Malware Analysis Report

2025-08-11 01:26

Sample ID 240229-d6ljzacd7t
Target ad967292a0b22c3289b6e7e58f45b439
SHA256 dd7a328ba2cc59cf699efe1a83f45fb9da3837e7cb49e23312d9396e9536cca0
Tags
aspackv2 persistence
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

dd7a328ba2cc59cf699efe1a83f45fb9da3837e7cb49e23312d9396e9536cca0

Threat Level: Shows suspicious behavior

The file ad967292a0b22c3289b6e7e58f45b439 was found to be: Shows suspicious behavior.

Malicious Activity Summary

aspackv2 persistence

Modifies system executable filetype association

Loads dropped DLL

Executes dropped EXE

ASPack v2.12-2.42

Enumerates physical storage devices

Unsigned PE

Modifies registry class

Suspicious use of SetWindowsHookEx

Enumerates system info in registry

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of SendNotifyMessage

Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

Suspicious use of WriteProcessMemory

Suspicious behavior: EnumeratesProcesses

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-02-29 03:37

Signatures

ASPack v2.12-2.42

aspackv2
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-02-29 03:37

Reported

2024-02-29 03:40

Platform

win7-20240221-en

Max time kernel

149s

Max time network

158s

Command Line

"C:\Users\Admin\AppData\Local\Temp\ad967292a0b22c3289b6e7e58f45b439.exe"

Signatures

ASPack v2.12-2.42

aspackv2
Description Indicator Process Target
N/A N/A N/A N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe N/A

Modifies system executable filetype association

persistence
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\Shell\JustZIPit C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shell\JustZIPit_Email\ = "JustZIPit - then &Email" C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\Shell\JustZIPit\Command C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\Shell C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shell\JustZIPit C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shell\JustZIPit\Command\ = "C:\\Users\\Admin\\Documents\\AvatarSoft\\JustZIPit\\JustZIPit.exe \"%1\"" C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\Shell\JustZIPit_Email\Command C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shell\JustZIPit_Email\Command C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shell\JustZIPit\Command C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shell\JustZIPit\ = "Just&ZIPit - Create a ZIP File" C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shell\JustZIPit_Email C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shell\JustZIPit_Email\Command\ = "C:\\Users\\Admin\\Documents\\AvatarSoft\\JustZIPit\\JustZIPit.exe \"-e\" \"%1\"" C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\Shell\JustZIPit_Email C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe N/A

