1c2d92a970c392e744075679363c85a95ab97a28a22ce6431fbaa206d9ac33e3

Analysis

max time kernel
150s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
11-05-2023 02:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ed4a1a4fc71c4cfd4ff37bfd00114b7b.exe
Size

60.3MB
MD5

ed4a1a4fc71c4cfd4ff37bfd00114b7b
SHA1

581a8f1c303c0d592083b4649dd1819e8394efee
SHA256

1c2d92a970c392e744075679363c85a95ab97a28a22ce6431fbaa206d9ac33e3
SHA512

8aa009204b3723af95a2d339f8405a6462c2b2f179f544db02a35bdf095c52ae74a2af128d2facd6ca114c5a0dd1ef50b0ae785917f7e1f0d5ba02b25f8f62d0
SSDEEP

1572864:aV1s9gPNzITDH7QDv2zFZJTCT6MR9L0T+woseEM:aV1sUUXcL2zfNwbnLddEM

Score

7^/10

discovery

Malware Config

Signatures

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\Control Panel\International\Geo\Nation	Solar Tweaks.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\Control Panel\International\Geo\Nation	Solar Tweaks.exe

Executes dropped EXE 5 IoCs

pid	Process
2432	Solar Tweaks.exe
2344	Solar Tweaks.exe
3760	Solar Tweaks.exe
1284	Solar Tweaks.exe
4648	Solar Tweaks.exe

Loads dropped DLL 15 IoCs

pid	Process
3900	ed4a1a4fc71c4cfd4ff37bfd00114b7b.exe
3900	ed4a1a4fc71c4cfd4ff37bfd00114b7b.exe
3900	ed4a1a4fc71c4cfd4ff37bfd00114b7b.exe
3900	ed4a1a4fc71c4cfd4ff37bfd00114b7b.exe
3900	ed4a1a4fc71c4cfd4ff37bfd00114b7b.exe
3900	ed4a1a4fc71c4cfd4ff37bfd00114b7b.exe
3900	ed4a1a4fc71c4cfd4ff37bfd00114b7b.exe
2432	Solar Tweaks.exe
3760	Solar Tweaks.exe
1284	Solar Tweaks.exe
2344	Solar Tweaks.exe
2344	Solar Tweaks.exe
2344	Solar Tweaks.exe
2344	Solar Tweaks.exe
4648	Solar Tweaks.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates processes with tasklist 1 TTPs 1 IoCs

Process Discovery

T1057

pid	Process
3908	tasklist.exe

Modifies registry class 21 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\Local Settings\MuiCache	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\windows.search	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total	SearchApp.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4ei = "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Speech_OneCore\\Recognizers\\Tokens\\MS-1033-110-WINMO-DNN"	SearchApp.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Settings\Cache\History\CachePrefix = "Visited:"	SearchApp.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\microsoft.windows.search\ = "23"	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\microsoft.windows.search	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\Total	SearchApp.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\windows.search\Total = "56"	SearchApp.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total\ = "152"	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4ei	SearchApp.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Settings\Cache\Content\CachePrefix	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DomStorageState	SearchApp.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total\ = "185"	SearchApp.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\microsoft.windows.search\ = "56"	SearchApp.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\windows.search\Total = "23"	SearchApp.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:"	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\EdpDomStorage	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\microsoft.windows.search	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\windows.search	SearchApp.exe

Suspicious behavior: EnumeratesProcesses 17 IoCs

pid	Process
3900	ed4a1a4fc71c4cfd4ff37bfd00114b7b.exe
3900	ed4a1a4fc71c4cfd4ff37bfd00114b7b.exe
3908	tasklist.exe
3908	tasklist.exe
1284	Solar Tweaks.exe
1284	Solar Tweaks.exe
3760	Solar Tweaks.exe
3760	Solar Tweaks.exe
1284	Solar Tweaks.exe
1284	Solar Tweaks.exe
1284	Solar Tweaks.exe
1284	Solar Tweaks.exe
1284	Solar Tweaks.exe
4648	Solar Tweaks.exe
4648	Solar Tweaks.exe
4648	Solar Tweaks.exe
4648	Solar Tweaks.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	3908	tasklist.exe
Token: SeSecurityPrivilege	3900	ed4a1a4fc71c4cfd4ff37bfd00114b7b.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3904	SearchApp.exe

