fc16a73ee55b2a601b923eabf03c28180a7345f2d4e1da7dcdc9716a03ed5aa6

Analysis

max time kernel
102s
max time network
112s
platform
windows11-21h2_x64
resource
win11-20240221-en
resource tags

arch:x64arch:x86image:win11-20240221-enlocale:en-usos:windows11-21h2-x64system
submitted
09-03-2024 10:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

XMT2_Win_Setup_20.7.28.exe
Size

91.3MB
MD5

9a65af3199c6a9fc3820e7ec7c738e53
SHA1

89368559de13cef61ebaea881b7385eaf9107932
SHA256

fc16a73ee55b2a601b923eabf03c28180a7345f2d4e1da7dcdc9716a03ed5aa6
SHA512

196015c9852f9e65da18bb6119971e637b8e1490661102f6616e6352f63409c9ef36f3035d8128813ba5eace88cf8c6d2f2f1c33a9c5a6e6022d7b6fcb6a3b40
SSDEEP

1572864:xdEEo7QJ1cOW0IBV5CUX5Njm2gjvY2hhI+/1qE/wedzDZ6:xeH7QJ1wjI65BRqYQ+u7/wedzDZ6

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 4 IoCs

pid	Process
4976	XiaoMiTool.exe
3140	javaw.exe
648	XiaoMiTool.exe
1628	javaw.exe

Loads dropped DLL 64 IoCs

pid	Process
236	XMT2_Win_Setup_20.7.28.exe
236	XMT2_Win_Setup_20.7.28.exe
3140	javaw.exe
3140	javaw.exe
3140	javaw.exe
3140	javaw.exe
3140	javaw.exe
3140	javaw.exe
3140	javaw.exe
3140	javaw.exe
3140	javaw.exe
3140	javaw.exe
3140	javaw.exe
3140	javaw.exe
3140	javaw.exe
3140	javaw.exe
3140	javaw.exe
3140	javaw.exe
3140	javaw.exe
3140	javaw.exe
3140	javaw.exe
3140	javaw.exe
3140	javaw.exe
3140	javaw.exe
3140	javaw.exe
3140	javaw.exe
3140	javaw.exe
3140	javaw.exe
3140	javaw.exe
3140	javaw.exe
3140	javaw.exe
3140	javaw.exe
3140	javaw.exe
3140	javaw.exe
3140	javaw.exe
3140	javaw.exe
3140	javaw.exe
3140	javaw.exe
3140	javaw.exe
3140	javaw.exe
3140	javaw.exe
3140	javaw.exe
3140	javaw.exe
3140	javaw.exe
3140	javaw.exe
3140	javaw.exe
3140	javaw.exe
3140	javaw.exe
3140	javaw.exe
3140	javaw.exe
3140	javaw.exe
3140	javaw.exe
3140	javaw.exe
3140	javaw.exe
3140	javaw.exe
3140	javaw.exe
3140	javaw.exe
3140	javaw.exe
3140	javaw.exe
3140	javaw.exe
3140	javaw.exe
3140	javaw.exe
3140	javaw.exe
3140	javaw.exe

Drops file in System32 directory 9 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SYSTEM32\dll\ntdll.pdb	javaw.exe
File opened for modification	C:\Windows\SYSTEM32\symbols\dll\ntdll.pdb	javaw.exe
File opened for modification	C:\Windows\SYSTEM32\symbols\dll\jvm.pdb	javaw.exe
File opened for modification	C:\Windows\SYSTEM32\ntdll.pdb	javaw.exe
File opened for modification	C:\Windows\SYSTEM32\ntdll.pdb	javaw.exe
File opened for modification	C:\Windows\SYSTEM32\dll\jvm.pdb	javaw.exe
File opened for modification	C:\Windows\SYSTEM32\dll\ntdll.pdb	javaw.exe
File opened for modification	C:\Windows\SYSTEM32\symbols\dll\ntdll.pdb	javaw.exe
File opened for modification	C:\Windows\SYSTEM32\jvm.pdb	javaw.exe

