53154c1318430656cd3cea95e48ef7bf62f196a871ab6e137f5893bafbcf018d

Analysis

max time kernel
296s
max time network
299s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
30/06/2024, 14:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Solar Client/Solar-Tweaks-Setup-4.2.0.exe
Size

59.3MB
MD5

dfdea5f4a771556305d2faef94c8cf18
SHA1

f0cbbd1a88c7ebbc84a8b68cbf695eead7273328
SHA256

16a152d46f5bccb505d769cc3863277c7ef2e15f7f9d3fee570f98377d69c91b
SHA512

08ac72e28a3e621c05929bd8e0421975ca65749f0321d2eee163a16be7072ea0e81ad3d65bba7e455cedca33289f2aa6f6c5dfb42b45a627b95b3960db3b8642
SSDEEP

1572864:qy1s9ggeDH7QDv2zFZJTCT6MR9L0T+wKseEc:qy1sHYcL2zfNwbnLbdEc

Score

7^/10

discovery

Malware Config

Signatures

Checks computer location settings 2 TTPs 10 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Control Panel\International\Geo\Nation	Solar Tweaks.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Control Panel\International\Geo\Nation	Solar Tweaks.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Control Panel\International\Geo\Nation	Solar Tweaks.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Control Panel\International\Geo\Nation	Solar Tweaks.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Control Panel\International\Geo\Nation	Solar Tweaks.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Control Panel\International\Geo\Nation	Solar Tweaks.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Control Panel\International\Geo\Nation	Solar Tweaks.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Control Panel\International\Geo\Nation	Solar Tweaks.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Control Panel\International\Geo\Nation	Solar Tweaks.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Control Panel\International\Geo\Nation	Solar Tweaks.exe

Executes dropped EXE 25 IoCs

pid	Process
1924	Solar Tweaks.exe
2232	Solar Tweaks.exe
2072	Solar Tweaks.exe
608	Solar Tweaks.exe
2804	Solar Tweaks.exe
2416	Solar Tweaks.exe
1004	Solar Tweaks.exe
2740	Solar Tweaks.exe
2876	Solar Tweaks.exe
1932	Solar Tweaks.exe
1448	Solar Tweaks.exe
2484	Solar Tweaks.exe
1512	Solar Tweaks.exe
572	Solar Tweaks.exe
1780	Solar Tweaks.exe
612	Solar Tweaks.exe
2476	Solar Tweaks.exe
2488	Solar Tweaks.exe
2744	Solar Tweaks.exe
696	Solar Tweaks.exe
2616	Solar Tweaks.exe
2664	Solar Tweaks.exe
1416	Solar Tweaks.exe
2728	Solar Tweaks.exe
1388	Solar Tweaks.exe

Loads dropped DLL 64 IoCs

pid	Process
2872	Solar-Tweaks-Setup-4.2.0.exe
2872	Solar-Tweaks-Setup-4.2.0.exe
2872	Solar-Tweaks-Setup-4.2.0.exe
2872	Solar-Tweaks-Setup-4.2.0.exe
2872	Solar-Tweaks-Setup-4.2.0.exe
2872	Solar-Tweaks-Setup-4.2.0.exe
2872	Solar-Tweaks-Setup-4.2.0.exe
2872	Solar-Tweaks-Setup-4.2.0.exe
2872	Solar-Tweaks-Setup-4.2.0.exe
2872	Solar-Tweaks-Setup-4.2.0.exe
2872	Solar-Tweaks-Setup-4.2.0.exe
1084	Process not Found
1924	Solar Tweaks.exe
1084	Process not Found
1084	Process not Found
1084	Process not Found
1084	Process not Found
2232	Solar Tweaks.exe
2232	Solar Tweaks.exe
2072	Solar Tweaks.exe
1084	Process not Found
608	Solar Tweaks.exe
2232	Solar Tweaks.exe
2232	Solar Tweaks.exe
2804	Solar Tweaks.exe
2804	Solar Tweaks.exe
2804	Solar Tweaks.exe
2804	Solar Tweaks.exe
2416	Solar Tweaks.exe
1004	Solar Tweaks.exe
2740	Solar Tweaks.exe
2876	Solar Tweaks.exe
2740	Solar Tweaks.exe
2740	Solar Tweaks.exe
2740	Solar Tweaks.exe
1932	Solar Tweaks.exe
1932	Solar Tweaks.exe
1932	Solar Tweaks.exe
1932	Solar Tweaks.exe
1084	Process not Found
1448	Solar Tweaks.exe
2484	Solar Tweaks.exe
1512	Solar Tweaks.exe
1084	Process not Found
572	Solar Tweaks.exe
2484	Solar Tweaks.exe
2484	Solar Tweaks.exe
2484	Solar Tweaks.exe
1780	Solar Tweaks.exe
1780	Solar Tweaks.exe
1780	Solar Tweaks.exe
1780	Solar Tweaks.exe
612	Solar Tweaks.exe
2476	Solar Tweaks.exe
2488	Solar Tweaks.exe
2744	Solar Tweaks.exe
2476	Solar Tweaks.exe
2476	Solar Tweaks.exe
2476	Solar Tweaks.exe
696	Solar Tweaks.exe
696	Solar Tweaks.exe
696	Solar Tweaks.exe
696	Solar Tweaks.exe
2616	Solar Tweaks.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Legitimate hosting services abused for malware hosting/C2 1 TTPs 9 IoCs

Web Service

T1102

flow	ioc
167	raw.githubusercontent.com
54	raw.githubusercontent.com
93	raw.githubusercontent.com
94	raw.githubusercontent.com
130	raw.githubusercontent.com
59	raw.githubusercontent.com
60	raw.githubusercontent.com
129	raw.githubusercontent.com
168	raw.githubusercontent.com

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Solar Tweaks\resources\app-update.yml	Solar-Tweaks-Setup-4.2.0.exe
File opened for modification	C:\Program Files\Solar Tweaks\Solar Tweaks.exe	Solar-Tweaks-Setup-4.2.0.exe
File opened for modification	C:\Program Files\Solar Tweaks\swiftshader\libEGL.dll	Solar-Tweaks-Setup-4.2.0.exe
File created	C:\Program Files\Solar Tweaks\uninstallerIcon.ico	Solar-Tweaks-Setup-4.2.0.exe
File created	C:\Program Files\Solar Tweaks\locales\am.pak	Solar-Tweaks-Setup-4.2.0.exe
File created	C:\Program Files\Solar Tweaks\locales\tr.pak	Solar-Tweaks-Setup-4.2.0.exe
File opened for modification	C:\Program Files\Solar Tweaks\locales\uk.pak	Solar-Tweaks-Setup-4.2.0.exe
File opened for modification	C:\Program Files\Solar Tweaks\locales\tr.pak	Solar-Tweaks-Setup-4.2.0.exe
File created	C:\Program Files\Solar Tweaks\swiftshader\libEGL.dll	Solar-Tweaks-Setup-4.2.0.exe
File opened for modification	C:\Program Files\Solar Tweaks\locales\es-419.pak	Solar-Tweaks-Setup-4.2.0.exe
File created	C:\Program Files\Solar Tweaks\locales\id.pak	Solar-Tweaks-Setup-4.2.0.exe
File created	C:\Program Files\Solar Tweaks\locales\sr.pak	Solar-Tweaks-Setup-4.2.0.exe
File opened for modification	C:\Program Files\Solar Tweaks\locales\te.pak	Solar-Tweaks-Setup-4.2.0.exe
File opened for modification	C:\Program Files\Solar Tweaks\v8_context_snapshot.bin	Solar-Tweaks-Setup-4.2.0.exe
File created	C:\Program Files\Solar Tweaks\locales\bn.pak	Solar-Tweaks-Setup-4.2.0.exe
File created	C:\Program Files\Solar Tweaks\locales\kn.pak	Solar-Tweaks-Setup-4.2.0.exe
File created	C:\Program Files\Solar Tweaks\locales\lv.pak	Solar-Tweaks-Setup-4.2.0.exe
File created	C:\Program Files\Solar Tweaks\locales\sv.pak	Solar-Tweaks-Setup-4.2.0.exe
File opened for modification	C:\Program Files\Solar Tweaks\vk_swiftshader_icd.json	Solar-Tweaks-Setup-4.2.0.exe
File opened for modification	C:\Program Files\Solar Tweaks\swiftshader	Solar-Tweaks-Setup-4.2.0.exe
File opened for modification	C:\Program Files\Solar Tweaks\locales\ar.pak	Solar-Tweaks-Setup-4.2.0.exe
File created	C:\Program Files\Solar Tweaks\locales\he.pak	Solar-Tweaks-Setup-4.2.0.exe
File opened for modification	C:\Program Files\Solar Tweaks\locales\zh-CN.pak	Solar-Tweaks-Setup-4.2.0.exe
File created	C:\Program Files\Solar Tweaks\libEGL.dll	Solar-Tweaks-Setup-4.2.0.exe
File opened for modification	C:\Program Files\Solar Tweaks\chrome_100_percent.pak	Solar-Tweaks-Setup-4.2.0.exe
File opened for modification	C:\Program Files\Solar Tweaks\locales\el.pak	Solar-Tweaks-Setup-4.2.0.exe
File opened for modification	C:\Program Files\Solar Tweaks\locales\ko.pak	Solar-Tweaks-Setup-4.2.0.exe
File created	C:\Program Files\Solar Tweaks\locales\uk.pak	Solar-Tweaks-Setup-4.2.0.exe
File created	C:\Program Files\Solar Tweaks\locales\th.pak	Solar-Tweaks-Setup-4.2.0.exe
File created	C:\Program Files\Solar Tweaks\resources\app-update.yml	Solar-Tweaks-Setup-4.2.0.exe
File opened for modification	C:\Program Files\Solar Tweaks\vulkan-1.dll	Solar-Tweaks-Setup-4.2.0.exe
File created	C:\Program Files\Solar Tweaks\locales\cs.pak	Solar-Tweaks-Setup-4.2.0.exe
File created	C:\Program Files\Solar Tweaks\locales\de.pak	Solar-Tweaks-Setup-4.2.0.exe
File created	C:\Program Files\Solar Tweaks\locales\mr.pak	Solar-Tweaks-Setup-4.2.0.exe
File opened for modification	C:\Program Files\Solar Tweaks\locales\pt-BR.pak	Solar-Tweaks-Setup-4.2.0.exe
File created	C:\Program Files\Solar Tweaks\vulkan-1.dll	Solar-Tweaks-Setup-4.2.0.exe
File created	C:\Program Files\Solar Tweaks\chrome_200_percent.pak	Solar-Tweaks-Setup-4.2.0.exe
File opened for modification	C:\Program Files\Solar Tweaks\icudtl.dat	Solar-Tweaks-Setup-4.2.0.exe
File opened for modification	C:\Program Files\Solar Tweaks\locales\bn.pak	Solar-Tweaks-Setup-4.2.0.exe
File created	C:\Program Files\Solar Tweaks\swiftshader\libGLESv2.dll	Solar-Tweaks-Setup-4.2.0.exe
File created	C:\Program Files\Solar Tweaks\locales\ml.pak	Solar-Tweaks-Setup-4.2.0.exe
File opened for modification	C:\Program Files\Solar Tweaks\locales\nb.pak	Solar-Tweaks-Setup-4.2.0.exe
File created	C:\Program Files\Solar Tweaks\locales\sl.pak	Solar-Tweaks-Setup-4.2.0.exe
File created	C:\Program Files\Solar Tweaks\locales\bg.pak	Solar-Tweaks-Setup-4.2.0.exe
File opened for modification	C:\Program Files\Solar Tweaks\locales\cs.pak	Solar-Tweaks-Setup-4.2.0.exe
File opened for modification	C:\Program Files\Solar Tweaks\locales\pl.pak	Solar-Tweaks-Setup-4.2.0.exe
File created	C:\Program Files\Solar Tweaks\Uninstall Solar Tweaks.exe	Solar-Tweaks-Setup-4.2.0.exe
File opened for modification	C:\Program Files\Solar Tweaks\locales\hu.pak	Solar-Tweaks-Setup-4.2.0.exe
File opened for modification	C:\Program Files\Solar Tweaks\locales\it.pak	Solar-Tweaks-Setup-4.2.0.exe
File created	C:\Program Files\Solar Tweaks\locales\ko.pak	Solar-Tweaks-Setup-4.2.0.exe
File opened for modification	C:\Program Files\Solar Tweaks\locales\nl.pak	Solar-Tweaks-Setup-4.2.0.exe
File created	C:\Program Files\Solar Tweaks\LICENSE.electron.txt	Solar-Tweaks-Setup-4.2.0.exe
File opened for modification	C:\Program Files\Solar Tweaks\locales\en-GB.pak	Solar-Tweaks-Setup-4.2.0.exe
File opened for modification	C:\Program Files\Solar Tweaks\resources.pak	Solar-Tweaks-Setup-4.2.0.exe
File opened for modification	C:\Program Files\Solar Tweaks\d3dcompiler_47.dll	Solar-Tweaks-Setup-4.2.0.exe
File opened for modification	C:\Program Files\Solar Tweaks\locales\sv.pak	Solar-Tweaks-Setup-4.2.0.exe
File opened for modification	C:\Program Files\Solar Tweaks\locales\sw.pak	Solar-Tweaks-Setup-4.2.0.exe
File created	C:\Program Files\Solar Tweaks\vk_swiftshader_icd.json	Solar-Tweaks-Setup-4.2.0.exe
File opened for modification	C:\Program Files\Solar Tweaks\ffmpeg.dll	Solar-Tweaks-Setup-4.2.0.exe
File created	C:\Program Files\Solar Tweaks\locales\en-US.pak	Solar-Tweaks-Setup-4.2.0.exe
File opened for modification	C:\Program Files\Solar Tweaks\locales\gu.pak	Solar-Tweaks-Setup-4.2.0.exe
File opened for modification	C:\Program Files\Solar Tweaks\locales\he.pak	Solar-Tweaks-Setup-4.2.0.exe
File created	C:\Program Files\Solar Tweaks\locales\it.pak	Solar-Tweaks-Setup-4.2.0.exe
File opened for modification	C:\Program Files\Solar Tweaks\locales\fi.pak	Solar-Tweaks-Setup-4.2.0.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies registry class 31 IoCs

