Windows Analysis Report
074kFuPFv8.exe

Overview

General Information

Sample name: 074kFuPFv8.exe
renamed because original name is a hash value
Original sample name: 9c1129a7ffa519f670ca67fdec455f2b39a54b00745d06012cccef6e4b5f2ce1.exe
Analysis ID: 1545581
MD5: fc5134ba4711406149556e32d47773aa
SHA1: 24e23d1ce7273410b778a36aaa8191c3abeedf3e
SHA256: 9c1129a7ffa519f670ca67fdec455f2b39a54b00745d06012cccef6e4b5f2ce1
Tags: exeuser-MaxMax66
Infos:

Detection

Score: 40
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Compliance

Score: 32
Range: 0 - 100

Signatures

Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Contains functionality to detect sleep reduction / modifications
Creates files in the recycle bin to hide itself
Installs Task Scheduler Managed Wrapper
Machine Learning detection for dropped file
Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
Tries to delay execution (extensive OutputDebugStringW loop)
Abnormal high CPU Usage
Adds / modifies Windows certificates
Allocates memory with a write watch (potentially for evading sandboxes)
Checks for available system drives (often done to infect USB drives)
Contains functionality for read data from the clipboard
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to detect virtual machines (SLDT)
Contains functionality to dynamically determine API calls
Contains functionality to modify clipboard data
Contains functionality to query locales information (e.g. system language)
Contains functionality to retrieve information about pressed keystrokes
Contains functionality to shutdown / reboot the system
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Deletes files inside the Windows folder
Detected potential crypto function
Dropped file seen in connection with other malware
Drops PE files
Drops PE files to the windows directory (C:\Windows)
EXE planting / hijacking vulnerabilities found
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found evaded block containing many API calls
Found evasive API chain (may stop execution after checking a module file name)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
Launches processes in debugging mode, may be used to hinder debugging
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
Potential key logger detected (key state polling based)
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Stores files to the Windows start menu directory
Stores large binary data to the registry
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Very long cmdline option found, this is very uncommon (may be encrypted or packed)

Classification

AV Detection
barindex
Multi AV Scanner detection for dropped file
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe ReversingLabs: Detection: 33%
Source: C:\Program Files (x86)\CPU Guardian\Splash.exe ReversingLabs: Detection: 29%
Source: C:\Program Files (x86)\CPU Guardian\updater.exe ReversingLabs: Detection: 27%
Source: C:\Users\user\AppData\Roaming\CPU Guardian\CPU Guardian 2.6.1\install\1652F6D\CPUGuardian.exe ReversingLabs: Detection: 33%
Source: C:\Users\user\AppData\Roaming\CPU Guardian\CPU Guardian 2.6.1\install\1652F6D\Splash.exe ReversingLabs: Detection: 29%
Multi AV Scanner detection for submitted file
Source: 074kFuPFv8.exe ReversingLabs: Detection: 39%
Machine Learning detection for dropped file
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Joe Sandbox ML: detected
EXE planting / hijacking vulnerabilities found
Source: C:\Users\user\Desktop\074kFuPFv8.exe EXE: C:\Users\user\AppData\Roaming\CPU Guardian\CPU Guardian 2.6.1\install\1652F6D\InstAct.exe Jump to behavior
Source: C:\Users\user\Desktop\074kFuPFv8.exe EXE: C:\Users\user\AppData\Roaming\CPU Guardian\CPU Guardian 2.6.1\install\1652F6D\updater.exe Jump to behavior
Source: C:\Users\user\Desktop\074kFuPFv8.exe EXE: C:\Users\user\AppData\Roaming\CPU Guardian\CPU Guardian 2.6.1\install\1652F6D\CPUGuardian.exe Jump to behavior
Source: C:\Users\user\Desktop\074kFuPFv8.exe EXE: C:\Users\user\AppData\Roaming\CPU Guardian\CPU Guardian 2.6.1\install\1652F6D\Splash.exe Jump to behavior

