4655c1448795668c21904ce39b61dbf2aa278df7d0ade347352bf6405ca83b23

Analysis

max time kernel
192s
max time network
198s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
24-11-2022 14:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4655c1448795668c21904ce39b61dbf2aa278df7d0ade347352bf6405ca83b23.exe
Size

3.3MB
MD5

c2f748e96d2db66b84c87e6a3465ceca
SHA1

fb87dd59f4b7498550af16fd3b21f44b9f6ac523
SHA256

4655c1448795668c21904ce39b61dbf2aa278df7d0ade347352bf6405ca83b23
SHA512

3c51d52e94a06c31224a0ae52bb383f3a01dcec3693f8fcd6e4ced46bc44e485797ed3201f8880e8a8703fb7f6d62dd974e738fc6a1c64fab1e6b1688cf0de41
SSDEEP

98304:OLeyl6lN3RiDXbkpLHj6u+qHqWRWJU7yii:OjEfsDgpbjCvJUu3

Score

8^/10

discovery

Malware Config

Signatures

Executes dropped EXE 3 IoCs

Processes:

4655c1448795668c21904ce39b61dbf2aa278df7d0ade347352bf6405ca83b23.tmpTuneupPro.exesystweakasp.exe

pid process

576 4655c1448795668c21904ce39b61dbf2aa278df7d0ade347352bf6405ca83b23.tmp
2016 TuneupPro.exe
1508 systweakasp.exe

Loads dropped DLL 11 IoCs

Processes:

4655c1448795668c21904ce39b61dbf2aa278df7d0ade347352bf6405ca83b23.exe4655c1448795668c21904ce39b61dbf2aa278df7d0ade347352bf6405ca83b23.tmpTuneupPro.exe

pid	process
1932	4655c1448795668c21904ce39b61dbf2aa278df7d0ade347352bf6405ca83b23.exe
576	4655c1448795668c21904ce39b61dbf2aa278df7d0ade347352bf6405ca83b23.tmp
576	4655c1448795668c21904ce39b61dbf2aa278df7d0ade347352bf6405ca83b23.tmp
576	4655c1448795668c21904ce39b61dbf2aa278df7d0ade347352bf6405ca83b23.tmp
576	4655c1448795668c21904ce39b61dbf2aa278df7d0ade347352bf6405ca83b23.tmp
576	4655c1448795668c21904ce39b61dbf2aa278df7d0ade347352bf6405ca83b23.tmp
576	4655c1448795668c21904ce39b61dbf2aa278df7d0ade347352bf6405ca83b23.tmp
576	4655c1448795668c21904ce39b61dbf2aa278df7d0ade347352bf6405ca83b23.tmp
2016	TuneupPro.exe
2016	TuneupPro.exe
2016	TuneupPro.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in System32 directory 2 IoCs

Processes:

4655c1448795668c21904ce39b61dbf2aa278df7d0ade347352bf6405ca83b23.tmp

description	ioc	process
File created	C:\Windows\system32\roboot64.exe	4655c1448795668c21904ce39b61dbf2aa278df7d0ade347352bf6405ca83b23.tmp
File opened for modification	C:\Windows\system32\roboot64.exe	4655c1448795668c21904ce39b61dbf2aa278df7d0ade347352bf6405ca83b23.tmp

Drops file in Program Files directory 60 IoCs

Processes:

