Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
SecuriteInfo.com.suspected.of.Win32.PhishingPE.Heur.10337.17085.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
initial sample
|
||
|
C:\Program Files (x86)\ZOC5\Develop.txt
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files (x86)\ZOC5\Features.txt
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files (x86)\ZOC5\Problems.txt
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files (x86)\ZOC5\Readme.txt
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files (x86)\ZOC5\Register.txt
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files (x86)\ZOC5\RxREXX.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Program Files (x86)\ZOC5\Setup.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Program Files (x86)\ZOC5\SetupEnglish.Dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Program Files (x86)\ZOC5\SetupGerman.Dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Program Files (x86)\ZOC5\Versions.txt
|
Nim source code, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files (x86)\ZOC5\ZOC.chm
|
MS Windows HtmlHelp Data
|
dropped
|
||
|
C:\Program Files (x86)\ZOC5\ZOC.cnt
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files (x86)\ZOC5\admin$$$.ini
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files (x86)\ZOC5\admin.ini
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files (x86)\ZOC5\admin_sample.ini
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files (x86)\ZOC5\devisdn2.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Program Files (x86)\ZOC5\devmodem.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Program Files (x86)\ZOC5\devnpipe.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Program Files (x86)\ZOC5\devrcmd.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Program Files (x86)\ZOC5\devssh.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Program Files (x86)\ZOC5\devtapi.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Program Files (x86)\ZOC5\devtlnet.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Program Files (x86)\ZOC5\emtecrt.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Program Files (x86)\ZOC5\emu3270.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Program Files (x86)\ZOC5\emu5250.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Program Files (x86)\ZOC5\emuansi.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Program Files (x86)\ZOC5\emuqnx.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Program Files (x86)\ZOC5\emutty.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Program Files (x86)\ZOC5\emuvt.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Program Files (x86)\ZOC5\emuwyse.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Program Files (x86)\ZOC5\jingling.wav
|
RIFF (little-endian) data, WAVE audio, Microsoft PCM, 16 bit, mono 22050 Hz
|
dropped
|
||
|
C:\Program Files (x86)\ZOC5\license.txt
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files (x86)\ZOC5\lizenz.txt
|
ISO-8859 text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files (x86)\ZOC5\newuserprofile\Introduction to REXX.PDF
|
PDF document, version 1.4, 9 pages
|
dropped
|
||
|
C:\Program Files (x86)\ZOC5\newuserprofile\Options\3270.zoc
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files (x86)\ZOC5\newuserprofile\Options\5250.zoc
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files (x86)\ZOC5\newuserprofile\Options\7bit_to_dosibm.ztr
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files (x86)\ZOC5\newuserprofile\Options\7bit_to_linux.ztr
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files (x86)\ZOC5\newuserprofile\Options\7bit_to_vt220.ztr
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files (x86)\ZOC5\newuserprofile\Options\7bit_to_winansi.ztr
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files (x86)\ZOC5\newuserprofile\Options\Standard.zat
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files (x86)\ZOC5\newuserprofile\Options\Standard.zoc
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files (x86)\ZOC5\newuserprofile\Options\dosibm_to_ansi.ztr
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files (x86)\ZOC5\newuserprofile\Options\dosibm_to_vt220.ztr
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files (x86)\ZOC5\newuserprofile\Options\standard.zky
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files (x86)\ZOC5\newuserprofile\Options\standard.ztb
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files (x86)\ZOC5\newuserprofile\Options\standard.ztr
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files (x86)\ZOC5\newuserprofile\Options\winansi_to_ibm.ztr
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files (x86)\ZOC5\newuserprofile\Options\zochosts.ini
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files (x86)\ZOC5\newuserprofile\Rexx\Internet Tutorials\Another Rexx Tutorial.url
|
Generic INItialization configuration [InternetShortcut]
|
dropped
|
||
|
C:\Program Files (x86)\ZOC5\newuserprofile\Rexx\Internet Tutorials\The REXX Language (3rd Party Tutorial).url
|
Generic INItialization configuration [InternetShortcut]
|
dropped
|
||
|
C:\Program Files (x86)\ZOC5\newuserprofile\Rexx\Learning REXX from Samples Step by Step\10_printer.zrx
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files (x86)\ZOC5\newuserprofile\Rexx\Learning REXX from Samples Step by Step\1_first.zrx
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files (x86)\ZOC5\newuserprofile\Rexx\Learning REXX from Samples Step by Step\2_ifelse.zrx
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files (x86)\ZOC5\newuserprofile\Rexx\Learning REXX from Samples Step by Step\3_loop.zrx