Drops file in Program Files directory 9 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\Ink\ntdll.pdb	javaw.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\Ink\dll\ntdll.pdb	javaw.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\Ink\dll\jvm.pdb	javaw.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\Ink\ntdll.pdb	javaw.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\Ink\dll\ntdll.pdb	javaw.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\Ink\symbols\dll\ntdll.pdb	javaw.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\Ink\jvm.pdb	javaw.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\Ink\symbols\dll\jvm.pdb	javaw.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\Ink\symbols\dll\ntdll.pdb	javaw.exe

Drops file in Windows directory 9 IoCs

description	ioc	Process
File opened for modification	C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.22000.120_none_9d947278b86cc467\symbols\dll\ntdll.pdb	javaw.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.22000.120_none_9d947278b86cc467\ntdll.pdb	javaw.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.22000.120_none_9d947278b86cc467\jvm.pdb	javaw.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.22000.120_none_9d947278b86cc467\symbols\dll\jvm.pdb	javaw.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.22000.120_none_9d947278b86cc467\ntdll.pdb	javaw.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.22000.120_none_9d947278b86cc467\dll\ntdll.pdb	javaw.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.22000.120_none_9d947278b86cc467\dll\ntdll.pdb	javaw.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.22000.120_none_9d947278b86cc467\symbols\dll\ntdll.pdb	javaw.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.22000.120_none_9d947278b86cc467\dll\jvm.pdb	javaw.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 4 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	javaw.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	javaw.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	javaw.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	javaw.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
3140	javaw.exe
1628	javaw.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 236 wrote to memory of 4976	236	XMT2_Win_Setup_20.7.28.exe	81
PID 236 wrote to memory of 4976	236	XMT2_Win_Setup_20.7.28.exe	81
PID 236 wrote to memory of 4976	236	XMT2_Win_Setup_20.7.28.exe	81
PID 4976 wrote to memory of 3140	4976	XiaoMiTool.exe	82
PID 4976 wrote to memory of 3140	4976	XiaoMiTool.exe	82
PID 648 wrote to memory of 1628	648	XiaoMiTool.exe	86
PID 648 wrote to memory of 1628	648	XiaoMiTool.exe	86

C:\Users\Admin\AppData\Local\Temp\XMT2_Win_Setup_20.7.28.exe
"C:\Users\Admin\AppData\Local\Temp\XMT2_Win_Setup_20.7.28.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:236
- C:\Xiaomi\XiaomiTool2\XiaoMiTool.exe
  "C:\Xiaomi\XiaomiTool2\XiaoMiTool.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of WriteProcessMemory
  PID:4976
- - C:\Xiaomi\XiaomiTool2\bin\javaw.exe
    "C:\Xiaomi\XiaomiTool2\.\bin\javaw.exe" -jar "C:\Xiaomi\XiaomiTool2\XiaoMiTool.jar"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Drops file in System32 directory
    - Drops file in Program Files directory
    - Drops file in Windows directory
    - Checks processor information in registry
    - Suspicious use of SetWindowsHookEx
    PID:3140

C:\Xiaomi\XiaomiTool2\XiaoMiTool.exe
"C:\Xiaomi\XiaomiTool2\XiaoMiTool.exe"
1⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:648
- C:\Xiaomi\XiaomiTool2\bin\javaw.exe
  "C:\Xiaomi\XiaomiTool2\.\bin\javaw.exe" -jar "C:\Xiaomi\XiaomiTool2\XiaoMiTool.jar"
  2⤵
  - Executes dropped EXE
  - Drops file in System32 directory
  - Drops file in Program Files directory
  - Drops file in Windows directory
  - Checks processor information in registry
  - Suspicious use of SetWindowsHookEx
  PID:1628

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\nseAB26.tmp\InstallOptions.dll

