Overview
overview
7Static
static
3Solar-Twea...ns.exe
windows11-21h2-x64
7$PLUGINSDI...er.dll
windows11-21h2-x64
1$PLUGINSDI...ls.dll
windows11-21h2-x64
3$PLUGINSDI...em.dll
windows11-21h2-x64
3$PLUGINSDI...ll.dll
windows11-21h2-x64
3LICENSES.c...m.html
windows11-21h2-x64
1Solar Tweaks.exe
windows11-21h2-x64
1d3dcompiler_47.dll
windows11-21h2-x64
1ffmpeg.dll
windows11-21h2-x64
1libEGL.dll
windows11-21h2-x64
1libGLESv2.dll
windows11-21h2-x64
1resources/app.js
windows11-21h2-x64
3resources/elevate.exe
windows11-21h2-x64
1swiftshade...GL.dll
windows11-21h2-x64
1swiftshade...v2.dll
windows11-21h2-x64
1vk_swiftshader.dll
windows11-21h2-x64
1vulkan-1.dll
windows11-21h2-x64
1$PLUGINSDI...ec.dll
windows11-21h2-x64
3$PLUGINSDI...7z.dll
windows11-21h2-x64
3Uninstall ...ks.exe
windows11-21h2-x64
7$PLUGINSDI...ls.dll
windows11-21h2-x64
3$PLUGINSDI...em.dll
windows11-21h2-x64
3$PLUGINSDI...ll.dll
windows11-21h2-x64
3$PLUGINSDI...ec.dll
windows11-21h2-x64
3Analysis
-
max time kernel
148s -
max time network
152s -
platform
windows11-21h2_x64 -
resource
win11-20240508-en -
resource tags
arch:x64arch:x86image:win11-20240508-enlocale:en-usos:windows11-21h2-x64system -
submitted
03-06-2024 11:05
Static task
static1
Behavioral task
behavioral1
Sample
Solar-Tweaks-Client-Launcher-All-Versions.exe
Resource
win11-20240508-en
Behavioral task
behavioral2
Sample
$PLUGINSDIR/SpiderBanner.dll
Resource
win11-20240508-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/StdUtils.dll
Resource
win11-20240419-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/System.dll
Resource
win11-20240426-en
Behavioral task
behavioral5
Sample
$PLUGINSDIR/WinShell.dll
Resource
win11-20240508-en
Behavioral task
behavioral6
Sample
LICENSES.chromium.html
Resource
win11-20240508-en
Behavioral task
behavioral7
Sample
Solar Tweaks.exe
Resource
win11-20240508-en
Behavioral task
behavioral8
Sample
d3dcompiler_47.dll
Resource
win11-20240426-en
Behavioral task
behavioral9
Sample
ffmpeg.dll
Resource
win11-20240426-en
Behavioral task
behavioral10
Sample
libEGL.dll
Resource
win11-20240426-en
Behavioral task
behavioral11
Sample
libGLESv2.dll
Resource
win11-20240426-en
Behavioral task
behavioral12
Sample
resources/app.js
Resource
win11-20240508-en
Behavioral task
behavioral13
Sample
resources/elevate.exe
Resource
win11-20240426-en
Behavioral task
behavioral14
Sample
swiftshader/libEGL.dll
Resource
win11-20240426-en
Behavioral task
behavioral15
Sample
swiftshader/libGLESv2.dll
Resource
win11-20240508-en
Behavioral task
behavioral16
Sample
vk_swiftshader.dll
Resource
win11-20240419-en
Behavioral task
behavioral17
Sample
vulkan-1.dll
Resource
win11-20240508-en
Behavioral task
behavioral18
Sample
$PLUGINSDIR/nsExec.dll
Resource
win11-20240426-en
Behavioral task
behavioral19
Sample
$PLUGINSDIR/nsis7z.dll
Resource
win11-20240508-en
Behavioral task
behavioral20
Sample
Uninstall Solar Tweaks.exe
Resource
win11-20240508-en
Behavioral task
behavioral21
Sample
$PLUGINSDIR/StdUtils.dll
Resource
win11-20240508-en
Behavioral task
behavioral22
Sample
$PLUGINSDIR/System.dll
Resource
win11-20240426-en
Behavioral task
behavioral23
Sample
$PLUGINSDIR/WinShell.dll
Resource
win11-20240426-en
Behavioral task
behavioral24
Sample
$PLUGINSDIR/nsExec.dll
Resource
win11-20240426-en
General
-
Target
Solar-Tweaks-Client-Launcher-All-Versions.exe
-
Size
60.3MB
-
MD5
ed4a1a4fc71c4cfd4ff37bfd00114b7b
-
SHA1
581a8f1c303c0d592083b4649dd1819e8394efee
-
SHA256
1c2d92a970c392e744075679363c85a95ab97a28a22ce6431fbaa206d9ac33e3
-
SHA512
8aa009204b3723af95a2d339f8405a6462c2b2f179f544db02a35bdf095c52ae74a2af128d2facd6ca114c5a0dd1ef50b0ae785917f7e1f0d5ba02b25f8f62d0
-
SSDEEP
1572864:aV1s9gPNzITDH7QDv2zFZJTCT6MR9L0T+woseEM:aV1sUUXcL2zfNwbnLddEM
Malware Config
Signatures
-
Executes dropped EXE 5 IoCs
Processes:
Solar Tweaks.exeSolar Tweaks.exeSolar Tweaks.exeSolar Tweaks.exeSolar Tweaks.exepid process 2792 Solar Tweaks.exe 2788 Solar Tweaks.exe 1884 Solar Tweaks.exe 2096 Solar Tweaks.exe 1468 Solar Tweaks.exe -
