16a152d46f5bccb505d769cc3863277c7ef2e15f7f9d3fee570f98377d69c91b

Resubmissions

10-02-2023 23:07

230210-24aaxsaa21 7

10-02-2023 23:03

230210-21x8ksad62 7

Analysis

max time kernel
150s
max time network
159s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
10-02-2023 23:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Solar-Tweaks-Setup-4.2.0.exe
Size

59.3MB
MD5

dfdea5f4a771556305d2faef94c8cf18
SHA1

f0cbbd1a88c7ebbc84a8b68cbf695eead7273328
SHA256

16a152d46f5bccb505d769cc3863277c7ef2e15f7f9d3fee570f98377d69c91b
SHA512

08ac72e28a3e621c05929bd8e0421975ca65749f0321d2eee163a16be7072ea0e81ad3d65bba7e455cedca33289f2aa6f6c5dfb42b45a627b95b3960db3b8642
SSDEEP

1572864:qy1s9ggeDH7QDv2zFZJTCT6MR9L0T+wKseEc:qy1sHYcL2zfNwbnLbdEc

Score

7^/10

discovery

Malware Config

Signatures

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\Control Panel\International\Geo\Nation	Solar Tweaks.exe
Key value queried	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\Control Panel\International\Geo\Nation	Solar Tweaks.exe

Executes dropped EXE 5 IoCs

pid	Process
384	Solar Tweaks.exe
5064	Solar Tweaks.exe
5088	Solar Tweaks.exe
2848	Solar Tweaks.exe
1452	Solar Tweaks.exe

