16a152d46f5bccb505d769cc3863277c7ef2e15f7f9d3fee570f98377d69c91b

Analysis

max time kernel
150s
max time network
134s
platform
windows10-2004_x64
resource
win10v2004-20230703-es
resource tags

arch:x64arch:x86image:win10v2004-20230703-eslocale:es-esos:windows10-2004-x64systemwindows
submitted
04/07/2023, 00:37

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

Solar-Tweaks-Setup-4.2.0.exe
Size

59.3MB
MD5

dfdea5f4a771556305d2faef94c8cf18
SHA1

f0cbbd1a88c7ebbc84a8b68cbf695eead7273328
SHA256

16a152d46f5bccb505d769cc3863277c7ef2e15f7f9d3fee570f98377d69c91b
SHA512

08ac72e28a3e621c05929bd8e0421975ca65749f0321d2eee163a16be7072ea0e81ad3d65bba7e455cedca33289f2aa6f6c5dfb42b45a627b95b3960db3b8642
SSDEEP

1572864:qy1s9ggeDH7QDv2zFZJTCT6MR9L0T+wKseEc:qy1sHYcL2zfNwbnLbdEc

Score

7^/10

discovery

Malware Config

Signatures

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\Control Panel\International\Geo\Nation	Solar Tweaks.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\Control Panel\International\Geo\Nation	Solar Tweaks.exe

Executes dropped EXE 5 IoCs

pid	Process
3332	Solar Tweaks.exe
2732	Solar Tweaks.exe
1008	Solar Tweaks.exe
4604	Solar Tweaks.exe
3888	Solar Tweaks.exe