Loads dropped DLL 15 IoCs
Processes:
Solar-Tweaks-Client-Launcher-All-Versions.exeSolar Tweaks.exeSolar Tweaks.exeSolar Tweaks.exeSolar Tweaks.exeSolar Tweaks.exepid process 752 Solar-Tweaks-Client-Launcher-All-Versions.exe 752 Solar-Tweaks-Client-Launcher-All-Versions.exe 752 Solar-Tweaks-Client-Launcher-All-Versions.exe 752 Solar-Tweaks-Client-Launcher-All-Versions.exe 752 Solar-Tweaks-Client-Launcher-All-Versions.exe 752 Solar-Tweaks-Client-Launcher-All-Versions.exe 752 Solar-Tweaks-Client-Launcher-All-Versions.exe 2792 Solar Tweaks.exe 2788 Solar Tweaks.exe 1884 Solar Tweaks.exe 2096 Solar Tweaks.exe 2788 Solar Tweaks.exe 2788 Solar Tweaks.exe 2788 Solar Tweaks.exe 1468 Solar Tweaks.exe -
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Enumerates processes with tasklist 1 TTPs 1 IoCs
-
Processes:
Solar Tweaks.exedescription ioc process Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 1900000001000000100000002aa1c05e2ae606f198c2c5e937c97aa2030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e3491d00000001000000100000002e0d6875874a44c820912e85e964cfdb140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b40b000000010000001c0000005300650063007400690067006f002000280041004100410029000000620000000100000020000000d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef453000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e Solar Tweaks.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B1BC968BD4F49D622AA89A81F2150152A41D829C Solar Tweaks.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B1BC968BD4F49D622AA89A81F2150152A41D829C\Blob = 0400000001000000100000003e455215095192e1b75d379fb187298a0f00000001000000140000005a6d07b6371d966a2fb6ba92828ce5512a49513d090000000100000068000000306606082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050508020206082b0601050507030606082b0601050507030706082b0601050507030906082b0601050507030106082b06010505070308530000000100000040000000303e301f06092b06010401a032010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00b000000010000003000000047006c006f00620061006c005300690067006e00200052006f006f00740020004300410020002d002000520031000000620000000100000020000000ebd41040e4bb3ec742c9e381d31ef2a41a48b6685c96e7cef3c1df6cd4331c99140000000100000014000000607b661a450d97ca89502f7d04cd34a8fffcfd4b1d00000001000000100000006ee7f3b060d10e90a31ba3471b9992367f000000010000000c000000300a06082b060105050703097a000000010000000c000000300a06082b060105050703097e00000001000000080000000000042beb77d501030000000100000014000000b1bc968bd4f49d622aa89a81f2150152a41d829c190000000100000010000000a823b4a20180beb460cab955c24d7e21200000000100000079030000308203753082025da003020102020b040000000001154b5ac394300d06092a864886f70d01010505003057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f74204341301e170d3938303930313132303030305a170d3238303132383132303030305a3057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100da0ee6998dcea3e34f8a7efbf18b83256bea481ff12ab0b9951104bdf063d1e26766cf1cddcf1b482bee8d898e9aaf298065abe9c72d12cbab1c4c7007a13d0a30cd158d4ff8ddd48c50151cef50eec42ef7fce952f2917de06dd535308e5e4373f241e9d56ae3b2893a5639386f063c88695b2a4dc5a754b86c89cc9bf93ccae5fd89f5123c927896d6dc746e934461d18dc746b2750e86e8198ad56d6cd5781695a2e9c80a38ebf224134f73549313853a1bbc1e34b58b058cb9778bb1db1f2091ab09536e90ce7b3774b97047912251631679aeb1ae412608c8192bd146aa48d6642ad78334ff2c2ac16c19434a0785e7d37cf62168efeaf2529f7f9390cf0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e04160414607b661a450d97ca89502f7d04cd34a8fffcfd4b300d06092a864886f70d01010505000382010100d673e77c4f76d08dbfecbaa2be34c52832b57cfc6c9c2c2bbd099e53bf6b5eaa1148b6e508a3b3ca3d614dd34609b33ec3a0e363551bf2baefad39e143b938a3e62f8a263befa05056f9c60afd38cdc40b705194979804dfc35f94d515c914419cc45d7564150dff5530ec868fff0def2cb96346f6aafcdfbc69fd2e1248649ae095f0a6ef298f01b115b50c1da5fe692c6924781eb3a71c7162eecac897ac175d8ac2f847866e2ac4563195d06789852bf96ca65d469d0caa82e49951dd70b7db563d61e46ae15cd6f6fe3dde41cc07ae6352bf5353f42be9c7fdb6f7825f85d24118db81b3041cc51fa4806f1520c9de0c880a1dd66655e2fc48c9292669e0 Solar Tweaks.