904949b3bbb364ad96b76a55a55f42929a416729c19348727fd9148c3f6fa970

Analysis

max time kernel
76s
max time network
78s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
01-04-2023 13:37

Sharing

Copy URL

Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

cpu-z_2.05-en.exe
Size

2.0MB
MD5

806854ce1329eb416f5586d2bd085b92
SHA1

9989eb0d1792c34164487f2755fc9c5e0d659db6
SHA256

904949b3bbb364ad96b76a55a55f42929a416729c19348727fd9148c3f6fa970
SHA512

bd5095ebcf4b64755d951b794672e18781a38ebff10278414a84b77f7e71919bd03ca293d707f5acbcc7b86f984aba69841b51b5d8601d53e3b148a4220c10c5
SSDEEP

49152:byXGQK+79kSeyPy+djdXQ+5FlV5Tyu06dCBgfjR+1a:mXG73cAKHTyu0637c1

Score

7^/10

bootkit discovery persistence

Malware Config

Signatures

Executes dropped EXE 3 IoCs

Processes:

cpu-z_2.05-en.tmp_setup64.tmpcpuz.exe

pid process

332 cpu-z_2.05-en.tmp
1168 _setup64.tmp
1708 cpuz.exe

pid	process
332	cpu-z_2.05-en.tmp
1168	_setup64.tmp
1708	cpuz.exe

Loads dropped DLL 16 IoCs

Processes:

cpu-z_2.05-en.execpu-z_2.05-en.tmpWerFault.exe

pid	process
1996	cpu-z_2.05-en.exe
332	cpu-z_2.05-en.tmp
332	cpu-z_2.05-en.tmp
332	cpu-z_2.05-en.tmp
332	cpu-z_2.05-en.tmp
1264
1264
1264
1264
1168	WerFault.exe
1168	WerFault.exe
1168	WerFault.exe
1168	WerFault.exe
1168	WerFault.exe
1168	WerFault.exe
1168	WerFault.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
bootkit persistence

Bootkit
T1067

Processes:

cpuz.exe

description ioc process

File opened for modification \??\PhysicalDrive0 cpuz.exe

description	ioc	process
File opened for modification	\??\PhysicalDrive0	cpuz.exe

Drops file in Program Files directory 8 IoCs

Processes:

cpu-z_2.05-en.tmp

description	ioc	process
File created	C:\Program Files\CPUID\CPU-Z\is-1PJHB.tmp	cpu-z_2.05-en.tmp
File created	C:\Program Files\CPUID\CPU-Z\is-8097S.tmp	cpu-z_2.05-en.tmp
File opened for modification	C:\Program Files\CPUID\CPU-Z\unins000.dat	cpu-z_2.05-en.tmp
File opened for modification	C:\Program Files\CPUID\CPU-Z\cpuz.exe	cpu-z_2.05-en.tmp
File created	C:\Program Files\CPUID\CPU-Z\unins000.dat	cpu-z_2.05-en.tmp
File created	C:\Program Files\CPUID\CPU-Z\is-HO3MK.tmp	cpu-z_2.05-en.tmp
File created	C:\Program Files\CPUID\CPU-Z\is-R2U0K.tmp	cpu-z_2.05-en.tmp
File created	C:\Program Files\CPUID\CPU-Z\is-723OS.tmp	cpu-z_2.05-en.tmp

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082
Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

1168 1708 WerFault.exe cpuz.exe
Opens file in notepad (likely ransom note) 1 IoCs
ransomware

Processes:

NOTEPAD.EXE

pid process

1200 NOTEPAD.EXE
Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

cpu-z_2.05-en.tmpcpuz.exe

pid process

332 cpu-z_2.05-en.tmp
332 cpu-z_2.05-en.tmp
1708 cpuz.exe
1708 cpuz.exe
Suspicious behavior: LoadsDriver 2 IoCs

Processes:

pid process

472
472

pid	pid_target	process	target process
1168	1708	WerFault.exe	cpuz.exe

pid	process
1200	NOTEPAD.EXE

pid	process
332	cpu-z_2.05-en.tmp
332	cpu-z_2.05-en.tmp
1708	cpuz.exe
1708	cpuz.exe

pid	process
472
472

Suspicious use of AdjustPrivilegeToken 6 IoCs

Processes:

AUDIODG.EXEcpuz.exe

description	pid	process
Token: 33	1804	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1804	AUDIODG.EXE
Token: 33	1804	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1804	AUDIODG.EXE
Token: SeLoadDriverPrivilege	1708	cpuz.exe
Token: SeLoadDriverPrivilege	1708	cpuz.exe

Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

cpu-z_2.05-en.tmp

pid process

332 cpu-z_2.05-en.tmp
Suspicious use of SetWindowsHookEx 2 IoCs

Processes:

cpuz.exe

pid process

1708 cpuz.exe
1708 cpuz.exe

pid	process
332	cpu-z_2.05-en.tmp

pid	process
1708	cpuz.exe
1708	cpuz.exe

Suspicious use of WriteProcessMemory 21 IoCs

Processes:

cpu-z_2.05-en.execpu-z_2.05-en.tmpcpuz.exe

description	pid	process	target process
PID 1996 wrote to memory of 332	1996	cpu-z_2.05-en.exe	cpu-z_2.05-en.tmp
PID 1996 wrote to memory of 332	1996	cpu-z_2.05-en.exe	cpu-z_2.05-en.tmp
PID 1996 wrote to memory of 332	1996	cpu-z_2.05-en.exe	cpu-z_2.05-en.tmp
PID 1996 wrote to memory of 332	1996	cpu-z_2.05-en.exe	cpu-z_2.05-en.tmp
PID 1996 wrote to memory of 332	1996	cpu-z_2.05-en.exe	cpu-z_2.05-en.tmp
PID 1996 wrote to memory of 332	1996	cpu-z_2.05-en.exe	cpu-z_2.05-en.tmp
PID 1996 wrote to memory of 332	1996	cpu-z_2.05-en.exe	cpu-z_2.05-en.tmp
PID 332 wrote to memory of 1168	332	cpu-z_2.05-en.tmp	_setup64.tmp
PID 332 wrote to memory of 1168	332	cpu-z_2.05-en.tmp	_setup64.tmp
PID 332 wrote to memory of 1168	332	cpu-z_2.05-en.tmp	_setup64.tmp
PID 332 wrote to memory of 1168	332	cpu-z_2.05-en.tmp	_setup64.tmp
PID 332 wrote to memory of 1072	332	cpu-z_2.05-en.tmp	NOTEPAD.EXE
PID 332 wrote to memory of 1072	332	cpu-z_2.05-en.tmp	NOTEPAD.EXE
PID 332 wrote to memory of 1072	332	cpu-z_2.05-en.tmp	NOTEPAD.EXE
PID 332 wrote to memory of 1072	332	cpu-z_2.05-en.tmp	NOTEPAD.EXE
PID 1708 wrote to memory of 1200	1708	cpuz.exe	NOTEPAD.EXE
PID 1708 wrote to memory of 1200	1708	cpuz.exe	NOTEPAD.EXE
PID 1708 wrote to memory of 1200	1708	cpuz.exe	NOTEPAD.EXE
PID 1708 wrote to memory of 1168	1708	cpuz.exe	WerFault.exe
PID 1708 wrote to memory of 1168	1708	cpuz.exe	WerFault.exe
PID 1708 wrote to memory of 1168	1708	cpuz.exe	WerFault.exe

C:\Users\Admin\AppData\Local\Temp\cpu-z_2.05-en.exe
"C:\Users\Admin\AppData\Local\Temp\cpu-z_2.05-en.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1996

C:\Users\Admin\AppData\Local\Temp\is-J34T3.tmp\cpu-z_2.05-en.tmp
"C:\Users\Admin\AppData\Local\Temp\is-J34T3.tmp\cpu-z_2.05-en.tmp" /SL5="$90124,1882253,58368,C:\Users\Admin\AppData\Local\Temp\cpu-z_2.05-en.exe"
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:332

C:\Users\Admin\AppData\Local\Temp\is-OE8EG.tmp\_isetup\_setup64.tmp
helper 105 0x200
3⤵
- Executes dropped EXE
PID:1168

C:\Windows\SysWOW64\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Program Files\CPUID\CPU-Z\cpuz_readme.txt
3⤵
PID:1072

C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
1⤵
PID:2020

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x450
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1804

C:\Program Files\CPUID\CPU-Z\cpuz.exe
"C:\Program Files\CPUID\CPU-Z\cpuz.exe"
1⤵
- Executes dropped EXE
- Writes to the Master Boot Record (MBR)
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1708

