Edit tour

Windows Analysis Report
Coordination_Committee.exe

Overview

General Information

Sample name:	Coordination_Committee.exe
Analysis ID:	1573295
MD5:	10c4162af158b4a1fe29bcefb589f464
SHA1:	eeb63a5dd15d31a7a05a33f42478b18ec39ef4e0
SHA256:	80c205154636cc0e78140f4fa97fc34ce18038ec48d156268acd827080a6d3b9
Tags:	Camscannerexeuser-smica83
Infos:

Detection

Score:	56
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Multi AV Scanner detection for submitted file

AI detected suspicious sample

Uses known network protocols on non-standard ports

Allocates memory with a write watch (potentially for evading sandboxes)

Binary contains a suspicious time stamp

Contains long sleeps (>= 3 min)

Detected TCP or UDP traffic on non-standard ports

Enables debug privileges

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

HTTP GET or POST without a user agent

May sleep (evasive loops) to hinder dynamic analysis

Queries the volume information (name, serial number etc) of a device

Sample file is different than original file name gathered from version info

Classification

Process Tree

System is w10x64

Coordination_Committee.exe (PID: 7328 cmdline: "C:\Users\user\Desktop\Coordination_Committee.exe" MD5: 10C4162AF158B4A1FE29BCEFB589F464)

cleanup

Malware Configuration

⊘No configs have been found

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Multi AV Scanner detection for submitted file

Source: Coordination_Committee.exe

ReversingLabs: Detection: 66%

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 98.3% probability

Source: Coordination_Committee.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Networking

Uses known network protocols on non-standard ports

Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 7545
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 7545
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 7545
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 7545
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 7545
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 7545
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 7545
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 7545
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 7545
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 7545
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 7545
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 7545
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 7545
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 7545
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 7545
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 7545
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 7545
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 7545
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 7545
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 7545
Source: unknown	Network traffic detected: HTTP traffic on port 49783 -> 7545
Source: unknown	Network traffic detected: HTTP traffic on port 49789 -> 7545
Source: unknown	Network traffic detected: HTTP traffic on port 49794 -> 7545
Source: unknown	Network traffic detected: HTTP traffic on port 49800 -> 7545
Source: unknown	Network traffic detected: HTTP traffic on port 49806 -> 7545
Source: unknown	Network traffic detected: HTTP traffic on port 49811 -> 7545
Source: unknown	Network traffic detected: HTTP traffic on port 49817 -> 7545
Source: unknown	Network traffic detected: HTTP traffic on port 49823 -> 7545
Source: unknown	Network traffic detected: HTTP traffic on port 49829 -> 7545
Source: unknown	Network traffic detected: HTTP traffic on port 49834 -> 7545
Source: unknown	Network traffic detected: HTTP traffic on port 49840 -> 7545
Source: unknown	Network traffic detected: HTTP traffic on port 49846 -> 7545
Source: unknown	Network traffic detected: HTTP traffic on port 49852 -> 7545
Source: unknown	Network traffic detected: HTTP traffic on port 49858 -> 7545
Source: unknown	Network traffic detected: HTTP traffic on port 49864 -> 7545
Source: unknown	Network traffic detected: HTTP traffic on port 49870 -> 7545
Source: unknown	Network traffic detected: HTTP traffic on port 49876 -> 7545
Source: unknown	Network traffic detected: HTTP traffic on port 49882 -> 7545
Source: unknown	Network traffic detected: HTTP traffic on port 49888 -> 7545
Source: unknown	Network traffic detected: HTTP traffic on port 49894 -> 7545
Source: unknown	Network traffic detected: HTTP traffic on port 49900 -> 7545
Source: unknown	Network traffic detected: HTTP traffic on port 49906 -> 7545
Source: unknown	Network traffic detected: HTTP traffic on port 49912 -> 7545
Source: unknown	Network traffic detected: HTTP traffic on port 49918 -> 7545
Source: unknown	Network traffic detected: HTTP traffic on port 49924 -> 7545
Source: unknown	Network traffic detected: HTTP traffic on port 49930 -> 7545
Source: unknown	Network traffic detected: HTTP traffic on port 49934 -> 7545
Source: unknown	Network traffic detected: HTTP traffic on port 49937 -> 7545
Source: unknown	Network traffic detected: HTTP traffic on port 49945 -> 7545

Source: global traffic

TCP traffic: 192.168.2.4:49735 -> 162.252.175.33:7545

Source: global traffic	HTTP traffic detected: GET /Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3 HTTP/1.1Host: theprintazadkashmir.com:7545Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3 HTTP/1.1Host: theprintazadkashmir.com:7545Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3 HTTP/1.1Host: theprintazadkashmir.com:7545Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3 HTTP/1.1Host: theprintazadkashmir.com:7545Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3 HTTP/1.1Host: theprintazadkashmir.com:7545Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3 HTTP/1.1Host: theprintazadkashmir.com:7545Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3 HTTP/1.1Host: theprintazadkashmir.com:7545Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3 HTTP/1.1Host: theprintazadkashmir.com:7545Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3 HTTP/1.1Host: theprintazadkashmir.com:7545Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3 HTTP/1.1Host: theprintazadkashmir.com:7545Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3 HTTP/1.1Host: theprintazadkashmir.com:7545Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3 HTTP/1.1Host: theprintazadkashmir.com:7545Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3 HTTP/1.1Host: theprintazadkashmir.com:7545Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3 HTTP/1.1Host: theprintazadkashmir.com:7545Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3 HTTP/1.1Host: theprintazadkashmir.com:7545Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3 HTTP/1.1Host: theprintazadkashmir.com:7545Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3 HTTP/1.1Host: theprintazadkashmir.com:7545Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3 HTTP/1.1Host: theprintazadkashmir.com:7545Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3 HTTP/1.1Host: theprintazadkashmir.com:7545Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3 HTTP/1.1Host: theprintazadkashmir.com:7545Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3 HTTP/1.1Host: theprintazadkashmir.com:7545Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3 HTTP/1.1Host: theprintazadkashmir.com:7545Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3 HTTP/1.1Host: theprintazadkashmir.com:7545Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3 HTTP/1.1Host: theprintazadkashmir.com:7545Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3 HTTP/1.1Host: theprintazadkashmir.com:7545Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3 HTTP/1.1Host: theprintazadkashmir.com:7545Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3 HTTP/1.1Host: theprintazadkashmir.com:7545Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3 HTTP/1.1Host: theprintazadkashmir.com:7545Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3 HTTP/1.1Host: theprintazadkashmir.com:7545Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3 HTTP/1.1Host: theprintazadkashmir.com:7545Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3 HTTP/1.1Host: theprintazadkashmir.com:7545Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3 HTTP/1.1Host: theprintazadkashmir.com:7545Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3 HTTP/1.1Host: theprintazadkashmir.com:7545Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3 HTTP/1.1Host: theprintazadkashmir.com:7545Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3 HTTP/1.1Host: theprintazadkashmir.com:7545Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3 HTTP/1.1Host: theprintazadkashmir.com:7545Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3 HTTP/1.1Host: theprintazadkashmir.com:7545Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3 HTTP/1.1Host: theprintazadkashmir.com:7545Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3 HTTP/1.1Host: theprintazadkashmir.com:7545Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3 HTTP/1.1Host: theprintazadkashmir.com:7545Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3 HTTP/1.1Host: theprintazadkashmir.com:7545Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3 HTTP/1.1Host: theprintazadkashmir.com:7545Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3 HTTP/1.1Host: theprintazadkashmir.com:7545Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3 HTTP/1.1Host: theprintazadkashmir.com:7545Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3 HTTP/1.1Host: theprintazadkashmir.com:7545Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3 HTTP/1.1Host: theprintazadkashmir.com:7545Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3 HTTP/1.1Host: theprintazadkashmir.com:7545Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3 HTTP/1.1Host: theprintazadkashmir.com:7545Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3 HTTP/1.1Host: theprintazadkashmir.com:7545Connection: Keep-Alive

Source: unknown

UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3 HTTP/1.1Host: theprintazadkashmir.com:7545Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3 HTTP/1.1Host: theprintazadkashmir.com:7545Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3 HTTP/1.1Host: theprintazadkashmir.com:7545Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3 HTTP/1.1Host: theprintazadkashmir.com:7545Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3 HTTP/1.1Host: theprintazadkashmir.com:7545Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3 HTTP/1.1Host: theprintazadkashmir.com:7545Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3 HTTP/1.1Host: theprintazadkashmir.com:7545Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3 HTTP/1.1Host: theprintazadkashmir.com:7545Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3 HTTP/1.1Host: theprintazadkashmir.com:7545Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3 HTTP/1.1Host: theprintazadkashmir.com:7545Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3 HTTP/1.1Host: theprintazadkashmir.com:7545Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3 HTTP/1.1Host: theprintazadkashmir.com:7545Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3 HTTP/1.1Host: theprintazadkashmir.com:7545Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3 HTTP/1.1Host: theprintazadkashmir.com:7545Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3 HTTP/1.1Host: theprintazadkashmir.com:7545Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3 HTTP/1.1Host: theprintazadkashmir.com:7545Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3 HTTP/1.1Host: theprintazadkashmir.com:7545Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3 HTTP/1.1Host: theprintazadkashmir.com:7545Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3 HTTP/1.1Host: theprintazadkashmir.com:7545Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3 HTTP/1.1Host: theprintazadkashmir.com:7545Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3 HTTP/1.1Host: theprintazadkashmir.com:7545Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3 HTTP/1.1Host: theprintazadkashmir.com:7545Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3 HTTP/1.1Host: theprintazadkashmir.com:7545Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3 HTTP/1.1Host: theprintazadkashmir.com:7545Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3 HTTP/1.1Host: theprintazadkashmir.com:7545Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3 HTTP/1.1Host: theprintazadkashmir.com:7545Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3 HTTP/1.1Host: theprintazadkashmir.com:7545Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3 HTTP/1.1Host: theprintazadkashmir.com:7545Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3 HTTP/1.1Host: theprintazadkashmir.com:7545Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3 HTTP/1.1Host: theprintazadkashmir.com:7545Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3 HTTP/1.1Host: theprintazadkashmir.com:7545Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3 HTTP/1.1Host: theprintazadkashmir.com:7545Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3 HTTP/1.1Host: theprintazadkashmir.com:7545Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3 HTTP/1.1Host: theprintazadkashmir.com:7545Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3 HTTP/1.1Host: theprintazadkashmir.com:7545Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3 HTTP/1.1Host: theprintazadkashmir.com:7545Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3 HTTP/1.1Host: theprintazadkashmir.com:7545Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3 HTTP/1.1Host: theprintazadkashmir.com:7545Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3 HTTP/1.1Host: theprintazadkashmir.com:7545Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3 HTTP/1.1Host: theprintazadkashmir.com:7545Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3 HTTP/1.1Host: theprintazadkashmir.com:7545Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3 HTTP/1.1Host: theprintazadkashmir.com:7545Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3 HTTP/1.1Host: theprintazadkashmir.com:7545Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3 HTTP/1.1Host: theprintazadkashmir.com:7545Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3 HTTP/1.1Host: theprintazadkashmir.com:7545Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3 HTTP/1.1Host: theprintazadkashmir.com:7545Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3 HTTP/1.1Host: theprintazadkashmir.com:7545Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3 HTTP/1.1Host: theprintazadkashmir.com:7545Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3 HTTP/1.1Host: theprintazadkashmir.com:7545Connection: Keep-Alive

