f70995e9a5ccbab3238e585b4fcfeb8d3ca00948dfee49572dfdb34629b80cea

Analysis

max time kernel
311s
max time network
322s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
20/09/2023, 02:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

android-unlock.exe
Size

2.1MB
MD5

8794f8696ef26eb4d9df870d43e300be
SHA1

ea01eed60126c8e7dc2a605a8c3aaab0d6aa438c
SHA256

f70995e9a5ccbab3238e585b4fcfeb8d3ca00948dfee49572dfdb34629b80cea
SHA512

78a43c6155328093347e2f82fafb67a2d0651e62ebca3ff0d98ffa8e98c52f79f5f38ba6bb768f91b6d8c9dd12773f30ac31f60c2ba097f36ab1eb7f0d681db5
SSDEEP

49152:YNDD3kIkpxD8SUGcxAN/t5+m5yGFUEcT+6tK1/sgbW8RXT8:MDD3/cZLwxw/t5+m5FU1T+l1/sh

Score

7^/10

discovery upx vmprotect

Malware Config

Signatures

UPX packed file 8 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2184-0-0x0000000000400000-0x000000000086A000-memory.dmp	upx
behavioral1/memory/2184-163-0x0000000000400000-0x000000000086A000-memory.dmp	upx
behavioral1/memory/2184-164-0x0000000000400000-0x000000000086A000-memory.dmp	upx
behavioral1/memory/2184-175-0x0000000000400000-0x000000000086A000-memory.dmp	upx
behavioral1/memory/2184-221-0x0000000000400000-0x000000000086A000-memory.dmp	upx
behavioral1/memory/2184-357-0x0000000000400000-0x000000000086A000-memory.dmp	upx
behavioral1/memory/2184-2788-0x0000000000400000-0x000000000086A000-memory.dmp	upx
behavioral1/memory/2184-2789-0x0000000000400000-0x000000000086A000-memory.dmp	upx

VMProtect packed file 5 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
behavioral1/memory/2216-2871-0x000000006A1A0000-0x000000006AAB8000-memory.dmp	vmprotect
behavioral1/memory/2216-2873-0x000000006A1A0000-0x000000006AAB8000-memory.dmp	vmprotect
behavioral1/memory/2216-2994-0x000000006A1A0000-0x000000006AAB8000-memory.dmp	vmprotect
behavioral1/memory/2216-3054-0x000000006A1A0000-0x000000006AAB8000-memory.dmp	vmprotect
behavioral1/memory/2216-5041-0x000000006A1A0000-0x000000006AAB8000-memory.dmp	vmprotect

Looks up external IP address via web service 1 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
13	ip-api.com

Drops file in System32 directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\Temp\{6eac3488-286d-29b7-967a-575f77bd6e2b}\SET316D.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{6be24c81-9ea2-6a16-1f31-5e6059675164}\amd64\WdfCoInstaller01009.dll	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{6eac3488-286d-29b7-967a-575f77bd6e2b}\SET316D.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\infstrng.dat	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{6eac3488-286d-29b7-967a-575f77bd6e2b}	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{3550782a-aa01-5d49-a40b-d2709f55fb5e}\amd64\ssudmdm.sys	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{0e0ad31a-e131-46c4-8cb6-18712041f474}\amd64	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{6be24c81-9ea2-6a16-1f31-5e6059675164}\amd64	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{0e0ad31a-e131-46c4-8cb6-18712041f474}\amd64\WdfCoInstaller01007.dll	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\infstor.dat	DrvInst.exe
File created	C:\Windows\System32\DriverStore\INFCACHE.0	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{3550782a-aa01-5d49-a40b-d2709f55fb5e}	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\android_general.inf_amd64_neutral_ba6d6c70048ad29d\android_general.PNF	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{34fc1799-d9de-1501-3d76-a5537fa25115}\amd64\SETF921.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{34fc1799-d9de-1501-3d76-a5537fa25115}\android_winusb.cat	DrvInst.exe
File created	C:\Windows\System32\DriverStore\Temp\{0e0ad31a-e131-46c4-8cb6-18712041f474}\SET2E42.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{0e0ad31a-e131-46c4-8cb6-18712041f474}\amd64\SET2E54.tmp	DrvInst.exe
File created	C:\Windows\System32\DriverStore\INFCACHE.0	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{6eac3488-286d-29b7-967a-575f77bd6e2b}\ssudbus.inf	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{6eac3488-286d-29b7-967a-575f77bd6e2b}\amd64\ssudqcfilter.sys	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{34fc1799-d9de-1501-3d76-a5537fa25115}\amd64\SETF90E.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{3550782a-aa01-5d49-a40b-d2709f55fb5e}\ssudmdm.cat	DrvInst.exe
File created	C:\Windows\System32\DriverStore\Temp\{6be24c81-9ea2-6a16-1f31-5e6059675164}\amd64\SETAC95.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{6be24c81-9ea2-6a16-1f31-5e6059675164}\SETACA6.tmp	DrvInst.exe
File created	C:\Windows\System32\DriverStore\Temp\{6be24c81-9ea2-6a16-1f31-5e6059675164}\SETACA6.tmp	DrvInst.exe
File created	C:\Windows\System32\DriverStore\Temp\{34fc1799-d9de-1501-3d76-a5537fa25115}\amd64\SETF90E.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{34fc1799-d9de-1501-3d76-a5537fa25115}\amd64\WdfCoInstaller01009.dll	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{34fc1799-d9de-1501-3d76-a5537fa25115}\amd64\SETF920.tmp	DrvInst.exe
File created	C:\Windows\System32\DriverStore\Temp\{34fc1799-d9de-1501-3d76-a5537fa25115}\SETF932.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{6be24c81-9ea2-6a16-1f31-5e6059675164}\amd64\SETAC95.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\infpub.dat	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\android_winusb.inf_amd64_neutral_671962066e71f056\android_winusb.PNF	DrvInst.exe
File created	C:\Windows\System32\DriverStore\Temp\{0e0ad31a-e131-46c4-8cb6-18712041f474}\SET2E41.tmp	DrvInst.exe
File created	C:\Windows\System32\DriverStore\Temp\{0e0ad31a-e131-46c4-8cb6-18712041f474}\amd64\SET2E53.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\infstrng.dat	DrvInst.exe
File created	C:\Windows\System32\DriverStore\Temp\{3550782a-aa01-5d49-a40b-d2709f55fb5e}\SET37A5.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{3550782a-aa01-5d49-a40b-d2709f55fb5e}\amd64\SET37A6.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{34fc1799-d9de-1501-3d76-a5537fa25115}\SETF933.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\infpub.dat	DrvInst.exe
File created	C:\Windows\System32\DriverStore\INFCACHE.0	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{0e0ad31a-e131-46c4-8cb6-18712041f474}\amd64\WinUSBCoInstaller.dll	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{3550782a-aa01-5d49-a40b-d2709f55fb5e}\SET37A4.tmp	DrvInst.exe
File created	C:\Windows\System32\DriverStore\Temp\{34fc1799-d9de-1501-3d76-a5537fa25115}\amd64\SETF920.tmp	DrvInst.exe
File created	C:\Windows\System32\DriverStore\Temp\{34fc1799-d9de-1501-3d76-a5537fa25115}\amd64\SETF90F.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{34fc1799-d9de-1501-3d76-a5537fa25115}\SETF932.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{34fc1799-d9de-1501-3d76-a5537fa25115}	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{6eac3488-286d-29b7-967a-575f77bd6e2b}\amd64\SET316E.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\ssudmdm.inf_amd64_neutral_99bdd5a4506ef81c\ssudmdm.PNF	DrvInst.exe
File created	C:\Windows\System32\DriverStore\Temp\{6be24c81-9ea2-6a16-1f31-5e6059675164}\SETACA7.tmp	DrvInst.exe
File created	C:\Windows\System32\DriverStore\Temp\{0e0ad31a-e131-46c4-8cb6-18712041f474}\amd64\SET2E54.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\ssudadb.inf_amd64_neutral_55cf1c442f8c934e\ssudadb.PNF	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{0e0ad31a-e131-46c4-8cb6-18712041f474}	DrvInst.exe
File created	C:\Windows\System32\DriverStore\FileRepository\ssudbus.inf_amd64_neutral_d0ba75672dc1a380\ssudbus.PNF	DrvInst.exe
File created	C:\Windows\System32\DriverStore\Temp\{3550782a-aa01-5d49-a40b-d2709f55fb5e}\SET37A4.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{3550782a-aa01-5d49-a40b-d2709f55fb5e}\ssudmdm.inf	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\infstor.dat	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{34fc1799-d9de-1501-3d76-a5537fa25115}\amd64	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{6eac3488-286d-29b7-967a-575f77bd6e2b}\SET316C.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\ssudbus.inf_amd64_neutral_d0ba75672dc1a380\ssudbus.PNF	DrvInst.exe
File created	C:\Windows\System32\DriverStore\Temp\{3550782a-aa01-5d49-a40b-d2709f55fb5e}\amd64\SET37A6.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{6be24c81-9ea2-6a16-1f31-5e6059675164}\android_general.inf	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{6be24c81-9ea2-6a16-1f31-5e6059675164}\SETACA7.tmp	DrvInst.exe
File created	C:\Windows\System32\DriverStore\Temp\{34fc1799-d9de-1501-3d76-a5537fa25115}\SETF933.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{0e0ad31a-e131-46c4-8cb6-18712041f474}\ssudadb.inf	DrvInst.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\PassFab\PassFab Android Unlock\adb\is-9TJI9.tmp	4ukeyforandroid_pf_2.9.0.tmp
File created	C:\Program Files (x86)\PassFab\PassFab Android Unlock\MTKEXE\My_Code\Loader\Preloader\is-LOE3C.tmp	4ukeyforandroid_pf_2.9.0.tmp
File created	C:\Program Files (x86)\PassFab\PassFab Android Unlock\MTKEXE\My_Code\Loader\Preloader\is-1NPKD.tmp	4ukeyforandroid_pf_2.9.0.tmp
File created	C:\Program Files (x86)\PassFab\PassFab Android Unlock\MTKEXE\My_Code\Loader\Preloader\is-B8F52.tmp	4ukeyforandroid_pf_2.9.0.tmp
File created	C:\Program Files (x86)\PassFab\PassFab Android Unlock\MTKEXE\My_Code\payloads\is-DO6UB.tmp	4ukeyforandroid_pf_2.9.0.tmp
File opened for modification	C:\Program Files (x86)\PassFab\PassFab Android Unlock\Microsoft.Windows.Shell.dll	4ukeyforandroid_pf_2.9.0.tmp
File opened for modification	C:\Program Files (x86)\PassFab\PassFab Android Unlock\System.Data.SQLite.EF6.dll	4ukeyforandroid_pf_2.9.0.tmp
File created	C:\Program Files (x86)\PassFab\PassFab Android Unlock\Monitor\is-5LLOF.tmp	4ukeyforandroid_pf_2.9.0.tmp
File created	C:\Program Files (x86)\PassFab\PassFab Android Unlock\MTKEXE\Cryptodome\Cipher\is-OCTBG.tmp	4ukeyforandroid_pf_2.9.0.tmp
File created	C:\Program Files (x86)\PassFab\PassFab Android Unlock\MTKEXE\My_Code\Loader\Preloader\is-J9BSF.tmp	4ukeyforandroid_pf_2.9.0.tmp
File opened for modification	C:\Program Files (x86)\PassFab\PassFab Android Unlock\adb\adb.exe	4ukeyforandroid_pf_2.9.0.tmp
File created	C:\Program Files (x86)\PassFab\PassFab Android Unlock\MTKEXE\My_Code\Loader\Preloader\is-M9881.tmp	4ukeyforandroid_pf_2.9.0.tmp
File created	C:\Program Files (x86)\PassFab\PassFab Android Unlock\MTKEXE\My_Code\Loader\Preloader\is-RSTUD.tmp	4ukeyforandroid_pf_2.9.0.tmp
File created	C:\Program Files (x86)\PassFab\PassFab Android Unlock\MTKEXE\My_Code\Loader\Preloader\is-LOQ18.tmp	4ukeyforandroid_pf_2.9.0.tmp
File created	C:\Program Files (x86)\PassFab\PassFab Android Unlock\MTKEXE\My_Code\Loader\Preloader\is-2R274.tmp	4ukeyforandroid_pf_2.9.0.tmp
File created	C:\Program Files (x86)\PassFab\PassFab Android Unlock\MTKEXE\My_Code\payloads\is-VH3EB.tmp	4ukeyforandroid_pf_2.9.0.tmp
File created	C:\Program Files (x86)\PassFab\PassFab Android Unlock\MTKEXE\My_Code\Loader\Preloader\is-V6JFN.tmp	4ukeyforandroid_pf_2.9.0.tmp
File created	C:\Program Files (x86)\PassFab\PassFab Android Unlock\MTKEXE\My_Code\Loader\Preloader\is-G3CCP.tmp	4ukeyforandroid_pf_2.9.0.tmp
File opened for modification	C:\Program Files (x86)\PassFab\PassFab Android Unlock\adk\drivers\x86\winusbcoinstaller2.dll	4ukeyforandroid_pf_2.9.0.tmp
File opened for modification	C:\Program Files (x86)\PassFab\PassFab Android Unlock\api-ms-win-core-libraryloader-l1-1-0.dll	4ukeyforandroid_pf_2.9.0.tmp
File created	C:\Program Files (x86)\PassFab\PassFab Android Unlock\is-NFG7Q.tmp	4ukeyforandroid_pf_2.9.0.tmp
File created	C:\Program Files (x86)\PassFab\PassFab Android Unlock\drivers\x86\is-8EKC2.tmp	4ukeyforandroid_pf_2.9.0.tmp
File created	C:\Program Files (x86)\PassFab\PassFab Android Unlock\MTKEXE\My_Code\Loader\Preloader\is-59ER3.tmp	4ukeyforandroid_pf_2.9.0.tmp
File created	C:\Program Files (x86)\PassFab\PassFab Android Unlock\MTKEXE\My_Code\Loader\Preloader\is-HSD3U.tmp	4ukeyforandroid_pf_2.9.0.tmp
File created	C:\Program Files (x86)\PassFab\PassFab Android Unlock\MTKEXE\My_Code\Loader\Preloader\is-6K603.tmp	4ukeyforandroid_pf_2.9.0.tmp
File opened for modification	C:\Program Files (x86)\PassFab\PassFab Android Unlock\Uninstall\Uninstall.exe	4ukeyforandroid_pf_2.9.0.tmp
File created	C:\Program Files (x86)\PassFab\PassFab Android Unlock\is-7C2C9.tmp	4ukeyforandroid_pf_2.9.0.tmp
File created	C:\Program Files (x86)\PassFab\PassFab Android Unlock\MTKEXE\My_Code\Loader\Preloader\is-JCQOB.tmp	4ukeyforandroid_pf_2.9.0.tmp
File created	C:\Program Files (x86)\PassFab\PassFab Android Unlock\MTKEXE\My_Code\Loader\Preloader\is-9IMCP.tmp	4ukeyforandroid_pf_2.9.0.tmp
File created	C:\Program Files (x86)\PassFab\PassFab Android Unlock\MTKEXE\My_Code\Loader\Preloader\is-956G1.tmp	4ukeyforandroid_pf_2.9.0.tmp
File created	C:\Program Files (x86)\PassFab\PassFab Android Unlock\MTKEXE\My_Code\payloads\is-URUI7.tmp	4ukeyforandroid_pf_2.9.0.tmp
File created	C:\Program Files (x86)\PassFab\PassFab Android Unlock\is-RRAHT.tmp	4ukeyforandroid_pf_2.9.0.tmp
File created	C:\Program Files (x86)\PassFab\PassFab Android Unlock\is-R0LJB.tmp	4ukeyforandroid_pf_2.9.0.tmp
File created	C:\Program Files (x86)\PassFab\PassFab Android Unlock\is-7M8R3.tmp	4ukeyforandroid_pf_2.9.0.tmp
File created	C:\Program Files (x86)\PassFab\PassFab Android Unlock\MTKEXE\My_Code\Loader\Preloader\is-6FCUK.tmp	4ukeyforandroid_pf_2.9.0.tmp
File created	C:\Program Files (x86)\PassFab\PassFab Android Unlock\MTKEXE\My_Code\Loader\Preloader\is-8JC13.tmp	4ukeyforandroid_pf_2.9.0.tmp
File created	C:\Program Files (x86)\PassFab\PassFab Android Unlock\MTKEXE\My_Code\Loader\Preloader\is-MG3TP.tmp	4ukeyforandroid_pf_2.9.0.tmp
File created	C:\Program Files (x86)\PassFab\PassFab Android Unlock\TS_Android\mobiledrv\i386\is-HH3GV.tmp	4ukeyforandroid_pf_2.9.0.tmp
File opened for modification	C:\Program Files (x86)\PassFab\PassFab Android Unlock\adk\drivers\install_x64.exe	4ukeyforandroid_pf_2.9.0.tmp
File opened for modification	C:\Program Files (x86)\PassFab\PassFab Android Unlock\7z\7z.exe	4ukeyforandroid_pf_2.9.0.tmp
File opened for modification	C:\Program Files (x86)\PassFab\PassFab Android Unlock\LibCurlShim.dll	4ukeyforandroid_pf_2.9.0.tmp
File created	C:\Program Files (x86)\PassFab\PassFab Android Unlock\is-EDVCF.tmp	4ukeyforandroid_pf_2.9.0.tmp
File created	C:\Program Files (x86)\PassFab\PassFab Android Unlock\is-488TF.tmp	4ukeyforandroid_pf_2.9.0.tmp
File created	C:\Program Files (x86)\PassFab\PassFab Android Unlock\MTKEXE\My_Code\Loader\Preloader\is-GEQI7.tmp	4ukeyforandroid_pf_2.9.0.tmp
File opened for modification	C:\Program Files (x86)\PassFab\PassFab Android Unlock\adk\drivers\x86\libusbK.dll	4ukeyforandroid_pf_2.9.0.tmp
File created	C:\Program Files (x86)\PassFab\PassFab Android Unlock\Monitor\is-HRNLV.tmp	4ukeyforandroid_pf_2.9.0.tmp
File created	C:\Program Files (x86)\PassFab\PassFab Android Unlock\MTKEXE\is-N1S56.tmp	4ukeyforandroid_pf_2.9.0.tmp
File created	C:\Program Files (x86)\PassFab\PassFab Android Unlock\MTKEXE\My_Code\Loader\Preloader\is-PPQM1.tmp	4ukeyforandroid_pf_2.9.0.tmp
File created	C:\Program Files (x86)\PassFab\PassFab Android Unlock\MTKEXE\My_Code\payloads\is-08IU8.tmp	4ukeyforandroid_pf_2.9.0.tmp
File opened for modification	C:\Program Files (x86)\PassFab\PassFab Android Unlock\api-ms-win-crt-conio-l1-1-0.dll	4ukeyforandroid_pf_2.9.0.tmp
File created	C:\Program Files (x86)\PassFab\PassFab Android Unlock\Monitor\is-VRG21.tmp	4ukeyforandroid_pf_2.9.0.tmp
File created	C:\Program Files (x86)\PassFab\PassFab Android Unlock\MTKEXE\My_Code\Loader\Preloader\is-A6532.tmp	4ukeyforandroid_pf_2.9.0.tmp
File created	C:\Program Files (x86)\PassFab\PassFab Android Unlock\MTKEXE\My_Code\Loader\Preloader\is-JQE0C.tmp	4ukeyforandroid_pf_2.9.0.tmp
File created	C:\Program Files (x86)\PassFab\PassFab Android Unlock\MTKEXE\My_Code\Loader\Preloader\is-J17DE.tmp	4ukeyforandroid_pf_2.9.0.tmp
File created	C:\Program Files (x86)\PassFab\PassFab Android Unlock\MTKEXE\My_Code\Loader\Preloader\is-KE7KE.tmp	4ukeyforandroid_pf_2.9.0.tmp
File opened for modification	C:\Program Files (x86)\PassFab\PassFab Android Unlock\zlibwapi.dll	4ukeyforandroid_pf_2.9.0.tmp
File created	C:\Program Files (x86)\PassFab\PassFab Android Unlock\MTKEXE\My_Code\Loader\Preloader\is-8H510.tmp	4ukeyforandroid_pf_2.9.0.tmp
File created	C:\Program Files (x86)\PassFab\PassFab Android Unlock\MTKEXE\My_Code\Loader\Preloader\is-FBO6Q.tmp	4ukeyforandroid_pf_2.9.0.tmp
File created	C:\Program Files (x86)\PassFab\PassFab Android Unlock\MTKEXE\My_Code\Loader\Preloader\is-FTMQL.tmp	4ukeyforandroid_pf_2.9.0.tmp
File created	C:\Program Files (x86)\PassFab\PassFab Android Unlock\MTKEXE\My_Code\Loader\Preloader\is-H07AB.tmp	4ukeyforandroid_pf_2.9.0.tmp
File created	C:\Program Files (x86)\PassFab\PassFab Android Unlock\MTKEXE\My_Code\Loader\Preloader\is-LJVAL.tmp	4ukeyforandroid_pf_2.9.0.tmp
File created	C:\Program Files (x86)\PassFab\PassFab Android Unlock\MTKEXE\My_Code\Loader\Preloader\is-EUHJ9.tmp	4ukeyforandroid_pf_2.9.0.tmp
File created	C:\Program Files (x86)\PassFab\PassFab Android Unlock\MTKEXE\My_Code\payloads\is-7JMUL.tmp	4ukeyforandroid_pf_2.9.0.tmp
File created	C:\Program Files (x86)\PassFab\PassFab Android Unlock\Monitor\is-9RF85.tmp	4ukeyforandroid_pf_2.9.0.tmp

