e760bf30eaf149235f2709475d5bf3251b97fbd363c5b03a4041a7373a004f9f

Analysis

max time kernel
140s
max time network
128s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
10/08/2024, 20:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

kok.exe
Size

37.6MB
MD5

d3256eb5c7eecb0bb52fbf0ff48456ed
SHA1

e65e7682a5cc1964b6c6934826b992ca52755c0b
SHA256

e760bf30eaf149235f2709475d5bf3251b97fbd363c5b03a4041a7373a004f9f
SHA512

69e53693b3d60a42c5bf48186f03fe9c9c52523dcec38d6319f2cc6b54138aa81c07500ac5ab9779f7ff64446571bda86ca2c4daaa13832051affa5ea2f46016
SSDEEP

786432:M8j+F5XKXAq3xtR5ejbJGO0NT+AtO2wYOBAh2DYthBxgU3mN2joU4LCV8K:DjSdKDxtR5lO0J+AtwsQqgUCI8K

Score

10^/10

discovery evasion execution persistence ransomware trojan

Malware Config

Signatures

Disables service(s) 3 TTPs
evasion execution

Windows Service
T1543.003

Service Stop
T1489

Service Execution
T1569.002

Modifies Windows Defender Real-time Protection settings 3 TTPs 2 IoCs

evasion trojan

Modify Registry

T1112

Windows Service

T1543.003

Disable or Modify Tools

T1562.001

description	ioc	Process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableRealtimeMonitoring = "1"	MyApp.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection	MyApp.exe

Stops running service(s) 4 TTPs
evasion execution

Windows Service
T1543.003

Impair Defenses
T1562

Service Stop
T1489

Service Execution
T1569.002

Checks computer location settings 2 TTPs 3 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000\Control Panel\International\Geo\Nation	cmd.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000\Control Panel\International\Geo\Nation	cmd.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000\Control Panel\International\Geo\Nation	cmd.exe

Deletes itself 1 IoCs

pid	Process
5008	MyApp.exe

Drops startup file 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tweaker.lnk	MyApp.exe

Executes dropped EXE 2 IoCs

pid	Process
448	kok.tmp
5008	MyApp.exe

Loads dropped DLL 3 IoCs

pid	Process
5008	MyApp.exe
5008	MyApp.exe
5008	MyApp.exe

Modifies system executable filetype association 2 TTPs 1 IoCs

persistence

Modify Registry

T1112

Change Default File Association

T1546.001

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000_Classes\lnkfile\IsShortcut	MyApp.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

Using powershell.exe command.

execution

PowerShell

T1059.001

pid	Process
2528	powershell.exe

Enumerates connected drives 3 TTPs 1 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\F:	MyApp.exe

Power Settings 1 TTPs 1 IoCs

powercfg controls all configurable power system settings on a Windows system and can be abused to prevent an infected host from locking or shutting down.

persistence

Power Settings

T1653

pid	Process
3188	powercfg.exe

Sets desktop wallpaper using registry 2 TTPs 1 IoCs

ransomware

Defacement

T1491

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\AppData\\Roaming\\Tweaker\\Tweaker\\Assets\\wallpaper3.png"	MyApp.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File created	C:\Windows\Prefetch\ReadyBoot\n444tquy.otb	MyApp.exe

Launches sc.exe 2 IoCs

Sc.exe is a Windows utlilty to control services on the system.

pid	Process
2516	sc.exe
4216	sc.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	kok.tmp
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	kok.exe

Modifies registry class 4 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000_Classes\Local Settings	cmd.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000_Classes\lnkfile\IsShortcut	MyApp.exe
Key created	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000_Classes\Local Settings	cmd.exe
Key created	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000_Classes\Local Settings	cmd.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
448	kok.tmp
448	kok.tmp
2528	powershell.exe
2528	powershell.exe
2528	powershell.exe
5008	MyApp.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeDebugPrivilege	2528	powershell.exe
Token: SeDebugPrivilege	5008	MyApp.exe
Token: SeShutdownPrivilege	3188	powercfg.exe
Token: SeCreatePagefilePrivilege	3188	powercfg.exe