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files (x86)\ZOC5\newuserprofile\Rexx\Learning REXX from Samples Step by Step\4_modem.zrx
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files (x86)\ZOC5\newuserprofile\Rexx\Learning REXX from Samples Step by Step\5_reply.zrx
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files (x86)\ZOC5\newuserprofile\Rexx\Learning REXX from Samples Step by Step\6_subr.zrx
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files (x86)\ZOC5\newuserprofile\Rexx\Learning REXX from Samples Step by Step\6a_subr.zrx
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files (x86)\ZOC5\newuserprofile\Rexx\Learning REXX from Samples Step by Step\7_array.zrx
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files (x86)\ZOC5\newuserprofile\Rexx\Learning REXX from Samples Step by Step\8_fileio.zrx
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files (x86)\ZOC5\newuserprofile\Rexx\Learning REXX from Samples Step by Step\99_fido.zrx
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files (x86)\ZOC5\newuserprofile\Rexx\Learning REXX from Samples Step by Step\9_lastln.zrx
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files (x86)\ZOC5\newuserprofile\Rexx\Samples From the ZOC Manual\first.zrx
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files (x86)\ZOC5\newuserprofile\Rexx\Samples From the ZOC Manual\if1.zrx
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files (x86)\ZOC5\newuserprofile\Rexx\Samples From the ZOC Manual\if2.zrx
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files (x86)\ZOC5\newuserprofile\Rexx\Samples From the ZOC Manual\if3.zrx
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files (x86)\ZOC5\newuserprofile\Rexx\Samples From the ZOC Manual\login.zrx
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files (x86)\ZOC5\newuserprofile\Rexx\Samples From the ZOC Manual\login2.zrx
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files (x86)\ZOC5\newuserprofile\Rexx\Samples From the ZOC Manual\zoclastl.zrx
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files (x86)\ZOC5\newuserprofile\Rexx\Samples From the ZOC Manual\zocresu.zrx
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files (x86)\ZOC5\newuserprofile\Rexx\The REXX Language.hlp
|
MS Windows 3.1 help, Thu Jun 3 17:17:30 2004, 59631 bytes
|
dropped
|
||
|
C:\Program Files (x86)\ZOC5\newuserprofile\Rexx\The REXX Lessons (Files)\LEARN01.zrx
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files (x86)\ZOC5\newuserprofile\Rexx\The REXX Lessons (Files)\LEARN02.zrx
|
OS/2 REXX batch file, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files (x86)\ZOC5\newuserprofile\Rexx\The REXX Lessons (Files)\LEARN03.zrx
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files (x86)\ZOC5\newuserprofile\Rexx\The REXX Lessons (Files)\LEARN04.zrx
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files (x86)\ZOC5\newuserprofile\Rexx\The REXX Lessons (Files)\LEARN05.zrx
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files (x86)\ZOC5\newuserprofile\Rexx\The REXX Lessons (Files)\LEARN06.zrx
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files (x86)\ZOC5\newuserprofile\Rexx\The REXX Lessons (Files)\LEARN07.zrx
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files (x86)\ZOC5\newuserprofile\Rexx\The REXX Lessons (Files)\LEARN08.zrx
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files (x86)\ZOC5\newuserprofile\Rexx\The REXX Lessons (Files)\LEARN09.zrx
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files (x86)\ZOC5\newuserprofile\Rexx\The REXX Lessons (Files)\LEARN10.zrx
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files (x86)\ZOC5\newuserprofile\Rexx\The REXX Lessons (Files)\LEARN11.zrx
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files (x86)\ZOC5\newuserprofile\Rexx\The REXX Lessons (Files)\LEARN12.zrx
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files (x86)\ZOC5\newuserprofile\Rexx\The REXX Lessons (Files)\LEARN13.zrx
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files (x86)\ZOC5\newuserprofile\Rexx\The REXX Lessons (Files)\LEARN14.zrx
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files (x86)\ZOC5\newuserprofile\Rexx\The REXX Lessons (Files)\LEARN15.zrx
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files (x86)\ZOC5\newuserprofile\Rexx\The REXX Lessons (Files)\LEARN16.zrx
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files (x86)\ZOC5\newuserprofile\Rexx\The REXX Lessons (Files)\LEARN17.zrx
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files (x86)\ZOC5\newuserprofile\Rexx\The REXX Lessons (Files)\LEARN18.zrx
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files (x86)\ZOC5\newuserprofile\Rexx\The REXX Lessons (Files)\LEARN19.zrx
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files (x86)\ZOC5\newuserprofile\Rexx\The REXX Lessons (Files)\LEARN20.zrx
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files (x86)\ZOC5\newuserprofile\Rexx\The REXX Lessons (Files)\LEARN21.zrx
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files (x86)\ZOC5\newuserprofile\Rexx\The REXX Lessons (Files)\LEARN22.zrx
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files (x86)\ZOC5\newuserprofile\Rexx\The REXX Lessons (Files)\LEARN23.zrx
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files (x86)\ZOC5\newuserprofile\Rexx\The REXX Lessons (Files)\LEARN24.zrx
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files (x86)\ZOC5\newuserprofile\Rexx\The REXX Lessons (Files)\LEARN25.zrx
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files (x86)\ZOC5\newuserprofile\Rexx\The REXX Lessons (Files)\LEARN26.zrx
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files (x86)\ZOC5\newuserprofile\Rexx\The REXX Lessons (Files)\LEARN27.zrx