Filesize
14KB

MD5
8d5a5529462a9ba1ac068ee0502578c7

SHA1
875e651e302ce0bfc8893f341cf19171fee25ea5

SHA256
e625dcd0188594b1289891b64debddeb5159aca182b83a12675427b320bf7790

SHA512
101da2c33f47bd85b8934318e0f0b72f820afc928a2a21e2c7823875e3a0e830f7c67f42b4c2f30596eaa073617790c89700c0d95b7949ec617e52800b61d462

Download Submit
C:\Users\Admin\AppData\Local\Temp\nseAB26.tmp\System.dll

Filesize
11KB

MD5
b0c77267f13b2f87c084fd86ef51ccfc

SHA1
f7543f9e9b4f04386dfbf33c38cbed1bf205afb3

SHA256
a0cac4cf4852895619bc7743ebeb89f9e4927ccdb9e66b1bcd92a4136d0f9c77

SHA512
f2b57a2eea00f52a3c7080f4b5f2bb85a7a9b9f16d12da8f8ff673824556c62a0f742b72be0fd82a2612a4b6dbd7e0fdc27065212da703c2f7e28d199696f66e

Download Submit
C:\Users\Admin\AppData\Local\Temp\nseAB26.tmp\ioSpecial.ini

Filesize
693B

MD5
8e6b1a7e13289e3e5c1fffc117cd3031

SHA1
9f2fc700e02db281592be7a6361ffb219178cbbe

SHA256
41984469938328a6dcdaf6f02f31f4ed756a4f94c6cee6d92c9ceb4afde2837e

SHA512
3dcebc30163b3de5ce750b9398410cb378622242adc71b73b38435dade6db6e6fff6bde1cf7698bb682892a67e094554c0e00d84e2852ad25be61ef0d6c0d4f2

Download Submit
C:\Users\Admin\AppData\Local\Temp\nseAB26.tmp\ioSpecial.ini

Filesize
663B

MD5
46c757b5d9007df89c496ee57fd9cd30

SHA1
fad7353477bf9bf827798b45d29303d8025b5838

SHA256
aa5677fbbc85f9dffa86cf57303aeda381895bdb0faa1e7149bebe79d5ef295f

SHA512
d20ea1252a57c4d127ce58dc543605540cc9bdf6de4ae0aa0d132fde0bc5147ad898b0ab25f7c1cc2946eaf1c7aeb9f7a4198ccc0f32fa5371401f003bd74b5c

Download Submit
C:\Users\Admin\AppData\Local\Temp\nseAB26.tmp\ioSpecial.ini

Filesize
676B

MD5
06a43dac3a7c09d77bacc0634a84e9ab

SHA1
a4c8a1c11fc563387ed7fcf1140f7b20a37c14d6

SHA256
c9b02a2374f16c692ef01d7f0ab6d268a47a5f36bbbb6033856aeb9bafd5f639

SHA512
739c93641cf4033d8ae5da74cc1370557b72eae583baffd42f977886fe1b81db6945a687ecaa0e3940757466c398f75e6592a437c5d7a0029d484c4b64566906

Download Submit
C:\Users\Admin\AppData\Local\Temp\nseAB26.tmp\ioSpecial.ini

Filesize
706B

MD5
3ec09e8ad657eed42a69f4e603f018bf

SHA1
644c53ebdadf8228caf979d2cf5420a4ffd555f8

SHA256
f3dc2af70cc0a7f30196232bdaac8ba26544ad79e71235e5303b90eedd7d6733

SHA512
b9a5ea5b8736b0542ed33c7541146b668b7a6fefd452d0aefc9093610e89c9caf141b1421e8b5154a5d262cac0b09f11127fc68e5e24fd1c728f39ba0d00fdad

Download Submit
C:\Xiaomi\XiaomiTool2\XiaoMiTool.exe

Filesize
134KB

MD5
b10c980c000c540b24229f33ce0007c8

SHA1
03f1156f1a4fd313f2f2677a58e62bd0d4c63f87

SHA256
b5692982e55fac4cfc34bdd09516ef7f243a4f2196ffb4722ddf56c8740e52c0

SHA512
990529a74ea731c62414652b4beeb0c06be0eb4dc80faf8f151c8aa05bab5319734d7e58efd03e7bdbce938845378ed61fed498cd8b46a19775ae8bb89e04864