Suspicious use of FindShellTrayWindow 3 IoCs

pid	Process
448	kok.tmp
5008	MyApp.exe
5008	MyApp.exe

Suspicious use of SendNotifyMessage 1 IoCs

pid	Process
5008	MyApp.exe

Suspicious use of WriteProcessMemory 33 IoCs

description	pid	Process	procid_target
PID 4048 wrote to memory of 448	4048	kok.exe	94
PID 4048 wrote to memory of 448	4048	kok.exe	94
PID 4048 wrote to memory of 448	4048	kok.exe	94
PID 448 wrote to memory of 5008	448	kok.tmp	108
PID 448 wrote to memory of 5008	448	kok.tmp	108
PID 5008 wrote to memory of 2528	5008	MyApp.exe	110
PID 5008 wrote to memory of 2528	5008	MyApp.exe	110
PID 5008 wrote to memory of 4048	5008	MyApp.exe	112
PID 5008 wrote to memory of 4048	5008	MyApp.exe	112
PID 5008 wrote to memory of 2464	5008	MyApp.exe	114
PID 5008 wrote to memory of 2464	5008	MyApp.exe	114
PID 5008 wrote to memory of 4956	5008	MyApp.exe	116
PID 5008 wrote to memory of 4956	5008	MyApp.exe	116
PID 5008 wrote to memory of 4060	5008	MyApp.exe	118
PID 5008 wrote to memory of 4060	5008	MyApp.exe	118
PID 5008 wrote to memory of 2516	5008	MyApp.exe	120
PID 5008 wrote to memory of 2516	5008	MyApp.exe	120
PID 5008 wrote to memory of 4216	5008	MyApp.exe	122
PID 5008 wrote to memory of 4216	5008	MyApp.exe	122
PID 5008 wrote to memory of 4020	5008	MyApp.exe	126
PID 5008 wrote to memory of 4020	5008	MyApp.exe	126
PID 4020 wrote to memory of 860	4020	cmd.exe	128
PID 4020 wrote to memory of 860	4020	cmd.exe	128
PID 5008 wrote to memory of 2880	5008	MyApp.exe	134
PID 5008 wrote to memory of 2880	5008	MyApp.exe	134
PID 2880 wrote to memory of 556	2880	cmd.exe	136
PID 2880 wrote to memory of 556	2880	cmd.exe	136
PID 5008 wrote to memory of 1492	5008	MyApp.exe	140
PID 5008 wrote to memory of 1492	5008	MyApp.exe	140
PID 1492 wrote to memory of 4272	1492	cmd.exe	142
PID 1492 wrote to memory of 4272	1492	cmd.exe	142
PID 5008 wrote to memory of 3188	5008	MyApp.exe	144
PID 5008 wrote to memory of 3188	5008	MyApp.exe	144

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\kok.exe
"C:\Users\Admin\AppData\Local\Temp\kok.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:4048
- C:\Users\Admin\AppData\Local\Temp\is-IB7B2.tmp\kok.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-IB7B2.tmp\kok.tmp" /SL5="$C0058,38426029,797184,C:\Users\Admin\AppData\Local\Temp\kok.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of WriteProcessMemory
  PID:448
- - C:\Users\Admin\AppData\Roaming\Tweaker\Tweaker\MyApp.exe
    "C:\Users\Admin\AppData\Roaming\Tweaker\Tweaker\MyApp.exe"
    3⤵
    - Modifies Windows Defender Real-time Protection settings
    - Deletes itself
    - Drops startup file
    - Executes dropped EXE
    - Loads dropped DLL
    - Modifies system executable filetype association
    - Enumerates connected drives
    - Sets desktop wallpaper using registry
    - Drops file in Windows directory
    - Modifies registry class
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of WriteProcessMemory
    PID:5008
  - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      "powershell" Set-ItemProperty -Path 'HKLM:\SOFTWARE\Policies\Microsoft\Windows\Windows Search' -Name 'AllowCortana' -Value 0 -Type DWord
      4⤵
      Command and Scripting Interpreter: PowerShell
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      PID:2528
  - - C:\Windows\SYSTEM32\schtasks.exe
      "schtasks" /Change /TN "Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance" /Disable
      4⤵
      PID:4048
  - - C:\Windows\SYSTEM32\schtasks.exe
      "schtasks" /Change /TN "Microsoft\Windows\Windows Defender\Windows Defender Cleanup" /Disable
      4⤵
      PID:2464
  - - C:\Windows\SYSTEM32\schtasks.exe
      "schtasks" /Change /TN "Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan" /Disable
      4⤵
      PID:4956
  - - C:\Windows\SYSTEM32\schtasks.exe
      "schtasks" /Change /TN "Microsoft\Windows\Windows Defender\Windows Defender Verification" /Disable
      4⤵
      PID:4060
  - - C:\Windows\SYSTEM32\sc.exe
      "sc" stop WinDefend
      4⤵
      Launches sc.exe
      PID:2516
  - - C:\Windows\SYSTEM32\sc.exe
      "sc" config WinDefend start= disabled
      4⤵
      Launches sc.exe
      PID:4216
  - - C:\Windows\SYSTEM32\cmd.exe
      "cmd.exe" /c slmgr.vbs /ipk W269N-WFGWX-YVC9B-4J6C9-T83GX
      4⤵
      Checks computer location settings
      Modifies registry class
      Suspicious use of WriteProcessMemory
      PID:4020
    - - C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Windows\system32\slmgr.vbs" /ipk W269N-WFGWX-YVC9B-4J6C9-T83GX
        5⤵
        
        PID:860
  - - C:\Windows\SYSTEM32\cmd.exe
      "cmd.exe" /c slmgr /skms kms8.msguides.com
      4⤵
      Checks computer location settings
      Modifies registry class
      Suspicious use of WriteProcessMemory
      PID:2880
    - - C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Windows\system32\slmgr.vbs" /skms kms8.msguides.com
        5⤵
        
        PID:556
  - - C:\Windows\SYSTEM32\cmd.exe
      "cmd.exe" /c slmgr /ato
      4⤵
      Checks computer location settings
      Modifies registry class
      Suspicious use of WriteProcessMemory
      PID:1492
    - - C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Windows\system32\slmgr.vbs" /ato
        5⤵
        
        PID:4272
  - - C:\Windows\SYSTEM32\powercfg.exe
      "powercfg" /s 8c5e7fda-e8bf-4a96-9a85-a6e23a8c635c
      4⤵
      Power Settings
      Suspicious use of AdjustPrivilegeToken
      PID:3188

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4132,i,13995403245988825027,7033610968827661507,262144 --variations-seed-version --mojo-platform-channel-handle=4216 /prefetch:8
1⤵
PID:3880

C:\Windows\system32\WerFault.exe
"C:\Windows\system32\WerFault.exe" -k -l WATCHDOG WATCHDOG-20240810-2100.dmp
1⤵
PID:4912

