bddb3790c81a2f91d30658b1ba27e1d4d3b9125a3f088ef3c0a111712b665369

Analysis

max time kernel
231s
max time network
237s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
28-12-2022 16:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4ukeyforandroid_pfnet.exe
Size

63.7MB
MD5

1db98087e77fc77d634378bd664664c0
SHA1

18c2c1261a855eda13c103152382856c83bfea49
SHA256

1a543ff46b91b18902c824961b4f8254abdcfae16b88307ef6f18cc1c3c853bc
SHA512

aea641f6cc25e0f7be120212ddcc382e6d7900fb408b268cc00b818101975b05e667554fffe63d936c11c725140f4f699773f26fbeb6ccf6ccebc47c4790eb50
SSDEEP

1572864:VYPX1r0D2kpjbxEmKKX5LtICj8UdOoKhb+kHnKDty9+ea:VQjmKKViEMlHKU9+ea

Score

8^/10

discovery persistence vmprotect

Malware Config

Signatures

Executes dropped EXE 10 IoCs

pid	Process
1672	4ukeyforandroid_pfnet.tmp
2324	Start.exe
2948	PassFabAndroidUnlocker.exe
4792	Monitor.exe
4160	certutil.exe
4200	certutil.exe
4356	InstallAndDriver.exe
2216	repair.exe
2240	DPInst64.exe
3824	adb.exe

VMProtect packed file 8 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
behavioral2/files/0x0003000000000727-167.dat	vmprotect
behavioral2/files/0x0003000000000727-166.dat	vmprotect
behavioral2/memory/2948-172-0x000000006F3B0000-0x000000006FECC000-memory.dmp	vmprotect
behavioral2/memory/2948-173-0x000000006F3B0000-0x000000006FECC000-memory.dmp	vmprotect
behavioral2/memory/2948-176-0x000000006F3B0000-0x000000006FECC000-memory.dmp	vmprotect
behavioral2/memory/2948-250-0x000000006F3B0000-0x000000006FECC000-memory.dmp	vmprotect
behavioral2/memory/2948-261-0x000000006F3B0000-0x000000006FECC000-memory.dmp	vmprotect
behavioral2/memory/2948-307-0x000000006F3B0000-0x000000006FECC000-memory.dmp	vmprotect

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Control Panel\International\Geo\Nation	PassFabAndroidUnlocker.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Control Panel\International\Geo\Nation	Start.exe

Loads dropped DLL 64 IoCs

pid	Process
2948	PassFabAndroidUnlocker.exe
2948	PassFabAndroidUnlocker.exe
2948	PassFabAndroidUnlocker.exe
2948	PassFabAndroidUnlocker.exe
2948	PassFabAndroidUnlocker.exe
2948	PassFabAndroidUnlocker.exe
2948	PassFabAndroidUnlocker.exe
2948	PassFabAndroidUnlocker.exe
2948	PassFabAndroidUnlocker.exe
2948	PassFabAndroidUnlocker.exe
2948	PassFabAndroidUnlocker.exe
2948	PassFabAndroidUnlocker.exe
2948	PassFabAndroidUnlocker.exe
2948	PassFabAndroidUnlocker.exe
2948	PassFabAndroidUnlocker.exe
2948	PassFabAndroidUnlocker.exe
2948	PassFabAndroidUnlocker.exe
2948	PassFabAndroidUnlocker.exe
2948	PassFabAndroidUnlocker.exe
2948	PassFabAndroidUnlocker.exe
2948	PassFabAndroidUnlocker.exe
2948	PassFabAndroidUnlocker.exe
2948	PassFabAndroidUnlocker.exe
2948	PassFabAndroidUnlocker.exe
2948	PassFabAndroidUnlocker.exe
2948	PassFabAndroidUnlocker.exe
2948	PassFabAndroidUnlocker.exe
2948	PassFabAndroidUnlocker.exe
2948	PassFabAndroidUnlocker.exe
2948	PassFabAndroidUnlocker.exe
2948	PassFabAndroidUnlocker.exe
2948	PassFabAndroidUnlocker.exe
2948	PassFabAndroidUnlocker.exe
2948	PassFabAndroidUnlocker.exe
2948	PassFabAndroidUnlocker.exe
2948	PassFabAndroidUnlocker.exe
2948	PassFabAndroidUnlocker.exe
2948	PassFabAndroidUnlocker.exe
2948	PassFabAndroidUnlocker.exe
2948	PassFabAndroidUnlocker.exe
2948	PassFabAndroidUnlocker.exe
2948	PassFabAndroidUnlocker.exe
2948	PassFabAndroidUnlocker.exe
4792	Monitor.exe
4792	Monitor.exe
4792	Monitor.exe
2948	PassFabAndroidUnlocker.exe
2948	PassFabAndroidUnlocker.exe
2948	PassFabAndroidUnlocker.exe
2948	PassFabAndroidUnlocker.exe
2948	PassFabAndroidUnlocker.exe
2948	PassFabAndroidUnlocker.exe
2948	PassFabAndroidUnlocker.exe
4160	certutil.exe
2948	PassFabAndroidUnlocker.exe
2948	PassFabAndroidUnlocker.exe
2948	PassFabAndroidUnlocker.exe
2948	PassFabAndroidUnlocker.exe
2948	PassFabAndroidUnlocker.exe
4200	certutil.exe
2948	PassFabAndroidUnlocker.exe
2948	PassFabAndroidUnlocker.exe
2948	PassFabAndroidUnlocker.exe
2948	PassFabAndroidUnlocker.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Software\Microsoft\Windows\CurrentVersion\Run	msedge.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in System32 directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\Temp\{d896c944-99f3-ea41-929f-1b2cbc7038a7}\SET9830.tmp	DrvInst.exe
File created	C:\Windows\System32\DriverStore\Temp\{d56ffb40-1828-cb49-8744-aa7407a50aac}\SET8862.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{6bc33ba7-9ede-7c4a-9251-81710646d8c2}\amd64\WinUSBCoInstaller2.dll	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{6bc33ba7-9ede-7c4a-9251-81710646d8c2}	DrvInst.exe
File created	C:\Windows\System32\DriverStore\Temp\{7c2d92f2-d972-7241-bb3d-9c0378d7d29d}\amd64\SET92EF.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{9f14d5a9-88a1-e243-b8ae-683e0009178f}\amd64\ssudbus.sys	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{9f14d5a9-88a1-e243-b8ae-683e0009178f}\SET9571.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{d896c944-99f3-ea41-929f-1b2cbc7038a7}\ssudmdm.cat	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{d56ffb40-1828-cb49-8744-aa7407a50aac}\amd64\WinUSBCoInstaller2.dll	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{d56ffb40-1828-cb49-8744-aa7407a50aac}\android_general.cat	DrvInst.exe
File created	C:\Windows\System32\DriverStore\Temp\{d56ffb40-1828-cb49-8744-aa7407a50aac}\SET8873.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\CatRoot2\dberr.txt	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\ssudadb.inf_amd64_55cf1c442f8c934e\ssudadb.inf	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{d56ffb40-1828-cb49-8744-aa7407a50aac}\amd64\WdfCoInstaller01009.dll	DrvInst.exe
File created	C:\Windows\System32\DriverStore\drvstore.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{6bc33ba7-9ede-7c4a-9251-81710646d8c2}\amd64\SET9169.tmp	DrvInst.exe
File created	C:\Windows\System32\DriverStore\Temp\{7c2d92f2-d972-7241-bb3d-9c0378d7d29d}\SET92F1.tmp	DrvInst.exe
File created	C:\Windows\System32\DriverStore\FileRepository\ssudbus.inf_amd64_d0ba75672dc1a380\ssudbus.PNF	DPInst64.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{d56ffb40-1828-cb49-8744-aa7407a50aac}\amd64\SET8841.tmp	DrvInst.exe
File created	C:\Windows\System32\DriverStore\Temp\{6bc33ba7-9ede-7c4a-9251-81710646d8c2}\SET918C.tmp	DrvInst.exe
File created	C:\Windows\System32\DriverStore\drvstore.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\ssudbus.inf_amd64_d0ba75672dc1a380\ssudbus.inf	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\ssudmdm.inf_amd64_99bdd5a4506ef81c\amd64\ssudmdm.sys	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{6bc33ba7-9ede-7c4a-9251-81710646d8c2}\SET918C.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\ssudadb.inf_amd64_55cf1c442f8c934e\amd64\WinUSBCoInstaller.dll	DrvInst.exe
File created	C:\Windows\System32\DriverStore\Temp\{9f14d5a9-88a1-e243-b8ae-683e0009178f}\SET9570.tmp	DrvInst.exe
File created	C:\Windows\System32\DriverStore\FileRepository\ssudmdm.inf_amd64_99bdd5a4506ef81c\ssudmdm.PNF	DPInst64.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{7c2d92f2-d972-7241-bb3d-9c0378d7d29d}\ssudAdb.cat	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{9f14d5a9-88a1-e243-b8ae-683e0009178f}\SET9570.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{9f14d5a9-88a1-e243-b8ae-683e0009178f}\ssudbus.inf	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{d56ffb40-1828-cb49-8744-aa7407a50aac}	DrvInst.exe
File created	C:\Windows\System32\DriverStore\Temp\{6bc33ba7-9ede-7c4a-9251-81710646d8c2}\amd64\SET9179.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{6bc33ba7-9ede-7c4a-9251-81710646d8c2}\amd64\WdfCoInstaller01009.dll	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{6bc33ba7-9ede-7c4a-9251-81710646d8c2}\amd64\SET917B.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{7c2d92f2-d972-7241-bb3d-9c0378d7d29d}\amd64\SET92F0.tmp	DrvInst.exe
File created	C:\Windows\System32\DriverStore\Temp\{9f14d5a9-88a1-e243-b8ae-683e0009178f}\amd64\SET9572.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{9f14d5a9-88a1-e243-b8ae-683e0009178f}\amd64	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{d896c944-99f3-ea41-929f-1b2cbc7038a7}\SET9830.tmp	DrvInst.exe
File created	C:\Windows\System32\DriverStore\Temp\{d896c944-99f3-ea41-929f-1b2cbc7038a7}\amd64\SET9841.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{d896c944-99f3-ea41-929f-1b2cbc7038a7}\ssudmdm.inf	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{6bc33ba7-9ede-7c4a-9251-81710646d8c2}\amd64\WdfCoInstaller01007.dll	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{6bc33ba7-9ede-7c4a-9251-81710646d8c2}\amd64\WinUSBCoInstaller.dll	DrvInst.exe
File created	C:\Windows\System32\DriverStore\Temp\{6bc33ba7-9ede-7c4a-9251-81710646d8c2}\amd64\SET917B.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{7c2d92f2-d972-7241-bb3d-9c0378d7d29d}\amd64\SET92EF.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{7c2d92f2-d972-7241-bb3d-9c0378d7d29d}\SET92F2.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{6bc33ba7-9ede-7c4a-9251-81710646d8c2}\amd64	DrvInst.exe
File created	C:\Windows\System32\DriverStore\drvstore.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\ssudadb.inf_amd64_55cf1c442f8c934e\amd64\WdfCoInstaller01007.dll	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\ssudmdm.inf_amd64_99bdd5a4506ef81c\ssudmdm.cat	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{d896c944-99f3-ea41-929f-1b2cbc7038a7}\amd64	DrvInst.exe
File created	C:\Windows\System32\DriverStore\Temp\{d896c944-99f3-ea41-929f-1b2cbc7038a7}\SET982F.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\ssudmdm.inf_amd64_99bdd5a4506ef81c\ssudmdm.inf	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{d896c944-99f3-ea41-929f-1b2cbc7038a7}	DrvInst.exe
File created	C:\Windows\System32\DriverStore\Temp\{d56ffb40-1828-cb49-8744-aa7407a50aac}\amd64\SET8841.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\android_general.inf_amd64_ba6d6c70048ad29d\android_general.inf	DrvInst.exe
File created	C:\Windows\System32\DriverStore\Temp\{6bc33ba7-9ede-7c4a-9251-81710646d8c2}\amd64\SET917A.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\ssudbus.inf_amd64_d0ba75672dc1a380\ssudbus.cat	DrvInst.exe
File opened for modification	C:\Windows\System32\CatRoot2\dberr.txt	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{d56ffb40-1828-cb49-8744-aa7407a50aac}\amd64\SET8852.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\CatRoot2\dberr.txt	DPInst64.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{7c2d92f2-d972-7241-bb3d-9c0378d7d29d}\ssudadb.inf	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{7c2d92f2-d972-7241-bb3d-9c0378d7d29d}\amd64\WinUSBCoInstaller.dll	DrvInst.exe
File opened for modification	C:\Windows\System32\CatRoot2\dberr.txt	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{7c2d92f2-d972-7241-bb3d-9c0378d7d29d}\amd64	DrvInst.exe

Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs

pid	Process
2948	PassFabAndroidUnlocker.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files (x86)\PassFab Android Unlocker\api-ms-win-core-timezone-l1-1-0.dll	4ukeyforandroid_pfnet.tmp
File opened for modification	C:\Program Files (x86)\PassFab Android Unlocker\Monitor\libcurl.dll	4ukeyforandroid_pfnet.tmp
File created	C:\Program Files (x86)\PassFab Android Unlocker\adk\drivers\x86\is-EGES6.tmp	4ukeyforandroid_pfnet.tmp
File created	C:\Program Files (x86)\PassFab Android Unlocker\Languages\is-57RSG.tmp	4ukeyforandroid_pfnet.tmp
File created	C:\Program Files (x86)\PassFab Android Unlocker\Monitor\is-O9U6H.tmp	4ukeyforandroid_pfnet.tmp
File created	C:\Program Files (x86)\PassFab Android Unlocker\TS_Android\mobiledrv\is-RIPH3.tmp	4ukeyforandroid_pfnet.tmp
File opened for modification	C:\Program Files (x86)\PassFab Android Unlocker\api-ms-win-core-console-l1-1-0.dll	4ukeyforandroid_pfnet.tmp
File opened for modification	C:\Program Files (x86)\PassFab Android Unlocker\api-ms-win-core-heap-l1-1-0.dll	4ukeyforandroid_pfnet.tmp
File opened for modification	C:\Program Files (x86)\PassFab Android Unlocker\TS.UI.dll	4ukeyforandroid_pfnet.tmp
File created	C:\Program Files (x86)\PassFab Android Unlocker\is-95Q6E.tmp	4ukeyforandroid_pfnet.tmp
File created	C:\Program Files (x86)\PassFab Android Unlocker\is-O1NBB.tmp	4ukeyforandroid_pfnet.tmp
File opened for modification	C:\Program Files (x86)\PassFab Android Unlocker\repair.exe	4ukeyforandroid_pfnet.tmp
File opened for modification	C:\Program Files (x86)\PassFab Android Unlocker\api-ms-win-core-profile-l1-1-0.dll	4ukeyforandroid_pfnet.tmp
File opened for modification	C:\Program Files (x86)\PassFab Android Unlocker\x86\SQLite.Interop.dll	4ukeyforandroid_pfnet.tmp
File opened for modification	C:\Program Files (x86)\PassFab Android Unlocker\TS.Common.dll	4ukeyforandroid_pfnet.tmp
File opened for modification	C:\Program Files (x86)\PassFab Android Unlocker\zlibwapi.dll	4ukeyforandroid_pfnet.tmp
File created	C:\Program Files (x86)\PassFab Android Unlocker\x64\is-2PQUH.tmp	4ukeyforandroid_pfnet.tmp
File opened for modification	C:\Program Files (x86)\PassFab Android Unlocker\TS_Android\adb\AdbWinApi.dll	4ukeyforandroid_pfnet.tmp
File created	C:\Program Files (x86)\PassFab Android Unlocker\adk\drivers\amd64\is-9DMHG.tmp	4ukeyforandroid_pfnet.tmp
File created	C:\Program Files (x86)\PassFab Android Unlocker\TS_Android\adb\is-OA4VR.tmp	4ukeyforandroid_pfnet.tmp
File created	C:\Program Files (x86)\PassFab Android Unlocker\unins000.msg	4ukeyforandroid_pfnet.tmp
File opened for modification	C:\Program Files (x86)\PassFab Android Unlocker\BugSplat.dll	4ukeyforandroid_pfnet.tmp
File opened for modification	C:\Program Files (x86)\PassFab Android Unlocker\Monitor\vcruntime140.dll	4ukeyforandroid_pfnet.tmp
File created	C:\Program Files (x86)\PassFab Android Unlocker\is-DR334.tmp	4ukeyforandroid_pfnet.tmp
File created	C:\Program Files (x86)\PassFab Android Unlocker\is-K39LH.tmp	4ukeyforandroid_pfnet.tmp
File created	C:\Program Files (x86)\PassFab Android Unlocker\x86\is-SHE3P.tmp	4ukeyforandroid_pfnet.tmp
File opened for modification	C:\Program Files (x86)\PassFab Android Unlocker\AdbWinApi.dll	4ukeyforandroid_pfnet.tmp
File opened for modification	C:\Program Files (x86)\PassFab Android Unlocker\api-ms-win-core-handle-l1-1-0.dll	4ukeyforandroid_pfnet.tmp
File opened for modification	C:\Program Files (x86)\PassFab Android Unlocker\libcurl.NET.dll	4ukeyforandroid_pfnet.tmp
File created	C:\Program Files (x86)\PassFab Android Unlocker\adk\is-J1QAB.tmp	4ukeyforandroid_pfnet.tmp
File created	C:\Program Files (x86)\PassFab Android Unlocker\TS_Android\mobiledrv\i386\is-5V2CB.tmp	4ukeyforandroid_pfnet.tmp
File opened for modification	C:\Program Files (x86)\PassFab Android Unlocker\GlobalUtil.dll	4ukeyforandroid_pfnet.tmp
File opened for modification	C:\Program Files (x86)\PassFab Android Unlocker\EntityFramework.SqlServer.dll	4ukeyforandroid_pfnet.tmp
File opened for modification	C:\Program Files (x86)\PassFab Android Unlocker\UpdaterCLR.dll	4ukeyforandroid_pfnet.tmp
File opened for modification	C:\Program Files (x86)\PassFab Android Unlocker\msvcp90.dll	4ukeyforandroid_pfnet.tmp
File created	C:\Program Files (x86)\PassFab Android Unlocker\is-IUN44.tmp	4ukeyforandroid_pfnet.tmp
File opened for modification	C:\Program Files (x86)\PassFab Android Unlocker\AndroidConnectSDK.dll	4ukeyforandroid_pfnet.tmp
File opened for modification	C:\Program Files (x86)\PassFab Android Unlocker\api-ms-win-core-processthreads-l1-1-0.dll	4ukeyforandroid_pfnet.tmp
File created	C:\Program Files (x86)\PassFab Android Unlocker\adk\is-GUM0C.tmp	4ukeyforandroid_pfnet.tmp
File created	C:\Program Files (x86)\PassFab Android Unlocker\drivers\amd64\is-OMVJO.tmp	4ukeyforandroid_pfnet.tmp
File created	C:\Program Files (x86)\PassFab Android Unlocker\Monitor\is-TD90S.tmp	4ukeyforandroid_pfnet.tmp
File created	C:\Program Files (x86)\PassFab Android Unlocker\TS_Android\mobiledrv\i386\is-79V6P.tmp	4ukeyforandroid_pfnet.tmp
File created	C:\Program Files (x86)\PassFab Android Unlocker\TS_Android\mobiledrv\i386\is-4HJB4.tmp	4ukeyforandroid_pfnet.tmp
File opened for modification	C:\Program Files (x86)\PassFab Android Unlocker\SecurityLaunchCLR.dll	4ukeyforandroid_pfnet.tmp
File opened for modification	C:\Program Files (x86)\PassFab Android Unlocker\Microsoft.Expression.Drawing.dll	4ukeyforandroid_pfnet.tmp
File opened for modification	C:\Program Files (x86)\PassFab Android Unlocker\msvcp140.dll	4ukeyforandroid_pfnet.tmp
File opened for modification	C:\Program Files (x86)\PassFab Android Unlocker\TS_Android\mobiledrv\i386\winusbcoinstaller2.dll	4ukeyforandroid_pfnet.tmp
File created	C:\Program Files (x86)\PassFab Android Unlocker\is-3IHK5.tmp	4ukeyforandroid_pfnet.tmp
File created	C:\Program Files (x86)\PassFab Android Unlocker\adk\drivers\amd64\is-S6IMJ.tmp	4ukeyforandroid_pfnet.tmp
File created	C:\Program Files (x86)\PassFab Android Unlocker\Monitor\is-1H530.tmp	4ukeyforandroid_pfnet.tmp
File created	C:\Program Files (x86)\PassFab Android Unlocker\Monitor\is-LMO9K.tmp	4ukeyforandroid_pfnet.tmp
File created	C:\Program Files (x86)\PassFab Android Unlocker\Monitor\is-2T1N8.tmp	4ukeyforandroid_pfnet.tmp
File created	C:\Program Files (x86)\PassFab Android Unlocker\TS_Android\adb\is-OCJUE.tmp	4ukeyforandroid_pfnet.tmp
File created	C:\Program Files (x86)\PassFab Android Unlocker\is-KO676.tmp	4ukeyforandroid_pfnet.tmp
File opened for modification	C:\Program Files (x86)\PassFab Android Unlocker\System.Data.SQLite.Linq.dll	4ukeyforandroid_pfnet.tmp
File created	C:\Program Files (x86)\PassFab Android Unlocker\is-4T9V5.tmp	4ukeyforandroid_pfnet.tmp
File created	C:\Program Files (x86)\PassFab Android Unlocker\is-QDU1D.tmp	4ukeyforandroid_pfnet.tmp
File created	C:\Program Files (x86)\PassFab Android Unlocker\config\is-1EO04.tmp	4ukeyforandroid_pfnet.tmp
File created	C:\Program Files (x86)\PassFab Android Unlocker\Monitor\is-F6I8A.tmp	4ukeyforandroid_pfnet.tmp
File opened for modification	C:\Program Files (x86)\PassFab Android Unlocker\Monitor\api-ms-win-core-profile-l1-1-0.dll	4ukeyforandroid_pfnet.tmp
File opened for modification	C:\Program Files (x86)\PassFab Android Unlocker\TS_Android\DPInst64.exe	4ukeyforandroid_pfnet.tmp
File opened for modification	C:\Program Files (x86)\PassFab Android Unlocker\TS_Android\mobiledrv\i386\WUDFUpdate_01007.dll	4ukeyforandroid_pfnet.tmp
File created	C:\Program Files (x86)\PassFab Android Unlocker\7z\is-8UVQ1.tmp	4ukeyforandroid_pfnet.tmp
File created	C:\Program Files (x86)\PassFab Android Unlocker\TS_Android\mobiledrv\is-7U2TU.tmp	4ukeyforandroid_pfnet.tmp

Drops file in Windows directory 18 IoCs

description	ioc	Process
File opened for modification	C:\Windows\INF\setupapi.dev.log	DPInst64.exe
File opened for modification	C:\Windows\inf\oem2.inf	DrvInst.exe
File created	C:\Windows\inf\oem2.inf	DrvInst.exe
File opened for modification	C:\Windows\INF\setupapi.dev.log	DrvInst.exe
File opened for modification	C:\Windows\INF\setupapi.dev.log	DrvInst.exe
File opened for modification	C:\Windows\inf\oem5.inf	DrvInst.exe
File opened for modification	C:\Windows\certutil.log	certutil.exe
File opened for modification	C:\Windows\certutil.log	certutil.exe
File opened for modification	C:\Windows\DPINST.LOG	DPInst64.exe
File opened for modification	C:\Windows\INF\setupapi.dev.log	svchost.exe
File opened for modification	C:\Windows\INF\setupapi.dev.log	DrvInst.exe
File opened for modification	C:\Windows\inf\oem3.inf	DrvInst.exe
File opened for modification	C:\Windows\INF\setupapi.dev.log	DrvInst.exe
File opened for modification	C:\Windows\INF\setupapi.dev.log	DrvInst.exe
File created	C:\Windows\inf\oem4.inf	DrvInst.exe
File created	C:\Windows\inf\oem3.inf	DrvInst.exe
File opened for modification	C:\Windows\inf\oem4.inf	DrvInst.exe
File created	C:\Windows\inf\oem5.inf	DrvInst.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Checks SCSI registry key(s) 3 TTPs 64 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\CompatibleIDs	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Phantom	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\CompatibleIDs	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\CompatibleIDs	DPInst64.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Phantom	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom	DPInst64.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\CompatibleIDs	DPInst64.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\CompatibleIDs	DPInst64.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\HardwareID	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\CompatibleIDs	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\CompatibleIDs	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\CompatibleIDs	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Phantom	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\CompatibleIDs	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\CompatibleIDs	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	DPInst64.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\CompatibleIDs	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001	DPInst64.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\CompatibleIDs	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_DADY&PROD_DADY_DVD-ROM\4&215468A5&0&010000	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\HardwareID	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\CompatibleIDs	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\CompatibleIDs	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_DADY&PROD_DADY_DVD-ROM\4&215468A5&0&010000	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\CompatibleIDs	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\CompatibleIDs	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\HardwareID	DPInst64.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_DADY&PROD_DADY_DVD-ROM\4&215468A5&0&010000	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID	DPInst64.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\CompatibleIDs	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom	DPInst64.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\ConfigFlags	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\CompatibleIDs	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Phantom	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002	DPInst64.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Gathers network information 2 TTPs 4 IoCs

Uses commandline utility to view network configuration.

