Analysis Overview
SHA256
659dc79f8a18c659e6388d43f961532d496de9a26b5ee4d350e40f8454720db3
Threat Level: Shows suspicious behavior
The file 01efee1f8ba0f9c17dfb746326ab908c_JaffaCakes118 was found to be: Shows suspicious behavior.
Malicious Activity Summary
Adds Run key to start application
Installs/modifies Browser Helper Object
Unsigned PE
Modifies Internet Explorer settings
Modifies registry class
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-22 11:33
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-22 11:33
Reported
2024-06-22 11:36
Platform
win7-20240508-en
Max time kernel
133s
Max time network
126s
Command Line
Signatures
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\uunljwsbedcre = "C:\\Windows\\System32\\regsvr32.exe /s \"C:\\Users\\Admin\\AppData\\Local\\Temp\\01efee1f8ba0f9c17dfb746326ab908c_JaffaCakes118.dll\"" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
Installs/modifies Browser Helper Object
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BA3B5597-400B-222F-0467-B9161530FC97} | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{BA3B5597-400B-222F-0467-B9161530FC97}\NoExplorer = "1" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "425217885" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{44C97ED1-308B-11EF-B2FB-7678A7DAE141} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\MINIE | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 2039b31998c4da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bd2a7708e9798e4fa0b20f3efd8e9361000000000200000000001066000000010000200000008d5d4fd09dcc7b1ca3a066a39501c823f4284c18642ec9f00866aea84e1f7385000000000e8000000002000020000000b8a072179a33b59d347fb268eead074def34b45b23280dd7241feff60b6363b82000000036c45a9df1027bb4c5d05c191b40df57295bedec53e605af1fe4f1116e41fca640000000e859f3a3ce0cfd7eba6bd84262c4c2a9146da85ae05897a34c3edf821edbddc581da1d4dd53876054d4ba7dc97f1d4c852316b9ccc3f98c8f8f3b382007a70d4 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bd2a7708e9798e4fa0b20f3efd8e936100000000020000000000106600000001000020000000c2d2217325a0a3250677f74877e1e5cd626c2e3482c99131893db577a92a1e27000000000e8000000002000020000000c7070bfe7ceb826e4eb3bb41c8cfa78f0a333770cc735eb2e4f105dcc417b62f900000000315447d5af6a45722ef1d7ce3243dfc94d26a935db8d88e2b73ed320fe5537f8fc6435f53ac0be312b23ef818ef784d5887279403380c44bc25d9649374611c8188bc17eca29bcd3780ccd21cc521a3cee228d510a30954d1822e942e16b1751e3ecaf2b3b5a16e3fd709a413a123ff05d9aa44dd5388167dd80b7aef0f102ca6e4eb9b3f74e8deb037433bb97e626d40000000542c654530125fce9ebfd0efade2fead2c30d7cbabdc2ed57d08ff20a7a014f0734c2124c11734e241937e61925005f1b7655d65ce614f83f499e75f302c9819 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{BA3B5597-400B-222F-0467-B9161530FC97} | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{BA3B5597-400B-222F-0467-B9161530FC97}\ = "blueskyadagency browser enhancer" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{BA3B5597-400B-222F-0467-B9161530FC97}\InProcServer32 | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{BA3B5597-400B-222F-0467-B9161530FC97}\InProcServer32\ThreadingModel = "Apartment" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{BA3B5597-400B-222F-0467-B9161530FC97}\InProcServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\01efee1f8ba0f9c17dfb746326ab908c_JaffaCakes118.dll" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\01efee1f8ba0f9c17dfb746326ab908c_JaffaCakes118.dll
C:\Windows\SysWOW64\regsvr32.exe
