afafb08014624a207962aa90ebe07e753259f32bbd4f593d3d29858d7699ba41

Analysis

max time kernel
181s
max time network
181s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
04/09/2024, 01:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

imyfone-lockwiper-android_setup-com_es.exe
Size

4.4MB
MD5

5db7070d89a51b9485e3e1015deb9880
SHA1

a5d337cc3bece4fafbf55a552bcdfb4ec499c317
SHA256

afafb08014624a207962aa90ebe07e753259f32bbd4f593d3d29858d7699ba41
SHA512

4fa728d50c62797766684f04e109d4e1191f7e59a3d37c4c493da266b8d54a8e48d45f50086e3fddf719f366ff74775c57c6ede226e646616db171e63e52fd02
SSDEEP

98304:NlMp7Y4RkGDYcwa49eY3SuOKoLSdILstIe7K9WOb7R:7Mp7Y4dCa493STBdsZeg4

Score

5^/10

discovery

Malware Config

Signatures

Drops file in System32 directory 1 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\iMyFone LockWiper (Android)\iMyFone LockWiper (Android).lnk	imyfone-download.tmp

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\iMyFone\iMyfone LockWiper (Android)\skin\PictureNormal\MFCore\is-PG16O.tmp	imyfone-download.tmp
File created	C:\Program Files (x86)\iMyFone\iMyfone LockWiper (Android)\skin\PictureNormal\RemoveSreecnLock\is-DR76O.tmp	imyfone-download.tmp
File opened for modification	C:\Program Files (x86)\iMyFone\iMyfone LockWiper (Android)\unins000.exe	imyfone-download.tmp
File created	C:\Program Files (x86)\iMyFone\iMyfone LockWiper (Android)\skin\PictureNormal\gif\Gift1\is-19TGM.tmp	imyfone-download.tmp
File created	C:\Program Files (x86)\iMyFone\iMyfone LockWiper (Android)\skin\PictureNormal\Member\is-7ETJE.tmp	imyfone-download.tmp
File created	C:\Program Files (x86)\iMyFone\iMyfone LockWiper (Android)\skin\PictureNormal\Member\is-7L584.tmp	imyfone-download.tmp
File created	C:\Program Files (x86)\iMyFone\iMyfone LockWiper (Android)\skin\PictureNormal\MFCore\is-757ER.tmp	imyfone-download.tmp
File created	C:\Program Files (x86)\iMyFone\iMyfone LockWiper (Android)\skin\PictureNormal\RemoveSreecnLock\ONEPLUS\Page3\is-41FCQ.tmp	imyfone-download.tmp
File created	C:\Program Files (x86)\iMyFone\iMyfone LockWiper (Android)\skin\qss\is-P6RIB.tmp	imyfone-download.tmp
File created	C:\Program Files (x86)\iMyFone\iMyfone LockWiper (Android)\skin\AndroidPermissionGuide\is-5DB7G.tmp	imyfone-download.tmp
File created	C:\Program Files (x86)\iMyFone\iMyfone LockWiper (Android)\skin\button\is-AS2UD.tmp	imyfone-download.tmp
File created	C:\Program Files (x86)\iMyFone\iMyfone LockWiper (Android)\skin\PictureNormal\CSelectFrpTypeView\is-FF9QT.tmp	imyfone-download.tmp
File created	C:\Program Files (x86)\iMyFone\iMyfone LockWiper (Android)\skin\PictureNormal\CToolBoxView\Details\is-KP2GM.tmp	imyfone-download.tmp
File created	C:\Program Files (x86)\iMyFone\iMyfone LockWiper (Android)\iconengines\is-2GK7B.tmp	imyfone-download.tmp
File created	C:\Program Files (x86)\iMyFone\iMyfone LockWiper (Android)\FeedbackRes\skin\gif\submitting\is-IJJUM.tmp	imyfone-download.tmp
File created	C:\Program Files (x86)\iMyFone\iMyfone LockWiper (Android)\skin\AndroidPermissionGuide\is-MCFGK.tmp	imyfone-download.tmp
File created	C:\Program Files (x86)\iMyFone\iMyfone LockWiper (Android)\is-6TKOD.tmp	imyfone-download.tmp
File created	C:\Program Files (x86)\iMyFone\iMyfone LockWiper (Android)\Review\language\is-IPJAO.tmp	imyfone-download.tmp
File created	C:\Program Files (x86)\iMyFone\iMyfone LockWiper (Android)\skin\PictureNormal\RemoveSreecnLock\is-TNMRD.tmp	imyfone-download.tmp
File created	C:\Program Files (x86)\iMyFone\iMyfone LockWiper (Android)\skin\PictureNormal\RemoveSreecnLock\GuideIndex\is-S6VCC.tmp	imyfone-download.tmp
File created	C:\Program Files (x86)\iMyFone\iMyfone LockWiper (Android)\skin\PictureNormal\RemoveSreecnLock\INFIINIX\Page2\is-J3NO9.tmp	imyfone-download.tmp
File created	C:\Program Files (x86)\iMyFone\iMyfone LockWiper (Android)\skin\PictureNormal\RemoveSreecnLock\SAMSUNG\HomeButton\Page1\is-M2BAJ.tmp	imyfone-download.tmp
File created	C:\Program Files (x86)\iMyFone\iMyfone LockWiper (Android)\skin\PictureNormal\ProgramExitDialog\is-R88VT.tmp	imyfone-download.tmp
File created	C:\Program Files (x86)\iMyFone\iMyfone LockWiper (Android)\skin\PictureNormal\RemoveSreecnLock\OPPO\Page1\is-P1NJ4.tmp	imyfone-download.tmp
File created	C:\Program Files (x86)\iMyFone\iMyfone LockWiper (Android)\language\qm\Register\is-OTL45.tmp	imyfone-download.tmp
File created	C:\Program Files (x86)\iMyFone\iMyfone LockWiper (Android)\skin\button\is-I6CBK.tmp	imyfone-download.tmp
File created	C:\Program Files (x86)\iMyFone\iMyfone LockWiper (Android)\skin\PictureNormal\gif\Gift1\is-27LTK.tmp	imyfone-download.tmp
File created	C:\Program Files (x86)\iMyFone\iMyfone LockWiper (Android)\skin\PictureNormal\gif\Gift1\is-DUTA9.tmp	imyfone-download.tmp