4655c1448795668c21904ce39b61dbf2aa278df7d0ade347352bf6405ca83b23.tmp

description	ioc	process
File opened for modification	C:\Program Files (x86)\Tuneup Pro\systweakasp.exe	4655c1448795668c21904ce39b61dbf2aa278df7d0ade347352bf6405ca83b23.tmp
File created	C:\Program Files (x86)\Tuneup Pro\is-A6IE6.tmp	4655c1448795668c21904ce39b61dbf2aa278df7d0ade347352bf6405ca83b23.tmp
File created	C:\Program Files (x86)\Tuneup Pro\is-HUBCN.tmp	4655c1448795668c21904ce39b61dbf2aa278df7d0ade347352bf6405ca83b23.tmp
File opened for modification	C:\Program Files (x86)\Tuneup Pro\isxdl.dll	4655c1448795668c21904ce39b61dbf2aa278df7d0ade347352bf6405ca83b23.tmp
File created	C:\Program Files (x86)\Tuneup Pro\is-6TDUD.tmp	4655c1448795668c21904ce39b61dbf2aa278df7d0ade347352bf6405ca83b23.tmp
File created	C:\Program Files (x86)\Tuneup Pro\is-P5M0F.tmp	4655c1448795668c21904ce39b61dbf2aa278df7d0ade347352bf6405ca83b23.tmp
File created	C:\Program Files (x86)\Tuneup Pro\unins000.dat	4655c1448795668c21904ce39b61dbf2aa278df7d0ade347352bf6405ca83b23.tmp
File created	C:\Program Files (x86)\Tuneup Pro\is-1PUHI.tmp	4655c1448795668c21904ce39b61dbf2aa278df7d0ade347352bf6405ca83b23.tmp
File opened for modification	C:\Program Files (x86)\Tuneup Pro\TuppUns.exe	4655c1448795668c21904ce39b61dbf2aa278df7d0ade347352bf6405ca83b23.tmp
File created	C:\Program Files (x86)\Tuneup Pro\is-MHQ22.tmp	4655c1448795668c21904ce39b61dbf2aa278df7d0ade347352bf6405ca83b23.tmp
File created	C:\Program Files (x86)\Tuneup Pro\is-I2H0F.tmp	4655c1448795668c21904ce39b61dbf2aa278df7d0ade347352bf6405ca83b23.tmp
File created	C:\Program Files (x86)\Tuneup Pro\is-AOVP0.tmp	4655c1448795668c21904ce39b61dbf2aa278df7d0ade347352bf6405ca83b23.tmp
File created	C:\Program Files (x86)\Tuneup Pro\is-JI118.tmp	4655c1448795668c21904ce39b61dbf2aa278df7d0ade347352bf6405ca83b23.tmp
File created	C:\Program Files (x86)\Tuneup Pro\is-03C89.tmp	4655c1448795668c21904ce39b61dbf2aa278df7d0ade347352bf6405ca83b23.tmp
File created	C:\Program Files (x86)\Tuneup Pro\is-1UFH5.tmp	4655c1448795668c21904ce39b61dbf2aa278df7d0ade347352bf6405ca83b23.tmp
File created	C:\Program Files (x86)\Tuneup Pro\is-CL760.tmp	4655c1448795668c21904ce39b61dbf2aa278df7d0ade347352bf6405ca83b23.tmp
File created	C:\Program Files (x86)\Tuneup Pro\is-L0984.tmp	4655c1448795668c21904ce39b61dbf2aa278df7d0ade347352bf6405ca83b23.tmp
File created	C:\Program Files (x86)\Tuneup Pro\is-UOV49.tmp	4655c1448795668c21904ce39b61dbf2aa278df7d0ade347352bf6405ca83b23.tmp
File created	C:\Program Files (x86)\Tuneup Pro\is-RMFIJ.tmp	4655c1448795668c21904ce39b61dbf2aa278df7d0ade347352bf6405ca83b23.tmp
File created	C:\Program Files (x86)\Tuneup Pro\unins000.msg	4655c1448795668c21904ce39b61dbf2aa278df7d0ade347352bf6405ca83b23.tmp
File opened for modification	C:\Program Files (x86)\Tuneup Pro\unins000.dat	4655c1448795668c21904ce39b61dbf2aa278df7d0ade347352bf6405ca83b23.tmp
File created	C:\Program Files (x86)\Tuneup Pro\is-KBKI1.tmp	4655c1448795668c21904ce39b61dbf2aa278df7d0ade347352bf6405ca83b23.tmp
File created	C:\Program Files (x86)\Tuneup Pro\is-0A0N6.tmp	4655c1448795668c21904ce39b61dbf2aa278df7d0ade347352bf6405ca83b23.tmp
File created	C:\Program Files (x86)\Tuneup Pro\is-9ON8D.tmp	4655c1448795668c21904ce39b61dbf2aa278df7d0ade347352bf6405ca83b23.tmp
File created	C:\Program Files (x86)\Tuneup Pro\is-9V9UP.tmp	4655c1448795668c21904ce39b61dbf2aa278df7d0ade347352bf6405ca83b23.tmp
File created	C:\Program Files (x86)\Tuneup Pro\is-CLKV0.tmp	4655c1448795668c21904ce39b61dbf2aa278df7d0ade347352bf6405ca83b23.tmp
File created	C:\Program Files (x86)\Tuneup Pro\is-0DB8E.tmp	4655c1448795668c21904ce39b61dbf2aa278df7d0ade347352bf6405ca83b23.tmp
File created	C:\Program Files (x86)\Tuneup Pro\is-U20K8.tmp	4655c1448795668c21904ce39b61dbf2aa278df7d0ade347352bf6405ca83b23.tmp
File created	C:\Program Files (x86)\Tuneup Pro\is-A0B55.tmp	4655c1448795668c21904ce39b61dbf2aa278df7d0ade347352bf6405ca83b23.tmp
File created	C:\Program Files (x86)\Tuneup Pro\is-31AHI.tmp	4655c1448795668c21904ce39b61dbf2aa278df7d0ade347352bf6405ca83b23.tmp
