b6aa27b388e65

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a5caf3ec97ee102b22cedc3013d63c06

SHA1
7bc363e1469dc5cf87a978292e254be865d20cb1

SHA256
48e65bdbc43cde971c1379ab52468ae20cc0648cad95adc2d30a0e6163484393

SHA512
d5f455eead48555fa03873420f48770c31e392c72a13345cff05e2abf5934eaf25b0643433c8d52e9790040bda5bfebf2c58b6e9ae960a75807141f399be0f0b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
43b5d6faf5dc2f307f186f7388305434

SHA1
5776691947e9f5c9a5af47967bf204ccfe2a4f5c

SHA256
82bf811e344f557e08dc4ae90e9cdbe3c7ca81a920b7bca250acd6029d5f0791

SHA512
619118b5893485692fb4602d23f2de20f32df9776443ae76fb49e9cd704b0311b35b8ae82701acb9ceb03ba101db32ebb77f66f626e4e1ed1398203e53d969d5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
291b507995e1f2d69b689628e3330b5e

SHA1
a9b4cba78ae9ac82a6192c3b0a16edb820905502

SHA256
20f12f8c0845b3eab69fb5a5fc1f7466eb2721495a842281340c35cf71f05b65

SHA512
3f2482b713f8fc20c8524fbb17ddddcadc98531a439089d2fd40e5b4dee2770e61201cd3938eb8f0f6ddca5c0e9566338fc190cd7e24775d8bb8879f38e729d0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
25440d34f83a412900030e7648ba7f20

SHA1
e532b00e0ed3cf6a544276507f06a8f901ac9f0f

SHA256
e402cf93afc4bf6dfbb10810afd52fc62437f3f7309bdf36bcc207dcdb9fe63d

SHA512
e6d1800443ac725137069249d994c5fb933d4c9db24acf26b530151163a46566bb57b6891c78f8076c2f80892ec002b28ff24416deda41474c724a7275aaed13

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8b55cebdaf26e52ba50537ac92831afb

SHA1
5f741a63a51077f5889ba9e89245279417db636c

SHA256
a669a5f90424fd1b4bad5a0509df69d49f84073c74552a13e4515500633e362c

SHA512
fbecab8afe924b799c3213b662fbe30524b1c45d5e67e79cca631c20f2c114eb0f390b3d5f7d52de866e4b5866fdfc1ddb3ab2561b05acde02ef81dbd68325fd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
89c6810768731b3270610d56d39de743

SHA1
1beb548398b038ac830c8eaebc001a6ae37a3752

SHA256
cfe7ec6bc49ae94911404f405eec51a75114a3df72b1d2faf809bc48a5bce44e

SHA512
c7feac0fc009a26ec07b3328ae9ce3b5b62af60bd26043c87e03ee7db119e7c855e6b5c147bcd94e3e95b9ea937a2e060dbe89462ccc8d9a5ca6242019c55779

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
39642867b4e87d441f8de1ca8fbdcfe7

SHA1
45d9308ab942e5780d86130a83e46fc6401a1ff0

SHA256
3213833969dd3f78a98f4a67b959b8570f5a3356ad77022969c6adc5fab04c13

SHA512
15d4bafa414c1245a071765d6028bcd65e9ae4c4f60d1f13b085e9b783912af26c5d0dbba393f4aaa7e1cd833edf194a98deba18752c813055fbfc67e02f9801

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2729c199f2d7b3bc83589f1411ecd761

SHA1
041c22ce11183863b8c7c66c4e2444e36650b773

SHA256
afc64944cb104dd15ed1c3702fd62064a3469fb28dec041b9ba595d180bb2010

SHA512
30a2a2a60d2604a083e9d6344a6577974f5c94c4e26084566e8099018c92d515106a07960be30a7c4ae33bc7dd015f3e47a9de18b807f56934cd9aad148dcba2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6a66db395a694704df0603d49ee2c874

SHA1
d7e8392897987687b46e6ce5b76d780a25c2095f

SHA256
a41a2c0802f584785611e209afdc2ea0f76e79099b5f9c87f0c3942a77d246b0

SHA512
6eed309a94346ebc70bd5d04c6f0408b365b9862abdd4240892d30d759c28957f84c32b0b14d7f0264ac8d39dfd78a7378d6b4bf7c084b83531cebab492f5161

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
dfd7d90b6e8c79b992b3892618414ee4

SHA1
31a0e035a98e5fe9e590524a0cd711a3e23c023d

SHA256
6dfade62d3c12a79cfafec2885689c8107120c01ada3ca858359e3f1fecde565

SHA512
1eaaf8b305ba174d62722de36bef45b46a2b618e323fc02a0580ff3bac9203c2e6260330846b271c07874dabee6cd11c074082c7ed1e2716d1b54ca88bdea9fe