Loads dropped DLL 17 IoCs

pid	Process
3820	Solar-Tweaks-Setup-4.2.0.exe
3820	Solar-Tweaks-Setup-4.2.0.exe
3820	Solar-Tweaks-Setup-4.2.0.exe
3820	Solar-Tweaks-Setup-4.2.0.exe
3820	Solar-Tweaks-Setup-4.2.0.exe
3820	Solar-Tweaks-Setup-4.2.0.exe
3820	Solar-Tweaks-Setup-4.2.0.exe
3820	Solar-Tweaks-Setup-4.2.0.exe
3820	Solar-Tweaks-Setup-4.2.0.exe
3332	Solar Tweaks.exe
2732	Solar Tweaks.exe
1008	Solar Tweaks.exe
2732	Solar Tweaks.exe
2732	Solar Tweaks.exe
2732	Solar Tweaks.exe
4604	Solar Tweaks.exe
3888	Solar Tweaks.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Solar Tweaks\icudtl.dat	Solar-Tweaks-Setup-4.2.0.exe
File opened for modification	C:\Program Files\Solar Tweaks\locales\bg.pak	Solar-Tweaks-Setup-4.2.0.exe
File opened for modification	C:\Program Files\Solar Tweaks\locales\bn.pak	Solar-Tweaks-Setup-4.2.0.exe
File created	C:\Program Files\Solar Tweaks\locales\ko.pak	Solar-Tweaks-Setup-4.2.0.exe
File opened for modification	C:\Program Files\Solar Tweaks\locales\ru.pak	Solar-Tweaks-Setup-4.2.0.exe
File opened for modification	C:\Program Files\Solar Tweaks\locales\vi.pak	Solar-Tweaks-Setup-4.2.0.exe
File created	C:\Program Files\Solar Tweaks\LICENSE.electron.txt	Solar-Tweaks-Setup-4.2.0.exe
File created	C:\Program Files\Solar Tweaks\locales\en-US.pak	Solar-Tweaks-Setup-4.2.0.exe
File created	C:\Program Files\Solar Tweaks\locales\et.pak	Solar-Tweaks-Setup-4.2.0.exe
File opened for modification	C:\Program Files\Solar Tweaks\locales\fa.pak	Solar-Tweaks-Setup-4.2.0.exe
File opened for modification	C:\Program Files\Solar Tweaks\locales\it.pak	Solar-Tweaks-Setup-4.2.0.exe
File opened for modification	C:\Program Files\Solar Tweaks\locales\uk.pak	Solar-Tweaks-Setup-4.2.0.exe
File opened for modification	C:\Program Files\Solar Tweaks\resources\app.asar	Solar-Tweaks-Setup-4.2.0.exe
File opened for modification	C:\Program Files\Solar Tweaks\swiftshader	Solar-Tweaks-Setup-4.2.0.exe
File created	C:\Program Files\Solar Tweaks\locales\am.pak	Solar-Tweaks-Setup-4.2.0.exe
File opened for modification	C:\Program Files\Solar Tweaks\locales\cs.pak	Solar-Tweaks-Setup-4.2.0.exe
File created	C:\Program Files\Solar Tweaks\locales\es-419.pak	Solar-Tweaks-Setup-4.2.0.exe
File created	C:\Program Files\Solar Tweaks\locales\sk.pak	Solar-Tweaks-Setup-4.2.0.exe
File opened for modification	C:\Program Files\Solar Tweaks\locales\sv.pak	Solar-Tweaks-Setup-4.2.0.exe
File opened for modification	C:\Program Files\Solar Tweaks\resources\app-update.yml	Solar-Tweaks-Setup-4.2.0.exe
File created	C:\Program Files\Solar Tweaks\locales\fr.pak	Solar-Tweaks-Setup-4.2.0.exe
File opened for modification	C:\Program Files\Solar Tweaks\locales\th.pak	Solar-Tweaks-Setup-4.2.0.exe
File created	C:\Program Files\Solar Tweaks\vulkan-1.dll	Solar-Tweaks-Setup-4.2.0.exe
File opened for modification	C:\Program Files\Solar Tweaks\locales\lt.pak	Solar-Tweaks-Setup-4.2.0.exe
File opened for modification	C:\Program Files\Solar Tweaks\locales\mr.pak	Solar-Tweaks-Setup-4.2.0.exe
File opened for modification	C:\Program Files\Solar Tweaks\ffmpeg.dll	Solar-Tweaks-Setup-4.2.0.exe
File created	C:\Program Files\Solar Tweaks\ffmpeg.dll	Solar-Tweaks-Setup-4.2.0.exe
File created	C:\Program Files\Solar Tweaks\locales\he.pak	Solar-Tweaks-Setup-4.2.0.exe
File opened for modification	C:\Program Files\Solar Tweaks\locales\ml.pak	Solar-Tweaks-Setup-4.2.0.exe
File created	C:\Program Files\Solar Tweaks\locales\mr.pak	Solar-Tweaks-Setup-4.2.0.exe
File opened for modification	C:\Program Files\Solar Tweaks\locales\pt-PT.pak	Solar-Tweaks-Setup-4.2.0.exe
File opened for modification	C:\Program Files\Solar Tweaks\locales\sl.pak	Solar-Tweaks-Setup-4.2.0.exe
File created	C:\Program Files\Solar Tweaks\locales\vi.pak	Solar-Tweaks-Setup-4.2.0.exe
File created	C:\Program Files\Solar Tweaks\vk_swiftshader_icd.json	Solar-Tweaks-Setup-4.2.0.exe
File created	C:\Program Files\Solar Tweaks\locales\fi.pak	Solar-Tweaks-Setup-4.2.0.exe
File created	C:\Program Files\Solar Tweaks\locales\te.pak	Solar-Tweaks-Setup-4.2.0.exe
File created	C:\Program Files\Solar Tweaks\locales\sr.pak	Solar-Tweaks-Setup-4.2.0.exe
File opened for modification	C:\Program Files\Solar Tweaks\locales\ta.pak	Solar-Tweaks-Setup-4.2.0.exe
File opened for modification	C:\Program Files\Solar Tweaks\resources.pak	Solar-Tweaks-Setup-4.2.0.exe
File opened for modification	C:\Program Files\Solar Tweaks\locales\gu.pak	Solar-Tweaks-Setup-4.2.0.exe
File opened for modification	C:\Program Files\Solar Tweaks\Solar Tweaks.exe	Solar-Tweaks-Setup-4.2.0.exe
File opened for modification	C:\Program Files\Solar Tweaks\locales\es.pak	Solar-Tweaks-Setup-4.2.0.exe
File created	C:\Program Files\Solar Tweaks\locales\ml.pak	Solar-Tweaks-Setup-4.2.0.exe
File opened for modification	C:\Program Files\Solar Tweaks\locales\zh-CN.pak	Solar-Tweaks-Setup-4.2.0.exe
File opened for modification	C:\Program Files\Solar Tweaks\locales\ca.pak	Solar-Tweaks-Setup-4.2.0.exe
File created	C:\Program Files\Solar Tweaks\locales\es.pak	Solar-Tweaks-Setup-4.2.0.exe
File created	C:\Program Files\Solar Tweaks\locales\hu.pak	Solar-Tweaks-Setup-4.2.0.exe
File created	C:\Program Files\Solar Tweaks\locales\id.pak	Solar-Tweaks-Setup-4.2.0.exe
File opened for modification	C:\Program Files\Solar Tweaks\locales\ms.pak	Solar-Tweaks-Setup-4.2.0.exe
File created	C:\Program Files\Solar Tweaks\swiftshader\libGLESv2.dll	Solar-Tweaks-Setup-4.2.0.exe
File opened for modification	C:\Program Files\Solar Tweaks\LICENSES.chromium.html	Solar-Tweaks-Setup-4.2.0.exe
File opened for modification	C:\Program Files\Solar Tweaks\locales\da.pak	Solar-Tweaks-Setup-4.2.0.exe
File opened for modification	C:\Program Files\Solar Tweaks\locales\fi.pak	Solar-Tweaks-Setup-4.2.0.exe
File created	C:\Program Files\Solar Tweaks\locales\lt.pak	Solar-Tweaks-Setup-4.2.0.exe
File opened for modification	C:\Program Files\Solar Tweaks\locales\sr.pak	Solar-Tweaks-Setup-4.2.0.exe
File created	C:\Program Files\Solar Tweaks\locales\zh-TW.pak	Solar-Tweaks-Setup-4.2.0.exe
File opened for modification	C:\Program Files\Solar Tweaks\locales\zh-TW.pak	Solar-Tweaks-Setup-4.2.0.exe
File opened for modification	C:\Program Files\Solar Tweaks\locales\fil.pak	Solar-Tweaks-Setup-4.2.0.exe
File created	C:\Program Files\Solar Tweaks\locales\lv.pak	Solar-Tweaks-Setup-4.2.0.exe
File opened for modification	C:\Program Files\Solar Tweaks\locales\ro.pak	Solar-Tweaks-Setup-4.2.0.exe
File created	C:\Program Files\Solar Tweaks\snapshot_blob.bin	Solar-Tweaks-Setup-4.2.0.exe
File created	C:\Program Files\Solar Tweaks\v8_context_snapshot.bin	Solar-Tweaks-Setup-4.2.0.exe
File created	C:\Program Files\Solar Tweaks\LICENSES.chromium.html	Solar-Tweaks-Setup-4.2.0.exe
File created	C:\Program Files\Solar Tweaks\locales\fil.pak	Solar-Tweaks-Setup-4.2.0.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies system certificate store 2 TTPs 3 IoCs

evasion spyware trojan

Install Root Certificate

T1130

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8	Solar Tweaks.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e14000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e80f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f631900000001000000100000002fe1f70bb05d7c92335bc5e05b984da620000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827	Solar Tweaks.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 5c0000000100000004000000001000001900000001000000100000002fe1f70bb05d7c92335bc5e05b984da60f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f63030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e814000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e20000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827	Solar Tweaks.exe

