IOC Report
VGPINVPA.xml

loading gif

Processes

Path
Cmdline
Malicious
C:\Windows\System32\loaddll64.exe
loaddll64.exe "C:\Users\user\Desktop\VGPINVPA.dll"
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\cmd.exe
cmd.exe /C rundll32.exe "C:\Users\user\Desktop\VGPINVPA.dll",#1
C:\Windows\System32\rundll32.exe
rundll32.exe C:\Users\user\Desktop\VGPINVPA.dll,AllocConsole
C:\Windows\System32\rundll32.exe
rundll32.exe "C:\Users\user\Desktop\VGPINVPA.dll",#1
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\rundll32.exe
rundll32.exe C:\Users\user\Desktop\VGPINVPA.dll,GetConsoleCP
C:\Windows\System32\rundll32.exe
rundll32.exe C:\Users\user\Desktop\VGPINVPA.dll,GetConsoleMode
C:\Windows\System32\rundll32.exe
rundll32.exe "C:\Users\user\Desktop\VGPINVPA.dll",AllocConsole
C:\Windows\System32\rundll32.exe
rundll32.exe "C:\Users\user\Desktop\VGPINVPA.dll",GetConsoleCP
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\rundll32.exe
rundll32.exe "C:\Users\user\Desktop\VGPINVPA.dll",GetConsoleMode
C:\Windows\System32\rundll32.exe
rundll32.exe "C:\Users\user\Desktop\VGPINVPA.dll",GetConsoleOutputCP
C:\Windows\System32\rundll32.exe
rundll32.exe "C:\Users\user\Desktop\VGPINVPA.dll",GetNumberOfConsoleInputEvents
There are 5 hidden processes, click here to show them.

Memdumps

Base Address
Regiontype
Protect
Malicious
429899E000
stack
page read and write
20EC46D0000
heap
page read and write
25E4F170000
heap
page read and write
20B6AF9B000
heap
page read and write
252D74D0000
heap
page read and write
25E4F078000
heap
page read and write
15B33BF000
stack
page read and write
A4BD34F000
stack
page read and write
2D255FF000
stack
page read and write
185A9900000
heap
page read and write
1A41C923000
heap
page read and write
185A9970000
heap
page read and write
2D2557F000
stack
page read and write
20B6B185000
heap
page read and write
23CDA610000
heap
page read and write
1EBA1840000
heap
page read and write
1A19F570000
heap
page read and write
20B6B090000
heap
page read and write
1A41C8F0000
heap
page read and write
2569F250000
heap
page read and write
20EC4700000
heap
page read and write
1A41C860000
heap
page read and write
252D7640000
heap
page read and write
20B6AF97000
heap
page read and write
72171AF000
stack
page read and write
23CD8B5E000
heap
page read and write
185AB570000
heap
page read and write
20EC4950000
heap
page read and write
252D7895000
heap
page read and write
2569F2D8000
heap
page read and write
20B6AF70000
heap
page read and write
B28B27F000
stack
page read and write
15B333C000
stack
page read and write
256A0BA0000
heap
page read and write
1A41C890000
heap
page read and write
25E4F055000
heap
page read and write
2569F560000
heap
page read and write
B28AFFF000
stack
page read and write
1EBA1700000
heap
page read and write
185A99B0000
heap
page read and write
1EBA1AC5000
heap
page read and write
1A19F8B0000
heap
page read and write
A4BD2CC000
stack
page read and write
20EC46B0000
heap
page read and write
A3ED6FF000
stack
page read and write
25E4F050000
heap
page read and write
2C9B8FD000
stack
page read and write
25E50970000
heap
page read and write
A4BD3CF000
stack
page read and write
20EC4955000
heap
page read and write
20B6B180000
heap
page read and write
23CD8AD0000
heap
page read and write
23CD8B59000
heap
page read and write
252D7740000
heap
page read and write
175437F000
stack
page read and write
1EBA1970000
heap
page read and write
721712C000
stack
page read and write
DF6BBFF000
stack
page read and write
1A19F5E0000
heap
page read and write
23CD8E05000
heap
page read and write
1A41C910000
heap
page read and write
1EBA1AC0000
heap
page read and write
185A99C9000
heap
page read and write
A3ED3DF000
stack
page read and write
2D254FC000
stack
page read and write
20B6AE30000
heap
page read and write
185A9BE0000
heap
page read and write
1EBA1870000
heap
page read and write
A3ED35C000
stack
page read and write
23CD8B50000
heap
page read and write
25E4F089000
heap
page read and write
185A99B9000
heap
page read and write
23CD8D20000
heap
page read and write
1A19F880000
heap
page read and write
252D7850000
heap
page read and write
20B6AFA9000
heap
page read and write
4298C7E000
stack
page read and write
1A19F8B5000
heap
page read and write
252D7659000
heap
page read and write
20EC4570000
heap
page read and write
DF6BAFC000
stack
page read and write
B28AF7C000
stack
page read and write
A3ED67E000
stack
page read and write
1A19F5EB000
heap
page read and write
17542FF000
stack
page read and write
1A41C7F0000
heap
page read and write
429891C000
stack
page read and write
20EC4910000
heap
page read and write
2569F0F0000
heap
page read and write
1A41C91D000
heap
page read and write
15B367F000
stack
page read and write
20B6CAD0000
heap
page read and write
175427C000
stack
page read and write
25E4EEE0000
heap
page read and write
185A9BE5000
heap
page read and write
721747F000
stack
page read and write
20EC4707000
heap
page read and write
2569F2D0000
heap
page read and write
23CD8D40000
heap
page read and write
25E4F070000
heap
page read and write
252D7648000
heap
page read and write
252D7890000
heap
page read and write
20B6AF90000
heap
page read and write
185A9990000
heap
page read and write
2C9B9FF000
stack
page read and write
1EBA1878000
heap
page read and write
DF6BB7F000
stack
page read and write
23CD8E00000
heap
page read and write
1EBA3460000
heap
page read and write
2569F230000
heap
page read and write
1A19F7D0000
heap
page read and write
252D7610000
heap
page read and write
23CD8B69000
heap
page read and write
1A19F7B0000
heap
page read and write
25E4F020000
heap
page read and write
2569F565000
heap
page read and write
There are 106 hidden memdumps, click here to show them.