6cf2bcdb1a463fc69eddb125eba8cc12854ee23effcd7c65b968667c668a7f0b

Analysis

max time kernel
149s
max time network
145s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
20/08/2024, 14:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

AndroidSideloader.exe
Size

4.1MB
MD5

b7fa8a83dd1c92d93679c58d06691369
SHA1

0cff7bb71ff43ee92172f30566d8ee1b043129fc
SHA256

6cf2bcdb1a463fc69eddb125eba8cc12854ee23effcd7c65b968667c668a7f0b
SHA512

d74f8450f1fda260d0176ceba347bde6ad58b24a09eaac3cc921e20236a11707cab2f5eaee3bb10907c387d67efbcb66d823ae052b1317f3e953c4984a2b94b8
SSDEEP

24576:JUjV//Ppn/JcDJ7bdukqjVnlqud+/2P+AXg:S5//Rn/QJ7bYkqXfd+/9AQ

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 5 IoCs

pid	Process
3324	7z.exe
1556	adb.exe
1500	adb.exe
4592	adb.exe
3408	adb.exe

Loads dropped DLL 8 IoCs

pid	Process
1556	adb.exe
1556	adb.exe
1500	adb.exe
1500	adb.exe
4592	adb.exe
4592	adb.exe
3408	adb.exe
3408	adb.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
1	raw.githubusercontent.com
3	raw.githubusercontent.com
29	raw.githubusercontent.com

Program crash 1 IoCs

pid	pid_target	Process	procid_target
4928	3496	WerFault.exe	80

System Location Discovery: System Language Discovery 1 TTPs 5 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	adb.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AndroidSideloader.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	adb.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	adb.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	adb.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\MuiCache	MiniSearchHost.exe

