Automated Malware Analysis IOC Report for

Files

File Path

Type

Processes

Path

Cmdline

Malicious

C:\Users\user\Desktop\K25004 Chin Bee Road Piling Layout.exe

"C:\Users\user\Desktop\K25004 Chin Bee Road Piling Layout.exe"

Details

Is windows:	false
Is dropped:	false
PID:	6980
Target ID:	0
Parent PID:	4088
Name:	K25004 Chin Bee Road Piling Layout.exe
Path:	C:\Users\user\Desktop\K25004 Chin Bee Road Piling Layout.exe
Commandline:	"C:\Users\user\Desktop\K25004 Chin Bee Road Piling Layout.exe"
Size:	1105920
MD5:	C1523E38552E62ABE928DA077238703B
Time:	07:04:17
Date:	28/03/2025
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x230000
Modulesize:	1134592
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Multi AV Scanner detection for submitted file	AV Detection
Binary is likely a compiled AutoIt script file	System Summary
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion	Process Injection
OS version to string mapping found (often used in BOTs)	Stealing of Sensitive Information
Sample file is different than original file name gathered from version info	System Summary
Sigma detected: Uncommon Svchost Parent Process	System Summary
Uses 32bit PE files	Compliance, System Summary
May try to detect the Windows Explorer process (often used for injection)	HIPS / PFW / Operating System Protection Evasion	Process Injection Process Discovery
PE file has an executable .text section and no other executable section	System Summary
Sample is known by Antivirus	System Summary
Sigma detected: Windows Processes Suspicious Parent Directory	System Summary
Spawns processes	System Summary	Process Injection
PE file contains a valid data directory to section mapping	System Summary
Binary contains paths to debug symbols	Compliance, System Summary
PE file contains a debug data directory	System Summary
PE file contains a mix of data directories often seen in goodware	System Summary
Submission file is bigger than most known malware samples	System Summary

C:\Windows\SysWOW64\svchost.exe

"C:\Users\user\Desktop\K25004 Chin Bee Road Piling Layout.exe"

Details

Is windows:	true
Is dropped:	false
PID:	7096
Target ID:	1
Parent PID:	6980
Name:	svchost.exe
Path:	C:\Windows\SysWOW64\svchost.exe
Commandline:	"C:\Users\user\Desktop\K25004 Chin Bee Road Piling Layout.exe"
Size:	46504
MD5:	1ED18311E3DA35942DB37D15FA40CC5B
Time:	07:04:18
Date:	28/03/2025
Reason:	newprocess
Reputation:	high
Is admin:	true
Is elevated:	true
Modulebase:	0x400000
Modulesize:	225280
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Yara detected Telegram RAT	Stealing of Sensitive Information, Remote Access Functionality
Yara detected VIP Keylogger	Stealing of Sensitive Information, Remote Access Functionality
Maps a DLL or memory area into another process	HIPS / PFW / Operating System Protection Evasion	Process Injection
Sample uses process hollowing technique	HIPS / PFW / Operating System Protection Evasion	Shared Modules Process Injection
Writes to foreign memory regions	HIPS / PFW / Operating System Protection Evasion	Process Injection
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion	Process Injection
Sigma detected: Uncommon Svchost Parent Process	System Summary
Yara detected Credential Stealer	Stealing of Sensitive Information
Sigma detected: Windows Processes Suspicious Parent Directory	System Summary
Spawns processes	System Summary	Process Injection
Binary contains paths to debug symbols	Compliance, System Summary

URLs

Name

Malicious

https://www.office.com/

unknown

https://duckduckgo.com/ac/?q=

unknown

http://mail.cnsiogistic.com

unknown

https://api.telegram.org

unknown

https://api.telegram.org/bot

unknown

https://api.telegram.org/bot7341655920:AAEZHIUvwdNfcPot5ywEeoVPxGPDy0dAzVs/sendDocument?chat_id=7128988401&caption=%20Pc%20Name:%20user%20%7C%20/%20VIP%20Recovery%20%5C%0D%0A%0D%0ACookies%20%7C%20user%20%7C%20VIP%20Recovery

149.154.167.220

https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=

unknown

https://ac.ecosia.org?q=

unknown

http://checkip.dyndns.org

unknown

https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=

unknown

https://reallyfreegeoip.org/xml/45.92.229.138$

unknown

https://api.telegram.org/bot/sendMessage?chat_id=&text=

unknown

https://chrome.google.com/webstore?hl=en

unknown

http://varders.kozow.com:8081

unknown

https://api.telegram.org/bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:887849%0D%0ADate%20and%20Time:%2028/03/2025%20/%2014:32:30%0D%0ACountry%20Name:%20United%20States%0D%0A%5B%20887849%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20%5D

149.154.167.220

http://aborters.duckdns.org:8081

unknown

https://www.google.com/images/branding/product/ico/googleg_alldp.ico

unknown

https://www.ecosia.org/newtab/v20

unknown

http://checkip.dyndns.org/

193.122.6.168

https://api.telegram.org/bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:887849%0D%0ADate%20a

unknown

http://51.38.247.67:8081/_send_.php?L

unknown

http://anotherarmy.dns.army:8081

unknown

https://duckduckgo.com/chrome_newtabv20

unknown

https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search

unknown

http://checkip.dyndns.org/q

unknown

https://reallyfreegeoip.org

unknown

https://api.telegram.org/bot7341655920:AAEZHIUvwdNfcPot5ywEeoVPxGPDy0dAzVs/sendDocument?chat_id=7128

unknown

http://cnsiogistic.com

unknown

https://reallyfreegeoip.org/xml/45.92.229.138

104.21.32.1

http://api.telegram.org

unknown

http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name

unknown

https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=

unknown

https://gemini.google.com/app?q=

unknown

http://51.38.247.67:8081/_send_.php?LCapplication/x-www-form-urlencoded

unknown

https://reallyfreegeoip.org/xml/

unknown

There are 25 hidden URLs, click here to show them.

