| Name | IP | Country | ASN | ASN Name | Trigger Process Type |
|---|---|---|---|---|---|
| 8.8.4.4 | United States | 15169 | Level 3 Parent, LLC | Malware Process | |
| 104.18.108.8 | United States | 13335 | Cloudflare, Inc. | Malware Process | |
| 104.18.20.226 | United States | 13335 | Cloudflare, Inc. | Malware Process | |
| 69.42.215.252 | United States | 33333 | Awknet Communications, LLC | Malware Process | |
| 8.240.248.254 | United States | 3356 | Level 3 Parent, LLC | OS Process | |
| 140.82.59.108 | Netherlands | 20473 | The Constant Company, LLC | Malware Process | |
| ocsp.comodoca.com | 151.139.128.14 | United States | 20446 | StackPath, LLC. | OS Process |
| freedns.afraid.org | 50.23.197.95 | United States | 36351 | SoftLayer Technologies Inc. | Malware Process |
| doc-14-14-docs.googleusercontent.com | 172.217.1.161 | United States | 15169 | Google LLC | Malware Process |
| docs.google.com | 172.217.1.174 | United States | 15169 | Google LLC | Malware Process |
| ctldl.windowsupdate.com | 8.250.91.254 | United States | 3356 | Level 3 Parent, LLC | OS Process |
| ocsp.usertrust.com | 151.139.128.14 | United States | 20446 | StackPath, LLC. | OS Process |
| www.000webhost.com | 104.18.107.8 | United States | 13335 | Cloudflare, Inc. | Malware Process |
| ocsp.sectigo.com | 151.139.128.14 | United States | 20446 | StackPath, LLC. | Malware Process |
| ocsp.pki.goog | 172.217.1.163 | United States | 15169 | Google LLC | Malware Process |
| crl.microsoft.com | 23.35.69.154 | United States | 20940 | Akamai Technologies, Inc. | OS Process |
| xred.site50.net | 153.92.0.100 | United States | 204915 | Hostinger International Ltd. | Malware Process |
| crl.globalsign.net | 104.18.21.226 | United States | 13335 | Cloudflare, Inc. | Malware Process |
| ocsp.digicert.com | 72.21.91.29 | United States | 15133 | MCI Communications Services, Inc. d/b/a Verizon Business | Malware Process |
| www.dropbox.com | 162.125.6.18 | United States | 19679 | Dropbox, Inc. | Malware Process |
| Host | Port | Method | Version | User Agent | Count | Call Time During Execution(Sec) |
|---|---|---|---|---|---|---|
| freedns.afraid.org | 80 | GET | 1.1 | MyApp | 1 | 19.8013589382 |
|
Path: /api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978 URI: http://freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978 |
||||||
| ctldl.windowsupdate.com | 80 | GET | 1.1 | Microsoft-CryptoAPI/6.1 | 1 | 23.3184049129 |
|
Path: /msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?e7d7a45ca5ab58e7 URI: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?e7d7a45ca5ab58e7 |
||||||
| ctldl.windowsupdate.com | 80 | GET | 1.1 | Microsoft-CryptoAPI/6.1 | 1 | 23.8164358139 |
|
Path: /msdownload/update/v3/static/trustedr/en/authrootstl.cab?f6345a1644e7f903 URI: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?f6345a1644e7f903 |
||||||
| ocsp.pki.goog | 80 | GET | 1.1 | Microsoft-CryptoAPI/6.1 | 1 | 24.3431129456 |
|
Path: /gsr2/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBTgXIsxbvr2lBkPpoIEVRE6gHlCnAQUm%2BIHV2ccHsBqBt5ZtJot39wZhi4CDQHjtJqhjYqpgSVpULg%3D URI: http://ocsp.pki.goog/gsr2/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBTgXIsxbvr2lBkPpoIEVRE6gHlCnAQUm%2BIHV2ccHsBqBt5ZtJot39wZhi4CDQHjtJqhjYqpgSVpULg%3D |
||||||
| ocsp.pki.goog | 80 | GET | 1.1 | Microsoft-CryptoAPI/6.1 | 1 | 24.5968389511 |
|
