File name: | Win 10 Tweaker 15.2 Pro-RSLOAD.NET-.zip |
Full analysis: | https://app.any.run/tasks/f236f365-56ac-4502-b6c9-ae626a90e562 |
Verdict: | Malicious activity |
Analysis date: | November 16, 2019, 22:10:36 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | application/zip |
File info: | Zip archive data, at least v2.0 to extract |
MD5: | 1195F4CA3BB8D573EAE3331A4217BC26 |
SHA1: | BE2B9373DF65A7F642D6CE96560335100A80FDDB |
SHA256: | 3C9BDEBD6EE09BF1FFE395D7D20E33EAA1BE9821166CC419698DB2AE2A0EB2FF |
SSDEEP: | 49152:4IoifIqVMtnLGL5BK5NA39o+4Vdx/yFmi597c2Hi27lsFVUDzNx0aaBA5FEXgml:JoifPVM8BkONoryFmi5eEmFVUP70akfD |
.zip | | | ZIP compressed archive (100) |
---|
ZipRequiredVersion: | 20 |
---|---|
ZipBitFlag: | - |
ZipCompression: | Deflated |
ZipModifyDate: | 2019:05:28 15:26:11 |
ZipCRC: | 0xb44ac292 |
ZipCompressedSize: | 274705 |
ZipUncompressedSize: | 302592 |
ZipFileName: | Repair Win 10 Tweaker v5.0.exe |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
2612 | "C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\Win 10 Tweaker 15.2 Pro-RSLOAD.NET-.zip" | C:\Program Files\WinRAR\WinRAR.exe | — | explorer.exe |
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Exit code: 0 Version: 5.60.0 | ||||
1252 | "C:\Users\admin\Desktop\Repair Win 10 Tweaker v5.0.exe" | C:\Users\admin\Desktop\Repair Win 10 Tweaker v5.0.exe | — | explorer.exe |
User: admin Company: JailbaitVideo Integrity Level: MEDIUM Description: Repair Win 10 Tweaker Exit code: 3221226540 Version: 5.00 | ||||
3148 | "C:\Users\admin\Desktop\Repair Win 10 Tweaker v5.0.exe" | C:\Users\admin\Desktop\Repair Win 10 Tweaker v5.0.exe | explorer.exe | |
User: admin Company: JailbaitVideo Integrity Level: HIGH Description: Repair Win 10 Tweaker Version: 5.00 | ||||
3476 | "C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe2_ Global\UsGthrCtrlFltPipeMssGthrPipe2 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon" | C:\Windows\System32\SearchProtocolHost.exe | — | SearchIndexer.exe |
User: SYSTEM Company: Microsoft Corporation Integrity Level: SYSTEM Description: Microsoft Windows Search Protocol Host Version: 7.00.7600.16385 (win7_rtm.090713-1255) | ||||
2056 | "C:\Users\admin\Desktop\W10T.KeyGen.DBF.exe" | C:\Users\admin\Desktop\W10T.KeyGen.DBF.exe | — | explorer.exe |
User: admin Integrity Level: MEDIUM Description: KeyGen Version: 1.0.0 | ||||
3432 | regini C:\Users\admin\AppData\Local\Temp\res.txt | C:\Windows\system32\regini.exe | — | Repair Win 10 Tweaker v5.0.exe |
User: admin Company: Microsoft Corporation Integrity Level: HIGH Description: Registry Initializer Exit code: 1 Version: 6.1.7600.16385 (win7_rtm.090713-1255) |
PID | Process | Filename | Type | |
---|---|---|---|---|
2612 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa2612.26468\Repair Win 10 Tweaker v5.0.exe | — | |
MD5:— | SHA256:— | |||
2612 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa2612.26468\W10T.KeyGen.DBF.exe | — | |
MD5:— | SHA256:— | |||
2612 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa2612.26468\Win 10 Tweaker\Win 10 Tweaker 12.4.exe | — | |
MD5:— | SHA256:— | |||
2612 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa2612.26468\Win 10 Tweaker\Win 10 Tweaker 13.0.exe | — | |
MD5:— | SHA256:— | |||
2612 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa2612.26468\Win 10 Tweaker\Win 10 Tweaker 14.3.exe | — | |
MD5:— | SHA256:— | |||
2612 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa2612.26468\Win 10 Tweaker\Win 10 Tweaker 15.2.exe | — | |
MD5:— | SHA256:— | |||
3148 | Repair Win 10 Tweaker v5.0.exe | C:\Users\admin\AppData\Local\Temp\song.xm | xm | |
MD5:A4FB80F0EBC417BE1D0B9C94A8821563 | SHA256:014E2C8C4340E4F22CC91C4C6DA7935714483D8E34AD699027FC16878C54483D | |||
3148 | Repair Win 10 Tweaker v5.0.exe | C:\Users\admin\AppData\Local\Temp\res.txt | text | |
MD5:71C5BC9F39B3A4016C9CE77B38988A14 | SHA256:EE2F734A14BEAC355F97110C879FFCFC301A09EBC90BF0D01D97F035CC511F7A | |||
3148 | Repair Win 10 Tweaker v5.0.exe | C:\Users\admin\Desktop\bassmod.dll | executable | |
MD5:E4EC57E8508C5C4040383EBE6D367928 | SHA256:8AD9E47693E292F381DA42DDC13724A3063040E51C26F4CA8E1F8E2F1DDD547F | |||
3148 | Repair Win 10 Tweaker v5.0.exe | C:\Users\admin\Desktop\mykey | text | |
MD5:CB492B7DF9B5C170D7C87527940EFF3B | SHA256:DBA5166AD9DB9BA648C1032EBBD34DCD0D085B50023B839EF5C68CA1DB93A563 |