File name:

MDNEqUr9u_ZHKnPDHwXzdOnYA0bl-4NkZFadCa3TnQM_CLBkWRXwfsrlu_bNhfddmvan-lE-1QHDPOGQfA6_2tCD6C1YAUbCnCtdCjsdEOw

Full analysis: https://app.any.run/tasks/55eead9d-dab1-43fc-9e95-13b74c604dbb
Verdict: Malicious activity
Analysis date: December 06, 2022, 06:20:30
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:
installer
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows
MD5:

9E3CE08750B875EAC894F245B0271FDC

SHA1:

C29E78099CDF3A3A8C2E23FE75F38BBABC631D92

SHA256:

825A5E768DF385AD651B16256755A63D91FB710E46296D3B0D05E9DF7EEEDAFF

SSDEEP:

49152:wy+Sh4r+VNPvJ3x19XX3QZcBJwHjniXZsILcKvQ1aB:B+Sh4revJB/XX3QZkqDiXWXKI1a

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Application was dropped or rewritten from another process

      • cpuz.exe (PID: 2656)
      • cpuz.exe (PID: 3096)

    • Drops the executable file immediately after the start

      • MDNEqUr9u_ZHKnPDHwXzdOnYA0bl-4NkZFadCa3TnQM_CLBkWRXwfsrlu_bNhfddmvan-lE-1QHDPOGQfA6_2tCD6C1YAUbCnCtdCjsdEOw.tmp (PID: 3608)
      • cpuz.exe (PID: 3096)

  • SUSPICIOUS

    • Creates a directory in Program Files

      • MDNEqUr9u_ZHKnPDHwXzdOnYA0bl-4NkZFadCa3TnQM_CLBkWRXwfsrlu_bNhfddmvan-lE-1QHDPOGQfA6_2tCD6C1YAUbCnCtdCjsdEOw.tmp (PID: 3608)

    • Reads the Windows owner or organization settings

      • MDNEqUr9u_ZHKnPDHwXzdOnYA0bl-4NkZFadCa3TnQM_CLBkWRXwfsrlu_bNhfddmvan-lE-1QHDPOGQfA6_2tCD6C1YAUbCnCtdCjsdEOw.tmp (PID: 3608)

    • Executable content was dropped or overwritten

      • MDNEqUr9u_ZHKnPDHwXzdOnYA0bl-4NkZFadCa3TnQM_CLBkWRXwfsrlu_bNhfddmvan-lE-1QHDPOGQfA6_2tCD6C1YAUbCnCtdCjsdEOw.tmp (PID: 3608)
      • cpuz.exe (PID: 3096)

    • Drops a file with too old compile date

      • MDNEqUr9u_ZHKnPDHwXzdOnYA0bl-4NkZFadCa3TnQM_CLBkWRXwfsrlu_bNhfddmvan-lE-1QHDPOGQfA6_2tCD6C1YAUbCnCtdCjsdEOw.tmp (PID: 3608)

    • Reads security settings of Internet Explorer

      • cpuz.exe (PID: 3096)

    • Checks Windows Trust Settings

      • cpuz.exe (PID: 3096)

    • Reads the Internet Settings

      • cpuz.exe (PID: 3096)

    • Reads settings of System Certificates

      • cpuz.exe (PID: 3096)

    • Adds/modifies Windows certificates

      • cpuz.exe (PID: 3096)

  • INFO

    • Checks supported languages

      • MDNEqUr9u_ZHKnPDHwXzdOnYA0bl-4NkZFadCa3TnQM_CLBkWRXwfsrlu_bNhfddmvan-lE-1QHDPOGQfA6_2tCD6C1YAUbCnCtdCjsdEOw.exe (PID: 3336)
      • MDNEqUr9u_ZHKnPDHwXzdOnYA0bl-4NkZFadCa3TnQM_CLBkWRXwfsrlu_bNhfddmvan-lE-1QHDPOGQfA6_2tCD6C1YAUbCnCtdCjsdEOw.tmp (PID: 2284)
      • MDNEqUr9u_ZHKnPDHwXzdOnYA0bl-4NkZFadCa3TnQM_CLBkWRXwfsrlu_bNhfddmvan-lE-1QHDPOGQfA6_2tCD6C1YAUbCnCtdCjsdEOw.exe (PID: 2056)
      • cpuz.exe (PID: 3096)
      • MDNEqUr9u_ZHKnPDHwXzdOnYA0bl-4NkZFadCa3TnQM_CLBkWRXwfsrlu_bNhfddmvan-lE-1QHDPOGQfA6_2tCD6C1YAUbCnCtdCjsdEOw.tmp (PID: 3608)