Loads dropped DLL 17 IoCs

pid	Process
3560	Solar-Tweaks-Setup-4.2.0.exe
3560	Solar-Tweaks-Setup-4.2.0.exe
3560	Solar-Tweaks-Setup-4.2.0.exe
3560	Solar-Tweaks-Setup-4.2.0.exe
3560	Solar-Tweaks-Setup-4.2.0.exe
3560	Solar-Tweaks-Setup-4.2.0.exe
3560	Solar-Tweaks-Setup-4.2.0.exe
3560	Solar-Tweaks-Setup-4.2.0.exe
3560	Solar-Tweaks-Setup-4.2.0.exe
384	Solar Tweaks.exe
5064	Solar Tweaks.exe
5088	Solar Tweaks.exe
2848	Solar Tweaks.exe
5064	Solar Tweaks.exe
5064	Solar Tweaks.exe
5064	Solar Tweaks.exe
1452	Solar Tweaks.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Solar Tweaks\locales\hr.pak	Solar-Tweaks-Setup-4.2.0.exe
File opened for modification	C:\Program Files\Solar Tweaks\locales\th.pak	Solar-Tweaks-Setup-4.2.0.exe
File opened for modification	C:\Program Files\Solar Tweaks\d3dcompiler_47.dll	Solar-Tweaks-Setup-4.2.0.exe
File created	C:\Program Files\Solar Tweaks\swiftshader\libEGL.dll	Solar-Tweaks-Setup-4.2.0.exe
File opened for modification	C:\Program Files\Solar Tweaks\LICENSES.chromium.html	Solar-Tweaks-Setup-4.2.0.exe
File opened for modification	C:\Program Files\Solar Tweaks\locales\da.pak	Solar-Tweaks-Setup-4.2.0.exe
File created	C:\Program Files\Solar Tweaks\locales\fr.pak	Solar-Tweaks-Setup-4.2.0.exe
File opened for modification	C:\Program Files\Solar Tweaks\locales\hi.pak	Solar-Tweaks-Setup-4.2.0.exe
File created	C:\Program Files\Solar Tweaks\locales\ml.pak	Solar-Tweaks-Setup-4.2.0.exe
File created	C:\Program Files\Solar Tweaks\locales\kn.pak	Solar-Tweaks-Setup-4.2.0.exe
File created	C:\Program Files\Solar Tweaks\locales\zh-TW.pak	Solar-Tweaks-Setup-4.2.0.exe
File opened for modification	C:\Program Files\Solar Tweaks\Solar Tweaks.exe	Solar-Tweaks-Setup-4.2.0.exe
File opened for modification	C:\Program Files\Solar Tweaks\locales\zh-CN.pak	Solar-Tweaks-Setup-4.2.0.exe
File created	C:\Program Files\Solar Tweaks\Solar Tweaks.exe	Solar-Tweaks-Setup-4.2.0.exe
File opened for modification	C:\Program Files\Solar Tweaks\locales\en-GB.pak	Solar-Tweaks-Setup-4.2.0.exe
File opened for modification	C:\Program Files\Solar Tweaks\locales\he.pak	Solar-Tweaks-Setup-4.2.0.exe
File created	C:\Program Files\Solar Tweaks\locales\it.pak	Solar-Tweaks-Setup-4.2.0.exe
File created	C:\Program Files\Solar Tweaks\locales\ca.pak	Solar-Tweaks-Setup-4.2.0.exe
File created	C:\Program Files\Solar Tweaks\locales\ta.pak	Solar-Tweaks-Setup-4.2.0.exe
File opened for modification	C:\Program Files\Solar Tweaks\v8_context_snapshot.bin	Solar-Tweaks-Setup-4.2.0.exe
File opened for modification	C:\Program Files\Solar Tweaks\locales\fi.pak	Solar-Tweaks-Setup-4.2.0.exe
File opened for modification	C:\Program Files\Solar Tweaks\locales\fil.pak	Solar-Tweaks-Setup-4.2.0.exe
File opened for modification	C:\Program Files\Solar Tweaks\locales\it.pak	Solar-Tweaks-Setup-4.2.0.exe
File opened for modification	C:\Program Files\Solar Tweaks\locales\ko.pak	Solar-Tweaks-Setup-4.2.0.exe
File created	C:\Program Files\Solar Tweaks\locales\uk.pak	Solar-Tweaks-Setup-4.2.0.exe
File opened for modification	C:\Program Files\Solar Tweaks\locales\am.pak	Solar-Tweaks-Setup-4.2.0.exe
File opened for modification	C:\Program Files\Solar Tweaks\locales\bn.pak	Solar-Tweaks-Setup-4.2.0.exe
File opened for modification	C:\Program Files\Solar Tweaks\locales\cs.pak	Solar-Tweaks-Setup-4.2.0.exe
File opened for modification	C:\Program Files\Solar Tweaks\locales\ca.pak	Solar-Tweaks-Setup-4.2.0.exe
File created	C:\Program Files\Solar Tweaks\locales\da.pak	Solar-Tweaks-Setup-4.2.0.exe
File created	C:\Program Files\Solar Tweaks\locales\el.pak	Solar-Tweaks-Setup-4.2.0.exe
File opened for modification	C:\Program Files\Solar Tweaks\locales\es-419.pak	Solar-Tweaks-Setup-4.2.0.exe
File opened for modification	C:\Program Files\Solar Tweaks\locales\pl.pak	Solar-Tweaks-Setup-4.2.0.exe
File created	C:\Program Files\Solar Tweaks\locales\am.pak	Solar-Tweaks-Setup-4.2.0.exe
File created	C:\Program Files\Solar Tweaks\locales\bg.pak	Solar-Tweaks-Setup-4.2.0.exe
File created	C:\Program Files\Solar Tweaks\locales\bn.pak	Solar-Tweaks-Setup-4.2.0.exe
File created	C:\Program Files\Solar Tweaks\locales\sl.pak	Solar-Tweaks-Setup-4.2.0.exe
File created	C:\Program Files\Solar Tweaks\swiftshader\libGLESv2.dll	Solar-Tweaks-Setup-4.2.0.exe
File opened for modification	C:\Program Files\Solar Tweaks\locales\el.pak	Solar-Tweaks-Setup-4.2.0.exe
File created	C:\Program Files\Solar Tweaks\locales\hi.pak	Solar-Tweaks-Setup-4.2.0.exe
File created	C:\Program Files\Solar Tweaks\locales\ro.pak	Solar-Tweaks-Setup-4.2.0.exe
File created	C:\Program Files\Solar Tweaks\locales\nl.pak	Solar-Tweaks-Setup-4.2.0.exe
File created	C:\Program Files\Solar Tweaks\locales\zh-CN.pak	Solar-Tweaks-Setup-4.2.0.exe
File opened for modification	C:\Program Files\Solar Tweaks\chrome_100_percent.pak	Solar-Tweaks-Setup-4.2.0.exe
File opened for modification	C:\Program Files\Solar Tweaks\locales\fr.pak	Solar-Tweaks-Setup-4.2.0.exe
File opened for modification	C:\Program Files\Solar Tweaks\locales\ml.pak	Solar-Tweaks-Setup-4.2.0.exe
File created	C:\Program Files\Solar Tweaks\locales\en-GB.pak	Solar-Tweaks-Setup-4.2.0.exe
File created	C:\Program Files\Solar Tweaks\locales\ms.pak	Solar-Tweaks-Setup-4.2.0.exe
File opened for modification	C:\Program Files\Solar Tweaks\locales\sv.pak	Solar-Tweaks-Setup-4.2.0.exe
File opened for modification	C:\Program Files\Solar Tweaks\locales\sl.pak	Solar-Tweaks-Setup-4.2.0.exe
File created	C:\Program Files\Solar Tweaks\locales\tr.pak	Solar-Tweaks-Setup-4.2.0.exe
File created	C:\Program Files\Solar Tweaks\ffmpeg.dll	Solar-Tweaks-Setup-4.2.0.exe
File created	C:\Program Files\Solar Tweaks\libEGL.dll	Solar-Tweaks-Setup-4.2.0.exe
File opened for modification	C:\Program Files\Solar Tweaks\LICENSE.electron.txt	Solar-Tweaks-Setup-4.2.0.exe
File opened for modification	C:\Program Files\Solar Tweaks\locales\et.pak	Solar-Tweaks-Setup-4.2.0.exe
File created	C:\Program Files\Solar Tweaks\locales\sk.pak	Solar-Tweaks-Setup-4.2.0.exe
File created	C:\Program Files\Solar Tweaks\snapshot_blob.bin	Solar-Tweaks-Setup-4.2.0.exe
File opened for modification	C:\Program Files\Solar Tweaks\libEGL.dll	Solar-Tweaks-Setup-4.2.0.exe
File opened for modification	C:\Program Files\Solar Tweaks\resources\elevate.exe	Solar-Tweaks-Setup-4.2.0.exe
File opened for modification	C:\Program Files\Solar Tweaks\chrome_200_percent.pak	Solar-Tweaks-Setup-4.2.0.exe
File opened for modification	C:\Program Files\Solar Tweaks\locales\de.pak	Solar-Tweaks-Setup-4.2.0.exe
File opened for modification	C:\Program Files\Solar Tweaks\locales\ms.pak	Solar-Tweaks-Setup-4.2.0.exe
File created	C:\Program Files\Solar Tweaks\resources\app.asar	Solar-Tweaks-Setup-4.2.0.exe
File created	C:\Program Files\Solar Tweaks\uninstallerIcon.ico	Solar-Tweaks-Setup-4.2.0.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Modifies system certificate store 2 TTPs 8 IoCs