Enumerates physical storage devices

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{E8F403E1-D6B3-11EE-87F2-6A83D32C515E} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d94d2d3723739f48802cd6414eea5c7e000000000200000000001066000000010000200000005f0f45052c2d175d062fb87adf1e1dd2d24798dd3f53e1759d1cac3ce543c541000000000e800000000200002000000020b279e2a3e3000b683eb6e8e7e09bf8033e02d89d3525bd7b5589e7d19e153590000000679a7aab6cead0f9ce914d10e56ef713fc7196bf4a0936119e674f397e1a3fcb1e7ec988a69e913eee6f4b80b8f187c7c101e178b7567405ba8eb8d67144a3fc5e5364f71b76c2eac81e503523dfaf43c23f1acdcc84997caee61631a9639f81e9a39518139ce7b21078c9a49867e9b8f9a420ac1081dc5c80ff38c82ebd691c59787e30dc93ee89a08c9cdfd879ecea40000000dea35a75fd301e79f032061f051ff9def322674da0f69de7965085a69fee39113e61b87758650ab4f3bc82603e96c318a36ed6cedeee15a18270f4b15db08ceb C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "415339737" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = a0da62c0c06ada01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d94d2d3723739f48802cd6414eea5c7e00000000020000000000106600000001000020000000928e21069422775d84d4014bade3d840edd020b1189bf94bf30652b750f4dc04000000000e8000000002000020000000896902fa683a31029224cf5cad9f7873a993acab8947ad7285ea111a39cd239f20000000b0a0fdf9916f0af23535950e58e7fc0e09d409460c4c3a8dc534b309507c890a40000000f49de65a13d88f56b4e57e8288f32b22963921784621d3248d9f6abd83ba7ccefe933c3394ed34f0eff6935f324c6a6994e8a41ec4fd5a4d4e6f36c9735ac894 C:\Program Files\Internet Explorer\iexplore.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TIFImage.Document\shell\JustZIPit\Command C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\VLC.mpg\shell\JustZIPit_Email\Command\ = "C:\\Users\\Admin\\Documents\\AvatarSoft\\JustZIPit\\JustZIPit.exe \"-e\" \"%1\"" C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Word.Document.8\shell\JustZIPit_Email\ = "JustZIPit - then &Email" C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Excel.Sheet.8\Shell\JustZIPit_Email C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Paint.Picture\shell\JustZIPit_Email\Command C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\giffile\shell\JustZIPit_Email\Command\ = "C:\\Users\\Admin\\Documents\\AvatarSoft\\JustZIPit\\JustZIPit.exe \"-e\" \"%1\"" C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\wab_auto_file\shell\JustZIPit_Email\Command C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.tgz\ = "JustZIPit_Archive" C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\txtfile\shell\JustZIPit\ = "Just&ZIPit - Create a ZIP File" C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\xmlfile\Shell\JustZIPit_Email C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\VLC.mpg\Shell\JustZIPit C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Excel.SLK C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\shtmlfile\Shell\JustZIPit_Email\Command C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shell\JustZIPit_Email\ = "JustZIPit - then &Email" C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\AcroExch.Document\Shell\JustZIPit\Command C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Excel.Template.8\shell\JustZIPit\ = "Just&ZIPit - Create a ZIP File" C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\htmlfile\Shell\JustZIPit C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Excel.Addin\Shell\JustZIPit\Command C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Outlook.File.msg.14\shell\JustZIPit\Command\ = "C:\\Users\\Admin\\Documents\\AvatarSoft\\JustZIPit\\JustZIPit.exe \"%1\"" C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Excel.CSV\Shell C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\VLC.mpeg\shell\JustZIPit_Email C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\VLC.mov\Shell C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\JustZIPit_Archive\Shell\Open\ = "&JustUnZIPit" C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\shtmlfile C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\hlpfile\shell\JustZIPit_Email\Command\ = "C:\\Users\\Admin\\Documents\\AvatarSoft\\JustZIPit\\JustZIPit.exe \"-e\" \"%1\"" C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\htmlfile\shell\JustZIPit_Email\ = "JustZIPit - then &Email" C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shell\JustZIPit C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\htmlfile\Shell C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\VLC.wma\Shell\JustZIPit\Command C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Word.RTF.8\shell\JustZIPit_Email\Command C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\aspfile\Shell\JustZIPit_Email\Command\ = "C:\\Users\\Admin\\Documents\\AvatarSoft\\JustZIPit\\JustZIPit.exe \"-e\" \"%1\"" C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CSSfile\Shell\JustZIPit\Command\ = "C:\\Users\\Admin\\Documents\\AvatarSoft\\JustZIPit\\JustZIPit.exe \"%1\"" C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\VLC.wma\shell\JustZIPit_Email C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\txtfile\shell\JustZIPit_Email\Command\ = "C:\\Users\\Admin\\Documents\\AvatarSoft\\JustZIPit\\JustZIPit.exe \"-e\" \"%1\"" C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CSSfile C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\VLC.mpeg\Shell C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\VLC.mpeg\Shell\JustZIPit_Email\Command C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Msi.Package\shell\JustZIPit C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\htmlfile\shell\JustZIPit C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Excel.CSV\shell\JustZIPit_Email\Command C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\VBSFile\Shell\JustZIPit C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\AcroExch.Document\Shell\JustZIPit_Email\ = "JustZIPit - then &Email" C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\shtmlfile\Shell\JustZIPit\Command\ = "C:\\Users\\Admin\\Documents\\AvatarSoft\\JustZIPit\\JustZIPit.exe \"%1\"" C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\VLC.mpg\Shell\JustZIPit\Command C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Outlook.File.eml.14\shell\JustZIPit\ = "Just&ZIPit - Create a ZIP File" C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Excel.CSV\shell\JustZIPit\ = "Just&ZIPit - Create a ZIP File" C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Excel.Sheet.8\shell\JustZIPit\Command C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\VLC.wma\shell\JustZIPit\Command\ = "C:\\Users\\Admin\\Documents\\AvatarSoft\\JustZIPit\\JustZIPit.exe \"%1\"" C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Folder\Shell\JustZIPit_Email\Command C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\xmlfile\shell\JustZIPit\Command\ = "C:\\Users\\Admin\\Documents\\AvatarSoft\\JustZIPit\\JustZIPit.exe \"%1\"" C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\VLC.ogg\Shell\JustZIPit C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\aspfile\Shell\JustZIPit_Email\Command C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Msi.Package\Shell\JustZIPit C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\VLC.mpg\shell\JustZIPit\ = "Just&ZIPit - Create a ZIP File" C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\VLC.mpg\Shell\JustZIPit_Email C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\VLC.ogg C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Folder C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Word.RTF.8\shell\JustZIPit\ = "Just&ZIPit - Create a ZIP File" C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Word.RTF.8\shell\JustZIPit_Email C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Excel.Sheet.8\Shell\JustZIPit C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\aspfile\Shell\JustZIPit\Command C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Paint.Picture\shell\JustZIPit C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\VBSFile\Shell\JustZIPit_Email C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Word.RTF.8 C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2212 wrote to memory of 2512 N/A C:\Users\Admin\AppData\Local\Temp\ad967292a0b22c3289b6e7e58f45b439.exe C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe
PID 2212 wrote to memory of 2512 N/A C:\Users\Admin\AppData\Local\Temp\ad967292a0b22c3289b6e7e58f45b439.exe C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe
PID 2212 wrote to memory of 2512 N/A C:\Users\Admin\AppData\Local\Temp\ad967292a0b22c3289b6e7e58f45b439.exe C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe
PID 2212 wrote to memory of 2512 N/A C:\Users\Admin\AppData\Local\Temp\ad967292a0b22c3289b6e7e58f45b439.exe C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe
PID 2512 wrote to memory of 2468 N/A C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2512 wrote to memory of 2468 N/A C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2512 wrote to memory of 2468 N/A C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2512 wrote to memory of 2468 N/A C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2468 wrote to memory of 2236 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2468 wrote to memory of 2236 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2468 wrote to memory of 2236 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2468 wrote to memory of 2236 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Processes

C:\Users\Admin\AppData\Local\Temp\ad967292a0b22c3289b6e7e58f45b439.exe

"C:\Users\Admin\AppData\Local\Temp\ad967292a0b22c3289b6e7e58f45b439.exe"

C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe

C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe -firstlaunch

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\JustZIPit\About.htm

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2468 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 mesothelima.net udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

memory/2212-0-0x0000000000240000-0x0000000000241000-memory.dmp

\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe

MD5 ad967292a0b22c3289b6e7e58f45b439
SHA1 58777aed823b559adff0090a8595b5ce1d57fe1b
SHA256 dd7a328ba2cc59cf699efe1a83f45fb9da3837e7cb49e23312d9396e9536cca0
SHA512 8eba04c5fb6634ae7cff71b2757315e15930fdb9b43b1f48f2fba023969aaa28291c0dc4e4a0411367d4376dbaeb29660b2448f9e8c95ceb5eb1a5b18a8f711f

memory/2512-9-0x00000000003B0000-0x00000000003B1000-memory.dmp

memory/2212-21-0x0000000000400000-0x00000000004F4000-memory.dmp

memory/2512-34-0x0000000000400000-0x00000000004F4000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\JustZIPit\About.htm