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Windows\temp\cpuz_driver_1708.log
2⤵
- Opens file in notepad (likely ransom note)
PID:1200

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 1708 -s 1000
2⤵
- Loads dropped DLL
- Program crash
PID:1168

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x0
1⤵
PID:1160

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x1
1⤵
PID:1628

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Bootkit

T1067

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\CPUID\CPU-Z\cpuz.exe
Filesize
4.4MB

MD5
853569e2fabd5654df411853bafb3641

SHA1
13336b4ba5ec738f99361cbca8877b256e6ce7c3

SHA256
39c492ee4b10239d2c4a2a1bbdc6238eb5eb2fdf1b143e8b1ffa55a9e5a0a7eb

SHA512
13038d961a8faad56de3281c868f690f142303c67bc461f673f9c1b595315176adc919a26817ff9e43a7104fd5f56b114ccded5e2b96a20bb64e4ee462fbfb30

Download Submit
C:\Program Files\CPUID\CPU-Z\cpuz.exe
Filesize
4.4MB

MD5
853569e2fabd5654df411853bafb3641

SHA1
13336b4ba5ec738f99361cbca8877b256e6ce7c3

SHA256
39c492ee4b10239d2c4a2a1bbdc6238eb5eb2fdf1b143e8b1ffa55a9e5a0a7eb

SHA512
13038d961a8faad56de3281c868f690f142303c67bc461f673f9c1b595315176adc919a26817ff9e43a7104fd5f56b114ccded5e2b96a20bb64e4ee462fbfb30

Download Submit
C:\Program Files\CPUID\CPU-Z\cpuz.exe
Filesize
4.4MB

MD5
853569e2fabd5654df411853bafb3641

SHA1
13336b4ba5ec738f99361cbca8877b256e6ce7c3

SHA256
39c492ee4b10239d2c4a2a1bbdc6238eb5eb2fdf1b143e8b1ffa55a9e5a0a7eb

SHA512
13038d961a8faad56de3281c868f690f142303c67bc461f673f9c1b595315176adc919a26817ff9e43a7104fd5f56b114ccded5e2b96a20bb64e4ee462fbfb30

Download Submit
C:\Program Files\CPUID\CPU-Z\cpuz.ini
Filesize
592B

MD5
68fa73650d11ecf7ba6d952d96428930

SHA1
085311e1caf56c915027c975bde6f52a9a07b53e

SHA256
95e4d2ca7b2eba8593331f612f51b9a7a89eaa4104c54000ccacd658d51cf55d

SHA512
0e884d24ad793ef71ca320fda8c384a269fbcd8129c2ea52b401fdf49024257f18fe094dcf13e69dc71be0e72fbc9497132221489471313a408b1a01d841f6c9

Download Submit
C:\Program Files\CPUID\CPU-Z\cpuz_readme.txt
Filesize
34KB

MD5
653508e9e2434b037b9b74bd0c53cf5a

SHA1
fbdac26d940e74206226b2648c038b8d233ebaa2

SHA256
c33fd74778c710c6bfe48d4cb6c50585292820157d06f43af37994bdbe41859e

SHA512
4485575e8d3c8827d6e40b18d7090e579fb8db782536a7acde7183469c2d79fa57b4494d5be35c6e303a0846ba0f7251cae25dff3c727dc92956c71ad8bdce50

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-J34T3.tmp\cpu-z_2.05-en.tmp
Filesize
702KB

MD5
1afbd25db5c9a90fe05309f7c4fbcf09

SHA1
baf330b5c249ca925b4ea19a52fe8b2c27e547fa

SHA256
3bb0ee5569fe5453c6b3fa25aa517b925d4f8d1f7ba3475e58fa09c46290658c

SHA512
3a448f06862c6d163fd58b68b836d866ae513e04a69774abf5a0c5b7df74f5b9ee37240083760185618c5068bf93e7fd812e76b3e530639111fb1d74f4d28419

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-J34T3.tmp\cpu-z_2.05-en.tmp
Filesize
702KB

MD5
1afbd25db5c9a90fe05309f7c4fbcf09

SHA1
baf330b5c249ca925b4ea19a52fe8b2c27e547fa

SHA256
3bb0ee5569fe5453c6b3fa25aa517b925d4f8d1f7ba3475e58fa09c46290658c

SHA512
3a448f06862c6d163fd58b68b836d866ae513e04a69774abf5a0c5b7df74f5b9ee37240083760185618c5068bf93e7fd812e76b3e530639111fb1d74f4d28419

