6c1ec6433e1d991ec587ae14bd00d9c37ed8395896caa6ce19e1b48a12a50346

Analysis

max time kernel
144s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
28/02/2024, 10:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

WinaeroTweaker-1.62.1.0-setup.exe
Size

5.7MB
MD5

157e743031c4e6be81ab205ee109f944
SHA1

06c39459502adf9ccab19111bef0877b6f21d670
SHA256

6c1ec6433e1d991ec587ae14bd00d9c37ed8395896caa6ce19e1b48a12a50346
SHA512

eaa9a078a093bc108b28c1469cf82a301b2ce0a5d66e293f89d94a12d1dab383d4b79e60a6a9514555a692e23ca4c99fa67885cac9f04c584c80b1bfd6cd6e35
SSDEEP

98304:nkL+yAKH/+GFeGCYKtl/gOGhpslPXCuutHpKx8o3zEOqWAwPWBCBnQX5FHin1KTc:c+5KH/+Grg5gOEuO8x8wAOPAwEynMFaN

Score

7^/10

discovery

Malware Config

Signatures

Checks computer location settings 2 TTPs 3 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-609813121-2907144057-1731107329-1000\Control Panel\International\Geo\Nation	WinaeroTweaker-1.62.1.0-setup.tmp
Key value queried	\REGISTRY\USER\S-1-5-21-609813121-2907144057-1731107329-1000\Control Panel\International\Geo\Nation	WinaeroTweaker.exe
Key value queried	\REGISTRY\USER\S-1-5-21-609813121-2907144057-1731107329-1000\Control Panel\International\Geo\Nation	WinaeroTweaker.exe

Executes dropped EXE 4 IoCs

pid	Process
1548	WinaeroTweaker-1.62.1.0-setup.tmp
4872	WinaeroTweaker.exe
4772	WinaeroTweaker.exe
4256	WinaeroTweakerHelper.exe

Loads dropped DLL 1 IoCs

pid	Process
1548	WinaeroTweaker-1.62.1.0-setup.tmp

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 21 IoCs

description	ioc	Process
File created	C:\Program Files\Winaero Tweaker\is-ITBEB.tmp	WinaeroTweaker-1.62.1.0-setup.tmp
File created	C:\Program Files\Winaero Tweaker\is-U247O.tmp	WinaeroTweaker-1.62.1.0-setup.tmp
File created	C:\Program Files\Winaero Tweaker\is-JL640.tmp	WinaeroTweaker-1.62.1.0-setup.tmp
File opened for modification	C:\Program Files\Winaero Tweaker\WinaeroTweaker.exe	WinaeroTweaker-1.62.1.0-setup.tmp
File opened for modification	C:\Program Files\Winaero Tweaker\WinaeroTweaker_x86_64.dll	WinaeroTweaker-1.62.1.0-setup.tmp
File created	C:\Program Files\Winaero Tweaker\unins000.dat	WinaeroTweaker-1.62.1.0-setup.tmp
File created	C:\Program Files\Winaero Tweaker\is-2G0OS.tmp	WinaeroTweaker-1.62.1.0-setup.tmp
File opened for modification	C:\Program Files\Winaero Tweaker\WinaeroControls.dll	WinaeroTweaker-1.62.1.0-setup.tmp
File opened for modification	C:\Program Files\Winaero Tweaker\Elevator.exe	WinaeroTweaker-1.62.1.0-setup.tmp
File created	C:\Program Files\Winaero Tweaker\is-BTVGI.tmp	WinaeroTweaker-1.62.1.0-setup.tmp
File created	C:\Program Files\Winaero Tweaker\is-K0I46.tmp	WinaeroTweaker-1.62.1.0-setup.tmp
File opened for modification	C:\Program Files\Winaero Tweaker\WinaeroTweaker_i386.dll	WinaeroTweaker-1.62.1.0-setup.tmp
File opened for modification	C:\Program Files\Winaero Tweaker\no_tab_explorer.exe	WinaeroTweaker-1.62.1.0-setup.tmp
File opened for modification	C:\Program Files\Winaero Tweaker\WinaeroTweakerHelper.exe	WinaeroTweaker-1.62.1.0-setup.tmp
File created	C:\Program Files\Winaero Tweaker\is-E48HS.tmp	WinaeroTweaker-1.62.1.0-setup.tmp
File created	C:\Program Files\Winaero Tweaker\is-DRLQQ.tmp	WinaeroTweaker-1.62.1.0-setup.tmp
File created	C:\Program Files\Winaero Tweaker\is-5IR6N.tmp	WinaeroTweaker-1.62.1.0-setup.tmp
File created	C:\Program Files\Winaero Tweaker\is-P1ADG.tmp	WinaeroTweaker-1.62.1.0-setup.tmp
File created	C:\Program Files\Winaero Tweaker\is-0HI5O.tmp	WinaeroTweaker-1.62.1.0-setup.tmp
File created	C:\Program Files\Winaero Tweaker\is-UC30G.tmp	WinaeroTweaker-1.62.1.0-setup.tmp
File opened for modification	C:\Program Files\Winaero Tweaker\unins000.dat	WinaeroTweaker-1.62.1.0-setup.tmp

