Analysis

  • max time kernel
    148s
  • max time network
    152s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240508-en
  • resource tags

    arch:x64arch:x86image:win11-20240508-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    03-06-2024 11:05

General

  • Target

    Solar-Tweaks-Client-Launcher-All-Versions.exe

  • Size

    60.3MB

  • MD5

    ed4a1a4fc71c4cfd4ff37bfd00114b7b

  • SHA1

    581a8f1c303c0d592083b4649dd1819e8394efee

  • SHA256

    1c2d92a970c392e744075679363c85a95ab97a28a22ce6431fbaa206d9ac33e3

  • SHA512

    8aa009204b3723af95a2d339f8405a6462c2b2f179f544db02a35bdf095c52ae74a2af128d2facd6ca114c5a0dd1ef50b0ae785917f7e1f0d5ba02b25f8f62d0

  • SSDEEP

    1572864:aV1s9gPNzITDH7QDv2zFZJTCT6MR9L0T+woseEM:aV1sUUXcL2zfNwbnLddEM

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 5 IoCs
  • Loads dropped DLL 15 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Enumerates processes with tasklist 1 TTPs 1 IoCs
  • Modifies system certificate store 2 TTPs 12 IoCs
  • Suspicious behavior: EnumeratesProcesses 16 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of WriteProcessMemory 55 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Solar-Tweaks-Client-Launcher-All-Versions.exe
    "C:\Users\Admin\AppData\Local\Temp\Solar-Tweaks-Client-Launcher-All-Versions.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:752
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c tasklist /FI "USERNAME eq %USERNAME%" /FI "IMAGENAME eq Solar Tweaks.exe" | find "Solar Tweaks.exe"
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:1212
      • C:\Windows\SysWOW64\tasklist.exe
        tasklist /FI "USERNAME eq Admin" /FI "IMAGENAME eq Solar Tweaks.exe"
        3⤵
        • Enumerates processes with tasklist
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        PID:2432
      • C:\Windows\SysWOW64\find.exe
        find "Solar Tweaks.exe"
        3⤵
          PID:432
    • C:\Users\Admin\AppData\Local\Programs\solartweaks\Solar Tweaks.exe
      "C:\Users\Admin\AppData\Local\Programs\solartweaks\Solar Tweaks.exe"
      1⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Modifies system certificate store
      • Suspicious use of WriteProcessMemory
      PID:2792
      • C:\Users\Admin\AppData\Local\Programs\solartweaks\Solar Tweaks.exe
        "C:\Users\Admin\AppData\Local\Programs\solartweaks\Solar Tweaks.exe" --type=gpu-process --field-trial-handle=1948,8149837960789692154,4542092393574279622,131072 --disable-features=CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1956 /prefetch:2
        2⤵
        • Executes dropped EXE
        • Loads dropped DLL
        PID:2788
      • C:\Users\Admin\AppData\Local\Programs\solartweaks\Solar Tweaks.exe
        "C:\Users\Admin\AppData\Local\Programs\solartweaks\Solar Tweaks.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1948,8149837960789692154,4542092393574279622,131072 --disable-features=CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --lang=en-US --service-sandbox-type=none --standard-schemes=app --secure-schemes=app --bypasscsp-schemes --cors-schemes --fetch-schemes --service-worker-schemes --streaming-schemes --mojo-platform-channel-handle=2380 /prefetch:8
        2⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Suspicious behavior: EnumeratesProcesses
        PID:1884
      • C:\Users\Admin\AppData\Local\Programs\solartweaks\Solar Tweaks.exe
        "C:\Users\Admin\AppData\Local\Programs\solartweaks\Solar Tweaks.exe" --type=renderer --field-trial-handle=1948,8149837960789692154,4542092393574279622,131072 --disable-features=CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --lang=en-US --standard-schemes=app --secure-schemes=app --bypasscsp-schemes --cors-schemes --fetch-schemes --service-worker-schemes --streaming-schemes --app-path="C:\Users\Admin\AppData\Local\Programs\solartweaks\resources\app.asar" --no-sandbox --no-zygote --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=3 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2484 /prefetch:1
        2⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Suspicious behavior: EnumeratesProcesses
        PID:2096
      • C:\Users\Admin\AppData\Local\Programs\solartweaks\Solar Tweaks.exe
        "C:\Users\Admin\AppData\Local\Programs\solartweaks\Solar Tweaks.exe" --type=gpu-process --field-trial-handle=1948,8149837960789692154,4542092393574279622,131072 --disable-features=CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2276 /prefetch:2
        2⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Suspicious behavior: EnumeratesProcesses
        PID:1468
    • C:\Windows\System32\CompPkgSrv.exe
      C:\Windows\System32\CompPkgSrv.exe -Embedding
      1⤵
        PID:4244

