| Name | IP | Country | ASN | ASN Name | Trigger Process Type |
|---|---|---|---|---|---|
| 8.8.4.4 | United States | 15169 | Level 3 Parent, LLC | Malware Process | |
| 104.31.75.124 | United States | 13335 | Cloudflare, Inc. | Malware Process | |
| 66.198.13.112 | United States | 6453 | TATA COMMUNICATIONS (AMERICA) INC | OS Process | |
| 66.198.13.97 | United States | 6453 | TATA COMMUNICATIONS (AMERICA) INC | OS Process | |
| 8.8.8.8 | United States | 15169 | Level 3 Parent, LLC | Malware Process | |
| 104.31.74.124 | 13335 | Cloudflare, Inc. | Malware Process | ||
| 128.177.96.33 | 6461 | Akamai | OS Process | ||
| 87.250.250.119 | 13238 | Malware Process | |||
| 104.28.16.56 | 13335 | Cloudflare, Inc. | Malware Process | ||
| 184.26.44.98 | 20940 | Akamai Technologies, Inc. | OS Process | ||
| 172.217.10.238 | 15169 | Google LLC | Malware Process | ||
| 87.117.235.116 | 20860 | Malware Process |
| Host | Port | Method | Version | User Agent | Count | Call Time During Execution(Sec) |
|---|---|---|---|---|---|---|
| www.google-analytics.com | 80 | GET | 1.1 | Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) | 1 | 8.61437511444 |
|
Path: /collect URI: http://www.google-analytics.com/collect |
||||||
| www.google-analytics.com | 80 | GET | 1.1 | Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) | 1 | 8.61820793152 |
|
Path: /collect URI: http://www.google-analytics.com/collect |
||||||
| www.google-analytics.com | 80 | GET | 1.1 | Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) | 1 | 8.64798498154 |
|
Path: /collect?v=1&tid=UA-58593486-1&cid=677346841.9317673972&t=event&ec=driverpack%20nano&ea=application%20opened&el=1.0.9&ul=&z=19874979591148872&cd1=677346841.9317673972&cd2=1.0.9&cd3=7%20x64&cd4=SP%201&cd5=Windows%207%20Professional%20&cd6=(not%20set) URI: http://www.google-analytics.com/collect?v=1&tid=UA-58593486-1&cid=677346841.9317673972&t=event&ec=driverpack%20nano&ea=application%20opened&el=1.0.9&ul=&z=19874979591148872&cd1=677346841.9317673972&cd2=1.0.9&cd3=7%20x64&cd4=SP%201&cd5=Windows%207%20Professional%20&cd6=(not%20set) |
||||||
| www.google-analytics.com | 80 | GET | 1.1 | Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) | 1 | 8.66080999374 |
|
Path: /collect?v=1&tid=UA-68879973-8&cid=677346841.9317673972&t=event&ec=driverpack%20nano&ea=application%20opened&el=1.0.9&ul=&z=01094591524228955&sc=start&cd1=677346841.9317673972&cd2=1.0.9&cd3=7%20x64&cd4=SP%201&cd5=Windows%207%20Professional%20&cd6=(not%20set) URI: http://www.google-analytics.com/collect?v=1&tid=UA-68879973-8&cid=677346841.9317673972&t=event&ec=driverpack%20nano&ea=application%20opened&el=1.0.9&ul=&z=01094591524228955&sc=start&cd1=677346841.9317673972&cd2=1.0.9&cd3=7%20x64&cd4=SP%201&cd5=Windows%207%20Professional%20&cd6=(not%20set) |
||||||
| update.drp.su | 80 | GET | 1.1 | Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) | 1 | 8.67954897881 |
|
Path: /nano/ URI: http://update.drp.su/nano/ |
||||||
| ctldl.windowsupdate.com | 80 | GET | 1.1 | Microsoft-CryptoAPI/6.1 | 1 | 9.47378396988 |
|
Path: /msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?4822ba0982d9f986 URI: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?4822ba0982d9f986 |
||||||
| ocsp.globalsign.com | 80 | GET | 1.1 | Microsoft-CryptoAPI/6.1 | 1 | 9.70488595963 |