Suspicious use of WriteProcessMemory 55 IoCs

description	pid	Process	procid_target
PID 3900 wrote to memory of 1668	3900	ed4a1a4fc71c4cfd4ff37bfd00114b7b.exe	84
PID 3900 wrote to memory of 1668	3900	ed4a1a4fc71c4cfd4ff37bfd00114b7b.exe	84
PID 3900 wrote to memory of 1668	3900	ed4a1a4fc71c4cfd4ff37bfd00114b7b.exe	84
PID 1668 wrote to memory of 3908	1668	cmd.exe	86
PID 1668 wrote to memory of 3908	1668	cmd.exe	86
PID 1668 wrote to memory of 3908	1668	cmd.exe	86
PID 1668 wrote to memory of 1268	1668	cmd.exe	87
PID 1668 wrote to memory of 1268	1668	cmd.exe	87
PID 1668 wrote to memory of 1268	1668	cmd.exe	87
PID 2432 wrote to memory of 2344	2432	Solar Tweaks.exe	94
PID 2432 wrote to memory of 2344	2432	Solar Tweaks.exe	94
PID 2432 wrote to memory of 2344	2432	Solar Tweaks.exe	94
PID 2432 wrote to memory of 2344	2432	Solar Tweaks.exe	94
PID 2432 wrote to memory of 2344	2432	Solar Tweaks.exe	94
PID 2432 wrote to memory of 2344	2432	Solar Tweaks.exe	94
PID 2432 wrote to memory of 2344	2432	Solar Tweaks.exe	94
PID 2432 wrote to memory of 2344	2432	Solar Tweaks.exe	94
PID 2432 wrote to memory of 2344	2432	Solar Tweaks.exe	94
PID 2432 wrote to memory of 2344	2432	Solar Tweaks.exe	94
PID 2432 wrote to memory of 2344	2432	Solar Tweaks.exe	94
PID 2432 wrote to memory of 2344	2432	Solar Tweaks.exe	94
PID 2432 wrote to memory of 2344	2432	Solar Tweaks.exe	94
PID 2432 wrote to memory of 2344	2432	Solar Tweaks.exe	94
PID 2432 wrote to memory of 2344	2432	Solar Tweaks.exe	94
PID 2432 wrote to memory of 2344	2432	Solar Tweaks.exe	94
PID 2432 wrote to memory of 2344	2432	Solar Tweaks.exe	94
PID 2432 wrote to memory of 2344	2432	Solar Tweaks.exe	94
PID 2432 wrote to memory of 2344	2432	Solar Tweaks.exe	94
PID 2432 wrote to memory of 2344	2432	Solar Tweaks.exe	94
PID 2432 wrote to memory of 2344	2432	Solar Tweaks.exe	94
PID 2432 wrote to memory of 2344	2432	Solar Tweaks.exe	94
PID 2432 wrote to memory of 2344	2432	Solar Tweaks.exe	94
PID 2432 wrote to memory of 2344	2432	Solar Tweaks.exe	94
PID 2432 wrote to memory of 2344	2432	Solar Tweaks.exe	94
PID 2432 wrote to memory of 2344	2432	Solar Tweaks.exe	94
PID 2432 wrote to memory of 2344	2432	Solar Tweaks.exe	94
PID 2432 wrote to memory of 2344	2432	Solar Tweaks.exe	94
PID 2432 wrote to memory of 2344	2432	Solar Tweaks.exe	94
PID 2432 wrote to memory of 2344	2432	Solar Tweaks.exe	94
PID 2432 wrote to memory of 2344	2432	Solar Tweaks.exe	94
PID 2432 wrote to memory of 2344	2432	Solar Tweaks.exe	94
PID 2432 wrote to memory of 2344	2432	Solar Tweaks.exe	94
PID 2432 wrote to memory of 2344	2432	Solar Tweaks.exe	94
PID 2432 wrote to memory of 2344	2432	Solar Tweaks.exe	94
PID 2432 wrote to memory of 2344	2432	Solar Tweaks.exe	94
PID 2432 wrote to memory of 2344	2432	Solar Tweaks.exe	94
PID 2432 wrote to memory of 2344	2432	Solar Tweaks.exe	94
PID 2432 wrote to memory of 2344	2432	Solar Tweaks.exe	94
PID 2432 wrote to memory of 2344	2432	Solar Tweaks.exe	94
PID 2432 wrote to memory of 3760	2432	Solar Tweaks.exe	96
PID 2432 wrote to memory of 3760	2432	Solar Tweaks.exe	96
PID 2432 wrote to memory of 1284	2432	Solar Tweaks.exe	95
PID 2432 wrote to memory of 1284	2432	Solar Tweaks.exe	95
PID 2432 wrote to memory of 4648	2432	Solar Tweaks.exe	107
PID 2432 wrote to memory of 4648	2432	Solar Tweaks.exe	107