Suspicious behavior: EnumeratesProcesses 18 IoCs

pid	Process
3820	Solar-Tweaks-Setup-4.2.0.exe
3820	Solar-Tweaks-Setup-4.2.0.exe
3820	Solar-Tweaks-Setup-4.2.0.exe
3820	Solar-Tweaks-Setup-4.2.0.exe
3820	Solar-Tweaks-Setup-4.2.0.exe
3820	Solar-Tweaks-Setup-4.2.0.exe
4604	Solar Tweaks.exe
4604	Solar Tweaks.exe
1008	Solar Tweaks.exe
1008	Solar Tweaks.exe
4604	Solar Tweaks.exe
4604	Solar Tweaks.exe
4604	Solar Tweaks.exe
4604	Solar Tweaks.exe
3888	Solar Tweaks.exe
3888	Solar Tweaks.exe
3888	Solar Tweaks.exe
3888	Solar Tweaks.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeSecurityPrivilege	3820	Solar-Tweaks-Setup-4.2.0.exe

Suspicious use of WriteProcessMemory 46 IoCs

description	pid	Process	procid_target
PID 3332 wrote to memory of 2732	3332	Solar Tweaks.exe	83
PID 3332 wrote to memory of 2732	3332	Solar Tweaks.exe	83
PID 3332 wrote to memory of 2732	3332	Solar Tweaks.exe	83
PID 3332 wrote to memory of 2732	3332	Solar Tweaks.exe	83
PID 3332 wrote to memory of 2732	3332	Solar Tweaks.exe	83
PID 3332 wrote to memory of 2732	3332	Solar Tweaks.exe	83
PID 3332 wrote to memory of 2732	3332	Solar Tweaks.exe	83
PID 3332 wrote to memory of 2732	3332	Solar Tweaks.exe	83
PID 3332 wrote to memory of 2732	3332	Solar Tweaks.exe	83
PID 3332 wrote to memory of 2732	3332	Solar Tweaks.exe	83
PID 3332 wrote to memory of 2732	3332	Solar Tweaks.exe	83
PID 3332 wrote to memory of 2732	3332	Solar Tweaks.exe	83
PID 3332 wrote to memory of 2732	3332	Solar Tweaks.exe	83
PID 3332 wrote to memory of 2732	3332	Solar Tweaks.exe	83
PID 3332 wrote to memory of 2732	3332	Solar Tweaks.exe	83
PID 3332 wrote to memory of 2732	3332	Solar Tweaks.exe	83
PID 3332 wrote to memory of 2732	3332	Solar Tweaks.exe	83
PID 3332 wrote to memory of 2732	3332	Solar Tweaks.exe	83
PID 3332 wrote to memory of 2732	3332	Solar Tweaks.exe	83
PID 3332 wrote to memory of 2732	3332	Solar Tweaks.exe	83
PID 3332 wrote to memory of 2732	3332	Solar Tweaks.exe	83
PID 3332 wrote to memory of 2732	3332	Solar Tweaks.exe	83
PID 3332 wrote to memory of 2732	3332	Solar Tweaks.exe	83
PID 3332 wrote to memory of 2732	3332	Solar Tweaks.exe	83
PID 3332 wrote to memory of 2732	3332	Solar Tweaks.exe	83
PID 3332 wrote to memory of 2732	3332	Solar Tweaks.exe	83
PID 3332 wrote to memory of 2732	3332	Solar Tweaks.exe	83
PID 3332 wrote to memory of 2732	3332	Solar Tweaks.exe	83
PID 3332 wrote to memory of 2732	3332	Solar Tweaks.exe	83
PID 3332 wrote to memory of 2732	3332	Solar Tweaks.exe	83
PID 3332 wrote to memory of 2732	3332	Solar Tweaks.exe	83
PID 3332 wrote to memory of 2732	3332	Solar Tweaks.exe	83
PID 3332 wrote to memory of 2732	3332	Solar Tweaks.exe	83
PID 3332 wrote to memory of 2732	3332	Solar Tweaks.exe	83
PID 3332 wrote to memory of 2732	3332	Solar Tweaks.exe	83
PID 3332 wrote to memory of 2732	3332	Solar Tweaks.exe	83
PID 3332 wrote to memory of 2732	3332	Solar Tweaks.exe	83
PID 3332 wrote to memory of 2732	3332	Solar Tweaks.exe	83
PID 3332 wrote to memory of 2732	3332	Solar Tweaks.exe	83
PID 3332 wrote to memory of 2732	3332	Solar Tweaks.exe	83
PID 3332 wrote to memory of 1008	3332	Solar Tweaks.exe	84
PID 3332 wrote to memory of 1008	3332	Solar Tweaks.exe	84
PID 3332 wrote to memory of 4604	3332	Solar Tweaks.exe	85
PID 3332 wrote to memory of 4604	3332	Solar Tweaks.exe	85
PID 3332 wrote to memory of 3888	3332	Solar Tweaks.exe	87
PID 3332 wrote to memory of 3888	3332	Solar Tweaks.exe	87

C:\Users\Admin\AppData\Local\Temp\Solar-Tweaks-Setup-4.2.0.exe
"C:\Users\Admin\AppData\Local\Temp\Solar-Tweaks-Setup-4.2.0.exe"
1⤵
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:3820

