| Name | IP | Country | ASN | ASN Name | Trigger Process Type |
|---|---|---|---|---|---|
| 8.8.4.4 | United States | 15169 | Level 3 Parent, LLC | Malware Process | |
| 151.101.2.110 | United States | 54113 | Fastly | Malware Process | |
| 151.101.2.133 | United States | 54113 | Fastly | Malware Process | |
| 162.247.242.20 | United States | 23467 | New Relic | Malware Process | |
| 172.217.10.142 | United States | 15169 | Google LLC | Malware Process | |
| 184.26.44.97 | United States | 20940 | Akamai Technologies, Inc. | OS Process | |
| 184.26.44.98 | United States | 20940 | Akamai Technologies, Inc. | OS Process | |
| 52.85.98.129 | United States | 16509 | Amazon Technologies Inc. | Malware Process | |
| 52.85.98.136 | United States | 16509 | Amazon Technologies Inc. | Malware Process | |
| 52.85.98.18 | United States | 16509 | Amazon Technologies Inc. | Malware Process | |
| 52.85.98.251 | United States | 16509 | Amazon Technologies Inc. | Malware Process | |
| 52.85.98.27 | United States | 16509 | Amazon Technologies Inc. | Malware Process | |
| 52.85.98.91 | United States | 16509 | Amazon Technologies Inc. | Malware Process | |
| api.xtrdlapi.com | 54.76.182.212 | Ireland | 16509 | Amazon Technologies Inc. | Malware Process |
| crl.microsoft.com | 208.185.118.88 | United States | 6461 | Zayo Bandwidth | OS Process |
| s.symcd.com | 23.4.187.27 | United States | 16625 | Akamai Technologies, Inc. | Malware Process |
| crl.globalsign.net | 151.101.22.133 | United States | 54113 | Fastly | Malware Process |
| s.ss2.us | 52.84.31.183 | United States | 16509 | Amazon Technologies Inc. | Malware Process |
| evcs-ocsp.ws.symantec.com | 23.4.187.27 | United States | 16625 | Akamai Technologies, Inc. | Malware Process |
| ocsp.sca1b.amazontrust.com | 52.84.31.246 | United States | 16509 | Amazon Technologies Inc. | Malware Process |
| d1gx3pzah7uolr.cloudfront.net | 13.35.87.220 | United States | 16509 | Amazon Technologies Inc. | Malware Process |
| bam.nr-data.net | 162.247.242.19 | United States | 23467 | New Relic | Malware Process |
| ocsp.verisign.com | 23.4.187.27 | United States | 16625 | Akamai Technologies, Inc. | Malware Process |
| js-agent.newrelic.com | 151.101.22.110 | United States | 54113 | Fastly | Malware Process |
| ocsp.rootca1.amazontrust.com | 52.84.31.141 | United States | 16509 | Amazon Technologies Inc. | Malware Process |
| o.ss2.us | 52.84.31.52 | United States | 16509 | Amazon Technologies Inc. | Malware Process |