Download Submit
C:\Xiaomi\XiaomiTool2\XiaoMiTool.jar

Filesize
4.1MB

MD5
45c66a6fa3f757b911df60c34e2b0130

SHA1
9fde03b6338919bf0c0e1e48e76c634e988e2bf0

SHA256
0343aaf5aa7b461c25161f90236db13416bd1f6257a01cfcc5c8c0ef205ecfe8

SHA512
cc6b1f73c4cee694166a32f0fbe6a724f022383a8735b96109bcc04c1853c2f16010e967b6756a75688ddd15497f72243255367787400627d50660d818ec231d

Download Submit
C:\Xiaomi\XiaomiTool2\bin\api-ms-win-core-console-l1-1-0.dll

Filesize
20KB

MD5
2c146bc8d73b8944f35506241b9953a9

SHA1
ac64abd745418cea35c0506b9cb0331b171b51ea

SHA256
89384f8f64a9b7f67c8deccaa721e2d76b8a17026d8083630859ed0cd1a9b58b

SHA512
02713948a156baccb2e7c38646193e82fef65400c086644866b698bc3e0a8c155a8eab829463e3868ce2b8a06608c5ea6de1e390bff976c5f92e2e42dd6c04f1

Download Submit
C:\Xiaomi\XiaomiTool2\bin\api-ms-win-core-datetime-l1-1-0.dll

Filesize
20KB

MD5
f0c9c56f56ffa3adc548173569dbd793

SHA1
220a56b84cdb8cd403483d3f6b4bb526fe198fd9

SHA256
12d801992bbb09d43bb90330bb96e77bf12e669c325dda4b5235942221c301c8

SHA512
28e24a2ccedfaf01aef615c1df7f8c76ff0eb06d992eb1b422f902d6d96357ba6a353e31ca9b1fd305e7de7a437ee6a7f2f01bfdf27c4a88c805693ae2b6352c

Download Submit
C:\Xiaomi\XiaomiTool2\bin\api-ms-win-core-debug-l1-1-0.dll

Filesize
20KB

MD5
02d669afdabfe420598041b848b71158

SHA1
25c0fdbc04ffcd570db041d02842d7530afeeb6e

SHA256
64a9ac181fd91b79270bf01759749394f57be171436ed46f43d165325bb82067

SHA512
5321290ec277fca8840e6c9cb7e77d39e820b1d98ef9c29040efaf2a7628c023209c936e08abfb6962a795130874544db25e1bac0d16256a1ebbca0fdcdaa81a

Download Submit
C:\Xiaomi\XiaomiTool2\bin\api-ms-win-core-errorhandling-l1-1-0.dll

Filesize
20KB

MD5
944a33d971704ff815a6c90733d0a72e

SHA1
7d8b9f68a3983a1b86bf4bae085cd5ca6f464921

SHA256
44822ae123a3d6c3a8bdf9a4d65a4dc89eb31004c72fcfcefa1dc3a53ff3eab0

SHA512
4d93dece856a24e50f12a53155e07f1aab501b17e7bbfcce205e1b37d2799caf3681b1770c522ba986ac3badba59d5d95a7526fe19f86a7b0d3d933ea73754e2

Download Submit
C:\Xiaomi\XiaomiTool2\bin\api-ms-win-core-file-l1-1-0.dll

Filesize
23KB

MD5
fec01082bccddadad0814f30b43ab078

SHA1
a6f6d9b61bb743651d3f65824d06427ca492c120

SHA256
c15dacec228f40ce4c5b9d69bba5e6627bc484c6e9d6550a76db6f332e9f7734

SHA512
c6039c366cb47ca31c7501423384afc0678a07abeb0ca1d97ecb5aa3c3e3acf84c9551dea1e56d1dbd4472dab70eed1c79d1c0612ba2730327ce6d0dc151c441