Compliance
barindex
EXE planting / hijacking vulnerabilities found
Source: C:\Users\user\Desktop\074kFuPFv8.exe EXE: C:\Users\user\AppData\Roaming\CPU Guardian\CPU Guardian 2.6.1\install\1652F6D\InstAct.exe Jump to behavior
Source: C:\Users\user\Desktop\074kFuPFv8.exe EXE: C:\Users\user\AppData\Roaming\CPU Guardian\CPU Guardian 2.6.1\install\1652F6D\updater.exe Jump to behavior
Source: C:\Users\user\Desktop\074kFuPFv8.exe EXE: C:\Users\user\AppData\Roaming\CPU Guardian\CPU Guardian 2.6.1\install\1652F6D\CPUGuardian.exe Jump to behavior
Source: C:\Users\user\Desktop\074kFuPFv8.exe EXE: C:\Users\user\AppData\Roaming\CPU Guardian\CPU Guardian 2.6.1\install\1652F6D\Splash.exe Jump to behavior
Uses 32bit PE files
Source: 074kFuPFv8.exe Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: 074kFuPFv8.exe Static PE information: certificate valid
Source: 074kFuPFv8.exe Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: Binary string: d:\BitBucketGit\CPU Guardian\bo\obj\Release\bo.pdbD7^7 P7_CorDllMainmscoree.dll source: 074kFuPFv8.exe, 00000000.00000003.1712561481.000000000544E000.00000004.00000020.00020000.00000000.sdmp, CPUGuardian.exe, 0000000A.00000002.4166623593.0000000008482000.00000002.00000001.01000000.00000013.sdmp, bo.dll.0.dr
Source: Binary string: d:\BitBucketGit\CPU Guardian\RegCleaner\obj\Release\CPUGuardian.pdb source: 074kFuPFv8.exe, 00000000.00000003.1712561481.000000000544E000.00000004.00000020.00020000.00000000.sdmp, CPUGuardian.exe, 0000000A.00000000.1737687137.0000000000272000.00000002.00000001.01000000.00000006.sdmp, CPUGuardian.exe.2.dr
Source: Binary string: C:\src\wix39r2\build\ship\x86\SfxCA.pdb source: 074kFuPFv8.exe, 00000000.00000003.1712561481.0000000005ECF000.00000004.00000020.00020000.00000000.sdmp, Uninst000.CA.dll.2.dr, Uninst000.CA.dll.0.dr
Source: Binary string: d:\BitBucketGit\CPU Guardian\Setup\obj\Release\Setup.pdb source: 074kFuPFv8.exe, 00000000.00000003.1712561481.0000000005E72000.00000004.00000020.00020000.00000000.sdmp, CPUGuardian.exe, 0000000D.00000002.1794851263.0000000006022000.00000002.00000001.01000000.0000000C.sdmp
Source: Binary string: $^q:C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdbd source: CPUGuardian.exe, 0000000A.00000002.4154911978.0000000002B66000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: <filename>C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\winload_prod.pdb</filename> source: fileerrors_data.10.dr
Source: Binary string: ntkrnlmp.pdb source: CPUGuardian.exe, 0000000A.00000002.4154911978.0000000002B66000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: d:\BitBucketGit\CPU Guardian\CustomActions\CustomAction1\obj\x86\Release\Uninst000.pdb source: 074kFuPFv8.exe, 00000000.00000003.1712561481.0000000005ED7000.00000004.00000020.00020000.00000000.sdmp, Uninst000.dll.0.dr, Uninst000.dll.2.dr
Source: Binary string: $^qgC:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\download.error source: CPUGuardian.exe, 0000000A.00000002.4154911978.0000000002B66000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: d:\BitBucketGit\CPU Guardian\bo\obj\Release\bo.pdb source: 074kFuPFv8.exe, 00000000.00000003.1712561481.000000000544E000.00000004.00000020.00020000.00000000.sdmp, CPUGuardian.exe, CPUGuardian.exe, 0000000A.00000002.4166623593.0000000008482000.00000002.00000001.01000000.00000013.sdmp, bo.dll.0.dr
Source: Binary string: E:\Point\win\Release\stubs\x86\ExternalUi.pdbL source: 074kFuPFv8.exe
Source: Binary string: AcroExch.PDBookmark.1 source: CPUGuardian.exe, 0000000A.00000002.4154911978.0000000002B66000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: <filename>C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\download.error</filename> source: fileerrors_data.10.dr
Source: Binary string: winload_prod.pdb source: CPUGuardian.exe, 0000000A.00000002.4154911978.0000000002B66000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: E:\Point\win\Release\stubs\x86\Updater.pdb source: 074kFuPFv8.exe, 00000000.00000003.1712561481.000000000544E000.00000004.00000020.00020000.00000000.sdmp, updater.exe.2.dr
Source: Binary string: d:\BitBucketGit\CPU Guardian\RegCleaner\obj\Release\CPUGuardian.pdb| source: 074kFuPFv8.exe, 00000000.00000003.1712561481.000000000544E000.00000004.00000020.00020000.00000000.sdmp, CPUGuardian.exe, 0000000A.00000000.1737687137.0000000000272000.00000002.00000001.01000000.00000006.sdmp, CPUGuardian.exe.2.dr
Source: Binary string: d:\ComponentFactory\Build Krypton\Source\Krypton Components\ComponentFactory.Krypton.Toolkit\obj\Release\ComponentFactory.Krypton.Toolkit.pdb source: 074kFuPFv8.exe, 00000000.00000003.1712561481.000000000544E000.00000004.00000020.00020000.00000000.sdmp, CPUGuardian.exe, 0000000D.00000002.1795714523.0000000006B42000.00000002.00000001.01000000.0000000D.sdmp, ComponentFactory.Krypton.Toolkit.dll.2.dr
Source: Binary string: d:\BitBucketGit\CPU Guardian\Setup\obj\Release\Setup.pdbL8n8 `8_CorDllMainmscoree.dll source: 074kFuPFv8.exe, 00000000.00000003.1712561481.0000000005E72000.00000004.00000020.00020000.00000000.sdmp, CPUGuardian.exe, 0000000D.00000002.1794851263.0000000006022000.00000002.00000001.01000000.0000000C.sdmp
Source: Binary string: E:\Point\win\Release\custact\x86\AICustAct.pdb source: 074kFuPFv8.exe, 00000000.00000003.1678986166.0000000003E8D000.00000004.00000020.00020000.00000000.sdmp, MSI601F.tmp.2.dr, MSI5FAF.tmp.2.dr, CPUGuardian.msi.0.dr, 5d5e38.msi.2.dr
Source: Binary string: E:\Point\win\Release\custact\x86\ResourceCleaner.pdb source: 074kFuPFv8.exe, 00000000.00000003.1678986166.0000000003EFA000.00000004.00000020.00020000.00000000.sdmp, MSI608E.tmp.2.dr, CPUGuardian.msi.0.dr, 5d5e38.msi.2.dr, MSI63DD.tmp.2.dr
Source: Binary string: $^qeC:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\ntkrnlmp.pdb source: CPUGuardian.exe, 0000000A.00000002.4154911978.0000000002B66000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: C:\Users\dahall\Documents\Visual Studio 2010\Projects\TaskService\obj\Release\Microsoft.Win32.TaskScheduler.pdb source: 074kFuPFv8.exe, 00000000.00000003.1712561481.0000000005E72000.00000004.00000020.00020000.00000000.sdmp, CPUGuardian.exe, CPUGuardian.exe, 0000000A.00000002.4177985426.0000000009FC2000.00000002.00000001.01000000.00000014.sdmp, Microsoft.Win32.TaskScheduler.dll.2.dr
Source: Binary string: d:\BitBucketGit\CPU Guardian\Logging\obj\Release\Logging.pdb source: 074kFuPFv8.exe, 00000000.00000003.1712561481.0000000005E43000.00000004.00000020.00020000.00000000.sdmp, CPUGuardian.exe, 0000000D.00000002.1793712666.0000000003422000.00000002.00000001.01000000.0000000A.sdmp, Logging.dll.0.dr
Source: Binary string: $^qmC:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\winload_prod.pdb source: CPUGuardian.exe, 0000000A.00000002.4154911978.0000000002B66000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: d:\BitBucketGit\CPU Guardian\InstallerActions\obj\x86\Release\InstAct.pdb source: 074kFuPFv8.exe, 00000000.00000003.1712561481.000000000544E000.00000004.00000020.00020000.00000000.sdmp, InstAct.exe, 0000000B.00000000.1739518695.0000000000AB2000.00000002.00000001.01000000.00000009.sdmp
Source: Binary string: $^qXC:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831d source: CPUGuardian.exe, 0000000A.00000002.4154911978.0000000002B66000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: C:\Users\dahall\Documents\Visual Studio 2010\Projects\TaskService\obj\Release\Microsoft.Win32.TaskScheduler.pdbt source: 074kFuPFv8.exe, 00000000.00000003.1712561481.0000000005E72000.00000004.00000020.00020000.00000000.sdmp, CPUGuardian.exe, 0000000A.00000002.4177985426.0000000009FC2000.00000002.00000001.01000000.00000014.sdmp, Microsoft.Win32.TaskScheduler.dll.2.dr
Source: Binary string: c:\src\wix39r2\build\obj\ship\x86\WindowsInstaller\Microsoft.Deployment.WindowsInstaller.pdb source: 074kFuPFv8.exe, 00000000.00000003.1712561481.0000000005E43000.00000004.00000020.00020000.00000000.sdmp, Microsoft.Deployment.WindowsInstaller.dll.0.dr, Microsoft.Deployment.WindowsInstaller.dll.2.dr
Source: Binary string: F.pdb source: 074kFuPFv8.exe, 00000000.00000003.1712561481.000000000544E000.00000004.00000020.00020000.00000000.sdmp, CPUGuardian.exe, 0000000A.00000000.1737687137.0000000000272000.00000002.00000001.01000000.00000006.sdmp, CPUGuardian.exe.2.dr
Source: Binary string: $^q\C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2d source: CPUGuardian.exe, 0000000A.00000002.4154911978.0000000002B66000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: $^qkC:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\download.error source: CPUGuardian.exe, 0000000A.00000002.4154911978.0000000002B66000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: E:\Point\win\Release\custact\x86\ShortcutFlags.pdb source: 074kFuPFv8.exe, 00000000.00000003.1678986166.0000000003E8D000.00000004.00000020.00020000.00000000.sdmp, CPUGuardian.msi.0.dr, 5d5e38.msi.2.dr
Source: Binary string: d:\BitBucketGit\CPU Guardian\Splash\obj\x86\Release\Splash.pdb source: 074kFuPFv8.exe, 00000000.00000003.1712561481.000000000544E000.00000004.00000020.00020000.00000000.sdmp, Splash.exe.0.dr, Splash.exe.2.dr
Source: Binary string: <filename>C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\download.error</filename> source: fileerrors_data.10.dr
Source: Binary string: AcroExch.PDBookmark source: CPUGuardian.exe, 0000000A.00000002.4154911978.0000000002B66000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: E:\Point\win\Release\stubs\x86\ExternalUi.pdb source: 074kFuPFv8.exe
Source: Binary string: $^q6C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdbd source: CPUGuardian.exe, 0000000A.00000002.4154911978.0000000002B66000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: <filename>C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\ntkrnlmp.pdb</filename> source: fileerrors_data.10.dr
Checks for available system drives (often done to infect USB drives)
Source: C:\Windows\System32\msiexec.exe File opened: z: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: x: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: v: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: t: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: r: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: p: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: n: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: l: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: j: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: h: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: f: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: b: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: y: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: w: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: u: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: s: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: q: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: o: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: m: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: k: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: i: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: g: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: e: Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe File opened: c: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: a: Jump to behavior
Source: C:\Users\user\Desktop\074kFuPFv8.exe Code function: 0_2_002ACFAA FindFirstFileW,FindNextFileW,FindNextFileW,FindNextFileW,FindClose,FindClose, 0_2_002ACFAA
Source: C:\Users\user\Desktop\074kFuPFv8.exe Code function: 0_2_002A9090 __recalloc,_memset,FindFirstFileW,FindClose,CloseHandle,CloseHandle,CloseHandle,CloseHandle,CloseHandle,CloseHandle,CloseHandle,CloseHandle, 0_2_002A9090
Source: C:\Users\user\Desktop\074kFuPFv8.exe Code function: 0_2_002AD1CC FindFirstFileW,FindClose,FindClose, 0_2_002AD1CC
Source: C:\Users\user\Desktop\074kFuPFv8.exe Code function: 0_2_00299410 FindFirstFileW,FindClose,FindClose, 0_2_00299410
Source: C:\Users\user\Desktop\074kFuPFv8.exe Code function: 0_2_002A9A11 _memset,FindFirstFileW,FindClose, 0_2_002A9A11
Source: C:\Users\user\Desktop\074kFuPFv8.exe Code function: 0_2_00298750 _memset,FindFirstFileW,FindClose,FindFirstFileW,FindClose,FindClose,FindClose,FindClose,FindClose, 0_2_00298750
Source: C:\Users\user\Desktop\074kFuPFv8.exe Code function: 0_2_002B886D FindFirstFileW,FindClose,FindClose, 0_2_002B886D
Source: C:\Users\user\Desktop\074kFuPFv8.exe Code function: 0_2_00298A30 _wcslen,_memset,FindFirstFileW,FindClose,FindNextFileW,_memcpy_s,_wcslen,FindNextFileW,RemoveDirectoryW,_wcslen,FindNextFileW,DeleteFileW, 0_2_00298A30
Source: C:\Users\user\Desktop\074kFuPFv8.exe Code function: 0_2_002BD9FD FindFirstFileW,FindNextFileW,FindNextFileW,FindClose,FindFirstFileW,FindClose,FindNextFileW,FindNextFileW,FindClose, 0_2_002BD9FD
Source: C:\Users\user\Desktop\074kFuPFv8.exe Code function: 0_2_0029E320 FindClose,FindResourceW,_wcslen,_memcpy_s,FindFirstFileW,_wcslen,GetFullPathNameW,GetFullPathNameW,GetFullPathNameW,_wcsnlen,FindClose,SetLastError,_wcsrchr,_wcsrchr,_wcsnlen, 0_2_0029E320
Source: C:\Users\user\Desktop\074kFuPFv8.exe Code function: 0_2_002AB89C FindFirstFileW,FindClose,FindClose, 0_2_002AB89C
Source: C:\Users\user\Desktop\074kFuPFv8.exe Code function: 0_2_002A7A7F FindFirstFileW,FindClose, 0_2_002A7A7F
Source: C:\Users\user\Desktop\074kFuPFv8.exe Code function: 0_2_002C7D7A GetWindowsDirectoryW,lstrcmpW,lstrlenW,FindFirstFileW,lstrlenW,DeleteFileW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW, 0_2_002C7D7A
Source: C:\Users\user\Desktop\074kFuPFv8.exe Code function: 0_2_00298E90 _wcsrchr,RemoveDirectoryW,GetLogicalDriveStringsW,GetDriveTypeW,FindResourceW,_wcslen,_memcpy_s,_wcslen,__recalloc, 0_2_00298E90
HTTP GET or POST without a user agent
Source: global traffic HTTP traffic detected: POST /callback/bo.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: label.shieldapps.bizContent-Length: 309Expect: 100-continueConnection: Keep-Alive
Source: global traffic HTTP traffic detected: POST /callback/bo.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: label.shieldapps.bizContent-Length: 453Expect: 100-continueConnection: Keep-Alive
Source: global traffic HTTP traffic detected: POST /callback/bo.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: label.shieldapps.bizContent-Length: 58Expect: 100-continueConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /guardian-cdn/tip.jpg HTTP/1.1Host: s3.amazonaws.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /guardian-cdn/tip2.jpg HTTP/1.1Host: s3.amazonaws.com
Source: global traffic HTTP traffic detected: POST /callback/bo.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: label.shieldapps.bizContent-Length: 29Expect: 100-continueConnection: Keep-Alive
Suricata IDS alerts with low severity for network traffic
Source: Network traffic Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49744 -> 52.216.184.133:80
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global traffic HTTP traffic detected: GET /guardian-cdn/tip.jpg HTTP/1.1Host: s3.amazonaws.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /guardian-cdn/tip2.jpg HTTP/1.1Host: s3.amazonaws.com
Source: 074kFuPFv8.exe, 00000000.00000003.1678986166.0000000003E8D000.00000004.00000020.00020000.00000000.sdmp, MSI601F.tmp.2.dr, MSI5FAF.tmp.2.dr, CPUGuardian.msi.0.dr, 5d5e38.msi.2.dr String found in binary or memory: INSERT INTO `` (`Property`, `Order`, `Value`, `Text`) VALUES (?,?,?,?) TEMPORARYComboBoxListBoxSELECT * FROM `%s` WHERE `Property`='%s' AND `Value`='%s'SELECT * FROM `%s` WHERE `Property`='%s'DELETE FROM `%s` WHERE `Property`='%s'RichEdit20W[1]SELECT `Message` FROM `Error` WHERE `Error` = %sSELECT `Text` FROM `UIText` WHERE `Key` = '%s'tmptmpALLUSERS = 1';WS_EX_LAYOUTRTLWS_EX_NOINHERITLAYOUTWS_EX_NOACTIVATEWS_EX_LAYEREDWS_EX_RIGHTWS_EX_RIGHTSCROLLBARWS_EX_WINDOWEDGEWS_EX_TRANSPARENTWS_EX_TOPMOSTWS_EX_TOOLWINDOWWS_EX_STATICEDGEWS_EX_RTLREADINGWS_EX_PALETTEWINDOWWS_EX_OVERLAPPEDWINDOWWS_EX_NOPARENTNOTIFYWS_EX_MDICHILDWS_EX_LTRREADINGWS_EX_LEFTSCROLLBARWS_EX_LEFTWS_EX_DLGMODALFRAMEWS_EX_CONTROLPARENTWS_EX_CONTEXTHELPWS_EX_CLIENTEDGEWS_EX_APPWINDOWWS_EX_ACCEPTFILESWS_TILEDWS_TILEDWINDOWWS_POPUPWS_POPUPWINDOWWS_OVERLAPPEDWS_OVERLAPPEDWINDOWWS_MINIMIZEWS_MINIMIZEBOXWS_MAXIMIZEWS_MAXIMIZEBOXWS_VSCROLLWS_VISIBLEWS_THICKFRAMEWS_TABSTOPWS_SYSMENUWS_SIZEBOXWS_ICONICWS_HSCROLLWS_GROUPWS_DLGFRAMEWS_DISABLEDWS_CLIPSIBLINGSWS_CLIPCHILDRENWS_CHILDWINDOWWS_CHILDWS_CAPTIONWS_BORDERWS_EXAI_TRIAL_MESSAGE_BODYAI_MSM_TRIAL_MESSAGE_BODYAI_APP_FILEAI_README_FILEAI_APP_ARGSGetProcessIdKernel32.dllMsiLogFileLocationrunasRunAsAdminFileRunAsAdminCmdRunAsAdminWorkingDir[AdminToolsFolder][TemplateFolder][StartupFolder][DesktopFolder][ProgramMenuFolder][WindowsVolume][SystemFolder][LocalAppDataFolder][WindowsFolder][AI_ProgramFiles][CommonFiles64Folder][LocalAppDataFolder]Programs\Common\[CommonFilesFolder][ProgramFiles64Folder][LocalAppDataFolder]Programs\[ProgramFilesFolder]MIGRATEFindRelatedProductsMigrateFeatureStatesAI_SETMIXINSTLOCATIONAPPDIRAI_RESTORE_LOCATIONSELECT `ActionProperty` FROM `Upgrade`SELECT `Action`,`Target` FROM `CustomAction`SET_APPDIRSET_SHORTCUTDIRSHORTCUTDIRAI_InstallPerUser = "0"ALLUSERS = "2"MSIINSTALLPERUSER = "1"1ALLUSERSVersionMsi >= "5.0"2AI_InstallPerUser = "1"MSIINSTALLPERUSERMSINEWINSTANCEProductLanguageAI_INTANCE_LOCATIONAI_UPGRADENoOLDPRODUCTSLanguageVersionStringInstallLocationAI_REPLACE_PRODUCTSAI_Replaced_Versions_ListAI_Upgrade_Replace_Question_YesBackUp_AI_Upgrade_Question_YesAI_Upgrade_Question_YesAI_Upgrade_Replace_Question_NoBackUp_AI_Upgrade_Question_NoAI_Upgrade_Question_NoYeslcSELECT `Data` FROM `Binary` WHERE `Name`='AI_DETECTVM_BINARY_IDAI_INSIDEVM2DELETE FROM `Shortcut` WHERE `Shortcut`.`Directory_`='%s'DELETE FROM `IniFile` WHERE `IniFile`.`Section`='InternetShortcut' AND`IniFile`.`DirProperty`='%s'SELECT * FROM `%s`ShortcutIniFileAI_DESKTOP_SH0|AI_STARTMENU_SHAI_QUICKLAUNCH_SHAI_STARTUP_SHAI_SHORTCUTSREGNot InstalledDesktopFolderQuickLaunch_DirStartupFolderProgramMenuFolderProgramMenuFolderProductName*.**.*AI_SH_DIRAI_PRINT_RTFSELECT `Text` FROM `Control` WHERE `Control`.`Dialog_`='%s' AND `Control`.`Control`='%s'.rtfprinthttp://www.example.comhttp://www.yahoo.comhttp://www.google.comAI_INET_CON_SUCCESSAI_INTERNET_CONNECTIONAI_INET_CON_FAILED -user -machine -quiet -addgroup All_CodeMy_Computer_Zone -url "*" Nothing -name
Source: 074kFuPFv8.exe, 00000000.00000000.1671511549.0000000000331000.00000002.00000001.01000000.00000003.sdmp, 074kFuPFv8.exe, 00000000.00000002.2421433407.0000000000331000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: [+.partHEADhttp://www.google.comhttp://www.yahoo.comhttp://www.example.comtin9999.tmpAdvancedInstallerGETwininet.dllFTP Server*/*HTTP/1.0Range: bytes=%u- equals www.yahoo.com (Yahoo)
Source: 074kFuPFv8.exe String found in binary or memory: [H.partHEADhttp://www.google.comhttp://www.yahoo.comhttp://www.example.comtin9999.tmpAdvancedInstallerGETwininet.dllFTP Server*/*HTTP/1.0Range: bytes=%u- equals www.yahoo.com (Yahoo)
Source: global traffic DNS traffic detected: DNS query: label.shieldapps.biz
Source: global traffic DNS traffic detected: DNS query: s3.amazonaws.com
Source: unknown HTTP traffic detected: POST /callback/bo.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: label.shieldapps.bizContent-Length: 309Expect: 100-continueConnection: Keep-Alive
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not Foundx-amz-request-id: NH12YT2K0FJB4JNSx-amz-id-2: 9tEegas5ryN5neUcZxprdjrtqVjnSTYYAo0EcWe0XChiINV7UvBJOQXCK07MbSLvOEQowGdMwBg=Content-Type: application/xmlTransfer-Encoding: chunkedDate: Wed, 30 Oct 2024 16:36:14 GMTServer: AmazonS3Data Raw: 31 32 65 0d 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 0a 3c 45 72 72 6f 72 3e 3c 43 6f 64 65 3e 4e 6f 53 75 63 68 42 75 63 6b 65 74 3c 2f 43 6f 64 65 3e 3c 4d 65 73 73 61 67 65 3e 54 68 65 20 73 70 65 63 69 66 69 65 64 20 62 75 63 6b 65 74 20 64 6f 65 73 20 6e 6f 74 20 65 78 69 73 74 3c 2f 4d 65 73 73 61 67 65 3e 3c 42 75 63 6b 65 74 4e 61 6d 65 3e 67 75 61 72 64 69 61 6e 2d 63 64 6e 3c 2f 42 75 63 6b 65 74 4e 61 6d 65 3e 3c 52 65 71 75 65 73 74 49 64 3e 4e 48 31 32 59 54 32 4b 30 46 4a 42 34 4a 4e 53 3c 2f 52 65 71 75 65 73 74 49 64 3e 3c 48 6f 73 74 49 64 3e 39 74 45 65 67 61 73 35 72 79 4e 35 6e 65 55 63 5a 78 70 72 64 6a 72 74 71 56 6a 6e 53 54 59 59 41 6f 30 45 63 57 65 30 58 43 68 69 49 4e 56 37 55 76 42 4a 4f 51 58 43 4b 30 37 4d 62 53 4c 76 4f 45 51 6f 77 47 64 4d 77 42 67 3d 3c 2f 48 6f 73 74 49 64 3e 3c 2f 45 72 72 6f 72 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 12e<?xml version="1.0" encoding="UTF-8"?><Error><Code>NoSuchBucket</Code><Message>The specified bucket does not exist</Message><BucketName>guardian-cdn</BucketName><RequestId>NH12YT2K0FJB4JNS</RequestId><HostId>9tEegas5ryN5neUcZxprdjrtqVjnSTYYAo0EcWe0XChiINV7UvBJOQXCK07MbSLvOEQowGdMwBg=</HostId></Error>0
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not Foundx-amz-request-id: NH1D185GCN6C5GWCx-amz-id-2: F38DHJNfP00qdRYtSArS6Gw43PBctKx80kqfDY7dOLp7Gn64hVIn7vCUq+NPVwH6UruOfW0DUmY=Content-Type: application/xmlTransfer-Encoding: chunkedDate: Wed, 30 Oct 2024 16:36:14 GMTServer: AmazonS3Data Raw: 31 32 65 0d 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 0a 3c 45 72 72 6f 72 3e 3c 43 6f 64 65 3e 4e 6f 53 75 63 68 42 75 63 6b 65 74 3c 2f 43 6f 64 65 3e 3c 4d 65 73 73 61 67 65 3e 54 68 65 20 73 70 65 63 69 66 69 65 64 20 62 75 63 6b 65 74 20 64 6f 65 73 20 6e 6f 74 20 65 78 69 73 74 3c 2f 4d 65 73 73 61 67 65 3e 3c 42 75 63 6b 65 74 4e 61 6d 65 3e 67 75 61 72 64 69 61 6e 2d 63 64 6e 3c 2f 42 75 63 6b 65 74 4e 61 6d 65 3e 3c 52 65 71 75 65 73 74 49 64 3e 4e 48 31 44 31 38 35 47 43 4e 36 43 35 47 57 43 3c 2f 52 65 71 75 65 73 74 49 64 3e 3c 48 6f 73 74 49 64 3e 46 33 38 44 48 4a 4e 66 50 30 30 71 64 52 59 74 53 41 72 53 36 47 77 34 33 50 42 63 74 4b 78 38 30 6b 71 66 44 59 37 64 4f 4c 70 37 47 6e 36 34 68 56 49 6e 37 76 43 55 71 2b 4e 50 56 77 48 36 55 72 75 4f 66 57 30 44 55 6d 59 3d 3c 2f 48 6f 73 74 49 64 3e 3c 2f 45 72 72 6f 72 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 12e<?xml version="1.0" encoding="UTF-8"?><Error><Code>NoSuchBucket</Code><Message>The specified bucket does not exist</Message><BucketName>guardian-cdn</BucketName><RequestId>NH1D185GCN6C5GWC</RequestId><HostId>F38DHJNfP00qdRYtSArS6Gw43PBctKx80kqfDY7dOLp7Gn64hVIn7vCUq+NPVwH6UruOfW0DUmY=</HostId></Error>0
Source: 074kFuPFv8.exe, MSI608E.tmp.2.dr, MSI601F.tmp.2.dr, MSI5FAF.tmp.2.dr, CPUGuardian.msi.0.dr, 5d5e38.msi.2.dr, MSI63DD.tmp.2.dr, decoder.dll.0.dr, MSI5FFE.tmp.2.dr String found in binary or memory: http://crl.thawte.com/ThawtePCA.crl0
Source: 074kFuPFv8.exe, Splash.exe.0.dr, updater.exe.2.dr, CPUGuardian.msi.0.dr, 5d5e38.msi.2.dr, CPUGuardian.exe.2.dr, Splash.exe.2.dr String found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0
Source: 074kFuPFv8.exe, MSI608E.tmp.2.dr, MSI601F.tmp.2.dr, MSI5FAF.tmp.2.dr, CPUGuardian.msi.0.dr, 5d5e38.msi.2.dr, MSI63DD.tmp.2.dr, decoder.dll.0.dr, MSI5FFE.tmp.2.dr String found in binary or memory: http://cs-g2-crl.thawte.com/ThawteCSG2.crl0
Source: InstAct.exe, 0000000B.00000002.2403620172.0000000002EF1000.00000004.00000800.00020000.00000000.sdmp, InstAct.exe, 0000000B.00000002.2403620172.0000000002ED7000.00000004.00000800.00020000.00000000.sdmp, InstAct.exe, 00000013.00000002.2418595283.0000000002F03000.00000004.00000800.00020000.00000000.sdmp, InstAct.exe, 00000013.00000002.2418595283.0000000002EF0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://label.shieldapps.biz
Source: InstAct.exe, 00000013.00000002.2418595283.0000000002E84000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://label.shieldapps.biz/callback/bo.php
Source: 074kFuPFv8.exe, Splash.exe.0.dr, MSI608E.tmp.2.dr, MSI601F.tmp.2.dr, MSI5FAF.tmp.2.dr, updater.exe.2.dr, CPUGuardian.msi.0.dr, 5d5e38.msi.2.dr, MSI63DD.tmp.2.dr, CPUGuardian.exe.2.dr, decoder.dll.0.dr, Splash.exe.2.dr, MSI5FFE.tmp.2.dr String found in binary or memory: http://ocsp.thawte.com0
Source: 074kFuPFv8.exe, Splash.exe.0.dr, updater.exe.2.dr, CPUGuardian.msi.0.dr, 5d5e38.msi.2.dr, CPUGuardian.exe.2.dr, Splash.exe.2.dr String found in binary or memory: http://s1.symcb.com/pca3-g5.crl0
Source: 074kFuPFv8.exe, Splash.exe.0.dr, updater.exe.2.dr, CPUGuardian.msi.0.dr, 5d5e38.msi.2.dr, CPUGuardian.exe.2.dr, Splash.exe.2.dr String found in binary or memory: http://s2.symcb.com0
Source: CPUGuardian.exe, 0000000A.00000002.4154911978.0000000002B66000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://s3.amazonaws.com/guardian-cdn/tip.jpg
Source: CPUGuardian.exe, 0000000A.00000002.4154911978.0000000002B66000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://s3.amazonaws.com/guardian-cdn/tip2.jpg
Source: CPUGuardian.exe, 0000000A.00000002.4154911978.0000000002B66000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://schemas.xmlsoap.org/soap/encoding/
Source: CPUGuardian.exe, 0000000A.00000002.4154911978.0000000002AF1000.00000004.00000800.00020000.00000000.sdmp, InstAct.exe, 0000000B.00000002.2403620172.0000000002ED7000.00000004.00000800.00020000.00000000.sdmp, InstAct.exe, 00000013.00000002.2418595283.0000000002EF0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: updater.ini.2.dr String found in binary or memory: http://setup.shieldapps.biz/registry/cpuguardian/s/updates.txt
Source: 074kFuPFv8.exe, Splash.exe.0.dr, updater.exe.2.dr, CPUGuardian.msi.0.dr, 5d5e38.msi.2.dr, CPUGuardian.exe.2.dr, Splash.exe.2.dr String found in binary or memory: http://sv.symcb.com/sv.crl0f
Source: 074kFuPFv8.exe, Splash.exe.0.dr, updater.exe.2.dr, CPUGuardian.msi.0.dr, 5d5e38.msi.2.dr, CPUGuardian.exe.2.dr, Splash.exe.2.dr String found in binary or memory: http://sv.symcb.com/sv.crt0
Source: 074kFuPFv8.exe, Splash.exe.0.dr, updater.exe.2.dr, CPUGuardian.msi.0.dr, 5d5e38.msi.2.dr, CPUGuardian.exe.2.dr, Splash.exe.2.dr String found in binary or memory: http://sv.symcd.com0&
Source: 074kFuPFv8.exe, Splash.exe.0.dr, updater.exe.2.dr, CPUGuardian.msi.0.dr, 5d5e38.msi.2.dr, CPUGuardian.exe.2.dr, Splash.exe.2.dr String found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0
Source: 074kFuPFv8.exe, Splash.exe.0.dr, updater.exe.2.dr, CPUGuardian.msi.0.dr, 5d5e38.msi.2.dr, CPUGuardian.exe.2.dr, Splash.exe.2.dr String found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
Source: 074kFuPFv8.exe, Splash.exe.0.dr, updater.exe.2.dr, CPUGuardian.msi.0.dr, 5d5e38.msi.2.dr, CPUGuardian.exe.2.dr, Splash.exe.2.dr String found in binary or memory: http://ts-ocsp.ws.symantec.com07
Source: 074kFuPFv8.exe, 00000000.00000003.1712561481.0000000005E43000.00000004.00000020.00020000.00000000.sdmp, Microsoft.Deployment.WindowsInstaller.dll.0.dr, Microsoft.Deployment.WindowsInstaller.dll.2.dr String found in binary or memory: http://wixtoolset.org/Whttp://wixtoolset.org/telemetry/v
Source: 074kFuPFv8.exe, 00000000.00000003.1712561481.0000000005E43000.00000004.00000020.00020000.00000000.sdmp, Microsoft.Deployment.WindowsInstaller.dll.0.dr, Microsoft.Deployment.WindowsInstaller.dll.2.dr String found in binary or memory: http://wixtoolset.org/news/
Source: 074kFuPFv8.exe, MSI608E.tmp.2.dr, MSI601F.tmp.2.dr, MSI5FAF.tmp.2.dr, CPUGuardian.msi.0.dr, 5d5e38.msi.2.dr, MSI63DD.tmp.2.dr, decoder.dll.0.dr, MSI5FFE.tmp.2.dr String found in binary or memory: http://www.advancedinstaller.com0
Source: CPUGuardian.exe, 0000000A.00000002.4163515825.0000000007982000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: CPUGuardian.exe, 0000000A.00000002.4163515825.0000000007982000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.carterandcone.coml
Source: CPUGuardian.exe, 0000000A.00000002.4163515825.0000000007982000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.fontbureau.com
Source: CPUGuardian.exe, 0000000A.00000002.4163515825.0000000007982000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.fontbureau.com/designers
Source: CPUGuardian.exe, 0000000A.00000002.4163515825.0000000007982000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.fontbureau.com/designers/?
Source: CPUGuardian.exe, 0000000A.00000002.4163515825.0000000007982000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
Source: CPUGuardian.exe, 0000000A.00000002.4163515825.0000000007982000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.fontbureau.com/designers/frere-user.html
Source: CPUGuardian.exe, 0000000A.00000002.4163515825.0000000007982000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.fontbureau.com/designers8
Source: CPUGuardian.exe, 0000000A.00000002.4163515825.0000000007982000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.fontbureau.com/designers?
Source: CPUGuardian.exe, 0000000A.00000002.4163515825.0000000007982000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.fontbureau.com/designersG
Source: CPUGuardian.exe, 0000000A.00000002.4163515825.0000000007982000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.fonts.com
Source: CPUGuardian.exe, 0000000A.00000002.4163515825.0000000007982000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.founder.com.cn/cn
Source: CPUGuardian.exe, 0000000A.00000002.4163515825.0000000007982000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.founder.com.cn/cn/bThe
Source: CPUGuardian.exe, 0000000A.00000002.4163515825.0000000007982000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.founder.com.cn/cn/cThe
Source: CPUGuardian.exe, 0000000A.00000002.4163515825.0000000007982000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.galapagosdesign.com/DPlease
