File name:

WinaeroTweaker-1.63.0.0-setup.exe

Full analysis: https://app.any.run/tasks/3a33676d-148b-4210-a7f8-1e04db95f857
Verdict: Malicious activity
Threats:

Adware is a form of malware that targets users with unwanted advertisements, often disrupting their browsing experience. It typically infiltrates systems through software bundling, malicious websites, or deceptive downloads. Once installed, it may track user activity, collect sensitive data, and display intrusive ads, including pop-ups or banners. Some advanced adware variants can bypass security measures and establish persistence on devices, making removal challenging. Additionally, adware can create vulnerabilities that other malware can exploit, posing a significant risk to user privacy and system security.

Malware Trends Tracker     >>>
Analysis date: April 16, 2025, 18:39:25
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
auto
adware
delphi
inno
installer
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386, for MS Windows, 10 sections
MD5:

DF244A4909AB521E04DF2306C026FC27

SHA1:

2282C628E8191CED198C2AA21A623A2EDA6E0431

SHA256:

FABD429204DB75E2FF9FE7FAE5DC981B8C392BE42A936273C99DCC41EEB0730D

SSDEEP:

98304:t+cD4dnR4bTLjJUvhOT5WCa6lgyG/n2H3AtVGql8DHtzbCg047TcSqDw8izqe6Ao:l9+xWmnR1Xx

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • ADWARE has been found (auto)

      • WinaeroTweaker-1.63.0.0-setup.exe (PID: 4448)

    • UAC/LUA settings modification

      • WinaeroTweaker.exe (PID: 7576)

  • SUSPICIOUS

    • Reads security settings of Internet Explorer

      • WinaeroTweaker-1.63.0.0-setup.tmp (PID: 4920)
      • WinaeroTweaker-1.63.0.0-setup.tmp (PID: 7268)
      • WinaeroTweaker-1.63.0.0-setup.tmp (PID: 8076)
      • WinaeroTweaker-1.63.0.0-setup.tmp (PID: 8172)
      • WinaeroTweaker.exe (PID: 5204)
      • WinaeroTweaker.exe (PID: 7576)
      • ShellExperienceHost.exe (PID: 7868)

    • Executable content was dropped or overwritten

      • WinaeroTweaker-1.63.0.0-setup.exe (PID: 4448)
      • WinaeroTweaker-1.63.0.0-setup.exe (PID: 7240)
      • WinaeroTweaker-1.63.0.0-setup.tmp (PID: 7268)
      • WinaeroTweaker-1.63.0.0-setup.exe (PID: 8056)
      • WinaeroTweaker-1.63.0.0-setup.exe (PID: 8148)
      • WinaeroTweaker-1.63.0.0-setup.tmp (PID: 8172)

    • Reads the Windows owner or organization settings

      • WinaeroTweaker-1.63.0.0-setup.tmp (PID: 7268)
      • WinaeroTweaker-1.63.0.0-setup.tmp (PID: 8172)

    • Starts CMD.EXE for commands execution

      • WinaeroTweaker-1.63.0.0-setup.tmp (PID: 7268)
      • WinaeroTweaker-1.63.0.0-setup.tmp (PID: 8172)
      • WinaeroTweaker.exe (PID: 7576)

    • Uses TASKKILL.EXE to kill process

      • cmd.exe (PID: 7420)
      • cmd.exe (PID: 7460)
      • cmd.exe (PID: 7152)
      • cmd.exe (PID: 1280)

    • Application launched itself

      • WinaeroTweaker.exe (PID: 5204)

    • Reads the date of Windows installation

      • WinaeroTweaker.exe (PID: 5204)
      • WinaeroTweaker.exe (PID: 7576)

    • Starts SC.EXE for service management

      • cmd.exe (PID: 7452)
      • cmd.exe (PID: 7500)
      • cmd.exe (PID: 2772)
      • cmd.exe (PID: 5260)
      • cmd.exe (PID: 4464)
      • cmd.exe (PID: 6676)

    • Windows service management via SC.EXE

      • sc.exe (PID: 6972)
      • sc.exe (PID: 7724)
      • sc.exe (PID: 4112)

    • Reads Internet Explorer settings

      • WinaeroTweaker.exe (PID: 7576)

    • Stops a currently running service

      • sc.exe (PID: 7736)
      • sc.exe (PID: 5776)
      • sc.exe (PID: 1764)

