Malware Analysis Report

2025-01-18 02:35

Sample ID 240613-bmhb4ayelc
Target 52fbe8189f23f36634639719d56e28c0_NeikiAnalytics.exe
SHA256 c90c37bda4bee76809ed75778229ed8a0e7d7c3dff7773ceada07fdf6723b3cf
Tags
upx
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

c90c37bda4bee76809ed75778229ed8a0e7d7c3dff7773ceada07fdf6723b3cf

Threat Level: Shows suspicious behavior

The file 52fbe8189f23f36634639719d56e28c0_NeikiAnalytics.exe was found to be: Shows suspicious behavior.

Malicious Activity Summary

upx

Checks computer location settings

Executes dropped EXE

UPX packed file

Loads dropped DLL

Enumerates physical storage devices

Unsigned PE

Modifies registry class

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-13 01:15

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-13 01:15

Reported

2024-06-13 01:18

Platform

win10v2004-20240611-en

Max time kernel

125s

Max time network

126s

Command Line

"C:\Users\Admin\AppData\Local\Temp\52fbe8189f23f36634639719d56e28c0_NeikiAnalytics.exe"

Signatures

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\52fbe8189f23f36634639719d56e28c0_NeikiAnalytics.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Enumerates physical storage devices

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\systemui\shell\runas\command C:\Users\Admin\AppData\Local\Temp\52fbe8189f23f36634639719d56e28c0_NeikiAnalytics.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\systemui\shell\runas C:\Users\Admin\AppData\Local\Temp\52fbe8189f23f36634639719d56e28c0_NeikiAnalytics.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\.exe\shell\runas\command\ = "\"%1\" %*" C:\Users\Admin\AppData\Local\Temp\52fbe8189f23f36634639719d56e28c0_NeikiAnalytics.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\systemui\ = "Application" C:\Users\Admin\AppData\Local\Temp\52fbe8189f23f36634639719d56e28c0_NeikiAnalytics.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\systemui\DefaultIcon C:\Users\Admin\AppData\Local\Temp\52fbe8189f23f36634639719d56e28c0_NeikiAnalytics.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\systemui\shell C:\Users\Admin\AppData\Local\Temp\52fbe8189f23f36634639719d56e28c0_NeikiAnalytics.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\.exe\Content-Type = "application/x-msdownload" C:\Users\Admin\AppData\Local\Temp\52fbe8189f23f36634639719d56e28c0_NeikiAnalytics.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\systemui\shell\runas\command\ = "\"%1\" %*" C:\Users\Admin\AppData\Local\Temp\52fbe8189f23f36634639719d56e28c0_NeikiAnalytics.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\.exe\ = "systemui" C:\Users\Admin\AppData\Local\Temp\52fbe8189f23f36634639719d56e28c0_NeikiAnalytics.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Users\Admin\AppData\Local\Temp\52fbe8189f23f36634639719d56e28c0_NeikiAnalytics.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\52fbe8189f23f36634639719d56e28c0_NeikiAnalytics.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\.exe\shell\runas C:\Users\Admin\AppData\Local\Temp\52fbe8189f23f36634639719d56e28c0_NeikiAnalytics.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\systemui C:\Users\Admin\AppData\Local\Temp\52fbe8189f23f36634639719d56e28c0_NeikiAnalytics.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\systemui\Content-Type = "application/x-msdownload" C:\Users\Admin\AppData\Local\Temp\52fbe8189f23f36634639719d56e28c0_NeikiAnalytics.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\systemui\shell\open C:\Users\Admin\AppData\Local\Temp\52fbe8189f23f36634639719d56e28c0_NeikiAnalytics.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\systemui\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Roaming\\Microsoft\\SysWOW_32\\dwmsys.exe\" /START \"%1\" %*" C:\Users\Admin\AppData\Local\Temp\52fbe8189f23f36634639719d56e28c0_NeikiAnalytics.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\.exe\DefaultIcon\ = "%1" C:\Users\Admin\AppData\Local\Temp\52fbe8189f23f36634639719d56e28c0_NeikiAnalytics.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\.exe\shell\runas\command C:\Users\Admin\AppData\Local\Temp\52fbe8189f23f36634639719d56e28c0_NeikiAnalytics.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\.exe\shell\runas\command\IsolatedCommand = "\"%1\" %*" C:\Users\Admin\AppData\Local\Temp\52fbe8189f23f36634639719d56e28c0_NeikiAnalytics.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\systemui\shell\open\command\IsolatedCommand = "\"%1\" %*" C:\Users\Admin\AppData\Local\Temp\52fbe8189f23f36634639719d56e28c0_NeikiAnalytics.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\.exe\shell\open\command C:\Users\Admin\AppData\Local\Temp\52fbe8189f23f36634639719d56e28c0_NeikiAnalytics.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\.exe\shell C:\Users\Admin\AppData\Local\Temp\52fbe8189f23f36634639719d56e28c0_NeikiAnalytics.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\.exe\shell\open C:\Users\Admin\AppData\Local\Temp\52fbe8189f23f36634639719d56e28c0_NeikiAnalytics.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\.exe\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Roaming\\Microsoft\\SysWOW_32\\dwmsys.exe\" /START \"%1\" %*" C:\Users\Admin\AppData\Local\Temp\52fbe8189f23f36634639719d56e28c0_NeikiAnalytics.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\systemui\DefaultIcon\ = "%1" C:\Users\Admin\AppData\Local\Temp\52fbe8189f23f36634639719d56e28c0_NeikiAnalytics.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\systemui\shell\open\command C:\Users\Admin\AppData\Local\Temp\52fbe8189f23f36634639719d56e28c0_NeikiAnalytics.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\systemui\shell\runas\command\IsolatedCommand = "\"%1\" %*" C:\Users\Admin\AppData\Local\Temp\52fbe8189f23f36634639719d56e28c0_NeikiAnalytics.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\.exe\shell\open\command\IsolatedCommand = "\"%1\" %*" C:\Users\Admin\AppData\Local\Temp\52fbe8189f23f36634639719d56e28c0_NeikiAnalytics.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\.exe C:\Users\Admin\AppData\Local\Temp\52fbe8189f23f36634639719d56e28c0_NeikiAnalytics.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\.exe\DefaultIcon C:\Users\Admin\AppData\Local\Temp\52fbe8189f23f36634639719d56e28c0_NeikiAnalytics.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Roaming\Microsoft\SysWOW_32\dwmsys.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\52fbe8189f23f36634639719d56e28c0_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\52fbe8189f23f36634639719d56e28c0_NeikiAnalytics.exe"