C:\Users\Admin\AppData\Local\Temp\ed4a1a4fc71c4cfd4ff37bfd00114b7b.exe
"C:\Users\Admin\AppData\Local\Temp\ed4a1a4fc71c4cfd4ff37bfd00114b7b.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3900
- C:\Windows\SysWOW64\cmd.exe
  cmd /c tasklist /FI "USERNAME eq %USERNAME%" /FI "IMAGENAME eq Solar Tweaks.exe" | find "Solar Tweaks.exe"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1668
- - C:\Windows\SysWOW64\tasklist.exe
    tasklist /FI "USERNAME eq Admin" /FI "IMAGENAME eq Solar Tweaks.exe"
    3⤵
    - Enumerates processes with tasklist
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:3908
- - C:\Windows\SysWOW64\find.exe
    find "Solar Tweaks.exe"
    3⤵
    PID:1268

C:\Users\Admin\AppData\Local\Programs\solartweaks\Solar Tweaks.exe
"C:\Users\Admin\AppData\Local\Programs\solartweaks\Solar Tweaks.exe"
1⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2432
- C:\Users\Admin\AppData\Local\Programs\solartweaks\Solar Tweaks.exe
  "C:\Users\Admin\AppData\Local\Programs\solartweaks\Solar Tweaks.exe" --type=gpu-process --field-trial-handle=1988,17153502570059793135,12117676475589493708,131072 --disable-features=CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1992 /prefetch:2
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:2344
- C:\Users\Admin\AppData\Local\Programs\solartweaks\Solar Tweaks.exe
  "C:\Users\Admin\AppData\Local\Programs\solartweaks\Solar Tweaks.exe" --type=renderer --field-trial-handle=1988,17153502570059793135,12117676475589493708,131072 --disable-features=CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --lang=en-US --standard-schemes=app --secure-schemes=app --bypasscsp-schemes --cors-schemes --fetch-schemes --service-worker-schemes --streaming-schemes --app-path="C:\Users\Admin\AppData\Local\Programs\solartweaks\resources\app.asar" --no-sandbox --no-zygote --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=3 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2620 /prefetch:1
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: EnumeratesProcesses
  PID:1284
- C:\Users\Admin\AppData\Local\Programs\solartweaks\Solar Tweaks.exe
  "C:\Users\Admin\AppData\Local\Programs\solartweaks\Solar Tweaks.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1988,17153502570059793135,12117676475589493708,131072 --disable-features=CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --lang=en-US --service-sandbox-type=none --standard-schemes=app --secure-schemes=app --bypasscsp-schemes --cors-schemes --fetch-schemes --service-worker-schemes --streaming-schemes --mojo-platform-channel-handle=2404 /prefetch:8
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: EnumeratesProcesses
  PID:3760
- C:\Users\Admin\AppData\Local\Programs\solartweaks\Solar Tweaks.exe
  "C:\Users\Admin\AppData\Local\Programs\solartweaks\Solar Tweaks.exe" --type=gpu-process --field-trial-handle=1988,17153502570059793135,12117676475589493708,131072 --disable-features=CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2788 /prefetch:2
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: EnumeratesProcesses
  PID:4648

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5036

C:\Windows\system32\werfault.exe
werfault.exe /hc /shared Global\7d77f5c4c0d645278ae58b6afb65976e /t 3980 /p 3948
1⤵
PID:2876

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:3904

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Process Discovery

T1057

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\.lunarclient\solartweaks\logs\launcher-old.log