| ocsp.globalsign.com | 151.101.22.133 | United States | 54113 | Fastly | Malware Process |
| ocsp.rootg2.amazontrust.com | 52.84.31.141 | United States | 16509 | Amazon Technologies Inc. | Malware Process |
| ocsp.digicert.com | 72.21.91.29 | United States | 15133 | MCI Communications Services, Inc. d/b/a Verizon Business | Malware Process |
| x.ss2.us | 52.84.31.31 | United States | 16509 | Amazon Technologies Inc. | Malware Process |
| ctldl.windowsupdate.com | 208.185.118.89 | United States | 6461 | Zayo Bandwidth | OS Process |
| www.google-analytics.com | 172.217.6.238 | United States | 15169 | Google LLC | Malware Process |
| status.geotrust.com | 72.21.91.29 | United States | 15133 | MCI Communications Services, Inc. d/b/a Verizon Business | Malware Process |
| Host | Port | Method | Version | User Agent | Count | Call Time During Execution(Sec) |
|---|---|---|---|---|---|---|
| www.google-analytics.com | 80 | GET | 1.1 | Mozilla/4.0 (compatible; en-US; NSIS; Windows NT 6.1) | 1 | 12.7160959244 |
|
Path: /__utm.gif?utmwv=5.3.6&utmhn=&utmr=-&utmp=&utmac=UA-44288146-1&utmcc=__utma%3D999.999.999.999.999.1%3B&utms=1&utmvid=0xEB9CD1823A0C473C&guid=on&utmt=event&utme=5(DownloadManager*NET%20Framework*Installed)&utmsr=800x600&utmsc=32-bit URI: http://www.google-analytics.com/__utm.gif?utmwv=5.3.6&utmhn=&utmr=-&utmp=&utmac=UA-44288146-1&utmcc=__utma%3D999.999.999.999.999.1%3B&utms=1&utmvid=0xEB9CD1823A0C473C&guid=on&utmt=event&utme=5(DownloadManager*NET%20Framework*Installed)&utmsr=800x600&utmsc=32-bit |
||||||
| ctldl.windowsupdate.com | 80 | GET | 1.1 | Microsoft-CryptoAPI/6.1 | 1 | 14.6860868931 |
|
Path: /msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?d3cfbfcef0ceddab URI: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?d3cfbfcef0ceddab |
||||||
| ocsp.verisign.com | 80 | GET | 1.1 | Microsoft-CryptoAPI/6.1 | 1 | 14.9629428387 |
|
Path: /MFEwTzBNMEswSTAJBgUrDgMCGgUABBS56bKHAoUD%2BOyl%2B0LhPg9JxyQm4gQUf9Nlp8Ld7LvwMAnzQzn6Aq8zMTMCEGxZ76nhAOEO4wa6j%2BApJVk%3D URI: http://ocsp.verisign.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBS56bKHAoUD%2BOyl%2B0LhPg9JxyQm4gQUf9Nlp8Ld7LvwMAnzQzn6Aq8zMTMCEGxZ76nhAOEO4wa6j%2BApJVk%3D |
||||||
| evcs-ocsp.ws.symantec.com | 80 | GET | 1.1 | Microsoft-CryptoAPI/6.1 | 1 | 15.0978929996 |
|
Path: /MFEwTzBNMEswSTAJBgUrDgMCGgUABBQckPwgwK2Thdm9JYVwXQ4ERz3XDQQUo47PGUI9MeGrIYmEbcvZeaKysloCECLU1%2BUEK%2BnCmZywXEyiu08%3D URI: http://evcs-ocsp.ws.symantec.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQckPwgwK2Thdm9JYVwXQ4ERz3XDQQUo47PGUI9MeGrIYmEbcvZeaKysloCECLU1%2BUEK%2BnCmZywXEyiu08%3D |