Domains

Name

Malicious

cnsiogistic.com

51.91.116.60

Details

Name:	cnsiogistic.com
IP:	51.91.116.60
TargetID:	-1
Active:	true

Signature Hits	Behavior Group	Mitre Attack
System process connects to network (likely due to code injection or exploit)	Networking, HIPS / PFW / Operating System Protection Evasion	Process Injection
Sample uses string decryption to hide its real strings	AV Detection
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol
URLs found in memory or binary data	Networking

mail.cnsiogistic.com

unknown

Details

Name:	mail.cnsiogistic.com
TargetID:	-1

Signature Hits	Behavior Group	Mitre Attack
Sample uses string decryption to hide its real strings	AV Detection
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol
URLs found in memory or binary data	Networking

reallyfreegeoip.org

104.21.32.1

Details

Name:	reallyfreegeoip.org
IP:	104.21.32.1
TargetID:	-1
Active:	true
Reputation:	high

Signature Hits	Behavior Group	Mitre Attack
System process connects to network (likely due to code injection or exploit)	Networking, HIPS / PFW / Operating System Protection Evasion	Process Injection
Tries to detect the country of the analysis system (by using the IP)	Location Tracking
HTTP GET or POST without a user agent	Networking
May check the online IP address of the machine	Networking	System Network Configuration Discovery
Suricata IDS alerts with low severity for network traffic	Networking
Uses insecure TLS / SSL version for HTTPS connection	Compliance, Networking
Downloads files from webservers via HTTP	Networking	Application Layer Protocol Non-Application Layer Protocol Ingress Tool Transfer
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol
URLs found in memory or binary data	Networking

api.telegram.org

149.154.167.220

Details

Name:	api.telegram.org
IP:	149.154.167.220
TargetID:	-1
Active:	true
Reputation:	high

Signature Hits	Behavior Group	Mitre Attack
Found malware configuration	AV Detection
Suricata IDS alerts for network traffic	Networking
System process connects to network (likely due to code injection or exploit)	Networking, HIPS / PFW / Operating System Protection Evasion	Process Injection
Uses the Telegram API (likely for C&C communication)	Networking	Web Service
HTTP GET or POST without a user agent	Networking
Downloads files from webservers via HTTP	Networking	Application Layer Protocol Non-Application Layer Protocol Ingress Tool Transfer
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol
Posts data to webserver	Networking	Application Layer Protocol Non-Application Layer Protocol
URLs found in memory or binary data	Networking
Uses secure TLS version for HTTPS connections	Compliance, Networking

checkip.dyndns.com

193.122.6.168

Details

Name:	checkip.dyndns.com
IP:	193.122.6.168
TargetID:	-1
Active:	true
Reputation:	high

Signature Hits	Behavior Group	Mitre Attack
System process connects to network (likely due to code injection or exploit)	Networking, HIPS / PFW / Operating System Protection Evasion	Process Injection
Suricata IDS alerts with low severity for network traffic	Networking

checkip.dyndns.org

unknown

Details

Name:	checkip.dyndns.org
TargetID:	-1
Reputation:	high

Signature Hits	Behavior Group	Mitre Attack
May check the online IP address of the machine	Networking	System Network Configuration Discovery
Uses a known web browser user agent for HTTP communication	Networking	Application Layer Protocol
Downloads files from webservers via HTTP	Networking	Application Layer Protocol Non-Application Layer Protocol Ingress Tool Transfer
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol
URLs found in memory or binary data	Networking

IPs

Domain

Country

Malicious

51.91.116.60

cnsiogistic.com

France

Details

IP:	51.91.116.60
TargetID:	1
Current Path:	C:\Windows\SysWOW64\svchost.exe
Country:	France
Countrycode:	FRA
ASN number:	16276
ASN name:	OVHFR
Private:	false
Domain:	cnsiogistic.com

Signature Hits	Behavior Group	Mitre Attack
System process connects to network (likely due to code injection or exploit)	Networking, HIPS / PFW / Operating System Protection Evasion	Process Injection
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port

149.154.167.220

api.telegram.org

United Kingdom

Details

IP:	149.154.167.220
TargetID:	1
Current Path:	C:\Windows\SysWOW64\svchost.exe
Country:	United Kingdom
Countrycode:	GBR
ASN number:	62041
ASN name:	TELEGRAMRU
Private:	false
Domain:	api.telegram.org

Signature Hits	Behavior Group	Mitre Attack
Suricata IDS alerts for network traffic	Networking
System process connects to network (likely due to code injection or exploit)	Networking, HIPS / PFW / Operating System Protection Evasion	Process Injection
Uses secure TLS version for HTTPS connections	Compliance, Networking

104.21.32.1

reallyfreegeoip.org

United States

Details

IP:	104.21.32.1
TargetID:	1
Current Path:	C:\Windows\SysWOW64\svchost.exe
Country:	United States
Countrycode:	USA
ASN number:	13335
ASN name:	CLOUDFLARENETUS
Private:	false
Domain:	reallyfreegeoip.org

Signature Hits	Behavior Group	Mitre Attack
System process connects to network (likely due to code injection or exploit)	Networking, HIPS / PFW / Operating System Protection Evasion	Process Injection
Suricata IDS alerts with low severity for network traffic	Networking
Uses insecure TLS / SSL version for HTTPS connection	Compliance, Networking

193.122.6.168

checkip.dyndns.com

United States

Details

IP:	193.122.6.168
TargetID:	1
Current Path:	C:\Windows\SysWOW64\svchost.exe
Country:	United States
Countrycode:	USA
ASN number:	31898
ASN name:	ORACLE-BMC-31898US
Private:	false
Domain:	checkip.dyndns.com

