1c2d92a970c392e744075679363c85a95ab97a28a22ce6431fbaa206d9ac33e3

Analysis

max time kernel
143s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
19/03/2023, 19:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Solar-Tweaks-Setup-4.3.3.exe
Size

60.3MB
MD5

ed4a1a4fc71c4cfd4ff37bfd00114b7b
SHA1

581a8f1c303c0d592083b4649dd1819e8394efee
SHA256

1c2d92a970c392e744075679363c85a95ab97a28a22ce6431fbaa206d9ac33e3
SHA512

8aa009204b3723af95a2d339f8405a6462c2b2f179f544db02a35bdf095c52ae74a2af128d2facd6ca114c5a0dd1ef50b0ae785917f7e1f0d5ba02b25f8f62d0
SSDEEP

1572864:aV1s9gPNzITDH7QDv2zFZJTCT6MR9L0T+woseEM:aV1sUUXcL2zfNwbnLddEM

Score

7^/10

discovery

Malware Config

Signatures

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Control Panel\International\Geo\Nation	Solar Tweaks.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Control Panel\International\Geo\Nation	Solar Tweaks.exe

Executes dropped EXE 4 IoCs

pid	Process
4924	Solar Tweaks.exe
1956	Solar Tweaks.exe
2296	Solar Tweaks.exe
920	Solar Tweaks.exe

Loads dropped DLL 14 IoCs

pid	Process
1960	Solar-Tweaks-Setup-4.3.3.exe
1960	Solar-Tweaks-Setup-4.3.3.exe
1960	Solar-Tweaks-Setup-4.3.3.exe
1960	Solar-Tweaks-Setup-4.3.3.exe
1960	Solar-Tweaks-Setup-4.3.3.exe
1960	Solar-Tweaks-Setup-4.3.3.exe
1960	Solar-Tweaks-Setup-4.3.3.exe
4924	Solar Tweaks.exe
2296	Solar Tweaks.exe
920	Solar Tweaks.exe
1956	Solar Tweaks.exe
1956	Solar Tweaks.exe
1956	Solar Tweaks.exe
1956	Solar Tweaks.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 5 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe

Enumerates processes with tasklist 1 TTPs 1 IoCs

Process Discovery

T1057

pid	Process
1364	tasklist.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings	firefox.exe

Modifies system certificate store 2 TTPs 6 IoCs

evasion spyware trojan

Install Root Certificate

T1130

Modify Registry

T1112

description	ioc	Process
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 0f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d090000000100000042000000304006082b06010505070302060a2b0601040182370a030c060a2b0601040182370a030406082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000000687260331a72403d909f105e69bcf0d32e1bd2493ffc6d9206d11bcd67707390b000000010000001e000000440053005400200052006f006f0074002000430041002000580033000000140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589101d00000001000000100000004558d512eecb27464920897de7b660537f000000010000000e000000300c060a2b0601040182370a03047e000000010000000800000000c001b39667d60168000000010000000800000000409120d035d901030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c1320000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510	Solar Tweaks.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 1900000001000000100000006cf252fec3e8f20996de5d4dd9aef4240f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d090000000100000042000000304006082b06010505070302060a2b0601040182370a030c060a2b0601040182370a030406082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000000687260331a72403d909f105e69bcf0d32e1bd2493ffc6d9206d11bcd67707390b000000010000001e000000440053005400200052006f006f0074002000430041002000580033000000140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589101d00000001000000100000004558d512eecb27464920897de7b660537f000000010000000e000000300c060a2b0601040182370a03047e000000010000000800000000c001b39667d60168000000010000000800000000409120d035d901030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c1320000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510	Solar Tweaks.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8	Solar Tweaks.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e14000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e80f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f631900000001000000100000002fe1f70bb05d7c92335bc5e05b984da620000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827	Solar Tweaks.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 5c0000000100000004000000001000001900000001000000100000002fe1f70bb05d7c92335bc5e05b984da60f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f63030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e814000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e20000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827	Solar Tweaks.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13	Solar Tweaks.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
1960	Solar-Tweaks-Setup-4.3.3.exe
1960	Solar-Tweaks-Setup-4.3.3.exe
1364	tasklist.exe
1364	tasklist.exe
920	Solar Tweaks.exe
920	Solar Tweaks.exe
2296	Solar Tweaks.exe
2296	Solar Tweaks.exe
2296	Solar Tweaks.exe
2296	Solar Tweaks.exe
2296	Solar Tweaks.exe
2296	Solar Tweaks.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeDebugPrivilege	1364	tasklist.exe
Token: SeSecurityPrivilege	1960	Solar-Tweaks-Setup-4.3.3.exe
Token: SeDebugPrivilege	5056	firefox.exe
Token: SeDebugPrivilege	5056	firefox.exe

