Edit tour

Windows Analysis Report
Coordination_Committee.exe

Overview

General Information

Sample name:	Coordination_Committee.exe
Analysis ID:	1573295
MD5:	10c4162af158b4a1fe29bcefb589f464
SHA1:	eeb63a5dd15d31a7a05a33f42478b18ec39ef4e0
SHA256:	80c205154636cc0e78140f4fa97fc34ce18038ec48d156268acd827080a6d3b9
Tags:	Camscannerexeuser-smica83
Infos:

Detection

Score:	52
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Multi AV Scanner detection for submitted file

Uses known network protocols on non-standard ports

Allocates memory with a write watch (potentially for evading sandboxes)

Binary contains a suspicious time stamp

Contains long sleeps (>= 3 min)

Detected TCP or UDP traffic on non-standard ports

Enables debug privileges

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

HTTP GET or POST without a user agent

May sleep (evasive loops) to hinder dynamic analysis

Queries the volume information (name, serial number etc) of a device

Sample file is different than original file name gathered from version info

Classification

Process Tree

System is w10x64

Coordination_Committee.exe (PID: 7412 cmdline: "C:\Users\user\Desktop\Coordination_Committee.exe" MD5: 10C4162AF158B4A1FE29BCEFB589F464)

cleanup

Malware Configuration

⊘No configs have been found

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Multi AV Scanner detection for submitted file

Source: Coordination_Committee.exe

ReversingLabs: Detection: 66%

Source: Coordination_Committee.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Networking

Uses known network protocols on non-standard ports

Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 7545
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 7545
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 7545
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 7545
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 7545
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 7545
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 7545
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 7545
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 7545
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 7545
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 7545
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 7545
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 7545
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 7545
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 7545
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 7545
Source: unknown	Network traffic detected: HTTP traffic on port 49781 -> 7545
Source: unknown	Network traffic detected: HTTP traffic on port 49787 -> 7545
Source: unknown	Network traffic detected: HTTP traffic on port 49798 -> 7545
Source: unknown	Network traffic detected: HTTP traffic on port 49802 -> 7545
Source: unknown	Network traffic detected: HTTP traffic on port 49813 -> 7545
Source: unknown	Network traffic detected: HTTP traffic on port 49819 -> 7545
Source: unknown	Network traffic detected: HTTP traffic on port 49829 -> 7545
Source: unknown	Network traffic detected: HTTP traffic on port 49835 -> 7545
Source: unknown	Network traffic detected: HTTP traffic on port 49845 -> 7545
Source: unknown	Network traffic detected: HTTP traffic on port 49851 -> 7545
Source: unknown	Network traffic detected: HTTP traffic on port 49861 -> 7545
Source: unknown	Network traffic detected: HTTP traffic on port 49867 -> 7545
Source: unknown	Network traffic detected: HTTP traffic on port 49878 -> 7545
Source: unknown	Network traffic detected: HTTP traffic on port 49884 -> 7545
Source: unknown	Network traffic detected: HTTP traffic on port 49895 -> 7545
Source: unknown	Network traffic detected: HTTP traffic on port 49900 -> 7545
Source: unknown	Network traffic detected: HTTP traffic on port 49910 -> 7545
Source: unknown	Network traffic detected: HTTP traffic on port 49916 -> 7545
Source: unknown	Network traffic detected: HTTP traffic on port 49926 -> 7545
Source: unknown	Network traffic detected: HTTP traffic on port 49932 -> 7545
Source: unknown	Network traffic detected: HTTP traffic on port 49943 -> 7545
Source: unknown	Network traffic detected: HTTP traffic on port 49949 -> 7545
Source: unknown	Network traffic detected: HTTP traffic on port 49960 -> 7545
Source: unknown	Network traffic detected: HTTP traffic on port 49965 -> 7545
Source: unknown	Network traffic detected: HTTP traffic on port 49976 -> 7545
Source: unknown	Network traffic detected: HTTP traffic on port 49981 -> 7545
Source: unknown	Network traffic detected: HTTP traffic on port 49991 -> 7545
Source: unknown	Network traffic detected: HTTP traffic on port 49997 -> 7545
Source: unknown	Network traffic detected: HTTP traffic on port 50007 -> 7545
Source: unknown	Network traffic detected: HTTP traffic on port 50013 -> 7545
Source: unknown	Network traffic detected: HTTP traffic on port 50024 -> 7545
Source: unknown	Network traffic detected: HTTP traffic on port 50030 -> 7545
Source: unknown	Network traffic detected: HTTP traffic on port 50040 -> 7545
Source: unknown	Network traffic detected: HTTP traffic on port 50046 -> 7545
Source: unknown	Network traffic detected: HTTP traffic on port 50052 -> 7545
Source: unknown	Network traffic detected: HTTP traffic on port 50053 -> 7545
Source: unknown	Network traffic detected: HTTP traffic on port 50054 -> 7545

Source: global traffic

TCP traffic: 192.168.2.4:49733 -> 162.252.175.33:7545

Source: global traffic	HTTP traffic detected: GET /Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3 HTTP/1.1Host: theprintazadkashmir.com:7545Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3 HTTP/1.1Host: theprintazadkashmir.com:7545Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3 HTTP/1.1Host: theprintazadkashmir.com:7545Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3 HTTP/1.1Host: theprintazadkashmir.com:7545Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3 HTTP/1.1Host: theprintazadkashmir.com:7545Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3 HTTP/1.1Host: theprintazadkashmir.com:7545Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3 HTTP/1.1Host: theprintazadkashmir.com:7545Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3 HTTP/1.1Host: theprintazadkashmir.com:7545Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3 HTTP/1.1Host: theprintazadkashmir.com:7545Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3 HTTP/1.1Host: theprintazadkashmir.com:7545Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3 HTTP/1.1Host: theprintazadkashmir.com:7545Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3 HTTP/1.1Host: theprintazadkashmir.com:7545Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3 HTTP/1.1Host: theprintazadkashmir.com:7545Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3 HTTP/1.1Host: theprintazadkashmir.com:7545Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3 HTTP/1.1Host: theprintazadkashmir.com:7545Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3 HTTP/1.1Host: theprintazadkashmir.com:7545Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3 HTTP/1.1Host: theprintazadkashmir.com:7545Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3 HTTP/1.1Host: theprintazadkashmir.com:7545Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3 HTTP/1.1Host: theprintazadkashmir.com:7545Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3 HTTP/1.1Host: theprintazadkashmir.com:7545Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3 HTTP/1.1Host: theprintazadkashmir.com:7545Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3 HTTP/1.1Host: theprintazadkashmir.com:7545Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3 HTTP/1.1Host: theprintazadkashmir.com:7545Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3 HTTP/1.1Host: theprintazadkashmir.com:7545Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3 HTTP/1.1Host: theprintazadkashmir.com:7545Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3 HTTP/1.1Host: theprintazadkashmir.com:7545Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3 HTTP/1.1Host: theprintazadkashmir.com:7545Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3 HTTP/1.1Host: theprintazadkashmir.com:7545Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3 HTTP/1.1Host: theprintazadkashmir.com:7545Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3 HTTP/1.1Host: theprintazadkashmir.com:7545Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3 HTTP/1.1Host: theprintazadkashmir.com:7545Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3 HTTP/1.1Host: theprintazadkashmir.com:7545Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3 HTTP/1.1Host: theprintazadkashmir.com:7545Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3 HTTP/1.1Host: theprintazadkashmir.com:7545Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3 HTTP/1.1Host: theprintazadkashmir.com:7545Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3 HTTP/1.1Host: theprintazadkashmir.com:7545Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3 HTTP/1.1Host: theprintazadkashmir.com:7545Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3 HTTP/1.1Host: theprintazadkashmir.com:7545Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3 HTTP/1.1Host: theprintazadkashmir.com:7545Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3 HTTP/1.1Host: theprintazadkashmir.com:7545Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3 HTTP/1.1Host: theprintazadkashmir.com:7545Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3 HTTP/1.1Host: theprintazadkashmir.com:7545Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3 HTTP/1.1Host: theprintazadkashmir.com:7545Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3 HTTP/1.1Host: theprintazadkashmir.com:7545Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3 HTTP/1.1Host: theprintazadkashmir.com:7545Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3 HTTP/1.1Host: theprintazadkashmir.com:7545Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3 HTTP/1.1Host: theprintazadkashmir.com:7545Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3 HTTP/1.1Host: theprintazadkashmir.com:7545Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3 HTTP/1.1Host: theprintazadkashmir.com:7545Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3 HTTP/1.1Host: theprintazadkashmir.com:7545Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3 HTTP/1.1Host: theprintazadkashmir.com:7545Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3 HTTP/1.1Host: theprintazadkashmir.com:7545Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3 HTTP/1.1Host: theprintazadkashmir.com:7545Connection: Keep-Alive

Source: unknown

UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3 HTTP/1.1Host: theprintazadkashmir.com:7545Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3 HTTP/1.1Host: theprintazadkashmir.com:7545Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3 HTTP/1.1Host: theprintazadkashmir.com:7545Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3 HTTP/1.1Host: theprintazadkashmir.com:7545Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3 HTTP/1.1Host: theprintazadkashmir.com:7545Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3 HTTP/1.1Host: theprintazadkashmir.com:7545Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3 HTTP/1.1Host: theprintazadkashmir.com:7545Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3 HTTP/1.1Host: theprintazadkashmir.com:7545Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3 HTTP/1.1Host: theprintazadkashmir.com:7545Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3 HTTP/1.1Host: theprintazadkashmir.com:7545Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3 HTTP/1.1Host: theprintazadkashmir.com:7545Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3 HTTP/1.1Host: theprintazadkashmir.com:7545Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3 HTTP/1.1Host: theprintazadkashmir.com:7545Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3 HTTP/1.1Host: theprintazadkashmir.com:7545Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3 HTTP/1.1Host: theprintazadkashmir.com:7545Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3 HTTP/1.1Host: theprintazadkashmir.com:7545Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3 HTTP/1.1Host: theprintazadkashmir.com:7545Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3 HTTP/1.1Host: theprintazadkashmir.com:7545Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3 HTTP/1.1Host: theprintazadkashmir.com:7545Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3 HTTP/1.1Host: theprintazadkashmir.com:7545Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3 HTTP/1.1Host: theprintazadkashmir.com:7545Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3 HTTP/1.1Host: theprintazadkashmir.com:7545Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3 HTTP/1.1Host: theprintazadkashmir.com:7545Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3 HTTP/1.1Host: theprintazadkashmir.com:7545Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3 HTTP/1.1Host: theprintazadkashmir.com:7545Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3 HTTP/1.1Host: theprintazadkashmir.com:7545Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3 HTTP/1.1Host: theprintazadkashmir.com:7545Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3 HTTP/1.1Host: theprintazadkashmir.com:7545Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3 HTTP/1.1Host: theprintazadkashmir.com:7545Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3 HTTP/1.1Host: theprintazadkashmir.com:7545Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3 HTTP/1.1Host: theprintazadkashmir.com:7545Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3 HTTP/1.1Host: theprintazadkashmir.com:7545Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3 HTTP/1.1Host: theprintazadkashmir.com:7545Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3 HTTP/1.1Host: theprintazadkashmir.com:7545Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3 HTTP/1.1Host: theprintazadkashmir.com:7545Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3 HTTP/1.1Host: theprintazadkashmir.com:7545Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3 HTTP/1.1Host: theprintazadkashmir.com:7545Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3 HTTP/1.1Host: theprintazadkashmir.com:7545Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3 HTTP/1.1Host: theprintazadkashmir.com:7545Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3 HTTP/1.1Host: theprintazadkashmir.com:7545Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3 HTTP/1.1Host: theprintazadkashmir.com:7545Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3 HTTP/1.1Host: theprintazadkashmir.com:7545Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3 HTTP/1.1Host: theprintazadkashmir.com:7545Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3 HTTP/1.1Host: theprintazadkashmir.com:7545Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3 HTTP/1.1Host: theprintazadkashmir.com:7545Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3 HTTP/1.1Host: theprintazadkashmir.com:7545Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3 HTTP/1.1Host: theprintazadkashmir.com:7545Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3 HTTP/1.1Host: theprintazadkashmir.com:7545Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3 HTTP/1.1Host: theprintazadkashmir.com:7545Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3 HTTP/1.1Host: theprintazadkashmir.com:7545Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3 HTTP/1.1Host: theprintazadkashmir.com:7545Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3 HTTP/1.1Host: theprintazadkashmir.com:7545Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3 HTTP/1.1Host: theprintazadkashmir.com:7545Connection: Keep-Alive

