flash

Everything-1.4.1.969.x64-Setup.exe

Status: finished
Submission Time: 30.06.2020 17:42:05
Suspicious
Spyware

Comments

Tags

Details

  • Analysis ID:
    242339
  • API (Web) ID:
    380395
  • Analysis Started:
    30.06.2020 17:52:20
  • Analysis Finished:
    30.06.2020 18:02:44
  • MD5:
    1f9813ce529d72087a7ff9cb99fbdf8b
  • SHA1:
    290ba48c2bed177bf286c9881a10efccb94879b9
  • SHA256:
    015612db20d31ed42bbcbca0d94f362360a6bb61cde0c861814f2eda6abe636b
  • Technologies:
Full Report Engine Info Verdict Score Reports

System: Windows 10 64 bit (version 1803) with Office 2016, Adobe Reader DC 19, Chrome 70, Firefox 63, Java 8.171, Flash 30.0.0.113

suspicious
24/100

IPs

IP Country Detection
1.4.1.96
China

URLs

Name Detection
http://www.voidtools.com/
http://www.voidtools.com/donate/
http://www.voidtools.com/support/everything/
Click to see the 11 hidden entries
http://www.voidtools.com/everything/update.ini
http://www.voidtools.com/downloads/#language
http://www.voidtools.com/downloads/http://www.voidtools.com/downloads/#languagehttp://www.voidtools.
http://nsis.sf.net/NSIS_ErrorError
http://www.voidtools.com/update.php)
http://www.voidtools.com/support/everything/http://www.voidtools.com/everything/update.iniwww.voidto
http://www.voidtools.com/everything/beta-update.iniupdate:
http://www.voidtools.com/downloads/
http://www.voidtools.com
http://www.voidtools.com/donate/Help
http://www.voidtools.com/everything/beta-update.ini

Dropped files

Name File Type Hashes Detection
C:\Program Files\Everything\Everything.exe
PE32+ executable (GUI) x86-64, for MS Windows
#
C:\Program Files\Everything\Changes.txt
ASCII text, with CRLF line terminators
#
C:\Program Files\Everything\Everything.ini.tmp
ASCII text, with CRLF line terminators
#
Click to see the 20 hidden entries
C:\Program Files\Everything\Everything.lng
data
#
C:\Program Files\Everything\License.txt
ASCII text, with very long lines, with CRLF line terminators
#
C:\Program Files\Everything\Uninstall.exe
PE32 executable (GUI) Intel 80386, for MS Windows
#
C:\Users\user\AppData\Local\Temp\nsh1B1F.tmp\Everything\Changes.txt
ASCII text, with CRLF line terminators
#
C:\Users\user\AppData\Local\Temp\nsh1B1F.tmp\Everything\Everything.exe
PE32+ executable (GUI) x86-64, for MS Windows
#
C:\Users\user\AppData\Local\Temp\nsh1B1F.tmp\Everything\Everything.lng
data
#
C:\Users\user\AppData\Local\Temp\nsh1B1F.tmp\Everything\License.txt
ASCII text, with very long lines, with CRLF line terminators
#
C:\Users\user\AppData\Local\Temp\nsh1B1F.tmp\Everything\Uninstall.exe
PE32 executable (GUI) Intel 80386, for MS Windows
#
C:\Users\user\AppData\Local\Temp\nsh1B1F.tmp\InstallOptions.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
#
C:\Users\user\AppData\Local\Temp\nsh1B1F.tmp\InstallOptions.ini
ASCII text, with CRLF line terminators
#
C:\Users\user\AppData\Local\Temp\nsh1B1F.tmp\InstallOptions2.ini
ASCII text, with CRLF line terminators
#
C:\Users\user\AppData\Local\Temp\nsh1B1F.tmp\LangDLL.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
#
C:\Users\user\AppData\Local\Temp\nsh1B1F.tmp\System.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
#
C:\Users\user\AppData\Local\Temp\nsh1B1F.tmp\ioSpecial.ini
Little-endian UTF-16 Unicode text, with CRLF line terminators
#
C:\Users\user\AppData\Local\Temp\nsh1B1F.tmp\modern-wizard.bmp
PC bitmap, Windows 3.x format, 164 x 314 x 4
#
C:\Users\user\AppData\Local\Temp\nsx1AE0.tmp
DOS executable (COM, 0x8C-variant)
#
C:\Users\user\AppData\Roaming\Everything\Everything.ini.tmp
ASCII text, with CRLF line terminators
#
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Everything\Search Everything.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Archive, ctime=Sun May 31 14:54:03 2020, mtime=Sun May 31 14:54:05 2020, atime=Fri Mar 13 05:32:20 2020, length=2237256, window=hide
#
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Everything\Uninstall Everything.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Archive, ctime=Sun May 31 14:54:03 2020, mtime=Sun May 31 14:54:03 2020, atime=Sun May 31 14:54:02 2020, length=137814, window=hide
#
C:\Users\user\Desktop\Search Everything.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Archive, ctime=Sun May 31 14:54:03 2020, mtime=Sun May 31 14:54:05 2020, atime=Fri Mar 13 05:32:20 2020, length=2237256, window=hide
#