Filesize
305B

MD5
df80cde9c64372d3a2489e1ef62f6609

SHA1
8090f69429e88ff133400d700e5defc0bfffc990

SHA256
8ba915bd3a050a681a1987b8740463e074a89501dad1e3ee6718d77116e15f8b

SHA512
0c2fd8d3df1d223313772cccda63df74c7855a02a3760532b60971e9023e2fedb7a3eae071ccaa435c9c6b32123e8084ff8e2fb3754fac40327d1237c9558ac5

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133282530553357889.txt

Filesize
76KB

MD5
daf46408f2891944023fe435518bae23

SHA1
af33f0d10ed26a4792f240786fd243cee92c0797

SHA256
51e84bab53a26112f8e5e991ded78c7097ad1a43e1d3ed2badb676d6ff56d3ec

SHA512
1c19978ec70a5477f1ecaf409d0bee21ccde28da3b58a3159b8a626203d960cf93cad621d219930823163d966ad9abe46608ec0d52f6d2895155219276af2a09

Download Submit
C:\Users\Admin\AppData\Local\Programs\solartweaks\D3DCompiler_47.dll

Filesize
4.3MB

MD5
7641e39b7da4077084d2afe7c31032e0

SHA1
2256644f69435ff2fee76deb04d918083960d1eb

SHA256
44422e6936dc72b7ac5ed16bb8bcae164b7554513e52efb66a3e942cec328a47

SHA512
8010e1cb17fa18bbf72d8344e1d63ded7cef7be6e7c13434fa6d8e22ce1d58a4d426959bdcb031502d4b145e29cb111af929fcbc66001111fbc6d7a19e8800a5

Download Submit
C:\Users\Admin\AppData\Local\Programs\solartweaks\Solar Tweaks.exe

Filesize
130.1MB

MD5
340132256d957b9ec3357850f6eec33c

SHA1
5903ea416bb58d8b52964f8445309cc0769842bb

SHA256
befa6aa28a5bafbad17926b29318f13ab026bbb18010ba410b29374821adf08e

SHA512
03276db0c832f09abf8dab0d100d9c272f4623130a4b5d80de43f6ea099f6c486229e74db0d25a13857eaefb3133dba4f41d08c6aab7bdfd897a601c5cfdf68b

Download Submit
C:\Users\Admin\AppData\Local\Programs\solartweaks\Solar Tweaks.exe

Filesize
130.1MB

MD5
340132256d957b9ec3357850f6eec33c

SHA1
5903ea416bb58d8b52964f8445309cc0769842bb

SHA256
befa6aa28a5bafbad17926b29318f13ab026bbb18010ba410b29374821adf08e

SHA512
03276db0c832f09abf8dab0d100d9c272f4623130a4b5d80de43f6ea099f6c486229e74db0d25a13857eaefb3133dba4f41d08c6aab7bdfd897a601c5cfdf68b

Download Submit
C:\Users\Admin\AppData\Local\Programs\solartweaks\Solar Tweaks.exe

Filesize
130.1MB

MD5
340132256d957b9ec3357850f6eec33c

SHA1
5903ea416bb58d8b52964f8445309cc0769842bb

SHA256
befa6aa28a5bafbad17926b29318f13ab026bbb18010ba410b29374821adf08e

SHA512
03276db0c832f09abf8dab0d100d9c272f4623130a4b5d80de43f6ea099f6c486229e74db0d25a13857eaefb3133dba4f41d08c6aab7bdfd897a601c5cfdf68b

Download Submit
C:\Users\Admin\AppData\Local\Programs\solartweaks\Solar Tweaks.exe

Filesize
130.1MB

MD5
340132256d957b9ec3357850f6eec33c

SHA1
5903ea416bb58d8b52964f8445309cc0769842bb

SHA256
befa6aa28a5bafbad17926b29318f13ab026bbb18010ba410b29374821adf08e

SHA512
03276db0c832f09abf8dab0d100d9c272f4623130a4b5d80de43f6ea099f6c486229e74db0d25a13857eaefb3133dba4f41d08c6aab7bdfd897a601c5cfdf68b

Download Submit
C:\Users\Admin\AppData\Local\Programs\solartweaks\Solar Tweaks.exe

Filesize
130.1MB

MD5
340132256d957b9ec3357850f6eec33c

SHA1
5903ea416bb58d8b52964f8445309cc0769842bb

SHA256
befa6aa28a5bafbad17926b29318f13ab026bbb18010ba410b29374821adf08e

SHA512
03276db0c832f09abf8dab0d100d9c272f4623130a4b5d80de43f6ea099f6c486229e74db0d25a13857eaefb3133dba4f41d08c6aab7bdfd897a601c5cfdf68b

