Analysis Overview
SHA256
dd7a328ba2cc59cf699efe1a83f45fb9da3837e7cb49e23312d9396e9536cca0
Threat Level: Shows suspicious behavior
The file ad967292a0b22c3289b6e7e58f45b439 was found to be: Shows suspicious behavior.
Malicious Activity Summary
Modifies system executable filetype association
Loads dropped DLL
Executes dropped EXE
ASPack v2.12-2.42
Enumerates physical storage devices
Unsigned PE
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates system info in registry
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-02-29 03:37
Signatures
ASPack v2.12-2.42
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-02-29 03:37
Reported
2024-02-29 03:40
Platform
win7-20240221-en
Max time kernel
149s
Max time network
158s
Command Line
Signatures
ASPack v2.12-2.42
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\ad967292a0b22c3289b6e7e58f45b439.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\ad967292a0b22c3289b6e7e58f45b439.exe | N/A |
| N/A | N/A | C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe | N/A |
| N/A | N/A | C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe | N/A |
| N/A | N/A | C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe | N/A |
| N/A | N/A | C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe | N/A |
| N/A | N/A | C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe | N/A |
| N/A | N/A | C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe | N/A |
Modifies system executable filetype association
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\Shell\JustZIPit | C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shell\JustZIPit_Email\ = "JustZIPit - then &Email" | C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\Shell\JustZIPit\Command | C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\Shell | C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shell\JustZIPit | C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shell\JustZIPit\Command\ = "C:\\Users\\Admin\\Documents\\AvatarSoft\\JustZIPit\\JustZIPit.exe \"%1\"" | C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\Shell\JustZIPit_Email\Command | C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shell\JustZIPit_Email\Command | C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shell\JustZIPit\Command | C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shell\JustZIPit\ = "Just&ZIPit - Create a ZIP File" | C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shell\JustZIPit_Email | C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shell\JustZIPit_Email\Command\ = "C:\\Users\\Admin\\Documents\\AvatarSoft\\JustZIPit\\JustZIPit.exe \"-e\" \"%1\"" | C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\Shell\JustZIPit_Email | C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe | N/A |
Enumerates physical storage devices
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{E8F403E1-D6B3-11EE-87F2-6A83D32C515E} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d94d2d3723739f48802cd6414eea5c7e000000000200000000001066000000010000200000005f0f45052c2d175d062fb87adf1e1dd2d24798dd3f53e1759d1cac3ce543c541000000000e800000000200002000000020b279e2a3e3000b683eb6e8e7e09bf8033e02d89d3525bd7b5589e7d19e153590000000679a7aab6cead0f9ce914d10e56ef713fc7196bf4a0936119e674f397e1a3fcb1e7ec988a69e913eee6f4b80b8f187c7c101e178b7567405ba8eb8d67144a3fc5e5364f71b76c2eac81e503523dfaf43c23f1acdcc84997caee61631a9639f81e9a39518139ce7b21078c9a49867e9b8f9a420ac1081dc5c80ff38c82ebd691c59787e30dc93ee89a08c9cdfd879ecea40000000dea35a75fd301e79f032061f051ff9def322674da0f69de7965085a69fee39113e61b87758650ab4f3bc82603e96c318a36ed6cedeee15a18270f4b15db08ceb | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "415339737" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = a0da62c0c06ada01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d94d2d3723739f48802cd6414eea5c7e00000000020000000000106600000001000020000000928e21069422775d84d4014bade3d840edd020b1189bf94bf30652b750f4dc04000000000e8000000002000020000000896902fa683a31029224cf5cad9f7873a993acab8947ad7285ea111a39cd239f20000000b0a0fdf9916f0af23535950e58e7fc0e09d409460c4c3a8dc534b309507c890a40000000f49de65a13d88f56b4e57e8288f32b22963921784621d3248d9f6abd83ba7ccefe933c3394ed34f0eff6935f324c6a6994e8a41ec4fd5a4d4e6f36c9735ac894 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\TIFImage.Document\shell\JustZIPit\Command | C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\VLC.mpg\shell\JustZIPit_Email\Command\ = "C:\\Users\\Admin\\Documents\\AvatarSoft\\JustZIPit\\JustZIPit.exe \"-e\" \"%1\"" | C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Word.Document.8\shell\JustZIPit_Email\ = "JustZIPit - then &Email" | C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Excel.Sheet.8\Shell\JustZIPit_Email | C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Paint.Picture\shell\JustZIPit_Email\Command | C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\giffile\shell\JustZIPit_Email\Command\ = "C:\\Users\\Admin\\Documents\\AvatarSoft\\JustZIPit\\JustZIPit.exe \"-e\" \"%1\"" | C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\wab_auto_file\shell\JustZIPit_Email\Command | C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\.tgz\ = "JustZIPit_Archive" | C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\txtfile\shell\JustZIPit\ = "Just&ZIPit - Create a ZIP File" | C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\xmlfile\Shell\JustZIPit_Email | C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\VLC.mpg\Shell\JustZIPit | C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Excel.SLK | C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\shtmlfile\Shell\JustZIPit_Email\Command | C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shell\JustZIPit_Email\ = "JustZIPit - then &Email" | C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\AcroExch.Document\Shell\JustZIPit\Command | C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Excel.Template.8\shell\JustZIPit\ = "Just&ZIPit - Create a ZIP File" | C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\htmlfile\Shell\JustZIPit | C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Excel.Addin\Shell\JustZIPit\Command | C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Outlook.File.msg.14\shell\JustZIPit\Command\ = "C:\\Users\\Admin\\Documents\\AvatarSoft\\JustZIPit\\JustZIPit.exe \"%1\"" | C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Excel.CSV\Shell | C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\VLC.mpeg\shell\JustZIPit_Email | C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\VLC.mov\Shell | C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\JustZIPit_Archive\Shell\Open\ = "&JustUnZIPit" | C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\shtmlfile | C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\hlpfile\shell\JustZIPit_Email\Command\ = "C:\\Users\\Admin\\Documents\\AvatarSoft\\JustZIPit\\JustZIPit.exe \"-e\" \"%1\"" | C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\htmlfile\shell\JustZIPit_Email\ = "JustZIPit - then &Email" | C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shell\JustZIPit | C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\htmlfile\Shell | C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\VLC.wma\Shell\JustZIPit\Command | C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Word.RTF.8\shell\JustZIPit_Email\Command | C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\aspfile\Shell\JustZIPit_Email\Command\ = "C:\\Users\\Admin\\Documents\\AvatarSoft\\JustZIPit\\JustZIPit.exe \"-e\" \"%1\"" | C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CSSfile\Shell\JustZIPit\Command\ = "C:\\Users\\Admin\\Documents\\AvatarSoft\\JustZIPit\\JustZIPit.exe \"%1\"" | C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\VLC.wma\shell\JustZIPit_Email | C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\txtfile\shell\JustZIPit_Email\Command\ = "C:\\Users\\Admin\\Documents\\AvatarSoft\\JustZIPit\\JustZIPit.exe \"-e\" \"%1\"" | C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CSSfile | C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\VLC.mpeg\Shell | C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\VLC.mpeg\Shell\JustZIPit_Email\Command | C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Msi.Package\shell\JustZIPit | C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\htmlfile\shell\JustZIPit | C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Excel.CSV\shell\JustZIPit_Email\Command | C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\VBSFile\Shell\JustZIPit | C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\AcroExch.Document\Shell\JustZIPit_Email\ = "JustZIPit - then &Email" | C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\shtmlfile\Shell\JustZIPit\Command\ = "C:\\Users\\Admin\\Documents\\AvatarSoft\\JustZIPit\\JustZIPit.exe \"%1\"" | C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\VLC.mpg\Shell\JustZIPit\Command | C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Outlook.File.eml.14\shell\JustZIPit\ = "Just&ZIPit - Create a ZIP File" | C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Excel.CSV\shell\JustZIPit\ = "Just&ZIPit - Create a ZIP File" | C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Excel.Sheet.8\shell\JustZIPit\Command | C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\VLC.wma\shell\JustZIPit\Command\ = "C:\\Users\\Admin\\Documents\\AvatarSoft\\JustZIPit\\JustZIPit.exe \"%1\"" | C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Folder\Shell\JustZIPit_Email\Command | C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\xmlfile\shell\JustZIPit\Command\ = "C:\\Users\\Admin\\Documents\\AvatarSoft\\JustZIPit\\JustZIPit.exe \"%1\"" | C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\VLC.ogg\Shell\JustZIPit | C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\aspfile\Shell\JustZIPit_Email\Command | C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Msi.Package\Shell\JustZIPit | C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\VLC.mpg\shell\JustZIPit\ = "Just&ZIPit - Create a ZIP File" | C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\VLC.mpg\Shell\JustZIPit_Email | C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\VLC.ogg | C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Folder | C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Word.RTF.8\shell\JustZIPit\ = "Just&ZIPit - Create a ZIP File" | C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Word.RTF.8\shell\JustZIPit_Email | C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Excel.Sheet.8\Shell\JustZIPit | C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\aspfile\Shell\JustZIPit\Command | C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Paint.Picture\shell\JustZIPit | C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\VBSFile\Shell\JustZIPit_Email | C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Word.RTF.8 | C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\ad967292a0b22c3289b6e7e58f45b439.exe
"C:\Users\Admin\AppData\Local\Temp\ad967292a0b22c3289b6e7e58f45b439.exe"
C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe
C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe -firstlaunch
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\JustZIPit\About.htm
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2468 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | mesothelima.net | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
memory/2212-0-0x0000000000240000-0x0000000000241000-memory.dmp
\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe
| MD5 | ad967292a0b22c3289b6e7e58f45b439 |
| SHA1 | 58777aed823b559adff0090a8595b5ce1d57fe1b |
| SHA256 | dd7a328ba2cc59cf699efe1a83f45fb9da3837e7cb49e23312d9396e9536cca0 |
| SHA512 | 8eba04c5fb6634ae7cff71b2757315e15930fdb9b43b1f48f2fba023969aaa28291c0dc4e4a0411367d4376dbaeb29660b2448f9e8c95ceb5eb1a5b18a8f711f |
memory/2512-9-0x00000000003B0000-0x00000000003B1000-memory.dmp
memory/2212-21-0x0000000000400000-0x00000000004F4000-memory.dmp
memory/2512-34-0x0000000000400000-0x00000000004F4000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\JustZIPit\About.htm
| MD5 | fc0f18afc6c2335569fdd3a3740fbadb |
| SHA1 | a6c8a0596ed082d4cc45200bc978c9b8996e7bc5 |
| SHA256 | ad20cba40c89a42bbf790909511f1abbe3fd0c447d2dfd2af765aedd301b5dc0 |
| SHA512 | f02a5931c1248b2e6c01a3d8593f65fd3fcb8d80134652025e125f26150df59da39e6ae33eafc54f92b499742200a6cbc6684efb61c214e27fbbf23411d1bd1a |
C:\Users\Admin\AppData\Local\Temp\JustZIPit\company_logo.gif
| MD5 | 10c0cdffd5977ee7aaf2b59690ff1164 |
| SHA1 | fb349dbcf7e8abaad7fcb1086fced8d37d87aab7 |
| SHA256 | 2be078a93a03130e600836c4e822197631553d16817b6815d925a0c63ca2d1c9 |
| SHA512 | 53862bd8291b6c3a2dea08d81086cba9d0ee5578438e3d7a47fa5d181369c22ea206c13e2a23b065dc2889d32c0136f81c0dc009eec9c4a8ba69bedd0a41548f |
C:\Users\Admin\AppData\Local\Temp\JustZIPit\demo.gif
| MD5 | 032d5341f1e64fd77fc07a494a4b3f30 |
| SHA1 | fec1a601a5d3ae1c98d04ae912231dc8ac977e52 |
| SHA256 | 7d1b63b7f777b294a12ed621b81fde0182816e7252657d0369ee9fc2cf811051 |
| SHA512 | 5dbbef35e7332abca1aeb391cf82e84a3a97e77c575d22052df535f99378d712f38d76e8db292f2e8c0f9ed508dda74c0df4486ab27172d6558b99020dff86b7 |
C:\Users\Admin\AppData\Local\Temp\JustZIPit\AckerPack_box.gif
| MD5 | 93d863301cc193fa02c826bb0a1842b6 |
| SHA1 | a4bfa710fea863ae8ccc77718b7c0dc480f2d63e |
| SHA256 | 6360caca4b97f4ee4b8618b22da6f801d9bc676d5fe4c08f381dd9325b0b21ca |
| SHA512 | 558283635116d4b5b3bbd1210179af001b9d0bf9e8c17dc523e38cfa000149142768cb5b0dacf36f15bceaa954ae0b1039b8618cc27f33b443985b9b20e8057c |
C:\Users\Admin\AppData\Local\Temp\JustZIPit\QuickCalc_banner.gif
| MD5 | 90c2a262d7916d53021b7019ec8007c0 |
| SHA1 | 0557973f4638e501e8688435ea6f0ec501ecf758 |
| SHA256 | 7d647877d9cd7e320870b34153a24697e0bdb67d07720c6b40e728f5baf4b3bd |
| SHA512 | 7b2de1f75cdca5091263bc28aa3f1c3be5aa3f2433c020d3453168fd25d125ab268e9dd0359ff44b15c7b980c0e4ea29d329926f137c8941dd76179099d30b1d |
C:\Users\Admin\AppData\Local\Temp\JustZIPit\Back2zip_125x125_02.gif
| MD5 | cf8a857e38a8ffa9bf7fe8959523f55b |
| SHA1 | fbbdee84b0750a5be4c061a92554cebc18e660f2 |
| SHA256 | 4391bed496095d4e87c6df4ab4df2f81f15c615b7528acc37de9c5f89ccab905 |
| SHA512 | 2706c368fb6adef8c6a20fcfab2bc8a40b32b6b8e424215ffd1c78b8e3dba7588f1ff433c8356009772987142acccb285c752a080a03a8cbe0843c2508358d48 |
C:\Users\Admin\AppData\Local\Temp\JustZIPit\sshot_sm.gif
| MD5 | 6db37e80fd1d38af357cfce03445d400 |
| SHA1 | 5fa994f46f6e10c9370dca598da11e473ce4a59c |
| SHA256 | f21ad1de66ebb5d0156627ca58a1a1923a8c19ae708e594049930c4d76a927e3 |
| SHA512 | c0fe5b1d1fbeb7c292521e7df1fd9c364b58a15f23dae18cb63f0ca7187a97426de7db65f59647d4dc886d9c6ea0dc875c218babfd71f04a6304bb70fe0071de |
C:\Users\Admin\AppData\Local\Temp\CabC620.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 753df6889fd7410a2e9fe333da83a429 |
| SHA1 | 3c425f16e8267186061dd48ac1c77c122962456e |
| SHA256 | b42dc237e44cbc9a43400e7d3f9cbd406dbdefd62bfe87328f8663897d69df78 |