Source: global traffic

DNS traffic detected: DNS query: theprintazadkashmir.com

Source: Coordination_Committee.exe, 00000000.00000002.3539743117.000001CE3437A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: Coordination_Committee.exe, 00000000.00000002.3539743117.000001CE343A3000.00000004.00000800.00020000.00000000.sdmp, Coordination_Committee.exe, 00000000.00000002.3539743117.000001CE3449F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://theprintazadkashmir.com
Source: Coordination_Committee.exe, 00000000.00000002.3539743117.000001CE343A3000.00000004.00000800.00020000.00000000.sdmp, Coordination_Committee.exe, 00000000.00000002.3539743117.000001CE34456000.00000004.00000800.00020000.00000000.sdmp, Coordination_Committee.exe, 00000000.00000002.3539743117.000001CE34420000.00000004.00000800.00020000.00000000.sdmp, Coordination_Committee.exe, 00000000.00000002.3539743117.000001CE3449F000.00000004.00000800.00020000.00000000.sdmp, Coordination_Committee.exe, 00000000.00000002.3539743117.000001CE344D2000.00000004.00000800.00020000.00000000.sdmp, Coordination_Committee.exe, 00000000.00000002.3539743117.000001CE34394000.00000004.00000800.00020000.00000000.sdmp, Coordination_Committee.exe, 00000000.00000002.3539743117.000001CE3437A000.00000004.00000800.00020000.00000000.sdmp, Coordination_Committee.exe, 00000000.00000002.3539743117.000001CE343C4000.00000004.00000800.00020000.00000000.sdmp, Coordination_Committee.exe, 00000000.00000002.3539743117.000001CE344D8000.00000004.00000800.00020000.00000000.sdmp, Coordination_Committee.exe, 00000000.00000002.3539743117.000001CE344B6000.00000004.00000800.00020000.00000000.sdmp, Coordination_Committee.exe, 00000000.00000002.3539743117.000001CE3440F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://theprintazadkashmir.com:7545
Source: Coordination_Committee.exe, 00000000.00000002.3539743117.000001CE3440F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://theprintazadkashmir.com:7545/Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3
Source: Coordination_Committee.exe, 00000000.00000002.3539743117.000001CE34420000.00000004.00000800.00020000.00000000.sdmp, Coordination_Committee.exe, 00000000.00000002.3539743117.000001CE343C4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://theprintazadkashmir.com:7545/Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.30rw2
Source: Coordination_Committee.exe, 00000000.00000002.3539743117.000001CE342F1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://theprintazadkashmir.com:7545/Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3P
Source: Coordination_Committee.exe, 00000000.00000002.3539743117.000001CE3437A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://theprintazadkashmir.com:75452

Source: Coordination_Committee.exe, 00000000.00000000.1676499383.000001CE325C8000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenamekerberos.exe4 vs Coordination_Committee.exe
Source: Coordination_Committee.exe	Binary or memory string: OriginalFilenamekerberos.exe4 vs Coordination_Committee.exe

Source: classification engine

Classification label: mal52.troj.winEXE@1/0@1/1

Source: C:\Users\user\Desktop\Coordination_Committee.exe

Mutant created: NULL

Source: Coordination_Committee.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: Coordination_Committee.exe

Static file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.83%

Source: C:\Users\user\Desktop\Coordination_Committee.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: Coordination_Committee.exe

ReversingLabs: Detection: 66%

Source: C:\Users\user\Desktop\Coordination_Committee.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\Desktop\Coordination_Committee.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\Coordination_Committee.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\Coordination_Committee.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\Coordination_Committee.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\Coordination_Committee.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\Coordination_Committee.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\Coordination_Committee.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\Coordination_Committee.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\Coordination_Committee.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\Coordination_Committee.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\Coordination_Committee.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\Coordination_Committee.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Coordination_Committee.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Coordination_Committee.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Coordination_Committee.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Users\user\Desktop\Coordination_Committee.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Users\user\Desktop\Coordination_Committee.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Coordination_Committee.exe	Section loaded: rasapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Coordination_Committee.exe	Section loaded: rasman.dll	Jump to behavior
Source: C:\Users\user\Desktop\Coordination_Committee.exe	Section loaded: rtutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\Coordination_Committee.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\Coordination_Committee.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\Coordination_Committee.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\Coordination_Committee.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\Desktop\Coordination_Committee.exe	Section loaded: fwpuclnt.dll	Jump to behavior

Source: Coordination_Committee.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR

Source: Coordination_Committee.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source: Coordination_Committee.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Source: Coordination_Committee.exe

Static PE information: 0x95D98694 [Tue Aug 31 22:15:48 2049 UTC]

Hooking and other Techniques for Hiding and Protection

Uses known network protocols on non-standard ports

Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 7545
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 7545
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 7545
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 7545
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 7545
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 7545
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 7545
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 7545
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 7545
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 7545
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 7545
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 7545
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 7545
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 7545
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 7545
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 7545
Source: unknown	Network traffic detected: HTTP traffic on port 49781 -> 7545
Source: unknown	Network traffic detected: HTTP traffic on port 49787 -> 7545
Source: unknown	Network traffic detected: HTTP traffic on port 49798 -> 7545
Source: unknown	Network traffic detected: HTTP traffic on port 49802 -> 7545
Source: unknown	Network traffic detected: HTTP traffic on port 49813 -> 7545
Source: unknown	Network traffic detected: HTTP traffic on port 49819 -> 7545
Source: unknown	Network traffic detected: HTTP traffic on port 49829 -> 7545
Source: unknown	Network traffic detected: HTTP traffic on port 49835 -> 7545
Source: unknown	Network traffic detected: HTTP traffic on port 49845 -> 7545
Source: unknown	Network traffic detected: HTTP traffic on port 49851 -> 7545
Source: unknown	Network traffic detected: HTTP traffic on port 49861 -> 7545
Source: unknown	Network traffic detected: HTTP traffic on port 49867 -> 7545
Source: unknown	Network traffic detected: HTTP traffic on port 49878 -> 7545
Source: unknown	Network traffic detected: HTTP traffic on port 49884 -> 7545
Source: unknown	Network traffic detected: HTTP traffic on port 49895 -> 7545
Source: unknown	Network traffic detected: HTTP traffic on port 49900 -> 7545
Source: unknown	Network traffic detected: HTTP traffic on port 49910 -> 7545
Source: unknown	Network traffic detected: HTTP traffic on port 49916 -> 7545
Source: unknown	Network traffic detected: HTTP traffic on port 49926 -> 7545
Source: unknown	Network traffic detected: HTTP traffic on port 49932 -> 7545
Source: unknown	Network traffic detected: HTTP traffic on port 49943 -> 7545
Source: unknown	Network traffic detected: HTTP traffic on port 49949 -> 7545
Source: unknown	Network traffic detected: HTTP traffic on port 49960 -> 7545
Source: unknown	Network traffic detected: HTTP traffic on port 49965 -> 7545
Source: unknown	Network traffic detected: HTTP traffic on port 49976 -> 7545
Source: unknown	Network traffic detected: HTTP traffic on port 49981 -> 7545
Source: unknown	Network traffic detected: HTTP traffic on port 49991 -> 7545
Source: unknown	Network traffic detected: HTTP traffic on port 49997 -> 7545
Source: unknown	Network traffic detected: HTTP traffic on port 50007 -> 7545
Source: unknown	Network traffic detected: HTTP traffic on port 50013 -> 7545
Source: unknown	Network traffic detected: HTTP traffic on port 50024 -> 7545
Source: unknown	Network traffic detected: HTTP traffic on port 50030 -> 7545
Source: unknown	Network traffic detected: HTTP traffic on port 50040 -> 7545
Source: unknown	Network traffic detected: HTTP traffic on port 50046 -> 7545
Source: unknown	Network traffic detected: HTTP traffic on port 50052 -> 7545
Source: unknown	Network traffic detected: HTTP traffic on port 50053 -> 7545
Source: unknown	Network traffic detected: HTTP traffic on port 50054 -> 7545

Source: C:\Users\user\Desktop\Coordination_Committee.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Coordination_Committee.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Coordination_Committee.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Coordination_Committee.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Coordination_Committee.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Coordination_Committee.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Coordination_Committee.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Coordination_Committee.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Coordination_Committee.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Coordination_Committee.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Coordination_Committee.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Coordination_Committee.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Coordination_Committee.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Coordination_Committee.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Coordination_Committee.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Coordination_Committee.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Coordination_Committee.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Coordination_Committee.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Coordination_Committee.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Coordination_Committee.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Coordination_Committee.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Coordination_Committee.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Coordination_Committee.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Coordination_Committee.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Coordination_Committee.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Coordination_Committee.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Coordination_Committee.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Coordination_Committee.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Coordination_Committee.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Coordination_Committee.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Coordination_Committee.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Coordination_Committee.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Coordination_Committee.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Coordination_Committee.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Coordination_Committee.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Coordination_Committee.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Coordination_Committee.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Coordination_Committee.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Coordination_Committee.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Coordination_Committee.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Coordination_Committee.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Coordination_Committee.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Source: C:\Users\user\Desktop\Coordination_Committee.exe	Memory allocated: 1CE328E0000 memory reserve \| memory write watch			Jump to behavior
Source: C:\Users\user\Desktop\Coordination_Committee.exe	Memory allocated: 1CE4C2F0000 memory reserve \| memory write watch			Jump to behavior

Source: C:\Users\user\Desktop\Coordination_Committee.exe	Thread delayed: delay time: 922337203685477			Jump to behavior
Source: C:\Users\user\Desktop\Coordination_Committee.exe	Thread delayed: delay time: 502453			Jump to behavior

Source: C:\Users\user\Desktop\Coordination_Committee.exe	Window / User API: threadDelayed 2569			Jump to behavior
Source: C:\Users\user\Desktop\Coordination_Committee.exe	Window / User API: threadDelayed 5910			Jump to behavior

Source: C:\Users\user\Desktop\Coordination_Committee.exe TID: 7636	Thread sleep time: -1844674407370954s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Coordination_Committee.exe TID: 7636	Thread sleep time: -100000s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Coordination_Committee.exe TID: 7668	Thread sleep count: 2569 > 30	Jump to behavior
Source: C:\Users\user\Desktop\Coordination_Committee.exe TID: 7668	Thread sleep count: 5910 > 30	Jump to behavior
Source: C:\Users\user\Desktop\Coordination_Committee.exe TID: 7636	Thread sleep time: -502453s >= -30000s	Jump to behavior

Source: C:\Users\user\Desktop\Coordination_Committee.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\Desktop\Coordination_Committee.exe	Thread delayed: delay time: 100000	Jump to behavior
Source: C:\Users\user\Desktop\Coordination_Committee.exe	Thread delayed: delay time: 502453	Jump to behavior

Source: Coordination_Committee.exe, 00000000.00000002.3539388396.000001CE327EC000.00000004.00000020.00020000.00000000.sdmp

Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll

Source: C:\Users\user\Desktop\Coordination_Committee.exe

Process token adjusted: Debug

Jump to behavior

Source: C:\Users\user\Desktop\Coordination_Committee.exe

Memory allocated: page read and write | page guard

Jump to behavior

Source: C:\Users\user\Desktop\Coordination_Committee.exe

Queries volume information: C:\Users\user\Desktop\Coordination_Committee.exe VolumeInformation

Jump to behavior

Source: C:\Users\user\Desktop\Coordination_Committee.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 DLL Side-Loading	1 DLL Side-Loading	1 Disable or Modify Tools	OS Credential Dumping	1 Security Software Discovery	Remote Services	Data from Local System	11 Non-Standard Port	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	31 Virtualization/Sandbox Evasion	LSASS Memory	31 Virtualization/Sandbox Evasion	Remote Desktop Protocol	Data from Removable Media	2 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	1 Timestomp	Security Account Manager	1 Application Window Discovery	SMB/Windows Admin Shares	Data from Network Shared Drive	2 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	1 DLL Side-Loading	NTDS	12 System Information Discovery	Distributed Component Object Model	Input Capture	1 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
Coordination_Committee.exe	67%	ReversingLabs	ByteCode-MSIL.Trojan.Zilla