||||||
| x.ss2.us | 80 | GET | 1.1 | Microsoft-CryptoAPI/6.1 | 1 | 31.0565438271 |
|
Path: /x.cer URI: http://x.ss2.us/x.cer |
||||||
| ctldl.windowsupdate.com | 80 | GET | 1.1 | Microsoft-CryptoAPI/6.1 | 1 | 31.2065768242 |
|
Path: /msdownload/update/v3/static/trustedr/en/authrootstl.cab?1e0d8ed553287452 URI: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?1e0d8ed553287452 |
||||||
| o.ss2.us | 80 | GET | 1.1 | Microsoft-CryptoAPI/6.1 | 1 | 31.5011999607 |
|
Path: //MEowSDBGMEQwQjAJBgUrDgMCGgUABBSLwZ6EW5gdYc9UaSEaaLjjETNtkAQUv1%2B30c7dH4b0W1Ws3NcQwg6piOcCCQCnDkpMNIK3fw%3D%3D URI: http://o.ss2.us//MEowSDBGMEQwQjAJBgUrDgMCGgUABBSLwZ6EW5gdYc9UaSEaaLjjETNtkAQUv1%2B30c7dH4b0W1Ws3NcQwg6piOcCCQCnDkpMNIK3fw%3D%3D |
||||||
| o.ss2.us | 80 | GET | 1.1 | Microsoft-CryptoAPI/6.1 | 1 | 31.5584719181 |
|
Path: //MEowSDBGMEQwQjAJBgUrDgMCGgUABBSLwZ6EW5gdYc9UaSEaaLjjETNtkAQUv1%2B30c7dH4b0W1Ws3NcQwg6piOcCCQCnDkpMNIK3fw%3D%3D URI: http://o.ss2.us//MEowSDBGMEQwQjAJBgUrDgMCGgUABBSLwZ6EW5gdYc9UaSEaaLjjETNtkAQUv1%2B30c7dH4b0W1Ws3NcQwg6piOcCCQCnDkpMNIK3fw%3D%3D |
||||||
| s.ss2.us | 80 | GET | 1.1 | Microsoft-CryptoAPI/6.1 | 1 | 31.6614518166 |
|
Path: /r.crl URI: http://s.ss2.us/r.crl |
||||||
| ocsp.rootg2.amazontrust.com | 80 | GET | 1.1 | Microsoft-CryptoAPI/6.1 | 1 | 31.8453769684 |
|
Path: /MFQwUjBQME4wTDAJBgUrDgMCGgUABBSIfaREXmfqfJR3TkMYnD7O5MhzEgQUnF8A36oB1zArOIiiuG1KnPIRkYMCEwZ%2FlEoqJ83z%2BsKuKwH5CO65xMY%3D URI: http://ocsp.rootg2.amazontrust.com/MFQwUjBQME4wTDAJBgUrDgMCGgUABBSIfaREXmfqfJR3TkMYnD7O5MhzEgQUnF8A36oB1zArOIiiuG1KnPIRkYMCEwZ%2FlEoqJ83z%2BsKuKwH5CO65xMY%3D |
||||||
| ocsp.rootca1.amazontrust.com | 80 | GET | 1.1 | Microsoft-CryptoAPI/6.1 | 1 | 31.9718239307 |
|
Path: /MFQwUjBQME4wTDAJBgUrDgMCGgUABBRPWaOUU8%2B5VZ5%2Fa9jFTaU9pkK3FAQUhBjMhTTsvAyUlC4IWZzHshBOCggCEwZ%2FlFeFh%2Bisd96yUzJbvJmLVg0%3D URI: http://ocsp.rootca1.amazontrust.com/MFQwUjBQME4wTDAJBgUrDgMCGgUABBRPWaOUU8%2B5VZ5%2Fa9jFTaU9pkK3FAQUhBjMhTTsvAyUlC4IWZzHshBOCggCEwZ%2FlFeFh%2Bisd96yUzJbvJmLVg0%3D |
||||||
| ocsp.sca1b.amazontrust.com | 80 | GET | 1.1 | Microsoft-CryptoAPI/6.1 | 1 | 32.0945599079 |
|
Path: /MFEwTzBNMEswSTAJBgUrDgMCGgUABBQz9arGHWbnBV0DFzpNHz4YcTiFDQQUWaRmBlKge5WSPKOUByeWdFv5PdACEAnEcGcK1jMsIIACRqKgD8o%3D URI: http://ocsp.sca1b.amazontrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQz9arGHWbnBV0DFzpNHz4YcTiFDQQUWaRmBlKge5WSPKOUByeWdFv5PdACEAnEcGcK1jMsIIACRqKgD8o%3D |
||||||
