Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
Everything-1.4.1.1026.x86-Setup.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
|
initial sample
|
||
|
C:\Program Files (x86)\Everything\Changes.txt
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files (x86)\Everything\Everything.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Program Files (x86)\Everything\Everything.ini (copy)
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files (x86)\Everything\Everything.ini.tmp
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files (x86)\Everything\License.txt
|
Unicode text, UTF-8 (with BOM) text, with very long lines (458)
|
dropped
|
||
|
C:\Program Files (x86)\Everything\Uninstall.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
|
dropped
|
||
|
C:\ProgramData\Microsoft\Network\Downloader\edb.log
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Everything.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Archive,
ctime=Mon Oct 28 11:56:48 2024, mtime=Mon Oct 28 11:56:48 2024, atime=Thu Aug 1 08:13:54 2024, length=1778192, window=hide
|
dropped
|
||
|
C:\Users\Public\Desktop\Everything.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Archive,
ctime=Mon Oct 28 11:56:48 2024, mtime=Mon Oct 28 11:56:48 2024, atime=Thu Aug 1 08:13:54 2024, length=1778192, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\AN5UOLP8\update[1].ini
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsp8C17.tmp\Everything\Everything.lng
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsp8C17.tmp\InstallOptions.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsp8C17.tmp\InstallOptions.ini
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
modified
|
||
|
C:\Users\user\AppData\Local\Temp\nsp8C17.tmp\InstallOptions2.ini
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
modified
|
||
|
C:\Users\user\AppData\Local\Temp\nsp8C17.tmp\LangDLL.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsp8C17.tmp\System.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsp8C17.tmp\ioSpecial.ini
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
modified
|
||
|
C:\Users\user\AppData\Local\Temp\nsp8C17.tmp\modern-wizard.bmp
|
PC bitmap, Windows 3.x format, 164 x 314 x 4, image size 26376, resolution 2834 x 2834 px/m, cbSize 26494, bits offset 118
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsu8BE7.tmp
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Everything\Everything.ini (copy)
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Everything\Everything.ini.tmp
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Everything.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Archive,
ctime=Mon Oct 28 11:56:48 2024, mtime=Mon Oct 28 11:56:49 2024, atime=Thu Aug 1 08:13:54 2024, length=1778192, window=hide
|
dropped
|
There are 14 hidden files, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
voidtools.com
|
162.211.80.236
|
||
|
www.voidtools.com
|
unknown
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
162.211.80.236
|
voidtools.com
|
United States
|
||
|
184.28.90.27
|
unknown
|
United States
|
||
|
127.0.0.1
|
unknown
|
unknown
|