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files (x86)\ZOC5\newuserprofile\Rexx\The REXX Lessons (Files)\LEARN28.zrx
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files (x86)\ZOC5\newuserprofile\Rexx\The REXX Lessons (Files)\LEARN29.zrx
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files (x86)\ZOC5\newuserprofile\Rexx\The REXX Lessons (Files)\LEARN30.zrx
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files (x86)\ZOC5\newuserprofile\Rexx\The REXX Lessons (Files)\LEARN31.zrx
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files (x86)\ZOC5\newuserprofile\Rexx\The REXX Lessons (Files)\LEARN32.zrx
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files (x86)\ZOC5\newuserprofile\Rexx\The REXX Lessons (Files)\LEARN33.zrx
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files (x86)\ZOC5\newuserprofile\Rexx\The REXX Lessons (Files)\LEARN34.zrx
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files (x86)\ZOC5\newuserprofile\Rexx\The REXX Lessons (Files)\LEARN35.zrx
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files (x86)\ZOC5\newuserprofile\Rexx\The REXX Lessons (Files)\LEARN36.zrx
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files (x86)\ZOC5\newuserprofile\Rexx\The REXX Lessons (Files)\LEARN37.zrx
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files (x86)\ZOC5\newuserprofile\Rexx\The REXX Lessons (Files)\LEARN38.zrx
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files (x86)\ZOC5\newuserprofile\Rexx\The REXX Lessons (Files)\LEARN39.zrx
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files (x86)\ZOC5\newuserprofile\Rexx\The REXX Lessons (Files)\LEARN40.zrx
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files (x86)\ZOC5\newuserprofile\Rexx\The REXX Lessons (Files)\LEARN41.zrx
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files (x86)\ZOC5\newuserprofile\Rexx\The REXX Lessons (engl.).hlp
|
MS Windows 3.1 help, Wed Jun 2 21:57:33 2004, 87270 bytes
|
dropped
|
||
|
C:\Program Files (x86)\ZOC5\newuserprofile\Rexx\ZOC Specials\zocevent.txt
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files (x86)\ZOC5\newuserprofile\Rexx\ZOC Specials\zocevent.zrx
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files (x86)\ZOC5\newuserprofile\Rexx\ZOC Specials\zocxfer.txt
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files (x86)\ZOC5\newuserprofile\Rexx\ZOC Specials\zocxfer.zrx
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files (x86)\ZOC5\newuserprofile\Rexx\buttoninfo.zrx
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files (x86)\ZOC5\newuserprofile\Rexx\minihost.zrx
|
OS/2 REXX batch file, ISO-8859 text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files (x86)\ZOC5\newuserprofile\Rexx\sample.zrx
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files (x86)\ZOC5\newuserprofile\minihost.zrx
|
OS/2 REXX batch file, ISO-8859 text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files (x86)\ZOC5\order.cfg
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files (x86)\ZOC5\order.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Program Files (x86)\ZOC5\osyswin.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Program Files (x86)\ZOC5\phimport.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Program Files (x86)\ZOC5\setup\advertise_pyrotrans.cfg
|
ISO-8859 text, with very long lines (316), with CRLF line terminators
|
dropped
|
||
|
C:\Program Files (x86)\ZOC5\setup\out\setup.cfg
|
ISO-8859 text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files (x86)\ZOC5\shellicons.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Program Files (x86)\ZOC5\showem.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Program Files (x86)\ZOC5\sndbell.wav
|
RIFF (little-endian) data, WAVE audio, Microsoft PCM, 16 bit, mono 22050 Hz
|
dropped
|
||
|
C:\Program Files (x86)\ZOC5\sndlogoff.wav
|
RIFF (little-endian) data, WAVE audio, Microsoft PCM, 16 bit, mono 11025 Hz
|
dropped
|
||
|
C:\Program Files (x86)\ZOC5\sndlogon.wav
|
RIFF (little-endian) data, WAVE audio, Microsoft PCM, 16 bit, mono 44100 Hz
|
dropped
|
||
|
C:\Program Files (x86)\ZOC5\ssh.exe
|
PE32 executable (console) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Program Files (x86)\ZOC5\sshdll.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Program Files (x86)\ZOC5\telnet.exe
|
PE32 executable (console) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Program Files (x86)\ZOC5\tips_engl.txt
|
Generic INItialization configuration [TIP]
|
dropped
|
||
|
C:\Program Files (x86)\ZOC5\tips_ger.txt
|
Generic INItialization configuration [TIP]
|
dropped
|
||
|
C:\Program Files (x86)\ZOC5\unicode\1250.tbl
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files (x86)\ZOC5\unicode\1251.tbl
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files (x86)\ZOC5\unicode\1252.tbl
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files (x86)\ZOC5\unicode\1253.tbl
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files (x86)\ZOC5\unicode\437.tbl
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files (x86)\ZOC5\unicode\737.tbl
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files (x86)\ZOC5\unicode\852.tbl
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files (x86)\ZOC5\unicode\866.tbl
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files (x86)\ZOC5\xfrkerm.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Program Files (x86)\ZOC5\xfrsealink.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Program Files (x86)\ZOC5\xfrxyz.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Program Files (x86)\ZOC5\zaphoddll.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Program Files (x86)\ZOC5\zoc.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Program Files (x86)\ZOC5\zocdll.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\FEA0B4.tmp