evasion spyware trojan

Install Root Certificate

T1130

Modify Registry

T1112

description	ioc	Process
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 040000000100000010000000410352dc0ff7501b16f0028eba6f45c50f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d090000000100000042000000304006082b06010505070302060a2b0601040182370a030c060a2b0601040182370a030406082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000000687260331a72403d909f105e69bcf0d32e1bd2493ffc6d9206d11bcd67707390b000000010000001e000000440053005400200052006f006f0074002000430041002000580033000000140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589101d00000001000000100000004558d512eecb27464920897de7b660537f000000010000000e000000300c060a2b0601040182370a03047e000000010000000800000000c001b39667d601030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c131900000001000000100000006cf252fec3e8f20996de5d4dd9aef42420000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510	Solar Tweaks.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 5c0000000100000004000000000800001900000001000000100000006cf252fec3e8f20996de5d4dd9aef424030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c137e000000010000000800000000c001b39667d6017f000000010000000e000000300c060a2b0601040182370a03041d00000001000000100000004558d512eecb27464920897de7b66053140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589100b000000010000001e000000440053005400200052006f006f00740020004300410020005800330000006200000001000000200000000687260331a72403d909f105e69bcf0d32e1bd2493ffc6d9206d11bcd6770739090000000100000042000000304006082b06010505070302060a2b0601040182370a030c060a2b0601040182370a030406082b0601050507030406082b0601050507030106082b060105050703080f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d040000000100000010000000410352dc0ff7501b16f0028eba6f45c520000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510	Solar Tweaks.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8	Solar Tweaks.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e14000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e80f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f631900000001000000100000002fe1f70bb05d7c92335bc5e05b984da620000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827	Solar Tweaks.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 5c0000000100000004000000001000001900000001000000100000002fe1f70bb05d7c92335bc5e05b984da60f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f63030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e814000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e20000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827	Solar Tweaks.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13	Solar Tweaks.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 0f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d090000000100000042000000304006082b06010505070302060a2b0601040182370a030c060a2b0601040182370a030406082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000000687260331a72403d909f105e69bcf0d32e1bd2493ffc6d9206d11bcd67707390b000000010000001e000000440053005400200052006f006f0074002000430041002000580033000000140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589101d00000001000000100000004558d512eecb27464920897de7b660537f000000010000000e000000300c060a2b0601040182370a03047e000000010000000800000000c001b39667d601030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c1320000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510	Solar Tweaks.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 1900000001000000100000006cf252fec3e8f20996de5d4dd9aef424030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c137e000000010000000800000000c001b39667d6017f000000010000000e000000300c060a2b0601040182370a03041d00000001000000100000004558d512eecb27464920897de7b66053140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589100b000000010000001e000000440053005400200052006f006f00740020004300410020005800330000006200000001000000200000000687260331a72403d909f105e69bcf0d32e1bd2493ffc6d9206d11bcd6770739090000000100000042000000304006082b06010505070302060a2b0601040182370a030c060a2b0601040182370a030406082b0601050507030406082b0601050507030106082b060105050703080f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d20000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510	Solar Tweaks.exe

Suspicious behavior: EnumeratesProcesses 18 IoCs

pid	Process
3560	Solar-Tweaks-Setup-4.2.0.exe
3560	Solar-Tweaks-Setup-4.2.0.exe
3560	Solar-Tweaks-Setup-4.2.0.exe
3560	Solar-Tweaks-Setup-4.2.0.exe
3560	Solar-Tweaks-Setup-4.2.0.exe
3560	Solar-Tweaks-Setup-4.2.0.exe
5088	Solar Tweaks.exe
5088	Solar Tweaks.exe
2848	Solar Tweaks.exe
2848	Solar Tweaks.exe
2848	Solar Tweaks.exe
2848	Solar Tweaks.exe
2848	Solar Tweaks.exe
2848	Solar Tweaks.exe
1452	Solar Tweaks.exe
1452	Solar Tweaks.exe
1452	Solar Tweaks.exe
1452	Solar Tweaks.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeSecurityPrivilege	3560	Solar-Tweaks-Setup-4.2.0.exe