Suspicious use of FindShellTrayWindow 4 IoCs

pid	Process
5056	firefox.exe
5056	firefox.exe
5056	firefox.exe
5056	firefox.exe

Suspicious use of SendNotifyMessage 3 IoCs

pid	Process
5056	firefox.exe
5056	firefox.exe
5056	firefox.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
5056	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1960 wrote to memory of 3092	1960	Solar-Tweaks-Setup-4.3.3.exe	85
PID 1960 wrote to memory of 3092	1960	Solar-Tweaks-Setup-4.3.3.exe	85
PID 1960 wrote to memory of 3092	1960	Solar-Tweaks-Setup-4.3.3.exe	85
PID 3092 wrote to memory of 1364	3092	cmd.exe	87
PID 3092 wrote to memory of 1364	3092	cmd.exe	87
PID 3092 wrote to memory of 1364	3092	cmd.exe	87
PID 3092 wrote to memory of 3624	3092	cmd.exe	88
PID 3092 wrote to memory of 3624	3092	cmd.exe	88
PID 3092 wrote to memory of 3624	3092	cmd.exe	88
PID 4924 wrote to memory of 1956	4924	Solar Tweaks.exe	98
PID 4924 wrote to memory of 1956	4924	Solar Tweaks.exe	98
PID 4924 wrote to memory of 1956	4924	Solar Tweaks.exe	98
PID 4924 wrote to memory of 1956	4924	Solar Tweaks.exe	98
PID 4924 wrote to memory of 1956	4924	Solar Tweaks.exe	98
PID 4924 wrote to memory of 1956	4924	Solar Tweaks.exe	98
PID 4924 wrote to memory of 1956	4924	Solar Tweaks.exe	98
PID 4924 wrote to memory of 1956	4924	Solar Tweaks.exe	98
PID 4924 wrote to memory of 1956	4924	Solar Tweaks.exe	98
PID 4924 wrote to memory of 1956	4924	Solar Tweaks.exe	98
PID 4924 wrote to memory of 1956	4924	Solar Tweaks.exe	98
PID 4924 wrote to memory of 1956	4924	Solar Tweaks.exe	98
PID 4924 wrote to memory of 1956	4924	Solar Tweaks.exe	98
PID 4924 wrote to memory of 1956	4924	Solar Tweaks.exe	98
PID 4924 wrote to memory of 1956	4924	Solar Tweaks.exe	98
PID 4924 wrote to memory of 1956	4924	Solar Tweaks.exe	98
PID 4924 wrote to memory of 1956	4924	Solar Tweaks.exe	98
PID 4924 wrote to memory of 1956	4924	Solar Tweaks.exe	98
PID 4924 wrote to memory of 1956	4924	Solar Tweaks.exe	98
PID 4924 wrote to memory of 1956	4924	Solar Tweaks.exe	98
PID 4924 wrote to memory of 1956	4924	Solar Tweaks.exe	98
PID 4924 wrote to memory of 1956	4924	Solar Tweaks.exe	98
PID 4924 wrote to memory of 1956	4924	Solar Tweaks.exe	98
PID 4924 wrote to memory of 1956	4924	Solar Tweaks.exe	98
PID 4924 wrote to memory of 1956	4924	Solar Tweaks.exe	98
PID 4924 wrote to memory of 1956	4924	Solar Tweaks.exe	98
PID 4924 wrote to memory of 1956	4924	Solar Tweaks.exe	98
PID 4924 wrote to memory of 1956	4924	Solar Tweaks.exe	98
PID 4924 wrote to memory of 1956	4924	Solar Tweaks.exe	98
PID 4924 wrote to memory of 1956	4924	Solar Tweaks.exe	98
PID 4924 wrote to memory of 1956	4924	Solar Tweaks.exe	98
PID 4924 wrote to memory of 1956	4924	Solar Tweaks.exe	98
PID 4924 wrote to memory of 1956	4924	Solar Tweaks.exe	98
PID 4924 wrote to memory of 1956	4924	Solar Tweaks.exe	98
PID 4924 wrote to memory of 1956	4924	Solar Tweaks.exe	98
PID 4924 wrote to memory of 1956	4924	Solar Tweaks.exe	98
PID 4924 wrote to memory of 1956	4924	Solar Tweaks.exe	98
PID 4924 wrote to memory of 1956	4924	Solar Tweaks.exe	98
PID 4924 wrote to memory of 1956	4924	Solar Tweaks.exe	98
PID 4924 wrote to memory of 1956	4924	Solar Tweaks.exe	98
PID 4924 wrote to memory of 920	4924	Solar Tweaks.exe	99
PID 4924 wrote to memory of 920	4924	Solar Tweaks.exe	99
PID 4924 wrote to memory of 2296	4924	Solar Tweaks.exe	100
PID 4924 wrote to memory of 2296	4924	Solar Tweaks.exe	100
PID 1532 wrote to memory of 5056	1532	firefox.exe	119
PID 1532 wrote to memory of 5056	1532	firefox.exe	119
PID 1532 wrote to memory of 5056	1532	firefox.exe	119
PID 1532 wrote to memory of 5056	1532	firefox.exe	119
PID 1532 wrote to memory of 5056	1532	firefox.exe	119
PID 1532 wrote to memory of 5056	1532	firefox.exe	119
PID 1532 wrote to memory of 5056	1532	firefox.exe	119
PID 1532 wrote to memory of 5056	1532	firefox.exe	119
PID 1532 wrote to memory of 5056	1532	firefox.exe	119
PID 1532 wrote to memory of 5056	1532	firefox.exe	119
PID 1532 wrote to memory of 5056	1532	firefox.exe	119

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\Solar-Tweaks-Setup-4.3.3.exe
"C:\Users\Admin\AppData\Local\Temp\Solar-Tweaks-Setup-4.3.3.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1960
- C:\Windows\SysWOW64\cmd.exe
  cmd /c tasklist /FI "USERNAME eq %USERNAME%" /FI "IMAGENAME eq Solar Tweaks.exe" | find "Solar Tweaks.exe"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3092
- - C:\Windows\SysWOW64\tasklist.exe
    tasklist /FI "USERNAME eq Admin" /FI "IMAGENAME eq Solar Tweaks.exe"
    3⤵
    - Enumerates processes with tasklist
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:1364
- - C:\Windows\SysWOW64\find.exe
    find "Solar Tweaks.exe"
    3⤵
    PID:3624