System Information Discovery

T1082

Command-Line Interface

T1059

pid	Process
4408	NETSTAT.EXE
1692	NETSTAT.EXE
5100	NETSTAT.EXE
1984	NETSTAT.EXE

Kills process with taskkill 8 IoCs

evasion

pid	Process
3504	taskkill.exe
1484	taskkill.exe
1904	taskkill.exe
4416	taskkill.exe
4480	taskkill.exe
3924	taskkill.exe
2072	taskkill.exe
3232	taskkill.exe

Modifies Internet Explorer settings 1 TTPs 5 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN\PassFabAndroidUnlocker.exe = "1"	PassFabAndroidUnlocker.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\PassFabAndroidUnlocker.exe = "11000"	PassFabAndroidUnlocker.exe
Key created	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENABLE_CLIPCHILDREN_OPTIMIZATION	PassFabAndroidUnlocker.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENABLE_CLIPCHILDREN_OPTIMIZATION\PassFabAndroidUnlocker.exe = "1"	PassFabAndroidUnlocker.exe
Key created	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN	PassFabAndroidUnlocker.exe

Modifies data under HKEY_USERS 64 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates	DrvInst.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
1672	4ukeyforandroid_pfnet.tmp
1672	4ukeyforandroid_pfnet.tmp
2948	PassFabAndroidUnlocker.exe
2948	PassFabAndroidUnlocker.exe
2948	PassFabAndroidUnlocker.exe
2948	PassFabAndroidUnlocker.exe
4356	InstallAndDriver.exe
4356	InstallAndDriver.exe
2948	PassFabAndroidUnlocker.exe
2948	PassFabAndroidUnlocker.exe
4356	InstallAndDriver.exe
4356	InstallAndDriver.exe
4356	InstallAndDriver.exe
4356	InstallAndDriver.exe
4356	InstallAndDriver.exe
4356	InstallAndDriver.exe
4356	InstallAndDriver.exe
4356	InstallAndDriver.exe
4356	InstallAndDriver.exe
4356	InstallAndDriver.exe
4356	InstallAndDriver.exe
4356	InstallAndDriver.exe
4356	InstallAndDriver.exe
4356	InstallAndDriver.exe
4608	msedge.exe
4608	msedge.exe
4356	InstallAndDriver.exe
4356	InstallAndDriver.exe
4356	InstallAndDriver.exe
4356	InstallAndDriver.exe
4356	InstallAndDriver.exe
4356	InstallAndDriver.exe
4356	InstallAndDriver.exe
4356	InstallAndDriver.exe
2976	msedge.exe
2976	msedge.exe
4356	InstallAndDriver.exe
4356	InstallAndDriver.exe
4356	InstallAndDriver.exe
4356	InstallAndDriver.exe
4356	InstallAndDriver.exe
4356	InstallAndDriver.exe
4356	InstallAndDriver.exe
4356	InstallAndDriver.exe
4356	InstallAndDriver.exe
4356	InstallAndDriver.exe
4356	InstallAndDriver.exe
4356	InstallAndDriver.exe
4356	InstallAndDriver.exe
4356	InstallAndDriver.exe
4356	InstallAndDriver.exe
4356	InstallAndDriver.exe
4356	InstallAndDriver.exe
4356	InstallAndDriver.exe
4356	InstallAndDriver.exe
4356	InstallAndDriver.exe
4356	InstallAndDriver.exe
4356	InstallAndDriver.exe
4356	InstallAndDriver.exe
4356	InstallAndDriver.exe
4356	InstallAndDriver.exe
4356	InstallAndDriver.exe
4356	InstallAndDriver.exe
4356	InstallAndDriver.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
2976	msedge.exe
2976	msedge.exe
2976	msedge.exe

Suspicious use of AdjustPrivilegeToken 15 IoCs

description	pid	Process
Token: SeDebugPrivilege	2948	PassFabAndroidUnlocker.exe
Token: SeDebugPrivilege	4408	NETSTAT.EXE
Token: SeAuditPrivilege	4956	svchost.exe
Token: SeSecurityPrivilege	4956	svchost.exe
Token: SeDebugPrivilege	1692	NETSTAT.EXE
Token: SeDebugPrivilege	5100	NETSTAT.EXE
Token: SeDebugPrivilege	3924	taskkill.exe
Token: SeDebugPrivilege	2072	taskkill.exe
Token: SeDebugPrivilege	3232	taskkill.exe
Token: SeDebugPrivilege	3504	taskkill.exe
Token: SeDebugPrivilege	1984	NETSTAT.EXE
Token: SeDebugPrivilege	1484	taskkill.exe
Token: SeDebugPrivilege	1904	taskkill.exe
Token: SeDebugPrivilege	4416	taskkill.exe
Token: SeDebugPrivilege	4480	taskkill.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
1672	4ukeyforandroid_pfnet.tmp
1672	4ukeyforandroid_pfnet.tmp
1672	4ukeyforandroid_pfnet.tmp
1672	4ukeyforandroid_pfnet.tmp
1672	4ukeyforandroid_pfnet.tmp
1672	4ukeyforandroid_pfnet.tmp
1672	4ukeyforandroid_pfnet.tmp
1672	4ukeyforandroid_pfnet.tmp
1672	4ukeyforandroid_pfnet.tmp
1672	4ukeyforandroid_pfnet.tmp
1672	4ukeyforandroid_pfnet.tmp
1672	4ukeyforandroid_pfnet.tmp
1672	4ukeyforandroid_pfnet.tmp
1672	4ukeyforandroid_pfnet.tmp
1672	4ukeyforandroid_pfnet.tmp
1672	4ukeyforandroid_pfnet.tmp
1672	4ukeyforandroid_pfnet.tmp
1672	4ukeyforandroid_pfnet.tmp
1672	4ukeyforandroid_pfnet.tmp
1672	4ukeyforandroid_pfnet.tmp
1672	4ukeyforandroid_pfnet.tmp
1672	4ukeyforandroid_pfnet.tmp
1672	4ukeyforandroid_pfnet.tmp
1672	4ukeyforandroid_pfnet.tmp
1672	4ukeyforandroid_pfnet.tmp
1672	4ukeyforandroid_pfnet.tmp
1672	4ukeyforandroid_pfnet.tmp
1672	4ukeyforandroid_pfnet.tmp
1672	4ukeyforandroid_pfnet.tmp
1672	4ukeyforandroid_pfnet.tmp
1672	4ukeyforandroid_pfnet.tmp
1672	4ukeyforandroid_pfnet.tmp
1672	4ukeyforandroid_pfnet.tmp
1672	4ukeyforandroid_pfnet.tmp
1672	4ukeyforandroid_pfnet.tmp
1672	4ukeyforandroid_pfnet.tmp
1672	4ukeyforandroid_pfnet.tmp
1672	4ukeyforandroid_pfnet.tmp
1672	4ukeyforandroid_pfnet.tmp
1672	4ukeyforandroid_pfnet.tmp
1672	4ukeyforandroid_pfnet.tmp
1672	4ukeyforandroid_pfnet.tmp
1672	4ukeyforandroid_pfnet.tmp
1672	4ukeyforandroid_pfnet.tmp
1672	4ukeyforandroid_pfnet.tmp
1672	4ukeyforandroid_pfnet.tmp
1672	4ukeyforandroid_pfnet.tmp
1672	4ukeyforandroid_pfnet.tmp
1672	4ukeyforandroid_pfnet.tmp
1672	4ukeyforandroid_pfnet.tmp
1672	4ukeyforandroid_pfnet.tmp
1672	4ukeyforandroid_pfnet.tmp
1672	4ukeyforandroid_pfnet.tmp
1672	4ukeyforandroid_pfnet.tmp
1672	4ukeyforandroid_pfnet.tmp
1672	4ukeyforandroid_pfnet.tmp
1672	4ukeyforandroid_pfnet.tmp
1672	4ukeyforandroid_pfnet.tmp
1672	4ukeyforandroid_pfnet.tmp
1672	4ukeyforandroid_pfnet.tmp
1672	4ukeyforandroid_pfnet.tmp
1672	4ukeyforandroid_pfnet.tmp
1672	4ukeyforandroid_pfnet.tmp
1672	4ukeyforandroid_pfnet.tmp

Suspicious use of SetWindowsHookEx 11 IoCs

pid	Process
2324	Start.exe
2324	Start.exe
4792	Monitor.exe
4160	certutil.exe
4200	certutil.exe
4356	InstallAndDriver.exe
2216	repair.exe
2216	repair.exe
2216	repair.exe
2240	DPInst64.exe
3824	adb.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4976 wrote to memory of 1672	4976	4ukeyforandroid_pfnet.exe	80
PID 4976 wrote to memory of 1672	4976	4ukeyforandroid_pfnet.exe	80
PID 4976 wrote to memory of 1672	4976	4ukeyforandroid_pfnet.exe	80
PID 2324 wrote to memory of 2948	2324	Start.exe	92
PID 2324 wrote to memory of 2948	2324	Start.exe	92
PID 2324 wrote to memory of 2948	2324	Start.exe	92
PID 2948 wrote to memory of 4792	2948	PassFabAndroidUnlocker.exe	94
PID 2948 wrote to memory of 4792	2948	PassFabAndroidUnlocker.exe	94
PID 2948 wrote to memory of 4792	2948	PassFabAndroidUnlocker.exe	94
PID 2948 wrote to memory of 4876	2948	PassFabAndroidUnlocker.exe	96
PID 2948 wrote to memory of 4876	2948	PassFabAndroidUnlocker.exe	96
PID 2948 wrote to memory of 4876	2948	PassFabAndroidUnlocker.exe	96
PID 4876 wrote to memory of 4408	4876	cmd.exe	98
PID 4876 wrote to memory of 4408	4876	cmd.exe	98
PID 4876 wrote to memory of 4408	4876	cmd.exe	98
PID 4876 wrote to memory of 3164	4876	cmd.exe	99
PID 4876 wrote to memory of 3164	4876	cmd.exe	99
PID 4876 wrote to memory of 3164	4876	cmd.exe	99
PID 4876 wrote to memory of 2256	4876	cmd.exe	100
PID 4876 wrote to memory of 2256	4876	cmd.exe	100
PID 4876 wrote to memory of 2256	4876	cmd.exe	100
PID 2948 wrote to memory of 4160	2948	PassFabAndroidUnlocker.exe	101
PID 2948 wrote to memory of 4160	2948	PassFabAndroidUnlocker.exe	101
PID 2948 wrote to memory of 4160	2948	PassFabAndroidUnlocker.exe	101
PID 2948 wrote to memory of 4200	2948	PassFabAndroidUnlocker.exe	105
PID 2948 wrote to memory of 4200	2948	PassFabAndroidUnlocker.exe	105
PID 2948 wrote to memory of 4200	2948	PassFabAndroidUnlocker.exe	105
PID 2948 wrote to memory of 4356	2948	PassFabAndroidUnlocker.exe	107
PID 2948 wrote to memory of 4356	2948	PassFabAndroidUnlocker.exe	107
PID 2948 wrote to memory of 4356	2948	PassFabAndroidUnlocker.exe	107
PID 2948 wrote to memory of 2216	2948	PassFabAndroidUnlocker.exe	109
PID 2948 wrote to memory of 2216	2948	PassFabAndroidUnlocker.exe	109
PID 2948 wrote to memory of 2216	2948	PassFabAndroidUnlocker.exe	109
PID 2948 wrote to memory of 2976	2948	PassFabAndroidUnlocker.exe	110
PID 2948 wrote to memory of 2976	2948	PassFabAndroidUnlocker.exe	110
PID 2976 wrote to memory of 3576	2976	msedge.exe	111
PID 2976 wrote to memory of 3576	2976	msedge.exe	111
PID 2948 wrote to memory of 2240	2948	PassFabAndroidUnlocker.exe	112
PID 2948 wrote to memory of 2240	2948	PassFabAndroidUnlocker.exe	112
PID 2976 wrote to memory of 908	2976	msedge.exe	113
PID 2976 wrote to memory of 908	2976	msedge.exe	113
PID 2976 wrote to memory of 908	2976	msedge.exe	113
PID 2976 wrote to memory of 908	2976	msedge.exe	113
PID 2976 wrote to memory of 908	2976	msedge.exe	113
PID 2976 wrote to memory of 908	2976	msedge.exe	113
PID 2976 wrote to memory of 908	2976	msedge.exe	113
PID 2976 wrote to memory of 908	2976	msedge.exe	113
PID 2976 wrote to memory of 908	2976	msedge.exe	113
PID 2976 wrote to memory of 908	2976	msedge.exe	113
PID 2976 wrote to memory of 908	2976	msedge.exe	113
PID 2976 wrote to memory of 908	2976	msedge.exe	113
PID 2976 wrote to memory of 908	2976	msedge.exe	113
PID 2976 wrote to memory of 908	2976	msedge.exe	113
PID 2976 wrote to memory of 908	2976	msedge.exe	113
PID 2976 wrote to memory of 908	2976	msedge.exe	113
PID 2976 wrote to memory of 908	2976	msedge.exe	113
PID 2976 wrote to memory of 908	2976	msedge.exe	113
PID 2976 wrote to memory of 908	2976	msedge.exe	113
PID 2976 wrote to memory of 908	2976	msedge.exe	113
PID 2976 wrote to memory of 908	2976	msedge.exe	113
PID 2976 wrote to memory of 908	2976	msedge.exe	113
PID 2976 wrote to memory of 908	2976	msedge.exe	113
PID 2976 wrote to memory of 908	2976	msedge.exe	113
PID 2976 wrote to memory of 908	2976	msedge.exe	113

