| Name | IP | Country | ASN | ASN Name | Trigger Process Type |
|---|---|---|---|---|---|
| 8.8.4.4 | United States | 15169 | Level 3 Parent, LLC | Malware Process | |
| 104.31.75.124 | United States | 13335 | Cloudflare, Inc. | Malware Process | |
| 184.26.44.97 | United States | 20940 | Akamai Technologies, Inc. | OS Process | |
| 209.48.71.168 | United States | 2828 | MCI Communications Services, Inc. d/b/a Verizon Business | OS Process | |
| ocsp.digicert.com | 72.21.91.29 | United States | 15133 | MCI Communications Services, Inc. d/b/a Verizon Business | Malware Process |
| crl4.digicert.com | 66.225.197.197 | United States | 30081 | Server Central Network | Malware Process |
| crl.globalsign.net | 104.31.74.124 | United States | 13335 | Cloudflare, Inc. | Malware Process |
| crl3.digicert.com | 72.21.91.29 | United States | 15133 | MCI Communications Services, Inc. d/b/a Verizon Business | Malware Process |
| crl.microsoft.com | 209.107.208.81 | United States | 12989 | BandCon | OS Process |
| ctldl.windowsupdate.com | 209.107.208.58 | United States | 12989 | BandCon | OS Process |
| Host | Port | Method | Version | User Agent | Count | Call Time During Execution(Sec) |
|---|---|---|---|---|---|---|
| ctldl.windowsupdate.com | 80 | GET | 1.1 | Microsoft-CryptoAPI/6.1 | 1 | 82.048607111 |
|
Path: /msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?37996abac9aa1534 URI: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?37996abac9aa1534 |
||||||
| ocsp.digicert.com | 80 | GET | 1.1 | Microsoft-CryptoAPI/6.1 | 1 | 94.2784280777 |
|
Path: /MFEwTzBNMEswSTAJBgUrDgMCGgUABBT3xL4LQLXDRDM9P665TW442vrsUQQUReuir%2FSSy4IxLVGLp6chnfNtyA8CEAQJGBtf1btmdVNDtW%2BVUAg%3D URI: http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT3xL4LQLXDRDM9P665TW442vrsUQQUReuir%2FSSy4IxLVGLp6chnfNtyA8CEAQJGBtf1btmdVNDtW%2BVUAg%3D |
||||||
| ocsp.digicert.com | 80 | GET | 1.1 | Microsoft-CryptoAPI/6.1 | 1 | 101.781961918 |
|
Path: /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSnR4FoxLLkI7vkvsUIFlZt%2BlGH3gQUWsS5eyoKo6XqcQPAYPkt9mV1DlgCEAydKURKNdF6QYkQe19WQV0%3D URI: http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSnR4FoxLLkI7vkvsUIFlZt%2BlGH3gQUWsS5eyoKo6XqcQPAYPkt9mV1DlgCEAydKURKNdF6QYkQe19WQV0%3D |
||||||
| crl3.digicert.com | 80 | GET | 1.1 | Microsoft-CryptoAPI/6.1 | 1 | 107.930133104 |
|
Path: /sha2-assured-cs-g1.crl URI: http://crl3.digicert.com/sha2-assured-cs-g1.crl |
||||||
| crl4.digicert.com | 80 | GET | 1.1 | Microsoft-CryptoAPI/6.1 | 1 | 111.408811092 |
|
Path: /sha2-assured-cs-g1.crl URI: http://crl4.digicert.com/sha2-assured-cs-g1.crl |
||||||
| crl.microsoft.com | 80 | GET | 1.1 | Microsoft-CryptoAPI/6.1 | 1 | 164.702135086 |
|
Path: /pki/crl/products/tspca.crl URI: http://crl.microsoft.com/pki/crl/products/tspca.crl |
||||||
| crl.microsoft.com | 80 | GET | 1.1 | Microsoft-CryptoAPI/6.1 | 1 | 170.173187017 |
|
Path: /pki/crl/products/CodeSignPCA2.crl URI: http://crl.microsoft.com/pki/crl/products/CodeSignPCA2.crl |
||||||
