Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
EasyLogUSB+Installer.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
initial sample
|
||
|
C:\Config.Msi\3a61ae.rbs
|
data
|
modified
|
||
|
C:\Program Files (x86)\EasyLog USB\CustomControls.dll
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
||
|
C:\Program Files (x86)\EasyLog USB\EL-USB Driver Setup.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Program Files (x86)\EasyLog USB\EL-USB.inf
|
Windows setup INFormation
|
dropped
|
||
|
C:\Program Files (x86)\EasyLog USB\EasyLog USB.chm
|
MS Windows HtmlHelp Data
|
dropped
|
||
|
C:\Program Files (x86)\EasyLog USB\EasyLog USB.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
||
|
C:\Program Files (x86)\EasyLog USB\EasyLogGraph.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
||
|
C:\Program Files (x86)\EasyLog USB\ExportToExcel.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Program Files (x86)\EasyLog USB\Sample CO.txt
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files (x86)\EasyLog USB\Sample Current.txt
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files (x86)\EasyLog USB\Sample Lite.txt
|
ISO-8859 text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files (x86)\EasyLog USB\Sample RH.txt
|
ISO-8859 text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files (x86)\EasyLog USB\Sample Temp.txt
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files (x86)\EasyLog USB\Sample Voltage.txt
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files (x86)\EasyLog USB\WPFToolkit.dll
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
||
|
C:\Program Files (x86)\EasyLog USB\setup.ini
|
Generic INItialization configuration [Driver Version]
|
dropped
|
||
|
C:\Program Files (x86)\EasyLog USB\siusbxp.cat
|
data
|
dropped
|
||
|
C:\Program Files (x86)\EasyLog USB\x64\SiLib.sys
|
PE32+ executable (native) x86-64, for MS Windows
|
dropped
|
||
|
C:\Program Files (x86)\EasyLog USB\x64\SiUSBXp.sys
|
PE32+ executable (native) x86-64, for MS Windows
|
dropped
|
||
|
C:\Program Files (x86)\EasyLog USB\x86\SiLib.sys
|
PE32 executable (native) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Program Files (x86)\EasyLog USB\x86\SiUSBXp.sys
|
PE32 executable (native) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EasyLog USB\EasyLog USB.lnk
|
MS Windows shortcut, Item id list present, Has Relative path, Has Working directory, Icon number=0, ctime=Sun Dec 31 23:06:32
1600, mtime=Sun Dec 31 23:06:32 1600, atime=Sun Dec 31 23:06:32 1600, length=0, window=hide
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EasyLog USB\EasyLogGraph.lnk
|
MS Windows shortcut, Item id list present, Has Relative path, Has Working directory, Icon number=0, ctime=Sun Dec 31 23:06:32
1600, mtime=Sun Dec 31 23:06:32 1600, atime=Sun Dec 31 23:06:32 1600, length=0, window=hide
|
dropped
|
||
|
C:\Users\Public\Desktop\EasyLog USB.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Thu Feb 18 18:11:02
2021, mtime=Thu Aug 29 17:48:03 2024, atime=Thu Feb 18 18:11:02 2021, length=2468864, window=hide
|
dropped
|
||
|
C:\Users\Public\Desktop\EasyLog USB.lnk~RF3a6a48.TMP (copy)
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Thu Feb 18 18:11:02
2021, mtime=Thu Aug 29 17:48:03 2024, atime=Thu Feb 18 18:11:02 2021, length=2468864, window=hide
|
dropped
|
||
|
C:\Users\Public\Desktop\~asyLog USB.tmp
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Thu Feb 18 18:11:02
2021, mtime=Thu Aug 29 17:48:03 2024, atime=Thu Feb 18 18:11:02 2021, length=2468864, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\DLL_{B4E4EFE5-93D9-435B-BDE9-3525A9689EB9}.ini
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\MSI478F.tmp
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\{0D022C78-2169-466B-A31C-8D092A6A94A4}\0x0409.ini
|
Unicode text, UTF-16, little-endian text, with very long lines (308), with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\{0D022C78-2169-466B-A31C-8D092A6A94A4}\EasyLog USB.msi
|
Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.1, MSI Installer, Number of Characters: 0, Last
Saved By: InstallShield, Number of Words: 0, Title: Installation Database, Comments: Contact: Your local administrator, Keywords:
Installer,MSI,Database, Subject: EasyLog USB, Author: Lascar Electronics Ltd., Security: 1, Number of Pages: 200, Name of
Creating Application: InstallShield 2016 - Professional Edition 23, Last Saved Time/Date: Mon Aug 8 16:29:11 2022, Create
Time/Date: Mon Aug 8 16:29:11 2022, Last Printed: Mon Aug 8 16:29:11 2022, Revision Number: {8C7E2C80-4C6F-4A5C-9FDD-5AA316A9E29A},
Code page: 1252, Template: Intel;1033
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\{0D022C78-2169-466B-A31C-8D092A6A94A4}\_ISMSIDEL.INI
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\~305C.tmp
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\Windows\Installer\MSI647C.tmp
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Windows\Installer\MSI6539.tmp
|
data
|
dropped
|
||
|
C:\Windows\Installer\SourceHash{B4E4EFE5-93D9-435B-BDE9-3525A9689EB9}
|
Composite Document File V2 Document, Cannot read section info
|
dropped
|
||
|
C:\Windows\Installer\{B4E4EFE5-93D9-435B-BDE9-3525A9689EB9}\ARPPRODUCTICON.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Windows\Installer\{B4E4EFE5-93D9-435B-BDE9-3525A9689EB9}\EasyLogGraph.exe_3D39C605F6D0484A88F3AD4B82B13993.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Windows\Installer\{B4E4EFE5-93D9-435B-BDE9-3525A9689EB9}\EasyLog_USB.exe_63257A9301FB4EABA085D3C69F470EC4.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log
|
Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
|
dropped
|
||
|
C:\Windows\SysWOW64\SiUSBXp.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Windows\Temp\~DF0306D147797878C3.TMP
|
Composite Document File V2 Document, Cannot read section info
|
dropped
|
||
|
C:\Windows\Temp\~DF1123BE70FC077220.TMP
|
data
|
dropped
|
||
|
C:\Windows\Temp\~DF5BDAD2C112EEACB7.TMP
|
Composite Document File V2 Document, Cannot read section info
|
dropped
|
||
|
C:\Windows\Temp\~DF62FBD09C3A0B058B.TMP
|
data
|
dropped
|
||
|
C:\Windows\Temp\~DFC23DFF20C5796CFC.TMP
|
data
|
dropped
|
There are 36 hidden files, click here to show them.