C:\Users\Admin\AppData\Local\Temp\4ukeyforandroid_pfnet.exe
"C:\Users\Admin\AppData\Local\Temp\4ukeyforandroid_pfnet.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4976
- C:\Users\Admin\AppData\Local\Temp\is-H35BK.tmp\4ukeyforandroid_pfnet.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-H35BK.tmp\4ukeyforandroid_pfnet.tmp" /SL5="$A004C,66268897,575488,C:\Users\Admin\AppData\Local\Temp\4ukeyforandroid_pfnet.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of FindShellTrayWindow
  PID:1672

C:\Program Files (x86)\PassFab Android Unlocker\Start.exe
"C:\Program Files (x86)\PassFab Android Unlocker\Start.exe"
1⤵
- Executes dropped EXE
- Checks computer location settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2324
- C:\Program Files (x86)\PassFab Android Unlocker\PassFabAndroidUnlocker.exe
  "C:\Program Files (x86)\PassFab Android Unlocker\PassFabAndroidUnlocker.exe"
  2⤵
  - Executes dropped EXE
  - Checks computer location settings
  - Loads dropped DLL
  - Suspicious use of NtSetInformationThreadHideFromDebugger
  - Modifies Internet Explorer settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:2948
- - C:\Program Files (x86)\PassFab Android Unlocker\Monitor\Monitor.exe
    "C:\Program Files (x86)\PassFab Android Unlocker\Monitor\Monitor.exe" 2948(#-+)UA-116569081-3(#-+)PassFab Android Unlocker(#-+)2.5.3.2(#-+)&cd1=2.5.3.2&cd2=0&cd3=passfabnet(#-+)1
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:4792
- - C:\Windows\SysWOW64\cmd.exe
    /c netstat -ano | findstr "5037" | findstr LISTENING
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:4876
  - - C:\Windows\SysWOW64\NETSTAT.EXE
      netstat -ano
      4⤵
      Gathers network information
      Suspicious use of AdjustPrivilegeToken
      PID:4408
  - - C:\Windows\SysWOW64\findstr.exe
      findstr "5037"
      4⤵
      PID:3164
  - - C:\Windows\SysWOW64\findstr.exe
      findstr LISTENING
      4⤵
      PID:2256
- - C:\Program Files (x86)\PassFab Android Unlocker\TS_Android\cert\certutil.exe
    "C:\Program Files (x86)\PassFab Android Unlocker\TS_Android\cert\certutil.exe" -addstore TrustedPublisher TenorshareKey.cer
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Drops file in Windows directory
    - Suspicious use of SetWindowsHookEx
    PID:4160
- - C:\Program Files (x86)\PassFab Android Unlocker\TS_Android\cert\certutil.exe
    "C:\Program Files (x86)\PassFab Android Unlocker\TS_Android\cert\certutil.exe" -addstore root TenorshareKey.cer
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Drops file in Windows directory
    - Suspicious use of SetWindowsHookEx
    PID:4200
- - C:\Program Files (x86)\PassFab Android Unlocker\TS_Android\InstallAndDriver.exe
    "C:\Program Files (x86)\PassFab Android Unlocker\TS_Android\InstallAndDriver.exe"
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of SetWindowsHookEx
    PID:4356
- - C:\Program Files (x86)\PassFab Android Unlocker\repair.exe
    "C:\Program Files (x86)\PassFab Android Unlocker\repair.exe"
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2216
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://cbs.passfab.com/go?pid=2096&a=i&v=2.5.3
    3⤵
    - Adds Run key to start application
    - Enumerates system info in registry
    - Modifies registry class
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    - Suspicious use of WriteProcessMemory
    PID:2976
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffa105746f8,0x7ffa10574708,0x7ffa10574718
      4⤵
      PID:3576
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2176,9659064258459574492,17503414595750656272,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2184 /prefetch:2
      4⤵
      PID:908
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2176,9659064258459574492,17503414595750656272,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2312 /prefetch:3
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:4608
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2176,9659064258459574492,17503414595750656272,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2716 /prefetch:8
      4⤵
      PID:4252
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,9659064258459574492,17503414595750656272,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
      4⤵
      PID:3984
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,9659064258459574492,17503414595750656272,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1
      4⤵
      PID:2644
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2176,9659064258459574492,17503414595750656272,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5252 /prefetch:8
      4⤵
      PID:4896
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,9659064258459574492,17503414595750656272,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4708 /prefetch:1
      4⤵
      PID:4860
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2176,9659064258459574492,17503414595750656272,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5004 /prefetch:8
      4⤵
      PID:4684
- - C:\Program Files (x86)\PassFab Android Unlocker\TS_Android\DPInst64.exe
    "C:\Program Files (x86)\PassFab Android Unlocker\TS_Android\DPInst64.exe" /F /D /SW /PATH mobiledrv
    3⤵
    - Executes dropped EXE
    - Drops file in System32 directory
    - Drops file in Windows directory
    - Checks SCSI registry key(s)
    - Suspicious use of SetWindowsHookEx
    PID:2240
- - C:\Windows\SysWOW64\cmd.exe
    /c netstat -ano | findstr "5037" | findstr LISTENING
    3⤵
    PID:3268
  - - C:\Windows\SysWOW64\NETSTAT.EXE
      netstat -ano
      4⤵
      Gathers network information
      Suspicious use of AdjustPrivilegeToken
      PID:1692
  - - C:\Windows\SysWOW64\findstr.exe
      findstr "5037"
      4⤵
      PID:4848
  - - C:\Windows\SysWOW64\findstr.exe
      findstr LISTENING
      4⤵
      PID:4856
- - C:\Program Files (x86)\PassFab Android Unlocker\TS_Android\adb\adb.exe
    adb -L tcp:5037 fork-server server --reply-fd 3680
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3824
- - C:\Windows\SysWOW64\cmd.exe
    /c netstat -ano | findstr "5037" | findstr LISTENING
    3⤵
    PID:1440
  - - C:\Windows\SysWOW64\NETSTAT.EXE
      netstat -ano
      4⤵
      Gathers network information
      Suspicious use of AdjustPrivilegeToken
      PID:5100
  - - C:\Windows\SysWOW64\findstr.exe
      findstr "5037"
      4⤵
      PID:3572
  - - C:\Windows\SysWOW64\findstr.exe
      findstr LISTENING
      4⤵
      PID:3776
- - C:\Windows\SysWOW64\cmd.exe
    "cmd.exe" /C TASKKILL /F /IM fastboot.exe /T
    3⤵
    PID:1868
  - - C:\Windows\SysWOW64\taskkill.exe
      TASKKILL /F /IM fastboot.exe /T
      4⤵
      Kills process with taskkill
      Suspicious use of AdjustPrivilegeToken
      PID:3924
- - C:\Windows\SysWOW64\cmd.exe
    "cmd.exe" /C TASKKILL /F /IM adb.exe /T
    3⤵
    PID:4332
  - - C:\Windows\SysWOW64\taskkill.exe
      TASKKILL /F /IM adb.exe /T
      4⤵
      Kills process with taskkill
      Suspicious use of AdjustPrivilegeToken
      PID:2072
- - C:\Windows\SysWOW64\cmd.exe
    "cmd.exe" /C TASKKILL /F /IM repair.exe /T
    3⤵
    PID:1880
  - - C:\Windows\SysWOW64\taskkill.exe
      TASKKILL /F /IM repair.exe /T
      4⤵
      Kills process with taskkill
      Suspicious use of AdjustPrivilegeToken
      PID:3232
- - C:\Windows\SysWOW64\cmd.exe
    "cmd.exe" /C TASKKILL /F /IM InstallAndDriver.exe /T
    3⤵
    PID:2064
  - - C:\Windows\SysWOW64\taskkill.exe
      TASKKILL /F /IM InstallAndDriver.exe /T
      4⤵
      Kills process with taskkill
      Suspicious use of AdjustPrivilegeToken
      PID:3504
- - C:\Windows\SysWOW64\cmd.exe
    /c netstat -ano | findstr "5037" | findstr LISTENING
    3⤵
    PID:548
  - - C:\Windows\SysWOW64\NETSTAT.EXE
      netstat -ano
      4⤵
      Gathers network information
      Suspicious use of AdjustPrivilegeToken
      PID:1984
  - - C:\Windows\SysWOW64\findstr.exe
      findstr "5037"
      4⤵
      PID:4828
  - - C:\Windows\SysWOW64\findstr.exe
      findstr LISTENING
      4⤵
      PID:628
- - C:\Windows\SysWOW64\cmd.exe
    "cmd.exe" /C TASKKILL /F /IM fastboot.exe /T
    3⤵
    PID:2324
  - - C:\Windows\SysWOW64\taskkill.exe
      TASKKILL /F /IM fastboot.exe /T
      4⤵
      Kills process with taskkill
      Suspicious use of AdjustPrivilegeToken
      PID:1484
- - C:\Windows\SysWOW64\cmd.exe
    "cmd.exe" /C TASKKILL /F /IM adb.exe /T
    3⤵
    PID:1076
  - - C:\Windows\SysWOW64\taskkill.exe
      TASKKILL /F /IM adb.exe /T
      4⤵
      Kills process with taskkill
      Suspicious use of AdjustPrivilegeToken
      PID:1904
- - C:\Windows\SysWOW64\cmd.exe
    "cmd.exe" /C TASKKILL /F /IM repair.exe /T
    3⤵
    PID:1116
  - - C:\Windows\SysWOW64\taskkill.exe
      TASKKILL /F /IM repair.exe /T
      4⤵
      Kills process with taskkill
      Suspicious use of AdjustPrivilegeToken
      PID:4416
- - C:\Windows\SysWOW64\cmd.exe
    "cmd.exe" /C TASKKILL /F /IM InstallAndDriver.exe /T
    3⤵
    PID:908
  - - C:\Windows\SysWOW64\taskkill.exe
      TASKKILL /F /IM InstallAndDriver.exe /T
      4⤵
      Kills process with taskkill
      Suspicious use of AdjustPrivilegeToken
      PID:4480