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e14000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e80f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f631900000001000000100000002fe1f70bb05d7c92335bc5e05b984da620000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827 Solar Tweaks.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13 Solar Tweaks.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 1900000001000000100000006cf252fec3e8f20996de5d4dd9aef4240f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d090000000100000042000000304006082b06010505070302060a2b0601040182370a030c060a2b0601040182370a030406082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000000687260331a72403d909f105e69bcf0d32e1bd2493ffc6d9206d11bcd67707390b000000010000001e000000440053005400200052006f006f0074002000430041002000580033000000140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589101d00000001000000100000004558d512eecb27464920897de7b660537f000000010000000e000000300c060a2b0601040182370a03047e000000010000000800000000c001b39667d60168000000010000000800000000409120d035d901030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c1320000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510 Solar Tweaks.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349 Solar Tweaks.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 0f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0620000000100000020000000d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef40b000000010000001c0000005300650063007400690067006f002000280041004100410029000000140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b41d00000001000000100000002e0d6875874a44c820912e85e964cfdb030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e349200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e Solar Tweaks.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B1BC968BD4F49D622AA89A81F2150152A41D829C\Blob = 5c000000010000000400000000080000190000000100000010000000a823b4a20180beb460cab955c24d7e21030000000100000014000000b1bc968bd4f49d622aa89a81f2150152a41d829c7e00000001000000080000000000042beb77d5017a000000010000000c000000300a06082b060105050703097f000000010000000c000000300a06082b060105050703091d00000001000000100000006ee7f3b060d10e90a31ba3471b999236140000000100000014000000607b661a450d97ca89502f7d04cd34a8fffcfd4b620000000100000020000000ebd41040e4bb3ec742c9e381d31ef2a41a48b6685c96e7cef3c1df6cd4331c990b000000010000003000000047006c006f00620061006c005300690067006e00200052006f006f00740020004300410020002d002000520031000000530000000100000040000000303e301f06092b06010401a032010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000068000000306606082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050508020206082b0601050507030606082b0601050507030706082b0601050507030906082b0601050507030106082b060105050703080f00000001000000140000005a6d07b6371d966a2fb6ba92828ce5512a49513d0400000001000000100000003e455215095192e1b75d379fb187298a200000000100000079030000308203753082025da003020102020b040000000001154b5ac394300d06092a864886f70d01010505003057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f74204341301e170d3938303930313132303030305a170d3238303132383132303030305a3057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100da0ee6998dcea3e34f8a7efbf18b83256bea481ff12ab0b9951104bdf063d1e26766cf1cddcf1b482bee8d898e9aaf298065abe9c72d12cbab1c4c7007a13d0a30cd158d4ff8ddd48c50151cef50eec42ef7fce952f2917de06dd535308e5e4373f241e9d56ae3b2893a5639386f063c88695b2a4dc5a754b86c89cc9bf93ccae5fd89f5123c927896d6dc746e934461d18dc746b2750e86e8198ad56d6cd5781695a2e9c80a38ebf224134f73549313853a1bbc1e34b58b058cb9778bb1db1f2091ab09536e90ce7b3774b97047912251631679aeb1ae412608c8192bd146aa48d6642ad78334ff2c2ac16c19434a0785e7d37cf62168efeaf2529f7f9390cf0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e04160414607b661a450d97ca89502f7d04cd34a8fffcfd4b300d06092a864886f70d01010505000382010100d673e77c4f76d08dbfecbaa2be34c52832b57cfc6c9c2c2bbd099e53bf6b5eaa1148b6e508a3b3ca3d614dd34609b33ec3a0e363551bf2baefad39e143b938a3e62f8a263befa05056f9c60afd38cdc40b705194979804dfc35f94d515c914419cc45d7564150dff5530ec868fff0def2cb96346f6aafcdfbc69fd2e1248649ae095f0a6ef298f01b115b50c1da5fe692c6924781eb3a71c7162eecac897ac175d8ac2f847866e2ac4563195d06789852bf96ca65d469d0caa82e49951dd70b7db563d61e46ae15cd6f6fe3dde41cc07ae6352bf5353f42be9c7fdb6f7825f85d24118db81b3041cc51fa4806f1520c9de0c880a1dd66655e2fc48c9292669e0 Solar Tweaks.