> Download link on https://www.cpuid.com/softwares/hwmonitor.html goes to https://pub-45c2577dbd174292a02137c18e7b1b5a.r2.dev/hwmonito... which is obviously unusual.

> This has the description "Установка — HWiNFO Monitor, версия 1.63" in it. Now I'm pretty sure CPUID is based out of France, so the presence of Russian there is not great. The term "HWiNFO" is not right here either, it's a completely different tool.

> The file is built with a customised "wrapped" Innosetup often used by malware, making it difficult to extract. "Real" Hwmonitor just uses regular InnoSetup and can be extracted with simple and common tools.

> Their site has been hacked is the simplest explanation.

And

> Apparently there's several sandbox detection methods in it. If you ran it, assume you are compromised as there's several persistent processes installed. Start reinstalling your windows and remember to use the "log out everywhere" feature on all websites to refresh your login tokens and reset your passwords.