Malware analysis GPU-Z 2.66.0.exe Malicious activity | ANY.RUN

Add for printing

File name:	GPU-Z 2.66.0.exe
Full analysis:	https://app.any.run/tasks/b24fdc1e-526d-49af-8dfd-2a68a80b48bd
Verdict:	Malicious activity
Analysis date:	July 14, 2025, 09:38:09
OS:	Windows 10 Professional (build: 19044, 64 bit)
Tags:	upx inno installer aida64 tool delphi arch-scr arch-html
Indicators:
MIME:	application/vnd.microsoft.portable-executable
File info:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed, 3 sections
MD5:	5B84A2D40DF4A1D561F8268B7385ECEE
SHA1:	C343C67213FE74D41102745D3051FCDF7E2C03FD
SHA256:	8C9C0ABA50E5C6A393C3D701A1A3B138195AD0D3CE589C9ECA1469920FC3172B
SSDEEP:	98304:wvG8iRbXRjhDyvtnhzfO6pTixrwvIajvouw3MXhrRyhKKUXQJVUGkTw0ftG8X67q:HKe7xT/R6mtPdJCT

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Launch configuration

Task duration:: 300 seconds
Heavy Evasion option:: off
Network geolocation:: off
Additional time used:: 240 seconds
MITM proxy:: off
Privacy:: Public submission
Fakenet option:: off
Route via Tor:: off
Autoconfirmation of UAC:: on
Network:: on

Software preset

Internet Explorer 11.3636.19041.0
Adobe Acrobat (64-bit) (23.001.20093)
Adobe Flash Player 32 NPAPI (32.0.0.465)
Adobe Flash Player 32 PPAPI (32.0.0.465)
CCleaner (6.20)
FileZilla 3.65.0 (3.65.0)
Google Chrome (133.0.6943.127)
Google Update Helper (1.3.36.51)
Java 8 Update 271 (64-bit) (8.0.2710.9)
Java Auto Updater (2.8.271.9)
Microsoft Edge (133.0.3065.92)
Microsoft Office Professional 2019 - de-de (16.0.16026.20146)
Microsoft Office Professional 2019 - en-us (16.0.16026.20146)
Microsoft Office Professional 2019 - es-es (16.0.16026.20146)
Microsoft Office Professional 2019 - it-it (16.0.16026.20146)
Microsoft Office Professional 2019 - ja-jp (16.0.16026.20146)
Microsoft Office Professional 2019 - ko-kr (16.0.16026.20146)
Microsoft Office Professional 2019 - pt-br (16.0.16026.20146)
Microsoft Office Professional 2019 - tr-tr (16.0.16026.20146)
Microsoft Office Professionnel 2019 - fr-fr (16.0.16026.20146)
Microsoft Office профессиональный 2019 - ru-ru (16.0.16026.20146)
Microsoft OneNote - en-us (16.0.16026.20146)
Microsoft Update Health Tools (3.74.0.0)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (12.0.30501.0)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 (12.0.21005)
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 (12.0.21005)
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.36.32532 (14.36.32532.0)
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.36.32532 (14.36.32532.0)
Microsoft Visual C++ 2022 X64 Additional Runtime - 14.36.32532 (14.36.32532)
Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.36.32532 (14.36.32532)
Microsoft Visual C++ 2022 X86 Additional Runtime - 14.36.32532 (14.36.32532)
Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.36.32532 (14.36.32532)
Mozilla Firefox (x64 en-US) (136.0)
Mozilla Maintenance Service (136.0)
Notepad++ (64-bit x64) (7.9.1)
Office 16 Click-to-Run Extensibility Component (16.0.15726.20202)
Office 16 Click-to-Run Licensing Component (16.0.16026.20146)
Office 16 Click-to-Run Localization Component (16.0.15726.20202)
Office 16 Click-to-Run Localization Component (16.0.15928.20198)
PowerShell 7-x64 (7.3.5.0)
Update for Windows 10 for x64-based Systems (KB4023057) (2.59.0.0)
Update for Windows 10 for x64-based Systems (KB4023057) (2.63.0.0)
Update for Windows 10 for x64-based Systems (KB4480730) (2.55.0.0)
Update for Windows 10 for x64-based Systems (KB5001716) (8.93.0.0)
VLC media player (3.0.11)
WinRAR 5.91 (64-bit) (5.91.0)
Windows PC Health Check (3.6.2204.08001)

