Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'ZAM' = '"%ProgramFiles%\Zemana AntiMalware\ZAM.exe" /minimized'
- [<HKLM>\SYSTEM\ControlSet001\Services\ZAM] 'ImagePath' = '<DRIVERS>\zam32.sys'
- [<HKLM>\SYSTEM\ControlSet001\Services\ZAMSvc] 'Start' = '00000002'
- [<HKLM>\SYSTEM\ControlSet001\Services\ZAMSvc] 'ImagePath' = '"%ProgramFiles%\Zemana AntiMalware\ZAM.exe" /service'
- [<HKLM>\SYSTEM\ControlSet001\Services\ZAM_Guard] 'Start' = '00000001'
- [<HKLM>\SYSTEM\ControlSet001\Services\ZAM_Guard] 'ImagePath' = '<DRIVERS>\zamguard32.sys'
- [<HKLM>\SYSTEM\ControlSet001\Services\ZAM] 'Start' = '00000001'
- '%ProgramFiles%\Zemana AntiMalware\ZAM.exe' /service
- '%ProgramFiles%\Zemana AntiMalware\ZAM.exe' /install /realtime_protection 1 /set_lang "English"
- '%TEMP%\is-CA5BF.tmp\ZAM.exe' /killall
- '<SYSTEM32>\regsvr32.exe' /s "%ProgramFiles%\Zemana AntiMalware\ZAMShellExt32.dll"
- '<SYSTEM32>\taskkill.exe' /f /im "ZAM.exe" /t
- '<SYSTEM32>\cmd.exe' /c taskkill /f /im "ZAM.exe" /t
- '%ProgramFiles%\Zemana AntiMalware\ZAM.exe' /killall
- '%TEMP%\is-CA5BF.tmp\ZAM.exe' /get_and_set_installer_partner_id
- '%TEMP%\is-0UH5C.tmp\~cmwswqw.tmp' /SL5="$100E2,4813039,119296,%TEMP%\~cmwswqw.tmp" /VERYSILENT /SUPPRESSMSGBOXES /NORESTART /SP-
- '%TEMP%\~cmwswqw.tmp' /VERYSILENT /SUPPRESSMSGBOXES /NORESTART /SP-
- '%TEMP%\is-CA5BF.tmp\ZAM.exe' /get_installer_product_id
- '%TEMP%\is-CA5BF.tmp\ZAM.exe' /is_safe_mode
- '%TEMP%\is-CA5BF.tmp\ZAM.exe' /is_newer_version_installed
- '%TEMP%\is-CA5BF.tmp\ZAM.exe' /is_safeonline_installed
- NtTerminateProcess, handler: zamguard32.sys
- NtOpenProcess, handler: zamguard32.sys
- %ProgramFiles%\Zemana AntiMalware\lang\Korean.ini
- %ProgramFiles%\Zemana AntiMalware\lang\Latvian.ini
- %ProgramFiles%\Zemana AntiMalware\lang\Indonesian.ini
- %ProgramFiles%\Zemana AntiMalware\lang\Italian.ini
- %ProgramFiles%\Zemana AntiMalware\lang\Polish.ini
- %ProgramFiles%\Zemana AntiMalware\lang\Portuguese.ini
- %ProgramFiles%\Zemana AntiMalware\lang\Lithuanian.ini
- %ProgramFiles%\Zemana AntiMalware\lang\Persian.ini
- %ProgramFiles%\Zemana AntiMalware\lang\Hungarian.ini
- %ProgramFiles%\Zemana AntiMalware\lang\English.ini
- %ProgramFiles%\Zemana AntiMalware\lang\Estonian.ini
- %ProgramFiles%\Zemana AntiMalware\lang\Croatian.ini
- %ProgramFiles%\Zemana AntiMalware\lang\Dutch.ini
- %ProgramFiles%\Zemana AntiMalware\lang\German.ini
- %ProgramFiles%\Zemana AntiMalware\lang\Hindi.ini