Suspicious use of WriteProcessMemory 46 IoCs

description	pid	Process	procid_target
PID 384 wrote to memory of 5064	384	Solar Tweaks.exe	86
PID 384 wrote to memory of 5064	384	Solar Tweaks.exe	86
PID 384 wrote to memory of 5064	384	Solar Tweaks.exe	86
PID 384 wrote to memory of 5064	384	Solar Tweaks.exe	86
PID 384 wrote to memory of 5064	384	Solar Tweaks.exe	86
PID 384 wrote to memory of 5064	384	Solar Tweaks.exe	86
PID 384 wrote to memory of 5064	384	Solar Tweaks.exe	86
PID 384 wrote to memory of 5064	384	Solar Tweaks.exe	86
PID 384 wrote to memory of 5064	384	Solar Tweaks.exe	86
PID 384 wrote to memory of 5064	384	Solar Tweaks.exe	86
PID 384 wrote to memory of 5064	384	Solar Tweaks.exe	86
PID 384 wrote to memory of 5064	384	Solar Tweaks.exe	86
PID 384 wrote to memory of 5064	384	Solar Tweaks.exe	86
PID 384 wrote to memory of 5064	384	Solar Tweaks.exe	86
PID 384 wrote to memory of 5064	384	Solar Tweaks.exe	86
PID 384 wrote to memory of 5064	384	Solar Tweaks.exe	86
PID 384 wrote to memory of 5064	384	Solar Tweaks.exe	86
PID 384 wrote to memory of 5064	384	Solar Tweaks.exe	86
PID 384 wrote to memory of 5064	384	Solar Tweaks.exe	86
PID 384 wrote to memory of 5064	384	Solar Tweaks.exe	86
PID 384 wrote to memory of 5064	384	Solar Tweaks.exe	86
PID 384 wrote to memory of 5064	384	Solar Tweaks.exe	86
PID 384 wrote to memory of 5064	384	Solar Tweaks.exe	86
PID 384 wrote to memory of 5064	384	Solar Tweaks.exe	86
PID 384 wrote to memory of 5064	384	Solar Tweaks.exe	86
PID 384 wrote to memory of 5064	384	Solar Tweaks.exe	86
PID 384 wrote to memory of 5064	384	Solar Tweaks.exe	86
PID 384 wrote to memory of 5064	384	Solar Tweaks.exe	86
PID 384 wrote to memory of 5064	384	Solar Tweaks.exe	86
PID 384 wrote to memory of 5064	384	Solar Tweaks.exe	86
PID 384 wrote to memory of 5064	384	Solar Tweaks.exe	86
PID 384 wrote to memory of 5064	384	Solar Tweaks.exe	86
PID 384 wrote to memory of 5064	384	Solar Tweaks.exe	86
PID 384 wrote to memory of 5064	384	Solar Tweaks.exe	86
PID 384 wrote to memory of 5064	384	Solar Tweaks.exe	86
PID 384 wrote to memory of 5064	384	Solar Tweaks.exe	86
PID 384 wrote to memory of 5064	384	Solar Tweaks.exe	86
PID 384 wrote to memory of 5064	384	Solar Tweaks.exe	86
PID 384 wrote to memory of 5064	384	Solar Tweaks.exe	86
PID 384 wrote to memory of 5064	384	Solar Tweaks.exe	86
PID 384 wrote to memory of 5088	384	Solar Tweaks.exe	89
PID 384 wrote to memory of 5088	384	Solar Tweaks.exe	89
PID 384 wrote to memory of 2848	384	Solar Tweaks.exe	88
PID 384 wrote to memory of 2848	384	Solar Tweaks.exe	88
PID 384 wrote to memory of 1452	384	Solar Tweaks.exe	99
PID 384 wrote to memory of 1452	384	Solar Tweaks.exe	99

C:\Users\Admin\AppData\Local\Temp\Solar-Tweaks-Setup-4.2.0.exe
"C:\Users\Admin\AppData\Local\Temp\Solar-Tweaks-Setup-4.2.0.exe"
1⤵
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:3560

