Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
noode.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
initial sample
|
 |
|
|
C:\ProgramData\EMAIL Safe Storage 10.2.45\EMAIL Safe Storage 10.2.45.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\is-LM01C.tmp\noode.tmp
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\is-PBM2B.tmp\_isetup\_RegDLL.tmp
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\is-PBM2B.tmp\_isetup\_iscrypt.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\is-PBM2B.tmp\_isetup\_setup64.tmp
|
PE32+ executable (console) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Zexter Video Codec\is-0PONS.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Zexter Video Codec\is-2UKG5.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Zexter Video Codec\is-3040J.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Zexter Video Codec\is-3QIQD.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Zexter Video Codec\is-4F47K.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Zexter Video Codec\is-5H4H0.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Zexter Video Codec\is-5I9BT.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Zexter Video Codec\is-5SKEM.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Zexter Video Codec\is-5V6CK.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Zexter Video Codec\is-6FIBU.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Zexter Video Codec\is-9EKQS.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Zexter Video Codec\is-B1QEF.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Zexter Video Codec\is-CPOJD.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Zexter Video Codec\is-DNQ2U.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Zexter Video Codec\is-EAOA0.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Zexter Video Codec\is-GDGEQ.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Zexter Video Codec\is-GIR45.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Zexter Video Codec\is-MOJAC.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Zexter Video Codec\is-NQBP8.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Zexter Video Codec\is-OO36J.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Zexter Video Codec\is-P8TLU.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Zexter Video Codec\is-Q3AP0.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Zexter Video Codec\is-Q9119.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Zexter Video Codec\is-V3G3E.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Zexter Video Codec\is-V9OMC.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Zexter Video Codec\lib\gtk-2.0\2.10.0\engines\is-16BHT.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Zexter Video Codec\lib\gtk-2.0\2.10.0\engines\is-TV3K6.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Zexter Video Codec\lib\gtk-2.0\2.10.0\engines\libpixmap.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Zexter Video Codec\lib\gtk-2.0\2.10.0\engines\libwimp.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Zexter Video Codec\lib\gtk-2.0\modules\is-6V5CI.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Zexter Video Codec\lib\gtk-2.0\modules\libgail.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Zexter Video Codec\libgcc_s_dw2-1.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Zexter Video Codec\libgdk-win32-2.0-0.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Zexter Video Codec\libgdk_pixbuf-2.0-0.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Zexter Video Codec\libgdkmm-2.4-1.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Zexter Video Codec\libgio-2.0-0.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Zexter Video Codec\libgiomm-2.4-1.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Zexter Video Codec\libglib-2.0-0.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Zexter Video Codec\libglibmm-2.4-1.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Zexter Video Codec\libgmodule-2.0-0.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Zexter Video Codec\libgobject-2.0-0.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Zexter Video Codec\libgomp-1.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Zexter Video Codec\libiconv-2.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Zexter Video Codec\libintl-8.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Zexter Video Codec\libjpeg-8.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Zexter Video Codec\liblcms2-2.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Zexter Video Codec\libpango-1.0-0.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Zexter Video Codec\libpangocairo-1.0-0.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Zexter Video Codec\libpangoft2-1.0-0.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Zexter Video Codec\libpangomm-1.4-1.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Zexter Video Codec\libpangowin32-1.0-0.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Zexter Video Codec\libpixman-1-0.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Zexter Video Codec\librsvg-2-2.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Zexter Video Codec\libsigc-2.0-0.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Zexter Video Codec\libstdc++-6.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Zexter Video Codec\libtiff-5.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Zexter Video Codec\uninstall\is-G9DGJ.tmp