/s C:\Users\Admin\AppData\Local\Temp\01efee1f8ba0f9c17dfb746326ab908c_JaffaCakes118.dll
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2464 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | blueskyadagency.com | udp |
| US | 15.197.148.33:80 | blueskyadagency.com | tcp |
| US | 15.197.148.33:80 | blueskyadagency.com | tcp |
| US | 15.197.148.33:80 | blueskyadagency.com | tcp |
| US | 15.197.148.33:80 | blueskyadagency.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
memory/2400-0-0x0000000000150000-0x0000000000152000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Cab3D11.tmp
| MD5 | 29f65ba8e88c063813cc50a4ea544e93 |
| SHA1 | 05a7040d5c127e68c25d81cc51271ffb8bef3568 |
| SHA256 | 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184 |
| SHA512 | e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa |
C:\Users\Admin\AppData\Local\Temp\Cab3D73.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar3D87.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1442350195397f8cd8f86d9607bcc502 |
| SHA1 | 225fb6edd79770ed553eb7357ef3ffa33537cdbf |
| SHA256 | 6692e6dc4bd135511dac78aed11bda4b37459996f112616c555ded69f8a9d652 |
| SHA512 | 2b9d01043e13d4a631e1f41e1afd3fcc4657a4fe720cf18b44579105832bf4dcb77b9ae3481056b29f24cb49d92a542cd940cbbb4c144921ff9bf391fd525496 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7fe07ab0e54a57ee71c7eac97341a0d8 |
| SHA1 | facfe688689d7b527d16ae36d0690fb2c15ed171 |
| SHA256 | 9adfe14239a87f2f2a827f185e2ed8f43486f47b0c2b9cf583959baa375d4d04 |
| SHA512 | c1e78df64057ae3a9cab124c352dcd61491b39fad4436a2db2477cae2f017cf45598085b1a773d72d0f0ba3f0a109749176424c07838f091e179d3b857d41b83 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 16e47fe4d668c77f07cd489f970f596e |
| SHA1 | 392bdea96b99a37e9c69624843e666ed16b337fa |
| SHA256 | 59fc55f22f05a45739c24c545334b981f1f95f58323fff382c70ee783c7e59d7 |
| SHA512 | e217689ecb86f1c8f640f37cc016088f0af54180d9f18256ebf650d8ec280ff9cbb35a63d28e5057413cf96b58807e4e0de22ee9e567917e24790838bfdef2a6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7d7db494e13a0933941cf13909c2e970 |
| SHA1 | 3fa6c58bf80bfa4294fe1448592dcae9bdd41f1e |
| SHA256 | 9dfdecfa0c2397f846d1d3dafc9926d5cef1a9382f3d6de9594aa525d11b2c3d |
| SHA512 | 29e69fa8f635fc0fae412456856f1c899e2e7a4af3589941bfca228e496e093c2574b50792781bbba3dec601c4dc1d7788afb9b0ddfcb05ad060ece4d94a808e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e3686e4ac8690bc09190824abf33cd86 |
| SHA1 | 01fcdae921a881032ec9b3837f12d80844b0da18 |
| SHA256 | 538526164e8797f51b3d60c81bfc7a89861ea86f1dcbfa3d62e3e1c8c143beb6 |
| SHA512 | 14f969b6ee5077f682ab3f6f01cc459374969ca4199d601d5168719251dc5488a1e12ade4b96a025205f2f1fe2314f73018748fb0a2f91b57af6dd32c85377c9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 93422a3f4190ae7dc8f401d89ca3117c |
| SHA1 | bc7e8eba1ea5b099fe50c995f2c0914de9293913 |
| SHA256 | e4dea4eade72e8687fea35191de75d854dec4a6ae65fe740fd6e02a96945801d |
| SHA512 | 95f606fd5f5c53ee58517549daf7ff3fa88cdacfeca9f41afdc6157c4f36ca06697eeffa42fbb46e00ea107661bd66c388e547a1cc3835c25f41a99e24db2b74 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2b0826a7582932f41a73bd58eb70b011 |
| SHA1 | dc638c692e156f1a101053ffc355712d53547e4f |
| SHA256 | 0c0bc4d4104908f71dc842290bf74ac9d7755bd7c4d0eb83b87b024d22443a0a |
| SHA512 | 62a4a062e64ff808bd7ba6594815859b1b39265c35e6200d7056ab8d4c27cb68feca03e8a9a0999ce92448e84e6c2ca9356b00318d591fe9e76069ee76d56a05 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f1dc6e5a3ed5fcd7d83bb740602382c8 |