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

Source	Detection	Scanner	Label
http://theprintazadkashmir.com:7545/Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.30rw2	0%	Avira URL Cloud	safe
http://theprintazadkashmir.com:7545/Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3	0%	Avira URL Cloud	safe
http://theprintazadkashmir.com:75452	0%	Avira URL Cloud	safe
http://theprintazadkashmir.com:7545/Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3P	0%	Avira URL Cloud	safe
http://theprintazadkashmir.com	0%	Avira URL Cloud	safe
http://theprintazadkashmir.com:7545	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
theprintazadkashmir.com	162.252.175.33	true	false		unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
http://theprintazadkashmir.com:7545/Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3	false	Avira URL Cloud: safe	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://theprintazadkashmir.com:7545/Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.30rw2	Coordination_Committee.exe, 00000000.00000002.3539743117.000001CE34420000.00000004.00000800.00020000.00000000.sdmp, Coordination_Committee.exe, 00000000.00000002.3539743117.000001CE343C4000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://theprintazadkashmir.com:7545	Coordination_Committee.exe, 00000000.00000002.3539743117.000001CE343A3000.00000004.00000800.00020000.00000000.sdmp, Coordination_Committee.exe, 00000000.00000002.3539743117.000001CE34456000.00000004.00000800.00020000.00000000.sdmp, Coordination_Committee.exe, 00000000.00000002.3539743117.000001CE34420000.00000004.00000800.00020000.00000000.sdmp, Coordination_Committee.exe, 00000000.00000002.3539743117.000001CE3449F000.00000004.00000800.00020000.00000000.sdmp, Coordination_Committee.exe, 00000000.00000002.3539743117.000001CE344D2000.00000004.00000800.00020000.00000000.sdmp, Coordination_Committee.exe, 00000000.00000002.3539743117.000001CE34394000.00000004.00000800.00020000.00000000.sdmp, Coordination_Committee.exe, 00000000.00000002.3539743117.000001CE3437A000.00000004.00000800.00020000.00000000.sdmp, Coordination_Committee.exe, 00000000.00000002.3539743117.000001CE343C4000.00000004.00000800.00020000.00000000.sdmp, Coordination_Committee.exe, 00000000.00000002.3539743117.000001CE344D8000.00000004.00000800.00020000.00000000.sdmp, Coordination_Committee.exe, 00000000.00000002.3539743117.000001CE344B6000.00000004.00000800.00020000.00000000.sdmp, Coordination_Committee.exe, 00000000.00000002.3539743117.000001CE3440F000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name	Coordination_Committee.exe, 00000000.00000002.3539743117.000001CE3437A000.00000004.00000800.00020000.00000000.sdmp	false		high
http://theprintazadkashmir.com	Coordination_Committee.exe, 00000000.00000002.3539743117.000001CE343A3000.00000004.00000800.00020000.00000000.sdmp, Coordination_Committee.exe, 00000000.00000002.3539743117.000001CE3449F000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://theprintazadkashmir.com:7545/Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3P	Coordination_Committee.exe, 00000000.00000002.3539743117.000001CE342F1000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://theprintazadkashmir.com:75452	Coordination_Committee.exe, 00000000.00000002.3539743117.000001CE3437A000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
162.252.175.33	theprintazadkashmir.com	United States		29802	HVC-ASUS	false

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1573295
Start date and time:	2024-12-11 19:22:34 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 5m 1s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Run name:	Run with higher sleep bypass
Number of analysed new started processes analysed:	5
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	Coordination_Committee.exe
Detection:	MAL
Classification:	mal52.troj.winEXE@1/0@1/1
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 17 Number of non-executed functions: 0
Cookbook Comments:	Found application associated with file extension: .exe Sleeps bigger than 100000000ms are automatically reduced to 1000ms Sleep loops longer than 100000000ms are bypassed. Single calls with delay of 100000000ms and higher are ignored

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
Excluded IPs from analysis (whitelisted): 4.175.87.197, 13.107.246.63
Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
Execution Graph export aborted for target Coordination_Committee.exe, PID 7412 because it is empty
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtQueryValueKey calls found.
Report size getting too big, too many NtReadVirtualMemory calls found.
VT rate limit hit for: Coordination_Committee.exe

Simulations

Behavior and APIs

⊘No simulations

Joe Sandbox View / Context

IPs

⊘No context

Domains

⊘No context

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
HVC-ASUS	xQw2EDQl1c.lnk	Get hash	malicious	Unknown	Browse	37.1.214.196
	https://uhu145fc.s3.amazonaws.com/bf63.html?B3E2629E-DF5B-2F28-7322FD910FB23F54	Get hash	malicious	Phisher	Browse	66.165.248.146
	6fW0GedR6j.xls	Get hash	malicious	Unknown	Browse	23.111.175.138
	https://i.postimg.cc/y6hBTtv7/png-Hand-SAward.png	Get hash	malicious	HTMLPhisher	Browse	66.206.12.130
	la.bot.arm5.elf	Get hash	malicious	Unknown	Browse	23.227.187.60
	1.e.msi	Get hash	malicious	DanaBot	Browse	23.227.178.53
	1.e.msi	Get hash	malicious	DanaBot	Browse	23.227.178.53
	Delivery_Notification_00000896751.doc.js	Get hash	malicious	Unknown	Browse	66.206.1.146
	Delivery_Notification_00116030.doc.js	Get hash	malicious	Unknown	Browse	66.206.1.146

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

⊘No created / dropped files found

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy (8bit):	5.5302415212189935
TrID:	Win32 Executable (generic) Net Framework (10011505/4) 49.83% Win32 Executable (generic) a (10002005/4) 49.78% Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36% Generic Win/DOS Executable (2004/3) 0.01% DOS Executable Generic (2002/1) 0.01%
File name:	Coordination_Committee.exe
File size:	21'504 bytes
MD5:	10c4162af158b4a1fe29bcefb589f464
SHA1:	eeb63a5dd15d31a7a05a33f42478b18ec39ef4e0
SHA256:	80c205154636cc0e78140f4fa97fc34ce18038ec48d156268acd827080a6d3b9
SHA512:	bc2971c8fb354d362c8670b0038a345009b7419fc43023febd06351c1f2b4e0f13f2f78f0f8404e6ffbfeb2a4d68b9518a14cd1247adfd237992ab87f8d9953d
SSDEEP:	384:XP859W38vo7Qou9xJ/M7Tmeu0Fa0FqBAfIrj+x3EmeDNxO:X4WSo7Qo4wiena0FqiIQoDzO
TLSH:	35A22A4D93ACCA3BC66E1BBD6470439287B0D2556523FFAF898CF2D87A4734045446AB
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................."...0..L..........>k... ........@.. ....................................`................................

File Icon


Icon Hash:	90cececece8e8eb0

Static PE Info

General

Entrypoint:	0x406b3e
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
DLL Characteristics:	HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Time Stamp:	0x95D98694 [Tue Aug 31 22:15:48 2049 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	4
OS Version Minor:	0
File Version Major:	4
File Version Minor:	0
Subsystem Version Major:	4
Subsystem Version Minor:	0
Import Hash:	f34d5f2d4577ed6d9ceec516c1f5a744

Entrypoint Preview

Instruction
jmp dword ptr [00402000h]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x6aec	0x4f	.text
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x8000	0x2a8	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0xa000	0xc	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0x6ad0	0x1c	.text
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x2000	0x8	.text
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x2008	0x48	.text
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x2000	0x4b44	0x4c00	11e31f2c4c314f2807587d45ad8cbe0f	False	0.5052939967105263	data	5.801149111275847	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rsrc	0x8000	0x2a8	0x400	a3174b11a287100d5d2bfff4ff7b5869	False	0.2958984375	data	2.155443991028814	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc	0xa000	0xc	0x200	c9c3e849a074ed751e38df694e33b6fb	False	0.044921875	data	0.08153941234324169	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
RT_VERSION	0x8058	0x24c	data			0.45918367346938777