Download Submit
C:\Xiaomi\XiaomiTool2\bin\api-ms-win-core-file-l1-2-0.dll

Filesize
20KB

MD5
b5060343583e6be3b3de33ccd40398e0

SHA1
5b33b8db5d6cfb0e8a5bb7f209df2c6191b02edb

SHA256
27878021c6d48fb669f1822821b5934f5a2904740bebb340b6849e7635490cb7

SHA512
86610edc05aa1b756c87160f9eefe9365e3f712c5bed18c8feca3cae12aef07ccc44c45c4be19dc8f9d337a6f6709b260c89019a5efcfe9fa0847d85ab64d282

Download Submit
C:\Xiaomi\XiaomiTool2\bin\api-ms-win-core-file-l2-1-0.dll

Filesize
20KB

MD5
2e8995e2320e313545c3ddb5c71dc232

SHA1
45d079a704bec060a15f8eba3eab22ac5cf756c6

SHA256
c55eb043454ac2d460f86ea26f934ecb16bdb1d05294c168193a05090bf1c56c

SHA512
19adcc5dd98f30b4eebefe344e1939c93c284c802043ea3ac22654cf2e23692f868a00a482c9be1b1e88089a5031fa81a3f1165175224309828bd28ee12f2d49

Download Submit
C:\Xiaomi\XiaomiTool2\bin\api-ms-win-core-handle-l1-1-0.dll

Filesize
20KB

MD5
31ffff2c6539b3d2f575500300b93d6b

SHA1
e28e8919150fca0cb385f55a4ec4d23058d92fbf

SHA256
6dcbdab7fa8cf66f4a05d1f5166bed33cd88bee1d37af6128f18184e6c301709

SHA512
716f42f0dc530774665982f189a1fbf0371aceb4087de67e5b677cb18a687900c73165a57ae8229b53744e2490d4f04a54686e09da3b5d8705e1df5b804fe27d

Download Submit
C:\Xiaomi\XiaomiTool2\bin\api-ms-win-core-heap-l1-1-0.dll

Filesize
14KB

MD5
661807fde4ed767363644ea85263bcc5

SHA1
151613f6700bdc332094ef73826510a6ba5e9f13

SHA256
e5aac4deadce69eea7675649461a0e682965d6c06115ed3a56465e971b21f9de

SHA512
ee61221075ae89af438c63ca7e89e11a449faedcf0fdc6ae845b158e9dd48aea7b9bccac5d7f2982e66930c1361783dcf074f045038528c9abfae8b42b527bfa

Download Submit
C:\Xiaomi\XiaomiTool2\bin\api-ms-win-core-heap-l1-1-0.dll

Filesize
20KB

MD5
c7120579bb8f56f8cd4e0d329ece3e9d

SHA1
0b35862dcc9654fc4ede338c26d0368c112d4ba9

SHA256
2e00c0176952d7c009b93c40949f91f0ab367a1b274ee78b736bf563f0344da3

SHA512
6172179c349f9952e6fb47a72a459ee29563a511d9da2a16a265625f1d8ca40ff9bd52f78a26d29b5297e7413bfa22a9797df2934a68ea551d0ab45914ee7822

Download Submit
C:\Xiaomi\XiaomiTool2\bin\api-ms-win-core-interlocked-l1-1-0.dll

Filesize
20KB

MD5
1144ced0d8198c39f62fc71c1ecf6cb1

SHA1
43ca991199a46ca1860f8a295209dee6d32d040d

SHA256
d4d86e560a22d833fcdf0ba165d3bd3f6059e69830f4d2f9748af08905b2d4c8

SHA512
006b420d4513fd2be1e07f7512891275cb76243fd4d49855836da53ff779fa695b9bd5661fa16b1c8f83d8cec6342c9719def8d3242431b13e803bdbc2d81e4b

Download Submit
C:\Xiaomi\XiaomiTool2\bin\api-ms-win-core-libraryloader-l1-1-0.dll

