download:

/hwmonitor-pro/HWMonitorPro_1.57_Setup.exe

Full analysis: https://app.any.run/tasks/d7627400-143e-4a5b-96ab-200ab1133873
Verdict: Malicious activity
Threats:

Stealers are a group of malicious software that are intended for gaining unauthorized access to users’ information and transferring it to the attacker. The stealer malware category includes various types of programs that focus on their particular kind of data, including files, passwords, and cryptocurrency. Stealers are capable of spying on their targets by recording their keystrokes and taking screenshots. This type of malware is primarily distributed as part of phishing campaigns.

Malware Trends Tracker     >>>
Analysis date: April 10, 2026, 03:03:22
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
inno
installer
delphi
cpuz
tool
stealer
fake-filezilla
antivm
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386, for MS Windows, 11 sections
MD5:

053F5C90467DC3CCEDB14A18AFD63DD6

SHA1:

9253111B359C610B5F95EF33C2D1C06795AB01E9

SHA256:

66AD4AAF260A5173D8EAA14DB52629FD361ADD8B772F6A4BCC5C10328F0CC3C0

SSDEEP:

98304:7BPF0PN/Yi+UKcy9iuPrstBUlwLL1t4JMyIswYhH5qxZnCrpFpnOno1FXZW7aAN7:SUeDaPU

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Reads a specific registry key of the VM

      • HWMonitorPro.exe (PID: 2648)
      • powershell.exe (PID: 7476)
      • MSBuild.exe (PID: 7760)
      • HWMonitorPro.exe (PID: 2160)
      • powershell.exe (PID: 4336)

    • Trojanized FileZilla has been detected

      • HWMonitorPro.exe (PID: 2648)
      • HWMonitorPro.exe (PID: 2160)

    • Run PowerShell with an invisible window

      • powershell.exe (PID: 7488)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • HWMonitorPro_1.57_Setup.exe (PID: 1536)
      • HWMonitorPro_1.57_Setup.exe (PID: 7176)
      • HWMonitorPro_1.57_Setup.tmp (PID: 4260)
      • HWMonitorPro.exe (PID: 2648)
      • csc.exe (PID: 7684)
      • csc.exe (PID: 5300)
      • HWMonitorPro.exe (PID: 2160)
      • csc.exe (PID: 7456)

    • Reads the BIOS version

      • HWMonitorPro.exe (PID: 2648)
      • powershell.exe (PID: 7476)
      • MSBuild.exe (PID: 7760)
      • HWMonitorPro.exe (PID: 2160)
      • powershell.exe (PID: 4336)

    • Reads the Windows owner or organization settings

      • HWMonitorPro_1.57_Setup.tmp (PID: 4260)

    • Executes as Windows Service

      • WmiApSrv.exe (PID: 4176)
      • WmiApSrv.exe (PID: 8120)

    • Starts POWERSHELL.EXE for commands execution

      • HWMonitorPro.exe (PID: 2648)
      • powershell.exe (PID: 7476)
      • HWMonitorPro.exe (PID: 2160)

    • CSC.EXE is used to compile C# code

      • csc.exe (PID: 7684)
      • csc.exe (PID: 5300)
      • csc.exe (PID: 7456)

    • Converts a specified value to a byte (POWERSHELL)

      • powershell.exe (PID: 7476)
      • powershell.exe (PID: 4336)

    • There is functionality for VM detection VirtualBox (YARA)

      • HWMonitorPro.exe (PID: 2648)

    • Possible stealing of FTP data

      • powershell.exe (PID: 7476)

    • Application launched itself

      • powershell.exe (PID: 7476)

    • MSBuild is used to compile and execute code

      • MSBuild.exe (PID: 7760)

    • Creates/Modifies COM task schedule object

      • HWMonitorPro.exe (PID: 2648)