| s.symcd.com | 80 | GET | 1.1 | Microsoft-CryptoAPI/6.1 | 2 | 32.5070137978 |
|
Path: /MFEwTzBNMEswSTAJBgUrDgMCGgUABBS56bKHAoUD%2BOyl%2B0LhPg9JxyQm4gQUf9Nlp8Ld7LvwMAnzQzn6Aq8zMTMCEGMYDTj7gJd4qdA1oxYY%2BEA%3D URI: http://s.symcd.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBS56bKHAoUD%2BOyl%2B0LhPg9JxyQm4gQUf9Nlp8Ld7LvwMAnzQzn6Aq8zMTMCEGMYDTj7gJd4qdA1oxYY%2BEA%3D |
||||||
| ocsp.digicert.com | 80 | GET | 1.1 | Microsoft-CryptoAPI/6.1 | 2 | 32.6113889217 |
|
Path: /MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAyO4MkNaokViAQGHuJB%2Ba8%3D URI: http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAyO4MkNaokViAQGHuJB%2Ba8%3D |
||||||
| ocsp.globalsign.com | 80 | GET | 1.1 | Microsoft-CryptoAPI/6.1 | 1 | 33.1738929749 |
|
Path: /rootr1/ME8wTTBLMEkwRzAJBgUrDgMCGgUABBS3V7W2nAf4FiMTjpDJKg6%2BMgGqMQQUYHtmGkUNl8qJUC99BM00qP%2F8%2FUsCDkbwjNvPLFRm7zMB3V80 URI: http://ocsp.globalsign.com/rootr1/ME8wTTBLMEkwRzAJBgUrDgMCGgUABBS3V7W2nAf4FiMTjpDJKg6%2BMgGqMQQUYHtmGkUNl8qJUC99BM00qP%2F8%2FUsCDkbwjNvPLFRm7zMB3V80 |
||||||
| ocsp.digicert.com | 80 | GET | 1.1 | Microsoft-CryptoAPI/6.1 | 1 | 33.4167149067 |
|
Path: /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAVG%2Fhgj9%2BGUHaOfzhTEYXM%3D URI: http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAVG%2Fhgj9%2BGUHaOfzhTEYXM%3D |
||||||
| status.geotrust.com | 80 | GET | 1.1 | Microsoft-CryptoAPI/6.1 | 1 | 33.5432939529 |
|
Path: /MFEwTzBNMEswSTAJBgUrDgMCGgUABBR3enuod9bxDxzpICGW%2B2sabjf17QQUkFj%2FsJx1qFFUd7Ht8qNDFjiebMUCEA1fNxT7Zt2V3O1CaWimmzM%3D URI: http://status.geotrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBR3enuod9bxDxzpICGW%2B2sabjf17QQUkFj%2FsJx1qFFUd7Ht8qNDFjiebMUCEA1fNxT7Zt2V3O1CaWimmzM%3D |
||||||
| api.xtrdlapi.com | 80 | POST | 1.1 | 1 | 34.0646388531 | |
|
Path: /layout_exception.php?v=1.0.0.15962 URI: http://api.xtrdlapi.com/layout_exception.php?v=1.0.0.15962 |
||||||
| crl.microsoft.com | 80 | GET | 1.1 | Microsoft-CryptoAPI/6.1 | 1 | 47.345582962 |
|
Path: /pki/crl/products/tspca.crl URI: http://crl.microsoft.com/pki/crl/products/tspca.crl |
||||||
| crl.microsoft.com | 80 | GET | 1.1 | Microsoft-CryptoAPI/6.1 | 1 | 47.7602009773 |
|
Path: /pki/crl/products/CodeSignPCA2.crl URI: http://crl.microsoft.com/pki/crl/products/CodeSignPCA2.crl |
||||||
| crl.microsoft.com | 80 | GET | 1.1 | Microsoft-CryptoAPI/6.1 | 1 | 47.9836699963 |
|
Path: /pki/crl/products/WinPCA.crl URI: http://crl.microsoft.com/pki/crl/products/WinPCA.crl |
||||||
