Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
werkernel.exe
|
PE32+ executable (console) x86-64, for MS Windows
|
initial sample
|
 |
|
|
C:\Users\Public\Documents\s1.dll
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\werkernel.exe
|
"C:\Users\user\Desktop\werkernel.exe"
|
|
|
|
C:\Users\user\Desktop\werkernel.exe
|
C:\Users\user\Desktop\werkernel.exe
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\cmd.exe
|
"C:\Windows\System32\cmd.exe"
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\cmd.exe
|
"C:\Windows\System32\cmd.exe"
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\cmd.exe
|
"C:\Windows\System32\cmd.exe"
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\cmd.exe
|
"C:\Windows\System32\cmd.exe"
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\cmd.exe
|
"C:\Windows\System32\cmd.exe"
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
There are 3 hidden processes, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
1C0EE82E000
|
heap
|
page read and write
|
||
|
1EAC732E000
|
heap
|
page read and write
|
||
|
1C0EE5B6000
|
heap
|
page read and write
|
||
|
1EACB050000
|
direct allocation
|
page read and write
|
||
|
1EAC72A0000
|
heap
|
page read and write
|
||
|
1C0EE4DC000
|
heap
|
page read and write
|
||
|
1C0EE52C000
|
heap
|
page read and write
|
||
|
AAFDFFB000
|
stack
|
page read and write
|
||
|
1EACB0F7000
|
heap
|
page read and write
|
||
|
1C0F0051000
|
heap
|
page read and write
|
||
|
7FF74DCBC000
|
unkown
|
page readonly
|
||
|
1EAC74AE000
|
heap
|
page read and write
|
||
|
1C0F0051000
|
heap
|
page read and write
|
||
|
7FF74DCA1000
|
unkown
|
page execute read
|
||
|
1EAC7240000
|
trusted library allocation
|
page read and write
|
||
|
1C0EE517000
|
heap
|
page read and write
|
||
|
1C0EE470000
|
heap
|
page read and write
|
||
|
1EAC72EB000
|
heap
|
page read and write
|
||
|
7FF74DD11000
|
unkown
|
page readonly
|
||
|
1EAC72DA000
|
heap
|
page read and write
|
||
|
1EAC7240000
|
trusted library allocation
|
page read and write
|
||
|
1EACB178000
|
heap
|
page read and write
|
||
|
AAFDDFE000
|
stack
|
page read and write
|
||
|
1EAC7240000
|
trusted library allocation
|
page read and write
|
||
|
1EAC7334000
|
heap
|
page read and write
|
||
|
84A11A9000
|
stack
|
page read and write
|
||
|
1C0F005C000
|
heap
|
page read and write
|
||
|
1C0F235D000
|
heap
|
page read and write
|
||
|
7FF4F8FB2000
|
trusted library allocation
|
page readonly
|
||
|
1C0EE7F0000
|
trusted library allocation
|
page read and write
|
||
|
1EAC8DD0000
|
trusted library allocation
|
page read and write
|
||
|
1C0F2329000
|
heap
|
page read and write
|
||
|
1EAC8CD8000
|
heap
|
page read and write
|
||
|
7FF74DCA1000
|
unkown
|
page execute read
|
||
|
1C0F2B30000
|
trusted library allocation
|
page read and write
|
||
|
1C0EE5C3000
|
heap
|
page read and write
|
||
|
1EAC8DF0000
|
trusted library allocation
|
page read and write
|
||
|
1EAC72A8000
|
heap
|
page read and write
|
||
|
1C0F23F7000
|
heap
|
page read and write
|
||
|
1EAC74A5000
|
heap
|
page read and write
|
||
|
7FF4F8FB5000
|
trusted library allocation
|
page execute read
|
||
|
1C0EE5BB000
|
heap
|
page read and write
|
||
|
1EAC7363000
|
heap
|
page read and write
|
||
|
1C0F2434000
|
heap
|
page read and write
|
||
|
1C0F005A000
|
heap
|
page read and write
|
||
|
1EAC8CD1000
|
heap
|
page read and write
|
||
|
1EACB027000
|
heap
|
page read and write
|
||
|
7FF74DCA0000
|
unkown
|
page readonly
|
||
|
1C0F005C000
|
heap
|
page read and write
|
||
|
1C0EE810000
|
trusted library allocation
|
page read and write
|
||
|
1EAC7240000
|
trusted library allocation
|
page read and write