    • Application was dropped or rewritten from another process

      • MDNEqUr9u_ZHKnPDHwXzdOnYA0bl-4NkZFadCa3TnQM_CLBkWRXwfsrlu_bNhfddmvan-lE-1QHDPOGQfA6_2tCD6C1YAUbCnCtdCjsdEOw.tmp (PID: 2284)
      • MDNEqUr9u_ZHKnPDHwXzdOnYA0bl-4NkZFadCa3TnQM_CLBkWRXwfsrlu_bNhfddmvan-lE-1QHDPOGQfA6_2tCD6C1YAUbCnCtdCjsdEOw.tmp (PID: 3608)

    • Reads the computer name

      • MDNEqUr9u_ZHKnPDHwXzdOnYA0bl-4NkZFadCa3TnQM_CLBkWRXwfsrlu_bNhfddmvan-lE-1QHDPOGQfA6_2tCD6C1YAUbCnCtdCjsdEOw.tmp (PID: 3608)
      • MDNEqUr9u_ZHKnPDHwXzdOnYA0bl-4NkZFadCa3TnQM_CLBkWRXwfsrlu_bNhfddmvan-lE-1QHDPOGQfA6_2tCD6C1YAUbCnCtdCjsdEOw.tmp (PID: 2284)
      • cpuz.exe (PID: 3096)

    • Creates files in the program directory

      • MDNEqUr9u_ZHKnPDHwXzdOnYA0bl-4NkZFadCa3TnQM_CLBkWRXwfsrlu_bNhfddmvan-lE-1QHDPOGQfA6_2tCD6C1YAUbCnCtdCjsdEOw.tmp (PID: 3608)

    • Manual execution by a user

      • cpuz.exe (PID: 2656)
      • cpuz.exe (PID: 3096)

    • Creates a software uninstall entry

      • MDNEqUr9u_ZHKnPDHwXzdOnYA0bl-4NkZFadCa3TnQM_CLBkWRXwfsrlu_bNhfddmvan-lE-1QHDPOGQfA6_2tCD6C1YAUbCnCtdCjsdEOw.tmp (PID: 3608)

    • Drops a file that was compiled in debug mode

      • cpuz.exe (PID: 3096)

    • Reads Environment values

      • cpuz.exe (PID: 3096)

    • Checks proxy server information

      • cpuz.exe (PID: 3096)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Inno Setup installer (77.7)
.exe | Win32 Executable Delphi generic (10)
.dll | Win32 Dynamic Link Library (generic) (4.6)
.exe | Win32 Executable (generic) (3.1)
.exe | Win16/32 Executable Delphi generic (1.4)

Summary

Architecture: IMAGE_FILE_MACHINE_I386
Subsystem: IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date: 1992-Jun-19 22:22:17
Detected languages:
  • Dutch - Netherlands
  • English - United States
Comments: This installation was built with Inno Setup.
CompanyName: CPUID, Inc.
FileDescription: CPUID CPU-Z Setup
FileVersion: -
LegalCopyright: -
ProductName: CPUID CPU-Z
ProductVersion: 1.97

DOS Header

e_magic: MZ
e_cblp: 80
e_cp: 2
e_crlc: -
e_cparhdr: 4
e_minalloc: 15
e_maxalloc: 65535
e_ss: -
e_sp: 184
e_csum: -
e_ip: -
e_cs: -
e_ovno: 26
e_oemid: -
e_oeminfo: -
e_lfanew: 256

PE Headers

Signature: PE
Machine: IMAGE_FILE_MACHINE_I386
NumberofSections: 8
TimeDateStamp: 1992-Jun-19 22:22:17
PointerToSymbolTable: -
NumberOfSymbols: -
SizeOfOptionalHeader: 224
Characteristics:
  • IMAGE_FILE_32BIT_MACHINE
  • IMAGE_FILE_BYTES_REVERSED_HI
  • IMAGE_FILE_BYTES_REVERSED_LO
  • IMAGE_FILE_EXECUTABLE_IMAGE
  • IMAGE_FILE_LINE_NUMS_STRIPPED
  • IMAGE_FILE_LOCAL_SYMS_STRIPPED
  • IMAGE_FILE_RELOCS_STRIPPED