Hotfixes

Client LanguagePack Package
DotNetRollup
DotNetRollup 481
FodMetadata Package
Foundation Package
Hello Face Package
InternetExplorer Optional Package
KB5003791
KB5011048
KB5015684
KB5033052
LanguageFeatures Basic en us Package
LanguageFeatures Handwriting en us Package
LanguageFeatures OCR en us Package
LanguageFeatures Speech en us Package
LanguageFeatures TextToSpeech en us Package
MSPaint FoD Package
MediaPlayer Package
Microsoft OneCore ApplicationModel Sync Desktop FOD Package
Microsoft OneCore DirectX Database FOD Package
NetFx3 OnDemand Package
Notepad FoD Package
OpenSSH Client Package
PowerShell ISE FOD Package
Printing PMCPPC FoD Package
Printing WFS FoD Package
ProfessionalEdition
QuickAssist Package
RollupFix
ServicingStack
ServicingStack 3989
StepsRecorder Package
TabletPCMath Package
UserExperience Desktop Package
WordPad FoD Package

Add for printing

MALICIOUS
No malicious indicators.
SUSPICIOUS
- Reads security settings of Internet Explorer
  - GPU-Z 2.66.0.exe (PID: 5884)
  - aida64extreme770.tmp (PID: 3460)
  - aida64.exe (PID: 3388)
- Drops a system driver (possible attempt to evade defenses)
  - GPU-Z 2.66.0.exe (PID: 5884)
  - aida64extreme770.tmp (PID: 1564)
- Executable content was dropped or overwritten
  - GPU-Z 2.66.0.exe (PID: 5884)
  - aida64extreme770.exe (PID: 4788)
  - aida64extreme770.tmp (PID: 1564)
  - aida64extreme770.exe (PID: 1632)
- There is functionality for taking screenshot (YARA)
  - GPU-Z 2.66.0.exe (PID: 5884)
  - aida64.exe (PID: 3388)
- Reads the Windows owner or organization settings
  - aida64extreme770.tmp (PID: 1564)
  - aida64.exe (PID: 3388)
- Process drops legitimate windows executable
  - aida64extreme770.tmp (PID: 1564)
- Uses RUNDLL32.EXE to load library
  - ie4uinit.exe (PID: 6512)
- Reads the BIOS version
  - aida64.exe (PID: 3388)
- Creates a software uninstall entry
  - aida64.exe (PID: 3388)
- Searches for installed software
  - aida64.exe (PID: 3388)
- Reads the date of Windows installation
  - aida64.exe (PID: 3388)
- Write to the desktop.ini file (may be used to cloak folders)
  - aida64.exe (PID: 3388)
- The process checks if it is being run in the virtual environment
  - aida64.exe (PID: 3388)
INFO
- The sample compiled with english language support
  - GPU-Z 2.66.0.exe (PID: 5884)
  - aida64extreme770.tmp (PID: 1564)
- Reads the computer name
  - GPU-Z 2.66.0.exe (PID: 5884)
  - aida64extreme770.tmp (PID: 3460)
  - aida64extreme770.tmp (PID: 1564)
  - aida64.exe (PID: 3388)
- Create files in a temporary directory
  - GPU-Z 2.66.0.exe (PID: 5884)
  - aida64extreme770.exe (PID: 4788)
  - aida64extreme770.exe (PID: 1632)
  - aida64extreme770.tmp (PID: 1564)
- Checks supported languages
  - GPU-Z 2.66.0.exe (PID: 5884)
  - aida64extreme770.tmp (PID: 3460)
  - aida64extreme770.exe (PID: 4788)
  - aida64extreme770.exe (PID: 1632)
  - aida64extreme770.tmp (PID: 1564)
  - aida64.exe (PID: 3388)
- Creates files or folders in the user directory
  - GPU-Z 2.66.0.exe (PID: 5884)
- Reads the machine GUID from the registry
  - GPU-Z 2.66.0.exe (PID: 5884)
- Reads the software policy settings
  - GPU-Z 2.66.0.exe (PID: 5884)
  - slui.exe (PID: 4804)
- Checks proxy server information
  - GPU-Z 2.66.0.exe (PID: 5884)
  - slui.exe (PID: 4804)
  - aida64.exe (PID: 3388)
- UPX packer has been detected
  - GPU-Z 2.66.0.exe (PID: 5884)
  - aida64.exe (PID: 3388)
- Manual execution by a user
  - WinRAR.exe (PID: 856)
  - aida64extreme770.exe (PID: 4788)
- Process checks computer location settings
  - aida64extreme770.tmp (PID: 3460)
  - aida64.exe (PID: 3388)
- Creates files in the program directory
  - aida64extreme770.tmp (PID: 1564)
  - aida64.exe (PID: 3388)
- Detects InnoSetup installer (YARA)
  - aida64extreme770.exe (PID: 4788)
  - aida64extreme770.tmp (PID: 3460)
  - aida64extreme770.tmp (PID: 1564)
  - aida64extreme770.exe (PID: 1632)
- Compiled with Borland Delphi (YARA)
  - aida64extreme770.tmp (PID: 3460)
  - aida64extreme770.tmp (PID: 1564)
  - slui.exe (PID: 4804)
  - splwow64.exe (PID: 3844)
- Creates a software uninstall entry
  - aida64extreme770.tmp (PID: 1564)
- AIDA64 mutex has been found
  - aida64.exe (PID: 3388)
- Reads security settings of Internet Explorer
  - ie4uinit.exe (PID: 6512)
  - splwow64.exe (PID: 3844)
- Reads Windows Product ID
  - aida64.exe (PID: 3388)
- Disables trace logs
  - aida64.exe (PID: 3388)
- Reads mouse settings
  - aida64.exe (PID: 3388)
- Process checks whether UAC notifications are on
  - aida64.exe (PID: 3388)
- Reads Environment values
  - aida64.exe (PID: 3388)
- Reads CPU info
  - aida64.exe (PID: 3388)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Add for printing