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\~emtec~354033\FILE_ID.DIZ
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\~emtec~354033\advertise_pyrotrans.cfg
|
ISO-8859 text, with very long lines (316), with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\~emtec~354033\commandline.ini
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\~emtec~354033\setup.cfg
|
ISO-8859 text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\~emtec~354033\setup.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\~emtec~354033\setup.fil
|
Zip archive data, at least v2.0 to extract, compression method=deflate
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\~emtec~354033\setupenglish.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\~emtec~354033\setupgerman.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ZOC Terminal 5.1\Developers Readme.LNK
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Description string, Has Relative path, Has Working
directory, Archive, ctime=Tue Apr 23 19:27:09 2024, mtime=Tue Apr 23 19:27:09 2024, atime=Tue Dec 2 14:12:32 2008, length=1443,
window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ZOC Terminal 5.1\Feature List.LNK
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Description string, Has Relative path, Has Working
directory, Archive, ctime=Tue Apr 23 19:27:11 2024, mtime=Tue Apr 23 19:27:11 2024, atime=Tue Dec 2 14:12:32 2008, length=2241,
window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ZOC Terminal 5.1\Homepage EmTec.URL
|
Generic INItialization configuration [InternetShortcut]
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ZOC Terminal 5.1\Homepage ZOC.URL
|
Generic INItialization configuration [InternetShortcut]
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ZOC Terminal 5.1\Order Info.LNK
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Description string, Has Relative path, Has Working
directory, Archive, ctime=Tue Apr 23 19:27:12 2024, mtime=Tue Apr 23 19:27:12 2024, atime=Tue Dec 2 14:12:32 2008, length=1989,
window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ZOC Terminal 5.1\Order ZOC.LNK
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Description string, Has Relative path, Has Working
directory, Archive, ctime=Tue Apr 23 19:27:11 2024, mtime=Tue Apr 23 19:27:11 2024, atime=Tue Dec 2 14:12:32 2008, length=116152,
window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ZOC Terminal 5.1\Readme.LNK
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Description string, Has Relative path, Has Working
directory, Archive, ctime=Tue Apr 23 19:27:12 2024, mtime=Tue Apr 23 19:27:12 2024, atime=Tue Dec 2 14:12:32 2008, length=4520,
window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ZOC Terminal 5.1\Uninstall ZOC.LNK
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Description string, Has Relative path, Has Working
directory, Has command line arguments, Icon number=1, Archive, ctime=Tue Apr 23 19:27:12 2024, mtime=Tue Apr 23 19:27:12 2024,
atime=Tue Apr 23 19:27:12 2024, length=632248, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ZOC Terminal 5.1\Version History.LNK
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Description string, Has Relative path, Has Working
directory, Archive, ctime=Tue Apr 23 19:27:12 2024, mtime=Tue Apr 23 19:27:12 2024, atime=Tue Dec 2 14:12:32 2008, length=24806,
window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ZOC Terminal 5.1\ZOC Command Line Parameters.LNK
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Description string, Has Relative path, Has Working
directory, Has command line arguments, Icon number=23, Archive, ctime=Sat Dec 7 08:10:00 2019, mtime=Tue Apr 23 19:27:23
2024, atime=Sat Dec 7 08:10:00 2019, length=16384, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ZOC Terminal 5.1\ZOC Help File.LNK
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Description string, Has Relative path, Has Working
directory, Has command line arguments, Icon number=23, Archive, ctime=Sat Dec 7 08:10:00 2019, mtime=Tue Apr 23 19:27:23
2024, atime=Sat Dec 7 08:10:00 2019, length=16384, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ZOC Terminal 5.1\ZOC Quick Start Guides.LNK
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Description string, Has Relative path, Has Working
directory, Has command line arguments, Icon number=23, Archive, ctime=Sat Dec 7 08:10:00 2019, mtime=Tue Apr 23 19:27:23
2024, atime=Sat Dec 7 08:10:00 2019, length=16384, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ZOC Terminal 5.1\ZOC V5.LNK
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Description string, Has Relative path, Has Working
directory, Archive, ctime=Tue Apr 23 19:27:12 2024, mtime=Tue Apr 23 19:27:12 2024, atime=Tue Dec 2 14:12:46 2008, length=193976,
window=hide
|
dropped
|
There are 165 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\SecuriteInfo.com.suspected.of.Win32.PhishingPE.Heur.10337.17085.exe
|
"C:\Users\user\Desktop\SecuriteInfo.com.suspected.of.Win32.PhishingPE.Heur.10337.17085.exe"
|
||
|
C:\Users\user\AppData\Local\Temp\~emtec~354033\setup.exe
|
.\setup.exe
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://www.emtec.com/
|
unknown
|
||
|
http://www.emtec.com/common/order.htm
|
unknown
|
||
|
http://www.emtec.comStandbyvalue
|
unknown
|
||
|
http://www.emtec.com/pyrotrans/index.htmS
|
unknown
|
||
|
http://www.emtec.com/pyrotrans/index.htmls
|
unknown
|
||
|
http://www.emtec.com/common/order.htmlhttp://www.emtec.com/common/order.htm
|
unknown
|
||
|
http://www.borg.com/~jglatt/rexx/scripts/language/language.htm.)