- %ProgramFiles%\Zemana AntiMalware\lang\Finnish.ini
- %ProgramFiles%\Zemana AntiMalware\lang\French.ini
- %ProgramFiles%\Zemana AntiMalware\lang\Romanian.ini
- %ProgramFiles%\Zemana AntiMalware\ZAMShellExt32.dll
- %WINDIR%\ZAM_Guard.krnl.trace
- %ProgramFiles%\Zemana AntiMalware\lang\Malaysian.ini
- %ProgramFiles%\Zemana AntiMalware\lang\Kurdish.ini
- <LS_APPDATA>\Zemana\Zemana AntiMalware\nedb.zdb_config.ini
- <LS_APPDATA>\Zemana\Zemana AntiMalware\settings.db
- %WINDIR%\ZAM.krnl.trace
- <LS_APPDATA>\Zemana\Zemana AntiMalware\nedb.zdb
- %ProgramFiles%\Zemana AntiMalware\lang\Norwegian.ini
- %ProgramFiles%\Zemana AntiMalware\lang\Spanish.ini
- %ProgramFiles%\Zemana AntiMalware\lang\Swedish.ini
- %ProgramFiles%\Zemana AntiMalware\lang\Russian.ini
- %ProgramFiles%\Zemana AntiMalware\lang\Serbian.ini
- %ProgramFiles%\Zemana AntiMalware\lang\Ukrainian.ini
- %ProgramFiles%\Zemana AntiMalware\lang\Vietnamese.ini
- %ProgramFiles%\Zemana AntiMalware\lang\Telugu.ini
- %ProgramFiles%\Zemana AntiMalware\lang\Turkish.ini
- %ProgramFiles%\Zemana AntiMalware\lang\ChineseTraditional.ini
- %ProgramFiles%\Zemana AntiMalware\res\is-VII6R.tmp
- %ProgramFiles%\Zemana AntiMalware\res\is-EBOCN.tmp
- %ProgramFiles%\Zemana AntiMalware\is-CPVB3.tmp
- %ProgramFiles%\Zemana AntiMalware\is-VFFOB.tmp
- %ProgramFiles%\Zemana AntiMalware\res\is-FEDPH.tmp
- %ProgramFiles%\Zemana AntiMalware\res\is-IV794.tmp
- %ProgramFiles%\Zemana AntiMalware\res\is-B00S7.tmp
- %ProgramFiles%\Zemana AntiMalware\res\is-NF352.tmp
- %TEMP%\is-CA5BF.tmp\zam.eula.rtf
- %TEMP%\aut2.tmp
- %TEMP%\~cmwswqw.tmp
- %TEMP%\aut1.tmp
- %TEMP%\eeggdjs
- %TEMP%\is-CA5BF.tmp\ZAM.exe
- <LS_APPDATA>\Zemana\Tracer\ZAM.trace
- %TEMP%\is-0UH5C.tmp\~cmwswqw.tmp
- %TEMP%\is-CA5BF.tmp\_isetup\_shfoldr.dll
- %ProgramFiles%\Zemana AntiMalware\res\is-0945C.tmp
- %ProgramFiles%\Zemana AntiMalware\lang\Bosnian.ini
- %ProgramFiles%\Zemana AntiMalware\lang\BrazilianPortuguese.ini
- %ProgramFiles%\Zemana AntiMalware\lang\Arabic.ini
- %ProgramFiles%\Zemana AntiMalware\lang\Bengali.ini
- %ProgramFiles%\Zemana AntiMalware\lang\Czech.ini
- %ProgramFiles%\Zemana AntiMalware\lang\ChineseSimplified.ini
- %ProgramFiles%\Zemana AntiMalware\lang\Bulgarian.ini
- %ProgramFiles%\Zemana AntiMalware\lang\Byelorussian.ini
- %ProgramFiles%\Zemana AntiMalware\lang\Albanian.ini
- %ALLUSERSPROFILE%\Desktop\Zemana AntiMalware.lnk
- %ProgramFiles%\Zemana AntiMalware\unins000.msg