  • INFO

    • Checks supported languages

      • HWMonitorPro_1.57_Setup.exe (PID: 1536)
      • HWMonitorPro_1.57_Setup.tmp (PID: 2652)
      • HWMonitorPro_1.57_Setup.exe (PID: 7176)
      • HWMonitorPro_1.57_Setup.tmp (PID: 4260)
      • HWMonitorPro.exe (PID: 2648)
      • csc.exe (PID: 7684)
      • cvtres.exe (PID: 6084)
      • MSBuild.exe (PID: 7760)
      • csc.exe (PID: 5300)
      • cvtres.exe (PID: 4744)
      • HWMonitorPro.exe (PID: 2160)
      • cvtres.exe (PID: 6592)
      • csc.exe (PID: 7456)

    • Reads the computer name

      • HWMonitorPro_1.57_Setup.tmp (PID: 2652)
      • HWMonitorPro_1.57_Setup.exe (PID: 7176)
      • HWMonitorPro_1.57_Setup.tmp (PID: 4260)
      • HWMonitorPro.exe (PID: 2648)
      • MSBuild.exe (PID: 7760)
      • HWMonitorPro.exe (PID: 2160)

    • Create files in a temporary directory

      • HWMonitorPro_1.57_Setup.exe (PID: 1536)
      • HWMonitorPro_1.57_Setup.exe (PID: 7176)
      • HWMonitorPro_1.57_Setup.tmp (PID: 4260)
      • csc.exe (PID: 7684)
      • cvtres.exe (PID: 6084)
      • MSBuild.exe (PID: 7760)
      • csc.exe (PID: 5300)
      • cvtres.exe (PID: 4744)
      • cvtres.exe (PID: 6592)
      • csc.exe (PID: 7456)

    • Reads security settings of Internet Explorer

      • HWMonitorPro_1.57_Setup.tmp (PID: 2652)
      • HWMonitorPro.exe (PID: 2648)
      • HWMonitorPro.exe (PID: 2160)

    • Process checks computer location settings

      • HWMonitorPro_1.57_Setup.tmp (PID: 2652)

    • Manual execution by a user

      • HWMonitorPro.exe (PID: 2648)
      • HWMonitorPro.exe (PID: 4504)
      • powershell.exe (PID: 7488)
      • chrome.exe (PID: 7888)
      • HWMonitorPro.exe (PID: 7792)
      • HWMonitorPro.exe (PID: 2160)

    • Compiled with Borland Delphi (YARA)

      • HWMonitorPro_1.57_Setup.tmp (PID: 2652)
      • HWMonitorPro_1.57_Setup.exe (PID: 1536)

    • Reads the machine GUID from the registry

      • HWMonitorPro.exe (PID: 2648)
      • csc.exe (PID: 7684)
      • MSBuild.exe (PID: 7760)
      • csc.exe (PID: 5300)
      • HWMonitorPro.exe (PID: 2160)
      • csc.exe (PID: 7456)

    • Detects InnoSetup installer (YARA)

      • HWMonitorPro_1.57_Setup.exe (PID: 1536)
      • HWMonitorPro_1.57_Setup.tmp (PID: 2652)

    • The sample compiled with english language support

      • HWMonitorPro_1.57_Setup.tmp (PID: 4260)
      • HWMonitorPro.exe (PID: 2648)
      • HWMonitorPro.exe (PID: 2160)

    • Creates a software uninstall entry

      • HWMonitorPro_1.57_Setup.tmp (PID: 4260)

    • Reads CPU info

      • HWMonitorPro.exe (PID: 2648)
      • HWMonitorPro.exe (PID: 2160)

    • Reads the time zone

      • HWMonitorPro.exe (PID: 2648)
      • HWMonitorPro.exe (PID: 2160)

    • Creates files or folders in the user directory

      • HWMonitorPro.exe (PID: 2648)
      • HWMonitorPro.exe (PID: 2160)

    • CPUZ mutex has been found

      • HWMonitorPro.exe (PID: 2648)
      • HWMonitorPro.exe (PID: 2160)

    • Gets data length (POWERSHELL)