File created	C:\Program Files (x86)\Tuneup Pro\is-FKHGF.tmp	4655c1448795668c21904ce39b61dbf2aa278df7d0ade347352bf6405ca83b23.tmp
File created	C:\Program Files (x86)\Tuneup Pro\is-ESIJ5.tmp	4655c1448795668c21904ce39b61dbf2aa278df7d0ade347352bf6405ca83b23.tmp
File created	C:\Program Files (x86)\Tuneup Pro\is-AH460.tmp	4655c1448795668c21904ce39b61dbf2aa278df7d0ade347352bf6405ca83b23.tmp
File opened for modification	C:\Program Files (x86)\Tuneup Pro\xmllite.dll	4655c1448795668c21904ce39b61dbf2aa278df7d0ade347352bf6405ca83b23.tmp
File created	C:\Program Files (x86)\Tuneup Pro\is-LGV05.tmp	4655c1448795668c21904ce39b61dbf2aa278df7d0ade347352bf6405ca83b23.tmp
File created	C:\Program Files (x86)\Tuneup Pro\is-A5LS0.tmp	4655c1448795668c21904ce39b61dbf2aa278df7d0ade347352bf6405ca83b23.tmp
File created	C:\Program Files (x86)\Tuneup Pro\is-IV05T.tmp	4655c1448795668c21904ce39b61dbf2aa278df7d0ade347352bf6405ca83b23.tmp
File created	C:\Program Files (x86)\Tuneup Pro\is-R8PC5.tmp	4655c1448795668c21904ce39b61dbf2aa278df7d0ade347352bf6405ca83b23.tmp
File created	C:\Program Files (x86)\Tuneup Pro\is-NPL4G.tmp	4655c1448795668c21904ce39b61dbf2aa278df7d0ade347352bf6405ca83b23.tmp
File created	C:\Program Files (x86)\Tuneup Pro\is-ID1FM.tmp	4655c1448795668c21904ce39b61dbf2aa278df7d0ade347352bf6405ca83b23.tmp
File created	C:\Program Files (x86)\Tuneup Pro\is-8TBOU.tmp	4655c1448795668c21904ce39b61dbf2aa278df7d0ade347352bf6405ca83b23.tmp
File created	C:\Program Files (x86)\Tuneup Pro\is-1T8L3.tmp	4655c1448795668c21904ce39b61dbf2aa278df7d0ade347352bf6405ca83b23.tmp
File created	C:\Program Files (x86)\Tuneup Pro\is-3F4C4.tmp	4655c1448795668c21904ce39b61dbf2aa278df7d0ade347352bf6405ca83b23.tmp
File created	C:\Program Files (x86)\Tuneup Pro\is-8AL7J.tmp	4655c1448795668c21904ce39b61dbf2aa278df7d0ade347352bf6405ca83b23.tmp
File created	C:\Program Files (x86)\Tuneup Pro\is-6RQ9R.tmp	4655c1448795668c21904ce39b61dbf2aa278df7d0ade347352bf6405ca83b23.tmp
File created	C:\Program Files (x86)\Tuneup Pro\is-4NI9D.tmp	4655c1448795668c21904ce39b61dbf2aa278df7d0ade347352bf6405ca83b23.tmp
File created	C:\Program Files (x86)\Tuneup Pro\is-5EHIL.tmp	4655c1448795668c21904ce39b61dbf2aa278df7d0ade347352bf6405ca83b23.tmp
File created	C:\Program Files (x86)\Tuneup Pro\is-COVI4.tmp	4655c1448795668c21904ce39b61dbf2aa278df7d0ade347352bf6405ca83b23.tmp
File created	C:\Program Files (x86)\Tuneup Pro\is-2DITU.tmp	4655c1448795668c21904ce39b61dbf2aa278df7d0ade347352bf6405ca83b23.tmp
File created	C:\Program Files (x86)\Tuneup Pro\is-5M4CE.tmp	4655c1448795668c21904ce39b61dbf2aa278df7d0ade347352bf6405ca83b23.tmp
File created	C:\Program Files (x86)\Tuneup Pro\is-A12NV.tmp	4655c1448795668c21904ce39b61dbf2aa278df7d0ade347352bf6405ca83b23.tmp
File created	C:\Program Files (x86)\Tuneup Pro\is-O8JKQ.tmp	4655c1448795668c21904ce39b61dbf2aa278df7d0ade347352bf6405ca83b23.tmp
File created	C:\Program Files (x86)\Tuneup Pro\is-9BPTC.tmp	4655c1448795668c21904ce39b61dbf2aa278df7d0ade347352bf6405ca83b23.tmp
File created	C:\Program Files (x86)\Tuneup Pro\is-9OB19.tmp	4655c1448795668c21904ce39b61dbf2aa278df7d0ade347352bf6405ca83b23.tmp
File created	C:\Program Files (x86)\Tuneup Pro\is-76P66.tmp	4655c1448795668c21904ce39b61dbf2aa278df7d0ade347352bf6405ca83b23.tmp
File created	C:\Program Files (x86)\Tuneup Pro\is-OTO1G.tmp	4655c1448795668c21904ce39b61dbf2aa278df7d0ade347352bf6405ca83b23.tmp
File opened for modification	C:\Program Files (x86)\Tuneup Pro\CleanSchedule.exe	4655c1448795668c21904ce39b61dbf2aa278df7d0ade347352bf6405ca83b23.tmp
File opened for modification	C:\Program Files (x86)\Tuneup Pro\TuneupPro.exe	4655c1448795668c21904ce39b61dbf2aa278df7d0ade347352bf6405ca83b23.tmp
File created	C:\Program Files (x86)\Tuneup Pro\is-A2L41.tmp	4655c1448795668c21904ce39b61dbf2aa278df7d0ade347352bf6405ca83b23.tmp
File created	C:\Program Files (x86)\Tuneup Pro\is-KETQR.tmp	4655c1448795668c21904ce39b61dbf2aa278df7d0ade347352bf6405ca83b23.tmp