Modifies system certificate store 2 TTPs 7 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349	AndroidSideloader.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 040000000100000010000000497904b0eb8719ac47b0bc11519b74d00f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0620000000100000020000000d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef40b000000010000001c0000005300650063007400690067006f002000280041004100410029000000140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b41d00000001000000100000002e0d6875874a44c820912e85e964cfdb030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e3491900000001000000100000002aa1c05e2ae606f198c2c5e937c97aa2200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e	AndroidSideloader.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 5c0000000100000004000000000800001900000001000000100000002aa1c05e2ae606f198c2c5e937c97aa2030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e3491d00000001000000100000002e0d6875874a44c820912e85e964cfdb140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b40b000000010000001c0000005300650063007400690067006f002000280041004100410029000000620000000100000020000000d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef453000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286040000000100000010000000497904b0eb8719ac47b0bc11519b74d0200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e	AndroidSideloader.exe
Key created	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000\Software\Microsoft\SystemCertificates\CA\Certificates\7F95276D4951499FD756DF344AA24FB38CEAF678	AndroidSideloader.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000\Software\Microsoft\SystemCertificates\CA\Certificates\7F95276D4951499FD756DF344AA24FB38CEAF678\Blob = 0300000001000000140000007f95276d4951499fd756df344aa24fb38ceaf6781400000001000000140000000f6be64bce3947aef67e901e79f0309192c85fa3040000000100000010000000ee39380f325cf0c51f4c6f7be0a4c8990f000000010000003000000011634607adf75b5e2bb0c3f38525f19b8cb00415cf48940a83e1da5b90dbf3d251de3a2659675838654f1705ba8fe7411900000001000000100000007818fd06fa225d60f1172f1ef2efcebf5c00000001000000040000008001000018000000010000001000000076935b5c5a037216daaf8aac76df42c1200000000100000089030000308203853082030ca003020102021023b76de3c1bb2b1a51961e08eab764e8300a06082a8648ce3d040303308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374204543432043657274696669636174696f6e20417574686f72697479301e170d3230303133303030303030305a170d3330303132393233353935395a304b310b30090603550406130241543110300e060355040a13075a65726f53534c312a3028060355040313215a65726f53534c2045434320446f6d61696e2053656375726520536974652043413076301006072a8648ce3d020106052b8104002203620004364161172b5325edaaca94e4d6da4857ef50ba846482d7bb051bd61f0624f6a5339d8ce7f10b5568638230105f8d65ecaaa8af97cab586ce30018974dee34e5e016eee267bcc53fa23a4f7441d3e4d1e5f66a6ad85f6f2e3bc8e099880248e20a382017530820171301f0603551d230418301680143ae10986d4cf19c29676744976dce035c663639a301d0603551d0e041604140f6be64bce3947aef67e901e79f0309192c85fa3300e0603551d0f0101ff04040302018630120603551d130101ff040830060101ff020100301d0603551d250416301406082b0601050507030106082b0601050507030230220603551d20041b3019300d060b2b06010401b2310102024e3008060667810c01020130500603551d1f044930473045a043a041863f687474703a2f2f63726c2e7573657274727573742e636f6d2f55534552547275737445434343657274696669636174696f6e417574686f726974792e63726c307606082b06010505070101046a3068303f06082b060105050730028633687474703a2f2f6372742e7573657274727573742e636f6d2f555345525472757374454343416464547275737443412e637274302506082b060105050730018619687474703a2f2f6f6373702e7573657274727573742e636f6d300a06082a8648ce3d040303036700306402302470540f01c940ddc854d96d54cac808ca984374d83ff4d7a95f6df261b9700a261b6330a88b319cbf77ec67b07fa588023025adaba4b0ee8d52e0dd0d7c9ddf7d1daee25c649c74f87e63e5c14e601686b0a75e196eec08c691d8fb0314a1a595ab	AndroidSideloader.exe
Key created	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000\Software\Microsoft\SystemCertificates\CA\Certificates\CA7788C32DA1E4B7863A4FB57D00B55DDACBC7F9	AndroidSideloader.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000\Software\Microsoft\SystemCertificates\CA\Certificates\CA7788C32DA1E4B7863A4FB57D00B55DDACBC7F9\Blob = 030000000100000014000000ca7788c32da1e4b7863a4fb57d00b55ddacbc7f91400000001000000140000003ae10986d4cf19c29676744976dce035c663639a04000000010000001000000042f8529fe545103fdd848980a8647f290f0000000100000030000000ed080184c5a30d366162d70be6fbb98ed70ace8650c3b7bccc7687cddaffb50f7d12eea1a961cc6f7fd0da9b3422f9fa19000000010000001000000076935b5c5a037216daaf8aac76df42c15c0000000100000004000000800100001800000001000000100000002aa1c05e2ae606f198c2c5e937c97aa22000000001000000d7030000308203d3308202bba003020102021056671d04ea4f994c6f10814759d27594300d06092a864886f70d01010c0500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3139303331323030303030305a170d3238313233313233353935395a308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374204543432043657274696669636174696f6e20417574686f726974793076301006072a8648ce3d020106052b81040022036200041aac545aa9f96823e77ad5246f53c65ad84babc6d5b6d1e67371aedd9cd60c61fddba08903b80514ec57ceee5d3fe221b3cef7d48a79e0a3837e2d97d061c4f199dc259163ab7f30a3b470e2c7a1339cf3bf2e5c53b15fb37d327f8a34e37979a381f23081ef301f0603551d23041830168014a0110a233e96f107ece2af29ef82a57fd030a4b4301d0603551d0e041604143ae10986d4cf19c29676744976dce035c663639a300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff30110603551d20040a300830060604551d200030430603551d1f043c303a3038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c303406082b0601050507010104283026302406082b060105050730018618687474703a2f2f6f6373702e636f6d6f646f63612e636f6d300d06092a864886f70d01010c0500038201010019eceb9d892c200b04801d18de429972991632bd0e9c755b2c15e229406deeff72dbdbab901f8c95f28a3d087242895007e239156c0187d9161af5c0752bc5e6561107dfd898bc7c9f1939df8bca006473bc46109b93238dbe16c32e08829c863374763b284c8d034285b3e2b22342d51f7a756a1ad17caa6721c4333a396d53c9a2ed6222a8bbe2556c996c436b9197d10c0b93021dd2bc697749e61b4df7bf147803b0a6ba0bb4e1857f2fdc423bad740148ded66ce11998095e0ab36747fe1ce0d5c128ef4a8b44312604378d8974362eefa5220f83744992c7f710c20c29fbb7bdba7fe35fd59ff2a9f474d5b8e1b3b081e4e1a563a3ccea0478906ebff7	AndroidSideloader.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
3496	AndroidSideloader.exe
3496	AndroidSideloader.exe