| crl.globalsign.net | 80 | GET | 1.1 | Microsoft-CryptoAPI/6.1 | 1 | 48.3301949501 |
|
Path: /primobject.crl URI: http://crl.globalsign.net/primobject.crl |
||||||
| Request | Type |
|---|---|
| www.google-analytics.com | A |
|
Answers - www-google-analytics.l.google.com (CNAME) - 172.217.10.142 (A) |
|
| ctldl.windowsupdate.com | A |
|
Answers - ctldl.windowsupdate.nsatc.net (CNAME) - 184.26.44.97 (A) - a1621.g.akamai.net (CNAME) - ctldl.windowsupdate.com.edgesuite.net (CNAME) - 184.26.44.105 (A) |
|
| ocsp.verisign.com | A |
|
Answers - ocsp-ds.ws.symantec.com.edgekey.net (CNAME) - e8218.dscb1.akamaiedge.net (CNAME) - 23.4.187.27 (A) |
|
| evcs-ocsp.ws.symantec.com | A |
| api.xtrdlapi.com | A |
|
Answers - 54.76.182.212 (A) - xtrdlapi-vpc01-waf-1155237989.eu-west-1.elb.amazonaws.com (CNAME) - 54.171.217.47 (A) |
|
| x.ss2.us | A |
|
Answers - 52.85.98.94 (A) - 52.85.98.136 (A) - 52.85.98.207 (A) - 52.85.98.11 (A) |
|
| o.ss2.us | A |
|
Answers - 52.85.98.71 (A) - 52.85.98.15 (A) - 52.85.98.18 (A) - 52.85.98.85 (A) |
|
| s.ss2.us | A |
|
Answers - 52.85.98.50 (A) - 52.85.98.190 (A) - 52.85.98.251 (A) - 52.85.98.63 (A) |
|
| ocsp.rootg2.amazontrust.com | A |
|
Answers - 52.85.98.123 (A) - 52.85.98.91 (A) - 52.85.98.75 (A) - 52.85.98.148 (A) |
|
| ocsp.rootca1.amazontrust.com | A |
| ocsp.sca1b.amazontrust.com | A |
|
Answers - 52.85.98.129 (A) - 52.85.98.184 (A) - 52.85.98.189 (A) - 52.85.98.140 (A) |
|
| d1gx3pzah7uolr.cloudfront.net | A |
|
Answers - 52.85.98.117 (A) - 52.85.98.27 (A) - 52.85.98.135 (A) |
|
| s.symcd.com | A |
| ocsp.digicert.com | A |
|
Answers - cs9.wac.phicdn.net (CNAME) - 72.21.91.29 (A) |
|
| js-agent.newrelic.com | A |
|
Answers - 151.101.2.110 (A) - f4.shared.global.fastly.net (CNAME) - 151.101.194.110 (A) - 151.101.66.110 (A) - 151.101.130.110 (A) |
|
| ocsp.globalsign.com | A |
|
Answers - 151.101.66.133 (A) - 151.101.2.133 (A) - global.prd.cdn.globalsign.com (CNAME) - 151.101.194.133 (A) - 151.101.130.133 (A) - prod.globalsign.map.fastly.net (CNAME) |
|
| bam.nr-data.net | A |
|
Answers - 162.247.242.18 (A) - 162.247.242.20 (A) - 162.247.242.21 (A) - 162.247.242.19 (A) |
|
| status.geotrust.com | A |
|
Answers - ocsp.digicert.com (CNAME) |
|
| crl.microsoft.com | A |
|
Answers - 184.26.44.98 (A) - crl.www.ms.akadns.net (CNAME) - a1363.dscg.akamai.net (CNAME) |
|
| crl.globalsign.net | A |
| Call Time During Execution(sec) | Source IP | Dest IP | Dest Port |
|---|---|---|---|
| 12.7160959244 | Sandbox | 172.217.10.142 | 80 |
| 14.6860868931 | Sandbox | 184.26.44.97 | 80 |