| SHA512 | 9d56f79410ad0cf852c74c3ef9454e7ae86e80bdd6ff67773994b48ccac71142bcf5c90635da6a056e1406e81e64674db9584928e867c55b77b59e2851cf6444 |
C:\Users\Admin\AppData\Local\Temp\TarC720.tmp
| MD5 | dd73cead4b93366cf3465c8cd32e2796 |
| SHA1 | 74546226dfe9ceb8184651e920d1dbfb432b314e |
| SHA256 | a6752b7851b591550e4625b832a393aabcc428de18d83e8593cd540f7d7cae22 |
| SHA512 | ce1bdd595065c94fa528badf4a6a8777893807d6789267612755df818ba6ffe55e4df429710aea29526ee4aa8ef20e25f2f05341da53992157d21ae032c0fb63 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 49f3195ee55b8c9654798ff9fd090de8 |
| SHA1 | e1db0fca32835692036653944fbd9e1be03d88e5 |
| SHA256 | 858b615fb12f08869eb32f3fd0ed732cec279b84bf92aac3faf015b00393d838 |
| SHA512 | 75272621d18c4c8db05da23f6b6b6b1b7c9541203d09500379f24f7fa70e5900f9dc37796f28b8f553527d197a043e2d4c5b6e6eb7ba9a7768715ec6e157a185 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9642e807a3b679c1d3ff8918e78ffd09 |
| SHA1 | 1c92b31455fe22bfd2c023e9e62078df4a484c87 |
| SHA256 | 4cd8c0e87d8e6ccec9679c52004ce5328ec8774521d28ae02fc2d48170aeec0f |
| SHA512 | 21f3b5b865afe03dcc09b4b916fac590026f58c30ac97909b18571d72157efaa16888b41a68ce2d64b353072115824c545f57acc9446b6f4c67fe925282c98ba |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7e28afb7a5bd4cf83b1bcbcf903066cc |
| SHA1 | a450045aa4bc7a72934e7185494abb5bbab73411 |
| SHA256 | d07e679d11cfcb0105fb9663b36721c14e1e28eaccc39fc217316edf952426d5 |
| SHA512 | a7202e6db43b15e1899ec4d1c1f5399b3dfe9b0651d653f3238b9a4d4d2f105f410a39f973970eeadaf217a752dca9091776f3f947187721d621a713e5f45078 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8416c00f97720764b2d6929e9a318eae |
| SHA1 | a453ddf18d2ad0dcb4d01a96a0e7b92ee8ccf8dc |
| SHA256 | 14a4817bcc74a1ce15a37965fa77b4d9a6f3e469d820e6f6f0337a6a36d00c52 |
| SHA512 | ac16e3352121f0bd66ca9e51a8980e98f30f0bfebc90361d74ad33593aea990d31305e52a09130c82921adbdf77bdfac6a3a1b11291fc8dcd6ed746c4313fe40 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7a249185e041a92ccfb9ab849f01ae62 |
| SHA1 | 8c01a8c799eefb0ea9318177049e35da87a83766 |
| SHA256 | 23c7fcb73f85b3f2346eda9a2a1093bb2ee9e52a59514650c1836dc587e13b3b |
| SHA512 | c8259d01d9c3291bbf32bd068fe4e35f773ca125c5da0c29ecec278a91d06f89d21d392bb528fa7a69519cbdff28ad03d385dfb4e17c9c4122961f47ec9d2919 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ce702f7a9fa79607886316e70af5ff8c |
| SHA1 | 0aabac0c2f5ba467379bd9d52f0fbe6e23ea6d2d |
| SHA256 | 4faf8e4ad20e46d64c69b9d1128492523bf95947b7b4515523210149ce7f4e68 |
| SHA512 | 7def9fdf3c22a24fed2636fe9e598fc3f5f8bb06e242ab5d2dd214bdcce80800f262206d49ccce0bc0ff85c4865e5cc1c74d167c51af6985860c9ea2777c6d21 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 79deb8d543b61c4becc1343bd684ceb7 |
| SHA1 | c58e7a15e69d463299be28012fb1f178f0324865 |
| SHA256 | 27e0e96f9ea17def6e70d5f7396c938fd9a12899ab13da0f1f6bc5c78c86f9dd |
| SHA512 | e9b71353ce5e2c9f7d3f3e4f45cab3932ca3cd9ff0e3e866a05e3ca36b47509c71cbd9a2cf15cea35f8e1d32929c6c53b2c888f0e33b7189aed5ffe2b237ddb3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d855393d27a6c0009db4565bca883f47 |
| SHA1 | 7be76341e990093db8e43b57241d097f8842cbed |
| SHA256 | e0706bd28290aa82d9c925ac43119e6544607c92bfb4e03009437cf85d9f1b3d |
| SHA512 | 7eca49c30d0c7c94976b1f40262256dbdc0b7746bc9bbfeaf5f7952369b74fdafbd14f7038fca00f0596851a41ff0968b6c659e69b8c2abb1676ac8c29553942 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 55c3335f6a470e8e8c7a26ce32858372 |
| SHA1 | 77449d315339b35b5c2630c879aef769ffc659f0 |
| SHA256 | 2640fa5a340b67835e3998754801149b5916f093e5caf18321eab179d62456e2 |
| SHA512 | d2fe1f3f4f08329a004c126eaaa6c0a0ac703932b4b3b9a9325067f1f382aae922366074ab3c404dd882947215366179a9a195f4a3951e2e3872cc6706c5e324 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ca06c4ac38fe58e424f8b079109930e0 |
| SHA1 | 40df968d5902f28ec7ae184a347f85da0e3ca995 |
| SHA256 | 01040feb94c878314465543413d3544d56b1dd6d65ea2ee359a8752204f6ca7e |
| SHA512 | 69c95d1de99f658df7fae3c3db53a06704c565b2e0b1374b44d80d669df8a4e78229d9eaac7f9d61a9e88924a51fd80e45fba31ad5f5d16a2df345bcd687cc16 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 49f21145579b642658cf37ccca9f9d3d |
| SHA1 | ed43964d7ef052b34b08e70afdabf1e1e9a55d54 |
| SHA256 | 1dfd82ac5828a09679a4f96a2ab2fc74fccbfcecda5a53c4995fd41c328bb647 |
| SHA512 | 49bd64107bc946ef3b888cafac5fb940ae74a22ecee7e4c2e94f0ba60f23e3b143a4434638cb497684be978bc4866354d32028a34ba062597c76c50d3d884a26 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 06a8a8e8f4806c94f4e6c1b069d5e40a |
| SHA1 | bdf59b126451a7df372b50962a2e237f23c3024d |
| SHA256 | 4508539ca02ceac8f516b5a280be3387f3292192eba482edd080a896f478bcd6 |
| SHA512 | 058d047e89e14453e070ab69b73990b1af8a2828131e4129879e817c9b152c4c08d80c8443e23d99b3ef3b9989cb96e22ecc2b53636b7145eb0f215a11cf2f37 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 47acacaa2307ccedf981ce934fe615bd |
| SHA1 | c3e088379f810e17e00340db9c7eb180a629cb85 |
| SHA256 | d8c2182a98d7ba5d11ba4c3cbcfe81117350faf331cd14db5d0609e2badc4761 |
