Advanced File Analysis System

File Name: None

File Type: HTML document, ASCII text, with very long lines

SHA1: 849a058cf92f0ae31320d42f3cb06b1585a26386

MD5: 122c913d14c61dea54182320cf6ae3a4

Contacted IPs

Network Port Distribution

Name	IP	Country	ASN	ASN Name	Trigger Process Type
	8.8.4.4	United States	15169	Level 3 Parent, LLC	Malware Process
	151.101.2.133	United States	54113	Fastly	Malware Process
	184.24.97.176	United States	20940	Akamai Technologies, Inc.	OS Process
	23.215.131.195	United States	20940	Akamai Technologies, Inc.	OS Process
	172.217.7.10	United States	15169	Google LLC	Malware Process
	172.217.6.234	United States	15169	Google LLC	Malware Process
	172.217.6.202	United States	15169	Google LLC	Malware Process
	172.217.3.106	United States	15169	Google LLC	Malware Process
	172.217.12.202	United States	15169	Google LLC	Malware Process
	172.217.12.170	United States	15169	Google LLC	Malware Process
	172.217.12.138	United States	15169	Google LLC	Malware Process
	172.217.11.42	United States	15169	Google LLC	Malware Process
	172.217.11.10	United States	15169	Google LLC	Malware Process
	172.217.10.74	United States	15169	Google LLC	Malware Process
	172.217.10.42	United States	15169	Google LLC	Malware Process
	172.217.10.106	United States	15169	Google LLC	Malware Process
	172.217.10.10	United States	15169	Google LLC	Malware Process
	13.250.71.204	Singapore	16509 38895	Amazon Technologies Inc.	Malware Process
crl4.digicert.com	66.225.197.197	United States	30081	Server Central Network	Malware Process
synad2.nuffnang.com.my	52.221.106.247	Singapore	16509 38895	Amazon Data Services Singapore	Malware Process
crl.microsoft.com	23.215.131.202	United States	20940	Akamai Technologies, Inc.	OS Process
3.bp.blogspot.com	172.217.10.33	United States	15169	Google LLC	Malware Process
lh4.googleusercontent.com	172.217.10.225	United States	15169	Google LLC	Malware Process
www.blogger.com	172.217.10.41	United States	15169	Google LLC	Malware Process
www.blogblog.com	172.217.10.41	United States	15169	Google LLC	Malware Process
ctldl.windowsupdate.com	23.215.131.176	United States	20940	Akamai Technologies, Inc.	OS Process
ajax.googleapis.com	172.217.10.138	United States	15169	Google LLC	Malware Process
static.xx.fbcdn.net	31.13.71.7	Ireland	32934		Malware Process
fonts.gstatic.com	172.217.10.227	United States	15169	Google LLC	Malware Process
ocsp.pki.goog	172.217.10.46	United States	15169	Google LLC	Malware Process
apis.google.com	172.217.10.238	United States	15169	Google LLC	Malware Process
lh6.googleusercontent.com	172.217.10.225	United States	15169	Google LLC	Malware Process
resources.blogblog.com	172.217.10.41	United States	15169	Google LLC	Malware Process
ocsp.digicert.com	72.21.91.29	United States	15133	MCI Communications Services, Inc. d/b/a Verizon Business	Malware Process
crl.globalsign.net	104.18.21.226	United States	13335	Cloudflare, Inc.	Malware Process
crl3.digicert.com	72.21.91.29	United States	15133	MCI Communications Services, Inc. d/b/a Verizon Business	Malware Process
www.facebook.com	31.13.71.38	Ireland	32934		Malware Process