Drops file in Windows directory 25 IoCs

description	ioc	Process
File opened for modification	C:\Windows\INF\setupapi.ev3	DrvInst.exe
File opened for modification	C:\Windows\INF\setupapi.ev1	DrvInst.exe
File opened for modification	C:\Windows\INF\setupapi.dev.log	DrvInst.exe
File created	C:\Windows\INF\oem6.inf	DrvInst.exe
File opened for modification	C:\Windows\certutil.log	certutil.exe
File opened for modification	C:\Windows\certutil.log	certutil.exe
File created	C:\Windows\INF\oem2.inf	DrvInst.exe
File opened for modification	C:\Windows\INF\setupapi.dev.log	DrvInst.exe
File opened for modification	C:\Windows\DPINST.LOG	DPInst64.exe
File opened for modification	C:\Windows\INF\setupapi.ev3	DrvInst.exe
File opened for modification	C:\Windows\INF\setupapi.ev1	DrvInst.exe
File opened for modification	C:\Windows\INF\oem3.inf	DrvInst.exe
File created	C:\Windows\INF\oem5.inf	DrvInst.exe
File opened for modification	C:\Windows\INF\oem5.inf	DrvInst.exe
File opened for modification	C:\Windows\INF\setupapi.dev.log	DrvInst.exe
File opened for modification	C:\Windows\INF\oem6.inf	DrvInst.exe
File opened for modification	C:\Windows\INF\setupapi.dev.log	DPInst64.exe
File opened for modification	C:\Windows\INF\setupapi.dev.log	DrvInst.exe
File opened for modification	C:\Windows\INF\oem2.inf	DrvInst.exe
File opened for modification	C:\Windows\INF\setupapi.dev.log	DrvInst.exe
File opened for modification	C:\Windows\INF\setupapi.dev.log	DrvInst.exe
File created	C:\Windows\INF\oem3.inf	DrvInst.exe
File opened for modification	C:\Windows\INF\setupapi.dev.log	DrvInst.exe
File created	C:\Windows\INF\oem4.inf	DrvInst.exe
File opened for modification	C:\Windows\INF\oem4.inf	DrvInst.exe

Executes dropped EXE 10 IoCs

pid	Process
2084	4ukeyforandroid_pf_2.9.0.exe
1476	Start.exe
2216	PassFabAndroidUnlock.exe
2848	Monitor.exe
1668	certutil.exe
1556	repair.exe
1640	certutil.exe
760	InstallAndDriver.exe
2112	DPInst64.exe
844	adb.exe

Loads dropped DLL 64 IoCs

pid	Process
2184	android-unlock.exe
1584	4ukeyforandroid_pf_2.9.0.tmp
1584	4ukeyforandroid_pf_2.9.0.tmp
1584	4ukeyforandroid_pf_2.9.0.tmp
1476	Start.exe
2216	PassFabAndroidUnlock.exe
2216	PassFabAndroidUnlock.exe
2216	PassFabAndroidUnlock.exe
2216	PassFabAndroidUnlock.exe
2216	PassFabAndroidUnlock.exe
2216	PassFabAndroidUnlock.exe
2216	PassFabAndroidUnlock.exe
2216	PassFabAndroidUnlock.exe
2216	PassFabAndroidUnlock.exe
2216	PassFabAndroidUnlock.exe
2216	PassFabAndroidUnlock.exe
2216	PassFabAndroidUnlock.exe
2216	PassFabAndroidUnlock.exe
2216	PassFabAndroidUnlock.exe
2216	PassFabAndroidUnlock.exe
2216	PassFabAndroidUnlock.exe
2216	PassFabAndroidUnlock.exe
2216	PassFabAndroidUnlock.exe
2216	PassFabAndroidUnlock.exe
2216	PassFabAndroidUnlock.exe
2216	PassFabAndroidUnlock.exe
2216	PassFabAndroidUnlock.exe
2216	PassFabAndroidUnlock.exe
2216	PassFabAndroidUnlock.exe
2216	PassFabAndroidUnlock.exe
2216	PassFabAndroidUnlock.exe
2216	PassFabAndroidUnlock.exe
2216	PassFabAndroidUnlock.exe
2216	PassFabAndroidUnlock.exe
2216	PassFabAndroidUnlock.exe
2216	PassFabAndroidUnlock.exe
2216	PassFabAndroidUnlock.exe
2216	PassFabAndroidUnlock.exe
2216	PassFabAndroidUnlock.exe
2216	PassFabAndroidUnlock.exe
2216	PassFabAndroidUnlock.exe
2216	PassFabAndroidUnlock.exe
2216	PassFabAndroidUnlock.exe
2216	PassFabAndroidUnlock.exe
2216	PassFabAndroidUnlock.exe
2216	PassFabAndroidUnlock.exe
2216	PassFabAndroidUnlock.exe
2216	PassFabAndroidUnlock.exe
2216	PassFabAndroidUnlock.exe
2216	PassFabAndroidUnlock.exe
2216	PassFabAndroidUnlock.exe
2216	PassFabAndroidUnlock.exe
2216	PassFabAndroidUnlock.exe
2216	PassFabAndroidUnlock.exe
2216	PassFabAndroidUnlock.exe
2216	PassFabAndroidUnlock.exe
2216	PassFabAndroidUnlock.exe
2216	PassFabAndroidUnlock.exe
2216	PassFabAndroidUnlock.exe
2216	PassFabAndroidUnlock.exe
2216	PassFabAndroidUnlock.exe
2216	PassFabAndroidUnlock.exe
2216	PassFabAndroidUnlock.exe
2216	PassFabAndroidUnlock.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Gathers network information 2 TTPs 2 IoCs

Uses commandline utility to view network configuration.

System Information Discovery

T1082

Command and Scripting Interpreter

T1059

pid	Process
2260	NETSTAT.EXE
1252	NETSTAT.EXE

Kills process with taskkill 5 IoCs

evasion

pid	Process
2840	taskkill.exe
3040	taskkill.exe
520	taskkill.exe
796	taskkill.exe
2072	taskkill.exe

Modifies Internet Explorer settings 1 TTPs 44 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-3750544865-3773649541-1858556521-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENABLE_CLIPCHILDREN_OPTIMIZATION\PassFabAndroidUnlock.exe = "1"	PassFabAndroidUnlock.exe
Key created	\REGISTRY\USER\S-1-5-21-3750544865-3773649541-1858556521-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3750544865-3773649541-1858556521-1000\Software\Microsoft\Internet Explorer\MINIE	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3750544865-3773649541-1858556521-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3750544865-3773649541-1858556521-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	PassFabAndroidUnlock.exe
Key created	\REGISTRY\USER\S-1-5-21-3750544865-3773649541-1858556521-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3750544865-3773649541-1858556521-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3750544865-3773649541-1858556521-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3750544865-3773649541-1858556521-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000918258b1c6eaef44bc85c7515db804ef0000000002000000000010660000000100002000000095af57818c4683356b783486eb5f2c29cb13ed36d09a4c2c8a93f876574f0380000000000e8000000002000020000000e268f9b2bae05746a695579bd231f33fd62b86a49dde8ea9453ddec5fc9d1edf90000000ce8595f91bc5b8f9b25306753721228e3e176ad1d1f0dfb2472d96e82d065c8687804a085e8dd02dc15b56336b312b68bd4a6584c38fdef3ee3ea87999d48103c47c4488e897fc56b6c284aa6eff5f52991a062489ca3a8ead56a3f727a998652d9136e43e6c1fccfce069709eb20cffbb596a036db33887685a48ccfdc76d8d6d9b7c098b8df685cf3867cf01e27f67400000007c70a070a0aed3d5b649cb29d3a85f9ae6cffb05c2d6f2ee1da0fd866aeb2589fe21b638608485bcac717557c4a2ca4a9238714770c6c4569e4471a74a097c67	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3750544865-3773649541-1858556521-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN	PassFabAndroidUnlock.exe
Key created	\REGISTRY\USER\S-1-5-21-3750544865-3773649541-1858556521-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3750544865-3773649541-1858556521-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3750544865-3773649541-1858556521-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3750544865-3773649541-1858556521-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3750544865-3773649541-1858556521-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\PassFabAndroidUnlock.exe = "11000"	PassFabAndroidUnlock.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3750544865-3773649541-1858556521-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN\PassFabAndroidUnlock.exe = "1"	PassFabAndroidUnlock.exe
Key created	\REGISTRY\USER\S-1-5-21-3750544865-3773649541-1858556521-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3750544865-3773649541-1858556521-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3750544865-3773649541-1858556521-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000918258b1c6eaef44bc85c7515db804ef000000000200000000001066000000010000200000001e32b8a4f6f26e3d2909acaa8b05d528f5b9d06663a7818bf4152946090e8c79000000000e8000000002000020000000249652973da4132866f0b7086421e99267cc1c10f8ca0dac92ba16dddf18cbf92000000005c45b1f55704856eb7e1deb154e3185639648b8f1a53a7c00d16b3733d2df5c400000005732dc2988603f6cc04a09d110b4a50e6e1cc5178f5238e90c72b71fd1d3678959fabf6e19288bd055920bb2de1e5f310ce8ac354e6ea0ba6b1a90cf46fda803	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3750544865-3773649541-1858556521-1000\Software\Microsoft\Internet Explorer\Main	PassFabAndroidUnlock.exe
Key created	\REGISTRY\USER\S-1-5-21-3750544865-3773649541-1858556521-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3750544865-3773649541-1858556521-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3750544865-3773649541-1858556521-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{F2994281-575F-11EE-BB89-F2498EDA0870} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3750544865-3773649541-1858556521-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3750544865-3773649541-1858556521-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3750544865-3773649541-1858556521-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3750544865-3773649541-1858556521-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3750544865-3773649541-1858556521-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3750544865-3773649541-1858556521-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3750544865-3773649541-1858556521-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3750544865-3773649541-1858556521-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENABLE_CLIPCHILDREN_OPTIMIZATION	PassFabAndroidUnlock.exe
Key created	\REGISTRY\USER\S-1-5-21-3750544865-3773649541-1858556521-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3750544865-3773649541-1858556521-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3750544865-3773649541-1858556521-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3750544865-3773649541-1858556521-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3750544865-3773649541-1858556521-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3750544865-3773649541-1858556521-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3750544865-3773649541-1858556521-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3750544865-3773649541-1858556521-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl	PassFabAndroidUnlock.exe
Key created	\REGISTRY\USER\S-1-5-21-3750544865-3773649541-1858556521-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3750544865-3773649541-1858556521-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3750544865-3773649541-1858556521-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3750544865-3773649541-1858556521-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3750544865-3773649541-1858556521-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = e0b189c96cebd901	iexplore.exe

Modifies data under HKEY_USERS 64 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\CRLs	DrvInst.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\LanguageList = 65006e002d0055005300000065006e0000000000	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Root\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\trust\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Root\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\CA\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\trust\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\trust\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Root\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	DrvInst.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\LanguageList = 65006e002d0055005300000065006e0000000000	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Root\Certificates	DrvInst.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\LanguageList = 65006e002d0055005300000065006e0000000000	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Root\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Root\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\trust\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\trust\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\trust\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Root\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\Certificates	DrvInst.exe