- %ProgramFiles%\Zemana AntiMalware\res\is-SUFPS.tmp
- %ALLUSERSPROFILE%\Start Menu\Programs\Zemana AntiMalware\Zemana AntiMalware.lnk
- <DRIVERS>\zam32.sys
- C:\Documents and Settings\LocalService\Local Settings\Application Data\Zemana\Tracer\ZAM.trace
- %ProgramFiles%\Zemana AntiMalware\unins000.dat
- <DRIVERS>\zamguard32.sys
- %ProgramFiles%\Zemana AntiMalware\res\antilogger.ico
- %ProgramFiles%\Zemana AntiMalware\res\app.ico
- %ProgramFiles%\Zemana AntiMalware\res\mfox.ico
- %ProgramFiles%\Zemana AntiMalware\res\wdos.ico
- %ProgramFiles%\Zemana AntiMalware\res\zso.ico
- %ProgramFiles%\Zemana AntiMalware\res\zam.ico
- %TEMP%\~cmwswqw.tmp
- %ProgramFiles%\Zemana AntiMalware\res\magnum.ico
- %ProgramFiles%\Zemana AntiMalware\res\wdp.ico
- %TEMP%\is-CA5BF.tmp\_isetup\_shfoldr.dll
- %TEMP%\is-CA5BF.tmp\zam.eula.rtf
- <SYSTEM32>\d3d9caps.dat
- %TEMP%\is-0UH5C.tmp\~cmwswqw.tmp
- %TEMP%\is-CA5BF.tmp\ZAM.exe
- %TEMP%\eeggdjs
- %TEMP%\aut1.tmp
- <LS_APPDATA>\Zemana\Tracer\ZAM.trace
- %TEMP%\aut2.tmp
- from %ProgramFiles%\Zemana AntiMalware\res\is-FEDPH.tmp to %ProgramFiles%\Zemana AntiMalware\res\app.ico
- from %ProgramFiles%\Zemana AntiMalware\res\is-NF352.tmp to %ProgramFiles%\Zemana AntiMalware\res\zso.ico
- from %ProgramFiles%\Zemana AntiMalware\res\is-IV794.tmp to %ProgramFiles%\Zemana AntiMalware\res\antilogger.ico
- from %ProgramFiles%\Zemana AntiMalware\res\is-SUFPS.tmp to %ProgramFiles%\Zemana AntiMalware\res\mfox.ico
- from %ProgramFiles%\Zemana AntiMalware\res\is-0945C.tmp to %ProgramFiles%\Zemana AntiMalware\res\wdos.ico
- from %ProgramFiles%\Zemana AntiMalware\is-VFFOB.tmp to %ProgramFiles%\Zemana AntiMalware\ZAM.exe
- from %ProgramFiles%\Zemana AntiMalware\is-CPVB3.tmp to %ProgramFiles%\Zemana AntiMalware\unins000.exe
- from %ProgramFiles%\Zemana AntiMalware\res\is-VII6R.tmp to %ProgramFiles%\Zemana AntiMalware\res\zam.ico
- from %ProgramFiles%\Zemana AntiMalware\res\is-B00S7.tmp to %ProgramFiles%\Zemana AntiMalware\res\magnum.ico
- from %ProgramFiles%\Zemana AntiMalware\res\is-EBOCN.tmp to %ProgramFiles%\Zemana AntiMalware\res\wdp.ico
- 'za####ud.zemana.com':80
- 'wp#d':80
- 'cd##.zemana.com':80
- http://11#.#11.111.2/wpad.dat via wp#d
- http://cd##.zemana.com/CacheControl.bin
- http://za####ud.zemana.com/api/client/settings/14A9E92AF0D12325177A50/2/2/2050133
- DNS ASK za####ud.zemana.com
- DNS ASK wp#d
- DNS ASK cd##.zemana.com
- ClassName: '' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''