| Name | IP | Country | ASN | ASN Name | Trigger Process Type |
|---|---|---|---|---|---|
| 8.8.4.4 | United States | 15169 | Level 3 Parent, LLC | Malware Process | |
| 104.16.241.184 | United States | 13335 | Cloudflare, Inc. | Malware Process | |
| 162.125.6.3 | United States | 19679 | Dropbox, Inc. | Malware Process | |
| 184.26.44.105 | United States | 20940 | Akamai Technologies, Inc. | OS Process | |
| 23.67.250.123 | United States | 20940 | Akamai Technologies, Inc. | OS Process | |
| 54.192.39.119 | United States | 16509 | Amazon Technologies Inc. | Malware Process | |
| 162.125.7.3 | 19679 | Dropbox, Inc. | Malware Process | ||
| 66.225.197.197 | 30081 | Server Central Network | Malware Process | ||
| 54.192.39.240 | 16509 | Amazon Technologies Inc. | Malware Process | ||
| 72.21.91.29 | 15133 | MCI Communications Services, Inc. d/b/a Verizon Business | Malware Process | ||
| 184.26.44.97 | 20940 | Akamai Technologies, Inc. | OS Process | ||
| 72.21.91.29 | 15133 | MCI Communications Services, Inc. d/b/a Verizon Business | Malware Process | ||
| 72.21.91.29 | 15133 | MCI Communications Services, Inc. d/b/a Verizon Business | Malware Process | ||
| 23.194.112.8 | 20940 | Akamai Technologies, Inc. | OS Process | ||
| 104.31.75.124 | 13335 | Cloudflare, Inc. | Malware Process |
| Host | Port | Method | Version | User Agent | Count | Call Time During Execution(Sec) |
|---|---|---|---|---|---|---|
| ctldl.windowsupdate.com | 80 | GET | 1.1 | Microsoft-CryptoAPI/6.1 | 1 | 41.762748003 |
|
Path: /msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?d3c5adb2a4c4b8fa URI: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?d3c5adb2a4c4b8fa |
||||||
| ocsp.digicert.com | 80 | GET | 1.1 | Microsoft-CryptoAPI/6.1 | 1 | 74.6563780308 |
|
Path: /MFEwTzBNMEswSTAJBgUrDgMCGgUABBT3xL4LQLXDRDM9P665TW442vrsUQQUReuir%2FSSy4IxLVGLp6chnfNtyA8CEA%2BoSQYV1wCgviF2%2FcXsbb0%3D URI: http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT3xL4LQLXDRDM9P665TW442vrsUQQUReuir%2FSSy4IxLVGLp6chnfNtyA8CEA%2BoSQYV1wCgviF2%2FcXsbb0%3D |
||||||
| crl3.digicert.com | 80 | GET | 1.1 | Microsoft-CryptoAPI/6.1 | 1 | 78.06782794 |
|
Path: /DigiCertAssuredIDRootCA.crl URI: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl |
||||||
| crl4.digicert.com | 80 | GET | 1.1 | Microsoft-CryptoAPI/6.1 | 1 | 82.6069250107 |
|
Path: /DigiCertAssuredIDRootCA.crl URI: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl |
||||||
| ocsp.digicert.com | 80 | GET | 1.1 | Microsoft-CryptoAPI/6.1 | 1 | 84.2369959354 |
|
Path: /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSYagvY3tfizDNoybzVSPFZmSEm0wQUe2jOKarAF75JeuHlP9an90WPNTICEAjFm8I8U0vytRT358KGA6Y%3D URI: http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSYagvY3tfizDNoybzVSPFZmSEm0wQUe2jOKarAF75JeuHlP9an90WPNTICEAjFm8I8U0vytRT358KGA6Y%3D |
||||||
| crl3.digicert.com | 80 | GET | 1.1 | Microsoft-CryptoAPI/6.1 | 1 | 85.205024004 |
|
Path: /assured-cs-g1.crl URI: http://crl3.digicert.com/assured-cs-g1.crl |
||||||
| crl4.digicert.com | 80 | GET | 1.1 | Microsoft-CryptoAPI/6.1 | 1 | 85.6748631001 |
|
Path: /assured-cs-g1.crl URI: http://crl4.digicert.com/assured-cs-g1.crl |
||||||
| ocsp.digicert.com | 80 | GET | 1.1 | Microsoft-CryptoAPI/6.1 | 1 | 86.8451731205 |