Suspicious use of AdjustPrivilegeToken 5 IoCs

description	pid	Process
Token: SeDebugPrivilege	3496	AndroidSideloader.exe
Token: SeRestorePrivilege	3324	7z.exe
Token: 35	3324	7z.exe
Token: SeSecurityPrivilege	3324	7z.exe
Token: SeSecurityPrivilege	3324	7z.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4680	MiniSearchHost.exe

Suspicious use of WriteProcessMemory 14 IoCs

description	pid	Process	procid_target
PID 3496 wrote to memory of 3324	3496	AndroidSideloader.exe	85
PID 3496 wrote to memory of 3324	3496	AndroidSideloader.exe	85
PID 3496 wrote to memory of 1556	3496	AndroidSideloader.exe	93
PID 3496 wrote to memory of 1556	3496	AndroidSideloader.exe	93
PID 3496 wrote to memory of 1556	3496	AndroidSideloader.exe	93
PID 3496 wrote to memory of 1500	3496	AndroidSideloader.exe	95
PID 3496 wrote to memory of 1500	3496	AndroidSideloader.exe	95
PID 3496 wrote to memory of 1500	3496	AndroidSideloader.exe	95
PID 3496 wrote to memory of 4592	3496	AndroidSideloader.exe	97
PID 3496 wrote to memory of 4592	3496	AndroidSideloader.exe	97
PID 3496 wrote to memory of 4592	3496	AndroidSideloader.exe	97
PID 4592 wrote to memory of 3408	4592	adb.exe	99
PID 4592 wrote to memory of 3408	4592	adb.exe	99
PID 4592 wrote to memory of 3408	4592	adb.exe	99

C:\Users\Admin\AppData\Local\Temp\AndroidSideloader.exe
"C:\Users\Admin\AppData\Local\Temp\AndroidSideloader.exe"
1⤵
- System Location Discovery: System Language Discovery
- Modifies system certificate store
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3496
- C:\Users\Admin\AppData\Local\Temp\7z.exe
  "7z.exe" x "C:\Users\Admin\AppData\Local\Temp\dependencies.7z" -y -o"C:\RSL\platform-tools" -bsp1
  2⤵
  - Executes dropped EXE
  - Suspicious use of AdjustPrivilegeToken
  PID:3324
- C:\RSL\platform-tools\adb.exe
  "C:\RSL\platform-tools\adb.exe" kill-server
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:1556
- C:\RSL\platform-tools\adb.exe
  "C:\RSL\platform-tools\adb.exe" kill-server
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:1500
- C:\RSL\platform-tools\adb.exe
  "C:\RSL\platform-tools\adb.exe" start-server
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:4592
- - C:\RSL\platform-tools\adb.exe
    adb -L tcp:5037 fork-server server --reply-fd 568
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    PID:3408
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3496 -s 3240
  2⤵
  - Program crash
  PID:4928

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4680

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
1⤵
PID:4768

C:\Windows\SysWOW64\werfault.exe
werfault.exe /h /shared Global\3ec880d3c5334837962d383ff4928a5f /t 1704 /p 3496
1⤵
PID:2152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 504 -p 3496 -ip 3496
1⤵
PID:4128

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\RSL\platform-tools\AdbWinApi.dll

Filesize
105KB

MD5
d79a7c0a425f768fc9f9bcf2aa144d8f

SHA1
3da9e4c4566bd6d4efeeaf7ceab9e9e83f2f67e5

SHA256
1ad523231de449af3ba0e8664d3af332f0c5cc4f09141691ca05e35368fa811a

SHA512
ff650b98ecc55df6c2cb1b22221b1e71d63c01324f8a8b0f05f1497f5416131f7c33ef2ea17ed323cb2bfdbe7ae1824474544434899d2cb89e9c8c00db7dbb15

Download Submit
C:\RSL\platform-tools\AdbWinUsbApi.dll

Filesize
71KB

MD5
e6e1716f53624aff7dbce5891334669a

SHA1
9c17f50ba4c8e5db9c1118d164995379f8d686fb

SHA256
51a61758a6f1f13dd36530199c0d65e227cd9d43765372b2942944cc3296ca2c

SHA512
c47392b6f7d701e78f78e0b0ddce5508ab8d247a4095391e77cd665e955f4938e412ffcb6076534dcad287af4f78d84668496935e71b9bb46a98401522815eb9

