IOC Report
49758b8.dll

loading gif

Processes

Path
Cmdline
Malicious
C:\Windows\System32\loaddll32.exe
loaddll32.exe "C:\Users\user\Desktop\49758b8.dll"
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cmd.exe
cmd.exe /C rundll32.exe "C:\Users\user\Desktop\49758b8.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\user\Desktop\49758b8.dll",#1

Memdumps

Base Address
Regiontype
Protect
Malicious
780000
heap
page read and write
7DE000
stack
page read and write
238F000
stack
page read and write
2900000
heap
page read and write
5960000
heap
page read and write
140000
heap
page read and write
B5B000
heap
page read and write
2920000
heap
page read and write
DC000
stack
page read and write
27A0000
heap
page read and write
5964000
heap
page read and write
2929000
heap
page read and write
294D000
heap
page read and write
234E000
stack
page read and write
22C7000
heap
page read and write
2934000
heap
page read and write
22C0000
heap
page read and write
2936000
heap
page read and write
B50000
heap
page read and write
C60000
heap
page read and write
290A000
heap
page read and write
230E000
stack
page read and write
22CA000
heap
page read and write
2920000
heap
page read and write
2934000
heap
page read and write
790000
heap
page read and write
F60000
heap
page read and write
22BD000
stack
page read and write
27B0000
heap
page read and write
404F000
stack
page read and write
2924000
heap
page read and write
220000
heap
page read and write
71D000
stack
page read and write
E3F000
stack
page read and write
2935000
heap
page read and write
2934000
heap
page read and write
5CB0000
trusted library allocation
page read and write
2945000
heap
page read and write
2930000
heap
page read and write
AFD000
stack
page read and write
28B0000
heap
page read and write
99000
stack
page read and write
B5F000
heap
page read and write
There are 33 hidden memdumps, click here to show them.