Source: CPUGuardian.exe, 0000000A.00000002.4163515825.0000000007982000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
Source: CPUGuardian.exe, 0000000A.00000002.4163515825.0000000007982000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.goodfont.co.kr
Source: CPUGuardian.exe, 0000000A.00000002.4163515825.0000000007982000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.jiyu-kobo.co.jp/
Source: CPUGuardian.exe, 0000000A.00000002.4163515825.0000000007982000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.sajatypeworks.com
Source: CPUGuardian.exe, 0000000A.00000002.4163515825.0000000007982000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.sakkal.com
Source: CPUGuardian.exe, 0000000A.00000002.4163515825.0000000007982000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.sandoll.co.kr
Source: 074kFuPFv8.exe, Splash.exe.0.dr, updater.exe.2.dr, CPUGuardian.msi.0.dr, 5d5e38.msi.2.dr, CPUGuardian.exe.2.dr, Splash.exe.2.dr String found in binary or memory: http://www.symauth.com/cps0(
Source: 074kFuPFv8.exe, Splash.exe.0.dr, updater.exe.2.dr, CPUGuardian.msi.0.dr, 5d5e38.msi.2.dr, CPUGuardian.exe.2.dr, Splash.exe.2.dr String found in binary or memory: http://www.symauth.com/rpa00
Source: CPUGuardian.exe, 0000000A.00000002.4163515825.0000000007982000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.tiro.com
Source: CPUGuardian.exe, 0000000A.00000002.4163515825.0000000007982000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.typography.netD
Source: CPUGuardian.exe, 0000000A.00000002.4163515825.0000000007982000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.urwpp.deDPlease
Source: CPUGuardian.exe, 0000000A.00000002.4163515825.0000000007982000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.zhongyicts.com.cn
Source: 074kFuPFv8.exe, Splash.exe.0.dr, updater.exe.2.dr, CPUGuardian.msi.0.dr, 5d5e38.msi.2.dr, CPUGuardian.exe.2.dr, Splash.exe.2.dr String found in binary or memory: https://d.symcb.com/cps0%
Source: 074kFuPFv8.exe, Splash.exe.0.dr, updater.exe.2.dr, CPUGuardian.msi.0.dr, 5d5e38.msi.2.dr, CPUGuardian.exe.2.dr, Splash.exe.2.dr String found in binary or memory: https://d.symcb.com/rpa0
Source: CPUGuardian.exe, 0000000A.00000002.4154911978.0000000002B66000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://safecart.com/cpuguardian/.cpu-guardian-35
Contains functionality for read data from the clipboard
Source: C:\Users\user\Desktop\074kFuPFv8.exe Code function: 0_2_002C8645 OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,GlobalUnlock,SetClipboardData,CloseClipboard, 0_2_002C8645
Contains functionality to modify clipboard data
Source: C:\Users\user\Desktop\074kFuPFv8.exe Code function: 0_2_002C8645 OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,GlobalUnlock,SetClipboardData,CloseClipboard, 0_2_002C8645
Contains functionality to retrieve information about pressed keystrokes
Source: C:\Users\user\Desktop\074kFuPFv8.exe Code function: 0_2_00311429 PtInRect,GetAsyncKeyState,TrackMouseEvent, 0_2_00311429
Potential key logger detected (key state polling based)
Source: C:\Users\user\Desktop\074kFuPFv8.exe Code function: 0_2_00271496 __EH_prolog3_catch_GS,GetKeyState,GetKeyState,GetKeyState,GetKeyState,GetKeyState,GetKeyState,GetKeyState, 0_2_00271496
Abnormal high CPU Usage
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Process Stats: CPU usage > 49%
Contains functionality to shutdown / reboot the system
Source: C:\Users\user\Desktop\074kFuPFv8.exe Code function: 0_2_002C1032 GetCurrentProcess,OpenProcessToken,CloseHandle,LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,CloseHandle,ExitWindowsEx, 0_2_002C1032
Creates files inside the system directory
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\5d5e38.msi Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSI5FAF.tmp Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSI5FFE.tmp Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSI601F.tmp Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\inprogressinstallinfo.ipi Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\SourceHash{87D8CFC2-0E35-4BF0-81BC-C5B3D1652F6D} Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSI607D.tmp Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSI608E.tmp Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSI60DD.tmp Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSI612C.tmp Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSI63DD.tmp Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSI65C2.tmp Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\{87D8CFC2-0E35-4BF0-81BC-C5B3D1652F6D} Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\{87D8CFC2-0E35-4BF0-81BC-C5B3D1652F6D}\SystemFoldermsiexec.exe Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\{87D8CFC2-0E35-4BF0-81BC-C5B3D1652F6D}\icon.exe Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSI70B0.tmp Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\5d5e3b.msi Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\5d5e3b.msi Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSI7247.tmp Jump to behavior
Deletes files inside the Windows folder
Source: C:\Windows\System32\msiexec.exe File deleted: C:\Windows\Installer\MSI5FAF.tmp Jump to behavior
Detected potential crypto function
Source: C:\Users\user\Desktop\074kFuPFv8.exe Code function: 0_2_002A9090 0_2_002A9090
Source: C:\Users\user\Desktop\074kFuPFv8.exe Code function: 0_2_002DA642 0_2_002DA642
Source: C:\Users\user\Desktop\074kFuPFv8.exe Code function: 0_2_00308299 0_2_00308299
Source: C:\Users\user\Desktop\074kFuPFv8.exe Code function: 0_2_00260B3C 0_2_00260B3C
Source: C:\Users\user\Desktop\074kFuPFv8.exe Code function: 0_2_002F8D50 0_2_002F8D50
Source: C:\Users\user\Desktop\074kFuPFv8.exe Code function: 0_2_0025CD87 0_2_0025CD87
Source: C:\Users\user\Desktop\074kFuPFv8.exe Code function: 0_2_00294FB0 0_2_00294FB0
Source: C:\Users\user\Desktop\074kFuPFv8.exe Code function: 0_2_0028D270 0_2_0028D270
Source: C:\Users\user\Desktop\074kFuPFv8.exe Code function: 0_2_0029D420 0_2_0029D420
Source: C:\Users\user\Desktop\074kFuPFv8.exe Code function: 0_2_0030D57B 0_2_0030D57B
Source: C:\Users\user\Desktop\074kFuPFv8.exe Code function: 0_2_002E18F3 0_2_002E18F3
Source: C:\Users\user\Desktop\074kFuPFv8.exe Code function: 0_2_0029DF50 0_2_0029DF50
Source: C:\Users\user\Desktop\074kFuPFv8.exe Code function: 0_2_0025E013 0_2_0025E013
Source: C:\Users\user\Desktop\074kFuPFv8.exe Code function: 0_2_002F20A0 0_2_002F20A0
Source: C:\Users\user\Desktop\074kFuPFv8.exe Code function: 0_2_002F6259 0_2_002F6259
Source: C:\Users\user\Desktop\074kFuPFv8.exe Code function: 0_2_0030E68C 0_2_0030E68C
Source: C:\Users\user\Desktop\074kFuPFv8.exe Code function: 0_2_002F672E 0_2_002F672E
Source: C:\Users\user\Desktop\074kFuPFv8.exe Code function: 0_2_0029A9F0 0_2_0029A9F0
Source: C:\Users\user\Desktop\074kFuPFv8.exe Code function: 0_2_002F6B02 0_2_002F6B02
Source: C:\Users\user\Desktop\074kFuPFv8.exe Code function: 0_2_0028ED30 0_2_0028ED30
Source: C:\Users\user\Desktop\074kFuPFv8.exe Code function: 0_2_002F6F0E 0_2_002F6F0E
Source: C:\Users\user\Desktop\074kFuPFv8.exe Code function: 0_2_002F732E 0_2_002F732E
Source: C:\Users\user\Desktop\074kFuPFv8.exe Code function: 0_2_0029B4C0 0_2_0029B4C0
Source: C:\Users\user\Desktop\074kFuPFv8.exe Code function: 0_2_0030B4DB 0_2_0030B4DB
Source: C:\Users\user\Desktop\074kFuPFv8.exe Code function: 0_2_002875D0 0_2_002875D0
Source: C:\Users\user\Desktop\074kFuPFv8.exe Code function: 0_2_002DB800 0_2_002DB800
Source: C:\Users\user\Desktop\074kFuPFv8.exe Code function: 0_2_002FF8BB 0_2_002FF8BB
Source: C:\Users\user\Desktop\074kFuPFv8.exe Code function: 0_2_0029B9D0 0_2_0029B9D0
Source: C:\Users\user\Desktop\074kFuPFv8.exe Code function: 0_2_0030BA1F 0_2_0030BA1F
Source: C:\Users\user\Desktop\074kFuPFv8.exe Code function: 0_2_0030BF63 0_2_0030BF63
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Code function: 10_2_09FC6783 10_2_09FC6783
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Code function: 10_2_028EA238 10_2_028EA238
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Code function: 10_2_028E8998 10_2_028E8998
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Code function: 10_2_028E8C38 10_2_028E8C38
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Code function: 10_2_028E9F10 10_2_028E9F10
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Code function: 10_2_028E8FC8 10_2_028E8FC8
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Code function: 10_2_028E9FB1 10_2_028E9FB1
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Code function: 10_2_0577C5A4 10_2_0577C5A4
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Code function: 10_2_0577E0D0 10_2_0577E0D0
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Code function: 10_2_0577CCC0 10_2_0577CCC0
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Code function: 10_2_05771FB8 10_2_05771FB8
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Code function: 10_2_0577FAF0 10_2_0577FAF0
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Code function: 10_2_0577E508 10_2_0577E508
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Code function: 10_2_0577A760 10_2_0577A760
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Code function: 10_2_0577A750 10_2_0577A750
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Code function: 10_2_05778CEC 10_2_05778CEC
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Code function: 10_2_05771FAD 10_2_05771FAD
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Code function: 10_2_0577E8C0 10_2_0577E8C0
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Code function: 10_2_0623CEF0 10_2_0623CEF0
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Code function: 10_2_0623A7B0 10_2_0623A7B0
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Code function: 10_2_06244BF4 10_2_06244BF4
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Code function: 10_2_0624D0A8 10_2_0624D0A8
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Code function: 10_2_0624D097 10_2_0624D097
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Code function: 10_2_063A4E7C 10_2_063A4E7C
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Code function: 10_2_063A6130 10_2_063A6130
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Code function: 10_2_0790BED3 10_2_0790BED3
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Code function: 10_2_083D292C 10_2_083D292C
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Code function: 10_2_083D4CF8 10_2_083D4CF8
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Code function: 10_2_083D6600 10_2_083D6600
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Code function: 10_2_083D65FE 10_2_083D65FE
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Code function: 10_2_08535074 10_2_08535074
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Code function: 10_2_0853A5C0 10_2_0853A5C0
Dropped file seen in connection with other malware
Source: Joe Sandbox View Dropped File: C:\Program Files (x86)\CPU Guardian\ComponentFactory.Krypton.Toolkit.dll 956AD7E5C070EE129E70A3E7F5D44038D5BB43ADE2D24B5119A0F0E763E6A8A9
Found potential string decryption / allocating functions
Source: C:\Users\user\Desktop\074kFuPFv8.exe Code function: String function: 002FBC1C appears 59 times
Source: C:\Users\user\Desktop\074kFuPFv8.exe Code function: String function: 0027276A appears 39 times
Source: C:\Users\user\Desktop\074kFuPFv8.exe Code function: String function: 002FC325 appears 139 times
Source: C:\Users\user\Desktop\074kFuPFv8.exe Code function: String function: 00292580 appears 87 times
Source: C:\Users\user\Desktop\074kFuPFv8.exe Code function: String function: 00283507 appears 43 times
Source: C:\Users\user\Desktop\074kFuPFv8.exe Code function: String function: 002B244B appears 89 times
Source: C:\Users\user\Desktop\074kFuPFv8.exe Code function: String function: 002FC391 appears 94 times
Source: C:\Users\user\Desktop\074kFuPFv8.exe Code function: String function: 002F5569 appears 57 times
Source: C:\Users\user\Desktop\074kFuPFv8.exe Code function: String function: 002FC2F2 appears 1015 times
Source: C:\Users\user\Desktop\074kFuPFv8.exe Code function: String function: 00234F20 appears 363 times
Source: C:\Users\user\Desktop\074kFuPFv8.exe Code function: String function: 00292510 appears 87 times
Source: C:\Users\user\Desktop\074kFuPFv8.exe Code function: String function: 00235A6E appears 136 times
Source: C:\Users\user\Desktop\074kFuPFv8.exe Code function: String function: 002FC3ED appears 212 times
Source: C:\Users\user\Desktop\074kFuPFv8.exe Code function: String function: 0023DF4F appears 132 times
Source: C:\Users\user\Desktop\074kFuPFv8.exe Code function: String function: 002FC35B appears 196 times
Sample file is different than original file name gathered from version info
Source: 074kFuPFv8.exe, 00000000.00000003.1712561481.0000000005DA3000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenameCPUGuardian.resources.dll< vs 074kFuPFv8.exe
Source: 074kFuPFv8.exe, 00000000.00000003.1712561481.0000000005E1C000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenameHelper.dll0 vs 074kFuPFv8.exe
Source: 074kFuPFv8.exe, 00000000.00000003.1712561481.0000000005E1C000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenameInterop.IWshRuntimeLibrary.dll vs 074kFuPFv8.exe
Source: 074kFuPFv8.exe, 00000000.00000003.1712561481.0000000005D2E000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenameCPUGuardian.resources.dll< vs 074kFuPFv8.exe
Source: 074kFuPFv8.exe, 00000000.00000003.1712561481.0000000005E43000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenameLogging.dll0 vs 074kFuPFv8.exe
Source: 074kFuPFv8.exe, 00000000.00000003.1712561481.0000000005E43000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenameMicrosoft.Deployment.WindowsInstaller.dll\ vs 074kFuPFv8.exe
Source: 074kFuPFv8.exe, 00000000.00000003.1712561481.0000000005E09000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenameCPUGuardian.resources.dll< vs 074kFuPFv8.exe
Source: 074kFuPFv8.exe, 00000000.00000003.1712561481.0000000005ED7000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenameUninst000.dll< vs 074kFuPFv8.exe
Source: 074kFuPFv8.exe, 00000000.00000003.1712561481.0000000005ED7000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenameSfxCA.dll\ vs 074kFuPFv8.exe
Source: 074kFuPFv8.exe, 00000000.00000003.1712561481.0000000005ED7000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenameUninst000.resources.dll< vs 074kFuPFv8.exe
Source: 074kFuPFv8.exe, 00000000.00000003.1678986166.0000000003E8D000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenameAICustAct.dllF vs 074kFuPFv8.exe
Source: 074kFuPFv8.exe, 00000000.00000003.1678986166.0000000003E8D000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenameShortcutFlags.dllF vs 074kFuPFv8.exe
Source: 074kFuPFv8.exe, 00000000.00000003.1712561481.0000000005CAA000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenameCPUGuardian.resources.dll< vs 074kFuPFv8.exe
Source: 074kFuPFv8.exe, 00000000.00000003.1712561481.0000000005D41000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenameCPUGuardian.resources.dll< vs 074kFuPFv8.exe
Source: 074kFuPFv8.exe, 00000000.00000003.1678986166.0000000003EFA000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenameResourceCleaner.dllF vs 074kFuPFv8.exe
Source: 074kFuPFv8.exe, 00000000.00000003.1712561481.0000000005D8E000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenameCPUGuardian.resources.dll< vs 074kFuPFv8.exe
Source: 074kFuPFv8.exe, 00000000.00000003.2420478068.0000000003BC1000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenameDecoder.dllF vs 074kFuPFv8.exe
Source: 074kFuPFv8.exe, 00000000.00000003.1712561481.0000000005DDE000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenameCPUGuardian.resources.dll< vs 074kFuPFv8.exe
Source: 074kFuPFv8.exe, 00000000.00000003.1712561481.0000000005E72000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenameMicrosoft.Win32.TaskScheduler.dll8 vs 074kFuPFv8.exe
Source: 074kFuPFv8.exe, 00000000.00000003.1712561481.0000000005E72000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenameSetup.dll, vs 074kFuPFv8.exe
Source: 074kFuPFv8.exe, 00000000.00000003.1712561481.0000000005E72000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenameSplash.resources.dll0 vs 074kFuPFv8.exe
Source: 074kFuPFv8.exe, 00000000.00000003.2421204327.0000000000F97000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenamemsi.dllX vs 074kFuPFv8.exe
Source: 074kFuPFv8.exe, 00000000.00000003.1712561481.0000000005E37000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenameInterop.Shell32.dll vs 074kFuPFv8.exe
Source: 074kFuPFv8.exe, 00000000.00000003.1712561481.0000000005D55000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenameCPUGuardian.resources.dll< vs 074kFuPFv8.exe
Source: 074kFuPFv8.exe, 00000000.00000003.1678986166.0000000003F54000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenamelzmaextractor.dllF vs 074kFuPFv8.exe
Source: 074kFuPFv8.exe, 00000000.00000003.1678986166.0000000003F54000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenamePrereq.dllF vs 074kFuPFv8.exe
Source: 074kFuPFv8.exe, 00000000.00000002.2421815891.0000000000F97000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenamemsi.dllX vs 074kFuPFv8.exe
Source: 074kFuPFv8.exe, 00000000.00000003.1712561481.000000000544E000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenameCPUGuardian.exe< vs 074kFuPFv8.exe
Source: 074kFuPFv8.exe, 00000000.00000003.1712561481.000000000544E000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenameInstAct.exe4 vs 074kFuPFv8.exe
Source: 074kFuPFv8.exe, 00000000.00000003.1712561481.000000000544E000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenameSplash.exe0 vs 074kFuPFv8.exe
Source: 074kFuPFv8.exe, 00000000.00000003.1712561481.000000000544E000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFileNameupdater.exeP vs 074kFuPFv8.exe
Source: 074kFuPFv8.exe, 00000000.00000003.1712561481.000000000544E000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenamebo.dll( vs 074kFuPFv8.exe
Source: 074kFuPFv8.exe, 00000000.00000003.1712561481.000000000544E000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenameComponentFactory.Krypton.Toolkit.dll@ vs 074kFuPFv8.exe
Source: 074kFuPFv8.exe, 00000000.00000003.1712561481.000000000544E000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenameCPUGuardian.resources.dll< vs 074kFuPFv8.exe
Source: 074kFuPFv8.exe, 00000000.00000003.1712561481.0000000005CF6000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenameCPUGuardian.resources.dll< vs 074kFuPFv8.exe
Source: 074kFuPFv8.exe, 00000000.00000003.1712561481.0000000005CE3000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenameCPUGuardian.resources.dll< vs 074kFuPFv8.exe
Source: 074kFuPFv8.exe, 00000000.00000003.1712561481.0000000005D1B000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenameCPUGuardian.resources.dll< vs 074kFuPFv8.exe
Source: 074kFuPFv8.exe, 00000000.00000003.1712561481.0000000005DF1000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenameCPUGuardian.resources.dll< vs 074kFuPFv8.exe
Source: 074kFuPFv8.exe, 00000000.00000003.1712561481.0000000005CBD000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenameCPUGuardian.resources.dll< vs 074kFuPFv8.exe
Source: 074kFuPFv8.exe, 00000000.00000003.1712561481.0000000005D09000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenameCPUGuardian.resources.dll< vs 074kFuPFv8.exe
Source: 074kFuPFv8.exe, 00000000.00000003.1712561481.0000000005D68000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenameCPUGuardian.resources.dll< vs 074kFuPFv8.exe
Source: 074kFuPFv8.exe, 00000000.00000000.1671552286.000000000037A000.00000002.00000001.01000000.00000003.sdmp Binary or memory string: OriginalFileNameCPUGuardianSetup.exe: vs 074kFuPFv8.exe
Source: 074kFuPFv8.exe, 00000000.00000003.1712561481.0000000005DCB000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenameCPUGuardian.resources.dll< vs 074kFuPFv8.exe
Source: 074kFuPFv8.exe, 00000000.00000003.1712561481.0000000005CD0000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenameCPUGuardian.resources.dll< vs 074kFuPFv8.exe
Source: 074kFuPFv8.exe, 00000000.00000003.1712561481.0000000005D7B000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenameCPUGuardian.resources.dll< vs 074kFuPFv8.exe
Source: 074kFuPFv8.exe, 00000000.00000003.1712561481.0000000005C82000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenameCPUGuardian.resources.dll< vs 074kFuPFv8.exe
Source: 074kFuPFv8.exe, 00000000.00000003.1712561481.0000000005DB6000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenameCPUGuardian.resources.dll< vs 074kFuPFv8.exe
Source: 074kFuPFv8.exe, 00000000.00000003.1712561481.0000000005C97000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenameCPUGuardian.resources.dll< vs 074kFuPFv8.exe
Source: 074kFuPFv8.exe Binary or memory string: OriginalFileNameCPUGuardianSetup.exe: vs 074kFuPFv8.exe
Source: 074kFuPFv8.exe Binary or memory string: OriginalFilenameDecoder.dllF vs 074kFuPFv8.exe
Uses 32bit PE files
Source: 074kFuPFv8.exe Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: 5d5e38.msi.2.dr Binary string: IDYESAI_OFFICE_REGOPENAI_ADDIN0.0.0.0Advanced Installer PathSoftware\Caphyon\Advanced Installer\Installation PathSoftware\Caphyon\Advanced InstallerAI_OFN_FILEPATHAI_OFN_DLG_TITLEAI_OFN_FILTERSAI_OFN_FLAGSAI_OFN_DEF_EXTAI_OFN_DIRECTORYAI_OFN_FILENAMEAI_MINJREVERSIONAI_PACKAGE_TYPEx64Intel64Software\JavaSoft\Java Runtime Environment\AI_JREVERFOUNDAI_MINJDKVERSIONSoftware\JavaSoft\Java Development Kit\AI_JDKVERFOUNDAI_COMBOBOX_DATAAI_LISTBOX_DATA\\\esc1\#\esc2\|\esc3\\esc0\esc0\\esc2#\esc3|\esc1\ERROR%sERROR_NO_VALUEERROR_DUPLICATE_ITEM%s: %sSUCCESS#\#|\|\\\%s%c%s%c%s%s%c%sSELECT * FROM `Control` WHERE `Type` = 'Bitmap'AI_SYSTEM_DPIAI_SYSTEM_DPI_SCALEAI_BITMAP_DISPLAY_MODESELECT `Argument`, `Condition` FROM `ControlEvent` WHERE `Dialog_` = 'ExitDialog' AND `Control_` = 'Finish' AND `Event` = 'DoAction' ORDER BY `Ordering`AI_AI_ViewReadmeAI_LaunchAppCTRLS3ALLSELECT `Feature` FROM `Feature`DoActionAddLocalRemoveAddSourceReinstallModeREINSTALLMODEAI_INSTALL_MODE{ED4824AF-DCE4-45A8-81E2-FC7965083634}PublicDocumentsFolder{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}WindowsLibrariesFolder{4C5C32FF-BB9D-43b0-B5B4-2D72E54EAAA4}SavedGamesFolderPathWWWRootSOFTWARE\Microsoft\InetStpIIsWWWRootFolder4163416241614160AI_PATH_VALIDATION_FILENAMEAI_PATH_VALIDATION_FAILEDAI_PATH_VALIDATION_OPTUpgradeCodeAssignmentTypeUPGRADINGPRODUCTCODE=ERROR - Cannot create the Filter Graph ManagerAI_AUDIOFILE_PATHAI_AUDIOFILE_OPTIONSERROR - Cannot render the file.ERROR - Cannot play the file.LOOP_OFFGlobal\_MSIExecuteAI_AUDIOFILE_UIPlay\0001\0000\Device\VideoERROR - Registry value not found: SystemHardwareInformation.MemorySize\Device\Video0HARDWARE\DEVICEMAP\VIDEOAI_TOTAL_VIDEO_MEMORYVersionNTSELECT `GroupName` FROM `AI_UserGroups` WHERE `GroupName` = ?SELECT `UserName` FROM `AI_UserAccounts` WHERE `UserName` = ?AI_USER_VALID_PASSWORDAI_USER_CHECK_PASSWORDAI_USER_IS_GROUPAI_USER_IGNORE_MSIAI_USER_IGNORE_FULLNAMEAI_USER_EXISTSUSER_PASSWORDDOMAIN_NAMEUSER_NAMEPerformance Log UsersGRP_LOGGING_USERSPerformance Monitor UsersGRP_MONITORING_USERSIncoming Forest Trust BuildersGRP_RID_INCOMING_FOREST_TRUST_BUILDERSNetwork Configuration OperatorsGRP_NETWORK_CONFIGURATION_OPSRemote Desktop UsersGRP_REMOTE_DESKTOP_USERSPre-Windows 2000 Compatible AccessGRP_PREW2KCOMPACCESSRAS and IAS ServersGRP_RAS_SERVERSReplicatorGRP_REPLICATORPower UsersGRP_POWER_USERSGuestsGRP_GUESTSUsersGRP_USERSAdministratorsGRP_ADMINISTRATORSBOBackup OperatorsGRP_BACKUP_OPSPOPrint OperatorsGRP_PRINT_OPSSOServer OperatorsGRP_SERVER_OPSAOAccount OperatorsGRP_ACCOUNT_OPSNSNetwork ServiceUSR_NETWORK_SERVICEANAnonymousUSR_ANONYMOUSWDEveryoneGRP_EVERYONEDomain ControllersGRP_DOMAIN_CONTROLLERSDomain ComputersGRP_DOMAIN_COMPUTERSDomain UsersGRP_DOMAIN_USERSkrbtgtUSR_KEY_DISTR_CENTER_SERVICEGuestUSR_GUESTAdministratorUSR_ADMINISTRATORGetting localized credentials and storing them in properties...Getting localized credentials on a non-NT system resolution failed: LookupUserGroupFromRid failedLookupUserGroupFromRidSDDL failedLookupAl
Source: CPUGuardian.exe, 0000000A.00000002.4154911978.0000000002B66000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: .vbproj
Source: CPUGuardian.exe, 0000000A.00000002.4154911978.0000000002B66000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: .csproj
Source: classification engine Classification label: mal40.evad.winEXE@21/229@2/2
Source: C:\Users\user\Desktop\074kFuPFv8.exe Code function: 0_2_00298050 FormatMessageW,GetLastError, 0_2_00298050
Source: C:\Users\user\Desktop\074kFuPFv8.exe Code function: 0_2_002C1032 GetCurrentProcess,OpenProcessToken,CloseHandle,LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,CloseHandle,ExitWindowsEx, 0_2_002C1032
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Code function: 10_2_028EAE34 AdjustTokenPrivileges, 10_2_028EAE34
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Code function: 10_2_028EBEF8 AdjustTokenPrivileges, 10_2_028EBEF8
Source: C:\Users\user\Desktop\074kFuPFv8.exe Code function: 0_2_002BC77B GetDiskFreeSpaceExW, 0_2_002BC77B
Source: C:\Users\user\Desktop\074kFuPFv8.exe Code function: 0_2_002ABBFD CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,CloseHandle,CloseHandle, 0_2_002ABBFD
Source: C:\Users\user\Desktop\074kFuPFv8.exe Code function: 0_2_002C118A CoCreateInstance, 0_2_002C118A
Source: C:\Users\user\Desktop\074kFuPFv8.exe Code function: 0_2_00280854 __EH_prolog3_catch,LoadLibraryExW,FindResourceW,LoadResource,SizeofResource,MultiByteToWideChar,FreeLibrary, 0_2_00280854
Source: C:\Users\user\Desktop\074kFuPFv8.exe Code function: 0_2_002BFF6F GetVersionExW,FindWindowW,_memset,SearchPathW,GetLastError,CreateProcessW,CloseHandle,CloseHandle,CloseHandle,OpenSCManagerW,OpenServiceW,CloseServiceHandle,CloseServiceHandle,QueryServiceStatus,StartServiceW,CloseServiceHandle,GetLastError,CloseServiceHandle, 0_2_002BFF6F
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files (x86)\CPU Guardian Jump to behavior
Source: C:\Users\user\Desktop\074kFuPFv8.exe File created: C:\Users\user\AppData\Roaming\CPU Guardian Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Mutant created: \Sessions\1\BaseNamedObjects\CPU Guardian
Source: C:\Program Files (x86)\CPU Guardian\InstAct.exe Mutant created: NULL
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8008:120:WilError_03
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8056:120:WilError_03
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\TEMP\~DF5579851029B889B0.TMP Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Process created: C:\Windows\SysWOW64\cmd.exe /C "C:\Users\user\AppData\Local\Temp\{C7F8B9FC-A653-4074-A59A-3A17D9B805FE}.bat"
Source: C:\Users\user\Desktop\074kFuPFv8.exe Command line argument: RICHED20.DLL 0_2_0027DC66
Source: C:\Users\user\Desktop\074kFuPFv8.exe Command line argument: RICHED20.DLL 0_2_0027DC66
Source: 074kFuPFv8.exe Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Program Files (x86)\CPU Guardian\InstAct.exe WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Program Files (x86)\CPU Guardian\InstAct.exe WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\Desktop\074kFuPFv8.exe File read: C:\Users\desktop.ini Jump to behavior
Source: C:\Users\user\Desktop\074kFuPFv8.exe Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: 074kFuPFv8.exe, 00000000.00000003.1678986166.0000000003E8D000.00000004.00000020.00020000.00000000.sdmp, MSI601F.tmp.2.dr, MSI5FAF.tmp.2.dr, CPUGuardian.msi.0.dr, 5d5e38.msi.2.dr Binary or memory string: INSERT INTO `` (`Property`, `Order`, `Value`, `Text`) VALUES (?,?,?,?) TEMPORARYComboBoxListBoxSELECT * FROM `%s` WHERE `Property`='%s' AND `Value`='%s'SELECT * FROM `%s` WHERE `Property`='%s'DELETE FROM `%s` WHERE `Property`='%s'RichEdit20W[1]SELECT `Message` FROM `Error` WHERE `Error` = %sSELECT `Text` FROM `UIText` WHERE `Key` = '%s'tmptmpALLUSERS = 1';WS_EX_LAYOUTRTLWS_EX_NOINHERITLAYOUTWS_EX_NOACTIVATEWS_EX_LAYEREDWS_EX_RIGHTWS_EX_RIGHTSCROLLBARWS_EX_WINDOWEDGEWS_EX_TRANSPARENTWS_EX_TOPMOSTWS_EX_TOOLWINDOWWS_EX_STATICEDGEWS_EX_RTLREADINGWS_EX_PALETTEWINDOWWS_EX_OVERLAPPEDWINDOWWS_EX_NOPARENTNOTIFYWS_EX_MDICHILDWS_EX_LTRREADINGWS_EX_LEFTSCROLLBARWS_EX_LEFTWS_EX_DLGMODALFRAMEWS_EX_CONTROLPARENTWS_EX_CONTEXTHELPWS_EX_CLIENTEDGEWS_EX_APPWINDOWWS_EX_ACCEPTFILESWS_TILEDWS_TILEDWINDOWWS_POPUPWS_POPUPWINDOWWS_OVERLAPPEDWS_OVERLAPPEDWINDOWWS_MINIMIZEWS_MINIMIZEBOXWS_MAXIMIZEWS_MAXIMIZEBOXWS_VSCROLLWS_VISIBLEWS_THICKFRAMEWS_TABSTOPWS_SYSMENUWS_SIZEBOXWS_ICONICWS_HSCROLLWS_GROUPWS_DLGFRAMEWS_DISABLEDWS_CLIPSIBLINGSWS_CLIPCHILDRENWS_CHILDWINDOWWS_CHILDWS_CAPTIONWS_BORDERWS_EXAI_TRIAL_MESSAGE_BODYAI_MSM_TRIAL_MESSAGE_BODYAI_APP_FILEAI_README_FILEAI_APP_ARGSGetProcessIdKernel32.dllMsiLogFileLocationrunasRunAsAdminFileRunAsAdminCmdRunAsAdminWorkingDir[AdminToolsFolder][TemplateFolder][StartupFolder][DesktopFolder][ProgramMenuFolder][WindowsVolume][SystemFolder][LocalAppDataFolder][WindowsFolder][AI_ProgramFiles][CommonFiles64Folder][LocalAppDataFolder]Programs\Common\[CommonFilesFolder][ProgramFiles64Folder][LocalAppDataFolder]Programs\[ProgramFilesFolder]MIGRATEFindRelatedProductsMigrateFeatureStatesAI_SETMIXINSTLOCATIONAPPDIRAI_RESTORE_LOCATIONSELECT `ActionProperty` FROM `Upgrade`SELECT `Action`,`Target` FROM `CustomAction`SET_APPDIRSET_SHORTCUTDIRSHORTCUTDIRAI_InstallPerUser = "0"ALLUSERS = "2"MSIINSTALLPERUSER = "1"1ALLUSERSVersionMsi >= "5.0"2AI_InstallPerUser = "1"MSIINSTALLPERUSERMSINEWINSTANCEProductLanguageAI_INTANCE_LOCATIONAI_UPGRADENoOLDPRODUCTSLanguageVersionStringInstallLocationAI_REPLACE_PRODUCTSAI_Replaced_Versions_ListAI_Upgrade_Replace_Question_YesBackUp_AI_Upgrade_Question_YesAI_Upgrade_Question_YesAI_Upgrade_Replace_Question_NoBackUp_AI_Upgrade_Question_NoAI_Upgrade_Question_NoYeslcSELECT `Data` FROM `Binary` WHERE `Name`='AI_DETECTVM_BINARY_IDAI_INSIDEVM2DELETE FROM `Shortcut` WHERE `Shortcut`.`Directory_`='%s'DELETE FROM `IniFile` WHERE `IniFile`.`Section`='InternetShortcut' AND`IniFile`.`DirProperty`='%s'SELECT * FROM `%s`ShortcutIniFileAI_DESKTOP_SH0|AI_STARTMENU_SHAI_QUICKLAUNCH_SHAI_STARTUP_SHAI_SHORTCUTSREGNot InstalledDesktopFolderQuickLaunch_DirStartupFolderProgramMenuFolderProgramMenuFolderProductName*.**.*AI_SH_DIRAI_PRINT_RTFSELECT `Text` FROM `Control` WHERE `Control`.`Dialog_`='%s' AND `Control`.`Control`='%s'.rtfprinthttp://www.example.comhttp://www.yahoo.comhttp://www.google.comAI_INET_CON_SUCCESSAI_INTERNET_CONNECTIONAI_INET_CON_FAILED -user -machine -quiet -addgroup All_CodeMy_Computer_Zone -url "*" Nothing -name