      • powershell.exe (PID: 7476)
      • powershell.exe (PID: 4336)

    • Checks if a key exists in the options dictionary (POWERSHELL)

      • powershell.exe (PID: 6236)

    • Application launched itself

      • chrome.exe (PID: 7888)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Inno Setup installer (65.1)
.exe | Win32 EXE PECompact compressed (generic) (24.6)
.dll | Win32 Dynamic Link Library (generic) (3.9)
.exe | Win32 Executable (generic) (2.6)
.exe | Win16/32 Executable Delphi generic (1.2)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2026:02:11 11:40:27+00:00
ImageFileCharacteristics: Executable, 32-bit
PEType: PE32
LinkerVersion: 2.25
CodeSize: 726016
InitializedDataSize: 120832
UninitializedDataSize: -
EntryPoint: 0xb1e60
OSVersion: 6.1
ImageVersion: -
SubsystemVersion: 6.1
Subsystem: Windows GUI
FileVersionNumber: 0.0.0.0
ProductVersionNumber: 0.0.0.0
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: Neutral
CharacterSet: Unicode
Comments: This installation was built with Inno Setup.
CompanyName: CPUID, Inc.
FileDescription: CPUID HWMonitor Pro Setup
FileVersion:
LegalCopyright:
OriginalFileName:
ProductName: CPUID HWMonitor Pro
ProductVersion: 1.57
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
190
Monitored processes
41
Malicious processes
3
Suspicious processes
3