File created	C:\Program Files (x86)\iMyFone\iMyfone LockWiper (Android)\skin\AutoUpDate\is-NMDRT.tmp	imyfone-download.tmp
File opened for modification	C:\Program Files (x86)\iMyFone\iMyfone LockWiper (Android)\iMyFone_Unlock\Microsoft.WindowsAPICodePack.dll	imyfone-download.tmp
File created	C:\Program Files (x86)\iMyFone\iMyfone LockWiper (Android)\edlclient\Windows\is-QMD14.tmp	imyfone-download.tmp
File created	C:\Program Files (x86)\iMyFone\iMyfone LockWiper (Android)\FeedbackRes\skin\checkbox\is-L2E3N.tmp	imyfone-download.tmp
File created	C:\Program Files (x86)\iMyFone\iMyfone LockWiper (Android)\skin\Application\is-P14TK.tmp	imyfone-download.tmp
File opened for modification	C:\Program Files (x86)\iMyFone\iMyfone LockWiper (Android)\Qt5Xml.dll	imyfone-download.tmp
File created	C:\Program Files (x86)\iMyFone\iMyfone LockWiper (Android)\Loaders\oppo\is-BK6HN.tmp	imyfone-download.tmp
File created	C:\Program Files (x86)\iMyFone\iMyfone LockWiper (Android)\skin\PictureNormal\Member\is-OARN2.tmp	imyfone-download.tmp
File created	C:\Program Files (x86)\iMyFone\iMyfone LockWiper (Android)\skin\PictureNormal\gif\Gift2\is-B5D6G.tmp	imyfone-download.tmp
File created	C:\Program Files (x86)\iMyFone\iMyfone LockWiper (Android)\skin\PictureNormal\RemoveSreecnLock\MEIZU\Page1\is-VSBOT.tmp	imyfone-download.tmp
File created	C:\Program Files (x86)\iMyFone\iMyfone LockWiper (Android)\skin\PictureNormal\ReviewImage\is-R09I3.tmp	imyfone-download.tmp
File created	C:\Program Files (x86)\iMyFone\iMyfone LockWiper (Android)\MFDriver\i386\is-B6JKJ.tmp	imyfone-download.tmp
File created	C:\Program Files (x86)\iMyFone\iMyfone LockWiper (Android)\skin\0\is-8687H.tmp	imyfone-download.tmp
File created	C:\Program Files (x86)\iMyFone\iMyfone LockWiper (Android)\skin\PictureNormal\RemoveSreecnLock\WIKO\Page2\is-GQ8T8.tmp	imyfone-download.tmp
File created	C:\Program Files (x86)\iMyFone\iMyfone LockWiper (Android)\skin\radio\is-KJ3PH.tmp	imyfone-download.tmp
File opened for modification	C:\Program Files (x86)\iMyFone\iMyfone LockWiper (Android)\msvcp140.dll	imyfone-download.tmp
File created	C:\Program Files (x86)\iMyFone\iMyfone LockWiper (Android)\is-3JFNT.tmp	imyfone-download.tmp
File created	C:\Program Files (x86)\iMyFone\iMyfone LockWiper (Android)\FeedbackRes\QM\is-PD9US.tmp	imyfone-download.tmp
File created	C:\Program Files (x86)\iMyFone\iMyfone LockWiper (Android)\skin\Application\is-I15EV.tmp	imyfone-download.tmp
File created	C:\Program Files (x86)\iMyFone\iMyfone LockWiper (Android)\skin\PictureNormal\MFCore\is-LRLIB.tmp	imyfone-download.tmp
File created	C:\Program Files (x86)\iMyFone\iMyfone LockWiper (Android)\skin\PictureNormal\Purchase\is-CO34P.tmp	imyfone-download.tmp
File opened for modification	C:\Program Files (x86)\iMyFone\iMyfone LockWiper (Android)\adk\cert\comctl32.dll	imyfone-download.tmp
File opened for modification	C:\Program Files (x86)\iMyFone\iMyfone LockWiper (Android)\edl.exe	imyfone-download.tmp
File created	C:\Program Files (x86)\iMyFone\iMyfone LockWiper (Android)\skin\button\is-066GB.tmp	imyfone-download.tmp
File created	C:\Program Files (x86)\iMyFone\iMyfone LockWiper (Android)\skin\gif\is-C9TI8.tmp	imyfone-download.tmp
File created	C:\Program Files (x86)\iMyFone\iMyfone LockWiper (Android)\skin\button\is-C75PP.tmp	imyfone-download.tmp
File created	C:\Program Files (x86)\iMyFone\iMyfone LockWiper (Android)\skin\PictureNormal\EquityShowView\is-7QCA8.tmp	imyfone-download.tmp
File created	C:\Program Files (x86)\iMyFone\iMyfone LockWiper (Android)\skin\PictureNormal\Member\is-UR054.tmp	imyfone-download.tmp
File created	C:\Program Files (x86)\imyfone_down\imyfone-lockwiper-android_setup-com_es\language\English\pr_1.png	imyfone-lockwiper-android_setup-com_es.exe
File opened for modification	C:\Program Files (x86)\iMyFone\iMyfone LockWiper (Android)\9008\x86\libusb0_x86.dll	imyfone-download.tmp
File created	C:\Program Files (x86)\iMyFone\iMyfone LockWiper (Android)\FeedbackRes\skin\gif\submitting\is-PMMDU.tmp	imyfone-download.tmp
File created	C:\Program Files (x86)\iMyFone\iMyfone LockWiper (Android)\language\qm\Register\is-HJ34T.tmp	imyfone-download.tmp
File created	C:\Program Files (x86)\iMyFone\iMyfone LockWiper (Android)\skin\PictureNormal\gif\Gift2\is-HNSF7.tmp	imyfone-download.tmp
File created	C:\Program Files (x86)\iMyFone\iMyfone LockWiper (Android)\skin\Application\is-6DMRC.tmp	imyfone-download.tmp
File created	C:\Program Files (x86)\iMyFone\iMyfone LockWiper (Android)\skin\button\is-D3CR7.tmp	imyfone-download.tmp
File created	C:\Program Files (x86)\iMyFone\iMyfone LockWiper (Android)\skin\PictureNormal\CUnlockFrpSuccessWidget\is-BOE6T.tmp	imyfone-download.tmp