description	ioc	Process
Set value (data)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff	Solar Tweaks.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\MRUListEx = ffffffff	Solar Tweaks.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\TV_FolderType = "{FBB3477E-C9E4-4B3B-A2BA-D3F5D3CD46F9}"	Solar Tweaks.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\TV_TopViewID = "{82BA0782-5B7A-4569-B5D7-EC83085F08CC}"	Solar Tweaks.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\TV_TopViewVersion = "0"	Solar Tweaks.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\ComDlg\{FBB3477E-C9E4-4B3B-A2BA-D3F5D3CD46F9}	Solar Tweaks.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\ComDlg\{FBB3477E-C9E4-4B3B-A2BA-D3F5D3CD46F9}\{82BA0782-5B7A-4569-B5D7-EC83085F08CC}\Sort = 000000000000000000000000000000000200000030f125b7ef471a10a5f102608c9eebac0a0000000100000030f125b7ef471a10a5f102608c9eebac0e000000ffffffff	Solar Tweaks.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	Solar Tweaks.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	Solar Tweaks.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0	Solar Tweaks.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\ComDlg\{FBB3477E-C9E4-4B3B-A2BA-D3F5D3CD46F9}\{82BA0782-5B7A-4569-B5D7-EC83085F08CC}	Solar Tweaks.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\ComDlg\{FBB3477E-C9E4-4B3B-A2BA-D3F5D3CD46F9}\{82BA0782-5B7A-4569-B5D7-EC83085F08CC}\IconSize = "16"	Solar Tweaks.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_Classes\Local Settings	Solar Tweaks.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff	Solar Tweaks.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\NodeSlot = "1"	Solar Tweaks.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders	Solar Tweaks.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\ComDlg\{FBB3477E-C9E4-4B3B-A2BA-D3F5D3CD46F9}\{82BA0782-5B7A-4569-B5D7-EC83085F08CC}\LogicalViewMode = "1"	Solar Tweaks.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots	Solar Tweaks.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 = 14001f4225481e03947bc34db131e946b44c8dd50000	Solar Tweaks.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg	Solar Tweaks.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 = 9e0000001a00eebbfe23000010007db10d7bd29c934a973346cc89022e7c00002a0000000000efbe000000200000000000000000000000000000000000000000000000000100000020002a0000000000efbe7e47b3fbe4c93b4ba2bad3f5d3cd46f98207ba827a5b6945b5d7ec83085f08cc20002a0000000000efbe000000200000000000000000000000000000000000000000000000000100000020000000	Solar Tweaks.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell	Solar Tweaks.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\ComDlg\{FBB3477E-C9E4-4B3B-A2BA-D3F5D3CD46F9}\{82BA0782-5B7A-4569-B5D7-EC83085F08CC}\FFlags = "1"	Solar Tweaks.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\ComDlg\{FBB3477E-C9E4-4B3B-A2BA-D3F5D3CD46F9}\{82BA0782-5B7A-4569-B5D7-EC83085F08CC}\FFlags = "1092616257"	Solar Tweaks.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 00000000ffffffff	Solar Tweaks.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02	Solar Tweaks.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\ComDlg	Solar Tweaks.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\ComDlg\{FBB3477E-C9E4-4B3B-A2BA-D3F5D3CD46F9}\{82BA0782-5B7A-4569-B5D7-EC83085F08CC}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000007800000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	Solar Tweaks.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags	Solar Tweaks.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1	Solar Tweaks.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\ComDlg\{FBB3477E-C9E4-4B3B-A2BA-D3F5D3CD46F9}\{82BA0782-5B7A-4569-B5D7-EC83085F08CC}\Mode = "4"	Solar Tweaks.exe