|
||
|
1C0F0120000
|
heap
|
page read and write
|
||
|
1C0EE5C1000
|
heap
|
page read and write
|
||
|
7FF74DCC8000
|
unkown
|
page read and write
|
||
|
1EAC7359000
|
heap
|
page read and write
|
||
|
1EAC7362000
|
heap
|
page read and write
|
||
|
7FF74DD0F000
|
unkown
|
page read and write
|
||
|
1EAC8CBE000
|
heap
|
page read and write
|
||
|
1C0F0133000
|
trusted library allocation
|
page read and write
|
||
|
1EAC7240000
|
trusted library allocation
|
page read and write
|
||
|
7FFBC91B0000
|
direct allocation
|
page execute and read and write
|
||
|
1EAC8CD8000
|
heap
|
page read and write
|
||
|
1EACB0B0000
|
heap
|
page read and write
|
||
|
1EACAF50000
|
heap
|
page read and write
|
||
|
1EAC8E10000
|
heap
|
page read and write
|
||
|
1EAC7301000
|
heap
|
page read and write
|
||
|
7FF4A1381000
|
trusted library allocation
|
page execute read
|
||
|
1EAC7381000
|
heap
|
page read and write
|
||
|
1C0EE57F000
|
heap
|
page read and write
|
||
|
7FF74DCC8000
|
unkown
|
page read and write
|
||
|
7FF4A1382000
|
trusted library allocation
|
page readonly
|
||
|
1C0EE6A0000
|
trusted library allocation
|
page read and write
|
||
|
7FF74DD11000
|
unkown
|
page readonly
|
||
|
7FF74DCBC000
|
unkown
|
page readonly
|
||
|
1C0EE5C3000
|
heap
|
page read and write
|
||
|
7FF74DCA1000
|
unkown
|
page execute read
|
||
|
1C0EE5C5000
|
heap
|
page read and write
|
||
|
1EAC72F9000
|
heap
|
page read and write
|
||
|
1EACB810000
|
trusted library allocation
|
page read and write
|
||
|
1EACB0B0000
|
trusted library allocation
|
page read and write
|
||
|
1C0EE5B1000
|
heap
|
page read and write
|
||
|
1EAC7370000
|
heap
|
page read and write
|
||
|
1EAC8CBE000
|
heap
|
page read and write
|
||
|
84A14FD000
|
stack
|
page read and write
|
||
|
7FF4A1384000
|
trusted library allocation
|
page readonly
|
||
|
1C0EE825000
|
heap
|
page read and write
|
||
|
1C0F0058000
|
heap
|
page read and write
|
||
|
1C0EE4A0000
|
trusted library allocation
|
page read and write
|
||
|
1C0EE5A1000
|
heap
|
page read and write
|
||
|
1C0EE440000
|
heap
|
page read and write
|
||
|
1C0EE587000
|
heap
|
page read and write
|
||
|
7FF4F8FB0000
|
trusted library allocation
|
page readonly
|
||
|
84A19FF000
|
stack
|
page read and write
|
||
|
1EAC74AE000
|
heap
|
page read and write
|
||
|
7FF74DCC9000
|
unkown
|
page write copy
|
||
|
7FF74DD11000
|
unkown
|
page readonly
|
||
|
1EAC8DE0000
|
heap
|
page read and write
|
||
|
1EAC7305000
|
heap
|
page read and write
|
||
|
1EAC7110000
|
heap
|
page read and write
|
||
|
AAFE2FE000
|
stack
|
page read and write
|
||
|
1EAC8DF0000
|
trusted library allocation
|
page read and write
|
||
|
1C0EE511000
|
heap
|
page read and write
|
||
|
1EAC71F0000
|
heap
|
page read and write
|
||
|
1EAC736B000
|
heap
|
page read and write
|
||
|
1EAC8DB0000
|
trusted library allocation
|
page read and write
|
||
|
7FF4F8FB3000
|
trusted library allocation
|
page execute read
|
||
|
1C0F0193000
|
trusted library allocation
|
page read and write
|
||
|
1C0EE576000
|
heap
|
page read and write
|
||
|
1EAC7240000
|
trusted library allocation
|
page read and write
|
||
|
84A18FF000
|
stack
|
page read and write
|
||
|
1EACAFBD000
|
heap
|
page read and write
|
||
|
1C0F005A000
|
heap
|
page read and write
|
||
|
1C0EE5B1000
|
heap
|
page read and write
|
||
|
7FF4A1380000
|
trusted library allocation
|
page readonly
|
||
|
1C0EE549000
|
heap
|
page read and write
|
||
|
1C0EE6E0000
|
heap
|
page read and write
|
||
|
1C0EE6A0000
|
trusted library allocation
|
page read and write
|
||
|
1EAC8CD1000
|
heap
|
page read and write
|
||
|
1C0EE597000
|
heap
|
page read and write
|
||