Executes dropped EXE 2 IoCs

pid	Process
3700	imyfone-download.exe
2604	imyfone-download.tmp

Loads dropped DLL 1 IoCs

pid	Process
2604	imyfone-download.tmp

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 9 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	imyfone-download.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	imyfone-download.tmp
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	imyfone-lockwiper-android_setup-com_es.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Kills process with taskkill 3 IoCs

evasion

pid	Process
656	taskkill.exe
3724	taskkill.exe
788	taskkill.exe

Suspicious behavior: EnumeratesProcesses 18 IoCs

pid	Process
2336	imyfone-lockwiper-android_setup-com_es.exe
2336	imyfone-lockwiper-android_setup-com_es.exe
2336	imyfone-lockwiper-android_setup-com_es.exe
2336	imyfone-lockwiper-android_setup-com_es.exe
2604	imyfone-download.tmp
2604	imyfone-download.tmp
2604	imyfone-download.tmp
2604	imyfone-download.tmp
2336	imyfone-lockwiper-android_setup-com_es.exe
2336	imyfone-lockwiper-android_setup-com_es.exe
4388	msedge.exe
4388	msedge.exe
2852	msedge.exe
2852	msedge.exe
1740	identity_helper.exe
1740	identity_helper.exe
1764	msedge.exe
1764	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeDebugPrivilege	656	taskkill.exe
Token: SeDebugPrivilege	3724	taskkill.exe
Token: SeDebugPrivilege	788	taskkill.exe

Suspicious use of FindShellTrayWindow 27 IoCs

pid	Process
2336	imyfone-lockwiper-android_setup-com_es.exe
2604	imyfone-download.tmp
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2336 wrote to memory of 3700	2336	imyfone-lockwiper-android_setup-com_es.exe	82
PID 2336 wrote to memory of 3700	2336	imyfone-lockwiper-android_setup-com_es.exe	82
PID 2336 wrote to memory of 3700	2336	imyfone-lockwiper-android_setup-com_es.exe	82
PID 3700 wrote to memory of 2604	3700	imyfone-download.exe	83
PID 3700 wrote to memory of 2604	3700	imyfone-download.exe	83
PID 3700 wrote to memory of 2604	3700	imyfone-download.exe	83
PID 2604 wrote to memory of 3200	2604	imyfone-download.tmp	85
PID 2604 wrote to memory of 3200	2604	imyfone-download.tmp	85
PID 2604 wrote to memory of 3200	2604	imyfone-download.tmp	85
PID 3200 wrote to memory of 656	3200	cmd.exe	87
PID 3200 wrote to memory of 656	3200	cmd.exe	87
PID 3200 wrote to memory of 656	3200	cmd.exe	87
PID 2604 wrote to memory of 2552	2604	imyfone-download.tmp	88
PID 2604 wrote to memory of 2552	2604	imyfone-download.tmp	88
PID 2604 wrote to memory of 2552	2604	imyfone-download.tmp	88
PID 2552 wrote to memory of 3724	2552	cmd.exe	90
PID 2552 wrote to memory of 3724	2552	cmd.exe	90
PID 2552 wrote to memory of 3724	2552	cmd.exe	90
PID 2604 wrote to memory of 3620	2604	imyfone-download.tmp	91
PID 2604 wrote to memory of 3620	2604	imyfone-download.tmp	91
PID 2604 wrote to memory of 3620	2604	imyfone-download.tmp	91
PID 3620 wrote to memory of 788	3620	cmd.exe	93
PID 3620 wrote to memory of 788	3620	cmd.exe	93
PID 3620 wrote to memory of 788	3620	cmd.exe	93
PID 2336 wrote to memory of 2852	2336	imyfone-lockwiper-android_setup-com_es.exe	95
PID 2336 wrote to memory of 2852	2336	imyfone-lockwiper-android_setup-com_es.exe	95
PID 2852 wrote to memory of 3100	2852	msedge.exe	96
PID 2852 wrote to memory of 3100	2852	msedge.exe	96
PID 2852 wrote to memory of 2436	2852	msedge.exe	97
PID 2852 wrote to memory of 2436	2852	msedge.exe	97
PID 2852 wrote to memory of 2436	2852	msedge.exe	97
PID 2852 wrote to memory of 2436	2852	msedge.exe	97
PID 2852 wrote to memory of 2436	2852	msedge.exe	97
PID 2852 wrote to memory of 2436	2852	msedge.exe	97
PID 2852 wrote to memory of 2436	2852	msedge.exe	97
PID 2852 wrote to memory of 2436	2852	msedge.exe	97
PID 2852 wrote to memory of 2436	2852	msedge.exe	97
PID 2852 wrote to memory of 2436	2852	msedge.exe	97
PID 2852 wrote to memory of 2436	2852	msedge.exe	97
PID 2852 wrote to memory of 2436	2852	msedge.exe	97
PID 2852 wrote to memory of 2436	2852	msedge.exe	97
PID 2852 wrote to memory of 2436	2852	msedge.exe	97
PID 2852 wrote to memory of 2436	2852	msedge.exe	97
PID 2852 wrote to memory of 2436	2852	msedge.exe	97
PID 2852 wrote to memory of 2436	2852	msedge.exe	97
PID 2852 wrote to memory of 2436	2852	msedge.exe	97
PID 2852 wrote to memory of 2436	2852	msedge.exe	97
PID 2852 wrote to memory of 2436	2852	msedge.exe	97
PID 2852 wrote to memory of 2436	2852	msedge.exe	97
PID 2852 wrote to memory of 2436	2852	msedge.exe	97
PID 2852 wrote to memory of 2436	2852	msedge.exe	97
PID 2852 wrote to memory of 2436	2852	msedge.exe	97
PID 2852 wrote to memory of 2436	2852	msedge.exe	97
PID 2852 wrote to memory of 2436	2852	msedge.exe	97
PID 2852 wrote to memory of 2436	2852	msedge.exe	97
PID 2852 wrote to memory of 2436	2852	msedge.exe	97
PID 2852 wrote to memory of 2436	2852	msedge.exe	97
PID 2852 wrote to memory of 2436	2852	msedge.exe	97
PID 2852 wrote to memory of 2436	2852	msedge.exe	97
PID 2852 wrote to memory of 2436	2852	msedge.exe	97
PID 2852 wrote to memory of 2436	2852	msedge.exe	97
PID 2852 wrote to memory of 2436	2852	msedge.exe	97
PID 2852 wrote to memory of 2436	2852	msedge.exe	97
PID 2852 wrote to memory of 2436	2852	msedge.exe	97