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\Local\Programs\solartweaks\D3DCompiler_47.dll

        Filesize

        4.3MB

        MD5

        7641e39b7da4077084d2afe7c31032e0

        SHA1

        2256644f69435ff2fee76deb04d918083960d1eb

        SHA256

        44422e6936dc72b7ac5ed16bb8bcae164b7554513e52efb66a3e942cec328a47

        SHA512

        8010e1cb17fa18bbf72d8344e1d63ded7cef7be6e7c13434fa6d8e22ce1d58a4d426959bdcb031502d4b145e29cb111af929fcbc66001111fbc6d7a19e8800a5

      • C:\Users\Admin\AppData\Local\Programs\solartweaks\chrome_100_percent.pak

        Filesize

        138KB

        MD5

        03aaa4f8525ba4b3e30d2a02cb40ab7a

        SHA1

        dd9ae5f8b56d317c71d0a0a738f5d4a320a02085

        SHA256

        c3f131faeefab4f506bf61c4b7752a6481f320429731d758ef5413a2f71441f7

        SHA512

        c89a1b89b669602ba7c8bf2c004755cac7320189603fecb4f4c5cf7a36db72da651c7b613607146f0c6da9eec5df412c7fba75475352192351c02aebdaa7d9a9

      • C:\Users\Admin\AppData\Local\Programs\solartweaks\chrome_200_percent.pak

        Filesize

        202KB

        MD5

        7d4f330a5443eadf32e041c63e7e70ad

        SHA1

        26ce6fb98c0f28f508d7b88cf94a442b81e80c88

        SHA256

        b8704be578e7396ee3f2188d0c87d0ede5c5702e9bb8c841b5f8d458abf1356d

        SHA512

        f1b9b0dd7396863aa0feca06175b7f9ea0be4122351ecf0a0549ee4c34f85ac8c63cc927d7409a40b6e19fa91d2cb00a145616ba19f47045b2345bfbc2d4802d

      • C:\Users\Admin\AppData\Local\Programs\solartweaks\ffmpeg.dll

        Filesize

        2.6MB

        MD5

        7c3c780de9ae5cc4abeccbd7cb6b367b

        SHA1

        bda27b3c0b1ec023e2a0a97099a84b10e04cb135

        SHA256

        39293258d5a2418841edb5ccf9ab3ad23064fb95e1ddfa7a3c6295a24c272a08

        SHA512

        80a79f827c3154461158ec6f466db0c2ecd9ce9ffd7728001644d4cf382721d09c0758f98f73d7fa548e4e220ffd2b8842303d67a43e79b9146e8b882853658c

      • C:\Users\Admin\AppData\Local\Programs\solartweaks\icudtl.dat

        Filesize

        9.9MB

        MD5

        80a7528515595d8b0bf99a477a7eff0d

        SHA1

        fde9a195fc5a6a23ec82b8594f958cfcf3159437

        SHA256

        6e0b6b0d9e14c905f2278dbf25b7bb58cc0622b7680e3b6ff617a1d42348736b

        SHA512

        c8df47a00f7b2472d272a26b3600b7e82be7ca22526d6453901ff06370b3abb66328655868db9d4e0a11dcba02e3788cc4883261fd9a7d3e521577dde1b88459

      • C:\Users\Admin\AppData\Local\Programs\solartweaks\libEGL.dll

        Filesize

        429KB

        MD5

        b3017453d487a7d33445c1d2d9b9bc13

        SHA1

        7e643ccb8984a4a92dd439eeb4bdaaeb62bd8862

        SHA256

        23046e7fe2bbf76ee2c5596b6beac723ad465fdbaa44266486102cdb292148a1

        SHA512

        fd583f4b95aa974d72628bcc548feb22bc86c5ab0fd1536995bd796e28422f56e6799d60e2c3bef9aed9a1080eaf12338a3b29b8c3d40ba5166030a219572baf

