Advanced File Analysis System

Contacted IPs

Network Port Distribution

Name	IP	Country	ASN	ASN Name	Trigger Process Type
	8.8.4.4	United States	15169	Level 3 Parent, LLC	Malware Process
	128.199.192.135	Singapore	14061	DigitalOcean, LLC	Malware Process
	142.4.219.173	Canada	16276	OVH Hosting, Inc.	Malware Process
	168.197.250.14	Argentina	264776	Omar Anselmo Ripoll (TDC NET)	Malware Process
	69.16.218.101	United States	32244	Liquid Web, L.L.C	Malware Process
	85.214.67.203	Germany	6724	Strato Rechenzentrum, Berlin	Malware Process
	78.47.204.80	Germany	24940	Hetzner Online GmbH Datacenter nbg1-dc3	Malware Process
	78.46.73.125	Germany	24940	Hetzner Online AG	Malware Process
	66.42.57.149	Singapore	20473	SGP_VULTR_CUST	Malware Process
	62.171.178.147	United Kingdom	51167	Contabo GmbH	Malware Process
	54.38.242.185	France	16276	Not known	Malware Process
	54.37.228.122	France	16276	Not known	Malware Process
	51.210.242.234	France	16276	Not known	Malware Process
	45.138.98.34		9009	Not known	Malware Process
	37.59.209.141	France	16276	OVH	Malware Process
	37.44.244.177	Germany	47583	Hostinger International Ltd.	Malware Process
	217.182.143.207	France	16276	OVH	Malware Process
	210.57.209.142	Indonesia	38142	Universitas Airlangga University Surabaya Timur	Malware Process
	207.148.81.119	Australia	20473	AUS_VULTR_CUST	Malware Process
	195.77.239.39	Spain	3352	SOLUCIONES INTERNET S.L. Internet Public Addresses __	Malware Process
	195.154.146.35	France	12876	Iliad Entreprises Customers	Malware Process
	191.252.103.16	Brazil	27715	Locaweb Servios de Internet S/A	Malware Process
	190.90.233.66	Colombia	262589	CABLE Y TELECOMUNICACIONES DE COLOMBIA S.A.S (CABLETELCO)	Malware Process
	185.148.168.220	Germany	24679	Everscale GmbH	Malware Process
	185.148.168.15	Germany	24679	Everscale GmbH	Malware Process
	159.69.237.188	Germany	24940	HOS-132910	Malware Process
	104.131.62.48	United States	14061	DigitalOcean, LLC	Malware Process
avionxpress.com	162.240.27.36	United States	46606	Unified Layer	Malware Process

HTTP Packets

Host	Port	Method	Version	User Agent	Count	Call Time During Execution(Sec)
avionxpress.com	80	GET	1.1	Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)	1	15.0640280247
Path: /lp/T9b1Bga4FdDfP5HI/ URI: http://avionxpress.com/lp/T9b1Bga4FdDfP5HI/

DNS Queries/Answers

Request	Type
avionxpress.com	A
Answers - 162.240.27.36 (A)

TCP Packets

Call Time During Execution(sec)	Source IP	Dest IP	Dest Port
15.0640280247	Sandbox	162.240.27.36	80
35.6844820976	Sandbox	69.16.218.101	8080
35.724271059	Sandbox	69.16.218.101	8080
35.7622959614	Sandbox	69.16.218.101	8080
58.2578520775	Sandbox	142.4.219.173	8080
58.2990131378	Sandbox	142.4.219.173	8080
58.3335371017	Sandbox	142.4.219.173	8080
85.2342841625	Sandbox	168.197.250.14	80
85.5718071461	Sandbox	168.197.250.14	80
85.9345741272	Sandbox	168.197.250.14	80
151.912255049	Sandbox	116.124.128.206	8080
152.295017004	Sandbox	116.124.128.206	8080
152.679214001	Sandbox	116.124.128.206	8080
153.301679134	Sandbox	128.199.192.135	8080
153.759042025	Sandbox	128.199.192.135	8080
154.216524124	Sandbox	128.199.192.135	8080
211.852311134	Sandbox	69.16.218.101	8080
211.891766071	Sandbox	69.16.218.101	8080
211.929709196	Sandbox	69.16.218.101	8080

UDP Packets

Call Time During Execution(sec)	Source IP	Dest IP	Dest Port
6.87648510933	Sandbox	224.0.0.252	5355
6.87713909149	Sandbox	224.0.0.252	5355
6.87807202339	Sandbox	239.255.255.250	3702
6.94049310684	Sandbox	192.168.56.255	137
9.44143104553	Sandbox	224.0.0.252	5355
12.3750891685	Sandbox	224.0.0.252	5355
14.9411420822	Sandbox	8.8.4.4	53

File Name: 03bebc007311f303fd442d966d3c4da9976dd7a141f06f24ebd01484c6fae233

File Type: Microsoft Excel 2007+

SHA1: 5b5910fcac3d8b9cffbbe9be08f46674a8ec8fea

MD5: 0f0127570013aaf629f9aaf50b94bb79