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

System Services

T1569

Service Execution

T1569.002

Persistence

Create or Modify System Process

T1543

Windows Service

T1543.003

Event Triggered Execution

T1546

Change Default File Association

T1546.001

Power Settings

T1653

Privilege Escalation

Create or Modify System Process

T1543

Windows Service

T1543.003

Event Triggered Execution

T1546

Change Default File Association

T1546.001

Defense Evasion

Impair Defenses

T1562

Disable or Modify Tools

T1562.001

Modify Registry

T1112

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Defacement

T1491

Service Stop

T1489

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_xp4pceur.nea.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-IB7B2.tmp\kok.tmp

Filesize
3.1MB

MD5
541784bf0485ef25907b525f71e70e45

SHA1
2bdba2f302cf368dbca01d51d216655a63019e7b

SHA256
2b7c3ef1f2786ed89b69eaa9a0e14f38d88914e588faeb17e161eeaf9f76e1b5

SHA512
b4c256aaa7ee0ab6617abae58fa4d606c8a5044d863c807cc232fa4c514178af3343c7bd3fb18dde215908f4e15a1bd6520d3a7fc621884cfe31b10d530de683

Download Submit
C:\Users\Admin\AppData\Roaming\Tweaker\Tweaker\Assets\batteryicon.png

Filesize
4KB

MD5
cabd692c9c9ba4c27e5556afabe6b89c

SHA1
901316cb717983d48d8537fa27e47b94b96d53d5

SHA256
25b5253eb7756fd81af24a88de573291b2fe849790277c15dc02679f18c3da6a

SHA512
74cbfa5c388e8569d96c9210621a80d8672352c4968cabc2990189d54583e8c9cdbb9f6094d01eac3c1f503eee50602ab9197bd48d489e2e9013aa116501a465

Download Submit
C:\Users\Admin\AppData\Roaming\Tweaker\Tweaker\Assets\braveicon.png

Filesize
15KB

MD5
bd3b1dabe3230b5951aaef2d4c16835e

SHA1
05daa8b22da6921d0826472f5f8db86a24d1c601

SHA256
95449d10fdf5ec12475f5ef578ebdee766684af27fe1467a1a22faebb26a26fd

SHA512
481ae08d838a394b05ced8c51fed43312bb14dd9f5ba2a064f10da5b1468fa044a89cc0dcccc6fc34af9cc6e391d7c7a5e7a37be79f1bf28852468b19034e789

Download Submit
C:\Users\Admin\AppData\Roaming\Tweaker\Tweaker\Assets\cleanicon.png

Filesize
13KB

MD5
d865a69b8a2ccc4a56614fcc8cef5222

SHA1
09831beca207b1a99f181b1d58068e5665a2564f

SHA256
c5fa47898a1517c87141a82631c3260db5d9ff2f0671da4df00331950d9f06a9

SHA512
de063f513c142c48a23f7885cab80971e0bdf1d605847690c6036a63d1431fef21e21ffb3a875ba3b37c24a5afe308189f310229759f79570c504b30a2c5dc3d

Download Submit
C:\Users\Admin\AppData\Roaming\Tweaker\Tweaker\Assets\cortanaicon.png

Filesize
9KB

MD5
db388ddf0c4e942749867fef7153f89b

SHA1
c58ec3875dc93e49c59f833e48416a1a4cf45223

SHA256
5f4ea0becc9d8f7334f5a5c271308bd0f692514952e72f1ff3550a10487f3599

SHA512
0bd1b28cb53ca90c6cc0db3a567127ee8e1b0a8105287b04bbbeb32c88064c05dc4944b8ced1641eb6e70d7a3d067bed45b50161a8d5c1f324542fe1a454b82b

Download Submit
C:\Users\Admin\AppData\Roaming\Tweaker\Tweaker\Assets\discordicon.png

Filesize
13KB

MD5
7e0bddde2ac58210c46919483cba7850

SHA1
d2c02aeca464f014bf32a72a32caa7a120a03716

SHA256
ac6a5bf9bf5ed3cdd0abe03f89a5f36455ecec735f34d49f9f635938e9ec4249

SHA512
4d209e58a5a824addf5e28363af8415a20efe8e7a4b708b74c55ebcae34574c8d95b53d7ae208e54b64d9493b5237bc55e87ee96c47e7eae637d73d51a89d895

Download Submit
C:\Users\Admin\AppData\Roaming\Tweaker\Tweaker\Assets\edgeicon.png

Filesize
140KB

MD5
3000b87e6168daf1116c4c1481683d3a

SHA1
f24c6e71a76daaaf64958acfbab5d09e3d69fb1a

SHA256
ecbf95e109932ed8be7d6e4c65e718fd39a22a76d6e32063047d059b0b1eea89

SHA512
1ea39e1031e088c3d89ee705ec4f6786dcdc776a2b85be0307d08e271e0c17414fa0869831ccd4edf78cf4fd46ef355e6335022e87afdea7e56e271179fea426

Download Submit
C:\Users\Admin\AppData\Roaming\Tweaker\Tweaker\Assets\gamebaricon.png

Filesize
80KB

MD5
8afa679f11f901f15a2c4645770ed891

SHA1
447ba97d92e51c67bcb388768ba84c1ebdf0ea2c

SHA256
df95615970513dc860a000084da7951cfc1b62f657942da9bf2618d715a16185

SHA512
ae7da837b539acc00d253002b9191b2d29b13c67c41dbd0658181d40bed7ab4fd2f2f7bd9b35f093443170a77071e9611ecdaab9d0a620a7a7a535463e882e65