Sections

Name
Virtual Address
Virtual Size
Raw Size
Charateristics
Entropy
CODE
4096
41480
41984
IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
6.60167
DATA
49152
592
1024
IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
2.77135
BSS
53248
3732
0
IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.idata
57344
2428
2560
IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
4.48608
.tls
61440
8
0
IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rdata
65536
24
512
IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_SHARED
0.190489
.reloc
69632
2336
0
IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_SHARED
.rsrc
73728
11264
11264
IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_SHARED
4.58902

Resources

Title
Entropy
Size
Codepage
Language
Type
1
3.25755
296
UNKNOWN
Dutch - Netherlands
RT_ICON
2
3.47151
1384
UNKNOWN
Dutch - Netherlands
RT_ICON
3
3.91708
744
UNKNOWN
Dutch - Netherlands
RT_ICON
4
3.91366
2216
UNKNOWN
Dutch - Netherlands
RT_ICON
4089
3.21823
754
UNKNOWN
UNKNOWN
RT_STRING
4090
3.31515
780
UNKNOWN
UNKNOWN
RT_STRING
4091
3.25024
718
UNKNOWN
UNKNOWN
RT_STRING
4093
2.86149
104
UNKNOWN
UNKNOWN
RT_STRING
4094
3.20731
180
UNKNOWN
UNKNOWN
RT_STRING
4095
3.04592
174
UNKNOWN
UNKNOWN
RT_STRING

Imports

advapi32.dll
advapi32.dll (#2)
comctl32.dll
kernel32.dll
kernel32.dll (#2)
oleaut32.dll
user32.dll
user32.dll (#2)
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
48
Monitored processes
6
Malicious processes
2
Suspicious processes
1

Behavior graph

Click at the process to see the details
drop and start start drop and start mdnequr9u_zhknpdhwxzdonya0bl-4nkzfadca3tnqm_clbkwrxwfsrlu_bnhfddmvan-le-1qhdpogqfa6_2tcd6c1yaubcnctdcjsdeow.exe no specs mdnequr9u_zhknpdhwxzdonya0bl-4nkzfadca3tnqm_clbkwrxwfsrlu_bnhfddmvan-le-1qhdpogqfa6_2tcd6c1yaubcnctdcjsdeow.tmp no specs mdnequr9u_zhknpdhwxzdonya0bl-4nkzfadca3tnqm_clbkwrxwfsrlu_bnhfddmvan-le-1qhdpogqfa6_2tcd6c1yaubcnctdcjsdeow.exe mdnequr9u_zhknpdhwxzdonya0bl-4nkzfadca3tnqm_clbkwrxwfsrlu_bnhfddmvan-le-1qhdpogqfa6_2tcd6c1yaubcnctdcjsdeow.tmp cpuz.exe no specs cpuz.exe