Download Submit
C:\Users\Admin\AppData\Local\ElevatedDiagnostics\460911090\2024090401.000\NetworkDiagnostics.0.debugreport.xml

Filesize
66KB

MD5
2cdd6c6a6698618bb57af0249481d694

SHA1
62b640a3d94ccceb33c4da51b89fc519fda1e106

SHA256
253158a43607dd5698222234dc9c3ea454fece156bef021477ba13dd4365a794

SHA512
1b5b0d33b88913f85c9901555ea20798076e13c69a198ea8a7af2260fad33a4f435ad536aadfc0920189207204a75afa45e89cb51184a19e9e3bf12dfeac4758

Download Submit
C:\Users\Admin\AppData\Local\ElevatedDiagnostics\460911090\2024090401.000\NetworkDiagnostics.1.debugreport.xml

Filesize
7KB

MD5
39d9fec751cac3699175783c7f6988ad

SHA1
efa5fafdff192a91a0d6c46d403f8903b9d6ddcb

SHA256
004ea3f9f79d3b88040ee8baedb0ca536560dea7b32fe6d26fd89e56316f80c0

SHA512
a216809a36713368c33674573d9d0679370c628fe9031d94d47f2c4dde1c0b440056d1e5faa6a885051f23ecadd248816baccf0f207e56455684163bd69db2c7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\01LB6K3J\httpErrorPagesScripts[1]

Filesize
8KB

MD5
3f57b781cb3ef114dd0b665151571b7b

SHA1
ce6a63f996df3a1cccb81720e21204b825e0238c

SHA256
46e019fa34465f4ed096a9665d1827b54553931ad82e98be01edb1ddbc94d3ad

SHA512
8cbf4ef582332ae7ea605f910ad6f8a4bc28513482409fa84f08943a72cac2cf0fa32b6af4c20c697e1fac2c5ba16b5a64a23af0c11eefbf69625b8f9f90c8fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CXRG2YQS\errorPageStrings[1]

Filesize
2KB

MD5
e3e4a98353f119b80b323302f26b78fa

SHA1
20ee35a370cdd3a8a7d04b506410300fd0a6a864

SHA256
9466d620dc57835a2475f8f71e304f54aee7160e134ba160baae0f19e5e71e66

SHA512
d8e4d73c76804a5abebd5dbc3a86dcdb6e73107b873175a8de67332c113fb7c4899890bf7972e467866fa4cd100a7e2a10a770e5a9c41cbf23b54351b771dcee

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab251F.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\NDFFCFD.tmp

Filesize
3KB

MD5
1ff3bb5a11927081f64630c55d5dc033

SHA1
91483ba1984215e7826455c85f00672628172345

SHA256
2a95eb681b1445bbbe3b059b45256ed2144dc035c2ae3c90206288ca8ed6cf96

SHA512
7fa114588ab247bff9868568d21b8c9ca2e6a83c5ff6eaeafdf5fc4be4ff71d95503aa4ee9490d515bd69a1f3e692a09502956145d6297d15c839c6d4e5edaeb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar2551.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-O6OSN.tmp\imyfone-download.tmp

Filesize
1.2MB

MD5
bc9be66f43b6806de2e0fb438657a1ac

SHA1
e75f252b02fcd7aa519708cfc8dda6b60a9aa4dc

SHA256
5d126f24e0d90d5869fd2482ebe9608d129c4ac0e1dc2c5556f8c5f5aff4aa57

SHA512
7d8d885abfe084de183f30ae6708c0088eed2f2d02134ca1b1c077b9dee21905aa0aa1377ec4cb60287d84a23872882e9f52debc01a5970dd16d65f1987adf62

Download Submit
C:\Windows\TEMP\SDIAG_8a905c80-147c-41c8-abbf-bb607299ff8e\NetworkDiagnosticsTroubleshoot.ps1

Filesize
23KB

MD5
1d192ce36953dbb7dc7ee0d04c57ad8d

SHA1
7008e759cb47bf74a4ea4cd911de158ef00ace84

SHA256
935a231924ae5d4a017b0c99d4a5f3904ef280cea4b3f727d365283e26e8a756

SHA512
e864ac74e9425a6c7f1be2bbc87df9423408e16429cb61fa1de8875356226293aa07558b2fafdd5d0597254474204f5ba181f4e96c2bc754f1f414748f80a129

Download Submit
C:\Windows\TEMP\SDIAG_8a905c80-147c-41c8-abbf-bb607299ff8e\StartDPSService.ps1