Modifies system certificate store 2 TTPs 16 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8	Solar Tweaks.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 040000000100000010000000410352dc0ff7501b16f0028eba6f45c50f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d0b000000010000001e000000440053005400200052006f006f0074002000430041002000580033000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589101d00000001000000100000004558d512eecb27464920897de7b66053030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c131900000001000000100000006cf252fec3e8f20996de5d4dd9aef42420000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510	Solar Tweaks.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 040000000100000010000000497904b0eb8719ac47b0bc11519b74d00f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030853000000010000002600000030243022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c00b00000001000000180000004300b7004f00b7004d00b7004f00b7004400b7004f000000140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b41d00000001000000100000002e0d6875874a44c820912e85e964cfdb030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e3491900000001000000100000002aa1c05e2ae606f198c2c5e937c97aa2200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e	Solar Tweaks.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474	Solar Tweaks.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474\Blob = 0f0000000100000014000000ce0e658aa3e847e467a147b3049191093d055e6f0b0000000100000034000000420061006c00740069006d006f007200650020004300790062006500720054007200750073007400200052006f006f007400000053000000010000002400000030223020060a2b06010401b13e01640130123010060a2b0601040182373c0101030200c0140000000100000014000000e59d5930824758ccacfa085436867b3ab5044df01d0000000100000010000000918ad43a9475f78bb5243de886d8103c09000000010000000c000000300a06082b06010505070301030000000100000014000000d4de20d05e66fc53fe1a50882c78db2852cae47420000000010000007b030000308203773082025fa0030201020204020000b9300d06092a864886f70d0101050500305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f74301e170d3030303531323138343630305a170d3235303531323233353930305a305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100a304bb22ab983d57e826729ab579d429e2e1e89580b1b0e35b8e2b299a64dfa15dedb009056ddb282ece62a262feb488da12eb38eb219dc0412b01527b8877d31c8fc7bab988b56a09e773e81140a7d1ccca628d2de58f0ba650d2a850c328eaf5ab25878a9a961ca967b83f0cd5f7f952132fc21bd57070f08fc012ca06cb9ae1d9ca337a77d6f8ecb9f16844424813d2c0c2a4ae5e60feb6a605fcb4dd075902d459189863f5a563e0900c7d5db2067af385eaebd403ae5e843e5fff15ed69bcf939367275cf77524df3c9902cb93de5c923533f1f2498215c079929bdc63aece76e863a6b97746333bd681831f0788d76bffc9e8e5d2a86a74d90dc271a390203010001a3453043301d0603551d0e04160414e59d5930824758ccacfa085436867b3ab5044df030120603551d130101ff040830060101ff020103300e0603551d0f0101ff040403020106300d06092a864886f70d01010505000382010100850c5d8ee46f51684205a0ddbb4f27258403bdf764fd2dd730e3a41017ebda2929b6793f76f6191323b8100af958a4d46170bd04616a128a17d50abdc5bc307cd6e90c258d86404feccca37e38c637114feddd68318e4cd2b30174eebe755e07481a7f70ff165c84c07985b805fd7fbe6511a30fc002b4f852373904d5a9317a18bfa02af41299f7a34582e33c5ef59d9eb5c89e7c2ec8a49e4e08144b6dfd706d6b1a63bd64e61fb7cef0f29f2ebb1bb7f250887392c2e2e3168d9a3202ab8e18dde91011ee7e35ab90af3e30947ad0333da7650ff5fc8e9e62cf47442c015dbb1db532d247d2382ed0fe81dc326a1eb5ee3cd5fce7811d19c32442ea6339a9	Solar Tweaks.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 1900000001000000100000006cf252fec3e8f20996de5d4dd9aef424030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c131d00000001000000100000004558d512eecb27464920897de7b66053140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc41560858910090000000100000016000000301406082b0601050507030406082b060105050703010b000000010000001e000000440053005400200052006f006f00740020004300410020005800330000000f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d20000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510	Solar Tweaks.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349	Solar Tweaks.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474	Solar Tweaks.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474\Blob = 040000000100000010000000acb694a59c17e0d791529bb19706a6e40f0000000100000014000000ce0e658aa3e847e467a147b3049191093d055e6f030000000100000014000000d4de20d05e66fc53fe1a50882c78db2852cae47409000000010000000c000000300a06082b060105050703011d0000000100000010000000918ad43a9475f78bb5243de886d8103c140000000100000014000000e59d5930824758ccacfa085436867b3ab5044df053000000010000002400000030223020060a2b06010401b13e01640130123010060a2b0601040182373c0101030200c00b0000000100000034000000420061006c00740069006d006f007200650020004300790062006500720054007200750073007400200052006f006f007400000019000000010000001000000068cb42b035ea773e52ef50ecf50ec52920000000010000007b030000308203773082025fa0030201020204020000b9300d06092a864886f70d0101050500305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f74301e170d3030303531323138343630305a170d3235303531323233353930305a305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100a304bb22ab983d57e826729ab579d429e2e1e89580b1b0e35b8e2b299a64dfa15dedb009056ddb282ece62a262feb488da12eb38eb219dc0412b01527b8877d31c8fc7bab988b56a09e773e81140a7d1ccca628d2de58f0ba650d2a850c328eaf5ab25878a9a961ca967b83f0cd5f7f952132fc21bd57070f08fc012ca06cb9ae1d9ca337a77d6f8ecb9f16844424813d2c0c2a4ae5e60feb6a605fcb4dd075902d459189863f5a563e0900c7d5db2067af385eaebd403ae5e843e5fff15ed69bcf939367275cf77524df3c9902cb93de5c923533f1f2498215c079929bdc63aece76e863a6b97746333bd681831f0788d76bffc9e8e5d2a86a74d90dc271a390203010001a3453043301d0603551d0e04160414e59d5930824758ccacfa085436867b3ab5044df030120603551d130101ff040830060101ff020103300e0603551d0f0101ff040403020106300d06092a864886f70d01010505000382010100850c5d8ee46f51684205a0ddbb4f27258403bdf764fd2dd730e3a41017ebda2929b6793f76f6191323b8100af958a4d46170bd04616a128a17d50abdc5bc307cd6e90c258d86404feccca37e38c637114feddd68318e4cd2b30174eebe755e07481a7f70ff165c84c07985b805fd7fbe6511a30fc002b4f852373904d5a9317a18bfa02af41299f7a34582e33c5ef59d9eb5c89e7c2ec8a49e4e08144b6dfd706d6b1a63bd64e61fb7cef0f29f2ebb1bb7f250887392c2e2e3168d9a3202ab8e18dde91011ee7e35ab90af3e30947ad0333da7650ff5fc8e9e62cf47442c015dbb1db532d247d2382ed0fe81dc326a1eb5ee3cd5fce7811d19c32442ea6339a9	Solar Tweaks.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13	Solar Tweaks.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 0f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030853000000010000002600000030243022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c00b00000001000000180000004300b7004f00b7004d00b7004f00b7004400b7004f000000140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b41d00000001000000100000002e0d6875874a44c820912e85e964cfdb030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e349200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e	Solar Tweaks.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 1900000001000000100000002aa1c05e2ae606f198c2c5e937c97aa2030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e3491d00000001000000100000002e0d6875874a44c820912e85e964cfdb140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b40b00000001000000180000004300b7004f00b7004d00b7004f00b7004400b7004f00000053000000010000002600000030243022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b060105050703080f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e	Solar Tweaks.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474\Blob = 19000000010000001000000068cb42b035ea773e52ef50ecf50ec5290b0000000100000034000000420061006c00740069006d006f007200650020004300790062006500720054007200750073007400200052006f006f007400000053000000010000002400000030223020060a2b06010401b13e01640130123010060a2b0601040182373c0101030200c0140000000100000014000000e59d5930824758ccacfa085436867b3ab5044df01d0000000100000010000000918ad43a9475f78bb5243de886d8103c09000000010000000c000000300a06082b06010505070301030000000100000014000000d4de20d05e66fc53fe1a50882c78db2852cae4740f0000000100000014000000ce0e658aa3e847e467a147b3049191093d055e6f20000000010000007b030000308203773082025fa0030201020204020000b9300d06092a864886f70d0101050500305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f74301e170d3030303531323138343630305a170d3235303531323233353930305a305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100a304bb22ab983d57e826729ab579d429e2e1e89580b1b0e35b8e2b299a64dfa15dedb009056ddb282ece62a262feb488da12eb38eb219dc0412b01527b8877d31c8fc7bab988b56a09e773e81140a7d1ccca628d2de58f0ba650d2a850c328eaf5ab25878a9a961ca967b83f0cd5f7f952132fc21bd57070f08fc012ca06cb9ae1d9ca337a77d6f8ecb9f16844424813d2c0c2a4ae5e60feb6a605fcb4dd075902d459189863f5a563e0900c7d5db2067af385eaebd403ae5e843e5fff15ed69bcf939367275cf77524df3c9902cb93de5c923533f1f2498215c079929bdc63aece76e863a6b97746333bd681831f0788d76bffc9e8e5d2a86a74d90dc271a390203010001a3453043301d0603551d0e04160414e59d5930824758ccacfa085436867b3ab5044df030120603551d130101ff040830060101ff020103300e0603551d0f0101ff040403020106300d06092a864886f70d01010505000382010100850c5d8ee46f51684205a0ddbb4f27258403bdf764fd2dd730e3a41017ebda2929b6793f76f6191323b8100af958a4d46170bd04616a128a17d50abdc5bc307cd6e90c258d86404feccca37e38c637114feddd68318e4cd2b30174eebe755e07481a7f70ff165c84c07985b805fd7fbe6511a30fc002b4f852373904d5a9317a18bfa02af41299f7a34582e33c5ef59d9eb5c89e7c2ec8a49e4e08144b6dfd706d6b1a63bd64e61fb7cef0f29f2ebb1bb7f250887392c2e2e3168d9a3202ab8e18dde91011ee7e35ab90af3e30947ad0333da7650ff5fc8e9e62cf47442c015dbb1db532d247d2382ed0fe81dc326a1eb5ee3cd5fce7811d19c32442ea6339a9	Solar Tweaks.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e14000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e80f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f631900000001000000100000002fe1f70bb05d7c92335bc5e05b984da620000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827	Solar Tweaks.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 0f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d0b000000010000001e000000440053005400200052006f006f0074002000430041002000580033000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589101d00000001000000100000004558d512eecb27464920897de7b66053030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c1320000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510	Solar Tweaks.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474\Blob = 0f0000000100000014000000ce0e658aa3e847e467a147b3049191093d055e6f030000000100000014000000d4de20d05e66fc53fe1a50882c78db2852cae47409000000010000000c000000300a06082b060105050703011d0000000100000010000000918ad43a9475f78bb5243de886d8103c140000000100000014000000e59d5930824758ccacfa085436867b3ab5044df053000000010000002400000030223020060a2b06010401b13e01640130123010060a2b0601040182373c0101030200c00b0000000100000034000000420061006c00740069006d006f007200650020004300790062006500720054007200750073007400200052006f006f007400000020000000010000007b030000308203773082025fa0030201020204020000b9300d06092a864886f70d0101050500305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f74301e170d3030303531323138343630305a170d3235303531323233353930305a305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100a304bb22ab983d57e826729ab579d429e2e1e89580b1b0e35b8e2b299a64dfa15dedb009056ddb282ece62a262feb488da12eb38eb219dc0412b01527b8877d31c8fc7bab988b56a09e773e81140a7d1ccca628d2de58f0ba650d2a850c328eaf5ab25878a9a961ca967b83f0cd5f7f952132fc21bd57070f08fc012ca06cb9ae1d9ca337a77d6f8ecb9f16844424813d2c0c2a4ae5e60feb6a605fcb4dd075902d459189863f5a563e0900c7d5db2067af385eaebd403ae5e843e5fff15ed69bcf939367275cf77524df3c9902cb93de5c923533f1f2498215c079929bdc63aece76e863a6b97746333bd681831f0788d76bffc9e8e5d2a86a74d90dc271a390203010001a3453043301d0603551d0e04160414e59d5930824758ccacfa085436867b3ab5044df030120603551d130101ff040830060101ff020103300e0603551d0f0101ff040403020106300d06092a864886f70d01010505000382010100850c5d8ee46f51684205a0ddbb4f27258403bdf764fd2dd730e3a41017ebda2929b6793f76f6191323b8100af958a4d46170bd04616a128a17d50abdc5bc307cd6e90c258d86404feccca37e38c637114feddd68318e4cd2b30174eebe755e07481a7f70ff165c84c07985b805fd7fbe6511a30fc002b4f852373904d5a9317a18bfa02af41299f7a34582e33c5ef59d9eb5c89e7c2ec8a49e4e08144b6dfd706d6b1a63bd64e61fb7cef0f29f2ebb1bb7f250887392c2e2e3168d9a3202ab8e18dde91011ee7e35ab90af3e30947ad0333da7650ff5fc8e9e62cf47442c015dbb1db532d247d2382ed0fe81dc326a1eb5ee3cd5fce7811d19c32442ea6339a9	Solar Tweaks.exe

Suspicious behavior: EnumeratesProcesses 25 IoCs

pid	Process
2872	Solar-Tweaks-Setup-4.2.0.exe
2872	Solar-Tweaks-Setup-4.2.0.exe
2872	Solar-Tweaks-Setup-4.2.0.exe
2072	Solar Tweaks.exe
608	Solar Tweaks.exe
2072	Solar Tweaks.exe
2072	Solar Tweaks.exe
1004	Solar Tweaks.exe
2876	Solar Tweaks.exe
2876	Solar Tweaks.exe
2876	Solar Tweaks.exe
1512	Solar Tweaks.exe
572	Solar Tweaks.exe
572	Solar Tweaks.exe
572	Solar Tweaks.exe
2828	chrome.exe
2828	chrome.exe
2488	Solar Tweaks.exe
2744	Solar Tweaks.exe
2744	Solar Tweaks.exe
2744	Solar Tweaks.exe
1416	Solar Tweaks.exe
2728	Solar Tweaks.exe
2728	Solar Tweaks.exe
2728	Solar Tweaks.exe

