| Name | IP | Country | ASN | ASN Name | Trigger Process Type |
|---|---|---|---|---|---|
| 8.8.4.4 | United States | 15169 | Level 3 Parent, LLC | Malware Process | |
| 209.66.87.17 | United States | 6461 | Zayo Bandwidth | OS Process | |
| 23.35.171.27 | United States | 20940 | Akamai Technologies, Inc. | Malware Process | |
| 38.69.238.114 | United States | 174 | PSINet, Inc. | OS Process | |
| 104.28.16.56 | 13335 | Cloudflare, Inc. | Malware Process | ||
| 104.91.166.216 | 20940 | Akamai Technologies, Inc. | OS Process | ||
| 38.69.238.122 | 174 | PSINet, Inc. | OS Process | ||
| 23.54.187.27 | 7843 | Akamai Technologies, Inc. | Malware Process | ||
| 23.4.59.27 | 2914 | Akamai Technologies, Inc. | Malware Process | ||
| 52.206.74.74 | 14618 | Amazon Technologies Inc. | Malware Process |
| Host | Port | Method | Version | User Agent | Count | Call Time During Execution(Sec) |
|---|---|---|---|---|---|---|
| ctldl.windowsupdate.com | 80 | GET | 1.1 | Microsoft-CryptoAPI/6.1 | 1 | 35.1765809059 |
|
Path: /msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?4070b252bad529b2 URI: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?4070b252bad529b2 |
||||||
| sv.symcd.com | 80 | GET | 1.1 | Microsoft-CryptoAPI/6.1 | 1 | 40.6297719479 |
|
Path: /MFEwTzBNMEswSTAJBgUrDgMCGgUABBQe6LNDJdqx%2BJOp7hVgTeaGFJ%2FCQgQUljtT8Hkzl699g%2B8uK8zKt4YecmYCEBxoP3uP%2B82s4ZJ9WI1JBs8%3D URI: http://sv.symcd.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQe6LNDJdqx%2BJOp7hVgTeaGFJ%2FCQgQUljtT8Hkzl699g%2B8uK8zKt4YecmYCEBxoP3uP%2B82s4ZJ9WI1JBs8%3D |
||||||
| ts-ocsp.ws.symantec.com | 80 | GET | 1.1 | Microsoft-CryptoAPI/6.1 | 1 | 45.9178678989 |
|
Path: /MFEwTzBNMEswSTAJBgUrDgMCGgUABBRi82PVYYKWGJWdgVNyePy5kYTdqQQUX5r1blzMzHSa1N197z%2Fb7EyALt0CEA7P9DjI%2Fr81bgTYapgbGlA%3D URI: http://ts-ocsp.ws.symantec.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRi82PVYYKWGJWdgVNyePy5kYTdqQQUX5r1blzMzHSa1N197z%2Fb7EyALt0CEA7P9DjI%2Fr81bgTYapgbGlA%3D |
||||||
| crl.microsoft.com | 80 | GET | 1.1 | Microsoft-CryptoAPI/6.1 | 1 | 76.0003969669 |
|
Path: /pki/crl/products/tspca.crl URI: http://crl.microsoft.com/pki/crl/products/tspca.crl |
||||||
| crl.microsoft.com | 80 | GET | 1.1 | Microsoft-CryptoAPI/6.1 | 1 | 81.1426169872 |
|
Path: /pki/crl/products/CodeSignPCA2.crl URI: http://crl.microsoft.com/pki/crl/products/CodeSignPCA2.crl |
||||||
| crl.microsoft.com | 80 | GET | 1.1 | Microsoft-CryptoAPI/6.1 | 1 | 86.2987699509 |
|
Path: /pki/crl/products/WinPCA.crl URI: http://crl.microsoft.com/pki/crl/products/WinPCA.crl |
||||||