Download Submit
C:\Users\Admin\AppData\Local\Programs\solartweaks\Solar Tweaks.exe

Filesize
130.1MB

MD5
340132256d957b9ec3357850f6eec33c

SHA1
5903ea416bb58d8b52964f8445309cc0769842bb

SHA256
befa6aa28a5bafbad17926b29318f13ab026bbb18010ba410b29374821adf08e

SHA512
03276db0c832f09abf8dab0d100d9c272f4623130a4b5d80de43f6ea099f6c486229e74db0d25a13857eaefb3133dba4f41d08c6aab7bdfd897a601c5cfdf68b

Download Submit
C:\Users\Admin\AppData\Local\Programs\solartweaks\Solar Tweaks.exe

Filesize
48.5MB

MD5
3bf27487572915efa7ee28f2dad54968

SHA1
85d779a5f8882dab1dbffb8a57fa6c1e7bdb8e6f

SHA256
fd6c42454c4b1b15b2a0e77e531a1f76dcd47802e7a458c752180c85d92e793c

SHA512
61526e43d679b4dedf03f77e56f92eae054b6b023836feecefe02ac3dfda40974f413f349cb49f90d31be6bcf1208871f806a4450c11dd8a1bd934232ceded14

Download Submit
C:\Users\Admin\AppData\Local\Programs\solartweaks\chrome_100_percent.pak

Filesize
138KB

MD5
03aaa4f8525ba4b3e30d2a02cb40ab7a

SHA1
dd9ae5f8b56d317c71d0a0a738f5d4a320a02085

SHA256
c3f131faeefab4f506bf61c4b7752a6481f320429731d758ef5413a2f71441f7

SHA512
c89a1b89b669602ba7c8bf2c004755cac7320189603fecb4f4c5cf7a36db72da651c7b613607146f0c6da9eec5df412c7fba75475352192351c02aebdaa7d9a9

Download Submit
C:\Users\Admin\AppData\Local\Programs\solartweaks\chrome_200_percent.pak

Filesize
202KB

MD5
7d4f330a5443eadf32e041c63e7e70ad

SHA1
26ce6fb98c0f28f508d7b88cf94a442b81e80c88

SHA256
b8704be578e7396ee3f2188d0c87d0ede5c5702e9bb8c841b5f8d458abf1356d

SHA512
f1b9b0dd7396863aa0feca06175b7f9ea0be4122351ecf0a0549ee4c34f85ac8c63cc927d7409a40b6e19fa91d2cb00a145616ba19f47045b2345bfbc2d4802d

Download Submit
C:\Users\Admin\AppData\Local\Programs\solartweaks\d3dcompiler_47.dll

Filesize
4.3MB

MD5
7641e39b7da4077084d2afe7c31032e0

SHA1
2256644f69435ff2fee76deb04d918083960d1eb

SHA256
44422e6936dc72b7ac5ed16bb8bcae164b7554513e52efb66a3e942cec328a47

SHA512
8010e1cb17fa18bbf72d8344e1d63ded7cef7be6e7c13434fa6d8e22ce1d58a4d426959bdcb031502d4b145e29cb111af929fcbc66001111fbc6d7a19e8800a5

Download Submit
C:\Users\Admin\AppData\Local\Programs\solartweaks\ffmpeg.dll

Filesize
2.6MB

MD5
7c3c780de9ae5cc4abeccbd7cb6b367b

SHA1
bda27b3c0b1ec023e2a0a97099a84b10e04cb135

SHA256
39293258d5a2418841edb5ccf9ab3ad23064fb95e1ddfa7a3c6295a24c272a08

SHA512
80a79f827c3154461158ec6f466db0c2ecd9ce9ffd7728001644d4cf382721d09c0758f98f73d7fa548e4e220ffd2b8842303d67a43e79b9146e8b882853658c