Filesize
21KB

MD5
2acf6db396a86e2bef9d6ddf6919581f

SHA1
c67615b97b74776fa64407e7644f92cd14336cbb

SHA256
655bade7ff61f01a803e7532082b14ae354442b0f65ef8164f824d0cfa033e6f

SHA512
9a804bad2a9f220281cd3c20dbc96c023819da96cd24341c597a9d076b5fd176ec9da8e6a227628156827294cfb460e78d41eb053e133b1038a305c996453a36

Download Submit
C:\Xiaomi\XiaomiTool2\bin\api-ms-win-core-localization-l1-2-0.dll

Filesize
22KB

MD5
54d2f426bc91ecf321908d133b069b20

SHA1
78892ea2873091f016daa87d2c0070b6c917131f

SHA256
646b28a20208be68439d73efa21be59e12ed0a5fe9e63e5d3057ca7b84bc6641

SHA512
6b1b095d5e3cc3d5909ebda4846568234b9bc43784919731dd906b6fa62aa1fdf723ac0d18bca75d74616e2c54c82d1402cc8529d75cb1d7744f91622ac4ec06

Download Submit
C:\Xiaomi\XiaomiTool2\bin\api-ms-win-core-memory-l1-1-0.dll

Filesize
20KB

MD5
e7b662ffa023b7f07a85ac3fb8910c11

SHA1
261edc0c4068771f0d070c17e0721d8a1bfcaf9f

SHA256
13ae84007249d532f326a00ad62e5c1f463581f30701e662bb1b3658c4c32a07

SHA512
8df890a9aa191b594bbc033bc384deb27f9e4110e51632f681b33061b4370cec6ff2d637b20a38fc882ddc74dd8247f177cea2b05a13655e7b49e07bc280d756

Download Submit
C:\Xiaomi\XiaomiTool2\bin\java.dll

Filesize
138KB

MD5
084400576e21883d4f1f58ecb83faf11

SHA1
22ee78fd7c363bdf018177fb8ebb950d6b72b166

SHA256
b8a1b284065f0e52e502947cd3b3e35aedd3d3d11afcca0d2e59cbcec649e263

SHA512
31a84af19d18f3430b6d89fe5fcc56b1e7bace779fc5749a7ea3add0dbdf80f025726c8316080eda1ffd587ae7ce6489b9f092f8d61b8e732a1b2728b0d4f967

Download Submit
C:\Xiaomi\XiaomiTool2\bin\javaw.exe

Filesize
45KB

MD5
13e9ddd82ded3c27db50e4105c029798

SHA1
2bd1b9aebbd4035c975c9565db75bf41cbaf6bbb

SHA256
8e1f78d5c49b65861307b44f18f81ad7bf152da944aa4c4c78b4f92025f1b559

SHA512
3cec07716841838226df5772d2404a879c2ad3c206b4e59240cf879544e0cf5aaa99915e2d5040570c10fd89c55c101aa799ed8fdaf04c319feaeff21ab44cc8

Download Submit
C:\Xiaomi\XiaomiTool2\bin\jimage.dll

Filesize
29KB

MD5
4b16eb99574b23e22dda14a2e47413fd

SHA1
8f4a8539cea6202f4b015e68e61a1090e2d1aa4c

SHA256
53abd5a25d999b6bb95e5b7df3218a3e925078478b6e99b37d04c9e91ed598b9

SHA512
d220f6ec2e4b5b83172ac0927ec04048a786af333ee5a5b55502a3e80e4b3c1407e1cf3b0b87f91d7d72f3292888e0db8611094617aca1986909c461436c9eca

Download Submit
C:\Xiaomi\XiaomiTool2\bin\jli.dll

Filesize
82KB

MD5
1cf11c0511d87818ade87da856fa2040

SHA1
b4b4818f92b2923a11e27c889e70d4df45312c4b

SHA256
22cc9f087065884eef20c7852bcbbee817428060affe8e742b96cf6802f29cdf

SHA512
12e1c87fa507bf154643199b2d6885a4e47fd497fd4275313cfea6ee955e149075f505b6d4afde63a58a5b2d9890af453a55eb9a21fb46ee6ead670bcb31ef12