Source: global traffic

DNS traffic detected: DNS query: theprintazadkashmir.com

Source: Coordination_Committee.exe, 00000000.00000002.2980040781.0000024A9C16A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: Coordination_Committee.exe, 00000000.00000002.2980040781.0000024A9C2AB000.00000004.00000800.00020000.00000000.sdmp, Coordination_Committee.exe, 00000000.00000002.2980040781.0000024A9C193000.00000004.00000800.00020000.00000000.sdmp, Coordination_Committee.exe, 00000000.00000002.2980040781.0000024A9C16A000.00000004.00000800.00020000.00000000.sdmp, Coordination_Committee.exe, 00000000.00000002.2980040781.0000024A9C2C6000.00000004.00000800.00020000.00000000.sdmp, Coordination_Committee.exe, 00000000.00000002.2980040781.0000024A9C236000.00000004.00000800.00020000.00000000.sdmp, Coordination_Committee.exe, 00000000.00000002.2980040781.0000024A9C1B3000.00000004.00000800.00020000.00000000.sdmp, Coordination_Committee.exe, 00000000.00000002.2980040781.0000024A9C214000.00000004.00000800.00020000.00000000.sdmp, Coordination_Committee.exe, 00000000.00000002.2980040781.0000024A9C206000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://theprintazadkashmir.com
Source: Coordination_Committee.exe, 00000000.00000002.2980040781.0000024A9C19E000.00000004.00000800.00020000.00000000.sdmp, Coordination_Committee.exe, 00000000.00000002.2980040781.0000024A9C2AB000.00000004.00000800.00020000.00000000.sdmp, Coordination_Committee.exe, 00000000.00000002.2980040781.0000024A9C193000.00000004.00000800.00020000.00000000.sdmp, Coordination_Committee.exe, 00000000.00000002.2980040781.0000024A9C16A000.00000004.00000800.00020000.00000000.sdmp, Coordination_Committee.exe, 00000000.00000002.2980040781.0000024A9C2C6000.00000004.00000800.00020000.00000000.sdmp, Coordination_Committee.exe, 00000000.00000002.2980040781.0000024A9C236000.00000004.00000800.00020000.00000000.sdmp, Coordination_Committee.exe, 00000000.00000002.2980040781.0000024A9C1B3000.00000004.00000800.00020000.00000000.sdmp, Coordination_Committee.exe, 00000000.00000002.2980040781.0000024A9C214000.00000004.00000800.00020000.00000000.sdmp, Coordination_Committee.exe, 00000000.00000002.2980040781.0000024A9C206000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://theprintazadkashmir.com:7545
Source: Coordination_Committee.exe, 00000000.00000002.2980040781.0000024A9C206000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://theprintazadkashmir.com:7545/Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3
Source: Coordination_Committee.exe, 00000000.00000002.2980040781.0000024A9C0E1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://theprintazadkashmir.com:7545/Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3P
Source: Coordination_Committee.exe, 00000000.00000002.2980040781.0000024A9C16A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://theprintazadkashmir.com:75452

Source: Coordination_Committee.exe, 00000000.00000000.1718940188.0000024A9A268000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenamekerberos.exe4 vs Coordination_Committee.exe
Source: Coordination_Committee.exe	Binary or memory string: OriginalFilenamekerberos.exe4 vs Coordination_Committee.exe

Source: classification engine

Classification label: mal56.troj.winEXE@1/0@1/1

Source: C:\Users\user\Desktop\Coordination_Committee.exe

Mutant created: NULL

Source: Coordination_Committee.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: Coordination_Committee.exe

Static file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.83%

Source: C:\Users\user\Desktop\Coordination_Committee.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: Coordination_Committee.exe

ReversingLabs: Detection: 66%

Source: C:\Users\user\Desktop\Coordination_Committee.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\Desktop\Coordination_Committee.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\Coordination_Committee.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\Coordination_Committee.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\Coordination_Committee.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\Coordination_Committee.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\Coordination_Committee.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\Coordination_Committee.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\Coordination_Committee.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\Coordination_Committee.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\Coordination_Committee.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\Coordination_Committee.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\Coordination_Committee.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Coordination_Committee.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Coordination_Committee.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Coordination_Committee.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Users\user\Desktop\Coordination_Committee.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Users\user\Desktop\Coordination_Committee.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Coordination_Committee.exe	Section loaded: rasapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Coordination_Committee.exe	Section loaded: rasman.dll	Jump to behavior
Source: C:\Users\user\Desktop\Coordination_Committee.exe	Section loaded: rtutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\Coordination_Committee.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\Coordination_Committee.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\Coordination_Committee.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\Coordination_Committee.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\Desktop\Coordination_Committee.exe	Section loaded: fwpuclnt.dll	Jump to behavior

Source: Coordination_Committee.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR

Source: Coordination_Committee.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source: Coordination_Committee.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Source: Coordination_Committee.exe

Static PE information: 0x95D98694 [Tue Aug 31 22:15:48 2049 UTC]

Hooking and other Techniques for Hiding and Protection

Uses known network protocols on non-standard ports

Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 7545
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 7545
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 7545
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 7545
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 7545
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 7545
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 7545
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 7545
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 7545
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 7545
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 7545
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 7545
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 7545
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 7545
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 7545
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 7545
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 7545
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 7545
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 7545
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 7545
Source: unknown	Network traffic detected: HTTP traffic on port 49783 -> 7545
Source: unknown	Network traffic detected: HTTP traffic on port 49789 -> 7545
Source: unknown	Network traffic detected: HTTP traffic on port 49794 -> 7545
Source: unknown	Network traffic detected: HTTP traffic on port 49800 -> 7545
Source: unknown	Network traffic detected: HTTP traffic on port 49806 -> 7545
Source: unknown	Network traffic detected: HTTP traffic on port 49811 -> 7545
Source: unknown	Network traffic detected: HTTP traffic on port 49817 -> 7545
Source: unknown	Network traffic detected: HTTP traffic on port 49823 -> 7545
Source: unknown	Network traffic detected: HTTP traffic on port 49829 -> 7545
Source: unknown	Network traffic detected: HTTP traffic on port 49834 -> 7545
Source: unknown	Network traffic detected: HTTP traffic on port 49840 -> 7545
Source: unknown	Network traffic detected: HTTP traffic on port 49846 -> 7545
Source: unknown	Network traffic detected: HTTP traffic on port 49852 -> 7545
Source: unknown	Network traffic detected: HTTP traffic on port 49858 -> 7545
Source: unknown	Network traffic detected: HTTP traffic on port 49864 -> 7545
Source: unknown	Network traffic detected: HTTP traffic on port 49870 -> 7545
Source: unknown	Network traffic detected: HTTP traffic on port 49876 -> 7545
Source: unknown	Network traffic detected: HTTP traffic on port 49882 -> 7545
Source: unknown	Network traffic detected: HTTP traffic on port 49888 -> 7545
Source: unknown	Network traffic detected: HTTP traffic on port 49894 -> 7545
Source: unknown	Network traffic detected: HTTP traffic on port 49900 -> 7545
Source: unknown	Network traffic detected: HTTP traffic on port 49906 -> 7545
Source: unknown	Network traffic detected: HTTP traffic on port 49912 -> 7545
Source: unknown	Network traffic detected: HTTP traffic on port 49918 -> 7545
Source: unknown	Network traffic detected: HTTP traffic on port 49924 -> 7545
Source: unknown	Network traffic detected: HTTP traffic on port 49930 -> 7545
Source: unknown	Network traffic detected: HTTP traffic on port 49934 -> 7545
Source: unknown	Network traffic detected: HTTP traffic on port 49937 -> 7545
Source: unknown	Network traffic detected: HTTP traffic on port 49945 -> 7545

Source: C:\Users\user\Desktop\Coordination_Committee.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Coordination_Committee.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Coordination_Committee.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Coordination_Committee.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Coordination_Committee.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Coordination_Committee.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Coordination_Committee.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Coordination_Committee.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Coordination_Committee.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Coordination_Committee.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Coordination_Committee.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Coordination_Committee.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Coordination_Committee.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Coordination_Committee.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Coordination_Committee.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Coordination_Committee.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Coordination_Committee.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Coordination_Committee.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Coordination_Committee.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Coordination_Committee.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Coordination_Committee.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Coordination_Committee.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Coordination_Committee.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Coordination_Committee.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Coordination_Committee.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Coordination_Committee.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Coordination_Committee.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Coordination_Committee.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Coordination_Committee.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Coordination_Committee.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Coordination_Committee.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Coordination_Committee.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Coordination_Committee.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Coordination_Committee.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Coordination_Committee.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Coordination_Committee.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Coordination_Committee.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Coordination_Committee.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Coordination_Committee.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Coordination_Committee.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Coordination_Committee.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Coordination_Committee.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Source: C:\Users\user\Desktop\Coordination_Committee.exe	Memory allocated: 24A9BD40000 memory reserve \| memory write watch			Jump to behavior
Source: C:\Users\user\Desktop\Coordination_Committee.exe	Memory allocated: 24AB40E0000 memory reserve \| memory write watch			Jump to behavior

Source: C:\Users\user\Desktop\Coordination_Committee.exe	Thread delayed: delay time: 922337203685477			Jump to behavior
Source: C:\Users\user\Desktop\Coordination_Committee.exe	Thread delayed: delay time: 597455			Jump to behavior

Source: C:\Users\user\Desktop\Coordination_Committee.exe	Window / User API: threadDelayed 7664			Jump to behavior
Source: C:\Users\user\Desktop\Coordination_Committee.exe	Window / User API: threadDelayed 2183			Jump to behavior

Source: C:\Users\user\Desktop\Coordination_Committee.exe TID: 7672	Thread sleep count: 38 > 30	Jump to behavior
Source: C:\Users\user\Desktop\Coordination_Committee.exe TID: 7672	Thread sleep time: -35048813740048126s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Coordination_Committee.exe TID: 7672	Thread sleep time: -200000s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Coordination_Committee.exe TID: 7704	Thread sleep count: 7664 > 30	Jump to behavior
Source: C:\Users\user\Desktop\Coordination_Committee.exe TID: 7704	Thread sleep count: 2183 > 30	Jump to behavior
Source: C:\Users\user\Desktop\Coordination_Committee.exe TID: 7672	Thread sleep time: -99875s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Coordination_Committee.exe TID: 7672	Thread sleep time: -99718s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Coordination_Committee.exe TID: 7672	Thread sleep time: -99609s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Coordination_Committee.exe TID: 7672	Thread sleep time: -99463s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Coordination_Committee.exe TID: 7672	Thread sleep time: -99164s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Coordination_Committee.exe TID: 7672	Thread sleep time: -99047s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Coordination_Committee.exe TID: 7672	Thread sleep time: -98922s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Coordination_Committee.exe TID: 7672	Thread sleep time: -98812s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Coordination_Committee.exe TID: 7672	Thread sleep time: -98703s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Coordination_Committee.exe TID: 7672	Thread sleep time: -98594s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Coordination_Committee.exe TID: 7672	Thread sleep time: -98469s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Coordination_Committee.exe TID: 7672	Thread sleep time: -98359s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Coordination_Committee.exe TID: 7672	Thread sleep time: -98250s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Coordination_Committee.exe TID: 7672	Thread sleep time: -98141s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Coordination_Committee.exe TID: 7672	Thread sleep time: -98031s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Coordination_Committee.exe TID: 7672	Thread sleep time: -97922s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Coordination_Committee.exe TID: 7672	Thread sleep time: -97812s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Coordination_Committee.exe TID: 7672	Thread sleep time: -97703s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Coordination_Committee.exe TID: 7672	Thread sleep time: -97594s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Coordination_Committee.exe TID: 7672	Thread sleep time: -97484s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Coordination_Committee.exe TID: 7672	Thread sleep time: -97375s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Coordination_Committee.exe TID: 7672	Thread sleep time: -97264s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Coordination_Committee.exe TID: 7672	Thread sleep time: -97155s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Coordination_Committee.exe TID: 7672	Thread sleep time: -97047s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Coordination_Committee.exe TID: 7672	Thread sleep time: -96937s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Coordination_Committee.exe TID: 7672	Thread sleep time: -96828s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Coordination_Committee.exe TID: 7672	Thread sleep time: -96719s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Coordination_Committee.exe TID: 7672	Thread sleep time: -96609s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Coordination_Committee.exe TID: 7672	Thread sleep time: -96500s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Coordination_Committee.exe TID: 7672	Thread sleep time: -96391s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Coordination_Committee.exe TID: 7672	Thread sleep time: -96281s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Coordination_Committee.exe TID: 7672	Thread sleep time: -96172s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Coordination_Committee.exe TID: 7672	Thread sleep time: -96062s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Coordination_Committee.exe TID: 7672	Thread sleep time: -95953s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Coordination_Committee.exe TID: 7672	Thread sleep time: -95843s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Coordination_Committee.exe TID: 7672	Thread sleep time: -95734s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Coordination_Committee.exe TID: 7672	Thread sleep time: -95625s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Coordination_Committee.exe TID: 7672	Thread sleep time: -95513s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Coordination_Committee.exe TID: 7672	Thread sleep time: -95406s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Coordination_Committee.exe TID: 7672	Thread sleep time: -95297s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Coordination_Committee.exe TID: 7672	Thread sleep time: -95187s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Coordination_Committee.exe TID: 7672	Thread sleep time: -95078s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Coordination_Committee.exe TID: 7672	Thread sleep time: -94968s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Coordination_Committee.exe TID: 7672	Thread sleep time: -94853s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Coordination_Committee.exe TID: 7672	Thread sleep time: -597455s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Coordination_Committee.exe TID: 7672	Thread sleep time: -99888s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Coordination_Committee.exe TID: 7672	Thread sleep time: -99779s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Coordination_Committee.exe TID: 7672	Thread sleep time: -99670s >= -30000s	Jump to behavior