MD5 fc0f18afc6c2335569fdd3a3740fbadb
SHA1 a6c8a0596ed082d4cc45200bc978c9b8996e7bc5
SHA256 ad20cba40c89a42bbf790909511f1abbe3fd0c447d2dfd2af765aedd301b5dc0
SHA512 f02a5931c1248b2e6c01a3d8593f65fd3fcb8d80134652025e125f26150df59da39e6ae33eafc54f92b499742200a6cbc6684efb61c214e27fbbf23411d1bd1a

C:\Users\Admin\AppData\Local\Temp\JustZIPit\company_logo.gif

MD5 10c0cdffd5977ee7aaf2b59690ff1164
SHA1 fb349dbcf7e8abaad7fcb1086fced8d37d87aab7
SHA256 2be078a93a03130e600836c4e822197631553d16817b6815d925a0c63ca2d1c9
SHA512 53862bd8291b6c3a2dea08d81086cba9d0ee5578438e3d7a47fa5d181369c22ea206c13e2a23b065dc2889d32c0136f81c0dc009eec9c4a8ba69bedd0a41548f

C:\Users\Admin\AppData\Local\Temp\JustZIPit\demo.gif

MD5 032d5341f1e64fd77fc07a494a4b3f30
SHA1 fec1a601a5d3ae1c98d04ae912231dc8ac977e52
SHA256 7d1b63b7f777b294a12ed621b81fde0182816e7252657d0369ee9fc2cf811051
SHA512 5dbbef35e7332abca1aeb391cf82e84a3a97e77c575d22052df535f99378d712f38d76e8db292f2e8c0f9ed508dda74c0df4486ab27172d6558b99020dff86b7

C:\Users\Admin\AppData\Local\Temp\JustZIPit\AckerPack_box.gif

MD5 93d863301cc193fa02c826bb0a1842b6
SHA1 a4bfa710fea863ae8ccc77718b7c0dc480f2d63e
SHA256 6360caca4b97f4ee4b8618b22da6f801d9bc676d5fe4c08f381dd9325b0b21ca
SHA512 558283635116d4b5b3bbd1210179af001b9d0bf9e8c17dc523e38cfa000149142768cb5b0dacf36f15bceaa954ae0b1039b8618cc27f33b443985b9b20e8057c

C:\Users\Admin\AppData\Local\Temp\JustZIPit\QuickCalc_banner.gif

MD5 90c2a262d7916d53021b7019ec8007c0
SHA1 0557973f4638e501e8688435ea6f0ec501ecf758
SHA256 7d647877d9cd7e320870b34153a24697e0bdb67d07720c6b40e728f5baf4b3bd
SHA512 7b2de1f75cdca5091263bc28aa3f1c3be5aa3f2433c020d3453168fd25d125ab268e9dd0359ff44b15c7b980c0e4ea29d329926f137c8941dd76179099d30b1d

C:\Users\Admin\AppData\Local\Temp\JustZIPit\Back2zip_125x125_02.gif

MD5 cf8a857e38a8ffa9bf7fe8959523f55b
SHA1 fbbdee84b0750a5be4c061a92554cebc18e660f2
SHA256 4391bed496095d4e87c6df4ab4df2f81f15c615b7528acc37de9c5f89ccab905
SHA512 2706c368fb6adef8c6a20fcfab2bc8a40b32b6b8e424215ffd1c78b8e3dba7588f1ff433c8356009772987142acccb285c752a080a03a8cbe0843c2508358d48

C:\Users\Admin\AppData\Local\Temp\JustZIPit\sshot_sm.gif

MD5 6db37e80fd1d38af357cfce03445d400
SHA1 5fa994f46f6e10c9370dca598da11e473ce4a59c
SHA256 f21ad1de66ebb5d0156627ca58a1a1923a8c19ae708e594049930c4d76a927e3
SHA512 c0fe5b1d1fbeb7c292521e7df1fd9c364b58a15f23dae18cb63f0ca7187a97426de7db65f59647d4dc886d9c6ea0dc875c218babfd71f04a6304bb70fe0071de

C:\Users\Admin\AppData\Local\Temp\CabC620.tmp

MD5 ac05d27423a85adc1622c714f2cb6184
SHA1 b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256 c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA512 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

MD5 753df6889fd7410a2e9fe333da83a429
SHA1 3c425f16e8267186061dd48ac1c77c122962456e
SHA256 b42dc237e44cbc9a43400e7d3f9cbd406dbdefd62bfe87328f8663897d69df78
SHA512 9d56f79410ad0cf852c74c3ef9454e7ae86e80bdd6ff67773994b48ccac71142bcf5c90635da6a056e1406e81e64674db9584928e867c55b77b59e2851cf6444

C:\Users\Admin\AppData\Local\Temp\TarC720.tmp

MD5 dd73cead4b93366cf3465c8cd32e2796
SHA1 74546226dfe9ceb8184651e920d1dbfb432b314e
SHA256 a6752b7851b591550e4625b832a393aabcc428de18d83e8593cd540f7d7cae22
SHA512 ce1bdd595065c94fa528badf4a6a8777893807d6789267612755df818ba6ffe55e4df429710aea29526ee4aa8ef20e25f2f05341da53992157d21ae032c0fb63

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 49f3195ee55b8c9654798ff9fd090de8
SHA1 e1db0fca32835692036653944fbd9e1be03d88e5
SHA256 858b615fb12f08869eb32f3fd0ed732cec279b84bf92aac3faf015b00393d838
SHA512 75272621d18c4c8db05da23f6b6b6b1b7c9541203d09500379f24f7fa70e5900f9dc37796f28b8f553527d197a043e2d4c5b6e6eb7ba9a7768715ec6e157a185

