IOC Report
7RSRU9IvVb.dll

loading gif

Processes

Path
Cmdline
Malicious
C:\Windows\System32\loaddll32.exe
loaddll32.exe "C:\Users\user\Desktop\7RSRU9IvVb.dll"
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cmd.exe
cmd.exe /C rundll32.exe "C:\Users\user\Desktop\7RSRU9IvVb.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\user\Desktop\7RSRU9IvVb.dll",#1

Memdumps

Base Address
Regiontype
Protect
Malicious
DFE000
stack
page read and write
47BF000
stack
page read and write
1990000
heap
page read and write
D10000
heap
page read and write
D7E000
stack
page read and write
149E000
stack
page read and write
E43000
heap
page read and write
95A000
stack
page read and write
DBE000
stack
page read and write
14A0000
heap
page read and write
123D000
stack
page read and write
D30000
heap
page read and write
E34000
heap
page read and write
E40000
heap
page read and write
D36000
heap
page read and write
E10000
heap
page read and write
5FC0000
heap
page read and write
D3A000
heap
page read and write
160F000
heap
page read and write
E38000
heap
page read and write
E43000
heap
page read and write
15EE000
stack
page read and write
6050000
heap
page read and write
E38000
heap
page read and write
E55000
heap
page read and write
133D000
stack
page read and write
E38000
heap
page read and write
1450000
heap
page read and write
E30000
heap
page read and write
1370000
heap
page read and write
E3D000
heap
page read and write
E1A000
heap
page read and write
E30000
heap
page read and write
6094000
heap
page read and write
477F000
stack
page read and write
E43000
heap
page read and write
17FF000
stack
page read and write
15AF000
stack
page read and write
C00000
heap
page read and write
F4F000
stack
page read and write
1600000
heap
page read and write
6090000
heap
page read and write
99C000
stack
page read and write
E4E000
heap
page read and write
160B000
heap
page read and write
6420000
trusted library allocation
page read and write
CE0000
heap
page read and write
There are 37 hidden memdumps, click here to show them.