      • C:\Users\Admin\AppData\Local\Programs\solartweaks\libGLESv2.dll

        Filesize

        7.6MB

        MD5

        dd8d815769cbf46af41a41931e9b4572

        SHA1

        f242fcc4cfd5030f3f543c22f141185cd86e7142

        SHA256

        dd74029716da56a0e4b64bc5cea0c169e1c4b31143ff39213d3c544792e8f2b9

        SHA512

        69a12f862157746ffc27b637941261a0c5c494175c3e674c7de4d0c4452a5b9358735944e8e0568b7279a7791cf178c9b1afd5ea4a781e93f28cd775a0a6096f

      • C:\Users\Admin\AppData\Local\Programs\solartweaks\locales\en-US.pak

        Filesize

        88KB

        MD5

        af5c77e1d94dc4f772cb641bd310bc87

        SHA1

        0ceeb456e2601e22d873250bcc713bab573f2247

        SHA256

        781ef5aa8dce072a3e7732f39a7e991c497c70bfaec2264369d0d790ab7660a4

        SHA512

        8c3217b7d9b529d00785c7a1b2417a3297c234dec8383709c89c7ff9296f8ed4e9e6184e4304838edc5b4da9c9c3fe329b792c462e48b7175250ea3ea3acc70c

      • C:\Users\Admin\AppData\Local\Programs\solartweaks\resources.pak

        Filesize

        4.9MB

        MD5

        91f8a4b158df6967163ccbbe765e095a

        SHA1

        95db67f0a2352fd898f4a4cfdfc860f6a9c58c87

        SHA256

        a30b8269e588c6cc2cea5fd4685da3012fd10451edb59a283005116f8e033182

        SHA512

        6450d75d53f24d11e1c1e7e3cacfc57ee9dd09c00ca0dc2ff30f580b59a6b17e7ad7d96682195bd7d806b49068653538c77ca4200491560cecff128a0b012d92

      • C:\Users\Admin\AppData\Local\Programs\solartweaks\resources\app.asar

        Filesize

        7.1MB

        MD5

        ffbcaf8661b84341601d8a0c75fb27c2

        SHA1

        47f107ace93bfa6f83929a8b23fede95973fd86e

        SHA256

        af87efd6abb9aa6868eb7a4eba16eaeef572911aedd872be452d1ee42f55ed67

        SHA512

        f9d691a823f344049d8858d509bf421b7743223fd3bef324aac94e3110e2f4aac8a2b80ababc7bb35c5e34948e1b5680678ad8513b5f4d19ed13d109c49e7129

      • C:\Users\Admin\AppData\Local\Programs\solartweaks\v8_context_snapshot.bin

        Filesize

        161KB

        MD5

        e47426f88649c7f8e27b8a1516cc0137

        SHA1

        5452aadfddbc55d6c5c18b801087e39529859b12

        SHA256

        09686ad5bf03d95de7c251d204e60a8e3824bd6420bedddee80b2c6e5609fb26

        SHA512

        f9647a35ff273ca622b3db4aefb9aaf75075386c42a31e085f916fc82f3a18fed25b0e05dcc09e678ca419408f59f0c34fa5762e5f945db35f9c6f67b7b94bc0

      • C:\Users\Admin\AppData\Local\Temp\nsc58DF.tmp\SpiderBanner.dll

        Filesize

        9KB

        MD5

        17309e33b596ba3a5693b4d3e85cf8d7

        SHA1

        7d361836cf53df42021c7f2b148aec9458818c01

        SHA256

        996a259e53ca18b89ec36d038c40148957c978c0fd600a268497d4c92f882a93

        SHA512

        1abac3ce4f2d5e4a635162e16cf9125e059ba1539f70086c2d71cd00d41a6e2a54d468e6f37792e55a822d7082fb388b8dfecc79b59226bbb047b7d28d44d298