|
Path: /rootr1/MEwwSjBIMEYwRDAJBgUrDgMCGgUABBS3V7W2nAf4FiMTjpDJKg6%2BMgGqMQQUYHtmGkUNl8qJUC99BM00qP%2F8%2FUsCCwQAAAAAAURO8EJH URI: http://ocsp.globalsign.com/rootr1/MEwwSjBIMEYwRDAJBgUrDgMCGgUABBS3V7W2nAf4FiMTjpDJKg6%2BMgGqMQQUYHtmGkUNl8qJUC99BM00qP%2F8%2FUsCCwQAAAAAAURO8EJH |
||||||
| update.drp.su | 80 | GET | 1.1 | Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) | 1 | 13.3432610035 |
|
Path: /mustang/tools/run.hta URI: http://update.drp.su/mustang/tools/run.hta |
||||||
| update.drp.su | 80 | GET | 1.1 | Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) | 1 | 13.4275150299 |
|
Path: /mustang/tools/icon.ico URI: http://update.drp.su/mustang/tools/icon.ico |
||||||
| update.drp.su | 80 | GET | 1.1 | Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) | 1 | 13.607724905 |
|
Path: /mustang/main.html URI: http://update.drp.su/mustang/main.html |
||||||
| update.drp.su | 80 | GET | 1.1 | Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) | 1 | 13.7020840645 |
|
Path: /mustang/ie-fixes.js URI: http://update.drp.su/mustang/ie-fixes.js |
||||||
| update.drp.su | 80 | GET | 1.1 | Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) | 1 | 13.7877669334 |
|
Path: /mustang/statistics.js URI: http://update.drp.su/mustang/statistics.js |
||||||
| update.drp.su | 80 | GET | 1.1 | Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) | 1 | 13.7881770134 |
|
Path: /mustang/main.js URI: http://update.drp.su/mustang/main.js |
||||||
| update.drp.su | 80 | GET | 1.1 | Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) | 1 | 13.8724689484 |
|
Path: /mustang/language.js URI: http://update.drp.su/mustang/language.js |
||||||
| update.drp.su | 80 | GET | 1.1 | Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) | 1 | 13.8741810322 |
|
Path: /mustang/icon.ico URI: http://update.drp.su/mustang/icon.ico |
||||||
| www.google-analytics.com | 80 | GET | 1.1 | Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) | 1 | 13.8956921101 |
|
Path: /collect?v=1&tid=UA-68879973-13&aip=1&cid=239721961.9308101668&t=event&ec=sdi&ea=application_opened&el=0.0.5&sc=start URI: http://www.google-analytics.com/collect?v=1&tid=UA-68879973-13&aip=1&cid=239721961.9308101668&t=event&ec=sdi&ea=application_opened&el=0.0.5&sc=start |
||||||
| www.google-analytics.com | 80 | GET | 1.1 | Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) | 1 | 13.896007061 |
|
Path: /collect?v=1&tid=UA-68879973-13&aip=1&cid=769428256.3923622586&t=event&ec=sdi&ea=ad_showed&el=0.0.5 URI: http://www.google-analytics.com/collect?v=1&tid=UA-68879973-13&aip=1&cid=769428256.3923622586&t=event&ec=sdi&ea=ad_showed&el=0.0.5 |
||||||
| update.drp.su | 80 | GET | 1.1 | Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) | 1 | 13.9534730911 |
|
Path: /mustang/logo@2x.jpg URI: http://update.drp.su/mustang/logo@2x.jpg |
||||||
| update.drp.su | 80 | GET | 1.1 | Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) | 1 | 13.954200983 |
|
Path: /mustang/close@2x.jpg URI: http://update.drp.su/mustang/close@2x.jpg |
||||||
| update.drp.su | 80 | GET | 1.1 | Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) | 1 | 14.0466880798 |
|
Path: /mustang/avast@2x.jpg URI: http://update.drp.su/mustang/avast@2x.jpg |
||||||
| crl.microsoft.com | 80 | GET | 1.1 | Microsoft-CryptoAPI/6.1 | 1 | 38.4550390244 |