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8 Solar Tweaks.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 5c0000000100000004000000001000001900000001000000100000002fe1f70bb05d7c92335bc5e05b984da60f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f63030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e814000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e20000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827 Solar Tweaks.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 0f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d090000000100000042000000304006082b06010505070302060a2b0601040182370a030c060a2b0601040182370a030406082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000000687260331a72403d909f105e69bcf0d32e1bd2493ffc6d9206d11bcd67707390b000000010000001e000000440053005400200052006f006f0074002000430041002000580033000000140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589101d00000001000000100000004558d512eecb27464920897de7b660537f000000010000000e000000300c060a2b0601040182370a03047e000000010000000800000000c001b39667d60168000000010000000800000000409120d035d901030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c1320000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510 Solar Tweaks.exe -
Suspicious behavior: EnumeratesProcesses 16 IoCs
Processes:
Solar-Tweaks-Client-Launcher-All-Versions.exetasklist.exeSolar Tweaks.exeSolar Tweaks.exeSolar Tweaks.exepid process 752 Solar-Tweaks-Client-Launcher-All-Versions.exe 752 Solar-Tweaks-Client-Launcher-All-Versions.exe 2432 tasklist.exe 2432 tasklist.exe 1884 Solar Tweaks.exe 1884 Solar Tweaks.exe 2096 Solar Tweaks.exe 2096 Solar Tweaks.exe 2096 Solar Tweaks.exe 2096 Solar Tweaks.exe 2096 Solar Tweaks.exe 2096 Solar Tweaks.exe 1468 Solar Tweaks.exe 1468 Solar Tweaks.exe 1468 Solar Tweaks.exe 1468 Solar Tweaks.exe -
Suspicious use of AdjustPrivilegeToken 2 IoCs
Processes:
tasklist.exeSolar-Tweaks-Client-Launcher-All-Versions.exedescription pid process Token: SeDebugPrivilege 2432 tasklist.exe Token: SeSecurityPrivilege 752 Solar-Tweaks-Client-Launcher-All-Versions.exe -
Suspicious use of WriteProcessMemory 55 IoCs
Processes:
Solar-Tweaks-Client-Launcher-All-Versions.execmd.exeSolar Tweaks.exedescription pid process target process PID 752 wrote to memory of 1212 752 Solar-Tweaks-Client-Launcher-All-Versions.exe cmd.exe PID 752 wrote to memory of 1212 752 Solar-Tweaks-Client-Launcher-All-Versions.exe cmd.exe PID 752 wrote to memory of 1212 752 Solar-Tweaks-Client-Launcher-All-Versions.exe cmd.exe PID 1212 wrote to memory of 2432 1212 cmd.exe tasklist.exe PID 1212 wrote to memory of 2432 1212 cmd.exe tasklist.exe PID 1212 wrote to memory of 2432 1212 cmd.exe tasklist.exe PID 1212 wrote to memory of 432 1212 cmd.exe find.exe PID 1212 wrote to memory of 432 1212 cmd.exe find.exe PID 1212 wrote to memory of 432 1212 cmd.exe find.exe PID 2792 wrote to memory of 2788 2792 Solar Tweaks.exe Solar Tweaks.exe PID 2792 wrote to memory of 2788 2792 Solar Tweaks.exe Solar Tweaks.exe PID 2792 wrote to memory of 2788 2792 Solar Tweaks.exe Solar Tweaks.exe PID 2792 wrote to memory of 2788 2792 Solar Tweaks.exe Solar Tweaks.exe PID 2792 wrote to memory of 2788 2792 Solar Tweaks.exe Solar Tweaks.exe PID 2792 wrote to memory of 2788 2792 Solar Tweaks.exe Solar Tweaks.exe PID 2792 wrote to memory of 2788 2792 Solar Tweaks.exe Solar Tweaks.exe PID 2792 wrote to memory of 2788 2792 Solar Tweaks.exe Solar Tweaks.exe PID 2792 wrote to memory of 2788 2792 Solar Tweaks.exe