Download Submit
C:\Users\Admin\AppData\Roaming\Tweaker\Tweaker\Assets\githubicon.png

Filesize
27KB

MD5
38650efb62f23c00cd55a8cdb0a2c51a

SHA1
5437e4876b0975e664afb1477781ef10dd880255

SHA256
40e0636fd3be176a850e084d45c488e8a50c41aae4e1350e6459d5192e2d870f

SHA512
74a55411629d30cc516c5f9c9596b7073bb8c3c50679d248fd045308858eec09784d5341b29bfe164bdb984ba71a0bd5e9f4d308a1fabb2730b0ee0452ef9a27

Download Submit
C:\Users\Admin\AppData\Roaming\Tweaker\Tweaker\Assets\icon1.png

Filesize
3KB

MD5
78a9b1add1a437fb2572c6941bfec406

SHA1
d15ce4b4c230ef93ef5de4a56e2b976d5b4dd223

SHA256
06e0b099560ff5626560c2272b5d971fc5011c3c18f78e9270daaab49a3276a6

SHA512
c5ea0cd9f2f9b506a78d428608ec3423cb5fb8a477e5d3e2cd39589faae74cc95716afd7c2cb348cfb8df76f784179c9cd0300032d6b8a47efabb3359356d0fc

Download Submit
C:\Users\Admin\AppData\Roaming\Tweaker\Tweaker\Assets\javaicon.png

Filesize
26KB

MD5
6daad85e48a3af588e11b6fbafdba011

SHA1
43ccea762a46dd7fb8c2e19780aea7be8e67f918

SHA256
70e85afe58d267f9ab9793e2349bea800c3933433350a579a70af68104bf89ea

SHA512
62ea5030431f3fa4a17c168158048f61765c05dd56f656d0125b8e2f07969911d3a65e1d1eb32197314ea0398a9122b3e1e37d727c204050903228f321e26601

Download Submit
C:\Users\Admin\AppData\Roaming\Tweaker\Tweaker\Assets\jsicon.png

Filesize
10KB

MD5
13353068113602cfcad0474aa1c22cbf

SHA1
129e92aa1f91d0688ecd452b867e22534f05e8d1

SHA256
9d9c78d580a2a1aec0a27ece94d5c842863ccaf91d52cd60d73559843c804059

SHA512
d3a4a88ce6b81f1ef47822bc874f7511994aab2a0cab97572ebdd488e42da6a2d32e6f9d99f7ed9df61e4072e1b7b1cb1628b580f706972a45dca602872ef7bb

Download Submit
C:\Users\Admin\AppData\Roaming\Tweaker\Tweaker\Assets\nvidiaicon.png

Filesize
18KB

MD5
a19076faf89ec4e58eb44b4fa9707e58

SHA1
967ad957b8de1901828c2a5f3f9d9cdac6780d30

SHA256
6021e9d0f151d49f45ed18c03372fe5cd5a02a609a9e578bb22fd984ab6f6477

SHA512
fb153e82f44adc4263e6d7be4ab54ee161f0de804cbf1a5d107452f4585fbc05e1c608d7530f1f4d72baa69e1e018bcc7a34334ff90453e1c89782a87dbd681c

Download Submit
C:\Users\Admin\AppData\Roaming\Tweaker\Tweaker\Assets\pythonicon.png

Filesize
11KB

MD5
182e98238de8c18dd7974a6cb32a13c2

SHA1
0a1a42211e39730b3be57f85303384b166e221d3

SHA256
e542bc7c3be55a89fd214893cd78f3e8b1277882dc599ecebbca9848fa7e6027

SHA512
721115b10925ed6e089b22bdbb4893ac9c535f44cb822ca5edac1b14824821c65db09296544751efa67b45c10f6f9ca9648b7f699d2aa756e3587cf0284922ab

Download Submit
C:\Users\Admin\AppData\Roaming\Tweaker\Tweaker\Assets\restarticon.png

Filesize
15KB

MD5
c560823f8d4795781b3297d9541e61db

SHA1
77c3025edf6d99e14ce5531336b33d09f39dfe24

SHA256
c20aaeb7a09200323856244d97c88dc32a9c0afb9a13065d549a3bdc7f5fc9fa

SHA512
eceac9d27eb7aa5a295b3b358bdd9cc8b69d2ccd0832497883d0d49afcb678819838fff3a855c45f50385b59a9a5dacc34298a4efe548d6a82ff4b571380e67f

Download Submit
C:\Users\Admin\AppData\Roaming\Tweaker\Tweaker\Assets\shieldicon.png

Filesize
8KB

MD5
e9ab7b801b922abb2f3b8d0caef7b8f2

SHA1
7c6e8c215563dc89b416656d373e4aa309b2fffe

SHA256
40b95514f6305f916d928d6e40e2318a6ba68fdab0e83fee24418fe5ab177398

SHA512
54153f8e822e04e01faf0e2150e2e6971e79ff91c157c3823769253b68adbea59de9bf6fb80150bd5e77873a38fed1877cf756dad08640f66fbbe891c1b358c7

Download Submit
C:\Users\Admin\AppData\Roaming\Tweaker\Tweaker\Assets\shortcuticon.png

Filesize
13KB

MD5
31cf2d860276307907a89940ddf79156

SHA1
040ba515428b7f56b03325781bd7e2a68c0fb996

SHA256
35b380cab02aaf454a592c41ab616449303c410639f76c69f6e1619a81609ddf

SHA512
c4857d7752ee397bc1d27cbd0166bbdd7dab9e8e0d2712609b129517855deec7a0aa43e6008b647b3b4e62e5f6f13613aa977c9f108044d460bca22f2673adc4