| SHA1 | b86000bb5411022f9e28cb73cb87fb0999924d87 |
| SHA256 | 4457b4b06280a10e5ace0d4fce4825a1e77755ed8692591d8566357bc9aeba8e |
| SHA512 | 6e4447cb1ff2592984b7be509a3deb5c9b74a3deffaa6faf91ff1392561134f86182b9d7f6bbe29fa4d48d6523d56b369bd2f0b703dad2b37be2d3ee9fe5accb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8cdd11beefa23312f236474f329d0da5 |
| SHA1 | 5586c80db5140148e1533ca8d4af38a314a3a3ef |
| SHA256 | dd0fa6df38bee5359d146c36495e64871d4c900a4af763b23b735196da545252 |
| SHA512 | 34c52d711ebb8a25c9fff2b557c3c97353a9ece6ed381f1cf628bbee32957806f8828d2399c0b38ecff76a947d5a565c8583ac9d866c6190ba31f7aa413d8be4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7148b1f106dec3be897a7a112096ed99 |
| SHA1 | 4f1837c39ef80fb5251cecee41c1666b4e199c8d |
| SHA256 | 74f004c2291e545f229d7f062d071d02aec5ae7714dbd0eeb275aa08271e90dd |
| SHA512 | e6f0f0f408141b65e585ab079ca86984e99f38f32b66cc5a8c2f9d360c2f1da16ef822eda454288f27c0eb66b296c14bb7b50e0ce3dcab66a162a366d026eb2f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4b9a14325569e6cd6ef533d89a97f33c |
| SHA1 | b0dcb00b6bb3dcf59264c4cf14c00d665ef01830 |
| SHA256 | 3fb580e3d99311fcde01a5cb73645d036fe6cdf9c8e69f2bab802c3b69c80c17 |
| SHA512 | 671baec66c332ce490619d97a843f858dc7d662cd7c8b2aa62a7b20bdc05ade675d1528064a9cf298b2976fa259f1dbbaa3c1400f8646b290b2d4e937c0c1b67 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 20a4b20d31d00633d3840fd08fb9b85d |
| SHA1 | 64c6c8d2150d08c2a94df6f237f43a41e468303f |
| SHA256 | 4679ca4a52a6ffa331fc18654b6c29573d001c9021d946d774eadb6d245a467e |
| SHA512 | a369712ac01d315483cde043410d942c179ecedbb4c93f538a5d2e8f9342969aa4fca9fde6b9fa570a6c4e7757cd82c11b8b5f845d8b7319b730256522c885a4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 75e42ee7fcf2680e14eb71b8e538c1c5 |
| SHA1 | 69fe3bffbce87e93b1ca6acff98374bbea8ea639 |
| SHA256 | 6e4561972127ea85793b040848113fe6041ecf44c8d38df4df3c54057872abac |
| SHA512 | 408e60cf46be9ccaf3de1fb897890636d64d2df3f1ad43e8181c0780b1ec998444ad22984790e10643c89e869f5487f87dc4ca3d6f85a465849f1549bc8fd531 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 47ec7a64e95934dbd56fa75428b9b05b |
| SHA1 | 0c7f0315f011b29087c68ff1efc14c718ee50e7f |
| SHA256 | 0f7813b440d78e43413cae58dd9e626556ab2769914374eb723153cda0d016d0 |
| SHA512 | 8512f28c35c4a2fd35f6fc974f506116d02f9dc55821f3402f4f67fa279c0a885108b2e42b5208282d2a2d4a2d01089ea0a9c870a3faa6962418fe61484ca1d5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b6850840328693c5fad9412fa0c5630e |
| SHA1 | a65eae31f8ad1e7c8cefb1e4bb6b23992cd607cb |
| SHA256 | c09a8e2de7d4cbcfd0e1cc4eec9e6092874f040556f75295d2ba4b6214404740 |
| SHA512 | 9ccd90cf147d389d080b874e353c353978abe0442aa7c5c3c835c1bbc8a4aac9903f071a57aa72c53f1411b63d0be9c61e9c6a981cbd28525fb5cea23a0362bc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 63d91c0b0f5d240e62fd878c8ed5ed44 |
| SHA1 | cfd31f6cbac12939eaed60f29e759496a185c79f |
| SHA256 | 8cf5f819d80dd8fe12f446174d12a25455a10eb7d013b5febdfc4057c0e37d81 |
| SHA512 | 00fc4fe44add57566bf43fd33acb1c4eb8305d3a966ab40bd5699103f2278cb732d0d67c2860d05e1d50d43d0fbc87199b9213987d065a85c5089b7ba8721578 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fc74ba4728075d9e4ba1c021bbe291de |
| SHA1 | 8cc31dba1b152bde91659385083b848536507dd0 |
| SHA256 | 0db7be22403f490311b9c55002c37c244cfca1ec39fb4d0e7d4e6b4d25aad93b |
