903d7950652816449d56d87ca11b0557dc6729d8f42f0beafa5a51c301fbaa24

Analysis

max time kernel
165s
max time network
231s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
21-11-2024 21:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

iphone-unlock.exe
Size

2.1MB
MD5

f2826b45fd5f301fa2ad9a088d15ed1e
SHA1

e68926617934aa6a6c3d20b96902aa999d1a379d
SHA256

903d7950652816449d56d87ca11b0557dc6729d8f42f0beafa5a51c301fbaa24
SHA512

bb9d6d8ae448f9d892c9d54d55b373815bde34c8a5cf8ef19c5afc2a65b1b7b67c16e3623376ea8144400ec6441d1c00dd26ef518ca4d1d4af608baeeb923f3a
SSDEEP

49152:j2d0/9MRenf3D9l1NTZ2oQ+bbl5fykix7tRDDUFE05MBGrkapFLcDF:j2don79BQF+bJ5fykKXDUFE0SBGLpFAR

Score

10^/10

discovery evasion upx vmprotect

Malware Config

Signatures

Modifies firewall policy service 3 TTPs 1 IoCs

evasion

Modify Registry

T1112

Windows Service

T1543.003

Disable or Modify System Firewall

T1562.004

Processes:

mDNSResponder.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules	mDNSResponder.exe

Modifies file permissions 1 TTPs 3 IoCs
discovery

File and Directory Permissions Modification
T1222

Processes:

takeown.exetakeown.exetakeown.exe

pid process

3008 takeown.exe
5128 takeown.exe
5148 takeown.exe

pid	process
3008	takeown.exe
5128	takeown.exe
5148	takeown.exe

VMProtect packed file 4 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

Processes:

resource	yara_rule
C:\Program Files (x86)\UltFone\UltFone iPhone Unlock\Register.dll	vmprotect
behavioral1/memory/1028-1512-0x00007FFF69DF0000-0x00007FFF6A73D000-memory.dmp	vmprotect
behavioral1/memory/1028-1625-0x00007FFF621A0000-0x00007FFF62DCB000-memory.dmp	vmprotect
behavioral1/memory/1028-1641-0x00007FFF62DD0000-0x00007FFF63B5D000-memory.dmp	vmprotect

Looks up external IP address via web service 1 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.

Processes:

flow ioc

19 ip-api.com

flow	ioc
19	ip-api.com

Checks computer location settings 2 TTPs 3 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

UltFone iPhone Unlock.exe4ukey_ultfone_64_3.8.6.tmpStart.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\Control Panel\International\Geo\Nation	UltFone iPhone Unlock.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\Control Panel\International\Geo\Nation	4ukey_ultfone_64_3.8.6.tmp
Key value queried	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\Control Panel\International\Geo\Nation	Start.exe

Drops file in System32 directory 64 IoCs

Processes:

DrvInst.exeDrvInst.exeDrvInst.exeUltFone iPhone Unlock.exeDrvInst.exe

description	ioc	process
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\applekis.inf_amd64_0d321f6593083a69\AppleKIS.cat	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{0f0792a9-2788-b546-8194-70cf30ffe081}\SETB5B.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\applersm.inf_amd64_22734d1c46db7f66\AppleRSM.sys	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{be383982-005d-9944-9036-7d933223b0fe}\wdfcoinstaller01009.dll	DrvInst.exe
File opened for modification	C:\Windows\System32\CatRoot2\dberr.txt	DrvInst.exe
File created	C:\Windows\System32\DriverStore\Temp\{1ebae3db-70ae-fa4b-bbd5-90440c714ad8}\SETFD24.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{be383982-005d-9944-9036-7d933223b0fe}\netaapl64.inf	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{1ebae3db-70ae-fa4b-bbd5-90440c714ad8}\SETFD04.tmp	DrvInst.exe
File created	C:\Windows\System32\DriverStore\FileRepository\usbaapl64.inf_amd64_c0e4d8c2aef471b7\appleusb.PNF	UltFone iPhone Unlock.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{f7d9363c-97b5-b444-b09e-a977ebeff3ee}\AppleLowerFilter.sys	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{f7d9363c-97b5-b444-b09e-a977ebeff3ee}\SETE17F.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\netaapl64.inf_amd64_56f23639c9617984\netaapl64.inf	DrvInst.exe
File created	C:\Windows\System32\DriverStore\Temp\{0f0792a9-2788-b546-8194-70cf30ffe081}\SETB6D.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{0f0792a9-2788-b546-8194-70cf30ffe081}\SETBBC.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{be383982-005d-9944-9036-7d933223b0fe}	DrvInst.exe
File created	C:\Windows\System32\DriverStore\Temp\{1ebae3db-70ae-fa4b-bbd5-90440c714ad8}\SETFD04.tmp	DrvInst.exe
File created	C:\Windows\System32\DriverStore\Temp\{0f0792a9-2788-b546-8194-70cf30ffe081}\SETBBC.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\applersm.inf_amd64_22734d1c46db7f66\AppleRSMInterface.dll	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\applersm.inf_amd64_22734d1c46db7f66\AppleRSM.cat	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{be383982-005d-9944-9036-7d933223b0fe}\SETE8C1.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{be383982-005d-9944-9036-7d933223b0fe}\SETE8C2.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{be383982-005d-9944-9036-7d933223b0fe}\netaapl64.sys	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\applersm.inf_amd64_22734d1c46db7f66\AppleRSM.inf	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{f7d9363c-97b5-b444-b09e-a977ebeff3ee}\AppleUsbFilter.dll	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{1ebae3db-70ae-fa4b-bbd5-90440c714ad8}\SETFD25.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\applekis.inf_amd64_0d321f6593083a69\AppleKIS.sys	DrvInst.exe
File created	C:\Windows\System32\DriverStore\FileRepository\usbaapl64.inf_amd64_c0e4d8c2aef471b7\AppleLowerFilter.sys	UltFone iPhone Unlock.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{f7d9363c-97b5-b444-b09e-a977ebeff3ee}\SETE17D.tmp	DrvInst.exe
File created	C:\Windows\System32\DriverStore\Temp\{f7d9363c-97b5-b444-b09e-a977ebeff3ee}\SETE18F.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\appleusb.inf_amd64_58854158183af679\AppleLowerFilter.sys	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{1ebae3db-70ae-fa4b-bbd5-90440c714ad8}\SETFD26.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{1ebae3db-70ae-fa4b-bbd5-90440c714ad8}\AppleKIS.sys	DrvInst.exe
File created	C:\Windows\System32\DriverStore\Temp\{0f0792a9-2788-b546-8194-70cf30ffe081}\SETB5B.tmp	DrvInst.exe
File created	C:\Windows\System32\DriverStore\Temp\{f7d9363c-97b5-b444-b09e-a977ebeff3ee}\SETE17E.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{f7d9363c-97b5-b444-b09e-a977ebeff3ee}\AppleUSB.cat	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{f7d9363c-97b5-b444-b09e-a977ebeff3ee}\AppleKmdfFilter.sys	DrvInst.exe
File opened for modification	C:\Windows\System32\CatRoot2\dberr.txt	DrvInst.exe
File created	C:\Windows\System32\DriverStore\Temp\{be383982-005d-9944-9036-7d933223b0fe}\SETE8C1.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{1ebae3db-70ae-fa4b-bbd5-90440c714ad8}\SETFD24.tmp	DrvInst.exe
File created	C:\Windows\System32\DriverStore\drvstore.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{1ebae3db-70ae-fa4b-bbd5-90440c714ad8}	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{0f0792a9-2788-b546-8194-70cf30ffe081}\SETB6C.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\appleusb.inf_amd64_58854158183af679\AppleUSB.cat	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\appleusb.inf_amd64_58854158183af679\AppleUsb.inf	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\netaapl64.inf_amd64_56f23639c9617984\wdfcoinstaller01009.dll	DrvInst.exe
File created	C:\Windows\System32\DriverStore\Temp\{1ebae3db-70ae-fa4b-bbd5-90440c714ad8}\SETFD26.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{0f0792a9-2788-b546-8194-70cf30ffe081}\AppleRSMInterface.dll	DrvInst.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netaapl64.inf_amd64_56f23639c9617984\netaapl64.cat	UltFone iPhone Unlock.exe
File created	C:\Windows\System32\DriverStore\Temp\{f7d9363c-97b5-b444-b09e-a977ebeff3ee}\SETE190.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\appleusb.inf_amd64_58854158183af679\AppleUsbFilter.dll	DrvInst.exe
File created	C:\Windows\System32\DriverStore\Temp\{0f0792a9-2788-b546-8194-70cf30ffe081}\SETB6C.tmp	DrvInst.exe
File created	C:\Windows\System32\DriverStore\drvstore.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\appleusb.inf_amd64_58854158183af679\AppleKmdfFilter.sys	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{be383982-005d-9944-9036-7d933223b0fe}\SETE8B0.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{be383982-005d-9944-9036-7d933223b0fe}\netaapl64.cat	DrvInst.exe
File created	C:\Windows\System32\DriverStore\Temp\{be383982-005d-9944-9036-7d933223b0fe}\SETE8C2.tmp	DrvInst.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netaapl64.inf_amd64_56f23639c9617984\WdfCoInstaller01009.dll	UltFone iPhone Unlock.exe
File created	C:\Windows\System32\DriverStore\Temp\{f7d9363c-97b5-b444-b09e-a977ebeff3ee}\SETE17D.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{f7d9363c-97b5-b444-b09e-a977ebeff3ee}\AppleUsb.inf	DrvInst.exe
File created	C:\Windows\System32\DriverStore\drvstore.tmp	DrvInst.exe
File created	C:\Windows\System32\DriverStore\Temp\{1ebae3db-70ae-fa4b-bbd5-90440c714ad8}\SETFD25.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{0f0792a9-2788-b546-8194-70cf30ffe081}\AppleRSM.sys	DrvInst.exe
File created	C:\Windows\System32\DriverStore\drvstore.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{0f0792a9-2788-b546-8194-70cf30ffe081}	DrvInst.exe

Suspicious use of NtSetInformationThreadHideFromDebugger 2 IoCs

Processes:

UltFone iPhone Unlock.exe

pid process

1028 UltFone iPhone Unlock.exe
1028 UltFone iPhone Unlock.exe

UPX packed file 9 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral1/memory/1736-0-0x0000000000400000-0x0000000000837000-memory.dmp	upx
behavioral1/memory/1736-4-0x0000000000400000-0x0000000000837000-memory.dmp	upx
behavioral1/memory/1736-10-0x0000000000400000-0x0000000000837000-memory.dmp	upx
behavioral1/memory/1736-18-0x0000000000400000-0x0000000000837000-memory.dmp	upx
behavioral1/memory/1736-22-0x0000000000400000-0x0000000000837000-memory.dmp	upx
behavioral1/memory/1736-364-0x0000000000400000-0x0000000000837000-memory.dmp	upx
behavioral1/memory/1736-1426-0x0000000000400000-0x0000000000837000-memory.dmp	upx
behavioral1/memory/1736-1437-0x0000000000400000-0x0000000000837000-memory.dmp	upx
behavioral1/memory/1736-1439-0x0000000000400000-0x0000000000837000-memory.dmp	upx

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 64 IoCs

Processes:

4ukey_ultfone_64_3.8.6.tmp

description	ioc	process
File created	C:\Program Files (x86)\UltFone\UltFone iPhone Unlock\Resource\Images\SearchOpenssh\is-C7SA8.tmp	4ukey_ultfone_64_3.8.6.tmp
File created	C:\Program Files (x86)\UltFone\UltFone iPhone Unlock\sqlite\is-QQD7H.tmp	4ukey_ultfone_64_3.8.6.tmp
File opened for modification	C:\Program Files (x86)\UltFone\UltFone iPhone Unlock\System.Runtime.Caching.dll	4ukey_ultfone_64_3.8.6.tmp
File created	C:\Program Files (x86)\UltFone\UltFone iPhone Unlock\is-B4VRV.tmp	4ukey_ultfone_64_3.8.6.tmp
File created	C:\Program Files (x86)\UltFone\UltFone iPhone Unlock\Monitor\is-PUPRT.tmp	4ukey_ultfone_64_3.8.6.tmp
File created	C:\Program Files (x86)\UltFone\UltFone iPhone Unlock\Resource\Images\ClickConfirmBtn\is-1CSNJ.tmp	4ukey_ultfone_64_3.8.6.tmp
File opened for modification	C:\Program Files (x86)\UltFone\UltFone iPhone Unlock\api-ms-win-crt-filesystem-l1-1-0.dll	4ukey_ultfone_64_3.8.6.tmp
File opened for modification	C:\Program Files (x86)\UltFone\UltFone iPhone Unlock\Uninstall\CalcHashAB.dll	4ukey_ultfone_64_3.8.6.tmp
File created	C:\Program Files (x86)\UltFone\UltFone iPhone Unlock\is-4TAGI.tmp	4ukey_ultfone_64_3.8.6.tmp
File opened for modification	C:\Program Files (x86)\UltFone\UltFone iPhone Unlock\Monitor\ucrtbase.dll	4ukey_ultfone_64_3.8.6.tmp
File created	C:\Program Files (x86)\UltFone\UltFone iPhone Unlock\is-O5KMF.tmp	4ukey_ultfone_64_3.8.6.tmp
File created	C:\Program Files (x86)\UltFone\UltFone iPhone Unlock\Resource\Images\TrustAppleIDAccount\is-UOS92.tmp	4ukey_ultfone_64_3.8.6.tmp
File opened for modification	C:\Program Files (x86)\UltFone\UltFone iPhone Unlock\RegisterAndLog.dll	4ukey_ultfone_64_3.8.6.tmp
File opened for modification	C:\Program Files (x86)\UltFone\UltFone iPhone Unlock\3rdTool\setuppass\api-ms-win-crt-heap-l1-1-0.dll	4ukey_ultfone_64_3.8.6.tmp
File opened for modification	C:\Program Files (x86)\UltFone\UltFone iPhone Unlock\Monitor\api-ms-win-core-file-l1-2-0.dll	4ukey_ultfone_64_3.8.6.tmp
File created	C:\Program Files (x86)\UltFone\UltFone iPhone Unlock\Monitor\is-6QH9D.tmp	4ukey_ultfone_64_3.8.6.tmp
File created	C:\Program Files (x86)\UltFone\UltFone iPhone Unlock\Resource\Images\FetchOpensshQueue\is-R5KHO.tmp	4ukey_ultfone_64_3.8.6.tmp
File opened for modification	C:\Program Files (x86)\UltFone\UltFone iPhone Unlock\Microsoft.Windows.Shell.dll	4ukey_ultfone_64_3.8.6.tmp
File opened for modification	C:\Program Files (x86)\UltFone\UltFone iPhone Unlock\MobileDevicex86\ucrtbase.dll	4ukey_ultfone_64_3.8.6.tmp
File opened for modification	C:\Program Files (x86)\UltFone\UltFone iPhone Unlock\iTunesRepairResources\x64\AppleKis\AppleKISInterface.dll	4ukey_ultfone_64_3.8.6.tmp
File created	C:\Program Files (x86)\UltFone\UltFone iPhone Unlock\3rdTool\libimobiledevice\is-LGSTL.tmp	4ukey_ultfone_64_3.8.6.tmp
File created	C:\Program Files (x86)\UltFone\UltFone iPhone Unlock\Resource\Images\SearchOpenssh\is-H41S4.tmp	4ukey_ultfone_64_3.8.6.tmp
File created	C:\Program Files (x86)\UltFone\UltFone iPhone Unlock\Resource\Images\SearchOpenssh\is-5KF83.tmp	4ukey_ultfone_64_3.8.6.tmp
File created	C:\Program Files (x86)\UltFone\UltFone iPhone Unlock\is-VGCON.tmp	4ukey_ultfone_64_3.8.6.tmp
File created	C:\Program Files (x86)\UltFone\UltFone iPhone Unlock\is-2Q6OH.tmp	4ukey_ultfone_64_3.8.6.tmp
File created	C:\Program Files (x86)\UltFone\UltFone iPhone Unlock\3rdTool\libimobiledevice\is-1SHJQ.tmp	4ukey_ultfone_64_3.8.6.tmp
File created	C:\Program Files (x86)\UltFone\UltFone iPhone Unlock\3rdTool\libimobiledevice\is-KL6KI.tmp	4ukey_ultfone_64_3.8.6.tmp
File created	C:\Program Files (x86)\UltFone\UltFone iPhone Unlock\3rdTool\setuppass\is-JG614.tmp	4ukey_ultfone_64_3.8.6.tmp
File created	C:\Program Files (x86)\UltFone\UltFone iPhone Unlock\CoreFoundation.resources\cs.lproj\is-DNFV5.tmp	4ukey_ultfone_64_3.8.6.tmp
File opened for modification	C:\Program Files (x86)\UltFone\UltFone iPhone Unlock\3rdTool\iproxy\ucrtbase.dll	4ukey_ultfone_64_3.8.6.tmp
File opened for modification	C:\Program Files (x86)\UltFone\UltFone iPhone Unlock\Monitor\api-ms-win-core-file-l1-1-0.dll	4ukey_ultfone_64_3.8.6.tmp
File created	C:\Program Files (x86)\UltFone\UltFone iPhone Unlock\3rdTool\iproxy\is-NNK9J.tmp	4ukey_ultfone_64_3.8.6.tmp
File created	C:\Program Files (x86)\UltFone\UltFone iPhone Unlock\MobileDevicex86\is-T0ND3.tmp	4ukey_ultfone_64_3.8.6.tmp
File created	C:\Program Files (x86)\UltFone\UltFone iPhone Unlock\Resource\Images\TrustAppleIDAccount\is-072E7.tmp	4ukey_ultfone_64_3.8.6.tmp
File opened for modification	C:\Program Files (x86)\UltFone\UltFone iPhone Unlock\libcrypto-3-x64.dll	4ukey_ultfone_64_3.8.6.tmp
File opened for modification	C:\Program Files (x86)\UltFone\UltFone iPhone Unlock\3rdTool\setuppass\api-ms-win-core-timezone-l1-1-0.dll	4ukey_ultfone_64_3.8.6.tmp
File created	C:\Program Files (x86)\UltFone\UltFone iPhone Unlock\iTunesRepairResources\x64\NewUsbDrivers64\is-U6Q1E.tmp	4ukey_ultfone_64_3.8.6.tmp
File created	C:\Program Files (x86)\UltFone\UltFone iPhone Unlock\3rdTool\iproxy\is-SFMTQ.tmp	4ukey_ultfone_64_3.8.6.tmp
File created	C:\Program Files (x86)\UltFone\UltFone iPhone Unlock\Monitor\is-EP5H9.tmp	4ukey_ultfone_64_3.8.6.tmp
File opened for modification	C:\Program Files (x86)\UltFone\UltFone iPhone Unlock\libcurl.dll	4ukey_ultfone_64_3.8.6.tmp
File opened for modification	C:\Program Files (x86)\UltFone\UltFone iPhone Unlock\Monitor\api-ms-win-core-debug-l1-1-0.dll	4ukey_ultfone_64_3.8.6.tmp
File created	C:\Program Files (x86)\UltFone\UltFone iPhone Unlock\is-2VENB.tmp	4ukey_ultfone_64_3.8.6.tmp
File created	C:\Program Files (x86)\UltFone\UltFone iPhone Unlock\is-KVAB7.tmp	4ukey_ultfone_64_3.8.6.tmp
File opened for modification	C:\Program Files (x86)\UltFone\UltFone iPhone Unlock\Monitor\vcruntime140.dll	4ukey_ultfone_64_3.8.6.tmp
File created	C:\Program Files (x86)\UltFone\UltFone iPhone Unlock\MobileDevicex86\is-7B5LT.tmp	4ukey_ultfone_64_3.8.6.tmp
File created	C:\Program Files (x86)\UltFone\UltFone iPhone Unlock\Monitor\is-GBGQ9.tmp	4ukey_ultfone_64_3.8.6.tmp
File created	C:\Program Files (x86)\UltFone\UltFone iPhone Unlock\Monitor\is-B2NBB.tmp	4ukey_ultfone_64_3.8.6.tmp
File opened for modification	C:\Program Files (x86)\UltFone\UltFone iPhone Unlock\3rdTool\setuppass\api-ms-win-crt-math-l1-1-0.dll	4ukey_ultfone_64_3.8.6.tmp
File created	C:\Program Files (x86)\UltFone\UltFone iPhone Unlock\3rdTool\iproxy\is-Q93TA.tmp	4ukey_ultfone_64_3.8.6.tmp
File created	C:\Program Files (x86)\UltFone\UltFone iPhone Unlock\Monitor\is-53O2E.tmp	4ukey_ultfone_64_3.8.6.tmp
File created	C:\Program Files (x86)\UltFone\UltFone iPhone Unlock\is-F3GVS.tmp	4ukey_ultfone_64_3.8.6.tmp
File created	C:\Program Files (x86)\UltFone\UltFone iPhone Unlock\is-863TB.tmp	4ukey_ultfone_64_3.8.6.tmp
File created	C:\Program Files (x86)\UltFone\UltFone iPhone Unlock\CoreFoundation.resources\pt_PT.lproj\is-AVFUC.tmp	4ukey_ultfone_64_3.8.6.tmp
File created	C:\Program Files (x86)\UltFone\UltFone iPhone Unlock\Resource\Images\FetchOpensshQueue\is-RJS31.tmp	4ukey_ultfone_64_3.8.6.tmp
File opened for modification	C:\Program Files (x86)\UltFone\UltFone iPhone Unlock\System.Data.SqlXml.dll	4ukey_ultfone_64_3.8.6.tmp
File created	C:\Program Files (x86)\UltFone\UltFone iPhone Unlock\is-P0A4N.tmp	4ukey_ultfone_64_3.8.6.tmp
File created	C:\Program Files (x86)\UltFone\UltFone iPhone Unlock\is-POIR6.tmp	4ukey_ultfone_64_3.8.6.tmp
File created	C:\Program Files (x86)\UltFone\UltFone iPhone Unlock\is-DRGOL.tmp	4ukey_ultfone_64_3.8.6.tmp
File created	C:\Program Files (x86)\UltFone\UltFone iPhone Unlock\3rdTool\iproxy\is-FM88C.tmp	4ukey_ultfone_64_3.8.6.tmp
File created	C:\Program Files (x86)\UltFone\UltFone iPhone Unlock\Resource\Images\ClickStartJailbreak\is-MPTT4.tmp	4ukey_ultfone_64_3.8.6.tmp
File opened for modification	C:\Program Files (x86)\UltFone\UltFone iPhone Unlock\3rdTool\libimobiledevice\imobiledevice.dll	4ukey_ultfone_64_3.8.6.tmp
File opened for modification	C:\Program Files (x86)\UltFone\UltFone iPhone Unlock\MobileDevicex86\icudt62.dll	4ukey_ultfone_64_3.8.6.tmp
File created	C:\Program Files (x86)\UltFone\UltFone iPhone Unlock\is-B9H76.tmp	4ukey_ultfone_64_3.8.6.tmp
File opened for modification	C:\Program Files (x86)\UltFone\UltFone iPhone Unlock\api-ms-win-core-timezone-l1-1-0.dll	4ukey_ultfone_64_3.8.6.tmp

Drops file in Windows directory 17 IoCs

Processes:

pnputil.exeDrvInst.exepnputil.exeDrvInst.exeDrvInst.exepnputil.exepnputil.exeDrvInst.exesvchost.exe

description	ioc	process
File opened for modification	C:\Windows\INF\setupapi.dev.log	pnputil.exe
File created	C:\Windows\inf\oem3.inf	DrvInst.exe
File opened for modification	C:\Windows\INF\setupapi.dev.log	pnputil.exe
File opened for modification	C:\Windows\inf\oem3.inf	DrvInst.exe
File created	C:\Windows\inf\oem4.inf	DrvInst.exe
File created	C:\Windows\inf\oem6.inf	DrvInst.exe
File opened for modification	C:\Windows\inf\oem6.inf	DrvInst.exe
File opened for modification	C:\Windows\INF\setupapi.dev.log	pnputil.exe
File opened for modification	C:\Windows\INF\setupapi.dev.log	DrvInst.exe
File opened for modification	C:\Windows\INF\setupapi.dev.log	pnputil.exe
File opened for modification	C:\Windows\INF\setupapi.dev.log	DrvInst.exe
File opened for modification	C:\Windows\inf\oem5.inf	DrvInst.exe
File created	C:\Windows\inf\oem5.inf	DrvInst.exe
File opened for modification	C:\Windows\INF\setupapi.dev.log	svchost.exe
File opened for modification	C:\Windows\INF\setupapi.dev.log	DrvInst.exe
File opened for modification	C:\Windows\inf\oem4.inf	DrvInst.exe
File opened for modification	C:\Windows\INF\setupapi.dev.log	DrvInst.exe

Executes dropped EXE 15 IoCs

Processes:

4ukey_ultfone_64_3.8.6.exe4ukey_ultfone_64_3.8.6.tmpStart.exeUltFone iPhone Unlock.exeMonitor.exemDNSResponder.exeAppleMobileDeviceProcess.exeCheckErrorx64.exeinfInstallx64.exeinfInstallx64.exeinfInstallx64.exeinfInstallx64.exeinfInstallx64.exeinfInstallx64.exeinfInstallx64.exe

pid	process
2876	4ukey_ultfone_64_3.8.6.exe
3688	4ukey_ultfone_64_3.8.6.tmp
3836	Start.exe
1028	UltFone iPhone Unlock.exe
2504	Monitor.exe
1104	mDNSResponder.exe
1416	AppleMobileDeviceProcess.exe
3268	CheckErrorx64.exe
4892	infInstallx64.exe
2232	infInstallx64.exe
5912	infInstallx64.exe
3428	infInstallx64.exe
4008	infInstallx64.exe
5348	infInstallx64.exe
2628	infInstallx64.exe

Launches sc.exe 23 IoCs

Sc.exe is a Windows utlilty to control services on the system.

Processes:

sc.exesc.exesc.exesc.exesc.exesc.exesc.exesc.exesc.exesc.exesc.exesc.exesc.exesc.exesc.exesc.exesc.exesc.exesc.exesc.exesc.exesc.exesc.exe

pid	process
4828	sc.exe
3560	sc.exe
5524	sc.exe
2588	sc.exe
5876	sc.exe
3132	sc.exe
5348	sc.exe
5952	sc.exe
5584	sc.exe
5904	sc.exe
3792	sc.exe
2724	sc.exe
4532	sc.exe
964	sc.exe
3264	sc.exe
1008	sc.exe
3696	sc.exe
5960	sc.exe
5564	sc.exe
5200	sc.exe
5588	sc.exe
5232	sc.exe
5268	sc.exe

Loads dropped DLL 64 IoCs

Processes:

UltFone iPhone Unlock.exeMonitor.exe

pid	process
1028	UltFone iPhone Unlock.exe
1028	UltFone iPhone Unlock.exe
1028	UltFone iPhone Unlock.exe
1028	UltFone iPhone Unlock.exe
1028	UltFone iPhone Unlock.exe
1028	UltFone iPhone Unlock.exe
1028	UltFone iPhone Unlock.exe
1028	UltFone iPhone Unlock.exe
1028	UltFone iPhone Unlock.exe
1028	UltFone iPhone Unlock.exe
1028	UltFone iPhone Unlock.exe
1028	UltFone iPhone Unlock.exe
1028	UltFone iPhone Unlock.exe
1028	UltFone iPhone Unlock.exe
1028	UltFone iPhone Unlock.exe
1028	UltFone iPhone Unlock.exe
1028	UltFone iPhone Unlock.exe
1028	UltFone iPhone Unlock.exe
1028	UltFone iPhone Unlock.exe
1028	UltFone iPhone Unlock.exe
1028	UltFone iPhone Unlock.exe
1028	UltFone iPhone Unlock.exe
1028	UltFone iPhone Unlock.exe
1028	UltFone iPhone Unlock.exe
1028	UltFone iPhone Unlock.exe
1028	UltFone iPhone Unlock.exe
1028	UltFone iPhone Unlock.exe
1028	UltFone iPhone Unlock.exe
1028	UltFone iPhone Unlock.exe
1028	UltFone iPhone Unlock.exe
1028	UltFone iPhone Unlock.exe
1028	UltFone iPhone Unlock.exe
1028	UltFone iPhone Unlock.exe
1028	UltFone iPhone Unlock.exe
1028	UltFone iPhone Unlock.exe
1028	UltFone iPhone Unlock.exe
1028	UltFone iPhone Unlock.exe
1028	UltFone iPhone Unlock.exe
2504	Monitor.exe
2504	Monitor.exe
2504	Monitor.exe
2504	Monitor.exe
1028	UltFone iPhone Unlock.exe
1028	UltFone iPhone Unlock.exe
1028	UltFone iPhone Unlock.exe
1028	UltFone iPhone Unlock.exe
1028	UltFone iPhone Unlock.exe
1028	UltFone iPhone Unlock.exe
1028	UltFone iPhone Unlock.exe
1028	UltFone iPhone Unlock.exe
1028	UltFone iPhone Unlock.exe
1028	UltFone iPhone Unlock.exe
1028	UltFone iPhone Unlock.exe
1028	UltFone iPhone Unlock.exe
1028	UltFone iPhone Unlock.exe
1028	UltFone iPhone Unlock.exe
1028	UltFone iPhone Unlock.exe
1028	UltFone iPhone Unlock.exe
1028	UltFone iPhone Unlock.exe
1028	UltFone iPhone Unlock.exe
1028	UltFone iPhone Unlock.exe
1028	UltFone iPhone Unlock.exe
1028	UltFone iPhone Unlock.exe
1028	UltFone iPhone Unlock.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 7 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

Processes:

Start.exeMonitor.exeiphone-unlock.exe4ukey_ultfone_64_3.8.6.exe4ukey_ultfone_64_3.8.6.tmpcmd.exetaskkill.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Start.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Monitor.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	iphone-unlock.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4ukey_ultfone_64_3.8.6.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4ukey_ultfone_64_3.8.6.tmp
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe

Checks SCSI registry key(s) 3 TTPs 64 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

pnputil.exeDrvInst.exepnputil.exeDrvInst.exeDrvInst.exeDrvInst.exepnputil.exesvchost.exeCheckErrorx64.exepnputil.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\CompatibleIDs	pnputil.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Phantom	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\CompatibleIDs	pnputil.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\CompatibleIDs	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\CompatibleIDs	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002	pnputil.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID	pnputil.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID	pnputil.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	pnputil.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom	pnputil.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\CompatibleIDs	pnputil.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\CompatibleIDs	pnputil.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Phantom	pnputil.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	CheckErrorx64.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\CompatibleIDs	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	pnputil.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	CheckErrorx64.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom	pnputil.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\CompatibleIDs	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\CompatibleIDs	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Phantom	pnputil.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Phantom	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	pnputil.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Phantom	pnputil.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\CompatibleIDs	pnputil.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID	pnputil.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom	pnputil.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom	pnputil.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\CompatibleIDs	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom	pnputil.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID	pnputil.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	pnputil.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\CompatibleIDs	pnputil.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID	CheckErrorx64.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom	pnputil.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom	pnputil.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Phantom	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	pnputil.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Phantom	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\CompatibleIDs	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	pnputil.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Kills process with taskkill 1 IoCs
evasion

Processes:

taskkill.exe

pid process

3200 taskkill.exe

pid	process
3200	taskkill.exe

Modifies Internet Explorer settings 1 TTPs 5 IoCs

adware spyware

Modify Registry

T1112

Processes:

UltFone iPhone Unlock.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENABLE_CLIPCHILDREN_OPTIMIZATION	UltFone iPhone Unlock.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENABLE_CLIPCHILDREN_OPTIMIZATION\UltFone iPhone Unlock.exe = "1"	UltFone iPhone Unlock.exe
Key created	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN	UltFone iPhone Unlock.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN\UltFone iPhone Unlock.exe = "1"	UltFone iPhone Unlock.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\UltFone iPhone Unlock.exe = "11000"	UltFone iPhone Unlock.exe

Modifies data under HKEY_USERS 64 IoCs

Processes:

DrvInst.exeDrvInst.exeDrvInst.exeDrvInst.exe

description	ioc	process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs	DrvInst.exe