Signature Hits	Behavior Group	Mitre Attack
System process connects to network (likely due to code injection or exploit)	Networking, HIPS / PFW / Operating System Protection Evasion	Process Injection
Suricata IDS alerts with low severity for network traffic	Networking

Registry

Path

Value

Malicious

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing

EnableConsoleTracing

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\svchost_RASAPI32

EnableFileTracing

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\svchost_RASAPI32

EnableAutoFileTracing

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\svchost_RASAPI32

EnableConsoleTracing

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\svchost_RASAPI32

FileTracingMask

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\svchost_RASAPI32

ConsoleTracingMask

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\svchost_RASAPI32

MaxFileSize

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\svchost_RASAPI32

FileDirectory

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\svchost_RASMANCS

EnableFileTracing

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\svchost_RASMANCS

EnableAutoFileTracing

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\svchost_RASMANCS

EnableConsoleTracing

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\svchost_RASMANCS

FileTracingMask

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\svchost_RASMANCS

ConsoleTracingMask

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\svchost_RASMANCS

MaxFileSize

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\svchost_RASMANCS

FileDirectory

There are 5 hidden registries, click here to show them.

Memdumps

Base Address

Regiontype

Protect

Malicious

Download

3374000

heap

page read and write

7940000

trusted library section

page read and write

7D00000

trusted library section

page read and write

326D000

heap

page read and write

53A1000

trusted library allocation

page read and write

82A0000

trusted library allocation

page read and write

56AA000

trusted library allocation

page read and write

90D0000

trusted library allocation

page read and write

91A0000

trusted library allocation

page read and write

7DE0000

trusted library allocation

page read and write

90D0000

trusted library allocation

page read and write

7DE0000

trusted library allocation

page read and write

230000

unkown

page readonly

90D0000

trusted library allocation

page read and write

7A01000

heap

page execute and read and write

5617000

trusted library allocation

page read and write

327C000

heap

page read and write

7DD0000

trusted library allocation

page read and write

90B0000

trusted library allocation

page read and write

EC9000

heap

page read and write

82A0000

trusted library allocation

page read and write

66FD000

trusted library allocation

page read and write

7D60000

trusted library allocation

page read and write

90D0000

trusted library allocation

page read and write

90E0000

trusted library allocation

page read and write

7DD0000

trusted library allocation

page read and write

5447000

trusted library allocation

page read and write

7B18000

heap

page read and write

67B0000

trusted library allocation

page read and write

7DD0000

trusted library allocation

page read and write

7DD0000

trusted library allocation

page read and write

9190000

trusted library allocation

page read and write

7DD0000

trusted library allocation

page read and write

544B000

trusted library allocation

page read and write

2F7E000

stack

page read and write

4DA0000

heap

page read and write

9601000

heap

page read and write

7D70000

trusted library allocation

page read and write

3A7E000

direct allocation

page read and write

79E0000

trusted library allocation

page read and write

2BC6000

stack

page read and write

90F0000

trusted library allocation

page read and write

7DD0000

remote allocation

page read and write

326A000

heap

page read and write

91C0000

trusted library allocation

page read and write

90D0000

trusted library allocation

page read and write

3A0D000

direct allocation

page read and write

7DD0000

trusted library allocation

page read and write

2FF0000

heap

page read and write

54AA000

trusted library allocation

page read and write

91D0000

trusted library allocation

page read and write

33F4000

heap

page read and write

79A6000

trusted library allocation

page read and write

54FD000

trusted library allocation

page read and write

32B5000

heap

page read and write

32BC000

heap

page read and write

90B0000

trusted library allocation

page read and write

3A0D000

direct allocation

page read and write

3A0D000

direct allocation

page read and write

90B0000

trusted library allocation

page read and write

7DD0000

trusted library allocation

page read and write

7DD0000

trusted library allocation

page read and write

56E2000

trusted library allocation

page read and write

2BF000

unkown

page readonly

32CA000

heap

page read and write

7DD0000

trusted library allocation

page read and write

545F000

trusted library allocation

page read and write

554F000

trusted library allocation

page read and write

5001000

heap

page read and write

3A7E000

direct allocation

page read and write

38E0000

direct allocation

page read and write

7D70000

trusted library allocation

page read and write

90B0000

trusted library allocation

page read and write

90F0000

trusted library allocation

page execute and read and write

90D0000

trusted library allocation

page read and write

8E5E000

stack

page read and write

38E0000

direct allocation

page read and write

90D0000

trusted library allocation

page read and write

4DE3000

trusted library allocation

page execute and read and write

CF0000

heap

page read and write

3274000

heap

page read and write

9250000

trusted library allocation

page read and write

7DE0000

trusted library allocation

page read and write

90D0000

trusted library allocation

page read and write

7DD0000

trusted library allocation

page read and write

231000

unkown

page execute read

544F000

trusted library allocation

page read and write

7D70000

trusted library allocation

page read and write

90D0000

trusted library allocation

page read and write

90D0000

trusted library allocation

page read and write

90D0000

trusted library allocation

page read and write

91C0000

trusted library allocation

page read and write

7DD0000

remote allocation

page read and write

9190000

trusted library allocation

page read and write

82A0000

trusted library allocation

page read and write

7B30000

heap

page read and write

90D0000

trusted library allocation

page read and write

8296000

trusted library allocation

page read and write

7DD0000

trusted library allocation

page read and write

521B000

trusted library allocation

page execute and read and write

7DD0000

trusted library allocation

page read and write

9225000

trusted library allocation

page read and write

91C0000

trusted library allocation

page read and write

90B0000

trusted library allocation

page read and write

9240000

trusted library allocation

page execute and read and write