|
1EACB134000
|
heap
|
page read and write
|
||
|
1C0EE532000
|
heap
|
page read and write
|
||
|
84A16FB000
|
stack
|
page read and write
|
||
|
1C0F0130000
|
trusted library allocation
|
page read and write
|
||
|
1EAC7316000
|
heap
|
page read and write
|
||
|
1C0EE4A0000
|
trusted library allocation
|
page read and write
|
||
|
1C0EE4D0000
|
heap
|
page read and write
|
||
|
1EAC7240000
|
trusted library allocation
|
page read and write
|
||
|
1EAC8DC0000
|
trusted library allocation
|
page read and write
|
||
|
84A17FB000
|
stack
|
page read and write
|
||
|
1C0EE4A0000
|
trusted library allocation
|
page read and write
|
||
|
1C0F23C0000
|
trusted library allocation
|
page read and write
|
||
|
1C0F0058000
|
heap
|
page read and write
|
||
|
1EAC7303000
|
heap
|
page read and write
|
||
|
AAFD967000
|
stack
|
page read and write
|
||
|
1EACB143000
|
heap
|
page read and write
|
||
|
1EAC74A0000
|
heap
|
page read and write
|
||
|
AAFDEFB000
|
stack
|
page read and write
|
||
|
1EAC7210000
|
heap
|
page read and write
|
||
|
1EAC8DF3000
|
trusted library allocation
|
page read and write
|
||
|
1EAC74A8000
|
heap
|
page read and write
|
||
|
1C0F22B0000
|
heap
|
page read and write
|
||
|
1C0EE5C4000
|
heap
|
page read and write
|
||
|
AAFE0FE000
|
stack
|
page read and write
|
||
|
1C0F2351000
|
heap
|
page read and write
|
||
|
1C0F0051000
|
heap
|
page read and write
|
||
|
1C0EE5A6000
|
heap
|
page read and write
|
||
|
7FF74DCA0000
|
unkown
|
page readonly
|
||
|
1C0EE5C3000
|
heap
|
page read and write
|
||
|
1C0F0190000
|
trusted library allocation
|
page read and write
|
||
|
1C0EE5AA000
|
heap
|
page read and write
|
||
|
1C0F25B0000
|
trusted library allocation
|
page read and write
|
||
|
1C0F23B0000
|
heap
|
page read and write
|
||
|
1EAC7366000
|
heap
|
page read and write
|
||
|
1C0EE524000
|
heap
|
page read and write
|
||
|
1C0EE514000
|
heap
|
page read and write
|
||
|
1C0EE6A0000
|
trusted library allocation
|
page read and write
|
||
|
7FF74DCA0000
|
unkown
|
page readonly
|
||
|
1EAC8E10000
|
trusted library allocation
|
page read and write
|
||
|
1C0F0140000
|
trusted library allocation
|
page read and write
|
||
|
1EAC8E10000
|
trusted library allocation
|
page read and write
|
||
|
1EACAFF1000
|
heap
|
page read and write
|
||
|
1C0F26D0000
|
heap
|
page read and write
|
||
|
1EAC8CDA000
|
heap
|
page read and write
|
||
|
1EAC8CDA000
|
heap
|
page read and write
|
||
|
AAFE1FF000
|
stack
|
page read and write
|
||
|
1C0F005C000
|
heap
|
page read and write
|
||
|
1C0F2478000
|
heap
|
page read and write
|
||
|
1C0EE5C3000
|
heap
|
page read and write
|
||
|
1C0F23B0000
|
trusted library allocation
|
page read and write
|
||
|
1EAC7346000
|
heap
|
page read and write
|
||
|
1EACAFF3000
|
heap
|
page read and write
|
||
|
7FF74DCC8000
|
unkown
|
page write copy
|
||
|
7FF74DCC8000
|
unkown
|
page write copy
|
||
|
1C0EE565000
|
heap
|
page read and write
|
||
|
1C0F2443000
|
heap
|
page read and write
|
||
|
1C0EE5A4000
|
heap
|
page read and write
|
||
|
1C0F003E000
|
heap
|
page read and write
|
||
|
1C0EE56A000
|
heap
|
page read and write
|
||
|
1EAC8E20000
|
trusted library allocation
|
page read and write
|
||
|
1EAC72F1000
|
heap
|
page read and write
|
||
|
1C0EE5B6000
|
heap
|
page read and write
|
||
|
7FF74DD0F000
|
unkown
|
page read and write
|
||
|
1C0EE5C5000
|
heap
|
page read and write
|
||
|
1C0EE828000
|
heap
|
page read and write
|
||
|
1EAC8CD8000
|
heap
|
page read and write
|
||
|
1C0EE4FF000
|
heap
|
page read and write
|
||
|
1C0EE593000
|
heap
|
page read and write
|
||
|
7FFBC91B0000
|
direct allocation
|
page execute and read and write