Suspicious use of AdjustPrivilegeToken 23 IoCs

description	pid	Process
Token: SeSecurityPrivilege	2872	Solar-Tweaks-Setup-4.2.0.exe
Token: SeShutdownPrivilege	2828	chrome.exe
Token: SeShutdownPrivilege	2828	chrome.exe
Token: SeShutdownPrivilege	2828	chrome.exe
Token: SeShutdownPrivilege	2828	chrome.exe
Token: SeShutdownPrivilege	2828	chrome.exe
Token: SeShutdownPrivilege	2828	chrome.exe
Token: SeShutdownPrivilege	2828	chrome.exe
Token: SeShutdownPrivilege	2828	chrome.exe
Token: SeShutdownPrivilege	2828	chrome.exe
Token: SeShutdownPrivilege	2828	chrome.exe
Token: SeShutdownPrivilege	2828	chrome.exe
Token: SeShutdownPrivilege	2828	chrome.exe
Token: SeShutdownPrivilege	2828	chrome.exe
Token: SeShutdownPrivilege	2828	chrome.exe
Token: SeShutdownPrivilege	2828	chrome.exe
Token: SeShutdownPrivilege	2828	chrome.exe
Token: SeShutdownPrivilege	2828	chrome.exe
Token: SeShutdownPrivilege	2828	chrome.exe
Token: 33	2684	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	2684	AUDIODG.EXE
Token: 33	2684	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	2684	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 35 IoCs

pid	Process
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
612	Solar Tweaks.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1924 wrote to memory of 2232	1924	Solar Tweaks.exe	30
PID 1924 wrote to memory of 2232	1924	Solar Tweaks.exe	30
PID 1924 wrote to memory of 2232	1924	Solar Tweaks.exe	30
PID 1924 wrote to memory of 2232	1924	Solar Tweaks.exe	30
PID 1924 wrote to memory of 2232	1924	Solar Tweaks.exe	30
PID 1924 wrote to memory of 2232	1924	Solar Tweaks.exe	30
PID 1924 wrote to memory of 2232	1924	Solar Tweaks.exe	30
PID 1924 wrote to memory of 2232	1924	Solar Tweaks.exe	30
PID 1924 wrote to memory of 2232	1924	Solar Tweaks.exe	30
PID 1924 wrote to memory of 2232	1924	Solar Tweaks.exe	30
PID 1924 wrote to memory of 2232	1924	Solar Tweaks.exe	30
PID 1924 wrote to memory of 2232	1924	Solar Tweaks.exe	30
PID 1924 wrote to memory of 2232	1924	Solar Tweaks.exe	30
PID 1924 wrote to memory of 2232	1924	Solar Tweaks.exe	30
PID 1924 wrote to memory of 2232	1924	Solar Tweaks.exe	30
PID 1924 wrote to memory of 2232	1924	Solar Tweaks.exe	30
PID 1924 wrote to memory of 2232	1924	Solar Tweaks.exe	30
PID 1924 wrote to memory of 2232	1924	Solar Tweaks.exe	30
PID 1924 wrote to memory of 2232	1924	Solar Tweaks.exe	30
PID 1924 wrote to memory of 2232	1924	Solar Tweaks.exe	30
PID 1924 wrote to memory of 2232	1924	Solar Tweaks.exe	30
PID 1924 wrote to memory of 2232	1924	Solar Tweaks.exe	30
PID 1924 wrote to memory of 2232	1924	Solar Tweaks.exe	30
PID 1924 wrote to memory of 2232	1924	Solar Tweaks.exe	30
PID 1924 wrote to memory of 2232	1924	Solar Tweaks.exe	30
PID 1924 wrote to memory of 2232	1924	Solar Tweaks.exe	30
PID 1924 wrote to memory of 2232	1924	Solar Tweaks.exe	30
PID 1924 wrote to memory of 2232	1924	Solar Tweaks.exe	30
PID 1924 wrote to memory of 2232	1924	Solar Tweaks.exe	30
PID 1924 wrote to memory of 2232	1924	Solar Tweaks.exe	30
PID 1924 wrote to memory of 2232	1924	Solar Tweaks.exe	30
PID 1924 wrote to memory of 2232	1924	Solar Tweaks.exe	30
PID 1924 wrote to memory of 2232	1924	Solar Tweaks.exe	30
PID 1924 wrote to memory of 2232	1924	Solar Tweaks.exe	30
PID 1924 wrote to memory of 2232	1924	Solar Tweaks.exe	30
PID 1924 wrote to memory of 2232	1924	Solar Tweaks.exe	30
PID 1924 wrote to memory of 2232	1924	Solar Tweaks.exe	30
PID 1924 wrote to memory of 2232	1924	Solar Tweaks.exe	30
PID 1924 wrote to memory of 2232	1924	Solar Tweaks.exe	30
PID 1924 wrote to memory of 2232	1924	Solar Tweaks.exe	30
PID 1924 wrote to memory of 2232	1924	Solar Tweaks.exe	30
PID 1924 wrote to memory of 608	1924	Solar Tweaks.exe	31
PID 1924 wrote to memory of 608	1924	Solar Tweaks.exe	31
PID 1924 wrote to memory of 608	1924	Solar Tweaks.exe	31
PID 1924 wrote to memory of 2072	1924	Solar Tweaks.exe	32
PID 1924 wrote to memory of 2072	1924	Solar Tweaks.exe	32
PID 1924 wrote to memory of 2072	1924	Solar Tweaks.exe	32
PID 1924 wrote to memory of 2804	1924	Solar Tweaks.exe	33
PID 1924 wrote to memory of 2804	1924	Solar Tweaks.exe	33
PID 1924 wrote to memory of 2804	1924	Solar Tweaks.exe	33
PID 1924 wrote to memory of 2804	1924	Solar Tweaks.exe	33
PID 1924 wrote to memory of 2804	1924	Solar Tweaks.exe	33
PID 1924 wrote to memory of 2804	1924	Solar Tweaks.exe	33
PID 1924 wrote to memory of 2804	1924	Solar Tweaks.exe	33
PID 1924 wrote to memory of 2804	1924	Solar Tweaks.exe	33
PID 1924 wrote to memory of 2804	1924	Solar Tweaks.exe	33
PID 1924 wrote to memory of 2804	1924	Solar Tweaks.exe	33
PID 1924 wrote to memory of 2804	1924	Solar Tweaks.exe	33
PID 1924 wrote to memory of 2804	1924	Solar Tweaks.exe	33
PID 1924 wrote to memory of 2804	1924	Solar Tweaks.exe	33
PID 1924 wrote to memory of 2804	1924	Solar Tweaks.exe	33
PID 1924 wrote to memory of 2804	1924	Solar Tweaks.exe	33
PID 1924 wrote to memory of 2804	1924	Solar Tweaks.exe	33
PID 1924 wrote to memory of 2804	1924	Solar Tweaks.exe	33

C:\Users\Admin\AppData\Local\Temp\Solar Client\Solar-Tweaks-Setup-4.2.0.exe
"C:\Users\Admin\AppData\Local\Temp\Solar Client\Solar-Tweaks-Setup-4.2.0.exe"
1⤵
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:2872

C:\Program Files\Solar Tweaks\Solar Tweaks.exe
"C:\Program Files\Solar Tweaks\Solar Tweaks.exe"
1⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Modifies system certificate store
- Suspicious use of WriteProcessMemory
PID:1924
- C:\Program Files\Solar Tweaks\Solar Tweaks.exe
  "C:\Program Files\Solar Tweaks\Solar Tweaks.exe" --type=gpu-process --field-trial-handle=1372,4325396764200272201,2040948427251382035,131072 --disable-features=CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1380 /prefetch:2
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:2232
- C:\Program Files\Solar Tweaks\Solar Tweaks.exe
  "C:\Program Files\Solar Tweaks\Solar Tweaks.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1372,4325396764200272201,2040948427251382035,131072 --disable-features=CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --lang=en-US --service-sandbox-type=none --standard-schemes=app --secure-schemes=app --bypasscsp-schemes --cors-schemes --fetch-schemes --service-worker-schemes --streaming-schemes --mojo-platform-channel-handle=1684 /prefetch:8
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: EnumeratesProcesses
  PID:608
- C:\Program Files\Solar Tweaks\Solar Tweaks.exe
  "C:\Program Files\Solar Tweaks\Solar Tweaks.exe" --type=renderer --field-trial-handle=1372,4325396764200272201,2040948427251382035,131072 --disable-features=CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --lang=en-US --standard-schemes=app --secure-schemes=app --bypasscsp-schemes --cors-schemes --fetch-schemes --service-worker-schemes --streaming-schemes --app-path="C:\Program Files\Solar Tweaks\resources\app.asar" --no-sandbox --no-zygote --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=3 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1816 /prefetch:1
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: EnumeratesProcesses
  PID:2072
- C:\Program Files\Solar Tweaks\Solar Tweaks.exe
  "C:\Program Files\Solar Tweaks\Solar Tweaks.exe" --type=gpu-process --field-trial-handle=1372,4325396764200272201,2040948427251382035,131072 --disable-features=CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --use-gl=swiftshader-webgl --mojo-platform-channel-handle=1380 /prefetch:2
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:2804

C:\Program Files\Solar Tweaks\Solar Tweaks.exe
"C:\Program Files\Solar Tweaks\Solar Tweaks.exe"
1⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Modifies system certificate store
PID:2416
- C:\Program Files\Solar Tweaks\Solar Tweaks.exe
  "C:\Program Files\Solar Tweaks\Solar Tweaks.exe" --type=gpu-process --field-trial-handle=1128,4058165253842884989,9242566660715696334,131072 --disable-features=CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1136 /prefetch:2
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:2740
- C:\Program Files\Solar Tweaks\Solar Tweaks.exe
  "C:\Program Files\Solar Tweaks\Solar Tweaks.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1128,4058165253842884989,9242566660715696334,131072 --disable-features=CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --lang=en-US --service-sandbox-type=none --standard-schemes=app --secure-schemes=app --bypasscsp-schemes --cors-schemes --fetch-schemes --service-worker-schemes --streaming-schemes --mojo-platform-channel-handle=1408 /prefetch:8
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: EnumeratesProcesses
  PID:1004
- C:\Program Files\Solar Tweaks\Solar Tweaks.exe
  "C:\Program Files\Solar Tweaks\Solar Tweaks.exe" --type=renderer --field-trial-handle=1128,4058165253842884989,9242566660715696334,131072 --disable-features=CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --lang=en-US --standard-schemes=app --secure-schemes=app --bypasscsp-schemes --cors-schemes --fetch-schemes --service-worker-schemes --streaming-schemes --app-path="C:\Program Files\Solar Tweaks\resources\app.asar" --no-sandbox --no-zygote --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1536 /prefetch:1
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: EnumeratesProcesses
  PID:2876
- C:\Program Files\Solar Tweaks\Solar Tweaks.exe
  "C:\Program Files\Solar Tweaks\Solar Tweaks.exe" --type=gpu-process --field-trial-handle=1128,4058165253842884989,9242566660715696334,131072 --disable-features=CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --use-gl=swiftshader-webgl --mojo-platform-channel-handle=1136 /prefetch:2
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:1932