C:\Users\Admin\AppData\Local\Programs\solartweaks\Solar Tweaks.exe
"C:\Users\Admin\AppData\Local\Programs\solartweaks\Solar Tweaks.exe"
1⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Modifies system certificate store
- Suspicious use of WriteProcessMemory
PID:4924
- C:\Users\Admin\AppData\Local\Programs\solartweaks\Solar Tweaks.exe
  "C:\Users\Admin\AppData\Local\Programs\solartweaks\Solar Tweaks.exe" --type=gpu-process --field-trial-handle=1932,5124638107487063031,8585339946870365335,131072 --disable-features=CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1936 /prefetch:2
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:1956
- C:\Users\Admin\AppData\Local\Programs\solartweaks\Solar Tweaks.exe
  "C:\Users\Admin\AppData\Local\Programs\solartweaks\Solar Tweaks.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1932,5124638107487063031,8585339946870365335,131072 --disable-features=CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --lang=en-US --service-sandbox-type=none --standard-schemes=app --secure-schemes=app --bypasscsp-schemes --cors-schemes --fetch-schemes --service-worker-schemes --streaming-schemes --mojo-platform-channel-handle=2316 /prefetch:8
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: EnumeratesProcesses
  PID:920
- C:\Users\Admin\AppData\Local\Programs\solartweaks\Solar Tweaks.exe
  "C:\Users\Admin\AppData\Local\Programs\solartweaks\Solar Tweaks.exe" --type=renderer --field-trial-handle=1932,5124638107487063031,8585339946870365335,131072 --disable-features=CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --lang=en-US --standard-schemes=app --secure-schemes=app --bypasscsp-schemes --cors-schemes --fetch-schemes --service-worker-schemes --streaming-schemes --app-path="C:\Users\Admin\AppData\Local\Programs\solartweaks\resources\app.asar" --no-sandbox --no-zygote --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=3 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2644 /prefetch:1
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: EnumeratesProcesses
  PID:2296

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1668

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1532
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:5056
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5056.0.1761773255\1570358047" -parentBuildID 20221007134813 -prefsHandle 1844 -prefMapHandle 1836 -prefsLen 20890 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {fae6cafb-61f5-4d3f-b36a-100c9fb9493d} 5056 "\\.\pipe\gecko-crash-server-pipe.5056" 1924 25b7ea16e58 gpu
    3⤵
    PID:5060
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5056.1.1202419323\1704961070" -parentBuildID 20221007134813 -prefsHandle 2312 -prefMapHandle 2308 -prefsLen 20926 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {adf145e3-dcc0-4e31-87a6-07d136f7126d} 5056 "\\.\pipe\gecko-crash-server-pipe.5056" 2324 25b70972558 socket
    3⤵
    PID:2912
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5056.2.1085149516\1109873654" -childID 1 -isForBrowser -prefsHandle 2896 -prefMapHandle 3040 -prefsLen 21009 -prefMapSize 232675 -jsInitHandle 1444 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {64c2a445-e5cf-4c0a-b9f4-d76c8547270c} 5056 "\\.\pipe\gecko-crash-server-pipe.5056" 3168 25b7d992d58 tab
    3⤵
    PID:1880
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5056.3.1945126204\1076190311" -childID 2 -isForBrowser -prefsHandle 3524 -prefMapHandle 3384 -prefsLen 26519 -prefMapSize 232675 -jsInitHandle 1444 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0e94300d-ff18-416a-8b91-18fc9a952f6a} 5056 "\\.\pipe\gecko-crash-server-pipe.5056" 3064 25b0098ca58 tab
    3⤵
    PID:4248
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5056.4.583445396\1556358489" -childID 3 -isForBrowser -prefsHandle 4004 -prefMapHandle 4000 -prefsLen 26519 -prefMapSize 232675 -jsInitHandle 1444 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {41c06eb9-360a-4c31-bfdc-02de26dfedd7} 5056 "\\.\pipe\gecko-crash-server-pipe.5056" 4016 25b7d992458 tab
    3⤵
    PID:2760
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5056.5.859651573\754607197" -childID 4 -isForBrowser -prefsHandle 5084 -prefMapHandle 4980 -prefsLen 26659 -prefMapSize 232675 -jsInitHandle 1444 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7a413b1f-780b-49bd-b1fb-8c5a1d05cf95} 5056 "\\.\pipe\gecko-crash-server-pipe.5056" 4984 25b04809358 tab
    3⤵
    PID:1816
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5056.6.1450663504\707470131" -childID 5 -isForBrowser -prefsHandle 5160 -prefMapHandle 5164 -prefsLen 26659 -prefMapSize 232675 -jsInitHandle 1444 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1c901ae7-675e-4990-9874-794ba7df40d0} 5056 "\\.\pipe\gecko-crash-server-pipe.5056" 5152 25b048bcd58 tab
    3⤵
    PID:1580
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5056.7.1065998010\1010108194" -childID 6 -isForBrowser -prefsHandle 5352 -prefMapHandle 5356 -prefsLen 26659 -prefMapSize 232675 -jsInitHandle 1444 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {170cf307-e3e4-4377-9f94-8e06b6f12791} 5056 "\\.\pipe\gecko-crash-server-pipe.5056" 5344 25b048bb858 tab
    3⤵
    PID:3492
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5056.8.1216375746\1781686912" -childID 7 -isForBrowser -prefsHandle 5836 -prefMapHandle 5832 -prefsLen 26913 -prefMapSize 232675 -jsInitHandle 1444 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ce5e8035-7795-4cfa-8f87-b2ae6782cce2} 5056 "\\.\pipe\gecko-crash-server-pipe.5056" 5848 25b061ea858 tab
    3⤵
    PID:5888
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5056.9.1364045619\94142830" -childID 8 -isForBrowser -prefsHandle 5044 -prefMapHandle 5572 -prefsLen 27195 -prefMapSize 232675 -jsInitHandle 1444 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {91a5b3cf-3aab-452e-b53e-197f7a256b9a} 5056 "\\.\pipe\gecko-crash-server-pipe.5056" 5972 25b02dd3958 tab
    3⤵
    PID:5532
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5056.10.1259563876\881229728" -parentBuildID 20221007134813 -prefsHandle 3456 -prefMapHandle 3448 -prefsLen 27195 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d91b5b30-929c-4d58-a8b5-5b99b241aec6} 5056 "\\.\pipe\gecko-crash-server-pipe.5056" 5060 25b06e19558 rdd
    3⤵
    PID:4960
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5056.12.443791971\1987195908" -childID 10 -isForBrowser -prefsHandle 9588 -prefMapHandle 9584 -prefsLen 27195 -prefMapSize 232675 -jsInitHandle 1444 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5e3a7f07-a44f-4ab2-b4f5-d088e5982caf} 5056 "\\.\pipe\gecko-crash-server-pipe.5056" 9596 25b075bda58 tab
    3⤵
    PID:5984
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5056.11.475306670\2140373642" -childID 9 -isForBrowser -prefsHandle 3456 -prefMapHandle 9908 -prefsLen 27195 -prefMapSize 232675 -jsInitHandle 1444 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5645b701-6324-4e8d-a5fe-a5b84233cc11} 5056 "\\.\pipe\gecko-crash-server-pipe.5056" 9732 25b075be658 tab
    3⤵
    PID:5980
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5056.13.205013592\415792568" -childID 11 -isForBrowser -prefsHandle 2736 -prefMapHandle 9952 -prefsLen 27195 -prefMapSize 232675 -jsInitHandle 1444 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9e8146fd-36c7-46f6-96c8-b04d77c0b65c} 5056 "\\.\pipe\gecko-crash-server-pipe.5056" 9704 25b072a3858 tab
    3⤵
    PID:2064
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5056.14.1782220481\1107619238" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 9460 -prefMapHandle 9472 -prefsLen 27195 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f9466c95-cb32-4cf7-b5f6-950c9b13b8e0} 5056 "\\.\pipe\gecko-crash-server-pipe.5056" 9468 25b0098b558 utility
    3⤵
    PID:3424