Source: C:\Users\user\Desktop\Coordination_Committee.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\Desktop\Coordination_Committee.exe	Thread delayed: delay time: 100000	Jump to behavior
Source: C:\Users\user\Desktop\Coordination_Committee.exe	Thread delayed: delay time: 99875	Jump to behavior
Source: C:\Users\user\Desktop\Coordination_Committee.exe	Thread delayed: delay time: 99718	Jump to behavior
Source: C:\Users\user\Desktop\Coordination_Committee.exe	Thread delayed: delay time: 99609	Jump to behavior
Source: C:\Users\user\Desktop\Coordination_Committee.exe	Thread delayed: delay time: 99463	Jump to behavior
Source: C:\Users\user\Desktop\Coordination_Committee.exe	Thread delayed: delay time: 99164	Jump to behavior
Source: C:\Users\user\Desktop\Coordination_Committee.exe	Thread delayed: delay time: 99047	Jump to behavior
Source: C:\Users\user\Desktop\Coordination_Committee.exe	Thread delayed: delay time: 98922	Jump to behavior
Source: C:\Users\user\Desktop\Coordination_Committee.exe	Thread delayed: delay time: 98812	Jump to behavior
Source: C:\Users\user\Desktop\Coordination_Committee.exe	Thread delayed: delay time: 98703	Jump to behavior
Source: C:\Users\user\Desktop\Coordination_Committee.exe	Thread delayed: delay time: 98594	Jump to behavior
Source: C:\Users\user\Desktop\Coordination_Committee.exe	Thread delayed: delay time: 98469	Jump to behavior
Source: C:\Users\user\Desktop\Coordination_Committee.exe	Thread delayed: delay time: 98359	Jump to behavior
Source: C:\Users\user\Desktop\Coordination_Committee.exe	Thread delayed: delay time: 98250	Jump to behavior
Source: C:\Users\user\Desktop\Coordination_Committee.exe	Thread delayed: delay time: 98141	Jump to behavior
Source: C:\Users\user\Desktop\Coordination_Committee.exe	Thread delayed: delay time: 98031	Jump to behavior
Source: C:\Users\user\Desktop\Coordination_Committee.exe	Thread delayed: delay time: 97922	Jump to behavior
Source: C:\Users\user\Desktop\Coordination_Committee.exe	Thread delayed: delay time: 97812	Jump to behavior
Source: C:\Users\user\Desktop\Coordination_Committee.exe	Thread delayed: delay time: 97703	Jump to behavior
Source: C:\Users\user\Desktop\Coordination_Committee.exe	Thread delayed: delay time: 97594	Jump to behavior
Source: C:\Users\user\Desktop\Coordination_Committee.exe	Thread delayed: delay time: 97484	Jump to behavior
Source: C:\Users\user\Desktop\Coordination_Committee.exe	Thread delayed: delay time: 97375	Jump to behavior
Source: C:\Users\user\Desktop\Coordination_Committee.exe	Thread delayed: delay time: 97264	Jump to behavior
Source: C:\Users\user\Desktop\Coordination_Committee.exe	Thread delayed: delay time: 97155	Jump to behavior
Source: C:\Users\user\Desktop\Coordination_Committee.exe	Thread delayed: delay time: 97047	Jump to behavior
Source: C:\Users\user\Desktop\Coordination_Committee.exe	Thread delayed: delay time: 96937	Jump to behavior
Source: C:\Users\user\Desktop\Coordination_Committee.exe	Thread delayed: delay time: 96828	Jump to behavior
Source: C:\Users\user\Desktop\Coordination_Committee.exe	Thread delayed: delay time: 96719	Jump to behavior
Source: C:\Users\user\Desktop\Coordination_Committee.exe	Thread delayed: delay time: 96609	Jump to behavior
Source: C:\Users\user\Desktop\Coordination_Committee.exe	Thread delayed: delay time: 96500	Jump to behavior
Source: C:\Users\user\Desktop\Coordination_Committee.exe	Thread delayed: delay time: 96391	Jump to behavior
Source: C:\Users\user\Desktop\Coordination_Committee.exe	Thread delayed: delay time: 96281	Jump to behavior
Source: C:\Users\user\Desktop\Coordination_Committee.exe	Thread delayed: delay time: 96172	Jump to behavior
Source: C:\Users\user\Desktop\Coordination_Committee.exe	Thread delayed: delay time: 96062	Jump to behavior
Source: C:\Users\user\Desktop\Coordination_Committee.exe	Thread delayed: delay time: 95953	Jump to behavior
Source: C:\Users\user\Desktop\Coordination_Committee.exe	Thread delayed: delay time: 95843	Jump to behavior
Source: C:\Users\user\Desktop\Coordination_Committee.exe	Thread delayed: delay time: 95734	Jump to behavior
Source: C:\Users\user\Desktop\Coordination_Committee.exe	Thread delayed: delay time: 95625	Jump to behavior
Source: C:\Users\user\Desktop\Coordination_Committee.exe	Thread delayed: delay time: 95513	Jump to behavior
Source: C:\Users\user\Desktop\Coordination_Committee.exe	Thread delayed: delay time: 95406	Jump to behavior
Source: C:\Users\user\Desktop\Coordination_Committee.exe	Thread delayed: delay time: 95297	Jump to behavior
Source: C:\Users\user\Desktop\Coordination_Committee.exe	Thread delayed: delay time: 95187	Jump to behavior
Source: C:\Users\user\Desktop\Coordination_Committee.exe	Thread delayed: delay time: 95078	Jump to behavior
Source: C:\Users\user\Desktop\Coordination_Committee.exe	Thread delayed: delay time: 94968	Jump to behavior
Source: C:\Users\user\Desktop\Coordination_Committee.exe	Thread delayed: delay time: 94853	Jump to behavior
Source: C:\Users\user\Desktop\Coordination_Committee.exe	Thread delayed: delay time: 597455	Jump to behavior
Source: C:\Users\user\Desktop\Coordination_Committee.exe	Thread delayed: delay time: 99888	Jump to behavior
Source: C:\Users\user\Desktop\Coordination_Committee.exe	Thread delayed: delay time: 99779	Jump to behavior
Source: C:\Users\user\Desktop\Coordination_Committee.exe	Thread delayed: delay time: 99670	Jump to behavior

Source: Coordination_Committee.exe, 00000000.00000002.2979561660.0000024A9A3C2000.00000004.00000020.00020000.00000000.sdmp

Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll(

Source: C:\Users\user\Desktop\Coordination_Committee.exe

Process token adjusted: Debug

Jump to behavior

Source: C:\Users\user\Desktop\Coordination_Committee.exe

Memory allocated: page read and write | page guard

Jump to behavior

Source: C:\Users\user\Desktop\Coordination_Committee.exe

Queries volume information: C:\Users\user\Desktop\Coordination_Committee.exe VolumeInformation

Jump to behavior

Source: C:\Users\user\Desktop\Coordination_Committee.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 DLL Side-Loading	1 DLL Side-Loading	1 Disable or Modify Tools	OS Credential Dumping	1 Security Software Discovery	Remote Services	Data from Local System	11 Non-Standard Port	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	31 Virtualization/Sandbox Evasion	LSASS Memory	31 Virtualization/Sandbox Evasion	Remote Desktop Protocol	Data from Removable Media	2 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	1 Timestomp	Security Account Manager	1 Application Window Discovery	SMB/Windows Admin Shares	Data from Network Shared Drive	2 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	1 DLL Side-Loading	NTDS	12 System Information Discovery	Distributed Component Object Model	Input Capture	1 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
Coordination_Committee.exe	67%	ReversingLabs	ByteCode-MSIL.Trojan.Zilla

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

Source	Detection	Scanner	Label
http://theprintazadkashmir.com	0%	Avira URL Cloud	safe
http://theprintazadkashmir.com:7545/Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3	0%	Avira URL Cloud	safe
http://theprintazadkashmir.com:7545/Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3P	0%	Avira URL Cloud	safe
http://theprintazadkashmir.com:7545	0%	Avira URL Cloud	safe
http://theprintazadkashmir.com:75452	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
theprintazadkashmir.com	162.252.175.33	true	false		unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
http://theprintazadkashmir.com:7545/Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3	false	Avira URL Cloud: safe	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://theprintazadkashmir.com:7545	Coordination_Committee.exe, 00000000.00000002.2980040781.0000024A9C19E000.00000004.00000800.00020000.00000000.sdmp, Coordination_Committee.exe, 00000000.00000002.2980040781.0000024A9C2AB000.00000004.00000800.00020000.00000000.sdmp, Coordination_Committee.exe, 00000000.00000002.2980040781.0000024A9C193000.00000004.00000800.00020000.00000000.sdmp, Coordination_Committee.exe, 00000000.00000002.2980040781.0000024A9C16A000.00000004.00000800.00020000.00000000.sdmp, Coordination_Committee.exe, 00000000.00000002.2980040781.0000024A9C2C6000.00000004.00000800.00020000.00000000.sdmp, Coordination_Committee.exe, 00000000.00000002.2980040781.0000024A9C236000.00000004.00000800.00020000.00000000.sdmp, Coordination_Committee.exe, 00000000.00000002.2980040781.0000024A9C1B3000.00000004.00000800.00020000.00000000.sdmp, Coordination_Committee.exe, 00000000.00000002.2980040781.0000024A9C214000.00000004.00000800.00020000.00000000.sdmp, Coordination_Committee.exe, 00000000.00000002.2980040781.0000024A9C206000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name	Coordination_Committee.exe, 00000000.00000002.2980040781.0000024A9C16A000.00000004.00000800.00020000.00000000.sdmp	false		high
http://theprintazadkashmir.com	Coordination_Committee.exe, 00000000.00000002.2980040781.0000024A9C2AB000.00000004.00000800.00020000.00000000.sdmp, Coordination_Committee.exe, 00000000.00000002.2980040781.0000024A9C193000.00000004.00000800.00020000.00000000.sdmp, Coordination_Committee.exe, 00000000.00000002.2980040781.0000024A9C16A000.00000004.00000800.00020000.00000000.sdmp, Coordination_Committee.exe, 00000000.00000002.2980040781.0000024A9C2C6000.00000004.00000800.00020000.00000000.sdmp, Coordination_Committee.exe, 00000000.00000002.2980040781.0000024A9C236000.00000004.00000800.00020000.00000000.sdmp, Coordination_Committee.exe, 00000000.00000002.2980040781.0000024A9C1B3000.00000004.00000800.00020000.00000000.sdmp, Coordination_Committee.exe, 00000000.00000002.2980040781.0000024A9C214000.00000004.00000800.00020000.00000000.sdmp, Coordination_Committee.exe, 00000000.00000002.2980040781.0000024A9C206000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://theprintazadkashmir.com:7545/Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3P	Coordination_Committee.exe, 00000000.00000002.2980040781.0000024A9C0E1000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://theprintazadkashmir.com:75452	Coordination_Committee.exe, 00000000.00000002.2980040781.0000024A9C16A000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
162.252.175.33	theprintazadkashmir.com	United States		29802	HVC-ASUS	false

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1573295
Start date and time:	2024-12-11 19:18:04 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 4m 2s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	5
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	Coordination_Committee.exe
Detection:	MAL
Classification:	mal56.troj.winEXE@1/0@1/1
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 16 Number of non-executed functions: 0
Cookbook Comments:	Found application associated with file extension: .exe

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
Excluded IPs from analysis (whitelisted): 52.149.20.212, 13.107.246.63
Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
Execution Graph export aborted for target Coordination_Committee.exe, PID 7328 because it is empty
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtQueryValueKey calls found.
Report size getting too big, too many NtReadVirtualMemory calls found.
VT rate limit hit for: Coordination_Committee.exe

Simulations

Behavior and APIs

Time	Type	Description
13:19:20	API Interceptor	2418119x Sleep call for process: Coordination_Committee.exe modified

Joe Sandbox View / Context

IPs

⊘No context

Domains

⊘No context

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
HVC-ASUS	xQw2EDQl1c.lnk	Get hash	malicious	Unknown	Browse	37.1.214.196
	https://uhu145fc.s3.amazonaws.com/bf63.html?B3E2629E-DF5B-2F28-7322FD910FB23F54	Get hash	malicious	Phisher	Browse	66.165.248.146
	6fW0GedR6j.xls	Get hash	malicious	Unknown	Browse	23.111.175.138
	https://i.postimg.cc/y6hBTtv7/png-Hand-SAward.png	Get hash	malicious	HTMLPhisher	Browse	66.206.12.130
	la.bot.arm5.elf	Get hash	malicious	Unknown	Browse	23.227.187.60
	1.e.msi	Get hash	malicious	DanaBot	Browse	23.227.178.53
	1.e.msi	Get hash	malicious	DanaBot	Browse	23.227.178.53
	Delivery_Notification_00000896751.doc.js	Get hash	malicious	Unknown	Browse	66.206.1.146
	Delivery_Notification_00116030.doc.js	Get hash	malicious	Unknown	Browse	66.206.1.146
	PO-73375.xlam.xlsx	Get hash	malicious	AgentTesla	Browse	66.206.23.186

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

⊘No created / dropped files found

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy (8bit):	5.5302415212189935
TrID:	Win32 Executable (generic) Net Framework (10011505/4) 49.83% Win32 Executable (generic) a (10002005/4) 49.78% Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36% Generic Win/DOS Executable (2004/3) 0.01% DOS Executable Generic (2002/1) 0.01%
File name:	Coordination_Committee.exe
File size:	21'504 bytes
MD5:	10c4162af158b4a1fe29bcefb589f464
SHA1:	eeb63a5dd15d31a7a05a33f42478b18ec39ef4e0
SHA256:	80c205154636cc0e78140f4fa97fc34ce18038ec48d156268acd827080a6d3b9
SHA512:	bc2971c8fb354d362c8670b0038a345009b7419fc43023febd06351c1f2b4e0f13f2f78f0f8404e6ffbfeb2a4d68b9518a14cd1247adfd237992ab87f8d9953d
SSDEEP:	384:XP859W38vo7Qou9xJ/M7Tmeu0Fa0FqBAfIrj+x3EmeDNxO:X4WSo7Qo4wiena0FqiIQoDzO
TLSH:	35A22A4D93ACCA3BC66E1BBD6470439287B0D2556523FFAF898CF2D87A4734045446AB
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................."...0..L..........>k... ........@.. ....................................`................................