Download Submit
C:\Users\Admin\AppData\Roaming\Tweaker\Tweaker\Assets\spotifyicon.png

Filesize
21KB

MD5
f7c70458f57a93e073745f9f48d29612

SHA1
775509da6fc1b3cdf29a6e461534c235154fdb9d

SHA256
1c5567fea65017efca1921f335c39d206e5b75701586dffc4b34905f9c975ff0

SHA512
28d4d3d4fec84d35840f7e1b424bbd78a86dbcc269e6352d196a72ee6dbe4bfe2426a5f7971317663c63903261c50fc9e4114478c5518e21678875a08714d390

Download Submit
C:\Users\Admin\AppData\Roaming\Tweaker\Tweaker\Assets\steamicon.png

Filesize
55KB

MD5
250410aa1c70f4fe49010a8939eee4eb

SHA1
61db0262624ab4aeb057a9bda79142176eb9d158

SHA256
07ee44a399b4fe006f009ff764534a1141d829e46227be7444a6816b8ae231c8

SHA512
a2a95704eece83479587e719fefd2446eb5ce1ed6a03bb8857b1a84022a026d07fad24d7dd9e481fe2c9dbf97910e94f3d1b9cca11e7dc9026c5f4411e3f7e24

Download Submit
C:\Users\Admin\AppData\Roaming\Tweaker\Tweaker\Assets\wallpaper1.png

Filesize
395KB

MD5
62a15069f441ea0b287c06a32e20d830

SHA1
3220b04a890984d326c7488551652abb6d25830e

SHA256
87389b6d2e4eb544b488d00436968d6ed2ba73b80f97ceb24223a3b6964c3531

SHA512
cfb341dadc40a88c64c3ac0be1539bd751694ac2363a1bf5dce32f83eb3f77b12b28ef1ec741219fcaf9ae84087ba33dc985a96b4854030d567e3e56c3c7ed74

Download Submit
C:\Users\Admin\AppData\Roaming\Tweaker\Tweaker\Assets\wallpaper2.png

Filesize
354KB

MD5
569404403d8830e74333c91eb76739cb

SHA1
97adfe87dc9e4a113a3ca327637d8e36183fa416

SHA256
d901657339a4b956e5fe45a7dae344f604c23dacc179a397510efe58916fe9fc

SHA512
eedea161268d9e33557c6c247955e9393f0f5eb9d6b548da75b40b03b0789d38a6b0287ed4e0355103a696cad0633432a4d1eed3c9e0972b592a615de753c5ae

Download Submit
C:\Users\Admin\AppData\Roaming\Tweaker\Tweaker\Assets\wallpaper3.png

Filesize
779KB

MD5
9e6fe45289bb4072cab4ef6ca7aabc23

SHA1
b7d844f3d833c4ece30de0d4eabe7afd97661e64

SHA256
345f1aa4a315ee5440867a71e64c330aef1ee6c99305334be5b5fbabe64eb514

SHA512
a964b0b6e375dcead85ae7e1559263a28059cd35948ce669a9f88f779ee59150cc181b77bcc6b243d4d9931256b4410ddb9453afefc0351fc5d289543c6b1a59

Download Submit
C:\Users\Admin\AppData\Roaming\Tweaker\Tweaker\Assets\wallpaper4.png

Filesize
700KB

MD5
06b1b14fdb77f24ad39b342c45f18755

SHA1
cdc2a740e981aefd1eba1091d7ce6e812397bc9e

SHA256
65d63550cd9acfe80975d710b1ed809dcc3a10f2c7d71e04168269ba95a5407c

SHA512
a077ceb8779c439a3402778befdca1614d0fd7636bfc9bca0b575ce04427127e79a755115d556bb46364d2a755e62132d5570ecb004b4392015a3d6584faa26f

Download Submit
C:\Users\Admin\AppData\Roaming\Tweaker\Tweaker\Assets\windowsicon.png

Filesize
5KB

MD5
465ab6c43ec2c2ff3feb647d1961336e

SHA1
9d582b675c61cb4ca322b2641cd1a627f56e0f30

SHA256
6a542165dc5ad07ae4012761a46807c072ddec5115320fe359a340cf4420b06d

SHA512
e96b8889ec9bfe01871a6e8c15f1737d0aa6a914adc813691e0257bdfdb52c08825cceddb0217b91e3153ac9691dce1bc8259c36fbc9965b1ba8c45bcd317460

Download Submit
C:\Users\Admin\AppData\Roaming\Tweaker\Tweaker\Avalonia.Base.dll

Filesize
1.8MB

MD5
ca494ca98c0d67a8e16576a1fa020393

SHA1
28cf6e64226d88de7bdc915900cbf3efa46663f9

SHA256
aafdf253dd7c661b800f03c8b04d2ef30429a95b5cea8c1415b4831f61c78167

SHA512
1529cf2a0a37545bc70a9eab4eb6717836020d8fece7f6215cbd0a576dcb24a9a08cf5447e36cdeab51f907999b5857f26865fa32be9904d6d0eb1b37b8ad655

Download Submit
C:\Users\Admin\AppData\Roaming\Tweaker\Tweaker\Avalonia.Controls.dll

Filesize
995KB

MD5
a944d1f2c50975bf5d38de9fe7d5487e

SHA1
5747e181776f69689001f8754fbbbbb509d242fc

SHA256
9499add440f2dc3b1f88483e4afc77daf9dde042ccb12cc02ecdddd650b077dd

SHA512
64bb4bb014c1d6c85c2ea834977a1864361fc0c1965b0f8a52a137feb70086460f84ff72b6a7e26e63f4dd015786c329a95a0b9dac52979359dab405a394e103