Imports

DLL	Import
mscoree.dll	_CorExeMain

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Dec 11, 2024 19:23:47.683585882 CET	49733	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:23:47.803736925 CET	7545	49733	162.252.175.33	192.168.2.4
Dec 11, 2024 19:23:47.803855896 CET	49733	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:23:47.806962013 CET	49733	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:23:47.926749945 CET	7545	49733	162.252.175.33	192.168.2.4
Dec 11, 2024 19:23:49.804913044 CET	7545	49733	162.252.175.33	192.168.2.4
Dec 11, 2024 19:23:49.804995060 CET	49733	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:23:49.826225996 CET	49733	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:23:49.827600956 CET	49735	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:23:49.947813034 CET	7545	49733	162.252.175.33	192.168.2.4
Dec 11, 2024 19:23:49.949301004 CET	7545	49735	162.252.175.33	192.168.2.4
Dec 11, 2024 19:23:49.949383020 CET	49735	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:23:49.949716091 CET	49735	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:23:50.071929932 CET	7545	49735	162.252.175.33	192.168.2.4
Dec 11, 2024 19:23:51.979155064 CET	7545	49735	162.252.175.33	192.168.2.4
Dec 11, 2024 19:23:51.979243040 CET	49735	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:23:51.979587078 CET	49735	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:23:52.102828979 CET	7545	49735	162.252.175.33	192.168.2.4
Dec 11, 2024 19:23:53.994874954 CET	49738	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:23:54.114155054 CET	7545	49738	162.252.175.33	192.168.2.4
Dec 11, 2024 19:23:54.114263058 CET	49738	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:23:54.114563942 CET	49738	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:23:54.233931065 CET	7545	49738	162.252.175.33	192.168.2.4
Dec 11, 2024 19:23:56.123390913 CET	7545	49738	162.252.175.33	192.168.2.4
Dec 11, 2024 19:23:56.123466015 CET	49738	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:23:56.123800039 CET	49738	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:23:56.124285936 CET	49739	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:23:56.246016979 CET	7545	49738	162.252.175.33	192.168.2.4
Dec 11, 2024 19:23:56.246490955 CET	7545	49739	162.252.175.33	192.168.2.4
Dec 11, 2024 19:23:56.246572018 CET	49739	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:23:56.246853113 CET	49739	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:23:56.526612043 CET	7545	49739	162.252.175.33	192.168.2.4
Dec 11, 2024 19:23:58.415818930 CET	7545	49739	162.252.175.33	192.168.2.4
Dec 11, 2024 19:23:58.415884972 CET	49739	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:23:58.416089058 CET	49739	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:23:58.535931110 CET	7545	49739	162.252.175.33	192.168.2.4
Dec 11, 2024 19:24:00.417191982 CET	49740	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:24:00.536639929 CET	7545	49740	162.252.175.33	192.168.2.4
Dec 11, 2024 19:24:00.536830902 CET	49740	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:24:00.537106991 CET	49740	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:24:00.656636000 CET	7545	49740	162.252.175.33	192.168.2.4
Dec 11, 2024 19:24:02.558170080 CET	7545	49740	162.252.175.33	192.168.2.4
Dec 11, 2024 19:24:02.561583042 CET	49740	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:24:02.561875105 CET	49740	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:24:02.562381983 CET	49741	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:24:02.682419062 CET	7545	49740	162.252.175.33	192.168.2.4
Dec 11, 2024 19:24:02.682455063 CET	7545	49741	162.252.175.33	192.168.2.4
Dec 11, 2024 19:24:02.682643890 CET	49741	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:24:02.685123920 CET	49741	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:24:02.805502892 CET	7545	49741	162.252.175.33	192.168.2.4
Dec 11, 2024 19:24:04.680151939 CET	7545	49741	162.252.175.33	192.168.2.4
Dec 11, 2024 19:24:04.680382967 CET	49741	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:24:04.680382967 CET	49741	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:24:04.911540985 CET	7545	49741	162.252.175.33	192.168.2.4
Dec 11, 2024 19:24:06.681437969 CET	49742	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:24:06.800839901 CET	7545	49742	162.252.175.33	192.168.2.4
Dec 11, 2024 19:24:06.801007032 CET	49742	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:24:06.801258087 CET	49742	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:24:06.920675039 CET	7545	49742	162.252.175.33	192.168.2.4
Dec 11, 2024 19:24:08.806713104 CET	7545	49742	162.252.175.33	192.168.2.4
Dec 11, 2024 19:24:08.806916952 CET	49742	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:24:08.806976080 CET	49742	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:24:08.807529926 CET	49743	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:24:08.927623987 CET	7545	49742	162.252.175.33	192.168.2.4
Dec 11, 2024 19:24:08.928035975 CET	7545	49743	162.252.175.33	192.168.2.4
Dec 11, 2024 19:24:08.928118944 CET	49743	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:24:08.928411961 CET	49743	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:24:09.047863007 CET	7545	49743	162.252.175.33	192.168.2.4
Dec 11, 2024 19:24:10.931127071 CET	7545	49743	162.252.175.33	192.168.2.4
Dec 11, 2024 19:24:10.935214043 CET	49743	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:24:10.935338974 CET	49743	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:24:11.054707050 CET	7545	49743	162.252.175.33	192.168.2.4
Dec 11, 2024 19:24:12.936125994 CET	49744	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:24:13.055718899 CET	7545	49744	162.252.175.33	192.168.2.4
Dec 11, 2024 19:24:13.055816889 CET	49744	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:24:13.056031942 CET	49744	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:24:13.175213099 CET	7545	49744	162.252.175.33	192.168.2.4
Dec 11, 2024 19:24:15.057419062 CET	7545	49744	162.252.175.33	192.168.2.4
Dec 11, 2024 19:24:15.057535887 CET	49744	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:24:15.057724953 CET	49744	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:24:15.058125973 CET	49745	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:24:15.177380085 CET	7545	49744	162.252.175.33	192.168.2.4
Dec 11, 2024 19:24:15.177680016 CET	7545	49745	162.252.175.33	192.168.2.4
Dec 11, 2024 19:24:15.178037882 CET	49745	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:24:15.178039074 CET	49745	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:24:15.297518015 CET	7545	49745	162.252.175.33	192.168.2.4
Dec 11, 2024 19:24:17.344340086 CET	7545	49745	162.252.175.33	192.168.2.4
Dec 11, 2024 19:24:17.344439983 CET	49745	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:24:17.344662905 CET	49745	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:24:17.464406967 CET	7545	49745	162.252.175.33	192.168.2.4
Dec 11, 2024 19:24:19.345508099 CET	49746	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:24:19.465256929 CET	7545	49746	162.252.175.33	192.168.2.4
Dec 11, 2024 19:24:19.465337992 CET	49746	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:24:19.465610981 CET	49746	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:24:19.585040092 CET	7545	49746	162.252.175.33	192.168.2.4
Dec 11, 2024 19:24:21.466466904 CET	7545	49746	162.252.175.33	192.168.2.4
Dec 11, 2024 19:24:21.466696024 CET	49746	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:24:21.466851950 CET	49746	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:24:21.467571020 CET	49747	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:24:21.587414026 CET	7545	49746	162.252.175.33	192.168.2.4
Dec 11, 2024 19:24:21.588278055 CET	7545	49747	162.252.175.33	192.168.2.4
Dec 11, 2024 19:24:21.588397026 CET	49747	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:24:21.588690042 CET	49747	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:24:21.708425999 CET	7545	49747	162.252.175.33	192.168.2.4
Dec 11, 2024 19:24:23.586688995 CET	7545	49747	162.252.175.33	192.168.2.4
Dec 11, 2024 19:24:23.586776972 CET	49747	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:24:23.586893082 CET	49747	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:24:23.707449913 CET	7545	49747	162.252.175.33	192.168.2.4
Dec 11, 2024 19:24:25.587805033 CET	49749	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:24:25.707386017 CET	7545	49749	162.252.175.33	192.168.2.4
Dec 11, 2024 19:24:25.711308956 CET	49749	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:24:25.714889050 CET	49749	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:24:25.834491968 CET	7545	49749	162.252.175.33	192.168.2.4
Dec 11, 2024 19:24:27.711797953 CET	7545	49749	162.252.175.33	192.168.2.4
Dec 11, 2024 19:24:27.713669062 CET	49749	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:24:27.714101076 CET	49749	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:24:27.714467049 CET	49756	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:24:27.833358049 CET	7545	49749	162.252.175.33	192.168.2.4
Dec 11, 2024 19:24:27.833740950 CET	7545	49756	162.252.175.33	192.168.2.4
Dec 11, 2024 19:24:27.834100008 CET	49756	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:24:27.834166050 CET	49756	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:24:27.954310894 CET	7545	49756	162.252.175.33	192.168.2.4
Dec 11, 2024 19:24:29.842411041 CET	7545	49756	162.252.175.33	192.168.2.4
Dec 11, 2024 19:24:29.842535019 CET	49756	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:24:29.842652082 CET	49756	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:24:29.962268114 CET	7545	49756	162.252.175.33	192.168.2.4
Dec 11, 2024 19:24:31.844203949 CET	49767	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:24:31.964131117 CET	7545	49767	162.252.175.33	192.168.2.4
Dec 11, 2024 19:24:31.964222908 CET	49767	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:24:31.964529991 CET	49767	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:24:32.085421085 CET	7545	49767	162.252.175.33	192.168.2.4
Dec 11, 2024 19:24:33.961020947 CET	7545	49767	162.252.175.33	192.168.2.4
Dec 11, 2024 19:24:33.961076975 CET	49767	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:24:33.961357117 CET	49767	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:24:33.961771011 CET	49772	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:24:34.081141949 CET	7545	49767	162.252.175.33	192.168.2.4
Dec 11, 2024 19:24:34.081487894 CET	7545	49772	162.252.175.33	192.168.2.4
Dec 11, 2024 19:24:34.081703901 CET	49772	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:24:34.110619068 CET	49772	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:24:34.230248928 CET	7545	49772	162.252.175.33	192.168.2.4
Dec 11, 2024 19:24:36.071079016 CET	7545	49772	162.252.175.33	192.168.2.4
Dec 11, 2024 19:24:36.071146011 CET	49772	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:24:36.071258068 CET	49772	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:24:36.190808058 CET	7545	49772	162.252.175.33	192.168.2.4
Dec 11, 2024 19:24:38.072545052 CET	49781	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:24:38.192174911 CET	7545	49781	162.252.175.33	192.168.2.4
Dec 11, 2024 19:24:38.192332983 CET	49781	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:24:38.192819118 CET	49781	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:24:38.314217091 CET	7545	49781	162.252.175.33	192.168.2.4
Dec 11, 2024 19:24:40.265814066 CET	7545	49781	162.252.175.33	192.168.2.4
Dec 11, 2024 19:24:40.265939951 CET	49781	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:24:40.266309023 CET	49781	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:24:40.267245054 CET	49787	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:24:40.551970959 CET	7545	49781	162.252.175.33	192.168.2.4
Dec 11, 2024 19:24:40.552012920 CET	7545	49787	162.252.175.33	192.168.2.4
Dec 11, 2024 19:24:40.552124977 CET	49787	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:24:40.552349091 CET	49787	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:24:40.672233105 CET	7545	49787	162.252.175.33	192.168.2.4
Dec 11, 2024 19:24:42.553483963 CET	7545	49787	162.252.175.33	192.168.2.4
Dec 11, 2024 19:24:42.553579092 CET	49787	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:24:42.555972099 CET	49787	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:24:42.676203966 CET	7545	49787	162.252.175.33	192.168.2.4
Dec 11, 2024 19:24:44.556934118 CET	49798	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:24:44.842713118 CET	7545	49798	162.252.175.33	192.168.2.4
Dec 11, 2024 19:24:44.842820883 CET	49798	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:24:44.843025923 CET	49798	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:24:44.964247942 CET	7545	49798	162.252.175.33	192.168.2.4
Dec 11, 2024 19:24:46.854077101 CET	7545	49798	162.252.175.33	192.168.2.4
Dec 11, 2024 19:24:46.854394913 CET	49798	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:24:46.854897022 CET	49798	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:24:46.855051041 CET	49802	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:24:46.977036953 CET	7545	49798	162.252.175.33	192.168.2.4
Dec 11, 2024 19:24:46.977088928 CET	7545	49802	162.252.175.33	192.168.2.4
Dec 11, 2024 19:24:46.977278948 CET	49802	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:24:46.977368116 CET	49802	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:24:47.102430105 CET	7545	49802	162.252.175.33	192.168.2.4
Dec 11, 2024 19:24:48.979372025 CET	7545	49802	162.252.175.33	192.168.2.4
Dec 11, 2024 19:24:48.979470968 CET	49802	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:24:48.979562998 CET	49802	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:24:49.100661039 CET	7545	49802	162.252.175.33	192.168.2.4
Dec 11, 2024 19:24:50.980375051 CET	49813	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:24:51.102632046 CET	7545	49813	162.252.175.33	192.168.2.4
Dec 11, 2024 19:24:51.102788925 CET	49813	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:24:51.103030920 CET	49813	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:24:51.222400904 CET	7545	49813	162.252.175.33	192.168.2.4
Dec 11, 2024 19:24:53.105407000 CET	7545	49813	162.252.175.33	192.168.2.4
Dec 11, 2024 19:24:53.105458021 CET	49813	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:24:53.105648994 CET	49813	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:24:53.106033087 CET	49819	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:24:53.226428032 CET	7545	49813	162.252.175.33	192.168.2.4
Dec 11, 2024 19:24:53.226762056 CET	7545	49819	162.252.175.33	192.168.2.4
Dec 11, 2024 19:24:53.226845026 CET	49819	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:24:53.227065086 CET	49819	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:24:53.347074986 CET	7545	49819	162.252.175.33	192.168.2.4
Dec 11, 2024 19:24:55.246309042 CET	7545	49819	162.252.175.33	192.168.2.4
Dec 11, 2024 19:24:55.246506929 CET	49819	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:24:55.246681929 CET	49819	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:24:55.368300915 CET	7545	49819	162.252.175.33	192.168.2.4
Dec 11, 2024 19:24:57.249917984 CET	49829	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:24:57.370520115 CET	7545	49829	162.252.175.33	192.168.2.4
Dec 11, 2024 19:24:57.370603085 CET	49829	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:24:57.370884895 CET	49829	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:24:57.490251064 CET	7545	49829	162.252.175.33	192.168.2.4
Dec 11, 2024 19:24:59.368549109 CET	7545	49829	162.252.175.33	192.168.2.4
Dec 11, 2024 19:24:59.368619919 CET	49829	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:24:59.368737936 CET	49829	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:24:59.369329929 CET	49835	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:24:59.488183022 CET	7545	49829	162.252.175.33	192.168.2.4
Dec 11, 2024 19:24:59.488890886 CET	7545	49835	162.252.175.33	192.168.2.4
Dec 11, 2024 19:24:59.489099026 CET	49835	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:24:59.489204884 CET	49835	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:24:59.608700037 CET	7545	49835	162.252.175.33	192.168.2.4
Dec 11, 2024 19:25:01.477276087 CET	7545	49835	162.252.175.33	192.168.2.4
Dec 11, 2024 19:25:01.477353096 CET	49835	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:25:01.477471113 CET	49835	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:25:01.600644112 CET	7545	49835	162.252.175.33	192.168.2.4
Dec 11, 2024 19:25:03.482609987 CET	49845	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:25:03.611358881 CET	7545	49845	162.252.175.33	192.168.2.4
Dec 11, 2024 19:25:03.613631964 CET	49845	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:25:03.615732908 CET	49845	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:25:03.742419958 CET	7545	49845	162.252.175.33	192.168.2.4
Dec 11, 2024 19:25:05.603251934 CET	7545	49845	162.252.175.33	192.168.2.4
Dec 11, 2024 19:25:05.607084990 CET	49845	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:25:05.607254028 CET	49845	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:25:05.607777119 CET	49851	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:25:05.727152109 CET	7545	49845	162.252.175.33	192.168.2.4
Dec 11, 2024 19:25:05.727176905 CET	7545	49851	162.252.175.33	192.168.2.4
Dec 11, 2024 19:25:05.727288008 CET	49851	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:25:05.727541924 CET	49851	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:25:05.846906900 CET	7545	49851	162.252.175.33	192.168.2.4
Dec 11, 2024 19:25:07.744333029 CET	7545	49851	162.252.175.33	192.168.2.4
Dec 11, 2024 19:25:07.745095015 CET	49851	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:25:07.745208979 CET	49851	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:25:07.865567923 CET	7545	49851	162.252.175.33	192.168.2.4
Dec 11, 2024 19:25:09.750051022 CET	49861	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:25:09.869519949 CET	7545	49861	162.252.175.33	192.168.2.4