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9642e807a3b679c1d3ff8918e78ffd09
SHA1 1c92b31455fe22bfd2c023e9e62078df4a484c87
SHA256 4cd8c0e87d8e6ccec9679c52004ce5328ec8774521d28ae02fc2d48170aeec0f
SHA512 21f3b5b865afe03dcc09b4b916fac590026f58c30ac97909b18571d72157efaa16888b41a68ce2d64b353072115824c545f57acc9446b6f4c67fe925282c98ba

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7e28afb7a5bd4cf83b1bcbcf903066cc
SHA1 a450045aa4bc7a72934e7185494abb5bbab73411
SHA256 d07e679d11cfcb0105fb9663b36721c14e1e28eaccc39fc217316edf952426d5
SHA512 a7202e6db43b15e1899ec4d1c1f5399b3dfe9b0651d653f3238b9a4d4d2f105f410a39f973970eeadaf217a752dca9091776f3f947187721d621a713e5f45078

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8416c00f97720764b2d6929e9a318eae
SHA1 a453ddf18d2ad0dcb4d01a96a0e7b92ee8ccf8dc
SHA256 14a4817bcc74a1ce15a37965fa77b4d9a6f3e469d820e6f6f0337a6a36d00c52
SHA512 ac16e3352121f0bd66ca9e51a8980e98f30f0bfebc90361d74ad33593aea990d31305e52a09130c82921adbdf77bdfac6a3a1b11291fc8dcd6ed746c4313fe40

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7a249185e041a92ccfb9ab849f01ae62
SHA1 8c01a8c799eefb0ea9318177049e35da87a83766
SHA256 23c7fcb73f85b3f2346eda9a2a1093bb2ee9e52a59514650c1836dc587e13b3b
SHA512 c8259d01d9c3291bbf32bd068fe4e35f773ca125c5da0c29ecec278a91d06f89d21d392bb528fa7a69519cbdff28ad03d385dfb4e17c9c4122961f47ec9d2919

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ce702f7a9fa79607886316e70af5ff8c
SHA1 0aabac0c2f5ba467379bd9d52f0fbe6e23ea6d2d
SHA256 4faf8e4ad20e46d64c69b9d1128492523bf95947b7b4515523210149ce7f4e68
SHA512 7def9fdf3c22a24fed2636fe9e598fc3f5f8bb06e242ab5d2dd214bdcce80800f262206d49ccce0bc0ff85c4865e5cc1c74d167c51af6985860c9ea2777c6d21

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 79deb8d543b61c4becc1343bd684ceb7
SHA1 c58e7a15e69d463299be28012fb1f178f0324865
SHA256 27e0e96f9ea17def6e70d5f7396c938fd9a12899ab13da0f1f6bc5c78c86f9dd
SHA512 e9b71353ce5e2c9f7d3f3e4f45cab3932ca3cd9ff0e3e866a05e3ca36b47509c71cbd9a2cf15cea35f8e1d32929c6c53b2c888f0e33b7189aed5ffe2b237ddb3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d855393d27a6c0009db4565bca883f47
SHA1 7be76341e990093db8e43b57241d097f8842cbed
SHA256 e0706bd28290aa82d9c925ac43119e6544607c92bfb4e03009437cf85d9f1b3d
SHA512 7eca49c30d0c7c94976b1f40262256dbdc0b7746bc9bbfeaf5f7952369b74fdafbd14f7038fca00f0596851a41ff0968b6c659e69b8c2abb1676ac8c29553942

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 55c3335f6a470e8e8c7a26ce32858372
SHA1 77449d315339b35b5c2630c879aef769ffc659f0
SHA256 2640fa5a340b67835e3998754801149b5916f093e5caf18321eab179d62456e2
SHA512 d2fe1f3f4f08329a004c126eaaa6c0a0ac703932b4b3b9a9325067f1f382aae922366074ab3c404dd882947215366179a9a195f4a3951e2e3872cc6706c5e324

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ca06c4ac38fe58e424f8b079109930e0
SHA1 40df968d5902f28ec7ae184a347f85da0e3ca995
SHA256 01040feb94c878314465543413d3544d56b1dd6d65ea2ee359a8752204f6ca7e
SHA512 69c95d1de99f658df7fae3c3db53a06704c565b2e0b1374b44d80d669df8a4e78229d9eaac7f9d61a9e88924a51fd80e45fba31ad5f5d16a2df345bcd687cc16

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 49f21145579b642658cf37ccca9f9d3d
SHA1 ed43964d7ef052b34b08e70afdabf1e1e9a55d54
SHA256 1dfd82ac5828a09679a4f96a2ab2fc74fccbfcecda5a53c4995fd41c328bb647
SHA512 49bd64107bc946ef3b888cafac5fb940ae74a22ecee7e4c2e94f0ba60f23e3b143a4434638cb497684be978bc4866354d32028a34ba062597c76c50d3d884a26

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 06a8a8e8f4806c94f4e6c1b069d5e40a
SHA1 bdf59b126451a7df372b50962a2e237f23c3024d
SHA256 4508539ca02ceac8f516b5a280be3387f3292192eba482edd080a896f478bcd6
SHA512 058d047e89e14453e070ab69b73990b1af8a2828131e4129879e817c9b152c4c08d80c8443e23d99b3ef3b9989cb96e22ecc2b53636b7145eb0f215a11cf2f37

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 47acacaa2307ccedf981ce934fe615bd
SHA1 c3e088379f810e17e00340db9c7eb180a629cb85
SHA256 d8c2182a98d7ba5d11ba4c3cbcfe81117350faf331cd14db5d0609e2badc4761
SHA512 143edcc8b61b94d1f9a6a7e48fd086099bf06aa93df79706c36e5aa94c2f6521bc0e7b24ff379745d3295bad518f08505c5b08a8b68d5ea1b069326848b95776