Solar Tweaks.exe PID 2792 wrote to memory of 2788 2792 Solar Tweaks.exe Solar Tweaks.exe PID 2792 wrote to memory of 2788 2792 Solar Tweaks.exe Solar Tweaks.exe PID 2792 wrote to memory of 2788 2792 Solar Tweaks.exe Solar Tweaks.exe PID 2792 wrote to memory of 2788 2792 Solar Tweaks.exe Solar Tweaks.exe PID 2792 wrote to memory of 2788 2792 Solar Tweaks.exe Solar Tweaks.exe PID 2792 wrote to memory of 2788 2792 Solar Tweaks.exe Solar Tweaks.exe PID 2792 wrote to memory of 2788 2792 Solar Tweaks.exe Solar Tweaks.exe PID 2792 wrote to memory of 2788 2792 Solar Tweaks.exe Solar Tweaks.exe PID 2792 wrote to memory of 2788 2792 Solar Tweaks.exe Solar Tweaks.exe PID 2792 wrote to memory of 2788 2792 Solar Tweaks.exe Solar Tweaks.exe PID 2792 wrote to memory of 2788 2792 Solar Tweaks.exe Solar Tweaks.exe PID 2792 wrote to memory of 2788 2792 Solar Tweaks.exe Solar Tweaks.exe PID 2792 wrote to memory of 2788 2792 Solar Tweaks.exe Solar Tweaks.exe PID 2792 wrote to memory of 2788 2792 Solar Tweaks.exe Solar Tweaks.exe PID 2792 wrote to memory of 2788 2792 Solar Tweaks.exe Solar Tweaks.exe PID 2792 wrote to memory of 2788 2792 Solar Tweaks.exe Solar Tweaks.exe PID 2792 wrote to memory of 2788 2792 Solar Tweaks.exe Solar Tweaks.exe PID 2792 wrote to memory of 2788 2792 Solar Tweaks.exe Solar Tweaks.exe PID 2792 wrote to memory of 2788 2792 Solar Tweaks.exe Solar Tweaks.exe PID 2792 wrote to memory of 2788 2792 Solar Tweaks.exe Solar Tweaks.exe PID 2792 wrote to memory of 2788 2792 Solar Tweaks.exe Solar Tweaks.exe PID 2792 wrote to memory of 2788 2792 Solar Tweaks.exe Solar Tweaks.exe PID 2792 wrote to memory of 2788 2792 Solar Tweaks.exe Solar Tweaks.exe PID 2792 wrote to memory of 2788 2792 Solar Tweaks.exe Solar Tweaks.exe PID 2792 wrote to memory of 2788 2792 Solar Tweaks.exe Solar Tweaks.exe PID 2792 wrote to memory of 2788 2792 Solar Tweaks.exe Solar Tweaks.exe PID 2792 wrote to memory of 2788 2792 Solar Tweaks.exe Solar Tweaks.exe PID 2792 wrote to memory of 2788 2792 Solar Tweaks.exe Solar Tweaks.exe PID 2792 wrote to memory of 2788 2792 Solar Tweaks.exe Solar Tweaks.exe PID 2792 wrote to memory of 2788 2792 Solar Tweaks.exe Solar Tweaks.exe PID 2792 wrote to memory of 2788 2792 Solar Tweaks.exe Solar Tweaks.exe PID 2792 wrote to memory of 1884 2792 Solar Tweaks.exe Solar Tweaks.exe PID 2792 wrote to memory of 1884 2792 Solar Tweaks.exe Solar Tweaks.exe PID 2792 wrote to memory of 2096 2792 Solar Tweaks.exe Solar Tweaks.exe PID 2792 wrote to memory of 2096 2792 Solar Tweaks.exe Solar Tweaks.exe PID 2792 wrote to memory of 1468 2792 Solar Tweaks.exe Solar Tweaks.exe PID 2792 wrote to memory of 1468 2792 Solar Tweaks.exe Solar Tweaks.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\Solar-Tweaks-Client-Launcher-All-Versions.exe"C:\Users\Admin\AppData\Local\Temp\Solar-Tweaks-Client-Launcher-All-Versions.exe"1⤵
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:752 -
C:\Windows\SysWOW64\cmd.execmd /c tasklist /FI "USERNAME eq %USERNAME%" /FI "IMAGENAME eq Solar Tweaks.exe" | find "Solar Tweaks.exe"2⤵
- Suspicious use of WriteProcessMemory
PID:1212 -
C:\Windows\SysWOW64\tasklist.exetasklist /FI "USERNAME eq Admin" /FI "IMAGENAME eq Solar Tweaks.exe"3⤵
- Enumerates processes with tasklist
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:2432 -
C:\Windows\SysWOW64\find.exefind "Solar Tweaks.exe"3⤵PID:432
-
C:\Users\Admin\AppData\Local\Programs\solartweaks\Solar Tweaks.exe"C:\Users\Admin\AppData\Local\Programs\solartweaks\Solar Tweaks.exe"1⤵
- Executes dropped EXE
- Loads dropped DLL
- Modifies system certificate store
- Suspicious use of WriteProcessMemory
PID:2792 -
C:\Users\Admin\AppData\Local\Programs\solartweaks\Solar Tweaks.exe"C:\Users\Admin\AppData\Local\Programs\solartweaks\Solar Tweaks.exe" --type=gpu-process --field-trial-handle=1948,8149837960789692154,4542092393574279622,131072 --disable-features=CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1956 /prefetch:22⤵
- Executes dropped EXE
- Loads dropped DLL