Source: 074kFuPFv8.exe ReversingLabs: Detection: 39%
Source: C:\Users\user\Desktop\074kFuPFv8.exe File read: C:\Users\user\Desktop\074kFuPFv8.exe Jump to behavior
Source: unknown Process created: C:\Users\user\Desktop\074kFuPFv8.exe "C:\Users\user\Desktop\074kFuPFv8.exe"
Source: C:\Users\user\Desktop\074kFuPFv8.exe Process created: C:\Windows\SysWOW64\msiexec.exe "C:\Windows\system32\msiexec.exe" /i "C:\Users\user\AppData\Roaming\CPU Guardian\CPU Guardian 2.6.1\install\1652F6D\CPUGuardian.msi" /qn AI_SETUPEXEPATH=C:\Users\user\Desktop\074kFuPFv8.exe SETUPEXEDIR=C:\Users\user\Desktop\ EXE_CMD_LINE="/exenoupdates /exelang 0 /noprereqs "
Source: unknown Process created: C:\Windows\System32\msiexec.exe C:\Windows\system32\msiexec.exe /V
Source: C:\Windows\System32\msiexec.exe Process created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 6861D10B1BBFC1725672A78A114343A0
Source: C:\Windows\System32\msiexec.exe Process created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 51546B5E421AAA8415620B734ACBBF40 E Global\MSI0000
Source: C:\Windows\SysWOW64\msiexec.exe Process created: C:\Windows\SysWOW64\cmd.exe /C "C:\Users\user\AppData\Local\Temp\{C7F8B9FC-A653-4074-A59A-3A17D9B805FE}.bat"
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\msiexec.exe Process created: C:\Windows\SysWOW64\cmd.exe /C "C:\Users\user\AppData\Local\Temp\{C7F8B9FC-A653-4074-A59A-3A17D9B805FE}.bat"
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\msiexec.exe Process created: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe "C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe" true
Source: C:\Windows\System32\msiexec.exe Process created: C:\Program Files (x86)\CPU Guardian\InstAct.exe "C:\Program Files (x86)\CPU Guardian\InstAct.exe" install 1 0
Source: unknown Process created: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe "C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe" true
Source: C:\Windows\System32\msiexec.exe Process created: C:\Program Files (x86)\CPU Guardian\InstAct.exe "C:\Program Files (x86)\CPU Guardian\InstAct.exe" installurl
Source: C:\Users\user\Desktop\074kFuPFv8.exe Process created: C:\Windows\SysWOW64\msiexec.exe "C:\Windows\system32\msiexec.exe" /i "C:\Users\user\AppData\Roaming\CPU Guardian\CPU Guardian 2.6.1\install\1652F6D\CPUGuardian.msi" /qn AI_SETUPEXEPATH=C:\Users\user\Desktop\074kFuPFv8.exe SETUPEXEDIR=C:\Users\user\Desktop\ EXE_CMD_LINE="/exenoupdates /exelang 0 /noprereqs " Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 6861D10B1BBFC1725672A78A114343A0 Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 51546B5E421AAA8415620B734ACBBF40 E Global\MSI0000 Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process created: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe "C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe" true Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process created: C:\Program Files (x86)\CPU Guardian\InstAct.exe "C:\Program Files (x86)\CPU Guardian\InstAct.exe" install 1 0 Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process created: C:\Program Files (x86)\CPU Guardian\InstAct.exe "C:\Program Files (x86)\CPU Guardian\InstAct.exe" installurl Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Process created: C:\Windows\SysWOW64\cmd.exe /C "C:\Users\user\AppData\Local\Temp\{C7F8B9FC-A653-4074-A59A-3A17D9B805FE}.bat" Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Process created: C:\Windows\SysWOW64\cmd.exe /C "C:\Users\user\AppData\Local\Temp\{C7F8B9FC-A653-4074-A59A-3A17D9B805FE}.bat" Jump to behavior
Source: C:\Users\user\Desktop\074kFuPFv8.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\Desktop\074kFuPFv8.exe Section loaded: dbghelp.dll Jump to behavior
Source: C:\Users\user\Desktop\074kFuPFv8.exe Section loaded: msimg32.dll Jump to behavior
Source: C:\Users\user\Desktop\074kFuPFv8.exe Section loaded: version.dll Jump to behavior
Source: C:\Users\user\Desktop\074kFuPFv8.exe Section loaded: netapi32.dll Jump to behavior
Source: C:\Users\user\Desktop\074kFuPFv8.exe Section loaded: secur32.dll Jump to behavior
Source: C:\Users\user\Desktop\074kFuPFv8.exe Section loaded: samcli.dll Jump to behavior
Source: C:\Users\user\Desktop\074kFuPFv8.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Users\user\Desktop\074kFuPFv8.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Users\user\Desktop\074kFuPFv8.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\Desktop\074kFuPFv8.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\Desktop\074kFuPFv8.exe Section loaded: riched20.dll Jump to behavior
Source: C:\Users\user\Desktop\074kFuPFv8.exe Section loaded: usp10.dll Jump to behavior
Source: C:\Users\user\Desktop\074kFuPFv8.exe Section loaded: msls31.dll Jump to behavior
Source: C:\Users\user\Desktop\074kFuPFv8.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Users\user\Desktop\074kFuPFv8.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Users\user\Desktop\074kFuPFv8.exe Section loaded: propsys.dll Jump to behavior
Source: C:\Users\user\Desktop\074kFuPFv8.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Users\user\Desktop\074kFuPFv8.exe Section loaded: textinputframework.dll Jump to behavior
Source: C:\Users\user\Desktop\074kFuPFv8.exe Section loaded: coreuicomponents.dll Jump to behavior
Source: C:\Users\user\Desktop\074kFuPFv8.exe Section loaded: coremessaging.dll Jump to behavior
Source: C:\Users\user\Desktop\074kFuPFv8.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Users\user\Desktop\074kFuPFv8.exe Section loaded: coremessaging.dll Jump to behavior
Source: C:\Users\user\Desktop\074kFuPFv8.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Desktop\074kFuPFv8.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Desktop\074kFuPFv8.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Desktop\074kFuPFv8.exe Section loaded: textshaping.dll Jump to behavior
Source: C:\Users\user\Desktop\074kFuPFv8.exe Section loaded: msi.dll Jump to behavior
Source: C:\Users\user\Desktop\074kFuPFv8.exe Section loaded: explorerframe.dll Jump to behavior
Source: C:\Users\user\Desktop\074kFuPFv8.exe Section loaded: mstask.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: aclayers.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: mpr.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: sfc.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: sfc_os.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: msi.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: srpapi.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: tsappcmp.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: netapi32.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: wkscli.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: aclayers.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: sfc.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: sfc_os.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: msi.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: tsappcmp.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: netapi32.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: wkscli.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: msasn1.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: cryptsp.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: rsaenh.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: msisip.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: gpapi.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: mscoree.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: version.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: vcruntime140_clr0400.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: ucrtbase_clr0400.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: ucrtbase_clr0400.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: rstrtmgr.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: ncrypt.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: ntasn1.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: pcacli.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: mpr.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: propsys.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: linkinfo.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: ntshrui.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: srvcli.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: cscapi.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: aclayers.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: mpr.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: sfc.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: sfc_os.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: msi.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: version.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: version.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: version.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: aclayers.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: mpr.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: sfc.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: sfc_os.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: msi.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: dbghelp.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: symsrv.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: propsys.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: windows.fileexplorer.common.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: linkinfo.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Section loaded: cmdext.dll Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Section loaded: mscoree.dll Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Section loaded: version.dll Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Section loaded: vcruntime140_clr0400.dll Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Section loaded: ucrtbase_clr0400.dll Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Section loaded: ucrtbase_clr0400.dll Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Section loaded: cryptsp.dll Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Section loaded: rsaenh.dll Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Section loaded: wbemcomn.dll Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Section loaded: windowscodecs.dll Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Section loaded: amsi.dll Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Section loaded: dwrite.dll Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Section loaded: urlmon.dll Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Section loaded: iertutil.dll Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Section loaded: srvcli.dll Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Section loaded: propsys.dll Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Section loaded: msasn1.dll Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Section loaded: riched20.dll Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Section loaded: usp10.dll Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Section loaded: msls31.dll Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Section loaded: textinputframework.dll Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Section loaded: coreuicomponents.dll Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Section loaded: coremessaging.dll Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Section loaded: coremessaging.dll Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Section loaded: gpapi.dll Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Section loaded: rasapi32.dll Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Section loaded: rasman.dll Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Section loaded: rtutils.dll Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Section loaded: mswsock.dll Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Section loaded: winhttp.dll Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Section loaded: ondemandconnroutehelper.dll Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Section loaded: iphlpapi.dll Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Section loaded: dhcpcsvc6.dll Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Section loaded: dhcpcsvc.dll Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Section loaded: dnsapi.dll Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Section loaded: winnsi.dll Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Section loaded: rasadhlp.dll Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Section loaded: fwpuclnt.dll Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Section loaded: taskschd.dll Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Section loaded: sxs.dll Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Section loaded: xmllite.dll Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Section loaded: textshaping.dll Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Section loaded: winmm.dll Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Section loaded: winmmbase.dll Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Section loaded: mmdevapi.dll Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Section loaded: devobj.dll Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Section loaded: ksuser.dll Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Section loaded: avrt.dll Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Section loaded: audioses.dll Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Section loaded: powrprof.dll Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Section loaded: umpdc.dll Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Section loaded: msacm32.dll Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Section loaded: midimap.dll Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\InstAct.exe Section loaded: mscoree.dll
Source: C:\Program Files (x86)\CPU Guardian\InstAct.exe Section loaded: apphelp.dll
Source: C:\Program Files (x86)\CPU Guardian\InstAct.exe Section loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\CPU Guardian\InstAct.exe Section loaded: version.dll
Source: C:\Program Files (x86)\CPU Guardian\InstAct.exe Section loaded: vcruntime140_clr0400.dll
Source: C:\Program Files (x86)\CPU Guardian\InstAct.exe Section loaded: ucrtbase_clr0400.dll
Source: C:\Program Files (x86)\CPU Guardian\InstAct.exe Section loaded: uxtheme.dll
Source: C:\Program Files (x86)\CPU Guardian\InstAct.exe Section loaded: iphlpapi.dll
Source: C:\Program Files (x86)\CPU Guardian\InstAct.exe Section loaded: dnsapi.dll
Source: C:\Program Files (x86)\CPU Guardian\InstAct.exe Section loaded: dhcpcsvc6.dll
Source: C:\Program Files (x86)\CPU Guardian\InstAct.exe Section loaded: dhcpcsvc.dll
Source: C:\Program Files (x86)\CPU Guardian\InstAct.exe Section loaded: winnsi.dll
Source: C:\Program Files (x86)\CPU Guardian\InstAct.exe Section loaded: wbemcomn.dll
Source: C:\Program Files (x86)\CPU Guardian\InstAct.exe Section loaded: amsi.dll
Source: C:\Program Files (x86)\CPU Guardian\InstAct.exe Section loaded: userenv.dll
Source: C:\Program Files (x86)\CPU Guardian\InstAct.exe Section loaded: profapi.dll
Source: C:\Program Files (x86)\CPU Guardian\InstAct.exe Section loaded: windows.storage.dll
Source: C:\Program Files (x86)\CPU Guardian\InstAct.exe Section loaded: wldp.dll
Source: C:\Program Files (x86)\CPU Guardian\InstAct.exe Section loaded: cryptsp.dll
Source: C:\Program Files (x86)\CPU Guardian\InstAct.exe Section loaded: rsaenh.dll
Source: C:\Program Files (x86)\CPU Guardian\InstAct.exe Section loaded: cryptbase.dll
Source: C:\Program Files (x86)\CPU Guardian\InstAct.exe Section loaded: rasapi32.dll
Source: C:\Program Files (x86)\CPU Guardian\InstAct.exe Section loaded: rasman.dll
Source: C:\Program Files (x86)\CPU Guardian\InstAct.exe Section loaded: rtutils.dll
Source: C:\Program Files (x86)\CPU Guardian\InstAct.exe Section loaded: mswsock.dll
Source: C:\Program Files (x86)\CPU Guardian\InstAct.exe Section loaded: winhttp.dll
Source: C:\Program Files (x86)\CPU Guardian\InstAct.exe Section loaded: ondemandconnroutehelper.dll
Source: C:\Program Files (x86)\CPU Guardian\InstAct.exe Section loaded: rasadhlp.dll
Source: C:\Program Files (x86)\CPU Guardian\InstAct.exe Section loaded: fwpuclnt.dll
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Section loaded: mscoree.dll
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Section loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Section loaded: version.dll
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Section loaded: vcruntime140_clr0400.dll
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Section loaded: ucrtbase_clr0400.dll
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Section loaded: ucrtbase_clr0400.dll
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Section loaded: uxtheme.dll
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Section loaded: windows.storage.dll
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Section loaded: wldp.dll
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Section loaded: cryptsp.dll
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Section loaded: rsaenh.dll
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Section loaded: cryptbase.dll
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Section loaded: profapi.dll
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Section loaded: windowscodecs.dll
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Section loaded: dwrite.dll
Source: C:\Program Files (x86)\CPU Guardian\InstAct.exe Section loaded: mscoree.dll
Source: C:\Program Files (x86)\CPU Guardian\InstAct.exe Section loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\CPU Guardian\InstAct.exe Section loaded: version.dll
Source: C:\Program Files (x86)\CPU Guardian\InstAct.exe Section loaded: vcruntime140_clr0400.dll
Source: C:\Program Files (x86)\CPU Guardian\InstAct.exe Section loaded: ucrtbase_clr0400.dll
Source: C:\Program Files (x86)\CPU Guardian\InstAct.exe Section loaded: ucrtbase_clr0400.dll
Source: C:\Program Files (x86)\CPU Guardian\InstAct.exe Section loaded: uxtheme.dll
Source: C:\Program Files (x86)\CPU Guardian\InstAct.exe Section loaded: windows.storage.dll
Source: C:\Program Files (x86)\CPU Guardian\InstAct.exe Section loaded: wldp.dll
Source: C:\Program Files (x86)\CPU Guardian\InstAct.exe Section loaded: profapi.dll
Source: C:\Program Files (x86)\CPU Guardian\InstAct.exe Section loaded: cryptsp.dll
Source: C:\Program Files (x86)\CPU Guardian\InstAct.exe Section loaded: rsaenh.dll
Source: C:\Program Files (x86)\CPU Guardian\InstAct.exe Section loaded: cryptbase.dll
Source: C:\Program Files (x86)\CPU Guardian\InstAct.exe Section loaded: rasapi32.dll
Source: C:\Program Files (x86)\CPU Guardian\InstAct.exe Section loaded: rasman.dll
Source: C:\Program Files (x86)\CPU Guardian\InstAct.exe Section loaded: rtutils.dll
Source: C:\Program Files (x86)\CPU Guardian\InstAct.exe Section loaded: mswsock.dll
Source: C:\Program Files (x86)\CPU Guardian\InstAct.exe Section loaded: winhttp.dll
Source: C:\Program Files (x86)\CPU Guardian\InstAct.exe Section loaded: ondemandconnroutehelper.dll
Source: C:\Program Files (x86)\CPU Guardian\InstAct.exe Section loaded: iphlpapi.dll
Source: C:\Program Files (x86)\CPU Guardian\InstAct.exe Section loaded: dhcpcsvc6.dll
Source: C:\Program Files (x86)\CPU Guardian\InstAct.exe Section loaded: dhcpcsvc.dll
Source: C:\Program Files (x86)\CPU Guardian\InstAct.exe Section loaded: dnsapi.dll
Source: C:\Program Files (x86)\CPU Guardian\InstAct.exe Section loaded: winnsi.dll
Source: C:\Program Files (x86)\CPU Guardian\InstAct.exe Section loaded: rasadhlp.dll
Source: C:\Program Files (x86)\CPU Guardian\InstAct.exe Section loaded: fwpuclnt.dll
Source: C:\Users\user\Desktop\074kFuPFv8.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32 Jump to behavior
Source: C:\Windows\System32\msiexec.exe File written: C:\Program Files (x86)\CPU Guardian\updater.ini Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Window found: window name: msctls_updown32 Jump to behavior
Source: Window Recorder Window detected: More than 3 window changes detected
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe File opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll Jump to behavior
Source: 074kFuPFv8.exe Static PE information: certificate valid
Source: 074kFuPFv8.exe Static file information: File size 5644176 > 1048576
Source: 074kFuPFv8.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: 074kFuPFv8.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: 074kFuPFv8.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: 074kFuPFv8.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: 074kFuPFv8.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: 074kFuPFv8.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
Source: 074kFuPFv8.exe Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: 074kFuPFv8.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: Binary string: d:\BitBucketGit\CPU Guardian\bo\obj\Release\bo.pdbD7^7 P7_CorDllMainmscoree.dll source: 074kFuPFv8.exe, 00000000.00000003.1712561481.000000000544E000.00000004.00000020.00020000.00000000.sdmp, CPUGuardian.exe, 0000000A.00000002.4166623593.0000000008482000.00000002.00000001.01000000.00000013.sdmp, bo.dll.0.dr
Source: Binary string: d:\BitBucketGit\CPU Guardian\RegCleaner\obj\Release\CPUGuardian.pdb source: 074kFuPFv8.exe, 00000000.00000003.1712561481.000000000544E000.00000004.00000020.00020000.00000000.sdmp, CPUGuardian.exe, 0000000A.00000000.1737687137.0000000000272000.00000002.00000001.01000000.00000006.sdmp, CPUGuardian.exe.2.dr
Source: Binary string: C:\src\wix39r2\build\ship\x86\SfxCA.pdb source: 074kFuPFv8.exe, 00000000.00000003.1712561481.0000000005ECF000.00000004.00000020.00020000.00000000.sdmp, Uninst000.CA.dll.2.dr, Uninst000.CA.dll.0.dr
Source: Binary string: d:\BitBucketGit\CPU Guardian\Setup\obj\Release\Setup.pdb source: 074kFuPFv8.exe, 00000000.00000003.1712561481.0000000005E72000.00000004.00000020.00020000.00000000.sdmp, CPUGuardian.exe, 0000000D.00000002.1794851263.0000000006022000.00000002.00000001.01000000.0000000C.sdmp
Source: Binary string: $^q:C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdbd source: CPUGuardian.exe, 0000000A.00000002.4154911978.0000000002B66000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: <filename>C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\winload_prod.pdb</filename> source: fileerrors_data.10.dr
Source: Binary string: ntkrnlmp.pdb source: CPUGuardian.exe, 0000000A.00000002.4154911978.0000000002B66000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: d:\BitBucketGit\CPU Guardian\CustomActions\CustomAction1\obj\x86\Release\Uninst000.pdb source: 074kFuPFv8.exe, 00000000.00000003.1712561481.0000000005ED7000.00000004.00000020.00020000.00000000.sdmp, Uninst000.dll.0.dr, Uninst000.dll.2.dr
Source: Binary string: $^qgC:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\download.error source: CPUGuardian.exe, 0000000A.00000002.4154911978.0000000002B66000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: d:\BitBucketGit\CPU Guardian\bo\obj\Release\bo.pdb source: 074kFuPFv8.exe, 00000000.00000003.1712561481.000000000544E000.00000004.00000020.00020000.00000000.sdmp, CPUGuardian.exe, CPUGuardian.exe, 0000000A.00000002.4166623593.0000000008482000.00000002.00000001.01000000.00000013.sdmp, bo.dll.0.dr
Source: Binary string: E:\Point\win\Release\stubs\x86\ExternalUi.pdbL source: 074kFuPFv8.exe
Source: Binary string: AcroExch.PDBookmark.1 source: CPUGuardian.exe, 0000000A.00000002.4154911978.0000000002B66000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: <filename>C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\download.error</filename> source: fileerrors_data.10.dr
Source: Binary string: winload_prod.pdb source: CPUGuardian.exe, 0000000A.00000002.4154911978.0000000002B66000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: E:\Point\win\Release\stubs\x86\Updater.pdb source: 074kFuPFv8.exe, 00000000.00000003.1712561481.000000000544E000.00000004.00000020.00020000.00000000.sdmp, updater.exe.2.dr
Source: Binary string: d:\BitBucketGit\CPU Guardian\RegCleaner\obj\Release\CPUGuardian.pdb| source: 074kFuPFv8.exe, 00000000.00000003.1712561481.000000000544E000.00000004.00000020.00020000.00000000.sdmp, CPUGuardian.exe, 0000000A.00000000.1737687137.0000000000272000.00000002.00000001.01000000.00000006.sdmp, CPUGuardian.exe.2.dr
Source: Binary string: d:\ComponentFactory\Build Krypton\Source\Krypton Components\ComponentFactory.Krypton.Toolkit\obj\Release\ComponentFactory.Krypton.Toolkit.pdb source: 074kFuPFv8.exe, 00000000.00000003.1712561481.000000000544E000.00000004.00000020.00020000.00000000.sdmp, CPUGuardian.exe, 0000000D.00000002.1795714523.0000000006B42000.00000002.00000001.01000000.0000000D.sdmp, ComponentFactory.Krypton.Toolkit.dll.2.dr
Source: Binary string: d:\BitBucketGit\CPU Guardian\Setup\obj\Release\Setup.pdbL8n8 `8_CorDllMainmscoree.dll source: 074kFuPFv8.exe, 00000000.00000003.1712561481.0000000005E72000.00000004.00000020.00020000.00000000.sdmp, CPUGuardian.exe, 0000000D.00000002.1794851263.0000000006022000.00000002.00000001.01000000.0000000C.sdmp
Source: Binary string: E:\Point\win\Release\custact\x86\AICustAct.pdb source: 074kFuPFv8.exe, 00000000.00000003.1678986166.0000000003E8D000.00000004.00000020.00020000.00000000.sdmp, MSI601F.tmp.2.dr, MSI5FAF.tmp.2.dr, CPUGuardian.msi.0.dr, 5d5e38.msi.2.dr
Source: Binary string: E:\Point\win\Release\custact\x86\ResourceCleaner.pdb source: 074kFuPFv8.exe, 00000000.00000003.1678986166.0000000003EFA000.00000004.00000020.00020000.00000000.sdmp, MSI608E.tmp.2.dr, CPUGuardian.msi.0.dr, 5d5e38.msi.2.dr, MSI63DD.tmp.2.dr
Source: Binary string: $^qeC:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\ntkrnlmp.pdb source: CPUGuardian.exe, 0000000A.00000002.4154911978.0000000002B66000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: C:\Users\dahall\Documents\Visual Studio 2010\Projects\TaskService\obj\Release\Microsoft.Win32.TaskScheduler.pdb source: 074kFuPFv8.exe, 00000000.00000003.1712561481.0000000005E72000.00000004.00000020.00020000.00000000.sdmp, CPUGuardian.exe, CPUGuardian.exe, 0000000A.00000002.4177985426.0000000009FC2000.00000002.00000001.01000000.00000014.sdmp, Microsoft.Win32.TaskScheduler.dll.2.dr
Source: Binary string: d:\BitBucketGit\CPU Guardian\Logging\obj\Release\Logging.pdb source: 074kFuPFv8.exe, 00000000.00000003.1712561481.0000000005E43000.00000004.00000020.00020000.00000000.sdmp, CPUGuardian.exe, 0000000D.00000002.1793712666.0000000003422000.00000002.00000001.01000000.0000000A.sdmp, Logging.dll.0.dr
Source: Binary string: $^qmC:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\winload_prod.pdb source: CPUGuardian.exe, 0000000A.00000002.4154911978.0000000002B66000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: d:\BitBucketGit\CPU Guardian\InstallerActions\obj\x86\Release\InstAct.pdb source: 074kFuPFv8.exe, 00000000.00000003.1712561481.000000000544E000.00000004.00000020.00020000.00000000.sdmp, InstAct.exe, 0000000B.00000000.1739518695.0000000000AB2000.00000002.00000001.01000000.00000009.sdmp
Source: Binary string: $^qXC:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831d source: CPUGuardian.exe, 0000000A.00000002.4154911978.0000000002B66000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: C:\Users\dahall\Documents\Visual Studio 2010\Projects\TaskService\obj\Release\Microsoft.Win32.TaskScheduler.pdbt source: 074kFuPFv8.exe, 00000000.00000003.1712561481.0000000005E72000.00000004.00000020.00020000.00000000.sdmp, CPUGuardian.exe, 0000000A.00000002.4177985426.0000000009FC2000.00000002.00000001.01000000.00000014.sdmp, Microsoft.Win32.TaskScheduler.dll.2.dr
Source: Binary string: c:\src\wix39r2\build\obj\ship\x86\WindowsInstaller\Microsoft.Deployment.WindowsInstaller.pdb source: 074kFuPFv8.exe, 00000000.00000003.1712561481.0000000005E43000.00000004.00000020.00020000.00000000.sdmp, Microsoft.Deployment.WindowsInstaller.dll.0.dr, Microsoft.Deployment.WindowsInstaller.dll.2.dr