Drops file in Windows directory 1 IoCs

Processes:

TuneupPro.exe

description ioc process

File created C:\Windows\Tasks\Tuneup Pro_UPDATES.job TuneupPro.exe
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

description	ioc	process
File created	C:\Windows\Tasks\Tuneup Pro_UPDATES.job	TuneupPro.exe

Modifies Internet Explorer settings 1 TTPs 32 IoCs

adware spyware

Modify Registry

T1112

Processes:

iexplore.exeIEXPLORE.EXETuneupPro.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-575491160-2295418218-1540667289-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-575491160-2295418218-1540667289-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-575491160-2295418218-1540667289-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-575491160-2295418218-1540667289-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-575491160-2295418218-1540667289-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-575491160-2295418218-1540667289-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-575491160-2295418218-1540667289-1000\Software\Microsoft\Internet Explorer\Main	TuneupPro.exe
Key created	\REGISTRY\USER\S-1-5-21-575491160-2295418218-1540667289-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-575491160-2295418218-1540667289-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-575491160-2295418218-1540667289-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-575491160-2295418218-1540667289-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-575491160-2295418218-1540667289-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-575491160-2295418218-1540667289-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-575491160-2295418218-1540667289-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-575491160-2295418218-1540667289-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000fbafda4d2839344b902c87c07ddf25a100000000020000000000106600000001000020000000b274943e5dbe351e5e58e776760b43ee0410aed7484a59f3c895a7fce1d30975000000000e8000000002000020000000e3a58b3c931433dc5588714b44fb7de97b9d71133fbcbf6ad61077ccd471fdb320000000aca66941364984002b9de520204b1cc32fd20848e9d98fd36b2370d5d1cd8fdc40000000f86065a76b075099d2a5ecd94830ef5e8d834921c4abb928e06e99c1297933854cfbfd577904b3e42c3a5e093ec7276050265e22e0fe5fc1a5e71ca7efbbdfbc	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-575491160-2295418218-1540667289-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-575491160-2295418218-1540667289-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-575491160-2295418218-1540667289-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-575491160-2295418218-1540667289-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-575491160-2295418218-1540667289-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000fbafda4d2839344b902c87c07ddf25a1000000000200000000001066000000010000200000004844c0a031568e933102d3c49398f5f8d6d8ce48fd0c28007c6ed74697d43b2f000000000e8000000002000020000000c0664bfb474a981f005cc1014a2bca08fbb374a0e9a473516662d77f360dc90490000000392d95daee9457b4d043916eeaaed20b3653fee2f2281da75ef6efc2ac8e2098737990ab8b7638d89dd8df30e5fe2199b9f5555dbf63749d404b992c3e3de546e0d2894f2aa623081a47d1b92328534744209811781f93f29e7c8671db01689b58b971d53250e50fd4466d5e08a17d3b1c5dd79477459e97aeb54817bdc8b583f4ed6af660ba7199c31b6aa30a4a9e1540000000ab878c73e8a1368675ae6410ea5db2d9de4997f5a252e1ec71cbee53b7c9a45eb99688e82b8983cf5828729bd1b9010ebc989270608b1a0667445feaed1ea6bc	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-575491160-2295418218-1540667289-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-575491160-2295418218-1540667289-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-575491160-2295418218-1540667289-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-575491160-2295418218-1540667289-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-575491160-2295418218-1540667289-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-575491160-2295418218-1540667289-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-575491160-2295418218-1540667289-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = e06b3dfe4200d901	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-575491160-2295418218-1540667289-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-575491160-2295418218-1540667289-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-575491160-2295418218-1540667289-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{05103F11-6C36-11ED-B4DB-D2F8C2B78FDE} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-575491160-2295418218-1540667289-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-575491160-2295418218-1540667289-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000000000001000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe

Modifies registry class 64 IoCs

Processes:

regsvr32.exe

description	ioc	process
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\JScript.Compact	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CC5BBEC3-DB4A-4BED-828D-08D78EE3E1ED}	regsvr32.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\JavaScript1.1	regsvr32.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\ECMAScript Author\OLESCRIPT	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\JScript Author\ = "JScript Language Authoring"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\LiveScript Author\OLEScript	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F414C261-6AC0-11CF-B6D1-00AA00BBBB58}	regsvr32.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{f414c262-6ac0-11cf-b6d1-00aa00bbbb58}\Implemented Categories	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{f414c262-6ac0-11cf-b6d1-00aa00bbbb58}\ = "JScript Language Encoding"	regsvr32.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{cc5bbec3-db4a-4bed-828d-08d78ee3e1ed}	regsvr32.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\JavaScript\OLESCRIPT	regsvr32.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\JavaScript	regsvr32.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\JavaScript1.3\OLESCRIPT	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\JavaScript1.1\ = "JScript Language"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\JavaScript1.2	regsvr32.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\JScript.Encode	regsvr32.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{cc5bbec3-db4a-4bed-828d-08d78ee3e1ed}\Implemented Categories	regsvr32.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\JavaScript1.3\CLSID	regsvr32.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\JavaScript Author	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\JScript Author	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\JavaScript Author\OLEScript	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\ECMAScript Author\ = "JScript Language Authoring"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F414C262-6AC0-11CF-B6D1-00AA00BBBB58}\Implemented Categories\{F0B7A1A2-9847-11CF-8F20-00805F2CD064}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{f414c260-6ac0-11cf-b6d1-00aa00bbbb58}\InprocServer32\ThreadingModel = "Both"	regsvr32.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\JavaScript Author\CLSID	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CC5BBEC3-DB4A-4BED-828D-08D78EE3E1ED}\Implemented Categories	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\JavaScript1.3\CLSID\ = "{f414c260-6ac0-11cf-b6d1-00aa00bbbb58}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\LiveScript Author\CLSID\ = "{f414c261-6ac0-11cf-b6d1-00aa00bbbb58}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{cc5bbec3-db4a-4bed-828d-08d78ee3e1ed}\ProgID\ = "JScript.Compact"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{cc5bbec3-db4a-4bed-828d-08d78ee3e1ed}\InprocServer32\ = "C:\\Windows\\SysWow64\\jscript.dll"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\JScript	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{f414c260-6ac0-11cf-b6d1-00aa00bbbb58}\ = "JScript Language"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{f414c260-6ac0-11cf-b6d1-00aa00bbbb58}\ProgID\ = "JScript"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Component Categories\{F0B7A1A2-9847-11CF-8F20-00805F2CD064}	regsvr32.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\JScript Author\CLSID	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F414C262-6AC0-11CF-B6D1-00AA00BBBB58}\Implemented Categories\{F0B7A1A1-9847-11CF-8F20-00805F2CD064}	regsvr32.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{f414c262-6ac0-11cf-b6d1-00aa00bbbb58}\INPROCSERVER32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\JScript.Encode\OLEScript	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{cc5bbec3-db4a-4bed-828d-08d78ee3e1ed}\ProgID	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F414C261-6AC0-11CF-B6D1-00AA00BBBB58}\Implemented Categories\{0AEE2A92-BCBB-11D0-8C72-00C04FC2B085}	regsvr32.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{f414c262-6ac0-11cf-b6d1-00aa00bbbb58}	regsvr32.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{f414c260-6ac0-11cf-b6d1-00aa00bbbb58}\INPROCSERVER32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\JavaScript1.1	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F414C260-6AC0-11CF-B6D1-00AA00BBBB58}\Implemented Categories\{F0B7A1A2-9847-11CF-8F20-00805F2CD064}	regsvr32.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{f414c261-6ac0-11cf-b6d1-00aa00bbbb58}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\JScript.Compact Author\CLSID	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\JavaScript1.1 Author\OLEScript	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\JScript.Compact	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\JavaScript	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\JavaScript1.3\ = "JScript Language"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{f414c262-6ac0-11cf-b6d1-00aa00bbbb58}\ProgID\ = "JScript.Encode"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\JScript.Encode\CLSID	regsvr32.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\JScript.Compact\CLSID	regsvr32.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{f414c260-6ac0-11cf-b6d1-00aa00bbbb58}\OLESCRIPT	regsvr32.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{f414c260-6ac0-11cf-b6d1-00aa00bbbb58}	regsvr32.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\LiveScript Author	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\JScript Author\OLEScript	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\JavaScript1.1 Author\CLSID	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\JavaScript1.2 AuthorJavaScript1.3 Author\CLSID	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\JScript.Compact\CLSID	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Component Categories	regsvr32.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\LiveScript Author\CLSID	regsvr32.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{cc5bbec3-db4a-4bed-828d-08d78ee3e1ed}\OLESCRIPT	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\JavaScript\OLEScript	regsvr32.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