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Zexter Video Codec\uninstall\unins000.exe (copy)
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Zexter Video Codec\zextervideocodec32.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
modified
|
|
|
|
C:\ProgramData\em102it45.dat
|
data
|
dropped
|
||
|
C:\ProgramData\em102rc45.dat
|
data
|
dropped
|
||
|
C:\ProgramData\em102resa.dat
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\ProgramData\em102resb.dat
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\is-PBM2B.tmp\_isetup\_shfoldr.dll
|
PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Zexter Video Codec\is-0JAIC.tmp
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Zexter Video Codec\is-0KE28.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Zexter Video Codec\is-39GU6.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Zexter Video Codec\is-50JPL.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Zexter Video Codec\is-7S3H1.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Zexter Video Codec\is-99TKC.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Zexter Video Codec\is-C2MKK.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Zexter Video Codec\is-LMLE4.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Zexter Video Codec\is-M2RP0.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Zexter Video Codec\is-OBSAB.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Zexter Video Codec\is-R29H0.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Zexter Video Codec\is-UB5BR.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Zexter Video Codec\is-VJDU6.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Zexter Video Codec\lib\gtk-2.0\2.10.0\engines\is-AKUJE.tmp
|
current ar archive
|
dropped
|
||
|
C:\Users\user\AppData\Local\Zexter Video Codec\lib\gtk-2.0\2.10.0\engines\is-HSILH.tmp
|
current ar archive
|
dropped
|
||
|
C:\Users\user\AppData\Local\Zexter Video Codec\lib\gtk-2.0\2.10.0\engines\libpixmap.dll.a (copy)
|
current ar archive
|
dropped
|
||
|
C:\Users\user\AppData\Local\Zexter Video Codec\lib\gtk-2.0\2.10.0\engines\libwimp.dll.a (copy)
|
current ar archive
|
dropped
|
||
|
C:\Users\user\AppData\Local\Zexter Video Codec\lib\gtk-2.0\include\gdkconfig.h (copy)
|
C source, ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Zexter Video Codec\lib\gtk-2.0\include\is-AQTVQ.tmp
|
C source, ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Zexter Video Codec\lib\gtk-2.0\modules\is-CJSAH.tmp
|
current ar archive
|
dropped
|
||
|
C:\Users\user\AppData\Local\Zexter Video Codec\lib\gtk-2.0\modules\libgail.dll.a (copy)
|
current ar archive
|
dropped
|
||
|
C:\Users\user\AppData\Local\Zexter Video Codec\libexpat-1.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Zexter Video Codec\libffi-6.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Zexter Video Codec\libfontconfig-1.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Zexter Video Codec\libfreetype-6.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Zexter Video Codec\libgraphite2.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Zexter Video Codec\libharfbuzz-0.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Zexter Video Codec\liblzma-5.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Zexter Video Codec\libpcre-1.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Zexter Video Codec\libpng16-16.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Zexter Video Codec\libwinpthread-1.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Zexter Video Codec\libxml2-2.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Zexter Video Codec\share\man\man1\is-PVGNH.tmp
|
troff or preprocessor input, ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Zexter Video Codec\share\man\man1\rawtherapee.1 (copy)
|
troff or preprocessor input, ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Zexter Video Codec\sounds\BatchComplete.wav (copy)
|
RIFF (little-endian) data, WAVE audio, Microsoft PCM, 16 bit, stereo 44100 Hz
|
dropped
|
||
|
C:\Users\user\AppData\Local\Zexter Video Codec\sounds\Empty.wav (copy)
|
RIFF (little-endian) data, WAVE audio, Microsoft PCM, 16 bit, mono 44100 Hz
|
dropped
|
||
|
C:\Users\user\AppData\Local\Zexter Video Codec\sounds\ProcessComplete.wav (copy)
|
RIFF (little-endian) data, WAVE audio, Microsoft PCM, 16 bit, stereo 44100 Hz
|
dropped
|
||
|