|
unknown
|
||
|
http://www.emtec.com/common/support.html
|
unknown
|
||
|
http://www.emtec.com/zoc/index.htm
|
unknown
|
||
|
http://ocsp.thawte.com0
|
unknown
|
||
|
http://www.emtec.com/zoc/index.html
|
unknown
|
||
|
http://www.borg.com/~jglatt/rexx/scripts/language/language.htm
|
unknown
|
||
|
https://http://;setup.exe:1;setup.exe;-remove
|
unknown
|
||
|
http://www.emtec.com/zoc/order.html
|
unknown
|
||
|
http://www.emtec.comPublisherEmTec
|
unknown
|
||
|
http://crl.thawte.com/ThawteCodeSigningCA.crl0
|
unknown
|
||
|
http://www.openssl.org/support/faq.html
|
unknown
|
||
|
http://www.emtec.com/pyrotrans/index.htmlV
|
unknown
|
||
|
http://www.pdfpdf.com)
|
unknown
|
||
|
http://www.emtec.com/common/order.html
|
unknown
|
||
|
http://www.emtec.com/pyrotrans/index.html.1
|
unknown
|
||
|
http://www.openssl.org/support/faq.html....................
|
unknown
|
||
|
http://www.emtec.com
|
unknown
|
||
|
http://www.kilowattsoftware.com/tutorial/rexx/
|
unknown
|
||
|
http://crl.thawte.com/ThawtePremiumServerCA.crl0
|
unknown
|
||
|
http://www.emtec.com/common/contact.html
|
unknown
|
||
|
http://www.emtec.com/pyrotrans/index.html
|
unknown
|
||
|
http://www.emtec.com/pyrotrans/index.htmlnn
|
unknown
|
||
|
http://www.emtec.com/pyrotrans/index.htm
|
unknown
|
There are 19 hidden URLs, click here to show them.
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.zrx
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ZOC.REXX
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ZOC.REXX\DefaultIcon
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ZOC.REXX\Shell\open\command
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ZOC.REXX\Shell\edit\command
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.zoc
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ZOC.Profile
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ZOC.Profile\DefaultIcon
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ZOC.Profile\Shell\open\command
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ZOC.Profile\Shell\edit\command
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.zfg
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ZOC.Settings
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ZOC.Settings\DefaultIcon
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ZOC.Settings\Shell\open\command
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.zky
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ZOC.Keymap
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ZOC.Keymap\DefaultIcon
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ZOC.Keymap\Shell\open\command
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ZOC.Keymap\Shell\edit\command
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.ztr
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ZOC.Translate
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ZOC.Translate\DefaultIcon
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ZOC.Translate\Shell\open\command
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ZOC.Translate\Shell\edit\command
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.ztb
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ZOC.Toolbar
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ZOC.Toolbar\DefaultIcon
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ZOC.Toolbar\Shell\open\command
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ZOC.Toolbar\Shell\edit\command
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.zat
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ZOC.AT Cmds
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ZOC.AT Cmds\DefaultIcon
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.ztn
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ZOC.Tunnel
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ZOC.Tunnel\DefaultIcon
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ZOC.Tunnel\Shell\edit\command
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.zsh
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ZOC.Cmdline
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ZOC.Cmdline\DefaultIcon
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ZOC.Cmdline\Shell\open\command
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ZOC5
|
DisplayName
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ZOC5
|
DisplayVersion
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ZOC5
|
DisplayIcon
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ZOC5
|
Publisher
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ZOC5
|
URLInfoAbout
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ZOC5
|
AppName
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ZOC5
|
Version
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ZOC5
|
UninstallString