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x2ec 0x31c
1⤵
PID:3852

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

T1130

Modify Registry

T1112

Credential Access

Discovery

Process Discovery

T1057

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6exu9k4v.default-release\activity-stream.discovery_stream.json.tmp

Filesize
156KB

MD5
92af44d61e6435923c594cf3646b2af5

SHA1
6c00111c831e6beeb32c855814490d7146f7e167

SHA256
5ae6ec42500bd1adb2451169151ed2b7dd4b5fb6448fab54dca4c3da42b56ecb

SHA512
e8294e628a1adf1be2a25d534a6877d13ba53d0ebac6de9e04486679f4f5437900a24d4cf6c870723328305d453840c69f9ce5da47b6a6574d56588d2b5c8156

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6exu9k4v.default-release\cache2\doomed\13343

Filesize
15KB

MD5
5571b11f34c5ec1370c0fe6d7bdd068e

SHA1
f8229887e2d74dfc852be8b32880a88e666b675c

SHA256
f9fbca8b562600867bbec5bcba45a5343b86d088476c5ed163bf21628663271f

SHA512
d72db4af8dc92e61e92c17e0f23ad6e747e302f785855642b9fe7ac30a0af7caf25499467462c46e3ea3f4a6e5d288de2b15ec85773b3e30e1f8dafe8d7e3e87

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6exu9k4v.default-release\cache2\doomed\15923

Filesize
14KB

MD5
877102a9b63ea83c856b57598c2f5349

SHA1
dd4012a63358b9684cdd60eadf2fd19ed85d76ac

SHA256
ae79f8909d3f84ae784181e30ad019dfe10feb6f0974c94f794b9d5d88108e0a

SHA512
e2a1d366e25445f4ec948846f2516e63100b3b646527fd26a55fc762f9b448fce7a125e031c95212cf0516e2b86958550d5df171743b2750e304407e1a05c765

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6exu9k4v.default-release\cache2\doomed\25945

Filesize
15KB

MD5
334560b49e96000632787305914078f2

SHA1
d4febc606be8f60820db55360727739643c41aaf

SHA256
ab0326c8803b293f2d78b0557392e53d655f29f772b7c3e2ee96c7ade48df245

SHA512
31e3a91fb18cb1aa1469af92270a9714996ed5eec243256f3105c87f200590443001b2e6873c9ea4d009f48838794ac34e3e9de831c0d5f4936d907870e8f10e

Download Submit
C:\Users\Admin\AppData\Local\Programs\solartweaks\D3DCompiler_47.dll

Filesize
4.3MB

MD5
7641e39b7da4077084d2afe7c31032e0

SHA1
2256644f69435ff2fee76deb04d918083960d1eb

SHA256
44422e6936dc72b7ac5ed16bb8bcae164b7554513e52efb66a3e942cec328a47

SHA512
8010e1cb17fa18bbf72d8344e1d63ded7cef7be6e7c13434fa6d8e22ce1d58a4d426959bdcb031502d4b145e29cb111af929fcbc66001111fbc6d7a19e8800a5

Download Submit
C:\Users\Admin\AppData\Local\Programs\solartweaks\Solar Tweaks.exe

Filesize
130.1MB

MD5
340132256d957b9ec3357850f6eec33c

SHA1
5903ea416bb58d8b52964f8445309cc0769842bb

SHA256
befa6aa28a5bafbad17926b29318f13ab026bbb18010ba410b29374821adf08e

SHA512
03276db0c832f09abf8dab0d100d9c272f4623130a4b5d80de43f6ea099f6c486229e74db0d25a13857eaefb3133dba4f41d08c6aab7bdfd897a601c5cfdf68b

Download Submit
C:\Users\Admin\AppData\Local\Programs\solartweaks\Solar Tweaks.exe

Filesize
130.1MB

MD5
340132256d957b9ec3357850f6eec33c

SHA1
5903ea416bb58d8b52964f8445309cc0769842bb

SHA256
befa6aa28a5bafbad17926b29318f13ab026bbb18010ba410b29374821adf08e

SHA512
03276db0c832f09abf8dab0d100d9c272f4623130a4b5d80de43f6ea099f6c486229e74db0d25a13857eaefb3133dba4f41d08c6aab7bdfd897a601c5cfdf68b