File Icon


Icon Hash:	90cececece8e8eb0

Static PE Info

General

Entrypoint:	0x406b3e
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
DLL Characteristics:	HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Time Stamp:	0x95D98694 [Tue Aug 31 22:15:48 2049 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	4
OS Version Minor:	0
File Version Major:	4
File Version Minor:	0
Subsystem Version Major:	4
Subsystem Version Minor:	0
Import Hash:	f34d5f2d4577ed6d9ceec516c1f5a744

Entrypoint Preview

Instruction
jmp dword ptr [00402000h]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x6aec	0x4f	.text
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x8000	0x2a8	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0xa000	0xc	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0x6ad0	0x1c	.text
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x2000	0x8	.text
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x2008	0x48	.text
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x2000	0x4b44	0x4c00	11e31f2c4c314f2807587d45ad8cbe0f	False	0.5052939967105263	data	5.801149111275847	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rsrc	0x8000	0x2a8	0x400	a3174b11a287100d5d2bfff4ff7b5869	False	0.2958984375	data	2.155443991028814	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc	0xa000	0xc	0x200	c9c3e849a074ed751e38df694e33b6fb	False	0.044921875	data	0.08153941234324169	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
RT_VERSION	0x8058	0x24c	data			0.45918367346938777

Imports

DLL	Import
mscoree.dll	_CorExeMain

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Dec 11, 2024 19:19:21.572719097 CET	49735	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:19:21.694937944 CET	7545	49735	162.252.175.33	192.168.2.4
Dec 11, 2024 19:19:21.695051908 CET	49735	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:19:21.736721039 CET	49735	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:19:21.855981112 CET	7545	49735	162.252.175.33	192.168.2.4
Dec 11, 2024 19:19:23.834862947 CET	7545	49735	162.252.175.33	192.168.2.4
Dec 11, 2024 19:19:23.834996939 CET	49735	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:19:23.865608931 CET	49735	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:19:23.867949009 CET	49737	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:19:23.989643097 CET	7545	49735	162.252.175.33	192.168.2.4
Dec 11, 2024 19:19:23.992542028 CET	7545	49737	162.252.175.33	192.168.2.4
Dec 11, 2024 19:19:23.992671967 CET	49737	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:19:23.992898941 CET	49737	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:19:24.112229109 CET	7545	49737	162.252.175.33	192.168.2.4
Dec 11, 2024 19:19:26.004594088 CET	7545	49737	162.252.175.33	192.168.2.4
Dec 11, 2024 19:19:26.004720926 CET	49737	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:19:26.004851103 CET	49737	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:19:26.124320030 CET	7545	49737	162.252.175.33	192.168.2.4
Dec 11, 2024 19:19:26.417191982 CET	49738	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:19:26.761199951 CET	7545	49738	162.252.175.33	192.168.2.4
Dec 11, 2024 19:19:26.761302948 CET	49738	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:19:26.761612892 CET	49738	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:19:26.881880045 CET	7545	49738	162.252.175.33	192.168.2.4
Dec 11, 2024 19:19:28.799916029 CET	7545	49738	162.252.175.33	192.168.2.4
Dec 11, 2024 19:19:28.800019979 CET	49738	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:19:28.800139904 CET	49738	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:19:28.801470995 CET	49739	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:19:28.968489885 CET	7545	49738	162.252.175.33	192.168.2.4
Dec 11, 2024 19:19:28.968503952 CET	7545	49739	162.252.175.33	192.168.2.4
Dec 11, 2024 19:19:28.968636990 CET	49739	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:19:28.970549107 CET	49739	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:19:29.090195894 CET	7545	49739	162.252.175.33	192.168.2.4
Dec 11, 2024 19:19:30.972464085 CET	7545	49739	162.252.175.33	192.168.2.4
Dec 11, 2024 19:19:30.972527981 CET	49739	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:19:30.972702980 CET	49739	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:19:31.026602030 CET	49740	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:19:31.092303991 CET	7545	49739	162.252.175.33	192.168.2.4
Dec 11, 2024 19:19:31.148111105 CET	7545	49740	162.252.175.33	192.168.2.4
Dec 11, 2024 19:19:31.148210049 CET	49740	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:19:31.148454905 CET	49740	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:19:31.268008947 CET	7545	49740	162.252.175.33	192.168.2.4
Dec 11, 2024 19:19:33.253613949 CET	7545	49740	162.252.175.33	192.168.2.4
Dec 11, 2024 19:19:33.253855944 CET	49740	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:19:33.253922939 CET	49740	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:19:33.255012035 CET	49741	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:19:33.373301029 CET	7545	49740	162.252.175.33	192.168.2.4
Dec 11, 2024 19:19:33.374398947 CET	7545	49741	162.252.175.33	192.168.2.4
Dec 11, 2024 19:19:33.374598026 CET	49741	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:19:33.374944925 CET	49741	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:19:33.494306087 CET	7545	49741	162.252.175.33	192.168.2.4
Dec 11, 2024 19:19:35.475202084 CET	7545	49741	162.252.175.33	192.168.2.4
Dec 11, 2024 19:19:35.475348949 CET	49741	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:19:35.475445032 CET	49741	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:19:35.500154972 CET	49742	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:19:35.599426985 CET	7545	49741	162.252.175.33	192.168.2.4
Dec 11, 2024 19:19:35.657352924 CET	7545	49742	162.252.175.33	192.168.2.4
Dec 11, 2024 19:19:35.657474041 CET	49742	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:19:35.657838106 CET	49742	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:19:35.779397011 CET	7545	49742	162.252.175.33	192.168.2.4
Dec 11, 2024 19:19:37.668282032 CET	7545	49742	162.252.175.33	192.168.2.4
Dec 11, 2024 19:19:37.668420076 CET	49742	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:19:37.668576002 CET	49742	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:19:37.670053005 CET	49743	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:19:37.791347980 CET	7545	49742	162.252.175.33	192.168.2.4
Dec 11, 2024 19:19:37.792969942 CET	7545	49743	162.252.175.33	192.168.2.4
Dec 11, 2024 19:19:37.793076038 CET	49743	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:19:37.793410063 CET	49743	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:19:37.912866116 CET	7545	49743	162.252.175.33	192.168.2.4
Dec 11, 2024 19:19:39.941397905 CET	7545	49743	162.252.175.33	192.168.2.4
Dec 11, 2024 19:19:39.941468000 CET	49743	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:19:39.944267035 CET	49743	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:19:40.070461035 CET	7545	49743	162.252.175.33	192.168.2.4
Dec 11, 2024 19:19:40.191718102 CET	49744	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:19:40.311505079 CET	7545	49744	162.252.175.33	192.168.2.4
Dec 11, 2024 19:19:40.311605930 CET	49744	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:19:40.311816931 CET	49744	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:19:40.431181908 CET	7545	49744	162.252.175.33	192.168.2.4
Dec 11, 2024 19:19:42.700943947 CET	7545	49744	162.252.175.33	192.168.2.4
Dec 11, 2024 19:19:42.703656912 CET	49744	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:19:42.752120018 CET	49744	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:19:42.753478050 CET	49745	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:19:42.871566057 CET	7545	49744	162.252.175.33	192.168.2.4
Dec 11, 2024 19:19:42.872899055 CET	7545	49745	162.252.175.33	192.168.2.4
Dec 11, 2024 19:19:42.872998953 CET	49745	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:19:42.873224974 CET	49745	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:19:42.994563103 CET	7545	49745	162.252.175.33	192.168.2.4
Dec 11, 2024 19:19:44.910676956 CET	7545	49745	162.252.175.33	192.168.2.4
Dec 11, 2024 19:19:44.910816908 CET	49745	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:19:44.910969019 CET	49745	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:19:44.958297014 CET	49746	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:19:45.218015909 CET	7545	49745	162.252.175.33	192.168.2.4
Dec 11, 2024 19:19:45.218503952 CET	7545	49746	162.252.175.33	192.168.2.4
Dec 11, 2024 19:19:45.218626976 CET	49746	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:19:45.218832970 CET	49746	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:19:45.344702959 CET	7545	49746	162.252.175.33	192.168.2.4
Dec 11, 2024 19:19:47.407730103 CET	7545	49746	162.252.175.33	192.168.2.4
Dec 11, 2024 19:19:47.407877922 CET	49746	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:19:47.407934904 CET	49746	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:19:47.409006119 CET	49747	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:19:47.528588057 CET	7545	49746	162.252.175.33	192.168.2.4
Dec 11, 2024 19:19:47.529325962 CET	7545	49747	162.252.175.33	192.168.2.4
Dec 11, 2024 19:19:47.529454947 CET	49747	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:19:47.529666901 CET	49747	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:19:47.649769068 CET	7545	49747	162.252.175.33	192.168.2.4
Dec 11, 2024 19:19:49.582138062 CET	7545	49747	162.252.175.33	192.168.2.4
Dec 11, 2024 19:19:49.582305908 CET	49747	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:19:49.582509041 CET	49747	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:19:49.645951033 CET	49748	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:19:49.701817989 CET	7545	49747	162.252.175.33	192.168.2.4
Dec 11, 2024 19:19:49.769803047 CET	7545	49748	162.252.175.33	192.168.2.4
Dec 11, 2024 19:19:49.769893885 CET	49748	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:19:49.770206928 CET	49748	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:19:49.894783020 CET	7545	49748	162.252.175.33	192.168.2.4
Dec 11, 2024 19:19:51.911741018 CET	7545	49748	162.252.175.33	192.168.2.4
Dec 11, 2024 19:19:51.911830902 CET	49748	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:19:51.911967039 CET	49748	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:19:51.913207054 CET	49749	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:19:52.031661034 CET	7545	49748	162.252.175.33	192.168.2.4
Dec 11, 2024 19:19:52.032968044 CET	7545	49749	162.252.175.33	192.168.2.4
Dec 11, 2024 19:19:52.035501003 CET	49749	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:19:52.035727024 CET	49749	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:19:52.156783104 CET	7545	49749	162.252.175.33	192.168.2.4
Dec 11, 2024 19:19:54.092398882 CET	7545	49749	162.252.175.33	192.168.2.4
Dec 11, 2024 19:19:54.092602968 CET	49749	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:19:54.092742920 CET	49749	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:19:54.177294016 CET	49751	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:19:54.212127924 CET	7545	49749	162.252.175.33	192.168.2.4
Dec 11, 2024 19:19:54.312098980 CET	7545	49751	162.252.175.33	192.168.2.4
Dec 11, 2024 19:19:54.312313080 CET	49751	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:19:54.312413931 CET	49751	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:19:54.453649998 CET	7545	49751	162.252.175.33	192.168.2.4
Dec 11, 2024 19:19:56.433583021 CET	7545	49751	162.252.175.33	192.168.2.4
Dec 11, 2024 19:19:56.433690071 CET	49751	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:19:56.433917046 CET	49751	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:19:56.434815884 CET	49753	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:19:56.599620104 CET	7545	49751	162.252.175.33	192.168.2.4
Dec 11, 2024 19:19:56.599637985 CET	7545	49753	162.252.175.33	192.168.2.4
Dec 11, 2024 19:19:56.599726915 CET	49753	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:19:56.599919081 CET	49753	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:19:56.719927073 CET	7545	49753	162.252.175.33	192.168.2.4
Dec 11, 2024 19:19:58.659598112 CET	7545	49753	162.252.175.33	192.168.2.4
Dec 11, 2024 19:19:58.659718037 CET	49753	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:19:58.659792900 CET	49753	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:19:58.690016985 CET	49759	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:19:58.779181004 CET	7545	49753	162.252.175.33	192.168.2.4
Dec 11, 2024 19:19:58.822802067 CET	7545	49759	162.252.175.33	192.168.2.4
Dec 11, 2024 19:19:58.822892904 CET	49759	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:19:58.823132992 CET	49759	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:19:58.942651987 CET	7545	49759	162.252.175.33	192.168.2.4
Dec 11, 2024 19:20:00.896755934 CET	7545	49759	162.252.175.33	192.168.2.4
Dec 11, 2024 19:20:00.896832943 CET	49759	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:20:00.896995068 CET	49759	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:20:00.898057938 CET	49765	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:20:01.081583023 CET	7545	49759	162.252.175.33	192.168.2.4
Dec 11, 2024 19:20:01.081598043 CET	7545	49765	162.252.175.33	192.168.2.4
Dec 11, 2024 19:20:01.081700087 CET	49765	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:20:01.081897020 CET	49765	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:20:01.277163982 CET	7545	49765	162.252.175.33	192.168.2.4
Dec 11, 2024 19:20:03.194027901 CET	7545	49765	162.252.175.33	192.168.2.4
Dec 11, 2024 19:20:03.194097996 CET	49765	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:20:03.194242954 CET	49765	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:20:03.270879984 CET	49771	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:20:03.313673019 CET	7545	49765	162.252.175.33	192.168.2.4
Dec 11, 2024 19:20:03.426956892 CET	7545	49771	162.252.175.33	192.168.2.4
Dec 11, 2024 19:20:03.427041054 CET	49771	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:20:03.427279949 CET	49771	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:20:03.553961039 CET	7545	49771	162.252.175.33	192.168.2.4
Dec 11, 2024 19:20:05.521902084 CET	7545	49771	162.252.175.33	192.168.2.4
Dec 11, 2024 19:20:05.522063971 CET	49771	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:20:05.522201061 CET	49771	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:20:05.523402929 CET	49777	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:20:05.649866104 CET	7545	49771	162.252.175.33	192.168.2.4
Dec 11, 2024 19:20:05.650343895 CET	7545	49777	162.252.175.33	192.168.2.4
Dec 11, 2024 19:20:05.650444031 CET	49777	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:20:05.650628090 CET	49777	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:20:05.900387049 CET	7545	49777	162.252.175.33	192.168.2.4
Dec 11, 2024 19:20:07.785315037 CET	7545	49777	162.252.175.33	192.168.2.4
Dec 11, 2024 19:20:07.785439014 CET	49777	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:20:07.785586119 CET	49777	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:20:07.824282885 CET	49783	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:20:07.935508966 CET	7545	49777	162.252.175.33	192.168.2.4
Dec 11, 2024 19:20:07.947453976 CET	7545	49783	162.252.175.33	192.168.2.4
Dec 11, 2024 19:20:07.947597980 CET	49783	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:20:07.947813034 CET	49783	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:20:08.067502022 CET	7545	49783	162.252.175.33	192.168.2.4
Dec 11, 2024 19:20:10.051094055 CET	7545	49783	162.252.175.33	192.168.2.4
Dec 11, 2024 19:20:10.051322937 CET	49783	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:20:10.051455975 CET	49783	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:20:10.052545071 CET	49789	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:20:10.176611900 CET	7545	49783	162.252.175.33	192.168.2.4
Dec 11, 2024 19:20:10.176656008 CET	7545	49789	162.252.175.33	192.168.2.4
Dec 11, 2024 19:20:10.176805973 CET	49789	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:20:10.177047014 CET	49789	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:20:10.297283888 CET	7545	49789	162.252.175.33	192.168.2.4
Dec 11, 2024 19:20:12.223447084 CET	7545	49789	162.252.175.33	192.168.2.4
Dec 11, 2024 19:20:12.223567963 CET	49789	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:20:12.223990917 CET	49789	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:20:12.289294004 CET	49794	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:20:12.397736073 CET	7545	49789	162.252.175.33	192.168.2.4
Dec 11, 2024 19:20:12.410384893 CET	7545	49794	162.252.175.33	192.168.2.4
Dec 11, 2024 19:20:12.410787106 CET	49794	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:20:12.410845995 CET	49794	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:20:12.591454983 CET	7545	49794	162.252.175.33	192.168.2.4
Dec 11, 2024 19:20:14.549717903 CET	7545	49794	162.252.175.33	192.168.2.4
Dec 11, 2024 19:20:14.549906015 CET	49794	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:20:14.549952984 CET	49794	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:20:14.550975084 CET	49800	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:20:14.669683933 CET	7545	49794	162.252.175.33	192.168.2.4
Dec 11, 2024 19:20:14.741457939 CET	7545	49800	162.252.175.33	192.168.2.4