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-OE8EG.tmp\_isetup\_setup64.tmp
Filesize
6KB

MD5
e4211d6d009757c078a9fac7ff4f03d4

SHA1
019cd56ba687d39d12d4b13991c9a42ea6ba03da

SHA256
388a796580234efc95f3b1c70ad4cb44bfddc7ba0f9203bf4902b9929b136f95

SHA512
17257f15d843e88bb78adcfb48184b8ce22109cc2c99e709432728a392afae7b808ed32289ba397207172de990a354f15c2459b6797317da8ea18b040c85787e

Download Submit
C:\Windows\Temp\cpuz_driver_1708.log
Filesize
417B

MD5
8bd622c1c4e88662b02e8b53188f47e6

SHA1
773b00a7121e10ffbd2f6c5f0be3d5610fd7ca04

SHA256
3ff82e1da9b7a3473e8293d2c80d5bb5c34f830e6746fe6ccec6e1f678996a56

SHA512
05bdb668f8db5af680bab8208b3a28595fc14bb291002c51c3ccaeda337a4a5513e9210049fb7b311e884ddb10a381f9a3fd1370eb1730031d7400bb01e26b1d

Download Submit
C:\Windows\temp\cpuz_driver_1708.log
Filesize
2KB

MD5
bbbb573386714bcaa62d5c29ade2c900

SHA1
d7e9c4c411ace7d67c6228ef6d24727a501afd74

SHA256
fce198ae90486bf40c93ce4407e60e912eaa4a44525a052a20d7ef8c8bac4ba1

SHA512
80e387b5a8ac62640367f17b57e379490dc5b38319182e2c47932434be8badfff2cd6e1ac8b26d85a050227b9ba859d0d3749a353bbf7f3ca6235a6a0ec393a2

Download Submit
\Program Files\CPUID\CPU-Z\cpuz.exe
Filesize
4.4MB

MD5
853569e2fabd5654df411853bafb3641

SHA1
13336b4ba5ec738f99361cbca8877b256e6ce7c3

SHA256
39c492ee4b10239d2c4a2a1bbdc6238eb5eb2fdf1b143e8b1ffa55a9e5a0a7eb

SHA512
13038d961a8faad56de3281c868f690f142303c67bc461f673f9c1b595315176adc919a26817ff9e43a7104fd5f56b114ccded5e2b96a20bb64e4ee462fbfb30

Download Submit
\Program Files\CPUID\CPU-Z\cpuz.exe
Filesize
4.4MB

MD5
853569e2fabd5654df411853bafb3641

SHA1
13336b4ba5ec738f99361cbca8877b256e6ce7c3

SHA256
39c492ee4b10239d2c4a2a1bbdc6238eb5eb2fdf1b143e8b1ffa55a9e5a0a7eb

SHA512
13038d961a8faad56de3281c868f690f142303c67bc461f673f9c1b595315176adc919a26817ff9e43a7104fd5f56b114ccded5e2b96a20bb64e4ee462fbfb30

Download Submit
\Program Files\CPUID\CPU-Z\cpuz.exe
Filesize
4.4MB

MD5
853569e2fabd5654df411853bafb3641

SHA1
13336b4ba5ec738f99361cbca8877b256e6ce7c3

SHA256
39c492ee4b10239d2c4a2a1bbdc6238eb5eb2fdf1b143e8b1ffa55a9e5a0a7eb

SHA512
13038d961a8faad56de3281c868f690f142303c67bc461f673f9c1b595315176adc919a26817ff9e43a7104fd5f56b114ccded5e2b96a20bb64e4ee462fbfb30

Download Submit
\Program Files\CPUID\CPU-Z\cpuz.exe
Filesize
4.4MB

MD5
853569e2fabd5654df411853bafb3641

SHA1
13336b4ba5ec738f99361cbca8877b256e6ce7c3

SHA256
39c492ee4b10239d2c4a2a1bbdc6238eb5eb2fdf1b143e8b1ffa55a9e5a0a7eb

SHA512
13038d961a8faad56de3281c868f690f142303c67bc461f673f9c1b595315176adc919a26817ff9e43a7104fd5f56b114ccded5e2b96a20bb64e4ee462fbfb30