C:\Program Files\Solar Tweaks\Solar Tweaks.exe
"C:\Program Files\Solar Tweaks\Solar Tweaks.exe"
1⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Modifies system certificate store
- Suspicious use of WriteProcessMemory
PID:3332
- C:\Program Files\Solar Tweaks\Solar Tweaks.exe
  "C:\Program Files\Solar Tweaks\Solar Tweaks.exe" --type=gpu-process --field-trial-handle=1996,6106947550645857884,11604645742421518875,131072 --disable-features=CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1980 /prefetch:2
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:2732
- C:\Program Files\Solar Tweaks\Solar Tweaks.exe
  "C:\Program Files\Solar Tweaks\Solar Tweaks.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1996,6106947550645857884,11604645742421518875,131072 --disable-features=CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --lang=es --service-sandbox-type=none --standard-schemes=app --secure-schemes=app --bypasscsp-schemes --cors-schemes --fetch-schemes --service-worker-schemes --streaming-schemes --mojo-platform-channel-handle=2476 /prefetch:8
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: EnumeratesProcesses
  PID:1008
- C:\Program Files\Solar Tweaks\Solar Tweaks.exe
  "C:\Program Files\Solar Tweaks\Solar Tweaks.exe" --type=renderer --field-trial-handle=1996,6106947550645857884,11604645742421518875,131072 --disable-features=CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --lang=es --standard-schemes=app --secure-schemes=app --bypasscsp-schemes --cors-schemes --fetch-schemes --service-worker-schemes --streaming-schemes --app-path="C:\Program Files\Solar Tweaks\resources\app.asar" --no-sandbox --no-zygote --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=3 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2704 /prefetch:1
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: EnumeratesProcesses
  PID:4604
- C:\Program Files\Solar Tweaks\Solar Tweaks.exe
  "C:\Program Files\Solar Tweaks\Solar Tweaks.exe" --type=gpu-process --field-trial-handle=1996,6106947550645857884,11604645742421518875,131072 --disable-features=CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2528 /prefetch:2
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: EnumeratesProcesses
  PID:3888

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3976

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

T1130

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Solar Tweaks\D3DCompiler_47.dll

Filesize
4.3MB

MD5
7641e39b7da4077084d2afe7c31032e0

SHA1
2256644f69435ff2fee76deb04d918083960d1eb

SHA256
44422e6936dc72b7ac5ed16bb8bcae164b7554513e52efb66a3e942cec328a47

SHA512
8010e1cb17fa18bbf72d8344e1d63ded7cef7be6e7c13434fa6d8e22ce1d58a4d426959bdcb031502d4b145e29cb111af929fcbc66001111fbc6d7a19e8800a5

Download Submit
C:\Program Files\Solar Tweaks\Solar Tweaks.exe

Filesize
130.1MB

MD5
b7cd0e6338eea04671d96dc170749be3

SHA1
99ccfefb5d283e37f488c78112fcb9e9418d6798

SHA256
b922365aa35ae4352b0fec087219efca5b6173adba2d0a475b336a2fc6e36fad

SHA512
1f1b70563cb97ca3e6a6dd25a50d3b59da265539a011d7b4b99d17f09d2145c6469d55a589978c3f657f78225083ae8d4e1ba208195924967ffc5ffa4b8b7943

Download Submit
C:\Program Files\Solar Tweaks\Solar Tweaks.exe

Filesize
130.1MB

MD5
b7cd0e6338eea04671d96dc170749be3

SHA1
99ccfefb5d283e37f488c78112fcb9e9418d6798

SHA256
b922365aa35ae4352b0fec087219efca5b6173adba2d0a475b336a2fc6e36fad

SHA512
1f1b70563cb97ca3e6a6dd25a50d3b59da265539a011d7b4b99d17f09d2145c6469d55a589978c3f657f78225083ae8d4e1ba208195924967ffc5ffa4b8b7943

Download Submit
C:\Program Files\Solar Tweaks\Solar Tweaks.exe

Filesize
130.1MB

MD5
b7cd0e6338eea04671d96dc170749be3

SHA1
99ccfefb5d283e37f488c78112fcb9e9418d6798

SHA256
b922365aa35ae4352b0fec087219efca5b6173adba2d0a475b336a2fc6e36fad

SHA512
1f1b70563cb97ca3e6a6dd25a50d3b59da265539a011d7b4b99d17f09d2145c6469d55a589978c3f657f78225083ae8d4e1ba208195924967ffc5ffa4b8b7943

Download Submit
C:\Program Files\Solar Tweaks\Solar Tweaks.exe

Filesize
130.1MB

MD5
b7cd0e6338eea04671d96dc170749be3

SHA1
99ccfefb5d283e37f488c78112fcb9e9418d6798

SHA256
b922365aa35ae4352b0fec087219efca5b6173adba2d0a475b336a2fc6e36fad

SHA512
1f1b70563cb97ca3e6a6dd25a50d3b59da265539a011d7b4b99d17f09d2145c6469d55a589978c3f657f78225083ae8d4e1ba208195924967ffc5ffa4b8b7943

Download Submit
C:\Program Files\Solar Tweaks\Solar Tweaks.exe

Filesize
130.1MB

MD5
b7cd0e6338eea04671d96dc170749be3

SHA1
99ccfefb5d283e37f488c78112fcb9e9418d6798

SHA256
b922365aa35ae4352b0fec087219efca5b6173adba2d0a475b336a2fc6e36fad

SHA512
1f1b70563cb97ca3e6a6dd25a50d3b59da265539a011d7b4b99d17f09d2145c6469d55a589978c3f657f78225083ae8d4e1ba208195924967ffc5ffa4b8b7943