No Malware configuration.

Add for printing

TRiD

.exe	\|	UPX compressed Win32 Executable (76)
.exe	\|	Win32 Executable (generic) (12.6)
.exe	\|	Generic Win/DOS Executable (5.6)
.exe	\|	DOS Executable Generic (5.6)

EXIF

EXE

MachineType:	Intel 386 or later, and compatibles
TimeStamp:	2025:05:29 10:15:59+00:00
ImageFileCharacteristics:	Executable, 32-bit
PEType:	PE32
LinkerVersion:	14.16
CodeSize:	11206656
InitializedDataSize:	57344
UninitializedDataSize:	42303488
EntryPoint:	0x3308220
OSVersion:	5.1
ImageVersion:	-
SubsystemVersion:	5.1
Subsystem:	Windows GUI
FileVersionNumber:	2.66.0.0
ProductVersionNumber:	2.66.0.0
FileFlagsMask:	0x003f
FileFlags:	(none)
FileOS:	Win32
ObjectFileType:	Executable application
FileSubtype:	-
LanguageCode:	Unknown (0019)
CharacterSet:	Windows, Cyrillic
CompanyName:	TechPowerUp (www.techpowerup.com)
FileDescription:	GPU-Z - Video card Information Utility
FileVersion:	2.66.0.0
InternalName:	GPU-Z.exe
LegalCopyright:	(c) 2007-2025 TechPowerUp (www.techpowerup.com)
OriginalFileName:	GPU-Z.exe
ProductName:	GPU-Z - Video card Information Utility
ProductVersion:	2.66.0.0

No data.

Add for printing

All screenshots are available in the full report

Add for printing

Total processes

164

Monitored processes

Malicious processes

Suspicious processes

Behavior graph

Click at the process to see the details

Process information

PID

CMD

Path

Indicators

Parent process

856

"C:\Program Files\WinRAR\WinRAR.exe" x -iext -ow -ver -- "C:\Users\admin\Desktop\aida.64extreme.7.70.rar" C:\Users\admin\Desktop\aida.64extreme.7.70\

C:\Program Files\WinRAR\WinRAR.exe

—

explorer.exe

User:

admin

Company:

Alexander Roshal

Integrity Level:

MEDIUM

Description:

WinRAR archiver

Exit code:

Version:

5.91.0

Modules

Images
c:\program files\winrar\winrar.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll

1564

"C:\Users\admin\AppData\Local\Temp\is-BNM6M.tmp\aida64extreme770.tmp" /SL5="$B02EE,58875891,56832,C:\Users\admin\Desktop\aida.64extreme.7.70\aida.64extreme.7.70\aida64extreme770.exe" /SPAWNWND=$90338 /NOTIFYWND=$50320

C:\Users\admin\AppData\Local\Temp\is-BNM6M.tmp\aida64extreme770.tmp

aida64extreme770.exe

User:

admin

Company:

FinalWire Ltd.