Dec 11, 2024 19:25:09.869596958 CET	49861	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:25:09.869812965 CET	49861	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:25:09.989211082 CET	7545	49861	162.252.175.33	192.168.2.4
Dec 11, 2024 19:25:12.047075987 CET	7545	49861	162.252.175.33	192.168.2.4
Dec 11, 2024 19:25:12.051186085 CET	49861	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:25:12.051285028 CET	49861	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:25:12.051681995 CET	49867	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:25:12.170909882 CET	7545	49861	162.252.175.33	192.168.2.4
Dec 11, 2024 19:25:12.171067953 CET	7545	49867	162.252.175.33	192.168.2.4
Dec 11, 2024 19:25:12.171166897 CET	49867	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:25:12.171346903 CET	49867	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:25:12.290690899 CET	7545	49867	162.252.175.33	192.168.2.4
Dec 11, 2024 19:25:14.166110992 CET	7545	49867	162.252.175.33	192.168.2.4
Dec 11, 2024 19:25:14.167067051 CET	49867	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:25:14.167176962 CET	49867	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:25:14.287033081 CET	7545	49867	162.252.175.33	192.168.2.4
Dec 11, 2024 19:25:16.168175936 CET	49878	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:25:16.289666891 CET	7545	49878	162.252.175.33	192.168.2.4
Dec 11, 2024 19:25:16.289776087 CET	49878	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:25:16.289975882 CET	49878	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:25:16.409739017 CET	7545	49878	162.252.175.33	192.168.2.4
Dec 11, 2024 19:25:18.273998022 CET	7545	49878	162.252.175.33	192.168.2.4
Dec 11, 2024 19:25:18.277407885 CET	49878	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:25:18.277527094 CET	49878	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:25:18.282027960 CET	49884	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:25:18.397748947 CET	7545	49878	162.252.175.33	192.168.2.4
Dec 11, 2024 19:25:18.402625084 CET	7545	49884	162.252.175.33	192.168.2.4
Dec 11, 2024 19:25:18.403105974 CET	49884	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:25:18.409595966 CET	49884	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:25:18.531632900 CET	7545	49884	162.252.175.33	192.168.2.4
Dec 11, 2024 19:25:20.399727106 CET	7545	49884	162.252.175.33	192.168.2.4
Dec 11, 2024 19:25:20.399887085 CET	49884	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:25:20.400041103 CET	49884	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:25:20.520601034 CET	7545	49884	162.252.175.33	192.168.2.4
Dec 11, 2024 19:25:22.400918961 CET	49895	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:25:22.521205902 CET	7545	49895	162.252.175.33	192.168.2.4
Dec 11, 2024 19:25:22.521296978 CET	49895	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:25:22.521688938 CET	49895	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:25:22.641133070 CET	7545	49895	162.252.175.33	192.168.2.4
Dec 11, 2024 19:25:24.525445938 CET	7545	49895	162.252.175.33	192.168.2.4
Dec 11, 2024 19:25:24.525496006 CET	49895	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:25:24.525609016 CET	49895	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:25:24.525966883 CET	49900	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:25:24.645081043 CET	7545	49895	162.252.175.33	192.168.2.4
Dec 11, 2024 19:25:24.645271063 CET	7545	49900	162.252.175.33	192.168.2.4
Dec 11, 2024 19:25:24.645358086 CET	49900	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:25:24.645625114 CET	49900	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:25:24.767309904 CET	7545	49900	162.252.175.33	192.168.2.4
Dec 11, 2024 19:25:26.697890043 CET	7545	49900	162.252.175.33	192.168.2.4
Dec 11, 2024 19:25:26.697973967 CET	49900	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:25:26.698159933 CET	49900	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:25:26.947561026 CET	7545	49900	162.252.175.33	192.168.2.4
Dec 11, 2024 19:25:28.698976994 CET	49910	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:25:28.825165033 CET	7545	49910	162.252.175.33	192.168.2.4
Dec 11, 2024 19:25:28.825267076 CET	49910	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:25:28.825592041 CET	49910	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:25:28.945713997 CET	7545	49910	162.252.175.33	192.168.2.4
Dec 11, 2024 19:25:30.823081970 CET	7545	49910	162.252.175.33	192.168.2.4
Dec 11, 2024 19:25:30.823159933 CET	49910	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:25:30.823338985 CET	49910	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:25:30.823892117 CET	49916	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:25:30.943331957 CET	7545	49910	162.252.175.33	192.168.2.4
Dec 11, 2024 19:25:30.944957018 CET	7545	49916	162.252.175.33	192.168.2.4
Dec 11, 2024 19:25:30.945368052 CET	49916	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:25:30.945595026 CET	49916	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:25:31.065888882 CET	7545	49916	162.252.175.33	192.168.2.4
Dec 11, 2024 19:25:32.932499886 CET	7545	49916	162.252.175.33	192.168.2.4
Dec 11, 2024 19:25:32.935148954 CET	49916	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:25:32.935182095 CET	49916	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:25:33.057018042 CET	7545	49916	162.252.175.33	192.168.2.4
Dec 11, 2024 19:25:34.936105967 CET	49926	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:25:35.056529045 CET	7545	49926	162.252.175.33	192.168.2.4
Dec 11, 2024 19:25:35.059065104 CET	49926	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:25:35.059274912 CET	49926	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:25:35.179028988 CET	7545	49926	162.252.175.33	192.168.2.4
Dec 11, 2024 19:25:37.123464108 CET	7545	49926	162.252.175.33	192.168.2.4
Dec 11, 2024 19:25:37.127033949 CET	49926	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:25:37.127146959 CET	49926	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:25:37.127692938 CET	49932	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:25:37.247070074 CET	7545	49926	162.252.175.33	192.168.2.4
Dec 11, 2024 19:25:37.247158051 CET	7545	49932	162.252.175.33	192.168.2.4
Dec 11, 2024 19:25:37.247256041 CET	49932	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:25:37.247445107 CET	49932	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:25:37.519114017 CET	7545	49932	162.252.175.33	192.168.2.4
Dec 11, 2024 19:25:39.455477953 CET	7545	49932	162.252.175.33	192.168.2.4
Dec 11, 2024 19:25:39.455557108 CET	49932	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:25:39.455739021 CET	49932	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:25:39.577047110 CET	7545	49932	162.252.175.33	192.168.2.4
Dec 11, 2024 19:25:41.460995913 CET	49943	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:25:41.582374096 CET	7545	49943	162.252.175.33	192.168.2.4
Dec 11, 2024 19:25:41.582462072 CET	49943	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:25:41.582662106 CET	49943	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:25:41.702375889 CET	7545	49943	162.252.175.33	192.168.2.4
Dec 11, 2024 19:25:43.619647026 CET	7545	49943	162.252.175.33	192.168.2.4
Dec 11, 2024 19:25:43.619719028 CET	49943	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:25:43.619924068 CET	49943	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:25:43.620500088 CET	49949	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:25:43.739362955 CET	7545	49943	162.252.175.33	192.168.2.4
Dec 11, 2024 19:25:43.739924908 CET	7545	49949	162.252.175.33	192.168.2.4
Dec 11, 2024 19:25:43.740025997 CET	49949	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:25:43.740307093 CET	49949	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:25:43.859797001 CET	7545	49949	162.252.175.33	192.168.2.4
Dec 11, 2024 19:25:45.748687029 CET	7545	49949	162.252.175.33	192.168.2.4
Dec 11, 2024 19:25:45.748764992 CET	49949	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:25:45.748878002 CET	49949	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:25:45.868885040 CET	7545	49949	162.252.175.33	192.168.2.4
Dec 11, 2024 19:25:47.751058102 CET	49960	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:25:47.871440887 CET	7545	49960	162.252.175.33	192.168.2.4
Dec 11, 2024 19:25:47.871526957 CET	49960	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:25:47.871876001 CET	49960	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:25:47.991277933 CET	7545	49960	162.252.175.33	192.168.2.4
Dec 11, 2024 19:25:49.869290113 CET	7545	49960	162.252.175.33	192.168.2.4
Dec 11, 2024 19:25:49.869357109 CET	49960	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:25:49.869625092 CET	49960	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:25:49.869870901 CET	49965	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:25:49.990411997 CET	7545	49960	162.252.175.33	192.168.2.4
Dec 11, 2024 19:25:49.990531921 CET	7545	49965	162.252.175.33	192.168.2.4
Dec 11, 2024 19:25:49.990613937 CET	49965	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:25:49.990868092 CET	49965	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:25:50.114157915 CET	7545	49965	162.252.175.33	192.168.2.4
Dec 11, 2024 19:25:51.996490002 CET	7545	49965	162.252.175.33	192.168.2.4
Dec 11, 2024 19:25:51.996627092 CET	49965	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:25:51.996731043 CET	49965	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:25:52.120939970 CET	7545	49965	162.252.175.33	192.168.2.4
Dec 11, 2024 19:25:53.997915030 CET	49976	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:25:54.124730110 CET	7545	49976	162.252.175.33	192.168.2.4
Dec 11, 2024 19:25:54.124823093 CET	49976	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:25:54.125097990 CET	49976	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:25:54.248909950 CET	7545	49976	162.252.175.33	192.168.2.4
Dec 11, 2024 19:25:56.163012981 CET	7545	49976	162.252.175.33	192.168.2.4
Dec 11, 2024 19:25:56.163091898 CET	49976	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:25:56.163291931 CET	49976	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:25:56.163727999 CET	49981	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:25:56.287020922 CET	7545	49976	162.252.175.33	192.168.2.4
Dec 11, 2024 19:25:56.287039042 CET	7545	49981	162.252.175.33	192.168.2.4
Dec 11, 2024 19:25:56.287112951 CET	49981	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:25:56.287364960 CET	49981	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:25:56.406955957 CET	7545	49981	162.252.175.33	192.168.2.4
Dec 11, 2024 19:25:58.330461979 CET	7545	49981	162.252.175.33	192.168.2.4
Dec 11, 2024 19:25:58.330537081 CET	49981	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:25:58.330646992 CET	49981	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:25:58.450892925 CET	7545	49981	162.252.175.33	192.168.2.4
Dec 11, 2024 19:26:00.331640005 CET	49991	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:26:00.451766014 CET	7545	49991	162.252.175.33	192.168.2.4
Dec 11, 2024 19:26:00.451894999 CET	49991	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:26:00.452131033 CET	49991	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:26:00.571469069 CET	7545	49991	162.252.175.33	192.168.2.4
Dec 11, 2024 19:26:02.654109001 CET	7545	49991	162.252.175.33	192.168.2.4
Dec 11, 2024 19:26:02.654273987 CET	49991	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:26:02.654396057 CET	49991	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:26:02.655030966 CET	49997	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:26:02.803495884 CET	7545	49991	162.252.175.33	192.168.2.4
Dec 11, 2024 19:26:02.803541899 CET	7545	49997	162.252.175.33	192.168.2.4
Dec 11, 2024 19:26:02.803651094 CET	49997	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:26:02.803879976 CET	49997	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:26:02.926767111 CET	7545	49997	162.252.175.33	192.168.2.4
Dec 11, 2024 19:26:04.882760048 CET	7545	49997	162.252.175.33	192.168.2.4
Dec 11, 2024 19:26:04.883045912 CET	49997	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:26:04.883045912 CET	49997	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:26:05.002506971 CET	7545	49997	162.252.175.33	192.168.2.4
Dec 11, 2024 19:26:06.883903980 CET	50007	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:26:07.005330086 CET	7545	50007	162.252.175.33	192.168.2.4
Dec 11, 2024 19:26:07.005419970 CET	50007	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:26:07.005863905 CET	50007	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:26:07.125283957 CET	7545	50007	162.252.175.33	192.168.2.4
Dec 11, 2024 19:26:09.116708040 CET	7545	50007	162.252.175.33	192.168.2.4
Dec 11, 2024 19:26:09.116806030 CET	50007	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:26:09.116899967 CET	50007	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:26:09.117563963 CET	50013	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:26:09.238621950 CET	7545	50007	162.252.175.33	192.168.2.4
Dec 11, 2024 19:26:09.239378929 CET	7545	50013	162.252.175.33	192.168.2.4
Dec 11, 2024 19:26:09.239449978 CET	50013	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:26:09.239679098 CET	50013	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:26:09.359193087 CET	7545	50013	162.252.175.33	192.168.2.4
Dec 11, 2024 19:26:11.284698963 CET	7545	50013	162.252.175.33	192.168.2.4
Dec 11, 2024 19:26:11.285029888 CET	50013	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:26:11.285989046 CET	50013	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:26:11.406111956 CET	7545	50013	162.252.175.33	192.168.2.4
Dec 11, 2024 19:26:13.286870003 CET	50024	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:26:13.411582947 CET	7545	50024	162.252.175.33	192.168.2.4
Dec 11, 2024 19:26:13.411665916 CET	50024	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:26:13.411880970 CET	50024	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:26:13.536989927 CET	7545	50024	162.252.175.33	192.168.2.4
Dec 11, 2024 19:26:15.508368015 CET	7545	50024	162.252.175.33	192.168.2.4
Dec 11, 2024 19:26:15.511027098 CET	50024	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:26:15.511127949 CET	50024	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:26:15.511594057 CET	50030	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:26:15.632133961 CET	7545	50024	162.252.175.33	192.168.2.4
Dec 11, 2024 19:26:15.632713079 CET	7545	50030	162.252.175.33	192.168.2.4
Dec 11, 2024 19:26:15.632915974 CET	50030	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:26:15.633040905 CET	50030	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:26:15.759025097 CET	7545	50030	162.252.175.33	192.168.2.4
Dec 11, 2024 19:26:17.994546890 CET	7545	50030	162.252.175.33	192.168.2.4
Dec 11, 2024 19:26:17.994769096 CET	50030	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:26:17.994769096 CET	50030	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:26:18.241028070 CET	7545	50030	162.252.175.33	192.168.2.4
Dec 11, 2024 19:26:19.995569944 CET	50040	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:26:20.115298033 CET	7545	50040	162.252.175.33	192.168.2.4
Dec 11, 2024 19:26:20.119096041 CET	50040	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:26:20.119282007 CET	50040	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:26:20.238959074 CET	7545	50040	162.252.175.33	192.168.2.4
Dec 11, 2024 19:26:22.114294052 CET	7545	50040	162.252.175.33	192.168.2.4
Dec 11, 2024 19:26:22.114375114 CET	50040	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:26:22.114667892 CET	50040	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:26:22.115009069 CET	50046	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:26:22.234563112 CET	7545	50040	162.252.175.33	192.168.2.4
Dec 11, 2024 19:26:22.234827995 CET	7545	50046	162.252.175.33	192.168.2.4
Dec 11, 2024 19:26:22.234900951 CET	50046	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:26:22.235213041 CET	50046	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:26:22.354473114 CET	7545	50046	162.252.175.33	192.168.2.4
Dec 11, 2024 19:26:24.416018009 CET	7545	50046	162.252.175.33	192.168.2.4
Dec 11, 2024 19:26:24.416089058 CET	50046	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:26:24.416208982 CET	50046	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:26:24.536259890 CET	7545	50046	162.252.175.33	192.168.2.4
Dec 11, 2024 19:26:26.416876078 CET	50052	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:26:26.536421061 CET	7545	50052	162.252.175.33	192.168.2.4
Dec 11, 2024 19:26:26.536602020 CET	50052	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:26:26.536811113 CET	50052	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:26:26.656069994 CET	7545	50052	162.252.175.33	192.168.2.4
Dec 11, 2024 19:26:28.679130077 CET	7545	50052	162.252.175.33	192.168.2.4
Dec 11, 2024 19:26:28.679182053 CET	50052	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:26:28.679308891 CET	50052	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:26:28.679874897 CET	50053	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:26:28.798613071 CET	7545	50052	162.252.175.33	192.168.2.4
Dec 11, 2024 19:26:28.799388885 CET	7545	50053	162.252.175.33	192.168.2.4
Dec 11, 2024 19:26:28.802910089 CET	50053	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:26:28.803045034 CET	50053	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:26:28.923239946 CET	7545	50053	162.252.175.33	192.168.2.4
Dec 11, 2024 19:26:30.839288950 CET	7545	50053	162.252.175.33	192.168.2.4
Dec 11, 2024 19:26:30.839746952 CET	50053	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:26:30.839746952 CET	50053	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:26:30.959392071 CET	7545	50053	162.252.175.33	192.168.2.4
Dec 11, 2024 19:26:32.840792894 CET	50054	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:26:32.960853100 CET	7545	50054	162.252.175.33	192.168.2.4
Dec 11, 2024 19:26:32.961046934 CET	50054	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:26:32.961101055 CET	50054	7545	192.168.2.4	162.252.175.33
Dec 11, 2024 19:26:33.080981016 CET	7545	50054	162.252.175.33	192.168.2.4
Dec 11, 2024 19:26:34.979434013 CET	7545	50054	162.252.175.33	192.168.2.4
Dec 11, 2024 19:26:34.979655981 CET	50054	7545	192.168.2.4	162.252.175.33