C:\Users\Admin\AppData\Local\Temp\imyfone-lockwiper-android_setup-com_es.exe
"C:\Users\Admin\AppData\Local\Temp\imyfone-lockwiper-android_setup-com_es.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:2336
- C:\Program Files (x86)\imyfone_down\imyfone-lockwiper-android_setup-com_es\imyfone-download.exe
  /verysilent /imyfone_down /wait_run /path="C:\Program Files (x86)\" /progress="C:\Program Files (x86)\imyfone_down\imyfone-lockwiper-android_setup-com_es\temp.progress"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:3700
- - C:\Users\Admin\AppData\Local\Temp\is-TB2RJ.tmp\imyfone-download.tmp
    "C:\Users\Admin\AppData\Local\Temp\is-TB2RJ.tmp\imyfone-download.tmp" /SL5="$A0042,211903884,214016,C:\Program Files (x86)\imyfone_down\imyfone-lockwiper-android_setup-com_es\imyfone-download.exe" /verysilent /imyfone_down /wait_run /path="C:\Program Files (x86)\" /progress="C:\Program Files (x86)\imyfone_down\imyfone-lockwiper-android_setup-com_es\temp.progress"
    3⤵
    - Drops file in System32 directory
    - Drops file in Program Files directory
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of WriteProcessMemory
    PID:2604
  - - C:\Windows\SysWOW64\cmd.exe
      "cmd.exe" /c taskkill /f /t /im adb.exe
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious use of WriteProcessMemory
      PID:3200
    - - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /f /t /im adb.exe
        5⤵
        System Location Discovery: System Language Discovery
        Kills process with taskkill
        Suspicious use of AdjustPrivilegeToken
        
        PID:656
  - - C:\Windows\SysWOW64\cmd.exe
      "cmd.exe" /c taskkill /f /t /im appAutoUpdate.exe
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious use of WriteProcessMemory
      PID:2552
    - - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /f /t /im appAutoUpdate.exe
        5⤵
        System Location Discovery: System Language Discovery
        Kills process with taskkill
        Suspicious use of AdjustPrivilegeToken
        
        PID:3724
  - - C:\Windows\SysWOW64\cmd.exe
      "cmd.exe" /c taskkill /f /t /im Feedback.exe
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious use of WriteProcessMemory
      PID:3620
    - - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /f /t /im Feedback.exe
        5⤵
        System Location Discovery: System Language Discovery
        Kills process with taskkill
        Suspicious use of AdjustPrivilegeToken
        
        PID:788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://apipdm.imyfone.club/producturl?key=installed&lang=english&pid=36&custom=com_es
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:2852
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffa86583cb8,0x7ffa86583cc8,0x7ffa86583cd8
    3⤵
    PID:3100
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1416,3901169086993936716,10513808907438485112,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1952 /prefetch:2
    3⤵
    PID:2436
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1416,3901169086993936716,10513808907438485112,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2236 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4388
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1416,3901169086993936716,10513808907438485112,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2756 /prefetch:8
    3⤵
    PID:4600
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1416,3901169086993936716,10513808907438485112,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
    3⤵
    PID:4624
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1416,3901169086993936716,10513808907438485112,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
    3⤵
    PID:4984
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1416,3901169086993936716,10513808907438485112,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3792 /prefetch:1
    3⤵
    PID:2876
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1416,3901169086993936716,10513808907438485112,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5144 /prefetch:1
    3⤵
    PID:3676
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1416,3901169086993936716,10513808907438485112,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5116 /prefetch:1
    3⤵
    PID:4876
- - C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1416,3901169086993936716,10513808907438485112,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4964 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1740
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1416,3901169086993936716,10513808907438485112,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5160 /prefetch:1
    3⤵
    PID:2796
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1416,3901169086993936716,10513808907438485112,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4708 /prefetch:1
    3⤵
    PID:3728
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1416,3901169086993936716,10513808907438485112,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3964 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1764

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:492

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:352

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\iMyFone\iMyfone LockWiper (Android)\9008\x86\is-6ES7M.tmp

Filesize
45KB

MD5
7adf671e367a345905efb078985e18ab

SHA1
ec18e4253e8d283b5605061777a867d0d9d622ac

SHA256
a706653edddb4837b798b1f6f44fcd4cc4e75827a08f0336cbc713e468a4a5a4

SHA512
e6b1c4b65264e2653bf5ddca350b5c523cff0ee57e2550170f718f817b08dcef074aa6a5dee7167abcf089ecd6a717fa1dc4a9fac8d20035c8b9f5a24991e8bc

Download Submit
C:\Program Files (x86)\iMyFone\iMyfone LockWiper (Android)\FeedbackRes\skin\checkbox\is-0059K.tmp

Filesize
1002B

MD5
5685d26630c6bfcd3d9cc50f119cd6cb

SHA1
1bf92368209ebc7bd053568f383a6f2d8a24c3dc

SHA256
fd71375897871b53f4f31b8818e3a4dd1ad7fde4d3ec7aa4e71230907d115dfe

SHA512
1cd9677942e98a5418405382b8923d5a2e2064ec079a6f1477094609c5497f7de36f0a55be7926546ec4b89c99bb420be0f8ec54d08ed81b5761d5f5f65a4ed0