| crl.microsoft.com | 80 | GET | 1.1 | Microsoft-CryptoAPI/6.1 | 1 | 175.503479004 |
|
Path: /pki/crl/products/WinPCA.crl URI: http://crl.microsoft.com/pki/crl/products/WinPCA.crl |
||||||
| crl.globalsign.net | 80 | GET | 1.1 | Microsoft-CryptoAPI/6.1 | 1 | 180.85317111 |
|
Path: /primobject.crl URI: http://crl.globalsign.net/primobject.crl |
||||||
| Request | Type |
|---|---|
| ctldl.windowsupdate.com | A |
|
Answers - ctldl.windowsupdate.nsatc.net (CNAME) - a1621.g.akamai.net (CNAME) - 209.48.71.144 (A) - 209.48.71.168 (A) - ctldl.windowsupdate.com.edgesuite.net (CNAME) |
|
| ocsp.digicert.com | A |
|
Answers - cs9.wac.phicdn.net (CNAME) - 72.21.91.29 (A) |
|
| crl3.digicert.com | A |
| crl4.digicert.com | A |
|
Answers - digicert.cachefly.net (CNAME) - 66.225.197.197 (A) - rvip1.ue.cachefly.net (CNAME) |
|
| crl.microsoft.com | A |
|
Answers - 184.26.44.97 (A) - 184.26.44.98 (A) - crl.www.ms.akadns.net (CNAME) - a1363.dscg.akamai.net (CNAME) |
|
| crl.globalsign.net | A |
|
Answers - 104.31.75.124 (A) - global.prd.cdn.globalsign.com (CNAME) - cdn.globalsigncdn.com.cdn.cloudflare.net (CNAME) - 104.31.74.124 (A) |
|
| Call Time During Execution(sec) | Source IP | Dest IP | Dest Port |
|---|---|---|---|
| 82.048607111 | Sandbox | 209.48.71.168 | 80 |
| 94.2784280777 | Sandbox | 72.21.91.29 | 80 |
| 107.930133104 | Sandbox | 72.21.91.29 | 80 |
| 111.408811092 | Sandbox | 66.225.197.197 | 80 |
| 164.702135086 | Sandbox | 184.26.44.97 | 80 |
| 180.85317111 | Sandbox | 104.31.75.124 | 80 |
| Call Time During Execution(sec) | Source IP | Dest IP | Dest Port |
|---|---|---|---|
| 3.23838400841 | Sandbox | 224.0.0.252 | 5355 |
| 3.28646302223 | Sandbox | 192.168.56.255 | 137 |
| 3.33368802071 | Sandbox | 224.0.0.252 | 5355 |
| 3.37640690804 | Sandbox | 239.255.255.250 | 3702 |
| 5.89276003838 | Sandbox | 224.0.0.252 | 5355 |
| 9.31402993202 | Sandbox | 192.168.56.255 | 138 |
| 75.2931129932 | Sandbox | 224.0.0.252 | 5355 |
| 78.6578540802 | Sandbox | 224.0.0.252 | 5355 |
| 81.6892559528 | Sandbox | 8.8.4.4 | 53 |
| 87.7592821121 | Sandbox | 224.0.0.252 | 5355 |
| 91.103976965 | Sandbox | 224.0.0.252 | 5355 |
| 94.2040860653 | Sandbox | 8.8.4.4 | 53 |
| 95.8373479843 | Sandbox | 224.0.0.252 | 5355 |
| 99.0643880367 | Sandbox | 224.0.0.252 | 5355 |
| 101.555022001 | Sandbox | 224.0.0.252 | 5355 |
| 104.700700998 | Sandbox | 224.0.0.252 | 5355 |
| 104.829384089 | Sandbox | 224.0.0.252 | 5355 |
| 107.535702944 | Sandbox | 8.8.4.4 | 53 |
| 108.363231897 | Sandbox | 224.0.0.252 | 5355 |
| 111.34683609 | Sandbox | 8.8.4.4 | 53 |
| 159.317404032 | Sandbox | 224.0.0.252 | 5355 |
| 162.012157917 | Sandbox | 224.0.0.252 | 5355 |
| 164.629028082 | Sandbox | 8.8.4.4 | 53 |
| 164.774133921 | Sandbox | 224.0.0.252 | 5355 |
| 167.584994078 | Sandbox | 224.0.0.252 | 5355 |
| 170.246599913 | Sandbox | 224.0.0.252 | 5355 |
| 172.924094915 | Sandbox | 224.0.0.252 | 5355 |
| 175.573209047 | Sandbox | 224.0.0.252 | 5355 |
| 178.239684105 | Sandbox | 224.0.0.252 | 5355 |
| 180.832628012 | Sandbox | 8.8.4.4 | 53 |