Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\loaddll32.exe
|
loaddll32.exe "C:\Users\user\Desktop\KLWsv.dll"
|
 |
|
|
C:\Windows\SysWOW64\rundll32.exe
|
rundll32.exe C:\Users\user\Desktop\KLWsv.dll,QStringClose
|
|
|
|
C:\Windows\SysWOW64\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\KLWsv.dll",#1
|
|
|
|
C:\Windows\SysWOW64\rundll32.exe
|
rundll32.exe C:\Users\user\Desktop\KLWsv.dll,QStringCmp
|
|
|
|
C:\Windows\SysWOW64\rundll32.exe
|
rundll32.exe C:\Users\user\Desktop\KLWsv.dll,QStringCreate
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\SysWOW64\cmd.exe
|
cmd.exe /C rundll32.exe "C:\Users\user\Desktop\KLWsv.dll",#1
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
4460000
|
heap
|
page read and write
|
||
|
6BD39000
|
unkown
|
page execute read
|
||
|
9DB000
|
heap
|
page read and write
|
||
|
676C0000
|
unkown
|
page readonly
|
||
|
6D242000
|
unkown
|
page readonly
|
||
|
25D0000
|
heap
|
page read and write
|
||
|
6B338000
|
unkown
|
page read and write
|
||
|
3B0000
|
unclassified section
|
page readonly
|
||
|
6C739000
|
unkown
|
page execute read
|
||
|
6D242000
|
unkown
|
page readonly
|
||
|
263C000
|
stack
|
page read and write
|
||
|
289A000
|
heap
|
page read and write
|
||
|
6D139000
|
unkown
|
page execute read
|
||
|
4270000
|
heap
|
page read and write
|
||
|
676C0000
|
unkown
|
page readonly
|
||
|
6ADA6000
|
unkown
|
page execute read
|
||
|
4530000
|
heap
|
page read and write
|
||
|
267C000
|
stack
|
page read and write
|
||
|
69832000
|
unkown
|
page read and write
|
||
|
676C0000
|
unkown
|
page readonly
|
||
|
6BD39000
|
unkown
|
page execute read
|
||
|
24B0000
|
heap
|
page read and write
|
||
|
4520000
|
heap
|
page read and write
|
||
|
6D242000
|
unkown
|
page readonly
|
||
|
3A0000
|
unclassified section
|
page readonly
|
||
|
6B339000
|
unkown
|
page execute read
|
||
|
4010000
|
trusted library allocation
|
page read and write
|
||
|
6D139000
|
unkown
|
page execute read
|
||
|
4531000
|
heap
|
page read and write
|
||
|
69832000
|
unkown
|
page read and write
|
||
|
69833000
|
unkown
|
page execute read
|
||
|
6B338000
|
unkown
|
page read and write
|
||
|
6C739000
|
unkown
|
page execute read
|
||
|
2850000
|
heap
|
page read and write
|
||
|
6AC33000
|
unkown
|
page execute read
|
||
|
69832000
|
unkown
|
page read and write
|
||
|
6B339000
|
unkown
|
page execute read
|
||
|
2550000
|
heap
|
page read and write
|
||
|
6BD39000
|
unkown
|
page execute read
|
||
|
6A233000
|
unkown
|
page execute read
|
||
|
7D4000
|
heap
|
page read and write
|
||
|
4561000
|
heap
|
page read and write
|
||
|
6BD39000
|
unkown
|
page execute read
|
||
|
6C739000
|
unkown
|
page execute read
|
||
|
2A20000
|
heap
|
page read and write
|
||
|
6D139000
|
unkown
|
page execute read
|
||
|
40F1000
|
heap
|
page read and write
|
||
|
9ED000
|
heap
|
page read and write
|
||
|
6A233000
|
unkown
|
page execute read
|
||
|
6B338000
|
unkown
|
page read and write
|
||
|
6AC33000
|
unkown
|
page execute read
|
||
|
23A0000
|
heap
|
page read and write
|
||
|
6A233000
|
unkown
|
page execute read
|
||
|
42B1000
|
heap
|
page read and write
|
||
|
2890000
|
heap
|
page read and write
|
||
|
29C0000
|
heap
|
page read and write
|
||
|
26B4000
|
heap
|
page read and write
|
||
|
2440000
|
heap
|
page read and write
|
||
|
4560000
|
heap
|
page read and write
|
||
|
2A24000
|
heap
|
page read and write
|
||
|
6B339000
|
unkown
|
page execute read
|
||
|
69833000
|
unkown
|
page execute read
|
||
|
2B5A000
|
heap
|
page read and write
|
||
|
6AC33000
|
unkown
|
page execute read
|
||
|
2910000
|
heap
|
page read and write
|
||
|
25D4000
|
heap
|
page read and write