Download Submit
C:\Program Files (x86)\iMyFone\iMyfone LockWiper (Android)\FeedbackRes\skin\checkbox\is-BPS09.tmp

Filesize
1KB

MD5
0477fc5c12416aec453923c43ec88f8a

SHA1
715c2ab6451fd3645d6ef37d64e9b719e73edc93

SHA256
d89fde6f6ab2654952f13443c17de79994e9b09bed46d4cc0ad72fb671fcd226

SHA512
af0f18d951e3a4fd1730478860df64bf985f35f2fecdff9e2f8770f671cebc4b3d5416afd97eacd908e3fdb9e9d445c736be07969c66bb33fe22b9f41a2830a8

Download Submit
C:\Program Files (x86)\iMyFone\iMyfone LockWiper (Android)\LockWiperForAndroid.exe

Filesize
3.5MB

MD5
cd12f6712a4003fa187b82747e554e1c

SHA1
c0966ddd48fcc9367900808835b680a023f9c738

SHA256
656a875c223c7f638b9509308dca1c2509820cdc299d3d52f6d129662ef6b9c7

SHA512
23b18e2733d6734eea7042359b702196ec3888458c1539da68d4a6d6d5321055027ae6a6e427b6f1ff356c350e8e22dfc6ea1b00f9f0d934de0ca77b3b178207

Download Submit
C:\Program Files (x86)\iMyFone\iMyfone LockWiper (Android)\MFDriver\amd64\is-S0QGG.tmp

Filesize
979KB

MD5
246900ce6474718730ecd4f873234cf5

SHA1
0c84b56c82e4624824154d27926ded1c45f4b331

SHA256
981a17effddbc20377512ddaec9f22c2b7067e17a3e2a8ccf82bb7bb7b2420b6

SHA512
6a9e305bfbfb57d8f8fd16edabef9291a8a97e4b9c2ae90622f6c056e518a0a731fbb3e33a2591d87c8e4293d0f983ec515e6a241792962257b82401a8811d5c

Download Submit
C:\Program Files (x86)\iMyFone\iMyfone LockWiper (Android)\MFDriver\i386\is-NRFVF.tmp

Filesize
831KB

MD5
8e7b9f81e8823fee2d82f7de3a44300b

SHA1
1633b3715014c90d1c552cd757ef5de33c161dee

SHA256
ebe3b7708dd974ee87efed3113028d266af87ca8dbae77c47c6f7612824d3d6c

SHA512
9ae37b2747589a0eb312473d895ef87404f4a395a27e15855826a75b4711ea934ca9a2b289df0abe0a8825dec2d5654a0b1603cf0b039fe25662359b730ce1a9

Download Submit
C:\Program Files (x86)\iMyFone\iMyfone LockWiper (Android)\adk\drivers\x86\is-FG2M9.tmp

Filesize
166KB

MD5
3935ec3158d0e488da1929b77edd1633

SHA1
bd6d94704b29b6cef3927796bfe22a2d09ee4fe7

SHA256
87cbd1f3bf5ab72089a879df110263784602a574c0ae83f428df57ae2f8115db

SHA512
5173891b1dfad2298910236a786c7b9bbcfce641491a25f933022088c81465fb93fd2385d270e9a0632f674355538da464d1edacf511140d6f31d91d1afe64fc

Download Submit
C:\Program Files (x86)\iMyFone\iMyfone LockWiper (Android)\code.txt

Filesize
17KB

MD5
e6dbed317bb14c9192cf283761a61366

SHA1
656e2530c4acbe1c5e170aaa387a767ffd10e933

SHA256
f9d340d02832ffcdeb372519f8acc0ddf25c77d22770f1d3b562483f699903e7

SHA512
9402dc71c33fa0018ec292accdcb1e65a3f55950fd0e1bbae737a5c0f720f8d7e0781caa772d66dbb121badf5b81c46d76b0c546715913d2698a9fe6fa50f474

Download Submit
C:\Program Files (x86)\iMyFone\iMyfone LockWiper (Android)\language\main\is-PVB91.tmp

Filesize
6KB

MD5
c54165a5be80a02ccbe804b7f371b745

SHA1
3c90025f06e7dbccf1ec5898973bbcd11083fb38

SHA256
e48d00382640bd79a47d3b12c3fec25cd798b511abe4c137c0a291c6c149900d

SHA512
21d59f2fbe77e9dc1ed0591312dd31a1eacfc54a71d784e4f9f1c98f354367c421fd2d676c5c63a25acecd8d4244fcc3dc56c8b862a2519bed45f01e4ef46fc1

Download Submit
C:\Program Files (x86)\iMyFone\iMyfone LockWiper (Android)\skin\Application\is-BHK7R.tmp

Filesize
12KB

MD5
31ff5be8b666d0d82b0baa2febf0fab5

SHA1
fcfec80ebea0879dcba65af67065c501745ffdc2

SHA256
22f65e8e6d073b77d707a78ce8aa9e9e515a991e676a1db1119a5e55daf0e325

SHA512
d7ab30096a29a89d54802471d5abd9d9a4483e90c260f1e19e9523135f1cc80aec7b7c48b8cff6d001e5e9c65c2996837b1cf5babcbed6fb960d813482568fde

Download Submit
C:\Program Files (x86)\iMyFone\iMyfone LockWiper (Android)\skin\Application\is-NNH2I.tmp

Filesize
1KB

MD5
3bb382dae5481ea4f4b8dd85b6ef90e4

SHA1
308762f19e465a2d88ff297b015d8136e2d14ba1

SHA256
371f095cf8cfdf56629b4d91eb6151a73341b42714a4e338087387d30789e3f5

SHA512
a4897c55782e329af5177380f0600c2ddb8e77556a2226e03334f0e209a6965374c889a5b412814a7b5f75554840a818cb5caa769174332a9498b1a2c50bd8d3

Download Submit
C:\Program Files (x86)\iMyFone\iMyfone LockWiper (Android)\skin\PictureNormal\RemoveSreecnLock\GOOGLE\Page3\is-6H1GK.tmp