Download Submit
\Program Files\CPUID\CPU-Z\cpuz.exe
Filesize
4.4MB

MD5
853569e2fabd5654df411853bafb3641

SHA1
13336b4ba5ec738f99361cbca8877b256e6ce7c3

SHA256
39c492ee4b10239d2c4a2a1bbdc6238eb5eb2fdf1b143e8b1ffa55a9e5a0a7eb

SHA512
13038d961a8faad56de3281c868f690f142303c67bc461f673f9c1b595315176adc919a26817ff9e43a7104fd5f56b114ccded5e2b96a20bb64e4ee462fbfb30

Download Submit
\Program Files\CPUID\CPU-Z\cpuz.exe
Filesize
4.4MB

MD5
853569e2fabd5654df411853bafb3641

SHA1
13336b4ba5ec738f99361cbca8877b256e6ce7c3

SHA256
39c492ee4b10239d2c4a2a1bbdc6238eb5eb2fdf1b143e8b1ffa55a9e5a0a7eb

SHA512
13038d961a8faad56de3281c868f690f142303c67bc461f673f9c1b595315176adc919a26817ff9e43a7104fd5f56b114ccded5e2b96a20bb64e4ee462fbfb30

Download Submit
\Program Files\CPUID\CPU-Z\cpuz.exe
Filesize
4.4MB

MD5
853569e2fabd5654df411853bafb3641

SHA1
13336b4ba5ec738f99361cbca8877b256e6ce7c3

SHA256
39c492ee4b10239d2c4a2a1bbdc6238eb5eb2fdf1b143e8b1ffa55a9e5a0a7eb

SHA512
13038d961a8faad56de3281c868f690f142303c67bc461f673f9c1b595315176adc919a26817ff9e43a7104fd5f56b114ccded5e2b96a20bb64e4ee462fbfb30

Download Submit
\Program Files\CPUID\CPU-Z\cpuz.exe
Filesize
4.4MB

MD5
853569e2fabd5654df411853bafb3641

SHA1
13336b4ba5ec738f99361cbca8877b256e6ce7c3

SHA256
39c492ee4b10239d2c4a2a1bbdc6238eb5eb2fdf1b143e8b1ffa55a9e5a0a7eb

SHA512
13038d961a8faad56de3281c868f690f142303c67bc461f673f9c1b595315176adc919a26817ff9e43a7104fd5f56b114ccded5e2b96a20bb64e4ee462fbfb30

Download Submit
\Program Files\CPUID\CPU-Z\cpuz.exe
Filesize
4.4MB

MD5
853569e2fabd5654df411853bafb3641

SHA1
13336b4ba5ec738f99361cbca8877b256e6ce7c3

SHA256
39c492ee4b10239d2c4a2a1bbdc6238eb5eb2fdf1b143e8b1ffa55a9e5a0a7eb

SHA512
13038d961a8faad56de3281c868f690f142303c67bc461f673f9c1b595315176adc919a26817ff9e43a7104fd5f56b114ccded5e2b96a20bb64e4ee462fbfb30

Download Submit
\Program Files\CPUID\CPU-Z\cpuz.exe
Filesize
4.4MB

MD5
853569e2fabd5654df411853bafb3641

SHA1
13336b4ba5ec738f99361cbca8877b256e6ce7c3

SHA256
39c492ee4b10239d2c4a2a1bbdc6238eb5eb2fdf1b143e8b1ffa55a9e5a0a7eb

SHA512
13038d961a8faad56de3281c868f690f142303c67bc461f673f9c1b595315176adc919a26817ff9e43a7104fd5f56b114ccded5e2b96a20bb64e4ee462fbfb30

Download Submit
\Program Files\CPUID\CPU-Z\cpuz.exe
Filesize
4.4MB

MD5
853569e2fabd5654df411853bafb3641

SHA1
13336b4ba5ec738f99361cbca8877b256e6ce7c3

SHA256
39c492ee4b10239d2c4a2a1bbdc6238eb5eb2fdf1b143e8b1ffa55a9e5a0a7eb

SHA512
13038d961a8faad56de3281c868f690f142303c67bc461f673f9c1b595315176adc919a26817ff9e43a7104fd5f56b114ccded5e2b96a20bb64e4ee462fbfb30