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch -p -s DeviceInstall
1⤵
- Drops file in Windows directory
- Checks SCSI registry key(s)
- Suspicious use of AdjustPrivilegeToken
PID:4956
- C:\Windows\system32\DrvInst.exe
  DrvInst.exe "4" "0" "C:\Users\Admin\AppData\Local\Temp\{f842a5ff-dcb0-9a4a-b8ee-c589ee6a0d50}\android_general.inf" "9" "45dc937b3" "0000000000000144" "WinSta0\Default" "0000000000000154" "208" "c:\program files (x86)\passfab android unlocker\ts_android\mobiledrv"
  2⤵
  - Drops file in System32 directory
  - Drops file in Windows directory
  - Checks SCSI registry key(s)
  - Modifies data under HKEY_USERS
  PID:4268
- - C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Windows\system32\pnpui.dll,InstallSecurityPromptRunDllW 20 Global\{283b6645-fc50-c84b-ab98-f454f73be70e} Global\{3ae655ae-e4c4-2644-adbe-915daf709105} C:\Windows\System32\DriverStore\Temp\{d56ffb40-1828-cb49-8744-aa7407a50aac}\android_general.inf C:\Windows\System32\DriverStore\Temp\{d56ffb40-1828-cb49-8744-aa7407a50aac}\android_general.cat
    3⤵
    PID:2840
- C:\Windows\system32\DrvInst.exe
  DrvInst.exe "4" "0" "C:\Users\Admin\AppData\Local\Temp\{908743fb-3a2a-a14e-9000-5388bce70414}\android_winusb.inf" "9" "42f50dacf" "0000000000000164" "WinSta0\Default" "0000000000000154" "208" "c:\program files (x86)\passfab android unlocker\ts_android\mobiledrv"
  2⤵
  - Drops file in System32 directory
  - Drops file in Windows directory
  - Modifies data under HKEY_USERS
  PID:3904
- C:\Windows\system32\DrvInst.exe
  DrvInst.exe "4" "0" "C:\Users\Admin\AppData\Local\Temp\{b9576227-e566-2f4c-a579-37bcf400c423}\ssudadb.inf" "9" "4c51e144b" "0000000000000154" "WinSta0\Default" "0000000000000160" "208" "c:\program files (x86)\passfab android unlocker\ts_android\mobiledrv"
  2⤵
  - Drops file in System32 directory
  - Drops file in Windows directory
  - Checks SCSI registry key(s)
  - Modifies data under HKEY_USERS
  PID:1548
- C:\Windows\system32\DrvInst.exe
  DrvInst.exe "4" "0" "C:\Users\Admin\AppData\Local\Temp\{a95ea746-8cc9-854c-bf39-61bc3c340cab}\ssudbus.inf" "9" "47af3668b" "0000000000000160" "WinSta0\Default" "0000000000000110" "208" "c:\program files (x86)\passfab android unlocker\ts_android\mobiledrv"
  2⤵
  - Drops file in System32 directory
  - Drops file in Windows directory
  - Checks SCSI registry key(s)
  - Modifies data under HKEY_USERS
  PID:1416
- C:\Windows\system32\DrvInst.exe
  DrvInst.exe "4" "0" "C:\Users\Admin\AppData\Local\Temp\{6f05d760-08dc-6b4e-9e19-4feb5db875cd}\ssudmdm.inf" "9" "4afd3e89b" "0000000000000110" "WinSta0\Default" "0000000000000184" "208" "c:\program files (x86)\passfab android unlocker\ts_android\mobiledrv"
  2⤵
  - Drops file in System32 directory
  - Drops file in Windows directory
  - Checks SCSI registry key(s)
  - Modifies data under HKEY_USERS
  PID:3664

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1804

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2672

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Command-Line Interface

T1059

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\PassFab Android Unlocker\AdbSdk.dll

Filesize
211KB

MD5
1057050b7e7e5396b13b6bf4620d5cd2

SHA1
ac7116abf369df7424c0e471dd62b721d6c81e13

SHA256
00485ce1615c0f7e33f6117e76787465c1d22628ac6bff7243ccd9754b1b9a2f

SHA512
5f03d8711a9155bc8f48c68037cafd65e556e8846397dac97e16d926a8ec1e9f0efc3979752782fe43fc201ceec5bbb89f7ecb7ef39db4396cb38dbfaf377999

Download Submit
C:\Program Files (x86)\PassFab Android Unlocker\AdbSdk.dll

Filesize
211KB

MD5
1057050b7e7e5396b13b6bf4620d5cd2

SHA1
ac7116abf369df7424c0e471dd62b721d6c81e13

SHA256
00485ce1615c0f7e33f6117e76787465c1d22628ac6bff7243ccd9754b1b9a2f

SHA512
5f03d8711a9155bc8f48c68037cafd65e556e8846397dac97e16d926a8ec1e9f0efc3979752782fe43fc201ceec5bbb89f7ecb7ef39db4396cb38dbfaf377999

Download Submit
C:\Program Files (x86)\PassFab Android Unlocker\AdbWinApi.DLL

Filesize
112KB

MD5
7b494ee5ba7fdc0c9635895816843302

SHA1
6c0381f68176f9291e75c98862bcfcf4ae7526c8

SHA256
33921a8174b073341da10c9f7687f69378c6d487787be7990cc34b8fa2ac7f4a

SHA512
dcf91751c51172e5a94e4d5441df9eda76c68aa75be1922aaae5a9000b3532b44ca1a96eef28ad6da459102d1615e0134e3dccb4777c35587875752b69b08407

Download Submit
C:\Program Files (x86)\PassFab Android Unlocker\AdbWinApi.dll

Filesize
112KB

MD5
7b494ee5ba7fdc0c9635895816843302

SHA1
6c0381f68176f9291e75c98862bcfcf4ae7526c8

SHA256
33921a8174b073341da10c9f7687f69378c6d487787be7990cc34b8fa2ac7f4a

SHA512
dcf91751c51172e5a94e4d5441df9eda76c68aa75be1922aaae5a9000b3532b44ca1a96eef28ad6da459102d1615e0134e3dccb4777c35587875752b69b08407

Download Submit
C:\Program Files (x86)\PassFab Android Unlocker\AndriodPDALibrary.dll

Filesize
28KB

MD5
7a6e02a6eabda360412153a28b01873b

SHA1
beb0e447a4c7178897ad9cc05dff71e65e48909e

SHA256
7819d2d2d5477e9f480c52488e6cb8b9cc43b353ead3c67e6ddd9b07466ece09

SHA512
78035db36d61525b212f94340bd74afe3b4be3c0d4b89135238011e8936fa2f7be9bd18a861a9c3f6bf63c6ef92c5f72df2a2f216df4c5347cf1845a0a756c9c

Download Submit
C:\Program Files (x86)\PassFab Android Unlocker\AndriodPDALibrary.dll

Filesize
28KB

MD5
7a6e02a6eabda360412153a28b01873b

SHA1
beb0e447a4c7178897ad9cc05dff71e65e48909e

SHA256
7819d2d2d5477e9f480c52488e6cb8b9cc43b353ead3c67e6ddd9b07466ece09

SHA512
78035db36d61525b212f94340bd74afe3b4be3c0d4b89135238011e8936fa2f7be9bd18a861a9c3f6bf63c6ef92c5f72df2a2f216df4c5347cf1845a0a756c9c

Download Submit
C:\Program Files (x86)\PassFab Android Unlocker\AndroidConnectSDK.dll

Filesize
203KB

MD5
f9e0f4b53405dcba6d04ba9eedb67613

SHA1
03ef788735f82e3824f097c1f00141d823306c47

SHA256
355ab56c9edb871ed71915a546c0f30027dfed88a0d595717e4b732286e5d2d2

SHA512
dc705af8142a0b8e938cd911baab520e43f26d384e112f24f74461a11ca48af2bebccdf34634f59aafdc2e8b75d975a35e9c6b272e68ba5f9ceb2e2acc4558ae

Download Submit
C:\Program Files (x86)\PassFab Android Unlocker\AndroidConnectSDK.dll

Filesize
203KB

MD5
f9e0f4b53405dcba6d04ba9eedb67613

SHA1
03ef788735f82e3824f097c1f00141d823306c47

SHA256
355ab56c9edb871ed71915a546c0f30027dfed88a0d595717e4b732286e5d2d2

SHA512
dc705af8142a0b8e938cd911baab520e43f26d384e112f24f74461a11ca48af2bebccdf34634f59aafdc2e8b75d975a35e9c6b272e68ba5f9ceb2e2acc4558ae

Download Submit
C:\Program Files (x86)\PassFab Android Unlocker\AndroidProc.dll

Filesize
677KB

MD5
07ee48548eacdb25989fbeee6536260b

SHA1
6c6f609f24e96a7aad3d9fc5819951e5ac21a4bb

SHA256
9b83dc6093dbe64ce817eaa2dc79287796680b1dab3258f2895997d8a78a8586

SHA512
085b7358de9a39a8799f7d6a3cf7bef231319a9a6dc9a9f61e1d369a7df1d42548d8a9fc55203a490d9ea1a425f39a3e8f7bb5245a3d4b9bf3efb01140455be6

Download Submit
C:\Program Files (x86)\PassFab Android Unlocker\AndroidProc.dll

Filesize
677KB

MD5
07ee48548eacdb25989fbeee6536260b

SHA1
6c6f609f24e96a7aad3d9fc5819951e5ac21a4bb

SHA256
9b83dc6093dbe64ce817eaa2dc79287796680b1dab3258f2895997d8a78a8586

SHA512
085b7358de9a39a8799f7d6a3cf7bef231319a9a6dc9a9f61e1d369a7df1d42548d8a9fc55203a490d9ea1a425f39a3e8f7bb5245a3d4b9bf3efb01140455be6

Download Submit
C:\Program Files (x86)\PassFab Android Unlocker\AndroidProc.dll

Filesize
677KB

MD5
07ee48548eacdb25989fbeee6536260b

SHA1
6c6f609f24e96a7aad3d9fc5819951e5ac21a4bb

SHA256
9b83dc6093dbe64ce817eaa2dc79287796680b1dab3258f2895997d8a78a8586

SHA512
085b7358de9a39a8799f7d6a3cf7bef231319a9a6dc9a9f61e1d369a7df1d42548d8a9fc55203a490d9ea1a425f39a3e8f7bb5245a3d4b9bf3efb01140455be6

Download Submit
C:\Program Files (x86)\PassFab Android Unlocker\AndroidProc.dll

Filesize
677KB

MD5
07ee48548eacdb25989fbeee6536260b

SHA1
6c6f609f24e96a7aad3d9fc5819951e5ac21a4bb

SHA256
9b83dc6093dbe64ce817eaa2dc79287796680b1dab3258f2895997d8a78a8586

SHA512
085b7358de9a39a8799f7d6a3cf7bef231319a9a6dc9a9f61e1d369a7df1d42548d8a9fc55203a490d9ea1a425f39a3e8f7bb5245a3d4b9bf3efb01140455be6

Download Submit
C:\Program Files (x86)\PassFab Android Unlocker\AppService.dll

Filesize
221KB

MD5
dbdecbcc732092552b06119b1ce64cea

SHA1
21b61b07a871bae94028b5d94e294a5a3a0a7c6a

SHA256
cc50a3ebac39aab601970c5c1b5f45833bde2ce1b915796e60112024fb9a5edd

SHA512
40086e09309ca1bf34c01703f83e291b3ad96bdd08fa77404749b8c3ec0899d40b22e2ca327c1d39b39ef90f6a654bb4d06771f4f7c1f1cca2e6a8d3d773a203

Download Submit
C:\Program Files (x86)\PassFab Android Unlocker\AppService.dll

Filesize
221KB

MD5
dbdecbcc732092552b06119b1ce64cea

SHA1
21b61b07a871bae94028b5d94e294a5a3a0a7c6a

SHA256
cc50a3ebac39aab601970c5c1b5f45833bde2ce1b915796e60112024fb9a5edd

SHA512
40086e09309ca1bf34c01703f83e291b3ad96bdd08fa77404749b8c3ec0899d40b22e2ca327c1d39b39ef90f6a654bb4d06771f4f7c1f1cca2e6a8d3d773a203

Download Submit
C:\Program Files (x86)\PassFab Android Unlocker\AppService.dll

Filesize
221KB

MD5
dbdecbcc732092552b06119b1ce64cea

SHA1
21b61b07a871bae94028b5d94e294a5a3a0a7c6a

SHA256
cc50a3ebac39aab601970c5c1b5f45833bde2ce1b915796e60112024fb9a5edd

SHA512
40086e09309ca1bf34c01703f83e291b3ad96bdd08fa77404749b8c3ec0899d40b22e2ca327c1d39b39ef90f6a654bb4d06771f4f7c1f1cca2e6a8d3d773a203

Download Submit
C:\Program Files (x86)\PassFab Android Unlocker\DownloadDemo.dll

Filesize
59KB

MD5
81a7aa5dadf0bb9faaadb421648ea503

SHA1
5bff4bfeae490df95eb740b18898c56394daa680

SHA256
fc8ae5c0bc81bb7e5739888f7db7916a96ce68f93215a31f00092251f461fba1

SHA512
6fa33078df450d97dfe6c4af7bd6ad9266aeaec322d231da047bc9e9e854aec31c7214e09a93824cbe425cf3033a8fd2dc41c5496d072e50d8f6724b9e182f7c