|
||
|
1C0F23B3000
|
heap
|
page read and write
|
||
|
1C0F0130000
|
direct allocation
|
page read and write
|
||
|
1EAC734F000
|
heap
|
page read and write
|
||
|
1C0EE536000
|
heap
|
page read and write
|
||
|
1C0EE450000
|
heap
|
page read and write
|
||
|
1EAC74A8000
|
heap
|
page read and write
|
||
|
1C0EE800000
|
trusted library allocation
|
page read and write
|
||
|
1C0EE509000
|
heap
|
page read and write
|
||
|
1C0EE538000
|
heap
|
page read and write
|
||
|
1C0EE520000
|
heap
|
page read and write
|
||
|
1C0EE828000
|
heap
|
page read and write
|
||
|
1EAC8CBE000
|
heap
|
page read and write
|
||
|
1EAC72DE000
|
heap
|
page read and write
|
||
|
84A1AFE000
|
stack
|
page read and write
|
||
|
AAFDCFE000
|
stack
|
page read and write
|
||
|
1EAC730E000
|
heap
|
page read and write
|
||
|
1C0F005A000
|
heap
|
page read and write
|
||
|
7FF74DCC9000
|
unkown
|
page write copy
|
||
|
7FF74DCA1000
|
unkown
|
page execute read
|
||
|
1C0EE4A0000
|
trusted library allocation
|
page read and write
|
||
|
1C0EE59E000
|
heap
|
page read and write
|
||
|
1EAC735E000
|
heap
|
page read and write
|
||
|
1EAC737F000
|
heap
|
page read and write
|
||
|
1C0EE6A0000
|
trusted library allocation
|
page read and write
|
||
|
1EAC8E33000
|
trusted library allocation
|
page read and write
|
||
|
1C0EE53A000
|
heap
|
page read and write
|
||
|
7FF4A1385000
|
trusted library allocation
|
page execute read
|
||
|
1EAC72FF000
|
heap
|
page read and write
|
||
|
1EAC7341000
|
heap
|
page read and write
|
||
|
1EAC8DF3000
|
trusted library allocation
|
page read and write
|
||
|
1EAC8CD1000
|
heap
|
page read and write
|
||
|
7FF74DCBC000
|
unkown
|
page readonly
|
||
|
7FF74DD11000
|
unkown
|
page readonly
|
||
|
1C0EE534000
|
heap
|
page read and write
|
||
|
AAFE3FB000
|
stack
|
page read and write
|
||
|
1C0F0190000
|
trusted library allocation
|
page read and write
|
||
|
7FF74DCA0000
|
unkown
|
page readonly
|
||
|
1C0EE5C1000
|
heap
|
page read and write
|
||
|
1C0F0193000
|
trusted library allocation
|
page read and write
|
||
|
1C0EE541000
|
heap
|
page read and write
|
||
|
1C0F0058000
|
heap
|
page read and write
|
||
|
1EACB027000
|
heap
|
page read and write
|
||
|
1C0EE5C1000
|
heap
|
page read and write
|
||
|
1C0EE5C5000
|
heap
|
page read and write
|
||
|
7FF4F8FB4000
|
trusted library allocation
|
page readonly
|
||
|
1EACAFD4000
|
heap
|
page read and write
|
||
|
1EAC7240000
|
trusted library allocation
|
page read and write
|
||
|
1C0F003E000
|
heap
|
page read and write
|
||
|
1EACB0B3000
|
heap
|
page read and write
|
||
|
1EAC8E30000
|
trusted library allocation
|
page read and write
|
||
|
1EAC8CDA000
|
heap
|
page read and write
|
||
|
1C0F2386000
|
heap
|
page read and write
|
||
|
84A15FE000
|
stack
|
page read and write
|
||
|
1EAC8E40000
|
heap
|
page read and write
|
||
|
1EAC8E00000
|
heap
|
page read and write
|
||
|
1C0EE82E000
|
heap
|
page read and write
|
||
|
1C0F003E000
|
heap
|
page read and write
|
||
|
7FF74DCBC000
|
unkown
|
page readonly
|
||
|
1C0EE820000
|
heap
|
page read and write
|
||
|
1C0F01A0000
|
heap
|
page read and write
|
||
|
7FF4F8FB1000
|
trusted library allocation
|
page execute read
|
||
|
1EAC7375000
|
heap
|
page read and write
|
||
|
1C0F01A3000
|
heap
|
page read and write
|
||
|
7FF4A1383000
|
trusted library allocation
|
page execute read
|
||
|
1EAC7307000
|
heap
|
page read and write
|
||
|
1EAC737A000
|
heap
|
page read and write
|
||
|
1EAC8E03000
|
heap
|
page read and write
|
||
|
1C0EE58C000
|
heap
|
page read and write
|
||
|
1EAC7354000
|
heap
|
page read and write
|
There are 247 hidden memdumps, click here to show them.