4655c1448795668c21904ce39b61dbf2aa278df7d0ade347352bf6405ca83b23.tmp

pid	process
576	4655c1448795668c21904ce39b61dbf2aa278df7d0ade347352bf6405ca83b23.tmp
576	4655c1448795668c21904ce39b61dbf2aa278df7d0ade347352bf6405ca83b23.tmp

Suspicious use of FindShellTrayWindow 4 IoCs

Processes:

4655c1448795668c21904ce39b61dbf2aa278df7d0ade347352bf6405ca83b23.tmpiexplore.exeTuneupPro.exe

pid process

576 4655c1448795668c21904ce39b61dbf2aa278df7d0ade347352bf6405ca83b23.tmp
1004 iexplore.exe
2016 TuneupPro.exe
2016 TuneupPro.exe
Suspicious use of SendNotifyMessage 2 IoCs

Processes:

TuneupPro.exe

pid process

2016 TuneupPro.exe
2016 TuneupPro.exe

Suspicious use of SetWindowsHookEx 10 IoCs

Processes:

TuneupPro.exeiexplore.exeIEXPLORE.EXE

pid	process
2016	TuneupPro.exe
1004	iexplore.exe
1004	iexplore.exe
2016	TuneupPro.exe
2016	TuneupPro.exe
2016	TuneupPro.exe
568	IEXPLORE.EXE
568	IEXPLORE.EXE
568	IEXPLORE.EXE
568	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 30 IoCs

Processes:

4655c1448795668c21904ce39b61dbf2aa278df7d0ade347352bf6405ca83b23.exe4655c1448795668c21904ce39b61dbf2aa278df7d0ade347352bf6405ca83b23.tmpiexplore.exeTuneupPro.exe

description	pid	process	target process
PID 1932 wrote to memory of 576	1932	4655c1448795668c21904ce39b61dbf2aa278df7d0ade347352bf6405ca83b23.exe	4655c1448795668c21904ce39b61dbf2aa278df7d0ade347352bf6405ca83b23.tmp
PID 1932 wrote to memory of 576	1932	4655c1448795668c21904ce39b61dbf2aa278df7d0ade347352bf6405ca83b23.exe	4655c1448795668c21904ce39b61dbf2aa278df7d0ade347352bf6405ca83b23.tmp
PID 1932 wrote to memory of 576	1932	4655c1448795668c21904ce39b61dbf2aa278df7d0ade347352bf6405ca83b23.exe	4655c1448795668c21904ce39b61dbf2aa278df7d0ade347352bf6405ca83b23.tmp
PID 1932 wrote to memory of 576	1932	4655c1448795668c21904ce39b61dbf2aa278df7d0ade347352bf6405ca83b23.exe	4655c1448795668c21904ce39b61dbf2aa278df7d0ade347352bf6405ca83b23.tmp
PID 1932 wrote to memory of 576	1932	4655c1448795668c21904ce39b61dbf2aa278df7d0ade347352bf6405ca83b23.exe	4655c1448795668c21904ce39b61dbf2aa278df7d0ade347352bf6405ca83b23.tmp
PID 1932 wrote to memory of 576	1932	4655c1448795668c21904ce39b61dbf2aa278df7d0ade347352bf6405ca83b23.exe	4655c1448795668c21904ce39b61dbf2aa278df7d0ade347352bf6405ca83b23.tmp
PID 1932 wrote to memory of 576	1932	4655c1448795668c21904ce39b61dbf2aa278df7d0ade347352bf6405ca83b23.exe	4655c1448795668c21904ce39b61dbf2aa278df7d0ade347352bf6405ca83b23.tmp
PID 576 wrote to memory of 696	576	4655c1448795668c21904ce39b61dbf2aa278df7d0ade347352bf6405ca83b23.tmp	regsvr32.exe
PID 576 wrote to memory of 696	576	4655c1448795668c21904ce39b61dbf2aa278df7d0ade347352bf6405ca83b23.tmp	regsvr32.exe
PID 576 wrote to memory of 696	576	4655c1448795668c21904ce39b61dbf2aa278df7d0ade347352bf6405ca83b23.tmp	regsvr32.exe
PID 576 wrote to memory of 696	576	4655c1448795668c21904ce39b61dbf2aa278df7d0ade347352bf6405ca83b23.tmp	regsvr32.exe
PID 576 wrote to memory of 696	576	4655c1448795668c21904ce39b61dbf2aa278df7d0ade347352bf6405ca83b23.tmp	regsvr32.exe
PID 576 wrote to memory of 696	576	4655c1448795668c21904ce39b61dbf2aa278df7d0ade347352bf6405ca83b23.tmp	regsvr32.exe
PID 576 wrote to memory of 696	576	4655c1448795668c21904ce39b61dbf2aa278df7d0ade347352bf6405ca83b23.tmp	regsvr32.exe
PID 576 wrote to memory of 1004	576	4655c1448795668c21904ce39b61dbf2aa278df7d0ade347352bf6405ca83b23.tmp	iexplore.exe
PID 576 wrote to memory of 1004	576	4655c1448795668c21904ce39b61dbf2aa278df7d0ade347352bf6405ca83b23.tmp	iexplore.exe
PID 576 wrote to memory of 1004	576	4655c1448795668c21904ce39b61dbf2aa278df7d0ade347352bf6405ca83b23.tmp	iexplore.exe
PID 576 wrote to memory of 1004	576	4655c1448795668c21904ce39b61dbf2aa278df7d0ade347352bf6405ca83b23.tmp	iexplore.exe
PID 576 wrote to memory of 2016	576	4655c1448795668c21904ce39b61dbf2aa278df7d0ade347352bf6405ca83b23.tmp	TuneupPro.exe
PID 576 wrote to memory of 2016	576	4655c1448795668c21904ce39b61dbf2aa278df7d0ade347352bf6405ca83b23.tmp	TuneupPro.exe
PID 576 wrote to memory of 2016	576	4655c1448795668c21904ce39b61dbf2aa278df7d0ade347352bf6405ca83b23.tmp	TuneupPro.exe
PID 576 wrote to memory of 2016	576	4655c1448795668c21904ce39b61dbf2aa278df7d0ade347352bf6405ca83b23.tmp	TuneupPro.exe
PID 1004 wrote to memory of 568	1004	iexplore.exe	IEXPLORE.EXE
PID 1004 wrote to memory of 568	1004	iexplore.exe	IEXPLORE.EXE
PID 1004 wrote to memory of 568	1004	iexplore.exe	IEXPLORE.EXE
PID 1004 wrote to memory of 568	1004	iexplore.exe	IEXPLORE.EXE
PID 2016 wrote to memory of 1508	2016	TuneupPro.exe	systweakasp.exe
PID 2016 wrote to memory of 1508	2016	TuneupPro.exe	systweakasp.exe
PID 2016 wrote to memory of 1508	2016	TuneupPro.exe	systweakasp.exe
PID 2016 wrote to memory of 1508	2016	TuneupPro.exe	systweakasp.exe