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ZOC5
|
UninstallFiles
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ZOC5
|
UninstallPath
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ZOC5
|
UninstallRootClasses
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ZOC5
|
UninstallProtect
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ZOC5
|
UninstallStartmenu
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ZOC5
|
UninstallStartmenuFiles
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ZOC5
|
%ZOCFILES%
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Enterprise Alternatives\REXX\ExecOptions
|
GlobalSCBs
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Emtec\ZOC5
|
SetupForceWorkdir
|
There are 47 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
30C0000
|
direct allocation
|
page read and write
|
||
|
30F0000
|
direct allocation
|
page read and write
|
||
|
4A5F000
|
stack
|
page read and write
|
||
|
19C000
|
stack
|
page read and write
|
||
|
30B0000
|
direct allocation
|
page read and write
|
||
|
494000
|
unkown
|
page readonly
|
||
|
3120000
|
direct allocation
|
page read and write
|
||
|
337F000
|
stack
|
page read and write
|
||
|
3160000
|
direct allocation
|
page read and write
|
||
|
30E0000
|
direct allocation
|
page read and write
|
||
|
48D000
|
unkown
|
page read and write
|
||
|
30C0000
|
direct allocation
|
page read and write
|
||
|
2500000
|
heap
|
page read and write
|
||
|
3080000
|
direct allocation
|
page read and write
|
||
|
610000
|
heap
|
page read and write
|
||
|
3140000
|
direct allocation
|
page read and write
|
||
|
495E000
|
stack
|
page read and write
|
||
|
66B000
|
heap
|
page read and write
|
||
|
3160000
|
direct allocation
|
page read and write
|
||
|
3160000
|
direct allocation
|
page read and write
|
||
|
3160000
|
direct allocation
|
page read and write
|
||
|
1E5000
|
heap
|
page read and write
|
||
|
3160000
|
direct allocation
|
page read and write
|
||
|
3160000
|
direct allocation
|
page read and write
|
||
|
475000
|
unkown
|
page read and write
|
||
|
7FF000
|
stack
|
page read and write
|
||
|
3040000
|
direct allocation
|
page read and write
|
||
|
3160000
|
direct allocation
|
page read and write
|
||
|
30C0000
|
direct allocation
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
20A0000
|
trusted library allocation
|
page read and write
|
||
|
20A0000
|
trusted library allocation
|
page read and write
|
||
|
1FB5000
|
heap
|
page read and write
|
||
|
3180000
|
direct allocation
|
page read and write
|
||
|
30B0000
|
direct allocation
|
page read and write
|
||
|
2340000
|
heap
|
page read and write
|
||
|
3030000
|
direct allocation
|
page read and write
|
||
|
30C0000
|
direct allocation
|
page read and write
|
||
|
3160000
|
direct allocation
|
page read and write
|
||
|
64F000
|
heap
|
page read and write
|
||
|
66C000
|
heap
|
page read and write
|
||
|
30C0000
|
direct allocation
|
page read and write
|
||
|
454000
|
unkown
|
page readonly
|
||
|
30B0000
|
direct allocation
|
page read and write
|
||
|
30F0000
|
direct allocation
|
page read and write
|
||
|
20A0000
|
trusted library allocation
|
page read and write
|
||
|
3160000
|
direct allocation
|
page read and write
|
||
|
46B0000
|
heap
|
page read and write
|
||
|
552000
|
heap
|
page read and write
|
||
|
40F000
|
unkown
|
page read and write
|
||
|
30C0000
|
direct allocation
|
page read and write
|
||
|
2F6E000
|
stack
|
page read and write
|
||
|
327E000
|
stack
|
page read and write
|
||
|
99000
|
stack
|
page read and write
|
||
|
30B0000
|
direct allocation
|
page read and write
|
||
|
430000
|
heap
|
page read and write
|
||
|
1FF0000
|
heap
|
page read and write
|
||
|
30B0000
|
direct allocation
|
page read and write
|
||
|
3160000
|
direct allocation
|
page read and write
|
||
|
639000
|
heap
|
page read and write
|
||
|
30B0000
|
direct allocation
|
page read and write
|
||
|
1FC0000
|
heap
|
page read and write
|
||
|
2350000
|
heap
|
page read and write
|
||
|
30D0000
|
direct allocation
|
page read and write
|
||
|
681000
|
heap
|
page read and write
|
||
|
6C9000
|
heap
|
page read and write
|
||
|
3100000
|
direct allocation
|
page read and write
|
||
|
494000
|
unkown
|
page readonly
|
||
|
3100000
|
direct allocation
|
page read and write
|
||
|
3089000
|
direct allocation
|
page read and write
|
||
|
3160000
|
direct allocation
|
page read and write
|
||
|
30C0000
|
direct allocation
|
page read and write
|
||
|
30C0000
|
direct allocation
|
page read and write
|
||
|
481E000
|
stack
|
page read and write
|
||
|
4E0000
|
direct allocation
|
page read and write
|
||
|
30D0000
|
direct allocation
|
page read and write
|
||
|
2564000
|
heap
|
page read and write
|
||
|
3160000
|
direct allocation
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