HTTP Packets

Host	Port	Method	Version	User Agent	Count	Call Time During Execution(Sec)
ctldl.windowsupdate.com	80	GET	1.1	Microsoft-CryptoAPI/6.1	1	14.1430459023
Path: /msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?8fe89e8d7583f25d URI: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?8fe89e8d7583f25d
ctldl.windowsupdate.com	80	GET	1.1	Microsoft-CryptoAPI/6.1	1	14.1457738876
Path: /msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?f216704ccf965c53 URI: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?f216704ccf965c53
ctldl.windowsupdate.com	80	GET	1.1	Microsoft-CryptoAPI/6.1	1	19.6584248543
Path: /msdownload/update/v3/static/trustedr/en/authrootstl.cab?9581a8356459882f URI: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?9581a8356459882f
ctldl.windowsupdate.com	80	GET	1.1	Microsoft-CryptoAPI/6.1	1	19.65939188
Path: /msdownload/update/v3/static/trustedr/en/authrootstl.cab?258904763896e88c URI: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?258904763896e88c
ocsp.pki.goog	80	GET	1.1	Microsoft-CryptoAPI/6.1	2	25.1038339138
Path: /gsr2/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBTgXIsxbvr2lBkPpoIEVRE6gHlCnAQUm%2BIHV2ccHsBqBt5ZtJot39wZhi4CDQHjqTAc%2FHIGOD%2BaUx0%3D URI: http://ocsp.pki.goog/gsr2/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBTgXIsxbvr2lBkPpoIEVRE6gHlCnAQUm%2BIHV2ccHsBqBt5ZtJot39wZhi4CDQHjqTAc%2FHIGOD%2BaUx0%3D
ocsp.pki.goog	80	GET	1.1	Microsoft-CryptoAPI/6.1	2	30.3267390728
Path: /GTSGIAG3/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCCFA3qWe6x%2F05 URI: http://ocsp.pki.goog/GTSGIAG3/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCCFA3qWe6x%2F05
crl.microsoft.com	80	GET	1.1	Microsoft-CryptoAPI/6.1	1	65.8777248859
Path: /pki/crl/products/tspca.crl URI: http://crl.microsoft.com/pki/crl/products/tspca.crl
crl.microsoft.com	80	GET	1.1	Microsoft-CryptoAPI/6.1	1	71.0180740356
Path: /pki/crl/products/CodeSignPCA2.crl URI: http://crl.microsoft.com/pki/crl/products/CodeSignPCA2.crl
crl.microsoft.com	80	GET	1.1	Microsoft-CryptoAPI/6.1	1	76.1574790478
Path: /pki/crl/products/WinPCA.crl URI: http://crl.microsoft.com/pki/crl/products/WinPCA.crl
ocsp.pki.goog	80	GET	1.1	Microsoft-CryptoAPI/6.1	1	79.483301878
Path: /GTSGIAG3/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCCE%2F4f4kx%2B79J URI: http://ocsp.pki.goog/GTSGIAG3/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCCE%2F4f4kx%2B79J
crl.globalsign.net	80	GET	1.1	Microsoft-CryptoAPI/6.1	1	81.347591877
Path: /primobject.crl URI: http://crl.globalsign.net/primobject.crl
www.facebook.com	80	GET	1.1	Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)	1	127.118281841
Path: /plugins/like.php?href=www.facebook.com/pages/Khaiza-Mom-Store/600334830027619&layout=button_count&show_faces=false&width=50&action=like&colorscheme=light&height=21 URI: http://www.facebook.com/plugins/like.php?href=www.facebook.com/pages/Khaiza-Mom-Store/600334830027619&layout=button_count&show_faces=false&width=50&action=like&colorscheme=light&height=21
ocsp.pki.goog	80	GET	1.1	Microsoft-CryptoAPI/6.1	3	132.201676846
Path: /GTSGIAG3/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCCEM5Rm4ycYDk URI: http://ocsp.pki.goog/GTSGIAG3/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCCEM5Rm4ycYDk
ocsp.digicert.com	80	GET	1.1	Microsoft-CryptoAPI/6.1	1	132.398280859
Path: /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEATh56TcXPLzbcArQrhdFZ8%3D URI: http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEATh56TcXPLzbcArQrhdFZ8%3D
ocsp.digicert.com	80	GET	1.1	Microsoft-CryptoAPI/6.1	1	137.577550888
Path: /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTPJvUY%2Bsl%2Bj4yzQuAcL2oQno5fCgQUUWj%2FkK8CB3U8zNllZGKiErhZcjsCEAs8O2AaGPWe4ra7BWBe8sA%3D URI: http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTPJvUY%2Bsl%2Bj4yzQuAcL2oQno5fCgQUUWj%2FkK8CB3U8zNllZGKiErhZcjsCEAs8O2AaGPWe4ra7BWBe8sA%3D
crl4.digicert.com	80	GET	1.1	Microsoft-CryptoAPI/6.1	1	137.673243046
Path: /sha2-ha-server-g6.crl URI: http://crl4.digicert.com/sha2-ha-server-g6.crl
crl3.digicert.com	80	GET	1.1	Microsoft-CryptoAPI/6.1	1	137.693019867
Path: /sha2-ha-server-g6.crl URI: http://crl3.digicert.com/sha2-ha-server-g6.crl