Download Submit
C:\Program Files (x86)\PassFab Android Unlocker\DownloadDemo.dll

Filesize
59KB

MD5
81a7aa5dadf0bb9faaadb421648ea503

SHA1
5bff4bfeae490df95eb740b18898c56394daa680

SHA256
fc8ae5c0bc81bb7e5739888f7db7916a96ce68f93215a31f00092251f461fba1

SHA512
6fa33078df450d97dfe6c4af7bd6ad9266aeaec322d231da047bc9e9e854aec31c7214e09a93824cbe425cf3033a8fd2dc41c5496d072e50d8f6724b9e182f7c

Download Submit
C:\Program Files (x86)\PassFab Android Unlocker\DownloadDemo.dll

Filesize
59KB

MD5
81a7aa5dadf0bb9faaadb421648ea503

SHA1
5bff4bfeae490df95eb740b18898c56394daa680

SHA256
fc8ae5c0bc81bb7e5739888f7db7916a96ce68f93215a31f00092251f461fba1

SHA512
6fa33078df450d97dfe6c4af7bd6ad9266aeaec322d231da047bc9e9e854aec31c7214e09a93824cbe425cf3033a8fd2dc41c5496d072e50d8f6724b9e182f7c

Download Submit
C:\Program Files (x86)\PassFab Android Unlocker\FileReport.dll

Filesize
107KB

MD5
f1c9d5d306e140d84ba457071d82b0a3

SHA1
29bedd6cbc8bea6cf604f5801410dba8d84e8331

SHA256
a3a3fcf435354eaa794a026d48c8f98f28d209aece6b35a860cce516792f8d0f

SHA512
19c2429bf4ec9d373d859b29a220926825feb7d78d2f79b14662e49cb2646cf7a0e71a7f2f5c4ea735d2880fec03949f3fc43a4bd10c4596a55241f159a446e4

Download Submit
C:\Program Files (x86)\PassFab Android Unlocker\FileReport.dll

Filesize
107KB

MD5
f1c9d5d306e140d84ba457071d82b0a3

SHA1
29bedd6cbc8bea6cf604f5801410dba8d84e8331

SHA256
a3a3fcf435354eaa794a026d48c8f98f28d209aece6b35a860cce516792f8d0f

SHA512
19c2429bf4ec9d373d859b29a220926825feb7d78d2f79b14662e49cb2646cf7a0e71a7f2f5c4ea735d2880fec03949f3fc43a4bd10c4596a55241f159a446e4

Download Submit
C:\Program Files (x86)\PassFab Android Unlocker\MSVCP140.dll

Filesize
448KB

MD5
21a63075035e3b4f6d409f0523c2342f

SHA1
806c8a556ed67ee47bd8f14b63a31ca5940e7e0b

SHA256
d71ddce485b041881ecce881536da3ac61ae06c2fd233208acae5314f11f0f53

SHA512
3f7aeec57630aebb17cd4f454ed7a0507a8095b88519e0e7a8b9f056daa605da03a89b24d8a664530607cdc3ca352a702a372bfbba441b6b26b63bf619c96d94

Download Submit
C:\Program Files (x86)\PassFab Android Unlocker\NetFrameCheck.db

Filesize
10KB

MD5
e7d71bde50dd9d25d6a4bf7a5cdfbae8

SHA1
7ac7951a9094d557740463ff4333e4b46bebb896

SHA256
f05b9b909a7cd15e7a77587b91c6222ef0d086c587c1340456b9feb8082da654

SHA512
177366332b4a70cb4ef1ea43979edd8d5a01fa09f8aa2c1585d3c7dc6d073d1729f48d6cb3b2b27fe767e2cdc966db57b0c42e1ea493394dc08484dd1a92f9cd

Download Submit
C:\Program Files (x86)\PassFab Android Unlocker\PassFabAndroidUnlocker.exe

Filesize
17.5MB

MD5
1beae9b50210a9ef0a5dc7414d742bdb

SHA1
84496692e6e76fea74f5bf4f7bcc9d74c3a28190

SHA256
07c440fd9ea3662433b46ee22e993600252fd9cdd64733aafbb7266c99b075ed

SHA512
7c425e8ad8e79820f841eb04a49a0fc4e09997115a825e94722bbf223df6fa60b980ff43306734a3c07b2e459505f17fd9d70c759be08f42859c7b574c3e4309

Download Submit
C:\Program Files (x86)\PassFab Android Unlocker\PassFabAndroidUnlocker.exe

Filesize
17.5MB

MD5
1beae9b50210a9ef0a5dc7414d742bdb

SHA1
84496692e6e76fea74f5bf4f7bcc9d74c3a28190

SHA256
07c440fd9ea3662433b46ee22e993600252fd9cdd64733aafbb7266c99b075ed

SHA512
7c425e8ad8e79820f841eb04a49a0fc4e09997115a825e94722bbf223df6fa60b980ff43306734a3c07b2e459505f17fd9d70c759be08f42859c7b574c3e4309

Download Submit
C:\Program Files (x86)\PassFab Android Unlocker\PassFabAndroidUnlocker.exe.config

Filesize
3KB

MD5
4a73ace0eb8089ac390dfd9f15244ce7

SHA1
8b86c209eb0192adb61915636cee27f3e65c8cd6

SHA256
60c84c835694ca792bd94115998effa536ab044ccf0ebe3240ebfaff8f648593

SHA512
d5f55ccb3bbbf2900f81dcdd3aff5f312c06558c8fc970cb365435174d65438762cf24b38c560989624bde6126b0e6b15221ddd785ce47c427a8af8f9369bf05

Download Submit
C:\Program Files (x86)\PassFab Android Unlocker\Register.dll

Filesize
6.6MB

MD5
512879dd90f217478cd4b09310e3bb3c

SHA1
a88a263bd9534f8218fc1cf71c968e0169981060

SHA256
835fb681d5f8802f860aac53ad1d133c21858bcf2ab1c365f05fd0ca07aefa9e

SHA512
5cb59940cd12fd8e8d4dafa62d5fce56ec301a2f3c801112fdb43487728ae3b5fa1434f050602738b6807557b6f255aa8a0c6a013d34e47ee6974bc0e662ca0a

Download Submit
C:\Program Files (x86)\PassFab Android Unlocker\Register.dll

Filesize
6.6MB

MD5
512879dd90f217478cd4b09310e3bb3c

SHA1
a88a263bd9534f8218fc1cf71c968e0169981060

SHA256
835fb681d5f8802f860aac53ad1d133c21858bcf2ab1c365f05fd0ca07aefa9e

SHA512
5cb59940cd12fd8e8d4dafa62d5fce56ec301a2f3c801112fdb43487728ae3b5fa1434f050602738b6807557b6f255aa8a0c6a013d34e47ee6974bc0e662ca0a

Download Submit
C:\Program Files (x86)\PassFab Android Unlocker\RegisterAndLog.dll

Filesize
705KB

MD5
f579cbd456fcf2c80cd02faa42d19979

SHA1
6cf16b71c203333f2ae9bb99ca5d8e7141fef874

SHA256
7639a5d963a6db5462684ee4fb0c8dec315048b01573e8dd8ff1b84822baf4aa

SHA512
5c3c61cfde4e63663484cc44e2e61109573a0dfa77b61f28131c0526cebc7180d16e9fe1e0c8df89cc5d84ba34a6a66bb48408579e41b91ec332492949a103aa

Download Submit
C:\Program Files (x86)\PassFab Android Unlocker\RegisterAndLog.dll

Filesize
705KB

MD5
f579cbd456fcf2c80cd02faa42d19979

SHA1
6cf16b71c203333f2ae9bb99ca5d8e7141fef874

SHA256
7639a5d963a6db5462684ee4fb0c8dec315048b01573e8dd8ff1b84822baf4aa

SHA512
5c3c61cfde4e63663484cc44e2e61109573a0dfa77b61f28131c0526cebc7180d16e9fe1e0c8df89cc5d84ba34a6a66bb48408579e41b91ec332492949a103aa

Download Submit
C:\Program Files (x86)\PassFab Android Unlocker\RegisterAndLog.dll

Filesize
705KB

MD5
f579cbd456fcf2c80cd02faa42d19979

SHA1
6cf16b71c203333f2ae9bb99ca5d8e7141fef874

SHA256
7639a5d963a6db5462684ee4fb0c8dec315048b01573e8dd8ff1b84822baf4aa

SHA512
5c3c61cfde4e63663484cc44e2e61109573a0dfa77b61f28131c0526cebc7180d16e9fe1e0c8df89cc5d84ba34a6a66bb48408579e41b91ec332492949a103aa

Download Submit
C:\Program Files (x86)\PassFab Android Unlocker\RegisterAndLog.dll

Filesize
705KB

MD5
f579cbd456fcf2c80cd02faa42d19979

SHA1
6cf16b71c203333f2ae9bb99ca5d8e7141fef874

SHA256
7639a5d963a6db5462684ee4fb0c8dec315048b01573e8dd8ff1b84822baf4aa

SHA512
5c3c61cfde4e63663484cc44e2e61109573a0dfa77b61f28131c0526cebc7180d16e9fe1e0c8df89cc5d84ba34a6a66bb48408579e41b91ec332492949a103aa

Download Submit
C:\Program Files (x86)\PassFab Android Unlocker\RepairDeviceDll.dll

Filesize
74KB

MD5
f86b9c76a76faa8b4922e59638d6000d

SHA1
97696e216013e800233a632a2f4d5bbe28bd1c8a

SHA256
59466cade9daf99d6f6eb93282bcab5bbda01b30a724fca51d239cc4ff11605a

SHA512
915dceee46d341f28d309f00e1dd984b2af08ac0a251810746b4836c28b8e508fa6622f4a183a5449907da0cea8ee52422935c2f5f9b6a875c8d94f1956a97f2

Download Submit
C:\Program Files (x86)\PassFab Android Unlocker\RepairDeviceDll.dll

Filesize
74KB

MD5
f86b9c76a76faa8b4922e59638d6000d

SHA1
97696e216013e800233a632a2f4d5bbe28bd1c8a

SHA256
59466cade9daf99d6f6eb93282bcab5bbda01b30a724fca51d239cc4ff11605a

SHA512
915dceee46d341f28d309f00e1dd984b2af08ac0a251810746b4836c28b8e508fa6622f4a183a5449907da0cea8ee52422935c2f5f9b6a875c8d94f1956a97f2

Download Submit
C:\Program Files (x86)\PassFab Android Unlocker\RepairDeviceDll.dll

Filesize
74KB

MD5
f86b9c76a76faa8b4922e59638d6000d

SHA1
97696e216013e800233a632a2f4d5bbe28bd1c8a

SHA256
59466cade9daf99d6f6eb93282bcab5bbda01b30a724fca51d239cc4ff11605a

SHA512
915dceee46d341f28d309f00e1dd984b2af08ac0a251810746b4836c28b8e508fa6622f4a183a5449907da0cea8ee52422935c2f5f9b6a875c8d94f1956a97f2

Download Submit
C:\Program Files (x86)\PassFab Android Unlocker\RepairDeviceDll.dll

Filesize
74KB

MD5
f86b9c76a76faa8b4922e59638d6000d

SHA1
97696e216013e800233a632a2f4d5bbe28bd1c8a

SHA256
59466cade9daf99d6f6eb93282bcab5bbda01b30a724fca51d239cc4ff11605a

SHA512
915dceee46d341f28d309f00e1dd984b2af08ac0a251810746b4836c28b8e508fa6622f4a183a5449907da0cea8ee52422935c2f5f9b6a875c8d94f1956a97f2

Download Submit
C:\Program Files (x86)\PassFab Android Unlocker\SoftwareLog.dll

Filesize
320KB

MD5
8413ca55ee0b68de7a7b6ba16cda6207

SHA1
0f0419a4a88ebcafcaa4fb6336631e73877e97d4

SHA256
7c93ccb6a8f087368b255e04a56172d8f666ad1f824cd4cb2e9a6b6cb3e37b6e

SHA512
2803f56b2cfe3109624d7018bad131e8431047c94fbd9de7342d6e9590c22ab7617a75f7393bece09d1d234e5c7fe747d8796a982e02698cfd6b73927d8ec80b

Download Submit
C:\Program Files (x86)\PassFab Android Unlocker\SoftwareLog.dll

Filesize
320KB

MD5
8413ca55ee0b68de7a7b6ba16cda6207

SHA1
0f0419a4a88ebcafcaa4fb6336631e73877e97d4

SHA256
7c93ccb6a8f087368b255e04a56172d8f666ad1f824cd4cb2e9a6b6cb3e37b6e

SHA512
2803f56b2cfe3109624d7018bad131e8431047c94fbd9de7342d6e9590c22ab7617a75f7393bece09d1d234e5c7fe747d8796a982e02698cfd6b73927d8ec80b