C:\Users\user\AppData\Local\Zexter Video Codec\sounds\is-7U25S.tmp
|
RIFF (little-endian) data, WAVE audio, Microsoft PCM, 16 bit, stereo 44100 Hz
|
dropped
|
||
|
C:\Users\user\AppData\Local\Zexter Video Codec\sounds\is-GFJSK.tmp
|
RIFF (little-endian) data, WAVE audio, Microsoft PCM, 16 bit, mono 44100 Hz
|
dropped
|
||
|
C:\Users\user\AppData\Local\Zexter Video Codec\sounds\is-VD7CR.tmp
|
RIFF (little-endian) data, WAVE audio, Microsoft PCM, 16 bit, stereo 44100 Hz
|
dropped
|
||
|
C:\Users\user\AppData\Local\Zexter Video Codec\themes\09-Gray-Orange.iconset (copy)
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Zexter Video Codec\themes\17-Gray-Red.gtkrc (copy)
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Zexter Video Codec\themes\17-Gray-Red.iconset (copy)
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Zexter Video Codec\themes\21-Gray-Gray.gtkrc (copy)
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Zexter Video Codec\themes\21-Gray-Gray.iconset (copy)
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Zexter Video Codec\themes\21-Gray-Orange.gtkrc (copy)
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Zexter Video Codec\themes\21-Gray-Orange.iconset (copy)
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Zexter Video Codec\themes\21-Gray-Purple.gtkrc (copy)
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Zexter Video Codec\themes\21-Gray-Purple.iconset (copy)
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Zexter Video Codec\themes\21-Gray-Red.gtkrc (copy)
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Zexter Video Codec\themes\21-Gray-Red.iconset (copy)
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Zexter Video Codec\themes\25-Gray-Gray.gtkrc (copy)
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Zexter Video Codec\themes\25-Gray-Gray.iconset (copy)
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Zexter Video Codec\themes\25-Gray-Purple.gtkrc (copy)
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Zexter Video Codec\themes\25-Gray-Purple.iconset (copy)
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Zexter Video Codec\themes\25-Gray-Red.gtkrc (copy)
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Zexter Video Codec\themes\25-Gray-Red.iconset (copy)
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Zexter Video Codec\themes\37-Gray-Red-Textured.gtkrc (copy)
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Zexter Video Codec\themes\37-Gray-Red-Textured.iconset (copy)
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Zexter Video Codec\themes\37-Gray-Red.gtkrc (copy)
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Zexter Video Codec\themes\37-Gray-Red.iconset (copy)
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Zexter Video Codec\themes\63-Gray-Cyan.gtkrc (copy)
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Zexter Video Codec\themes\63-Gray-Cyan.iconset (copy)
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Zexter Video Codec\themes\92-Beige-DarkCyan.gtkrc (copy)
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Zexter Video Codec\themes\92-Beige-DarkCyan.iconset (copy)
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Zexter Video Codec\themes\gray_textured\arrow-down-ins.png (copy)
|
PNG image data, 18 x 18, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Local\Zexter Video Codec\themes\gray_textured\arrow-down-pre.png (copy)
|
PNG image data, 18 x 18, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Local\Zexter Video Codec\themes\gray_textured\arrow-down.png (copy)
|
PNG image data, 18 x 18, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Local\Zexter Video Codec\themes\gray_textured\arrow-left-ins.png (copy)
|
PNG image data, 18 x 18, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Local\Zexter Video Codec\themes\gray_textured\arrow-left-pre.png (copy)
|
PNG image data, 18 x 18, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Local\Zexter Video Codec\themes\gray_textured\arrow-left.png (copy)
|
PNG image data, 18 x 18, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Local\Zexter Video Codec\themes\gray_textured\arrow-right-ins.png (copy)
|
PNG image data, 18 x 18, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Local\Zexter Video Codec\themes\gray_textured\arrow-right-pre.png (copy)
|
PNG image data, 18 x 18, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Local\Zexter Video Codec\themes\gray_textured\arrow-right.png (copy)
|
PNG image data, 18 x 18, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Local\Zexter Video Codec\themes\gray_textured\arrow-up-ins.png (copy)
|
PNG image data, 18 x 18, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Local\Zexter Video Codec\themes\gray_textured\arrow-up-pre.png (copy)
|
PNG image data, 18 x 18, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Local\Zexter Video Codec\themes\gray_textured\arrow-up.png (copy)
|