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Dec 11, 2024 19:23:47.441591978 CET	55549	53	192.168.2.4	1.1.1.1
Dec 11, 2024 19:23:47.671744108 CET	53	55549	1.1.1.1	192.168.2.4

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Dec 11, 2024 19:23:47.441591978 CET	192.168.2.4	1.1.1.1	0xa5a6	Standard query (0)	theprintazadkashmir.com	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Dec 11, 2024 19:23:47.671744108 CET	1.1.1.1	192.168.2.4	0xa5a6	No error (0)	theprintazadkashmir.com		162.252.175.33	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

theprintazadkashmir.com:7545

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49733	162.252.175.33	7545	7412	C:\Users\user\Desktop\Coordination_Committee.exe

Timestamp	Bytes transferred	Direction	Data
Dec 11, 2024 19:23:47.806962013 CET	133	OUT	GET /Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3 HTTP/1.1 Host: theprintazadkashmir.com:7545 Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.4	49735	162.252.175.33	7545	7412	C:\Users\user\Desktop\Coordination_Committee.exe

Timestamp	Bytes transferred	Direction	Data
Dec 11, 2024 19:23:49.949716091 CET	133	OUT	GET /Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3 HTTP/1.1 Host: theprintazadkashmir.com:7545 Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.4	49738	162.252.175.33	7545	7412	C:\Users\user\Desktop\Coordination_Committee.exe

Timestamp	Bytes transferred	Direction	Data
Dec 11, 2024 19:23:54.114563942 CET	133	OUT	GET /Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3 HTTP/1.1 Host: theprintazadkashmir.com:7545 Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.4	49739	162.252.175.33	7545	7412	C:\Users\user\Desktop\Coordination_Committee.exe

Timestamp	Bytes transferred	Direction	Data
Dec 11, 2024 19:23:56.246853113 CET	133	OUT	GET /Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3 HTTP/1.1 Host: theprintazadkashmir.com:7545 Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.4	49740	162.252.175.33	7545	7412	C:\Users\user\Desktop\Coordination_Committee.exe

Timestamp	Bytes transferred	Direction	Data
Dec 11, 2024 19:24:00.537106991 CET	133	OUT	GET /Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3 HTTP/1.1 Host: theprintazadkashmir.com:7545 Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.4	49741	162.252.175.33	7545	7412	C:\Users\user\Desktop\Coordination_Committee.exe

Timestamp	Bytes transferred	Direction	Data
Dec 11, 2024 19:24:02.685123920 CET	133	OUT	GET /Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3 HTTP/1.1 Host: theprintazadkashmir.com:7545 Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.4	49742	162.252.175.33	7545	7412	C:\Users\user\Desktop\Coordination_Committee.exe

Timestamp	Bytes transferred	Direction	Data
Dec 11, 2024 19:24:06.801258087 CET	133	OUT	GET /Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3 HTTP/1.1 Host: theprintazadkashmir.com:7545 Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.4	49743	162.252.175.33	7545	7412	C:\Users\user\Desktop\Coordination_Committee.exe

Timestamp	Bytes transferred	Direction	Data
Dec 11, 2024 19:24:08.928411961 CET	133	OUT	GET /Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3 HTTP/1.1 Host: theprintazadkashmir.com:7545 Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.4	49744	162.252.175.33	7545	7412	C:\Users\user\Desktop\Coordination_Committee.exe

Timestamp	Bytes transferred	Direction	Data
Dec 11, 2024 19:24:13.056031942 CET	133	OUT	GET /Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3 HTTP/1.1 Host: theprintazadkashmir.com:7545 Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.4	49745	162.252.175.33	7545	7412	C:\Users\user\Desktop\Coordination_Committee.exe

Timestamp	Bytes transferred	Direction	Data
Dec 11, 2024 19:24:15.178039074 CET	133	OUT	GET /Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3 HTTP/1.1 Host: theprintazadkashmir.com:7545 Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.4	49746	162.252.175.33	7545	7412	C:\Users\user\Desktop\Coordination_Committee.exe

Timestamp	Bytes transferred	Direction	Data
Dec 11, 2024 19:24:19.465610981 CET	133	OUT	GET /Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3 HTTP/1.1 Host: theprintazadkashmir.com:7545 Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
11	192.168.2.4	49747	162.252.175.33	7545	7412	C:\Users\user\Desktop\Coordination_Committee.exe

Timestamp	Bytes transferred	Direction	Data
Dec 11, 2024 19:24:21.588690042 CET	133	OUT	GET /Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3 HTTP/1.1 Host: theprintazadkashmir.com:7545 Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
12	192.168.2.4	49749	162.252.175.33	7545	7412	C:\Users\user\Desktop\Coordination_Committee.exe

Timestamp	Bytes transferred	Direction	Data
Dec 11, 2024 19:24:25.714889050 CET	133	OUT	GET /Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3 HTTP/1.1 Host: theprintazadkashmir.com:7545 Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
13	192.168.2.4	49756	162.252.175.33	7545	7412	C:\Users\user\Desktop\Coordination_Committee.exe

Timestamp	Bytes transferred	Direction	Data
Dec 11, 2024 19:24:27.834166050 CET	133	OUT	GET /Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3 HTTP/1.1 Host: theprintazadkashmir.com:7545 Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
14	192.168.2.4	49767	162.252.175.33	7545	7412	C:\Users\user\Desktop\Coordination_Committee.exe

Timestamp	Bytes transferred	Direction	Data
Dec 11, 2024 19:24:31.964529991 CET	133	OUT	GET /Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3 HTTP/1.1 Host: theprintazadkashmir.com:7545 Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
15	192.168.2.4	49772	162.252.175.33	7545	7412	C:\Users\user\Desktop\Coordination_Committee.exe

Timestamp	Bytes transferred	Direction	Data
Dec 11, 2024 19:24:34.110619068 CET	133	OUT	GET /Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3 HTTP/1.1 Host: theprintazadkashmir.com:7545 Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
16	192.168.2.4	49781	162.252.175.33	7545	7412	C:\Users\user\Desktop\Coordination_Committee.exe

Timestamp	Bytes transferred	Direction	Data
Dec 11, 2024 19:24:38.192819118 CET	133	OUT	GET /Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3 HTTP/1.1 Host: theprintazadkashmir.com:7545 Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
17	192.168.2.4	49787	162.252.175.33	7545	7412	C:\Users\user\Desktop\Coordination_Committee.exe

Timestamp	Bytes transferred	Direction	Data
Dec 11, 2024 19:24:40.552349091 CET	133	OUT	GET /Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3 HTTP/1.1 Host: theprintazadkashmir.com:7545 Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
18	192.168.2.4	49798	162.252.175.33	7545	7412	C:\Users\user\Desktop\Coordination_Committee.exe

Timestamp	Bytes transferred	Direction	Data
Dec 11, 2024 19:24:44.843025923 CET	133	OUT	GET /Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3 HTTP/1.1 Host: theprintazadkashmir.com:7545 Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
19	192.168.2.4	49802	162.252.175.33	7545	7412	C:\Users\user\Desktop\Coordination_Committee.exe