Suspicious behavior: EnumeratesProcesses 30 IoCs

Processes:

iphone-unlock.exe4ukey_ultfone_64_3.8.6.tmpUltFone iPhone Unlock.exemsedge.exemsedge.exeAppleMobileDeviceProcess.exeidentity_helper.exe

pid	process
1736	iphone-unlock.exe
1736	iphone-unlock.exe
1736	iphone-unlock.exe
1736	iphone-unlock.exe
3688	4ukey_ultfone_64_3.8.6.tmp
3688	4ukey_ultfone_64_3.8.6.tmp
1028	UltFone iPhone Unlock.exe
1028	UltFone iPhone Unlock.exe
1028	UltFone iPhone Unlock.exe
1920	msedge.exe
1920	msedge.exe
5108	msedge.exe
5108	msedge.exe
1028	UltFone iPhone Unlock.exe
1028	UltFone iPhone Unlock.exe
1028	UltFone iPhone Unlock.exe
1028	UltFone iPhone Unlock.exe
1028	UltFone iPhone Unlock.exe
1028	UltFone iPhone Unlock.exe
1028	UltFone iPhone Unlock.exe
1028	UltFone iPhone Unlock.exe
1416	AppleMobileDeviceProcess.exe
1416	AppleMobileDeviceProcess.exe
1028	UltFone iPhone Unlock.exe
2208	identity_helper.exe
2208	identity_helper.exe
1028	UltFone iPhone Unlock.exe
1028	UltFone iPhone Unlock.exe
1028	UltFone iPhone Unlock.exe
1028	UltFone iPhone Unlock.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

Processes:

msedge.exe

pid process

5108 msedge.exe
5108 msedge.exe
5108 msedge.exe
5108 msedge.exe
5108 msedge.exe
5108 msedge.exe
5108 msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

taskkill.exeUltFone iPhone Unlock.exewmic.exewmic.exe

description	pid	process
Token: SeDebugPrivilege	3200	taskkill.exe
Token: SeDebugPrivilege	1028	UltFone iPhone Unlock.exe
Token: SeIncreaseQuotaPrivilege	3280	wmic.exe
Token: SeSecurityPrivilege	3280	wmic.exe
Token: SeTakeOwnershipPrivilege	3280	wmic.exe
Token: SeLoadDriverPrivilege	3280	wmic.exe
Token: SeSystemProfilePrivilege	3280	wmic.exe
Token: SeSystemtimePrivilege	3280	wmic.exe
Token: SeProfSingleProcessPrivilege	3280	wmic.exe
Token: SeIncBasePriorityPrivilege	3280	wmic.exe
Token: SeCreatePagefilePrivilege	3280	wmic.exe
Token: SeBackupPrivilege	3280	wmic.exe
Token: SeRestorePrivilege	3280	wmic.exe
Token: SeShutdownPrivilege	3280	wmic.exe
Token: SeDebugPrivilege	3280	wmic.exe
Token: SeSystemEnvironmentPrivilege	3280	wmic.exe
Token: SeRemoteShutdownPrivilege	3280	wmic.exe
Token: SeUndockPrivilege	3280	wmic.exe
Token: SeManageVolumePrivilege	3280	wmic.exe
Token: 33	3280	wmic.exe
Token: 34	3280	wmic.exe
Token: 35	3280	wmic.exe
Token: 36	3280	wmic.exe
Token: SeIncreaseQuotaPrivilege	3280	wmic.exe
Token: SeSecurityPrivilege	3280	wmic.exe
Token: SeTakeOwnershipPrivilege	3280	wmic.exe
Token: SeLoadDriverPrivilege	3280	wmic.exe
Token: SeSystemProfilePrivilege	3280	wmic.exe
Token: SeSystemtimePrivilege	3280	wmic.exe
Token: SeProfSingleProcessPrivilege	3280	wmic.exe
Token: SeIncBasePriorityPrivilege	3280	wmic.exe
Token: SeCreatePagefilePrivilege	3280	wmic.exe
Token: SeBackupPrivilege	3280	wmic.exe
Token: SeRestorePrivilege	3280	wmic.exe
Token: SeShutdownPrivilege	3280	wmic.exe
Token: SeDebugPrivilege	3280	wmic.exe
Token: SeSystemEnvironmentPrivilege	3280	wmic.exe
Token: SeRemoteShutdownPrivilege	3280	wmic.exe
Token: SeUndockPrivilege	3280	wmic.exe
Token: SeManageVolumePrivilege	3280	wmic.exe
Token: 33	3280	wmic.exe
Token: 34	3280	wmic.exe
Token: 35	3280	wmic.exe
Token: 36	3280	wmic.exe
Token: SeIncreaseQuotaPrivilege	2440	wmic.exe
Token: SeSecurityPrivilege	2440	wmic.exe
Token: SeTakeOwnershipPrivilege	2440	wmic.exe
Token: SeLoadDriverPrivilege	2440	wmic.exe
Token: SeSystemProfilePrivilege	2440	wmic.exe
Token: SeSystemtimePrivilege	2440	wmic.exe
Token: SeProfSingleProcessPrivilege	2440	wmic.exe
Token: SeIncBasePriorityPrivilege	2440	wmic.exe
Token: SeCreatePagefilePrivilege	2440	wmic.exe
Token: SeBackupPrivilege	2440	wmic.exe
Token: SeRestorePrivilege	2440	wmic.exe
Token: SeShutdownPrivilege	2440	wmic.exe
Token: SeDebugPrivilege	2440	wmic.exe
Token: SeSystemEnvironmentPrivilege	2440	wmic.exe
Token: SeRemoteShutdownPrivilege	2440	wmic.exe
Token: SeUndockPrivilege	2440	wmic.exe
Token: SeManageVolumePrivilege	2440	wmic.exe
Token: 33	2440	wmic.exe
Token: 34	2440	wmic.exe
Token: 35	2440	wmic.exe

Suspicious use of FindShellTrayWindow 26 IoCs

Processes:

4ukey_ultfone_64_3.8.6.tmpmsedge.exe

pid	process
3688	4ukey_ultfone_64_3.8.6.tmp
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	process
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe

Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

Start.exe

pid process

3836 Start.exe

pid	process
3836	Start.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

iphone-unlock.exe4ukey_ultfone_64_3.8.6.exe4ukey_ultfone_64_3.8.6.tmpcmd.exeStart.exeUltFone iPhone Unlock.exemsedge.exe

description	pid	process	target process
PID 1736 wrote to memory of 2876	1736	iphone-unlock.exe	4ukey_ultfone_64_3.8.6.exe
PID 1736 wrote to memory of 2876	1736	iphone-unlock.exe	4ukey_ultfone_64_3.8.6.exe
PID 1736 wrote to memory of 2876	1736	iphone-unlock.exe	4ukey_ultfone_64_3.8.6.exe
PID 2876 wrote to memory of 3688	2876	4ukey_ultfone_64_3.8.6.exe	4ukey_ultfone_64_3.8.6.tmp
PID 2876 wrote to memory of 3688	2876	4ukey_ultfone_64_3.8.6.exe	4ukey_ultfone_64_3.8.6.tmp
PID 2876 wrote to memory of 3688	2876	4ukey_ultfone_64_3.8.6.exe	4ukey_ultfone_64_3.8.6.tmp
PID 3688 wrote to memory of 4884	3688	4ukey_ultfone_64_3.8.6.tmp	cmd.exe
PID 3688 wrote to memory of 4884	3688	4ukey_ultfone_64_3.8.6.tmp	cmd.exe
PID 3688 wrote to memory of 4884	3688	4ukey_ultfone_64_3.8.6.tmp	cmd.exe
PID 4884 wrote to memory of 3200	4884	cmd.exe	taskkill.exe
PID 4884 wrote to memory of 3200	4884	cmd.exe	taskkill.exe
PID 4884 wrote to memory of 3200	4884	cmd.exe	taskkill.exe
PID 1736 wrote to memory of 3836	1736	iphone-unlock.exe	Start.exe
PID 1736 wrote to memory of 3836	1736	iphone-unlock.exe	Start.exe
PID 1736 wrote to memory of 3836	1736	iphone-unlock.exe	Start.exe
PID 3836 wrote to memory of 1028	3836	Start.exe	UltFone iPhone Unlock.exe
PID 3836 wrote to memory of 1028	3836	Start.exe	UltFone iPhone Unlock.exe
PID 1028 wrote to memory of 5108	1028	UltFone iPhone Unlock.exe	msedge.exe
PID 1028 wrote to memory of 5108	1028	UltFone iPhone Unlock.exe	msedge.exe
PID 5108 wrote to memory of 2516	5108	msedge.exe	msedge.exe
PID 5108 wrote to memory of 2516	5108	msedge.exe	msedge.exe
PID 5108 wrote to memory of 2992	5108	msedge.exe	msedge.exe
PID 5108 wrote to memory of 2992	5108	msedge.exe	msedge.exe
PID 5108 wrote to memory of 2992	5108	msedge.exe	msedge.exe
PID 5108 wrote to memory of 2992	5108	msedge.exe	msedge.exe
PID 5108 wrote to memory of 2992	5108	msedge.exe	msedge.exe
PID 5108 wrote to memory of 2992	5108	msedge.exe	msedge.exe
PID 5108 wrote to memory of 2992	5108	msedge.exe	msedge.exe
PID 5108 wrote to memory of 2992	5108	msedge.exe	msedge.exe
PID 5108 wrote to memory of 2992	5108	msedge.exe	msedge.exe
PID 5108 wrote to memory of 2992	5108	msedge.exe	msedge.exe
PID 5108 wrote to memory of 2992	5108	msedge.exe	msedge.exe
PID 5108 wrote to memory of 2992	5108	msedge.exe	msedge.exe
PID 5108 wrote to memory of 2992	5108	msedge.exe	msedge.exe
PID 5108 wrote to memory of 2992	5108	msedge.exe	msedge.exe
PID 5108 wrote to memory of 2992	5108	msedge.exe	msedge.exe
PID 5108 wrote to memory of 2992	5108	msedge.exe	msedge.exe
PID 5108 wrote to memory of 2992	5108	msedge.exe	msedge.exe
PID 5108 wrote to memory of 2992	5108	msedge.exe	msedge.exe
PID 5108 wrote to memory of 2992	5108	msedge.exe	msedge.exe
PID 5108 wrote to memory of 2992	5108	msedge.exe	msedge.exe
PID 5108 wrote to memory of 2992	5108	msedge.exe	msedge.exe
PID 5108 wrote to memory of 2992	5108	msedge.exe	msedge.exe
PID 5108 wrote to memory of 2992	5108	msedge.exe	msedge.exe
PID 5108 wrote to memory of 2992	5108	msedge.exe	msedge.exe
PID 5108 wrote to memory of 2992	5108	msedge.exe	msedge.exe
PID 5108 wrote to memory of 2992	5108	msedge.exe	msedge.exe
PID 5108 wrote to memory of 2992	5108	msedge.exe	msedge.exe
PID 5108 wrote to memory of 2992	5108	msedge.exe	msedge.exe
PID 5108 wrote to memory of 2992	5108	msedge.exe	msedge.exe
PID 5108 wrote to memory of 2992	5108	msedge.exe	msedge.exe
PID 5108 wrote to memory of 2992	5108	msedge.exe	msedge.exe
PID 5108 wrote to memory of 2992	5108	msedge.exe	msedge.exe
PID 5108 wrote to memory of 2992	5108	msedge.exe	msedge.exe
PID 5108 wrote to memory of 2992	5108	msedge.exe	msedge.exe
PID 5108 wrote to memory of 2992	5108	msedge.exe	msedge.exe
PID 5108 wrote to memory of 2992	5108	msedge.exe	msedge.exe
PID 5108 wrote to memory of 2992	5108	msedge.exe	msedge.exe
PID 5108 wrote to memory of 2992	5108	msedge.exe	msedge.exe
PID 5108 wrote to memory of 2992	5108	msedge.exe	msedge.exe
PID 5108 wrote to memory of 2992	5108	msedge.exe	msedge.exe
PID 5108 wrote to memory of 1920	5108	msedge.exe	msedge.exe
PID 5108 wrote to memory of 1920	5108	msedge.exe	msedge.exe
PID 5108 wrote to memory of 4852	5108	msedge.exe	msedge.exe

C:\Users\Admin\AppData\Local\Temp\iphone-unlock.exe
"C:\Users\Admin\AppData\Local\Temp\iphone-unlock.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1736
- C:\Users\Admin\AppData\Local\Temp\4ukey_ultfone_64\4ukey_ultfone_64_3.8.6.exe
  /VERYSILENT /SP- /NORESTART /DIR="C:\Program Files (x86)\UltFone\UltFone iPhone Unlock\" /LANG=en /LOG="C:\Users\Admin\AppData\Local\Temp\UltFone iPhone Unlock_Setup_20241121213703.log" /sptrack null
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:2876
- - C:\Users\Admin\AppData\Local\Temp\is-33BIA.tmp\4ukey_ultfone_64_3.8.6.tmp
    "C:\Users\Admin\AppData\Local\Temp\is-33BIA.tmp\4ukey_ultfone_64_3.8.6.tmp" /SL5="$401F0,176208474,419840,C:\Users\Admin\AppData\Local\Temp\4ukey_ultfone_64\4ukey_ultfone_64_3.8.6.exe" /VERYSILENT /SP- /NORESTART /DIR="C:\Program Files (x86)\UltFone\UltFone iPhone Unlock\" /LANG=en /LOG="C:\Users\Admin\AppData\Local\Temp\UltFone iPhone Unlock_Setup_20241121213703.log" /sptrack null
    3⤵
    - Checks computer location settings
    - Drops file in Program Files directory
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of WriteProcessMemory
    PID:3688
  - - C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\system32\cmd.exe" /c taskkill /f /t /im "UltFone iPhone Unlock.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious use of WriteProcessMemory
      PID:4884
    - - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /f /t /im "UltFone iPhone Unlock.exe"
        5⤵
        System Location Discovery: System Language Discovery
        Kills process with taskkill
        Suspicious use of AdjustPrivilegeToken
        
        PID:3200
- C:\Program Files (x86)\UltFone\UltFone iPhone Unlock\Start.exe
  "C:\Program Files (x86)\UltFone\UltFone iPhone Unlock\Start.exe"
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3836
- - C:\Program Files (x86)\UltFone\UltFone iPhone Unlock\UltFone iPhone Unlock.exe
    "C:\Program Files (x86)\UltFone\UltFone iPhone Unlock\UltFone iPhone Unlock.exe"
    3⤵
    - Checks computer location settings
    - Drops file in System32 directory
    - Suspicious use of NtSetInformationThreadHideFromDebugger
    - Executes dropped EXE
    - Loads dropped DLL
    - Modifies Internet Explorer settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of WriteProcessMemory
    PID:1028
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://cbs.ultfone.com/go?pid=6333&a=i&v=3.8.6
      4⤵
      Enumerates system info in registry
      Suspicious behavior: EnumeratesProcesses
      Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      Suspicious use of FindShellTrayWindow
      Suspicious use of SendNotifyMessage
      Suspicious use of WriteProcessMemory
      PID:5108
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff6d5946f8,0x7fff6d594708,0x7fff6d594718
        5⤵
        
        PID:2516
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,6789500143257029840,16881858626652456589,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2112 /prefetch:2
        5⤵
        
        PID:2992
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,6789500143257029840,16881858626652456589,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 /prefetch:3
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:1920
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,6789500143257029840,16881858626652456589,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2844 /prefetch:8
        5⤵
        
        PID:4852
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,6789500143257029840,16881858626652456589,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
        5⤵
        
        PID:3644
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,6789500143257029840,16881858626652456589,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
        5⤵
        
        PID:4516
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,6789500143257029840,16881858626652456589,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5096 /prefetch:1
        5⤵
        
        PID:4932
    - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,6789500143257029840,16881858626652456589,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6016 /prefetch:8
        5⤵
        
        PID:3156
    - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,6789500143257029840,16881858626652456589,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6016 /prefetch:8
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2208
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,6789500143257029840,16881858626652456589,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6036 /prefetch:1
        5⤵
        
        PID:964
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,6789500143257029840,16881858626652456589,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5600 /prefetch:1
        5⤵
        
        PID:1092
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,6789500143257029840,16881858626652456589,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5660 /prefetch:1
        5⤵
        
        PID:5652
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,6789500143257029840,16881858626652456589,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5616 /prefetch:1
        5⤵
        
        PID:5660
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,6789500143257029840,16881858626652456589,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4852 /prefetch:1
        5⤵
        