Filesize
24KB

MD5
cd3434e370fe655d55d78e3d01559bfb

SHA1
44cb5bef8d61373cb59816ad433d5b33747e6edc

SHA256
d246f38887873ec7bb5dbfeb0e359edc7992da480c6f04dd784fa0d32937fb28

SHA512
a7626ea59a70df3fb32c2c90c248679e7531c3306c8ef1296e9b81699b6687c5ae6f137f8b498c50692790e1a1414f5a66ac0fd5bc4110880df527856481a45f

Download Submit
C:\Program Files (x86)\iMyFone\iMyfone LockWiper (Android)\skin\PictureNormal\RemoveSreecnLock\GOOGLE\Page3\is-ULJ8A.tmp

Filesize
23KB

MD5
5c88dda9e31ec3d8bf9af0658bf95ba7

SHA1
f03bd0811239d20189cd35507944f9e3afa0403e

SHA256
35ab8c0017ce61106e66809a0201361024c0be9514bd0379cbcc7570eb243aad

SHA512
0fe9739031cb4d4014323b21bcf4b92f4d80011e37de8234cac6449353504bb91abda55c1e4c64692f3332a74a695643272fba1252c226e7471c6d4fc1920e21

Download Submit
C:\Program Files (x86)\iMyFone\iMyfone LockWiper (Android)\skin\PictureNormal\RemoveSreecnLock\HUAWEI\Page1\is-GO6A1.tmp

Filesize
17KB

MD5
94ed32273c88108e984dc103a87e2231

SHA1
7113c6b305f32decfacf53bfba8ce854cf4c4d3b

SHA256
5d2227d47fedf38abcd9191f1c380a817ae8eaf80c1c63ebecbf34a9dddeab12

SHA512
410315b251a7a1b63e4094185e147789aa229e5412e5b263905ddee8bd854c0164d2801bf52262ca386c314d51221f9c91ce0166b4d5e3197ca60884727093dd

Download Submit
C:\Program Files (x86)\iMyFone\iMyfone LockWiper (Android)\skin\PictureNormal\RemoveSreecnLock\INFIINIX\Page1\is-TQEBO.tmp

Filesize
8KB

MD5
3d3de7d1bb59cb1cf36cbf510ba9b5d8

SHA1
63e4a41c1e0d555d5369cc7fd8a3374ce7bfc6a1

SHA256
42b75244805c62c141033ee7c74ab572f3b3eac0f4b1a160f71aca775cc1f9a3

SHA512
b301e998e7cb2992322e35fac834f4b393463d9e35d242f3fcabd39a048d42e71cfa468ad13347acedb996c2524ae05164f8c6bf630ccc59b84b87df69e7c6a5

Download Submit
C:\Program Files (x86)\iMyFone\iMyfone LockWiper (Android)\skin\PictureNormal\RemoveSreecnLock\INFIINIX\Page2\is-1TASS.tmp

Filesize
18KB

MD5
a618c67ccbb2b56be2baec639ef5c7d7

SHA1
16de3f742ecdf59180c21ce2ed6ab80ebc1107d4

SHA256
7c447590270682a9176360e2a35a92c26d1ace4447847989e3af3b7bc4410e40

SHA512
2dcdc028645e768c351a69708da8c18c2dfcc6e2755c624bc009f2fc7c7a6b10720d5e2eb94ec43f929c423af613f3c6ccfa82b9417eac62c8efe01ddd125f70

Download Submit
C:\Program Files (x86)\iMyFone\iMyfone LockWiper (Android)\skin\PictureNormal\RemoveSreecnLock\INFIINIX\Page2\is-5RFA0.tmp

Filesize
23KB

MD5
4e23976bc7cc785d678d106d33672320

SHA1
e5fc9964c89a60006830fbbec09cf36b630e799b

SHA256
0826ae26ff430b3cb46f5db123c10c1e020d14c15b3151c68320f1a9e362a988

SHA512
281192096f5a376dcf7a77ffba7fd93982f7767f9d98c1d0d16c22e358e58280e1e898db04567a3ca49c0aeb3f35e6cad2f2307aebf215d59d91fead77364786

Download Submit
C:\Program Files (x86)\iMyFone\iMyfone LockWiper (Android)\skin\PictureNormal\RemoveSreecnLock\MEIZU\Page1\is-NM5L9.tmp

Filesize
11KB

MD5
36595dde336e3099b45f0f45e757d66c

SHA1
e08f888aadfae7fc76226d6e3b0ef164bd38a12e

SHA256
a89b4190ac22ce1a25def80beb94c506bab4d2ba403c0fd99f8683e87be58d81

SHA512
743999f3fe672a3907218a41848ae35a9fd70c9ed68c9e405cfd454870b5fa64e0b8aab8077e755678ee79e87dc18aea625ade1e7496534eda79926ba4881dfc

Download Submit
C:\Program Files (x86)\iMyFone\iMyfone LockWiper (Android)\skin\PictureNormal\RemoveSreecnLock\MEIZU\Page1\is-R9CGQ.tmp

Filesize
8KB

MD5
d81ee08391a0c5aaa68cdf260d919440

SHA1
b499d90b2669f12d81eef4a4f3eecdbcfa94b7a4

SHA256
9850a3e6cff8d95800ca5a16394862a3416a951fb64a05bcdcc9a5609fbe6847

SHA512
2bfe3edcc8a60eb69ed73562bae62eee8f54defe429407c0e9f89702bf5a26ba5c866c6da4ad82e7ac795bd3b6843451fe91156fb02fe3976b621039d23fc947

Download Submit
C:\Program Files (x86)\iMyFone\iMyfone LockWiper (Android)\skin\PictureNormal\RemoveSreecnLock\MORE\WithOutBixby\Page1\is-EK1OK.tmp

Filesize
24KB

MD5
0d9529813a83c25ac28b64e0e0efcaec

SHA1
0b62ca4d39437a5ec0d1689c2f983b5bcf2d6dc6

SHA256
cf0d585c0157d746bbebb0b67013f9425588a5a1ebe655d6a1a696610930b8eb

SHA512
c77790ca1fa54d0db8c00eecdf9a0efc5ada8e6bcd428f38b9d4ffbdc68f157e10975671847331963e9ba261c3a62ebcf1788445638c254d014b6561069f030b