Download Submit
C:\RSL\platform-tools\adb.exe

Filesize
5.6MB

MD5
64daf7cca61d468d26a407d79a7c26a9

SHA1
51b451089e73c9a03e2f24ab2fc81896d48c6126

SHA256
997324a38d89e3b282306bf25ccaa167c49a35850ac0ab4a169e7a15afa82fc8

SHA512
5a7bd06326e8ee868a2e6c724bc74bd290acaa00f3442807d3f69489a374a13a3cb41fbaf929c79525bdac319bd9a64ecfaf3cbdb6585ae332a485e911d8370d

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

Filesize
10KB

MD5
c3e08121cabb9380e3d50cadde97d53a

SHA1
0e666954e83e97e3883e52092fe2be88a520e8f8

SHA256
76e1d3ab7320c4b863adb091b5b77205d81e13eafb539a18ebe3d8ea46b29433

SHA512
9a6ef7710781d2f3a1f873129b21990548c1b275720080d87fe4051b464b0aef4ad8625656c388a65163563c6fb2086c29c01ba5f518c5b9679e7227fcc7941f

Download Submit
C:\Users\Admin\AppData\Local\Rookie.AndroidSideloader\AndroidSideloader.exe_Url_3wcjmuu02ugveehxxd13xxpo50icwnnk\2.0.0.0\3his1t5b.newcfg

Filesize
2KB

MD5
17b7ae9ff7f903313ea9839873a15c19

SHA1
6740763fdf6067d6f397ba071ad146dffe9c8881

SHA256
5f2d7b769ae591bfaefee0c61bd47244be709633b582f4734ff28dcb32a0a703

SHA512
8ededc1064ebd14eaa0b9281bac8be4997aa131c45e3c3709a70e25be04cbcd9c87a8dcf5a3ac088d30a56b3960b3f8940b3b42de6f5c84bf87a6f6a469ae6c4

Download Submit
C:\Users\Admin\AppData\Local\Rookie.AndroidSideloader\AndroidSideloader.exe_Url_3wcjmuu02ugveehxxd13xxpo50icwnnk\2.0.0.0\kw3yrzdn.newcfg

Filesize
3KB

MD5
33399e05b39b55a671181baac7fc35c8

SHA1
01d9fc52894918ec1d6d88d5f2d59e325a555ea4

SHA256
6556d638101a3269104700fd4b894ed874c48ddc9731fa2399c3aa58489d4ddb

SHA512
0f0be951b6bd689475ff7a99f22b86a969c2aeaeeb7da627073d54f9d210d5ca496296454f83a11434bbadb158fcd1464abdcd629d0359d29c66b1527dc550dd

Download Submit
C:\Users\Admin\AppData\Local\Rookie.AndroidSideloader\AndroidSideloader.exe_Url_3wcjmuu02ugveehxxd13xxpo50icwnnk\2.0.0.0\pg2yw0mx.newcfg

Filesize
2KB

MD5
126138303027fe441897ab431cd2401a

SHA1
57ea49e5fc8d1079c5504438f397436370282deb

SHA256
348cb33fc4d45b64d634cf519808bb756a8370ffb721fc0a60731f9a330d50b6

SHA512
1a26060f3d17ea7e260b33e3f551427d8c4999c4c6ec0277afb76dc68c98059f2f1664b5037e9d3b0934f5628d8539e155ed6da3ae72c5b69e2bc71b00533f95

Download Submit
C:\Users\Admin\AppData\Local\Rookie.AndroidSideloader\AndroidSideloader.exe_Url_3wcjmuu02ugveehxxd13xxpo50icwnnk\2.0.0.0\user.config

Filesize
838B

MD5
6dc22626c68e39d1f7a92bc247d064fa

SHA1
06d72094b8ccfb2cd09e3b04fa79cd2f4efbb40c

SHA256
5b1cfb327e8e4f605cdb650526ab442cc846ce97cfdc51d1da23dfecb3abdf60

SHA512
09858fce9752da51c915859873510c5f115b8d2b2ffa9b3bfe8bee20b804de1fe3ef8bbe5448b2374d6089af29e9d7914e0098df675e5eef240d4f1649a0db72

Download Submit
C:\Users\Admin\AppData\Local\Rookie.AndroidSideloader\AndroidSideloader.exe_Url_3wcjmuu02ugveehxxd13xxpo50icwnnk\2.0.0.0\user.config