Download Submit
C:\Program Files\Solar Tweaks\Solar Tweaks.exe

Filesize
130.1MB

MD5
b7cd0e6338eea04671d96dc170749be3

SHA1
99ccfefb5d283e37f488c78112fcb9e9418d6798

SHA256
b922365aa35ae4352b0fec087219efca5b6173adba2d0a475b336a2fc6e36fad

SHA512
1f1b70563cb97ca3e6a6dd25a50d3b59da265539a011d7b4b99d17f09d2145c6469d55a589978c3f657f78225083ae8d4e1ba208195924967ffc5ffa4b8b7943

Download Submit
C:\Program Files\Solar Tweaks\Solar Tweaks.exe

Filesize
130.1MB

MD5
b7cd0e6338eea04671d96dc170749be3

SHA1
99ccfefb5d283e37f488c78112fcb9e9418d6798

SHA256
b922365aa35ae4352b0fec087219efca5b6173adba2d0a475b336a2fc6e36fad

SHA512
1f1b70563cb97ca3e6a6dd25a50d3b59da265539a011d7b4b99d17f09d2145c6469d55a589978c3f657f78225083ae8d4e1ba208195924967ffc5ffa4b8b7943

Download Submit
C:\Program Files\Solar Tweaks\chrome_100_percent.pak

Filesize
138KB

MD5
03aaa4f8525ba4b3e30d2a02cb40ab7a

SHA1
dd9ae5f8b56d317c71d0a0a738f5d4a320a02085

SHA256
c3f131faeefab4f506bf61c4b7752a6481f320429731d758ef5413a2f71441f7

SHA512
c89a1b89b669602ba7c8bf2c004755cac7320189603fecb4f4c5cf7a36db72da651c7b613607146f0c6da9eec5df412c7fba75475352192351c02aebdaa7d9a9

Download Submit
C:\Program Files\Solar Tweaks\chrome_200_percent.pak

Filesize
202KB

MD5
7d4f330a5443eadf32e041c63e7e70ad

SHA1
26ce6fb98c0f28f508d7b88cf94a442b81e80c88

SHA256
b8704be578e7396ee3f2188d0c87d0ede5c5702e9bb8c841b5f8d458abf1356d

SHA512
f1b9b0dd7396863aa0feca06175b7f9ea0be4122351ecf0a0549ee4c34f85ac8c63cc927d7409a40b6e19fa91d2cb00a145616ba19f47045b2345bfbc2d4802d

Download Submit
C:\Program Files\Solar Tweaks\d3dcompiler_47.dll

Filesize
4.3MB

MD5
7641e39b7da4077084d2afe7c31032e0

SHA1
2256644f69435ff2fee76deb04d918083960d1eb

SHA256
44422e6936dc72b7ac5ed16bb8bcae164b7554513e52efb66a3e942cec328a47

SHA512
8010e1cb17fa18bbf72d8344e1d63ded7cef7be6e7c13434fa6d8e22ce1d58a4d426959bdcb031502d4b145e29cb111af929fcbc66001111fbc6d7a19e8800a5

Download Submit
C:\Program Files\Solar Tweaks\ffmpeg.dll

Filesize
2.6MB

MD5
7c3c780de9ae5cc4abeccbd7cb6b367b

SHA1
bda27b3c0b1ec023e2a0a97099a84b10e04cb135

SHA256
39293258d5a2418841edb5ccf9ab3ad23064fb95e1ddfa7a3c6295a24c272a08

SHA512
80a79f827c3154461158ec6f466db0c2ecd9ce9ffd7728001644d4cf382721d09c0758f98f73d7fa548e4e220ffd2b8842303d67a43e79b9146e8b882853658c

Download Submit
C:\Program Files\Solar Tweaks\ffmpeg.dll

Filesize
2.6MB

MD5
7c3c780de9ae5cc4abeccbd7cb6b367b

SHA1
bda27b3c0b1ec023e2a0a97099a84b10e04cb135

SHA256
39293258d5a2418841edb5ccf9ab3ad23064fb95e1ddfa7a3c6295a24c272a08

SHA512
80a79f827c3154461158ec6f466db0c2ecd9ce9ffd7728001644d4cf382721d09c0758f98f73d7fa548e4e220ffd2b8842303d67a43e79b9146e8b882853658c

Download Submit
C:\Program Files\Solar Tweaks\ffmpeg.dll

Filesize
2.6MB

MD5
7c3c780de9ae5cc4abeccbd7cb6b367b

SHA1
bda27b3c0b1ec023e2a0a97099a84b10e04cb135

SHA256
39293258d5a2418841edb5ccf9ab3ad23064fb95e1ddfa7a3c6295a24c272a08

SHA512
80a79f827c3154461158ec6f466db0c2ecd9ce9ffd7728001644d4cf382721d09c0758f98f73d7fa548e4e220ffd2b8842303d67a43e79b9146e8b882853658c

Download Submit
C:\Program Files\Solar Tweaks\ffmpeg.dll

Filesize
2.6MB

MD5
7c3c780de9ae5cc4abeccbd7cb6b367b

SHA1
bda27b3c0b1ec023e2a0a97099a84b10e04cb135

SHA256
39293258d5a2418841edb5ccf9ab3ad23064fb95e1ddfa7a3c6295a24c272a08

SHA512
80a79f827c3154461158ec6f466db0c2ecd9ce9ffd7728001644d4cf382721d09c0758f98f73d7fa548e4e220ffd2b8842303d67a43e79b9146e8b882853658c

Download Submit
C:\Program Files\Solar Tweaks\ffmpeg.dll

Filesize
2.6MB

MD5
7c3c780de9ae5cc4abeccbd7cb6b367b

SHA1
bda27b3c0b1ec023e2a0a97099a84b10e04cb135

SHA256
39293258d5a2418841edb5ccf9ab3ad23064fb95e1ddfa7a3c6295a24c272a08

SHA512
80a79f827c3154461158ec6f466db0c2ecd9ce9ffd7728001644d4cf382721d09c0758f98f73d7fa548e4e220ffd2b8842303d67a43e79b9146e8b882853658c