Download Submit
C:\Program Files (x86)\iMyFone\iMyfone LockWiper (Android)\skin\PictureNormal\RemoveSreecnLock\SAMSUNG\HomeButton\Page3\is-H819D.tmp

Filesize
19KB

MD5
f37585c4fa14dea2b735bae1233a3e99

SHA1
93f1bce4edf0ba42dcd92f5d935b036346ef12b1

SHA256
69ccd5eba0c59aef2e1815b587872f80fc8014484d1ff70bd9ecf848228c32fa

SHA512
ee894367be6e980111576431562f45ccebff1669c8403914ad398eee0a09a70cc942ca2f7bdd707042c4571c1f2c33007060b962c50b620d7057a85559ef0f71

Download Submit
C:\Program Files (x86)\iMyFone\iMyfone LockWiper (Android)\skin\PictureNormal\RemoveSreecnLock\SAMSUNG\HomeButton\Page3\is-JHJOL.tmp

Filesize
24KB

MD5
c837d307f1c84c2c60f1b3ebc3d19002

SHA1
4a37b641d58f31cfbf1ccedba78db9d64c220451

SHA256
adffb31bee7ea242745cccb5bcce1b402be9e95ccb7ccc97667ad4f74270829c

SHA512
b7b7598ceea56521a7ea188a31cdf6e43947712178be8aa1c0804792806c9e271e4a01356d91d16c24864d9a93e53e13055e1fc2f8927c8136fd8c8c9248e678

Download Submit
C:\Program Files (x86)\iMyFone\iMyfone LockWiper (Android)\skin\PictureNormal\RemoveSreecnLock\SAMSUNG\HomeButton\Page3\is-LEAUH.tmp

Filesize
24KB

MD5
15dcd8dccf8ce0cac5bd5c5e8321a190

SHA1
2d6d01e4765cc3170c71211fb45a6a1d1860b276

SHA256
a67147b6f190b64b790671c75afbfa32987bf6c27e25fd27899dc16cc3acf305

SHA512
4c5a980b26b2daacd21b1e804c8a874d53d3f0057b238b9d596fe533caf161d701b1a78f6ac7633fed5afffab9ea458718f85fd5e6fab19a635bf9be42e38aa9

Download Submit
C:\Program Files (x86)\iMyFone\iMyfone LockWiper (Android)\skin\PictureNormal\RemoveSreecnLock\SONY\Page1\is-68G5D.tmp

Filesize
10KB

MD5
ba0021e18bd6bc6a56a1f3e1527fe44f

SHA1
af40cbf67c0dc11aea81ae3991b19f4fa6b8bb26

SHA256
7a044f96aff2d6d1120fbd3b2a370d51b21e541a446ec8124d35c707a190476a

SHA512
c24c76d6847e3bb46432494547e0857d6bad31921f2928282a27a821f2d7d4c77d162b6bf5ac9b50d07add59f3d6c2d0d25eb7c8d6cf980f4a7c21db601d5796

Download Submit
C:\Program Files (x86)\iMyFone\iMyfone LockWiper (Android)\skin\PictureNormal\RemoveSreecnLock\XIAOMI\Page1\is-OUD4C.tmp

Filesize
10KB

MD5
05ebb2515445233b33676c55e2515129

SHA1
e7cf12141785acead302f56446775f5f9de68daa

SHA256
442511999e0afbafb7d700106ba77fba14c4c071be22fd83685695a34855eccf

SHA512
66af9da877cff7b440fe8e16aa5f769fbd939a1e5c4735bf2598000a9adeda36464ac2042489a0d7798cff587bbcab0d3b7065908a9429a471b67e1b75dfa44a

Download Submit
C:\Program Files (x86)\iMyFone\iMyfone LockWiper (Android)\skin\PictureNormal\RemoveSreecnLock\ZTE\Page1\is-KBAPI.tmp

Filesize
10KB

MD5
017d83a49b94d01c7076397270a375a8

SHA1
5ee90c9319293a26fae18811508157cc6974ba7c

SHA256
d61aabe396d1a1af847e79239e78371bee86a8acd737b87bf438f0c509ec28ec

SHA512
13a1f5143f5ab429a3daeb28f7025deaf9aad7c5e09de150646e82e36f1988601ce88dd86373c30471f3a70c9e5075dc194c7d84ca8e2764d171087d87591a4a

Download Submit
C:\Program Files (x86)\imyfone_down\imyfone-lockwiper-android_setup-com_es\language\English\pr_1.png

Filesize
32KB

MD5
ec84b98b5366976f23d02e24468cbf8a

SHA1
412af591cb4d33fb6877360910cedbcfb22d74fc

SHA256
60cdaa366a05a8dd43d91f89d5e06b3e8991b4b42af0acee769fc2720a3c92c6

SHA512
265d60ea5f2d736c3417bee74bd8972f4e795aeb8083e6a67fbd2adc3e9c681a7c3c64d3cdda960bc8a784403313fc2fd7482c580d8226cbcbc3d08abc88c7b4

Download Submit
C:\Program Files (x86)\imyfone_down\imyfone-lockwiper-android_setup-com_es\language\English\pr_2.png

Filesize
33KB

MD5
5d5084b0ab189eb3be78a8cd4b145cec

SHA1
6fa7e8234b60182fd0ace7f66290306542e8bc9e

SHA256
04f85b78440f8b4b3ea44254bfeed298b367fd6c4ba8b5a0a2aec551427f4d00

SHA512
0a3e5b34174aecfd5377fbe98d267fde0c18eed1ffd77a811c1d10f09e6b352c76b5f3e50150a80d938c41b6862bb07001240be3e9aa44c87c406a05e5ce423a

Download Submit
C:\Program Files (x86)\imyfone_down\imyfone-lockwiper-android_setup-com_es\language\English\pr_3.png