Process information

PID
CMD
Path
Indicators
Parent process
2056"C:\Users\admin\AppData\Local\Temp\MDNEqUr9u_ZHKnPDHwXzdOnYA0bl-4NkZFadCa3TnQM_CLBkWRXwfsrlu_bNhfddmvan-lE-1QHDPOGQfA6_2tCD6C1YAUbCnCtdCjsdEOw.exe" C:\Users\admin\AppData\Local\Temp\MDNEqUr9u_ZHKnPDHwXzdOnYA0bl-4NkZFadCa3TnQM_CLBkWRXwfsrlu_bNhfddmvan-lE-1QHDPOGQfA6_2tCD6C1YAUbCnCtdCjsdEOw.exeExplorer.EXE
User:
admin
Company:
CPUID, Inc.
Integrity Level:
MEDIUM
Description:
CPUID CPU-Z Setup
Exit code:
0
Version:
Modules
Images
c:\windows\system32\kernel32.dll
c:\windows\system32\ntdll.dll
c:\users\admin\appdata\local\temp\mdnequr9u_zhknpdhwxzdonya0bl-4nkzfadca3tnqm_clbkwrxwfsrlu_bnhfddmvan-le-1qhdpogqfa6_2tcd6c1yaubcnctdcjsdeow.exe
c:\windows\system32\kernelbase.dll
c:\windows\system32\usp10.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\oleaut32.dll
2284"C:\Users\admin\AppData\Local\Temp\is-NQG7P.tmp\MDNEqUr9u_ZHKnPDHwXzdOnYA0bl-4NkZFadCa3TnQM_CLBkWRXwfsrlu_bNhfddmvan-lE-1QHDPOGQfA6_2tCD6C1YAUbCnCtdCjsdEOw.tmp" /SL5="$50198,1823662,58368,C:\Users\admin\AppData\Local\Temp\MDNEqUr9u_ZHKnPDHwXzdOnYA0bl-4NkZFadCa3TnQM_CLBkWRXwfsrlu_bNhfddmvan-lE-1QHDPOGQfA6_2tCD6C1YAUbCnCtdCjsdEOw.exe" C:\Users\admin\AppData\Local\Temp\is-NQG7P.tmp\MDNEqUr9u_ZHKnPDHwXzdOnYA0bl-4NkZFadCa3TnQM_CLBkWRXwfsrlu_bNhfddmvan-lE-1QHDPOGQfA6_2tCD6C1YAUbCnCtdCjsdEOw.tmpMDNEqUr9u_ZHKnPDHwXzdOnYA0bl-4NkZFadCa3TnQM_CLBkWRXwfsrlu_bNhfddmvan-lE-1QHDPOGQfA6_2tCD6C1YAUbCnCtdCjsdEOw.exe
User:
admin
Integrity Level:
MEDIUM
Description:
Setup/Uninstall
Exit code:
0
Version:
51.52.0.0
Modules
Images
c:\users\admin\appdata\local\temp\is-nqg7p.tmp\mdnequr9u_zhknpdhwxzdonya0bl-4nkzfadca3tnqm_clbkwrxwfsrlu_bnhfddmvan-le-1qhdpogqfa6_2tcd6c1yaubcnctdcjsdeow.tmp
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\oleaut32.dll
3336"C:\Users\admin\AppData\Local\Temp\MDNEqUr9u_ZHKnPDHwXzdOnYA0bl-4NkZFadCa3TnQM_CLBkWRXwfsrlu_bNhfddmvan-lE-1QHDPOGQfA6_2tCD6C1YAUbCnCtdCjsdEOw.exe" /SPAWNWND=$601B0 /NOTIFYWND=$50198 C:\Users\admin\AppData\Local\Temp\MDNEqUr9u_ZHKnPDHwXzdOnYA0bl-4NkZFadCa3TnQM_CLBkWRXwfsrlu_bNhfddmvan-lE-1QHDPOGQfA6_2tCD6C1YAUbCnCtdCjsdEOw.exe