C:\Program Files\Solar Tweaks\Solar Tweaks.exe
"C:\Program Files\Solar Tweaks\Solar Tweaks.exe"
1⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Modifies system certificate store
PID:1448
- C:\Program Files\Solar Tweaks\Solar Tweaks.exe
  "C:\Program Files\Solar Tweaks\Solar Tweaks.exe" --type=gpu-process --field-trial-handle=1388,148863178064202050,8608521546162475840,131072 --disable-features=CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1392 /prefetch:2
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:2484
- C:\Program Files\Solar Tweaks\Solar Tweaks.exe
  "C:\Program Files\Solar Tweaks\Solar Tweaks.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1388,148863178064202050,8608521546162475840,131072 --disable-features=CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --lang=en-US --service-sandbox-type=none --standard-schemes=app --secure-schemes=app --bypasscsp-schemes --cors-schemes --fetch-schemes --service-worker-schemes --streaming-schemes --mojo-platform-channel-handle=1648 /prefetch:8
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: EnumeratesProcesses
  PID:1512
- C:\Program Files\Solar Tweaks\Solar Tweaks.exe
  "C:\Program Files\Solar Tweaks\Solar Tweaks.exe" --type=renderer --field-trial-handle=1388,148863178064202050,8608521546162475840,131072 --disable-features=CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --lang=en-US --standard-schemes=app --secure-schemes=app --bypasscsp-schemes --cors-schemes --fetch-schemes --service-worker-schemes --streaming-schemes --app-path="C:\Program Files\Solar Tweaks\resources\app.asar" --no-sandbox --no-zygote --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1904 /prefetch:1
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: EnumeratesProcesses
  PID:572
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "%windir%\System32\REG.exe QUERY HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography /v MachineGuid"
    3⤵
    PID:2644
  - - C:\Windows\System32\reg.exe
      C:\Windows\System32\REG.exe QUERY HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography /v MachineGuid
      4⤵
      PID:1260
- C:\Program Files\Solar Tweaks\Solar Tweaks.exe
  "C:\Program Files\Solar Tweaks\Solar Tweaks.exe" --type=gpu-process --field-trial-handle=1388,148863178064202050,8608521546162475840,131072 --disable-features=CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --use-gl=swiftshader-webgl --mojo-platform-channel-handle=1392 /prefetch:2
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:1780

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2828
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef73c9758,0x7fef73c9768,0x7fef73c9778
  2⤵
  PID:672
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1132 --field-trial-handle=1232,i,1064083778512963388,15844613819661231156,131072 /prefetch:2
  2⤵
  PID:2316
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1464 --field-trial-handle=1232,i,1064083778512963388,15844613819661231156,131072 /prefetch:8
  2⤵
  PID:2328
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1548 --field-trial-handle=1232,i,1064083778512963388,15844613819661231156,131072 /prefetch:8
  2⤵
  PID:2464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2256 --field-trial-handle=1232,i,1064083778512963388,15844613819661231156,131072 /prefetch:1
  2⤵
  PID:1664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2260 --field-trial-handle=1232,i,1064083778512963388,15844613819661231156,131072 /prefetch:1
  2⤵
  PID:1716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1420 --field-trial-handle=1232,i,1064083778512963388,15844613819661231156,131072 /prefetch:2
  2⤵
  PID:828
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=2156 --field-trial-handle=1232,i,1064083778512963388,15844613819661231156,131072 /prefetch:1
  2⤵
  PID:2716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3420 --field-trial-handle=1232,i,1064083778512963388,15844613819661231156,131072 /prefetch:8
  2⤵
  PID:2972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3412 --field-trial-handle=1232,i,1064083778512963388,15844613819661231156,131072 /prefetch:8
  2⤵
  PID:1428
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3836 --field-trial-handle=1232,i,1064083778512963388,15844613819661231156,131072 /prefetch:8
  2⤵
  PID:1912

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2808

C:\Program Files\Solar Tweaks\Solar Tweaks.exe
"C:\Program Files\Solar Tweaks\Solar Tweaks.exe"
1⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Modifies registry class
- Modifies system certificate store
- Suspicious use of SetWindowsHookEx
PID:612
- C:\Program Files\Solar Tweaks\Solar Tweaks.exe
  "C:\Program Files\Solar Tweaks\Solar Tweaks.exe" --type=gpu-process --field-trial-handle=1368,1033004539760926344,4495553465903338771,131072 --disable-features=CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1376 /prefetch:2
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:2476
- C:\Program Files\Solar Tweaks\Solar Tweaks.exe
  "C:\Program Files\Solar Tweaks\Solar Tweaks.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1368,1033004539760926344,4495553465903338771,131072 --disable-features=CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --lang=en-US --service-sandbox-type=none --standard-schemes=app --secure-schemes=app --bypasscsp-schemes --cors-schemes --fetch-schemes --service-worker-schemes --streaming-schemes --mojo-platform-channel-handle=1652 /prefetch:8
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: EnumeratesProcesses
  PID:2488
- C:\Program Files\Solar Tweaks\Solar Tweaks.exe
  "C:\Program Files\Solar Tweaks\Solar Tweaks.exe" --type=renderer --field-trial-handle=1368,1033004539760926344,4495553465903338771,131072 --disable-features=CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --lang=en-US --standard-schemes=app --secure-schemes=app --bypasscsp-schemes --cors-schemes --fetch-schemes --service-worker-schemes --streaming-schemes --app-path="C:\Program Files\Solar Tweaks\resources\app.asar" --no-sandbox --no-zygote --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1840 /prefetch:1
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: EnumeratesProcesses
  PID:2744
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "%windir%\System32\REG.exe QUERY HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography /v MachineGuid"
    3⤵
    PID:2060
  - - C:\Windows\System32\reg.exe
      C:\Windows\System32\REG.exe QUERY HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography /v MachineGuid
      4⤵
      PID:2560
- C:\Program Files\Solar Tweaks\Solar Tweaks.exe
  "C:\Program Files\Solar Tweaks\Solar Tweaks.exe" --type=gpu-process --field-trial-handle=1368,1033004539760926344,4495553465903338771,131072 --disable-features=CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --use-gl=swiftshader-webgl --mojo-platform-channel-handle=1376 /prefetch:2
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:696

C:\Program Files\Solar Tweaks\Solar Tweaks.exe
"C:\Program Files\Solar Tweaks\Solar Tweaks.exe"
1⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
PID:2616
- C:\Program Files\Solar Tweaks\Solar Tweaks.exe
  "C:\Program Files\Solar Tweaks\Solar Tweaks.exe" --type=gpu-process --field-trial-handle=1396,313797417209573138,12188268857889504617,131072 --disable-features=CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1404 /prefetch:2
  2⤵
  - Executes dropped EXE
  PID:2664
- C:\Program Files\Solar Tweaks\Solar Tweaks.exe
  "C:\Program Files\Solar Tweaks\Solar Tweaks.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1396,313797417209573138,12188268857889504617,131072 --disable-features=CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --lang=en-US --service-sandbox-type=none --standard-schemes=app --secure-schemes=app --bypasscsp-schemes --cors-schemes --fetch-schemes --service-worker-schemes --streaming-schemes --mojo-platform-channel-handle=1648 /prefetch:8
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  PID:1416
- C:\Program Files\Solar Tweaks\Solar Tweaks.exe
  "C:\Program Files\Solar Tweaks\Solar Tweaks.exe" --type=renderer --field-trial-handle=1396,313797417209573138,12188268857889504617,131072 --disable-features=CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --lang=en-US --standard-schemes=app --secure-schemes=app --bypasscsp-schemes --cors-schemes --fetch-schemes --service-worker-schemes --streaming-schemes --app-path="C:\Program Files\Solar Tweaks\resources\app.asar" --no-sandbox --no-zygote --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1820 /prefetch:1
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  PID:2728
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "%windir%\System32\REG.exe QUERY HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography /v MachineGuid"
    3⤵
    PID:1932
  - - C:\Windows\System32\reg.exe
      C:\Windows\System32\REG.exe QUERY HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography /v MachineGuid
      4⤵
      PID:2720
- C:\Program Files\Solar Tweaks\Solar Tweaks.exe
  "C:\Program Files\Solar Tweaks\Solar Tweaks.exe" --type=gpu-process --field-trial-handle=1396,313797417209573138,12188268857889504617,131072 --disable-features=CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --use-gl=swiftshader-webgl --mojo-platform-channel-handle=1404 /prefetch:2
  2⤵
  - Executes dropped EXE
  PID:1388

C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
1⤵
PID:1548

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x170
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2684

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Solar Tweaks\chrome_100_percent.pak

Filesize
138KB

MD5
03aaa4f8525ba4b3e30d2a02cb40ab7a

SHA1
dd9ae5f8b56d317c71d0a0a738f5d4a320a02085

SHA256
c3f131faeefab4f506bf61c4b7752a6481f320429731d758ef5413a2f71441f7

SHA512
c89a1b89b669602ba7c8bf2c004755cac7320189603fecb4f4c5cf7a36db72da651c7b613607146f0c6da9eec5df412c7fba75475352192351c02aebdaa7d9a9

Download Submit
C:\Program Files\Solar Tweaks\chrome_200_percent.pak

Filesize
202KB

MD5
7d4f330a5443eadf32e041c63e7e70ad

SHA1
26ce6fb98c0f28f508d7b88cf94a442b81e80c88

SHA256
b8704be578e7396ee3f2188d0c87d0ede5c5702e9bb8c841b5f8d458abf1356d

SHA512
f1b9b0dd7396863aa0feca06175b7f9ea0be4122351ecf0a0549ee4c34f85ac8c63cc927d7409a40b6e19fa91d2cb00a145616ba19f47045b2345bfbc2d4802d

Download Submit
C:\Program Files\Solar Tweaks\icudtl.dat

Filesize
9.9MB

MD5
80a7528515595d8b0bf99a477a7eff0d

SHA1
fde9a195fc5a6a23ec82b8594f958cfcf3159437

SHA256
6e0b6b0d9e14c905f2278dbf25b7bb58cc0622b7680e3b6ff617a1d42348736b

SHA512
c8df47a00f7b2472d272a26b3600b7e82be7ca22526d6453901ff06370b3abb66328655868db9d4e0a11dcba02e3788cc4883261fd9a7d3e521577dde1b88459