Download Submit
C:\Users\Admin\AppData\Local\Programs\solartweaks\Solar Tweaks.exe

Filesize
130.1MB

MD5
340132256d957b9ec3357850f6eec33c

SHA1
5903ea416bb58d8b52964f8445309cc0769842bb

SHA256
befa6aa28a5bafbad17926b29318f13ab026bbb18010ba410b29374821adf08e

SHA512
03276db0c832f09abf8dab0d100d9c272f4623130a4b5d80de43f6ea099f6c486229e74db0d25a13857eaefb3133dba4f41d08c6aab7bdfd897a601c5cfdf68b

Download Submit
C:\Users\Admin\AppData\Local\Programs\solartweaks\Solar Tweaks.exe

Filesize
130.1MB

MD5
340132256d957b9ec3357850f6eec33c

SHA1
5903ea416bb58d8b52964f8445309cc0769842bb

SHA256
befa6aa28a5bafbad17926b29318f13ab026bbb18010ba410b29374821adf08e

SHA512
03276db0c832f09abf8dab0d100d9c272f4623130a4b5d80de43f6ea099f6c486229e74db0d25a13857eaefb3133dba4f41d08c6aab7bdfd897a601c5cfdf68b

Download Submit
C:\Users\Admin\AppData\Local\Programs\solartweaks\Solar Tweaks.exe

Filesize
130.1MB

MD5
340132256d957b9ec3357850f6eec33c

SHA1
5903ea416bb58d8b52964f8445309cc0769842bb

SHA256
befa6aa28a5bafbad17926b29318f13ab026bbb18010ba410b29374821adf08e

SHA512
03276db0c832f09abf8dab0d100d9c272f4623130a4b5d80de43f6ea099f6c486229e74db0d25a13857eaefb3133dba4f41d08c6aab7bdfd897a601c5cfdf68b

Download Submit
C:\Users\Admin\AppData\Local\Programs\solartweaks\Solar Tweaks.exe

Filesize
130.1MB

MD5
340132256d957b9ec3357850f6eec33c

SHA1
5903ea416bb58d8b52964f8445309cc0769842bb

SHA256
befa6aa28a5bafbad17926b29318f13ab026bbb18010ba410b29374821adf08e

SHA512
03276db0c832f09abf8dab0d100d9c272f4623130a4b5d80de43f6ea099f6c486229e74db0d25a13857eaefb3133dba4f41d08c6aab7bdfd897a601c5cfdf68b

Download Submit
C:\Users\Admin\AppData\Local\Programs\solartweaks\chrome_100_percent.pak

Filesize
138KB

MD5
03aaa4f8525ba4b3e30d2a02cb40ab7a

SHA1
dd9ae5f8b56d317c71d0a0a738f5d4a320a02085

SHA256
c3f131faeefab4f506bf61c4b7752a6481f320429731d758ef5413a2f71441f7

SHA512
c89a1b89b669602ba7c8bf2c004755cac7320189603fecb4f4c5cf7a36db72da651c7b613607146f0c6da9eec5df412c7fba75475352192351c02aebdaa7d9a9

Download Submit
C:\Users\Admin\AppData\Local\Programs\solartweaks\chrome_200_percent.pak

Filesize
202KB

MD5
7d4f330a5443eadf32e041c63e7e70ad

SHA1
26ce6fb98c0f28f508d7b88cf94a442b81e80c88

SHA256
b8704be578e7396ee3f2188d0c87d0ede5c5702e9bb8c841b5f8d458abf1356d

SHA512
f1b9b0dd7396863aa0feca06175b7f9ea0be4122351ecf0a0549ee4c34f85ac8c63cc927d7409a40b6e19fa91d2cb00a145616ba19f47045b2345bfbc2d4802d

Download Submit
C:\Users\Admin\AppData\Local\Programs\solartweaks\d3dcompiler_47.dll

Filesize
4.3MB

MD5
7641e39b7da4077084d2afe7c31032e0

SHA1
2256644f69435ff2fee76deb04d918083960d1eb

SHA256
44422e6936dc72b7ac5ed16bb8bcae164b7554513e52efb66a3e942cec328a47

SHA512
8010e1cb17fa18bbf72d8344e1d63ded7cef7be6e7c13434fa6d8e22ce1d58a4d426959bdcb031502d4b145e29cb111af929fcbc66001111fbc6d7a19e8800a5

Download Submit
C:\Users\Admin\AppData\Local\Programs\solartweaks\ffmpeg.dll

Filesize
2.6MB

MD5
7c3c780de9ae5cc4abeccbd7cb6b367b

SHA1
bda27b3c0b1ec023e2a0a97099a84b10e04cb135

SHA256
39293258d5a2418841edb5ccf9ab3ad23064fb95e1ddfa7a3c6295a24c272a08

SHA512
80a79f827c3154461158ec6f466db0c2ecd9ce9ffd7728001644d4cf382721d09c0758f98f73d7fa548e4e220ffd2b8842303d67a43e79b9146e8b882853658c

Download Submit
C:\Users\Admin\AppData\Local\Programs\solartweaks\ffmpeg.dll

Filesize
2.6MB

MD5
7c3c780de9ae5cc4abeccbd7cb6b367b

SHA1
bda27b3c0b1ec023e2a0a97099a84b10e04cb135

SHA256
39293258d5a2418841edb5ccf9ab3ad23064fb95e1ddfa7a3c6295a24c272a08

SHA512
80a79f827c3154461158ec6f466db0c2ecd9ce9ffd7728001644d4cf382721d09c0758f98f73d7fa548e4e220ffd2b8842303d67a43e79b9146e8b882853658c