Path: /gts1o1core/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRCRjDCJxnb3nDwj%2Fxz5aZfZjgXvAQUmNH4bhDrz5vsYJ8YkBug630J%2FSsCEQCaqSUI%2Bht%2FqQUAAAAAh0om URI: http://ocsp.pki.goog/gts1o1core/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRCRjDCJxnb3nDwj%2Fxz5aZfZjgXvAQUmNH4bhDrz5vsYJ8YkBug630J%2FSsCEQCaqSUI%2Bht%2FqQUAAAAAh0om |
||||||
| ocsp.pki.goog | 80 | GET | 1.1 | Microsoft-CryptoAPI/6.1 | 1 | 25.2217078209 |
|
Path: /gts1o1core/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRCRjDCJxnb3nDwj%2Fxz5aZfZjgXvAQUmNH4bhDrz5vsYJ8YkBug630J%2FSsCEDV8NbKN%2BGCNBQAAAACHSlU%3D URI: http://ocsp.pki.goog/gts1o1core/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRCRjDCJxnb3nDwj%2Fxz5aZfZjgXvAQUmNH4bhDrz5vsYJ8YkBug630J%2FSsCEDV8NbKN%2BGCNBQAAAACHSlU%3D |
||||||
| ocsp.digicert.com | 80 | GET | 1.1 | Microsoft-CryptoAPI/6.1 | 1 | 47.1984188557 |
|
Path: /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEATh56TcXPLzbcArQrhdFZ8%3D URI: http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEATh56TcXPLzbcArQrhdFZ8%3D |
||||||
| ocsp.digicert.com | 80 | GET | 1.1 | Microsoft-CryptoAPI/6.1 | 1 | 47.4159188271 |
|
Path: /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTPJvUY%2Bsl%2Bj4yzQuAcL2oQno5fCgQUUWj%2FkK8CB3U8zNllZGKiErhZcjsCEAJLrzIItpd3cj34Ka%2BNH60%3D URI: http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTPJvUY%2Bsl%2Bj4yzQuAcL2oQno5fCgQUUWj%2FkK8CB3U8zNllZGKiErhZcjsCEAJLrzIItpd3cj34Ka%2BNH60%3D |
||||||
| xred.site50.net | 80 | GET | 1.1 | Synaptics.exe | 1 | 48.0274598598 |
|
Path: /syn/Synaptics.rar URI: http://xred.site50.net/syn/Synaptics.rar |
||||||
| ocsp.comodoca.com | 80 | GET | 1.1 | Microsoft-CryptoAPI/6.1 | 1 | 48.3176088333 |
|
Path: /MFEwTzBNMEswSTAJBgUrDgMCGgUABBRTtU9uFqgVGHhJwXZyWCNXmVR5ngQUoBEKIz6W8Qfs4q8p74Klf9AwpLQCEDlyRDr5IrdR19NsEN0xNZU%3D URI: http://ocsp.comodoca.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRTtU9uFqgVGHhJwXZyWCNXmVR5ngQUoBEKIz6W8Qfs4q8p74Klf9AwpLQCEDlyRDr5IrdR19NsEN0xNZU%3D |
||||||
| ocsp.usertrust.com | 80 | GET | 1.1 | Microsoft-CryptoAPI/6.1 | 1 | 48.5283029079 |
|
Path: /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTNMNJMNDqCqx8FcBWK16EHdimS6QQUU3m%2FWqorSs9UgOHYm8Cd8rIDZssCEH1bUSa0droR23QWC7xTDac%3D URI: http://ocsp.usertrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTNMNJMNDqCqx8FcBWK16EHdimS6QQUU3m%2FWqorSs9UgOHYm8Cd8rIDZssCEH1bUSa0droR23QWC7xTDac%3D |
||||||
| ocsp.sectigo.com | 80 | GET | 1.1 | Microsoft-CryptoAPI/6.1 | 1 | 48.7383480072 |
|
Path: /MFEwTzBNMEswSTAJBgUrDgMCGgUABBRDC9IOTxN6GmyRjyTl2n4yTUczyAQUjYxexFStiuF36Zv5mwXhuAGNYeECECg%2FsnYZQBcbghenePPERjY%3D URI: http://ocsp.sectigo.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRDC9IOTxN6GmyRjyTl2n4yTUczyAQUjYxexFStiuF36Zv5mwXhuAGNYeECECg%2FsnYZQBcbghenePPERjY%3D |
||||||
| crl.microsoft.com | 80 | GET | 1.1 | Microsoft-CryptoAPI/6.1 | 1 | 56.7603168488 |
|
Path: /pki/crl/products/tspca.crl URI: http://crl.microsoft.com/pki/crl/products/tspca.crl |
||||||
| crl.microsoft.com | 80 | GET | 1.1 | Microsoft-CryptoAPI/6.1 | 1 | 56.842674017 |
|
Path: /pki/crl/products/CodeSignPCA2.crl URI: http://crl.microsoft.com/pki/crl/products/CodeSignPCA2.crl |
||||||
| crl.microsoft.com | 80 | GET | 1.1 | Microsoft-CryptoAPI/6.1 | 1 | 56.9218609333 |
|
Path: /pki/crl/products/WinPCA.crl URI: http://crl.microsoft.com/pki/crl/products/WinPCA.crl |
||||||
| crl.globalsign.net | 80 | GET | 1.1 | Microsoft-CryptoAPI/6.1 | 1 | 57.0262598991 |
|
