Advanced File Analysis System

Contacted IPs

Network Port Distribution

Name	IP	Country	ASN	ASN Name	Trigger Process Type
	8.8.4.4	United States	15169	Level 3 Parent, LLC	Malware Process
	151.101.0.234	United States	54113	Fastly	Malware Process
	184.24.97.182	United States	20940	Akamai Technologies, Inc.	OS Process
	184.26.44.103	United States	20940	Akamai Technologies, Inc.	Malware Process
	23.67.250.163	United States	20940	Akamai Technologies, Inc.	OS Process
downloads.sourceforge.net	216.105.38.13	United States	6130	Internet Express	Malware Process
dev-point.co	104.27.189.58	United States	13335	Cloudflare, Inc.	Malware Process
crl.globalsign.net	104.18.21.226	United States	13335	Cloudflare, Inc.	Malware Process
astuteinternet.dl.sourceforge.net	162.213.157.36	Canada	54527	Astute Hosting Inc.	Malware Process
crl.microsoft.com	63.238.216.18	United States	209	Qwest Communications Company, LLC	OS Process
ocsp.int-x3.letsencrypt.org	65.152.202.185	United States	209	Qwest Communications Company, LLC	Malware Process
isrg.trustid.ocsp.identrust.com	65.152.202.225	United States	209	Qwest Communications Company, LLC	Malware Process
ctldl.windowsupdate.com	23.208.166.41	United States	20940	Akamai Technologies, Inc.	OS Process

HTTP Packets

Host	Port	Method	Version	User Agent	Count	Call Time During Execution(Sec)
downloads.sourceforge.net	80	GET	1.1	Notepad++/Plugin-Manager;v1.3.5.0	1	14.5708889961
Path: /project/npppluginmgr/xml/plugins.md5.txt URI: http://downloads.sourceforge.net/project/npppluginmgr/xml/plugins.md5.txt
ctldl.windowsupdate.com	80	GET	1.1	Microsoft-CryptoAPI/6.1	1	22.4701991081
Path: /msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?ba1facd29e2bd627 URI: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?ba1facd29e2bd627
isrg.trustid.ocsp.identrust.com	80	GET	1.1	Microsoft-CryptoAPI/6.1	1	29.8998241425
Path: /MFEwTzBNMEswSTAJBgUrDgMCGgUABBRv9GhNQxLSSGKBnMArPUcsHYovpgQUxKexpHsscfrb4UuQdf%2FEFWCFiRACEAoBQUIAAAFThXNqC4Xspwg%3D URI: http://isrg.trustid.ocsp.identrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRv9GhNQxLSSGKBnMArPUcsHYovpgQUxKexpHsscfrb4UuQdf%2FEFWCFiRACEAoBQUIAAAFThXNqC4Xspwg%3D
ocsp.int-x3.letsencrypt.org	80	GET	1.1	Microsoft-CryptoAPI/6.1	1	36.493117094
Path: /MFMwUTBPME0wSzAJBgUrDgMCGgUABBR%2B5mrncpqz%2FPiiIGRsFqEtYHEIXQQUqEpqYwR93brm0Tm3pkVl7%2FOo7KECEgTUnSbwkleVdmFFlNIuEGjLIA%3D%3D URI: http://ocsp.int-x3.letsencrypt.org/MFMwUTBPME0wSzAJBgUrDgMCGgUABBR%2B5mrncpqz%2FPiiIGRsFqEtYHEIXQQUqEpqYwR93brm0Tm3pkVl7%2FOo7KECEgTUnSbwkleVdmFFlNIuEGjLIA%3D%3D
crl.microsoft.com	80	GET	1.1	Microsoft-CryptoAPI/6.1	1	74.2308571339
Path: /pki/crl/products/tspca.crl URI: http://crl.microsoft.com/pki/crl/products/tspca.crl
crl.microsoft.com	80	GET	1.1	Microsoft-CryptoAPI/6.1	1	79.638395071
Path: /pki/crl/products/CodeSignPCA2.crl URI: http://crl.microsoft.com/pki/crl/products/CodeSignPCA2.crl
crl.microsoft.com	80	GET	1.1	Microsoft-CryptoAPI/6.1	1	85.9591960907
Path: /pki/crl/products/WinPCA.crl URI: http://crl.microsoft.com/pki/crl/products/WinPCA.crl
crl.globalsign.net	80	GET	1.1	Microsoft-CryptoAPI/6.1	1	91.6433951855
Path: /primobject.crl URI: http://crl.globalsign.net/primobject.crl