Download Submit
C:\Users\Admin\AppData\Local\Programs\solartweaks\ffmpeg.dll

Filesize
2.6MB

MD5
7c3c780de9ae5cc4abeccbd7cb6b367b

SHA1
bda27b3c0b1ec023e2a0a97099a84b10e04cb135

SHA256
39293258d5a2418841edb5ccf9ab3ad23064fb95e1ddfa7a3c6295a24c272a08

SHA512
80a79f827c3154461158ec6f466db0c2ecd9ce9ffd7728001644d4cf382721d09c0758f98f73d7fa548e4e220ffd2b8842303d67a43e79b9146e8b882853658c

Download Submit
C:\Users\Admin\AppData\Local\Programs\solartweaks\ffmpeg.dll

Filesize
2.6MB

MD5
7c3c780de9ae5cc4abeccbd7cb6b367b

SHA1
bda27b3c0b1ec023e2a0a97099a84b10e04cb135

SHA256
39293258d5a2418841edb5ccf9ab3ad23064fb95e1ddfa7a3c6295a24c272a08

SHA512
80a79f827c3154461158ec6f466db0c2ecd9ce9ffd7728001644d4cf382721d09c0758f98f73d7fa548e4e220ffd2b8842303d67a43e79b9146e8b882853658c

Download Submit
C:\Users\Admin\AppData\Local\Programs\solartweaks\ffmpeg.dll

Filesize
2.6MB

MD5
7c3c780de9ae5cc4abeccbd7cb6b367b

SHA1
bda27b3c0b1ec023e2a0a97099a84b10e04cb135

SHA256
39293258d5a2418841edb5ccf9ab3ad23064fb95e1ddfa7a3c6295a24c272a08

SHA512
80a79f827c3154461158ec6f466db0c2ecd9ce9ffd7728001644d4cf382721d09c0758f98f73d7fa548e4e220ffd2b8842303d67a43e79b9146e8b882853658c

Download Submit
C:\Users\Admin\AppData\Local\Programs\solartweaks\icudtl.dat

Filesize
9.9MB

MD5
80a7528515595d8b0bf99a477a7eff0d

SHA1
fde9a195fc5a6a23ec82b8594f958cfcf3159437

SHA256
6e0b6b0d9e14c905f2278dbf25b7bb58cc0622b7680e3b6ff617a1d42348736b

SHA512
c8df47a00f7b2472d272a26b3600b7e82be7ca22526d6453901ff06370b3abb66328655868db9d4e0a11dcba02e3788cc4883261fd9a7d3e521577dde1b88459

Download Submit
C:\Users\Admin\AppData\Local\Programs\solartweaks\locales\en-US.pak

Filesize
88KB

MD5
af5c77e1d94dc4f772cb641bd310bc87

SHA1
0ceeb456e2601e22d873250bcc713bab573f2247

SHA256
781ef5aa8dce072a3e7732f39a7e991c497c70bfaec2264369d0d790ab7660a4

SHA512
8c3217b7d9b529d00785c7a1b2417a3297c234dec8383709c89c7ff9296f8ed4e9e6184e4304838edc5b4da9c9c3fe329b792c462e48b7175250ea3ea3acc70c

Download Submit
C:\Users\Admin\AppData\Local\Programs\solartweaks\resources.pak

Filesize
4.9MB

MD5
91f8a4b158df6967163ccbbe765e095a

SHA1
95db67f0a2352fd898f4a4cfdfc860f6a9c58c87

SHA256
a30b8269e588c6cc2cea5fd4685da3012fd10451edb59a283005116f8e033182

SHA512
6450d75d53f24d11e1c1e7e3cacfc57ee9dd09c00ca0dc2ff30f580b59a6b17e7ad7d96682195bd7d806b49068653538c77ca4200491560cecff128a0b012d92

Download Submit
C:\Users\Admin\AppData\Local\Programs\solartweaks\resources\app.asar

Filesize
7.1MB

MD5
ffbcaf8661b84341601d8a0c75fb27c2

SHA1
47f107ace93bfa6f83929a8b23fede95973fd86e

SHA256
af87efd6abb9aa6868eb7a4eba16eaeef572911aedd872be452d1ee42f55ed67

SHA512
f9d691a823f344049d8858d509bf421b7743223fd3bef324aac94e3110e2f4aac8a2b80ababc7bb35c5e34948e1b5680678ad8513b5f4d19ed13d109c49e7129

Download Submit
C:\Users\Admin\AppData\Local\Programs\solartweaks\swiftshader\libEGL.dll

Filesize
448KB

MD5
038a73114d439bfc94be4732b2794998

SHA1
4b7a9d52da1bd808af979cf5cfb146404494317a

SHA256
b1054e0dc2ab31a7cf3cd7f3dae07b1ec31acd42c157be13ce47ea870840f0cc

SHA512
8788e43de424e1d7a163d0b7f4d719c36bf8fdee9808d405aeb05993c446d4f2a595741cb4d98f5e9611cd16d09de9445bf72176a799f4189168bb8509b115ff

Download Submit
C:\Users\Admin\AppData\Local\Programs\solartweaks\swiftshader\libGLESv2.dll

Filesize
3.1MB

MD5
38ec86347b3e467c5868e35ab48f89f2

SHA1
4db17d065cc330b277a70f9fb8dff0c4b426f314

SHA256
2e10d308d0207835b07df3bb38bee88300aa57fcb214051e8654d29587257744

SHA512
2b2405ed51ea1d232f2d60072e4f57e70f36f1a8f9d0a935772bfb9a3be50c1d6136cee496fde9fb3dda1f0d2f1c643cb9f162e0b68828ff854645eb1e8216f4

Download Submit
C:\Users\Admin\AppData\Local\Programs\solartweaks\swiftshader\libegl.dll

Filesize
448KB

MD5
038a73114d439bfc94be4732b2794998

SHA1
4b7a9d52da1bd808af979cf5cfb146404494317a

SHA256
b1054e0dc2ab31a7cf3cd7f3dae07b1ec31acd42c157be13ce47ea870840f0cc

SHA512
8788e43de424e1d7a163d0b7f4d719c36bf8fdee9808d405aeb05993c446d4f2a595741cb4d98f5e9611cd16d09de9445bf72176a799f4189168bb8509b115ff