Behavior graph

Click at the process to see the details
start hwmonitorpro_1.57_setup.exe hwmonitorpro_1.57_setup.tmp no specs hwmonitorpro_1.57_setup.exe hwmonitorpro_1.57_setup.tmp hwmonitorpro.exe no specs #FAKE-FILEZILLA hwmonitorpro.exe wmiapsrv.exe no specs powershell.exe conhost.exe no specs csc.exe cvtres.exe no specs chrome.exe no specs msedge.exe no specs powershell.exe no specs conhost.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs powershell.exe no specs conhost.exe no specs msbuild.exe no specs csc.exe cvtres.exe no specs hwmonitorpro.exe no specs #FAKE-FILEZILLA hwmonitorpro.exe wmiapsrv.exe no specs powershell.exe no specs conhost.exe no specs csc.exe cvtres.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
1536"C:\Users\admin\AppData\Local\Temp\HWMonitorPro_1.57_Setup.exe" C:\Users\admin\AppData\Local\Temp\HWMonitorPro_1.57_Setup.exe
explorer.exe
User:
admin
Company:
CPUID, Inc.
Integrity Level:
MEDIUM
Description:
CPUID HWMonitor Pro Setup
Exit code:
0
Version:
Modules
Images
c:\users\admin\appdata\local\temp\hwmonitorpro_1.57_setup.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\comctl32.dll
2160"C:\Program Files (x86)\CPUID\HWMonitorPro\HWMonitorPro.exe" C:\Program Files (x86)\CPUID\HWMonitorPro\HWMonitorPro.exe
explorer.exe
User:
admin
Company:
CPUID
Integrity Level:
HIGH
Description:
Hardware Monitor PRO
Version:
1, 5, 7, 0
Modules
Images
c:\program files (x86)\cpuid\hwmonitorpro\hwmonitorpro.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\user32.dll
2576"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --disable-quic --string-annotations --field-trial-handle=2244,i,18124382666984961180,11005066229445565504,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20251218-201203.402000 --mojo-platform-channel-handle=2264 /prefetch:3C:\Program Files\Google\Chrome\Application\chrome.exe
chrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Version:
133.0.6943.127
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\aclayers.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
2648"C:\Program Files (x86)\CPUID\HWMonitorPro\HWMonitorPro.exe" C:\Program Files (x86)\CPUID\HWMonitorPro\HWMonitorPro.exe
explorer.exe
User:
admin
Company:
CPUID
Integrity Level:
HIGH
Description:
Hardware Monitor PRO
Exit code:
0
Version:
1, 5, 7, 0
Modules
Images
c:\program files (x86)\cpuid\hwmonitorpro\hwmonitorpro.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\version.dll
2652"C:\Users\admin\AppData\Local\Temp\is-3MD5KRYU8H.tmp\HWMonitorPro_1.57_Setup.tmp" /SL5="$26031A,3337853,847872,C:\Users\admin\AppData\Local\Temp\HWMonitorPro_1.57_Setup.exe" C:\Users\admin\AppData\Local\Temp\is-3MD5KRYU8H.tmp\HWMonitorPro_1.57_Setup.tmpHWMonitorPro_1.57_Setup.exe
User:
admin
Company:
CPUID, Inc.
Integrity Level:
MEDIUM
Description:
Setup/Uninstall
Exit code:
0
Version:
51.1054.0.0
Modules
Images
c:\users\admin\appdata\local\temp\is-3md5kryu8h.tmp\hwmonitorpro_1.57_setup.tmp
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\shlwapi.dll
2792\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exepowershell.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
3156"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --disable-quic --string-annotations --field-trial-handle=4876,i,18124382666984961180,11005066229445565504,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20251218-201203.402000 --mojo-platform-channel-handle=4936 /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Exit code:
0
Version:
133.0.6943.127
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\aclayers.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
3324"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=133.0.6943.127 --initial-client-data=0x218,0x21c,0x220,0x1f4,0x224,0x7ffe23d5fff8,0x7ffe23d60004,0x7ffe23d60010C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Version:
133.0.6943.127
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\aclayers.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
4176C:\WINDOWS\system32\wbem\WmiApSrv.exeC:\Windows\System32\wbem\WmiApSrv.exeservices.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
WMI Performance Reverse Adapter
Exit code:
0
Version:
10.0.19041.3758 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\wbemcomn.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\psapi.dll
4260"C:\Users\admin\AppData\Local\Temp\is-BNU62TT1QC.tmp\HWMonitorPro_1.57_Setup.tmp" /SL5="$70388,3337853,847872,C:\Users\admin\AppData\Local\Temp\HWMonitorPro_1.57_Setup.exe" /SPAWNWND=$16028C /FIRSTWND=$26031A C:\Users\admin\AppData\Local\Temp\is-BNU62TT1QC.tmp\HWMonitorPro_1.57_Setup.tmp
HWMonitorPro_1.57_Setup.exe
User:
admin
Company:
CPUID, Inc.
Integrity Level:
HIGH
Description:
Setup/Uninstall
Exit code:
0
Version:
51.1054.0.0
Modules
Images
c:\users\admin\appdata\local\temp\is-bnu62tt1qc.tmp\hwmonitorpro_1.57_setup.tmp
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\shlwapi.dll
Total events
39 201
Read events
39 150
Write events
51
Delete events
0