| SHA512 | 143edcc8b61b94d1f9a6a7e48fd086099bf06aa93df79706c36e5aa94c2f6521bc0e7b24ff379745d3295bad518f08505c5b08a8b68d5ea1b069326848b95776 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 11f0b9312eef23f0fd9601cdc2ed33d0 |
| SHA1 | f0c7b7871761895da7b20952408fd9cf763abf82 |
| SHA256 | ee0aa2501acd70953f9573c67d8b284aca6b67208dae00e4cb78c133dab40394 |
| SHA512 | 3feba02462d613adb2bb797fbd46cd2dff33349eaf349409031154e9df9e498726f8d411fdcbe5613d3eab961eeab001bad10d080a817c65996269e77ed58d19 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 37b36931fcf1945963044f58e7ca3499 |
| SHA1 | cab28c527a19e09d2274303678e4562ff7920a5a |
| SHA256 | d20792cf3a1249bc4f70eec46d7a2317e18e9ff6e8f87b1d9628968d84a6e72d |
| SHA512 | 335acb0d99fdc8912a48cd3ca84f647c7c5877f6b3c3311a22098bc4d8f5109a7e03369543276141273ea50553fe56fbb78f0e829e9a126c12b1f112da70917a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 43e41661d6e6443245c8d7139b527e29 |
| SHA1 | 724b7987818c582235f8568c6b8651c563915bd8 |
| SHA256 | 46cfcf84de66891c551ada852d83b85fafb6f1c9b8d31eeca1d8a1be3c7565a9 |
| SHA512 | 714d22c0a3a79453f83bb8c11c2e9f3f9911092c63cdefa9f420054b09d65306b594f20e1396f834c9fa9b51239a55c8eb7e70a137c962d7200e4bb1acf31658 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9a9eda1f1969b5302cbfa046240f9a7f |
| SHA1 | a2053e6e70f2645ec19789d93c870f8a62f729a7 |
| SHA256 | 45c6b0aea786e973371960a073f02920085564202767b4a540251d73b452d656 |
| SHA512 | 98c07d6a09aba2b10c430e546cfb57e43f2513499daad638358c8d843d727b0506f1be6b44df1cabba21660c67838a9f5f193288877572915f40924da9e3c57e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b6c5a9f0ad40d8472f62764b80329d3a |
| SHA1 | f2b07e30ccac70edffc01fa2f0458c914840e706 |
| SHA256 | 40cc0bd37b493de03d5d146e186bbcac0b99eadf7e7a530baddc132b79e3fba8 |
| SHA512 | f6685b425145f782f379a8419fa8c79aa190b4d3f9d66155af37215ad749d624224faffd29059d8d0e8fba7359a54021199c2460452849a610f4f397ac9b223d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6d7c2ac5cdec22b6c4a54316fd2088d1 |
| SHA1 | a9984ed03380cfcc69b9c61b383ff1122f72f4f2 |
| SHA256 | 0b639710812d447a2a4d72b10c6cb5b125622c0f3f9acca149c1313fd50e522b |
| SHA512 | e7f942846d37f2cfffe8d6a5f328d390daa218e047fe6f497082e18b2be09000549c351ae7881f0f76b823998dc0e6b3867c19371138f4f8b6bca1a4a163ff79 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0bdf062f63aff46d88c0b0b3134b31b8 |
| SHA1 | 141ffb54bd31d666a08eea4066bf18373766ad56 |
| SHA256 | 01a0c513bcab13f17424bfd341163e2307071abd000ef0b5492918fd2356285d |
| SHA512 | ce6a66d6d1514c52059fb5394cf4030b40eec2691ef4d2ead6ef971e20f4cc64d5c9ff827634c4a314e86db23300df2e11fa4045781d9c448d4009259c560e5e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0c3d0fcc31d256563e3d7f3697baad2b |
| SHA1 | 60e84c3379823b06b8487c3a9384ead0ecf116db |
| SHA256 | b5f042b4b20a769def8fb930fd640fd569b33843f26a3e683d89146fdd501ccf |
| SHA512 | fa257b25995679ca08121a769758dba98113457c207f9dcffa26a6b2d291073be0bc06fa5ea19f7c2239656732f371f483e606fbbcc984539adc06c06875253c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9796b2fbb333d00a7aa26e3c6d4fd136 |
| SHA1 | 03870e467e90cbbf49920c6073b53300fe687cf5 |
| SHA256 | e4525f9332adcb60cb656c1876afe58a99ae2b77a4ec0fd59d48a7bd3d4c9c00 |
| SHA512 | d744b3ee59af2665a622732b9e29720723beb3a8b90f3767c367b82c5c2c1e6b6a438093909bb9185a549f62bb00d6a6259321b28b0b89e8961285d3a8029957 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-02-29 03:37
Reported
2024-02-29 03:39
Platform
win10v2004-20240226-en
Max time kernel
136s
Max time network
139s
Command Line
Signatures
ASPack v2.12-2.42
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe | N/A |
Modifies system executable filetype association
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\Shell\JustZIPit\Command | C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shell\JustZIPit\ = "Just&ZIPit - Create a ZIP File" | C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\Shell\JustZIPit_Email | C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shell\JustZIPit | C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shell\JustZIPit\Command\ = "C:\\Users\\Admin\\Documents\\AvatarSoft\\JustZIPit\\JustZIPit.exe \"%1\"" | C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\Shell\JustZIPit | C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shell\JustZIPit_Email\ = "JustZIPit - then &Email" | C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\Shell | C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shell\JustZIPit\Command | C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shell\JustZIPit_Email\Command | C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\Shell\JustZIPit_Email\Command | C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shell\JustZIPit_Email | C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shell\JustZIPit_Email\Command\ = "C:\\Users\\Admin\\Documents\\AvatarSoft\\JustZIPit\\JustZIPit.exe \"-e\" \"%1\"" | C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe | N/A |
Enumerates physical storage devices
