Contacted IPs
Network Port Distribution
| Name | IP | Country | ASN | ASN Name | Trigger Process Type |
|---|---|---|---|---|---|
| 8.8.4.4 | United States | 15169 | Level 3 Communications, Inc. | Malware Process | |
| 23.67.250.139 | United States | 20940 | Akamai Technologies, Inc. | Malware Process | |
| 23.67.250.18 | United States | 20940 | Akamai Technologies, Inc. | OS Process | |
| 23.218.156.64 | 20940 | Akamai Technologies, Inc. | OS Process | ||
| 23.67.250.154 | 20940 | Akamai Technologies, Inc. | Malware Process | ||
| 23.67.250.17 | 20940 | Akamai Technologies, Inc. | OS Process |
HTTP Packets
| Host | Port | Method | Version | User Agent | Count | Call Time During Execution(Sec) |
|---|---|---|---|---|---|---|
| www.msftncsi.com | 80 | GET | 1.1 | Microsoft NCSI | 1 | 40.2993140221 |
|
Path: /ncsi.txt URI: http://www.msftncsi.com/ncsi.txt |
||||||
| ctldl.windowsupdate.com | 80 | GET | 1.1 | Microsoft-CryptoAPI/6.1 | 1 | 369.751300812 |
|
Path: /msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?3ed7f7e5fbdcae60 URI: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?3ed7f7e5fbdcae60 |
||||||
| crl.microsoft.com | 80 | GET | 1.1 | Microsoft-CryptoAPI/6.1 | 1 | 375.149554968 |
|
Path: /pki/crl/products/CSPCA.crl URI: http://crl.microsoft.com/pki/crl/products/CSPCA.crl |
||||||
DNS Queries/Answers
| Request | Type |
|---|---|
| www.msftncsi.com | A |
|
Answers - www.msftncsi.com.edgesuite.net (CNAME) - 23.67.250.139 (A) - 23.67.250.121 (A) - a1961.g2.akamai.net (CNAME) |
|
| ctldl.windowsupdate.com | A |
|
Answers - ctldl.windowsupdate.nsatc.net (CNAME) - 23.67.250.24 (A) - 23.67.250.17 (A) - a1621.g.akamai.net (CNAME) - ctldl.windowsupdate.com.edgesuite.net (CNAME) |
|
| crl.microsoft.com | A |
|
Answers - a1363.dscg.akamai.net (CNAME) - crl.www.ms.akadns.net (CNAME) - 23.67.250.18 (A) |
|
TCP Packets
| Call Time During Execution(sec) | Source IP | Dest IP | Dest Port |
|---|---|---|---|
| 40.2993140221 | Sandbox | 23.67.250.139 | 80 |
| 369.751300812 | Sandbox | 23.67.250.17 | 80 |
| 375.149554968 | Sandbox | 23.67.250.18 | 80 |
UDP Packets
| Call Time During Execution(sec) | Source IP | Dest IP | Dest Port |
|---|---|---|---|
| 3.19671082497 | Sandbox | 224.0.0.252 | 5355 |
| 3.21772003174 | Sandbox | 224.0.0.252 | 5355 |
| 3.22354793549 | Sandbox | 239.255.255.250 | 3702 |
| 3.26599502563 | Sandbox | 192.168.56.255 | 137 |
| 5.78115487099 | Sandbox | 224.0.0.252 | 5355 |
| 9.26417303085 | Sandbox | 192.168.56.255 | 138 |
| 31.4714858532 | Sandbox | 224.0.0.252 | 5355 |
| 34.6368119717 | Sandbox | 239.255.255.250 | 3702 |
| 35.6395959854 | Sandbox | 224.0.0.252 | 5355 |
| 37.6865999699 | Sandbox | 224.0.0.252 | 5355 |
| 38.2199659348 | Sandbox | 224.0.0.252 | 5355 |
| 40.2512550354 | Sandbox | 8.8.4.4 | 53 |
| 40.7790989876 | Sandbox | 224.0.0.252 | 5355 |
| 43.3421239853 | Sandbox | 224.0.0.252 | 5355 |
| 45.9042739868 | Sandbox | 224.0.0.252 | 5355 |
| 364.301962852 | Sandbox | 224.0.0.252 | 5355 |
| 366.885892868 | Sandbox | 224.0.0.252 | 5355 |
| 369.498893976 | Sandbox | 8.8.4.4 | 53 |
| 369.933310032 | Sandbox | 224.0.0.252 | 5355 |
| 372.491599798 | Sandbox | 224.0.0.252 | 5355 |
| 375.0454638 | Sandbox | 8.8.4.4 | 53 |