C:\Users\Admin\AppData\Local\Temp\4655c1448795668c21904ce39b61dbf2aa278df7d0ade347352bf6405ca83b23.exe
"C:\Users\Admin\AppData\Local\Temp\4655c1448795668c21904ce39b61dbf2aa278df7d0ade347352bf6405ca83b23.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1932

C:\Users\Admin\AppData\Local\Temp\is-RGMM0.tmp\4655c1448795668c21904ce39b61dbf2aa278df7d0ade347352bf6405ca83b23.tmp
"C:\Users\Admin\AppData\Local\Temp\is-RGMM0.tmp\4655c1448795668c21904ce39b61dbf2aa278df7d0ade347352bf6405ca83b23.tmp" /SL5="$70124,2957012,148992,C:\Users\Admin\AppData\Local\Temp\4655c1448795668c21904ce39b61dbf2aa278df7d0ade347352bf6405ca83b23.exe"
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- Drops file in Program Files directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:576

C:\Windows\SysWOW64\regsvr32.exe
"C:\Windows\system32\regsvr32.exe" /s "C:\Windows\system32\jscript.dll"
3⤵
- Modifies registry class
PID:696

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" http://www.tuneuppro.com/tupp/afterinstall_sp.asp?utm_content=AfterInstall&utm_term=Setup&page=install&&LangID=en
3⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1004

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1004 CREDAT:275457 /prefetch:2
4⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:568

C:\Program Files (x86)\Tuneup Pro\TuneupPro.exe
"C:\Program Files (x86)\Tuneup Pro\TuneupPro.exe"
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Windows directory
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2016

C:\Program Files (x86)\Tuneup Pro\systweakasp.exe
"C:\Program Files (x86)\Tuneup Pro\systweakasp.exe" /verysilent
4⤵
- Executes dropped EXE
PID:1508

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Tuneup Pro\TuneupPro.exe

Filesize
7.3MB

MD5
be2ce71fc87a375f96665b980ec59f7b

SHA1
5ecad41aee09c73f8f7bf1d8d49bea7a222fff85

SHA256
88967773ef715fa98dc87a529d8d0e2f9d3e4783fab33e30f2df88df2a81bc76

SHA512
1a5e44396114afd5ad4b51eeba4ec4a08c07b8664836acc126c6c255ed023e8cc5d7fa9104bde8c703d45b45d4ac02cb6e5983f26cd55efec13f5ba723918e05

Download Submit
C:\Program Files (x86)\Tuneup Pro\TuneupPro.exe

Filesize
7.3MB

MD5
be2ce71fc87a375f96665b980ec59f7b

SHA1
5ecad41aee09c73f8f7bf1d8d49bea7a222fff85

SHA256
88967773ef715fa98dc87a529d8d0e2f9d3e4783fab33e30f2df88df2a81bc76

SHA512
1a5e44396114afd5ad4b51eeba4ec4a08c07b8664836acc126c6c255ed023e8cc5d7fa9104bde8c703d45b45d4ac02cb6e5983f26cd55efec13f5ba723918e05

Download Submit
C:\Program Files (x86)\Tuneup Pro\XmlLite.dll

Filesize
124KB

MD5
71a2dca8f626fcef8bff7e2c17c67a7f

SHA1
5aaea93ec3f4d722d7ea0c2d86bc4f3cbdce5c92

SHA256
b55a978443ef0b873875910283bedfab0c3133bac7be72a68ed5146f83f1ef8c

SHA512
5244918679eba6e7af8e367c66c3d1bdcfa2323400994ecda37ccd697fb28b52ffdad992650929ec98b98ae9e0213074368a8881c6a62e48579c30f17051a17d

