Advanced File Analysis System

Contacted IPs

Network Port Distribution

Name	IP	Country	ASN	ASN Name	Trigger Process Type
	8.8.4.4	United States	15169	Level 3 Parent, LLC	Malware Process
	104.18.21.226	United States	13335	Cloudflare, Inc.	Malware Process
crl.microsoft.com	23.67.251.99	United States	20940	Akamai Technologies, Inc.	OS Process
ctldl.windowsupdate.com	23.67.251.96	United States	20940	Akamai Technologies, Inc.	OS Process
gp.symcd.com	23.35.171.27	United States	20940	Akamai Technologies, Inc.	Malware Process
update.securebrowser.com	54.172.8.74	United States	14618	Amazon Technologies Inc.	Malware Process
crl.globalsign.net	104.18.20.226	United States	13335	Cloudflare, Inc.	Malware Process
gp.symcb.com	72.21.91.29	United States	15133	MCI Communications Services, Inc. d/b/a Verizon Business	Malware Process
g2.symcb.com	23.50.75.27	United States	3257	Akamai Technologies, Inc.	Malware Process
installer.securebrowser.com	54.172.8.74	United States	14618	Amazon Technologies Inc.	Malware Process

HTTP Packets

Host	Port	Method	Version	User Agent	Count	Call Time During Execution(Sec)
ctldl.windowsupdate.com	80	GET	1.1	Microsoft-CryptoAPI/6.1	1	17.8116970062
Path: /msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?42517b9f220bf520 URI: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?42517b9f220bf520
g2.symcb.com	80	GET	1.1	Microsoft-CryptoAPI/6.1	1	23.1835768223
Path: /MEQwQjBAMD4wPDAJBgUrDgMCGgUABBSxtDkXkBa3l3lQEfFgudSiPNvt7gQUAPkqw0GRtsnCuD5V8sCXEROgByACAwI6cQ%3D%3D URI: http://g2.symcb.com/MEQwQjBAMD4wPDAJBgUrDgMCGgUABBSxtDkXkBa3l3lQEfFgudSiPNvt7gQUAPkqw0GRtsnCuD5V8sCXEROgByACAwI6cQ%3D%3D
gp.symcb.com	80	GET	1.1	Microsoft-CryptoAPI/6.1	1	25.8646228313
Path: /gp.crl URI: http://gp.symcb.com/gp.crl
gp.symcd.com	80	GET	1.1	Microsoft-CryptoAPI/6.1	1	25.8668467999
Path: /MFEwTzBNMEswSTAJBgUrDgMCGgUABBRH4mIoBb%2Bhjdi7K%2FE2J4ZS9L%2FZgAQUl8InUJ7CyewMiDLIfK3ipgFP2m8CEF9%2F3iBjBpfCaXcXqCUlYAI%3D URI: http://gp.symcd.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRH4mIoBb%2Bhjdi7K%2FE2J4ZS9L%2FZgAQUl8InUJ7CyewMiDLIfK3ipgFP2m8CEF9%2F3iBjBpfCaXcXqCUlYAI%3D
crl.microsoft.com	80	GET	1.1	Microsoft-CryptoAPI/6.1	1	65.566298008
Path: /pki/crl/products/tspca.crl URI: http://crl.microsoft.com/pki/crl/products/tspca.crl
crl.microsoft.com	80	GET	1.1	Microsoft-CryptoAPI/6.1	1	65.6035349369
Path: /pki/crl/products/CodeSignPCA2.crl URI: http://crl.microsoft.com/pki/crl/products/CodeSignPCA2.crl
crl.microsoft.com	80	GET	1.1	Microsoft-CryptoAPI/6.1	1	65.897993803
Path: /pki/crl/products/WinPCA.crl URI: http://crl.microsoft.com/pki/crl/products/WinPCA.crl
crl.globalsign.net	80	GET	1.1	Microsoft-CryptoAPI/6.1	1	66.4179048538
Path: /primobject.crl URI: http://crl.globalsign.net/primobject.crl
update.securebrowser.com	80	POST	1.1	Google Update/1.3.129.7;winhttp	1	69.6486508846
Path: /service/update2 URI: http://update.securebrowser.com/service/update2
update.securebrowser.com	80	POST	1.1	Google Update/1.3.129.7;winhttp	1	72.6810259819
Path: /service/update2 URI: http://update.securebrowser.com/service/update2
update.securebrowser.com	80	POST	1.1	Google Update/1.3.129.7;winhttp	1	82.9299409389
Path: /service/update2 URI: http://update.securebrowser.com/service/update2
update.securebrowser.com	80	POST	1.1	Google Update/1.3.129.7;winhttp	1	85.657148838
Path: /service/update2 URI: http://update.securebrowser.com/service/update2
update.securebrowser.com	80	POST	1.1	Google Update/1.3.129.7;winhttp	1	114.299767971
Path: /service/update2 URI: http://update.securebrowser.com/service/update2
update.securebrowser.com	80	POST	1.1	Google Update/1.3.129.7;winhttp	1	117.098057985
Path: /service/update2 URI: http://update.securebrowser.com/service/update2
update.securebrowser.com	80	POST	1.1	Google Update/1.3.129.7;winhttp	1	157.420171976
Path: /service/update2 URI: http://update.securebrowser.com/service/update2
update.securebrowser.com	80	POST	1.1	Google Update/1.3.129.7;winhttp	1	160.237128973
Path: /service/update2 URI: http://update.securebrowser.com/service/update2

DNS Queries/Answers

Request	Type
installer.securebrowser.com	A
Answers - 54.172.8.74 (A)
ctldl.windowsupdate.com	A
Answers - ctldl.windowsupdate.nsatc.net (CNAME) - a1621.g.akamai.net (CNAME) - 23.67.251.96 (A) - ctldl.windowsupdate.com.edgesuite.net (CNAME)
g2.symcb.com	A
Answers - ocsp-ds.ws.symantec.com.edgekey.net (CNAME) - e8218.dscb1.akamaiedge.net (CNAME) - 23.50.75.27 (A)
gp.symcb.com	A
Answers - crl-symcprod.digicert.com (CNAME) - cs9.wac.phicdn.net (CNAME) - 72.21.91.29 (A)
gp.symcd.com	A
update.securebrowser.com	A
crl.microsoft.com	A
Answers - 23.67.251.99 (A) - crl.www.ms.akadns.net (CNAME) - a1363.dscg.akamai.net (CNAME)
crl.globalsign.net	A
Answers - 104.18.21.226 (A) - global.prd.cdn.globalsign.com (CNAME) - cdn.globalsigncdn.com.cdn.cloudflare.net (CNAME) - 104.18.20.226 (A)

TCP Packets

Call Time During Execution(sec)	Source IP	Dest IP	Dest Port
12.2081639767	Sandbox	54.172.8.74	443
17.8116970062	Sandbox	23.67.251.96	80
23.1835768223	Sandbox	23.50.75.27	80
23.2787950039	Sandbox	54.172.8.74	443
23.5065598488	Sandbox	54.172.8.74	443
25.8646228313	Sandbox	72.21.91.29	80
25.8668467999	Sandbox	23.50.75.27	80
27.2698528767	Sandbox	54.172.8.74	443
52.1065587997	Sandbox	54.172.8.74	443
54.8306109905	Sandbox	54.172.8.74	443
55.8851439953	Sandbox	54.172.8.74	443
65.566298008	Sandbox	23.67.251.99	80
66.3887329102	Sandbox	54.172.8.74	443
66.4179048538	Sandbox	104.18.21.226	80
68.2396478653	Sandbox	54.172.8.74	443
69.3236789703	Sandbox	54.172.8.74	443
69.6486508846	Sandbox	54.172.8.74	80
72.6810259819	Sandbox	54.172.8.74	80
82.9299409389	Sandbox	54.172.8.74	80
85.657148838	Sandbox	54.172.8.74	80
111.441561937	Sandbox	54.172.8.74	443
114.23285985	Sandbox	54.172.8.74	443
114.299767971	Sandbox	54.172.8.74	80
117.098057985	Sandbox	54.172.8.74	80
157.420171976	Sandbox	54.172.8.74	80
160.237128973	Sandbox	54.172.8.74	80
190.138350964	Sandbox	54.172.8.74	443
195.763925791	Sandbox	54.172.8.74	443

UDP Packets

Call Time During Execution(sec)	Source IP	Dest IP	Dest Port
3.01841878891	Sandbox	224.0.0.252	5355
3.02184486389	Sandbox	224.0.0.252	5355
3.02958297729	Sandbox	239.255.255.250	3702
3.07947897911	Sandbox	192.168.56.255	137
5.57993292809	Sandbox	224.0.0.252	5355
9.09432291985	Sandbox	192.168.56.255	138
9.57830190659	Sandbox	224.0.0.252	5355
12.1488609314	Sandbox	8.8.4.4	53
12.5883009434	Sandbox	224.0.0.252	5355
15.181746006	Sandbox	224.0.0.252	5355
17.7388498783	Sandbox	8.8.4.4	53
17.9774599075	Sandbox	224.0.0.252	5355
20.5482769012	Sandbox	224.0.0.252	5355
23.1110479832	Sandbox	8.8.4.4	53
23.2364377975	Sandbox	224.0.0.252	5355
23.2470118999	Sandbox	224.0.0.252	5355
25.8178567886	Sandbox	8.8.4.4	53
25.8181939125	Sandbox	8.8.4.4	53
51.5700550079	Sandbox	8.8.4.4	53
53.2810709476	Sandbox	224.0.0.252	5355
65.4506537914	Sandbox	8.8.4.4	53
65.595140934	Sandbox	224.0.0.252	5355
66.3737568855	Sandbox	8.8.4.4	53
66.5369389057	Sandbox	224.0.0.252	5355
69.9206619263	Sandbox	224.0.0.252	5355
83.0652458668	Sandbox	224.0.0.252	5355
111.610507965	Sandbox	224.0.0.252	5355
114.421365976	Sandbox	224.0.0.252	5355
157.577675819	Sandbox	224.0.0.252	5355

File Name: SecureBrowserSetup.exe

File Type: PE32 executable (GUI) Intel 80386, for MS Windows

SHA1: 4a361773655f41788ef53d1ee189c39673f421d8

MD5: afe7194c459fd4847b694f3abb4c2267