82A0000

trusted library allocation

page read and write

558C000

trusted library allocation

page read and write

E74000

heap

page read and write

7DD0000

trusted library allocation

page read and write

322B000

heap

page read and write

3A7E000

direct allocation

page read and write

520A000

trusted library allocation

page execute and read and write

90D0000

trusted library allocation

page read and write

90D0000

trusted library allocation

page read and write

7DD0000

trusted library allocation

page read and write

7B34000

heap

page read and write

82A0000

trusted library allocation

page read and write

EF7000

heap

page read and write

9187000

trusted library allocation

page read and write

3A7E000

direct allocation

page read and write

8294000

trusted library allocation

page read and write

56ED000

trusted library allocation

page read and write

6793000

trusted library allocation

page read and write

82A0000

trusted library allocation

page read and write

7DD0000

trusted library allocation

page read and write

7D70000

trusted library allocation

page read and write

82A0000

trusted library allocation

page read and write

565D000

trusted library allocation

page read and write

90B0000

trusted library allocation

page read and write

426000

system

page execute and read and write

82A0000

trusted library allocation

page read and write

3740000

direct allocation

page read and write

90D0000

trusted library allocation

page read and write

90D0000

trusted library allocation

page read and write

91E6000

trusted library allocation

page read and write

7D70000

trusted library allocation

page read and write

7DD0000

trusted library allocation

page read and write

829D000

trusted library allocation

page read and write

3740000

direct allocation

page read and write

90B0000

trusted library allocation

page read and write

4E01000

heap

page read and write

667B000

trusted library allocation

page read and write

9260000

trusted library allocation

page read and write

6713000

trusted library allocation

page read and write

56B3000

trusted library allocation

page read and write

7DD0000

trusted library allocation

page read and write

55A3000

trusted library allocation

page read and write

3A7E000

direct allocation

page read and write

6459000

trusted library allocation

page read and write

90B0000

trusted library allocation

page read and write

FF3000

heap

page read and write

82A0000

trusted library allocation

page read and write

E83000

heap

page read and write

6824000

trusted library allocation

page read and write

90B0000

trusted library allocation

page read and write

63A9000

trusted library allocation

page read and write

5240000

heap

page read and write

7DD0000

trusted library allocation

page read and write

90DF000

trusted library allocation

page read and write

90D0000

trusted library allocation

page read and write

90D0000

trusted library allocation

page read and write

90B0000

trusted library allocation

page read and write

5212000

trusted library allocation

page read and write

90D0000

trusted library allocation

page read and write

9260000

trusted library allocation

page read and write

91C0000

trusted library allocation

page read and write

7DD0000

trusted library allocation

page read and write

2E00000

heap

page read and write

7DD0000

trusted library allocation

page read and write

7DD0000

trusted library allocation

page read and write

90D0000

trusted library allocation

page read and write

7DD0000

trusted library allocation

page read and write

56DA000

trusted library allocation

page read and write

7B2B000

heap

page read and write

7D70000

trusted library allocation

page read and write

7DD0000

trusted library allocation

page read and write

EEF000

heap

page read and write

90D0000

trusted library allocation

page read and write

793E000

stack

page read and write

78E0000

trusted library allocation

page read and write

7B38000

heap

page read and write

7DD0000

trusted library allocation

page read and write

EC9000

heap

page read and write

91C0000

trusted library allocation

page read and write

5501000

trusted library allocation

page read and write

7D70000

trusted library allocation

page read and write

3A0D000

direct allocation

page read and write

7DD0000

trusted library allocation

page read and write

3863000

direct allocation

page read and write

4DFD000

trusted library allocation

page execute and read and write

5625000

trusted library allocation

page read and write

9260000

trusted library allocation

page read and write

90D0000

trusted library allocation

page read and write

FE4000

heap

page read and write

7DD0000

trusted library allocation

page read and write

38E0000

direct allocation

page read and write

7DD0000

trusted library allocation

page read and write

7DD0000

trusted library allocation

page read and write

65A5000

trusted library allocation

page read and write

7DD0000

trusted library allocation

page read and write

5487000

trusted library allocation

page read and write

4DE4000

trusted library allocation

page read and write

65D7000

trusted library allocation

page read and write

757E000

stack

page read and write

7DD0000

trusted library allocation

page read and write

7DD0000

trusted library allocation

page read and write

5415000

trusted library allocation

page read and write

2E4000

unkown

page readonly

90B0000

trusted library allocation

page read and write

90D0000

trusted library allocation

page read and write

9190000

trusted library allocation

page read and write

7DE0000

trusted library allocation

page read and write

747C000

stack

page read and write

90D0000

trusted library allocation

page read and write

7DD0000

trusted library allocation

page read and write

56A7000

trusted library allocation

page read and write

7B74000

heap

page read and write

7DD0000

trusted library allocation

page read and write

9460000

trusted library allocation

page read and write

82A0000

trusted library allocation

page read and write

7DD0000

trusted library allocation

page read and write

91C0000

trusted library allocation

page read and write

7DD0000

trusted library allocation

page read and write

90D0000

trusted library allocation

page read and write

EF6000

heap

page execute and read and write

56A1000

trusted library allocation

page read and write

5518000

trusted library allocation

page read and write

90D0000

trusted library allocation

page read and write

9260000

trusted library allocation

page read and write

2F7000

unkown

page readonly

82A0000

trusted library allocation

page read and write

7DD0000

trusted library allocation

page read and write

7DD0000

trusted library allocation

page read and write

5407000

trusted library allocation

page read and write

90B0000

trusted library allocation

page read and write

553B000

trusted library allocation

page read and write

7DD1000

trusted library allocation

page read and write

231000

unkown

page execute read

82AD000

trusted library allocation

page read and write

8290000

trusted library allocation

page read and write

