File name: | Win 10 Tweaker 15.2 Pro-RSLOAD.NET-.zip |
Full analysis: | https://app.any.run/tasks/a7070f3c-049e-4091-815c-f9f4ff026cfb |
Verdict: | Malicious activity |
Analysis date: | November 16, 2019, 22:14:26 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | application/zip |
File info: | Zip archive data, at least v2.0 to extract |
MD5: | F03B189A54332A0A3FF9C3D06FF73D42 |
SHA1: | E220ADC35F1991266665C7ECB83455698236A024 |
SHA256: | 19CA365A1DB3A7DADB58D705841E45401FB1C92BE99958ABD394B258891716FE |
SSDEEP: | 49152:4IoifIqVMtnLGL5BK5NA39o+4Vdx/yFmi597c2Hi27lsFVUDzNx0aaBA5FEXgmy:JoifPVM8BkONoryFmi5eEmFVUP70akfc |
.zip | | | ZIP compressed archive (100) |
---|
ZipRequiredVersion: | 20 |
---|---|
ZipBitFlag: | - |
ZipCompression: | Deflated |
ZipModifyDate: | 2019:05:28 15:26:11 |
ZipCRC: | 0xb44ac292 |
ZipCompressedSize: | 274705 |
ZipUncompressedSize: | 302592 |
ZipFileName: | Repair Win 10 Tweaker v5.0.exe |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
1484 | "C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\Win 10 Tweaker 15.2 Pro-RSLOAD.NET-.zip" | C:\Program Files\WinRAR\WinRAR.exe | explorer.exe | |
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Exit code: 0 Version: 5.60.0 | ||||
460 | "C:\Users\admin\Desktop\Repair Win 10 Tweaker v5.0.exe" | C:\Users\admin\Desktop\Repair Win 10 Tweaker v5.0.exe | — | explorer.exe |
User: admin Company: JailbaitVideo Integrity Level: MEDIUM Description: Repair Win 10 Tweaker Exit code: 3221226540 Version: 5.00 | ||||
2564 | "C:\Users\admin\Desktop\Repair Win 10 Tweaker v5.0.exe" | C:\Users\admin\Desktop\Repair Win 10 Tweaker v5.0.exe | explorer.exe | |
User: admin Company: JailbaitVideo Integrity Level: HIGH Description: Repair Win 10 Tweaker Exit code: 3221225547 Version: 5.00 | ||||
3476 | "C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe2_ Global\UsGthrCtrlFltPipeMssGthrPipe2 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon" | C:\Windows\System32\SearchProtocolHost.exe | — | SearchIndexer.exe |
User: SYSTEM Company: Microsoft Corporation Integrity Level: SYSTEM Description: Microsoft Windows Search Protocol Host Version: 7.00.7600.16385 (win7_rtm.090713-1255) | ||||
2588 | "C:\Windows\system32\NOTEPAD.EXE" C:\Users\admin\Desktop\Читать.txt | C:\Windows\system32\NOTEPAD.EXE | — | explorer.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Notepad Exit code: 0 Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
392 | regini C:\Users\admin\AppData\Local\Temp\res.txt | C:\Windows\system32\regini.exe | — | Repair Win 10 Tweaker v5.0.exe |
User: admin Company: Microsoft Corporation Integrity Level: HIGH Description: Registry Initializer Exit code: 0 Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
2196 | "C:\Users\admin\Desktop\Win 10 Tweaker\Win 10 Tweaker 15.2.exe" | C:\Users\admin\Desktop\Win 10 Tweaker\Win 10 Tweaker 15.2.exe | — | explorer.exe |
User: admin Company: JailbreakVideo Integrity Level: MEDIUM Description: Win 10 Tweaker Exit code: 3221226540 Version: 15.2 | ||||
3880 | "C:\Users\admin\Desktop\Win 10 Tweaker\Win 10 Tweaker 15.2.exe" | C:\Users\admin\Desktop\Win 10 Tweaker\Win 10 Tweaker 15.2.exe | explorer.exe | |
User: admin Company: JailbreakVideo Integrity Level: HIGH Description: Win 10 Tweaker Exit code: 1 Version: 15.2 | ||||
3956 | "C:\Windows\System32\cmd.exe" /c taskkill /f /pid "3880" | C:\Windows\System32\cmd.exe | — | Win 10 Tweaker 15.2.exe |
User: admin Company: Microsoft Corporation Integrity Level: HIGH Description: Windows Command Processor Exit code: 0 Version: 6.1.7601.17514 (win7sp1_rtm.101119-1850) | ||||
996 | taskkill /f /pid "3880" | C:\Windows\system32\taskkill.exe | — | cmd.exe |
User: admin Company: Microsoft Corporation Integrity Level: HIGH Description: Terminates Processes Exit code: 0 Version: 6.1.7600.16385 (win7_rtm.090713-1255) |
PID | Process | Filename | Type | |
---|---|---|---|---|
1484 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa1484.49553\W10T.KeyGen.DBF.exe | — | |
MD5:— | SHA256:— | |||
1484 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa1484.49553\Win 10 Tweaker\Win 10 Tweaker 12.4.exe | — | |
MD5:— | SHA256:— | |||
1484 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa1484.49553\Win 10 Tweaker\Win 10 Tweaker 13.0.exe | — | |
MD5:— | SHA256:— | |||
1484 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa1484.49553\Win 10 Tweaker\Win 10 Tweaker 14.3.exe | — | |
MD5:— | SHA256:— | |||
1484 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa1484.49553\Win 10 Tweaker\Win 10 Tweaker 15.2.exe | — | |
MD5:— | SHA256:— | |||
1484 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa1484.49553\Читать.txt | — | |
MD5:— | SHA256:— | |||
2564 | Repair Win 10 Tweaker v5.0.exe | C:\Users\admin\AppData\Local\Temp\song.xm | — | |
MD5:— | SHA256:— | |||
2304 | powershell.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\MHK88U5Q7LMK9CLK4ZIF.temp | — | |
MD5:— | SHA256:— | |||
2304 | powershell.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d93f411851d7c929.customDestinations-ms | binary | |
MD5:35375F3D71AE42AA9777154D256B33BF | SHA256:BCFF55E0934722E7952EA75D73AE7CE376E4ADBC73DE5E71D629975E9EAC87EF | |||
1484 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa1484.49553\Repair Win 10 Tweaker v5.0.exe | executable | |
MD5:F5B4BB7A1B0B04954D354D19554F88FE | SHA256:F4AACB0E7C7528CADF7B1ADB57811546B4833055F6407217574096F010672EED |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
3880 | Win 10 Tweaker 15.2.exe | 87.236.16.98:443 | win10tweaker.com | Beget Ltd | RU | suspicious |
Domain | IP | Reputation |
---|---|---|
win10tweaker.com |
| suspicious |