File name:

WinaeroTweaker-1.63.0.0-setup.exe

Full analysis: https://app.any.run/tasks/3a33676d-148b-4210-a7f8-1e04db95f857
Verdict: Malicious activity
Threats:

Adware is a form of malware that targets users with unwanted advertisements, often disrupting their browsing experience. It typically infiltrates systems through software bundling, malicious websites, or deceptive downloads. Once installed, it may track user activity, collect sensitive data, and display intrusive ads, including pop-ups or banners. Some advanced adware variants can bypass security measures and establish persistence on devices, making removal challenging. Additionally, adware can create vulnerabilities that other malware can exploit, posing a significant risk to user privacy and system security.

Malware Trends Tracker     >>>
Analysis date: April 16, 2025, 18:39:25
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
auto
adware
delphi
inno
installer
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386, for MS Windows, 10 sections
MD5:

DF244A4909AB521E04DF2306C026FC27

SHA1:

2282C628E8191CED198C2AA21A623A2EDA6E0431

SHA256:

FABD429204DB75E2FF9FE7FAE5DC981B8C392BE42A936273C99DCC41EEB0730D

SSDEEP:

98304:t+cD4dnR4bTLjJUvhOT5WCa6lgyG/n2H3AtVGql8DHtzbCg047TcSqDw8izqe6Ao:l9+xWmnR1Xx

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • ADWARE has been found (auto)

      • WinaeroTweaker-1.63.0.0-setup.exe (PID: 4448)

    • UAC/LUA settings modification

      • WinaeroTweaker.exe (PID: 7576)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • WinaeroTweaker-1.63.0.0-setup.exe (PID: 4448)
      • WinaeroTweaker-1.63.0.0-setup.exe (PID: 7240)
      • WinaeroTweaker-1.63.0.0-setup.tmp (PID: 7268)
      • WinaeroTweaker-1.63.0.0-setup.exe (PID: 8148)
      • WinaeroTweaker-1.63.0.0-setup.tmp (PID: 8172)
      • WinaeroTweaker-1.63.0.0-setup.exe (PID: 8056)

    • Reads security settings of Internet Explorer

      • WinaeroTweaker-1.63.0.0-setup.tmp (PID: 4920)
      • WinaeroTweaker-1.63.0.0-setup.tmp (PID: 7268)
      • WinaeroTweaker-1.63.0.0-setup.tmp (PID: 8076)
      • WinaeroTweaker.exe (PID: 5204)
      • WinaeroTweaker.exe (PID: 7576)
      • ShellExperienceHost.exe (PID: 7868)
      • WinaeroTweaker-1.63.0.0-setup.tmp (PID: 8172)

    • Uses TASKKILL.EXE to kill process

      • cmd.exe (PID: 7420)
      • cmd.exe (PID: 1280)
      • cmd.exe (PID: 7460)
      • cmd.exe (PID: 7152)

    • Starts CMD.EXE for commands execution

      • WinaeroTweaker-1.63.0.0-setup.tmp (PID: 7268)
      • WinaeroTweaker.exe (PID: 7576)
      • WinaeroTweaker-1.63.0.0-setup.tmp (PID: 8172)

    • Reads the Windows owner or organization settings

      • WinaeroTweaker-1.63.0.0-setup.tmp (PID: 7268)
      • WinaeroTweaker-1.63.0.0-setup.tmp (PID: 8172)

    • Windows service management via SC.EXE

      • sc.exe (PID: 7724)
      • sc.exe (PID: 6972)
      • sc.exe (PID: 4112)

    • Starts SC.EXE for service management

      • cmd.exe (PID: 7452)
      • cmd.exe (PID: 2772)
      • cmd.exe (PID: 6676)
      • cmd.exe (PID: 5260)
      • cmd.exe (PID: 7500)
      • cmd.exe (PID: 4464)

    • Stops a currently running service

      • sc.exe (PID: 7736)
      • sc.exe (PID: 1764)
      • sc.exe (PID: 5776)

    • Application launched itself

      • WinaeroTweaker.exe (PID: 5204)

    • Reads the date of Windows installation

      • WinaeroTweaker.exe (PID: 7576)
      • WinaeroTweaker.exe (PID: 5204)

    • Reads Internet Explorer settings

      • WinaeroTweaker.exe (PID: 7576)

  • INFO

    • Create files in a temporary directory

      • WinaeroTweaker-1.63.0.0-setup.exe (PID: 4448)
      • WinaeroTweaker-1.63.0.0-setup.exe (PID: 7240)
      • WinaeroTweaker-1.63.0.0-setup.tmp (PID: 7268)
      • WinaeroTweaker-1.63.0.0-setup.exe (PID: 8056)
      • WinaeroTweaker-1.63.0.0-setup.tmp (PID: 8172)
      • WinaeroTweaker-1.63.0.0-setup.exe (PID: 8148)