436000

system

page execute and read and write

82A0000

trusted library allocation

page read and write

91C0000

trusted library allocation

page read and write

7DD0000

trusted library allocation

page read and write

7B54000

heap

page read and write

80CF000

stack

page read and write

90D0000

trusted library allocation

page read and write

3A09000

direct allocation

page read and write

7DD0000

trusted library allocation

page read and write

65ED000

trusted library allocation

page read and write

91B0000

trusted library allocation

page read and write

90D0000

trusted library allocation

page read and write

7D80000

trusted library allocation

page read and write

34FE000

stack

page read and write

79BE000

trusted library allocation

page read and write

64E3000

trusted library allocation

page read and write

7B2A000

heap

page read and write

5F0000

heap

page read and write

7D80000

trusted library allocation

page read and write

53EF000

trusted library allocation

page read and write

32B4000

heap

page read and write

9222000

trusted library allocation

page read and write

7B5F000

heap

page read and write

7DD0000

trusted library allocation

page read and write

91C0000

trusted library allocation

page read and write

90D0000

trusted library allocation

page read and write

90B0000

trusted library allocation

page read and write

7D70000

trusted library allocation

page read and write

90D0000

trusted library allocation

page read and write

8290000

trusted library allocation

page read and write

7DD0000

trusted library allocation

page read and write

7DD0000

trusted library allocation

page read and write

9250000

trusted library allocation

page read and write

BBF000

stack

page read and write

90D0000

trusted library allocation

page read and write

6707000

trusted library allocation

page read and write

7B1E000

heap

page read and write

7D50000

trusted library allocation

page read and write

73C5D000

unkown

page read and write

3740000

direct allocation

page read and write

32D1000

heap

page read and write

5512000

trusted library allocation

page read and write

7D70000

trusted library allocation

page read and write

3740000

direct allocation

page read and write

F16000

heap

page read and write

2BF000

unkown

page readonly

E85000

heap

page read and write

FA3000

heap

page read and write

2B89000

stack

page read and write

90D0000

trusted library allocation

page read and write

90D0000

trusted library allocation

page read and write

5202000

trusted library allocation

page read and write

90D0000

trusted library allocation

page read and write

5230000

trusted library allocation

page read and write

91C0000

heap

page read and write

F91000

heap

page read and write

82A0000

trusted library allocation

page read and write

3863000

direct allocation

page read and write

8F5E000

stack

page read and write

3863000

direct allocation

page read and write

9110000

trusted library allocation

page read and write

7D70000

trusted library allocation

page read and write

7DD0000

trusted library allocation

page read and write

6653000

trusted library allocation

page read and write

7D80000

trusted library allocation

page read and write

8290000

trusted library allocation

page read and write

7B31000

heap

page read and write

7D70000

trusted library allocation

page read and write

79CD000

trusted library allocation

page read and write

73C40000

unkown

page readonly

5101000

heap

page read and write

90D0000

trusted library allocation

page read and write

90D0000

trusted library allocation

page read and write

9260000

trusted library allocation

page read and write

82A0000

trusted library allocation

page read and write

63D3000

trusted library allocation

page read and write

7D70000

trusted library allocation

page read and write

E92000

heap

page read and write

90D0000

trusted library allocation

page read and write

4F01000

heap

page read and write

82A0000

trusted library allocation

page read and write

53FB000

trusted library allocation

page read and write

3A09000

direct allocation

page read and write

7D80000

trusted library allocation

page read and write

91C0000

trusted library allocation

page read and write

EC9000

heap

page read and write

3272000

heap

page read and write

91C0000

trusted library allocation

page read and write

90D0000

trusted library allocation

page read and write

90B0000

trusted library allocation

page read and write

8290000

trusted library allocation

page read and write

6668000

trusted library allocation

page read and write

8A9E000

stack

page read and write

9190000

trusted library allocation

page read and write

3863000

direct allocation

page read and write

5651000

trusted library allocation

page read and write

7DD0000

trusted library allocation

page read and write

90A0000

trusted library allocation

page execute and read and write

79C1000

trusted library allocation

page read and write

37FF000

stack

page read and write

543F000

trusted library allocation

page read and write

3333000

heap

page read and write

328F000

heap

page read and write

82A0000

trusted library allocation

page read and write

5206000

trusted library allocation

page execute and read and write

909E000

stack

page read and write

7D70000

trusted library allocation

page read and write

90B0000

trusted library allocation

page read and write

7DD0000

trusted library allocation

page read and write

90D0000

trusted library allocation

page read and write

91C0000

trusted library allocation

page read and write

323C000

heap

page read and write

5590000

trusted library allocation

page read and write

79C6000

trusted library allocation

page read and write

90C0000

trusted library allocation

page execute and read and write

32CF000

heap

page read and write

2E50000

heap

page read and write

EF6000

heap

page read and write

90D0000

trusted library allocation

page read and write

9110000

trusted library allocation

page execute and read and write

E50000

heap

page read and write

90D0000

trusted library allocation

page read and write

9100000

trusted library allocation

page read and write

90D0000

trusted library allocation

page execute and read and write

7DE0000

trusted library allocation

page read and write

7DD0000

trusted library allocation

page read and write

5453000

trusted library allocation

page read and write

6408000

trusted library allocation

page read and write

3013000

heap

page read and write

7DD0000

trusted library allocation

page read and write

7D70000

trusted library allocation

page read and write

9260000

trusted library allocation

page read and write

79F0000

trusted library allocation

page read and write

E57000

heap

page read and write

3863000

direct allocation

page read and write

9180000

trusted library allocation

page read and write

3863000

direct allocation

page read and write

641D000

trusted library allocation

page read and write

82A0000

trusted library allocation

page read and write

4DE0000

trusted library allocation

page read and write

82A0000

trusted library allocation

page read and write