DNS Queries/Answers

Request	Type
www.blogger.com	A
Answers - 172.217.10.41 (A) - blogger.l.google.com (CNAME)
ctldl.windowsupdate.com	A
Answers - ctldl.windowsupdate.nsatc.net (CNAME) - 184.24.97.176 (A) - a1621.g.akamai.net (CNAME) - ctldl.windowsupdate.com.edgesuite.net (CNAME) - 184.24.97.174 (A) - 23.215.131.176 (A) - 23.215.131.169 (A)
ocsp.pki.goog	A
Answers - www3.l.google.com (CNAME) - 172.217.10.46 (A)
ajax.googleapis.com	A
Answers - 172.217.12.138 (A) - 172.217.10.106 (A) - 172.217.12.170 (A) - 172.217.11.10 (A) - googleapis.l.google.com (CNAME) - 172.217.10.74 (A) - 172.217.10.42 (A) - 172.217.12.202 (A) - 172.217.11.42 (A) - 172.217.3.106 (A) - 172.217.7.10 (A) - 172.217.10.10 (A) - 172.217.6.234 (A) - 172.217.6.202 (A) - 172.217.10.138 (A) - 172.217.10.234 (A)
fonts.gstatic.com	A
Answers - 172.217.10.227 (A) - gstaticadssl.l.google.com (CNAME)
crl.microsoft.com	A
Answers - crl.www.ms.akadns.net (CNAME) - 23.215.131.200 (A) - 23.215.131.195 (A) - a1363.dscg.akamai.net (CNAME)
apis.google.com	A
Answers - 172.217.10.238 (A) - plus.l.google.com (CNAME)
3.bp.blogspot.com	A
Answers - photos-ugc.l.googleusercontent.com (CNAME) - 172.217.10.33 (A)
www.blogblog.com	A
crl.globalsign.net	A
Answers - 151.101.66.133 (A) - 151.101.2.133 (A) - global.prd.cdn.globalsign.com (CNAME) - 151.101.194.133 (A) - 151.101.130.133 (A) - prod.globalsign.map.fastly.net (CNAME)
resources.blogblog.com	A
synad2.nuffnang.com.my	A
Answers - 13.250.71.204 (A) - nuffnang.com.my (CNAME) - 52.221.106.247 (A)
lh6.googleusercontent.com	A
lh4.googleusercontent.com	A
Answers - googlehosted.l.googleusercontent.com (CNAME) - 172.217.10.225 (A)
www.facebook.com	A
Answers - star-z-mini.c10r.facebook.com (CNAME) - 31.13.71.38 (A)
ocsp.digicert.com	A
Answers - cs9.wac.phicdn.net (CNAME) - 72.21.91.29 (A)
static.xx.fbcdn.net	A
Answers - 31.13.71.7 (A) - scontent.xx.fbcdn.net (CNAME)
crl3.digicert.com	A
crl4.digicert.com	A
Answers - digicert.cachefly.net (CNAME) - 66.225.197.197 (A) - rvip1.ue.cachefly.net (CNAME)

TCP Packets

Call Time During Execution(sec)	Source IP	Dest IP	Dest Port
8.4699678421	Sandbox	172.217.10.41	443
8.470733881	Sandbox	172.217.10.41	443
14.1430459023	Sandbox	23.215.131.176	80
14.1457738876	Sandbox	184.24.97.176	80
19.6584248543	Sandbox	184.24.97.176	80
19.65939188	Sandbox	184.24.97.176	80
25.1038339138	Sandbox	172.217.10.46	80
25.1047949791	Sandbox	172.217.10.46	80
30.3267390728	Sandbox	172.217.10.46	80
30.3279709816	Sandbox	172.217.10.46	80
65.8777248859	Sandbox	23.215.131.195	80
74.0529539585	Sandbox	172.217.10.41	443
74.2678370476	Sandbox	172.217.10.238	443
79.483301878	Sandbox	172.217.10.46	80
81.347591877	Sandbox	151.101.2.133	80
96.5499930382	Sandbox	172.217.10.41	443
126.792180061	Sandbox	172.217.10.225	443
126.793241978	Sandbox	172.217.10.225	443
126.793736935	Sandbox	172.217.10.225	443
127.118281841	Sandbox	31.13.71.38	80
127.174017906	Sandbox	31.13.71.38	443
132.201676846	Sandbox	172.217.10.46	80
132.20215106	Sandbox	172.217.10.46	80
132.202760935	Sandbox	172.217.10.46	80
132.398280859	Sandbox	72.21.91.29	80
132.487732887	Sandbox	31.13.71.38	443
137.577550888	Sandbox	72.21.91.29	80
137.673243046	Sandbox	66.225.197.197	80
137.693019867	Sandbox	72.21.91.29	80