    • Checks supported languages

      • WinaeroTweaker-1.63.0.0-setup.exe (PID: 4448)
      • WinaeroTweaker-1.63.0.0-setup.exe (PID: 7240)
      • WinaeroTweaker-1.63.0.0-setup.tmp (PID: 4920)
      • WinaeroTweaker-1.63.0.0-setup.tmp (PID: 7268)
      • WinaeroTweaker-1.63.0.0-setup.exe (PID: 8148)
      • WinaeroTweaker-1.63.0.0-setup.exe (PID: 8056)
      • WinaeroTweaker-1.63.0.0-setup.tmp (PID: 8076)
      • WinaeroTweaker.exe (PID: 7576)
      • WinaeroTweakerHelper.exe (PID: 7684)
      • WinaeroTweaker.exe (PID: 5204)
      • ShellExperienceHost.exe (PID: 7868)
      • WinaeroTweaker-1.63.0.0-setup.tmp (PID: 8172)

    • Process checks computer location settings

      • WinaeroTweaker-1.63.0.0-setup.tmp (PID: 4920)
      • WinaeroTweaker-1.63.0.0-setup.tmp (PID: 7268)
      • WinaeroTweaker-1.63.0.0-setup.tmp (PID: 8076)
      • WinaeroTweaker.exe (PID: 5204)
      • WinaeroTweaker.exe (PID: 7576)
      • WinaeroTweaker-1.63.0.0-setup.tmp (PID: 8172)

    • Reads the computer name

      • WinaeroTweaker-1.63.0.0-setup.tmp (PID: 4920)
      • WinaeroTweaker-1.63.0.0-setup.tmp (PID: 7268)
      • WinaeroTweaker-1.63.0.0-setup.tmp (PID: 8172)
      • WinaeroTweaker-1.63.0.0-setup.tmp (PID: 8076)
      • WinaeroTweaker.exe (PID: 5204)
      • WinaeroTweaker.exe (PID: 7576)
      • ShellExperienceHost.exe (PID: 7868)

    • Compiled with Borland Delphi (YARA)

      • WinaeroTweaker-1.63.0.0-setup.exe (PID: 4448)
      • WinaeroTweaker-1.63.0.0-setup.tmp (PID: 4920)

    • Detects InnoSetup installer (YARA)

      • WinaeroTweaker-1.63.0.0-setup.tmp (PID: 4920)
      • WinaeroTweaker-1.63.0.0-setup.exe (PID: 4448)

    • Manual execution by a user

      • WinaeroTweaker-1.63.0.0-setup.exe (PID: 8056)
      • WinaeroTweaker.exe (PID: 5204)

    • The sample compiled with english language support

      • WinaeroTweaker-1.63.0.0-setup.tmp (PID: 7268)

    • Reads the machine GUID from the registry

      • WinaeroTweaker.exe (PID: 7576)
      • WinaeroTweaker.exe (PID: 5204)

    • Reads the software policy settings

      • WinaeroTweaker.exe (PID: 7576)

    • Reads CPU info

      • WinaeroTweaker.exe (PID: 7576)

    • Reads Environment values

      • WinaeroTweaker.exe (PID: 7576)

    • Process checks whether UAC notifications are on

      • WinaeroTweaker.exe (PID: 7576)

    • Checks proxy server information

      • WinaeroTweaker.exe (PID: 7576)

    • Disables trace logs

      • WinaeroTweaker.exe (PID: 7576)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Inno Setup installer (67.7)
.exe | Win32 EXE PECompact compressed (generic) (25.6)
.exe | Win32 Executable (generic) (2.7)
.exe | Win16/32 Executable Delphi generic (1.2)
.exe | Generic Win/DOS Executable (1.2)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2022:04:14 16:10:23+00:00
ImageFileCharacteristics: No relocs, Executable, No line numbers, No symbols, Bytes reversed lo, 32-bit, Bytes reversed hi
PEType: PE32
LinkerVersion: 2.25
CodeSize: 741888
InitializedDataSize: 89088
UninitializedDataSize: -
EntryPoint: 0xb5eec
OSVersion: 6.1
ImageVersion: 6
SubsystemVersion: 6.1
Subsystem: Windows GUI
FileVersionNumber: 1.63.0.0
ProductVersionNumber: 1.63.0.0
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: Neutral
CharacterSet: Unicode
Comments: This installation was built with Inno Setup.
CompanyName: Winaero
FileDescription: Winaero Tweaker
FileVersion: 1.63.0.0
LegalCopyright: Winaero
OriginalFileName:
ProductName: Winaero Tweaker
ProductVersion: 1.63.0.0
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
174
Monitored processes
45
Malicious processes
5
Suspicious processes
2