Download Submit
C:\Users\Admin\AppData\Local\Programs\solartweaks\ffmpeg.dll

Filesize
2.6MB

MD5
7c3c780de9ae5cc4abeccbd7cb6b367b

SHA1
bda27b3c0b1ec023e2a0a97099a84b10e04cb135

SHA256
39293258d5a2418841edb5ccf9ab3ad23064fb95e1ddfa7a3c6295a24c272a08

SHA512
80a79f827c3154461158ec6f466db0c2ecd9ce9ffd7728001644d4cf382721d09c0758f98f73d7fa548e4e220ffd2b8842303d67a43e79b9146e8b882853658c

Download Submit
C:\Users\Admin\AppData\Local\Programs\solartweaks\ffmpeg.dll

Filesize
2.6MB

MD5
7c3c780de9ae5cc4abeccbd7cb6b367b

SHA1
bda27b3c0b1ec023e2a0a97099a84b10e04cb135

SHA256
39293258d5a2418841edb5ccf9ab3ad23064fb95e1ddfa7a3c6295a24c272a08

SHA512
80a79f827c3154461158ec6f466db0c2ecd9ce9ffd7728001644d4cf382721d09c0758f98f73d7fa548e4e220ffd2b8842303d67a43e79b9146e8b882853658c

Download Submit
C:\Users\Admin\AppData\Local\Programs\solartweaks\ffmpeg.dll

Filesize
2.6MB

MD5
7c3c780de9ae5cc4abeccbd7cb6b367b

SHA1
bda27b3c0b1ec023e2a0a97099a84b10e04cb135

SHA256
39293258d5a2418841edb5ccf9ab3ad23064fb95e1ddfa7a3c6295a24c272a08

SHA512
80a79f827c3154461158ec6f466db0c2ecd9ce9ffd7728001644d4cf382721d09c0758f98f73d7fa548e4e220ffd2b8842303d67a43e79b9146e8b882853658c

Download Submit
C:\Users\Admin\AppData\Local\Programs\solartweaks\ffmpeg.dll

Filesize
2.6MB

MD5
7c3c780de9ae5cc4abeccbd7cb6b367b

SHA1
bda27b3c0b1ec023e2a0a97099a84b10e04cb135

SHA256
39293258d5a2418841edb5ccf9ab3ad23064fb95e1ddfa7a3c6295a24c272a08

SHA512
80a79f827c3154461158ec6f466db0c2ecd9ce9ffd7728001644d4cf382721d09c0758f98f73d7fa548e4e220ffd2b8842303d67a43e79b9146e8b882853658c

Download Submit
C:\Users\Admin\AppData\Local\Programs\solartweaks\ffmpeg.dll

Filesize
2.6MB

MD5
7c3c780de9ae5cc4abeccbd7cb6b367b

SHA1
bda27b3c0b1ec023e2a0a97099a84b10e04cb135

SHA256
39293258d5a2418841edb5ccf9ab3ad23064fb95e1ddfa7a3c6295a24c272a08

SHA512
80a79f827c3154461158ec6f466db0c2ecd9ce9ffd7728001644d4cf382721d09c0758f98f73d7fa548e4e220ffd2b8842303d67a43e79b9146e8b882853658c

Download Submit
C:\Users\Admin\AppData\Local\Programs\solartweaks\icudtl.dat

Filesize
9.9MB

MD5
80a7528515595d8b0bf99a477a7eff0d

SHA1
fde9a195fc5a6a23ec82b8594f958cfcf3159437

SHA256
6e0b6b0d9e14c905f2278dbf25b7bb58cc0622b7680e3b6ff617a1d42348736b

SHA512
c8df47a00f7b2472d272a26b3600b7e82be7ca22526d6453901ff06370b3abb66328655868db9d4e0a11dcba02e3788cc4883261fd9a7d3e521577dde1b88459

Download Submit
C:\Users\Admin\AppData\Local\Programs\solartweaks\locales\en-US.pak

Filesize
88KB

MD5
af5c77e1d94dc4f772cb641bd310bc87

SHA1
0ceeb456e2601e22d873250bcc713bab573f2247

SHA256
781ef5aa8dce072a3e7732f39a7e991c497c70bfaec2264369d0d790ab7660a4

SHA512
8c3217b7d9b529d00785c7a1b2417a3297c234dec8383709c89c7ff9296f8ed4e9e6184e4304838edc5b4da9c9c3fe329b792c462e48b7175250ea3ea3acc70c