Download Submit
C:\Program Files\Solar Tweaks\ffmpeg.dll

Filesize
2.6MB

MD5
7c3c780de9ae5cc4abeccbd7cb6b367b

SHA1
bda27b3c0b1ec023e2a0a97099a84b10e04cb135

SHA256
39293258d5a2418841edb5ccf9ab3ad23064fb95e1ddfa7a3c6295a24c272a08

SHA512
80a79f827c3154461158ec6f466db0c2ecd9ce9ffd7728001644d4cf382721d09c0758f98f73d7fa548e4e220ffd2b8842303d67a43e79b9146e8b882853658c

Download Submit
C:\Program Files\Solar Tweaks\icudtl.dat

Filesize
9.9MB

MD5
80a7528515595d8b0bf99a477a7eff0d

SHA1
fde9a195fc5a6a23ec82b8594f958cfcf3159437

SHA256
6e0b6b0d9e14c905f2278dbf25b7bb58cc0622b7680e3b6ff617a1d42348736b

SHA512
c8df47a00f7b2472d272a26b3600b7e82be7ca22526d6453901ff06370b3abb66328655868db9d4e0a11dcba02e3788cc4883261fd9a7d3e521577dde1b88459

Download Submit
C:\Program Files\Solar Tweaks\locales\es.pak

Filesize
105KB

MD5
4acad14261fa458cbc61451f4255c891

SHA1
bfbf2429190b85f692bc97d12822cedd53a70742

SHA256
b927984d25359f3d7a20d71aa4b16d2ec4c574461177825b5221865f416d1e71

SHA512
24a71134f5c8f3e03b29491e11d0d0d2b9988c2528593c753893986c6db6ff2bd88e2e5389b086e0785e24141894441efe3db976111e2ad5ee5afbf7374fec1d

Download Submit
C:\Program Files\Solar Tweaks\resources.pak

Filesize
4.9MB

MD5
91f8a4b158df6967163ccbbe765e095a

SHA1
95db67f0a2352fd898f4a4cfdfc860f6a9c58c87

SHA256
a30b8269e588c6cc2cea5fd4685da3012fd10451edb59a283005116f8e033182

SHA512
6450d75d53f24d11e1c1e7e3cacfc57ee9dd09c00ca0dc2ff30f580b59a6b17e7ad7d96682195bd7d806b49068653538c77ca4200491560cecff128a0b012d92

Download Submit
C:\Program Files\Solar Tweaks\resources\app.asar

Filesize
6.0MB

MD5
9c12e7fb205f75b66a6ee62e4ca92a9b

SHA1
8e9976b84c9bf1827bb96fc61c0b7dc96e2f596e

SHA256
a8018e6d6af92f4e0a19b35fafc1d47a3362045335f4bf50da1af3adf34e5f50

SHA512
2e49f8568506ae002dba30badd7a137f07d3e90949d93c2d741e166e53c752ada9bccd970c5a9f55cde54f8c4f53cc2d6dd6b908c6300e2c172d911c10dda029

Download Submit
C:\Program Files\Solar Tweaks\swiftshader\libEGL.dll

Filesize
448KB

MD5
038a73114d439bfc94be4732b2794998

SHA1
4b7a9d52da1bd808af979cf5cfb146404494317a

SHA256
b1054e0dc2ab31a7cf3cd7f3dae07b1ec31acd42c157be13ce47ea870840f0cc

SHA512
8788e43de424e1d7a163d0b7f4d719c36bf8fdee9808d405aeb05993c446d4f2a595741cb4d98f5e9611cd16d09de9445bf72176a799f4189168bb8509b115ff

Download Submit
C:\Program Files\Solar Tweaks\swiftshader\libGLESv2.dll

Filesize
3.1MB

MD5
38ec86347b3e467c5868e35ab48f89f2

SHA1
4db17d065cc330b277a70f9fb8dff0c4b426f314

SHA256
2e10d308d0207835b07df3bb38bee88300aa57fcb214051e8654d29587257744

SHA512
2b2405ed51ea1d232f2d60072e4f57e70f36f1a8f9d0a935772bfb9a3be50c1d6136cee496fde9fb3dda1f0d2f1c643cb9f162e0b68828ff854645eb1e8216f4

Download Submit
C:\Program Files\Solar Tweaks\swiftshader\libegl.dll

Filesize
448KB

MD5
038a73114d439bfc94be4732b2794998

SHA1
4b7a9d52da1bd808af979cf5cfb146404494317a

SHA256
b1054e0dc2ab31a7cf3cd7f3dae07b1ec31acd42c157be13ce47ea870840f0cc

SHA512
8788e43de424e1d7a163d0b7f4d719c36bf8fdee9808d405aeb05993c446d4f2a595741cb4d98f5e9611cd16d09de9445bf72176a799f4189168bb8509b115ff

Download Submit
C:\Program Files\Solar Tweaks\swiftshader\libglesv2.dll

Filesize
3.1MB

MD5
38ec86347b3e467c5868e35ab48f89f2

SHA1
4db17d065cc330b277a70f9fb8dff0c4b426f314

SHA256
2e10d308d0207835b07df3bb38bee88300aa57fcb214051e8654d29587257744

SHA512
2b2405ed51ea1d232f2d60072e4f57e70f36f1a8f9d0a935772bfb9a3be50c1d6136cee496fde9fb3dda1f0d2f1c643cb9f162e0b68828ff854645eb1e8216f4

