IOC Report
weird

loading gif

Processes

Path
Cmdline
Malicious
C:\Windows\System32\loaddll64.exe
loaddll64.exe "C:\Users\user\Desktop\weird.dll"
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\cmd.exe
cmd.exe /C rundll32.exe "C:\Users\user\Desktop\weird.dll",#1
C:\Windows\System32\rundll32.exe
rundll32.exe "C:\Users\user\Desktop\weird.dll",#1

Memdumps

Base Address
Regiontype
Protect
Malicious
1F9B0E90000
heap
page read and write
1F9B0B70000
heap
page read and write
2C3B7F70000
heap
page read and write
1F9B0BF5000
heap
page read and write
1F9B0BDC000
heap
page read and write
1F9B0EBB000
heap
page read and write
1F9B0B50000
heap
page read and write
1F9B0BC0000
heap
page read and write
1F9B45F0000
heap
page read and write
1F9B0A70000
heap
page read and write
1F9B0BD8000
heap
page read and write
2C3B810D000
heap
page read and write
2C3B8080000
heap
page read and write
F5988FE000
stack
page read and write
1F9B0BDC000
heap
page read and write
CF443FF000
stack
page read and write
1F9B0BCF000
heap
page read and write
1F9B3CF3000
heap
page read and write
CF444FF000
stack
page read and write
1F9B0BE6000
heap
page read and write
2C3B8050000
heap
page read and write
F59887A000
stack
page read and write
1F9B0BC8000
heap
page read and write
1F9B0EB5000
heap
page read and write
2C3B8100000
heap
page read and write
CF442FC000
stack
page read and write
1F9B0EB0000
heap
page read and write
1F9B3CF0000
heap
page read and write
1F9B3DF0000
trusted library allocation
page read and write
1F9B0BF0000
heap
page read and write
F59897E000
stack
page read and write
2C3B83F0000
heap
page read and write
There are 22 hidden memdumps, click here to show them.