Download Submit
C:\Users\Admin\AppData\Local\Programs\solartweaks\resources.pak

Filesize
4.9MB

MD5
91f8a4b158df6967163ccbbe765e095a

SHA1
95db67f0a2352fd898f4a4cfdfc860f6a9c58c87

SHA256
a30b8269e588c6cc2cea5fd4685da3012fd10451edb59a283005116f8e033182

SHA512
6450d75d53f24d11e1c1e7e3cacfc57ee9dd09c00ca0dc2ff30f580b59a6b17e7ad7d96682195bd7d806b49068653538c77ca4200491560cecff128a0b012d92

Download Submit
C:\Users\Admin\AppData\Local\Programs\solartweaks\resources\app.asar

Filesize
7.1MB

MD5
ffbcaf8661b84341601d8a0c75fb27c2

SHA1
47f107ace93bfa6f83929a8b23fede95973fd86e

SHA256
af87efd6abb9aa6868eb7a4eba16eaeef572911aedd872be452d1ee42f55ed67

SHA512
f9d691a823f344049d8858d509bf421b7743223fd3bef324aac94e3110e2f4aac8a2b80ababc7bb35c5e34948e1b5680678ad8513b5f4d19ed13d109c49e7129

Download Submit
C:\Users\Admin\AppData\Local\Programs\solartweaks\swiftshader\libEGL.dll

Filesize
448KB

MD5
038a73114d439bfc94be4732b2794998

SHA1
4b7a9d52da1bd808af979cf5cfb146404494317a

SHA256
b1054e0dc2ab31a7cf3cd7f3dae07b1ec31acd42c157be13ce47ea870840f0cc

SHA512
8788e43de424e1d7a163d0b7f4d719c36bf8fdee9808d405aeb05993c446d4f2a595741cb4d98f5e9611cd16d09de9445bf72176a799f4189168bb8509b115ff

Download Submit
C:\Users\Admin\AppData\Local\Programs\solartweaks\swiftshader\libGLESv2.dll

Filesize
3.1MB

MD5
38ec86347b3e467c5868e35ab48f89f2

SHA1
4db17d065cc330b277a70f9fb8dff0c4b426f314

SHA256
2e10d308d0207835b07df3bb38bee88300aa57fcb214051e8654d29587257744

SHA512
2b2405ed51ea1d232f2d60072e4f57e70f36f1a8f9d0a935772bfb9a3be50c1d6136cee496fde9fb3dda1f0d2f1c643cb9f162e0b68828ff854645eb1e8216f4

Download Submit
C:\Users\Admin\AppData\Local\Programs\solartweaks\swiftshader\libegl.dll

Filesize
448KB

MD5
038a73114d439bfc94be4732b2794998

SHA1
4b7a9d52da1bd808af979cf5cfb146404494317a

SHA256
b1054e0dc2ab31a7cf3cd7f3dae07b1ec31acd42c157be13ce47ea870840f0cc

SHA512
8788e43de424e1d7a163d0b7f4d719c36bf8fdee9808d405aeb05993c446d4f2a595741cb4d98f5e9611cd16d09de9445bf72176a799f4189168bb8509b115ff

Download Submit
C:\Users\Admin\AppData\Local\Programs\solartweaks\swiftshader\libglesv2.dll

Filesize
3.1MB

MD5
38ec86347b3e467c5868e35ab48f89f2

SHA1
4db17d065cc330b277a70f9fb8dff0c4b426f314

SHA256
2e10d308d0207835b07df3bb38bee88300aa57fcb214051e8654d29587257744

SHA512
2b2405ed51ea1d232f2d60072e4f57e70f36f1a8f9d0a935772bfb9a3be50c1d6136cee496fde9fb3dda1f0d2f1c643cb9f162e0b68828ff854645eb1e8216f4

Download Submit
C:\Users\Admin\AppData\Local\Programs\solartweaks\v8_context_snapshot.bin

Filesize
161KB

MD5
e47426f88649c7f8e27b8a1516cc0137

SHA1
5452aadfddbc55d6c5c18b801087e39529859b12

SHA256
09686ad5bf03d95de7c251d204e60a8e3824bd6420bedddee80b2c6e5609fb26

SHA512
f9647a35ff273ca622b3db4aefb9aaf75075386c42a31e085f916fc82f3a18fed25b0e05dcc09e678ca419408f59f0c34fa5762e5f945db35f9c6f67b7b94bc0