Timestamp	Bytes transferred	Direction	Data
Dec 11, 2024 19:24:46.977368116 CET	133	OUT	GET /Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3 HTTP/1.1 Host: theprintazadkashmir.com:7545 Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
20	192.168.2.4	49813	162.252.175.33	7545	7412	C:\Users\user\Desktop\Coordination_Committee.exe

Timestamp	Bytes transferred	Direction	Data
Dec 11, 2024 19:24:51.103030920 CET	133	OUT	GET /Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3 HTTP/1.1 Host: theprintazadkashmir.com:7545 Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
21	192.168.2.4	49819	162.252.175.33	7545	7412	C:\Users\user\Desktop\Coordination_Committee.exe

Timestamp	Bytes transferred	Direction	Data
Dec 11, 2024 19:24:53.227065086 CET	133	OUT	GET /Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3 HTTP/1.1 Host: theprintazadkashmir.com:7545 Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
22	192.168.2.4	49829	162.252.175.33	7545	7412	C:\Users\user\Desktop\Coordination_Committee.exe

Timestamp	Bytes transferred	Direction	Data
Dec 11, 2024 19:24:57.370884895 CET	133	OUT	GET /Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3 HTTP/1.1 Host: theprintazadkashmir.com:7545 Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
23	192.168.2.4	49835	162.252.175.33	7545	7412	C:\Users\user\Desktop\Coordination_Committee.exe

Timestamp	Bytes transferred	Direction	Data
Dec 11, 2024 19:24:59.489204884 CET	133	OUT	GET /Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3 HTTP/1.1 Host: theprintazadkashmir.com:7545 Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
24	192.168.2.4	49845	162.252.175.33	7545	7412	C:\Users\user\Desktop\Coordination_Committee.exe

Timestamp	Bytes transferred	Direction	Data
Dec 11, 2024 19:25:03.615732908 CET	133	OUT	GET /Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3 HTTP/1.1 Host: theprintazadkashmir.com:7545 Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
25	192.168.2.4	49851	162.252.175.33	7545	7412	C:\Users\user\Desktop\Coordination_Committee.exe

Timestamp	Bytes transferred	Direction	Data
Dec 11, 2024 19:25:05.727541924 CET	133	OUT	GET /Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3 HTTP/1.1 Host: theprintazadkashmir.com:7545 Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
26	192.168.2.4	49861	162.252.175.33	7545	7412	C:\Users\user\Desktop\Coordination_Committee.exe

Timestamp	Bytes transferred	Direction	Data
Dec 11, 2024 19:25:09.869812965 CET	133	OUT	GET /Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3 HTTP/1.1 Host: theprintazadkashmir.com:7545 Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
27	192.168.2.4	49867	162.252.175.33	7545	7412	C:\Users\user\Desktop\Coordination_Committee.exe

Timestamp	Bytes transferred	Direction	Data
Dec 11, 2024 19:25:12.171346903 CET	133	OUT	GET /Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3 HTTP/1.1 Host: theprintazadkashmir.com:7545 Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
28	192.168.2.4	49878	162.252.175.33	7545	7412	C:\Users\user\Desktop\Coordination_Committee.exe

Timestamp	Bytes transferred	Direction	Data
Dec 11, 2024 19:25:16.289975882 CET	133	OUT	GET /Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3 HTTP/1.1 Host: theprintazadkashmir.com:7545 Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
29	192.168.2.4	49884	162.252.175.33	7545	7412	C:\Users\user\Desktop\Coordination_Committee.exe

Timestamp	Bytes transferred	Direction	Data
Dec 11, 2024 19:25:18.409595966 CET	133	OUT	GET /Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3 HTTP/1.1 Host: theprintazadkashmir.com:7545 Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
30	192.168.2.4	49895	162.252.175.33	7545	7412	C:\Users\user\Desktop\Coordination_Committee.exe

Timestamp	Bytes transferred	Direction	Data
Dec 11, 2024 19:25:22.521688938 CET	133	OUT	GET /Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3 HTTP/1.1 Host: theprintazadkashmir.com:7545 Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
31	192.168.2.4	49900	162.252.175.33	7545	7412	C:\Users\user\Desktop\Coordination_Committee.exe

Timestamp	Bytes transferred	Direction	Data
Dec 11, 2024 19:25:24.645625114 CET	133	OUT	GET /Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3 HTTP/1.1 Host: theprintazadkashmir.com:7545 Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
32	192.168.2.4	49910	162.252.175.33	7545	7412	C:\Users\user\Desktop\Coordination_Committee.exe

Timestamp	Bytes transferred	Direction	Data
Dec 11, 2024 19:25:28.825592041 CET	133	OUT	GET /Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3 HTTP/1.1 Host: theprintazadkashmir.com:7545 Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
33	192.168.2.4	49916	162.252.175.33	7545	7412	C:\Users\user\Desktop\Coordination_Committee.exe

Timestamp	Bytes transferred	Direction	Data
Dec 11, 2024 19:25:30.945595026 CET	133	OUT	GET /Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3 HTTP/1.1 Host: theprintazadkashmir.com:7545 Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
34	192.168.2.4	49926	162.252.175.33	7545	7412	C:\Users\user\Desktop\Coordination_Committee.exe

Timestamp	Bytes transferred	Direction	Data
Dec 11, 2024 19:25:35.059274912 CET	133	OUT	GET /Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3 HTTP/1.1 Host: theprintazadkashmir.com:7545 Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
35	192.168.2.4	49932	162.252.175.33	7545	7412	C:\Users\user\Desktop\Coordination_Committee.exe

Timestamp	Bytes transferred	Direction	Data
Dec 11, 2024 19:25:37.247445107 CET	133	OUT	GET /Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3 HTTP/1.1 Host: theprintazadkashmir.com:7545 Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
36	192.168.2.4	49943	162.252.175.33	7545	7412	C:\Users\user\Desktop\Coordination_Committee.exe

Timestamp	Bytes transferred	Direction	Data
Dec 11, 2024 19:25:41.582662106 CET	133	OUT	GET /Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3 HTTP/1.1 Host: theprintazadkashmir.com:7545 Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
37	192.168.2.4	49949	162.252.175.33	7545	7412	C:\Users\user\Desktop\Coordination_Committee.exe

Timestamp	Bytes transferred	Direction	Data
Dec 11, 2024 19:25:43.740307093 CET	133	OUT	GET /Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3 HTTP/1.1 Host: theprintazadkashmir.com:7545 Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
38	192.168.2.4	49960	162.252.175.33	7545	7412	C:\Users\user\Desktop\Coordination_Committee.exe

Timestamp	Bytes transferred	Direction	Data
Dec 11, 2024 19:25:47.871876001 CET	133	OUT	GET /Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3 HTTP/1.1 Host: theprintazadkashmir.com:7545 Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
39	192.168.2.4	49965	162.252.175.33	7545	7412	C:\Users\user\Desktop\Coordination_Committee.exe

Timestamp	Bytes transferred	Direction	Data
Dec 11, 2024 19:25:49.990868092 CET	133	OUT	GET /Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3 HTTP/1.1 Host: theprintazadkashmir.com:7545 Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
40	192.168.2.4	49976	162.252.175.33	7545	7412	C:\Users\user\Desktop\Coordination_Committee.exe

Timestamp	Bytes transferred	Direction	Data
Dec 11, 2024 19:25:54.125097990 CET	133	OUT	GET /Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3 HTTP/1.1 Host: theprintazadkashmir.com:7545 Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
41	192.168.2.4	49981	162.252.175.33	7545	7412	C:\Users\user\Desktop\Coordination_Committee.exe

Timestamp	Bytes transferred	Direction	Data
Dec 11, 2024 19:25:56.287364960 CET	133	OUT	GET /Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3 HTTP/1.1 Host: theprintazadkashmir.com:7545 Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
42	192.168.2.4	49991	162.252.175.33	7545	7412	C:\Users\user\Desktop\Coordination_Committee.exe

Timestamp	Bytes transferred	Direction	Data
Dec 11, 2024 19:26:00.452131033 CET	133	OUT	GET /Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3 HTTP/1.1 Host: theprintazadkashmir.com:7545 Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
43	192.168.2.4	49997	162.252.175.33	7545	7412	C:\Users\user\Desktop\Coordination_Committee.exe

Timestamp	Bytes transferred	Direction	Data
Dec 11, 2024 19:26:02.803879976 CET	133	OUT	GET /Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3 HTTP/1.1 Host: theprintazadkashmir.com:7545 Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
44	192.168.2.4	50007	162.252.175.33	7545	7412	C:\Users\user\Desktop\Coordination_Committee.exe

Timestamp	Bytes transferred	Direction	Data
Dec 11, 2024 19:26:07.005863905 CET	133	OUT	GET /Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3 HTTP/1.1 Host: theprintazadkashmir.com:7545 Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
45	192.168.2.4	50013	162.252.175.33	7545	7412	C:\Users\user\Desktop\Coordination_Committee.exe

Timestamp	Bytes transferred	Direction	Data
Dec 11, 2024 19:26:09.239679098 CET	133	OUT	GET /Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3 HTTP/1.1 Host: theprintazadkashmir.com:7545 Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
46	192.168.2.4	50024	162.252.175.33	7545	7412	C:\Users\user\Desktop\Coordination_Committee.exe

Timestamp	Bytes transferred	Direction	Data
Dec 11, 2024 19:26:13.411880970 CET	133	OUT	GET /Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3 HTTP/1.1 Host: theprintazadkashmir.com:7545 Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
47	192.168.2.4	50030	162.252.175.33	7545	7412	C:\Users\user\Desktop\Coordination_Committee.exe

Timestamp	Bytes transferred	Direction	Data
Dec 11, 2024 19:26:15.633040905 CET	133	OUT	GET /Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3 HTTP/1.1 Host: theprintazadkashmir.com:7545 Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
48	192.168.2.4	50040	162.252.175.33	7545	7412	C:\Users\user\Desktop\Coordination_Committee.exe

Timestamp	Bytes transferred	Direction	Data
Dec 11, 2024 19:26:20.119282007 CET	133	OUT	GET /Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3 HTTP/1.1 Host: theprintazadkashmir.com:7545 Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
49	192.168.2.4	50046	162.252.175.33	7545	7412	C:\Users\user\Desktop\Coordination_Committee.exe

Timestamp	Bytes transferred	Direction	Data
Dec 11, 2024 19:26:22.235213041 CET	133	OUT	GET /Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3 HTTP/1.1 Host: theprintazadkashmir.com:7545 Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
50	192.168.2.4	50052	162.252.175.33	7545	7412	C:\Users\user\Desktop\Coordination_Committee.exe

Timestamp	Bytes transferred	Direction	Data
Dec 11, 2024 19:26:26.536811113 CET	133	OUT	GET /Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3 HTTP/1.1 Host: theprintazadkashmir.com:7545 Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
51	192.168.2.4	50053	162.252.175.33	7545	7412	C:\Users\user\Desktop\Coordination_Committee.exe

Timestamp	Bytes transferred	Direction	Data
Dec 11, 2024 19:26:28.803045034 CET	133	OUT	GET /Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3 HTTP/1.1 Host: theprintazadkashmir.com:7545 Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
52	192.168.2.4	50054	162.252.175.33	7545	7412	C:\Users\user\Desktop\Coordination_Committee.exe

Timestamp	Bytes transferred	Direction	Data
Dec 11, 2024 19:26:32.961101055 CET	133	OUT	GET /Olympus/letsgetstarted?intro=xJUmAlJYQd&checkup=6.3.6.3 HTTP/1.1 Host: theprintazadkashmir.com:7545 Connection: Keep-Alive

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

High Level Behavior Distribution

Click to dive into process behavior distribution

System Behavior

Analysis Process: Coordination_Committee.exePID: 7412, Parent PID: 2580

General

Target ID:	0
Start time:	13:23:25
Start date:	11/12/2024
Path:	C:\Users\user\Desktop\Coordination_Committee.exe
Wow64 process (32bit):	false
Commandline:	"C:\Users\user\Desktop\Coordination_Committee.exe"
Imagebase:	0x1ce325c0000
File size:	21'504 bytes
MD5 hash:	10C4162AF158B4A1FE29BCEFB589F464
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Disassembly

Reset < >

Analysis Process: Coordination_Committee.exePID: 7412, Parent PID: 2580COMMON

Executed Functions

Function 00007FFD9B8805E8 Relevance: 2.9, Strings: 2, Instructions: 365COMMON

Download Yara Rule

Strings

6/D, xrefs: 00007FFD9B881355
`$L, xrefs: 00007FFD9B8811D4

Memory Dump Source

Source File: 00000000.00000002.3540437270.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b880000_Coordination_Committee.jbxd