Modifies system certificate store 2 TTPs 16 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 190000000100000010000000749966cecc95c1874194ca7203f9b6200300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d431d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0b000000010000001200000044006900670069004300650072007400000014000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b060105050703080f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa62000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2	android-unlock.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 04000000010000001000000087ce0b7b2a0e4900e158719b37a893720f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa6090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030814000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f0b00000001000000120000004400690067006900430065007200740000001d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d43190000000100000010000000749966cecc95c1874194ca7203f9b6202000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2	android-unlock.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\D4DF4A8A5BB991C556072F3113BEBE10A35583E0\Blob = 030000000100000014000000d4df4a8a5bb991c556072f3113bebe10a35583e0200000000100000001020000308201fd3082016aa0030201020210a186c913e087ee9f43699f28bf2137cc300906052b0e03021d05003019311730150603550403130e54656e6f7273686172652e636f6d301e170d3133303731313032343031335a170d3339313233313233353935395a3019311730150603550403130e54656e6f7273686172652e636f6d30819f300d06092a864886f70d010101050003818d00308189028181008f6a7bd58b69fb43f16d70db0fb0cee5f90974b0103a5587e4d6711890611b2b412d20c6911a78774ed0fe8c982ac8ce88c804fc4e37a16921dcd3f2f36b5c73be33225a37134fb1c2685e75bb57ee38bc624e63cef76847cbd3b39764ea3758b29b7ef8ce7918747510cdf65c1e982643ff8490e19749d32e5c976e0976d0030203010001a34e304c304a0603551d010443304180107cdf0b9962a719e978a7f13dfbc01600a11b3019311730150603550403130e54656e6f7273686172652e636f6d8210a186c913e087ee9f43699f28bf2137cc300906052b0e03021d050003818100019ec7e4c8c1c730bea1f326306278bcc03f5eb71d6b498b5cf319af02ec3c7d4ae3aba722a47bc815dda1c5354ea45e432b677d956b0204c819867779b53c8334794d099296e07f11e1e1aafe148773ad043edacebaf91fe6970082828409776aad64588b21417753fbde3cbe9948a7ccd376150107d9dd6db5b07f3e125e10	certutil.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\D4DF4A8A5BB991C556072F3113BEBE10A35583E0\Blob = 0f000000010000001400000012de8bc995198a0f7269a57939813e05c9ae859b030000000100000014000000d4df4a8a5bb991c556072f3113bebe10a35583e0200000000100000001020000308201fd3082016aa0030201020210a186c913e087ee9f43699f28bf2137cc300906052b0e03021d05003019311730150603550403130e54656e6f7273686172652e636f6d301e170d3133303731313032343031335a170d3339313233313233353935395a3019311730150603550403130e54656e6f7273686172652e636f6d30819f300d06092a864886f70d010101050003818d00308189028181008f6a7bd58b69fb43f16d70db0fb0cee5f90974b0103a5587e4d6711890611b2b412d20c6911a78774ed0fe8c982ac8ce88c804fc4e37a16921dcd3f2f36b5c73be33225a37134fb1c2685e75bb57ee38bc624e63cef76847cbd3b39764ea3758b29b7ef8ce7918747510cdf65c1e982643ff8490e19749d32e5c976e0976d0030203010001a34e304c304a0603551d010443304180107cdf0b9962a719e978a7f13dfbc01600a11b3019311730150603550403130e54656e6f7273686172652e636f6d8210a186c913e087ee9f43699f28bf2137cc300906052b0e03021d050003818100019ec7e4c8c1c730bea1f326306278bcc03f5eb71d6b498b5cf319af02ec3c7d4ae3aba722a47bc815dda1c5354ea45e432b677d956b0204c819867779b53c8334794d099296e07f11e1e1aafe148773ad043edacebaf91fe6970082828409776aad64588b21417753fbde3cbe9948a7ccd376150107d9dd6db5b07f3e125e10	PassFabAndroidUnlock.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\D4DF4A8A5BB991C556072F3113BEBE10A35583E0	certutil.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43	android-unlock.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 0f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa6090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030814000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f0b00000001000000120000004400690067006900430065007200740000001d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d432000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2	android-unlock.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474\Blob = 0f0000000100000014000000ce0e658aa3e847e467a147b3049191093d055e6f0b0000000100000034000000420061006c00740069006d006f007200650020004300790062006500720054007200750073007400200052006f006f007400000053000000010000002400000030223020060a2b06010401b13e01640130123010060a2b0601040182373c0101030200c0140000000100000014000000e59d5930824758ccacfa085436867b3ab5044df01d0000000100000010000000918ad43a9475f78bb5243de886d8103c09000000010000000c000000300a06082b06010505070301030000000100000014000000d4de20d05e66fc53fe1a50882c78db2852cae47420000000010000007b030000308203773082025fa0030201020204020000b9300d06092a864886f70d0101050500305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f74301e170d3030303531323138343630305a170d3235303531323233353930305a305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100a304bb22ab983d57e826729ab579d429e2e1e89580b1b0e35b8e2b299a64dfa15dedb009056ddb282ece62a262feb488da12eb38eb219dc0412b01527b8877d31c8fc7bab988b56a09e773e81140a7d1ccca628d2de58f0ba650d2a850c328eaf5ab25878a9a961ca967b83f0cd5f7f952132fc21bd57070f08fc012ca06cb9ae1d9ca337a77d6f8ecb9f16844424813d2c0c2a4ae5e60feb6a605fcb4dd075902d459189863f5a563e0900c7d5db2067af385eaebd403ae5e843e5fff15ed69bcf939367275cf77524df3c9902cb93de5c923533f1f2498215c079929bdc63aece76e863a6b97746333bd681831f0788d76bffc9e8e5d2a86a74d90dc271a390203010001a3453043301d0603551d0e04160414e59d5930824758ccacfa085436867b3ab5044df030120603551d130101ff040830060101ff020103300e0603551d0f0101ff040403020106300d06092a864886f70d01010505000382010100850c5d8ee46f51684205a0ddbb4f27258403bdf764fd2dd730e3a41017ebda2929b6793f76f6191323b8100af958a4d46170bd04616a128a17d50abdc5bc307cd6e90c258d86404feccca37e38c637114feddd68318e4cd2b30174eebe755e07481a7f70ff165c84c07985b805fd7fbe6511a30fc002b4f852373904d5a9317a18bfa02af41299f7a34582e33c5ef59d9eb5c89e7c2ec8a49e4e08144b6dfd706d6b1a63bd64e61fb7cef0f29f2ebb1bb7f250887392c2e2e3168d9a3202ab8e18dde91011ee7e35ab90af3e30947ad0333da7650ff5fc8e9e62cf47442c015dbb1db532d247d2382ed0fe81dc326a1eb5ee3cd5fce7811d19c32442ea6339a9	PassFabAndroidUnlock.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\D4DF4A8A5BB991C556072F3113BEBE10A35583E0\Blob = 190000000100000010000000bb2aaa571660ff1ce988d7359536a7050f000000010000001400000012de8bc995198a0f7269a57939813e05c9ae859b030000000100000014000000d4df4a8a5bb991c556072f3113bebe10a35583e0140000000100000014000000cd49cd1eb069e5871ea006a90977c0cf6749fcbe200000000100000001020000308201fd3082016aa0030201020210a186c913e087ee9f43699f28bf2137cc300906052b0e03021d05003019311730150603550403130e54656e6f7273686172652e636f6d301e170d3133303731313032343031335a170d3339313233313233353935395a3019311730150603550403130e54656e6f7273686172652e636f6d30819f300d06092a864886f70d010101050003818d00308189028181008f6a7bd58b69fb43f16d70db0fb0cee5f90974b0103a5587e4d6711890611b2b412d20c6911a78774ed0fe8c982ac8ce88c804fc4e37a16921dcd3f2f36b5c73be33225a37134fb1c2685e75bb57ee38bc624e63cef76847cbd3b39764ea3758b29b7ef8ce7918747510cdf65c1e982643ff8490e19749d32e5c976e0976d0030203010001a34e304c304a0603551d010443304180107cdf0b9962a719e978a7f13dfbc01600a11b3019311730150603550403130e54656e6f7273686172652e636f6d8210a186c913e087ee9f43699f28bf2137cc300906052b0e03021d050003818100019ec7e4c8c1c730bea1f326306278bcc03f5eb71d6b498b5cf319af02ec3c7d4ae3aba722a47bc815dda1c5354ea45e432b677d956b0204c819867779b53c8334794d099296e07f11e1e1aafe148773ad043edacebaf91fe6970082828409776aad64588b21417753fbde3cbe9948a7ccd376150107d9dd6db5b07f3e125e10	PassFabAndroidUnlock.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\D4DF4A8A5BB991C556072F3113BEBE10A35583E0\Blob = 030000000100000014000000d4df4a8a5bb991c556072f3113bebe10a35583e0200000000100000001020000308201fd3082016aa0030201020210a186c913e087ee9f43699f28bf2137cc300906052b0e03021d05003019311730150603550403130e54656e6f7273686172652e636f6d301e170d3133303731313032343031335a170d3339313233313233353935395a3019311730150603550403130e54656e6f7273686172652e636f6d30819f300d06092a864886f70d010101050003818d00308189028181008f6a7bd58b69fb43f16d70db0fb0cee5f90974b0103a5587e4d6711890611b2b412d20c6911a78774ed0fe8c982ac8ce88c804fc4e37a16921dcd3f2f36b5c73be33225a37134fb1c2685e75bb57ee38bc624e63cef76847cbd3b39764ea3758b29b7ef8ce7918747510cdf65c1e982643ff8490e19749d32e5c976e0976d0030203010001a34e304c304a0603551d010443304180107cdf0b9962a719e978a7f13dfbc01600a11b3019311730150603550403130e54656e6f7273686172652e636f6d8210a186c913e087ee9f43699f28bf2137cc300906052b0e03021d050003818100019ec7e4c8c1c730bea1f326306278bcc03f5eb71d6b498b5cf319af02ec3c7d4ae3aba722a47bc815dda1c5354ea45e432b677d956b0204c819867779b53c8334794d099296e07f11e1e1aafe148773ad043edacebaf91fe6970082828409776aad64588b21417753fbde3cbe9948a7ccd376150107d9dd6db5b07f3e125e10	certutil.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\D4DF4A8A5BB991C556072F3113BEBE10A35583E0	PassFabAndroidUnlock.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\D4DF4A8A5BB991C556072F3113BEBE10A35583E0\Blob = 140000000100000014000000cd49cd1eb069e5871ea006a90977c0cf6749fcbe030000000100000014000000d4df4a8a5bb991c556072f3113bebe10a35583e00f000000010000001400000012de8bc995198a0f7269a57939813e05c9ae859b200000000100000001020000308201fd3082016aa0030201020210a186c913e087ee9f43699f28bf2137cc300906052b0e03021d05003019311730150603550403130e54656e6f7273686172652e636f6d301e170d3133303731313032343031335a170d3339313233313233353935395a3019311730150603550403130e54656e6f7273686172652e636f6d30819f300d06092a864886f70d010101050003818d00308189028181008f6a7bd58b69fb43f16d70db0fb0cee5f90974b0103a5587e4d6711890611b2b412d20c6911a78774ed0fe8c982ac8ce88c804fc4e37a16921dcd3f2f36b5c73be33225a37134fb1c2685e75bb57ee38bc624e63cef76847cbd3b39764ea3758b29b7ef8ce7918747510cdf65c1e982643ff8490e19749d32e5c976e0976d0030203010001a34e304c304a0603551d010443304180107cdf0b9962a719e978a7f13dfbc01600a11b3019311730150603550403130e54656e6f7273686172652e636f6d8210a186c913e087ee9f43699f28bf2137cc300906052b0e03021d050003818100019ec7e4c8c1c730bea1f326306278bcc03f5eb71d6b498b5cf319af02ec3c7d4ae3aba722a47bc815dda1c5354ea45e432b677d956b0204c819867779b53c8334794d099296e07f11e1e1aafe148773ad043edacebaf91fe6970082828409776aad64588b21417753fbde3cbe9948a7ccd376150107d9dd6db5b07f3e125e10	PassFabAndroidUnlock.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474	PassFabAndroidUnlock.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474\Blob = 040000000100000010000000acb694a59c17e0d791529bb19706a6e4030000000100000014000000d4de20d05e66fc53fe1a50882c78db2852cae47409000000010000000c000000300a06082b060105050703011d0000000100000010000000918ad43a9475f78bb5243de886d8103c140000000100000014000000e59d5930824758ccacfa085436867b3ab5044df053000000010000002400000030223020060a2b06010401b13e01640130123010060a2b0601040182373c0101030200c00b0000000100000034000000420061006c00740069006d006f007200650020004300790062006500720054007200750073007400200052006f006f00740000000f0000000100000014000000ce0e658aa3e847e467a147b3049191093d055e6f20000000010000007b030000308203773082025fa0030201020204020000b9300d06092a864886f70d0101050500305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f74301e170d3030303531323138343630305a170d3235303531323233353930305a305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100a304bb22ab983d57e826729ab579d429e2e1e89580b1b0e35b8e2b299a64dfa15dedb009056ddb282ece62a262feb488da12eb38eb219dc0412b01527b8877d31c8fc7bab988b56a09e773e81140a7d1ccca628d2de58f0ba650d2a850c328eaf5ab25878a9a961ca967b83f0cd5f7f952132fc21bd57070f08fc012ca06cb9ae1d9ca337a77d6f8ecb9f16844424813d2c0c2a4ae5e60feb6a605fcb4dd075902d459189863f5a563e0900c7d5db2067af385eaebd403ae5e843e5fff15ed69bcf939367275cf77524df3c9902cb93de5c923533f1f2498215c079929bdc63aece76e863a6b97746333bd681831f0788d76bffc9e8e5d2a86a74d90dc271a390203010001a3453043301d0603551d0e04160414e59d5930824758ccacfa085436867b3ab5044df030120603551d130101ff040830060101ff020103300e0603551d0f0101ff040403020106300d06092a864886f70d01010505000382010100850c5d8ee46f51684205a0ddbb4f27258403bdf764fd2dd730e3a41017ebda2929b6793f76f6191323b8100af958a4d46170bd04616a128a17d50abdc5bc307cd6e90c258d86404feccca37e38c637114feddd68318e4cd2b30174eebe755e07481a7f70ff165c84c07985b805fd7fbe6511a30fc002b4f852373904d5a9317a18bfa02af41299f7a34582e33c5ef59d9eb5c89e7c2ec8a49e4e08144b6dfd706d6b1a63bd64e61fb7cef0f29f2ebb1bb7f250887392c2e2e3168d9a3202ab8e18dde91011ee7e35ab90af3e30947ad0333da7650ff5fc8e9e62cf47442c015dbb1db532d247d2382ed0fe81dc326a1eb5ee3cd5fce7811d19c32442ea6339a9	PassFabAndroidUnlock.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474\Blob = 19000000010000001000000068cb42b035ea773e52ef50ecf50ec5290f0000000100000014000000ce0e658aa3e847e467a147b3049191093d055e6f0b0000000100000034000000420061006c00740069006d006f007200650020004300790062006500720054007200750073007400200052006f006f007400000053000000010000002400000030223020060a2b06010401b13e01640130123010060a2b0601040182373c0101030200c0140000000100000014000000e59d5930824758ccacfa085436867b3ab5044df01d0000000100000010000000918ad43a9475f78bb5243de886d8103c09000000010000000c000000300a06082b06010505070301030000000100000014000000d4de20d05e66fc53fe1a50882c78db2852cae474040000000100000010000000acb694a59c17e0d791529bb19706a6e420000000010000007b030000308203773082025fa0030201020204020000b9300d06092a864886f70d0101050500305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f74301e170d3030303531323138343630305a170d3235303531323233353930305a305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100a304bb22ab983d57e826729ab579d429e2e1e89580b1b0e35b8e2b299a64dfa15dedb009056ddb282ece62a262feb488da12eb38eb219dc0412b01527b8877d31c8fc7bab988b56a09e773e81140a7d1ccca628d2de58f0ba650d2a850c328eaf5ab25878a9a961ca967b83f0cd5f7f952132fc21bd57070f08fc012ca06cb9ae1d9ca337a77d6f8ecb9f16844424813d2c0c2a4ae5e60feb6a605fcb4dd075902d459189863f5a563e0900c7d5db2067af385eaebd403ae5e843e5fff15ed69bcf939367275cf77524df3c9902cb93de5c923533f1f2498215c079929bdc63aece76e863a6b97746333bd681831f0788d76bffc9e8e5d2a86a74d90dc271a390203010001a3453043301d0603551d0e04160414e59d5930824758ccacfa085436867b3ab5044df030120603551d130101ff040830060101ff020103300e0603551d0f0101ff040403020106300d06092a864886f70d01010505000382010100850c5d8ee46f51684205a0ddbb4f27258403bdf764fd2dd730e3a41017ebda2929b6793f76f6191323b8100af958a4d46170bd04616a128a17d50abdc5bc307cd6e90c258d86404feccca37e38c637114feddd68318e4cd2b30174eebe755e07481a7f70ff165c84c07985b805fd7fbe6511a30fc002b4f852373904d5a9317a18bfa02af41299f7a34582e33c5ef59d9eb5c89e7c2ec8a49e4e08144b6dfd706d6b1a63bd64e61fb7cef0f29f2ebb1bb7f250887392c2e2e3168d9a3202ab8e18dde91011ee7e35ab90af3e30947ad0333da7650ff5fc8e9e62cf47442c015dbb1db532d247d2382ed0fe81dc326a1eb5ee3cd5fce7811d19c32442ea6339a9	PassFabAndroidUnlock.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\D4DF4A8A5BB991C556072F3113BEBE10A35583E0	certutil.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2184	android-unlock.exe
2184	android-unlock.exe
1584	4ukeyforandroid_pf_2.9.0.tmp
1584	4ukeyforandroid_pf_2.9.0.tmp
2216	PassFabAndroidUnlock.exe
2216	PassFabAndroidUnlock.exe
2216	PassFabAndroidUnlock.exe
760	InstallAndDriver.exe
760	InstallAndDriver.exe
760	InstallAndDriver.exe
760	InstallAndDriver.exe
760	InstallAndDriver.exe
760	InstallAndDriver.exe
760	InstallAndDriver.exe
760	InstallAndDriver.exe
760	InstallAndDriver.exe
760	InstallAndDriver.exe
760	InstallAndDriver.exe
760	InstallAndDriver.exe
760	InstallAndDriver.exe
760	InstallAndDriver.exe
760	InstallAndDriver.exe
760	InstallAndDriver.exe
760	InstallAndDriver.exe
760	InstallAndDriver.exe
760	InstallAndDriver.exe
760	InstallAndDriver.exe
760	InstallAndDriver.exe
760	InstallAndDriver.exe
760	InstallAndDriver.exe
760	InstallAndDriver.exe
760	InstallAndDriver.exe
760	InstallAndDriver.exe
760	InstallAndDriver.exe
760	InstallAndDriver.exe
760	InstallAndDriver.exe
760	InstallAndDriver.exe
760	InstallAndDriver.exe
760	InstallAndDriver.exe
760	InstallAndDriver.exe
760	InstallAndDriver.exe
760	InstallAndDriver.exe
760	InstallAndDriver.exe
760	InstallAndDriver.exe
760	InstallAndDriver.exe
760	InstallAndDriver.exe
760	InstallAndDriver.exe
760	InstallAndDriver.exe
760	InstallAndDriver.exe
760	InstallAndDriver.exe
760	InstallAndDriver.exe
760	InstallAndDriver.exe
760	InstallAndDriver.exe
760	InstallAndDriver.exe
760	InstallAndDriver.exe
760	InstallAndDriver.exe
760	InstallAndDriver.exe
760	InstallAndDriver.exe
760	InstallAndDriver.exe
760	InstallAndDriver.exe
760	InstallAndDriver.exe
760	InstallAndDriver.exe
760	InstallAndDriver.exe
760	InstallAndDriver.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	2216	PassFabAndroidUnlock.exe
Token: SeDebugPrivilege	2260	NETSTAT.EXE
Token: SeRestorePrivilege	2112	DPInst64.exe
Token: SeRestorePrivilege	2112	DPInst64.exe
Token: SeRestorePrivilege	2112	DPInst64.exe
Token: SeRestorePrivilege	2112	DPInst64.exe
Token: SeRestorePrivilege	2112	DPInst64.exe
Token: SeRestorePrivilege	2112	DPInst64.exe
Token: SeRestorePrivilege	2112	DPInst64.exe
Token: SeRestorePrivilege	2112	DPInst64.exe
Token: SeRestorePrivilege	2112	DPInst64.exe
Token: SeRestorePrivilege	2112	DPInst64.exe
Token: SeRestorePrivilege	2112	DPInst64.exe
Token: SeRestorePrivilege	2112	DPInst64.exe
Token: SeRestorePrivilege	2112	DPInst64.exe
Token: SeRestorePrivilege	2112	DPInst64.exe
Token: SeRestorePrivilege	1860	DrvInst.exe
Token: SeRestorePrivilege	1860	DrvInst.exe
Token: SeRestorePrivilege	1860	DrvInst.exe
Token: SeRestorePrivilege	1860	DrvInst.exe
Token: SeRestorePrivilege	1860	DrvInst.exe
Token: SeRestorePrivilege	1860	DrvInst.exe
Token: SeRestorePrivilege	1860	DrvInst.exe
Token: SeRestorePrivilege	1860	DrvInst.exe
Token: SeRestorePrivilege	1860	DrvInst.exe
Token: SeRestorePrivilege	1860	DrvInst.exe
Token: SeRestorePrivilege	1860	DrvInst.exe
Token: SeRestorePrivilege	1860	DrvInst.exe
Token: SeRestorePrivilege	1860	DrvInst.exe
Token: SeRestorePrivilege	1860	DrvInst.exe
Token: SeRestorePrivilege	2624	rundll32.exe
Token: SeRestorePrivilege	2624	rundll32.exe
Token: SeRestorePrivilege	2624	rundll32.exe
Token: SeRestorePrivilege	2624	rundll32.exe
Token: SeRestorePrivilege	2624	rundll32.exe
Token: SeRestorePrivilege	2624	rundll32.exe
Token: SeRestorePrivilege	2624	rundll32.exe
Token: SeBackupPrivilege	980	vssvc.exe
Token: SeRestorePrivilege	980	vssvc.exe
Token: SeAuditPrivilege	980	vssvc.exe
Token: SeBackupPrivilege	1860	DrvInst.exe
Token: SeRestorePrivilege	1860	DrvInst.exe
Token: SeRestorePrivilege	3036	DrvInst.exe
Token: SeRestorePrivilege	3036	DrvInst.exe
Token: SeRestorePrivilege	3036	DrvInst.exe
Token: SeRestorePrivilege	3036	DrvInst.exe
Token: SeRestorePrivilege	3036	DrvInst.exe
Token: SeRestorePrivilege	3036	DrvInst.exe
Token: SeRestorePrivilege	3036	DrvInst.exe
Token: SeLoadDriverPrivilege	3036	DrvInst.exe
Token: SeLoadDriverPrivilege	3036	DrvInst.exe
Token: SeLoadDriverPrivilege	3036	DrvInst.exe
Token: SeRestorePrivilege	1968	DrvInst.exe
Token: SeRestorePrivilege	1968	DrvInst.exe
Token: SeRestorePrivilege	1968	DrvInst.exe
Token: SeRestorePrivilege	1968	DrvInst.exe
Token: SeRestorePrivilege	1968	DrvInst.exe
Token: SeRestorePrivilege	1968	DrvInst.exe
Token: SeRestorePrivilege	1968	DrvInst.exe
Token: SeRestorePrivilege	2344	rundll32.exe
Token: SeRestorePrivilege	2344	rundll32.exe
Token: SeRestorePrivilege	2344	rundll32.exe
Token: SeRestorePrivilege	2344	rundll32.exe
Token: SeRestorePrivilege	2344	rundll32.exe

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
1584	4ukeyforandroid_pf_2.9.0.tmp
2576	iexplore.exe

Suspicious use of SetWindowsHookEx 10 IoCs

pid	Process
1476	Start.exe
1556	repair.exe
1556	repair.exe
2576	iexplore.exe
2576	iexplore.exe
1680	IEXPLORE.EXE
1680	IEXPLORE.EXE
1680	IEXPLORE.EXE
1680	IEXPLORE.EXE
1680	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2184 wrote to memory of 2084	2184	android-unlock.exe	29
PID 2184 wrote to memory of 2084	2184	android-unlock.exe	29
PID 2184 wrote to memory of 2084	2184	android-unlock.exe	29
PID 2184 wrote to memory of 2084	2184	android-unlock.exe	29
PID 2184 wrote to memory of 2084	2184	android-unlock.exe	29
PID 2184 wrote to memory of 2084	2184	android-unlock.exe	29
PID 2184 wrote to memory of 2084	2184	android-unlock.exe	29
PID 2184 wrote to memory of 1476	2184	android-unlock.exe	34
PID 2184 wrote to memory of 1476	2184	android-unlock.exe	34
PID 2184 wrote to memory of 1476	2184	android-unlock.exe	34
PID 2184 wrote to memory of 1476	2184	android-unlock.exe	34
PID 1476 wrote to memory of 2216	1476	Start.exe	35
PID 1476 wrote to memory of 2216	1476	Start.exe	35
PID 1476 wrote to memory of 2216	1476	Start.exe	35
PID 1476 wrote to memory of 2216	1476	Start.exe	35
PID 2216 wrote to memory of 2848	2216	PassFabAndroidUnlock.exe	36
PID 2216 wrote to memory of 2848	2216	PassFabAndroidUnlock.exe	36
PID 2216 wrote to memory of 2848	2216	PassFabAndroidUnlock.exe	36
PID 2216 wrote to memory of 2848	2216	PassFabAndroidUnlock.exe	36
PID 2216 wrote to memory of 2336	2216	PassFabAndroidUnlock.exe	37
PID 2216 wrote to memory of 2336	2216	PassFabAndroidUnlock.exe	37
PID 2216 wrote to memory of 2336	2216	PassFabAndroidUnlock.exe	37
PID 2216 wrote to memory of 2336	2216	PassFabAndroidUnlock.exe	37
PID 2336 wrote to memory of 2260	2336	cmd.exe	39
PID 2336 wrote to memory of 2260	2336	cmd.exe	39
PID 2336 wrote to memory of 2260	2336	cmd.exe	39
PID 2336 wrote to memory of 2260	2336	cmd.exe	39
PID 2336 wrote to memory of 268	2336	cmd.exe	40
PID 2336 wrote to memory of 268	2336	cmd.exe	40
PID 2336 wrote to memory of 268	2336	cmd.exe	40
PID 2336 wrote to memory of 268	2336	cmd.exe	40
PID 2336 wrote to memory of 2036	2336	cmd.exe	41
PID 2336 wrote to memory of 2036	2336	cmd.exe	41
PID 2336 wrote to memory of 2036	2336	cmd.exe	41
PID 2336 wrote to memory of 2036	2336	cmd.exe	41
PID 2216 wrote to memory of 1668	2216	PassFabAndroidUnlock.exe	42
PID 2216 wrote to memory of 1668	2216	PassFabAndroidUnlock.exe	42
PID 2216 wrote to memory of 1668	2216	PassFabAndroidUnlock.exe	42
PID 2216 wrote to memory of 1668	2216	PassFabAndroidUnlock.exe	42
PID 2216 wrote to memory of 1556	2216	PassFabAndroidUnlock.exe	44
PID 2216 wrote to memory of 1556	2216	PassFabAndroidUnlock.exe	44
PID 2216 wrote to memory of 1556	2216	PassFabAndroidUnlock.exe	44
PID 2216 wrote to memory of 1556	2216	PassFabAndroidUnlock.exe	44
PID 2216 wrote to memory of 1640	2216	PassFabAndroidUnlock.exe	45
PID 2216 wrote to memory of 1640	2216	PassFabAndroidUnlock.exe	45
PID 2216 wrote to memory of 1640	2216	PassFabAndroidUnlock.exe	45
PID 2216 wrote to memory of 1640	2216	PassFabAndroidUnlock.exe	45
PID 2216 wrote to memory of 760	2216	PassFabAndroidUnlock.exe	47
PID 2216 wrote to memory of 760	2216	PassFabAndroidUnlock.exe	47
PID 2216 wrote to memory of 760	2216	PassFabAndroidUnlock.exe	47
PID 2216 wrote to memory of 760	2216	PassFabAndroidUnlock.exe	47
PID 2216 wrote to memory of 760	2216	PassFabAndroidUnlock.exe	47
PID 2216 wrote to memory of 760	2216	PassFabAndroidUnlock.exe	47
PID 2216 wrote to memory of 760	2216	PassFabAndroidUnlock.exe	47
PID 2216 wrote to memory of 2112	2216	PassFabAndroidUnlock.exe	49
PID 2216 wrote to memory of 2112	2216	PassFabAndroidUnlock.exe	49
PID 2216 wrote to memory of 2112	2216	PassFabAndroidUnlock.exe	49
PID 2216 wrote to memory of 2112	2216	PassFabAndroidUnlock.exe	49
PID 1860 wrote to memory of 2624	1860	DrvInst.exe	51
PID 1860 wrote to memory of 2624	1860	DrvInst.exe	51
PID 1860 wrote to memory of 2624	1860	DrvInst.exe	51
PID 2216 wrote to memory of 2576	2216	PassFabAndroidUnlock.exe	54
PID 2216 wrote to memory of 2576	2216	PassFabAndroidUnlock.exe	54
PID 2216 wrote to memory of 2576	2216	PassFabAndroidUnlock.exe	54

Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Users\Admin\AppData\Local\Temp\android-unlock.exe
"C:\Users\Admin\AppData\Local\Temp\android-unlock.exe"
1⤵
- Loads dropped DLL
- Modifies system certificate store
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2184
- C:\Users\Admin\AppData\Local\Temp\4ukeyforandroid_pf\4ukeyforandroid_pf_2.9.0.exe
  /VERYSILENT /SP- /NORESTART /DIR="C:\Program Files (x86)\PassFab\PassFab Android Unlock\" /LANG=en /LOG="C:\Users\Admin\AppData\Local\Temp\PassFab Android Unlocker_Setup_20230920024538.log" /sptrack null
  2⤵
  - Executes dropped EXE
  PID:2084
- - C:\Users\Admin\AppData\Local\Temp\is-9F5EB.tmp\4ukeyforandroid_pf_2.9.0.tmp
    "C:\Users\Admin\AppData\Local\Temp\is-9F5EB.tmp\4ukeyforandroid_pf_2.9.0.tmp" /SL5="$801F2,99790933,575488,C:\Users\Admin\AppData\Local\Temp\4ukeyforandroid_pf\4ukeyforandroid_pf_2.9.0.exe" /VERYSILENT /SP- /NORESTART /DIR="C:\Program Files (x86)\PassFab\PassFab Android Unlock\" /LANG=en /LOG="C:\Users\Admin\AppData\Local\Temp\PassFab Android Unlocker_Setup_20230920024538.log" /sptrack null
    3⤵
    - Drops file in Program Files directory
    - Loads dropped DLL
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of FindShellTrayWindow
    PID:1584
- C:\Program Files (x86)\PassFab\PassFab Android Unlock\Start.exe
  "C:\Program Files (x86)\PassFab\PassFab Android Unlock\Start.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1476
- - C:\Program Files (x86)\PassFab\PassFab Android Unlock\PassFabAndroidUnlock.exe
    "C:\Program Files (x86)\PassFab\PassFab Android Unlock\PassFabAndroidUnlock.exe"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Modifies Internet Explorer settings
    - Modifies system certificate store
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of WriteProcessMemory
    PID:2216
  - - C:\Program Files (x86)\PassFab\PassFab Android Unlock\Monitor\Monitor.exe
      "C:\Program Files (x86)\PassFab\PassFab Android Unlock\Monitor\Monitor.exe" 2216(#-+)UA-116569081-3(#-+)PassFab Android Unlocker(#-+)2.9.0.9(#-+)&cd1=2.9.0.9&cd2=0&cd3=passfab(#-+)1
      4⤵
      Executes dropped EXE
      PID:2848
  - - C:\Windows\SysWOW64\cmd.exe
      /c netstat -ano | findstr "5037" | findstr LISTENING
      4⤵
      Suspicious use of WriteProcessMemory
      PID:2336
    - - C:\Windows\SysWOW64\NETSTAT.EXE
        
        netstat -ano
        5⤵
        Gathers network information
        Suspicious use of AdjustPrivilegeToken
        
        PID:2260
    - - C:\Windows\SysWOW64\findstr.exe
        
        findstr "5037"
        5⤵
        
        PID:268
    - - C:\Windows\SysWOW64\findstr.exe
        
        findstr LISTENING
        5⤵
        
        PID:2036
  - - C:\Program Files (x86)\PassFab\PassFab Android Unlock\TS_Android\cert\certutil.exe
      "C:\Program Files (x86)\PassFab\PassFab Android Unlock\TS_Android\cert\certutil.exe" -addstore TrustedPublisher TenorshareKey.cer
      4⤵
      Drops file in Windows directory
      Executes dropped EXE
      Modifies system certificate store
      PID:1668
  - - C:\Program Files (x86)\PassFab\PassFab Android Unlock\repair.exe
      "C:\Program Files (x86)\PassFab\PassFab Android Unlock\repair.exe"
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1556
  - - C:\Program Files (x86)\PassFab\PassFab Android Unlock\TS_Android\cert\certutil.exe
      "C:\Program Files (x86)\PassFab\PassFab Android Unlock\TS_Android\cert\certutil.exe" -addstore root TenorshareKey.cer
      4⤵
      Drops file in Windows directory
      Executes dropped EXE
      Modifies system certificate store
      PID:1640
  - - C:\Program Files (x86)\PassFab\PassFab Android Unlock\TS_Android\InstallAndDriver.exe
      "C:\Program Files (x86)\PassFab\PassFab Android Unlock\TS_Android\InstallAndDriver.exe"
      4⤵
      Executes dropped EXE
      Suspicious behavior: EnumeratesProcesses
      PID:760
  - - C:\Program Files (x86)\PassFab\PassFab Android Unlock\TS_Android\DPInst64.exe
      "C:\Program Files (x86)\PassFab\PassFab Android Unlock\TS_Android\DPInst64.exe" /F /D /SW /PATH mobiledrv
      4⤵
      Drops file in Windows directory
      Executes dropped EXE
      Suspicious use of AdjustPrivilegeToken
      PID:2112
  - - C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" https://cbs.passfab.com/go?pid=1941&a=i&v=2.9.0
      4⤵
      Modifies Internet Explorer settings
      Suspicious use of FindShellTrayWindow
      Suspicious use of SetWindowsHookEx
      PID:2576
    - - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2576 CREDAT:275457 /prefetch:2
        5⤵
        Modifies Internet Explorer settings
        Suspicious use of SetWindowsHookEx
        
        PID:1680
  - - C:\Program Files (x86)\PassFab\PassFab Android Unlock\TS_Android\adb\adb.exe
      adb -L tcp:5037 fork-server server --reply-fd 1108
      4⤵
      Executes dropped EXE
      PID:844
  - - C:\Windows\SysWOW64\cmd.exe
      /c netstat -ano | findstr "5037" | findstr LISTENING
      4⤵
      PID:2152
    - - C:\Windows\SysWOW64\NETSTAT.EXE
        
        netstat -ano
        5⤵
        Gathers network information
        
        PID:1252
    - - C:\Windows\SysWOW64\findstr.exe
        
        findstr "5037"
        5⤵
        
        PID:1980
    - - C:\Windows\SysWOW64\findstr.exe
        
        findstr LISTENING
        5⤵
        
        PID:1352
  - - C:\Windows\SysWOW64\cmd.exe
      "cmd.exe" /C TASKKILL /F /IM fastboot.exe /T
      4⤵
      PID:2856
    - - C:\Windows\SysWOW64\taskkill.exe
        
        TASKKILL /F /IM fastboot.exe /T
        5⤵
        Kills process with taskkill
        
        PID:3040
  - - C:\Windows\SysWOW64\cmd.exe
      "cmd.exe" /C TASKKILL /F /IM adb.exe /T
      4⤵
      PID:2708
    - - C:\Windows\SysWOW64\taskkill.exe
        
        TASKKILL /F /IM adb.exe /T
        5⤵
        Kills process with taskkill
        
        PID:520
  - - C:\Windows\SysWOW64\cmd.exe
      "cmd.exe" /C TASKKILL /F /IM main.exe /T
      4⤵
      PID:756
    - - C:\Windows\SysWOW64\taskkill.exe
        
        TASKKILL /F /IM main.exe /T
        5⤵
        Kills process with taskkill
        
        PID:796
  - - C:\Windows\SysWOW64\cmd.exe
      "cmd.exe" /C TASKKILL /F /IM repair.exe /T
      4⤵
      PID:268
    - - C:\Windows\SysWOW64\taskkill.exe
        
        TASKKILL /F /IM repair.exe /T
        5⤵
        Kills process with taskkill
        
        PID:2072
  - - C:\Windows\SysWOW64\cmd.exe
      "cmd.exe" /C TASKKILL /F /IM InstallAndDriver.exe /T
      4⤵
      PID:2076
    - - C:\Windows\SysWOW64\taskkill.exe
        
        TASKKILL /F /IM InstallAndDriver.exe /T
        5⤵
        Kills process with taskkill
        
        PID:2840

C:\Windows\system32\DrvInst.exe
DrvInst.exe "4" "0" "C:\Users\Admin\AppData\Local\Temp\{59c1bc5b-b8be-67c0-5a35-99039188227e}\android_general.inf" "9" "604dcad0f" "00000000000002CC" "WinSta0\Default" "00000000000005C8" "208" "c:\program files (x86)\passfab\passfab android unlock\ts_android\mobiledrv"
1⤵
- Drops file in System32 directory
- Drops file in Windows directory
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1860
- C:\Windows\system32\rundll32.exe
  rundll32.exe C:\Windows\system32\pnpui.dll,InstallSecurityPromptRunDllW 20 Global\{4603ad65-de67-6995-3966-de346e630135} Global\{6236e367-5e04-609c-0b23-5c0b9acab12c} C:\Windows\System32\DriverStore\Temp\{6be24c81-9ea2-6a16-1f31-5e6059675164}\android_general.inf C:\Windows\System32\DriverStore\Temp\{6be24c81-9ea2-6a16-1f31-5e6059675164}\android_general.cat
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:2624

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:980

C:\Windows\system32\DrvInst.exe
DrvInst.exe "1" "200" "STORAGE\VolumeSnapshot\HarddiskVolumeSnapshot19" "" "" "61530dda3" "0000000000000000" "00000000000005D8" "00000000000005DC"
1⤵
- Drops file in Windows directory
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:3036

C:\Windows\system32\DrvInst.exe
DrvInst.exe "4" "0" "C:\Users\Admin\AppData\Local\Temp\{63cbb227-6322-6a91-3f33-dd649aa05461}\android_winusb.inf" "9" "63edd628f" "00000000000005C8" "WinSta0\Default" "0000000000000334" "208" "c:\program files (x86)\passfab\passfab android unlock\ts_android\mobiledrv"
1⤵
- Drops file in System32 directory
- Drops file in Windows directory
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:1968
- C:\Windows\system32\rundll32.exe
  rundll32.exe C:\Windows\system32\pnpui.dll,InstallSecurityPromptRunDllW 10 Global\{05ed3e12-a787-6f81-39e0-332caec3b70b} Global\{69907857-13b6-3bd2-b430-bb390f13dd70} C:\Windows\System32\DriverStore\Temp\{34fc1799-d9de-1501-3d76-a5537fa25115}\android_winusb.inf C:\Windows\System32\DriverStore\Temp\{34fc1799-d9de-1501-3d76-a5537fa25115}\android_winusb.cat
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:2344

C:\Windows\system32\DrvInst.exe
DrvInst.exe "1" "200" "STORAGE\VolumeSnapshot\HarddiskVolumeSnapshot20" "" "" "65dbac317" "0000000000000000" "00000000000005AC" "00000000000003E8"
1⤵
- Drops file in Windows directory
- Modifies data under HKEY_USERS
PID:864

C:\Windows\system32\DrvInst.exe
DrvInst.exe "4" "0" "C:\Users\Admin\AppData\Local\Temp\{1058cadb-d00f-7118-fc88-a9153a481419}\ssudadb.inf" "9" "6f7b77e67" "0000000000000334" "WinSta0\Default" "00000000000005BC" "208" "c:\program files (x86)\passfab\passfab android unlock\ts_android\mobiledrv"
1⤵
- Drops file in System32 directory
- Drops file in Windows directory
- Modifies data under HKEY_USERS
PID:1788

C:\Windows\system32\DrvInst.exe
DrvInst.exe "4" "0" "C:\Users\Admin\AppData\Local\Temp\{64dd333f-78f7-7bad-add9-31005079d92f}\ssudbus.inf" "9" "6713a2877" "00000000000005BC" "WinSta0\Default" "00000000000002CC" "208" "c:\program files (x86)\passfab\passfab android unlock\ts_android\mobiledrv"
1⤵
- Drops file in System32 directory
- Drops file in Windows directory
- Modifies data under HKEY_USERS
PID:2500

C:\Windows\system32\DrvInst.exe
DrvInst.exe "4" "0" "C:\Users\Admin\AppData\Local\Temp\{29c44b0e-43ad-5e2d-ae4a-2125117c0160}\ssudmdm.inf" "9" "6f94a75e7" "00000000000002CC" "WinSta0\Default" "00000000000005C8" "208" "c:\program files (x86)\passfab\passfab android unlock\ts_android\mobiledrv"
1⤵
- Drops file in System32 directory
- Drops file in Windows directory
- Modifies data under HKEY_USERS
PID:2092

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\PassFab\PassFab Android Unlock\AppService.dll

Filesize
191KB

MD5
973e3fa128000bdb35852169183f32bf

SHA1
02aa017261bf5d4a95388a981ae8769517875778

SHA256
9f5c02f47c2ed9449690a75581e75c333e59935dc0a5962f3117585507153e07

SHA512
53c05aa36877113003662234dd0b1319dd23ccfba6101b25acb96772896a9c724a4d266d8b5eb2b490b453d5b6c1fbf823593b12d8ca3056107b98bf4fac6ccc

Download Submit
C:\Program Files (x86)\PassFab\PassFab Android Unlock\DownloadDemo.dll

Filesize
62KB

MD5
d209b68a331292711c3c5782e7c5dbac

SHA1
06bfdae293687eef52c976388879af97c41c9496

SHA256
2a6d4733f01a2d09555fb5823548c1755a6a1ac26372784664200c2dabdb610e

SHA512
422dd9c4857cf68c694086662624d1524843293fa4bcf07c51c2d31d2e39ba0ebd677aafd087e659dae6e1764963fd8382756e20cc7d54108453a01230ddeeaa

Download Submit
C:\Program Files (x86)\PassFab\PassFab Android Unlock\MSVCP140.dll

Filesize
446KB

MD5
b33902774ce0eded02b0cf1b54622736

SHA1
05c4ffb6b9b9ba8a56b7a3187b7d100ab20fe8d5

SHA256
8cabbd2ad374da8e58374c6915592d217966e7ea7e0d4038aa21a2d92a5a0612

SHA512
bb7b40d3907ec7d96ed2827067b9b727bf8cc660be21d8aa40267ed25c44bf06b54654af669c5a47dbb321b3d46275780c00fffbc15a7af0c5bee03bdc3d1988

Download Submit
C:\Program Files (x86)\PassFab\PassFab Android Unlock\MTKEXE\My_Code\Loader\Preloader\is-5CFDD.tmp

Filesize
640B

MD5
a559238487c685f5bd9c1ed82b9b55e6

SHA1
bdad0bd40b5f50df6824826ea613d3aa0d274199

SHA256
6c6f55d1e364ad7691bc5f74973fe4834e3a7a1ccb5f81ac635df8580dca7404

SHA512
a80a3a3eb216b582d542918a1e4fa08bf320f984d409c380fd2382db360189bb940fda264018e772da8f966d2b2d15c73defd10f9cca229aceae1dd375bd924e

Download Submit
C:\Program Files (x86)\PassFab\PassFab Android Unlock\MTKEXE\My_Code\Loader\Preloader\is-B6TDS.tmp

Filesize
1KB

MD5
dcaf1ab876c9c56941e235c8437b5b16

SHA1
3c340e7897993f787828289548a49d393854d749

SHA256
4e4d3dfa8e3e720149ec144a20f70c8f237ca5da744333fc726cfa50520e63f1

SHA512
4b7e41cf9b91f7bc21efb0a6c8954164d0772c16166baff191b8b193ac13a1c62e85e04b54ed21004b0e2ba83aa931c3464981760b3e3094b105945ae8335dfe

Download Submit
C:\Program Files (x86)\PassFab\PassFab Android Unlock\MTKEXE\My_Code\Loader\Preloader\is-E58UH.tmp

Filesize
2KB

MD5
3080fb142ef1e238c1cfbd0359b09f8a

SHA1
5815b63d8d3b72ff10cda3d7a5fe89cbc49a3724

SHA256
51cae7476a7e3c9b8837ef1f75fb97dab58c7ac04796ea9125c82a47938747b5

SHA512
c7e52247322575c21f0d8c6302f66791a178a7dd75945c61220372710f5e47d40d4343ddd5692adc6a833d0a47088cea7b3f74aad5a7c7b6ec7a8a0b9386d91a

Download Submit
C:\Program Files (x86)\PassFab\PassFab Android Unlock\MTKEXE\My_Code\Loader\Preloader\is-OJ10H.tmp

Filesize
592B

MD5
17630d7cce9333d2da772222383f0bc1

SHA1
d56bc8751354b88b3b10356f2f1d3c139be1a613

SHA256
f7ab4dbdda43711e3d5196d3ff40470a0a048b2bea3746e25bce82fe878e80c9

SHA512
b9f2af61cb8f10708df07b55a7a7965ebaa2b5b288a5895f74d8c08cbd99c8ac4948e5b1dafeebacfed71621c7dd232d4df95c7779f28d7d76344bbe5afedfaf

Download Submit
C:\Program Files (x86)\PassFab\PassFab Android Unlock\NetFrameCheck.db

Filesize
10KB

MD5
43afbf1cba64eb1d92db185411d8c674

SHA1
fa9b95c39d010ba298489bfa399b61167c7a2efb

SHA256
53f26ebbc8bf1072f37fe6e668fadd628d100a762521762ab9dcab48685ffb36

SHA512
c0d1b8f0324afeed5da4b5941e064e16d9e5c570dc9ab4092c7dd4f5c1a2461eec6f7d4dd090a42659bb4ee2138f90a53dd8440ba5974b3a57fa2277e1ce082d

Download Submit
C:\Program Files (x86)\PassFab\PassFab Android Unlock\PassFabAndroidUnlock.exe

Filesize
19.7MB

MD5
b2087c38700d6381c0f35d1931f2663a

SHA1
a69f9756ba25de9aa64690b9f52d1cbb7525c2bd

SHA256
cb203a4164932e188a2c2340579ffffad840a2d4e64fe711c4f8af23ad46d67e

SHA512
10e30325140ff002454b93fe5ab943d72713e12b4481bd880e82533c2c8fd15acb00d127572b197eec66a871eb77ea35b1d0bee8822a9cb1e9b0341c68098621

Download Submit
C:\Program Files (x86)\PassFab\PassFab Android Unlock\PassFabAndroidUnlock.exe

Filesize
19.7MB

MD5
b2087c38700d6381c0f35d1931f2663a

SHA1
a69f9756ba25de9aa64690b9f52d1cbb7525c2bd

SHA256
cb203a4164932e188a2c2340579ffffad840a2d4e64fe711c4f8af23ad46d67e

SHA512
10e30325140ff002454b93fe5ab943d72713e12b4481bd880e82533c2c8fd15acb00d127572b197eec66a871eb77ea35b1d0bee8822a9cb1e9b0341c68098621

Download Submit
C:\Program Files (x86)\PassFab\PassFab Android Unlock\PassFabAndroidUnlock.exe.config

Filesize
3KB

MD5
4a73ace0eb8089ac390dfd9f15244ce7

SHA1
8b86c209eb0192adb61915636cee27f3e65c8cd6

SHA256
60c84c835694ca792bd94115998effa536ab044ccf0ebe3240ebfaff8f648593

SHA512
d5f55ccb3bbbf2900f81dcdd3aff5f312c06558c8fc970cb365435174d65438762cf24b38c560989624bde6126b0e6b15221ddd785ce47c427a8af8f9369bf05

Download Submit
C:\Program Files (x86)\PassFab\PassFab Android Unlock\RepairDeviceDll.dll

Filesize
84KB

MD5
3530de798aed636e70d5940a78984e99

SHA1
a16a21795634cbef4d828397168ca6a78083334e

SHA256
df2f9b25b8a7480a5fe1b026950a37e7d9653b44f189d6894d15767d7a8c89ec

SHA512
dca7cd3540dafa442fad24c6523990837b86b782be1c2bdcf914819892b9748268463dd5d290eda99b57eddd3228181c32de0b73abd3ccacdd6b09add6f71981

Download Submit
C:\Program Files (x86)\PassFab\PassFab Android Unlock\Start.exe

Filesize
5.0MB

MD5
f630b60e7f15fc64b6572d4da2b0f280

SHA1
4d1b3782aa2d600d6acaa2a43eb2a97ee35fbe3b

SHA256
6367979c9d6b11b7e8cb4f5cecf01f1d52b32d293acdcefd33dbad99743ab6d8

SHA512
d075202a723d5496f588975dae89fa9b6e4ad379b01204e3330c493a160ab998a8fddcab909c20b50b7abe69a73379e88430605ec6e39ebe22a8ac4bc55d3a40

Download Submit
C:\Program Files (x86)\PassFab\PassFab Android Unlock\Start.exe

Filesize
5.0MB

MD5
f630b60e7f15fc64b6572d4da2b0f280

SHA1
4d1b3782aa2d600d6acaa2a43eb2a97ee35fbe3b

SHA256
6367979c9d6b11b7e8cb4f5cecf01f1d52b32d293acdcefd33dbad99743ab6d8

SHA512
d075202a723d5496f588975dae89fa9b6e4ad379b01204e3330c493a160ab998a8fddcab909c20b50b7abe69a73379e88430605ec6e39ebe22a8ac4bc55d3a40