|
Path: /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSnR4FoxLLkI7vkvsUIFlZt%2BlGH3gQUWsS5eyoKo6XqcQPAYPkt9mV1DlgCEAXibxWoiKXlI0cyDYA8j6k%3D URI: http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSnR4FoxLLkI7vkvsUIFlZt%2BlGH3gQUWsS5eyoKo6XqcQPAYPkt9mV1DlgCEAXibxWoiKXlI0cyDYA8j6k%3D |
||||||
| cacerts.digicert.com | 80 | GET | 1.1 | Microsoft-CryptoAPI/6.1 | 2 | 101.688365936 |
|
Path: /DigiCertSHA2HighAssuranceServerCA.crt URI: http://cacerts.digicert.com/DigiCertSHA2HighAssuranceServerCA.crt |
||||||
| ocsp.digicert.com | 80 | GET | 1.1 | Microsoft-CryptoAPI/6.1 | 2 | 107.716504097 |
|
Path: /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEATh56TcXPLzbcArQrhdFZ8%3D URI: http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEATh56TcXPLzbcArQrhdFZ8%3D |
||||||
| ocsp.digicert.com | 80 | GET | 1.1 | Microsoft-CryptoAPI/6.1 | 2 | 113.720342159 |
|
Path: /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTPJvUY%2Bsl%2Bj4yzQuAcL2oQno5fCgQUUWj%2FkK8CB3U8zNllZGKiErhZcjsCEAP4cVEQS8cwnZzLED4tzxA%3D URI: http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTPJvUY%2Bsl%2Bj4yzQuAcL2oQno5fCgQUUWj%2FkK8CB3U8zNllZGKiErhZcjsCEAP4cVEQS8cwnZzLED4tzxA%3D |
||||||
| crl.microsoft.com | 80 | GET | 1.1 | Microsoft-CryptoAPI/6.1 | 1 | 122.975301981 |
|
Path: /pki/crl/products/tspca.crl URI: http://crl.microsoft.com/pki/crl/products/tspca.crl |
||||||
| crl.microsoft.com | 80 | GET | 1.1 | Microsoft-CryptoAPI/6.1 | 1 | 129.09206605 |
|
Path: /pki/crl/products/CodeSignPCA2.crl URI: http://crl.microsoft.com/pki/crl/products/CodeSignPCA2.crl |
||||||
| crl.microsoft.com | 80 | GET | 1.1 | Microsoft-CryptoAPI/6.1 | 1 | 135.626918077 |
|
Path: /pki/crl/products/WinPCA.crl URI: http://crl.microsoft.com/pki/crl/products/WinPCA.crl |
||||||
| crl.globalsign.net | 80 | GET | 1.1 | Microsoft-CryptoAPI/6.1 | 1 | 142.423764944 |
|
Path: /primobject.crl URI: http://crl.globalsign.net/primobject.crl |
||||||
| Request | Type |
|---|---|
| ctldl.windowsupdate.com | A |
|
Answers - ctldl.windowsupdate.nsatc.net (CNAME) - 184.26.44.105 (A) - a1621.g.akamai.net (CNAME) - 184.26.44.97 (A) - ctldl.windowsupdate.com.edgesuite.net (CNAME) |
|
| ocsp.digicert.com | A |
|
Answers - cs9.wac.phicdn.net (CNAME) - 72.21.91.29 (A) |
|
| crl3.digicert.com | A |
| crl4.digicert.com | A |
|
Answers - digicert.cachefly.net (CNAME) - 66.225.197.197 (A) - rvip1.ue.cachefly.net (CNAME) |
|
| client.dropbox.com | A |
|
Answers - client.dropbox-dns.com (CNAME) - 162.125.6.3 (A) |
|
| cacerts.digicert.com | A |
|
Answers - 104.16.239.184 (A) - 104.16.238.184 (A) - cdn.digicertcdn.com (CNAME) - 104.16.240.184 (A) - 104.16.241.184 (A) - 104.16.237.184 (A) |
|
| crl.microsoft.com | A |
|
Answers - 23.67.250.115 (A) - 23.67.250.123 (A) - crl.www.ms.akadns.net (CNAME) - a1363.dscg.akamai.net (CNAME) |
|
| clientupdates.dropboxstatic.com | A |
|
Answers - 54.192.39.66 (A) - 54.192.39.158 (A) - 54.192.39.119 (A) - 54.192.39.240 (A) |
|
| crl.globalsign.net | A |
|
Answers - 104.31.75.124 (A) - global.prd.cdn.globalsign.com (CNAME) - cdn.globalsigncdn.com.cdn.cloudflare.net (CNAME) - 104.31.74.124 (A) |
|
| Call Time During Execution(sec) | Source IP | Dest IP | Dest Port |
|---|---|---|---|