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 11f0b9312eef23f0fd9601cdc2ed33d0
SHA1 f0c7b7871761895da7b20952408fd9cf763abf82
SHA256 ee0aa2501acd70953f9573c67d8b284aca6b67208dae00e4cb78c133dab40394
SHA512 3feba02462d613adb2bb797fbd46cd2dff33349eaf349409031154e9df9e498726f8d411fdcbe5613d3eab961eeab001bad10d080a817c65996269e77ed58d19

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 37b36931fcf1945963044f58e7ca3499
SHA1 cab28c527a19e09d2274303678e4562ff7920a5a
SHA256 d20792cf3a1249bc4f70eec46d7a2317e18e9ff6e8f87b1d9628968d84a6e72d
SHA512 335acb0d99fdc8912a48cd3ca84f647c7c5877f6b3c3311a22098bc4d8f5109a7e03369543276141273ea50553fe56fbb78f0e829e9a126c12b1f112da70917a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 43e41661d6e6443245c8d7139b527e29
SHA1 724b7987818c582235f8568c6b8651c563915bd8
SHA256 46cfcf84de66891c551ada852d83b85fafb6f1c9b8d31eeca1d8a1be3c7565a9
SHA512 714d22c0a3a79453f83bb8c11c2e9f3f9911092c63cdefa9f420054b09d65306b594f20e1396f834c9fa9b51239a55c8eb7e70a137c962d7200e4bb1acf31658

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9a9eda1f1969b5302cbfa046240f9a7f
SHA1 a2053e6e70f2645ec19789d93c870f8a62f729a7
SHA256 45c6b0aea786e973371960a073f02920085564202767b4a540251d73b452d656
SHA512 98c07d6a09aba2b10c430e546cfb57e43f2513499daad638358c8d843d727b0506f1be6b44df1cabba21660c67838a9f5f193288877572915f40924da9e3c57e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b6c5a9f0ad40d8472f62764b80329d3a
SHA1 f2b07e30ccac70edffc01fa2f0458c914840e706
SHA256 40cc0bd37b493de03d5d146e186bbcac0b99eadf7e7a530baddc132b79e3fba8
SHA512 f6685b425145f782f379a8419fa8c79aa190b4d3f9d66155af37215ad749d624224faffd29059d8d0e8fba7359a54021199c2460452849a610f4f397ac9b223d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6d7c2ac5cdec22b6c4a54316fd2088d1
SHA1 a9984ed03380cfcc69b9c61b383ff1122f72f4f2
SHA256 0b639710812d447a2a4d72b10c6cb5b125622c0f3f9acca149c1313fd50e522b
SHA512 e7f942846d37f2cfffe8d6a5f328d390daa218e047fe6f497082e18b2be09000549c351ae7881f0f76b823998dc0e6b3867c19371138f4f8b6bca1a4a163ff79

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0bdf062f63aff46d88c0b0b3134b31b8
SHA1 141ffb54bd31d666a08eea4066bf18373766ad56
SHA256 01a0c513bcab13f17424bfd341163e2307071abd000ef0b5492918fd2356285d
SHA512 ce6a66d6d1514c52059fb5394cf4030b40eec2691ef4d2ead6ef971e20f4cc64d5c9ff827634c4a314e86db23300df2e11fa4045781d9c448d4009259c560e5e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0c3d0fcc31d256563e3d7f3697baad2b
SHA1 60e84c3379823b06b8487c3a9384ead0ecf116db
SHA256 b5f042b4b20a769def8fb930fd640fd569b33843f26a3e683d89146fdd501ccf
SHA512 fa257b25995679ca08121a769758dba98113457c207f9dcffa26a6b2d291073be0bc06fa5ea19f7c2239656732f371f483e606fbbcc984539adc06c06875253c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9796b2fbb333d00a7aa26e3c6d4fd136
SHA1 03870e467e90cbbf49920c6073b53300fe687cf5
SHA256 e4525f9332adcb60cb656c1876afe58a99ae2b77a4ec0fd59d48a7bd3d4c9c00
SHA512 d744b3ee59af2665a622732b9e29720723beb3a8b90f3767c367b82c5c2c1e6b6a438093909bb9185a549f62bb00d6a6259321b28b0b89e8961285d3a8029957

Analysis: behavioral2

Detonation Overview

Submitted

2024-02-29 03:37

Reported

2024-02-29 03:39

Platform

win10v2004-20240226-en

Max time kernel

136s

Max time network

139s

Command Line

"C:\Users\Admin\AppData\Local\Temp\ad967292a0b22c3289b6e7e58f45b439.exe"

Signatures

ASPack v2.12-2.42

aspackv2
Description Indicator Process Target
N/A N/A N/A N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe N/A

Modifies system executable filetype association

persistence
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\Shell\JustZIPit\Command C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shell\JustZIPit\ = "Just&ZIPit - Create a ZIP File" C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\Shell\JustZIPit_Email C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shell\JustZIPit C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shell\JustZIPit\Command\ = "C:\\Users\\Admin\\Documents\\AvatarSoft\\JustZIPit\\JustZIPit.exe \"%1\"" C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\Shell\JustZIPit C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shell\JustZIPit_Email\ = "JustZIPit - then &Email" C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\Shell C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shell\JustZIPit\Command C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shell\JustZIPit_Email\Command C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\Shell\JustZIPit_Email\Command C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shell\JustZIPit_Email C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shell\JustZIPit_Email\Command\ = "C:\\Users\\Admin\\Documents\\AvatarSoft\\JustZIPit\\JustZIPit.exe \"-e\" \"%1\"" C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe N/A