Dec 11, 2024 19:20:14.741583109 CET	49800	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:20:14.741805077 CET	49800	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:20:14.909274101 CET	7545	49800	162.252.175.33	192.168.2.4
Dec 11, 2024 19:20:16.817118883 CET	7545	49800	162.252.175.33	192.168.2.4
Dec 11, 2024 19:20:16.817300081 CET	49800	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:20:16.817327023 CET	49800	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:20:16.849953890 CET	49806	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:20:16.945204020 CET	7545	49800	162.252.175.33	192.168.2.4
Dec 11, 2024 19:20:16.973690987 CET	7545	49806	162.252.175.33	192.168.2.4
Dec 11, 2024 19:20:16.973772049 CET	49806	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:20:16.973999023 CET	49806	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:20:17.160130978 CET	7545	49806	162.252.175.33	192.168.2.4
Dec 11, 2024 19:20:19.035274029 CET	7545	49806	162.252.175.33	192.168.2.4
Dec 11, 2024 19:20:19.035423994 CET	49806	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:20:19.035526991 CET	49806	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:20:19.036602974 CET	49811	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:20:19.155411959 CET	7545	49806	162.252.175.33	192.168.2.4
Dec 11, 2024 19:20:19.156714916 CET	7545	49811	162.252.175.33	192.168.2.4
Dec 11, 2024 19:20:19.156799078 CET	49811	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:20:19.157022953 CET	49811	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:20:19.276870012 CET	7545	49811	162.252.175.33	192.168.2.4
Dec 11, 2024 19:20:21.160876036 CET	7545	49811	162.252.175.33	192.168.2.4
Dec 11, 2024 19:20:21.161811113 CET	49811	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:20:21.162067890 CET	49811	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:20:21.208460093 CET	49817	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:20:21.281636953 CET	7545	49811	162.252.175.33	192.168.2.4
Dec 11, 2024 19:20:21.328907967 CET	7545	49817	162.252.175.33	192.168.2.4
Dec 11, 2024 19:20:21.331500053 CET	49817	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:20:21.331758022 CET	49817	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:20:21.451419115 CET	7545	49817	162.252.175.33	192.168.2.4
Dec 11, 2024 19:20:23.375327110 CET	7545	49817	162.252.175.33	192.168.2.4
Dec 11, 2024 19:20:23.375392914 CET	49817	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:20:23.375510931 CET	49817	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:20:23.376588106 CET	49823	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:20:23.494688988 CET	7545	49817	162.252.175.33	192.168.2.4
Dec 11, 2024 19:20:23.495904922 CET	7545	49823	162.252.175.33	192.168.2.4
Dec 11, 2024 19:20:23.496131897 CET	49823	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:20:23.496350050 CET	49823	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:20:23.617173910 CET	7545	49823	162.252.175.33	192.168.2.4
Dec 11, 2024 19:20:25.621365070 CET	7545	49823	162.252.175.33	192.168.2.4
Dec 11, 2024 19:20:25.621552944 CET	49823	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:20:25.621553898 CET	49823	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:20:25.635885954 CET	49829	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:20:25.743537903 CET	7545	49823	162.252.175.33	192.168.2.4
Dec 11, 2024 19:20:25.757494926 CET	7545	49829	162.252.175.33	192.168.2.4
Dec 11, 2024 19:20:25.757833004 CET	49829	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:20:25.757833958 CET	49829	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:20:26.048964977 CET	7545	49829	162.252.175.33	192.168.2.4
Dec 11, 2024 19:20:27.879710913 CET	7545	49829	162.252.175.33	192.168.2.4
Dec 11, 2024 19:20:27.879810095 CET	49829	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:20:27.879978895 CET	49829	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:20:27.880872965 CET	49834	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:20:28.220985889 CET	7545	49829	162.252.175.33	192.168.2.4
Dec 11, 2024 19:20:28.221009016 CET	7545	49834	162.252.175.33	192.168.2.4
Dec 11, 2024 19:20:28.221107006 CET	49834	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:20:28.222855091 CET	49834	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:20:28.342189074 CET	7545	49834	162.252.175.33	192.168.2.4
Dec 11, 2024 19:20:30.223514080 CET	7545	49834	162.252.175.33	192.168.2.4
Dec 11, 2024 19:20:30.223577023 CET	49834	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:20:30.223742008 CET	49834	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:20:30.258531094 CET	49840	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:20:30.347194910 CET	7545	49834	162.252.175.33	192.168.2.4
Dec 11, 2024 19:20:30.381019115 CET	7545	49840	162.252.175.33	192.168.2.4
Dec 11, 2024 19:20:30.381093979 CET	49840	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:20:30.381268978 CET	49840	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:20:30.500520945 CET	7545	49840	162.252.175.33	192.168.2.4
Dec 11, 2024 19:20:32.403424978 CET	7545	49840	162.252.175.33	192.168.2.4
Dec 11, 2024 19:20:32.403490067 CET	49840	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:20:32.403652906 CET	49840	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:20:32.405024052 CET	49846	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:20:32.523392916 CET	7545	49840	162.252.175.33	192.168.2.4
Dec 11, 2024 19:20:32.524552107 CET	7545	49846	162.252.175.33	192.168.2.4
Dec 11, 2024 19:20:32.524641037 CET	49846	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:20:32.524878979 CET	49846	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:20:32.646562099 CET	7545	49846	162.252.175.33	192.168.2.4
Dec 11, 2024 19:20:34.536950111 CET	7545	49846	162.252.175.33	192.168.2.4
Dec 11, 2024 19:20:34.537028074 CET	49846	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:20:34.538548946 CET	49846	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:20:34.679423094 CET	7545	49846	162.252.175.33	192.168.2.4
Dec 11, 2024 19:20:34.727582932 CET	49852	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:20:34.846951008 CET	7545	49852	162.252.175.33	192.168.2.4
Dec 11, 2024 19:20:34.847024918 CET	49852	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:20:34.847269058 CET	49852	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:20:34.966924906 CET	7545	49852	162.252.175.33	192.168.2.4
Dec 11, 2024 19:20:36.833863020 CET	7545	49852	162.252.175.33	192.168.2.4
Dec 11, 2024 19:20:36.833919048 CET	49852	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:20:36.834270954 CET	49852	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:20:36.836987019 CET	49858	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:20:36.987967968 CET	7545	49852	162.252.175.33	192.168.2.4
Dec 11, 2024 19:20:36.988010883 CET	7545	49858	162.252.175.33	192.168.2.4
Dec 11, 2024 19:20:36.988110065 CET	49858	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:20:36.988385916 CET	49858	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:20:37.147507906 CET	7545	49858	162.252.175.33	192.168.2.4
Dec 11, 2024 19:20:38.990063906 CET	7545	49858	162.252.175.33	192.168.2.4
Dec 11, 2024 19:20:38.994499922 CET	49858	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:20:38.994637012 CET	49858	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:20:39.005264044 CET	49864	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:20:39.115392923 CET	7545	49858	162.252.175.33	192.168.2.4
Dec 11, 2024 19:20:39.127396107 CET	7545	49864	162.252.175.33	192.168.2.4
Dec 11, 2024 19:20:39.129439116 CET	49864	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:20:39.129631996 CET	49864	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:20:39.250103951 CET	7545	49864	162.252.175.33	192.168.2.4
Dec 11, 2024 19:20:41.200422049 CET	7545	49864	162.252.175.33	192.168.2.4
Dec 11, 2024 19:20:41.200511932 CET	49864	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:20:41.200721979 CET	49864	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:20:41.202519894 CET	49870	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:20:41.321293116 CET	7545	49864	162.252.175.33	192.168.2.4
Dec 11, 2024 19:20:41.323386908 CET	7545	49870	162.252.175.33	192.168.2.4
Dec 11, 2024 19:20:41.327395916 CET	49870	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:20:41.327617884 CET	49870	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:20:41.451956987 CET	7545	49870	162.252.175.33	192.168.2.4
Dec 11, 2024 19:20:43.332956076 CET	7545	49870	162.252.175.33	192.168.2.4
Dec 11, 2024 19:20:43.333167076 CET	49870	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:20:43.333261013 CET	49870	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:20:43.351198912 CET	49876	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:20:43.453486919 CET	7545	49870	162.252.175.33	192.168.2.4
Dec 11, 2024 19:20:43.471194983 CET	7545	49876	162.252.175.33	192.168.2.4
Dec 11, 2024 19:20:43.473155975 CET	49876	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:20:43.473247051 CET	49876	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:20:43.592880964 CET	7545	49876	162.252.175.33	192.168.2.4
Dec 11, 2024 19:20:45.594926119 CET	7545	49876	162.252.175.33	192.168.2.4
Dec 11, 2024 19:20:45.595134974 CET	49876	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:20:45.595237017 CET	49876	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:20:45.596653938 CET	49882	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:20:45.714787960 CET	7545	49876	162.252.175.33	192.168.2.4
Dec 11, 2024 19:20:45.716080904 CET	7545	49882	162.252.175.33	192.168.2.4
Dec 11, 2024 19:20:45.719557047 CET	49882	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:20:45.719819069 CET	49882	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:20:45.839721918 CET	7545	49882	162.252.175.33	192.168.2.4
Dec 11, 2024 19:20:47.708138943 CET	7545	49882	162.252.175.33	192.168.2.4
Dec 11, 2024 19:20:47.708216906 CET	49882	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:20:47.708345890 CET	49882	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:20:47.724054098 CET	49888	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:20:47.827821016 CET	7545	49882	162.252.175.33	192.168.2.4
Dec 11, 2024 19:20:47.843525887 CET	7545	49888	162.252.175.33	192.168.2.4
Dec 11, 2024 19:20:47.843625069 CET	49888	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:20:47.843930960 CET	49888	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:20:47.970360041 CET	7545	49888	162.252.175.33	192.168.2.4
Dec 11, 2024 19:20:49.833873987 CET	7545	49888	162.252.175.33	192.168.2.4
Dec 11, 2024 19:20:49.834080935 CET	49888	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:20:49.837013960 CET	49888	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:20:49.838020086 CET	49894	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:20:49.956444025 CET	7545	49888	162.252.175.33	192.168.2.4
Dec 11, 2024 19:20:49.958592892 CET	7545	49894	162.252.175.33	192.168.2.4
Dec 11, 2024 19:20:49.958801985 CET	49894	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:20:49.958901882 CET	49894	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:20:50.078435898 CET	7545	49894	162.252.175.33	192.168.2.4
Dec 11, 2024 19:20:51.943270922 CET	7545	49894	162.252.175.33	192.168.2.4
Dec 11, 2024 19:20:51.943536997 CET	49894	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:20:51.943536997 CET	49894	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:20:51.956294060 CET	49900	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:20:52.067454100 CET	7545	49894	162.252.175.33	192.168.2.4
Dec 11, 2024 19:20:52.078955889 CET	7545	49900	162.252.175.33	192.168.2.4
Dec 11, 2024 19:20:52.079046965 CET	49900	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:20:52.079318047 CET	49900	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:20:52.198982954 CET	7545	49900	162.252.175.33	192.168.2.4
Dec 11, 2024 19:20:54.137808084 CET	7545	49900	162.252.175.33	192.168.2.4
Dec 11, 2024 19:20:54.137890100 CET	49900	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:20:54.138164997 CET	49900	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:20:54.139744043 CET	49906	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:20:54.263195038 CET	7545	49900	162.252.175.33	192.168.2.4
Dec 11, 2024 19:20:54.264803886 CET	7545	49906	162.252.175.33	192.168.2.4
Dec 11, 2024 19:20:54.264899015 CET	49906	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:20:54.265151978 CET	49906	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:20:54.388356924 CET	7545	49906	162.252.175.33	192.168.2.4
Dec 11, 2024 19:20:56.258342981 CET	7545	49906	162.252.175.33	192.168.2.4
Dec 11, 2024 19:20:56.258424044 CET	49906	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:20:56.258588076 CET	49906	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:20:56.264921904 CET	49912	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:20:56.377995968 CET	7545	49906	162.252.175.33	192.168.2.4
Dec 11, 2024 19:20:56.384536028 CET	7545	49912	162.252.175.33	192.168.2.4
Dec 11, 2024 19:20:56.384604931 CET	49912	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:20:56.384897947 CET	49912	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:20:56.504417896 CET	7545	49912	162.252.175.33	192.168.2.4
Dec 11, 2024 19:20:58.396020889 CET	7545	49912	162.252.175.33	192.168.2.4
Dec 11, 2024 19:20:58.396092892 CET	49912	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:20:58.396331072 CET	49912	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:20:58.397938967 CET	49918	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:20:58.518351078 CET	7545	49912	162.252.175.33	192.168.2.4
Dec 11, 2024 19:20:58.519845963 CET	7545	49918	162.252.175.33	192.168.2.4
Dec 11, 2024 19:20:58.520054102 CET	49918	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:20:58.520149946 CET	49918	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:20:58.639548063 CET	7545	49918	162.252.175.33	192.168.2.4
Dec 11, 2024 19:21:00.537556887 CET	7545	49918	162.252.175.33	192.168.2.4
Dec 11, 2024 19:21:00.537652016 CET	49918	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:21:00.537741899 CET	49918	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:21:00.545993090 CET	49924	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:21:00.657058954 CET	7545	49918	162.252.175.33	192.168.2.4
Dec 11, 2024 19:21:00.665688038 CET	7545	49924	162.252.175.33	192.168.2.4
Dec 11, 2024 19:21:00.665815115 CET	49924	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:21:00.670475006 CET	49924	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:21:00.789994955 CET	7545	49924	162.252.175.33	192.168.2.4
Dec 11, 2024 19:21:02.677633047 CET	7545	49924	162.252.175.33	192.168.2.4
Dec 11, 2024 19:21:02.677707911 CET	49924	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:21:02.677895069 CET	49924	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:21:02.679352045 CET	49930	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:21:02.797514915 CET	7545	49924	162.252.175.33	192.168.2.4
Dec 11, 2024 19:21:02.799144983 CET	7545	49930	162.252.175.33	192.168.2.4
Dec 11, 2024 19:21:02.799329996 CET	49930	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:21:02.799478054 CET	49930	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:21:02.920190096 CET	7545	49930	162.252.175.33	192.168.2.4
Dec 11, 2024 19:21:04.788206100 CET	7545	49930	162.252.175.33	192.168.2.4
Dec 11, 2024 19:21:04.788289070 CET	49930	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:21:04.788391113 CET	49930	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:21:04.795288086 CET	49934	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:21:04.907998085 CET	7545	49930	162.252.175.33	192.168.2.4
Dec 11, 2024 19:21:04.914741993 CET	7545	49934	162.252.175.33	192.168.2.4
Dec 11, 2024 19:21:04.914836884 CET	49934	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:21:04.915088892 CET	49934	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:21:05.198379040 CET	7545	49934	162.252.175.33	192.168.2.4
Dec 11, 2024 19:21:05.913283110 CET	49934	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:21:05.931885004 CET	49937	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:21:06.051295996 CET	7545	49937	162.252.175.33	192.168.2.4
Dec 11, 2024 19:21:06.051438093 CET	49937	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:21:06.051615953 CET	49937	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:21:06.074275017 CET	7545	49934	162.252.175.33	192.168.2.4
Dec 11, 2024 19:21:06.187685966 CET	7545	49937	162.252.175.33	192.168.2.4
Dec 11, 2024 19:21:06.655473948 CET	49937	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:21:06.821963072 CET	7545	49937	162.252.175.33	192.168.2.4
Dec 11, 2024 19:21:07.070020914 CET	7545	49934	162.252.175.33	192.168.2.4
Dec 11, 2024 19:21:07.071510077 CET	49934	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:21:08.052598000 CET	7545	49937	162.252.175.33	192.168.2.4
Dec 11, 2024 19:21:08.052656889 CET	49937	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:21:08.656303883 CET	49945	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:21:08.775852919 CET	7545	49945	162.252.175.33	192.168.2.4
Dec 11, 2024 19:21:08.775928020 CET	49945	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:21:08.776108980 CET	49945	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:21:08.896148920 CET	7545	49945	162.252.175.33	192.168.2.4
Dec 11, 2024 19:21:10.792382002 CET	7545	49945	162.252.175.33	192.168.2.4
Dec 11, 2024 19:21:10.792454004 CET	49945	7545	192.168.2.4	162.252.175.33