        PID:68
  - - C:\Program Files (x86)\UltFone\UltFone iPhone Unlock\Monitor\Monitor.exe
      "C:\Program Files (x86)\UltFone\UltFone iPhone Unlock\Monitor\Monitor.exe" 1028(#-+)UA-116569081-1(#-+)UltFone iPhone Unlock(#-+)3.8.6.2(#-+)&cd1=3.8.6.2&cd2=0&cd3=NEWULTFONE&cd4=EN(#-+)1
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      PID:2504
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /C sc start winmgmt
      4⤵
      PID:5004
    - - C:\Windows\system32\sc.exe
        
        sc start winmgmt
        5⤵
        Launches sc.exe
        
        PID:1008
  - - C:\Windows\System32\Wbem\wmic.exe
      wmic BaseBoard get SerialNumber
      4⤵
      Suspicious use of AdjustPrivilegeToken
      PID:3280
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /C sc start winmgmt
      4⤵
      PID:2000
    - - C:\Windows\system32\sc.exe
        
        sc start winmgmt
        5⤵
        Launches sc.exe
        
        PID:4828
  - - C:\Windows\System32\Wbem\wmic.exe
      wmic BaseBoard get SerialNumber
      4⤵
      Suspicious use of AdjustPrivilegeToken
      PID:2440
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /C sc start winmgmt
      4⤵
      PID:312
    - - C:\Windows\system32\sc.exe
        
        sc start winmgmt
        5⤵
        Launches sc.exe
        
        PID:3696
  - - C:\Program Files (x86)\UltFone\UltFone iPhone Unlock\mdns\mDNSResponder.exe
      "C:\Program Files (x86)\UltFone\UltFone iPhone Unlock\mdns\mDNSResponder.exe" -server
      4⤵
      Modifies firewall policy service
      Executes dropped EXE
      PID:1104
  - - C:\Program Files (x86)\UltFone\UltFone iPhone Unlock\AppleMobileDeviceProcess.exe
      "C:\Program Files (x86)\UltFone\UltFone iPhone Unlock\AppleMobileDeviceProcess.exe"
      4⤵
      Executes dropped EXE
      Suspicious behavior: EnumeratesProcesses
      PID:1416
  - - C:\Program Files (x86)\UltFone\UltFone iPhone Unlock\iTunesRepairResources\x64\CheckErrorx64.exe
      "C:\Program Files (x86)\UltFone\UltFone iPhone Unlock\iTunesRepairResources\x64\CheckErrorx64.exe"
      4⤵
      Executes dropped EXE
      Checks SCSI registry key(s)
      PID:3268
  - - C:\Windows\System32\Wbem\wmic.exe
      wmic BaseBoard get SerialNumber
      4⤵
      PID:1124
    - - C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        5⤵
        
        PID:3280
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /C sc start winmgmt
      4⤵
      PID:2592
    - - C:\Windows\system32\sc.exe
        
        sc start winmgmt
        5⤵
        Launches sc.exe
        
        PID:3560
  - - C:\Windows\System32\Wbem\wmic.exe
      wmic BaseBoard get SerialNumber
      4⤵
      PID:3808
  - - C:\Program Files (x86)\UltFone\UltFone iPhone Unlock\iTunesRepairResources\x64\infInstallx64.exe
      "C:\Program Files (x86)\UltFone\UltFone iPhone Unlock\iTunesRepairResources\x64\infInstallx64.exe" -d "C:\Program Files (x86)\UltFone\UltFone iPhone Unlock\iTunesRepairResources\x64\NewUsbDrivers64\AppleUsb.inf"
      4⤵
      Executes dropped EXE
      PID:4892
    - - C:\Windows\SYSTEM32\takeown.exe
        
        takeown /F C:\Windows\System32\DriverStore\FileRepository\ /A
        5⤵
        Modifies file permissions
        
        PID:3008
    - - C:\Windows\SYSTEM32\cacls.exe
        
        cacls C:\Windows\System32\DriverStore\FileRepository*.* /E /G Everyone:F
        5⤵
        
        PID:2528
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /C sc start winmgmt
      4⤵
      PID:832
    - - C:\Windows\system32\sc.exe
        
        sc start winmgmt
        5⤵
        Launches sc.exe
        
        PID:964
  - - C:\Windows\System32\Wbem\wmic.exe
      wmic BaseBoard get SerialNumber
      4⤵
      PID:4056
  - - C:\Program Files (x86)\UltFone\UltFone iPhone Unlock\iTunesRepairResources\x64\infInstallx64.exe
      "C:\Program Files (x86)\UltFone\UltFone iPhone Unlock\iTunesRepairResources\x64\infInstallx64.exe" -d "C:\Program Files (x86)\UltFone\UltFone iPhone Unlock\iTunesRepairResources\x64\NetDrivers64\netaapl64.inf"
      4⤵
      Executes dropped EXE
      PID:2232
    - - C:\Windows\SYSTEM32\takeown.exe
        
        takeown /F C:\Windows\System32\DriverStore\FileRepository\ /A
        5⤵
        Modifies file permissions
        
        PID:5128
    - - C:\Windows\SYSTEM32\cacls.exe
        
        cacls C:\Windows\System32\DriverStore\FileRepository*.* /E /G Everyone:F
        5⤵
        
        PID:5156
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /C sc start winmgmt
      4⤵
      PID:3560
    - - C:\Windows\system32\sc.exe
        
        sc start winmgmt
        5⤵
        Launches sc.exe
        
        PID:3264
  - - C:\Windows\System32\Wbem\wmic.exe
      wmic BaseBoard get SerialNumber
      4⤵
      PID:5148
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /C sc start winmgmt
      4⤵
      PID:5476
    - - C:\Windows\system32\sc.exe
        
        sc start winmgmt
        5⤵
        Launches sc.exe
        
        PID:5524
  - - C:\Windows\System32\Wbem\wmic.exe
      wmic BaseBoard get SerialNumber
      4⤵
      PID:5544
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /C sc start winmgmt
      4⤵
      PID:5880
    - - C:\Windows\system32\sc.exe
        
        sc start winmgmt
        5⤵
        Launches sc.exe
        
        PID:5960
  - - C:\Program Files (x86)\UltFone\UltFone iPhone Unlock\iTunesRepairResources\x64\infInstallx64.exe
      "C:\Program Files (x86)\UltFone\UltFone iPhone Unlock\iTunesRepairResources\x64\infInstallx64.exe" -i "C:\Program Files (x86)\UltFone\UltFone iPhone Unlock\iTunesRepairResources\x64\NewUsbDrivers64\AppleUsb.inf"
      4⤵
      Executes dropped EXE
      PID:5912
    - - C:\Windows\SYSTEM32\pnputil.exe
        
        pnputil -i -a "C:\Program Files (x86)\UltFone\UltFone iPhone Unlock\iTunesRepairResources\x64\NewUsbDrivers64\AppleUsb.inf"
        5⤵
        Drops file in Windows directory
        Checks SCSI registry key(s)
        
        PID:6032
  - - C:\Windows\System32\Wbem\wmic.exe
      wmic BaseBoard get SerialNumber
      4⤵
      PID:5988
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /C sc start winmgmt
      4⤵
      PID:5500
    - - C:\Windows\system32\sc.exe
        
        sc start winmgmt
        5⤵
        Launches sc.exe
        
        PID:5564
  - - C:\Windows\System32\Wbem\wmic.exe
      wmic BaseBoard get SerialNumber
      4⤵
      PID:5568
  - - C:\Program Files (x86)\UltFone\UltFone iPhone Unlock\iTunesRepairResources\x64\infInstallx64.exe
      "C:\Program Files (x86)\UltFone\UltFone iPhone Unlock\iTunesRepairResources\x64\infInstallx64.exe" -i "C:\Program Files (x86)\UltFone\UltFone iPhone Unlock\iTunesRepairResources\x64\NetDrivers64\netaapl64.inf"
      4⤵
      Executes dropped EXE
      PID:3428
    - - C:\Windows\SYSTEM32\pnputil.exe
        
        pnputil -i -a "C:\Program Files (x86)\UltFone\UltFone iPhone Unlock\iTunesRepairResources\x64\NetDrivers64\netaapl64.inf"
        5⤵
        Drops file in Windows directory
        Checks SCSI registry key(s)
        
        PID:2448
  - - C:\Program Files (x86)\UltFone\UltFone iPhone Unlock\iTunesRepairResources\x64\infInstallx64.exe
      "C:\Program Files (x86)\UltFone\UltFone iPhone Unlock\iTunesRepairResources\x64\infInstallx64.exe" -dkis "C:\Program Files (x86)\UltFone\UltFone iPhone Unlock\iTunesRepairResources\x64\AppleKis\AppleKIS.inf"
      4⤵
      Executes dropped EXE
      PID:4008
    - - C:\Windows\SYSTEM32\takeown.exe
        
        takeown /F C:\Windows\System32\DriverStore\FileRepository\ /A
        5⤵
        Modifies file permissions
        
        PID:5148
    - - C:\Windows\SYSTEM32\cacls.exe
        
        cacls C:\Windows\System32\DriverStore\FileRepository*.* /E /G Everyone:F
        5⤵
        
        PID:5248
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /C sc start winmgmt
      4⤵
      PID:5328
    - - C:\Windows\system32\sc.exe
        
        sc start winmgmt
        5⤵
        Launches sc.exe
        
        PID:2588
  - - C:\Program Files (x86)\UltFone\UltFone iPhone Unlock\iTunesRepairResources\x64\infInstallx64.exe
      "C:\Program Files (x86)\UltFone\UltFone iPhone Unlock\iTunesRepairResources\x64\infInstallx64.exe" -i "C:\Program Files (x86)\UltFone\UltFone iPhone Unlock\iTunesRepairResources\x64\AppleKis\AppleKIS.inf"
      4⤵
      Executes dropped EXE
      PID:5348
    - - C:\Windows\SYSTEM32\pnputil.exe
        
        pnputil -i -a "C:\Program Files (x86)\UltFone\UltFone iPhone Unlock\iTunesRepairResources\x64\AppleKis\AppleKIS.inf"
        5⤵
        Drops file in Windows directory
        Checks SCSI registry key(s)
        
        PID:3552
  - - C:\Windows\System32\Wbem\wmic.exe
      wmic BaseBoard get SerialNumber
      4⤵
      PID:5172
  - - C:\Program Files (x86)\UltFone\UltFone iPhone Unlock\iTunesRepairResources\x64\infInstallx64.exe
      "C:\Program Files (x86)\UltFone\UltFone iPhone Unlock\iTunesRepairResources\x64\infInstallx64.exe" -i "C:\Program Files (x86)\UltFone\UltFone iPhone Unlock\iTunesRepairResources\x64\AppleRsm\AppleRSM.inf"
      4⤵
      Executes dropped EXE
      PID:2628
    - - C:\Windows\SYSTEM32\pnputil.exe
        
        pnputil -i -a "C:\Program Files (x86)\UltFone\UltFone iPhone Unlock\iTunesRepairResources\x64\AppleRsm\AppleRSM.inf"
        5⤵
        Drops file in Windows directory
        Checks SCSI registry key(s)
        
        PID:6124
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /C sc start winmgmt
      4⤵
      PID:6068
    - - C:\Windows\system32\sc.exe
        
        sc start winmgmt
        5⤵
        Launches sc.exe
        
        PID:5200
  - - C:\Windows\System32\Wbem\wmic.exe
      wmic BaseBoard get SerialNumber
      4⤵
      PID:5428
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /C sc start winmgmt
      4⤵
      PID:5580
    - - C:\Windows\system32\sc.exe
        
        sc start winmgmt
        5⤵
        Launches sc.exe
        
        PID:5584
  - - C:\Windows\System32\Wbem\wmic.exe
      wmic BaseBoard get SerialNumber
      4⤵
      PID:5928
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /C sc start winmgmt
      4⤵
      PID:5528
    - - C:\Windows\system32\sc.exe
        
        sc start winmgmt
        5⤵
        Launches sc.exe
        
        PID:5876
  - - C:\Windows\System32\Wbem\wmic.exe
      wmic BaseBoard get SerialNumber
      4⤵
      PID:5956
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /C sc start winmgmt
      4⤵
      PID:4892
    - - C:\Windows\system32\sc.exe
        
        sc start winmgmt
        5⤵
        Launches sc.exe
        
        PID:3132
  - - C:\Windows\System32\Wbem\wmic.exe
      wmic BaseBoard get SerialNumber
      4⤵
      PID:5188
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /C sc start winmgmt
      4⤵
      PID:5376
    - - C:\Windows\system32\sc.exe
        
        sc start winmgmt
        5⤵
        Launches sc.exe
        
        PID:5588
  - - C:\Windows\System32\Wbem\wmic.exe
      "wmic" csproduct get UUID
      4⤵
      PID:5428
  - - C:\Windows\System32\Wbem\wmic.exe
      wmic BaseBoard get SerialNumber
      4⤵
      PID:5476
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /C sc start winmgmt
      4⤵
      PID:3540
    - - C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        5⤵
        
        PID:5928
    - - C:\Windows\system32\sc.exe
        
        sc start winmgmt
        5⤵
        Launches sc.exe
        
        PID:5348
  - - C:\Windows\System32\Wbem\wmic.exe
      wmic BaseBoard get SerialNumber
      4⤵
      PID:5908
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /C sc start winmgmt
      4⤵
      PID:2876
    - - C:\Windows\system32\sc.exe
        
        sc start winmgmt
        5⤵
        Launches sc.exe
        
        PID:5904
  - - C:\Windows\System32\Wbem\wmic.exe
      wmic BaseBoard get SerialNumber
      4⤵
      PID:184
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /C sc start winmgmt
      4⤵
      PID:5204
    - - C:\Windows\system32\sc.exe
        
        sc start winmgmt
        5⤵
        Launches sc.exe
        
        PID:5232
  - - C:\Windows\System32\Wbem\wmic.exe
      wmic BaseBoard get SerialNumber
      4⤵
      PID:5276
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /C sc start winmgmt
      4⤵
      PID:5308
    - - C:\Windows\system32\sc.exe
        
        sc start winmgmt
        5⤵
        Launches sc.exe
        
        PID:3792
  - - C:\Windows\System32\Wbem\wmic.exe
      wmic BaseBoard get SerialNumber
      4⤵
      PID:2860
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://cbs.ultfone.com/go?pid=6333&a=db&v=3.8.6
      4⤵
      PID:2448
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff6d5946f8,0x7fff6d594708,0x7fff6d594718
        5⤵
        
        PID:4596
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /C sc start winmgmt
      4⤵
      PID:6120
    - - C:\Windows\system32\sc.exe
        
        sc start winmgmt
        5⤵
        Launches sc.exe
        
        PID:2724
  - - C:\Windows\System32\Wbem\wmic.exe
      wmic BaseBoard get SerialNumber
      4⤵
      PID:5488
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /C sc start winmgmt
      4⤵
      PID:5180
    - - C:\Windows\system32\sc.exe
        
        sc start winmgmt
        5⤵
        Launches sc.exe
        
        PID:4532
  - - C:\Windows\System32\Wbem\wmic.exe
      wmic BaseBoard get SerialNumber
      4⤵
      PID:5168
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /C sc start winmgmt
      4⤵
      PID:5888
    - - C:\Windows\system32\sc.exe
        
        sc start winmgmt
        5⤵
        Launches sc.exe
        
        PID:5952
  - - C:\Windows\System32\Wbem\wmic.exe
      wmic BaseBoard get SerialNumber
      4⤵
      PID:3428
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /C sc start winmgmt
      4⤵
      PID:5248
    - - C:\Windows\system32\sc.exe
        
        sc start winmgmt
        5⤵
        Launches sc.exe
        
        PID:5268
  - - C:\Windows\System32\Wbem\wmic.exe
      wmic BaseBoard get SerialNumber
      4⤵
      PID:2104

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1656

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1256

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -p -s Appinfo
1⤵
PID:3268

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch -p -s DeviceInstall
1⤵
- Drops file in Windows directory
- Checks SCSI registry key(s)
PID:2888
- C:\Windows\system32\DrvInst.exe
  DrvInst.exe "4" "0" "C:\Users\Admin\AppData\Local\Temp\{19005bcf-1dc5-3749-80b0-26908bc80541}\AppleUsb.inf" "9" "46f4bbd83" "0000000000000144" "WinSta0\Default" "0000000000000150" "208" "C:\Program Files (x86)\UltFone\UltFone iPhone Unlock\iTunesRepairResources\x64\NewUsbDrivers64"
  2⤵
  - Drops file in System32 directory
  - Drops file in Windows directory
  - Checks SCSI registry key(s)
  - Modifies data under HKEY_USERS
  PID:5160
- C:\Windows\system32\DrvInst.exe
  DrvInst.exe "4" "0" "C:\Users\Admin\AppData\Local\Temp\{529e6ba4-f5b7-9c4c-b05d-cca67c80230e}\netaapl64.inf" "9" "4b7284ab7" "0000000000000144" "WinSta0\Default" "0000000000000178" "208" "C:\Program Files (x86)\UltFone\UltFone iPhone Unlock\iTunesRepairResources\x64\NetDrivers64"
  2⤵
  - Drops file in System32 directory
  - Drops file in Windows directory
  - Checks SCSI registry key(s)
  - Modifies data under HKEY_USERS
  PID:5840
- C:\Windows\system32\DrvInst.exe
  DrvInst.exe "4" "0" "C:\Users\Admin\AppData\Local\Temp\{12963e2a-90e1-6547-9b1c-73cb5bca0c95}\AppleKIS.inf" "9" "468875bd7" "0000000000000178" "WinSta0\Default" "0000000000000154" "208" "C:\Program Files (x86)\UltFone\UltFone iPhone Unlock\iTunesRepairResources\x64\AppleKis"
  2⤵
  - Drops file in System32 directory
  - Drops file in Windows directory
  - Checks SCSI registry key(s)
  - Modifies data under HKEY_USERS
  PID:5460
- C:\Windows\system32\DrvInst.exe
  DrvInst.exe "4" "0" "C:\Users\Admin\AppData\Local\Temp\{68272d7d-5a85-304c-8ec5-b033e84cecf0}\AppleRSM.inf" "9" "4042291af" "0000000000000150" "WinSta0\Default" "000000000000015C" "208" "C:\Program Files (x86)\UltFone\UltFone iPhone Unlock\iTunesRepairResources\x64\AppleRsm"
  2⤵
  - Drops file in System32 directory
  - Drops file in Windows directory
  - Checks SCSI registry key(s)
  - Modifies data under HKEY_USERS
  PID:4184