Download Submit
C:\Program Files (x86)\Tuneup Pro\eng_rcp.ini

Filesize
83KB

MD5
bbf623a44f466bf544d2418f4473a7e4

SHA1
684e3b0396a143d23f64c3eda59f6b29291cf967

SHA256
115fa830c0087b531655bc2974522d924405f718289c57769e9aae44c7b116d5

SHA512
e6d3a359f63c34d3457e8c2c56addf8d90cf7ac7e99db6545fc6a3f713fb4b0f631d6aa75da7064effdb4df6001aa7a65e06a010cbeaf561cf865b4c3dc0670e

Download Submit
C:\Program Files (x86)\Tuneup Pro\isxdl.dll

Filesize
153KB

MD5
16429d91b2a28595e3bb5f6a48faa705

SHA1
aa195a50f21cf8935c7031543215151214c6ef4b

SHA256
1b141a14ed518bf01f847d893e282b831d0f0cee87919bc2e98e54a3c80f5471

SHA512
a6f0ba9812c2bf8b6ddac02fff963ad062a7f7fc08ee238d680e32eccb741f7875954765a5e86a2cd3ae0be72cd5b773a9c67425dfb106ecef8e285cdf02ad64

Download Submit
C:\Program Files (x86)\Tuneup Pro\systweakasp.exe

Filesize
579KB

MD5
8f2ca56d9c7c425facbe535745092ff2

SHA1
f2cbbe9867a40a0928542dace51d8b94957dfcac

SHA256
0c4e44adbd402f42a65bfdd4143a874b76bca9e3a51af3ede9268489e37a8bc4

SHA512
a19cdddd7c9f4bea90e64b03c5f3635d07e25545d35a020ee10de1a79b61748e8673aac179746dce334338d536fdc71ba24479b9cf643e5550ecca3af5c9990e

Download Submit
C:\Program Files (x86)\Tuneup Pro\systweakasp.exe

Filesize
579KB

MD5
8f2ca56d9c7c425facbe535745092ff2

SHA1
f2cbbe9867a40a0928542dace51d8b94957dfcac

SHA256
0c4e44adbd402f42a65bfdd4143a874b76bca9e3a51af3ede9268489e37a8bc4

SHA512
a19cdddd7c9f4bea90e64b03c5f3635d07e25545d35a020ee10de1a79b61748e8673aac179746dce334338d536fdc71ba24479b9cf643e5550ecca3af5c9990e

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-RGMM0.tmp\4655c1448795668c21904ce39b61dbf2aa278df7d0ade347352bf6405ca83b23.tmp

Filesize
1.2MB

MD5
3aabfe33f7b23e5b8409647b6b41996f

SHA1
8653690e9d2bae73243a8203b8dc9c34c5163d72

SHA256
706612698e77b203d3058c2edda371cd5425f325bac7fbe0dfb6d8542dc37b4c

SHA512
2e5ff22d9ff1bab18adeaf2ddde9724e1a14c1488fd5e0beed5196cfcad3f2e110588d7166cebe71f72072bc8ddcdee59b5929c3dd163f9b5e02c88a5e584792

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-RGMM0.tmp\4655c1448795668c21904ce39b61dbf2aa278df7d0ade347352bf6405ca83b23.tmp

Filesize
1.2MB

MD5
3aabfe33f7b23e5b8409647b6b41996f

SHA1
8653690e9d2bae73243a8203b8dc9c34c5163d72

SHA256
706612698e77b203d3058c2edda371cd5425f325bac7fbe0dfb6d8542dc37b4c

SHA512
2e5ff22d9ff1bab18adeaf2ddde9724e1a14c1488fd5e0beed5196cfcad3f2e110588d7166cebe71f72072bc8ddcdee59b5929c3dd163f9b5e02c88a5e584792

Download Submit
\Program Files (x86)\Tuneup Pro\TuneupPro.exe

Filesize
7.3MB

MD5
be2ce71fc87a375f96665b980ec59f7b

SHA1
5ecad41aee09c73f8f7bf1d8d49bea7a222fff85

SHA256
88967773ef715fa98dc87a529d8d0e2f9d3e4783fab33e30f2df88df2a81bc76

SHA512
1a5e44396114afd5ad4b51eeba4ec4a08c07b8664836acc126c6c255ed023e8cc5d7fa9104bde8c703d45b45d4ac02cb6e5983f26cd55efec13f5ba723918e05

Download Submit
\Program Files (x86)\Tuneup Pro\TuneupPro.exe

Filesize
7.3MB

MD5
be2ce71fc87a375f96665b980ec59f7b

SHA1
5ecad41aee09c73f8f7bf1d8d49bea7a222fff85

SHA256
88967773ef715fa98dc87a529d8d0e2f9d3e4783fab33e30f2df88df2a81bc76

SHA512
1a5e44396114afd5ad4b51eeba4ec4a08c07b8664836acc126c6c255ed023e8cc5d7fa9104bde8c703d45b45d4ac02cb6e5983f26cd55efec13f5ba723918e05

Download Submit
\Program Files (x86)\Tuneup Pro\TuneupPro.exe

Filesize
7.3MB

MD5
be2ce71fc87a375f96665b980ec59f7b

SHA1
5ecad41aee09c73f8f7bf1d8d49bea7a222fff85

SHA256
88967773ef715fa98dc87a529d8d0e2f9d3e4783fab33e30f2df88df2a81bc76

SHA512
1a5e44396114afd5ad4b51eeba4ec4a08c07b8664836acc126c6c255ed023e8cc5d7fa9104bde8c703d45b45d4ac02cb6e5983f26cd55efec13f5ba723918e05