  • INFO

    • Checks supported languages

      • WinaeroTweaker-1.63.0.0-setup.exe (PID: 4448)
      • WinaeroTweaker-1.63.0.0-setup.tmp (PID: 4920)
      • WinaeroTweaker-1.63.0.0-setup.exe (PID: 7240)
      • WinaeroTweaker-1.63.0.0-setup.tmp (PID: 7268)
      • WinaeroTweaker-1.63.0.0-setup.exe (PID: 8056)
      • WinaeroTweaker-1.63.0.0-setup.tmp (PID: 8076)
      • WinaeroTweaker-1.63.0.0-setup.exe (PID: 8148)
      • WinaeroTweaker-1.63.0.0-setup.tmp (PID: 8172)
      • WinaeroTweaker.exe (PID: 5204)
      • WinaeroTweaker.exe (PID: 7576)
      • WinaeroTweakerHelper.exe (PID: 7684)
      • ShellExperienceHost.exe (PID: 7868)

    • Create files in a temporary directory

      • WinaeroTweaker-1.63.0.0-setup.exe (PID: 4448)
      • WinaeroTweaker-1.63.0.0-setup.exe (PID: 7240)
      • WinaeroTweaker-1.63.0.0-setup.tmp (PID: 7268)
      • WinaeroTweaker-1.63.0.0-setup.exe (PID: 8148)
      • WinaeroTweaker-1.63.0.0-setup.exe (PID: 8056)
      • WinaeroTweaker-1.63.0.0-setup.tmp (PID: 8172)

    • Reads the computer name

      • WinaeroTweaker-1.63.0.0-setup.tmp (PID: 4920)
      • WinaeroTweaker-1.63.0.0-setup.tmp (PID: 7268)
      • WinaeroTweaker-1.63.0.0-setup.tmp (PID: 8076)
      • WinaeroTweaker-1.63.0.0-setup.tmp (PID: 8172)
      • WinaeroTweaker.exe (PID: 5204)
      • WinaeroTweaker.exe (PID: 7576)
      • ShellExperienceHost.exe (PID: 7868)

    • Process checks computer location settings

      • WinaeroTweaker-1.63.0.0-setup.tmp (PID: 4920)
      • WinaeroTweaker-1.63.0.0-setup.tmp (PID: 7268)
      • WinaeroTweaker-1.63.0.0-setup.tmp (PID: 8076)
      • WinaeroTweaker-1.63.0.0-setup.tmp (PID: 8172)
      • WinaeroTweaker.exe (PID: 5204)
      • WinaeroTweaker.exe (PID: 7576)

    • Detects InnoSetup installer (YARA)

      • WinaeroTweaker-1.63.0.0-setup.exe (PID: 4448)
      • WinaeroTweaker-1.63.0.0-setup.tmp (PID: 4920)

    • Compiled with Borland Delphi (YARA)

      • WinaeroTweaker-1.63.0.0-setup.exe (PID: 4448)
      • WinaeroTweaker-1.63.0.0-setup.tmp (PID: 4920)

    • The sample compiled with english language support

      • WinaeroTweaker-1.63.0.0-setup.tmp (PID: 7268)

    • Manual execution by a user

      • WinaeroTweaker-1.63.0.0-setup.exe (PID: 8056)
      • WinaeroTweaker.exe (PID: 5204)

    • Reads the machine GUID from the registry

      • WinaeroTweaker.exe (PID: 5204)
      • WinaeroTweaker.exe (PID: 7576)

    • Checks proxy server information

      • WinaeroTweaker.exe (PID: 7576)

    • Disables trace logs

      • WinaeroTweaker.exe (PID: 7576)

    • Reads the software policy settings

      • WinaeroTweaker.exe (PID: 7576)

    • Reads CPU info

      • WinaeroTweaker.exe (PID: 7576)

    • Reads Environment values

      • WinaeroTweaker.exe (PID: 7576)

    • Process checks whether UAC notifications are on

      • WinaeroTweaker.exe (PID: 7576)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Inno Setup installer (67.7)
.exe | Win32 EXE PECompact compressed (generic) (25.6)
.exe | Win32 Executable (generic) (2.7)
.exe | Win16/32 Executable Delphi generic (1.2)
.exe | Generic Win/DOS Executable (1.2)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2022:04:14 16:10:23+00:00
ImageFileCharacteristics: No relocs, Executable, No line numbers, No symbols, Bytes reversed lo, 32-bit, Bytes reversed hi
PEType: PE32
LinkerVersion: 2.25
CodeSize: 741888
InitializedDataSize: 89088
UninitializedDataSize: -
EntryPoint: 0xb5eec
OSVersion: 6.1
ImageVersion: 6
SubsystemVersion: 6.1
Subsystem: Windows GUI
FileVersionNumber: 1.63.0.0
ProductVersionNumber: 1.63.0.0
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: Neutral
CharacterSet: Unicode
Comments: This installation was built with Inno Setup.
CompanyName: Winaero
FileDescription: Winaero Tweaker
FileVersion: 1.63.0.0
LegalCopyright: Winaero
OriginalFileName:
ProductName: Winaero Tweaker
ProductVersion: 1.63.0.0
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
174
Monitored processes
45
Malicious processes
5
Suspicious processes
2