Download Submit
C:\Users\Admin\AppData\Roaming\Tweaker\Tweaker\Avalonia.Desktop.dll

Filesize
14KB

MD5
a5ae17f4793edade477ca23450946f2e

SHA1
9f966ad2476731e4e5c948d90719b717fe47c02b

SHA256
4f38a8cf2a30406ddd8d19fae4cea8e09e1230cb824f6f0886e92ea545453a5f

SHA512
db9a3ed2a6e7212451917c41dc50e602b0c2ae0a88577ee34547288e6f22889ef44506f01658efc7f543b445c339fc7cd847f5562eea2c19667f8743d9a1414b

Download Submit
C:\Users\Admin\AppData\Roaming\Tweaker\Tweaker\Avalonia.Dialogs.dll

Filesize
236KB

MD5
cc1aef3c66b04a90ac458a0f9f0e6c32

SHA1
2c1c82f7bee7ea6532b02dafa94c0944f6c22fcb

SHA256
4ae24341b4e35d8468e150ee479f2fbb5364b0df7b820f554667d2cbe5daea9e

SHA512
1a2720bda531a4937ac8c4fc3864fe43e204ec87f2e0cea5735f491f15b98d10fd65d9e6bfe6f3a1f1aa7cdc2f23bd5baa3b0d0e8b81be87fb8a6a5bc0e03e65

Download Submit
C:\Users\Admin\AppData\Roaming\Tweaker\Tweaker\Avalonia.Fonts.Inter.dll

Filesize
2.1MB

MD5
7014b4c461a068fb6de41c90f4174ca0

SHA1
6147c37cf80ffd29373b7a93339d2620665a71f0

SHA256
8bdc27bbf7eceff1f5600a45789ba2c49eefbf93b4d5973465726f8904c15edd

SHA512
cedde9c82fe9881b6b684932b75e765c554cf740676c5f9b38a456bc90e36ff4ea6954e3ddab6e22c73282e4b5b26b73fe75730bdd7c3fb6e25b44edded1fab6

Download Submit
C:\Users\Admin\AppData\Roaming\Tweaker\Tweaker\Avalonia.Markup.Xaml.dll

Filesize
81KB

MD5
40c9578ac00a7bf634b2132624895f15

SHA1
f79bfa0e4771527e6cf845dbca59a23d54006aaa

SHA256
5b935ac5c972d3c26348c9329f6badb75621c79c759a8578b7fe2e9ce704ffb2

SHA512
a9cdb4908a48f4551fab368bde47695b6b352aa001274a2de117ed011aa37f6f98b6e1495e31040d64a6df49b2cbfef2a10eb6249a256c9ea6c2592b84b88848

Download Submit
C:\Users\Admin\AppData\Roaming\Tweaker\Tweaker\Avalonia.Markup.dll

Filesize
59KB

MD5
37639ddf4712a3457d23895c0d3febd6

SHA1
4836070fb85401429a267792cc882c0ae9102c03

SHA256
23cd6af63a36b53436e6df448ff0cc1926afcc09dcf72d3f9bac0ed11eddf1ff

SHA512
cf567f2d208399ac8f934e6ee4b45f058f0946eb241233a3592e490bdea31918ecaee4d955937d8c7a8ad94ed1a1bbc837b3ec76a7b87bb7f2a739f4d1eda495

Download Submit
C:\Users\Admin\AppData\Roaming\Tweaker\Tweaker\Avalonia.Metal.dll

Filesize
13KB

MD5
d8e9e73542ccd3ffde1b9266a35560e7

SHA1
a2bfdb390dd10da12e071ea4888492f4c441d18c

SHA256
75625f192caa1a950efe33e674629c7fd57a5d9fd1741eda612a654e31aaefb5

SHA512
b658fbeed4362a782f34676b9dfcc999c97d94ac2ebe173aa8ba55903f647899093628c3b2d63dae47ab0fcd0773fa246ccd2c07acadeeb95e1e61266f9dbb3d

Download Submit
C:\Users\Admin\AppData\Roaming\Tweaker\Tweaker\Avalonia.MicroCom.dll

Filesize
15KB

MD5
8feb43a4cfe450ff5f3396d62d24c12e

SHA1
277d2b776d25fe39ef3a495b60ae4f412e57b69d

SHA256
084f28facb16959d8e56bf09578743623e79347a6eea1d903492d751dacbeb1a

SHA512
3804267cfdf4a49d4647f6e8ca3737184531968461fcf5f655e0669b16e8e1069f3860e9ce8c22aa70ac7af2284cd2cd4f3b9cc4a88717094a48b59aa9f607ad

Download Submit
C:\Users\Admin\AppData\Roaming\Tweaker\Tweaker\Avalonia.OpenGL.dll

Filesize
92KB

MD5
7a512607db428ad691410f5be3d3511f

SHA1
4ccc84e14343e94056c2150f58cb9e4b8cb718f4

SHA256
aaf32e08c97f8ddea07d1344b1934e4afae460586ac7cc49b84c1297ed07b7e1

SHA512
5f8d7237f061013ee9d3bf75d8861a5b03aa6f25d3751eccf608c977defe2eefe93570f784ca5790a5bd4bcece74444e69f53e8285dbc19c257de6274f5a7849