Download Submit
C:\Program Files\Solar Tweaks\locales\en-US.pak

Filesize
88KB

MD5
af5c77e1d94dc4f772cb641bd310bc87

SHA1
0ceeb456e2601e22d873250bcc713bab573f2247

SHA256
781ef5aa8dce072a3e7732f39a7e991c497c70bfaec2264369d0d790ab7660a4

SHA512
8c3217b7d9b529d00785c7a1b2417a3297c234dec8383709c89c7ff9296f8ed4e9e6184e4304838edc5b4da9c9c3fe329b792c462e48b7175250ea3ea3acc70c

Download Submit
C:\Program Files\Solar Tweaks\resources.pak

Filesize
4.9MB

MD5
91f8a4b158df6967163ccbbe765e095a

SHA1
95db67f0a2352fd898f4a4cfdfc860f6a9c58c87

SHA256
a30b8269e588c6cc2cea5fd4685da3012fd10451edb59a283005116f8e033182

SHA512
6450d75d53f24d11e1c1e7e3cacfc57ee9dd09c00ca0dc2ff30f580b59a6b17e7ad7d96682195bd7d806b49068653538c77ca4200491560cecff128a0b012d92

Download Submit
C:\Program Files\Solar Tweaks\resources\app.asar

Filesize
6.0MB

MD5
9c12e7fb205f75b66a6ee62e4ca92a9b

SHA1
8e9976b84c9bf1827bb96fc61c0b7dc96e2f596e

SHA256
a8018e6d6af92f4e0a19b35fafc1d47a3362045335f4bf50da1af3adf34e5f50

SHA512
2e49f8568506ae002dba30badd7a137f07d3e90949d93c2d741e166e53c752ada9bccd970c5a9f55cde54f8c4f53cc2d6dd6b908c6300e2c172d911c10dda029

Download Submit
C:\Program Files\Solar Tweaks\v8_context_snapshot.bin

Filesize
161KB

MD5
e47426f88649c7f8e27b8a1516cc0137

SHA1
5452aadfddbc55d6c5c18b801087e39529859b12

SHA256
09686ad5bf03d95de7c251d204e60a8e3824bd6420bedddee80b2c6e5609fb26

SHA512
f9647a35ff273ca622b3db4aefb9aaf75075386c42a31e085f916fc82f3a18fed25b0e05dcc09e678ca419408f59f0c34fa5762e5f945db35f9c6f67b7b94bc0

Download Submit
C:\Users\Admin\.lunarclient\solartweaks\logs\launcher-latest.log

Filesize
302B

MD5
b351ecd37e7273f3e554730684be4c32

SHA1
25ac62a889aabe97d7f519a142b918eb4c133a9b

SHA256
db7f08cbe03c974f820ae376fc68ba409230db49cb6308684732a4e4f8a8c655

SHA512
a2ece88f3c5fc4712f0a8476a4d54d3510ac7ae8a016f127c748e293024de4a3a48e3993bb7d326030742036130b60614b2973d88f443c450dce8d35bc8df38f

Download Submit
C:\Users\Admin\.lunarclient\solartweaks\logs\launcher-latest.log

Filesize
453B

MD5
11afa40bc1f573652782900ac6104199

SHA1
fdabfcef6517437fe6bfa084d9a438afe1a7b752

SHA256
d359386130977a9b8f5897b44821ad32634a8fd7f7d97ec093d69348f345d173

SHA512
79e3c697fb9f7cb3d5af051999360b0dd9108ef72ea895b79dd3167ed796fa0504ac654de2940e80976036e8c832e63267f25cc8e60bb3bb2de58db25d4325ed

Download Submit
C:\Users\Admin\.lunarclient\solartweaks\logs\launcher-latest.log

Filesize
869B

MD5
ee4a3d377e493421001099fc2219cadc

SHA1
75f5d210332c9a140c9aa3adaca03a201396eaf4

SHA256
41708492d74d487e36a2ae3eeab5b55dafc82791967fefe9900cef4682681a2d

SHA512
93f3d93e3e04d941f457fa271daf49c1c0453dbf58b53dcbe22ce5d0dd5e3f32c7fff55975bc241b420dd8387f7c7e73f1b4ed850b251020f7082135d72f9698

Download Submit
C:\Users\Admin\.lunarclient\solartweaks\logs\launcher-latest.log

Filesize
618B

MD5
ddec08fd27166c4a4e013db93c10c74c

SHA1
2297de577cc76106747c10efdad7d7389e2959d5

SHA256
971b90066ad2bfbf5de6974f4b75ee0676d9d176655dc72f3669f3dcbceef7e4

SHA512
5a2cff5fc3b1ba056572e67f705afc050ad1cce5d15a8805380e70c426c743bcb6205be34f53ff8e668d172fe2e8fa571decfd6e0167a5655943acf0092e47d2

Download Submit
C:\Users\Admin\.lunarclient\solartweaks\logs\launcher-latest.log

Filesize
1KB

MD5
f727a17722d604c54a413a0e501c5c85

SHA1
ef6f556d479cffee0a435094a696b83f3f9f832e

SHA256
443e0e5c8d87b2247a22e1388f0ef2a55496a78fb328a742a1cd818d5a4e828b

SHA512
d1a3fcf234a5acfc58f08645b41dd07f1135754a4bb51adc0ecd8deee794f41bbf30e0080ec363ccc4d11d5014b7367594bead0d782b1af43d0c97f8429ca4b5

Download Submit
C:\Users\Admin\.lunarclient\solartweaks\logs\launcher-latest.log

Filesize
1011B

MD5
d78b3da360fd9669fe1b03c09faa2e05

SHA1
aec032a30320ca8df18a0a8b28ce703c75671b23

SHA256
56afd00b8f2dd0a99b899151510c46a52d5685a1435570fe0304e65ed91fb817

SHA512
b21ce92da317b255fa1fcb7606ec04ced0b79c801fc66d0c7f93baa9cde0c0bea2dac2d62f4ad6f7f852dc4e6a3e86f43b8ebc063721f2fc4404f3cbe2b86381

Download Submit
C:\Users\Admin\.lunarclient\solartweaks\logs\launcher-latest.log

Filesize
111B

MD5
c2c1e71fd0afca3f34673d59286360a6

SHA1
4205b4fcf1610cccffa11d08a86eb1def0a458ca

SHA256
f3e8a70312eb0ba9e98bb550edf645f8fb3644b088cbaf8f22ba12d780c42ad0

SHA512
0f4f906a14ad66a714256f6fa8441550f817438906af3c39261fabac66d3fd44485d19f170fc9be14e850b38cbb182f8075e575580595ced45d2d911912fbbf7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2f35420bb3ab53f45d329f6f0ca9ecc2

SHA1
b84033910540f4457f3deeedf1e77ef35cbe649e

SHA256
2f6a8f13257e5ded794f0d53441a5780e4f6db832126b7d24b433192067b9f6e

SHA512
e07ff035c6f5934ae869db6ecc01102300b8c4e3340e4b7f7cb5ab74fcf5492d02e1abcbf8aff5422365f0d9e893ef8b4c66605d79c625b7bf70023277ead057

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
887dc5b5614c12f74f3676ac87549992

SHA1
1cf494d44024e123218982b3d9d27c5107c39776

SHA256
d816ca159a20c0157622be6947d683627604bfaa4bc80e5942bc2bd2e9ab14c7

SHA512
2464a45bf21a5f11091bfd768605cf472c9c240a645996f77e2d40f129d6459cb5305d8bc6e865e98654b2ae5009c06412c40954b18278a5d6380943966ff34a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a1e8510108e52a76d1fe9fe20d412584

SHA1
df22c040b2e7643ab9aad43fa2fa558bf27fe427

SHA256
dde18c281a7abcc27149981338561fdc4bb31b5ad10291054a751cdcd56e1bfc

SHA512
3e5b5d0ff1c57540fa0ac9d765677dc1fb769e3c0835c9e188c3a5387b812ba4a32e416870764ce296d96a0a349d35e003c296eb37e648610d783a3efc8d0e6e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
15c49d4284ff9ba0af0a5c2f4240c625

SHA1
6f02fdbb00858a8cfd74e4c4afccbe7a28af7f49

SHA256
2a8c272652dd07b2c9c7d8ac70be1f251f03916c5b23847c82c2316502cee502

SHA512
0db6e0f3e214d1c026c2c0efdacfb9de92fc987fcad33f3972930beda5874bf05e27389b786bd7b40ddd829b9fda527c3b769b222361dea7dcf1700dc88edd65

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
11d1fe2b6c38be00dd67bce36c9c368c

SHA1
10d331d7c7e114e573ceb6df436046dc50f86088

SHA256
704af73a6a8e27737b60e47ba82b8e55655e03aac39543554523c39fb9f0b8dd

SHA512
244707bf7006dbcee6c6595627344bf159e4ace79cfef97539c072563730c6fa92e1fe9889df94d36bd86f3b5c715e1374e63136dd98050dd64abe873818c554

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6485ee722a914a32465e054bc3d79aee

SHA1
79758f9a877781ac9b461607a21dea9d7077ea3b

SHA256
ef5be9fa28294ff4333347d11ab5e3e740eb7030b49f03b07d9a0b52541be9d8

SHA512
25023b11bbbdacfbfa7781023086697a332458cec7bcc7f6ea5396fa3657db8d1fce12113a91022e26de3295287e5a37610c48534a7681bccd0ea0a42211a376

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
949340d7a36d0aaa55b49254a642b72f

SHA1
e69dcfbec13f1415883103047e3c9dbf7664d0d9

SHA256
66549291e61640e2446dba490fccb5655ade6e78225baae8d1a6970d9b8301d9

SHA512
3ab9e5b617d3d695674e5482c7d9734f32ee9b969a5b542066abd1c8492e23a7adc445f9e2bc16d837093efe8d42d140a93879387765f2a606028aaabaaa44d2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6cde04c37f6bba9e0dd87714ba26445b

SHA1
9987a252956b140c3ef17d58e6c159664d17f612

SHA256
fe058f1342673cc5e46c07ddf54b25216bf7c9d6691893d3e729215160f65f36

SHA512
ca55a3afe75a542f051bc5d80e7ffb26b269075b37348d7386259365723f3e22d8bae5ef7a8559cfbd0460691a05d65eb71bff466e35daf19723ac0c771d6db9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f0f58d0b84066ad3a2156d621013de82

SHA1
f4a45f4e422841f8e28aea08fe846011b6ab9803

SHA256
4cfcb6bf69f13f0097cdcd0f8dbd83b0d4a4275d9430a65a97d73e58d3c91710

SHA512
f81e3d52123595dd2ea13259c8b06dfc4986bd68b3aaa71349389f02b9fd42b649a56cae42174d924cdbcbec1dcbef754d6c28544ac368ad5631673e616e5fbf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a8160948dd4e6ec890268d47a978b621