Download Submit
C:\Program Files (x86)\PassFab\PassFab Android Unlock\TS.MvvmLight.dll

Filesize
555KB

MD5
060b24fa4eb37f7565da7ddd49f0a9ba

SHA1
651f26f2147dbd0366a9013b9aa7995a17e923e6

SHA256
d59c876621c0b935cdcbd1bfa633adb24d326375648e1593bfef5e4cf1305daa

SHA512
6f32e284191b5017188367bfffc70751e60b6dd9de12dd6e46ab01e0aaa69040e25d6c75b18e3fbee943b1f14202fb54768678b0e62d2d4a54332dcd3f824da7

Download Submit
C:\Program Files (x86)\PassFab\PassFab Android Unlock\TS.UI.dll

Filesize
354KB

MD5
5d5d7a234e8fb09a91b796e634606c10

SHA1
7b6c25f25f9a99e97ca4b40410aa9948df9b2d4e

SHA256
62d8b2ef40b4d9e0d5adac5745b705f8555d331a7aeb82242aeec4efbe900e29

SHA512
1c6c079be186f41923ce30ab67a5a0f8c059f344d936a4860b84bf46a713695f5c0a2e6ff89c52f251a0cdd0f188b1d5e4010a8803f86a7611107851985168d4

Download Submit
C:\Program Files (x86)\PassFab\PassFab Android Unlock\VCRUNTIME140.dll

Filesize
80KB

MD5
e79ef25890b214b13a7473e52330d0ec

SHA1
e47cbd0000a1f6132d74f5e767ad91973bd772d8

SHA256
7a114a9c1ca86e532d7f38e81c48f24ef2bfe6084f6056b3d4c3566ba43003d6

SHA512
dabed378fccfabc10486747fc70cf51a4fcc5b88f869c8a2fa4df30caa83a3af086c89e23806b7a291756da957a97c80a9b834a05e1d8ee7bd5c7159458c537a

Download Submit
C:\Program Files (x86)\PassFab\PassFab Android Unlock\adk\drivers\x86\is-7UHTR.tmp

Filesize
166KB

MD5
3935ec3158d0e488da1929b77edd1633

SHA1
bd6d94704b29b6cef3927796bfe22a2d09ee4fe7

SHA256
87cbd1f3bf5ab72089a879df110263784602a574c0ae83f428df57ae2f8115db

SHA512
5173891b1dfad2298910236a786c7b9bbcfce641491a25f933022088c81465fb93fd2385d270e9a0632f674355538da464d1edacf511140d6f31d91d1afe64fc

Download Submit
C:\Program Files (x86)\PassFab\PassFab Android Unlock\api-ms-win-core-file-l1-2-0.dll

Filesize
11KB

MD5
00d8b4bed48a1bb8a0451b967a902977

SHA1
f10ef17bda66d7cab2840d7f89c6de022a7b3ff2

SHA256
568d7f8551d8b4199db3359d5145bc4cb01d6d2f1347547f47967eb06a45c3b5

SHA512
e248cbc06fc610f315d7efcadb39b5cb85dfe5d40858768d5aea8d41b3b4b23eafe0db2b38cce362fd8ba8bc5eb26e9b2dddc00e2e8615395bca818ecfe0decc

Download Submit
C:\Program Files (x86)\PassFab\PassFab Android Unlock\api-ms-win-core-file-l2-1-0.dll

Filesize
11KB

MD5
534483b0f4a1924b1ae6d7e66b4a4926

SHA1
4e954316acd216007f4a0225b138e0c0a04fbbed

SHA256
c1bca1bb524c5ae3d877a099f469b6fc34288bab26ae7a7f4fc47cd869f4958d

SHA512
cfad2ddf8a9ad67e36e978726d8a12ca26b180f73122b2e8d19a83f73028a050d9f418e7525f576cc3a9601b3369d4494dddbde620b4011b7ca8a7ec4b0d1b12

Download Submit
C:\Program Files (x86)\PassFab\PassFab Android Unlock\api-ms-win-core-localization-l1-2-0.dll

Filesize
13KB

MD5
73483cbc229c62e129627adbf62b0ffe

SHA1
074ce67665c86355d3218b5e3ea4b1b335095af8

SHA256
13471eb84db95f8270398ef1deb29f0ea024db17e331497545c36eea7b2a3a7c

SHA512
92f06cb8971e29da7607c6b1d1377f21c7e6f0e4a169aaa08326038d5cdb09422b91f4f2d26a7978521e0edbb9cf1235e583f2910048c917ccef8d12c5e1166a

Download Submit
C:\Program Files (x86)\PassFab\PassFab Android Unlock\api-ms-win-core-processthreads-l1-1-1.dll

Filesize
11KB

MD5
7016bf365a155d29f01a000942a017ef

SHA1
47e25b97af56edbdd20ca72bba994c6bcf1b81e6

SHA256
b5f815d0a41add7fd9593036a8e6843fcc221298fefd61808f960eed3cc19830

SHA512
2cd7e88717a2d81811ce03990737888b8a1e9e351dcdad401ffe5924bdf97be086bd766a1a5b25411b760cbf81b68bebd94d915100b6bc1310360813af11f827

Download Submit
C:\Program Files (x86)\PassFab\PassFab Android Unlock\api-ms-win-core-synch-l1-2-0.dll

Filesize
11KB

MD5
9efdffac1d337807b52356413b04b97b

SHA1
2590bd486abce24312066285fa1c1feaf8332fe0

SHA256
e1a87d7d01e2376dde81a16658915ccf2ecb692739fef09adfb962523756e22d

SHA512
b3c164e50d48a78bd08cf365e02e263b97ec2dd3efcf04914c8677c838e10be23df5178a8618e3f2a6feb6faa2bb74eaf069e7e2db7c6e6fd9d0137dcffbcead

Download Submit
C:\Program Files (x86)\PassFab\PassFab Android Unlock\api-ms-win-core-timezone-l1-1-0.dll

Filesize
11KB

MD5
42c72d838c34e4e7164c578a930b8fc7

SHA1
82d02cb090eb6d81a1499189e4d3e6b82aa60061

SHA256
f1667bbda1b58fc688b422fd2f9f7040919c4ababe00a4be78b258cae2dfc3d3

SHA512
1020d6010dca512adbc18f44b6453a974a200766013c39f6cb1cd0a72234a241c73587c929f1d0fcadf90c3eb71264086167f05bd7ebceb5b944f4e4a0811d92

Download Submit
C:\Program Files (x86)\PassFab\PassFab Android Unlock\api-ms-win-crt-convert-l1-1-0.dll

Filesize
15KB

MD5
5c6fd1c6a5e69313a853a224e18a7fac

SHA1
10bae352f09b214edef2dc6adcb364c45fafdbec

SHA256
3aa0eb4c47ac94b911f1a440324d26eee8ddf99557a718f0905bfee3cf56255f

SHA512
08c2b1150f6bf505d10085a515bbfab6c1e18663c6ef75ec988727e3d30210532d03bfbfbb048b1a843d4faa5d1060f9079e018a9e892bce03f899a5a85f6034

Download Submit
C:\Program Files (x86)\PassFab\PassFab Android Unlock\api-ms-win-crt-heap-l1-1-0.dll

Filesize
12KB

MD5
a51cfb8cf618571215eeba7095733b25

SHA1
db4215890757c7c105a8001b41ae19ce1a5d3558

SHA256
6501894e68a3871962731282a2e70614023ec3f63f600f933ec1785400716ce1

SHA512
9ae11ab21486dea1aba607a4262f62678c5b0e9f62b6a63c76cfdc7698d872d8696ffb1aaae7aa2e2cf02c1c7eaa53d0ce503432960f4be6886fae0de2659535

Download Submit
C:\Program Files (x86)\PassFab\PassFab Android Unlock\api-ms-win-crt-locale-l1-1-0.dll

Filesize
11KB

MD5
8d097aa5bec8bdb5df8f39e0db30397c

SHA1
56f6da8703f8cdd4a8e4a170d1a6c0d3f2035158

SHA256
42c235914844ce5d1bb64002fca34a776ae25ee658fc2b7b9da3291e5def7d4d

SHA512
a891536e2a362fc73472fa7f5266ce29e8036959701bc0862f2b7ea5865dcd1505615edc8e064fb2f7aaa1b129e48422efe7b933b01faed9c2afadd8a64452dc

Download Submit
C:\Program Files (x86)\PassFab\PassFab Android Unlock\api-ms-win-crt-math-l1-1-0.dll

Filesize
21KB

MD5
ab87bdae2f62e32a533f89cd362d081c

SHA1
40311859dd042a7e392877364568aad892792ba9

SHA256
0439703e47c8fce1f367f9e36248a738db6abcd9f2dd199cb190d5e59ed46978

SHA512
dbe0073da8979f3d32204680015b60435226840e732b5df964dbeeb7920c0bc5df92d866964f905518c97cc3539f628664503ffa64e50a2ef90c459b62555444

Download Submit
C:\Program Files (x86)\PassFab\PassFab Android Unlock\api-ms-win-crt-multibyte-l1-1-0.dll

Filesize
19KB

MD5
169e20a74258b182d2cdc76f1ae77fc5

SHA1
fce3f718e6de505ac910cb7333a03a2c6544f654

SHA256
224f526871c961615de17b5d7f7bbef2f3a799055cab2c8e3447b43c10c25372

SHA512
0881c8704421a5f6e51abd22c55608dd7fb678491682ce86066e068b1973ebf11d6c2163be610a49f87e800c8563ebb41abfe36e1913d7d0b8485fd29ed81bf7

Download Submit
C:\Program Files (x86)\PassFab\PassFab Android Unlock\api-ms-win-crt-runtime-l1-1-0.dll

Filesize
15KB

MD5
49363f3cf4671baa6be1abd03033542f

SHA1
e58902a82df86adf16f44ebdc558b92ad214a979

SHA256
505d2bde0d4d7cd3900a9c795cb84ab9c05208d6e5132749ab7c554ccd3c0fcc

SHA512
98e78a607cfbb777237dc812f468ec7a1abcba9472e20a5780dfc526f7992da1841fcd9e2f76f20fa161240007f185c7fbdc120fb4c3c1f2b90fdad5913d65dd

Download Submit
C:\Program Files (x86)\PassFab\PassFab Android Unlock\api-ms-win-crt-stdio-l1-1-0.dll

Filesize
17KB

MD5
be16965acc8b0ce3a8a7c42d09329577

SHA1
6ac0f1e759781c7e5342b20f2a200a6aab66535e

SHA256
fcd55331cc1f0ff4fb44c9590a9fb8f891b161147a6947ce48b88bf708786c21

SHA512
7ba55fa204d43c15aca02031f584b3396bb175365dad88e4047b8a991f1f1ddd88d769e4d8cb93ee0ed45e060a1156e953df794f9cb8bb687c84c4a088da2edf

Download Submit
C:\Program Files (x86)\PassFab\PassFab Android Unlock\api-ms-win-crt-string-l1-1-0.dll

Filesize
17KB

MD5
3eae6d370f2623b37ec39c521d1f1461

SHA1
86d43e2e69b2066333e4afa28a27c7a74ff89991

SHA256
ce74bdc6999d084a1b44b2ecea42dd28849b2825d7779effdc4c18360308b79b

SHA512
30b2b6cf5cd1bbdf68de048e6d992133fe7ab0c847fa0d5eb8c681a9688d60794621a40178451a104036a0fff2e1bd66a18d9f96be6b28dbdc0bc1c8a535fc85

Download Submit
C:\Program Files (x86)\PassFab\PassFab Android Unlock\api-ms-win-crt-time-l1-1-0.dll

Filesize
13KB

MD5
a440776e10098f3a8ef1c5eaca72958e

SHA1
7b8662714f6e44fb29a4224a038e4127964003e9

SHA256
40d8bc312ac7bca072703e5f0852228cde418f89ba9ad69551aa7a80a2b30316

SHA512
b043cd020d184a239510b2607c94210dc5fdc5d2a2b9285836bdce8934cc86a1cc3f47a2f520b15db84f755ac2e7c67e0247099648d292bbd5fb76f683d928df

Download Submit
C:\Program Files (x86)\PassFab\PassFab Android Unlock\cloud

Filesize
252B

MD5
ab628eefcc01ed6013769736e9d68886

SHA1
c9cf27e83dc74cf01afc98f562900262ca694cf1

SHA256
fc8b7469a6ad296dc34b5cf16322441add2854e3f81779f7820e4a4f07738f89

SHA512
fab030ba37894106e6111243f91eacbd0287a59fb07e717e89e01b79642ca84b7b0b0a79fa3cc84554d9d61ff474eb6f63c18ad9ff7ba85ac0df1967a19ad6e5

Download Submit
C:\Program Files (x86)\PassFab\PassFab Android Unlock\ucrtbase.DLL

Filesize
1.1MB

MD5
b9820b010d39c3f0d5ec277d54b37fbf

SHA1
b2f704ade582bd498224bd84dfd8ec5a4efc2fb1

SHA256
de3f497d6da0b5b8ce3785d4ea1e587c50f1cae356226ffa3416fa43ef8a8503

SHA512
abd3c0f7d733d2537df5aed4b1327aa8988b823bc654528f1b206cd5b454c57bd0d004092a90dbb20d7109a24591669d3602d9e28c435ec815dd21efaa8cb2b7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A694EFF979F014411C4C9C7FAC29FB34

Filesize
993B

MD5
d63981c6527e9669fcfcca66ed05f296

SHA1
b51c067cee2b0c3df855ab2d92f4fe39d4e70f0e

SHA256
2ce1cb0bf9d2f9e102993fbe215152c3b2dd0cabde1c68e5319b839154dbb7f5

SHA512
5fada52ff721f4f7f14f5a70500531fa7b131d1203eabb29b5c85a39d67cf358287d9d5b9104c8517b9757dba58df9527d07dc9a82f704b8961f8473cdd92ae7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a645459d2d3732bdfcf8e733dffca4cd

SHA1
9b509981195ffdc1e4fda8909e56b86727bf4009

SHA256
edb182f0029535a1bf662381dddf15c5d74640489392f24166076a78dcc67c79

SHA512
9ec5fa16a01a69abbe7e2d9d47af982062bededba75ad486555fd08e291ffd6693dc629d9afa2c7276c0b1c1fc13957fe3113885044787eef2a26871cc2d9c2c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
43fd5f5b606f985432caa76dfe64eb85

SHA1
c1a4ec1eeedcfdcfd8f27b7fa51eba29cec9f224

SHA256
0ea714fbd832dd08d9451235055983ff90f6d0d1da1aaee8f51c3c1a1807abc5

SHA512
fdf96cfce5341385f19afdd4e018ecbf5cf36d3285e3af15b405c2a4a49fea957a39dead36ef5cdfe9e5012b95ecc637107b35173c84f1db0ed9480b2a35e85d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
729e40f1bfc911675d798819f3d4fb9e

SHA1
e0cee997dca5a6934a79cdd9ad2527c38a9e33ef

SHA256
a58074a0cfa2f5ba7851b343aae15e76779173cd0c4ae6477e594181ffcfeccc

SHA512
18f9b567b1fa0a30aaf2934ed288d8f1f346eec08f55e3d107d2e673d515355fe383a43caceb1346e6b3efe3ce0c901bee4162353d21050ab8b26f9dcf3d66c4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
47c44498bfe880a2d84b2ac2334f9254

SHA1
2bfe57d24d9c82c68239bede0f2486003c8bc204

SHA256
8ce132556249826cd10715ca58c361e39bfa284f3d048baf9ef049bca1366a75

SHA512
aea207f1685a9bf3928a76c41981cb00bcad6d8dab42effcffde42b513d9f12341169397a149b19b42f9326a61aef46c10d28bedf564e6dda3419df014d822ca

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5a79676820414fb9a0254fcf650a9a16

SHA1
fe7328a092e3da147227625cb65a2e136c313d96

SHA256
a23233c3ebc72ce8a6252cfcbcf635d5d99d8eb433e1ff80fabacda74f8cb69e

SHA512
cd5d4abdf3c9a0a8d09d13e26c1ed4ba9135e3731deca7d2f9f60f0932f7598de27b4940a2ea8fa101896eb16cd83bba6f0eff83303a40480e4f86c13c17aee6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
bb11f6260bbe35099a8c4192ab05730b

SHA1
ccabf3c4ffe1198b3e13608b3e52bb1087e9d87b

SHA256
57da1a078e73f6d0fdfaf336a08deaf9cc03ecb522868147a6787390ef11163c

SHA512
26d1821b456429e3eb00031a363d8a8a8e985b54a3830246088e71e23db4a0a544170a6eb880c624670b4ceaff589de997c345772f7b09016f7bbed29f6c74e5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
86c82eee107788b2680ad0617c1971cb

SHA1
95379cc9d84426016d6bde62b34a7e43c08c0e6c

SHA256
cacef18f935b9c6bf3f667577bc06ebfedcdce5cd5fa9babc61c8998392c5079

SHA512
3a35c68692ff2d71903edb5297cd47a469e92201d0345472f02fba8c465e6a792cb827e56d7583c0cb58eac97599dca7f030c59e2b31a89f015e6d8f737aced3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2faf43481230b01ad94e68b9f3fbdb24

SHA1
a27a69dcb0cbf66208e17f4b8a6203d04ba814db

SHA256
4dad30f80916999d0beeee40f58166bdde2eeaa1d8a8d4f5d9e427e2066e2059

SHA512
6c59132a7ba915f98601c5f9c2caeed5eb7c623818424adbc1dd29ce9f427f6e24ac091220f8353ea8f3e4dc7942ab28cc2e20b3a437c781133712ecf1dd8cc3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a618a73959fe9355d57edeecb03d81e5

SHA1
baca0e3a271ca258d76eeb2aee9dd9faa9737ad5

SHA256
2c75a2f7734e54b0f38b647fa6b5429ff320fd5056d324ba07538c74a51818e7

SHA512
3a75b67e0439a681f9ea9c765db54fa1fa65f93ce5a1127feafd745279c3a7a38b19de2eeba1a548e02fb377fab20db5c3f55be43df6ac911b399f41315bdb25

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
07b937a833e51f906b50170b4dc67a84

SHA1
b9e3da23e852a2025d5b9938dee0b5940bc7eae4

SHA256
178170114da8aca1a2e52c47d4977859f0ea92fbd8bdd1068c67a9b503b4e905

SHA512
cf77d75b11065780567f1532f18c989f9891e0a5e33ee232d5373801570a756c89376a7ce963d1aac391dd98d257e3710e6c1248dd54065b19282758f0d70482

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
fa94381a5bb84d39829877cb28061c1a

SHA1
0cf79d2a8d1ff926be11571ce30976a34d9fc505

SHA256
6d798c124fcd39ce0e1c825ed703e7acfc0f7f95bd178a4e02147a52760b9f56

SHA512
a22051e1bd8aebfe8cdb99d2d5548904041c9ae76412bcf5ad1fae87ac1f2a69815afee8a2aa595e544232cc9128eddce84853e484bbbdee2841c061e02923f9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
88c72ae39734aa3fadc221e6c6bb4890

SHA1
4b5396bb5f9fe49cf4772fdbd9e33ec1cc454798

SHA256
6fbfc3a9c40edec97e498fbcb8533b8d3034af7534fd517e236a8e766287a46e

SHA512
49421700a18e3f120e1ccf67cf888088ff3626d2d4cc03049e5393167e68d40f52493fe09a2ca28178f4e1941e946cf49e737049e5ae4e08c0cec2312b919f97

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3dcf6d3cc58caef98981e98c3c148c63

SHA1
df0343b6c4bc7fd088d14341c0fa4fc377a28eac

SHA256
b7137537e9b60b66996da26bdc962ed1515b252a1c802d33251af359c9ba01a3

SHA512
3fed7b2236ce9e91e96dbc56ecd9ccca0e80beb1018e6e664b521dc79f13e88a8a640684e941746a435ccb5505e4238b7e9a2c44a20649054313267cb9e90f05

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
67cdbfe6c92008d455c5d2cb047d8da2

SHA1
e860606f1542c3d63280ceb01403f0ee0c676adc

SHA256
8f8377ae0d3faf5d0d13f4fe396577cc038e1f2d8f500373f6c3b6362350a1d7

SHA512
d99e9dc96c10cfaaabe72f63e148e87c5d461e943d209bc86223c45abf7b17680e0d7991916f204ab140298334c9bfe3f265cab182d2f3aaed0b484793afb4ee

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a534888bcd4425bf8eeb5e4951ef047c

SHA1
49a0ef081ae22858e6ce35e0f7a26b231ef58c6a

SHA256
1ea522b66132257688de88d962e6938ba5fb40bb1fd4e25d3a391bc9ebe4d4ed

SHA512
a9223b9768bed5fc44284dc0361f93dba2948d4d8c67e906e6ebbeac440fabc0bc10c3acfc22e65cfe661605eade540f35db662419a6db5f2227adfdeed87cef

