IOC Report
file.dll

loading gif

Processes

Path
Cmdline
Malicious
C:\Windows\System32\loaddll32.exe
loaddll32.exe "C:\Users\user\Desktop\file.dll"
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cmd.exe
cmd.exe /C rundll32.exe "C:\Users\user\Desktop\file.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\user\Desktop\file.dll",#1

Memdumps

Base Address
Regiontype
Protect
Malicious
32AC000
heap
page read and write
6694000
heap
page read and write
9DE000
stack
page read and write
32AD000
heap
page read and write
32AF000
heap
page read and write
34FF000
stack
page read and write
990000
heap
page read and write
101B000
heap
page read and write
328A000
heap
page read and write
CFD000
stack
page read and write
329F000
heap
page read and write
32AC000
heap
page read and write
E80000
heap
page read and write
329C000
heap
page read and write
32AE000
heap
page read and write
3270000
heap
page read and write
101F000
heap
page read and write
35C0000
heap
page read and write
6A10000
trusted library allocation
page read and write
3260000
heap
page read and write
32AC000
heap
page read and write
980000
heap
page read and write
13E0000
heap
page read and write
359F000
stack
page read and write
355E000
stack
page read and write
120F000
stack
page read and write
35CA000
heap
page read and write
E5E000
stack
page read and write
32A3000
heap
page read and write
2FEC000
stack
page read and write
34BE000
stack
page read and write
2FA9000
stack
page read and write
6690000
heap
page read and write
32CC000
heap
page read and write
3230000
heap
page read and write
65E0000
heap
page read and write
32A8000
heap
page read and write
91D000
stack
page read and write
35C6000
heap
page read and write
1010000
heap
page read and write
F8F000
stack
page read and write
329F000
heap
page read and write
3280000
heap
page read and write
65F0000
heap
page read and write
32C4000
heap
page read and write
There are 35 hidden memdumps, click here to show them.