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Dec 11, 2024 19:19:21.063908100 CET	63320	53	192.168.2.4	1.1.1.1
Dec 11, 2024 19:19:21.454253912 CET	53	63320	1.1.1.1	192.168.2.4

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Dec 11, 2024 19:19:21.063908100 CET	192.168.2.4	1.1.1.1	0x2a3	Standard query (0)	theprintazadkashmir.com	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Dec 11, 2024 19:19:21.454253912 CET	1.1.1.1	192.168.2.4	0x2a3	No error (0)	theprintazadkashmir.com		162.252.175.33	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

theprintazadkashmir.com:7545

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49735	162.252.175.33	7545	7328	C:\Users\user\Desktop\Coordination_Committee.exe

Timestamp	Bytes transferred	Direction	Data
Dec 11, 2024 19:19:21.736721039 CET	133	OUT	GET /Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3 HTTP/1.1 Host: theprintazadkashmir.com:7545 Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.4	49737	162.252.175.33	7545	7328	C:\Users\user\Desktop\Coordination_Committee.exe

Timestamp	Bytes transferred	Direction	Data
Dec 11, 2024 19:19:23.992898941 CET	133	OUT	GET /Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3 HTTP/1.1 Host: theprintazadkashmir.com:7545 Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.4	49738	162.252.175.33	7545	7328	C:\Users\user\Desktop\Coordination_Committee.exe

Timestamp	Bytes transferred	Direction	Data
Dec 11, 2024 19:19:26.761612892 CET	133	OUT	GET /Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3 HTTP/1.1 Host: theprintazadkashmir.com:7545 Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.4	49739	162.252.175.33	7545	7328	C:\Users\user\Desktop\Coordination_Committee.exe

Timestamp	Bytes transferred	Direction	Data
Dec 11, 2024 19:19:28.970549107 CET	133	OUT	GET /Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3 HTTP/1.1 Host: theprintazadkashmir.com:7545 Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.4	49740	162.252.175.33	7545	7328	C:\Users\user\Desktop\Coordination_Committee.exe

Timestamp	Bytes transferred	Direction	Data
Dec 11, 2024 19:19:31.148454905 CET	133	OUT	GET /Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3 HTTP/1.1 Host: theprintazadkashmir.com:7545 Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.4	49741	162.252.175.33	7545	7328	C:\Users\user\Desktop\Coordination_Committee.exe

Timestamp	Bytes transferred	Direction	Data
Dec 11, 2024 19:19:33.374944925 CET	133	OUT	GET /Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3 HTTP/1.1 Host: theprintazadkashmir.com:7545 Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.4	49742	162.252.175.33	7545	7328	C:\Users\user\Desktop\Coordination_Committee.exe

Timestamp	Bytes transferred	Direction	Data
Dec 11, 2024 19:19:35.657838106 CET	133	OUT	GET /Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3 HTTP/1.1 Host: theprintazadkashmir.com:7545 Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.4	49743	162.252.175.33	7545	7328	C:\Users\user\Desktop\Coordination_Committee.exe

Timestamp	Bytes transferred	Direction	Data
Dec 11, 2024 19:19:37.793410063 CET	133	OUT	GET /Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3 HTTP/1.1 Host: theprintazadkashmir.com:7545 Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.4	49744	162.252.175.33	7545	7328	C:\Users\user\Desktop\Coordination_Committee.exe

Timestamp	Bytes transferred	Direction	Data
Dec 11, 2024 19:19:40.311816931 CET	133	OUT	GET /Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3 HTTP/1.1 Host: theprintazadkashmir.com:7545 Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.4	49745	162.252.175.33	7545	7328	C:\Users\user\Desktop\Coordination_Committee.exe

Timestamp	Bytes transferred	Direction	Data
Dec 11, 2024 19:19:42.873224974 CET	133	OUT	GET /Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3 HTTP/1.1 Host: theprintazadkashmir.com:7545 Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.4	49746	162.252.175.33	7545	7328	C:\Users\user\Desktop\Coordination_Committee.exe