PNG image data, 18 x 18, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Local\Zexter Video Codec\themes\gray_textured\button-insensitive.png (copy)
|
PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Local\Zexter Video Codec\themes\gray_textured\button-normal.png (copy)
|
PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Local\Zexter Video Codec\themes\gray_textured\button-normal.xcf (copy)
|
GIMP XCF image data, version 0, 32 x 32, RGB Color
|
dropped
|
||
|
C:\Users\user\AppData\Local\Zexter Video Codec\themes\gray_textured\button-prelight.png (copy)
|
PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Local\Zexter Video Codec\themes\gray_textured\button-pressed.png (copy)
|
PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Local\Zexter Video Codec\themes\gray_textured\is-008N0.tmp
|
PNG image data, 14 x 14, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Local\Zexter Video Codec\themes\gray_textured\is-1K2KP.tmp
|
PNG image data, 18 x 18, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Local\Zexter Video Codec\themes\gray_textured\is-2UVOS.tmp
|
PNG image data, 14 x 14, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Local\Zexter Video Codec\themes\gray_textured\is-3HH9H.tmp
|
PNG image data, 18 x 18, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Local\Zexter Video Codec\themes\gray_textured\is-42BGF.tmp
|
PNG image data, 18 x 18, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Local\Zexter Video Codec\themes\gray_textured\is-4K8DI.tmp
|
PNG image data, 14 x 14, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Local\Zexter Video Codec\themes\gray_textured\is-5QMSU.tmp
|
PNG image data, 14 x 14, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Local\Zexter Video Codec\themes\gray_textured\is-6R4IQ.tmp
|
PNG image data, 14 x 14, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Local\Zexter Video Codec\themes\gray_textured\is-7EP0U.tmp
|
PNG image data, 14 x 14, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Local\Zexter Video Codec\themes\gray_textured\is-9N40C.tmp
|
PNG image data, 18 x 18, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Local\Zexter Video Codec\themes\gray_textured\is-AAGGL.tmp
|
PNG image data, 8 x 8, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Local\Zexter Video Codec\themes\gray_textured\is-AOVRR.tmp
|
PNG image data, 18 x 18, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Local\Zexter Video Codec\themes\gray_textured\is-BC4JA.tmp
|
PNG image data, 18 x 18, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Local\Zexter Video Codec\themes\gray_textured\is-C3EEG.tmp
|
PNG image data, 14 x 14, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Local\Zexter Video Codec\themes\gray_textured\is-DO3KP.tmp
|
PNG image data, 14 x 14, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Local\Zexter Video Codec\themes\gray_textured\is-EA7P2.tmp
|
PNG image data, 14 x 14, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Local\Zexter Video Codec\themes\gray_textured\is-ECLHU.tmp
|
PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Local\Zexter Video Codec\themes\gray_textured\is-GFVDS.tmp
|
PNG image data, 18 x 18, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Local\Zexter Video Codec\themes\gray_textured\is-GREV7.tmp
|
PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Local\Zexter Video Codec\themes\gray_textured\is-J4URO.tmp
|
PNG image data, 14 x 14, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Local\Zexter Video Codec\themes\gray_textured\is-JARJU.tmp
|
PNG image data, 18 x 18, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Local\Zexter Video Codec\themes\gray_textured\is-KUO4U.tmp
|
PNG image data, 14 x 14, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Local\Zexter Video Codec\themes\gray_textured\is-LLF9Q.tmp
|
PNG image data, 18 x 18, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Local\Zexter Video Codec\themes\gray_textured\is-LPE6R.tmp
|
PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Local\Zexter Video Codec\themes\gray_textured\is-M0LDC.tmp
|
PNG image data, 18 x 18, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Local\Zexter Video Codec\themes\gray_textured\is-MN5K9.tmp
|
GIMP XCF image data, version 0, 32 x 32, RGB Color
|
dropped
|
||
|
C:\Users\user\AppData\Local\Zexter Video Codec\themes\gray_textured\is-NIQH1.tmp
|
PNG image data, 18 x 18, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Local\Zexter Video Codec\themes\gray_textured\is-P06BD.tmp
|
PNG image data, 14 x 14, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Local\Zexter Video Codec\themes\gray_textured\is-T3LPI.tmp
|
PNG image data, 14 x 14, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Local\Zexter Video Codec\themes\gray_textured\is-V0ESL.tmp
|
PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Local\Zexter Video Codec\themes\gray_textured\is-VT9UC.tmp
|
PNG image data, 18 x 18, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Local\Zexter Video Codec\themes\gray_textured\null.png (copy)