| 41.762748003 | Sandbox | 184.26.44.105 | 80 |
| 74.6563780308 | Sandbox | 72.21.91.29 | 80 |
| 78.06782794 | Sandbox | 72.21.91.29 | 80 |
| 82.6069250107 | Sandbox | 66.225.197.197 | 80 |
| 94.5191731453 | Sandbox | 162.125.6.3 | 443 |
| 101.688365936 | Sandbox | 104.16.241.184 | 80 |
| 101.688562155 | Sandbox | 104.16.241.184 | 80 |
| 107.716504097 | Sandbox | 72.21.91.29 | 80 |
| 108.139616966 | Sandbox | 72.21.91.29 | 80 |
| 122.975301981 | Sandbox | 23.67.250.123 | 80 |
| 125.117679119 | Sandbox | 54.192.39.119 | 443 |
| 142.423764944 | Sandbox | 104.31.75.124 | 80 |
| 174.253252029 | Sandbox | 192.168.56.10 | 49274 |
| Call Time During Execution(sec) | Source IP | Dest IP | Dest Port |
|---|---|---|---|
| 3.14694404602 | Sandbox | 192.168.56.255 | 137 |
| 3.16498112679 | Sandbox | 224.0.0.252 | 5355 |
| 3.36075806618 | Sandbox | 224.0.0.252 | 5355 |
| 3.36702513695 | Sandbox | 239.255.255.250 | 3702 |
| 5.92541408539 | Sandbox | 224.0.0.252 | 5355 |
| 9.15791106224 | Sandbox | 192.168.56.255 | 138 |
| 35.0646409988 | Sandbox | 224.0.0.252 | 5355 |
| 37.9707119465 | Sandbox | 224.0.0.252 | 5355 |
| 41.1397681236 | Sandbox | 8.8.4.4 | 53 |
| 64.0275850296 | Sandbox | 224.0.0.252 | 5355 |
| 71.9734799862 | Sandbox | 224.0.0.252 | 5355 |
| 72.6627340317 | Sandbox | 224.0.0.252 | 5355 |
| 74.6115341187 | Sandbox | 8.8.4.4 | 53 |
| 75.4395000935 | Sandbox | 224.0.0.252 | 5355 |
| 76.970279932 | Sandbox | 224.0.0.252 | 5355 |
| 78.0220370293 | Sandbox | 8.8.4.4 | 53 |
| 78.9398090839 | Sandbox | 224.0.0.252 | 5355 |
| 79.6029729843 | Sandbox | 224.0.0.252 | 5355 |
| 79.8615880013 | Sandbox | 224.0.0.252 | 5355 |
| 80.1912341118 | Sandbox | 224.0.0.252 | 5355 |
| 81.5334579945 | Sandbox | 224.0.0.252 | 5355 |
| 81.6752309799 | Sandbox | 224.0.0.252 | 5355 |
| 82.5042541027 | Sandbox | 8.8.4.4 | 53 |
| 82.6420490742 | Sandbox | 224.0.0.252 | 5355 |
| 83.1112411022 | Sandbox | 224.0.0.252 | 5355 |
| 84.2374329567 | Sandbox | 224.0.0.252 | 5355 |
| 94.0336699486 | Sandbox | 8.8.4.4 | 53 |
| 95.9334599972 | Sandbox | 224.0.0.252 | 5355 |
| 96.0491211414 | Sandbox | 224.0.0.252 | 5355 |
| 98.8921499252 | Sandbox | 224.0.0.252 | 5355 |
| 99.0327050686 | Sandbox | 224.0.0.252 | 5355 |
| 101.597106934 | Sandbox | 8.8.4.4 | 53 |
| 102.110793114 | Sandbox | 224.0.0.252 | 5355 |
| 102.361258984 | Sandbox | 224.0.0.252 | 5355 |
| 105.00247097 | Sandbox | 224.0.0.252 | 5355 |
| 105.362071991 | Sandbox | 224.0.0.252 | 5355 |
| 108.127552032 | Sandbox | 224.0.0.252 | 5355 |
| 108.803391933 | Sandbox | 224.0.0.252 | 5355 |
| 111.064608097 | Sandbox | 224.0.0.252 | 5355 |
| 111.569060087 | Sandbox | 224.0.0.252 | 5355 |
| 117.520828009 | Sandbox | 224.0.0.252 | 5355 |
| 120.337741137 | Sandbox | 224.0.0.252 | 5355 |
| 122.366734028 | Sandbox | 239.255.255.250 | 1900 |
| 122.919919968 | Sandbox | 8.8.4.4 | 53 |
| 123.599740982 | Sandbox | 224.0.0.252 | 5355 |
| 125.034250975 | Sandbox | 8.8.4.4 | 53 |
| 126.356652975 | Sandbox | 224.0.0.252 | 5355 |
| 130.221776962 | Sandbox | 224.0.0.252 | 5355 |
| 132.952850103 | Sandbox | 224.0.0.252 | 5355 |
| 135.940725088 | Sandbox | 224.0.0.252 | 5355 |
| 139.646866083 | Sandbox | 224.0.0.252 | 5355 |
| 142.37749505 | Sandbox | 8.8.4.4 | 53 |