Download Submit
C:\Program Files\Solar Tweaks\v8_context_snapshot.bin

Filesize
161KB

MD5
e47426f88649c7f8e27b8a1516cc0137

SHA1
5452aadfddbc55d6c5c18b801087e39529859b12

SHA256
09686ad5bf03d95de7c251d204e60a8e3824bd6420bedddee80b2c6e5609fb26

SHA512
f9647a35ff273ca622b3db4aefb9aaf75075386c42a31e085f916fc82f3a18fed25b0e05dcc09e678ca419408f59f0c34fa5762e5f945db35f9c6f67b7b94bc0

Download Submit
C:\Users\Admin\.lunarclient\solartweaks\logs\launcher-latest.log

Filesize
302B

MD5
badc84ff417c05b91f3481a27cb6b800

SHA1
b6bbc064555a17032ea0314230274a4065adb50f

SHA256
5b2398b2406375119341a420162fa499e6a1b32155230f86ca13729b7f98c816

SHA512
199ed06713d20a7b3e709bffbee0acd6cfb5906131a93f2a2dff8d0b3887cecaa09be3e91773194de21183d556d9a6c8e9662015a5195140c943cb9b995eccd4

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh24BA.tmp\SpiderBanner.dll

Filesize
9KB

MD5
17309e33b596ba3a5693b4d3e85cf8d7

SHA1
7d361836cf53df42021c7f2b148aec9458818c01

SHA256
996a259e53ca18b89ec36d038c40148957c978c0fd600a268497d4c92f882a93

SHA512
1abac3ce4f2d5e4a635162e16cf9125e059ba1539f70086c2d71cd00d41a6e2a54d468e6f37792e55a822d7082fb388b8dfecc79b59226bbb047b7d28d44d298

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh24BA.tmp\StdUtils.dll

Filesize
100KB

MD5
c6a6e03f77c313b267498515488c5740

SHA1
3d49fc2784b9450962ed6b82b46e9c3c957d7c15

SHA256
b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e

SHA512
9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh24BA.tmp\StdUtils.dll

Filesize
100KB

MD5
c6a6e03f77c313b267498515488c5740

SHA1
3d49fc2784b9450962ed6b82b46e9c3c957d7c15

SHA256
b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e

SHA512
9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh24BA.tmp\System.dll

Filesize
12KB

MD5
0d7ad4f45dc6f5aa87f606d0331c6901

SHA1
48df0911f0484cbe2a8cdd5362140b63c41ee457

SHA256
3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca

SHA512
c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh24BA.tmp\WinShell.dll

Filesize
3KB

MD5
1cc7c37b7e0c8cd8bf04b6cc283e1e56

SHA1
0b9519763be6625bd5abce175dcc59c96d100d4c

SHA256
9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6

SHA512
7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh24BA.tmp\WinShell.dll

Filesize
3KB

MD5
1cc7c37b7e0c8cd8bf04b6cc283e1e56

SHA1
0b9519763be6625bd5abce175dcc59c96d100d4c

SHA256
9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6

SHA512
7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh24BA.tmp\WinShell.dll

Filesize
3KB

MD5
1cc7c37b7e0c8cd8bf04b6cc283e1e56

SHA1
0b9519763be6625bd5abce175dcc59c96d100d4c

SHA256
9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6

SHA512
7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh24BA.tmp\WinShell.dll

Filesize
3KB

MD5
1cc7c37b7e0c8cd8bf04b6cc283e1e56

SHA1
0b9519763be6625bd5abce175dcc59c96d100d4c

SHA256
9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6

SHA512
7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh24BA.tmp\WinShell.dll

Filesize
3KB

MD5
1cc7c37b7e0c8cd8bf04b6cc283e1e56

SHA1
0b9519763be6625bd5abce175dcc59c96d100d4c

SHA256
9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6

SHA512
7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh24BA.tmp\nsProcess.dll

Filesize
4KB

MD5
f0438a894f3a7e01a4aae8d1b5dd0289

SHA1
b058e3fcfb7b550041da16bf10d8837024c38bf6

SHA256
30c6c3dd3cc7fcea6e6081ce821adc7b2888542dae30bf00e881c0a105eb4d11

SHA512
f91fcea19cbddf8086affcb63fe599dc2b36351fc81ac144f58a80a524043ddeaa3943f36c86ebae45dd82e8faf622ea7b7c9b776e74c54b93df2963cfe66cc7

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh24BA.tmp\nsProcess.dll

Filesize
4KB

MD5
f0438a894f3a7e01a4aae8d1b5dd0289

SHA1
b058e3fcfb7b550041da16bf10d8837024c38bf6

SHA256
30c6c3dd3cc7fcea6e6081ce821adc7b2888542dae30bf00e881c0a105eb4d11

SHA512
f91fcea19cbddf8086affcb63fe599dc2b36351fc81ac144f58a80a524043ddeaa3943f36c86ebae45dd82e8faf622ea7b7c9b776e74c54b93df2963cfe66cc7

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh24BA.tmp\nsis7z.dll

Filesize
424KB

MD5
80e44ce4895304c6a3a831310fbf8cd0

SHA1
36bd49ae21c460be5753a904b4501f1abca53508

SHA256
b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592

SHA512
c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df

Download Submit
C:\Users\Admin\AppData\Roaming\solartweaks\Network Persistent State

Filesize
1KB

MD5
29489f893e816ade7e3553bab9c3ace8

SHA1
0b8548b66a9957d95f73547af425034e01e3e6a7

SHA256
e3d8e48e057f6e8a1a46a918bb47a15a26d04adb8ddca13ed23eebd266ff339d

SHA512
03c172102d08b8449133627963268c0cb9f818a09ff5342c0653dceb08cc885f58817233ffa9eeff5ad1d04925d421b9855bb8cefa335476c4120c9b03b017ab

Download Submit
C:\Users\Admin\AppData\Roaming\solartweaks\Network Persistent State~RFe597209.TMP

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Roaming\solartweaks\settings.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Roaming\solartweaks\settings.json

Filesize
469B

MD5
314b7c7236071b55b52464a7bc9fe03a

SHA1
a5a534f406ecc2e53f4b433b7549a2b0ceffa125

SHA256
4f6e6459cf8e736d6d71049937027a1d2e400a76b54bb1246cee9fda820b5a11

SHA512
d3184858dd13daaf2e5a3851e96ac6286e3bdbe54233130c2e43699dd88985ea07ac48bb10e8f961219aa706043ca8a72aae32ec135510813be9a2c8d0ab10f1

Download Submit
C:\Users\Admin\AppData\Roaming\solartweaks\settings.json

Filesize
493B

MD5
edbcbd231c2186d5bd53cde7258baf5d

SHA1
f41b10d1147820156f4adef21e26af7cca4566e9

SHA256
1746979f7ca58c2ba6a34821af3429d1330b2efb19d8c57152138a9e7d489a87

SHA512
85932c5f43f6f59e2c06a7f22075cbc1a7c1cb2729fc0513a2dcae4548caea1838fed1c7de18274277a435767123f0a7cf2a23b87f2cf4e2c48a0a622aa53134

Download Submit
C:\Users\Admin\AppData\Roaming\solartweaks\settings.json

Filesize
515B

MD5
ac0c3e6ec6263000b467558f7392cb29

SHA1
753aaf5333d56bdf504f068a09e9ce28950a258e

SHA256
d5ea7c2c201bb58ad091e4daa7fac1bd54cf4414335141bee5c836847f5eab54

SHA512
dc9aed010a6458e05429be6bb28b31585942251619bd942c4b9c33579afe6a5df0e5822e69d9a2e53c5df65369e9725965e47573be1539d44cb685015570dac2

Download Submit
C:\Users\Admin\AppData\Roaming\solartweaks\settings.json

Filesize
536B

MD5
c3356663cde6458ad946c82b7a6c5e80

SHA1
b15d79d196ccafdfbda53a6753c4b03879c76630

SHA256
83d367797cfc5a8a8a95fa3a6560e70c0e5555e6ae1177975acdbbb2539f4188

SHA512
c9accf43a001a5d330f1778f7ae785fcef47bacc4bcea7902b3707b27d9ae69870d8e4a0fcc528101040167dd483aa00a0aa7b57d0a5c2578ae2b7e5999e23fc

Download Submit
C:\Users\Admin\AppData\Roaming\solartweaks\settings.json

Filesize
1KB

MD5
5b9fe80564ee533438b2aaefe8495c35

SHA1
97cc1ac830eeb88edbac54d330a686fb5d026eab

SHA256
33bf00eb61b3e3e0b632c86b62782f1f1504317741a9228150ef264ec49a0aea

SHA512
5ea906471879eea94ea2ab9b038f7530dcc1ddedbf2d1f4e333aa0437f556638c53ec873eff17b364fceb33420e5ff4c5fa73f9b3a4e1d9b07ba7cca337ec7d2

Download Submit
C:\Users\Admin\AppData\Roaming\solartweaks\settings.json

Filesize
1KB

MD5
df8e6770d3b1986951afdf71824b315e

SHA1
655c24f91793f8d2da7fc01ef141f4cc20cd0cf2

SHA256
96e4f738d028ebe1ff9056107e3d42ceb1f781d4c19824714cf9a5d68805158e

SHA512
afbb0c1d0d669960d761812f264d885a4a3fcb52a6af31b110276f6f721c59d2d62a5c295d2f22ac6966ccfce6ad6cc7080f270a52f56a607a126c7bb7c80e82

Download Submit
C:\Users\Admin\AppData\Roaming\solartweaks\settings.json

Filesize
1KB

MD5
6b03d21763e7edf58ace3688cf7dd8f3

SHA1
7351bbe010c4b94aa57b0d0f2b97ba77db824873

SHA256
ef0b1a32d5c0a695cf471c6db1f4aa4fcd8d8ae243f51e63e999b1155dd564f3

SHA512
4844365ee7deaa844fd9bfe2a762fd7df8347d1a56d4900c673890df76d9597c74da282ec2d56dc5d159a0d5878fcceabd58dfe3db7e4e1459ab0f30e8b4aa96

Download Submit
C:\Users\Admin\AppData\Roaming\solartweaks\settings.json

Filesize
1KB

MD5
0a7ee5889db0e10c9d4b4a08548860e7

SHA1
ad6e7e89fc3c38c958d483d74375942898c820e5

SHA256
163e4973d0bc383fb3094af8ba0463c809316a6054e4ec1c5a80e75c9e61df14

SHA512
b890b8647747a5b3a76bb090314f791c0be0107142cb6343da30926ad4a0390797654ba21e29d9ff9209515c8fd6086be1a5e6ed9ad1e55a20fcf81315bf3e12

Download Submit
C:\Users\Admin\AppData\Roaming\solartweaks\settings.json

Filesize
1KB

MD5
65fe623e29743c39ce58a52202cf510e

SHA1
71dd4fbbe00adc97274dd1fefd71a4efaee5664a

SHA256
a6486c2f8589bf03f01518c5bf73f0035e1571548314d45cf3e3d417818e2fb0

SHA512
ddbc44733bd0cc094da5c0700cc2ca824dcbb6d8d87f5a9226cd68b90444522ac0d6d085420cb3616d4a69a91d2ca8210aef83aed5f3b7c3812e2f45558daefe

Download Submit
memory/2732-550-0x000001F2E52B0000-0x000001F2E59EF000-memory.dmp

Filesize
7.2MB

Download
memory/2732-365-0x00007FFBFED10000-0x00007FFBFED11000-memory.dmp

Filesize
4KB

Download