|
Path: /pki/crl/products/tspca.crl URI: http://crl.microsoft.com/pki/crl/products/tspca.crl |
||||||
| crl.microsoft.com | 80 | GET | 1.1 | Microsoft-CryptoAPI/6.1 | 1 | 38.4807879925 |
|
Path: /pki/crl/products/CodeSignPCA2.crl URI: http://crl.microsoft.com/pki/crl/products/CodeSignPCA2.crl |
||||||
| crl.microsoft.com | 80 | GET | 1.1 | Microsoft-CryptoAPI/6.1 | 1 | 38.5060880184 |
|
Path: /pki/crl/products/WinPCA.crl URI: http://crl.microsoft.com/pki/crl/products/WinPCA.crl |
||||||
| crl.globalsign.net | 80 | GET | 1.1 | Microsoft-CryptoAPI/6.1 | 1 | 38.5584909916 |
|
Path: /primobject.crl URI: http://crl.globalsign.net/primobject.crl |
||||||
| Request | Type |
|---|---|
| update.drp.su | A |
|
Answers - 87.117.235.116 (A) - 82.145.55.124 (A) |
|
| www.google-analytics.com | A |
|
Answers - www-google-analytics.l.google.com (CNAME) - 172.217.10.238 (A) |
|
| mc.yandex.ru | A |
|
Answers - 87.250.251.119 (A) - 87.250.250.119 (A) - 93.158.134.119 (A) - 213.180.193.119 (A) |
|
| ctldl.windowsupdate.com | A |
|
Answers - ctldl.windowsupdate.nsatc.net (CNAME) - ctldl.windowsupdate.com.edgesuite.net (CNAME) - a1621.g.akamai.net (CNAME) - 66.198.13.91 (A) - 66.198.13.97 (A) |
|
| ocsp.globalsign.com | A |
|
Answers - cdn.globalsigncdn.com (CNAME) - 104.31.75.124 (A) - 104.31.74.124 (A) |
|
| crl.microsoft.com | A |
|
Answers - 66.198.13.98 (A) - 66.198.13.112 (A) - crl.www.ms.akadns.net (CNAME) - a1363.dscg.akamai.net (CNAME) |
|
| crl.globalsign.net | A |
|
Answers - 104.28.16.56 (A) - 104.28.17.56 (A) |
|
| Call Time During Execution(sec) | Source IP | Dest IP | Dest Port |
|---|---|---|---|
| 8.61437511444 | Sandbox | 172.217.10.238 | 80 |
| 8.61820793152 | Sandbox | 172.217.10.238 | 80 |
| 8.66080999374 | Sandbox | 172.217.10.238 | 80 |
| 8.67954897881 | Sandbox | 87.117.235.116 | 80 |
| 8.74350309372 | Sandbox | 87.250.250.119 | 443 |
| 9.47378396988 | Sandbox | 66.198.13.97 | 80 |
| 9.70488595963 | Sandbox | 104.31.75.124 | 80 |
| 10.6269440651 | Sandbox | 87.250.250.119 | 443 |
| 13.3432610035 | Sandbox | 87.117.235.116 | 80 |
| 13.7877669334 | Sandbox | 87.117.235.116 | 80 |
| 13.8956921101 | Sandbox | 172.217.10.238 | 80 |
| 13.896007061 | Sandbox | 172.217.10.238 | 80 |
| 14.020690918 | Sandbox | 87.250.250.119 | 443 |
| 15.0626440048 | Sandbox | 87.250.250.119 | 443 |
| 25.634871006 | Sandbox | 87.250.250.119 | 443 |
| 25.635518074 | Sandbox | 87.250.250.119 | 443 |
| 38.4550390244 | Sandbox | 66.198.13.112 | 80 |
| 38.5584909916 | Sandbox | 104.28.16.56 | 80 |
| Call Time During Execution(sec) | Source IP | Dest IP | Dest Port |
|---|---|---|---|
| 3.20518302917 | Sandbox | 224.0.0.252 | 5355 |
| 3.25992488861 | Sandbox | 224.0.0.252 | 5355 |
| 3.26904511452 | Sandbox | 239.255.255.250 | 3702 |
| 3.2794649601 | Sandbox | 192.168.56.255 | 137 |
| 5.82102394104 | Sandbox | 224.0.0.252 | 5355 |
| 6.03156805038 | Sandbox | 224.0.0.252 | 5355 |
| 8.58951306343 | Sandbox | 8.8.4.4 | 53 |
| 8.5931289196 | Sandbox | 8.8.4.4 | 53 |
| 8.59347701073 | Sandbox | 8.8.4.4 | 53 |
| 9.27102708817 | Sandbox | 192.168.56.255 | 138 |
| 9.4061229229 | Sandbox | 8.8.4.4 | 53 |
| 9.66851902008 | Sandbox | 8.8.4.4 | 53 |
| 38.3811318874 | Sandbox | 8.8.4.4 | 53 |
| 38.5376009941 | Sandbox | 8.8.4.4 | 53 |