Behavior graph

Click at the process to see the details
start winaerotweaker-1.63.0.0-setup.exe winaerotweaker-1.63.0.0-setup.tmp no specs winaerotweaker-1.63.0.0-setup.exe winaerotweaker-1.63.0.0-setup.tmp sppextcomobj.exe no specs slui.exe no specs cmd.exe no specs conhost.exe no specs cmd.exe no specs conhost.exe no specs taskkill.exe no specs taskkill.exe no specs winaerotweaker-1.63.0.0-setup.exe winaerotweaker-1.63.0.0-setup.tmp no specs winaerotweaker-1.63.0.0-setup.exe winaerotweaker-1.63.0.0-setup.tmp cmd.exe no specs conhost.exe no specs cmd.exe no specs conhost.exe no specs taskkill.exe no specs taskkill.exe no specs rundll32.exe no specs winaerotweaker.exe no specs winaerotweaker.exe winaerotweakerhelper.exe no specs cmd.exe no specs conhost.exe no specs cmd.exe no specs conhost.exe no specs cmd.exe no specs conhost.exe no specs cmd.exe no specs conhost.exe no specs cmd.exe no specs conhost.exe no specs cmd.exe no specs conhost.exe no specs sc.exe no specs sc.exe no specs sc.exe no specs sc.exe no specs sc.exe no specs sc.exe no specs shellexperiencehost.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
632\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
856\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1280"C:\Windows\System32\cmd.exe" /c taskkill /im winaerotweakerhelper.exe /fC:\Windows\SysWOW64\cmd.exeWinaeroTweaker-1.63.0.0-setup.tmp
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows Command Processor
Exit code:
128
Version:
10.0.19041.3636 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\msvcrt.dll
1764sc.exe stop dmwappushserviceC:\Windows\System32\sc.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Service Control Manager Configuration Tool
Exit code:
1062
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\sc.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\sechost.dll
c:\windows\system32\bcrypt.dll
2140\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2240\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2772"C:\Windows\System32\cmd.exe" /c sc.exe config dmwappushservice start= disabledC:\Windows\System32\cmd.exeWinaeroTweaker.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows Command Processor
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\sechost.dll
3272C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -EmbeddingC:\Windows\System32\rundll32.exesvchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows host process (Rundll32)
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\rundll32.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shcore.dll
c:\windows\system32\imagehlp.dll
4112sc.exe config diagnosticshub.standardcollector.service start= disabledC:\Windows\System32\sc.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Service Control Manager Configuration Tool
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\sc.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\sechost.dll
c:\windows\system32\bcrypt.dll
4448"C:\Users\admin\Desktop\WinaeroTweaker-1.63.0.0-setup.exe" C:\Users\admin\Desktop\WinaeroTweaker-1.63.0.0-setup.exe
explorer.exe
User:
admin
Company:
Winaero
Integrity Level:
MEDIUM
Description:
Winaero Tweaker
Exit code:
0
Version:
1.63.0.0
Modules
Images
c:\users\admin\desktop\winaerotweaker-1.63.0.0-setup.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\user32.dll
Total events
7 823
Read events
7 798
Write events
25
Delete events
0

Modification events

(PID) Process:(7268) WinaeroTweaker-1.63.0.0-setup.tmpKey:HKEY_CURRENT_USER\SOFTWARE\Winaero.com\Winaero Tweaker
Operation:writeName:SetupDir
Value:
C:\WinaeroTweaker
(PID) Process:(5204) WinaeroTweaker.exeKey:HKEY_CURRENT_USER\SOFTWARE\Winaero.com\Winaero Tweaker
Operation:writeName:FreewareEULAAccepted
Value:
4002966257
(PID) Process:(7576) WinaeroTweaker.exeKey:HKEY_CURRENT_USER\SOFTWARE\Winaero.com\Winaero Tweaker
Operation:writeName:Next
Value:
638808768000000000
(PID) Process:(7576) WinaeroTweaker.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\WinaeroTweaker_RASAPI32
Operation:writeName:EnableFileTracing
Value:
0
(PID) Process:(7576) WinaeroTweaker.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\WinaeroTweaker_RASAPI32
Operation:writeName:EnableAutoFileTracing
Value:
0
(PID) Process:(7576) WinaeroTweaker.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\WinaeroTweaker_RASAPI32
Operation:writeName:EnableConsoleTracing
Value:
0
(PID) Process:(7576) WinaeroTweaker.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\WinaeroTweaker_RASAPI32
Operation:writeName:FileTracingMask
Value:
(PID) Process:(7576) WinaeroTweaker.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\WinaeroTweaker_RASAPI32
Operation:writeName:ConsoleTracingMask
Value:
(PID) Process:(7576) WinaeroTweaker.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\WinaeroTweaker_RASAPI32
Operation:writeName:MaxFileSize
Value:
1048576
(PID) Process:(7576) WinaeroTweaker.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\WinaeroTweaker_RASAPI32
Operation:writeName:FileDirectory
Value:
%windir%\tracing
Executable files
22
Suspicious files
2
Text files
6
Unknown types
0