Download Submit
C:\Program Files (x86)\PassFab Android Unlocker\Start.exe

Filesize
5.0MB

MD5
6345e59fd03e9473711496209b9e7af6

SHA1
20dd386e8881178a08f8f5337e37774b41a39814

SHA256
59635f9dc0cf52931b6e3cd629da9d292c8e149441850e997159734271a648ed

SHA512
ef43965f12f08c77184f17c2e3d7718db8de21c0f522ad34679175a82124ca39d93cbd9f2f5dadf57637b7fdb42085bbd6dc089f58b25a2cb03cc7c2e2b08e21

Download Submit
C:\Program Files (x86)\PassFab Android Unlocker\Start.exe

Filesize
5.0MB

MD5
6345e59fd03e9473711496209b9e7af6

SHA1
20dd386e8881178a08f8f5337e37774b41a39814

SHA256
59635f9dc0cf52931b6e3cd629da9d292c8e149441850e997159734271a648ed

SHA512
ef43965f12f08c77184f17c2e3d7718db8de21c0f522ad34679175a82124ca39d93cbd9f2f5dadf57637b7fdb42085bbd6dc089f58b25a2cb03cc7c2e2b08e21

Download Submit
C:\Program Files (x86)\PassFab Android Unlocker\System.Windows.Interactivity.dll

Filesize
56KB

MD5
34dbab0a2010e066e6f4591c86d11a3b

SHA1
c6fb4b5693546e9eeab1e0fae8196778be508d14

SHA256
f723e01fbe1daac5fe9aeaa0249e5113a85ca547ad332a7caf01f6d124764999

SHA512
bfca2e23d05e2518784bc9dcfd261e18f06e618c6fdcc42d2379b1e3dedb4fed053bec416a28906b5b271e833541f26e6d8d8dc9c2d5254f7290e70c3b3a36e7

Download Submit
C:\Program Files (x86)\PassFab Android Unlocker\System.Windows.Interactivity.dll

Filesize
56KB

MD5
34dbab0a2010e066e6f4591c86d11a3b

SHA1
c6fb4b5693546e9eeab1e0fae8196778be508d14

SHA256
f723e01fbe1daac5fe9aeaa0249e5113a85ca547ad332a7caf01f6d124764999

SHA512
bfca2e23d05e2518784bc9dcfd261e18f06e618c6fdcc42d2379b1e3dedb4fed053bec416a28906b5b271e833541f26e6d8d8dc9c2d5254f7290e70c3b3a36e7

Download Submit
C:\Program Files (x86)\PassFab Android Unlocker\System.Windows.Interactivity.dll

Filesize
56KB

MD5
34dbab0a2010e066e6f4591c86d11a3b

SHA1
c6fb4b5693546e9eeab1e0fae8196778be508d14

SHA256
f723e01fbe1daac5fe9aeaa0249e5113a85ca547ad332a7caf01f6d124764999

SHA512
bfca2e23d05e2518784bc9dcfd261e18f06e618c6fdcc42d2379b1e3dedb4fed053bec416a28906b5b271e833541f26e6d8d8dc9c2d5254f7290e70c3b3a36e7

Download Submit
C:\Program Files (x86)\PassFab Android Unlocker\TS.UI.dll

Filesize
351KB

MD5
abdab48c954afca185adbc44f3e1488d

SHA1
c8d790a1e28edb45e7d0aa44ca8a419c3d56fa4b

SHA256
ae0a44e7d425ef4700958506358aa483667bace2f78a3a5eed87fd34234fc627

SHA512
6c85806f1a039f0589e67c810aafb01167e8eecbb530e712973d463cebabac742dd5323cd369b2078a7ab6f4893edf4bd4141f0b543bf7e189924db09b18a053

Download Submit
C:\Program Files (x86)\PassFab Android Unlocker\TS.UI.dll

Filesize
351KB

MD5
abdab48c954afca185adbc44f3e1488d

SHA1
c8d790a1e28edb45e7d0aa44ca8a419c3d56fa4b

SHA256
ae0a44e7d425ef4700958506358aa483667bace2f78a3a5eed87fd34234fc627

SHA512
6c85806f1a039f0589e67c810aafb01167e8eecbb530e712973d463cebabac742dd5323cd369b2078a7ab6f4893edf4bd4141f0b543bf7e189924db09b18a053

Download Submit
C:\Program Files (x86)\PassFab Android Unlocker\TS.UI.dll

Filesize
351KB

MD5
abdab48c954afca185adbc44f3e1488d

SHA1
c8d790a1e28edb45e7d0aa44ca8a419c3d56fa4b

SHA256
ae0a44e7d425ef4700958506358aa483667bace2f78a3a5eed87fd34234fc627

SHA512
6c85806f1a039f0589e67c810aafb01167e8eecbb530e712973d463cebabac742dd5323cd369b2078a7ab6f4893edf4bd4141f0b543bf7e189924db09b18a053

Download Submit
C:\Program Files (x86)\PassFab Android Unlocker\TSLogSDK.dll

Filesize
628KB

MD5
c704cd04c24b06cf6a5153e077e9e2c2

SHA1
62080b23338316f3a1e1cff7574caa3a859eee2b

SHA256
4d969e4dce6e07bc4b7a11b4fcfa35bdcb6914882ceff168450ab8447ddbda14

SHA512
6e31f82c8d56bf1504cb60df61a894d84ba3563537203b5be167b9ed68afcc6817717cf785a07628a5dc5d9e9f6a29403af0ffbcd3a134bcc7470be0179eeddd

Download Submit
C:\Program Files (x86)\PassFab Android Unlocker\TSLogSDK.dll

Filesize
628KB

MD5
c704cd04c24b06cf6a5153e077e9e2c2

SHA1
62080b23338316f3a1e1cff7574caa3a859eee2b

SHA256
4d969e4dce6e07bc4b7a11b4fcfa35bdcb6914882ceff168450ab8447ddbda14

SHA512
6e31f82c8d56bf1504cb60df61a894d84ba3563537203b5be167b9ed68afcc6817717cf785a07628a5dc5d9e9f6a29403af0ffbcd3a134bcc7470be0179eeddd

Download Submit
C:\Program Files (x86)\PassFab Android Unlocker\TSLogSDK.dll

Filesize
628KB

MD5
c704cd04c24b06cf6a5153e077e9e2c2

SHA1
62080b23338316f3a1e1cff7574caa3a859eee2b

SHA256
4d969e4dce6e07bc4b7a11b4fcfa35bdcb6914882ceff168450ab8447ddbda14

SHA512
6e31f82c8d56bf1504cb60df61a894d84ba3563537203b5be167b9ed68afcc6817717cf785a07628a5dc5d9e9f6a29403af0ffbcd3a134bcc7470be0179eeddd

Download Submit
C:\Program Files (x86)\PassFab Android Unlocker\VCRUNTIME140.dll

Filesize
82KB

MD5
fc4ed7d94cce5f2e7380d9f2bf5a639b

SHA1
21b4b34e7bb0b44c8b868981d183d38aad9a02cd

SHA256
c3cc8cb7528c2b1a245934a0faf9bf161b5c97e8da304113e6ad9b698a3fb29e

SHA512
e62f49127b741870477c384c81b3627283a76c63f9b495d122fc3d3c6ff25b91fd0e57d1fdf7f1502322279bc1232f21a9f63dd27445e4ea571b614785b7cdf8

Download Submit
C:\Program Files (x86)\PassFab Android Unlocker\WPFAssets.dll

Filesize
241KB

MD5
9caaa4006a3885cace33367417656bce

SHA1
e2c57ab4904bcb8727435535d05ca3c2a534f396

SHA256
ff82814281f7dfeb3c523a6ff6afe5da1925d6348ae1a9014090feceaf31d347

SHA512
512a7a2d117ef75504247a4c33e87af01f0bfbb942b3c86277646743a5bb3d79928bd105489c16a9a1331fc107c5b8889a1612f28f45112d803231ede2f7d82f

Download Submit
C:\Program Files (x86)\PassFab Android Unlocker\config\log.config

Filesize
2KB

MD5
0996645efe7e01a042b6e53c86ca2170

SHA1
aecc83238561e1a3ab20db821fccb389a0b4b486

SHA256
993140fac46cfbea335934f19abc6d1c558501a22ac0e6c81446d1618a61ac82

SHA512
3450dece1fe84e4ae2f109c41a792f021f211410cba83e98108b6196af6fc8532c568144e3c2493935cccca2aeadb0fb74630e265f8e71fabd2f2f618f66331f

Download Submit
C:\Program Files (x86)\PassFab Android Unlocker\lib_adb_communcation.dll

Filesize
830KB

MD5
d6c285dc874ccda83fba533f60aac19a

SHA1
0ed6818881acf694b99803d8f50ee84694fd5118

SHA256
33a2f1a9c3c517306ce8ba89794184119eedc2e26071a85e8817d9dc38660414

SHA512
35529242e099963bb310d77529d77db5a6f9b418d8de2cc1cb1f55810df7de36c3ad3adbb8a64189f29c5f6facf1ee2323047540e122c091864ebdd389b7b1a4

Download Submit
C:\Program Files (x86)\PassFab Android Unlocker\lib_adb_communcation.dll

Filesize
830KB

MD5
d6c285dc874ccda83fba533f60aac19a

SHA1
0ed6818881acf694b99803d8f50ee84694fd5118

SHA256
33a2f1a9c3c517306ce8ba89794184119eedc2e26071a85e8817d9dc38660414

SHA512
35529242e099963bb310d77529d77db5a6f9b418d8de2cc1cb1f55810df7de36c3ad3adbb8a64189f29c5f6facf1ee2323047540e122c091864ebdd389b7b1a4

Download Submit
C:\Program Files (x86)\PassFab Android Unlocker\libcurl.dll

Filesize
1.6MB

MD5
d0f34b3d112788746c69f37be8b7744c

SHA1
5caebd0df473196f9b06f3d3c731eb430fae8bc9

SHA256
e03ef384844e9a940110b41d2dd9302fcf86cadb17478cf7804eba05ce32d256

SHA512
c2cb425781f4b472798f3df6d13180af000585a8ade96e7a9f5402be8d154999f260c10571e94be5d9376a5a9caffe93d9cc7e473d78ec314b1ac568e70cd143

Download Submit
C:\Program Files (x86)\PassFab Android Unlocker\libcurl.dll

Filesize
1.6MB

MD5
d0f34b3d112788746c69f37be8b7744c

SHA1
5caebd0df473196f9b06f3d3c731eb430fae8bc9

SHA256
e03ef384844e9a940110b41d2dd9302fcf86cadb17478cf7804eba05ce32d256

SHA512
c2cb425781f4b472798f3df6d13180af000585a8ade96e7a9f5402be8d154999f260c10571e94be5d9376a5a9caffe93d9cc7e473d78ec314b1ac568e70cd143

Download Submit
C:\Program Files (x86)\PassFab Android Unlocker\log4net.dll

Filesize
281KB

MD5
cd04e745c352827d1d836c6efa629e8d

SHA1
4273e25f56d70707950d25d08f764265bc3ed22e

SHA256
c7fe85f2e36f7c06c523dd39d655c9d45e6845087847afcde64fe65639d57dc5

SHA512
5f18b397894b8953cfbabc7f1c4971ed066c56b25adb41fce64133eb34d40d27c91d23b191a00dfe3b86a6b3d5515d5f94187b1b809545ffab6f11bc657955cf

Download Submit
C:\Program Files (x86)\PassFab Android Unlocker\log4net.dll

Filesize
281KB

MD5
cd04e745c352827d1d836c6efa629e8d

SHA1
4273e25f56d70707950d25d08f764265bc3ed22e

SHA256
c7fe85f2e36f7c06c523dd39d655c9d45e6845087847afcde64fe65639d57dc5

SHA512
5f18b397894b8953cfbabc7f1c4971ed066c56b25adb41fce64133eb34d40d27c91d23b191a00dfe3b86a6b3d5515d5f94187b1b809545ffab6f11bc657955cf

Download Submit
C:\Program Files (x86)\PassFab Android Unlocker\log4net.dll

Filesize
281KB

MD5
cd04e745c352827d1d836c6efa629e8d

SHA1
4273e25f56d70707950d25d08f764265bc3ed22e

SHA256
c7fe85f2e36f7c06c523dd39d655c9d45e6845087847afcde64fe65639d57dc5

SHA512
5f18b397894b8953cfbabc7f1c4971ed066c56b25adb41fce64133eb34d40d27c91d23b191a00dfe3b86a6b3d5515d5f94187b1b809545ffab6f11bc657955cf