Source: Binary string: F.pdb source: 074kFuPFv8.exe, 00000000.00000003.1712561481.000000000544E000.00000004.00000020.00020000.00000000.sdmp, CPUGuardian.exe, 0000000A.00000000.1737687137.0000000000272000.00000002.00000001.01000000.00000006.sdmp, CPUGuardian.exe.2.dr
Source: Binary string: $^q\C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2d source: CPUGuardian.exe, 0000000A.00000002.4154911978.0000000002B66000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: $^qkC:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\download.error source: CPUGuardian.exe, 0000000A.00000002.4154911978.0000000002B66000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: E:\Point\win\Release\custact\x86\ShortcutFlags.pdb source: 074kFuPFv8.exe, 00000000.00000003.1678986166.0000000003E8D000.00000004.00000020.00020000.00000000.sdmp, CPUGuardian.msi.0.dr, 5d5e38.msi.2.dr
Source: Binary string: d:\BitBucketGit\CPU Guardian\Splash\obj\x86\Release\Splash.pdb source: 074kFuPFv8.exe, 00000000.00000003.1712561481.000000000544E000.00000004.00000020.00020000.00000000.sdmp, Splash.exe.0.dr, Splash.exe.2.dr
Source: Binary string: <filename>C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\download.error</filename> source: fileerrors_data.10.dr
Source: Binary string: AcroExch.PDBookmark source: CPUGuardian.exe, 0000000A.00000002.4154911978.0000000002B66000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: E:\Point\win\Release\stubs\x86\ExternalUi.pdb source: 074kFuPFv8.exe
Source: Binary string: $^q6C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdbd source: CPUGuardian.exe, 0000000A.00000002.4154911978.0000000002B66000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: <filename>C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\ntkrnlmp.pdb</filename> source: fileerrors_data.10.dr
Source: 074kFuPFv8.exe Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: 074kFuPFv8.exe Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: 074kFuPFv8.exe Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: 074kFuPFv8.exe Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: 074kFuPFv8.exe Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
Contains functionality to dynamically determine API calls
Source: C:\Users\user\Desktop\074kFuPFv8.exe Code function: 0_2_002C09E1 LoadLibraryW,GetProcAddress,FreeLibrary, 0_2_002C09E1
Uses code obfuscation techniques (call, push, ret)
Source: C:\Users\user\Desktop\074kFuPFv8.exe Code function: 0_2_002FC3CA push ecx; ret 0_2_002FC3DD
Source: C:\Users\user\Desktop\074kFuPFv8.exe Code function: 0_2_002F4BFA push es; iretd 0_2_002F4C00
Source: C:\Users\user\Desktop\074kFuPFv8.exe Code function: 0_2_002ECCA1 push cs; retf 0_2_002ECCA2
Source: C:\Users\user\Desktop\074kFuPFv8.exe Code function: 0_2_002A0CB0 push ecx; mov dword ptr [esp], 00000000h 0_2_002A0CB1
Source: C:\Users\user\Desktop\074kFuPFv8.exe Code function: 0_2_0024D95A push dword ptr [ebp+ebp*8+3Bh]; ret 0_2_0024D964
Source: C:\Users\user\Desktop\074kFuPFv8.exe Code function: 0_2_002FEC0C push dword ptr [ecx-75h]; iretd 0_2_002FEC19
Source: C:\Users\user\Desktop\074kFuPFv8.exe Code function: 0_2_002FBC61 push ecx; ret 0_2_002FBC74
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Code function: 10_2_02A55AFE push es; iretd 10_2_02A55BCE
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Code function: 10_2_02A540DE push cs; iretd 10_2_02A540EC
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Code function: 10_2_0623E188 pushfd ; retf 10_2_0623E215
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Code function: 10_2_06234820 push eax; mov dword ptr [esp], ecx 10_2_06234824
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Code function: 10_2_06239950 push es; ret 10_2_06239960
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Code function: 10_2_063A15FF push es; ret 10_2_063A1600
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Code function: 10_2_064FCDD1 push es; retn 0004h 10_2_064FCDE0
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Code function: 10_2_064F0A30 push es; ret 10_2_064F0A58
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Code function: 10_2_064F7901 push es; ret 10_2_064F7910
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Code function: 10_2_07902590 push es; ret 10_2_079029E0
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Code function: 10_2_07903B99 push esp; ret 10_2_07903BA5
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Code function: 10_2_08530C48 push es; ret 10_2_08530CF0
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Code function: 10_2_08537801 push es; ret 10_2_08537810
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Code function: 10_2_08537B70 pushfd ; iretd 10_2_08537B71
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Code function: 10_2_085376B8 push es; ret 10_2_08537810
Drops PE files
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files (x86)\CPU Guardian\th-TH\CPUGuardian.resources.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files (x86)\CPU Guardian\sv\Uninst000.resources.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files (x86)\CPU Guardian\da\Splash.resources.dll Jump to dropped file
Source: C:\Users\user\Desktop\074kFuPFv8.exe File created: C:\Users\user\AppData\Roaming\CPU Guardian\CPU Guardian 2.6.1\install\1652F6D\es\Splash.resources.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files (x86)\CPU Guardian\sv\Splash.resources.dll Jump to dropped file
Source: C:\Users\user\Desktop\074kFuPFv8.exe File created: C:\Users\user\AppData\Roaming\CPU Guardian\CPU Guardian 2.6.1\install\1652F6D\fr\Uninst000.resources.dll Jump to dropped file
Source: C:\Users\user\Desktop\074kFuPFv8.exe File created: C:\Users\user\AppData\Roaming\CPU Guardian\CPU Guardian 2.6.1\install\decoder.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files (x86)\CPU Guardian\no\Splash.resources.dll Jump to dropped file
Source: C:\Users\user\Desktop\074kFuPFv8.exe File created: C:\Users\user\AppData\Roaming\CPU Guardian\CPU Guardian 2.6.1\install\1652F6D\Splash.exe Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files (x86)\CPU Guardian\hr-HR\CPUGuardian.resources.dll Jump to dropped file
Source: C:\Users\user\Desktop\074kFuPFv8.exe File created: C:\Users\user\AppData\Roaming\CPU Guardian\CPU Guardian 2.6.1\install\1652F6D\fil-PH\Splash.resources.dll Jump to dropped file
Source: C:\Users\user\Desktop\074kFuPFv8.exe File created: C:\Users\user\AppData\Roaming\CPU Guardian\CPU Guardian 2.6.1\install\1652F6D\fr\Splash.resources.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files (x86)\CPU Guardian\ru\Uninst000.resources.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files (x86)\CPU Guardian\no\Uninst000.resources.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files (x86)\CPU Guardian\Splash.exe Jump to dropped file
Source: C:\Users\user\Desktop\074kFuPFv8.exe File created: C:\Users\user\AppData\Roaming\CPU Guardian\CPU Guardian 2.6.1\install\1652F6D\ru\Splash.resources.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files (x86)\CPU Guardian\sr-Cyrl-RS\Uninst000.resources.dll Jump to dropped file
Source: C:\Users\user\Desktop\074kFuPFv8.exe File created: C:\Users\user\AppData\Roaming\CPU Guardian\CPU Guardian 2.6.1\install\1652F6D\de\Uninst000.resources.dll Jump to dropped file
Source: C:\Users\user\Desktop\074kFuPFv8.exe File created: C:\Users\user\AppData\Roaming\CPU Guardian\CPU Guardian 2.6.1\install\1652F6D\th-TH\Splash.resources.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files (x86)\CPU Guardian\fil-PH\Uninst000.resources.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSI612C.tmp Jump to dropped file
Source: C:\Users\user\Desktop\074kFuPFv8.exe File created: C:\Users\user\AppData\Roaming\CPU Guardian\CPU Guardian 2.6.1\install\1652F6D\Uninst000.dll Jump to dropped file
Source: C:\Users\user\Desktop\074kFuPFv8.exe File created: C:\Users\user\AppData\Roaming\CPU Guardian\CPU Guardian 2.6.1\install\1652F6D\bs-Cyrl-BA\CPUGuardian.resources.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files (x86)\CPU Guardian\bs-Cyrl-BA\CPUGuardian.resources.dll Jump to dropped file
Source: C:\Users\user\Desktop\074kFuPFv8.exe File created: C:\Users\user\AppData\Roaming\CPU Guardian\CPU Guardian 2.6.1\install\1652F6D\se-FI\CPUGuardian.resources.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files (x86)\CPU Guardian\tr-TR\Uninst000.resources.dll Jump to dropped file
Source: C:\Users\user\Desktop\074kFuPFv8.exe File created: C:\Users\user\AppData\Roaming\CPU Guardian\CPU Guardian 2.6.1\install\1652F6D\Uninst000.CA.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files (x86)\CPU Guardian\no\CPUGuardian.resources.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files (x86)\CPU Guardian\ru\Splash.resources.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files (x86)\CPU Guardian\da\Uninst000.resources.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files (x86)\CPU Guardian\de\CPUGuardian.resources.dll Jump to dropped file
Source: C:\Users\user\Desktop\074kFuPFv8.exe File created: C:\Users\user\AppData\Roaming\CPU Guardian\CPU Guardian 2.6.1\install\1652F6D\it\CPUGuardian.resources.dll Jump to dropped file
Source: C:\Users\user\Desktop\074kFuPFv8.exe File created: C:\Users\user\AppData\Roaming\CPU Guardian\CPU Guardian 2.6.1\install\1652F6D\Setup.dll Jump to dropped file
Source: C:\Users\user\Desktop\074kFuPFv8.exe File created: C:\Users\user\AppData\Roaming\CPU Guardian\CPU Guardian 2.6.1\install\1652F6D\hr-HR\Splash.resources.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files (x86)\CPU Guardian\bs-Latn-BA\Splash.resources.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files (x86)\CPU Guardian\sr-Latn-RS\Uninst000.resources.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Jump to dropped file
Source: C:\Users\user\Desktop\074kFuPFv8.exe File created: C:\Users\user\AppData\Roaming\CPU Guardian\CPU Guardian 2.6.1\install\1652F6D\Microsoft.Win32.TaskScheduler.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files (x86)\CPU Guardian\tr-TR\CPUGuardian.resources.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files (x86)\CPU Guardian\Uninst000.CA.dll Jump to dropped file
Source: C:\Users\user\Desktop\074kFuPFv8.exe File created: C:\Users\user\AppData\Roaming\CPU Guardian\CPU Guardian 2.6.1\install\1652F6D\tr-TR\Splash.resources.dll Jump to dropped file
Source: C:\Users\user\Desktop\074kFuPFv8.exe File created: C:\Users\user\AppData\Roaming\CPU Guardian\CPU Guardian 2.6.1\install\1652F6D\tr-TR\Uninst000.resources.dll Jump to dropped file
Source: C:\Users\user\Desktop\074kFuPFv8.exe File created: C:\Users\user\AppData\Roaming\CPU Guardian\CPU Guardian 2.6.1\install\1652F6D\no\Uninst000.resources.dll Jump to dropped file
Source: C:\Users\user\Desktop\074kFuPFv8.exe File created: C:\Users\user\AppData\Roaming\CPU Guardian\CPU Guardian 2.6.1\install\1652F6D\sv\Splash.resources.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files (x86)\CPU Guardian\sv\CPUGuardian.resources.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files (x86)\CPU Guardian\th-TH\Splash.resources.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSI63DD.tmp Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files (x86)\CPU Guardian\ja\CPUGuardian.resources.dll Jump to dropped file
Source: C:\Users\user\Desktop\074kFuPFv8.exe File created: C:\Users\user\AppData\Roaming\CPU Guardian\CPU Guardian 2.6.1\install\1652F6D\updater.exe Jump to dropped file
Source: C:\Users\user\Desktop\074kFuPFv8.exe File created: C:\Users\user\AppData\Roaming\CPU Guardian\CPU Guardian 2.6.1\install\1652F6D\sr-Cyrl-RS\Splash.resources.dll Jump to dropped file
Source: C:\Users\user\Desktop\074kFuPFv8.exe File created: C:\Users\user\AppData\Roaming\CPU Guardian\CPU Guardian 2.6.1\install\1652F6D\ja\CPUGuardian.resources.dll Jump to dropped file
Source: C:\Users\user\Desktop\074kFuPFv8.exe File created: C:\Users\user\AppData\Roaming\CPU Guardian\CPU Guardian 2.6.1\install\1652F6D\Microsoft.Deployment.WindowsInstaller.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files (x86)\CPU Guardian\fr\Splash.resources.dll Jump to dropped file
Source: C:\Users\user\Desktop\074kFuPFv8.exe File created: C:\Users\user\AppData\Roaming\CPU Guardian\CPU Guardian 2.6.1\install\1652F6D\nl\Splash.resources.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSI608E.tmp Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files (x86)\CPU Guardian\he\Uninst000.resources.dll Jump to dropped file
Source: C:\Users\user\Desktop\074kFuPFv8.exe File created: C:\Users\user\AppData\Roaming\CPU Guardian\CPU Guardian 2.6.1\install\1652F6D\bs-Latn-BA\Splash.resources.dll Jump to dropped file
Source: C:\Users\user\Desktop\074kFuPFv8.exe File created: C:\Users\user\AppData\Roaming\CPU Guardian\CPU Guardian 2.6.1\install\1652F6D\pt\Splash.resources.dll Jump to dropped file
Source: C:\Users\user\Desktop\074kFuPFv8.exe File created: C:\Users\user\AppData\Roaming\CPU Guardian\CPU Guardian 2.6.1\install\1652F6D\da\CPUGuardian.resources.dll Jump to dropped file
Source: C:\Users\user\Desktop\074kFuPFv8.exe File created: C:\Users\user\AppData\Roaming\CPU Guardian\CPU Guardian 2.6.1\install\1652F6D\ar\Splash.resources.dll Jump to dropped file
Source: C:\Users\user\Desktop\074kFuPFv8.exe File created: C:\Users\user\AppData\Roaming\CPU Guardian\CPU Guardian 2.6.1\install\1652F6D\da\Splash.resources.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files (x86)\CPU Guardian\he\Splash.resources.dll Jump to dropped file
Source: C:\Users\user\Desktop\074kFuPFv8.exe File created: C:\Users\user\AppData\Roaming\CPU Guardian\CPU Guardian 2.6.1\install\1652F6D\sr-Latn-RS\Splash.resources.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files (x86)\CPU Guardian\he\CPUGuardian.resources.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files (x86)\CPU Guardian\bs-Latn-BA\Uninst000.resources.dll Jump to dropped file
Source: C:\Users\user\Desktop\074kFuPFv8.exe File created: C:\Users\user\AppData\Roaming\CPU Guardian\CPU Guardian 2.6.1\install\1652F6D\ru\CPUGuardian.resources.dll Jump to dropped file
Source: C:\Users\user\Desktop\074kFuPFv8.exe File created: C:\Users\user\AppData\Roaming\CPU Guardian\CPU Guardian 2.6.1\install\1652F6D\he\CPUGuardian.resources.dll Jump to dropped file
Source: C:\Users\user\Desktop\074kFuPFv8.exe File created: C:\Users\user\AppData\Roaming\CPU Guardian\CPU Guardian 2.6.1\install\1652F6D\bo.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files (x86)\CPU Guardian\da\CPUGuardian.resources.dll Jump to dropped file
Source: C:\Users\user\Desktop\074kFuPFv8.exe File created: C:\Users\user\AppData\Roaming\CPU Guardian\CPU Guardian 2.6.1\install\1652F6D\fil-PH\Uninst000.resources.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files (x86)\CPU Guardian\sr-Cyrl-RS\CPUGuardian.resources.dll Jump to dropped file
Source: C:\Users\user\Desktop\074kFuPFv8.exe File created: C:\Users\user\AppData\Roaming\CPU Guardian\CPU Guardian 2.6.1\install\1652F6D\it\Splash.resources.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files (x86)\CPU Guardian\ru\CPUGuardian.resources.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSI7247.tmp Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files (x86)\CPU Guardian\fil-PH\Splash.resources.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files (x86)\CPU Guardian\Interop.IWshRuntimeLibrary.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files (x86)\CPU Guardian\de\Uninst000.resources.dll Jump to dropped file
Source: C:\Users\user\Desktop\074kFuPFv8.exe File created: C:\Users\user\AppData\Roaming\CPU Guardian\CPU Guardian 2.6.1\install\1652F6D\bs-Latn-BA\Uninst000.resources.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files (x86)\CPU Guardian\se-FI\CPUGuardian.resources.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files (x86)\CPU Guardian\it\CPUGuardian.resources.dll Jump to dropped file
Source: C:\Users\user\Desktop\074kFuPFv8.exe File created: C:\Users\user\AppData\Roaming\CPU Guardian\CPU Guardian 2.6.1\install\1652F6D\bs-Latn-BA\CPUGuardian.resources.dll Jump to dropped file
Source: C:\Users\user\Desktop\074kFuPFv8.exe File created: C:\Users\user\AppData\Roaming\CPU Guardian\CPU Guardian 2.6.1\install\1652F6D\ja\Splash.resources.dll Jump to dropped file
Source: C:\Users\user\Desktop\074kFuPFv8.exe File created: C:\Users\user\AppData\Roaming\CPU Guardian\CPU Guardian 2.6.1\install\1652F6D\Logging.dll Jump to dropped file
Source: C:\Users\user\Desktop\074kFuPFv8.exe File created: C:\Users\user\AppData\Roaming\CPU Guardian\CPU Guardian 2.6.1\install\1652F6D\de\Splash.resources.dll Jump to dropped file
Source: C:\Users\user\Desktop\074kFuPFv8.exe File created: C:\Users\user\AppData\Roaming\CPU Guardian\CPU Guardian 2.6.1\install\1652F6D\no\CPUGuardian.resources.dll Jump to dropped file
Source: C:\Users\user\Desktop\074kFuPFv8.exe File created: C:\Users\user\AppData\Roaming\CPU Guardian\CPU Guardian 2.6.1\install\1652F6D\hr-HR\Uninst000.resources.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files (x86)\CPU Guardian\sr-Latn-RS\Splash.resources.dll Jump to dropped file
Source: C:\Users\user\Desktop\074kFuPFv8.exe File created: C:\Users\user\AppData\Roaming\CPU Guardian\CPU Guardian 2.6.1\install\1652F6D\sr-Cyrl-RS\Uninst000.resources.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files (x86)\CPU Guardian\ar\Splash.resources.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files (x86)\CPU Guardian\ja\Uninst000.resources.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files (x86)\CPU Guardian\nl\Uninst000.resources.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files (x86)\CPU Guardian\sr-Latn-RS\CPUGuardian.resources.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files (x86)\CPU Guardian\se-FI\Uninst000.resources.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSI65C2.tmp Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files (x86)\CPU Guardian\th-TH\Uninst000.resources.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files (x86)\CPU Guardian\bs-Latn-BA\CPUGuardian.resources.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files (x86)\CPU Guardian\InstAct.exe Jump to dropped file
Source: C:\Users\user\Desktop\074kFuPFv8.exe File created: C:\Users\user\AppData\Roaming\CPU Guardian\CPU Guardian 2.6.1\install\1652F6D\it\Uninst000.resources.dll Jump to dropped file
Source: C:\Users\user\Desktop\074kFuPFv8.exe File created: C:\Users\user\AppData\Roaming\CPU Guardian\CPU Guardian 2.6.1\install\1652F6D\de\CPUGuardian.resources.dll Jump to dropped file
Source: C:\Users\user\Desktop\074kFuPFv8.exe File created: C:\Users\user\AppData\Roaming\CPU Guardian\CPU Guardian 2.6.1\install\1652F6D\sv\CPUGuardian.resources.dll Jump to dropped file
Source: C:\Users\user\Desktop\074kFuPFv8.exe File created: C:\Users\user\AppData\Roaming\CPU Guardian\CPU Guardian 2.6.1\install\1652F6D\da\Uninst000.resources.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files (x86)\CPU Guardian\Logging.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files (x86)\CPU Guardian\de\Splash.resources.dll Jump to dropped file
Source: C:\Users\user\Desktop\074kFuPFv8.exe File created: C:\Users\user\AppData\Roaming\CPU Guardian\CPU Guardian 2.6.1\install\1652F6D\pt\Uninst000.resources.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files (x86)\CPU Guardian\ja\Splash.resources.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files (x86)\CPU Guardian\pt\Splash.resources.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files (x86)\CPU Guardian\Setup.dll Jump to dropped file
Source: C:\Users\user\Desktop\074kFuPFv8.exe File created: C:\Users\user\AppData\Roaming\CPU Guardian\CPU Guardian 2.6.1\install\1652F6D\es\Uninst000.resources.dll Jump to dropped file
Source: C:\Users\user\Desktop\074kFuPFv8.exe File created: C:\Users\user\AppData\Roaming\CPU Guardian\CPU Guardian 2.6.1\install\1652F6D\nl\Uninst000.resources.dll Jump to dropped file
Source: C:\Users\user\Desktop\074kFuPFv8.exe File created: C:\Users\user\AppData\Roaming\CPU Guardian\CPU Guardian 2.6.1\install\1652F6D\sr-Latn-RS\Uninst000.resources.dll Jump to dropped file
Source: C:\Users\user\Desktop\074kFuPFv8.exe File created: C:\Users\user\AppData\Roaming\CPU Guardian\CPU Guardian 2.6.1\install\1652F6D\se-FI\Uninst000.resources.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files (x86)\CPU Guardian\Interop.Shell32.dll Jump to dropped file
Source: C:\Users\user\Desktop\074kFuPFv8.exe File created: C:\Users\user\AppData\Roaming\CPU Guardian\CPU Guardian 2.6.1\install\1652F6D\ComponentFactory.Krypton.Toolkit.dll Jump to dropped file
Source: C:\Users\user\Desktop\074kFuPFv8.exe File created: C:\Users\user\AppData\Roaming\CPU Guardian\CPU Guardian 2.6.1\install\1652F6D\se-FI\Splash.resources.dll Jump to dropped file
Source: C:\Users\user\Desktop\074kFuPFv8.exe File created: C:\Users\user\AppData\Roaming\CPU Guardian\CPU Guardian 2.6.1\install\1652F6D\ar\Uninst000.resources.dll Jump to dropped file
Source: C:\Users\user\Desktop\074kFuPFv8.exe File created: C:\Users\user\AppData\Roaming\CPU Guardian\CPU Guardian 2.6.1\install\1652F6D\hr-HR\CPUGuardian.resources.dll Jump to dropped file
Source: C:\Users\user\Desktop\074kFuPFv8.exe File created: C:\Users\user\AppData\Roaming\CPU Guardian\CPU Guardian 2.6.1\install\1652F6D\Helper.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files (x86)\CPU Guardian\Helper.dll Jump to dropped file
Source: C:\Users\user\Desktop\074kFuPFv8.exe File created: C:\Users\user\AppData\Roaming\CPU Guardian\CPU Guardian 2.6.1\install\1652F6D\th-TH\CPUGuardian.resources.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files (x86)\CPU Guardian\Microsoft.Win32.TaskScheduler.dll Jump to dropped file
Source: C:\Users\user\Desktop\074kFuPFv8.exe File created: C:\Users\user\AppData\Roaming\CPU Guardian\CPU Guardian 2.6.1\install\1652F6D\Interop.Shell32.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSI5FAF.tmp Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files (x86)\CPU Guardian\hr-HR\Uninst000.resources.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files (x86)\CPU Guardian\bo.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files (x86)\CPU Guardian\it\Uninst000.resources.dll Jump to dropped file
Source: C:\Users\user\Desktop\074kFuPFv8.exe File created: C:\Users\user\AppData\Roaming\CPU Guardian\CPU Guardian 2.6.1\install\1652F6D\ru\Uninst000.resources.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files (x86)\CPU Guardian\bs-Cyrl-BA\Uninst000.resources.dll Jump to dropped file
Source: C:\Users\user\Desktop\074kFuPFv8.exe File created: C:\Users\user\AppData\Roaming\CPU Guardian\CPU Guardian 2.6.1\install\1652F6D\nl\CPUGuardian.resources.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files (x86)\CPU Guardian\hr-HR\Splash.resources.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files (x86)\CPU Guardian\fr\Uninst000.resources.dll Jump to dropped file
Source: C:\Users\user\Desktop\074kFuPFv8.exe File created: C:\Users\user\AppData\Roaming\CPU Guardian\CPU Guardian 2.6.1\install\1652F6D\CPUGuardian.exe Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files (x86)\CPU Guardian\ComponentFactory.Krypton.Toolkit.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files (x86)\CPU Guardian\es\Uninst000.resources.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSI5FFE.tmp Jump to dropped file
Source: C:\Users\user\Desktop\074kFuPFv8.exe File created: C:\Users\user\AppData\Roaming\CPU Guardian\CPU Guardian 2.6.1\install\1652F6D\tr-TR\CPUGuardian.resources.dll Jump to dropped file
Source: C:\Users\user\Desktop\074kFuPFv8.exe File created: C:\Users\user\AppData\Roaming\CPU Guardian\CPU Guardian 2.6.1\install\1652F6D\ja\Uninst000.resources.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files (x86)\CPU Guardian\nl\Splash.resources.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files (x86)\CPU Guardian\ar\CPUGuardian.resources.dll Jump to dropped file
Source: C:\Users\user\Desktop\074kFuPFv8.exe File created: C:\Users\user\AppData\Roaming\CPU Guardian\CPU Guardian 2.6.1\install\1652F6D\es\CPUGuardian.resources.dll Jump to dropped file
Source: C:\Users\user\Desktop\074kFuPFv8.exe File created: C:\Users\user\AppData\Roaming\CPU Guardian\CPU Guardian 2.6.1\install\1652F6D\fil-PH\CPUGuardian.resources.dll Jump to dropped file
Source: C:\Users\user\Desktop\074kFuPFv8.exe File created: C:\Users\user\AppData\Roaming\CPU Guardian\CPU Guardian 2.6.1\install\1652F6D\sr-Cyrl-RS\CPUGuardian.resources.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files (x86)\CPU Guardian\bs-Cyrl-BA\Splash.resources.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files (x86)\CPU Guardian\Uninst000.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files (x86)\CPU Guardian\nl\CPUGuardian.resources.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files (x86)\CPU Guardian\tr-TR\Splash.resources.dll Jump to dropped file
Source: C:\Users\user\Desktop\074kFuPFv8.exe File created: C:\Users\user\AppData\Roaming\CPU Guardian\CPU Guardian 2.6.1\install\1652F6D\bs-Cyrl-BA\Uninst000.resources.dll Jump to dropped file
Source: C:\Users\user\Desktop\074kFuPFv8.exe File created: C:\Users\user\AppData\Roaming\CPU Guardian\CPU Guardian 2.6.1\install\1652F6D\he\Splash.resources.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSI601F.tmp Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files (x86)\CPU Guardian\es\Splash.resources.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files (x86)\CPU Guardian\sr-Cyrl-RS\Splash.resources.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files (x86)\CPU Guardian\se-FI\Splash.resources.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSI70B0.tmp Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files (x86)\CPU Guardian\ar\Uninst000.resources.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files (x86)\CPU Guardian\pt\CPUGuardian.resources.dll Jump to dropped file
Source: C:\Users\user\Desktop\074kFuPFv8.exe File created: C:\Users\user\AppData\Roaming\CPU Guardian\CPU Guardian 2.6.1\install\1652F6D\InstAct.exe Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files (x86)\CPU Guardian\Microsoft.Deployment.WindowsInstaller.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files (x86)\CPU Guardian\es\CPUGuardian.resources.dll Jump to dropped file
Source: C:\Users\user\Desktop\074kFuPFv8.exe File created: C:\Users\user\AppData\Roaming\CPU Guardian\CPU Guardian 2.6.1\install\1652F6D\th-TH\Uninst000.resources.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files (x86)\CPU Guardian\it\Splash.resources.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files (x86)\CPU Guardian\updater.exe Jump to dropped file
Source: C:\Users\user\Desktop\074kFuPFv8.exe File created: C:\Users\user\AppData\Roaming\CPU Guardian\CPU Guardian 2.6.1\install\1652F6D\ar\CPUGuardian.resources.dll Jump to dropped file
Source: C:\Users\user\Desktop\074kFuPFv8.exe File created: C:\Users\user\AppData\Roaming\CPU Guardian\CPU Guardian 2.6.1\install\1652F6D\Interop.IWshRuntimeLibrary.dll Jump to dropped file
Source: C:\Users\user\Desktop\074kFuPFv8.exe File created: C:\Users\user\AppData\Roaming\CPU Guardian\CPU Guardian 2.6.1\install\1652F6D\bs-Cyrl-BA\Splash.resources.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSI60DD.tmp Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files (x86)\CPU Guardian\pt\Uninst000.resources.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files (x86)\CPU Guardian\fil-PH\CPUGuardian.resources.dll Jump to dropped file
Source: C:\Users\user\Desktop\074kFuPFv8.exe File created: C:\Users\user\AppData\Roaming\CPU Guardian\CPU Guardian 2.6.1\install\1652F6D\sv\Uninst000.resources.dll Jump to dropped file
Source: C:\Users\user\Desktop\074kFuPFv8.exe File created: C:\Users\user\AppData\Roaming\CPU Guardian\CPU Guardian 2.6.1\install\1652F6D\pt\CPUGuardian.resources.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files (x86)\CPU Guardian\fr\CPUGuardian.resources.dll Jump to dropped file
Source: C:\Users\user\Desktop\074kFuPFv8.exe File created: C:\Users\user\AppData\Roaming\CPU Guardian\CPU Guardian 2.6.1\install\1652F6D\he\Uninst000.resources.dll Jump to dropped file
Source: C:\Users\user\Desktop\074kFuPFv8.exe File created: C:\Users\user\AppData\Roaming\CPU Guardian\CPU Guardian 2.6.1\install\1652F6D\sr-Latn-RS\CPUGuardian.resources.dll Jump to dropped file
Source: C:\Users\user\Desktop\074kFuPFv8.exe File created: C:\Users\user\AppData\Roaming\CPU Guardian\CPU Guardian 2.6.1\install\1652F6D\fr\CPUGuardian.resources.dll Jump to dropped file
Source: C:\Users\user\Desktop\074kFuPFv8.exe File created: C:\Users\user\AppData\Roaming\CPU Guardian\CPU Guardian 2.6.1\install\1652F6D\no\Splash.resources.dll Jump to dropped file
Drops PE files to the windows directory (C:\Windows)
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSI63DD.tmp Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSI612C.tmp Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSI70B0.tmp Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSI5FFE.tmp Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSI60DD.tmp Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSI7247.tmp Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSI65C2.tmp Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSI608E.tmp Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSI5FAF.tmp Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSI601F.tmp Jump to dropped file