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

T1543

Windows Service

T1543.003

Privilege Escalation

Create or Modify System Process

T1543

Windows Service

T1543.003

Defense Evasion

File and Directory Permissions Modification

T1222

Impair Defenses

T1562

Disable or Modify System Firewall

T1562.004

Modify Registry

T1112

Credential Access

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\UltFone\UltFone iPhone Unlock\AgentSupportCLR.dll

Filesize
2.7MB

MD5
c66fafc5fa549edb0ec0efcfd78f8ab5

SHA1
6285533e4957fd26bb01c97d282d2a0063495a06

SHA256
6c4b3d2c5a86b7aece0818085713c7e9ac57c4978cff7c842f2792964c67a17e

SHA512
4fdcacef60ba48684f505eef4a4484a48bb9f05e382321a78ab0c3ff226be279994a9823fb80ab8861e0f9b6694433e870207004dc3d0d5d55226b8b0153b180

Download Submit
C:\Program Files (x86)\UltFone\UltFone iPhone Unlock\AntiCrack.dat

Filesize
536B

MD5
45b6dec2983bfa72f62bc0a0822a811e

SHA1
d2a9c84e1acb4356c1e53e480b85597e097ed4a5

SHA256
4112f9cc5b9660bc39afa2cca5f062e110570a4ae9bb26cf0d3a8f1098e7457e

SHA512
90680ab3e12ee4c7ff9f3a32f9797d88f0e2e57669adb951422dfa674dfa2642565f22e295df3453a902a8040d65a27a5b6a08eb7d89ffd30747a512e78f599e

Download Submit
C:\Program Files (x86)\UltFone\UltFone iPhone Unlock\AppService.dll

Filesize
67KB

MD5
8e29915b17194cd84da943912989eae1

SHA1
2b85aa088b803ebf53c25bf4062b08f039a23287

SHA256
64555301464d82836ef60697b673cd9b614616932ef399d624c6d7e5d8541a41

SHA512
8add94d1d204d530e69baf29bdc1be3a818684c41363129c8c6ac9e73e978eecf36c80e95993b7d1934fa882ff5b4353a59c1f6455b550cf67155b6a6895dcd1

Download Submit
C:\Program Files (x86)\UltFone\UltFone iPhone Unlock\BugSplat64.dll

Filesize
620KB

MD5
ac0df5eb7afe860c4cf7d7ee85909db8

SHA1
1e9eede865e76757b7a3187e13f083075d83c7de

SHA256
b9e3fd42a97ba6f3a7f6a4c2f44af224ef5d72f01bbf14ef14b5864c5503fdfc

SHA512
7db32a242eaeba71175cc8b463be21d55e3dd55db7cbb0bfcec731c22170a23bd0706b264483d1c6fa3abb809cb363aa8b98da14f09b64b9625a59966ae8907d

Download Submit
C:\Program Files (x86)\UltFone\UltFone iPhone Unlock\CommonRegister.dll

Filesize
1.1MB

MD5
fae62df51b1fa701cf8cb7095e6f2c85

SHA1
41cfd3e6d637f1f5f7259c24604a804731dca4de

SHA256
bf864bd86e993e3b57387776db776fe4601dc58c3c412610bf579d3cde81dd58

SHA512
e6d73a544381c21404e073f6dc82906097fad76a58211f9b2005c8a7ac63be42cbf1209a253e0696d9faf9276274f2ef8dd878ae75bdc0cc200eaf54565925e3

Download Submit
C:\Program Files (x86)\UltFone\UltFone iPhone Unlock\FileReport.dll

Filesize
105KB

MD5
a0a885bd902a59309bbe4d7d08afada1

SHA1
0c11373f753c74e732f8a1efa433831298728697

SHA256
7b5db936d7af2bb3bbfd6b44310f44806c21391a52a41e365acef4db9a18c8f0

SHA512
6f7d1c55df83ca0b07411ba02518afb24cb16b2cb7b33f06690ac459e7839fad58e4c4d6668e5074f43d684f52d1d41a733c1000a1889e6410c3bcffa526bcf3

Download Submit
C:\Program Files (x86)\UltFone\UltFone iPhone Unlock\FuKey_Ultfone.json

Filesize
212B

MD5
a8704deb70e712651e779ab43eb65499

SHA1
28e6bcd066e5bbd3a68fca979ce45d37ca5563da

SHA256
c3e7b88e7329bc564d60384ad31c908192a211f2392f946de5273cefc8b586ad

SHA512
5027d8f19a93e06ef394e88b5c42c9ba9311b2f30bcaca8979403c9775f0dad5e4e853f95c9b12d580374a16be92b3637561591c5dc8e2e2b4891119b85fb7e2

Download Submit
C:\Program Files (x86)\UltFone\UltFone iPhone Unlock\Fukey.exe.config

Filesize
1KB

MD5
3912c76d157b018826a601f288272a48

SHA1
759d32811f90f6b5743556a87b30ddfcd07bf839

SHA256
24d89f263c2a33e0ad739f580f8e3a7c19c972ea33ee2559de123f29cefcac43

SHA512
66a7dadb857bb16858c4c891679b87d0fbc320ff93cfa47fbe2ee087e8abd5c29bbe00169963d9c5948529fbea2c3c32c63ea89b64019bdb19c9fddc8f93deaa

Download Submit
C:\Program Files (x86)\UltFone\UltFone iPhone Unlock\IosManager.dll

Filesize
405KB

MD5
02a5eefc85784dc77e556de5102b0a5b

SHA1
024011fdc358c97929a688e2a7d01d68acdc46b8

SHA256
4f00d4a9431d2612180859a373632177c67e977f8b3d2adcad7121faa71aa8d1

SHA512
a94631a7667624163c0229b820a6710ef3398b26d4cf7674f551d10cf0c6e14bc6b5f83b7e4f86f02fa725923d0056bc887c6a5964969411572a9c1165f6e4a7

Download Submit
C:\Program Files (x86)\UltFone\UltFone iPhone Unlock\Logs\GA.log

Filesize
4KB

MD5
3e6c4713573589dd028f6f57c5c99779

SHA1
c6616b816fbe829892a3237009370b51888c747c

SHA256
64719e91b6605238c89afd0ab4f52d3666dc8b715be6fb8df753ce86d29bc822

SHA512
7e01d13655b6799363791cd57d014a43d4bb1ba7789fd92f68e7563f85adda5e143d2d6ecfa5cc316e1aa1c708346c6ab1fe02fe7043e8d32ed2af1adbb5fda4

Download Submit
C:\Program Files (x86)\UltFone\UltFone iPhone Unlock\Logs\RepairItunes.log

Filesize
766B

MD5
00e2f3400b274a995bce834f0b4fe695

SHA1
875b3318ef0500d11d4de0e084c4d0fe35cde562

SHA256
9b3af070ee3964596db6ce4882db9cc28a38b5d976b9da42cf127cf5a73fbaa5

SHA512
60f0d0e3e842e0935b5e18b9dd10b00b3be2fbdc405567f7bd38f151b87968c3d6f2d761db13a0a0be0adb586235f2f724ce2c5dbc0eba5889f4c6942a78cbff

Download Submit
C:\Program Files (x86)\UltFone\UltFone iPhone Unlock\Logs\RepairItunes.log

Filesize
5KB

MD5
184efec3d37c4647a213f7e83dccd816

SHA1
0a86599e00e57bf01fdb27bc7845f90c681aa04a

SHA256
8590de703d5ca270e787784f571b4b7bf9b986b6a3627f37b93ed242e0700ec9

SHA512
f27d2da9297e64bffed75bbd39b6379b9d43d34abbb9a17d2a49a27620568761a7e518d1088e1d79b42059a6b639b71ef490b1f3f3b54abe8741aa1660b53f91

Download Submit
C:\Program Files (x86)\UltFone\UltFone iPhone Unlock\Logs\SoftwareLog.log

Filesize
2KB

MD5
55406ea393eddc2213e424d194713184

SHA1
238922d9929c894c2e8bada4c118ede5bbb193d1

SHA256
f7def0724a335b58631d57eed8b2de2170d01de2ad275ffc9c26a040ac4793a9

SHA512
71277fa2aae09bf64d957986dcde1151663c1408c752d3a83f80d14c58ac2eff75babf969afd5f0de713227d8a623fd38c52635132db6095e05d14ce18cf9eda

Download Submit
C:\Program Files (x86)\UltFone\UltFone iPhone Unlock\Logs\SoftwareLog.log

Filesize
3KB

MD5
57965b4c1403f13fc4f377b905724d33

SHA1
ab8c01da585a5e7f192cabc299b228f0ab3f940a

SHA256
881113b2b84092aaeb84d0705577fe92c6d5fe9cd89b84d215438bf525e319fe

SHA512
7bfc080604dcd9aa56643541b28491beeac3a0e420df9d07490fd97569e79827004ed4fff9fd23ac4c0962be9e74e2aaad0eb4e72bc5b7ffc031315dfe9eec1b

Download Submit
C:\Program Files (x86)\UltFone\UltFone iPhone Unlock\Logs\SoftwareLog.log

Filesize
5KB

MD5
096ece0ee7aa0be99e07d8afcc1962ef

SHA1
c8e8e8d35d93f0847ab8fc41f7005c13a2ba2d69

SHA256
e6dd1aaba95c1ac7ad54ea440bb1bc8fe9120c8c2dfab870f984dc4cccec4bb1

SHA512
d2193dd2df883ce470210aeb16c3cdbf3bcf0b4ae4e6ddc1586694dabaf1402564b1e4de7b88bb4b63aa3448086fdaf71049aacb5153655230d6b43c91fc0645

Download Submit
C:\Program Files (x86)\UltFone\UltFone iPhone Unlock\MSVCP140.dll

Filesize
613KB

MD5
c1b066f9e3e2f3a6785161a8c7e0346a

SHA1
8b3b943e79c40bc81fdac1e038a276d034bbe812

SHA256
99e3e25cda404283fbd96b25b7683a8d213e7954674adefa2279123a8d0701fd

SHA512
36f9e6c86afbd80375295238b67e4f472eb86fcb84a590d8dba928d4e7a502d4f903971827fdc331353e5b3d06616664450759432fdc8d304a56e7dacb84b728

Download Submit
C:\Program Files (x86)\UltFone\UltFone iPhone Unlock\MobileDevicex86\is-0ELLG.tmp

Filesize
18KB

MD5
1776a2b85378b27825cf5e5a3a132d9a

SHA1
626f0e7f2f18f31ec304fe7a7af1a87cbbebb1df

SHA256
675b1b82dd485cc8c8a099272db9241d0d2a7f45424901f35231b79186ec47ee

SHA512
541a5dd997fc5fec31c17b4f95f03c3a52e106d6fb590cb46bdf5adad23ed4a895853768229f3fbb9049f614d9bae031e6c43cec43fb38c89f13163721bb8348

Download Submit
C:\Program Files (x86)\UltFone\UltFone iPhone Unlock\MobileDevicex86\is-0UBHT.tmp

Filesize
21KB

MD5
9ddea3cc96e0fdd3443cc60d649931b3

SHA1
af3cb7036318a8427f20b8561079e279119dca0e

SHA256
b7c3ebc36c84630a52d23d1c0e79d61012dfa44cdebdf039af31ec9e322845a5

SHA512
1427193b31b64715f5712db9c431593bdc56ef512fe353147ddb7544c1c39ded4371cd72055d82818e965aff0441b7cbe0b811d828efb0ece28471716659e162

Download Submit
C:\Program Files (x86)\UltFone\UltFone iPhone Unlock\MobileDevicex86\is-20OQS.tmp

Filesize
23KB

MD5
ad99c2362f64cde7756b16f9a016a60f

SHA1
07c9a78ee658bfa81db61dab039cffc9145cc6cb

SHA256
73ab2161a7700835b2a15b7487045a695706cc18bcee283b114042570bb9c0aa

SHA512
9c72f239adda1de11b4ad7028f3c897c93859ef277658aeaa141f09b7ddfe788d657b9cb1e2648971ecd5d27b99166283110ccba437d461003dbb9f6885451f7

Download Submit
C:\Program Files (x86)\UltFone\UltFone iPhone Unlock\MobileDevicex86\is-362I5.tmp

Filesize
18KB

MD5
39325e5f023eb564c87d30f7e06dff23

SHA1
03dd79a7fbe3de1a29359b94ba2d554776bdd3fe

SHA256
56d8b7ee7619579a3c648eb130c9354ba1ba5b33a07a4f350370ee7b3653749a

SHA512
087b9dcb744ad7d330bacb9bda9c1a1df28ebb9327de0c5dc618e79929fd33d1b1ff0e1ef4c08f8b3ea8118b968a89f44fe651c66cba4ecbb3216cd4bcce3085

Download Submit
C:\Program Files (x86)\UltFone\UltFone iPhone Unlock\MobileDevicex86\is-4PK14.tmp

Filesize
20KB

MD5
23bd405a6cfd1e38c74c5150eec28d0a

SHA1
1d3be98e7dfe565e297e837a7085731ecd368c7b

SHA256
a7fa48de6c06666b80184afee7e544c258e0fb11399ab3fe47d4e74667779f41

SHA512
c52d487727a34fbb601b01031300a80eca7c4a08af87567da32cb5b60f7a41eb2cae06697cd11095322f2fc8307219111ee02b60045904b5c9b1f37e48a06a21

Download Submit
C:\Program Files (x86)\UltFone\UltFone iPhone Unlock\MobileDevicex86\is-8FMGS.tmp

Filesize
22KB

MD5
fb0ca6cbfff46be87ad729a1c4fde138

SHA1
2c302d1c535d5c40f31c3a75393118b40e1b2af9

SHA256
1ee8e99190cc31b104fb75e66928b8c73138902fefedbcfb54c409df50a364df

SHA512
99144c67c33e89b8283c5b39b8bf68d55638daa6acc2715a2ac8c5dba4170dd12299d3a2dffb39ae38ef0872c2c68a64d7cdc6ceba5e660a53942761cb9eca83

Download Submit
C:\Program Files (x86)\UltFone\UltFone iPhone Unlock\MobileDevicex86\is-EQJRD.tmp

Filesize
18KB

MD5
70e9104e743069b573ca12a3cd87ec33

SHA1
4290755b6a49212b2e969200e7a088d1713b84a2

SHA256
7e6b33a4c0c84f18f2be294ec63212245af4fd8354636804ffe5ee9a0d526d95

SHA512
e979f28451d271f405b780fc2025707c8a29dcb4c28980ca42e33d4033666de0e4a4644defec6c1d5d4bdd3c73d405fafcffe3320c60134681f62805c965bfd9

Download Submit
C:\Program Files (x86)\UltFone\UltFone iPhone Unlock\MobileDevicex86\is-HL8OR.tmp

Filesize
23KB

MD5
d5166ab3034f0e1aa679bfa1907e5844

SHA1
851dd640cb34177c43b5f47b218a686c09fa6b4c

SHA256
7bcab4ca00fb1f85fea29dd3375f709317b984a6f3b9ba12b8cf1952f97beee5

SHA512
8f2d7442191de22457c1b8402faad594af2fe0c38280aaafc876c797ca79f7f4b6860e557e37c3dbe084fe7262a85c358e3eeaf91e16855a91b7535cb0ac832e

Download Submit
C:\Program Files (x86)\UltFone\UltFone iPhone Unlock\MobileDevicex86\is-JAP88.tmp