C:\Program Files\Solar Tweaks\Solar Tweaks.exe
"C:\Program Files\Solar Tweaks\Solar Tweaks.exe"
1⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Modifies system certificate store
- Suspicious use of WriteProcessMemory
PID:384
- C:\Program Files\Solar Tweaks\Solar Tweaks.exe
  "C:\Program Files\Solar Tweaks\Solar Tweaks.exe" --type=gpu-process --field-trial-handle=2008,3719008645290963139,8099881143198566622,131072 --disable-features=CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2016 /prefetch:2
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:5064
- C:\Program Files\Solar Tweaks\Solar Tweaks.exe
  "C:\Program Files\Solar Tweaks\Solar Tweaks.exe" --type=renderer --field-trial-handle=2008,3719008645290963139,8099881143198566622,131072 --disable-features=CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --lang=en-US --standard-schemes=app --secure-schemes=app --bypasscsp-schemes --cors-schemes --fetch-schemes --service-worker-schemes --streaming-schemes --app-path="C:\Program Files\Solar Tweaks\resources\app.asar" --no-sandbox --no-zygote --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=3 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2716 /prefetch:1
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: EnumeratesProcesses
  PID:2848
- C:\Program Files\Solar Tweaks\Solar Tweaks.exe
  "C:\Program Files\Solar Tweaks\Solar Tweaks.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2008,3719008645290963139,8099881143198566622,131072 --disable-features=CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --lang=en-US --service-sandbox-type=none --standard-schemes=app --secure-schemes=app --bypasscsp-schemes --cors-schemes --fetch-schemes --service-worker-schemes --streaming-schemes --mojo-platform-channel-handle=2336 /prefetch:8
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: EnumeratesProcesses
  PID:5088
- C:\Program Files\Solar Tweaks\Solar Tweaks.exe
  "C:\Program Files\Solar Tweaks\Solar Tweaks.exe" --type=gpu-process --field-trial-handle=2008,3719008645290963139,8099881143198566622,131072 --disable-features=CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=3424 /prefetch:2
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: EnumeratesProcesses
  PID:1452

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 188 -p 3560 -ip 3560
1⤵
PID:548

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

T1130

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Solar Tweaks\D3DCompiler_47.dll

Filesize
4.3MB

MD5
7641e39b7da4077084d2afe7c31032e0

SHA1
2256644f69435ff2fee76deb04d918083960d1eb

SHA256
44422e6936dc72b7ac5ed16bb8bcae164b7554513e52efb66a3e942cec328a47

SHA512
8010e1cb17fa18bbf72d8344e1d63ded7cef7be6e7c13434fa6d8e22ce1d58a4d426959bdcb031502d4b145e29cb111af929fcbc66001111fbc6d7a19e8800a5

Download Submit
C:\Program Files\Solar Tweaks\Solar Tweaks.exe

Filesize
130.1MB

MD5
b7cd0e6338eea04671d96dc170749be3

SHA1
99ccfefb5d283e37f488c78112fcb9e9418d6798

SHA256
b922365aa35ae4352b0fec087219efca5b6173adba2d0a475b336a2fc6e36fad

SHA512
1f1b70563cb97ca3e6a6dd25a50d3b59da265539a011d7b4b99d17f09d2145c6469d55a589978c3f657f78225083ae8d4e1ba208195924967ffc5ffa4b8b7943

Download Submit
C:\Program Files\Solar Tweaks\Solar Tweaks.exe

Filesize
130.1MB

MD5
b7cd0e6338eea04671d96dc170749be3

SHA1
99ccfefb5d283e37f488c78112fcb9e9418d6798

SHA256
b922365aa35ae4352b0fec087219efca5b6173adba2d0a475b336a2fc6e36fad

SHA512
1f1b70563cb97ca3e6a6dd25a50d3b59da265539a011d7b4b99d17f09d2145c6469d55a589978c3f657f78225083ae8d4e1ba208195924967ffc5ffa4b8b7943

Download Submit
C:\Program Files\Solar Tweaks\Solar Tweaks.exe

Filesize
130.1MB

MD5
b7cd0e6338eea04671d96dc170749be3

SHA1
99ccfefb5d283e37f488c78112fcb9e9418d6798

SHA256
b922365aa35ae4352b0fec087219efca5b6173adba2d0a475b336a2fc6e36fad

SHA512
1f1b70563cb97ca3e6a6dd25a50d3b59da265539a011d7b4b99d17f09d2145c6469d55a589978c3f657f78225083ae8d4e1ba208195924967ffc5ffa4b8b7943

Download Submit
C:\Program Files\Solar Tweaks\Solar Tweaks.exe

Filesize
130.1MB

MD5
b7cd0e6338eea04671d96dc170749be3

SHA1
99ccfefb5d283e37f488c78112fcb9e9418d6798

SHA256
b922365aa35ae4352b0fec087219efca5b6173adba2d0a475b336a2fc6e36fad

SHA512
1f1b70563cb97ca3e6a6dd25a50d3b59da265539a011d7b4b99d17f09d2145c6469d55a589978c3f657f78225083ae8d4e1ba208195924967ffc5ffa4b8b7943

Download Submit
C:\Program Files\Solar Tweaks\Solar Tweaks.exe

Filesize
130.1MB

MD5
b7cd0e6338eea04671d96dc170749be3

SHA1
99ccfefb5d283e37f488c78112fcb9e9418d6798

SHA256
b922365aa35ae4352b0fec087219efca5b6173adba2d0a475b336a2fc6e36fad

SHA512
1f1b70563cb97ca3e6a6dd25a50d3b59da265539a011d7b4b99d17f09d2145c6469d55a589978c3f657f78225083ae8d4e1ba208195924967ffc5ffa4b8b7943