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	WinaeroTweaker.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	WinaeroTweaker.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Kills process with taskkill 2 IoCs

evasion

pid	Process
3260	taskkill.exe
3856	taskkill.exe

Suspicious behavior: EnumeratesProcesses 34 IoCs

pid	Process
1548	WinaeroTweaker-1.62.1.0-setup.tmp
1548	WinaeroTweaker-1.62.1.0-setup.tmp
4872	WinaeroTweaker.exe
4872	WinaeroTweaker.exe
4992	msedge.exe
4872	WinaeroTweaker.exe
4992	msedge.exe
4872	WinaeroTweaker.exe
4872	WinaeroTweaker.exe
644	msedge.exe
644	msedge.exe
4772	WinaeroTweaker.exe
4772	WinaeroTweaker.exe
4772	WinaeroTweaker.exe
4772	WinaeroTweaker.exe
4772	WinaeroTweaker.exe
4772	WinaeroTweaker.exe
4772	WinaeroTweaker.exe
4772	WinaeroTweaker.exe
4772	WinaeroTweaker.exe
4772	WinaeroTweaker.exe
4772	WinaeroTweaker.exe
4772	WinaeroTweaker.exe
4772	WinaeroTweaker.exe
4772	WinaeroTweaker.exe
4772	WinaeroTweaker.exe
4772	WinaeroTweaker.exe
4772	WinaeroTweaker.exe
4772	WinaeroTweaker.exe
4772	WinaeroTweaker.exe
4772	WinaeroTweaker.exe
4772	WinaeroTweaker.exe
4772	WinaeroTweaker.exe
4772	WinaeroTweaker.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
644	msedge.exe
644	msedge.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeDebugPrivilege	3260	taskkill.exe
Token: SeDebugPrivilege	3856	taskkill.exe
Token: SeDebugPrivilege	4872	WinaeroTweaker.exe
Token: SeDebugPrivilege	4772	WinaeroTweaker.exe