Filesize
20KB

MD5
9b79fda359a269c63dcac69b2c81caa4

SHA1
a38c81b7a2ec158dfcfeb72cb7c04b3eb3ccc0fb

SHA256
4d0f0ea6e8478132892f9e674e27e2bc346622fc8989c704e5b2299a18c1d138

SHA512
e69d275c5ec5eae5c95b0596f0cc681b7d287b3e2f9c78a9b5e658949e6244f754f96ad7d40214d22ed28d64e4e8bd507363cdf99999fea93cfe319078c1f541

Download Submit
C:\Program Files (x86)\UltFone\UltFone iPhone Unlock\MobileDevicex86\is-L2HOS.tmp

Filesize
18KB

MD5
c9a55de62e53d747c5a7fddedef874f9

SHA1
c5c5a7a873a4d686bfe8e3da6dc70f724ce41bad

SHA256
b5c725bbb475b5c06cc6cb2a2c3c70008f229659f88fba25ccd5d5c698d06a4b

SHA512
adca0360a1297e80a8d3c2e07f5fbc06d2848f572f551342ad4c9884e4ab4bd1d3b3d9919b4f2b929e2848c1a88a4e844dd38c86067cace9685f9640db100efb

Download Submit
C:\Program Files (x86)\UltFone\UltFone iPhone Unlock\MobileDevicex86\is-MMKUL.tmp

Filesize
19KB

MD5
228c6bbe1bce84315e4927392a3baee5

SHA1
ba274aa567ad1ec663a2f9284af2e3cb232698fb

SHA256
ac0cec8644340125507dd0bc9a90b1853a2d194eb60a049237fb5e752d349065

SHA512
37a60cce69e81f68ef62c58bba8f2843e99e8ba1b87df9a5b561d358309e672ae5e3434a10a3dde01ae624d1638da226d42c64316f72f3d63b08015b43c56cab

Download Submit
C:\Program Files (x86)\UltFone\UltFone iPhone Unlock\MobileDevicex86\is-N1CG2.tmp

Filesize
1.1MB

MD5
6343ff7874ba03f78bb0dfe20b45f817

SHA1
82221a9ac1c1b8006f3f5e8539e74e3308f10bcb

SHA256
6f8f05993b8a25cadf5e301e58194c4d23402e467229b12e40956e4f128588b3

SHA512
63c3d3207577d4761103daf3f9901dd0a0ae8a89694ad1128fd7e054627cdd930d1020049317c5a898411735e2f75e2103ae303e7e514b6387a3c8463a4fb994

Download Submit
C:\Program Files (x86)\UltFone\UltFone iPhone Unlock\MobileDevicex86\is-R0P0S.tmp

Filesize
18KB

MD5
034379bcea45eb99db8cdfeacbc5e281

SHA1
bbf93d82e7e306e827efeb9612e8eab2b760e2b7

SHA256
8b543b1bb241f5b773eb76f652dad7b12e3e4a09230f2e804cd6b0622e8baf65

SHA512
7ea6efb75b0c59d3120d5b13da139042726a06d105c924095ed252f39ac19e11e8a5c6bb1c45fa7519c0163716745d03fb9daaaca50139a115235ab2815cc256

Download Submit
C:\Program Files (x86)\UltFone\UltFone iPhone Unlock\MobileDevicex86\is-RO8PG.tmp

Filesize
17KB

MD5
79ee4a2fcbe24e9a65106de834ccda4a

SHA1
fd1ba674371af7116ea06ad42886185f98ba137b

SHA256
9f7bda59faafc8a455f98397a63a7f7d114efc4e8a41808c791256ebf33c7613

SHA512
6ef7857d856a1d23333669184a231ad402dc62c8f457a6305fe53ed5e792176ca6f9e561375a707da0d7dd27e6ea95f8c4355c5dc217e847e807000b310aa05c

Download Submit
C:\Program Files (x86)\UltFone\UltFone iPhone Unlock\MobileDevicex86\is-SL15C.tmp

Filesize
17KB

MD5
3f224766fe9b090333fdb43d5a22f9ea

SHA1
548d1bb707ae7a3dfccc0c2d99908561a305f57b

SHA256
ae5e73416eb64bc18249ace99f6847024eceea7ce9c343696c84196460f3a357

SHA512
c12ea6758071b332368d7ef0857479d2b43a4b27ceeab86cbb542bd6f1515f605ea526dfa3480717f8f452989c25d0ee92bf3335550b15ecec79e9b25e66a2ca

Download Submit
C:\Program Files (x86)\UltFone\UltFone iPhone Unlock\MobileDevicex86\is-T0ND3.tmp

Filesize
18KB

MD5
95c5b49af7f2c7d3cd0bc14b1e9efacb

SHA1
c400205c81140e60dffa8811c1906ce87c58971e

SHA256
ff9b51aff7fbec8d7fe5cc478b12492a59b38b068dc2b518324173bb3179a0e1

SHA512
f320937b90068877c46d30a15440dc9ace652c3319f5d75e0c8bb83f37e78be0efb7767b2bd713be6d38943c8db3d3d4c3da44849271605324e599e1242309c3

Download Submit
C:\Program Files (x86)\UltFone\UltFone iPhone Unlock\MobileDevicex86\is-TU9F6.tmp

Filesize
18KB

MD5
6e704280d632c2f8f2cadefcae25ad85

SHA1
699c5a1c553d64d7ff3cf4fe57da72bb151caede

SHA256
758a2f9ef6908b51745db50d89610fe1de921d93b2dbea919bfdba813d5d8893

SHA512
ade85a6cd05128536996705fd60c73f04bab808dafb5d8a93c45b2ee6237b6b4ddb087f1a009a9d289c868c98e61be49259157f5161feccf9f572fd306b460e6

Download Submit
C:\Program Files (x86)\UltFone\UltFone iPhone Unlock\MobileDevicex86\is-TUGO4.tmp

Filesize
28KB

MD5
8da414c3524a869e5679c0678d1640c1

SHA1
60cf28792c68e9894878c31b323e68feb4676865

SHA256
39723e61c98703034b264b97ee0fe12e696c6560483d799020f9847d8a952672

SHA512
6ef3f81206e7d4dca5b3c1fafc9aa2328b717e61ee0acce30dfb15ad0fe3cb59b2bd61f92bf6046c0aae01445896dcb1485ad8be86629d22c3301a1b5f4f2cfa

Download Submit
C:\Program Files (x86)\UltFone\UltFone iPhone Unlock\NetFrameCheck.db

Filesize
9KB

MD5
9ec815d7212c10bcc2e45e42d8c24b12

SHA1
1ec24c78849158dac23d7757741caa9bdadd073b

SHA256
2e169adea5d6b84fd51e235034f59c78b128d8d8035987159b5cc3b55a3888fd

SHA512
6b8a4df55821a64c3107ef26034047f2476c4477866cba90bad6a2f6ae7bd9340a5398b86a8129993561a538a6f914498f7f979cae32d9f8ef3f5e5982295141

Download Submit
C:\Program Files (x86)\UltFone\UltFone iPhone Unlock\Newtonsoft.Json.dll

Filesize
695KB

MD5
195ffb7167db3219b217c4fd439eedd6

SHA1
1e76e6099570ede620b76ed47cf8d03a936d49f8

SHA256
e1e27af7b07eeedf5ce71a9255f0422816a6fc5849a483c6714e1b472044fa9d

SHA512
56eb7f070929b239642dab729537dde2c2287bdb852ad9e80b5358c74b14bc2b2dded910d0e3b6304ea27eb587e5f19db0a92e1cbae6a70fb20b4ef05057e4ac

Download Submit
C:\Program Files (x86)\UltFone\UltFone iPhone Unlock\Register.dll

Filesize
5.5MB

MD5
2b2da26850b994fb7d70988069cde6d0

SHA1
a747457d0e1747ae80dc3480adb467e3bbddbed5

SHA256
0008947c69cd50b2faad1751d3bcc7c37f64d5ce734c7aad59009017bb3abc6d

SHA512
5d762ba091d356d4773229bce8cafadb17dc2c8f25b984aa0e0a0d9530f50a8969b4a2b96c1db5052b2f6fc411abc263e281d42bba714acd27ebf108f0af16f1

Download Submit
C:\Program Files (x86)\UltFone\UltFone iPhone Unlock\RegisterAndLog.dll

Filesize
2.7MB

MD5
72519959aa4e370a01c3279eb882b0d7

SHA1
d947279451bb4cbf9bddbcd9d13313f7dff58785

SHA256
4af3613f2ef3884506f8720334edf6988e0472722de244025698aef921df09f3

SHA512
4c8ecd92114824b7b4e4eabbedff0087e116b424fe5ba94a8622f3e746fe90859e8fc463e2a093c5cc510f23c7a9c19959b0991160625592bd5f3e1a86bf3855

Download Submit
C:\Program Files (x86)\UltFone\UltFone iPhone Unlock\RenewConfig\config.json

Filesize
35KB

MD5
554c9247afc97e13b69d74cc81c0c8f9

SHA1
a1c44a4ed68166fb11c96348513e3fe833357068

SHA256
e168ac00bca94438c07b45f8b457ef6e001d2cba2091b0d72d66d08b30806643

SHA512
86727d04363b5a7b34af6a3a70eb14c942982b661a504b196b96a5381da4eed7d72cfc33e034fe6b5897ec9e596cff279d14cc0eff073b06d1e326fd2b2932ca

Download Submit
C:\Program Files (x86)\UltFone\UltFone iPhone Unlock\RenewConfig\icon.png

Filesize
480B

MD5
9559b0dc7ef967bd019304530b2881af

SHA1
c0eec29e7500065fbde452edd05ff851a5955900

SHA256
ca245470deffc1dcf691b7de78e7647d809ed506e205370536d0b5a96d212369

SHA512
0dd992741471ce0bbb1eb59b7064a30095c26676dd65adbb6c2a50706367eee13ad4b2ec446c552334710b0ea89daa9cad7d297c95df2808b5ea76dfcad58d8b

Download Submit
C:\Program Files (x86)\UltFone\UltFone iPhone Unlock\RenewConfig\version.txt

Filesize
7B

MD5
1a7dcb9970287539774c7ade1cb7e483

SHA1
2d4108b5a47389f32fb446e602aa1fa9f125ee21

SHA256
8080b0c28dd55abe502e806ad533dadf1a205aed28562e27fe1165bf224fe1a5

SHA512
4a41e098af10f22e37cddf9b7e42ba7c22ba1be3dbe4e5e2cf30acc74712920a9a4049655d3c9aafd03eeb85ae2e28796549ea12a8937f8f9438c4cabf59daf9

Download Submit
C:\Program Files (x86)\UltFone\UltFone iPhone Unlock\Resource\Images\ClickStartJailbreak\is-AFOT7.tmp

Filesize
91KB

MD5
d286647504117920d17fbf1aae117e5e

SHA1
bb9b382f24dc8e4fa648f1a7299abeeb438f6085

SHA256
acd32a4d877b1b351d7a0bd7095179c1fd73f3281ddf5604097fa95dc43bdec4

SHA512
0013791f474b7647189ab151f79918ac371f570fc8e37912bc4851af3c7fad8d37cc7111ff79a9bd9b809a0728cfa8452cc85acb785dc905f61d13751109fc53

Download Submit
C:\Program Files (x86)\UltFone\UltFone iPhone Unlock\SQLite3.dll

Filesize
1.0MB

MD5
43f58a5cdf5579f82d902347293f9d75

SHA1
c06291fe63bf30c23feda129bf9f8acc953dd4d3

SHA256
bdc9f859ea19598d177f972a8511c66a43cab68c32b5a7582594242082876789

SHA512
a4d9cd5f0070d3e6bd358bf591db5b6f4c696261bc2a83280115ecdfeb212f9e13271ed6c5f0a866370542bf96858468a323e8f1d8a560804177be7d4e539f51

Download Submit
C:\Program Files (x86)\UltFone\UltFone iPhone Unlock\SoftwareLog.dll

Filesize
1.5MB

MD5
5427dc99d3b805f889ef8ca8825fb1b3

SHA1
2691e24ee681d4ee21596c0d6cc8bbe3c703264a

SHA256
a6fc6d85f4f0dbd6c00f47caa26cab8d7941934cf39790e6e83c2803422cb29c

SHA512
89d173f0c2a39cec877cc61f980c2d504fc4f63498164e53fae6af3ef739bfaf9ec25f7f409c49d222c665ead6516dded508edfa355a5124e9f8e2cd175a3353

Download Submit
C:\Program Files (x86)\UltFone\UltFone iPhone Unlock\Start.exe

Filesize
4.9MB

MD5
1bd82d99423d2310b6c998ea372c3494

SHA1
56de7cb32c26567fc7fbf44efdc7a6bbe89540d4

SHA256
5e1d06db14d42cb7138e2b8628dee30fd957363ef988ef0c9f06d66c5211509b

SHA512
fbd0995bc9351051d4d404d072c593e17d60d87a970a59afeb83070be50838bd1fe11ae939e925522563e0138760b89477fc70e572c787a0f09014c5c16f63c3

Download Submit
C:\Program Files (x86)\UltFone\UltFone iPhone Unlock\TS.Base.dll

Filesize
68KB

MD5
a5ebdb6a6a6765fe62cd520eb5a29400

SHA1
df9cd98287d48ba673e4390ca34cbe5697239cca

SHA256
5dab592210a41da93f640fa647f432aae3e186d1f79cca798b19144d589b9002

SHA512
bc2df4695735350478bcabfd52718bdd3167662954acdc79f466c6a0cf813c6cbfe0f06d787aaceaf3180a5751d20a94d4ee2b65bfd981894fba0ef91bafb2a3

Download Submit
C:\Program Files (x86)\UltFone\UltFone iPhone Unlock\TS.Common.dll

Filesize
418KB

MD5
609c36e659fd22360964c7cd04dc0c8f

SHA1
e0891b4a99f9a00e16e64a8a81d0a1200fc00ad8

SHA256
574d99db21e9e0eae2f986d1a12c9ffcd1d5f7f86a8e907518988e04806fb867

SHA512
23b15e33593c136ae5a12118b253daa78e561bca111b6c581cc953509168b65ee2f979b2dbf1fa8ac531930d68d739e745a32d61ba0efaf0345495252ecf6ec9

Download Submit
C:\Program Files (x86)\UltFone\UltFone iPhone Unlock\TS.MvvmLight.dll

Filesize
547KB

MD5
7ffec99ba020a64e47f0c5593e1c956c

SHA1
2e8bc2f24b3979898250addd4b37f6e19ed5d054

SHA256
1fa7d48273bbefcfb2d20580cab97393d6b963cebf90088a45d19f5f06b3d1e6

SHA512
00f404265e6fafce42f93869aa105d6229fcb1129e9ea7edbc49b9e37578ffd574ad6d002510c14eb006fa73e0c74e4c4b5eb842977ce11c46c66d3de52639ae

Download Submit
C:\Program Files (x86)\UltFone\UltFone iPhone Unlock\TS.UI.dll

Filesize
363KB

MD5
e4ab0874b3dcd4836c6658a4ff050260

SHA1
1bc263725b78e214ee00a41cb3b96366d645257c

SHA256
04875f0fc151f5d418bc2683be9ba4e6529ea4272d5b115e9f71b3f624eaa692

SHA512
222caf4b0d567a5ca085679a258ac817884002e25d7799d7eba3dc49f37f973cb6e37b879e110720856be419a43928222f0f7108ebf01e262d9ca3effcc295de

Download Submit
C:\Program Files (x86)\UltFone\UltFone iPhone Unlock\TSEmbeddedPurchase.dll

Filesize
400KB

MD5
bc7873fe78e75cca5d07eca6a4a5bab6

SHA1
cb320f139fc9dfea8e775fc63500ba96925138df

SHA256
f120da62b0710dae791d57fd61ddf538915a5ad48795735b9b014a4b446e3787

SHA512
7d17c9cd58d22ff50ede633e3fbe3dc1964aafae877832cfa0418a29fc502a6c5ca424ebc533ceec906eea00c4f768c228529dda19bf86d434dfcce7332f59b7

Download Submit
C:\Program Files (x86)\UltFone\UltFone iPhone Unlock\ThreadCore.dll

Filesize
112KB

MD5
46d64f91970cfbf5e7c4555f5c748d51

SHA1
4d9cde4a7093a11d544c39e3653da84e4ad80c54

SHA256
524c2eeb05f110f1aa252839d107b6f9feecc3a0cef9cb0b7a3604259de611f5

SHA512
70950630e15b52ee72e67a0616ab6846f48e2de0839de53b730194131cb6c7f192f8e04289f320af065416ba6450df20ca257d3d461fb258ac292978cf284a92