Download Submit
C:\Program Files\Solar Tweaks\Solar Tweaks.exe

Filesize
130.1MB

MD5
b7cd0e6338eea04671d96dc170749be3

SHA1
99ccfefb5d283e37f488c78112fcb9e9418d6798

SHA256
b922365aa35ae4352b0fec087219efca5b6173adba2d0a475b336a2fc6e36fad

SHA512
1f1b70563cb97ca3e6a6dd25a50d3b59da265539a011d7b4b99d17f09d2145c6469d55a589978c3f657f78225083ae8d4e1ba208195924967ffc5ffa4b8b7943

Download Submit
C:\Program Files\Solar Tweaks\chrome_100_percent.pak

Filesize
138KB

MD5
03aaa4f8525ba4b3e30d2a02cb40ab7a

SHA1
dd9ae5f8b56d317c71d0a0a738f5d4a320a02085

SHA256
c3f131faeefab4f506bf61c4b7752a6481f320429731d758ef5413a2f71441f7

SHA512
c89a1b89b669602ba7c8bf2c004755cac7320189603fecb4f4c5cf7a36db72da651c7b613607146f0c6da9eec5df412c7fba75475352192351c02aebdaa7d9a9

Download Submit
C:\Program Files\Solar Tweaks\chrome_200_percent.pak

Filesize
202KB

MD5
7d4f330a5443eadf32e041c63e7e70ad

SHA1
26ce6fb98c0f28f508d7b88cf94a442b81e80c88

SHA256
b8704be578e7396ee3f2188d0c87d0ede5c5702e9bb8c841b5f8d458abf1356d

SHA512
f1b9b0dd7396863aa0feca06175b7f9ea0be4122351ecf0a0549ee4c34f85ac8c63cc927d7409a40b6e19fa91d2cb00a145616ba19f47045b2345bfbc2d4802d

Download Submit
C:\Program Files\Solar Tweaks\d3dcompiler_47.dll

Filesize
4.3MB

MD5
7641e39b7da4077084d2afe7c31032e0

SHA1
2256644f69435ff2fee76deb04d918083960d1eb

SHA256
44422e6936dc72b7ac5ed16bb8bcae164b7554513e52efb66a3e942cec328a47

SHA512
8010e1cb17fa18bbf72d8344e1d63ded7cef7be6e7c13434fa6d8e22ce1d58a4d426959bdcb031502d4b145e29cb111af929fcbc66001111fbc6d7a19e8800a5

Download Submit
C:\Program Files\Solar Tweaks\ffmpeg.dll

Filesize
2.6MB

MD5
7c3c780de9ae5cc4abeccbd7cb6b367b

SHA1
bda27b3c0b1ec023e2a0a97099a84b10e04cb135

SHA256
39293258d5a2418841edb5ccf9ab3ad23064fb95e1ddfa7a3c6295a24c272a08

SHA512
80a79f827c3154461158ec6f466db0c2ecd9ce9ffd7728001644d4cf382721d09c0758f98f73d7fa548e4e220ffd2b8842303d67a43e79b9146e8b882853658c

Download Submit
C:\Program Files\Solar Tweaks\ffmpeg.dll

Filesize
2.6MB

MD5
7c3c780de9ae5cc4abeccbd7cb6b367b

SHA1
bda27b3c0b1ec023e2a0a97099a84b10e04cb135

SHA256
39293258d5a2418841edb5ccf9ab3ad23064fb95e1ddfa7a3c6295a24c272a08

SHA512
80a79f827c3154461158ec6f466db0c2ecd9ce9ffd7728001644d4cf382721d09c0758f98f73d7fa548e4e220ffd2b8842303d67a43e79b9146e8b882853658c

Download Submit
C:\Program Files\Solar Tweaks\ffmpeg.dll

Filesize
2.6MB

MD5
7c3c780de9ae5cc4abeccbd7cb6b367b

SHA1
bda27b3c0b1ec023e2a0a97099a84b10e04cb135

SHA256
39293258d5a2418841edb5ccf9ab3ad23064fb95e1ddfa7a3c6295a24c272a08

SHA512
80a79f827c3154461158ec6f466db0c2ecd9ce9ffd7728001644d4cf382721d09c0758f98f73d7fa548e4e220ffd2b8842303d67a43e79b9146e8b882853658c

Download Submit
C:\Program Files\Solar Tweaks\ffmpeg.dll

Filesize
2.6MB

MD5
7c3c780de9ae5cc4abeccbd7cb6b367b

SHA1
bda27b3c0b1ec023e2a0a97099a84b10e04cb135

SHA256
39293258d5a2418841edb5ccf9ab3ad23064fb95e1ddfa7a3c6295a24c272a08

SHA512
80a79f827c3154461158ec6f466db0c2ecd9ce9ffd7728001644d4cf382721d09c0758f98f73d7fa548e4e220ffd2b8842303d67a43e79b9146e8b882853658c