Modification events

(PID) Process:(4260) HWMonitorPro_1.57_Setup.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\CPUID\HWMonitor Pro
Operation:writeName:PATH
Value:
C:\Program Files (x86)\CPUID\HWMonitorPro
(PID) Process:(4260) HWMonitorPro_1.57_Setup.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\CPUID HWMonitorPro_is1
Operation:writeName:DisplayName
Value:
CPUID HWMonitor Pro 1.57
(PID) Process:(4260) HWMonitorPro_1.57_Setup.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\CPUID HWMonitorPro_is1
Operation:writeName:UninstallString
Value:
"C:\Program Files (x86)\CPUID\HWMonitorPro\unins000.exe"
(PID) Process:(4260) HWMonitorPro_1.57_Setup.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\CPUID HWMonitorPro_is1
Operation:writeName:DisplayIcon
Value:
C:\Program Files (x86)\CPUID\HWMonitorPro\HWMonitorPro.exe
(PID) Process:(4260) HWMonitorPro_1.57_Setup.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\CPUID HWMonitorPro_is1
Operation:writeName:DisplayVersion
Value:
1.57
(PID) Process:(4260) HWMonitorPro_1.57_Setup.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\CPUID HWMonitorPro_is1
Operation:writeName:Publisher
Value:
CPUID, Inc.
(PID) Process:(4260) HWMonitorPro_1.57_Setup.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\CPUID HWMonitorPro_is1
Operation:writeName:NoModify
Value:
1
(PID) Process:(4260) HWMonitorPro_1.57_Setup.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\CPUID HWMonitorPro_is1
Operation:writeName:NoRepair
Value:
1
(PID) Process:(4260) HWMonitorPro_1.57_Setup.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{CPUID-HWMonitorPro-1.57-INSTALL}}_is1
Operation:writeName:Inno Setup: Setup Version
Value:
6.7.1
(PID) Process:(4260) HWMonitorPro_1.57_Setup.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{CPUID-HWMonitorPro-1.57-INSTALL}}_is1
Operation:writeName:Inno Setup: App Path
Value:
C:\Program Files (x86)\CPUID\HWMonitorPro
Executable files
17
Suspicious files
89
Text files
79
Unknown types
1

Dropped files

PID
Process
Filename
Type
4260HWMonitorPro_1.57_Setup.tmpC:\Program Files (x86)\CPUID\HWMonitorPro\CRYPTBASE.dllexecutable
MD5:82D02F796D124239AF2419DDD8B8082A
SHA256:2C377564149F40B8EAE7FF55F92FF4843D2C031041025AC3C196F51C94F1C54B
4260HWMonitorPro_1.57_Setup.tmpC:\Program Files (x86)\CPUID\HWMonitorPro\HWMonitorPro_eula.pdfbinary
MD5:B936904192413690BB6B6484CE914866
SHA256:D49E96B71AC313605AA4655F542FAEDCDB30CEB87B7C17978D1835B0809DA11E
4260HWMonitorPro_1.57_Setup.tmpC:\Program Files (x86)\CPUID\HWMonitorPro\is-MW56H6T71D.tmpexecutable
MD5:46E0C8D06863B16498AE01289936E987
SHA256:59344327BCED0010E8192E4B6E3E12E390CD9084F1BA7BF9CFDFD29CF03C588B
4260HWMonitorPro_1.57_Setup.tmpC:\Users\admin\AppData\Local\Temp\is-1T2M0CMNCQ.tmp\_isetup\_setup64.tmpexecutable
MD5:E4211D6D009757C078A9FAC7FF4F03D4
SHA256:388A796580234EFC95F3B1C70AD4CB44BFDDC7BA0F9203BF4902B9929B136F95
4260HWMonitorPro_1.57_Setup.tmpC:\Program Files (x86)\CPUID\HWMonitorPro\is-OY33HOGNTE.tmpexecutable
MD5:2FB84F72E5062DD808523A1C51FA6081
SHA256:84A46A107242808C39B33BFF2854176AFFCA99D90661A805C44FE4CB6D910F59
1536HWMonitorPro_1.57_Setup.exeC:\Users\admin\AppData\Local\Temp\is-3MD5KRYU8H.tmp\HWMonitorPro_1.57_Setup.tmpexecutable
MD5:CE0D85DD4E01F98EA4B2228F5D355DB2
SHA256:0ACC438624C7814EC530F4794700D70DF94A0242C4455B9DCE214ED448A2B58C
7176HWMonitorPro_1.57_Setup.exeC:\Users\admin\AppData\Local\Temp\is-BNU62TT1QC.tmp\HWMonitorPro_1.57_Setup.tmpexecutable
MD5:CE0D85DD4E01F98EA4B2228F5D355DB2
SHA256:0ACC438624C7814EC530F4794700D70DF94A0242C4455B9DCE214ED448A2B58C
4260HWMonitorPro_1.57_Setup.tmpC:\Program Files (x86)\CPUID\HWMonitorPro\is-RIYW7TOPDL.tmppdf
MD5:B936904192413690BB6B6484CE914866
SHA256:D49E96B71AC313605AA4655F542FAEDCDB30CEB87B7C17978D1835B0809DA11E
4260HWMonitorPro_1.57_Setup.tmpC:\Program Files (x86)\CPUID\HWMonitorPro\is-8GLAR0Z6KL.tmptext
MD5:31BE4FD8D71F92F4005BF05DD0857B2C
SHA256:A726E77BF1F1929ACDB38DF1694C7BFE50F20657919D741A115FDF1F33A90182
4260HWMonitorPro_1.57_Setup.tmpC:\Program Files (x86)\CPUID\HWMonitorPro\is-BE1TJAU4OM.tmpexecutable
MD5:82D02F796D124239AF2419DDD8B8082A
SHA256:2C377564149F40B8EAE7FF55F92FF4843D2C031041025AC3C196F51C94F1C54B
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
126
TCP/UDP connections
67
DNS requests
58
Threats
4

