Contacted IPs
Network Port Distribution
| Name | IP | Country | ASN | ASN Name | Trigger Process Type |
|---|---|---|---|---|---|
| 8.8.4.4 | United States | 15169 | Level 3 Parent, LLC | Malware Process | |
| www.piriform.com | 151.101.0.64 | United States | 54113 | Fastly | Malware Process |
HTTP Packets
| Host | Port | Method | Version | User Agent | Count | Call Time During Execution(Sec) |
|---|
DNS Queries/Answers
| Request | Type |
|---|---|
| www.piriform.com | A |
|
Answers - 151.101.0.64 (A) - 151.101.192.64 (A) - 151.101.64.64 (A) - 151.101.128.64 (A) - f.global-ssl.fastly.net (CNAME) |
|
TCP Packets
| Call Time During Execution(sec) | Source IP | Dest IP | Dest Port |
|---|---|---|---|
| 12.2432219982 | Sandbox | 151.101.0.64 | 443 |
| 12.2664370537 | Sandbox | 151.101.0.64 | 443 |
| 12.2887969017 | Sandbox | 151.101.0.64 | 443 |
UDP Packets
| Call Time During Execution(sec) | Source IP | Dest IP | Dest Port |
|---|---|---|---|
| 3.11384606361 | Sandbox | 192.168.56.255 | 137 |
| 3.20466685295 | Sandbox | 224.0.0.252 | 5355 |
| 3.20517086983 | Sandbox | 224.0.0.252 | 5355 |
| 3.34041786194 | Sandbox | 239.255.255.250 | 3702 |
| 5.76743388176 | Sandbox | 224.0.0.252 | 5355 |
| 9.15860390663 | Sandbox | 192.168.56.255 | 138 |
| 9.45129084587 | Sandbox | 224.0.0.252 | 5355 |
| 12.1844658852 | Sandbox | 8.8.4.4 | 53 |