Download Submit
C:\Program Files\Solar Tweaks\ffmpeg.dll

Filesize
2.6MB

MD5
7c3c780de9ae5cc4abeccbd7cb6b367b

SHA1
bda27b3c0b1ec023e2a0a97099a84b10e04cb135

SHA256
39293258d5a2418841edb5ccf9ab3ad23064fb95e1ddfa7a3c6295a24c272a08

SHA512
80a79f827c3154461158ec6f466db0c2ecd9ce9ffd7728001644d4cf382721d09c0758f98f73d7fa548e4e220ffd2b8842303d67a43e79b9146e8b882853658c

Download Submit
C:\Program Files\Solar Tweaks\ffmpeg.dll

Filesize
2.6MB

MD5
7c3c780de9ae5cc4abeccbd7cb6b367b

SHA1
bda27b3c0b1ec023e2a0a97099a84b10e04cb135

SHA256
39293258d5a2418841edb5ccf9ab3ad23064fb95e1ddfa7a3c6295a24c272a08

SHA512
80a79f827c3154461158ec6f466db0c2ecd9ce9ffd7728001644d4cf382721d09c0758f98f73d7fa548e4e220ffd2b8842303d67a43e79b9146e8b882853658c

Download Submit
C:\Program Files\Solar Tweaks\icudtl.dat

Filesize
9.9MB

MD5
80a7528515595d8b0bf99a477a7eff0d

SHA1
fde9a195fc5a6a23ec82b8594f958cfcf3159437

SHA256
6e0b6b0d9e14c905f2278dbf25b7bb58cc0622b7680e3b6ff617a1d42348736b

SHA512
c8df47a00f7b2472d272a26b3600b7e82be7ca22526d6453901ff06370b3abb66328655868db9d4e0a11dcba02e3788cc4883261fd9a7d3e521577dde1b88459

Download Submit
C:\Program Files\Solar Tweaks\locales\en-US.pak

Filesize
88KB

MD5
af5c77e1d94dc4f772cb641bd310bc87

SHA1
0ceeb456e2601e22d873250bcc713bab573f2247

SHA256
781ef5aa8dce072a3e7732f39a7e991c497c70bfaec2264369d0d790ab7660a4

SHA512
8c3217b7d9b529d00785c7a1b2417a3297c234dec8383709c89c7ff9296f8ed4e9e6184e4304838edc5b4da9c9c3fe329b792c462e48b7175250ea3ea3acc70c

Download Submit
C:\Program Files\Solar Tweaks\resources.pak

Filesize
4.9MB

MD5
91f8a4b158df6967163ccbbe765e095a

SHA1
95db67f0a2352fd898f4a4cfdfc860f6a9c58c87

SHA256
a30b8269e588c6cc2cea5fd4685da3012fd10451edb59a283005116f8e033182

SHA512
6450d75d53f24d11e1c1e7e3cacfc57ee9dd09c00ca0dc2ff30f580b59a6b17e7ad7d96682195bd7d806b49068653538c77ca4200491560cecff128a0b012d92

Download Submit
C:\Program Files\Solar Tweaks\resources\app.asar

Filesize
6.0MB

MD5
9c12e7fb205f75b66a6ee62e4ca92a9b

SHA1
8e9976b84c9bf1827bb96fc61c0b7dc96e2f596e

SHA256
a8018e6d6af92f4e0a19b35fafc1d47a3362045335f4bf50da1af3adf34e5f50

SHA512
2e49f8568506ae002dba30badd7a137f07d3e90949d93c2d741e166e53c752ada9bccd970c5a9f55cde54f8c4f53cc2d6dd6b908c6300e2c172d911c10dda029

Download Submit
C:\Program Files\Solar Tweaks\swiftshader\libEGL.dll

Filesize
448KB

MD5
038a73114d439bfc94be4732b2794998

SHA1
4b7a9d52da1bd808af979cf5cfb146404494317a

SHA256
b1054e0dc2ab31a7cf3cd7f3dae07b1ec31acd42c157be13ce47ea870840f0cc

SHA512
8788e43de424e1d7a163d0b7f4d719c36bf8fdee9808d405aeb05993c446d4f2a595741cb4d98f5e9611cd16d09de9445bf72176a799f4189168bb8509b115ff

Download Submit
C:\Program Files\Solar Tweaks\swiftshader\libGLESv2.dll

Filesize
3.1MB

MD5
38ec86347b3e467c5868e35ab48f89f2

SHA1
4db17d065cc330b277a70f9fb8dff0c4b426f314

SHA256
2e10d308d0207835b07df3bb38bee88300aa57fcb214051e8654d29587257744

SHA512
2b2405ed51ea1d232f2d60072e4f57e70f36f1a8f9d0a935772bfb9a3be50c1d6136cee496fde9fb3dda1f0d2f1c643cb9f162e0b68828ff854645eb1e8216f4

Download Submit
C:\Program Files\Solar Tweaks\swiftshader\libegl.dll

Filesize
448KB

MD5
038a73114d439bfc94be4732b2794998

SHA1
4b7a9d52da1bd808af979cf5cfb146404494317a

SHA256
b1054e0dc2ab31a7cf3cd7f3dae07b1ec31acd42c157be13ce47ea870840f0cc

SHA512
8788e43de424e1d7a163d0b7f4d719c36bf8fdee9808d405aeb05993c446d4f2a595741cb4d98f5e9611cd16d09de9445bf72176a799f4189168bb8509b115ff