SHA1
fead22f362a29dbaade686f291e0c96df403c05d

SHA256
ee67ce93864e5c714e454a6f6b2f4b360f9e7a3e7b00c4c07eb937e5140427d7

SHA512
1f0de512e51ac3719f7fd8cd348ef98dfa781ea7c86cb2f563366af3e07a0b4b0f50ff2d1ec8c85dc9023597d06bb03130aacb46207262552fb9ef1b70be20cd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2f58a71eeb21ce1fcf23d3f876ffc414

SHA1
da42cbf354ad3e477bf9dec25920b31d3feb9012

SHA256
941e26f2a760b6418b81303f3c4db1b39787f721e0d71b0b3d96476664255949

SHA512
c9c4ba21a32ba0e5b32f343f752306e15a5f42a7f3e80f5c0ed4e7e491ec427eb0605b77b93c6b717a83e757c222a0f68e442d95477ebdc85621532989fb5fd4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9924d3bb3f98c5492e7263752e213a8a

SHA1
36409a7c5b8cb962412f3c9da7f98979748cd7d2

SHA256
792d4b3a6d902535b08c3b0722ecfb9ff624561761320ba75503c92f8e7960d6

SHA512
180499c6c5495fbe52f285240362a3a0689d9935e95e677a9823274802eac8463ffa6c5ff1040c6177f696187d8dce2a295ecbad1da35c16e22f41a84311b860

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
55276306c6a841b079b9630762f46061

SHA1
7dc615b11d90004fbc179f4acb8c0348fe4de5f4

SHA256
cae597f4f2e948a2fbe38368207f8308455a33e91da1eaadef4750173b4d8149

SHA512
ce5517ae8613366c6e8a05cee0ed0d069a1f8c9cb1c2813723d4447c71712fa437740995f87a998ee7f9fe6de2a11ede84185c126fd62eb9e324833431eaa1e6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000006.dbtmp

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\fb3999e9-2799-438f-836a-f078b1c64822.tmp

Filesize
282KB

MD5
fc70a24474df062410c1e4c1bb24e3ed

SHA1
91ef3393a21d67bcd4e6c58f4555ec75257ac6ed

SHA256
b626c0654fe8743acee3b9b7b8a47012bb24a8d11866945e3536558f5749deda

SHA512
c863674d0f6db4cce91b10d97713b9260814130a2d76387f140919779a5dc36488bb07b130772b0b0f5979b776df5a22aee3196d9cd1310bea8ca79318f912d4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar3173.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
C:\Users\Admin\AppData\Roaming\solartweaks\Code Cache\js\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Roaming\solartweaks\Code Cache\wasm\index-dir\the-real-index

Filesize
48B

MD5
5efab2140e16a68d3d15cd9b381622fa

SHA1
abecffb868e409f4221bcb181892c6035ec734cd

SHA256
3f2b49366b4bc390b7b78210c24d3efac928ff18e0385c2ae1c9b514e694ec53

SHA512
15a24da9c692e8f4dc7831ae0b0d2e6bd6fd2df137e18d4375bf2982f875a319d0c453ea2b324ee0c0eaf9005e4a5db0124bc189c7827718f49535d72c94e1a2

Download Submit
C:\Users\Admin\AppData\Roaming\solartweaks\Dictionaries\en-US-9-0.bdic

Filesize
441KB

MD5
a78ad14e77147e7de3647e61964c0335

SHA1
cecc3dd41f4cea0192b24300c71e1911bd4fce45

SHA256
0d6803758ff8f87081fafd62e90f0950dfb2dd7991e9607fe76a8f92d0e893fa

SHA512
dde24d5ad50d68fc91e9e325d31e66ef8f624b6bb3a07d14ffed1104d3ab5f4ef1d7969a5cde0dfbb19cb31c506f7de97af67c2f244f7e7e8e10648ea8321101

Download Submit
C:\Users\Admin\AppData\Roaming\solartweaks\FontLookupTableCache\font_unique_name_table.pb

Filesize
125KB

MD5
ccc86f4311f0d792a9f64a2194caf8fb

SHA1
a66a43e1d95843397479709ead139e5485c63542

SHA256
de23b8a2252792abfe5e5fb969ec386c03c2321459490c631b42ca764584b2d8

SHA512
f026972bf0e989273700b71066d09bdf51a22969c6ed8c3f3c8fcc3d7bd71db6ce6c2bfae8baa6edcb8e7b55134cd5a1b52c1d93ed6e7abb89ea8a6f0a44ab79

Download Submit
C:\Users\Admin\AppData\Roaming\solartweaks\GPUCache\data_0

Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Roaming\solartweaks\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Roaming\solartweaks\GPUCache\index

Filesize
256KB

MD5
750d2930074779f2356296fdc2392f66

SHA1
67be71b7ecb86af701374864861b5de54e7a9bef

SHA256
4bac7f9adb64e5ab36d0df0d121b6d1c4ed67531088c164848a2cb7330e3cb56

SHA512
3e4cb1ab316591a6d4215957a8b53360c2de182b10ead014aac34f6e3fb873a266db1523e251406a0dc7c830bd237d007bed7de69e4d5d73678ea30d0121f4de

Download Submit
C:\Users\Admin\AppData\Roaming\solartweaks\Preferences

Filesize
57B

MD5
58127c59cb9e1da127904c341d15372b

SHA1
62445484661d8036ce9788baeaba31d204e9a5fc

SHA256
be4b8924ab38e8acf350e6e3b9f1f63a1a94952d8002759acd6946c4d5d0b5de

SHA512
8d1815b277a93ad590ff79b6f52c576cf920c38c4353c24193f707d66884c942f39ff3989530055d2fade540ade243b41b6eb03cd0cc361c3b5d514cca28b50a

Download Submit
C:\Users\Admin\AppData\Roaming\solartweaks\Session Storage\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Roaming\solartweaks\Session Storage\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Roaming\solartweaks\TransportSecurity

Filesize
683B

MD5
2f442401f95ad720d1b05f1a9be8a4e3

SHA1
b6d9955c378be701518a8e61766f83e2ae2bccd5

SHA256
ebe6dda51dc84d1147f91c55de9274bb5b5f15ba34e1463b0fcab2d5d476645c

SHA512
2340aa91d6ce38e6752d735d517e3cdeba76131bb3d4665dceeefe980cf0d9c9d3e0cb5ca95c87cf65b6767176e609d541e95ce279c035cf18fe7a011f389990

Download Submit
C:\Users\Admin\AppData\Roaming\solartweaks\TransportSecurity

Filesize
360B

MD5
ca1da36ccd35ebfe8749b326b62b9e1c

SHA1
d4d26eaf53def2d563e92a0c2238dd9a56f86f2d

SHA256
776fd5a67982650383ada5dfb20c43d8fa02a00e9db21eaeafc7f34aa312fc2c

SHA512
93650538d39768c077629f6806ad683ded787cc1bbbfe476efaa73edb4e7c559b7354e185f4aeb8bab60faf9512a07f0a49cc16ab0759fe657fdb6ff1121d2b3

Download Submit
C:\Users\Admin\AppData\Roaming\solartweaks\TransportSecurity

Filesize
683B

MD5
3f1e60bf719ff2225eaf10b0d0afdd76

SHA1
692ad8ebc817efcd4650b050d8d501f02e1e0d1d

SHA256
6b156f2bee920914cf29b73182bd23b5c00b622faf7174bdc3b1738947b64f45

SHA512
5e7a8574179e5bce71b622d10889b6af51f9beeed13a7f504ca63e76cc84f97f51a14f15636f0d5b236c4b784ebd56555380f745c314b5c6855fd0fe6f7973e9

Download Submit
C:\Users\Admin\AppData\Roaming\solartweaks\TransportSecurity

Filesize
683B

MD5
b710e11594bcfb26cb719be3f8c4c1ed

SHA1
5a4b6fbbe1b37f7be2f6bccf9bddbe6cdb277a6c

SHA256
a5dd14611a86c456be1acf9f150c8edb41807270cd8fb344a67c281d4f943c57

SHA512
13414ffcbb3fa779263d67baa0047a4f4c554bc59c160601deb1aede77f6d56bd7f510a8e50c8aa51b4b954d11f2cad66668210f56272142aeb54a4b1d10ef52

Download Submit
C:\Users\Admin\AppData\Roaming\solartweaks\settings.json

Filesize
1KB

MD5
68554dc79b76010a8bbddf8c26cc59c5

SHA1
d75e94a13d929e1116d6f24c8c175360d2b5df52

SHA256
b7150ed4797d6425be17fa90a84f92d53b7a018e00690011e316d36f2110db7f

SHA512
51f908842daf41700a732d46f7492a3101f58caee558f5d7d14b6832673654fea4f0b25a45c7897e5deee3948c1d11761f95b7649a9bfdf259db1c852351b5a1

Download Submit
C:\Users\Admin\AppData\Roaming\solartweaks\settings.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Roaming\solartweaks\settings.json

Filesize
1KB

MD5
f11cf927d4d7a56bac9104486a9d14e5

SHA1
c57fde0722a3c693650087de0693da7231f6b28f

SHA256
25819e40938b42829fc746d5819156a92c406972967e1a6229e2f7baa4516abe

SHA512
2c949348570832b39a4728d87532dfe4e433a93d3cc530a3d2af2b557c7397f08a96e9787da9164508f82462ceea03e46cb8ba00dfa585501deae52c9e4b64b5

Download Submit
C:\Users\Admin\AppData\Roaming\solartweaks\settings.json

Filesize
493B

MD5
edbcbd231c2186d5bd53cde7258baf5d

SHA1
f41b10d1147820156f4adef21e26af7cca4566e9

SHA256
1746979f7ca58c2ba6a34821af3429d1330b2efb19d8c57152138a9e7d489a87

SHA512
85932c5f43f6f59e2c06a7f22075cbc1a7c1cb2729fc0513a2dcae4548caea1838fed1c7de18274277a435767123f0a7cf2a23b87f2cf4e2c48a0a622aa53134

Download Submit
C:\Users\Admin\AppData\Roaming\solartweaks\settings.json

Filesize
469B

MD5
314b7c7236071b55b52464a7bc9fe03a

SHA1
a5a534f406ecc2e53f4b433b7549a2b0ceffa125

SHA256
4f6e6459cf8e736d6d71049937027a1d2e400a76b54bb1246cee9fda820b5a11

SHA512
d3184858dd13daaf2e5a3851e96ac6286e3bdbe54233130c2e43699dd88985ea07ac48bb10e8f961219aa706043ca8a72aae32ec135510813be9a2c8d0ab10f1

Download Submit
C:\Users\Admin\AppData\Roaming\solartweaks\settings.json

Filesize
536B

MD5
c3356663cde6458ad946c82b7a6c5e80

SHA1
b15d79d196ccafdfbda53a6753c4b03879c76630

SHA256
83d367797cfc5a8a8a95fa3a6560e70c0e5555e6ae1177975acdbbb2539f4188

SHA512
c9accf43a001a5d330f1778f7ae785fcef47bacc4bcea7902b3707b27d9ae69870d8e4a0fcc528101040167dd483aa00a0aa7b57d0a5c2578ae2b7e5999e23fc