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
de4674407ae1ec0a0c4697e967b56f2c

SHA1
6dd74e84b896593e4a903692f26c771151ea1940

SHA256
37a9e266063f2ea270eda1fdbb134baea7402a8c53475eb9810608039df84372

SHA512
dcc5e3343f851df40573860c4a4160377586384cc72d5ed617793fea7d589e29f4f86685ef408800a95b02363abe67e1f79a45aba8ff64708c00ee2e8200d2d0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
75c05df75d3656f0f776ef5cc1b9e7d1

SHA1
03abd22cc7a1ab1852c81016518efa3ab792fa7d

SHA256
babde8bccae672de969a59ac84f5176834385968e035bfd1988ee1118367910c

SHA512
ec0c0ff22ce3ed781a16f57c164b7d070b20b7fef53bb3116672593f616e559bc923d6d8256086922d340fc9d5d342d8b1f7ec3076dab5cdcb2f30594aeaa7ae

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e5b1eb299e42472e28e5a1be4f4af4ca

SHA1
5889328e5fa453004d9200ae067d9f071b81d245

SHA256
40f728ee4751e1a299b1be262c9d2ce27bd64cdc7abde97947ad4de49f683939

SHA512
0fd7a9f7bf74096ef70a82258bed95e97262283c0da57f001b827dbb9286a5ed29daa9d8fa67130051fe9f76473225db5a00b0af2f868e4a7b3772b56f10ad35

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
210fb4d267f0e04b80fd18cc2521e2c0

SHA1
c4e818d682f65604f1cdc86987b08ca08161955c

SHA256
39fbef4dd0c0bf323dda842d684fa09b4a953e9547201df9368ef9b3b14c6ca3

SHA512
ae759a41dfb304404d27ed36164a4ef4c1f045ce314d8642cbbf6440d9a4c1abff2384fafd6de32369b06b039d9df6947822982af98d42c3c5e573cbf7ce0176

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
bb0b6f0390a7a361ca13cacd9b9ee864

SHA1
5964322edb0be5db012dbee166f453fdf3d6efe3

SHA256
b260b6317313b75bd05af221a5880e4fe186a98d61d97b5874d2c140683cc0fb

SHA512
26693f57e99a79daae25a95292a8e9c76e805a109a1fe2593f09285ed4889822958a6b2c8ed3be0dda80980e21efec1befafd6c7f322f620818036f6e21396f9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a7b068921b6dcfe724a8e6599bd8ed54

SHA1
b5edbb162c5ec76552cd7e1c1a449bf476dcef91

SHA256
50e25da44f358e430077755e6c36e65ceb87377e7432a16da8a8fd028c44dfe2

SHA512
2343b760ca8c3a9a7fd01e0eb8bdb150a95a699efaabd98e13b6d15188bb50c795f7f70c5c6288a7b5301ac0e2fafb17086d93f51849ee3da1d690aedfbb00b7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c68d92c7d4b5bcb351ae0a19a49d9b1d

SHA1
c5f3ccd79ec3d89fa14157195c9d6ede392cccb6

SHA256
3d30361fd365693dca99381a8c550c42c4b86d99ad2989c630f02e96a1c0202d

SHA512
a590bcbd1945e5c189991e156785460b5424131285dd2b49a19b8bd637cedf610ee1795977d1bf06777cb82d53b7e5b8c707251c6d08b849a9475d2a0613b6ca

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b5f2d6ab8df9c9ff09800840eb14a3d3

SHA1
bb8ea9649296766d7bca69137e91ce5554e83fb4

SHA256
dfc2672703b7cd202a8ec71d86b1fd94fd4661a1d5a02e03bfad0cf79ddf3aba

SHA512
788def58bf20667bf73a88d1461eb5eaa580ec3285ac3b9f5ab12fa5c5459544cf222a6e5a9be491c27ca048c46bd7ff5506d8c47fa993b9bf747ab612177663

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c1c0c8f1f5563f64549e86909a409d37

SHA1
1a2bb26e569e3d8385d5e25c1186a44897246a81

SHA256
4944f28256650ab3527deb47606baa396851b4d93c0c85f8af044caef1f19e24

SHA512
5b548f6968e6fd3f5556cd34214a89e588593935869373f012a7450d0679ad55bcc28f2c61d5ee0105641335ccec4a5798bf0b9e52d072026faf79a8edb81c60

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
77821c925044bec50031813d4b561391

SHA1
c6eef28a8f18af85d1f5ee98952578e7603c2a36

SHA256
97044557bf1c4293fc6f7476860b4c2b69b9acc08043db95b25976c2963e8e94

SHA512
72f89bf09f7df533faf6c7478f93fd76c73390366a0dba372dcba81f61ccfc3b634878c8028e809ae64ec7bc6e69f58d863bbe887abd4f8e578cbbc3d5cffbd4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b50619a83256c3fd5db5fac646056c49

SHA1
f1307c6abcee7bca1724e078a13307c1e63b53a4

SHA256
5f1e95c17a6f3afbeb2aba4b39b930cbde28fb7b84773852d5fbf9896138dd44

SHA512
8f4af800a5e9eb1c47735ccc7623dfa35e485969269ee9b1a7865cff9c821f18402b2cb99e25fbf37d9d5db5bff38abc86a42fee6bbd1f6f023caed2271ce9c7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f12c832db13335798af41c4a707ddd3c

SHA1
46fdb190e755beeb84f182d9d73d6d1c7d958bce

SHA256
889230773c205002abc53983090d2ac1ad769420b8efb9cf42b3f1d4b97f5e13

SHA512
097ae3babf79ecf098f5beb153059a1173cea804a84bbcfff099eeb66ff5796c2e2cab9e22994ffa5f15a18e884e16c67be1b573d275766db16f53b2cd8040fe

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8e611bb2563c95fec1594ddfa6f4acc1

SHA1
d06f346ff4bed7133e021783bc3beee061d5db08

SHA256
81852437c6600d8e680b00f960ec086c6b3e116b04573c9c8800d546b9591695

SHA512
f7c16344290af72ed79b700a66d83a9fecd9df49fdd4e7ca99a1b58150787ffb5292ab91e2d66aae8d762cda49407116f6b8b330ea632db222d54f0f55e274f2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A694EFF979F014411C4C9C7FAC29FB34

Filesize
290B

MD5
44eb6d7ec8928f72ef74025b0060e93c

SHA1
b29372fed0ba06355d158e34b9f0beca2fb5914c

SHA256
f403598c5123424295955e66057e2036db26628bf2a19baa32723c218f597bda

SHA512
c9579bad8b6e02a0cad17c8db0cfd29ee5d2441b856f81b950f38fa96fbab5bb5643fc287734d0841cf9273c1dba6ecc50f0822301b6d9aed2c991e7d8e5b786

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2P314ZXV\rn-ui-passfab-1.0.0.min[2].css

Filesize
113KB

MD5
7e6078d829dbaa1d4c7336e13b8388c1

SHA1
4a178f9a7b2ce6bbb24825b9ec9fa17517229e4a

SHA256
a30ea83046f0d8a9f5984f6bd6bd3be7e3d943d80885403fc40f74367c01b376

SHA512
cbc0d30acbdd250493753835afff831951d8ab176f1adb4f4ae7f0ff459a93227c8fa346563700b069626516379e4214ee676aae8583604673767b022f7da608

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5Y4CXW2F\logo[1].ico

Filesize
3KB

MD5
87bfe0333eb7f59dd705a455f7fd8634

SHA1
70dbdf428f8429b38dbcc2b434989bdf12aa0bb0

SHA256
4321cb31da7daa87d28858a1dcdf688bd335d82633e19ee8802336b759e5b6db

SHA512
8e6ae11164c71768014ed01447318db15ea9a2b617f3a2ca85b08e2cf33c8383b394a6a8063c99ae9611d1a36907069a508cdefa56169a85590652e61212d366

Download Submit
C:\Users\Admin\AppData\Local\Temp\4ukeyforandroid_pf\4ukeyforandroid_pf_2.9.0.exe

Filesize
95.7MB

MD5
d0ee93cd2566eace750c69584cfa3bca

SHA1
d093ec906f2689450a150142ec4b80069e60664e

SHA256
0856212c7ffde1a13b008c458ed4c8bc3bf0d8479925db7cdc71eb12baf2412a

SHA512
8f9fd429e12c82cf1a7748591ec834e983ac1f7dd5568a7d5edfe2119c4001bfff6f7058e1ec39de5012756224696024e999c2bef69a3d94988c9702fff0590f

Download Submit
C:\Users\Admin\AppData\Local\Temp\4ukeyforandroid_pf\4ukeyforandroid_pf_2.9.0.exe

Filesize
95.7MB

MD5
d0ee93cd2566eace750c69584cfa3bca

SHA1
d093ec906f2689450a150142ec4b80069e60664e

SHA256
0856212c7ffde1a13b008c458ed4c8bc3bf0d8479925db7cdc71eb12baf2412a

SHA512
8f9fd429e12c82cf1a7748591ec834e983ac1f7dd5568a7d5edfe2119c4001bfff6f7058e1ec39de5012756224696024e999c2bef69a3d94988c9702fff0590f

Download Submit
C:\Users\Admin\AppData\Local\Temp\4ukeyforandroid_pf\4ukeyforandroid_pf_2.9.0.exe

Filesize
95.7MB

MD5
d0ee93cd2566eace750c69584cfa3bca

SHA1
d093ec906f2689450a150142ec4b80069e60664e

SHA256
0856212c7ffde1a13b008c458ed4c8bc3bf0d8479925db7cdc71eb12baf2412a

SHA512
8f9fd429e12c82cf1a7748591ec834e983ac1f7dd5568a7d5edfe2119c4001bfff6f7058e1ec39de5012756224696024e999c2bef69a3d94988c9702fff0590f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab48E4.tmp

Filesize
61KB

MD5
f3441b8572aae8801c04f3060b550443

SHA1
4ef0a35436125d6821831ef36c28ffaf196cda15

SHA256
6720349e7d82ee0a8e73920d3c2b7cb2912d9fcf2edb6fd98f2f12820158b0bf

SHA512
5ba01ba421b50030e380ae6bbcd2f681f2a91947fe7fedb3c8e6b5f24dce9517abf57b1cf26cc6078d4bb53bde6fcfb2561591337c841f8f2cb121a3d71661b9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar4935.tmp

Filesize
163KB

MD5
9441737383d21192400eca82fda910ec

SHA1
725e0d606a4fc9ba44aa8ffde65bed15e65367e4

SHA256
bc3a6e84e41faeb57e7c21aa3b60c2a64777107009727c5b7c0ed8fe658909e5

SHA512
7608dd653a66cd364392a78d4711b48d1707768d36996e4d38871c6843b5714e1d7da4b4cc6db969e6000cfa182bcb74216ef6823d1063f036fc5c3413fb8dcf

Download Submit
C:\Users\Admin\AppData\Local\Temp\{1058cadb-d00f-7118-fc88-a9153a481419}\ssudAdb.cat

Filesize
30KB

MD5
c737261dd3748b1851b01b6d88a89585

SHA1
94fe1bde09975085b4a464ee01846b6b3283d3f6

SHA256
0fefdbc1a0b2259cac93283ad18b16b3390a4f9e2984d6b96bf601b591f20f66

SHA512
5ccdb39fe34a9144b815109f7317a1e1bd6a78d86952a734cdaa2303255e56ed73471231acb27f256658ebd0c91d897750aa8a4305a3baa8977d9f3233465bda

Download Submit
C:\Users\Admin\AppData\Local\Temp\{1058cadb-d00f-7118-fc88-a9153a481419}\ssudadb.inf

Filesize
4KB

MD5
5b19b37f2db547aa46ae5bbb742d1a1b

SHA1
701281e8283e9e3681220099a9da5013a5a437af

SHA256
caacb8a0af03cd1756121deda00344a8a808000c6a1633ed7d520cfd22c26eb0

SHA512
c005c5b45285c90d3c82c8933ccc0237a1716ae38e6354c61c8cb97437f6ec64b7cf8a5930c81d1c5f7489d5815cab7f2a0eabeb232478917f814a15ef35bf35

Download Submit
C:\Users\Admin\AppData\Local\Temp\{29c44b0e-43ad-5e2d-ae4a-2125117c0160}\amd64\ssudmdm.sys

Filesize
208KB

MD5
37680aeca1bf2d430719a297f68ecd49

SHA1
99a25f410cc1cdba3f53b8ef9d50bb0ab6c8d8f2

SHA256
64e6a2c077316ce4807f2f480324f4011003686f698ccb0aa93c659daae1fab5

SHA512
1f95496307b9a48706d59572219f7ae55e55b47b5c0dd388001c4f12d22ed559482db77a0d460580c75290d9d30b63615585a680f8951e1c6a146bbea5819848

Download Submit
C:\Users\Admin\AppData\Local\Temp\{29c44b0e-43ad-5e2d-ae4a-2125117c0160}\ssudmdm.cat

Filesize
29KB

MD5
613ef003087cba0ef5e4672fe521078f

SHA1
0df801e371af14329b41a274d11cab3be2aff7f4

SHA256
08e5698aa190265b85b72ede336738aa67ab72db3036ed6925b838c2e3398f34

SHA512
c79c117e7628b6b0da119ff334b21ec0504296eb82ce98eb3580119ec402e3149be8b91d3f244aa2b7ec3c4f7f8f4d654694a27ae30db5d8359c146bdc5bbfa9

Download Submit
C:\Users\Admin\AppData\Local\Temp\{29c44b0e-43ad-5e2d-ae4a-2125117c0160}\ssudmdm.inf

Filesize
49KB

MD5
46ae75a7c8213cfd255693f2e5e56265

SHA1
88ed314360b98e6e82e7cc3201faeb4a9fd291b4

SHA256
4d6c35449ceb28237b3efbc8816196cce7546537a1000705e0e33b7b0c3dfc7f

SHA512
2b1bf8f7274472146203e5d6e51a5b81306c89aee5ae287ddb9c5a0bdba9b2831d1ab11fbf5a10aca6b6795b06b0ba34d70631b534b7db555474b65390e08e15

Download Submit
C:\Users\Admin\AppData\Local\Temp\{59c1bc5b-b8be-67c0-5a35-99039188227e}\amd64\WdfCoInstaller01009.dll

Filesize
1.7MB

MD5
56a6680e524fc11db3b3e18a5ed7dfef

SHA1
f6d104177b05f575aeaa15c023854917dac381fc

SHA256
249320e15d6a183cbc2f3077bcc1753fa2ab45ce07027ccd40d05face2f96042

SHA512
65865a1137e8d7cb65923aa6806fbb6797f9a2abf9cb441d191cec11426bfcc623c638925336e5b6e456f8896bb03a025caac73b50d65ff0dd5309b273d6b284

Download Submit
C:\Users\Admin\AppData\Local\Temp\{59c1bc5b-b8be-67c0-5a35-99039188227e}\amd64\WinUSBCoInstaller2.dll

Filesize
993KB

MD5
f9e8e3ea5a961c3b33fad40432f566af

SHA1
4e1f95b5f75fcc9ae4705499cf51ce52a325c947

SHA256
8bc08010c5c1d4d5af77a539536a2be71557756835ad5e310eeb44d5df792b4d

SHA512
1300a36933f20e445cdfcdfb8646370f94c5ae30034e137ab9de89c7bf45c274e45c209a4228776ea668e5afee53482e61fa5f3c2465b758ef1f7e87bcbe3edd

Download Submit
C:\Users\Admin\AppData\Local\Temp\{59c1bc5b-b8be-67c0-5a35-99039188227e}\android_general.cat

Filesize
80KB

MD5
d700af17f6b7daf62ff0e51b8ba7ed78

SHA1
da57bbf4c482d4cdf8ea87b95123c30ae620b628

SHA256
f3a741dc23f5c8948c882f888e4c6b86c2fc5c4d2107d37e87d36399b9c25137

SHA512
805b73b8d659b837cd743fa424b8f4be15c357e3af6c0e011a8942d90459b7a1bf93f1e8f7dcc313ad1fd06124ffd528e83321ce5fa4fcf9d9d4e700eff5d024

Download Submit
C:\Users\Admin\AppData\Local\Temp\{59c1bc5b-b8be-67c0-5a35-99039188227e}\android_general.inf

Filesize
2KB

MD5
3a17e20ae8879d95f89737d2d0a63dd0

SHA1
be156a27afeaea39d6a7c9d25cfa8dafaf91756b

SHA256
c57bb3a91d37b71f2ca2add50f295d44058c2d004dca6449f3c6896b5815d88f

SHA512
26bb7ba4ba0c42b01a418fdef94f10cb107a372568977e903ba26af08a8f4e3e79881fc26b5330ccbf61b0c0cc0d3571a576037c6f09f406e45229de40d3b527

Download Submit
C:\Users\Admin\AppData\Local\Temp\{63cbb227-6322-6a91-3f33-dd649aa05461}\amd64\WdfCoInstaller01007.dll

Filesize
1.4MB

MD5
48746fac9937378a0b23454fc359b8b5

SHA1
c436461f0f5e0c8e447c07d5cdb146e90b4d6319

SHA256
42990f6b90af3f71c0399a03a594961ab1967e904181bee2ed639037c23b50b2

SHA512
cad219142481b6c461f1389cd6e2801d680e2fb747bc72722f3723e5674a9eb8d59ed3e4221c81f17ed40c079685c65f9cec82a80a8db879681ce604f59d10a3

Download Submit
C:\Users\Admin\AppData\Local\Temp\{63cbb227-6322-6a91-3f33-dd649aa05461}\amd64\WinUSBCoInstaller.dll

Filesize
704KB

MD5
f3f7d0c4fc1c45d323a3cb1a8f8c9dc8

SHA1
7405a806b82c5fb059da57be0b08e6440414f6ed

SHA256
a4c04ba640d42489b2a6768a05a497984a9863116badb6c4207c298e00dd466a

SHA512
9af7368bb88d86d87f48a52e1b5c272d0e13909bc1c4fb19d31352c2053b6ae7d1124b98235f850b63c84b35245da927b1f73d79abb0deb999b20ca7a07051dd

Download Submit
C:\Users\Admin\AppData\Local\Temp\{63cbb227-6322-6a91-3f33-dd649aa05461}\android_winusb.cat

Filesize
80KB

MD5
4637fa749ec464a904dc514a654be4fe

SHA1
7ad8b58bf97c0570cf4fe4d2e81f25547d6e0916

SHA256
958d3a85eb3d63fafa805d170eefaad1baaf431fa0fc836c7c5c811a9ff79b70

SHA512
cb2fe02525b59635122abfda7d214b3f99120a6bbbff2cb8a40edafde8564ac9fe980dadf1f660d2f08452b7cae0a72be762663c4769f3b4bb863ccdc8f73df5

Download Submit
C:\Users\Admin\AppData\Local\Temp\{63cbb227-6322-6a91-3f33-dd649aa05461}\android_winusb.inf

Filesize
96KB

MD5
461bc0c9b848e1ffa52094cf9b2d29de

SHA1
70ee67fb13b2f2be1f5a57ab193643aefba8d39c

SHA256
5b02e78de9e81a9df5d8d94eb88e5045b28994b586f24f282d339905ceef5052

SHA512
8e2241c83fd9d0064849410ca2c1f17f674fd9714136a5e37729902c4a3a237cf7cb169e58d4f9d066748d11fb605845e4141b3917a25018e9a5baa51b7b1faa

Download Submit
C:\Users\Admin\AppData\Local\Temp\{64dd333f-78f7-7bad-add9-31005079d92f}\amd64\ssudbus.sys

Filesize
117KB

MD5
bc319c065335b10a5aa5938a677a60d5

SHA1
2504afcb10e538105a670c873b47656ee799d476

SHA256
6f32af2a440e763dc2add06f3422dcf3285bdfa9e69e5c3cd67a10f039b2830f

SHA512
0c19b616411af9cab7e419da8a1cda65cb3f6bfe3e82700c275d2aba97ad46ee8385909a432ff2682e811f8834c0159b2d0b332eeacd6d4f067d993720cd303d

Download Submit
C:\Users\Admin\AppData\Local\Temp\{64dd333f-78f7-7bad-add9-31005079d92f}\amd64\ssudqcfilter.sys

Filesize
54KB

MD5
bc0e0f5e7cc6b5a4c1eb406ae2b6c85b

SHA1
0f812245bff2f40f7eba2fa3f1d0e68de54d3354

SHA256
3eb684f76a6ffb2c7a6f52f4efb70d5c0e500cce4c88706f10cdff1a06faac83

SHA512
2c3e22b98d8d5c561b306751d07d75f93f0b8081bc2ac731af79e4a07da8c4e3b4774164eacfd05a9fb379a7d220808735eb78143662b78731e66958d8366a4d

Download Submit
C:\Users\Admin\AppData\Local\Temp\{64dd333f-78f7-7bad-add9-31005079d92f}\ssudbus.cat