Similarity

API ID:
String ID: `$L$6/D
API String ID: 0-1902571927
Opcode ID: 244bbc442ba8cc0e2e1ded7e97115a865b380ffb2379570320aff8610819b9a5
Instruction ID: 93c9789ad77382a7301e99186514960b4c51a320be87dccfa6608fc1c9b23caf
Opcode Fuzzy Hash: 244bbc442ba8cc0e2e1ded7e97115a865b380ffb2379570320aff8610819b9a5
Instruction Fuzzy Hash: 22B11734A18A4D4FDBA5EF6888256B977E1FF8D310F01417AD46DC72E5CE38A902CB41

Function 00007FFD9B8804A0 Relevance: 1.4, Strings: 1, Instructions: 159COMMON

Download Yara Rule

Strings

H, xrefs: 00007FFD9B880FC6

Memory Dump Source

Source File: 00000000.00000002.3540437270.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b880000_Coordination_Committee.jbxd

Similarity

API ID:
String ID: H
API String ID: 0-2852464175
Opcode ID: 44c0867b9a0254728d4121809558e3936097f1354af8712388f253157d875f1b
Instruction ID: 49f941ecc236e0933bfa201d5fc3918b20c88ac6d80d107011508e0919185306
Opcode Fuzzy Hash: 44c0867b9a0254728d4121809558e3936097f1354af8712388f253157d875f1b
Instruction Fuzzy Hash: B9416621A1FBC60FE33697744875A653FD0EF56700F0A01BAD498C70F3EA6C6A498352

Function 00007FFD9B8809E2 Relevance: .4, Instructions: 418COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3540437270.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b880000_Coordination_Committee.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 389309899f12f54bb9a75f2589226df24693ea9b8805ed795e4683b40c105c52
Instruction ID: 7ace5662dab170a142abc070051155af26c79492b8e2447bdcce12adafe3974e
Opcode Fuzzy Hash: 389309899f12f54bb9a75f2589226df24693ea9b8805ed795e4683b40c105c52
Instruction Fuzzy Hash: 10D1D730B19A4E4FDB59EF688865AB977E1FF48310F5041BDE419C72E6DE34A842C741

Function 00007FFD9B882BAD Relevance: .2, Instructions: 204COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3540437270.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b880000_Coordination_Committee.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cc443d9671455900d6bf5ae380b581001c3ec54d2dc56f0a10aa59fcbe30bbf0
Instruction ID: 4a7bd980ba0aa6e87c74ecfecfaada75953694b6a58b97ee7edf7a7033bb83dc
Opcode Fuzzy Hash: cc443d9671455900d6bf5ae380b581001c3ec54d2dc56f0a10aa59fcbe30bbf0
Instruction Fuzzy Hash: B751B130908B5C8FDB58DF98D8456E9BBF1FF59310F0482ABD049D72A6CA34A945CBC2

Function 00007FFD9B880570 Relevance: .2, Instructions: 175COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3540437270.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b880000_Coordination_Committee.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c35f2714d402dcdb285dd2456da26bb0089ad8bd01fa5e4cb4a1d24fc7b4d25a
Instruction ID: a1e4a644b48051d756dbc4475fac9e2cd0d5c9600599782c24bb3b19e5985838
Opcode Fuzzy Hash: c35f2714d402dcdb285dd2456da26bb0089ad8bd01fa5e4cb4a1d24fc7b4d25a
Instruction Fuzzy Hash: 3D416031E0DE1D4FDB69EBAC98196B9B7E0FF9A320F0101BED05DC71A6DD2468428781

Function 00007FFD9B880E10 Relevance: .1, Instructions: 148COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3540437270.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b880000_Coordination_Committee.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 15ad389af19cd41656a91dfbb21ab48c8d64c8b85f91fe1b9ef58f6d808df58a
Instruction ID: 252939064b0e57073e51c4a13e369c17fc17de955820720e791ca2ef1e6d0a83
Opcode Fuzzy Hash: 15ad389af19cd41656a91dfbb21ab48c8d64c8b85f91fe1b9ef58f6d808df58a
Instruction Fuzzy Hash: E1416B31A0EBCA0FE7259B748C256613FA0EF07714F0902BAD0A9C71F3E92975468352

Function 00007FFD9B88221D Relevance: .1, Instructions: 140COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3540437270.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b880000_Coordination_Committee.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 70f32ce7994c8fa404c2776326e6f83805aec551faa36e0f90c08fb12eea55f5
Instruction ID: 7a92c65bc9a7def49bc816d819ecc5b2705ef13ea6cf42d8793b9056b56ab191
Opcode Fuzzy Hash: 70f32ce7994c8fa404c2776326e6f83805aec551faa36e0f90c08fb12eea55f5
Instruction Fuzzy Hash: 2F311531E0CE1D4FEB68EB9898196B8B7E1FB99320F01017FD459D71A6DE2468428781

Function 00007FFD9B880E77 Relevance: .1, Instructions: 95COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3540437270.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b880000_Coordination_Committee.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ad1a7231b38a6c02ad14533d8e58b1d2624b0decc10fabc27485b016585f8734
Instruction ID: 16c906752ac9302d23daa5cacecef19d03106e25b57d8d047ce5d06e4e5b0abd
Opcode Fuzzy Hash: ad1a7231b38a6c02ad14533d8e58b1d2624b0decc10fabc27485b016585f8734
Instruction Fuzzy Hash: 58314621E1EBC60FF736977448257517FD09F56B54F0A42B9C0A8C70F3EA6C254A8392

Function 00007FFD9B8811E8 Relevance: .1, Instructions: 86COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3540437270.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b880000_Coordination_Committee.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 325a08ee5cf624069187be90df31b95795b788127dedb7c1e64013b9864d47a3
Instruction ID: 542efa645d275a8d738672bf3410c4bfec2d5222c509e78f1b17b631e663d20d
Opcode Fuzzy Hash: 325a08ee5cf624069187be90df31b95795b788127dedb7c1e64013b9864d47a3
Instruction Fuzzy Hash: AF212C34B08D4E8FDF98EF58C454AAA73E2FFAC310B504569E41AC7299CE34E942CB40

Function 00007FFD9B881099 Relevance: .1, Instructions: 79COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3540437270.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b880000_Coordination_Committee.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4c298b3e5a3bad596f53dfa7461d7ebe6d698f6add01e9e38a3d9533864eaa1a
Instruction ID: 5914b03d4b021511faafae68429afcd47c12409345ad738ade683a863432dcb6
Opcode Fuzzy Hash: 4c298b3e5a3bad596f53dfa7461d7ebe6d698f6add01e9e38a3d9533864eaa1a
Instruction Fuzzy Hash: 7621D42AE0AD9E4BF7B2B7A458316F976E1EF4D310F061176D46CC35E2DC286A0A4681

Function 00007FFD9B880488 Relevance: .1, Instructions: 68COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3540437270.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b880000_Coordination_Committee.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4bd305c6e0175969039774d309069407c2e54f9d7e7f13d84629574a5414ba08
Instruction ID: e471397075aa74f6bcb8117f88ade1dae5ae5efd5a0040122943118b956929ef
Opcode Fuzzy Hash: 4bd305c6e0175969039774d309069407c2e54f9d7e7f13d84629574a5414ba08
Instruction Fuzzy Hash: B1115E2190EBC90BE776A7244C364A57FD0EF9A250F0646BBD0D5C70A2DE2596464381

Function 00007FFD9B88148C Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3540437270.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b880000_Coordination_Committee.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d6ad54b47683eb2ec454ecc350a7cc7045c9c7dc1d12c2143ebcbe9f0213818c
Instruction ID: c5518639dc380ce5d5b3be2eb0c4a48bf374f61f8ba28303aadb5ed1017b6714
Opcode Fuzzy Hash: d6ad54b47683eb2ec454ecc350a7cc7045c9c7dc1d12c2143ebcbe9f0213818c
Instruction Fuzzy Hash: 93F0E93160EE4D4FEB24EA599C259B637D5EF89324F50002EE45DC2062EA71A953C714

Function 00007FFD9B881458 Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3540437270.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b880000_Coordination_Committee.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 03d4828a054f902b7dfce801030828c7b2db387ab76b761e33872b0e84c3e3d6
Instruction ID: b00db799b59d5816d752d4fe22bb30aae9052f48fad32f654e6a2f35db01ef97
Opcode Fuzzy Hash: 03d4828a054f902b7dfce801030828c7b2db387ab76b761e33872b0e84c3e3d6
Instruction Fuzzy Hash: DCF02E7260FB890FE31666745C36055BFC5CF8622570900FEC08D4B573DD2A68038304

Function 00007FFD9B8809AD Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3540437270.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b880000_Coordination_Committee.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 760e11685d15023ed91d8be22169fdbf18218551210b3d9c23157c6689698df1
Instruction ID: 18ccdc9cd76ea2b3459d0ed90ae6f4fbea9dc6657f0e3c6b2f1ea83fd6dfc64b
Opcode Fuzzy Hash: 760e11685d15023ed91d8be22169fdbf18218551210b3d9c23157c6689698df1
Instruction Fuzzy Hash: 22E0C221F5580E4AEB48B3B43C369FDB285DF89204BC10475E02DC30DBDD2C29120182

Function 00007FFD9B8808FE Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3540437270.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b880000_Coordination_Committee.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e71698907292039656d8f7bc21889bc7461d2cfa7b1bb2ec48bc79655099ca11
Instruction ID: aa4e315bdaed797e7b23e014582af9293c64930d95ef7fc2477c600e77c4ace0
Opcode Fuzzy Hash: e71698907292039656d8f7bc21889bc7461d2cfa7b1bb2ec48bc79655099ca11
Instruction Fuzzy Hash: 96D0123156CB494BD3559B54E4508DAB390FF84324F800B2EF0AE821D5DE6492818682

Function 00007FFD9B8812B3 Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3540437270.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b880000_Coordination_Committee.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 85225be606474d63d2fc12090126a9e46adf5c08d8aec116afc6a5c952075e6a
Instruction ID: e9746ed30450ee74055480e1ec4712ecc15909affcc6c6bca658d725725d101f
Opcode Fuzzy Hash: 85225be606474d63d2fc12090126a9e46adf5c08d8aec116afc6a5c952075e6a
Instruction Fuzzy Hash: 9AC01233B0E81D4AE574B38874130FC7341DB8D231F512037D15E810919C2A21261281

Function 00007FFD9B880BD4 Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3540437270.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b880000_Coordination_Committee.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bff4780c4bf4d1831c37b6bd3b3a8323a690ce1647c70b0430283ef238faa28a
Instruction ID: 0ded5bbb372830ebdb544f1c7e22bb5093b71df820fc9738977ef521d1ad10c1
Opcode Fuzzy Hash: bff4780c4bf4d1831c37b6bd3b3a8323a690ce1647c70b0430283ef238faa28a
Instruction Fuzzy Hash: 7FC048B3A8E6184EBA286588B8430F8B390DA87176B11223BD29B82862695331670589

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Driver: Driver Load, Process: Process Creation, Process: Process Termination, Sensor Health: Host Status, Service: Service Metadata, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify file time attributes to hide new or changes to existing files. Timestomping is a technique that modifies the timestamps of a file (the modify, access, create, and change times), often to mimic files that are in the same folder. This is done, for example, on files that have been modified or created by the adversary so that they do not appear conspicuous to forensic investigators or file analysis tools.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata, File: File Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using a protocol and port pairing that are typically not associated. For example, HTTPS over port 8088or port 587as opposed to the traditional port 443. Adversaries may make changes to the standard port used by a protocol to bypass filtering or muddle analysis/parsing of network data.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report Coordination_Committee.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Networking

System Summary

Data Obfuscation

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

Language, Device and Operating System Detection

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

File Icon

Static PE Info

General

Entrypoint Preview

Data Directories

Sections

Resources

Imports

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTP Packets

Statistics

CPU Usage

Memory Usage

High Level Behavior Distribution

back

System Behavior

Analysis Process: Coordination_Committee.exePID: 7412, Parent PID: 2580

Windows Analysis Report
Coordination_Committee.exe