|
PNG image data, 8 x 8, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Local\Zexter Video Codec\themes\gray_textured\pbtroughh.png (copy)
|
PNG image data, 14 x 14, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Local\Zexter Video Codec\themes\gray_textured\pbtroughv.png (copy)
|
PNG image data, 14 x 14, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Local\Zexter Video Codec\themes\gray_textured\rangeslider-ins.png (copy)
|
PNG image data, 14 x 14, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Local\Zexter Video Codec\themes\gray_textured\rangeslider-pre.png (copy)
|
PNG image data, 14 x 14, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Local\Zexter Video Codec\themes\gray_textured\rangeslider.png (copy)
|
PNG image data, 14 x 14, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Local\Zexter Video Codec\themes\gray_textured\slider-h-ins.png (copy)
|
PNG image data, 14 x 14, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Local\Zexter Video Codec\themes\gray_textured\slider-h-pre.png (copy)
|
PNG image data, 14 x 14, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Local\Zexter Video Codec\themes\gray_textured\slider-h.png (copy)
|
PNG image data, 14 x 14, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Local\Zexter Video Codec\themes\gray_textured\slider-v-ins.png (copy)
|
PNG image data, 14 x 14, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Local\Zexter Video Codec\themes\gray_textured\slider-v-pre.png (copy)
|
PNG image data, 14 x 14, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Local\Zexter Video Codec\themes\gray_textured\slider-v.png (copy)
|
PNG image data, 14 x 14, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Local\Zexter Video Codec\themes\gray_textured\trough2-h.png (copy)
|
PNG image data, 14 x 14, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Local\Zexter Video Codec\themes\gray_textured\trough2.png (copy)
|
PNG image data, 14 x 14, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Local\Zexter Video Codec\themes\is-03BMD.tmp
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Zexter Video Codec\themes\is-15PAO.tmp
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Zexter Video Codec\themes\is-2PCU0.tmp
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Zexter Video Codec\themes\is-2SKV0.tmp
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Zexter Video Codec\themes\is-5EMLQ.tmp
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Zexter Video Codec\themes\is-6CR5F.tmp
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Zexter Video Codec\themes\is-6GU1S.tmp
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Zexter Video Codec\themes\is-8TP86.tmp
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Zexter Video Codec\themes\is-92PNG.tmp
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Zexter Video Codec\themes\is-E80I1.tmp
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Zexter Video Codec\themes\is-EUQ9P.tmp
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Zexter Video Codec\themes\is-G0T1P.tmp
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Zexter Video Codec\themes\is-GNMBV.tmp
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Zexter Video Codec\themes\is-K9FH3.tmp
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Zexter Video Codec\themes\is-KCVER.tmp
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Zexter Video Codec\themes\is-LL0NC.tmp
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Zexter Video Codec\themes\is-LR924.tmp
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Zexter Video Codec\themes\is-NHCLN.tmp
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Zexter Video Codec\themes\is-NU2HI.tmp
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Zexter Video Codec\themes\is-PG7M2.tmp
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Zexter Video Codec\themes\is-PL5TA.tmp
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Zexter Video Codec\themes\is-QBCU5.tmp
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Zexter Video Codec\themes\is-RBVLE.tmp
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Zexter Video Codec\themes\is-RI0VT.tmp
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Zexter Video Codec\themes\is-T5C0L.tmp
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Zexter Video Codec\themes\is-T9462.tmp
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Zexter Video Codec\themes\is-VUKU1.tmp
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Zexter Video Codec\themes\slim (copy)
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Zexter Video Codec\themes\system.iconset (copy)
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Zexter Video Codec\uninstall\unins000.dat
|
InnoSetup Log Zexter Video Codec, version 0x30, 14098 bytes, 066656\user, "C:\Users\user\AppData\Local\Zexter Video Codec"
|
dropped
|
||
|