Timestamp	Bytes transferred	Direction	Data
Dec 11, 2024 19:19:45.218832970 CET	133	OUT	GET /Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3 HTTP/1.1 Host: theprintazadkashmir.com:7545 Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
11	192.168.2.4	49747	162.252.175.33	7545	7328	C:\Users\user\Desktop\Coordination_Committee.exe

Timestamp	Bytes transferred	Direction	Data
Dec 11, 2024 19:19:47.529666901 CET	133	OUT	GET /Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3 HTTP/1.1 Host: theprintazadkashmir.com:7545 Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
12	192.168.2.4	49748	162.252.175.33	7545	7328	C:\Users\user\Desktop\Coordination_Committee.exe

Timestamp	Bytes transferred	Direction	Data
Dec 11, 2024 19:19:49.770206928 CET	133	OUT	GET /Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3 HTTP/1.1 Host: theprintazadkashmir.com:7545 Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
13	192.168.2.4	49749	162.252.175.33	7545	7328	C:\Users\user\Desktop\Coordination_Committee.exe

Timestamp	Bytes transferred	Direction	Data
Dec 11, 2024 19:19:52.035727024 CET	133	OUT	GET /Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3 HTTP/1.1 Host: theprintazadkashmir.com:7545 Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
14	192.168.2.4	49751	162.252.175.33	7545	7328	C:\Users\user\Desktop\Coordination_Committee.exe

Timestamp	Bytes transferred	Direction	Data
Dec 11, 2024 19:19:54.312413931 CET	133	OUT	GET /Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3 HTTP/1.1 Host: theprintazadkashmir.com:7545 Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
15	192.168.2.4	49753	162.252.175.33	7545	7328	C:\Users\user\Desktop\Coordination_Committee.exe

Timestamp	Bytes transferred	Direction	Data
Dec 11, 2024 19:19:56.599919081 CET	133	OUT	GET /Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3 HTTP/1.1 Host: theprintazadkashmir.com:7545 Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
16	192.168.2.4	49759	162.252.175.33	7545	7328	C:\Users\user\Desktop\Coordination_Committee.exe

Timestamp	Bytes transferred	Direction	Data
Dec 11, 2024 19:19:58.823132992 CET	133	OUT	GET /Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3 HTTP/1.1 Host: theprintazadkashmir.com:7545 Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
17	192.168.2.4	49765	162.252.175.33	7545	7328	C:\Users\user\Desktop\Coordination_Committee.exe

Timestamp	Bytes transferred	Direction	Data
Dec 11, 2024 19:20:01.081897020 CET	133	OUT	GET /Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3 HTTP/1.1 Host: theprintazadkashmir.com:7545 Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
18	192.168.2.4	49771	162.252.175.33	7545	7328	C:\Users\user\Desktop\Coordination_Committee.exe

Timestamp	Bytes transferred	Direction	Data
Dec 11, 2024 19:20:03.427279949 CET	133	OUT	GET /Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3 HTTP/1.1 Host: theprintazadkashmir.com:7545 Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
19	192.168.2.4	49777	162.252.175.33	7545	7328	C:\Users\user\Desktop\Coordination_Committee.exe

Timestamp	Bytes transferred	Direction	Data
Dec 11, 2024 19:20:05.650628090 CET	133	OUT	GET /Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3 HTTP/1.1 Host: theprintazadkashmir.com:7545 Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
20	192.168.2.4	49783	162.252.175.33	7545	7328	C:\Users\user\Desktop\Coordination_Committee.exe

Timestamp	Bytes transferred	Direction	Data
Dec 11, 2024 19:20:07.947813034 CET	133	OUT	GET /Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3 HTTP/1.1 Host: theprintazadkashmir.com:7545 Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
21	192.168.2.4	49789	162.252.175.33	7545	7328	C:\Users\user\Desktop\Coordination_Committee.exe

Timestamp	Bytes transferred	Direction	Data
Dec 11, 2024 19:20:10.177047014 CET	133	OUT	GET /Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3 HTTP/1.1 Host: theprintazadkashmir.com:7545 Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
22	192.168.2.4	49794	162.252.175.33	7545	7328	C:\Users\user\Desktop\Coordination_Committee.exe

Timestamp	Bytes transferred	Direction	Data
Dec 11, 2024 19:20:12.410845995 CET	133	OUT	GET /Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3 HTTP/1.1 Host: theprintazadkashmir.com:7545 Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
23	192.168.2.4	49800	162.252.175.33	7545	7328	C:\Users\user\Desktop\Coordination_Committee.exe

Timestamp	Bytes transferred	Direction	Data
Dec 11, 2024 19:20:14.741805077 CET	133	OUT	GET /Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3 HTTP/1.1 Host: theprintazadkashmir.com:7545 Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
24	192.168.2.4	49806	162.252.175.33	7545	7328	C:\Users\user\Desktop\Coordination_Committee.exe

Timestamp	Bytes transferred	Direction	Data
Dec 11, 2024 19:20:16.973999023 CET	133	OUT	GET /Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3 HTTP/1.1 Host: theprintazadkashmir.com:7545 Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
25	192.168.2.4	49811	162.252.175.33	7545	7328	C:\Users\user\Desktop\Coordination_Committee.exe

Timestamp	Bytes transferred	Direction	Data
Dec 11, 2024 19:20:19.157022953 CET	133	OUT	GET /Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3 HTTP/1.1 Host: theprintazadkashmir.com:7545 Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
26	192.168.2.4	49817	162.252.175.33	7545	7328	C:\Users\user\Desktop\Coordination_Committee.exe

Timestamp	Bytes transferred	Direction	Data
Dec 11, 2024 19:20:21.331758022 CET	133	OUT	GET /Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3 HTTP/1.1 Host: theprintazadkashmir.com:7545 Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
27	192.168.2.4	49823	162.252.175.33	7545	7328	C:\Users\user\Desktop\Coordination_Committee.exe

Timestamp	Bytes transferred	Direction	Data
Dec 11, 2024 19:20:23.496350050 CET	133	OUT	GET /Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3 HTTP/1.1 Host: theprintazadkashmir.com:7545 Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
28	192.168.2.4	49829	162.252.175.33	7545	7328	C:\Users\user\Desktop\Coordination_Committee.exe

Timestamp	Bytes transferred	Direction	Data
Dec 11, 2024 19:20:25.757833958 CET	133	OUT	GET /Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3 HTTP/1.1 Host: theprintazadkashmir.com:7545 Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
29	192.168.2.4	49834	162.252.175.33	7545	7328	C:\Users\user\Desktop\Coordination_Committee.exe

Timestamp	Bytes transferred	Direction	Data
Dec 11, 2024 19:20:28.222855091 CET	133	OUT	GET /Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3 HTTP/1.1 Host: theprintazadkashmir.com:7545 Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
30	192.168.2.4	49840	162.252.175.33	7545	7328	C:\Users\user\Desktop\Coordination_Committee.exe

Timestamp	Bytes transferred	Direction	Data
Dec 11, 2024 19:20:30.381268978 CET	133	OUT	GET /Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3 HTTP/1.1 Host: theprintazadkashmir.com:7545 Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
31	192.168.2.4	49846	162.252.175.33	7545	7328	C:\Users\user\Desktop\Coordination_Committee.exe

Timestamp	Bytes transferred	Direction	Data
Dec 11, 2024 19:20:32.524878979 CET	133	OUT	GET /Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3 HTTP/1.1 Host: theprintazadkashmir.com:7545 Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
32	192.168.2.4	49852	162.252.175.33	7545	7328	C:\Users\user\Desktop\Coordination_Committee.exe

Timestamp	Bytes transferred	Direction	Data
Dec 11, 2024 19:20:34.847269058 CET	133	OUT	GET /Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3 HTTP/1.1 Host: theprintazadkashmir.com:7545 Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
33	192.168.2.4	49858	162.252.175.33	7545	7328	C:\Users\user\Desktop\Coordination_Committee.exe

Timestamp	Bytes transferred	Direction	Data
Dec 11, 2024 19:20:36.988385916 CET	133	OUT	GET /Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3 HTTP/1.1 Host: theprintazadkashmir.com:7545 Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
34	192.168.2.4	49864	162.252.175.33	7545	7328	C:\Users\user\Desktop\Coordination_Committee.exe

Timestamp	Bytes transferred	Direction	Data
Dec 11, 2024 19:20:39.129631996 CET	133	OUT	GET /Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3 HTTP/1.1 Host: theprintazadkashmir.com:7545 Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
35	192.168.2.4	49870	162.252.175.33	7545	7328	C:\Users\user\Desktop\Coordination_Committee.exe

Timestamp	Bytes transferred	Direction	Data
Dec 11, 2024 19:20:41.327617884 CET	133	OUT	GET /Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3 HTTP/1.1 Host: theprintazadkashmir.com:7545 Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
36	192.168.2.4	49876	162.252.175.33	7545	7328	C:\Users\user\Desktop\Coordination_Committee.exe

Timestamp	Bytes transferred	Direction	Data
Dec 11, 2024 19:20:43.473247051 CET	133	OUT	GET /Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3 HTTP/1.1 Host: theprintazadkashmir.com:7545 Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
37	192.168.2.4	49882	162.252.175.33	7545	7328	C:\Users\user\Desktop\Coordination_Committee.exe

Timestamp	Bytes transferred	Direction	Data
Dec 11, 2024 19:20:45.719819069 CET	133	OUT	GET /Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3 HTTP/1.1 Host: theprintazadkashmir.com:7545 Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
38	192.168.2.4	49888	162.252.175.33	7545	7328	C:\Users\user\Desktop\Coordination_Committee.exe

Timestamp	Bytes transferred	Direction	Data
Dec 11, 2024 19:20:47.843930960 CET	133	OUT	GET /Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3 HTTP/1.1 Host: theprintazadkashmir.com:7545 Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
39	192.168.2.4	49894	162.252.175.33	7545	7328	C:\Users\user\Desktop\Coordination_Committee.exe

Timestamp	Bytes transferred	Direction	Data
Dec 11, 2024 19:20:49.958901882 CET	133	OUT	GET /Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3 HTTP/1.1 Host: theprintazadkashmir.com:7545 Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
40	192.168.2.4	49900	162.252.175.33	7545	7328	C:\Users\user\Desktop\Coordination_Committee.exe

Timestamp	Bytes transferred	Direction	Data
Dec 11, 2024 19:20:52.079318047 CET	133	OUT	GET /Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3 HTTP/1.1 Host: theprintazadkashmir.com:7545 Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
41	192.168.2.4	49906	162.252.175.33	7545	7328	C:\Users\user\Desktop\Coordination_Committee.exe

Timestamp	Bytes transferred	Direction	Data
Dec 11, 2024 19:20:54.265151978 CET	133	OUT	GET /Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3 HTTP/1.1 Host: theprintazadkashmir.com:7545 Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
42	192.168.2.4	49912	162.252.175.33	7545	7328	C:\Users\user\Desktop\Coordination_Committee.exe

Timestamp	Bytes transferred	Direction	Data
Dec 11, 2024 19:20:56.384897947 CET	133	OUT	GET /Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3 HTTP/1.1 Host: theprintazadkashmir.com:7545 Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
43	192.168.2.4	49918	162.252.175.33	7545	7328	C:\Users\user\Desktop\Coordination_Committee.exe

Timestamp	Bytes transferred	Direction	Data
Dec 11, 2024 19:20:58.520149946 CET	133	OUT	GET /Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3 HTTP/1.1 Host: theprintazadkashmir.com:7545 Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
44	192.168.2.4	49924	162.252.175.33	7545	7328	C:\Users\user\Desktop\Coordination_Committee.exe

Timestamp	Bytes transferred	Direction	Data
Dec 11, 2024 19:21:00.670475006 CET	133	OUT	GET /Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3 HTTP/1.1 Host: theprintazadkashmir.com:7545 Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
45	192.168.2.4	49930	162.252.175.33	7545	7328	C:\Users\user\Desktop\Coordination_Committee.exe

Timestamp	Bytes transferred	Direction	Data
Dec 11, 2024 19:21:02.799478054 CET	133	OUT	GET /Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3 HTTP/1.1 Host: theprintazadkashmir.com:7545 Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
46	192.168.2.4	49934	162.252.175.33	7545	7328	C:\Users\user\Desktop\Coordination_Committee.exe

Timestamp	Bytes transferred	Direction	Data
Dec 11, 2024 19:21:04.915088892 CET	133	OUT	GET /Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3 HTTP/1.1 Host: theprintazadkashmir.com:7545 Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
47	192.168.2.4	49937	162.252.175.33	7545	7328	C:\Users\user\Desktop\Coordination_Committee.exe