Filesize
59KB

MD5
a56ab015e87698ac32143fde4acfab79

SHA1
8e7bcfff55c7309918ad234cb5b0d6925105a451

SHA256
daf13da1c4d4c31c0ab87a1b5da348dbf52e861d6c3b795234b1f9c5d2c4b4cc

SHA512
d3ed8d53a26f0e5ccc0cfadc6cf49e1a45b76c331bd43db93c2c3e658a29e1455a4013647d5910673fa99957f9d9a464900018f3a7039eb9c394821a148483b5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
5578283903c07cc737a43625e2cbb093

SHA1
f438ad2bef7125e928fcde43082a20457f5df159

SHA256
7268c7d8375d50096fd5f773a0685ac724c6c2aece7dc273c7eb96b28e2935b2

SHA512
3b29531c0bcc70bfc0b1af147fe64ce0a7c4d3cbadd2dbc58d8937a8291daae320206deb0eb2046c3ffad27e01af5aceca4708539389da102bff4680afaa1601

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
0487ced0fdfd8d7a8e717211fcd7d709

SHA1
598605311b8ef24b0a2ba2ccfedeecabe7fec901

SHA256
76693c580fd4aadce2419a1b80795bb4ff78d70c1fd4330e777e04159023f571

SHA512
16e1c6e9373b6d5155310f64bb71979601852f18ee3081385c17ffb943ab078ce27cd665fb8d6f3bcc6b98c8325b33403571449fad044e22aa50a3bf52366993

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
5953e94af07183b0abe753535dd567a1

SHA1
36090b65db573c4e2d41bd4c9df9deb24fce3d3b

SHA256
8e1edc150617e973f78bb68eefe72b5da76d956da53911613338df217dacd01b

SHA512
739bea56ddba5d49a62cd3b1af78f448ae619ba5cf6f13d57662e479e583499bd61dd63894c874f44b279a61c5ca64d309efb70345e752098d3ba0be0a3dbcbb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
e82adb6042a10f440a8922cbdd5dbc19

SHA1
88dbea081ebeac783711a28e101378df340bfe06

SHA256
390629038597c4455d117913996485521b2013cc8e64ffbf3e7e3d091a5d3e3a

SHA512
f9d296cd35bc52e4a6dccf77481415d664a19acef8e1c1f49e4ebc64b0bf44a702d28e735d5509ec00ff19f8efa3421c54e754e476140e8fdb585e1ecbcd88f8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
590e4012f26c70db07e0b200b42e21ee

SHA1
0daef2c2c404c435e67c3b74a13fc6098225b4ca

SHA256
fcdc361329765758a1c2c2f4b5df8c27e9bba17c85066f944ad01e7239d41f8b

SHA512
73b9068571acd36a9abbcea6326db955ed456d79d122026fcb395aa835f6bec90fc06eb448c65188834d0e5c63044e782a8609fbe0376ce7aa7ec2c5dd243fff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
e756718a2223ac4de798ce4f85c85089

SHA1
1ed11e7915d49949eab2122338910d1ce68d56d9

SHA256
6035ff1946c8158b1851406f83a097c355cd09d4154862bcd7a6f8f7d725f033

SHA512
c0022168d6722c71455ce1d13dfb76def48d945bb2a930e43bac9445c2e67eec5f3c5f6616b1aa174f92c51e976f6a21988c67673d48a84eae62364146231f48

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
789b04fb3a55b0e46adbb6c9870a87ee

SHA1
680f54b328d2fd687b47c7f87097e42c7552aa38

SHA256
33a38409de875aad89344868e0afc16bb218a3145ed1a1adb9808691d5398f6a

SHA512
78bbc76f8a941bc1530c7a13a80f3596891728de97254427fe33cd6cd7522a120e46063795fbeec26021194b48dc4d44744e392d8c64de8988231c1aea9aba3d

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-N05TD.tmp\ServiceManagerDll.dll

Filesize
121KB

MD5
e3347b84ba64c587c0d9d0c9774269e1

SHA1
52a7cbce91be484e8a6bd47db807187205e945fc

SHA256
14509c05b0701f8646ee1ab4c7714256ce50eb874348965cd6f90a7955c410e3

SHA512
69317ff80e983157740ebc5f01edab7f0331b467015e2fd10e027b0b01d1082437d2a1911efd33d7f9be356a73d948632bc1a409c522d88ff1b9b2b9dbdb7854

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-TB2RJ.tmp\imyfone-download.tmp

Filesize
1.2MB

MD5
bc9be66f43b6806de2e0fb438657a1ac

SHA1
e75f252b02fcd7aa519708cfc8dda6b60a9aa4dc

SHA256
5d126f24e0d90d5869fd2482ebe9608d129c4ac0e1dc2c5556f8c5f5aff4aa57

SHA512
7d8d885abfe084de183f30ae6708c0088eed2f2d02134ca1b1c077b9dee21905aa0aa1377ec4cb60287d84a23872882e9f52debc01a5970dd16d65f1987adf62

Download Submit
memory/2604-3745-0x0000000000400000-0x0000000000543000-memory.dmp

Filesize
1.3MB

Download
memory/2604-289-0x0000000000400000-0x0000000000543000-memory.dmp

Filesize
1.3MB

Download
memory/2604-868-0x0000000000400000-0x0000000000543000-memory.dmp

Filesize
1.3MB

Download
memory/2604-884-0x0000000000400000-0x0000000000543000-memory.dmp

Filesize
1.3MB

Download
memory/2604-105-0x0000000000400000-0x0000000000543000-memory.dmp

Filesize
1.3MB

Download
memory/2604-2993-0x0000000000400000-0x0000000000543000-memory.dmp

Filesize
1.3MB

Download
memory/3700-3746-0x0000000000400000-0x000000000043F000-memory.dmp

Filesize
252KB

Download
memory/3700-287-0x0000000000400000-0x000000000043F000-memory.dmp

Filesize
252KB

Download
memory/3700-101-0x0000000000401000-0x0000000000412000-memory.dmp

Filesize
68KB

Download
memory/3700-98-0x0000000000400000-0x000000000043F000-memory.dmp

Filesize
252KB

Download