7B38000

heap

page read and write

E83000

heap

page read and write

90B0000

trusted library allocation

page read and write

9214000

trusted library allocation

page read and write

5620000

trusted library allocation

page read and write

3287000

heap

page read and write

7DD0000

trusted library allocation

page read and write

545B000

trusted library allocation

page read and write

54AC000

trusted library allocation

page read and write

7D86000

trusted library allocation

page read and write

82A0000

trusted library allocation

page read and write

7D80000

trusted library allocation

page read and write

327E000

heap

page read and write

7DD0000

trusted library allocation

page read and write

829A000

trusted library allocation

page read and write

91C0000

trusted library allocation

page read and write

8BDD000

stack

page read and write

CD0000

heap

page read and write

8290000

trusted library allocation

page read and write

82A0000

trusted library allocation

page read and write

7B4A000

heap

page read and write

322D000

heap

page read and write

90F0000

trusted library allocation

page read and write

90B0000

trusted library allocation

page read and write

90B0000

trusted library allocation

page read and write

90D0000

trusted library allocation

page read and write

7B20000

heap

page read and write

7D90000

trusted library allocation

page read and write

4DC0000

trusted library section

page read and write

90D0000

trusted library allocation

page read and write

554A000

trusted library allocation

page read and write

655D000

trusted library allocation

page read and write

3740000

direct allocation

page read and write

820E000

stack

page read and write

3220000

heap

page read and write

90B0000

trusted library allocation

page read and write

2FE0000

heap

page read and write

EF0000

heap

page read and write

90E0000

trusted library allocation

page read and write

2F7000

unkown

page readonly

4DD0000

trusted library allocation

page read and write

90D0000

trusted library allocation

page read and write

8B9E000

stack

page read and write

63A1000

trusted library allocation

page read and write

90C0000

trusted library allocation

page read and write

7DD0000

trusted library allocation

page read and write

8CDE000

stack

page read and write

7DD0000

trusted library allocation

page read and write

79AB000

trusted library allocation

page read and write

7D70000

trusted library allocation

page read and write

32B3000

heap

page read and write

82A0000

trusted library allocation

page read and write

90B0000

trusted library allocation

page read and write

5629000

trusted library allocation

page read and write

91C0000

trusted library allocation

page read and write

560D000

trusted library allocation

page read and write

7DD0000

trusted library allocation

page read and write

2E20000

heap

page read and write

9220000

trusted library allocation

page read and write

3002000

heap

page read and write

7D70000

trusted library allocation

page read and write

91C0000

trusted library allocation

page read and write

7B3C000

heap

page read and write

90D0000

trusted library allocation

page read and write

4DED000

trusted library allocation

page execute and read and write

EEF000

heap

page execute and read and write

2F2000

unkown

page write copy

67DC000

trusted library allocation

page read and write

90D0000

trusted library allocation

page read and write

38E0000

direct allocation

page read and write

3274000

heap

page read and write

5579000

trusted library allocation

page read and write

90D0000

trusted library allocation

page read and write

90B0000

trusted library allocation

page read and write

7DD0000

trusted library allocation

page read and write

2FD0000

heap

page read and write

EA7000

heap

page read and write

90D0000

trusted library allocation

page read and write

78C0000

trusted library allocation

page execute and read and write

82A0000

trusted library allocation

page read and write

9100000

trusted library allocation

page read and write

5543000

trusted library allocation

page read and write

3013000

heap

page read and write

91C0000

trusted library allocation

page read and write

3A09000

direct allocation

page read and write

91C0000

trusted library allocation

page read and write

7DD0000

trusted library allocation

page read and write

9270000

trusted library allocation

page read and write

7DD0000

trusted library allocation

page read and write

5541000

trusted library allocation

page read and write

E98000

heap

page read and write

7B72000

heap

page read and write

90D0000

trusted library allocation

page read and write

5457000

trusted library allocation

page read and write

8290000

trusted library allocation

page read and write

8290000

trusted library allocation

page read and write

7DD0000

trusted library allocation

page read and write

1BE0000

heap

page read and write

7DD0000

trusted library allocation

page read and write

7DD0000

trusted library allocation

page read and write

90D0000

trusted library allocation

page read and write

7DD0000

trusted library allocation

page read and write

79B2000

trusted library allocation

page read and write

90D0000

trusted library allocation

page read and write

56E4000

trusted library allocation

page read and write

91C0000

trusted library allocation

page read and write

9190000

trusted library allocation

page read and write

5250000

heap

page execute and read and write

7DD0000

trusted library allocation

page read and write

324A000

heap

page read and write

91C0000

trusted library allocation

page read and write

82A0000

trusted library allocation

page read and write

90D0000

trusted library allocation

page read and write

38E0000

direct allocation

page read and write

589000

stack

page read and write

90D0000

trusted library allocation

page read and write

7B4C000

heap

page read and write

7DD0000

trusted library allocation

page read and write

66EB000

trusted library allocation

page read and write

7DE0000

trusted library allocation

page read and write

7B5D000

heap

page read and write

9100000

trusted library allocation

page read and write

32A2000

heap

page read and write

7D70000

trusted library allocation

page read and write

90D0000

trusted library allocation

page read and write

3277000

heap

page read and write

32C7000

heap

page read and write

90D0000

trusted library allocation

page read and write

3A09000

direct allocation

page read and write

90D0000

trusted library allocation

page read and write

7DD0000

trusted library allocation

page read and write

529E000

stack

page read and write

1BF0000

heap

page read and write

90D0000

trusted library allocation

page read and write

90D0000

trusted library allocation

page read and write

2F30000

heap

page readonly

82A0000

trusted library allocation

page read and write

7CFE000

stack

page read and write

7D70000

trusted library allocation

page read and write

7DD0000

remote allocation

page read and write

7DE0000

trusted library allocation

page read and write

7DD0000

trusted library allocation