Enumerates physical storage devices

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Excel.CSV\shell\JustZIPit_Email\Command\ = "C:\\Users\\Admin\\Documents\\AvatarSoft\\JustZIPit\\JustZIPit.exe \"-e\" \"%1\"" C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\VLC.mpg\shell\JustZIPit_Email\ = "JustZIPit - then &Email" C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\wab_auto_file\shell\JustZIPit_Email C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\shtmlfile\Shell\JustZIPit\Command\ = "C:\\Users\\Admin\\Documents\\AvatarSoft\\JustZIPit\\JustZIPit.exe \"%1\"" C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Word.Document.8\Shell\JustZIPit\Command C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Word.RTF.8\Shell\JustZIPit_Email\Command C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Paint.Picture\shell\JustZIPit\Command C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\VLC.wma\Shell\JustZIPit\Command C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\VLC.wma\Shell\JustZIPit_Email\Command C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\PowerPoint.Show.8\shell\JustZIPit_Email C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\xmlfile\shell\JustZIPit_Email\ = "JustZIPit - then &Email" C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Excel.Sheet.8\Shell\JustZIPit_Email\Command C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\VLC.ogg\Shell\JustZIPit\Command C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.zip\ = "JustZIPit_Archive" C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\PowerPoint.Show.8\Shell\JustZIPit\Command C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Paint.Picture\shell\JustZIPit\ = "Just&ZIPit - Create a ZIP File" C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Excel.CSV\Shell\JustZIPit_Email\Command C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Excel.CSV\shell\JustZIPit_Email\ = "JustZIPit - then &Email" C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\VLC.wma\shell\JustZIPit_Email\Command C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Excel.Template.8\shell\JustZIPit\Command C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\VBSFile\Shell C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TIFImage.Document\shell\JustZIPit_Email\ = "JustZIPit - then &Email" C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Excel.Template.8\Shell C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shell\JustZIPit_Email\ = "JustZIPit - then &Email" C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\txtfile\Shell\JustZIPit\Command C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Excel.Sheet.8\Shell\JustZIPit\Command C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\exefile C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\VLC.mpg\Shell\JustZIPit C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\JustZIPit_Archive\ = "ZIP Archive File" C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\htmlfile\shell\JustZIPit\ = "Just&ZIPit - Create a ZIP File" C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CSSfile\Shell\JustZIPit C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\aspfile C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\hlpfile\shell\JustZIPit_Email\ = "JustZIPit - then &Email" C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\VLC.mov\Shell\JustZIPit_Email\Command C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\xmlfile\shell\JustZIPit_Email C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\VLC.mp3\Shell C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\VLC.mpeg\shell\JustZIPit\Command\ = "C:\\Users\\Admin\\Documents\\AvatarSoft\\JustZIPit\\JustZIPit.exe \"%1\"" C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\VLC.mov\shell\JustZIPit_Email\Command\ = "C:\\Users\\Admin\\Documents\\AvatarSoft\\JustZIPit\\JustZIPit.exe \"-e\" \"%1\"" C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Excel.SLK\Shell\JustZIPit_Email C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Excel.Addin\shell\JustZIPit_Email\Command C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shell\JustZIPit_Email\Command C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\Shell\JustZIPit\Command C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Paint.Picture\Shell\JustZIPit\Command C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\VLC.wma\Shell\JustZIPit C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Excel.Addin\shell\JustZIPit_Email\ = "JustZIPit - then &Email" C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Microsoft Email Message\Shell\JustZIPit_Email C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\giffile C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\giffile\Shell C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Word.Document.8\shell\JustZIPit\Command C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Word.Document.8\Shell\JustZIPit_Email C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\AcroExch.Document.DC\Shell\JustZIPit_Email\Command C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\shtmlfile\Shell\JustZIPit\Command C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Excel.CSV\Shell\JustZIPit_Email C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\jpegfile\shell\JustZIPit\ = "Just&ZIPit - Create a ZIP File" C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\JustZIPit_Archive\Shell\Open\Command\ = "C:\\Users\\Admin\\Documents\\AvatarSoft\\JustZIPit\\JustZIPit.exe \"%1\"" C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\chm.file\Shell\JustZIPit C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\wab_auto_file\Shell\JustZIPit C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\txtfile\shell\JustZIPit\Command\ = "C:\\Users\\Admin\\Documents\\AvatarSoft\\JustZIPit\\JustZIPit.exe \"%1\"" C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Word.RTF.8\shell\JustZIPit C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Word.RTF.8\Shell\JustZIPit C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Word.RTF.8\shell\JustZIPit\ = "Just&ZIPit - Create a ZIP File" C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\PowerPoint.Show.8 C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\aspfile\Shell\JustZIPit C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\VLC.mov\shell\JustZIPit_Email C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4304 wrote to memory of 2628 N/A C:\Users\Admin\AppData\Local\Temp\ad967292a0b22c3289b6e7e58f45b439.exe C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe
PID 4304 wrote to memory of 2628 N/A C:\Users\Admin\AppData\Local\Temp\ad967292a0b22c3289b6e7e58f45b439.exe C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe
PID 4304 wrote to memory of 2628 N/A C:\Users\Admin\AppData\Local\Temp\ad967292a0b22c3289b6e7e58f45b439.exe C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe
PID 2628 wrote to memory of 2652 N/A C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2628 wrote to memory of 2652 N/A C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2652 wrote to memory of 2516 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2652 wrote to memory of 2516 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2652 wrote to memory of 400 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2652 wrote to memory of 400 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2652 wrote to memory of 400 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2652 wrote to memory of 400 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2652 wrote to memory of 400 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2652 wrote to memory of 400 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2652 wrote to memory of 400 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2652 wrote to memory of 400 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2652 wrote to memory of 400 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2652 wrote to memory of 400 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2652 wrote to memory of 400 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2652 wrote to memory of 400 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2652 wrote to memory of 400 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2652 wrote to memory of 400 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2652 wrote to memory of 400 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2652 wrote to memory of 400 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2652 wrote to memory of 400 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2652 wrote to memory of 400 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2652 wrote to memory of 400 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2652 wrote to memory of 400 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2652 wrote to memory of 400 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2652 wrote to memory of 400 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2652 wrote to memory of 400 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2652 wrote to memory of 400 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2652 wrote to memory of 400 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2652 wrote to memory of 400 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2652 wrote to memory of 400 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2652 wrote to memory of 400 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2652 wrote to memory of 400 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2652 wrote to memory of 400 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2652 wrote to memory of 400 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2652 wrote to memory of 400 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2652 wrote to memory of 400 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2652 wrote to memory of 400 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2652 wrote to memory of 400 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2652 wrote to memory of 400 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2652 wrote to memory of 400 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2652 wrote to memory of 400 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2652 wrote to memory of 400 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2652 wrote to memory of 400 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2652 wrote to memory of 3684 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2652 wrote to memory of 3684 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2652 wrote to memory of 2892 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2652 wrote to memory of 2892 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2652 wrote to memory of 2892 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2652 wrote to memory of 2892 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2652 wrote to memory of 2892 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2652 wrote to memory of 2892 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2652 wrote to memory of 2892 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2652 wrote to memory of 2892 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2652 wrote to memory of 2892 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2652 wrote to memory of 2892 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2652 wrote to memory of 2892 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2652 wrote to memory of 2892 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2652 wrote to memory of 2892 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2652 wrote to memory of 2892 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2652 wrote to memory of 2892 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Users\Admin\AppData\Local\Temp\ad967292a0b22c3289b6e7e58f45b439.exe