Download Submit
C:\Xiaomi\XiaomiTool2\bin\msvcp140.dll

Filesize
613KB

MD5
c1b066f9e3e2f3a6785161a8c7e0346a

SHA1
8b3b943e79c40bc81fdac1e038a276d034bbe812

SHA256
99e3e25cda404283fbd96b25b7683a8d213e7954674adefa2279123a8d0701fd

SHA512
36f9e6c86afbd80375295238b67e4f472eb86fcb84a590d8dba928d4e7a502d4f903971827fdc331353e5b3d06616664450759432fdc8d304a56e7dacb84b728

Download Submit
C:\Xiaomi\XiaomiTool2\bin\net.dll

Filesize
89KB

MD5
92cd060caf28bee279280c81681c4774

SHA1
994489bae9f7688a00c7808d5f6f8daec40e31d3

SHA256
728aa9c8c415b294ff55302b9924b959b28b896a6c4409cfbc7d95e07e204609

SHA512
ddcdde90209a0df6344ef8c9a8050efe95d0ac6e2b1818556a310d372304f0c65d8c8066eac520819bd9dfd342edffba1d23fc9577a1a806d91304334cecf1df

Download Submit
C:\Xiaomi\XiaomiTool2\bin\nio.dll

Filesize
61KB

MD5
71f23e52a3067b2ccc76ea0ee8680ee4

SHA1
ba3472533e823aa54c1d68c50f80a1fc42046be4

SHA256
c3669e69433b7c991efcc52f8686affea56e2eff836b1522771cc41e100187f7

SHA512
b6558f0db433977f8c465bded622c4532c4f3382150262614aee18f71a71b5d8933b75cb59fcccc0cbb0fef874198bec699c71955f31eb29c2e09443ea113fc6

Download Submit
C:\Xiaomi\XiaomiTool2\bin\server\jvm.dll

Filesize
2.9MB

MD5
2a48106a4e45ffcbce315a754963b4e1

SHA1
db35baed228893a2b6e678867ac8d76d5257f6d3

SHA256
9a0bf571fb4987d38af4d8f772308d9f28d171428b911b5c5d522211c9ca7786

SHA512
25fba0c4e5756da1cf8eff0493b5f8fa71416eff6bbd243b59a2c7de92163904fdd0634ec72f43bf0b1aea158326e277248940b16a41efcf2c957b9702bda2ee

Download Submit
C:\Xiaomi\XiaomiTool2\bin\server\jvm.dll

Filesize
5.6MB

MD5
1250f57df4001ed59e559c9623b1d19e

SHA1
74fbb38a3583649dd7c369aebe85760c77d304d7

SHA256
8bf6107517ae2d722729ead51187ce7d5a930935ae6dc18ee1d8a3868c48b276

SHA512
d8981a414f03df9d0d44cbb94618a6f56252ecd6b93cdb69eb981b90f20e11811ebbaf0148d9a1e48bc0a6059e38f82a4f42a956a3b117b79aea7d16279d4df0

Download Submit
C:\Xiaomi\XiaomiTool2\bin\vcruntime140.dll

Filesize
83KB

MD5
1453290db80241683288f33e6dd5e80e

SHA1
29fb9af50458df43ef40bfc8f0f516d0c0a106fd

SHA256
2b7602cc1521101d116995e3e2ddfe0943349806378a0d40add81ba64e359b6c

SHA512
4ea48a11e29ea7ac3957dcab1a7912f83fd1c922c43d7b7d78523178fe236b4418729455b78ac672bb5632ecd5400746179802c6a9690adb025270b0ade84e91