C:\Users\Admin\AppData\Roaming\Microsoft\SysWOW_32\dwmsys.exe

"C:\Users\Admin\AppData\Roaming\Microsoft\SysWOW_32\dwmsys.exe" /START "C:\Users\Admin\AppData\Roaming\Microsoft\SysWOW_32\dwmsys.exe"

C:\Users\Admin\AppData\Roaming\Microsoft\SysWOW_32\dwmsys.exe

"C:\Users\Admin\AppData\Roaming\Microsoft\SysWOW_32\dwmsys.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4128,i,11049150160560877369,2866371920339304689,262144 --variations-seed-version --mojo-platform-channel-handle=3940 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 nwoccs.zapto.org udp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 17.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 57.169.31.20.in-addr.arpa udp
BE 2.17.107.105:443 www.bing.com tcp
US 8.8.8.8:53 105.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 nwoccs.zapto.org udp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 56.126.166.20.in-addr.arpa udp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 nwoccs.zapto.org udp
US 8.8.8.8:53 nwoccs.zapto.org udp
US 8.8.8.8:53 nwoccs.zapto.org udp

Files

memory/4204-0-0x0000000000850000-0x00000000008A4000-memory.dmp

C:\Users\Admin\AppData\Roaming\Microsoft\SysWOW_32\dwmsys.exe

MD5 acd76a3592836951213d3d7df74d7c71
SHA1 4a1a4bcdc3ad7e01e73351d553287de4978f60a6
SHA256 581d45cdc562015a53baec27345306da95cc7b3aca96244bf8c44bbc2268a8e7
SHA512 3df74c3d89d5c5fb1cb3079f9f1f00a047b133357db45a2b04da48167b1afe6742ced463658b9a9dee31d833e86102b5de96a841d05b2bbd42400e5e3af66b50

memory/4204-52-0x0000000000850000-0x00000000008A4000-memory.dmp

memory/3496-53-0x0000000000190000-0x00000000001E4000-memory.dmp

memory/812-55-0x0000000000190000-0x00000000001E4000-memory.dmp

memory/812-56-0x0000000000190000-0x00000000001E4000-memory.dmp

memory/3496-57-0x0000000000190000-0x00000000001E4000-memory.dmp

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 01:15

Reported

2024-06-13 01:18

Platform

win7-20240611-en

Max time kernel

120s

Max time network

118s

Command Line

"C:\Users\Admin\AppData\Local\Temp\52fbe8189f23f36634639719d56e28c0_NeikiAnalytics.exe"

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Enumerates physical storage devices

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000_CLASSES\systemui C:\Users\Admin\AppData\Local\Temp\52fbe8189f23f36634639719d56e28c0_NeikiAnalytics.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000_CLASSES\systemui\Content-Type = "application/x-msdownload" C:\Users\Admin\AppData\Local\Temp\52fbe8189f23f36634639719d56e28c0_NeikiAnalytics.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000_CLASSES\systemui\shell\open C:\Users\Admin\AppData\Local\Temp\52fbe8189f23f36634639719d56e28c0_NeikiAnalytics.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000_CLASSES\.exe\shell\open C:\Users\Admin\AppData\Local\Temp\52fbe8189f23f36634639719d56e28c0_NeikiAnalytics.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000_CLASSES\.exe\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Roaming\\Microsoft\\SysWOW_32\\dwmsys.exe\" /START \"%1\" %*" C:\Users\Admin\AppData\Local\Temp\52fbe8189f23f36634639719d56e28c0_NeikiAnalytics.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000_CLASSES\systemui\shell\runas\command\ = "\"%1\" %*" C:\Users\Admin\AppData\Local\Temp\52fbe8189f23f36634639719d56e28c0_NeikiAnalytics.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000_CLASSES\.exe\ = "systemui" C:\Users\Admin\AppData\Local\Temp\52fbe8189f23f36634639719d56e28c0_NeikiAnalytics.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000_CLASSES\systemui\DefaultIcon C:\Users\Admin\AppData\Local\Temp\52fbe8189f23f36634639719d56e28c0_NeikiAnalytics.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000_CLASSES\systemui\DefaultIcon\ = "%1" C:\Users\Admin\AppData\Local\Temp\52fbe8189f23f36634639719d56e28c0_NeikiAnalytics.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000_CLASSES\systemui\shell\open\command C:\Users\Admin\AppData\Local\Temp\52fbe8189f23f36634639719d56e28c0_NeikiAnalytics.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000_CLASSES\.exe C:\Users\Admin\AppData\Local\Temp\52fbe8189f23f36634639719d56e28c0_NeikiAnalytics.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000_CLASSES\.exe\DefaultIcon C:\Users\Admin\AppData\Local\Temp\52fbe8189f23f36634639719d56e28c0_NeikiAnalytics.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000_CLASSES\.exe\shell\runas\command\IsolatedCommand = "\"%1\" %*" C:\Users\Admin\AppData\Local\Temp\52fbe8189f23f36634639719d56e28c0_NeikiAnalytics.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000_CLASSES\systemui\shell C:\Users\Admin\AppData\Local\Temp\52fbe8189f23f36634639719d56e28c0_NeikiAnalytics.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000_CLASSES\systemui\shell\runas C:\Users\Admin\AppData\Local\Temp\52fbe8189f23f36634639719d56e28c0_NeikiAnalytics.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000_CLASSES\.exe\shell\open\command\IsolatedCommand = "\"%1\" %*" C:\Users\Admin\AppData\Local\Temp\52fbe8189f23f36634639719d56e28c0_NeikiAnalytics.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000_CLASSES\systemui\shell\runas\command C:\Users\Admin\AppData\Local\Temp\52fbe8189f23f36634639719d56e28c0_NeikiAnalytics.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000_CLASSES\.exe\Content-Type = "application/x-msdownload" C:\Users\Admin\AppData\Local\Temp\52fbe8189f23f36634639719d56e28c0_NeikiAnalytics.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000_CLASSES\.exe\DefaultIcon\ = "%1" C:\Users\Admin\AppData\Local\Temp\52fbe8189f23f36634639719d56e28c0_NeikiAnalytics.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000_CLASSES\.exe\shell\runas\command C:\Users\Admin\AppData\Local\Temp\52fbe8189f23f36634639719d56e28c0_NeikiAnalytics.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000_CLASSES\.exe\shell\runas\command\ = "\"%1\" %*" C:\Users\Admin\AppData\Local\Temp\52fbe8189f23f36634639719d56e28c0_NeikiAnalytics.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000_CLASSES\systemui\ = "Application" C:\Users\Admin\AppData\Local\Temp\52fbe8189f23f36634639719d56e28c0_NeikiAnalytics.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000_CLASSES\systemui\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Roaming\\Microsoft\\SysWOW_32\\dwmsys.exe\" /START \"%1\" %*" C:\Users\Admin\AppData\Local\Temp\52fbe8189f23f36634639719d56e28c0_NeikiAnalytics.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000_CLASSES\systemui\shell\open\command\IsolatedCommand = "\"%1\" %*" C:\Users\Admin\AppData\Local\Temp\52fbe8189f23f36634639719d56e28c0_NeikiAnalytics.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000_CLASSES\systemui\shell\runas\command\IsolatedCommand = "\"%1\" %*" C:\Users\Admin\AppData\Local\Temp\52fbe8189f23f36634639719d56e28c0_NeikiAnalytics.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000_CLASSES\.exe\shell\open\command C:\Users\Admin\AppData\Local\Temp\52fbe8189f23f36634639719d56e28c0_NeikiAnalytics.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000_CLASSES\.exe\shell C:\Users\Admin\AppData\Local\Temp\52fbe8189f23f36634639719d56e28c0_NeikiAnalytics.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000_CLASSES\.exe\shell\runas C:\Users\Admin\AppData\Local\Temp\52fbe8189f23f36634639719d56e28c0_NeikiAnalytics.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Roaming\Microsoft\SysWOW_32\dwmsys.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\52fbe8189f23f36634639719d56e28c0_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\52fbe8189f23f36634639719d56e28c0_NeikiAnalytics.exe"