"C:\Users\Admin\AppData\Local\Temp\ad967292a0b22c3289b6e7e58f45b439.exe"

C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe

C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe -firstlaunch

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\JustZIPit\About.htm

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbf64146f8,0x7ffbf6414708,0x7ffbf6414718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2168,4629769309711929617,13954050560822664942,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2180 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2168,4629769309711929617,13954050560822664942,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2232 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,4629769309711929617,13954050560822664942,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3136 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,4629769309711929617,13954050560822664942,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3128 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2168,4629769309711929617,13954050560822664942,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2700 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2168,4629769309711929617,13954050560822664942,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5224 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2168,4629769309711929617,13954050560822664942,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5224 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,4629769309711929617,13954050560822664942,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4836 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,4629769309711929617,13954050560822664942,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4956 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,4629769309711929617,13954050560822664942,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3648 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,4629769309711929617,13954050560822664942,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5640 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2168,4629769309711929617,13954050560822664942,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4944 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 68.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 9.228.82.20.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 41.110.16.96.in-addr.arpa udp
US 8.8.8.8:53 mesothelima.net udp
US 8.8.8.8:53 2.242.123.52.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 217.135.221.88.in-addr.arpa udp
US 8.8.8.8:53 194.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 21.236.111.52.in-addr.arpa udp

Files

memory/4304-0-0x00000000023C0000-0x00000000023C1000-memory.dmp

C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe

MD5 ad967292a0b22c3289b6e7e58f45b439
SHA1 58777aed823b559adff0090a8595b5ce1d57fe1b
SHA256 dd7a328ba2cc59cf699efe1a83f45fb9da3837e7cb49e23312d9396e9536cca0
SHA512 8eba04c5fb6634ae7cff71b2757315e15930fdb9b43b1f48f2fba023969aaa28291c0dc4e4a0411367d4376dbaeb29660b2448f9e8c95ceb5eb1a5b18a8f711f

memory/2628-5-0x00000000006D0000-0x00000000006D1000-memory.dmp

memory/4304-11-0x0000000000400000-0x00000000004F4000-memory.dmp

memory/2628-25-0x0000000000400000-0x00000000004F4000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 279e783b0129b64a8529800a88fbf1ee
SHA1 204c62ec8cef8467e5729cad52adae293178744f
SHA256 3619c3b82a8cbdce37bfd88b66d4fdfcd728a1112b05eb26998bea527d187932
SHA512 32730d9124dd28c196bd4abcfd6a283a04553f3f6b050c057264bc883783d30d6602781137762e66e1f90847724d0e994bddf6e729de11a809f263f139023d3b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 cbec32729772aa6c576e97df4fef48f5
SHA1 6ec173d5313f27ba1e46ad66c7bbe7c0a9767dba
SHA256 d34331aa91a21e127bbe68f55c4c1898c429d9d43545c3253d317ffb105aa24e
SHA512 425b3638fed70da3bc16bba8b9878de528aca98669203f39473b931f487a614d3f66073b8c3d9bc2211e152b4bbdeceb2777001467954eec491f862912f3c7a0

\??\pipe\LOCAL\crashpad_2652_JGRNYFVYTFNLHGKK

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Temp\JustZIPit\About.htm

MD5 fc0f18afc6c2335569fdd3a3740fbadb
SHA1 a6c8a0596ed082d4cc45200bc978c9b8996e7bc5
SHA256 ad20cba40c89a42bbf790909511f1abbe3fd0c447d2dfd2af765aedd301b5dc0
SHA512 f02a5931c1248b2e6c01a3d8593f65fd3fcb8d80134652025e125f26150df59da39e6ae33eafc54f92b499742200a6cbc6684efb61c214e27fbbf23411d1bd1a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 9f7e7a70d1a39e024cbb94d8f33568c7
SHA1 fad06d87f45ed5ae50af6aaf31399c75e5573026
SHA256 37529c63578c74e0c8b712683dcea3946d7ee76082e39f8ab41ecd58951c68ec
SHA512 f926d5db82493171b879e8f6b52811d4fd591e81b763a72d241b6665eefe1530dea772bba60fb995d0622eb861f1749ed939abcc22d7eb78f4d12be2b4616858