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsaBBA5.tmp\SpiderBanner.dll

Filesize
9KB

MD5
17309e33b596ba3a5693b4d3e85cf8d7

SHA1
7d361836cf53df42021c7f2b148aec9458818c01

SHA256
996a259e53ca18b89ec36d038c40148957c978c0fd600a268497d4c92f882a93

SHA512
1abac3ce4f2d5e4a635162e16cf9125e059ba1539f70086c2d71cd00d41a6e2a54d468e6f37792e55a822d7082fb388b8dfecc79b59226bbb047b7d28d44d298

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsaBBA5.tmp\StdUtils.dll

Filesize
100KB

MD5
c6a6e03f77c313b267498515488c5740

SHA1
3d49fc2784b9450962ed6b82b46e9c3c957d7c15

SHA256
b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e

SHA512
9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsaBBA5.tmp\StdUtils.dll

Filesize
100KB

MD5
c6a6e03f77c313b267498515488c5740

SHA1
3d49fc2784b9450962ed6b82b46e9c3c957d7c15

SHA256
b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e

SHA512
9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsaBBA5.tmp\System.dll

Filesize
12KB

MD5
0d7ad4f45dc6f5aa87f606d0331c6901

SHA1
48df0911f0484cbe2a8cdd5362140b63c41ee457

SHA256
3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca

SHA512
c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsaBBA5.tmp\WinShell.dll

Filesize
3KB

MD5
1cc7c37b7e0c8cd8bf04b6cc283e1e56

SHA1
0b9519763be6625bd5abce175dcc59c96d100d4c

SHA256
9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6

SHA512
7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsaBBA5.tmp\WinShell.dll

Filesize
3KB

MD5
1cc7c37b7e0c8cd8bf04b6cc283e1e56

SHA1
0b9519763be6625bd5abce175dcc59c96d100d4c

SHA256
9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6

SHA512
7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsaBBA5.tmp\WinShell.dll

Filesize
3KB

MD5
1cc7c37b7e0c8cd8bf04b6cc283e1e56

SHA1
0b9519763be6625bd5abce175dcc59c96d100d4c

SHA256
9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6

SHA512
7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsaBBA5.tmp\nsExec.dll

Filesize
6KB

MD5
ec0504e6b8a11d5aad43b296beeb84b2

SHA1
91b5ce085130c8c7194d66b2439ec9e1c206497c

SHA256
5d9ceb1ce5f35aea5f9e5a0c0edeeec04dfefe0c77890c80c70e98209b58b962

SHA512
3f918f1b47e8a919cbe51eb17dc30acc8cfc18e743a1bae5b787d0db7d26038dc1210be98bf5ba3be8d6ed896dbbd7ac3d13e66454a98b2a38c7e69dad30bb57

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsaBBA5.tmp\nsis7z.dll

Filesize
424KB

MD5
80e44ce4895304c6a3a831310fbf8cd0

SHA1
36bd49ae21c460be5753a904b4501f1abca53508

SHA256
b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592

SHA512
c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\AppData\Roaming\solartweaks\Network Persistent State

Filesize
1KB

MD5
e2dd988fe3b88279faf9e342b8cc5983

SHA1
baa7e3375a5e9f49380ec595d0d4e918edff4592

SHA256
600ebde0aa3745acbe31b292600405fac702634d4ab3826fc5fcc1b7f38306fc

SHA512
c6d7065629e28edfc79ce11b3b86ef6e09b63b4e4e101e8330867a8e55d16bb2a6ef8a54abef3eb98a97f4dac129b5107f3b91512115e211f731fa1e958b5f64

Download Submit
C:\Users\Admin\AppData\Roaming\solartweaks\Network Persistent State~RFe5857df.TMP

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Roaming\solartweaks\settings.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
memory/2344-377-0x00007FF884190000-0x00007FF884191000-memory.dmp

Filesize
4KB

Download
memory/3904-507-0x000002A43FD70000-0x000002A43FD90000-memory.dmp

Filesize
128KB

Download
memory/3904-510-0x000002A43FD30000-0x000002A43FD50000-memory.dmp

Filesize
128KB

Download
memory/3904-514-0x000002A440340000-0x000002A440360000-memory.dmp

Filesize
128KB

Download