Boot Survival
barindex
Installs Task Scheduler Managed Wrapper
Source: C:\Users\user\Desktop\074kFuPFv8.exe File created: C:\Users\user\AppData\Roaming\CPU Guardian\CPU Guardian 2.6.1\install\1652F6D\Microsoft.Win32.TaskScheduler.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files (x86)\CPU Guardian\Microsoft.Win32.TaskScheduler.dll Jump to behavior
Stores files to the Windows start menu directory
Source: C:\Windows\System32\msiexec.exe File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPU Guardian Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPU Guardian\CPU Guardian.lnk Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPU Guardian\Uninstall.lnk Jump to behavior
Source: C:\Users\user\Desktop\074kFuPFv8.exe Code function: 0_2_002BFF6F GetVersionExW,FindWindowW,_memset,SearchPathW,GetLastError,CreateProcessW,CloseHandle,CloseHandle,CloseHandle,OpenSCManagerW,OpenServiceW,CloseServiceHandle,CloseServiceHandle,QueryServiceStatus,StartServiceW,CloseServiceHandle,GetLastError,CloseServiceHandle, 0_2_002BFF6F

Hooking and other Techniques for Hiding and Protection
barindex
Creates files in the recycle bin to hide itself
Source: C:\Windows\SysWOW64\msiexec.exe File created: C:\$RECYCLE.BIN\S-1-5-18 Jump to behavior
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot Jump to behavior
Stores large binary data to the registry
Source: C:\Windows\System32\msiexec.exe Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5 Blob Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\InstAct.exe Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\CPU Guardian\InstAct.exe Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\CPU Guardian\InstAct.exe Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\CPU Guardian\InstAct.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CPU Guardian\InstAct.exe Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\CPU Guardian\InstAct.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CPU Guardian\InstAct.exe Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\CPU Guardian\InstAct.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CPU Guardian\InstAct.exe Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\CPU Guardian\InstAct.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CPU Guardian\InstAct.exe Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\CPU Guardian\InstAct.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CPU Guardian\InstAct.exe Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\CPU Guardian\InstAct.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CPU Guardian\InstAct.exe Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\CPU Guardian\InstAct.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CPU Guardian\InstAct.exe Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\CPU Guardian\InstAct.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CPU Guardian\InstAct.exe Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\CPU Guardian\InstAct.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CPU Guardian\InstAct.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CPU Guardian\InstAct.exe Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\CPU Guardian\InstAct.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CPU Guardian\InstAct.exe Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\CPU Guardian\InstAct.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CPU Guardian\InstAct.exe Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\CPU Guardian\InstAct.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CPU Guardian\InstAct.exe Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\CPU Guardian\InstAct.exe Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\CPU Guardian\InstAct.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CPU Guardian\InstAct.exe Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\CPU Guardian\InstAct.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CPU Guardian\InstAct.exe Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\CPU Guardian\InstAct.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CPU Guardian\InstAct.exe Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\CPU Guardian\InstAct.exe Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\CPU Guardian\InstAct.exe Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\CPU Guardian\InstAct.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CPU Guardian\InstAct.exe Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\CPU Guardian\InstAct.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CPU Guardian\InstAct.exe Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\CPU Guardian\InstAct.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CPU Guardian\InstAct.exe Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\CPU Guardian\InstAct.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CPU Guardian\InstAct.exe Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\CPU Guardian\InstAct.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CPU Guardian\InstAct.exe Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\CPU Guardian\InstAct.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CPU Guardian\InstAct.exe Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\CPU Guardian\InstAct.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CPU Guardian\InstAct.exe Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\CPU Guardian\InstAct.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CPU Guardian\InstAct.exe Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\CPU Guardian\InstAct.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CPU Guardian\InstAct.exe Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\CPU Guardian\InstAct.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CPU Guardian\InstAct.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CPU Guardian\InstAct.exe Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\CPU Guardian\InstAct.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CPU Guardian\InstAct.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CPU Guardian\InstAct.exe Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\CPU Guardian\InstAct.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CPU Guardian\InstAct.exe Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\CPU Guardian\InstAct.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CPU Guardian\InstAct.exe Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\CPU Guardian\InstAct.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CPU Guardian\InstAct.exe Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\CPU Guardian\InstAct.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CPU Guardian\InstAct.exe Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\CPU Guardian\InstAct.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CPU Guardian\InstAct.exe Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\CPU Guardian\InstAct.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CPU Guardian\InstAct.exe Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\CPU Guardian\InstAct.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CPU Guardian\InstAct.exe Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\CPU Guardian\InstAct.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CPU Guardian\InstAct.exe Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\CPU Guardian\InstAct.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CPU Guardian\InstAct.exe Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\CPU Guardian\InstAct.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CPU Guardian\InstAct.exe Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\CPU Guardian\InstAct.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CPU Guardian\InstAct.exe Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\CPU Guardian\InstAct.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CPU Guardian\InstAct.exe Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\CPU Guardian\InstAct.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CPU Guardian\InstAct.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CPU Guardian\InstAct.exe Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\CPU Guardian\InstAct.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CPU Guardian\InstAct.exe Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\CPU Guardian\InstAct.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CPU Guardian\InstAct.exe Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\CPU Guardian\InstAct.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CPU Guardian\InstAct.exe Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\CPU Guardian\InstAct.exe Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\CPU Guardian\InstAct.exe Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\CPU Guardian\InstAct.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CPU Guardian\InstAct.exe Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\CPU Guardian\InstAct.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CPU Guardian\InstAct.exe Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\CPU Guardian\InstAct.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CPU Guardian\InstAct.exe Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\CPU Guardian\InstAct.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CPU Guardian\InstAct.exe Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\CPU Guardian\InstAct.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CPU Guardian\InstAct.exe Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\CPU Guardian\InstAct.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CPU Guardian\InstAct.exe Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\CPU Guardian\InstAct.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CPU Guardian\InstAct.exe Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\CPU Guardian\InstAct.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CPU Guardian\InstAct.exe Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\CPU Guardian\InstAct.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CPU Guardian\InstAct.exe Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\CPU Guardian\InstAct.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CPU Guardian\InstAct.exe Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\CPU Guardian\InstAct.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CPU Guardian\InstAct.exe Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\CPU Guardian\InstAct.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CPU Guardian\InstAct.exe Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\CPU Guardian\InstAct.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CPU Guardian\InstAct.exe Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\CPU Guardian\InstAct.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CPU Guardian\InstAct.exe Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\CPU Guardian\InstAct.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CPU Guardian\InstAct.exe Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\CPU Guardian\InstAct.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CPU Guardian\InstAct.exe Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\CPU Guardian\InstAct.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CPU Guardian\InstAct.exe Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\CPU Guardian\InstAct.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CPU Guardian\InstAct.exe Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\CPU Guardian\InstAct.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CPU Guardian\InstAct.exe Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\CPU Guardian\InstAct.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CPU Guardian\InstAct.exe Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\CPU Guardian\InstAct.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CPU Guardian\InstAct.exe Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\CPU Guardian\InstAct.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CPU Guardian\InstAct.exe Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\CPU Guardian\InstAct.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CPU Guardian\InstAct.exe Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\CPU Guardian\InstAct.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CPU Guardian\InstAct.exe Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\CPU Guardian\InstAct.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CPU Guardian\InstAct.exe Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\CPU Guardian\InstAct.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CPU Guardian\InstAct.exe Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\CPU Guardian\InstAct.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CPU Guardian\InstAct.exe Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\CPU Guardian\InstAct.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CPU Guardian\InstAct.exe Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\CPU Guardian\InstAct.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CPU Guardian\InstAct.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CPU Guardian\InstAct.exe Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\CPU Guardian\InstAct.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CPU Guardian\InstAct.exe Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\CPU Guardian\InstAct.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CPU Guardian\InstAct.exe Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\CPU Guardian\InstAct.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CPU Guardian\InstAct.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CPU Guardian\InstAct.exe Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\CPU Guardian\InstAct.exe Process information set: NOOPENFILEERRORBOX