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Excel.CSV\shell\JustZIPit_Email\Command\ = "C:\\Users\\Admin\\Documents\\AvatarSoft\\JustZIPit\\JustZIPit.exe \"-e\" \"%1\"" | C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\VLC.mpg\shell\JustZIPit_Email\ = "JustZIPit - then &Email" | C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\wab_auto_file\shell\JustZIPit_Email | C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\shtmlfile\Shell\JustZIPit\Command\ = "C:\\Users\\Admin\\Documents\\AvatarSoft\\JustZIPit\\JustZIPit.exe \"%1\"" | C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Word.Document.8\Shell\JustZIPit\Command | C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Word.RTF.8\Shell\JustZIPit_Email\Command | C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Paint.Picture\shell\JustZIPit\Command | C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\VLC.wma\Shell\JustZIPit\Command | C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\VLC.wma\Shell\JustZIPit_Email\Command | C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\PowerPoint.Show.8\shell\JustZIPit_Email | C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\xmlfile\shell\JustZIPit_Email\ = "JustZIPit - then &Email" | C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Excel.Sheet.8\Shell\JustZIPit_Email\Command | C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\VLC.ogg\Shell\JustZIPit\Command | C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\.zip\ = "JustZIPit_Archive" | C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\PowerPoint.Show.8\Shell\JustZIPit\Command | C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Paint.Picture\shell\JustZIPit\ = "Just&ZIPit - Create a ZIP File" | C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Excel.CSV\Shell\JustZIPit_Email\Command | C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Excel.CSV\shell\JustZIPit_Email\ = "JustZIPit - then &Email" | C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\VLC.wma\shell\JustZIPit_Email\Command | C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Excel.Template.8\shell\JustZIPit\Command | C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\VBSFile\Shell | C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\TIFImage.Document\shell\JustZIPit_Email\ = "JustZIPit - then &Email" | C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Excel.Template.8\Shell | C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shell\JustZIPit_Email\ = "JustZIPit - then &Email" | C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\txtfile\Shell\JustZIPit\Command | C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Excel.Sheet.8\Shell\JustZIPit\Command | C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\exefile | C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\VLC.mpg\Shell\JustZIPit | C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\JustZIPit_Archive\ = "ZIP Archive File" | C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\htmlfile\shell\JustZIPit\ = "Just&ZIPit - Create a ZIP File" | C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CSSfile\Shell\JustZIPit | C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\aspfile | C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\hlpfile\shell\JustZIPit_Email\ = "JustZIPit - then &Email" | C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\VLC.mov\Shell\JustZIPit_Email\Command | C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\xmlfile\shell\JustZIPit_Email | C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\VLC.mp3\Shell | C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\VLC.mpeg\shell\JustZIPit\Command\ = "C:\\Users\\Admin\\Documents\\AvatarSoft\\JustZIPit\\JustZIPit.exe \"%1\"" | C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\VLC.mov\shell\JustZIPit_Email\Command\ = "C:\\Users\\Admin\\Documents\\AvatarSoft\\JustZIPit\\JustZIPit.exe \"-e\" \"%1\"" | C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Excel.SLK\Shell\JustZIPit_Email | C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Excel.Addin\shell\JustZIPit_Email\Command | C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shell\JustZIPit_Email\Command | C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\Shell\JustZIPit\Command | C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Paint.Picture\Shell\JustZIPit\Command | C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\VLC.wma\Shell\JustZIPit | C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Excel.Addin\shell\JustZIPit_Email\ = "JustZIPit - then &Email" | C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Microsoft Email Message\Shell\JustZIPit_Email | C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\giffile | C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\giffile\Shell | C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Word.Document.8\shell\JustZIPit\Command | C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Word.Document.8\Shell\JustZIPit_Email | C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\AcroExch.Document.DC\Shell\JustZIPit_Email\Command | C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\shtmlfile\Shell\JustZIPit\Command | C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Excel.CSV\Shell\JustZIPit_Email | C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\jpegfile\shell\JustZIPit\ = "Just&ZIPit - Create a ZIP File" | C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\JustZIPit_Archive\Shell\Open\Command\ = "C:\\Users\\Admin\\Documents\\AvatarSoft\\JustZIPit\\JustZIPit.exe \"%1\"" | C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\chm.file\Shell\JustZIPit | C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\wab_auto_file\Shell\JustZIPit | C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\txtfile\shell\JustZIPit\Command\ = "C:\\Users\\Admin\\Documents\\AvatarSoft\\JustZIPit\\JustZIPit.exe \"%1\"" | C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Word.RTF.8\shell\JustZIPit | C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Word.RTF.8\Shell\JustZIPit | C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Word.RTF.8\shell\JustZIPit\ = "Just&ZIPit - Create a ZIP File" | C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\PowerPoint.Show.8 | C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\aspfile\Shell\JustZIPit | C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\VLC.mov\shell\JustZIPit_Email | C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\ad967292a0b22c3289b6e7e58f45b439.exe
"C:\Users\Admin\AppData\Local\Temp\ad967292a0b22c3289b6e7e58f45b439.exe"
C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe
C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe -firstlaunch
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\JustZIPit\About.htm
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbf64146f8,0x7ffbf6414708,0x7ffbf6414718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2168,4629769309711929617,13954050560822664942,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2180 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2168,4629769309711929617,13954050560822664942,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2232 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,4629769309711929617,13954050560822664942,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3136 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,4629769309711929617,13954050560822664942,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3128 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2168,4629769309711929617,13954050560822664942,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2700 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2168,4629769309711929617,13954050560822664942,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5224 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2168,4629769309711929617,13954050560822664942,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5224 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,4629769309711929617,13954050560822664942,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4836 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,4629769309711929617,13954050560822664942,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4956 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,4629769309711929617,13954050560822664942,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3648 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,4629769309711929617,13954050560822664942,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5640 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2168,4629769309711929617,13954050560822664942,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4944 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 68.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.228.82.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 41.110.16.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | mesothelima.net | udp |
| US | 8.8.8.8:53 | 2.242.123.52.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.135.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.236.111.52.in-addr.arpa | udp |
Files
memory/4304-0-0x00000000023C0000-0x00000000023C1000-memory.dmp
C:\Users\Admin\Documents\AvatarSoft\JustZIPit\JustZIPit.exe
| MD5 | ad967292a0b22c3289b6e7e58f45b439 |
| SHA1 | 58777aed823b559adff0090a8595b5ce1d57fe1b |
| SHA256 | dd7a328ba2cc59cf699efe1a83f45fb9da3837e7cb49e23312d9396e9536cca0 |
| SHA512 | 8eba04c5fb6634ae7cff71b2757315e15930fdb9b43b1f48f2fba023969aaa28291c0dc4e4a0411367d4376dbaeb29660b2448f9e8c95ceb5eb1a5b18a8f711f |
memory/2628-5-0x00000000006D0000-0x00000000006D1000-memory.dmp
memory/4304-11-0x0000000000400000-0x00000000004F4000-memory.dmp
memory/2628-25-0x0000000000400000-0x00000000004F4000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 279e783b0129b64a8529800a88fbf1ee |
| SHA1 | 204c62ec8cef8467e5729cad52adae293178744f |
| SHA256 | 3619c3b82a8cbdce37bfd88b66d4fdfcd728a1112b05eb26998bea527d187932 |