Download Submit
C:\Users\Admin\AppData\Roaming\solartweaks\settings.json

Filesize
515B

MD5
ac0c3e6ec6263000b467558f7392cb29

SHA1
753aaf5333d56bdf504f068a09e9ce28950a258e

SHA256
d5ea7c2c201bb58ad091e4daa7fac1bd54cf4414335141bee5c836847f5eab54

SHA512
dc9aed010a6458e05429be6bb28b31585942251619bd942c4b9c33579afe6a5df0e5822e69d9a2e53c5df65369e9725965e47573be1539d44cb685015570dac2

Download Submit
C:\Users\Admin\AppData\Roaming\solartweaks\settings.json

Filesize
1KB

MD5
df8e6770d3b1986951afdf71824b315e

SHA1
655c24f91793f8d2da7fc01ef141f4cc20cd0cf2

SHA256
96e4f738d028ebe1ff9056107e3d42ceb1f781d4c19824714cf9a5d68805158e

SHA512
afbb0c1d0d669960d761812f264d885a4a3fcb52a6af31b110276f6f721c59d2d62a5c295d2f22ac6966ccfce6ad6cc7080f270a52f56a607a126c7bb7c80e82

Download Submit
C:\Users\Admin\AppData\Roaming\solartweaks\settings.json

Filesize
1KB

MD5
0a7ee5889db0e10c9d4b4a08548860e7

SHA1
ad6e7e89fc3c38c958d483d74375942898c820e5

SHA256
163e4973d0bc383fb3094af8ba0463c809316a6054e4ec1c5a80e75c9e61df14

SHA512
b890b8647747a5b3a76bb090314f791c0be0107142cb6343da30926ad4a0390797654ba21e29d9ff9209515c8fd6086be1a5e6ed9ad1e55a20fcf81315bf3e12

Download Submit
C:\Users\Admin\AppData\Roaming\solartweaks\settings.json

Filesize
1KB

MD5
6b03d21763e7edf58ace3688cf7dd8f3

SHA1
7351bbe010c4b94aa57b0d0f2b97ba77db824873

SHA256
ef0b1a32d5c0a695cf471c6db1f4aa4fcd8d8ae243f51e63e999b1155dd564f3

SHA512
4844365ee7deaa844fd9bfe2a762fd7df8347d1a56d4900c673890df76d9597c74da282ec2d56dc5d159a0d5878fcceabd58dfe3db7e4e1459ab0f30e8b4aa96

Download Submit
C:\Users\Admin\AppData\Roaming\solartweaks\settings.json

Filesize
1KB

MD5
15fa429e269ce22729a747cbce7f546b

SHA1
5c18e1993798a3d317c184ec8ec55b56c98fa2d2

SHA256
14ec9b6cdc8a2816f84e9f73aab3ee150baf5eab32336831e590cd1ef1df1fc3

SHA512
6cad63cba5ddc4eb4fe7b61166a20fd008804e9fc31b7fc16083cf4e946859d4fc3df7718dabd281b555b730e2b587874ce59c44ad0c14da215c72b6395143e9

Download Submit
C:\Users\Admin\AppData\Roaming\solartweaks\settings.json.2341907587

Filesize
1KB

MD5
5b9fe80564ee533438b2aaefe8495c35

SHA1
97cc1ac830eeb88edbac54d330a686fb5d026eab

SHA256
33bf00eb61b3e3e0b632c86b62782f1f1504317741a9228150ef264ec49a0aea

SHA512
5ea906471879eea94ea2ab9b038f7530dcc1ddedbf2d1f4e333aa0437f556638c53ec873eff17b364fceb33420e5ff4c5fa73f9b3a4e1d9b07ba7cca337ec7d2

Download Submit
\Program Files\Solar Tweaks\d3dcompiler_47.dll

Filesize
4.3MB

MD5
7641e39b7da4077084d2afe7c31032e0

SHA1
2256644f69435ff2fee76deb04d918083960d1eb

SHA256
44422e6936dc72b7ac5ed16bb8bcae164b7554513e52efb66a3e942cec328a47

SHA512
8010e1cb17fa18bbf72d8344e1d63ded7cef7be6e7c13434fa6d8e22ce1d58a4d426959bdcb031502d4b145e29cb111af929fcbc66001111fbc6d7a19e8800a5

Download Submit
\Program Files\Solar Tweaks\ffmpeg.dll

Filesize
2.6MB

MD5
7c3c780de9ae5cc4abeccbd7cb6b367b

SHA1
bda27b3c0b1ec023e2a0a97099a84b10e04cb135

SHA256
39293258d5a2418841edb5ccf9ab3ad23064fb95e1ddfa7a3c6295a24c272a08

SHA512
80a79f827c3154461158ec6f466db0c2ecd9ce9ffd7728001644d4cf382721d09c0758f98f73d7fa548e4e220ffd2b8842303d67a43e79b9146e8b882853658c

Download Submit
\Program Files\Solar Tweaks\libEGL.dll

Filesize
429KB

MD5
b3017453d487a7d33445c1d2d9b9bc13

SHA1
7e643ccb8984a4a92dd439eeb4bdaaeb62bd8862

SHA256
23046e7fe2bbf76ee2c5596b6beac723ad465fdbaa44266486102cdb292148a1

SHA512
fd583f4b95aa974d72628bcc548feb22bc86c5ab0fd1536995bd796e28422f56e6799d60e2c3bef9aed9a1080eaf12338a3b29b8c3d40ba5166030a219572baf

Download Submit
\Program Files\Solar Tweaks\libGLESv2.dll

Filesize
7.6MB

MD5
dd8d815769cbf46af41a41931e9b4572

SHA1
f242fcc4cfd5030f3f543c22f141185cd86e7142

SHA256
dd74029716da56a0e4b64bc5cea0c169e1c4b31143ff39213d3c544792e8f2b9

SHA512
69a12f862157746ffc27b637941261a0c5c494175c3e674c7de4d0c4452a5b9358735944e8e0568b7279a7791cf178c9b1afd5ea4a781e93f28cd775a0a6096f

Download Submit
\Program Files\Solar Tweaks\swiftshader\libEGL.dll

Filesize
448KB

MD5
038a73114d439bfc94be4732b2794998

SHA1
4b7a9d52da1bd808af979cf5cfb146404494317a

SHA256
b1054e0dc2ab31a7cf3cd7f3dae07b1ec31acd42c157be13ce47ea870840f0cc

SHA512
8788e43de424e1d7a163d0b7f4d719c36bf8fdee9808d405aeb05993c446d4f2a595741cb4d98f5e9611cd16d09de9445bf72176a799f4189168bb8509b115ff

Download Submit
\Program Files\Solar Tweaks\swiftshader\libGLESv2.dll

Filesize
3.1MB

MD5
38ec86347b3e467c5868e35ab48f89f2

SHA1
4db17d065cc330b277a70f9fb8dff0c4b426f314

SHA256
2e10d308d0207835b07df3bb38bee88300aa57fcb214051e8654d29587257744

SHA512
2b2405ed51ea1d232f2d60072e4f57e70f36f1a8f9d0a935772bfb9a3be50c1d6136cee496fde9fb3dda1f0d2f1c643cb9f162e0b68828ff854645eb1e8216f4

Download Submit
\Users\Admin\AppData\Local\Temp\nst199A.tmp\SpiderBanner.dll

Filesize
9KB

MD5
17309e33b596ba3a5693b4d3e85cf8d7

SHA1
7d361836cf53df42021c7f2b148aec9458818c01

SHA256
996a259e53ca18b89ec36d038c40148957c978c0fd600a268497d4c92f882a93

SHA512
1abac3ce4f2d5e4a635162e16cf9125e059ba1539f70086c2d71cd00d41a6e2a54d468e6f37792e55a822d7082fb388b8dfecc79b59226bbb047b7d28d44d298

Download Submit
\Users\Admin\AppData\Local\Temp\nst199A.tmp\StdUtils.dll

Filesize
100KB

MD5
c6a6e03f77c313b267498515488c5740

SHA1
3d49fc2784b9450962ed6b82b46e9c3c957d7c15

SHA256
b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e

SHA512
9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803

Download Submit
\Users\Admin\AppData\Local\Temp\nst199A.tmp\System.dll

Filesize
12KB

MD5
0d7ad4f45dc6f5aa87f606d0331c6901

SHA1
48df0911f0484cbe2a8cdd5362140b63c41ee457

SHA256
3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca

SHA512
c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9

Download Submit
\Users\Admin\AppData\Local\Temp\nst199A.tmp\WinShell.dll

Filesize
3KB

MD5
1cc7c37b7e0c8cd8bf04b6cc283e1e56

SHA1
0b9519763be6625bd5abce175dcc59c96d100d4c

SHA256
9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6

SHA512
7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f

Download Submit
\Users\Admin\AppData\Local\Temp\nst199A.tmp\nsProcess.dll

Filesize
4KB

MD5
f0438a894f3a7e01a4aae8d1b5dd0289

SHA1
b058e3fcfb7b550041da16bf10d8837024c38bf6

SHA256
30c6c3dd3cc7fcea6e6081ce821adc7b2888542dae30bf00e881c0a105eb4d11

SHA512
f91fcea19cbddf8086affcb63fe599dc2b36351fc81ac144f58a80a524043ddeaa3943f36c86ebae45dd82e8faf622ea7b7c9b776e74c54b93df2963cfe66cc7

Download Submit
\Users\Admin\AppData\Local\Temp\nst199A.tmp\nsis7z.dll

Filesize
424KB

MD5
80e44ce4895304c6a3a831310fbf8cd0

SHA1
36bd49ae21c460be5753a904b4501f1abca53508

SHA256
b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592

SHA512
c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df

Download Submit
memory/612-1773-0x000000000AE90000-0x000000000AEA0000-memory.dmp

Filesize
64KB

Download
memory/2232-259-0x00000000775C0000-0x00000000775C1000-memory.dmp

Filesize
4KB

Download
memory/2232-226-0x0000000000060000-0x0000000000061000-memory.dmp

Filesize
4KB

Download
memory/2476-1587-0x00000000775C0000-0x00000000775C1000-memory.dmp

Filesize
4KB

Download
memory/2484-1159-0x00000000775C0000-0x00000000775C1000-memory.dmp

Filesize
4KB

Download
memory/2664-1903-0x00000000775C0000-0x00000000775C1000-memory.dmp

Filesize
4KB

Download
memory/2872-208-0x0000000002E00000-0x0000000002E02000-memory.dmp

Filesize
8KB

Download