Malware Analysis System Evasion
barindex
Contains functionality to detect sleep reduction / modifications
Source: C:\Users\user\Desktop\074kFuPFv8.exe Code function: 0_2_002D5393 0_2_002D5393
Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_DiskDrive
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_DiskDrive
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_DiskDrive
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_DiskDrive
Source: C:\Program Files (x86)\CPU Guardian\InstAct.exe WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_DiskDrive
Source: C:\Program Files (x86)\CPU Guardian\InstAct.exe WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_DiskDrive
Source: C:\Program Files (x86)\CPU Guardian\InstAct.exe WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_DiskDrive
Source: C:\Program Files (x86)\CPU Guardian\InstAct.exe WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_DiskDrive
Tries to delay execution (extensive OutputDebugStringW loop)
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: OutputDebugStringW count: 193
Allocates memory with a write watch (potentially for evading sandboxes)
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Memory allocated: 2870000 memory reserve | memory write watch Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Memory allocated: 2AF0000 memory reserve | memory write watch Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Memory allocated: 2A00000 memory reserve | memory write watch Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\InstAct.exe Memory allocated: 2BF0000 memory reserve | memory write watch
Source: C:\Program Files (x86)\CPU Guardian\InstAct.exe Memory allocated: 2E20000 memory reserve | memory write watch
Source: C:\Program Files (x86)\CPU Guardian\InstAct.exe Memory allocated: 2C50000 memory reserve | memory write watch
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Memory allocated: 1B20000 memory reserve | memory write watch
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Memory allocated: 36E0000 memory reserve | memory write watch
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Memory allocated: 56E0000 memory reserve | memory write watch
Source: C:\Program Files (x86)\CPU Guardian\InstAct.exe Memory allocated: 13B0000 memory reserve | memory write watch
Source: C:\Program Files (x86)\CPU Guardian\InstAct.exe Memory allocated: 2E80000 memory reserve | memory write watch
Source: C:\Program Files (x86)\CPU Guardian\InstAct.exe Memory allocated: 4E80000 memory reserve | memory write watch
Contains functionality to detect virtual machines (SLDT)
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Code function: 10_2_02A521F0 sldt word ptr [eax] 10_2_02A521F0
Contains long sleeps (>= 3 min)
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Thread delayed: delay time: 922337203685477 Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Thread delayed: delay time: 600000 Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Thread delayed: delay time: 599874 Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Thread delayed: delay time: 599765 Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Thread delayed: delay time: 599656 Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Thread delayed: delay time: 599546 Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Thread delayed: delay time: 599433 Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Thread delayed: delay time: 599315 Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Thread delayed: delay time: 599187 Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Thread delayed: delay time: 598940 Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Thread delayed: delay time: 598814 Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Thread delayed: delay time: 598687 Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Thread delayed: delay time: 598562 Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Thread delayed: delay time: 598453 Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Thread delayed: delay time: 598333 Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Thread delayed: delay time: 598218 Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Thread delayed: delay time: 598109 Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Thread delayed: delay time: 597978 Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Thread delayed: delay time: 597874 Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Thread delayed: delay time: 597765 Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Thread delayed: delay time: 597629 Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Thread delayed: delay time: 597515 Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Thread delayed: delay time: 597404 Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Thread delayed: delay time: 597296 Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Thread delayed: delay time: 597187 Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Thread delayed: delay time: 597077 Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Thread delayed: delay time: 596964 Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Thread delayed: delay time: 596859 Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Thread delayed: delay time: 596750 Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Thread delayed: delay time: 596640 Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Thread delayed: delay time: 596531 Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Thread delayed: delay time: 596421 Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Thread delayed: delay time: 596312 Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Thread delayed: delay time: 596203 Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Thread delayed: delay time: 596093 Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Thread delayed: delay time: 595984 Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Thread delayed: delay time: 595857 Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Thread delayed: delay time: 595750 Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Thread delayed: delay time: 595640 Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Thread delayed: delay time: 595531 Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Thread delayed: delay time: 595421 Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Thread delayed: delay time: 595312 Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Thread delayed: delay time: 595202 Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Thread delayed: delay time: 595089 Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Thread delayed: delay time: 594976 Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Thread delayed: delay time: 594841 Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Thread delayed: delay time: 594721 Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Thread delayed: delay time: 594573 Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Thread delayed: delay time: 593962 Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Thread delayed: delay time: 593859 Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Thread delayed: delay time: 593749 Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Thread delayed: delay time: 593640 Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\InstAct.exe Thread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Thread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Thread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\CPU Guardian\InstAct.exe Thread delayed: delay time: 922337203685477
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Window / User API: threadDelayed 5161 Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Window / User API: threadDelayed 4318 Jump to behavior
Found dropped PE file which has not been started or loaded
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files (x86)\CPU Guardian\th-TH\CPUGuardian.resources.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files (x86)\CPU Guardian\sv\Uninst000.resources.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files (x86)\CPU Guardian\da\Splash.resources.dll Jump to dropped file
Source: C:\Users\user\Desktop\074kFuPFv8.exe Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\CPU Guardian\CPU Guardian 2.6.1\install\1652F6D\es\Splash.resources.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files (x86)\CPU Guardian\sv\Splash.resources.dll Jump to dropped file
Source: C:\Users\user\Desktop\074kFuPFv8.exe Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\CPU Guardian\CPU Guardian 2.6.1\install\1652F6D\fr\Uninst000.resources.dll Jump to dropped file
Source: C:\Users\user\Desktop\074kFuPFv8.exe Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\CPU Guardian\CPU Guardian 2.6.1\install\decoder.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files (x86)\CPU Guardian\no\Splash.resources.dll Jump to dropped file
Source: C:\Users\user\Desktop\074kFuPFv8.exe Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\CPU Guardian\CPU Guardian 2.6.1\install\1652F6D\Splash.exe Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files (x86)\CPU Guardian\hr-HR\CPUGuardian.resources.dll Jump to dropped file
Source: C:\Users\user\Desktop\074kFuPFv8.exe Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\CPU Guardian\CPU Guardian 2.6.1\install\1652F6D\fil-PH\Splash.resources.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files (x86)\CPU Guardian\ru\Uninst000.resources.dll Jump to dropped file
Source: C:\Users\user\Desktop\074kFuPFv8.exe Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\CPU Guardian\CPU Guardian 2.6.1\install\1652F6D\fr\Splash.resources.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files (x86)\CPU Guardian\no\Uninst000.resources.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files (x86)\CPU Guardian\Splash.exe Jump to dropped file
Source: C:\Users\user\Desktop\074kFuPFv8.exe Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\CPU Guardian\CPU Guardian 2.6.1\install\1652F6D\ru\Splash.resources.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files (x86)\CPU Guardian\sr-Cyrl-RS\Uninst000.resources.dll Jump to dropped file
Source: C:\Users\user\Desktop\074kFuPFv8.exe Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\CPU Guardian\CPU Guardian 2.6.1\install\1652F6D\de\Uninst000.resources.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files (x86)\CPU Guardian\fil-PH\Uninst000.resources.dll Jump to dropped file
Source: C:\Users\user\Desktop\074kFuPFv8.exe Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\CPU Guardian\CPU Guardian 2.6.1\install\1652F6D\th-TH\Splash.resources.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Windows\Installer\MSI612C.tmp Jump to dropped file
Source: C:\Users\user\Desktop\074kFuPFv8.exe Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\CPU Guardian\CPU Guardian 2.6.1\install\1652F6D\bs-Cyrl-BA\CPUGuardian.resources.dll Jump to dropped file
Source: C:\Users\user\Desktop\074kFuPFv8.exe Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\CPU Guardian\CPU Guardian 2.6.1\install\1652F6D\Uninst000.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files (x86)\CPU Guardian\bs-Cyrl-BA\CPUGuardian.resources.dll Jump to dropped file
Source: C:\Users\user\Desktop\074kFuPFv8.exe Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\CPU Guardian\CPU Guardian 2.6.1\install\1652F6D\se-FI\CPUGuardian.resources.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files (x86)\CPU Guardian\tr-TR\Uninst000.resources.dll Jump to dropped file
Source: C:\Users\user\Desktop\074kFuPFv8.exe Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\CPU Guardian\CPU Guardian 2.6.1\install\1652F6D\Uninst000.CA.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files (x86)\CPU Guardian\no\CPUGuardian.resources.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files (x86)\CPU Guardian\ru\Splash.resources.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files (x86)\CPU Guardian\da\Uninst000.resources.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files (x86)\CPU Guardian\de\CPUGuardian.resources.dll Jump to dropped file
Source: C:\Users\user\Desktop\074kFuPFv8.exe Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\CPU Guardian\CPU Guardian 2.6.1\install\1652F6D\it\CPUGuardian.resources.dll Jump to dropped file
Source: C:\Users\user\Desktop\074kFuPFv8.exe Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\CPU Guardian\CPU Guardian 2.6.1\install\1652F6D\Setup.dll Jump to dropped file
Source: C:\Users\user\Desktop\074kFuPFv8.exe Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\CPU Guardian\CPU Guardian 2.6.1\install\1652F6D\hr-HR\Splash.resources.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files (x86)\CPU Guardian\sr-Latn-RS\Uninst000.resources.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files (x86)\CPU Guardian\bs-Latn-BA\Splash.resources.dll Jump to dropped file
Source: C:\Users\user\Desktop\074kFuPFv8.exe Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\CPU Guardian\CPU Guardian 2.6.1\install\1652F6D\Microsoft.Win32.TaskScheduler.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files (x86)\CPU Guardian\tr-TR\CPUGuardian.resources.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files (x86)\CPU Guardian\Uninst000.CA.dll Jump to dropped file
Source: C:\Users\user\Desktop\074kFuPFv8.exe Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\CPU Guardian\CPU Guardian 2.6.1\install\1652F6D\tr-TR\Splash.resources.dll Jump to dropped file
Source: C:\Users\user\Desktop\074kFuPFv8.exe Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\CPU Guardian\CPU Guardian 2.6.1\install\1652F6D\tr-TR\Uninst000.resources.dll Jump to dropped file
Source: C:\Users\user\Desktop\074kFuPFv8.exe Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\CPU Guardian\CPU Guardian 2.6.1\install\1652F6D\no\Uninst000.resources.dll Jump to dropped file
Source: C:\Users\user\Desktop\074kFuPFv8.exe Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\CPU Guardian\CPU Guardian 2.6.1\install\1652F6D\sv\Splash.resources.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files (x86)\CPU Guardian\sv\CPUGuardian.resources.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files (x86)\CPU Guardian\th-TH\Splash.resources.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files (x86)\CPU Guardian\ja\CPUGuardian.resources.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Windows\Installer\MSI63DD.tmp Jump to dropped file
Source: C:\Users\user\Desktop\074kFuPFv8.exe Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\CPU Guardian\CPU Guardian 2.6.1\install\1652F6D\updater.exe Jump to dropped file
Source: C:\Users\user\Desktop\074kFuPFv8.exe Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\CPU Guardian\CPU Guardian 2.6.1\install\1652F6D\sr-Cyrl-RS\Splash.resources.dll Jump to dropped file
Source: C:\Users\user\Desktop\074kFuPFv8.exe Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\CPU Guardian\CPU Guardian 2.6.1\install\1652F6D\ja\CPUGuardian.resources.dll Jump to dropped file
Source: C:\Users\user\Desktop\074kFuPFv8.exe Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\CPU Guardian\CPU Guardian 2.6.1\install\1652F6D\Microsoft.Deployment.WindowsInstaller.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files (x86)\CPU Guardian\fr\Splash.resources.dll Jump to dropped file
Source: C:\Users\user\Desktop\074kFuPFv8.exe Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\CPU Guardian\CPU Guardian 2.6.1\install\1652F6D\nl\Splash.resources.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Windows\Installer\MSI608E.tmp Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files (x86)\CPU Guardian\he\Uninst000.resources.dll Jump to dropped file
Source: C:\Users\user\Desktop\074kFuPFv8.exe Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\CPU Guardian\CPU Guardian 2.6.1\install\1652F6D\pt\Splash.resources.dll Jump to dropped file
Source: C:\Users\user\Desktop\074kFuPFv8.exe Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\CPU Guardian\CPU Guardian 2.6.1\install\1652F6D\bs-Latn-BA\Splash.resources.dll Jump to dropped file
Source: C:\Users\user\Desktop\074kFuPFv8.exe Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\CPU Guardian\CPU Guardian 2.6.1\install\1652F6D\da\CPUGuardian.resources.dll Jump to dropped file
Source: C:\Users\user\Desktop\074kFuPFv8.exe Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\CPU Guardian\CPU Guardian 2.6.1\install\1652F6D\ar\Splash.resources.dll Jump to dropped file
Source: C:\Users\user\Desktop\074kFuPFv8.exe Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\CPU Guardian\CPU Guardian 2.6.1\install\1652F6D\da\Splash.resources.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files (x86)\CPU Guardian\he\Splash.resources.dll Jump to dropped file
Source: C:\Users\user\Desktop\074kFuPFv8.exe Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\CPU Guardian\CPU Guardian 2.6.1\install\1652F6D\sr-Latn-RS\Splash.resources.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files (x86)\CPU Guardian\he\CPUGuardian.resources.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files (x86)\CPU Guardian\bs-Latn-BA\Uninst000.resources.dll Jump to dropped file
Source: C:\Users\user\Desktop\074kFuPFv8.exe Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\CPU Guardian\CPU Guardian 2.6.1\install\1652F6D\ru\CPUGuardian.resources.dll Jump to dropped file
Source: C:\Users\user\Desktop\074kFuPFv8.exe Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\CPU Guardian\CPU Guardian 2.6.1\install\1652F6D\he\CPUGuardian.resources.dll Jump to dropped file
Source: C:\Users\user\Desktop\074kFuPFv8.exe Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\CPU Guardian\CPU Guardian 2.6.1\install\1652F6D\bo.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files (x86)\CPU Guardian\da\CPUGuardian.resources.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files (x86)\CPU Guardian\sr-Cyrl-RS\CPUGuardian.resources.dll Jump to dropped file
Source: C:\Users\user\Desktop\074kFuPFv8.exe Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\CPU Guardian\CPU Guardian 2.6.1\install\1652F6D\fil-PH\Uninst000.resources.dll Jump to dropped file
Source: C:\Users\user\Desktop\074kFuPFv8.exe Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\CPU Guardian\CPU Guardian 2.6.1\install\1652F6D\it\Splash.resources.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files (x86)\CPU Guardian\ru\CPUGuardian.resources.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Windows\Installer\MSI7247.tmp Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files (x86)\CPU Guardian\fil-PH\Splash.resources.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files (x86)\CPU Guardian\Interop.IWshRuntimeLibrary.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files (x86)\CPU Guardian\de\Uninst000.resources.dll Jump to dropped file
Source: C:\Users\user\Desktop\074kFuPFv8.exe Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\CPU Guardian\CPU Guardian 2.6.1\install\1652F6D\bs-Latn-BA\Uninst000.resources.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files (x86)\CPU Guardian\se-FI\CPUGuardian.resources.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files (x86)\CPU Guardian\it\CPUGuardian.resources.dll Jump to dropped file
Source: C:\Users\user\Desktop\074kFuPFv8.exe Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\CPU Guardian\CPU Guardian 2.6.1\install\1652F6D\bs-Latn-BA\CPUGuardian.resources.dll Jump to dropped file
Source: C:\Users\user\Desktop\074kFuPFv8.exe Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\CPU Guardian\CPU Guardian 2.6.1\install\1652F6D\ja\Splash.resources.dll Jump to dropped file
Source: C:\Users\user\Desktop\074kFuPFv8.exe Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\CPU Guardian\CPU Guardian 2.6.1\install\1652F6D\Logging.dll Jump to dropped file
Source: C:\Users\user\Desktop\074kFuPFv8.exe Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\CPU Guardian\CPU Guardian 2.6.1\install\1652F6D\de\Splash.resources.dll Jump to dropped file
Source: C:\Users\user\Desktop\074kFuPFv8.exe Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\CPU Guardian\CPU Guardian 2.6.1\install\1652F6D\hr-HR\Uninst000.resources.dll Jump to dropped file
Source: C:\Users\user\Desktop\074kFuPFv8.exe Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\CPU Guardian\CPU Guardian 2.6.1\install\1652F6D\no\CPUGuardian.resources.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files (x86)\CPU Guardian\sr-Latn-RS\Splash.resources.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files (x86)\CPU Guardian\ar\Splash.resources.dll Jump to dropped file
Source: C:\Users\user\Desktop\074kFuPFv8.exe Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\CPU Guardian\CPU Guardian 2.6.1\install\1652F6D\sr-Cyrl-RS\Uninst000.resources.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files (x86)\CPU Guardian\sr-Latn-RS\CPUGuardian.resources.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files (x86)\CPU Guardian\nl\Uninst000.resources.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files (x86)\CPU Guardian\ja\Uninst000.resources.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files (x86)\CPU Guardian\se-FI\Uninst000.resources.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files (x86)\CPU Guardian\th-TH\Uninst000.resources.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Windows\Installer\MSI65C2.tmp Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files (x86)\CPU Guardian\bs-Latn-BA\CPUGuardian.resources.dll Jump to dropped file
Source: C:\Users\user\Desktop\074kFuPFv8.exe Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\CPU Guardian\CPU Guardian 2.6.1\install\1652F6D\it\Uninst000.resources.dll Jump to dropped file
Source: C:\Users\user\Desktop\074kFuPFv8.exe Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\CPU Guardian\CPU Guardian 2.6.1\install\1652F6D\sv\CPUGuardian.resources.dll Jump to dropped file
Source: C:\Users\user\Desktop\074kFuPFv8.exe Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\CPU Guardian\CPU Guardian 2.6.1\install\1652F6D\de\CPUGuardian.resources.dll Jump to dropped file
Source: C:\Users\user\Desktop\074kFuPFv8.exe Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\CPU Guardian\CPU Guardian 2.6.1\install\1652F6D\da\Uninst000.resources.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files (x86)\CPU Guardian\Logging.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files (x86)\CPU Guardian\de\Splash.resources.dll Jump to dropped file
Source: C:\Users\user\Desktop\074kFuPFv8.exe Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\CPU Guardian\CPU Guardian 2.6.1\install\1652F6D\pt\Uninst000.resources.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files (x86)\CPU Guardian\ja\Splash.resources.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files (x86)\CPU Guardian\pt\Splash.resources.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files (x86)\CPU Guardian\Setup.dll Jump to dropped file
Source: C:\Users\user\Desktop\074kFuPFv8.exe Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\CPU Guardian\CPU Guardian 2.6.1\install\1652F6D\es\Uninst000.resources.dll Jump to dropped file
Source: C:\Users\user\Desktop\074kFuPFv8.exe Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\CPU Guardian\CPU Guardian 2.6.1\install\1652F6D\sr-Latn-RS\Uninst000.resources.dll Jump to dropped file
Source: C:\Users\user\Desktop\074kFuPFv8.exe Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\CPU Guardian\CPU Guardian 2.6.1\install\1652F6D\nl\Uninst000.resources.dll Jump to dropped file
Source: C:\Users\user\Desktop\074kFuPFv8.exe Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\CPU Guardian\CPU Guardian 2.6.1\install\1652F6D\se-FI\Uninst000.resources.dll Jump to dropped file
Source: C:\Users\user\Desktop\074kFuPFv8.exe Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\CPU Guardian\CPU Guardian 2.6.1\install\1652F6D\ComponentFactory.Krypton.Toolkit.dll Jump to dropped file
Source: C:\Users\user\Desktop\074kFuPFv8.exe Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\CPU Guardian\CPU Guardian 2.6.1\install\1652F6D\se-FI\Splash.resources.dll Jump to dropped file
Source: C:\Users\user\Desktop\074kFuPFv8.exe Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\CPU Guardian\CPU Guardian 2.6.1\install\1652F6D\ar\Uninst000.resources.dll Jump to dropped file
Source: C:\Users\user\Desktop\074kFuPFv8.exe Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\CPU Guardian\CPU Guardian 2.6.1\install\1652F6D\hr-HR\CPUGuardian.resources.dll Jump to dropped file
Source: C:\Users\user\Desktop\074kFuPFv8.exe Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\CPU Guardian\CPU Guardian 2.6.1\install\1652F6D\Helper.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files (x86)\CPU Guardian\Helper.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files (x86)\CPU Guardian\Microsoft.Win32.TaskScheduler.dll Jump to dropped file
Source: C:\Users\user\Desktop\074kFuPFv8.exe Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\CPU Guardian\CPU Guardian 2.6.1\install\1652F6D\th-TH\CPUGuardian.resources.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Windows\Installer\MSI5FAF.tmp Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files (x86)\CPU Guardian\hr-HR\Uninst000.resources.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files (x86)\CPU Guardian\bo.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files (x86)\CPU Guardian\it\Uninst000.resources.dll Jump to dropped file
Source: C:\Users\user\Desktop\074kFuPFv8.exe Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\CPU Guardian\CPU Guardian 2.6.1\install\1652F6D\ru\Uninst000.resources.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files (x86)\CPU Guardian\bs-Cyrl-BA\Uninst000.resources.dll Jump to dropped file
Source: C:\Users\user\Desktop\074kFuPFv8.exe Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\CPU Guardian\CPU Guardian 2.6.1\install\1652F6D\nl\CPUGuardian.resources.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files (x86)\CPU Guardian\hr-HR\Splash.resources.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files (x86)\CPU Guardian\fr\Uninst000.resources.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files (x86)\CPU Guardian\ComponentFactory.Krypton.Toolkit.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files (x86)\CPU Guardian\es\Uninst000.resources.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Windows\Installer\MSI5FFE.tmp Jump to dropped file
Source: C:\Users\user\Desktop\074kFuPFv8.exe Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\CPU Guardian\CPU Guardian 2.6.1\install\1652F6D\tr-TR\CPUGuardian.resources.dll Jump to dropped file
Source: C:\Users\user\Desktop\074kFuPFv8.exe Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\CPU Guardian\CPU Guardian 2.6.1\install\1652F6D\ja\Uninst000.resources.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files (x86)\CPU Guardian\nl\Splash.resources.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files (x86)\CPU Guardian\ar\CPUGuardian.resources.dll Jump to dropped file
Source: C:\Users\user\Desktop\074kFuPFv8.exe Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\CPU Guardian\CPU Guardian 2.6.1\install\1652F6D\es\CPUGuardian.resources.dll Jump to dropped file
Source: C:\Users\user\Desktop\074kFuPFv8.exe Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\CPU Guardian\CPU Guardian 2.6.1\install\1652F6D\fil-PH\CPUGuardian.resources.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files (x86)\CPU Guardian\bs-Cyrl-BA\Splash.resources.dll Jump to dropped file
Source: C:\Users\user\Desktop\074kFuPFv8.exe Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\CPU Guardian\CPU Guardian 2.6.1\install\1652F6D\sr-Cyrl-RS\CPUGuardian.resources.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files (x86)\CPU Guardian\Uninst000.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files (x86)\CPU Guardian\nl\CPUGuardian.resources.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files (x86)\CPU Guardian\tr-TR\Splash.resources.dll Jump to dropped file
Source: C:\Users\user\Desktop\074kFuPFv8.exe Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\CPU Guardian\CPU Guardian 2.6.1\install\1652F6D\bs-Cyrl-BA\Uninst000.resources.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Windows\Installer\MSI601F.tmp Jump to dropped file
Source: C:\Users\user\Desktop\074kFuPFv8.exe Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\CPU Guardian\CPU Guardian 2.6.1\install\1652F6D\he\Splash.resources.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files (x86)\CPU Guardian\es\Splash.resources.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files (x86)\CPU Guardian\sr-Cyrl-RS\Splash.resources.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files (x86)\CPU Guardian\se-FI\Splash.resources.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Windows\Installer\MSI70B0.tmp Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files (x86)\CPU Guardian\ar\Uninst000.resources.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files (x86)\CPU Guardian\pt\CPUGuardian.resources.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files (x86)\CPU Guardian\Microsoft.Deployment.WindowsInstaller.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files (x86)\CPU Guardian\es\CPUGuardian.resources.dll Jump to dropped file
Source: C:\Users\user\Desktop\074kFuPFv8.exe Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\CPU Guardian\CPU Guardian 2.6.1\install\1652F6D\th-TH\Uninst000.resources.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files (x86)\CPU Guardian\updater.exe Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files (x86)\CPU Guardian\it\Splash.resources.dll Jump to dropped file
Source: C:\Users\user\Desktop\074kFuPFv8.exe Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\CPU Guardian\CPU Guardian 2.6.1\install\1652F6D\ar\CPUGuardian.resources.dll Jump to dropped file
Source: C:\Users\user\Desktop\074kFuPFv8.exe Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\CPU Guardian\CPU Guardian 2.6.1\install\1652F6D\Interop.IWshRuntimeLibrary.dll Jump to dropped file
Source: C:\Users\user\Desktop\074kFuPFv8.exe Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\CPU Guardian\CPU Guardian 2.6.1\install\1652F6D\bs-Cyrl-BA\Splash.resources.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Windows\Installer\MSI60DD.tmp Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files (x86)\CPU Guardian\pt\Uninst000.resources.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files (x86)\CPU Guardian\fil-PH\CPUGuardian.resources.dll Jump to dropped file
Source: C:\Users\user\Desktop\074kFuPFv8.exe Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\CPU Guardian\CPU Guardian 2.6.1\install\1652F6D\sv\Uninst000.resources.dll Jump to dropped file
Source: C:\Users\user\Desktop\074kFuPFv8.exe Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\CPU Guardian\CPU Guardian 2.6.1\install\1652F6D\pt\CPUGuardian.resources.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files (x86)\CPU Guardian\fr\CPUGuardian.resources.dll Jump to dropped file
Source: C:\Users\user\Desktop\074kFuPFv8.exe Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\CPU Guardian\CPU Guardian 2.6.1\install\1652F6D\he\Uninst000.resources.dll Jump to dropped file
Source: C:\Users\user\Desktop\074kFuPFv8.exe Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\CPU Guardian\CPU Guardian 2.6.1\install\1652F6D\sr-Latn-RS\CPUGuardian.resources.dll Jump to dropped file
Source: C:\Users\user\Desktop\074kFuPFv8.exe Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\CPU Guardian\CPU Guardian 2.6.1\install\1652F6D\fr\CPUGuardian.resources.dll Jump to dropped file
Source: C:\Users\user\Desktop\074kFuPFv8.exe Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\CPU Guardian\CPU Guardian 2.6.1\install\1652F6D\no\Splash.resources.dll Jump to dropped file
Found evaded block containing many API calls
Source: C:\Users\user\Desktop\074kFuPFv8.exe Evaded block: after key decision
Found evasive API chain (may stop execution after checking a module file name)
Source: C:\Users\user\Desktop\074kFuPFv8.exe Evasive API call chain: GetModuleFileName,DecisionNodes,Sleep
Found large amount of non-executed APIs
Source: C:\Users\user\Desktop\074kFuPFv8.exe API coverage: 6.1 %
May sleep (evasive loops) to hinder dynamic analysis
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe TID: 7924 Thread sleep time: -30437127721620741s >= -30000s Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe TID: 7924 Thread sleep time: -600000s >= -30000s Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe TID: 7924 Thread sleep time: -599874s >= -30000s Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe TID: 7924 Thread sleep time: -599765s >= -30000s Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe TID: 7924 Thread sleep time: -599656s >= -30000s Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe TID: 7924 Thread sleep time: -599546s >= -30000s Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe TID: 7924 Thread sleep time: -599433s >= -30000s Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe TID: 7924 Thread sleep time: -599315s >= -30000s Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe TID: 7924 Thread sleep time: -599187s >= -30000s Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe TID: 7924 Thread sleep time: -598940s >= -30000s Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe TID: 7924 Thread sleep time: -598814s >= -30000s Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe TID: 7924 Thread sleep time: -598687s >= -30000s Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe TID: 7924 Thread sleep time: -598562s >= -30000s Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe TID: 7924 Thread sleep time: -598453s >= -30000s Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe TID: 7924 Thread sleep time: -598333s >= -30000s Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe TID: 7924 Thread sleep time: -598218s >= -30000s Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe TID: 7924 Thread sleep time: -598109s >= -30000s Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe TID: 7924 Thread sleep time: -597978s >= -30000s Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe TID: 7924 Thread sleep time: -597874s >= -30000s Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe TID: 7924 Thread sleep time: -597765s >= -30000s Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe TID: 7924 Thread sleep time: -597629s >= -30000s Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe TID: 7924 Thread sleep time: -597515s >= -30000s Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe TID: 7924 Thread sleep time: -597404s >= -30000s Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe TID: 7924 Thread sleep time: -597296s >= -30000s Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe TID: 7924 Thread sleep time: -597187s >= -30000s Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe TID: 7924 Thread sleep time: -597077s >= -30000s Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe TID: 7924 Thread sleep time: -596964s >= -30000s Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe TID: 7924 Thread sleep time: -596859s >= -30000s Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe TID: 7924 Thread sleep time: -596750s >= -30000s Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe TID: 7924 Thread sleep time: -596640s >= -30000s Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe TID: 7924 Thread sleep time: -596531s >= -30000s Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe TID: 7924 Thread sleep time: -596421s >= -30000s Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe TID: 7924 Thread sleep time: -596312s >= -30000s Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe TID: 7924 Thread sleep time: -596203s >= -30000s Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe TID: 7924 Thread sleep time: -596093s >= -30000s Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe TID: 7924 Thread sleep time: -595984s >= -30000s Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe TID: 7924 Thread sleep time: -595857s >= -30000s Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe TID: 7924 Thread sleep time: -595750s >= -30000s Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe TID: 7924 Thread sleep time: -595640s >= -30000s Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe TID: 7924 Thread sleep time: -595531s >= -30000s Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe TID: 7924 Thread sleep time: -595421s >= -30000s Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe TID: 7924 Thread sleep time: -595312s >= -30000s Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe TID: 7924 Thread sleep time: -595202s >= -30000s Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe TID: 7924 Thread sleep time: -595089s >= -30000s Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe TID: 7924 Thread sleep time: -594976s >= -30000s Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe TID: 7924 Thread sleep time: -594841s >= -30000s Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe TID: 7924 Thread sleep time: -594721s >= -30000s Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe TID: 7924 Thread sleep time: -594573s >= -30000s Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe TID: 7924 Thread sleep time: -593962s >= -30000s Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe TID: 7924 Thread sleep time: -593859s >= -30000s Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe TID: 7924 Thread sleep time: -593749s >= -30000s Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe TID: 7924 Thread sleep time: -593640s >= -30000s Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\InstAct.exe TID: 7768 Thread sleep time: -30000s >= -30000s
Source: C:\Program Files (x86)\CPU Guardian\InstAct.exe TID: 6016 Thread sleep time: -922337203685477s >= -30000s
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe TID: 8068 Thread sleep time: -922337203685477s >= -30000s
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe TID: 8072 Thread sleep time: -922337203685477s >= -30000s
Source: C:\Program Files (x86)\CPU Guardian\InstAct.exe TID: 1188 Thread sleep time: -30000s >= -30000s
Source: C:\Program Files (x86)\CPU Guardian\InstAct.exe TID: 4048 Thread sleep time: -922337203685477s >= -30000s
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BIOS
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BIOS
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BIOS
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BIOS
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BIOS
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BIOS
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
Source: C:\Program Files (x86)\CPU Guardian\InstAct.exe WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BIOS
Source: C:\Program Files (x86)\CPU Guardian\InstAct.exe WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BIOS
Source: C:\Program Files (x86)\CPU Guardian\InstAct.exe WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BIOS
Source: C:\Program Files (x86)\CPU Guardian\InstAct.exe WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BIOS
Source: C:\Program Files (x86)\CPU Guardian\InstAct.exe WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BIOS
Source: C:\Program Files (x86)\CPU Guardian\InstAct.exe WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BIOS
Source: C:\Program Files (x86)\CPU Guardian\InstAct.exe WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
Source: C:\Program Files (x86)\CPU Guardian\InstAct.exe WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
Source: C:\Program Files (x86)\CPU Guardian\InstAct.exe WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
Source: C:\Program Files (x86)\CPU Guardian\InstAct.exe WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Program Files (x86)\CPU Guardian\InstAct.exe WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Program Files (x86)\CPU Guardian\InstAct.exe WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\Desktop\074kFuPFv8.exe File Volume queried: C:\Users\user\AppData\Roaming FullSizeInformation Jump to behavior
Source: C:\Users\user\Desktop\074kFuPFv8.exe File Volume queried: C:\Users\user\AppData\Roaming\CPU Guardian\CPU Guardian 2.6.1\install FullSizeInformation Jump to behavior
Source: C:\Users\user\Desktop\074kFuPFv8.exe File Volume queried: C:\Users\user\AppData\Roaming\CPU Guardian\CPU Guardian 2.6.1\install\1652F6D FullSizeInformation Jump to behavior
Source: C:\Users\user\Desktop\074kFuPFv8.exe File Volume queried: C:\Users\user\AppData\Roaming\CPU Guardian\CPU Guardian 2.6.1\install\1652F6D FullSizeInformation Jump to behavior
Source: C:\Users\user\Desktop\074kFuPFv8.exe File Volume queried: C:\Users\user\AppData\Roaming\CPU Guardian\CPU Guardian 2.6.1\install\1652F6D FullSizeInformation Jump to behavior
Source: C:\Users\user\Desktop\074kFuPFv8.exe File Volume queried: C:\Users\user\AppData\Roaming\CPU Guardian\CPU Guardian 2.6.1\install\1652F6D FullSizeInformation Jump to behavior
Source: C:\Users\user\Desktop\074kFuPFv8.exe File Volume queried: C:\Users\user\AppData\Roaming\CPU Guardian\CPU Guardian 2.6.1\install\1652F6D FullSizeInformation Jump to behavior
Source: C:\Users\user\Desktop\074kFuPFv8.exe File Volume queried: C:\Users\user\AppData\Roaming\CPU Guardian\CPU Guardian 2.6.1\install\1652F6D FullSizeInformation Jump to behavior
Source: C:\Users\user\Desktop\074kFuPFv8.exe File Volume queried: C:\Users\user\AppData\Roaming\CPU Guardian\CPU Guardian 2.6.1\install\1652F6D FullSizeInformation Jump to behavior
Source: C:\Users\user\Desktop\074kFuPFv8.exe File Volume queried: C:\Users\user\AppData\Roaming\CPU Guardian\CPU Guardian 2.6.1\install\1652F6D FullSizeInformation Jump to behavior
Source: C:\Users\user\Desktop\074kFuPFv8.exe File Volume queried: C:\Users\user\AppData\Roaming\CPU Guardian\CPU Guardian 2.6.1\install\1652F6D FullSizeInformation Jump to behavior
Source: C:\Users\user\Desktop\074kFuPFv8.exe File Volume queried: C:\Users\user\AppData\Roaming\CPU Guardian\CPU Guardian 2.6.1\install\1652F6D FullSizeInformation Jump to behavior
Source: C:\Users\user\Desktop\074kFuPFv8.exe File Volume queried: C:\Users\user\AppData\Roaming\CPU Guardian\CPU Guardian 2.6.1\install\1652F6D FullSizeInformation Jump to behavior
Source: C:\Users\user\Desktop\074kFuPFv8.exe File Volume queried: C:\Users\user\AppData\Roaming\CPU Guardian\CPU Guardian 2.6.1\install\1652F6D FullSizeInformation Jump to behavior
Source: C:\Users\user\Desktop\074kFuPFv8.exe File Volume queried: C:\Users\user\AppData\Roaming\CPU Guardian\CPU Guardian 2.6.1\install\1652F6D FullSizeInformation Jump to behavior
Source: C:\Users\user\Desktop\074kFuPFv8.exe File Volume queried: C:\Users\user\AppData\Roaming\CPU Guardian\CPU Guardian 2.6.1\install\1652F6D FullSizeInformation Jump to behavior
Source: C:\Users\user\Desktop\074kFuPFv8.exe File Volume queried: C:\Users\user\AppData\Roaming\CPU Guardian\CPU Guardian 2.6.1\install\1652F6D FullSizeInformation Jump to behavior
Source: C:\Users\user\Desktop\074kFuPFv8.exe File Volume queried: C:\Users\user\AppData\Roaming\CPU Guardian\CPU Guardian 2.6.1\install\1652F6D FullSizeInformation Jump to behavior
Source: C:\Users\user\Desktop\074kFuPFv8.exe File Volume queried: C:\Users\user\AppData\Roaming\CPU Guardian\CPU Guardian 2.6.1\install\1652F6D FullSizeInformation Jump to behavior
Source: C:\Users\user\Desktop\074kFuPFv8.exe File Volume queried: C:\Users\user\AppData\Roaming\CPU Guardian\CPU Guardian 2.6.1\install\1652F6D FullSizeInformation Jump to behavior
Source: C:\Users\user\Desktop\074kFuPFv8.exe File Volume queried: C:\Users\user\AppData\Roaming\CPU Guardian\CPU Guardian 2.6.1\install\1652F6D FullSizeInformation Jump to behavior