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
5276
MoUsoCoreWorker.exe
GET
304
20.73.194.208:443
https://settings-win.data.microsoft.com/settings/v3.0/OneSettings/Client?OSVersionFull=10.0.19045.4046.amd64fre.vb_release.191206-1406&LocalDeviceID=s%3ABAD99146-31D3-4EC6-A1A4-BE76F32BA5D4&FlightRing=Retail&AttrDataVer=186&OSUILocale=en-US&OSSkuId=48&App=WOSC&AppVer=&IsFlightingEnabled=0&TelemetryLevel=1&DeviceFamily=Windows.Desktop
US
whitelisted
6208
SIHClient.exe
GET
304
135.232.92.137:443
https://slscr.update.microsoft.com/SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.4046/0?CH=686&L=en-US&P=&PT=0x30&WUA=10.0.19041.3996&MK=DELL&MD=DELL
US
whitelisted
6208
SIHClient.exe
GET
200
74.178.240.51:443
https://fe3cr.delivery.mp.microsoft.com/clientwebservice/ping
US
whitelisted
6208
SIHClient.exe
GET
200
135.232.92.137:443
https://slscr.update.microsoft.com/sls/ping
US
whitelisted
6208
SIHClient.exe
GET
304
135.232.92.137:443
https://slscr.update.microsoft.com/SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.4046/0?CH=686&L=en-US&P=&PT=0x30&WUA=10.0.19041.3996&MK=DELL&MD=DELL
US
whitelisted
3044
svchost.exe
GET
304
4.231.128.59:443
https://settings-win.data.microsoft.com/settings/v3.0/WSD/UpdateHealthTools?os=Windows&osVer=10.0.19041.1.amd64fre.vb_release.191206-&sku=48&deviceClass=Windows.Desktop&locale=en-US&deviceId=s:BAD99146-31D3-4EC6-A1A4-BE76F32BA5D4&sampleId=s:95271487&appVer=10.0.19041.3626&FlightRing=Retail&TelemetryLevel=1&HidOverGattReg=C%3A%5CWINDOWS%5CSystem32%5CDriverStore%5CFileRepository%5Chidbthle.inf_amd64_9610b4821fdf82a5%5CMicrosoft.Bluetooth.Profiles.HidOverGatt.dll&AppVer=&ProcessorIdentifier=AMD64%20Family%2023%20Model%201%20Stepping%202&OEMModel=DELL&UpdateOfferedDays=4294967295&ProcessorManufacturer=AuthenticAMD&InstallDate=1661339444&OEMModelBaseBoard=&BranchReadinessLevel=CB&OEMSubModel=J5CR&IsCloudDomainJoined=0&DeferFeatureUpdatePeriodInDays=30&IsDeviceRetailDemo=0&FlightingBranchName=&OSUILocale=en-US&DeviceFamily=Windows.Desktop&WuClientVer=10.0.19041.3996&UninstallActive=1&IsFlightingEnabled=0&OSSkuId=48&ProcessorClockSpeed=3094&TotalPhysicalRAM=6144&SecureBootCapable=0&App=SedimentPack&ProcessorCores=6&CurrentBranch=vb_release&InstallLanguage=en-US&DeferQualityUpdatePeriodInDays=0&OEMName_Uncleaned=DELL&TPMVersion=0&PrimaryDiskTotalCapacity=262144&InstallationType=Client&AttrDataVer=186&ProcessorModel=AMD%20Ryzen%205%203500%206-Core%20Processor&IsEdgeWithChromiumInstalled=1&OSVersion=10.0.19045.4046&IsMDMEnrolled=0&ActivationChannel=Retail&FirmwareVersion=A.40&TrendInstalledKey=1&OSArchitecture=AMD64&DefaultUserRegion=244&UpdateManagementGroup=2