Integrity Level:

HIGH

Description:

Setup/Uninstall

Exit code:

Version:

51.52.0.0

Modules

Images
c:\users\admin\appdata\local\temp\is-bnm6m.tmp\aida64extreme770.tmp
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\user32.dll

1632

"C:\Users\admin\Desktop\aida.64extreme.7.70\aida.64extreme.7.70\aida64extreme770.exe" /SPAWNWND=$90338 /NOTIFYWND=$50320

C:\Users\admin\Desktop\aida.64extreme.7.70\aida.64extreme.7.70\aida64extreme770.exe

aida64extreme770.tmp

User:

admin

Company:

FinalWire Ltd.

Integrity Level:

HIGH

Description:

AIDA64 Extreme

Exit code:

Version:

7.70.7500.0

Modules

Images
c:\users\admin\desktop\aida.64extreme.7.70\aida.64extreme.7.70\aida64extreme770.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\user32.dll

3388

"C:\Program Files (x86)\FinalWire\AIDA64 Extreme\aida64.exe"

C:\Program Files (x86)\FinalWire\AIDA64 Extreme\aida64.exe

aida64extreme770.tmp

User:

admin

Company:

FinalWire Ltd.

Integrity Level:

HIGH

Description:

AIDA64 Extreme

Version:

7.70.7500

Modules

Images
c:\program files (x86)\finalwire\aida64 extreme\aida64.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\advapi32.dll

3460

"C:\Users\admin\AppData\Local\Temp\is-P0D1T.tmp\aida64extreme770.tmp" /SL5="$50320,58875891,56832,C:\Users\admin\Desktop\aida.64extreme.7.70\aida.64extreme.7.70\aida64extreme770.exe"

C:\Users\admin\AppData\Local\Temp\is-P0D1T.tmp\aida64extreme770.tmp

—

aida64extreme770.exe

User:

admin

Company:

FinalWire Ltd.

Integrity Level:

MEDIUM

Description:

Setup/Uninstall

Exit code:

Version:

51.52.0.0

Modules

Images
c:\users\admin\appdata\local\temp\is-p0d1t.tmp\aida64extreme770.tmp
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\user32.dll

3844

C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Windows\System32\rundll32.exe

—

svchost.exe

User:

admin

Company:

Microsoft Corporation

Integrity Level:

MEDIUM

Description:

Windows host process (Rundll32)

Exit code:

Version:

10.0.19041.1 (WinBuild.160101.0800)

Modules

Images
c:\windows\system32\rundll32.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shcore.dll
c:\windows\system32\imagehlp.dll

3844

C:\WINDOWS\splwow64.exe 12288

C:\Windows\splwow64.exe

—

aida64.exe

User:

admin

Company:

Microsoft Corporation

Integrity Level:

HIGH

Description:

Print driver host for applications

Version:

10.0.19041.3636 (WinBuild.160101.0800)

Modules

Images
c:\windows\splwow64.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll

4788

"C:\Users\admin\Desktop\aida.64extreme.7.70\aida.64extreme.7.70\aida64extreme770.exe"

C:\Users\admin\Desktop\aida.64extreme.7.70\aida.64extreme.7.70\aida64extreme770.exe

explorer.exe

User:

admin

Company:

FinalWire Ltd.