Dropped files

PID
Process
Filename
Type
7268WinaeroTweaker-1.63.0.0-setup.tmpC:\WinaeroTweaker\is-BGDPH.tmptext
MD5:C11892A5C17F87CBE8FF04C941DDF219
SHA256:315148CF0B3BC8A60E8BB826A5CFC9A83E5B9829CC094FAAE525E727EB0B74F4
7268WinaeroTweaker-1.63.0.0-setup.tmpC:\WinaeroTweaker\WinaeroTweaker_x86_64.dllexecutable
MD5:70EEB04906D68A88C75F81D14F0EBF0A
SHA256:D882AEDEEAB31C830FDF10201BF708B3FF9717C24CE6DBA317D142B7833E370A
7268WinaeroTweaker-1.63.0.0-setup.tmpC:\Users\admin\AppData\Local\Temp\is-SDK9R.tmp\_isetup\_iscrypt.dllexecutable
MD5:A69559718AB506675E907FE49DEB71E9
SHA256:2F6294F9AA09F59A574B5DCD33BE54E16B39377984F3D5658CDA44950FA0F8FC
7268WinaeroTweaker-1.63.0.0-setup.tmpC:\WinaeroTweaker\is-6VSG3.tmpexecutable
MD5:99C3342A209D92E537879699108F8288
SHA256:BD2EB1ADE28A7A3023B8E96EA1D44C82C7DF50FCBAC460C63C05AB11D7849BB4
7268WinaeroTweaker-1.63.0.0-setup.tmpC:\Users\admin\AppData\Local\Temp\is-SDK9R.tmp\_isetup\_setup64.tmpexecutable
MD5:E4211D6D009757C078A9FAC7FF4F03D4
SHA256:388A796580234EFC95F3B1C70AD4CB44BFDDC7BA0F9203BF4902B9929B136F95
4448WinaeroTweaker-1.63.0.0-setup.exeC:\Users\admin\AppData\Local\Temp\is-7N9M4.tmp\WinaeroTweaker-1.63.0.0-setup.tmpexecutable
MD5:1F8BC6B583179090E759FAA5B1C97430
SHA256:E960ECEC070425603934A878E09329EDC9A44F2112BFB90E84B162A654074A67
7268WinaeroTweaker-1.63.0.0-setup.tmpC:\WinaeroTweaker\WinaeroControls.dllexecutable
MD5:08DFF3B716F7382929F613439CF9E835
SHA256:59F92064FF838DFBB8A52392B3BC427AE54DAF9E1F6325E880CB1010456A5EE5
7268WinaeroTweaker-1.63.0.0-setup.tmpC:\WinaeroTweaker\is-AP7ET.tmpexecutable
MD5:3452B73BFD48A180A241CD23F9C847B5
SHA256:BF04DB2FA5760CA720DF20D8D7E7C16672B087DD313E80B1A192DEA905EA86AA
7268WinaeroTweaker-1.63.0.0-setup.tmpC:\WinaeroTweaker\Winaero EULA.txttext
MD5:C11892A5C17F87CBE8FF04C941DDF219
SHA256:315148CF0B3BC8A60E8BB826A5CFC9A83E5B9829CC094FAAE525E727EB0B74F4
7268WinaeroTweaker-1.63.0.0-setup.tmpC:\WinaeroTweaker\WinaeroTweaker_i386.dllexecutable
MD5:BB3935CACCEA6DC73487045C7640AE7A
SHA256:A921DD143B295DFF3F4C1343A085980A50006A55797E239AB8AC1C0DA64E1BBE
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
22
DNS requests
3
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
2104
svchost.exe
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4
System
192.168.100.255:138
whitelisted
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
5496
MoUsoCoreWorker.exe
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
2112
svchost.exe
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4
System
192.168.100.255:137
whitelisted
7576
WinaeroTweaker.exe
68.183.112.81:443
winaero.com
DIGITALOCEAN-ASN
US
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 51.104.136.2
whitelisted
google.com
  • 172.217.16.142
whitelisted
winaero.com
  • 68.183.112.81
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
WinaeroTweaker-1.63.0.0-setup.exe