Download Submit
\Program Files (x86)\Tuneup Pro\isxdl.dll

Filesize
153KB

MD5
16429d91b2a28595e3bb5f6a48faa705

SHA1
aa195a50f21cf8935c7031543215151214c6ef4b

SHA256
1b141a14ed518bf01f847d893e282b831d0f0cee87919bc2e98e54a3c80f5471

SHA512
a6f0ba9812c2bf8b6ddac02fff963ad062a7f7fc08ee238d680e32eccb741f7875954765a5e86a2cd3ae0be72cd5b773a9c67425dfb106ecef8e285cdf02ad64

Download Submit
\Program Files (x86)\Tuneup Pro\systweakasp.exe

Filesize
579KB

MD5
8f2ca56d9c7c425facbe535745092ff2

SHA1
f2cbbe9867a40a0928542dace51d8b94957dfcac

SHA256
0c4e44adbd402f42a65bfdd4143a874b76bca9e3a51af3ede9268489e37a8bc4

SHA512
a19cdddd7c9f4bea90e64b03c5f3635d07e25545d35a020ee10de1a79b61748e8673aac179746dce334338d536fdc71ba24479b9cf643e5550ecca3af5c9990e

Download Submit
\Program Files (x86)\Tuneup Pro\unins000.exe

Filesize
1.2MB

MD5
3aabfe33f7b23e5b8409647b6b41996f

SHA1
8653690e9d2bae73243a8203b8dc9c34c5163d72

SHA256
706612698e77b203d3058c2edda371cd5425f325bac7fbe0dfb6d8542dc37b4c

SHA512
2e5ff22d9ff1bab18adeaf2ddde9724e1a14c1488fd5e0beed5196cfcad3f2e110588d7166cebe71f72072bc8ddcdee59b5929c3dd163f9b5e02c88a5e584792

Download Submit
\Program Files (x86)\Tuneup Pro\xmllite.dll

Filesize
124KB

MD5
71a2dca8f626fcef8bff7e2c17c67a7f

SHA1
5aaea93ec3f4d722d7ea0c2d86bc4f3cbdce5c92

SHA256
b55a978443ef0b873875910283bedfab0c3133bac7be72a68ed5146f83f1ef8c

SHA512
5244918679eba6e7af8e367c66c3d1bdcfa2323400994ecda37ccd697fb28b52ffdad992650929ec98b98ae9e0213074368a8881c6a62e48579c30f17051a17d

Download Submit
\Users\Admin\AppData\Local\Temp\is-65PCU.tmp\_isetup\_iscrypt.dll

Filesize
2KB

MD5
a69559718ab506675e907fe49deb71e9

SHA1
bc8f404ffdb1960b50c12ff9413c893b56f2e36f

SHA256
2f6294f9aa09f59a574b5dcd33be54e16b39377984f3d5658cda44950fa0f8fc

SHA512
e52e0aa7fe3f79e36330c455d944653d449ba05b2f9abee0914a0910c3452cfa679a40441f9ac696b3ccf9445cbb85095747e86153402fc362bb30ac08249a63

Download Submit
\Users\Admin\AppData\Local\Temp\is-65PCU.tmp\_isetup\_shfoldr.dll

Filesize
22KB

MD5
92dc6ef532fbb4a5c3201469a5b5eb63

SHA1
3e89ff837147c16b4e41c30d6c796374e0b8e62c

SHA256
9884e9d1b4f8a873ccbd81f8ad0ae257776d2348d027d811a56475e028360d87

SHA512
9908e573921d5dbc3454a1c0a6c969ab8a81cc2e8b5385391d46b1a738fb06a76aa3282e0e58d0d2ffa6f27c85668cd5178e1500b8a39b1bbae04366ae6a86d3

Download Submit
\Users\Admin\AppData\Local\Temp\is-65PCU.tmp\_isetup\_shfoldr.dll

Filesize
22KB

MD5
92dc6ef532fbb4a5c3201469a5b5eb63

SHA1
3e89ff837147c16b4e41c30d6c796374e0b8e62c

SHA256
9884e9d1b4f8a873ccbd81f8ad0ae257776d2348d027d811a56475e028360d87

SHA512
9908e573921d5dbc3454a1c0a6c969ab8a81cc2e8b5385391d46b1a738fb06a76aa3282e0e58d0d2ffa6f27c85668cd5178e1500b8a39b1bbae04366ae6a86d3

Download Submit
\Users\Admin\AppData\Local\Temp\is-RGMM0.tmp\4655c1448795668c21904ce39b61dbf2aa278df7d0ade347352bf6405ca83b23.tmp

Filesize
1.2MB

MD5
3aabfe33f7b23e5b8409647b6b41996f

SHA1
8653690e9d2bae73243a8203b8dc9c34c5163d72

SHA256
706612698e77b203d3058c2edda371cd5425f325bac7fbe0dfb6d8542dc37b4c

SHA512
2e5ff22d9ff1bab18adeaf2ddde9724e1a14c1488fd5e0beed5196cfcad3f2e110588d7166cebe71f72072bc8ddcdee59b5929c3dd163f9b5e02c88a5e584792

Download Submit
memory/576-67-0x0000000074321000-0x0000000074323000-memory.dmp

Filesize
8KB

Download
memory/576-58-0x0000000000000000-mapping.dmp

Download
memory/696-65-0x0000000000000000-mapping.dmp

Download
memory/1508-91-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1508-89-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1508-86-0x0000000000000000-mapping.dmp

Download
memory/1932-61-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/1932-54-0x0000000074D71000-0x0000000074D73000-memory.dmp

Filesize
8KB

Download
memory/1932-55-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/1932-78-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/2016-73-0x0000000000000000-mapping.dmp

Download