PID:2788 -
C:\Users\Admin\AppData\Local\Programs\solartweaks\Solar Tweaks.exe"C:\Users\Admin\AppData\Local\Programs\solartweaks\Solar Tweaks.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1948,8149837960789692154,4542092393574279622,131072 --disable-features=CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --lang=en-US --service-sandbox-type=none --standard-schemes=app --secure-schemes=app --bypasscsp-schemes --cors-schemes --fetch-schemes --service-worker-schemes --streaming-schemes --mojo-platform-channel-handle=2380 /prefetch:82⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
PID:1884 -
C:\Users\Admin\AppData\Local\Programs\solartweaks\Solar Tweaks.exe"C:\Users\Admin\AppData\Local\Programs\solartweaks\Solar Tweaks.exe" --type=renderer --field-trial-handle=1948,8149837960789692154,4542092393574279622,131072 --disable-features=CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --lang=en-US --standard-schemes=app --secure-schemes=app --bypasscsp-schemes --cors-schemes --fetch-schemes --service-worker-schemes --streaming-schemes --app-path="C:\Users\Admin\AppData\Local\Programs\solartweaks\resources\app.asar" --no-sandbox --no-zygote --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=3 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2484 /prefetch:12⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
PID:2096 -
C:\Users\Admin\AppData\Local\Programs\solartweaks\Solar Tweaks.exe"C:\Users\Admin\AppData\Local\Programs\solartweaks\Solar Tweaks.exe" --type=gpu-process --field-trial-handle=1948,8149837960789692154,4542092393574279622,131072 --disable-features=CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2276 /prefetch:22⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
PID:1468
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4244
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
4.3MB
MD57641e39b7da4077084d2afe7c31032e0
SHA12256644f69435ff2fee76deb04d918083960d1eb
SHA25644422e6936dc72b7ac5ed16bb8bcae164b7554513e52efb66a3e942cec328a47
SHA5128010e1cb17fa18bbf72d8344e1d63ded7cef7be6e7c13434fa6d8e22ce1d58a4d426959bdcb031502d4b145e29cb111af929fcbc66001111fbc6d7a19e8800a5
-
Filesize
138KB
MD503aaa4f8525ba4b3e30d2a02cb40ab7a
SHA1dd9ae5f8b56d317c71d0a0a738f5d4a320a02085
SHA256c3f131faeefab4f506bf61c4b7752a6481f320429731d758ef5413a2f71441f7
SHA512c89a1b89b669602ba7c8bf2c004755cac7320189603fecb4f4c5cf7a36db72da651c7b613607146f0c6da9eec5df412c7fba75475352192351c02aebdaa7d9a9
-
Filesize
202KB
MD57d4f330a5443eadf32e041c63e7e70ad
SHA126ce6fb98c0f28f508d7b88cf94a442b81e80c88
SHA256b8704be578e7396ee3f2188d0c87d0ede5c5702e9bb8c841b5f8d458abf1356d
SHA512f1b9b0dd7396863aa0feca06175b7f9ea0be4122351ecf0a0549ee4c34f85ac8c63cc927d7409a40b6e19fa91d2cb00a145616ba19f47045b2345bfbc2d4802d
-
Filesize
2.6MB
MD57c3c780de9ae5cc4abeccbd7cb6b367b
SHA1bda27b3c0b1ec023e2a0a97099a84b10e04cb135
SHA25639293258d5a2418841edb5ccf9ab3ad23064fb95e1ddfa7a3c6295a24c272a08
SHA51280a79f827c3154461158ec6f466db0c2ecd9ce9ffd7728001644d4cf382721d09c0758f98f73d7fa548e4e220ffd2b8842303d67a43e79b9146e8b882853658c
-
Filesize
9.9MB
MD580a7528515595d8b0bf99a477a7eff0d
SHA1fde9a195fc5a6a23ec82b8594f958cfcf3159437
SHA2566e0b6b0d9e14c905f2278dbf25b7bb58cc0622b7680e3b6ff617a1d42348736b
SHA512c8df47a00f7b2472d272a26b3600b7e82be7ca22526d6453901ff06370b3abb66328655868db9d4e0a11dcba02e3788cc4883261fd9a7d3e521577dde1b88459
-
Filesize
429KB
MD5b3017453d487a7d33445c1d2d9b9bc13
SHA17e643ccb8984a4a92dd439eeb4bdaaeb62bd8862
SHA25623046e7fe2bbf76ee2c5596b6beac723ad465fdbaa44266486102cdb292148a1
SHA512fd583f4b95aa974d72628bcc548feb22bc86c5ab0fd1536995bd796e28422f56e6799d60e2c3bef9aed9a1080eaf12338a3b29b8c3d40ba5166030a219572baf
-
Filesize
7.6MB
MD5dd8d815769cbf46af41a41931e9b4572
SHA1f242fcc4cfd5030f3f543c22f141185cd86e7142
SHA256dd74029716da56a0e4b64bc5cea0c169e1c4b31143ff39213d3c544792e8f2b9
SHA51269a12f862157746ffc27b637941261a0c5c494175c3e674c7de4d0c4452a5b9358735944e8e0568b7279a7791cf178c9b1afd5ea4a781e93f28cd775a0a6096f
-
Filesize