MDNEqUr9u_ZHKnPDHwXzdOnYA0bl-4NkZFadCa3TnQM_CLBkWRXwfsrlu_bNhfddmvan-lE-1QHDPOGQfA6_2tCD6C1YAUbCnCtdCjsdEOw.tmp
User:
admin
Company:
CPUID, Inc.
Integrity Level:
HIGH
Description:
CPUID CPU-Z Setup
Exit code:
0
Version:
Modules
Images
c:\users\admin\appdata\local\temp\mdnequr9u_zhknpdhwxzdonya0bl-4nkzfadca3tnqm_clbkwrxwfsrlu_bnhfddmvan-le-1qhdpogqfa6_2tcd6c1yaubcnctdcjsdeow.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\rpcrt4.dll
3608"C:\Users\admin\AppData\Local\Temp\is-AHPCJ.tmp\MDNEqUr9u_ZHKnPDHwXzdOnYA0bl-4NkZFadCa3TnQM_CLBkWRXwfsrlu_bNhfddmvan-lE-1QHDPOGQfA6_2tCD6C1YAUbCnCtdCjsdEOw.tmp" /SL5="$601C8,1823662,58368,C:\Users\admin\AppData\Local\Temp\MDNEqUr9u_ZHKnPDHwXzdOnYA0bl-4NkZFadCa3TnQM_CLBkWRXwfsrlu_bNhfddmvan-lE-1QHDPOGQfA6_2tCD6C1YAUbCnCtdCjsdEOw.exe" /SPAWNWND=$601B0 /NOTIFYWND=$50198 C:\Users\admin\AppData\Local\Temp\is-AHPCJ.tmp\MDNEqUr9u_ZHKnPDHwXzdOnYA0bl-4NkZFadCa3TnQM_CLBkWRXwfsrlu_bNhfddmvan-lE-1QHDPOGQfA6_2tCD6C1YAUbCnCtdCjsdEOw.tmp
MDNEqUr9u_ZHKnPDHwXzdOnYA0bl-4NkZFadCa3TnQM_CLBkWRXwfsrlu_bNhfddmvan-lE-1QHDPOGQfA6_2tCD6C1YAUbCnCtdCjsdEOw.exe
User:
admin
Integrity Level:
HIGH
Description:
Setup/Uninstall
Exit code:
0
Version:
51.52.0.0
Modules
Images
c:\users\admin\appdata\local\temp\is-ahpcj.tmp\mdnequr9u_zhknpdhwxzdonya0bl-4nkzfadca3tnqm_clbkwrxwfsrlu_bnhfddmvan-le-1qhdpogqfa6_2tcd6c1yaubcnctdcjsdeow.tmp
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\usp10.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\msvcrt.dll
2656"C:\Program Files\CPUID\CPU-Z\cpuz.exe" C:\Program Files\CPUID\CPU-Z\cpuz.exeExplorer.EXE
User:
admin
Company:
CPUID
Integrity Level:
MEDIUM
Description:
CPU-Z Application
Exit code:
3221226540
Version:
1, 9, 7, 0
Modules
Images
c:\program files\cpuid\cpu-z\cpuz.exe
c:\windows\system32\ntdll.dll
3096"C:\Program Files\CPUID\CPU-Z\cpuz.exe" C:\Program Files\CPUID\CPU-Z\cpuz.exe
Explorer.EXE
User:
admin
Company:
CPUID
Integrity Level:
HIGH
Description:
CPU-Z Application
Version:
1, 9, 7, 0
Modules
Images
c:\program files\cpuid\cpu-z\cpuz.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\winmm.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
Total events
7 028
Read events
6 936
Write events
86
Delete events
6