Download Submit
\Program Files\CPUID\CPU-Z\cpuz.exe
Filesize
4.4MB

MD5
853569e2fabd5654df411853bafb3641

SHA1
13336b4ba5ec738f99361cbca8877b256e6ce7c3

SHA256
39c492ee4b10239d2c4a2a1bbdc6238eb5eb2fdf1b143e8b1ffa55a9e5a0a7eb

SHA512
13038d961a8faad56de3281c868f690f142303c67bc461f673f9c1b595315176adc919a26817ff9e43a7104fd5f56b114ccded5e2b96a20bb64e4ee462fbfb30

Download Submit
\Program Files\CPUID\CPU-Z\cpuz.exe
Filesize
4.4MB

MD5
853569e2fabd5654df411853bafb3641

SHA1
13336b4ba5ec738f99361cbca8877b256e6ce7c3

SHA256
39c492ee4b10239d2c4a2a1bbdc6238eb5eb2fdf1b143e8b1ffa55a9e5a0a7eb

SHA512
13038d961a8faad56de3281c868f690f142303c67bc461f673f9c1b595315176adc919a26817ff9e43a7104fd5f56b114ccded5e2b96a20bb64e4ee462fbfb30

Download Submit
\Program Files\CPUID\CPU-Z\unins000.exe
Filesize
713KB

MD5
d1c46c8fc337c9c4cbab797137939d53

SHA1
c7fca9d35fff8db9e2b1da7a7ceeb2ab2bdca283

SHA256
798eecebb059f2c27383816be38a2e8ee9a2f05eabd2028fb8d7bcda58caa597

SHA512
5b87b887f09dfd7ccda277168179e7b19a9ad15b09924f081cf45a0a7008fcbc3c1e7cc9d5b278d5463a3be9a1175dc35c1759efcc300ce19ec32e92381acf62

Download Submit
\Users\Admin\AppData\Local\Temp\is-J34T3.tmp\cpu-z_2.05-en.tmp
Filesize
702KB

MD5
1afbd25db5c9a90fe05309f7c4fbcf09

SHA1
baf330b5c249ca925b4ea19a52fe8b2c27e547fa

SHA256
3bb0ee5569fe5453c6b3fa25aa517b925d4f8d1f7ba3475e58fa09c46290658c

SHA512
3a448f06862c6d163fd58b68b836d866ae513e04a69774abf5a0c5b7df74f5b9ee37240083760185618c5068bf93e7fd812e76b3e530639111fb1d74f4d28419

Download Submit
\Users\Admin\AppData\Local\Temp\is-OE8EG.tmp\_isetup\_setup64.tmp
Filesize
6KB

MD5
e4211d6d009757c078a9fac7ff4f03d4

SHA1
019cd56ba687d39d12d4b13991c9a42ea6ba03da

SHA256
388a796580234efc95f3b1c70ad4cb44bfddc7ba0f9203bf4902b9929b136f95

SHA512
17257f15d843e88bb78adcfb48184b8ce22109cc2c99e709432728a392afae7b808ed32289ba397207172de990a354f15c2459b6797317da8ea18b040c85787e

Download Submit
memory/332-64-0x0000000000400000-0x00000000004BF000-memory.dmp

Filesize
764KB

Download
memory/332-108-0x0000000000400000-0x00000000004BF000-memory.dmp

Filesize
764KB

Download
memory/332-62-0x0000000000240000-0x0000000000241000-memory.dmp

Filesize
4KB

Download
memory/332-66-0x0000000000400000-0x00000000004BF000-memory.dmp

Filesize
764KB

Download
memory/332-101-0x0000000000400000-0x00000000004BF000-memory.dmp

Filesize
764KB

Download
memory/1160-162-0x0000000002980000-0x0000000002981000-memory.dmp

Filesize
4KB

Download
memory/1628-163-0x00000000026E0000-0x00000000026E1000-memory.dmp

Filesize
4KB

Download
memory/1996-63-0x0000000000400000-0x0000000000415000-memory.dmp

Filesize
84KB

Download
memory/1996-54-0x0000000000400000-0x0000000000415000-memory.dmp

Filesize
84KB

Download
memory/1996-109-0x0000000000400000-0x0000000000415000-memory.dmp

Filesize
84KB

Download

Analysis

Sharing

Errors

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix ATT&CK v6

Replay Monitor

Loading Replay Monitor...

Downloads