30B0000
|
direct allocation
|
page read and write
|
||
|
3160000
|
direct allocation
|
page read and write
|
||
|
3140000
|
direct allocation
|
page read and write
|
||
|
3160000
|
direct allocation
|
page read and write
|
||
|
30B0000
|
direct allocation
|
page read and write
|
||
|
30C0000
|
direct allocation
|
page read and write
|
||
|
30B0000
|
direct allocation
|
page read and write
|
||
|
30E0000
|
direct allocation
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
46C000
|
unkown
|
page read and write
|
||
|
6A0000
|
heap
|
page read and write
|
||
|
2354000
|
heap
|
page read and write
|
||
|
30F0000
|
direct allocation
|
page read and write
|
||
|
30C0000
|
direct allocation
|
page read and write
|
||
|
53E000
|
heap
|
page read and write
|
||
|
30B0000
|
direct allocation
|
page read and write
|
||
|
2350000
|
heap
|
page read and write
|
||
|
453E000
|
stack
|
page read and write
|
||
|
6A3000
|
heap
|
page read and write
|
||
|
3160000
|
direct allocation
|
page read and write
|
||
|
20A0000
|
trusted library allocation
|
page read and write
|
||
|
3090000
|
direct allocation
|
page read and write
|
||
|
30B0000
|
direct allocation
|
page read and write
|
||
|
697000
|
heap
|
page read and write
|
||
|
530000
|
heap
|
page read and write
|
||
|
3100000
|
direct allocation
|
page read and write
|
||
|
30C0000
|
direct allocation
|
page read and write
|
||
|
3160000
|
direct allocation
|
page read and write
|
||
|
30D0000
|
direct allocation
|
page read and write
|
||
|
420000
|
heap
|
page read and write
|
||
|
30E0000
|
direct allocation
|
page read and write
|
||
|
30B0000
|
direct allocation
|
page read and write
|
||
|
3140000
|
direct allocation
|
page read and write
|
||
|
1FF4000
|
heap
|
page read and write
|
||
|
68A000
|
heap
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
620000
|
heap
|
page read and write
|
||
|
3160000
|
direct allocation
|
page read and write
|
||
|
467F000
|
stack
|
page read and write
|
||
|
30C0000
|
direct allocation
|
page read and write
|
||
|
3100000
|
direct allocation
|
page read and write
|
||
|
26E0000
|
trusted library allocation
|
page read and write
|
||
|
3160000
|
direct allocation
|
page read and write
|
||
|
510000
|
heap
|
page read and write
|
||
|
515000
|
heap
|
page read and write
|
||
|
3160000
|
direct allocation
|
page read and write
|
||
|
3160000
|
direct allocation
|
page read and write
|
||
|
30A0000
|
direct allocation
|
page read and write
|
||
|
4C0000
|
heap
|
page read and write
|
||
|
477000
|
unkown
|
page read and write
|
||
|
3160000
|
direct allocation
|
page read and write
|
||
|
3160000
|
direct allocation
|
page read and write
|
||
|
30C0000
|
direct allocation
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
3150000
|
direct allocation
|
page read and write
|
||
|
3160000
|
direct allocation
|
page read and write
|
||
|
3160000
|
direct allocation
|
page read and write
|
||
|
30C0000
|
direct allocation
|
page read and write
|
||
|
10000000
|
unkown
|
page readonly
|
||
|
66B000
|
heap
|
page read and write
|
||
|
30F0000
|
direct allocation
|
page read and write
|
||
|
417000
|
unkown
|
page readonly
|
||
|
575000
|
heap
|
page read and write
|
||
|
30E0000
|
direct allocation
|
page read and write
|
||
|
2341000
|
heap
|
page read and write
|
||
|
3160000
|
direct allocation
|
page read and write
|
||
|
30D0000
|
direct allocation
|
page read and write
|
||
|
47E0000
|
trusted library allocation
|
page read and write
|
||
|
3160000
|
direct allocation
|
page read and write
|
||
|
662000
|
heap
|
page read and write
|
||
|
66C000
|
heap
|
page read and write
|
||
|
30A0000
|
direct allocation
|
page read and write
|
||
|
556000
|
heap
|
page read and write
|
||
|
3160000
|
direct allocation
|
page read and write
|
||
|
30F0000
|
direct allocation
|
page read and write
|
||
|
30B0000
|
direct allocation
|
page read and write
|
||
|
1E0000
|
heap
|
page read and write
|
||
|
454000
|
unkown
|
page readonly
|
||
|
4D0000
|
heap
|
page read and write
|
||
|
3110000
|
direct allocation
|
page read and write
|
||
|
30B0000
|
direct allocation
|
page read and write
|
||
|
662000
|
heap
|
page read and write
|
||
|
20A0000
|
trusted library allocation
|
page read and write
|
||
|
24E0000
|
heap
|
page read and write
|
||
|
3160000
|
direct allocation
|
page read and write
|
||
|
3100000
|
direct allocation
|
page read and write
|
||
|
46C0000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
20A0000
|
trusted library allocation
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
3110000
|
direct allocation
|
page read and write
|
||
|
487000
|
unkown
|
page read and write
|
||
|
3160000
|
direct allocation
|
page read and write
|
||
|
1FB0000
|
heap
|
page read and write
|
||
|
30C0000
|