Modification events

(PID) Process:(3608) MDNEqUr9u_ZHKnPDHwXzdOnYA0bl-4NkZFadCa3TnQM_CLBkWRXwfsrlu_bNhfddmvan-lE-1QHDPOGQfA6_2tCD6C1YAUbCnCtdCjsdEOw.tmpKey:HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000
Operation:writeName:Owner
Value:
180E000072F566DB3A09D901
(PID) Process:(3608) MDNEqUr9u_ZHKnPDHwXzdOnYA0bl-4NkZFadCa3TnQM_CLBkWRXwfsrlu_bNhfddmvan-lE-1QHDPOGQfA6_2tCD6C1YAUbCnCtdCjsdEOw.tmpKey:HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000
Operation:writeName:SessionHash
Value:
8C0347F38C93799CC79A4E945B54D88728B6F980EE923F99E7DF4A8C1BD835CA
(PID) Process:(3608) MDNEqUr9u_ZHKnPDHwXzdOnYA0bl-4NkZFadCa3TnQM_CLBkWRXwfsrlu_bNhfddmvan-lE-1QHDPOGQfA6_2tCD6C1YAUbCnCtdCjsdEOw.tmpKey:HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000
Operation:writeName:Sequence
Value:
1
(PID) Process:(3608) MDNEqUr9u_ZHKnPDHwXzdOnYA0bl-4NkZFadCa3TnQM_CLBkWRXwfsrlu_bNhfddmvan-lE-1QHDPOGQfA6_2tCD6C1YAUbCnCtdCjsdEOw.tmpKey:HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000
Operation:writeName:RegFiles0000
Value:
C:\Program Files\CPUID\CPU-Z\cpuz.exe
(PID) Process:(3608) MDNEqUr9u_ZHKnPDHwXzdOnYA0bl-4NkZFadCa3TnQM_CLBkWRXwfsrlu_bNhfddmvan-lE-1QHDPOGQfA6_2tCD6C1YAUbCnCtdCjsdEOw.tmpKey:HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000
Operation:writeName:RegFilesHash
Value:
4BA3D99E853550BBF76FBF9BC645FCD54CF9138E767748C6CF4869FC292CDCEE
(PID) Process:(3608) MDNEqUr9u_ZHKnPDHwXzdOnYA0bl-4NkZFadCa3TnQM_CLBkWRXwfsrlu_bNhfddmvan-lE-1QHDPOGQfA6_2tCD6C1YAUbCnCtdCjsdEOw.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\CPUID\CPU-Z
Operation:writeName:PATH
Value:
C:\Program Files\CPUID\CPU-Z
(PID) Process:(3608) MDNEqUr9u_ZHKnPDHwXzdOnYA0bl-4NkZFadCa3TnQM_CLBkWRXwfsrlu_bNhfddmvan-lE-1QHDPOGQfA6_2tCD6C1YAUbCnCtdCjsdEOw.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\CPUID\CPU-Z
Operation:writeName:PRODUCT_NAME
Value:
CPUID CPU-Z
(PID) Process:(3608) MDNEqUr9u_ZHKnPDHwXzdOnYA0bl-4NkZFadCa3TnQM_CLBkWRXwfsrlu_bNhfddmvan-lE-1QHDPOGQfA6_2tCD6C1YAUbCnCtdCjsdEOw.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\CPUID\CPU-Z
Operation:writeName:VERSION
Value:
1.97
(PID) Process:(3608) MDNEqUr9u_ZHKnPDHwXzdOnYA0bl-4NkZFadCa3TnQM_CLBkWRXwfsrlu_bNhfddmvan-lE-1QHDPOGQfA6_2tCD6C1YAUbCnCtdCjsdEOw.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CPUID CPU-Z_is1
Operation:writeName:Inno Setup: Setup Version
Value:
5.6.1 (a)
(PID) Process:(3608) MDNEqUr9u_ZHKnPDHwXzdOnYA0bl-4NkZFadCa3TnQM_CLBkWRXwfsrlu_bNhfddmvan-lE-1QHDPOGQfA6_2tCD6C1YAUbCnCtdCjsdEOw.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CPUID CPU-Z_is1
Operation:writeName:Inno Setup: App Path
Value:
C:\Program Files\CPUID\CPU-Z
Executable files
7
Suspicious files
7
Text files
8
Unknown types
8