Download Submit
C:\Program Files (x86)\UltFone\UltFone iPhone Unlock\UltFone iPhone Unlock.exe

Filesize
45.6MB

MD5
f9392ec4879e909768890eebcd3e0b7a

SHA1
a8f7fb3bcc86a457a1ac92ec2ed82c4d55f841fb

SHA256
98fdbcb3fea83d399757bb1a724731e843dbd110ae1e0ce13b788c32bf34e663

SHA512
ae27f891de296ceed7440e9795c15eeb6cb7b66cbac16441cd6791960cb9fd9225a365c04d0f5a09719fbae91dafb6652a41921b1c3fde15f0693e97b2cb631e

Download Submit
C:\Program Files (x86)\UltFone\UltFone iPhone Unlock\Uninstall\Configure.json

Filesize
1KB

MD5
400686f0f671d801e07f1deb233ab82f

SHA1
85a1f7f5e9bff3cffc73c66912326b5d9636280a

SHA256
9ec1a5f9e1b887f6c79e1f476089d7a9660b3f080b01e48328dfd52c8ef6b807

SHA512
eb60b450ce42ea3b6ab0f9e74ba836813103021fa327585360e21139b44cbde6432fd1418dbef61c8b91c8a4d6b75329dce55388d58dec1fffb2b9ca1fb3a9a3

Download Submit
C:\Program Files (x86)\UltFone\UltFone iPhone Unlock\cloud

Filesize
248B

MD5
a5cba022bf92f68bb1db7627db8d1059

SHA1
08d037ad0d91aca4fe1afa4c5b6211b67e4c4eba

SHA256
45960bf044354cd0dd19c03ab23b3ea499582027d0ef5fe9322790dabe437fde

SHA512
a45acecae28656c1c93670f2be648479c0f402a34fcb5ff05d52d0bdbd90a6e169053481c4a9db72fafecbaf5e1a3e51f6ac0336f6891641a44c9d7e8d645ec0

Download Submit
C:\Program Files (x86)\UltFone\UltFone iPhone Unlock\cloud.9ef92649.tmp

Filesize
135B

MD5
fc31b34eb1f36e5ff23be7f4621aa04e

SHA1
cef8d9c3577f04c9e102f942ee9bbe98dec50df5

SHA256
be7a52d6d1b2e5e2c7a9e338f3ab71b4b2e76797f19cc06d5899aece2701365b

SHA512
c5289e754453876b9646124952850f27325af5345c7522b9478a51c794277d5d0fa55cc105cbcab4dd72a2f76b107b97cea49a0296512c086412ddeb92441a65

Download Submit
C:\Program Files (x86)\UltFone\UltFone iPhone Unlock\config\log.config

Filesize
1KB

MD5
acc73d6236354f394d4b99eb19a01940

SHA1
2e8979eb373ba45e157e6c610de95b02e7bc1702

SHA256
2f750f8507efb91aa9baad406b59e64b22d35a0f7c525945ab842a880ae6cfb0

SHA512
21d058bbee941f5e7573f1b30058cd9b3f531efdc6c757c3a9c6db266a8553448b9db6ee0fe77e39658ae5c8e67c7d3d5237776d1112dab20d26ea0166fd8362

Download Submit
C:\Program Files (x86)\UltFone\UltFone iPhone Unlock\iTunesRepairResources\x64\infInstallx64.exe

Filesize
339KB

MD5
8dd7354421e13cdac06851725c10d30c

SHA1
3b683a3be9199ba827ff009f8cec47d74d94a4d3

SHA256
3de5cdbd64b8ab719c1e8ff70a9663b0d9f5e86ea4c76069a7e94abb0d645ba3

SHA512
cc65a764c4ead4a75f5e3fb1390ea329c321e6fe87d9969114ac563041fd42bfbfd387230365890834f9efdae4f0f40cec2e3881efcab4fa7dc6744d06fb277c

Download Submit
C:\Program Files (x86)\UltFone\UltFone iPhone Unlock\ios_manager.dll

Filesize
2.6MB

MD5
d2ff37ce5294e1bf4cfc087ce9956c71

SHA1
cb52f7bfe3f955f9c3c3834f48f140641555cc00

SHA256
e1d3eddb028c37a090572811b8d8f8c1a5ad5278dfa7e7ea93236377f5bd8ecf

SHA512
87cb921d00ed7918ba980deebb56ef4fd14863f6b2d1c83642841d919fe96b70f48a1b2a1d4d40bb3f826eb89a95443972d086ab115af2a3ad5e9ecb5fbdc668

Download Submit
C:\Program Files (x86)\UltFone\UltFone iPhone Unlock\itunes_manager.dll

Filesize
205KB

MD5
575da6610c7e2ae2e690e28140e5e1c1

SHA1
ad344151419bd6126100c2b2c0b10a066b0a176b

SHA256
ca00eaf7896113b6de346a029e146a237e25766157872cf6c7cf4c1f22e7c6c9

SHA512
4f85eae3ceed24cb86edb07a72c5ae1f13851195194727bc03c920fc1565191e8ae90b1083da2be203054edecd5d4af42bde4a11b5028f2ad0c2baa42ed8e638

Download Submit
C:\Program Files (x86)\UltFone\UltFone iPhone Unlock\libcrypto-1_1-x64.dll

Filesize
3.3MB

MD5
1df021dd69480b012c943aee5215c3cf

SHA1
57b1a432e8a9b09e0dda5c83116a3fd058e28666

SHA256
7c3a5d1899a955a01da39a253c2d57d4496956bafebbf5a730388a8fb592b223

SHA512
68f2af4665199aebd725b3dc02913b20f0cb8a28fda623a9597fa962e55f3090c7ab593210540ae9683daeeb7bb85f159f55f457ae34a74c85db87f970103d8b

Download Submit
C:\Program Files (x86)\UltFone\UltFone iPhone Unlock\libcurl.dll

Filesize
542KB

MD5
07ac3e92e0ffd0b5b12f7ade2c310419

SHA1
7d54530f6641f7ae3b597a3f26139a40bcf5ce9b

SHA256
401e9665ccaead776d966b9064e8fb1b51d6cf22b3b134e1515b750714fd6b98

SHA512
149154a2d0d360475d6d78738f608a6d22f29605c126e7bddcee365d40a410ef0739feb5c17a1af32899543a34519d2183242968640e29df0e03346e6847c882

Download Submit
C:\Program Files (x86)\UltFone\UltFone iPhone Unlock\libssl-1_1-x64.dll

Filesize
676KB

MD5
68fda88259572d37d733b6a4c6449ce3

SHA1
cb6af4c75e5948dd2f84a8e6ed40066497225293

SHA256
57eb8e72bbad676b997fb9616e6e758ef4fbaba92b84735f5bfef5f81821cf3a

SHA512
9557a831f31ce1eb74b36ed1b2d4157393f08eaefa26d92458d405413f818798022bcf7825799f985f0f3fc158d20239660f5c6624baf88a755bfea2777e3b0b

Download Submit
C:\Program Files (x86)\UltFone\UltFone iPhone Unlock\log4net.dll

Filesize
274KB

MD5
bee269ed2962df6f77a83295b416d943

SHA1
2c74358910731bb07ccc4cdbfa17f48c15cc1fd4

SHA256
c4b4fedd80c1f908701e2d705392c4975563c84c40cd3b71aa167a401dfd879f

SHA512
5fc3b6a6f54e2518abbfa4722b8500eacb2e0e4ca5a06a91554ccdda467cba9035fa8ff08f28e8271b32a88aa3905bc3fe1d88f28e38ca1ccf17336fca09a9d4

Download Submit
C:\Program Files (x86)\UltFone\UltFone iPhone Unlock\ts_base.dll

Filesize
306KB

MD5
39db9230b0592ba5bec5a9807aee0321

SHA1
c7c9687275073e0156bbe943731bd678ebd21282

SHA256
783a5dd1b3b477c611cf3593fd69987d0d5e40cf06caed1becc7e99f26686bf9

SHA512
7cf9633b6195958bac5e489168ef288eca171dad7a71d5e74c9b0e6f3aebf70f1358498c68fcbee03e63a1fe9997aff1a8206ee4462d8588e358c6886f3697e7

Download Submit
C:\Program Files (x86)\UltFone\UltFone iPhone Unlock\ts_client.dll

Filesize
113KB

MD5
acecd5854e5b1574667a0e3ad5699e6c

SHA1
2714d5476283ce6cc0c8d722bac3b4c8ef28913f

SHA256
b9a96596c97db5f1c8f27c4c1e8fb397e7352d0ac11b8de2fd1cb7fdf628bb60

SHA512
58386d5daa0a93e9ce2993c8c916fa09ff76fac73ff4a736a8c09e792cbec4a99941a0b330d91eb111d53bcd36b98c4def15eebc4cc454bb6326b36ad9ac49a1

Download Submit
C:\Program Files (x86)\UltFone\UltFone iPhone Unlock\vcruntime140.dll

Filesize
83KB

MD5
1453290db80241683288f33e6dd5e80e

SHA1
29fb9af50458df43ef40bfc8f0f516d0c0a106fd

SHA256
2b7602cc1521101d116995e3e2ddfe0943349806378a0d40add81ba64e359b6c

SHA512
4ea48a11e29ea7ac3957dcab1a7912f83fd1c922c43d7b7d78523178fe236b4418729455b78ac672bb5632ecd5400746179802c6a9690adb025270b0ade84e91

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
34d2c4f40f47672ecdf6f66fea242f4a

SHA1
4bcad62542aeb44cae38a907d8b5a8604115ada2

SHA256
b214e3affb02a2ea4469a8bbdfa8a179e7cc57cababd83b4bafae9cdbe23fa33

SHA512
50fba54ec95d694211a005d0e3e6cf5b5677efa16989cbf854207a1a67e3a139f32b757c6f2ce824a48f621440b93fde60ad1dc790fcec4b76edddd0d92a75d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8749e21d9d0a17dac32d5aa2027f7a75

SHA1
a5d555f8b035c7938a4a864e89218c0402ab7cde

SHA256
915193bd331ee9ea7c750398a37fbb552b8c5a1d90edec6293688296bda6f304

SHA512
c645a41180ed01e854f197868283f9b40620dbbc813a1c122f6870db574ebc1c4917da4d320bdfd1cc67f23303a2c6d74e4f36dd9d3ffcfa92d3dfca3b7ca31a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
264B

MD5
0521a5816ac515cb7ab391806257d047

SHA1
2cae6e6b9439f2b161df95f53e3b880423b9189c

SHA256
edd8c326611eb5e40d64949903f75ec1a3df3eed9c015f0818bd606524eaac14

SHA512
0d069d95f9f1dd0e825fb4736a7c4a86dcddbe9bde3990c613386dd784485d7cb717343a02c2904c195288e5c99ec786978aed93fc233f0d86ae8956e260e75a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.ultfone.com_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
f7fa52ff5c2dd77cd556bab8139721e6

SHA1
f3b1a247f0659a73c7fe215d4b672aff54d99a6b

SHA256
ba39878fc0dcda62b2c7c93bb64e2e01dcb151d40f9cafaab64d96c22698d274

SHA512
e5c2d49b71a530fb2a6258fa5cbbc47214a3d2eb503007194ddc34035d0d32b01dd5cc98ce100f7e42e54c47cb976c5c24998be0bc76e5bc9cc0bf4747e73c5e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
ea1ef0e5b44074c05ad3436b48395f2d

SHA1
a749da5cb1c5466212a9ee0386295254d5734627

SHA256
0958aba6caa481736667323d40d743b0ff3cbd285a44f5db6731684a3451b8fa

SHA512
48c636c8fc4e16b93b7e9f1c667b8e290e633f7cb416a2bb4267faf4fb86747523a8fceb8de92c90aa65701a7657e2f3786dffe87527eee6fcf471f64df565c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
577c8e313542fd304a906289393bd57d

SHA1
69b1d4c5e27df7997525ea606d9f1d78be864842

SHA256
1dc0d46846a5418e56844f0a84925545727df4a8c3ddbd95e2beb52ef50b06c9

SHA512
58fd8d94f8500a3541b6e706e9162c55f8ea2f865a112fb2e3e8d8041af17dc69a869256c022ad6829760406f0796d37bbdb51edc7293b2f953fc58305fa256d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
e62474b02f1cc78db20e996dee339861

SHA1
b88c36ea61dfd2f6f28ae424b680ebef4251b3ac

SHA256
3183a150e353afd89203113c8397641db636da32e8f2fff9856836e969296097

SHA512
b5117c973f2887cf9fcbbb6a2cc67e2cafb7296d833fb0a94fe683aa80ad0e3854e9d4e60961958ade6ddf7d306460bc14cc452dc7b4485e20f1461ab624f21d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5a153f.TMP

Filesize
48B

MD5
e45f3e6e704dd4f495cae48da0ccd613

SHA1
22717edba6547274296c16e2dab165d5f310d676

SHA256
8aa784a2f77d32ffc6fcde3c73f92bbeb3df87b269b755daeb745817104d80a1

SHA512
8c4dc7bd0dba687d1db102697f943c723e791628d5640ed3d4fbf228242cc9cebaa66101f372582b735cde4c2ba16c4e46ad99b34e318a072fe6559d68ba94ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
e39b22eecde62243dde106a6f4403a07

SHA1
beda5f2dd2b653a42b2661a49292aff215b7dc66

SHA256
59d25314a4b3e20621660e556f25f47b3ad0ef382eb215260654fd34d178d908

SHA512
07ea2799e800988500c1b58020325bcd4cbb322c4fdbde094b54f22113d1e6a2c84b7c211969b713de3d5766450faeb5ab570f3abc9344332910c3cb9749d519

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
f01e22f341d72b941cd059a04ba347a0

SHA1
17e28003d6eeaa9a1efea2974204eadaf0099f8e

SHA256
b3dc4b58feb99a4cb3178686edfc102cba1928aafe687d684cc27ed7494dbf98

SHA512
dd025d3437ee69dff5c88b6cbfeda2d233d03282a037a3fd575b3f3235070893d57e61da2343e0b9816b547933ef7a7feaa5166dd00ffeed24572b12fff74a4b

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-33BIA.tmp\4ukey_ultfone_64_3.8.6.tmp

Filesize
1.4MB

MD5
b2e4dfc7b70f2cee08d0cd77fa4608a9

SHA1
8f1490a4f9cd620017bcba2a8c2c5a27dc897248

SHA256
1e808ec212f6d84d8c952a7ddc8008bbdc126524f7d036e0d0cda01ec1128a61

SHA512
34f1508ebd25a7dc336ed5df0e1c644a6c15fa8110fec2f12612d3a495ed196ae106cd064cda0714f97a4c87f648b87df536a7f0a4a7b8545637c5ddb8afddb1

Download Submit
C:\Users\Admin\AppData\Local\Temp\{12963e2a-90e1-6547-9b1c-73cb5bca0c95}\AppleKIS.cat

Filesize
11KB

MD5
2ebc04e384f237d2b32caca8a3f901ba

SHA1
1f3638c5a94668f3877f046b6df2fc4ef6f2cd08

SHA256
32a07ee9313ae0b4bae928e5ba0e2eb9d99a5577946fb44dcd0e81d8062859ac

SHA512
8c142a0eaed394f742e824ff41d0ceb927572d291fe20278d5c09ebea3d69467ea91db3befe72f550dfd6efa526836f7241d70589ca2ee5f8c097d3ad83ba601

Download Submit
C:\Users\Admin\AppData\Local\Temp\{12963e2a-90e1-6547-9b1c-73cb5bca0c95}\AppleKIS.inf

Filesize
2KB

MD5
a31656d224232177d4049bdcf6d2a34c

SHA1
432483c57d446b2ef2bcbb1a8fe5826cd60d7011

SHA256
b385f6d5839e6a031451947f8ce57a361b2866ba888bea58ce37f425d36c020e

SHA512
b403e8273c7076470cd93af76bd8714d1eecf14104b362971c6af84758d1ced73ff10a0bfc2c3f0e01f11716d77b21b01b0d660c06b0773734a961f7e7830bc3

Download Submit
C:\Users\Admin\AppData\Local\Temp\{12963e2a-90e1-6547-9b1c-73cb5bca0c95}\AppleKIS.sys

Filesize
66KB

MD5
b2e9926bef29e3d5fa62928f0c7a16f8

SHA1
5325f3761554b960e00ada65478cfe2967334768

SHA256
97830acae22500125bb9fd2c0ad39471ac97bf95eb6787bc368c1365dc608390

SHA512
288bddb5bc4495ca40fa2ad5d2e9f9aa49c0ce05f7fc464d759e7b529b748c6f0726b24ff69416acdce1dfbff3453362da40f4eaaed67ecfc3c2526935be4232