      • C:\Users\Admin\AppData\Local\Temp\nsc58DF.tmp\StdUtils.dll

        Filesize

        100KB

        MD5

        c6a6e03f77c313b267498515488c5740

        SHA1

        3d49fc2784b9450962ed6b82b46e9c3c957d7c15

        SHA256

        b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e

        SHA512

        9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803

      • C:\Users\Admin\AppData\Local\Temp\nsc58DF.tmp\System.dll

        Filesize

        12KB

        MD5

        0d7ad4f45dc6f5aa87f606d0331c6901

        SHA1

        48df0911f0484cbe2a8cdd5362140b63c41ee457

        SHA256

        3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca

        SHA512

        c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9

      • C:\Users\Admin\AppData\Local\Temp\nsc58DF.tmp\WinShell.dll

        Filesize

        3KB

        MD5

        1cc7c37b7e0c8cd8bf04b6cc283e1e56

        SHA1

        0b9519763be6625bd5abce175dcc59c96d100d4c

        SHA256

        9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6

        SHA512

        7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f

      • C:\Users\Admin\AppData\Local\Temp\nsc58DF.tmp\nsExec.dll

        Filesize

        6KB

        MD5

        ec0504e6b8a11d5aad43b296beeb84b2

        SHA1

        91b5ce085130c8c7194d66b2439ec9e1c206497c

        SHA256

        5d9ceb1ce5f35aea5f9e5a0c0edeeec04dfefe0c77890c80c70e98209b58b962

        SHA512

        3f918f1b47e8a919cbe51eb17dc30acc8cfc18e743a1bae5b787d0db7d26038dc1210be98bf5ba3be8d6ed896dbbd7ac3d13e66454a98b2a38c7e69dad30bb57

      • C:\Users\Admin\AppData\Local\Temp\nsc58DF.tmp\nsis7z.dll

        Filesize

        424KB

        MD5

        80e44ce4895304c6a3a831310fbf8cd0

        SHA1

        36bd49ae21c460be5753a904b4501f1abca53508

        SHA256

        b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592

        SHA512

        c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df

      • C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

        Filesize

        2B

        MD5

        f3b25701fe362ec84616a93a45ce9998

        SHA1

        d62636d8caec13f04e28442a0a6fa1afeb024bbb

        SHA256

        b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

        SHA512

        98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

      • C:\Users\Admin\AppData\Roaming\solartweaks\Network Persistent State

        Filesize

        946B

        MD5

        8a616767dfefa22097aede36e082b2b4

        SHA1

        040be9dc9a748b8aa8fe6158cb4c51363a3de832

        SHA256

        3e81be24945a75d0379be23cea3ced4f25fa2cb68b022f06c2374fb483980480

        SHA512

        e7fa270faadf85dcc544cf94f7f7259fdcf607626748024ffe571fbc8ea3bc2eb249b2aa6c3bc33a6aeb8c0fc426cffb9285a1642da821b66aa9942882d5ed59

      • C:\Users\Admin\AppData\Roaming\solartweaks\Network Persistent State~RFe588623.TMP

        Filesize

        59B

        MD5

        2800881c775077e1c4b6e06bf4676de4

        SHA1

        2873631068c8b3b9495638c865915be822442c8b

        SHA256

        226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

        SHA512

        e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

      • C:\Users\Admin\AppData\Roaming\solartweaks\settings.json

        Filesize

        2B

        MD5

        99914b932bd37a50b983c5e7c90ae93b

        SHA1

        bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

        SHA256

        44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

        SHA512

        27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

      • C:\Users\Admin\AppData\Roaming\solartweaks\settings.json

        Filesize

        627B

        MD5

        5f38f6e9bbecf62b4cec8ea6de1854e3

        SHA1

        6172b41aeb0dcc76813d4c0c99acec126eba444c

        SHA256

        b8a60373c0b7d29690b93b4aeda3bee0b30a3ace880ef6bd7524eb88f1571239

        SHA512

        474d5b3d703a5a45f7bd5f4cbb8e954b465a498afe8b38249e78104624ef1e3289da521af3426678d3091632ae1746d14484bf6abcd3cbbb36c35818af73b09d

      • C:\Users\Admin\AppData\Roaming\solartweaks\settings.json

        Filesize

        650B

        MD5

        f3f0eb11f3cf9eb98e7d5f8770cbcef3

        SHA1

        bad9cc272835b95937aca0abdf89a6e5a9a5bd4f

        SHA256

        29c3c242170b82bf90f2645687325eff22889dc24fe16252a403f38200f03f56

        SHA512

        097b1fa91274fe8d901add35cfc3138d8ff1aba54562caf5a8e7c1ad4b50012eca6bb54909c84c607a4dcb74d98d2f438721f2c003d77abccfefaefa1dd0ea12