| SHA512 | 42e09b41a79f6d435a505537da35410fc40d99a5bd30745cd681de6f948e36623f55c7dc3f0b167748846a8f970d3af7f0b4555a162876796961cad065939d1c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e140768f7e94c1707329c746f9d9c016 |
| SHA1 | d2d5b6e3501b981f68afa65f8e6a6ee55434cfcf |
| SHA256 | ea857406012f03f724237078215f616ca5ac64cc1a16490ca822d1764d0c5aae |
| SHA512 | fceba2aa7ec8355ffaa8f6b82a6d24b451b5acf644d8bc8079edba5e902cb7f99c32d46866e6a66c821b22c53771c836035f428ea07c829467abba77111d5267 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2be782b858318602b020b5794f8bd6d3 |
| SHA1 | a2abae98d15d08e75c583538eac577d70601b15d |
| SHA256 | 489441f74e24593f0834494b1a507a0ef1d151068ca6fee35ce36dfb8a26a03b |
| SHA512 | 9cc5f11e2f85ba3cc8b9015aed57b1103259ab905b5766892d5c7321a8c33d7596a4957be8695a746d7fa03e8e1c8dc357ca792f897ac20f4736d727e4b6ea56 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-22 11:33
Reported
2024-06-22 11:36
Platform
win10v2004-20240611-en
Max time kernel
140s
Max time network
127s
Command Line
Signatures
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\ysqvmnorbmsqnvyhk = "C:\\Windows\\System32\\regsvr32.exe /s \"C:\\Users\\Admin\\AppData\\Local\\Temp\\01efee1f8ba0f9c17dfb746326ab908c_JaffaCakes118.dll\"" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
Installs/modifies Browser Helper Object
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{348D6598-B307-309E-5E66-492EBEEA1751} | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{348D6598-B307-309E-5E66-492EBEEA1751}\NoExplorer = "1" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "431916052" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = a026f91a98c4da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000\Software\Microsoft\Internet Explorer\MINIE | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{45575B6D-308B-11EF-90FA-CACDD8B22A4F} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31114392" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000aa9cad4c9673b74c9a378d3b281cdc37000000000200000000001066000000010000200000005a6097e506fc7efca3a1a69a5a67989344abf1091da8bd657fc69e9c0a5d233d000000000e8000000002000020000000ebe4f451d750775b33107ed4713c762fbe4091d533f2c378e78395235716f7b620000000c6ae69b5f786f75fec10c9c47e2c1f88f4942ff2b621bce3fa94cc92e708024a4000000041da1c0b66d916ae0f64275ddf23cb39ef852b807e6213a1cd3e65d327e5be9eee4f6a2fa10112a0bc4b9e6295600452592484f89e4549f984d6a16692609ecd | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000\SOFTWARE\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.19041.546\"hypervisor=\"No Hypervisor (No SLAT)\"" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31114392" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000aa9cad4c9673b74c9a378d3b281cdc370000000002000000000010660000000100002000000083f33465da05318d47375101ce6631d1af66a3e1876e1f1957edcd1e6d22e633000000000e8000000002000020000000cd5d51e924d5376b879845f2c5a8140a205fe6f91efc98ddf0f8b2cc62793fc12000000017eb348c71d6a8f67898c87618d33585a99982ef9f9f14da3cbde31692a291814000000067bdd5b6cae82e5404c573411a1ab4106e5839bc5cc2bf2e36f9bddb3f044626b417c90ec2923a3b714f81f08ff7974299ba5590b2e7ac00ee8fb4eed005a7e1 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 9052001b98c4da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000\Software\Microsoft\Internet Explorer\VersionManager | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "431916052" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "434259791" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31114392" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "425820994" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000\SOFTWARE\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000\Software\Microsoft\Internet Explorer\VersionManager | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{348D6598-B307-309E-5E66-492EBEEA1751} | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{348D6598-B307-309E-5E66-492EBEEA1751}\ = "blueskyadagency browser enhancer" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{348D6598-B307-309E-5E66-492EBEEA1751}\InProcServer32 | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{348D6598-B307-309E-5E66-492EBEEA1751}\InProcServer32\ThreadingModel = "Apartment" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{348D6598-B307-309E-5E66-492EBEEA1751}\InProcServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\01efee1f8ba0f9c17dfb746326ab908c_JaffaCakes118.dll" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 4648 wrote to memory of 4680 | N/A | C:\Windows\system32\regsvr32.exe | C:\Windows\SysWOW64\regsvr32.exe |
| PID 4648 wrote to memory of 4680 | N/A | C:\Windows\system32\regsvr32.exe | C:\Windows\SysWOW64\regsvr32.exe |
| PID 4648 wrote to memory of 4680 | N/A | C:\Windows\system32\regsvr32.exe | C:\Windows\SysWOW64\regsvr32.exe |
| PID 4300 wrote to memory of 2784 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 4300 wrote to memory of 2784 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 4300 wrote to memory of 2784 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\01efee1f8ba0f9c17dfb746326ab908c_JaffaCakes118.dll
C:\Windows\SysWOW64\regsvr32.exe
/s C:\Users\Admin\AppData\Local\Temp\01efee1f8ba0f9c17dfb746326ab908c_JaffaCakes118.dll
C:\Program Files (x86)\Internet Explorer\ielowutil.exe
"C:\Program Files (x86)\Internet Explorer\ielowutil.exe" -CLSID:{0002DF01-0000-0000-C000-000000000046} -Embedding
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4300 CREDAT:17410 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=1416,i,15316930299780304231,7592852768794498680,262144 --variations-seed-version --mojo-platform-channel-handle=4500 /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | blueskyadagency.com | udp |
| US | 15.197.148.33:80 | blueskyadagency.com | tcp |
| US | 15.197.148.33:80 | blueskyadagency.com | tcp |
| US | 15.197.148.33:80 | blueskyadagency.com | tcp |
| US | 15.197.148.33:80 | blueskyadagency.com | tcp |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| US | 15.197.148.33:80 | blueskyadagency.com | tcp |
| US | 15.197.148.33:80 | blueskyadagency.com | tcp |
| US | 15.197.148.33:80 | blueskyadagency.com | tcp |
| US | 15.197.148.33:80 | blueskyadagency.com | tcp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 33.148.197.15.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 75.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 149.220.183.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 161.19.199.152.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 134.71.91.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 57.169.31.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 10.27.171.150.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\FUP7PRY6\suggestions[1].en-US
| MD5 | 5a34cb996293fde2cb7a4ac89587393a |
| SHA1 | 3c96c993500690d1a77873cd62bc639b3a10653f |
| SHA256 | c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad |
| SHA512 | e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee |