Contacted IPs
Network Port Distribution
| Name | IP | Country | ASN | ASN Name | Trigger Process Type |
|---|---|---|---|---|---|
| 8.8.4.4 | United States | 15169 | Level 3 Communications, Inc. | Malware Process | |
| crystaltown-hk.com | 5.56.133.98 | United States | 35017 | 1 Gbits Com | Malware Process |
HTTP Packets
| Host | Port | Method | Version | User Agent | Count | Call Time During Execution(Sec) |
|---|---|---|---|---|---|---|
| crystaltown-hk.com | 80 | POST | 1.0 | Mozilla/4.0 (compatible; MSIE 5.0; Windows 98) | 1 | 29.8026521206 |
|
Path: /gift/luxx/gate.php URI: http://crystaltown-hk.com/gift/luxx/gate.php |
||||||
| crystaltown-hk.com | 80 | GET | 1.0 | Mozilla/4.0 (compatible; MSIE 5.0; Windows 98) | 1 | 30.678508997 |
|
Path: /gift/luxx/shit.exe URI: http://crystaltown-hk.com/gift/luxx/shit.exe |
||||||
DNS Queries/Answers
| Request | Type |
|---|---|
| crystaltown-hk.com | A |
|
Answers - 5.56.133.98 (A) |
|
TCP Packets
| Call Time During Execution(sec) | Source IP | Dest IP | Dest Port |
|---|---|---|---|
| 29.8026521206 | Sandbox | 5.56.133.98 | 80 |
| 30.678508997 | Sandbox | 5.56.133.98 | 80 |
UDP Packets
| Call Time During Execution(sec) | Source IP | Dest IP | Dest Port |
|---|---|---|---|
| 3.05622220039 | Sandbox | 224.0.0.252 | 5355 |
| 3.05752205849 | Sandbox | 224.0.0.252 | 5355 |
| 3.07773399353 | Sandbox | 239.255.255.250 | 3702 |
| 3.07971119881 | Sandbox | 192.168.56.255 | 137 |
| 5.61046409607 | Sandbox | 224.0.0.252 | 5355 |
| 9.0782930851 | Sandbox | 192.168.56.255 | 138 |
| 29.4537220001 | Sandbox | 8.8.4.4 | 53 |