Integrity Level:

MEDIUM

Description:

AIDA64 Extreme

Exit code:

Version:

7.70.7500.0

Modules

Images
c:\users\admin\desktop\aida.64extreme.7.70\aida.64extreme.7.70\aida64extreme770.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\user32.dll

4804

C:\WINDOWS\System32\slui.exe -Embedding

C:\Windows\System32\slui.exe

svchost.exe

User:

admin

Company:

Microsoft Corporation

Integrity Level:

MEDIUM

Description:

Windows Activation Client

Exit code:

Version:

10.0.19041.1 (WinBuild.160101.0800)

Modules

Images
c:\windows\system32\slui.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\user32.dll

5884

"C:\Users\admin\Desktop\GPU-Z 2.66.0.exe"

C:\Users\admin\Desktop\GPU-Z 2.66.0.exe

explorer.exe

User:

admin

Company:

TechPowerUp (www.techpowerup.com)

Integrity Level:

HIGH

Description:

GPU-Z - Video card Information Utility

Exit code:

Version:

2.66.0.0

Modules

Images
c:\users\admin\desktop\gpu-z 2.66.0.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\advapi32.dll

Add for printing

Total events

28 486

Read events

28 378

Write events

106

Delete events

Modification events


(PID) Process:	(5884) GPU-Z 2.66.0.exe	Key:	HKEY_CURRENT_USER\SOFTWARE\techPowerUp\GPU-Z
Operation:	write	Name:	Install_Dir
Value: no
(PID) Process:	(5884) GPU-Z 2.66.0.exe	Key:	HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
Operation:	write	Name:	CachePrefix
Value:
(PID) Process:	(5884) GPU-Z 2.66.0.exe	Key:	HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:	write	Name:	CachePrefix
Value: Cookie:
(PID) Process:	(5884) GPU-Z 2.66.0.exe	Key:	HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:	write	Name:	CachePrefix
Value: Visited:
(PID) Process:	(5884) GPU-Z 2.66.0.exe	Key:	HKEY_CURRENT_USER\SOFTWARE\techPowerUp\GPU-Z
Operation:	write	Name:	WindowPos
Value: 295,70
(PID) Process:	(5884) GPU-Z 2.66.0.exe	Key:	HKEY_CURRENT_USER\SOFTWARE\techPowerUp\GPU-Z
Operation:	write	Name:	LastCardIndex
Value: 0
(PID) Process:	(856) WinRAR.exe	Key:	HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:	write	Name:	name
Value: 120
(PID) Process:	(856) WinRAR.exe	Key:	HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:	write	Name:	size
Value: 80
(PID) Process:	(856) WinRAR.exe	Key:	HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:	write	Name:	type
Value: 120
(PID) Process:	(856) WinRAR.exe	Key:	HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:	write	Name:	mtime
Value: 100

Add for printing

Executable files

Suspicious files

Text files

Unknown types

Dropped files

PID	Process	Filename		Type
856	WinRAR.exe	C:\Users\admin\Desktop\aida.64extreme.7.70\aida.64extreme.7.70\aida64extreme770.exe		—
		MD5:—	SHA256:—
5884	GPU-Z 2.66.0.exe	C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B2FAF7692FD9FFBD64EDE317E42334BA_D7393C8F62BDE4D4CB606228BC7A711E		binary
		MD5:B9DC0195668292E1DA3AF1E68A8395C0	SHA256:09FD366E17F6C469C711F97723F9C145E6221F3DB06AC9BBEE51D9AC2A7710FE
856	WinRAR.exe	C:\Users\admin\Desktop\aida.64extreme.7.70\aida.64extreme.7.70\aida64.ini		text
		MD5:2443EF30159A77B7AF75F9773CDFEFD0	SHA256:28640F0A034680861668D13353C18FFA94B3AE41CD947CE40A2D02B28414F376
5884	GPU-Z 2.66.0.exe	C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\07CEF2F654E3ED6050FFC9B6EB844250_3431D4C539FB2CFCB781821E9902850D		der
		MD5:20FDCD92B9CB1883A690D5182497E645	SHA256:13AF1C63450EEB38071E026332E1A911DE95474E3B168C64563FF97BCA71A430
5884	GPU-Z 2.66.0.exe	C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B2FAF7692FD9FFBD64EDE317E42334BA_D7393C8F62BDE4D4CB606228BC7A711E		der
		MD5:3D92068767E0357CA14278DF8161B77E	SHA256:8327F87FC2CC5201FA7E9D68183F4195362FD004871423116BE840B1A561425A
5884	GPU-Z 2.66.0.exe	C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F649BE5F074D767215B12950C48C907C		binary
		MD5:136655D8C09F57CB07E86A5E5D91E8A4	SHA256:FFDA8AC589F66914474127DE08B21095033E6B7AD390D4E838022DF84F47D3CB
856	WinRAR.exe	C:\Users\admin\Desktop\aida.64extreme.7.70\aida.64extreme.7.70\pkey.txt		text
		MD5:21B713F1D247E9107BCFA3F5FBD90123	SHA256:AB7C358EEE4B906101532E105159CC019019300E5E92961A51336823E9008532
856	WinRAR.exe	C:\Users\admin\Desktop\aida.64extreme.7.70\aida.64extreme.7.70\КАК АКТИВИРОВАТЬ!!!.txt		text
		MD5:11BB4F6C20F11EA41022E64CC268E8C2	SHA256:CD7C7D7CD0501D64684853D10478824E896FA3AD42363A595B7EC28C2E9EEBDF
5884	GPU-Z 2.66.0.exe	C:\Users\admin\AppData\Local\Temp\GPU-Z-v2.sys		executable
		MD5:D4320487BF3021F2F2AFCFC43D652A69	SHA256:9AF0B89C5C54EB66E5A660B61AEE7C1A25B1C92E20A310D8B16552ABCF90C0B5
5884	GPU-Z 2.66.0.exe	C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\07CEF2F654E3ED6050FFC9B6EB844250_3431D4C539FB2CFCB781821E9902850D		binary
		MD5:48125928356018D26E19142D7F36D391	SHA256:6F029C9E1082423F0F23205DEB06FEA3E988074247F78275AF56EC3C9BB90407