Download Submit
C:\Users\Admin\AppData\Local\Temp\{12963e2a-90e1-6547-9b1c-73cb5bca0c95}\AppleKISInterface.dll

Filesize
36KB

MD5
97bc3bb77be14d66bafe247e5c46b0db

SHA1
4a78bef761020aefc50adbf894eb02666dac6db6

SHA256
9a160fcae82c933fe3930830782b7458707defbf2200f46d370f6bf1a699c376

SHA512
2379eaa10def39cb5286aba3ba7df558de48e91fdb112aa8e4463ed009fd880fd4d46481d6aafa8ee84577331cbb79689ba4bfe4451cb017df5e31d7e95c83ab

Download Submit
C:\Users\Admin\AppData\Local\Temp\{19005bcf-1dc5-3749-80b0-26908bc80541}\SETE0F0.tmp

Filesize
54KB

MD5
dbd000cc3ef170bd3e5d26b7349a7039

SHA1
1022aa866910aeef33a711f5a6d1de77a5dcffb7

SHA256
ac3469ac659287626b05cda0da457b63ed78241d4f20c60778f6292d6e158346

SHA512
6342cbbd7864494ca22b9a5eb26badbedbf800d094cb0343ff441c1b6db49b73e87d37377ed9029c386cdb4e60debe9e24cd34d0f3733ae55b42f6bcd7ce5f3f

Download Submit
C:\Users\Admin\AppData\Local\Temp\{19005bcf-1dc5-3749-80b0-26908bc80541}\SETE0F1.tmp

Filesize
22KB

MD5
70e09f54ea9a321c80359bc9493fd9b5

SHA1
440f5acf4b12bdfb052bc2e079e80a8ec6feae1a

SHA256
775e43292702903d1f3991b655dde23ccb378052d28f7e0e8f89e2f4580a7387

SHA512
46bedf56160b17fa9fcf0c707d88b6539e4acab7c76e74bce31d4875c0f5d1f8ff0eb177f94aa0dd11b47c13d39a637f96a81af064aa79886259082be79b6ead

Download Submit
C:\Users\Admin\AppData\Local\Temp\{19005bcf-1dc5-3749-80b0-26908bc80541}\SETE0F2.tmp

Filesize
16KB

MD5
a150a24f14aa40de4c18a868993c84aa

SHA1
b239f3995efa3018025a8b59bd7617f6ae06fadd

SHA256
71ef7dbef3e7b2c1bdc32c1a4400aa5f92c5c7eee9ef6261385c54cd9d0e26a6

SHA512
953cf9074a00267be108d4fcd8626bfd56fcc7e1df5116a39564cfca4cc472f15ba1f4731dbfcfc92f2a92aacaccb186e9e552bf2115e68f07699854194b1010

Download Submit
C:\Users\Admin\AppData\Local\Temp\{19005bcf-1dc5-3749-80b0-26908bc80541}\SETE0F3.tmp

Filesize
131KB

MD5
c1c5b35fff1e13816718d6c30e15e2c4

SHA1
a75a49857418f8915d27df08802555e9d2f65274

SHA256
17fa26ea576e98f40eb2a353123d27232335e3a20c8d91465ec83710bc1a8eae

SHA512
6725458b4b99d330d49c2499659eb87c9cf7c623fb5e9d1660c2dd13104e169ca1cfd242dab1ed601ff9902691d7875fc7f5fb6bc9851c336b41d20c0b66ab3d

Download Submit
C:\Users\Admin\AppData\Local\Temp\{19005bcf-1dc5-3749-80b0-26908bc80541}\SETE104.tmp

Filesize
38KB

MD5
201f083b80cdbe930d78fe72f1123e22

SHA1
6a368a4665e0e56c3f32973c679258ab6c4fc35a

SHA256
72fe475d8ada0cc2e26a4e659ca7d03bdb8d3061b4a689016a54eb52b18773a3

SHA512
3fa61fac2127efbcadff25c17e055f32ee8ec65e82f192cb87fc3390dac322d5d24b611ac3b665b5661beb1bb0e62929e6912c80880b2187540298bb6eeb52bf

Download Submit
C:\Users\Admin\AppData\Local\Temp\{529e6ba4-f5b7-9c4c-b05d-cca67c80230e}\SETE814.tmp

Filesize
1.6MB

MD5
4da5da193e0e4f86f6f8fd43ef25329a

SHA1
68a44d37ff535a2c454f2440e1429833a1c6d810

SHA256
18487b4ff94edccc98ed59d9fca662d4a1331c5f1e14df8db3093256dd9f1c3e

SHA512
b3d73ed5e45d6f2908b2f3086390dd28c1631e298756cee9bdf26b185f0b77d1b8c03ad55e0495dba982c5bed4a03337b130c76f7112f3e19821127d2cf36853

Download Submit
C:\Users\Admin\AppData\Local\Temp\{529e6ba4-f5b7-9c4c-b05d-cca67c80230e}\SETE825.tmp

Filesize
10KB

MD5
168c4256eea6a76983d79d45f191469f

SHA1
2f4e6d8db4bcfeec816d31a70045895a3e6158e3

SHA256
2b8a6ebc3e10d06a6ebbcb4ef89992978836eb52d2ad1c09e19b137b0963c2f9

SHA512
743f28589f4357594c4490c6bdc46b6ca6e3164ab58495d686316ba8effc004e68507b26cb07032f3232ecf21045078a97aae0fad9ac78acff48ec2ae0c26585

Download Submit
C:\Users\Admin\AppData\Local\Temp\{529e6ba4-f5b7-9c4c-b05d-cca67c80230e}\SETE826.tmp

Filesize
4KB

MD5
2428e7f81420a9d7e81dfce9fa0613b3

SHA1
96605444de2721d553530179ea96024f29b32827

SHA256
6db20d1374088a64b5a435189e3cbf1c0f30496d4a2c80346bc904605f3d0261

SHA512
fc98a3010d5a71ce4c9ec2ef16914cc6fabf531fdbf1cfc487d42dc352111e47f970565a011cc6ebd18b2632af5bc107e5c0e784127b789b68e6cb3f214aaf5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\{529e6ba4-f5b7-9c4c-b05d-cca67c80230e}\SETE827.tmp

Filesize
22KB

MD5
ee00c544c025958af50c7b199f3c8595

SHA1
1a9320ad1ebcaaa21abb5527d9a55ca265deec5d

SHA256
d774db020d9c46d1aa0b2db9fa2c36c4a9c38d904cc6929695321d32aca0d4d1

SHA512
c08cfb84b6bc98a965b5195b06234646e8f500a0c7e167d8c2961dad3c10da47407d339f1fbd2c3af4104932b94ee042872680d968c3c9b086705d374fc9c94e

Download Submit
C:\Users\Admin\AppData\Local\Temp\{68272d7d-5a85-304c-8ec5-b033e84cecf0}\AppleRSM.cat

Filesize
11KB

MD5
8dab3e4d8e271f17696cdbbd638f28af

SHA1
c4b3df527a77303785ed28a5cf1ac00d729ee83c

SHA256
df42e6ae66f82785552cbe1815246128cea10029e9dbb463e211590941a81bc1

SHA512
0a52bb023cf6d33faded6eb2829e0706f021be76217f050a77f65b09142f20b37675877ce8911cdb3bc8349357e0630a1e36ec60b3855097ede1c803a60a5880

Download Submit
C:\Users\Admin\AppData\Local\Temp\{68272d7d-5a85-304c-8ec5-b033e84cecf0}\AppleRSM.inf

Filesize
1KB

MD5
6db0394609c92e266a16bfd93b1eb597

SHA1
2d77b73e0ee0cf5f891dfb527991ead8cb39f22e

SHA256
10aac2d96e5b2c8f55605fd6acf6a39c7ef3d092018a5bc622011ec46c139a7c

SHA512
d1e160e507d5f4e2a561226c5ed4254562ac1599481f22d39d6f3b9560312f42d85247017db3b8b710677559327ac71badcf2473696a14dbd2244de6cb48c4ea

Download Submit
C:\Users\Admin\AppData\Local\Temp\{68272d7d-5a85-304c-8ec5-b033e84cecf0}\AppleRSM.sys

Filesize
77KB

MD5
39fbeae7efff3b0859b3d467e906a81a

SHA1
de04f243e6837394f141897e6df98a7777a05d46

SHA256
30bebe8d26c16e1d22d776e641f7a68b9ccd1c70a3804964db6753b821eee4b6

SHA512
f565684b27a92dee7b748479631af3f1a201fe9e6cf3b76346f83b59b1755fa3483c97c95b65e7bdd7d2bfcbcb973c4c1f0a2a6859d17e73b249e75f9a6c1058

Download Submit
C:\Users\Admin\AppData\Local\Temp\{68272d7d-5a85-304c-8ec5-b033e84cecf0}\AppleRSMInterface.dll

Filesize
36KB

MD5
cfdd6b37070699bf9ac287fa4fdebf0f

SHA1
bb6d98979e0577229beae7607a92d5caadf45113

SHA256
35075c0a280d7544b402c1f030ae9acd3c917fc1bd6a52145fae9b2a55320ecc

SHA512
793151eb8ab8c35eab2a4e4d66b2dcd4827fef53080b5c0be7fa359e7f4cc7377998d7f222303d93233b09fb76859c16f6c47b3ec3b0e88081a8d1cffa8b4978

Download Submit
memory/1028-1755-0x00000190B4550000-0x00000190B4588000-memory.dmp

Filesize
224KB

Download
memory/1028-1469-0x00000190B0450000-0x00000190B0472000-memory.dmp

Filesize
136KB

Download
memory/1028-1586-0x00000190B1430000-0x00000190B1438000-memory.dmp

Filesize
32KB

Download
memory/1028-1598-0x00000190B18C0000-0x00000190B18D0000-memory.dmp

Filesize
64KB

Download
memory/1028-1599-0x00000190B18D0000-0x00000190B1902000-memory.dmp

Filesize
200KB

Download
memory/1028-1607-0x00000190B3450000-0x00000190B3483000-memory.dmp

Filesize
204KB

Download
memory/1028-1581-0x00000190B1450000-0x00000190B147E000-memory.dmp

Filesize
184KB

Download
memory/1028-1563-0x00000190B08A0000-0x00000190B08AC000-memory.dmp

Filesize
48KB

Download
memory/1028-1556-0x00000190B11C0000-0x00000190B122A000-memory.dmp

Filesize
424KB

Download
memory/1028-1623-0x00007FFF94240000-0x00007FFF94242000-memory.dmp

Filesize
8KB

Download
memory/1028-1624-0x00007FFF94250000-0x00007FFF94252000-memory.dmp

Filesize
8KB

Download
memory/1028-1625-0x00007FFF621A0000-0x00007FFF62DCB000-memory.dmp

Filesize
12.2MB

Download
memory/1028-1632-0x00007FFF94260000-0x00007FFF94262000-memory.dmp

Filesize
8KB

Download
memory/1028-1640-0x00007FFF94270000-0x00007FFF94272000-memory.dmp

Filesize
8KB

Download
memory/1028-1641-0x00007FFF62DD0000-0x00007FFF63B5D000-memory.dmp

Filesize
13.6MB

Download
memory/1028-1680-0x00000190B3B30000-0x00000190B3FAF000-memory.dmp

Filesize
4.5MB

Download
memory/1028-1558-0x00000190B0FF0000-0x00000190B1031000-memory.dmp

Filesize
260KB

Download
memory/1028-1740-0x00000190B4430000-0x00000190B449A000-memory.dmp

Filesize
424KB

Download
memory/1028-1521-0x00000190B0830000-0x00000190B0867000-memory.dmp

Filesize
220KB

Download
memory/1028-1754-0x00000190B44A0000-0x00000190B44A8000-memory.dmp

Filesize
32KB

Download
memory/1028-1756-0x00000190B4510000-0x00000190B451E000-memory.dmp

Filesize
56KB

Download
memory/1028-1767-0x00000190B4590000-0x00000190B45A8000-memory.dmp

Filesize
96KB

Download
memory/1028-1769-0x00000190B47F0000-0x00000190B482E000-memory.dmp

Filesize
248KB

Download
memory/1028-1518-0x00000190B0750000-0x00000190B0756000-memory.dmp

Filesize
24KB

Download
memory/1028-1517-0x00000190B0760000-0x00000190B076A000-memory.dmp

Filesize
40KB

Download
memory/1028-1515-0x00000190B0740000-0x00000190B0746000-memory.dmp

Filesize
24KB

Download
memory/1028-1511-0x00007FFF94230000-0x00007FFF94232000-memory.dmp

Filesize
8KB

Download
memory/1028-1512-0x00007FFF69DF0000-0x00007FFF6A73D000-memory.dmp

Filesize
9.3MB

Download
memory/1028-1505-0x00000190B09E0000-0x00000190B0C9A000-memory.dmp

Filesize
2.7MB

Download
memory/1028-1502-0x00000190B08C0000-0x00000190B09D8000-memory.dmp

Filesize
1.1MB

Download
memory/1028-1477-0x00000190B0500000-0x00000190B0568000-memory.dmp

Filesize
416KB

Download
memory/1028-1587-0x00000190B1580000-0x00000190B187B000-memory.dmp

Filesize
3.0MB

Download
memory/1028-1467-0x00000190B05C0000-0x00000190B0672000-memory.dmp

Filesize
712KB

Download
memory/1028-1463-0x00000190B0490000-0x00000190B04FC000-memory.dmp

Filesize
432KB

Download
memory/1028-1454-0x00000190B0010000-0x00000190B02D1000-memory.dmp

Filesize
2.8MB

Download
memory/1028-1450-0x00000190AFEC0000-0x00000190AFF1E000-memory.dmp

Filesize
376KB

Download
memory/1028-1448-0x0000019096640000-0x0000019096654000-memory.dmp

Filesize
80KB

Download
memory/1028-1446-0x00000190AFD10000-0x00000190AFD56000-memory.dmp

Filesize
280KB

Download
memory/1028-1444-0x0000019096720000-0x00000190967AC000-memory.dmp

Filesize
560KB

Download
memory/1028-1442-0x0000019096620000-0x0000019096634000-memory.dmp

Filesize
80KB

Download
memory/1028-2158-0x00000190B99F0000-0x00000190B99F8000-memory.dmp

Filesize
32KB

Download
memory/1028-1440-0x0000019091BE0000-0x0000019094972000-memory.dmp

Filesize
45.6MB

Download
memory/1028-2359-0x00000190B9A80000-0x00000190B9A88000-memory.dmp

Filesize
32KB

Download
memory/1028-2360-0x00000190BFE00000-0x00000190BFE26000-memory.dmp

Filesize
152KB

Download
memory/1736-0-0x0000000000400000-0x0000000000837000-memory.dmp

Filesize
4.2MB

Download
memory/1736-1439-0x0000000000400000-0x0000000000837000-memory.dmp

Filesize
4.2MB

Download
memory/1736-1437-0x0000000000400000-0x0000000000837000-memory.dmp

Filesize
4.2MB

Download
memory/1736-1426-0x0000000000400000-0x0000000000837000-memory.dmp

Filesize
4.2MB

Download
memory/1736-364-0x0000000000400000-0x0000000000837000-memory.dmp

Filesize
4.2MB

Download
memory/1736-4-0x0000000000400000-0x0000000000837000-memory.dmp

Filesize
4.2MB

Download
memory/1736-10-0x0000000000400000-0x0000000000837000-memory.dmp

Filesize
4.2MB

Download
memory/1736-18-0x0000000000400000-0x0000000000837000-memory.dmp

Filesize
4.2MB

Download
memory/1736-22-0x0000000000400000-0x0000000000837000-memory.dmp

Filesize
4.2MB

Download
memory/2876-36-0x0000000000400000-0x0000000000470000-memory.dmp

Filesize
448KB

Download
memory/2876-39-0x0000000000401000-0x0000000000412000-memory.dmp

Filesize
68KB

Download
memory/2876-367-0x0000000000400000-0x0000000000470000-memory.dmp

Filesize
448KB

Download
memory/2876-1425-0x0000000000400000-0x0000000000470000-memory.dmp

Filesize
448KB

Download
memory/3688-43-0x0000000000400000-0x0000000000576000-memory.dmp

Filesize
1.5MB

Download
memory/3688-522-0x0000000000400000-0x0000000000576000-memory.dmp

Filesize
1.5MB

Download
memory/3688-523-0x0000000000400000-0x0000000000576000-memory.dmp

Filesize
1.5MB

Download
memory/3688-1424-0x0000000000400000-0x0000000000576000-memory.dmp

Filesize
1.5MB

Download