C:\Users\user\AppData\Local\Zexter Video Codec\zlib1.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
There are 218 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\noode.exe
|
"C:\Users\user\Desktop\noode.exe"
|
|
|
|
C:\Users\user\AppData\Local\Zexter Video Codec\zextervideocodec32.exe
|
"C:\Users\user\AppData\Local\Zexter Video Codec\zextervideocodec32.exe" -i
|
|
|
|
C:\Users\user\AppData\Local\Temp\is-LM01C.tmp\noode.tmp
|
"C:\Users\user\AppData\Local\Temp\is-LM01C.tmp\noode.tmp" /SL5="$103E8,7753864,54272,C:\Users\user\Desktop\noode.exe"
|
||
|
C:\Windows\System32\svchost.exe
|
C:\Windows\System32\svchost.exe -k LocalService -p -s LicenseManager
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
ejmbiem.ua
|
|
||
|
http://ejmbiem.ua/search/?q=67e28dd86b0ff029130ffd4c7c27d78406abdd88be4b12ebb517aa5c96bd86ed82df14d714bca5817673aa4ce8889b5e4fa9281ae978a571ea771795af8e05c446db22f31df92d8838ed12a666d307eca743ec4c2b07b5296692396086f713c5ed94
|
185.208.158.248
|
|
|
|
http://www.innosetup.com/
|
unknown
|
||
|
http://185.208.158.248/search/?q=67e28dd86b0ff029130ffd4c7c27d78406abdd88be4b12ebb517aa5c96bd86ed82d
|
unknown
|
||
|
http://freedesktop.orgtypenameexeccounttimestampparse_data-
|
unknown
|
||
|
http://WWW-Authenticate:Proxy-Authenticate:Content-Encoding:gzip1.2.8Content-Length:-/recv
|
unknown
|
||
|
http://www.freedesktop.org/standards/desktop-bookmarks
|
unknown
|
||
|
https://github.com/Beep6581/RawTherapee
|
unknown
|
||
|
http://www.oasis-open.org/committees/entity/release/1.0/catalog.dtd
|
unknown
|
||
|
http://www.oasis-open.org/committees/entity/release/1.0/catalog.dtd-//OASIS//DTD
|
unknown
|
||
|
http://purl.oclc.org/dsdl/schematron
|
unknown
|
||
|
http://relaxng.org/ns/structure/1.0definenameincludegrammarxmlRelaxNGParse:
|
unknown
|
||
|
http://www.ascc.net/xml/schematron
|
unknown
|
||
|
http://www.freedesktop.org/standards/dbus/1.0/introspect.dtd
|
unknown
|
||
|
https://discuss.pixls.us/c/software/rawtherapee
|
unknown
|
||
|
http://tukaani.org/
|
unknown
|
||
|
http://185.208.158.248/6
|
unknown
|
||
|
http://www.remobjects.com/psU
|
unknown
|
||
|
http://tukaani.org/xz/
|
unknown
|
||
|
http://mingw-w64.sourceforge.net/X
|
unknown
|
||
|
http://185.208.158.248/
|
unknown
|
||
|
http://www.freedesktop.org/standards/shared-mime-info
|
unknown
|
||
|
http://www.rawtherapee.com/
|
unknown
|
||
|
http://www.freedesktop.org/standards/desktop-bookmarksapplicationgroupapplicationsgroupsprivateiconh
|
unknown
|
||
|
http://rawpedia.rawtherapee.com/
|
unknown
|
||
|
http://relaxng.org/ns/structure/1.0
|
unknown
|
||
|
http://www.remobjects.com/ps
|
unknown
|
||
|
http://fsf.org/
|
unknown
|
||
|
http://freedesktop.org
|
unknown
|
||
|
http://purl.oclc.org/dsdl/schematronpathhttp://www.ascc.net/xml/schematron:node
|
unknown
|
||
|
http://www.gnu.org/licenses/
|
unknown
|
There are 21 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
ejmbiem.ua
|
185.208.158.248
|
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
185.208.158.248
|
ejmbiem.ua
|
Switzerland
|
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
|
Owner
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
|
SessionHash
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
|
Sequence
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
|
RegFiles0000
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
|
RegFilesHash
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Zexter Video Codec_is1
|
Inno Setup: Setup Version
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Zexter Video Codec_is1
|
Inno Setup: App Path
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Zexter Video Codec_is1
|
InstallLocation
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Zexter Video Codec_is1
|
Inno Setup: Icon Group
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Zexter Video Codec_is1
|
Inno Setup: User
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Zexter Video Codec_is1
|
Inno Setup: Language
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Zexter Video Codec_is1
|
DisplayName
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Zexter Video Codec_is1
|
UninstallString
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Zexter Video Codec_is1
|
QuietUninstallString
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Zexter Video Codec_is1
|
NoModify
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Zexter Video Codec_is1
|
NoRepair
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Zexter Video Codec_is1
|
InstallDate
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Zexter Video Codec_is1
|
EstimatedSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\BetaTour
|
email_safe_storage_i45_3
|
There are 9 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
2C3C000
|
heap
|
page read and write
|
|
|
|
2CE1000
|
direct allocation
|
page execute and read and write
|
|
|
|
5A91000
|
direct allocation
|
page read and write
|
||
|
630000
|
unkown
|
page write copy
|
||
|