Download Submit
C:\Xiaomi\XiaomiTool2\bin\zip.dll

Filesize
79KB

MD5
5f7b072107ce014c2dcac47b9330cc49

SHA1
76c466a842804b70535c1caa48b548e88a3f191f

SHA256
5c4cc4885c83a9f1d2e610c333f83f088908bc60adfe38a295c03cc464a3855e

SHA512
4a4cbb3dce9488044d0a4bfcb68ded71105ccc48c3f1f144129fc711781e2f10fc80d59c981536d2c517d823d9726b88884f49abdef1348ffe9b29480c7017f1

Download Submit
C:\Xiaomi\XiaomiTool2\lib\jvm.cfg

Filesize
29B

MD5
7ce21bdcfa333c231d74a77394206302

SHA1
c5a940d2dee8e7bfc01a87d585ddca420d37e226

SHA256
aa9efb969444c1484e29adecab55a122458090616e766b2f1230ef05bc3867e0

SHA512
8b37a1a5600e0a4e5832021c4db50569e33f1ddc8ac4fc2f38d5439272b955b0e3028ea10dec0743b197aa0def32d9e185066d2bac451f81b99539d34006074b

Download Submit
C:\Xiaomi\XiaomiTool2\lib\modules

Filesize
4.2MB

MD5
406c257525fb45d1171beae432aeaae6

SHA1
fb53fa2c969fe3d6d155a658612a3c2904ae48ef

SHA256
8d3dd02ccc3a07b8a4e959795e5d689f52c39dee760bb579a39d7f6e0a1e784c

SHA512
7caa808cbbb9e7e9c8482cf2eeaa19b36d4dd6d1707c6601004f2e15b6e3deeddcc2d7facd71c644df9457ac389123c0b1967cecf77b7cd31c134bad52c74117

Download Submit
memory/648-458-0x0000000000400000-0x000000000042D000-memory.dmp

Filesize
180KB

Download
memory/1628-496-0x000002B0449F0000-0x000002B044A00000-memory.dmp

Filesize
64KB

Download
memory/1628-495-0x000002B0449E0000-0x000002B0449F0000-memory.dmp

Filesize
64KB

Download
memory/1628-494-0x000002B0449D0000-0x000002B0449E0000-memory.dmp

Filesize
64KB

Download
memory/1628-492-0x000002B0441C0000-0x000002B0451C0000-memory.dmp

Filesize
16.0MB

Download
memory/1628-477-0x000002B0441C0000-0x000002B0451C0000-memory.dmp

Filesize
16.0MB

Download
memory/1628-475-0x000002B0441C0000-0x000002B0451C0000-memory.dmp

Filesize
16.0MB

Download
memory/1628-471-0x000002B0441C0000-0x000002B0451C0000-memory.dmp

Filesize
16.0MB

Download
memory/3140-451-0x0000025D00800000-0x0000025D00810000-memory.dmp

Filesize
64KB

Download
memory/3140-456-0x0000025D00000000-0x0000025D01000000-memory.dmp

Filesize
16.0MB

Download
memory/3140-457-0x0000025D00000000-0x0000025D01000000-memory.dmp

Filesize
16.0MB

Download
memory/3140-455-0x0000025D00850000-0x0000025D00860000-memory.dmp

Filesize
64KB

Download
memory/3140-454-0x0000025D00840000-0x0000025D00850000-memory.dmp

Filesize
64KB

Download
memory/3140-453-0x0000025D00820000-0x0000025D00830000-memory.dmp

Filesize
64KB

Download
memory/3140-452-0x0000025D00810000-0x0000025D00820000-memory.dmp

Filesize
64KB

Download
memory/3140-386-0x0000025D00000000-0x0000025D01000000-memory.dmp

Filesize
16.0MB

Download
memory/3140-443-0x0000025D00000000-0x0000025D01000000-memory.dmp

Filesize
16.0MB

Download
memory/3140-431-0x0000025D00000000-0x0000025D01000000-memory.dmp

Filesize
16.0MB

Download
memory/4976-355-0x0000000000400000-0x000000000042D000-memory.dmp

Filesize
180KB

Download