UDP Packets

Call Time During Execution(sec)	Source IP	Dest IP	Dest Port
3.129997015	Sandbox	224.0.0.252	5355
3.19416093826	Sandbox	192.168.56.255	137
3.21350097656	Sandbox	224.0.0.252	5355
3.25540304184	Sandbox	239.255.255.250	3702
5.76939606667	Sandbox	224.0.0.252	5355
8.39447689056	Sandbox	8.8.4.4	53
8.82902598381	Sandbox	224.0.0.252	5355
8.83167290688	Sandbox	224.0.0.252	5355
9.18877696991	Sandbox	192.168.56.255	138
11.4506819248	Sandbox	224.0.0.252	5355
11.4509940147	Sandbox	224.0.0.252	5355
14.0050508976	Sandbox	8.8.4.4	53
14.0054719448	Sandbox	8.8.4.4	53
14.494343996	Sandbox	224.0.0.252	5355
14.4963409901	Sandbox	224.0.0.252	5355
17.0735628605	Sandbox	224.0.0.252	5355
17.0738918781	Sandbox	224.0.0.252	5355
19.9047548771	Sandbox	224.0.0.252	5355
19.9050879478	Sandbox	224.0.0.252	5355
22.5118079185	Sandbox	224.0.0.252	5355
22.5121798515	Sandbox	224.0.0.252	5355
25.0648598671	Sandbox	8.8.4.4	53
25.0652689934	Sandbox	8.8.4.4	53
25.1808290482	Sandbox	224.0.0.252	5355
25.1816029549	Sandbox	224.0.0.252	5355
27.7613520622	Sandbox	224.0.0.252	5355
27.7616689205	Sandbox	224.0.0.252	5355
30.7791650295	Sandbox	8.8.4.4	53
30.7925879955	Sandbox	8.8.4.4	53
31.9085998535	Sandbox	8.8.4.4	53
52.9135110378	Sandbox	8.8.4.4	53
60.6616079807	Sandbox	224.0.0.252	5355
63.2494699955	Sandbox	224.0.0.252	5355
65.8036940098	Sandbox	8.8.4.4	53
65.9059178829	Sandbox	224.0.0.252	5355
68.4633820057	Sandbox	224.0.0.252	5355
71.045003891	Sandbox	224.0.0.252	5355
73.6048910618	Sandbox	224.0.0.252	5355
74.2280359268	Sandbox	8.8.4.4	53
74.2644579411	Sandbox	8.8.4.4	53
74.2686860561	Sandbox	8.8.4.4	53
74.3508708477	Sandbox	224.0.0.252	5355
75.424448967	Sandbox	8.8.4.4	53
76.1798009872	Sandbox	224.0.0.252	5355
76.9221098423	Sandbox	224.0.0.252	5355
77.6729750633	Sandbox	8.8.4.4	53
77.7952780724	Sandbox	172.217.10.41	137
78.7449698448	Sandbox	224.0.0.252	5355
81.3019390106	Sandbox	8.8.4.4	53
96.5043408871	Sandbox	8.8.4.4	53
96.5446379185	Sandbox	8.8.4.4	53
97.6917369366	Sandbox	8.8.4.4	53
126.75012207	Sandbox	8.8.4.4	53
126.750644922	Sandbox	8.8.4.4	53
127.025928974	Sandbox	8.8.4.4	53
127.033630848	Sandbox	224.0.0.252	5355
127.03768301	Sandbox	224.0.0.252	5355
127.039941072	Sandbox	224.0.0.252	5355
127.235889912	Sandbox	224.0.0.252	5355
129.630646944	Sandbox	224.0.0.252	5355
129.631104946	Sandbox	224.0.0.252	5355
129.63150692	Sandbox	224.0.0.252	5355
129.81454587	Sandbox	224.0.0.252	5355
132.376680851	Sandbox	8.8.4.4	53
132.443130016	Sandbox	224.0.0.252	5355
132.45756197	Sandbox	224.0.0.252	5355
132.471997976	Sandbox	224.0.0.252	5355
132.763648987	Sandbox	8.8.4.4	53
135.014338017	Sandbox	224.0.0.252	5355
135.027189016	Sandbox	224.0.0.252	5355
135.05094099	Sandbox	224.0.0.252	5355
137.579253912	Sandbox	8.8.4.4	53
137.610532045	Sandbox	8.8.4.4	53

Loading...