363F000
|
heap
|
page read and write
|
||
|
2130000
|
direct allocation
|
page read and write
|
||
|
19D000
|
stack
|
page read and write
|
||
|
1540F602000
|
trusted library allocation
|
page read and write
|
||
|
610000
|
heap
|
page read and write
|
||
|
58E0000
|
direct allocation
|
page read and write
|
||
|
2138000
|
direct allocation
|
page read and write
|
||
|
6BA000
|
heap
|
page read and write
|
||
|
5B11000
|
direct allocation
|
page read and write
|
||
|
5A93000
|
direct allocation
|
page read and write
|
||
|
2D1A000
|
direct allocation
|
page execute and read and write
|
||
|
26DC000
|
heap
|
page read and write
|
||
|
6F3000
|
heap
|
page read and write
|
||
|
45C407E000
|
unkown
|
page readonly
|
||
|
2421000
|
heap
|
page read and write
|
||
|
2194000
|
direct allocation
|
page read and write
|
||
|
45C397E000
|
stack
|
page read and write
|
||
|
45C3E7E000
|
unkown
|
page readonly
|
||
|
45C377D000
|
stack
|
page read and write
|
||
|
314F000
|
stack
|
page read and write
|
||
|
57D1000
|
heap
|
page read and write
|
||
|
85E000
|
heap
|
page read and write
|
||
|
6E2000
|
heap
|
page read and write
|
||
|
2138000
|
direct allocation
|
page read and write
|
||
|
215C000
|
direct allocation
|
page read and write
|
||
|
6F3000
|
heap
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
5A8D000
|
direct allocation
|
page read and write
|
||
|
343E000
|
stack
|
page read and write
|
||
|
23BE000
|
stack
|
page read and write
|
||
|
401000
|
unkown
|
page execute and write copy
|
||
|
937000
|
heap
|
page read and write
|
||
|
2ECB000
|
stack
|
page read and write
|
||
|
216C000
|
direct allocation
|
page read and write
|
||
|
2510000
|
direct allocation
|
page read and write
|
||
|
1540EE13000
|
heap
|
page read and write
|
||
|
5A0000
|
heap
|
page read and write
|
||
|
73A000
|
heap
|
page read and write
|
||
|
45C31CB000
|
stack
|
page read and write
|
||
|
32FE000
|
stack
|
page read and write
|
||
|
5A8F000
|
direct allocation
|
page read and write
|
||
|
1540EE00000
|
heap
|
page read and write
|
||
|
35A7000
|
heap
|
page read and write
|
||
|
9B000
|
stack
|
page read and write
|
||
|
96000
|
stack
|
page read and write
|
||
|
2350000
|
direct allocation
|
page read and write
|
||
|
23F0000
|
heap
|
page read and write
|
||
|
5A63000
|
direct allocation
|
page read and write
|
||
|
45C3A7E000
|
unkown
|
page readonly
|
||
|
4AB000
|
unkown
|
page readonly
|
||
|
401000
|
unkown
|
page execute read
|
||
|
3639000
|
heap
|
page read and write
|
||
|
25CE000
|
stack
|
page read and write
|
||
|
1540EE2B000
|
heap
|
page read and write
|
||
|
2239000
|
heap
|
page read and write
|
||
|
1540EDB0000
|
heap
|
page read and write
|
||
|
1540EE7D000
|
heap
|
page read and write
|
||
|
73E000
|
heap
|
page read and write
|
||
|
218C000
|
direct allocation
|
page read and write
|
||
|
5A81000
|
direct allocation
|
page read and write
|
||
|
411000
|
unkown
|
page readonly
|
||
|
2180000
|
heap
|
page read and write
|
||
|
40D000
|
unkown
|
page write copy
|
||
|
2400000
|
heap
|
page read and write
|
||
|
35EC000
|
heap
|
page read and write
|
||
|
94B000
|
heap
|
page read and write
|
||
|
499000
|
unkown
|
page write copy
|
||
|
40B000
|
unkown
|
page write copy
|
||
|
850000
|
heap
|
page read and write
|
||
|
1540EF02000
|
heap
|
page read and write
|
||
|
3560000
|
heap
|
page read and write
|
||
|
7E0000
|
heap
|
page read and write
|
||
|
6D7000
|
heap
|
page read and write
|
||
|
23D0000
|
heap
|
page read and write
|
||
|
2264000
|
direct allocation
|
page read and write
|
||
|
530000
|
heap
|
page read and write
|
||
|
49D000
|
unkown
|
page write copy
|
||
|
23F4000
|
heap
|
page read and write
|
||
|
31BE000
|
stack
|
page read and write
|
||
|
19C000
|
stack
|
page read and write
|
||
|
45C3C7E000
|
unkown
|
page readonly
|
||
|
3766000
|
heap
|
page read and write
|
||
|
5A87000
|
direct allocation
|
page read and write
|
||
|
45C417C000
|
stack
|
page read and write
|
||
|
6F0000
|
heap
|
page read and write
|
||
|
2230000
|
heap
|
page read and write
|
||
|
4AB000
|
unkown
|
page readonly
|
||
|
1540EE02000
|
heap
|
page read and write
|
||
|
215C000
|
direct allocation
|
page read and write
|
||
|
3101000
|
direct allocation
|
page read and write
|
||
|
2148000
|
direct allocation
|
page read and write
|
||
|
2DCC000
|
stack
|
page read and write
|
||
|
2370000
|
heap
|
page read and write
|
||
|
910000
|
heap
|
page read and write
|
||
|
21A8000
|
direct allocation
|
page read and write
|
||
|
779000
|
heap
|
page read and write
|
||
|
2740000
|
trusted library allocation
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
45C44FE000
|
stack
|
page read and write
|
||
|
2190000
|
direct allocation
|
page read and write
|
||
|
213C000
|
direct allocation
|
page read and write
|
||
|
5A7D000
|
direct allocation
|
page read and write
|
||
|
304E000
|
stack
|
page read and write
|
||
|
5A7F000
|
direct allocation
|