88KB
MD5af5c77e1d94dc4f772cb641bd310bc87
SHA10ceeb456e2601e22d873250bcc713bab573f2247
SHA256781ef5aa8dce072a3e7732f39a7e991c497c70bfaec2264369d0d790ab7660a4
SHA5128c3217b7d9b529d00785c7a1b2417a3297c234dec8383709c89c7ff9296f8ed4e9e6184e4304838edc5b4da9c9c3fe329b792c462e48b7175250ea3ea3acc70c
-
Filesize
4.9MB
MD591f8a4b158df6967163ccbbe765e095a
SHA195db67f0a2352fd898f4a4cfdfc860f6a9c58c87
SHA256a30b8269e588c6cc2cea5fd4685da3012fd10451edb59a283005116f8e033182
SHA5126450d75d53f24d11e1c1e7e3cacfc57ee9dd09c00ca0dc2ff30f580b59a6b17e7ad7d96682195bd7d806b49068653538c77ca4200491560cecff128a0b012d92
-
Filesize
7.1MB
MD5ffbcaf8661b84341601d8a0c75fb27c2
SHA147f107ace93bfa6f83929a8b23fede95973fd86e
SHA256af87efd6abb9aa6868eb7a4eba16eaeef572911aedd872be452d1ee42f55ed67
SHA512f9d691a823f344049d8858d509bf421b7743223fd3bef324aac94e3110e2f4aac8a2b80ababc7bb35c5e34948e1b5680678ad8513b5f4d19ed13d109c49e7129
-
Filesize
161KB
MD5e47426f88649c7f8e27b8a1516cc0137
SHA15452aadfddbc55d6c5c18b801087e39529859b12
SHA25609686ad5bf03d95de7c251d204e60a8e3824bd6420bedddee80b2c6e5609fb26
SHA512f9647a35ff273ca622b3db4aefb9aaf75075386c42a31e085f916fc82f3a18fed25b0e05dcc09e678ca419408f59f0c34fa5762e5f945db35f9c6f67b7b94bc0
-
Filesize
9KB
MD517309e33b596ba3a5693b4d3e85cf8d7
SHA17d361836cf53df42021c7f2b148aec9458818c01
SHA256996a259e53ca18b89ec36d038c40148957c978c0fd600a268497d4c92f882a93
SHA5121abac3ce4f2d5e4a635162e16cf9125e059ba1539f70086c2d71cd00d41a6e2a54d468e6f37792e55a822d7082fb388b8dfecc79b59226bbb047b7d28d44d298
-
Filesize
100KB
MD5c6a6e03f77c313b267498515488c5740
SHA13d49fc2784b9450962ed6b82b46e9c3c957d7c15
SHA256b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e
SHA5129870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803
-
Filesize
12KB
MD50d7ad4f45dc6f5aa87f606d0331c6901
SHA148df0911f0484cbe2a8cdd5362140b63c41ee457
SHA2563eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca
SHA512c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9
-
Filesize
3KB
MD51cc7c37b7e0c8cd8bf04b6cc283e1e56
SHA10b9519763be6625bd5abce175dcc59c96d100d4c
SHA2569be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6
SHA5127acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f
-
Filesize
6KB
MD5ec0504e6b8a11d5aad43b296beeb84b2
SHA191b5ce085130c8c7194d66b2439ec9e1c206497c
SHA2565d9ceb1ce5f35aea5f9e5a0c0edeeec04dfefe0c77890c80c70e98209b58b962
SHA5123f918f1b47e8a919cbe51eb17dc30acc8cfc18e743a1bae5b787d0db7d26038dc1210be98bf5ba3be8d6ed896dbbd7ac3d13e66454a98b2a38c7e69dad30bb57
-
Filesize
424KB
MD580e44ce4895304c6a3a831310fbf8cd0
SHA136bd49ae21c460be5753a904b4501f1abca53508
SHA256b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592
SHA512c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df
-
Filesize
2B
MD5f3b25701fe362ec84616a93a45ce9998
SHA1d62636d8caec13f04e28442a0a6fa1afeb024bbb
SHA256b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209
SHA51298c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84
-
Filesize
946B
MD58a616767dfefa22097aede36e082b2b4
SHA1040be9dc9a748b8aa8fe6158cb4c51363a3de832
SHA2563e81be24945a75d0379be23cea3ced4f25fa2cb68b022f06c2374fb483980480
SHA512e7fa270faadf85dcc544cf94f7f7259fdcf607626748024ffe571fbc8ea3bc2eb249b2aa6c3bc33a6aeb8c0fc426cffb9285a1642da821b66aa9942882d5ed59
-
Filesize
59B
MD52800881c775077e1c4b6e06bf4676de4
SHA12873631068c8b3b9495638c865915be822442c8b
SHA256226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974
SHA512e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd
-
Filesize
627B
MD55f38f6e9bbecf62b4cec8ea6de1854e3
SHA16172b41aeb0dcc76813d4c0c99acec126eba444c
SHA256b8a60373c0b7d29690b93b4aeda3bee0b30a3ace880ef6bd7524eb88f1571239
SHA512474d5b3d703a5a45f7bd5f4cbb8e954b465a498afe8b38249e78104624ef1e3289da521af3426678d3091632ae1746d14484bf6abcd3cbbb36c35818af73b09d
-
Filesize
650B
MD5f3f0eb11f3cf9eb98e7d5f8770cbcef3
SHA1bad9cc272835b95937aca0abdf89a6e5a9a5bd4f
SHA25629c3c242170b82bf90f2645687325eff22889dc24fe16252a403f38200f03f56