C:\Users\Admin\AppData\Local\Temp\JustZIPit\sshot_sm.gif

MD5 6db37e80fd1d38af357cfce03445d400
SHA1 5fa994f46f6e10c9370dca598da11e473ce4a59c
SHA256 f21ad1de66ebb5d0156627ca58a1a1923a8c19ae708e594049930c4d76a927e3
SHA512 c0fe5b1d1fbeb7c292521e7df1fd9c364b58a15f23dae18cb63f0ca7187a97426de7db65f59647d4dc886d9c6ea0dc875c218babfd71f04a6304bb70fe0071de

C:\Users\Admin\AppData\Local\Temp\JustZIPit\company_logo.gif

MD5 10c0cdffd5977ee7aaf2b59690ff1164
SHA1 fb349dbcf7e8abaad7fcb1086fced8d37d87aab7
SHA256 2be078a93a03130e600836c4e822197631553d16817b6815d925a0c63ca2d1c9
SHA512 53862bd8291b6c3a2dea08d81086cba9d0ee5578438e3d7a47fa5d181369c22ea206c13e2a23b065dc2889d32c0136f81c0dc009eec9c4a8ba69bedd0a41548f

C:\Users\Admin\AppData\Local\Temp\JustZIPit\QuickCalc_banner.gif

MD5 90c2a262d7916d53021b7019ec8007c0
SHA1 0557973f4638e501e8688435ea6f0ec501ecf758
SHA256 7d647877d9cd7e320870b34153a24697e0bdb67d07720c6b40e728f5baf4b3bd
SHA512 7b2de1f75cdca5091263bc28aa3f1c3be5aa3f2433c020d3453168fd25d125ab268e9dd0359ff44b15c7b980c0e4ea29d329926f137c8941dd76179099d30b1d

C:\Users\Admin\AppData\Local\Temp\JustZIPit\Back2zip_125x125_02.gif

MD5 cf8a857e38a8ffa9bf7fe8959523f55b
SHA1 fbbdee84b0750a5be4c061a92554cebc18e660f2
SHA256 4391bed496095d4e87c6df4ab4df2f81f15c615b7528acc37de9c5f89ccab905
SHA512 2706c368fb6adef8c6a20fcfab2bc8a40b32b6b8e424215ffd1c78b8e3dba7588f1ff433c8356009772987142acccb285c752a080a03a8cbe0843c2508358d48

C:\Users\Admin\AppData\Local\Temp\JustZIPit\demo.gif

MD5 032d5341f1e64fd77fc07a494a4b3f30
SHA1 fec1a601a5d3ae1c98d04ae912231dc8ac977e52
SHA256 7d1b63b7f777b294a12ed621b81fde0182816e7252657d0369ee9fc2cf811051
SHA512 5dbbef35e7332abca1aeb391cf82e84a3a97e77c575d22052df535f99378d712f38d76e8db292f2e8c0f9ed508dda74c0df4486ab27172d6558b99020dff86b7

C:\Users\Admin\AppData\Local\Temp\JustZIPit\AckerPack_box.gif

MD5 93d863301cc193fa02c826bb0a1842b6
SHA1 a4bfa710fea863ae8ccc77718b7c0dc480f2d63e
SHA256 6360caca4b97f4ee4b8618b22da6f801d9bc676d5fe4c08f381dd9325b0b21ca
SHA512 558283635116d4b5b3bbd1210179af001b9d0bf9e8c17dc523e38cfa000149142768cb5b0dacf36f15bceaa954ae0b1039b8618cc27f33b443985b9b20e8057c

C:\Users\Admin\Desktop\JustZIPit.lnk

MD5 62a92c90885826cdb7d2a7d13f504a9e
SHA1 b56de818e7bda9be511a65b2631476bde8cb1ec3
SHA256 0a65766f2e0932115eebccd94398fc3b5c24baca30a58c9b763087332c192281
SHA512 bb24c4f2494ada5b460f4f4e7703063d486f17cf1f6bad3c8ff05dfff6fce2f030832b85981f9f5aa2eea5539f7b9cee3b39206137a69ed0732ef5ee95032af2

C:\Users\Admin\Desktop\CoolTools.lnk

MD5 a0f8d45d6de0e235b1ccf07e0fce6ca6
SHA1 df979436fee508e359868ae69cf0df34d310caf3
SHA256 96394974d5f88c4e018f3a275fafba6bab133860e1c000d3a748f196dd86fa27
SHA512 1392024214ee832d960e581d0ff26e7a25ad78eec2f4ba643f5ccd77e0cacb337b1f49e7f2920e33995d9cd8745ffa133a9cab0c3dfbdd48cc1fd0b0f4b7c826

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 09226e77570fc2f59b91ebcb42418a8d
SHA1 4f80251c0372e873617334e2e8dff70a146e10c4
SHA256 2d317ef69fc60643e6e8b27a26c7bb225dc0b99a7c65c8b1a98550ed5ad50895
SHA512 6cd21c8e6af4eb98c759f0d782ede6bdef8d85f51f1245684d7adf1000a7154eff989778b90717bbf53cee6a6030dcf2607d881ac760670cf23ea17fb751c61b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 2a81b130195ba60cba7d88f5871b6647
SHA1 d32a898658fba35cd5e8f78f02d752160f68aaf5
SHA256 6d546cfa33e9b09f63be8500e9c470f28994d817fcba63ebdfec8a2d31e9b9a4
SHA512 be95665d64e36b29243483510393d79c0a94f738de2f8bd5852fc9fefd62af0b7dfd059dba4cc244653d98cf2a93aa1eb2b61d27840aba1fca7e7f60323f0e07