| 14.9629428387 | Sandbox | 23.4.187.27 | 80 |
| 15.0978929996 | Sandbox | 23.4.187.27 | 80 |
| 30.6328628063 | Sandbox | 54.76.182.212 | 443 |
| 31.0565438271 | Sandbox | 52.85.98.136 | 80 |
| 31.2065768242 | Sandbox | 184.26.44.97 | 80 |
| 31.5011999607 | Sandbox | 52.85.98.18 | 80 |
| 31.6614518166 | Sandbox | 52.85.98.251 | 80 |
| 31.8453769684 | Sandbox | 52.85.98.91 | 80 |
| 31.9718239307 | Sandbox | 52.85.98.91 | 80 |
| 32.0945599079 | Sandbox | 52.85.98.129 | 80 |
| 32.3654639721 | Sandbox | 52.85.98.27 | 443 |
| 32.365888834 | Sandbox | 52.85.98.27 | 443 |
| 32.5070137978 | Sandbox | 23.4.187.27 | 80 |
| 32.5233919621 | Sandbox | 23.4.187.27 | 80 |
| 32.6113889217 | Sandbox | 72.21.91.29 | 80 |
| 32.6231398582 | Sandbox | 72.21.91.29 | 80 |
| 33.0464940071 | Sandbox | 151.101.2.110 | 443 |
| 33.1738929749 | Sandbox | 151.101.2.133 | 80 |
| 33.3054687977 | Sandbox | 162.247.242.20 | 443 |
| 33.4167149067 | Sandbox | 72.21.91.29 | 80 |
| 33.5432939529 | Sandbox | 72.21.91.29 | 80 |
| 34.0646388531 | Sandbox | 54.76.182.212 | 80 |
| 47.345582962 | Sandbox | 184.26.44.98 | 80 |
| 48.3301949501 | Sandbox | 151.101.2.133 | 80 |
| Call Time During Execution(sec) | Source IP | Dest IP | Dest Port |
|---|---|---|---|
| 6.90875887871 | Sandbox | 224.0.0.252 | 5355 |
| 6.91052389145 | Sandbox | 224.0.0.252 | 5355 |
| 6.92577290535 | Sandbox | 239.255.255.250 | 3702 |
| 6.94428801537 | Sandbox | 192.168.56.255 | 137 |
| 9.46007180214 | Sandbox | 224.0.0.252 | 5355 |
| 10.0733189583 | Sandbox | 224.0.0.252 | 5355 |
| 12.6673419476 | Sandbox | 8.8.4.4 | 53 |
| 12.9593119621 | Sandbox | 192.168.56.255 | 138 |
| 14.5094649792 | Sandbox | 8.8.4.4 | 53 |
| 14.9090378284 | Sandbox | 8.8.4.4 | 53 |
| 15.0382750034 | Sandbox | 8.8.4.4 | 53 |
| 30.4375557899 | Sandbox | 8.8.4.4 | 53 |
| 30.9786038399 | Sandbox | 8.8.4.4 | 53 |
| 31.4478979111 | Sandbox | 8.8.4.4 | 53 |
| 31.6092100143 | Sandbox | 8.8.4.4 | 53 |
| 31.7326710224 | Sandbox | 8.8.4.4 | 53 |
| 31.915968895 | Sandbox | 8.8.4.4 | 53 |
| 32.0332188606 | Sandbox | 8.8.4.4 | 53 |
| 32.2889239788 | Sandbox | 8.8.4.4 | 53 |
| 32.4625909328 | Sandbox | 8.8.4.4 | 53 |
| 32.470925808 | Sandbox | 8.8.4.4 | 53 |
| 32.5876438618 | Sandbox | 8.8.4.4 | 53 |
| 32.9989159107 | Sandbox | 8.8.4.4 | 53 |
| 33.12864995 | Sandbox | 8.8.4.4 | 53 |
| 33.2734029293 | Sandbox | 8.8.4.4 | 53 |
| 33.495721817 | Sandbox | 8.8.4.4 | 53 |
| 47.1940569878 | Sandbox | 8.8.4.4 | 53 |
| 48.2404429913 | Sandbox | 8.8.4.4 | 53 |