Filesize
30KB

MD5
e2abd1060f2b4b2a3946208f20a2a05d

SHA1
6ecc41b90dc29eb5f3b5b3471b5b357ebe56d45a

SHA256
a0906ecad6bf8cd05bd5b73077ab5c228bcaa529e54f290b6fd72f40609a47af

SHA512
7db9e69ca4bab295cd2662665259a1911091700102fabfd02f53dc1c3e1887157da1d0f7a31ee4ee8fcec6a788380095d0282b6d0e50b862a53a0e5e1d12d13c

Download Submit
C:\Users\Admin\AppData\Local\Temp\{64dd333f-78f7-7bad-add9-31005079d92f}\ssudbus.inf

Filesize
12KB

MD5
e9553abb6404746c5a3f144447eefb79

SHA1
85a33267f12961af9ed9ae799deda5e62bea236f

SHA256
61e0b4d0b8d4d854fe0b3064eb799bb917947d431227f32d4e4e2fc6063dac2e

SHA512
dd811c54513cc01ff0f9ee802549262a54b74cce203332f200c1b7ec4880589cb50e1f5c9d4cd4b6e9d7d1c0c3316e070982b6aa7f29f76df7a07656a184092f

Download Submit
C:\Users\Admin\AppData\Local\Temp\~DFD68ECD0BEB27351F.TMP

Filesize
16KB

MD5
c1ba19bcfba89a6fd57eb4f054b1f8b8

SHA1
eed6d36e2ad8573bb74de1dfbe4ef2289e890053

SHA256
6a601af3305693abaaf2164f7c705e59c02c424e6dee2ab5b2403d32c1d94d31

SHA512
9697e0cdbecc164b77771720ffddcf9a3972049e27e6879014c34cd239c1ff967a12088443aa737287c0870c1c682d5447fd8834e3be2f30577fa06825d7b058

Download Submit
C:\Windows\System32\catroot2\dberr.txt

Filesize
194KB

MD5
bbdd7fd9f3f73f68a2c95c0dde01aff4

SHA1
cb2e16b23ea59275492f64d647d51a249b598924

SHA256
283a187f94f47af2251ff53756fc08bbe9f5590c1b1681ad1334e8ff120cd0a6

SHA512
71acff4480adbb0ad18305e7ea40ecca5a3ac23220fc311485803edec8d16a214c7cc4e04b3bd193782e2657eea01eeeafd56f7cc30d77232b9c77a56fbb2385

Download Submit
C:\Windows\Temp\CabACC5.tmp

Filesize
29KB

MD5
d59a6b36c5a94916241a3ead50222b6f

SHA1
e274e9486d318c383bc4b9812844ba56f0cff3c6

SHA256
a38d01d3f024e626d579cf052ac3bd4260bb00c34bc6085977a5f4135ab09b53

SHA512
17012307955fef045e7c13bf0613bd40df27c29778ba6572640b76c18d379e02dc478e855c9276737363d0ad09b9a94f2adaa85da9c77ebb3c2d427aa68e2489

Download Submit
C:\Windows\Temp\TarACD8.tmp

Filesize
81KB

MD5
b13f51572f55a2d31ed9f266d581e9ea

SHA1
7eef3111b878e159e520f34410ad87adecf0ca92

SHA256
725980edc240c928bec5a5f743fdabeee1692144da7091cf836dc7d0997cef15

SHA512
f437202723b2817f2fef64b53d4eb67f782bdc61884c0c1890b46deca7ca63313ee2ad093428481f94edfcecd9c77da6e72b604998f7d551af959dbd6915809c

Download Submit
C:\tenorshare\adb\adb_usb.ini

Filesize
312B

MD5
ef9926e7a8bea56f7c3bfe05f1b18973

SHA1
636e12906e4704c870efa7cfc2e07113f0a53323

SHA256
4b5e5d4029d3a60d0712e754d426dd144b6cf1224dbae8a3280db223f9eada9d

SHA512
a3d5416de0a474d7255a1efd31736ff75ddab6b37541f1ccbbe0ee3bbc5d56ce5890dba1cc267af56097b3c30117ca90bb703678760785c50731bfcaf47681fa

Download Submit
C:\tenorshare\adk\drivers\SAMSUNG_Android.cat

Filesize
18KB

MD5
3a1b808695e771a5c5862847975110cd

SHA1
fa55750486e20a03ea2104c18f7a9e15889a640a

SHA256
3561a45cb01351ac80e7128c884bc610f2d38990d5b996596272e555dd0ce0e6

SHA512
44c043f8ac7dae6edc65b5e2f86c19037b74eded6d60115445b131c06daf179f39d27e0e3d2848e286f7479c4e5d99966187053d19ff0a89c07b509946b3a41f

Download Submit
C:\tenorshare\adk\drivers\SAMSUNG_Android.inf

Filesize
7KB

MD5
df483136fa23957c63d59a38abc2d9bb

SHA1
69eacccc5fa674cf5fe0daf9078bfa56a574cc24

SHA256
084747988d360ae9c9b88cac88a71e0e16c5b4e317219e799a320097a39f51c5

SHA512
cb6b12ec3f50f7cf55ac11a91ccb3e323878cf7d4508fb040e513dc8dbf9f3f0189534041747123a86a2aacfdaa4632715e153e7792579260e03969719d82f35

Download Submit
C:\tenorshare\adk\drivers\amd64\WdfCoInstaller01009.dll

Filesize
1.6MB

MD5
4da5da193e0e4f86f6f8fd43ef25329a

SHA1
68a44d37ff535a2c454f2440e1429833a1c6d810

SHA256
18487b4ff94edccc98ed59d9fca662d4a1331c5f1e14df8db3093256dd9f1c3e

SHA512
b3d73ed5e45d6f2908b2f3086390dd28c1631e298756cee9bdf26b185f0b77d1b8c03ad55e0495dba982c5bed4a03337b130c76f7112f3e19821127d2cf36853

Download Submit
C:\tenorshare\adk\drivers\amd64\libusb0.sys

Filesize
51KB

MD5
c7d21310ea0a644aa6394de1e46e3d31

SHA1
38a4a10cd3868e4a7874ba633c7b13c13de3f33c

SHA256
597f27a2696f945fd6388ca62d5ee98e44694f477f57ef8a68c2151b2276e838

SHA512
1cb3279c156773579005733710a25aa317b3a3a08a69dd5b2729b80a0ca5fc35a4f547666598d1151503754539f7a7109bb4ad603af84a1d2e4a7635d5cf7a8c

Download Submit
C:\tenorshare\adk\drivers\amd64\libusbK.dll

Filesize
232KB

MD5
97470a3e5505f6fdec57fa1e4126052e

SHA1
c6081de4dd374cb7f03d2c52d2a9eb28fe92fefd

SHA256
fe26c89b5851b3807b9000cf2ffd6e4083e2f567a4019b5a57aeb9b976064cf0

SHA512
2af7f9e98f2764b9d4e7b1e16d91588c289d4fdeb2a273370e0814d541aad40d47f6725b9341a59c02064ef9b08a3ab5f5e442373fbd463346de24bad3a4f38b

Download Submit
C:\tenorshare\adk\drivers\amd64\libusbK.sys

Filesize
46KB

MD5
ada2d34031c8981d8a31089733ebff0d

SHA1
133e460cf09a25e07c669db850e61bb5e8ec572d

SHA256
0f86090e2493b77ef3c2169c6b573306685606341519fe3f99ee09bfa12bdf5d

SHA512
361bdef7546dc5da84e972b04f43c85e1532d539e15c78207ed70729d09f92ad8d09cd63aaf33918ea5a6c37c6fee6067d729ede4b17394e432d987b3e3533c1

Download Submit
C:\tenorshare\adk\drivers\amd64\winusbcoinstaller2.dll

Filesize
979KB

MD5
246900ce6474718730ecd4f873234cf5

SHA1
0c84b56c82e4624824154d27926ded1c45f4b331

SHA256
981a17effddbc20377512ddaec9f22c2b7067e17a3e2a8ccf82bb7bb7b2420b6

SHA512
6a9e305bfbfb57d8f8fd16edabef9291a8a97e4b9c2ae90622f6c056e518a0a731fbb3e33a2591d87c8e4293d0f983ec515e6a241792962257b82401a8811d5c

Download Submit
C:\tenorshare\adk\drivers\license\WinUSB\license.rtf

Filesize
148KB

MD5
0e36781bb0f25fe141f3fd13e733de6a

SHA1
fdbd8c2ae37169d4eed84cd1adf4e4a8b666e561

SHA256
749f67297cd87fc45d0986e3fe9ff0977a80f80d63188885816bc6f9324892c0

SHA512
6264de32c517be4fbb2872d18e77a0f0b078142acf344e6180b7e54399654354f82052f66a4f1d2e9f332bfdf1b1ea644599fc298a078786584d4c32d02d9be0

Download Submit
C:\tenorshare\adk\drivers\license\libusb0\installer_license.txt

Filesize
43KB

MD5
3f886ccce73c834d0ba9a07b89a5adad

SHA1
9a88c6dcf2d6c77cb13da92c956cc0fd23882e7d

SHA256
49a8af4fc09a41b51744b936c9e7700001020f3c5ac4476d87767c6fc3ca2a1c

SHA512
12e2de91ea28d09db246d22a0fc9c8ba04c6a1af6722c8a933556ad9ec6200770dfd828b6e43f4821afb258e9122de41d4aa42ad912b4e0c7f26101a1115b94e

Download Submit
C:\tenorshare\adk\drivers\x86\WdfCoInstaller01009.dll

Filesize
1.4MB

MD5
a9970042be512c7981b36e689c5f3f9f

SHA1
b0ba0de22ade0ee5324eaa82e179f41d2c67b63e

SHA256
7a6bf1f950684381205c717a51af2d9c81b203cb1f3db0006a4602e2df675c77

SHA512
8377049f0aaef7ffcb86d40e22ce8aa16e24cad78da1fb9b24edfbc7561e3d4fd220d19414fa06964692c54e5cbc47ec87b1f3e2e63440c6986cb985a65ce27d

Download Submit
C:\tenorshare\adk\drivers\x86\libusb0.sys

Filesize
41KB

MD5
b716d4d759663bc4174fd0a379da8e50

SHA1
d3ec6dc9a60548754f78079b3454827acd7fb210

SHA256
cf05e87ab212a0f8a6f3e675448de1637042527a32b086651c27597501ee833c

SHA512
c43713dee7082df3d6d172d88c21d16722373e1cc1d60b01e00c9fd4ef84e8ae52356a5296d43193034a8b39b92b871d37b4192a1737b1e03de22fd09522ee46

Download Submit
C:\tenorshare\adk\drivers\x86\libusbK.sys

Filesize
40KB

MD5
3081c6c34049d16d519b3b23776312e3

SHA1
d213d5b2ff59819c326083083d4c5a2775ef4334

SHA256
0dc8fe163846582e710281d30193ade4f312e49b8808feec7b1bc0f526c3a75a

SHA512
5df4f0e7566a0dfb000f52f6c3d1939f9930f02f23263995d7e36bfa2fe5b7f85668fdb0bb40042228e8e336f6e249accc2d06fa867f85571e0c2f5b31e78224

Download Submit
C:\tenorshare\adk\drivers\x86\winusbcoinstaller2.dll

Filesize
831KB

MD5
8e7b9f81e8823fee2d82f7de3a44300b

SHA1
1633b3715014c90d1c552cd757ef5de33c161dee

SHA256
ebe3b7708dd974ee87efed3113028d266af87ca8dbae77c47c6f7612824d3d6c

SHA512
9ae37b2747589a0eb312473d895ef87404f4a395a27e15855826a75b4711ea934ca9a2b289df0abe0a8825dec2d5654a0b1603cf0b039fe25662359b730ce1a9

Download Submit
\Program Files (x86)\PassFab\PassFab Android Unlock\AppService.dll

Filesize
191KB

MD5
973e3fa128000bdb35852169183f32bf

SHA1
02aa017261bf5d4a95388a981ae8769517875778

SHA256
9f5c02f47c2ed9449690a75581e75c333e59935dc0a5962f3117585507153e07

SHA512
53c05aa36877113003662234dd0b1319dd23ccfba6101b25acb96772896a9c724a4d266d8b5eb2b490b453d5b6c1fbf823593b12d8ca3056107b98bf4fac6ccc

Download Submit
\Program Files (x86)\PassFab\PassFab Android Unlock\AppService.dll

Filesize
191KB

MD5
973e3fa128000bdb35852169183f32bf

SHA1
02aa017261bf5d4a95388a981ae8769517875778

SHA256
9f5c02f47c2ed9449690a75581e75c333e59935dc0a5962f3117585507153e07

SHA512
53c05aa36877113003662234dd0b1319dd23ccfba6101b25acb96772896a9c724a4d266d8b5eb2b490b453d5b6c1fbf823593b12d8ca3056107b98bf4fac6ccc

Download Submit
\Program Files (x86)\PassFab\PassFab Android Unlock\DownloadDemo.dll

Filesize
62KB

MD5
d209b68a331292711c3c5782e7c5dbac

SHA1
06bfdae293687eef52c976388879af97c41c9496

SHA256
2a6d4733f01a2d09555fb5823548c1755a6a1ac26372784664200c2dabdb610e

SHA512
422dd9c4857cf68c694086662624d1524843293fa4bcf07c51c2d31d2e39ba0ebd677aafd087e659dae6e1764963fd8382756e20cc7d54108453a01230ddeeaa

Download Submit
\Program Files (x86)\PassFab\PassFab Android Unlock\DownloadDemo.dll

Filesize
62KB

MD5
d209b68a331292711c3c5782e7c5dbac

SHA1
06bfdae293687eef52c976388879af97c41c9496

SHA256
2a6d4733f01a2d09555fb5823548c1755a6a1ac26372784664200c2dabdb610e

SHA512
422dd9c4857cf68c694086662624d1524843293fa4bcf07c51c2d31d2e39ba0ebd677aafd087e659dae6e1764963fd8382756e20cc7d54108453a01230ddeeaa

Download Submit
\Program Files (x86)\PassFab\PassFab Android Unlock\PassFabAndroidUnlock.exe

Filesize
19.7MB

MD5
b2087c38700d6381c0f35d1931f2663a

SHA1
a69f9756ba25de9aa64690b9f52d1cbb7525c2bd

SHA256
cb203a4164932e188a2c2340579ffffad840a2d4e64fe711c4f8af23ad46d67e

SHA512
10e30325140ff002454b93fe5ab943d72713e12b4481bd880e82533c2c8fd15acb00d127572b197eec66a871eb77ea35b1d0bee8822a9cb1e9b0341c68098621

Download Submit
\Program Files (x86)\PassFab\PassFab Android Unlock\RepairDeviceDll.dll

Filesize
84KB

MD5
3530de798aed636e70d5940a78984e99

SHA1
a16a21795634cbef4d828397168ca6a78083334e

SHA256
df2f9b25b8a7480a5fe1b026950a37e7d9653b44f189d6894d15767d7a8c89ec

SHA512
dca7cd3540dafa442fad24c6523990837b86b782be1c2bdcf914819892b9748268463dd5d290eda99b57eddd3228181c32de0b73abd3ccacdd6b09add6f71981

Download Submit
\Program Files (x86)\PassFab\PassFab Android Unlock\RepairDeviceDll.dll

Filesize
84KB

MD5
3530de798aed636e70d5940a78984e99

SHA1
a16a21795634cbef4d828397168ca6a78083334e

SHA256
df2f9b25b8a7480a5fe1b026950a37e7d9653b44f189d6894d15767d7a8c89ec

SHA512
dca7cd3540dafa442fad24c6523990837b86b782be1c2bdcf914819892b9748268463dd5d290eda99b57eddd3228181c32de0b73abd3ccacdd6b09add6f71981

Download Submit
\Program Files (x86)\PassFab\PassFab Android Unlock\RepairDeviceDll.dll

Filesize
84KB

MD5
3530de798aed636e70d5940a78984e99

SHA1
a16a21795634cbef4d828397168ca6a78083334e

SHA256
df2f9b25b8a7480a5fe1b026950a37e7d9653b44f189d6894d15767d7a8c89ec

SHA512
dca7cd3540dafa442fad24c6523990837b86b782be1c2bdcf914819892b9748268463dd5d290eda99b57eddd3228181c32de0b73abd3ccacdd6b09add6f71981

Download Submit
\Program Files (x86)\PassFab\PassFab Android Unlock\Start.exe

Filesize
5.0MB

MD5
f630b60e7f15fc64b6572d4da2b0f280

SHA1
4d1b3782aa2d600d6acaa2a43eb2a97ee35fbe3b

SHA256
6367979c9d6b11b7e8cb4f5cecf01f1d52b32d293acdcefd33dbad99743ab6d8

SHA512
d075202a723d5496f588975dae89fa9b6e4ad379b01204e3330c493a160ab998a8fddcab909c20b50b7abe69a73379e88430605ec6e39ebe22a8ac4bc55d3a40

Download Submit
\Program Files (x86)\PassFab\PassFab Android Unlock\Start.exe

Filesize
5.0MB

MD5
f630b60e7f15fc64b6572d4da2b0f280

SHA1
4d1b3782aa2d600d6acaa2a43eb2a97ee35fbe3b

SHA256
6367979c9d6b11b7e8cb4f5cecf01f1d52b32d293acdcefd33dbad99743ab6d8

SHA512
d075202a723d5496f588975dae89fa9b6e4ad379b01204e3330c493a160ab998a8fddcab909c20b50b7abe69a73379e88430605ec6e39ebe22a8ac4bc55d3a40

Download Submit
\Program Files (x86)\PassFab\PassFab Android Unlock\TS.MvvmLight.dll

Filesize
555KB

MD5
060b24fa4eb37f7565da7ddd49f0a9ba

SHA1
651f26f2147dbd0366a9013b9aa7995a17e923e6

SHA256
d59c876621c0b935cdcbd1bfa633adb24d326375648e1593bfef5e4cf1305daa

SHA512
6f32e284191b5017188367bfffc70751e60b6dd9de12dd6e46ab01e0aaa69040e25d6c75b18e3fbee943b1f14202fb54768678b0e62d2d4a54332dcd3f824da7

Download Submit
\Program Files (x86)\PassFab\PassFab Android Unlock\TS.MvvmLight.dll

Filesize
555KB

MD5
060b24fa4eb37f7565da7ddd49f0a9ba

SHA1
651f26f2147dbd0366a9013b9aa7995a17e923e6

SHA256
d59c876621c0b935cdcbd1bfa633adb24d326375648e1593bfef5e4cf1305daa

SHA512
6f32e284191b5017188367bfffc70751e60b6dd9de12dd6e46ab01e0aaa69040e25d6c75b18e3fbee943b1f14202fb54768678b0e62d2d4a54332dcd3f824da7

Download Submit
\Program Files (x86)\PassFab\PassFab Android Unlock\TS.UI.dll

Filesize
354KB

MD5
5d5d7a234e8fb09a91b796e634606c10

SHA1
7b6c25f25f9a99e97ca4b40410aa9948df9b2d4e

SHA256
62d8b2ef40b4d9e0d5adac5745b705f8555d331a7aeb82242aeec4efbe900e29

SHA512
1c6c079be186f41923ce30ab67a5a0f8c059f344d936a4860b84bf46a713695f5c0a2e6ff89c52f251a0cdd0f188b1d5e4010a8803f86a7611107851985168d4

Download Submit
\Program Files (x86)\PassFab\PassFab Android Unlock\TS.UI.dll

Filesize
354KB

MD5
5d5d7a234e8fb09a91b796e634606c10

SHA1
7b6c25f25f9a99e97ca4b40410aa9948df9b2d4e

SHA256
62d8b2ef40b4d9e0d5adac5745b705f8555d331a7aeb82242aeec4efbe900e29

SHA512
1c6c079be186f41923ce30ab67a5a0f8c059f344d936a4860b84bf46a713695f5c0a2e6ff89c52f251a0cdd0f188b1d5e4010a8803f86a7611107851985168d4

Download Submit
\Program Files (x86)\PassFab\PassFab Android Unlock\api-ms-win-core-file-l1-2-0.dll

Filesize
11KB

MD5
00d8b4bed48a1bb8a0451b967a902977

SHA1
f10ef17bda66d7cab2840d7f89c6de022a7b3ff2

SHA256
568d7f8551d8b4199db3359d5145bc4cb01d6d2f1347547f47967eb06a45c3b5

SHA512
e248cbc06fc610f315d7efcadb39b5cb85dfe5d40858768d5aea8d41b3b4b23eafe0db2b38cce362fd8ba8bc5eb26e9b2dddc00e2e8615395bca818ecfe0decc

Download Submit
\Program Files (x86)\PassFab\PassFab Android Unlock\api-ms-win-core-file-l2-1-0.dll