Download Submit
C:\Program Files (x86)\PassFab Android Unlocker\msvcp140.dll

Filesize
448KB

MD5
21a63075035e3b4f6d409f0523c2342f

SHA1
806c8a556ed67ee47bd8f14b63a31ca5940e7e0b

SHA256
d71ddce485b041881ecce881536da3ac61ae06c2fd233208acae5314f11f0f53

SHA512
3f7aeec57630aebb17cd4f454ed7a0507a8095b88519e0e7a8b9f056daa605da03a89b24d8a664530607cdc3ca352a702a372bfbba441b6b26b63bf619c96d94

Download Submit
C:\Program Files (x86)\PassFab Android Unlocker\repair_device.dll

Filesize
197KB

MD5
6f8cf6ac2b39a20e8e78230ba55cd855

SHA1
74beef50b69db48f636b23c1c3e15833d115b01c

SHA256
35c256346f1c6799983e394252c58e9bbae8103ee762ceac6ef65c4fdc8bd790

SHA512
42907f44ec63292c97925f7fb52b651f930b134d82c2951de0e022e025ff7ebfef8260280e78dbb87041ce9298b7204a6661c13ec67e8b2658d7c88766f610c4

Download Submit
C:\Program Files (x86)\PassFab Android Unlocker\repair_device.dll

Filesize
197KB

MD5
6f8cf6ac2b39a20e8e78230ba55cd855

SHA1
74beef50b69db48f636b23c1c3e15833d115b01c

SHA256
35c256346f1c6799983e394252c58e9bbae8103ee762ceac6ef65c4fdc8bd790

SHA512
42907f44ec63292c97925f7fb52b651f930b134d82c2951de0e022e025ff7ebfef8260280e78dbb87041ce9298b7204a6661c13ec67e8b2658d7c88766f610c4

Download Submit
C:\Program Files (x86)\PassFab Android Unlocker\vcruntime140.dll

Filesize
82KB

MD5
fc4ed7d94cce5f2e7380d9f2bf5a639b

SHA1
21b4b34e7bb0b44c8b868981d183d38aad9a02cd

SHA256
c3cc8cb7528c2b1a245934a0faf9bf161b5c97e8da304113e6ad9b698a3fb29e

SHA512
e62f49127b741870477c384c81b3627283a76c63f9b495d122fc3d3c6ff25b91fd0e57d1fdf7f1502322279bc1232f21a9f63dd27445e4ea571b614785b7cdf8

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-H35BK.tmp\4ukeyforandroid_pfnet.tmp

Filesize
1.6MB

MD5
a51730585f1f185cf19545624721e4ff

SHA1
e2ca237ab5e7159a742584496310852fdc343864

SHA256
016269baa38d6d9b7076abfb4a6186ab7c1e30dc234daa76d42f181bf36acf1a

SHA512
3e82bbec6698f177ab6b88491e1631163d7ff5c9ab5a0b6c1313428464c30411fcb40d45e7c742a14507cef3c18e7370bff459214bbb37fceff0d77c6fa96f23

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-H35BK.tmp\4ukeyforandroid_pfnet.tmp

Filesize
1.6MB

MD5
a51730585f1f185cf19545624721e4ff

SHA1
e2ca237ab5e7159a742584496310852fdc343864

SHA256
016269baa38d6d9b7076abfb4a6186ab7c1e30dc234daa76d42f181bf36acf1a

SHA512
3e82bbec6698f177ab6b88491e1631163d7ff5c9ab5a0b6c1313428464c30411fcb40d45e7c742a14507cef3c18e7370bff459214bbb37fceff0d77c6fa96f23

Download Submit
memory/548-295-0x0000000000000000-mapping.dmp

Download
memory/628-298-0x0000000000000000-mapping.dmp

Download
memory/908-305-0x0000000000000000-mapping.dmp

Download
memory/908-251-0x0000000000000000-mapping.dmp

Download
memory/1076-301-0x0000000000000000-mapping.dmp

Download
memory/1116-303-0x0000000000000000-mapping.dmp

Download
memory/1416-266-0x0000000000000000-mapping.dmp

Download
memory/1440-283-0x0000000000000000-mapping.dmp

Download
memory/1484-300-0x0000000000000000-mapping.dmp

Download
memory/1548-263-0x0000000000000000-mapping.dmp

Download
memory/1672-134-0x0000000000000000-mapping.dmp

Download
memory/1692-274-0x0000000000000000-mapping.dmp

Download
memory/1868-287-0x0000000000000000-mapping.dmp

Download
memory/1880-291-0x0000000000000000-mapping.dmp

Download
memory/1904-302-0x0000000000000000-mapping.dmp

Download
memory/1984-296-0x0000000000000000-mapping.dmp

Download
memory/2064-293-0x0000000000000000-mapping.dmp

Download
memory/2072-290-0x0000000000000000-mapping.dmp

Download
memory/2216-239-0x0000000000000000-mapping.dmp

Download
memory/2240-248-0x0000000000000000-mapping.dmp

Download
memory/2256-230-0x0000000000000000-mapping.dmp

Download
memory/2324-299-0x0000000000000000-mapping.dmp

Download
memory/2644-260-0x0000000000000000-mapping.dmp

Download
memory/2840-256-0x0000000000000000-mapping.dmp

Download
memory/2948-217-0x000000000DD00000-0x000000000DE00000-memory.dmp

Filesize
1024KB

Download
memory/2948-221-0x0000000007520000-0x0000000007586000-memory.dmp

Filesize
408KB

Download
memory/2948-225-0x0000000008210000-0x00000000082C0000-memory.dmp

Filesize
704KB

Download
memory/2948-226-0x0000000007F20000-0x0000000007F42000-memory.dmp

Filesize
136KB

Download
memory/2948-307-0x000000006F3B0000-0x000000006FECC000-memory.dmp

Filesize
11.1MB

Download
memory/2948-144-0x0000000000000000-mapping.dmp

Download
memory/2948-277-0x0000000011950000-0x000000001197E000-memory.dmp

Filesize
184KB

Download
memory/2948-223-0x0000000008F30000-0x00000000094D4000-memory.dmp

Filesize
5.6MB

Download
memory/2948-147-0x0000000000210000-0x0000000001398000-memory.dmp

Filesize
17.5MB

Download
memory/2948-232-0x0000000008100000-0x0000000008108000-memory.dmp

Filesize
32KB

Download
memory/2948-233-0x00000000086A0000-0x00000000086B6000-memory.dmp

Filesize
88KB

Download
memory/2948-151-0x0000000005C30000-0x0000000005C6C000-memory.dmp

Filesize
240KB

Download
memory/2948-235-0x000000000FED0000-0x000000000FF46000-memory.dmp

Filesize
472KB

Download
memory/2948-155-0x000000000D780000-0x000000000D7DA000-memory.dmp

Filesize
360KB

Download
memory/2948-237-0x00000000037D0000-0x00000000037E0000-memory.dmp

Filesize
64KB

Download
memory/2948-238-0x0000000009A00000-0x0000000009A1E000-memory.dmp

Filesize
120KB

Download
memory/2948-222-0x00000000088D0000-0x0000000008976000-memory.dmp

Filesize
664KB

Download
memory/2948-282-0x00000000035E0000-0x00000000035E8000-memory.dmp

Filesize
32KB

Download
memory/2948-214-0x0000000013860000-0x000000001389E000-memory.dmp

Filesize
248KB

Download
memory/2948-242-0x000000000DD00000-0x000000000DE00000-memory.dmp

Filesize
1024KB

Download
memory/2948-243-0x0000000010700000-0x0000000010762000-memory.dmp

Filesize
392KB

Download
memory/2948-244-0x0000000010A00000-0x0000000010A38000-memory.dmp

Filesize
224KB

Download
memory/2948-245-0x00000000109E0000-0x00000000109EE000-memory.dmp

Filesize
56KB

Download
memory/2948-246-0x0000000010B20000-0x0000000010B5C000-memory.dmp

Filesize
240KB

Download
memory/2948-247-0x0000000012A40000-0x0000000012A50000-memory.dmp

Filesize
64KB

Download
memory/2948-278-0x000000000DD00000-0x000000000DE00000-memory.dmp

Filesize
1024KB

Download
memory/2948-250-0x000000006F3B0000-0x000000006FECC000-memory.dmp

Filesize
11.1MB

Download
memory/2948-172-0x000000006F3B0000-0x000000006FECC000-memory.dmp

Filesize
11.1MB

Download
memory/2948-173-0x000000006F3B0000-0x000000006FECC000-memory.dmp

Filesize
11.1MB

Download
memory/2948-215-0x0000000013A30000-0x0000000013BB6000-memory.dmp

Filesize
1.5MB

Download
memory/2948-176-0x000000006F3B0000-0x000000006FECC000-memory.dmp

Filesize
11.1MB

Download
memory/2948-219-0x0000000005D20000-0x0000000005D2A000-memory.dmp

Filesize
40KB

Download
memory/2948-273-0x00000000037D0000-0x00000000037E0000-memory.dmp

Filesize
64KB

Download
memory/2948-218-0x00000000138A0000-0x00000000138EA000-memory.dmp

Filesize
296KB

Download
memory/2948-261-0x000000006F3B0000-0x000000006FECC000-memory.dmp

Filesize
11.1MB

Download
memory/2948-180-0x000000000D900000-0x000000000D912000-memory.dmp

Filesize
72KB

Download
memory/2948-207-0x000000000DC20000-0x000000000DC30000-memory.dmp

Filesize
64KB

Download
memory/2948-211-0x0000000013570000-0x00000000135B6000-memory.dmp

Filesize
280KB

Download
memory/2948-216-0x00000000037D0000-0x00000000037E0000-memory.dmp

Filesize
64KB

Download
memory/2948-271-0x000000000DD00000-0x000000000DE00000-memory.dmp

Filesize
1024KB

Download
memory/2948-224-0x0000000007FC0000-0x0000000008052000-memory.dmp

Filesize
584KB

Download
memory/2948-270-0x00000000037D0000-0x00000000037E0000-memory.dmp

Filesize
64KB

Download
memory/2976-240-0x0000000000000000-mapping.dmp

Download
memory/3164-229-0x0000000000000000-mapping.dmp

Download
memory/3232-292-0x0000000000000000-mapping.dmp

Download
memory/3268-272-0x0000000000000000-mapping.dmp

Download
memory/3504-294-0x0000000000000000-mapping.dmp

Download
memory/3572-285-0x0000000000000000-mapping.dmp

Download
memory/3576-241-0x0000000000000000-mapping.dmp

Download
memory/3664-269-0x0000000000000000-mapping.dmp

Download
memory/3776-286-0x0000000000000000-mapping.dmp

Download
memory/3824-281-0x0000000000000000-mapping.dmp

Download
memory/3904-262-0x0000000000000000-mapping.dmp

Download
memory/3924-288-0x0000000000000000-mapping.dmp

Download
memory/3984-258-0x0000000000000000-mapping.dmp

Download
memory/4160-231-0x0000000000000000-mapping.dmp

Download
memory/4200-234-0x0000000000000000-mapping.dmp

Download
memory/4252-255-0x0000000000000000-mapping.dmp

Download
memory/4268-253-0x0000000000000000-mapping.dmp

Download
memory/4332-289-0x0000000000000000-mapping.dmp

Download
memory/4356-236-0x0000000000000000-mapping.dmp

Download
memory/4408-228-0x0000000000000000-mapping.dmp

Download
memory/4416-304-0x0000000000000000-mapping.dmp

Download
memory/4480-306-0x0000000000000000-mapping.dmp

Download
memory/4608-252-0x0000000000000000-mapping.dmp

Download
memory/4684-280-0x0000000000000000-mapping.dmp

Download
memory/4792-220-0x0000000000000000-mapping.dmp

Download
memory/4828-297-0x0000000000000000-mapping.dmp

Download
memory/4848-275-0x0000000000000000-mapping.dmp

Download
memory/4856-276-0x0000000000000000-mapping.dmp

Download
memory/4860-268-0x0000000000000000-mapping.dmp

Download
memory/4876-227-0x0000000000000000-mapping.dmp

Download
memory/4896-265-0x0000000000000000-mapping.dmp

Download
memory/4976-132-0x0000000000400000-0x0000000000496000-memory.dmp

Filesize
600KB

Download
memory/4976-139-0x0000000000400000-0x0000000000496000-memory.dmp

Filesize
600KB

Download
memory/4976-137-0x0000000000400000-0x0000000000496000-memory.dmp

Filesize
600KB

Download
memory/4976-136-0x0000000000400000-0x0000000000496000-memory.dmp

Filesize
600KB

Download
memory/5100-284-0x0000000000000000-mapping.dmp

Download