DNS Queries/Answers

Request	Type
downloads.sourceforge.net	A
Answers - 216.105.38.13 (A)
astuteinternet.dl.sourceforge.net	A
Answers - 162.213.157.36 (A)
ctldl.windowsupdate.com	A
Answers - ctldl.windowsupdate.nsatc.net (CNAME) - 23.67.250.169 (A) - a1621.g.akamai.net (CNAME) - ctldl.windowsupdate.com.edgesuite.net (CNAME) - 23.67.250.163 (A)
isrg.trustid.ocsp.identrust.com	A
Answers - 184.26.44.103 (A) - 184.26.44.106 (A) - a279.dscq.akamai.net (CNAME) - isrg.trustid.ocsp.identrust.com.edgesuite.net (CNAME)
dev-point.co	A
Answers - 104.27.188.58 (A) - 104.27.189.58 (A)
ocsp.int-x3.letsencrypt.org	A
Answers - 184.26.44.105 (A) - a771.dscq.akamai.net (CNAME) - ocsp.int-x3.letsencrypt.org.edgesuite.net (CNAME)
crl.microsoft.com	A
Answers - 184.24.97.184 (A) - crl.www.ms.akadns.net (CNAME) - 184.24.97.182 (A) - a1363.dscg.akamai.net (CNAME)
crl.globalsign.net	A
Answers - 151.101.0.234 (A) - 151.101.192.234 (A) - global.prd.cdn.globalsign.com (CNAME) - 151.101.128.234 (A) - globalsign.map.fastly.net (CNAME) - 151.101.64.234 (A)

TCP Packets

Call Time During Execution(sec)	Source IP	Dest IP	Dest Port
14.5708889961	Sandbox	216.105.38.13	80
15.305295229	Sandbox	162.213.157.36	443
22.4701991081	Sandbox	23.67.250.163	80
29.8998241425	Sandbox	184.26.44.103	80
33.0242621899	Sandbox	104.27.189.58	443
36.493117094	Sandbox	184.26.44.103	80
74.2308571339	Sandbox	184.24.97.182	80
91.6433951855	Sandbox	151.101.0.234	80

UDP Packets

Call Time During Execution(sec)	Source IP	Dest IP	Dest Port
7.01526403427	Sandbox	224.0.0.252	5355
7.03980517387	Sandbox	224.0.0.252	5355
7.04550218582	Sandbox	239.255.255.250	3702
7.08704018593	Sandbox	192.168.56.255	137
9.61229300499	Sandbox	224.0.0.252	5355
13.1803572178	Sandbox	192.168.56.255	138
14.4785761833	Sandbox	8.8.4.4	53
15.0137062073	Sandbox	8.8.4.4	53
16.8226602077	Sandbox	224.0.0.252	5355
19.7281551361	Sandbox	224.0.0.252	5355
22.3380532265	Sandbox	8.8.4.4	53
24.4169311523	Sandbox	224.0.0.252	5355
24.8373601437	Sandbox	239.255.255.250	1900
27.217220068	Sandbox	224.0.0.252	5355
29.7432610989	Sandbox	224.0.0.252	5355
29.8544812202	Sandbox	8.8.4.4	53
30.7443811893	Sandbox	224.0.0.252	5355
32.6649310589	Sandbox	8.8.4.4	53
33.71037817	Sandbox	224.0.0.252	5355
36.3377730846	Sandbox	8.8.4.4	53
68.7800071239	Sandbox	224.0.0.252	5355
71.519162178	Sandbox	224.0.0.252	5355
74.1408410072	Sandbox	8.8.4.4	53
74.3551990986	Sandbox	224.0.0.252	5355
77.0686740875	Sandbox	224.0.0.252	5355
80.1412792206	Sandbox	224.0.0.252	5355
83.3072421551	Sandbox	224.0.0.252	5355
86.1584742069	Sandbox	224.0.0.252	5355
89.0312511921	Sandbox	224.0.0.252	5355
91.5955421925	Sandbox	8.8.4.4	53

File Name: Full_IPTV_LIST_31.05.2018_VIP.exe

File Type: PE32 executable (GUI) Intel 80386, for MS Windows

SHA1: 16b493c5a8b014fd3f0eabb66c90f427fee4c84e

MD5: ce76e34c248864c35169c1521ec38e1c