Dropped files

PID
Process
Filename
Type
3608MDNEqUr9u_ZHKnPDHwXzdOnYA0bl-4NkZFadCa3TnQM_CLBkWRXwfsrlu_bNhfddmvan-lE-1QHDPOGQfA6_2tCD6C1YAUbCnCtdCjsdEOw.tmpC:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID\CPU-Z\CPU-Z.lnklnk
MD5:A3B3EFD2398BE57E5879A43F97C25776
SHA256:A757190FBC65D11C474AF3E7F22EDA92E5D18AB021F5143A40738067B1A92702
3608MDNEqUr9u_ZHKnPDHwXzdOnYA0bl-4NkZFadCa3TnQM_CLBkWRXwfsrlu_bNhfddmvan-lE-1QHDPOGQfA6_2tCD6C1YAUbCnCtdCjsdEOw.tmpC:\Program Files\CPUID\CPU-Z\is-JEHC0.tmptext
MD5:15130D155F7DDAFB034A62077B051F16
SHA256:3E0364795D926935AB038CD9197AD10AFFB55983198858C6BF70B4D01F7F5529
3608MDNEqUr9u_ZHKnPDHwXzdOnYA0bl-4NkZFadCa3TnQM_CLBkWRXwfsrlu_bNhfddmvan-lE-1QHDPOGQfA6_2tCD6C1YAUbCnCtdCjsdEOw.tmpC:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID\CPU-Z\Uninstall CPU-Z.lnklnk
MD5:0D2DE3E09EECA958C5F100B1DF75CAFD
SHA256:24D1362EBE52FF94D213C40809816827969996F8D0C0CC1151BF881586352C09
3608MDNEqUr9u_ZHKnPDHwXzdOnYA0bl-4NkZFadCa3TnQM_CLBkWRXwfsrlu_bNhfddmvan-lE-1QHDPOGQfA6_2tCD6C1YAUbCnCtdCjsdEOw.tmpC:\Program Files\CPUID\CPU-Z\is-FE9RB.tmpexecutable
MD5:D1C46C8FC337C9C4CBAB797137939D53
SHA256:798EECEBB059F2C27383816BE38A2E8EE9A2F05EABD2028FB8D7BCDA58CAA597
3608MDNEqUr9u_ZHKnPDHwXzdOnYA0bl-4NkZFadCa3TnQM_CLBkWRXwfsrlu_bNhfddmvan-lE-1QHDPOGQfA6_2tCD6C1YAUbCnCtdCjsdEOw.tmpC:\Program Files\CPUID\CPU-Z\unins000.exeexecutable
MD5:D1C46C8FC337C9C4CBAB797137939D53
SHA256:798EECEBB059F2C27383816BE38A2E8EE9A2F05EABD2028FB8D7BCDA58CAA597
3096cpuz.exeC:\Windows\temp\cpuz_driver_3096.logtext
MD5:4015F76944FFB53111F9B0A41F1DF460
SHA256:7C48C5DCE403EBE99BBE089D3C12973E79E7FEC6BE5EB6478AA371103A9580AA
3608MDNEqUr9u_ZHKnPDHwXzdOnYA0bl-4NkZFadCa3TnQM_CLBkWRXwfsrlu_bNhfddmvan-lE-1QHDPOGQfA6_2tCD6C1YAUbCnCtdCjsdEOw.tmpC:\Program Files\CPUID\CPU-Z\is-6H2M5.tmptext
MD5:99694811A33139D2C4B89CF033A01A5F
SHA256:0B15131AF3B8D32450A3774CFC06F9797B9435D921EACBD33D8B1F8BD43EB401
3608MDNEqUr9u_ZHKnPDHwXzdOnYA0bl-4NkZFadCa3TnQM_CLBkWRXwfsrlu_bNhfddmvan-lE-1QHDPOGQfA6_2tCD6C1YAUbCnCtdCjsdEOw.tmpC:\Program Files\CPUID\CPU-Z\unins000.datdat
MD5:66B6413110729B390BADC56560186740
SHA256:33BF6A19D58FDBDB2D8CE2EDB3D86FDCE422FAB6E9BE3EEAEED94BB986ADA76C
3096cpuz.exeC:\Windows\temp\cpuz152\cpuz152_x32.sysexecutable
MD5:7ABF3D484905A6335F79A306FD138A24
SHA256:86C07833EC88C93F01689103390032335B95C52E0E9B4994A63014A72428DBF5
3608MDNEqUr9u_ZHKnPDHwXzdOnYA0bl-4NkZFadCa3TnQM_CLBkWRXwfsrlu_bNhfddmvan-lE-1QHDPOGQfA6_2tCD6C1YAUbCnCtdCjsdEOw.tmpC:\Program Files\CPUID\CPU-Z\cpuz_readme.txttext
MD5:99694811A33139D2C4B89CF033A01A5F
SHA256:0B15131AF3B8D32450A3774CFC06F9797B9435D921EACBD33D8B1F8BD43EB401
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
4
TCP/UDP connections
4
DNS requests
4
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
3096
cpuz.exe
GET
200
23.2.13.26:80
http://r3.o.lencr.org/MFMwUTBPME0wSzAJBgUrDgMCGgUABBRI2smg%2ByvTLU%2Fw3mjS9We3NfmzxAQUFC6zF7dYVsuuUAlA5h%2BvnYsUwsYCEgMx09HkWS07es1rXypVKP5qnA%3D%3D
US
der
503 b
shared
3096
cpuz.exe
GET
200
184.24.9.54:80
http://x1.c.lencr.org/
DE
der
717 b
whitelisted
3096
cpuz.exe
GET
200
209.197.3.8:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?d3e03ff165925991
US
compressed
4.70 Kb
whitelisted
3096
cpuz.exe
GET
200
209.197.3.8:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?d7d733ce0b900b66
US
compressed
61.4 Kb
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
3096
cpuz.exe
209.197.3.8:80
ctldl.windowsupdate.com
STACKPATH-CDN
US
whitelisted
3096
cpuz.exe
195.154.81.43:443
download.cpuid.com
Online S.a.s.
FR
suspicious
3096
cpuz.exe
23.2.13.26:80
r3.o.lencr.org
Akamai International B.V.
DE
unknown
3096
cpuz.exe
184.24.9.54:80
x1.c.lencr.org
AKAMAI-AS
DE
unknown

DNS requests

Domain
IP
Reputation
download.cpuid.com
  • 195.154.81.43
whitelisted
ctldl.windowsupdate.com
  • 209.197.3.8
whitelisted
x1.c.lencr.org
  • 184.24.9.54
whitelisted
r3.o.lencr.org
  • 23.2.13.26
  • 23.2.13.19
shared

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2023 ANY.RUN LLC. ALL RIGHTS RESERVED
ANY.RUN
Reports
MDNEqUr9u_ZHKnPDHwXzdOnYA0bl-4NkZFadCa3TnQM_CLBkWRXwfsrlu_bNhfddmvan-lE-1QHDPOGQfA6_2tCD6C1YAUbCnCtdCjsdEOw