Filesize
567B

MD5
a660422059d953c6d681b53a6977100e

SHA1
0c95dd05514d062354c0eecc9ae8d437123305bb

SHA256
d19677234127c38a52aec23686775a8eb3f4e3a406f4a11804d97602d6c31813

SHA512
26f8cf9ac95ff649ecc2ed349bc6c7c3a04b188594d5c3289af8f2768ab59672bc95ffefcc83ed3ffa44edd0afeb16a4c2490e633a89fce7965843674d94b523

Download Submit
C:\Windows\TEMP\SDIAG_8a905c80-147c-41c8-abbf-bb607299ff8e\UtilityFunctions.ps1

Filesize
52KB

MD5
2f7c3db0c268cf1cf506fe6e8aecb8a0

SHA1
fb35af6b329d60b0ec92e24230eafc8e12b0a9f9

SHA256
886a625f71e0c35e5722423ed3aa0f5bff8d120356578ab81a64de2ab73d47f3

SHA512
322f2b1404a59ee86c492b58d56b8a6ed6ebc9b844a8c38b7bb0b0675234a3d5cfc9f1d08c38c218070e60ce949aa5322de7a2f87f952e8e653d0ca34ff0de45

Download Submit
C:\Windows\TEMP\SDIAG_8a905c80-147c-41c8-abbf-bb607299ff8e\UtilitySetConstants.ps1

Filesize
2KB

MD5
0c75ae5e75c3e181d13768909c8240ba

SHA1
288403fc4bedaacebccf4f74d3073f082ef70eb9

SHA256
de5c231c645d3ae1e13694284997721509f5de64ee5c96c966cdfda9e294db3f

SHA512
8fc944515f41a837c61a6c4e5181ca273607a89e48fbf86cf8eb8db837aed095aa04fc3043029c3b5cb3710d59abfd86f086ac198200f634bfb1a5dd0823406b

Download Submit
C:\Windows\TEMP\SDIAG_8a905c80-147c-41c8-abbf-bb607299ff8e\en-US\LocalizationData.psd1

Filesize
5KB

MD5
dc9be0fdf9a4e01693cfb7d8a0d49054

SHA1
74730fd9c9bd4537fd9a353fe4eafce9fcc105e6

SHA256
944186cd57d6adc23a9c28fc271ed92dd56efd6f3bb7c9826f7208ea1a1db440

SHA512
92ad96fa6b221882a481b36ff2b7114539eb65be46ee9e3139e45b72da80aac49174155483cba6254b10fff31f0119f07cbc529b1b69c45234c7bb61766aad66

Download Submit
C:\Windows\Temp\SDIAG_47f0784b-4747-4b15-8b37-9540025d05bd\DiagPackage.diagpkg

Filesize
152KB

MD5
c9fb87fa3460fae6d5d599236cfd77e2

SHA1
a5bf8241156e8a9d6f34d70d467a9b5055e087e7

SHA256
cde728c08a4e50a02fcff35c90ee2b3b33ab24c8b858f180b6a67bfa94def35f

SHA512
f4f0cb1b1c823dcd91f6cfe8d473c41343ebf7ed0e43690eecc290e37cee10c20a03612440f1169eef08cc8059aaa23580aa76dd86c1704c4569e8139f9781b3

Download Submit
C:\Windows\Temp\SDIAG_47f0784b-4747-4b15-8b37-9540025d05bd\result\results.xsl

Filesize
47KB

MD5
310e1da2344ba6ca96666fb639840ea9

SHA1
e8694edf9ee68782aa1de05470b884cc1a0e1ded

SHA256
67401342192babc27e62d4c1e0940409cc3f2bd28f77399e71d245eae8d3f63c

SHA512
62ab361ffea1f0b6ff1cc76c74b8e20c2499d72f3eb0c010d47dba7e6d723f9948dba3397ea26241a1a995cffce2a68cd0aaa1bb8d917dd8f4c8f3729fa6d244

Download Submit
C:\Windows\Temp\SDIAG_8a905c80-147c-41c8-abbf-bb607299ff8e\DiagPackage.dll

Filesize
478KB

MD5
4dae3266ab0bdb38766836008bf2c408

SHA1
1748737e777752491b2a147b7e5360eda4276364

SHA256
d2ff079b3f9a577f22856d1be0217376f140fcf156e3adf27ebe6149c9fd225a

SHA512
91fb8abd1832d785cd5a20da42c5143cd87a8ef49196c06cfb57a7a8de607f39543e8a36be9207842a992769b1c3c55d557519e59063f1f263b499f01887b01b

Download Submit
C:\Windows\Temp\SDIAG_8a905c80-147c-41c8-abbf-bb607299ff8e\en-US\DiagPackage.dll.mui