page read and write

3000000

heap

page read and write

7B34000

heap

page read and write

4DF0000

trusted library allocation

page read and write

8290000

trusted library allocation

page read and write

90B0000

trusted library allocation

page read and write

6547000

trusted library allocation

page read and write

90B0000

trusted library allocation

page read and write

82A0000

trusted library allocation

page read and write

7B23000

heap

page read and write

3A09000

direct allocation

page read and write

2E4000

unkown

page readonly

6579000

trusted library allocation

page read and write

91C0000

trusted library allocation

page read and write

3310000

direct allocation

page read and write

230000

unkown

page readonly

90D0000

trusted library allocation

page read and write

90D0000

trusted library allocation

page read and write

5411000

trusted library allocation

page read and write

7DD0000

trusted library allocation

page read and write

33F0000

heap

page read and write

79BA000

trusted library allocation

page read and write

7DD0000

trusted library allocation

page read and write

9190000

trusted library allocation

page read and write

7DD0000

trusted library allocation

page read and write

90D0000

trusted library allocation

page read and write

82A0000

trusted library allocation

page read and write

90B0000

trusted library allocation

page read and write

32CD000

heap

page read and write

BDB000

stack

page read and write

66DA000

trusted library allocation

page read and write

90E0000

trusted library allocation

page execute and read and write

73C56000

unkown

page readonly

90D0000

trusted library allocation

page read and write

79A0000

trusted library allocation

page read and write

7DD0000

trusted library allocation

page read and write

7B39000

heap

page read and write

90B0000

trusted library allocation

page read and write

7DD0000

trusted library allocation

page read and write

5210000

trusted library allocation

page read and write

7DD0000

trusted library allocation

page read and write

90D0000

trusted library allocation

page read and write

91A0000

trusted library allocation

page read and write

9240000

trusted library allocation

page read and write

79A0000

trusted library allocation

page read and write

63F3000

trusted library allocation

page read and write

4DF3000

trusted library allocation

page read and write

90B0000

trusted library allocation

page read and write

5443000

trusted library allocation

page read and write

7DD0000

trusted library allocation

page read and write

7DE0000

trusted library allocation

page read and write

5419000

trusted library allocation

page read and write

90D0000

trusted library allocation

page read and write

EEF000

heap

page read and write

90B0000

trusted library allocation

page read and write

BFC000

stack

page read and write

5200000

trusted library allocation

page read and write

82A0000

trusted library allocation

page read and write

7D80000

trusted library allocation

page read and write

9260000

trusted library allocation

page read and write

7DD0000

trusted library allocation

page read and write

D3E000

stack

page read and write

7DD0000

trusted library allocation

page read and write

7DCD000

stack

page read and write

3A0D000

direct allocation

page read and write

90D0000

trusted library allocation

page read and write

7DD0000

trusted library allocation

page read and write

7DD0000

trusted library allocation

page read and write

90E0000

trusted library allocation

page read and write

3200000

heap

page read and write

E83000

heap

page read and write

7B29000

heap

page read and write

EF6000

heap

page read and write

FA7000

heap

page read and write

6423000

trusted library allocation

page read and write

7D00000

trusted library allocation

page read and write

90D0000

trusted library allocation

page read and write

8290000

trusted library allocation

page read and write

7DD0000

trusted library allocation

page read and write

7DD0000

trusted library allocation

page read and write

3212000

heap

page read and write

90D0000

trusted library allocation

page read and write

90D0000

trusted library allocation

page read and write

82A0000

trusted library allocation

page read and write

7D80000

trusted library allocation

page read and write

824D000

stack

page read and write

91A0000

trusted library allocation

page read and write

7B00000

heap

page read and write

1A4F000

stack

page read and write

9450000

trusted library allocation

page read and write

3740000

direct allocation

page read and write

EA3000

heap

page read and write

7DD0000

trusted library allocation

page read and write

7B57000

heap

page read and write

56DF000

trusted library allocation

page read and write

90D0000

trusted library allocation

page read and write

91C0000

trusted library allocation

page read and write

EEF000

heap

page read and write

551D000

trusted library allocation

page read and write

82A0000

trusted library allocation

page read and write

3A0D000

direct allocation

page read and write

90D0000

trusted library allocation

page read and write

7DD0000

trusted library allocation

page read and write

82A0000

trusted library allocation

page read and write

2EE000

unkown

page read and write

7DD0000

trusted library allocation

page read and write

2FCE000

stack

page read and write

66A5000

trusted library allocation

page read and write

7D90000

trusted library allocation

page read and write

82A0000

trusted library allocation

page read and write

EF7000

heap

page read and write

91E0000

trusted library allocation

page read and write

73C5F000

unkown

page readonly

3863000

direct allocation

page read and write

90B0000

trusted library allocation

page read and write

38E0000

direct allocation

page read and write

3740000

direct allocation

page read and write

91C0000

trusted library allocation

page read and write

564A000

trusted library allocation

page read and write

90B0000

trusted library allocation

page read and write

6702000

trusted library allocation

page read and write

7DD0000

trusted library allocation

page read and write

7DD0000

trusted library allocation

page read and write

90B0000

trusted library allocation

page read and write

7DD0000

trusted library allocation

page read and write

63D7000

trusted library allocation

page read and write

7D70000

trusted library allocation

page read and write

82A0000

trusted library allocation

page read and write

7DD0000

trusted library allocation

page read and write

9230000

trusted library allocation

page read and write

7B42000

heap

page read and write

642D000

trusted library allocation

page read and write

3A7E000

direct allocation

page read and write

9450000

trusted library allocation

page read and write

91C0000

trusted library allocation

page read and write

90D0000

trusted library allocation

page read and write

82A0000

trusted library allocation

page read and write

895F000

stack

page read and write

7DD0000

trusted library allocation

page read and write

7DD0000

trusted library allocation

page read and write