|
||
|
4640000
|
heap
|
page read and write
|
||
|
3FD0000
|
heap
|
page read and write
|
||
|
4480000
|
trusted library allocation
|
page read and write
|
||
|
69833000
|
unkown
|
page execute read
|
||
|
2D10000
|
heap
|
page read and write
|
||
|
6B339000
|
unkown
|
page execute read
|
||
|
69832000
|
unkown
|
page read and write
|
||
|
286C000
|
stack
|
page read and write
|
||
|
6D242000
|
unkown
|
page readonly
|
||
|
DD1000
|
heap
|
page read and write
|
||
|
9D0000
|
heap
|
page read and write
|
||
|
6BD39000
|
unkown
|
page execute read
|
||
|
4670000
|
heap
|
page read and write
|
||
|
6FC000
|
stack
|
page read and write
|
||
|
6D139000
|
unkown
|
page execute read
|
||
|
40F0000
|
heap
|
page read and write
|
||
|
6AC33000
|
unkown
|
page execute read
|
||
|
DD0000
|
heap
|
page read and write
|
||
|
43E0000
|
trusted library allocation
|
page read and write
|
||
|
29C4000
|
heap
|
page read and write
|
||
|
2B50000
|
heap
|
page read and write
|
||
|
6D139000
|
unkown
|
page execute read
|
||
|
6C739000
|
unkown
|
page execute read
|
||
|
6B339000
|
unkown
|
page execute read
|
||
|
6ADA0000
|
unkown
|
page read and write
|
||
|
42B0000
|
heap
|
page read and write
|
||
|
69833000
|
unkown
|
page execute read
|
||
|
25FC000
|
stack
|
page read and write
|
||
|
28AC000
|
stack
|
page read and write
|
||
|
6ADA0000
|
unkown
|
page read and write
|
||
|
7D0000
|
heap
|
page read and write
|
||
|
26B0000
|
heap
|
page read and write
|
||
|
2DB0000
|
heap
|
page read and write
|
||
|
21AC000
|
stack
|
page read and write
|
||
|
2860000
|
heap
|
page read and write
|
||
|
216C000
|
stack
|
page read and write
|
||
|
6ADA0000
|
unkown
|
page read and write
|
||
|
EF0000
|
heap
|
page read and write
|
||
|
2B0000
|
heap
|
page read and write
|
||
|
6B338000
|
unkown
|
page read and write
|
||
|
2CD0000
|
heap
|
page read and write
|
||
|
2D60000
|
trusted library allocation
|
page read and write
|
||
|
AD0000
|
trusted library allocation
|
page read and write
|
||
|
25BC000
|
stack
|
page read and write
|
||
|
2DB7000
|
heap
|
page read and write
|
||
|
2C60000
|
heap
|
page read and write
|
||
|
6AC33000
|
unkown
|
page execute read
|
||
|
2100000
|
heap
|
page read and write
|
||
|
6ADA6000
|
unkown
|
page execute read
|
||
|
31C000
|
stack
|
page read and write
|
||
|
40E0000
|
heap
|
page read and write
|
||
|
6ADA6000
|
unkown
|
page execute read
|
||
|
360000
|
heap
|
page read and write
|
||
|
43D0000
|
heap
|
page read and write
|
||
|
676C0000
|
unkown
|
page readonly
|
||
|
9C0000
|
heap
|
page read and write
|
||
|
6C739000
|
unkown
|
page execute read
|
||
|
676C0000
|
unkown
|
page readonly
|
||
|
40C0000
|
heap
|
page read and write
|
||
|
9DE000
|
heap
|
page read and write
|
||
|
69832000
|
unkown
|
page read and write
|
||
|
29C0000
|
heap
|
page read and write
|
||
|
2D50000
|
heap
|
page read and write
|
||
|
2A90000
|
heap
|
page read and write
|
||
|
2400000
|
heap
|
page read and write
|
||
|
6A233000
|
unkown
|
page execute read
|
||
|
6ADA6000
|
unkown
|
page execute read
|
||
|
3C0000
|
unclassified section
|
page readonly
|
||
|
2800000
|
heap
|
page read and write
|
||
|
24BA000
|
heap
|
page read and write
|
||
|
69833000
|
unkown
|
page execute read
|
||
|
6D242000
|
unkown
|
page readonly
|
||
|
2790000
|
heap
|
page read and write
|
||
|
6ADA0000
|
unkown
|
page read and write
|
||
|
2A9A000
|
heap
|
page read and write
|
||
|
6B338000
|
unkown
|
page read and write
|
||
|
6ADA6000
|
unkown
|
page execute read
|
||
|
6A233000
|
unkown
|
page execute read
|
||
|
6ADA0000
|
unkown
|
page read and write
|
There are 135 hidden memdumps, click here to show them.