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Add for printing

HTTP(S) requests

TCP/UDP connections

DNS requests

Threats

HTTP requests

PID	Process	Method	HTTP Code	IP	URL	CN	Type	Size	Reputation
1268	svchost.exe	GET	200	23.55.110.193:80	http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl	unknown	—	—	whitelisted
1268	svchost.exe	GET	200	95.101.149.131:80	http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl	unknown	—	—	whitelisted
5884	GPU-Z 2.66.0.exe	GET	200	172.64.149.23:80	http://ocsp.comodoca.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRTtU9uFqgVGHhJwXZyWCNXmVR5ngQUoBEKIz6W8Qfs4q8p74Klf9AwpLQCEDlyRDr5IrdR19NsEN0xNZU%3D	unknown	—	—	whitelisted
5884	GPU-Z 2.66.0.exe	GET	200	172.64.149.23:80	http://ocsp.usertrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTNMNJMNDqCqx8FcBWK16EHdimS6QQUU3m%2FWqorSs9UgOHYm8Cd8rIDZssCEH1bUSa0droR23QWC7xTDac%3D	unknown	—	—	whitelisted
5884	GPU-Z 2.66.0.exe	GET	200	172.64.149.23:80	http://ocsp.sectigo.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRDC9IOTxN6GmyRjyTl2n4yTUczyAQUjYxexFStiuF36Zv5mwXhuAGNYeECEHN9Y6q%2B3V1xSVihftvH1Bk%3D	unknown	—	—	whitelisted
2764	svchost.exe	GET	200	2.23.77.188:80	http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D	unknown	—	—	whitelisted
5564	SIHClient.exe	GET	200	2.23.246.101:80	http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl	unknown	—	—	whitelisted
5564	SIHClient.exe	GET	200	2.23.246.101:80	http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl	unknown	—	—	whitelisted
3756	backgroundTaskHost.exe	GET	200	2.17.190.73:80	http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEA77flR%2B3w%2FxBpruV2lte6A%3D	unknown	—	—	whitelisted
2940	svchost.exe	GET	200	2.23.197.184:80	http://x1.c.lencr.org/	unknown	—	—	whitelisted