| crl.globalsign.net | 80 | GET | 1.1 | Microsoft-CryptoAPI/6.1 | 1 | 91.4843039513 |
|
Path: /primobject.crl URI: http://crl.globalsign.net/primobject.crl |
||||||
| Request | Type |
|---|---|
| ec2-52-206-74-74.compute-1.amazonaws.com | A |
|
Answers - 52.206.74.74 (A) |
|
| ctldl.windowsupdate.com | A |
|
Answers - ctldl.windowsupdate.nsatc.net (CNAME) - 38.69.238.122 (A) - a1621.g.akamai.net (CNAME) - 38.69.238.114 (A) - ctldl.windowsupdate.com.edgesuite.net (CNAME) |
|
| sv.symcd.com | A |
|
Answers - ocsp-ds.ws.symantec.com.edgekey.net (CNAME) - e8218.dscb1.akamaiedge.net (CNAME) - 23.35.171.27 (A) |
|
| ts-ocsp.ws.symantec.com | A |
|
Answers - 23.54.187.27 (A) |
|
| crl.microsoft.com | A |
|
Answers - 209.66.87.17 (A) - 209.66.87.25 (A) - crl.www.ms.akadns.net (CNAME) - a1363.dscg.akamai.net (CNAME) |
|
| crl.globalsign.net | A |
|
Answers - 104.28.16.56 (A) - 104.28.17.56 (A) |
|
| Call Time During Execution(sec) | Source IP | Dest IP | Dest Port |
|---|---|---|---|
| 35.1765809059 | Sandbox | 38.69.238.114 | 80 |
| 40.6297719479 | Sandbox | 23.35.171.27 | 80 |
| 45.9178678989 | Sandbox | 23.54.187.27 | 80 |
| 76.0003969669 | Sandbox | 209.66.87.17 | 80 |
| 91.4843039513 | Sandbox | 104.28.16.56 | 80 |
| Call Time During Execution(sec) | Source IP | Dest IP | Dest Port |
|---|---|---|---|
| 6.80230689049 | Sandbox | 192.168.56.255 | 137 |
| 6.84581589699 | Sandbox | 224.0.0.252 | 5355 |
| 6.8585498333 | Sandbox | 224.0.0.252 | 5355 |
| 6.86439299583 | Sandbox | 239.255.255.250 | 3702 |
| 7.80747485161 | Sandbox | 8.8.4.4 | 53 |
| 7.86062979698 | Sandbox | 224.0.0.252 | 5355 |
| 9.40842795372 | Sandbox | 224.0.0.252 | 5355 |
| 12.8451898098 | Sandbox | 192.168.56.255 | 138 |
| 29.9010338783 | Sandbox | 224.0.0.252 | 5355 |
| 32.4834728241 | Sandbox | 224.0.0.252 | 5355 |
| 35.0344338417 | Sandbox | 8.8.4.4 | 53 |
| 35.415792942 | Sandbox | 224.0.0.252 | 5355 |
| 37.9850637913 | Sandbox | 224.0.0.252 | 5355 |
| 40.5493218899 | Sandbox | 8.8.4.4 | 53 |
| 40.7219879627 | Sandbox | 224.0.0.252 | 5355 |
| 43.291634798 | Sandbox | 224.0.0.252 | 5355 |
| 45.8453369141 | Sandbox | 8.8.4.4 | 53 |
| 70.8367419243 | Sandbox | 224.0.0.252 | 5355 |
| 73.4192769527 | Sandbox | 224.0.0.252 | 5355 |
| 75.9710757732 | Sandbox | 8.8.4.4 | 53 |
| 76.02815485 | Sandbox | 224.0.0.252 | 5355 |
| 78.5850617886 | Sandbox | 224.0.0.252 | 5355 |
| 81.1737289429 | Sandbox | 224.0.0.252 | 5355 |
| 83.744260788 | Sandbox | 224.0.0.252 | 5355 |
| 86.3272819519 | Sandbox | 224.0.0.252 | 5355 |
| 88.8844349384 | Sandbox | 224.0.0.252 | 5355 |
| 91.4397988319 | Sandbox | 8.8.4.4 | 53 |