Behavior graph

Click at the process to see the details
start winaerotweaker-1.63.0.0-setup.exe winaerotweaker-1.63.0.0-setup.tmp no specs winaerotweaker-1.63.0.0-setup.exe winaerotweaker-1.63.0.0-setup.tmp sppextcomobj.exe no specs slui.exe no specs cmd.exe no specs conhost.exe no specs cmd.exe no specs conhost.exe no specs taskkill.exe no specs taskkill.exe no specs winaerotweaker-1.63.0.0-setup.exe winaerotweaker-1.63.0.0-setup.tmp no specs winaerotweaker-1.63.0.0-setup.exe winaerotweaker-1.63.0.0-setup.tmp cmd.exe no specs conhost.exe no specs cmd.exe no specs conhost.exe no specs taskkill.exe no specs taskkill.exe no specs rundll32.exe no specs winaerotweaker.exe no specs winaerotweaker.exe winaerotweakerhelper.exe no specs cmd.exe no specs conhost.exe no specs cmd.exe no specs conhost.exe no specs cmd.exe no specs conhost.exe no specs cmd.exe no specs conhost.exe no specs cmd.exe no specs conhost.exe no specs cmd.exe no specs conhost.exe no specs sc.exe no specs sc.exe no specs sc.exe no specs sc.exe no specs sc.exe no specs sc.exe no specs shellexperiencehost.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
632\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
856\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1280"C:\Windows\System32\cmd.exe" /c taskkill /im winaerotweakerhelper.exe /fC:\Windows\SysWOW64\cmd.exeWinaeroTweaker-1.63.0.0-setup.tmp
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows Command Processor
Exit code:
128
Version:
10.0.19041.3636 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\msvcrt.dll
1764sc.exe stop dmwappushserviceC:\Windows\System32\sc.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Service Control Manager Configuration Tool
Exit code:
1062
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\sc.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\sechost.dll
c:\windows\system32\bcrypt.dll
2140\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2240\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2772"C:\Windows\System32\cmd.exe" /c sc.exe config dmwappushservice start= disabledC:\Windows\System32\cmd.exeWinaeroTweaker.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows Command Processor
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\sechost.dll
3272C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -EmbeddingC:\Windows\System32\rundll32.exesvchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows host process (Rundll32)
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\rundll32.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shcore.dll
c:\windows\system32\imagehlp.dll
4112sc.exe config diagnosticshub.standardcollector.service start= disabledC:\Windows\System32\sc.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Service Control Manager Configuration Tool
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\sc.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\sechost.dll
c:\windows\system32\bcrypt.dll
4448"C:\Users\admin\Desktop\WinaeroTweaker-1.63.0.0-setup.exe" C:\Users\admin\Desktop\WinaeroTweaker-1.63.0.0-setup.exe
explorer.exe
User:
admin
Company:
Winaero
Integrity Level:
MEDIUM
Description:
Winaero Tweaker
Exit code:
0
Version:
1.63.0.0
Modules
Images
c:\users\admin\desktop\winaerotweaker-1.63.0.0-setup.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\user32.dll
Total events
7 823
Read events
7 798
Write events
25
Delete events
0

Modification events

(PID) Process:(7268) WinaeroTweaker-1.63.0.0-setup.tmpKey:HKEY_CURRENT_USER\SOFTWARE\Winaero.com\Winaero Tweaker
Operation:writeName:SetupDir
Value:
C:\WinaeroTweaker
(PID) Process:(5204) WinaeroTweaker.exeKey:HKEY_CURRENT_USER\SOFTWARE\Winaero.com\Winaero Tweaker
Operation:writeName:FreewareEULAAccepted
Value:
4002966257
(PID) Process:(7576) WinaeroTweaker.exeKey:HKEY_CURRENT_USER\SOFTWARE\Winaero.com\Winaero Tweaker
Operation:writeName:Next
Value:
638808768000000000
(PID) Process:(7576) WinaeroTweaker.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\WinaeroTweaker_RASAPI32
Operation:writeName:EnableFileTracing
Value:
0
(PID) Process:(7576) WinaeroTweaker.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\WinaeroTweaker_RASAPI32
Operation:writeName:EnableAutoFileTracing
Value:
0
(PID) Process:(7576) WinaeroTweaker.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\WinaeroTweaker_RASAPI32
Operation:writeName:EnableConsoleTracing
Value:
0
(PID) Process:(7576) WinaeroTweaker.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\WinaeroTweaker_RASAPI32
Operation:writeName:FileTracingMask
Value:
(PID) Process:(7576) WinaeroTweaker.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\WinaeroTweaker_RASAPI32
Operation:writeName:ConsoleTracingMask
Value:
(PID) Process:(7576) WinaeroTweaker.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\WinaeroTweaker_RASAPI32
Operation:writeName:MaxFileSize
Value:
1048576
(PID) Process:(7576) WinaeroTweaker.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\WinaeroTweaker_RASAPI32
Operation:writeName:FileDirectory
Value:
%windir%\tracing
Executable files
22
Suspicious files
2
Text files
6
Unknown types
0