Filesize
2KB

MD5
da6c60273689c904e6d4e56dfa31f26a

SHA1
9dcda99705537457cd19ffbda31dd3b5ee545c3b

SHA256
3ced6488d4b1326cdd365ac94c33cea992da8d8047cb802f970fa81496224544

SHA512
a1f265a832dc4b89966f0b4ccb72bc0c2dd64d48588357eb1da530693343b4a6f3e366f0958297e3ec62b9b91da430fa353650d17ab0b499c2ce6e024ae7aa82

Download Submit
C:\Users\Admin\AppData\Local\Rookie.AndroidSideloader\AndroidSideloader.exe_Url_3wcjmuu02ugveehxxd13xxpo50icwnnk\2.0.0.0\user.config

Filesize
2KB

MD5
6a7a549b899ed4bcc67ab252fa6f2461

SHA1
66fadb4290fee40736a03fa4fe6f900d33b8ca5b

SHA256
d5d15bd2f0347ae3c5390919e1c61569b3c5b80e42bd01a4c774863d1f6313d4

SHA512
91a163d47e2d31619054a61a283fbf43c9d7b7eb6ab40df8d4cd8cb92ad768f80cfefaf3c6ec29fcebdd10088c0f9d9091b423a5de0b02265709df8f137f1544

Download Submit
C:\Users\Admin\AppData\Local\Temp\7z.exe

Filesize
1.2MB

MD5
1a7eaa1dab7867e15d7800ae0b5af5e3

SHA1
9e6d344bd8724aa1862f4254d8c42b7cc929a797

SHA256
356bea8b6e9eb84dfa0dd8674e7c03428c641a47789df605c5bea0730de4aed2

SHA512
a12373ec7ec4bac3421363f70cc593f4334b4bb5a5c917e050a45090220fab002c36ba8b03be81159fd70955b4680146c9469e44ddf75a901465d6b1231ee6cd

Download Submit
C:\Users\Admin\AppData\Local\Temp\dependencies.7z

Filesize
5.5MB

MD5
54850eca0050c5468f712187828655ce

SHA1
30607a286efe050f9387f3127888b4073595d1a1

SHA256
06e1523a9cc9be6bd9d7a33c2720519d1a071747222f044bdf0c4d590a508575

SHA512
40d575da0d48f6b0ab7dbeabf68a4b40551157671e34f5669fe2627fe51d8f623e00adcff24df6abf9ea765dd02ffdcca2783b73f617ee0fb1fca1a88f0d4675

Download Submit
memory/3496-9-0x0000000005000000-0x000000000500E000-memory.dmp

Filesize
56KB

Download
memory/3496-0-0x000000007461E000-0x000000007461F000-memory.dmp

Filesize
4KB

Download
memory/3496-37-0x000000007461E000-0x000000007461F000-memory.dmp

Filesize
4KB

Download
memory/3496-38-0x0000000074610000-0x0000000074DC1000-memory.dmp

Filesize
7.7MB

Download
memory/3496-39-0x0000000074610000-0x0000000074DC1000-memory.dmp

Filesize
7.7MB

Download
memory/3496-33-0x0000000074610000-0x0000000074DC1000-memory.dmp

Filesize
7.7MB

Download
memory/3496-10-0x00000000052B0000-0x000000000533E000-memory.dmp

Filesize
568KB

Download
memory/3496-34-0x0000000074610000-0x0000000074DC1000-memory.dmp

Filesize
7.7MB

Download
memory/3496-88-0x0000000000DF0000-0x0000000000E56000-memory.dmp

Filesize
408KB

Download
memory/3496-8-0x0000000004FD0000-0x0000000004FDC000-memory.dmp

Filesize
48KB

Download
memory/3496-7-0x0000000004FC0000-0x0000000004FCA000-memory.dmp

Filesize
40KB

Download
memory/3496-6-0x0000000074610000-0x0000000074DC1000-memory.dmp

Filesize
7.7MB

Download
memory/3496-3-0x0000000005040000-0x00000000050D2000-memory.dmp

Filesize
584KB

Download
memory/3496-2-0x00000000055F0000-0x0000000005B96000-memory.dmp

Filesize
5.6MB

Download
memory/3496-1-0x00000000000C0000-0x00000000004E2000-memory.dmp

Filesize
4.1MB

Download
memory/3496-181-0x0000000074610000-0x0000000074DC1000-memory.dmp

Filesize
7.7MB

Download