C:\Users\Admin\AppData\Roaming\Microsoft\SysWOW_32\dwmsys.exe

"C:\Users\Admin\AppData\Roaming\Microsoft\SysWOW_32\dwmsys.exe" /START "C:\Users\Admin\AppData\Roaming\Microsoft\SysWOW_32\dwmsys.exe"

C:\Users\Admin\AppData\Roaming\Microsoft\SysWOW_32\dwmsys.exe

"C:\Users\Admin\AppData\Roaming\Microsoft\SysWOW_32\dwmsys.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 nwoccs.zapto.org udp

Files

memory/2456-0-0x0000000001350000-0x00000000013A4000-memory.dmp

\Users\Admin\AppData\Roaming\Microsoft\SysWOW_32\dwmsys.exe

MD5 acd76a3592836951213d3d7df74d7c71
SHA1 4a1a4bcdc3ad7e01e73351d553287de4978f60a6
SHA256 581d45cdc562015a53baec27345306da95cc7b3aca96244bf8c44bbc2268a8e7
SHA512 3df74c3d89d5c5fb1cb3079f9f1f00a047b133357db45a2b04da48167b1afe6742ced463658b9a9dee31d833e86102b5de96a841d05b2bbd42400e5e3af66b50

memory/2456-17-0x0000000001340000-0x0000000001350000-memory.dmp

memory/2456-20-0x00000000027F0000-0x0000000002844000-memory.dmp

memory/2636-30-0x0000000000240000-0x0000000000294000-memory.dmp

memory/2456-28-0x0000000001350000-0x00000000013A4000-memory.dmp

memory/2756-31-0x0000000000240000-0x0000000000294000-memory.dmp

memory/2636-32-0x0000000000240000-0x0000000000294000-memory.dmp