Suspicious use of FindShellTrayWindow 27 IoCs

pid	Process
1548	WinaeroTweaker-1.62.1.0-setup.tmp
644	msedge.exe
644	msedge.exe
644	msedge.exe
644	msedge.exe
644	msedge.exe
644	msedge.exe
644	msedge.exe
644	msedge.exe
644	msedge.exe
644	msedge.exe
644	msedge.exe
644	msedge.exe
644	msedge.exe
644	msedge.exe
644	msedge.exe
644	msedge.exe
644	msedge.exe
644	msedge.exe
644	msedge.exe
644	msedge.exe
644	msedge.exe
644	msedge.exe
644	msedge.exe
644	msedge.exe
644	msedge.exe
644	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
644	msedge.exe
644	msedge.exe
644	msedge.exe
644	msedge.exe
644	msedge.exe
644	msedge.exe
644	msedge.exe
644	msedge.exe
644	msedge.exe
644	msedge.exe
644	msedge.exe
644	msedge.exe
644	msedge.exe
644	msedge.exe
644	msedge.exe
644	msedge.exe
644	msedge.exe
644	msedge.exe
644	msedge.exe
644	msedge.exe
644	msedge.exe
644	msedge.exe
644	msedge.exe
644	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4848 wrote to memory of 1548	4848	WinaeroTweaker-1.62.1.0-setup.exe	88
PID 4848 wrote to memory of 1548	4848	WinaeroTweaker-1.62.1.0-setup.exe	88
PID 4848 wrote to memory of 1548	4848	WinaeroTweaker-1.62.1.0-setup.exe	88
PID 1548 wrote to memory of 876	1548	WinaeroTweaker-1.62.1.0-setup.tmp	90
PID 1548 wrote to memory of 876	1548	WinaeroTweaker-1.62.1.0-setup.tmp	90
PID 1548 wrote to memory of 876	1548	WinaeroTweaker-1.62.1.0-setup.tmp	90
PID 1548 wrote to memory of 5040	1548	WinaeroTweaker-1.62.1.0-setup.tmp	92
PID 1548 wrote to memory of 5040	1548	WinaeroTweaker-1.62.1.0-setup.tmp	92
PID 1548 wrote to memory of 5040	1548	WinaeroTweaker-1.62.1.0-setup.tmp	92
PID 5040 wrote to memory of 3260	5040	cmd.exe	94
PID 5040 wrote to memory of 3260	5040	cmd.exe	94
PID 5040 wrote to memory of 3260	5040	cmd.exe	94
PID 876 wrote to memory of 3856	876	cmd.exe	95
PID 876 wrote to memory of 3856	876	cmd.exe	95
PID 876 wrote to memory of 3856	876	cmd.exe	95
PID 1548 wrote to memory of 4872	1548	WinaeroTweaker-1.62.1.0-setup.tmp	103
PID 1548 wrote to memory of 4872	1548	WinaeroTweaker-1.62.1.0-setup.tmp	103
PID 1548 wrote to memory of 644	1548	WinaeroTweaker-1.62.1.0-setup.tmp	104
PID 1548 wrote to memory of 644	1548	WinaeroTweaker-1.62.1.0-setup.tmp	104
PID 644 wrote to memory of 3948	644	msedge.exe	105
PID 644 wrote to memory of 3948	644	msedge.exe	105
PID 644 wrote to memory of 1748	644	msedge.exe	106
PID 644 wrote to memory of 1748	644	msedge.exe	106
PID 644 wrote to memory of 1748	644	msedge.exe	106
PID 644 wrote to memory of 1748	644	msedge.exe	106
PID 644 wrote to memory of 1748	644	msedge.exe	106
PID 644 wrote to memory of 1748	644	msedge.exe	106
PID 644 wrote to memory of 1748	644	msedge.exe	106
PID 644 wrote to memory of 1748	644	msedge.exe	106
PID 644 wrote to memory of 1748	644	msedge.exe	106
PID 644 wrote to memory of 1748	644	msedge.exe	106
PID 644 wrote to memory of 1748	644	msedge.exe	106
PID 644 wrote to memory of 1748	644	msedge.exe	106
PID 644 wrote to memory of 1748	644	msedge.exe	106
PID 644 wrote to memory of 1748	644	msedge.exe	106
PID 644 wrote to memory of 1748	644	msedge.exe	106
PID 644 wrote to memory of 1748	644	msedge.exe	106
PID 644 wrote to memory of 1748	644	msedge.exe	106
PID 644 wrote to memory of 1748	644	msedge.exe	106
PID 644 wrote to memory of 1748	644	msedge.exe	106
PID 644 wrote to memory of 1748	644	msedge.exe	106
PID 644 wrote to memory of 1748	644	msedge.exe	106
PID 644 wrote to memory of 1748	644	msedge.exe	106
PID 644 wrote to memory of 1748	644	msedge.exe	106
PID 644 wrote to memory of 1748	644	msedge.exe	106
PID 644 wrote to memory of 1748	644	msedge.exe	106
PID 644 wrote to memory of 1748	644	msedge.exe	106
PID 644 wrote to memory of 1748	644	msedge.exe	106
PID 644 wrote to memory of 1748	644	msedge.exe	106
PID 644 wrote to memory of 1748	644	msedge.exe	106
PID 644 wrote to memory of 1748	644	msedge.exe	106
PID 644 wrote to memory of 1748	644	msedge.exe	106
PID 644 wrote to memory of 1748	644	msedge.exe	106
PID 644 wrote to memory of 1748	644	msedge.exe	106
PID 644 wrote to memory of 1748	644	msedge.exe	106
PID 644 wrote to memory of 1748	644	msedge.exe	106
PID 644 wrote to memory of 1748	644	msedge.exe	106
PID 644 wrote to memory of 1748	644	msedge.exe	106
PID 644 wrote to memory of 1748	644	msedge.exe	106
PID 644 wrote to memory of 1748	644	msedge.exe	106
PID 644 wrote to memory of 1748	644	msedge.exe	106
PID 644 wrote to memory of 4992	644	msedge.exe	108
PID 644 wrote to memory of 4992	644	msedge.exe	108
PID 644 wrote to memory of 960	644	msedge.exe	107