Timestamp	Bytes transferred	Direction	Data
Dec 11, 2024 19:21:06.051615953 CET	133	OUT	GET /Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3 HTTP/1.1 Host: theprintazadkashmir.com:7545 Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port
48	192.168.2.4	49945	162.252.175.33	7545

Timestamp	Bytes transferred	Direction	Data
Dec 11, 2024 19:21:08.776108980 CET	133	OUT	GET /Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3 HTTP/1.1 Host: theprintazadkashmir.com:7545 Connection: Keep-Alive

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

High Level Behavior Distribution

Click to dive into process behavior distribution

System Behavior

Analysis Process: Coordination_Committee.exePID: 7328, Parent PID: 2580

General

Target ID:	0
Start time:	13:18:59
Start date:	11/12/2024
Path:	C:\Users\user\Desktop\Coordination_Committee.exe
Wow64 process (32bit):	false
Commandline:	"C:\Users\user\Desktop\Coordination_Committee.exe"
Imagebase:	0x24a9a260000
File size:	21'504 bytes
MD5 hash:	10C4162AF158B4A1FE29BCEFB589F464
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Disassembly

Reset < >

Analysis Process: Coordination_Committee.exePID: 7328, Parent PID: 2580COMMON

Executed Functions

Function 00007FFD9B8909E2 Relevance: .4, Instructions: 418COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2980819285.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b890000_Coordination_Committee.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 425e4cc864dfb372866197b51a7dffd2fbfb45a9ec60cc383d0d398a3cd6fed9
Instruction ID: 8dc94c902e86eef7b7de3c8cb448e440ec8a199af3d0010cd62cbaf6330732f2
Opcode Fuzzy Hash: 425e4cc864dfb372866197b51a7dffd2fbfb45a9ec60cc383d0d398a3cd6fed9
Instruction Fuzzy Hash: 4AD1F430B19A4D4FDB59EF688865ABA7BE1FF89300F1445BDE41AC72D6DE34A802C741

Function 00007FFD9B8905E8 Relevance: .4, Instructions: 365COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2980819285.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b890000_Coordination_Committee.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 94e32c5a6a0decf212bdb438f04f9c0c399fd7645a72d8174476f40f0a6828eb
Instruction ID: 2cdc701c76051b465e674bb3da05b6f9159016fe8305e3166f3f24122dbf6bcb
Opcode Fuzzy Hash: 94e32c5a6a0decf212bdb438f04f9c0c399fd7645a72d8174476f40f0a6828eb
Instruction Fuzzy Hash: 7AB11430B18A4D5FDB64EF6888656B97BE1FF89310F0541BAD459C72D2CE38A903CB41

Function 00007FFD9B892BBD Relevance: .2, Instructions: 197COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2980819285.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b890000_Coordination_Committee.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6c01dd00f1452ebc0be149b69e4a292b78372cf0894701378f365f0274c18500
Instruction ID: 237abb991a7103caa9000a2c349c1627014b5f2417a96779edb05cfa9a10e7f1
Opcode Fuzzy Hash: 6c01dd00f1452ebc0be149b69e4a292b78372cf0894701378f365f0274c18500
Instruction Fuzzy Hash: C151C031A08B5C8FDB58DF9CD8456E97BE1EF99310F00426AE449D7256CA30A945CB82

Function 00007FFD9B892BBA Relevance: .2, Instructions: 193COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2980819285.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b890000_Coordination_Committee.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 80ab0f26c6dec258255ead5a0a4a5c50f7e17c1c2aae81854f4c3d0c4b9ee9c1
Instruction ID: df05d4c4fa95f81c7e635a855af2cbba0ee225e347527177e395f0ea9fbf43ed
Opcode Fuzzy Hash: 80ab0f26c6dec258255ead5a0a4a5c50f7e17c1c2aae81854f4c3d0c4b9ee9c1
Instruction Fuzzy Hash: C951C171A08B1C8FDB58DF9CD8456ED7BF1FF99310F00426AE449D7296DA30A945CB82

Function 00007FFD9B892BAD Relevance: .2, Instructions: 174COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2980819285.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b890000_Coordination_Committee.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 526cb85c4a18b9cc9021787bb3251c8b59ddb69e7120d3c2ea5acdad126bda31
Instruction ID: a76d69cc1027f36bcc5f629bf70fb1e45135d17cb0b77df5d18cf28573a24f21
Opcode Fuzzy Hash: 526cb85c4a18b9cc9021787bb3251c8b59ddb69e7120d3c2ea5acdad126bda31
Instruction Fuzzy Hash: 5A51B131A08B1C8FDB58EF98D8456EDBBE1FF98310F00426AD44DD7256DA34A945CBC2

Function 00007FFD9B8904A0 Relevance: .2, Instructions: 159COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2980819285.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b890000_Coordination_Committee.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bfb1f27871b22128c8d2dbf5af6443f991af191328c3906e16d8c16923404f1d
Instruction ID: 9acba3aac794ec7988bd0a3d167697da85f54b2509b9d8a6fee87692b3a20ae1
Opcode Fuzzy Hash: bfb1f27871b22128c8d2dbf5af6443f991af191328c3906e16d8c16923404f1d
Instruction Fuzzy Hash: 86415921A1F7C60FEB26977448696653FD0EF56710F0901FAD488C71F3EA5C664A8352

Function 00007FFD9B890E10 Relevance: .1, Instructions: 148COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2980819285.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b890000_Coordination_Committee.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ce75bb8ddbf15d83e82c38f122577866665b455e733a5bb05c549565f57e03ce
Instruction ID: 121963c1d244c7d02fe19ccf9d8c2b11d95464c7eace326121c7fd9bcfce2eb8
Opcode Fuzzy Hash: ce75bb8ddbf15d83e82c38f122577866665b455e733a5bb05c549565f57e03ce
Instruction Fuzzy Hash: 8E417D31A0E7CA0FEB269B748C256653FA0EF07714F0902BED499C71E3EA1975478352

Function 00007FFD9B890E77 Relevance: .1, Instructions: 95COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2980819285.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b890000_Coordination_Committee.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5bf4dcaddeade9ac0af7098c05929d276dfa12ee1489291c5acde5b89e019cef
Instruction ID: 66a809dfb9307a09a1bf9b2f9bc86a82f6aa3afe770731f24eada1243decc536
Opcode Fuzzy Hash: 5bf4dcaddeade9ac0af7098c05929d276dfa12ee1489291c5acde5b89e019cef
Instruction Fuzzy Hash: 3D317821E0E7C60EEB36877448257647FD09F56B50F0902B9D088C71F3EA5C364A8392

Function 00007FFD9B8911E9 Relevance: .1, Instructions: 87COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2980819285.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b890000_Coordination_Committee.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 680dc9d195c7bea95f62cc985922971e981777514f598270aef7d91ffc977125
Instruction ID: 344d92c0abf584bfea1fbdbbaff78602d374bf2c598f1a55d1515c9e4223d57e
Opcode Fuzzy Hash: 680dc9d195c7bea95f62cc985922971e981777514f598270aef7d91ffc977125
Instruction Fuzzy Hash: 96213031B1894E8FDF98EF58D4547AA77E2FFA8311B504569E41AC3299CE34E942CB80

Function 00007FFD9B891B55 Relevance: .1, Instructions: 81COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2980819285.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b890000_Coordination_Committee.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 21a9e61f90fda88497172a5d44d12ee2deb063b4fa369cd493a96dab2c1b897b
Instruction ID: 8839bbf8514bab05b874604c8161fe84e7b3ee3129ccde0fe45e498803f1aaaf
Opcode Fuzzy Hash: 21a9e61f90fda88497172a5d44d12ee2deb063b4fa369cd493a96dab2c1b897b
Instruction Fuzzy Hash: 8A115B21B2C54D4FDB2CFF7C88A50B473D1EB9932172506BED897C35A2E810D8438340

Function 00007FFD9B891099 Relevance: .1, Instructions: 79COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2980819285.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b890000_Coordination_Committee.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c9f689c120867cf77a44998324bc2d08b3d38fb8bf513df600c66b032541b63a
Instruction ID: 0a60a9b332c50ccaa44c6f2d571e51ce3e5e4c9034c01caa0b4ed5c664552005
Opcode Fuzzy Hash: c9f689c120867cf77a44998324bc2d08b3d38fb8bf513df600c66b032541b63a
Instruction Fuzzy Hash: 00210126E0E99E7EFF71B3A458312F93AE0EF4D310F0611BAD41CC35E2DC186A0A4681

Function 00007FFD9B890488 Relevance: .1, Instructions: 68COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2980819285.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b890000_Coordination_Committee.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4b1417590160d34a9cc37fe1a04529fd02e002029f1cce22748c3b3c8f74ca34
Instruction ID: 4773f2c3a0295d63cfff74af9471c57ad5fce7ecd37d00ff8b63a5cdee9966ee
Opcode Fuzzy Hash: 4b1417590160d34a9cc37fe1a04529fd02e002029f1cce22748c3b3c8f74ca34
Instruction Fuzzy Hash: 8B115E32A0E6C92FFB65A7244C264A67FD0EF46250F0646BFE0C9C71F2DE16A6074381

Function 00007FFD9B8909AD Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2980819285.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b890000_Coordination_Committee.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6eb3c746e68cc77368f0d5cd6a967566aeea8136bfb821623533ad22bd7e4e7c
Instruction ID: 2adbcd04c254b998fb45d039891abde5ffffbd3ddd77d2aa6a1279c35bdde96a
Opcode Fuzzy Hash: 6eb3c746e68cc77368f0d5cd6a967566aeea8136bfb821623533ad22bd7e4e7c
Instruction Fuzzy Hash: B5E01222F6581E49EF59B7B47C369FDB295DF89204BD144B5E42DC30CBDD1929120583

Function 00007FFD9B8908FE Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2980819285.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b890000_Coordination_Committee.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 501b63f9b1391bd3bd81c4edd4c8afde7604aae25c3a5e814277689270ff71b8
Instruction ID: 1bc73a727f336cf9c4b9235454ff746ecbbda5873e2163e4ff6cfce96c1312b2
Opcode Fuzzy Hash: 501b63f9b1391bd3bd81c4edd4c8afde7604aae25c3a5e814277689270ff71b8
Instruction Fuzzy Hash: B1D05B3252CB4D4BC755DF18E4508DEB790FF94324F801B3DF05E821D5DE6493818682

Function 00007FFD9B8912B3 Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2980819285.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b890000_Coordination_Committee.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 85225be606474d63d2fc12090126a9e46adf5c08d8aec116afc6a5c952075e6a
Instruction ID: 4d320a7891448ae23f5e66d97a67dd3edf97a7eefaa8425e252e055c29f3b182
Opcode Fuzzy Hash: 85225be606474d63d2fc12090126a9e46adf5c08d8aec116afc6a5c952075e6a
Instruction Fuzzy Hash: 6CC01233B4E41D58EE28B38878230FCBB91DB8D232F522037D64F82092980A222A1281

Function 00007FFD9B890BD4 Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2980819285.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b890000_Coordination_Committee.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bff4780c4bf4d1831c37b6bd3b3a8323a690ce1647c70b0430283ef238faa28a
Instruction ID: b409e4cc1a78b6facd246cb5167322e1061301ad3fab8c33aee29be0f83f5dc9
Opcode Fuzzy Hash: bff4780c4bf4d1831c37b6bd3b3a8323a690ce1647c70b0430283ef238faa28a
Instruction Fuzzy Hash: B6C048B3A9E2188DBA286588B8430F8B790D68A576B11223BD38B81862694331670589

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Driver: Driver Load, Process: Process Creation, Process: Process Termination, Sensor Health: Host Status, Service: Service Metadata, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify file time attributes to hide new or changes to existing files. Timestomping is a technique that modifies the timestamps of a file (the modify, access, create, and change times), often to mimic files that are in the same folder. This is done, for example, on files that have been modified or created by the adversary so that they do not appear conspicuous to forensic investigators or file analysis tools.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata, File: File Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using a protocol and port pairing that are typically not associated. For example, HTTPS over port 8088or port 587as opposed to the traditional port 443. Adversaries may make changes to the standard port used by a protocol to bypass filtering or muddle analysis/parsing of network data.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report Coordination_Committee.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Networking

System Summary

Data Obfuscation

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

Language, Device and Operating System Detection

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

File Icon

Static PE Info

General

Entrypoint Preview

Data Directories

Sections

Resources

Imports

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTP Packets

Statistics

CPU Usage

Memory Usage

High Level Behavior Distribution

back

System Behavior

Analysis Process: Coordination_Committee.exePID: 7328, Parent PID: 2580

Windows Analysis Report
Coordination_Committee.exe