page read and write
|
||
|
2168000
|
direct allocation
|
page read and write
|
||
|
21A1000
|
direct allocation
|
page read and write
|
||
|
30E0000
|
direct allocation
|
page read and write
|
||
|
85A000
|
heap
|
page read and write
|
||
|
353E000
|
stack
|
page read and write
|
||
|
632000
|
unkown
|
page write copy
|
||
|
10000000
|
unkown
|
page readonly
|
||
|
6F3000
|
heap
|
page read and write
|
||
|
2340000
|
direct allocation
|
page read and write
|
||
|
69A000
|
heap
|
page read and write
|
||
|
411000
|
unkown
|
page readonly
|
||
|
2350000
|
heap
|
page read and write
|
||
|
30E0000
|
direct allocation
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
45C3B73000
|
stack
|
page read and write
|
||
|
1540EDF0000
|
trusted library allocation
|
page read and write
|
||
|
21A0000
|
direct allocation
|
page read and write
|
||
|
49B000
|
unkown
|
page read and write
|
||
|
1540EE43000
|
heap
|
page read and write
|
||
|
71B000
|
heap
|
page read and write
|
||
|
2F0E000
|
stack
|
page read and write
|
||
|
71B000
|
heap
|
page read and write
|
||
|
5A85000
|
direct allocation
|
page read and write
|
||
|
30F0000
|
direct allocation
|
page read and write
|
||
|
215C000
|
direct allocation
|
page read and write
|
||
|
71F000
|
heap
|
page read and write
|
||
|
10001000
|
unkown
|
page execute read
|
||
|
45C457E000
|
unkown
|
page readonly
|
||
|
45C387E000
|
unkown
|
page readonly
|
||
|
363D000
|
heap
|
page read and write
|
||
|
6CA000
|
heap
|
page read and write
|
||
|
690000
|
heap
|
page read and write
|
||
|
56D0000
|
trusted library allocation
|
page read and write
|
||
|
840000
|
heap
|
page read and write
|
||
|
23D0000
|
direct allocation
|
page read and write
|
||
|
45C447E000
|
unkown
|
page readonly
|
||
|
2137000
|
direct allocation
|
page read and write
|
||
|
3641000
|
heap
|
page read and write
|
||
|
58D0000
|
direct allocation
|
page read and write
|
||
|
45C3D73000
|
stack
|
page read and write
|
||
|
30F0000
|
direct allocation
|
page read and write
|
||
|
40B000
|
unkown
|
page read and write
|
||
|
6F0000
|
heap
|
page read and write
|
||
|
1540EE55000
|
heap
|
page read and write
|
||
|
2360000
|
heap
|
page read and write
|
||
|
33FD000
|
stack
|
page read and write
|
||
|
329E000
|
stack
|
page read and write
|
||
|
3633000
|
heap
|
page read and write
|
||
|
28C0000
|
heap
|
page read and write
|
||
|
5709000
|
heap
|
page read and write
|
||
|
7D0000
|
heap
|
page read and write
|
||
|
32BF000
|
stack
|
page read and write
|
||
|
339F000
|
stack
|
page read and write
|
||
|
3655000
|
heap
|
page read and write
|
||
|
45C427E000
|
unkown
|
page readonly
|
||
|
400000
|
unkown
|
page readonly
|
||
|
2235000
|
heap
|
page read and write
|
||
|
18D000
|
stack
|
page read and write
|
||
|
49A000
|
unkown
|
page write copy
|
||
|
57D0000
|
heap
|
page read and write
|
||
|
499000
|
unkown
|
page read and write
|
||
|
2352000
|
direct allocation
|
page read and write
|
||
|
615000
|
heap
|
page read and write
|
||
|
45C437C000
|
stack
|
page read and write
|
||
|
420000
|
heap
|
page read and write
|
||
|
1540EDC0000
|
heap
|
page read and write
|
||
|
71B000
|
heap
|
page read and write
|
||
|
2188000
|
direct allocation
|
page read and write
|
||
|
40B000
|
unkown
|
page execute and read and write
|
||
|
730000
|
heap
|
page read and write
|
||
|
23D0000
|
direct allocation
|
page read and write
|
||
|
300E000
|
stack
|
page read and write
|
||
|
4C0000
|
heap
|
page read and write
|
||
|
637000
|
unkown
|
page readonly
|
||
|
30E0000
|
heap
|
page read and write
|
||
|
21B4000
|
direct allocation
|
page read and write
|
||
|
27CF000
|
stack
|
page read and write
|
||
|
2C2F000
|
stack
|
page read and write
|
||
|
5A8B000
|
direct allocation
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
56D0000
|
heap
|
page read and write
|
||
|
69E000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page execute and read and write
|
||
|
3568000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
315E000
|
stack
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
5A89000
|
direct allocation
|
page read and write
|
||
|
500000
|
heap
|
page read and write
|
||
|
27E0000
|
heap
|
page read and write
|
||
|
10002000
|
unkown
|
page readonly
|
||
|
6DD000
|
heap
|
page read and write
|
||
|
25D0000
|
heap
|
page read and write
|
||
|
363B000
|
heap
|
page read and write
|
||
|
1540ED90000
|
heap
|
page read and write
|
||
|
9C000
|
stack
|
page read and write
|
||
|
727000
|
heap
|
page read and write
|
||
|
215C000
|
direct allocation
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
325F000
|
stack
|
page read and write
|
||
|
45C3F74000
|
stack
|
page read and write
|
||
|
680000
|
direct allocation
|
page execute and read and write
|
||
|
36A0000
|
heap
|
page read and write
|
||
|
1540EE67000
|
heap
|
page read and write
|
||
|
62E000
|
unkown
|
page readonly
|
There are 203 hidden memdumps, click here to show them.