      • C:\Users\Admin\AppData\Roaming\solartweaks\settings.json

        Filesize

        603B

        MD5

        c23db53da00a63a64438189f22203868

        SHA1

        a5a3264744be1173a23dffa32652307152fefc36

        SHA256

        f9aab56e63a5f03207f83c17969585929558c09a2b173766882af8f03feb3920

        SHA512

        5d3d915d51f0792820cc3844654a13f95ba775767bf77a1b44d267819cdd7e5f4ffeb68bdcbda33c73de118f1d0328eb04318b27d646dc3d9cb8d6dbc12cedb0

      • C:\Users\Admin\AppData\Roaming\solartweaks\settings.json

        Filesize

        1KB

        MD5

        b813b0b930025819e50b24cf58fa8b99

        SHA1

        d174b5846ca35f3abd6b762bbed125bd95718608

        SHA256

        37fda072151c291a9bfac3de2d75678e48f36c692c16e9a4319e47ae893d1948

        SHA512

        61481b5d868f7e2b5960f32b71c95405daa55bbf3bc399bdbb4f850a26d2c465ec0d2463a1c46781d76481feeb3b3ecaf46e37d26a9efe58e3a53aa4b7b21ef9

      • C:\Users\Admin\AppData\Roaming\solartweaks\settings.json

        Filesize

        1KB

        MD5

        c86cec1b641a1751fc2686bb39906ce9

        SHA1

        616f2425c53de0b5d3c52c35e681f4bffac2c3ea

        SHA256

        7102aadcf6eca0994d83ba8766a7f1d2e73689c16df68aa83f52691e953c0a44

        SHA512

        e1d89a2c5ca16bdd0513ff1ab27d00928ae1b8b3e63a2d6c35b03585ea68ea1ca383170437189e55db7bc4311ed60e81aa7586a766403892a2a10b65c1350bb4

      • C:\Users\Admin\AppData\Roaming\solartweaks\settings.json

        Filesize

        1KB

        MD5

        d263727e27fcafacea787b3aa49f016e

        SHA1

        454440ca6861ff721a059148814a871c72272304

        SHA256

        f65e71bcdf75ce25a6ab86872d8a5c5b0e7ffadfe7c47ed81a88ac9e70b731cc

        SHA512

        9ad1671669b09d665ddb097360855277215c9c53fc94702f3ec64411f2d65c83ede8b08b86c478fa13612db17275e0bbdeff826ada1e958fa6b23ed5f3f7bd3e

      • C:\Users\Admin\AppData\Roaming\solartweaks\settings.json

        Filesize

        1KB

        MD5

        c1378dbef0b77775c6aa058ee857422e

        SHA1

        c22712417bd4649ca91d659597dfc49689e437cc

        SHA256

        4cde328f68f1c361f9ea93fa0eec0a6e156181a84d9cb9ebad6fc51e33015c65

        SHA512

        0754b9365a8f0269b5533d515caeffb06e6de9f7ddaa599d4d70ace0a0b10d0bde7ab73b19957f98f63b13c1bbf6a21148b40fb9ba7bfee032f7473a471d65fe

      • C:\Users\Admin\AppData\Roaming\solartweaks\settings.json

        Filesize

        1KB

        MD5

        189012f749df1fc60df78e4e64a4efd6

        SHA1

        246d365e68b4c7158de5022592a17e116a041d54

        SHA256

        b2618566584cacc2092df78e71b00f4a0a80edd9d8fa028d9237d5210e13e1ba

        SHA512

        13de5d5abf662906aa3acba1a6886d00307bed6be5b70e2877444c58b202d4d1d58dfce017e9281a5847aa928b8b6dc476d3575625463fd6b1a50aa64452c7e4

      • C:\Users\Admin\AppData\Roaming\solartweaks\settings.json

        Filesize

        1KB

        MD5

        3099465b5a574902216b1113a3ae3327

        SHA1

        94053d0ca6f8d6a691ce19cdbac17f802df993a3

        SHA256

        53d2ec34e73ffa9242c7c4ba7dbe8bb67cd3343f3b5bb50dbcb5d84bea9be5dd

        SHA512

        8a3dccafc247f641161960415fcaee5da51a2aea460844cf22c6ba39e1cc59f762567560ada67b22372e71aff2c880b397402f8177f16ee5c9bfaac6070a6cc8