Source: C:\Users\user\Desktop\074kFuPFv8.exe File Volume queried: C:\Users\user\AppData\Roaming\CPU Guardian\CPU Guardian 2.6.1\install\1652F6D FullSizeInformation Jump to behavior
Source: C:\Users\user\Desktop\074kFuPFv8.exe File Volume queried: C:\Users\user\AppData\Roaming\CPU Guardian\CPU Guardian 2.6.1\install\1652F6D FullSizeInformation Jump to behavior
Source: C:\Users\user\Desktop\074kFuPFv8.exe File Volume queried: C:\Users\user\AppData\Roaming\CPU Guardian\CPU Guardian 2.6.1\install\1652F6D FullSizeInformation Jump to behavior
Source: C:\Users\user\Desktop\074kFuPFv8.exe File Volume queried: C:\Users\user\AppData\Roaming\CPU Guardian\CPU Guardian 2.6.1\install\1652F6D FullSizeInformation Jump to behavior
Source: C:\Users\user\Desktop\074kFuPFv8.exe File Volume queried: C:\Users\user\AppData\Roaming\CPU Guardian\CPU Guardian 2.6.1\install\1652F6D FullSizeInformation Jump to behavior
Source: C:\Users\user\Desktop\074kFuPFv8.exe File Volume queried: C:\Users\user\AppData\Roaming\CPU Guardian\CPU Guardian 2.6.1\install\1652F6D FullSizeInformation Jump to behavior
Source: C:\Users\user\Desktop\074kFuPFv8.exe File Volume queried: C:\Users\user\AppData\Roaming\CPU Guardian\CPU Guardian 2.6.1\install\1652F6D FullSizeInformation Jump to behavior
Source: C:\Users\user\Desktop\074kFuPFv8.exe File Volume queried: C:\Users\user\AppData\Roaming\CPU Guardian\CPU Guardian 2.6.1\install\1652F6D FullSizeInformation Jump to behavior
Source: C:\Users\user\Desktop\074kFuPFv8.exe File Volume queried: C:\Users\user\AppData\Roaming\CPU Guardian\CPU Guardian 2.6.1\install\1652F6D FullSizeInformation Jump to behavior
Source: C:\Users\user\Desktop\074kFuPFv8.exe File Volume queried: C:\Users\user\AppData\Roaming\CPU Guardian\CPU Guardian 2.6.1\install\1652F6D FullSizeInformation Jump to behavior
Source: C:\Users\user\Desktop\074kFuPFv8.exe File Volume queried: C:\Users\user\AppData\Roaming\CPU Guardian\CPU Guardian 2.6.1\install\1652F6D FullSizeInformation Jump to behavior
Source: C:\Users\user\Desktop\074kFuPFv8.exe File Volume queried: C:\Users\user\AppData\Roaming\CPU Guardian\CPU Guardian 2.6.1\install\1652F6D FullSizeInformation Jump to behavior
Source: C:\Users\user\Desktop\074kFuPFv8.exe File Volume queried: C:\Users\user\AppData\Roaming\CPU Guardian\CPU Guardian 2.6.1\install\1652F6D FullSizeInformation Jump to behavior
Source: C:\Users\user\Desktop\074kFuPFv8.exe File Volume queried: C:\Users\user\AppData\Roaming\CPU Guardian\CPU Guardian 2.6.1\install\1652F6D FullSizeInformation Jump to behavior
Source: C:\Users\user\Desktop\074kFuPFv8.exe File Volume queried: C:\Users\user\AppData\Roaming\CPU Guardian\CPU Guardian 2.6.1\install\1652F6D FullSizeInformation Jump to behavior
Source: C:\Users\user\Desktop\074kFuPFv8.exe File Volume queried: C:\Users\user\AppData\Roaming\CPU Guardian\CPU Guardian 2.6.1\install\1652F6D FullSizeInformation Jump to behavior
Source: C:\Users\user\Desktop\074kFuPFv8.exe File Volume queried: C:\Users\user\AppData\Roaming\CPU Guardian\CPU Guardian 2.6.1\install\1652F6D FullSizeInformation Jump to behavior
Source: C:\Users\user\Desktop\074kFuPFv8.exe File Volume queried: C:\Users\user\AppData\Roaming\CPU Guardian\CPU Guardian 2.6.1\install\1652F6D FullSizeInformation Jump to behavior
Source: C:\Users\user\Desktop\074kFuPFv8.exe File Volume queried: C:\Users\user\AppData\Roaming\CPU Guardian\CPU Guardian 2.6.1\install\1652F6D FullSizeInformation Jump to behavior
Source: C:\Users\user\Desktop\074kFuPFv8.exe File Volume queried: C:\Users\user\AppData\Roaming\CPU Guardian\CPU Guardian 2.6.1\install\1652F6D FullSizeInformation Jump to behavior
Source: C:\Users\user\Desktop\074kFuPFv8.exe File Volume queried: C:\Users\user\AppData\Roaming\CPU Guardian\CPU Guardian 2.6.1\install\1652F6D FullSizeInformation Jump to behavior
Source: C:\Users\user\Desktop\074kFuPFv8.exe File Volume queried: C:\Users\user\AppData\Roaming\CPU Guardian\CPU Guardian 2.6.1\install\1652F6D FullSizeInformation Jump to behavior
Source: C:\Users\user\Desktop\074kFuPFv8.exe File Volume queried: C:\Users\user\AppData\Roaming\CPU Guardian\CPU Guardian 2.6.1\install\1652F6D FullSizeInformation Jump to behavior
Source: C:\Users\user\Desktop\074kFuPFv8.exe File Volume queried: C:\Users\user\AppData\Roaming\CPU Guardian\CPU Guardian 2.6.1\install\1652F6D FullSizeInformation Jump to behavior
Source: C:\Users\user\Desktop\074kFuPFv8.exe File Volume queried: C:\Users\user\AppData\Roaming\CPU Guardian\CPU Guardian 2.6.1\install\1652F6D FullSizeInformation Jump to behavior
Source: C:\Users\user\Desktop\074kFuPFv8.exe File Volume queried: C:\Users\user\AppData\Roaming\CPU Guardian\CPU Guardian 2.6.1\install\1652F6D FullSizeInformation Jump to behavior
Source: C:\Users\user\Desktop\074kFuPFv8.exe File Volume queried: C:\Users\user\AppData\Roaming\CPU Guardian\CPU Guardian 2.6.1\install\1652F6D FullSizeInformation Jump to behavior
Source: C:\Users\user\Desktop\074kFuPFv8.exe File Volume queried: C:\Users\user\AppData\Roaming\CPU Guardian\CPU Guardian 2.6.1\install\1652F6D FullSizeInformation Jump to behavior
Source: C:\Users\user\Desktop\074kFuPFv8.exe File Volume queried: C:\Users\user\AppData\Roaming\CPU Guardian\CPU Guardian 2.6.1\install\1652F6D FullSizeInformation Jump to behavior
Source: C:\Users\user\Desktop\074kFuPFv8.exe File Volume queried: C:\Users\user\AppData\Roaming\CPU Guardian\CPU Guardian 2.6.1\install\1652F6D FullSizeInformation Jump to behavior
Source: C:\Users\user\Desktop\074kFuPFv8.exe File Volume queried: C:\Users\user\AppData\Roaming\CPU Guardian\CPU Guardian 2.6.1\install\1652F6D FullSizeInformation Jump to behavior
Source: C:\Users\user\Desktop\074kFuPFv8.exe File Volume queried: C:\Users\user\AppData\Roaming\CPU Guardian\CPU Guardian 2.6.1\install\1652F6D FullSizeInformation Jump to behavior
Source: C:\Users\user\Desktop\074kFuPFv8.exe File Volume queried: C:\Users\user\AppData\Roaming\CPU Guardian\CPU Guardian 2.6.1\install\1652F6D FullSizeInformation Jump to behavior
Source: C:\Users\user\Desktop\074kFuPFv8.exe File Volume queried: C:\Users\user\AppData\Roaming\CPU Guardian\CPU Guardian 2.6.1\install\1652F6D FullSizeInformation Jump to behavior
Source: C:\Users\user\Desktop\074kFuPFv8.exe File Volume queried: C:\Users\user\AppData\Roaming\CPU Guardian\CPU Guardian 2.6.1\install\1652F6D FullSizeInformation Jump to behavior
Source: C:\Users\user\Desktop\074kFuPFv8.exe File Volume queried: C:\Users\user\AppData\Roaming\CPU Guardian\CPU Guardian 2.6.1\install\1652F6D FullSizeInformation Jump to behavior
Source: C:\Users\user\Desktop\074kFuPFv8.exe File Volume queried: C:\Users\user\AppData\Roaming\CPU Guardian\CPU Guardian 2.6.1\install\1652F6D FullSizeInformation Jump to behavior
Source: C:\Users\user\Desktop\074kFuPFv8.exe File Volume queried: C:\Users\user\AppData\Roaming\CPU Guardian\CPU Guardian 2.6.1\install\1652F6D FullSizeInformation Jump to behavior
Source: C:\Users\user\Desktop\074kFuPFv8.exe File Volume queried: C:\Users\user\AppData\Roaming\CPU Guardian\CPU Guardian 2.6.1\install\1652F6D FullSizeInformation Jump to behavior
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Users\user\Desktop\074kFuPFv8.exe Code function: 0_2_002ACFAA FindFirstFileW,FindNextFileW,FindNextFileW,FindNextFileW,FindClose,FindClose, 0_2_002ACFAA
Source: C:\Users\user\Desktop\074kFuPFv8.exe Code function: 0_2_002A9090 __recalloc,_memset,FindFirstFileW,FindClose,CloseHandle,CloseHandle,CloseHandle,CloseHandle,CloseHandle,CloseHandle,CloseHandle,CloseHandle, 0_2_002A9090
Source: C:\Users\user\Desktop\074kFuPFv8.exe Code function: 0_2_002AD1CC FindFirstFileW,FindClose,FindClose, 0_2_002AD1CC
Source: C:\Users\user\Desktop\074kFuPFv8.exe Code function: 0_2_00299410 FindFirstFileW,FindClose,FindClose, 0_2_00299410
Source: C:\Users\user\Desktop\074kFuPFv8.exe Code function: 0_2_002A9A11 _memset,FindFirstFileW,FindClose, 0_2_002A9A11
Source: C:\Users\user\Desktop\074kFuPFv8.exe Code function: 0_2_00298750 _memset,FindFirstFileW,FindClose,FindFirstFileW,FindClose,FindClose,FindClose,FindClose,FindClose, 0_2_00298750
Source: C:\Users\user\Desktop\074kFuPFv8.exe Code function: 0_2_002B886D FindFirstFileW,FindClose,FindClose, 0_2_002B886D
Source: C:\Users\user\Desktop\074kFuPFv8.exe Code function: 0_2_00298A30 _wcslen,_memset,FindFirstFileW,FindClose,FindNextFileW,_memcpy_s,_wcslen,FindNextFileW,RemoveDirectoryW,_wcslen,FindNextFileW,DeleteFileW, 0_2_00298A30
Source: C:\Users\user\Desktop\074kFuPFv8.exe Code function: 0_2_002BD9FD FindFirstFileW,FindNextFileW,FindNextFileW,FindClose,FindFirstFileW,FindClose,FindNextFileW,FindNextFileW,FindClose, 0_2_002BD9FD
Source: C:\Users\user\Desktop\074kFuPFv8.exe Code function: 0_2_0029E320 FindClose,FindResourceW,_wcslen,_memcpy_s,FindFirstFileW,_wcslen,GetFullPathNameW,GetFullPathNameW,GetFullPathNameW,_wcsnlen,FindClose,SetLastError,_wcsrchr,_wcsrchr,_wcsnlen, 0_2_0029E320
Source: C:\Users\user\Desktop\074kFuPFv8.exe Code function: 0_2_002AB89C FindFirstFileW,FindClose,FindClose, 0_2_002AB89C
Source: C:\Users\user\Desktop\074kFuPFv8.exe Code function: 0_2_002A7A7F FindFirstFileW,FindClose, 0_2_002A7A7F
Source: C:\Users\user\Desktop\074kFuPFv8.exe Code function: 0_2_002C7D7A GetWindowsDirectoryW,lstrcmpW,lstrlenW,FindFirstFileW,lstrlenW,DeleteFileW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW, 0_2_002C7D7A
Source: C:\Users\user\Desktop\074kFuPFv8.exe Code function: 0_2_00298E90 _wcsrchr,RemoveDirectoryW,GetLogicalDriveStringsW,GetDriveTypeW,FindResourceW,_wcslen,_memcpy_s,_wcslen,__recalloc, 0_2_00298E90
Source: C:\Users\user\Desktop\074kFuPFv8.exe Code function: 0_2_002824D3 __EH_prolog3_GS,LoadLibraryW,GetProcAddress,GetProcAddress,GetCurrentProcess,GetProcAddress,GetSystemInfo,GetSystemInfo, 0_2_002824D3
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Thread delayed: delay time: 922337203685477 Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Thread delayed: delay time: 600000 Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Thread delayed: delay time: 599874 Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Thread delayed: delay time: 599765 Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Thread delayed: delay time: 599656 Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Thread delayed: delay time: 599546 Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Thread delayed: delay time: 599433 Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Thread delayed: delay time: 599315 Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Thread delayed: delay time: 599187 Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Thread delayed: delay time: 598940 Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Thread delayed: delay time: 598814 Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Thread delayed: delay time: 598687 Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Thread delayed: delay time: 598562 Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Thread delayed: delay time: 598453 Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Thread delayed: delay time: 598333 Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Thread delayed: delay time: 598218 Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Thread delayed: delay time: 598109 Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Thread delayed: delay time: 597978 Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Thread delayed: delay time: 597874 Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Thread delayed: delay time: 597765 Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Thread delayed: delay time: 597629 Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Thread delayed: delay time: 597515 Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Thread delayed: delay time: 597404 Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Thread delayed: delay time: 597296 Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Thread delayed: delay time: 597187 Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Thread delayed: delay time: 597077 Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Thread delayed: delay time: 596964 Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Thread delayed: delay time: 596859 Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Thread delayed: delay time: 596750 Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Thread delayed: delay time: 596640 Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Thread delayed: delay time: 596531 Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Thread delayed: delay time: 596421 Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Thread delayed: delay time: 596312 Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Thread delayed: delay time: 596203 Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Thread delayed: delay time: 596093 Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Thread delayed: delay time: 595984 Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Thread delayed: delay time: 595857 Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Thread delayed: delay time: 595750 Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Thread delayed: delay time: 595640 Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Thread delayed: delay time: 595531 Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Thread delayed: delay time: 595421 Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Thread delayed: delay time: 595312 Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Thread delayed: delay time: 595202 Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Thread delayed: delay time: 595089 Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Thread delayed: delay time: 594976 Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Thread delayed: delay time: 594841 Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Thread delayed: delay time: 594721 Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Thread delayed: delay time: 594573 Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Thread delayed: delay time: 593962 Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Thread delayed: delay time: 593859 Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Thread delayed: delay time: 593749 Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Thread delayed: delay time: 593640 Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\InstAct.exe Thread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Thread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Thread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\CPU Guardian\InstAct.exe Thread delayed: delay time: 922337203685477
Source: CPUGuardian.exe, 0000000A.00000002.4153564323.0000000000F13000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: InstAct.exe, 0000000B.00000002.2405600010.0000000005ADD000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllj
Source: CPUGuardian.exe, 0000000A.00000002.4166994161.0000000008760000.00000004.00000020.00020000.00000000.sdmp, InstAct.exe, 00000013.00000002.2417478165.00000000010A9000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: C:\Users\user\Desktop\074kFuPFv8.exe API call chain: ExitProcess graph end node
Source: C:\Windows\System32\msiexec.exe Process information queried: ProcessInformation Jump to behavior
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Code function: 10_2_028ED2B0 LdrInitializeThunk, 10_2_028ED2B0
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Source: C:\Users\user\Desktop\074kFuPFv8.exe Code function: 0_2_002F5574 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, 0_2_002F5574
Contains functionality to dynamically determine API calls
Source: C:\Users\user\Desktop\074kFuPFv8.exe Code function: 0_2_002C09E1 LoadLibraryW,GetProcAddress,FreeLibrary, 0_2_002C09E1
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Source: C:\Users\user\Desktop\074kFuPFv8.exe Code function: 0_2_002F2E50 GetProcessHeap,HeapAlloc,RtlInterlockedPopEntrySList,VirtualAlloc,RtlInterlockedPopEntrySList,VirtualFree,RtlInterlockedPushEntrySList, 0_2_002F2E50
Enables debug privileges
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Process token adjusted: Debug Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Process token adjusted: Debug Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\InstAct.exe Process token adjusted: Debug
Source: C:\Program Files (x86)\CPU Guardian\InstAct.exe Process token adjusted: Debug
Launches processes in debugging mode, may be used to hinder debugging
Source: C:\Windows\System32\msiexec.exe Process created: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe "C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe" true Jump to behavior
Source: C:\Users\user\Desktop\074kFuPFv8.exe Code function: 0_2_00293900 SetUnhandledExceptionFilter, 0_2_00293900
Source: C:\Users\user\Desktop\074kFuPFv8.exe Code function: 0_2_002FC4DB __NMSG_WRITE,_raise,_memset,SetUnhandledExceptionFilter,UnhandledExceptionFilter, 0_2_002FC4DB
Source: C:\Users\user\Desktop\074kFuPFv8.exe Code function: 0_2_002F5574 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, 0_2_002F5574
Source: C:\Users\user\Desktop\074kFuPFv8.exe Code function: 0_2_002F5CB7 _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, 0_2_002F5CB7
Source: C:\Users\user\Desktop\074kFuPFv8.exe Code function: 0_2_002F3713 _abort,__NMSG_WRITE,_raise,_memset,SetUnhandledExceptionFilter,UnhandledExceptionFilter, 0_2_002F3713
Source: C:\Users\user\Desktop\074kFuPFv8.exe Code function: 0_2_00293880 SetUnhandledExceptionFilter, 0_2_00293880
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Memory allocated: page read and write | page guard Jump to behavior
Creates a process in suspended mode (likely to inject code)
Source: C:\Windows\SysWOW64\msiexec.exe Process created: C:\Windows\SysWOW64\cmd.exe /C "C:\Users\user\AppData\Local\Temp\{C7F8B9FC-A653-4074-A59A-3A17D9B805FE}.bat" Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Process created: C:\Windows\SysWOW64\cmd.exe /C "C:\Users\user\AppData\Local\Temp\{C7F8B9FC-A653-4074-A59A-3A17D9B805FE}.bat" Jump to behavior
Very long cmdline option found, this is very uncommon (may be encrypted or packed)
Source: C:\Users\user\Desktop\074kFuPFv8.exe Process created: C:\Windows\SysWOW64\msiexec.exe "c:\windows\system32\msiexec.exe" /i "c:\users\user\appdata\roaming\cpu guardian\cpu guardian 2.6.1\install\1652f6d\cpuguardian.msi" /qn ai_setupexepath=c:\users\user\desktop\074kfupfv8.exe setupexedir=c:\users\user\desktop\ exe_cmd_line="/exenoupdates /exelang 0 /noprereqs "
Source: C:\Users\user\Desktop\074kFuPFv8.exe Process created: C:\Windows\SysWOW64\msiexec.exe "c:\windows\system32\msiexec.exe" /i "c:\users\user\appdata\roaming\cpu guardian\cpu guardian 2.6.1\install\1652f6d\cpuguardian.msi" /qn ai_setupexepath=c:\users\user\desktop\074kfupfv8.exe setupexedir=c:\users\user\desktop\ exe_cmd_line="/exenoupdates /exelang 0 /noprereqs " Jump to behavior
Source: C:\Users\user\Desktop\074kFuPFv8.exe Code function: 0_2_002C08EA LocalFree,LocalFree,GetSecurityDescriptorDacl,GetLastError,RaiseException,SetEntriesInAclW,LocalAlloc,InitializeSecurityDescriptor,GetLastError,LocalFree,SetSecurityDescriptorDacl, 0_2_002C08EA
Source: C:\Users\user\Desktop\074kFuPFv8.exe Code function: 0_2_002ABAD2 GetCurrentProcess,OpenProcessToken,GetLastError,GetTokenInformation,GetTokenInformation,GetLastError,GetLastError,GetTokenInformation,AllocateAndInitializeSid,EqualSid,FreeSid,CloseHandle,GetLastError,CloseHandle, 0_2_002ABAD2
Contains functionality to query locales information (e.g. system language)
Source: C:\Users\user\Desktop\074kFuPFv8.exe Code function: GetLocaleInfoA,_LocaleUpdate::_LocaleUpdate,___ascii_strnicmp,__tolower_l,__tolower_l, 0_2_0030C5D5
Source: C:\Users\user\Desktop\074kFuPFv8.exe Code function: ___crtGetLocaleInfoA,GetLastError,___crtGetLocaleInfoA,__calloc_crt,___crtGetLocaleInfoA,__calloc_crt,__invoke_watson,___crtGetLocaleInfoW, 0_2_003007BA
Source: C:\Users\user\Desktop\074kFuPFv8.exe Code function: GetLocaleInfoA, 0_2_002FD2DF
Source: C:\Users\user\Desktop\074kFuPFv8.exe Code function: ___getlocaleinfo,__malloc_crt,__calloc_crt,__calloc_crt,__calloc_crt,__calloc_crt,GetCPInfo,___crtGetStringTypeA,___crtLCMapStringA,___crtLCMapStringA,InterlockedDecrement,InterlockedDecrement, 0_2_002FD5B1
Source: C:\Users\user\Desktop\074kFuPFv8.exe Code function: GetLocaleInfoA, 0_2_00309BFE
Source: C:\Users\user\Desktop\074kFuPFv8.exe Code function: ___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo, 0_2_0030645F
Source: C:\Users\user\Desktop\074kFuPFv8.exe Code function: SendMessageW,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW, 0_2_002BE60A
Source: C:\Users\user\Desktop\074kFuPFv8.exe Code function: SendMessageW,GetLocaleInfoA,_memset,GetLocaleInfoA, 0_2_002BE64E
Source: C:\Users\user\Desktop\074kFuPFv8.exe Code function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW, 0_2_002AA93E
Source: C:\Users\user\Desktop\074kFuPFv8.exe Code function: __calloc_crt,__malloc_crt,__malloc_crt,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___free_lconv_num,InterlockedDecrement,InterlockedDecrement,InterlockedDecrement, 0_2_00306ACD
Source: C:\Users\user\Desktop\074kFuPFv8.exe Code function: __calloc_crt,__malloc_crt,__malloc_crt,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___free_lconv_mon,InterlockedDecrement,InterlockedDecrement, 0_2_00306D25
Source: C:\Users\user\Desktop\074kFuPFv8.exe Code function: _LocaleUpdate::_LocaleUpdate,GetLocaleInfoW, 0_2_0030AEA5
Source: C:\Users\user\Desktop\074kFuPFv8.exe Code function: GetLocaleInfoW,GetLocaleInfoW,GetLastError,GetLocaleInfoW,_malloc,GetLocaleInfoW,WideCharToMultiByte,__freea,GetLocaleInfoA, 0_2_0030AED9
Source: C:\Users\user\Desktop\074kFuPFv8.exe Code function: _LocaleUpdate::_LocaleUpdate,__crtGetLocaleInfoA_stat, 0_2_0030B018
Source: C:\Users\user\Desktop\074kFuPFv8.exe Code function: GetLocaleInfoA,GetLocaleInfoA,GetACP, 0_2_00307179
Source: C:\Users\user\Desktop\074kFuPFv8.exe Code function: __getptd,_LcidFromHexString,GetLocaleInfoA, 0_2_00307290
Source: C:\Users\user\Desktop\074kFuPFv8.exe Code function: GetLocaleInfoA,_LcidFromHexString,_GetPrimaryLen,_strlen, 0_2_00307328
Source: C:\Users\user\Desktop\074kFuPFv8.exe Code function: __getptd,_LcidFromHexString,GetLocaleInfoA,GetLocaleInfoA,GetLocaleInfoA,_strlen,GetLocaleInfoA,_strlen,_TestDefaultLanguage, 0_2_0030739C
Source: C:\Users\user\Desktop\074kFuPFv8.exe Code function: __getptd,_LcidFromHexString,GetLocaleInfoA,_TestDefaultLanguage, 0_2_0030756E
Source: C:\Users\user\Desktop\074kFuPFv8.exe Code function: _strlen,_strlen,_GetPrimaryLen,EnumSystemLocalesA, 0_2_0030762F
Source: C:\Users\user\Desktop\074kFuPFv8.exe Code function: _strlen,_GetPrimaryLen,EnumSystemLocalesA, 0_2_00307696
Source: C:\Users\user\Desktop\074kFuPFv8.exe Code function: __getptd,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_strlen,EnumSystemLocalesA,GetUserDefaultLCID,_ProcessCodePage,IsValidCodePage,IsValidLocale,GetLocaleInfoA,_strcpy_s,__invoke_watson,GetLocaleInfoA,GetLocaleInfoA,__itoa_s, 0_2_003076D2
Queries the volume information (name, serial number etc) of a device
Source: C:\Windows\System32\msiexec.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Windows\System32\msiexec.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Windows\System32\msiexec.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Windows\System32\msiexec.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Queries volume information: C:\ VolumeInformation
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Queries volume information: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Queries volume information: C:\Program Files (x86)\CPU Guardian\Logging.dll VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Queries volume information: C:\Program Files (x86)\CPU Guardian\Helper.dll VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Queries volume information: C:\Program Files (x86)\CPU Guardian\ComponentFactory.Krypton.Toolkit.dll VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Queries volume information: C:\Windows\Fonts\calibrii.ttf VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Queries volume information: C:\Windows\Fonts\calibrili.ttf VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Queries volume information: C:\Windows\Fonts\calibrib.ttf VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Queries volume information: C:\Windows\Fonts\calibriz.ttf VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Queries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Queries volume information: C:\Windows\Fonts\cambriai.ttf VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Queries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Queries volume information: C:\Windows\Fonts\cambriaz.ttf VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Queries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Queries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Queries volume information: C:\Windows\Fonts\Candaral.ttf VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Queries volume information: C:\Windows\Fonts\Candarai.ttf VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Queries volume information: C:\Windows\Fonts\Candarali.ttf VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Queries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Queries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Queries volume information: C:\Windows\Fonts\comic.ttf VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Queries volume information: C:\Windows\Fonts\comici.ttf VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Queries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Queries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Queries volume information: C:\Windows\Fonts\constan.ttf VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Queries volume information: C:\Windows\Fonts\constani.ttf VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Queries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Queries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Queries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Queries volume information: C:\Windows\Fonts\corbell.ttf VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Queries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Queries volume information: C:\Windows\Fonts\corbelli.ttf VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Queries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Queries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Queries volume information: C:\Windows\Fonts\cour.ttf VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Queries volume information: C:\Windows\Fonts\couri.ttf VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Queries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Queries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Queries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Queries volume information: C:\Windows\Fonts\ebrimabd.ttf VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Queries volume information: C:\Windows\Fonts\framd.ttf VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Queries volume information: C:\Windows\Fonts\FRADM.TTF VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Queries volume information: C:\Windows\Fonts\FRADMIT.TTF VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Queries volume information: C:\Windows\Fonts\FRAHV.TTF VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Queries volume information: C:\Windows\Fonts\FRAHVIT.TTF VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Queries volume information: C:\Windows\Fonts\Gabriola.ttf VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Queries volume information: C:\Windows\Fonts\gadugi.ttf VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Queries volume information: C:\Windows\Fonts\gadugib.ttf VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Queries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Queries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Queries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Queries volume information: C:\Windows\Fonts\impact.ttf VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Queries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Queries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Queries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Queries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Queries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Queries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Queries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Queries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Queries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Queries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Queries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Queries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Queries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Queries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Queries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Queries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Queries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Queries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Queries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Queries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Queries volume information: C:\Windows\Fonts\taileb.ttf VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Queries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Queries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Queries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Queries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Queries volume information: C:\Windows\Fonts\msyi.ttf VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Queries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Queries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Queries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Queries volume information: C:\Windows\Fonts\monbaiti.ttf VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Queries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Queries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Queries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Queries volume information: C:\Windows\Fonts\mvboli.ttf VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Queries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Queries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Queries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Queries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Queries volume information: C:\Windows\Fonts\NirmalaB.ttf VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Queries volume information: C:\Windows\Fonts\pala.ttf VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Queries volume information: C:\Windows\Fonts\palai.ttf VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Queries volume information: C:\Windows\Fonts\palab.ttf VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Queries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Queries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Queries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Queries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Queries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Queries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Queries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Queries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Queries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Queries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Queries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Queries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Queries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Queries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Queries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Queries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Queries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Queries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Queries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Queries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Queries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Queries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Queries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Queries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Queries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Queries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Queries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Queries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Queries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Queries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Queries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Queries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Queries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Queries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Queries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Queries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Queries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Queries volume information: C:\Windows\Fonts\AGENCYB.TTF VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Queries volume information: C:\Windows\Fonts\ALGER.TTF VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Queries volume information: C:\Windows\Fonts\ANTQUAI.TTF VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Queries volume information: C:\Windows\Fonts\ANTQUAB.TTF VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Queries volume information: C:\Windows\Fonts\BASKVILL.TTF VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Queries volume information: C:\Windows\Fonts\BELLI.TTF VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Queries volume information: C:\Windows\Fonts\BELLB.TTF VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Queries volume information: C:\Windows\Fonts\BERNHC.TTF VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Queries volume information: C:\Windows\Fonts\BOD_B.TTF VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Queries volume information: C:\Windows\Fonts\BOD_BI.TTF VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Queries volume information: C:\Windows\Fonts\BOD_CR.TTF VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Queries volume information: C:\Windows\Fonts\BOD_CB.TTF VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Queries volume information: C:\Windows\Fonts\BOOKOSI.TTF VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Queries volume information: C:\Windows\Fonts\BRADHITC.TTF VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Queries volume information: C:\Windows\Fonts\BRITANIC.TTF VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Queries volume information: C:\Windows\Fonts\BRLNSB.TTF VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Queries volume information: C:\Windows\Fonts\BROADW.TTF VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Queries volume information: C:\Windows\Fonts\BRUSHSCI.TTF VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Queries volume information: C:\Windows\Fonts\CALIFI.TTF VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Queries volume information: C:\Windows\Fonts\CALISTBI.TTF VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Queries volume information: C:\Windows\Fonts\CENSCBK.TTF VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Queries volume information: C:\Windows\Fonts\COPRGTL.TTF VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Queries volume information: C:\Windows\Fonts\DUBAI-LIGHT.TTF VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Queries volume information: C:\Windows\Fonts\ELEPHNT.TTF VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Queries volume information: C:\Windows\Fonts\ERASDEMI.TTF VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Queries volume information: C:\Windows\Fonts\GILC____.TTF VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Queries volume information: C:\Windows\Fonts\GLECB.TTF VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Queries volume information: C:\Windows\Fonts\GOTHIC.TTF VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Queries volume information: C:\Windows\Fonts\JUICE___.TTF VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Queries volume information: C:\Windows\Fonts\KUNSTLER.TTF VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Queries volume information: C:\Windows\Fonts\LBRITE.TTF VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Queries volume information: C:\Windows\Fonts\LBRITEDI.TTF VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Queries volume information: C:\Windows\Fonts\LCALLIG.TTF VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Queries volume information: C:\Windows\Fonts\LEELAWDB.TTF VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Queries volume information: C:\Windows\Fonts\LSANSI.TTF VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Queries volume information: C:\Windows\Fonts\ROCK.TTF VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Queries volume information: C:\Windows\Fonts\TCCM____.TTF VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Queries volume information: C:\Windows\Fonts\TEMPSITC.TTF VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Queries volume information: C:\Windows\Fonts\VINERITC.TTF VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Queries volume information: C:\Windows\Fonts\flat_officeFontsPreview.ttf VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Queries volume information: C:\Windows\Fonts\OFFSYMB.TTF VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Queries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Queries volume information: C:\Program Files (x86)\CPU Guardian\bo.dll VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Queries volume information: C:\Program Files (x86)\CPU Guardian\Microsoft.Win32.TaskScheduler.dll VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Queries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Queries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Queries volume information: C:\Program Files (x86)\CPU Guardian\Interop.Shell32.dll VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\CPU Guardian\InstAct.exe Queries volume information: C:\Program Files (x86)\CPU Guardian\InstAct.exe VolumeInformation
Source: C:\Program Files (x86)\CPU Guardian\InstAct.exe Queries volume information: C:\Program Files (x86)\CPU Guardian\Helper.dll VolumeInformation
Source: C:\Program Files (x86)\CPU Guardian\InstAct.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
Source: C:\Program Files (x86)\CPU Guardian\InstAct.exe Queries volume information: C:\Program Files (x86)\CPU Guardian\Setup.dll VolumeInformation
Source: C:\Program Files (x86)\CPU Guardian\InstAct.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Queries volume information: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe VolumeInformation
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Queries volume information: C:\Program Files (x86)\CPU Guardian\Logging.dll VolumeInformation
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Queries volume information: C:\Program Files (x86)\CPU Guardian\Helper.dll VolumeInformation
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Queries volume information: C:\Program Files (x86)\CPU Guardian\Setup.dll VolumeInformation
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Queries volume information: C:\Program Files (x86)\CPU Guardian\ComponentFactory.Krypton.Toolkit.dll VolumeInformation
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation
Source: C:\Program Files (x86)\CPU Guardian\InstAct.exe Queries volume information: C:\Program Files (x86)\CPU Guardian\InstAct.exe VolumeInformation
Source: C:\Program Files (x86)\CPU Guardian\InstAct.exe Queries volume information: C:\Program Files (x86)\CPU Guardian\Helper.dll VolumeInformation
Source: C:\Program Files (x86)\CPU Guardian\InstAct.exe Queries volume information: C:\Program Files (x86)\CPU Guardian\Setup.dll VolumeInformation
Source: C:\Users\user\Desktop\074kFuPFv8.exe Code function: 0_2_002BC8F4 CreateNamedPipeW,CreateFileW, 0_2_002BC8F4
Source: C:\Users\user\Desktop\074kFuPFv8.exe Code function: 0_2_002F8CB9 GetSystemTimeAsFileTime,__aulldiv, 0_2_002F8CB9
Source: C:\Users\user\Desktop\074kFuPFv8.exe Code function: 0_2_002BEE4F GetUserNameExW,GetUserNameExW, 0_2_002BEE4F
Source: C:\Users\user\Desktop\074kFuPFv8.exe Code function: 0_2_002BFF6F GetVersionExW,FindWindowW,_memset,SearchPathW,GetLastError,CreateProcessW,CloseHandle,CloseHandle,CloseHandle,OpenSCManagerW,OpenServiceW,CloseServiceHandle,CloseServiceHandle,QueryServiceStatus,StartServiceW,CloseServiceHandle,GetLastError,CloseServiceHandle, 0_2_002BFF6F
Source: C:\Program Files (x86)\CPU Guardian\CPUGuardian.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid Jump to behavior
Adds / modifies Windows certificates
Source: C:\Windows\System32\msiexec.exe Registry key created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5 Blob Jump to behavior
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1545581 Sample: 074kFuPFv8.exe Startdate: 30/10/2024 Architecture: WINDOWS Score: 40 53 s3.amazonaws.com 2->53 55 label.shieldapps.biz 2->55 65 Multi AV Scanner detection for dropped file 2->65 67 Multi AV Scanner detection for submitted file 2->67 69 Machine Learning detection for dropped file 2->69 71 Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines) 2->71 9 msiexec.exe 196 164 2->9         started        13 074kFuPFv8.exe 140 2->13         started        15 CPUGuardian.exe 2->15         started        signatures3 process4 file5 37 C:\Windows\Installer\MSI7247.tmp, PE32 9->37 dropped 39 C:\Windows\Installer\MSI70B0.tmp, PE32 9->39 dropped 41 C:\Windows\Installer\MSI65C2.tmp, PE32 9->41 dropped 49 90 other files (89 malicious) 9->49 dropped 73 Installs Task Scheduler Managed Wrapper 9->73 17 msiexec.exe 3 22 9->17         started        20 CPUGuardian.exe 17 19 9->20         started        23 InstAct.exe 9->23         started        27 2 other processes 9->27 43 C:\Users\user\AppData\Roaming\...\decoder.dll, PE32 13->43 dropped 45 C:\Users\user\AppData\Roaming\...\updater.exe, PE32 13->45 dropped 47 C:\Users\user\...\Uninst000.resources.dll, PE32 13->47 dropped 51 79 other files (78 malicious) 13->51 dropped 75 Contains functionality to detect sleep reduction / modifications 13->75 25 msiexec.exe 13->25         started        signatures6 process7 dnsIp8 61 Creates files in the recycle bin to hide itself 17->61 29 cmd.exe 1 17->29         started        31 cmd.exe 17->31         started        57 s3.amazonaws.com 52.216.184.133, 49744, 80 AMAZON-02US United States 20->57 59 label.shieldapps.biz 149.210.147.77, 49738, 49741, 49742 TRANSIP-ASAmsterdamtheNetherlandsNL Netherlands 23->59 63 Tries to delay execution (extensive OutputDebugStringW loop) 25->63 signatures9 process10 process11 33 conhost.exe 29->33         started        35 conhost.exe 31->35         started       
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Contacted Public IPs

IP Domain Country Flag ASN ASN Name Malicious
52.216.184.133
 s3.amazonaws.com United States
16509 AMAZON-02US false
149.210.147.77
 label.shieldapps.biz Netherlands
20857 TRANSIP-ASAmsterdamtheNetherlandsNL false

Contacted Domains

Name IP Active
label.shieldapps.biz 149.210.147.77 true
s3.amazonaws.com 52.216.184.133 true

Contacted URLs

Name Malicious Antivirus Detection Reputation
http://label.shieldapps.biz/callback/bo.php false
    		unknown
    http://s3.amazonaws.com/guardian-cdn/tip.jpg false
      		unknown