Download Submit
C:\Program Files\Solar Tweaks\swiftshader\libglesv2.dll

Filesize
3.1MB

MD5
38ec86347b3e467c5868e35ab48f89f2

SHA1
4db17d065cc330b277a70f9fb8dff0c4b426f314

SHA256
2e10d308d0207835b07df3bb38bee88300aa57fcb214051e8654d29587257744

SHA512
2b2405ed51ea1d232f2d60072e4f57e70f36f1a8f9d0a935772bfb9a3be50c1d6136cee496fde9fb3dda1f0d2f1c643cb9f162e0b68828ff854645eb1e8216f4

Download Submit
C:\Program Files\Solar Tweaks\v8_context_snapshot.bin

Filesize
161KB

MD5
e47426f88649c7f8e27b8a1516cc0137

SHA1
5452aadfddbc55d6c5c18b801087e39529859b12

SHA256
09686ad5bf03d95de7c251d204e60a8e3824bd6420bedddee80b2c6e5609fb26

SHA512
f9647a35ff273ca622b3db4aefb9aaf75075386c42a31e085f916fc82f3a18fed25b0e05dcc09e678ca419408f59f0c34fa5762e5f945db35f9c6f67b7b94bc0

Download Submit
C:\Users\Admin\AppData\Local\Temp\nseF7E3.tmp\SpiderBanner.dll

Filesize
9KB

MD5
17309e33b596ba3a5693b4d3e85cf8d7

SHA1
7d361836cf53df42021c7f2b148aec9458818c01

SHA256
996a259e53ca18b89ec36d038c40148957c978c0fd600a268497d4c92f882a93

SHA512
1abac3ce4f2d5e4a635162e16cf9125e059ba1539f70086c2d71cd00d41a6e2a54d468e6f37792e55a822d7082fb388b8dfecc79b59226bbb047b7d28d44d298

Download Submit
C:\Users\Admin\AppData\Local\Temp\nseF7E3.tmp\StdUtils.dll

Filesize
100KB

MD5
c6a6e03f77c313b267498515488c5740

SHA1
3d49fc2784b9450962ed6b82b46e9c3c957d7c15

SHA256
b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e

SHA512
9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803

Download Submit
C:\Users\Admin\AppData\Local\Temp\nseF7E3.tmp\System.dll

Filesize
12KB

MD5
0d7ad4f45dc6f5aa87f606d0331c6901

SHA1
48df0911f0484cbe2a8cdd5362140b63c41ee457

SHA256
3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca

SHA512
c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9

Download Submit
C:\Users\Admin\AppData\Local\Temp\nseF7E3.tmp\WinShell.dll

Filesize
3KB

MD5
1cc7c37b7e0c8cd8bf04b6cc283e1e56

SHA1
0b9519763be6625bd5abce175dcc59c96d100d4c

SHA256
9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6

SHA512
7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nseF7E3.tmp\WinShell.dll

Filesize
3KB

MD5
1cc7c37b7e0c8cd8bf04b6cc283e1e56

SHA1
0b9519763be6625bd5abce175dcc59c96d100d4c

SHA256
9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6

SHA512
7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nseF7E3.tmp\WinShell.dll

Filesize
3KB

MD5
1cc7c37b7e0c8cd8bf04b6cc283e1e56

SHA1
0b9519763be6625bd5abce175dcc59c96d100d4c

SHA256
9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6

SHA512
7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nseF7E3.tmp\WinShell.dll

Filesize
3KB

MD5
1cc7c37b7e0c8cd8bf04b6cc283e1e56

SHA1
0b9519763be6625bd5abce175dcc59c96d100d4c

SHA256
9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6

SHA512
7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nseF7E3.tmp\nsProcess.dll

Filesize
4KB

MD5
f0438a894f3a7e01a4aae8d1b5dd0289

SHA1
b058e3fcfb7b550041da16bf10d8837024c38bf6

SHA256
30c6c3dd3cc7fcea6e6081ce821adc7b2888542dae30bf00e881c0a105eb4d11

SHA512
f91fcea19cbddf8086affcb63fe599dc2b36351fc81ac144f58a80a524043ddeaa3943f36c86ebae45dd82e8faf622ea7b7c9b776e74c54b93df2963cfe66cc7

Download Submit
C:\Users\Admin\AppData\Local\Temp\nseF7E3.tmp\nsis7z.dll

Filesize
424KB

MD5
80e44ce4895304c6a3a831310fbf8cd0

SHA1
36bd49ae21c460be5753a904b4501f1abca53508

SHA256
b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592

SHA512
c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df

Download Submit
memory/1452-168-0x0000000000000000-mapping.dmp

Download
memory/2848-156-0x0000000000000000-mapping.dmp

Download
memory/5064-152-0x0000000000000000-mapping.dmp

Download
memory/5088-153-0x0000000000000000-mapping.dmp

Download