US
whitelisted
GET
200
23.11.41.157:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEAjTxtAB8my1oj8MfWpz%2F7Y%3D
NL
binary
312 b
whitelisted
5316
svchost.exe
POST
400
20.190.159.64:443
https://login.live.com/ppsecure/deviceaddcredential.srf
US
text
203 b
whitelisted
3280
svchost.exe
GET
200
72.246.29.11:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Signing%20CA%202.3.crl
US
binary
400 b
whitelisted
2648
HWMonitorPro.exe
GET
200
195.154.81.43:443
https://www.cpuid.com/_7JneUqg.txt
FR
text
4.61 Kb
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
3044
svchost.exe
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
4
System
192.168.100.255:137
Not routed
whitelisted
5276
MoUsoCoreWorker.exe
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
48.192.1.65:443
activation-v2.sls.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
5532
SearchApp.exe
2.16.241.218:443
www.bing.com
AKAMAI-ASN1
NL
whitelisted
23.11.41.157:80
ocsp.digicert.com
AKAMAI-AMS
NL
whitelisted
204.79.197.203:80
oneocsp.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
4
System
192.168.100.255:138
Not routed
whitelisted
3044
svchost.exe
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
3044
svchost.exe
2.16.241.12:80
crl.microsoft.com
AKAMAI-ASN1
NL
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 51.104.136.2
  • 4.231.128.59
  • 20.73.194.208
whitelisted
activation-v2.sls.microsoft.com
  • 48.192.1.65
whitelisted
www.bing.com
  • 2.16.241.218
  • 2.16.241.201
  • 184.86.251.22
  • 184.86.251.27
whitelisted
ocsp.digicert.com
  • 23.11.41.157
whitelisted
google.com
  • 142.251.110.139
  • 142.251.110.113
  • 142.251.110.101
  • 142.251.110.100
  • 142.251.110.102
  • 142.251.110.138
whitelisted
oneocsp.microsoft.com
  • 204.79.197.203
whitelisted
crl.microsoft.com
  • 2.16.241.12
  • 2.16.241.19
  • 23.216.77.6
  • 23.216.77.28
whitelisted
www.microsoft.com
  • 88.221.169.152
  • 23.59.18.102
  • 72.246.29.11
whitelisted
nist1.nyc.certifiedtime.com
  • 54.243.117.197
  • 13.223.25.84
shared
www.cpuid.com
  • 195.154.81.43
whitelisted

Threats

PID
Process
Class
Message
3044
svchost.exe
Unknown Traffic
ET USER_AGENTS Microsoft Dr Watson User-Agent (MSDW)
2648
HWMonitorPro.exe
Misc activity
ET INFO Cloudflare DNS Over HTTPS Certificate Inbound
7476
powershell.exe
Misc activity
HUNTING [ANY.RUN] TCP binary protocol 32-BE data-len prefix on non-standard port inbound
7476
powershell.exe
Misc activity
HUNTING [ANY.RUN] TCP binary protocol 32-BE data-len prefix on non-standard port outbound
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
/hwmonitor-pro/HWMonitorPro_1.57_Setup.exe