Path: /primobject.crl URI: http://crl.globalsign.net/primobject.crl |
||||||
| Request | Type |
|---|---|
| xred.mooo.com | A |
|
Answers - (NXDOMAIN) |
|
| freedns.afraid.org | A |
|
Answers - 69.42.215.252 (A) - 50.23.197.95 (A) |
|
| docs.google.com | A |
|
Answers - 172.217.1.174 (A) |
|
| ctldl.windowsupdate.com | A |
|
Answers - 8.240.248.254 (A) - 8.252.237.126 (A) - 8.240.248.126 (A) - 8.252.236.254 (A) - au-bg-shim.trafficmanager.net (CNAME) - audownload.windowsupdate.nsatc.net (CNAME) - 8.240.37.254 (A) - auto.au.download.windowsupdate.com.c.footprint.net (CNAME) |
|
| ocsp.pki.goog | A |
|
Answers - 172.217.1.163 (A) - pki-goog.l.google.com (CNAME) |
|
| doc-14-14-docs.googleusercontent.com | A |
|
Answers - googlehosted.l.googleusercontent.com (CNAME) - 172.217.1.161 (A) |
|
| www.dropbox.com | A |
|
Answers - 162.125.6.18 (A) - www-env.dropbox-dns.com (CNAME) |
|
| ocsp.digicert.com | A |
|
Answers - cs9.wac.phicdn.net (CNAME) - 72.21.91.29 (A) |
|
| xred.site50.net | A |
|
Answers - 153.92.0.100 (A) |
|
| www.000webhost.com | A |
|
Answers - 104.18.108.8 (A) - 104.18.107.8 (A) |
|
| ocsp.comodoca.com | A |
|
Answers - 151.139.128.14 (A) |
|
| ocsp.usertrust.com | A |
| ocsp.sectigo.com | A |
| crl.microsoft.com | A |
|
Answers - 23.35.69.144 (A) - 23.35.69.154 (A) - crl.www.ms.akadns.net (CNAME) - a1363.dscg.akamai.net (CNAME) |
|
| crl.globalsign.net | A |
|
Answers - 104.18.21.226 (A) - global.prd.cdn.globalsign.com (CNAME) - cdn.globalsigncdn.com.cdn.cloudflare.net (CNAME) - 104.18.20.226 (A) |
|
| Call Time During Execution(sec) | Source IP | Dest IP | Dest Port |
|---|---|---|---|
| 19.8013589382 | Sandbox | 69.42.215.252 | 80 |
| 21.3419418335 | Sandbox | 172.217.1.174 | 443 |
| 23.3184049129 | Sandbox | 8.240.248.254 | 80 |
| 24.3431129456 | Sandbox | 172.217.1.163 | 80 |
| 24.9660367966 | Sandbox | 172.217.1.161 | 443 |
| 46.8979229927 | Sandbox | 162.125.6.18 | 443 |
| 47.1984188557 | Sandbox | 72.21.91.29 | 80 |
| 48.0274598598 | Sandbox | 153.92.0.100 | 80 |
| 48.112790823 | Sandbox | 104.18.108.8 | 443 |
| 48.3176088333 | Sandbox | 151.139.128.14 | 80 |
| 48.5283029079 | Sandbox | 151.139.128.14 | 80 |
| 48.7383480072 | Sandbox | 151.139.128.14 | 80 |
| 56.7603168488 | Sandbox | 23.35.69.154 | 80 |
| 57.0262598991 | Sandbox | 104.18.20.226 | 80 |
| Call Time During Execution(sec) | Source IP | Dest IP | Dest Port |
|---|---|---|---|
| 6.73055887222 | Sandbox | 224.0.0.252 | 5355 |
| 6.75196480751 | Sandbox | 224.0.0.252 | 5355 |
| 6.76125383377 | Sandbox | 239.255.255.250 | 3702 |
| 6.80414795876 | Sandbox | 192.168.56.255 | 137 |
| 9.30603790283 | Sandbox | 224.0.0.252 | 5355 |
| 12.271160841 | Sandbox | 8.8.4.4 | 53 |
| 12.9292218685 | Sandbox | 192.168.56.255 | 138 |
| 15.7242128849 | Sandbox | 224.0.0.252 | 5355 |
| 19.7091879845 | Sandbox | 8.8.4.4 | 53 |
| 19.9057958126 | Sandbox | 224.0.0.252 | 5355 |
| 21.1612558365 | Sandbox | 8.8.4.4 | 53 |
| 23.2887058258 | Sandbox | 8.8.4.4 | 53 |
| 24.2952368259 | Sandbox | 8.8.4.4 | 53 |
| 24.929792881 | Sandbox | 8.8.4.4 | 53 |
| 46.8467409611 | Sandbox | 8.8.4.4 | 53 |
| 47.1661398411 | Sandbox | 8.8.4.4 | 53 |
| 47.8790287971 | Sandbox | 8.8.4.4 | 53 |
| 48.0809168816 | Sandbox | 8.8.4.4 | 53 |
| 48.3016598225 | Sandbox | 8.8.4.4 | 53 |
| 48.5202999115 | Sandbox | 8.8.4.4 | 53 |
| 48.7310948372 | Sandbox | 8.8.4.4 | 53 |
| 56.7173569202 | Sandbox | 8.8.4.4 | 53 |
| 56.9906418324 | Sandbox | 8.8.4.4 | 53 |