SHA512097b1fa91274fe8d901add35cfc3138d8ff1aba54562caf5a8e7c1ad4b50012eca6bb54909c84c607a4dcb74d98d2f438721f2c003d77abccfefaefa1dd0ea12
-
Filesize
603B
MD5c23db53da00a63a64438189f22203868
SHA1a5a3264744be1173a23dffa32652307152fefc36
SHA256f9aab56e63a5f03207f83c17969585929558c09a2b173766882af8f03feb3920
SHA5125d3d915d51f0792820cc3844654a13f95ba775767bf77a1b44d267819cdd7e5f4ffeb68bdcbda33c73de118f1d0328eb04318b27d646dc3d9cb8d6dbc12cedb0
-
Filesize
1KB
MD5b813b0b930025819e50b24cf58fa8b99
SHA1d174b5846ca35f3abd6b762bbed125bd95718608
SHA25637fda072151c291a9bfac3de2d75678e48f36c692c16e9a4319e47ae893d1948
SHA51261481b5d868f7e2b5960f32b71c95405daa55bbf3bc399bdbb4f850a26d2c465ec0d2463a1c46781d76481feeb3b3ecaf46e37d26a9efe58e3a53aa4b7b21ef9
-
Filesize
1KB
MD5c86cec1b641a1751fc2686bb39906ce9
SHA1616f2425c53de0b5d3c52c35e681f4bffac2c3ea
SHA2567102aadcf6eca0994d83ba8766a7f1d2e73689c16df68aa83f52691e953c0a44
SHA512e1d89a2c5ca16bdd0513ff1ab27d00928ae1b8b3e63a2d6c35b03585ea68ea1ca383170437189e55db7bc4311ed60e81aa7586a766403892a2a10b65c1350bb4
-
Filesize
1KB
MD5d263727e27fcafacea787b3aa49f016e
SHA1454440ca6861ff721a059148814a871c72272304
SHA256f65e71bcdf75ce25a6ab86872d8a5c5b0e7ffadfe7c47ed81a88ac9e70b731cc
SHA5129ad1671669b09d665ddb097360855277215c9c53fc94702f3ec64411f2d65c83ede8b08b86c478fa13612db17275e0bbdeff826ada1e958fa6b23ed5f3f7bd3e
-
Filesize
1KB
MD5c1378dbef0b77775c6aa058ee857422e
SHA1c22712417bd4649ca91d659597dfc49689e437cc
SHA2564cde328f68f1c361f9ea93fa0eec0a6e156181a84d9cb9ebad6fc51e33015c65
SHA5120754b9365a8f0269b5533d515caeffb06e6de9f7ddaa599d4d70ace0a0b10d0bde7ab73b19957f98f63b13c1bbf6a21148b40fb9ba7bfee032f7473a471d65fe
-
Filesize
1KB
MD5189012f749df1fc60df78e4e64a4efd6
SHA1246d365e68b4c7158de5022592a17e116a041d54
SHA256b2618566584cacc2092df78e71b00f4a0a80edd9d8fa028d9237d5210e13e1ba
SHA51213de5d5abf662906aa3acba1a6886d00307bed6be5b70e2877444c58b202d4d1d58dfce017e9281a5847aa928b8b6dc476d3575625463fd6b1a50aa64452c7e4
-
Filesize
1KB
MD53099465b5a574902216b1113a3ae3327
SHA194053d0ca6f8d6a691ce19cdbac17f802df993a3
SHA25653d2ec34e73ffa9242c7c4ba7dbe8bb67cd3343f3b5bb50dbcb5d84bea9be5dd
SHA5128a3dccafc247f641161960415fcaee5da51a2aea460844cf22c6ba39e1cc59f762567560ada67b22372e71aff2c880b397402f8177f16ee5c9bfaac6070a6cc8
-
Filesize
1KB
MD5fb537a3bcba9bf04d039449b89a12db5
SHA11ede91b1c3414d380285e9963b4c458811044839
SHA256d8a960e270f3721135a691d431f1fb6b2397fac692f9fdfc03db9f387c4cc5fb
SHA512ebd429aa6d38a9f8d4c375d8af762b7a2bc21bb812884e5406bcc5bcbf9930f22c2ab64c38b68864fd048bb0633afab6bdd9bd109275cb2edca55c2295fffedb
-
Filesize
1KB
MD59243f568007dfd925fccb5de036e5766
SHA1e59729a1a3fa1f789ef4168e8949b2f0ecb39604
SHA2561bacae91e8f7e2fcbe8a585189277214f670eed72f2e1b2e70185177e6f1f1a0
SHA512d2e8ae299d0ac6510a0a360f5fb33cb5e3d007ac89a22a10f3fa6bd4da3d58b592f44ff7259b6e77dd08409f1c941dc0655a1f55f1ca4e1c1327348e200a14b3
-
Filesize
1KB
MD5fa51d7c772529b3519f84ca05e53b600
SHA11687eae7142c1e60c032fadc5a3514861ef38962
SHA256b66a7f732fae853a22bbe89d8282ba7101efedd31d87502cd58bcd3f7545a74a
SHA5128f085ebe805fdacaeffa1ff35d7edfcd7719608e9e8200edfce094a4c4e55ad8fa1574b99038a037887c872a07673e849986c4095a0b210c65a16c37da80ac62
-
Filesize
1KB
MD5f8299c51e843cdbb58b4ace2d1d3f810
SHA1131b606af410e9a52227fb87adad50f7ff25f846
SHA2566219801a186baf73cbe50a7eaa3ba6e5d88e31bcf050dbbb1315e20f3938d3cd
SHA512ecb56494936ef71902ddcf691f3a3a2d785cf59b55ca771b77dab0c25c88b81a44871047b9d3795c77165be50e6ffeb909d859197d310331afd3fb363fdaa330
-
Filesize
1KB
MD5563f879b7780f54b0929a3ec10d9d5e9
SHA1a71c15b35bce17475aa9c9ef813ae0691def883b
SHA2562f1860ceea9f65e304e78cd94bf8b6806bdc7792692f1aaa4617604419114982
SHA512fa89f4a5e4082f16d1c0924e05fad44bfb62e4ba0f8421139fa9d6fa15f05cdfe9e75c5c75a1891c3f28764c5a1c739d48ba6140022166a2b7f1a62ae94d1faf
-
Filesize
1KB
MD5657db792175114f2c52e6d4d0f101a2c
SHA180aa3dd11d5c3d1d65c8970f8888ad961437822e
SHA256f9f61a76197fbb55a70533140b5e921271fd30b47ed0c82fc68a86ba805f9e7b
SHA512535591d87fcb0d9773fe6468e706d6a7017cbf786dff0fa60ddd25a6a7e24991d6d8f1c3010fb454c0ae4b855b3b7887a3bea1ba6317a6b5a40cbb5839332aec