C:\Users\Admin\AppData\Local\Temp\WinaeroTweaker-1.62.1.0-setup.exe
"C:\Users\Admin\AppData\Local\Temp\WinaeroTweaker-1.62.1.0-setup.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4848
- C:\Users\Admin\AppData\Local\Temp\is-BJ1SQ.tmp\WinaeroTweaker-1.62.1.0-setup.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-BJ1SQ.tmp\WinaeroTweaker-1.62.1.0-setup.tmp" /SL5="$F01C0,5091039,832000,C:\Users\Admin\AppData\Local\Temp\WinaeroTweaker-1.62.1.0-setup.exe"
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops file in Program Files directory
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of WriteProcessMemory
  PID:1548
- - C:\Windows\SysWOW64\cmd.exe
    "C:\Windows\System32\cmd.exe" /c taskkill /im winaerotweaker.exe /f
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:876
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /im winaerotweaker.exe /f
      4⤵
      Kills process with taskkill
      Suspicious use of AdjustPrivilegeToken
      PID:3856
- - C:\Windows\SysWOW64\cmd.exe
    "C:\Windows\System32\cmd.exe" /c taskkill /im winaerotweakerhelper.exe /f
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:5040
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /im winaerotweakerhelper.exe /f
      4⤵
      Kills process with taskkill
      Suspicious use of AdjustPrivilegeToken
      PID:3260
- - C:\Program Files\Winaero Tweaker\WinaeroTweaker.exe
    "C:\Program Files\Winaero Tweaker\WinaeroTweaker.exe"
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:4872
  - - C:\Program Files\Winaero Tweaker\WinaeroTweaker.exe
      "C:\Program Files\Winaero Tweaker\WinaeroTweaker.exe" -profile="C:\Users\Admin" -sid="S-1-5-21-609813121-2907144057-1731107329-1000" -muil="en-US"
      4⤵
      Checks computer location settings
      Executes dropped EXE
      Checks processor information in registry
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      PID:4772
    - - C:\Program Files\Winaero Tweaker\WinaeroTweakerHelper.exe
        
        "C:\Program Files\Winaero Tweaker\WinaeroTweakerHelper.exe" -
        5⤵
        Executes dropped EXE
        
        PID:4256
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://winaero.com/?utm_source=software&utm_medium=in-app&utm_campaign=winaerotweaker&utm_content=setupcheckbox
    3⤵
    - Enumerates system info in registry
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of WriteProcessMemory
    PID:644
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd47ef46f8,0x7ffd47ef4708,0x7ffd47ef4718
      4⤵
      PID:3948
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,5463744365546165630,2594028126038775020,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2072 /prefetch:2
      4⤵
      PID:1748
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2060,5463744365546165630,2594028126038775020,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2716 /prefetch:8
      4⤵
      PID:960
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2060,5463744365546165630,2594028126038775020,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2124 /prefetch:3
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:4992
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,5463744365546165630,2594028126038775020,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3388 /prefetch:1
      4⤵
      PID:1628
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,5463744365546165630,2594028126038775020,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3456 /prefetch:1
      4⤵
      PID:4716

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1412

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1912

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Winaero Tweaker\WinaeroControls.dll

Filesize
428KB

MD5
e3053e6ca40b44d5937a5b6ca1de7fa1

SHA1
f0cd747c34834a82ad1a1860b41a53a0981e91ef

SHA256
aa1e84244d46228f198cf3e1373658032c2f4d01c25db1c4966ffb87eb9bdc8b

SHA512
c8176b29016d244c0760222a4f42dc3a05a189a8c139061db08e8aae6639734b7198f79514586fadea21616781975002bac9a6acd3b96167317045d9f81be265

Download Submit
C:\Program Files\Winaero Tweaker\WinaeroTweaker.exe

Filesize
5.1MB

MD5
bd58a64a60d76cc1cfa38fd1c27419f5

SHA1
db1f416b55131682547f007351ad859edc5468c2

SHA256
69ecfd7ad61617a769d230d6d6db082d965c5550f92c4913cd60ef47d3158d38

SHA512
ab11ffbf0b2d39a2255357dd22489610cf6ee1f2316f6028d7120454e31ffc9c0ea794be9d134afe7fea91606f38c14bbfcf19de0bd7d085f02964d1c3ecf32b