| SHA512 | 32730d9124dd28c196bd4abcfd6a283a04553f3f6b050c057264bc883783d30d6602781137762e66e1f90847724d0e994bddf6e729de11a809f263f139023d3b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | cbec32729772aa6c576e97df4fef48f5 |
| SHA1 | 6ec173d5313f27ba1e46ad66c7bbe7c0a9767dba |
| SHA256 | d34331aa91a21e127bbe68f55c4c1898c429d9d43545c3253d317ffb105aa24e |
| SHA512 | 425b3638fed70da3bc16bba8b9878de528aca98669203f39473b931f487a614d3f66073b8c3d9bc2211e152b4bbdeceb2777001467954eec491f862912f3c7a0 |
\??\pipe\LOCAL\crashpad_2652_JGRNYFVYTFNLHGKK
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Temp\JustZIPit\About.htm
| MD5 | fc0f18afc6c2335569fdd3a3740fbadb |
| SHA1 | a6c8a0596ed082d4cc45200bc978c9b8996e7bc5 |
| SHA256 | ad20cba40c89a42bbf790909511f1abbe3fd0c447d2dfd2af765aedd301b5dc0 |
| SHA512 | f02a5931c1248b2e6c01a3d8593f65fd3fcb8d80134652025e125f26150df59da39e6ae33eafc54f92b499742200a6cbc6684efb61c214e27fbbf23411d1bd1a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 9f7e7a70d1a39e024cbb94d8f33568c7 |
| SHA1 | fad06d87f45ed5ae50af6aaf31399c75e5573026 |
| SHA256 | 37529c63578c74e0c8b712683dcea3946d7ee76082e39f8ab41ecd58951c68ec |
| SHA512 | f926d5db82493171b879e8f6b52811d4fd591e81b763a72d241b6665eefe1530dea772bba60fb995d0622eb861f1749ed939abcc22d7eb78f4d12be2b4616858 |
C:\Users\Admin\AppData\Local\Temp\JustZIPit\sshot_sm.gif
| MD5 | 6db37e80fd1d38af357cfce03445d400 |
| SHA1 | 5fa994f46f6e10c9370dca598da11e473ce4a59c |
| SHA256 | f21ad1de66ebb5d0156627ca58a1a1923a8c19ae708e594049930c4d76a927e3 |
| SHA512 | c0fe5b1d1fbeb7c292521e7df1fd9c364b58a15f23dae18cb63f0ca7187a97426de7db65f59647d4dc886d9c6ea0dc875c218babfd71f04a6304bb70fe0071de |
C:\Users\Admin\AppData\Local\Temp\JustZIPit\company_logo.gif
| MD5 | 10c0cdffd5977ee7aaf2b59690ff1164 |
| SHA1 | fb349dbcf7e8abaad7fcb1086fced8d37d87aab7 |
| SHA256 | 2be078a93a03130e600836c4e822197631553d16817b6815d925a0c63ca2d1c9 |
| SHA512 | 53862bd8291b6c3a2dea08d81086cba9d0ee5578438e3d7a47fa5d181369c22ea206c13e2a23b065dc2889d32c0136f81c0dc009eec9c4a8ba69bedd0a41548f |
C:\Users\Admin\AppData\Local\Temp\JustZIPit\QuickCalc_banner.gif
| MD5 | 90c2a262d7916d53021b7019ec8007c0 |
| SHA1 | 0557973f4638e501e8688435ea6f0ec501ecf758 |
| SHA256 | 7d647877d9cd7e320870b34153a24697e0bdb67d07720c6b40e728f5baf4b3bd |
| SHA512 | 7b2de1f75cdca5091263bc28aa3f1c3be5aa3f2433c020d3453168fd25d125ab268e9dd0359ff44b15c7b980c0e4ea29d329926f137c8941dd76179099d30b1d |
C:\Users\Admin\AppData\Local\Temp\JustZIPit\Back2zip_125x125_02.gif
| MD5 | cf8a857e38a8ffa9bf7fe8959523f55b |
| SHA1 | fbbdee84b0750a5be4c061a92554cebc18e660f2 |
| SHA256 | 4391bed496095d4e87c6df4ab4df2f81f15c615b7528acc37de9c5f89ccab905 |
| SHA512 | 2706c368fb6adef8c6a20fcfab2bc8a40b32b6b8e424215ffd1c78b8e3dba7588f1ff433c8356009772987142acccb285c752a080a03a8cbe0843c2508358d48 |
C:\Users\Admin\AppData\Local\Temp\JustZIPit\demo.gif
| MD5 | 032d5341f1e64fd77fc07a494a4b3f30 |
| SHA1 | fec1a601a5d3ae1c98d04ae912231dc8ac977e52 |
| SHA256 | 7d1b63b7f777b294a12ed621b81fde0182816e7252657d0369ee9fc2cf811051 |
| SHA512 | 5dbbef35e7332abca1aeb391cf82e84a3a97e77c575d22052df535f99378d712f38d76e8db292f2e8c0f9ed508dda74c0df4486ab27172d6558b99020dff86b7 |
C:\Users\Admin\AppData\Local\Temp\JustZIPit\AckerPack_box.gif
| MD5 | 93d863301cc193fa02c826bb0a1842b6 |
| SHA1 | a4bfa710fea863ae8ccc77718b7c0dc480f2d63e |
| SHA256 | 6360caca4b97f4ee4b8618b22da6f801d9bc676d5fe4c08f381dd9325b0b21ca |
| SHA512 | 558283635116d4b5b3bbd1210179af001b9d0bf9e8c17dc523e38cfa000149142768cb5b0dacf36f15bceaa954ae0b1039b8618cc27f33b443985b9b20e8057c |
C:\Users\Admin\Desktop\JustZIPit.lnk
| MD5 | 62a92c90885826cdb7d2a7d13f504a9e |
| SHA1 | b56de818e7bda9be511a65b2631476bde8cb1ec3 |
| SHA256 | 0a65766f2e0932115eebccd94398fc3b5c24baca30a58c9b763087332c192281 |
| SHA512 | bb24c4f2494ada5b460f4f4e7703063d486f17cf1f6bad3c8ff05dfff6fce2f030832b85981f9f5aa2eea5539f7b9cee3b39206137a69ed0732ef5ee95032af2 |
C:\Users\Admin\Desktop\CoolTools.lnk
| MD5 | a0f8d45d6de0e235b1ccf07e0fce6ca6 |
| SHA1 | df979436fee508e359868ae69cf0df34d310caf3 |
| SHA256 | 96394974d5f88c4e018f3a275fafba6bab133860e1c000d3a748f196dd86fa27 |
| SHA512 | 1392024214ee832d960e581d0ff26e7a25ad78eec2f4ba643f5ccd77e0cacb337b1f49e7f2920e33995d9cd8745ffa133a9cab0c3dfbdd48cc1fd0b0f4b7c826 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 09226e77570fc2f59b91ebcb42418a8d |
| SHA1 | 4f80251c0372e873617334e2e8dff70a146e10c4 |
| SHA256 | 2d317ef69fc60643e6e8b27a26c7bb225dc0b99a7c65c8b1a98550ed5ad50895 |
| SHA512 | 6cd21c8e6af4eb98c759f0d782ede6bdef8d85f51f1245684d7adf1000a7154eff989778b90717bbf53cee6a6030dcf2607d881ac760670cf23ea17fb751c61b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 2a81b130195ba60cba7d88f5871b6647 |
| SHA1 | d32a898658fba35cd5e8f78f02d752160f68aaf5 |
| SHA256 | 6d546cfa33e9b09f63be8500e9c470f28994d817fcba63ebdfec8a2d31e9b9a4 |
| SHA512 | be95665d64e36b29243483510393d79c0a94f738de2f8bd5852fc9fefd62af0b7dfd059dba4cc244653d98cf2a93aa1eb2b61d27840aba1fca7e7f60323f0e07 |