Dropped files

PID
Process
Filename
Type
4448WinaeroTweaker-1.63.0.0-setup.exeC:\Users\admin\AppData\Local\Temp\is-7N9M4.tmp\WinaeroTweaker-1.63.0.0-setup.tmpexecutable
MD5:1F8BC6B583179090E759FAA5B1C97430
SHA256:E960ECEC070425603934A878E09329EDC9A44F2112BFB90E84B162A654074A67
7240WinaeroTweaker-1.63.0.0-setup.exeC:\Users\admin\AppData\Local\Temp\is-U068I.tmp\WinaeroTweaker-1.63.0.0-setup.tmpexecutable
MD5:1F8BC6B583179090E759FAA5B1C97430
SHA256:E960ECEC070425603934A878E09329EDC9A44F2112BFB90E84B162A654074A67
7268WinaeroTweaker-1.63.0.0-setup.tmpC:\WinaeroTweaker\is-TJ566.tmpexecutable
MD5:08DFF3B716F7382929F613439CF9E835
SHA256:59F92064FF838DFBB8A52392B3BC427AE54DAF9E1F6325E880CB1010456A5EE5
7268WinaeroTweaker-1.63.0.0-setup.tmpC:\Users\admin\AppData\Local\Temp\is-SDK9R.tmp\_isetup\_iscrypt.dllexecutable
MD5:A69559718AB506675E907FE49DEB71E9
SHA256:2F6294F9AA09F59A574B5DCD33BE54E16B39377984F3D5658CDA44950FA0F8FC
7268WinaeroTweaker-1.63.0.0-setup.tmpC:\WinaeroTweaker\WinaeroTweaker.exeexecutable
MD5:99C3342A209D92E537879699108F8288
SHA256:BD2EB1ADE28A7A3023B8E96EA1D44C82C7DF50FCBAC460C63C05AB11D7849BB4
7268WinaeroTweaker-1.63.0.0-setup.tmpC:\WinaeroTweaker\is-6VSG3.tmpexecutable
MD5:99C3342A209D92E537879699108F8288
SHA256:BD2EB1ADE28A7A3023B8E96EA1D44C82C7DF50FCBAC460C63C05AB11D7849BB4
7268WinaeroTweaker-1.63.0.0-setup.tmpC:\WinaeroTweaker\is-BGDPH.tmptext
MD5:C11892A5C17F87CBE8FF04C941DDF219
SHA256:315148CF0B3BC8A60E8BB826A5CFC9A83E5B9829CC094FAAE525E727EB0B74F4
7268WinaeroTweaker-1.63.0.0-setup.tmpC:\WinaeroTweaker\is-NB13R.tmpexecutable
MD5:8E0AEC38406AFACFF9487529ADD32C74
SHA256:C789872A6141E19F9CB71ABB8260C8303A2AC48DFD86F36912A4649800A78D39
7268WinaeroTweaker-1.63.0.0-setup.tmpC:\WinaeroTweaker\WinaeroTweaker_x86_64.dllexecutable
MD5:70EEB04906D68A88C75F81D14F0EBF0A
SHA256:D882AEDEEAB31C830FDF10201BF708B3FF9717C24CE6DBA317D142B7833E370A
7268WinaeroTweaker-1.63.0.0-setup.tmpC:\WinaeroTweaker\WinaeroTweakerHelper.exeexecutable
MD5:8E0AEC38406AFACFF9487529ADD32C74
SHA256:C789872A6141E19F9CB71ABB8260C8303A2AC48DFD86F36912A4649800A78D39
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
22
DNS requests
3
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
2104
svchost.exe
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4
System
192.168.100.255:138
whitelisted
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
5496
MoUsoCoreWorker.exe
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
2112
svchost.exe
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4
System
192.168.100.255:137
whitelisted
7576
WinaeroTweaker.exe
68.183.112.81:443
winaero.com
DIGITALOCEAN-ASN
US
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 51.104.136.2
whitelisted
google.com
  • 172.217.16.142
whitelisted
winaero.com
  • 68.183.112.81
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
WinaeroTweaker-1.63.0.0-setup.exe