Download Submit
C:\Users\Admin\AppData\Roaming\Tweaker\Tweaker\Avalonia.Skia.dll

Filesize
119KB

MD5
46e2b536bb4f3cf98524dbc56f5c6bda

SHA1
18dab3e89352538704c47f9bfdaf9b4864e38919

SHA256
c62c9456383f721c81669a3022f5bb3ac38dab88f0028247135ced9a7aa11995

SHA512
c8989665fca928e3935df9f4bcf7c616467a670aa165953beb1e1c9ec0b829c3c283e79fb9d72a26258ccc2cd491621350fe45111ad4826b94067d8003aa991c

Download Submit
C:\Users\Admin\AppData\Roaming\Tweaker\Tweaker\Avalonia.Themes.Fluent.dll

Filesize
556KB

MD5
8a6714949ddf49d7f8e3fe94e12a8a98

SHA1
749addb5a97cd26eedb8ac6c4c0f09b8e26dcb8c

SHA256
9a6760629ad0e8f84a9a91dde0d926b89efa0681d7e772396ebd0bf4c3ef62c2

SHA512
da6ffa133782fd9703cdb19df8717f4bb126b54e0967b06c5a22435c4986b92055a3c9b1bcf72b20e44472c32b3a66e2127eea86fe8f5c87589adce025e69153

Download Submit
C:\Users\Admin\AppData\Roaming\Tweaker\Tweaker\Avalonia.Vulkan.dll

Filesize
171KB

MD5
e991e9f8202c55ac96ff1f11dde10aaa

SHA1
c9fca9daa9cfe3aefd0b67463e77e47dd780a59d

SHA256
43df8c05f83cc30dd435ce19ac6204461ccbb21f88bd5feb18cf8a14509fb4e9

SHA512
060ee2a5e07e93e83617780fbb69ca213edbb0ddde044db9a0f0b732aecd28388bc8986669651e8a4d828e2ddfbd5dfcc4a1bf0e55357c45b0e025832f10bbcf

Download Submit
C:\Users\Admin\AppData\Roaming\Tweaker\Tweaker\Avalonia.Win32.dll

Filesize
697KB

MD5
6c3ffd827104194378dd274563e4a569

SHA1
79388aef2d2bd5d163ae53380f417b062791961b

SHA256
978cee1eafb1cca27db839c17f7f71acfcc3bc0459154e5d9b585daaa8abbbc9

SHA512
1cce9a2c69c3ba24cc83c7c05eaad3423a3625e2743fc4997c5467bbca1dc3d19ace1e6a9e92a9f45445a54f5ce9b98a3bf5d99f319b8b49cee8e8a04901db3d

Download Submit
C:\Users\Admin\AppData\Roaming\Tweaker\Tweaker\HarfBuzzSharp.dll

Filesize
114KB

MD5
d56c39f3de97bab91c3c459e0ae788e1

SHA1
6f55fdfd7fbc739b0ef06e4ed36ab425a20f36c1

SHA256
1ecdd2cef4870292a652e9584e5dae98842f5a7ba8b26dfe6bdcd4cf353d223a

SHA512
8d0dd5a63837a15d5fb22e7043c7fd21814747d354e7f5256b99d15fc2125e1a77a9bf59789126eaf44f7defe397ae890eb1c910cb54d94642a6dd12b7bb2648

Download Submit
C:\Users\Admin\AppData\Roaming\Tweaker\Tweaker\MicroCom.Runtime.dll

Filesize
14KB

MD5
c27b01d179ab856b42e910496fe749f9

SHA1
448412817480d6e20ae7eb2ff9250c69ed4ebece

SHA256
59839e18e46b06ab23b633944ae3c3b552a300c5da389da870dfa980bcef93c1

SHA512
30416fd4bf5554e6b575aff59787ae1078bafa529c36cbe51b05026691851a0824ab648d4d4d2ca4bd26ddab680eba95595e9cd80ee63230abffce799b36dabe

Download Submit
C:\Users\Admin\AppData\Roaming\Tweaker\Tweaker\MyApp.deps.json

Filesize
21KB

MD5
b5bf37a881dba46d650e266fc382da97

SHA1
0c35479e23d074fcd9b4c5423ed9a9e418a767d8

SHA256
78e6f561abd40748087f07c54d34ab531be7855009b9ed0d02077a2ea1059549

SHA512
819b108d372ad6324533e3ae8e5879a3397bd1f0c2c8ef94d05dd5d0b0156268b9db5620e95cdd002e7014fb6f5a5ad26e538067434e701ce0bc8fd4f4809f27

Download Submit
C:\Users\Admin\AppData\Roaming\Tweaker\Tweaker\MyApp.dll

Filesize
472KB

MD5
b212f96e604f8622683c26fd6ef768ff

SHA1
f0f8bacb75cfdd60f510e27e4431e1a0473752cb

SHA256
3f7f7b472d2c6d78fbd4e725526c942720c112e3bb625cb2913d903b59da0d2a

SHA512
e39d48e21abf8f8e2f5fb53cd206067cfbd2e048cf7a76b7a7273c7744da4e02e385435893bc3c3c80b434c8c559ed60846458c1148983a77c6a1424b55f40e9

Download Submit
C:\Users\Admin\AppData\Roaming\Tweaker\Tweaker\MyApp.exe

Filesize
147KB

MD5
4151ca54ece69864a8b894ae94e460f4

SHA1
991e635a7dae9d66f343226ff5ab5dab8f78ef48

SHA256
9fc3198f74939d16a7ed80a04d667d5950bab3ddfc8b83663066d95f1de5d7a2

SHA512
22e1ca6caa4497524c435d737bbc1e5bd5141d2a41f2aaaa45a1455fe23ffa934dd3d3d4120deaca10727ce41b531a3e6f6b9a891caf2b0f8137692bed984a13