Download Submit
C:\Users\Admin\AppData\Local\Programs\solartweaks\swiftshader\libglesv2.dll

Filesize
3.1MB

MD5
38ec86347b3e467c5868e35ab48f89f2

SHA1
4db17d065cc330b277a70f9fb8dff0c4b426f314

SHA256
2e10d308d0207835b07df3bb38bee88300aa57fcb214051e8654d29587257744

SHA512
2b2405ed51ea1d232f2d60072e4f57e70f36f1a8f9d0a935772bfb9a3be50c1d6136cee496fde9fb3dda1f0d2f1c643cb9f162e0b68828ff854645eb1e8216f4

Download Submit
C:\Users\Admin\AppData\Local\Programs\solartweaks\v8_context_snapshot.bin

Filesize
161KB

MD5
e47426f88649c7f8e27b8a1516cc0137

SHA1
5452aadfddbc55d6c5c18b801087e39529859b12

SHA256
09686ad5bf03d95de7c251d204e60a8e3824bd6420bedddee80b2c6e5609fb26

SHA512
f9647a35ff273ca622b3db4aefb9aaf75075386c42a31e085f916fc82f3a18fed25b0e05dcc09e678ca419408f59f0c34fa5762e5f945db35f9c6f67b7b94bc0

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsr98FA.tmp\SpiderBanner.dll

Filesize
9KB

MD5
17309e33b596ba3a5693b4d3e85cf8d7

SHA1
7d361836cf53df42021c7f2b148aec9458818c01

SHA256
996a259e53ca18b89ec36d038c40148957c978c0fd600a268497d4c92f882a93

SHA512
1abac3ce4f2d5e4a635162e16cf9125e059ba1539f70086c2d71cd00d41a6e2a54d468e6f37792e55a822d7082fb388b8dfecc79b59226bbb047b7d28d44d298

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsr98FA.tmp\StdUtils.dll

Filesize
100KB

MD5
c6a6e03f77c313b267498515488c5740

SHA1
3d49fc2784b9450962ed6b82b46e9c3c957d7c15

SHA256
b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e

SHA512
9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsr98FA.tmp\StdUtils.dll

Filesize
100KB

MD5
c6a6e03f77c313b267498515488c5740

SHA1
3d49fc2784b9450962ed6b82b46e9c3c957d7c15

SHA256
b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e

SHA512
9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsr98FA.tmp\System.dll

Filesize
12KB

MD5
0d7ad4f45dc6f5aa87f606d0331c6901

SHA1
48df0911f0484cbe2a8cdd5362140b63c41ee457

SHA256
3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca

SHA512
c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsr98FA.tmp\WinShell.dll

Filesize
3KB

MD5
1cc7c37b7e0c8cd8bf04b6cc283e1e56

SHA1
0b9519763be6625bd5abce175dcc59c96d100d4c

SHA256
9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6

SHA512
7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsr98FA.tmp\WinShell.dll

Filesize
3KB

MD5
1cc7c37b7e0c8cd8bf04b6cc283e1e56

SHA1
0b9519763be6625bd5abce175dcc59c96d100d4c

SHA256
9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6

SHA512
7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsr98FA.tmp\WinShell.dll

Filesize
3KB

MD5
1cc7c37b7e0c8cd8bf04b6cc283e1e56

SHA1
0b9519763be6625bd5abce175dcc59c96d100d4c

SHA256
9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6

SHA512
7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsr98FA.tmp\nsExec.dll

Filesize
6KB

MD5
ec0504e6b8a11d5aad43b296beeb84b2

SHA1
91b5ce085130c8c7194d66b2439ec9e1c206497c

SHA256
5d9ceb1ce5f35aea5f9e5a0c0edeeec04dfefe0c77890c80c70e98209b58b962

SHA512
3f918f1b47e8a919cbe51eb17dc30acc8cfc18e743a1bae5b787d0db7d26038dc1210be98bf5ba3be8d6ed896dbbd7ac3d13e66454a98b2a38c7e69dad30bb57

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsr98FA.tmp\nsis7z.dll

Filesize
424KB

MD5
80e44ce4895304c6a3a831310fbf8cd0

SHA1
36bd49ae21c460be5753a904b4501f1abca53508

SHA256
b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592

SHA512
c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\prefs-1.js

Filesize
6KB

MD5
ed81b63f2ad891bf07c21149961222fa

SHA1
5605ae23278a992ea35d94da2d142ee4c119ba6e

SHA256
8a3e783d28102a14ee454113e0874534a60d7395ef1b1811dc66ff2083c57e39

SHA512
3c7c7fffd2fb479958aafe5be3c7f5bac4ce413aa97faedb992b0d9ccba54f31535bff76f9de4bf25aa412deabdfc527887ec74478fdeb1b8d8e48b0c28be82c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\prefs-1.js

Filesize
6KB

MD5
5500dd3116369177e9d110dff468badc

SHA1
8064938e9280d5d14d8f58973db7fcbbf7863c7f

SHA256
508112e1936a04e49204fd4205a4bd50066ea95413a70b41f11e86bc00b98abb

SHA512
3e0a84c9aae80894992229e84b57735cf7f7573628a751d807d233b0ee91ea9a37152d90a9c2608fa021d90ed9fc60ff58728a361583ab125ea8bccce0f3a4dc

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\prefs-1.js

Filesize
7KB

MD5
a9c5287a9c4419f5bdc5e94ae2b273b9

SHA1
c91af4da0e4b8a6867d94f283d0922ac742a5775

SHA256
b59641ec230e8bd1f8a0c7769633a818d081a9786bf4938f5e90186e98aed028

SHA512
a0d1e27e7ce69f400521d67c881fd280d6d57cd897007e61ec435df249f94eb61f792c4d6e0fe965e66a1e4433a377a9b821860b1db8cfcd0e05dddedb93ffb3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\prefs-1.js