Filesize
11KB

MD5
534483b0f4a1924b1ae6d7e66b4a4926

SHA1
4e954316acd216007f4a0225b138e0c0a04fbbed

SHA256
c1bca1bb524c5ae3d877a099f469b6fc34288bab26ae7a7f4fc47cd869f4958d

SHA512
cfad2ddf8a9ad67e36e978726d8a12ca26b180f73122b2e8d19a83f73028a050d9f418e7525f576cc3a9601b3369d4494dddbde620b4011b7ca8a7ec4b0d1b12

Download Submit
\Program Files (x86)\PassFab\PassFab Android Unlock\api-ms-win-core-localization-l1-2-0.dll

Filesize
13KB

MD5
73483cbc229c62e129627adbf62b0ffe

SHA1
074ce67665c86355d3218b5e3ea4b1b335095af8

SHA256
13471eb84db95f8270398ef1deb29f0ea024db17e331497545c36eea7b2a3a7c

SHA512
92f06cb8971e29da7607c6b1d1377f21c7e6f0e4a169aaa08326038d5cdb09422b91f4f2d26a7978521e0edbb9cf1235e583f2910048c917ccef8d12c5e1166a

Download Submit
\Program Files (x86)\PassFab\PassFab Android Unlock\api-ms-win-core-processthreads-l1-1-1.dll

Filesize
11KB

MD5
7016bf365a155d29f01a000942a017ef

SHA1
47e25b97af56edbdd20ca72bba994c6bcf1b81e6

SHA256
b5f815d0a41add7fd9593036a8e6843fcc221298fefd61808f960eed3cc19830

SHA512
2cd7e88717a2d81811ce03990737888b8a1e9e351dcdad401ffe5924bdf97be086bd766a1a5b25411b760cbf81b68bebd94d915100b6bc1310360813af11f827

Download Submit
\Program Files (x86)\PassFab\PassFab Android Unlock\api-ms-win-core-synch-l1-2-0.dll

Filesize
11KB

MD5
9efdffac1d337807b52356413b04b97b

SHA1
2590bd486abce24312066285fa1c1feaf8332fe0

SHA256
e1a87d7d01e2376dde81a16658915ccf2ecb692739fef09adfb962523756e22d

SHA512
b3c164e50d48a78bd08cf365e02e263b97ec2dd3efcf04914c8677c838e10be23df5178a8618e3f2a6feb6faa2bb74eaf069e7e2db7c6e6fd9d0137dcffbcead

Download Submit
\Program Files (x86)\PassFab\PassFab Android Unlock\api-ms-win-core-timezone-l1-1-0.dll

Filesize
11KB

MD5
42c72d838c34e4e7164c578a930b8fc7

SHA1
82d02cb090eb6d81a1499189e4d3e6b82aa60061

SHA256
f1667bbda1b58fc688b422fd2f9f7040919c4ababe00a4be78b258cae2dfc3d3

SHA512
1020d6010dca512adbc18f44b6453a974a200766013c39f6cb1cd0a72234a241c73587c929f1d0fcadf90c3eb71264086167f05bd7ebceb5b944f4e4a0811d92

Download Submit
\Program Files (x86)\PassFab\PassFab Android Unlock\api-ms-win-crt-convert-l1-1-0.dll

Filesize
15KB

MD5
5c6fd1c6a5e69313a853a224e18a7fac

SHA1
10bae352f09b214edef2dc6adcb364c45fafdbec

SHA256
3aa0eb4c47ac94b911f1a440324d26eee8ddf99557a718f0905bfee3cf56255f

SHA512
08c2b1150f6bf505d10085a515bbfab6c1e18663c6ef75ec988727e3d30210532d03bfbfbb048b1a843d4faa5d1060f9079e018a9e892bce03f899a5a85f6034

Download Submit
\Program Files (x86)\PassFab\PassFab Android Unlock\api-ms-win-crt-heap-l1-1-0.dll

Filesize
12KB

MD5
a51cfb8cf618571215eeba7095733b25

SHA1
db4215890757c7c105a8001b41ae19ce1a5d3558

SHA256
6501894e68a3871962731282a2e70614023ec3f63f600f933ec1785400716ce1

SHA512
9ae11ab21486dea1aba607a4262f62678c5b0e9f62b6a63c76cfdc7698d872d8696ffb1aaae7aa2e2cf02c1c7eaa53d0ce503432960f4be6886fae0de2659535

Download Submit
\Program Files (x86)\PassFab\PassFab Android Unlock\api-ms-win-crt-locale-l1-1-0.dll

Filesize
11KB

MD5
8d097aa5bec8bdb5df8f39e0db30397c

SHA1
56f6da8703f8cdd4a8e4a170d1a6c0d3f2035158

SHA256
42c235914844ce5d1bb64002fca34a776ae25ee658fc2b7b9da3291e5def7d4d

SHA512
a891536e2a362fc73472fa7f5266ce29e8036959701bc0862f2b7ea5865dcd1505615edc8e064fb2f7aaa1b129e48422efe7b933b01faed9c2afadd8a64452dc

Download Submit
\Program Files (x86)\PassFab\PassFab Android Unlock\api-ms-win-crt-math-l1-1-0.dll

Filesize
21KB

MD5
ab87bdae2f62e32a533f89cd362d081c

SHA1
40311859dd042a7e392877364568aad892792ba9

SHA256
0439703e47c8fce1f367f9e36248a738db6abcd9f2dd199cb190d5e59ed46978

SHA512
dbe0073da8979f3d32204680015b60435226840e732b5df964dbeeb7920c0bc5df92d866964f905518c97cc3539f628664503ffa64e50a2ef90c459b62555444

Download Submit
\Program Files (x86)\PassFab\PassFab Android Unlock\api-ms-win-crt-multibyte-l1-1-0.dll

Filesize
19KB

MD5
169e20a74258b182d2cdc76f1ae77fc5

SHA1
fce3f718e6de505ac910cb7333a03a2c6544f654

SHA256
224f526871c961615de17b5d7f7bbef2f3a799055cab2c8e3447b43c10c25372

SHA512
0881c8704421a5f6e51abd22c55608dd7fb678491682ce86066e068b1973ebf11d6c2163be610a49f87e800c8563ebb41abfe36e1913d7d0b8485fd29ed81bf7

Download Submit
\Program Files (x86)\PassFab\PassFab Android Unlock\api-ms-win-crt-runtime-l1-1-0.dll

Filesize
15KB

MD5
49363f3cf4671baa6be1abd03033542f

SHA1
e58902a82df86adf16f44ebdc558b92ad214a979

SHA256
505d2bde0d4d7cd3900a9c795cb84ab9c05208d6e5132749ab7c554ccd3c0fcc

SHA512
98e78a607cfbb777237dc812f468ec7a1abcba9472e20a5780dfc526f7992da1841fcd9e2f76f20fa161240007f185c7fbdc120fb4c3c1f2b90fdad5913d65dd

Download Submit
\Program Files (x86)\PassFab\PassFab Android Unlock\api-ms-win-crt-stdio-l1-1-0.dll

Filesize
17KB

MD5
be16965acc8b0ce3a8a7c42d09329577

SHA1
6ac0f1e759781c7e5342b20f2a200a6aab66535e

SHA256
fcd55331cc1f0ff4fb44c9590a9fb8f891b161147a6947ce48b88bf708786c21

SHA512
7ba55fa204d43c15aca02031f584b3396bb175365dad88e4047b8a991f1f1ddd88d769e4d8cb93ee0ed45e060a1156e953df794f9cb8bb687c84c4a088da2edf

Download Submit
\Program Files (x86)\PassFab\PassFab Android Unlock\api-ms-win-crt-string-l1-1-0.dll

Filesize
17KB

MD5
3eae6d370f2623b37ec39c521d1f1461

SHA1
86d43e2e69b2066333e4afa28a27c7a74ff89991

SHA256
ce74bdc6999d084a1b44b2ecea42dd28849b2825d7779effdc4c18360308b79b

SHA512
30b2b6cf5cd1bbdf68de048e6d992133fe7ab0c847fa0d5eb8c681a9688d60794621a40178451a104036a0fff2e1bd66a18d9f96be6b28dbdc0bc1c8a535fc85

Download Submit
\Program Files (x86)\PassFab\PassFab Android Unlock\api-ms-win-crt-time-l1-1-0.dll

Filesize
13KB

MD5
a440776e10098f3a8ef1c5eaca72958e

SHA1
7b8662714f6e44fb29a4224a038e4127964003e9

SHA256
40d8bc312ac7bca072703e5f0852228cde418f89ba9ad69551aa7a80a2b30316

SHA512
b043cd020d184a239510b2607c94210dc5fdc5d2a2b9285836bdce8934cc86a1cc3f47a2f520b15db84f755ac2e7c67e0247099648d292bbd5fb76f683d928df

Download Submit
\Program Files (x86)\PassFab\PassFab Android Unlock\msvcp140.dll

Filesize
446KB

MD5
b33902774ce0eded02b0cf1b54622736

SHA1
05c4ffb6b9b9ba8a56b7a3187b7d100ab20fe8d5

SHA256
8cabbd2ad374da8e58374c6915592d217966e7ea7e0d4038aa21a2d92a5a0612

SHA512
bb7b40d3907ec7d96ed2827067b9b727bf8cc660be21d8aa40267ed25c44bf06b54654af669c5a47dbb321b3d46275780c00fffbc15a7af0c5bee03bdc3d1988

Download Submit
\Program Files (x86)\PassFab\PassFab Android Unlock\ucrtbase.dll

Filesize
1.1MB

MD5
b9820b010d39c3f0d5ec277d54b37fbf

SHA1
b2f704ade582bd498224bd84dfd8ec5a4efc2fb1

SHA256
de3f497d6da0b5b8ce3785d4ea1e587c50f1cae356226ffa3416fa43ef8a8503

SHA512
abd3c0f7d733d2537df5aed4b1327aa8988b823bc654528f1b206cd5b454c57bd0d004092a90dbb20d7109a24591669d3602d9e28c435ec815dd21efaa8cb2b7

Download Submit
\Program Files (x86)\PassFab\PassFab Android Unlock\unins000.exe

Filesize
1.6MB

MD5
f5eb76b967303c6a9b2d19a27d1ae106

SHA1
14c0c7c190a51a0d960d9f66c1cffa3442e9cc6d

SHA256
079575cbf12fe68a7127063ad6d9a6fd701c543ea165e3b03bfca6e0e374fc14

SHA512
5b30e71ae7346ec9cdcd05c2e50e7bbdb456b89c61bc20774c3b2519d41d869b45ccda74165cf3238bae7164c3313e707c44615649cf31c38cd19d80ed1ead2a

Download Submit
\Program Files (x86)\PassFab\PassFab Android Unlock\vcruntime140.dll

Filesize
80KB

MD5
e79ef25890b214b13a7473e52330d0ec

SHA1
e47cbd0000a1f6132d74f5e767ad91973bd772d8

SHA256
7a114a9c1ca86e532d7f38e81c48f24ef2bfe6084f6056b3d4c3566ba43003d6

SHA512
dabed378fccfabc10486747fc70cf51a4fcc5b88f869c8a2fa4df30caa83a3af086c89e23806b7a291756da957a97c80a9b834a05e1d8ee7bd5c7159458c537a

Download Submit
\Users\Admin\AppData\Local\Temp\4ukeyforandroid_pf\4ukeyforandroid_pf_2.9.0.exe

Filesize
95.7MB

MD5
d0ee93cd2566eace750c69584cfa3bca

SHA1
d093ec906f2689450a150142ec4b80069e60664e

SHA256
0856212c7ffde1a13b008c458ed4c8bc3bf0d8479925db7cdc71eb12baf2412a

SHA512
8f9fd429e12c82cf1a7748591ec834e983ac1f7dd5568a7d5edfe2119c4001bfff6f7058e1ec39de5012756224696024e999c2bef69a3d94988c9702fff0590f

Download Submit
memory/1584-2774-0x0000000000400000-0x000000000059C000-memory.dmp

Filesize
1.6MB

Download
memory/1584-2729-0x0000000000400000-0x000000000059C000-memory.dmp

Filesize
1.6MB

Download
memory/1584-526-0x0000000000400000-0x000000000059C000-memory.dmp

Filesize
1.6MB

Download
memory/1584-527-0x0000000000240000-0x0000000000241000-memory.dmp

Filesize
4KB

Download
memory/1584-384-0x0000000000400000-0x000000000059C000-memory.dmp

Filesize
1.6MB

Download
memory/1584-227-0x0000000000240000-0x0000000000241000-memory.dmp

Filesize
4KB

Download
memory/2084-222-0x0000000000400000-0x0000000000496000-memory.dmp

Filesize
600KB

Download
memory/2084-385-0x0000000000400000-0x0000000000496000-memory.dmp

Filesize
600KB

Download
memory/2084-2775-0x0000000000400000-0x0000000000496000-memory.dmp

Filesize
600KB

Download
memory/2184-221-0x0000000000400000-0x000000000086A000-memory.dmp

Filesize
4.4MB

Download
memory/2184-357-0x0000000000400000-0x000000000086A000-memory.dmp

Filesize
4.4MB

Download
memory/2184-175-0x0000000000400000-0x000000000086A000-memory.dmp

Filesize
4.4MB

Download
memory/2184-164-0x0000000000400000-0x000000000086A000-memory.dmp

Filesize
4.4MB

Download
memory/2184-163-0x0000000000400000-0x000000000086A000-memory.dmp

Filesize
4.4MB

Download
memory/2184-0-0x0000000000400000-0x000000000086A000-memory.dmp

Filesize
4.4MB

Download
memory/2184-2788-0x0000000000400000-0x000000000086A000-memory.dmp

Filesize
4.4MB

Download
memory/2184-2789-0x0000000000400000-0x000000000086A000-memory.dmp

Filesize
4.4MB

Download
memory/2216-2851-0x000000000DB90000-0x000000000DC3A000-memory.dmp

Filesize
680KB

Download
memory/2216-3054-0x000000006A1A0000-0x000000006AAB8000-memory.dmp

Filesize
9.1MB

Download
memory/2216-2919-0x0000000007120000-0x0000000007182000-memory.dmp

Filesize
392KB

Download
memory/2216-2933-0x0000000000270000-0x00000000002B0000-memory.dmp

Filesize
256KB

Download
memory/2216-3253-0x00000000072B0000-0x00000000072BA000-memory.dmp

Filesize
40KB

Download
memory/2216-3256-0x00000000072B0000-0x00000000072BA000-memory.dmp

Filesize
40KB

Download
memory/2216-2850-0x0000000000B00000-0x0000000000B14000-memory.dmp

Filesize
80KB

Download
memory/2216-2852-0x0000000005B30000-0x0000000005B74000-memory.dmp

Filesize
272KB

Download
memory/2216-2853-0x0000000003660000-0x0000000003670000-memory.dmp

Filesize
64KB

Download
memory/2216-2854-0x0000000005AE0000-0x0000000005AE6000-memory.dmp

Filesize
24KB

Download
memory/2216-2855-0x0000000000270000-0x00000000002B0000-memory.dmp

Filesize
256KB

Download
memory/2216-2856-0x0000000007E40000-0x0000000007E86000-memory.dmp

Filesize
280KB

Download
memory/2216-2857-0x0000000000270000-0x00000000002B0000-memory.dmp

Filesize
256KB

Download
memory/2216-2858-0x000000000DD90000-0x000000000DDEA000-memory.dmp

Filesize
360KB

Download
memory/2216-2859-0x0000000013910000-0x00000000139C2000-memory.dmp

Filesize
712KB

Download
memory/2216-2860-0x00000000139D0000-0x0000000013A8E000-memory.dmp

Filesize
760KB

Download
memory/2216-2861-0x0000000013440000-0x000000001346B000-memory.dmp

Filesize
172KB

Download
memory/2216-3687-0x0000000000270000-0x00000000002B0000-memory.dmp

Filesize
256KB

Download
memory/2216-2812-0x00000000007A0000-0x00000000007B4000-memory.dmp

Filesize
80KB

Download
memory/2216-3058-0x0000000007910000-0x000000000794E000-memory.dmp

Filesize
248KB

Download
memory/2216-2808-0x00000000004E0000-0x00000000004F2000-memory.dmp

Filesize
72KB

Download
memory/2216-2862-0x00000000731A0000-0x000000007388E000-memory.dmp

Filesize
6.9MB

Download
memory/2216-2879-0x0000000000270000-0x00000000002B0000-memory.dmp

Filesize
256KB

Download
memory/2216-2804-0x00000000035F0000-0x000000000364A000-memory.dmp

Filesize
360KB

Download
memory/2216-2878-0x0000000077670000-0x0000000077671000-memory.dmp

Filesize
4KB

Download
memory/2216-2876-0x0000000005D40000-0x0000000005D41000-memory.dmp

Filesize
4KB

Download
memory/2216-2800-0x0000000000450000-0x00000000004DC000-memory.dmp

Filesize
560KB

Download
memory/2216-2796-0x00000000002F0000-0x0000000000324000-memory.dmp

Filesize
208KB

Download
memory/2216-2792-0x000000000C220000-0x000000000D6D2000-memory.dmp

Filesize
20.7MB

Download
memory/2216-2791-0x00000000731A0000-0x000000007388E000-memory.dmp

Filesize
6.9MB

Download
memory/2216-2790-0x0000000000D10000-0x00000000020BC000-memory.dmp

Filesize
19.7MB

Download
memory/2216-5042-0x00000000072B0000-0x00000000072BA000-memory.dmp

Filesize
40KB

Download
memory/2216-3059-0x00000000079C0000-0x00000000079C1000-memory.dmp

Filesize
4KB

Download
memory/2216-2872-0x0000000005D40000-0x0000000005D41000-memory.dmp

Filesize
4KB

Download
memory/2216-2920-0x0000000007190000-0x00000000071B0000-memory.dmp

Filesize
128KB

Download
memory/2216-2864-0x0000000014600000-0x00000000146CA000-memory.dmp

Filesize
808KB

Download
memory/2216-2873-0x000000006A1A0000-0x000000006AAB8000-memory.dmp

Filesize
9.1MB

Download
memory/2216-2871-0x000000006A1A0000-0x000000006AAB8000-memory.dmp

Filesize
9.1MB

Download
memory/2216-2869-0x0000000005D40000-0x0000000005D41000-memory.dmp

Filesize
4KB

Download
memory/2216-2921-0x0000000007210000-0x000000000723A000-memory.dmp

Filesize
168KB

Download
memory/2216-2927-0x0000000007300000-0x0000000007330000-memory.dmp

Filesize
192KB

Download
memory/2216-5041-0x000000006A1A0000-0x000000006AAB8000-memory.dmp

Filesize
9.1MB

Download
memory/2216-2928-0x0000000000270000-0x00000000002B0000-memory.dmp

Filesize
256KB

Download
memory/2216-2929-0x00000000072B0000-0x00000000072BA000-memory.dmp

Filesize
40KB

Download
memory/2216-2932-0x00000000072B0000-0x00000000072BA000-memory.dmp

Filesize
40KB

Download
memory/2216-2994-0x000000006A1A0000-0x000000006AAB8000-memory.dmp

Filesize
9.1MB

Download
memory/2216-2990-0x0000000007870000-0x0000000007880000-memory.dmp

Filesize
64KB

Download
memory/2216-2983-0x000000000A330000-0x000000000A61C000-memory.dmp

Filesize
2.9MB

Download
memory/2216-2982-0x00000000075E0000-0x00000000075FA000-memory.dmp

Filesize
104KB

Download
memory/2216-2868-0x0000000006F90000-0x0000000007058000-memory.dmp

Filesize
800KB

Download
memory/2216-2981-0x0000000000270000-0x00000000002B0000-memory.dmp

Filesize
256KB

Download
memory/2216-2955-0x00000000073B0000-0x00000000073B8000-memory.dmp

Filesize
32KB

Download
memory/2216-2945-0x0000000007380000-0x000000000738C000-memory.dmp

Filesize
48KB

Download
memory/2216-4923-0x0000000000BC0000-0x0000000000BDE000-memory.dmp

Filesize
120KB

Download
memory/2216-4960-0x00000000072C0000-0x00000000072EE000-memory.dmp

Filesize
184KB

Download
memory/2216-4961-0x0000000000270000-0x00000000002B0000-memory.dmp

Filesize
256KB

Download
memory/2216-4997-0x0000000000270000-0x00000000002B0000-memory.dmp

Filesize
256KB

Download
memory/2216-5011-0x0000000005AF0000-0x0000000005B30000-memory.dmp

Filesize
256KB

Download
memory/2216-5012-0x0000000007FA0000-0x0000000008006000-memory.dmp

Filesize
408KB

Download
memory/2216-5040-0x00000000731A0000-0x000000007388E000-memory.dmp

Filesize
6.9MB

Download
memory/2344-4678-0x0000000000200000-0x0000000000201000-memory.dmp

Filesize
4KB

Download
memory/2624-3055-0x0000000001BD0000-0x0000000001BD1000-memory.dmp

Filesize
4KB

Download