Download Submit
C:\Users\Admin\AppData\Roaming\Tweaker\Tweaker\MyApp.runtimeconfig.json

Filesize
417B

MD5
649745f8494ddba272c68e29ebbfe3b8

SHA1
80b23177b189cf4bdeb34a1a33bfb56d092332b3

SHA256
4f8e15234471d8f0f8b3cc25efbe7ad49a11387b72e393cacf5ec92359abf22c

SHA512
38897a667361541ab8dc485c195e12200cb06186cf7fc0c0c48b4c2b29c136db03f7f74481fe0d62064ee34c2f614bd799ea423582191694c2e78cd7e884a6be

Download Submit
C:\Users\Admin\AppData\Roaming\Tweaker\Tweaker\SkiaSharp.dll

Filesize
427KB

MD5
1c536817f9929b39c1ca8ba6b831dd10

SHA1
d99ada12cc19e8f6abbbcb0b930dceb4b3648a64

SHA256
fd58d57ff4ae221b385449b90bd582b9ce47e56727cf024bcee53660c5bfbe6e

SHA512
720f22fb6af654898d07a751b8c3f1c74dfacdb2769b32ee99ee68be04ebec504cc4796a3e94b7d5c2779284fdb73749fb4b4dab307d3bee4c20c219bf640961

Download Submit
C:\Users\Admin\AppData\Roaming\Tweaker\Tweaker\runtimes\win-x64\native\av_libglesv2.dll

Filesize
4.2MB

MD5
0c6d7ef9f90b40fe51e67a2ff9f38244

SHA1
d6cbf5d5b9957028d75d2456f1209b2454072367

SHA256
caff1be1faee32f7c5bfba9162ee617c347aad40772caa9a1aff794e3a191420

SHA512
b4cf85ea6be1c8528bfa6126a81faf44132b6978a07cf01af729f68807c7db6ae16fe71eb74135c9db9fe7696094d89330a94217c953b2ee5cce9be4a4e33373

Download Submit
C:\Users\Admin\AppData\Roaming\Tweaker\Tweaker\runtimes\win-x64\native\libHarfBuzzSharp.dll

Filesize
1.5MB

MD5
c22de44419d1a1f1aa059f451fc59016

SHA1
cff7fc6071b8ccfbaea2ad922071f243d265afea

SHA256
ef5923ef4cdc8612c1825b294174b5b8cc8a056ed0f06b58db56aabc56aaae12

SHA512
12f93c7d4548c1c20288d9fd1b2b1b3dd0dec7c1a0c9b12f7f2c1b8045cfbbbd1256e39112f7296c83f93bc6c8fad45390384cc80087edeff46e9d125e3bcbba

Download Submit
C:\Users\Admin\AppData\Roaming\Tweaker\Tweaker\runtimes\win-x64\native\libSkiaSharp.DLL

Filesize
9.0MB

MD5
26d723bd75b5c6591dfde18b71281920

SHA1
47c05d42af2968f83877bb9cbf744c938489f466

SHA256
2ca940b7c4621ecd27d2f07c5f46fafa0375f493692cd4e6e1e66c07fbc8109a

SHA512
90bbdd48588616177354402b91a3fac363f8eb7959af570e6cee1174eeab950077b71ed47645262daf0957ced5b90b3aa5a7146a5d04d52b5c7975a5d31c5ef7

Download Submit
C:\Users\Admin\AppData\Roaming\Tweaker\Tweaker\runtimes\win\lib\net8.0\System.Management.dll

Filesize
304KB

MD5
e1422b4c04b923dcfe00a55290dc18a6

SHA1
0609ecde6bc8a87f88bc32b98d19800ff19529b6

SHA256
b2d6e7e991dc9ef154b29f4966f04fd8ed4ebb2c1d1242ea1d5f3e90f8ae5143

SHA512
297f54fceeb0cde17745323e7c41fea830a376fe9c3cf92a692c48199c0a05f1533a3045fd9c6d21352d084aa9ccec7b6cf630c7df49b52ed4025ae156509a7c

Download Submit
memory/448-223-0x00000000004B0000-0x00000000007E0000-memory.dmp

Filesize
3.2MB

Download
memory/448-206-0x00000000004B0000-0x00000000007E0000-memory.dmp

Filesize
3.2MB

Download
memory/448-14-0x00000000004B0000-0x00000000007E0000-memory.dmp

Filesize
3.2MB

Download
memory/448-12-0x0000000003640000-0x0000000003641000-memory.dmp

Filesize
4KB

Download
memory/448-9-0x00000000004B0000-0x00000000007E0000-memory.dmp

Filesize
3.2MB

Download
memory/448-6-0x0000000003640000-0x0000000003641000-memory.dmp

Filesize
4KB

Download
memory/2528-254-0x000002607F970000-0x000002607F992000-memory.dmp

Filesize
136KB

Download
memory/4048-1-0x0000000000A20000-0x0000000000AF1000-memory.dmp

Filesize
836KB

Download
memory/4048-224-0x0000000000A20000-0x0000000000AF1000-memory.dmp

Filesize
836KB

Download
memory/4048-8-0x0000000000A20000-0x0000000000AF1000-memory.dmp

Filesize
836KB

Download
memory/4048-2-0x0000000000A21000-0x0000000000AC9000-memory.dmp

Filesize
672KB

Download