Filesize
7KB

MD5
e6772af4ded8ceed8e09dc4426f1e711

SHA1
88d08ad8cc55d99f74cd12ef83b48d2b6532bbc5

SHA256
b5c2b64363812f79aa3a67c323fb0b00610d7d6947302fd650d751a5ce3cec6b

SHA512
a82ce7320ae411cceb69e898f00c96370d7e021a7efdab129ba37b6901b19c5304b6839a78f2a08bda214ea6af38de5bf96ed358092b88ab11a018387abf57c1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\prefs.js

Filesize
6KB

MD5
108b97b1ff7efbdb1aecce96d55ff2e5

SHA1
bb72b2e0c3d859fe5e821632307a32df331b55e1

SHA256
c5e19d4313b524fffc4859f4fac05ea3dcf408714a736dbd0bb7fcdf5131f80e

SHA512
e0f7678424e68957a1cb521786e9e4e54c179f9a263b04d0c6a96147cb1e242b58bda3e74e6f142dcd9b6dd313a0061c3050af334b149eab9a8040f923da84dc

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
5KB

MD5
45203b1ae9343a4eeab1ac77966bcbb2

SHA1
795be6584b71ff2d48e934c7ffda2643df05b612

SHA256
9d52b64137a393b02e79b6425c563f073fd5e1adf64ec4a13b7653b6f925c0d8

SHA512
315902fd9247e231f96f9ffa7a272bc3fdc192370d964448bc69659675e6ac1f821914617c6669d586d0f0dc7aa17a3d166fa0932d38cb6b64042491d45e07b9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
3KB

MD5
43e10e7d7bb88fdbde4908c201f3cd10

SHA1
b7aaa82d827ae34a55722bd3d64d7c697200f8d4

SHA256
1186b717be50df1d4caa35c1d9ff4c098e662dbeaddda05a339e54e04b0cdee9

SHA512
b4914f847c0a7fbb06df5701cbe0517d92b7e1ac7d4686ce8d2cdaea2b7af25a4d3c81ef3d18dcc640fb6d742df31b6a645dadef9795713bf5542f2edb2aa6a4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\storage\default\https+++www.pornhub.org\cache\morgue\200\{80eef970-2102-49a4-8b1a-5640ca68c7c8}.final

Filesize
1KB

MD5
932479fe19d996a5e8f139bf51085149

SHA1
da374dfebb658802ee62fc8ec320c3442fc93192

SHA256
c57de29d8406c0e2534d96c4c23199b127d8ee9bb86dce5230bf8157894b4f84

SHA512
ddbc216c01474d8ccc4f73fc78d228e68600b2bc148cdf3b7d12108b9fbdce3f2c91fdddce4841e669b1a2a609a8fae927e2a551efd11877e6513f7849edc05a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\storage\default\https+++www.pornhub.org\cache\morgue\73\{9f5d9c09-18cc-45ee-9b88-ffb7210d3649}.final

Filesize
456B

MD5
4849126d62348e96de9f534891ee372c

SHA1
04208116ad7cb0edcb2c7c754042554104172d10

SHA256
92930e52c17a5e42a09f648d090ba0e48384fe2b6f4f6b3e3fc70bd8a0e6ac5d

SHA512
bd7769637a8707a21027e442faf6911019a2c731bff17fc11b9da0b74490162ea4eba2fca41942a7c114cc75ab1941f208c1fcc789bdc0a594b5ed269f6e6f25

Download Submit
C:\Users\Admin\AppData\Roaming\solartweaks\Network Persistent State

Filesize
1KB

MD5
7bf7f0f340871ee9bb1e66fb0a2cc162

SHA1
2a07c1f9b2e44c23307af3dac10242f757c5e333

SHA256
ff1512b1868cba65e8d24ab25cf14918189643729948a1dbb7f2aed5590b5432

SHA512
0717a1dfbcdfc0c479ea62984a13d4f607f37c606a4869d34e392ef58ce26326392cf54a5c77334dd727160de7613d2d2f2b6dd28000efc331fe22dd4a5e575f

Download Submit
C:\Users\Admin\AppData\Roaming\solartweaks\Network Persistent State~RFe57cb01.TMP

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Roaming\solartweaks\TransportSecurity

Filesize
874B

MD5
79571c9615601c3588964824033ec533

SHA1
d282001922d01077bd2d6a5c5f782db8b0353a49

SHA256
e561d02a61ae64e3dff1ec8bd2cc5a8171399a1b82ac5b3bbf79b3c106633458

SHA512
d17c422a2b3cc1c84dd38db0360886abd7ea4255f598e3bdf707b7f2ca9a304e66c7d1dfc097d759dce44e1a696f9de4b657bca594fcd5148599ba4407ada7a1

Download Submit
C:\Users\Admin\AppData\Roaming\solartweaks\TransportSecurity~RFe573fe7.TMP

Filesize
372B

MD5
6bd2045610c12d605368c2f27ec9f567

SHA1
09dc7d4fd99beaddd2f1a493f724eaea106502b2

SHA256
4ec6a8a5e06914ff5d943795aa2c6fd6fbc1dd213a0d4077ab8e24e3e5146b8e

SHA512
3e13b8b2b8fc7e040072b3ba404dd36bb897f4336a355170e77b299221bf39e4cd8c41ff693db81b5fa587e37d8308e71ac715ff65774418f312d5c7d8b2855e

Download Submit
C:\Users\Admin\AppData\Roaming\solartweaks\settings.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
memory/1956-362-0x00007FFBB3240000-0x00007FFBB3241000-memory.dmp

Filesize
4KB

Download
memory/1956-430-0x00000202902A0000-0x000002029033B000-memory.dmp

Filesize
620KB

Download