direct allocation
|
page read and write
|
||
|
518000
|
heap
|
page read and write
|
||
|
7A0000
|
heap
|
page read and write
|
||
|
691000
|
heap
|
page read and write
|
||
|
3130000
|
direct allocation
|
page read and write
|
||
|
30C0000
|
direct allocation
|
page read and write
|
||
|
30C0000
|
direct allocation
|
page read and write
|
||
|
20A0000
|
trusted library allocation
|
page read and write
|
||
|
3170000
|
direct allocation
|
page read and write
|
||
|
579000
|
heap
|
page read and write
|
||
|
40E000
|
unkown
|
page write copy
|
||
|
3080000
|
direct allocation
|
page read and write
|
||
|
5B0000
|
heap
|
page read and write
|
||
|
30D0000
|
direct allocation
|
page read and write
|
||
|
40B000
|
unkown
|
page readonly
|
||
|
30C0000
|
direct allocation
|
page read and write
|
||
|
3160000
|
direct allocation
|
page read and write
|
||
|
3160000
|
direct allocation
|
page read and write
|
||
|
40B000
|
unkown
|
page readonly
|
||
|
3160000
|
direct allocation
|
page read and write
|
||
|
3120000
|
direct allocation
|
page read and write
|
||
|
20A0000
|
trusted library allocation
|
page read and write
|
||
|
347F000
|
stack
|
page read and write
|
||
|
3C00000
|
trusted library allocation
|
page read and write
|
||
|
96000
|
stack
|
page read and write
|
||
|
30F0000
|
direct allocation
|
page read and write
|
||
|
30C0000
|
direct allocation
|
page read and write
|
||
|
254E000
|
stack
|
page read and write
|
||
|
3160000
|
direct allocation
|
page read and write
|
||
|
66D000
|
heap
|
page read and write
|
||
|
30B0000
|
direct allocation
|
page read and write
|
||
|
317C000
|
stack
|
page read and write
|
||
|
62A000
|
heap
|
page read and write
|
||
|
1F50000
|
heap
|
page read and write
|
||
|
66D000
|
heap
|
page read and write
|
||
|
491F000
|
stack
|
page read and write
|
||
|
3060000
|
direct allocation
|
page read and write
|
||
|
40E000
|
unkown
|
page write copy
|
||
|
3100000
|
direct allocation
|
page read and write
|
||
|
3150000
|
direct allocation
|
page read and write
|
||
|
7AA000
|
heap
|
page read and write
|
||
|
30C0000
|
direct allocation
|
page read and write
|
||
|
3060000
|
direct allocation
|
page read and write
|
||
|
7A5000
|
heap
|
page read and write
|
||
|
457E000
|
stack
|
page read and write
|
||
|
1F60000
|
heap
|
page read and write
|
||
|
47E000
|
stack
|
page read and write
|
||
|
3160000
|
direct allocation
|
page read and write
|
||
|
30B0000
|
direct allocation
|
page read and write
|
||
|
3160000
|
direct allocation
|
page read and write
|
||
|
47E0000
|
trusted library allocation
|
page read and write
|
||
|
30E0000
|
direct allocation
|
page read and write
|
||
|
664000
|
heap
|
page read and write
|
||
|
3160000
|
direct allocation
|
page read and write
|
||
|
66A000
|
heap
|
page read and write
|
||
|
414000
|
unkown
|
page read and write
|
||
|
20A0000
|
trusted library allocation
|
page read and write
|
||
|
1F80000
|
unkown
|
page read and write
|
||
|
3160000
|
direct allocation
|
page read and write
|
||
|
30B0000
|
direct allocation
|
page read and write
|
||
|
2560000
|
heap
|
page read and write
|
||
|
30B0000
|
direct allocation
|
page read and write
|
||
|
20A0000
|
trusted library allocation
|
page read and write
|
||
|
20A0000
|
trusted library allocation
|
page read and write
|
||
|
3160000
|
direct allocation
|
page read and write
|
||
|
30B0000
|
direct allocation
|
page read and write
|
||
|
53A000
|
heap
|
page read and write
|
||
|
3120000
|
direct allocation
|
page read and write
|
||
|
3160000
|
direct allocation
|
page read and write
|
||
|
199000
|
stack
|
page read and write
|
||
|
30A0000
|
direct allocation
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
3160000
|
direct allocation
|
page read and write
|
||
|
30E1000
|
direct allocation
|
page read and write
|
||
|
3160000
|
direct allocation
|
page read and write
|
||
|
3160000
|
direct allocation
|
page read and write
|
||
|
69C000
|
heap
|
page read and write
|
||
|
30C0000
|
direct allocation
|
page read and write
|
||
|
3160000
|
direct allocation
|
page read and write
|
||
|
195000
|
stack
|
page read and write
|
||
|
47E0000
|
trusted library allocation
|
page read and write
|
||
|
47E0000
|
trusted library allocation
|
page read and write
|
||
|
30D0000
|
direct allocation
|
page read and write
|
||
|
417000
|
unkown
|
page readonly
|
||
|
30E0000
|
direct allocation
|
page read and write
|
||
|
46C000
|
unkown
|
page write copy
|
||
|
3100000
|
direct allocation
|
page read and write
|
||
|
20A0000
|
trusted library allocation
|
page read and write
|
||
|
3068000
|
direct allocation
|
page read and write
|
||
|
30E0000
|
direct allocation
|
page read and write
|
||
|
443E000
|
stack
|
page read and write
|
There are 254 hidden memdumps, click here to show them.