7DD0000

trusted library allocation

page read and write

90D0000

trusted library allocation

page read and write

90B0000

trusted library allocation

page read and write

7DD0000

trusted library allocation

page read and write

7D70000

trusted library allocation

page read and write

90D0000

trusted library allocation

page read and write

7DD0000

trusted library allocation

page read and write

E92000

heap

page read and write

7DD0000

trusted library allocation

page read and write

90B0000

trusted library allocation

page read and write

90D0000

trusted library allocation

page read and write

9100000

trusted library allocation

page read and write

90D0000

trusted library allocation

page read and write

7DD1000

trusted library allocation

page read and write

3A0D000

direct allocation

page read and write

90B0000

trusted library allocation

page read and write

3A09000

direct allocation

page read and write

66A9000

trusted library allocation

page read and write

91D0000

trusted library allocation

page read and write

7DD0000

trusted library allocation

page read and write

4DB0000

trusted library section

page read and write

9260000

trusted library allocation

page read and write

9190000

trusted library allocation

page read and write

38E0000

direct allocation

page read and write

7D80000

trusted library allocation

page read and write

BCF000

stack

page read and write

6428000

trusted library allocation

page read and write

E8C000

heap

page read and write

9260000

trusted library allocation

page read and write

90D0000

trusted library allocation

page read and write

5510000

trusted library allocation

page read and write

7B59000

heap

page read and write

90D0000

trusted library allocation

page read and write

90B0000

trusted library allocation

page read and write

91C0000

trusted library allocation

page read and write

7D80000

trusted library allocation

page read and write

90B0000

trusted library allocation

page read and write

90D0000

trusted library allocation

page read and write

323E000

heap

page read and write

8290000

trusted library allocation

page read and write

D7E000

stack

page read and write

79AE000

trusted library allocation

page read and write

90D0000

trusted library allocation

page read and write

91C0000

trusted library allocation

page read and write

7DD0000

trusted library allocation

page read and write

3243000

heap

page read and write

3252000

heap

page read and write

3A09000

direct allocation

page read and write

7DA0000

trusted library allocation

page read and write

5602000

trusted library allocation

page read and write

66C5000

trusted library allocation

page read and write

90D0000

trusted library allocation

page read and write

E92000

heap

page read and write

5657000

trusted library allocation

page read and write

5215000

trusted library allocation

page execute and read and write

5607000

trusted library allocation

page read and write

9260000

trusted library allocation

page read and write

90D0000

trusted library allocation

page read and write

82A0000

trusted library allocation

page read and write

7990000

trusted library allocation

page read and write

9260000

trusted library allocation

page read and write

90D0000

trusted library allocation

page read and write

90D0000

trusted library allocation

page read and write

91D0000

trusted library allocation

page execute and read and write

5217000

trusted library allocation

page execute and read and write

7DD0000

trusted library allocation

page read and write

7DD0000

trusted library allocation

page read and write

90B0000

trusted library allocation

page read and write

7DD0000

trusted library allocation

page read and write

7D80000

trusted library allocation

page read and write

7D80000

trusted library allocation

page read and write

8F9E000

stack

page read and write

7DD0000

trusted library allocation

page read and write

82A0000

trusted library allocation

page read and write

90B0000

trusted library allocation

page read and write

91C0000

trusted library allocation

page read and write

3254000

heap

page read and write

9170000

trusted library allocation

page read and write

90C0000

trusted library allocation

page read and write

7DD0000

trusted library allocation

page read and write

7DD0000

trusted library allocation

page read and write

8D1D000

stack

page read and write

78D0000

heap

page execute and read and write

EC9000

heap

page read and write

73A8000

trusted library allocation

page read and write

90B0000

trusted library allocation

page read and write

2EE000

unkown

page write copy

677E000

trusted library allocation

page read and write

9260000

trusted library allocation

page read and write

90B0000

trusted library allocation

page read and write

7B48000

heap

page read and write

90D0000

trusted library allocation

page read and write

91A0000

trusted library allocation

page read and write

680E000

trusted library allocation

page read and write

400000

system

page execute and read and write

73C41000

unkown

page execute read

66F6000

trusted library allocation

page read and write

7DD0000

trusted library allocation

page read and write

90B0000

trusted library allocation

page read and write

8290000

trusted library allocation

page read and write

90D0000

trusted library allocation

page read and write

6496000

trusted library allocation

page read and write

7DD0000

trusted library allocation

page read and write

90B0000

trusted library allocation

page read and write

EEF000

heap

page read and write

7DD0000

trusted library allocation

page read and write

8E1D000

stack

page read and write

7DD0000

trusted library allocation

page read and write

91C0000

trusted library allocation

page read and write

3013000

heap

page read and write

90D0000

trusted library allocation

page read and write

56B8000

trusted library allocation

page read and write

EC1000

heap

page read and write

91C0000

trusted library allocation

page read and write

7DD0000

trusted library allocation

page read and write

EF6000

heap

page read and write

90D0000

trusted library allocation

page read and write

91D0000

trusted library allocation

page read and write

539E000

stack

page read and write

3A7E000

direct allocation

page read and write

7DD0000

trusted library allocation

page read and write

90B0000

trusted library allocation

page read and write

164D000

stack

page read and write

90D0000

trusted library allocation

page read and write

91A0000

trusted library allocation

page read and write

7DD0000

trusted library allocation

page read and write

90D0000

trusted library allocation

page read and write

56E9000

trusted library allocation

page read and write

810E000

stack

page read and write

There are 781 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
K25004 Chin Bee Road Piling Layout.exe

Files

Processes

URLs

Domains

IPs

Registry

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC ReportK25004 Chin Bee Road Piling Layout.exe

Files

Processes

URLs

Domains

IPs

Registry

Memdumps

IOC Report
K25004 Chin Bee Road Piling Layout.exe