Download Submit
C:\Program Files\Winaero Tweaker\WinaeroTweaker.exe

Filesize
761KB

MD5
f75b66e78dc326799127de3382643c16

SHA1
5a93edefdcb89eed42ab28c2bfee7d7e7a313bba

SHA256
ea4165dc609237d80e744cee3350ca9ff1d627e308b869cec8b0ea5272bb0b4c

SHA512
3ac53f221e9f98055d610f61322b16582cd69e0ab42d238b96e831dacc436488e0ef8a7f44e23f4ae8bc0dcfa19151246fde32aba911e4bc576d0e32914dd138

Download Submit
C:\Program Files\Winaero Tweaker\WinaeroTweaker.exe

Filesize
285KB

MD5
b95cc8d376d9043805efb1dbe856bc35

SHA1
de3568e46b898ea6e8d9835aa0f8d5445c792791

SHA256
ff94da1449c1e8461e69c3e9a70f5d28fc38d48f209944b756d6521c91f155ad

SHA512
a9dcd6a4398d5a114d663f8043b7e52b91caf1490344369965902e43641b793a845ed07347432dba95936b7e5442d481a571519028a158d78fe5b2faaace6c51

Download Submit
C:\Program Files\Winaero Tweaker\WinaeroTweakerHelper.exe

Filesize
330KB

MD5
8e0aec38406afacff9487529add32c74

SHA1
4a7973910178147b217107db30610bf3416f2745

SHA256
c789872a6141e19f9cb71abb8260c8303a2ac48dfd86f36912a4649800a78d39

SHA512
a29bac662446c238c787635654a1787471c484c5887cca5838361c232dca1d32220b50f36fe918b39db7d6f1976f0584332386340e96a7f85e2d71123014e62c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\WinaeroTweaker.exe.log

Filesize
1KB

MD5
baf55b95da4a601229647f25dad12878

SHA1
abc16954ebfd213733c4493fc1910164d825cac8

SHA256
ee954c5d8156fd8890e582c716e5758ed9b33721258f10e758bdc31ccbcb1924

SHA512
24f502fedb1a305d0d7b08857ffc1db9b2359ff34e06d5748ecc84e35c985f29a20d9f0a533bea32d234ab37097ec0481620c63b14ac89b280e75e14d19fd545

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
36bb45cb1262fcfcab1e3e7960784eaa

SHA1
ab0e15841b027632c9e1b0a47d3dec42162fc637

SHA256
7c6b0de6f9b4c3ca1f5d6af23c3380f849825af00b58420b76c72b62cfae44ae

SHA512
02c54c919f8cf3fc28f5f965fe1755955636d7d89b5f0504a02fcd9d94de8c50e046c7c2d6cf349fabde03b0fbbcc61df6e9968f2af237106bf7edd697e07456

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1e3dc6a82a2cb341f7c9feeaf53f466f

SHA1
915decb72e1f86e14114f14ac9bfd9ba198fdfce

SHA256
a56135007f4dadf6606bc237cb75ff5ff77326ba093dff30d6881ce9a04a114c

SHA512
0a5223e8cecce77613b1c02535c79b3795e5ad89fc0a934e9795e488712e02b527413109ad1f94bbd4eb35dd07b86dd6e9f4b57d4d7c8a0a57ec3f7f76c7890a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
309B

MD5
ce9c7aa9c6624e361595e626f30bd660

SHA1
dd9794c534df4b99560037d4735dd5da8376cbc8

SHA256
deeacb4632fb9f078ac939c8c931b4239a1ee7f2af877a3fce7708ae8f7acb95

SHA512
af2dce094f9b25bff3d0f3652db0f54dc65247199c77b3802bf197f19ca7b3dcd137b44f51fe1eaa1837ce691c6929ad5d672398cd26e276e875acd1edb67e8f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
005cd4dde8f53cd5644a03d35e99200a

SHA1
c14d4051bfbb4c2595cebdaf2c0a8db19b78ed26

SHA256
b40d959900eb1d3f78a5465ab90caed208fe4fde9ee93fc22cd311c252e9eb7f

SHA512
7d478d3dd8ebbc27d2a193d5db8f2b4065ab9829b027c2b80dfe9a57dcc97d238f2d5b6c9ff6e920acf385d401163db264c3f730578094dfcc541f77a34aec58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
161bf3052c71a31b7d19c2edc9a01cb7