      • C:\Users\Admin\AppData\Roaming\solartweaks\settings.json

        Filesize

        1KB

        MD5

        fb537a3bcba9bf04d039449b89a12db5

        SHA1

        1ede91b1c3414d380285e9963b4c458811044839

        SHA256

        d8a960e270f3721135a691d431f1fb6b2397fac692f9fdfc03db9f387c4cc5fb

        SHA512

        ebd429aa6d38a9f8d4c375d8af762b7a2bc21bb812884e5406bcc5bcbf9930f22c2ab64c38b68864fd048bb0633afab6bdd9bd109275cb2edca55c2295fffedb

      • C:\Users\Admin\AppData\Roaming\solartweaks\settings.json

        Filesize

        1KB

        MD5

        9243f568007dfd925fccb5de036e5766

        SHA1

        e59729a1a3fa1f789ef4168e8949b2f0ecb39604

        SHA256

        1bacae91e8f7e2fcbe8a585189277214f670eed72f2e1b2e70185177e6f1f1a0

        SHA512

        d2e8ae299d0ac6510a0a360f5fb33cb5e3d007ac89a22a10f3fa6bd4da3d58b592f44ff7259b6e77dd08409f1c941dc0655a1f55f1ca4e1c1327348e200a14b3

      • C:\Users\Admin\AppData\Roaming\solartweaks\settings.json

        Filesize

        1KB

        MD5

        fa51d7c772529b3519f84ca05e53b600

        SHA1

        1687eae7142c1e60c032fadc5a3514861ef38962

        SHA256

        b66a7f732fae853a22bbe89d8282ba7101efedd31d87502cd58bcd3f7545a74a

        SHA512

        8f085ebe805fdacaeffa1ff35d7edfcd7719608e9e8200edfce094a4c4e55ad8fa1574b99038a037887c872a07673e849986c4095a0b210c65a16c37da80ac62

      • C:\Users\Admin\AppData\Roaming\solartweaks\settings.json

        Filesize

        1KB

        MD5

        f8299c51e843cdbb58b4ace2d1d3f810

        SHA1

        131b606af410e9a52227fb87adad50f7ff25f846

        SHA256

        6219801a186baf73cbe50a7eaa3ba6e5d88e31bcf050dbbb1315e20f3938d3cd

        SHA512

        ecb56494936ef71902ddcf691f3a3a2d785cf59b55ca771b77dab0c25c88b81a44871047b9d3795c77165be50e6ffeb909d859197d310331afd3fb363fdaa330

      • C:\Users\Admin\AppData\Roaming\solartweaks\settings.json

        Filesize

        1KB

        MD5

        563f879b7780f54b0929a3ec10d9d5e9

        SHA1

        a71c15b35bce17475aa9c9ef813ae0691def883b

        SHA256

        2f1860ceea9f65e304e78cd94bf8b6806bdc7792692f1aaa4617604419114982

        SHA512

        fa89f4a5e4082f16d1c0924e05fad44bfb62e4ba0f8421139fa9d6fa15f05cdfe9e75c5c75a1891c3f28764c5a1c739d48ba6140022166a2b7f1a62ae94d1faf

      • C:\Users\Admin\AppData\Roaming\solartweaks\settings.json

        Filesize

        1KB

        MD5

        657db792175114f2c52e6d4d0f101a2c

        SHA1

        80aa3dd11d5c3d1d65c8970f8888ad961437822e

        SHA256

        f9f61a76197fbb55a70533140b5e921271fd30b47ed0c82fc68a86ba805f9e7b

        SHA512

        535591d87fcb0d9773fe6468e706d6a7017cbf786dff0fa60ddd25a6a7e24991d6d8f1c3010fb454c0ae4b855b3b7887a3bea1ba6317a6b5a40cbb5839332aec

      • memory/2788-496-0x000001EC1DC10000-0x000001EC1E3BE000-memory.dmp

        Filesize

        7.7MB

      • memory/2788-219-0x00007FFF33CD0000-0x00007FFF33CD1000-memory.dmp

        Filesize

        4KB