When I type install_wim_tweak.exe /? Cmd closes Wim path on mounted iso, cmd closes immediately. When I open Install_wim_tweak cmd starts and app ask me for install.wim path, what should I put in there? I got Install_wim_tweak for framework 4.6 and planning to use it to remove some packages from current os then from win iso, windows 10 But I do not know how to start using that app as there's not much on the net. Seems to be functional on up-to-date Windows 10.Install_wim_tweak I found some info on the net, commands how to remove windows apps etc.
Seems to be widely unknown, although some engines detecting it as malicious. Tl dr: Found malware that is passing as tool to remove some unwanted windows apps. This person casually keeping it on their github (has code for remote management and malware on there as well.) (offline atm, cached version, "Remove-Cortana-Windows-Feedback-Contact-and-Support-an-Edge.zip" is the file in question) exe are distributed on many different sites, for example: When I googled on the topic a bit I found out that similar. On my real Windows machine I realized that this was a virus because suddenly my HDD was maxed out all the time by weird processes, but I was not able to reproduce this in a VM yet. In fact, I just cought this when replaying the whole scenario in a VM. However this only flashes up for maybe a second at best, then some part of the malware hides this notification and you will only find it by going through the history of Defender manually. cmd as admin as advised, there will be a security notification about "HackTool:Win32/Wpakill.AR!MTB" being detected. Only one engine detects this on virustotal. exe! Both say version 1.4.7.0, but they got different checksums:
zip from above does not actually contain the same.
I believe this to be malware free, originally. It is used to modify windows install images. This is supposed to be a pretty well known tool, see here. The "install_wim_tweak.exe" is where things start to get interesting. cmd file is not of interest: It contains a small script that could even work. The "uninstall_edge.zip" you are supposed to download contains two files: "Uninstall Edge.cmd" and "install_wim_tweak.exe". (Disclaimer: I believe this is malware so be careful obviously) H-irealizethismightbemalware-ttps:///how-to-uninstall-and-remove-edge-browser-in-windows-10/ (This got removed from r/malware, so I'm reposting it here)įound what I believe to be a cluster of malware applications.
0 kommentar(er)