SHA1
81f080761f72a27a11bfa83f71f711e0bd1b0fa5

SHA256
9d09c3f3a6a018f823945b51da015af35a8b0d8fa17234e7ec676ca67cf63cc9

SHA512
b7e92e8e157e6d47399493b2d55b90a32efbfb21ff8fd3ad78e4d563213a8389e6521609a8ae074efb3ac893a4cdd31033983b4a3c452e13d25baeb9f353fbed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
d064ee1d5363cc97018fdc89310a7f53

SHA1
5527fb2a0717461dc892dcccdfa0389fb439bf1f

SHA256
010364783060941241ce447668ce235ff29fd083b467e4f4d8e3a76f70da99e5

SHA512
6535615c3c108dff24de973a5537d836325be440446c0cb65fd36e21ec84af812b4c851a6d326d4c62c1d9b5de8a146682e5925dcd16145a835889aca6eaf642

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-BJ1SQ.tmp\WinaeroTweaker-1.62.1.0-setup.tmp

Filesize
3.0MB

MD5
7ce94ddf4648f1d972c77764e24b527f

SHA1
a061a2bac5fdc29d03db7cef56b1e242f54b5b8b

SHA256
5f252a8d3629e51f265de8002be947a24a78b101330a71b4b01afbe59edd716d

SHA512
b15d4ff889bae492f3418c0d9ca0c1bbe89a3ffb95309924735873c166b937bba6da28dca451fb408204ab2704416ac0733547e8717b81e1d2a0fba0c116c47a

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-QLI5K.tmp\_isetup\_iscrypt.dll

Filesize
2KB

MD5
a69559718ab506675e907fe49deb71e9

SHA1
bc8f404ffdb1960b50c12ff9413c893b56f2e36f

SHA256
2f6294f9aa09f59a574b5dcd33be54e16b39377984f3d5658cda44950fa0f8fc

SHA512
e52e0aa7fe3f79e36330c455d944653d449ba05b2f9abee0914a0910c3452cfa679a40441f9ac696b3ccf9445cbb85095747e86153402fc362bb30ac08249a63

Download Submit
memory/1548-86-0x0000000000400000-0x0000000000713000-memory.dmp

Filesize
3.1MB

Download
memory/1548-6-0x0000000002810000-0x0000000002811000-memory.dmp

Filesize
4KB

Download
memory/1548-15-0x0000000002810000-0x0000000002811000-memory.dmp

Filesize
4KB

Download
memory/1548-12-0x0000000000400000-0x0000000000713000-memory.dmp

Filesize
3.1MB

Download
memory/1548-31-0x0000000000400000-0x0000000000713000-memory.dmp

Filesize
3.1MB

Download
memory/4772-215-0x000002BB63D60000-0x000002BB63D70000-memory.dmp

Filesize
64KB

Download
memory/4772-212-0x000002BB63D60000-0x000002BB63D70000-memory.dmp

Filesize
64KB

Download
memory/4772-211-0x00007FFD49930000-0x00007FFD4A3F1000-memory.dmp

Filesize
10.8MB

Download
memory/4772-216-0x000002BB673A0000-0x000002BB673C2000-memory.dmp

Filesize
136KB

Download
memory/4772-217-0x000002BB63D60000-0x000002BB63D70000-memory.dmp

Filesize
64KB

Download
memory/4772-218-0x00007FFD49930000-0x00007FFD4A3F1000-memory.dmp

Filesize
10.8MB

Download
memory/4848-1-0x0000000000400000-0x00000000004D8000-memory.dmp

Filesize
864KB

Download
memory/4848-88-0x0000000000400000-0x00000000004D8000-memory.dmp

Filesize
864KB

Download
memory/4848-11-0x0000000000400000-0x00000000004D8000-memory.dmp

Filesize
864KB

Download
memory/4872-98-0x0000020F19A80000-0x0000020F19A86000-memory.dmp

Filesize
24KB

Download
memory/4872-210-0x00007FFD49930000-0x00007FFD4A3F1000-memory.dmp

Filesize
10.8MB

Download
memory/4872-97-0x0000020F33B30000-0x0000020F33BA0000-memory.dmp

Filesize
448KB

Download
memory/4872-95-0x0000020F33BA0000-0x0000020F33BB0000-memory.dmp

Filesize
64KB

Download
memory/4872-94-0x0000020F33BC0000-0x0000020F33DF0000-memory.dmp

Filesize
2.2MB

Download
memory/4872-83-0x00007FFD49930000-0x00007FFD4A3F1000-memory.dmp

Filesize
10.8MB

Download
memory/4872-82-0x0000020F19190000-0x0000020F196B6000-memory.dmp

Filesize
5.1MB

Download