Filesize
13KB

MD5
1ccc67c44ae56a3b45cc256374e75ee1

SHA1
bbfc04c4b0220ae38fa3f3e2ea52b7370436ed1f

SHA256
030191d10ffb98cecd3f09ebdc606c768aaf566872f718303592fff06ba51367

SHA512
b67241f4ad582e50a32f0ecf53c11796aef9e5b125c4be02511e310b85bdfa3796579bbf3f0c8fe5f106a5591ec85e66d89e062b792ea38ca29cb3b03802f6c6

Download Submit
\Program Files (x86)\iMyFone\iMyfone LockWiper (Android)\LockWiperForAndroid.exe

Filesize
3.5MB

MD5
cd12f6712a4003fa187b82747e554e1c

SHA1
c0966ddd48fcc9367900808835b680a023f9c738

SHA256
656a875c223c7f638b9509308dca1c2509820cdc299d3d52f6d129662ef6b9c7

SHA512
23b18e2733d6734eea7042359b702196ec3888458c1539da68d4a6d6d5321055027ae6a6e427b6f1ff356c350e8e22dfc6ea1b00f9f0d934de0ca77b3b178207

Download Submit
\Program Files (x86)\iMyFone\iMyfone LockWiper (Android)\Uninstaller\unins000.exe

Filesize
1.2MB

MD5
f925c5d980ec7cab366ec75bcefd7937

SHA1
d03ab1179ca10736694bb16f52735eed630f8461

SHA256
1e29e4899430ad4675d4ccdc7e4b147ec8972eaf809c44994cc05b81001c50ac

SHA512
ac18250508a506bece76e33763a63b63161b22a06e47bb3945d70712f0a18f0fdb2b37f6d88f9efa8a1c76d4b1b7178efbeee6b4c3f4b3e3b05b76f70e37e7ce

Download Submit
\Program Files (x86)\iMyFone\iMyfone LockWiper (Android)\unins000.exe

Filesize
683KB

MD5
7f15ab99deed3dc1367da35664cb854b

SHA1
1278f806c7c6194866c42148e62ad0494789fdc4

SHA256
caed8996fabd4512f41888dab2a71462bbca1f49ea21a08e6d9ee689dd676700

SHA512
c16de8b8d56232d20c4ef20e20b3ded3bf6b10e1e3dc2efd52944a6549b8554e2f2423b4e646abd01b002a2301f01633bc41b0487add8fb4b5e2f507f31bd49d

Download Submit
\Users\Admin\AppData\Local\Temp\is-1THAD.tmp\ServiceManagerDll.dll

Filesize
121KB

MD5
e3347b84ba64c587c0d9d0c9774269e1

SHA1
52a7cbce91be484e8a6bd47db807187205e945fc

SHA256
14509c05b0701f8646ee1ab4c7714256ce50eb874348965cd6f90a7955c410e3

SHA512
69317ff80e983157740ebc5f01edab7f0331b467015e2fd10e027b0b01d1082437d2a1911efd33d7f9be356a73d948632bc1a409c522d88ff1b9b2b9dbdb7854

Download Submit
\Users\Admin\AppData\Local\Temp\is-1THAD.tmp\_isetup\_shfoldr.dll

Filesize
22KB

MD5
92dc6ef532fbb4a5c3201469a5b5eb63

SHA1
3e89ff837147c16b4e41c30d6c796374e0b8e62c

SHA256
9884e9d1b4f8a873ccbd81f8ad0ae257776d2348d027d811a56475e028360d87

SHA512
9908e573921d5dbc3454a1c0a6c969ab8a81cc2e8b5385391d46b1a738fb06a76aa3282e0e58d0d2ffa6f27c85668cd5178e1500b8a39b1bbae04366ae6a86d3

Download Submit
memory/1244-338-0x0000000000400000-0x000000000043F000-memory.dmp

Filesize
252KB

Download
memory/1244-3806-0x0000000000400000-0x000000000043F000-memory.dmp

Filesize
252KB

Download
memory/1244-145-0x0000000000400000-0x000000000043F000-memory.dmp

Filesize
252KB

Download
memory/1244-148-0x0000000000401000-0x0000000000412000-memory.dmp

Filesize
68KB

Download
memory/2840-3066-0x0000000000400000-0x0000000000543000-memory.dmp

Filesize
1.3MB

Download
memory/2840-936-0x0000000000400000-0x0000000000543000-memory.dmp

Filesize
1.3MB

Download
memory/2840-919-0x0000000000400000-0x0000000000543000-memory.dmp

Filesize
1.3MB

Download
memory/2840-340-0x0000000000400000-0x0000000000543000-memory.dmp

Filesize
1.3MB

Download
memory/2840-3805-0x0000000000400000-0x0000000000543000-memory.dmp

Filesize
1.3MB

Download
memory/2840-154-0x0000000000400000-0x0000000000543000-memory.dmp

Filesize
1.3MB

Download