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID	Process	IP	Domain	ASN	CN	Reputation
1268	svchost.exe	40.127.240.158:443	settings-win.data.microsoft.com	MICROSOFT-CORP-MSN-AS-BLOCK	IE	whitelisted
4	System	192.168.100.255:137	—	—	—	whitelisted
5944	MoUsoCoreWorker.exe	40.127.240.158:443	settings-win.data.microsoft.com	MICROSOFT-CORP-MSN-AS-BLOCK	IE	whitelisted
7092	RUXIMICS.exe	40.127.240.158:443	settings-win.data.microsoft.com	MICROSOFT-CORP-MSN-AS-BLOCK	IE	whitelisted
4	System	192.168.100.255:138	—	—	—	whitelisted
1268	svchost.exe	51.124.78.146:443	settings-win.data.microsoft.com	MICROSOFT-CORP-MSN-AS-BLOCK	NL	whitelisted
1268	svchost.exe	23.55.110.193:80	crl.microsoft.com	Akamai International B.V.	DE	whitelisted
1268	svchost.exe	95.101.149.131:80	www.microsoft.com	Akamai International B.V.	NL	whitelisted
5884	GPU-Z 2.66.0.exe	216.158.237.92:443	www.gpu-z.com	IS-AS-1	US	unknown
5884	GPU-Z 2.66.0.exe	172.64.149.23:80	ocsp.comodoca.com	CLOUDFLARENET	US	whitelisted

DNS requests

Domain	IP	Reputation
settings-win.data.microsoft.com	40.127.240.158 51.124.78.146 20.73.194.208	whitelisted
google.com	142.250.185.238	whitelisted
crl.microsoft.com	23.55.110.193 23.55.110.211	whitelisted
www.microsoft.com	95.101.149.131 2.23.246.101	whitelisted
www.gpu-z.com	216.158.237.92	unknown
ocsp.comodoca.com	172.64.149.23 104.18.38.233	whitelisted
ocsp.usertrust.com	172.64.149.23 104.18.38.233	whitelisted
ocsp.sectigo.com	172.64.149.23 104.18.38.233	whitelisted
login.live.com	20.190.160.64 20.190.160.3 20.190.160.67 40.126.32.76 20.190.160.5 40.126.32.68 20.190.160.66 40.126.32.74 40.126.31.0 20.190.159.129 20.190.159.128 20.190.159.4 40.126.31.2 40.126.31.67 40.126.31.128 20.190.159.130	whitelisted
ocsp.digicert.com	2.23.77.188 2.17.190.73	whitelisted

Threats

No threats detected

Add for printing

Process	Message
GPU-Z 2.66.0.exe	in CXCrashHandler
GPU-Z 2.66.0.exe	in ~CXCrashHandler

General Info

GPU-Z 2.66.0.exe

5B84A2D40DF4A1D561F8268B7385ECEE

C343C67213FE74D41102745D3051FCDF7E2C03FD

8C9C0ABA50E5C6A393C3D701A1A3B138195AD0D3CE589C9ECA1469920FC3172B

98304:wvG8iRbXRjhDyvtnhzfO6pTixrwvIajvouw3MXhrRyhKKUXQJVUGkTw0ftG8X67q:HKe7xT/R6mtPdJCT

Software environment set and analysis options

Launch configuration

Software preset

Hotfixes

Behavior activities

MALICIOUS

SUSPICIOUS

Reads security settings of Internet Explorer

Drops a system driver (possible attempt to evade defenses)

Executable content was dropped or overwritten

There is functionality for taking screenshot (YARA)

Reads the Windows owner or organization settings

Process drops legitimate windows executable

Uses RUNDLL32.EXE to load library

Reads the BIOS version

Creates a software uninstall entry

Searches for installed software

Reads the date of Windows installation

Write to the desktop.ini file (may be used to cloak folders)

The process checks if it is being run in the virtual environment

INFO

The sample compiled with english language support

Reads the computer name

Create files in a temporary directory

Checks supported languages

Creates files or folders in the user directory

Reads the machine GUID from the registry

Reads the software policy settings

Checks proxy server information

UPX packer has been detected

Manual execution by a user

Process checks computer location settings

Creates files in the program directory

Detects InnoSetup installer (YARA)

Compiled with Borland Delphi (YARA)

Creates a software uninstall entry

AIDA64 mutex has been found

Reads security settings of Internet Explorer

Reads Windows Product ID

Disables trace logs

Reads mouse settings

Process checks whether UAC notifications are on

Reads Environment values

Reads CPU info

Malware configuration

Static information

TRiD

EXIF

EXE

Video and screenshots

Processes

Behavior graph

Specs description

Process information

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules